From f365cee732423879e2838c2655797b74470e6509 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Apr 2025 10:59:45 +0100
Subject: [PATCH 001/123] chore(deps): bump @babel/helpers from 7.24.7 to
 7.26.10 in /docs (#9576)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers)
from 7.24.7 to 7.26.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/releases"><code>@​babel/helpers</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v7.26.10 (2025-03-11)</h2>
<p>Thanks <a
href="https://github.com/jordan-choi"><code>@​jordan-choi</code></a> and
<a
href="https://github.com/mmmsssttt404"><code>@​mmmsssttt404</code></a>
for your first PRs!</p>
<p>This release includes a fix for <a
href="https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8">https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8</a>,
a security vulnerability which affects the <code>.replace</code> method
of transpiled regular expressions that use named capturing groups.</p>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17159">#17159</a>
Disallow decorator in array pattern (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17164">#17164</a>
Fix: always initialize ExportDeclaration attributes (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17142">#17142</a>
fix: &quot;Map maximum size exceeded&quot; in deepClone (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>,
<code>babel-plugin-transform-typescript</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17154">#17154</a>
Update typescript parser tests (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17151">#17151</a>
fix: Should not evaluate vars in child scope (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17153">#17153</a>
fix: Correctly generate <code>abstract override</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17107">#17107</a> Fix
source type detection when parsing TypeScript (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-runtime</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17173">#17173</a> Fix
processing of replacement pattern with named capture groups (<a
href="https://github.com/%5Bmmmsssttt404%5D(https://github.com/mmmsssttt404)"><code>@​mmmsssttt404</code></a>)</li>
</ul>
</li>
</ul>
<h4>:nail_care: Polish</h4>
<ul>
<li><code>babel-standalone</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17158">#17158</a>
Avoid warnings when re-bundling <code>@​babel/standalone</code> with
webpack (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
</ul>
<h4>:house: Internal</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17160">#17160</a>
Left-value parsing cleanup (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 6</h4>
<ul>
<li>Babel Bot (<a
href="https://github.com/babel-bot"><code>@​babel-bot</code></a>)</li>
<li>Huáng Jùnliàng (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
<li>Nicolò Ribaudo (<a
href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li>
<li>Yunyoung Jordan Choi (<a
href="https://github.com/jordan-choi"><code>@​jordan-choi</code></a>)</li>
<li><a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a></li>
<li><a
href="https://github.com/mmmsssttt404"><code>@​mmmsssttt404</code></a></li>
</ul>
<h2>v7.26.9 (2025-02-14)</h2>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17103">#17103</a>
fix: Definition for <code>TSPropertySignature.kind</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17062">#17062</a>
Print TypeScript optional/definite in ClassPrivateProperty (<a
href="https://github.com/jamiebuilds-signal"><code>@​jamiebuilds-signal</code></a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/blob/main/CHANGELOG.md"><code>@​babel/helpers</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>v7.26.10 (2025-03-11)</h2>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17159">#17159</a>
Disallow decorator in array pattern (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17164">#17164</a>
Fix: always initialize ExportDeclaration attributes (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17142">#17142</a>
fix: &quot;Map maximum size exceeded&quot; in deepClone (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>,
<code>babel-plugin-transform-typescript</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17154">#17154</a>
Update typescript parser tests (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17151">#17151</a>
fix: Should not evaluate vars in child scope (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17153">#17153</a>
fix: Correctly generate <code>abstract override</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17107">#17107</a> Fix
source type detection when parsing TypeScript (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-runtime</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17173">#17173</a> Fix
processing of replacement pattern with named capture groups (<a
href="https://github.com/%5Bmmmsssttt404%5D(https://github.com/mmmsssttt404)"><code>@​mmmsssttt404</code></a>)</li>
</ul>
</li>
</ul>
<h4>:nail_care: Polish</h4>
<ul>
<li><code>babel-standalone</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17158">#17158</a>
Avoid warnings when re-bundling <code>@​babel/standalone</code> with
webpack (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
</ul>
<h4>:house: Internal</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17160">#17160</a>
Left-value parsing cleanup (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h2>v7.26.9 (2025-02-14)</h2>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17103">#17103</a>
fix: Definition for <code>TSPropertySignature.kind</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17062">#17062</a>
Print TypeScript optional/definite in ClassPrivateProperty (<a
href="https://github.com/jamiebuilds-signal"><code>@​jamiebuilds-signal</code></a>)</li>
</ul>
</li>
</ul>
<h4>:house: Internal</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17130">#17130</a> Use
<code>.ts</code> files with explicit reexports to solve name conflicts
(<a
href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17127">#17127</a> Do
not depend on <code>@types/gensync</code> in Babel 7 (<a
href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li>
</ul>
</li>
</ul>
<h2>v7.26.7 (2025-01-24)</h2>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-helpers</code>, <code>babel-preset-env</code>,
<code>babel-runtime-corejs3</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17086">#17086</a>
Make &quot;object without properties&quot; helpers ES6-compatible (<a
href="https://github.com/tquetano-netflix"><code>@​tquetano-netflix</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-typeof-symbol</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17085">#17085</a>
fix: Correctly handle <code>typeof</code> in arrow functions (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/babel/babel/commit/e1ce99df422971175249509e7bbc2b327b8f7957"><code>e1ce99d</code></a>
v7.26.10</li>
<li><a
href="https://github.com/babel/babel/commit/d5952e80c0faa5ec20e35085531b6e572d31dad4"><code>d5952e8</code></a>
Fix processing of replacement pattern with named capture groups (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17173">#17173</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/64bca7b5f308cd52c192a5c821a57f6d1b0475f4"><code>64bca7b</code></a>
v7.26.9</li>
<li><a
href="https://github.com/babel/babel/commit/4cf5c9e0fbe8899bb9eb0dac7c615406a4fe926d"><code>4cf5c9e</code></a>
[babel 8] Use <code>@babel/types</code> for parser's return type (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17117">#17117</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/2d9514066e3b135835ed93246ebbcdb7ca0263ca"><code>2d95140</code></a>
v7.26.7</li>
<li><a
href="https://github.com/babel/babel/commit/0e6199b2aac12f41053416977379066e80ef14a7"><code>0e6199b</code></a>
Make &quot;object without properties&quot; helpers ES6-compatible (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17086">#17086</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f"><code>cd24cc0</code></a>
chore: Update TS 5.7 (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17053">#17053</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/63d30381c169780460e01bdb6669c5e01af1dfbe"><code>63d3038</code></a>
v7.26.0</li>
<li><a
href="https://github.com/babel/babel/commit/bfa56c49569f0bfd5579e0e1870ffa92f74fad48"><code>bfa56c4</code></a>
Support <code>import()</code> in <code>rewriteImportExtensions</code>
(<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/16794">#16794</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/b07957ebb316a1e2fc67454fc7423508bb942e63"><code>b07957e</code></a>
v7.25.9</li>
<li>Additional commits viewable in <a
href="https://github.com/babel/babel/commits/v7.26.10/packages/babel-helpers">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@babel/helpers&package-manager=npm_and_yarn&previous-version=7.24.7&new-version=7.26.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/zitadel/zitadel/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Skewis <david@zitadel.com>
---
 docs/yarn.lock | 53 +++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 48 insertions(+), 5 deletions(-)

diff --git a/docs/yarn.lock b/docs/yarn.lock
index 63a626af05..61e00b199d 100644
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@@ -185,6 +185,15 @@
     "@babel/highlight" "^7.24.7"
     picocolors "^1.0.0"
 
+"@babel/code-frame@^7.26.2":
+  version "7.26.2"
+  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.26.2.tgz#4b5fab97d33338eff916235055f0ebc21e573a85"
+  integrity sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==
+  dependencies:
+    "@babel/helper-validator-identifier" "^7.25.9"
+    js-tokens "^4.0.0"
+    picocolors "^1.0.0"
+
 "@babel/compat-data@^7.22.6", "@babel/compat-data@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.24.7.tgz#d23bbea508c3883ba8251fb4164982c36ea577ed"
@@ -389,11 +398,21 @@
   resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.24.7.tgz#4d2d0f14820ede3b9807ea5fc36dfc8cd7da07f2"
   integrity sha512-7MbVt6xrwFQbunH2DNQsAP5sTGxfqQtErvBIvIMi6EQnbgUOuVYanvREcmFrOPhoXBrTtjhhP+lW+o5UfK+tDg==
 
+"@babel/helper-string-parser@^7.25.9":
+  version "7.25.9"
+  resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz#1aabb72ee72ed35789b4bbcad3ca2862ce614e8c"
+  integrity sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==
+
 "@babel/helper-validator-identifier@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.24.7.tgz#75b889cfaf9e35c2aaf42cf0d72c8e91719251db"
   integrity sha512-rR+PBcQ1SMQDDyF6X0wxtG8QyLCgUB0eRAGguqRLfkCA87l7yAP7ehq8SNj96OOGTO8OBV70KhuFYcIkHXOg0w==
 
+"@babel/helper-validator-identifier@^7.25.9":
+  version "7.25.9"
+  resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz#24b64e2c3ec7cd3b3c547729b8d16871f22cbdc7"
+  integrity sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==
+
 "@babel/helper-validator-option@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.24.7.tgz#24c3bb77c7a425d1742eec8fb433b5a1b38e62f6"
@@ -410,12 +429,12 @@
     "@babel/types" "^7.24.7"
 
 "@babel/helpers@^7.24.7":
-  version "7.24.7"
-  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.24.7.tgz#aa2ccda29f62185acb5d42fb4a3a1b1082107416"
-  integrity sha512-NlmJJtvcw72yRJRcnCmGvSi+3jDEg8qFu3z0AFoymmzLx5ERVWyzd9kVXr7Th9/8yIJi2Zc6av4Tqz3wFs8QWg==
+  version "7.27.0"
+  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.27.0.tgz#53d156098defa8243eab0f32fa17589075a1b808"
+  integrity sha512-U5eyP/CTFPuNE3qk+WZMxFkp/4zUzdceQlfzf7DdGdhp+Fezd7HD+i8Y24ZuTMKX3wQBld449jijbGq6OdGNQg==
   dependencies:
-    "@babel/template" "^7.24.7"
-    "@babel/types" "^7.24.7"
+    "@babel/template" "^7.27.0"
+    "@babel/types" "^7.27.0"
 
 "@babel/highlight@^7.24.7":
   version "7.24.7"
@@ -432,6 +451,13 @@
   resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.24.7.tgz#9a5226f92f0c5c8ead550b750f5608e766c8ce85"
   integrity sha512-9uUYRm6OqQrCqQdG1iCBwBPZgN8ciDBro2nIOFaiRz1/BCxaI7CNvQbDHvsArAC7Tw9Hda/B3U+6ui9u4HWXPw==
 
+"@babel/parser@^7.27.0":
+  version "7.27.0"
+  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.27.0.tgz#3d7d6ee268e41d2600091cbd4e145ffee85a44ec"
+  integrity sha512-iaepho73/2Pz7w2eMS0Q5f83+0RKI7i4xmiYeBmDzfRVbQtTOG7Ts0S4HzJVsTMGI9keU8rNfuZr8DKfSt7Yyg==
+  dependencies:
+    "@babel/types" "^7.27.0"
+
 "@babel/plugin-bugfix-firefox-class-in-computed-class-key@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.24.7.tgz#fd059fd27b184ea2b4c7e646868a9a381bbc3055"
@@ -1207,6 +1233,15 @@
     "@babel/parser" "^7.24.7"
     "@babel/types" "^7.24.7"
 
+"@babel/template@^7.27.0":
+  version "7.27.0"
+  resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.27.0.tgz#b253e5406cc1df1c57dcd18f11760c2dbf40c0b4"
+  integrity sha512-2ncevenBqXI6qRMukPlXwHKHchC7RyMuu4xv5JBXRfOGVcTy1mXCD12qrp7Jsoxll1EV3+9sE4GugBVRjT2jFA==
+  dependencies:
+    "@babel/code-frame" "^7.26.2"
+    "@babel/parser" "^7.27.0"
+    "@babel/types" "^7.27.0"
+
 "@babel/traverse@^7.22.8", "@babel/traverse@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.24.7.tgz#de2b900163fa741721ba382163fe46a936c40cf5"
@@ -1232,6 +1267,14 @@
     "@babel/helper-validator-identifier" "^7.24.7"
     to-fast-properties "^2.0.0"
 
+"@babel/types@^7.27.0":
+  version "7.27.0"
+  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.27.0.tgz#ef9acb6b06c3173f6632d993ecb6d4ae470b4559"
+  integrity sha512-H45s8fVLYjbhFH62dIJ3WtmJ6RSPt/3DRO0ZcT2SUiYiQyz3BLVb9ADEnLl91m74aQPS3AzzeajZHYOalWe3bg==
+  dependencies:
+    "@babel/helper-string-parser" "^7.25.9"
+    "@babel/helper-validator-identifier" "^7.25.9"
+
 "@braintree/sanitize-url@^6.0.1":
   version "6.0.4"
   resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.4.tgz#923ca57e173c6b232bbbb07347b1be982f03e783"

From 4e3da63b6721a3557b072a68773ce32409ce6029 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Apr 2025 11:28:11 +0100
Subject: [PATCH 002/123] chore(deps): bump @babel/runtime from 7.24.7 to
 7.26.10 in /docs (#9575)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime)
from 7.24.7 to 7.26.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/releases"><code>@​babel/runtime</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v7.26.10 (2025-03-11)</h2>
<p>Thanks <a
href="https://github.com/jordan-choi"><code>@​jordan-choi</code></a> and
<a
href="https://github.com/mmmsssttt404"><code>@​mmmsssttt404</code></a>
for your first PRs!</p>
<p>This release includes a fix for <a
href="https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8">https://github.com/babel/babel/security/advisories/GHSA-968p-4wvh-cqc8</a>,
a security vulnerability which affects the <code>.replace</code> method
of transpiled regular expressions that use named capturing groups.</p>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17159">#17159</a>
Disallow decorator in array pattern (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17164">#17164</a>
Fix: always initialize ExportDeclaration attributes (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17142">#17142</a>
fix: &quot;Map maximum size exceeded&quot; in deepClone (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>,
<code>babel-plugin-transform-typescript</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17154">#17154</a>
Update typescript parser tests (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17151">#17151</a>
fix: Should not evaluate vars in child scope (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17153">#17153</a>
fix: Correctly generate <code>abstract override</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17107">#17107</a> Fix
source type detection when parsing TypeScript (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-runtime</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17173">#17173</a> Fix
processing of replacement pattern with named capture groups (<a
href="https://github.com/%5Bmmmsssttt404%5D(https://github.com/mmmsssttt404)"><code>@​mmmsssttt404</code></a>)</li>
</ul>
</li>
</ul>
<h4>:nail_care: Polish</h4>
<ul>
<li><code>babel-standalone</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17158">#17158</a>
Avoid warnings when re-bundling <code>@​babel/standalone</code> with
webpack (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
</ul>
<h4>:house: Internal</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17160">#17160</a>
Left-value parsing cleanup (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 6</h4>
<ul>
<li>Babel Bot (<a
href="https://github.com/babel-bot"><code>@​babel-bot</code></a>)</li>
<li>Huáng Jùnliàng (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
<li>Nicolò Ribaudo (<a
href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li>
<li>Yunyoung Jordan Choi (<a
href="https://github.com/jordan-choi"><code>@​jordan-choi</code></a>)</li>
<li><a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a></li>
<li><a
href="https://github.com/mmmsssttt404"><code>@​mmmsssttt404</code></a></li>
</ul>
<h2>v7.26.9 (2025-02-14)</h2>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17103">#17103</a>
fix: Definition for <code>TSPropertySignature.kind</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17062">#17062</a>
Print TypeScript optional/definite in ClassPrivateProperty (<a
href="https://github.com/jamiebuilds-signal"><code>@​jamiebuilds-signal</code></a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/blob/main/CHANGELOG.md"><code>@​babel/runtime</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>v7.26.10 (2025-03-11)</h2>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17159">#17159</a>
Disallow decorator in array pattern (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17164">#17164</a>
Fix: always initialize ExportDeclaration attributes (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17142">#17142</a>
fix: &quot;Map maximum size exceeded&quot; in deepClone (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>,
<code>babel-plugin-transform-typescript</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17154">#17154</a>
Update typescript parser tests (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17151">#17151</a>
fix: Should not evaluate vars in child scope (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17153">#17153</a>
fix: Correctly generate <code>abstract override</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17107">#17107</a> Fix
source type detection when parsing TypeScript (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-runtime</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17173">#17173</a> Fix
processing of replacement pattern with named capture groups (<a
href="https://github.com/%5Bmmmsssttt404%5D(https://github.com/mmmsssttt404)"><code>@​mmmsssttt404</code></a>)</li>
</ul>
</li>
</ul>
<h4>:nail_care: Polish</h4>
<ul>
<li><code>babel-standalone</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17158">#17158</a>
Avoid warnings when re-bundling <code>@​babel/standalone</code> with
webpack (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
</ul>
<h4>:house: Internal</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17160">#17160</a>
Left-value parsing cleanup (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h2>v7.26.9 (2025-02-14)</h2>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17103">#17103</a>
fix: Definition for <code>TSPropertySignature.kind</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17062">#17062</a>
Print TypeScript optional/definite in ClassPrivateProperty (<a
href="https://github.com/jamiebuilds-signal"><code>@​jamiebuilds-signal</code></a>)</li>
</ul>
</li>
</ul>
<h4>:house: Internal</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17130">#17130</a> Use
<code>.ts</code> files with explicit reexports to solve name conflicts
(<a
href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17127">#17127</a> Do
not depend on <code>@types/gensync</code> in Babel 7 (<a
href="https://github.com/nicolo-ribaudo"><code>@​nicolo-ribaudo</code></a>)</li>
</ul>
</li>
</ul>
<h2>v7.26.7 (2025-01-24)</h2>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-helpers</code>, <code>babel-preset-env</code>,
<code>babel-runtime-corejs3</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17086">#17086</a>
Make &quot;object without properties&quot; helpers ES6-compatible (<a
href="https://github.com/tquetano-netflix"><code>@​tquetano-netflix</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-typeof-symbol</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17085">#17085</a>
fix: Correctly handle <code>typeof</code> in arrow functions (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/babel/babel/commit/e1ce99df422971175249509e7bbc2b327b8f7957"><code>e1ce99d</code></a>
v7.26.10</li>
<li><a
href="https://github.com/babel/babel/commit/d5952e80c0faa5ec20e35085531b6e572d31dad4"><code>d5952e8</code></a>
Fix processing of replacement pattern with named capture groups (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17173">#17173</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/64bca7b5f308cd52c192a5c821a57f6d1b0475f4"><code>64bca7b</code></a>
v7.26.9</li>
<li><a
href="https://github.com/babel/babel/commit/2d9514066e3b135835ed93246ebbcdb7ca0263ca"><code>2d95140</code></a>
v7.26.7</li>
<li><a
href="https://github.com/babel/babel/commit/63d30381c169780460e01bdb6669c5e01af1dfbe"><code>63d3038</code></a>
v7.26.0</li>
<li><a
href="https://github.com/babel/babel/commit/b07957ebb316a1e2fc67454fc7423508bb942e63"><code>b07957e</code></a>
v7.25.9</li>
<li><a
href="https://github.com/babel/babel/commit/af917594e4df3decdde2ce0b1614d607b27367a5"><code>af91759</code></a>
fix: Accidentally publishing useless files (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/16917">#16917</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/2533cfb0c1d90140f320f1e03d41e20407ca30bf"><code>2533cfb</code></a>
v7.25.7</li>
<li><a
href="https://github.com/babel/babel/commit/69d65f1aef74de135a8b262bb9770a41e97b7476"><code>69d65f1</code></a>
[babel 8] Require Node.js <code>^18.20.0 || ^20.17.0 ||
&gt;=22.8.0</code> (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/16800">#16800</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/2f72b978f9acc68d065e7da10c8e270d6f96b7c4"><code>2f72b97</code></a>
v7.25.6</li>
<li>Additional commits viewable in <a
href="https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@babel/runtime&package-manager=npm_and_yarn&previous-version=7.24.7&new-version=7.26.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/zitadel/zitadel/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Skewis <david@zitadel.com>
---
 docs/yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/yarn.lock b/docs/yarn.lock
index 61e00b199d..ad31e03b5e 100644
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@@ -1218,9 +1218,9 @@
     regenerator-runtime "^0.14.0"
 
 "@babel/runtime@^7.1.2", "@babel/runtime@^7.10.3", "@babel/runtime@^7.12.13", "@babel/runtime@^7.12.5", "@babel/runtime@^7.15.4", "@babel/runtime@^7.22.6", "@babel/runtime@^7.8.4", "@babel/runtime@^7.9.2":
-  version "7.24.7"
-  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.24.7.tgz#f4f0d5530e8dbdf59b3451b9b3e594b6ba082e12"
-  integrity sha512-UwgBRMjJP+xv857DCngvqXI3Iq6J4v0wXmwc6sapg+zyhbwmQX67LUEFrkK5tbyJ30jGuG3ZvWpBiB9LCy1kWw==
+  version "7.27.0"
+  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.27.0.tgz#fbee7cf97c709518ecc1f590984481d5460d4762"
+  integrity sha512-VtPOkrdPHZsKc/clNqyi9WUA8TINkZ4cGk63UUE3u4pmB2k+ZMQRDuIOagv8UVd6j7k0T3+RRIb7beKTebNbcw==
   dependencies:
     regenerator-runtime "^0.14.0"
 

From 88493dd2a0c2e929d6151cd307d4514caa555224 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Mon, 14 Apr 2025 13:37:47 +0200
Subject: [PATCH 003/123] docs: strikethrough deprecated APIs (#9740)

# Which Problems Are Solved

The docs overview pages and navs don't visually distinguish between
deprecated and GA APIs.
This makes it hard to find the right methods for the job already.
As we are implementing the resource API and continously deprecate
obsolete APIs, this only gets worse.

# How the Problems Are Solved

The UI items in docs overview pages are striked through and pushed to
the bottom of the list.
This applies to side navs as well as card lists.

For example, [see management user
methods](https://docs-git-strikethrough-deprecated-apis-zitadel.vercel.app/docs/apis/resources/mgmt/users):

![image](https://github.com/user-attachments/assets/a12ccd92-3a70-4854-8ebf-b771ff151083)

A method is considered deprecated if it has this option set in the
protos rpc definition:

```protobuf
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
    deprecated: true;
}
```

# Additional Changes

None

# Additional Context

- Relates to #9680

---------

Co-authored-by: David Skewis <david@zitadel.com>
---
 docs/src/css/custom.css                 | 30 ++++++++++++++++++++++++-
 docs/src/theme/DocCardList/index.js     | 13 +++++++++++
 docs/src/theme/DocSidebarItems/index.js | 14 ++++++++++++
 docs/src/utils/deprecated-items.js      | 29 ++++++++++++++++++++++++
 4 files changed, 85 insertions(+), 1 deletion(-)
 create mode 100644 docs/src/theme/DocCardList/index.js
 create mode 100644 docs/src/theme/DocSidebarItems/index.js
 create mode 100644 docs/src/utils/deprecated-items.js

diff --git a/docs/src/css/custom.css b/docs/src/css/custom.css
index 5083c842e9..50035f2541 100644
--- a/docs/src/css/custom.css
+++ b/docs/src/css/custom.css
@@ -612,4 +612,32 @@ p strong {
   position: absolute;
   top: 0;
   left: 0;
-}
\ No newline at end of file
+}
+
+/*
+  The overview list components are enriched by swizzled DocCardList and DocSidebarItems wrappers.
+  Deprecated list item titles have the class zitadel-lifecycle-deprecated.
+  We strike them through, because this is well-known practice and reduces mental overhead for finding the right method to solve a task.
+ */
+.card:has(.zitadel-lifecycle-deprecated) {
+  position: relative;
+}
+
+.card:has(.zitadel-lifecycle-deprecated)::after {
+  content: "DEPRECATED";
+  position: absolute;
+  top: 10px;
+  right: 10px;
+  background-color: var(--ifm-color-danger-contrast-background);
+  color: var(--ifm-color-danger-contrast-foreground);
+  font-size: 12px;
+  font-weight: 600;
+  padding: 0.25rem 0.5rem;
+  border-radius: 0.25rem;
+  text-transform: uppercase;
+  letter-spacing: 0.05em;
+}
+
+.zitadel-lifecycle-deprecated {
+  text-decoration: line-through;
+}
diff --git a/docs/src/theme/DocCardList/index.js b/docs/src/theme/DocCardList/index.js
new file mode 100644
index 0000000000..c9c24e2b8f
--- /dev/null
+++ b/docs/src/theme/DocCardList/index.js
@@ -0,0 +1,13 @@
+import React from 'react';
+import DocCardList from '@theme-original/DocCardList';
+import toCustomDeprecatedItemsProps from "../../utils/deprecated-items";
+
+// The DocCardList component is used in generated index pages for API services.
+// We customize it for deprecated items.
+export default function DocCardListWrapper(props) {
+    return (
+        <>
+            <DocCardList {...toCustomDeprecatedItemsProps(props)} />
+        </>
+    );
+}
diff --git a/docs/src/theme/DocSidebarItems/index.js b/docs/src/theme/DocSidebarItems/index.js
new file mode 100644
index 0000000000..35ad429fa2
--- /dev/null
+++ b/docs/src/theme/DocSidebarItems/index.js
@@ -0,0 +1,14 @@
+import React from 'react';
+import DocSidebarItems from '@theme-original/DocSidebarItems';
+import toCustomDeprecatedItemsProps from '../../utils/deprecated-items.js';
+
+// The DocSidebarItems component is used in generated side navs for API services.
+// We wrap the original to push deprecated items to the bottom and give them a CSS class.
+// This lets us easily style them differently in docs/src/css/custom.css.
+export default function DocSidebarItemsWrapper(props) {
+    return (
+        <>
+            <DocSidebarItems {...toCustomDeprecatedItemsProps(props)} />
+        </>
+    );
+}
diff --git a/docs/src/utils/deprecated-items.js b/docs/src/utils/deprecated-items.js
new file mode 100644
index 0000000000..353a619d30
--- /dev/null
+++ b/docs/src/utils/deprecated-items.js
@@ -0,0 +1,29 @@
+import React from "react";
+
+// This function changes a ListComponents input properties.
+// Deprecated items are pushed to the bottom of the list and its labels are given the CSS class zitadel-lifecycle-deprecated.
+// They are styled in docs/src/css/custom.css.
+export default function (props) {
+    const { items = [], ...rest } = props;
+    if (!Array.isArray(items)) {
+        // Do nothing if items is not an array
+        return props;
+    }
+    const withDeprecated = [...items].map(({className, label, ...itemRest}) => {
+        const zitadelLifecycleDeprecated = className?.indexOf('menu__list-item--deprecated') > -1
+        const wrappedLabel = <span className={zitadelLifecycleDeprecated ? "zitadel-lifecycle-deprecated" : undefined}>{label}</span>
+        return {
+            zitadelLifecycleDeprecated: zitadelLifecycleDeprecated,
+            ...itemRest,
+            className,
+            label: wrappedLabel,
+        };
+    });
+    const sortedItems = [...withDeprecated].sort((a, b) => {
+        return a.zitadelLifecycleDeprecated - b.zitadelLifecycleDeprecated;
+    });
+    return {
+        ...rest,
+        items: sortedItems,
+    };
+}

From bb59192e3e96b9b448f734b3725588f399f32741 Mon Sep 17 00:00:00 2001
From: Trong Huu Nguyen <tronghn@users.noreply.github.com>
Date: Mon, 14 Apr 2025 16:57:51 +0200
Subject: [PATCH 004/123] fix(console): correct count for users list, show
 create timestamp in user details (#9705)

This pull request fixes a couple of minor issues with the user list and
details pages in Console.

# Which Problems Are Solved

1. The total count in the users list was the total number of results
returned. This made the pagination not work when there were more than
`pageSize * 2` users.
2. The user details page did not show the created timestamp when viewing
a
user.

# How the Problems Are Solved

1. The response includes the total number calculated by the backend. Use
that instead.
2. Inverse the ternary returning the creation date.

# Additional Changes

None

# Additional Context

None

---------

Co-authored-by: Thomas Krampl <thomas.siegfried.krampl@nav.no>
---
 console/src/app/modules/info-row/info-row.component.ts     | 7 ++-----
 .../users/user-list/user-table/user-table.component.ts     | 2 +-
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/console/src/app/modules/info-row/info-row.component.ts b/console/src/app/modules/info-row/info-row.component.ts
index 2689584813..85d6a1bdc6 100644
--- a/console/src/app/modules/info-row/info-row.component.ts
+++ b/console/src/app/modules/info-row/info-row.component.ts
@@ -66,14 +66,11 @@ export class InfoRowComponent {
   }
 
   public get changeDate() {
-    return this?.user?.details?.changeDate;
+    return this.user?.details?.changeDate;
   }
 
   public get creationDate() {
-    if (!this.user) {
-      return undefined;
-    }
-    return '$typeName' in this.user ? undefined : this.user.details?.creationDate;
+    return this.user?.details?.creationDate;
   }
 
   private getEmail(user: User.AsObject | UserV2 | UserV1) {
diff --git a/console/src/app/pages/users/user-list/user-table/user-table.component.ts b/console/src/app/pages/users/user-list/user-table/user-table.component.ts
index 29de192ec2..6ff0d2cd67 100644
--- a/console/src/app/pages/users/user-list/user-table/user-table.component.ts
+++ b/console/src/app/pages/users/user-list/user-table/user-table.component.ts
@@ -119,7 +119,7 @@ export class UserTableComponent implements OnInit {
 
     this.dataSize = toSignal(
       this.users$.pipe(
-        map((users) => users.result.length),
+        map((users) => Number(users.details?.totalResult ?? users.result.length)),
         distinctUntilChanged(),
       ),
       { initialValue: 0 },

From 3b8a2ab8114e5933ad852d53b45b366973e1e0f9 Mon Sep 17 00:00:00 2001
From: Kenta Yamaguchi <56732734+KEY60228@users.noreply.github.com>
Date: Tue, 15 Apr 2025 18:40:25 +0900
Subject: [PATCH 005/123] chore(i18n): add IAM_LOGIN_CLIENT (#9681)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# Which Problems Are Solved

The i18n element `IAM_LOGIN_CLIENT` is missing a translation.

# How the Problems Are Solved

Added translations for `IAM_LOGIN_CLIENT` in each language.

Please note that the translations were generated using Copilot, so they
may not be entirely accurate (I'm only confident that they are correct
for English and Japanese). I appreciate any corrections or improvements.

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
---
 console/src/assets/i18n/bg.json | 1 +
 console/src/assets/i18n/cs.json | 1 +
 console/src/assets/i18n/de.json | 1 +
 console/src/assets/i18n/en.json | 1 +
 console/src/assets/i18n/es.json | 1 +
 console/src/assets/i18n/fr.json | 1 +
 console/src/assets/i18n/hu.json | 1 +
 console/src/assets/i18n/id.json | 1 +
 console/src/assets/i18n/it.json | 1 +
 console/src/assets/i18n/ja.json | 1 +
 console/src/assets/i18n/ko.json | 1 +
 console/src/assets/i18n/mk.json | 1 +
 console/src/assets/i18n/nl.json | 1 +
 console/src/assets/i18n/pl.json | 1 +
 console/src/assets/i18n/pt.json | 1 +
 console/src/assets/i18n/ro.json | 1 +
 console/src/assets/i18n/ru.json | 1 +
 console/src/assets/i18n/sv.json | 1 +
 console/src/assets/i18n/zh.json | 1 +
 19 files changed, 19 insertions(+)

diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json
index f1929cef14..48e7e687f6 100644
--- a/console/src/assets/i18n/bg.json
+++ b/console/src/assets/i18n/bg.json
@@ -642,6 +642,7 @@
     "IAM_USER_MANAGER": "Има разрешение за създаване и управление на потребители",
     "IAM_ADMIN_IMPERSONATOR": "Има разрешение да се представя за администратор и крайни потребители от всички организации",
     "IAM_END_USER_IMPERSONATOR": "Има разрешение да се представя за крайни потребители от всички организации",
+    "IAM_LOGIN_CLIENT": "Има разрешение за управление на клиенти за вход",
     "ORG_OWNER": "Има разрешение за цялата организация",
     "ORG_USER_MANAGER": "Има разрешение да създава и управлява потребители на организацията",
     "ORG_OWNER_VIEWER": "Има разрешение за преглед на цялата организация",
diff --git a/console/src/assets/i18n/cs.json b/console/src/assets/i18n/cs.json
index ba7f4b1ada..c4dc6aa1cc 100644
--- a/console/src/assets/i18n/cs.json
+++ b/console/src/assets/i18n/cs.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "Má oprávnění vytvářet a spravovat uživatele",
     "IAM_ADMIN_IMPERSONATOR": "Má oprávnění vydávat se za správce a koncové uživatele ze všech organizací",
     "IAM_END_USER_IMPERSONATOR": "Má oprávnění vydávat se za koncové uživatele ze všech organizací",
+    "IAM_LOGIN_CLIENT": "Má oprávnění spravovat přihlašovací klienty",
     "ORG_OWNER": "Má oprávnění nad celou organizací",
     "ORG_USER_MANAGER": "Má oprávnění vytvářet a spravovat uživatele organizace",
     "ORG_OWNER_VIEWER": "Má oprávnění prohlížet celou organizaci",
diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json
index 79b9596678..a5c861e891 100644
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "Hat die Berechtigung zum Erstellen und Verwalten von Benutzern",
     "IAM_ADMIN_IMPERSONATOR": "Hat die Berechtigung, sich als Administrator und Endbenutzer aller Organisationen auszugeben",
     "IAM_END_USER_IMPERSONATOR": "Hat die Berechtigung, sich als Endbenutzer aller Organisationen auszugeben",
+    "IAM_LOGIN_CLIENT": "Hat die Berechtigung, Anmeldeclients zu verwalten",
     "ORG_OWNER": "Hat die Berechtigung für die gesamte Organisation",
     "ORG_USER_MANAGER": "Hat die Berechtigung, Benutzer der Organisation zu erstellen und zu verwalten",
     "ORG_OWNER_VIEWER": "Hat die Leseberechtigung, die gesamte Organisation zu überprüfen",
diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json
index 19759d0041..6e682f05c0 100644
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "Has permission to create and manage users",
     "IAM_ADMIN_IMPERSONATOR": "Has permission to impersonate admin and end users from all organizations",
     "IAM_END_USER_IMPERSONATOR": "Has permission to impersonate end users from all organizations",
+    "IAM_LOGIN_CLIENT": "Has permission to manage login clients",
     "ORG_OWNER": "Has permission over the whole organization",
     "ORG_USER_MANAGER": "Has permission to create and manage users of the organization",
     "ORG_OWNER_VIEWER": "Has permission to review the whole organization",
diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json
index 6855d0dcbf..1f90490561 100644
--- a/console/src/assets/i18n/es.json
+++ b/console/src/assets/i18n/es.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "Tiene permiso para crear y gestionar usuarios",
     "IAM_ADMIN_IMPERSONATOR": "Tiene permiso para hacerse pasar por administradores y usuarios finales de todas las organizaciones",
     "IAM_END_USER_IMPERSONATOR": "Tiene permiso para hacerse pasar por usuarios finales de todas las organizaciones",
+    "IAM_LOGIN_CLIENT": "Tiene permiso para gestionar los clientes de inicio de sesión",
     "ORG_OWNER": "Tiene permisos sobre toda la organización",
     "ORG_USER_MANAGER": "Tiene permiso para crear y gestionar usuarios de la organización",
     "ORG_OWNER_VIEWER": "TIene permiso para revisar toda la organización",
diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json
index 47acd0ac9f..a23f87ac79 100644
--- a/console/src/assets/i18n/fr.json
+++ b/console/src/assets/i18n/fr.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "A le droit de créer et de gérer les utilisateurs",
     "IAM_ADMIN_IMPERSONATOR": "A l'autorisation de se faire passer pour l'administrateur et les utilisateurs finaux de toutes les organisations",
     "IAM_END_USER_IMPERSONATOR": "Est autorisé à usurper l'identité des utilisateurs finaux de toutes les organisations",
+    "IAM_LOGIN_CLIENT": "A la permission de gérer les clients de connexion",
     "ORG_OWNER": "A le droit de contrôler l'ensemble de l'organisation",
     "ORG_USER_MANAGER": "A le droit de créer et de gérer les utilisateurs de l'organisation",
     "ORG_OWNER_VIEWER": "A le droit de passer en revue l'ensemble de l'organisation",
diff --git a/console/src/assets/i18n/hu.json b/console/src/assets/i18n/hu.json
index 8e1f8ad7d2..313257e23d 100644
--- a/console/src/assets/i18n/hu.json
+++ b/console/src/assets/i18n/hu.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "Jogosultsága van felhasználók létrehozására és kezelésére",
     "IAM_ADMIN_IMPERSONATOR": "Jogosultsága van adminok és végfelhasználók megszemélyesítésére minden szervezetből",
     "IAM_END_USER_IMPERSONATOR": "Engedélye van az összes szervezet véghasználóinak megszemélyesítésére",
+    "IAM_LOGIN_CLIENT": "Jogosultsága van a bejelentkezési kliensek kezelésére",
     "ORG_OWNER": "Engedélye van az egész szervezet fölött",
     "ORG_USER_MANAGER": "Engedélye van a szervezet felhasználóinak létrehozására és kezelésére",
     "ORG_OWNER_VIEWER": "Engedélye van az egész szervezet áttekintésére",
diff --git a/console/src/assets/i18n/id.json b/console/src/assets/i18n/id.json
index d5cef2c054..a9eba9f73e 100644
--- a/console/src/assets/i18n/id.json
+++ b/console/src/assets/i18n/id.json
@@ -610,6 +610,7 @@
     "IAM_USER_MANAGER": "Memiliki izin untuk membuat dan mengelola pengguna",
     "IAM_ADMIN_IMPERSONATOR": "Memiliki izin untuk menyamar sebagai admin dan pengguna akhir dari semua organisasi",
     "IAM_END_USER_IMPERSONATOR": "Memiliki izin untuk meniru identitas pengguna akhir dari semua organisasi",
+    "IAM_LOGIN_CLIENT": "Memiliki izin untuk mengelola klien masuk",
     "ORG_OWNER": "Memiliki izin atas seluruh organisasi",
     "ORG_USER_MANAGER": "Memiliki izin untuk membuat dan mengelola pengguna organisasi",
     "ORG_OWNER_VIEWER": "Memiliki izin untuk meninjau seluruh organisasi",
diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json
index a42059d11c..a9bcb40a73 100644
--- a/console/src/assets/i18n/it.json
+++ b/console/src/assets/i18n/it.json
@@ -642,6 +642,7 @@
     "IAM_USER_MANAGER": "Ha l'autorizzazione per creare e gestire utenti",
     "IAM_ADMIN_IMPERSONATOR": "Dispone dell'autorizzazione per rappresentare l'amministratore e gli utenti finali di tutte le organizzazioni",
     "IAM_END_USER_IMPERSONATOR": "Dispone dell'autorizzazione per rappresentare gli utenti finali di tutte le organizzazioni",
+    "IAM_LOGIN_CLIENT": "Ha il permesso di gestire i client di accesso",
     "ORG_OWNER": "Ha il permesso su tutta l'organizzazione",
     "ORG_USER_MANAGER": "Ha l'autorizzazione per creare e gestire gli utenti dell'organizzazione",
     "ORG_OWNER_VIEWER": "Ha il permesso di esaminare l'intera organizzazione",
diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json
index 8a9574b7d9..d09249694f 100644
--- a/console/src/assets/i18n/ja.json
+++ b/console/src/assets/i18n/ja.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "ユーザーの作成および管理する権限を持ちます",
     "IAM_ADMIN_IMPERSONATOR": "すべての組織の管理者およびエンドユーザーになりすます権限を持っています",
     "IAM_END_USER_IMPERSONATOR": "すべての組織のエンドユーザーになりすます権限を持っています",
+    "IAM_LOGIN_CLIENT": "ログインクライアントを管理する権限を持っています",
     "ORG_OWNER": "組織全体に対する権限を持ちます",
     "ORG_USER_MANAGER": "組織のユーザーを作成および管理する権限を持ちます",
     "ORG_OWNER_VIEWER": "組織全体を閲覧する権限を持ちます",
diff --git a/console/src/assets/i18n/ko.json b/console/src/assets/i18n/ko.json
index c596b3b067..0f805f5479 100644
--- a/console/src/assets/i18n/ko.json
+++ b/console/src/assets/i18n/ko.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "사용자를 생성하고 관리할 수 있는 권한이 있습니다",
     "IAM_ADMIN_IMPERSONATOR": "모든 조직의 관리자와 최종 사용자를 대리할 수 있는 권한이 있습니다",
     "IAM_END_USER_IMPERSONATOR": "모든 조직의 최종 사용자를 대리할 수 있는 권한이 있습니다",
+    "IAM_LOGIN_CLIENT": "로그인 클라이언트를 관리할 수 있는 권한이 있습니다",
     "ORG_OWNER": "조직에 대한 전체 권한이 있습니다",
     "ORG_USER_MANAGER": "조직의 사용자를 생성하고 관리할 수 있는 권한이 있습니다",
     "ORG_OWNER_VIEWER": "조직 전체를 검토할 수 있는 권한이 있습니다",
diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json
index c01b485f0a..134af90cef 100644
--- a/console/src/assets/i18n/mk.json
+++ b/console/src/assets/i18n/mk.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "Има дозвола за креирање и менаџирање на корисници",
     "IAM_ADMIN_IMPERSONATOR": "Има дозвола да се претставува како администратор и крајни корисници од сите организации",
     "IAM_END_USER_IMPERSONATOR": "Има дозвола да ги имитира крајните корисници од сите организации",
+    "IAM_LOGIN_CLIENT": "Има дозвола за менаџирање на клиенти за најава",
     "ORG_OWNER": "Има дозвола врз целата организација",
     "ORG_USER_MANAGER": "Има дозвола за креирање и менаџирање на корисници во организацијата",
     "ORG_OWNER_VIEWER": "Има дозвола за преглед на целата организација",
diff --git a/console/src/assets/i18n/nl.json b/console/src/assets/i18n/nl.json
index ab8243e2a5..db462ea0dd 100644
--- a/console/src/assets/i18n/nl.json
+++ b/console/src/assets/i18n/nl.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "Heeft toestemming om gebruikers aan te maken en te beheren",
     "IAM_ADMIN_IMPERSONATOR": "Heeft toestemming om zich voor te doen als beheerder en eindgebruikers van alle organisaties",
     "IAM_END_USER_IMPERSONATOR": "Heeft toestemming om eindgebruikers van alle organisaties na te bootsen",
+    "IAM_LOGIN_CLIENT": "Heeft toestemming om aanmeldklanten te beheren",
     "ORG_OWNER": "Heeft toestemming over de hele organisatie",
     "ORG_USER_MANAGER": "Heeft toestemming om gebruikers van de organisatie aan te maken en te beheren",
     "ORG_OWNER_VIEWER": "Heeft toestemming om de hele organisatie te bekijken",
diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json
index b071c4f99a..6f68e79524 100644
--- a/console/src/assets/i18n/pl.json
+++ b/console/src/assets/i18n/pl.json
@@ -642,6 +642,7 @@
     "IAM_USER_MANAGER": "Ma uprawnienie do tworzenia i zarządzania użytkownikami",
     "IAM_ADMIN_IMPERSONATOR": "Ma uprawnienia do podszywania się pod administratora i użytkowników końcowych ze wszystkich organizacji",
     "IAM_END_USER_IMPERSONATOR": "Ma uprawnienia do podszywania się pod użytkowników końcowych ze wszystkich organizacji",
+    "IAM_LOGIN_CLIENT": "Ma uprawnienia do zarządzania klientami logowania",
     "ORG_OWNER": "Ma uprawnienie nad całą organizacją",
     "ORG_USER_MANAGER": "Ma uprawnienie do tworzenia i zarządzania użytkownikami organizacji",
     "ORG_OWNER_VIEWER": "Ma uprawnienie do przeglądania całej organizacji",
diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json
index a8ab833724..c083cb5079 100644
--- a/console/src/assets/i18n/pt.json
+++ b/console/src/assets/i18n/pt.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "Tem permissão para criar e gerenciar usuários",
     "IAM_ADMIN_IMPERSONATOR": "Tem permissão para se passar por administradores e usuários finais de todas as organizações",
     "IAM_END_USER_IMPERSONATOR": "Tem permissão para se passar por usuários finais de todas as organizações",
+    "IAM_LOGIN_CLIENT": "Tem permissão para gerenciar clientes de login",
     "ORG_OWNER": "Tem permissão sobre toda a organização",
     "ORG_USER_MANAGER": "Tem permissão para criar e gerenciar usuários da organização",
     "ORG_OWNER_VIEWER": "Tem permissão para revisar toda a organização",
diff --git a/console/src/assets/i18n/ro.json b/console/src/assets/i18n/ro.json
index 987368d84f..5938368345 100644
--- a/console/src/assets/i18n/ro.json
+++ b/console/src/assets/i18n/ro.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "Are permisiunea de a crea și gestiona utilizatori",
     "IAM_ADMIN_IMPERSONATOR": "Are permisiunea de a impersona administratorul și utilizatorii finali din toate organizațiile",
     "IAM_END_USER_IMPERSONATOR": "Are permisiunea de a impersona utilizatorii finali din toate organizațiile",
+    "IAM_LOGIN_CLIENT": "Are permisiunea de a gestiona clientii de login",
     "ORG_OWNER": "Are permisiunea asupra întregii organizații",
     "ORG_USER_MANAGER": "Are permisiunea de a crea și gestiona utilizatorii organizației",
     "ORG_OWNER_VIEWER": "Are permisiunea de a revizui întreaga organizație",
diff --git a/console/src/assets/i18n/ru.json b/console/src/assets/i18n/ru.json
index 1289fb708f..a612a586b3 100644
--- a/console/src/assets/i18n/ru.json
+++ b/console/src/assets/i18n/ru.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "Имеет разрешение на создание и управление пользователями",
     "IAM_ADMIN_IMPERSONATOR": "Имеет разрешение выдавать себя за администратора и конечных пользователей из всех организаций",
     "IAM_END_USER_IMPERSONATOR": "Имеет разрешение выдавать себя за конечных пользователей из всех организаций",
+    "IAM_LOGIN_CLIENT": "Имеет разрешение на управление клиентами входа",
     "ORG_OWNER": "Имеет разрешение на всю организацию",
     "ORG_USER_MANAGER": "Имеет разрешение на создание и управление пользователями организации",
     "ORG_OWNER_VIEWER": "Имеет разрешение на просмотр всей организации",
diff --git a/console/src/assets/i18n/sv.json b/console/src/assets/i18n/sv.json
index 44ca2fc200..1cae15230b 100644
--- a/console/src/assets/i18n/sv.json
+++ b/console/src/assets/i18n/sv.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "Har behörighet att skapa och hantera användare",
     "IAM_ADMIN_IMPERSONATOR": "Har behörighet att imitera administratörer och slutanvändare från alla organisationer",
     "IAM_END_USER_IMPERSONATOR": "Har behörighet att imitera slutanvändare från alla organisationer",
+    "IAM_LOGIN_CLIENT": "Har behörighet att hantera inloggningsklienter",
     "ORG_OWNER": "Har behörighet över hela organisationen",
     "ORG_USER_MANAGER": "Har behörighet att skapa och hantera användare i organisationen",
     "ORG_OWNER_VIEWER": "Har behörighet att granska hela organisationen",
diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json
index 5df3b414ab..1a3895aa7b 100644
--- a/console/src/assets/i18n/zh.json
+++ b/console/src/assets/i18n/zh.json
@@ -643,6 +643,7 @@
     "IAM_USER_MANAGER": "有权创建和管理用户",
     "IAM_ADMIN_IMPERSONATOR": "有权模拟所有组织的管理员和最终用户",
     "IAM_END_USER_IMPERSONATOR": "有权模拟所有组织的最终用户",
+    "IAM_LOGIN_CLIENT": "具有管理登录客户端的权限",
     "ORG_OWNER": "拥有整个组织的权限",
     "ORG_USER_MANAGER": "有权创建和管理组织的用户",
     "ORG_OWNER_VIEWER": "有权审查整个组织",

From a2f60f2e7af4d5c3282d1a568fa04492e8b1a7ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Tue, 15 Apr 2025 19:38:25 +0300
Subject: [PATCH 006/123] perf(query): org permission function for resources
 (#9677)

# Which Problems Are Solved

Classic permission checks execute for every returned row on resource
based search APIs. Complete background and problem definition can be
found here: https://github.com/zitadel/zitadel/issues/9188

# How the Problems Are Solved

- PermissionClause function now support dynamic query building, so it
supports multiple cases.
- PermissionClause is applied to all list resources which support org
level permissions.
- Wrap permission logic into wrapper functions so we keep the business
logic clean.

# Additional Changes

- Handle org ID optimization in the query package, so it is reusable for
all resources, instead of extracting the filter in the API.
- Cleanup and test system user conversion in the authz package. (context
middleware)
- Fix: `core_integration_db_up` make recipe was missing the postgres
service.

# Additional Context

- Related to https://github.com/zitadel/zitadel/issues/9190
---
 Makefile                                 |   2 +-
 internal/api/authz/authorization.go      |  50 ++----
 internal/api/authz/authorization_test.go | 126 ++++++++++++++
 internal/api/authz/context.go            |  35 ++--
 internal/api/authz/membertype_enumer.go  |  20 ++-
 internal/api/grpc/admin/export.go        |   2 +-
 internal/api/grpc/admin/org.go           |   2 +-
 internal/api/grpc/management/org.go      |   2 +-
 internal/api/grpc/management/user.go     |   2 +-
 internal/api/grpc/user/v2/query.go       |  25 ++-
 internal/api/grpc/user/v2beta/query.go   |  25 ++-
 internal/api/scim/resources/user.go      |   2 +-
 internal/api/ui/login/login.go           |   2 +-
 internal/database/type.go                |  34 ++++
 internal/database/type_test.go           |  87 ++++++++++
 internal/query/idp_user_link.go          |  27 ++-
 internal/query/org.go                    |  19 ++-
 internal/query/permission.go             | 153 ++++++++++-------
 internal/query/permission_test.go        | 208 +++++++++++++++++++++++
 internal/query/query.go                  |  13 ++
 internal/query/session.go                |  24 ++-
 internal/query/user.go                   |  33 ++--
 internal/query/user_auth_method.go       |  20 ++-
 23 files changed, 741 insertions(+), 172 deletions(-)
 create mode 100644 internal/query/permission_test.go

diff --git a/Makefile b/Makefile
index b5145cef3d..3c50231bee 100644
--- a/Makefile
+++ b/Makefile
@@ -112,7 +112,7 @@ core_unit_test:
 
 .PHONY: core_integration_db_up
 core_integration_db_up:
-	docker compose -f internal/integration/config/docker-compose.yaml up --pull always --wait cache
+	docker compose -f internal/integration/config/docker-compose.yaml up --pull always --wait cache postgres
 
 .PHONY: core_integration_db_down
 core_integration_db_down:
diff --git a/internal/api/authz/authorization.go b/internal/api/authz/authorization.go
index ea20a2438f..25130584a0 100644
--- a/internal/api/authz/authorization.go
+++ b/internal/api/authz/authorization.go
@@ -7,8 +7,6 @@ import (
 	"slices"
 	"strings"
 
-	"github.com/zitadel/logging"
-
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
@@ -26,14 +24,13 @@ func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID,
 	ctx, span := tracing.NewServerInterceptorSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	ctxData, err := VerifyTokenAndCreateCtxData(ctx, token, orgID, orgDomain, verifier)
+	ctxData, err := VerifyTokenAndCreateCtxData(ctx, token, orgID, orgDomain, verifier, systemRolePermissionMapping)
 	if err != nil {
 		return nil, err
 	}
 
 	if requiredAuthOption.Permission == authenticated {
 		return func(parent context.Context) context.Context {
-			parent = addGetSystemUserRolesToCtx(parent, systemRolePermissionMapping, ctxData)
 			return context.WithValue(parent, dataKey, ctxData)
 		}, nil
 	}
@@ -54,7 +51,6 @@ func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID,
 		parent = context.WithValue(parent, dataKey, ctxData)
 		parent = context.WithValue(parent, allPermissionsKey, allPermissions)
 		parent = context.WithValue(parent, requestPermissionsKey, requestedPermissions)
-		parent = addGetSystemUserRolesToCtx(parent, systemRolePermissionMapping, ctxData)
 		return parent
 	}, nil
 }
@@ -131,42 +127,32 @@ func GetAllPermissionCtxIDs(perms []string) []string {
 	return ctxIDs
 }
 
-type SystemUserPermissionsDBQuery struct {
-	MemberType  string   `json:"member_type"`
-	AggregateID string   `json:"aggregate_id"`
-	ObjectID    string   `json:"object_id"`
-	Permissions []string `json:"permissions"`
+type SystemUserPermissions struct {
+	MemberType  MemberType `json:"member_type"`
+	AggregateID string     `json:"aggregate_id"`
+	ObjectID    string     `json:"object_id"`
+	Permissions []string   `json:"permissions"`
 }
 
-func addGetSystemUserRolesToCtx(ctx context.Context, systemUserRoleMap []RoleMapping, ctxData CtxData) context.Context {
-	if len(ctxData.SystemMemberships) == 0 {
-		return ctx
+// systemMembershipsToUserPermissions converts system memberships based on roles,
+// to SystemUserPermissions, using the passed role mapping.
+func systemMembershipsToUserPermissions(memberships Memberships, roleMap []RoleMapping) []SystemUserPermissions {
+	if memberships == nil {
+		return nil
 	}
-	systemUserPermissions := make([]SystemUserPermissionsDBQuery, len(ctxData.SystemMemberships))
-	for i, systemPerm := range ctxData.SystemMemberships {
+	systemUserPermissions := make([]SystemUserPermissions, len(memberships))
+	for i, systemPerm := range memberships {
 		permissions := make([]string, 0, len(systemPerm.Roles))
 		for _, role := range systemPerm.Roles {
-			permissions = append(permissions, getPermissionsFromRole(systemUserRoleMap, role)...)
+			permissions = append(permissions, getPermissionsFromRole(roleMap, role)...)
 		}
 		slices.Sort(permissions)
-		permissions = slices.Compact(permissions)
+		permissions = slices.Compact(permissions) // remove duplicates
 
-		systemUserPermissions[i].MemberType = systemPerm.MemberType.String()
+		systemUserPermissions[i].MemberType = systemPerm.MemberType
 		systemUserPermissions[i].AggregateID = systemPerm.AggregateID
+		systemUserPermissions[i].ObjectID = systemPerm.ObjectID
 		systemUserPermissions[i].Permissions = permissions
 	}
-	return context.WithValue(ctx, systemUserRolesKey, systemUserPermissions)
-}
-
-func GetSystemUserPermissions(ctx context.Context) []SystemUserPermissionsDBQuery {
-	getSystemUserRolesFuncValue := ctx.Value(systemUserRolesKey)
-	if getSystemUserRolesFuncValue == nil {
-		return nil
-	}
-	systemUserRoles, ok := getSystemUserRolesFuncValue.([]SystemUserPermissionsDBQuery)
-	if !ok {
-		logging.WithFields("Authz").Error("unable to cast []SystemUserPermissionsDBQuery")
-		return nil
-	}
-	return systemUserRoles
+	return systemUserPermissions
 }
diff --git a/internal/api/authz/authorization_test.go b/internal/api/authz/authorization_test.go
index 4b81c73d81..af49dcc5c6 100644
--- a/internal/api/authz/authorization_test.go
+++ b/internal/api/authz/authorization_test.go
@@ -3,6 +3,8 @@ package authz
 import (
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
@@ -276,3 +278,127 @@ func Test_GetPermissionCtxIDs(t *testing.T) {
 		})
 	}
 }
+
+func Test_systemMembershipsToUserPermissions(t *testing.T) {
+	roleMap := []RoleMapping{
+		{
+			Role:        "FOO_BAR",
+			Permissions: []string{"foo.bar.read", "foo.bar.write"},
+		},
+		{
+			Role:        "BAR_FOO",
+			Permissions: []string{"bar.foo.read", "bar.foo.write", "foo.bar.read"},
+		},
+	}
+
+	type args struct {
+		memberships Memberships
+		roleMap     []RoleMapping
+	}
+	tests := []struct {
+		name string
+		args args
+		want []SystemUserPermissions
+	}{
+		{
+			name: "nil memberships",
+			args: args{
+				memberships: nil,
+				roleMap:     roleMap,
+			},
+			want: nil,
+		},
+		{
+			name: "empty memberships",
+			args: args{
+				memberships: Memberships{},
+				roleMap:     roleMap,
+			},
+			want: []SystemUserPermissions{},
+		},
+		{
+			name: "single membership",
+			args: args{
+				memberships: Memberships{
+					{
+						MemberType:  MemberTypeSystem,
+						AggregateID: "1",
+						ObjectID:    "2",
+						Roles:       []string{"FOO_BAR"},
+					},
+				},
+				roleMap: roleMap,
+			},
+			want: []SystemUserPermissions{
+				{
+					MemberType:  MemberTypeSystem,
+					AggregateID: "1",
+					ObjectID:    "2",
+					Permissions: []string{"foo.bar.read", "foo.bar.write"},
+				},
+			},
+		},
+		{
+			name: "multiple memberships",
+			args: args{
+				memberships: Memberships{
+					{
+						MemberType:  MemberTypeSystem,
+						AggregateID: "1",
+						ObjectID:    "2",
+						Roles:       []string{"FOO_BAR"},
+					},
+					{
+						MemberType:  MemberTypeIAM,
+						AggregateID: "1",
+						ObjectID:    "2",
+						Roles:       []string{"BAR_FOO"},
+					},
+				},
+				roleMap: roleMap,
+			},
+			want: []SystemUserPermissions{
+				{
+					MemberType:  MemberTypeSystem,
+					AggregateID: "1",
+					ObjectID:    "2",
+					Permissions: []string{"foo.bar.read", "foo.bar.write"},
+				},
+				{
+					MemberType:  MemberTypeIAM,
+					AggregateID: "1",
+					ObjectID:    "2",
+					Permissions: []string{"bar.foo.read", "bar.foo.write", "foo.bar.read"},
+				},
+			},
+		},
+		{
+			name: "multiple roles",
+			args: args{
+				memberships: Memberships{
+					{
+						MemberType:  MemberTypeSystem,
+						AggregateID: "1",
+						ObjectID:    "2",
+						Roles:       []string{"FOO_BAR", "BAR_FOO"},
+					},
+				},
+				roleMap: roleMap,
+			},
+			want: []SystemUserPermissions{
+				{
+					MemberType:  MemberTypeSystem,
+					AggregateID: "1",
+					ObjectID:    "2",
+					Permissions: []string{"bar.foo.read", "bar.foo.write", "foo.bar.read", "foo.bar.write"},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := systemMembershipsToUserPermissions(tt.args.memberships, tt.args.roleMap)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/internal/api/authz/context.go b/internal/api/authz/context.go
index d6528cd017..d12a1def44 100644
--- a/internal/api/authz/context.go
+++ b/internal/api/authz/context.go
@@ -1,4 +1,4 @@
-//go:generate enumer -type MemberType -trimprefix MemberType
+//go:generate enumer -type MemberType -trimprefix MemberType -json
 
 package authz
 
@@ -22,17 +22,17 @@ const (
 	dataKey               key = 2
 	allPermissionsKey     key = 3
 	instanceKey           key = 4
-	systemUserRolesKey    key = 5
 )
 
 type CtxData struct {
-	UserID            string
-	OrgID             string
-	ProjectID         string
-	AgentID           string
-	PreferredLanguage string
-	ResourceOwner     string
-	SystemMemberships Memberships
+	UserID                string
+	OrgID                 string
+	ProjectID             string
+	AgentID               string
+	PreferredLanguage     string
+	ResourceOwner         string
+	SystemMemberships     Memberships
+	SystemUserPermissions []SystemUserPermissions
 }
 
 func (ctxData CtxData) IsZero() bool {
@@ -98,7 +98,7 @@ func (s SystemTokenVerifierFunc) VerifySystemToken(ctx context.Context, token st
 	return s(ctx, token, orgID)
 }
 
-func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID, orgDomain string, t APITokenVerifier) (_ CtxData, err error) {
+func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID, orgDomain string, t APITokenVerifier, systemRoleMap []RoleMapping) (_ CtxData, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 	tokenWOBearer, err := extractBearerToken(token)
@@ -133,13 +133,14 @@ func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID, orgDomain st
 		}
 	}
 	return CtxData{
-		UserID:            userID,
-		OrgID:             orgID,
-		ProjectID:         projectID,
-		AgentID:           agentID,
-		PreferredLanguage: prefLang,
-		ResourceOwner:     resourceOwner,
-		SystemMemberships: sysMemberships,
+		UserID:                userID,
+		OrgID:                 orgID,
+		ProjectID:             projectID,
+		AgentID:               agentID,
+		PreferredLanguage:     prefLang,
+		ResourceOwner:         resourceOwner,
+		SystemMemberships:     sysMemberships,
+		SystemUserPermissions: systemMembershipsToUserPermissions(sysMemberships, systemRoleMap),
 	}, nil
 }
 
diff --git a/internal/api/authz/membertype_enumer.go b/internal/api/authz/membertype_enumer.go
index 5de4c92292..a4275a2254 100644
--- a/internal/api/authz/membertype_enumer.go
+++ b/internal/api/authz/membertype_enumer.go
@@ -1,8 +1,9 @@
-// Code generated by "enumer -type MemberType -trimprefix MemberType"; DO NOT EDIT.
+// Code generated by "enumer -type MemberType -trimprefix MemberType -json"; DO NOT EDIT.
 
 package authz
 
 import (
+	"encoding/json"
 	"fmt"
 	"strings"
 )
@@ -92,3 +93,20 @@ func (i MemberType) IsAMemberType() bool {
 	}
 	return false
 }
+
+// MarshalJSON implements the json.Marshaler interface for MemberType
+func (i MemberType) MarshalJSON() ([]byte, error) {
+	return json.Marshal(i.String())
+}
+
+// UnmarshalJSON implements the json.Unmarshaler interface for MemberType
+func (i *MemberType) UnmarshalJSON(data []byte) error {
+	var s string
+	if err := json.Unmarshal(data, &s); err != nil {
+		return fmt.Errorf("MemberType should be a string, got %s", data)
+	}
+
+	var err error
+	*i, err = MemberTypeString(s)
+	return err
+}
diff --git a/internal/api/grpc/admin/export.go b/internal/api/grpc/admin/export.go
index da364909cb..68b6053c2c 100644
--- a/internal/api/grpc/admin/export.go
+++ b/internal/api/grpc/admin/export.go
@@ -554,7 +554,7 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w
 	if err != nil {
 		return nil, nil, nil, nil, err
 	}
-	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{orgSearch}}, org, nil)
+	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{orgSearch}}, nil)
 	if err != nil {
 		return nil, nil, nil, nil, err
 	}
diff --git a/internal/api/grpc/admin/org.go b/internal/api/grpc/admin/org.go
index 93e6936d42..293e7c74d7 100644
--- a/internal/api/grpc/admin/org.go
+++ b/internal/api/grpc/admin/org.go
@@ -108,7 +108,7 @@ func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain str
 	if err != nil {
 		return nil, err
 	}
-	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}}, "", nil)
+	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}}, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/api/grpc/management/org.go b/internal/api/grpc/management/org.go
index a6a934160a..70f509a4d7 100644
--- a/internal/api/grpc/management/org.go
+++ b/internal/api/grpc/management/org.go
@@ -329,7 +329,7 @@ func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain, or
 		}
 		queries = append(queries, owner)
 	}
-	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: queries}, orgID, nil)
+	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: queries}, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/api/grpc/management/user.go b/internal/api/grpc/management/user.go
index b876999584..5b82eb5afe 100644
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -69,7 +69,7 @@ func (s *Server) ListUsers(ctx context.Context, req *mgmt_pb.ListUsersRequest) (
 	if err != nil {
 		return nil, err
 	}
-	res, err := s.query.SearchUsers(ctx, queries, orgID, nil)
+	res, err := s.query.SearchUsers(ctx, queries, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/api/grpc/user/v2/query.go b/internal/api/grpc/user/v2/query.go
index 23d4b4422c..136a4a0932 100644
--- a/internal/api/grpc/user/v2/query.go
+++ b/internal/api/grpc/user/v2/query.go
@@ -30,11 +30,11 @@ func (s *Server) GetUserByID(ctx context.Context, req *user.GetUserByIDRequest)
 }
 
 func (s *Server) ListUsers(ctx context.Context, req *user.ListUsersRequest) (*user.ListUsersResponse, error) {
-	queries, filterOrgId, err := listUsersRequestToModel(req)
+	queries, err := listUsersRequestToModel(req)
 	if err != nil {
 		return nil, err
 	}
-	res, err := s.query.SearchUsers(ctx, queries, filterOrgId, s.checkPermission)
+	res, err := s.query.SearchUsers(ctx, queries, s.checkPermission)
 	if err != nil {
 		return nil, err
 	}
@@ -171,11 +171,11 @@ func accessTokenTypeToPb(accessTokenType domain.OIDCTokenType) user.AccessTokenT
 	}
 }
 
-func listUsersRequestToModel(req *user.ListUsersRequest) (*query.UserSearchQueries, string, error) {
+func listUsersRequestToModel(req *user.ListUsersRequest) (*query.UserSearchQueries, error) {
 	offset, limit, asc := object.ListQueryToQuery(req.Query)
-	queries, filterOrgId, err := userQueriesToQuery(req.Queries, 0 /*start from level 0*/)
+	queries, err := userQueriesToQuery(req.Queries, 0 /*start from level 0*/)
 	if err != nil {
-		return nil, "", err
+		return nil, err
 	}
 	return &query.UserSearchQueries{
 		SearchRequest: query.SearchRequest{
@@ -185,7 +185,7 @@ func listUsersRequestToModel(req *user.ListUsersRequest) (*query.UserSearchQueri
 			SortingColumn: userFieldNameToSortingColumn(req.SortingColumn),
 		},
 		Queries: queries,
-	}, filterOrgId, nil
+	}, nil
 }
 
 func userFieldNameToSortingColumn(field user.UserFieldName) query.Column {
@@ -215,18 +215,15 @@ func userFieldNameToSortingColumn(field user.UserFieldName) query.Column {
 	}
 }
 
-func userQueriesToQuery(queries []*user.SearchQuery, level uint8) (_ []query.SearchQuery, filterOrgId string, err error) {
+func userQueriesToQuery(queries []*user.SearchQuery, level uint8) (_ []query.SearchQuery, err error) {
 	q := make([]query.SearchQuery, len(queries))
 	for i, query := range queries {
-		if orgFilter := query.GetOrganizationIdQuery(); orgFilter != nil {
-			filterOrgId = orgFilter.OrganizationId
-		}
 		q[i], err = userQueryToQuery(query, level)
 		if err != nil {
-			return nil, filterOrgId, err
+			return nil, err
 		}
 	}
-	return q, filterOrgId, nil
+	return q, nil
 }
 
 func userQueryToQuery(query *user.SearchQuery, level uint8) (query.SearchQuery, error) {
@@ -320,14 +317,14 @@ func inUserIdsQueryToQuery(q *user.InUserIDQuery) (query.SearchQuery, error) {
 	return query.NewUserInUserIdsSearchQuery(q.UserIds)
 }
 func orQueryToQuery(q *user.OrQuery, level uint8) (query.SearchQuery, error) {
-	mappedQueries, _, err := userQueriesToQuery(q.Queries, level+1)
+	mappedQueries, err := userQueriesToQuery(q.Queries, level+1)
 	if err != nil {
 		return nil, err
 	}
 	return query.NewUserOrSearchQuery(mappedQueries)
 }
 func andQueryToQuery(q *user.AndQuery, level uint8) (query.SearchQuery, error) {
-	mappedQueries, _, err := userQueriesToQuery(q.Queries, level+1)
+	mappedQueries, err := userQueriesToQuery(q.Queries, level+1)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/api/grpc/user/v2beta/query.go b/internal/api/grpc/user/v2beta/query.go
index 7baa53e73e..e3602abc33 100644
--- a/internal/api/grpc/user/v2beta/query.go
+++ b/internal/api/grpc/user/v2beta/query.go
@@ -29,11 +29,11 @@ func (s *Server) GetUserByID(ctx context.Context, req *user.GetUserByIDRequest)
 }
 
 func (s *Server) ListUsers(ctx context.Context, req *user.ListUsersRequest) (*user.ListUsersResponse, error) {
-	queries, filterOrgIds, err := listUsersRequestToModel(req)
+	queries, err := listUsersRequestToModel(req)
 	if err != nil {
 		return nil, err
 	}
-	res, err := s.query.SearchUsers(ctx, queries, filterOrgIds, s.checkPermission)
+	res, err := s.query.SearchUsers(ctx, queries, s.checkPermission)
 	if err != nil {
 		return nil, err
 	}
@@ -165,11 +165,11 @@ func accessTokenTypeToPb(accessTokenType domain.OIDCTokenType) user.AccessTokenT
 	}
 }
 
-func listUsersRequestToModel(req *user.ListUsersRequest) (*query.UserSearchQueries, string, error) {
+func listUsersRequestToModel(req *user.ListUsersRequest) (*query.UserSearchQueries, error) {
 	offset, limit, asc := object.ListQueryToQuery(req.Query)
-	queries, filterOrgId, err := userQueriesToQuery(req.Queries, 0 /*start from level 0*/)
+	queries, err := userQueriesToQuery(req.Queries, 0 /*start from level 0*/)
 	if err != nil {
-		return nil, "", err
+		return nil, err
 	}
 	return &query.UserSearchQueries{
 		SearchRequest: query.SearchRequest{
@@ -179,7 +179,7 @@ func listUsersRequestToModel(req *user.ListUsersRequest) (*query.UserSearchQueri
 			SortingColumn: userFieldNameToSortingColumn(req.SortingColumn),
 		},
 		Queries: queries,
-	}, filterOrgId, nil
+	}, nil
 }
 
 func userFieldNameToSortingColumn(field user.UserFieldName) query.Column {
@@ -209,18 +209,15 @@ func userFieldNameToSortingColumn(field user.UserFieldName) query.Column {
 	}
 }
 
-func userQueriesToQuery(queries []*user.SearchQuery, level uint8) (_ []query.SearchQuery, filterOrgId string, err error) {
+func userQueriesToQuery(queries []*user.SearchQuery, level uint8) (_ []query.SearchQuery, err error) {
 	q := make([]query.SearchQuery, len(queries))
 	for i, query := range queries {
-		if orgFilter := query.GetOrganizationIdQuery(); orgFilter != nil {
-			filterOrgId = orgFilter.OrganizationId
-		}
 		q[i], err = userQueryToQuery(query, level)
 		if err != nil {
-			return nil, filterOrgId, err
+			return nil, err
 		}
 	}
-	return q, filterOrgId, nil
+	return q, nil
 }
 
 func userQueryToQuery(query *user.SearchQuery, level uint8) (query.SearchQuery, error) {
@@ -314,14 +311,14 @@ func inUserIdsQueryToQuery(q *user.InUserIDQuery) (query.SearchQuery, error) {
 	return query.NewUserInUserIdsSearchQuery(q.UserIds)
 }
 func orQueryToQuery(q *user.OrQuery, level uint8) (query.SearchQuery, error) {
-	mappedQueries, _, err := userQueriesToQuery(q.Queries, level+1)
+	mappedQueries, err := userQueriesToQuery(q.Queries, level+1)
 	if err != nil {
 		return nil, err
 	}
 	return query.NewUserOrSearchQuery(mappedQueries)
 }
 func andQueryToQuery(q *user.AndQuery, level uint8) (query.SearchQuery, error) {
-	mappedQueries, _, err := userQueriesToQuery(q.Queries, level+1)
+	mappedQueries, err := userQueriesToQuery(q.Queries, level+1)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/api/scim/resources/user.go b/internal/api/scim/resources/user.go
index ffd39aa23f..bc8d864994 100644
--- a/internal/api/scim/resources/user.go
+++ b/internal/api/scim/resources/user.go
@@ -240,7 +240,7 @@ func (h *UsersHandler) List(ctx context.Context, request *ListRequest) (*ListRes
 		return NewListResponse(count, q.SearchRequest, make([]*ScimUser, 0)), nil
 	}
 
-	users, err := h.query.SearchUsers(ctx, q, authz.GetCtxData(ctx).OrgID, nil)
+	users, err := h.query.SearchUsers(ctx, q, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/api/ui/login/login.go b/internal/api/ui/login/login.go
index 4b028a347f..444c5aaa85 100644
--- a/internal/api/ui/login/login.go
+++ b/internal/api/ui/login/login.go
@@ -182,7 +182,7 @@ func (l *Login) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgName string
 	if err != nil {
 		return nil, err
 	}
-	users, err := l.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}}, "", nil)
+	users, err := l.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}}, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/database/type.go b/internal/database/type.go
index 6a781288a9..bd07e0bfde 100644
--- a/internal/database/type.go
+++ b/internal/database/type.go
@@ -225,3 +225,37 @@ func (d *NullDuration) Scan(src any) error {
 	d.Duration, d.Valid = time.Duration(*duration), true
 	return nil
 }
+
+// JSONArray allows sending and receiving JSON arrays to and from the database.
+// It implements the [database/sql.Scanner] and [database/sql/driver.Valuer] interfaces.
+// Values are marshaled and unmarshaled using the [encoding/json] package.
+type JSONArray[T any] []T
+
+// NewJSONArray wraps an existing slice into a JSONArray.
+func NewJSONArray[T any](a []T) JSONArray[T] {
+	return JSONArray[T](a)
+}
+
+// Scan implements the [database/sql.Scanner] interface.
+func (a *JSONArray[T]) Scan(src any) error {
+	if src == nil {
+		*a = nil
+		return nil
+	}
+
+	bytes := src.([]byte)
+	if len(bytes) == 0 {
+		*a = nil
+		return nil
+	}
+
+	return json.Unmarshal(bytes, a)
+}
+
+// Value implements the [database/sql/driver.Valuer] interface.
+func (a JSONArray[T]) Value() (driver.Value, error) {
+	if a == nil {
+		return nil, nil
+	}
+	return json.Marshal(a)
+}
diff --git a/internal/database/type_test.go b/internal/database/type_test.go
index e56cdced76..7fab568a4e 100644
--- a/internal/database/type_test.go
+++ b/internal/database/type_test.go
@@ -5,6 +5,7 @@ import (
 	"database/sql/driver"
 	"testing"
 
+	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -452,3 +453,89 @@ func TestDuration_Scan(t *testing.T) {
 		})
 	}
 }
+
+func TestJSONArray_Scan(t *testing.T) {
+	type args struct {
+		src any
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *JSONArray[string]
+		wantErr bool
+	}{
+		{
+			name:    "nil",
+			args:    args{src: nil},
+			want:    new(JSONArray[string]),
+			wantErr: false,
+		},
+		{
+			name:    "zero bytes",
+			args:    args{src: []byte("")},
+			want:    new(JSONArray[string]),
+			wantErr: false,
+		},
+		{
+			name:    "empty",
+			args:    args{src: []byte("[]")},
+			want:    gu.Ptr(JSONArray[string]{}),
+			wantErr: false,
+		},
+		{
+			name:    "ok",
+			args:    args{src: []byte("[\"a\", \"b\"]")},
+			want:    gu.Ptr(JSONArray[string]{"a", "b"}),
+			wantErr: false,
+		},
+		{
+			name:    "json error",
+			args:    args{src: []byte("{\"a\": \"b\"}")},
+			want:    new(JSONArray[string]),
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := new(JSONArray[string])
+			err := got.Scan(tt.args.src)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func TestJSONArray_Value(t *testing.T) {
+	tests := []struct {
+		name string
+		a    []string
+		want driver.Value
+	}{
+		{
+			name: "nil",
+			a:    nil,
+			want: nil,
+		},
+		{
+			name: "empty",
+			a:    []string{},
+			want: []byte("[]"),
+		},
+		{
+			name: "ok",
+			a:    []string{"a", "b"},
+			want: []byte("[\"a\",\"b\"]"),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := NewJSONArray(tt.a).Value()
+			require.NoError(t, err)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/internal/query/idp_user_link.go b/internal/query/idp_user_link.go
index 23305dfd6e..99bf3c403b 100644
--- a/internal/query/idp_user_link.go
+++ b/internal/query/idp_user_link.go
@@ -106,12 +106,26 @@ func idpLinksCheckPermission(ctx context.Context, links *IDPUserLinks, permissio
 	)
 }
 
+func idpLinksPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, queries *IDPUserLinksSearchQuery) sq.SelectBuilder {
+	if !enabled {
+		return query
+	}
+	return query.Where(PermissionClause(
+		ctx,
+		IDPUserLinkResourceOwnerCol,
+		domain.PermissionUserRead,
+		SingleOrgPermissionOption(queries.Queries),
+		OwnedRowsPermissionOption(IDPUserLinkUserIDCol),
+	))
+}
+
 func (q *Queries) IDPUserLinks(ctx context.Context, queries *IDPUserLinksSearchQuery, permissionCheck domain.PermissionCheck) (idps *IDPUserLinks, err error) {
-	links, err := q.idpUserLinks(ctx, queries, false)
+	permissionCheckV2 := PermissionV2(ctx, permissionCheck)
+	links, err := q.idpUserLinks(ctx, queries, permissionCheckV2)
 	if err != nil {
 		return nil, err
 	}
-	if permissionCheck != nil && len(links.Links) > 0 {
+	if permissionCheck != nil && len(links.Links) > 0 && !permissionCheckV2 {
 		// when userID for query is provided, only one check has to be done
 		if queries.hasUserID() {
 			if err := userCheckPermission(ctx, links.Links[0].ResourceOwner, links.Links[0].UserID, permissionCheck); err != nil {
@@ -124,14 +138,15 @@ func (q *Queries) IDPUserLinks(ctx context.Context, queries *IDPUserLinksSearchQ
 	return links, nil
 }
 
-func (q *Queries) idpUserLinks(ctx context.Context, queries *IDPUserLinksSearchQuery, withOwnerRemoved bool) (idps *IDPUserLinks, err error) {
+func (q *Queries) idpUserLinks(ctx context.Context, queries *IDPUserLinksSearchQuery, permissionCheckV2 bool) (idps *IDPUserLinks, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
 	query, scan := prepareIDPUserLinksQuery()
-	eq := sq.Eq{IDPUserLinkInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID()}
-	if !withOwnerRemoved {
-		eq[IDPUserLinkOwnerRemovedCol.identifier()] = false
+	query = idpLinksPermissionCheckV2(ctx, query, permissionCheckV2, queries)
+	eq := sq.Eq{
+		IDPUserLinkInstanceIDCol.identifier():   authz.GetInstance(ctx).InstanceID(),
+		IDPUserLinkOwnerRemovedCol.identifier(): false,
 	}
 	stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
 	if err != nil {
diff --git a/internal/query/org.go b/internal/query/org.go
index b1f5eaea02..643aec291a 100644
--- a/internal/query/org.go
+++ b/internal/query/org.go
@@ -93,6 +93,17 @@ func orgsCheckPermission(ctx context.Context, orgs *Orgs, permissionCheck domain
 	)
 }
 
+func orgsPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool) sq.SelectBuilder {
+	if !enabled {
+		return query
+	}
+	return query.Where(PermissionClause(
+		ctx,
+		OrgColumnID,
+		domain_pkg.PermissionOrgRead,
+	))
+}
+
 type OrgSearchQueries struct {
 	SearchRequest
 	Queries []SearchQuery
@@ -283,21 +294,23 @@ func (q *Queries) ExistsOrg(ctx context.Context, id, domain string) (verifiedID
 }
 
 func (q *Queries) SearchOrgs(ctx context.Context, queries *OrgSearchQueries, permissionCheck domain_pkg.PermissionCheck) (*Orgs, error) {
-	orgs, err := q.searchOrgs(ctx, queries)
+	permissionCheckV2 := PermissionV2(ctx, permissionCheck)
+	orgs, err := q.searchOrgs(ctx, queries, permissionCheckV2)
 	if err != nil {
 		return nil, err
 	}
-	if permissionCheck != nil {
+	if permissionCheck != nil && !permissionCheckV2 {
 		orgsCheckPermission(ctx, orgs, permissionCheck)
 	}
 	return orgs, nil
 }
 
-func (q *Queries) searchOrgs(ctx context.Context, queries *OrgSearchQueries) (orgs *Orgs, err error) {
+func (q *Queries) searchOrgs(ctx context.Context, queries *OrgSearchQueries, permissionCheckV2 bool) (orgs *Orgs, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
 	query, scan := prepareOrgsQuery()
+	query = orgsPermissionCheckV2(ctx, query, permissionCheckV2)
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.And{
 			sq.Eq{
diff --git a/internal/query/permission.go b/internal/query/permission.go
index c52b491144..3157430264 100644
--- a/internal/query/permission.go
+++ b/internal/query/permission.go
@@ -2,74 +2,109 @@ package query
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 
 	sq "github.com/Masterminds/squirrel"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
-	"github.com/zitadel/zitadel/internal/zerrors"
+	"github.com/zitadel/zitadel/internal/database"
+	domain_pkg "github.com/zitadel/zitadel/internal/domain"
 )
 
 const (
-	// eventstore.permitted_orgs(instanceid text, userid text, system_user_perms JSONB, perm text filter_orgs text)
-	wherePermittedOrgsClause              = "%s = ANY(eventstore.permitted_orgs(?, ?, ?, ?, ?))"
-	wherePermittedOrgsOrCurrentUserClause = "(" + wherePermittedOrgsClause + " OR %s = ?" + ")"
+	// eventstore.permitted_orgs(instanceid text, userid text, system_user_perms JSONB, perm text, filter_org text)
+	wherePermittedOrgsExpr = "%s = ANY(eventstore.permitted_orgs(?, ?, ?, ?, ?))"
 )
 
-// wherePermittedOrgs sets a `WHERE` clause to the query that filters the orgs
-// for which the authenticated user has the requested permission for.
-// The user ID is taken from the context.
-// The `orgIDColumn` specifies the table column to which this filter must be applied,
-// and is typically the `resource_owner` column in ZITADEL.
-// We use full identifiers in the query builder so this function should be
-// called with something like `UserResourceOwnerCol.identifier()` for example.
-// func wherePermittedOrgs(ctx context.Context, query sq.SelectBuilder, filterOrgIds, orgIDColumn, permission string) (sq.SelectBuilder, error) {
-// 	userID := authz.GetCtxData(ctx).UserID
-// 	logging.WithFields("permission_check_v2_flag", authz.GetFeatures(ctx).PermissionCheckV2, "org_id_column", orgIDColumn, "permission", permission, "user_id", userID).Debug("permitted orgs check used")
-
-// 	systemUserPermissions := authz.GetSystemUserPermissions(ctx)
-// 	var systemUserPermissionsJson []byte
-// 	if systemUserPermissions != nil {
-// 		var err error
-// 		systemUserPermissionsJson, err = json.Marshal(systemUserPermissions)
-// 		if err != nil {
-// 			return query, err
-// 		}
-// 	}
-
-// 	return query.Where(
-// 		fmt.Sprintf(wherePermittedOrgsClause, orgIDColumn),
-// 		authz.GetInstance(ctx).InstanceID(),
-// 		userID,
-// 		systemUserPermissionsJson,
-// 		permission,
-// 		filterOrgIds,
-// 	), nil
-// }
-
-func wherePermittedOrgsOrCurrentUser(ctx context.Context, query sq.SelectBuilder, filterOrgIds, orgIDColumn, userIdColum, permission string) (sq.SelectBuilder, error) {
-	userID := authz.GetCtxData(ctx).UserID
-	logging.WithFields("permission_check_v2_flag", authz.GetFeatures(ctx).PermissionCheckV2, "org_id_column", orgIDColumn, "user_id_colum", userIdColum, "permission", permission, "user_id", userID).Debug("permitted orgs check used")
-
-	systemUserPermissions := authz.GetSystemUserPermissions(ctx)
-	var systemUserPermissionsJson []byte
-	if systemUserPermissions != nil {
-		var err error
-		systemUserPermissionsJson, err = json.Marshal(systemUserPermissions)
-		if err != nil {
-			return query, zerrors.ThrowInternal(err, "AUTHZ-HS4us", "Errors.Internal")
-		}
-	}
-
-	return query.Where(
-		fmt.Sprintf(wherePermittedOrgsOrCurrentUserClause, orgIDColumn, userIdColum),
-		authz.GetInstance(ctx).InstanceID(),
-		userID,
-		systemUserPermissionsJson,
-		permission,
-		filterOrgIds,
-		userID,
-	), nil
+type permissionClauseBuilder struct {
+	orgIDColumn       Column
+	instanceID        string
+	userID            string
+	systemPermissions []authz.SystemUserPermissions
+	permission        string
+	orgID             string
+	connections       []sq.Eq
+}
+
+func (b *permissionClauseBuilder) appendConnection(column string, value any) {
+	b.connections = append(b.connections, sq.Eq{column: value})
+}
+
+func (b *permissionClauseBuilder) clauses() sq.Or {
+	clauses := make(sq.Or, 1, len(b.connections)+1)
+	clauses[0] = sq.Expr(
+		fmt.Sprintf(wherePermittedOrgsExpr, b.orgIDColumn.identifier()),
+		b.instanceID,
+		b.userID,
+		database.NewJSONArray(b.systemPermissions),
+		b.permission,
+		b.orgID,
+	)
+	for _, include := range b.connections {
+		clauses = append(clauses, include)
+	}
+	return clauses
+}
+
+type PermissionOption func(b *permissionClauseBuilder)
+
+// OwnedRowsPermissionOption allows rows to be returned of which the current user is the owner.
+// Even if the user does not have an explicit permission for the organization.
+// For example an authenticated user can always see his own user account.
+func OwnedRowsPermissionOption(userIDColumn Column) PermissionOption {
+	return func(b *permissionClauseBuilder) {
+		b.appendConnection(userIDColumn.identifier(), b.userID)
+	}
+}
+
+// ConnectionPermissionOption allows returning of rows where the value is matched.
+// Even if the user does not have an explicit permission for the organization.
+func ConnectionPermissionOption(column Column, value any) PermissionOption {
+	return func(b *permissionClauseBuilder) {
+		b.appendConnection(column.identifier(), value)
+	}
+}
+
+// SingleOrgPermissionOption may be used to optimize the permitted orgs function by limiting the
+// returned organizations, to the one used in the requested filters.
+func SingleOrgPermissionOption(queries []SearchQuery) PermissionOption {
+	return func(b *permissionClauseBuilder) {
+		b.orgID = findTextEqualsQuery(b.orgIDColumn, queries)
+	}
+}
+
+// PermissionClause sets a `WHERE` clause to query,
+// which filters returned rows the current authenticated user has the requested permission to.
+//
+// Experimental: Work in progress. Currently only organization permissions are supported
+func PermissionClause(ctx context.Context, orgIDCol Column, permission string, options ...PermissionOption) sq.Or {
+	ctxData := authz.GetCtxData(ctx)
+	b := &permissionClauseBuilder{
+		orgIDColumn:       orgIDCol,
+		instanceID:        authz.GetInstance(ctx).InstanceID(),
+		userID:            ctxData.UserID,
+		systemPermissions: ctxData.SystemUserPermissions,
+		permission:        permission,
+	}
+	for _, opt := range options {
+		opt(b)
+	}
+	logging.WithFields(
+		"org_id_column", b.orgIDColumn,
+		"instance_id", b.instanceID,
+		"user_id", b.userID,
+		"system_user_permissions", b.systemPermissions,
+		"permission", b.permission,
+		"org_id", b.orgID,
+		"overrides", b.connections,
+	).Debug("permitted orgs check used")
+
+	return b.clauses()
+}
+
+// PermissionV2 checks are enabled when the feature flag is set and the permission check function is not nil.
+// When the permission check function is nil, it indicates a v1 API and no resource based permission check is needed.
+func PermissionV2(ctx context.Context, cf domain_pkg.PermissionCheck) bool {
+	return authz.GetFeatures(ctx).PermissionCheckV2 && cf != nil
 }
diff --git a/internal/query/permission_test.go b/internal/query/permission_test.go
new file mode 100644
index 0000000000..f6ecd94b46
--- /dev/null
+++ b/internal/query/permission_test.go
@@ -0,0 +1,208 @@
+package query
+
+import (
+	"context"
+	"testing"
+
+	sq "github.com/Masterminds/squirrel"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/database"
+	domain_pkg "github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/feature"
+)
+
+func TestPermissionClause(t *testing.T) {
+	var permissions = []authz.SystemUserPermissions{
+		{
+			MemberType:  authz.MemberTypeOrganization,
+			AggregateID: "orgID",
+			Permissions: []string{"permission1", "permission2"},
+		},
+		{
+			MemberType:  authz.MemberTypeIAM,
+			Permissions: []string{"permission2", "permission3"},
+		},
+	}
+	ctx := authz.WithInstanceID(context.Background(), "instanceID")
+	ctx = authz.SetCtxData(ctx, authz.CtxData{
+		UserID:                "userID",
+		SystemUserPermissions: permissions,
+	})
+
+	type args struct {
+		ctx        context.Context
+		orgIDCol   Column
+		permission string
+		options    []PermissionOption
+	}
+	tests := []struct {
+		name       string
+		args       args
+		wantClause sq.Or
+	}{
+		{
+			name: "no options",
+			args: args{
+				ctx:        ctx,
+				orgIDCol:   UserResourceOwnerCol,
+				permission: "permission1",
+			},
+			wantClause: sq.Or{
+				sq.Expr(
+					"projections.users14.resource_owner = ANY(eventstore.permitted_orgs(?, ?, ?, ?, ?))",
+					"instanceID",
+					"userID",
+					database.NewJSONArray(permissions),
+					"permission1",
+					"",
+				),
+			},
+		},
+		{
+			name: "owned rows option",
+			args: args{
+				ctx:        ctx,
+				orgIDCol:   UserResourceOwnerCol,
+				permission: "permission1",
+				options: []PermissionOption{
+					OwnedRowsPermissionOption(UserIDCol),
+				},
+			},
+			wantClause: sq.Or{
+				sq.Expr(
+					"projections.users14.resource_owner = ANY(eventstore.permitted_orgs(?, ?, ?, ?, ?))",
+					"instanceID",
+					"userID",
+					database.NewJSONArray(permissions),
+					"permission1",
+					"",
+				),
+				sq.Eq{"projections.users14.id": "userID"},
+			},
+		},
+		{
+			name: "connection rows option",
+			args: args{
+				ctx:        ctx,
+				orgIDCol:   UserResourceOwnerCol,
+				permission: "permission1",
+				options: []PermissionOption{
+					OwnedRowsPermissionOption(UserIDCol),
+					ConnectionPermissionOption(UserStateCol, "bar"),
+				},
+			},
+			wantClause: sq.Or{
+				sq.Expr(
+					"projections.users14.resource_owner = ANY(eventstore.permitted_orgs(?, ?, ?, ?, ?))",
+					"instanceID",
+					"userID",
+					database.NewJSONArray(permissions),
+					"permission1",
+					"",
+				),
+				sq.Eq{"projections.users14.id": "userID"},
+				sq.Eq{"projections.users14.state": "bar"},
+			},
+		},
+		{
+			name: "single org option",
+			args: args{
+				ctx:        ctx,
+				orgIDCol:   UserResourceOwnerCol,
+				permission: "permission1",
+				options: []PermissionOption{
+					SingleOrgPermissionOption([]SearchQuery{
+						mustSearchQuery(NewUserDisplayNameSearchQuery("zitadel", TextContains)),
+						mustSearchQuery(NewUserResourceOwnerSearchQuery("orgID", TextEquals)),
+					}),
+				},
+			},
+			wantClause: sq.Or{
+				sq.Expr(
+					"projections.users14.resource_owner = ANY(eventstore.permitted_orgs(?, ?, ?, ?, ?))",
+					"instanceID",
+					"userID",
+					database.NewJSONArray(permissions),
+					"permission1",
+					"orgID",
+				),
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotClause := PermissionClause(tt.args.ctx, tt.args.orgIDCol, tt.args.permission, tt.args.options...)
+			assert.Equal(t, tt.wantClause, gotClause)
+		})
+	}
+}
+
+func mustSearchQuery(q SearchQuery, err error) SearchQuery {
+	if err != nil {
+		panic(err)
+	}
+	return q
+}
+
+func TestPermissionV2(t *testing.T) {
+	type args struct {
+		ctx context.Context
+		cf  domain_pkg.PermissionCheck
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "feature disabled, no permission check",
+			args: args{
+				ctx: context.Background(),
+				cf:  nil,
+			},
+			want: false,
+		},
+		{
+			name: "feature enabled, no permission check",
+			args: args{
+				ctx: authz.WithFeatures(context.Background(), feature.Features{
+					PermissionCheckV2: true,
+				}),
+				cf: nil,
+			},
+			want: false,
+		},
+		{
+			name: "feature enabled, with permission check",
+			args: args{
+				ctx: authz.WithFeatures(context.Background(), feature.Features{
+					PermissionCheckV2: true,
+				}),
+				cf: func(context.Context, string, string, string) error {
+					return nil
+				},
+			},
+			want: true,
+		},
+		{
+			name: "feature disabled, with permission check",
+			args: args{
+				ctx: authz.WithFeatures(context.Background(), feature.Features{
+					PermissionCheckV2: false,
+				}),
+				cf: func(context.Context, string, string, string) error {
+					return nil
+				},
+			},
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := PermissionV2(tt.args.ctx, tt.args.cf)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/internal/query/query.go b/internal/query/query.go
index c0c051f7b7..bd50d3c0be 100644
--- a/internal/query/query.go
+++ b/internal/query/query.go
@@ -148,3 +148,16 @@ func triggerBatch(ctx context.Context, handlers ...*handler.Handler) {
 
 	wg.Wait()
 }
+
+func findTextEqualsQuery(column Column, queries []SearchQuery) string {
+	for _, query := range queries {
+		if query.Col() != column {
+			continue
+		}
+		tq, ok := query.(*textQuery)
+		if ok && tq.Compare == TextEquals {
+			return tq.Text
+		}
+	}
+	return ""
+}
diff --git a/internal/query/session.go b/internal/query/session.go
index 111eb462a0..004f29fe81 100644
--- a/internal/query/session.go
+++ b/internal/query/session.go
@@ -113,6 +113,22 @@ func sessionCheckPermission(ctx context.Context, resourceOwner string, creator s
 	return permissionCheck(ctx, domain.PermissionSessionRead, resourceOwner, "")
 }
 
+func sessionsPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool) sq.SelectBuilder {
+	if !enabled {
+		return query
+	}
+	return query.Where(PermissionClause(
+		ctx,
+		SessionColumnResourceOwner,
+		domain.PermissionSessionRead,
+		// Allow if user is creator
+		OwnedRowsPermissionOption(SessionColumnCreator),
+		// Allow if session belongs to the user
+		OwnedRowsPermissionOption(SessionColumnUserID),
+		ConnectionPermissionOption(SessionColumnUserAgentFingerprintID, authz.GetCtxData(ctx).AgentID),
+	))
+}
+
 func (q *SessionsSearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
 	query = q.SearchRequest.toQuery(query)
 	for _, q := range q.Queries {
@@ -282,21 +298,23 @@ func (q *Queries) sessionByID(ctx context.Context, shouldTriggerBulk bool, id st
 }
 
 func (q *Queries) SearchSessions(ctx context.Context, queries *SessionsSearchQueries, permissionCheck domain.PermissionCheck) (*Sessions, error) {
-	sessions, err := q.searchSessions(ctx, queries)
+	permissionCheckV2 := PermissionV2(ctx, permissionCheck)
+	sessions, err := q.searchSessions(ctx, queries, permissionCheckV2)
 	if err != nil {
 		return nil, err
 	}
-	if permissionCheck != nil {
+	if permissionCheck != nil && !permissionCheckV2 {
 		sessionsCheckPermission(ctx, sessions, permissionCheck)
 	}
 	return sessions, nil
 }
 
-func (q *Queries) searchSessions(ctx context.Context, queries *SessionsSearchQueries) (sessions *Sessions, err error) {
+func (q *Queries) searchSessions(ctx context.Context, queries *SessionsSearchQueries, permissionCheckV2 bool) (sessions *Sessions, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
 	query, scan := prepareSessionsQuery()
+	query = sessionsPermissionCheckV2(ctx, query, permissionCheckV2)
 	stmt, args, err := queries.toQuery(query).
 		Where(sq.Eq{
 			SessionColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
diff --git a/internal/query/user.go b/internal/query/user.go
index c30eaaec74..47694736c4 100644
--- a/internal/query/user.go
+++ b/internal/query/user.go
@@ -132,6 +132,19 @@ func usersCheckPermission(ctx context.Context, users *Users, permissionCheck dom
 	)
 }
 
+func userPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, queries *UserSearchQueries) sq.SelectBuilder {
+	if !enabled {
+		return query
+	}
+	return query.Where(PermissionClause(
+		ctx,
+		UserResourceOwnerCol,
+		domain.PermissionUserRead,
+		SingleOrgPermissionOption(queries.Queries),
+		OwnedRowsPermissionOption(UserIDCol),
+	))
+}
+
 type UserSearchQueries struct {
 	SearchRequest
 	Queries []SearchQuery
@@ -606,8 +619,9 @@ func (q *Queries) CountUsers(ctx context.Context, queries *UserSearchQueries) (c
 	return count, err
 }
 
-func (q *Queries) SearchUsers(ctx context.Context, queries *UserSearchQueries, filterOrgIds string, permissionCheck domain.PermissionCheck) (*Users, error) {
-	users, err := q.searchUsers(ctx, queries, filterOrgIds, permissionCheck != nil && authz.GetFeatures(ctx).PermissionCheckV2)
+func (q *Queries) SearchUsers(ctx context.Context, queries *UserSearchQueries, permissionCheck domain.PermissionCheck) (*Users, error) {
+	permissionCheckV2 := PermissionV2(ctx, permissionCheck)
+	users, err := q.searchUsers(ctx, queries, permissionCheckV2)
 	if err != nil {
 		return nil, err
 	}
@@ -617,22 +631,15 @@ func (q *Queries) SearchUsers(ctx context.Context, queries *UserSearchQueries, f
 	return users, nil
 }
 
-func (q *Queries) searchUsers(ctx context.Context, queries *UserSearchQueries, filterOrgIds string, permissionCheckV2 bool) (users *Users, err error) {
+func (q *Queries) searchUsers(ctx context.Context, queries *UserSearchQueries, permissionCheckV2 bool) (users *Users, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
 	query, scan := prepareUsersQuery()
-	query = queries.toQuery(query).Where(sq.Eq{
+	query = userPermissionCheckV2(ctx, query, permissionCheckV2, queries)
+	stmt, args, err := queries.toQuery(query).Where(sq.Eq{
 		UserInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
-	})
-	if permissionCheckV2 {
-		query, err = wherePermittedOrgsOrCurrentUser(ctx, query, filterOrgIds, UserResourceOwnerCol.identifier(), UserIDCol.identifier(), domain.PermissionUserRead)
-		if err != nil {
-			return nil, zerrors.ThrowInternal(err, "AUTHZ-HS4us", "Errors.Internal")
-		}
-	}
-
-	stmt, args, err := query.ToSql()
+	}).ToSql()
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "QUERY-Dgbg2", "Errors.Query.SQLStatment")
 	}
diff --git a/internal/query/user_auth_method.go b/internal/query/user_auth_method.go
index 8b26389f1a..acf61bf0e6 100644
--- a/internal/query/user_auth_method.go
+++ b/internal/query/user_auth_method.go
@@ -104,6 +104,18 @@ func authMethodsCheckPermission(ctx context.Context, methods *AuthMethods, permi
 	)
 }
 
+func userAuthMethodPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool) sq.SelectBuilder {
+	if !enabled {
+		return query
+	}
+	return query.Where(PermissionClause(
+		ctx,
+		UserAuthMethodColumnResourceOwner,
+		domain.PermissionUserRead,
+		OwnedRowsPermissionOption(UserIDCol),
+	))
+}
+
 type AuthMethod struct {
 	UserID        string
 	CreationDate  time.Time
@@ -137,11 +149,12 @@ func (q *UserAuthMethodSearchQueries) hasUserID() bool {
 }
 
 func (q *Queries) SearchUserAuthMethods(ctx context.Context, queries *UserAuthMethodSearchQueries, permissionCheck domain.PermissionCheck) (userAuthMethods *AuthMethods, err error) {
-	methods, err := q.searchUserAuthMethods(ctx, queries)
+	permissionCheckV2 := PermissionV2(ctx, permissionCheck)
+	methods, err := q.searchUserAuthMethods(ctx, queries, permissionCheckV2)
 	if err != nil {
 		return nil, err
 	}
-	if permissionCheck != nil && len(methods.AuthMethods) > 0 {
+	if permissionCheck != nil && len(methods.AuthMethods) > 0 && !permissionCheckV2 {
 		// when userID for query is provided, only one check has to be done
 		if queries.hasUserID() {
 			if err := userCheckPermission(ctx, methods.AuthMethods[0].ResourceOwner, methods.AuthMethods[0].UserID, permissionCheck); err != nil {
@@ -154,11 +167,12 @@ func (q *Queries) SearchUserAuthMethods(ctx context.Context, queries *UserAuthMe
 	return methods, nil
 }
 
-func (q *Queries) searchUserAuthMethods(ctx context.Context, queries *UserAuthMethodSearchQueries) (userAuthMethods *AuthMethods, err error) {
+func (q *Queries) searchUserAuthMethods(ctx context.Context, queries *UserAuthMethodSearchQueries, permissionCheckV2 bool) (userAuthMethods *AuthMethods, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
 	query, scan := prepareUserAuthMethodsQuery()
+	query = userAuthMethodPermissionCheckV2(ctx, query, permissionCheckV2)
 	stmt, args, err := queries.toQuery(query).Where(sq.Eq{UserAuthMethodColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()}).ToSql()
 	if err != nil {
 		return nil, zerrors.ThrowInvalidArgument(err, "QUERY-j9NJd", "Errors.Query.InvalidRequest")

From 618143931b22e3a7d1dc4a563124a92914ee2670 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Tue, 22 Apr 2025 08:22:54 +0200
Subject: [PATCH 007/123] chore(ci): fix container build (#9765)

<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->

# Which Problems Are Solved

While creating a new release, the [pipeline
failed](https://github.com/zitadel/zitadel/actions/runs/14509737111/job/40705906723)
as GH sunset the old actions cache service:

https://github.blog/changelog/2025-03-20-notification-of-upcoming-breaking-changes-in-github-actions/#decommissioned-cache-service-brownouts

# How the Problems Are Solved

The `driver-opts` parameter is removed from the buildx actions to use
the latest stable image. ([new cache service is used by BuildKit >=
v0.20.0](https://docs.docker.com/build/ci/github-actions/cache/#cache-backend-api))

# Additional Changes

Updated docker/build-push-action to v6 in a first attempt to solve the
issue, but kept it as it gave some more insights (incl. build summary)

# Additional Context

Since the containers are only built on workflow triggers, here's the
corresponding pipeline run:
https://github.com/zitadel/zitadel/actions/runs/14513926232
---
 .github/workflows/container.yml | 8 ++------
 .github/workflows/e2e.yml       | 2 --
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 5e22a67413..33ffd4f6af 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -53,8 +53,6 @@ jobs:
       - 
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-        with:
-          driver-opts: 'image=moby/buildkit:v0.11.6'
       -
         name: Login to Docker registry
         uses: docker/login-action@v3
@@ -75,7 +73,7 @@ jobs:
       - 
         name: Debug
         id: build-debug
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         timeout-minutes: 3
         with:
           context: .
@@ -90,7 +88,7 @@ jobs:
       - 
         name: Scratch
         id: build-scratch
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         timeout-minutes: 3
         with:
           context: .
@@ -147,8 +145,6 @@ jobs:
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-        with:
-          driver-opts: 'image=moby/buildkit:v0.11.6'
       -
         name: Login to Docker registry
         uses: docker/login-action@v3
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 88424d2bf8..e717163507 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -31,8 +31,6 @@ jobs:
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-        with:
-          driver-opts: 'image=moby/buildkit:v0.11.6'
       -
         name: Start DB and ZITADEL
         run: |

From 658ca3606bd654040488361cf9aaa935eb809c11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Tue, 22 Apr 2025 11:42:59 +0300
Subject: [PATCH 008/123] feat(permissions): project member permission filter
 (#9757)

# Which Problems Are Solved

Add the possibility to filter project resources based on project member
roles.

# How the Problems Are Solved

Extend and refactor existing Pl/PgSQL functions to implement the
following:

- Solve O(n) complexity in returned resources IDs by returning a boolean
filter for instance level permissions.
- Individually permitted orgs are returned only if there was no instance
permission
- Individually permitted projects are returned only if there was no
instance permission
- Because of the multiple filter terms, use `INNER JOIN`s instead of
`WHERE` clauses.

# Additional Changes

- system permission function no longer query the organization view and
therefore can be `immutable`, giving big performance benefits for
frequently reused system users. (like our hosted login in Zitadel cloud)
- The permitted org and project functions are now defined as `stable`
because the don't modify on-disk data. This might give a small
performance gain
- The Pl/PgSQL functions are now tested using Go unit tests.

# Additional Context

- Depends on https://github.com/zitadel/zitadel/pull/9677
- Part of https://github.com/zitadel/zitadel/issues/9188
- Closes https://github.com/zitadel/zitadel/issues/9190
---
 cmd/defaults.yaml                             |  10 +
 cmd/setup/53.go                               |   2 +-
 cmd/setup/53/01-get-permissions-from-JSON.sql | 107 ++-
 cmd/setup/53/02-permitted_orgs_function.sql   | 169 +---
 cmd/setup/53/03-permitted_projects_func.sql   |  58 ++
 cmd/setup/integration_test/permission_test.go | 871 ++++++++++++++++++
 cmd/setup/integration_test/setup_test.go      |  41 +
 internal/api/authz/context.go                 |   2 +-
 internal/api/authz/membertype_enumer.go       |  33 +-
 internal/query/idp_user_link.go               |   5 +-
 internal/query/org.go                         |   5 +-
 internal/query/permission.go                  |  92 +-
 internal/query/permission_example_test.go     |  78 ++
 internal/query/permission_test.go             | 133 ++-
 internal/query/query.go                       |   6 +-
 internal/query/session.go                     |   6 +-
 internal/query/user.go                        |   5 +-
 internal/query/user_auth_method.go            |   5 +-
 18 files changed, 1403 insertions(+), 225 deletions(-)
 create mode 100644 cmd/setup/53/03-permitted_projects_func.sql
 create mode 100644 cmd/setup/integration_test/permission_test.go
 create mode 100644 cmd/setup/integration_test/setup_test.go
 create mode 100644 internal/query/permission_example_test.go

diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index 30e037c80f..8482ccec9f 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -607,6 +607,16 @@ EncryptionKeys:
   UserAgentCookieKeyID: "userAgentCookieKey" # ZITADEL_ENCRYPTIONKEYS_USERAGENTCOOKIEKEYID
 
 SystemAPIUsers:
+  - superuser:
+    Path: /path/to/superuser/key.pem
+    Memberships:
+      - MemberType: Organization
+        Roles: "ORG_OWNER"
+        AggregateID: "123456789012345678"
+      - MemberType: Project
+        Roles: "PROJECT_OWNER"
+
+
 # # Add keys for authentication of the systemAPI here:
 # # you can specify any name for the user, but they will have to match the `issuer` and `sub` claim in the JWT:
 # - superuser:
diff --git a/cmd/setup/53.go b/cmd/setup/53.go
index 83a7b1c0e2..952fc37916 100644
--- a/cmd/setup/53.go
+++ b/cmd/setup/53.go
@@ -33,5 +33,5 @@ func (mig *InitPermittedOrgsFunction53) Execute(ctx context.Context, _ eventstor
 }
 
 func (*InitPermittedOrgsFunction53) String() string {
-	return "53_init_permitted_orgs_function"
+	return "53_init_permitted_orgs_function_v2"
 }
diff --git a/cmd/setup/53/01-get-permissions-from-JSON.sql b/cmd/setup/53/01-get-permissions-from-JSON.sql
index b6415fa180..531184dbe4 100644
--- a/cmd/setup/53/01-get-permissions-from-JSON.sql
+++ b/cmd/setup/53/01-get-permissions-from-JSON.sql
@@ -1,23 +1,28 @@
+DROP FUNCTION IF EXISTS eventstore.check_system_user_perms;
 DROP FUNCTION IF EXISTS eventstore.get_system_permissions;
+DROP TYPE IF EXISTS eventstore.project_grant;
 
+
+/*
+	Function get_system_permissions unpacks an JSON array of system member permissions,
+	into a table format. Each array entry maps to one row representing a membership which
+	contained the req_permission.
+
+	[
+		{
+		"member_type": "IAM",
+		"aggregate_id": "310716990375453665",
+		"object_id": "",
+		"permissions": ["iam.read", "iam.write", "iam.policy.read"]
+		},
+		...
+	]
+
+	| member_type | aggregate_id         | object_id |
+	| "IAM"       | "310716990375453665" | null      |
+*/
 CREATE OR REPLACE FUNCTION eventstore.get_system_permissions(
     permissions_json JSONB
-    /*
-    [
-      {
-        "member_type": "System",
-        "aggregate_id": "",
-        "object_id": "",
-        "permissions": ["iam.read", "iam.write", "iam.polic.read"]
-      },
-      {
-        "member_type": "IAM",
-        "aggregate_id": "310716990375453665",
-        "object_id": "",
-        "permissions": ["iam.read", "iam.write", "iam.polic.read"]
-      }
-    ]
-    */
     , permm TEXT
 )
 RETURNS TABLE (
@@ -25,7 +30,7 @@ RETURNS TABLE (
     aggregate_id TEXT,
     object_id TEXT
 )
-  LANGUAGE 'plpgsql'
+  LANGUAGE 'plpgsql' IMMUTABLE
 AS $$
 BEGIN
     RETURN QUERY
@@ -37,7 +42,73 @@ BEGIN
         permission
         FROM jsonb_array_elements(permissions_json) AS perm
         CROSS JOIN jsonb_array_elements_text(perm->'permissions') AS permission) AS res
-        WHERE res. permission= permm;
+        WHERE res.permission = permm;
 END;
 $$;
 
+/*
+	Type project_grant is composite identifier using its project and grant IDs.
+*/
+CREATE TYPE eventstore.project_grant AS (
+    project_id TEXT -- mapped from a permission's aggregate_id
+    , grant_id TEXT -- mapped from a permission's object_id
+);
+
+/*
+	Function check_system_user_perms uses system member permissions to establish
+	on which organization, project or project grant the user has the requested permission.
+	The permission can also apply to the complete instance when a IAM membership matches
+	the requested instance ID, or through system membership.
+
+	See eventstore.get_system_permissions() on the supported JSON format.
+*/
+CREATE OR REPLACE FUNCTION eventstore.check_system_user_perms(
+     system_user_perms JSONB
+    , req_instance_id TEXT
+    , perm TEXT
+
+    , instance_permitted OUT BOOLEAN
+    , org_ids OUT TEXT[]
+    , project_ids OUT TEXT[]
+    , project_grants OUT eventstore.project_grant[]
+)
+	LANGUAGE 'plpgsql' IMMUTABLE
+AS $$
+BEGIN
+	-- make sure no nulls are returned
+	instance_permitted := FALSE;
+	org_ids := ARRAY[]::TEXT[];
+	project_ids := ARRAY[]::TEXT[];
+	project_grants := ARRAY[]::eventstore.project_grant[];
+	DECLARE
+	    p RECORD;
+	BEGIN
+        FOR p IN SELECT member_type, aggregate_id, object_id
+	        FROM eventstore.get_system_permissions(system_user_perms, perm)
+	    LOOP
+	       CASE p.member_type
+	            WHEN 'System' THEN
+	                instance_permitted := TRUE;
+	                RETURN;
+	            WHEN 'IAM' THEN
+	                IF p.aggregate_id = req_instance_id THEN
+	                    instance_permitted := TRUE;
+	                    RETURN;
+	                END IF;
+	            WHEN 'Organization' THEN
+	                IF p.aggregate_id != '' THEN
+	                    org_ids := array_append(org_ids, p.aggregate_id);
+	                END IF;
+	            WHEN 'Project' THEN
+	                IF p.aggregate_id != '' THEN
+	                    project_ids := array_append(project_ids, p.aggregate_id);
+	                END IF;
+	            WHEN 'ProjectGrant' THEN
+	                IF p.aggregate_id != '' THEN
+	                    project_grants := array_append(project_grants, ROW(p.aggregate_id, p.object_id)::eventstore.project_grant);
+	                END IF;
+	        END CASE;
+	    END LOOP;
+	END;
+END;
+$$;
diff --git a/cmd/setup/53/02-permitted_orgs_function.sql b/cmd/setup/53/02-permitted_orgs_function.sql
index b6f61c6225..fbc7eaee59 100644
--- a/cmd/setup/53/02-permitted_orgs_function.sql
+++ b/cmd/setup/53/02-permitted_orgs_function.sql
@@ -1,144 +1,71 @@
-DROP FUNCTION IF EXISTS eventstore.check_system_user_perms;
+DROP FUNCTION IF EXISTS eventstore.permitted_orgs;
+DROP FUNCTION IF EXISTS eventstore.find_roles;
 
-CREATE OR REPLACE FUNCTION eventstore.check_system_user_perms(
-     system_user_perms JSONB
+-- find_roles finds all roles containing the permission
+CREATE OR REPLACE FUNCTION eventstore.find_roles(
+    req_instance_id TEXT
     , perm TEXT
-    , filter_orgs TEXT
 
-    , org_ids OUT TEXT[]
+    , roles OUT TEXT[]
 )
-	LANGUAGE 'plpgsql'
+LANGUAGE 'plpgsql' STABLE
 AS $$
 BEGIN
-
-    WITH found_permissions(member_type, aggregate_id, object_id ) AS (
-      SELECT * FROM eventstore.get_system_permissions(
-          system_user_perms,
-          perm)
-    )
-
-    SELECT array_agg(DISTINCT o.org_id) INTO org_ids
-      FROM eventstore.instance_orgs o, found_permissions
-      WHERE
-        CASE WHEN (SELECT TRUE WHERE found_permissions.member_type = 'System' LIMIT 1) THEN
-          TRUE
-        WHEN (SELECT TRUE WHERE found_permissions.member_type = 'IAM' LIMIT 1) THEN
-          -- aggregate_id not present
-          CASE WHEN (SELECT TRUE WHERE '' = ANY (
-                              (
-                                SELECT array_agg(found_permissions.aggregate_id)
-                                  FROM found_permissions
-                                  WHERE member_type = 'IAM'
-                                  GROUP BY member_type
-                                  LIMIT 1
-                              )::TEXT[])) THEN
-            TRUE
-          -- aggregate_id is present
-          ELSE 
-            o.instance_id = ANY (
-                            (
-                              SELECT array_agg(found_permissions.aggregate_id)
-                                FROM found_permissions
-                                WHERE member_type = 'IAM'
-                                GROUP BY member_type
-                                LIMIT 1
-                            )::TEXT[])
-          END
-        WHEN (SELECT TRUE WHERE found_permissions.member_type = 'Organization' LIMIT 1) THEN
-          -- aggregate_id not present
-          CASE WHEN (SELECT TRUE WHERE '' = ANY (
-                              (
-                                SELECT array_agg(found_permissions.aggregate_id)
-                                  FROM found_permissions
-                                  WHERE member_type = 'Organization'
-                                  GROUP BY member_type
-                                  LIMIT 1
-                              )::TEXT[])) THEN
-            TRUE
-          -- aggregate_id is present
-          ELSE 
-            o.org_id = ANY (
-                        (
-                          SELECT array_agg(found_permissions.aggregate_id)
-                            FROM found_permissions
-                            WHERE member_type = 'Organization'
-                            GROUP BY member_type
-                            LIMIT 1
-                        )::TEXT[])
-          END
-        END
-        AND
-        CASE WHEN filter_orgs != ''
-        THEN o.org_id IN (filter_orgs) 
-        ELSE TRUE END
-      LIMIT 1;
+    SELECT array_agg(rp.role) INTO roles
+    FROM eventstore.role_permissions rp
+    WHERE rp.instance_id = req_instance_id
+    AND rp.permission = perm;
 END;
 $$;
 
-
-DROP FUNCTION IF EXISTS eventstore.permitted_orgs;
-
 CREATE OR REPLACE FUNCTION eventstore.permitted_orgs(
-    instanceId TEXT
-    , userId TEXT
+    req_instance_id TEXT
+    , auth_user_id TEXT
     , system_user_perms JSONB
     , perm TEXT
-    , filter_orgs TEXT
+    , filter_org TEXT
 
+    , instance_permitted OUT BOOLEAN
     , org_ids OUT TEXT[]
 )
-	LANGUAGE 'plpgsql'
+	LANGUAGE 'plpgsql' STABLE
 AS $$
 BEGIN
-
-  -- if system user
-  IF system_user_perms IS NOT NULL THEN
-    org_ids := eventstore.check_system_user_perms(system_user_perms, perm, filter_orgs);
-  -- if human/machine user
-  ELSE
+    -- if system user
+    IF system_user_perms IS NOT NULL THEN
+        SELECT p.instance_permitted, p.org_ids INTO instance_permitted, org_ids
+        FROM eventstore.check_system_user_perms(system_user_perms, req_instance_id, perm) p;
+        RETURN;
+    END IF;
+  
+    -- if human/machine user
     DECLARE
-      matched_roles TEXT[]; -- roles containing permission
-    BEGIN
-
-      SELECT array_agg(rp.role) INTO matched_roles
-      FROM eventstore.role_permissions rp
-      WHERE rp.instance_id = instanceId
-      AND rp.permission = perm;
-
-      -- First try if the permission was granted thru an instance-level role
-      DECLARE
-        has_instance_permission bool;
-      BEGIN
-        SELECT true INTO has_instance_permission
-          FROM eventstore.instance_members im
-          WHERE im.role = ANY(matched_roles)
-          AND im.instance_id = instanceId
-          AND im.user_id = userId
-          LIMIT 1;
+    	matched_roles TEXT[] := eventstore.find_roles(req_instance_id, perm);
+	BEGIN
+        -- First try if the permission was granted thru an instance-level role
+        SELECT true INTO instance_permitted
+            FROM eventstore.instance_members im
+            WHERE im.role = ANY(matched_roles)
+            AND im.instance_id = req_instance_id
+            AND im.user_id = auth_user_id
+            LIMIT 1;
         
-        IF has_instance_permission THEN
-          -- Return all organizations or only those in filter_orgs
-          SELECT array_agg(o.org_id) INTO org_ids
-            FROM eventstore.instance_orgs o
-            WHERE o.instance_id = instanceId
-            AND CASE WHEN filter_orgs != ''
-              THEN o.org_id IN (filter_orgs) 
-              ELSE TRUE END;
-          RETURN;
+        org_ids := ARRAY[]::TEXT[];
+        IF instance_permitted THEN
+            RETURN;
         END IF;
-      END;
-      
-      -- Return the organizations where permission were granted thru org-level roles
-      SELECT array_agg(sub.org_id) INTO org_ids
-      FROM (
-        SELECT DISTINCT om.org_id
-        FROM eventstore.org_members om
-        WHERE om.role = ANY(matched_roles)
-        AND om.instance_id = instanceID
-        AND om.user_id = userId
-      ) AS sub;
+        instance_permitted := FALSE;
+
+        -- Return the organizations where permission were granted thru org-level roles
+        SELECT array_agg(sub.org_id) INTO org_ids
+        FROM (
+            SELECT DISTINCT om.org_id
+            FROM eventstore.org_members om
+            WHERE om.role = ANY(matched_roles)
+            AND om.instance_id = req_instance_id
+            AND om.user_id = auth_user_id
+            AND (filter_org IS NULL OR om.org_id = filter_org)
+        ) AS sub;
     END;
-  END IF;
 END;
 $$;
-
diff --git a/cmd/setup/53/03-permitted_projects_func.sql b/cmd/setup/53/03-permitted_projects_func.sql
new file mode 100644
index 0000000000..8c17481ce8
--- /dev/null
+++ b/cmd/setup/53/03-permitted_projects_func.sql
@@ -0,0 +1,58 @@
+-- recreate the view to include the resource_owner
+CREATE OR REPLACE VIEW eventstore.project_members AS
+SELECT instance_id, aggregate_id as project_id, object_id as user_id, text_value as role, resource_owner as org_id
+FROM eventstore.fields
+WHERE aggregate_type = 'project'
+AND object_type = 'project_member_role'
+AND field_name = 'project_role';
+
+DROP FUNCTION IF EXISTS eventstore.permitted_projects;
+
+CREATE OR REPLACE FUNCTION eventstore.permitted_projects(
+    req_instance_id TEXT
+    , auth_user_id TEXT
+    , system_user_perms JSONB
+    , perm TEXT
+    , filter_org TEXT
+
+    , instance_permitted OUT BOOLEAN
+    , org_ids OUT TEXT[]
+    , project_ids OUT TEXT[]
+)
+	LANGUAGE 'plpgsql' STABLE
+AS $$
+BEGIN
+    -- if system user
+    IF system_user_perms IS NOT NULL THEN
+        SELECT p.instance_permitted, p.org_ids INTO instance_permitted, org_ids, project_ids
+        FROM eventstore.check_system_user_perms(system_user_perms, req_instance_id, perm) p;
+        RETURN;
+    END IF;
+
+    -- if human/machine user
+    SELECT * FROM eventstore.permitted_orgs(
+        req_instance_id
+        , auth_user_id
+        , system_user_perms
+        , perm
+        , filter_org
+    ) INTO instance_permitted, org_ids;
+    IF instance_permitted THEN
+        RETURN;
+    END IF;
+	DECLARE
+    	matched_roles TEXT[] := eventstore.find_roles(req_instance_id, perm);
+	BEGIN
+	    -- Get the projects where permission were granted thru project-level roles
+	    SELECT array_agg(sub.project_id) INTO project_ids
+	    FROM (
+	        SELECT DISTINCT pm.project_id
+	        FROM eventstore.project_members pm
+	        WHERE pm.role = ANY(matched_roles)
+	        AND pm.instance_id = req_instance_id
+	        AND pm.user_id = auth_user_id
+	        AND (filter_org IS NULL OR pm.org_id = filter_org)
+	    ) AS sub;
+	END;
+END;
+$$;
diff --git a/cmd/setup/integration_test/permission_test.go b/cmd/setup/integration_test/permission_test.go
new file mode 100644
index 0000000000..2b0c56865f
--- /dev/null
+++ b/cmd/setup/integration_test/permission_test.go
@@ -0,0 +1,871 @@
+//go:build integration
+
+package setup_test
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/jackc/pgx/v5"
+	"github.com/jackc/pgx/v5/pgtype"
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/instance"
+	"github.com/zitadel/zitadel/internal/repository/org"
+	"github.com/zitadel/zitadel/internal/repository/permission"
+	"github.com/zitadel/zitadel/internal/repository/project"
+)
+
+func TestGetSystemPermissions(t *testing.T) {
+	const query = "SELECT * FROM eventstore.get_system_permissions($1, $2);"
+	t.Parallel()
+	permissions := []authz.SystemUserPermissions{
+		{
+			MemberType:  authz.MemberTypeSystem,
+			Permissions: []string{"iam.read", "iam.write", "iam.policy.read"},
+		},
+		{
+			MemberType:  authz.MemberTypeIAM,
+			AggregateID: "instanceID",
+			Permissions: []string{"iam.read", "iam.write", "iam.policy.read", "org.read", "project.read", "project.write"},
+		},
+		{
+			MemberType:  authz.MemberTypeOrganization,
+			AggregateID: "orgID",
+			Permissions: []string{"org.read", "org.write", "org.policy.read", "project.read", "project.write"},
+		},
+		{
+			MemberType:  authz.MemberTypeProject,
+			AggregateID: "projectID",
+			Permissions: []string{"project.read", "project.write"},
+		},
+		{
+			MemberType:  authz.MemberTypeProjectGrant,
+			AggregateID: "projectID",
+			ObjectID:    "grantID",
+			Permissions: []string{"project.read", "project.write"},
+		},
+	}
+	type result struct {
+		MemberType  authz.MemberType
+		AggregateID string
+		ObjectID    string
+	}
+	tests := []struct {
+		permm string
+		want  []result
+	}{
+		{
+			permm: "iam.read",
+			want: []result{
+				{
+					MemberType: authz.MemberTypeSystem,
+				},
+				{
+					MemberType:  authz.MemberTypeIAM,
+					AggregateID: "instanceID",
+				},
+			},
+		},
+		{
+			permm: "org.read",
+			want: []result{
+				{
+					MemberType:  authz.MemberTypeIAM,
+					AggregateID: "instanceID",
+				},
+				{
+					MemberType:  authz.MemberTypeOrganization,
+					AggregateID: "orgID",
+				},
+			},
+		},
+		{
+			permm: "project.write",
+			want: []result{
+				{
+					MemberType:  authz.MemberTypeIAM,
+					AggregateID: "instanceID",
+				},
+				{
+					MemberType:  authz.MemberTypeOrganization,
+					AggregateID: "orgID",
+				},
+				{
+					MemberType:  authz.MemberTypeProject,
+					AggregateID: "projectID",
+				},
+				{
+					MemberType:  authz.MemberTypeProjectGrant,
+					AggregateID: "projectID",
+					ObjectID:    "grantID",
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.permm, func(t *testing.T) {
+			t.Parallel()
+			rows, err := dbPool.Query(CTX, query, database.NewJSONArray(permissions), tt.permm)
+			require.NoError(t, err)
+			got, err := pgx.CollectRows(rows, pgx.RowToStructByPos[result])
+			require.NoError(t, err)
+			assert.ElementsMatch(t, tt.want, got)
+		})
+	}
+}
+
+func TestCheckSystemUserPerms(t *testing.T) {
+	// Use JSON because of the composite project_grants SQL type
+	const query = "SELECT row_to_json(eventstore.check_system_user_perms($1, $2, $3));"
+	t.Parallel()
+	type args struct {
+		reqInstanceID string
+		permissions   []authz.SystemUserPermissions
+		permm         string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{
+			name: "iam.read, instance permitted from system",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeSystem,
+						Permissions: []string{"iam.read", "iam.write", "iam.policy.read"},
+					},
+					{
+						MemberType:  authz.MemberTypeIAM,
+						AggregateID: "instanceID",
+						Permissions: []string{"iam.read", "iam.write", "iam.policy.read", "org.read"},
+					},
+					{
+						MemberType:  authz.MemberTypeOrganization,
+						AggregateID: "orgID",
+						Permissions: []string{"org.read", "org.write", "org.policy.read", "project.read", "project.write"},
+					},
+					{
+						MemberType:  authz.MemberTypeProject,
+						AggregateID: "projectID",
+						Permissions: []string{"project.read", "project.write"},
+					},
+					{
+						MemberType:  authz.MemberTypeProjectGrant,
+						AggregateID: "projectID",
+						ObjectID:    "grantID",
+						Permissions: []string{"project.read", "project.write"},
+					},
+				},
+				permm: "iam.read",
+			},
+			want: `{
+				"instance_permitted": true,
+				"org_ids": [],
+				"project_grants": [],
+				"project_ids": []
+			}`,
+		},
+		{
+			name: "org.read, instance permitted",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeSystem,
+						Permissions: []string{"iam.read", "iam.write", "iam.policy.read"},
+					},
+					{
+						MemberType:  authz.MemberTypeIAM,
+						AggregateID: "instanceID",
+						Permissions: []string{"iam.read", "iam.write", "iam.policy.read", "org.read"},
+					},
+					{
+						MemberType:  authz.MemberTypeOrganization,
+						AggregateID: "orgID",
+						Permissions: []string{"org.read", "org.write", "org.policy.read", "project.read", "project.write"},
+					},
+					{
+						MemberType:  authz.MemberTypeProject,
+						AggregateID: "projectID",
+						Permissions: []string{"project.read", "project.write"},
+					},
+					{
+						MemberType:  authz.MemberTypeProjectGrant,
+						AggregateID: "projectID",
+						ObjectID:    "grantID",
+						Permissions: []string{"project.read", "project.write"},
+					},
+				},
+				permm: "org.read",
+			},
+			want: `{
+				"instance_permitted": true,
+				"org_ids": [],
+				"project_grants": [],
+				"project_ids": []
+			}`,
+		},
+		{
+			name: "project.read, org ID and project ID permitted",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeSystem,
+						Permissions: []string{"iam.read", "iam.write", "iam.policy.read"},
+					},
+					{
+						MemberType:  authz.MemberTypeIAM,
+						AggregateID: "instanceID",
+						Permissions: []string{"iam.read", "iam.write", "iam.policy.read", "org.read"},
+					},
+					{
+						MemberType:  authz.MemberTypeOrganization,
+						AggregateID: "orgID",
+						Permissions: []string{"org.read", "org.write", "org.policy.read", "project.read", "project.write"},
+					},
+					{
+						MemberType:  authz.MemberTypeProject,
+						AggregateID: "projectID",
+						Permissions: []string{"project.read", "project.write"},
+					},
+					{
+						MemberType:  authz.MemberTypeProjectGrant,
+						AggregateID: "projectID",
+						ObjectID:    "grantID",
+						Permissions: []string{"project_grant.read", "project_grant.write"},
+					},
+				},
+				permm: "project.read",
+			},
+			want: `{
+				"instance_permitted": false,
+				"org_ids": ["orgID"],
+				"project_ids": ["projectID"],
+				"project_grants": []
+			}`,
+		},
+		{
+			name: "project_grant.read, project grant ID permitted",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeSystem,
+						Permissions: []string{"iam.read", "iam.write", "iam.policy.read"},
+					},
+					{
+						MemberType:  authz.MemberTypeIAM,
+						AggregateID: "instanceID",
+						Permissions: []string{"iam.read", "iam.write", "iam.policy.read", "org.read"},
+					},
+					{
+						MemberType:  authz.MemberTypeOrganization,
+						AggregateID: "orgID",
+						Permissions: []string{"org.read", "org.write", "org.policy.read", "project.read", "project.write"},
+					},
+					{
+						MemberType:  authz.MemberTypeProject,
+						AggregateID: "projectID",
+						Permissions: []string{"project.read", "project.write"},
+					},
+					{
+						MemberType:  authz.MemberTypeProjectGrant,
+						AggregateID: "projectID",
+						ObjectID:    "grantID",
+						Permissions: []string{"project_grant.read", "project_grant.write"},
+					},
+				},
+				permm: "project_grant.read",
+			},
+			want: `{
+				"instance_permitted": false,
+				"org_ids": [],
+				"project_ids": [],
+				"project_grants": [
+					{
+						"project_id": "projectID",
+						"grant_id": "grantID"
+					}
+				]
+			}`,
+		},
+		{
+			name: "instance without aggregate ID",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeIAM,
+						AggregateID: "",
+						Permissions: []string{"foo.bar", "bar.foo"},
+					},
+				},
+				permm: "foo.bar",
+			},
+			want: `{
+				"instance_permitted": false,
+				"org_ids": [],
+				"project_ids": [],
+				"project_grants": []
+			}`,
+		},
+		{
+			name: "wrong instance ID",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeIAM,
+						AggregateID: "wrong",
+						Permissions: []string{"foo.bar", "bar.foo"},
+					},
+				},
+				permm: "foo.bar",
+			},
+			want: `{
+				"instance_permitted": false,
+				"org_ids": [],
+				"project_ids": [],
+				"project_grants": []
+			}`,
+		},
+		{
+			name: "permission on other instance",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeIAM,
+						AggregateID: "instanceID",
+						Permissions: []string{"bar.foo"},
+					},
+					{
+						MemberType:  authz.MemberTypeIAM,
+						AggregateID: "wrong",
+						Permissions: []string{"foo.bar"},
+					},
+				},
+				permm: "foo.bar",
+			},
+			want: `{
+				"instance_permitted": false,
+				"org_ids": [],
+				"project_ids": [],
+				"project_grants": []
+			}`,
+		},
+		{
+			name: "org ID missing",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeOrganization,
+						AggregateID: "",
+						Permissions: []string{"foo.bar"},
+					},
+				},
+				permm: "foo.bar",
+			},
+			want: `{
+				"instance_permitted": false,
+				"org_ids": [],
+				"project_ids": [],
+				"project_grants": []
+			}`,
+		},
+		{
+			name: "multiple org IDs",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeOrganization,
+						AggregateID: "Org1",
+						Permissions: []string{"foo.bar"},
+					},
+					{
+						MemberType:  authz.MemberTypeOrganization,
+						AggregateID: "Org2",
+						Permissions: []string{"foo.bar"},
+					},
+				},
+				permm: "foo.bar",
+			},
+			want: `{
+				"instance_permitted": false,
+				"org_ids": ["Org1", "Org2"],
+				"project_ids": [],
+				"project_grants": []
+			}`,
+		},
+		{
+			name: "project ID missing",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeProject,
+						AggregateID: "",
+						Permissions: []string{"foo.bar"},
+					},
+				},
+				permm: "foo.bar",
+			},
+			want: `{
+				"instance_permitted": false,
+				"org_ids": [],
+				"project_ids": [],
+				"project_grants": []
+			}`,
+		},
+		{
+			name: "multiple project IDs",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeProject,
+						AggregateID: "P1",
+						Permissions: []string{"foo.bar"},
+					},
+					{
+						MemberType:  authz.MemberTypeProject,
+						AggregateID: "P2",
+						Permissions: []string{"foo.bar"},
+					},
+				},
+				permm: "foo.bar",
+			},
+			want: `{
+				"instance_permitted": false,
+				"org_ids": [],
+				"project_ids": ["P1", "P2"],
+				"project_grants": []
+			}`,
+		},
+		{
+			name: "project grant ID missing",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeProjectGrant,
+						AggregateID: "",
+						ObjectID:    "",
+						Permissions: []string{"foo.bar"},
+					},
+				},
+				permm: "foo.bar",
+			},
+			want: `{
+				"instance_permitted": false,
+				"org_ids": [],
+				"project_ids": [],
+				"project_grants": []
+			}`,
+		},
+		{
+			name: "multiple project IDs",
+			args: args{
+				reqInstanceID: "instanceID",
+				permissions: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeProjectGrant,
+						AggregateID: "P1",
+						ObjectID:    "O1",
+						Permissions: []string{"foo.bar"},
+					},
+					{
+						MemberType:  authz.MemberTypeProjectGrant,
+						AggregateID: "P2",
+						ObjectID:    "O2",
+						Permissions: []string{"foo.bar"},
+					},
+				},
+				permm: "foo.bar",
+			},
+			want: `{
+				"instance_permitted": false,
+				"org_ids": [],
+				"project_ids": [],
+				"project_grants": [
+					{
+						"project_id": "P1",
+						"grant_id": "O1"
+					},
+					{
+						"project_id": "P2",
+						"grant_id": "O2"
+					}
+				]
+			}`,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			rows, err := dbPool.Query(CTX, query, database.NewJSONArray(tt.args.permissions), tt.args.reqInstanceID, tt.args.permm)
+			require.NoError(t, err)
+			got, err := pgx.CollectOneRow(rows, pgx.RowTo[string])
+			require.NoError(t, err)
+			assert.JSONEq(t, tt.want, got)
+		})
+	}
+}
+
+const (
+	instanceID = "instanceID"
+	orgID      = "orgID"
+	projectID  = "projectID"
+)
+
+func TestPermittedOrgs(t *testing.T) {
+	t.Parallel()
+
+	tx, err := dbPool.Begin(CTX)
+	require.NoError(t, err)
+	defer tx.Rollback(CTX)
+
+	// Insert a couple of deterministic field rows to test the function.
+	// Data will not persist, because the transaction is rolled back.
+	createRolePermission(t, tx, "IAM_OWNER", []string{"org.write", "org.read"})
+	createRolePermission(t, tx, "ORG_OWNER", []string{"org.write", "org.read"})
+	createMember(t, tx, instance.AggregateType, "instance_user")
+	createMember(t, tx, org.AggregateType, "org_user")
+
+	const query = "SELECT instance_permitted, org_ids FROM eventstore.permitted_orgs($1,$2,$3,$4,$5);"
+	type args struct {
+		reqInstanceID   string
+		authUserID      string
+		systemUserPerms []authz.SystemUserPermissions
+		perm            string
+		filterOrg       *string
+	}
+	type result struct {
+		InstancePermitted bool
+		OrgIDs            pgtype.FlatArray[string]
+	}
+	tests := []struct {
+		name string
+		args args
+		want result
+	}{
+		{
+			name: "system user, instance",
+			args: args{
+				reqInstanceID: instanceID,
+				systemUserPerms: []authz.SystemUserPermissions{{
+					MemberType:  authz.MemberTypeSystem,
+					Permissions: []string{"org.write", "org.read"},
+				}},
+				perm: "org.read",
+			},
+			want: result{
+				InstancePermitted: true,
+			},
+		},
+		{
+			name: "system user, orgs",
+			args: args{
+				reqInstanceID: instanceID,
+				systemUserPerms: []authz.SystemUserPermissions{{
+					MemberType:  authz.MemberTypeOrganization,
+					AggregateID: orgID,
+					Permissions: []string{"org.read", "org.write", "org.policy.read", "project.read", "project.write"},
+				}},
+				perm: "org.read",
+			},
+			want: result{
+				OrgIDs: pgtype.FlatArray[string]{orgID},
+			},
+		},
+		{
+			name: "instance member",
+			args: args{
+				reqInstanceID: instanceID,
+				authUserID:    "instance_user",
+				perm:          "org.read",
+			},
+			want: result{
+				InstancePermitted: true,
+			},
+		},
+		{
+			name: "org member",
+			args: args{
+				reqInstanceID: instanceID,
+				authUserID:    "org_user",
+				perm:          "org.read",
+			},
+			want: result{
+				OrgIDs: pgtype.FlatArray[string]{orgID},
+			},
+		},
+		{
+			name: "org member, filter",
+			args: args{
+				reqInstanceID: instanceID,
+				authUserID:    "org_user",
+				perm:          "org.read",
+				filterOrg:     gu.Ptr(orgID),
+			},
+			want: result{
+				OrgIDs: pgtype.FlatArray[string]{orgID},
+			},
+		},
+		{
+			name: "org member, filter wrong org",
+			args: args{
+				reqInstanceID: instanceID,
+				authUserID:    "org_user",
+				perm:          "org.read",
+				filterOrg:     gu.Ptr("foobar"),
+			},
+			want: result{},
+		},
+		{
+			name: "no permission",
+			args: args{
+				reqInstanceID: instanceID,
+				authUserID:    "foobar",
+				perm:          "org.read",
+				filterOrg:     gu.Ptr(orgID),
+			},
+			want: result{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			rows, err := tx.Query(CTX, query, tt.args.reqInstanceID, tt.args.authUserID, database.NewJSONArray(tt.args.systemUserPerms), tt.args.perm, tt.args.filterOrg)
+			require.NoError(t, err)
+			got, err := pgx.CollectExactlyOneRow(rows, pgx.RowToStructByPos[result])
+			require.NoError(t, err)
+			assert.Equal(t, tt.want.InstancePermitted, got.InstancePermitted)
+			assert.ElementsMatch(t, tt.want.OrgIDs, got.OrgIDs)
+		})
+	}
+}
+
+func TestPermittedProjects(t *testing.T) {
+	t.Parallel()
+
+	tx, err := dbPool.Begin(CTX)
+	require.NoError(t, err)
+	defer tx.Rollback(CTX)
+
+	// Insert a couple of deterministic field rows to test the function.
+	// Data will not persist, because the transaction is rolled back.
+	createRolePermission(t, tx, "IAM_OWNER", []string{"project.write", "project.read"})
+	createRolePermission(t, tx, "ORG_OWNER", []string{"project.write", "project.read"})
+	createRolePermission(t, tx, "PROJECT_OWNER", []string{"project.write", "project.read"})
+	createMember(t, tx, instance.AggregateType, "instance_user")
+	createMember(t, tx, org.AggregateType, "org_user")
+	createMember(t, tx, project.AggregateType, "project_user")
+
+	const query = "SELECT instance_permitted, org_ids, project_ids FROM eventstore.permitted_projects($1,$2,$3,$4,$5);"
+	type args struct {
+		reqInstanceID   string
+		authUserID      string
+		systemUserPerms []authz.SystemUserPermissions
+		perm            string
+		filterOrg       *string
+	}
+	type result struct {
+		InstancePermitted bool
+		OrgIDs            pgtype.FlatArray[string]
+		ProjectIDs        pgtype.FlatArray[string]
+	}
+	tests := []struct {
+		name string
+		args args
+		want result
+	}{
+		{
+			name: "system user, instance",
+			args: args{
+				reqInstanceID: instanceID,
+				systemUserPerms: []authz.SystemUserPermissions{{
+					MemberType:  authz.MemberTypeSystem,
+					Permissions: []string{"project.write", "project.read"},
+				}},
+				perm: "project.read",
+			},
+			want: result{
+				InstancePermitted: true,
+			},
+		},
+		{
+			name: "system user, orgs",
+			args: args{
+				reqInstanceID: instanceID,
+				systemUserPerms: []authz.SystemUserPermissions{{
+					MemberType:  authz.MemberTypeOrganization,
+					AggregateID: orgID,
+					Permissions: []string{"project.read", "project.write"},
+				}},
+				perm: "project.read",
+			},
+			want: result{
+				OrgIDs: pgtype.FlatArray[string]{orgID},
+			},
+		},
+		{
+			name: "system user, projects",
+			args: args{
+				reqInstanceID: instanceID,
+				systemUserPerms: []authz.SystemUserPermissions{{
+					MemberType:  authz.MemberTypeProject,
+					AggregateID: projectID,
+					Permissions: []string{"project.read", "project.write"},
+				}},
+				perm: "project.read",
+			},
+			want: result{
+				ProjectIDs: pgtype.FlatArray[string]{projectID},
+			},
+		},
+		{
+			name: "system user, org and project",
+			args: args{
+				reqInstanceID: instanceID,
+				systemUserPerms: []authz.SystemUserPermissions{
+					{
+						MemberType:  authz.MemberTypeOrganization,
+						AggregateID: orgID,
+						Permissions: []string{"project.read", "project.write"},
+					},
+					{
+						MemberType:  authz.MemberTypeProject,
+						AggregateID: projectID,
+						Permissions: []string{"project.read", "project.write"},
+					},
+				},
+				perm: "project.read",
+			},
+			want: result{
+				OrgIDs:     pgtype.FlatArray[string]{orgID},
+				ProjectIDs: pgtype.FlatArray[string]{projectID},
+			},
+		},
+		{
+			name: "instance member",
+			args: args{
+				reqInstanceID: instanceID,
+				authUserID:    "instance_user",
+				perm:          "project.read",
+			},
+			want: result{
+				InstancePermitted: true,
+			},
+		},
+		{
+			name: "org member",
+			args: args{
+				reqInstanceID: instanceID,
+				authUserID:    "org_user",
+				perm:          "project.read",
+			},
+			want: result{
+				InstancePermitted: false,
+				OrgIDs:            pgtype.FlatArray[string]{orgID},
+			},
+		},
+		{
+			name: "org member, filter",
+			args: args{
+				reqInstanceID: instanceID,
+				authUserID:    "org_user",
+				perm:          "project.read",
+				filterOrg:     gu.Ptr(orgID),
+			},
+			want: result{
+				InstancePermitted: false,
+				OrgIDs:            pgtype.FlatArray[string]{orgID},
+			},
+		},
+		{
+			name: "org member, filter wrong org",
+			args: args{
+				reqInstanceID: instanceID,
+				authUserID:    "org_user",
+				perm:          "project.read",
+				filterOrg:     gu.Ptr("foobar"),
+			},
+			want: result{},
+		},
+		{
+			name: "project member",
+			args: args{
+				reqInstanceID: instanceID,
+				authUserID:    "project_user",
+				perm:          "project.read",
+			},
+			want: result{
+				ProjectIDs: pgtype.FlatArray[string]{projectID},
+			},
+		},
+		{
+			name: "no permission",
+			args: args{
+				reqInstanceID: instanceID,
+				authUserID:    "foobar",
+				perm:          "project.read",
+				filterOrg:     gu.Ptr(orgID),
+			},
+			want: result{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			rows, err := tx.Query(CTX, query, tt.args.reqInstanceID, tt.args.authUserID, database.NewJSONArray(tt.args.systemUserPerms), tt.args.perm, tt.args.filterOrg)
+			require.NoError(t, err)
+			got, err := pgx.CollectExactlyOneRow(rows, pgx.RowToStructByPos[result])
+			require.NoError(t, err)
+			assert.Equal(t, tt.want.InstancePermitted, got.InstancePermitted)
+			assert.ElementsMatch(t, tt.want.OrgIDs, got.OrgIDs)
+		})
+	}
+}
+
+func createRolePermission(t *testing.T, tx pgx.Tx, role string, permissions []string) {
+	for _, perm := range permissions {
+		createTestField(t, tx, instanceID, permission.AggregateType, instanceID, "role_permission", role, "permission", perm)
+	}
+}
+
+func createMember(t *testing.T, tx pgx.Tx, aggregateType eventstore.AggregateType, userID string) {
+	var err error
+	switch aggregateType {
+	case instance.AggregateType:
+		createTestField(t, tx, instanceID, aggregateType, instanceID, "instance_member_role", userID, "instance_role", "IAM_OWNER")
+	case org.AggregateType:
+		createTestField(t, tx, orgID, aggregateType, orgID, "org_member_role", userID, "org_role", "ORG_OWNER")
+	case project.AggregateType:
+		createTestField(t, tx, orgID, aggregateType, orgID, "project_member_role", userID, "project_role", "PROJECT_OWNER")
+	default:
+		panic("unknown aggregate type " + aggregateType)
+	}
+	require.NoError(t, err)
+}
+
+func createTestField(t *testing.T, tx pgx.Tx, resourceOwner string, aggregateType eventstore.AggregateType, aggregateID, objectType, objectID, fieldName string, value any) {
+	const query = `INSERT INTO eventstore.fields(
+		instance_id, resource_owner, aggregate_type, aggregate_id, object_type, object_id, field_name, value, value_must_be_unique, should_index, object_revision)
+		VALUES ($1, $2, $3, $4, $5, $6, $7, $8, false, true, 1);`
+	encValue, err := json.Marshal(value)
+	require.NoError(t, err)
+	_, err = tx.Exec(CTX, query, instanceID, resourceOwner, aggregateType, aggregateID, objectType, objectID, fieldName, encValue)
+	require.NoError(t, err)
+
+}
diff --git a/cmd/setup/integration_test/setup_test.go b/cmd/setup/integration_test/setup_test.go
new file mode 100644
index 0000000000..42b8502841
--- /dev/null
+++ b/cmd/setup/integration_test/setup_test.go
@@ -0,0 +1,41 @@
+// Package setup_test implements tests for procedural PostgreSQL functions,
+// created in the database during Zitadel setup.
+// Tests depend on `zitadel setup` being run first and therefore is run as integration tests.
+// A PGX connection is used directly to the integration test database.
+// This package assumes the database server available as per integration test defaults.
+// See the [ConnString] constant.
+
+//go:build integration
+
+package setup_test
+
+import (
+	"context"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/jackc/pgx/v5/pgxpool"
+)
+
+const ConnString = "host=localhost port=5432 user=zitadel dbname=zitadel sslmode=disable"
+
+var (
+	CTX    context.Context
+	dbPool *pgxpool.Pool
+)
+
+func TestMain(m *testing.M) {
+	var cancel context.CancelFunc
+	CTX, cancel = context.WithTimeout(context.Background(), time.Second*10)
+
+	var err error
+	dbPool, err = pgxpool.New(context.Background(), ConnString)
+	if err != nil {
+		panic(err)
+	}
+	exit := m.Run()
+	cancel()
+	dbPool.Close()
+	os.Exit(exit)
+}
diff --git a/internal/api/authz/context.go b/internal/api/authz/context.go
index d12a1def44..ff2fa8d445 100644
--- a/internal/api/authz/context.go
+++ b/internal/api/authz/context.go
@@ -1,4 +1,4 @@
-//go:generate enumer -type MemberType -trimprefix MemberType -json
+//go:generate enumer -type MemberType -trimprefix MemberType -json -sql
 
 package authz
 
diff --git a/internal/api/authz/membertype_enumer.go b/internal/api/authz/membertype_enumer.go
index a4275a2254..9354194660 100644
--- a/internal/api/authz/membertype_enumer.go
+++ b/internal/api/authz/membertype_enumer.go
@@ -1,8 +1,9 @@
-// Code generated by "enumer -type MemberType -trimprefix MemberType -json"; DO NOT EDIT.
+// Code generated by "enumer -type MemberType -trimprefix MemberType -json -sql"; DO NOT EDIT.
 
 package authz
 
 import (
+	"database/sql/driver"
 	"encoding/json"
 	"fmt"
 	"strings"
@@ -110,3 +111,33 @@ func (i *MemberType) UnmarshalJSON(data []byte) error {
 	*i, err = MemberTypeString(s)
 	return err
 }
+
+func (i MemberType) Value() (driver.Value, error) {
+	return i.String(), nil
+}
+
+func (i *MemberType) Scan(value interface{}) error {
+	if value == nil {
+		return nil
+	}
+
+	var str string
+	switch v := value.(type) {
+	case []byte:
+		str = string(v)
+	case string:
+		str = v
+	case fmt.Stringer:
+		str = v.String()
+	default:
+		return fmt.Errorf("invalid value of MemberType: %[1]T(%[1]v)", value)
+	}
+
+	val, err := MemberTypeString(str)
+	if err != nil {
+		return err
+	}
+
+	*i = val
+	return nil
+}
diff --git a/internal/query/idp_user_link.go b/internal/query/idp_user_link.go
index 99bf3c403b..7f162f235e 100644
--- a/internal/query/idp_user_link.go
+++ b/internal/query/idp_user_link.go
@@ -110,13 +110,14 @@ func idpLinksPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enab
 	if !enabled {
 		return query
 	}
-	return query.Where(PermissionClause(
+	join, args := PermissionClause(
 		ctx,
 		IDPUserLinkResourceOwnerCol,
 		domain.PermissionUserRead,
 		SingleOrgPermissionOption(queries.Queries),
 		OwnedRowsPermissionOption(IDPUserLinkUserIDCol),
-	))
+	)
+	return query.JoinClause(join, args...)
 }
 
 func (q *Queries) IDPUserLinks(ctx context.Context, queries *IDPUserLinksSearchQuery, permissionCheck domain.PermissionCheck) (idps *IDPUserLinks, err error) {
diff --git a/internal/query/org.go b/internal/query/org.go
index 643aec291a..dfe90ad9f8 100644
--- a/internal/query/org.go
+++ b/internal/query/org.go
@@ -97,11 +97,12 @@ func orgsPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled
 	if !enabled {
 		return query
 	}
-	return query.Where(PermissionClause(
+	join, args := PermissionClause(
 		ctx,
 		OrgColumnID,
 		domain_pkg.PermissionOrgRead,
-	))
+	)
+	return query.JoinClause(join, args...)
 }
 
 type OrgSearchQueries struct {
diff --git a/internal/query/permission.go b/internal/query/permission.go
index 3157430264..19e3ed984e 100644
--- a/internal/query/permission.go
+++ b/internal/query/permission.go
@@ -2,7 +2,6 @@ package query
 
 import (
 	"context"
-	"fmt"
 
 	sq "github.com/Masterminds/squirrel"
 	"github.com/zitadel/logging"
@@ -10,41 +9,66 @@ import (
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/database"
 	domain_pkg "github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
 const (
-	// eventstore.permitted_orgs(instanceid text, userid text, system_user_perms JSONB, perm text, filter_org text)
-	wherePermittedOrgsExpr = "%s = ANY(eventstore.permitted_orgs(?, ?, ?, ?, ?))"
+	// eventstore.permitted_orgs(req_instance_id text, auth_user_id text, system_user_perms JSONB, perm text, filter_org text)
+	joinPermittedOrgsFunction = `INNER JOIN eventstore.permitted_orgs(?, ?, ?, ?, ?) permissions ON `
+
+	// eventstore.permitted_projects(req_instance_id text, auth_user_id text, system_user_perms JSONB, perm text, filter_org text)
+	joinPermittedProjectsFunction = `INNER JOIN eventstore.permitted_projects(?, ?, ?, ?, ?) permissions ON `
 )
 
+// permissionClauseBuilder is used to build the SQL clause for permission checks.
+// Don't use it directly, use the [PermissionClause] function with proper options instead.
 type permissionClauseBuilder struct {
 	orgIDColumn       Column
 	instanceID        string
 	userID            string
 	systemPermissions []authz.SystemUserPermissions
 	permission        string
-	orgID             string
-	connections       []sq.Eq
+
+	// optional fields
+	orgID           *string
+	projectIDColumn *Column
+	connections     []sq.Eq
 }
 
 func (b *permissionClauseBuilder) appendConnection(column string, value any) {
 	b.connections = append(b.connections, sq.Eq{column: value})
 }
 
-func (b *permissionClauseBuilder) clauses() sq.Or {
-	clauses := make(sq.Or, 1, len(b.connections)+1)
-	clauses[0] = sq.Expr(
-		fmt.Sprintf(wherePermittedOrgsExpr, b.orgIDColumn.identifier()),
+// joinFunction picks the correct SQL function and return the required arguments for that function.
+func (b *permissionClauseBuilder) joinFunction() (sql string, args []any) {
+	sql = joinPermittedOrgsFunction
+	if b.projectIDColumn != nil {
+		sql = joinPermittedProjectsFunction
+	}
+	return sql, []any{
 		b.instanceID,
 		b.userID,
 		database.NewJSONArray(b.systemPermissions),
 		b.permission,
 		b.orgID,
-	)
-	for _, include := range b.connections {
-		clauses = append(clauses, include)
 	}
-	return clauses
+}
+
+// joinConditions returns the conditions for the join,
+// which are dynamic based on the provided options.
+func (b *permissionClauseBuilder) joinConditions() sq.Or {
+	conditions := make(sq.Or, 2, len(b.connections)+3)
+	conditions[0] = sq.Expr("permissions.instance_permitted")
+	conditions[1] = sq.Expr(b.orgIDColumn.identifier() + " = ANY(permissions.org_ids)")
+	if b.projectIDColumn != nil {
+		conditions = append(conditions,
+			sq.Expr(b.projectIDColumn.identifier()+" = ANY(permissions.project_ids)"),
+		)
+	}
+	for _, c := range b.connections {
+		conditions = append(conditions, c)
+	}
+	return conditions
 }
 
 type PermissionOption func(b *permissionClauseBuilder)
@@ -52,6 +76,8 @@ type PermissionOption func(b *permissionClauseBuilder)
 // OwnedRowsPermissionOption allows rows to be returned of which the current user is the owner.
 // Even if the user does not have an explicit permission for the organization.
 // For example an authenticated user can always see his own user account.
+// This option may be provided multiple times to allow matching with multiple columns.
+// See [ConnectionPermissionOption] for more details.
 func OwnedRowsPermissionOption(userIDColumn Column) PermissionOption {
 	return func(b *permissionClauseBuilder) {
 		b.appendConnection(userIDColumn.identifier(), b.userID)
@@ -59,7 +85,10 @@ func OwnedRowsPermissionOption(userIDColumn Column) PermissionOption {
 }
 
 // ConnectionPermissionOption allows returning of rows where the value is matched.
-// Even if the user does not have an explicit permission for the organization.
+// Even if the user does not have an explicit permission for the resource.
+// Multiple connections may be provided.
+// Each connection is applied in a OR condition, so if previous permissions are not met,
+// matching rows are still returned for a later match.
 func ConnectionPermissionOption(column Column, value any) PermissionOption {
 	return func(b *permissionClauseBuilder) {
 		b.appendConnection(column.identifier(), value)
@@ -70,15 +99,28 @@ func ConnectionPermissionOption(column Column, value any) PermissionOption {
 // returned organizations, to the one used in the requested filters.
 func SingleOrgPermissionOption(queries []SearchQuery) PermissionOption {
 	return func(b *permissionClauseBuilder) {
-		b.orgID = findTextEqualsQuery(b.orgIDColumn, queries)
+		orgID, ok := findTextEqualsQuery(b.orgIDColumn, queries)
+		if ok {
+			b.orgID = &orgID
+		}
 	}
 }
 
-// PermissionClause sets a `WHERE` clause to query,
-// which filters returned rows the current authenticated user has the requested permission to.
+// WithProjectsPermissionOption sets an additional filter against the project ID column,
+// allowing for project specific permissions.
+func WithProjectsPermissionOption(projectIDColumn Column) PermissionOption {
+	return func(b *permissionClauseBuilder) {
+		b.projectIDColumn = &projectIDColumn
+	}
+}
+
+// PermissionClause builds a `INNER JOIN` clause which can be applied to a query builder.
+// It filters returned rows the current authenticated user has the requested permission to.
+// See permission_example_test.go for examples.
 //
-// Experimental: Work in progress. Currently only organization permissions are supported
-func PermissionClause(ctx context.Context, orgIDCol Column, permission string, options ...PermissionOption) sq.Or {
+// Experimental: Work in progress. Currently only organization and project permissions are supported
+// TODO: Add support for project grants.
+func PermissionClause(ctx context.Context, orgIDCol Column, permission string, options ...PermissionOption) (string, []any) {
 	ctxData := authz.GetCtxData(ctx)
 	b := &permissionClauseBuilder{
 		orgIDColumn:       orgIDCol,
@@ -97,10 +139,18 @@ func PermissionClause(ctx context.Context, orgIDCol Column, permission string, o
 		"system_user_permissions", b.systemPermissions,
 		"permission", b.permission,
 		"org_id", b.orgID,
-		"overrides", b.connections,
+		"project_id_column", b.projectIDColumn,
+		"connections", b.connections,
 	).Debug("permitted orgs check used")
 
-	return b.clauses()
+	sql, args := b.joinFunction()
+	conditions, conditionArgs, err := b.joinConditions().ToSql()
+	if err != nil {
+		// all cases are tested, no need to return an error.
+		// If an error does happen, it's a bug and not a user error.
+		panic(zerrors.ThrowInternal(err, "PERMISSION-OoS5o", "Errors.Internal"))
+	}
+	return sql + conditions, append(args, conditionArgs...)
 }
 
 // PermissionV2 checks are enabled when the feature flag is set and the permission check function is not nil.
diff --git a/internal/query/permission_example_test.go b/internal/query/permission_example_test.go
new file mode 100644
index 0000000000..6211ad0bb2
--- /dev/null
+++ b/internal/query/permission_example_test.go
@@ -0,0 +1,78 @@
+package query
+
+import (
+	"context"
+	"fmt"
+
+	sq "github.com/Masterminds/squirrel"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/domain"
+)
+
+// ExamplePermissionClause_org shows how to use the PermissionClause function to filter
+// permitted records based on the resource owner and the user's instance or organization membership.
+func ExamplePermissionClause_org() {
+	// These variables are typically set in the middleware of Zitadel.
+	// They do not influence the generation of the clause, just what
+	// the function does in Postgres.
+	ctx := authz.WithInstanceID(context.Background(), "instanceID")
+	ctx = authz.SetCtxData(ctx, authz.CtxData{
+		UserID: "userID",
+	})
+
+	join, args := PermissionClause(
+		ctx,
+		UserResourceOwnerCol, // match the resource owner column
+		domain.PermissionUserRead,
+		SingleOrgPermissionOption([]SearchQuery{
+			mustSearchQuery(NewUserDisplayNameSearchQuery("zitadel", TextContains)),
+			mustSearchQuery(NewUserResourceOwnerSearchQuery("orgID", TextEquals)),
+		}), // If the request had an orgID filter, it can be used to optimize the SQL function.
+		OwnedRowsPermissionOption(UserIDCol), // allow user to find themselves.
+	)
+
+	sql, _, _ := sq.Select("*").
+		From(userTable.identifier()).
+		JoinClause(join, args...).
+		Where(sq.Eq{
+			UserInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
+		}).ToSql()
+	fmt.Println(sql)
+	// Output:
+	// SELECT * FROM projections.users14 INNER JOIN eventstore.permitted_orgs(?, ?, ?, ?, ?) permissions ON (permissions.instance_permitted OR projections.users14.resource_owner = ANY(permissions.org_ids) OR projections.users14.id = ?) WHERE projections.users14.instance_id = ?
+}
+
+// ExamplePermissionClause_project shows how to use the PermissionClause function to filter
+// permitted records based on the resource owner and the user's instance or organization membership.
+// Additionally, it allows returning records based on the project ID and project membership.
+func ExamplePermissionClause_project() {
+	// These variables are typically set in the middleware of Zitadel.
+	// They do not influence the generation of the clause, just what
+	// the function does in Postgres.
+	ctx := authz.WithInstanceID(context.Background(), "instanceID")
+	ctx = authz.SetCtxData(ctx, authz.CtxData{
+		UserID: "userID",
+	})
+
+	join, args := PermissionClause(
+		ctx,
+		ProjectColumnResourceOwner, // match the resource owner column
+		"project.read",
+		WithProjectsPermissionOption(ProjectColumnID),
+		SingleOrgPermissionOption([]SearchQuery{
+			mustSearchQuery(NewUserDisplayNameSearchQuery("zitadel", TextContains)),
+			mustSearchQuery(NewUserResourceOwnerSearchQuery("orgID", TextEquals)),
+		}), // If the request had an orgID filter, it can be used to optimize the SQL function.
+	)
+
+	sql, _, _ := sq.Select("*").
+		From(projectsTable.identifier()).
+		JoinClause(join, args...).
+		Where(sq.Eq{
+			ProjectColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
+		}).ToSql()
+	fmt.Println(sql)
+	// Output:
+	// SELECT * FROM projections.projects4 INNER JOIN eventstore.permitted_projects(?, ?, ?, ?, ?) permissions ON (permissions.instance_permitted OR projections.projects4.resource_owner = ANY(permissions.org_ids) OR projections.projects4.id = ANY(permissions.project_ids)) WHERE projections.projects4.instance_id = ?
+}
diff --git a/internal/query/permission_test.go b/internal/query/permission_test.go
index f6ecd94b46..24692a9406 100644
--- a/internal/query/permission_test.go
+++ b/internal/query/permission_test.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"testing"
 
-	sq "github.com/Masterminds/squirrel"
+	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -38,30 +38,29 @@ func TestPermissionClause(t *testing.T) {
 		options    []PermissionOption
 	}
 	tests := []struct {
-		name       string
-		args       args
-		wantClause sq.Or
+		name     string
+		args     args
+		wantSql  string
+		wantArgs []any
 	}{
 		{
-			name: "no options",
+			name: "org, no options",
 			args: args{
 				ctx:        ctx,
 				orgIDCol:   UserResourceOwnerCol,
 				permission: "permission1",
 			},
-			wantClause: sq.Or{
-				sq.Expr(
-					"projections.users14.resource_owner = ANY(eventstore.permitted_orgs(?, ?, ?, ?, ?))",
-					"instanceID",
-					"userID",
-					database.NewJSONArray(permissions),
-					"permission1",
-					"",
-				),
+			wantSql: "INNER JOIN eventstore.permitted_orgs(?, ?, ?, ?, ?) permissions ON (permissions.instance_permitted OR projections.users14.resource_owner = ANY(permissions.org_ids))",
+			wantArgs: []any{
+				"instanceID",
+				"userID",
+				database.NewJSONArray(permissions),
+				"permission1",
+				(*string)(nil),
 			},
 		},
 		{
-			name: "owned rows option",
+			name: "org, owned rows option",
 			args: args{
 				ctx:        ctx,
 				orgIDCol:   UserResourceOwnerCol,
@@ -70,20 +69,18 @@ func TestPermissionClause(t *testing.T) {
 					OwnedRowsPermissionOption(UserIDCol),
 				},
 			},
-			wantClause: sq.Or{
-				sq.Expr(
-					"projections.users14.resource_owner = ANY(eventstore.permitted_orgs(?, ?, ?, ?, ?))",
-					"instanceID",
-					"userID",
-					database.NewJSONArray(permissions),
-					"permission1",
-					"",
-				),
-				sq.Eq{"projections.users14.id": "userID"},
+			wantSql: "INNER JOIN eventstore.permitted_orgs(?, ?, ?, ?, ?) permissions ON (permissions.instance_permitted OR projections.users14.resource_owner = ANY(permissions.org_ids) OR projections.users14.id = ?)",
+			wantArgs: []any{
+				"instanceID",
+				"userID",
+				database.NewJSONArray(permissions),
+				"permission1",
+				(*string)(nil),
+				"userID",
 			},
 		},
 		{
-			name: "connection rows option",
+			name: "org, connection rows option",
 			args: args{
 				ctx:        ctx,
 				orgIDCol:   UserResourceOwnerCol,
@@ -93,21 +90,19 @@ func TestPermissionClause(t *testing.T) {
 					ConnectionPermissionOption(UserStateCol, "bar"),
 				},
 			},
-			wantClause: sq.Or{
-				sq.Expr(
-					"projections.users14.resource_owner = ANY(eventstore.permitted_orgs(?, ?, ?, ?, ?))",
-					"instanceID",
-					"userID",
-					database.NewJSONArray(permissions),
-					"permission1",
-					"",
-				),
-				sq.Eq{"projections.users14.id": "userID"},
-				sq.Eq{"projections.users14.state": "bar"},
+			wantSql: "INNER JOIN eventstore.permitted_orgs(?, ?, ?, ?, ?) permissions ON (permissions.instance_permitted OR projections.users14.resource_owner = ANY(permissions.org_ids) OR projections.users14.id = ? OR projections.users14.state = ?)",
+			wantArgs: []any{
+				"instanceID",
+				"userID",
+				database.NewJSONArray(permissions),
+				"permission1",
+				(*string)(nil),
+				"userID",
+				"bar",
 			},
 		},
 		{
-			name: "single org option",
+			name: "org, with ID",
 			args: args{
 				ctx:        ctx,
 				orgIDCol:   UserResourceOwnerCol,
@@ -119,22 +114,62 @@ func TestPermissionClause(t *testing.T) {
 					}),
 				},
 			},
-			wantClause: sq.Or{
-				sq.Expr(
-					"projections.users14.resource_owner = ANY(eventstore.permitted_orgs(?, ?, ?, ?, ?))",
-					"instanceID",
-					"userID",
-					database.NewJSONArray(permissions),
-					"permission1",
-					"orgID",
-				),
+			wantSql: "INNER JOIN eventstore.permitted_orgs(?, ?, ?, ?, ?) permissions ON (permissions.instance_permitted OR projections.users14.resource_owner = ANY(permissions.org_ids))",
+			wantArgs: []any{
+				"instanceID",
+				"userID",
+				database.NewJSONArray(permissions),
+				"permission1",
+				gu.Ptr("orgID"),
+			},
+		},
+		{
+			name: "project",
+			args: args{
+				ctx:        ctx,
+				orgIDCol:   ProjectColumnResourceOwner,
+				permission: "permission1",
+				options: []PermissionOption{
+					WithProjectsPermissionOption(ProjectColumnID),
+				},
+			},
+			wantSql: "INNER JOIN eventstore.permitted_projects(?, ?, ?, ?, ?) permissions ON (permissions.instance_permitted OR projections.projects4.resource_owner = ANY(permissions.org_ids) OR projections.projects4.id = ANY(permissions.project_ids))",
+			wantArgs: []any{
+				"instanceID",
+				"userID",
+				database.NewJSONArray(permissions),
+				"permission1",
+				(*string)(nil),
+			},
+		},
+		{
+			name: "project, single org",
+			args: args{
+				ctx:        ctx,
+				orgIDCol:   ProjectColumnResourceOwner,
+				permission: "permission1",
+				options: []PermissionOption{
+					WithProjectsPermissionOption(ProjectColumnID),
+					SingleOrgPermissionOption([]SearchQuery{
+						mustSearchQuery(NewProjectResourceOwnerSearchQuery("orgID")),
+					}),
+				},
+			},
+			wantSql: "INNER JOIN eventstore.permitted_projects(?, ?, ?, ?, ?) permissions ON (permissions.instance_permitted OR projections.projects4.resource_owner = ANY(permissions.org_ids) OR projections.projects4.id = ANY(permissions.project_ids))",
+			wantArgs: []any{
+				"instanceID",
+				"userID",
+				database.NewJSONArray(permissions),
+				"permission1",
+				gu.Ptr("orgID"),
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			gotClause := PermissionClause(tt.args.ctx, tt.args.orgIDCol, tt.args.permission, tt.args.options...)
-			assert.Equal(t, tt.wantClause, gotClause)
+			gotSql, gotArgs := PermissionClause(tt.args.ctx, tt.args.orgIDCol, tt.args.permission, tt.args.options...)
+			assert.Equal(t, tt.wantSql, gotSql)
+			assert.Equal(t, tt.wantArgs, gotArgs)
 		})
 	}
 }
diff --git a/internal/query/query.go b/internal/query/query.go
index bd50d3c0be..e2e7f58ffc 100644
--- a/internal/query/query.go
+++ b/internal/query/query.go
@@ -149,15 +149,15 @@ func triggerBatch(ctx context.Context, handlers ...*handler.Handler) {
 	wg.Wait()
 }
 
-func findTextEqualsQuery(column Column, queries []SearchQuery) string {
+func findTextEqualsQuery(column Column, queries []SearchQuery) (text string, ok bool) {
 	for _, query := range queries {
 		if query.Col() != column {
 			continue
 		}
 		tq, ok := query.(*textQuery)
 		if ok && tq.Compare == TextEquals {
-			return tq.Text
+			return tq.Text, true
 		}
 	}
-	return ""
+	return "", false
 }
diff --git a/internal/query/session.go b/internal/query/session.go
index 004f29fe81..ff0cbd8d42 100644
--- a/internal/query/session.go
+++ b/internal/query/session.go
@@ -117,7 +117,7 @@ func sessionsPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enab
 	if !enabled {
 		return query
 	}
-	return query.Where(PermissionClause(
+	join, args := PermissionClause(
 		ctx,
 		SessionColumnResourceOwner,
 		domain.PermissionSessionRead,
@@ -125,8 +125,10 @@ func sessionsPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enab
 		OwnedRowsPermissionOption(SessionColumnCreator),
 		// Allow if session belongs to the user
 		OwnedRowsPermissionOption(SessionColumnUserID),
+		// Allow if session belongs to the same useragent
 		ConnectionPermissionOption(SessionColumnUserAgentFingerprintID, authz.GetCtxData(ctx).AgentID),
-	))
+	)
+	return query.JoinClause(join, args...)
 }
 
 func (q *SessionsSearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
diff --git a/internal/query/user.go b/internal/query/user.go
index 47694736c4..a97e3bbd14 100644
--- a/internal/query/user.go
+++ b/internal/query/user.go
@@ -136,13 +136,14 @@ func userPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled
 	if !enabled {
 		return query
 	}
-	return query.Where(PermissionClause(
+	join, args := PermissionClause(
 		ctx,
 		UserResourceOwnerCol,
 		domain.PermissionUserRead,
 		SingleOrgPermissionOption(queries.Queries),
 		OwnedRowsPermissionOption(UserIDCol),
-	))
+	)
+	return query.JoinClause(join, args...)
 }
 
 type UserSearchQueries struct {
diff --git a/internal/query/user_auth_method.go b/internal/query/user_auth_method.go
index acf61bf0e6..fce34967cf 100644
--- a/internal/query/user_auth_method.go
+++ b/internal/query/user_auth_method.go
@@ -108,12 +108,13 @@ func userAuthMethodPermissionCheckV2(ctx context.Context, query sq.SelectBuilder
 	if !enabled {
 		return query
 	}
-	return query.Where(PermissionClause(
+	join, args := PermissionClause(
 		ctx,
 		UserAuthMethodColumnResourceOwner,
 		domain.PermissionUserRead,
 		OwnedRowsPermissionOption(UserIDCol),
-	))
+	)
+	return query.JoinClause(join, args...)
 }
 
 type AuthMethod struct {

From aa9ef8b49e4ce15cceb955abd2ebb3d9c90cf48d Mon Sep 17 00:00:00 2001
From: Zach Hirschtritt <zhirschtritt@gmail.com>
Date: Tue, 22 Apr 2025 05:34:02 -0400
Subject: [PATCH 009/123] fix: Auto cleanup failed Setup steps if process is
 killed (#9736)

# Which Problems Are Solved

When running a long-running Zitadel Setup, Kubernetes might decide to
move a pod to a new node automatically. Currently, this puts any
migrations into a broken state that an operator needs to manually run
the "cleanup" command on - assuming they catch the error.

The only super long running commands are typically projection pre-fill
operations, which depending on the size of the event table for that
projection, can take many hours - plenty of time for Kubernetes to make
unexpected decisions, especially in a busy cluster.

# How the Problems Are Solved

This change listens on `os.Interrupt` and `syscall.SIGTERM`, cancels the
current Setup context, and runs the `Cleanup` command. The logs then
look something like this:
```shell
...
INFO[0000] verify migration                              caller="/Users/zach/src/zitadel/internal/migration/migration.go:43" name=repeatable_delete_stale_org_fields
INFO[0000] starting migration                            caller="/Users/zach/src/zitadel/internal/migration/migration.go:66" name=repeatable_delete_stale_org_fields
INFO[0000] execute delete query                          caller="/Users/zach/src/zitadel/cmd/setup/39.go:37" instance_id=281297936179003398 migration=repeatable_delete_stale_org_fields progress=1/1
INFO[0000] verify migration                              caller="/Users/zach/src/zitadel/internal/migration/migration.go:43" name=repeatable_fill_fields_for_instance_domains
INFO[0000] starting migration                            caller="/Users/zach/src/zitadel/internal/migration/migration.go:66" name=repeatable_fill_fields_for_instance_domains
----- SIGTERM signal issued -----
INFO[0000] received interrupt signal, shutting down: interrupt  caller="/Users/zach/src/zitadel/cmd/setup/setup.go:121"
INFO[0000] query failed                                  caller="/Users/zach/src/zitadel/internal/eventstore/repository/sql/query.go:135" error="timeout: context already done: context canceled"
DEBU[0000] filter eventstore failed                      caller="/Users/zach/src/zitadel/internal/eventstore/handler/v2/field_handler.go:155" error="ID=SQL-KyeAx Message=unable to filter events Parent=(timeout: context already done: context canceled)" projection=instance_domain_fields
DEBU[0000] unable to rollback tx                         caller="/Users/zach/src/zitadel/internal/eventstore/handler/v2/field_handler.go:110" error="sql: transaction has already been committed or rolled back" projection=instance_domain_fields
INFO[0000] process events failed                         caller="/Users/zach/src/zitadel/internal/eventstore/handler/v2/field_handler.go:72" error="ID=SQL-KyeAx Message=unable to filter events Parent=(timeout: context already done: context canceled)" projection=instance_domain_fields
DEBU[0000] trigger iteration                             caller="/Users/zach/src/zitadel/internal/eventstore/handler/v2/field_handler.go:73" iteration=0 projection=instance_domain_fields
ERRO[0000] migration failed                              caller="/Users/zach/src/zitadel/internal/migration/migration.go:68" error="ID=SQL-KyeAx Message=unable to filter events Parent=(timeout: context already done: context canceled)" name=repeatable_fill_fields_for_instance_domains
ERRO[0000] migration finish failed                       caller="/Users/zach/src/zitadel/internal/migration/migration.go:71" error="context canceled" name=repeatable_fill_fields_for_instance_domains
----- Cleanup before exiting -----
INFO[0000] cleanup started                               caller="/Users/zach/src/zitadel/cmd/setup/cleanup.go:30"
INFO[0000] cleanup migration                             caller="/Users/zach/src/zitadel/cmd/setup/cleanup.go:47" name=repeatable_fill_fields_for_instance_domains
```

# Additional Changes

* `mustExecuteMigration` -> `executeMigration`: **must**Execute logged a
Fatal error previously which calls os.Exit so no cleanup was possible.
Instead, this PR returns an error and assigns it to a shared error in
the Setup closure that defer can check.
* `initProjections` now returns an error instead of exiting

# Additional Context

This behavior might be unwelcome or at least unexpected in some cases.
Putting it behind a feature flag or config setting is likely a good
followup.

---------

Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
---
 cmd/setup/cleanup.go |  6 +--
 cmd/setup/setup.go   | 92 ++++++++++++++++++++++++++++++++++----------
 2 files changed, 74 insertions(+), 24 deletions(-)

diff --git a/cmd/setup/cleanup.go b/cmd/setup/cleanup.go
index e0a07c0a9d..69f7c72e53 100644
--- a/cmd/setup/cleanup.go
+++ b/cmd/setup/cleanup.go
@@ -21,14 +21,12 @@ func NewCleanup() *cobra.Command {
 		Long:  `cleans up migration if they got stuck`,
 		Run: func(cmd *cobra.Command, args []string) {
 			config := MustNewConfig(viper.GetViper())
-			Cleanup(config)
+			Cleanup(cmd.Context(), config)
 		},
 	}
 }
 
-func Cleanup(config *Config) {
-	ctx := context.Background()
-
+func Cleanup(ctx context.Context, config *Config) {
 	logging.Info("cleanup started")
 
 	dbClient, err := database.Connect(config.Database, false)
diff --git a/cmd/setup/setup.go b/cmd/setup/setup.go
index fe628c8df2..f4df9fc71b 100644
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -5,8 +5,13 @@ import (
 	"embed"
 	_ "embed"
 	"errors"
+	"fmt"
 	"net/http"
+	"os"
+	"os/signal"
 	"path"
+	"syscall"
+	"time"
 
 	"github.com/jackc/pgx/v5/pgconn"
 	"github.com/spf13/cobra"
@@ -102,8 +107,35 @@ func bindForMirror(cmd *cobra.Command) error {
 func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string) {
 	logging.Info("setup started")
 
-	i18n.MustLoadSupportedLanguagesFromDir()
+	var setupErr error
+	ctx, stop := signal.NotifyContext(ctx, os.Interrupt, syscall.SIGTERM)
 
+	defer func() {
+		stop()
+
+		if setupErr == nil {
+			logging.Info("setup completed")
+			return
+		}
+
+		if setupErr != nil && !errors.Is(setupErr, context.Canceled) {
+			// If Setup failed for some other reason than the context being cancelled,
+			// then this could be a fatal error we should not retry
+			logging.WithFields("error", setupErr).Fatal("setup failed, skipping cleanup")
+			return
+		}
+
+		// if we're in the middle of long-running setup, run cleanup before exiting
+		// so if/when we're restarted we can pick up where we left off rather than
+		// booting into a broken state that requires manual intervention
+		// kubernetes will typically kill the pod after 30 seconds if the container does not exit
+		cleanupCtx, cleanupCancel := context.WithTimeout(context.WithoutCancel(ctx), 10*time.Second)
+		defer cleanupCancel()
+
+		Cleanup(cleanupCtx, config)
+	}()
+
+	i18n.MustLoadSupportedLanguagesFromDir()
 	dbClient, err := database.Connect(config.Database, false)
 	logging.OnError(err).Fatal("unable to connect to database")
 
@@ -223,7 +255,10 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 		steps.s52IDPTemplate6LDAP2,
 		steps.s53InitPermittedOrgsFunction,
 	} {
-		mustExecuteMigration(ctx, eventstoreClient, step, "migration failed")
+		setupErr = executeMigration(ctx, eventstoreClient, step, "migration failed")
+		if setupErr != nil {
+			return
+		}
 	}
 
 	commands, _, _, _ := startCommandsQueries(ctx, eventstoreClient, eventstoreV4, dbClient, masterKey, config)
@@ -257,7 +292,10 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 	}
 
 	for _, repeatableStep := range repeatableSteps {
-		mustExecuteMigration(ctx, eventstoreClient, repeatableStep, "unable to migrate repeatable step")
+		setupErr = executeMigration(ctx, eventstoreClient, repeatableStep, "unable to migrate repeatable step")
+		if setupErr != nil {
+			return
+		}
 	}
 
 	// These steps are executed after the repeatable steps because they add fields projections
@@ -273,22 +311,25 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 		steps.s43CreateFieldsDomainIndex,
 		steps.s48Apps7SAMLConfigsLoginVersion,
 	} {
-		mustExecuteMigration(ctx, eventstoreClient, step, "migration failed")
+		setupErr = executeMigration(ctx, eventstoreClient, step, "migration failed")
+		if setupErr != nil {
+			return
+		}
 	}
 
 	// projection initialization must be done last, since the steps above might add required columns to the projections
 	if !config.ForMirror && config.InitProjections.Enabled {
-		initProjections(
-			ctx,
-			eventstoreClient,
-		)
+		setupErr = initProjections(ctx, eventstoreClient)
+		if setupErr != nil {
+			return
+		}
 	}
 }
 
-func mustExecuteMigration(ctx context.Context, eventstoreClient *eventstore.Eventstore, step migration.Migration, errorMsg string) {
+func executeMigration(ctx context.Context, eventstoreClient *eventstore.Eventstore, step migration.Migration, errorMsg string) error {
 	err := migration.Migrate(ctx, eventstoreClient, step)
 	if err == nil {
-		return
+		return nil
 	}
 	logFields := []any{
 		"name", step.String(),
@@ -303,7 +344,8 @@ func mustExecuteMigration(ctx context.Context, eventstoreClient *eventstore.Even
 			"hint", pgErr.Hint,
 		)
 	}
-	logging.WithFields(logFields...).WithError(err).Fatal(errorMsg)
+	logging.WithFields(logFields...).WithError(err).Error(errorMsg)
+	return fmt.Errorf("%s: %w", errorMsg, err)
 }
 
 // readStmt reads a single file from the embedded FS,
@@ -508,26 +550,36 @@ func startCommandsQueries(
 func initProjections(
 	ctx context.Context,
 	eventstoreClient *eventstore.Eventstore,
-) {
+) error {
 	logging.Info("init-projections is currently in beta")
 
 	for _, p := range projection.Projections() {
-		err := migration.Migrate(ctx, eventstoreClient, p)
-		logging.WithFields("name", p.String()).OnError(err).Fatal("migration failed")
+		if err := migration.Migrate(ctx, eventstoreClient, p); err != nil {
+			logging.WithFields("name", p.String()).OnError(err).Error("projection migration failed")
+			return err
+		}
 	}
 
 	for _, p := range admin_handler.Projections() {
-		err := migration.Migrate(ctx, eventstoreClient, p)
-		logging.WithFields("name", p.String()).OnError(err).Fatal("migration failed")
+		if err := migration.Migrate(ctx, eventstoreClient, p); err != nil {
+			logging.WithFields("name", p.String()).OnError(err).Error("admin schema migration failed")
+			return err
+		}
 	}
 
 	for _, p := range auth_handler.Projections() {
-		err := migration.Migrate(ctx, eventstoreClient, p)
-		logging.WithFields("name", p.String()).OnError(err).Fatal("migration failed")
+		if err := migration.Migrate(ctx, eventstoreClient, p); err != nil {
+			logging.WithFields("name", p.String()).OnError(err).Error("auth schema migration failed")
+			return err
+		}
 	}
 
 	for _, p := range notify_handler.Projections() {
-		err := migration.Migrate(ctx, eventstoreClient, p)
-		logging.WithFields("name", p.String()).OnError(err).Fatal("migration failed")
+		if err := migration.Migrate(ctx, eventstoreClient, p); err != nil {
+			logging.WithFields("name", p.String()).OnError(err).Error("notification migration failed")
+			return err
+		}
 	}
+
+	return nil
 }

From 56e0df67d59116bff9fe2b3e1000ad83add998d0 Mon Sep 17 00:00:00 2001
From: Ramon <mail@conblem.me>
Date: Wed, 23 Apr 2025 11:21:14 +0200
Subject: [PATCH 010/123] feat: Actions V2 improvements in console (#9759)

# Which Problems Are Solved
This PR allows one to edit the order of Actions V2 Targets in an
Execution. Editing of Targets was also added back again.

# How the Problems Are Solved
One of the changes is the addition of the CorrectlyTypedExecution which
restricts the Grpc types a bit more to make working with them easier.
Some fields may be optional in the Grpc Protobuf but in reality are
always set.
Typings were generally improved to make them more accurate and safer to
work with.

# Additional Changes
Removal of the Actions V2 Feature flag as it will be enabled by default
anyways.

# Additional Context
This pr used some advanced Angular Signals logic which is very
interesting for future PR's.
- Part of the tasks from #7248

---------

Co-authored-by: Max Peintner <peintnerm@gmail.com>
---
 .../components/features/features.component.ts |   1 -
 .../actions-two-actions-table.component.html  |  24 +-
 .../actions-two-actions-table.component.ts    | 101 ++++++--
 .../actions-two-actions.component.html        |   2 +-
 .../actions-two-actions.component.ts          | 154 +++++------
 ...tions-two-add-action-dialog.component.html |   6 +-
 ...tions-two-add-action-dialog.component.scss |   1 +
 ...actions-two-add-action-dialog.component.ts |  91 +++++--
 ...tions-two-add-action-target.component.html |  70 +++--
 ...tions-two-add-action-target.component.scss |  24 ++
 ...actions-two-add-action-target.component.ts | 245 +++++++++++-------
 ...tions-two-add-target-dialog.component.html |   2 +-
 ...actions-two-add-target-dialog.component.ts |   2 +-
 .../actions-two-targets-table.component.html  |   4 +-
 .../actions-two-targets-table.component.ts    |  34 ++-
 .../actions-two-targets.component.ts          | 110 +++-----
 .../oidc-webkeys-inactive-table.component.ts  |   2 +-
 .../oidc-webkeys/oidc-webkeys.component.html  |   2 +-
 console/src/assets/i18n/bg.json               |   3 +-
 console/src/assets/i18n/cs.json               |   3 +-
 console/src/assets/i18n/de.json               |   3 +-
 console/src/assets/i18n/en.json               |   3 +-
 console/src/assets/i18n/es.json               |   3 +-
 console/src/assets/i18n/fr.json               |   3 +-
 console/src/assets/i18n/hu.json               |   3 +-
 console/src/assets/i18n/id.json               |   3 +-
 console/src/assets/i18n/it.json               |   3 +-
 console/src/assets/i18n/ja.json               |   3 +-
 console/src/assets/i18n/ko.json               |   3 +-
 console/src/assets/i18n/mk.json               |   3 +-
 console/src/assets/i18n/nl.json               |   3 +-
 console/src/assets/i18n/pl.json               |   3 +-
 console/src/assets/i18n/pt.json               |   3 +-
 console/src/assets/i18n/ro.json               |   3 +-
 console/src/assets/i18n/ru.json               |   3 +-
 console/src/assets/i18n/sv.json               |   3 +-
 console/src/assets/i18n/zh.json               |   3 +-
 37 files changed, 557 insertions(+), 375 deletions(-)

diff --git a/console/src/app/components/features/features.component.ts b/console/src/app/components/features/features.component.ts
index 0f89c5e98a..d95bbdde43 100644
--- a/console/src/app/components/features/features.component.ts
+++ b/console/src/app/components/features/features.component.ts
@@ -27,7 +27,6 @@ import { LoginV2FeatureToggleComponent } from '../feature-toggle/login-v2-featur
 
 // to add a new feature, add the key here and in the FEATURE_KEYS array
 const FEATURE_KEYS = [
-  'actions',
   'consoleUseV2UserApi',
   'debugOidcParentError',
   'disableUserTokenEvent',
diff --git a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.html b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.html
index 670fe2c53b..82f04fb124 100644
--- a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.html
+++ b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.html
@@ -1,14 +1,14 @@
-<cnsl-refresh-table (refreshed)="refresh.emit()" [loading]="(dataSource$ | async) === null">
+<cnsl-refresh-table (refreshed)="refresh.emit()" [loading]="loading()">
   <div actions>
     <ng-content></ng-content>
   </div>
   <div class="table-wrapper">
-    <table *ngIf="dataSource$ | async as dataSource" mat-table class="table" aria-label="Elements" [dataSource]="dataSource">
+    <table mat-table class="table" aria-label="Elements" [dataSource]="dataSource">
       <ng-container matColumnDef="condition">
         <th mat-header-cell *matHeaderCellDef>{{ 'ACTIONSTWO.EXECUTION.TABLE.CONDITION' | translate }}</th>
         <td mat-cell *cnslCellDef="let row; dataSource: dataSource">
-          <span *ngIf="row.condition?.conditionType?.value">
-            {{ row?.condition | condition }}
+          <span>
+            {{ row.execution.condition | condition }}
           </span>
         </td>
       </ng-container>
@@ -16,7 +16,7 @@
       <ng-container matColumnDef="type">
         <th mat-header-cell *matHeaderCellDef>{{ 'ACTIONSTWO.EXECUTION.TABLE.TYPE' | translate }}</th>
         <td mat-cell *cnslCellDef="let row; dataSource: dataSource">
-          {{ 'ACTIONSTWO.EXECUTION.TYPES.' + row?.condition?.conditionType?.case | translate }}
+          {{ 'ACTIONSTWO.EXECUTION.TYPES.' + row.execution.condition.conditionType.case | translate }}
         </td>
       </ng-container>
 
@@ -24,16 +24,9 @@
         <th mat-header-cell *matHeaderCellDef>{{ 'ACTIONSTWO.EXECUTION.TABLE.TARGET' | translate }}</th>
         <td mat-cell *cnslCellDef="let row; dataSource: dataSource">
           <div class="target-key">
-            <cnsl-project-role-chip *ngFor="let target of filteredTargetTypes(row.targets) | async" [roleName]="target.name"
+            <cnsl-project-role-chip *ngFor="let target of row.mappedTargets; trackBy: trackTarget" [roleName]="target.name"
               >{{ target.name }}
             </cnsl-project-role-chip>
-            <cnsl-project-role-chip
-              *ngFor="let condition of filteredIncludeConditions(row.targets)"
-              [roleName]="condition | condition"
-            >
-              <mat-icon class="icon">refresh</mat-icon>
-              {{ condition | condition }}
-            </cnsl-project-role-chip>
           </div>
         </td>
       </ng-container>
@@ -43,7 +36,7 @@
           {{ 'ACTIONSTWO.EXECUTION.TABLE.CREATIONDATE' | translate }}
         </th>
         <td mat-cell *cnslCellDef="let row; dataSource: dataSource">
-          <span class="no-break">{{ row.creationDate | timestampToDate | localizedDate: 'regular' }}</span>
+          <span class="no-break">{{ row.execution.creationDate | timestampToDate | localizedDate: 'regular' }}</span>
         </td>
       </ng-container>
 
@@ -55,7 +48,7 @@
               actions
               matTooltip="{{ 'ACTIONS.REMOVE' | translate }}"
               color="warn"
-              (click)="$event.stopPropagation(); delete.emit(row)"
+              (click)="$event.stopPropagation(); delete.emit(row.execution)"
               mat-icon-button
             >
               <i class="las la-trash"></i>
@@ -69,6 +62,7 @@
         class="highlight pointer"
         mat-row
         *matRowDef="let row; columns: ['condition', 'type', 'target', 'creationDate', 'actions']"
+        (click)="selected.emit(row.execution)"
       ></tr>
     </table>
   </div>
diff --git a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.ts b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.ts
index 6c714e2908..2d9942c406 100644
--- a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.ts
@@ -1,9 +1,10 @@
-import { ChangeDetectionStrategy, Component, EventEmitter, Input, Output } from '@angular/core';
-import { Observable, ReplaySubject } from 'rxjs';
-import { filter, map } from 'rxjs/operators';
+import { ChangeDetectionStrategy, Component, computed, effect, EventEmitter, Input, Output } from '@angular/core';
+import { combineLatestWith, Observable, ReplaySubject } from 'rxjs';
+import { filter, map, startWith } from 'rxjs/operators';
 import { MatTableDataSource } from '@angular/material/table';
-import { Condition, Execution, ExecutionTargetType } from '@zitadel/proto/zitadel/action/v2beta/execution_pb';
 import { Target } from '@zitadel/proto/zitadel/action/v2beta/target_pb';
+import { toSignal } from '@angular/core/rxjs-interop';
+import { CorrectlyTypedExecution } from '../../actions-two-add-action/actions-two-add-action-dialog.component';
 
 @Component({
   selector: 'cnsl-actions-two-actions-table',
@@ -16,10 +17,13 @@ export class ActionsTwoActionsTableComponent {
   public readonly refresh = new EventEmitter<void>();
 
   @Output()
-  public readonly delete = new EventEmitter<Execution>();
+  public readonly selected = new EventEmitter<CorrectlyTypedExecution>();
+
+  @Output()
+  public readonly delete = new EventEmitter<CorrectlyTypedExecution>();
 
   @Input({ required: true })
-  public set executions(executions: Execution[] | null) {
+  public set executions(executions: CorrectlyTypedExecution[] | null) {
     this.executions$.next(executions);
   }
 
@@ -28,33 +32,76 @@ export class ActionsTwoActionsTableComponent {
     this.targets$.next(targets);
   }
 
-  @Output()
-  public readonly selected = new EventEmitter<Execution>();
+  private readonly executions$ = new ReplaySubject<CorrectlyTypedExecution[] | null>(1);
 
-  private readonly executions$ = new ReplaySubject<Execution[] | null>(1);
   private readonly targets$ = new ReplaySubject<Target[] | null>(1);
 
-  protected readonly dataSource$ = this.executions$.pipe(
-    filter(Boolean),
-    map((keys) => new MatTableDataSource(keys)),
-  );
+  protected readonly dataSource = this.getDataSource();
 
-  protected filteredTargetTypes(targets: ExecutionTargetType[]): Observable<Target[]> {
-    const targetIds = targets
-      .map((t) => t.type)
-      .filter((t): t is Extract<ExecutionTargetType['type'], { case: 'target' }> => t.case === 'target')
-      .map((t) => t.value);
+  protected readonly loading = this.getLoading();
 
-    return this.targets$.pipe(
-      filter(Boolean),
-      map((alltargets) => alltargets!.filter((target) => targetIds.includes(target.id))),
-    );
+  private getDataSource() {
+    const executions$: Observable<CorrectlyTypedExecution[]> = this.executions$.pipe(filter(Boolean), startWith([]));
+    const executionsSignal = toSignal(executions$, { requireSync: true });
+
+    const targetsMapSignal = this.getTargetsMap();
+
+    const dataSignal = computed(() => {
+      const executions = executionsSignal();
+      const targetsMap = targetsMapSignal();
+
+      if (targetsMap.size === 0) {
+        return [];
+      }
+
+      return executions.map((execution) => {
+        const mappedTargets = execution.targets.map((target) => {
+          const targetType = targetsMap.get(target.type.value);
+          if (!targetType) {
+            throw new Error(`Target with id ${target.type.value} not found`);
+          }
+          return targetType;
+        });
+        return { execution, mappedTargets };
+      });
+    });
+
+    const dataSource = new MatTableDataSource(dataSignal());
+
+    effect(() => {
+      const data = dataSignal();
+      if (dataSource.data !== data) {
+        dataSource.data = data;
+      }
+    });
+
+    return dataSource;
   }
 
-  protected filteredIncludeConditions(targets: ExecutionTargetType[]): Condition[] {
-    return targets
-      .map((t) => t.type)
-      .filter((t): t is Extract<ExecutionTargetType['type'], { case: 'include' }> => t.case === 'include')
-      .map(({ value }) => value);
+  private getTargetsMap() {
+    const targets$ = this.targets$.pipe(filter(Boolean), startWith([] as Target[]));
+    const targetsSignal = toSignal(targets$, { requireSync: true });
+
+    return computed(() => {
+      const map = new Map<string, Target>();
+      for (const target of targetsSignal()) {
+        map.set(target.id, target);
+      }
+      return map;
+    });
+  }
+
+  private getLoading() {
+    const loading$ = this.executions$.pipe(
+      combineLatestWith(this.targets$),
+      map(([executions, targets]) => executions === null || targets === null),
+      startWith(true),
+    );
+
+    return toSignal(loading$, { requireSync: true });
+  }
+
+  protected trackTarget(_: number, target: Target) {
+    return target.id;
   }
 }
diff --git a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.html b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.html
index c194466a4f..c22b03ef76 100644
--- a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.html
+++ b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.html
@@ -2,7 +2,7 @@
 <p class="cnsl-secondary-text">{{ 'ACTIONSTWO.EXECUTION.DESCRIPTION' | translate }}</p>
 
 <cnsl-actions-two-actions-table
-  (refresh)="refresh.next(true)"
+  (refresh)="refresh$.next(true)"
   (delete)="deleteExecution($event)"
   (selected)="openDialog($event)"
   [executions]="executions$ | async"
diff --git a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.ts b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.ts
index 6415498837..c709eff079 100644
--- a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.ts
@@ -1,19 +1,20 @@
-import { ChangeDetectionStrategy, Component, DestroyRef, OnInit } from '@angular/core';
+import { ChangeDetectionStrategy, Component, DestroyRef } from '@angular/core';
 import { ActionService } from 'src/app/services/action.service';
-import { NewFeatureService } from 'src/app/services/new-feature.service';
-import { defer, firstValueFrom, Observable, of, shareReplay, Subject, TimeoutError } from 'rxjs';
-import { catchError, filter, map, startWith, switchMap, tap, timeout } from 'rxjs/operators';
+import { lastValueFrom, Observable, of, Subject } from 'rxjs';
+import { catchError, map, startWith, switchMap } from 'rxjs/operators';
 import { ToastService } from 'src/app/services/toast.service';
 import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
-import { ActivatedRoute, Router } from '@angular/router';
-import { ORGANIZATIONS } from '../../settings-list/settings';
-import { ActionTwoAddActionDialogComponent } from '../actions-two-add-action/actions-two-add-action-dialog.component';
+import {
+  ActionTwoAddActionDialogComponent,
+  ActionTwoAddActionDialogData,
+  ActionTwoAddActionDialogResult,
+  CorrectlyTypedExecution,
+  correctlyTypeExecution,
+} from '../actions-two-add-action/actions-two-add-action-dialog.component';
 import { MatDialog } from '@angular/material/dialog';
 import { MessageInitShape } from '@bufbuild/protobuf';
-import { Execution, ExecutionSchema } from '@zitadel/proto/zitadel/action/v2beta/execution_pb';
 import { SetExecutionRequestSchema } from '@zitadel/proto/zitadel/action/v2beta/action_service_pb';
 import { Target } from '@zitadel/proto/zitadel/action/v2beta/target_pb';
-import { Value } from 'google-protobuf/google/protobuf/struct_pb';
 
 @Component({
   selector: 'cnsl-actions-two-actions',
@@ -21,123 +22,92 @@ import { Value } from 'google-protobuf/google/protobuf/struct_pb';
   styleUrls: ['./actions-two-actions.component.scss'],
   changeDetection: ChangeDetectionStrategy.OnPush,
 })
-export class ActionsTwoActionsComponent implements OnInit {
-  protected readonly refresh = new Subject<true>();
-  private readonly actionsEnabled$: Observable<boolean>;
-  protected readonly executions$: Observable<Execution[]>;
+export class ActionsTwoActionsComponent {
+  protected readonly refresh$ = new Subject<true>();
+  protected readonly executions$: Observable<CorrectlyTypedExecution[]>;
   protected readonly targets$: Observable<Target[]>;
 
   constructor(
     private readonly actionService: ActionService,
-    private readonly featureService: NewFeatureService,
     private readonly toast: ToastService,
     private readonly destroyRef: DestroyRef,
-    private readonly router: Router,
-    private readonly route: ActivatedRoute,
     private readonly dialog: MatDialog,
   ) {
-    this.actionsEnabled$ = this.getActionsEnabled$().pipe(shareReplay({ refCount: true, bufferSize: 1 }));
-    this.executions$ = this.getExecutions$(this.actionsEnabled$);
-    this.targets$ = this.getTargets$(this.actionsEnabled$);
+    this.executions$ = this.getExecutions$();
+    this.targets$ = this.getTargets$();
   }
 
-  ngOnInit(): void {
-    // this also preloads
-    this.actionsEnabled$.pipe(takeUntilDestroyed(this.destroyRef)).subscribe(async (enabled) => {
-      if (enabled) {
-        return;
-      }
-      await this.router.navigate([], {
-        relativeTo: this.route,
-        queryParams: {
-          id: ORGANIZATIONS.id,
-        },
-        queryParamsHandling: 'merge',
-      });
-    });
-  }
-
-  private getExecutions$(actionsEnabled$: Observable<boolean>) {
-    return this.refresh.pipe(
+  private getExecutions$() {
+    return this.refresh$.pipe(
       startWith(true),
       switchMap(() => {
         return this.actionService.listExecutions({});
       }),
-      map(({ result }) => result),
-      catchError(async (err) => {
-        const actionsEnabled = await firstValueFrom(actionsEnabled$);
-        if (actionsEnabled) {
-          this.toast.showError(err);
-        }
-        return [];
+      map(({ result }) => result.map(correctlyTypeExecution)),
+      catchError((err) => {
+        this.toast.showError(err);
+        return of([]);
       }),
     );
   }
 
-  private getTargets$(actionsEnabled$: Observable<boolean>) {
-    return this.refresh.pipe(
+  private getTargets$() {
+    return this.refresh$.pipe(
       startWith(true),
       switchMap(() => {
         return this.actionService.listTargets({});
       }),
       map(({ result }) => result),
-      catchError(async (err) => {
-        const actionsEnabled = await firstValueFrom(actionsEnabled$);
-        if (actionsEnabled) {
-          this.toast.showError(err);
-        }
-        return [];
-      }),
-    );
-  }
-
-  private getActionsEnabled$() {
-    return defer(() => this.featureService.getInstanceFeatures()).pipe(
-      map(({ actions }) => actions?.enabled ?? false),
-      timeout(1000),
       catchError((err) => {
-        if (!(err instanceof TimeoutError)) {
-          this.toast.showError(err);
-        }
-        return of(false);
+        this.toast.showError(err);
+        return of([]);
       }),
     );
   }
 
-  public openDialog(execution?: Execution): void {
-    const ref = this.dialog.open<ActionTwoAddActionDialogComponent>(ActionTwoAddActionDialogComponent, {
-      width: '400px',
-      data: execution
-        ? {
-            execution: execution,
-          }
-        : {},
-    });
+  public async openDialog(execution?: CorrectlyTypedExecution): Promise<void> {
+    const request$ = this.dialog
+      .open<ActionTwoAddActionDialogComponent, ActionTwoAddActionDialogData, ActionTwoAddActionDialogResult>(
+        ActionTwoAddActionDialogComponent,
+        {
+          width: '400px',
+          data: execution
+            ? {
+                execution,
+              }
+            : {},
+        },
+      )
+      .afterClosed()
+      .pipe(takeUntilDestroyed(this.destroyRef));
 
-    ref.afterClosed().subscribe((request?: MessageInitShape<typeof SetExecutionRequestSchema>) => {
-      if (request) {
-        this.actionService
-          .setExecution(request)
-          .then(() => {
-            setTimeout(() => {
-              this.refresh.next(true);
-            }, 1000);
-          })
-          .catch((error) => {
-            console.error(error);
-            this.toast.showError(error);
-          });
-      }
-    });
+    const request = await lastValueFrom(request$);
+    if (!request) {
+      return;
+    }
+
+    try {
+      await this.actionService.setExecution(request);
+      await new Promise((res) => setTimeout(res, 1000));
+      this.refresh$.next(true);
+    } catch (error) {
+      console.error(error);
+      this.toast.showError(error);
+    }
   }
 
-  public async deleteExecution(execution: Execution) {
+  public async deleteExecution(execution: CorrectlyTypedExecution) {
     const deleteReq: MessageInitShape<typeof SetExecutionRequestSchema> = {
       condition: execution.condition,
       targets: [],
     };
-    await this.actionService.setExecution(deleteReq);
-    await new Promise((res) => setTimeout(res, 1000));
-    this.refresh.next(true);
+    try {
+      await this.actionService.setExecution(deleteReq);
+      await new Promise((res) => setTimeout(res, 1000));
+      this.refresh$.next(true);
+    } catch (error) {
+      console.error(error);
+      this.toast.showError(error);
+    }
   }
 }
diff --git a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.html b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.html
index 9c7f78395a..cc6e989cf2 100644
--- a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.html
+++ b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.html
@@ -14,15 +14,15 @@
       *ngSwitchCase="Page.Condition"
       [conditionType]="typeSignal()"
       (back)="back()"
-      (continue)="conditionSignal.set($event); continue()"
+      (continue)="conditionSignal.set({ conditionType: { case: typeSignal(), value: $event } }); continue()"
     ></cnsl-actions-two-add-action-condition>
 
     <cnsl-actions-two-add-action-target
       *ngSwitchCase="Page.Target"
       (back)="back()"
       [hideBackButton]="!!data.execution"
-      (continue)="targetSignal.set($event); continue()"
-      [selectedCondition]="data.execution?.condition"
+      (continue)="targetsSignal.set($event); continue()"
+      [preselectedTargetIds]="preselectedTargetIds"
     ></cnsl-actions-two-add-action-target>
   </div>
 </mat-dialog-content>
diff --git a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.scss b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.scss
index dd597c29aa..8223e63565 100644
--- a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.scss
+++ b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.scss
@@ -7,6 +7,7 @@
 .actions {
   display: flex;
   justify-content: space-between;
+  margin-top: 1rem;
 }
 
 .hide {
diff --git a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.ts b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.ts
index 00281cabd7..12ae6598cc 100644
--- a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.ts
@@ -7,11 +7,15 @@ import { MessageInitShape } from '@bufbuild/protobuf';
 import {
   ActionsTwoAddActionConditionComponent,
   ConditionType,
-  ConditionTypeValue,
 } from './actions-two-add-action-condition/actions-two-add-action-condition.component';
 import { ActionsTwoAddActionTargetComponent } from './actions-two-add-action-target/actions-two-add-action-target.component';
 import { CommonModule } from '@angular/common';
-import { Execution, ExecutionTargetTypeSchema } from '@zitadel/proto/zitadel/action/v2beta/execution_pb';
+import {
+  Condition,
+  Execution,
+  ExecutionTargetType,
+  ExecutionTargetTypeSchema,
+} from '@zitadel/proto/zitadel/action/v2beta/execution_pb';
 import { Subject } from 'rxjs';
 import { SetExecutionRequestSchema } from '@zitadel/proto/zitadel/action/v2beta/action_service_pb';
 
@@ -21,6 +25,41 @@ enum Page {
   Target,
 }
 
+export type CorrectlyTypedCondition = Condition & { conditionType: Extract<Condition['conditionType'], { case: string }> };
+
+type CorrectlyTypedTargets = { type: Extract<ExecutionTargetType['type'], { case: 'target' }> };
+
+export type CorrectlyTypedExecution = Omit<Execution, 'targets' | 'condition'> & {
+  condition: CorrectlyTypedCondition;
+  targets: CorrectlyTypedTargets[];
+};
+
+export const correctlyTypeExecution = (execution: Execution): CorrectlyTypedExecution => {
+  if (!execution.condition?.conditionType?.case) {
+    throw new Error('Condition is required');
+  }
+  const conditionType = execution.condition.conditionType;
+
+  const condition = {
+    ...execution.condition,
+    conditionType,
+  };
+
+  return {
+    ...execution,
+    condition,
+    targets: execution.targets
+      .map(({ type }) => ({ type }))
+      .filter((target): target is CorrectlyTypedTargets => target.type.case === 'target'),
+  };
+};
+
+export type ActionTwoAddActionDialogData = {
+  execution?: CorrectlyTypedExecution;
+};
+
+export type ActionTwoAddActionDialogResult = MessageInitShape<typeof SetExecutionRequestSchema>;
+
 @Component({
   selector: 'cnsl-actions-two-add-action-dialog',
   templateUrl: './actions-two-add-action-dialog.component.html',
@@ -37,45 +76,45 @@ enum Page {
   ],
 })
 export class ActionTwoAddActionDialogComponent {
-  public Page = Page;
-  public page = signal<Page | undefined>(Page.Type);
+  protected readonly Page = Page;
+  protected readonly page = signal<Page>(Page.Type);
 
-  public typeSignal = signal<ConditionType>('request');
-  public conditionSignal = signal<ConditionTypeValue<ConditionType> | undefined>(undefined); // TODO: fix this type
-  public targetSignal = signal<Array<MessageInitShape<typeof ExecutionTargetTypeSchema>> | undefined>(undefined);
+  protected readonly typeSignal = signal<ConditionType>('request');
+  protected readonly conditionSignal = signal<MessageInitShape<typeof SetExecutionRequestSchema>['condition']>(undefined);
+  protected readonly targetsSignal = signal<MessageInitShape<typeof ExecutionTargetTypeSchema>[]>([]);
 
-  public continueSubject = new Subject<void>();
+  protected readonly continueSubject = new Subject<void>();
 
-  public request = computed<MessageInitShape<typeof SetExecutionRequestSchema>>(() => {
+  protected readonly request = computed<MessageInitShape<typeof SetExecutionRequestSchema>>(() => {
     return {
-      condition: {
-        conditionType: {
-          case: this.typeSignal(),
-          value: this.conditionSignal() as any, // TODO: fix this type
-        },
-      },
-      targets: this.targetSignal(),
+      condition: this.conditionSignal(),
+      targets: this.targetsSignal(),
     };
   });
 
+  protected readonly preselectedTargetIds: string[] = [];
+
   constructor(
-    public dialogRef: MatDialogRef<ActionTwoAddActionDialogComponent, MessageInitShape<typeof SetExecutionRequestSchema>>,
-    @Inject(MAT_DIALOG_DATA) protected readonly data: { execution?: Execution },
+    protected readonly dialogRef: MatDialogRef<ActionTwoAddActionDialogComponent, ActionTwoAddActionDialogResult>,
+    @Inject(MAT_DIALOG_DATA) protected readonly data: ActionTwoAddActionDialogData,
   ) {
-    if (data?.execution) {
-      this.typeSignal.set(data.execution.condition?.conditionType.case ?? 'request');
-      this.conditionSignal.set((data.execution.condition?.conditionType as any)?.value ?? undefined);
-      this.targetSignal.set(data.execution.targets ?? []);
-
-      this.page.set(Page.Target); // Set the initial page based on the provided execution data
-    }
-
     effect(() => {
       const currentPage = this.page();
       if (currentPage === Page.Target) {
         this.continueSubject.next(); // Trigger the Subject to request condition form when the page changes to "Target"
       }
     });
+
+    if (!data?.execution) {
+      return;
+    }
+
+    this.targetsSignal.set(data.execution.targets);
+    this.typeSignal.set(data.execution.condition.conditionType.case);
+    this.conditionSignal.set(data.execution.condition);
+    this.preselectedTargetIds = data.execution.targets.map((target) => target.type.value);
+
+    this.page.set(Page.Target); // Set the initial page based on the provided execution data
   }
 
   public continue() {
diff --git a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.html b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.html
index a8503c71be..422ed7991e 100644
--- a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.html
+++ b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.html
@@ -1,37 +1,71 @@
-<form *ngIf="targetForm" class="form-grid" [formGroup]="targetForm" (ngSubmit)="submit()">
+<form class="form-grid" [formGroup]="form()" (ngSubmit)="submit()">
   <p class="target-description">{{ 'ACTIONSTWO.EXECUTION.DIALOG.TARGET.DESCRIPTION' | translate }}</p>
 
   <cnsl-form-field class="full-width">
     <cnsl-label>{{ 'ACTIONSTWO.EXECUTION.DIALOG.TARGET.TARGET.DESCRIPTION' | translate }}</cnsl-label>
-    <mat-select formControlName="target">
-      <mat-option *ngIf="(executionTargets$ | async) === null" class="is-loading">
+    <input
+      cnslInput
+      #trigger="matAutocompleteTrigger"
+      #input
+      type="text"
+      [formControl]="form().controls.autocomplete"
+      [matAutocomplete]="autoservice"
+      (keydown.enter)="handleEnter($event); input.blur(); trigger.closePanel()"
+    />
+    <mat-autocomplete #autoservice="matAutocomplete">
+      <mat-option *ngIf="targets().state === 'loading'" class="is-loading">
         <mat-spinner diameter="30"></mat-spinner>
       </mat-option>
-      <mat-option *ngFor="let target of executionTargets$ | async" [value]="target">
+      <mat-option
+        *ngFor="let target of selectableTargets(); trackBy: trackTarget"
+        #option
+        (click)="addTarget(target); option.deselect()"
+        [value]="target.name"
+      >
         {{ target.name }}
       </mat-option>
-    </mat-select>
+    </mat-autocomplete>
   </cnsl-form-field>
 
-  <!--  <cnsl-form-field class="full-width">-->
-  <!--    <cnsl-label>{{ 'ACTIONSTWO.EXECUTION.DIALOG.TARGET.CONDITIONS.DESCRIPTION' | translate }}</cnsl-label>-->
-
-  <!--    <mat-select [multiple]="true" formControlName="executionConditions">-->
-  <!--      <mat-option *ngIf="(executionConditions$ | async) === null" class="is-loading">-->
-  <!--        <mat-spinner diameter="30"></mat-spinner>-->
-  <!--      </mat-option>-->
-  <!--      <mat-option *ngFor="let condition of executionConditions$ | async" [value]="condition">-->
-  <!--        <span>{{ condition | condition }}</span>-->
-  <!--      </mat-option>-->
-  <!--    </mat-select>-->
-  <!--  </cnsl-form-field>-->
+  <table mat-table cdkDropList (cdkDropListDropped)="drop($event)" [dataSource]="dataSource" [trackBy]="trackTarget">
+    <ng-container matColumnDef="order">
+      <th mat-header-cell *matHeaderCellDef>Reorder</th>
+      <td mat-cell *cnslCellDef="let row; let i = index; dataSource: dataSource">
+        <i class="las la-bars"></i>
+      </td>
+    </ng-container>
+    <ng-container matColumnDef="name">
+      <th mat-header-cell *matHeaderCellDef>Name</th>
+      <td mat-cell *cnslCellDef="let row; dataSource: dataSource">
+        <cnsl-project-role-chip [roleName]="row.name">{{ row.name }}</cnsl-project-role-chip>
+      </td>
+    </ng-container>
+    <ng-container matColumnDef="deleteAction" stickyEnd>
+      <th mat-header-cell *matHeaderCellDef></th>
+      <td mat-cell *cnslCellDef="let i = index; dataSource: dataSource">
+        <cnsl-table-actions>
+          <button
+            actions
+            matTooltip="{{ 'ACTIONS.REMOVE' | translate }}"
+            color="warn"
+            (click)="removeTarget(i)"
+            mat-icon-button
+          >
+            <i class="las la-trash"></i>
+          </button>
+        </cnsl-table-actions>
+      </td>
+    </ng-container>
+    <tr mat-header-row *matHeaderRowDef="['order', 'name', 'deleteAction']"></tr>
+    <tr class="drag-row" cdkDrag mat-row *matRowDef="let row; columns: ['order', 'name', 'deleteAction']"></tr>
+  </table>
 
   <div class="actions">
     <button *ngIf="!hideBackButton" mat-stroked-button (click)="back.emit()">
       {{ 'ACTIONS.BACK' | translate }}
     </button>
     <span class="fill-space"></span>
-    <button color="primary" [disabled]="targetForm.invalid" mat-raised-button type="submit">
+    <button color="primary" [disabled]="form().invalid" mat-raised-button type="submit">
       {{ 'ACTIONS.CONTINUE' | translate }}
     </button>
   </div>
diff --git a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.scss b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.scss
index 776c535f1a..deff15c680 100644
--- a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.scss
+++ b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.scss
@@ -10,3 +10,27 @@
     font: 1;
   }
 }
+
+.cdk-drag-preview {
+  box-sizing: border-box;
+  border-radius: 4px;
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+}
+
+.cdk-drag-placeholder {
+  opacity: 0;
+}
+
+.cdk-drag-animating {
+  transition: transform 250ms cubic-bezier(0, 0, 0.2, 1);
+}
+
+.cdk-drop-list-dragging .mat-row:not(.cdk-drag-placeholder) {
+  transition: transform 250ms cubic-bezier(0, 0, 0.2, 1);
+}
+
+.drag-row {
+  backdrop-filter: blur(10px);
+}
diff --git a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.ts b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.ts
index bdcfc54a3d..e04368f8f4 100644
--- a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.ts
@@ -1,10 +1,20 @@
 import { CommonModule } from '@angular/common';
-import { ChangeDetectionStrategy, Component, EventEmitter, Input, Output } from '@angular/core';
+import {
+  ChangeDetectionStrategy,
+  Component,
+  computed,
+  effect,
+  EventEmitter,
+  Input,
+  Output,
+  signal,
+  Signal,
+} from '@angular/core';
 import { RouterModule } from '@angular/router';
 import { TranslateModule } from '@ngx-translate/core';
 import { MatButtonModule } from '@angular/material/button';
 import { FormBuilder, FormControl, FormsModule, ReactiveFormsModule } from '@angular/forms';
-import { Observable, catchError, defer, map, of, shareReplay, ReplaySubject, combineLatestWith } from 'rxjs';
+import { ReplaySubject, switchMap } from 'rxjs';
 import { MatRadioModule } from '@angular/material/radio';
 import { ActionService } from 'src/app/services/action.service';
 import { ToastService } from 'src/app/services/toast.service';
@@ -13,15 +23,18 @@ import { InputModule } from 'src/app/modules/input/input.module';
 import { MatProgressSpinnerModule } from '@angular/material/progress-spinner';
 import { MessageInitShape } from '@bufbuild/protobuf';
 import { Target } from '@zitadel/proto/zitadel/action/v2beta/target_pb';
-import { SetExecutionRequestSchema } from '@zitadel/proto/zitadel/action/v2beta/action_service_pb';
-import { Condition, ExecutionTargetTypeSchema } from '@zitadel/proto/zitadel/action/v2beta/execution_pb';
+import { ExecutionTargetTypeSchema } from '@zitadel/proto/zitadel/action/v2beta/execution_pb';
 import { MatSelectModule } from '@angular/material/select';
-import { atLeastOneFieldValidator } from 'src/app/modules/form-field/validators/validators';
 import { ActionConditionPipeModule } from 'src/app/pipes/action-condition-pipe/action-condition-pipe.module';
-
-export type TargetInit = NonNullable<
-  NonNullable<MessageInitShape<typeof SetExecutionRequestSchema>['targets']>
->[number]['type'];
+import { MatTableDataSource, MatTableModule } from '@angular/material/table';
+import { startWith } from 'rxjs/operators';
+import { TypeSafeCellDefModule } from 'src/app/directives/type-safe-cell-def/type-safe-cell-def.module';
+import { CdkDrag, CdkDragDrop, CdkDropList, moveItemInArray } from '@angular/cdk/drag-drop';
+import { toObservable, toSignal } from '@angular/core/rxjs-interop';
+import { minArrayLengthValidator } from '../../../form-field/validators/validators';
+import { ProjectRoleChipModule } from '../../../project-role-chip/project-role-chip.module';
+import { MatTooltipModule } from '@angular/material/tooltip';
+import { TableActionsModule } from '../../../table-actions/table-actions.module';
 
 @Component({
   standalone: true,
@@ -42,114 +55,172 @@ export type TargetInit = NonNullable<
     MatButtonModule,
     MatProgressSpinnerModule,
     MatSelectModule,
+    MatTableModule,
+    TypeSafeCellDefModule,
+    CdkDrag,
+    CdkDropList,
+    ProjectRoleChipModule,
+    MatTooltipModule,
+    TableActionsModule,
   ],
 })
 export class ActionsTwoAddActionTargetComponent {
-  protected readonly targetForm = this.buildActionTargetForm();
+  @Input() public hideBackButton = false;
+  @Input()
+  public set preselectedTargetIds(preselectedTargetIds: string[]) {
+    this.preselectedTargetIds$.next(preselectedTargetIds);
+  }
 
   @Output() public readonly back = new EventEmitter<void>();
   @Output() public readonly continue = new EventEmitter<MessageInitShape<typeof ExecutionTargetTypeSchema>[]>();
-  @Input() public hideBackButton = false;
-  @Input() set selectedCondition(selectedCondition: Condition | undefined) {
-    this.selectedCondition$.next(selectedCondition);
-  }
 
-  private readonly selectedCondition$ = new ReplaySubject<Condition | undefined>(1);
+  private readonly preselectedTargetIds$ = new ReplaySubject<string[]>(1);
 
-  protected readonly executionTargets$: Observable<Target[]>;
-  protected readonly executionConditions$: Observable<Condition[]>;
+  protected readonly form: ReturnType<typeof this.buildForm>;
+  protected readonly targets: ReturnType<typeof this.listTargets>;
+  private readonly selectedTargetIds: Signal<string[]>;
+  protected readonly selectableTargets: Signal<Target[]>;
+  protected readonly dataSource: MatTableDataSource<Target>;
 
   constructor(
     private readonly fb: FormBuilder,
     private readonly actionService: ActionService,
     private readonly toast: ToastService,
   ) {
-    this.executionTargets$ = this.listExecutionTargets().pipe(shareReplay({ refCount: true, bufferSize: 1 }));
-    this.executionConditions$ = this.listExecutionConditions().pipe(shareReplay({ refCount: true, bufferSize: 1 }));
+    this.form = this.buildForm();
+    this.targets = this.listTargets();
+
+    this.selectedTargetIds = this.getSelectedTargetIds(this.form);
+    this.selectableTargets = this.getSelectableTargets(this.targets, this.selectedTargetIds);
+    this.dataSource = this.getDataSource(this.targets, this.selectedTargetIds);
   }
 
-  private buildActionTargetForm() {
-    return this.fb.group(
-      {
-        target: new FormControl<Target | null>(null, { validators: [] }),
-        executionConditions: new FormControl<Condition[]>([], { validators: [] }),
-      },
-      {
-        validators: atLeastOneFieldValidator(['target', 'executionConditions']),
-      },
-    );
+  private buildForm() {
+    const preselectedTargetIds = toSignal(this.preselectedTargetIds$, { initialValue: [] as string[] });
+
+    return computed(() => {
+      return this.fb.group({
+        autocomplete: new FormControl('', { nonNullable: true }),
+        selectedTargetIds: new FormControl(preselectedTargetIds(), {
+          nonNullable: true,
+          validators: [minArrayLengthValidator(1)],
+        }),
+      });
+    });
   }
 
-  private listExecutionTargets() {
-    return defer(() => this.actionService.listTargets({})).pipe(
-      map(({ result }) => result.filter(this.targetHasDetailsAndConfig)),
-      catchError((error) => {
+  private listTargets() {
+    const targetsSignal = signal({ state: 'loading' as 'loading' | 'loaded', targets: new Map<string, Target>() });
+
+    this.actionService
+      .listTargets({})
+      .then(({ result }) => {
+        const targets = result.reduce((acc, target) => {
+          acc.set(target.id, target);
+          return acc;
+        }, new Map<string, Target>());
+
+        targetsSignal.set({ state: 'loaded', targets });
+      })
+      .catch((error) => {
         this.toast.showError(error);
-        return of([]);
+      });
+
+    return computed(targetsSignal);
+  }
+
+  private getSelectedTargetIds(form: typeof this.form) {
+    const selectedTargetIds$ = toObservable(form).pipe(
+      startWith(form()),
+      switchMap((form) => {
+        const { selectedTargetIds } = form.controls;
+        return selectedTargetIds.valueChanges.pipe(startWith(selectedTargetIds.value));
       }),
     );
+    return toSignal(selectedTargetIds$, { requireSync: true });
   }
 
-  private listExecutionConditions(): Observable<Condition[]> {
-    const selectedConditionJson$ = this.selectedCondition$.pipe(map((c) => JSON.stringify(c)));
-
-    return defer(() => this.actionService.listExecutions({})).pipe(
-      combineLatestWith(selectedConditionJson$),
-      map(([executions, selectedConditionJson]) =>
-        executions.result.map((e) => e?.condition).filter(this.conditionIsDefinedAndNotCurrentOne(selectedConditionJson)),
-      ),
-
-      catchError((error) => {
-        this.toast.showError(error);
-        return of([]);
-      }),
-    );
-  }
-
-  private conditionIsDefinedAndNotCurrentOne(selectedConditionJson?: string) {
-    return (condition?: Condition): condition is Condition => {
-      if (!condition) {
-        // condition is undefined so it is not of type Condition
-        return false;
+  private getSelectableTargets(targets: typeof this.targets, selectedTargetIds: Signal<string[]>) {
+    return computed(() => {
+      const targetsCopy = new Map(targets().targets);
+      for (const selectedTargetId of selectedTargetIds()) {
+        targetsCopy.delete(selectedTargetId);
       }
-      if (!selectedConditionJson) {
-        // condition is defined, and we don't have a selectedCondition so we can return all conditions
-        return true;
-      }
-      // we only return conditions that are not the same as the selectedCondition
-      return JSON.stringify(condition) !== selectedConditionJson;
-    };
+      return Array.from(targetsCopy.values());
+    });
   }
 
-  private targetHasDetailsAndConfig(target: Target): target is Target {
-    return !!target.id && !!target.id;
+  private getDataSource(targetsSignal: typeof this.targets, selectedTargetIdsSignal: Signal<string[]>) {
+    const selectedTargets = computed(() => {
+      // get this out of the loop so angular can track this dependency
+      // even if targets is empty
+      const { targets, state } = targetsSignal();
+      const selectedTargetIds = selectedTargetIdsSignal();
+
+      if (state === 'loading') {
+        return [];
+      }
+
+      return selectedTargetIds.map((id) => {
+        const target = targets.get(id);
+        if (!target) {
+          throw new Error(`Target with id ${id} not found`);
+        }
+        return target;
+      });
+    });
+
+    const dataSource = new MatTableDataSource<Target>(selectedTargets());
+    effect(() => {
+      dataSource.data = selectedTargets();
+    });
+
+    return dataSource;
+  }
+
+  protected addTarget(target: Target) {
+    const { selectedTargetIds } = this.form().controls;
+    selectedTargetIds.setValue([target.id, ...selectedTargetIds.value]);
+    this.form().controls.autocomplete.setValue('');
+  }
+
+  protected removeTarget(index: number) {
+    const { selectedTargetIds } = this.form().controls;
+    const data = [...selectedTargetIds.value];
+    data.splice(index, 1);
+    selectedTargetIds.setValue(data);
+  }
+
+  protected drop(event: CdkDragDrop<undefined>) {
+    const { selectedTargetIds } = this.form().controls;
+
+    const data = [...selectedTargetIds.value];
+    moveItemInArray(data, event.previousIndex, event.currentIndex);
+    selectedTargetIds.setValue(data);
+  }
+
+  protected handleEnter(event: Event) {
+    const selectableTargets = this.selectableTargets();
+    if (selectableTargets.length !== 1) {
+      return;
+    }
+
+    event.preventDefault();
+    this.addTarget(selectableTargets[0]);
   }
 
   protected submit() {
-    const { target, executionConditions } = this.targetForm.getRawValue();
+    const selectedTargets = this.selectedTargetIds().map((value) => ({
+      type: {
+        case: 'target' as const,
+        value,
+      },
+    }));
 
-    let valueToEmit: MessageInitShape<typeof ExecutionTargetTypeSchema>[] = target
-      ? [
-          {
-            type: {
-              case: 'target',
-              value: target.id,
-            },
-          },
-        ]
-      : [];
+    this.continue.emit(selectedTargets);
+  }
 
-    const includeConditions: MessageInitShape<typeof ExecutionTargetTypeSchema>[] = executionConditions
-      ? executionConditions.map((condition) => ({
-          type: {
-            case: 'include',
-            value: condition,
-          },
-        }))
-      : [];
-
-    valueToEmit = [...valueToEmit, ...includeConditions];
-
-    this.continue.emit(valueToEmit);
+  protected trackTarget(_: number, target: Target) {
+    return target.id;
   }
 }
diff --git a/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.html b/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.html
index 496be167df..37d4f89dd0 100644
--- a/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.html
+++ b/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.html
@@ -59,7 +59,7 @@
       {{ 'ACTIONS.CANCEL' | translate }}
     </button>
     <button color="primary" [disabled]="targetForm.invalid" mat-raised-button (click)="closeWithResult()" cdkFocusInitial>
-      {{ 'ACTIONS.CREATE' | translate }}
+      {{ (data.target ? 'ACTIONS.CHANGE' : 'ACTIONS.CREATE') | translate }}
     </button>
   </mat-dialog-actions>
 </div>
diff --git a/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.ts b/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.ts
index b9c9c64853..7d3ad0e86c 100644
--- a/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.ts
@@ -44,7 +44,7 @@ export class ActionTwoAddTargetDialogComponent {
       ActionTwoAddTargetDialogComponent,
       MessageInitShape<typeof CreateTargetRequestSchema | typeof UpdateTargetRequestSchema>
     >,
-    @Inject(MAT_DIALOG_DATA) private readonly data: { target?: Target },
+    @Inject(MAT_DIALOG_DATA) public readonly data: { target?: Target },
   ) {
     this.targetForm = this.buildTargetForm();
 
diff --git a/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets-table/actions-two-targets-table.component.html b/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets-table/actions-two-targets-table.component.html
index 17a73304b0..1cac09f1e4 100644
--- a/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets-table/actions-two-targets-table.component.html
+++ b/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets-table/actions-two-targets-table.component.html
@@ -1,9 +1,9 @@
-<cnsl-refresh-table (refreshed)="refresh.emit()" [loading]="(dataSource$ | async) === null">
+<cnsl-refresh-table (refreshed)="refresh.emit()" [loading]="(targets$ | async) === null">
   <div actions>
     <ng-content></ng-content>
   </div>
   <div class="table-wrapper">
-    <table *ngIf="dataSource$ | async as dataSource" mat-table class="table" aria-label="Elements" [dataSource]="dataSource">
+    <table mat-table class="table" aria-label="Elements" [dataSource]="dataSource">
       <!-- <ng-container matColumnDef="state">
         <th mat-header-cell *matHeaderCellDef>{{ 'APP.PAGES.STATE' | translate }}</th>
         <td mat-cell *cnslCellDef="let row; let i = index; dataSource: dataSource">
diff --git a/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets-table/actions-two-targets-table.component.ts b/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets-table/actions-two-targets-table.component.ts
index 28d15b2a68..2b2e4db579 100644
--- a/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets-table/actions-two-targets-table.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets-table/actions-two-targets-table.component.ts
@@ -1,8 +1,9 @@
-import { ChangeDetectionStrategy, Component, EventEmitter, Input, Output } from '@angular/core';
+import { ChangeDetectionStrategy, Component, effect, EventEmitter, Input, Output } from '@angular/core';
 import { ReplaySubject } from 'rxjs';
-import { filter, map } from 'rxjs/operators';
+import { filter, startWith } from 'rxjs/operators';
 import { MatTableDataSource } from '@angular/material/table';
 import { Target } from '@zitadel/proto/zitadel/action/v2beta/target_pb';
+import { toSignal } from '@angular/core/rxjs-interop';
 
 @Component({
   selector: 'cnsl-actions-two-targets-table',
@@ -14,6 +15,9 @@ export class ActionsTwoTargetsTableComponent {
   @Output()
   public readonly refresh = new EventEmitter<void>();
 
+  @Output()
+  public readonly selected = new EventEmitter<Target>();
+
   @Output()
   public readonly delete = new EventEmitter<Target>();
 
@@ -22,12 +26,24 @@ export class ActionsTwoTargetsTableComponent {
     this.targets$.next(targets);
   }
 
-  @Output()
-  public readonly selected = new EventEmitter<Target>();
+  protected readonly targets$ = new ReplaySubject<Target[] | null>(1);
+  protected readonly dataSource: MatTableDataSource<Target>;
 
-  private readonly targets$ = new ReplaySubject<Target[] | null>(1);
-  protected readonly dataSource$ = this.targets$.pipe(
-    filter(Boolean),
-    map((keys) => new MatTableDataSource(keys)),
-  );
+  constructor() {
+    this.dataSource = this.getDataSource();
+  }
+
+  private getDataSource() {
+    const targets$ = this.targets$.pipe(filter(Boolean), startWith<Target[]>([]));
+    const targetsSignal = toSignal(targets$, { requireSync: true });
+
+    const dataSource = new MatTableDataSource(targetsSignal());
+    effect(() => {
+      const targets = targetsSignal();
+      if (dataSource.data !== targets) {
+        dataSource.data = targets;
+      }
+    });
+    return dataSource;
+  }
 }
diff --git a/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets.component.ts b/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets.component.ts
index 4fbea94cce..45bee14605 100644
--- a/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets.component.ts
@@ -1,12 +1,9 @@
-import { ChangeDetectionStrategy, Component, DestroyRef, OnInit } from '@angular/core';
-import { defer, firstValueFrom, Observable, of, ReplaySubject, shareReplay, Subject, TimeoutError } from 'rxjs';
+import { ChangeDetectionStrategy, Component, DestroyRef } from '@angular/core';
+import { lastValueFrom, Observable, of, ReplaySubject } from 'rxjs';
 import { ActionService } from 'src/app/services/action.service';
-import { NewFeatureService } from 'src/app/services/new-feature.service';
 import { ToastService } from 'src/app/services/toast.service';
-import { ActivatedRoute, Router } from '@angular/router';
 import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
-import { ORGANIZATIONS } from '../../settings-list/settings';
-import { catchError, filter, map, startWith, switchMap, timeout } from 'rxjs/operators';
+import { catchError, map, startWith, switchMap } from 'rxjs/operators';
 import { MatDialog } from '@angular/material/dialog';
 import { ActionTwoAddTargetDialogComponent } from '../actions-two-add-target/actions-two-add-target-dialog.component';
 import { MessageInitShape } from '@bufbuild/protobuf';
@@ -22,66 +19,29 @@ import {
   styleUrls: ['./actions-two-targets.component.scss'],
   changeDetection: ChangeDetectionStrategy.OnPush,
 })
-export class ActionsTwoTargetsComponent implements OnInit {
-  private readonly actionsEnabled$: Observable<boolean>;
+export class ActionsTwoTargetsComponent {
   protected readonly targets$: Observable<Target[]>;
   protected readonly refresh$ = new ReplaySubject<true>(1);
 
   constructor(
     private readonly actionService: ActionService,
-    private readonly featureService: NewFeatureService,
     private readonly toast: ToastService,
     private readonly destroyRef: DestroyRef,
-    private readonly router: Router,
-    private readonly route: ActivatedRoute,
     private readonly dialog: MatDialog,
   ) {
-    this.actionsEnabled$ = this.getActionsEnabled$().pipe(shareReplay({ refCount: true, bufferSize: 1 }));
-    this.targets$ = this.getTargets$(this.actionsEnabled$);
+    this.targets$ = this.getTargets$();
   }
 
-  ngOnInit(): void {
-    // this also preloads
-    this.actionsEnabled$.pipe(takeUntilDestroyed(this.destroyRef)).subscribe(async (enabled) => {
-      if (enabled) {
-        return;
-      }
-      await this.router.navigate([], {
-        relativeTo: this.route,
-        queryParams: {
-          id: ORGANIZATIONS.id,
-        },
-        queryParamsHandling: 'merge',
-      });
-    });
-  }
-
-  private getTargets$(actionsEnabled$: Observable<boolean>) {
+  private getTargets$() {
     return this.refresh$.pipe(
       startWith(true),
       switchMap(() => {
         return this.actionService.listTargets({});
       }),
       map(({ result }) => result),
-      catchError(async (err) => {
-        const actionsEnabled = await firstValueFrom(actionsEnabled$);
-        if (actionsEnabled) {
-          this.toast.showError(err);
-        }
-        return [];
-      }),
-    );
-  }
-
-  private getActionsEnabled$() {
-    return defer(() => this.featureService.getInstanceFeatures()).pipe(
-      map(({ actions }) => actions?.enabled ?? false),
-      timeout(1000),
       catchError((err) => {
-        if (!(err instanceof TimeoutError)) {
-          this.toast.showError(err);
-        }
-        return of(false);
+        this.toast.showError(err);
+        return of([]);
       }),
     );
   }
@@ -92,30 +52,38 @@ export class ActionsTwoTargetsComponent implements OnInit {
     this.refresh$.next(true);
   }
 
-  public openDialog(target?: Target): void {
-    const ref = this.dialog.open<
-      ActionTwoAddTargetDialogComponent,
-      { target?: Target },
-      MessageInitShape<typeof UpdateTargetRequestSchema | typeof CreateTargetRequestSchema>
-    >(ActionTwoAddTargetDialogComponent, {
-      width: '550px',
-      data: {
-        target: target,
-      },
-    });
-
-    ref
+  public async openDialog(target?: Target) {
+    const request$ = this.dialog
+      .open<
+        ActionTwoAddTargetDialogComponent,
+        { target?: Target },
+        MessageInitShape<typeof UpdateTargetRequestSchema | typeof CreateTargetRequestSchema>
+      >(ActionTwoAddTargetDialogComponent, {
+        width: '550px',
+        data: {
+          target: target,
+        },
+      })
       .afterClosed()
-      .pipe(filter(Boolean), takeUntilDestroyed(this.destroyRef))
-      .subscribe(async (dialogResponse) => {
-        if ('id' in dialogResponse) {
-          await this.actionService.updateTarget(dialogResponse);
-        } else {
-          await this.actionService.createTarget(dialogResponse);
-        }
+      .pipe(takeUntilDestroyed(this.destroyRef));
 
-        await new Promise((res) => setTimeout(res, 1000));
-        this.refresh$.next(true);
-      });
+    const request = await lastValueFrom(request$);
+    if (!request) {
+      return;
+    }
+
+    try {
+      if ('id' in request) {
+        await this.actionService.updateTarget(request);
+      } else {
+        await this.actionService.createTarget(request);
+      }
+
+      await new Promise((res) => setTimeout(res, 1000));
+      this.refresh$.next(true);
+    } catch (error) {
+      console.error(error);
+      this.toast.showError(error);
+    }
   }
 }
diff --git a/console/src/app/modules/policies/oidc-webkeys/oidc-webkeys-inactive-table/oidc-webkeys-inactive-table.component.ts b/console/src/app/modules/policies/oidc-webkeys/oidc-webkeys-inactive-table/oidc-webkeys-inactive-table.component.ts
index d82c3e3152..b2236ae673 100644
--- a/console/src/app/modules/policies/oidc-webkeys/oidc-webkeys-inactive-table/oidc-webkeys-inactive-table.component.ts
+++ b/console/src/app/modules/policies/oidc-webkeys/oidc-webkeys-inactive-table/oidc-webkeys-inactive-table.component.ts
@@ -11,7 +11,7 @@ import { WebKey } from '@zitadel/proto/zitadel/webkey/v2beta/key_pb';
 })
 export class OidcWebKeysInactiveTableComponent {
   @Input({ required: true })
-  public set InactiveWebKeys(webKeys: WebKey[] | null) {
+  public set inactiveWebKeys(webKeys: WebKey[] | null) {
     this.inactiveWebKeys$.next(webKeys);
   }
 
diff --git a/console/src/app/modules/policies/oidc-webkeys/oidc-webkeys.component.html b/console/src/app/modules/policies/oidc-webkeys/oidc-webkeys.component.html
index 38922cd1c7..b34ee9d30b 100644
--- a/console/src/app/modules/policies/oidc-webkeys/oidc-webkeys.component.html
+++ b/console/src/app/modules/policies/oidc-webkeys/oidc-webkeys.component.html
@@ -16,4 +16,4 @@
   </button>
 </cnsl-oidc-webkeys-table>
 <cnsl-oidc-webkeys-create [loading]="createLoading()" (ngSubmit)="createWebKey($event)" />
-<cnsl-oidc-webkeys-inactive-table [InactiveWebKeys]="inactiveWebKeys$ | async" />
+<cnsl-oidc-webkeys-inactive-table [inactiveWebKeys]="inactiveWebKeys$ | async" />
diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json
index 48e7e687f6..4bd94d5ce6 100644
--- a/console/src/assets/i18n/bg.json
+++ b/console/src/assets/i18n/bg.json
@@ -631,7 +631,8 @@
       "TABLE": {
         "NAME": "Име",
         "ENDPOINT": "Крайна точка",
-        "CREATIONDATE": "Дата на създаване"
+        "CREATIONDATE": "Дата на създаване",
+        "REORDER": "Преоразмеряване"
       }
     }
   },
diff --git a/console/src/assets/i18n/cs.json b/console/src/assets/i18n/cs.json
index c4dc6aa1cc..6dd066789e 100644
--- a/console/src/assets/i18n/cs.json
+++ b/console/src/assets/i18n/cs.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "Název",
         "ENDPOINT": "Koncový bod",
-        "CREATIONDATE": "Datum vytvoření"
+        "CREATIONDATE": "Datum vytvoření",
+        "REORDER": "Změnit pořadí"
       }
     }
   },
diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json
index a5c861e891..cb973006e4 100644
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "Name",
         "ENDPOINT": "Endpunkt",
-        "CREATIONDATE": "Erstellungsdatum"
+        "CREATIONDATE": "Erstellungsdatum",
+        "REORDER": "Verschieben"
       }
     }
   },
diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json
index 6e682f05c0..be0a3d3f17 100644
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "Name",
         "ENDPOINT": "Endpoint",
-        "CREATIONDATE": "Creation Date"
+        "CREATIONDATE": "Creation Date",
+        "REORDER": "Reorder"
       }
     }
   },
diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json
index 1f90490561..0fc95241af 100644
--- a/console/src/assets/i18n/es.json
+++ b/console/src/assets/i18n/es.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "Nombre",
         "ENDPOINT": "Punto de conexión",
-        "CREATIONDATE": "Fecha de creación"
+        "CREATIONDATE": "Fecha de creación",
+        "REORDER": "Reordenar"
       }
     }
   },
diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json
index a23f87ac79..60a0a3e482 100644
--- a/console/src/assets/i18n/fr.json
+++ b/console/src/assets/i18n/fr.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "Nom",
         "ENDPOINT": "Point de terminaison",
-        "CREATIONDATE": "Date de création"
+        "CREATIONDATE": "Date de création",
+        "REORDER": "Réorganiser"
       }
     }
   },
diff --git a/console/src/assets/i18n/hu.json b/console/src/assets/i18n/hu.json
index 313257e23d..5724c45a51 100644
--- a/console/src/assets/i18n/hu.json
+++ b/console/src/assets/i18n/hu.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "Név",
         "ENDPOINT": "Végpont",
-        "CREATIONDATE": "Létrehozás dátuma"
+        "CREATIONDATE": "Létrehozás dátuma",
+        "REORDER": "Újrarendelés"
       }
     }
   },
diff --git a/console/src/assets/i18n/id.json b/console/src/assets/i18n/id.json
index a9eba9f73e..77584e883b 100644
--- a/console/src/assets/i18n/id.json
+++ b/console/src/assets/i18n/id.json
@@ -599,7 +599,8 @@
       "TABLE": {
         "NAME": "Nama",
         "ENDPOINT": "Titik Akhir",
-        "CREATIONDATE": "Tanggal Pembuatan"
+        "CREATIONDATE": "Tanggal Pembuatan",
+        "REORDER": "Susun ulang"
       }
     }
   },
diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json
index a9bcb40a73..b01762b175 100644
--- a/console/src/assets/i18n/it.json
+++ b/console/src/assets/i18n/it.json
@@ -631,7 +631,8 @@
       "TABLE": {
         "NAME": "Nome",
         "ENDPOINT": "Endpoint",
-        "CREATIONDATE": "Data di creazione"
+        "CREATIONDATE": "Data di creazione",
+        "REORDER": "Riordina"
       }
     }
   },
diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json
index d09249694f..c0429ec816 100644
--- a/console/src/assets/i18n/ja.json
+++ b/console/src/assets/i18n/ja.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "名前",
         "ENDPOINT": "エンドポイント",
-        "CREATIONDATE": "作成日"
+        "CREATIONDATE": "作成日",
+        "REORDER": "順序を変更"
       }
     }
   },
diff --git a/console/src/assets/i18n/ko.json b/console/src/assets/i18n/ko.json
index 0f805f5479..b791234cd5 100644
--- a/console/src/assets/i18n/ko.json
+++ b/console/src/assets/i18n/ko.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "이름",
         "ENDPOINT": "엔드포인트",
-        "CREATIONDATE": "생성 날짜"
+        "CREATIONDATE": "생성 날짜",
+        "REORDER": "재정렬"
       }
     }
   },
diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json
index 134af90cef..22e0e6d3d7 100644
--- a/console/src/assets/i18n/mk.json
+++ b/console/src/assets/i18n/mk.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "Име",
         "ENDPOINT": "Крајна точка",
-        "CREATIONDATE": "Датум на создавање"
+        "CREATIONDATE": "Датум на создавање",
+        "REORDER": "Повторно нарачајте"
       }
     }
   },
diff --git a/console/src/assets/i18n/nl.json b/console/src/assets/i18n/nl.json
index db462ea0dd..112474e770 100644
--- a/console/src/assets/i18n/nl.json
+++ b/console/src/assets/i18n/nl.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "Naam",
         "ENDPOINT": "Eindpunt",
-        "CREATIONDATE": "Aanmaakdatum"
+        "CREATIONDATE": "Aanmaakdatum",
+        "REORDER": "Opnieuw ordenen"
       }
     }
   },
diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json
index 6f68e79524..3244ccb4a6 100644
--- a/console/src/assets/i18n/pl.json
+++ b/console/src/assets/i18n/pl.json
@@ -631,7 +631,8 @@
       "TABLE": {
         "NAME": "Nazwa",
         "ENDPOINT": "Punkt końcowy",
-        "CREATIONDATE": "Data utworzenia"
+        "CREATIONDATE": "Data utworzenia",
+        "REORDER": "Zmień kolejność"
       }
     }
   },
diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json
index c083cb5079..30b0f1d4e8 100644
--- a/console/src/assets/i18n/pt.json
+++ b/console/src/assets/i18n/pt.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "Nome",
         "ENDPOINT": "Ponto de Extremidade",
-        "CREATIONDATE": "Data de Criação"
+        "CREATIONDATE": "Data de Criação",
+        "REORDER": "Reordenar"
       }
     }
   },
diff --git a/console/src/assets/i18n/ro.json b/console/src/assets/i18n/ro.json
index 5938368345..6c73852beb 100644
--- a/console/src/assets/i18n/ro.json
+++ b/console/src/assets/i18n/ro.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "Nume",
         "ENDPOINT": "Punct Final",
-        "CREATIONDATE": "Data Creării"
+        "CREATIONDATE": "Data Creării",
+        "REORDER": "Reordonați"
       }
     }
   },
diff --git a/console/src/assets/i18n/ru.json b/console/src/assets/i18n/ru.json
index a612a586b3..6e2d7df7b4 100644
--- a/console/src/assets/i18n/ru.json
+++ b/console/src/assets/i18n/ru.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "Имя",
         "ENDPOINT": "Конечная точка",
-        "CREATIONDATE": "Дата создания"
+        "CREATIONDATE": "Дата создания",
+        "REORDER": "Изменить порядок"
       }
     }
   },
diff --git a/console/src/assets/i18n/sv.json b/console/src/assets/i18n/sv.json
index 1cae15230b..e747571f7a 100644
--- a/console/src/assets/i18n/sv.json
+++ b/console/src/assets/i18n/sv.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "Namn",
         "ENDPOINT": "Slutpunkt",
-        "CREATIONDATE": "Skapat datum"
+        "CREATIONDATE": "Skapat datum",
+        "REORDER": "Ordna om"
       }
     }
   },
diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json
index 1a3895aa7b..945e4200ef 100644
--- a/console/src/assets/i18n/zh.json
+++ b/console/src/assets/i18n/zh.json
@@ -632,7 +632,8 @@
       "TABLE": {
         "NAME": "名称",
         "ENDPOINT": "端点",
-        "CREATIONDATE": "创建日期"
+        "CREATIONDATE": "创建日期",
+        "REORDER": "重新排序"
       }
     }
   },

From ceaa73734d490b8ced19960ab2f297f2e82abc1d Mon Sep 17 00:00:00 2001
From: Max Peintner <max@caos.ch>
Date: Wed, 23 Apr 2025 14:02:57 +0200
Subject: [PATCH 011/123] fix(console): list of unique v2 sessions (#9778)

This PR ensures that the list of recent sessions has no duplicate
entries.
To ensure the sessions are unique, we create a map using the loginName
property.

---------

Co-authored-by: conblem <mail@conblem.me>
---
 .../app/modules/accounts-card/accounts-card.component.ts    | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/console/src/app/modules/accounts-card/accounts-card.component.ts b/console/src/app/modules/accounts-card/accounts-card.component.ts
index d91148e862..273af86467 100644
--- a/console/src/app/modules/accounts-card/accounts-card.component.ts
+++ b/console/src/app/modules/accounts-card/accounts-card.component.ts
@@ -1,4 +1,4 @@
-import { Component, EventEmitter, Input, Output } from '@angular/core';
+import { Component, EventEmitter, Input, NgIterable, Output } from '@angular/core';
 import { Router } from '@angular/router';
 import { AuthConfig } from 'angular-oauth2-oidc';
 import { SessionState as V1SessionState, User, UserState } from 'src/app/proto/generated/zitadel/user_pb';
@@ -52,7 +52,7 @@ export class AccountsCardComponent {
   protected readonly user$ = new ReplaySubject<User.AsObject>(1);
   protected readonly UserState = UserState;
   private readonly labelpolicy = toSignal(this.userService.labelpolicy$, { initialValue: undefined });
-  protected readonly sessions$: Observable<V1AndV2Session[] | undefined>;
+  protected readonly sessions$: Observable<V1AndV2Session[]>;
 
   constructor(
     protected readonly authService: AuthenticationService,
@@ -135,7 +135,9 @@ export class AccountsCardComponent {
         authState: V2SessionState.ACTIVE,
         userName: s.factors?.user?.loginName ?? '',
       })),
+      map((s) => [s.loginName, s] as const),
       toArray(),
+      map((sessions) => Array.from(new Map(sessions).values())), // Ensure unique loginNames
     );
   }
 

From 8d28e727e19cb6838a6105ad1852018cfb927068 Mon Sep 17 00:00:00 2001
From: Rajat Singh <17253992+rajatcing@users.noreply.github.com>
Date: Thu, 24 Apr 2025 08:38:40 +0200
Subject: [PATCH 012/123] docs: remove unused scopes/claims (#9786)

<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->

# Which Problems Are Solved

Removed the scopes/claims that were not used.

# How the Problems Are Solved

Made small changes in readme that fixes it.

Signed-off-by: RAJAT SINGH <rajatsingh@RAJATs-MacBook-Pro.local>
Co-authored-by: RAJAT SINGH <rajatsingh@RAJATs-MacBook-Pro.local>
---
 docs/docs/apis/openidoauth/claims.md | 1 -
 docs/docs/apis/openidoauth/scopes.md | 1 -
 2 files changed, 2 deletions(-)

diff --git a/docs/docs/apis/openidoauth/claims.md b/docs/docs/apis/openidoauth/claims.md
index 4129806aef..b7424aaf1d 100644
--- a/docs/docs/apis/openidoauth/claims.md
+++ b/docs/docs/apis/openidoauth/claims.md
@@ -110,7 +110,6 @@ ZITADEL reserves some claims to assert certain data. Please check out the [reser
 | urn:zitadel:iam:org:domain:primary:\{domainname}  | `{"urn:zitadel:iam:org:domain:primary": "acme.ch"}`                                                      | This claim represents the primary domain of the organization the user belongs to.                                                                                                                                                        |
 | urn:zitadel:iam:org:project:roles                 | `{"urn:zitadel:iam:org:project:roles": [ {"user": {"id1": "acme.zitade.ch", "id2": "caos.ch"} } ] }`     | When roles are asserted, ZITADEL does this by providing the `id` and `primaryDomain` below the role. This gives you the option to check in which organization a user has the role on the current project (where your client belongs to). |
 | urn:zitadel:iam:org:project:\{projectid}:roles    | `{"urn:zitadel:iam:org:project:id3:roles": [ {"user": {"id1": "acme.zitade.ch", "id2": "caos.ch"} } ] }` | When roles are asserted, ZITADEL does this by providing the `id` and `primaryDomain` below the role. This gives you the option to check in which organization a user has the role on a specific project.                                 |
-| urn:zitadel:iam:roles:\{rolename}                 | TBA                                                                                                      | TBA                                                                                                                                                                                                                                      |
 | urn:zitadel:iam:user:metadata                     | `{"urn:zitadel:iam:user:metadata": [ {"key": "VmFsdWU=" } ] }`                                           | The metadata claim will include all metadata of a user. The values are base64 encoded.                                                                                                                                                   |
 | urn:zitadel:iam:user:resourceowner:id             | `{"urn:zitadel:iam:user:resourceowner:id": "orgid"}`                                                     | This claim represents the id of the resource owner organisation of the user.                                                                                                                                                             |
 | urn:zitadel:iam:user:resourceowner:name           | `{"urn:zitadel:iam:user:resourceowner:name": "ACME"}`                                                    | This claim represents the name of the resource owner organisation of the user.                                                                                                                                                           |
diff --git a/docs/docs/apis/openidoauth/scopes.md b/docs/docs/apis/openidoauth/scopes.md
index 263d888f31..86f9769cab 100644
--- a/docs/docs/apis/openidoauth/scopes.md
+++ b/docs/docs/apis/openidoauth/scopes.md
@@ -30,7 +30,6 @@ In addition to the standard compliant scopes we utilize the following scopes.
 | `urn:zitadel:iam:org:projects:roles`              | `urn:zitadel:iam:org:projects:roles`                   | By using this scope a client can request the claim `urn:zitadel:iam:org:project:{projectid}:roles` to be asserted for each requested project. All projects of the token audience, requested by the `urn:zitadel:iam:org:project:id:{projectid}:aud` scopes will be used.     |
 | `urn:zitadel:iam:org:id:{id}`                     | `urn:zitadel:iam:org:id:178204173316174381`            | When requesting this scope **ZITADEL** will enforce that the user is a member of the selected organization. If the organization does not exist a failure is displayed. It will assert the `urn:zitadel:iam:user:resourceowner` claims.                                       |
 | `urn:zitadel:iam:org:domain:primary:{domainname}` | `urn:zitadel:iam:org:domain:primary:acme.ch`           | When requesting this scope **ZITADEL** will enforce that the user is a member of the selected organization and the username is suffixed by the provided domain. If the organization does not exist a failure is displayed                                                    |
-| `urn:zitadel:iam:role:{rolename}`                 |                                                        |                                                                                                                                                                                                                                                                              |
 | `urn:zitadel:iam:org:roles:id:{orgID}`            | `urn:zitadel:iam:org:roles:id:178204173316174381`      | This scope can be used one or more times to limit the granted organization IDs in the returned roles. Unknown organization IDs are ignored. When this scope is not used, all granted organizations are returned inside the roles.[^1]                                        |
 | `urn:zitadel:iam:org:project:id:{projectid}:aud`  | `urn:zitadel:iam:org:project:id:69234237810729019:aud` | By adding this scope, the requested projectid will be added to the audience of the access token                                                                                                                                                                              |
 | `urn:zitadel:iam:org:project:id:zitadel:aud`      | `urn:zitadel:iam:org:project:id:zitadel:aud`           | By adding this scope, the ZITADEL project ID will be added to the audience of the access token                                                                                                                                                                               |

From 44651b6e8db0d2a33e0f035dc072f62dd0c1a40c Mon Sep 17 00:00:00 2001
From: Max Peintner <max@caos.ch>
Date: Thu, 24 Apr 2025 09:01:01 +0200
Subject: [PATCH 013/123] docs: improve readability of idps callback (#9793)

This PR improves the readability of the difference in the IDP callback
of the new V2 login compared to the legacy login.
---
 .../docs/guides/integrate/login-ui/external-login.mdx | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs/docs/guides/integrate/login-ui/external-login.mdx b/docs/docs/guides/integrate/login-ui/external-login.mdx
index 3b3c47cf18..6775d2cb3b 100644
--- a/docs/docs/guides/integrate/login-ui/external-login.mdx
+++ b/docs/docs/guides/integrate/login-ui/external-login.mdx
@@ -16,6 +16,7 @@ ZITADEL will handle as much as possible from the authentication flow with the ex
 This requires you to initiate the flow with your desired provider.
 
 Send the following two URLs in the request body:
+
 1. SuccessURL: Page that should be shown when the login was successful
 2. ErrorURL: Page that should be shown when an error happens during the authentication
 
@@ -63,6 +64,10 @@ https://accounts.google.com/o/oauth2/v2/auth?client_id=Test&prompt=select_accoun
 
 After the user has successfully authenticated, a redirect to the ZITADEL backend /idps/callback will automatically be performed.
 
+:::warning
+Note that the redirect URL is `https://{YOUR-DOMAIN}/idps/callback` when using the new V2 hosted login compared to the V1 hosted login, which was `https://{YOUR-DOMAIN}/ui/login/login/externalidp/callback`.
+:::
+
 ## Get Provider Information
 
 ZITADEL will take the information of the provider. After this, a redirect will be made to either the success page in case of a successful login or to the error page in case of a failure will be performed. In the parameters, you will provide the IDP intentID, a token, and optionally, if a user could be found, a user ID.
@@ -71,6 +76,7 @@ To get the information of the provider, make a request to ZITADEL.
 [Retrieve Identity Provider Intent Documentation](/docs/apis/resources/user_service_v2/user-service-retrieve-identity-provider-intent)
 
 ### Request
+
 ```bash
 curl --request POST \
   --url https://$ZITADEL_DOMAIN/v2/idp_intents/$INTENT_ID \
@@ -115,7 +121,9 @@ curl --request POST \
 ```
 
 ## Handle Provider Information
+
 After successfully authenticating using your identity provider, you have three possible options.
+
 1. Login
 2. Register user
 3. Add social login to existing user
@@ -127,6 +135,7 @@ Create a new session and include the IDP intent ID and the token in the checks.
 This check requires that the previous step ended on the successful page and didn't’t result in an error.
 
 #### Request
+
 ```bash
 curl --request POST \
   --url https://$ZITADEL_DOMAIN/v2/sessions \
@@ -158,6 +167,7 @@ The display name is used to list the linkings on the users.
 [Create User API Documentation](/docs/apis/resources/user_service_v2/user-service-add-human-user)
 
 #### Request
+
 ```bash
 curl --request POST \
   --url https://$ZITADEL_DOMAIN/v2/users/human \
@@ -196,6 +206,7 @@ If you want to link/connect to an existing account you can perform the add ident
 [Add IDP Link to existing user documentation](/docs/apis/resources/user_service_v2/user-service-add-idp-link)
 
 #### Request
+
 ```bash
 curl --request POST \
   --url https://$ZITADEL_DOMAIN/v2/users/users/218385419895570689/links \

From 257bef974a6d227e50142b3895b2e46cd42051f5 Mon Sep 17 00:00:00 2001
From: Stygmates <styg.tan.dat@gmail.com>
Date: Thu, 24 Apr 2025 11:56:52 +0200
Subject: [PATCH 014/123] fix: text buttons overflow in login page (#9637)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# Which Problems Are Solved

The text of some of the buttons in the login page overflows in some
languages


![image](https://github.com/user-attachments/assets/ef3d3bfe-8966-4be5-8d3b-3b0b72ce5e49)

# How the Problems Are Solved

Updated the css to set the overflow to hidden and text-overflow to
ellipsis, this is the simplest fix I could come up with, if you have a
better alternative feel free to tell me what you would prefer 🙏


![image](https://github.com/user-attachments/assets/cdfa1f7b-535a-419d-ba9d-a57ec332d976)


# Additional Changes

None

# Additional Context

I couldn't test the following case locally since I had trouble setting
up a SMTP provider locally, but the class affected by my change should
also target this case, if someone could test it before merging it
:pray::


![315957139-6a630056-82b9-42cd-85a6-8819f2e1873b](https://github.com/user-attachments/assets/f6860db3-d6a0-4e4d-b9e6-0b1968145047)

- Closes #7619

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
---
 .../resources/themes/scss/styles/button/button_base.scss      | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/internal/api/ui/login/static/resources/themes/scss/styles/button/button_base.scss b/internal/api/ui/login/static/resources/themes/scss/styles/button/button_base.scss
index dd53dceb79..aeeeba541c 100644
--- a/internal/api/ui/login/static/resources/themes/scss/styles/button/button_base.scss
+++ b/internal/api/ui/login/static/resources/themes/scss/styles/button/button_base.scss
@@ -39,7 +39,9 @@ $lgn-icon-button-line-height: 40px !default;
   padding: $lgn-button-padding;
   border-radius: $lgn-button-border-radius;
 
-  overflow: visible;
+  overflow: hidden;
+  text-overflow: ellipsis;
+
   transition: all 0.2s cubic-bezier(0.645, 0.045, 0.355, 1);
 
   &[disabled] {

From 106e360c195f37400025b1549480654cb9e12268 Mon Sep 17 00:00:00 2001
From: Michael Sacher <144212572+msceex@users.noreply.github.com>
Date: Fri, 25 Apr 2025 08:45:39 +0200
Subject: [PATCH 015/123] docs(adopters): Clean Energy Exchange AG (#9686)

doc: ADOPTERS.md ceex

# Which Problems Are Solved

Replace this example text with a concise list of problems that this PR
solves.
For example:
- If the property XY is not given, the system crashes with a nil pointer
exception.

# How the Problems Are Solved

Replace this example text with a concise list of changes that this PR
introduces.
For example:
- Validates if property XY is given and throws an error if not

# Additional Changes

Replace this example text with a concise list of additional changes that
this PR introduces, that are not directly solving the initial problem
but are related.
For example:
- The docs explicitly describe that the property XY is mandatory
- Adds missing translations for validations.

# Additional Context

Replace this example with links to related issues, discussions, discord
threads, or other sources with more context.
Use the Closing #issue syntax for issues that are resolved with this PR.
- Closes #xxx
- Discussion #xxx
- Follow-up for PR #xxx
- https://discord.com/channels/xxx/xxx
---
 ADOPTERS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ADOPTERS.md b/ADOPTERS.md
index 0573099cf9..876d984347 100644
--- a/ADOPTERS.md
+++ b/ADOPTERS.md
@@ -23,6 +23,7 @@ If you are using Zitadel, please consider adding yourself as a user with a quick
 | OpenAIP                 | [@openaip](https://github.com/openAIP)                               | Using Zitadel Cloud for everything related to user authentication. |
 | Smat.io                 | [@smatio](https://github.com/smatio) - [@lukasver](https://github.com/lukasver) | Zitadel for authentication in cloud applications while offering B2B portfolio management solutions for professional investors |
 | roclub GmbH             | [@holgerson97](https://github.com/holgerson97)                        | Roclub builds a telehealth application to enable remote MRI/CT examinations. |
+| CEEX AG                 | [@cleanenergyexchange](https://github.com/cleanenergyexchange)        | Using Zitadel cloud for our SaaS products that support the sustainabel energy transistion |
 | Organization Name       | contact@example.com                                      | Description of how they use Zitadel             |
 | Individual Name         | contact@example.com                                      | Description of how they use Zitadel             |
 

From 4ffd4ef38126c73377bae1ba0508a45366d814e6 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Fri, 25 Apr 2025 09:12:42 +0200
Subject: [PATCH 016/123] fix(actions): handle empty deny list correctly
 (#9753)

<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->

# Which Problems Are Solved

A customer reached out that after an upgrade, actions would always fail
with the error "host is denied" when calling an external API.
This is due to a security fix
(https://github.com/zitadel/zitadel/security/advisories/GHSA-6cf5-w9h3-4rqv),
where a DNS lookup was added to check whether the host name resolves to
a denied IP or subnet.
If the lookup fails due to the internal DNS setup, the action fails as
well. Additionally, the lookup was also performed when the deny list was
empty.

# How the Problems Are Solved

- Prevent DNS lookup when deny list is empty
- Properly initiate deny list and prevent empty entries

# Additional Changes

- Log the reason for blocked address (domain, IP, subnet)

# Additional Context

- reported by a customer
- needs backport to 2.70.x, 2.71.x and 3.0.0 rc
---
 cmd/start/config.go                    |  4 ++-
 internal/actions/http_module.go        | 20 +++++++--------
 internal/actions/http_module_config.go | 35 ++++++++++++++++++++++----
 internal/actions/http_module_test.go   | 31 ++++++++++++++++-------
 4 files changed, 65 insertions(+), 25 deletions(-)

diff --git a/cmd/start/config.go b/cmd/start/config.go
index e973c40479..78b6f0afe0 100644
--- a/cmd/start/config.go
+++ b/cmd/start/config.go
@@ -128,7 +128,9 @@ func MustNewConfig(v *viper.Viper) *Config {
 	logging.OnError(err).Fatal("unable to set profiler")
 
 	id.Configure(config.Machine)
-	actions.SetHTTPConfig(&config.Actions.HTTP)
+	if config.Actions != nil {
+		actions.SetHTTPConfig(&config.Actions.HTTP)
+	}
 
 	// Copy the global role permissions mappings to the instance until we allow instance-level configuration over the API.
 	config.DefaultInstance.RolePermissionMappings = config.InternalAuthZ.RolePermissionMappings
diff --git a/internal/actions/http_module.go b/internal/actions/http_module.go
index 2f9d09932c..db7253428d 100644
--- a/internal/actions/http_module.go
+++ b/internal/actions/http_module.go
@@ -176,16 +176,16 @@ type transport struct {
 }
 
 func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {
-	if httpConfig == nil {
+	if httpConfig == nil || len(httpConfig.DenyList) == 0 {
 		return http.DefaultTransport.RoundTrip(req)
 	}
-	if t.isHostBlocked(httpConfig.DenyList, req.URL) {
-		return nil, zerrors.ThrowInvalidArgument(nil, "ACTIO-N72d0", "host is denied")
+	if err := t.isHostBlocked(httpConfig.DenyList, req.URL); err != nil {
+		return nil, zerrors.ThrowInvalidArgument(err, "ACTIO-N72d0", "host is denied")
 	}
 	return http.DefaultTransport.RoundTrip(req)
 }
 
-func (t *transport) isHostBlocked(denyList []AddressChecker, address *url.URL) bool {
+func (t *transport) isHostBlocked(denyList []AddressChecker, address *url.URL) error {
 	host := address.Hostname()
 	ip := net.ParseIP(host)
 	ips := []net.IP{ip}
@@ -194,17 +194,17 @@ func (t *transport) isHostBlocked(denyList []AddressChecker, address *url.URL) b
 		var err error
 		ips, err = t.lookup(host)
 		if err != nil {
-			return true
+			return zerrors.ThrowInternal(err, "ACTIO-4m9s2", "lookup failed")
 		}
 	}
-	for _, blocked := range denyList {
-		if blocked.Matches(ips, host) {
-			return true
+	for _, denied := range denyList {
+		if err := denied.IsDenied(ips, host); err != nil {
+			return err
 		}
 	}
-	return false
+	return nil
 }
 
 type AddressChecker interface {
-	Matches([]net.IP, string) bool
+	IsDenied([]net.IP, string) error
 }
diff --git a/internal/actions/http_module_config.go b/internal/actions/http_module_config.go
index d1b965814e..eaab9e754e 100644
--- a/internal/actions/http_module_config.go
+++ b/internal/actions/http_module_config.go
@@ -1,6 +1,8 @@
 package actions
 
 import (
+	"errors"
+	"fmt"
 	"net"
 	"reflect"
 	"strings"
@@ -60,6 +62,9 @@ func HTTPConfigDecodeHook(from, to reflect.Value) (interface{}, error) {
 }
 
 func NewHostChecker(entry string) (AddressChecker, error) {
+	if entry == "" {
+		return nil, nil
+	}
 	_, network, err := net.ParseCIDR(entry)
 	if err == nil {
 		return &HostChecker{Net: network}, nil
@@ -76,19 +81,39 @@ type HostChecker struct {
 	Domain string
 }
 
-func (c *HostChecker) Matches(ips []net.IP, address string) bool {
+type AddressDeniedError struct {
+	deniedBy string
+}
+
+func NewAddressDeniedError(deniedBy string) *AddressDeniedError {
+	return &AddressDeniedError{deniedBy: deniedBy}
+}
+
+func (e *AddressDeniedError) Error() string {
+	return fmt.Sprintf("address is denied by '%s'", e.deniedBy)
+}
+
+func (e *AddressDeniedError) Is(target error) bool {
+	var addressDeniedErr *AddressDeniedError
+	if !errors.As(target, &addressDeniedErr) {
+		return false
+	}
+	return e.deniedBy == addressDeniedErr.deniedBy
+}
+
+func (c *HostChecker) IsDenied(ips []net.IP, address string) error {
 	// if the address matches the domain, no additional checks as needed
 	if c.Domain == address {
-		return true
+		return NewAddressDeniedError(c.Domain)
 	}
 	// otherwise we need to check on ips (incl. the resolved ips of the host)
 	for _, ip := range ips {
 		if c.Net != nil && c.Net.Contains(ip) {
-			return true
+			return NewAddressDeniedError(c.Net.String())
 		}
 		if c.IP != nil && c.IP.Equal(ip) {
-			return true
+			return NewAddressDeniedError(c.IP.String())
 		}
 	}
-	return false
+	return nil
 }
diff --git a/internal/actions/http_module_test.go b/internal/actions/http_module_test.go
index 7a1f8d7816..50a007feeb 100644
--- a/internal/actions/http_module_test.go
+++ b/internal/actions/http_module_test.go
@@ -3,6 +3,7 @@ package actions
 import (
 	"bytes"
 	"context"
+	"errors"
 	"io"
 	"net"
 	"net/http"
@@ -11,6 +12,7 @@ import (
 	"testing"
 
 	"github.com/dop251/goja"
+	"github.com/stretchr/testify/assert"
 
 	"github.com/zitadel/zitadel/internal/logstore"
 	"github.com/zitadel/zitadel/internal/logstore/record"
@@ -34,21 +36,21 @@ func Test_isHostBlocked(t *testing.T) {
 		name   string
 		fields fields
 		args   args
-		want   bool
+		want   error
 	}{
 		{
 			name: "in range",
 			args: args{
 				address: mustNewURL(t, "https://192.168.5.4/hodor"),
 			},
-			want: true,
+			want: NewAddressDeniedError("192.168.5.0/24"),
 		},
 		{
 			name: "exact ip",
 			args: args{
 				address: mustNewURL(t, "http://127.0.0.1:8080/hodor"),
 			},
-			want: true,
+			want: NewAddressDeniedError("127.0.0.1"),
 		},
 		{
 			name: "address match",
@@ -60,7 +62,7 @@ func Test_isHostBlocked(t *testing.T) {
 			args: args{
 				address: mustNewURL(t, "https://test.com:42/hodor"),
 			},
-			want: true,
+			want: NewAddressDeniedError("test.com"),
 		},
 		{
 			name: "address not match",
@@ -72,7 +74,7 @@ func Test_isHostBlocked(t *testing.T) {
 			args: args{
 				address: mustNewURL(t, "https://test2.com/hodor"),
 			},
-			want: false,
+			want: nil,
 		},
 		{
 			name: "looked up ip matches",
@@ -84,7 +86,19 @@ func Test_isHostBlocked(t *testing.T) {
 			args: args{
 				address: mustNewURL(t, "https://test2.com/hodor"),
 			},
-			want: true,
+			want: NewAddressDeniedError("127.0.0.1"),
+		},
+		{
+			name: "looked up failure",
+			fields: fields{
+				lookup: func(host string) ([]net.IP, error) {
+					return nil, errors.New("some error")
+				},
+			},
+			args: args{
+				address: mustNewURL(t, "https://test2.com/hodor"),
+			},
+			want: zerrors.ThrowInternal(nil, "ACTIO-4m9s2", "lookup failed"),
 		},
 	}
 	for _, tt := range tests {
@@ -92,9 +106,8 @@ func Test_isHostBlocked(t *testing.T) {
 			trans := &transport{
 				lookup: tt.fields.lookup,
 			}
-			if got := trans.isHostBlocked(denyList, tt.args.address); got != tt.want {
-				t.Errorf("isHostBlocked() = %v, want %v", got, tt.want)
-			}
+			got := trans.isHostBlocked(denyList, tt.args.address)
+			assert.ErrorIs(t, got, tt.want)
 		})
 	}
 }

From 65bb559bbec05cdb98539f6583766d653c916145 Mon Sep 17 00:00:00 2001
From: Iraq <66622793+kkrime@users.noreply.github.com>
Date: Fri, 25 Apr 2025 14:04:29 +0200
Subject: [PATCH 017/123] docs(API_DESIGN.md): adding guidlines around API
 returns when multiple resources created (#9797)

# Which Problems Are Solved

Updating API_Design.md to include guidelines to specify all created
resources created from an API call

# How the Problems Are Solved

This makes things clearer to the user if everything requested was
actually created and helps with testing.
See  https://github.com/zitadel/zitadel/pull/9352

# Additional Context

- Related https://github.com/zitadel/zitadel/issues/6305
- Related https://github.com/zitadel/zitadel/pull/9352

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 API_DESIGN.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/API_DESIGN.md b/API_DESIGN.md
index 7df13d6588..ea37df5a24 100644
--- a/API_DESIGN.md
+++ b/API_DESIGN.md
@@ -56,6 +56,10 @@ Provide clear and concise documentation for the API.
 Do not rely on implicit fallbacks or defaults if the client does not provide certain parameters.
 Only use defaults if they are explicitly documented, such as returning a result set for the whole instance if no filter is provided.
 
+Some API calls may create multiple resources such as in the case of `zitadel.org.v2.AddOrganization`, where you can create an organization AND multiple users as admin.
+In such cases the response should include **ALL** created resources and their ids. This removes any ambiguity from the users perspective whether or not
+the additional resources were created and it also helps in testing.
+
 ### Naming Conventions
 
 Names of resources, fields and methods MUST be descriptive and consistent.
@@ -371,4 +375,4 @@ message VerifyEmailRequest{
   ];
 }
 
-```
\ No newline at end of file
+```

From 84628671bd207a6806667cd266b87cb4771da1fa Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Mon, 28 Apr 2025 11:02:33 +0200
Subject: [PATCH 018/123] chore: only download release relevant artifacts
 (#9808)

<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->

# Which Problems Are Solved

https://github.com/zitadel/zitadel/pull/9765 fixed an issue for with
actions cache service. The PR updated the push action, which now also
provides a build summary. The "release" step tries to download all
artifacts, which now fails:
https://github.com/zitadel/zitadel/actions/runs/14660464768/job/41145285454

# How the Problems Are Solved

Only download relevant artifacts, which are published as part of the
release.

# Additional Changes

None

# Additional Context

None
---
 .github/workflows/version.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml
index cf11e944f8..063f6956a5 100644
--- a/.github/workflows/version.yml
+++ b/.github/workflows/version.yml
@@ -32,6 +32,7 @@ jobs:
       if: ${{ !inputs.dry_run }}
       with:
         path: .artifacts
+        pattern: "{checksums.txt,zitadel-*}"
     -
       name: Semantic Release
       uses: cycjimmy/semantic-release-action@v4

From b8ba7bd5badd8b9ee43316465ae5748e6fab0f50 Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Mon, 28 Apr 2025 11:24:50 +0200
Subject: [PATCH 019/123] fix: remove action feature flag and include execution
 (#9727)

# Which Problems Are Solved

Actions v2 is not a feature flag anymore, include functionality on
executions is not used and json tags of proto messages are handled
incorrectly.

# How the Problems Are Solved

- Remove actions from the feature flags on system and instance level
- Remove include type on executions, only in the API, later maybe in the
handling logic as well
- Use protojson in request and response handling of actions v2

# Additional Changes

- Correct integration tests for request and response handling
- Use json.RawMessage for events, so that the event payload is not
base64 encoded
- Added separate context for async webhook calls, that executions are
not cancelled when called async

# Additional Context

Related to #9759
Closes #9710

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 .../guides/integrate/actions/testing-event.md |   9 +-
 .../actions/testing-request-manipulation.md   |  25 ++-
 .../actions/testing-request-signature.md      |   5 +
 .../integrate/actions/testing-request.md      |   5 +
 .../actions/testing-response-manipulation.md  |  48 ++++-
 .../integrate/actions/testing-response.md     |   5 +
 docs/docs/guides/integrate/actions/usage.md   |  12 +-
 internal/api/grpc/action/v2beta/execution.go  |  54 +-----
 .../integration_test/execution_target_test.go |  99 +++++-----
 .../v2beta/integration_test/execution_test.go | 172 +++---------------
 .../v2beta/integration_test/query_test.go     | 145 ++++++++-------
 .../v2beta/integration_test/server_test.go    |  46 -----
 .../v2beta/integration_test/target_test.go    |   3 -
 internal/api/grpc/action/v2beta/query.go      |  24 +--
 internal/api/grpc/action/v2beta/server.go     |  10 -
 internal/api/grpc/action/v2beta/target.go     |   9 -
 internal/api/grpc/feature/v2/converter.go     |   4 -
 .../api/grpc/feature/v2/converter_test.go     |  20 --
 .../v2/integration_test/feature_test.go       |  14 --
 internal/api/grpc/feature/v2beta/converter.go |   4 -
 .../api/grpc/feature/v2beta/converter_test.go |  20 --
 .../v2beta/integration_test/feature_test.go   |  13 --
 .../middleware/execution_interceptor.go       |  62 ++++---
 .../middleware/execution_interceptor_test.go  |  32 ++--
 internal/command/instance_features.go         |   2 -
 internal/command/instance_features_model.go   |   5 -
 internal/command/instance_features_test.go    |  23 ---
 internal/command/system_features.go           |   2 -
 internal/command/system_features_model.go     |   5 -
 internal/command/system_features_test.go      |  28 ---
 internal/execution/execution.go               |   6 +-
 internal/execution/execution_test.go          |  43 ++---
 internal/feature/feature.go                   |   3 +-
 internal/feature/key_enumer.go                |   8 +-
 internal/integration/action.go                |  61 +++++++
 internal/integration/client.go                |   2 +-
 internal/query/instance_features.go           |   1 -
 internal/query/instance_features_model.go     |   7 +-
 internal/query/instance_features_test.go      |  24 ---
 .../query/projection/instance_features.go     |   4 -
 internal/query/projection/system_features.go  |   4 -
 internal/query/system_features.go             |   1 -
 internal/query/system_features_model.go       |   6 +-
 internal/query/system_features_test.go        |  24 ---
 internal/repository/execution/queue.go        |  20 +-
 .../feature/feature_v2/eventstore.go          |   2 -
 .../repository/feature/feature_v2/feature.go  |   2 -
 proto/buf.yaml                                |   4 +
 .../action/v2beta/action_service.proto        |   4 +-
 proto/zitadel/action/v2beta/execution.proto   |  14 +-
 proto/zitadel/action/v2beta/query.proto       |  11 --
 proto/zitadel/feature/v2/instance.proto       |  17 +-
 proto/zitadel/feature/v2/system.proto         |  18 +-
 proto/zitadel/feature/v2beta/instance.proto   |  17 +-
 proto/zitadel/feature/v2beta/system.proto     |  18 +-
 55 files changed, 427 insertions(+), 799 deletions(-)

diff --git a/docs/docs/guides/integrate/actions/testing-event.md b/docs/docs/guides/integrate/actions/testing-event.md
index 69a33f6d3e..8b4502703b 100644
--- a/docs/docs/guides/integrate/actions/testing-event.md
+++ b/docs/docs/guides/integrate/actions/testing-event.md
@@ -145,7 +145,14 @@ the [Sent information Event](./usage#sent-information-event) payload description
   "event_type": "user.human.added",
   "created_at": "2025-03-27T10:22:43.262665+01:00",
   "userID": "312909075212468632",
-  "event_payload": "eyJ1c2VyTmFtZSI6ImV4YW1wbGVAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJVc2VyIiwiZGlzcGxheU5hbWUiOiJUZXN0IFVzZXIiLCJwcmVmZXJyZWRMYW5ndWFnZSI6InVuZCIsImVtYWlsIjoiZXhhbXBsZUB0ZXN0LmNvbSJ9"
+  "event_payload": {
+    "userName":"example@test.com",
+    "firstName":"Test",
+    "lastName":"User",
+    "displayName":"Test User",
+    "preferredLanguage":"und",
+    "email":"example@test.com"
+  }
 }
 ```
 
diff --git a/docs/docs/guides/integrate/actions/testing-request-manipulation.md b/docs/docs/guides/integrate/actions/testing-request-manipulation.md
index f727b56144..1cb4f1776a 100644
--- a/docs/docs/guides/integrate/actions/testing-request-manipulation.md
+++ b/docs/docs/guides/integrate/actions/testing-request-manipulation.md
@@ -18,6 +18,11 @@ Note that this guide assumes that ZITADEL is running on the same machine as the
 In case you are using a different setup, you need to adjust the target URL accordingly and will need to make sure that the target is reachable from ZITADEL.
 :::
 
+:::warning
+To marshal and unmarshal the request please use a package like [protojson](https://pkg.go.dev/google.golang.org/protobuf/encoding/protojson),
+as the request is a protocol buffer message, to avoid potential problems with the attribute names.
+:::
+
 ## Start example target
 
 To test the actions feature, you need to create a target that will be called when an API endpoint is called.
@@ -37,10 +42,28 @@ import (
 	"net/http"
 
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+	"google.golang.org/protobuf/encoding/protojson"
 )
 
 type contextRequest struct {
-	Request *user.AddHumanUserRequest `json:"request"`
+	Request *addHumanUserRequestWrapper `json:"request"`
+}
+
+// addHumanUserRequestWrapper necessary to marshal and unmarshal the JSON into the proto message correctly
+type addHumanUserRequestWrapper struct {
+	user.AddHumanUserRequest
+}
+
+func (r *addHumanUserRequestWrapper) MarshalJSON() ([]byte, error) {
+	data, err := protojson.Marshal(r)
+	if err != nil {
+		return nil, err
+	}
+	return data, nil
+}
+
+func (r *addHumanUserRequestWrapper) UnmarshalJSON(data []byte) error {
+	return protojson.Unmarshal(data, r)
 }
 
 // call HandleFunc to read the request body, manipulate the content and return the manipulated request
diff --git a/docs/docs/guides/integrate/actions/testing-request-signature.md b/docs/docs/guides/integrate/actions/testing-request-signature.md
index 4565328e63..c1932a7d5b 100644
--- a/docs/docs/guides/integrate/actions/testing-request-signature.md
+++ b/docs/docs/guides/integrate/actions/testing-request-signature.md
@@ -18,6 +18,11 @@ Note that this guide assumes that ZITADEL is running on the same machine as the
 In case you are using a different setup, you need to adjust the target URL accordingly and will need to make sure that the target is reachable from ZITADEL.
 :::
 
+:::warning
+To marshal and unmarshal the request please use a package like [protojson](https://pkg.go.dev/google.golang.org/protobuf/encoding/protojson),
+as the request is a protocol buffer message, to avoid potential problems with the attribute names.
+:::
+
 ## Start example target
 
 To test the actions feature, you need to create a target that will be called when an API endpoint is called.
diff --git a/docs/docs/guides/integrate/actions/testing-request.md b/docs/docs/guides/integrate/actions/testing-request.md
index e97b0ef25f..b2413e606e 100644
--- a/docs/docs/guides/integrate/actions/testing-request.md
+++ b/docs/docs/guides/integrate/actions/testing-request.md
@@ -18,6 +18,11 @@ Note that this guide assumes that ZITADEL is running on the same machine as the
 In case you are using a different setup, you need to adjust the target URL accordingly and will need to make sure that the target is reachable from ZITADEL.
 :::
 
+:::warning
+To marshal and unmarshal the request please use a package like [protojson](https://pkg.go.dev/google.golang.org/protobuf/encoding/protojson),
+as the request is a protocol buffer message, to avoid potential problems with the attribute names.
+:::
+
 ## Start example target
 
 To test the actions feature, you need to create a target that will be called when an API endpoint is called.
diff --git a/docs/docs/guides/integrate/actions/testing-response-manipulation.md b/docs/docs/guides/integrate/actions/testing-response-manipulation.md
index cc10b8252a..9d95479b05 100644
--- a/docs/docs/guides/integrate/actions/testing-response-manipulation.md
+++ b/docs/docs/guides/integrate/actions/testing-response-manipulation.md
@@ -18,6 +18,11 @@ Note that this guide assumes that ZITADEL is running on the same machine as the
 In case you are using a different setup, you need to adjust the target URL accordingly and will need to make sure that the target is reachable from ZITADEL.
 :::
 
+:::warning
+To marshal and unmarshal the request and response please use a package like [protojson](https://pkg.go.dev/google.golang.org/protobuf/encoding/protojson),
+as the request and response are protocol buffer messages, to avoid potential problems with the attribute names.
+:::
+
 ## Start example target
 
 To test the actions feature, you need to create a target that will be called when an API endpoint is called.
@@ -37,11 +42,46 @@ import (
 	"net/http"
 
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+	"google.golang.org/protobuf/encoding/protojson"
 )
 
-type response struct {
-	Request  *user.RetrieveIdentityProviderIntentRequest  `json:"request"`
-	Response *user.RetrieveIdentityProviderIntentResponse `json:"response"`
+type contextResponse struct {
+	Request  *retrieveIdentityProviderIntentRequestWrapper  `json:"request"`
+	Response *retrieveIdentityProviderIntentResponseWrapper `json:"response"`
+}
+
+// RetrieveIdentityProviderIntentRequestWrapper necessary to marshal and unmarshal the JSON into the proto message correctly
+type retrieveIdentityProviderIntentRequestWrapper struct {
+	user.RetrieveIdentityProviderIntentRequest
+}
+
+func (r *retrieveIdentityProviderIntentRequestWrapper) MarshalJSON() ([]byte, error) {
+	data, err := protojson.Marshal(r)
+	if err != nil {
+		return nil, err
+	}
+	return data, nil
+}
+
+func (r *retrieveIdentityProviderIntentRequestWrapper) UnmarshalJSON(data []byte) error {
+	return protojson.Unmarshal(data, r)
+}
+
+// RetrieveIdentityProviderIntentResponseWrapper necessary to marshal and unmarshal the JSON into the proto message correctly
+type retrieveIdentityProviderIntentResponseWrapper struct {
+	user.RetrieveIdentityProviderIntentResponse
+}
+
+func (r *retrieveIdentityProviderIntentResponseWrapper) MarshalJSON() ([]byte, error) {
+	data, err := protojson.Marshal(r)
+	if err != nil {
+		return nil, err
+	}
+	return data, nil
+}
+
+func (r *retrieveIdentityProviderIntentResponseWrapper) UnmarshalJSON(data []byte) error {
+	return protojson.Unmarshal(data, r)
 }
 
 // call HandleFunc to read the response body, manipulate the content and return the response
@@ -56,7 +96,7 @@ func call(w http.ResponseWriter, req *http.Request) {
 	defer req.Body.Close()
 
 	// read the response into the expected structure
-	request := new(response)
+	request := new(contextResponse)
 	if err := json.Unmarshal(sentBody, request); err != nil {
 		http.Error(w, "error", http.StatusInternalServerError)
 	}
diff --git a/docs/docs/guides/integrate/actions/testing-response.md b/docs/docs/guides/integrate/actions/testing-response.md
index 3eb824e95b..a2ab736505 100644
--- a/docs/docs/guides/integrate/actions/testing-response.md
+++ b/docs/docs/guides/integrate/actions/testing-response.md
@@ -18,6 +18,11 @@ Note that this guide assumes that ZITADEL is running on the same machine as the
 In case you are using a different setup, you need to adjust the target URL accordingly and will need to make sure that the target is reachable from ZITADEL.
 :::
 
+:::warning
+To marshal and unmarshal the request and response please use a package like [protojson](https://pkg.go.dev/google.golang.org/protobuf/encoding/protojson),
+as the request and response are protocol buffer messages, to avoid potential problems with the attribute names.
+:::
+
 ## Start example target
 
 To test the actions feature, you need to create a target that will be called when an API endpoint is called.
diff --git a/docs/docs/guides/integrate/actions/usage.md b/docs/docs/guides/integrate/actions/usage.md
index 8a639f3c27..ba512ae549 100644
--- a/docs/docs/guides/integrate/actions/usage.md
+++ b/docs/docs/guides/integrate/actions/usage.md
@@ -36,6 +36,11 @@ The information sent to the Endpoint is structured as JSON:
 }
 ```
 
+:::warning
+To marshal and unmarshal the request please use a package like [protojson](https://pkg.go.dev/google.golang.org/protobuf/encoding/protojson), 
+as the request is a protocol buffer message, to avoid potential problems with the attribute names.
+:::
+
 ### Sent information Response
 
 The information sent to the Endpoint is structured as JSON:
@@ -56,6 +61,11 @@ The information sent to the Endpoint is structured as JSON:
 }
 ```
 
+:::warning
+To marshal and unmarshal the request and response please use a package like [protojson](https://pkg.go.dev/google.golang.org/protobuf/encoding/protojson),
+as the request and response are protocol buffer messages, to avoid potential problems with the attribute names.
+:::
+
 ### Sent information Function
 
 Information sent and expected back are specific to the function.
@@ -338,7 +348,7 @@ The information sent to the Endpoint is structured as JSON:
   "event_type": "Type of the event",
   "created_at": "Time the event was created",
   "userID": "ID of the creator of the event",
-  "event_payload": "Base64 encoded content of the event"
+  "event_payload": "Content of the event in JSON format"
 }
 ```
 
diff --git a/internal/api/grpc/action/v2beta/execution.go b/internal/api/grpc/action/v2beta/execution.go
index 8a7cd18ab4..5477a8128e 100644
--- a/internal/api/grpc/action/v2beta/execution.go
+++ b/internal/api/grpc/action/v2beta/execution.go
@@ -14,22 +14,10 @@ import (
 )
 
 func (s *Server) SetExecution(ctx context.Context, req *action.SetExecutionRequest) (*action.SetExecutionResponse, error) {
-	if err := checkActionsEnabled(ctx); err != nil {
-		return nil, err
-	}
 	reqTargets := req.GetTargets()
 	targets := make([]*execution.Target, len(reqTargets))
 	for i, target := range reqTargets {
-		switch t := target.GetType().(type) {
-		case *action.ExecutionTargetType_Include:
-			include, err := conditionToInclude(t.Include)
-			if err != nil {
-				return nil, err
-			}
-			targets[i] = &execution.Target{Type: domain.ExecutionTargetTypeInclude, Target: include}
-		case *action.ExecutionTargetType_Target:
-			targets[i] = &execution.Target{Type: domain.ExecutionTargetTypeTarget, Target: t.Target}
-		}
+		targets[i] = &execution.Target{Type: domain.ExecutionTargetTypeTarget, Target: target}
 	}
 	set := &command.SetExecution{
 		Targets: targets,
@@ -60,59 +48,19 @@ func (s *Server) SetExecution(ctx context.Context, req *action.SetExecutionReque
 	}, nil
 }
 
-func conditionToInclude(cond *action.Condition) (string, error) {
-	switch t := cond.GetConditionType().(type) {
-	case *action.Condition_Request:
-		cond := executionConditionFromRequest(t.Request)
-		if err := cond.IsValid(); err != nil {
-			return "", err
-		}
-		return cond.ID(domain.ExecutionTypeRequest), nil
-	case *action.Condition_Response:
-		cond := executionConditionFromResponse(t.Response)
-		if err := cond.IsValid(); err != nil {
-			return "", err
-		}
-		return cond.ID(domain.ExecutionTypeRequest), nil
-	case *action.Condition_Event:
-		cond := executionConditionFromEvent(t.Event)
-		if err := cond.IsValid(); err != nil {
-			return "", err
-		}
-		return cond.ID(), nil
-	case *action.Condition_Function:
-		cond := command.ExecutionFunctionCondition(t.Function.GetName())
-		if err := cond.IsValid(); err != nil {
-			return "", err
-		}
-		return cond.ID(), nil
-	default:
-		return "", zerrors.ThrowInvalidArgument(nil, "ACTION-9BBob", "Errors.Execution.ConditionInvalid")
-	}
-}
-
 func (s *Server) ListExecutionFunctions(ctx context.Context, _ *action.ListExecutionFunctionsRequest) (*action.ListExecutionFunctionsResponse, error) {
-	if err := checkActionsEnabled(ctx); err != nil {
-		return nil, err
-	}
 	return &action.ListExecutionFunctionsResponse{
 		Functions: s.ListActionFunctions(),
 	}, nil
 }
 
 func (s *Server) ListExecutionMethods(ctx context.Context, _ *action.ListExecutionMethodsRequest) (*action.ListExecutionMethodsResponse, error) {
-	if err := checkActionsEnabled(ctx); err != nil {
-		return nil, err
-	}
 	return &action.ListExecutionMethodsResponse{
 		Methods: s.ListGRPCMethods(),
 	}, nil
 }
 
 func (s *Server) ListExecutionServices(ctx context.Context, _ *action.ListExecutionServicesRequest) (*action.ListExecutionServicesResponse, error) {
-	if err := checkActionsEnabled(ctx); err != nil {
-		return nil, err
-	}
 	return &action.ListExecutionServicesResponse{
 		Services: s.ListGRPCServices(),
 	}, nil
diff --git a/internal/api/grpc/action/v2beta/integration_test/execution_target_test.go b/internal/api/grpc/action/v2beta/integration_test/execution_target_test.go
index 6e3ab76fac..0c5018dbb6 100644
--- a/internal/api/grpc/action/v2beta/integration_test/execution_target_test.go
+++ b/internal/api/grpc/action/v2beta/integration_test/execution_target_test.go
@@ -48,7 +48,6 @@ var (
 
 func TestServer_ExecutionTarget(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	fullMethod := action.ActionService_GetTarget_FullMethodName
 
@@ -77,14 +76,14 @@ func TestServer_ExecutionTarget(t *testing.T) {
 				targetCreated := instance.CreateTarget(ctx, t, targetCreatedName, targetCreatedURL, domain.TargetTypeCall, false)
 
 				// request received by target
-				wantRequest := &middleware.ContextInfoRequest{FullMethod: fullMethod, InstanceID: instance.ID(), OrgID: orgID, ProjectID: projectID, UserID: userID, Request: request}
+				wantRequest := &middleware.ContextInfoRequest{FullMethod: fullMethod, InstanceID: instance.ID(), OrgID: orgID, ProjectID: projectID, UserID: userID, Request: middleware.Message{Message: request}}
 				changedRequest := &action.GetTargetRequest{Id: targetCreated.GetId()}
 				// replace original request with different targetID
-				urlRequest, closeRequest, calledRequest, _ := integration.TestServerCall(wantRequest, 0, http.StatusOK, changedRequest)
+				urlRequest, closeRequest, calledRequest, _ := integration.TestServerCallProto(wantRequest, 0, http.StatusOK, changedRequest)
 
 				targetRequest := waitForTarget(ctx, t, instance, urlRequest, domain.TargetTypeCall, false)
 
-				waitForExecutionOnCondition(ctx, t, instance, conditionRequestFullMethod(fullMethod), executionTargetsSingleTarget(targetRequest.GetId()))
+				waitForExecutionOnCondition(ctx, t, instance, conditionRequestFullMethod(fullMethod), []string{targetRequest.GetId()})
 
 				// expected response from the GetTarget
 				expectedResponse := &action.GetTargetResponse{
@@ -103,9 +102,26 @@ func TestServer_ExecutionTarget(t *testing.T) {
 						SigningKey: targetCreated.GetSigningKey(),
 					},
 				}
-				// has to be set separately because of the pointers
+
+				changedResponse := &action.GetTargetResponse{
+					Target: &action.Target{
+						Id:           "changed",
+						CreationDate: targetCreated.GetCreationDate(),
+						ChangeDate:   targetCreated.GetCreationDate(),
+						Name:         targetCreatedName,
+						TargetType: &action.Target_RestCall{
+							RestCall: &action.RESTCall{
+								InterruptOnError: false,
+							},
+						},
+						Timeout:    durationpb.New(5 * time.Second),
+						Endpoint:   targetCreatedURL,
+						SigningKey: targetCreated.GetSigningKey(),
+					},
+				}
+				// content for update
 				response.Target = &action.Target{
-					Id:           targetCreated.GetId(),
+					Id:           "changed",
 					CreationDate: targetCreated.GetCreationDate(),
 					ChangeDate:   targetCreated.GetCreationDate(),
 					Name:         targetCreatedName,
@@ -119,18 +135,6 @@ func TestServer_ExecutionTarget(t *testing.T) {
 					SigningKey: targetCreated.GetSigningKey(),
 				}
 
-				// content for partial update
-				changedResponse := &action.GetTargetResponse{
-					Target: &action.Target{
-						Id: targetCreated.GetId(),
-						TargetType: &action.Target_RestCall{
-							RestCall: &action.RESTCall{
-								InterruptOnError: false,
-							},
-						},
-					},
-				}
-
 				// response received by target
 				wantResponse := &middleware.ContextInfoResponse{
 					FullMethod: fullMethod,
@@ -138,14 +142,14 @@ func TestServer_ExecutionTarget(t *testing.T) {
 					OrgID:      orgID,
 					ProjectID:  projectID,
 					UserID:     userID,
-					Request:    changedRequest,
-					Response:   expectedResponse,
+					Request:    middleware.Message{Message: changedRequest},
+					Response:   middleware.Message{Message: expectedResponse},
 				}
 				// after request with different targetID, return changed response
-				targetResponseURL, closeResponse, calledResponse, _ := integration.TestServerCall(wantResponse, 0, http.StatusOK, changedResponse)
+				targetResponseURL, closeResponse, calledResponse, _ := integration.TestServerCallProto(wantResponse, 0, http.StatusOK, changedResponse)
 
 				targetResponse := waitForTarget(ctx, t, instance, targetResponseURL, domain.TargetTypeCall, false)
-				waitForExecutionOnCondition(ctx, t, instance, conditionResponseFullMethod(fullMethod), executionTargetsSingleTarget(targetResponse.GetId()))
+				waitForExecutionOnCondition(ctx, t, instance, conditionResponseFullMethod(fullMethod), []string{targetResponse.GetId()})
 				return func() {
 						closeRequest()
 						closeResponse()
@@ -167,9 +171,7 @@ func TestServer_ExecutionTarget(t *testing.T) {
 				Id: "something",
 			},
 			want: &action.GetTargetResponse{
-				Target: &action.Target{
-					Id: "changed",
-				},
+				// defined in the dependency function
 			},
 		},
 		{
@@ -181,11 +183,11 @@ func TestServer_ExecutionTarget(t *testing.T) {
 				userID := instance.Users.Get(integration.UserTypeIAMOwner).ID
 
 				// request received by target
-				wantRequest := &middleware.ContextInfoRequest{FullMethod: fullMethod, InstanceID: instance.ID(), OrgID: orgID, ProjectID: projectID, UserID: userID, Request: request}
-				urlRequest, closeRequest, calledRequest, _ := integration.TestServerCall(wantRequest, 0, http.StatusInternalServerError, &action.GetTargetRequest{Id: "notchanged"})
+				wantRequest := &middleware.ContextInfoRequest{FullMethod: fullMethod, InstanceID: instance.ID(), OrgID: orgID, ProjectID: projectID, UserID: userID, Request: middleware.Message{Message: request}}
+				urlRequest, closeRequest, calledRequest, _ := integration.TestServerCallProto(wantRequest, 0, http.StatusInternalServerError, nil)
 
 				targetRequest := waitForTarget(ctx, t, instance, urlRequest, domain.TargetTypeCall, true)
-				waitForExecutionOnCondition(ctx, t, instance, conditionRequestFullMethod(fullMethod), executionTargetsSingleTarget(targetRequest.GetId()))
+				waitForExecutionOnCondition(ctx, t, instance, conditionRequestFullMethod(fullMethod), []string{targetRequest.GetId()})
 				// GetTarget with used target
 				request.Id = targetRequest.GetId()
 				return func() {
@@ -234,17 +236,6 @@ func TestServer_ExecutionTarget(t *testing.T) {
 						SigningKey: targetCreated.GetSigningKey(),
 					},
 				}
-				// content for partial update
-				changedResponse := &action.GetTargetResponse{
-					Target: &action.Target{
-						Id: "changed",
-						TargetType: &action.Target_RestCall{
-							RestCall: &action.RESTCall{
-								InterruptOnError: false,
-							},
-						},
-					},
-				}
 
 				// response received by target
 				wantResponse := &middleware.ContextInfoResponse{
@@ -253,14 +244,14 @@ func TestServer_ExecutionTarget(t *testing.T) {
 					OrgID:      orgID,
 					ProjectID:  projectID,
 					UserID:     userID,
-					Request:    request,
-					Response:   expectedResponse,
+					Request:    middleware.Message{Message: request},
+					Response:   middleware.Message{Message: expectedResponse},
 				}
 				// after request with different targetID, return changed response
-				targetResponseURL, closeResponse, calledResponse, _ := integration.TestServerCall(wantResponse, 0, http.StatusInternalServerError, changedResponse)
+				targetResponseURL, closeResponse, calledResponse, _ := integration.TestServerCallProto(wantResponse, 0, http.StatusInternalServerError, nil)
 
 				targetResponse := waitForTarget(ctx, t, instance, targetResponseURL, domain.TargetTypeCall, true)
-				waitForExecutionOnCondition(ctx, t, instance, conditionResponseFullMethod(fullMethod), executionTargetsSingleTarget(targetResponse.GetId()))
+				waitForExecutionOnCondition(ctx, t, instance, conditionResponseFullMethod(fullMethod), []string{targetResponse.GetId()})
 				return func() {
 						closeResponse()
 					}, func() bool {
@@ -301,7 +292,6 @@ func TestServer_ExecutionTarget(t *testing.T) {
 
 func TestServer_ExecutionTarget_Event(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 
 	event := "session.added"
@@ -309,7 +299,7 @@ func TestServer_ExecutionTarget_Event(t *testing.T) {
 	defer closeF()
 
 	targetResponse := waitForTarget(isolatedIAMOwnerCTX, t, instance, urlRequest, domain.TargetTypeWebhook, true)
-	waitForExecutionOnCondition(isolatedIAMOwnerCTX, t, instance, conditionEvent(event), executionTargetsSingleTarget(targetResponse.GetId()))
+	waitForExecutionOnCondition(isolatedIAMOwnerCTX, t, instance, conditionEvent(event), []string{targetResponse.GetId()})
 
 	tests := []struct {
 		name          string
@@ -359,7 +349,6 @@ func TestServer_ExecutionTarget_Event(t *testing.T) {
 
 func TestServer_ExecutionTarget_Event_LongerThanTargetTimeout(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 
 	event := "session.added"
@@ -368,7 +357,7 @@ func TestServer_ExecutionTarget_Event_LongerThanTargetTimeout(t *testing.T) {
 	defer closeF()
 
 	targetResponse := waitForTarget(isolatedIAMOwnerCTX, t, instance, urlRequest, domain.TargetTypeWebhook, true)
-	waitForExecutionOnCondition(isolatedIAMOwnerCTX, t, instance, conditionEvent(event), executionTargetsSingleTarget(targetResponse.GetId()))
+	waitForExecutionOnCondition(isolatedIAMOwnerCTX, t, instance, conditionEvent(event), []string{targetResponse.GetId()})
 
 	tests := []struct {
 		name          string
@@ -412,7 +401,6 @@ func TestServer_ExecutionTarget_Event_LongerThanTargetTimeout(t *testing.T) {
 
 func TestServer_ExecutionTarget_Event_LongerThanTransactionTimeout(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 
 	event := "session.added"
@@ -420,7 +408,7 @@ func TestServer_ExecutionTarget_Event_LongerThanTransactionTimeout(t *testing.T)
 	defer closeF()
 
 	targetResponse := waitForTarget(isolatedIAMOwnerCTX, t, instance, urlRequest, domain.TargetTypeWebhook, true)
-	waitForExecutionOnCondition(isolatedIAMOwnerCTX, t, instance, conditionEvent(event), executionTargetsSingleTarget(targetResponse.GetId()))
+	waitForExecutionOnCondition(isolatedIAMOwnerCTX, t, instance, conditionEvent(event), []string{targetResponse.GetId()})
 
 	tests := []struct {
 		name          string
@@ -474,7 +462,7 @@ func TestServer_ExecutionTarget_Event_LongerThanTransactionTimeout(t *testing.T)
 	}
 }
 
-func waitForExecutionOnCondition(ctx context.Context, t *testing.T, instance *integration.Instance, condition *action.Condition, targets []*action.ExecutionTargetType) {
+func waitForExecutionOnCondition(ctx context.Context, t *testing.T, instance *integration.Instance, condition *action.Condition, targets []string) {
 	instance.SetExecution(ctx, t, condition, targets)
 
 	retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
@@ -496,7 +484,7 @@ func waitForExecutionOnCondition(ctx context.Context, t *testing.T, instance *in
 		// always first check length, otherwise its failed anyway
 		if assert.Len(ttt, gotTargets, len(targets)) {
 			for i := range targets {
-				assert.EqualExportedValues(ttt, targets[i].GetType(), gotTargets[i].GetType())
+				assert.EqualExportedValues(ttt, targets[i], gotTargets[i])
 			}
 		}
 	}, retryDuration, tick, "timeout waiting for expected execution result")
@@ -589,7 +577,6 @@ func conditionFunction(function string) *action.Condition {
 
 func TestServer_ExecutionTargetPreUserinfo(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	ctxLoginClient := instance.WithAuthorization(CTX, integration.UserTypeLogin)
 
@@ -785,7 +772,7 @@ func expectPreUserinfoExecution(ctx context.Context, t *testing.T, instance *int
 	targetURL, closeF, _, _ := integration.TestServerCall(expectedContextInfo, 0, http.StatusOK, response)
 
 	targetResp := waitForTarget(ctx, t, instance, targetURL, domain.TargetTypeCall, true)
-	waitForExecutionOnCondition(ctx, t, instance, conditionFunction("preuserinfo"), executionTargetsSingleTarget(targetResp.GetId()))
+	waitForExecutionOnCondition(ctx, t, instance, conditionFunction("preuserinfo"), []string{targetResp.GetId()})
 	return userResp.GetUserId(), closeF
 }
 
@@ -903,7 +890,6 @@ func contextInfoForUserOIDC(instance *integration.Instance, function string, use
 
 func TestServer_ExecutionTargetPreAccessToken(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	ctxLoginClient := instance.WithAuthorization(CTX, integration.UserTypeLogin)
 
@@ -1091,13 +1077,12 @@ func expectPreAccessTokenExecution(ctx context.Context, t *testing.T, instance *
 	targetURL, closeF, _, _ := integration.TestServerCall(expectedContextInfo, 0, http.StatusOK, response)
 
 	targetResp := waitForTarget(ctx, t, instance, targetURL, domain.TargetTypeCall, true)
-	waitForExecutionOnCondition(ctx, t, instance, conditionFunction("preaccesstoken"), executionTargetsSingleTarget(targetResp.GetId()))
+	waitForExecutionOnCondition(ctx, t, instance, conditionFunction("preaccesstoken"), []string{targetResp.GetId()})
 	return userResp.GetUserId(), closeF
 }
 
 func TestServer_ExecutionTargetPreSAMLResponse(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	ctxLoginClient := instance.WithAuthorization(CTX, integration.UserTypeLogin)
 
@@ -1257,7 +1242,7 @@ func expectPreSAMLResponseExecution(ctx context.Context, t *testing.T, instance
 	targetURL, closeF, _, _ := integration.TestServerCall(expectedContextInfo, 0, http.StatusOK, response)
 
 	targetResp := waitForTarget(ctx, t, instance, targetURL, domain.TargetTypeCall, true)
-	waitForExecutionOnCondition(ctx, t, instance, conditionFunction("presamlresponse"), executionTargetsSingleTarget(targetResp.GetId()))
+	waitForExecutionOnCondition(ctx, t, instance, conditionFunction("presamlresponse"), []string{targetResp.GetId()})
 
 	return userResp.GetUserId(), closeF
 }
diff --git a/internal/api/grpc/action/v2beta/integration_test/execution_test.go b/internal/api/grpc/action/v2beta/integration_test/execution_test.go
index 3af419d97b..2199b9f454 100644
--- a/internal/api/grpc/action/v2beta/integration_test/execution_test.go
+++ b/internal/api/grpc/action/v2beta/integration_test/execution_test.go
@@ -15,17 +15,8 @@ import (
 	action "github.com/zitadel/zitadel/pkg/grpc/action/v2beta"
 )
 
-func executionTargetsSingleTarget(id string) []*action.ExecutionTargetType {
-	return []*action.ExecutionTargetType{{Type: &action.ExecutionTargetType_Target{Target: id}}}
-}
-
-func executionTargetsSingleInclude(include *action.Condition) []*action.ExecutionTargetType {
-	return []*action.ExecutionTargetType{{Type: &action.ExecutionTargetType_Include{Include: include}}}
-}
-
 func TestServer_SetExecution_Request(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	targetResp := instance.CreateTarget(isolatedIAMOwnerCTX, t, "", "https://notexisting", domain.TargetTypeWebhook, false)
 
@@ -59,7 +50,7 @@ func TestServer_SetExecution_Request(t *testing.T) {
 						Request: &action.RequestExecution{},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantErr: true,
 		},
@@ -76,7 +67,7 @@ func TestServer_SetExecution_Request(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantErr: true,
 		},
@@ -93,7 +84,7 @@ func TestServer_SetExecution_Request(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantSetDate: true,
 		},
@@ -110,7 +101,7 @@ func TestServer_SetExecution_Request(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantErr: true,
 		},
@@ -127,7 +118,7 @@ func TestServer_SetExecution_Request(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantSetDate: true,
 		},
@@ -144,7 +135,7 @@ func TestServer_SetExecution_Request(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantSetDate: true,
 		},
@@ -181,125 +172,8 @@ func assertSetExecutionResponse(t *testing.T, creationDate, setDate time.Time, e
 	}
 }
 
-func TestServer_SetExecution_Request_Include(t *testing.T) {
-	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
-	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
-	targetResp := instance.CreateTarget(isolatedIAMOwnerCTX, t, "", "https://notexisting", domain.TargetTypeWebhook, false)
-	executionCond := &action.Condition{
-		ConditionType: &action.Condition_Request{
-			Request: &action.RequestExecution{
-				Condition: &action.RequestExecution_All{
-					All: true,
-				},
-			},
-		},
-	}
-	instance.SetExecution(isolatedIAMOwnerCTX, t,
-		executionCond,
-		executionTargetsSingleTarget(targetResp.GetId()),
-	)
-
-	circularExecutionService := &action.Condition{
-		ConditionType: &action.Condition_Request{
-			Request: &action.RequestExecution{
-				Condition: &action.RequestExecution_Service{
-					Service: "zitadel.session.v2beta.SessionService",
-				},
-			},
-		},
-	}
-	instance.SetExecution(isolatedIAMOwnerCTX, t,
-		circularExecutionService,
-		executionTargetsSingleInclude(executionCond),
-	)
-	circularExecutionMethod := &action.Condition{
-		ConditionType: &action.Condition_Request{
-			Request: &action.RequestExecution{
-				Condition: &action.RequestExecution_Method{
-					Method: "/zitadel.session.v2beta.SessionService/ListSessions",
-				},
-			},
-		},
-	}
-	instance.SetExecution(isolatedIAMOwnerCTX, t,
-		circularExecutionMethod,
-		executionTargetsSingleInclude(circularExecutionService),
-	)
-
-	tests := []struct {
-		name        string
-		ctx         context.Context
-		req         *action.SetExecutionRequest
-		wantSetDate bool
-		wantErr     bool
-	}{
-		{
-			name: "method, circular error",
-			ctx:  isolatedIAMOwnerCTX,
-			req: &action.SetExecutionRequest{
-				Condition: circularExecutionService,
-				Targets:   executionTargetsSingleInclude(circularExecutionMethod),
-			},
-			wantErr: true,
-		},
-		{
-			name: "method, ok",
-			ctx:  isolatedIAMOwnerCTX,
-			req: &action.SetExecutionRequest{
-				Condition: &action.Condition{
-					ConditionType: &action.Condition_Request{
-						Request: &action.RequestExecution{
-							Condition: &action.RequestExecution_Method{
-								Method: "/zitadel.session.v2beta.SessionService/ListSessions",
-							},
-						},
-					},
-				},
-				Targets: executionTargetsSingleInclude(executionCond),
-			},
-			wantSetDate: true,
-		},
-		{
-			name: "service, ok",
-			ctx:  isolatedIAMOwnerCTX,
-			req: &action.SetExecutionRequest{
-				Condition: &action.Condition{
-					ConditionType: &action.Condition_Request{
-						Request: &action.RequestExecution{
-							Condition: &action.RequestExecution_Service{
-								Service: "zitadel.user.v2beta.UserService",
-							},
-						},
-					},
-				},
-				Targets: executionTargetsSingleInclude(executionCond),
-			},
-			wantSetDate: true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			creationDate := time.Now().UTC()
-			got, err := instance.Client.ActionV2beta.SetExecution(tt.ctx, tt.req)
-			setDate := time.Now().UTC()
-			if tt.wantErr {
-				require.Error(t, err)
-				return
-			}
-			require.NoError(t, err)
-
-			assertSetExecutionResponse(t, creationDate, setDate, tt.wantSetDate, got)
-
-			// cleanup to not impact other requests
-			instance.DeleteExecution(tt.ctx, t, tt.req.GetCondition())
-		})
-	}
-}
-
 func TestServer_SetExecution_Response(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	targetResp := instance.CreateTarget(isolatedIAMOwnerCTX, t, "", "https://notexisting", domain.TargetTypeWebhook, false)
 
@@ -333,7 +207,7 @@ func TestServer_SetExecution_Response(t *testing.T) {
 						Response: &action.ResponseExecution{},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantErr: true,
 		},
@@ -350,7 +224,7 @@ func TestServer_SetExecution_Response(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantErr: true,
 		},
@@ -367,7 +241,7 @@ func TestServer_SetExecution_Response(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantSetDate: true,
 		},
@@ -384,7 +258,7 @@ func TestServer_SetExecution_Response(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantErr: true,
 		},
@@ -401,7 +275,7 @@ func TestServer_SetExecution_Response(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantSetDate: true,
 		},
@@ -418,7 +292,7 @@ func TestServer_SetExecution_Response(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantSetDate: true,
 		},
@@ -444,7 +318,6 @@ func TestServer_SetExecution_Response(t *testing.T) {
 
 func TestServer_SetExecution_Event(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	targetResp := instance.CreateTarget(isolatedIAMOwnerCTX, t, "", "https://notexisting", domain.TargetTypeWebhook, false)
 
@@ -480,7 +353,7 @@ func TestServer_SetExecution_Event(t *testing.T) {
 						Event: &action.EventExecution{},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantErr: true,
 		},
@@ -497,7 +370,7 @@ func TestServer_SetExecution_Event(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantErr: true,
 		},
@@ -514,7 +387,7 @@ func TestServer_SetExecution_Event(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantSetDate: true,
 		},
@@ -531,7 +404,7 @@ func TestServer_SetExecution_Event(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantErr: true,
 		},
@@ -548,7 +421,7 @@ func TestServer_SetExecution_Event(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantSetDate: true,
 		},
@@ -565,7 +438,7 @@ func TestServer_SetExecution_Event(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantSetDate: true,
 		},
@@ -582,7 +455,7 @@ func TestServer_SetExecution_Event(t *testing.T) {
 						},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantSetDate: true,
 		},
@@ -608,7 +481,6 @@ func TestServer_SetExecution_Event(t *testing.T) {
 
 func TestServer_SetExecution_Function(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	targetResp := instance.CreateTarget(isolatedIAMOwnerCTX, t, "", "https://notexisting", domain.TargetTypeWebhook, false)
 
@@ -642,7 +514,7 @@ func TestServer_SetExecution_Function(t *testing.T) {
 						Response: &action.ResponseExecution{},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantErr: true,
 		},
@@ -655,7 +527,7 @@ func TestServer_SetExecution_Function(t *testing.T) {
 						Function: &action.FunctionExecution{Name: "xxx"},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantErr: true,
 		},
@@ -668,7 +540,7 @@ func TestServer_SetExecution_Function(t *testing.T) {
 						Function: &action.FunctionExecution{Name: "presamlresponse"},
 					},
 				},
-				Targets: executionTargetsSingleTarget(targetResp.GetId()),
+				Targets: []string{targetResp.GetId()},
 			},
 			wantSetDate: true,
 		},
diff --git a/internal/api/grpc/action/v2beta/integration_test/query_test.go b/internal/api/grpc/action/v2beta/integration_test/query_test.go
index c5159d39da..5c59bee5d1 100644
--- a/internal/api/grpc/action/v2beta/integration_test/query_test.go
+++ b/internal/api/grpc/action/v2beta/integration_test/query_test.go
@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/brianvoe/gofakeit/v6"
+	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/durationpb"
@@ -20,7 +21,6 @@ import (
 
 func TestServer_GetTarget(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	type args struct {
 		ctx context.Context
@@ -213,7 +213,6 @@ func TestServer_GetTarget(t *testing.T) {
 
 func TestServer_ListTargets(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	type args struct {
 		ctx context.Context
@@ -446,7 +445,6 @@ func assertPaginationResponse(t *assert.CollectT, expected *filter.PaginationRes
 
 func TestServer_ListExecutions(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	targetResp := instance.CreateTarget(isolatedIAMOwnerCTX, t, "", "https://example.com", domain.TargetTypeWebhook, false)
 
@@ -475,7 +473,7 @@ func TestServer_ListExecutions(t *testing.T) {
 				ctx: isolatedIAMOwnerCTX,
 				dep: func(ctx context.Context, request *action.ListExecutionsRequest, response *action.ListExecutionsResponse) {
 					cond := request.Filters[0].GetInConditionsFilter().GetConditions()[0]
-					resp := instance.SetExecution(ctx, t, cond, executionTargetsSingleTarget(targetResp.GetId()))
+					resp := instance.SetExecution(ctx, t, cond, []string{targetResp.GetId()})
 
 					// Set expected response with used values for SetExecution
 					response.Result[0].CreationDate = resp.GetSetDate()
@@ -516,7 +514,7 @@ func TestServer_ListExecutions(t *testing.T) {
 								},
 							},
 						},
-						Targets: executionTargetsSingleTarget(targetResp.GetId()),
+						Targets: []string{targetResp.GetId()},
 					},
 				},
 			},
@@ -544,13 +542,12 @@ func TestServer_ListExecutions(t *testing.T) {
 							},
 						},
 					}
-					targets := executionTargetsSingleTarget(target.GetId())
-					resp := instance.SetExecution(ctx, t, cond, targets)
+					resp := instance.SetExecution(ctx, t, cond, []string{target.GetId()})
 
 					response.Result[0].CreationDate = resp.GetSetDate()
 					response.Result[0].ChangeDate = resp.GetSetDate()
 					response.Result[0].Condition = cond
-					response.Result[0].Targets = targets
+					response.Result[0].Targets = []string{target.GetId()}
 				},
 				req: &action.ListExecutionsRequest{
 					Filters: []*action.ExecutionSearchFilter{{}},
@@ -564,63 +561,10 @@ func TestServer_ListExecutions(t *testing.T) {
 				Result: []*action.Execution{
 					{
 						Condition: &action.Condition{},
-						Targets:   executionTargetsSingleTarget(""),
+						Targets:   []string{""},
 					},
 				},
 			},
-		}, {
-			name: "list request single include",
-			args: args{
-				ctx: isolatedIAMOwnerCTX,
-				dep: func(ctx context.Context, request *action.ListExecutionsRequest, response *action.ListExecutionsResponse) {
-					cond := &action.Condition{
-						ConditionType: &action.Condition_Request{
-							Request: &action.RequestExecution{
-								Condition: &action.RequestExecution_Method{
-									Method: "/zitadel.management.v1.ManagementService/GetAction",
-								},
-							},
-						},
-					}
-					instance.SetExecution(ctx, t, cond, executionTargetsSingleTarget(targetResp.GetId()))
-					request.Filters[0].GetIncludeFilter().Include = cond
-
-					includeCond := &action.Condition{
-						ConditionType: &action.Condition_Request{
-							Request: &action.RequestExecution{
-								Condition: &action.RequestExecution_Method{
-									Method: "/zitadel.management.v1.ManagementService/ListActions",
-								},
-							},
-						},
-					}
-					includeTargets := executionTargetsSingleInclude(cond)
-					resp2 := instance.SetExecution(ctx, t, includeCond, includeTargets)
-
-					response.Result[0] = &action.Execution{
-						Condition:    includeCond,
-						CreationDate: resp2.GetSetDate(),
-						ChangeDate:   resp2.GetSetDate(),
-						Targets:      includeTargets,
-					}
-				},
-				req: &action.ListExecutionsRequest{
-					Filters: []*action.ExecutionSearchFilter{{
-						Filter: &action.ExecutionSearchFilter_IncludeFilter{
-							IncludeFilter: &action.IncludeFilter{},
-						},
-					}},
-				},
-			},
-			want: &action.ListExecutionsResponse{
-				Pagination: &filter.PaginationResponse{
-					TotalResult:  1,
-					AppliedLimit: 100,
-				},
-				Result: []*action.Execution{
-					{},
-				},
-			},
 		},
 		{
 			name: "list multiple conditions",
@@ -659,33 +603,30 @@ func TestServer_ListExecutions(t *testing.T) {
 					}
 
 					cond1 := request.Filters[0].GetInConditionsFilter().GetConditions()[0]
-					targets1 := executionTargetsSingleTarget(targetResp.GetId())
-					resp1 := instance.SetExecution(ctx, t, cond1, targets1)
+					resp1 := instance.SetExecution(ctx, t, cond1, []string{targetResp.GetId()})
 					response.Result[2] = &action.Execution{
 						CreationDate: resp1.GetSetDate(),
 						ChangeDate:   resp1.GetSetDate(),
 						Condition:    cond1,
-						Targets:      targets1,
+						Targets:      []string{targetResp.GetId()},
 					}
 
 					cond2 := request.Filters[0].GetInConditionsFilter().GetConditions()[1]
-					targets2 := executionTargetsSingleTarget(targetResp.GetId())
-					resp2 := instance.SetExecution(ctx, t, cond2, targets2)
+					resp2 := instance.SetExecution(ctx, t, cond2, []string{targetResp.GetId()})
 					response.Result[1] = &action.Execution{
 						CreationDate: resp2.GetSetDate(),
 						ChangeDate:   resp2.GetSetDate(),
 						Condition:    cond2,
-						Targets:      targets2,
+						Targets:      []string{targetResp.GetId()},
 					}
 
 					cond3 := request.Filters[0].GetInConditionsFilter().GetConditions()[2]
-					targets3 := executionTargetsSingleTarget(targetResp.GetId())
-					resp3 := instance.SetExecution(ctx, t, cond3, targets3)
+					resp3 := instance.SetExecution(ctx, t, cond3, []string{targetResp.GetId()})
 					response.Result[0] = &action.Execution{
 						CreationDate: resp3.GetSetDate(),
 						ChangeDate:   resp3.GetSetDate(),
 						Condition:    cond3,
-						Targets:      targets3,
+						Targets:      []string{targetResp.GetId()},
 					}
 				},
 				req: &action.ListExecutionsRequest{
@@ -709,15 +650,14 @@ func TestServer_ListExecutions(t *testing.T) {
 			args: args{
 				ctx: isolatedIAMOwnerCTX,
 				dep: func(ctx context.Context, request *action.ListExecutionsRequest, response *action.ListExecutionsResponse) {
-					targets := executionTargetsSingleTarget(targetResp.GetId())
 					conditions := request.Filters[0].GetInConditionsFilter().GetConditions()
 					for i, cond := range conditions {
-						resp := instance.SetExecution(ctx, t, cond, targets)
+						resp := instance.SetExecution(ctx, t, cond, []string{targetResp.GetId()})
 						response.Result[(len(conditions)-1)-i] = &action.Execution{
 							CreationDate: resp.GetSetDate(),
 							ChangeDate:   resp.GetSetDate(),
 							Condition:    cond,
-							Targets:      targets,
+							Targets:      []string{targetResp.GetId()},
 						}
 					}
 				},
@@ -761,6 +701,63 @@ func TestServer_ListExecutions(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "list multiple conditions all types, sort id",
+			args: args{
+				ctx: isolatedIAMOwnerCTX,
+				dep: func(ctx context.Context, request *action.ListExecutionsRequest, response *action.ListExecutionsResponse) {
+					conditions := request.Filters[0].GetInConditionsFilter().GetConditions()
+					for i, cond := range conditions {
+						resp := instance.SetExecution(ctx, t, cond, []string{targetResp.GetId()})
+						response.Result[i] = &action.Execution{
+							CreationDate: resp.GetSetDate(),
+							ChangeDate:   resp.GetSetDate(),
+							Condition:    cond,
+							Targets:      []string{targetResp.GetId()},
+						}
+					}
+				},
+				req: &action.ListExecutionsRequest{
+					SortingColumn: gu.Ptr(action.ExecutionFieldName_EXECUTION_FIELD_NAME_ID),
+					Filters: []*action.ExecutionSearchFilter{{
+						Filter: &action.ExecutionSearchFilter_InConditionsFilter{
+							InConditionsFilter: &action.InConditionsFilter{
+								Conditions: []*action.Condition{
+									{ConditionType: &action.Condition_Response{Response: &action.ResponseExecution{Condition: &action.ResponseExecution_Method{Method: "/zitadel.session.v2.SessionService/GetSession"}}}},
+									{ConditionType: &action.Condition_Response{Response: &action.ResponseExecution{Condition: &action.ResponseExecution_Service{Service: "zitadel.session.v2.SessionService"}}}},
+									{ConditionType: &action.Condition_Response{Response: &action.ResponseExecution{Condition: &action.ResponseExecution_All{All: true}}}},
+									{ConditionType: &action.Condition_Request{Request: &action.RequestExecution{Condition: &action.RequestExecution_Method{Method: "/zitadel.session.v2.SessionService/GetSession"}}}},
+									{ConditionType: &action.Condition_Request{Request: &action.RequestExecution{Condition: &action.RequestExecution_Service{Service: "zitadel.session.v2.SessionService"}}}},
+									{ConditionType: &action.Condition_Request{Request: &action.RequestExecution{Condition: &action.RequestExecution_All{All: true}}}},
+									{ConditionType: &action.Condition_Function{Function: &action.FunctionExecution{Name: "presamlresponse"}}},
+									{ConditionType: &action.Condition_Event{Event: &action.EventExecution{Condition: &action.EventExecution_Event{Event: "user.added"}}}},
+									{ConditionType: &action.Condition_Event{Event: &action.EventExecution{Condition: &action.EventExecution_Group{Group: "user"}}}},
+									{ConditionType: &action.Condition_Event{Event: &action.EventExecution{Condition: &action.EventExecution_All{All: true}}}},
+								},
+							},
+						},
+					}},
+				},
+			},
+			want: &action.ListExecutionsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  10,
+					AppliedLimit: 100,
+				},
+				Result: []*action.Execution{
+					{},
+					{},
+					{},
+					{},
+					{},
+					{},
+					{},
+					{},
+					{},
+					{},
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/internal/api/grpc/action/v2beta/integration_test/server_test.go b/internal/api/grpc/action/v2beta/integration_test/server_test.go
index 89a33dd40e..07ee051c63 100644
--- a/internal/api/grpc/action/v2beta/integration_test/server_test.go
+++ b/internal/api/grpc/action/v2beta/integration_test/server_test.go
@@ -7,14 +7,6 @@ import (
 	"os"
 	"testing"
 	"time"
-
-	"github.com/muhlemmer/gu"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-
-	"github.com/zitadel/zitadel/internal/integration"
-	action "github.com/zitadel/zitadel/pkg/grpc/action/v2beta"
-	"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
 )
 
 var (
@@ -29,41 +21,3 @@ func TestMain(m *testing.M) {
 		return m.Run()
 	}())
 }
-
-func ensureFeatureEnabled(t *testing.T, instance *integration.Instance) {
-	ctx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
-	f, err := instance.Client.FeatureV2.GetInstanceFeatures(ctx, &feature.GetInstanceFeaturesRequest{
-		Inheritance: true,
-	})
-	require.NoError(t, err)
-	if f.Actions.GetEnabled() {
-		return
-	}
-	_, err = instance.Client.FeatureV2.SetInstanceFeatures(ctx, &feature.SetInstanceFeaturesRequest{
-		Actions: gu.Ptr(true),
-	})
-	require.NoError(t, err)
-
-	retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, 5*time.Minute)
-	require.EventuallyWithT(t,
-		func(ttt *assert.CollectT) {
-			f, err := instance.Client.FeatureV2.GetInstanceFeatures(ctx, &feature.GetInstanceFeaturesRequest{
-				Inheritance: true,
-			})
-			assert.NoError(ttt, err)
-			assert.True(ttt, f.Actions.GetEnabled())
-		},
-		retryDuration,
-		tick,
-		"timed out waiting for ensuring instance feature")
-
-	retryDuration, tick = integration.WaitForAndTickWithMaxDuration(ctx, 5*time.Minute)
-	require.EventuallyWithT(t,
-		func(ttt *assert.CollectT) {
-			_, err := instance.Client.ActionV2beta.ListExecutionMethods(ctx, &action.ListExecutionMethodsRequest{})
-			assert.NoError(ttt, err)
-		},
-		retryDuration,
-		tick,
-		"timed out waiting for ensuring instance feature call")
-}
diff --git a/internal/api/grpc/action/v2beta/integration_test/target_test.go b/internal/api/grpc/action/v2beta/integration_test/target_test.go
index 2fda64b86a..8238d3146d 100644
--- a/internal/api/grpc/action/v2beta/integration_test/target_test.go
+++ b/internal/api/grpc/action/v2beta/integration_test/target_test.go
@@ -19,7 +19,6 @@ import (
 
 func TestServer_CreateTarget(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	type want struct {
 		id           bool
@@ -244,7 +243,6 @@ func assertCreateTargetResponse(t *testing.T, creationDate, changeDate time.Time
 
 func TestServer_UpdateTarget(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	type args struct {
 		ctx context.Context
@@ -463,7 +461,6 @@ func assertUpdateTargetResponse(t *testing.T, creationDate, changeDate time.Time
 
 func TestServer_DeleteTarget(t *testing.T) {
 	instance := integration.NewInstance(CTX)
-	ensureFeatureEnabled(t, instance)
 	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	tests := []struct {
 		name             string
diff --git a/internal/api/grpc/action/v2beta/query.go b/internal/api/grpc/action/v2beta/query.go
index d8d6cd3e95..66bafa4e7d 100644
--- a/internal/api/grpc/action/v2beta/query.go
+++ b/internal/api/grpc/action/v2beta/query.go
@@ -23,10 +23,6 @@ const (
 )
 
 func (s *Server) GetTarget(ctx context.Context, req *action.GetTargetRequest) (*action.GetTargetResponse, error) {
-	if err := checkActionsEnabled(ctx); err != nil {
-		return nil, err
-	}
-
 	resp, err := s.query.GetTargetByID(ctx, req.GetId())
 	if err != nil {
 		return nil, err
@@ -46,9 +42,6 @@ type Context interface {
 }
 
 func (s *Server) ListTargets(ctx context.Context, req *action.ListTargetsRequest) (*action.ListTargetsResponse, error) {
-	if err := checkActionsEnabled(ctx); err != nil {
-		return nil, err
-	}
 	queries, err := s.ListTargetsRequestToModel(req)
 	if err != nil {
 		return nil, err
@@ -64,9 +57,6 @@ func (s *Server) ListTargets(ctx context.Context, req *action.ListTargetsRequest
 }
 
 func (s *Server) ListExecutions(ctx context.Context, req *action.ListExecutionsRequest) (*action.ListExecutionsResponse, error) {
-	if err := checkActionsEnabled(ctx); err != nil {
-		return nil, err
-	}
 	queries, err := s.ListExecutionsRequestToModel(req)
 	if err != nil {
 		return nil, err
@@ -252,12 +242,6 @@ func executionQueryToQuery(searchQuery *action.ExecutionSearchFilter) (query.Sea
 		return inConditionsQueryToQuery(q.InConditionsFilter)
 	case *action.ExecutionSearchFilter_ExecutionTypeFilter:
 		return executionTypeToQuery(q.ExecutionTypeFilter)
-	case *action.ExecutionSearchFilter_IncludeFilter:
-		include, err := conditionToInclude(q.IncludeFilter.GetInclude())
-		if err != nil {
-			return nil, err
-		}
-		return query.NewIncludeSearchQuery(include)
 	case *action.ExecutionSearchFilter_TargetFilter:
 		return query.NewTargetSearchQuery(q.TargetFilter.GetTargetId())
 	default:
@@ -333,14 +317,12 @@ func executionsToPb(executions []*query.Execution) []*action.Execution {
 }
 
 func executionToPb(e *query.Execution) *action.Execution {
-	targets := make([]*action.ExecutionTargetType, len(e.Targets))
+	targets := make([]string, len(e.Targets))
 	for i := range e.Targets {
 		switch e.Targets[i].Type {
-		case domain.ExecutionTargetTypeInclude:
-			targets[i] = &action.ExecutionTargetType{Type: &action.ExecutionTargetType_Include{Include: executionIDToCondition(e.Targets[i].Target)}}
 		case domain.ExecutionTargetTypeTarget:
-			targets[i] = &action.ExecutionTargetType{Type: &action.ExecutionTargetType_Target{Target: e.Targets[i].Target}}
-		case domain.ExecutionTargetTypeUnspecified:
+			targets[i] = e.Targets[i].Target
+		case domain.ExecutionTargetTypeInclude, domain.ExecutionTargetTypeUnspecified:
 			continue
 		default:
 			continue
diff --git a/internal/api/grpc/action/v2beta/server.go b/internal/api/grpc/action/v2beta/server.go
index 069f456ceb..ef0d8eb2ba 100644
--- a/internal/api/grpc/action/v2beta/server.go
+++ b/internal/api/grpc/action/v2beta/server.go
@@ -1,8 +1,6 @@
 package action
 
 import (
-	"context"
-
 	"google.golang.org/grpc"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -10,7 +8,6 @@ import (
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/config/systemdefaults"
 	"github.com/zitadel/zitadel/internal/query"
-	"github.com/zitadel/zitadel/internal/zerrors"
 	action "github.com/zitadel/zitadel/pkg/grpc/action/v2beta"
 )
 
@@ -65,10 +62,3 @@ func (s *Server) AuthMethods() authz.MethodMapping {
 func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
 	return action.RegisterActionServiceHandler
 }
-
-func checkActionsEnabled(ctx context.Context) error {
-	if authz.GetInstance(ctx).Features().Actions {
-		return nil
-	}
-	return zerrors.ThrowPreconditionFailed(nil, "ACTION-8o6pvqfjhs", "Errors.Action.NotEnabled")
-}
diff --git a/internal/api/grpc/action/v2beta/target.go b/internal/api/grpc/action/v2beta/target.go
index 7dc636f29a..26c88b9683 100644
--- a/internal/api/grpc/action/v2beta/target.go
+++ b/internal/api/grpc/action/v2beta/target.go
@@ -14,9 +14,6 @@ import (
 )
 
 func (s *Server) CreateTarget(ctx context.Context, req *action.CreateTargetRequest) (*action.CreateTargetResponse, error) {
-	if err := checkActionsEnabled(ctx); err != nil {
-		return nil, err
-	}
 	add := createTargetToCommand(req)
 	instanceID := authz.GetInstance(ctx).InstanceID()
 	createdAt, err := s.command.AddTarget(ctx, add, instanceID)
@@ -35,9 +32,6 @@ func (s *Server) CreateTarget(ctx context.Context, req *action.CreateTargetReque
 }
 
 func (s *Server) UpdateTarget(ctx context.Context, req *action.UpdateTargetRequest) (*action.UpdateTargetResponse, error) {
-	if err := checkActionsEnabled(ctx); err != nil {
-		return nil, err
-	}
 	instanceID := authz.GetInstance(ctx).InstanceID()
 	update := updateTargetToCommand(req)
 	changedAt, err := s.command.ChangeTarget(ctx, update, instanceID)
@@ -55,9 +49,6 @@ func (s *Server) UpdateTarget(ctx context.Context, req *action.UpdateTargetReque
 }
 
 func (s *Server) DeleteTarget(ctx context.Context, req *action.DeleteTargetRequest) (*action.DeleteTargetResponse, error) {
-	if err := checkActionsEnabled(ctx); err != nil {
-		return nil, err
-	}
 	instanceID := authz.GetInstance(ctx).InstanceID()
 	deletedAt, err := s.command.DeleteTarget(ctx, req.GetId(), instanceID)
 	if err != nil {
diff --git a/internal/api/grpc/feature/v2/converter.go b/internal/api/grpc/feature/v2/converter.go
index 60cf569082..baa45c6c6e 100644
--- a/internal/api/grpc/feature/v2/converter.go
+++ b/internal/api/grpc/feature/v2/converter.go
@@ -22,7 +22,6 @@ func systemFeaturesToCommand(req *feature_pb.SetSystemFeaturesRequest) (*command
 		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
 		LegacyIntrospection:             req.OidcLegacyIntrospection,
 		UserSchema:                      req.UserSchema,
-		Actions:                         req.Actions,
 		TokenExchange:                   req.OidcTokenExchange,
 		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
 		OIDCSingleV1SessionTermination:  req.OidcSingleV1SessionTermination,
@@ -41,7 +40,6 @@ func systemFeaturesToPb(f *query.SystemFeatures) *feature_pb.GetSystemFeaturesRe
 		OidcLegacyIntrospection:             featureSourceToFlagPb(&f.LegacyIntrospection),
 		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
 		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
-		Actions:                             featureSourceToFlagPb(&f.Actions),
 		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
 		OidcSingleV1SessionTermination:      featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
 		DisableUserTokenEvent:               featureSourceToFlagPb(&f.DisableUserTokenEvent),
@@ -62,7 +60,6 @@ func instanceFeaturesToCommand(req *feature_pb.SetInstanceFeaturesRequest) (*com
 		LegacyIntrospection:             req.OidcLegacyIntrospection,
 		UserSchema:                      req.UserSchema,
 		TokenExchange:                   req.OidcTokenExchange,
-		Actions:                         req.Actions,
 		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
 		WebKey:                          req.WebKey,
 		DebugOIDCParentError:            req.DebugOidcParentError,
@@ -83,7 +80,6 @@ func instanceFeaturesToPb(f *query.InstanceFeatures) *feature_pb.GetInstanceFeat
 		OidcLegacyIntrospection:             featureSourceToFlagPb(&f.LegacyIntrospection),
 		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
 		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
-		Actions:                             featureSourceToFlagPb(&f.Actions),
 		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
 		WebKey:                              featureSourceToFlagPb(&f.WebKey),
 		DebugOidcParentError:                featureSourceToFlagPb(&f.DebugOIDCParentError),
diff --git a/internal/api/grpc/feature/v2/converter_test.go b/internal/api/grpc/feature/v2/converter_test.go
index 62cf701eec..f481e4f65a 100644
--- a/internal/api/grpc/feature/v2/converter_test.go
+++ b/internal/api/grpc/feature/v2/converter_test.go
@@ -23,7 +23,6 @@ func Test_systemFeaturesToCommand(t *testing.T) {
 		OidcTriggerIntrospectionProjections: gu.Ptr(false),
 		OidcLegacyIntrospection:             nil,
 		UserSchema:                          gu.Ptr(true),
-		Actions:                             gu.Ptr(true),
 		OidcTokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:                 nil,
 		OidcSingleV1SessionTermination:      gu.Ptr(true),
@@ -37,7 +36,6 @@ func Test_systemFeaturesToCommand(t *testing.T) {
 		TriggerIntrospectionProjections: gu.Ptr(false),
 		LegacyIntrospection:             nil,
 		UserSchema:                      gu.Ptr(true),
-		Actions:                         gu.Ptr(true),
 		TokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:             nil,
 		OIDCSingleV1SessionTermination:  gu.Ptr(true),
@@ -74,10 +72,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: true,
 		},
-		Actions: query.FeatureSource[bool]{
-			Level: feature.LevelSystem,
-			Value: true,
-		},
 		TokenExchange: query.FeatureSource[bool]{
 			Level: feature.LevelSystem,
 			Value: false,
@@ -132,10 +126,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Enabled: false,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
 		},
-		Actions: &feature_pb.FeatureFlag{
-			Enabled: true,
-			Source:  feature_pb.Source_SOURCE_SYSTEM,
-		},
 		ImprovedPerformance: &feature_pb.ImprovedPerformanceFeatureFlag{
 			ExecutionPaths: []feature_pb.ImprovedPerformance{feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_ORG_BY_ID},
 			Source:         feature_pb.Source_SOURCE_SYSTEM,
@@ -173,7 +163,6 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 		OidcLegacyIntrospection:             nil,
 		UserSchema:                          gu.Ptr(true),
 		OidcTokenExchange:                   gu.Ptr(true),
-		Actions:                             gu.Ptr(true),
 		ImprovedPerformance:                 nil,
 		WebKey:                              gu.Ptr(true),
 		DebugOidcParentError:                gu.Ptr(true),
@@ -191,7 +180,6 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 		LegacyIntrospection:             nil,
 		UserSchema:                      gu.Ptr(true),
 		TokenExchange:                   gu.Ptr(true),
-		Actions:                         gu.Ptr(true),
 		ImprovedPerformance:             nil,
 		WebKey:                          gu.Ptr(true),
 		DebugOIDCParentError:            gu.Ptr(true),
@@ -231,10 +219,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Level: feature.LevelInstance,
 			Value: true,
 		},
-		Actions: query.FeatureSource[bool]{
-			Level: feature.LevelInstance,
-			Value: true,
-		},
 		TokenExchange: query.FeatureSource[bool]{
 			Level: feature.LevelSystem,
 			Value: false,
@@ -293,10 +277,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_INSTANCE,
 		},
-		Actions: &feature_pb.FeatureFlag{
-			Enabled: true,
-			Source:  feature_pb.Source_SOURCE_INSTANCE,
-		},
 		OidcTokenExchange: &feature_pb.FeatureFlag{
 			Enabled: false,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
diff --git a/internal/api/grpc/feature/v2/integration_test/feature_test.go b/internal/api/grpc/feature/v2/integration_test/feature_test.go
index 8d6c295350..f27b57ff8c 100644
--- a/internal/api/grpc/feature/v2/integration_test/feature_test.go
+++ b/internal/api/grpc/feature/v2/integration_test/feature_test.go
@@ -211,7 +211,6 @@ func TestServer_GetSystemFeatures(t *testing.T) {
 			assertFeatureFlag(t, tt.want.OidcTriggerIntrospectionProjections, got.OidcTriggerIntrospectionProjections)
 			assertFeatureFlag(t, tt.want.OidcLegacyIntrospection, got.OidcLegacyIntrospection)
 			assertFeatureFlag(t, tt.want.UserSchema, got.UserSchema)
-			assertFeatureFlag(t, tt.want.Actions, got.Actions)
 		})
 	}
 }
@@ -374,10 +373,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
 				},
-				Actions: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 			},
 		},
 		{
@@ -387,7 +382,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					LoginDefaultOrg:                     gu.Ptr(true),
 					OidcTriggerIntrospectionProjections: gu.Ptr(false),
 					UserSchema:                          gu.Ptr(true),
-					Actions:                             gu.Ptr(true),
 				})
 				require.NoError(t, err)
 			},
@@ -408,10 +402,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
 				},
-				Actions: &feature.FeatureFlag{
-					Enabled: true,
-					Source:  feature.Source_SOURCE_INSTANCE,
-				},
 			},
 		},
 		{
@@ -445,10 +435,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
 				},
-				Actions: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 			},
 		},
 	}
diff --git a/internal/api/grpc/feature/v2beta/converter.go b/internal/api/grpc/feature/v2beta/converter.go
index 39f2284beb..bbb375716e 100644
--- a/internal/api/grpc/feature/v2beta/converter.go
+++ b/internal/api/grpc/feature/v2beta/converter.go
@@ -14,7 +14,6 @@ func systemFeaturesToCommand(req *feature_pb.SetSystemFeaturesRequest) *command.
 		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
 		LegacyIntrospection:             req.OidcLegacyIntrospection,
 		UserSchema:                      req.UserSchema,
-		Actions:                         req.Actions,
 		TokenExchange:                   req.OidcTokenExchange,
 		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
 		OIDCSingleV1SessionTermination:  req.OidcSingleV1SessionTermination,
@@ -29,7 +28,6 @@ func systemFeaturesToPb(f *query.SystemFeatures) *feature_pb.GetSystemFeaturesRe
 		OidcLegacyIntrospection:             featureSourceToFlagPb(&f.LegacyIntrospection),
 		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
 		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
-		Actions:                             featureSourceToFlagPb(&f.Actions),
 		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
 		OidcSingleV1SessionTermination:      featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
 	}
@@ -42,7 +40,6 @@ func instanceFeaturesToCommand(req *feature_pb.SetInstanceFeaturesRequest) *comm
 		LegacyIntrospection:             req.OidcLegacyIntrospection,
 		UserSchema:                      req.UserSchema,
 		TokenExchange:                   req.OidcTokenExchange,
-		Actions:                         req.Actions,
 		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
 		WebKey:                          req.WebKey,
 		DebugOIDCParentError:            req.DebugOidcParentError,
@@ -58,7 +55,6 @@ func instanceFeaturesToPb(f *query.InstanceFeatures) *feature_pb.GetInstanceFeat
 		OidcLegacyIntrospection:             featureSourceToFlagPb(&f.LegacyIntrospection),
 		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
 		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
-		Actions:                             featureSourceToFlagPb(&f.Actions),
 		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
 		WebKey:                              featureSourceToFlagPb(&f.WebKey),
 		DebugOidcParentError:                featureSourceToFlagPb(&f.DebugOIDCParentError),
diff --git a/internal/api/grpc/feature/v2beta/converter_test.go b/internal/api/grpc/feature/v2beta/converter_test.go
index 2896d8f77b..72d91b10d4 100644
--- a/internal/api/grpc/feature/v2beta/converter_test.go
+++ b/internal/api/grpc/feature/v2beta/converter_test.go
@@ -22,7 +22,6 @@ func Test_systemFeaturesToCommand(t *testing.T) {
 		OidcTriggerIntrospectionProjections: gu.Ptr(false),
 		OidcLegacyIntrospection:             nil,
 		UserSchema:                          gu.Ptr(true),
-		Actions:                             gu.Ptr(true),
 		OidcTokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:                 nil,
 		OidcSingleV1SessionTermination:      gu.Ptr(true),
@@ -32,7 +31,6 @@ func Test_systemFeaturesToCommand(t *testing.T) {
 		TriggerIntrospectionProjections: gu.Ptr(false),
 		LegacyIntrospection:             nil,
 		UserSchema:                      gu.Ptr(true),
-		Actions:                         gu.Ptr(true),
 		TokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:             nil,
 		OIDCSingleV1SessionTermination:  gu.Ptr(true),
@@ -64,10 +62,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: true,
 		},
-		Actions: query.FeatureSource[bool]{
-			Level: feature.LevelSystem,
-			Value: true,
-		},
 		TokenExchange: query.FeatureSource[bool]{
 			Level: feature.LevelSystem,
 			Value: false,
@@ -107,10 +101,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Enabled: false,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
 		},
-		Actions: &feature_pb.FeatureFlag{
-			Enabled: true,
-			Source:  feature_pb.Source_SOURCE_SYSTEM,
-		},
 		ImprovedPerformance: &feature_pb.ImprovedPerformanceFeatureFlag{
 			ExecutionPaths: []feature_pb.ImprovedPerformance{feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_ORG_BY_ID},
 			Source:         feature_pb.Source_SOURCE_SYSTEM,
@@ -131,7 +121,6 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 		OidcLegacyIntrospection:             nil,
 		UserSchema:                          gu.Ptr(true),
 		OidcTokenExchange:                   gu.Ptr(true),
-		Actions:                             gu.Ptr(true),
 		ImprovedPerformance:                 nil,
 		WebKey:                              gu.Ptr(true),
 		OidcSingleV1SessionTermination:      gu.Ptr(true),
@@ -142,7 +131,6 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 		LegacyIntrospection:             nil,
 		UserSchema:                      gu.Ptr(true),
 		TokenExchange:                   gu.Ptr(true),
-		Actions:                         gu.Ptr(true),
 		ImprovedPerformance:             nil,
 		WebKey:                          gu.Ptr(true),
 		OIDCSingleV1SessionTermination:  gu.Ptr(true),
@@ -174,10 +162,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Level: feature.LevelInstance,
 			Value: true,
 		},
-		Actions: query.FeatureSource[bool]{
-			Level: feature.LevelInstance,
-			Value: true,
-		},
 		TokenExchange: query.FeatureSource[bool]{
 			Level: feature.LevelSystem,
 			Value: false,
@@ -217,10 +201,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_INSTANCE,
 		},
-		Actions: &feature_pb.FeatureFlag{
-			Enabled: true,
-			Source:  feature_pb.Source_SOURCE_INSTANCE,
-		},
 		OidcTokenExchange: &feature_pb.FeatureFlag{
 			Enabled: false,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
diff --git a/internal/api/grpc/feature/v2beta/integration_test/feature_test.go b/internal/api/grpc/feature/v2beta/integration_test/feature_test.go
index 69e05352d0..cbd9f5f939 100644
--- a/internal/api/grpc/feature/v2beta/integration_test/feature_test.go
+++ b/internal/api/grpc/feature/v2beta/integration_test/feature_test.go
@@ -202,10 +202,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
 				},
-				Actions: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 			},
 		},
 		{
@@ -215,7 +211,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					LoginDefaultOrg:                     gu.Ptr(true),
 					OidcTriggerIntrospectionProjections: gu.Ptr(false),
 					UserSchema:                          gu.Ptr(true),
-					Actions:                             gu.Ptr(true),
 				})
 				require.NoError(t, err)
 			},
@@ -236,10 +231,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
 				},
-				Actions: &feature.FeatureFlag{
-					Enabled: true,
-					Source:  feature.Source_SOURCE_INSTANCE,
-				},
 			},
 		},
 		{
@@ -273,10 +264,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
 				},
-				Actions: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 			},
 		},
 	}
diff --git a/internal/api/grpc/server/middleware/execution_interceptor.go b/internal/api/grpc/server/middleware/execution_interceptor.go
index 053386caae..4aeea6c4da 100644
--- a/internal/api/grpc/server/middleware/execution_interceptor.go
+++ b/internal/api/grpc/server/middleware/execution_interceptor.go
@@ -5,12 +5,13 @@ import (
 	"encoding/json"
 
 	"google.golang.org/grpc"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/execution"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
-	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
 func ExecutionHandler(queries *query.Queries) grpc.UnaryServerInterceptor {
@@ -48,7 +49,7 @@ func executeTargetsForRequest(ctx context.Context, targets []execution.Target, f
 		ProjectID:  ctxData.ProjectID,
 		OrgID:      ctxData.OrgID,
 		UserID:     ctxData.UserID,
-		Request:    req,
+		Request:    Message{req.(proto.Message)},
 	}
 
 	return execution.CallTargets(ctx, targets, info)
@@ -70,8 +71,8 @@ func executeTargetsForResponse(ctx context.Context, targets []execution.Target,
 		ProjectID:  ctxData.ProjectID,
 		OrgID:      ctxData.OrgID,
 		UserID:     ctxData.UserID,
-		Request:    req,
-		Response:   resp,
+		Request:    Message{req.(proto.Message)},
+		Response:   Message{resp.(proto.Message)},
 	}
 
 	return execution.CallTargets(ctx, targets, info)
@@ -80,12 +81,28 @@ func executeTargetsForResponse(ctx context.Context, targets []execution.Target,
 var _ execution.ContextInfo = &ContextInfoRequest{}
 
 type ContextInfoRequest struct {
-	FullMethod string      `json:"fullMethod,omitempty"`
-	InstanceID string      `json:"instanceID,omitempty"`
-	OrgID      string      `json:"orgID,omitempty"`
-	ProjectID  string      `json:"projectID,omitempty"`
-	UserID     string      `json:"userID,omitempty"`
-	Request    interface{} `json:"request,omitempty"`
+	FullMethod string  `json:"fullMethod,omitempty"`
+	InstanceID string  `json:"instanceID,omitempty"`
+	OrgID      string  `json:"orgID,omitempty"`
+	ProjectID  string  `json:"projectID,omitempty"`
+	UserID     string  `json:"userID,omitempty"`
+	Request    Message `json:"request,omitempty"`
+}
+
+type Message struct {
+	proto.Message
+}
+
+func (r *Message) MarshalJSON() ([]byte, error) {
+	data, err := protojson.Marshal(r.Message)
+	if err != nil {
+		return nil, err
+	}
+	return data, nil
+}
+
+func (r *Message) UnmarshalJSON(data []byte) error {
+	return protojson.Unmarshal(data, r.Message)
 }
 
 func (c *ContextInfoRequest) GetHTTPRequestBody() []byte {
@@ -97,26 +114,23 @@ func (c *ContextInfoRequest) GetHTTPRequestBody() []byte {
 }
 
 func (c *ContextInfoRequest) SetHTTPResponseBody(resp []byte) error {
-	if !json.Valid(resp) {
-		return zerrors.ThrowPreconditionFailed(nil, "ACTION-4m9s2", "Errors.Execution.ResponseIsNotValidJSON")
-	}
-	return json.Unmarshal(resp, c.Request)
+	return json.Unmarshal(resp, &c.Request)
 }
 
 func (c *ContextInfoRequest) GetContent() interface{} {
-	return c.Request
+	return c.Request.Message
 }
 
 var _ execution.ContextInfo = &ContextInfoResponse{}
 
 type ContextInfoResponse struct {
-	FullMethod string      `json:"fullMethod,omitempty"`
-	InstanceID string      `json:"instanceID,omitempty"`
-	OrgID      string      `json:"orgID,omitempty"`
-	ProjectID  string      `json:"projectID,omitempty"`
-	UserID     string      `json:"userID,omitempty"`
-	Request    interface{} `json:"request,omitempty"`
-	Response   interface{} `json:"response,omitempty"`
+	FullMethod string  `json:"fullMethod,omitempty"`
+	InstanceID string  `json:"instanceID,omitempty"`
+	OrgID      string  `json:"orgID,omitempty"`
+	ProjectID  string  `json:"projectID,omitempty"`
+	UserID     string  `json:"userID,omitempty"`
+	Request    Message `json:"request,omitempty"`
+	Response   Message `json:"response,omitempty"`
 }
 
 func (c *ContextInfoResponse) GetHTTPRequestBody() []byte {
@@ -128,9 +142,9 @@ func (c *ContextInfoResponse) GetHTTPRequestBody() []byte {
 }
 
 func (c *ContextInfoResponse) SetHTTPResponseBody(resp []byte) error {
-	return json.Unmarshal(resp, c.Response)
+	return json.Unmarshal(resp, &c.Response)
 }
 
 func (c *ContextInfoResponse) GetContent() interface{} {
-	return c.Response
+	return c.Response.Message
 }
diff --git a/internal/api/grpc/server/middleware/execution_interceptor_test.go b/internal/api/grpc/server/middleware/execution_interceptor_test.go
index 6a5b74c5e4..281db4617a 100644
--- a/internal/api/grpc/server/middleware/execution_interceptor_test.go
+++ b/internal/api/grpc/server/middleware/execution_interceptor_test.go
@@ -11,6 +11,9 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/structpb"
 
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/execution"
@@ -54,28 +57,28 @@ func (e *mockExecutionTarget) GetSigningKey() string {
 	return e.SigningKey
 }
 
-type mockContentRequest struct {
-	Content string
-}
-
-func newMockContentRequest(content string) *mockContentRequest {
-	return &mockContentRequest{
-		Content: content,
+func newMockContentRequest(content string) proto.Message {
+	return &structpb.Struct{
+		Fields: map[string]*structpb.Value{
+			"content": {
+				Kind: &structpb.Value_StringValue{StringValue: content},
+			},
+		},
 	}
 }
 
 func newMockContextInfoRequest(fullMethod, request string) *ContextInfoRequest {
 	return &ContextInfoRequest{
 		FullMethod: fullMethod,
-		Request:    newMockContentRequest(request),
+		Request:    Message{Message: newMockContentRequest(request)},
 	}
 }
 
 func newMockContextInfoResponse(fullMethod, request, response string) *ContextInfoResponse {
 	return &ContextInfoResponse{
 		FullMethod: fullMethod,
-		Request:    newMockContentRequest(request),
-		Response:   newMockContentRequest(response),
+		Request:    Message{Message: newMockContentRequest(request)},
+		Response:   Message{Message: newMockContentRequest(response)},
 	}
 }
 
@@ -591,7 +594,7 @@ func Test_executeTargetsForGRPCFullMethod_request(t *testing.T) {
 			} else {
 				assert.NoError(t, err)
 			}
-			assert.Equal(t, tt.res.want, resp)
+			assert.EqualExportedValues(t, tt.res.want, resp)
 
 			for _, closeF := range closeFuncs {
 				closeF()
@@ -632,7 +635,7 @@ func testServerCall(
 		time.Sleep(sleep)
 
 		w.Header().Set("Content-Type", "application/json")
-		resp, err := json.Marshal(respBody)
+		resp, err := protojson.Marshal(respBody.(proto.Message))
 		if err != nil {
 			http.Error(w, "error", http.StatusInternalServerError)
 			return
@@ -723,7 +726,8 @@ func Test_executeTargetsForGRPCFullMethod_response(t *testing.T) {
 						statusCode: http.StatusOK,
 					},
 				},
-				req: []byte{},
+				req:  newMockContentRequest(""),
+				resp: newMockContentRequest(""),
 			},
 			res{
 				wantErr: true,
@@ -790,7 +794,7 @@ func Test_executeTargetsForGRPCFullMethod_response(t *testing.T) {
 			} else {
 				assert.NoError(t, err)
 			}
-			assert.Equal(t, tt.res.want, resp)
+			assert.EqualExportedValues(t, tt.res.want, resp)
 
 			for _, closeF := range closeFuncs {
 				closeF()
diff --git a/internal/command/instance_features.go b/internal/command/instance_features.go
index 3e927cc0c5..cb12bff828 100644
--- a/internal/command/instance_features.go
+++ b/internal/command/instance_features.go
@@ -21,7 +21,6 @@ type InstanceFeatures struct {
 	LegacyIntrospection             *bool
 	UserSchema                      *bool
 	TokenExchange                   *bool
-	Actions                         *bool
 	ImprovedPerformance             []feature.ImprovedPerformanceType
 	WebKey                          *bool
 	DebugOIDCParentError            *bool
@@ -39,7 +38,6 @@ func (m *InstanceFeatures) isEmpty() bool {
 		m.LegacyIntrospection == nil &&
 		m.UserSchema == nil &&
 		m.TokenExchange == nil &&
-		m.Actions == nil &&
 		// nil check to allow unset improvements
 		m.ImprovedPerformance == nil &&
 		m.WebKey == nil &&
diff --git a/internal/command/instance_features_model.go b/internal/command/instance_features_model.go
index 954c769304..977a46b6c2 100644
--- a/internal/command/instance_features_model.go
+++ b/internal/command/instance_features_model.go
@@ -71,7 +71,6 @@ func (m *InstanceFeaturesWriteModel) Query() *eventstore.SearchQueryBuilder {
 			feature_v2.InstanceLegacyIntrospectionEventType,
 			feature_v2.InstanceUserSchemaEventType,
 			feature_v2.InstanceTokenExchangeEventType,
-			feature_v2.InstanceActionsEventType,
 			feature_v2.InstanceImprovedPerformanceEventType,
 			feature_v2.InstanceWebKeyEventType,
 			feature_v2.InstanceDebugOIDCParentErrorEventType,
@@ -108,9 +107,6 @@ func reduceInstanceFeature(features *InstanceFeatures, key feature.Key, value an
 	case feature.KeyUserSchema:
 		v := value.(bool)
 		features.UserSchema = &v
-	case feature.KeyActions:
-		v := value.(bool)
-		features.Actions = &v
 	case feature.KeyImprovedPerformance:
 		v := value.([]feature.ImprovedPerformanceType)
 		features.ImprovedPerformance = v
@@ -148,7 +144,6 @@ func (wm *InstanceFeaturesWriteModel) setCommands(ctx context.Context, f *Instan
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.LegacyIntrospection, f.LegacyIntrospection, feature_v2.InstanceLegacyIntrospectionEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.TokenExchange, f.TokenExchange, feature_v2.InstanceTokenExchangeEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.UserSchema, f.UserSchema, feature_v2.InstanceUserSchemaEventType)
-	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.Actions, f.Actions, feature_v2.InstanceActionsEventType)
 	cmds = appendFeatureSliceUpdate(ctx, cmds, aggregate, wm.ImprovedPerformance, f.ImprovedPerformance, feature_v2.InstanceImprovedPerformanceEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.WebKey, f.WebKey, feature_v2.InstanceWebKeyEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.DebugOIDCParentError, f.DebugOIDCParentError, feature_v2.InstanceDebugOIDCParentErrorEventType)
diff --git a/internal/command/instance_features_test.go b/internal/command/instance_features_test.go
index e6b6bb4346..02e8896a0c 100644
--- a/internal/command/instance_features_test.go
+++ b/internal/command/instance_features_test.go
@@ -149,24 +149,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 				ResourceOwner: "instance1",
 			},
 		},
-		{
-			name: "set Actions",
-			eventstore: expectEventstore(
-				expectFilter(),
-				expectPush(
-					feature_v2.NewSetEvent[bool](
-						ctx, aggregate,
-						feature_v2.InstanceActionsEventType, true,
-					),
-				),
-			),
-			args: args{ctx, &InstanceFeatures{
-				Actions: gu.Ptr(true),
-			}},
-			want: &domain.ObjectDetails{
-				ResourceOwner: "instance1",
-			},
-		},
 		{
 			name: "push error",
 			eventstore: expectEventstore(
@@ -204,10 +186,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceUserSchemaEventType, true,
 					),
-					feature_v2.NewSetEvent[bool](
-						ctx, aggregate,
-						feature_v2.InstanceActionsEventType, true,
-					),
 					feature_v2.NewSetEvent[bool](
 						ctx, aggregate,
 						feature_v2.InstanceOIDCSingleV1SessionTerminationEventType, true,
@@ -219,7 +197,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 				TriggerIntrospectionProjections: gu.Ptr(false),
 				LegacyIntrospection:             gu.Ptr(true),
 				UserSchema:                      gu.Ptr(true),
-				Actions:                         gu.Ptr(true),
 				OIDCSingleV1SessionTermination:  gu.Ptr(true),
 			}},
 			want: &domain.ObjectDetails{
diff --git a/internal/command/system_features.go b/internal/command/system_features.go
index dc886de318..b317ea93bb 100644
--- a/internal/command/system_features.go
+++ b/internal/command/system_features.go
@@ -15,7 +15,6 @@ type SystemFeatures struct {
 	LegacyIntrospection             *bool
 	TokenExchange                   *bool
 	UserSchema                      *bool
-	Actions                         *bool
 	ImprovedPerformance             []feature.ImprovedPerformanceType
 	OIDCSingleV1SessionTermination  *bool
 	DisableUserTokenEvent           *bool
@@ -30,7 +29,6 @@ func (m *SystemFeatures) isEmpty() bool {
 		m.LegacyIntrospection == nil &&
 		m.UserSchema == nil &&
 		m.TokenExchange == nil &&
-		m.Actions == nil &&
 		// nil check to allow unset improvements
 		m.ImprovedPerformance == nil &&
 		m.OIDCSingleV1SessionTermination == nil &&
diff --git a/internal/command/system_features_model.go b/internal/command/system_features_model.go
index 15fc3e0bf0..28e56f8bd4 100644
--- a/internal/command/system_features_model.go
+++ b/internal/command/system_features_model.go
@@ -64,7 +64,6 @@ func (m *SystemFeaturesWriteModel) Query() *eventstore.SearchQueryBuilder {
 			feature_v2.SystemLegacyIntrospectionEventType,
 			feature_v2.SystemUserSchemaEventType,
 			feature_v2.SystemTokenExchangeEventType,
-			feature_v2.SystemActionsEventType,
 			feature_v2.SystemImprovedPerformanceEventType,
 			feature_v2.SystemOIDCSingleV1SessionTerminationEventType,
 			feature_v2.SystemDisableUserTokenEvent,
@@ -98,9 +97,6 @@ func reduceSystemFeature(features *SystemFeatures, key feature.Key, value any) {
 	case feature.KeyTokenExchange:
 		v := value.(bool)
 		features.TokenExchange = &v
-	case feature.KeyActions:
-		v := value.(bool)
-		features.Actions = &v
 	case feature.KeyImprovedPerformance:
 		features.ImprovedPerformance = value.([]feature.ImprovedPerformanceType)
 	case feature.KeyOIDCSingleV1SessionTermination:
@@ -128,7 +124,6 @@ func (wm *SystemFeaturesWriteModel) setCommands(ctx context.Context, f *SystemFe
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.LegacyIntrospection, f.LegacyIntrospection, feature_v2.SystemLegacyIntrospectionEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.UserSchema, f.UserSchema, feature_v2.SystemUserSchemaEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.TokenExchange, f.TokenExchange, feature_v2.SystemTokenExchangeEventType)
-	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.Actions, f.Actions, feature_v2.SystemActionsEventType)
 	cmds = appendFeatureSliceUpdate(ctx, cmds, aggregate, wm.ImprovedPerformance, f.ImprovedPerformance, feature_v2.SystemImprovedPerformanceEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.OIDCSingleV1SessionTermination, f.OIDCSingleV1SessionTermination, feature_v2.SystemOIDCSingleV1SessionTerminationEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.DisableUserTokenEvent, f.DisableUserTokenEvent, feature_v2.SystemDisableUserTokenEvent)
diff --git a/internal/command/system_features_test.go b/internal/command/system_features_test.go
index 9c5f4cc2a9..b1b5207b8c 100644
--- a/internal/command/system_features_test.go
+++ b/internal/command/system_features_test.go
@@ -117,24 +117,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 				ResourceOwner: "SYSTEM",
 			},
 		},
-		{
-			name: "set Actions",
-			eventstore: expectEventstore(
-				expectFilter(),
-				expectPush(
-					feature_v2.NewSetEvent[bool](
-						context.Background(), aggregate,
-						feature_v2.SystemActionsEventType, true,
-					),
-				),
-			),
-			args: args{context.Background(), &SystemFeatures{
-				Actions: gu.Ptr(true),
-			}},
-			want: &domain.ObjectDetails{
-				ResourceOwner: "SYSTEM",
-			},
-		},
 		{
 			name: "push error",
 			eventstore: expectEventstore(
@@ -172,10 +154,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, true,
 					),
-					feature_v2.NewSetEvent[bool](
-						context.Background(), aggregate,
-						feature_v2.SystemActionsEventType, true,
-					),
 					feature_v2.NewSetEvent[bool](
 						context.Background(), aggregate,
 						feature_v2.SystemOIDCSingleV1SessionTerminationEventType, true,
@@ -187,7 +165,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 				TriggerIntrospectionProjections: gu.Ptr(false),
 				LegacyIntrospection:             gu.Ptr(true),
 				UserSchema:                      gu.Ptr(true),
-				Actions:                         gu.Ptr(true),
 				OIDCSingleV1SessionTermination:  gu.Ptr(true),
 			}},
 			want: &domain.ObjectDetails{
@@ -233,10 +210,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, true,
 					),
-					feature_v2.NewSetEvent[bool](
-						context.Background(), aggregate,
-						feature_v2.SystemActionsEventType, false,
-					),
 					feature_v2.NewSetEvent[bool](
 						context.Background(), aggregate,
 						feature_v2.SystemOIDCSingleV1SessionTerminationEventType, false,
@@ -248,7 +221,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 				TriggerIntrospectionProjections: gu.Ptr(false),
 				LegacyIntrospection:             gu.Ptr(true),
 				UserSchema:                      gu.Ptr(true),
-				Actions:                         gu.Ptr(false),
 				OIDCSingleV1SessionTermination:  gu.Ptr(false),
 			}},
 			want: &domain.ObjectDetails{
diff --git a/internal/execution/execution.go b/internal/execution/execution.go
index 575c86ecc4..b885858d94 100644
--- a/internal/execution/execution.go
+++ b/internal/execution/execution.go
@@ -82,11 +82,11 @@ func CallTarget(
 	case domain.TargetTypeCall:
 		return Call(ctx, target.GetEndpoint(), target.GetTimeout(), info.GetHTTPRequestBody(), target.GetSigningKey())
 	case domain.TargetTypeAsync:
-		go func(target Target, info ContextInfoRequest) {
-			if _, err := Call(ctx, target.GetEndpoint(), target.GetTimeout(), info.GetHTTPRequestBody(), target.GetSigningKey()); err != nil {
+		go func(ctx context.Context, target Target, info []byte) {
+			if _, err := Call(ctx, target.GetEndpoint(), target.GetTimeout(), info, target.GetSigningKey()); err != nil {
 				logging.WithFields("target", target.GetTargetID()).OnError(err).Info(err)
 			}
-		}(target, info)
+		}(context.WithoutCancel(ctx), target, info.GetHTTPRequestBody())
 		return nil, nil
 	default:
 		return nil, zerrors.ThrowInternal(nil, "EXEC-auqnansr2m", "Errors.Execution.Unknown")
diff --git a/internal/execution/execution_test.go b/internal/execution/execution_test.go
index 40731a840a..036b160ab7 100644
--- a/internal/execution/execution_test.go
+++ b/internal/execution/execution_test.go
@@ -13,6 +13,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/structpb"
 
 	"github.com/zitadel/zitadel/internal/api/grpc/server/middleware"
 	"github.com/zitadel/zitadel/internal/domain"
@@ -149,8 +150,8 @@ func Test_CallTarget(t *testing.T) {
 				info: requestContextInfo1,
 				server: &callTestServer{
 					method:      http.MethodPost,
-					expectBody:  []byte("{\"request\":{\"request\":\"content1\"}}"),
-					respondBody: []byte("{\"request\":\"content2\"}"),
+					expectBody:  []byte("{\"request\":{\"content\":\"request1\"}}"),
+					respondBody: []byte("{\"content\":\"request2\"}"),
 					timeout:     time.Second,
 					statusCode:  http.StatusInternalServerError,
 				},
@@ -170,8 +171,8 @@ func Test_CallTarget(t *testing.T) {
 				server: &callTestServer{
 					timeout:     time.Second,
 					method:      http.MethodPost,
-					expectBody:  []byte("{\"request\":{\"request\":\"content1\"}}"),
-					respondBody: []byte("{\"request\":\"content2\"}"),
+					expectBody:  []byte("{\"request\":{\"content\":\"request1\"}}"),
+					respondBody: []byte("{\"content\":\"request2\"}"),
 					statusCode:  http.StatusInternalServerError,
 				},
 				target: &mockTarget{
@@ -191,8 +192,8 @@ func Test_CallTarget(t *testing.T) {
 				server: &callTestServer{
 					timeout:     time.Second,
 					method:      http.MethodPost,
-					expectBody:  []byte("{\"request\":{\"request\":\"content1\"}}"),
-					respondBody: []byte("{\"request\":\"content2\"}"),
+					expectBody:  []byte("{\"request\":{\"content\":\"request1\"}}"),
+					respondBody: []byte("{\"content\":\"request2\"}"),
 					statusCode:  http.StatusOK,
 				},
 				target: &mockTarget{
@@ -212,8 +213,8 @@ func Test_CallTarget(t *testing.T) {
 				server: &callTestServer{
 					timeout:     time.Second,
 					method:      http.MethodPost,
-					expectBody:  []byte("{\"request\":{\"request\":\"content1\"}}"),
-					respondBody: []byte("{\"request\":\"content2\"}"),
+					expectBody:  []byte("{\"request\":{\"content\":\"request1\"}}"),
+					respondBody: []byte("{\"content\":\"request2\"}"),
 					statusCode:  http.StatusOK,
 					signingKey:  "signingkey",
 				},
@@ -235,8 +236,8 @@ func Test_CallTarget(t *testing.T) {
 				server: &callTestServer{
 					timeout:     time.Second,
 					method:      http.MethodPost,
-					expectBody:  []byte("{\"request\":{\"request\":\"content1\"}}"),
-					respondBody: []byte("{\"request\":\"content2\"}"),
+					expectBody:  []byte("{\"request\":{\"content\":\"request1\"}}"),
+					respondBody: []byte("{\"content\":\"request2\"}"),
 					statusCode:  http.StatusInternalServerError,
 				},
 				target: &mockTarget{
@@ -256,8 +257,8 @@ func Test_CallTarget(t *testing.T) {
 				server: &callTestServer{
 					timeout:     time.Second,
 					method:      http.MethodPost,
-					expectBody:  []byte("{\"request\":{\"request\":\"content1\"}}"),
-					respondBody: []byte("{\"request\":\"content2\"}"),
+					expectBody:  []byte("{\"request\":{\"content\":\"request1\"}}"),
+					respondBody: []byte("{\"content\":\"request2\"}"),
 					statusCode:  http.StatusOK,
 				},
 				target: &mockTarget{
@@ -266,7 +267,7 @@ func Test_CallTarget(t *testing.T) {
 				},
 			},
 			res{
-				body: []byte("{\"request\":\"content2\"}"),
+				body: []byte("{\"content\":\"request2\"}"),
 			},
 		},
 		{
@@ -277,8 +278,8 @@ func Test_CallTarget(t *testing.T) {
 				server: &callTestServer{
 					timeout:     time.Second,
 					method:      http.MethodPost,
-					expectBody:  []byte("{\"request\":{\"request\":\"content1\"}}"),
-					respondBody: []byte("{\"request\":\"content2\"}"),
+					expectBody:  []byte("{\"request\":{\"content\":\"request1\"}}"),
+					respondBody: []byte("{\"content\":\"request2\"}"),
 					statusCode:  http.StatusOK,
 					signingKey:  "signingkey",
 				},
@@ -289,7 +290,7 @@ func Test_CallTarget(t *testing.T) {
 				},
 			},
 			res{
-				body: []byte("{\"request\":\"content2\"}"),
+				body: []byte("{\"content\":\"request2\"}"),
 			},
 		},
 	}
@@ -576,13 +577,13 @@ func testCallTargets(ctx context.Context,
 }
 
 var requestContextInfo1 = &middleware.ContextInfoRequest{
-	Request: &request{
-		Request: "content1",
-	},
+	Request: middleware.Message{Message: &structpb.Struct{
+		Fields: map[string]*structpb.Value{"content": structpb.NewStringValue("request1")},
+	}},
 }
 
-var requestContextInfoBody1 = []byte("{\"request\":{\"request\":\"content1\"}}")
-var requestContextInfoBody2 = []byte("{\"request\":{\"request\":\"content2\"}}")
+var requestContextInfoBody1 = []byte("{\"request\":{\"content\":\"request1\"}}")
+var requestContextInfoBody2 = []byte("{\"request\":{\"content\":\"request2\"}}")
 
 type request struct {
 	Request string `json:"request"`
diff --git a/internal/feature/feature.go b/internal/feature/feature.go
index 638917fd68..389b750483 100644
--- a/internal/feature/feature.go
+++ b/internal/feature/feature.go
@@ -15,7 +15,7 @@ const (
 	KeyLegacyIntrospection
 	KeyUserSchema
 	KeyTokenExchange
-	KeyActions
+	KeyActionsDeprecated
 	KeyImprovedPerformance
 	KeyWebKey
 	KeyDebugOIDCParentError
@@ -46,7 +46,6 @@ type Features struct {
 	LegacyIntrospection             bool                      `json:"legacy_introspection,omitempty"`
 	UserSchema                      bool                      `json:"user_schema,omitempty"`
 	TokenExchange                   bool                      `json:"token_exchange,omitempty"`
-	Actions                         bool                      `json:"actions,omitempty"`
 	ImprovedPerformance             []ImprovedPerformanceType `json:"improved_performance,omitempty"`
 	WebKey                          bool                      `json:"web_key,omitempty"`
 	DebugOIDCParentError            bool                      `json:"debug_oidc_parent_error,omitempty"`
diff --git a/internal/feature/key_enumer.go b/internal/feature/key_enumer.go
index 5a37b96270..6466061718 100644
--- a/internal/feature/key_enumer.go
+++ b/internal/feature/key_enumer.go
@@ -30,7 +30,7 @@ func _KeyNoOp() {
 	_ = x[KeyLegacyIntrospection-(3)]
 	_ = x[KeyUserSchema-(4)]
 	_ = x[KeyTokenExchange-(5)]
-	_ = x[KeyActions-(6)]
+	_ = x[KeyActionsDeprecated-(6)]
 	_ = x[KeyImprovedPerformance-(7)]
 	_ = x[KeyWebKey-(8)]
 	_ = x[KeyDebugOIDCParentError-(9)]
@@ -42,7 +42,7 @@ func _KeyNoOp() {
 	_ = x[KeyConsoleUseV2UserApi-(15)]
 }
 
-var _KeyValues = []Key{KeyUnspecified, KeyLoginDefaultOrg, KeyTriggerIntrospectionProjections, KeyLegacyIntrospection, KeyUserSchema, KeyTokenExchange, KeyActions, KeyImprovedPerformance, KeyWebKey, KeyDebugOIDCParentError, KeyOIDCSingleV1SessionTermination, KeyDisableUserTokenEvent, KeyEnableBackChannelLogout, KeyLoginV2, KeyPermissionCheckV2, KeyConsoleUseV2UserApi}
+var _KeyValues = []Key{KeyUnspecified, KeyLoginDefaultOrg, KeyTriggerIntrospectionProjections, KeyLegacyIntrospection, KeyUserSchema, KeyTokenExchange, KeyActionsDeprecated, KeyImprovedPerformance, KeyWebKey, KeyDebugOIDCParentError, KeyOIDCSingleV1SessionTermination, KeyDisableUserTokenEvent, KeyEnableBackChannelLogout, KeyLoginV2, KeyPermissionCheckV2, KeyConsoleUseV2UserApi}
 
 var _KeyNameToValueMap = map[string]Key{
 	_KeyName[0:11]:         KeyUnspecified,
@@ -57,8 +57,8 @@ var _KeyNameToValueMap = map[string]Key{
 	_KeyLowerName[81:92]:   KeyUserSchema,
 	_KeyName[92:106]:       KeyTokenExchange,
 	_KeyLowerName[92:106]:  KeyTokenExchange,
-	_KeyName[106:113]:      KeyActions,
-	_KeyLowerName[106:113]: KeyActions,
+	_KeyName[106:113]:      KeyActionsDeprecated,
+	_KeyLowerName[106:113]: KeyActionsDeprecated,
 	_KeyName[113:133]:      KeyImprovedPerformance,
 	_KeyLowerName[113:133]: KeyImprovedPerformance,
 	_KeyName[133:140]:      KeyWebKey,
diff --git a/internal/integration/action.go b/internal/integration/action.go
index b8f69c5788..e849b5c21c 100644
--- a/internal/integration/action.go
+++ b/internal/integration/action.go
@@ -8,6 +8,9 @@ import (
 	"reflect"
 	"sync"
 	"time"
+
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
 )
 
 type server struct {
@@ -100,3 +103,61 @@ func TestServerCall(
 	server.server = httptest.NewServer(http.HandlerFunc(handler))
 	return server.URL(), server.Close, server.Called, server.ResetCalled
 }
+
+func TestServerCallProto(
+	reqBody interface{},
+	sleep time.Duration,
+	statusCode int,
+	respBody proto.Message,
+) (url string, closeF func(), calledF func() int, resetCalledF func()) {
+	server := &server{
+		called: 0,
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		server.Increase()
+		if reqBody != nil {
+			data, err := json.Marshal(reqBody)
+			if err != nil {
+				http.Error(w, "error, marshall: "+err.Error(), http.StatusInternalServerError)
+				return
+			}
+			sentBody, err := io.ReadAll(r.Body)
+			if err != nil {
+				http.Error(w, "error, read body: "+err.Error(), http.StatusInternalServerError)
+				return
+			}
+			if !reflect.DeepEqual(data, sentBody) {
+				http.Error(w, "error, equal:\n"+string(data)+"\nsent:\n"+string(sentBody), http.StatusInternalServerError)
+				return
+			}
+		}
+		if statusCode != http.StatusOK {
+			http.Error(w, "error, statusCode", statusCode)
+			return
+		}
+
+		time.Sleep(sleep)
+
+		if respBody != nil {
+			w.Header().Set("Content-Type", "application/json")
+			resp, err := protojson.Marshal(respBody)
+			if err != nil {
+				http.Error(w, "error", http.StatusInternalServerError)
+				return
+			}
+			if _, err := io.Writer.Write(w, resp); err != nil {
+				http.Error(w, "error", http.StatusInternalServerError)
+				return
+			}
+		} else {
+			if _, err := io.WriteString(w, "finished successfully"); err != nil {
+				http.Error(w, "error", http.StatusInternalServerError)
+				return
+			}
+		}
+	}
+
+	server.server = httptest.NewServer(http.HandlerFunc(handler))
+	return server.URL(), server.Close, server.Called, server.ResetCalled
+}
diff --git a/internal/integration/client.go b/internal/integration/client.go
index 2cb8fa3641..e82a6bec55 100644
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -763,7 +763,7 @@ func (i *Instance) DeleteExecution(ctx context.Context, t *testing.T, cond *acti
 	require.NoError(t, err)
 }
 
-func (i *Instance) SetExecution(ctx context.Context, t *testing.T, cond *action.Condition, targets []*action.ExecutionTargetType) *action.SetExecutionResponse {
+func (i *Instance) SetExecution(ctx context.Context, t *testing.T, cond *action.Condition, targets []string) *action.SetExecutionResponse {
 	target, err := i.Client.ActionV2beta.SetExecution(ctx, &action.SetExecutionRequest{
 		Condition: cond,
 		Targets:   targets,
diff --git a/internal/query/instance_features.go b/internal/query/instance_features.go
index 911edaa606..4ec40dc9d5 100644
--- a/internal/query/instance_features.go
+++ b/internal/query/instance_features.go
@@ -14,7 +14,6 @@ type InstanceFeatures struct {
 	LegacyIntrospection             FeatureSource[bool]
 	UserSchema                      FeatureSource[bool]
 	TokenExchange                   FeatureSource[bool]
-	Actions                         FeatureSource[bool]
 	ImprovedPerformance             FeatureSource[[]feature.ImprovedPerformanceType]
 	WebKey                          FeatureSource[bool]
 	DebugOIDCParentError            FeatureSource[bool]
diff --git a/internal/query/instance_features_model.go b/internal/query/instance_features_model.go
index 11deb30f34..6a0abbb58c 100644
--- a/internal/query/instance_features_model.go
+++ b/internal/query/instance_features_model.go
@@ -67,7 +67,6 @@ func (m *InstanceFeaturesReadModel) Query() *eventstore.SearchQueryBuilder {
 			feature_v2.InstanceLegacyIntrospectionEventType,
 			feature_v2.InstanceUserSchemaEventType,
 			feature_v2.InstanceTokenExchangeEventType,
-			feature_v2.InstanceActionsEventType,
 			feature_v2.InstanceImprovedPerformanceEventType,
 			feature_v2.InstanceWebKeyEventType,
 			feature_v2.InstanceDebugOIDCParentErrorEventType,
@@ -98,7 +97,6 @@ func (m *InstanceFeaturesReadModel) populateFromSystem() bool {
 	m.instance.LegacyIntrospection = m.system.LegacyIntrospection
 	m.instance.UserSchema = m.system.UserSchema
 	m.instance.TokenExchange = m.system.TokenExchange
-	m.instance.Actions = m.system.Actions
 	m.instance.ImprovedPerformance = m.system.ImprovedPerformance
 	m.instance.OIDCSingleV1SessionTermination = m.system.OIDCSingleV1SessionTermination
 	m.instance.DisableUserTokenEvent = m.system.DisableUserTokenEvent
@@ -113,7 +111,8 @@ func reduceInstanceFeatureSet[T any](features *InstanceFeatures, event *feature_
 		return err
 	}
 	switch key {
-	case feature.KeyUnspecified:
+	case feature.KeyUnspecified,
+		feature.KeyActionsDeprecated:
 		return nil
 	case feature.KeyLoginDefaultOrg:
 		features.LoginDefaultOrg.set(level, event.Value)
@@ -125,8 +124,6 @@ func reduceInstanceFeatureSet[T any](features *InstanceFeatures, event *feature_
 		features.UserSchema.set(level, event.Value)
 	case feature.KeyTokenExchange:
 		features.TokenExchange.set(level, event.Value)
-	case feature.KeyActions:
-		features.Actions.set(level, event.Value)
 	case feature.KeyImprovedPerformance:
 		features.ImprovedPerformance.set(level, event.Value)
 	case feature.KeyWebKey:
diff --git a/internal/query/instance_features_test.go b/internal/query/instance_features_test.go
index 903c2872a9..d80a3b05fc 100644
--- a/internal/query/instance_features_test.go
+++ b/internal/query/instance_features_test.go
@@ -105,10 +105,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceUserSchemaEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						ctx, aggregate,
-						feature_v2.InstanceActionsEventType, false,
-					)),
 				),
 			),
 			args: args{true},
@@ -132,10 +128,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 					Level: feature.LevelInstance,
 					Value: false,
 				},
-				Actions: FeatureSource[bool]{
-					Level: feature.LevelInstance,
-					Value: false,
-				},
 			},
 		},
 		{
@@ -162,10 +154,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceUserSchemaEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						ctx, aggregate,
-						feature_v2.InstanceActionsEventType, false,
-					)),
 					eventFromEventPusher(feature_v2.NewResetEvent(
 						ctx, aggregate,
 						feature_v2.InstanceResetEventType,
@@ -197,10 +185,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 					Level: feature.LevelUnspecified,
 					Value: false,
 				},
-				Actions: FeatureSource[bool]{
-					Level: feature.LevelUnspecified,
-					Value: false,
-				},
 			},
 		},
 		{
@@ -223,10 +207,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceUserSchemaEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						ctx, aggregate,
-						feature_v2.InstanceActionsEventType, false,
-					)),
 					eventFromEventPusher(feature_v2.NewResetEvent(
 						ctx, aggregate,
 						feature_v2.InstanceResetEventType,
@@ -258,10 +238,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 					Level: feature.LevelUnspecified,
 					Value: false,
 				},
-				Actions: FeatureSource[bool]{
-					Level: feature.LevelUnspecified,
-					Value: false,
-				},
 			},
 		},
 	}
diff --git a/internal/query/projection/instance_features.go b/internal/query/projection/instance_features.go
index 798af6693c..34100a0d66 100644
--- a/internal/query/projection/instance_features.go
+++ b/internal/query/projection/instance_features.go
@@ -80,10 +80,6 @@ func (*instanceFeatureProjection) Reducers() []handler.AggregateReducer {
 				Event:  feature_v2.InstanceTokenExchangeEventType,
 				Reduce: reduceInstanceSetFeature[bool],
 			},
-			{
-				Event:  feature_v2.InstanceActionsEventType,
-				Reduce: reduceInstanceSetFeature[bool],
-			},
 			{
 				Event:  feature_v2.InstanceImprovedPerformanceEventType,
 				Reduce: reduceInstanceSetFeature[[]feature.ImprovedPerformanceType],
diff --git a/internal/query/projection/system_features.go b/internal/query/projection/system_features.go
index f6f0a36d56..de54054e78 100644
--- a/internal/query/projection/system_features.go
+++ b/internal/query/projection/system_features.go
@@ -72,10 +72,6 @@ func (*systemFeatureProjection) Reducers() []handler.AggregateReducer {
 				Event:  feature_v2.SystemTokenExchangeEventType,
 				Reduce: reduceSystemSetFeature[bool],
 			},
-			{
-				Event:  feature_v2.SystemActionsEventType,
-				Reduce: reduceSystemSetFeature[bool],
-			},
 			{
 				Event:  feature_v2.SystemImprovedPerformanceEventType,
 				Reduce: reduceSystemSetFeature[[]feature.ImprovedPerformanceType],
diff --git a/internal/query/system_features.go b/internal/query/system_features.go
index 31ad402d12..dcbbb7d6fe 100644
--- a/internal/query/system_features.go
+++ b/internal/query/system_features.go
@@ -25,7 +25,6 @@ type SystemFeatures struct {
 	LegacyIntrospection             FeatureSource[bool]
 	UserSchema                      FeatureSource[bool]
 	TokenExchange                   FeatureSource[bool]
-	Actions                         FeatureSource[bool]
 	ImprovedPerformance             FeatureSource[[]feature.ImprovedPerformanceType]
 	OIDCSingleV1SessionTermination  FeatureSource[bool]
 	DisableUserTokenEvent           FeatureSource[bool]
diff --git a/internal/query/system_features_model.go b/internal/query/system_features_model.go
index 217154e3ed..69e1f35968 100644
--- a/internal/query/system_features_model.go
+++ b/internal/query/system_features_model.go
@@ -60,7 +60,6 @@ func (m *SystemFeaturesReadModel) Query() *eventstore.SearchQueryBuilder {
 			feature_v2.SystemLegacyIntrospectionEventType,
 			feature_v2.SystemUserSchemaEventType,
 			feature_v2.SystemTokenExchangeEventType,
-			feature_v2.SystemActionsEventType,
 			feature_v2.SystemImprovedPerformanceEventType,
 			feature_v2.SystemOIDCSingleV1SessionTerminationEventType,
 			feature_v2.SystemDisableUserTokenEvent,
@@ -82,7 +81,8 @@ func reduceSystemFeatureSet[T any](features *SystemFeatures, event *feature_v2.S
 		return err
 	}
 	switch key {
-	case feature.KeyUnspecified:
+	case feature.KeyUnspecified,
+		feature.KeyActionsDeprecated:
 		return nil
 	case feature.KeyLoginDefaultOrg:
 		features.LoginDefaultOrg.set(level, event.Value)
@@ -94,8 +94,6 @@ func reduceSystemFeatureSet[T any](features *SystemFeatures, event *feature_v2.S
 		features.UserSchema.set(level, event.Value)
 	case feature.KeyTokenExchange:
 		features.TokenExchange.set(level, event.Value)
-	case feature.KeyActions:
-		features.Actions.set(level, event.Value)
 	case feature.KeyImprovedPerformance:
 		features.ImprovedPerformance.set(level, event.Value)
 	case feature.KeyOIDCSingleV1SessionTermination:
diff --git a/internal/query/system_features_test.go b/internal/query/system_features_test.go
index fcd0f812f5..5a58ac23d7 100644
--- a/internal/query/system_features_test.go
+++ b/internal/query/system_features_test.go
@@ -61,10 +61,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						context.Background(), aggregate,
-						feature_v2.SystemActionsEventType, true,
-					)),
 				),
 			),
 			want: &SystemFeatures{
@@ -87,10 +83,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 					Level: feature.LevelSystem,
 					Value: false,
 				},
-				Actions: FeatureSource[bool]{
-					Level: feature.LevelSystem,
-					Value: true,
-				},
 			},
 		},
 		{
@@ -113,10 +105,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						context.Background(), aggregate,
-						feature_v2.SystemActionsEventType, false,
-					)),
 					eventFromEventPusher(feature_v2.NewResetEvent(
 						context.Background(), aggregate,
 						feature_v2.SystemResetEventType,
@@ -147,10 +135,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 					Level: feature.LevelUnspecified,
 					Value: false,
 				},
-				Actions: FeatureSource[bool]{
-					Level: feature.LevelUnspecified,
-					Value: false,
-				},
 			},
 		},
 		{
@@ -173,10 +157,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						context.Background(), aggregate,
-						feature_v2.SystemActionsEventType, false,
-					)),
 					eventFromEventPusher(feature_v2.NewResetEvent(
 						context.Background(), aggregate,
 						feature_v2.SystemResetEventType,
@@ -207,10 +187,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 					Level: feature.LevelUnspecified,
 					Value: false,
 				},
-				Actions: FeatureSource[bool]{
-					Level: feature.LevelUnspecified,
-					Value: false,
-				},
 			},
 		},
 	}
diff --git a/internal/repository/execution/queue.go b/internal/repository/execution/queue.go
index 28f8edbf31..ed3a6ce4a0 100644
--- a/internal/repository/execution/queue.go
+++ b/internal/repository/execution/queue.go
@@ -41,16 +41,16 @@ func ContextInfoFromRequest(e *Request) *ContextInfoEvent {
 }
 
 type ContextInfoEvent struct {
-	AggregateID   string `json:"aggregateID,omitempty"`
-	AggregateType string `json:"aggregateType,omitempty"`
-	ResourceOwner string `json:"resourceOwner,omitempty"`
-	InstanceID    string `json:"instanceID,omitempty"`
-	Version       string `json:"version,omitempty"`
-	Sequence      uint64 `json:"sequence,omitempty"`
-	EventType     string `json:"event_type,omitempty"`
-	CreatedAt     string `json:"created_at,omitempty"`
-	UserID        string `json:"userID,omitempty"`
-	EventPayload  []byte `json:"event_payload,omitempty"`
+	AggregateID   string          `json:"aggregateID,omitempty"`
+	AggregateType string          `json:"aggregateType,omitempty"`
+	ResourceOwner string          `json:"resourceOwner,omitempty"`
+	InstanceID    string          `json:"instanceID,omitempty"`
+	Version       string          `json:"version,omitempty"`
+	Sequence      uint64          `json:"sequence,omitempty"`
+	EventType     string          `json:"event_type,omitempty"`
+	CreatedAt     string          `json:"created_at,omitempty"`
+	UserID        string          `json:"userID,omitempty"`
+	EventPayload  json.RawMessage `json:"event_payload,omitempty"`
 }
 
 func (c *ContextInfoEvent) GetHTTPRequestBody() []byte {
diff --git a/internal/repository/feature/feature_v2/eventstore.go b/internal/repository/feature/feature_v2/eventstore.go
index e8d0da1ab0..00618f56c2 100644
--- a/internal/repository/feature/feature_v2/eventstore.go
+++ b/internal/repository/feature/feature_v2/eventstore.go
@@ -12,7 +12,6 @@ func init() {
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemLegacyIntrospectionEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemUserSchemaEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemTokenExchangeEventType, eventstore.GenericEventMapper[SetEvent[bool]])
-	eventstore.RegisterFilterEventMapper(AggregateType, SystemActionsEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemImprovedPerformanceEventType, eventstore.GenericEventMapper[SetEvent[[]feature.ImprovedPerformanceType]])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemOIDCSingleV1SessionTerminationEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemDisableUserTokenEvent, eventstore.GenericEventMapper[SetEvent[bool]])
@@ -26,7 +25,6 @@ func init() {
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceLegacyIntrospectionEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceUserSchemaEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceTokenExchangeEventType, eventstore.GenericEventMapper[SetEvent[bool]])
-	eventstore.RegisterFilterEventMapper(AggregateType, InstanceActionsEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceImprovedPerformanceEventType, eventstore.GenericEventMapper[SetEvent[[]feature.ImprovedPerformanceType]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceWebKeyEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceDebugOIDCParentErrorEventType, eventstore.GenericEventMapper[SetEvent[bool]])
diff --git a/internal/repository/feature/feature_v2/feature.go b/internal/repository/feature/feature_v2/feature.go
index 008986824b..d5e8941df2 100644
--- a/internal/repository/feature/feature_v2/feature.go
+++ b/internal/repository/feature/feature_v2/feature.go
@@ -17,7 +17,6 @@ var (
 	SystemLegacyIntrospectionEventType             = setEventTypeFromFeature(feature.LevelSystem, feature.KeyLegacyIntrospection)
 	SystemUserSchemaEventType                      = setEventTypeFromFeature(feature.LevelSystem, feature.KeyUserSchema)
 	SystemTokenExchangeEventType                   = setEventTypeFromFeature(feature.LevelSystem, feature.KeyTokenExchange)
-	SystemActionsEventType                         = setEventTypeFromFeature(feature.LevelSystem, feature.KeyActions)
 	SystemImprovedPerformanceEventType             = setEventTypeFromFeature(feature.LevelSystem, feature.KeyImprovedPerformance)
 	SystemOIDCSingleV1SessionTerminationEventType  = setEventTypeFromFeature(feature.LevelSystem, feature.KeyOIDCSingleV1SessionTermination)
 	SystemDisableUserTokenEvent                    = setEventTypeFromFeature(feature.LevelSystem, feature.KeyDisableUserTokenEvent)
@@ -31,7 +30,6 @@ var (
 	InstanceLegacyIntrospectionEventType             = setEventTypeFromFeature(feature.LevelInstance, feature.KeyLegacyIntrospection)
 	InstanceUserSchemaEventType                      = setEventTypeFromFeature(feature.LevelInstance, feature.KeyUserSchema)
 	InstanceTokenExchangeEventType                   = setEventTypeFromFeature(feature.LevelInstance, feature.KeyTokenExchange)
-	InstanceActionsEventType                         = setEventTypeFromFeature(feature.LevelInstance, feature.KeyActions)
 	InstanceImprovedPerformanceEventType             = setEventTypeFromFeature(feature.LevelInstance, feature.KeyImprovedPerformance)
 	InstanceWebKeyEventType                          = setEventTypeFromFeature(feature.LevelInstance, feature.KeyWebKey)
 	InstanceDebugOIDCParentErrorEventType            = setEventTypeFromFeature(feature.LevelInstance, feature.KeyDebugOIDCParentError)
diff --git a/proto/buf.yaml b/proto/buf.yaml
index f8cf192a95..31bc7b4ccc 100644
--- a/proto/buf.yaml
+++ b/proto/buf.yaml
@@ -7,6 +7,10 @@ deps:
 breaking:
   use:
     - FILE
+    - FIELD_NO_DELETE_UNLESS_NAME_RESERVED
+    - FIELD_NO_DELETE_UNLESS_NUMBER_RESERVED
+  except:
+    - FIELD_NO_DELETE
   ignore_unstable_packages: true
 lint:
   use:
diff --git a/proto/zitadel/action/v2beta/action_service.proto b/proto/zitadel/action/v2beta/action_service.proto
index d1eebfa344..f225905225 100644
--- a/proto/zitadel/action/v2beta/action_service.proto
+++ b/proto/zitadel/action/v2beta/action_service.proto
@@ -670,8 +670,8 @@ message ListTargetsResponse {
 message SetExecutionRequest {
   // Condition defining when the execution should be used.
   Condition condition = 1;
-  // Ordered list of targets/includes called during the execution.
-  repeated ExecutionTargetType targets = 2;
+  // Ordered list of targets called during the execution.
+  repeated string targets = 2;
   option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
     example: "{\"condition\":{\"request\":{\"method\":\"zitadel.session.v2.SessionService/ListSessions\"}},\"targets\":[{\"target\":\"69629026806489455\"}]}";
   };
diff --git a/proto/zitadel/action/v2beta/execution.proto b/proto/zitadel/action/v2beta/execution.proto
index 4f4ad1ce88..e93470e5dc 100644
--- a/proto/zitadel/action/v2beta/execution.proto
+++ b/proto/zitadel/action/v2beta/execution.proto
@@ -29,18 +29,8 @@ message Execution {
       example: "\"2025-01-23T10:34:18.051Z\"";
     }
   ];
-  // Ordered list of targets/includes called during the execution.
-  repeated ExecutionTargetType targets = 4;
-}
-
-message ExecutionTargetType {
-  oneof type {
-    option (validate.required) = true;
-    // Unique identifier of existing target to call.
-    string target = 1;
-    // Unique identifier of existing execution to include targets of.
-    Condition include = 2;
-  }
+  // Ordered list of targets called during the execution.
+  repeated string targets = 4;
 }
 
 message Condition {
diff --git a/proto/zitadel/action/v2beta/query.proto b/proto/zitadel/action/v2beta/query.proto
index 564db8bc9f..fe4f72f294 100644
--- a/proto/zitadel/action/v2beta/query.proto
+++ b/proto/zitadel/action/v2beta/query.proto
@@ -19,7 +19,6 @@ message ExecutionSearchFilter {
     InConditionsFilter in_conditions_filter = 1;
     ExecutionTypeFilter execution_type_filter = 2;
     TargetFilter target_filter = 3;
-    IncludeFilter include_filter = 4;
   }
 }
 
@@ -43,16 +42,6 @@ message TargetFilter {
   ];
 }
 
-message IncludeFilter {
-  // Defines the include to query for.
-  Condition include = 1 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "the id of the include"
-      example: "\"request.zitadel.session.v2.SessionService\"";
-    }
-  ];
-}
-
 enum TargetFieldName {
   TARGET_FIELD_NAME_UNSPECIFIED = 0;
   TARGET_FIELD_NAME_ID = 1;
diff --git a/proto/zitadel/feature/v2/instance.proto b/proto/zitadel/feature/v2/instance.proto
index efd7f83e4c..fe8d3f7a39 100644
--- a/proto/zitadel/feature/v2/instance.proto
+++ b/proto/zitadel/feature/v2/instance.proto
@@ -11,6 +11,8 @@ import "zitadel/feature/v2/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2;feature";
 
 message SetInstanceFeaturesRequest{
+  reserved 6;
+  reserved "actions";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -43,12 +45,6 @@ message SetInstanceFeaturesRequest{
       description: "Enable the experimental `urn:ietf:params:oauth:grant-type:token-exchange` grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.";
     }
   ];
-  optional bool actions = 6 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Actions allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.";
-    }
-  ];
 
   repeated ImprovedPerformance improved_performance = 7 [
     (validate.rules).repeated.unique = true,
@@ -135,6 +131,8 @@ message GetInstanceFeaturesRequest {
 }
 
 message GetInstanceFeaturesResponse {
+  reserved 7;
+  reserved "actions";
   zitadel.object.v2.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -171,13 +169,6 @@ message GetInstanceFeaturesResponse {
     }
   ];
 
-  FeatureFlag actions = 7 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Actions v2 allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.";
-    }
-  ];
-
   ImprovedPerformanceFeatureFlag improved_performance = 8 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "[1]";
diff --git a/proto/zitadel/feature/v2/system.proto b/proto/zitadel/feature/v2/system.proto
index c734905fb2..d222e2a90c 100644
--- a/proto/zitadel/feature/v2/system.proto
+++ b/proto/zitadel/feature/v2/system.proto
@@ -11,6 +11,8 @@ import "zitadel/feature/v2/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2;feature";
 
 message SetSystemFeaturesRequest{
+  reserved 6;
+  reserved "actions";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -46,13 +48,6 @@ message SetSystemFeaturesRequest{
     }
   ];
 
-  optional bool actions = 6 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Actions allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.";
-    }
-  ];
-
   repeated ImprovedPerformance improved_performance = 7 [
     (validate.rules).repeated.unique = true,
     (validate.rules).repeated.items.enum = {defined_only:  true, not_in: [0]},
@@ -110,6 +105,8 @@ message ResetSystemFeaturesResponse {
 message GetSystemFeaturesRequest {}
 
 message GetSystemFeaturesResponse {
+  reserved 7;
+  reserved "actions";
   zitadel.object.v2.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -146,13 +143,6 @@ message GetSystemFeaturesResponse {
     }
   ];
 
-  FeatureFlag actions = 7 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Actions v2 allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.";
-    }
-  ];
-
   ImprovedPerformanceFeatureFlag improved_performance = 8 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "[1]";
diff --git a/proto/zitadel/feature/v2beta/instance.proto b/proto/zitadel/feature/v2beta/instance.proto
index 865a1d2308..7717dd7556 100644
--- a/proto/zitadel/feature/v2beta/instance.proto
+++ b/proto/zitadel/feature/v2beta/instance.proto
@@ -11,6 +11,8 @@ import "zitadel/feature/v2beta/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta;feature";
 
 message SetInstanceFeaturesRequest{
+  reserved 6;
+  reserved "actions";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -43,12 +45,6 @@ message SetInstanceFeaturesRequest{
       description: "Enable the experimental `urn:ietf:params:oauth:grant-type:token-exchange` grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.";
     }
   ];
-  optional bool actions = 6 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Actions allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.";
-    }
-  ];
 
   repeated ImprovedPerformance improved_performance = 7 [
     (validate.rules).repeated.unique = true,
@@ -101,6 +97,8 @@ message GetInstanceFeaturesRequest {
 }
 
 message GetInstanceFeaturesResponse {
+  reserved 7;
+  reserved "actions";
   zitadel.object.v2beta.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -137,13 +135,6 @@ message GetInstanceFeaturesResponse {
     }
   ];
 
-  FeatureFlag actions = 7 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Actions v2 allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.";
-    }
-  ];
-
   ImprovedPerformanceFeatureFlag improved_performance = 8 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "[1]";
diff --git a/proto/zitadel/feature/v2beta/system.proto b/proto/zitadel/feature/v2beta/system.proto
index 98b37ad893..624e68ec79 100644
--- a/proto/zitadel/feature/v2beta/system.proto
+++ b/proto/zitadel/feature/v2beta/system.proto
@@ -11,6 +11,8 @@ import "zitadel/feature/v2beta/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta;feature";
 
 message SetSystemFeaturesRequest{
+  reserved 6;
+  reserved "actions";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -46,13 +48,6 @@ message SetSystemFeaturesRequest{
     }
   ];
 
-  optional bool actions = 6 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Actions allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.";
-    }
-  ];
-
   repeated ImprovedPerformance improved_performance = 7 [
     (validate.rules).repeated.unique = true,
     (validate.rules).repeated.items.enum = {defined_only:  true, not_in: [0]},
@@ -83,6 +78,8 @@ message ResetSystemFeaturesResponse {
 message GetSystemFeaturesRequest {}
 
 message GetSystemFeaturesResponse {
+  reserved 7;
+  reserved "actions";
   zitadel.object.v2beta.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -119,13 +116,6 @@ message GetSystemFeaturesResponse {
     }
   ];
 
-  FeatureFlag actions = 7 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Actions v2 allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.";
-    }
-  ];
-
   ImprovedPerformanceFeatureFlag improved_performance = 8 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "[1]";

From a9dd78a13269eb57435a995f17ef05cc07d8ddc2 Mon Sep 17 00:00:00 2001
From: Allen Oyieke <oyiekeallen@gmail.com>
Date: Mon, 28 Apr 2025 12:53:31 +0300
Subject: [PATCH 020/123] docs: fix typo in Java SDK example document (#9804)

# Which Problems Are Solved
This PR resolves the issue #9648

# How the Problems Are Solved
Resolves a typo in the documentation


# Additional Context

- Closes  #9648
- Discussion  #9648
---
 docs/docs/sdk-examples/java.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs/sdk-examples/java.mdx b/docs/docs/sdk-examples/java.mdx
index e7afb5188b..e4862422d0 100644
--- a/docs/docs/sdk-examples/java.mdx
+++ b/docs/docs/sdk-examples/java.mdx
@@ -41,7 +41,7 @@ The following features are covered by Java Spring Security:
 The goal is to have a ZITADEL Java SDK in the future which will cover the following:
 - Wrapper around Java Spring Security
 - Authentication with OIDC
-- Authorization and checking Rolls
+- Authorization and checking Roles
 - Integrate ZITADEL APIs to read and manage resources
 - Integrate ZITADEL Session API to create your own login UI
 

From 205beb607b35a08cac07ee6abdb9615db484e614 Mon Sep 17 00:00:00 2001
From: intelli-joe <148788305+intelli-joe@users.noreply.github.com>
Date: Mon, 28 Apr 2025 08:22:04 -0500
Subject: [PATCH 021/123] fix: update link to postgres-insecure example in docs
 (#9802)

Fix reference to postgres-insecure example in docs
---
 docs/docs/self-hosting/manage/configure/_helm.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs/self-hosting/manage/configure/_helm.mdx b/docs/docs/self-hosting/manage/configure/_helm.mdx
index b35957abb8..17fb8165a6 100644
--- a/docs/docs/self-hosting/manage/configure/_helm.mdx
+++ b/docs/docs/self-hosting/manage/configure/_helm.mdx
@@ -3,4 +3,4 @@ Configure Zitadel using native Helm values.
 You can manage secrets through Helm values, letting Helm create Kubernetes secrets.
 Alternatively, reference existing Kubernetes secrets managed outside of Helm.
 See the [referenced secrets example](https://github.com/zitadel/zitadel-charts/tree/main/examples/3-referenced-secrets) in the charts */examples* folder.
-For a quick setup, check out the [insecure Postgres example](https://github.com/zitadel/zitadel-charts/tree/main/examples/1-insecure-postgres).
+For a quick setup, check out the [insecure Postgres example](https://github.com/zitadel/zitadel-charts/tree/main/examples/1-postgres-insecure).

From ed4e226da923f4caf49067db8ab2934d849f9ad9 Mon Sep 17 00:00:00 2001
From: Silvan <27845747+adlerhurst@users.noreply.github.com>
Date: Tue, 29 Apr 2025 11:12:43 +0200
Subject: [PATCH 022/123] fix(defaults): comment default SystemAPIUsers (#9813)

# Which Problems Are Solved

If I start a fresh instance and do not overwrite `SystemAPIUsers` I get
an error during startup `error="decoding failed due to the following
error(s):\n\n'SystemAPIUsers[0][path]' expected a map, got
'string'\n'SystemAPIUsers[0][memberships]' expected a map, got 'slice'"`

# How the Problems Are Solved

the configuration is commented so that the example is still there

# Additional Changes

-

# Additional Context

was added in https://github.com/zitadel/zitadel/pull/9757
---
 cmd/defaults.yaml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index 8482ccec9f..55e14bbada 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -607,14 +607,14 @@ EncryptionKeys:
   UserAgentCookieKeyID: "userAgentCookieKey" # ZITADEL_ENCRYPTIONKEYS_USERAGENTCOOKIEKEYID
 
 SystemAPIUsers:
-  - superuser:
-    Path: /path/to/superuser/key.pem
-    Memberships:
-      - MemberType: Organization
-        Roles: "ORG_OWNER"
-        AggregateID: "123456789012345678"
-      - MemberType: Project
-        Roles: "PROJECT_OWNER"
+  # - superuser:
+  #   Path: /path/to/superuser/key.pem
+  #   Memberships:
+  #     - MemberType: Organization
+  #       Roles: "ORG_OWNER"
+  #       AggregateID: "123456789012345678"
+  #     - MemberType: Project
+  #       Roles: "PROJECT_OWNER"
 
 
 # # Add keys for authentication of the systemAPI here:

From ce823c9176bcd64ff3aacf73ce5fcb192dca76ce Mon Sep 17 00:00:00 2001
From: David Skewis <david@zitadel.com>
Date: Tue, 29 Apr 2025 10:42:49 +0100
Subject: [PATCH 023/123] fix: update session recordings for posthog (#9775)

<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->

# Which Problems Are Solved

- Updates to only capture 10% of events with posthog

# How the Problems Are Solved

- Uses a feature flag rolled out to 10% of users to enable the capture

# Additional Changes

N/A

# Additional Context

N/A
---
 console/src/app/services/posthog.service.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/console/src/app/services/posthog.service.ts b/console/src/app/services/posthog.service.ts
index 2f9630282a..17855d7eb5 100644
--- a/console/src/app/services/posthog.service.ts
+++ b/console/src/app/services/posthog.service.ts
@@ -26,8 +26,16 @@ export class PosthogService implements OnDestroy {
           maskAllInputs: true,
           maskTextSelector: '*',
         },
+        disable_session_recording: true,
         enable_heatmaps: true,
         persistence: 'memory',
+        loaded: (posthog) => {
+          posthog.onFeatureFlags((flags) => {
+            if (posthog.isFeatureEnabled('session_recording')) {
+              posthog.startSessionRecording();
+            }
+          });
+        },
       });
     }
   }

From d930a09cb04012cac96610f281401fe6d094d030 Mon Sep 17 00:00:00 2001
From: Ramon <mail@conblem.me>
Date: Tue, 29 Apr 2025 13:25:49 +0200
Subject: [PATCH 024/123] fix: Improve Actions V2 Texts and reenable in
 settings (#9814)

# Which Problems Are Solved
This pr includes improved texts to make the usage of Actions V2 more
easy.
Since the removal of the Actions V2 Feature Flag we removed the code
that checks if it's enabled in the settings sidenav.

# How the Problems Are Solved
Added new texts to translations. Removed sidenav logic that checks for
Actions V2 Feature Flag

# Additional Context

- Part of #7248
- Part of #9688

---------

Co-authored-by: Max Peintner <peintnerm@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
---
 console/package.json                          |  4 +-
 .../actions-two-actions-table.component.ts    |  4 +-
 .../actions-two-actions.component.html        |  3 +
 .../actions-two-actions.component.ts          |  3 +
 ...actions-two-add-action-dialog.component.ts | 19 +---
 ...tions-two-add-action-target.component.html | 14 +--
 ...actions-two-add-action-target.component.ts | 92 ++++++++++---------
 ...tions-two-add-target-dialog.component.html |  3 +
 ...tions-two-add-target-dialog.component.scss |  4 +
 .../actions-two-targets.component.html        |  3 +
 .../actions-two-targets.component.ts          |  6 +-
 .../modules/actions-two/actions-two.module.ts |  2 +
 .../src/app/modules/settings-list/settings.ts |  2 +
 .../modules/sidenav/sidenav.component.html    |  1 +
 .../modules/sidenav/sidenav.component.scss    |  4 +
 .../app/modules/sidenav/sidenav.component.ts  |  1 +
 .../app/pages/actions/actions.component.html  |  3 +
 .../app/pages/actions/actions.component.ts    | 63 ++++++-------
 .../app/pages/instance/instance.component.ts  | 30 +-----
 console/src/assets/i18n/bg.json               |  8 +-
 console/src/assets/i18n/cs.json               |  8 +-
 console/src/assets/i18n/de.json               |  8 +-
 console/src/assets/i18n/en.json               |  8 +-
 console/src/assets/i18n/es.json               |  8 +-
 console/src/assets/i18n/fr.json               |  8 +-
 console/src/assets/i18n/hu.json               |  8 +-
 console/src/assets/i18n/id.json               |  8 +-
 console/src/assets/i18n/it.json               |  8 +-
 console/src/assets/i18n/ja.json               |  8 +-
 console/src/assets/i18n/ko.json               |  8 +-
 console/src/assets/i18n/mk.json               |  8 +-
 console/src/assets/i18n/nl.json               |  8 +-
 console/src/assets/i18n/pl.json               |  8 +-
 console/src/assets/i18n/pt.json               |  8 +-
 console/src/assets/i18n/ro.json               |  8 +-
 console/src/assets/i18n/ru.json               |  8 +-
 console/src/assets/i18n/sv.json               |  8 +-
 console/src/assets/i18n/zh.json               |  8 +-
 console/yarn.lock                             | 25 ++---
 39 files changed, 249 insertions(+), 189 deletions(-)

diff --git a/console/package.json b/console/package.json
index 2d986730c2..77a8a40147 100644
--- a/console/package.json
+++ b/console/package.json
@@ -31,8 +31,8 @@
     "@fortawesome/fontawesome-svg-core": "^6.7.2",
     "@fortawesome/free-brands-svg-icons": "^6.7.2",
     "@ngx-translate/core": "^15.0.0",
-    "@zitadel/client": "^1.0.7",
-    "@zitadel/proto": "1.0.5-sha-4118a9d",
+    "@zitadel/client": "1.2.0",
+    "@zitadel/proto": "1.2.0",
     "angular-oauth2-oidc": "^15.0.1",
     "angularx-qrcode": "^16.0.2",
     "buffer": "^6.0.3",
diff --git a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.ts b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.ts
index 2d9942c406..658c205c4e 100644
--- a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.ts
@@ -56,9 +56,9 @@ export class ActionsTwoActionsTableComponent {
 
       return executions.map((execution) => {
         const mappedTargets = execution.targets.map((target) => {
-          const targetType = targetsMap.get(target.type.value);
+          const targetType = targetsMap.get(target);
           if (!targetType) {
-            throw new Error(`Target with id ${target.type.value} not found`);
+            throw new Error(`Target with id ${target} not found`);
           }
           return targetType;
         });
diff --git a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.html b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.html
index c22b03ef76..3e6c31fc0e 100644
--- a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.html
+++ b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.html
@@ -1,4 +1,7 @@
 <h2>{{ 'ACTIONSTWO.EXECUTION.TITLE' | translate }}</h2>
+<cnsl-info-section [type]="InfoSectionType.ALERT">
+  {{ 'ACTIONSTWO.BETA_NOTE' | translate }}
+</cnsl-info-section>
 <p class="cnsl-secondary-text">{{ 'ACTIONSTWO.EXECUTION.DESCRIPTION' | translate }}</p>
 
 <cnsl-actions-two-actions-table
diff --git a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.ts b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.ts
index c709eff079..b5f2260e34 100644
--- a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.ts
@@ -15,6 +15,7 @@ import { MatDialog } from '@angular/material/dialog';
 import { MessageInitShape } from '@bufbuild/protobuf';
 import { SetExecutionRequestSchema } from '@zitadel/proto/zitadel/action/v2beta/action_service_pb';
 import { Target } from '@zitadel/proto/zitadel/action/v2beta/target_pb';
+import { InfoSectionType } from '../../info-section/info-section.component';
 
 @Component({
   selector: 'cnsl-actions-two-actions',
@@ -110,4 +111,6 @@ export class ActionsTwoActionsComponent {
       this.toast.showError(error);
     }
   }
+
+  protected readonly InfoSectionType = InfoSectionType;
 }
diff --git a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.ts b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.ts
index 12ae6598cc..a93d03e914 100644
--- a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-dialog.component.ts
@@ -10,12 +10,7 @@ import {
 } from './actions-two-add-action-condition/actions-two-add-action-condition.component';
 import { ActionsTwoAddActionTargetComponent } from './actions-two-add-action-target/actions-two-add-action-target.component';
 import { CommonModule } from '@angular/common';
-import {
-  Condition,
-  Execution,
-  ExecutionTargetType,
-  ExecutionTargetTypeSchema,
-} from '@zitadel/proto/zitadel/action/v2beta/execution_pb';
+import { Condition, Execution } from '@zitadel/proto/zitadel/action/v2beta/execution_pb';
 import { Subject } from 'rxjs';
 import { SetExecutionRequestSchema } from '@zitadel/proto/zitadel/action/v2beta/action_service_pb';
 
@@ -27,11 +22,8 @@ enum Page {
 
 export type CorrectlyTypedCondition = Condition & { conditionType: Extract<Condition['conditionType'], { case: string }> };
 
-type CorrectlyTypedTargets = { type: Extract<ExecutionTargetType['type'], { case: 'target' }> };
-
-export type CorrectlyTypedExecution = Omit<Execution, 'targets' | 'condition'> & {
+export type CorrectlyTypedExecution = Omit<Execution, 'condition'> & {
   condition: CorrectlyTypedCondition;
-  targets: CorrectlyTypedTargets[];
 };
 
 export const correctlyTypeExecution = (execution: Execution): CorrectlyTypedExecution => {
@@ -48,9 +40,6 @@ export const correctlyTypeExecution = (execution: Execution): CorrectlyTypedExec
   return {
     ...execution,
     condition,
-    targets: execution.targets
-      .map(({ type }) => ({ type }))
-      .filter((target): target is CorrectlyTypedTargets => target.type.case === 'target'),
   };
 };
 
@@ -81,7 +70,7 @@ export class ActionTwoAddActionDialogComponent {
 
   protected readonly typeSignal = signal<ConditionType>('request');
   protected readonly conditionSignal = signal<MessageInitShape<typeof SetExecutionRequestSchema>['condition']>(undefined);
-  protected readonly targetsSignal = signal<MessageInitShape<typeof ExecutionTargetTypeSchema>[]>([]);
+  protected readonly targetsSignal = signal<string[]>([]);
 
   protected readonly continueSubject = new Subject<void>();
 
@@ -112,7 +101,7 @@ export class ActionTwoAddActionDialogComponent {
     this.targetsSignal.set(data.execution.targets);
     this.typeSignal.set(data.execution.condition.conditionType.case);
     this.conditionSignal.set(data.execution.condition);
-    this.preselectedTargetIds = data.execution.targets.map((target) => target.type.value);
+    this.preselectedTargetIds = data.execution.targets;
 
     this.page.set(Page.Target); // Set the initial page based on the provided execution data
   }
diff --git a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.html b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.html
index 422ed7991e..26d9e3be2c 100644
--- a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.html
+++ b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.html
@@ -1,4 +1,4 @@
-<form class="form-grid" [formGroup]="form()" (ngSubmit)="submit()">
+<form *ngIf="form$ | async as form" class="form-grid" [formGroup]="form" (ngSubmit)="submit()">
   <p class="target-description">{{ 'ACTIONSTWO.EXECUTION.DIALOG.TARGET.DESCRIPTION' | translate }}</p>
 
   <cnsl-form-field class="full-width">
@@ -8,9 +8,9 @@
       #trigger="matAutocompleteTrigger"
       #input
       type="text"
-      [formControl]="form().controls.autocomplete"
+      [formControl]="form.controls.autocomplete"
       [matAutocomplete]="autoservice"
-      (keydown.enter)="handleEnter($event); input.blur(); trigger.closePanel()"
+      (keydown.enter)="handleEnter($event, form); input.blur(); trigger.closePanel()"
     />
     <mat-autocomplete #autoservice="matAutocomplete">
       <mat-option *ngIf="targets().state === 'loading'" class="is-loading">
@@ -19,7 +19,7 @@
       <mat-option
         *ngFor="let target of selectableTargets(); trackBy: trackTarget"
         #option
-        (click)="addTarget(target); option.deselect()"
+        (click)="addTarget(target, form); option.deselect()"
         [value]="target.name"
       >
         {{ target.name }}
@@ -27,7 +27,7 @@
     </mat-autocomplete>
   </cnsl-form-field>
 
-  <table mat-table cdkDropList (cdkDropListDropped)="drop($event)" [dataSource]="dataSource" [trackBy]="trackTarget">
+  <table mat-table cdkDropList (cdkDropListDropped)="drop($event, form)" [dataSource]="dataSource" [trackBy]="trackTarget">
     <ng-container matColumnDef="order">
       <th mat-header-cell *matHeaderCellDef>Reorder</th>
       <td mat-cell *cnslCellDef="let row; let i = index; dataSource: dataSource">
@@ -48,7 +48,7 @@
             actions
             matTooltip="{{ 'ACTIONS.REMOVE' | translate }}"
             color="warn"
-            (click)="removeTarget(i)"
+            (click)="removeTarget(i, form)"
             mat-icon-button
           >
             <i class="las la-trash"></i>
@@ -65,7 +65,7 @@
       {{ 'ACTIONS.BACK' | translate }}
     </button>
     <span class="fill-space"></span>
-    <button color="primary" [disabled]="form().invalid" mat-raised-button type="submit">
+    <button color="primary" [disabled]="form.invalid" mat-raised-button type="submit">
       {{ 'ACTIONS.CONTINUE' | translate }}
     </button>
   </div>
diff --git a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.ts b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.ts
index e04368f8f4..60b4025650 100644
--- a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-target/actions-two-add-action-target.component.ts
@@ -14,7 +14,7 @@ import { RouterModule } from '@angular/router';
 import { TranslateModule } from '@ngx-translate/core';
 import { MatButtonModule } from '@angular/material/button';
 import { FormBuilder, FormControl, FormsModule, ReactiveFormsModule } from '@angular/forms';
-import { ReplaySubject, switchMap } from 'rxjs';
+import { ObservedValueOf, ReplaySubject, shareReplay, switchMap } from 'rxjs';
 import { MatRadioModule } from '@angular/material/radio';
 import { ActionService } from 'src/app/services/action.service';
 import { ToastService } from 'src/app/services/toast.service';
@@ -23,14 +23,13 @@ import { InputModule } from 'src/app/modules/input/input.module';
 import { MatProgressSpinnerModule } from '@angular/material/progress-spinner';
 import { MessageInitShape } from '@bufbuild/protobuf';
 import { Target } from '@zitadel/proto/zitadel/action/v2beta/target_pb';
-import { ExecutionTargetTypeSchema } from '@zitadel/proto/zitadel/action/v2beta/execution_pb';
 import { MatSelectModule } from '@angular/material/select';
 import { ActionConditionPipeModule } from 'src/app/pipes/action-condition-pipe/action-condition-pipe.module';
 import { MatTableDataSource, MatTableModule } from '@angular/material/table';
-import { startWith } from 'rxjs/operators';
+import { map, startWith } from 'rxjs/operators';
 import { TypeSafeCellDefModule } from 'src/app/directives/type-safe-cell-def/type-safe-cell-def.module';
 import { CdkDrag, CdkDragDrop, CdkDropList, moveItemInArray } from '@angular/cdk/drag-drop';
-import { toObservable, toSignal } from '@angular/core/rxjs-interop';
+import { toSignal } from '@angular/core/rxjs-interop';
 import { minArrayLengthValidator } from '../../../form-field/validators/validators';
 import { ProjectRoleChipModule } from '../../../project-role-chip/project-role-chip.module';
 import { MatTooltipModule } from '@angular/material/tooltip';
@@ -72,11 +71,12 @@ export class ActionsTwoAddActionTargetComponent {
   }
 
   @Output() public readonly back = new EventEmitter<void>();
-  @Output() public readonly continue = new EventEmitter<MessageInitShape<typeof ExecutionTargetTypeSchema>[]>();
+  @Output() public readonly continue = new EventEmitter<string[]>();
 
   private readonly preselectedTargetIds$ = new ReplaySubject<string[]>(1);
 
-  protected readonly form: ReturnType<typeof this.buildForm>;
+  protected readonly form$: ReturnType<typeof this.buildForm>;
+
   protected readonly targets: ReturnType<typeof this.listTargets>;
   private readonly selectedTargetIds: Signal<string[]>;
   protected readonly selectableTargets: Signal<Target[]>;
@@ -87,26 +87,27 @@ export class ActionsTwoAddActionTargetComponent {
     private readonly actionService: ActionService,
     private readonly toast: ToastService,
   ) {
-    this.form = this.buildForm();
+    this.form$ = this.buildForm().pipe(shareReplay({ refCount: true, bufferSize: 1 }));
     this.targets = this.listTargets();
 
-    this.selectedTargetIds = this.getSelectedTargetIds(this.form);
-    this.selectableTargets = this.getSelectableTargets(this.targets, this.selectedTargetIds);
+    this.selectedTargetIds = this.getSelectedTargetIds(this.form$);
+    this.selectableTargets = this.getSelectableTargets(this.targets, this.selectedTargetIds, this.form$);
     this.dataSource = this.getDataSource(this.targets, this.selectedTargetIds);
   }
 
   private buildForm() {
-    const preselectedTargetIds = toSignal(this.preselectedTargetIds$, { initialValue: [] as string[] });
-
-    return computed(() => {
-      return this.fb.group({
-        autocomplete: new FormControl('', { nonNullable: true }),
-        selectedTargetIds: new FormControl(preselectedTargetIds(), {
-          nonNullable: true,
-          validators: [minArrayLengthValidator(1)],
-        }),
-      });
-    });
+    return this.preselectedTargetIds$.pipe(
+      startWith([] as string[]),
+      map((preselectedTargetIds) => {
+        return this.fb.group({
+          autocomplete: new FormControl('', { nonNullable: true }),
+          selectedTargetIds: new FormControl(preselectedTargetIds, {
+            nonNullable: true,
+            validators: [minArrayLengthValidator(1)],
+          }),
+        });
+      }),
+    );
   }
 
   private listTargets() {
@@ -129,25 +130,35 @@ export class ActionsTwoAddActionTargetComponent {
     return computed(targetsSignal);
   }
 
-  private getSelectedTargetIds(form: typeof this.form) {
-    const selectedTargetIds$ = toObservable(form).pipe(
-      startWith(form()),
-      switchMap((form) => {
-        const { selectedTargetIds } = form.controls;
+  private getSelectedTargetIds(form$: typeof this.form$) {
+    const selectedTargetIds$ = form$.pipe(
+      switchMap(({ controls: { selectedTargetIds } }) => {
         return selectedTargetIds.valueChanges.pipe(startWith(selectedTargetIds.value));
       }),
     );
     return toSignal(selectedTargetIds$, { requireSync: true });
   }
 
-  private getSelectableTargets(targets: typeof this.targets, selectedTargetIds: Signal<string[]>) {
-    return computed(() => {
+  private getSelectableTargets(targets: typeof this.targets, selectedTargetIds: Signal<string[]>, form$: typeof this.form$) {
+    const autocomplete$ = form$.pipe(
+      switchMap(({ controls: { autocomplete } }) => {
+        return autocomplete.valueChanges.pipe(startWith(autocomplete.value));
+      }),
+    );
+    const autocompleteSignal = toSignal(autocomplete$, { requireSync: true });
+
+    const unselectedTargets = computed(() => {
       const targetsCopy = new Map(targets().targets);
       for (const selectedTargetId of selectedTargetIds()) {
         targetsCopy.delete(selectedTargetId);
       }
       return Array.from(targetsCopy.values());
     });
+
+    return computed(() => {
+      const autocomplete = autocompleteSignal().toLowerCase();
+      return unselectedTargets().filter(({ name }) => name.toLowerCase().includes(autocomplete));
+    });
   }
 
   private getDataSource(targetsSignal: typeof this.targets, selectedTargetIdsSignal: Signal<string[]>) {
@@ -178,46 +189,39 @@ export class ActionsTwoAddActionTargetComponent {
     return dataSource;
   }
 
-  protected addTarget(target: Target) {
-    const { selectedTargetIds } = this.form().controls;
+  protected addTarget(target: Target, form: ObservedValueOf<typeof this.form$>) {
+    const { selectedTargetIds } = form.controls;
     selectedTargetIds.setValue([target.id, ...selectedTargetIds.value]);
-    this.form().controls.autocomplete.setValue('');
+    form.controls.autocomplete.setValue('');
   }
 
-  protected removeTarget(index: number) {
-    const { selectedTargetIds } = this.form().controls;
+  protected removeTarget(index: number, form: ObservedValueOf<typeof this.form$>) {
+    const { selectedTargetIds } = form.controls;
     const data = [...selectedTargetIds.value];
     data.splice(index, 1);
     selectedTargetIds.setValue(data);
   }
 
-  protected drop(event: CdkDragDrop<undefined>) {
-    const { selectedTargetIds } = this.form().controls;
+  protected drop(event: CdkDragDrop<undefined>, form: ObservedValueOf<typeof this.form$>) {
+    const { selectedTargetIds } = form.controls;
 
     const data = [...selectedTargetIds.value];
     moveItemInArray(data, event.previousIndex, event.currentIndex);
     selectedTargetIds.setValue(data);
   }
 
-  protected handleEnter(event: Event) {
+  protected handleEnter(event: Event, form: ObservedValueOf<typeof this.form$>) {
     const selectableTargets = this.selectableTargets();
     if (selectableTargets.length !== 1) {
       return;
     }
 
     event.preventDefault();
-    this.addTarget(selectableTargets[0]);
+    this.addTarget(selectableTargets[0], form);
   }
 
   protected submit() {
-    const selectedTargets = this.selectedTargetIds().map((value) => ({
-      type: {
-        case: 'target' as const,
-        value,
-      },
-    }));
-
-    this.continue.emit(selectedTargets);
+    this.continue.emit(this.selectedTargetIds());
   }
 
   protected trackTarget(_: number, target: Target) {
diff --git a/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.html b/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.html
index 37d4f89dd0..717ee8f850 100644
--- a/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.html
+++ b/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.html
@@ -26,6 +26,9 @@
           {{ 'ACTIONSTWO.TARGET.CREATE.TYPES.' + type | translate }}
         </mat-option>
       </mat-select>
+      <span class="name-hint cnsl-secondary-text types-description">
+        {{ 'ACTIONSTWO.TARGET.CREATE.TYPES_DESCRIPTION' | translate }}
+      </span>
     </cnsl-form-field>
 
     <cnsl-form-field class="full-width">
diff --git a/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.scss b/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.scss
index 34a7d5203d..a68e1e87cb 100644
--- a/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.scss
+++ b/console/src/app/modules/actions-two/actions-two-add-target/actions-two-add-target-dialog.component.scss
@@ -23,3 +23,7 @@
 .name-hint {
   font-size: 12px;
 }
+
+.types-description {
+  white-space: pre-line;
+}
diff --git a/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets.component.html b/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets.component.html
index a6bde66e41..23b3b4bb89 100644
--- a/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets.component.html
+++ b/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets.component.html
@@ -1,4 +1,7 @@
 <h2>{{ 'ACTIONSTWO.TARGET.TITLE' | translate }}</h2>
+<cnsl-info-section [type]="InfoSectionType.ALERT">
+  {{ 'ACTIONSTWO.BETA_NOTE' | translate }}
+</cnsl-info-section>
 <p class="cnsl-secondary-text">{{ 'ACTIONSTWO.TARGET.DESCRIPTION' | translate }}</p>
 
 <cnsl-actions-two-targets-table
diff --git a/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets.component.ts b/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets.component.ts
index 45bee14605..f678b86482 100644
--- a/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-targets/actions-two-targets.component.ts
@@ -12,6 +12,7 @@ import {
   CreateTargetRequestSchema,
   UpdateTargetRequestSchema,
 } from '@zitadel/proto/zitadel/action/v2beta/action_service_pb';
+import { InfoSectionType } from '../../info-section/info-section.component';
 
 @Component({
   selector: 'cnsl-actions-two-targets',
@@ -76,7 +77,8 @@ export class ActionsTwoTargetsComponent {
       if ('id' in request) {
         await this.actionService.updateTarget(request);
       } else {
-        await this.actionService.createTarget(request);
+        const resp = await this.actionService.createTarget(request);
+        console.log(`Your singing key: ${resp.signingKey}`);
       }
 
       await new Promise((res) => setTimeout(res, 1000));
@@ -86,4 +88,6 @@ export class ActionsTwoTargetsComponent {
       this.toast.showError(error);
     }
   }
+
+  protected readonly InfoSectionType = InfoSectionType;
 }
diff --git a/console/src/app/modules/actions-two/actions-two.module.ts b/console/src/app/modules/actions-two/actions-two.module.ts
index 45d70193f9..a940264eb2 100644
--- a/console/src/app/modules/actions-two/actions-two.module.ts
+++ b/console/src/app/modules/actions-two/actions-two.module.ts
@@ -20,6 +20,7 @@ import { ProjectRoleChipModule } from '../project-role-chip/project-role-chip.mo
 import { ActionConditionPipeModule } from 'src/app/pipes/action-condition-pipe/action-condition-pipe.module';
 import { MatSelectModule } from '@angular/material/select';
 import { MatIconModule } from '@angular/material/icon';
+import { InfoSectionModule } from '../info-section/info-section.module';
 
 @NgModule({
   declarations: [
@@ -47,6 +48,7 @@ import { MatIconModule } from '@angular/material/icon';
     TypeSafeCellDefModule,
     ProjectRoleChipModule,
     ActionConditionPipeModule,
+    InfoSectionModule,
   ],
   exports: [ActionsTwoActionsComponent, ActionsTwoTargetsComponent, ActionsTwoTargetsTableComponent],
 })
diff --git a/console/src/app/modules/settings-list/settings.ts b/console/src/app/modules/settings-list/settings.ts
index 79b92e2214..c96431fa30 100644
--- a/console/src/app/modules/settings-list/settings.ts
+++ b/console/src/app/modules/settings-list/settings.ts
@@ -231,6 +231,7 @@ export const ACTIONS: SidenavSetting = {
     // todo: figure out roles
     [PolicyComponentServiceType.ADMIN]: ['iam.policy.read'],
   },
+  beta: true,
 };
 
 export const ACTIONS_TARGETS: SidenavSetting = {
@@ -241,4 +242,5 @@ export const ACTIONS_TARGETS: SidenavSetting = {
     // todo: figure out roles
     [PolicyComponentServiceType.ADMIN]: ['iam.policy.read'],
   },
+  beta: true,
 };
diff --git a/console/src/app/modules/sidenav/sidenav.component.html b/console/src/app/modules/sidenav/sidenav.component.html
index 277686852b..78e21e79f6 100644
--- a/console/src/app/modules/sidenav/sidenav.component.html
+++ b/console/src/app/modules/sidenav/sidenav.component.html
@@ -28,6 +28,7 @@
           [attr.data-e2e]="'sidenav-element-' + setting.id"
         >
           <span>{{ setting.i18nKey | translate }}</span>
+          <span class="state" *ngIf="setting?.beta">{{ 'SETTINGS.BETA' | translate }}</span>
           <mat-icon *ngIf="setting.showWarn" class="warn-icon" svgIcon="mdi_shield_alert"></mat-icon>
         </button>
       </ng-container>
diff --git a/console/src/app/modules/sidenav/sidenav.component.scss b/console/src/app/modules/sidenav/sidenav.component.scss
index 383857751c..bb55a6999d 100644
--- a/console/src/app/modules/sidenav/sidenav.component.scss
+++ b/console/src/app/modules/sidenav/sidenav.component.scss
@@ -90,6 +90,10 @@
             flex-shrink: 0;
           }
 
+          .state {
+            margin-left: 0.5rem;
+          }
+
           &:hover {
             span {
               opacity: 1;
diff --git a/console/src/app/modules/sidenav/sidenav.component.ts b/console/src/app/modules/sidenav/sidenav.component.ts
index 33539750a2..4b73491f08 100644
--- a/console/src/app/modules/sidenav/sidenav.component.ts
+++ b/console/src/app/modules/sidenav/sidenav.component.ts
@@ -11,6 +11,7 @@ export interface SidenavSetting {
     [PolicyComponentServiceType.ADMIN]?: string[];
   };
   showWarn?: boolean;
+  beta?: boolean;
 }
 
 @Component({
diff --git a/console/src/app/pages/actions/actions.component.html b/console/src/app/pages/actions/actions.component.html
index 4c55308ced..af936e2351 100644
--- a/console/src/app/pages/actions/actions.component.html
+++ b/console/src/app/pages/actions/actions.component.html
@@ -6,6 +6,9 @@
         <mat-icon class="icon">info_outline</mat-icon>
       </a>
     </div>
+    <cnsl-info-section [type]="InfoSectionType.ALERT">
+      {{ 'DESCRIPTIONS.ACTIONS.ACTIONSTWO_NOTE' | translate }}
+    </cnsl-info-section>
     <p class="desc cnsl-secondary-text">{{ 'DESCRIPTIONS.ACTIONS.DESCRIPTION' | translate }}</p>
 
     <cnsl-info-section class="max-actions" *ngIf="maxActions"
diff --git a/console/src/app/pages/actions/actions.component.ts b/console/src/app/pages/actions/actions.component.ts
index 7d5ac14ca1..f926e7b819 100644
--- a/console/src/app/pages/actions/actions.component.ts
+++ b/console/src/app/pages/actions/actions.component.ts
@@ -1,8 +1,7 @@
 import { CdkDragDrop, moveItemInArray } from '@angular/cdk/drag-drop';
-import { Component, OnDestroy } from '@angular/core';
+import { Component, DestroyRef } from '@angular/core';
 import { UntypedFormControl } from '@angular/forms';
 import { MatDialog } from '@angular/material/dialog';
-import { Subject, takeUntil } from 'rxjs';
 import { ActionKeysType } from 'src/app/modules/action-keys/action-keys.component';
 import { InfoSectionType } from 'src/app/modules/info-section/info-section.component';
 import { WarnDialogComponent } from 'src/app/modules/warn-dialog/warn-dialog.component';
@@ -13,31 +12,32 @@ import { ManagementService } from 'src/app/services/mgmt.service';
 import { ToastService } from 'src/app/services/toast.service';
 
 import { AddFlowDialogComponent } from './add-flow-dialog/add-flow-dialog.component';
+import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
 
 @Component({
   selector: 'cnsl-actions',
   templateUrl: './actions.component.html',
   styleUrls: ['./actions.component.scss'],
 })
-export class ActionsComponent implements OnDestroy {
-  public flow!: Flow.AsObject;
+export class ActionsComponent {
+  protected flow!: Flow.AsObject;
 
-  public typeControl: UntypedFormControl = new UntypedFormControl();
+  protected typeControl: UntypedFormControl = new UntypedFormControl();
 
-  public typesForSelection: FlowType.AsObject[] = [];
+  protected typesForSelection: FlowType.AsObject[] = [];
 
-  public selection: Action.AsObject[] = [];
-  public InfoSectionType: any = InfoSectionType;
-  public ActionKeysType: any = ActionKeysType;
+  protected selection: Action.AsObject[] = [];
+  protected InfoSectionType = InfoSectionType;
+  protected ActionKeysType = ActionKeysType;
 
-  public maxActions: number | null = null;
-  public ActionState: any = ActionState;
-  private destroy$: Subject<void> = new Subject();
+  protected maxActions: number | null = null;
+  protected ActionState = ActionState;
   constructor(
     private mgmtService: ManagementService,
     breadcrumbService: BreadcrumbService,
     private dialog: MatDialog,
     private toast: ToastService,
+    destroyRef: DestroyRef,
   ) {
     const bread: Breadcrumb = {
       type: BreadcrumbType.ORG,
@@ -45,31 +45,24 @@ export class ActionsComponent implements OnDestroy {
     };
     breadcrumbService.setBreadcrumb([bread]);
 
-    this.getFlowTypes();
+    this.getFlowTypes().then();
 
-    this.typeControl.valueChanges.pipe(takeUntil(this.destroy$)).subscribe((value) => {
+    this.typeControl.valueChanges.pipe(takeUntilDestroyed(destroyRef)).subscribe((value) => {
       this.loadFlow((value as FlowType.AsObject).id);
     });
   }
 
-  ngOnDestroy(): void {
-    this.destroy$.next();
-    this.destroy$.complete();
-  }
-
-  private getFlowTypes(): Promise<void> {
-    return this.mgmtService
-      .listFlowTypes()
-      .then((resp) => {
-        this.typesForSelection = resp.resultList;
-        if (!this.flow && resp.resultList[0]) {
-          const type = resp.resultList[0];
-          this.typeControl.setValue(type);
-        }
-      })
-      .catch((error: any) => {
-        this.toast.showError(error);
-      });
+  private async getFlowTypes(): Promise<void> {
+    try {
+      let resp = await this.mgmtService.listFlowTypes();
+      this.typesForSelection = resp.resultList;
+      if (!this.flow && resp.resultList[0]) {
+        const type = resp.resultList[0];
+        this.typeControl.setValue(type);
+      }
+    } catch (error) {
+      this.toast.showError(error);
+    }
   }
 
   private loadFlow(id: string) {
@@ -106,7 +99,7 @@ export class ActionsComponent implements OnDestroy {
     });
   }
 
-  public openAddTrigger(flow: FlowType.AsObject, trigger?: TriggerType.AsObject): void {
+  protected openAddTrigger(flow: FlowType.AsObject, trigger?: TriggerType.AsObject): void {
     const dialogRef = this.dialog.open(AddFlowDialogComponent, {
       data: {
         flowType: flow,
@@ -119,7 +112,7 @@ export class ActionsComponent implements OnDestroy {
       if (req) {
         this.mgmtService
           .setTriggerActions(req.getActionIdsList(), req.getFlowType(), req.getTriggerType())
-          .then((resp) => {
+          .then(() => {
             this.toast.showInfo('FLOWS.FLOWCHANGED', true);
             this.loadFlow(flow.id);
           })
@@ -157,7 +150,7 @@ export class ActionsComponent implements OnDestroy {
     }
   }
 
-  public removeTriggerActionsList(index: number) {
+  protected removeTriggerActionsList(index: number) {
     if (this.flow.type && this.flow.triggerActionsList && this.flow.triggerActionsList[index]) {
       const dialogRef = this.dialog.open(WarnDialogComponent, {
         data: {
diff --git a/console/src/app/pages/instance/instance.component.ts b/console/src/app/pages/instance/instance.component.ts
index 546553132d..e52cdd7198 100644
--- a/console/src/app/pages/instance/instance.component.ts
+++ b/console/src/app/pages/instance/instance.component.ts
@@ -42,8 +42,6 @@ import { SidenavSetting } from 'src/app/modules/sidenav/sidenav.component';
 import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
 import { EnvironmentService } from 'src/app/services/environment.service';
 import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
-import { NewFeatureService } from '../../services/new-feature.service';
-import { withLatestFromSynchronousFix } from '../../utils/withLatestFromSynchronousFix';
 @Component({
   selector: 'cnsl-instance',
   templateUrl: './instance.component.html',
@@ -106,7 +104,6 @@ export class InstanceComponent {
     private readonly envService: EnvironmentService,
     activatedRoute: ActivatedRoute,
     private readonly destroyRef: DestroyRef,
-    private readonly featureService: NewFeatureService,
   ) {
     this.loadMembers();
 
@@ -139,32 +136,7 @@ export class InstanceComponent {
   }
 
   private getSettingsList(): Observable<SidenavSetting[]> {
-    const features$ = this.getFeatures().pipe(shareReplay({ refCount: true, bufferSize: 1 }));
-
-    const actionsEnabled$ = features$.pipe(map((features) => features?.actions?.enabled));
-
-    return this.authService
-      .isAllowedMapper(this.defaultSettingsList, (setting) => setting.requiredRoles.admin || [])
-      .pipe(
-        withLatestFromSynchronousFix(actionsEnabled$),
-        map(([settings, actionsEnabled]) =>
-          settings
-            .filter((setting) => actionsEnabled || setting.id !== ACTIONS.id)
-            .filter((setting) => actionsEnabled || setting.id !== ACTIONS_TARGETS.id),
-        ),
-      );
-  }
-
-  private getFeatures() {
-    return defer(() => this.featureService.getInstanceFeatures()).pipe(
-      timeout(1000),
-      catchError((error) => {
-        if (!(error instanceof TimeoutError)) {
-          this.toast.showError(error);
-        }
-        return of(undefined);
-      }),
-    );
+    return this.authService.isAllowedMapper(this.defaultSettingsList, (setting) => setting.requiredRoles.admin || []);
   }
 
   public loadMembers(): void {
diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json
index 4bd94d5ce6..30d9c53763 100644
--- a/console/src/assets/i18n/bg.json
+++ b/console/src/assets/i18n/bg.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Потоци",
         "DESCRIPTION": "Изберете поток за удостоверяване и активирайте вашето действие при конкретно събитие в този поток."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, нова и подобрена версия на Actions, вече е налична. Настоящата версия все още е достъпна, но бъдещото развитие ще бъде фокусирано върху новата, която в крайна сметка ще замени текущата версия."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -528,6 +529,7 @@
     "APPLY": "Прилагам"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "В момента използвате новата версия Actions V2, която е в бета фаза. Предишната версия 1 все още е достъпна, но ще бъде спряна в бъдеще. Моля, съобщавайте за всякакви проблеми или изпратете обратна връзка.",
     "EXECUTION": {
       "TITLE": "Действия",
       "DESCRIPTION": "Действията ви позволяват да изпълнявате персонализиран код в отговор на API заявки, събития или специфични функции. Използвайте ги, за да разширите Zitadel, да автоматизирате работни процеси и да се интегрирате с други системи.",
@@ -618,6 +620,7 @@
           "restCall": "REST извикване",
           "restAsync": "REST асинхронно"
         },
+        "TYPES_DESCRIPTION": "Webhook, обаждането обработва кода на състоянието, но отговорът е без значение\nCall, обаждането обработва кода на състоянието и отговора\nAsync, обаждането не обработва нито кода на състоянието, нито отговора, но може да бъде извикано паралелно с други цели",
         "ENDPOINT": "Крайна точка",
         "ENDPOINT_DESCRIPTION": "Въведете крайната точка, където се хоства вашият код. Уверете се, че е достъпна за нас!",
         "TIMEOUT": "Време за изчакване",
@@ -1507,7 +1510,8 @@
       "APPEARANCE": "Външен вид",
       "OTHER": "други",
       "STORAGE": "Съхранение"
-    }
+    },
+    "BETA": "БЕТА"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/cs.json b/console/src/assets/i18n/cs.json
index 6dd066789e..ee43e86822 100644
--- a/console/src/assets/i18n/cs.json
+++ b/console/src/assets/i18n/cs.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Flows",
         "DESCRIPTION": "Vyberte proces autentizace a spusťte vaši akci na konkrétní události v rámci tohoto procesu."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, nová a vylepšená verze Actions, je nyní k dispozici. Aktuální verze je stále přístupná, ale budoucí vývoj se zaměří na novou verzi, která nakonec nahradí tu současnou."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "Platit"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "Aktuálně používáte novou verzi Actions V2, která je v beta verzi. Předchozí verze 1 je stále k dispozici, ale v budoucnu bude ukončena. Prosím, hlaste jakékoliv problémy nebo zpětnou vazbu.",
     "EXECUTION": {
       "TITLE": "Akce",
       "DESCRIPTION": "Akce vám umožňují spouštět vlastní kód v reakci na požadavky API, události nebo specifické funkce. Použijte je k rozšíření Zitadel, automatizaci pracovních postupů a integraci s dalšími systémy.",
@@ -619,6 +621,7 @@
           "restCall": "REST Volání",
           "restAsync": "REST Asynchronní"
         },
+        "TYPES_DESCRIPTION": "Webhook, volání zpracovává stavový kód, ale odpověď je irelevantní\nCall, volání zpracovává stavový kód a odpověď\nAsync, volání nezpracovává ani stavový kód, ani odpověď, ale může být spuštěno paralelně s jinými cíli",
         "ENDPOINT": "Koncový bod",
         "ENDPOINT_DESCRIPTION": "Zadejte koncový bod, kde je hostován váš kód. Ujistěte se, že je pro nás přístupný!",
         "TIMEOUT": "Časový limit",
@@ -1508,7 +1511,8 @@
       "APPEARANCE": "Vzhled",
       "OTHER": "Ostatní",
       "STORAGE": "Data"
-    }
+    },
+    "BETA": "BETA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json
index cb973006e4..3993674992 100644
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Flows",
         "DESCRIPTION": "Wähle einen Authentifizierungsflow und löse deine Aktionen bei einem spezifischen Ereignis innerhalb dieses Flows aus."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, eine neue und verbesserte Version von Actions, ist jetzt verfügbar. Die aktuelle Version ist weiterhin zugänglich, aber unsere zukünftige Entwicklung wird sich auf die neue Version konzentrieren, die schließlich die aktuelle ersetzen wird."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "Anwenden"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "Sie verwenden derzeit die neuen Actions V2, die sich in der Beta-Phase befinden. Version 1 ist weiterhin verfügbar, wird jedoch in Zukunft eingestellt. Bitte melden Sie Probleme oder Feedback.",
     "EXECUTION": {
       "TITLE": "Aktionen",
       "DESCRIPTION": "Aktionen ermöglichen es Ihnen, benutzerdefinierten Code als Reaktion auf API-Anfragen, Ereignisse oder bestimmte Funktionen auszuführen. Verwenden Sie sie, um Zitadel zu erweitern, Arbeitsabläufe zu automatisieren und sich in andere Systeme zu integrieren.",
@@ -619,6 +621,7 @@
           "restCall": "REST Aufruf",
           "restAsync": "REST Asynchron"
         },
+        "TYPES_DESCRIPTION": "Webhook, der Aufruf verarbeitet den Statuscode, aber die Antwort ist irrelevant\nCall, der Aufruf verarbeitet den Statuscode und die Antwort\nAsync, der Aufruf verarbeitet weder Statuscode noch Antwort, kann aber parallel zu anderen Zielen aufgerufen werden",
         "ENDPOINT": "Endpunkt",
         "ENDPOINT_DESCRIPTION": "Geben Sie den Endpunkt ein, an dem Ihr Code gehostet wird. Stellen Sie sicher, dass er für uns zugänglich ist!",
         "TIMEOUT": "Timeout",
@@ -1508,7 +1511,8 @@
       "APPEARANCE": "Erscheinungsbild",
       "OTHER": "Anderes",
       "STORAGE": "Speicher"
-    }
+    },
+    "BETA": "BETA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json
index be0a3d3f17..fd81bfd353 100644
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Flows",
         "DESCRIPTION": "Choose an authentication flow and trigger your action on a specific event within this flow."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2 a new, improved version of Actions is now available. The current version is still accessible, but our future development will focus on the new one, which will eventually replace the current version."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "Apply"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "You are currently using the new Actions V2, which is in beta. The previous Version 1 is still available but will be discontinued in the future. Please report any issues or feedback.",
     "EXECUTION": {
       "TITLE": "Actions",
       "DESCRIPTION": "Actions let you run custom code in response to API requests, events or specific functions. Use them to extend Zitadel, automate workflows, and itegrate with other systems.",
@@ -619,6 +621,7 @@
           "restCall": "REST Call",
           "restAsync": "REST Async"
         },
+        "TYPES_DESCRIPTION": "Webhook, the call handles the status code but response is irrelevant\nCall, the call handles the status code and response\nAsync, the call handles neither status code nor response, but can be called in parallel with other Targets",
         "ENDPOINT": "Endpoint",
         "ENDPOINT_DESCRIPTION": "Enter the endpoint where your code is hosted. Make sure it is accessible to us!",
         "TIMEOUT": "Timeout",
@@ -1511,7 +1514,8 @@
       "OTHER": "Other",
       "STORAGE": "Storage",
       "ACTIONS": "Actions"
-    }
+    },
+    "BETA": "BETA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json
index 0fc95241af..aec024eacb 100644
--- a/console/src/assets/i18n/es.json
+++ b/console/src/assets/i18n/es.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Flujos",
         "DESCRIPTION": "Elige un flujo de autenticación y activa tu acción en un evento específico dentro de este flujo."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, una nueva y mejorada versión de Actions, ya está disponible. La versión actual sigue siendo accesible, pero nuestro desarrollo futuro se centrará en la nueva, que acabará reemplazando la versión actual."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "Aplicar"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "Actualmente estás usando la nueva versión Actions V2, que está en fase beta. La versión anterior 1 todavía está disponible, pero será descontinuada en el futuro. Por favor, informa de cualquier problema o comentario.",
     "EXECUTION": {
       "TITLE": "Acciones",
       "DESCRIPTION": "Las acciones te permiten ejecutar código personalizado en respuesta a solicitudes de API, eventos o funciones específicas. Úsalas para extender Zitadel, automatizar flujos de trabajo e integrarte con otros sistemas.",
@@ -619,6 +621,7 @@
           "restCall": "Llamada REST",
           "restAsync": "REST Asíncrono"
         },
+        "TYPES_DESCRIPTION": "Webhook, la llamada maneja el código de estado pero la respuesta es irrelevante\nCall, la llamada maneja el código de estado y la respuesta\nAsync, la llamada no maneja ni el código de estado ni la respuesta, pero puede ser llamada en paralelo con otros objetivos",
         "ENDPOINT": "Punto de conexión",
         "ENDPOINT_DESCRIPTION": "Introduce el punto de conexión donde se aloja tu código. ¡Asegúrate de que sea accesible para nosotros!",
         "TIMEOUT": "Tiempo de espera",
@@ -1509,7 +1512,8 @@
       "APPEARANCE": "Apariencia",
       "OTHER": "Otros",
       "STORAGE": "Datos"
-    }
+    },
+    "BETA": "BETA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json
index 60a0a3e482..05e34ad846 100644
--- a/console/src/assets/i18n/fr.json
+++ b/console/src/assets/i18n/fr.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Flux",
         "DESCRIPTION": "Choisissez un flux d'authentification et déclenchez votre action sur un événement spécifique dans ce flux."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, une nouvelle version améliorée de Actions, est désormais disponible. La version actuelle reste accessible, mais notre développement futur se concentrera sur la nouvelle, qui finira par remplacer la version actuelle."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "Appliquer"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "Vous utilisez actuellement la nouvelle version Actions V2, qui est en phase bêta. L'ancienne version 1 est toujours disponible mais sera arrêtée à l'avenir. Veuillez signaler tout problème ou commentaire.",
     "EXECUTION": {
       "TITLE": "Actions",
       "DESCRIPTION": "Les actions vous permettent d'exécuter du code personnalisé en réponse à des requêtes API, des événements ou des fonctions spécifiques. Utilisez-les pour étendre Zitadel, automatiser les flux de travail et vous intégrer à d'autres systèmes.",
@@ -619,6 +621,7 @@
           "restCall": "Appel REST",
           "restAsync": "REST Asynchrone"
         },
+        "TYPES_DESCRIPTION": "Webhook, l'appel gère le code d'état mais la réponse est sans importance\nCall, l'appel gère le code d'état et la réponse\nAsync, l'appel ne gère ni le code d'état ni la réponse, mais peut être appelé en parallèle avec d'autres cibles",
         "ENDPOINT": "Point de terminaison",
         "ENDPOINT_DESCRIPTION": "Entrez le point de terminaison où votre code est hébergé. Assurez-vous qu'il nous est accessible !",
         "TIMEOUT": "Délai d'attente",
@@ -1508,7 +1511,8 @@
       "APPEARANCE": "Apparence",
       "OTHER": "Autres",
       "STORAGE": "Stockage"
-    }
+    },
+    "BETA": "BÊTA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/hu.json b/console/src/assets/i18n/hu.json
index 5724c45a51..d46bc96153 100644
--- a/console/src/assets/i18n/hu.json
+++ b/console/src/assets/i18n/hu.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Folyamatok",
         "DESCRIPTION": "Válassz egy hitelesítési folyamatot, és váltasd ki a műveletedet egy adott esemény bekövetkezésekor ebben a folyamatban."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Az Actions V2, az Actions új, továbbfejlesztett verziója mostantól elérhető. A jelenlegi verzió továbbra is elérhető, de a jövőbeli fejlesztéseink az új verzióra összpontosítanak, amely végül felváltja a jelenlegi verziót."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "Alkalmaz"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "Jelenleg az új Actions V2-t használja, amely béta verzióban van. Az előző 1-es verzió továbbra is elérhető, de a jövőben megszűnik. Kérjük, jelezze az esetleges problémákat vagy visszajelzéseit.",
     "EXECUTION": {
       "TITLE": "Műveletek",
       "DESCRIPTION": "A műveletek lehetővé teszik egyedi kód futtatását API-kérésekre, eseményekre vagy konkrét függvényekre válaszul. Használja őket a Zitadel kiterjesztéséhez, a munkafolyamatok automatizálásához és más rendszerekkel való integrációhoz.",
@@ -619,6 +621,7 @@
           "restCall": "REST Hívás",
           "restAsync": "REST Aszinkron"
         },
+        "TYPES_DESCRIPTION": "Webhook, a hívás kezeli az állapotkódot, de a válasz lényegtelen\nCall, a hívás kezeli az állapotkódot és a választ\nAsync, a hívás sem az állapotkódot, sem a választ nem kezeli, de párhuzamosan hívható más célokkal",
         "ENDPOINT": "Végpont",
         "ENDPOINT_DESCRIPTION": "Adja meg azt a végpontot, ahol a kódja található. Győződjön meg arról, hogy elérhető számunkra!",
         "TIMEOUT": "Időtúllépés",
@@ -1508,7 +1511,8 @@
       "APPEARANCE": "Megjelenés",
       "OTHER": "Egyéb",
       "STORAGE": "Tárolás"
-    }
+    },
+    "BETA": "BÉTA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/id.json b/console/src/assets/i18n/id.json
index 77584e883b..f8831a224d 100644
--- a/console/src/assets/i18n/id.json
+++ b/console/src/assets/i18n/id.json
@@ -69,7 +69,8 @@
       "FLOWS": {
         "TITLE": "Mengalir",
         "DESCRIPTION": "Pilih alur autentikasi dan picu tindakan Anda pada peristiwa tertentu dalam alur ini."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, versi baru dan lebih baik dari Actions, sekarang tersedia. Versi saat ini masih dapat diakses, tetapi pengembangan di masa depan akan difokuskan pada versi baru ini yang pada akhirnya akan menggantikan versi saat ini."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -496,6 +497,7 @@
     "APPLY": "Menerapkan"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "Anda saat ini menggunakan Actions V2 baru, yang masih dalam versi beta. Versi sebelumnya, Versi 1, masih tersedia tetapi akan dihentikan di masa depan. Silakan laporkan masalah atau berikan masukan.",
     "EXECUTION": {
       "TITLE": "Tindakan",
       "DESCRIPTION": "Tindakan memungkinkan Anda menjalankan kode khusus sebagai respons terhadap permintaan API, peristiwa, atau fungsi tertentu. Gunakan ini untuk memperluas Zitadel, mengotomatiskan alur kerja, dan berintegrasi dengan sistem lain.",
@@ -586,6 +588,7 @@
           "restCall": "Panggilan REST",
           "restAsync": "REST Asinkron"
         },
+        "TYPES_DESCRIPTION": "Webhook, panggilan menangani kode status tetapi respons tidak relevan\nCall, panggilan menangani kode status dan respons\nAsync, panggilan tidak menangani kode status maupun respons, tetapi dapat dipanggil secara paralel dengan Target lain",
         "ENDPOINT": "Titik Akhir",
         "ENDPOINT_DESCRIPTION": "Masukkan titik akhir tempat kode Anda dihosting. Pastikan dapat diakses oleh kami!",
         "TIMEOUT": "Batas Waktu",
@@ -1386,7 +1389,8 @@
       "APPEARANCE": "Penampilan",
       "OTHER": "Lainnya",
       "STORAGE": "Penyimpanan"
-    }
+    },
+    "BETA": "BETA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json
index b01762b175..5dad683bca 100644
--- a/console/src/assets/i18n/it.json
+++ b/console/src/assets/i18n/it.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Flussi",
         "DESCRIPTION": "Scegli un flusso di autenticazione e attiva la tua azione su un evento specifico all'interno di questo flusso."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, una nuova versione migliorata di Actions, è ora disponibile. La versione attuale è ancora accessibile, ma i futuri sviluppi si concentreranno su quella nuova, che alla fine sostituirà la versione corrente."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -528,6 +529,7 @@
     "APPLY": "Applicare"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "Stai attualmente utilizzando la nuova versione Actions V2, che è in beta. La precedente Versione 1 è ancora disponibile, ma sarà dismessa in futuro. Ti preghiamo di segnalare eventuali problemi o feedback.",
     "EXECUTION": {
       "TITLE": "Azioni",
       "DESCRIPTION": "Le azioni consentono di eseguire codice personalizzato in risposta a richieste API, eventi o funzioni specifiche. Usale per estendere Zitadel, automatizzare i flussi di lavoro e integrarti con altri sistemi.",
@@ -618,6 +620,7 @@
           "restCall": "Chiamata REST",
           "restAsync": "REST Asincrono"
         },
+        "TYPES_DESCRIPTION": "Webhook, la chiamata gestisce il codice di stato ma la risposta è irrilevante\nCall, la chiamata gestisce il codice di stato e la risposta\nAsync, la chiamata non gestisce né il codice di stato né la risposta, ma può essere eseguita in parallelo con altri obiettivi",
         "ENDPOINT": "Endpoint",
         "ENDPOINT_DESCRIPTION": "Inserisci l'endpoint in cui è ospitato il tuo codice. Assicurati che sia accessibile per noi!",
         "TIMEOUT": "Timeout",
@@ -1508,7 +1511,8 @@
       "APPEARANCE": "Aspetto",
       "OTHER": "Altro",
       "STORAGE": "Dati"
-    }
+    },
+    "BETA": "BETA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json
index c0429ec816..f09dfeb564 100644
--- a/console/src/assets/i18n/ja.json
+++ b/console/src/assets/i18n/ja.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "フロー",
         "DESCRIPTION": "認証フローを選択し、そのフロー内の特定のイベントでアクションをトリガーします。"
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2（アクションズV2）、改善された新しいバージョンが利用可能になりました。現在のバージョンも引き続き利用可能ですが、今後の開発は新バージョンに集中し、最終的には現在のバージョンを置き換える予定です。"
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "アプライ"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "現在、新しいActions V2（ベータ版）を使用しています。以前のバージョン1はまだ利用可能ですが、今後廃止される予定です。問題やフィードバックがあればお知らせください。",
     "EXECUTION": {
       "TITLE": "アクション",
       "DESCRIPTION": "アクションを使用すると、APIリクエスト、イベント、または特定の関数に応答してカスタムコードを実行できます。これらを使用して、Zitadelを拡張し、ワークフローを自動化し、他のシステムと統合します。",
@@ -619,6 +621,7 @@
           "restCall": "REST 呼び出し",
           "restAsync": "REST 非同期"
         },
+        "TYPES_DESCRIPTION": "Webhook、呼び出しはステータスコードを処理しますが、応答は無関係です\nCall、呼び出しはステータスコードと応答を処理します\nAsync、呼び出しはステータスコードも応答も処理しませんが、他のターゲットと並行して呼び出すことができます",
         "ENDPOINT": "エンドポイント",
         "ENDPOINT_DESCRIPTION": "コードがホストされているエンドポイントを入力します。アクセス可能であることを確認してください。",
         "TIMEOUT": "タイムアウト",
@@ -1508,7 +1511,8 @@
       "APPEARANCE": "設定",
       "OTHER": "その他",
       "STORAGE": "ストレージ"
-    }
+    },
+    "BETA": "ベータ"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/ko.json b/console/src/assets/i18n/ko.json
index b791234cd5..304f52e127 100644
--- a/console/src/assets/i18n/ko.json
+++ b/console/src/assets/i18n/ko.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "플로우",
         "DESCRIPTION": "인증 플로우를 선택하고 이 플로우 내의 특정 이벤트에서 작업을 트리거하세요."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, 개선된 새로운 버전이 출시되었습니다. 현재 버전은 여전히 접근할 수 있지만, 앞으로의 개발은 새로운 버전에 집중될 것이며, 결국 현재 버전을 대체할 것입니다."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "적용"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "현재 베타 버전인 새로운 Actions V2를 사용하고 있습니다. 이전 버전 1은 여전히 사용 가능하지만, 향후 중단될 예정입니다. 문제나 피드백이 있으면 알려주세요.",
     "EXECUTION": {
       "TITLE": "작업",
       "DESCRIPTION": "작업을 통해 API 요청, 이벤트 또는 특정 함수에 대한 응답으로 사용자 지정 코드를 실행할 수 있습니다. 이를 사용하여 Zitadel을 확장하고 워크플로를 자동화하며 다른 시스템과 통합합니다.",
@@ -619,6 +621,7 @@
           "restCall": "REST 호출",
           "restAsync": "REST 비동기"
         },
+        "TYPES_DESCRIPTION": "Webhook, 호출은 상태 코드를 처리하지만 응답은 중요하지 않습니다\nCall, 호출은 상태 코드와 응답을 처리합니다\nAsync, 호출은 상태 코드나 응답을 처리하지 않지만 다른 대상과 병렬로 호출할 수 있습니다",
         "ENDPOINT": "엔드포인트",
         "ENDPOINT_DESCRIPTION": "코드가 호스팅되는 엔드포인트를 입력하십시오. 우리에게 액세스할 수 있는지 확인하십시오!",
         "TIMEOUT": "시간 초과",
@@ -1508,7 +1511,8 @@
       "APPEARANCE": "외형",
       "OTHER": "기타",
       "STORAGE": "저장소"
-    }
+    },
+    "BETA": "베타"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json
index 22e0e6d3d7..1ab4dce534 100644
--- a/console/src/assets/i18n/mk.json
+++ b/console/src/assets/i18n/mk.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Текови",
         "DESCRIPTION": "Изберете тек на автентификација и активирајте ја вашата акција на специфичен настан во тој тек."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, нова и подобрена верзија на Actions, сега е достапна. Сегашната верзија сè уште е достапна, но идниот развој ќе биде насочен кон новата верзија, која на крајот ќе ја замени сегашната."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "Пријавете се"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "",
     "EXECUTION": {
       "TITLE": "Акции",
       "DESCRIPTION": "Акциите ви овозможуваат да извршувате прилагоден код како одговор на API барања, настани или специфични функции. Користете ги за да го проширите Zitadel, да ги автоматизирате работните процеси и да се интегрирате со други системи.",
@@ -619,6 +621,7 @@
           "restCall": "REST Повик",
           "restAsync": "REST Асинхроно"
         },
+        "TYPES_DESCRIPTION": "Webhook, повикот го обработува статусниот код но одговорот е ирелевантен\nCall, повикот го обработува статусниот код и одговорот\nAsync, повикот не го обработува ниту статусниот код ниту одговорот, но може да се повика паралелно со други цели",
         "ENDPOINT": "Крајна точка",
         "ENDPOINT_DESCRIPTION": "Внесете ја крајната точка каде што е хостиран вашиот код. Осигурете се дека е достапна за нас!",
         "TIMEOUT": "Време на истекување",
@@ -1509,7 +1512,8 @@
       "APPEARANCE": "Изглед",
       "OTHER": "Друго",
       "STORAGE": "складирање"
-    }
+    },
+    "BETA": "БЕТА"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/nl.json b/console/src/assets/i18n/nl.json
index 112474e770..a08f62ed20 100644
--- a/console/src/assets/i18n/nl.json
+++ b/console/src/assets/i18n/nl.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Stromen",
         "DESCRIPTION": "Kies een authenticatiestroom en activeer je actie bij een specifieke gebeurtenis binnen deze stroom."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, een nieuwe en verbeterde versie van Actions, is nu beschikbaar. De huidige versie blijft toegankelijk, maar onze toekomstige ontwikkeling zal zich richten op de nieuwe versie, die uiteindelijk de huidige zal vervangen."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "Toepassen"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "U gebruikt momenteel de nieuwe Actions V2, die zich in de bètaversie bevindt. De vorige versie 1 is nog beschikbaar maar zal in de toekomst worden stopgezet. Meld alstublieft eventuele problemen of feedback.",
     "EXECUTION": {
       "TITLE": "Acties",
       "DESCRIPTION": "Met acties kunt u aangepaste code uitvoeren als reactie op API-verzoeken, gebeurtenissen of specifieke functies. Gebruik ze om Zitadel uit te breiden, workflows te automatiseren en te integreren met andere systemen.",
@@ -619,6 +621,7 @@
           "restCall": "REST Aanroep",
           "restAsync": "REST Asynchroon"
         },
+        "TYPES_DESCRIPTION": "Webhook, de oproep verwerkt de statuscode maar de reactie is irrelevant\nCall, de oproep verwerkt de statuscode en de reactie\nAsync, de oproep verwerkt noch de statuscode noch de reactie, maar kan parallel aan andere doelen worden aangeroepen",
         "ENDPOINT": "Eindpunt",
         "ENDPOINT_DESCRIPTION": "Voer het eindpunt in waar uw code wordt gehost. Zorg ervoor dat het voor ons toegankelijk is!",
         "TIMEOUT": "Time-out",
@@ -1508,7 +1511,8 @@
       "APPEARANCE": "Verschijning",
       "OTHER": "Andere",
       "STORAGE": "opslag"
-    }
+    },
+    "BETA": "BÈTA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json
index 3244ccb4a6..3902378af6 100644
--- a/console/src/assets/i18n/pl.json
+++ b/console/src/assets/i18n/pl.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Przepływy",
         "DESCRIPTION": "Wybierz przepływ uwierzytelniania i wywołaj swoją akcję przy określonym zdarzeniu w tym przepływie."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, nowa, ulepszona wersja Actions, jest już dostępna. Obecna wersja jest nadal dostępna, ale przyszły rozwój będzie skoncentrowany na nowej wersji, która ostatecznie zastąpi obecną."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -528,6 +529,7 @@
     "APPLY": "Stosować"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "Obecnie korzystasz z nowej wersji Actions V2, która jest w fazie beta. Poprzednia wersja 1 jest nadal dostępna, ale w przyszłości zostanie wycofana. Prosimy o zgłaszanie wszelkich problemów lub opinii.",
     "EXECUTION": {
       "TITLE": "Akcje",
       "DESCRIPTION": "Akcje umożliwiają uruchamianie niestandardowego kodu w odpowiedzi na żądania API, zdarzenia lub określone funkcje. Użyj ich, aby rozszerzyć Zitadel, zautomatyzować przepływy pracy i zintegrować się z innymi systemami.",
@@ -618,6 +620,7 @@
           "restCall": "Wywołanie REST",
           "restAsync": "REST Asynchroniczny"
         },
+        "TYPES_DESCRIPTION": "Webhook, wywołanie obsługuje kod stanu, ale odpowiedź jest nieistotna\nCall, wywołanie obsługuje kod stanu i odpowiedź\nAsync, wywołanie nie obsługuje ani kodu stanu, ani odpowiedzi, ale może być wywoływane równolegle z innymi celami",
         "ENDPOINT": "Punkt końcowy",
         "ENDPOINT_DESCRIPTION": "Wprowadź punkt końcowy, w którym hostowany jest Twój kod. Upewnij się, że jest dla nas dostępny!",
         "TIMEOUT": "Limit czasu",
@@ -1507,7 +1510,8 @@
       "APPEARANCE": "Wygląd",
       "OTHER": "Inne",
       "STORAGE": "składowanie"
-    }
+    },
+    "BETA": "BETA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json
index 30b0f1d4e8..016785f2c8 100644
--- a/console/src/assets/i18n/pt.json
+++ b/console/src/assets/i18n/pt.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Fluxos",
         "DESCRIPTION": "Escolha um fluxo de autenticação e acione sua ação em um evento específico dentro desse fluxo."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, uma nova e melhorada versão de Actions, já está disponível. A versão atual ainda é acessível, mas o nosso desenvolvimento futuro se concentrará na nova versão, que acabará por substituir a atual."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "Aplicar"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "Você está atualmente usando a nova Actions V2, que está em versão beta. A versão anterior 1 ainda está disponível, mas será descontinuada no futuro. Por favor, reporte quaisquer problemas ou envie feedback.",
     "EXECUTION": {
       "TITLE": "Ações",
       "DESCRIPTION": "As ações permitem que você execute código personalizado em resposta a solicitações de API, eventos ou funções específicas. Use-as para estender o Zitadel, automatizar fluxos de trabalho e integrar-se a outros sistemas.",
@@ -619,6 +621,7 @@
           "restCall": "Chamada REST",
           "restAsync": "REST Assíncrono"
         },
+        "TYPES_DESCRIPTION": "Webhook, a chamada lida com o código de status, mas a resposta é irrelevante\nCall, a chamada lida com o código de status e a resposta\nAsync, a chamada não lida nem com o código de status nem com a resposta, mas pode ser chamada em paralelo com outros alvos",
         "ENDPOINT": "Ponto de Extremidade",
         "ENDPOINT_DESCRIPTION": "Insira o ponto de extremidade onde seu código está hospedado. Certifique-se de que ele esteja acessível para nós!",
         "TIMEOUT": "Tempo Limite",
@@ -1509,7 +1512,8 @@
       "APPEARANCE": "Aparência",
       "OTHER": "Outro",
       "STORAGE": "armazenar"
-    }
+    },
+    "BETA": "BETA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/ro.json b/console/src/assets/i18n/ro.json
index 6c73852beb..4ad511c466 100644
--- a/console/src/assets/i18n/ro.json
+++ b/console/src/assets/i18n/ro.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Fluxuri",
         "DESCRIPTION": "Alegeți un flux de autentificare și declanșați acțiunea dvs. la un anumit eveniment din cadrul acestui flux."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, o nouă versiune îmbunătățită a Actions, este acum disponibilă. Versiunea actuală este încă accesibilă, dar dezvoltarea viitoare se va concentra pe cea nouă, care în cele din urmă va înlocui versiunea actuală."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "Aplicați"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "În prezent utilizați noua versiune Actions V2, care este în faza beta. Versiunea anterioară 1 este încă disponibilă, dar va fi întreruptă în viitor. Vă rugăm să raportați orice problemă sau feedback.",
     "EXECUTION": {
       "TITLE": "Acțiuni",
       "DESCRIPTION": "Acțiunile vă permit să rulați cod personalizat ca răspuns la cereri API, evenimente sau funcții specifice. Folosiți-le pentru a extinde Zitadel, a automatiza fluxurile de lucru și a vă integra cu alte sisteme.",
@@ -619,6 +621,7 @@
           "restCall": "Apel REST",
           "restAsync": "REST Asincron"
         },
+        "TYPES_DESCRIPTION": "Webhook, apelul gestionează codul de stare, dar răspunsul este irelevant\nCall, apelul gestionează codul de stare și răspunsul\nAsync, apelul nu gestionează nici codul de stare, nici răspunsul, dar poate fi apelat în paralel cu alte Ținte",
         "ENDPOINT": "Punct Final",
         "ENDPOINT_DESCRIPTION": "Introduceți punctul final unde este găzduit codul dvs. Asigurați-vă că este accesibil pentru noi!",
         "TIMEOUT": "Timeout",
@@ -1506,7 +1509,8 @@
       "APPEARANCE": "Aspect",
       "OTHER": "Altele",
       "STORAGE": "Stocare"
-    }
+    },
+    "BETA": "BETA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/ru.json b/console/src/assets/i18n/ru.json
index 6e2d7df7b4..43bc266be0 100644
--- a/console/src/assets/i18n/ru.json
+++ b/console/src/assets/i18n/ru.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Потоки",
         "DESCRIPTION": "Выберите поток аутентификации и активируйте ваше действие на определенном событии в этом потоке."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, новая и улучшенная версия Actions, теперь доступна. Текущая версия всё ещё доступна, но дальнейшая разработка будет сосредоточена на новой версии, которая в конечном итоге заменит текущую."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "Применять"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "Вы используете новую версию Actions V2, которая находится в бета-тестировании. Предыдущая версия 1 всё ещё доступна, но будет отключена в будущем. Пожалуйста, сообщайте о любых проблемах или отправляйте отзывы.",
     "EXECUTION": {
       "TITLE": "Действия",
       "DESCRIPTION": "Действия позволяют запускать пользовательский код в ответ на API-запросы, события или определенные функции. Используйте их для расширения Zitadel, автоматизации рабочих процессов и интеграции с другими системами.",
@@ -619,6 +621,7 @@
           "restCall": "REST Вызов",
           "restAsync": "REST Асинхронный"
         },
+        "TYPES_DESCRIPTION": "Webhook, вызов обрабатывает код состояния, но ответ не имеет значения\nCall, вызов обрабатывает код состояния и ответ\nAsync, вызов не обрабатывает ни код состояния, ни ответ, но может выполняться параллельно с другими целями",
         "ENDPOINT": "Конечная точка",
         "ENDPOINT_DESCRIPTION": "Введите конечную точку, где размещен ваш код. Убедитесь, что он доступен для нас!",
         "TIMEOUT": "Тайм-аут",
@@ -1553,7 +1556,8 @@
       "APPEARANCE": "Вид",
       "OTHER": "Другое",
       "STORAGE": "хранилище"
-    }
+    },
+    "BETA": "БЕТА"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/sv.json b/console/src/assets/i18n/sv.json
index e747571f7a..00b7854603 100644
--- a/console/src/assets/i18n/sv.json
+++ b/console/src/assets/i18n/sv.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "Flöden",
         "DESCRIPTION": "Välj ett autentiseringsflöde och trigga din åtgärd vid en specifik händelse inom detta flöde."
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2, en ny och förbättrad version av Actions, är nu tillgänglig. Den nuvarande versionen är fortfarande tillgänglig, men framtida utveckling kommer att fokusera på den nya, som så småningom kommer att ersätta den nuvarande."
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "Tillämpa"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "Du använder för närvarande nya Actions V2, som är i betaversion. Den tidigare versionen 1 är fortfarande tillgänglig men kommer att avvecklas i framtiden. Vänligen rapportera eventuella problem eller ge feedback.",
     "EXECUTION": {
       "TITLE": "Åtgärder",
       "DESCRIPTION": "Åtgärder låter dig köra anpassad kod som svar på API-förfrågningar, händelser eller specifika funktioner. Använd dem för att utöka Zitadel, automatisera arbetsflöden och integrera med andra system.",
@@ -619,6 +621,7 @@
           "restCall": "REST Anrop",
           "restAsync": "REST Asynkron"
         },
+        "TYPES_DESCRIPTION": "Webhook, anropet hanterar statuskoden men svaret är irrelevant\nCall, anropet hanterar statuskoden och svaret\nAsync, anropet hanterar varken statuskod eller svar men kan anropas parallellt med andra mål",
         "ENDPOINT": "Slutpunkt",
         "ENDPOINT_DESCRIPTION": "Ange slutpunkten där din kod finns. Se till att den är tillgänglig för oss!",
         "TIMEOUT": "Tidsgräns",
@@ -1512,7 +1515,8 @@
       "APPEARANCE": "Utseende",
       "OTHER": "Övrigt",
       "STORAGE": "Lagring"
-    }
+    },
+    "BETA": "BETA"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json
index 945e4200ef..496b3d528e 100644
--- a/console/src/assets/i18n/zh.json
+++ b/console/src/assets/i18n/zh.json
@@ -75,7 +75,8 @@
       "FLOWS": {
         "TITLE": "流程",
         "DESCRIPTION": "选择一个认证流程，并在该流程中的特定事件上触发您的操作。"
-      }
+      },
+      "ACTIONSTWO_NOTE": "Actions V2，一个全新改进版的Actions，现在已上线。目前版本仍可使用，但未来开发将专注于新版本，最终将取代当前版本。"
     },
     "SETTINGS": {
       "INSTANCE": {
@@ -529,6 +530,7 @@
     "APPLY": "申请"
   },
   "ACTIONSTWO": {
+    "BETA_NOTE": "您目前正在使用新的 Actions V2（测试版）。之前的版本1仍可使用，但未来将停止支持。请报告任何问题或反馈意见。",
     "EXECUTION": {
       "TITLE": "操作",
       "DESCRIPTION": "操作允许您运行自定义代码以响应 API 请求、事件或特定函数。使用它们来扩展 Zitadel、自动化工作流程并与其他系统集成。",
@@ -619,6 +621,7 @@
           "restCall": "REST 调用",
           "restAsync": "REST 异步"
         },
+        "TYPES_DESCRIPTION": "Webhook，调用处理状态码但响应无关紧要\nCall，调用处理状态码和响应\nAsync，调用既不处理状态码也不处理响应，但可以与其他目标并行调用",
         "ENDPOINT": "端点",
         "ENDPOINT_DESCRIPTION": "输入您的代码托管的端点。确保我们可以访问它！",
         "TIMEOUT": "超时",
@@ -1508,7 +1511,8 @@
       "APPEARANCE": "外观",
       "OTHER": "其他",
       "STORAGE": "贮存"
-    }
+    },
+    "BETA": "测试版"
   },
   "SETTING": {
     "LANGUAGES": {
diff --git a/console/yarn.lock b/console/yarn.lock
index 5dd602dfa8..2e586abedb 100644
--- a/console/yarn.lock
+++ b/console/yarn.lock
@@ -3452,29 +3452,22 @@
     js-yaml "^3.10.0"
     tslib "^2.4.0"
 
-"@zitadel/client@^1.0.7":
-  version "1.0.7"
-  resolved "https://registry.yarnpkg.com/@zitadel/client/-/client-1.0.7.tgz#39dc8d3d10bfa01e5cf56205ba188f79c39f052d"
-  integrity sha512-sZG4NEa8vQBt3+4W1AesY+5DstDBuZiqGH2EM+UqbO5D93dlDZInXqZ5oRE7RSl2Bk5ED9mbMFrB7b8DuRw72A==
+"@zitadel/client@1.2.0":
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/@zitadel/client/-/client-1.2.0.tgz#8cdc3090f75fcf3a78c4f0266d3c56a0cca6821a"
+  integrity sha512-Q20nXhKD7VDb8D1UxhDxubC70GFrSPckrJviPR/rAfRR5slUIRTk3AvDS6Q1WvUn4Xtt+btnq52Z5O8lZtVG0w==
   dependencies:
     "@bufbuild/protobuf" "^2.2.2"
     "@connectrpc/connect" "^2.0.0"
     "@connectrpc/connect-node" "^2.0.0"
     "@connectrpc/connect-web" "^2.0.0"
-    "@zitadel/proto" "1.0.4"
+    "@zitadel/proto" "1.2.0"
     jose "^5.3.0"
 
-"@zitadel/proto@1.0.4":
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/@zitadel/proto/-/proto-1.0.4.tgz#e2fe9895f2960643c3619191255aa2f4913ad873"
-  integrity sha512-s13ZMhuOTe0b+geV+JgJud+kpYdq7TgkuCe7RIY+q4Xs5KC0FHMKfvbAk/jpFbD+TSQHiwo/TBNZlGHdwUR9Ig==
-  dependencies:
-    "@bufbuild/protobuf" "^2.2.2"
-
-"@zitadel/proto@1.0.5-sha-4118a9d":
-  version "1.0.5-sha-4118a9d"
-  resolved "https://registry.yarnpkg.com/@zitadel/proto/-/proto-1.0.5-sha-4118a9d.tgz#e09025f31b2992b061d5416a0d1e12ef370118cc"
-  integrity sha512-7ZFwISL7TqdCkfEUx7/H6UJDqX8ZP2jqG1ulbELvEQ2smrK365Zs7AkJGeB/xbVdhQW9BOhWy2R+Jni7sfxd2w==
+"@zitadel/proto@1.2.0":
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/@zitadel/proto/-/proto-1.2.0.tgz#9b9a40defcd9e8464627cc99ac3fd7bcf8994ffd"
+  integrity sha512-OqHgyCnD9l950xswdVNPIsLA01qSpOPf+0bYqYJWHafytIBbvGNJRnypu4X0LnaFXLM6LakkP4pWYeiGLmwxaw==
   dependencies:
     "@bufbuild/protobuf" "^2.2.2"
 

From c36b0ab2e2a0a2632cffae4fe6ac086a126bc2a8 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Tue, 29 Apr 2025 16:12:34 +0200
Subject: [PATCH 025/123] docs(self-hosting): add login to lb example (#9496)

# Which Problems Are Solved

We have no docs for self-hosting the login using the standard login as a
standalone docker container.

# How the Problems Are Solved

A common self-hosting case is to publish the login at the same domain as
Zitadel behind a reverse proxy.
That's why we extend the load balancing example.
We refocus the example from *making TLS work* to *running multiple
services behind the proxy and connect them using an internal network and
DNS*. I decided this together with @fforootd.

For authenticating with the login application, we have to set up a
service user and give it the role IAM_LOGIN_CLIENT. We do so in the
use-new-login "job" container as `zitadel setup` only supports Zitadel
users with the role IAM_ADMIN AFAIR.

The login application relies on a healthy Zitadel API on startup, which
is why we fix the containers readiness reports.

# Additional Changes

- We deploy the init and setup jobs independently, because this better
reflects our production recommendatinons.
It gives more control over the upgrade process.
- We use the ExternalDomain *127.0.0.1.sslip.io* instead of *my.domain*,
because this doesn't require changing the local DNS resolution by
changing */etc/hosts* for local tests.

# Testing

The commands in the preview docs use to the configuration files on main.
This is fine when the PR is merged but not for testing the PR.
Replace the used links to make them point to the PRs changed files.
Instead of the commands in the preview docs, use these:

```bash
# Download the docker compose example configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/refs/heads/docs-compose-login/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml

# Download the Traefik example configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/refs/heads/docs-compose-login/docs/docs/self-hosting/deploy/loadbalancing-example/example-traefik.yaml

# Download and adjust the example configuration file containing standard configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/refs/heads/docs-compose-login/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-config.yaml

# Download and adjust the example configuration file containing secret configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/refs/heads/docs-compose-login/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-secrets.yaml

# Download and adjust the example configuration file containing database initialization configuration.
wget https://raw.githubusercontent.com/zitadel/zitadel/refs/heads/docs-compose-login/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-init-steps.yaml

# A single ZITADEL instance always needs the same 32 bytes long masterkey
# Generate one to a file if you haven't done so already and pass it as environment variable
LC_ALL=C tr -dc '[:graph:]' </dev/urandom | head -c 32 > ./zitadel-masterkey
export ZITADEL_MASTERKEY="$(cat ./zitadel-masterkey)"

# Run the database and application containers
docker compose up --detach --wait
```

# Additional Context

- Closes https://github.com/zitadel/DevOps/issues/111
- Depends on https://github.com/zitadel/typescript/pull/412
- Contributes to road map item
https://github.com/zitadel/zitadel/issues/9481
---
 .../deploy/loadbalancing-example/.gitignore   |   1 +
 .../loadbalancing-example/docker-compose.yaml | 153 +++++++++++++++---
 .../example-traefik.yaml                      |  57 ++-----
 .../example-zitadel-config.yaml               |  31 ++--
 .../example-zitadel-init-steps.yaml           |  12 +-
 .../loadbalancing-example.mdx                 |  35 ++--
 6 files changed, 183 insertions(+), 106 deletions(-)
 create mode 100644 docs/docs/self-hosting/deploy/loadbalancing-example/.gitignore

diff --git a/docs/docs/self-hosting/deploy/loadbalancing-example/.gitignore b/docs/docs/self-hosting/deploy/loadbalancing-example/.gitignore
new file mode 100644
index 0000000000..bd98bacd66
--- /dev/null
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/.gitignore
@@ -0,0 +1 @@
+.env-file
diff --git a/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml b/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml
index d1d8c95bb2..013fc2aa22 100644
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml
@@ -1,48 +1,157 @@
 services:
 
-  traefik:
+  db:
+    image: postgres:17-alpine
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=root
+      - POSTGRES_PASSWORD=postgres
     networks:
-      - 'zitadel'
-    image: "traefik:latest"
-    ports:
-      - "80:80"
-      - "443:443"
+      - 'storage'
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready", "-d", "db_prod"]
+      interval: 10s
+      timeout: 60s
+      retries: 5
+      start_period: 10s
     volumes:
-      - "./example-traefik.yaml:/etc/traefik/traefik.yaml"
+      - 'data:/var/lib/postgresql/data:rw'
 
-  zitadel:
-    restart: 'always'
+  zitadel-init:
+    restart: 'no'
     networks:
-      - 'zitadel'
+      - 'storage'
     image: 'ghcr.io/zitadel/zitadel:latest'
-    command: 'start-from-init --config /example-zitadel-config.yaml --config /example-zitadel-secrets.yaml --steps /example-zitadel-init-steps.yaml --masterkey "${ZITADEL_MASTERKEY}" --tlsMode external'
+    command: 'init --config /example-zitadel-config.yaml --config /example-zitadel-secrets.yaml'
     depends_on:
       db:
         condition: 'service_healthy'
     volumes:
       - './example-zitadel-config.yaml:/example-zitadel-config.yaml:ro'
       - './example-zitadel-secrets.yaml:/example-zitadel-secrets.yaml:ro'
+
+  zitadel-setup:
+    restart: 'no'
+    networks:
+      - 'storage'
+    # We use the debug image so we have the environment to
+    # - create the .env file for the login to authenticate at Zitadel
+    # - set the correct permissions for the .env-file folder
+    image: 'ghcr.io/zitadel/zitadel:latest-debug'
+    user: root
+    entrypoint: '/bin/sh'
+    command:
+    - -c
+    - >
+      /app/zitadel setup
+      --config /example-zitadel-config.yaml
+      --config /example-zitadel-secrets.yaml
+      --steps /example-zitadel-init-steps.yaml
+      --masterkey ${ZITADEL_MASTERKEY} &&
+      mv /pat /.env-file/pat || exit 0 &&
+      echo ZITADEL_SERVICE_USER_TOKEN=$(cat /.env-file/pat) > /.env-file/.env &&
+      chown -R 1001:${GID} /.env-file &&
+      chmod -R 770 /.env-file
+    environment:
+      - GID
+    depends_on:
+      zitadel-init:
+        condition: 'service_completed_successfully'
+        restart: false
+    volumes:
+      - './.env-file:/.env-file:rw'
+      - './example-zitadel-config.yaml:/example-zitadel-config.yaml:ro'
+      - './example-zitadel-secrets.yaml:/example-zitadel-secrets.yaml:ro'
       - './example-zitadel-init-steps.yaml:/example-zitadel-init-steps.yaml:ro'
 
-  db:
-    image: postgres:17-alpine
-    restart: always
-    environment:
-      - POSTGRES_USER=root
-      - POSTGRES_PASSWORD=postgres
+  zitadel:
+    restart: 'unless-stopped'
     networks:
-      - 'zitadel'
+      - 'backend'
+      - 'storage'
+    image: 'ghcr.io/zitadel/zitadel:latest'
+    command: >
+      start --config /example-zitadel-config.yaml
+      --config /example-zitadel-secrets.yaml
+      --masterkey ${ZITADEL_MASTERKEY}
+    depends_on:
+      zitadel-setup:
+        condition: 'service_completed_successfully'
+        restart: true
+    volumes:
+      - './example-zitadel-config.yaml:/example-zitadel-config.yaml:ro'
+      - './example-zitadel-secrets.yaml:/example-zitadel-secrets.yaml:ro'
+    ports:
+      - "8080:8080"
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready", "-d", "db_prod"]
+      test: [
+        "CMD", "/app/zitadel", "ready",
+        "--config", "/example-zitadel-config.yaml",
+        "--config", "/example-zitadel-secrets.yaml"
+      ]
       interval: 10s
       timeout: 60s
       retries: 5
-      start_period: 10s 
+      start_period: 10s
+
+  # The use-new-login service configures Zitadel to use the new login v2 for all applications.
+  # It also gives the setupped machine user the necessary IAM_LOGIN_CLIENT role.
+  use-new-login:
+    restart: 'on-failure'
+    user: "1001"
+    networks:
+      - 'backend'
+    image: 'badouralix/curl-jq:alpine'
+    entrypoint: '/bin/sh'
+    command:
+      - -c
+      - >
+        curl -X PUT -H "Host: 127.0.0.1.sslip.io" -H "Authorization: Bearer $(cat ./.env-file/pat)" --insecure http://zitadel:8080/v2/features/instance -d '{"loginV2": {"required": true}}' &&
+        LOGIN_USER=$(curl --fail-with-body  -H "Host: 127.0.0.1.sslip.io" -H "Authorization: Bearer $(cat ./.env-file/pat)" --insecure http://zitadel:8080/auth/v1/users/me | jq -r '.user.id') &&
+        curl -X PUT  -H "Host: 127.0.0.1.sslip.io" -H "Authorization: Bearer $(cat ./.env-file/pat)" --insecure http://zitadel:8080/admin/v1/members/$${LOGIN_USER} -d '{"roles": ["IAM_OWNER", "IAM_LOGIN_CLIENT"]}'
     volumes:
-      - 'data:/var/lib/postgresql/data:rw'
+      - './.env-file:/.env-file:ro'
+    depends_on:
+      zitadel:
+        condition: 'service_healthy'
+        restart: false
+
+  login:
+    restart: 'unless-stopped'
+    networks:
+      - 'backend'
+    image: 'ghcr.io/zitadel/login:main'
+    environment:
+      - ZITADEL_API_URL=http://zitadel:8080
+      - CUSTOM_REQUEST_HEADERS=Host:127.0.0.1.sslip.io
+      - NEXT_PUBLIC_BASE_PATH="/ui/v2/login"
+    user: "${UID:-1000}"
+    volumes:
+      - './.env-file:/.env-file:ro'
+    depends_on:
+      zitadel:
+        condition: 'service_healthy'
+        restart: false
+
+  traefik:
+    restart: 'unless-stopped'
+    networks:
+      - 'backend'
+    image: "traefik:latest"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "./example-traefik.yaml:/etc/traefik/traefik.yaml"
+    depends_on:
+      zitadel:
+        condition: 'service_healthy'
+      login:
+        condition: 'service_started'
 
 networks:
-  zitadel:
+  storage:
+  backend:
 
 volumes:
   data:
diff --git a/docs/docs/self-hosting/deploy/loadbalancing-example/example-traefik.yaml b/docs/docs/self-hosting/deploy/loadbalancing-example/example-traefik.yaml
index c16f74a46d..a3af425172 100644
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/example-traefik.yaml
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/example-traefik.yaml
@@ -4,66 +4,37 @@ log:
 accessLog: {}
 
 entrypoints:
-  web:
-    address: ":80"
-
   websecure:
     address: ":443"
 
-tls:
-  stores:
-    default:
-      # generates self-signed certificates
-      defaultCertificate:
-
 providers:
   file:
     filename: /etc/traefik/traefik.yaml
 
 http:
-  middlewares:
-    zitadel:
-      headers:
-        isDevelopment: false
-        allowedHosts:
-        - 'my.domain'
-        customRequestHeaders:
-          authority: 'my.domain'
-    redirect-to-https:
-      redirectScheme:
-        scheme: https
-        port: 443
-        permanent: true
-
   routers:
-    # Redirect HTTP to HTTPS
-    router0:
+    login:
       entryPoints:
-      - web
-      middlewares:
-      - redirect-to-https
-      rule: 'HostRegexp(`my.domain`, `{subdomain:[a-z]+}.my.domain`)'
-      service: zitadel
-    # The actual ZITADEL router
-    router1:
+        - websecure
+      service: login
+      rule: 'Host(`127.0.0.1.sslip.io`) && PathPrefix(`/ui/v2/login`)'
+      tls: {}
+    zitadel:
       entryPoints:
       - websecure
       service: zitadel
-      middlewares:
-      - zitadel
-      rule: 'HostRegexp(`my.domain`, `{subdomain:[a-z]+}.my.domain`)'
-      tls:
-        domains:
-          - main: "my.domain"
-            sans:
-              - "*.my.domain"
-              - "my.domain"
+      rule: 'Host(`127.0.0.1.sslip.io`) && !PathPrefix(`/ui/v2/login`)'
+      tls: {}
 
-  # Add the service
   services:
+    login:
+      loadBalancer:
+        servers:
+          - url: http://login:3000
+        passHostHeader: true
     zitadel:
       loadBalancer:
         servers:
-          # h2c is the scheme for unencrypted HTTP/2
         - url: h2c://zitadel:8080
         passHostHeader: true
+
diff --git a/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-config.yaml b/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-config.yaml
index 392bf1148e..fadd39373d 100644
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-config.yaml
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-config.yaml
@@ -1,26 +1,29 @@
 # All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
-Log:
-  Level: 'info'
 
-# Make ZITADEL accessible over HTTPs, not HTTP
 ExternalSecure: true
-ExternalDomain: my.domain
+ExternalDomain: 127.0.0.1.sslip.io
 ExternalPort: 443
 
+# Traefik terminates TLS. Inside the Docker network, we use plain text.
+TLS.Enabled: false
+
 # If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
 Database:
   postgres:
     Host: 'db'
     Port: 5432
     Database: zitadel
-    User:
-      SSL:
-        Mode: 'disable'
-    Admin:
-      SSL:
-        Mode: 'disable'
+    User.SSL.Mode: 'disable'
+    Admin.SSL.Mode: 'disable'
 
-LogStore:
-  Access:
-    Stdout:
-      Enabled: true
+# By default, ZITADEL should redirect to /ui/v2/login
+OIDC:
+  DefaultLoginURLV2: "/ui/v2/login/login?authRequest=" # ZITADEL_OIDC_DEFAULTLOGINURLV2
+  DefaultLogoutURLV2: "/ui/v2/login/logout?post_logout_redirect=" # ZITADEL_OIDC_DEFAULTLOGOUTURLV2
+SAML.DefaultLoginURLV2: "/ui/v2/login/login?authRequest=" # ZITADEL_SAML_DEFAULTLOGINURLV2
+
+# Access logs allow us to debug Network issues
+LogStore.Access.Stdout.Enabled: true
+
+# Skipping the MFA init step allows us to immediately authenticate at the console
+DefaultInstance.LoginPolicy.MfaInitSkipLifetime: "0s"
diff --git a/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-init-steps.yaml b/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-init-steps.yaml
index 804e3d18d8..be63164ced 100644
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-init-steps.yaml
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-init-steps.yaml
@@ -1,8 +1,12 @@
 # All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/setup/steps.yaml
 FirstInstance:
+  PatPath: '/pat'
   Org:
-    Name: 'My Org'
+    # We want to authenticate immediately at the console without changing the password
     Human:
-      # use the loginname root@my-org.my.domain
-      Username: 'root'
-      Password: 'RootPassword1!'
+      PasswordChangeRequired: false
+    Machine:
+      Machine:
+        Username: 'login-container'
+        Name: 'Login Container'
+      Pat.ExpirationDate: '2029-01-01T00:00:00Z'
diff --git a/docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx b/docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx
index d5e3984568..88cd4c7700 100644
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx
@@ -1,5 +1,5 @@
 ---
-title: A ZITADEL Load Balancing Example
+title: A Zitadel Load Balancing Example
 ---
 
 import CodeBlock from '@theme/CodeBlock';
@@ -8,16 +8,16 @@ import ExampleTraefikSource from '!!raw-loader!./example-traefik.yaml'
 import ExampleZITADELConfigSource from '!!raw-loader!./example-zitadel-config.yaml'
 import ExampleZITADELSecretsSource from '!!raw-loader!./example-zitadel-secrets.yaml'
 import ExampleZITADELInitStepsSource from '!!raw-loader!./example-zitadel-init-steps.yaml'
-import NoteInstanceNotFound from '../troubleshooting/_note_instance_not_found.mdx';
 
-With this example configuration, you create a near production environment for ZITADEL with [Docker Compose](https://docs.docker.com/compose/).
-
-The stack consists of three long-running containers:
-- A [Traefik](https://doc.traefik.io/traefik/) reverse proxy with upstream HTTP/2 enabled, issuing a self-signed TLS certificate.
-- A secure ZITADEL container configured for a custom domain. As we terminate TLS with Traefik, we configure ZITADEL for `--tlsMode external`.
+The stack consists of four long-running containers and a couple of short-lived containers:
+- A [Traefik](https://doc.traefik.io/traefik/) reverse proxy container with upstream HTTP/2 enabled, issuing a self-signed TLS certificate.
+- A Login container that is accessible via Traefik at `/ui/v2/login`
+- A Zitadel container that is accessible via Traefik at all other paths than `/ui/v2/login`.
 - An insecure [PostgreSQL](https://www.postgresql.org/docs/current/index.html).
 
-The setup is tested against Docker version 20.10.17 and Docker Compose version v2.2.3
+The Traefik container and the login container call the Zitadel container via the internal Docker network at `h2c://zitadel:8080`
+
+The setup is tested against Docker version 28.0.4 and Docker Compose version v2.34.0
 
 By executing the commands below, you will download the following files:
 
@@ -64,22 +64,11 @@ tr -dc A-Za-z0-9 </dev/urandom | head -c 32 > ./zitadel-masterkey
 export ZITADEL_MASTERKEY="$(cat ./zitadel-masterkey)"
 
 # Run the database and application containers
-docker compose up --detach
+docker compose up --detach --wait
 ```
 
-Make `127.0.0.1` available at `my.domain`. For example, this can be achieved with an entry `127.0.0.1 my.domain` in the `/etc/hosts` file.
-
-Open your favorite internet browser at [https://my.domain/ui/console/](https://my.domain/ui/console/).
-You can safely proceed, if your browser warns you about the insecure self-signed TLS certificate.
-This is the IAM admin users login according to your configuration in the [example-zitadel-init-steps.yaml](./example-zitadel-init-steps.yaml):
-- **username**: *root@<span></span>my-org.my.domain*
-- **password**: *RootPassword1!*
+Open your favorite internet browser at https://127.0.0.1.sslip.io/ui/console?login_hint=zitadel-admin@zitadel.127.0.0.1.sslip.io.
+Your browser warns you about the insecure self-signed TLS certificate. As 127.0.0.1.sslip.io resolves to your localhost, you can safely proceed.
+Use the password *Password1!* to log in.
 
 Read more about [the login process](/guides/integrate/login/oidc/login-users).
-
-<NoteInstanceNotFound/>
-
-## Troubleshooting
-
-You can connect to the database like this: `docker exec -it loadbalancing-example-db-1 psql --host localhost`
-For example, to show all login names: `docker exec -it loadbalancing-example-db-1 psql -d zitadel --host localhost -c 'select * from projections.login_names3'`

From fa3efd9da3ad998242ad680e803f6c2bb256cb9f Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Tue, 29 Apr 2025 16:33:23 +0200
Subject: [PATCH 026/123] docs: fix Illegal byte sequence (#9750)

# Which Problems Are Solved

In some docs pages, we propose to generate a Zitadel masterkey using the
command `tr -dc A-Za-z0-9 </dev/urandom | head -c 32`. However, this
fails on some systems/locations with the error message `tr: Illegal byte
sequence`.

# How the Problems Are Solved

We replace the command by this more portable variant: `LC_ALL=C tr -dc
'[:graph:]' </dev/urandom | head -c 32`

# Additional Changes

None

# Additional Context

Found by @fcoppede while testing #9496. The new command works for him.
---
 .../deploy/loadbalancing-example/loadbalancing-example.mdx    | 2 +-
 docs/docs/self-hosting/manage/configure/_compose.mdx          | 2 +-
 docs/docs/self-hosting/manage/configure/_linuxunix.mdx        | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx b/docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx
index 88cd4c7700..d4c27ccd95 100644
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx
@@ -60,7 +60,7 @@ wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosti
 
 # A single ZITADEL instance always needs the same 32 bytes long masterkey
 # Generate one to a file if you haven't done so already and pass it as environment variable
-tr -dc A-Za-z0-9 </dev/urandom | head -c 32 > ./zitadel-masterkey
+LC_ALL=C tr -dc '[:graph:]' </dev/urandom | head -c 32 > ./zitadel-masterkey
 export ZITADEL_MASTERKEY="$(cat ./zitadel-masterkey)"
 
 # Run the database and application containers
diff --git a/docs/docs/self-hosting/manage/configure/_compose.mdx b/docs/docs/self-hosting/manage/configure/_compose.mdx
index 5e8b1c3937..837d4c6e62 100644
--- a/docs/docs/self-hosting/manage/configure/_compose.mdx
+++ b/docs/docs/self-hosting/manage/configure/_compose.mdx
@@ -43,7 +43,7 @@ wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosti
 
 # A single ZITADEL instance always needs the same 32 bytes long masterkey
 # Generate one to a file if you haven't done so already and pass it as environment variable
-tr -dc A-Za-z0-9 </dev/urandom | head -c 32 > ./zitadel-masterkey
+LC_ALL=C tr -dc '[:graph:]' </dev/urandom | head -c 32 > ./zitadel-masterkey
 export ZITADEL_MASTERKEY="$(cat ./zitadel-masterkey)"
 
 # Run the database and application containers
diff --git a/docs/docs/self-hosting/manage/configure/_linuxunix.mdx b/docs/docs/self-hosting/manage/configure/_linuxunix.mdx
index 6be833caea..65130ea195 100644
--- a/docs/docs/self-hosting/manage/configure/_linuxunix.mdx
+++ b/docs/docs/self-hosting/manage/configure/_linuxunix.mdx
@@ -35,7 +35,7 @@ wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosti
 # A single ZITADEL instance always needs the same 32 characters long masterkey
 # If you haven't done so already, you can generate a new one
 # The key must be passed as argument
-ZITADEL_MASTERKEY="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"
+ZITADEL_MASTERKEY="$(LC_ALL=C tr -dc '[:graph:]' </dev/urandom | head -c 32)"
 
 # Pass zitadel configuration by configuration files
 zitadel start-from-init \
@@ -62,7 +62,7 @@ export ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD="RootPassword1!"
 
 # A single ZITADEL instance always needs the same 32 bytes long masterkey
 # Generate one to a file if you haven't done so already and pass it as environment variable
-tr -dc A-Za-z0-9 </dev/urandom | head -c 32 > ./zitadel-masterkey
+LC_ALL=C tr -dc '[:graph:]' </dev/urandom | head -c 32 > ./zitadel-masterkey
 
 # Let the zitadel binary read configuration from environment variables
 zitadel start-from-init --masterkey "${ZITADEL_MASTERKEY}" --tlsMode disabled --masterkeyFile ./zitadel-masterkey

From 91bc71db74fbfd6945822418a5fa8df4439f5757 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Tue, 29 Apr 2025 16:54:53 +0200
Subject: [PATCH 027/123] fix(instance): add web key generation to instance
 defaults (#9815)

# Which Problems Are Solved

Webkeys were not generated with new instances when the webkey feature
flag was enabled for instance defaults. This would cause a redirect loop
with console for new instances on QA / coud.

# How the Problems Are Solved

- uncomment the webkeys section on defaults.yaml
- Fix field naming of webkey config

# Additional Changes

- Add all available features as comments.
- Make the improved performance type enum parsable from the config,
untill now they were just ints.
- Running of the enumer command created missing enum entries for feature
keys.

# Additional Context

- Needs to be back-ported to v3 / next-rc

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 cmd/defaults.yaml                             |  31 +++--
 internal/api/grpc/feature/v2/converter.go     |   6 +-
 internal/api/grpc/feature/v2beta/converter.go |   6 +-
 internal/feature/feature.go                   |   3 +-
 .../feature/improvedperformancetype_enumer.go | 106 ++++++++++++++++++
 internal/feature/key_enumer.go                |  66 +++++------
 6 files changed, 171 insertions(+), 47 deletions(-)
 create mode 100644 internal/feature/improvedperformancetype_enumer.go

diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index 55e14bbada..f20fbc03fc 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -959,16 +959,15 @@ DefaultInstance:
   EmailTemplate: CjwhZG9jdHlwZSBodG1sPgo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCIgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSI+CjxoZWFkPgogIDx0aXRsZT4KCiAgPC90aXRsZT4KICA8IS0tW2lmICFtc29dPjwhLS0+CiAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1lZGdlIj4KICA8IS0tPCFbZW5kaWZdLS0+CiAgPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgiPgogIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MSI+CiAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KICAgICNvdXRsb29rIGEgeyBwYWRkaW5nOjA7IH0KICAgIGJvZHkgeyBtYXJnaW46MDtwYWRkaW5nOjA7LXdlYmtpdC10ZXh0LXNpemUtYWRqdXN0OjEwMCU7LW1zLXRleHQtc2l6ZS1hZGp1c3Q6MTAwJTsgfQogICAgdGFibGUsIHRkIHsgYm9yZGVyLWNvbGxhcHNlOmNvbGxhcHNlO21zby10YWJsZS1sc3BhY2U6MHB0O21zby10YWJsZS1yc3BhY2U6MHB0OyB9CiAgICBpbWcgeyBib3JkZXI6MDtoZWlnaHQ6YXV0bztsaW5lLWhlaWdodDoxMDAlOyBvdXRsaW5lOm5vbmU7dGV4dC1kZWNvcmF0aW9uOm5vbmU7LW1zLWludGVycG9sYXRpb24tbW9kZTpiaWN1YmljOyB9CiAgICBwIHsgZGlzcGxheTpibG9jazttYXJnaW46MTNweCAwOyB9CiAgPC9zdHlsZT4KICA8IS0tW2lmIG1zb10+CiAgPHhtbD4KICAgIDxvOk9mZmljZURvY3VtZW50U2V0dGluZ3M+CiAgICAgIDxvOkFsbG93UE5HLz4KICAgICAgPG86UGl4ZWxzUGVySW5jaD45NjwvbzpQaXhlbHNQZXJJbmNoPgogICAgPC9vOk9mZmljZURvY3VtZW50U2V0dGluZ3M+CiAgPC94bWw+CiAgPCFbZW5kaWZdLS0+CiAgPCEtLVtpZiBsdGUgbXNvIDExXT4KICA8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgogICAgLm1qLW91dGxvb2stZ3JvdXAtZml4IHsgd2lkdGg6MTAwJSAhaW1wb3J0YW50OyB9CiAgPC9zdHlsZT4KICA8IVtlbmRpZl0tLT4KCgogIDxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CiAgICBAbWVkaWEgb25seSBzY3JlZW4gYW5kIChtaW4td2lkdGg6NDgwcHgpIHsKICAgICAgLm1qLWNvbHVtbi1wZXItMTAwIHsgd2lkdGg6MTAwJSAhaW1wb3J0YW50OyBtYXgtd2lkdGg6IDEwMCU7IH0KICAgICAgLm1qLWNvbHVtbi1wZXItNjAgeyB3aWR0aDo2MCUgIWltcG9ydGFudDsgbWF4LXdpZHRoOiA2MCU7IH0KICAgIH0KICA8L3N0eWxlPgoKCiAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KCgoKICAgIEBtZWRpYSBvbmx5IHNjcmVlbiBhbmQgKG1heC13aWR0aDo0ODBweCkgewogICAgICB0YWJsZS5tai1mdWxsLXdpZHRoLW1vYmlsZSB7IHdpZHRoOiAxMDAlICFpbXBvcnRhbnQ7IH0KICAgICAgdGQubWotZnVsbC13aWR0aC1tb2JpbGUgeyB3aWR0aDogYXV0byAhaW1wb3J0YW50OyB9CiAgICB9CgogIDwvc3R5bGU+CiAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4uc2hhZG93IGEgewogICAgYm94LXNoYWRvdzogMHB4IDNweCAxcHggLTJweCByZ2JhKDAsIDAsIDAsIDAuMiksIDBweCAycHggMnB4IDBweCByZ2JhKDAsIDAsIDAsIDAuMTQpLCAwcHggMXB4IDVweCAwcHggcmdiYSgwLCAwLCAwLCAwLjEyKTsKICB9PC9zdHlsZT4KCiAge3tpZiAuRm9udFVSTH19CiAgPHN0eWxlPgogICAgQGZvbnQtZmFjZSB7CiAgICAgIGZvbnQtZmFtaWx5OiAne3suRm9udEZhY2VGYW1pbHl9fSc7CiAgICAgIGZvbnQtc3R5bGU6IG5vcm1hbDsKICAgICAgZm9udC1kaXNwbGF5OiBzd2FwOwogICAgICBzcmM6IHVybCh7ey5Gb250VVJMfX0pOwogICAgfQogIDwvc3R5bGU+CiAge3tlbmR9fQoKPC9oZWFkPgo8Ym9keSBzdHlsZT0id29yZC1zcGFjaW5nOm5vcm1hbDsiPgoKCjxkaXYKICAgICAgICBzdHlsZT0iIgo+CgogIDx0YWJsZQogICAgICAgICAgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHJvbGU9InByZXNlbnRhdGlvbiIgc3R5bGU9ImJhY2tncm91bmQ6e3suQmFja2dyb3VuZENvbG9yfX07YmFja2dyb3VuZC1jb2xvcjp7ey5CYWNrZ3JvdW5kQ29sb3J9fTt3aWR0aDoxMDAlO2JvcmRlci1yYWRpdXM6MTZweDsiCiAgPgogICAgPHRib2R5PgogICAgPHRyPgogICAgICA8dGQ+CgoKICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48dGFibGUgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIGNsYXNzPSIiIHN0eWxlPSJ3aWR0aDo4MDBweDsiIHdpZHRoPSI4MDAiID48dHI+PHRkIHN0eWxlPSJsaW5lLWhlaWdodDowcHg7Zm9udC1zaXplOjBweDttc28tbGluZS1oZWlnaHQtcnVsZTpleGFjdGx5OyI+PCFbZW5kaWZdLS0+CgoKICAgICAgICA8ZGl2ICBzdHlsZT0ibWFyZ2luOjBweCBhdXRvO2JvcmRlci1yYWRpdXM6MTZweDttYXgtd2lkdGg6ODAwcHg7Ij4KCiAgICAgICAgICA8dGFibGUKICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHJvbGU9InByZXNlbnRhdGlvbiIgc3R5bGU9IndpZHRoOjEwMCU7Ym9yZGVyLXJhZGl1czoxNnB4OyIKICAgICAgICAgID4KICAgICAgICAgICAgPHRib2R5PgogICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgPHRkCiAgICAgICAgICAgICAgICAgICAgICBzdHlsZT0iZGlyZWN0aW9uOmx0cjtmb250LXNpemU6MHB4O3BhZGRpbmc6MjBweCAwO3BhZGRpbmctbGVmdDowO3RleHQtYWxpZ246Y2VudGVyOyIKICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+PHRyPjx0ZCBjbGFzcz0iIiB3aWR0aD0iODAwcHgiID48IVtlbmRpZl0tLT4KCiAgICAgICAgICAgICAgICA8dGFibGUKICAgICAgICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHJvbGU9InByZXNlbnRhdGlvbiIgc3R5bGU9IndpZHRoOjEwMCU7IgogICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICA8dGJvZHk+CiAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICA8dGQ+CgoKICAgICAgICAgICAgICAgICAgICAgIDwhLS1baWYgbXNvIHwgSUVdPjx0YWJsZSBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgY2xhc3M9IiIgc3R5bGU9IndpZHRoOjgwMHB4OyIgd2lkdGg9IjgwMCIgPjx0cj48dGQgc3R5bGU9ImxpbmUtaGVpZ2h0OjBweDtmb250LXNpemU6MHB4O21zby1saW5lLWhlaWdodC1ydWxlOmV4YWN0bHk7Ij48IVtlbmRpZl0tLT4KCgogICAgICAgICAgICAgICAgICAgICAgPGRpdiAgc3R5bGU9Im1hcmdpbjowcHggYXV0bzttYXgtd2lkdGg6ODAwcHg7Ij4KCiAgICAgICAgICAgICAgICAgICAgICAgIDx0YWJsZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFsaWduPSJjZW50ZXIiIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiByb2xlPSJwcmVzZW50YXRpb24iIHN0eWxlPSJ3aWR0aDoxMDAlOyIKICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4KICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3R5bGU9ImRpcmVjdGlvbjpsdHI7Zm9udC1zaXplOjBweDtwYWRkaW5nOjA7dGV4dC1hbGlnbjpjZW50ZXI7IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+PHRyPjx0ZCBjbGFzcz0iIiBzdHlsZT0id2lkdGg6ODAwcHg7IiA+PCFbZW5kaWZdLS0+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9Im1qLWNvbHVtbi1wZXItMTAwIG1qLW91dGxvb2stZ3JvdXAtZml4IiBzdHlsZT0iZm9udC1zaXplOjA7bGluZS1oZWlnaHQ6MDt0ZXh0LWFsaWduOmxlZnQ7ZGlzcGxheTppbmxpbmUtYmxvY2s7d2lkdGg6MTAwJTtkaXJlY3Rpb246bHRyOyIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwhLS1baWYgbXNvIHwgSUVdPjx0YWJsZSBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgcm9sZT0icHJlc2VudGF0aW9uIiA+PHRyPjx0ZCBzdHlsZT0idmVydGljYWwtYWxpZ246dG9wO3dpZHRoOjgwMHB4OyIgPjwhW2VuZGlmXS0tPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8ZGl2CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0ibWotY29sdW1uLXBlci0xMDAgbWotb3V0bG9vay1ncm91cC1maXgiIHN0eWxlPSJmb250LXNpemU6MHB4O3RleHQtYWxpZ246bGVmdDtkaXJlY3Rpb246bHRyO2Rpc3BsYXk6aW5saW5lLWJsb2NrO3ZlcnRpY2FsLWFsaWduOnRvcDt3aWR0aDoxMDAlOyIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRhYmxlCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiByb2xlPSJwcmVzZW50YXRpb24iIHdpZHRoPSIxMDAlIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGJvZHk+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgIHN0eWxlPSJ2ZXJ0aWNhbC1hbGlnbjp0b3A7cGFkZGluZzowOyI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB7e2lmIC5Mb2dvVVJMfX0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0YWJsZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgcm9sZT0icHJlc2VudGF0aW9uIiBzdHlsZT0iIiB3aWR0aD0iMTAwJSIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRib2R5PgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgc3R5bGU9ImZvbnQtc2l6ZTowcHg7cGFkZGluZzo1MHB4IDAgMzBweCAwO3dvcmQtYnJlYWs6YnJlYWstd29yZDsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0YWJsZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgcm9sZT0icHJlc2VudGF0aW9uIiBzdHlsZT0iYm9yZGVyLWNvbGxhcHNlOmNvbGxhcHNlO2JvcmRlci1zcGFjaW5nOjBweDsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCAgc3R5bGU9IndpZHRoOjE4MHB4OyI+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGltZwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBoZWlnaHQ9ImF1dG8iIHNyYz0ie3suTG9nb1VSTH19IiBzdHlsZT0iYm9yZGVyOjA7Ym9yZGVyLXJhZGl1czo4cHg7ZGlzcGxheTpibG9jaztvdXRsaW5lOm5vbmU7dGV4dC1kZWNvcmF0aW9uOm5vbmU7aGVpZ2h0OmF1dG87d2lkdGg6MTAwJTtmb250LXNpemU6MTNweDsiIHdpZHRoPSIxODAiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAvPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rib2R5PgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90YWJsZT4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAge3tlbmR9fQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPCEtLVtpZiBtc28gfCBJRV0+PC90ZD48L3RyPjwvdGFibGU+PCFbZW5kaWZdLS0+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPCEtLVtpZiBtc28gfCBJRV0+PC90ZD48L3RyPjwvdGFibGU+PCFbZW5kaWZdLS0+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90Ym9keT4KICAgICAgICAgICAgICAgICAgICAgICAgPC90YWJsZT4KCiAgICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KCgogICAgICAgICAgICAgICAgICAgICAgPCEtLVtpZiBtc28gfCBJRV0+PC90ZD48L3RyPjwvdGFibGU+PCFbZW5kaWZdLS0+CgoKICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICA8L3Rib2R5PgogICAgICAgICAgICAgICAgPC90YWJsZT4KCiAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iIiB3aWR0aD0iODAwcHgiID48IVtlbmRpZl0tLT4KCiAgICAgICAgICAgICAgICA8dGFibGUKICAgICAgICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHJvbGU9InByZXNlbnRhdGlvbiIgc3R5bGU9IndpZHRoOjEwMCU7IgogICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICA8dGJvZHk+CiAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICA8dGQ+CgoKICAgICAgICAgICAgICAgICAgICAgIDwhLS1baWYgbXNvIHwgSUVdPjx0YWJsZSBhbGlnbj0iY2VudGVyIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgY2xhc3M9IiIgc3R5bGU9IndpZHRoOjgwMHB4OyIgd2lkdGg9IjgwMCIgPjx0cj48dGQgc3R5bGU9ImxpbmUtaGVpZ2h0OjBweDtmb250LXNpemU6MHB4O21zby1saW5lLWhlaWdodC1ydWxlOmV4YWN0bHk7Ij48IVtlbmRpZl0tLT4KCgogICAgICAgICAgICAgICAgICAgICAgPGRpdiAgc3R5bGU9Im1hcmdpbjowcHggYXV0bzttYXgtd2lkdGg6ODAwcHg7Ij4KCiAgICAgICAgICAgICAgICAgICAgICAgIDx0YWJsZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFsaWduPSJjZW50ZXIiIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiByb2xlPSJwcmVzZW50YXRpb24iIHN0eWxlPSJ3aWR0aDoxMDAlOyIKICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgIDx0Ym9keT4KICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3R5bGU9ImRpcmVjdGlvbjpsdHI7Zm9udC1zaXplOjBweDtwYWRkaW5nOjA7dGV4dC1hbGlnbjpjZW50ZXI7IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+PHRyPjx0ZCBjbGFzcz0iIiBzdHlsZT0idmVydGljYWwtYWxpZ246dG9wO3dpZHRoOjQ4MHB4OyIgPjwhW2VuZGlmXS0tPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNsYXNzPSJtai1jb2x1bW4tcGVyLTYwIG1qLW91dGxvb2stZ3JvdXAtZml4IiBzdHlsZT0iZm9udC1zaXplOjBweDt0ZXh0LWFsaWduOmxlZnQ7ZGlyZWN0aW9uOmx0cjtkaXNwbGF5OmlubGluZS1ibG9jazt2ZXJ0aWNhbC1hbGlnbjp0b3A7d2lkdGg6MTAwJTsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRhYmxlCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgcm9sZT0icHJlc2VudGF0aW9uIiB3aWR0aD0iMTAwJSIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGJvZHk+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCAgc3R5bGU9InZlcnRpY2FsLWFsaWduOnRvcDtwYWRkaW5nOjA7Ij4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRhYmxlCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgcm9sZT0icHJlc2VudGF0aW9uIiBzdHlsZT0iIiB3aWR0aD0iMTAwJSIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGJvZHk+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhbGlnbj0iY2VudGVyIiBzdHlsZT0iZm9udC1zaXplOjBweDtwYWRkaW5nOjEwcHggMjVweDt3b3JkLWJyZWFrOmJyZWFrLXdvcmQ7IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN0eWxlPSJmb250LWZhbWlseTp7ey5Gb250RmFtaWx5fX07Zm9udC1zaXplOjI0cHg7Zm9udC13ZWlnaHQ6NTAwO2xpbmUtaGVpZ2h0OjE7dGV4dC1hbGlnbjpjZW50ZXI7Y29sb3I6e3suRm9udENvbG9yfX07IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID57ey5HcmVldGluZ319PC9kaXY+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFsaWduPSJjZW50ZXIiIHN0eWxlPSJmb250LXNpemU6MHB4O3BhZGRpbmc6MTBweCAyNXB4O3dvcmQtYnJlYWs6YnJlYWstd29yZDsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3R5bGU9ImZvbnQtZmFtaWx5Ont7LkZvbnRGYW1pbHl9fTtmb250LXNpemU6MTZweDtmb250LXdlaWdodDpsaWdodDtsaW5lLWhlaWdodDoxLjU7dGV4dC1hbGlnbjpjZW50ZXI7Y29sb3I6e3suRm9udENvbG9yfX07IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID57ey5UZXh0fX08L2Rpdj4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPgoKCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFsaWduPSJjZW50ZXIiIHZlcnRpY2FsLWFsaWduPSJtaWRkbGUiIGNsYXNzPSJzaGFkb3ciIHN0eWxlPSJmb250LXNpemU6MHB4O3BhZGRpbmc6MTBweCAyNXB4O3dvcmQtYnJlYWs6YnJlYWstd29yZDsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRhYmxlCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgcm9sZT0icHJlc2VudGF0aW9uIiBzdHlsZT0iYm9yZGVyLWNvbGxhcHNlOnNlcGFyYXRlO2xpbmUtaGVpZ2h0OjEwMCU7IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgYmdjb2xvcj0ie3suUHJpbWFyeUNvbG9yfX0iIHJvbGU9InByZXNlbnRhdGlvbiIgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1yYWRpdXM6NnB4O2N1cnNvcjphdXRvO21zby1wYWRkaW5nLWFsdDoxMHB4IDI1cHg7YmFja2dyb3VuZDp7ey5QcmltYXJ5Q29sb3J9fTsiIHZhbGlnbj0ibWlkZGxlIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGEKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhyZWY9Int7LlVSTH19IiByZWw9Im5vb3BlbmVyIG5vcmVmZXJyZXIgbm90cmFjayIgc3R5bGU9ImRpc3BsYXk6aW5saW5lLWJsb2NrO2JhY2tncm91bmQ6e3suUHJpbWFyeUNvbG9yfX07Y29sb3I6I2ZmZmZmZjtmb250LWZhbWlseTp7ey5Gb250RmFtaWx5fX07Zm9udC1zaXplOjE0cHg7Zm9udC13ZWlnaHQ6NTAwO2xpbmUtaGVpZ2h0OjEyMCU7bWFyZ2luOjA7dGV4dC1kZWNvcmF0aW9uOm5vbmU7dGV4dC10cmFuc2Zvcm06bm9uZTtwYWRkaW5nOjEwcHggMjVweDttc28tcGFkZGluZy1hbHQ6MHB4O2JvcmRlci1yYWRpdXM6NnB4OyIgdGFyZ2V0PSJfYmxhbmsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAge3suQnV0dG9uVGV4dH19CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9hPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB7e2lmIC5JbmNsdWRlRm9vdGVyfX0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgc3R5bGU9ImZvbnQtc2l6ZTowcHg7cGFkZGluZzoxMHB4IDI1cHg7cGFkZGluZy10b3A6MjBweDtwYWRkaW5nLXJpZ2h0OjIwcHg7cGFkZGluZy1ib3R0b206MjBweDtwYWRkaW5nLWxlZnQ6MjBweDt3b3JkLWJyZWFrOmJyZWFrLXdvcmQ7IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzdHlsZT0iYm9yZGVyLXRvcDpzb2xpZCAycHggI2RiZGJkYjtmb250LXNpemU6MXB4O21hcmdpbjowcHggYXV0bzt3aWR0aDoxMDAlOyIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9wPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48dGFibGUgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHN0eWxlPSJib3JkZXItdG9wOnNvbGlkIDJweCAjZGJkYmRiO2ZvbnQtc2l6ZToxcHg7bWFyZ2luOjBweCBhdXRvO3dpZHRoOjQ0MHB4OyIgcm9sZT0icHJlc2VudGF0aW9uIiB3aWR0aD0iNDQwcHgiID48dHI+PHRkIHN0eWxlPSJoZWlnaHQ6MDtsaW5lLWhlaWdodDowOyI+ICZuYnNwOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+PC90cj48L3RhYmxlPjwhW2VuZGlmXS0tPgoKCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRkCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgc3R5bGU9ImZvbnQtc2l6ZTowcHg7cGFkZGluZzoxNnB4O3dvcmQtYnJlYWs6YnJlYWstd29yZDsiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGRpdgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3R5bGU9ImZvbnQtZmFtaWx5Ont7LkZvbnRGYW1pbHl9fTtmb250LXNpemU6MTNweDtsaW5lLWhlaWdodDoxO3RleHQtYWxpZ246Y2VudGVyO2NvbG9yOnt7LkZvbnRDb2xvcn19OyIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+e3suRm9vdGVyVGV4dH19PC9kaXY+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHt7ZW5kfX0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGJvZHk+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90YWJsZT4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90Ym9keT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPgoKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kaXY+CgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48L3RkPjwvdHI+PC90YWJsZT48IVtlbmRpZl0tLT4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rib2R5PgogICAgICAgICAgICAgICAgICAgICAgICA8L3RhYmxlPgoKICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgoKCiAgICAgICAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48L3RkPjwvdHI+PC90YWJsZT48IVtlbmRpZl0tLT4KCgogICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgIDwvdGJvZHk+CiAgICAgICAgICAgICAgICA8L3RhYmxlPgoKICAgICAgICAgICAgICAgIDwhLS1baWYgbXNvIHwgSUVdPjwvdGQ+PC90cj48L3RhYmxlPjwhW2VuZGlmXS0tPgogICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgIDwvdGJvZHk+CiAgICAgICAgICA8L3RhYmxlPgoKICAgICAgICA8L2Rpdj4KCgogICAgICAgIDwhLS1baWYgbXNvIHwgSUVdPjwvdGQ+PC90cj48L3RhYmxlPjwhW2VuZGlmXS0tPgoKCiAgICAgIDwvdGQ+CiAgICA8L3RyPgogICAgPC90Ym9keT4KICA8L3RhYmxlPgoKPC9kaXY+Cgo8L2JvZHk+CjwvaHRtbD4K # ZITADEL_DEFAULTINSTANCE_EMAILTEMPLATE
 
   # WebKeys configures the OIDC token signing keys that are generated when a new instance is created.
-  # WebKeys are still in alpha, so the config is disabled here. This will prevent generation of keys for now.
-  # WebKeys:
-  #  Type: "rsa" # ZITADEL_DEFAULTINSTANCE_WEBKEYS_TYPE
-  #  Config:
-  #    Bits: "2048" # ZITADEL_DEFAULTINSTANCE_WEBKEYS_CONFIG_BITS
-  #    Hasher: "sha256" # ZITADEL_DEFAULTINSTANCE_WEBKEYS_CONFIG_HASHER
+  WebKeys:
+    Type: "rsa" # ZITADEL_DEFAULTINSTANCE_WEBKEYS_TYPE
+    Config:
+     RSABits: "2048" # ZITADEL_DEFAULTINSTANCE_WEBKEYS_CONFIG_BITS
+     RSAHasher: "sha256" # ZITADEL_DEFAULTINSTANCE_WEBKEYS_CONFIG_HASHER
   # WebKeys:
   #  Type: "ecdsa"
   #  Config:
-  #    Curve: "P256" # ZITADEL_DEFAULTINSTANCE_WEBKEYS_CONFIG_CURVE
+  #    EllipticCurve: "P256" # ZITADEL_DEFAULTINSTANCE_WEBKEYS_CONFIG_CURVE
 
   # Sets the default values for lifetime and expiration for OIDC in each newly created instance
   # This default can be overwritten for each instance during runtime
@@ -1101,7 +1100,25 @@ DefaultInstance:
     LoginDefaultOrg: true # ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINDEFAULTORG
     # TriggerIntrospectionProjections: false # ZITADEL_DEFAULTINSTANCE_FEATURES_TRIGGERINTROSPECTIONPROJECTIONS
     # LegacyIntrospection: false # ZITADEL_DEFAULTINSTANCE_FEATURES_LEGACYINTROSPECTION
+    # UserSchema: false # ZITADEL_DEFAULTINSTANCE_FEATURES_USERSCHEMA
+    # TokenExchange: false # ZITADEL_DEFAULTINSTANCE_FEATURES_TOKENEXCHANGE
+    # ImprovedPerformance: # ZITADEL_DEFAULTINSTANCE_FEATURES_IMPROVEDPERFORMANCE
+    #   - OrgByID
+    #   - ProjectGrant
+    #   - Project
+    #   - UserGrant
+    #   - OrgDomainVerified
+    # WebKey: false # ZITADEL_DEFAULTINSTANCE_FEATURES_WEBKEY
+    # DebugOIDCParentError: false # ZITADEL_DEFAULTINSTANCE_FEATURES_DEBUGOIDCPARENTERROR
+    # OIDCSingleV1SessionTermination: false # ZITADEL_DEFAULTINSTANCE_FEATURES_OIDCSINGLEV1SESSIONTERMINATION
+    # DisableUserTokenEvent: false # ZITADEL_DEFAULTINSTANCE_FEATURES_DISABLEUSERTOKENEVENT
+    # EnableBackChannelLogout: false # ZITADEL_DEFAULTINSTANCE_FEATURES_ENABLEBACKCHANNELLOGOUT
+    # LoginV2:
+    #  Required: false # ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED
+    #  BaseURI: "" # ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_BASEURI
     # PermissionCheckV2: false # ZITADEL_DEFAULTINSTANCE_FEATURES_PERMISSIONCHECKV2
+    # ConsoleUseV2UserApi: false # ZITADEL_DEFAULTINSTANCE_FEATURES_CONSOLEUSEV2USERAPI
+
   Limits:
     # AuditLogRetention limits the number of events that can be queried via the events API by their age.
     # A value of "0s" means that all events are available.
diff --git a/internal/api/grpc/feature/v2/converter.go b/internal/api/grpc/feature/v2/converter.go
index baa45c6c6e..e146ac2db6 100644
--- a/internal/api/grpc/feature/v2/converter.go
+++ b/internal/api/grpc/feature/v2/converter.go
@@ -172,7 +172,7 @@ func improvedPerformanceTypesToPb(types []feature.ImprovedPerformanceType) []fea
 
 func improvedPerformanceTypeToPb(typ feature.ImprovedPerformanceType) feature_pb.ImprovedPerformance {
 	switch typ {
-	case feature.ImprovedPerformanceTypeUnknown:
+	case feature.ImprovedPerformanceTypeUnspecified:
 		return feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_UNSPECIFIED
 	case feature.ImprovedPerformanceTypeOrgByID:
 		return feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_ORG_BY_ID
@@ -205,7 +205,7 @@ func improvedPerformanceListToDomain(list []feature_pb.ImprovedPerformance) []fe
 func improvedPerformanceToDomain(typ feature_pb.ImprovedPerformance) feature.ImprovedPerformanceType {
 	switch typ {
 	case feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_UNSPECIFIED:
-		return feature.ImprovedPerformanceTypeUnknown
+		return feature.ImprovedPerformanceTypeUnspecified
 	case feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_ORG_BY_ID:
 		return feature.ImprovedPerformanceTypeOrgByID
 	case feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_PROJECT_GRANT:
@@ -217,6 +217,6 @@ func improvedPerformanceToDomain(typ feature_pb.ImprovedPerformance) feature.Imp
 	case feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_ORG_DOMAIN_VERIFIED:
 		return feature.ImprovedPerformanceTypeOrgDomainVerified
 	default:
-		return feature.ImprovedPerformanceTypeUnknown
+		return feature.ImprovedPerformanceTypeUnspecified
 	}
 }
diff --git a/internal/api/grpc/feature/v2beta/converter.go b/internal/api/grpc/feature/v2beta/converter.go
index bbb375716e..9739e1c4c8 100644
--- a/internal/api/grpc/feature/v2beta/converter.go
+++ b/internal/api/grpc/feature/v2beta/converter.go
@@ -109,7 +109,7 @@ func improvedPerformanceTypesToPb(types []feature.ImprovedPerformanceType) []fea
 
 func improvedPerformanceTypeToPb(typ feature.ImprovedPerformanceType) feature_pb.ImprovedPerformance {
 	switch typ {
-	case feature.ImprovedPerformanceTypeUnknown:
+	case feature.ImprovedPerformanceTypeUnspecified:
 		return feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_UNSPECIFIED
 	case feature.ImprovedPerformanceTypeOrgByID:
 		return feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_ORG_BY_ID
@@ -142,7 +142,7 @@ func improvedPerformanceListToDomain(list []feature_pb.ImprovedPerformance) []fe
 func improvedPerformanceToDomain(typ feature_pb.ImprovedPerformance) feature.ImprovedPerformanceType {
 	switch typ {
 	case feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_UNSPECIFIED:
-		return feature.ImprovedPerformanceTypeUnknown
+		return feature.ImprovedPerformanceTypeUnspecified
 	case feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_ORG_BY_ID:
 		return feature.ImprovedPerformanceTypeOrgByID
 	case feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_PROJECT_GRANT:
@@ -154,6 +154,6 @@ func improvedPerformanceToDomain(typ feature_pb.ImprovedPerformance) feature.Imp
 	case feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_ORG_DOMAIN_VERIFIED:
 		return feature.ImprovedPerformanceTypeOrgDomainVerified
 	default:
-		return feature.ImprovedPerformanceTypeUnknown
+		return feature.ImprovedPerformanceTypeUnspecified
 	}
 }
diff --git a/internal/feature/feature.go b/internal/feature/feature.go
index 389b750483..f500b80eb3 100644
--- a/internal/feature/feature.go
+++ b/internal/feature/feature.go
@@ -57,10 +57,11 @@ type Features struct {
 	ConsoleUseV2UserApi             bool                      `json:"console_use_v2_user_api,omitempty"`
 }
 
+//go:generate enumer -type ImprovedPerformanceType -trimprefix ImprovedPerformanceType -text
 type ImprovedPerformanceType int32
 
 const (
-	ImprovedPerformanceTypeUnknown = iota
+	ImprovedPerformanceTypeUnspecified ImprovedPerformanceType = iota
 	ImprovedPerformanceTypeOrgByID
 	ImprovedPerformanceTypeProjectGrant
 	ImprovedPerformanceTypeProject
diff --git a/internal/feature/improvedperformancetype_enumer.go b/internal/feature/improvedperformancetype_enumer.go
new file mode 100644
index 0000000000..a12673c205
--- /dev/null
+++ b/internal/feature/improvedperformancetype_enumer.go
@@ -0,0 +1,106 @@
+// Code generated by "enumer -type ImprovedPerformanceType -trimprefix ImprovedPerformanceType -text"; DO NOT EDIT.
+
+package feature
+
+import (
+	"fmt"
+	"strings"
+)
+
+const _ImprovedPerformanceTypeName = "UnspecifiedOrgByIDProjectGrantProjectUserGrantOrgDomainVerified"
+
+var _ImprovedPerformanceTypeIndex = [...]uint8{0, 11, 18, 30, 37, 46, 63}
+
+const _ImprovedPerformanceTypeLowerName = "unspecifiedorgbyidprojectgrantprojectusergrantorgdomainverified"
+
+func (i ImprovedPerformanceType) String() string {
+	if i < 0 || i >= ImprovedPerformanceType(len(_ImprovedPerformanceTypeIndex)-1) {
+		return fmt.Sprintf("ImprovedPerformanceType(%d)", i)
+	}
+	return _ImprovedPerformanceTypeName[_ImprovedPerformanceTypeIndex[i]:_ImprovedPerformanceTypeIndex[i+1]]
+}
+
+// An "invalid array index" compiler error signifies that the constant values have changed.
+// Re-run the stringer command to generate them again.
+func _ImprovedPerformanceTypeNoOp() {
+	var x [1]struct{}
+	_ = x[ImprovedPerformanceTypeUnspecified-(0)]
+	_ = x[ImprovedPerformanceTypeOrgByID-(1)]
+	_ = x[ImprovedPerformanceTypeProjectGrant-(2)]
+	_ = x[ImprovedPerformanceTypeProject-(3)]
+	_ = x[ImprovedPerformanceTypeUserGrant-(4)]
+	_ = x[ImprovedPerformanceTypeOrgDomainVerified-(5)]
+}
+
+var _ImprovedPerformanceTypeValues = []ImprovedPerformanceType{ImprovedPerformanceTypeUnspecified, ImprovedPerformanceTypeOrgByID, ImprovedPerformanceTypeProjectGrant, ImprovedPerformanceTypeProject, ImprovedPerformanceTypeUserGrant, ImprovedPerformanceTypeOrgDomainVerified}
+
+var _ImprovedPerformanceTypeNameToValueMap = map[string]ImprovedPerformanceType{
+	_ImprovedPerformanceTypeName[0:11]:       ImprovedPerformanceTypeUnspecified,
+	_ImprovedPerformanceTypeLowerName[0:11]:  ImprovedPerformanceTypeUnspecified,
+	_ImprovedPerformanceTypeName[11:18]:      ImprovedPerformanceTypeOrgByID,
+	_ImprovedPerformanceTypeLowerName[11:18]: ImprovedPerformanceTypeOrgByID,
+	_ImprovedPerformanceTypeName[18:30]:      ImprovedPerformanceTypeProjectGrant,
+	_ImprovedPerformanceTypeLowerName[18:30]: ImprovedPerformanceTypeProjectGrant,
+	_ImprovedPerformanceTypeName[30:37]:      ImprovedPerformanceTypeProject,
+	_ImprovedPerformanceTypeLowerName[30:37]: ImprovedPerformanceTypeProject,
+	_ImprovedPerformanceTypeName[37:46]:      ImprovedPerformanceTypeUserGrant,
+	_ImprovedPerformanceTypeLowerName[37:46]: ImprovedPerformanceTypeUserGrant,
+	_ImprovedPerformanceTypeName[46:63]:      ImprovedPerformanceTypeOrgDomainVerified,
+	_ImprovedPerformanceTypeLowerName[46:63]: ImprovedPerformanceTypeOrgDomainVerified,
+}
+
+var _ImprovedPerformanceTypeNames = []string{
+	_ImprovedPerformanceTypeName[0:11],
+	_ImprovedPerformanceTypeName[11:18],
+	_ImprovedPerformanceTypeName[18:30],
+	_ImprovedPerformanceTypeName[30:37],
+	_ImprovedPerformanceTypeName[37:46],
+	_ImprovedPerformanceTypeName[46:63],
+}
+
+// ImprovedPerformanceTypeString retrieves an enum value from the enum constants string name.
+// Throws an error if the param is not part of the enum.
+func ImprovedPerformanceTypeString(s string) (ImprovedPerformanceType, error) {
+	if val, ok := _ImprovedPerformanceTypeNameToValueMap[s]; ok {
+		return val, nil
+	}
+
+	if val, ok := _ImprovedPerformanceTypeNameToValueMap[strings.ToLower(s)]; ok {
+		return val, nil
+	}
+	return 0, fmt.Errorf("%s does not belong to ImprovedPerformanceType values", s)
+}
+
+// ImprovedPerformanceTypeValues returns all values of the enum
+func ImprovedPerformanceTypeValues() []ImprovedPerformanceType {
+	return _ImprovedPerformanceTypeValues
+}
+
+// ImprovedPerformanceTypeStrings returns a slice of all String values of the enum
+func ImprovedPerformanceTypeStrings() []string {
+	strs := make([]string, len(_ImprovedPerformanceTypeNames))
+	copy(strs, _ImprovedPerformanceTypeNames)
+	return strs
+}
+
+// IsAImprovedPerformanceType returns "true" if the value is listed in the enum definition. "false" otherwise
+func (i ImprovedPerformanceType) IsAImprovedPerformanceType() bool {
+	for _, v := range _ImprovedPerformanceTypeValues {
+		if i == v {
+			return true
+		}
+	}
+	return false
+}
+
+// MarshalText implements the encoding.TextMarshaler interface for ImprovedPerformanceType
+func (i ImprovedPerformanceType) MarshalText() ([]byte, error) {
+	return []byte(i.String()), nil
+}
+
+// UnmarshalText implements the encoding.TextUnmarshaler interface for ImprovedPerformanceType
+func (i *ImprovedPerformanceType) UnmarshalText(text []byte) error {
+	var err error
+	*i, err = ImprovedPerformanceTypeString(string(text))
+	return err
+}
diff --git a/internal/feature/key_enumer.go b/internal/feature/key_enumer.go
index 6466061718..a47b3eb4d9 100644
--- a/internal/feature/key_enumer.go
+++ b/internal/feature/key_enumer.go
@@ -7,11 +7,11 @@ import (
 	"strings"
 )
 
-const _KeyName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schematoken_exchangeactionsimproved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2permission_check_v2console_use_v2_user_api"
+const _KeyName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schematoken_exchangeactions_deprecatedimproved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2permission_check_v2console_use_v2_user_api"
 
-var _KeyIndex = [...]uint16{0, 11, 28, 61, 81, 92, 106, 113, 133, 140, 163, 197, 221, 247, 255, 274, 297}
+var _KeyIndex = [...]uint16{0, 11, 28, 61, 81, 92, 106, 124, 144, 151, 174, 208, 232, 258, 266, 285, 308}
 
-const _KeyLowerName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schematoken_exchangeactionsimproved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2permission_check_v2console_use_v2_user_api"
+const _KeyLowerName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schematoken_exchangeactions_deprecatedimproved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2permission_check_v2console_use_v2_user_api"
 
 func (i Key) String() string {
 	if i < 0 || i >= Key(len(_KeyIndex)-1) {
@@ -57,26 +57,26 @@ var _KeyNameToValueMap = map[string]Key{
 	_KeyLowerName[81:92]:   KeyUserSchema,
 	_KeyName[92:106]:       KeyTokenExchange,
 	_KeyLowerName[92:106]:  KeyTokenExchange,
-	_KeyName[106:113]:      KeyActionsDeprecated,
-	_KeyLowerName[106:113]: KeyActionsDeprecated,
-	_KeyName[113:133]:      KeyImprovedPerformance,
-	_KeyLowerName[113:133]: KeyImprovedPerformance,
-	_KeyName[133:140]:      KeyWebKey,
-	_KeyLowerName[133:140]: KeyWebKey,
-	_KeyName[140:163]:      KeyDebugOIDCParentError,
-	_KeyLowerName[140:163]: KeyDebugOIDCParentError,
-	_KeyName[163:197]:      KeyOIDCSingleV1SessionTermination,
-	_KeyLowerName[163:197]: KeyOIDCSingleV1SessionTermination,
-	_KeyName[197:221]:      KeyDisableUserTokenEvent,
-	_KeyLowerName[197:221]: KeyDisableUserTokenEvent,
-	_KeyName[221:247]:      KeyEnableBackChannelLogout,
-	_KeyLowerName[221:247]: KeyEnableBackChannelLogout,
-	_KeyName[247:255]:      KeyLoginV2,
-	_KeyLowerName[247:255]: KeyLoginV2,
-	_KeyName[255:274]:      KeyPermissionCheckV2,
-	_KeyLowerName[255:274]: KeyPermissionCheckV2,
-	_KeyName[274:297]:      KeyConsoleUseV2UserApi,
-	_KeyLowerName[274:297]: KeyConsoleUseV2UserApi,
+	_KeyName[106:124]:      KeyActionsDeprecated,
+	_KeyLowerName[106:124]: KeyActionsDeprecated,
+	_KeyName[124:144]:      KeyImprovedPerformance,
+	_KeyLowerName[124:144]: KeyImprovedPerformance,
+	_KeyName[144:151]:      KeyWebKey,
+	_KeyLowerName[144:151]: KeyWebKey,
+	_KeyName[151:174]:      KeyDebugOIDCParentError,
+	_KeyLowerName[151:174]: KeyDebugOIDCParentError,
+	_KeyName[174:208]:      KeyOIDCSingleV1SessionTermination,
+	_KeyLowerName[174:208]: KeyOIDCSingleV1SessionTermination,
+	_KeyName[208:232]:      KeyDisableUserTokenEvent,
+	_KeyLowerName[208:232]: KeyDisableUserTokenEvent,
+	_KeyName[232:258]:      KeyEnableBackChannelLogout,
+	_KeyLowerName[232:258]: KeyEnableBackChannelLogout,
+	_KeyName[258:266]:      KeyLoginV2,
+	_KeyLowerName[258:266]: KeyLoginV2,
+	_KeyName[266:285]:      KeyPermissionCheckV2,
+	_KeyLowerName[266:285]: KeyPermissionCheckV2,
+	_KeyName[285:308]:      KeyConsoleUseV2UserApi,
+	_KeyLowerName[285:308]: KeyConsoleUseV2UserApi,
 }
 
 var _KeyNames = []string{
@@ -86,16 +86,16 @@ var _KeyNames = []string{
 	_KeyName[61:81],
 	_KeyName[81:92],
 	_KeyName[92:106],
-	_KeyName[106:113],
-	_KeyName[113:133],
-	_KeyName[133:140],
-	_KeyName[140:163],
-	_KeyName[163:197],
-	_KeyName[197:221],
-	_KeyName[221:247],
-	_KeyName[247:255],
-	_KeyName[255:274],
-	_KeyName[274:297],
+	_KeyName[106:124],
+	_KeyName[124:144],
+	_KeyName[144:151],
+	_KeyName[151:174],
+	_KeyName[174:208],
+	_KeyName[208:232],
+	_KeyName[232:258],
+	_KeyName[258:266],
+	_KeyName[266:285],
+	_KeyName[285:308],
 }
 
 // KeyString retrieves an enum value from the enum constants string name.

From 181186e477f7ae1779cf2b4429f25e00b9712e98 Mon Sep 17 00:00:00 2001
From: Silvan <27845747+adlerhurst@users.noreply.github.com>
Date: Tue, 29 Apr 2025 17:29:16 +0200
Subject: [PATCH 028/123] fix(mirror): add max auth request age configuration
 (#9812)

# Which Problems Are Solved

The `auth.auth_requests` table is not cleaned up so long running Zitadel
installations can contain many rows.

The mirror command can take long because a the data are first copied
into memory (or disk) on cockroach and users do not get any output from
mirror. This is unfortunate because people don't know if Zitadel got
stuck.

# How the Problems Are Solved

Enhance logging throughout the projection processes and introduce a
configuration option for the maximum age of authentication requests.

# Additional Changes

None

# Additional Context

closes https://github.com/zitadel/zitadel/issues/9764

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 cmd/mirror/auth.go                            | 15 ++-
 cmd/mirror/config.go                          |  3 +-
 cmd/mirror/defaults.yaml                      | 97 ++++++++++---------
 cmd/mirror/event_store.go                     |  5 +
 cmd/mirror/projections.go                     | 10 +-
 cmd/mirror/system.go                          | 14 +--
 docs/docs/self-hosting/manage/cli/mirror.mdx  |  3 +
 .../eventsourcing/handler/handler.go          |  8 +-
 .../eventsourcing/handler/handler.go          |  8 +-
 internal/notification/projections.go          |  8 +-
 internal/query/projection/projection.go       | 12 ++-
 11 files changed, 116 insertions(+), 67 deletions(-)

diff --git a/cmd/mirror/auth.go b/cmd/mirror/auth.go
index 0eba10d05f..3d7ae45bce 100644
--- a/cmd/mirror/auth.go
+++ b/cmd/mirror/auth.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	_ "embed"
 	"io"
+	"strconv"
 	"time"
 
 	"github.com/jackc/pgx/v5/stdlib"
@@ -41,12 +42,16 @@ func copyAuth(ctx context.Context, config *Migration) {
 	logging.OnError(err).Fatal("unable to connect to destination database")
 	defer destClient.Close()
 
-	copyAuthRequests(ctx, sourceClient, destClient)
+	copyAuthRequests(ctx, sourceClient, destClient, config.MaxAuthRequestAge)
 }
 
-func copyAuthRequests(ctx context.Context, source, dest *database.DB) {
+func copyAuthRequests(ctx context.Context, source, dest *database.DB, maxAuthRequestAge time.Duration) {
 	start := time.Now()
 
+	logging.Info("creating index on auth.auth_requests.change_date to speed up copy in source database")
+	_, err := source.ExecContext(ctx, "CREATE INDEX CONCURRENTLY IF NOT EXISTS auth_requests_change_date ON auth.auth_requests (change_date)")
+	logging.OnError(err).Fatal("unable to create index on auth.auth_requests.change_date")
+
 	sourceConn, err := source.Conn(ctx)
 	logging.OnError(err).Fatal("unable to acquire connection")
 	defer sourceConn.Close()
@@ -55,9 +60,9 @@ func copyAuthRequests(ctx context.Context, source, dest *database.DB) {
 	errs := make(chan error, 1)
 
 	go func() {
-		err = sourceConn.Raw(func(driverConn interface{}) error {
+		err = sourceConn.Raw(func(driverConn any) error {
 			conn := driverConn.(*stdlib.Conn).Conn()
-			_, err := conn.PgConn().CopyTo(ctx, w, "COPY (SELECT id, regexp_replace(request::TEXT, '\\\\u0000', '', 'g')::JSON request, code, request_type, creation_date, change_date, instance_id FROM auth.auth_requests "+instanceClause()+") TO STDOUT")
+			_, err := conn.PgConn().CopyTo(ctx, w, "COPY (SELECT id, regexp_replace(request::TEXT, '\\\\u0000', '', 'g')::JSON request, code, request_type, creation_date, change_date, instance_id FROM auth.auth_requests "+instanceClause()+" AND change_date > NOW() - INTERVAL '"+strconv.FormatFloat(maxAuthRequestAge.Seconds(), 'f', -1, 64)+" seconds') TO STDOUT")
 			w.Close()
 			return err
 		})
@@ -69,7 +74,7 @@ func copyAuthRequests(ctx context.Context, source, dest *database.DB) {
 	defer destConn.Close()
 
 	var affected int64
-	err = destConn.Raw(func(driverConn interface{}) error {
+	err = destConn.Raw(func(driverConn any) error {
 		conn := driverConn.(*stdlib.Conn).Conn()
 
 		if shouldReplace {
diff --git a/cmd/mirror/config.go b/cmd/mirror/config.go
index 9d0113a1d7..5bb19f12de 100644
--- a/cmd/mirror/config.go
+++ b/cmd/mirror/config.go
@@ -23,7 +23,8 @@ type Migration struct {
 	Source      database.Config
 	Destination database.Config
 
-	EventBulkSize uint32
+	EventBulkSize     uint32
+	MaxAuthRequestAge time.Duration
 
 	Log     *logging.Config
 	Machine *id.Config
diff --git a/cmd/mirror/defaults.yaml b/cmd/mirror/defaults.yaml
index 4b42c06534..4d8a0a4eae 100644
--- a/cmd/mirror/defaults.yaml
+++ b/cmd/mirror/defaults.yaml
@@ -1,61 +1,64 @@
 Source:
   cockroach:
-    Host: localhost # ZITADEL_DATABASE_COCKROACH_HOST
-    Port: 26257 # ZITADEL_DATABASE_COCKROACH_PORT
-    Database: zitadel # ZITADEL_DATABASE_COCKROACH_DATABASE
-    MaxOpenConns: 6 # ZITADEL_DATABASE_COCKROACH_MAXOPENCONNS
-    MaxIdleConns: 6 # ZITADEL_DATABASE_COCKROACH_MAXIDLECONNS
-    MaxConnLifetime: 30m # ZITADEL_DATABASE_COCKROACH_MAXCONNLIFETIME
-    MaxConnIdleTime: 5m # ZITADEL_DATABASE_COCKROACH_MAXCONNIDLETIME
-    Options: "" # ZITADEL_DATABASE_COCKROACH_OPTIONS
+    Host: localhost # ZITADEL_SOURCE_COCKROACH_HOST
+    Port: 26257 # ZITADEL_SOURCE_COCKROACH_PORT
+    Database: zitadel # ZITADEL_SOURCE_COCKROACH_DATABASE
+    MaxOpenConns: 6 # ZITADEL_SOURCE_COCKROACH_MAXOPENCONNS
+    MaxIdleConns: 6 # ZITADEL_SOURCE_COCKROACH_MAXIDLECONNS
+    MaxConnLifetime: 30m # ZITADEL_SOURCE_COCKROACH_MAXCONNLIFETIME
+    MaxConnIdleTime: 5m # ZITADEL_SOURCE_COCKROACH_MAXCONNIDLETIME
+    Options: "" # ZITADEL_SOURCE_COCKROACH_OPTIONS
     User:
-      Username: zitadel # ZITADEL_DATABASE_COCKROACH_USER_USERNAME
-      Password: "" # ZITADEL_DATABASE_COCKROACH_USER_PASSWORD
+      Username: zitadel # ZITADEL_SOURCE_COCKROACH_USER_USERNAME
+      Password: "" # ZITADEL_SOURCE_COCKROACH_USER_PASSWORD
       SSL:
-        Mode: disable # ZITADEL_DATABASE_COCKROACH_USER_SSL_MODE
-        RootCert: "" # ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT
-        Cert: "" # ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT
-        Key: "" # ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY
+        Mode: disable # ZITADEL_SOURCE_COCKROACH_USER_SSL_MODE
+        RootCert: "" # ZITADEL_SOURCE_COCKROACH_USER_SSL_ROOTCERT
+        Cert: "" # ZITADEL_SOURCE_COCKROACH_USER_SSL_CERT
+        Key: "" # ZITADEL_SOURCE_COCKROACH_USER_SSL_KEY
   # Postgres is used as soon as a value is set
   # The values describe the possible fields to set values
   postgres:
-    Host: # ZITADEL_DATABASE_POSTGRES_HOST
-    Port: # ZITADEL_DATABASE_POSTGRES_PORT
-    Database: # ZITADEL_DATABASE_POSTGRES_DATABASE
-    MaxOpenConns: # ZITADEL_DATABASE_POSTGRES_MAXOPENCONNS
-    MaxIdleConns: # ZITADEL_DATABASE_POSTGRES_MAXIDLECONNS
-    MaxConnLifetime: # ZITADEL_DATABASE_POSTGRES_MAXCONNLIFETIME
-    MaxConnIdleTime: # ZITADEL_DATABASE_POSTGRES_MAXCONNIDLETIME
-    Options: # ZITADEL_DATABASE_POSTGRES_OPTIONS
+    Host: # ZITADEL_SOURCE_POSTGRES_HOST
+    Port: # ZITADEL_SOURCE_POSTGRES_PORT
+    Database: # ZITADEL_SOURCE_POSTGRES_DATABASE
+    MaxOpenConns: # ZITADEL_SOURCE_POSTGRES_MAXOPENCONNS
+    MaxIdleConns: # ZITADEL_SOURCE_POSTGRES_MAXIDLECONNS
+    MaxConnLifetime: # ZITADEL_SOURCE_POSTGRES_MAXCONNLIFETIME
+    MaxConnIdleTime: # ZITADEL_SOURCE_POSTGRES_MAXCONNIDLETIME
+    Options: # ZITADEL_SOURCE_POSTGRES_OPTIONS
     User:
-      Username: # ZITADEL_DATABASE_POSTGRES_USER_USERNAME
-      Password: # ZITADEL_DATABASE_POSTGRES_USER_PASSWORD
+      Username: # ZITADEL_SOURCE_POSTGRES_USER_USERNAME
+      Password: # ZITADEL_SOURCE_POSTGRES_USER_PASSWORD
       SSL:
-        Mode: # ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE
-        RootCert: # ZITADEL_DATABASE_POSTGRES_USER_SSL_ROOTCERT
-        Cert: # ZITADEL_DATABASE_POSTGRES_USER_SSL_CERT
-        Key: # ZITADEL_DATABASE_POSTGRES_USER_SSL_KEY
+        Mode: # ZITADEL_SOURCE_POSTGRES_USER_SSL_MODE
+        RootCert: # ZITADEL_SOURCE_POSTGRES_USER_SSL_ROOTCERT
+        Cert: # ZITADEL_SOURCE_POSTGRES_USER_SSL_CERT
+        Key: # ZITADEL_SOURCE_POSTGRES_USER_SSL_KEY
 
 Destination:
   postgres:
-    Host: localhost # ZITADEL_DATABASE_POSTGRES_HOST
-    Port: 5432 # ZITADEL_DATABASE_POSTGRES_PORT
-    Database: zitadel # ZITADEL_DATABASE_POSTGRES_DATABASE
-    MaxOpenConns: 5 # ZITADEL_DATABASE_POSTGRES_MAXOPENCONNS
-    MaxIdleConns: 2 # ZITADEL_DATABASE_POSTGRES_MAXIDLECONNS
-    MaxConnLifetime: 30m # ZITADEL_DATABASE_POSTGRES_MAXCONNLIFETIME
-    MaxConnIdleTime: 5m # ZITADEL_DATABASE_POSTGRES_MAXCONNIDLETIME
-    Options: "" # ZITADEL_DATABASE_POSTGRES_OPTIONS
+    Host: localhost # ZITADEL_DESTINATION_POSTGRES_HOST
+    Port: 5432 # ZITADEL_DESTINATION_POSTGRES_PORT
+    Database: zitadel # ZITADEL_DESTINATION_POSTGRES_DATABASE
+    MaxOpenConns: 5 # ZITADEL_DESTINATION_POSTGRES_MAXOPENCONNS
+    MaxIdleConns: 2 # ZITADEL_DESTINATION_POSTGRES_MAXIDLECONNS
+    MaxConnLifetime: 30m # ZITADEL_DESTINATION_POSTGRES_MAXCONNLIFETIME
+    MaxConnIdleTime: 5m # ZITADEL_DESTINATION_POSTGRES_MAXCONNIDLETIME
+    Options: "" # ZITADEL_DESTINATION_POSTGRES_OPTIONS
     User:
-      Username: zitadel # ZITADEL_DATABASE_POSTGRES_USER_USERNAME
-      Password: "" # ZITADEL_DATABASE_POSTGRES_USER_PASSWORD
+      Username: zitadel # ZITADEL_DESTINATION_POSTGRES_USER_USERNAME
+      Password: "" # ZITADEL_DESTINATION_POSTGRES_USER_PASSWORD
       SSL:
-        Mode: disable # ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE
-        RootCert: "" # ZITADEL_DATABASE_POSTGRES_USER_SSL_ROOTCERT
-        Cert: "" # ZITADEL_DATABASE_POSTGRES_USER_SSL_CERT
-        Key: "" # ZITADEL_DATABASE_POSTGRES_USER_SSL_KEY
+        Mode: disable # ZITADEL_DESTINATION_POSTGRES_USER_SSL_MODE
+        RootCert: "" # ZITADEL_DESTINATION_POSTGRES_USER_SSL_ROOTCERT
+        Cert: "" # ZITADEL_DESTINATION_POSTGRES_USER_SSL_CERT
+        Key: "" # ZITADEL_DESTINATION_POSTGRES_USER_SSL_KEY
 
-EventBulkSize: 10000
+EventBulkSize: 10000 # ZITADEL_EVENTBULKSIZE
+# The maximum duration an auth request was last updated before it gets ignored.
+# Default is 30 days
+MaxAuthRequestAge: 720h # ZITADEL_MAXAUTHREQUESTAGE
 
 Projections:
   # The maximum duration a transaction remains open 
@@ -64,14 +67,14 @@ Projections:
   TransactionDuration: 0s # ZITADEL_PROJECTIONS_TRANSACTIONDURATION
   # turn off scheduler during operation
   RequeueEvery: 0s
-  ConcurrentInstances: 7
-  EventBulkLimit: 1000
-  Customizations:
+  ConcurrentInstances: 7 # ZITADEL_PROJECTIONS_CONCURRENTINSTANCES
+  EventBulkLimit: 1000 # ZITADEL_PROJECTIONS_EVENTBULKLIMIT
+  Customizations: 
     notifications:
       MaxFailureCount: 1
 
 Eventstore:
-  MaxRetries: 3
+  MaxRetries: 3 # ZITADEL_EVENTSTORE_MAXRETRIES
 
 Auth:
   Spooler:
diff --git a/cmd/mirror/event_store.go b/cmd/mirror/event_store.go
index 8ce53b150a..41c529c025 100644
--- a/cmd/mirror/event_store.go
+++ b/cmd/mirror/event_store.go
@@ -69,6 +69,7 @@ func positionQuery(db *db.DB) string {
 }
 
 func copyEvents(ctx context.Context, source, dest *db.DB, bulkSize uint32) {
+	logging.Info("starting to copy events")
 	start := time.Now()
 	reader, writer := io.Pipe()
 
@@ -130,7 +131,10 @@ func copyEvents(ctx context.Context, source, dest *db.DB, bulkSize uint32) {
 				if err != nil {
 					return zerrors.ThrowUnknownf(err, "MIGRA-KTuSq", "unable to copy events from source during iteration %d", i)
 				}
+				logging.WithFields("batch_count", i).Info("batch of events copied")
+
 				if tag.RowsAffected() < int64(bulkSize) {
+					logging.WithFields("batch_count", i).Info("last batch of events copied")
 					return nil
 				}
 
@@ -202,6 +206,7 @@ func writeCopyEventsDone(ctx context.Context, es *eventstore.EventStore, id, sou
 }
 
 func copyUniqueConstraints(ctx context.Context, source, dest *db.DB) {
+	logging.Info("starting to copy unique constraints")
 	start := time.Now()
 	reader, writer := io.Pipe()
 	errs := make(chan error, 1)
diff --git a/cmd/mirror/projections.go b/cmd/mirror/projections.go
index 66b3fb1a26..4e12b29748 100644
--- a/cmd/mirror/projections.go
+++ b/cmd/mirror/projections.go
@@ -3,6 +3,7 @@ package mirror
 import (
 	"context"
 	"database/sql"
+	"fmt"
 	"net/http"
 	"sync"
 	"time"
@@ -104,6 +105,7 @@ func projections(
 	config *ProjectionsConfig,
 	masterKey string,
 ) {
+	logging.Info("starting to fill projections")
 	start := time.Now()
 
 	client, err := database.Connect(config.Destination, false)
@@ -255,8 +257,10 @@ func projections(
 		go execProjections(ctx, instances, failedInstances, &wg)
 	}
 
-	for _, instance := range queryInstanceIDs(ctx, client) {
+	existingInstances := queryInstanceIDs(ctx, client)
+	for i, instance := range existingInstances {
 		instances <- instance
+		logging.WithFields("id", instance, "index", fmt.Sprintf("%d/%d", i, len(existingInstances))).Info("instance queued for projection")
 	}
 	close(instances)
 	wg.Wait()
@@ -268,7 +272,7 @@ func projections(
 
 func execProjections(ctx context.Context, instances <-chan string, failedInstances chan<- string, wg *sync.WaitGroup) {
 	for instance := range instances {
-		logging.WithFields("instance", instance).Info("start projections")
+		logging.WithFields("instance", instance).Info("starting projections")
 		ctx = internal_authz.WithInstanceID(ctx, instance)
 
 		err := projection.ProjectInstance(ctx)
@@ -311,7 +315,7 @@ func execProjections(ctx context.Context, instances <-chan string, failedInstanc
 	wg.Done()
 }
 
-// returns the instance configured by flag
+// queryInstanceIDs returns the instance configured by flag
 // or all instances which are not removed
 func queryInstanceIDs(ctx context.Context, source *database.DB) []string {
 	if len(instanceIDs) > 0 {
diff --git a/cmd/mirror/system.go b/cmd/mirror/system.go
index 00b48eb491..57eb205436 100644
--- a/cmd/mirror/system.go
+++ b/cmd/mirror/system.go
@@ -46,6 +46,7 @@ func copySystem(ctx context.Context, config *Migration) {
 }
 
 func copyAssets(ctx context.Context, source, dest *database.DB) {
+	logging.Info("starting to copy assets")
 	start := time.Now()
 
 	sourceConn, err := source.Conn(ctx)
@@ -70,7 +71,7 @@ func copyAssets(ctx context.Context, source, dest *database.DB) {
 	logging.OnError(err).Fatal("unable to acquire dest connection")
 	defer destConn.Close()
 
-	var eventCount int64
+	var assetCount int64
 	err = destConn.Raw(func(driverConn interface{}) error {
 		conn := driverConn.(*stdlib.Conn).Conn()
 
@@ -82,16 +83,17 @@ func copyAssets(ctx context.Context, source, dest *database.DB) {
 		}
 
 		tag, err := conn.PgConn().CopyFrom(ctx, r, "COPY system.assets (instance_id, asset_type, resource_owner, name, content_type, data, updated_at) FROM stdin")
-		eventCount = tag.RowsAffected()
+		assetCount = tag.RowsAffected()
 
 		return err
 	})
 	logging.OnError(err).Fatal("unable to copy assets to destination")
 	logging.OnError(<-errs).Fatal("unable to copy assets from source")
-	logging.WithFields("took", time.Since(start), "count", eventCount).Info("assets migrated")
+	logging.WithFields("took", time.Since(start), "count", assetCount).Info("assets migrated")
 }
 
 func copyEncryptionKeys(ctx context.Context, source, dest *database.DB) {
+	logging.Info("starting to copy encryption keys")
 	start := time.Now()
 
 	sourceConn, err := source.Conn(ctx)
@@ -116,7 +118,7 @@ func copyEncryptionKeys(ctx context.Context, source, dest *database.DB) {
 	logging.OnError(err).Fatal("unable to acquire dest connection")
 	defer destConn.Close()
 
-	var eventCount int64
+	var keyCount int64
 	err = destConn.Raw(func(driverConn interface{}) error {
 		conn := driverConn.(*stdlib.Conn).Conn()
 
@@ -128,11 +130,11 @@ func copyEncryptionKeys(ctx context.Context, source, dest *database.DB) {
 		}
 
 		tag, err := conn.PgConn().CopyFrom(ctx, r, "COPY system.encryption_keys FROM stdin")
-		eventCount = tag.RowsAffected()
+		keyCount = tag.RowsAffected()
 
 		return err
 	})
 	logging.OnError(err).Fatal("unable to copy encryption keys to destination")
 	logging.OnError(<-errs).Fatal("unable to copy encryption keys from source")
-	logging.WithFields("took", time.Since(start), "count", eventCount).Info("encryption keys migrated")
+	logging.WithFields("took", time.Since(start), "count", keyCount).Info("encryption keys migrated")
 }
diff --git a/docs/docs/self-hosting/manage/cli/mirror.mdx b/docs/docs/self-hosting/manage/cli/mirror.mdx
index 45bac9b279..ae81800e39 100644
--- a/docs/docs/self-hosting/manage/cli/mirror.mdx
+++ b/docs/docs/self-hosting/manage/cli/mirror.mdx
@@ -158,6 +158,9 @@ Destination:
 
 # As cockroachdb first copies the data into memory this parameter is used to iterate through the events table and fetch only the given amount of events per iteration
 EventBulkSize: 10000 # ZITADEL_EVENTBULKSIZE
+# The maximum duration an auth request was last updated before it gets ignored.
+# Default is 30 days
+MaxAuthRequestAge: 720h # ZITADEL_MAXAUTHREQUESTAGE
 
 Projections:
   # Defines how many projections are allowed to run in parallel
diff --git a/internal/admin/repository/eventsourcing/handler/handler.go b/internal/admin/repository/eventsourcing/handler/handler.go
index ec268c25a1..76584b55b0 100644
--- a/internal/admin/repository/eventsourcing/handler/handler.go
+++ b/internal/admin/repository/eventsourcing/handler/handler.go
@@ -2,9 +2,13 @@ package handler
 
 import (
 	"context"
+	"fmt"
 	"time"
 
+	"github.com/zitadel/logging"
+
 	"github.com/zitadel/zitadel/internal/admin/repository/eventsourcing/view"
+	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/database"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
@@ -57,11 +61,13 @@ func Start(ctx context.Context) {
 }
 
 func ProjectInstance(ctx context.Context) error {
-	for _, projection := range projections {
+	for i, projection := range projections {
+		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("starting admin projection")
 		_, err := projection.Trigger(ctx)
 		if err != nil {
 			return err
 		}
+		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("admin projection done")
 	}
 	return nil
 }
diff --git a/internal/auth/repository/eventsourcing/handler/handler.go b/internal/auth/repository/eventsourcing/handler/handler.go
index 0d87ab06bb..74a27a8312 100644
--- a/internal/auth/repository/eventsourcing/handler/handler.go
+++ b/internal/auth/repository/eventsourcing/handler/handler.go
@@ -2,8 +2,12 @@ package handler
 
 import (
 	"context"
+	"fmt"
 	"time"
 
+	"github.com/zitadel/logging"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/view"
 	"github.com/zitadel/zitadel/internal/database"
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -72,11 +76,13 @@ func Projections() []*handler2.Handler {
 }
 
 func ProjectInstance(ctx context.Context) error {
-	for _, projection := range projections {
+	for i, projection := range projections {
+		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("starting auth projection")
 		_, err := projection.Trigger(ctx)
 		if err != nil {
 			return err
 		}
+		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("auth projection done")
 	}
 	return nil
 }
diff --git a/internal/notification/projections.go b/internal/notification/projections.go
index a2d4d4140e..9b6b975fa1 100644
--- a/internal/notification/projections.go
+++ b/internal/notification/projections.go
@@ -2,8 +2,12 @@ package notification
 
 import (
 	"context"
+	"fmt"
 	"time"
 
+	"github.com/zitadel/logging"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -68,11 +72,13 @@ func Start(ctx context.Context) {
 }
 
 func ProjectInstance(ctx context.Context) error {
-	for _, projection := range projections {
+	for i, projection := range projections {
+		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("starting notification projection")
 		_, err := projection.Trigger(ctx)
 		if err != nil {
 			return err
 		}
+		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("notification projection done")
 	}
 	return nil
 }
diff --git a/internal/query/projection/projection.go b/internal/query/projection/projection.go
index f4e3bbe0d4..07953a27e8 100644
--- a/internal/query/projection/projection.go
+++ b/internal/query/projection/projection.go
@@ -2,6 +2,9 @@ package projection
 
 import (
 	"context"
+	"fmt"
+
+	"github.com/zitadel/logging"
 
 	internal_authz "github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/crypto"
@@ -90,6 +93,7 @@ var (
 )
 
 type projection interface {
+	ProjectionName() string
 	Start(ctx context.Context)
 	Init(ctx context.Context) error
 	Trigger(ctx context.Context, opts ...handler.TriggerOpt) (_ context.Context, err error)
@@ -206,21 +210,25 @@ func Start(ctx context.Context) {
 }
 
 func ProjectInstance(ctx context.Context) error {
-	for _, projection := range projections {
+	for i, projection := range projections {
+		logging.WithFields("name", projection.ProjectionName(), "instance", internal_authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("starting projection")
 		_, err := projection.Trigger(ctx)
 		if err != nil {
 			return err
 		}
+		logging.WithFields("name", projection.ProjectionName(), "instance", internal_authz.GetInstance(ctx).InstanceID()).Info("projection done")
 	}
 	return nil
 }
 
 func ProjectInstanceFields(ctx context.Context) error {
-	for _, fieldProjection := range fields {
+	for i, fieldProjection := range fields {
+		logging.WithFields("name", fieldProjection.ProjectionName(), "instance", internal_authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(fields))).Info("starting fields projection")
 		err := fieldProjection.Trigger(ctx)
 		if err != nil {
 			return err
 		}
+		logging.WithFields("name", fieldProjection.ProjectionName(), "instance", internal_authz.GetInstance(ctx).InstanceID()).Info("fields projection done")
 	}
 	return nil
 }

From 0465d5093ef009e9bbea6998ca383bcb20144136 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Wed, 30 Apr 2025 10:26:04 +0200
Subject: [PATCH 029/123] fix(features): remove the improved performance enumer
 (#9819)

# Which Problems Are Solved

Instance that had improved performance flags set, got event errors when
getting instance features. This is because the improved performance
flags were marshalled using the enumerated integers, but now needed to
be unmashalled using the added UnmarshallText method.

# How the Problems Are Solved

- Remove emnumer generation

# Additional Changes

- none

# Additional Context

- reported on QA
- Backport to next-rc / v3
---
 cmd/defaults.yaml                             |  13 ++-
 internal/feature/feature.go                   |   3 +-
 .../feature/improvedperformancetype_enumer.go | 106 ------------------
 3 files changed, 9 insertions(+), 113 deletions(-)
 delete mode 100644 internal/feature/improvedperformancetype_enumer.go

diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index f20fbc03fc..6ab01ab35b 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -1102,12 +1102,13 @@ DefaultInstance:
     # LegacyIntrospection: false # ZITADEL_DEFAULTINSTANCE_FEATURES_LEGACYINTROSPECTION
     # UserSchema: false # ZITADEL_DEFAULTINSTANCE_FEATURES_USERSCHEMA
     # TokenExchange: false # ZITADEL_DEFAULTINSTANCE_FEATURES_TOKENEXCHANGE
-    # ImprovedPerformance: # ZITADEL_DEFAULTINSTANCE_FEATURES_IMPROVEDPERFORMANCE
-    #   - OrgByID
-    #   - ProjectGrant
-    #   - Project
-    #   - UserGrant
-    #   - OrgDomainVerified
+    ImprovedPerformance: # ZITADEL_DEFAULTINSTANCE_FEATURES_IMPROVEDPERFORMANCE
+    # https://github.com/zitadel/zitadel/blob/main/internal/feature/feature.go#L64-L68
+    #   - 1 # OrgByID
+    #   - 2 # ProjectGrant
+    #   - 3 # Project
+    #   - 4 # UserGrant
+    #   - 5 # OrgDomainVerified
     # WebKey: false # ZITADEL_DEFAULTINSTANCE_FEATURES_WEBKEY
     # DebugOIDCParentError: false # ZITADEL_DEFAULTINSTANCE_FEATURES_DEBUGOIDCPARENTERROR
     # OIDCSingleV1SessionTermination: false # ZITADEL_DEFAULTINSTANCE_FEATURES_OIDCSINGLEV1SESSIONTERMINATION
diff --git a/internal/feature/feature.go b/internal/feature/feature.go
index f500b80eb3..b5f5a901d4 100644
--- a/internal/feature/feature.go
+++ b/internal/feature/feature.go
@@ -57,7 +57,8 @@ type Features struct {
 	ConsoleUseV2UserApi             bool                      `json:"console_use_v2_user_api,omitempty"`
 }
 
-//go:generate enumer -type ImprovedPerformanceType -trimprefix ImprovedPerformanceType -text
+/* Note: do not generate the stringer or enumer for this type, is it breaks existing events */
+
 type ImprovedPerformanceType int32
 
 const (
diff --git a/internal/feature/improvedperformancetype_enumer.go b/internal/feature/improvedperformancetype_enumer.go
deleted file mode 100644
index a12673c205..0000000000
--- a/internal/feature/improvedperformancetype_enumer.go
+++ /dev/null
@@ -1,106 +0,0 @@
-// Code generated by "enumer -type ImprovedPerformanceType -trimprefix ImprovedPerformanceType -text"; DO NOT EDIT.
-
-package feature
-
-import (
-	"fmt"
-	"strings"
-)
-
-const _ImprovedPerformanceTypeName = "UnspecifiedOrgByIDProjectGrantProjectUserGrantOrgDomainVerified"
-
-var _ImprovedPerformanceTypeIndex = [...]uint8{0, 11, 18, 30, 37, 46, 63}
-
-const _ImprovedPerformanceTypeLowerName = "unspecifiedorgbyidprojectgrantprojectusergrantorgdomainverified"
-
-func (i ImprovedPerformanceType) String() string {
-	if i < 0 || i >= ImprovedPerformanceType(len(_ImprovedPerformanceTypeIndex)-1) {
-		return fmt.Sprintf("ImprovedPerformanceType(%d)", i)
-	}
-	return _ImprovedPerformanceTypeName[_ImprovedPerformanceTypeIndex[i]:_ImprovedPerformanceTypeIndex[i+1]]
-}
-
-// An "invalid array index" compiler error signifies that the constant values have changed.
-// Re-run the stringer command to generate them again.
-func _ImprovedPerformanceTypeNoOp() {
-	var x [1]struct{}
-	_ = x[ImprovedPerformanceTypeUnspecified-(0)]
-	_ = x[ImprovedPerformanceTypeOrgByID-(1)]
-	_ = x[ImprovedPerformanceTypeProjectGrant-(2)]
-	_ = x[ImprovedPerformanceTypeProject-(3)]
-	_ = x[ImprovedPerformanceTypeUserGrant-(4)]
-	_ = x[ImprovedPerformanceTypeOrgDomainVerified-(5)]
-}
-
-var _ImprovedPerformanceTypeValues = []ImprovedPerformanceType{ImprovedPerformanceTypeUnspecified, ImprovedPerformanceTypeOrgByID, ImprovedPerformanceTypeProjectGrant, ImprovedPerformanceTypeProject, ImprovedPerformanceTypeUserGrant, ImprovedPerformanceTypeOrgDomainVerified}
-
-var _ImprovedPerformanceTypeNameToValueMap = map[string]ImprovedPerformanceType{
-	_ImprovedPerformanceTypeName[0:11]:       ImprovedPerformanceTypeUnspecified,
-	_ImprovedPerformanceTypeLowerName[0:11]:  ImprovedPerformanceTypeUnspecified,
-	_ImprovedPerformanceTypeName[11:18]:      ImprovedPerformanceTypeOrgByID,
-	_ImprovedPerformanceTypeLowerName[11:18]: ImprovedPerformanceTypeOrgByID,
-	_ImprovedPerformanceTypeName[18:30]:      ImprovedPerformanceTypeProjectGrant,
-	_ImprovedPerformanceTypeLowerName[18:30]: ImprovedPerformanceTypeProjectGrant,
-	_ImprovedPerformanceTypeName[30:37]:      ImprovedPerformanceTypeProject,
-	_ImprovedPerformanceTypeLowerName[30:37]: ImprovedPerformanceTypeProject,
-	_ImprovedPerformanceTypeName[37:46]:      ImprovedPerformanceTypeUserGrant,
-	_ImprovedPerformanceTypeLowerName[37:46]: ImprovedPerformanceTypeUserGrant,
-	_ImprovedPerformanceTypeName[46:63]:      ImprovedPerformanceTypeOrgDomainVerified,
-	_ImprovedPerformanceTypeLowerName[46:63]: ImprovedPerformanceTypeOrgDomainVerified,
-}
-
-var _ImprovedPerformanceTypeNames = []string{
-	_ImprovedPerformanceTypeName[0:11],
-	_ImprovedPerformanceTypeName[11:18],
-	_ImprovedPerformanceTypeName[18:30],
-	_ImprovedPerformanceTypeName[30:37],
-	_ImprovedPerformanceTypeName[37:46],
-	_ImprovedPerformanceTypeName[46:63],
-}
-
-// ImprovedPerformanceTypeString retrieves an enum value from the enum constants string name.
-// Throws an error if the param is not part of the enum.
-func ImprovedPerformanceTypeString(s string) (ImprovedPerformanceType, error) {
-	if val, ok := _ImprovedPerformanceTypeNameToValueMap[s]; ok {
-		return val, nil
-	}
-
-	if val, ok := _ImprovedPerformanceTypeNameToValueMap[strings.ToLower(s)]; ok {
-		return val, nil
-	}
-	return 0, fmt.Errorf("%s does not belong to ImprovedPerformanceType values", s)
-}
-
-// ImprovedPerformanceTypeValues returns all values of the enum
-func ImprovedPerformanceTypeValues() []ImprovedPerformanceType {
-	return _ImprovedPerformanceTypeValues
-}
-
-// ImprovedPerformanceTypeStrings returns a slice of all String values of the enum
-func ImprovedPerformanceTypeStrings() []string {
-	strs := make([]string, len(_ImprovedPerformanceTypeNames))
-	copy(strs, _ImprovedPerformanceTypeNames)
-	return strs
-}
-
-// IsAImprovedPerformanceType returns "true" if the value is listed in the enum definition. "false" otherwise
-func (i ImprovedPerformanceType) IsAImprovedPerformanceType() bool {
-	for _, v := range _ImprovedPerformanceTypeValues {
-		if i == v {
-			return true
-		}
-	}
-	return false
-}
-
-// MarshalText implements the encoding.TextMarshaler interface for ImprovedPerformanceType
-func (i ImprovedPerformanceType) MarshalText() ([]byte, error) {
-	return []byte(i.String()), nil
-}
-
-// UnmarshalText implements the encoding.TextUnmarshaler interface for ImprovedPerformanceType
-func (i *ImprovedPerformanceType) UnmarshalText(text []byte) error {
-	var err error
-	*i, err = ImprovedPerformanceTypeString(string(text))
-	return err
-}

From 3953879fe9c2533289dab8a67a5e1a0514500150 Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Wed, 30 Apr 2025 11:12:48 +0200
Subject: [PATCH 030/123] fix: correct unmarshalling of IdP user when using
 Google (#9799)

# Which Problems Are Solved

Users from Google IDP's are not unmarshalled correctly in intent
endpoints and not returned to callers.

# How the Problems Are Solved

Provided correct type for unmarshalling of the information.

# Additional Changes

None

# Additional Context

None

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 internal/api/grpc/user/v2/intent.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/api/grpc/user/v2/intent.go b/internal/api/grpc/user/v2/intent.go
index 6e46dfd5c3..06966edb35 100644
--- a/internal/api/grpc/user/v2/intent.go
+++ b/internal/api/grpc/user/v2/intent.go
@@ -182,7 +182,7 @@ func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.R
 		case *gitlab.Provider:
 			idpUser, err = unmarshalIdpUser(intent.IDPUser, &oidc.User{UserInfo: &oidc_pkg.UserInfo{}})
 		case *google.Provider:
-			idpUser, err = unmarshalIdpUser(intent.IDPUser, &oidc.User{UserInfo: &oidc_pkg.UserInfo{}})
+			idpUser, err = unmarshalIdpUser(intent.IDPUser, &google.User{User: &oidc.User{UserInfo: &oidc_pkg.UserInfo{}}})
 		case *saml.Provider:
 			idpUser, err = unmarshalIdpUser(intent.IDPUser, &saml.UserMapper{})
 		case *ldap.Provider:

From 002c3eb025693b51b99670d05cd50953b4c8ca48 Mon Sep 17 00:00:00 2001
From: Ramon <mail@conblem.me>
Date: Wed, 30 Apr 2025 13:16:44 +0200
Subject: [PATCH 031/123] fix: Use ID ordering for the executions in Actions v2
 (#9820)

# Which Problems Are Solved

Sort Executions by ID in the Actions V2 view. This way All is the first
element in the table.

# How the Problems Are Solved
Pass ID sorting to the Backend.

# Additional Changes
Cleaned up some imports.

# Additional Context
- Part of Make actions sortable by hirarchie #9688
---
 .../actions-two-actions/actions-two-actions.component.ts     | 3 ++-
 console/src/app/services/grpc.service.ts                     | 5 -----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.ts b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.ts
index b5f2260e34..7e0d457dd5 100644
--- a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions.component.ts
@@ -16,6 +16,7 @@ import { MessageInitShape } from '@bufbuild/protobuf';
 import { SetExecutionRequestSchema } from '@zitadel/proto/zitadel/action/v2beta/action_service_pb';
 import { Target } from '@zitadel/proto/zitadel/action/v2beta/target_pb';
 import { InfoSectionType } from '../../info-section/info-section.component';
+import { ExecutionFieldName } from '@zitadel/proto/zitadel/action/v2beta/query_pb';
 
 @Component({
   selector: 'cnsl-actions-two-actions',
@@ -42,7 +43,7 @@ export class ActionsTwoActionsComponent {
     return this.refresh$.pipe(
       startWith(true),
       switchMap(() => {
-        return this.actionService.listExecutions({});
+        return this.actionService.listExecutions({ sortingColumn: ExecutionFieldName.ID, pagination: { asc: true } });
       }),
       map(({ result }) => result.map(correctlyTypeExecution)),
       catchError((err) => {
diff --git a/console/src/app/services/grpc.service.ts b/console/src/app/services/grpc.service.ts
index b2f89ca648..d2add12f41 100644
--- a/console/src/app/services/grpc.service.ts
+++ b/console/src/app/services/grpc.service.ts
@@ -15,7 +15,6 @@ import { AuthInterceptor, AuthInterceptorProvider, NewConnectWebAuthInterceptor
 import { ExhaustedGrpcInterceptor } from './interceptors/exhausted.grpc.interceptor';
 import { I18nInterceptor } from './interceptors/i18n.interceptor';
 import { NewConnectWebOrgInterceptor, OrgInterceptor, OrgInterceptorProvider } from './interceptors/org.interceptor';
-import { StorageService } from './storage.service';
 import { UserServiceClient } from '../proto/generated/zitadel/user/v2/User_serviceServiceClientPb';
 //@ts-ignore
 import { createFeatureServiceClient, createUserServiceClient, createSessionServiceClient } from '@zitadel/client/v2';
@@ -24,14 +23,10 @@ import { createAuthServiceClient, createManagementServiceClient } from '@zitadel
 import { createGrpcWebTransport } from '@connectrpc/connect-web';
 // @ts-ignore
 import { createClientFor } from '@zitadel/client';
-import { Client, Transport } from '@connectrpc/connect';
 
 import { WebKeyService } from '@zitadel/proto/zitadel/webkey/v2beta/webkey_service_pb';
 import { ActionService } from '@zitadel/proto/zitadel/action/v2beta/action_service_pb';
 
-// @ts-ignore
-import { createClientFor } from '@zitadel/client';
-
 const createWebKeyServiceClient = createClientFor(WebKeyService);
 const createActionServiceClient = createClientFor(ActionService);
 

From 48c1f7e49f47e507e4c31cfc84f8a3a043278969 Mon Sep 17 00:00:00 2001
From: Ramon <mail@conblem.me>
Date: Wed, 30 Apr 2025 14:22:27 +0200
Subject: [PATCH 032/123] fix: Actions V2 improve deleted target handling in
 executions (#9822)

# Which Problems Are Solved
Previously, if a target was deleted but still referenced by an
execution, it became impossible to load the executions.

# How the Problems Are Solved
Missing targets in the execution table are now gracefully ignored,
allowing executions to load without errors.

# Additional Changes
Enhanced permission handling in the settings sidenav to ensure users
have the correct access rights.
---
 .../actions-two-actions-table.component.html      |  4 ++--
 .../actions-two-actions-table.component.ts        | 10 +++-------
 console/src/app/modules/settings-list/settings.ts |  6 ++----
 console/src/app/services/grpc-auth.service.ts     | 15 +++++++++++++--
 4 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.html b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.html
index 82f04fb124..7948ba7554 100644
--- a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.html
+++ b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.html
@@ -24,8 +24,8 @@
         <th mat-header-cell *matHeaderCellDef>{{ 'ACTIONSTWO.EXECUTION.TABLE.TARGET' | translate }}</th>
         <td mat-cell *cnslCellDef="let row; dataSource: dataSource">
           <div class="target-key">
-            <cnsl-project-role-chip *ngFor="let target of row.mappedTargets; trackBy: trackTarget" [roleName]="target.name"
-              >{{ target.name }}
+            <cnsl-project-role-chip *ngFor="let target of row.mappedTargets; trackBy: trackTarget" [roleName]="target.name">
+              {{ target.name }}
             </cnsl-project-role-chip>
           </div>
         </td>
diff --git a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.ts b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.ts
index 658c205c4e..af9673dbf5 100644
--- a/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.ts
+++ b/console/src/app/modules/actions-two/actions-two-actions/actions-two-actions-table/actions-two-actions-table.component.ts
@@ -55,13 +55,9 @@ export class ActionsTwoActionsTableComponent {
       }
 
       return executions.map((execution) => {
-        const mappedTargets = execution.targets.map((target) => {
-          const targetType = targetsMap.get(target);
-          if (!targetType) {
-            throw new Error(`Target with id ${target} not found`);
-          }
-          return targetType;
-        });
+        const mappedTargets = execution.targets
+          .map((target) => targetsMap.get(target))
+          .filter((target): target is NonNullable<typeof target> => !!target);
         return { execution, mappedTargets };
       });
     });
diff --git a/console/src/app/modules/settings-list/settings.ts b/console/src/app/modules/settings-list/settings.ts
index c96431fa30..7ec7fdea15 100644
--- a/console/src/app/modules/settings-list/settings.ts
+++ b/console/src/app/modules/settings-list/settings.ts
@@ -228,8 +228,7 @@ export const ACTIONS: SidenavSetting = {
   i18nKey: 'SETTINGS.LIST.ACTIONS',
   groupI18nKey: 'SETTINGS.GROUPS.ACTIONS',
   requiredRoles: {
-    // todo: figure out roles
-    [PolicyComponentServiceType.ADMIN]: ['iam.policy.read'],
+    [PolicyComponentServiceType.ADMIN]: ['action.execution.write', 'action.target.write'],
   },
   beta: true,
 };
@@ -239,8 +238,7 @@ export const ACTIONS_TARGETS: SidenavSetting = {
   i18nKey: 'SETTINGS.LIST.TARGETS',
   groupI18nKey: 'SETTINGS.GROUPS.ACTIONS',
   requiredRoles: {
-    // todo: figure out roles
-    [PolicyComponentServiceType.ADMIN]: ['iam.policy.read'],
+    [PolicyComponentServiceType.ADMIN]: ['action.execution.write', 'action.target.write'],
   },
   beta: true,
 };
diff --git a/console/src/app/services/grpc-auth.service.ts b/console/src/app/services/grpc-auth.service.ts
index 3967f1df06..198d048b6a 100644
--- a/console/src/app/services/grpc-auth.service.ts
+++ b/console/src/app/services/grpc-auth.service.ts
@@ -1,7 +1,18 @@
 import { Injectable } from '@angular/core';
 import { SortDirection } from '@angular/material/sort';
 import { OAuthService } from 'angular-oauth2-oidc';
-import { BehaviorSubject, combineLatestWith, EMPTY, mergeWith, NEVER, Observable, of, shareReplay, Subject } from 'rxjs';
+import {
+  BehaviorSubject,
+  combineLatestWith,
+  EMPTY,
+  identity,
+  mergeWith,
+  NEVER,
+  Observable,
+  of,
+  shareReplay,
+  Subject,
+} from 'rxjs';
 import { catchError, distinctUntilChanged, filter, finalize, map, startWith, switchMap, tap, timeout } from 'rxjs/operators';
 
 import {
@@ -326,7 +337,7 @@ export class GrpcAuthService {
         return new RegExp(reqRegexp).test(role);
       });
 
-    const allCheck = requestedRoles.map(test).every((x) => !!x);
+    const allCheck = requestedRoles.map(test).every(identity);
     const oneCheck = requestedRoles.some(test);
 
     return requiresAll ? allCheck : oneCheck;

From a05f7ce3fc864358ce3ef5cdd93386162eac5b25 Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Wed, 30 Apr 2025 14:58:10 +0200
Subject: [PATCH 033/123] fix: correct handling of removed targets (#9824)

# Which Problems Are Solved

In Actions v2, if a target is removed, which is still used in an
execution, the target is still listed when list executions.

# How the Problems Are Solved

Removed targets are now also removed from the executions.

# Additional Changes

To be sure the list executions include a check if the target is still
existing.

# Additional Context

None

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 internal/query/execution.go                 | 12 ++--
 internal/query/execution_targets.sql        | 22 ++++---
 internal/query/execution_test.go            | 71 +++++++++++++++++++--
 internal/query/projection/execution.go      | 25 ++++++++
 internal/query/projection/execution_test.go | 30 +++++++++
 5 files changed, 141 insertions(+), 19 deletions(-)

diff --git a/internal/query/execution.go b/internal/query/execution.go
index 0a2a989918..4739a5839e 100644
--- a/internal/query/execution.go
+++ b/internal/query/execution.go
@@ -1,11 +1,13 @@
 package query
 
 import (
+	"cmp"
 	"context"
 	"database/sql"
 	_ "embed"
 	"encoding/json"
 	"errors"
+	"slices"
 	"time"
 
 	sq "github.com/Masterminds/squirrel"
@@ -301,13 +303,15 @@ func executionTargetsUnmarshal(data []byte) ([]*exec.Target, error) {
 	}
 
 	targets := make([]*exec.Target, len(executionTargets))
-	// position starts with 1
-	for _, item := range executionTargets {
+	slices.SortFunc(executionTargets, func(a, b *executionTarget) int {
+		return cmp.Compare(a.Position, b.Position)
+	})
+	for i, item := range executionTargets {
 		if item.Target != "" {
-			targets[item.Position-1] = &exec.Target{Type: domain.ExecutionTargetTypeTarget, Target: item.Target}
+			targets[i] = &exec.Target{Type: domain.ExecutionTargetTypeTarget, Target: item.Target}
 		}
 		if item.Include != "" {
-			targets[item.Position-1] = &exec.Target{Type: domain.ExecutionTargetTypeInclude, Target: item.Include}
+			targets[i] = &exec.Target{Type: domain.ExecutionTargetTypeInclude, Target: item.Include}
 		}
 	}
 	return targets, nil
diff --git a/internal/query/execution_targets.sql b/internal/query/execution_targets.sql
index 32257f4a1f..a6e6dd6caa 100644
--- a/internal/query/execution_targets.sql
+++ b/internal/query/execution_targets.sql
@@ -1,11 +1,15 @@
-SELECT instance_id,
-       execution_id,
+SELECT et.instance_id,
+       et.execution_id,
        JSONB_AGG(
                JSON_OBJECT(
-                       'position' : position,
-                       'include' : include,
-                       'target' : target_id
-                   )
-           ) as targets
-FROM projections.executions1_targets
-GROUP BY instance_id, execution_id
\ No newline at end of file
+                       'position' : et.position,
+                       'include' : et.include,
+                       'target' : et.target_id
+               )
+       ) as targets
+FROM projections.executions1_targets AS et
+         INNER JOIN projections.targets2 AS t
+                    ON et.instance_id = t.instance_id
+                        AND et.target_id IS NOT NULL
+                        AND et.target_id = t.id
+GROUP BY et.instance_id, et.execution_id
\ No newline at end of file
diff --git a/internal/query/execution_test.go b/internal/query/execution_test.go
index eaaac1e9ba..64f9a4849f 100644
--- a/internal/query/execution_test.go
+++ b/internal/query/execution_test.go
@@ -22,9 +22,10 @@ var (
 		` COUNT(*) OVER ()` +
 		` FROM projections.executions1` +
 		` JOIN (` +
-		`SELECT instance_id, execution_id, JSONB_AGG( JSON_OBJECT( 'position' : position, 'include' : include, 'target' : target_id ) ) as targets` +
-		` FROM projections.executions1_targets` +
-		` GROUP BY instance_id, execution_id` +
+		`SELECT et.instance_id, et.execution_id, JSONB_AGG( JSON_OBJECT( 'position' : et.position, 'include' : et.include, 'target' : et.target_id ) ) as targets` +
+		` FROM projections.executions1_targets AS et` +
+		` INNER JOIN projections.targets2 AS t ON et.instance_id = t.instance_id AND et.target_id IS NOT NULL AND et.target_id = t.id` +
+		` GROUP BY et.instance_id, et.execution_id` +
 		`)` +
 		` AS execution_targets` +
 		` ON execution_targets.instance_id = projections.executions1.instance_id` +
@@ -45,9 +46,10 @@ var (
 		` execution_targets.targets` +
 		` FROM projections.executions1` +
 		` JOIN (` +
-		`SELECT instance_id, execution_id, JSONB_AGG( JSON_OBJECT( 'position' : position, 'include' : include, 'target' : target_id ) ) as targets` +
-		` FROM projections.executions1_targets` +
-		` GROUP BY instance_id, execution_id` +
+		`SELECT et.instance_id, et.execution_id, JSONB_AGG( JSON_OBJECT( 'position' : et.position, 'include' : et.include, 'target' : et.target_id ) ) as targets` +
+		` FROM projections.executions1_targets AS et` +
+		` INNER JOIN projections.targets2 AS t ON et.instance_id = t.instance_id AND et.target_id IS NOT NULL AND et.target_id = t.id` +
+		` GROUP BY et.instance_id, et.execution_id` +
 		`)` +
 		` AS execution_targets` +
 		` ON execution_targets.instance_id = projections.executions1.instance_id` +
@@ -179,6 +181,63 @@ func Test_ExecutionPrepares(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:    "prepareExecutionsQuery multiple result, removed target, position missing",
+			prepare: prepareExecutionsQuery,
+			want: want{
+				sqlExpectations: mockQueries(
+					regexp.QuoteMeta(prepareExecutionsStmt),
+					prepareExecutionsCols,
+					[][]driver.Value{
+						{
+							"ro",
+							"id-1",
+							testNow,
+							testNow,
+							[]byte(`[{"position" : 1, "target" : "target"}, {"position" : 3, "include" : "include"}]`),
+						},
+						{
+							"ro",
+							"id-2",
+							testNow,
+							testNow,
+							[]byte(`[{"position" : 2, "target" : "target"}, {"position" : 1, "include" : "include"}]`),
+						},
+					},
+				),
+			},
+			object: &Executions{
+				SearchResponse: SearchResponse{
+					Count: 2,
+				},
+				Executions: []*Execution{
+					{
+						ObjectDetails: domain.ObjectDetails{
+							ID:            "id-1",
+							EventDate:     testNow,
+							CreationDate:  testNow,
+							ResourceOwner: "ro",
+						},
+						Targets: []*exec.Target{
+							{Type: domain.ExecutionTargetTypeTarget, Target: "target"},
+							{Type: domain.ExecutionTargetTypeInclude, Target: "include"},
+						},
+					},
+					{
+						ObjectDetails: domain.ObjectDetails{
+							ID:            "id-2",
+							EventDate:     testNow,
+							CreationDate:  testNow,
+							ResourceOwner: "ro",
+						},
+						Targets: []*exec.Target{
+							{Type: domain.ExecutionTargetTypeInclude, Target: "include"},
+							{Type: domain.ExecutionTargetTypeTarget, Target: "target"},
+						},
+					},
+				},
+			},
+		},
 		{
 			name:    "prepareExecutionsQuery sql err",
 			prepare: prepareExecutionsQuery,
diff --git a/internal/query/projection/execution.go b/internal/query/projection/execution.go
index 9001fcd3ba..1bd7f2e7f5 100644
--- a/internal/query/projection/execution.go
+++ b/internal/query/projection/execution.go
@@ -9,6 +9,7 @@ import (
 	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
 	exec "github.com/zitadel/zitadel/internal/repository/execution"
 	"github.com/zitadel/zitadel/internal/repository/instance"
+	"github.com/zitadel/zitadel/internal/repository/target"
 )
 
 const (
@@ -78,6 +79,15 @@ func (p *executionProjection) Reducers() []handler.AggregateReducer {
 				},
 			},
 		},
+		{
+			Aggregate: target.AggregateType,
+			EventReducers: []handler.EventReducer{
+				{
+					Event:  target.RemovedEventType,
+					Reduce: p.reduceTargetRemoved,
+				},
+			},
+		},
 		{
 			Aggregate: instance.AggregateType,
 			EventReducers: []handler.EventReducer{
@@ -152,6 +162,21 @@ func (p *executionProjection) reduceExecutionSet(event eventstore.Event) (*handl
 	return handler.NewMultiStatement(e, stmts...), nil
 }
 
+func (p *executionProjection) reduceTargetRemoved(event eventstore.Event) (*handler.Statement, error) {
+	e, err := assertEvent[*target.RemovedEvent](event)
+	if err != nil {
+		return nil, err
+	}
+	return handler.NewDeleteStatement(
+		e,
+		[]handler.Condition{
+			handler.NewCond(ExecutionTargetInstanceIDCol, e.Aggregate().InstanceID),
+			handler.NewCond(ExecutionTargetTargetIDCol, e.Aggregate().ID),
+		},
+		handler.WithTableSuffix(ExecutionTargetSuffix),
+	), nil
+}
+
 func (p *executionProjection) reduceExecutionRemoved(event eventstore.Event) (*handler.Statement, error) {
 	e, err := assertEvent[*exec.RemovedEvent](event)
 	if err != nil {
diff --git a/internal/query/projection/execution_test.go b/internal/query/projection/execution_test.go
index 27d6e89258..aecae6905a 100644
--- a/internal/query/projection/execution_test.go
+++ b/internal/query/projection/execution_test.go
@@ -7,6 +7,7 @@ import (
 	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
 	exec "github.com/zitadel/zitadel/internal/repository/execution"
 	"github.com/zitadel/zitadel/internal/repository/instance"
+	"github.com/zitadel/zitadel/internal/repository/target"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
@@ -79,6 +80,35 @@ func TestExecutionProjection_reduces(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "reduceTargetRemoved",
+			args: args{
+				event: getEvent(
+					testEvent(
+						target.RemovedEventType,
+						target.AggregateType,
+						[]byte(`{}`),
+					),
+					eventstore.GenericEventMapper[target.RemovedEvent],
+				),
+			},
+			reduce: (&executionProjection{}).reduceTargetRemoved,
+			want: wantReduce{
+				aggregateType: eventstore.AggregateType("target"),
+				sequence:      15,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "DELETE FROM projections.executions1_targets WHERE (instance_id = $1) AND (target_id = $2)",
+							expectedArgs: []interface{}{
+								"instance-id",
+								"agg-id",
+							},
+						},
+					},
+				},
+			},
+		},
 		{
 			name: "reduceExecutionRemoved",
 			args: args{

From 02acc932425c9b3519b8ad6c1dc334ad134319c5 Mon Sep 17 00:00:00 2001
From: Ramon <mail@conblem.me>
Date: Wed, 30 Apr 2025 15:20:39 +0200
Subject: [PATCH 034/123] fix: Improve Actions V2 translations (#9826)

# Which Problems Are Solved
The translation for event was not loaded correctly.

![grafik](https://github.com/user-attachments/assets/3fa8d72f-f55a-44b7-997d-0f0976f66b85)

# How the Problems Are Solved
Correct translations to have the correct key.

# Additional Changes
Improved the translation for all events.
---
 .../actions-two-add-action-condition.component.html            | 2 +-
 console/src/assets/i18n/bg.json                                | 3 ++-
 console/src/assets/i18n/cs.json                                | 3 ++-
 console/src/assets/i18n/de.json                                | 3 ++-
 console/src/assets/i18n/en.json                                | 3 ++-
 console/src/assets/i18n/es.json                                | 3 ++-
 console/src/assets/i18n/fr.json                                | 3 ++-
 console/src/assets/i18n/hu.json                                | 3 ++-
 console/src/assets/i18n/id.json                                | 3 ++-
 console/src/assets/i18n/it.json                                | 3 ++-
 console/src/assets/i18n/ja.json                                | 3 ++-
 console/src/assets/i18n/ko.json                                | 3 ++-
 console/src/assets/i18n/mk.json                                | 3 ++-
 console/src/assets/i18n/nl.json                                | 3 ++-
 console/src/assets/i18n/pl.json                                | 3 ++-
 console/src/assets/i18n/pt.json                                | 3 ++-
 console/src/assets/i18n/ro.json                                | 3 ++-
 console/src/assets/i18n/ru.json                                | 3 ++-
 console/src/assets/i18n/sv.json                                | 3 ++-
 console/src/assets/i18n/zh.json                                | 3 ++-
 20 files changed, 39 insertions(+), 20 deletions(-)

diff --git a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-condition/actions-two-add-action-condition.component.html b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-condition/actions-two-add-action-condition.component.html
index 401e5e521d..f0248f45a2 100644
--- a/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-condition/actions-two-add-action-condition.component.html
+++ b/console/src/app/modules/actions-two/actions-two-add-action/actions-two-add-action-condition/actions-two-add-action-condition.component.html
@@ -84,7 +84,7 @@
         <div class="execution-condition-text">
           <span>{{ 'ACTIONSTWO.EXECUTION.DIALOG.CONDITION.ALL.TITLE' | translate }}</span>
           <span class="description cnsl-secondary-text">{{
-            'ACTIONSTWO.EXECUTION.DIALOG.CONDITION.ALL.DESCRIPTION' | translate
+            'ACTIONSTWO.EXECUTION.DIALOG.CONDITION.ALL_EVENTS' | translate
           }}</span>
         </div>
       </mat-checkbox>
diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json
index 30d9c53763..b98204a917 100644
--- a/console/src/assets/i18n/bg.json
+++ b/console/src/assets/i18n/bg.json
@@ -536,7 +536,7 @@
       "TYPES": {
         "request": "Заявка",
         "response": "Отговор",
-        "events": "Събития",
+        "event": "Събития",
         "function": "Функция"
       },
       "DIALOG": {
@@ -567,6 +567,7 @@
             "TITLE": "Всички",
             "DESCRIPTION": "Изберете това, ако искате да изпълните действието си при всяка заявка"
           },
+          "ALL_EVENTS": "Изберете това, ако искате действието да се изпълнява при всяко събитие",
           "SELECT_SERVICE": {
             "TITLE": "Избор на услуга",
             "DESCRIPTION": "Изберете услуга на Zitadel за вашето действие."
diff --git a/console/src/assets/i18n/cs.json b/console/src/assets/i18n/cs.json
index ee43e86822..390c5dcdbd 100644
--- a/console/src/assets/i18n/cs.json
+++ b/console/src/assets/i18n/cs.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "Požadavek",
         "response": "Odpověď",
-        "events": "Události",
+        "event": "Události",
         "function": "Funkce"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "Všechny",
             "DESCRIPTION": "Vyberte tuto možnost, pokud chcete spustit akci pro každý požadavek"
           },
+          "ALL_EVENTS": "Vyberte toto, pokud chcete spustit akci při každé události",
           "SELECT_SERVICE": {
             "TITLE": "Vybrat službu",
             "DESCRIPTION": "Vyberte službu Zitadel pro svou akci."
diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json
index 3993674992..e73c883bd2 100644
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "Anfrage",
         "response": "Antwort",
-        "events": "Ereignisse",
+        "event": "Ereignisse",
         "function": "Funktion"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "Alle",
             "DESCRIPTION": "Wählen Sie dies aus, wenn Sie Ihre Aktion bei jeder Anfrage ausführen möchten"
           },
+          "ALL_EVENTS": "Wähle dies aus, wenn du deine Aktion bei jedem Ereignis ausführen möchtest",
           "SELECT_SERVICE": {
             "TITLE": "Dienst auswählen",
             "DESCRIPTION": "Wählen Sie einen Zitadel-Dienst für Ihre Aktion aus."
diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json
index fd81bfd353..5e2cc3f4c9 100644
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "Request",
         "response": "Response",
-        "events": "Events",
+        "event": "Events",
         "function": "Function"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "All",
             "DESCRIPTION": "Select this if you want to run your action on every request"
           },
+          "ALL_EVENTS": "Select this if you want to run your action on every event",
           "SELECT_SERVICE": {
             "TITLE": "Select Service",
             "DESCRIPTION": "Choose a Zitadel Service for you action."
diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json
index aec024eacb..198bb3ca8b 100644
--- a/console/src/assets/i18n/es.json
+++ b/console/src/assets/i18n/es.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "Solicitud",
         "response": "Respuesta",
-        "events": "Eventos",
+        "event": "Eventos",
         "function": "Función"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "Todas",
             "DESCRIPTION": "Selecciona esto si quieres ejecutar tu acción en cada solicitud"
           },
+          "ALL_EVENTS": "Selecciona esto si quieres ejecutar tu acción en cada evento",
           "SELECT_SERVICE": {
             "TITLE": "Seleccionar servicio",
             "DESCRIPTION": "Elige un servicio de Zitadel para tu acción."
diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json
index 05e34ad846..0d66c4193e 100644
--- a/console/src/assets/i18n/fr.json
+++ b/console/src/assets/i18n/fr.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "Requête",
         "response": "Réponse",
-        "events": "Événements",
+        "event": "Événements",
         "function": "Fonction"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "Tous",
             "DESCRIPTION": "Sélectionnez ceci si vous souhaitez exécuter votre action sur chaque requête"
           },
+          "ALL_EVENTS": "Sélectionnez ceci si vous souhaitez exécuter votre action à chaque événement",
           "SELECT_SERVICE": {
             "TITLE": "Sélectionner un service",
             "DESCRIPTION": "Choisissez un service Zitadel pour votre action."
diff --git a/console/src/assets/i18n/hu.json b/console/src/assets/i18n/hu.json
index d46bc96153..96d1fe16df 100644
--- a/console/src/assets/i18n/hu.json
+++ b/console/src/assets/i18n/hu.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "Kérés",
         "response": "Válasz",
-        "events": "Események",
+        "event": "Események",
         "function": "Függvény"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "Összes",
             "DESCRIPTION": "Válassza ezt, ha minden kérésnél futtatni szeretné a műveletet"
           },
+          "ALL_EVENTS": "Válaszd ezt, ha minden eseménynél futtatni szeretnéd a műveletet",
           "SELECT_SERVICE": {
             "TITLE": "Szolgáltatás kiválasztása",
             "DESCRIPTION": "Válasszon egy Zitadel szolgáltatást a művelethez."
diff --git a/console/src/assets/i18n/id.json b/console/src/assets/i18n/id.json
index f8831a224d..ca788a9467 100644
--- a/console/src/assets/i18n/id.json
+++ b/console/src/assets/i18n/id.json
@@ -504,7 +504,7 @@
       "TYPES": {
         "request": "Permintaan",
         "response": "Respons",
-        "events": "Peristiwa",
+        "event": "Peristiwa",
         "function": "Fungsi"
       },
       "DIALOG": {
@@ -535,6 +535,7 @@
             "TITLE": "Semua",
             "DESCRIPTION": "Pilih ini jika Anda ingin menjalankan tindakan Anda pada setiap permintaan"
           },
+          "ALL_EVENTS": "Pilih ini jika Anda ingin menjalankan aksi Anda pada setiap peristiwa",
           "SELECT_SERVICE": {
             "TITLE": "Pilih Layanan",
             "DESCRIPTION": "Pilih Layanan Zitadel untuk tindakan Anda."
diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json
index 5dad683bca..60266bdac5 100644
--- a/console/src/assets/i18n/it.json
+++ b/console/src/assets/i18n/it.json
@@ -536,7 +536,7 @@
       "TYPES": {
         "request": "Richiesta",
         "response": "Risposta",
-        "events": "Eventi",
+        "event": "Eventi",
         "function": "Funzione"
       },
       "DIALOG": {
@@ -567,6 +567,7 @@
             "TITLE": "Tutte",
             "DESCRIPTION": "Seleziona questa opzione se vuoi eseguire la tua azione su ogni richiesta"
           },
+          "ALL_EVENTS": "Seleziona questo se vuoi eseguire la tua azione a ogni evento",
           "SELECT_SERVICE": {
             "TITLE": "Seleziona servizio",
             "DESCRIPTION": "Scegli un servizio Zitadel per la tua azione."
diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json
index f09dfeb564..288d491ce7 100644
--- a/console/src/assets/i18n/ja.json
+++ b/console/src/assets/i18n/ja.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "リクエスト",
         "response": "レスポンス",
-        "events": "イベント",
+        "event": "イベント",
         "function": "関数"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "すべて",
             "DESCRIPTION": "すべてのリクエストでアクションを実行する場合は、これを選択します"
           },
+          "ALL_EVENTS": "すべてのイベントでアクションを実行する場合はこれを選択してください",
           "SELECT_SERVICE": {
             "TITLE": "サービスを選択",
             "DESCRIPTION": "アクションのZitadelサービスを選択します。"
diff --git a/console/src/assets/i18n/ko.json b/console/src/assets/i18n/ko.json
index 304f52e127..437c43a3a1 100644
--- a/console/src/assets/i18n/ko.json
+++ b/console/src/assets/i18n/ko.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "요청",
         "response": "응답",
-        "events": "이벤트",
+        "event": "이벤트",
         "function": "함수"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "모두",
             "DESCRIPTION": "모든 요청에서 작업을 실행하려면 이것을 선택하십시오."
           },
+          "ALL_EVENTS": "모든 이벤트에서 작업을 실행하려면 이 항목을 선택하세요",
           "SELECT_SERVICE": {
             "TITLE": "서비스 선택",
             "DESCRIPTION": "작업에 대한 Zitadel 서비스를 선택하십시오."
diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json
index 1ab4dce534..2e62723939 100644
--- a/console/src/assets/i18n/mk.json
+++ b/console/src/assets/i18n/mk.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "Барање",
         "response": "Одговор",
-        "events": "Настани",
+        "event": "Настани",
         "function": "Функција"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "Сите",
             "DESCRIPTION": "Изберете го ова ако сакате да ја извршите вашата акција на секое барање"
           },
+          "ALL_EVENTS": "Изберете го ова ако сакате вашата акција да се извршува на секој настан",
           "SELECT_SERVICE": {
             "TITLE": "Изберете услуга",
             "DESCRIPTION": "Изберете Zitadel услуга за вашата акција."
diff --git a/console/src/assets/i18n/nl.json b/console/src/assets/i18n/nl.json
index a08f62ed20..7e549f64ba 100644
--- a/console/src/assets/i18n/nl.json
+++ b/console/src/assets/i18n/nl.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "Verzoek",
         "response": "Reactie",
-        "events": "Gebeurtenissen",
+        "event": "Gebeurtenissen",
         "function": "Functie"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "Alle",
             "DESCRIPTION": "Selecteer dit als u uw actie bij elk verzoek wilt uitvoeren"
           },
+          "ALL_EVENTS": "Selecteer dit als je je actie bij elk evenement wilt uitvoeren",
           "SELECT_SERVICE": {
             "TITLE": "Service selecteren",
             "DESCRIPTION": "Kies een Zitadel-service voor uw actie."
diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json
index 3902378af6..2f18c343f7 100644
--- a/console/src/assets/i18n/pl.json
+++ b/console/src/assets/i18n/pl.json
@@ -536,7 +536,7 @@
       "TYPES": {
         "request": "Żądanie",
         "response": "Odpowiedź",
-        "events": "Zdarzenia",
+        "event": "Zdarzenia",
         "function": "Funkcja"
       },
       "DIALOG": {
@@ -567,6 +567,7 @@
             "TITLE": "Wszystkie",
             "DESCRIPTION": "Wybierz tę opcję, jeśli chcesz uruchomić akcję dla każdego żądania"
           },
+          "ALL_EVENTS": "Wybierz to, jeśli chcesz uruchamiać swoją akcję przy każdym zdarzeniu",
           "SELECT_SERVICE": {
             "TITLE": "Wybierz usługę",
             "DESCRIPTION": "Wybierz usługę Zitadel dla swojej akcji."
diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json
index 016785f2c8..08181f6ead 100644
--- a/console/src/assets/i18n/pt.json
+++ b/console/src/assets/i18n/pt.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "Solicitação",
         "response": "Resposta",
-        "events": "Eventos",
+        "event": "Eventos",
         "function": "Função"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "Todas",
             "DESCRIPTION": "Selecione isso se você quiser executar sua ação em cada solicitação"
           },
+          "ALL_EVENTS": "Selecione isto se quiser executar sua ação em cada evento",
           "SELECT_SERVICE": {
             "TITLE": "Selecionar Serviço",
             "DESCRIPTION": "Escolha um Serviço Zitadel para sua ação."
diff --git a/console/src/assets/i18n/ro.json b/console/src/assets/i18n/ro.json
index 4ad511c466..b07897f316 100644
--- a/console/src/assets/i18n/ro.json
+++ b/console/src/assets/i18n/ro.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "Cerere",
         "response": "Răspuns",
-        "events": "Evenimente",
+        "event": "Evenimente",
         "function": "Funcție"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "Toate",
             "DESCRIPTION": "Selectați aceasta dacă doriți să rulați acțiunea la fiecare cerere"
           },
+          "ALL_EVENTS": "Selectează aceasta dacă vrei să rulezi acțiunea ta la fiecare eveniment",
           "SELECT_SERVICE": {
             "TITLE": "Selectați Serviciul",
             "DESCRIPTION": "Alegeți un Serviciu Zitadel pentru acțiunea dvs."
diff --git a/console/src/assets/i18n/ru.json b/console/src/assets/i18n/ru.json
index 43bc266be0..c6ef31499e 100644
--- a/console/src/assets/i18n/ru.json
+++ b/console/src/assets/i18n/ru.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "Запрос",
         "response": "Ответ",
-        "events": "События",
+        "event": "События",
         "function": "Функция"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "Все",
             "DESCRIPTION": "Выберите это, если вы хотите запустить свое действие при каждом запросе"
           },
+          "ALL_EVENTS": "Выберите это, если хотите выполнять действие при каждом событии",
           "SELECT_SERVICE": {
             "TITLE": "Выбрать службу",
             "DESCRIPTION": "Выберите службу Zitadel для вашего действия."
diff --git a/console/src/assets/i18n/sv.json b/console/src/assets/i18n/sv.json
index 00b7854603..c356e635e0 100644
--- a/console/src/assets/i18n/sv.json
+++ b/console/src/assets/i18n/sv.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "Förfrågan",
         "response": "Svar",
-        "events": "Händelser",
+        "event": "Händelser",
         "function": "Funktion"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "Alla",
             "DESCRIPTION": "Välj detta om du vill köra din åtgärd på varje förfrågan"
           },
+          "ALL_EVENTS": "Välj detta om du vill köra din åtgärd vid varje händelse",
           "SELECT_SERVICE": {
             "TITLE": "Välj tjänst",
             "DESCRIPTION": "Välj en Zitadel-tjänst för din åtgärd."
diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json
index 496b3d528e..8be3316b0b 100644
--- a/console/src/assets/i18n/zh.json
+++ b/console/src/assets/i18n/zh.json
@@ -537,7 +537,7 @@
       "TYPES": {
         "request": "请求",
         "response": "响应",
-        "events": "事件",
+        "event": "事件",
         "function": "函数"
       },
       "DIALOG": {
@@ -568,6 +568,7 @@
             "TITLE": "全部",
             "DESCRIPTION": "如果您希望在每个请求上运行您的操作，请选择此项"
           },
+          "ALL_EVENTS": "如果您想在每个事件上运行操作，请选择此项",
           "SELECT_SERVICE": {
             "TITLE": "选择服务",
             "DESCRIPTION": "为您的操作选择一个 Zitadel 服务。"

From 74ace1aec31eb6085c1b871c7465524f5f9d13cf Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Thu, 1 May 2025 07:41:57 +0200
Subject: [PATCH 035/123] fix(actions): default sorting column to creation date
 (#9795)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# Which Problems Are Solved

The sorting column of action targets and executions defaults to the ID
column instead of the creation date column.
This is only relevant, if the sorting column is explicitly passed as
unspecified.
If the sorting column is not passed, it correctly defaults to the
creation date.

```bash
# ❌ Sorts by ID
grpcurl -plaintext -H "Authorization: Bearer ${ZITADEL_ACCESS_TOKEN}" -d '{"sortingColumn": "TARGET_FIELD_NAME_UNSPECIFIED"}' localhost:8080 zitadel.action.v2beta.ActionService.ListTargets
# ❌ Sorts by ID
grpcurl -plaintext -H "Authorization: Bearer ${ZITADEL_ACCESS_TOKEN}" -d '{"sortingColumn": 0}' localhost:8080 zitadel.action.v2beta.ActionService.ListTargets
# ✅ Sorts by creation date
grpcurl -plaintext -H "Authorization: Bearer ${ZITADEL_ACCESS_TOKEN}" localhost:8080 zitadel.action.v2beta.ActionService.ListTargets
```

# How the Problems Are Solved

`action.TargetFieldName_TARGET_FIELD_NAME_UNSPECIFIED` maps to the
sorting column `query.TargetColumnCreationDate`.

# Additional Context

As IDs are also generated in ascending, like creation dates, the the bug
probably only causes unexpected behavior for cases, where the ID is
specified during target or execution creation. This is currently not
supported, so this bug probably has no impact at all. It doesn't need to
be backported.

Found during implementation of #9763

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 internal/api/grpc/action/v2beta/query.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/api/grpc/action/v2beta/query.go b/internal/api/grpc/action/v2beta/query.go
index 66bafa4e7d..1dbe80a8f7 100644
--- a/internal/api/grpc/action/v2beta/query.go
+++ b/internal/api/grpc/action/v2beta/query.go
@@ -164,7 +164,7 @@ func targetFieldNameToSortingColumn(field *action.TargetFieldName) query.Column
 	}
 	switch *field {
 	case action.TargetFieldName_TARGET_FIELD_NAME_UNSPECIFIED:
-		return query.TargetColumnID
+		return query.TargetColumnCreationDate
 	case action.TargetFieldName_TARGET_FIELD_NAME_ID:
 		return query.TargetColumnID
 	case action.TargetFieldName_TARGET_FIELD_NAME_CREATED_DATE:
@@ -193,7 +193,7 @@ func executionFieldNameToSortingColumn(field *action.ExecutionFieldName) query.C
 	}
 	switch *field {
 	case action.ExecutionFieldName_EXECUTION_FIELD_NAME_UNSPECIFIED:
-		return query.ExecutionColumnID
+		return query.ExecutionColumnCreationDate
 	case action.ExecutionFieldName_EXECUTION_FIELD_NAME_ID:
 		return query.ExecutionColumnID
 	case action.ExecutionFieldName_EXECUTION_FIELD_NAME_CREATED_DATE:

From bb56b362a755b5e07dfd364db59e1c02cd21690e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Fri, 2 May 2025 13:40:22 +0200
Subject: [PATCH 036/123] perf(eventstore): add instance position index (#9837)

# Which Problems Are Solved

Some projection queries took a long time to run. It seems that 1 or more
queries couldn't make proper use of the `es_projection` index. This
might be because of a specific complexity aggregate_type and event_type
arguments, making the index unfeasible for postgres.

# How the Problems Are Solved

Following the index recommendation, add and index that covers just
instance_id and position.

# Additional Changes

- none

# Additional Context

- Related to https://github.com/zitadel/zitadel/issues/9832
---
 cmd/setup/54.go  | 27 +++++++++++++++++++++++++++
 cmd/setup/54.sql |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 cmd/setup/54.go
 create mode 100644 cmd/setup/54.sql

diff --git a/cmd/setup/54.go b/cmd/setup/54.go
new file mode 100644
index 0000000000..3dd2f60abe
--- /dev/null
+++ b/cmd/setup/54.go
@@ -0,0 +1,27 @@
+package setup
+
+import (
+	"context"
+	_ "embed"
+
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/eventstore"
+)
+
+var (
+	//go:embed 54.sql
+	instancePositionIndex string
+)
+
+type InstancePositionIndex struct {
+	dbClient *database.DB
+}
+
+func (mig *InstancePositionIndex) Execute(ctx context.Context, _ eventstore.Event) error {
+	_, err := mig.dbClient.ExecContext(ctx, instancePositionIndex)
+	return err
+}
+
+func (mig *InstancePositionIndex) String() string {
+	return "54_instance_position_index"
+}
diff --git a/cmd/setup/54.sql b/cmd/setup/54.sql
new file mode 100644
index 0000000000..1dca8c7575
--- /dev/null
+++ b/cmd/setup/54.sql
@@ -0,0 +1 @@
+CREATE INDEX CONCURRENTLY IF NOT EXISTS es_instance_position ON eventstore.events2 (instance_id, position);

From b1e60e7398d677f08b06fd7715227f70b7ca1162 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Fri, 2 May 2025 13:44:24 +0200
Subject: [PATCH 037/123] Merge commit from fork

* fix: prevent intent token reuse and add expiry

* fix duplicate

* fix expiration
---
 cmd/defaults.yaml                             |   3 +
 .../v2/integration_test/session_test.go       |  80 +++++++++++-
 .../v2beta/integration_test/session_test.go   |  80 +++++++++++-
 .../user/v2/integration_test/user_test.go     |  52 ++++++--
 internal/api/grpc/user/v2/intent.go           |  17 ++-
 .../user/v2beta/integration_test/user_test.go |  52 ++++++--
 internal/api/grpc/user/v2beta/user.go         |  12 +-
 internal/api/idp/idp.go                       |   2 +-
 internal/api/idp/idp_test.go                  |  38 +++---
 internal/command/command.go                   |   2 +
 internal/command/idp_intent.go                |  20 ++-
 internal/command/idp_intent_model.go          |  29 ++++-
 internal/command/idp_intent_test.go           |  56 ++++++---
 internal/command/session.go                   |  51 ++++----
 internal/command/session_test.go              | 114 +++++++++++++++++-
 .../config/systemdefaults/system_defaults.go  |  19 +--
 internal/domain/idp.go                        |   1 +
 internal/idp/providers/apple/session.go       |   2 +
 internal/idp/providers/azuread/session.go     |  10 ++
 internal/idp/providers/jwt/session.go         |   7 ++
 internal/idp/providers/ldap/session.go        |   4 +
 internal/idp/providers/oauth/session.go       |   8 ++
 internal/idp/providers/oidc/session.go        |   8 ++
 internal/idp/providers/saml/session.go        |   8 ++
 internal/idp/session.go                       |   2 +
 internal/integration/client.go                |  17 +++
 internal/integration/sink/server.go           |  42 +++++--
 internal/repository/idpintent/eventstore.go   |   1 +
 internal/repository/idpintent/intent.go       |  40 ++++++
 internal/static/i18n/bg.yaml                  |   1 +
 internal/static/i18n/cs.yaml                  |   1 +
 internal/static/i18n/de.yaml                  |   1 +
 internal/static/i18n/en.yaml                  |   1 +
 internal/static/i18n/es.yaml                  |   1 +
 internal/static/i18n/fr.yaml                  |   1 +
 internal/static/i18n/hu.yaml                  |   1 +
 internal/static/i18n/id.yaml                  |   1 +
 internal/static/i18n/it.yaml                  |   1 +
 internal/static/i18n/ja.yaml                  |   1 +
 internal/static/i18n/ko.yaml                  |   1 +
 internal/static/i18n/mk.yaml                  |   1 +
 internal/static/i18n/nl.yaml                  |   1 +
 internal/static/i18n/pl.yaml                  |   1 +
 internal/static/i18n/pt.yaml                  |   1 +
 internal/static/i18n/ro.yaml                  |   1 +
 internal/static/i18n/ru.yaml                  |   1 +
 internal/static/i18n/sv.yaml                  |   1 +
 internal/static/i18n/zh.yaml                  |   1 +
 48 files changed, 673 insertions(+), 123 deletions(-)

diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index 6ab01ab35b..0d71b4d817 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -735,6 +735,9 @@ SystemDefaults:
   DefaultQueryLimit: 100 # ZITADEL_SYSTEMDEFAULTS_DEFAULTQUERYLIMIT
   # MaxQueryLimit limits the number of items that can be queried in a single v3 API search request with explicitly passing a limit.
   MaxQueryLimit: 1000 # ZITADEL_SYSTEMDEFAULTS_MAXQUERYLIMIT
+  # The maximum duration of the IDP intent lifetime after which the IDP intent expires and can not be retrieved or used anymore.
+  # Note that this time is measured only after the IdP intent was successful and not after the IDP intent was created.
+  MaxIdPIntentLifetime: 1h # ZITADEL_SYSTEMDEFAULTS_MAXIDPINTENTLIFETIME
 
 Actions:
   HTTP:
diff --git a/internal/api/grpc/session/v2/integration_test/session_test.go b/internal/api/grpc/session/v2/integration_test/session_test.go
index b9a060c749..0982a56121 100644
--- a/internal/api/grpc/session/v2/integration_test/session_test.go
+++ b/internal/api/grpc/session/v2/integration_test/session_test.go
@@ -354,7 +354,7 @@ func TestServer_CreateSession_successfulIntent(t *testing.T) {
 	require.NoError(t, err)
 	verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
 
-	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId())
+	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId(), time.Now().Add(time.Hour))
 	require.NoError(t, err)
 	updateResp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
 		SessionId: createResp.GetSessionId(),
@@ -372,7 +372,7 @@ func TestServer_CreateSession_successfulIntent(t *testing.T) {
 func TestServer_CreateSession_successfulIntent_instant(t *testing.T) {
 	idpID := Instance.AddGenericOAuthProvider(IAMOwnerCTX, gofakeit.AppName()).GetId()
 
-	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId())
+	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId(), time.Now().Add(time.Hour))
 	require.NoError(t, err)
 	createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
 		Checks: &session.Checks{
@@ -396,7 +396,7 @@ func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) {
 
 	// successful intent without known / linked user
 	idpUserID := "id"
-	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, idpUserID, "")
+	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, idpUserID, "", time.Now().Add(time.Hour))
 
 	// link the user (with info from intent)
 	Instance.CreateUserIDPlink(CTX, User.GetUserId(), idpUserID, idpID, User.GetUserId())
@@ -447,6 +447,80 @@ func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
 	require.Error(t, err)
 }
 
+func TestServer_CreateSession_reuseIntent(t *testing.T) {
+	idpID := Instance.AddGenericOAuthProvider(IAMOwnerCTX, gofakeit.AppName()).GetId()
+	createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
+		Checks: &session.Checks{
+			User: &session.CheckUser{
+				Search: &session.CheckUser_UserId{
+					UserId: User.GetUserId(),
+				},
+			},
+		},
+	})
+	require.NoError(t, err)
+	verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
+
+	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId(), time.Now().Add(time.Hour))
+	require.NoError(t, err)
+	updateResp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
+		SessionId: createResp.GetSessionId(),
+		Checks: &session.Checks{
+			IdpIntent: &session.CheckIDPIntent{
+				IdpIntentId:    intentID,
+				IdpIntentToken: token,
+			},
+		},
+	})
+	require.NoError(t, err)
+	verifyCurrentSession(t, createResp.GetSessionId(), updateResp.GetSessionToken(), updateResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId(), wantUserFactor, wantIntentFactor)
+
+	// the reuse of the intent token is not allowed, not even on the same session
+	session2, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
+		SessionId: createResp.GetSessionId(),
+		Checks: &session.Checks{
+			IdpIntent: &session.CheckIDPIntent{
+				IdpIntentId:    intentID,
+				IdpIntentToken: token,
+			},
+		},
+	})
+	require.Error(t, err)
+	_ = session2
+}
+
+func TestServer_CreateSession_expiredIntent(t *testing.T) {
+	idpID := Instance.AddGenericOAuthProvider(IAMOwnerCTX, gofakeit.AppName()).GetId()
+	createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
+		Checks: &session.Checks{
+			User: &session.CheckUser{
+				Search: &session.CheckUser_UserId{
+					UserId: User.GetUserId(),
+				},
+			},
+		},
+	})
+	require.NoError(t, err)
+	verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
+
+	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId(), time.Now().Add(time.Second))
+	require.NoError(t, err)
+
+	// wait for the intent to expire
+	time.Sleep(2 * time.Second)
+
+	_, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
+		SessionId: createResp.GetSessionId(),
+		Checks: &session.Checks{
+			IdpIntent: &session.CheckIDPIntent{
+				IdpIntentId:    intentID,
+				IdpIntentToken: token,
+			},
+		},
+	})
+	require.Error(t, err)
+}
+
 func registerTOTP(ctx context.Context, t *testing.T, userID string) (secret string) {
 	resp, err := Instance.Client.UserV2.RegisterTOTP(ctx, &user.RegisterTOTPRequest{
 		UserId: userID,
diff --git a/internal/api/grpc/session/v2beta/integration_test/session_test.go b/internal/api/grpc/session/v2beta/integration_test/session_test.go
index d0fc1179ef..4c189e0f80 100644
--- a/internal/api/grpc/session/v2beta/integration_test/session_test.go
+++ b/internal/api/grpc/session/v2beta/integration_test/session_test.go
@@ -354,7 +354,7 @@ func TestServer_CreateSession_successfulIntent(t *testing.T) {
 	require.NoError(t, err)
 	verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
 
-	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId())
+	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId(), time.Now().Add(time.Hour))
 	require.NoError(t, err)
 	updateResp, err := Client.SetSession(CTX, &session.SetSessionRequest{
 		SessionId: createResp.GetSessionId(),
@@ -372,7 +372,7 @@ func TestServer_CreateSession_successfulIntent(t *testing.T) {
 func TestServer_CreateSession_successfulIntent_instant(t *testing.T) {
 	idpID := Instance.AddGenericOAuthProvider(IAMOwnerCTX, gofakeit.AppName()).GetId()
 
-	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId())
+	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId(), time.Now().Add(time.Hour))
 	require.NoError(t, err)
 	createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
 		Checks: &session.Checks{
@@ -396,7 +396,7 @@ func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) {
 
 	// successful intent without known / linked user
 	idpUserID := "id"
-	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId())
+	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId(), time.Now().Add(time.Hour))
 	require.NoError(t, err)
 
 	// link the user (with info from intent)
@@ -448,6 +448,80 @@ func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
 	require.Error(t, err)
 }
 
+func TestServer_CreateSession_reuseIntent(t *testing.T) {
+	idpID := Instance.AddGenericOAuthProvider(IAMOwnerCTX, gofakeit.AppName()).GetId()
+	createResp, err := Client.CreateSession(IAMOwnerCTX, &session.CreateSessionRequest{
+		Checks: &session.Checks{
+			User: &session.CheckUser{
+				Search: &session.CheckUser_UserId{
+					UserId: User.GetUserId(),
+				},
+			},
+		},
+	})
+	require.NoError(t, err)
+	verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
+
+	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId(), time.Now().Add(time.Hour))
+	require.NoError(t, err)
+	updateResp, err := Client.SetSession(IAMOwnerCTX, &session.SetSessionRequest{
+		SessionId: createResp.GetSessionId(),
+		Checks: &session.Checks{
+			IdpIntent: &session.CheckIDPIntent{
+				IdpIntentId:    intentID,
+				IdpIntentToken: token,
+			},
+		},
+	})
+	require.NoError(t, err)
+	verifyCurrentSession(t, createResp.GetSessionId(), updateResp.GetSessionToken(), updateResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId(), wantUserFactor, wantIntentFactor)
+
+	// the reuse of the intent token is not allowed, not even on the same session
+	session2, err := Client.SetSession(IAMOwnerCTX, &session.SetSessionRequest{
+		SessionId: createResp.GetSessionId(),
+		Checks: &session.Checks{
+			IdpIntent: &session.CheckIDPIntent{
+				IdpIntentId:    intentID,
+				IdpIntentToken: token,
+			},
+		},
+	})
+	require.Error(t, err)
+	_ = session2
+}
+
+func TestServer_CreateSession_expiredIntent(t *testing.T) {
+	idpID := Instance.AddGenericOAuthProvider(IAMOwnerCTX, gofakeit.AppName()).GetId()
+	createResp, err := Client.CreateSession(IAMOwnerCTX, &session.CreateSessionRequest{
+		Checks: &session.Checks{
+			User: &session.CheckUser{
+				Search: &session.CheckUser_UserId{
+					UserId: User.GetUserId(),
+				},
+			},
+		},
+	})
+	require.NoError(t, err)
+	verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
+
+	intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId(), time.Now().Add(time.Second))
+	require.NoError(t, err)
+
+	// wait for the intent to expire
+	time.Sleep(2 * time.Second)
+
+	_, err = Client.SetSession(IAMOwnerCTX, &session.SetSessionRequest{
+		SessionId: createResp.GetSessionId(),
+		Checks: &session.Checks{
+			IdpIntent: &session.CheckIDPIntent{
+				IdpIntentId:    intentID,
+				IdpIntentToken: token,
+			},
+		},
+	})
+	require.Error(t, err)
+}
+
 func registerTOTP(ctx context.Context, t *testing.T, userID string) (secret string) {
 	resp, err := Instance.Client.UserV2.RegisterTOTP(ctx, &user.RegisterTOTPRequest{
 		UserId: userID,
diff --git a/internal/api/grpc/user/v2/integration_test/user_test.go b/internal/api/grpc/user/v2/integration_test/user_test.go
index bf396fd25d..70e670bacc 100644
--- a/internal/api/grpc/user/v2/integration_test/user_test.go
+++ b/internal/api/grpc/user/v2/integration_test/user_test.go
@@ -2121,22 +2121,36 @@ func TestServer_RetrieveIdentityProviderIntent(t *testing.T) {
 	authURL, err := url.Parse(Instance.CreateIntent(CTX, oauthIdpID).GetAuthUrl())
 	require.NoError(t, err)
 	intentID := authURL.Query().Get("state")
+	expiry := time.Now().Add(1 * time.Hour)
+	expiryFormatted := expiry.Round(time.Millisecond).UTC().Format("2006-01-02T15:04:05.999Z07:00")
 
-	successfulID, token, changeDate, sequence, err := sink.SuccessfulOAuthIntent(Instance.ID(), oauthIdpID, "id", "")
+	intentUser := Instance.CreateHumanUser(IamCTX)
+	_, err = Instance.CreateUserIDPlink(IamCTX, intentUser.GetUserId(), "idpUserID", oauthIdpID, "username")
 	require.NoError(t, err)
-	successfulWithUserID, withUsertoken, withUserchangeDate, withUsersequence, err := sink.SuccessfulOAuthIntent(Instance.ID(), oauthIdpID, "id", "user")
+
+	successfulID, token, changeDate, sequence, err := sink.SuccessfulOAuthIntent(Instance.ID(), oauthIdpID, "id", "", expiry)
 	require.NoError(t, err)
-	oidcSuccessful, oidcToken, oidcChangeDate, oidcSequence, err := sink.SuccessfulOIDCIntent(Instance.ID(), oidcIdpID, "id", "")
+	successfulWithUserID, withUsertoken, withUserchangeDate, withUsersequence, err := sink.SuccessfulOAuthIntent(Instance.ID(), oauthIdpID, "id", "user", expiry)
 	require.NoError(t, err)
-	oidcSuccessfulWithUserID, oidcWithUserIDToken, oidcWithUserIDChangeDate, oidcWithUserIDSequence, err := sink.SuccessfulOIDCIntent(Instance.ID(), oidcIdpID, "id", "user")
+	successfulExpiredID, expiredToken, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), oauthIdpID, "id", "user", time.Now().Add(time.Second))
+	require.NoError(t, err)
+	// make sure the intent is expired
+	time.Sleep(2 * time.Second)
+	successfulConsumedID, consumedToken, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), oauthIdpID, "idpUserID", intentUser.GetUserId(), expiry)
+	require.NoError(t, err)
+	// make sure the intent is consumed
+	Instance.CreateIntentSession(t, IamCTX, intentUser.GetUserId(), successfulConsumedID, consumedToken)
+	oidcSuccessful, oidcToken, oidcChangeDate, oidcSequence, err := sink.SuccessfulOIDCIntent(Instance.ID(), oidcIdpID, "id", "", expiry)
+	require.NoError(t, err)
+	oidcSuccessfulWithUserID, oidcWithUserIDToken, oidcWithUserIDChangeDate, oidcWithUserIDSequence, err := sink.SuccessfulOIDCIntent(Instance.ID(), oidcIdpID, "id", "user", expiry)
 	require.NoError(t, err)
 	ldapSuccessfulID, ldapToken, ldapChangeDate, ldapSequence, err := sink.SuccessfulLDAPIntent(Instance.ID(), ldapIdpID, "id", "")
 	require.NoError(t, err)
 	ldapSuccessfulWithUserID, ldapWithUserToken, ldapWithUserChangeDate, ldapWithUserSequence, err := sink.SuccessfulLDAPIntent(Instance.ID(), ldapIdpID, "id", "user")
 	require.NoError(t, err)
-	samlSuccessfulID, samlToken, samlChangeDate, samlSequence, err := sink.SuccessfulSAMLIntent(Instance.ID(), samlIdpID, "id", "")
+	samlSuccessfulID, samlToken, samlChangeDate, samlSequence, err := sink.SuccessfulSAMLIntent(Instance.ID(), samlIdpID, "id", "", expiry)
 	require.NoError(t, err)
-	samlSuccessfulWithUserID, samlWithUserToken, samlWithUserChangeDate, samlWithUserSequence, err := sink.SuccessfulSAMLIntent(Instance.ID(), samlIdpID, "id", "user")
+	samlSuccessfulWithUserID, samlWithUserToken, samlWithUserChangeDate, samlWithUserSequence, err := sink.SuccessfulSAMLIntent(Instance.ID(), samlIdpID, "id", "user", expiry)
 	require.NoError(t, err)
 	type args struct {
 		ctx context.Context
@@ -2260,6 +2274,28 @@ func TestServer_RetrieveIdentityProviderIntent(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			name: "retrieve successful expired intent",
+			args: args{
+				CTX,
+				&user.RetrieveIdentityProviderIntentRequest{
+					IdpIntentId:    successfulExpiredID,
+					IdpIntentToken: expiredToken,
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "retrieve successful consumed intent",
+			args: args{
+				CTX,
+				&user.RetrieveIdentityProviderIntentRequest{
+					IdpIntentId:    successfulConsumedID,
+					IdpIntentToken: consumedToken,
+				},
+			},
+			wantErr: true,
+		},
 		{
 			name: "retrieve successful oidc intent",
 			args: args{
@@ -2469,7 +2505,7 @@ func TestServer_RetrieveIdentityProviderIntent(t *testing.T) {
 				IdpInformation: &user.IDPInformation{
 					Access: &user.IDPInformation_Saml{
 						Saml: &user.IDPSAMLAccessInformation{
-							Assertion: []byte("<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"id\" IssueInstant=\"0001-01-01T00:00:00Z\" Version=\"\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" NameQualifier=\"\" SPNameQualifier=\"\" Format=\"\" SPProvidedID=\"\"></Issuer></Assertion>"),
+							Assertion: []byte(fmt.Sprintf(`<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="id" IssueInstant="0001-01-01T00:00:00Z" Version=""><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion" NameQualifier="" SPNameQualifier="" Format="" SPProvidedID=""></Issuer><Conditions NotBefore="0001-01-01T00:00:00Z" NotOnOrAfter="%s"></Conditions></Assertion>`, expiryFormatted)),
 						},
 					},
 					IdpId:    samlIdpID,
@@ -2518,7 +2554,7 @@ func TestServer_RetrieveIdentityProviderIntent(t *testing.T) {
 				IdpInformation: &user.IDPInformation{
 					Access: &user.IDPInformation_Saml{
 						Saml: &user.IDPSAMLAccessInformation{
-							Assertion: []byte("<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"id\" IssueInstant=\"0001-01-01T00:00:00Z\" Version=\"\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" NameQualifier=\"\" SPNameQualifier=\"\" Format=\"\" SPProvidedID=\"\"></Issuer></Assertion>"),
+							Assertion: []byte(fmt.Sprintf(`<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="id" IssueInstant="0001-01-01T00:00:00Z" Version=""><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion" NameQualifier="" SPNameQualifier="" Format="" SPProvidedID=""></Issuer><Conditions NotBefore="0001-01-01T00:00:00Z" NotOnOrAfter="%s"></Conditions></Assertion>`, expiryFormatted)),
 						},
 					},
 					IdpId:    samlIdpID,
diff --git a/internal/api/grpc/user/v2/intent.go b/internal/api/grpc/user/v2/intent.go
index 06966edb35..8043a9bdae 100644
--- a/internal/api/grpc/user/v2/intent.go
+++ b/internal/api/grpc/user/v2/intent.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"time"
 
 	oidc_pkg "github.com/zitadel/oidc/v3/pkg/oidc"
 	"google.golang.org/protobuf/types/known/structpb"
@@ -71,14 +72,14 @@ func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredenti
 	if err != nil {
 		return nil, err
 	}
-	externalUser, userID, attributes, err := s.ldapLogin(ctx, intentWriteModel.IDPID, ldapCredentials.GetUsername(), ldapCredentials.GetPassword())
+	externalUser, userID, session, err := s.ldapLogin(ctx, intentWriteModel.IDPID, ldapCredentials.GetUsername(), ldapCredentials.GetPassword())
 	if err != nil {
 		if err := s.command.FailIDPIntent(ctx, intentWriteModel, err.Error()); err != nil {
 			return nil, err
 		}
 		return nil, err
 	}
-	token, err := s.command.SucceedLDAPIDPIntent(ctx, intentWriteModel, externalUser, userID, attributes)
+	token, err := s.command.SucceedLDAPIDPIntent(ctx, intentWriteModel, externalUser, userID, session)
 	if err != nil {
 		return nil, err
 	}
@@ -116,7 +117,7 @@ func (s *Server) checkLinkedExternalUser(ctx context.Context, idpID, externalUse
 	return "", nil
 }
 
-func (s *Server) ldapLogin(ctx context.Context, idpID, username, password string) (idp.User, string, map[string][]string, error) {
+func (s *Server) ldapLogin(ctx context.Context, idpID, username, password string) (idp.User, string, *ldap.Session, error) {
 	provider, err := s.command.GetProvider(ctx, idpID, "", "")
 	if err != nil {
 		return nil, "", nil, err
@@ -137,12 +138,7 @@ func (s *Server) ldapLogin(ctx context.Context, idpID, username, password string
 	if err != nil {
 		return nil, "", nil, err
 	}
-
-	attributes := make(map[string][]string, 0)
-	for _, item := range session.Entry.Attributes {
-		attributes[item.Name] = item.Values
-	}
-	return externalUser, userID, attributes, nil
+	return externalUser, userID, session, nil
 }
 
 func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.RetrieveIdentityProviderIntentRequest) (_ *user.RetrieveIdentityProviderIntentResponse, err error) {
@@ -156,6 +152,9 @@ func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.R
 	if intent.State != domain.IDPIntentStateSucceeded {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-nme4gszsvx", "Errors.Intent.NotSucceeded")
 	}
+	if time.Now().After(intent.ExpiresAt()) {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-SAf42", "Errors.Intent.Expired")
+	}
 	idpIntent, err := idpIntentToIDPIntentPb(intent, s.idpAlg)
 	if err != nil {
 		return nil, err
diff --git a/internal/api/grpc/user/v2beta/integration_test/user_test.go b/internal/api/grpc/user/v2beta/integration_test/user_test.go
index a81de58761..a5a1309d1a 100644
--- a/internal/api/grpc/user/v2beta/integration_test/user_test.go
+++ b/internal/api/grpc/user/v2beta/integration_test/user_test.go
@@ -2153,22 +2153,36 @@ func TestServer_RetrieveIdentityProviderIntent(t *testing.T) {
 	authURL, err := url.Parse(Instance.CreateIntent(CTX, oauthIdpID).GetAuthUrl())
 	require.NoError(t, err)
 	intentID := authURL.Query().Get("state")
+	expiry := time.Now().Add(1 * time.Hour)
+	expiryFormatted := expiry.Round(time.Millisecond).UTC().Format("2006-01-02T15:04:05.999Z07:00")
 
-	successfulID, token, changeDate, sequence, err := sink.SuccessfulOAuthIntent(Instance.ID(), oauthIdpID, "id", "")
+	intentUser := Instance.CreateHumanUser(IamCTX)
+	_, err = Instance.CreateUserIDPlink(IamCTX, intentUser.GetUserId(), "idpUserID", oauthIdpID, "username")
 	require.NoError(t, err)
-	successfulWithUserID, withUsertoken, withUserchangeDate, withUsersequence, err := sink.SuccessfulOAuthIntent(Instance.ID(), oauthIdpID, "id", "user")
+
+	successfulID, token, changeDate, sequence, err := sink.SuccessfulOAuthIntent(Instance.ID(), oauthIdpID, "id", "", expiry)
 	require.NoError(t, err)
-	oidcSuccessful, oidcToken, oidcChangeDate, oidcSequence, err := sink.SuccessfulOIDCIntent(Instance.ID(), oidcIdpID, "id", "")
+	successfulWithUserID, withUsertoken, withUserchangeDate, withUsersequence, err := sink.SuccessfulOAuthIntent(Instance.ID(), oauthIdpID, "id", "user", expiry)
 	require.NoError(t, err)
-	oidcSuccessfulWithUserID, oidcWithUserIDToken, oidcWithUserIDChangeDate, oidcWithUserIDSequence, err := sink.SuccessfulOIDCIntent(Instance.ID(), oidcIdpID, "id", "user")
+	successfulExpiredID, expiredToken, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), oauthIdpID, "id", "user", time.Now().Add(time.Second))
+	require.NoError(t, err)
+	// make sure the intent is expired
+	time.Sleep(2 * time.Second)
+	successfulConsumedID, consumedToken, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), oauthIdpID, "idpUserID", intentUser.GetUserId(), expiry)
+	require.NoError(t, err)
+	// make sure the intent is consumed
+	Instance.CreateIntentSession(t, IamCTX, intentUser.GetUserId(), successfulConsumedID, consumedToken)
+	oidcSuccessful, oidcToken, oidcChangeDate, oidcSequence, err := sink.SuccessfulOIDCIntent(Instance.ID(), oidcIdpID, "id", "", expiry)
+	require.NoError(t, err)
+	oidcSuccessfulWithUserID, oidcWithUserIDToken, oidcWithUserIDChangeDate, oidcWithUserIDSequence, err := sink.SuccessfulOIDCIntent(Instance.ID(), oidcIdpID, "id", "user", expiry)
 	require.NoError(t, err)
 	ldapSuccessfulID, ldapToken, ldapChangeDate, ldapSequence, err := sink.SuccessfulLDAPIntent(Instance.ID(), ldapIdpID, "id", "")
 	require.NoError(t, err)
 	ldapSuccessfulWithUserID, ldapWithUserToken, ldapWithUserChangeDate, ldapWithUserSequence, err := sink.SuccessfulLDAPIntent(Instance.ID(), ldapIdpID, "id", "user")
 	require.NoError(t, err)
-	samlSuccessfulID, samlToken, samlChangeDate, samlSequence, err := sink.SuccessfulSAMLIntent(Instance.ID(), samlIdpID, "id", "")
+	samlSuccessfulID, samlToken, samlChangeDate, samlSequence, err := sink.SuccessfulSAMLIntent(Instance.ID(), samlIdpID, "id", "", expiry)
 	require.NoError(t, err)
-	samlSuccessfulWithUserID, samlWithUserToken, samlWithUserChangeDate, samlWithUserSequence, err := sink.SuccessfulSAMLIntent(Instance.ID(), samlIdpID, "id", "user")
+	samlSuccessfulWithUserID, samlWithUserToken, samlWithUserChangeDate, samlWithUserSequence, err := sink.SuccessfulSAMLIntent(Instance.ID(), samlIdpID, "id", "user", expiry)
 	require.NoError(t, err)
 	type args struct {
 		ctx context.Context
@@ -2281,6 +2295,28 @@ func TestServer_RetrieveIdentityProviderIntent(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			name: "retrieve successful expired intent",
+			args: args{
+				CTX,
+				&user.RetrieveIdentityProviderIntentRequest{
+					IdpIntentId:    successfulExpiredID,
+					IdpIntentToken: expiredToken,
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "retrieve successful consumed intent",
+			args: args{
+				CTX,
+				&user.RetrieveIdentityProviderIntentRequest{
+					IdpIntentId:    successfulConsumedID,
+					IdpIntentToken: consumedToken,
+				},
+			},
+			wantErr: true,
+		},
 		{
 			name: "retrieve successful oidc intent",
 			args: args{
@@ -2466,7 +2502,7 @@ func TestServer_RetrieveIdentityProviderIntent(t *testing.T) {
 				IdpInformation: &user.IDPInformation{
 					Access: &user.IDPInformation_Saml{
 						Saml: &user.IDPSAMLAccessInformation{
-							Assertion: []byte("<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"id\" IssueInstant=\"0001-01-01T00:00:00Z\" Version=\"\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" NameQualifier=\"\" SPNameQualifier=\"\" Format=\"\" SPProvidedID=\"\"></Issuer></Assertion>"),
+							Assertion: []byte(fmt.Sprintf(`<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="id" IssueInstant="0001-01-01T00:00:00Z" Version=""><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion" NameQualifier="" SPNameQualifier="" Format="" SPProvidedID=""></Issuer><Conditions NotBefore="0001-01-01T00:00:00Z" NotOnOrAfter="%s"></Conditions></Assertion>`, expiryFormatted)),
 						},
 					},
 					IdpId:    samlIdpID,
@@ -2504,7 +2540,7 @@ func TestServer_RetrieveIdentityProviderIntent(t *testing.T) {
 				IdpInformation: &user.IDPInformation{
 					Access: &user.IDPInformation_Saml{
 						Saml: &user.IDPSAMLAccessInformation{
-							Assertion: []byte("<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"id\" IssueInstant=\"0001-01-01T00:00:00Z\" Version=\"\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" NameQualifier=\"\" SPNameQualifier=\"\" Format=\"\" SPProvidedID=\"\"></Issuer></Assertion>"),
+							Assertion: []byte(fmt.Sprintf(`<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="id" IssueInstant="0001-01-01T00:00:00Z" Version=""><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion" NameQualifier="" SPNameQualifier="" Format="" SPProvidedID=""></Issuer><Conditions NotBefore="0001-01-01T00:00:00Z" NotOnOrAfter="%s"></Conditions></Assertion>`, expiryFormatted)),
 						},
 					},
 					IdpId:    samlIdpID,
diff --git a/internal/api/grpc/user/v2beta/user.go b/internal/api/grpc/user/v2beta/user.go
index cf6dfa6304..93afbde0aa 100644
--- a/internal/api/grpc/user/v2beta/user.go
+++ b/internal/api/grpc/user/v2beta/user.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"io"
+	"time"
 
 	"golang.org/x/text/language"
 	"google.golang.org/protobuf/types/known/structpb"
@@ -399,14 +400,14 @@ func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredenti
 	if err != nil {
 		return nil, err
 	}
-	externalUser, userID, attributes, err := s.ldapLogin(ctx, intentWriteModel.IDPID, ldapCredentials.GetUsername(), ldapCredentials.GetPassword())
+	externalUser, userID, session, err := s.ldapLogin(ctx, intentWriteModel.IDPID, ldapCredentials.GetUsername(), ldapCredentials.GetPassword())
 	if err != nil {
 		if err := s.command.FailIDPIntent(ctx, intentWriteModel, err.Error()); err != nil {
 			return nil, err
 		}
 		return nil, err
 	}
-	token, err := s.command.SucceedLDAPIDPIntent(ctx, intentWriteModel, externalUser, userID, attributes)
+	token, err := s.command.SucceedLDAPIDPIntent(ctx, intentWriteModel, externalUser, userID, session)
 	if err != nil {
 		return nil, err
 	}
@@ -444,7 +445,7 @@ func (s *Server) checkLinkedExternalUser(ctx context.Context, idpID, externalUse
 	return "", nil
 }
 
-func (s *Server) ldapLogin(ctx context.Context, idpID, username, password string) (idp.User, string, map[string][]string, error) {
+func (s *Server) ldapLogin(ctx context.Context, idpID, username, password string) (idp.User, string, *ldap.Session, error) {
 	provider, err := s.command.GetProvider(ctx, idpID, "", "")
 	if err != nil {
 		return nil, "", nil, err
@@ -470,7 +471,7 @@ func (s *Server) ldapLogin(ctx context.Context, idpID, username, password string
 	for _, item := range session.Entry.Attributes {
 		attributes[item.Name] = item.Values
 	}
-	return externalUser, userID, attributes, nil
+	return externalUser, userID, session, nil
 }
 
 func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.RetrieveIdentityProviderIntentRequest) (_ *user.RetrieveIdentityProviderIntentResponse, err error) {
@@ -484,6 +485,9 @@ func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.R
 	if intent.State != domain.IDPIntentStateSucceeded {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-nme4gszsvx", "Errors.Intent.NotSucceeded")
 	}
+	if time.Now().After(intent.ExpiresAt()) {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "IDP-Afb2s", "Errors.Intent.Expired")
+	}
 	return idpIntentToIDPIntentPb(intent, s.idpAlg)
 }
 
diff --git a/internal/api/idp/idp.go b/internal/api/idp/idp.go
index c3e9586a59..ebf904a395 100644
--- a/internal/api/idp/idp.go
+++ b/internal/api/idp/idp.go
@@ -287,7 +287,7 @@ func (h *Handler) handleACS(w http.ResponseWriter, r *http.Request) {
 	userID, err := h.checkExternalUser(ctx, intent.IDPID, idpUser.GetID())
 	logging.WithFields("intent", intent.AggregateID).OnError(err).Error("could not check if idp user already exists")
 
-	token, err := h.commands.SucceedSAMLIDPIntent(ctx, intent, idpUser, userID, session.Assertion)
+	token, err := h.commands.SucceedSAMLIDPIntent(ctx, intent, idpUser, userID, session)
 	if err != nil {
 		redirectToFailureURLErr(w, r, intent, zerrors.ThrowInternal(err, "IDP-JdD3g", "Errors.Intent.TokenCreationFailed"))
 		return
diff --git a/internal/api/idp/idp_test.go b/internal/api/idp/idp_test.go
index 6804a035af..2f64f598a9 100644
--- a/internal/api/idp/idp_test.go
+++ b/internal/api/idp/idp_test.go
@@ -4,6 +4,7 @@ import (
 	"net/http/httptest"
 	"net/url"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/assert"
 
@@ -14,11 +15,12 @@ import (
 
 func Test_redirectToSuccessURL(t *testing.T) {
 	type args struct {
-		id         string
-		userID     string
-		token      string
-		failureURL string
-		successURL string
+		id                   string
+		userID               string
+		token                string
+		failureURL           string
+		successURL           string
+		maxIdPIntentLifetime time.Duration
 	}
 	type res struct {
 		want string
@@ -59,7 +61,7 @@ func Test_redirectToSuccessURL(t *testing.T) {
 			req := httptest.NewRequest("GET", "http://example.com", nil)
 			resp := httptest.NewRecorder()
 
-			wm := command.NewIDPIntentWriteModel(tt.args.id, tt.args.id)
+			wm := command.NewIDPIntentWriteModel(tt.args.id, tt.args.id, tt.args.maxIdPIntentLifetime)
 			wm.FailureURL, _ = url.Parse(tt.args.failureURL)
 			wm.SuccessURL, _ = url.Parse(tt.args.successURL)
 
@@ -71,11 +73,12 @@ func Test_redirectToSuccessURL(t *testing.T) {
 
 func Test_redirectToFailureURL(t *testing.T) {
 	type args struct {
-		id         string
-		failureURL string
-		successURL string
-		err        string
-		desc       string
+		id                   string
+		failureURL           string
+		successURL           string
+		err                  string
+		desc                 string
+		maxIdPIntentLifetime time.Duration
 	}
 	type res struct {
 		want string
@@ -115,7 +118,7 @@ func Test_redirectToFailureURL(t *testing.T) {
 			req := httptest.NewRequest("GET", "http://example.com", nil)
 			resp := httptest.NewRecorder()
 
-			wm := command.NewIDPIntentWriteModel(tt.args.id, tt.args.id)
+			wm := command.NewIDPIntentWriteModel(tt.args.id, tt.args.id, tt.args.maxIdPIntentLifetime)
 			wm.FailureURL, _ = url.Parse(tt.args.failureURL)
 			wm.SuccessURL, _ = url.Parse(tt.args.successURL)
 
@@ -127,10 +130,11 @@ func Test_redirectToFailureURL(t *testing.T) {
 
 func Test_redirectToFailureURLErr(t *testing.T) {
 	type args struct {
-		id         string
-		failureURL string
-		successURL string
-		err        error
+		id                   string
+		failureURL           string
+		successURL           string
+		err                  error
+		maxIdPIntentLifetime time.Duration
 	}
 	type res struct {
 		want string
@@ -158,7 +162,7 @@ func Test_redirectToFailureURLErr(t *testing.T) {
 			req := httptest.NewRequest("GET", "http://example.com", nil)
 			resp := httptest.NewRecorder()
 
-			wm := command.NewIDPIntentWriteModel(tt.args.id, tt.args.id)
+			wm := command.NewIDPIntentWriteModel(tt.args.id, tt.args.id, tt.args.maxIdPIntentLifetime)
 			wm.FailureURL, _ = url.Parse(tt.args.failureURL)
 			wm.SuccessURL, _ = url.Parse(tt.args.successURL)
 
diff --git a/internal/command/command.go b/internal/command/command.go
index b0e67ad52e..64b7b53b67 100644
--- a/internal/command/command.go
+++ b/internal/command/command.go
@@ -81,6 +81,7 @@ type Commands struct {
 	publicKeyLifetime       time.Duration
 	certificateLifetime     time.Duration
 	defaultSecretGenerators *SecretGenerators
+	maxIdPIntentLifetime    time.Duration
 
 	samlCertificateAndKeyGenerator func(id string) ([]byte, []byte, error)
 	webKeyGenerator                func(keyID string, alg crypto.EncryptionAlgorithm, genConfig crypto.WebKeyConfig) (encryptedPrivate *crypto.CryptoValue, public *jose.JSONWebKey, err error)
@@ -152,6 +153,7 @@ func StartCommands(
 		privateKeyLifetime:              defaults.KeyConfig.PrivateKeyLifetime,
 		publicKeyLifetime:               defaults.KeyConfig.PublicKeyLifetime,
 		certificateLifetime:             defaults.KeyConfig.CertificateLifetime,
+		maxIdPIntentLifetime:            defaults.MaxIdPIntentLifetime,
 		idpConfigEncryption:             idpConfigEncryption,
 		smtpEncryption:                  smtpEncryption,
 		smsEncryption:                   smsEncryption,
diff --git a/internal/command/idp_intent.go b/internal/command/idp_intent.go
index 3cd9991679..9690117edd 100644
--- a/internal/command/idp_intent.go
+++ b/internal/command/idp_intent.go
@@ -7,7 +7,6 @@ import (
 	"encoding/xml"
 	"net/url"
 
-	"github.com/crewjam/saml"
 	"github.com/crewjam/saml/samlsp"
 	"github.com/zitadel/oidc/v3/pkg/oidc"
 
@@ -19,8 +18,10 @@ import (
 	"github.com/zitadel/zitadel/internal/idp/providers/apple"
 	"github.com/zitadel/zitadel/internal/idp/providers/azuread"
 	"github.com/zitadel/zitadel/internal/idp/providers/jwt"
+	"github.com/zitadel/zitadel/internal/idp/providers/ldap"
 	"github.com/zitadel/zitadel/internal/idp/providers/oauth"
 	openid "github.com/zitadel/zitadel/internal/idp/providers/oidc"
+	"github.com/zitadel/zitadel/internal/idp/providers/saml"
 	"github.com/zitadel/zitadel/internal/repository/idpintent"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
@@ -68,7 +69,7 @@ func (c *Commands) CreateIntent(ctx context.Context, intentID, idpID, successURL
 			return nil, nil, err
 		}
 	}
-	writeModel := NewIDPIntentWriteModel(intentID, resourceOwner)
+	writeModel := NewIDPIntentWriteModel(intentID, resourceOwner, c.maxIdPIntentLifetime)
 
 	//nolint: staticcheck
 	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareCreateIntent(writeModel, idpID, successURL, failureURL, idpArguments))
@@ -180,6 +181,7 @@ func (c *Commands) SucceedIDPIntent(ctx context.Context, writeModel *IDPIntentWr
 		userID,
 		accessToken,
 		idToken,
+		idpSession.ExpiresAt(),
 	)
 	err = c.pushAppendAndReduce(ctx, writeModel, cmd)
 	if err != nil {
@@ -188,7 +190,7 @@ func (c *Commands) SucceedIDPIntent(ctx context.Context, writeModel *IDPIntentWr
 	return token, nil
 }
 
-func (c *Commands) SucceedSAMLIDPIntent(ctx context.Context, writeModel *IDPIntentWriteModel, idpUser idp.User, userID string, assertion *saml.Assertion) (string, error) {
+func (c *Commands) SucceedSAMLIDPIntent(ctx context.Context, writeModel *IDPIntentWriteModel, idpUser idp.User, userID string, session *saml.Session) (string, error) {
 	token, err := c.generateIntentToken(writeModel.AggregateID)
 	if err != nil {
 		return "", err
@@ -197,7 +199,7 @@ func (c *Commands) SucceedSAMLIDPIntent(ctx context.Context, writeModel *IDPInte
 	if err != nil {
 		return "", err
 	}
-	assertionData, err := xml.Marshal(assertion)
+	assertionData, err := xml.Marshal(session.Assertion)
 	if err != nil {
 		return "", err
 	}
@@ -213,6 +215,7 @@ func (c *Commands) SucceedSAMLIDPIntent(ctx context.Context, writeModel *IDPInte
 		idpUser.GetPreferredUsername(),
 		userID,
 		assertionEnc,
+		session.ExpiresAt(),
 	)
 	err = c.pushAppendAndReduce(ctx, writeModel, cmd)
 	if err != nil {
@@ -237,7 +240,7 @@ func (c *Commands) generateIntentToken(intentID string) (string, error) {
 	return base64.RawURLEncoding.EncodeToString(token), nil
 }
 
-func (c *Commands) SucceedLDAPIDPIntent(ctx context.Context, writeModel *IDPIntentWriteModel, idpUser idp.User, userID string, attributes map[string][]string) (string, error) {
+func (c *Commands) SucceedLDAPIDPIntent(ctx context.Context, writeModel *IDPIntentWriteModel, idpUser idp.User, userID string, session *ldap.Session) (string, error) {
 	token, err := c.generateIntentToken(writeModel.AggregateID)
 	if err != nil {
 		return "", err
@@ -246,6 +249,10 @@ func (c *Commands) SucceedLDAPIDPIntent(ctx context.Context, writeModel *IDPInte
 	if err != nil {
 		return "", err
 	}
+	attributes := make(map[string][]string, len(session.Entry.Attributes))
+	for _, item := range session.Entry.Attributes {
+		attributes[item.Name] = item.Values
+	}
 	cmd := idpintent.NewLDAPSucceededEvent(
 		ctx,
 		IDPIntentAggregateFromWriteModel(&writeModel.WriteModel),
@@ -254,6 +261,7 @@ func (c *Commands) SucceedLDAPIDPIntent(ctx context.Context, writeModel *IDPInte
 		idpUser.GetPreferredUsername(),
 		userID,
 		attributes,
+		session.ExpiresAt(),
 	)
 	err = c.pushAppendAndReduce(ctx, writeModel, cmd)
 	if err != nil {
@@ -273,7 +281,7 @@ func (c *Commands) FailIDPIntent(ctx context.Context, writeModel *IDPIntentWrite
 }
 
 func (c *Commands) GetIntentWriteModel(ctx context.Context, id, resourceOwner string) (*IDPIntentWriteModel, error) {
-	writeModel := NewIDPIntentWriteModel(id, resourceOwner)
+	writeModel := NewIDPIntentWriteModel(id, resourceOwner, c.maxIdPIntentLifetime)
 	err := c.eventstore.FilterToQueryReducer(ctx, writeModel)
 	if err != nil {
 		return nil, err
diff --git a/internal/command/idp_intent_model.go b/internal/command/idp_intent_model.go
index c6bc26ab06..07e0821813 100644
--- a/internal/command/idp_intent_model.go
+++ b/internal/command/idp_intent_model.go
@@ -2,6 +2,7 @@ package command
 
 import (
 	"net/url"
+	"time"
 
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
@@ -29,18 +30,29 @@ type IDPIntentWriteModel struct {
 	RequestID string
 	Assertion *crypto.CryptoValue
 
-	State domain.IDPIntentState
+	State                domain.IDPIntentState
+	succeededAt          time.Time
+	maxIdPIntentLifetime time.Duration
+	expiresAt            time.Time
 }
 
-func NewIDPIntentWriteModel(id, resourceOwner string) *IDPIntentWriteModel {
+func NewIDPIntentWriteModel(id, resourceOwner string, maxIdPIntentLifetime time.Duration) *IDPIntentWriteModel {
 	return &IDPIntentWriteModel{
 		WriteModel: eventstore.WriteModel{
 			AggregateID:   id,
 			ResourceOwner: resourceOwner,
 		},
+		maxIdPIntentLifetime: maxIdPIntentLifetime,
 	}
 }
 
+func (wm *IDPIntentWriteModel) ExpiresAt() time.Time {
+	if wm.expiresAt.IsZero() {
+		return wm.succeededAt.Add(wm.maxIdPIntentLifetime)
+	}
+	return wm.expiresAt
+}
+
 func (wm *IDPIntentWriteModel) Reduce() error {
 	for _, event := range wm.Events {
 		switch e := event.(type) {
@@ -56,6 +68,8 @@ func (wm *IDPIntentWriteModel) Reduce() error {
 			wm.reduceLDAPSucceededEvent(e)
 		case *idpintent.FailedEvent:
 			wm.reduceFailedEvent(e)
+		case *idpintent.ConsumedEvent:
+			wm.reduceConsumedEvent(e)
 		}
 	}
 	return wm.WriteModel.Reduce()
@@ -74,6 +88,7 @@ func (wm *IDPIntentWriteModel) Query() *eventstore.SearchQueryBuilder {
 			idpintent.SAMLRequestEventType,
 			idpintent.LDAPSucceededEventType,
 			idpintent.FailedEventType,
+			idpintent.ConsumedEventType,
 		).
 		Builder()
 }
@@ -93,6 +108,8 @@ func (wm *IDPIntentWriteModel) reduceSAMLSucceededEvent(e *idpintent.SAMLSucceed
 	wm.IDPUserName = e.IDPUserName
 	wm.Assertion = e.Assertion
 	wm.State = domain.IDPIntentStateSucceeded
+	wm.succeededAt = e.CreationDate()
+	wm.expiresAt = e.ExpiresAt
 }
 
 func (wm *IDPIntentWriteModel) reduceLDAPSucceededEvent(e *idpintent.LDAPSucceededEvent) {
@@ -102,6 +119,8 @@ func (wm *IDPIntentWriteModel) reduceLDAPSucceededEvent(e *idpintent.LDAPSucceed
 	wm.IDPUserName = e.IDPUserName
 	wm.IDPEntryAttributes = e.EntryAttributes
 	wm.State = domain.IDPIntentStateSucceeded
+	wm.succeededAt = e.CreationDate()
+	wm.expiresAt = e.ExpiresAt
 }
 
 func (wm *IDPIntentWriteModel) reduceOAuthSucceededEvent(e *idpintent.SucceededEvent) {
@@ -112,6 +131,8 @@ func (wm *IDPIntentWriteModel) reduceOAuthSucceededEvent(e *idpintent.SucceededE
 	wm.IDPAccessToken = e.IDPAccessToken
 	wm.IDPIDToken = e.IDPIDToken
 	wm.State = domain.IDPIntentStateSucceeded
+	wm.succeededAt = e.CreationDate()
+	wm.expiresAt = e.ExpiresAt
 }
 
 func (wm *IDPIntentWriteModel) reduceSAMLRequestEvent(e *idpintent.SAMLRequestEvent) {
@@ -122,6 +143,10 @@ func (wm *IDPIntentWriteModel) reduceFailedEvent(e *idpintent.FailedEvent) {
 	wm.State = domain.IDPIntentStateFailed
 }
 
+func (wm *IDPIntentWriteModel) reduceConsumedEvent(e *idpintent.ConsumedEvent) {
+	wm.State = domain.IDPIntentStateConsumed
+}
+
 func IDPIntentAggregateFromWriteModel(wm *eventstore.WriteModel) *eventstore.Aggregate {
 	return &eventstore.Aggregate{
 		Type:          idpintent.AggregateType,
diff --git a/internal/command/idp_intent_test.go b/internal/command/idp_intent_test.go
index 2400b9ee35..1be3971e87 100644
--- a/internal/command/idp_intent_test.go
+++ b/internal/command/idp_intent_test.go
@@ -4,8 +4,10 @@ import (
 	"context"
 	"net/url"
 	"testing"
+	"time"
 
-	"github.com/crewjam/saml"
+	crewjam_saml "github.com/crewjam/saml"
+	goldap "github.com/go-ldap/ldap/v3"
 	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -26,6 +28,7 @@ import (
 	"github.com/zitadel/zitadel/internal/idp/providers/ldap"
 	"github.com/zitadel/zitadel/internal/idp/providers/oauth"
 	openid "github.com/zitadel/zitadel/internal/idp/providers/oidc"
+	"github.com/zitadel/zitadel/internal/idp/providers/saml"
 	rep_idp "github.com/zitadel/zitadel/internal/repository/idp"
 	"github.com/zitadel/zitadel/internal/repository/idpintent"
 	"github.com/zitadel/zitadel/internal/repository/instance"
@@ -867,7 +870,7 @@ func TestCommands_SucceedIDPIntent(t *testing.T) {
 			},
 			args{
 				ctx:        context.Background(),
-				writeModel: NewIDPIntentWriteModel("id", "ro"),
+				writeModel: NewIDPIntentWriteModel("id", "ro", 0),
 			},
 			res{
 				err: zerrors.ThrowInternal(nil, "id", "encryption failed"),
@@ -888,7 +891,7 @@ func TestCommands_SucceedIDPIntent(t *testing.T) {
 			},
 			args{
 				ctx:        context.Background(),
-				writeModel: NewIDPIntentWriteModel("id", "ro"),
+				writeModel: NewIDPIntentWriteModel("id", "ro", 0),
 				idpSession: &oauth.Session{
 					Tokens: &oidc.Tokens[*oidc.IDTokenClaims]{
 						Token: &oauth2.Token{
@@ -922,6 +925,7 @@ func TestCommands_SucceedIDPIntent(t *testing.T) {
 									Crypted:    []byte("accessToken"),
 								},
 								"idToken",
+								time.Time{},
 							)
 							return event
 						}(),
@@ -930,7 +934,7 @@ func TestCommands_SucceedIDPIntent(t *testing.T) {
 			},
 			args{
 				ctx:        context.Background(),
-				writeModel: NewIDPIntentWriteModel("id", "instance"),
+				writeModel: NewIDPIntentWriteModel("id", "instance", 0),
 				idpSession: &openid.Session{
 					Tokens: &oidc.Tokens[*oidc.IDTokenClaims]{
 						Token: &oauth2.Token{
@@ -973,7 +977,7 @@ func TestCommands_SucceedSAMLIDPIntent(t *testing.T) {
 		ctx        context.Context
 		writeModel *IDPIntentWriteModel
 		idpUser    idp.User
-		assertion  *saml.Assertion
+		session    *saml.Session
 		userID     string
 	}
 	type res struct {
@@ -998,7 +1002,7 @@ func TestCommands_SucceedSAMLIDPIntent(t *testing.T) {
 			},
 			args{
 				ctx:        context.Background(),
-				writeModel: NewIDPIntentWriteModel("id", "ro"),
+				writeModel: NewIDPIntentWriteModel("id", "ro", 0),
 			},
 			res{
 				err: zerrors.ThrowInternal(nil, "id", "encryption failed"),
@@ -1023,14 +1027,17 @@ func TestCommands_SucceedSAMLIDPIntent(t *testing.T) {
 								KeyID:      "id",
 								Crypted:    []byte("<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"id\" IssueInstant=\"0001-01-01T00:00:00Z\" Version=\"\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" NameQualifier=\"\" SPNameQualifier=\"\" Format=\"\" SPProvidedID=\"\"></Issuer></Assertion>"),
 							},
+							time.Time{},
 						),
 					),
 				),
 			},
 			args{
 				ctx:        context.Background(),
-				writeModel: NewIDPIntentWriteModel("id", "instance"),
-				assertion:  &saml.Assertion{ID: "id"},
+				writeModel: NewIDPIntentWriteModel("id", "instance", 0),
+				session: &saml.Session{
+					Assertion: &crewjam_saml.Assertion{ID: "id"},
+				},
 				idpUser: openid.NewUser(&oidc.UserInfo{
 					Subject: "id",
 					UserInfoProfile: oidc.UserInfoProfile{
@@ -1061,14 +1068,17 @@ func TestCommands_SucceedSAMLIDPIntent(t *testing.T) {
 								KeyID:      "id",
 								Crypted:    []byte("<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"id\" IssueInstant=\"0001-01-01T00:00:00Z\" Version=\"\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" NameQualifier=\"\" SPNameQualifier=\"\" Format=\"\" SPProvidedID=\"\"></Issuer></Assertion>"),
 							},
+							time.Time{},
 						),
 					),
 				),
 			},
 			args{
 				ctx:        context.Background(),
-				writeModel: NewIDPIntentWriteModel("id", "instance"),
-				assertion:  &saml.Assertion{ID: "id"},
+				writeModel: NewIDPIntentWriteModel("id", "instance", 0),
+				session: &saml.Session{
+					Assertion: &crewjam_saml.Assertion{ID: "id"},
+				},
 				idpUser: openid.NewUser(&oidc.UserInfo{
 					Subject: "id",
 					UserInfoProfile: oidc.UserInfoProfile{
@@ -1088,7 +1098,7 @@ func TestCommands_SucceedSAMLIDPIntent(t *testing.T) {
 				eventstore:          tt.fields.eventstore(t),
 				idpConfigEncryption: tt.fields.idpConfigEncryption,
 			}
-			got, err := c.SucceedSAMLIDPIntent(tt.args.ctx, tt.args.writeModel, tt.args.idpUser, tt.args.userID, tt.args.assertion)
+			got, err := c.SucceedSAMLIDPIntent(tt.args.ctx, tt.args.writeModel, tt.args.idpUser, tt.args.userID, tt.args.session)
 			require.ErrorIs(t, err, tt.res.err)
 			assert.Equal(t, tt.res.token, got)
 		})
@@ -1128,7 +1138,7 @@ func TestCommands_RequestSAMLIDPIntent(t *testing.T) {
 			},
 			args{
 				ctx:        context.Background(),
-				writeModel: NewIDPIntentWriteModel("id", "instance"),
+				writeModel: NewIDPIntentWriteModel("id", "instance", 0),
 				request:    "request",
 			},
 			res{},
@@ -1156,7 +1166,7 @@ func TestCommands_SucceedLDAPIDPIntent(t *testing.T) {
 		writeModel *IDPIntentWriteModel
 		idpUser    idp.User
 		userID     string
-		attributes map[string][]string
+		session    *ldap.Session
 	}
 	type res struct {
 		token string
@@ -1180,7 +1190,7 @@ func TestCommands_SucceedLDAPIDPIntent(t *testing.T) {
 			},
 			args{
 				ctx:        context.Background(),
-				writeModel: NewIDPIntentWriteModel("id", "instance"),
+				writeModel: NewIDPIntentWriteModel("id", "instance", 0),
 			},
 			res{
 				err: zerrors.ThrowInternal(nil, "id", "encryption failed"),
@@ -1200,14 +1210,24 @@ func TestCommands_SucceedLDAPIDPIntent(t *testing.T) {
 							"username",
 							"",
 							map[string][]string{"id": {"id"}},
+							time.Time{},
 						),
 					),
 				),
 			},
 			args{
 				ctx:        context.Background(),
-				writeModel: NewIDPIntentWriteModel("id", "instance"),
-				attributes: map[string][]string{"id": {"id"}},
+				writeModel: NewIDPIntentWriteModel("id", "instance", 0),
+				session: &ldap.Session{
+					Entry: &goldap.Entry{
+						Attributes: []*goldap.EntryAttribute{
+							{
+								Name:   "id",
+								Values: []string{"id"},
+							},
+						},
+					},
+				},
 				idpUser: ldap.NewUser(
 					"id",
 					"",
@@ -1235,7 +1255,7 @@ func TestCommands_SucceedLDAPIDPIntent(t *testing.T) {
 				eventstore:          tt.fields.eventstore(t),
 				idpConfigEncryption: tt.fields.idpConfigEncryption,
 			}
-			got, err := c.SucceedLDAPIDPIntent(tt.args.ctx, tt.args.writeModel, tt.args.idpUser, tt.args.userID, tt.args.attributes)
+			got, err := c.SucceedLDAPIDPIntent(tt.args.ctx, tt.args.writeModel, tt.args.idpUser, tt.args.userID, tt.args.session)
 			require.ErrorIs(t, err, tt.res.err)
 			assert.Equal(t, tt.res.token, got)
 		})
@@ -1275,7 +1295,7 @@ func TestCommands_FailIDPIntent(t *testing.T) {
 			},
 			args{
 				ctx:        context.Background(),
-				writeModel: NewIDPIntentWriteModel("id", "instance"),
+				writeModel: NewIDPIntentWriteModel("id", "instance", 0),
 				reason:     "reason",
 			},
 			res{
diff --git a/internal/command/session.go b/internal/command/session.go
index d00e541e62..3c06c22967 100644
--- a/internal/command/session.go
+++ b/internal/command/session.go
@@ -17,6 +17,7 @@ import (
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/id"
 	"github.com/zitadel/zitadel/internal/notification/senders"
+	"github.com/zitadel/zitadel/internal/repository/idpintent"
 	"github.com/zitadel/zitadel/internal/repository/session"
 	"github.com/zitadel/zitadel/internal/repository/user"
 	"github.com/zitadel/zitadel/internal/zerrors"
@@ -32,31 +33,33 @@ type SessionCommands struct {
 	eventstore        *eventstore.Eventstore
 	eventCommands     []eventstore.Command
 
-	hasher          *crypto.Hasher
-	intentAlg       crypto.EncryptionAlgorithm
-	totpAlg         crypto.EncryptionAlgorithm
-	otpAlg          crypto.EncryptionAlgorithm
-	createCode      encryptedCodeWithDefaultFunc
-	createPhoneCode encryptedCodeGeneratorWithDefaultFunc
-	createToken     func(sessionID string) (id string, token string, err error)
-	getCodeVerifier func(ctx context.Context, id string) (senders.CodeGenerator, error)
-	now             func() time.Time
+	hasher               *crypto.Hasher
+	intentAlg            crypto.EncryptionAlgorithm
+	totpAlg              crypto.EncryptionAlgorithm
+	otpAlg               crypto.EncryptionAlgorithm
+	createCode           encryptedCodeWithDefaultFunc
+	createPhoneCode      encryptedCodeGeneratorWithDefaultFunc
+	createToken          func(sessionID string) (id string, token string, err error)
+	getCodeVerifier      func(ctx context.Context, id string) (senders.CodeGenerator, error)
+	now                  func() time.Time
+	maxIdPIntentLifetime time.Duration
 }
 
 func (c *Commands) NewSessionCommands(cmds []SessionCommand, session *SessionWriteModel) *SessionCommands {
 	return &SessionCommands{
-		sessionCommands:   cmds,
-		sessionWriteModel: session,
-		eventstore:        c.eventstore,
-		hasher:            c.userPasswordHasher,
-		intentAlg:         c.idpConfigEncryption,
-		totpAlg:           c.multifactors.OTP.CryptoMFA,
-		otpAlg:            c.userEncryption,
-		createCode:        c.newEncryptedCodeWithDefault,
-		createPhoneCode:   c.newPhoneCode,
-		createToken:       c.sessionTokenCreator,
-		getCodeVerifier:   c.phoneCodeVerifierFromConfig,
-		now:               time.Now,
+		sessionCommands:      cmds,
+		sessionWriteModel:    session,
+		eventstore:           c.eventstore,
+		hasher:               c.userPasswordHasher,
+		intentAlg:            c.idpConfigEncryption,
+		totpAlg:              c.multifactors.OTP.CryptoMFA,
+		otpAlg:               c.userEncryption,
+		createCode:           c.newEncryptedCodeWithDefault,
+		createPhoneCode:      c.newPhoneCode,
+		createToken:          c.sessionTokenCreator,
+		getCodeVerifier:      c.phoneCodeVerifierFromConfig,
+		now:                  time.Now,
+		maxIdPIntentLifetime: c.maxIdPIntentLifetime,
 	}
 }
 
@@ -92,7 +95,7 @@ func CheckIntent(intentID, token string) SessionCommand {
 		if err := crypto.CheckToken(cmd.intentAlg, token, intentID); err != nil {
 			return nil, err
 		}
-		cmd.intentWriteModel = NewIDPIntentWriteModel(intentID, "")
+		cmd.intentWriteModel = NewIDPIntentWriteModel(intentID, "", cmd.maxIdPIntentLifetime)
 		err := cmd.eventstore.FilterToQueryReducer(ctx, cmd.intentWriteModel)
 		if err != nil {
 			return nil, err
@@ -100,6 +103,9 @@ func CheckIntent(intentID, token string) SessionCommand {
 		if cmd.intentWriteModel.State != domain.IDPIntentStateSucceeded {
 			return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Df4bw", "Errors.Intent.NotSucceeded")
 		}
+		if time.Now().After(cmd.intentWriteModel.ExpiresAt()) {
+			return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-SAf42", "Errors.Intent.Expired")
+		}
 		if cmd.intentWriteModel.UserID != "" {
 			if cmd.intentWriteModel.UserID != cmd.sessionWriteModel.UserID {
 				return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-O8xk3w", "Errors.Intent.OtherUser")
@@ -168,6 +174,7 @@ func (s *SessionCommands) PasswordChecked(ctx context.Context, checkedAt time.Ti
 
 func (s *SessionCommands) IntentChecked(ctx context.Context, checkedAt time.Time) {
 	s.eventCommands = append(s.eventCommands, session.NewIntentCheckedEvent(ctx, s.sessionWriteModel.aggregate, checkedAt))
+	s.eventCommands = append(s.eventCommands, idpintent.NewConsumedEvent(ctx, IDPIntentAggregateFromWriteModel(&s.intentWriteModel.WriteModel)))
 }
 
 func (s *SessionCommands) WebAuthNChallenged(ctx context.Context, challenge string, allowedCrentialIDs [][]byte, userVerification domain.UserVerificationRequirement, rpid string) {
diff --git a/internal/command/session_test.go b/internal/command/session_test.go
index 60027d3a05..e65f32fb57 100644
--- a/internal/command/session_test.go
+++ b/internal/command/session_test.go
@@ -695,6 +695,7 @@ func TestCommands_updateSession(t *testing.T) {
 								"userID2",
 								nil,
 								"",
+								time.Now().Add(time.Hour),
 							),
 						),
 					),
@@ -757,6 +758,111 @@ func TestCommands_updateSession(t *testing.T) {
 				err: zerrors.ThrowPermissionDenied(nil, "CRYPTO-CRYPTO", "Errors.Intent.InvalidToken"),
 			},
 		},
+		{
+			"set user, intent token already consumed",
+			fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							user.NewHumanAddedEvent(context.Background(), &user.NewAggregate("userID", "org1").Aggregate,
+								"username", "", "", "", "", language.English, domain.GenderUnspecified, "", false),
+						),
+						eventFromEventPusher(
+							idpintent.NewSucceededEvent(context.Background(),
+								&idpintent.NewAggregate("intent", "instance1").Aggregate,
+								nil,
+								"idpUserID",
+								"idpUsername",
+								"userID",
+								nil,
+								"",
+								time.Now().Add(time.Hour),
+							),
+						),
+						eventFromEventPusher(
+							idpintent.NewConsumedEvent(context.Background(),
+								&idpintent.NewAggregate("intent", "instance1").Aggregate,
+							),
+						),
+					),
+				),
+			},
+			args{
+				ctx: authz.NewMockContext("instance1", "", ""),
+				checks: &SessionCommands{
+					sessionWriteModel: NewSessionWriteModel("sessionID", "instance1"),
+					sessionCommands: []SessionCommand{
+						CheckUser("userID", "org1", &language.Afrikaans),
+						CheckIntent("intent", "aW50ZW50"),
+					},
+					createToken: func(sessionID string) (string, string, error) {
+						return "tokenID",
+							"token",
+							nil
+					},
+					intentAlg: decryption(nil),
+					now: func() time.Time {
+						return testNow
+					},
+				},
+				metadata: map[string][]byte{
+					"key": []byte("value"),
+				},
+			},
+			res{
+				err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Df4bw", "Errors.Intent.NotSucceeded"),
+			},
+		},
+		{
+			"set user, intent token already expired",
+			fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							user.NewHumanAddedEvent(context.Background(), &user.NewAggregate("userID", "org1").Aggregate,
+								"username", "", "", "", "", language.English, domain.GenderUnspecified, "", false),
+						),
+						eventFromEventPusher(
+							idpintent.NewSucceededEvent(context.Background(),
+								&idpintent.NewAggregate("intent", "instance1").Aggregate,
+								nil,
+								"idpUserID",
+								"idpUsername",
+								"userID",
+								nil,
+								"",
+								time.Now().Add(-time.Hour),
+							),
+						),
+					),
+				),
+			},
+			args{
+				ctx: authz.NewMockContext("instance1", "", ""),
+				checks: &SessionCommands{
+					sessionWriteModel: NewSessionWriteModel("sessionID", "instance1"),
+					sessionCommands: []SessionCommand{
+						CheckUser("userID", "org1", &language.Afrikaans),
+						CheckIntent("intent", "aW50ZW50"),
+					},
+					createToken: func(sessionID string) (string, string, error) {
+						return "tokenID",
+							"token",
+							nil
+					},
+					intentAlg: decryption(nil),
+					now: func() time.Time {
+						return testNow
+					},
+				},
+				metadata: map[string][]byte{
+					"key": []byte("value"),
+				},
+			},
+			res{
+				err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-SAf42", "Errors.Intent.Expired"),
+			},
+		},
 		{
 			"set user, intent, metadata and token",
 			fields{
@@ -768,13 +874,14 @@ func TestCommands_updateSession(t *testing.T) {
 						),
 						eventFromEventPusher(
 							idpintent.NewSucceededEvent(context.Background(),
-								&idpintent.NewAggregate("id", "instance1").Aggregate,
+								&idpintent.NewAggregate("intent", "instance1").Aggregate,
 								nil,
 								"idpUserID",
 								"idpUsername",
 								"userID",
 								nil,
 								"",
+								time.Now().Add(time.Hour),
 							),
 						),
 					),
@@ -783,6 +890,7 @@ func TestCommands_updateSession(t *testing.T) {
 							"userID", "org1", testNow, &language.Afrikaans),
 						session.NewIntentCheckedEvent(context.Background(), &session.NewAggregate("sessionID", "instance1").Aggregate,
 							testNow),
+						idpintent.NewConsumedEvent(context.Background(), &idpintent.NewAggregate("intent", "org1").Aggregate),
 						session.NewMetadataSetEvent(context.Background(), &session.NewAggregate("sessionID", "instance1").Aggregate,
 							map[string][]byte{"key": []byte("value")}),
 						session.NewTokenSetEvent(context.Background(), &session.NewAggregate("sessionID", "instance1").Aggregate,
@@ -842,13 +950,14 @@ func TestCommands_updateSession(t *testing.T) {
 						),
 						eventFromEventPusher(
 							idpintent.NewSucceededEvent(context.Background(),
-								&idpintent.NewAggregate("id", "instance1").Aggregate,
+								&idpintent.NewAggregate("intent", "instance1").Aggregate,
 								nil,
 								"idpUserID",
 								"idpUsername",
 								"",
 								nil,
 								"",
+								time.Now().Add(time.Hour),
 							),
 						),
 					),
@@ -866,6 +975,7 @@ func TestCommands_updateSession(t *testing.T) {
 							"userID", "org1", testNow, &language.Afrikaans),
 						session.NewIntentCheckedEvent(context.Background(), &session.NewAggregate("sessionID", "instance1").Aggregate,
 							testNow),
+						idpintent.NewConsumedEvent(context.Background(), &idpintent.NewAggregate("intent", "org1").Aggregate),
 						session.NewTokenSetEvent(context.Background(), &session.NewAggregate("sessionID", "instance1").Aggregate,
 							"tokenID"),
 					),
diff --git a/internal/config/systemdefaults/system_defaults.go b/internal/config/systemdefaults/system_defaults.go
index f6d39befe7..827dd61f73 100644
--- a/internal/config/systemdefaults/system_defaults.go
+++ b/internal/config/systemdefaults/system_defaults.go
@@ -7,15 +7,16 @@ import (
 )
 
 type SystemDefaults struct {
-	SecretGenerators   SecretGenerators
-	PasswordHasher     crypto.HashConfig
-	SecretHasher       crypto.HashConfig
-	Multifactors       MultifactorConfig
-	DomainVerification DomainVerification
-	Notifications      Notifications
-	KeyConfig          KeyConfig
-	DefaultQueryLimit  uint64
-	MaxQueryLimit      uint64
+	SecretGenerators     SecretGenerators
+	PasswordHasher       crypto.HashConfig
+	SecretHasher         crypto.HashConfig
+	Multifactors         MultifactorConfig
+	DomainVerification   DomainVerification
+	Notifications        Notifications
+	KeyConfig            KeyConfig
+	DefaultQueryLimit    uint64
+	MaxQueryLimit        uint64
+	MaxIdPIntentLifetime time.Duration
 }
 
 type SecretGenerators struct {
diff --git a/internal/domain/idp.go b/internal/domain/idp.go
index e2571f6b0d..bea106298b 100644
--- a/internal/domain/idp.go
+++ b/internal/domain/idp.go
@@ -115,6 +115,7 @@ const (
 	IDPIntentStateStarted
 	IDPIntentStateSucceeded
 	IDPIntentStateFailed
+	IDPIntentStateConsumed
 
 	idpIntentStateCount
 )
diff --git a/internal/idp/providers/apple/session.go b/internal/idp/providers/apple/session.go
index eee68fa2a5..9395d84b2b 100644
--- a/internal/idp/providers/apple/session.go
+++ b/internal/idp/providers/apple/session.go
@@ -10,6 +10,8 @@ import (
 	"github.com/zitadel/zitadel/internal/idp/providers/oidc"
 )
 
+var _ idp.Session = (*Session)(nil)
+
 // Session extends the [oidc.Session] with the formValues returned from the callback.
 // This enables to parse the user (name and email), which Apple only returns as form params on registration
 type Session struct {
diff --git a/internal/idp/providers/azuread/session.go b/internal/idp/providers/azuread/session.go
index 4b0a6fb844..169784fb58 100644
--- a/internal/idp/providers/azuread/session.go
+++ b/internal/idp/providers/azuread/session.go
@@ -3,6 +3,7 @@ package azuread
 import (
 	"context"
 	"net/http"
+	"time"
 
 	"github.com/zitadel/oidc/v3/pkg/client/rp"
 	httphelper "github.com/zitadel/oidc/v3/pkg/http"
@@ -12,6 +13,8 @@ import (
 	"github.com/zitadel/zitadel/internal/idp/providers/oauth"
 )
 
+var _ idp.Session = (*Session)(nil)
+
 // Session extends the [oauth.Session] to be able to handle the id_token and to implement the [idp.SessionSupportsMigration] functionality
 type Session struct {
 	*Provider
@@ -79,6 +82,13 @@ func (s *Session) FetchUser(ctx context.Context) (user idp.User, err error) {
 	return user, nil
 }
 
+func (s *Session) ExpiresAt() time.Time {
+	if s.OAuthSession == nil {
+		return time.Time{}
+	}
+	return s.OAuthSession.ExpiresAt()
+}
+
 // Tokens returns the [oidc.Tokens] of the underlying [oauth.Session].
 func (s *Session) Tokens() *oidc.Tokens[*oidc.IDTokenClaims] {
 	return s.oauth().Tokens
diff --git a/internal/idp/providers/jwt/session.go b/internal/idp/providers/jwt/session.go
index 6df08a6998..5138812f3c 100644
--- a/internal/idp/providers/jwt/session.go
+++ b/internal/idp/providers/jwt/session.go
@@ -57,6 +57,13 @@ func (s *Session) FetchUser(ctx context.Context) (user idp.User, err error) {
 	return &User{s.Tokens.IDTokenClaims}, nil
 }
 
+func (s *Session) ExpiresAt() time.Time {
+	if s.Tokens == nil || s.Tokens.IDTokenClaims == nil {
+		return time.Time{}
+	}
+	return s.Tokens.IDTokenClaims.GetExpiration()
+}
+
 func (s *Session) validateToken(ctx context.Context, token string) (*oidc.IDTokenClaims, error) {
 	logging.Debug("begin token validation")
 	// TODO: be able to specify them in the template: https://github.com/zitadel/zitadel/issues/5322
diff --git a/internal/idp/providers/ldap/session.go b/internal/idp/providers/ldap/session.go
index 0a6a87ba3d..1679e35b61 100644
--- a/internal/idp/providers/ldap/session.go
+++ b/internal/idp/providers/ldap/session.go
@@ -96,6 +96,10 @@ func (s *Session) FetchUser(_ context.Context) (_ idp.User, err error) {
 	)
 }
 
+func (s *Session) ExpiresAt() time.Time {
+	return time.Time{} // falls back to the default expiration time
+}
+
 func tryBind(
 	server string,
 	startTLS bool,
diff --git a/internal/idp/providers/oauth/session.go b/internal/idp/providers/oauth/session.go
index 247a7f8710..c9e175d1cf 100644
--- a/internal/idp/providers/oauth/session.go
+++ b/internal/idp/providers/oauth/session.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"net/http"
+	"time"
 
 	"github.com/zitadel/oidc/v3/pkg/client/rp"
 	httphelper "github.com/zitadel/oidc/v3/pkg/http"
@@ -69,6 +70,13 @@ func (s *Session) FetchUser(ctx context.Context) (_ idp.User, err error) {
 	return user, nil
 }
 
+func (s *Session) ExpiresAt() time.Time {
+	if s.Tokens == nil {
+		return time.Time{}
+	}
+	return s.Tokens.Expiry
+}
+
 func (s *Session) authorize(ctx context.Context) (err error) {
 	if s.Code == "" {
 		return ErrCodeMissing
diff --git a/internal/idp/providers/oidc/session.go b/internal/idp/providers/oidc/session.go
index b17a3b0a0b..430a14e5bb 100644
--- a/internal/idp/providers/oidc/session.go
+++ b/internal/idp/providers/oidc/session.go
@@ -3,6 +3,7 @@ package oidc
 import (
 	"context"
 	"errors"
+	"time"
 
 	"github.com/zitadel/oidc/v3/pkg/client/rp"
 	"github.com/zitadel/oidc/v3/pkg/oidc"
@@ -72,6 +73,13 @@ func (s *Session) FetchUser(ctx context.Context) (user idp.User, err error) {
 	return u, nil
 }
 
+func (s *Session) ExpiresAt() time.Time {
+	if s.Tokens == nil {
+		return time.Time{}
+	}
+	return s.Tokens.Expiry
+}
+
 func (s *Session) Authorize(ctx context.Context) (err error) {
 	if s.Code == "" {
 		return ErrCodeMissing
diff --git a/internal/idp/providers/saml/session.go b/internal/idp/providers/saml/session.go
index b0748d33a3..e2a1655a26 100644
--- a/internal/idp/providers/saml/session.go
+++ b/internal/idp/providers/saml/session.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"net/http"
 	"net/url"
+	"time"
 
 	"github.com/crewjam/saml"
 	"github.com/crewjam/saml/samlsp"
@@ -107,6 +108,13 @@ func (s *Session) FetchUser(ctx context.Context) (user idp.User, err error) {
 	return userMapper, nil
 }
 
+func (s *Session) ExpiresAt() time.Time {
+	if s.Assertion == nil || s.Assertion.Conditions == nil {
+		return time.Time{}
+	}
+	return s.Assertion.Conditions.NotOnOrAfter
+}
+
 func (s *Session) transientMappingID() (string, error) {
 	for _, statement := range s.Assertion.AttributeStatements {
 		for _, attribute := range statement.Attributes {
diff --git a/internal/idp/session.go b/internal/idp/session.go
index ab54bcabaa..fc593eb820 100644
--- a/internal/idp/session.go
+++ b/internal/idp/session.go
@@ -2,6 +2,7 @@ package idp
 
 import (
 	"context"
+	"time"
 )
 
 // Session is the minimal implementation for a session of a 3rd party authentication [Provider]
@@ -9,6 +10,7 @@ type Session interface {
 	GetAuth(ctx context.Context) (content string, redirect bool)
 	PersistentParameters() map[string]any
 	FetchUser(ctx context.Context) (User, error)
+	ExpiresAt() time.Time
 }
 
 // SessionSupportsMigration is an optional extension to the Session interface.
diff --git a/internal/integration/client.go b/internal/integration/client.go
index e82a6bec55..f1bcfb41bd 100644
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -672,6 +672,23 @@ func (i *Instance) CreatePasswordSession(t *testing.T, ctx context.Context, user
 		createResp.GetDetails().GetChangeDate().AsTime(), createResp.GetDetails().GetChangeDate().AsTime()
 }
 
+func (i *Instance) CreateIntentSession(t *testing.T, ctx context.Context, userID, intentID, intentToken string) (id, token string, start, change time.Time) {
+	createResp, err := i.Client.SessionV2.CreateSession(ctx, &session.CreateSessionRequest{
+		Checks: &session.Checks{
+			User: &session.CheckUser{
+				Search: &session.CheckUser_UserId{UserId: userID},
+			},
+			IdpIntent: &session.CheckIDPIntent{
+				IdpIntentId:    intentID,
+				IdpIntentToken: intentToken,
+			},
+		},
+	})
+	require.NoError(t, err)
+	return createResp.GetSessionId(), createResp.GetSessionToken(),
+		createResp.GetDetails().GetChangeDate().AsTime(), createResp.GetDetails().GetChangeDate().AsTime()
+}
+
 func (i *Instance) CreateProjectGrant(ctx context.Context, projectID, grantedOrgID string) *mgmt.AddProjectGrantResponse {
 	resp, err := i.Client.Mgmt.AddProjectGrant(ctx, &mgmt.AddProjectGrantRequest{
 		GrantedOrgId: grantedOrgID,
diff --git a/internal/integration/sink/server.go b/internal/integration/sink/server.go
index 633ebf424f..8abb31a63e 100644
--- a/internal/integration/sink/server.go
+++ b/internal/integration/sink/server.go
@@ -17,6 +17,7 @@ import (
 
 	crewjam_saml "github.com/crewjam/saml"
 	"github.com/go-chi/chi/v5"
+	goldap "github.com/go-ldap/ldap/v3"
 	"github.com/gorilla/websocket"
 	"github.com/sirupsen/logrus"
 	"github.com/zitadel/logging"
@@ -48,7 +49,7 @@ func CallURL(ch Channel) string {
 	return u.String()
 }
 
-func SuccessfulOAuthIntent(instanceID, idpID, idpUserID, userID string) (string, string, time.Time, uint64, error) {
+func SuccessfulOAuthIntent(instanceID, idpID, idpUserID, userID string, expiry time.Time) (string, string, time.Time, uint64, error) {
 	u := url.URL{
 		Scheme: "http",
 		Host:   host,
@@ -59,6 +60,7 @@ func SuccessfulOAuthIntent(instanceID, idpID, idpUserID, userID string) (string,
 		IDPID:      idpID,
 		IDPUserID:  idpUserID,
 		UserID:     userID,
+		Expiry:     expiry,
 	})
 	if err != nil {
 		return "", "", time.Time{}, uint64(0), err
@@ -66,7 +68,7 @@ func SuccessfulOAuthIntent(instanceID, idpID, idpUserID, userID string) (string,
 	return resp.IntentID, resp.Token, resp.ChangeDate, resp.Sequence, nil
 }
 
-func SuccessfulOIDCIntent(instanceID, idpID, idpUserID, userID string) (string, string, time.Time, uint64, error) {
+func SuccessfulOIDCIntent(instanceID, idpID, idpUserID, userID string, expiry time.Time) (string, string, time.Time, uint64, error) {
 	u := url.URL{
 		Scheme: "http",
 		Host:   host,
@@ -77,6 +79,7 @@ func SuccessfulOIDCIntent(instanceID, idpID, idpUserID, userID string) (string,
 		IDPID:      idpID,
 		IDPUserID:  idpUserID,
 		UserID:     userID,
+		Expiry:     expiry,
 	})
 	if err != nil {
 		return "", "", time.Time{}, uint64(0), err
@@ -84,7 +87,7 @@ func SuccessfulOIDCIntent(instanceID, idpID, idpUserID, userID string) (string,
 	return resp.IntentID, resp.Token, resp.ChangeDate, resp.Sequence, nil
 }
 
-func SuccessfulSAMLIntent(instanceID, idpID, idpUserID, userID string) (string, string, time.Time, uint64, error) {
+func SuccessfulSAMLIntent(instanceID, idpID, idpUserID, userID string, expiry time.Time) (string, string, time.Time, uint64, error) {
 	u := url.URL{
 		Scheme: "http",
 		Host:   host,
@@ -95,6 +98,7 @@ func SuccessfulSAMLIntent(instanceID, idpID, idpUserID, userID string) (string,
 		IDPID:      idpID,
 		IDPUserID:  idpUserID,
 		UserID:     userID,
+		Expiry:     expiry,
 	})
 	if err != nil {
 		return "", "", time.Time{}, uint64(0), err
@@ -282,10 +286,11 @@ func readLoop(ws *websocket.Conn) (done chan error) {
 }
 
 type SuccessfulIntentRequest struct {
-	InstanceID string `json:"instance_id"`
-	IDPID      string `json:"idp_id"`
-	IDPUserID  string `json:"idp_user_id"`
-	UserID     string `json:"user_id"`
+	InstanceID string    `json:"instance_id"`
+	IDPID      string    `json:"idp_id"`
+	IDPUserID  string    `json:"idp_user_id"`
+	UserID     string    `json:"user_id"`
+	Expiry     time.Time `json:"expiry"`
 }
 type SuccessfulIntentResponse struct {
 	IntentID   string    `json:"intent_id"`
@@ -376,6 +381,7 @@ func createSuccessfulOAuthIntent(ctx context.Context, cmd *command.Commands, req
 		Tokens: &oidc.Tokens[*oidc.IDTokenClaims]{
 			Token: &oauth2.Token{
 				AccessToken: "accessToken",
+				Expiry:      req.Expiry,
 			},
 			IDToken: "idToken",
 		},
@@ -407,6 +413,7 @@ func createSuccessfulOIDCIntent(ctx context.Context, cmd *command.Commands, req
 		Tokens: &oidc.Tokens[*oidc.IDTokenClaims]{
 			Token: &oauth2.Token{
 				AccessToken: "accessToken",
+				Expiry:      req.Expiry,
 			},
 			IDToken: "idToken",
 		},
@@ -431,9 +438,16 @@ func createSuccessfulSAMLIntent(ctx context.Context, cmd *command.Commands, req
 		ID:         req.IDPUserID,
 		Attributes: map[string][]string{"attribute1": {"value1"}},
 	}
-	assertion := &crewjam_saml.Assertion{ID: "id"}
+	session := &saml.Session{
+		Assertion: &crewjam_saml.Assertion{
+			ID: "id",
+			Conditions: &crewjam_saml.Conditions{
+				NotOnOrAfter: req.Expiry,
+			},
+		},
+	}
 
-	token, err := cmd.SucceedSAMLIDPIntent(ctx, writeModel, idpUser, req.UserID, assertion)
+	token, err := cmd.SucceedSAMLIDPIntent(ctx, writeModel, idpUser, req.UserID, session)
 	if err != nil {
 		return nil, err
 	}
@@ -465,8 +479,14 @@ func createSuccessfulLDAPIntent(ctx context.Context, cmd *command.Commands, req
 		"",
 		"",
 	)
-	attributes := map[string][]string{"id": {req.IDPUserID}, "username": {username}, "language": {lang.String()}}
-	token, err := cmd.SucceedLDAPIDPIntent(ctx, writeModel, idpUser, req.UserID, attributes)
+	session := &ldap.Session{Entry: &goldap.Entry{
+		Attributes: []*goldap.EntryAttribute{
+			{Name: "id", Values: []string{req.IDPUserID}},
+			{Name: "username", Values: []string{username}},
+			{Name: "language", Values: []string{lang.String()}},
+		},
+	}}
+	token, err := cmd.SucceedLDAPIDPIntent(ctx, writeModel, idpUser, req.UserID, session)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/repository/idpintent/eventstore.go b/internal/repository/idpintent/eventstore.go
index ea94803973..6bec32c735 100644
--- a/internal/repository/idpintent/eventstore.go
+++ b/internal/repository/idpintent/eventstore.go
@@ -11,4 +11,5 @@ func init() {
 	eventstore.RegisterFilterEventMapper(AggregateType, SAMLRequestEventType, SAMLRequestEventMapper)
 	eventstore.RegisterFilterEventMapper(AggregateType, LDAPSucceededEventType, LDAPSucceededEventMapper)
 	eventstore.RegisterFilterEventMapper(AggregateType, FailedEventType, FailedEventMapper)
+	eventstore.RegisterFilterEventMapper(AggregateType, ConsumedEventType, eventstore.GenericEventMapper[ConsumedEvent])
 }
diff --git a/internal/repository/idpintent/intent.go b/internal/repository/idpintent/intent.go
index 27e6391f95..e4ee28cae9 100644
--- a/internal/repository/idpintent/intent.go
+++ b/internal/repository/idpintent/intent.go
@@ -3,6 +3,7 @@ package idpintent
 import (
 	"context"
 	"net/url"
+	"time"
 
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -16,6 +17,7 @@ const (
 	SAMLRequestEventType   = instanceEventTypePrefix + "saml.requested"
 	LDAPSucceededEventType = instanceEventTypePrefix + "ldap.succeeded"
 	FailedEventType        = instanceEventTypePrefix + "failed"
+	ConsumedEventType      = instanceEventTypePrefix + "consumed"
 )
 
 type StartedEvent struct {
@@ -79,6 +81,7 @@ type SucceededEvent struct {
 
 	IDPAccessToken *crypto.CryptoValue `json:"idpAccessToken,omitempty"`
 	IDPIDToken     string              `json:"idpIdToken,omitempty"`
+	ExpiresAt      time.Time           `json:"expiresAt,omitempty"`
 }
 
 func NewSucceededEvent(
@@ -90,6 +93,7 @@ func NewSucceededEvent(
 	userID string,
 	idpAccessToken *crypto.CryptoValue,
 	idpIDToken string,
+	expiresAt time.Time,
 ) *SucceededEvent {
 	return &SucceededEvent{
 		BaseEvent: *eventstore.NewBaseEventForPush(
@@ -103,6 +107,7 @@ func NewSucceededEvent(
 		UserID:         userID,
 		IDPAccessToken: idpAccessToken,
 		IDPIDToken:     idpIDToken,
+		ExpiresAt:      expiresAt,
 	}
 }
 
@@ -136,6 +141,7 @@ type SAMLSucceededEvent struct {
 	UserID      string `json:"userId,omitempty"`
 
 	Assertion *crypto.CryptoValue `json:"assertion,omitempty"`
+	ExpiresAt time.Time           `json:"expiresAt,omitempty"`
 }
 
 func NewSAMLSucceededEvent(
@@ -146,6 +152,7 @@ func NewSAMLSucceededEvent(
 	idpUserName,
 	userID string,
 	assertion *crypto.CryptoValue,
+	expiresAt time.Time,
 ) *SAMLSucceededEvent {
 	return &SAMLSucceededEvent{
 		BaseEvent: *eventstore.NewBaseEventForPush(
@@ -158,6 +165,7 @@ func NewSAMLSucceededEvent(
 		IDPUserName: idpUserName,
 		UserID:      userID,
 		Assertion:   assertion,
+		ExpiresAt:   expiresAt,
 	}
 }
 
@@ -233,6 +241,7 @@ type LDAPSucceededEvent struct {
 	UserID      string `json:"userId,omitempty"`
 
 	EntryAttributes map[string][]string `json:"user,omitempty"`
+	ExpiresAt       time.Time           `json:"expiresAt,omitempty"`
 }
 
 func NewLDAPSucceededEvent(
@@ -243,6 +252,7 @@ func NewLDAPSucceededEvent(
 	idpUserName,
 	userID string,
 	attributes map[string][]string,
+	expiresAt time.Time,
 ) *LDAPSucceededEvent {
 	return &LDAPSucceededEvent{
 		BaseEvent: *eventstore.NewBaseEventForPush(
@@ -255,6 +265,7 @@ func NewLDAPSucceededEvent(
 		IDPUserName:     idpUserName,
 		UserID:          userID,
 		EntryAttributes: attributes,
+		ExpiresAt:       expiresAt,
 	}
 }
 
@@ -320,3 +331,32 @@ func FailedEventMapper(event eventstore.Event) (eventstore.Event, error) {
 
 	return e, nil
 }
+
+type ConsumedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func NewConsumedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *ConsumedEvent {
+	return &ConsumedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			ConsumedEventType,
+		),
+	}
+}
+
+func (e *ConsumedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *ConsumedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func (e *ConsumedEvent) SetBaseEvent(base *eventstore.BaseEvent) {
+	e.BaseEvent = *base
+}
diff --git a/internal/static/i18n/bg.yaml b/internal/static/i18n/bg.yaml
index d7dc18898b..8254b82b45 100644
--- a/internal/static/i18n/bg.yaml
+++ b/internal/static/i18n/bg.yaml
@@ -554,6 +554,7 @@ Errors:
     StateMissing: В заявката липсва параметър състояние
     NotStarted: Намерението не е стартирано или вече е прекратено
     NotSucceeded: Намерението не е успешно
+    Expired: Намерението е изтекло
     TokenCreationFailed: Неуспешно създаване на токен
     InvalidToken: Знакът за намерение е невалиден
     OtherUser: Намерение, предназначено за друг потребител
diff --git a/internal/static/i18n/cs.yaml b/internal/static/i18n/cs.yaml
index 80db4952f9..bb4172fbff 100644
--- a/internal/static/i18n/cs.yaml
+++ b/internal/static/i18n/cs.yaml
@@ -534,6 +534,7 @@ Errors:
     StateMissing: V požadavku chybí parametr stavu
     NotStarted: Záměr nebyl zahájen nebo již byl ukončen
     NotSucceeded: Záměr nebyl úspěšný
+    Expired: Záměr vypršel
     TokenCreationFailed: Vytvoření tokenu selhalo
     InvalidToken: Token záměru je neplatný
     OtherUser: Záměr určený pro jiného uživatele
diff --git a/internal/static/i18n/de.yaml b/internal/static/i18n/de.yaml
index dcb3ac5c71..a24ce7c933 100644
--- a/internal/static/i18n/de.yaml
+++ b/internal/static/i18n/de.yaml
@@ -536,6 +536,7 @@ Errors:
     StateMissing: State parameter fehlt im Request
     NotStarted: Intent wurde nicht gestartet oder wurde bereits beendet
     NotSucceeded: Intent war nicht erfolgreich
+    Expired: Intent ist abgelaufen
     TokenCreationFailed: Tokenerstellung schlug fehl
     InvalidToken: Intent Token ist ungültig
     OtherUser: Intent ist für anderen Benutzer gedacht
diff --git a/internal/static/i18n/en.yaml b/internal/static/i18n/en.yaml
index bd8d26d727..e8f2781de1 100644
--- a/internal/static/i18n/en.yaml
+++ b/internal/static/i18n/en.yaml
@@ -537,6 +537,7 @@ Errors:
     StateMissing: State parameter is missing in the request
     NotStarted: Intent is not started or was already terminated
     NotSucceeded: Intent has not succeeded
+    Expired: Intent has expired
     TokenCreationFailed: Token creation failed
     InvalidToken: Intent Token is invalid
     OtherUser: Intent meant for another user
diff --git a/internal/static/i18n/es.yaml b/internal/static/i18n/es.yaml
index 9f11b63964..b91d055f70 100644
--- a/internal/static/i18n/es.yaml
+++ b/internal/static/i18n/es.yaml
@@ -536,6 +536,7 @@ Errors:
     StateMissing: Falta un parámetro de estado en la solicitud
     NotStarted: La intención no se ha iniciado o ya ha finalizado
     NotSucceeded: Intento fallido
+    Expired: La intención ha expirado
     TokenCreationFailed: Fallo en la creación del token
     InvalidToken: El token de la intención no es válido
     OtherUser: Destinado a otro usuario
diff --git a/internal/static/i18n/fr.yaml b/internal/static/i18n/fr.yaml
index ff8393befc..98f2bee9a0 100644
--- a/internal/static/i18n/fr.yaml
+++ b/internal/static/i18n/fr.yaml
@@ -536,6 +536,7 @@ Errors:
     StateMissing: Paramètre d'état manquant dans la requête
     NotStarted: Intent n'a pas démarré ou s'est déjà terminé
     NotSucceeded: l'intention n'a pas abouti
+    Expired: L'intention a expiré
     TokenCreationFailed: La création du token a échoué
     InvalidToken: Le jeton d'intention n'est pas valide
     OtherUser: Intention destinée à un autre utilisateur
diff --git a/internal/static/i18n/hu.yaml b/internal/static/i18n/hu.yaml
index b17c6a1225..5becd6e606 100644
--- a/internal/static/i18n/hu.yaml
+++ b/internal/static/i18n/hu.yaml
@@ -536,6 +536,7 @@ Errors:
     StateMissing: A kérésből hiányzik a State paraméter
     NotStarted: Az intent nem indult el, vagy már befejeződött
     NotSucceeded: Az intent nem sikerült
+    Expired: A kérésből lejárt
     TokenCreationFailed: A token létrehozása nem sikerült
     InvalidToken: Az Intent Token érvénytelen
     OtherUser: Az intent egy másik felhasználónak szól
diff --git a/internal/static/i18n/id.yaml b/internal/static/i18n/id.yaml
index 56a454e71d..0108d7618b 100644
--- a/internal/static/i18n/id.yaml
+++ b/internal/static/i18n/id.yaml
@@ -536,6 +536,7 @@ Errors:
     StateMissing: Parameter status tidak ada dalam permintaan
     NotStarted: Niat belum dimulai atau sudah dihentikan
     NotSucceeded: Niatnya belum berhasil
+    Expired: Kode sudah habis masa berlakunya
     TokenCreationFailed: Pembuatan token gagal
     InvalidToken: Token Niat tidak valid
     OtherUser: Maksudnya ditujukan untuk pengguna lain
diff --git a/internal/static/i18n/it.yaml b/internal/static/i18n/it.yaml
index 6713abf2e1..750c48471a 100644
--- a/internal/static/i18n/it.yaml
+++ b/internal/static/i18n/it.yaml
@@ -536,6 +536,7 @@ Errors:
     StateMissing: parametro di stato mancante nella richiesta
     NotStarted: l'intento non è stato avviato o è già stato terminato
     NotSucceeded: l'intento non è andato a buon fine
+    Expired: L'intento è scaduto
     TokenCreationFailed: creazione del token fallita
     InvalidToken: Il token dell'intento non è valido
     OtherUser: Intento destinato a un altro utente
diff --git a/internal/static/i18n/ja.yaml b/internal/static/i18n/ja.yaml
index f57d0f6661..fcd7920999 100644
--- a/internal/static/i18n/ja.yaml
+++ b/internal/static/i18n/ja.yaml
@@ -537,6 +537,7 @@ Errors:
     StateMissing: リクエストに State パラメータがありません
     NotStarted: インテントが開始されなかったか、既に終了している
     NotSucceeded: インテントが成功しなかった
+    Expired: 意図の有効期限が切れました
     TokenCreationFailed: トークンの作成に失敗しました
     InvalidToken: インテントのトークンが無効である
     OtherUser: 他のユーザーを意図している
diff --git a/internal/static/i18n/ko.yaml b/internal/static/i18n/ko.yaml
index d238142e01..d83af62235 100644
--- a/internal/static/i18n/ko.yaml
+++ b/internal/static/i18n/ko.yaml
@@ -537,6 +537,7 @@ Errors:
     StateMissing: 요청에 상태 매개변수가 누락되었습니다
     NotStarted: 의도가 시작되지 않았거나 이미 종료되었습니다
     NotSucceeded: 의도가 성공하지 않았습니다
+    Expired: 의도의 유효 기간이 만료되었습니다
     TokenCreationFailed: 토큰 생성 실패
     InvalidToken: 의도 토큰이 유효하지 않습니다
     OtherUser: 다른 사용자를 위한 의도입니다
diff --git a/internal/static/i18n/mk.yaml b/internal/static/i18n/mk.yaml
index 898ed67360..7126925279 100644
--- a/internal/static/i18n/mk.yaml
+++ b/internal/static/i18n/mk.yaml
@@ -535,6 +535,7 @@ Errors:
     StateMissing: Параметарот State недостасува во барањето
     NotStarted: Намерата не е започната или веќе завршена
     NotSucceeded: Намерата не е успешна
+    Expired: Намерата е истечена
     TokenCreationFailed: Неуспешно креирање на токен
     InvalidToken: Токенот за намера е невалиден
     OtherUser: Намерата е за друг корисник
diff --git a/internal/static/i18n/nl.yaml b/internal/static/i18n/nl.yaml
index 882c58a4f2..a398e4b770 100644
--- a/internal/static/i18n/nl.yaml
+++ b/internal/static/i18n/nl.yaml
@@ -536,6 +536,7 @@ Errors:
     StateMissing: Staat parameter ontbreekt in het verzoek
     NotStarted: Intentie is niet gestart of was al beëindigd
     NotSucceeded: Intentie is niet geslaagd
+    Expired: Intentie is verlopen
     TokenCreationFailed: Token aanmaken mislukt
     InvalidToken: Intentie Token is ongeldig
     OtherUser: Intentie bedoeld voor een andere gebruiker
diff --git a/internal/static/i18n/pl.yaml b/internal/static/i18n/pl.yaml
index 13125bc2a9..049a189930 100644
--- a/internal/static/i18n/pl.yaml
+++ b/internal/static/i18n/pl.yaml
@@ -536,6 +536,7 @@ Errors:
     StateMissing: Brak parametru stanu w żądaniu
     NotStarted: Intencja nie została rozpoczęta lub już się zakończyła
     NotSucceeded: intencja nie powiodła się
+    Expired: Intencja wygasła
     TokenCreationFailed: Tworzenie tokena nie powiodło się
     InvalidToken: Token intencji jest nieprawidłowy
     OtherUser: Intencja przeznaczona dla innego użytkownika
diff --git a/internal/static/i18n/pt.yaml b/internal/static/i18n/pt.yaml
index 4ab3573c2b..09a5fc02c5 100644
--- a/internal/static/i18n/pt.yaml
+++ b/internal/static/i18n/pt.yaml
@@ -535,6 +535,7 @@ Errors:
     StateMissing: O parâmetro de estado está faltando na solicitação
     NotStarted: A intenção não foi iniciada ou já foi encerrada
     NotSucceeded: A intenção não teve sucesso
+    Expired: A intenção expirou
     TokenCreationFailed: Falha na criação do token
     InvalidToken: O token da intenção é inválido
     OtherUser: Intenção destinada a outro usuário
diff --git a/internal/static/i18n/ro.yaml b/internal/static/i18n/ro.yaml
index 48790da9e5..9010e57032 100644
--- a/internal/static/i18n/ro.yaml
+++ b/internal/static/i18n/ro.yaml
@@ -537,6 +537,7 @@ Errors:
         StateMissing: Parametrul de stare lipsește în cerere
         NotStarted: Intenția nu este pornită sau a fost deja terminată
         NotSucceeded: Intenția nu a reușit
+        Expired: Intenția a expirat
         TokenCreationFailed: Crearea token-ului a eșuat
         InvalidToken: Token-ul intenției este invalid
         OtherUser: Intenția este destinată altui utilizator
diff --git a/internal/static/i18n/ru.yaml b/internal/static/i18n/ru.yaml
index 64a8ef8013..38b2847637 100644
--- a/internal/static/i18n/ru.yaml
+++ b/internal/static/i18n/ru.yaml
@@ -525,6 +525,7 @@ Errors:
     StateMissing: В запросе отсутствует параметр State
     NotStarted: Намерение не начато или уже прекращено
     NotSucceeded: Намерение не увенчалось успехом
+    Epired: Намерение истекло
     TokenCreationFailed: Не удалось создать токен
     InvalidToken: Маркер намерения недействителен
     OtherUser: Намерение, предназначенное для другого пользователя
diff --git a/internal/static/i18n/sv.yaml b/internal/static/i18n/sv.yaml
index 2c292976d3..ed4b863886 100644
--- a/internal/static/i18n/sv.yaml
+++ b/internal/static/i18n/sv.yaml
@@ -536,6 +536,7 @@ Errors:
     StateMissing: State-parameter saknas i begäran
     NotStarted: Avsikten har inte startat eller har redan avslutats
     NotSucceeded: Avsikten har inte lyckats
+    Expired: Avsikten har gått ut
     TokenCreationFailed: Token-skapande misslyckades
     InvalidToken: Avsiktstoken är ogiltig
     OtherUser: Avsikten är avsedd för en annan användare
diff --git a/internal/static/i18n/zh.yaml b/internal/static/i18n/zh.yaml
index d4b36df7ff..03aa168a50 100644
--- a/internal/static/i18n/zh.yaml
+++ b/internal/static/i18n/zh.yaml
@@ -536,6 +536,7 @@ Errors:
     StateMissing: 请求中缺少状态参数
     NotStarted: 意图没有开始或已经结束
     NotSucceeded: 意图不成功
+    Expired: 意图已过期
     TokenCreationFailed: 令牌创建失败
     InvalidToken: 意图令牌是无效的
     OtherUser: 意图是为另一个用户准备的

From a626678004ee6a6ee02d814af2daebf673deed15 Mon Sep 17 00:00:00 2001
From: Silvan <27845747+adlerhurst@users.noreply.github.com>
Date: Tue, 6 May 2025 08:15:45 +0200
Subject: [PATCH 038/123] fix(setup): execute s54 (#9849)

# Which Problems Are Solved

Step 54 was not executed during setup.

# How the Problems Are Solved

Added the step to setup jobs

# Additional Changes

none

# Additional Context

- the step was added in https://github.com/zitadel/zitadel/pull/9837
- thanks to @zhirschtritt for raising this.
---
 cmd/setup/config.go | 1 +
 cmd/setup/setup.go  | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/cmd/setup/config.go b/cmd/setup/config.go
index 4742b94c7b..127f9d7599 100644
--- a/cmd/setup/config.go
+++ b/cmd/setup/config.go
@@ -150,6 +150,7 @@ type Steps struct {
 	s51IDPTemplate6RootCA                   *IDPTemplate6RootCA
 	s52IDPTemplate6LDAP2                    *IDPTemplate6LDAP2
 	s53InitPermittedOrgsFunction            *InitPermittedOrgsFunction53
+	s54InstancePositionIndex                *InstancePositionIndex
 }
 
 func MustNewSteps(v *viper.Viper) *Steps {
diff --git a/cmd/setup/setup.go b/cmd/setup/setup.go
index f4df9fc71b..eead1980ed 100644
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -212,6 +212,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 	steps.s51IDPTemplate6RootCA = &IDPTemplate6RootCA{dbClient: dbClient}
 	steps.s52IDPTemplate6LDAP2 = &IDPTemplate6LDAP2{dbClient: dbClient}
 	steps.s53InitPermittedOrgsFunction = &InitPermittedOrgsFunction53{dbClient: dbClient}
+	steps.s54InstancePositionIndex = &InstancePositionIndex{dbClient: dbClient}
 
 	err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil, nil)
 	logging.OnError(err).Fatal("unable to start projections")
@@ -254,6 +255,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 		steps.s51IDPTemplate6RootCA,
 		steps.s52IDPTemplate6LDAP2,
 		steps.s53InitPermittedOrgsFunction,
+		steps.s54InstancePositionIndex,
 	} {
 		setupErr = executeMigration(ctx, eventstoreClient, step, "migration failed")
 		if setupErr != nil {

From 8cb1d24b36d4c7a588210c1a1649fa3b2a77dc7d Mon Sep 17 00:00:00 2001
From: Zach Hirschtritt <zachary.hirschtritt@klaviyo.com>
Date: Tue, 6 May 2025 02:38:19 -0400
Subject: [PATCH 039/123] fix: add user id index on sessions8 (#9834)

# Which Problems Are Solved

When a user changes their password, Zitadel needs to terminate all of
that user's active sessions. This query can take many seconds on
deployments with large session and user tables. This happens as part of
session projection handling, so doesn't directly impact user experience,
but potentially bogs down the projection handler which isn't great. In
the future, this index could be used to power a "see all of my current
sessions" feature in Zitadel.

# How the Problems Are Solved

Adds new index on `user_id` column on `projections.sessions8` table.
Alternatively, we can index on `(instance_id, user_id)` instead but
opted for keeping the index smaller as we already index on `instance_id`
separately.

# Additional Changes

None

# Additional Context

None

---------

Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
---
 internal/query/projection/session.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/query/projection/session.go b/internal/query/projection/session.go
index 196a352190..53eba54efb 100644
--- a/internal/query/projection/session.go
+++ b/internal/query/projection/session.go
@@ -87,6 +87,7 @@ func (*sessionProjection) Init() *old_handler.Check {
 				SessionColumnUserAgentFingerprintID+"_idx",
 				[]string{SessionColumnUserAgentFingerprintID},
 			)),
+			handler.WithIndex(handler.NewIndex(SessionColumnUserID+"_idx", []string{SessionColumnUserID})),
 		),
 	)
 }

From 0d7d4e6af084153d9a778e1f03561ebd5e35b89e Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Wed, 7 May 2025 10:14:01 +0200
Subject: [PATCH 040/123] docs: extend api design with additional information
 and examples (#9856)

# Which Problems Are Solved

There were some misunderstandings on how different points would be
needed to be applied into existing API definitions.

# How the Problems Are Solved

- Added structure to the API design
- Added points to context information in requests and responses
- Added examples to responses with context information
- Corrected available pagination messages
- Added pagination and filter examples

# Additional Changes

None

# Additional Context

None
---
 API_DESIGN.md | 114 +++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 99 insertions(+), 15 deletions(-)

diff --git a/API_DESIGN.md b/API_DESIGN.md
index ea37df5a24..ac7c4a01e0 100644
--- a/API_DESIGN.md
+++ b/API_DESIGN.md
@@ -73,6 +73,8 @@ For example, use `organization_id` instead of **org_id** or **resource_owner** f
 
 #### Resources and Fields
 
+##### Context information in Requests
+
 When a context is required for creating a resource, the context is added as a field to the resource.
 For example, when creating a new user, the organization's id is required. The `organization_id` is added as a field to the `CreateUserRequest`.
 
@@ -90,6 +92,65 @@ Only allow providing a context where it is required. The context MUST not be pro
 For example, when retrieving or updating a user, the `organization_id` is not required, since the user can be determined by the user's id.
 However, it is possible to provide the `organization_id` as a filter to retrieve a list of users of a specific organization.
 
+##### Context information in Responses
+
+When the action of creation, update or deletion of a resource was successful, the returned response has to include the time of the operation and the generated identifiers.
+This is achieved through the addition of a timestamp attribute with the operation as a prefix, and the generated information as separate attributes.
+
+```protobuf
+message SetExecutionResponse {
+  // The timestamp of the execution set.
+  google.protobuf.Timestamp set_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+}
+
+message CreateTargetResponse {
+  // The unique identifier of the newly created target.
+  string id = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The timestamp of the target creation.
+  google.protobuf.Timestamp creation_date = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // Key used to sign and check payload sent to the target.
+  string signing_key = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"98KmsU67\""
+    }
+  ];
+}
+
+message UpdateProjectGrantResponse {
+  // The timestamp of the change of the project grant.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message DeleteProjectGrantResponse {
+  // The timestamp of the deletion of the project grant.
+  // Note that the deletion date is only guaranteed to be set if the deletion was successful during the request.
+  // In case the deletion occurred in a previous request, the deletion date might be empty.
+  google.protobuf.Timestamp deletion_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+```
+
+##### Global messages
+
 Prevent the creation of global messages that are used in multiple resources unless they always follow the same pattern.
 Use dedicated fields as described above or create a separate message for the specific context, that is only used in the boundary of the same resource.  
 For example, settings might be set as a default on the instance level, but might be overridden on the organization level.
@@ -99,6 +160,8 @@ The same applies to messages that are returned by multiple resources.
 For example, information about the `User` might be different when managing the user resource itself than when it's returned
 as part of an authorization or a manager role, where only limited information is needed.
 
+##### Re-using messages
+
 Prevent reusing messages for the creation and the retrieval of a resource.
 Returning messages might contain additional information that is not required or even not available for the creation of the resource.  
 What might sound obvious when designing the CreateUserRequest for example, where only an `organization_id` but not the 
@@ -190,33 +253,54 @@ In case the permission cannot be checked by the API itself, but all requests nee
 };
 ```
 
-## Pagination
+## Listing resources
 
 The API uses pagination for listing resources. The client can specify a limit and an offset to retrieve a subset of the resources.
 Additionally, the client can specify sorting options to sort the resources by a specific field.
 
-Most listing methods SHOULD provide use the `ListQuery` message to allow the client to specify the limit, offset, and sorting options.
-```protobuf
+### Pagination
 
-// ListQuery is a general query object for lists to allow pagination and sorting.
-message ListQuery {
-  uint64 offset = 1;
-  // limit is the maximum amount of objects returned. The default is set to 100
-  // with a maximum of 1000 in the runtime configuration.
-  // If the limit exceeds the maximum configured ZITADEL will throw an error.
-  // If no limit is present the default is taken.
-  uint32 limit = 2;
-  // Asc is the sorting order. If true the list is sorted ascending, if false
-  // the list is sorted descending. The default is descending.
-  bool asc = 3;
+Most listing methods SHOULD use the `PaginationRequest` message to allow the client to specify the limit, offset, and sorting options.
+```protobuf
+message ListTargetsRequest {
+  // List limitations and ordering.
+  optional zitadel.filter.v2beta.PaginationRequest pagination = 1;
+  // The field the result is sorted by. The default is the creation date. Beware that if you change this, your result pagination might be inconsistent.
+  optional TargetFieldName sorting_column = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      default: "\"TARGET_FIELD_NAME_CREATION_DATE\""
+    }
+  ];
+  // Define the criteria to query for.
+  repeated TargetSearchFilter filters = 3;
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
+    example: "{\"pagination\":{\"offset\":0,\"limit\":0,\"asc\":true},\"sortingColumn\":\"TARGET_FIELD_NAME_CREATION_DATE\",\"filters\":[{\"targetNameFilter\":{\"targetName\":\"ip_allow_list\",\"method\":\"TEXT_FILTER_METHOD_EQUALS\"}},{\"inTargetIdsFilter\":{\"targetIds\":[\"69629023906488334\",\"69622366012355662\"]}}]}";
+  };
 }
 ```
-On the corresponding responses the `ListDetails` can be used to return the total count of the resources
+
+On the corresponding responses the `PaginationResponse` can be used to return the total count of the resources
 and allow the user to handle their offset and limit accordingly.
 
 The API MUST enforce a reasonable maximum limit for the number of resources that can be retrieved and returned in a single request.
 The default limit is set to 100 and the maximum limit is set to 1000. If the client requests a limit that exceeds the maximum limit, an error is returned.
 
+### Filter method
+
+All filters in List operations SHOULD provide a method if not already specified by the filters name.
+```protobuf
+message TargetNameFilter {
+  // Defines the name of the target to query for.
+  string target_name = 1 [
+    (validate.rules).string = {max_len: 200}
+  ];
+  // Defines which text comparison method used for the name query.
+  zitadel.filter.v2beta.TextFilterMethod method = 2 [
+    (validate.rules).enum.defined_only = true
+  ];
+}
+```
+
 ## Error Handling
 
 The API returns machine-readable errors in the response body. This includes a status code, an error code and possibly 

From 898366c537f59d2bfeff5dec740ee2ccba916ce7 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 7 May 2025 15:24:24 +0200
Subject: [PATCH 041/123] fix: allow user self deletion (#9828)

# Which Problems Are Solved

Currently, users can't delete themselves using the V2 RemoveUser API
because of the redunant API middleware permission check.

On main, using a machine user PAT to delete the same machine user:

```bash
grpcurl -plaintext -H "Authorization: Bearer ${ZITADEL_ACCESS_TOKEN}" -d '{"userId": "318838604669387137"}' localhost:8080 zitadel.user.v2.UserService.DeleteUser
ERROR:
  Code: NotFound
  Message: membership not found (AUTHZ-cdgFk)
  Details:
  1)	{
    	  "@type": "type.googleapis.com/zitadel.v1.ErrorDetail",
    	  "id": "AUTHZ-cdgFk",
    	  "message": "membership not found"
    	}
```

Same on this PRs branch:

```bash
grpcurl -plaintext -H "Authorization: Bearer ${ZITADEL_ACCESS_TOKEN}" -d '{"userId": "318838604669387137"}' localhost:8080 zitadel.user.v2.UserService.DeleteUser
{
  "details": {
    "sequence": "3",
    "changeDate": "2025-05-06T13:44:54.349048Z",
    "resourceOwner": "318838541083804033"
  }
}
```

Repeated call
```bash
grpcurl -plaintext -H "Authorization: Bearer ${ZITADEL_ACCESS_TOKEN}" -d '{"userId": "318838604669387137"}' localhost:8080 zitadel.user.v2.UserService.DeleteUser
ERROR:
  Code: Unauthenticated
  Message: Errors.Token.Invalid (AUTH-7fs1e)
  Details:
  1)	{
    	  "@type": "type.googleapis.com/zitadel.v1.ErrorDetail",
    	  "id": "AUTH-7fs1e",
    	  "message": "Errors.Token.Invalid"
    	}
```

# How the Problems Are Solved

The middleware permission check is disabled and the
domain.PermissionCheck is used exclusively.

# Additional Changes

A new type command.PermissionCheck allows to optionally accept a
permission check for commands, so APIs with middleware permission checks
can omit redundant permission checks by passing nil while APIs without
middleware permission checks can pass one to the command.

# Additional Context

This is a subtask of #9763

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 .../user/v2/integration_test/user_test.go     |  50 ++--
 internal/command/permission_checks.go         |  60 ++++
 internal/command/permission_checks_test.go    | 278 ++++++++++++++++++
 internal/command/user_v2.go                   |  31 --
 internal/command/user_v2_invite.go            |   6 +-
 internal/command/user_v2_invite_test.go       |  16 +-
 internal/command/user_v2_test.go              |  93 ++++--
 proto/zitadel/user/v2/user_service.proto      |   2 +-
 proto/zitadel/user/v2beta/user_service.proto  |   2 +-
 9 files changed, 459 insertions(+), 79 deletions(-)
 create mode 100644 internal/command/permission_checks.go
 create mode 100644 internal/command/permission_checks_test.go

diff --git a/internal/api/grpc/user/v2/integration_test/user_test.go b/internal/api/grpc/user/v2/integration_test/user_test.go
index 70e670bacc..eaf352c094 100644
--- a/internal/api/grpc/user/v2/integration_test/user_test.go
+++ b/internal/api/grpc/user/v2/integration_test/user_test.go
@@ -1756,9 +1756,8 @@ func TestServer_DeleteUser(t *testing.T) {
 	projectResp, err := Instance.CreateProject(CTX)
 	require.NoError(t, err)
 	type args struct {
-		ctx     context.Context
 		req     *user.DeleteUserRequest
-		prepare func(request *user.DeleteUserRequest) error
+		prepare func(*testing.T, *user.DeleteUserRequest) context.Context
 	}
 	tests := []struct {
 		name    string
@@ -1769,23 +1768,21 @@ func TestServer_DeleteUser(t *testing.T) {
 		{
 			name: "remove, not existing",
 			args: args{
-				CTX,
 				&user.DeleteUserRequest{
 					UserId: "notexisting",
 				},
-				func(request *user.DeleteUserRequest) error { return nil },
+				func(*testing.T, *user.DeleteUserRequest) context.Context { return CTX },
 			},
 			wantErr: true,
 		},
 		{
 			name: "remove human, ok",
 			args: args{
-				ctx: CTX,
 				req: &user.DeleteUserRequest{},
-				prepare: func(request *user.DeleteUserRequest) error {
+				prepare: func(_ *testing.T, request *user.DeleteUserRequest) context.Context {
 					resp := Instance.CreateHumanUser(CTX)
 					request.UserId = resp.GetUserId()
-					return err
+					return CTX
 				},
 			},
 			want: &user.DeleteUserResponse{
@@ -1798,12 +1795,11 @@ func TestServer_DeleteUser(t *testing.T) {
 		{
 			name: "remove machine, ok",
 			args: args{
-				ctx: CTX,
 				req: &user.DeleteUserRequest{},
-				prepare: func(request *user.DeleteUserRequest) error {
+				prepare: func(_ *testing.T, request *user.DeleteUserRequest) context.Context {
 					resp := Instance.CreateMachineUser(CTX)
 					request.UserId = resp.GetUserId()
-					return err
+					return CTX
 				},
 			},
 			want: &user.DeleteUserResponse{
@@ -1816,15 +1812,37 @@ func TestServer_DeleteUser(t *testing.T) {
 		{
 			name: "remove dependencies, ok",
 			args: args{
-				ctx: CTX,
 				req: &user.DeleteUserRequest{},
-				prepare: func(request *user.DeleteUserRequest) error {
+				prepare: func(_ *testing.T, request *user.DeleteUserRequest) context.Context {
 					resp := Instance.CreateHumanUser(CTX)
 					request.UserId = resp.GetUserId()
 					Instance.CreateProjectUserGrant(t, CTX, projectResp.GetId(), request.UserId)
 					Instance.CreateProjectMembership(t, CTX, projectResp.GetId(), request.UserId)
 					Instance.CreateOrgMembership(t, CTX, request.UserId)
-					return err
+					return CTX
+				},
+			},
+			want: &user.DeleteUserResponse{
+				Details: &object.Details{
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Instance.DefaultOrg.Id,
+				},
+			},
+		},
+		{
+			name: "remove self, ok",
+			args: args{
+				req: &user.DeleteUserRequest{},
+				prepare: func(t *testing.T, request *user.DeleteUserRequest) context.Context {
+					removeUser, err := Instance.Client.Mgmt.AddMachineUser(CTX, &mgmt.AddMachineUserRequest{
+						UserName: gofakeit.Username(),
+						Name:     gofakeit.Name(),
+					})
+					request.UserId = removeUser.UserId
+					require.NoError(t, err)
+					tokenResp, err := Instance.Client.Mgmt.AddPersonalAccessToken(CTX, &mgmt.AddPersonalAccessTokenRequest{UserId: removeUser.UserId})
+					require.NoError(t, err)
+					return integration.WithAuthorizationToken(UserCTX, tokenResp.Token)
 				},
 			},
 			want: &user.DeleteUserResponse{
@@ -1837,10 +1855,8 @@ func TestServer_DeleteUser(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err := tt.args.prepare(tt.args.req)
-			require.NoError(t, err)
-
-			got, err := Client.DeleteUser(tt.args.ctx, tt.args.req)
+			ctx := tt.args.prepare(t, tt.args.req)
+			got, err := Client.DeleteUser(ctx, tt.args.req)
 			if tt.wantErr {
 				require.Error(t, err)
 				return
diff --git a/internal/command/permission_checks.go b/internal/command/permission_checks.go
new file mode 100644
index 0000000000..bec2e9b7d4
--- /dev/null
+++ b/internal/command/permission_checks.go
@@ -0,0 +1,60 @@
+package command
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/v2/user"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type PermissionCheck func(resourceOwner, aggregateID string) error
+
+func (c *Commands) newPermissionCheck(ctx context.Context, permission string, aggregateType eventstore.AggregateType) PermissionCheck {
+	return func(resourceOwner, aggregateID string) error {
+		if aggregateID == "" {
+			return zerrors.ThrowInternal(nil, "COMMAND-ulBlS", "Errors.IDMissing")
+		}
+		// For example if a write model didn't query any events, the resource owner is probably empty.
+		// In this case, we have to query an event on the given aggregate to get the resource owner.
+		if resourceOwner == "" {
+			r := NewResourceOwnerModel(authz.GetInstance(ctx).InstanceID(), aggregateType, aggregateID)
+			err := c.eventstore.FilterToQueryReducer(ctx, r)
+			if err != nil {
+				return err
+			}
+			resourceOwner = r.resourceOwner
+		}
+		if resourceOwner == "" {
+			return zerrors.ThrowNotFound(nil, "COMMAND-4g3xq", "Errors.NotFound")
+		}
+		return c.checkPermission(ctx, permission, resourceOwner, aggregateID)
+	}
+}
+
+func (c *Commands) checkPermissionOnUser(ctx context.Context, permission string) PermissionCheck {
+	return func(resourceOwner, aggregateID string) error {
+		if aggregateID != "" && aggregateID == authz.GetCtxData(ctx).UserID {
+			return nil
+		}
+		return c.newPermissionCheck(ctx, permission, user.AggregateType)(resourceOwner, aggregateID)
+	}
+}
+
+func (c *Commands) NewPermissionCheckUserWrite(ctx context.Context) PermissionCheck {
+	return c.checkPermissionOnUser(ctx, domain.PermissionUserWrite)
+}
+
+func (c *Commands) checkPermissionDeleteUser(ctx context.Context, resourceOwner, userID string) error {
+	return c.checkPermissionOnUser(ctx, domain.PermissionUserDelete)(resourceOwner, userID)
+}
+
+func (c *Commands) checkPermissionUpdateUser(ctx context.Context, resourceOwner, userID string) error {
+	return c.NewPermissionCheckUserWrite(ctx)(resourceOwner, userID)
+}
+
+func (c *Commands) checkPermissionUpdateUserCredentials(ctx context.Context, resourceOwner, userID string) error {
+	return c.checkPermissionOnUser(ctx, domain.PermissionUserCredentialWrite)(resourceOwner, userID)
+}
diff --git a/internal/command/permission_checks_test.go b/internal/command/permission_checks_test.go
new file mode 100644
index 0000000000..5c36dc14f9
--- /dev/null
+++ b/internal/command/permission_checks_test.go
@@ -0,0 +1,278 @@
+package command
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/repository"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+func TestCommands_CheckPermission(t *testing.T) {
+	type fields struct {
+		eventstore            func(*testing.T) *eventstore.Eventstore
+		domainPermissionCheck func(*testing.T) domain.PermissionCheck
+	}
+	type args struct {
+		ctx                        context.Context
+		permission                 string
+		aggregateType              eventstore.AggregateType
+		resourceOwner, aggregateID string
+	}
+	type want struct {
+		err func(error) bool
+	}
+	ctx := context.Background()
+	filterErr := errors.New("filter error")
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   want
+	}{
+		{
+			name: "resource owner is given, no query",
+			fields: fields{
+				domainPermissionCheck: mockDomainPermissionCheck(
+					ctx,
+					"permission",
+					"resourceOwner",
+					"aggregateID"),
+			},
+			args: args{
+				ctx:           ctx,
+				permission:    "permission",
+				resourceOwner: "resourceOwner",
+				aggregateID:   "aggregateID",
+			},
+		},
+		{
+			name: "resource owner is empty, query for resource owner",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(&repository.Event{
+						AggregateID:   "aggregateID",
+						ResourceOwner: sql.NullString{String: "resourceOwner"},
+					}),
+				),
+				domainPermissionCheck: mockDomainPermissionCheck(ctx, "permission", "resourceOwner", "aggregateID"),
+			},
+			args: args{
+				ctx:           ctx,
+				permission:    "permission",
+				resourceOwner: "",
+				aggregateID:   "aggregateID",
+			},
+		},
+		{
+			name: "resource owner is empty, query for resource owner, error",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilterError(filterErr),
+				),
+			},
+			args: args{
+				ctx:           ctx,
+				permission:    "permission",
+				resourceOwner: "",
+				aggregateID:   "aggregateID",
+			},
+			want: want{
+				err: func(err error) bool {
+					return errors.Is(err, filterErr)
+				},
+			},
+		},
+		{
+			name: "resource owner is empty, query for resource owner, no events",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(),
+				),
+			},
+			args: args{
+				ctx:           ctx,
+				permission:    "permission",
+				resourceOwner: "",
+				aggregateID:   "aggregateID",
+			},
+			want: want{
+				err: zerrors.IsNotFound,
+			},
+		},
+		{
+			name: "no aggregateID, internal error",
+			args: args{
+				ctx: ctx,
+			},
+			want: want{
+				err: zerrors.IsInternal,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &Commands{
+				checkPermission: func(ctx context.Context, permission, orgID, resourceID string) (err error) {
+					assert.Failf(t, "Domain permission check should not be called", "Called c.checkPermission(%v,%v,%v,%v)", ctx, permission, orgID, resourceID)
+					return nil
+				},
+				eventstore: expectEventstore()(t),
+			}
+			if tt.fields.domainPermissionCheck != nil {
+				c.checkPermission = tt.fields.domainPermissionCheck(t)
+			}
+			if tt.fields.eventstore != nil {
+				c.eventstore = tt.fields.eventstore(t)
+			}
+			err := c.newPermissionCheck(tt.args.ctx, tt.args.permission, tt.args.aggregateType)(tt.args.resourceOwner, tt.args.aggregateID)
+			if tt.want.err != nil {
+				assert.True(t, tt.want.err(err))
+			}
+		})
+	}
+}
+
+func TestCommands_CheckPermissionUserWrite(t *testing.T) {
+	type fields struct {
+		domainPermissionCheck func(*testing.T) domain.PermissionCheck
+	}
+	type args struct {
+		ctx                        context.Context
+		resourceOwner, aggregateID string
+	}
+	type want struct {
+		err func(error) bool
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   want
+	}{
+		{
+			name: "self, no permission check",
+			args: args{
+				ctx: authz.SetCtxData(context.Background(), authz.CtxData{
+					UserID: "aggregateID",
+				}),
+				resourceOwner: "resourceOwner",
+				aggregateID:   "aggregateID",
+			},
+		},
+		{
+			name: "not self, permission check",
+			fields: fields{
+				domainPermissionCheck: mockDomainPermissionCheck(
+					context.Background(),
+					"user.write",
+					"resourceOwner",
+					"foreignAggregateID"),
+			},
+			args: args{
+				ctx:           context.Background(),
+				resourceOwner: "resourceOwner",
+				aggregateID:   "foreignAggregateID",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &Commands{
+				checkPermission: func(ctx context.Context, permission, orgID, resourceID string) (err error) {
+					assert.Failf(t, "Domain permission check should not be called", "Called c.checkPermission(%v,%v,%v,%v)", ctx, permission, orgID, resourceID)
+					return nil
+				},
+			}
+			if tt.fields.domainPermissionCheck != nil {
+				c.checkPermission = tt.fields.domainPermissionCheck(t)
+			}
+			err := c.NewPermissionCheckUserWrite(tt.args.ctx)(tt.args.resourceOwner, tt.args.aggregateID)
+			if tt.want.err != nil {
+				assert.True(t, tt.want.err(err))
+			}
+		})
+	}
+}
+
+func TestCommands_CheckPermissionUserDelete(t *testing.T) {
+	type fields struct {
+		domainPermissionCheck func(*testing.T) domain.PermissionCheck
+	}
+	type args struct {
+		ctx                        context.Context
+		resourceOwner, aggregateID string
+	}
+	type want struct {
+		err func(error) bool
+	}
+	userCtx := authz.SetCtxData(context.Background(), authz.CtxData{
+		UserID: "aggregateID",
+	})
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   want
+	}{
+		{
+			name: "self, no permission check",
+			args: args{
+				ctx:           userCtx,
+				resourceOwner: "resourceOwner",
+				aggregateID:   "aggregateID",
+			},
+		},
+		{
+			name: "not self, permission check",
+			fields: fields{
+				domainPermissionCheck: mockDomainPermissionCheck(
+					context.Background(),
+					"user.delete",
+					"resourceOwner",
+					"foreignAggregateID"),
+			},
+			args: args{
+				ctx:           context.Background(),
+				resourceOwner: "resourceOwner",
+				aggregateID:   "foreignAggregateID",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &Commands{
+				checkPermission: func(ctx context.Context, permission, orgID, resourceID string) (err error) {
+					assert.Failf(t, "Domain permission check should not be called", "Called c.checkPermission(%v,%v,%v,%v)", ctx, permission, orgID, resourceID)
+					return nil
+				},
+			}
+			if tt.fields.domainPermissionCheck != nil {
+				c.checkPermission = tt.fields.domainPermissionCheck(t)
+			}
+			err := c.checkPermissionDeleteUser(tt.args.ctx, tt.args.resourceOwner, tt.args.aggregateID)
+			if tt.want.err != nil {
+				assert.True(t, tt.want.err(err))
+			}
+		})
+	}
+}
+
+func mockDomainPermissionCheck(expectCtx context.Context, expectPermission, expectResourceOwner, expectResourceID string) func(t *testing.T) domain.PermissionCheck {
+	return func(t *testing.T) domain.PermissionCheck {
+		return func(ctx context.Context, permission, orgID, resourceID string) (err error) {
+			assert.Equal(t, expectCtx, ctx)
+			assert.Equal(t, expectPermission, permission)
+			assert.Equal(t, expectResourceOwner, orgID)
+			assert.Equal(t, expectResourceID, resourceID)
+			return nil
+		}
+	}
+}
diff --git a/internal/command/user_v2.go b/internal/command/user_v2.go
index 00ca85aaf4..5f8e8d6ff5 100644
--- a/internal/command/user_v2.go
+++ b/internal/command/user_v2.go
@@ -5,7 +5,6 @@ import (
 
 	"github.com/zitadel/logging"
 
-	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/repository/user"
@@ -117,36 +116,6 @@ func (c *Commands) ReactivateUserV2(ctx context.Context, userID string) (*domain
 	return writeModelToObjectDetails(&existingHuman.WriteModel), nil
 }
 
-func (c *Commands) checkPermissionUpdateUser(ctx context.Context, resourceOwner, userID string) error {
-	if userID != "" && userID == authz.GetCtxData(ctx).UserID {
-		return nil
-	}
-	if err := c.checkPermission(ctx, domain.PermissionUserWrite, resourceOwner, userID); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (c *Commands) checkPermissionUpdateUserCredentials(ctx context.Context, resourceOwner, userID string) error {
-	if userID != "" && userID == authz.GetCtxData(ctx).UserID {
-		return nil
-	}
-	if err := c.checkPermission(ctx, domain.PermissionUserCredentialWrite, resourceOwner, userID); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (c *Commands) checkPermissionDeleteUser(ctx context.Context, resourceOwner, userID string) error {
-	if userID != "" && userID == authz.GetCtxData(ctx).UserID {
-		return nil
-	}
-	if err := c.checkPermission(ctx, domain.PermissionUserDelete, resourceOwner, userID); err != nil {
-		return err
-	}
-	return nil
-}
-
 func (c *Commands) userStateWriteModel(ctx context.Context, userID string) (writeModel *UserV2WriteModel, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
diff --git a/internal/command/user_v2_invite.go b/internal/command/user_v2_invite.go
index 1325d2e0c9..7760107146 100644
--- a/internal/command/user_v2_invite.go
+++ b/internal/command/user_v2_invite.go
@@ -73,12 +73,12 @@ func (c *Commands) ResendInviteCode(ctx context.Context, userID, resourceOwner,
 	if err != nil {
 		return nil, err
 	}
-	if err := c.checkPermissionUpdateUser(ctx, existingCode.ResourceOwner, userID); err != nil {
-		return nil, err
-	}
 	if !existingCode.UserState.Exists() {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-H3b2a", "Errors.User.NotFound")
 	}
+	if err := c.checkPermissionUpdateUser(ctx, existingCode.ResourceOwner, userID); err != nil {
+		return nil, err
+	}
 	if !existingCode.CreationAllowed() {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Gg42s", "Errors.User.AlreadyInitialised")
 	}
diff --git a/internal/command/user_v2_invite_test.go b/internal/command/user_v2_invite_test.go
index efb57d86ad..817987e7e4 100644
--- a/internal/command/user_v2_invite_test.go
+++ b/internal/command/user_v2_invite_test.go
@@ -323,7 +323,21 @@ func TestCommands_ResendInviteCode(t *testing.T) {
 			"missing permission",
 			fields{
 				eventstore: expectEventstore(
-					expectFilter(),
+					expectFilter(
+						eventFromEventPusher(
+							user.NewHumanAddedEvent(context.Background(),
+								&user.NewAggregate("userID", "org1").Aggregate,
+								"username", "firstName",
+								"lastName",
+								"nickName",
+								"displayName",
+								language.Afrikaans,
+								domain.GenderUnspecified,
+								"email",
+								false,
+							),
+						),
+					),
 				),
 				checkPermission: newMockPermissionCheckNotAllowed(),
 			},
diff --git a/internal/command/user_v2_test.go b/internal/command/user_v2_test.go
index 3eb9ecd6f7..685ad95253 100644
--- a/internal/command/user_v2_test.go
+++ b/internal/command/user_v2_test.go
@@ -9,6 +9,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/text/language"
 
+	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/repository/org"
@@ -1081,13 +1082,14 @@ func TestCommandSide_ReactivateUserV2(t *testing.T) {
 }
 
 func TestCommandSide_RemoveUserV2(t *testing.T) {
+	ctxUserID := "ctxUserID"
+	ctx := authz.SetCtxData(context.Background(), authz.CtxData{UserID: ctxUserID})
 	type fields struct {
 		eventstore      func(*testing.T) *eventstore.Eventstore
 		checkPermission domain.PermissionCheck
 	}
 	type (
 		args struct {
-			ctx                  context.Context
 			userID               string
 			cascadingMemberships []*CascadingMembership
 			grantIDs             []string
@@ -1110,7 +1112,6 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
-				ctx:    context.Background(),
 				userID: "",
 			},
 			res: res{
@@ -1128,7 +1129,6 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
-				ctx:    context.Background(),
 				userID: "user1",
 			},
 			res: res{
@@ -1143,7 +1143,7 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
-							user.NewHumanAddedEvent(context.Background(),
+							user.NewHumanAddedEvent(ctx,
 								&user.NewAggregate("user1", "org1").Aggregate,
 								"username",
 								"firstname",
@@ -1157,7 +1157,7 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 							),
 						),
 						eventFromEventPusher(
-							user.NewUserRemovedEvent(context.Background(),
+							user.NewUserRemovedEvent(ctx,
 								&user.NewAggregate("user1", "org1").Aggregate,
 								"username",
 								nil,
@@ -1169,7 +1169,6 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
-				ctx:    context.Background(),
 				userID: "user1",
 			},
 			res: res{
@@ -1184,7 +1183,7 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
-							user.NewHumanAddedEvent(context.Background(),
+							user.NewHumanAddedEvent(ctx,
 								&user.NewAggregate("user1", "org1").Aggregate,
 								"username",
 								"firstname",
@@ -1200,7 +1199,7 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 					),
 					expectFilter(
 						eventFromEventPusher(
-							org.NewDomainPolicyAddedEvent(context.Background(),
+							org.NewDomainPolicyAddedEvent(ctx,
 								&user.NewAggregate("user1", "org1").Aggregate,
 								true,
 								true,
@@ -1209,7 +1208,7 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 						),
 					),
 					expectPush(
-						user.NewUserRemovedEvent(context.Background(),
+						user.NewUserRemovedEvent(ctx,
 							&user.NewAggregate("user1", "org1").Aggregate,
 							"username",
 							nil,
@@ -1220,7 +1219,6 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
-				ctx:    context.Background(),
 				userID: "user1",
 			},
 			res: res{
@@ -1235,7 +1233,7 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
-							user.NewHumanAddedEvent(context.Background(),
+							user.NewHumanAddedEvent(ctx,
 								&user.NewAggregate("user1", "org1").Aggregate,
 								"username",
 								"firstname",
@@ -1249,7 +1247,7 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 							),
 						),
 						eventFromEventPusher(
-							user.NewHumanInitializedCheckSucceededEvent(context.Background(),
+							user.NewHumanInitializedCheckSucceededEvent(ctx,
 								&user.NewAggregate("user1", "org1").Aggregate,
 							),
 						),
@@ -1258,13 +1256,10 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				checkPermission: newMockPermissionCheckNotAllowed(),
 			},
 			args: args{
-				ctx:    context.Background(),
 				userID: "user1",
 			},
 			res: res{
-				err: func(err error) bool {
-					return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))
-				},
+				err: zerrors.IsPermissionDenied,
 			},
 		},
 		{
@@ -1273,7 +1268,7 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
-							user.NewMachineAddedEvent(context.Background(),
+							user.NewMachineAddedEvent(ctx,
 								&user.NewAggregate("user1", "org1").Aggregate,
 								"username",
 								"name",
@@ -1283,7 +1278,7 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 							),
 						),
 						eventFromEventPusher(
-							user.NewUserRemovedEvent(context.Background(),
+							user.NewUserRemovedEvent(ctx,
 								&user.NewAggregate("user1", "org1").Aggregate,
 								"username",
 								nil,
@@ -1292,10 +1287,8 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 						),
 					),
 				),
-				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
-				ctx:    context.Background(),
 				userID: "user1",
 			},
 			res: res{
@@ -1310,7 +1303,7 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
-							user.NewMachineAddedEvent(context.Background(),
+							user.NewMachineAddedEvent(ctx,
 								&user.NewAggregate("user1", "org1").Aggregate,
 								"username",
 								"name",
@@ -1322,7 +1315,7 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 					),
 					expectFilter(
 						eventFromEventPusher(
-							org.NewDomainPolicyAddedEvent(context.Background(),
+							org.NewDomainPolicyAddedEvent(ctx,
 								&user.NewAggregate("user1", "org1").Aggregate,
 								true,
 								true,
@@ -1331,7 +1324,7 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 						),
 					),
 					expectPush(
-						user.NewUserRemovedEvent(context.Background(),
+						user.NewUserRemovedEvent(ctx,
 							&user.NewAggregate("user1", "org1").Aggregate,
 							"username",
 							nil,
@@ -1342,7 +1335,6 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
-				ctx:    context.Background(),
 				userID: "user1",
 			},
 			res: res{
@@ -1351,6 +1343,56 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "remove self, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							user.NewHumanAddedEvent(ctx,
+								&user.NewAggregate(ctxUserID, "org1").Aggregate,
+								"username",
+								"firstname",
+								"lastname",
+								"nickname",
+								"displayname",
+								language.German,
+								domain.GenderUnspecified,
+								"email@test.ch",
+								true,
+							),
+						),
+					),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewDomainPolicyAddedEvent(ctx,
+								&user.NewAggregate(ctxUserID, "org1").Aggregate,
+								true,
+								true,
+								true,
+							),
+						),
+					),
+					expectPush(
+						user.NewUserRemovedEvent(ctx,
+							&user.NewAggregate(ctxUserID, "org1").Aggregate,
+							"username",
+							nil,
+							true,
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckNotAllowed(),
+			},
+			args: args{
+				userID: ctxUserID,
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -1358,7 +1400,8 @@ func TestCommandSide_RemoveUserV2(t *testing.T) {
 				eventstore:      tt.fields.eventstore(t),
 				checkPermission: tt.fields.checkPermission,
 			}
-			got, err := r.RemoveUserV2(tt.args.ctx, tt.args.userID, "", tt.args.cascadingMemberships, tt.args.grantIDs...)
+
+			got, err := r.RemoveUserV2(ctx, tt.args.userID, "", tt.args.cascadingMemberships, tt.args.grantIDs...)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
diff --git a/proto/zitadel/user/v2/user_service.proto b/proto/zitadel/user/v2/user_service.proto
index 00cb352f70..15bc2d7775 100644
--- a/proto/zitadel/user/v2/user_service.proto
+++ b/proto/zitadel/user/v2/user_service.proto
@@ -539,7 +539,7 @@ service UserService {
 
     option (zitadel.protoc_gen_zitadel.v2.options) = {
       auth_option: {
-        permission: "user.delete"
+        permission: "authenticated"
       }
     };
 
diff --git a/proto/zitadel/user/v2beta/user_service.proto b/proto/zitadel/user/v2beta/user_service.proto
index 03bc36220e..f877252f51 100644
--- a/proto/zitadel/user/v2beta/user_service.proto
+++ b/proto/zitadel/user/v2beta/user_service.proto
@@ -563,7 +563,7 @@ service UserService {
 
     option (zitadel.protoc_gen_zitadel.v2.options) = {
       auth_option: {
-        permission: "user.delete"
+        permission: "authenticated"
       }
     };
 

From c6aa6385b640f64d55e9ac273de4add22c99e2ba Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Wed, 7 May 2025 15:59:02 +0200
Subject: [PATCH 042/123] docs: add invalid information to member requests
 (#9858)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# Which Problems Are Solved

Misleading information on member endpoint requests.

# How the Problems Are Solved

Add comment to member endpoint requests that the request is invalid if
no roles are provided.

# Additional Changes

None

# Additional Context

Closes #9415

Co-authored-by: Fabienne Bühler <fabienne@zitadel.com>
---
 proto/zitadel/management.proto | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto
index e69e331f87..84c7823009 100644
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -9209,7 +9209,7 @@ message AddOrgMemberRequest {
     repeated string roles = 2  [
         (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
             example: "[\"ORG_OWNER\"]";
-            description: "If no roles are provided the user won't have any rights"
+            description: "If no roles are provided the user won't have any rights, so the member definition will be regarded as invalid."
         }
     ];
 }
@@ -9222,7 +9222,7 @@ message UpdateOrgMemberRequest {
     repeated string roles = 2 [
         (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
             example: "[\"IAM_OWNER\"]";
-            description: "If no roles are provided the user won't have any rights"
+            description: "If no roles are provided the user won't have any rights, so the member definition will be regarded as invalid."
         }
     ];
 }
@@ -9643,7 +9643,7 @@ message AddProjectMemberRequest {
     repeated string roles = 3 [
         (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
             example: "[\"PROJECT_OWNER\"]";
-            description: "If no roles are provided the user won't have any rights"
+            description: "If no roles are provided the user won't have any rights, so the member definition will be regarded as invalid."
         }
     ];
 }
@@ -9658,7 +9658,7 @@ message UpdateProjectMemberRequest {
     repeated string roles = 3 [
         (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
             example: "[\"PROJECT_OWNER\"]";
-            description: "If no roles are provided the user won't have any rights"
+            description: "If no roles are provided the user won't have any rights, so the member definition will be regarded as invalid."
         }
     ];
 }
@@ -10313,7 +10313,7 @@ message AddProjectGrantMemberRequest {
     repeated string roles = 4 [
         (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
             example: "[\"PROJECT_GRANT_OWNER\"]";
-            description: "If no roles are provided the user won't have any rights"
+            description: "If no roles are provided the user won't have any rights, so the member definition will be regarded as invalid."
         }
     ];
 }
@@ -10337,7 +10337,7 @@ message UpdateProjectGrantMemberRequest {
     repeated string roles = 4 [
         (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
             example: "[\"PROJECT_GRANT_OWNER\"]";
-            description: "If no roles are provided the user won't have any rights"
+            description: "If no roles are provided the user won't have any rights, so the member definition will be regarded as invalid."
         }
     ];
 }

From 21167a4bba8b74720422f2b09ff6753ddb24b67d Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Wed, 7 May 2025 16:26:53 +0200
Subject: [PATCH 043/123] fix: add current state for execution handler into
 setup (#9863)

# Which Problems Are Solved

The execution handler projection handles all events to check if an
execution has to be provided to the worker to execute.
In this logic all events would be processed from the beginning which is
not necessary.

# How the Problems Are Solved

Add the current state to the execution handler projection, to avoid
processing all existing events.

# Additional Changes

Add custom configuration to the default, so that the transactions are
limited to some events.

# Additional Context

None
---
 cmd/defaults.yaml   |  3 ++-
 cmd/setup/38.go     |  1 -
 cmd/setup/55.go     | 27 +++++++++++++++++++++++++++
 cmd/setup/55.sql    | 22 ++++++++++++++++++++++
 cmd/setup/config.go |  1 +
 cmd/setup/setup.go  |  4 +++-
 cmd/start/start.go  |  2 +-
 7 files changed, 56 insertions(+), 4 deletions(-)
 create mode 100644 cmd/setup/55.go
 create mode 100644 cmd/setup/55.sql

diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index 0d71b4d817..c13d5337b1 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -387,7 +387,8 @@ Projections:
     org_domain_verified_fields:
       TransactionDuration: 0s
       BulkLimit: 2000
-
+    execution_handler:
+      BulkLimit: 10
     # The Notifications projection is used for preparing the messages (emails and SMS) to be sent to users
     Notifications:
       # As notification projections don't result in database statements, retries don't have an effect
diff --git a/cmd/setup/38.go b/cmd/setup/38.go
index 0a102c9d12..810510bfdd 100644
--- a/cmd/setup/38.go
+++ b/cmd/setup/38.go
@@ -15,7 +15,6 @@ var (
 
 type BackChannelLogoutNotificationStart struct {
 	dbClient *database.DB
-	esClient *eventstore.Eventstore
 }
 
 func (mig *BackChannelLogoutNotificationStart) Execute(ctx context.Context, e eventstore.Event) error {
diff --git a/cmd/setup/55.go b/cmd/setup/55.go
new file mode 100644
index 0000000000..19083515e5
--- /dev/null
+++ b/cmd/setup/55.go
@@ -0,0 +1,27 @@
+package setup
+
+import (
+	"context"
+	_ "embed"
+
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/eventstore"
+)
+
+var (
+	//go:embed 55.sql
+	executionHandlerCurrentState string
+)
+
+type ExecutionHandlerStart struct {
+	dbClient *database.DB
+}
+
+func (mig *ExecutionHandlerStart) Execute(ctx context.Context, e eventstore.Event) error {
+	_, err := mig.dbClient.ExecContext(ctx, executionHandlerCurrentState, e.Sequence(), e.CreatedAt(), e.Position())
+	return err
+}
+
+func (mig *ExecutionHandlerStart) String() string {
+	return "55_execution_handler_start"
+}
diff --git a/cmd/setup/55.sql b/cmd/setup/55.sql
new file mode 100644
index 0000000000..60c45d5f94
--- /dev/null
+++ b/cmd/setup/55.sql
@@ -0,0 +1,22 @@
+INSERT INTO projections.current_states AS cs ( instance_id
+                                             , projection_name
+                                             , last_updated
+                                             , sequence
+                                             , event_date
+                                             , position
+                                             , filter_offset)
+SELECT instance_id
+     , 'projections.execution_handler'
+     , now()
+     , $1
+     , $2
+     , $3
+     , 0
+FROM eventstore.events2 AS e
+WHERE aggregate_type = 'instance'
+  AND event_type = 'instance.added'
+ON CONFLICT (instance_id, projection_name) DO UPDATE SET last_updated  = EXCLUDED.last_updated,
+                                                         sequence      = EXCLUDED.sequence,
+                                                         event_date    = EXCLUDED.event_date,
+                                                         position      = EXCLUDED.position,
+                                                         filter_offset = EXCLUDED.filter_offset;
\ No newline at end of file
diff --git a/cmd/setup/config.go b/cmd/setup/config.go
index 127f9d7599..5e5c842b14 100644
--- a/cmd/setup/config.go
+++ b/cmd/setup/config.go
@@ -151,6 +151,7 @@ type Steps struct {
 	s52IDPTemplate6LDAP2                    *IDPTemplate6LDAP2
 	s53InitPermittedOrgsFunction            *InitPermittedOrgsFunction53
 	s54InstancePositionIndex                *InstancePositionIndex
+	s55ExecutionHandlerStart                *ExecutionHandlerStart
 }
 
 func MustNewSteps(v *viper.Viper) *Steps {
diff --git a/cmd/setup/setup.go b/cmd/setup/setup.go
index eead1980ed..58bc89d2e4 100644
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -198,7 +198,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 	steps.s35AddPositionToIndexEsWm = &AddPositionToIndexEsWm{dbClient: dbClient}
 	steps.s36FillV2Milestones = &FillV3Milestones{dbClient: dbClient, eventstore: eventstoreClient}
 	steps.s37Apps7OIDConfigsBackChannelLogoutURI = &Apps7OIDConfigsBackChannelLogoutURI{dbClient: dbClient}
-	steps.s38BackChannelLogoutNotificationStart = &BackChannelLogoutNotificationStart{dbClient: dbClient, esClient: eventstoreClient}
+	steps.s38BackChannelLogoutNotificationStart = &BackChannelLogoutNotificationStart{dbClient: dbClient}
 	steps.s40InitPushFunc = &InitPushFunc{dbClient: dbClient}
 	steps.s42Apps7OIDCConfigsLoginVersion = &Apps7OIDCConfigsLoginVersion{dbClient: dbClient}
 	steps.s43CreateFieldsDomainIndex = &CreateFieldsDomainIndex{dbClient: dbClient}
@@ -213,6 +213,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 	steps.s52IDPTemplate6LDAP2 = &IDPTemplate6LDAP2{dbClient: dbClient}
 	steps.s53InitPermittedOrgsFunction = &InitPermittedOrgsFunction53{dbClient: dbClient}
 	steps.s54InstancePositionIndex = &InstancePositionIndex{dbClient: dbClient}
+	steps.s55ExecutionHandlerStart = &ExecutionHandlerStart{dbClient: dbClient}
 
 	err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil, nil)
 	logging.OnError(err).Fatal("unable to start projections")
@@ -256,6 +257,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 		steps.s52IDPTemplate6LDAP2,
 		steps.s53InitPermittedOrgsFunction,
 		steps.s54InstancePositionIndex,
+		steps.s55ExecutionHandlerStart,
 	} {
 		setupErr = executeMigration(ctx, eventstoreClient, step, "migration failed")
 		if setupErr != nil {
diff --git a/cmd/start/start.go b/cmd/start/start.go
index e3d84625b4..52d9c6fba8 100644
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -304,7 +304,7 @@ func startZitadel(ctx context.Context, config *Config, masterKey string, server
 
 	execution.Register(
 		ctx,
-		config.Projections.Customizations["executions"],
+		config.Projections.Customizations["execution_handler"],
 		config.Executions,
 		queries,
 		eventstoreClient.EventTypes(),

From 577bf9c710490ee34d54f7ffc9e3ae79ae556899 Mon Sep 17 00:00:00 2001
From: Maximilian <mpa@zitadel.com>
Date: Wed, 7 May 2025 17:58:21 +0200
Subject: [PATCH 044/123] docs(legal): Update to DPA and privacy policy
 documents (May 2025) (#9566)

We are bringing our DPA and privacy policy document in line with our
changes to the corporate structure, changes to subprocessors, and new
cookie technologies.

This PR replaces #3055 which included more changes to terms of service.
The changes to terms of service will follow in a second step.

---------

Co-authored-by: Florian Forster <florian@zitadel.com>
---
 docs/docs/legal/data-processing-agreement.mdx | 274 ++++++++++++++----
 docs/docs/legal/policies/privacy-policy.mdx   | 231 ++++++++++-----
 docs/src/components/pii_table.jsx             | 106 +++++++
 docs/src/components/subprocessors.jsx         | 162 -----------
 4 files changed, 490 insertions(+), 283 deletions(-)
 create mode 100644 docs/src/components/pii_table.jsx
 delete mode 100644 docs/src/components/subprocessors.jsx

diff --git a/docs/docs/legal/data-processing-agreement.mdx b/docs/docs/legal/data-processing-agreement.mdx
index 63a393605f..78f14aa730 100644
--- a/docs/docs/legal/data-processing-agreement.mdx
+++ b/docs/docs/legal/data-processing-agreement.mdx
@@ -1,113 +1,277 @@
 ---
 title: Data Processing Agreement
 custom_edit_url: null
-custom:
-    created_at: 2022-07-15
-    updated_at: 2023-11-16
 --- 
-import PiidTable from './_piid-table.mdx';
 
-Last updated on November 15, 2023
+Last updated on May 8, 2025
 
-Within the scope of the [**Framework Agreement**](terms-of-service), the **Processor** (CAOS Ltd., also **ZITADEL**) processes **Personal Data** on behalf of the **Customer** (Responsible Party), collectively the **"Parties"**.
+This Data Protection Agreement and its annexes (“**DPA**”) are part of the [Framework Agreement](./terms-of-service) between Zitadel, Inc. and it's affiliates ("**Zitadel**") and the Customer in respect of the provision of certain services, including any applicable statement of work, booking, purchase order (PO) or any agreed upon instructions (the "**Agreement**") and applies where, and to the extent that, Zitadel processes Personal Data as a Processor on behalf of the Customer under the Framework Agreement (each a “**Party**” and together the “**Parties**”).
 
-This Annex to the Agreement governs the Parties' data protection obligations in addition to the provisions of the Agreement.
+All capitalized terms not defined in this DPA will have the meanings set forth in the Agreement.
+Any privacy or data protection related clauses or agreement previously entered into by Zitadel and the Customer, with regards to the subject matter of this DPA, will be superseded and replaced by this DPA.
+No one other than a Party to this DPA, their successors and permitted assignees will have any right to enforce any of its terms.
 
-## Subject matter, duration, nature and purpose of the processing as well as the type of personal data and categories of data subjects
+This DPA shall become legally binding upon Customer entering into the Agreement.
 
-This annex reflects the commitment of both parties to abide by the applicable data protection laws for the processing of Personal Data for the purpose of Processor's execution of the Framework Agreement.
+## Definitions
 
-The duration of the Processing shall correspond to the duration of the Agreement, unless otherwise provided for in this Annex or unless individual provisions obviously result in obligations going beyond this.
+"**Applicable Data Protection Law**" means all worldwide data protection and privacy laws and regulations applicable to the Personal Data, including, where applicable, EU/UK Data Protection Law and US Data Protection Laws (in each case, as amended, adopted, or superseded from time to time).
 
-In particular, the following Personal Data are part of the processing:
-<PiidTable />
+“**Controller**,” “**collecting**,” “**processor**,” and “**processing**,” shall have the meanings given to them under Applicable Data Protection Law.
 
-## Scope and responsibility
+“**Business**,” “**service provider**,” “**contractor**,” “**selling**,” “**sharing**” and “**third party**” shall have the meanings given to them under applicable US Data Protection Laws.
 
-Under this Agreement, the Processor shall process Personal Data on behalf of the Customer.
+"**Customer Data**" means information, data and other content, in any form or medium, that is submitted, posted or otherwise transmitted by or on behalf of the Customer through the Zitadel Cloud or Services. For the avoidance of doubt, Customer Data includes Customer Personal Data.
 
-This Annex applies to all processing of Customer's data (including data of the users of Customer's organization) with reference to persons ("**Personal Data**") which is related to the Agreement and which is carried out by the Processor, its employees or agents.
+“**Customer Personal Data**” means, in any form or medium, all Personal Data that is processed by Zitadel or its sub-processors on behalf of Customer in connection with the Agreement.
 
-The Customer shall be responsible for compliance with the statutory provisions of the data protection laws, in particular for the lawfulness of the transfer of data to the Processor as well as for the lawfulness of the data processing.
+“**EU/UK Data Protection Law**” means: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, also known as the General Data Protection Regulation (“**GDPR**”); (ii) the GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 (“**UK GDPR**”); (iii) the EU e-Privacy Directive (Directive 2002/58/EC); (iv) the Swiss Federal Act on Data Protection of 2020 and its Ordinance (“**Swiss FADP**”) and (v) any and all applicable national data protection laws and regulatory requirements made under, pursuant to or that apply in conjunction with any of (i), (ii) or (iii); in each case as may be amended or superseded from time to time.
 
-The Processor is responsible for taking appropriate technical and organizational protection measures so that its processing complies with the legal requirements and ensures the protection of the rights of the Data Subjects.
+“**Personal Data**” shall have the meaning given to it, or to the terms “personally identifiable information” and “personal information” under applicable Data Protection Law, but shall include, at a minimum, any information related to an identified or identifiable natural person.
+
+“**Restricted Transfer**” means: (i) where the GDPR applies, a transfer of Personal Data from the EEA to a country outside of the EEA which is not subject to an adequacy determination by the European Commission;  and (ii) where UK-GDPR applies, a transfer of Personal Data from the United Kingdom to any other country which is not subject to adequacy regulations pursuant to Section 17A of the United Kingdom Data Protection Act 2018, in each case whether such transfer is direct or via onward transfer.  
+
+“**Security Incident**” means any unauthorized or unlawful breach of security leading to, or reasonably believed to have led to, the accidental or unlawful destruction, loss, or alteration of, or unauthorized disclosure or access to, Personal Data transmitted, stored or otherwise processed by Zitadel under or in connection with the Agreement.
+
+“**Standard Contractual Clauses**” or “**SCCs**” means the contractual clauses annexed to the European Commission’s Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
+
+“**sub-processor**” means any third-party processor engaged by Zitadel to process Customer Data (but shall not include Zitadel employees, contractors or consultants).
+
+“**UK Addendum**” means the International Data Transfer Addendum (version B1.0) issued by the Information Commissioner’s Office under S119(A) of the UK Data Protection Act 2018, as updated or amended from time to time.
+
+“**US Data Protection Laws**” means any relevant U.S. federal and state privacy laws (and any implementing regulations and amendment thereto) effective as of the date of this DPA and that applies to the processing of Customer Personal Data under the Agreement, which may include, depending on the circumstances and without limitation, (i) the California Consumer Privacy Act (Cal. Civ. Code §§ 1798.100 et seq.), as amended by the California Privacy Rights Act of 2020 along with its implementing regulations (“**CCPA**”), (ii) the Colorado Privacy Act (Colo. Rev. Stat. §§ 6-1-1301 et seq.) (CPA), (iii) Connecticut’s Data Privacy Act (CTDPA), (iv) the Utah Consumer Privacy Act (Utah Code Ann. §§ 13-61-101 et seq.) (UCPA) and (v) the Virginia Consumer Data Protection Act VA Code Ann. §§ 59.1-575 et seq. (VCDPA).
+
+## Processing of Personal Data
+
+This DPA applies where and only to the extent that Zitadel processes Customer Personal Data in connection with the provision of the Services under the Agreement involving the processing of Personal Data protected by Applicable Data Protection Law.
+This DPA reflects the commitment of both Parties to abide by Applicable Data Protection Law for the processing of Personal Data by Zitadel as a processor for the purpose of the Zitadel's provision of the Services and its execution of the Agreement.
+
+This DPA will become effective on the date the Agreement enters into effect and will remain in force for the term of the Agreement, unless otherwise provided for in this DPA or unless individual provisions obviously result in obligations going beyond this.
+For the avoidance of doubt, the terms of the Framework Agreement will continue in full force and effect; however, to the extent any term in any Agreement regarding either Party’s obligations with respect to Customer Data is less restrictive than or is inconsistent with this DPA, the terms of this DPA shall supersede and control.
+
+The Parties acknowledge that the following Customer Data will be processed as part of the Services:
+
+import { PiiTable } from "../../src/components/pii_table";
+
+<PiiTable />
+
+## Scope
+
+Under this Agreement, Zitadel shall process Customer Personal Data to perform its obligations under the Agreement and and strictly in accordance with the documented instructions of Customer (the “**Permitted Purpose**”), except where otherwise required by law(s) that are not incompatible with Applicable Data Protection Law.
+
+The Parties acknowledge and agree that for the purposes of this DPA, the Customer is the controller and appoints Zitadel as a processor to process the Customer Personal Data.
+To the extent that the Parties are subject to the California Consumer Privacy Act (CCPA), the Customer is the business whereas Zitadel is a service provider to the Customer.
+Each Party shall comply with the obligations that apply to it under Applicable Data Protection Law.
+
+Each Party shall comply with its own obligations under Applicable Data Protection Law in respect of any Customer Personal Data processed under the Agreement.
+
+## Customer's Responsibilities
+
+The Customer’s instructions to Zitadel shall comply with Applicable Data Protection Law.
+The Customer will have sole responsibility for the accuracy, quality and legality of the Customer Data, the means by which the Customer acquired the Customer Data, and the Customer's permissions to process the Customer Data pursuant to this DPA.
+
+As required under Applicable Data Protection Law, the Customer will provide all necessary notices to data subjects and secure the applicable lawful grounds for processing Data under the DPA, including where applicable, all necessary permissions and consents from them. To the extent required under Applicable Data Protection Law, the Customer will receive and document the appropriate consent from the data subject(s).
+
+The Customer represents and warrants that (i) it complies with Applicable Data Protection Law as relevant to the lawful processing by Zitadel of Customer Personal Data for the purposes contemplated by this DPA and the Agreement; and (ii) to the knowledge of the Customer, the processing of Customer Personal Data by Zitadel in accordance with the Customer’s instructions will not cause Zitadel to be in breach of any Applicable Data Protection Law.
+
+The Customer shall not disclose any special categories of Personal Data or sensitive personal information (as these terms are defined under Applicable Data Protection Law) to Zitadel for processing.
 
 ## Obligations of the processor
 
-### Bound by directions
+### Bound by the Customer's directions and instructions
 
-The Processor processes personal data in accordance with its privacy policy (cf. [Privacy Policy](/legal/policies/privacy-policy)) and on the documented directions of the Customer. The initial direction result from the Agreement. Subsequent instructions shall be given either in writing, whereby e-mail shall suffice, or orally with immediate written confirmation.
+Customer hereby instructs Zitadel to process Customer Data for the Permitted Purpose.
 
-If the Processor is of the opinion that a direction of the Customer violates the Agreement, the GDPR or other data protection provisions of the EU, EU Member States or Switzerland, it shall inform the Customer thereof and shall be entitled to suspend the Processing until the instruction is withdrawn or confirmed.
+Zitadel processes Personal Data in accordance with its privacy policy (cf. [Privacy Policy](./policies/privacy-policy)) and upon the documented directions of the Customer (which includes the Agreement).
+Subsequent instructions shall be given either in writing, whereby e-mail shall suffice, or orally with immediate written confirmation.
 
-### Obligation of the processing persons to confidentiality
+Zitadel shall promptly inform Customer if it becomes aware that such processing instructions infringe Applicable Data Protection Law (but without obligation to actively monitor compliance with Applicable Data Protection Law).
+In such case, Zitadel shall be entitled to suspend the processing until the infringing instruction is withdrawn or confirmed.
 
-The Processor shall ensure that the persons authorized to process the Personal Data have committed themselves to confidentiality, unless they are already subject to an appropriate statutory duty of confidentiality.
+### Confidentiality obligations
+
+Zitadel shall ensure that any person that it authorizes to process Customer Data (including Zitadel’s staff, agents and sub-processors) (an “Authorized Person”) shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty) and shall not permit any person to process the Customer Data that is not under such a duty of confidentiality.
+Zitadel shall ensure that all Authorised Persons process the Customer Data only as necessary for the Permitted Purpose.
 
 ### Technical and organizational measures
 
-The Processor has taken appropriate technical and organizational security measures, maintains them for the duration of the Processing and updates them on an ongoing basis in accordance with the current state of technology.
-
-The technical and organizational security measures are described in more detail in the [annex](#annex-regarding-security-measures) to this appendix.
+Zitadel shall implement appropriate technical and organizational measures to protect the Customer Data from a Security Incident, as described in Annex II to this DPA.
+Such measures shall comply with all Applicable Data Protection Law and shall further have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
+The Customer acknowledges that such measures are subject to technical progress and development and that Zitadel may update or modify such measures from time to time, provided that such updates and modifications do not degrade or diminish overall security of the Customer Data, or of the Services under the Agreement.
 
 ### Involvement of subcontracted processors
 
-A current and complete [list of involved and approved sub-processors](./subprocessors) can be found in our legal section.
+Customer agrees that Zitadel may engage sub-processors to process Customer Data on Customer’s behalf. A current and complete [list of involved and approved sub-processors](https://zitadel.com/trust) can be found on our [Trust Center](https://zitadel.com/trust) (as may be updated from time to time in accordance with this DPA).
 
-The Processor is entitled to involve additional sub-processors.
-In this case, the Processor shall inform the Responsible Party about any intended change regarding sub-processors and update the list of involved an approved sub-processors.
-The Customer has the right to object to such changes.
-If the Parties are unable to reach a mutual agreement within 30 days of receipt of the objection by the Processor, the Customer may terminate the Agreement extraordinarily.
+Zitadel will notify Customer by updating the list of sub-processors and, if Customer has subscribed to notices, via email.
+If, within five (5) calendar days after such notice, Customer notifies Zitadel in writing that Customer objects to Zitadel's appointment of a new sub-processor based on reasonable data protection concerns, the parties will discuss such concerns in good faith with a view to achieving a commercially reasonable resolution.
+If the parties are not able to mutually agree to a resolution of such concerns, Customer, as its sole and exclusive remedy, may terminate the Agreement for convenience with no refunds and Customer will remain liable to pay any committed fees in an order form, order, statement of work or other similar ordering document.
 
-The Processor obligates itself to impose on all sub-processors, by means of a contract (or in another appropriate manner), the same data protection obligations as are imposed on it by this Annex.
-In particular, sufficient guarantees shall be provided that the appropriate technical and organizational measures are implemented in such a way that the processing by the sub-processor is carried out in accordance with the legal requirements.
+Zitadel shall inform the Customer if it adds or replaces any sub-processor at least fifteen (15) days prior to any such change (including details of the processing it performs or will perform).
+The Customer may object in writing to Zitadel’s engagement of a new sub-processor on reasonable grounds relating to the protection of Customer Personal Data by notifying Zitadel promptly in writing within fifteen (15) calendar days of receipt of Zitadel’s notice.
+In such case, the parties shall discuss Customer’s concerns in good faith with a view to achieving a commercially reasonable resolution.
+If such objection right is not exercised by Customer, silence shall be deemed to constitute an approval of the relevant sub-processor engagement.
 
-Our websites and services may involve processing by third-party sub-processors with country of registration outside of Switzerland or the EU/EAA.
-In these cases, we only transfer personal data after we have implemented the legally required measures for this, such as concluding standard contractual clauses on data protection or obtaining the consent of the data subjects. If interested, the documentation on these measures can be obtained from the contact person mentioned above.
-The country of registration of a sub-processor may be different from the hosting location of the data. Please refer to the [list of involved and approved sub-processors](./subprocessors) for more details.
+Where Zitadel appoints a sub-processor, Zitadel shall: (i) enter into an agreement with each sub-processor containing data protection terms that provide at least the same level of protection for Customer Data as those contained in this DPA, to the extent applicable to the nature of the services provided by such sub-processor; and (ii) remain responsible to the Customer for Zitadel’s sub-processors’ failure to perform their obligations with respect to the processing of Customer Data.
 
-If the sub-processor fails to comply with its data protection obligations, the processor shall be liable to the customer for this as for its own conduct.
+Taking into account the safeguards set forth in this DPA, Customer Data may be processed outside of Switzerland or the EU/EAA, such as in the United States or any country in which Zitadel or is sub-processors operate. Our [list of involved and approved sub-processors](https://zitadel.com/trust) provides additional details.
 
 ### Assistance in responding to requests
 
-The Processor shall support the Customer as far as possible with suitable technical and organizational measures in fulfilling its obligation to respond to requests to exercise the data subject's rights (**"Data Subject Request"**).
-The Processor will promptly notify the Customer if it receives a Data Subject Request.
-The Processor will not respond to a Data Subject Request, provided that the Customer agrees the Processor may at its discretion respond to confirm that such request relates to the Customer.
-The Customer acknowledges and agrees that the Services include features which will allow the Customer to manage Data Subject Requests directly through the Services without additional assistance from the Processor.
-If the Customer does not have the ability to address a Data Subject Request, the Processor will, upon the Customer’s written request, provide reasonable assistance to facilitate the Customer’s response to the Data Subject Request to the extent such assistance is consistent with applicable law; provided that the Customer will be responsible for paying for any costs incurred or fees charged by the Processor for providing such assistance.
+Zitadel shall provide all reasonable and timely assistance (which may include by appropriate technical and organizational measures) to the Customer to enable the Customer to respond to: (i) any request from a data subject to exercise any of their rights under Applicable Data Protection Law ("**Data Subject Request**"); and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of Customer Personal Data.
 
-The Processor, unless prohibited from doing so by applicable law, will promptly notify the Customer of any requests from a regulator or any other authority in relation to Personal Data that is being processed on behalf of the Customer, given that request resulted in disclosure of Personal Data to the regulator or any other authority.
+In the event that any such request, correspondence, enquiry or complaint is made directly to Zitadel, Zitadel shall promptly inform the Customer providing full details of the same.
+Zitadel will not respond to a Data Subject Request, however the Customer acknowledges and agrees that Zitadel may at its discretion respond to confirm that such request relates to the Customer.
 
-### Further support for the customer
+The Customer hereby acknowledges and agrees that the Services include features which will allow the Customer to manage Data Subject Requests directly through the Services without additional assistance from the Processor.
+If the Customer does not have the ability to address a Data Subject Request, Zitadel will, upon the Customer’s written request, provide reasonable assistance to facilitate the Customer’s response to such Data Subject Request to the extent such assistance is consistent with Applicable Data Protection Law; provided that the Customer will be responsible for paying for any reasonable costs incurred or fees charged by Zitadel for providing such assistance.
 
-The Processor shall, taking into account the nature of the processing and the information available to it, assist the Customer in complying with its obligations in connection with the security of the processing, any notifications of [Security Incidents](#security-incidents), and any data protection impact assessments.
+Zitadel, unless prohibited from doing so by applicable law, will promptly notify the Customer of any requests from a regulator, law enforcement authority or any other relevant and competent authority in relation to the Customer Personal Data that is being processed on behalf of the Customer, to the extent that the request may result in the disclosure of Customer Personal Data to such regulator, law enforcement authority or any other relevant and competent authority.
+
+### Cooperation and support for the Customer
+
+Zitadel shall provide the Customer with all such reasonable and timely assistance as Customer may require in order to enable it to conduct a data protection impact assessment (or equivalent document) where required by Applicable Data Protection Law, including, if necessary, to assist Customer to consult with its relevant data protection or other regulatory authority.
 
 ### Security incidents
 
-The Processor will notify the Customer of any incident, meaning breach of security or other action or inaction leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data covered under this (***Security Incident"**) without undue delay, and will promptly provide the Customer with all reasonable information concerning the Security Incident insofar as it affects the Customer.
-If possible, the Processor will promptly implement measures proposed in the notification.
-Insofar required the Processor will assist the Customer in notifying any applicable regulatory authority.
+Upon becoming aware of a Security Incident, Zitadel shall inform Customer without undue delay and provide all such timely information and cooperation as Customer may require for the Customer to fulfil its data breach or cybersecurity incident reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law.
+Customer shall further take all such measures and actions as are reasonable and necessary to investigate, contain, and remediate or mitigate the effects of the Security Incident, to the extent that the remediation is within Zitadel's control, and shall keep Customer informed of all material developments in connection with the Security Incident.
+
+Notwithstanding anything to the contrary, Zitadel's notification of or response to a Security Incident under this section will not be construed as an acknowledgment by Zitadel of any fault or liability with respect to such Security Incident.
 
 ### Deletion or destruction after termination
 
-Upon Customer's request, the Processor shall delete personal data received after the end of the agreement, unless there is a legal obligation for the Processor to store or further process such data.
+Upon termination or expiry of the Agreement, Zitadel shall (at the Customer’s election) destroy or return to the Customer all Customer Data (including all copies of the Customer Data) in its possession or control (including any Customer Data subcontracted to a third party for processing).
+This requirement shall not apply to the extent that Zitadel is required by any applicable law to retain some or all Customer Data, in which case Zitadel shall isolate and protect the Customer Data from any further processing except to the extent required by such law until deletion is possible.
 
-### Information and control rights of the customer
+### Customer's information and audit rights
 
-The Processor shall provide the Customer with all information necessary to demonstrate compliance with the obligations set forth in this annex or to respond to requests from an applicable supervisory authority, subject to the confidentiality terms in the Framework Agreement.
-The Processor shall enable and contribute to audits, including inspections, carried out by the Customer or an auditor appointed by the Customer.
+To the extent required under Applicable Data Protection Law and on written request from the Customer, Zitadel shall provide written responses (which may include audit report summaries/extracts) to all reasonable requests for information made by the Customer related to its processing of Customer Personal Data as necessary to confirm Zitadel's compliance with this DPA.
+The Customer shall not exercise this right more than once in any twelve (12)-month rolling period, except (i) if and when required by instruction of a competent data protection or other regulatory authority; or (ii) if Zitadel has experienced a Security Incident where Customer was directly impacted.
 
-The procedure to be followed in the event of directions that are presumed to be unlawful is governed by the section [Bound by directions](#bound-by-directions) of this Appendix.
+Nothing in this section shall be construed to require Zitadel to document or provide: (i) trade secrets or any proprietary information; (ii) any information that would violate Zitadel’s confidentiality obligations, contractual obligations, or applicable law; or (iii) any information, the disclosure of which could threaten, compromise, or otherwise put at risk the security, confidentiality, or integrity of Zitadel’s infrastructure, networks, systems, algorithms or data.
 
-## Annex regarding security measures
+### Service Optimization
 
-The Processor has taken the following organizational and technical security measures to ensure a level of protection of the Personal Data processed that is appropriate to the risk:
+Where permitted by Applicable Data Protection Law, Zitadel may process Customer Data: (i) for its internal uses to build or improve the quality of its services; (ii) to detect Security Incidents; and (iii) to protect against fraudulent or illegal activity.
+
+Zitadel may: (i) compile aggregated and/or de-identified information in connection with the provision of the Services, provided that such information cannot reasonably be used to identify Customer or any data subject to whom Customer Personal Data relates (“Aggregated and/or De-Identified Data”); and (ii) use such Aggregated and/or De-Identified Data for its lawful business purposes in accordance with Applicable Data Protection Law.
+
+### Data Transfers
+
+Where either Party intends to transfer Personal Data cross-border and Applicable Data Protection Law requires certain measures to be implemented prior to such transfer, each Party agrees to implement such measures to ensure compliance with Applicable Data Protection Law.  
+
+To the extent that the transfer of Personal Data from Customer to Zitadel involves a transfer of Personal Data outside the European Economic Area (EEA), Switzerland, or the United Kingdom to a jurisdiction which is not subject to an adequacy determination by the European Commission, United Kingdom or Swiss authorities (as applicable) that covers such transfer, then the SCCs are hereby incorporated by reference and form an integral part of the DPA.
+
+#### EEA Transfers
+
+To the extent that Customer Personal Data is subject to the GDPR, and the transfer would be a Restricted Transfer, the SCCs apply as follows:
+
+1) the Customer is the ‘data exporter’ and Zitadel is the ‘data importer’;  
+2) the Module Two terms (Transfer controller to processor) apply;  
+3) in Clause 7, the optional docking clause does not apply;  
+4) in Clause 9, Option 2 (General Authorization) applies and the time period for prior notice of sub-processor changes is set out in this DPA;  
+5) in Clause 11, the optional language does not apply;  
+6) in Clause 17, Option 1 applies, and the SCCs are governed by German law;  
+7) in Clause 18(b), disputes will be resolved before the courts of Hamburg in Germany;  
+8) in Annex I, the details of the parties and the transfer are set out in the Agreement;  
+9) in Clause 13(a) and Annex I, the Hamburg data protection authority will act as competent supervisory authority;  
+10) in Annex II, the description of the technical and organizational security measures is set out in Annex 2 of this DPA or, if not set out therein, the applicable statement of work; and  
+11) in Annex III, the list of sub-processors is set out at the address [https://zitadel.com/trust](https://zitadel.com/trust) or, if not set out therein, applicable statement of work.
+
+#### Swiss Transfers
+
+To the extent that Customer Personal Data is subject to Swiss law, and the transfer would be a Restricted Transfer, the SCCs apply as set out above with the following modifications:
+
+1) references to ‘Regulation (EU) 2016/679’ are interpreted as references to the Swiss FADP or any successor thereof;  
+2) references to specific articles of ‘Regulation (EU) 2016/679’ are replaced with the equivalent article or section of the Swiss FADP,  
+3) references to ‘EU’, ‘Union’ and ‘Member State’ are replaced with ‘Switzerland’,  
+4) Clause 13(a) and Part C of Annex 2 is not used and the ‘competent supervisory authority’ is the Swiss Federal Data Protection Information Commissioner (“**FDPIC**”) or, if the transfer is subject to both the Swiss FADP and the GDPR, the FDPIC (insofar as the transfer is governed by the Swiss FADP) or the DPC (insofar as the transfer is governed by the GDPR),  
+5) references to the ‘competent supervisory authority’ and ‘competent courts’ are replaced with the FDPIC and ‘competent Swiss courts’,  
+6) in Clause 17, the SCCs are governed by the laws of Switzerland,  
+7) in Clause 18(b), disputes will be resolved before the competent Swiss courts, and  
+8) the SCCs also protect the data of legal entities until entry into force of the revised Swiss FADP.
+
+#### UK Transfers
+
+To the extent that Customer Personal Data is subject to Applicable Data Protection Law of the United Kingdom, and the transfer would be a Restricted Transfer, the SCCs as set out above shall apply as amended by Part 2 of the UK Addendum, and Part 1 of the UK Addendum is deemed completed as follows:
+
+1) in Table 1, the details of the parties are set out in the Agreement or, if not set out therein, the applicable statement of work;  
+2) in Table 2, the selected modules and clauses are set out in Section 6.3 of this DPA;  
+3) in Table 3, the appendix information is set out in the annexes to this DPA or, if not set out therein, the applicable statement of work; and  
+4) in Table 4, the ‘Exporter’ is selected.
+
+#### Alternative Transfer Mechanism
+
+In the event that a court of competent jurisdiction or supervisory authority orders (for whatever reason) that the measures described in this DPA cannot be relied on to lawfully transfer Customer Personal Data, or Zitadel adopts an alternative data transfer mechanism to the mechanisms described in this DPA, including any new version of or successor to the standard contractual clauses (“Alternative Transfer Mechanism”), the Customer agrees to fully co-operate with Zitadel to agree an amendment to this DPA and/or execute such other documents and take such other actions as may be necessary to remedy such non-compliance or give legal effect to such Alternative Transfer Mechanism.
+
+### Additional Provisions under US Data Protection Laws
+
+The Parties agree that all Customer Personal Data that is subject to US Data Protection Laws (including the CCPA) is disclosed to Zitadel by the Customer for the Permitted Purpose and its use or sharing by the Customer with Zitadel is necessary to perform such Permitted Purpose.
+
+Zitadel agrees that it will not:
+
+1. sell or share any Customer Personal Data to a third party for any purpose other than than for the Permitted Purpose;  
+2. retain, use, or disclose any Customer Personal Data (i) for any purpose other than for the Permitted Purpose, including for any commercial purpose, or (ii) outside of the direct business relationship between the Parties, except as necessary to perform the Permitted Purpose or as otherwise permitted by US Data Protection Laws; or  
+3. combine Customer Personal Data received from or on behalf of Customer with Personal Data received from or on behalf of any third party or collected from Zitadel’s own interaction with individuals or data subjects, except to perform a Permitted Purpose in accordance with the CCPA, the Agreement and this DPA.
+
+The Parties acknowledge that the Customer Personal Data that Customer discloses to Zitadel is provided only for the limited and specified purposes set forth as the Permitted Purpose in the Agreement and this DPA.
+
+Zitadel shall provide the same level of protection to Customer Personal Data as required by the CCPA and will: (i) assist the Customer in responding to any request from a data subject to exercise rights under US Data Protection Laws; and (ii) immediately notify the Customer if it is not able to meet the requirements under the CCPA.
+
+The Customer may take such reasonable and appropriate steps as may be necessary (a) to ensure that the Customer Personal Data collected is used in a manner consistent with the business’s obligations under the CCPA; and (b) to stop and remediate any unauthorized use of Customer Personal Data, and (b) to ensure that Customer Personal Data is used in a manner consistent with the CCPA.
+
+### Miscellaneous
+
+This DPA shall be governed by and construed in accordance with the governing law and jurisdiction provisions set out in the Agreement, unless required otherwise by Applicable Data Protection Law.
+
+Any liability owed by one party to the other under this DPA shall be subject to the limitations of liability set forth in the Agreement.
+
+This DPA shall terminate upon the earlier of (i) the termination or expiry of all Agreement under which Customer Data may be processed, or (ii) the written agreement of the Parties.
+
+Any notices shall be delivered to a Party in accordance with the notice provisions of the Agreement, unless otherwise specified hereunder.
+
+## Annex 1: Description of Processing Activities / Transfer
+
+### List of Parties
+
+| Data Exporter | Data Importer |
+| :---- | :---- |
+| Name: The Party identified as the Customer in the Agreement. | Name: The Party identified as Zitadel in the Agreement. |
+| Address:  As identified in the Agreement. | Address: As identified in the Agreement. |
+| Contact Person's Name, position and contact details: As identified in the Agreement. | Contact Person's Name, position and contact details: As identified in the Agreement. |
+| Activities relevant to the transfer:  See below | Activities relevant to the transfer: See below  |
+| Role: Controller  | Role: Processor  |
+
+### Description of processing / transfer
+
+|  | Description  |
+| :---- | :---- |
+| **Categories of data subjects:** | As described in the section "Processing of Personal Data" of the DPA |
+| **Categories of personal data:**  | As described in the section "Processing of Personal Data" of the DPA |
+| **Sensitive data:** | None. |
+| **If sensitive data, the applied restrictions or safeguards** | N/A |
+| **Frequency of the transfer:** | Continuous |
+| **Nature and subject matter of processing:** | The Services described in the Agreement.   |
+| **Purpose(s) of the data transfer and further processing:**  | As set forth in the Agreement. |
+| **Retention period (or, if not possible to determine, the criteria used to determine that period):** | The personal data may be retained until termination or expiry of the DPA.   |
+
+### Competent supervisory authority
+
+The competent supervisory authority in connection with Customer Personal Data protected by the GDPR, is the Hamburg data protection authority.
+If this is not possible, then as otherwise agreed by the parties consistent with the conditions set forth in Clause 13.
+
+In connection with Customer Personal Data that is protected by UK-GDPR, the competent supervisory authority is the Information Commissioners Office (the "ICO").
+
+## Annex 2: Technical and organizational measures
+
+Zitadel has implemented an information security program, that is designed to protect the confidentiality, integrity and availability of Customer Data. Zitadel's information security program includes the following organizational and technical security measures to ensure a level of protection of the Personal Data processed that is appropriate to the risk:
 
 ### Pseudonymization / Encryption
 
 The following measures for pseudonymization and encryption exist:
 
-1. All communication is encrypted with TLS &gt;1.2 with PFS
+1. All communication is encrypted with TLS >1.2 with PFS
 2. Critical data is exclusively stored in encrypted form
 3. Storage media that store customer data are always encrypted
 4. Passwords are irreversibly stored with a hash function
diff --git a/docs/docs/legal/policies/privacy-policy.mdx b/docs/docs/legal/policies/privacy-policy.mdx
index 30e213adb0..3dc544f8ae 100644
--- a/docs/docs/legal/policies/privacy-policy.mdx
+++ b/docs/docs/legal/policies/privacy-policy.mdx
@@ -2,20 +2,42 @@
 title: Privacy Policy
 custom_edit_url: null
 --- 
-import PiidTable from '../_piid-table.mdx';
 
-Last updated on March 07, 2024
+Last updated on 20 March, 2025
 
-This privacy policy applies to CAOS Ltd., the websites it operates (including zitadel.ch, zitadel.cloud and zitadel.com) and the services and products it provides (including ZITADEL). This privacy policy describes how we process personal data for the provision of this websites and our products.
+This privacy policy describes how ZITADEL Inc. and its wholly owned subsidiaries and affiliates (collectively, "**ZITADEL**", “**CAOS**", "**we**" or "**us**") collect, use, disclose and otherwise process your personal data in connection with the management of our business and our relationships with customers, visitors and event attendees.
 
-If any inconsistencies arise between this Privacy Policy and the otherwise applicable contractual terms, framework agreement, or general terms of service, the provisions of this Privacy Policy shall prevail. This privacy policy covers both existing personal data and personal data collected from you in the future.
+This privacy policy explains your rights and choices related to the personal data we collect when:
 
-The responsible party  for the data processing described in this privacy policy and contact for questions and issues regarding data protection is
+* You interact with our websites, including zitadel.com, zitadel.cloud and zitadel.ch as well any other websites that we operate and that link to this privacy policy (our “**Sites**”)
 
-**CAOS AG**  
+* You visit, interact with, or use any of our offices, events, sales, marketing or other activities; and
+
+* You use our platform, including ZITADEL and our software, mobile application, and other products and services (the “**Services**”).
+
+This privacy policy does not cover:
+
+* **Organizational Use**. When you use our Services on behalf of an organization (your employer), your use is administered and provisioned by your organization under its policies regarding the use and protection of personal data. If you have questions about how your data is being accessed or used by your organization, please refer to your organization's privacy policy and direct your inquiries to your organization's system administrator.
+
+* **Third Parties**. Our Sites include links to websites and/or applications operated and maintained by third parties (e.g. GitHub, LinkedIn, etc.). This privacy policy does not apply to any products, services, websites, or content that are offered by third parties and/or have their own privacy policy.
+
+If any inconsistencies arise between this privacy policy and the otherwise applicable contractual terms, framework agreement, or general terms of service, the provisions of this privacy policy shall prevail (where applicable). This privacy policy covers both existing personal data and personal data which may be collected from you in the future.
+
+ZITADEL determines the purposes for and means of the processing (i.e., we are the data controller) of your personal data as described in this privacy policy, unless expressly specified otherwise. The responsible party for the data processing described in this privacy policy and contact for questions and issues regarding data protection is:
+
+**Zitadel Inc.**  
+Data Protection Officer 
+Four Embarcadero Center, Suite 1400  
+San Francisco, CA 94111-4164  
+United States of America  
+[legal@zitadel.com](mailto:legal@zitadel.com)
+
+**CAOS AG (Affiliate of Zitadel, Inc.)**  
 Data Protection Officer  
 Lerchenfeldstrasse 3
-9014 St. Gallen  
+9014 St. Gallen
+Switzerland
+[legal@zitadel.com](mailto:legal@zitadel.com)
 Switzerland  
 [legal@zitadel.com](mailto:legal@zitadel.com)
 
@@ -41,15 +63,13 @@ This website uses TLS encryption for security reasons and to protect the transmi
 
 We process personal data in accordance with Swiss data protection law. In addition, we process - to the extent and insofar as the EU Data Protection Regulation is applicable - personal data in accordance with the following legal bases within the meaning of Art. 6 (1) DSGVO :
 
-- Insofar as we obtain the consent of the data subject for processing operations, Art. 6 (1) a) DSGVO serves as the legal basis.
-- When processing personal data for the fulfillment of a contract with the data subject as well as for the implementation of corresponding pre-contractual measures, Art. 6 para. 1 lit. b DSGVO serves as the legal basis.
-- To the extent that processing of personal data is necessary to comply with a legal obligation to which we are subject under any applicable law of the EU or under any applicable law of a country in which the GDPR applies in whole or in part, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
-- For the processing of personal data in order to protect vital interests of the data subject or another natural person, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
-- If personal data is processed in order to protect the legitimate interests of us or of third parties and if the fundamental freedoms and rights and interests of the data subject do not override our interests and the interests of third parties, Article 6 (1) (f) of the GDPR serves as the legal basis. Legitimate interests are in particular our business interest in being able to provide our website and our products, information security, the enforcement of our own legal claims and compliance with Swiss law.
+* Insofar as we obtain the consent of the data subject for processing operations, Art. 6 (1) a) DSGVO serves as the legal basis.
+* When processing personal data for the fulfillment of a contract with the data subject as well as for the implementation of corresponding pre-contractual measures, Art. 6 para. 1 lit. b DSGVO serves as the legal basis.
+* To the extent that processing of personal data is necessary to comply with a legal obligation to which we are subject under any applicable law of the EU or under any applicable law of a country in which the GDPR applies in whole or in part, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
+* For the processing of personal data in order to protect vital interests of the data subject or another natural person, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
+* If personal data is processed in order to protect the legitimate interests of us or of third parties and if the fundamental freedoms and rights and interests of the data subject do not override our interests and the interests of third parties, Article 6 (1) (f) of the GDPR serves as the legal basis. Legitimate interests are in particular our business interest in being able to provide our website and our products, information security, the enforcement of our own legal claims and compliance with Swiss law.
 
-We will retain personal data for the period of time necessary for the particular purpose for which it was collected.
-
-Subsequently, they are either deleted or made anonymous, unless we need them for a longer period of time in exceptional cases, e.g. due to legal storage and documentation obligations or our legitimate interests, such as the protection of rights to which we are entitled or the defense of claims.
+We will retain personal data for the period of time necessary for the particular purpose for which it was collected and where we have an ongoing legitimate business need to do so (for example to comply with applicable legal, tax or accounting requirements). Subsequently, they are either deleted or made anonymous, unless we need them for a longer period of time in exceptional cases, e.g. due to legal storage and documentation obligations or our legitimate interests, such as the protection of rights to which we are entitled or the defense of claims. 
 
 ### Processing of personal data when using the website, contact forms and in connection with newsletters
 
@@ -57,45 +77,49 @@ Our websites can generally be visited without registration. Each time one of our
 
 This data is processed to enable correct delivery and functioning of the website. In addition, we use the data to optimize the website and to ensure the security of our systems.
 
-Personal data, in particular name, address or e-mail address are collected as far as possible on a voluntary basis, for example when you contact us via a contact form or by e-mail. Without your consent, the data will not be passed on to third parties, unless shown in this privacy policy.
+Personal data, in particular name, address or e-mail address are collected as far as possible on a voluntary basis, for example when you contact us via a contact form or by e-mail. Without your consent, the data will not be passed on to third parties, unless otherwise stated in this privacy policy.
 
 If you send us inquiries via contact form, your data from the form, including any data you provided, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent, except insofar as this is shown in this privacy policy.
 
-If you would like to receive newsletters offered on our websites, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected. We use this data exclusively for sending the requested information and do not pass it on to third parties, except as described in this privacy policy.
+If you would like to receive newsletters offered on our Sites, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected. We use this data exclusively for sending the requested information and do not pass it on to third parties, except as described in this privacy policy.
 
 You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe link" in the newsletter.
 
-### Processing of personal data in connection with the use of our products
+### Processing of personal data when applying for a job with us
+
+Our Sites can generally be visited without registration. If you apply for a job with us, we may collect and process according to the [Privacy policy for the ZITADEL employer branding and recruitment](https://jobs.zitadel.com/privacy-policy). You may request and delete your data with the links on our [data & privacy page](https://jobs.zitadel.com/data-privacy).
+
+### Processing of personal data in connection with the use of our Services
 
 The use of our services is generally only possible with registration. During registration and in the course of using the services, we collect and process various personal data.
 
 In particular, the following personal data are part of the processing:
-<PiidTable />
+
+import { PiiTable } from "../../../src/components/pii_table";
+
+<PiiTable />
 
 Unless otherwise mentioned, the nature and purpose of the processing is as follows:
 
-The data is uploaded by customers in our services or collected by us based on requests from users. The personal data is processed by us exclusively for the provision of the requested services or the use of the agreed services.
+The data is uploaded by customers in our Services or collected by us based on requests from users. The personal data is processed by us exclusively for the provision of the requested Services or the use of the agreed Services.
 
 The fulfillment of the contract includes in particular, but is not limited to, the processing of personal data for the purpose of:
 
-- Authentication and authorization of users
-- Storage and processing of user actions in the audit trail
-- Processing of personal data and login information
-- Verification of communication means
-- Communication regarding service interruptions or service changes
+* Authentication and authorization of users
+* Storage and processing of user actions in the audit trail
+* Processing of personal data and login information
+* Verification of communication means
+* Communication regarding service interruptions or service changes
 
 ## Disclosure to third parties
 
 ### Third party sub-processors
 
-We use third-party services to provide the website and our offers. An up-to-date list of all the providers we use and their areas of activity can be found on our [list of involved and approved sub-processors](../subprocessors).
+We use third-party services to provide the website and our offers. An up-to-date list of all the providers we use and their areas of activity can be found on our [Trust Center](/trust).
 
 ### External payment providers
 
-This website uses external payment service providers through whose platforms users and we can make payment transactions. For example via
-
-- [Stripe](https://stripe.com/ch/privacy)
-- [Bexio AG](https://www.bexio.com/de-CH/datenschutz)
+This Site uses external payment service providers through whose platforms users and we can make payment transactions. For example, via [Stripe](https://stripe.com/ch/privacy).
 
 As an alternative, we offer customers the option to pay by invoice instead of using external payment providers. However, this may require a positive credit check in advance.
 
@@ -105,91 +129,166 @@ For payment transactions, the terms and conditions and the data protection notic
 
 ### Law enforcement
 
-We disclose personal information to law enforcement agencies, investigative authorities or in legal proceedings to the extent we are required to do so by law or when necessary to protect our rights or the rights of users.
+We disclose personal data to law enforcement agencies, investigative authorities or in legal proceedings to the extent we are required to do so by law or when necessary to protect our rights or the rights of users.
 
 ## Cookies
 
-Our websites use cookies. These are small text files that make it possible to store specific information related to the user on the user's terminal device while the user is using the website. Cookies enable us, in particular, to offer a single sign-on procedure, to control the performance of our services, but also to make our offer more customer-friendly. Cookies remain stored beyond the end of a browser session and can be retrieved when the user visits the site again.
+Our Sites use cookies. These are small text files that make it possible to store specific information related to the user on the user's terminal device while the user is using the website. Cookies enable us, in particular, to offer a single sign-on procedure, to control the performance of our Services, but also to make our offer more customer-friendly. Cookies remain stored beyond the end of a browser session and can be retrieved when the user visits the site again.
 
-In particular, we use the following cookies to provide our services:
-
-When you use our services, we may  collect information about your visit, including via cookies, beacons, invisible tags, and similar technologies (collectively “cookies”) in your browser and on emails sent to you.
-This information may include Personal Information, such as your IP address, web browser, device type, and the web pages that you visit just before or just after you use the services, as well as information about your interactions with the services, such as the date and time of your visit, and where you have clicked.
+When you use our Services, we may collect information about your visit, including via cookies, beacons, invisible tags, and similar technologies (collectively “cookies”) in your browser and on emails sent to you. This information may include personal data, such as your IP address, web browser, device type, and the web pages that you visit just before or just after you use the Services, as well as information about your interactions with the Services, such as the date and time of your visit, and where you have clicked.
 
 ### Necessary cookies
 
-Some cookies are strictly necessary to make our services available to you.
-We cannot provide you with our services without this type of cookies.
+Some cookies are strictly necessary to make our Services available to you. We cannot provide you with our Services without this type of cookies.
 
 Necessary cookies provide basic functionality such as:
 
-- Session Management
-- Single Sign-On
-- Rate Limiting
-- DDoS Mitigation
-- Remembering Preferences
+* Session Management
+* Single Sign-On
+* Rate Limiting
+* DDoS Mitigation
+* Remembering Preferences
 
 ### Analytical cookies
 
-We also use cookies for website analytics purposes in order to operate, maintain, and improve the services for you.
-We use Google Analytics 4 to collect and process certain analytics data on our behalf.
-Google Analytics helps us understand how you engage with the services and may also collect information about your use of other websites, apps, and online resources.
-We don't use google analytics on customer instances of ZITADEL, only on our public websites and customer portal.
+We also use cookies for website analytics purposes in order to operate, maintain, and improve the Services for you. We use Google Analytics 4 and PostHog to collect and process certain analytics data on our behalf. Google Analytics and PostHog helps us understand how you engage with the Services and may also collect information about your use of other websites, apps, and online resources.
 
-You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/ and opt out by managing your cookie consent through our services or an third-party tool of your choice.
+You can learn about the analytics providers' practices by going to
 
-If you do not want us to use cookies during your visit, you can disable their use in your browser settings.
-In this case, certain parts of our website (e.g. language selection) may not function or may not function fully.
-Where required by applicable law, we obtain your consent to use cookies.
+* [https://www.google.com/policies/privacy/partners/](https://www.google.com/policies/privacy/partners/) 
+* [https://posthog.com/privacy](https://posthog.com/privacy)
+* [https://legal.hubspot.com/privacy-policy](https://legal.hubspot.com/privacy-policy)
+* [https://www.commonroom.io/privacy-policy/](https://www.commonroom.io/privacy-policy/)
+
+and opt out by managing your cookie consent through our Services or a third-party tool of your choice.
+
+If you do not want us to use cookies during your visit, you can disable their use in your browser settings. In this case, certain parts of our Sites (e.g. language selection) may not function or may not function fully. Where required by applicable law, we obtain your consent to use cookies.
+
+## How we protect personal data
+
+Personal data is maintained on our servers or those of our service providers, and is accessible by authorized employees, representatives, and agents as necessary for the purposes described in this privacy policy.
+
+We maintain a range of physical, electronic, and procedural safeguards designed to help protect personal data. While we attempt to protect your personal data in our possession, we cannot guarantee at all times the security of the data as no method of transmission over the internet or security system is perfect.
+
+If you choose to remain logged in, you should be aware that anyone with access to your device will be able to access your account and we therefore strongly recommend that you take appropriate steps to protect against unauthorized access to, and use, of your account. Please also notify us as soon as possible if you suspect any unauthorized use of your account or password.
 
 ## Rights of data subjects
 
+Depending on your location and subject to applicable law, you may have the following rights regarding the personal data we process:
+
 ### Right to information
 
-Any person affected by the processing has the right to obtain information from the responsible data processor at any time about the personal data stored about him or her.
+You have the right to know what personal data we hold and process about you and to access such personal data.
 
 ### Right to rectification
 
-Every person affected by the processing has the right to demand the correction of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
+You have the right to request the correction of inaccurate personal data concerning you. 
 
 ### Right to erasure (right to be forgotten)
 
-Any person affected by the processing has the right, in certain cases, to request from the responsible data processor to delete the personal data concerning him or her.
+You have the right to request the deletion or erasure of the personal data concerning you.
 
 ### Right to restrict processing
 
-Every person affected by the processing has the right in certain cases to request from the responsible data processor to restrict the processing.
+You have the right to request to restrict the processing of your personal data in certain cases.
 
 ### Right to data portability
 
-Every person affected by the processing has the right to receive the personal data concerning him or her in a structured, common and machine-readable format. He or she also has the right to have this data transferred to another data processor if the legal requirements are met.
+You have the right to receive the personal data concerning you in a structured, common and machine-readable format, and to have this data transferred to another data processor if the legal requirements are met.
 
 ### Right to object
 
-Every person affected by the processing has the right to object to the processing of personal data concerning him or her, insofar as we base the processing of his or her personal data on a balancing of interests. This is the case if the processing is not necessary, for example, to fulfill a contract or a legal obligation.
+Depending on the circumstances, you have the right to object to the processing of personal data concerning you, insofar as we base the processing of your personal data on a balancing of interests. This is the case if the processing is not necessary, for example, to fulfill a contract or a legal obligation.
 
-To exercise such an objection, the data subject must explain his or her reasons why we should not process his or her personal data as we have done. We will then review the situation and either stop or adjust the data processing or show the data subject our reasons for continuing the processing.
+To exercise such an objection, please indicate your reasons why we should not process your personal data as we have done. We will then review the situation and either stop or adjust the data processing or explain our reasons for continuing the processing.
 
 ### Right to revoke consent under data protection law
 
-Insofar as our processing is based on consent, the data subject has the right to revoke this consent at any time with effect for the future.
+Insofar as our processing is based on consent, you have the right to revoke your consent at any time with effect. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
 
 ### Assertion of rights by the data subjects
 
 If you wish to exercise your rights, you may do so by contacting the above-mentioned contact person.
 
-A data subject also has the right to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch). The competent data protection authorities of EU countries can be viewed at this link: [https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index\_en.htm](https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)
+You can opt out of receiving marketing emails from us by following the unsubscribe link in the emails or by emailing us. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing purposes.
 
-## Note on data transfer abroad
+If you have a concern about how we collect and use personal data, please contact us using the contact details provided at the beginning of this privacy policy. You also have the right to contact your local data protection authority if you prefer, such as:
 
-Our websites and services make use of tools from companies based in countries outside of Switzerland or the EU/EEA, namely those based in the USA. When these tools are active, your personal data may be transferred to the servers of the respective companies abroad. We would like to point out that some of these countries, namely the USA, are not a safe third country in the sense of Swiss and EU data protection law. In these cases, we only transfer personal data after we have implemented the legally required measures for this, such as concluding standard contractual clauses on data protection or obtaining the consent of the data subjects. If interested, the documentation on these measures can be obtained from the contact person mentioned above.
+* Data protection authorities in the European Economic Area (EEA): [https://edpb.europa.eu/about-edpb/board/members\_en](https://edpb.europa.eu/about-edpb/board/members_en);  
+* Swiss data protection authorities: [https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html](https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html);  
+* UK data protection authority: [https://ico.org.uk/global/contact-us/](https://ico.org.uk/global/contact-us/).
+
+## Additional Information for U.S. Residents
+
+Categories of personal data we collect and our purposes for collection and use  
+You can find a list of the categories of personal data that we collect in the section above titled “Processing of personal data, legal basis, storage period”. In the last 12 months, we collected the following categories of personal data depending on the Services used:
+
+* Identifiers and account information, such as the username and email address;  
+* Commercial information, such as information about transactions undertaken with us;  
+* Internet or other electronic network activity information, such as information about activity on our Site and Services.  
+* Geolocation information based on the IP address.  
+* Audiovisual information in pictures, audio, or video content that you may choose to submit to us.  
+* Professional or employment-related information or demographic information, but only if you explicitly provide it to us, such as by filling out a survey or by applying for a job with us.  
+* Inferences we make based on other collected data, for purposes such as recommending content and analytics.
+
+For details regarding the sources from which we obtain personal data, please see the “Processing of personal data, legal basis, storage period” section above.   
+We collect and use personal data for the business or commercial purposes described in the “Processing of personal data, legal basis, storage period” section above.
+
+Categories of personal data disclosed and categories of recipients
+
+We disclose the following categories of personal data for business or commercial purposes to the categories of recipients listed below:
+
+* We disclose identifiers with businesses, service providers, and third parties, such as analytics providers and social media networks.  
+  * We disclose Internet or other network activity with businesses, service providers, and third parties, such as analytics providers and social media networks.  
+  * We disclose geolocation information with businesses, service providers, and third parties such as advertising networks, analytics, and social media.  
+  * We disclose payment information with businesses and service providers who process payments.  
+  * We disclose commercial information with businesses, service providers, and third parties, such as analytics providers and social media networks.  
+  * We disclose audiovisual information with businesses and service providers who help administer customer service and fraud or loss prevention services.  
+  * We disclose inferences with businesses and service providers who help administer marketing and personalization.
+
+### Privacy rights
+
+Right to Opt-Out of Cookies and Sale/Sharing: Although we do not sell personal data for monetary value, our use of cookies and automated technologies may be considered a “sale” / “sharing” in certain states, such as California. Visitors to our US website can opt out of such third parties by clicking the “Manage cookie preferences” link at the bottom of our Site. The categories of personal data disclosed that may be considered a “sale” / “sharing” include identifiers, device information, Internet or other network activity, geolocation data, and commercial data.
+
+The categories of third parties to whom personal data was disclosed that may be considered “sale”/ “sharing” include data analytics providers and social media networks.
+
+We do not have actual knowledge that we sell or share the personal data of individuals under 16 years of age.
+
+If you are a resident of the State of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Although we do not currently sell covered information, please contact us to submit such a request.
+
+Right to Limit the Use of Sensitive Personal Information: We only collect sensitive personal information, as defined by applicable privacy laws, for the purposes allowed by law or with your consent. We do not use or disclose sensitive personal information except to provide you the Services or as otherwise permitted by law. We do not collect or process sensitive personal information for the purpose of inferring characteristics.
+
+Right to Access, Correct, and Delete Personal Data: Depending on your state of residence in the U.S., you may have:  
+(i) the right to request access to and receive details about the personal data we maintain and how we have processed it, including the categories of personal data, the categories of sources from which personal data is collected, the business or commercial purpose for collecting, selling, or sharing personal data, the categories of third parties to whom personal data is disclosed, and the specific pieces of personal data collected;  
+(ii) the right to delete personal data collected, subject to certain exceptions;  
+(iii) the right to correct inaccurate personal data.
+
+When you make a request, we will verify your identity by asking you to sign into your account or if necessary by requesting additional information from you. You may also make a request using an authorized agent. If you submit a rights request through an authorized agent, we may ask such agent to provide proof that you gave a signed permission to submit the request to exercise privacy rights on your behalf. We may also require you to verify your own identity directly with us or confirm to us that you otherwise provided such agent permission to submit the request. Once you have submitted your request, we will respond within the time frame permitted by the applicable law.
+
+If you have any questions or concerns, you may reach us by contacting using one of the contact details listed at the beginning of this privacy policy.
+
+Depending on your state of residence, you may be able to appeal our decision to your request regarding your personal data. To do so, please contact us by using one of the contact details listed at the beginning of this privacy policy. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.
+
+We do not discriminate against customers who exercise any of their rights described in our privacy policy.
+
+California Shine the Light: Customers who are residents of California may request information concerning the categories of personal data (if any) we disclose to third parties or affiliates for their direct marketing purposes. If you would like more information, please submit a written request to us by using one of the contact details listed at the beginning of this privacy policy.
+
+Do Not Track signals: Most modern web browsers give you the option to send a 'Do Not Track' signal to the sites you visit, indicating that you do not wish to be tracked. However, there is currently no accepted standard for how a site should respond to this signal, and we do not take any action in response to this signal.‍
+
+## Note on international data transfers
+
+Our Sites and Services make use of tools from companies based in countries outside of Switzerland or the EU/EEA, namely those based in the USA. When these tools are active, your personal data may be transferred to the servers of the respective companies abroad. If you are using the Site or Services from outside the United States, your personal data may be processed in a foreign country, where privacy laws may be less stringent than the laws in your country. In these cases, we only transfer personal data after we have implemented the legally required measures for this, such as concluding standard contractual clauses on data protection or obtaining the consent of the data subjects. If interested, the documentation on these measures can be obtained from the contact person mentioned above. By submitting your personal data to us you agree to the transfer, storage, and processing of your personal data in a country other than your country of residence including, but not necessarily limited to, the United States.
 
 We actively try to minimize the use of tools from companies located in countries without equivalent data protection, however, due to the lack of alternatives, this is currently not always feasible without major inconvenience. If you have any concerns, please contact us directly and we will try to find a mutual solution for your needs.
 
-## Changes
+## Children's Privacy
 
-We may amend this privacy policy at any time without prior notice. Always the current version published on our website applies to users and customers of our website and services. Insofar as the data protection declaration is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.
+Our Site is not intended for or directed to children under the age of 14. We do not knowingly collect personal data directly from children under the age of 14 without parental consent. If we become aware that a child under the age of 14 has provided us with personal data, we will delete the information from our records.
 
-## Questions about data processing by us
+## Changes to this Privacy Policy
 
-If you have any questions about our data processing, please email us or contact the person in our organization listed at the beginning of this privacy statement directly.
+We may revise this privacy policy from time to time and will post the date it was last updated at the top of this privacy policy. We will provide additional notice to you if we make any changes that materially affect your privacy rights.
+
+## Contact us
+
+If you have any questions about our data processing, please email us or contact us by using the contact details listed at the beginning of this privacy notice.
diff --git a/docs/src/components/pii_table.jsx b/docs/src/components/pii_table.jsx
new file mode 100644
index 0000000000..5075e1d2ca
--- /dev/null
+++ b/docs/src/components/pii_table.jsx
@@ -0,0 +1,106 @@
+import React from "react";
+
+export function PiiTable() {
+
+  const pii = [
+    {
+      type: "Basic data",
+      examples: [
+        'Names',
+        'Email addresses',
+        'User names'
+      ],
+      subjects: "All users as uploaded by Customer."
+    },
+    {
+      type: "Login data",
+      examples: [
+        'Randomly generated ID',
+        'Passwords',
+        'Public keys / certificates ("FIDO2", "U2F", "x509", ...)',
+        'User names or identifiers of external login providers',
+        'Phone numbers',
+      ],
+      subjects: "All users as uploaded and feature use by Customer."
+    },
+    {
+      type: "Profile data",
+      examples: [
+        'Profile pictures',
+        'Gender',
+        'Languages',
+        'Nicknames or Display names',
+        'Phone numbers',
+        'Metadata'
+      ],
+      subjects: "All users as uploaded by Customer"
+    },
+    {
+      type: "Communication data",
+      examples: [
+        'Emails',
+        'Chats',
+        'Call metadata',
+        'Call recording and transcripts',
+        'Form submissions',
+      ],
+      subjects: "Customers and users who communicate with us directly (e.g. support, chat)."
+    },
+    {
+      type: "Payment data",
+      examples: [
+        'Billing address',
+        'Payment information',
+        'Customer number',
+        'Support Customer history',
+        'Credit rating information',
+      ],
+      subjects: "Customers who use services that require payment. Credit rating information: Only customers who pay by invoice."
+    },
+    {
+      type: "Analytics data",
+      examples: [
+        'Usage metrics',
+        'User behavior',
+        'User journeys (eg, Milestones)',
+        'Telemetry data',
+        'Client-side anonymized session replay',
+      ],
+      subjects: "Customers who use our services."
+    },
+    {
+      type: "Usage meta data",
+      examples: [
+        'User agent',
+        'IP addresses',
+        'Operating system',
+        'Time and date',
+        'URL',
+        'Referrer URL',
+        'Accepted Language',
+      ],
+      subjects: "All users"
+    },
+    ]
+
+  return (
+    <table className="text-xs">
+      <tr>
+        <th>Type of personal data</th>
+        <th>Examples</th>
+        <th>Affected data subjects</th>
+      </tr>
+      {
+        pii.map((row, rowID) => {
+          return (
+            <tr>
+              <td key={rowID}>{row.type}</td>
+              <td><ul>{row.examples.map((example) => { return ( <li>{example}</li> )})}</ul></td>
+              <td>{row.subjects}</td>
+            </tr>
+          )
+        })
+      }
+    </table>
+  );
+}
diff --git a/docs/src/components/subprocessors.jsx b/docs/src/components/subprocessors.jsx
deleted file mode 100644
index a6bf10eee8..0000000000
--- a/docs/src/components/subprocessors.jsx
+++ /dev/null
@@ -1,162 +0,0 @@
-import React from "react";
-
-export function SubProcessorTable() {
-
-  const country_list = {
-    us: "USA",
-    eu: "EU",
-    ch: "Switzerland",
-    fr: "France",
-    in: "India",
-    de: "Germany",
-    ee: "Estonia",
-    nl: "Netherlands",
-    ro: "Romania",
-  }
-  const processors = [
-    {
-      entity: "Google LLC",
-      purpose: "Cloud infrastructure provider (Google Cloud), business applications and collaboration (Workspace), Data warehouse services, Content delivery network,  DDoS and bot prevention",
-      hosting: "Region designated by Customer, United States",
-      country: country_list.us,
-      enduserdata: "Yes"
-    },
-    {
-      entity: "Datadog, Inc.",
-      purpose: "Infrastructure monitoring, log analytics, and alerting",
-      hosting: country_list.eu,
-      country: country_list.us,
-      enduserdata: "Yes (logs)"
-    },
-    {
-      entity: "Github, Inc.",
-      purpose: "Source code management, code scanning, dependency management, security advisory, issue management, continuous integration",
-      hosting: country_list.us,
-      country: country_list.us,
-      enduserdata: false
-    },
-    {
-      entity: "Stripe Payments Europe, Ltd.",
-      purpose: "Subscription management, payment process",
-      hosting: country_list.us,
-      country: country_list.us,
-      enduserdata: false
-    },
-    {
-      entity: "Bexio AG",
-      purpose: "Customer management, payment process",
-      hosting: country_list.ch,
-      country: country_list.ch,
-      enduserdata: false
-    },
-    {
-      entity: "Mailjet SAS",
-      purpose: "Marketing automation",
-      hosting: country_list.eu,
-      country: country_list.fr,
-      enduserdata: false
-    },
-    {
-      entity: "Postmark (AC PM LLC)",
-      purpose: "Transactional mails, if no customer owned SMTP service is configured",
-      hosting: country_list.us,
-      country: country_list.us,
-      enduserdata: "Yes (opt-out)"
-    },
-    {
-      entity: "Vercel, Inc.",
-      purpose: "Website hosting",
-      hosting: country_list.us,
-      country: country_list.us,
-      enduserdata: false
-    },
-    {
-      entity: "Agolia SAS",
-      purpose: "Documentation search engine (zitadel.com/docs)",
-      hosting: country_list.us,
-      country: country_list.in,
-      enduserdata: false
-    },
-    {
-      entity: "Discord Netherlands BV",
-      purpose: "Community chat (zitadel.com/chat)",
-      hosting: country_list.us,
-      country: country_list.us,
-      enduserdata: false
-    },
-    {
-      entity: "Statuspal",
-      purpose: "ZITADEL Cloud service status announcements",
-      hosting: country_list.us,
-      country: country_list.de,
-      enduserdata: false
-    },
-    {
-      entity: "Plausible Insights OÜ",
-      purpose: "Privacy-friendly web analytics",
-      hosting: country_list.de,
-      country: country_list.ee,
-      enduserdata: false,
-      dpa: 'https://plausible.io/dpa'
-    },
-    {
-      entity: "Twillio Inc.",
-      purpose: "Messaging platform for SMS",
-      hosting: country_list.us,
-      country: country_list.us,
-      enduserdata: "Yes (opt-out)"
-    },
-    {
-      entity: "Mohlmann Solutions SRL",
-      purpose: "Global payroll",
-      hosting: undefined,
-      country: country_list.ro,
-      enduserdata: false
-    },
-    {
-      entity: "Remote Europe Holding, B.V.",
-      purpose: "Global payroll",
-      hosting: undefined,
-      country: country_list.nl,
-      enduserdata: false
-    },
-    {
-      entity: "HubSpot Inc.",
-      purpose: "Customer and sales management, Marketing automation, Support requests",
-      hosting: country_list.eu,
-      country: country_list.us,
-      enduserdata: false
-    },
-  ]
-
-  return (
-    <table className="text-xs">
-      <tr>
-        <th>Entity name</th>
-        <th>Purpose</th>
-        <th>End-user data</th>
-        <th>Hosting location</th>
-        <th>Country of registration</th>
-      </tr>
-      {
-        processors
-          .sort((a, b) => {
-            if (a.entity < b.entity) return -1
-            if (a.entity > b.entity) return 1
-            else return 0
-          })
-          .map((processor, rowID) => {
-          return (
-            <tr>
-              <td key={rowID}>{processor.entity}</td>
-              <td>{processor.purpose}</td>
-              <td>{processor.enduserdata ? processor.enduserdata  : 'No'}</td>
-              <td>{processor.hosting ? processor.hosting  : 'n/a'}</td>
-              <td>{processor.country}</td>
-            </tr>
-          )
-        })
-      }
-    </table>
-  );
-}

From d71795c43354ec6ba6134cf0b06ef0ba951b86d0 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Thu, 8 May 2025 08:35:34 +0200
Subject: [PATCH 045/123] fix: remove index es_instance_position (#9862)

# Which Problems Are Solved

#9837 added a new index `es_instance_position` on the events table with
the idea to improve performance for some projections. Unfortunately, it
makes it worse for almost all projections and would only improve the
situation for the events handler of the actions V2 subscriptions.

# How the Problems Are Solved

Remove the index again.

# Additional Changes

None

# Additional Context

relates to #9837
relates to #9863
---
 cmd/setup/54.go  | 2 +-
 cmd/setup/54.sql | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/setup/54.go b/cmd/setup/54.go
index 3dd2f60abe..9d65264941 100644
--- a/cmd/setup/54.go
+++ b/cmd/setup/54.go
@@ -23,5 +23,5 @@ func (mig *InstancePositionIndex) Execute(ctx context.Context, _ eventstore.Even
 }
 
 func (mig *InstancePositionIndex) String() string {
-	return "54_instance_position_index"
+	return "54_instance_position_index_remove"
 }
diff --git a/cmd/setup/54.sql b/cmd/setup/54.sql
index 1dca8c7575..927bd2aa9b 100644
--- a/cmd/setup/54.sql
+++ b/cmd/setup/54.sql
@@ -1 +1 @@
-CREATE INDEX CONCURRENTLY IF NOT EXISTS es_instance_position ON eventstore.events2 (instance_id, position);
+DROP INDEX IF EXISTS eventstore.es_instance_position;

From 867e9cb15a92786a5953a84beefcb85e296e80ba Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Thu, 8 May 2025 09:32:41 +0200
Subject: [PATCH 046/123] fix: correctly use single matching user (by
 loginname) (#9865)

# Which Problems Are Solved

In rare cases there was a possibility that multiple users were found by
a loginname. This prevented the corresponding user to sign in.

# How the Problems Are Solved

Fixed the corresponding query (to correctly respect the org domain
policy).

# Additional Changes

None

# Additional Context

Found during the investigation of a support request
---
 internal/query/user_by_login_name.sql        | 2 +-
 internal/query/user_notify_by_login_name.sql | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/query/user_by_login_name.sql b/internal/query/user_by_login_name.sql
index a37c213612..f7d2fd3e23 100644
--- a/internal/query/user_by_login_name.sql
+++ b/internal/query/user_by_login_name.sql
@@ -10,7 +10,7 @@ WITH found_users AS (
     LEFT JOIN projections.login_names3_policies p_custom
       ON  u.instance_id = p_custom.instance_id
         AND p_custom.instance_id = $4 AND p_custom.resource_owner = u.resource_owner
-    LEFT JOIN projections.login_names3_policies p_default
+    JOIN projections.login_names3_policies p_default
       ON  u.instance_id = p_default.instance_id
       AND p_default.instance_id = $4 AND p_default.is_default IS TRUE
       AND (
diff --git a/internal/query/user_notify_by_login_name.sql b/internal/query/user_notify_by_login_name.sql
index 5b23cd61a7..090a8991f9 100644
--- a/internal/query/user_notify_by_login_name.sql
+++ b/internal/query/user_notify_by_login_name.sql
@@ -10,7 +10,7 @@ WITH found_users AS (
     LEFT JOIN projections.login_names3_policies p_custom
       ON  u.instance_id = p_custom.instance_id
       AND p_custom.instance_id = $4 AND p_custom.resource_owner = u.resource_owner
-    LEFT JOIN projections.login_names3_policies p_default
+    JOIN projections.login_names3_policies p_default
       ON  u.instance_id = p_default.instance_id
       AND p_default.instance_id = $4 AND p_default.is_default IS TRUE
       AND (

From 60ce32ca4fbd818a64524294653923e0ffa81688 Mon Sep 17 00:00:00 2001
From: Silvan <27845747+adlerhurst@users.noreply.github.com>
Date: Thu, 8 May 2025 17:13:57 +0200
Subject: [PATCH 047/123] fix(setup): reenable index creation (#9868)

# Which Problems Are Solved

We saw high CPU usage if many events were created on the database. This
was caused by the new actions which query for all event types and
aggregate types.

# How the Problems Are Solved

- the handler of action execution does not filter for aggregate and
event types.
- the index for `instance_id` and `position` is reenabled.

# Additional Changes

none

# Additional Context

none
---
 cmd/setup/54.go                           |  2 +-
 cmd/setup/54.sql                          |  2 +-
 internal/eventstore/handler/v2/handler.go | 14 ++++++++++++++
 internal/execution/handlers.go            |  3 +++
 4 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/cmd/setup/54.go b/cmd/setup/54.go
index 9d65264941..e4a2e43862 100644
--- a/cmd/setup/54.go
+++ b/cmd/setup/54.go
@@ -23,5 +23,5 @@ func (mig *InstancePositionIndex) Execute(ctx context.Context, _ eventstore.Even
 }
 
 func (mig *InstancePositionIndex) String() string {
-	return "54_instance_position_index_remove"
+	return "54_instance_position_index_again"
 }
diff --git a/cmd/setup/54.sql b/cmd/setup/54.sql
index 927bd2aa9b..1dca8c7575 100644
--- a/cmd/setup/54.sql
+++ b/cmd/setup/54.sql
@@ -1 +1 @@
-DROP INDEX IF EXISTS eventstore.es_instance_position;
+CREATE INDEX CONCURRENTLY IF NOT EXISTS es_instance_position ON eventstore.events2 (instance_id, position);
diff --git a/internal/eventstore/handler/v2/handler.go b/internal/eventstore/handler/v2/handler.go
index 43c3e58b3b..fb696ad090 100644
--- a/internal/eventstore/handler/v2/handler.go
+++ b/internal/eventstore/handler/v2/handler.go
@@ -60,6 +60,7 @@ type Handler struct {
 	requeueEvery     time.Duration
 	txDuration       time.Duration
 	now              nowFunc
+	queryGlobal      bool
 
 	triggeredInstancesSync sync.Map
 
@@ -143,6 +144,11 @@ type Projection interface {
 	Reducers() []AggregateReducer
 }
 
+type GlobalProjection interface {
+	Projection
+	FilterGlobalEvents()
+}
+
 func NewHandler(
 	ctx context.Context,
 	config *Config,
@@ -185,6 +191,10 @@ func NewHandler(
 		metrics: metrics,
 	}
 
+	if _, ok := projection.(GlobalProjection); ok {
+		handler.queryGlobal = true
+	}
+
 	return handler
 }
 
@@ -676,6 +686,10 @@ func (h *Handler) eventQuery(currentState *state) *eventstore.SearchQueryBuilder
 		}
 	}
 
+	if h.queryGlobal {
+		return builder
+	}
+
 	aggregateTypes := make([]eventstore.AggregateType, 0, len(h.eventTypes))
 	eventTypes := make([]eventstore.EventType, 0, len(h.eventTypes))
 
diff --git a/internal/execution/handlers.go b/internal/execution/handlers.go
index 7ffb4cc6ff..030e6d5186 100644
--- a/internal/execution/handlers.go
+++ b/internal/execution/handlers.go
@@ -84,6 +84,9 @@ func (u *eventHandler) Reducers() []handler.AggregateReducer {
 	return aggReducers
 }
 
+// FilterGlobalEvents implements [handler.GlobalProjection]
+func (u *eventHandler) FilterGlobalEvents() {}
+
 func groupsFromEventType(s string) []string {
 	parts := strings.Split(s, ".")
 	groups := make([]string, len(parts))

From 28856015d6116d1989c9c3d95e85d10df7068c2a Mon Sep 17 00:00:00 2001
From: subaru <79771445+subaru-hello@users.noreply.github.com>
Date: Mon, 12 May 2025 17:04:32 +0900
Subject: [PATCH 048/123] feat(console): Add organization ID filter to
 organization list (#9823)

<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->

# Which Problems Are Solved

Replace this example text with a concise list of problems that this PR
solves.
- Organization list lacked the ability to filter by organization ID
- No efficient method was provided for users to search organizations by
ID


# How the Problems Are Solved

Replace this example text with a concise list of changes that this PR
introduces.
- Added organization ID filtering functionality to
`filter-org.component.ts`
  - Added `ID` to the `SubQuery` enum
- Added `ID` case handling to `changeCheckbox`, `setValue`, and
`getSubFilter` methods
- Added ID filter UI to `filter-org.component.html`
  - Added checkbox and text input field
  - Used translation key to display "Organization ID" label
- Added new translation key to translation file (`en.json`)
  - Added `FILTER.ORGID` key with "Organization ID" value


# Additional Changes

Replace this example text with a concise list of additional changes that
this PR introduces, that are not directly solving the initial problem
but are related.
- Maintained consistency with existing filtering functionality
- Ensured intuitive user interface usability
- Added new key while maintaining translation file structure


# Additional Context

Replace this example with links to related issues, discussions, discord
threads, or other sources with more context.
Use the Closing #issue syntax for issues that are resolved with this PR.
- Closes #8792
- Discussion #xxx
- Follow-up for PR #xxx
- https://discord.com/channels/xxx/xxx

---------

Co-authored-by: Marco A. <kwbmm1990@gmail.com>
---
 .../filter-org/filter-org.component.html      | 15 +++++++
 .../filter-org/filter-org.component.ts        | 40 ++++++++++++++++++-
 console/src/assets/i18n/bg.json               |  2 +
 console/src/assets/i18n/cs.json               |  2 +
 console/src/assets/i18n/de.json               |  2 +
 console/src/assets/i18n/en.json               |  8 ++--
 console/src/assets/i18n/es.json               |  2 +
 console/src/assets/i18n/fr.json               |  2 +
 console/src/assets/i18n/hu.json               |  2 +
 console/src/assets/i18n/id.json               |  2 +
 console/src/assets/i18n/it.json               |  2 +
 console/src/assets/i18n/ja.json               |  2 +
 console/src/assets/i18n/ko.json               |  2 +
 console/src/assets/i18n/mk.json               |  2 +
 console/src/assets/i18n/nl.json               |  2 +
 console/src/assets/i18n/pl.json               |  2 +
 console/src/assets/i18n/pt.json               |  2 +
 console/src/assets/i18n/ro.json               |  2 +
 console/src/assets/i18n/ru.json               |  2 +
 console/src/assets/i18n/sv.json               |  2 +
 console/src/assets/i18n/zh.json               |  2 +
 21 files changed, 95 insertions(+), 4 deletions(-)

diff --git a/console/src/app/modules/filter-org/filter-org.component.html b/console/src/app/modules/filter-org/filter-org.component.html
index 4e8535fe76..ae42667f49 100644
--- a/console/src/app/modules/filter-org/filter-org.component.html
+++ b/console/src/app/modules/filter-org/filter-org.component.html
@@ -69,4 +69,19 @@
       </cnsl-form-field>
     </div>
   </div>
+
+  <div class="id-query">
+    <mat-checkbox id="id" class="cb" [checked]="getSubFilter(SubQuery.ID)" (change)="changeCheckbox(SubQuery.ID, $event)"
+      >{{ 'FILTER.ORGID' | translate }}
+    </mat-checkbox>
+    <div class="subquery" *ngIf="getSubFilter(SubQuery.ID) as idq">
+      <span class="nomethod cnsl-secondary-text">
+        {{ 'FILTER.METHODS.1' | translate }}
+      </span>
+
+      <cnsl-form-field class="filter-input-value">
+        <input cnslInput name="value" [value]="idq.getId()" (change)="setValue(SubQuery.ID, idq, $event)" />
+      </cnsl-form-field>
+    </div>
+  </div>
 </cnsl-filter>
diff --git a/console/src/app/modules/filter-org/filter-org.component.ts b/console/src/app/modules/filter-org/filter-org.component.ts
index 220b219358..4ea9a6ea6e 100644
--- a/console/src/app/modules/filter-org/filter-org.component.ts
+++ b/console/src/app/modules/filter-org/filter-org.component.ts
@@ -3,7 +3,14 @@ import { MatCheckboxChange } from '@angular/material/checkbox';
 import { ActivatedRoute, Router } from '@angular/router';
 import { take } from 'rxjs';
 import { TextQueryMethod } from 'src/app/proto/generated/zitadel/object_pb';
-import { OrgDomainQuery, OrgNameQuery, OrgQuery, OrgState, OrgStateQuery } from 'src/app/proto/generated/zitadel/org_pb';
+import {
+  OrgDomainQuery,
+  OrgNameQuery,
+  OrgQuery,
+  OrgState,
+  OrgStateQuery,
+  OrgIDQuery,
+} from 'src/app/proto/generated/zitadel/org_pb';
 import { UserNameQuery } from 'src/app/proto/generated/zitadel/user_pb';
 
 import { FilterComponent } from '../filter/filter.component';
@@ -12,6 +19,7 @@ enum SubQuery {
   NAME,
   STATE,
   DOMAIN,
+  ID,
 }
 
 @Component({
@@ -61,6 +69,12 @@ export class FilterOrgComponent extends FilterComponent implements OnInit {
             orgDomainQuery.setMethod(filter.domainQuery.method);
             orgQuery.setDomainQuery(orgDomainQuery);
             return orgQuery;
+          } else if (filter.idQuery) {
+            const orgQuery = new OrgQuery();
+            const orgIdQuery = new OrgIDQuery();
+            orgIdQuery.setId(filter.idQuery.id);
+            orgQuery.setIdQuery(orgIdQuery);
+            return orgQuery;
           } else {
             return undefined;
           }
@@ -100,6 +114,13 @@ export class FilterOrgComponent extends FilterComponent implements OnInit {
           odq.setDomainQuery(dq);
           this.searchQueries.push(odq);
           break;
+        case SubQuery.ID:
+          const idq = new OrgIDQuery();
+          idq.setId('');
+          const oidq = new OrgQuery();
+          oidq.setIdQuery(idq);
+          this.searchQueries.push(oidq);
+          break;
       }
     } else {
       switch (subquery) {
@@ -121,6 +142,12 @@ export class FilterOrgComponent extends FilterComponent implements OnInit {
             this.searchQueries.splice(index_pdn, 1);
           }
           break;
+        case SubQuery.ID:
+          const index_id = this.searchQueries.findIndex((q) => (q as OrgQuery).toObject().idQuery !== undefined);
+          if (index_id > -1) {
+            this.searchQueries.splice(index_id, 1);
+          }
+          break;
       }
     }
   }
@@ -140,6 +167,10 @@ export class FilterOrgComponent extends FilterComponent implements OnInit {
         (query as OrgDomainQuery).setDomain(value);
         this.filterChanged.emit(this.searchQueries ? this.searchQueries : []);
         break;
+      case SubQuery.ID:
+        (query as OrgIDQuery).setId(value);
+        this.filterChanged.emit(this.searchQueries ? this.searchQueries : []);
+        break;
     }
   }
 
@@ -166,6 +197,13 @@ export class FilterOrgComponent extends FilterComponent implements OnInit {
         } else {
           return undefined;
         }
+      case SubQuery.ID:
+        const id = this.searchQueries.find((q) => (q as OrgQuery).toObject().idQuery !== undefined);
+        if (id) {
+          return (id as OrgQuery).getIdQuery();
+        } else {
+          return undefined;
+        }
     }
   }
 
diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json
index b98204a917..b56f5797ec 100644
--- a/console/src/assets/i18n/bg.json
+++ b/console/src/assets/i18n/bg.json
@@ -692,6 +692,7 @@
     "EMAIL": "електронна поща",
     "USERNAME": "Потребителско име",
     "ORGNAME": "Наименование на организацията",
+    "ORGID": "Идентификатор на организацията",
     "PRIMARYDOMAIN": "Основен домейн",
     "PROJECTNAME": "Име на проекта",
     "RESOURCEOWNER": "Собственик на ресурс",
@@ -2150,6 +2151,7 @@
       "ACTIVATE": "Активиране на проекта",
       "DELETE": "Изтриване на проекта",
       "ORGNAME": "Наименование на организацията",
+      "ORGID": "Идентификатор на организацията",
       "ORGDOMAIN": "Домейн на организацията",
       "STATE": "Статус",
       "TYPE": "Тип",
diff --git a/console/src/assets/i18n/cs.json b/console/src/assets/i18n/cs.json
index 390c5dcdbd..bf977aab43 100644
--- a/console/src/assets/i18n/cs.json
+++ b/console/src/assets/i18n/cs.json
@@ -693,6 +693,7 @@
     "EMAIL": "Email",
     "USERNAME": "Uživatelské jméno",
     "ORGNAME": "Název organizace",
+    "ORGID": "ID organizace",
     "PRIMARYDOMAIN": "Primární doména",
     "PROJECTNAME": "Název projektu",
     "RESOURCEOWNER": "Vlastník zdroje",
@@ -2151,6 +2152,7 @@
       "ACTIVATE": "Aktivovat projekt",
       "DELETE": "Smazat projekt",
       "ORGNAME": "Název organizace",
+      "ORGID": "ID organizace",
       "ORGDOMAIN": "Doména organizace",
       "STATE": "Stav",
       "TYPE": "Typ",
diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json
index e73c883bd2..12a2f56792 100644
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@@ -693,6 +693,7 @@
     "EMAIL": "Email",
     "USERNAME": "Nutzername",
     "ORGNAME": "Organisationsname",
+    "ORGID": "Organisations ID",
     "PRIMARYDOMAIN": "Primäre Domäne",
     "PROJECTNAME": "Projektname",
     "RESOURCEOWNER": "Ressourcenbesitzer",
@@ -2150,6 +2151,7 @@
       "ACTIVATE": "Projekt aktivieren",
       "DELETE": "Projekt löschen",
       "ORGNAME": "Name der Organisation",
+      "ORGID": "Organisations ID",
       "ORGDOMAIN": "Domain der Organisation",
       "STATE": "Status",
       "TYPE": "Typ",
diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json
index 5e2cc3f4c9..571a2bd577 100644
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@@ -688,12 +688,13 @@
   },
   "FILTER": {
     "TITLE": "Filter",
-    "STATE": "Status",
+    "ORGNAME": "Organization Name",
+    "ORGID": "Organization ID",
+    "STATE": "State",
+    "PRIMARYDOMAIN": "Primary Domain",
     "DISPLAYNAME": "User Display Name",
     "EMAIL": "Email",
     "USERNAME": "User Name",
-    "ORGNAME": "Organization Name",
-    "PRIMARYDOMAIN": "Primary Domain",
     "PROJECTNAME": "Project Name",
     "RESOURCEOWNER": "Resource Owner",
     "METHODS": {
@@ -2153,6 +2154,7 @@
       "ACTIVATE": "Activate Project",
       "DELETE": "Delete Project",
       "ORGNAME": "Organization Name",
+      "ORGID": "Organization ID",
       "ORGDOMAIN": "Organization Domain",
       "STATE": "Status",
       "TYPE": "Type",
diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json
index 198bb3ca8b..19bf21238f 100644
--- a/console/src/assets/i18n/es.json
+++ b/console/src/assets/i18n/es.json
@@ -693,6 +693,7 @@
     "EMAIL": "Email",
     "USERNAME": "Nombre de usuario",
     "ORGNAME": "Nombre de organización",
+    "ORGID": "ID de organización",
     "PRIMARYDOMAIN": "Dominio primario",
     "PROJECTNAME": "Nombre de proyecto",
     "RESOURCEOWNER": "Propietario del recurso",
@@ -2151,6 +2152,7 @@
       "ACTIVATE": "Activar proyecto",
       "DELETE": "Borrar proyecto",
       "ORGNAME": "Nombre de organización",
+      "ORGID": "ID de organización",
       "ORGDOMAIN": "Dominio de organización",
       "STATE": "Estado",
       "TYPE": "Tipo",
diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json
index 0d66c4193e..1203a09262 100644
--- a/console/src/assets/i18n/fr.json
+++ b/console/src/assets/i18n/fr.json
@@ -693,6 +693,7 @@
     "EMAIL": "Courriel",
     "USERNAME": "Nom de l'utilisateur",
     "ORGNAME": "Nom de l'organisation",
+    "ORGID": "ID de l'organisation",
     "PRIMARYDOMAIN": "Domaine principal",
     "PROJECTNAME": "Nom du projet",
     "RESOURCEOWNER": "Propriétaire des ressources",
@@ -2150,6 +2151,7 @@
       "ACTIVATE": "Activer le projet",
       "DELETE": "Supprimer le projet",
       "ORGNAME": "Nom de l'organisation",
+      "ORGID": "ID de l'organisation",
       "ORGDOMAIN": "Domaine de l'organisation",
       "STATE": "Statut",
       "TYPE": "Type",
diff --git a/console/src/assets/i18n/hu.json b/console/src/assets/i18n/hu.json
index 96d1fe16df..eaf8b5f503 100644
--- a/console/src/assets/i18n/hu.json
+++ b/console/src/assets/i18n/hu.json
@@ -693,6 +693,7 @@
     "EMAIL": "E-mail",
     "USERNAME": "Felhasználói Név",
     "ORGNAME": "Szervezet Neve",
+    "ORGID": "Szervezet ID",
     "PRIMARYDOMAIN": "Elsődleges Domain",
     "PROJECTNAME": "Projekt Neve",
     "RESOURCEOWNER": "Erőforrás Tulajdonos",
@@ -2148,6 +2149,7 @@
       "ACTIVATE": "Projekt aktiválása",
       "DELETE": "Projekt törlése",
       "ORGNAME": "Szervezet neve",
+      "ORGID": "Szervezet ID",
       "ORGDOMAIN": "Szervezet domainje",
       "STATE": "Státusz",
       "TYPE": "Típus",
diff --git a/console/src/assets/i18n/id.json b/console/src/assets/i18n/id.json
index ca788a9467..e6c8e8ca3d 100644
--- a/console/src/assets/i18n/id.json
+++ b/console/src/assets/i18n/id.json
@@ -652,6 +652,7 @@
     "EMAIL": "E-mail",
     "USERNAME": "Nama belakang",
     "ORGNAME": "Nama Organisasi",
+    "ORGID": "ID Organisasi",
     "PRIMARYDOMAIN": "Domain Utama",
     "PROJECTNAME": "Nama Proyek",
     "RESOURCEOWNER": "Pemilik Sumber Daya",
@@ -1980,6 +1981,7 @@
       "ACTIVATE": "Aktifkan Proyek",
       "DELETE": "Hapus Proyek",
       "ORGNAME": "Nama Organisasi",
+      "ORGID": "ID Organisasi",
       "ORGDOMAIN": "Domain Organisasi",
       "STATE": "Status",
       "TYPE": "Jenis",
diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json
index 60266bdac5..3609c2b8f2 100644
--- a/console/src/assets/i18n/it.json
+++ b/console/src/assets/i18n/it.json
@@ -692,6 +692,7 @@
     "EMAIL": "Email",
     "USERNAME": "User Name",
     "ORGNAME": "Nome organizzazione",
+    "ORGID": "ID organizzazione",
     "PRIMARYDOMAIN": "Dominio primario",
     "PROJECTNAME": "Nome del progetto",
     "RESOURCEOWNER": "Resource Owner",
@@ -2150,6 +2151,7 @@
       "ACTIVATE": "Attiva progetto",
       "DELETE": "Rimuovi progetto",
       "ORGNAME": "Nome dell'organizzazione",
+      "ORGID": "ID organizzazione",
       "ORGDOMAIN": "Dominio",
       "STATE": "Stato",
       "TYPE": "Tipo",
diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json
index 288d491ce7..2d91632ad1 100644
--- a/console/src/assets/i18n/ja.json
+++ b/console/src/assets/i18n/ja.json
@@ -693,6 +693,7 @@
     "EMAIL": "Eメール",
     "USERNAME": "ユーザー名",
     "ORGNAME": "組織名",
+    "ORGID": "組織ID",
     "PRIMARYDOMAIN": "プライマリドメイン",
     "PROJECTNAME": "プロジェクト名",
     "RESOURCEOWNER": "リソース所有者",
@@ -2150,6 +2151,7 @@
       "ACTIVATE": "プロジェクトのアクティブ化",
       "DELETE": "プロジェクトの削除",
       "ORGNAME": "組織名",
+      "ORGID": "組織ID",
       "ORGDOMAIN": "組織ドメイン",
       "STATE": "ステータス",
       "TYPE": "タイプ",
diff --git a/console/src/assets/i18n/ko.json b/console/src/assets/i18n/ko.json
index 437c43a3a1..8137ed98df 100644
--- a/console/src/assets/i18n/ko.json
+++ b/console/src/assets/i18n/ko.json
@@ -693,6 +693,7 @@
     "EMAIL": "이메일",
     "USERNAME": "사용자 이름",
     "ORGNAME": "조직 이름",
+    "ORGID": "조직 ID",
     "PRIMARYDOMAIN": "기본 도메인",
     "PROJECTNAME": "프로젝트 이름",
     "RESOURCEOWNER": "리소스 소유자",
@@ -2150,6 +2151,7 @@
       "ACTIVATE": "프로젝트 활성화",
       "DELETE": "프로젝트 삭제",
       "ORGNAME": "조직 이름",
+      "ORGID": "조직 ID",
       "ORGDOMAIN": "조직 도메인",
       "STATE": "상태",
       "TYPE": "유형",
diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json
index 2e62723939..f11bcc5d63 100644
--- a/console/src/assets/i18n/mk.json
+++ b/console/src/assets/i18n/mk.json
@@ -693,6 +693,7 @@
     "EMAIL": "Е-пошта",
     "USERNAME": "Корисничко име",
     "ORGNAME": "Име на организацијата",
+    "ORGID": "Идентификатор на организацијата",
     "PRIMARYDOMAIN": "Примарен домен",
     "PROJECTNAME": "Име на проектот",
     "RESOURCEOWNER": "Сопственик на ресурсот",
@@ -2153,6 +2154,7 @@
       "ACTIVATE": "Активирај проект",
       "DELETE": "Избриши проект",
       "ORGNAME": "Име на организација",
+      "ORGID": "Идентификатор на организација",
       "ORGDOMAIN": "Домен на организација",
       "STATE": "Статус",
       "TYPE": "Тип",
diff --git a/console/src/assets/i18n/nl.json b/console/src/assets/i18n/nl.json
index 7e549f64ba..54fb6dfb26 100644
--- a/console/src/assets/i18n/nl.json
+++ b/console/src/assets/i18n/nl.json
@@ -693,6 +693,7 @@
     "EMAIL": "E-mail",
     "USERNAME": "Gebruikersnaam",
     "ORGNAME": "Organisatienaam",
+    "ORGID": "Organisatie ID",
     "PRIMARYDOMAIN": "Primair domein",
     "PROJECTNAME": "Projectnaam",
     "RESOURCEOWNER": "Eigenaar van de bron",
@@ -2150,6 +2151,7 @@
       "ACTIVATE": "Activeer Project",
       "DELETE": "Verwijder Project",
       "ORGNAME": "Organisatienaam",
+      "ORGID": "Organisatie ID",
       "ORGDOMAIN": "Organisatie Domein",
       "STATE": "Status",
       "TYPE": "Type",
diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json
index 2f18c343f7..ae23c79427 100644
--- a/console/src/assets/i18n/pl.json
+++ b/console/src/assets/i18n/pl.json
@@ -692,6 +692,7 @@
     "EMAIL": "Email",
     "USERNAME": "Nazwa Użytkownika",
     "ORGNAME": "Nazwa Organizacji",
+    "ORGID": "ID Organizacji",
     "PRIMARYDOMAIN": "Domena podstawowa",
     "PROJECTNAME": "Nazwa Projektu",
     "RESOURCEOWNER": "Właściciel Zasobu",
@@ -2149,6 +2150,7 @@
       "ACTIVATE": "Aktywuj projekt",
       "DELETE": "Usuń projekt",
       "ORGNAME": "Nazwa organizacji",
+      "ORGID": "ID organizacji",
       "ORGDOMAIN": "Domena organizacji",
       "STATE": "Status",
       "TYPE": "Typ",
diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json
index 08181f6ead..71abb8d51f 100644
--- a/console/src/assets/i18n/pt.json
+++ b/console/src/assets/i18n/pt.json
@@ -693,6 +693,7 @@
     "EMAIL": "E-mail",
     "USERNAME": "Nome de Usuário",
     "ORGNAME": "Nome da Organização",
+    "ORGID": "ID da Organização",
     "PRIMARYDOMAIN": "Domínio primário",
     "PROJECTNAME": "Nome do Projeto",
     "RESOURCEOWNER": "Proprietário do Recurso",
@@ -2152,6 +2153,7 @@
       "ACTIVATE": "Ativar Projeto",
       "DELETE": "Excluir Projeto",
       "ORGNAME": "Nome da Organização",
+      "ORGID": "ID da Organização",
       "ORGDOMAIN": "Domínio da Organização",
       "STATE": "Status",
       "TYPE": "Tipo",
diff --git a/console/src/assets/i18n/ro.json b/console/src/assets/i18n/ro.json
index b07897f316..f6a183bede 100644
--- a/console/src/assets/i18n/ro.json
+++ b/console/src/assets/i18n/ro.json
@@ -691,6 +691,7 @@
     "EMAIL": "E-mail",
     "USERNAME": "Numele utilizatorului",
     "ORGNAME": "Numele organizației",
+    "ORGID": "ID-ul organizației",
     "PRIMARYDOMAIN": "Domeniu principal",
     "PROJECTNAME": "Numele proiectului",
     "RESOURCEOWNER": "Proprietarul resursei",
@@ -2148,6 +2149,7 @@
       "ACTIVATE": "Activați proiectul",
       "DELETE": "Ștergeți proiectul",
       "ORGNAME": "Nume organizație",
+      "ORGID": "ID organizație",
       "ORGDOMAIN": "Domeniu organizație",
       "STATE": "Stare",
       "TYPE": "Tip",
diff --git a/console/src/assets/i18n/ru.json b/console/src/assets/i18n/ru.json
index c6ef31499e..c4955f83fd 100644
--- a/console/src/assets/i18n/ru.json
+++ b/console/src/assets/i18n/ru.json
@@ -693,6 +693,7 @@
     "EMAIL": "Электронная почта",
     "USERNAME": "Имя пользователя",
     "ORGNAME": "Название организации",
+    "ORGID": "ID организации",
     "PRIMARYDOMAIN": "Основной домен",
     "PROJECTNAME": "Название проекта",
     "RESOURCEOWNER": "Владелец ресурса",
@@ -2237,6 +2238,7 @@
       "ACTIVATE": "Активировать проект",
       "DELETE": "Удалить проект",
       "ORGNAME": "Название организации",
+      "ORGID": "ID организации",
       "ORGDOMAIN": "Домен организации",
       "STATE": "Статус",
       "TYPE": "Тип",
diff --git a/console/src/assets/i18n/sv.json b/console/src/assets/i18n/sv.json
index c356e635e0..1144fd4585 100644
--- a/console/src/assets/i18n/sv.json
+++ b/console/src/assets/i18n/sv.json
@@ -693,6 +693,7 @@
     "EMAIL": "E-post",
     "USERNAME": "Användarnamn",
     "ORGNAME": "Organisationsnamn",
+    "ORGID": "Organisations ID",
     "PRIMARYDOMAIN": "Primär domän",
     "PROJECTNAME": "Projektnamn",
     "RESOURCEOWNER": "Resursägare",
@@ -2154,6 +2155,7 @@
       "ACTIVATE": "Aktivera projekt",
       "DELETE": "Ta bort projekt",
       "ORGNAME": "Organisationsnamn",
+      "ORGID": "Organisations ID",
       "ORGDOMAIN": "Organisationsdomän",
       "STATE": "Status",
       "TYPE": "Typ",
diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json
index 8be3316b0b..943a9aef16 100644
--- a/console/src/assets/i18n/zh.json
+++ b/console/src/assets/i18n/zh.json
@@ -693,6 +693,7 @@
     "EMAIL": "邮箱",
     "USERNAME": "用户名",
     "ORGNAME": "组织名称",
+    "ORGID": "组织ID",
     "PRIMARYDOMAIN": "主域",
     "PROJECTNAME": "项目名称",
     "RESOURCEOWNER": "资源所有者",
@@ -2149,6 +2150,7 @@
       "ACTIVATE": "启用项目",
       "DELETE": "删除项目",
       "ORGNAME": "组织名称",
+      "ORGID": "组织ID",
       "ORGDOMAIN": "组织域名",
       "STATE": "状态",
       "TYPE": "类型",

From d79d5e7b964e3f1592489e956156f8f1c87e4710 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Mon, 12 May 2025 12:05:12 +0200
Subject: [PATCH 049/123] fix(projection): remove users with factors (#9877)

# Which Problems Are Solved

When users are removed, their auth factors stay in the projection. This
data inconsistency is visible if a removed user is recreated with the
same ID. In such a case, the login UI and the query API methods show the
removed users auth methods. This is unexpected behavior.

The old users auth methods are not usable to log in and they are not
found by the command side. This is expected behavior.

# How the Problems Are Solved

The auth factors projection reduces the user removed event by deleting
all factors.

# Additional Context

- Reported by support request
- requires backport to 2.x and 3.x
---
 internal/query/projection/user_auth_method.go | 19 +++++++++++++
 .../query/projection/user_auth_method_test.go | 28 +++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/internal/query/projection/user_auth_method.go b/internal/query/projection/user_auth_method.go
index b986df1558..7726550ffd 100644
--- a/internal/query/projection/user_auth_method.go
+++ b/internal/query/projection/user_auth_method.go
@@ -125,6 +125,10 @@ func (p *userAuthMethodProjection) Reducers() []handler.AggregateReducer {
 					Event:  user.HumanOTPEmailRemovedType,
 					Reduce: p.reduceRemoveAuthMethod,
 				},
+				{
+					Event:  user.UserRemovedType,
+					Reduce: p.reduceUserRemoved,
+				},
 			},
 		},
 		{
@@ -311,3 +315,18 @@ func (p *userAuthMethodProjection) reduceOwnerRemoved(event eventstore.Event) (*
 		},
 	), nil
 }
+
+func (p *userAuthMethodProjection) reduceUserRemoved(event eventstore.Event) (*handler.Statement, error) {
+	e, ok := event.(*user.UserRemovedEvent)
+	if !ok {
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-FwDZ8", "reduce.wrong.event.type %s", user.UserRemovedType)
+	}
+	return handler.NewDeleteStatement(
+		e,
+		[]handler.Condition{
+			handler.NewCond(UserAuthMethodInstanceIDCol, e.Aggregate().InstanceID),
+			handler.NewCond(UserAuthMethodResourceOwnerCol, e.Aggregate().ResourceOwner),
+			handler.NewCond(UserAuthMethodUserIDCol, e.Aggregate().ID),
+		},
+	), nil
+}
diff --git a/internal/query/projection/user_auth_method_test.go b/internal/query/projection/user_auth_method_test.go
index fb3d6d9d91..e21a480a9d 100644
--- a/internal/query/projection/user_auth_method_test.go
+++ b/internal/query/projection/user_auth_method_test.go
@@ -528,6 +528,34 @@ func TestUserAuthMethodProjection_reduces(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:   "reduceUserRemoved",
+			reduce: (&userAuthMethodProjection{}).reduceUserRemoved,
+			args: args{
+				event: getEvent(
+					testEvent(
+						user.UserRemovedType,
+						user.AggregateType,
+						nil,
+					), user.UserRemovedEventMapper),
+			},
+			want: wantReduce{
+				aggregateType: eventstore.AggregateType("user"),
+				sequence:      15,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "DELETE FROM projections.user_auth_methods5 WHERE (instance_id = $1) AND (resource_owner = $2) AND (user_id = $3)",
+							expectedArgs: []interface{}{
+								"instance-id",
+								"ro-id",
+								"agg-id",
+							},
+						},
+					},
+				},
+			},
+		},
 		{
 			name:   "org reduceOwnerRemoved",
 			reduce: (&userAuthMethodProjection{}).reduceOwnerRemoved,

From 1383cb070264cba0a5ccc5c14762a24ef24a9644 Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Tue, 13 May 2025 10:32:48 +0200
Subject: [PATCH 050/123] fix: correctly "or"-join ldap userfilters (#9855)

# Which Problems Are Solved

LDAP userfilters are joined, but as it not handled as a list of filters
but as a string they are not or-joined.

# How the Problems Are Solved

Separate userfilters as list of filters and join them correctly with
"or" condition.

# Additional Changes

None

# Additional Context

Closes #7003

---------

Co-authored-by: Marco A. <kwbmm1990@gmail.com>
---
 internal/idp/providers/ldap/session.go      | 21 ++++++++++++---------
 internal/idp/providers/ldap/session_test.go | 10 +++++-----
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/internal/idp/providers/ldap/session.go b/internal/idp/providers/ldap/session.go
index 1679e35b61..a78dd02d73 100644
--- a/internal/idp/providers/ldap/session.go
+++ b/internal/idp/providers/ldap/session.go
@@ -133,7 +133,6 @@ func tryBind(
 		username,
 		password,
 		timeout,
-		rootCA,
 	)
 }
 
@@ -189,12 +188,11 @@ func trySearchAndUserBind(
 	username string,
 	password string,
 	timeout time.Duration,
-	rootCA []byte,
 ) (*ldap.Entry, error) {
 	searchQuery := queriesAndToSearchQuery(
 		objectClassesToSearchQuery(objectClasses),
 		queriesOrToSearchQuery(
-			userFiltersToSearchQuery(userFilters, username),
+			userFiltersToSearchQuery(userFilters, username)...,
 		),
 	)
 
@@ -218,7 +216,12 @@ func trySearchAndUserBind(
 
 	user := sr.Entries[0]
 	// Bind as the user to verify their password
-	if err = conn.Bind(user.DN, password); err != nil {
+	userDN, err := ldap.ParseDN(user.DN)
+	if err != nil {
+		logging.WithFields("userDN", user.DN).WithError(err).Info("ldap user parse DN failed")
+		return nil, err
+	}
+	if err = conn.Bind(userDN.String(), password); err != nil {
 		logging.WithFields("userDN", user.DN).WithError(err).Info("ldap user bind failed")
 		return nil, ErrFailedLogin
 	}
@@ -261,12 +264,12 @@ func objectClassesToSearchQuery(classes []string) string {
 	return searchQuery
 }
 
-func userFiltersToSearchQuery(filters []string, username string) string {
-	searchQuery := ""
-	for _, filter := range filters {
-		searchQuery += "(" + filter + "=" + ldap.EscapeFilter(username) + ")"
+func userFiltersToSearchQuery(filters []string, username string) []string {
+	searchQueries := make([]string, len(filters))
+	for i, filter := range filters {
+		searchQueries[i] = "(" + filter + "=" + username + ")"
 	}
-	return searchQuery
+	return searchQueries
 }
 
 func mapLDAPEntryToUser(
diff --git a/internal/idp/providers/ldap/session_test.go b/internal/idp/providers/ldap/session_test.go
index 69ba3a3256..89fee68718 100644
--- a/internal/idp/providers/ldap/session_test.go
+++ b/internal/idp/providers/ldap/session_test.go
@@ -49,31 +49,31 @@ func TestProvider_userFiltersToSearchQuery(t *testing.T) {
 		name     string
 		fields   []string
 		username string
-		want     string
+		want     []string
 	}{
 		{
 			name:     "zero",
 			fields:   []string{},
 			username: "user",
-			want:     "",
+			want:     []string{},
 		},
 		{
 			name:     "one",
 			fields:   []string{"test"},
 			username: "user",
-			want:     "(test=user)",
+			want:     []string{"(test=user)"},
 		},
 		{
 			name:     "three",
 			fields:   []string{"test1", "test2", "test3"},
 			username: "user",
-			want:     "(test1=user)(test2=user)(test3=user)",
+			want:     []string{"(test1=user)", "(test2=user)", "(test3=user)"},
 		},
 		{
 			name:     "five",
 			fields:   []string{"test1", "test2", "test3", "test4", "test5"},
 			username: "user",
-			want:     "(test1=user)(test2=user)(test3=user)(test4=user)(test5=user)",
+			want:     []string{"(test1=user)", "(test2=user)", "(test3=user)", "(test4=user)", "(test5=user)"},
 		},
 	}
 	for _, tt := range tests {

From 4480cfcf56825b96afe3650ad6ba1976f9f5212b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Fri, 16 May 2025 10:41:35 +0200
Subject: [PATCH 051/123] docs(advisory): position precision fix (#9882)

# Which Problems Are Solved

We are deploying precision fixes on the `position` values of the
eventstore. The fix itself might break systems that were already
affected by the bug.

# How the Problems Are Solved

Add a technical advisory that explains background and steps to fix the
Zitadel database when affected.

# Additional Context

- Original issue: [8671](https://github.com/zitadel/zitadel/issues/8671)
- Follow-up issue:
[8863](https://github.com/zitadel/zitadel/issues/8863)
- Re-fix: https://github.com/zitadel/zitadel/pull/9881
---
 docs/docs/support/advisory/a10016.md     | 98 ++++++++++++++++++++++++
 docs/docs/support/technical_advisory.mdx | 12 +++
 2 files changed, 110 insertions(+)
 create mode 100644 docs/docs/support/advisory/a10016.md

diff --git a/docs/docs/support/advisory/a10016.md b/docs/docs/support/advisory/a10016.md
new file mode 100644
index 0000000000..794c354e42
--- /dev/null
+++ b/docs/docs/support/advisory/a10016.md
@@ -0,0 +1,98 @@
+---
+title: Technical Advisory 10016
+---
+
+## Date
+
+Versions:[^1]
+
+- v2.65.x: > v2.65.9
+
+Date: 2025-05-14
+
+Last updated: 2025-05-14
+
+[^1]: The mentioned fix is being rolled out gradually on multiple patch releases of Zitadel. This advisory will be updated as we release these versions.
+
+## Description
+
+### Background
+
+Zitadel uses a eventstore table as main source of truth for state changes.
+Projections are tables which provide alternative views of state, which are built using events.
+In order to know which events are reduced into projections, we use a `position` column in the eventstore and a dedicated table which records the current state.
+
+### Problem
+
+Zitadel prior to the listed version had a precision bug. The `position` column uses a fixed-point numeric type. In Zitadel's Go code we used a `float64`. In certain cases we noticed a precision loss when Zitadel updated the `current_states` table.
+
+## Impact
+
+During a past attempt to fix this, we got reports of failing projections inside Zitadel. Because the precision became exact certain compare operations like *equal*, *less then*, etc would now return different results. This was because the values in `current_states` would already have lost precision from a broken version. This might happen to **some** deployments or projections: there is only a small probability.
+
+We are releasing the fix again and your system might get affected.
+
+- Original issue: [8671](https://github.com/zitadel/zitadel/issues/8671)
+- Follow-up issue: [8863](https://github.com/zitadel/zitadel/issues/8863)
+
+## Mitigation
+
+When **after** deploying a fixed version and only when experiencing problems described by issue [8863](https://github.com/zitadel/zitadel/issues/8863), the following queries can be executed to fix `current_state` rows which have "broken" values. We recommend doing this in a transaction in order to double-check the affected rows, before committing the update.
+
+```sql
+begin;
+
+with
+  broken as (
+    select
+      s.projection_name,
+      s.instance_id,
+      s.aggregate_id,
+      s.aggregate_type,
+      s.sequence,
+      s."position" as old_position,
+      e."position" as new_position
+    from
+      projections.current_states s
+      join eventstore.events2 e on s.instance_id = e.instance_id
+      and s.aggregate_id = e.aggregate_id
+      and s.aggregate_type = e.aggregate_type
+      and s.sequence = e.sequence
+      and s."position" != e."position"
+    where
+      s."position" != 0
+      and projection_name != 'projections.execution_handler'
+  ),fixed as (
+    update projections.current_states s
+    set
+      "position" = b.new_position
+    from
+      broken b
+    where
+      s.instance_id = b.instance_id
+      and s.projection_name = b.projection_name
+      and s.aggregate_id = b.aggregate_id
+      and s.aggregate_type = b.aggregate_type
+      and s.sequence = b.sequence
+  )
+select
+  b.projection_name,
+  b.instance_id,
+  b.aggregate_id,
+  b.aggregate_type,
+  b.sequence,
+  b.old_position,
+  b.new_position
+from
+  broken b;
+```
+
+If the output from the above looks reasonable, for example not a huge difference between `old_position` and `new_position`, commit the transaction:
+
+```sql
+commit;
+```
+
+When there are no rows returned, your system was not affected by precision loss.
+
+When there's unexpected output, use `rollback;` instead.
diff --git a/docs/docs/support/technical_advisory.mdx b/docs/docs/support/technical_advisory.mdx
index 0d8818c32c..5d13cfe3e5 100644
--- a/docs/docs/support/technical_advisory.mdx
+++ b/docs/docs/support/technical_advisory.mdx
@@ -238,6 +238,18 @@ We understand that these advisories may include breaking changes, and we aim to
     <td>3.0.0</td>
     <td>2025-03-31</td>
   </tr>
+  <tr>
+    <td>
+      <a href="./advisory/a10016">A-10016</a>
+    </td>
+    <td>Position precision fix</td>
+    <td>Manual Intervention</td>
+    <td>
+      
+    </td>
+    <td>2.65.10</td>
+    <td>2025-05-14</td>
+  </tr>
 </table>
 
 ## Subscribe to our Mailing List

From fefe9d27a0a5c32592df9967f07729c113351cd0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabienne=20B=C3=BChler?= <fabienne@zitadel.com>
Date: Fri, 16 May 2025 12:07:02 +0200
Subject: [PATCH 052/123] docs: fix typo in email notification provider
 description (#9890)

---
 docs/docs/guides/manage/customize/notification-providers.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs/guides/manage/customize/notification-providers.mdx b/docs/docs/guides/manage/customize/notification-providers.mdx
index b94ce7542d..3bd1b358e5 100644
--- a/docs/docs/guides/manage/customize/notification-providers.mdx
+++ b/docs/docs/guides/manage/customize/notification-providers.mdx
@@ -74,7 +74,7 @@ A provider with HTTP type will send the messages and the data to a pre-defined w
   </TabItem>
   <TabItem value="email" label="Email">
 
-    First [add a new Email Provider of type HTTP](/apis/resources/admin/admin-service-add-email-provider-http) to create a new HTTP provider that can be used to send SMS messages:
+    First [add a new Email Provider of type HTTP](/apis/resources/admin/admin-service-add-email-provider-http) to create a new HTTP provider that can be used to send Email messages:
 
   ```bash
   curl -L 'https://$CUSTOM-DOMAIN/admin/v1/email/http' \

From 38013d0e84862dfe379c3ee9b54dfcde35237b9e Mon Sep 17 00:00:00 2001
From: Juriaan Kennedy <97170019+juriaankennedy@users.noreply.github.com>
Date: Fri, 16 May 2025 17:53:45 +0200
Subject: [PATCH 053/123] feat(crypto): support for SHA2 and PHPass password
 hashes (#9809)

# Which Problems Are Solved

- Allow users to use SHA-256 and SHA-512 hashing algorithms. These
algorithms are used by Linux's crypt(3) function.
- Allow users to import passwords using the PHPass algorithm. This
algorithm is used by older PHP systems, WordPress in particular.

# How the Problems Are Solved

- Upgrade passwap to
[v0.9.0](https://github.com/zitadel/passwap/releases/tag/v0.9.0)
- Add sha2 and phpass as a new verifier option in defaults.yaml

# Additional Changes

- Updated docs to explain the two algorithms

# Additional Context
Implements the changes in the passwap library from
https://github.com/zitadel/passwap/pull/59 and
https://github.com/zitadel/passwap/pull/60
---
 cmd/defaults.yaml                          |  11 +-
 docs/docs/concepts/architecture/secrets.md |   2 +
 go.mod                                     |  10 +-
 go.sum                                     |  20 +--
 internal/crypto/passwap.go                 |  56 +++++++-
 internal/crypto/passwap_test.go            | 155 +++++++++++++++++++++
 6 files changed, 233 insertions(+), 21 deletions(-)

diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index c13d5337b1..397e9af376 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -653,7 +653,7 @@ SystemDefaults:
     # or cost are automatically re-hashed using this config,
     # upon password validation or update.
     Hasher:
-      # Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2"
+      # Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2", "sha2"
       # Depending on the algorithm, different configuration options take effect.
       Algorithm: bcrypt # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
       # Cost takes effect for the algorithms bcrypt and scrypt
@@ -664,10 +664,11 @@ SystemDefaults:
       Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY
       # Threads takes effect for the algorithms argon2i and argon2id
       Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS
-      # Rounds takes effect for the algorithm pbkdf2
+      # Rounds takes effect for the algorithm pbkdf2 and sha2
       Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ROUNDS
-      # Hash takes effect for the algorithm pbkdf2
-      # Can be "sha1", "sha224", "sha256", "sha384" or "sha512"
+      # Hash takes effect for the algorithm pbkdf2 and sha2
+      # Can be "sha1", "sha224", "sha256", "sha384" or "sha512" for pbkdf2
+      # Can be "sha256" or "sha512" for sha2
       Hash: sha256 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_HASH
 
     # Verifiers enable the possibility of verifying
@@ -689,6 +690,8 @@ SystemDefaults:
     #   - "md5"      # md5Crypt with salt and password shuffling.
     #   - "md5plain" # md5 digest of a password without salt
     #   - "md5salted" # md5 digest of a salted password
+    #   - "phpass"
+    #   - "sha2" # crypt(3) SHA-256 and SHA-512
     #   - "scrypt"
     #   - "pbkdf2"   # verifier for all pbkdf2 hash modes.
   SecretHasher:
diff --git a/docs/docs/concepts/architecture/secrets.md b/docs/docs/concepts/architecture/secrets.md
index f8f195114b..1f36802754 100644
--- a/docs/docs/concepts/architecture/secrets.md
+++ b/docs/docs/concepts/architecture/secrets.md
@@ -71,6 +71,8 @@ The following hash algorithms are supported:
 - md5: implementation of md5Crypt with salt and password shuffling [^2]
 - md5plain: md5 digest of a password without salt [^2]
 - md5salted: md5 digest of a salted password [^2]
+- phpass: md5 digest with PHPass algorithm (used in WordPress) [^2]
+- sha2: implementation of crypt(3) SHA-256 & SHA-512
 - scrypt
 - pbkdf2
 
diff --git a/go.mod b/go.mod
index 99df9ad86f..00f65c1331 100644
--- a/go.mod
+++ b/go.mod
@@ -73,7 +73,7 @@ require (
 	github.com/zitadel/exifremove v0.1.0
 	github.com/zitadel/logging v0.6.2
 	github.com/zitadel/oidc/v3 v3.36.1
-	github.com/zitadel/passwap v0.7.0
+	github.com/zitadel/passwap v0.9.0
 	github.com/zitadel/saml v0.3.5
 	github.com/zitadel/schema v1.3.1
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
@@ -87,12 +87,12 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.35.0
 	go.opentelemetry.io/otel/trace v1.35.0
 	go.uber.org/mock v0.5.0
-	golang.org/x/crypto v0.36.0
+	golang.org/x/crypto v0.37.0
 	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394
 	golang.org/x/net v0.37.0
 	golang.org/x/oauth2 v0.28.0
-	golang.org/x/sync v0.12.0
-	golang.org/x/text v0.23.0
+	golang.org/x/sync v0.13.0
+	golang.org/x/text v0.24.0
 	google.golang.org/api v0.227.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250313205543-e70fdf4c4cb4
 	google.golang.org/grpc v1.71.0
@@ -226,7 +226,7 @@ require (
 	github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.5.0 // indirect
-	golang.org/x/sys v0.31.0
+	golang.org/x/sys v0.32.0
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	nhooyr.io/websocket v1.8.11 // indirect
diff --git a/go.sum b/go.sum
index cb8f0cf4bd..f361fb87fa 100644
--- a/go.sum
+++ b/go.sum
@@ -807,8 +807,8 @@ github.com/zitadel/logging v0.6.2 h1:MW2kDDR0ieQynPZ0KIZPrh9ote2WkxfBif5QoARDQcU
 github.com/zitadel/logging v0.6.2/go.mod h1:z6VWLWUkJpnNVDSLzrPSQSQyttysKZ6bCRongw0ROK4=
 github.com/zitadel/oidc/v3 v3.36.1 h1:1AT1NqKKEqAwx4GmKJZ9fYkWH2WIn/VKMfQ46nBtRf0=
 github.com/zitadel/oidc/v3 v3.36.1/go.mod h1:dApGZLvWZTHRuxmcbQlW5d2XVjVYR3vGOdq536igmTs=
-github.com/zitadel/passwap v0.7.0 h1:TQTr9TV75PLATGICor1g5hZDRNHRvB9t0Hn4XkiR7xQ=
-github.com/zitadel/passwap v0.7.0/go.mod h1:/NakQNYahdU+YFEitVD6mlm8BLfkiIT+IM5wgClRoAY=
+github.com/zitadel/passwap v0.9.0 h1:QvDK8OHKdb73C0m+mwXvu87UJSBqix3oFwTVENHdv80=
+github.com/zitadel/passwap v0.9.0/go.mod h1:6QzwFjDkIr3FfudzSogTOx5Ydhq4046dRJtDM/kX+G8=
 github.com/zitadel/saml v0.3.5 h1:L1RKWS5y66cGepVxUGjx/WSBOtrtSpRA/J3nn5BJLOY=
 github.com/zitadel/saml v0.3.5/go.mod h1:ybs3e4tIWdYgSYBpuCsvf3T4FNDfbXYM+GPv5vIpHYk=
 github.com/zitadel/schema v1.3.1 h1:QT3kwiRIRXXLVAs6gCK/u044WmUVh6IlbLXUsn6yRQU=
@@ -881,8 +881,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
@@ -970,8 +970,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
-golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
+golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1016,8 +1016,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1038,8 +1038,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
diff --git a/internal/crypto/passwap.go b/internal/crypto/passwap.go
index e14c2dfaaf..e4f3313342 100644
--- a/internal/crypto/passwap.go
+++ b/internal/crypto/passwap.go
@@ -14,7 +14,9 @@ import (
 	"github.com/zitadel/passwap/md5plain"
 	"github.com/zitadel/passwap/md5salted"
 	"github.com/zitadel/passwap/pbkdf2"
+	"github.com/zitadel/passwap/phpass"
 	"github.com/zitadel/passwap/scrypt"
+	"github.com/zitadel/passwap/sha2"
 	"github.com/zitadel/passwap/verifier"
 
 	"github.com/zitadel/zitadel/internal/zerrors"
@@ -51,6 +53,8 @@ const (
 	HashNameMd5       HashName = "md5"       // verify only, as hashing with md5 is insecure and deprecated
 	HashNameMd5Plain  HashName = "md5plain"  // verify only, as hashing with md5 is insecure and deprecated
 	HashNameMd5Salted HashName = "md5salted" // verify only, as hashing with md5 is insecure and deprecated
+	HashNamePHPass    HashName = "phpass"    // verify only, as hashing with md5 is insecure and deprecated
+	HashNameSha2      HashName = "sha2"      // hash and verify
 	HashNameScrypt    HashName = "scrypt"    // hash and verify
 	HashNamePBKDF2    HashName = "pbkdf2"    // hash and verify
 )
@@ -125,6 +129,14 @@ var knowVerifiers = map[HashName]prefixVerifier{
 		prefixes: []string{md5salted.Prefix},
 		verifier: md5salted.Verifier,
 	},
+	HashNameSha2: {
+		prefixes: []string{sha2.Sha256Identifier, sha2.Sha512Identifier},
+		verifier: sha2.Verifier,
+	},
+	HashNamePHPass: {
+		prefixes: []string{phpass.IdentifierP, phpass.IdentifierH},
+		verifier: phpass.Verifier,
+	},
 }
 
 func (c *HashConfig) buildVerifiers() (verifiers []verifier.Verifier, prefixes []string, err error) {
@@ -158,9 +170,11 @@ func (c *HasherConfig) buildHasher() (hasher passwap.Hasher, prefixes []string,
 		return c.scrypt()
 	case HashNamePBKDF2:
 		return c.pbkdf2()
+	case HashNameSha2:
+		return c.sha2()
 	case "":
 		return nil, nil, fmt.Errorf("missing hasher algorithm")
-	case HashNameArgon2, HashNameMd5:
+	case HashNameArgon2, HashNameMd5, HashNameMd5Plain, HashNameMd5Salted, HashNamePHPass:
 		fallthrough
 	default:
 		return nil, nil, fmt.Errorf("invalid algorithm %q", c.Algorithm)
@@ -296,6 +310,44 @@ func (c *HasherConfig) pbkdf2() (passwap.Hasher, []string, error) {
 	case HashModeSHA512:
 		return pbkdf2.NewSHA512(p), prefix, nil
 	default:
-		return nil, nil, fmt.Errorf("unsuppored pbkdf2 hash mode: %s", hash)
+		return nil, nil, fmt.Errorf("unsupported pbkdf2 hash mode: %s", hash)
+	}
+}
+
+func (c *HasherConfig) sha2Params() (use512 bool, rounds int, err error) {
+	var dst = struct {
+		Rounds uint32   `mapstructure:"Rounds"`
+		Hash   HashMode `mapstructure:"Hash"`
+	}{}
+	if err := c.decodeParams(&dst); err != nil {
+		return false, 0, fmt.Errorf("decode sha2 params: %w", err)
+	}
+	switch dst.Hash {
+	case HashModeSHA256:
+		use512 = false
+	case HashModeSHA512:
+		use512 = true
+	case HashModeSHA1, HashModeSHA224, HashModeSHA384:
+		fallthrough
+	default:
+		return false, 0, fmt.Errorf("cannot use %s with sha2", dst.Hash)
+	}
+	if dst.Rounds > sha2.RoundsMax {
+		return false, 0, fmt.Errorf("rounds with sha2 cannot be larger than %d", sha2.RoundsMax)
+	} else {
+		rounds = int(dst.Rounds)
+	}
+	return use512, rounds, nil
+}
+
+func (c *HasherConfig) sha2() (passwap.Hasher, []string, error) {
+	use512, rounds, err := c.sha2Params()
+	if err != nil {
+		return nil, nil, err
+	}
+	if use512 {
+		return sha2.New512(rounds), []string{sha2.Sha256Identifier, sha2.Sha512Identifier}, nil
+	} else {
+		return sha2.New256(rounds), []string{sha2.Sha256Identifier, sha2.Sha512Identifier}, nil
 	}
 }
diff --git a/internal/crypto/passwap_test.go b/internal/crypto/passwap_test.go
index b872b0e298..dfcafd1406 100644
--- a/internal/crypto/passwap_test.go
+++ b/internal/crypto/passwap_test.go
@@ -14,6 +14,7 @@ import (
 	"github.com/zitadel/passwap/md5salted"
 	"github.com/zitadel/passwap/pbkdf2"
 	"github.com/zitadel/passwap/scrypt"
+	"github.com/zitadel/passwap/sha2"
 )
 
 func TestPasswordHasher_EncodingSupported(t *testing.T) {
@@ -78,7 +79,9 @@ func TestPasswordHashConfig_PasswordHasher(t *testing.T) {
 					HashNameBcrypt,
 					HashNameMd5,
 					HashNameMd5Salted,
+					HashNamePHPass,
 					HashNameScrypt,
+					HashNameSha2,
 					"foobar",
 				},
 				Hasher: HasherConfig{
@@ -142,6 +145,15 @@ func TestPasswordHashConfig_PasswordHasher(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "invalid phpass",
+			fields: fields{
+				Hasher: HasherConfig{
+					Algorithm: HashNamePHPass,
+				},
+			},
+			wantErr: true,
+		},
 		{
 			name: "invalid argon2",
 			fields: fields{
@@ -357,6 +369,59 @@ func TestPasswordHashConfig_PasswordHasher(t *testing.T) {
 			},
 			wantPrefixes: []string{pbkdf2.Prefix, argon2.Prefix, bcrypt.Prefix, md5.Prefix, md5salted.Prefix},
 		},
+		{
+			name: "sha2, parse error",
+			fields: fields{
+				Hasher: HasherConfig{
+					Algorithm: HashNameSha2,
+					Params: map[string]any{
+						"cost": "bar",
+					},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "pbkdf2, hash mode error",
+			fields: fields{
+				Hasher: HasherConfig{
+					Algorithm: HashNameSha2,
+					Params: map[string]any{
+						"Rounds": 12,
+						"Hash":   "foo",
+					},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "sha2, sha256",
+			fields: fields{
+				Hasher: HasherConfig{
+					Algorithm: HashNameSha2,
+					Params: map[string]any{
+						"Rounds": 12,
+						"Hash":   HashModeSHA256,
+					},
+				},
+				Verifiers: []HashName{HashNameArgon2, HashNameBcrypt, HashNameMd5, HashNameMd5Plain},
+			},
+			wantPrefixes: []string{sha2.Sha256Identifier, sha2.Sha512Identifier, argon2.Prefix, bcrypt.Prefix, md5.Prefix},
+		},
+		{
+			name: "sha2, sha512",
+			fields: fields{
+				Hasher: HasherConfig{
+					Algorithm: HashNameSha2,
+					Params: map[string]any{
+						"Rounds": 12,
+						"Hash":   HashModeSHA512,
+					},
+				},
+				Verifiers: []HashName{HashNameArgon2, HashNameBcrypt, HashNameMd5, HashNameMd5Plain},
+			},
+			wantPrefixes: []string{sha2.Sha256Identifier, sha2.Sha512Identifier, argon2.Prefix, bcrypt.Prefix, md5.Prefix},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -723,3 +788,93 @@ func TestHasherConfig_pbkdf2Params(t *testing.T) {
 		})
 	}
 }
+
+func TestHasherConfig_sha2Params(t *testing.T) {
+	type fields struct {
+		Params map[string]any
+	}
+	tests := []struct {
+		name       string
+		fields     fields
+		want512    bool
+		wantRounds int
+		wantErr    bool
+	}{
+		{
+			name: "decode error",
+			fields: fields{
+				Params: map[string]any{
+					"foo": "bar",
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "sha1",
+			fields: fields{
+				Params: map[string]any{
+					"Rounds": 12,
+					"Hash":   "sha1",
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "sha224",
+			fields: fields{
+				Params: map[string]any{
+					"Rounds": 12,
+					"Hash":   "sha224",
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "sha256",
+			fields: fields{
+				Params: map[string]any{
+					"Rounds": 5000,
+					"Hash":   "sha256",
+				},
+			},
+			want512:    false,
+			wantRounds: 5000,
+		},
+		{
+			name: "sha384",
+			fields: fields{
+				Params: map[string]any{
+					"Rounds": 12,
+					"Hash":   "sha384",
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "sha512",
+			fields: fields{
+				Params: map[string]any{
+					"Rounds": 15000,
+					"Hash":   "sha512",
+				},
+			},
+			want512:    true,
+			wantRounds: 15000,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &HasherConfig{
+				Params: tt.fields.Params,
+			}
+			got512, gotRounds, err := c.sha2Params()
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.Equal(t, tt.want512, got512)
+			assert.Equal(t, tt.wantRounds, gotRounds)
+		})
+	}
+}

From 056b01f78d64a57d1f877a0d97f16d7f9295705e Mon Sep 17 00:00:00 2001
From: Daniel Fabian <67621761+FabianDaniel00@users.noreply.github.com>
Date: Mon, 19 May 2025 09:11:54 +0200
Subject: [PATCH 054/123] fix: typoe in "Migrate from ZITADEL" documentation
 (#9867)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# Which Problems Are Solved

- Fixed a typoe in ["Migrate from ZITADEL"
documentation](https://zitadel.com/docs/guides/migrate/sources/zitadel#authorization)

Co-authored-by: Fabienne Bühler <fabienne@zitadel.com>
---
 docs/docs/guides/migrate/sources/zitadel.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/docs/guides/migrate/sources/zitadel.md b/docs/docs/guides/migrate/sources/zitadel.md
index 8a8dd60a3d..99b6e1d64e 100644
--- a/docs/docs/guides/migrate/sources/zitadel.md
+++ b/docs/docs/guides/migrate/sources/zitadel.md
@@ -40,7 +40,7 @@ You need a PAT from a service user with IAM Owner permissions in both the source
 4. Go to the Default settings
 5. Add the import_user as [manager](/docs/guides/manage/console/managers) with the role "IAM Owner"
 
-Save the PAT to the environment variabel `PAT_EXPORT_TOKEN` and the source domain as `ZITADEL_EXPORT_DOMAIN` to run the following scripts.
+Save the PAT to the environment variable `PAT_EXPORT_TOKEN` and the source domain as `ZITADEL_EXPORT_DOMAIN` to run the following scripts.
 
 ### Target system
 
@@ -50,7 +50,7 @@ Save the PAT to the environment variabel `PAT_EXPORT_TOKEN` and the source domai
 4. Go to the Default settings
 5. Add the export_user as [manager](/docs/guides/manage/console/managers) with the role "IAM Owner"
 
-Save the PAT to the environment variabel `PAT_IMPORT_TOKEN` and the source domain as `ZITADEL_IMPORT_DOMAIN` to run the following scripts.
+Save the PAT to the environment variable `PAT_IMPORT_TOKEN` and the source domain as `ZITADEL_IMPORT_DOMAIN` to run the following scripts.
 
 :::warning Clean-up
 You should let the PAT expire as soon as possible.

From 1b2fd23e0b6fe21e144df85e449cf45b59bb4ed9 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Mon, 19 May 2025 11:25:17 +0200
Subject: [PATCH 055/123] fix: idp user information mapping (#9892)

# Which Problems Are Solved

When retrieving the information of an IdP intent, depending on the IdP
type (e.g. Apple), there was issue when mapping the stored (event)
information back to the specific IdP type, potentially leading to a
panic.

# How the Problems Are Solved

- Correctly initialize the user struct to map the information to.

# Additional Changes

none

# Additional Context

- reported by a support request
- needs backport to 3.x and 2.x
---
 internal/api/grpc/user/v2/intent.go     | 8 ++++----
 internal/idp/providers/apple/session.go | 4 ++++
 internal/idp/providers/google/google.go | 4 ++++
 internal/idp/providers/oidc/session.go  | 4 ++++
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/internal/api/grpc/user/v2/intent.go b/internal/api/grpc/user/v2/intent.go
index 8043a9bdae..afb34deb83 100644
--- a/internal/api/grpc/user/v2/intent.go
+++ b/internal/api/grpc/user/v2/intent.go
@@ -167,11 +167,11 @@ func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.R
 		var idpUser idp.User
 		switch p := provider.(type) {
 		case *apple.Provider:
-			idpUser, err = unmarshalIdpUser(intent.IDPUser, &apple.User{})
+			idpUser, err = unmarshalIdpUser(intent.IDPUser, apple.InitUser())
 		case *oauth.Provider:
 			idpUser, err = unmarshalRawIdpUser(intent.IDPUser, p.User())
 		case *oidc.Provider:
-			idpUser, err = unmarshalIdpUser(intent.IDPUser, &oidc.User{UserInfo: &oidc_pkg.UserInfo{}})
+			idpUser, err = unmarshalIdpUser(intent.IDPUser, oidc.InitUser())
 		case *jwt.Provider:
 			idpUser, err = unmarshalIdpUser(intent.IDPUser, &jwt.User{})
 		case *azuread.Provider:
@@ -179,9 +179,9 @@ func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.R
 		case *github.Provider:
 			idpUser, err = unmarshalIdpUser(intent.IDPUser, &github.User{})
 		case *gitlab.Provider:
-			idpUser, err = unmarshalIdpUser(intent.IDPUser, &oidc.User{UserInfo: &oidc_pkg.UserInfo{}})
+			idpUser, err = unmarshalIdpUser(intent.IDPUser, oidc.InitUser())
 		case *google.Provider:
-			idpUser, err = unmarshalIdpUser(intent.IDPUser, &google.User{User: &oidc.User{UserInfo: &oidc_pkg.UserInfo{}}})
+			idpUser, err = unmarshalIdpUser(intent.IDPUser, google.InitUser())
 		case *saml.Provider:
 			idpUser, err = unmarshalIdpUser(intent.IDPUser, &saml.UserMapper{})
 		case *ldap.Provider:
diff --git a/internal/idp/providers/apple/session.go b/internal/idp/providers/apple/session.go
index 9395d84b2b..99794d18a2 100644
--- a/internal/idp/providers/apple/session.go
+++ b/internal/idp/providers/apple/session.go
@@ -60,6 +60,10 @@ func NewUser(info *openid.UserInfo, names userNamesFormValue) *User {
 	return &User{User: user}
 }
 
+func InitUser() idp.User {
+	return &User{User: oidc.InitUser()}
+}
+
 // User extends the [oidc.User] by returning the email as preferred_username, since Apple does not return the latter.
 type User struct {
 	*oidc.User
diff --git a/internal/idp/providers/google/google.go b/internal/idp/providers/google/google.go
index 221f2b61ae..083d4aef62 100644
--- a/internal/idp/providers/google/google.go
+++ b/internal/idp/providers/google/google.go
@@ -34,6 +34,10 @@ var userMapper = func(info *openid.UserInfo) idp.User {
 	return &User{oidc.DefaultMapper(info)}
 }
 
+func InitUser() idp.User {
+	return &User{oidc.InitUser()}
+}
+
 // User is a representation of the authenticated Google and implements the [idp.User] interface
 // by wrapping an [idp.User] (implemented by [oidc.User]). It overwrites the [GetPreferredUsername] to use the `email` claim.
 type User struct {
diff --git a/internal/idp/providers/oidc/session.go b/internal/idp/providers/oidc/session.go
index 430a14e5bb..9e1e55baf5 100644
--- a/internal/idp/providers/oidc/session.go
+++ b/internal/idp/providers/oidc/session.go
@@ -96,6 +96,10 @@ func NewUser(info *oidc.UserInfo) *User {
 	return &User{UserInfo: info}
 }
 
+func InitUser() *User {
+	return &User{UserInfo: &oidc.UserInfo{}}
+}
+
 type User struct {
 	*oidc.UserInfo
 }

From 968d91a3e0a745fda5b6dfbffdbf1dee8f1306a6 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Mon, 19 May 2025 12:16:49 +0200
Subject: [PATCH 056/123] chore: update dependencies (#9784)

# Which Problems Are Solved

Some dependencies are out of date and published new version including
(unaffected) vulnerability fixes.

# How the Problems Are Solved

- Updated at least all direct dependencies apart from i18n, webauthn
(existing issues),
  -  crewjam (https://github.com/zitadel/zitadel/issues/9783) and
- github.com/gorilla/csrf (https://github.com/gorilla/csrf/issues/190,
https://github.com/gorilla/csrf/issues/189,
https://github.com/gorilla/csrf/issues/188,
https://github.com/gorilla/csrf/issues/187,
https://github.com/gorilla/csrf/issues/186)
      -  noteworthy: https://github.com/golang/go/issues/73626
- Some dependencies require Go 1.24, which triggered an update for
zitadel to go 1.24 as well.

# Additional Changes

None

# Additional Context

None
---
 .github/workflows/build.yml                   |   2 +-
 go.mod                                        |  90 ++++---
 go.sum                                        | 254 +++++++-----------
 internal/api/oidc/error.go                    |   9 +-
 internal/protoc/protoc-gen-authoption/main.go |   2 +-
 internal/query/auth_request_test.go           |   5 +-
 internal/query/saml_request_test.go           |   5 +-
 7 files changed, 150 insertions(+), 217 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c5e99b95b9..f06c4a959c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -72,7 +72,7 @@ jobs:
     with:
       node_version: "18"
       buf_version: "latest"
-      go_lint_version: "v1.62.2"
+      go_lint_version: "v1.64.8"
       core_cache_key: ${{ needs.core.outputs.cache_key }}
       core_cache_path: ${{ needs.core.outputs.cache_path }}
 
diff --git a/go.mod b/go.mod
index 00f65c1331..ec86708942 100644
--- a/go.mod
+++ b/go.mod
@@ -1,10 +1,12 @@
 module github.com/zitadel/zitadel
 
-go 1.23.7
+go 1.24
+
+toolchain go1.24.1
 
 require (
 	cloud.google.com/go/profiler v0.4.2
-	cloud.google.com/go/storage v1.51.0
+	cloud.google.com/go/storage v1.54.0
 	github.com/BurntSushi/toml v1.5.0
 	github.com/DATA-DOG/go-sqlmock v1.5.2
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.27.0
@@ -20,15 +22,15 @@ require (
 	github.com/crewjam/saml v0.4.14
 	github.com/descope/virtualwebauthn v1.0.3
 	github.com/dop251/goja v0.0.0-20250309171923-bcd7cc6bf64c
-	github.com/dop251/goja_nodejs v0.0.0-20250314160716-c55ecee183c0
+	github.com/dop251/goja_nodejs v0.0.0-20250409162600-f7acab6894b0
 	github.com/drone/envsubst v1.0.3
 	github.com/envoyproxy/protoc-gen-validate v1.2.1
 	github.com/fatih/color v1.18.0
 	github.com/fergusstrange/embedded-postgres v1.30.0
-	github.com/gabriel-vasile/mimetype v1.4.8
+	github.com/gabriel-vasile/mimetype v1.4.9
 	github.com/go-chi/chi/v5 v5.2.1
-	github.com/go-jose/go-jose/v4 v4.0.5
-	github.com/go-ldap/ldap/v3 v3.4.10
+	github.com/go-jose/go-jose/v4 v4.1.0
+	github.com/go-ldap/ldap/v3 v3.4.11
 	github.com/go-webauthn/webauthn v0.10.2
 	github.com/goccy/go-json v0.10.5
 	github.com/golang/protobuf v1.5.4
@@ -43,36 +45,36 @@ require (
 	github.com/h2non/gock v1.2.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/improbable-eng/grpc-web v0.15.0
-	github.com/jackc/pgx/v5 v5.7.3
+	github.com/jackc/pgx/v5 v5.7.5
 	github.com/jarcoal/jpath v0.0.0-20140328210829-f76b8b2dbf52
 	github.com/jinzhu/gorm v1.9.16
 	github.com/k3a/html2text v1.2.1
 	github.com/lucasb-eyer/go-colorful v1.2.0
-	github.com/minio/minio-go/v7 v7.0.88
+	github.com/minio/minio-go/v7 v7.0.91
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/muesli/gamut v0.3.1
 	github.com/muhlemmer/gu v0.3.1
 	github.com/muhlemmer/httpforwarded v0.1.0
 	github.com/nicksnyder/go-i18n/v2 v2.4.0
-	github.com/pashagolub/pgxmock/v4 v4.6.0
-	github.com/pquerna/otp v1.4.0
+	github.com/pashagolub/pgxmock/v4 v4.7.0
+	github.com/pquerna/otp v1.5.0
 	github.com/rakyll/statik v0.1.7
-	github.com/redis/go-redis/v9 v9.7.3
-	github.com/riverqueue/river v0.19.0
-	github.com/riverqueue/river/riverdriver v0.19.0
-	github.com/riverqueue/river/rivertype v0.19.0
+	github.com/redis/go-redis/v9 v9.8.0
+	github.com/riverqueue/river v0.22.0
+	github.com/riverqueue/river/riverdriver v0.22.0
+	github.com/riverqueue/river/rivertype v0.22.0
 	github.com/rs/cors v1.11.1
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
 	github.com/sony/gobreaker/v2 v2.1.0
-	github.com/sony/sonyflake v1.2.0
+	github.com/sony/sonyflake v1.2.1
 	github.com/spf13/cobra v1.9.1
-	github.com/spf13/viper v1.20.0
+	github.com/spf13/viper v1.20.1
 	github.com/stretchr/testify v1.10.0
 	github.com/ttacon/libphonenumber v1.2.1
-	github.com/twilio/twilio-go v1.24.1
+	github.com/twilio/twilio-go v1.26.1
 	github.com/zitadel/exifremove v0.1.0
 	github.com/zitadel/logging v0.6.2
-	github.com/zitadel/oidc/v3 v3.36.1
+	github.com/zitadel/oidc/v3 v3.37.0
 	github.com/zitadel/passwap v0.9.0
 	github.com/zitadel/saml v0.3.5
 	github.com/zitadel/schema v1.3.1
@@ -86,26 +88,26 @@ require (
 	go.opentelemetry.io/otel/sdk v1.35.0
 	go.opentelemetry.io/otel/sdk/metric v1.35.0
 	go.opentelemetry.io/otel/trace v1.35.0
-	go.uber.org/mock v0.5.0
-	golang.org/x/crypto v0.37.0
-	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394
-	golang.org/x/net v0.37.0
-	golang.org/x/oauth2 v0.28.0
-	golang.org/x/sync v0.13.0
-	golang.org/x/text v0.24.0
-	google.golang.org/api v0.227.0
-	google.golang.org/genproto/googleapis/api v0.0.0-20250313205543-e70fdf4c4cb4
-	google.golang.org/grpc v1.71.0
-	google.golang.org/protobuf v1.36.5
+	go.uber.org/mock v0.5.2
+	golang.org/x/crypto v0.38.0
+	golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6
+	golang.org/x/net v0.40.0
+	golang.org/x/oauth2 v0.30.0
+	golang.org/x/sync v0.14.0
+	golang.org/x/text v0.25.0
+	google.golang.org/api v0.233.0
+	google.golang.org/genproto/googleapis/api v0.0.0-20250512202823-5a2f75b736a9
+	google.golang.org/grpc v1.72.1
+	google.golang.org/protobuf v1.36.6
 	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
-	cel.dev/expr v0.19.2 // indirect
-	cloud.google.com/go/auth v0.15.0 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
+	cel.dev/expr v0.20.0 // indirect
+	cloud.google.com/go/auth v0.16.1 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
 	cloud.google.com/go/monitoring v1.24.0 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0 // indirect
 	github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 // indirect
@@ -130,7 +132,7 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
@@ -140,29 +142,31 @@ require (
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
-	github.com/riverqueue/river/rivershared v0.19.0 // indirect
+	github.com/riverqueue/river/rivershared v0.22.0 // indirect
 	github.com/sagikazarmark/locafero v0.7.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
 	github.com/tidwall/gjson v1.18.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/tidwall/sjson v1.2.5 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/yuin/gopher-lua v1.1.1 // indirect
+	github.com/zeebo/errs v1.4.0 // indirect
 	github.com/zenazn/goji v1.0.1 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/detectors/gcp v1.34.0 // indirect
+	go.opentelemetry.io/contrib/detectors/gcp v1.35.0 // indirect
 	go.uber.org/goleak v1.3.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
 	google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2 // indirect
 )
 
 require (
-	cloud.google.com/go v0.118.3 // indirect
+	cloud.google.com/go v0.121.0 // indirect
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
-	cloud.google.com/go/iam v1.4.1 // indirect
+	cloud.google.com/go/iam v1.5.2 // indirect
 	cloud.google.com/go/trace v1.11.3 // indirect
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
 	github.com/amdonov/xmlsig v0.1.0 // indirect
@@ -185,7 +189,7 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-errors/errors v1.5.1 // indirect
 	github.com/go-sourcemap/sourcemap v2.1.4+incompatible // indirect
 	github.com/go-xmlfmt/xmlfmt v1.1.3 // indirect
@@ -201,7 +205,7 @@ require (
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jonboulle/clockwork v0.4.0
-	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
@@ -213,7 +217,7 @@ require (
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/riverqueue/river/riverdriver/riverpgxv5 v0.19.0
+	github.com/riverqueue/river/riverdriver/riverpgxv5 v0.22.0
 	github.com/rs/xid v1.6.0 // indirect
 	github.com/russellhaering/goxmldsig v1.4.0 // indirect
 	github.com/sirupsen/logrus v1.9.3
@@ -226,7 +230,7 @@ require (
 	github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.5.0 // indirect
-	golang.org/x/sys v0.32.0
+	golang.org/x/sys v0.33.0
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	nhooyr.io/websocket v1.8.11 // indirect
diff --git a/go.sum b/go.sum
index f361fb87fa..6d54730acd 100644
--- a/go.sum
+++ b/go.sum
@@ -1,27 +1,27 @@
-cel.dev/expr v0.19.2 h1:V354PbqIXr9IQdwy4SYA4xa0HXaWq1BUPAGzugBY5V4=
-cel.dev/expr v0.19.2/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
+cel.dev/expr v0.20.0 h1:OunBvVCfvpWlt4dN7zg3FM6TDkzOePe1+foGJ9AXeeI=
+cel.dev/expr v0.20.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.118.3 h1:jsypSnrE/w4mJysioGdMBg4MiW/hHx/sArFpaBWHdME=
-cloud.google.com/go v0.118.3/go.mod h1:Lhs3YLnBlwJ4KA6nuObNMZ/fCbOQBPuWKPoE0Wa/9Vc=
-cloud.google.com/go/auth v0.15.0 h1:Ly0u4aA5vG/fsSsxu98qCQBemXtAtJf+95z9HK+cxps=
-cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8=
-cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M=
-cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc=
+cloud.google.com/go v0.121.0 h1:pgfwva8nGw7vivjZiRfrmglGWiCJBP+0OmDpenG/Fwg=
+cloud.google.com/go v0.121.0/go.mod h1:rS7Kytwheu/y9buoDmu5EIpMMCI4Mb8ND4aeN4Vwj7Q=
+cloud.google.com/go/auth v0.16.1 h1:XrXauHMd30LhQYVRHLGvJiYeczweKQXZxsTbV9TiguU=
+cloud.google.com/go/auth v0.16.1/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI=
+cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
+cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
 cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
 cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
-cloud.google.com/go/iam v1.4.1 h1:cFC25Nv+u5BkTR/BT1tXdoF2daiVbZ1RLx2eqfQ9RMM=
-cloud.google.com/go/iam v1.4.1/go.mod h1:2vUEJpUG3Q9p2UdsyksaKpDzlwOrnMzS30isdReIcLM=
+cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8=
+cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE=
 cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc=
 cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA=
-cloud.google.com/go/longrunning v0.6.5 h1:sD+t8DO8j4HKW4QfouCklg7ZC1qC4uzVZt8iz3uTW+Q=
-cloud.google.com/go/longrunning v0.6.5/go.mod h1:Et04XK+0TTLKa5IPYryKf5DkpwImy6TluQ1QTLwlKmY=
+cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE=
+cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY=
 cloud.google.com/go/monitoring v1.24.0 h1:csSKiCJ+WVRgNkRzzz3BPoGjFhjPY23ZTcaenToJxMM=
 cloud.google.com/go/monitoring v1.24.0/go.mod h1:Bd1PRK5bmQBQNnuGwHBfUamAV1ys9049oEPHnn4pcsc=
 cloud.google.com/go/profiler v0.4.2 h1:KojCmZ+bEPIQrd7bo2UFvZ2xUPLHl55KzHl7iaR4V2I=
 cloud.google.com/go/profiler v0.4.2/go.mod h1:7GcWzs9deJHHdJ5J9V1DzKQ9JoIoTGhezwlLbwkOoCs=
-cloud.google.com/go/storage v1.51.0 h1:ZVZ11zCiD7b3k+cH5lQs/qcNaoSz3U9I0jgwVzqDlCw=
-cloud.google.com/go/storage v1.51.0/go.mod h1:YEJfu/Ki3i5oHC/7jyTgsGZwdQ8P9hqMqvpi5kRKGgc=
+cloud.google.com/go/storage v1.54.0 h1:Du3XEyliAiftfyW0bwfdppm2MMLdpVAfiIg4T2nAI+0=
+cloud.google.com/go/storage v1.54.0/go.mod h1:hIi9Boe8cHxTyaeqh7KMMwKg088VblFK46C2x/BWaZE=
 cloud.google.com/go/trace v1.11.3 h1:c+I4YFjxRQjvAhRmSsmjpASUKq88chOX854ied0K/pE=
 cloud.google.com/go/trace v1.11.3/go.mod h1:pt7zCYiDSQjC9Y2oqCsh9jF4GStB/hmjrYLsxRR27q8=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
@@ -33,8 +33,8 @@ github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
 github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 h1:3c8yed4lgqTt+oTQ+JNMDo+F4xprBf+O/il4ZC0nRLw=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 h1:ErKg/3iS1AKcTkf3yixlZ54f9U1rljCkQyEXWUnIUxc=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0/go.mod h1:yAZHSGnqScoU556rBOVkwLze6WP5N+U11RHuWaGVxwY=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 h1:fYE9p3esPxA/C0rQ0AHhP0drtPXDRhaWiwg1DPqO7IU=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0/go.mod h1:BnBReJLvVYx2CS/UHOgVz2BXKXD9wsQPxZug20nZhd0=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.27.0 h1:Jtr816GUk6+I2ox9L/v+VcOwN6IyGOEDTSNHfD6m9sY=
@@ -157,8 +157,8 @@ github.com/dlclark/regexp2 v1.11.4 h1:rPYF9/LECdNymJufQKmri9gV604RvvABwgOA8un7yA
 github.com/dlclark/regexp2 v1.11.4/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/dop251/goja v0.0.0-20250309171923-bcd7cc6bf64c h1:mxWGS0YyquJ/ikZOjSrRjjFIbUqIP9ojyYQ+QZTU3Rg=
 github.com/dop251/goja v0.0.0-20250309171923-bcd7cc6bf64c/go.mod h1:MxLav0peU43GgvwVgNbLAj1s/bSGboKkhuULvq/7hx4=
-github.com/dop251/goja_nodejs v0.0.0-20250314160716-c55ecee183c0 h1:jTwdYTGERaZ/3+glBUVQZV2NwGodd9HlkXJbTBUPLLo=
-github.com/dop251/goja_nodejs v0.0.0-20250314160716-c55ecee183c0/go.mod h1:Tb7Xxye4LX7cT3i8YLvmPMGCV92IOi4CDZvm/V8ylc0=
+github.com/dop251/goja_nodejs v0.0.0-20250409162600-f7acab6894b0 h1:fuHXpEVTTk7TilRdfGRLHpiTD6tnT0ihEowCfWjlFvw=
+github.com/dop251/goja_nodejs v0.0.0-20250409162600-f7acab6894b0/go.mod h1:Tb7Xxye4LX7cT3i8YLvmPMGCV92IOi4CDZvm/V8ylc0=
 github.com/drone/envsubst v1.0.3 h1:PCIBwNDYjs50AsLZPYdfhSATKaRg/FJmDc2D6+C2x8g=
 github.com/drone/envsubst v1.0.3/go.mod h1:N2jZmlMufstn1KEqvbHjw40h1KyTmnVzHcSc9bFiJ2g=
 github.com/dsoprea/go-exif v0.0.0-20230826092837-6579e82b732d h1:ygcRCGNKuEiA98k7X35hknEN8RIRUF1jrz7k1rZCvsk=
@@ -225,13 +225,13 @@ github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/
 github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
-github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
+github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
-github.com/go-asn1-ber/asn1-ber v1.5.7 h1:DTX+lbVTWaTw1hQ+PbZPlnDZPEIs0SS/GCZAl535dDk=
-github.com/go-asn1-ber/asn1-ber v1.5.7/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
+github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
+github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
 github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
@@ -242,14 +242,14 @@ github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3Bop
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
-github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
-github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
+github.com/go-jose/go-jose/v4 v4.1.0 h1:cYSYxd3pw5zd2FSXk2vGdn9igQU2PS8MuxrCOCl0FdY=
+github.com/go-jose/go-jose/v4 v4.1.0/go.mod h1:GG/vqmYm3Von2nYiB2vGTXzdoNKE5tix5tuc6iAd+sw=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-ldap/ldap/v3 v3.4.10 h1:ot/iwPOhfpNVgB1o+AVXljizWZ9JTp7YF5oeyONmcJU=
-github.com/go-ldap/ldap/v3 v3.4.10/go.mod h1:JXh4Uxgi40P6E9rdsYqpUtbW46D9UTjJ9QSwGRznplY=
+github.com/go-ldap/ldap/v3 v3.4.11 h1:4k0Yxweg+a3OyBLjdYn5OKglv18JNvfDykSoI8bW0gU=
+github.com/go-ldap/ldap/v3 v3.4.11/go.mod h1:bY7t0FLK8OAVpp/vV6sSlpz3EQDGcQwc8pF0ujLgKvM=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
@@ -298,7 +298,6 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
 github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
 github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
@@ -342,7 +341,6 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk=
@@ -378,10 +376,8 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/schema v1.4.1 h1:jUg5hUjCSDZpNGLuXQOgIWGdlgrIdYvgQ0wZtdK1M3E=
 github.com/gorilla/schema v1.4.1/go.mod h1:Dg5SSm5PV60mhF2NFaTV1xuYYj8tV8NOPRo4FggUMnM=
-github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
-github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
@@ -418,7 +414,6 @@ github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerX
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
@@ -441,14 +436,14 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
-github.com/jackc/pgerrcode v0.0.0-20220416144525-469b46aa5efa h1:s+4MhCQ6YrzisK6hFJUX53drDT4UsSW3DEhKn0ifuHw=
-github.com/jackc/pgerrcode v0.0.0-20220416144525-469b46aa5efa/go.mod h1:a/s9Lp5W7n/DD0VrVoyJ00FbP2ytTPDVOivvn2bMlds=
+github.com/jackc/pgerrcode v0.0.0-20240316143900-6e2875d9b438 h1:Dj0L5fhJ9F82ZJyVOmBx6msDp/kfd1t9GRfny/mfJA0=
+github.com/jackc/pgerrcode v0.0.0-20240316143900-6e2875d9b438/go.mod h1:a/s9Lp5W7n/DD0VrVoyJ00FbP2ytTPDVOivvn2bMlds=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.7.3 h1:PO1wNKj/bTAwxSJnO1Z4Ai8j4magtqg2SLNjEDzcXQo=
-github.com/jackc/pgx/v5 v5.7.3/go.mod h1:ncY89UGWxg82EykZUwSpUKEfccBGGYq1xjrOpsbsfGQ=
+github.com/jackc/pgx/v5 v5.7.5 h1:JHGfMnQY+IEtGM63d+NGMjoRpysB2JBwDr5fsngwmJs=
+github.com/jackc/pgx/v5 v5.7.5/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jarcoal/jpath v0.0.0-20140328210829-f76b8b2dbf52 h1:jny9eqYPwkG8IVy7foUoRjQmFLcArCSz+uPsL6KS0HQ=
@@ -498,11 +493,11 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/kisielk/sqlstruct v0.0.0-20201105191214-5f3e10d3ab46/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
-github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
-github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
+github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
+github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
@@ -553,8 +548,8 @@ github.com/minio/crc64nvme v1.0.1 h1:DHQPrYPdqK7jQG/Ls5CTBZWeex/2FMS3G5XGkycuFrY
 github.com/minio/crc64nvme v1.0.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.88 h1:v8MoIJjwYxOkehp+eiLIuvXk87P2raUtoU5klrAAshs=
-github.com/minio/minio-go/v7 v7.0.88/go.mod h1:33+O8h0tO7pCeCWwBVa07RhVVfB/3vS4kEX7rwYKmIg=
+github.com/minio/minio-go/v7 v7.0.91 h1:tWLZnEfo3OZl5PoXQwcwTAPNNrjyWwOh6cbZitW5JQc=
+github.com/minio/minio-go/v7 v7.0.91/go.mod h1:uvMUcGrpgeSAAI6+sD3818508nUyMULw94j2Nxku/Go=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
@@ -614,8 +609,8 @@ github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnh
 github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
 github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pashagolub/pgxmock/v4 v4.6.0 h1:ds0hIs+bJtkfo01vqjp0BOFirjt4Ea8XV082uorzM3w=
-github.com/pashagolub/pgxmock/v4 v4.6.0/go.mod h1:9VoVHXwS3XR/yPtKGzwQvwZX1kzGB9sM8SviDcHDa3A=
+github.com/pashagolub/pgxmock/v4 v4.7.0 h1:de2ORuFYyjwOQR7NBm57+321RnZxpYiuUjsmqRiqgh8=
+github.com/pashagolub/pgxmock/v4 v4.7.0/go.mod h1:9L57pC193h2aKRHVyiiE817avasIPZnPwPlw3JczWvM=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
 github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
@@ -634,8 +629,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg=
-github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
+github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
+github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
@@ -669,22 +664,22 @@ github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoG
 github.com/rakyll/statik v0.1.7 h1:OF3QCZUuyPxuGEP7B4ypUa7sB/iHtqOTDYZXGM8KOdQ=
 github.com/rakyll/statik v0.1.7/go.mod h1:AlZONWzMtEnMs7W4e/1LURLiI49pIMmp6V9Unghqrcc=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0wM=
-github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA=
+github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhicI=
+github.com/redis/go-redis/v9 v9.8.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
 github.com/redis/rueidis v1.0.19 h1:s65oWtotzlIFN8eMPhyYwxlwLR1lUdhza2KtWprKYSo=
 github.com/redis/rueidis v1.0.19/go.mod h1:8B+r5wdnjwK3lTFml5VtxjzGOQAC+5UmujoD12pDrEo=
-github.com/riverqueue/river v0.19.0 h1:WRh/NXhp+WEEY0HpCYgr4wSRllugYBt30HtyQ3jlz08=
-github.com/riverqueue/river v0.19.0/go.mod h1:YJ7LA2uBdqFHQJzKyYc+X6S04KJeiwsS1yU5a1rynlk=
-github.com/riverqueue/river/riverdriver v0.19.0 h1:NyHz5DfB13paT2lvaO0CKmwy4SFLbA7n6MFRGRtwii4=
-github.com/riverqueue/river/riverdriver v0.19.0/go.mod h1:Soxi08hHkEvopExAp6ADG2437r4coSiB4QpuIL5E28k=
-github.com/riverqueue/river/riverdriver/riverdatabasesql v0.19.0 h1:ytdPnueiv7ANxJcntBtYenrYZZLY5P0mXoDV0l4WsLk=
-github.com/riverqueue/river/riverdriver/riverdatabasesql v0.19.0/go.mod h1:5Fahb3n+m1V0RAb0JlOIpzimoTlkOgudMfxSSCTcmFk=
-github.com/riverqueue/river/riverdriver/riverpgxv5 v0.19.0 h1:QWg7VTDDXbtTF6srr7Y1C888PiNzqv379yQuNSnH2hg=
-github.com/riverqueue/river/riverdriver/riverpgxv5 v0.19.0/go.mod h1:uvF1YS+iSQavCIHtaB/Y6O8A6Dnn38ctVQCpCpmHDZE=
-github.com/riverqueue/river/rivershared v0.19.0 h1:TZvFM6CC+QgwQQUMQ5Ueuhx25ptgqcKqZQGsdLJnFeE=
-github.com/riverqueue/river/rivershared v0.19.0/go.mod h1:JAvmohuC5lounVk8e3zXZIs07Da3klzEeJo1qDQIbjw=
-github.com/riverqueue/river/rivertype v0.19.0 h1:5rwgdh21pVcU9WjrHIIO9qC2dOMdRrrZ/HZZOE0JRyY=
-github.com/riverqueue/river/rivertype v0.19.0/go.mod h1:DETcejveWlq6bAb8tHkbgJqmXWVLiFhTiEm8j7co1bE=
+github.com/riverqueue/river v0.22.0 h1:PO4Ula2RqViQqNs6xjze7yFV6Zq4T3Ffv092+f4S8xQ=
+github.com/riverqueue/river v0.22.0/go.mod h1:IRoWoK4RGCiPuVJUV4EWcCl9d/TMQYkk0EEYV/Wgq+U=
+github.com/riverqueue/river/riverdriver v0.22.0 h1:i7OSFkUi6x4UKvttdFOIg7NYLYaBOFLJZvkZ0+JWS/8=
+github.com/riverqueue/river/riverdriver v0.22.0/go.mod h1:oNdjJCeAJhN/UiZGLNL+guNqWaxMFuSD4lr5x/v/was=
+github.com/riverqueue/river/riverdriver/riverdatabasesql v0.22.0 h1:+no3gToOK9SmWg0pDPKfOGSCsrxqqaFdD8K1NQndRbY=
+github.com/riverqueue/river/riverdriver/riverdatabasesql v0.22.0/go.mod h1:mygiHa1dnlKRjxT1//wIvfT2fMTbfXKm37NcsxoyBoQ=
+github.com/riverqueue/river/riverdriver/riverpgxv5 v0.22.0 h1:2TWbVL73gipJ2/4JNCQbifaNj+BCC/Zxpp30o1D8RTg=
+github.com/riverqueue/river/riverdriver/riverpgxv5 v0.22.0/go.mod h1:TZY/BG8w/nDxkraAEvvgyVupIz0b4+PQVUW0kIiy1fc=
+github.com/riverqueue/river/rivershared v0.22.0 h1:hLPHr98d6OEfmUJ4KpIXgoy2tbQ14htWILcRBHJF11U=
+github.com/riverqueue/river/rivershared v0.22.0/go.mod h1:BK+hvhECfdDLWNDH3xiGI95m2YoPfVtECZLT+my8XM8=
+github.com/riverqueue/river/rivertype v0.22.0 h1:rSRhbd5uV/BaFTPxReCxuYTAzx+/riBZJlZdREADvO4=
+github.com/riverqueue/river/rivertype v0.22.0/go.mod h1:lmdl3vLNDfchDWbYdW2uAocIuwIN+ZaXqAukdSCFqWs=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
@@ -725,8 +720,8 @@ github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4k
 github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
 github.com/sony/gobreaker/v2 v2.1.0 h1:av2BnjtRmVPWBvy5gSFPytm1J8BmN5AGhq875FfGKDM=
 github.com/sony/gobreaker/v2 v2.1.0/go.mod h1:dO3Q/nCzxZj6ICjH6J/gM0r4oAwBMVLY8YAQf+NTtUg=
-github.com/sony/sonyflake v1.2.0 h1:Pfr3A+ejSg+0SPqpoAmQgEtNDAhc2G1SUYk205qVMLQ=
-github.com/sony/sonyflake v1.2.0/go.mod h1:LORtCywH/cq10ZbyfhKrHYgAUGH7mOBa76enV9txy/Y=
+github.com/sony/sonyflake v1.2.1 h1:Jzo4abS84qVNbYamXZdrZF1/6TzNJjEogRfXv7TsG48=
+github.com/sony/sonyflake v1.2.1/go.mod h1:LORtCywH/cq10ZbyfhKrHYgAUGH7mOBa76enV9txy/Y=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs=
@@ -740,23 +735,20 @@ github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
 github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.20.0 h1:zrxIyR3RQIOsarIrgL8+sAvALXul9jeEPa06Y0Ph6vY=
-github.com/spf13/viper v1.20.0/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
+github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4=
+github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
+github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE=
+github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g=
 github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stvp/tempredis v0.0.0-20181119212430-b82af8480203 h1:QVqDTf3h2WHt08YuiTGPZLls0Wq99X9bWd0Q5ZSBesM=
@@ -778,8 +770,8 @@ github.com/ttacon/builder v0.0.0-20170518171403-c099f663e1c2 h1:5u+EJUQiosu3JFX0
 github.com/ttacon/builder v0.0.0-20170518171403-c099f663e1c2/go.mod h1:4kyMkleCiLkgY6z8gK5BkI01ChBtxR0ro3I1ZDcGM3w=
 github.com/ttacon/libphonenumber v1.2.1 h1:fzOfY5zUADkCkbIafAed11gL1sW+bJ26p6zWLBMElR4=
 github.com/ttacon/libphonenumber v1.2.1/go.mod h1:E0TpmdVMq5dyVlQ7oenAkhsLu86OkUl+yR4OAxyEg/M=
-github.com/twilio/twilio-go v1.24.1 h1:bpBL1j5GRdJGSG+tCdo0O94BwK4uDOHQuNT5ndzljPg=
-github.com/twilio/twilio-go v1.24.1/go.mod h1:zRkMjudW7v7MqQ3cWNZmSoZJ7EBjPZ4OpNh2zm7Q6ko=
+github.com/twilio/twilio-go v1.26.1 h1:HazQUV+BCuW5CaJVMTjqV22V32LirwZNQBu98ADPQzM=
+github.com/twilio/twilio-go v1.26.1/go.mod h1:FpgNWMoD8CFnmukpKq9RNpUSGXC0BwnbeKZj2YHlIkw=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
@@ -796,17 +788,18 @@ github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913/go.mod h1:4aEEwZQut
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
+github.com/zeebo/errs v1.4.0 h1:XNdoD/RRMKP7HD0UhJnIzUy74ISdGGxURlYG8HSWSfM=
+github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
 github.com/zenazn/goji v1.0.1 h1:4lbD8Mx2h7IvloP7r2C0D6ltZP6Ufip8Hn0wmSK5LR8=
 github.com/zenazn/goji v1.0.1/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 github.com/zitadel/exifremove v0.1.0 h1:qD50ezWsfeeqfcvs79QyyjVfK+snN12v0U0deaU8aKg=
 github.com/zitadel/exifremove v0.1.0/go.mod h1:rzKJ3woL/Rz2KthVBiSBKIBptNTvgmk9PLaeUKTm+ek=
 github.com/zitadel/logging v0.6.2 h1:MW2kDDR0ieQynPZ0KIZPrh9ote2WkxfBif5QoARDQcU=
 github.com/zitadel/logging v0.6.2/go.mod h1:z6VWLWUkJpnNVDSLzrPSQSQyttysKZ6bCRongw0ROK4=
-github.com/zitadel/oidc/v3 v3.36.1 h1:1AT1NqKKEqAwx4GmKJZ9fYkWH2WIn/VKMfQ46nBtRf0=
-github.com/zitadel/oidc/v3 v3.36.1/go.mod h1:dApGZLvWZTHRuxmcbQlW5d2XVjVYR3vGOdq536igmTs=
+github.com/zitadel/oidc/v3 v3.37.0 h1:nYATWlnP7f18XiAbw6upUruBaqfB1kUrXrSTf1EYGO8=
+github.com/zitadel/oidc/v3 v3.37.0/go.mod h1:/xDan4OUQhguJ4Ur73OOJrtugvR164OMnidXP9xfVNw=
 github.com/zitadel/passwap v0.9.0 h1:QvDK8OHKdb73C0m+mwXvu87UJSBqix3oFwTVENHdv80=
 github.com/zitadel/passwap v0.9.0/go.mod h1:6QzwFjDkIr3FfudzSogTOx5Ydhq4046dRJtDM/kX+G8=
 github.com/zitadel/saml v0.3.5 h1:L1RKWS5y66cGepVxUGjx/WSBOtrtSpRA/J3nn5BJLOY=
@@ -820,8 +813,8 @@ go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/detectors/gcp v1.34.0 h1:JRxssobiPg23otYU5SbWtQC//snGVIM3Tx6QRzlQBao=
-go.opentelemetry.io/contrib/detectors/gcp v1.34.0/go.mod h1:cV4BMFcscUR/ckqLkbfQmF0PRsq8w/lMGzdbCSveBHo=
+go.opentelemetry.io/contrib/detectors/gcp v1.35.0 h1:bGvFt68+KTiAKFlacHW6AhA56GF2rS0bdD3aJYEnmzA=
+go.opentelemetry.io/contrib/detectors/gcp v1.35.0/go.mod h1:qGWP8/+ILwMRIUf9uIVLloR1uo5ZYAslM4O6OqUi1DA=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 h1:x7wzEgXfnzJcHDwStJT+mxOz4etr2EcexjqhBvmoakw=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU=
@@ -834,8 +827,8 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 h1:m639+
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0/go.mod h1:LjReUci/F4BUyv+y4dwnq3h/26iNOeC3wAIqgvTIZVo=
 go.opentelemetry.io/otel/exporters/prometheus v0.57.0 h1:AHh/lAP1BHrY5gBwk8ncc25FXWm/gmmY3BX258z5nuk=
 go.opentelemetry.io/otel/exporters/prometheus v0.57.0/go.mod h1:QpFWz1QxqevfjwzYdbMb4Y1NnlJvqSGwyuU0B4iuc9c=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.35.0 h1:PB3Zrjs1sG1GBX51SXyTSoOTqcDglmsk7nT6tkKPb/k=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.35.0/go.mod h1:U2R3XyVPzn0WX7wOIypPuptulsMcPDPs/oiSVOMVnHY=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.35.0 h1:T0Ec2E+3YZf5bgTNQVet8iTDW7oIk03tXHq+wkwIDnE=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.35.0/go.mod h1:30v2gqH+vYGJsesLWFov8u47EpYTcIQcBjKpI6pJThg=
 go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M=
@@ -855,8 +848,8 @@ go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
-go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
+go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
+go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
@@ -875,19 +868,13 @@ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
-golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
-golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
-golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
+golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
+golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
-golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw=
-golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM=
+golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 h1:y5zboxd6LQAqYIhHnB48p0ByQ/GnQx2BE33L8BOHQkI=
+golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6/go.mod h1:U6Lno4MTRCDY+Ba7aCcauB9T60gsv5s4ralQzP72ZoQ=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.0.0-20200927104501-e162460cd6b5/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
@@ -903,11 +890,6 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -926,7 +908,6 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200320220750-118fecf932d8/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -938,24 +919,15 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
-golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
+golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
-golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
+golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -964,14 +936,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
-golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
+golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1002,44 +968,20 @@ golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
-golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
-golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
-golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
-golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
+golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
+golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
@@ -1064,17 +1006,13 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
-google.golang.org/api v0.227.0 h1:QvIHF9IuyG6d6ReE+BNd11kIB8hZvjN8Z5xY5t21zYc=
-google.golang.org/api v0.227.0/go.mod h1:EIpaG6MbTgQarWF5xJvX0eOJPK9n/5D4Bynb9j2HXvQ=
+google.golang.org/api v0.233.0 h1:iGZfjXAJiUFSSaekVB7LzXl6tRfEKhUN7FkZN++07tI=
+google.golang.org/api v0.233.0/go.mod h1:TCIVLLlcwunlMpZIhIp7Ltk77W+vUSdUKAAIlbxY44c=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1089,10 +1027,10 @@ google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEY
 google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb h1:ITgPrl429bc6+2ZraNSzMDk3I95nmQln2fuPstKwFDE=
 google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:sAo5UzpjUwgFBCzupwhcLcxHVDK7vG5IqI30YnwX2eE=
-google.golang.org/genproto/googleapis/api v0.0.0-20250313205543-e70fdf4c4cb4 h1:IFnXJq3UPB3oBREOodn1v1aGQeZYQclEmvWRMN0PSsY=
-google.golang.org/genproto/googleapis/api v0.0.0-20250313205543-e70fdf4c4cb4/go.mod h1:c8q6Z6OCqnfVIqUFJkCzKcrj8eCvUrz+K4KRzSTuANg=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 h1:iK2jbkWL86DXjEx0qiHcRE9dE4/Ahua5k6V8OWFb//c=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=
+google.golang.org/genproto/googleapis/api v0.0.0-20250512202823-5a2f75b736a9 h1:WvBuA5rjZx9SNIzgcU53OohgZy6lKSus++uY4xLaWKc=
+google.golang.org/genproto/googleapis/api v0.0.0-20250512202823-5a2f75b736a9/go.mod h1:W3S/3np0/dPWsWLi1h/UymYctGXaGBM2StwzD0y140U=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2 h1:IqsN8hx+lWLqlN+Sc3DoMy/watjofWiU8sRFgQ8fhKM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
@@ -1107,8 +1045,8 @@ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg=
-google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec=
+google.golang.org/grpc v1.72.1 h1:HR03wO6eyZ7lknl75XlxABNVLLFc2PAb6mHlYh756mA=
+google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1119,8 +1057,8 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
-google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/internal/api/oidc/error.go b/internal/api/oidc/error.go
index 781a1d3815..829a15d4d2 100644
--- a/internal/api/oidc/error.go
+++ b/internal/api/oidc/error.go
@@ -42,10 +42,7 @@ func oidcError(err error) error {
 	if statusCode < 500 {
 		newOidcErr = oidc.ErrInvalidRequest
 	}
-	return op.NewStatusError(
-		newOidcErr().
-			WithParent(err).
-			WithDescription(zError.GetMessage()),
-		statusCode,
-	)
+	oidcErr := newOidcErr().WithParent(err)
+	oidcErr.Description = zError.GetMessage()
+	return op.NewStatusError(oidcErr, statusCode)
 }
diff --git a/internal/protoc/protoc-gen-authoption/main.go b/internal/protoc/protoc-gen-authoption/main.go
index b0e78c6990..1d6ae21b77 100644
--- a/internal/protoc/protoc-gen-authoption/main.go
+++ b/internal/protoc/protoc-gen-authoption/main.go
@@ -88,7 +88,7 @@ func main() {
 	}
 
 	// Write the response to stdout, to be picked up by protoc
-	fmt.Fprintf(os.Stdout, string(out))
+	fmt.Fprint(os.Stdout, string(out))
 }
 
 func loadTemplate(templateData []byte) *template.Template {
diff --git a/internal/query/auth_request_test.go b/internal/query/auth_request_test.go
index 152a032cd8..12288d18cc 100644
--- a/internal/query/auth_request_test.go
+++ b/internal/query/auth_request_test.go
@@ -5,7 +5,6 @@ import (
 	"database/sql"
 	"database/sql/driver"
 	_ "embed"
-	"fmt"
 	"regexp"
 	"testing"
 	"time"
@@ -22,9 +21,7 @@ import (
 )
 
 func TestQueries_AuthRequestByID(t *testing.T) {
-	expQuery := regexp.QuoteMeta(fmt.Sprintf(
-		authRequestByIDQuery,
-	))
+	expQuery := regexp.QuoteMeta(authRequestByIDQuery)
 
 	cols := []string{
 		projection.AuthRequestColumnID,
diff --git a/internal/query/saml_request_test.go b/internal/query/saml_request_test.go
index 3a062ac5fd..019054d4fc 100644
--- a/internal/query/saml_request_test.go
+++ b/internal/query/saml_request_test.go
@@ -5,7 +5,6 @@ import (
 	"database/sql"
 	"database/sql/driver"
 	_ "embed"
-	"fmt"
 	"regexp"
 	"testing"
 
@@ -20,9 +19,7 @@ import (
 )
 
 func TestQueries_SamlRequestByID(t *testing.T) {
-	expQuery := regexp.QuoteMeta(fmt.Sprintf(
-		samlRequestByIDQuery,
-	))
+	expQuery := regexp.QuoteMeta(samlRequestByIDQuery)
 
 	cols := []string{
 		projection.SamlRequestColumnID,

From 6b07e57e5c8caab0b4d95ceef0db579c61b756ca Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Tue, 20 May 2025 09:32:09 +0200
Subject: [PATCH 057/123] test: fix list orgs test with sort (#9909)

# Which Problems Are Solved

List organization integration test fails sometimes due to incorrect
sorting of results.

# How the Problems Are Solved

Add sorting column to request on list organizations endpoint and sort
expected results.

# Additional Changes

None

# Additional Context

None
---
 internal/api/grpc/org/v2/integration_test/query_test.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/internal/api/grpc/org/v2/integration_test/query_test.go b/internal/api/grpc/org/v2/integration_test/query_test.go
index 86a2bd312b..cb7576455c 100644
--- a/internal/api/grpc/org/v2/integration_test/query_test.go
+++ b/internal/api/grpc/org/v2/integration_test/query_test.go
@@ -5,7 +5,9 @@ package org_test
 import (
 	"context"
 	"fmt"
+	"slices"
 	"strconv"
+	"strings"
 	"testing"
 	"time"
 
@@ -89,6 +91,7 @@ func TestServer_ListOrganizations(t *testing.T) {
 					Queries: []*org.SearchQuery{
 						OrganizationIdQuery(Instance.DefaultOrg.Id),
 					},
+					SortingColumn: org.OrganizationFieldName_ORGANIZATION_FIELD_NAME_NAME,
 				},
 				func(ctx context.Context, request *org.ListOrganizationsRequest) ([]orgAttr, error) {
 					count := 3
@@ -101,6 +104,10 @@ func TestServer_ListOrganizations(t *testing.T) {
 					request.Queries = []*org.SearchQuery{
 						OrganizationNamePrefixQuery(prefix),
 					}
+
+					slices.SortFunc(orgs, func(a, b orgAttr) int {
+						return -1 * strings.Compare(a.Name, b.Name)
+					})
 					return orgs, nil
 				},
 			},

From 7861024ea2913a871ae62eaf9bc2e1a82dda78db Mon Sep 17 00:00:00 2001
From: "Marco A." <kwbmm1990@gmail.com>
Date: Tue, 20 May 2025 14:21:30 +0200
Subject: [PATCH 058/123] docs: fix Go backend example (#9864)

# Which Problems Are Solved

This PR aims to clarify how to use the zitadel SDK with OAuth token
introspection.

# How the Problems Are Solved

Reworked the setup process on console needed to create the JSON key and
a PAT.

# Additional Changes

- Closes #5559
---
 docs/docs/examples/secure-api/go.md           |  74 +++++++++++++-----
 docs/static/img/go/api-PAT_creation.png       | Bin 0 -> 54389 bytes
 docs/static/img/go/api-PAT_view.png           | Bin 0 -> 139720 bytes
 docs/static/img/go/api-app_details.png        | Bin 0 -> 213443 bytes
 docs/static/img/go/api-create-auth.png        | Bin 103599 -> 0 bytes
 docs/static/img/go/api-create-key.png         | Bin 31504 -> 0 bytes
 docs/static/img/go/api-create.png             | Bin 182604 -> 0 bytes
 docs/static/img/go/api-create_application.png | Bin 0 -> 135770 bytes
 .../static/img/go/api-create_service_user.png | Bin 0 -> 43016 bytes
 docs/static/img/go/api-download_key.png       | Bin 0 -> 66369 bytes
 docs/static/img/go/api-expiration_date.png    | Bin 0 -> 65018 bytes
 docs/static/img/go/api-new_key.png            | Bin 0 -> 58790 bytes
 docs/static/img/go/api-select_framework.png   | Bin 0 -> 85996 bytes
 docs/static/img/go/api-select_jwt.png         | Bin 0 -> 119147 bytes
 docs/static/img/go/api-service_user_panel.png | Bin 0 -> 116026 bytes
 15 files changed, 55 insertions(+), 19 deletions(-)
 create mode 100644 docs/static/img/go/api-PAT_creation.png
 create mode 100644 docs/static/img/go/api-PAT_view.png
 create mode 100644 docs/static/img/go/api-app_details.png
 delete mode 100644 docs/static/img/go/api-create-auth.png
 delete mode 100644 docs/static/img/go/api-create-key.png
 delete mode 100644 docs/static/img/go/api-create.png
 create mode 100644 docs/static/img/go/api-create_application.png
 create mode 100644 docs/static/img/go/api-create_service_user.png
 create mode 100644 docs/static/img/go/api-download_key.png
 create mode 100644 docs/static/img/go/api-expiration_date.png
 create mode 100644 docs/static/img/go/api-new_key.png
 create mode 100644 docs/static/img/go/api-select_framework.png
 create mode 100644 docs/static/img/go/api-select_jwt.png
 create mode 100644 docs/static/img/go/api-service_user_panel.png

diff --git a/docs/docs/examples/secure-api/go.md b/docs/docs/examples/secure-api/go.md
index ab45e2a6b7..90fe7830be 100644
--- a/docs/docs/examples/secure-api/go.md
+++ b/docs/docs/examples/secure-api/go.md
@@ -10,26 +10,63 @@ At the end of the guide you should have an API with a protected endpoint.
 
 > This documentation references our HTTP example. There's also one for GRPC. Check them out on [GitHub](https://github.com/zitadel/zitadel-go/blob/next/example/api/http/main.go).
 
-## Set up application and obtain keys
-
-Before we begin developing our API, we need to perform a few configuration steps in the ZITADEL Console.
-You'll need to provide some information about your app. We recommend creating a new app to start from scratch. Navigate to your Project, then add a new application at the top of the page.
-Select the **API** application type and continue.
-
-![Create app in console](/img/go/api-create.png)
-
-We recommend that you use JWT Profile for authenticating at the Introspection Endpoint.
-
-![Create app in console](/img/go/api-create-auth.png)
-
-Then create a new key with your desired expiration date. Be sure to download it, as you won't be able to retrieve it again.
-
-![Create api key in console](/img/go/api-create-key.png)
-
 ## Prerequisites
 
 This will handle the OAuth 2.0 introspection request including authentication using JWT with Private Key using our [OIDC client library](https://github.com/zitadel/oidc).
-All that is required, is to create your API and download the private key file later called `Key JSON` for the service user.
+All that is required, is to create your API, create a private key and a personal access token for a service user.
+
+### Set up application and obtain keys
+
+Before we begin developing our API, we need to perform a few configuration steps in the ZITADEL Console.
+You'll need to provide some information about your app. We recommend creating a new app to start from scratch.
+
+Starting from the homepage of your console, click on Create Application
+
+![Create app in homepage](/img/go/api-create_application.png)
+
+Select a project from the dropdown and select *Other* as framework, then continue.
+
+![Framework Selection](/img/go/api-select_framework.png)
+
+Add your app name and select *API* as application type, then continue.
+
+![Application Type](/img/go/api-app_details.png)
+
+We recommend that you use JWT Profile for authenticating at the Introspection Endpoint. So select *JWT* as authentication method
+
+![JWT authentication method](/img/go/api-select_jwt.png)
+
+You then need to create a new JSON key.
+
+![New JSON key](/img/go/api-new_key.png)
+
+Select an expiration date that suits you.
+
+![Key expiration date](/img/go/api-expiration_date.png)
+
+And make sure to download it, as you won't be able to retrieve it again.
+
+![Key download](/img/go/api-download_key.png)
+
+Now we need to create a *Personal Access Token* to authenticate the client requests.
+
+On the user view, switch to *Service Users* and create a new one.
+
+![Service User Panel](/img/go/api-service_user_panel.png)
+
+Give the service user a name and a user name. Select `Bearer` as *Access Token Type*.
+
+![Service User Creation](/img/go/api-create_service_user.png)
+
+### Create service user and personal access token (PAT)
+
+Once done, from the left panel of the user management, click on Personal Access Token and create a new one.
+
+![Personal Access Token View](/img/go/api-PAT_view.png)
+
+Set an expiration date and then copy the PAT generated to somewhere safe. We will need it later.
+
+![PAT creation](/img/go/api-PAT_creation.png)
 
 ## Go Setup
 
@@ -119,8 +156,7 @@ Content-Length: 44
 unauthorized: authorization header is empty
 ```
 
-Get a valid access_token for the API. You can either achieve this by getting an access token with the project_id in the audience
-or use a PAT of a service account.
+We need to use the personal access token generated previously.
 
 If you provide a valid Bearer Token:
 
diff --git a/docs/static/img/go/api-PAT_creation.png b/docs/static/img/go/api-PAT_creation.png
new file mode 100644
index 0000000000000000000000000000000000000000..b8d2032f05fa4d5450c3e5063969573c2a68f25f
GIT binary patch
literal 54389
zcmeGE^;=cn^FIzBkWd;yx{>ZK0g+O=TM&@$?hvHAyW!9c(j`iFcXu87(0n&OU!V71
zaQ}Fp3obAB*?X<oGqWZhGed}ioFpm|0TKuVLjCetObG;fRRjXTTE0dAuAIt83IYGT
zvHh&+00JRnz5K#}Qq%E3ATrPwF%cEl^rK}LSFG(<h^G)L*&L<<e^{fa8YI{nBO6*W
z4;#g6m5+&*(T}f0z>Jvh#IGfE$ozcS<J)rL$&H+OtRPUyeXgX8%UJL+^x}h8rmlUH
z&iPIcbOpMiemaz*4u_e-X?^rMo&^^L#Or>9Ubc7>F@Kx%1W~@ZzlQ<MSUnI(MrE+_
z*{uH#INc8q0f7{;*(|5v#Kgq%-7+j@%R;+ets;Wb1)=DPjM}K6BE3qSJLn-i==0~#
zf3o!rF-S?HI$N8nznwU~_5*>ES>14c|0aO}sWE0mrSrAHfZFa+>&*nYZFJs%#;D(~
zJ;G4JfCwTGEYz8PXqCf)JbziDJ_)&qxDPMQ$0=5Q^ageI$gZv>tv*#fBD>}p2F;kx
zHpBaFL7<aOVRpwoO#8PzsE2E9LV_UBvmk13vYqlUvrS(oRH4+^3Dg<j!=gXF@y>V`
zIui3L40q(y_0c>C<Z`moJB5E?`9uVdwAFpIAGfvx{&m-OT)iGvFlNdLvShJHkP2`r
zP5NB<Y;a8d;Jp!_duUSpfw-ysE#}J|bEkimK>hc*LJ)Kg0iS{fhHsZeT_E4SK3Wv~
zv+DU<6WOfbTyZ2A&`8ETV%REC_oVslgxhI<3YM=YX~+2m{3$>V==6d`@@#tt0t1Tc
z@d{pBQv&%C^4J*e6o!F7P8QRhoiJW7AfK!@-%%kw!z+Fi(sLMdl}cF9T+1`YFYCou
zAiPs=mZ?&0WYFouEpj-)MaX69#@{f5o_IS@+5OW{^-g2!!9_q{OgA!!)n(nJ(et)>
z-pIRNKfv+na>W<(v&?5sfsO*hlzPVwX{u3jCnwWq=7k2cHy~b@Cp|{p<^k~Rq4&&e
zB_*rnlxwMOVT~16NKGb9RMzL`-GOZzJ8yY;`Tb`PC~0zr%Nk-^!Sm>|gW?%+SbJWt
z+}eEYE(pZK!-df5_Dt@-lH^?RtlP>MpzP7u(vqhVvhkuhVr;i}Ne9C<Fds{&H+~D_
z7VOIrYe_%f-`;;&=M)kWl3lNJ8U#<sVFHRdXK4#+bYYRXTa_+ck~zD$h<oxmzY(sz
zaCde8_Ow(yA#w_AnS8agW?foUB{^5))WVrzzp)|3@8qhEREQZ96B?v!F)$gkNRO$A
zRIV2G=g)hPFWKvf_R;uOw^#YkdTrc3=`31xRdrFg;+TgWoIW|SZw`6#+a>b?uhuds
z5s`42-v=lwVpkhn1#-4Yo-Dx>DHT(|!YV<B=a*`~Jlo7SEAyM2LZPD72IBd<%}(Yt
zk3L(wddIqm7EyzhP9uNMcZV(PQs{Q&LqbAux{JAb*)5p#>Pg1O*+8*ALGM=SEoSYB
z#0!*iR6k>x-QANqYdvc5NS0wJ8s`$uczSs<j#PSNBY9yM+qWD14bA?%?gv^S`pNB?
z5m;Zha=^m95f@?z0&$h7_M~u_C_W7T_=qiDrgc#uJ9u$=`LXaCl54)*u)e#?a9lJz
z|8R_6q*DwF%Kp~%@cMOM!0D;U-gtpO=ja)h&q5tZ^NQ6t+*kgFS+|aIUgsrSH|Qs2
z(J#L&=TS0ecMsE)@1EOJYOYQ%J9C>R3m7I?^xAqFzi{Npey%cqjJQ4Cdvkd*4iAc+
zTwFZa=Ji{UjfmdiN6aaoA^lmVZ{@~su1!TTflEk;%u=}(rt{;68zzDI9fkV0%%zFv
z_0i0fuN5Z&hse)5HF%~8r_d&3*PBze^Ii0xWUui!t61!B3w5IfFJ}4nH-6QxRA`_v
ziKdblxncskrJXL!&W@yBxh!Uz5)1Mr`6{qB=_Vb`<iQ>9cA;TlK;aA#u$*+yui9>W
z0FKSpDDG=eU!Jma5B5No{GBj0^~_Q049TFS-Tlbd)+_L~Lch{qyNCQ5+@Q%^i^5+u
z$g{sZ)n>BaYT62OUj3P#oqhOX6G^12G^r}BK7r7l<&JT;yJ1vF^b@ppaHZYobdTn{
z#b8Yth#H+KaDD$qOiV(ntqjQ~;ctl%@_5-7QNZqsV88|E2G7m$wz{58Y#sjY&RTDm
zi%^AD5R(<D6lrZ+f%-*mTS%Q3@5Vu(@=vL`rE+7B-iK%pu3J2L7YDlVE)L4wlil4%
zHOi?HFkp)%B{V;};ao}zN;c~Wls~<_i|1@8vs|d_Gvm$9mdFv>=T{?uts;7S%r_YP
zRq%nh9<XcsljTOp^tykB(m%HI=p(YO-hsu=3}{uVK%m{}Ot40UvZz+ICtop_GQh(b
z?Z&U4lCqWb2lCnQF4kG$lIZ9Hl&wC&Qc&hae>2v*A9h*Hf0j<7he4M|cQl<;YCiS4
zeh_v(F0~S57Iur(l7L_FL<eItscGD;F1e*M^|EV=9sV@nsplUaR1O8S1uRP_HM#m+
zH3**Ncwsj5=~eOk7l6^Ux~)b1ZUQcrl#isC`uuwd%=kb3;Nx7}b7>78C3dF(Qrpe_
zFH@9EvEEkg4|~zf&}!AO_C%6UXKd*;*%OE1_(TGByW5wXRDWyl3j!p^Vh}2j|6Hn4
z;=3bzAPv>fZF9zAvq>$V%QgCJ=y;gw?qq*IA~@%AN>f`I5-!D57<s(P#iy6TUa+>G
zLi9~skyC4PXP;d7wS<Jk`sN#sqdUesBwTv3$LEDE*)FRbI|tE8YC!j`ei8p1s;>V)
zTn(@r|6)(^fC-*_m>?}({unH=uS8X_f5>B<mfp}Icf8+$Te-G9sBWeseHaiZ)cIFh
z9fjoitgkXSvib>++wHd`tt$KLkLTt50?x;O$6_|mo_u5Q*f$Ixyq7NFhdiL4&Q>RF
zLH)R6EzXwy2v>)nM}2CIT8fiWzmMA8?hLm~JRA8-iz=i<O3M=RL_eV;dzd<sc#O!F
zB?#-8V{HwpSJ2nUP+jg#h<L9r^azpQDTFWvM@98s9rBQeQiv&v&B|HHj%Xidm``}#
zUz4))>2*NeKVLk0oU!Y+DqNGj5A~~ic#jwO2e2x<PCI3sQM93R^&TDLTKt&B7klR8
zW#ehkw`Ysvo5{6n96C4Z-nNrp+uOsEDmS)EXEDSv=@XEaTb$!}rrScz%M-~X#>=G<
z&F}@FM4c6a;6bv#Kl~;0XQzrEBl~Zg9nC3+U2X@Q{7V}%N#@ynPB>jXc716>gF{1m
z8bdfR-n}!rFku6GBwbJ37jBd2I}9Zx^<Nz<keJsa<<e5Hv%l>iu77UV|9Tx?Ncl^Z
zg2J$UrABrkXlpbH*ZZkQ+o}%93^qY3Iuf~X<iX0ZU8%q?T3ByoYtvcj?Tpn@*$saf
z#n8#7dc{g`e*Sy2%(*!YOE#qos^2$fp8(N@WE%i4^ybYQyr*%oqb08~@DrEw(Gun3
zYLUL+{_oSrF+^@2j_b?QPCvKFd|LuyV#8^>+navn;E0G<(M!!GZgF=KyU0Ungg@La
zK%bw4e&IE>6};#sWI-`?r5>8Cx=TIt8u%XGF%>WCx%U)S)P1b6DMzu}ec}>*(W=9C
z*jMU%z*X9>&(DZSbOGED?j%8$B9-L3evN&h9>DMrJ?$5b8^I?rlP@olg;LCTnKfNc
zbx*z`jUf7&GD)4Sl^}KPjgsO-*pX<yK_cWCF37zy8>44Zcr)4&DDc<a$y}qA)am)h
z6jUaK=V6{>sRh@3viT>cMX)u$tO*(kzaOyxRP$=#RgkxYj?VdyzHUkZ>PSK(R{35u
zNG@P!ChELvOSf$KiG^&?{Hm+%@Py3*r-us|)M$e=Cuwrc^4uk|(9LEr0IijtyhkUB
z5!CCjmL19z!lVqmZkW>yisd9gCEzY%khNKC?;TnyhJAHmaQ-uj^(wBKR%foNyRa_4
zFcxtAF?8}-ftx$!0uz^IW>^LHgvu(erHl&=vQ{azCaWTGgNM($Ec<}zs?>5?Z?-;m
zVYRpu146GKs!%sA;Mj&73qYm195%sB7;&*>-d>qYO$CN-Ky)m^R3MQj5^!!btc&uv
zxuvJXJ0%!2XD*5;@X?%Cwuy^|n;UJDTCU-)u~mKdw^0K#u>x3zZvLXZT_~B`EuGWr
z_)hj`&>(~b&1~f}jvPAC2ft&1Ypts%KdAskN<{skAkp<*6W6ou*;&LanVZjdktD)T
z@;I%69|T$Ny2+EdyeLZ4Rd-s)wc6YrW3~Q>OGs!guN(EEm9v@5(Cp2(VF`SpsOia*
zjIw*|VJe=NDnzqVsF$KzYW5<uHs@*mTK&P(Qwbu!R6Tf!w)f~=jF<yhf%U%*gNQkp
zqC(NuexyQ|uTY4%5$tT7*RDguBDzl%u@uOBgnkOvwMj5@UjCTsSB|nKw!K<F1-u-E
z%L(Z6c>3MD0qqmnlT&%g@g`+~V*J;jqZPwDkhM&0&((OIHjSAUwzx{U5<XXnI@fLL
zYUJaOul$f&4~U4P+obe2+Y}{@U#@5)8PA9y3~UvY0OWV^J8hoZ{F&`$esJ$eZFfgg
zr~{NiFDLzyZd0E=OS1RRw~>cY419ce2oc}udT^IQsp{TxDFeT=ss9Bo^Tv9fWFK)f
zvXTEFnahdJgoS*DP?!(1ZX&qWXfzPIdiX{JL!r@D<j>!~>tR=km8~A`-z9+vzmG(D
zpVP49(U_N*?3N^7Se{V#3NoFCHDz<+76R-(+CkiK(+*-i+f<x@ahYgT#QWe`cB!K^
zsN8Rr5Zsr3rRN>S$3X+Q`mM|Bo>=i(+mi?JR?pkF@W?yz)+Bd3A2EoD{eknr-JEXU
zRe*_?tcBGu6S|<BmA;}R|3KFZ*u|N`TaM#-7rfrc=a8Q~(C~$g@w{HZwD^&A0!k4<
zFxA7-@dzVQ@aeIcYdp_FvKaBJL*&B)!-`dkyB!+^`#^R;A|H@!UF^!mT@hlwdl!JO
z+?&>FOG1q0FTcwaBXqIyN^-1O^>vNOC_=qf#FtHpbzoap41z$NrU%9S<MRpl^{xAW
zjs&Jk&CR>LVjsp*tv8S<Ru@Kr$c&b_D5F<Gdl4lG^su1BCmS^D)uy1sSsMy&X0*Ry
zxPP^c{GIL;KmSgLm;OFTu++gqugZuH!V{_!zC$H4n|^F5kb)<dub9#;3_H*f8%bhe
zIhZOVmtAf0S<MztYH1NTm@Q?Jh0N8jZg{|cyedh^Ux`3|$Jhy&wsQGhpTH<#0($tr
zK-z_m0tI|j`?Ed`+M{VJ;bp@BJS8NJWL-?Lj#thQX?a~1PUNF+N5|Kk2|SOa+UK#+
zqOS~1iJa=pK4lu*di<;~{aGwRLMxV#Mgyg{a+x2PBD`>LaZMZ$1(sW!;$@Nj$dDa-
zI4u?wa1@}#ynts2h&<MoMpRo)?ZVz2eGa1<?1&besaMw4T!ZliIQK15_(7q-9-c_h
z`K{gAnJdP%0)N-(<>kln)amf{le^(XjoZHx^M>Xk(Zse+-F18cNI0F@Jeza)dH3nG
zp$ITs+Sisv>V=7%Z4OCJT<IVn?)ZAQ+D+MV#78xt9P*-Iu~k(;$qlCXLQkf=OG{I>
zE-sQ02MMS<9@j^F;E`k-dp=0VED*F0OdqO!ZM?onA~jJ;O{FJig0}0nI4d7GL4h24
ztii=)p6y_}R2|1dbG7N7OpDWo9=@tum;n76?07tdBgEHMK(G*hf$b0*HTbT;gX(Yo
z`*336ceN%mKPzp{U&C(?!b=-k6^@zLzYs%mh~j_%5^Q#f1(@dhq3P8(xmxOod|&t5
z4b`a<MO485`jL?pxhlfp@2iWXMf*-$a1%^59_qfvfP(>?oraUgn6GzRK^WB??8Q!3
z_K)ISgpMrU0G1i+*x|`S6O;YlPL7T!fR3mAg~G*lS2A;-QPspI$Nz+X){Z1@xn6e?
z`&nitWnl33ca~sxD|}W;>nEi5vz)N~G`+&l_EQJ<bdjX;ZA}l;rL#Dq1!|@B=1nu7
zr8rkwX&8^lXDU`158+t~a93MgAcjXb`@D`@xS)P$TQWtF61vU~zdWnB5%>aD`E7(J
zSnwXraDC&Q>-AAnnWebmpVC>(8z4q!)cv)P-4quUuwo!P-b1qrAp{T-y2)LG?E_TT
zyUP@jI2uLlv-4>N;6{Sl-G|Y&$2>y=yGLX5LP8e3j$bE_Sd%jrR)x+GDH?R>iEw9>
zu=c9V^+v%|BvFNK3%Q3}$hnFEkWAI|Brwdf89!hzbv$=wlLjRxYozl#;N<nnbIjM(
zX;f28h&L7$nU-nQj_-Niovix!0{=6+OInT8^o%IpY%1T_kbz2d*!CkWjqy<z{G4oT
z<h5M>g-j`&`aXl_J#~r@TCqy8Vc5xJOZnfokDE2taRv@vjPFgivks>ZUxyQL;QM5>
zkZ}pf<xHE~?VfnOT$!yTj5IW#t(Mun=k-3v4)ozADI87bT3D=7EB!m~@ciwxs+#w4
zmd}6J1tLIu$adR7BVVo+^qw%)k>)*KrUm$NJ0>|fm}SPx=&DBU;Wo*U5y;K`Oh#H~
zpn)P{Z-JvXQ6Rkr#J6#R4Rmy@tSsknTfhGfs#`7m;1&JxaH~-DkxaMUGeQ9RshmVf
z{21J`kRT1fJ%O~Lc<i2KWrLTODvh?}u5RDErwJRZnh|Nrfj|Q39lh^T(}V4E7v%@{
z%ej(S*{lb)P+XQ!C&KpM)teO@XsL97NehrD|K;Ipug&YBO_f_VI68_5_@_S!r92ZK
zT9c^=czEJbnL~o2GB?az8@F+JV+tjmu~~FctO<C21_;J36BvG}Jjob48pfb1l*{@X
zI&EgtT=vs)zBWguIJVJ6c&b>C@zuu)ohMoiGT}e@?{(U|Creh<o;-gf3!BhW0NI`6
zAKtKwLLL?tmUw#npJ_ZcK&qs8w?9_FwNU>CCfZZ@q%~l0!YzUw{E~3ajdx=Z5(fPc
zl`MoFU|?d-iz^gYSx+16KaD6FQqu`dh^STDo;boG>~ul3U1+(>B5JEbSTGCHqK%6;
zO}sBMjyKa3YZNIFU_ojXb`hmR04R8EI$oB8EeBcl>9jR3j3m~gWMxGM0uz>Qz$+iU
z4+)--%tNRzNV~}r@(LUqt8&!M3uoZuM4^$(?72lwn($B!4h}w=X;w9dw5<~2tH+l)
z9L`vM@VvxR29HWZRI8C+(PI{b)pQwQ;Nk}T{0V3IU>>%O8~tU{ghd9TN=88;g(d7m
zS~P7P92V9M#Adc<=c<D&6nP_hjqy1wS{EcL6#qW<Z(0!(fW3f^4lJ<dzfTh!!vB4Z
zQUtsX@Y#9`<U0TE>!V`Le*5pf80l{xss39h3Gg@n-N^g{=KsGSCg%UIc<86?UI}Vq
zW@}UTec^ui+X)Z&V4|NeTyfu$-vhiK;3u*>=^c}<@P(O%XVrNTjH0{pMtVGX(nKiC
zbO@f<i_~a2IGoxC*Q90)K01LA6klYPtAbMToe5!z(*W<E3~QpQ9n1n}$|7K<B~bGJ
z$ucs}r+v6HwVpLwtMg+?)aq+s@fZiA<KUiu7Z3V9&loPe{w-D}zJJjaPJD)^!O_4-
zs=y)VImm1APa`UZRxYGw!~IaoQlt}6iz=|7IwrFJ6iKG`x|Pd|(qKS~y~tQblQ|o#
zNAw-zg_zv3PA-H5eTCuV8nKT~-kjh6BQaJwOT@@=H9>#+%ILuN;3m0`?B5pOg?DFu
z)u;hin|%-F`uaZpySn8Xd3+aKUsAy^38&I4CW)Z*kJ8KC#?ApP)!EqfS0(3|u{rTC
zwDi@}=^+ke9}uuxepF?aV2}Q%;6^$FGZpMb;7Sx+1$>!*+TX`%L_zIue%HqelhF0=
z(crS)>{LvnVBZp%{O_#w!Fn%8L$T-2<@Z2)kp#Wk%_hf>vL3nvpF$Xrz5X4miM&5e
z-@x*EW)O{#`r^pl8W=9CMGa~xi<G@Q!2V#yAOnoyP|mNd6PKL<^G6QCPch=kaIDc|
zy{wF5y#K%@O2u>UPj8`2++6@$@~Fw=pWlj7llo6+&K%Aohv#(6RwC2e!nz0>Z(+EU
zXHuK@%wOoj<og=<ru_OZur58#@+)(25tmbrD)|dz1~7EE>uR{U1Pd%a4v(!*!K?jv
z;S8<v7Z1r6q?!(Hu4Q$>SJDl>=6dbYyDEJO|1p_}8B^`JRMzNoy<Rh%%A$iVKecG!
z|2Um+qCb6|JrHe9T8J=(qG~bl?Z0Q-C+a0B77b_w<ZCh}Va)?y7orsWqa9zgdAejl
zmuFx><&cjmyV)^L_kU}J5AW+I$a)itZ}0Kg&fC)SL&{&M3-0@p?w)D0NXX``u`}j-
z5W61#pHyfs92VS!MN49dX8z1-uB#N-`)eJeB`lx<0Lqs#UYeITreG*0qoAXE^CjfX
zXPIzGB_%&%>FTzN_h6h&qPGeePN*VzXFsLlWK-p8Jih#+Fa8~s2uQ`e2>9WgkIs+q
zS0l9QjkRoHNg$u*Z2<ZBh~p-2<x3sTxnjPN$^Z9AK3M`aVQY<%sI$xNAIXGQh9${e
zZ>x~}HU+-e|8!;Qru$DU5}%apcl!2zqTFD@v8+B+v@PVW9275Q_wS?#9e(<^l4c+`
zGr?E~jcVVw>DW*^wTK#qN%TU{(v%#2^M4k%hBt4%`?EwpLHb40SDx%tT33<3|1-;x
zChQ*H=c5l?EASPDu^XilR7<D+Q|Oc-<0wXaCF19luPoVGw5E{`|AZtq@{P^odw=wS
zM#Vb?&CdT`KjwQA%I4hYAwLY);5){Dlp7%pv4`44_?jF2sG0lUie)2YD8-?lpM3{x
z|67YWoLn_)Q^@2FK_yW6AL|D|cuE<RkFfOrV}KFxL^II^{v=H{d-}h_r-<+e*nHmy
zz2ps}+`nh+#fRu4Hy?b>|0clU@c!GqiM^Cv8eA!^`gFm^^M6lLcSV<c*oFVUy}siq
zC2XhvA2li1q9yi3qzd?Q|LCQS8*C<5ogdwr^G&5g{%2)_`{af`8}l(|+n4>1+)um`
z<_mn(|F;EBJQuJ?miX=et*WUpgHk-8z@2@LO#P4C8WN89aC?~PK$e*&if`-x=#Al+
zPZF_oe<xZZmg0L5&k`RX@sG3nU2imhlE3qP3p3rrGVx}X^q+DEV;g%=SKq$F=g+6F
zJuyQrLMi-D4o0l`{Hc#HTwy+T|1OB3#RSwQ8uo~A`PKjLmNUK_94_QqmTdk4GnRjQ
zEAB*drQU(PGOW=5-$G*Cg9PMURzwSbc&zjaO?gwU27><WJP|ieWZ=W9pU*bRL}ue1
z#u0+kF41)~c}^3DqHEC<ESBL0z=4b-^8dEa|Ec2!Tks4oQpMX*#1o|-k-cvejDy3H
z>{cFvt8t(GRc6+C;h6--LLmXAFtD<o=|2f$7T{XcglvZ!-nm`O57=|pMq2DLG^kfn
zlqC<hqw7B)%XuqwP){#;3?$|$E!H#t_o}}_U5V))St{2#^`rqXz?3(uAXRBHzW7l^
zvkh<CT)TX`%0nRm=|47zRrGoqe;NJ|c%fNB=R`cBr^o<XQo~@xmp)*W{+seePPs!v
zGnNJx*VQs9w((oP@drPBl#Q}I_`QnrpTz#yJKIf1ACwSH{F&9c(7j-XCdvMzBqhR&
zk7lzD+vy}U^-a<Ka|Aw))?MX`jmE?@qB=*}An2N)Qu|GgT`5xEaXl3~r2YEeb6W#M
zaV9#HN6k1vR~u;q3pN=AqW`|YSL_-5P_dvG>;KC9pwJl7_U~#uettQR9s;q044le+
zJExn-d<}~9MGeM(x+_SRqN%i7-(fJ4g5U23+5So09=WHL@=u7go8PEwBK={_7v6FM
zsPYS4F$~fk#`=3~64kyXD${jM+wb38w<ErMgBf!?WQ0)=_*bS9iC_JQwtx6Er>>&l
zvC?G;g9{(P84%zv5Gj1xKW+`D5!%_ExnAzQArbQSlZ<+nhD-yTgfCX5Cz`uL<xJh`
zcG&X|+7tMu!e99=#@>9oD0F_ZS9%giQ6tQ1alo4dnDbI_Wb$QxuY;Y{^YNKSn<`xd
zC1B09<_M_EvxFI@GZR_V5xm?TB@*c0twVM#?1dCl*eBNiUoQZ*oiHbgq>pe2mqo`X
z6`63X+1TK+aj+`KP&)s}hNqSltZtio1dw5@^^`AaG@KFY{v7c8ASf8kV`H6RCLh!)
z|9KK2na88%sM@AuH3U9Pop<Z8ui99SB#gUU6kG3Pzhl&JZLB(!xmITXEl|0P150DG
z<nEn^5K(;rsi;ZfYKt05yh$0+lowCENwrEW{lm`w$&D^s$Cl3W-kFKpMk5j|dys}&
z2qJq88;Z>wEF>rZ*v%GJi-Fz=RTq0Np_LWWnMR>h&a$|b(obmlYNh3=@_BZmAAN=C
z<IyF0oy%>%&GKlpenV(=aOHDFrDHf)tt{*^v|6>wM6>uLr6903mnEBL*JmHXPQRFX
zm#Pt%vO71#lj4{0eqPUGz!nLGbP0Xcv*|6BU+DamJAhivK)8G5?;CPm$3G!e67&7;
zsn62yN~hD{wBdJmK8#)|6=jydfa5IDBkXu=eC1@W28cCB<~>>G>Rxrv;2_qO`RwN)
zE+9_eEkiGkw9rhQZ*p}?(?yi}0xByF?^94?$_Pq@sBqnSdU}4ye1KxRoCx|#!Nc9$
zQ?lBS+}z#a4IOUAVd<6KkfzohZ1ky8!^0hLZVqM+3lh)%O#gx{ezf?UcU0}`tJ4R7
zT=uv3U5f%iM|=S3;uqjNyU#S-n>6C#L=Wx#yMZW2VTL~G_8SY)Z?8#j-V{h9q+}F+
zeDXX!?PHdudH;Uxq)nl=lJ5fQCO#8In}-z(QdBEXQcT@4mT`xfUfHsKa55u2q_NNu
zPiA#)9Ji$prBJJUMAGwVAXZcym(U}`Sc~d<1T5DfMq^U}&UQ(?9>2NM7ZDN?lKnQM
zcsX$LK1M!(^(B8;7u_1#XA(>l^x!VL^Mtv(BwY`m&XcJyi$kE!Vo+{=@7daRMo;nE
zjX})Jd1FeCcYKqj_F_*D#pisBj{gd8ZBLbQ;Lj0y@fX(V@aYvJuplc<i0^<nyGv@?
z&BCnO!Zq%j6x;8Mfmh}^+PlsOQ9(klMF*V)tBoIx<JPf3KvmT6x^+~c<BJE;{p0(M
z&CRpT7`-a5Ss2L*ZaP4E=zePy9x(QF!cU&qvRY0ej&+`kl?p=1&^)Eo08T5iQt?T1
zER5^ZYEGutuz@HCX(Xi*Vp|hOgA~r+Gs_euO%h?D+58*YLj+VDMjMg{QID=$xOFFU
zv)~nhJOcw(`y*_X%Eh;v)T4^_@A^ds5R#;T1QZvCwDNC|VIjc>-8`*rM-9ROnM(ml
zexG#;G}2quYmLLi;q)dTIKbCX8xo1s>)?b}*`@JRXJI|8w_N!=Gt3VXlaw^vm~z{%
z5fTAv`f|hOr{_x6pI_BWeH{M{Kb~zZ3-?YLOn3|O5#}t?#&UB&q^)Vi4nW5F7-k%y
zP%5EXYEe8z53@a(AOc*l)XkbGkeaJaHRj7jVX||XC2Mqi^YR>wdxwb!Ur9Je>ZDIr
zkXjm<N14=is9MJgW=GJ`eC>M1LBe>hCS^Pdz4^37YwHI^VC8tgI2~~QBAzf^QfM1k
zEK*?R9Uh!0ynLc(x<{0Ja|-3yBQm>Mke$1kcER{NwON{!L~}5s1g_2h4Ue2{T~2U%
zcKz!^ExvcVP?35I0@4<;%%nX)YXW_Hz`(mzKdppc7MH*aWs5AQ(&|+CE)Oc$-`i44
zT8Bv~)|6c(m0mWX8o`YWlWDf`=mj~&=6i<e;NJFN8<d4Tr#RqHvi0*>rCjWwb=JxE
zWUKU(Z4FS_SQ7yFT2)XKo6`>LgU5bJzY#W*4u-I23mScbFD{F2&aQ{(*_IivR03@z
zU7XNwZKJ`yM21j`OhJzy#T>Y6f9Nit1NjQ2DmUMM2NfySzdhgTXCjoKAt#3!)ocCJ
zjJo>mFtW`!srJ0KsYp?<>3aXBp97DJ+U=oZ-Tywvrm_N|`{HQM3&gR@$gLsQw!p=@
z=C4buR7BR==Flgk_vsVt$x>U?I;q_6xWaXWN>t{ru+t@KpF#}86<XAs<{iA;okbGp
z&rdOL`F~qRG`=-5{SsAi%w|0G4fIk59(U=a1-*!#)wA!OHd@cSrf8aaZRJq`<=OTv
z$uo4S1o~MT|F9y9Hk9{#Qc)(Id-mwwi`^TWzure(%X<_WxDMdW)Vt8L>z)%UJ*f;_
zadGiH-N|b;uU~cUw+HX+5w~K&gUL-*IhWiS@$o+^+7LFbmlXiT2yLnrVtdUq&c<ds
znS=g23jn!ERLWlOjHLcF5D)7cP{tM)lk8msYHP`yPRzea1Ousv7wg5K%*Qdpdb;z;
z*+8w8f*na;AHCXh8sXur@YXAo<67NpUYNH#nEZSsMz<rfb9MI_9;DOe{Hn`HN!uBP
zcnY^8tE#Owzw<*Ao7048JfkMjlXrWKeqx;#)6+c*k$^L#_fB>-<!hwGW?=uOM2`J7
z5>N_7B*<8ody9p2w(*xC{q~RuJfdrAOD?GgR3}(10mf;~Rq5pB<=O2YpoXXMVzKD9
z*WBC!UdsQ>P?C%+siO<B4WNiOhn2O-9~{UxHtVUAa<;D5Wu&aaei3l*2?CWZ@jIrF
z+~6Ogy&FdXVF(xWiZdf~>IxDCmc5_B5K*cO$lqTeQ=gjM$3l=ozOBgoWkw6sZm-Wq
z&JA*1E?VU?J6oh$O8^V|fO-<(2*CB#xdGK~-S$J7{3Bb_;}5s6Ipd8Y<!Y2<oupRU
zJd*d^Os9{t77Fb;RbBS*A|C+{s>Yla^u{nqTW54_g6i~e{djNe7ZnnAp9u!V^3qZ?
zjSGl6f;0fqu7&C&+^rj-j7_KX+Pt0s_~9y1g9TaM7|;Q|duEPDb06I7`@yv>Erz!y
zSqAeP@`~*`toA#X+&7-q*4DI|xx8pcPd$6Ceh$WRzxQJN$G}dn?YGa91a|>PS8uKo
z_sC_gF}k&@Sc1Yt_qF8bWt(c50@^L?#kcDzyJP{2SP@?MSb2JBxOd&{8EKdkbwB=Y
z7uJVY>b8-WXQibPeoE!3;l;6SnPCFL2sja6iM+085lBi#hkBIU>D5)t3e9B~WmuLp
z-F%HvoNR~Z<HDY2<Q$lb05z4%ESTOVsdvU^hJZNn&t&(jm>9*HUg~h-NGt7`9Ka~}
z*8sHyUERzgjU1xu<E8L%O2m|hBjCb~`SNZuyB((#+`G68j6z0+LKifkk0s!p^sfGT
zq4Lm7EU&#!!Jnrt{8TP0+O!py)8NbJJC=?F!K4YzSf+*cMV&k19kf0pR)i{`^7{k!
zmes)2=V+xF^M{)~;a9m7C6SxkPIS{nFg(&bMl$3=P(HgQ<^-Ok&(aT<k~Hf(q0Klp
zjamb8`c|V>9Uy8`EVmaYntv8-cC@sz=QB_61tj+p5>UE)WX|ir^%2$sYEG|vBahgd
zo|Vl3Ls`%uu8ne+&4bXoihOc%G9h%c2yr1mEtE>A&l|O(HFTKqD)JT7WVle-DX>G|
z2ww4UO598>mzXG%n3h67Jkg7KT91e7ey||`%aSl0Ug3Ujhb>zC!|=DIJXQZz=`fWT
z3Yo>46v8)D-4$NuZxAgf00+(NuQU<2FV{)U#1)@39{`>o&e`g5qJ%7wDNSH!BsqBC
z-C#=k?#5q>iD!sPWw;*jy8K+_7Uy8KQZ}!14S&{z=x<N-9rZ+-fr&>q)~{BqjBcMe
zd3bn$YCepvu{*t5ZuqEf<4Zr3nHC0Io#{;9md8x#*Y36aDv9ZaVedp^*@Hna(8Ouu
z>|Ic#O7Fk3V=}7CnmiiQ5tMBpe)@MnoVsBjc>GTf5R5aW@qB6+IY!x$myr=OFvvY(
z6Tuh*N=NZ@M!cL73e^-hS7Y2Nw4|2P?yw&xsjtokbF9>O%+$<%3Z|aA#sO#kRvgn}
z#ySz~b9cpSU|>*SCW680nthc)#gxi{&jI$dw6)|Y_#E?Tu4R+KzqiHFGJ;93oV!_%
zwP$h?t5jIe*WMj^Wx;99+iHTm@XJj9l)!K?5YT$+2*LpCj0FO(EVo+fJQ=fY92B5Q
z1YvL>Q;^VDHtid0rP5*$2cMxfXMuL%FT7kR;Zhrf6^BKe(nDsyW~Oip@Qx%>M%a@n
zbdSHm44fDB4B0i;oK`FJ>I-Yt7ZMc+^yPqOHJz%eII6zS(cfD!VWn@I#7<Z-3vG^A
z+yFYt`knW<O4UWK=y&8der#!_V)Iz9^aRRkk5w-s?k)Pfzb3uw|Mp~-70%X7L~3Ib
z{%9I3GMWA+&LmH2c<ZW6jRuZG=rOCzOnoGM<;L}rHSCb?HLTW8&O|WQ+qb8CXIMXh
zAkNW|vu**7==Qeg(zA`93svq&?%9h3i+WVz!lflg8zM5-wwvAMF_gxoc|BLgCtYO-
zg*jSrz+kyb#r+EOVzoet;vc>4ALaa=TpaPWV$TJEZaEGUmT&8^38v$}5P_-^CeZH}
zJ$$&c6WEU>#Mw+lHF#6$aBg=u1ixqf71d+-`tnk&Dh5j)DBUmq4p4%yV2NY4KuNiq
zJgJ5=xmVVH?nT8F8cjw%336H~>EZCcq*X1@PnaZ6L_n)1@6{~d{DU%0f5Se|?3(Qm
z^;D!(%2zUF9vMBeT<x-|zyJMVXdb!I{V}oYo>`Mu`Ij(^uMf-DuA?UDv4>@A)8!l<
z9A?dsF+}|uH&0J{gOl(O9AVt-r6;N4NB_M2RW*B{CBr}GyZ6&}vSo9`JKQ|bOCV@E
z(fH$tO%c1==#UwOgbhvAoLe;Pmtd9s@C%qCbwTvuvi67zFlBf=?#W${r#T1>oBp}w
zl=T$CRa#x|*8YVp<muJ^Ef5ab?GHH3TYzPWB3j+Hx$1yqHbjD)xWFn;e37K_bd+lT
zgP{<SfvtYI>AIh3iA&DG>}q75cieT6mH^y~zO+9|Zq$t==afdEK*3XhBOIB-i7*>4
z!=(0PBvm_{HKbu3?!)*hl~~Uvb<99}VSB7KH6(J1%J{gGr~QnY@2weF$);!Avnu+u
zT`2edO|!7yRxf;gYq7ipr`ghH$Nf2pYmMa|E6ki(6*)7&#>Ib4c-r4xWp$pg%)6K=
zSACVma;uW+eS7|nfD=NSR;U(HqR}Lyi$xhq0UputZR3~iRRUHai0g@n6`W}nwfPy?
zpC(gr=P6{aR!JfI4CN#$Ux2c^XT@}6p`$?_bxYm>I>5AW$=djA_dHS=!Tm+hb<afR
z-Z5tWK7f;ehiK)V_~Fsh4&dNRCDX-8E>h|8WCau86NPM8Zm<-DldE}1)*>m_AYh7M
zX;i(U)>R%S+Y?`l-Eg26VHh(nFK_(*5wp>0H?!;E&IlKXOAnm1wbEIbjCAfZN;Gnm
zDNPRqVb(4oh$wQuKx>^{l*yc4?OmJ4i*?Z%mP?Ipgc%-aoXwWXmr433E-|@48m7T&
z5_-f2G%uSwZE?Yk%z=Mwu|L}$sm#A=YzHDFJ5vab+1=IQYfj6R@jb6Af(XJDdToT=
zaGhj}Rerch>Zk<4U+%~18f_z0zfeC{G)<yQesxFVY^<D9yk{tYqOb6^p5BkP6uel^
zR^^U_F3(@DPodrNh(6JR+<<ENFG`)m?{sx7pM%>eh3@`rv=s@H&e6A6k<-%?cnPt#
zM=6xTy>$Hu3Gr2LU9fx~Wl9kyMkSnz0RtuRc>IfMNVfiKkgvp*MV@z?*3A)c3ltk?
zh%~rOfP2vIB){0fcI}i!B8da=jWr7mdA-l^cXS}%C&*Q&ZN|Nee8v-@zeG4sGo!E`
zDcsh1cZ9Z!Q4~YHSAM_~Z;`%!)L4nAP27cmxwdDAJWn{$j9zNH<1M}WwX_w1cA+ts
zXZ!cavWF)j4;WGuHWY8EB(AkaFL)zM1A_rKgL4~M6&QL=@9`#<`R~Ui`{wGKT!DT8
z+w<2Xzp9qV#;b>QGF)vcxYjvUjjdLYJF^=mfr4aE(4+|IWnxBOdt~q*R}SJ+U|azE
zsm)P5_4?|ndhWe!sqDvDUH|ZtPMB|p*KMwkTHb$kdGcZUheI6w!+<jMhX=#BjBg)&
z&X5kdy(wQBC8CW{BSuPXAno1ByjB(Swn*=NDkR7=6w2jZFF1RT?)B4vELUolvqN+M
zp{tdLaiuE;CVp@`$ClN0=5pV715ySL$4yT)wX_g&wx~6SKi^!inAR5??VX%No^KD}
zF%|;;zs9ztC9_`kQe&aQDcI5-s@pr0nFs{=OlfKaKb1kr?4l&u8CM=-=2&CZ9zM0}
z*uGP5G(!QbDf#FUcqdl3b3yCy2a*a7p9~(iPbeTmnqdjo8;5zr3*mYlf#N?;^hSIY
zRX(he9S-?`HsyJdd~kor5|N!-gV{;Dbv~S$S<AeG5$#P~l6+4cGIu)dg0NoqvHc@w
zk)HPTTvA#G5564CT2h|Rw}r9*1mcyUjK>hhs&pZTk?-GNd{Z2f`Ub$Mx<O9cgGmXp
zX@{mqK)jByj;&w~1V$!SVa@c3EEX7YmAWlvoawLwN&mA;Yze9|v+l;=1BG61oU~UZ
zO(i=ra|E;GWld3C>A<URbXHUjKQ*-sTBIIMB|-`AAJJQwuJKyMD?`k#cruVv&Vios
z+O{0n&ho|cxJ32>=>c#WXRHf~BhbFL)J|yboYK4w?>lar%R)i%RymyW9eb~md<^Kt
z7tUWUzFVo;7aX#az}K=rdFTiZ4Pm?Wyt%*)9`|Th`Eo0$5=p!1;4a(Hd{D0dw5~5J
zTOea$VcBgJPF0h7dD`bH{P0Amq$5mUAkxDYx2zr0uH%9e>0B4o{_aELz3lJcL(+x5
zS`l}ZpSsboDo+51Wb#OY!}8T?x^c(_(mz<`SWKo;VY&zrW|g<rbkGFdI6j%+=rtG&
zOU&0<*IFva&*|+;K_312?tqeoF?iJ9rX%iIVgMlx!dNWsa4Wdl09on=`g3K6th6q`
zsNZ`f%DG_}I&LO*wm~2Jvo~t?`H&M+Glbdb-q6TDGs$|myY?}c3A#}{Kf0WZE$oDO
zNm-JPYz<kli35R`Mu&U#kqgj9k0Q8AXnxKm^&%t)LvT2o%jHPuu;=P!iT)^!%Thx^
ziiJGP+CInaI|(36baiv1pr>CbnN504Z(Uue6tRGM_PJb@9>|5yGk_TM?()de8Q<-)
z=cE)!mQp<k(2zZXrECgG;$L044^Bh&KBYx}vlF~}$D%v6@xkH>HcBb;1FEE5hTV8L
z7sIcl()b*zN?pl5cQ;0$`MpA?g-%u=H@xAgO50i92<X^C(apPm0GLp1ccI2<k?L;0
z++t!fq**1y-ErdV{QUGvGw7pPj!#ECAB|i_SF+tC3W-Y(gq)wBK-+uHXxd%(2Ffm`
z7%#^RFVcC(C2e~*q{*n=w6aDbVo0w}&yt3Q?qgjep)@-pi1?E6?zc^wa{)oa#x%ob
z8;SPd#M6LU<dSgmM46qJe|EL!6++yF&2l>;;FlPkniD28Cmx=ec=&zVJ>85ZSG^m$
zE3T$UKkc(nZi2K$0p#`isJKlJ@L%pu7QY>{_WF@<hgkHoCa4NlkIsbU`mG1g&iX^T
zJvw^3M1}R|4^R>61AAzzy?Em|8va_&*W`TZ=1=Buh%Kvac+L#WQ;vF~W@+WiEjuo_
zZ1-c2d@s^bTp4?WKO>QnV;d`Gk$TG?+1(>jFQL{-0m9RbfcFK`gGH{L^!f+SZFLVT
zR5%cZN||lytmreG9>!L}jd<9=YMy7)w|Ev4FUSuNN@^ND76E~=9f`$_tH)-!eL)P3
zy!95^sib1tx_|r@y^(3i)0YA%8}!{^_NV>X)tKmLvWz8QsG@6hR?_@Vy?8^rChn5-
z7vyh(1rH`MF;l?4#MNORtof|mxt4~5EGqH($nrfNj~RG;$IsWn8yyq#*Rs3qR$-ng
zn4>k2>~)c18&Z3*F8uiTIIrC~r&{^4WzDV0ZNru<U3ZqI(3w22DCHqn-N54ZnKXfi
zWJ6s?&7YKeL}di;F==k%>r*z851fMS#y~6K(}#<OGW8Aa^3)WRBJcM0n*Bj_8@!Cs
z*j#bselTRI#b(x?e(zWsPNd4BG4XucuVC!Fw}0{mV%B&B8wKDS0BHY`dS?a-cdt`+
z=pWxzqVi`>B+MLlr=&MACBCK)1k%MplCa=lvHJ>0S{r;Xrjb=;-3btoVTx%(h^fAY
z!mFS$8McKbRp5V6%kk7KeRTj`bS4bH$58>sD!|=905Gvsh6mDZWA|E9mHNmmJjkI5
zbPZX!Q48GO-(~|7Ft5!PFm5jhBNz8+@rwbBQ3YSG*;CeeRel!@vJr;b&$Zp=lnM>a
z4Suxwz0)uJ{ArU%Hu4qh15n@a-(`svwW>Eiw>lDFuy|XZqqq6CGD31LkEYRKm!v|c
zDY9eqG3*{)Mo-LcdbPW;zZU3&o!yJZ&dkgNf?=3cPHSHvh`w>%kntyxl8%p#s=w>&
z`};vzx80pdfUe>NpoE!L+pqUwrRrQA{r0f11oJf4;uSYPdwbvCpvb}^KUJ)W+AE(K
zBY1LB!FChQW3yUq@%7>$BE<dh`fE#~GWT3nNUI>wEg1JCFY|W1W!2X6`HJA?j)41k
z7-$=AYjzPE1$vx;LmQsPxoD~&dk6%>`)y32xwMDcop_S*Trq<2CE~Jv$^wY?X57Sr
z31w$>#+oU1!T6w;JmNhy^+2Fakz#pGR~sRi@y;@#%aF!<5m_E<xj<4(qCXV}rZbl+
zaF7*19J{_F!bpXNM#gZVF9Ru3Kf!zDNaAPZ^?KNvmX^(n0taA~ZM1hp<dg|HRFU+X
zRsz@ku;#VYsQJEkauHK<Da?9J)Li)Y2a8rpAK`s<mj(3a2d-$7g)#Wr96m<{33`@k
zNE+wT=6)$<Hq#1ZcqRc*{U6a_R95pF&=&HLg=6L?c;vN~VG9)ZSk=<29{XuR!in_!
z_qVO|Jcm7-DxcgTq%!#YjaglW0RBL$GIn<ltBis_H%gXW63$7<!F^r9b;;8Bex45_
z>*;Yqs~iXDtFJY~2ar@&ytIe@Nn1|S6->$?Z{HDOt!{0T=V*!oiOWKN?QyWOULMrC
z(CEdPTZaK@ad2cv!m)$H&Sg(?LfClW^Xs@u2Ng{$P0`O%C;hWWACP8pjq3^KFWXuz
zI;UXhF6!ai9iZ(;1I_{GT}3KqOhH#mxLAY?$W<*+Vtd!ouIrb9GJC}Ql@`0rnXjIY
z%h!%Nd0Y1p&X$@cb^E8K>XmlSB6z?_>y4w42as{mJoUMRXvKlCw~`5GKe~ktck1jW
zLaY_ea)F39o>^51C%EBw4jA}bUmXk%2}wwO=C+vt4XRa00xj|12ZdZUgmm*5Y`0gt
zb0|C3$6{6$SbfOuE)V<wYeYuYX?uU`*dvzybeOJU;RSTSsZ=Dp$B^6TZql6g+}!jv
zw1gSEYpKST9+8FvSy#+<N?AMrLRk-gv-JD`B-ffu=79Tkc8a|O#(p#_r>L&XPs^Nu
ziL09Z8`tvO-e@C+SwlefMLK6pmj^4DkXGgCwG9Ba>H<3rjvXyqOC;$-Ub4C+oXW2q
zA(@YXhD&?;d*k(Om#zQ<@wm!_6DwFr_=&&Hi1nm2_bR7&2-BrxaP^;eCVyezCmzsX
z+RJTHCcgHT&l*UpQn4Rjd3EJ6fQ%;hoO$Z(-67(9o&xl7))Tgi#NlKpc4#7Adi%gh
zM5P7Z0*$&pM6OEd|FPB%Fq0L!(rwSOK#9&uhZJ&k@LrHQl;Zm6S@F6Vh&AJ$Mze%5
zfSlK~h-c|9kF)c`#%KI>=;_+JA>e~iUJ5_EB#(Bgg|&=iO|KG+`8TN#vicS#h?WMG
zN#2fR-uM1VAFxk&^cOPBpd=P{L+T)U>^=})UQhr~9n+7b{!q7DDUwXT!Fbl>UILes
zJ_sL^R%3Js->}Ei#=Eyp=Jy{2BN`Z`N^5bM4K9D;7fok#3EjDtbg@#p*&}ue1SQQI
z%{6=RD!W^TA>&kb!ncvk-(T$qHd6<}IH+l2@x|$br8=be2T?VN8m#Fpa8HhQ+KSor
zj_E)TZg-4w>9IUX0||qquT~-Z(a=eVSEUR3qJWAW!lS=I+X5tiGW9)!GX3i(@8S&K
zKRrD;vc2sZ)y9+n8gF~h{5_t%?oW(Ss{>SI-Z3ni+I2T$YFz_p6V@N2%(uS5hJz7o
zu9N(>GId6m^})@YbtIRe&$J_mu;C<EJFDwvca@>0w^UvB`0FjC7Wez;c0ZPHtGggN
z;bgu(@jMe&E-k;&y<@?ne>;qOZ|p9MuE9-E*0;+>GqvZht&FQ`i|va`YhItaw}_dY
zOcy6Au7E6Pg-3K->K!B6vp!G+%fIX(dtIZ&CwX%<_lDDK8gQ!TnKu@M`?5>e7QfI<
zq$;hdpU2o-pEe4Ps{bMzld(pfWsYV5O4naDO1&SK#qRBFpW|W2@swm%8r3_>xd-=c
zFWWm=z%X|i(OB90_R3}6vA)D6Po|g*%b_q!SS~&BYd!RO<OjJ##e#rzkaPL>$zE^a
zkSa;AN9R=0aSLR4d3kx`1AYPE$iCx47F<66Ix<gS=sU4k_~nq*Wg++Igm%U+$a;Oa
zDC;b|6r&eOS7R+TSkw_DD(M{~E4hbKc?GE6ypSRWoD3e%#0I-C0Xd}UVm*(BdPgO(
z_8R>c(kWE5|Lyr1IrNC{`-OeG2DILizo7R0SCi4qB-tbeZ3Gd1(S41>e+blktw}c`
z<f_Vz4`jQZdq6L0@c()NK5Ru0Es&Zg7|Oc<<%mW{&6T=apzj&WA<Y;_dBB$oIQ0u~
zmnS?#Z{8HQbpdeW&CcLEi9uGufz-abvLquSs$uPFr(qAL)Hl`FDsSImQ4-Ejh=)b@
z+-#3I1C_p>4fY35FJR{X&1qle@{uQCCnb_s#$YWHS;X`?GK_$*+o0>{%iQ&`R-N_u
z)J8KcIgkqZQzt*(Ux`t+Q77FYc#RQicj)@d_e9xm9ds?(RT{P=){M9gg@nbqe0iDI
z3ajj=1p+q8L0%zUhQmi?=*r7D_28c`cY3=@7RZ+nn)|y&E8|&)w#E%e4uF8|O;se!
zuUM>(9}?eA?ROYW4yyMHgjpywPy=)7`u1*y!bE<s@LPtz<x+%37gW{amF|P;CLlyW
zk-cpBvV3^(_VEv$zg8FdtNQ`4x>xlZHnwx!`dLQ3*FM6V&;@gVORG!8FTkw1O8I+1
zZ@?8iczhw@1`u^Z)fMK-j^L@?`>Q{{Y-Tt7+s{1&fj(^(WZoAc_0&tpEDr^AZipl6
zcjHO}m786OSI&jb<qDO*&cI+gKfllc@aSHE3)O#m&2}_y7(PRI&-XHAqQgJ?P4^{K
za5^d%uYcfQ;Wsn-==9)PkRlMATI(<>;ty{BXx~ei#>3cKo#m`Q2u`^9{y^KhnENJ`
zt0GEwnI8~EKX2nb;e)%YfK~u!wRvAiH5Qn#wHK)A8C>>>(BkSKnJ0i;Tu|v%J&~n%
z<a@_SU9vSNC1^2KP&f)B92O!yuUn~Vut<Qm1K^~6o6prOdX!UbY_R}=fI9TIrM(>9
zvqKWVnd25nA>=p&&FoE==M{@D9$lu?*6jC091u<^Z4VRs)-&Mf5BwQdLw~fpukcK7
z0m{#7{_V?ayNCYOq-b4Pl2F4rvThPy4k>)CjXw4n^bWd;uN_AAolvG#e9})lw->ms
z539-+!ikej6ObIBYOL`zuOpLrgBeLOAHqzmHJGVh3Kvc=Lwe=N+yfxL!g763pS1S*
z(8Bd%=q!?-F91(>#RhP^RIE)ot@{A<oM5UvWSCG$vhw77^><1wuI-FS#_+zw)Dw9*
zfaf=RZWH7lm4yi0Y*yCn*K`#aLDi_Ksq|NJM~yDv;BGd@GMV;(A_we49OUce`MDV6
zgxKz~m)LZvh~#`{IAS|%_(zny+`bd3d@`K{3{a-iUq1K?V6a7(+S8^>V?fFNXu17O
zHv&`?82!X!tLrE;hN_Ce%~-`Fo+H`7Zzhp8<Vnt6(_T`Gx$T~QiVJkA0@P>jX&FHU
z7-a`WXbd+O3Tm_(i{m5=&;LYKS)LUFK`d5@S_PT*FBdeHGQBHdO$W&Cs9s;sPc@(t
z1ioCtiF&j{BILG;5md`_e}}S1W7AyWsEJjOVaO4&$&q4VTdnJ<Y&1h|9FEU#pDO}!
zqO*73{W!v2fT07%=07AJlW8I)2%Kx=_3y3JX$e`rM;kn$d<zEyl%plGGIt<)(lRoR
z3(4L<&yn$nW;ig)HXyfmFkMb3;F=cuo*uf%ce}e<L;eH6BV5vE$&S_y-&0Zj28Pm2
zAsLB8&zsoIPS!Lp;1;Inz2Tp+rwK#AZgifsA)b9KOk~Uha_&gR&GJR)S{~*r)Zd+v
zU+-nxcc55>DDIT-YnOJMR@+h?K|sMi_6Z6M%I2Ttv04wY0`qeOUku&?b_;dIX1T{E
zJQA1B`8SHCMy;4Li*~nr{aBSQQ|;l))WcbvG59P_V^k3^5T+AV6(YNzEmlz)zDKEA
z@Z{vlDH{Xs|NEMUMwM&8<=lx^(0Gd^jppbj5Z2-eJM;EL5nHpqR|*CGW`t(#Ztt_;
zU!K+DX!wk+dnAEu$yqe&BmjqATH5L;pFV8=beJe>#O0nzLIUUn-v7thUq@BhzF*+r
z0V!#amJ*Qe2I-Ve0ZFC1OInbSR=Sby?nX*Lx}~JMyXOYq&#d|W*8DMR&eFB?z*E<A
z#}#|;t2>O?*#12vGJQfMTkRFdjO_0dyf6Ov!x#3Ed(qk1xeT~Rwk}g`LqqB{^neSr
zr12>?P}-VgFgkU1xgusqsodke>Ii;|*=G8M?NXWy_nnLRUX`+uoFSb>K;o;LtSyUb
zCkM{d>&jo*5F{LW-Os`u0^ONC=ZkN!v9ZHu9OBaDa$6`}YQ~HiI-|EvjMSYOKHV?B
zZa5|UJ1*RTc7KV~aDgAX!Rc6%K0*0mbe!k%{3a#1SW;CMdHunrzI_Gu7(PR>9l9cF
z2<-V8?rH663>N_PPzN0BnNNUAS4|s0WccKJC>ap~TZ39tMUR+L=U_9uToc($y*F~{
zsrT6#np&xrn_bLe#}@_T6`<8o(K9zUhYkQpfEb1>-=dJr>xXU8!roAX^q?!zU&C*w
zP)bhiFqquz12^!7+vzQ;<Q~bWzTyMOp>4+F-Jah_HOAo*-_L!}n`p@XcycJu5BK4s
zr31LK^n`rg_t1Nd=WLroCL<<=%oh9l?+=RBV>7`60)It9(4Y{tx!mbSH`Aap5s^NQ
zQBNFPFnf<iKsV$nB=+Sg?$XjXBA`m~_u#+;U0%ItA;|kQk&dqZ(Xq1$@skXXBO(Vw
zJviF|B{7mtX;Q3@<@ik%%YI$o>lbeVv*g)Ape7EHjM5#WRlHLki#9B7bL`1H?!uFH
zAvC4rWOnPju*gI_P}MK1+d0{)#c0ln`Ftsh8~&aqH~>r|dxI$8IbH1g>u>*tHN_fz
zUV9Lrsa;a8Ia>v)OgM=(+rA{uyIm(6OtK{#V}~Zwr)O&8=9i49g!f&)z9Togo&DK9
z18yi&&VZ(=Et6XC6vnsdGBYFsf5)F74`M{+U}xMCb#Wc>v;L$zNzk9)Bh<PX{^N%3
z%7rX1DB^!AKIBdU5#=3x#IKx--G`B7sb9hGUK$>xu?A$1VqzAN94=^<l*y$v+hT-i
zIkzV|=`CG_#8FNy^+x65vF{pyXB*i)e$1=Q4jz1*z)d>5Jo2u%`K@ePtqE#^9bg=?
zeE5ae*{#{yBE45iSnXXFXU&j99Sp=9L=)q#wr+<E7h7vxP%|%h6_TpaMJ45hG^WWj
zXSHNy>G$W6x_rCnhV#Tt9&^eg7qcxp5Y6fxe-K^1WKaP)$p~V>_L`I%#YQEITesaW
zy-sPBA86dpUIrx9?&HnTC6NgT5I@|y!!|FHgo9v*T<u``X1-=VZ#Ij_>u#@ZW^ZRv
zMt!(KN1^Cu^w3K$yB5vF{<H?qC`0>uT#^qsqBr1Z#FYKga>>%~Qw+6*L9{^atBMp4
z?{C<NSBNd2vwwTZIzUZaJ2E9|#Cm*!L{e;W9&p&hiWHY$>#+HOQjHRTgkaIfgNlni
zDH$s!lWvm;$ewH0dx?Id^9Hql`*x#9HWO4JXhMD}jAuR9kaQm7;*;TzL<R^}V8O${
zIY&^pnG^G9nmk6rR<8R11sL3fU^1$zvOn?yEqpD|K*d(IM3uNjfCq!%9DQR@ud2RY
zNrF~XX0$Ps?V0)&|06UCn=aZ9knyT_YHfE0`TLnz$pMtE-AMWsFi{-HgMRsmD?8eU
zaT6Fy53<HsjH*Dc>E*q^O~kv8ZFnG|qWY<kFT+6J7PwAHjLh5ppvGYSj_wr;3y^T|
zdE+8FaNcAo+jsu1%JdabB3YTc3UNJVpIdiQas#ow`XUaLQC}jpf4u1~A4R>hE-1kG
z{nB4`hG{=_=>BDau~v#vtoeoYjyRq~qm#vxj+-GpQU2yXuGVT|G(w(`beW-0^=0aL
z%kbo%e<1dZqJaj>RoaUmIq-2i?zD7g3o`$3$GDXt$G_pmi)>#o0w6Hpm`Hq^VM~;m
zNT=j6L3Vfovy+J%t|J?G<>B{G7{wv}#|eveV)=hF!OB?DDb-hamv#UC*5;6ZI&VT8
zd4;U`dfzHn$~FtWBHPVC?bG*S_)5lu=9bI<t{$ClI0v)y*T;NKsLJwxcNBk?K)Dhi
zX=1xXplSfy^YfAEL`G)P_ou$|R*|jGVd+0wgV_78AhU(RfBA%N#`vbK_FGrtSpjRa
zNcP(OSdmWHzdI@EZ17nAeWS=`q0sWb>x%vVPE^xoPB$Li&-(|ej{4}Vq{$1fibMTm
zD<jI^+-6I@9RH)qT}Pv>pd#iqnF~EVt04hf6bl^GJLW6?uW#*l8y@*R0Baq-ifqi6
zl`v?HkDK(rdzZ0gyD(g<?Qiet(MrS-U%{B4UTKJ!ZzKt5ydc)lPRM{g$+QG;<g;EV
zG$sX#PK%>!Cm7;D!5%;u!~m&CJN$pvjb=$e$=jP{_XjQ!r1$ffD*A-C_Cq=R$B1&r
zHOi=iu?Dkes-<ce*4E|}ud_KR<fWy*$G#Y?Lj~Ewu<XLt>Scqcn*_tafHR#}6C^u5
zhI85M*MCE`Iigr0>ZK(QYB2m86@>^=KEGa4VS`@;bZK}%{)9fH<lBaMYjZ$o>!2bt
z_U+pUAU%&ZkvUo@lHk)fdd+W}F4W0yS2%$veQE7srt#pAa$6Af??M0O0z-Co_HIS(
zF3qn6Rzhlo3So4pnV?-7Qc{@_5`<rhLg?+EL&AP7WELq?N5}5xNbO%p{;?4G&S^H5
zHGHx2$+gaNac<jlzcIB-bSvviZsW^U`}&dVe^xOJM-Z}gBrA%w^10rdoOd$_D88&Q
z)g(!ot&Qxi-JK5UpR$(f7f^T@hJlCA*t3vxlre_M1*!mz=l9`&RY`z#0t<2BQg=KU
zCCHZXU%T{s8V*5(J6*`ANYH^;M|(HUTz*IJN+TMrNA46<xoxVpNzuu^C|b@xG-D8*
zrC<HC>P*u7vvC}`osOPal|G)Z2!+mLr$y*rS1&v2k<>|lr5yA4|GVQ=1n1&GIs|B4
zi;>|Ee`1N;_Yz?KS)De0mmobBjR_@z-XhNBfM2My`K>$U6J0AP2r<tCL2<wZTcyxV
z-0#Q%w{*tq;@=6GzU(&6(1-3O`fYFQ7%+Rq)&ED5h;A=|Do82}X?I=qGj-oj{r6;u
z%#AR4A`*kuqf#_-02H8E+)dp0k2qyd{W<#+!}nYWM`a<NOm<GTR0j}S=<VWR`tKJq
zJaVcHY*RJ}RV{qSS65a2j+DDZvpxzZO-28k0W%~9__O5}MB_JT#Q32AfciW2e}_W<
zE`i$a^&TP!ohp7e@qfSWkW`3_P9_U;cWcNr^W#02h5lz$Y(*USyc$}yX0sh)KexhS
zEq31|wwE$b=E{isx~GXlEBj7+FVPPXQcJeK{AXZxv`*wzPgc38VzvF1<&+9F*5--Y
zl!rXgzw_|~|HODR-{gdr6HWqGuZ;?c>|b-OlynD>VImVI?T)adT8tBR9Q%60*D_zy
z9f53{N+WHwbRb3CKiloLy~5Db)FcqltA=`ZeeN3=n8e;Jrh)L2Rr4HMT<JPj@ZZ8D
z#zfVKdo+M`#|`IzQ~dMjg^3(osxK)w>AU~N0Chd8;+X0dr&QZuns-NE^&;8wIe*@S
zd1ZeW6~*%O*Gl7!e~gon5V^zWh+Mx~uzp8pOlZy_#(bSq%#?cnq6!~BTSQ_^6(sf#
zFHSy3L~yCnVgtO^5&JnlJAuw2?XMJi*?$xerG+4ZcioZon5hk0`Vy0Avh1l;R{g7#
z^mIJ5Y?aAdR+_a|A?G&EDm4sOnt!2HPX<_aa&Su^F;3QxY?M4wTE2-RymaH;MR_RN
zq%H<@yr9Q*c_gHB?#5#2xi*bAvyc-thBOrycm37RnHeJA-_I>y20xlimm&ipNE3T>
z^n1E=xOf9CKC&uJEnYhBm;I2aMg;`zc@LswoX6LhG4}#Shl5X@i>j{SitIHHj+EWE
z1P7u-PPZfOqNIeMGPucZu+fJ9h-XYh>RfuRu+hKq4Bl~8g!@C$GSSce>f>>;Ken~i
ze0o*Kfl*QLbDkos-FPz75=-3SzlEz`&ckLq+8Yc$ar2r_!Nq?#+V|tp5w>HmrG!0G
z)pgA=a{NXPEsy-fAj^xiwLh8IvHxD~YsSZT9q(suGB~&&F8?$(zv&###}&mKKoux%
z3L+S;r9%6VI@o{sckx}Slli#%Jl@bS`))$jH>1$I8&8~4L=@rS=4UV77YM=R{giQ^
zAXra*+TgI&nA{n+`(KVttA9pNM0%!M`Z!EfHI8)R>AN5kCAx#9;!gu-{fH=@z6ZjQ
zR_^*l{`!Wx7)C>d{2zlmPw0b>IXu0?6MM^_Xz^<=CbHrQN<Y)n+)U_pF=7pa`i~2a
zjqrbt;-c?<+SvTD7yWx#|3829kLf1{3;par?l>(vR=7Om8-srUOomIur13`K1c7!F
z=I51MMxcGt9!~Qt80J!cIq)DuHXr@+=2J(n)bnahKdU$1J);v^dx<z1xV=?&cf)mF
zPIEzZ5olD5{<J!Kn-mGEEKL-~3i!|_RIstdGXZ+{+)JAj?~6>Pa7>k3d4mICUcI7u
z-b&2(Ic)a)4exuktCb$?Lt7VrHM$JlLa1>0a2?mW`sE0IItZlP?z!pwohW=RAi5sl
zrH{&F1LcIxnQVXY{(=btF@CpTh4qrIdKs=04xJ8oN6E$7KcbWfaAPUah+lB%zL(zQ
zG<|yxEgeH2!2XVRUsB=?FOR=`NKW-gz0M1Wkj|ns9^10jZ=H(v{ViJuCyBSVq^aEk
zqOz7vy+#5_{Fvgmo)8Ed6^h#{XjL>WbxU2YXI;K`XE`{Z3o9KyBPufR+?Oy80-$aM
zv?}NC?~WTWkw-3FT{AR#H40*eHpq(k!^+gF)Wpg#JL<CC_lpr9|I9G~oe8U!G#oke
z%*9!vtRt}c5(?N6yX=d<qU0o&RM0KE66kgA4%-b&)zKssc=ep2!Q=1dDi-gLSHf^B
zUM;$)Qa#-hV@esWN`yBTWD*`t)2poe)+M85+Khg(=;_!<&V?~2f<(sX$rAj*?JMzh
z(74)K_P0nGxE%9hV&R>T7+uXRa}K!hL=)zL+5TtM7OFxMh}nwu%J|$gPPIa_v1cRc
z^4L{7SKkIg(B#u1-;M7^h(3IrtHS1-7g#H;$PRhK``rIeNwc@U&;hEggTrTu%&w`V
zb6yG}acB>FZR4Ag#gU8RbBGTZN;sE)$Gc{ppP8%2b_a%OeR+|~$ipnY{{H`QLm6tF
z{{6L~IV1vJs6GJev4JEYQY~!++4P;7Q3;%8_c^^d^GzybgOI-FKv@xdZ&qm)<p~3O
z%>(X4(?bL^(S;!V`^WaWmsbEP-u-IJ)~UDta`o8h&EekpGh2K6pP8F@Z?b4@3f|Gs
zp-9esr7dfx`7m?D6r?-u_yU7R8LA*(_#8`@6PcqhK=eoC8(tdJsQ6^xdvargDFttt
zF<mQdq=~}l${B&}@d65z#iqOTwvD_<77`mYNva>iW5HzB^Pm2f{bg@k)GFABi<++c
zf=k8?>vL@MGi%BHTLfYJ_ucmnw@Bary@YPUaS`Le=yubEtQys-cYuMw?-BgN0GE_?
zyWCG@1J5DWQfLR~EGv1CM+GjkBgsIHakk~1D0`j?EOv*?&xx+*z^&-)Wm7*ISZ{`F
zH|aY3PW_GyZ{X#GoAn)>@z@c)fK=c70K3B|DZn3mn166ynafT>Kt&YF<wODG91dW*
zrF%b9LIG#uMawIi*+q>)w@+1G)r_?7sQrb!_4r&*Vd6?9KFoKMVBp5Z?==jmP_J%I
zmh+gaqe;3ZEQ9&lahKP_?Y7J}X>~bLU<K8Xyvs<G^uxK@Hk#obAz4+O-Hw2KO1<xa
z*X6+9y1^Sm>bZGsj5}@|He63Ddw0KUXMpBvNd9q^=4~-vrgTQTc4%G7NsX_DY;8Rl
z6zUdAH?{vaX+RL4T_5xBL74PXc2<C7w6uRakd(x?s<12OWZ3?p)LekT^a75F$py&A
zAZ#!#{@hPPTiU-1q#V1w{ba3COWROo;Y*7xvvOU0GhKFOa_e$lP~}k@J}_Ktz=m~n
zA*`>DShCm<7^Al@WH=s`j9QB!Q)0%YZt^=#fY4_@q1<B+RlC(`$W#l_pKz?F70reT
z&6HhJHnASDm&R=KLY`{8KoixQL?CQW@E!`+gsRG70>Y3uE&*&5<Q^Mz5@)Ty7cd{>
zMQBkqFO_*i%1sT)H>1tOL`~?iKKR_hZF|TqA_~oN)gb_+5n&*<Yu7{`e4ejW3mnZ-
z9@hw^X7fBeU1%sM0T6$J$X4vbR>47JWVC+SUD+_HqxtMx0w(3op})M`?n@1ha~7%$
zfftKgFp%lWhsYVXWH4q$lW?3sGL8lY{+gVZ5(mirb(ealcJ_|N$(0xsnm|RKc@!in
zxxqjHFA&8`y)%VcyTy6dc&ldpcC&K*Qjm$F4xz!>G+5nSt!f+Zakp?tlE_oaCJe?!
z6WOg4({A*FpLM<qmr=JdX|&cIOG(<0l&1}d>ueK9`JqZ186WNYl}!!*ckTH>$H_%y
zU=rP*YHOby6!UbjuXJ`({{0!FrBUNX_g!VwKE{}gb`B;j-PVtusNE1Q0---KoJDtL
z?wr*OR%kde)x?}g_&x(GuJ>(eP^bZr8p2eb_(-E!ZyPG?N$v>@+ce_6jYN`FWA&b-
zk`fIXlBc?5I_+F0zT>nvjI7dq3Y+c@RXTR;>31dm?Cxl-;yD82wvD+HUx-3y-dCAy
zvM!JW6&om++~}ONx@r*?a^8(|QlwsWJv@BQxpxU`5ZG#T9CF+It7ntnG;yTg2RNxF
zl@b{rb;hPrG>hApv6IU0dIagE^->bC%U##u!RpAu^PqI9(!{o^64H2>{~&EdpLq3o
zW|C?p^|k)$m!Yh<pWbLC@actmbLnTKQ9HL~A5njbIHBx#FyFKJN#w=;CibU9DM->*
z$Q;q%d+_R1U%U@mX#S&r8mT*z!w;52xj$$z-OoZU_0N`%5Rg#V>zjaR<>CC0MvHae
z2;bd_$Cf#au7z5UX~Mz9?bj~4+7Bmx6qH!$f0?$ZVX=5Fs83()e6t)&>HTBjHr4=0
zG_rPPx`o!6q0%rOoE8*`oJCMVQ`7RfwcSvV8ZV9)M$-O3px4pU1iD4%<T)SzT<Cd1
ziJHN9XSRg6T*R*4Gb*arkiRiFcPQ&yB#q@`YJX=r((tNd=j-OtvvTs$H9B$i=m|}Z
zFQFPtx_>>FIXp<9gZMbfbY~i$9aF{)IPQ<ioszJ;gfLfmbI}Oh?HrngCN#`_c<(O~
zewBtSS}DOXV12N<)sM$-hOa!PYV2)doeFzR|4AT4z#aRU<WQ|yg9ERi#8%burOCbw
zmN@;@@|#fN^PGtu(+_Ebc;mGpGs#2E@TdmezGpMB0p*<YLi=eX#MUL34y7gAZ|&`A
z6P*c-nOi;TnE}~|VAWpdb3HH}O|@^zY%ALJg+nVwW%+ewgq%Q!it-q<>#0YGpPO4f
ze>h(n3xyDzP_%V9Zf5l7yj~B91R0x2M<uvlVq+&+MzYqF8wRf`&D~>drj%JLlPdN;
z8DcDoWLN|m!?ovA2M?Q8v>?}Uzxmh&Jysv!|M^~~nG}IKcZym58$|E6&aCB>tW;Wk
z<#tVr`_naRYS&H+qr3a35Azkzl^J*2z2#ql!LaPW#G<Lher@tqUl<CHYuO3`zt~qG
zG+bCjzk<Eh^(}@h{z>YHo1nEWX|o3?OMxQ#%4RRpXdnWx?h#2#2rmcSdVBzvt~W{{
zPDGTiiVhcl1CAgYHp*$ooSEo=)lZ=tHIy>_cD$`F3A*4QFU*i6myE2qcVH*{oy0kp
zvA1TZxHt&czBTYhiTl$wCb8I7utDD%>*?+>ErgVIn}waAc;sqC(8kQ{J&(YBi|(b}
z81&YfGM0EJzf9-+&B&+?2B_aGnnz?i{Jv1ppr;l>lwW!A{g7fkf&Jhte4xyJNrR>?
z7%Z-Nk}S#uM!r7zD+^K3^}DO<iNpfduSO@#%@(pEt_dtF?e5H#Z3{+BS*XeDMyL>=
zy{4Jf|DBATk#0&eU-3hiFU#Su1<I82g6_UXtz(nYVWx66IftD8=<DE*L+k#dM<B9R
z&`(_wR-I&Vv{%+YDk_RiJm3!sP{XQhju<QY_3F>r9-kj66AuqIU{tf##qEq21vM`+
zur`Lx2_T)mKlYH8m9KspkvXg9m!Oms!3yna5k8WfFUow`T%v4yO-c*bbKe|fQM)f=
zwmF@H0h~XpbC-3>`5HGbJ|=bwbiLAeGT7YK`%k0kAvsO=p1|V-U(xe-q;+?bubWM>
z^-px+hZt9^IgnKlhg{-d0uotNKqhfl`bGLykiy%aU@2w+*Mj&A>qABM8eWY~NDJpG
zXN$&^#0CqrDi>y`ez9xM?Z_59R4-lZx*^}dYXagv+>kvjjxWkT+L{ysKCXUwJzcSa
zYdLd-wBTO&Oagfq6~cYA_!{}8#Vz#3P|G`8C%ZwGung+ukW!bW9h-}{V>zLp&{TZt
zvHphz(0RiS3u!tx*O5)EmPq6(Q!s&nyM%^dVn!Y9597mi>6|$vZFsU`F*Jt%c7C8z
z(D9`XMu)Qe;|1xT+K()W={_rzVv;W%&x3gDm0I51Mm>k740Tf{XvMw4^9&pi@(}sX
zzBjLHHBzqg!sGU<6+!X#2v4E+Tm+?ecxy!Jw{B5U=#hs#)Jx<3A&4W>;h83iPirYI
zsz)mpq+-w5_#Rl`dhYqxUe^ad9zcNj%>Ll_nLle%=jBvs0B|CbEZdNVbwUop;=?Ss
z_Mw0E&Evud_njp^T-8pu?2tlqSi1N0hJ2%<Fs1#WfrHbI_@ch*+TKB~r|Y%;`SQcZ
zYge5uU&g(p53~Dzb<Qh{+Q})*2T?`INkeL$fq8*BAv$29JbLxr@;Z!rmGT3@8UhdG
z)L8bvV4z4)ykD^4Br^WAk~hX>>g~;+zL-_AT=Ya2{(S%TH+6;kjWyPH73HO^r2vBm
z-Ogwpi>&1ku*sD>bP#g$&@An*2R}|~E$>SdHXN@oe56*+x(J6^owsSVyrk5M7s5hx
z!SS3XMCT7)vWbgT!YK5=>cTym_?hi(nLJvIlX|V*-_X0Jatu*vWxvTiF_6{`Z>{dh
z)81M(y))M_n`cppeaS~I9Y-BtGvxsdwg5LrFYK2!`&{l}T1nPg0)nitm+l7r4GP(<
zX5iJbQvb0iY(?`W{rl_d3Emqke^uGWkMjkW9t)-r5dJc4w<_a<NfB@5_BH5~1-?2G
zctIir3&4e=LD#5VlB7`=15m3xm9AG?bO@MH6)k0fCadXcw0fBD=wjj0kqECnnP)dG
z9;)i~q<bpmi<2G594w}%#o?H=AZ3mdYGxXg2-G?m@$3r^DdD4s@GF9B1tIkh7Y5u3
zO3|aU{T&~4RDetGV@wqI<71LAa8Q!k14Bi72A7P*ve<PiHP5?d;ZC<G);bGRw>B4C
zGK6grAunt9dS2d9t_;rSS=JiS*f8lBNNOr|{xC2>S)Y#x?GE+V+b9TE2i|(#kEycB
zH-5P<o3x=DCUqi`xtYR-;!PV|Ss{+zHWgUO&}}7Y_pHB+n%wS6!2f`AYOp&@=c~@s
zWLUE`(9h9)(e^R_vXB(v(xYVmwPSCxk}_i-2!zYe0vCVpKa_UlvMjH3!QJqIor2SP
zmMN^(T4`v!fJeEIWAk>fC%)E^+*(3x`S8dAIF7uK`A;@8P87O(?1bb3x|WKy`$~?X
z?JU3Lj&75YKb3~CH(3ri`;nqS?giZ79O8`Etk3pG{!rJlL{$&@HkBDQRK5|cG2UZI
z<S|QUZ?c<(^81T5%>NKuG+E4q0PW^zZXM<L=lTi?qMN!uUE>vdx^(h01_7DK<npLp
z%^Sd+1%kf4h{YR!C1AhIx14G;uUD#}C=wX-mgL#Eh)AnzlvjTk*eVo%RcanLU(Au@
z{}g-R&Kq^|wggj?Qtr+9fp{g#r{u;w3wp_X#kb;QRsc#96&6WBnM-;trIyKx%_<=F
z1qNOyf7p}9n*i75+~Q^kK0>CW+CuFY3lVVTjkS~~yz^=G7=N#_CTvgj7MxVwY<TZ}
zw@8aF>dyyB1kRFs81ZLvQ_WRsQE>04epSD88Q`2|^`4P1tJ8?w^4uX{VAB=cR#Gc0
z%N^8ZNqktWw-~h@$$*;4;VPXv4SW$N-EQR5$~DQ5M2!t4E2r{twI|J}@qr&6H7U7e
z-@7rJ?A!V_#fITg@W2e`b@qgL7=dt~qXd&8t!|NN$+?ZZt)fqKRJOFbL6k0YiOofe
zcjWg1x@(%ae!v%ao@rF%iGvmG_>3owM5}jz1rce0cf+D}#>l?0@l4aBG`b^@RA%P*
z3Tl&pefIv0-t|+%vtbVB3GYjKKO@Vli>11RlCSc~eSItp*f^G)K-(s#EXd}S-R+{x
z=4i`vNV>{wcVw?oP~9D**}dl5_H0&G&RRoETioYB-AslAh8!^UG!rMQKBDA*OWjp1
z)SfKqO2{DYdMjS7&Ds(_Rr2ku>(5Y6e}<#_?=>X#x3-YJSjKSD=5A+uMCRZvSf#-5
zlzwBW*{ijP7n>vR)qARd_jP+ZFT&?~33KE9CKzRLPg1|)DkESfKiy@n!UCCsb^H0a
zISLjc5BS43r_HcnQlabFCaJI-x-K|Tc#*AYyy&E=Te>yQj@_;B0Nua79qhQX!5N-*
zFJ2OnNvjif>R7EB$jMGIOs!7!CWBgYZaPkYgaqwN+;dTeW^HeO*fZB+C9Tr-WXX~4
zVyqo^^fMSE=`GE=VzuldC7Fg9mNWWaNLo2>YBzc&Wr@hCvVW%UpZ`cx->6GLf9cs-
zwsz7nFaYble<#w{?nU?_uoh09tw6>mq7`k*dLd3)gnQ%I?*#_7F0vxhSGifVbd|>L
z$mh_j_V~QDR+d%2KQBfkX;j(*CL1Sptn;$qy!uj`kf7h1z4`dtai9|KWqt#rnZN3w
zSHxfzx^+&}A3VxgqKD$?RxO?lD*P#9YinzaD2u~%1j%XZ4D&${K^u0P<cTwd@^r|l
zckYYpv;CmER+1hnhpG4T>cw8xv-9vXwZ19I-)Yw@RSPuw@~So6%epu`FE4qt8=Xj&
zvPHAaA~MnloT3biSEJc!6sc8MI}0Ea%Gokl9qAVhKs!VF@YJ?aMlc5Z)E>(~KTME$
z)BTuT9`Up<ZlHxi#LHc2%&K_#M?ibd>mi>TrJ60S$;qLJjSzJUj_z!g<CBAD7~dF}
zg%~Ivm)<1<+>dJ+<&-<{M7K9s#tiq}_s{7_1qiNl*o)LGvaFSf`Gddd{uI=^;OEpB
z?)e~$ZbwD8`Nm<17cMk8X~U`y2FfB%jyaDBcGJE^Sy_2$eVq*ZWxtf0TZ5`2bK4M7
zM23OAMh9oNyw+#TkL`HJy6Wr&TJH+rK~d*Vvl<C-3GsM7etkD9J6zbfyY|g<r&8Kz
z^5~O38Pzzkr5(UP>JYB6`hJrIyX<g|I6onG{0*AU;Nbgu4K(|aTnqWr#?QT3;7*tG
za~fL8{d3FT&okDqMOJQYCr<dQSaPC-&2)q$T3gK5$Gx+s=6Q`G_eNt9vz}r4`059k
z=2s0wcpQ0DU~~sx-u$hc$vj-j%7*J->sf>+Bh%6+8W&jwLD1%m4PwjU2^Fze*JHL2
zBoNzH-&-6WoyLUAr*?b+;rcs?oiHJ_eHx%oVJAsYf_1;Vig@e7Stze>TDIkNR+LSW
zoRgDZww|P8dUj3CZpnrK9I(#RyPO@IM9e$xowYt~PYxB<9qPU>bAk=~b74O_@e7Bm
zR+yUv?HS2V?coT<^Yv>!<2rzHKNCtEwRMB{fNTQKU<Ne-#}|F3Pt7^NM~^}3dCL=V
zJ&)|kdVi<wgb^hrD0y$(d1o10rTegulJ!>=2n;O%DyOSA?RG73koubl=IzSy*g@@I
z4J3DWO_e$|L9G$&9s+@}nkTc5R?D9t$Y-ocDy*Cs@@WEdO*EyXJC>*wPrE;CN4=x5
z`40ho9EmqjYP0+bwJjr08TAn)+(uj5J$XCE=CN@Z7u(9Ca3dolzZj!fd;mX+>_uE$
zLkFp*YME{srdir|yaM+WbQ(jJ)NsR2xsfy2Lc+NCXBvn=przSCr<FZQ<dx)EpApoi
z?)slIyfCMiUeWf6#Q>b6rZ`<F6Ji<5o;A5iVEVn^DDOQeh}=xNod0w>-Q{|3Zl{b6
zleuieGh*{0>z*!VfN`qQqQB^RLG3if%mSDzH`EgiBzhr^p5=h(4i~{140%I?t-(8V
z>_u?aJkuN_?CEL|qPdafo@+b`q=-Y99Y&_$7!)>gk>V=C>s!;fq~q(mp+hdEJ;$Ki
z%$mDP375p>T&y=;LO4$EruJ$UZ(Y3zL8eu2tNH_<y{&@k6y25nPAi(2SdH2x*>@3%
zACZ|(A#ON#?n=H)T3a*KuwK{J<>MdVAiv*Nw5Q*MkW&q=yl-N3wF42+0{fVF>tm^4
zRMHbe*JoRoi2su?fiB<9v#4SuIxKr+l3^kcj|@3$z3PI_j?0`jc`m{5gO`V9B+vSt
zN@3#Zz<QB>wvkL=hWOYYiT=wQw~vo!BKUshFZk+JA-DDrV<|x~8*oFv_$LnfA08bE
z*+y>RSf6Q8wiK(+DHN-F_s<VZ7!LNe=taDp3M~v_>qhqOH^m33x=_5xv(cNeQc2mI
z4&q~bIrUOy)RfsR0xb~LbqMOh6jST3cD^1(vI(PI8wLs1${Q}Hg{Edc<|;jPGmphm
z$>N8PJck1a1q0QGe+mn)&|VYBO`d(zK`L0!8=a{0;HTSgyRZ5|DTpwbCZJ8w;&AZI
zF_kboJ?l+r&myLtXQMiSSFO5M<$Qso^%RWgjZ39zQf$_n)>M+h$piLHO!Kv$EXwLy
zK2{F`8struc$1~^p-%mj@t$fgFv?MBo2#&-VOuoVCqE<>79s`XB7LciYZP9g20deX
zBD_D8er06N`K=qWb|MH3VYksn0#UsWQR72fb|D5ejy4Rix+us)y+VNIt+5X3-V2!K
zyP)Et9MA|`boN9A@qQafD;#&QdR%naTpsMctE+EF2O+cRd`7A&?y2r7IVcBxwAXUk
zmk`DhNAUF_yB7c{V0`EOJ0w<Np^bC7qmf~*tn1|1I@j0GR0?{r4OH)$J-NN^PAE_b
z`NFfZu&PWoU(WNg`++o>#elAG2qOsuf=VPv#c?>XJ<$-PAltntIhd}w#%emzL@bTP
zHD8eflKkgZcgXV6u<~iG;o@|hOWS9Shv&y_pw@)`x0J30?~Y<Jy+6t1=<Db~Y`>8P
zrw#i(_bJJB%M7Xs(_C9s{Z6`?MVajtr7Y1b8st#zLM>0boc)}bJ2WstUolhqebanp
zm@406z>XAWQ*)`Y7C5Iph7LoY!Y2KvdorbUW!p)|yO@idtlWK3aP!X(8pwz3x(nOQ
z>Gzo}R#54>dwrK5I|wc3ozSOj7DV^9*B*-<qeoKeh2^gPdl3r1$4o$05ltAq?8CLK
zY<xK)AP|9|)klittoPjLDnQq6W%-r((MTB=NYmrnIC-Oh)G5c+oa@4LK3$nhKQu6P
zMYibCNln*u!wD&)PP0F2cF0Ot34<d2%Clg=z2;(g2qx6ZB+Z(|=@F!A^twj!T(pb;
zCrwxURqk{ryUTA2BdL%osjrM^{*EbPaF3v4s7FTAWa2vIle~+UfM7tF&X=@Wh5)cs
zfEcvw<Akc?7C-URFf=$@wo?{Wu!swloK4L<X_6yzy8=717&`%j^TEyRhd(=<+m=nF
z-=9NoPZmV4*n{NAM=*y#I9t+t^|<@g&Z4Hf3{8R@MVBu$h#nQ9`iXg+ON3x@eM*K}
zr7G17&ZFBEX|ZhWoPWC8RQG_tT$-HQO33?j11%vx#!N~x)KGNvT%!cHLqNtH59SJ7
zLh5tsYf6s>#H1;C$&pYsBQ1_nKed4!JbD0NZMj(jlXYP<%yc$`I5{~QT$!J@mDY*q
z*`{Wu$K@eSFzm~9HPw7o3EEeRmF7H_nr!pb{2)=`chv3ax)2&9HWMo04>mDhIHv*#
zM8r4bZ=syK-G((5cwl%?5Xv-2l7RS_$MmIZX0uAnN=wOgfMoIB=z)bZ2=19K4dcgy
zhBG&FHBPnBc{VB^et?DS@YpdBWKKrwNirUSW+-d%aR|QHkuPv2mZ(`UJ8vU`<>S+>
ze|O95)f)-4Em(-@NEN62?Roa;5!CP*_TJLIdBwX$6_XO7n38}fWhi0vL+6Oe(Wd7l
zEfz{Xr_{V~m4dTAUrAb!>b2p#1#OVs7rCkA>4G(Cj2k<)sRc`)#>OHhiL6HGS(<`x
zS}90X2<6s<4d+{tXRd+r!tJNcs)5lIy&*K9%it0?*tRcs@<Wvx9a9^|As3|!Z1I-&
z7wyW{ZeeCywd?X?SrOtMNEr3n0pV6JGYw|Dr``XSDcMcN2^)*z@-V!>Kg07T;qkjl
zvk?KqW&kcXA+}^8SU}WdSy&aBeTZY0DVS`3!8?dWCGI5$XST8tk=~tt*7Y$#QI^RG
ztM}o7is_gq`=EB6^>OxtnKoa`r8!kY)16)ToqBkD8H@?jLS#3a-fEP}Xqo=}h3TwA
zl_P&XM~-)43s?v?57#wzueWS6cNB{!|LU$9oD$#COx_<znl(trgby|ga&DKZXO1j`
z!jNm_gDSnwU5e@)d!^GPs7C%+NiwiolK#?rVtXQwwXi8TVVKf6q9VX$ia^cg`7m37
z=CW@*k)0y&K!;3JiT>#SdS<<qQ&|Fe3sVp?%cl)#-SOR7(5gtAPgb3tCP(mpnCBqU
z<&>ojC<gD^ahEJ}&rBS{AcsCK+!NF^hx2qfGS^~@76JlCSVrxAKtq+euOhVqFHYv(
zh4CcS?Dd?_!=ns_ks>G-a$KGbMVXEnurnH+&eI6E+!c&Y#B&?OjGVlt;ej37@HDa`
zaK1am<!#|W1(`eXhChd1s)ZbNpQsS$7ZQBrX3w>*b{s3*apLuRPoDpJaNLNOe@Wy`
zdSl=y$VyP$=pCdZco$~);*9Unum@9_rek-aA=kOpl=JnTUaO}?VP1qGBT=zZ7p{ft
zPQyh?a*&$4n?pX8AsV46bK4y9E636oBOwZp&=yxrL`pVqF^zLXtEP(jJ)==XpL7oX
zp>bZ{Tk)+!9`a@~*6<YTrnf<BXQ!6!y;5JvZ>I3%(pcRYK*|X@&`XyAo5=jJRs%&0
z^{O4}u@Z=uX#jlsz9k<0*yHnKp*6&8^b2~Z+5?FMkLUegK_#g`l@^668<WdMl8lx1
zrsalyZEHW6Hm2|IpRh(al-T%8#a~LGunBN<8ak)+ZHq4_Xk)sXf0@pO*4ZePxY#N}
zr2S!6tXIiHt~ZdMGx|pAi`(x148vU(RrJyw(`rqmIs3-r{09+C7D14Mdq*29p|2dQ
z<A8*X$U_@V_c>k2d(QpvEp3kF^90g#OHdcRIQzM_QwwUQwGFWgy2N>^Efgi%tx-F0
zJ%sH_TQz4#LtmqmKbyz&i-7TX-khiXFgcesi!p?zb?aFs2CAUxYK2zHhVi<D5#&QA
z$j>98(6fKio?CFdVG@&D_cUc}cAMxn^pR!fSJ3QUHMSSPVJ)mNxpHQB&DKaWn<@#H
zca`%2CJ$6AB~gnw%;x~624f~99|9Dp5z*lChO8o>%+GJiw<h!2lnOcWW{*9aMl%Gh
zx6dx#J|R<7hnfHD8IS?}`4MEYRtVDUZ{?*#?WGAYUqm_RKH}IA8JyXGDDKsEhm;Ia
z$|LN}O_=$AjS3K9*3(;74O#Jx<p>ZU)cBh0vqmPegpgv1kjHRyQF3US9JHQ#{9wZ6
zG4TLLWRhX~ebuhTz%~Rjs%j4R53FhELjNBI6`)oe6p=8(BtqtI?%^QXb@oV*vgQ5*
zC0=^Gu$QWmAACy5qa>fs=uZeTMq-R{Kfn?NA-zkJ0>yl?f9l|3-=T@p)u{F0steUc
z5~cn19=Lr?hL(v^vT#$QDumMPpWtY;orG%e6B85I_g(_F-;+?|K|G$wo`=H4rG9zs
z3f$rVXZfXm;lc@CUeFcs@q=Th;jFn>+bDu=c)2tDT)W9*-n2zI9|i^rT^!;QrEGRU
z(Sijs6}o04izB_D_XGI!eG|1;)X`3Ug)no#%fW%7klOinWrL9bzWm=gPmgWiqMCn$
zc!$K!)^BjRx;BvW%lWg%(59*ULlB9DuckvLhL(+9y!d|1^7`LVs*2QZj@Hj&G{f{z
ziABuK34DE_6#)<9i$9$3D|J%JbNoTQhJYO|P^kSetS_!q<M<o~7Ot&h9{cF|*T+&$
zNL=X(fWku{39>#wa7Y@9iLzL|$`qoywKeM6x#zA}I01Q-LU={bjt8;5oTlldqWE+9
zAH+>b_y;vc4ie70f(AuuENZQsFYVC8y2OtYS>1ZByXBcTfsGKQXirUP27ua$1&ula
zo5El-_!h+UEiK0+abI32H7(}CM@t(SH%dZ$j@P7LY1^dr@XrC>dROSD*MN$T1VNx*
z9(o+j;IsLfvRYNOUgZ6kI2zEG*PQ)rsDh7L<~JOAy&Ran7{-rPp9Pv5!Nr2uQ%gW*
zd`yFa!Wes?So;UE^cNU%p4Z|`Uj|5n(a-M9*mrUKpU#=b%$ny{Fp^h(le-Ao!90Wb
z$WnGR+PHi!t;L0;n|1uD^V$io^4KGYS=!qF#zMJVDoSO0{uA4*B`y$N*J9xjvQ+0T
zh?rEf4{99?`5eJGC=kf4=jGx?Ljnup$0u3npgi<QXw_;7KPIkSA$#Rub`{V_b~XP5
zc-|P0w)y#i4{N{`k?D9yZ81d$$zKo9{&W9|Ll5(Rs6^cSARA3{g74o|LUHQs&u}_J
zr87ax<i!1@eK>y++(mP7hVV4Ls715KZVdpG7Z*>T3k#$t$G3|b^6Z5nkS{Q}F*&a(
zUyBwS%|Er907J5w@R_Q^=?$x#lzg?6{*yI=@(%l)d=ittV@K1bV9n6~H<6+%wc+#7
zGKi%*tV<X<rI7yvdFlc%B#B`7w*Z}F9rWZ8tN*@NvR>sCng}9G?c|H;o^76lL2P$*
z0Qi0J;>35zIc8l&E%JAFo(@U>p=aH`uI3+aF5G!%9L&x`5J1Bzv4<9Z+wIfW03-tg
z$N``Q6Gn@`0t6C6ON7g)3k%_sc`IbAhyfA0vVVQJ`=0OCqe&@4jAeKF4hi!G=E-^C
zzh~L>2P2z<Q2-+_B1Izenga^K*3M2C^m%b)W3!hMR{}D7m_X!|sTee6L{X(y*NlVs
zW1?(NMy^+zFQC7<xcwey`0q(akbY&5wGfPWkmNq3*84EL@e%>ANUS-d5t6Q)Z@YAi
z;!$Zvg^Bq+YYUBpzuVh{35r?!{=EnE{q05_cJDusZbqE{-xpZc=&uno^1H<1(Uef)
zkdP1kL>MJiPhSLOm^!;dNaOl3G&)Iut9rDOt7yUQDq!mAMI^j$s3c9u1UA&u@RT63
zSMP{o{w*qv?u4I+eIP<{ZzvHH9AMZiu;?=+Vpt3ro8OO#<CDIS8;Xi$sZU6b@c&(~
z_r66(ruVmXU(LqII#IlY;HShB5db(vAtMnNEu+8w-@wr*(K^bW!x%6^f5Ndg8(!|q
zOzQh2+Q^zXg=og~Zau9$OfOFkT9_n`bSnhm@|@GXBgaOk{ZSu{g^hZB(1OhO3$san
zm!5%Ua760qUMrAVZoXIJrLR|RXiZ3~zkc<)_c$Qy={@O+(MTzLE0Jc6kM#_x6hl_r
zlXa1#>=qZv)>qPd9L;V#`Kn*vhK2ytsH$|VfsZ-W5Xq)V1bKYa6ULD#B|0nD^_=_X
z2LeCTis*qG;n$wf5R426LdFuiP+U}EEFqE!mmYVct5775@L%|+ZUAndgEC607plg^
zvR?O)>BJOqaqX;e7P>O&x%TpbN1}L^?rE(FaIaehh7@0gjQ>7e>Qo=&_au|iKFxc-
zDVdhB`TPK`qN8~_L?3Dd%8jR?f-MUz)~;>aH>XlT?4Y<uPlwA<m{%$=KVWg+jUC_n
zbQb66##k38Iu@?bA^;L)MBd3DfXnyc5O<$p=Xx@s_IswngmxMSg<gW&ypLP~;+{ss
zf|vAvo(LLD6-5{C?=H0Aat#^Q(*c=So;ETj36U=?(;Tt?{1KM=jogUDaC^gJZTueb
z8xOE2W8r>&z7WUQN%7rr_v7Pd_;#u)$*ydhdIY}S0T^I}j)vT8E_-A0xAg8$V){(J
z$(o0+E8w1~2C`aHd<`Rgyswdv5T?p#E|9&3ao}RzNqM}Ml5nR`^fCOiap*8EfyZCM
zz$Px*{^wf!AM7dKf6Nr6&u#y$=0S)s|84wYs-*u9C*<iw{|D*%{{_za|L-Xg<4Y&$
zyE^SixOwrJnj<7oy8}vN-|#-tHL@g^Hes-wb>7qn4{X0fC(uNGF4Y@UhyS^w=f0~o
zcWCX??2WUPF9`IO45(N<C&^xB#qJ6-MtvN)-9kWO2q1C3`y!|1!pkd#Cs0SC+42Vu
zmr1W{TmhGxmj`F&aLpbD9(LKw5bGM{et4v}TqCfC0Rsm!v@G%i=wnV$aOx;Y)hqPY
z79EHcBb!jYUT4t!47d*5yiz=fOj-nVaf7fBdhKIaud6#Ih|uh0sff>$T*~Z)J7Izt
zc(HwLgsSi~S`8F6Hku(zqSu)p{TdMHh=cpEe~y%kzWklSgHIPX;FlKRl6wB?1q{R|
zDI|p9yJd`Z%IwGK^cLsEgZ^}b8?`*;a=s=${*jFoUFR7Sa6bWP`+;ty<LrqW`}+YU
zDSrTC_SxCaxCAiL?)RJ~W!f0fM7_32@8L{0|Ldc`w1(n`)Y_x94W0jC0b+;}NI(4Y
z5rFu>E1?nLBpbUtgcArr+QpwOZR~`MkRaDM^x5~!^hyypI}J1tTQ9c2LtGD1xYAYo
z_EH(aqp@~FCZM9Fd2oi(P)TfbAc={w0kbaqueO!gt1@sP=(;&r-Jt}_zYN!VhlM>y
ziXGe~saE_?Dc1AZi$+ZMDu!I#FN8ol;E@t5naodH1&%@J*+*GfhK*VIr1%{AkOpV-
zkYMb-wH+@2SA&WRMUzgdy^k!t>63T9u+jEtVoy#^G%uxC3wf~m11EIBl4(IDPzn|>
zL};8NC!c%Ig@B|&I>_I{@~C(gcb2LQMu@G8L)RA;a>ZgzqauyFYVxQA3-J&bA)mjS
zhD~LtB>Z1XxjX{R-_h!ixtu>&7V-7_J*bkMyAp+uGy<A367sr1Pg&1Z$Rr|Sf(G`D
zyBlXE4Wu+23@GqkH~ow^9=h@u2N~IgU<3LK1Vyp+JdApxXBL2>!?)yQWFSE1xIIiT
z>-~Y{aSfF;@Y#k;6ug6jn6eXOHvEw4rHSWt_(A^Nh;3<28o+y*ng(W_^-nl&Ciqc6
zmv!g+kr%nPr=2u!vUC30IXm}#`oU-K;vlYZqzGvv@g^F)xJ!r{yDL=AHW(S5aF&+4
zpLO|5>gKqUM_04E5|(Q>M3_PW))|p7sDfv%bzAldunCX^(zo@wv4<x|5<63gndWPV
zho|QvhK5+EL;?X|epT}l8Og+n0bL-)dVOw~dO{2gm&384)@9>Pov41g7<+&uQ2|6L
z{MQ{KN8IZ)jJgfM{5M`P!Jaq_nlNE6C!!|JR3EU-F3(eL0G>47Dv?$lK{7MIN$H0O
zPhEZeE3#!&ujy)Bki_HE*pEq^7_Jak*{Y30MiTE=PfC}l?t3dI*S=L5SA=*7#+hcV
zY54X89XU5Qf}Mha-TIvP?(LDu)-5v0EioS-U*z}izA=TZ0TLD(x14pRqzj)K;Xw#=
zzW0Cv*vBl=kF!RzbrRXhd`hT5+TUS=QU7EzMZyV15@in!my3&##~Jg1PyiKjcyiL!
z=GBaWdx31x@(01h#Kh5h5wR5fb8Cyhqwy2Gd@3)wRVGl?%+o0(=!<25m1}?lv47`7
z%Y49>P6{)8fV}|DFRYD?f*DD|hAfCPr+XhDkom?c$(f35y9ckVUWp`+Cccq|cMht>
zs!;d$Ucf$IkZ_q+HlD$Uc_kGOrKF`X@zz*<O`Irfo0-6$Dw+RTLgGDW$1f8eQJYI;
zK2<=uMhzHFA>-rh5Fu@CK1SVo<1#sm0~*h>oyqS3Q{I&`ppM>Cpnqkr$opn#Fr|_E
z>Hz=NVfD*MMScA_eZ6-xKR*jarq_0CvEbkRJ9vqk5|u(;g2}?L@7XfYnhcD3&7WJ*
zh&ll6H#C-rC5r?YQ_Z^`DkD$4vKwWjOqd7;7F$@XlYe)ia?!HHb0kCjQ1hfaPdOhN
z`q{I?zwM&8=RJZT9%G5>PpYsRb3Wai#DENE*?I0RxVJ4k0YCiL`4iG~^DQ$z-Pf`r
z%H*TI^_n;-I*9M&DWA#?!tw1;?=PFm9M4c7I`<4BpT-mMT*X8SE6dq*43h-eoy5N0
z&VX3GWU=$|D;x6mm%YVie84yYog#aBRE+WI1<yNPnV$S9l$gbMwVVs+K@~B21hP!(
zITY(dsfY?_Xqir<V`Jr}TeQ&(DwzCw2bP?7-uDhzl^aYPJVP@x_-wi1q5}l)<Z{gJ
zxU>%E!{<k<ltgbb4FWmeO38J#+_h%9PoYZe@PGZ<<?bi(ih*IkG7+MKly+h)$9XlI
z+SOxlyP8mkZ-=|mgWO|L$_Wc0yxl=xXJp?^)!*r!I6OJ?R~ye*Y*TVQWd1{%vS>Z?
z8S2jMC3czz4oL)9IF>-4-cfdyjS_o*TY4S#7Z7IKX*`c|%hYjn^hhU<kU$uNg`#{A
zklCENgC}9}I;Kx<b%YgClNnmC+P;K?{N3S@!63j4{n9DcbiaNB*I#9IMk^792l1bC
zebY-rb7{CPlFZ|xlxW=Vpq}fD@;jb$&~#B#2}y}ggfVW#%#wb=m8(#oHoGTR_3N@m
z<EY2Z6pKRI@_>M7ww=X6{)UmR9)L;gHJoxLK8*YlHl6xY7tRcsiwOPM6J`9jT=&k%
zqO@7~&Rxs#K@E)bG=@toNSXebo1f3%SO*c1g_rQR2e8bQUn4K#SzNxh_oV!`@Vr>K
zbFF?)?#i#8tobE~V~6wa&HN2=4w~zM)#>)gjG^7Cw?ayLr^34Q%1kys#OqHzhP*UY
zjVlPwD8D`tv}l?Cuftu~(_8c>b#1mf`uA>*rB-!B7zIz;ewx>}0E@}I;ATO~&N|TK
z5=Zm*E-%pi{uxMu?5oWvX|73de(wm;^Q^=-8A^eNfRF@Eg-UZWrn^dtM2cy2B*Nfu
z{#<9e?h`y23Evk86lhx@63F?U>F2_Nu12|I30B*DiwlY1!|@vscOWRMr~o+jNQ;~d
zP$PwMIhdEUmkzGlpLf5=_I^kau;7#fdMk0hW1BrJmnUiDbtL$(5OmUXy+tm$8uQ)l
zW#4_BH>5hn-Pwgxc1y?a@_*z57@h~f=+^Z792&yykNX{v8wd~fUT-4a;Od>$E*tM#
zl;S-9+BjUC-wALKjmsI_Aom=)`>Blg2CDRWYJUcQeLUzGn!<$~u3gJLjzQ{_XE)8y
z0Lh3>y>z8iRPtM7eBPTDU0u*6T%=~pW8rwnSf<@f+ME_#g-U)q_-~1Bxe#It0Py<@
zKJfUO;G@h^$4JYLG|J!K9MJDCG%|(d=H|+5?2JzA@Z>zMnRsmG2w3*8;P?$D?Vm%f
zgq<;=PV?G2<sSxBvCy7#YI2osl(@cSHumNfMwDmLX%5$MKVNAbYtS}SA+ayw5g3U`
zBV9h%;R9M}lVJ*PBg2QvUpz>S6*uR~(&(@v`)o<%QAUuwhRw}4GXuhlf?yR|4C<>J
z6cP13S}W*M?w`M=Z$3Y^e=yc;v@gd>76=RL0#)knZ<$n)@mc*b*3;>XIKNZ%?dKVZ
zW`FjNy-?8Cx7)pJ9c`u*YHPbcXyeaZeGX~5kY{Qd$wY!d0GYY=5d$i_`%&zz>rdIv
zD1f9*-E(Rj95Iz$YN%lsG6lK^X56-uwV>J_kK^y&Z9zaw@n=F8%5x1yY*p4X$O;Aq
zK&e}Pcl72bQ(P~zc_%5vM>A6*q8477M`m$vI_zR$%O8l=_s~^akWp|`&+1o!9T%v_
z=s+5*>90|NLep&7r#CGcytr$9vE7lMJrBn|FG4|7dLq8a4tw@rZYK@E@g&$MATuO#
z{nUFP^rPh`q6!Re|58pqT=D4zr0qtuN5fH8t@w^40Cg+mz<WAm@!@xY_l5BgqigHI
zY~*v+riJQfE$m9CN5bQxp?LgKw2520yP+g59?ud;MaR0&9v9Kdn-pHVs?*tSg;b-+
zv08_VA&q)RM&Py{IhR^bH(60p%BT1-38cY8K^uFq5;wb{iPTqQ50`t=LE5U5Fs54^
zN_#!Ky1SO{UXe&`snV{2{xFD_H&;Ilj})UBbTGNB=W8}y>+9<N-ulbLH`>+<m*7J@
zDnHT@aFs+1sTXljYc?1zA*<$V5Cf4+YJ8mFS<rsD4_PNIr*-!Z6&fa)+o^k*kRpNf
zZ)Rw0&IAF603QDg=^bc*-hSF^@JgtyipGFtxU)Jk&VkGLl$qv2w$(;PD2}eh@<=wS
zzG0FuO_;p<hw%KLc$Pf_NE@z23um3c=ec>6oVxl(C`hV67+X9sjwbRzBKz<_NSOFT
zd*-+3WNa}nc6;VW9~St4Ko<#Kujnpqq=upXT>jpLbLxT#a=JT-0d?OH!QLaE%DTxk
zC6(Wqh>i5PZUaSxO!I6+WkxSb46+vBv$j_<u`z%>j_6M_<=MN2yFmUtol1g1y{6FW
z9WJSUTn0=Zn^xWDkj;ta%8`23jov6K0AKPiEUfHmeWczV!#gMv8O{`(0p(ISGV4W-
z&7Y48Ku6$d4{!5aWJBrr7Ym807lGl)%(Um11GTg1lX*~(vu(T!gZzU5U7hSW(8*%K
zkp1B#RE<YRTl;V7(NFE-#FE8+DwcA%b{dFjmFBJ6VH)4Xlq;AK$S-+DHvNw`?%=bR
zShJ<$wOuyhS5UT5a<a3Ryd;{rapQLNxari9;nQ!duEEjTjdn79Iz=(x8r@eWt#&Vk
zaeds}KYd(1go<Y~zyy;`L7@k1Eb;SGZ9fc9MiWv?+T-+0VCNW$ejQ24O8=~rVhi(C
z`G2+dUSUl|(Yk0X*Z><Mg3=VEgCa#r0HsOqAYG&riUOfSuz*Tcs`MT@k&;jY0wMwe
zQj$msi1Y*q2%!bYS<$`sIs2aT-FqMI<9*1dtTNYJbB#I282>-!7$88D#MENbo*I)j
zesNMCbtVg?)CbrujFuZ|xyA0|rm0frssLQ*9kJdQdRpu1g^1ePjmB@QjX*rJprh~J
zWip_R@6-7%ii(Q1&o!YG6dD_gwR>8+Il<!JLt&JDT+yo7<CbCIn((4N+{5H5p`a~`
zX!z}Vk3Ps?rl<Azu^*C0Qa)>!Uj+g#<oEQQG>M}DOMEO=(SI$07N^=AHVFjkV4JCl
z2}bMf9|dS52c#rX>198E<_;~wctIV^!i1w`P#9wYzSz?D#^`GjPj3J_xQ6oZkfq`3
zEaR<Dz`W2t2;gxVw2kaduCYmhm?B;Rp*Pn&gzgpd%TM~^5!ywX4$OAfC2}vEVqCJn
zV_Rj`&|)zk)eyRvz2zOU@|w(ecOF2R1+D4$ikRf(Cv`;g?;5~%hLeealX~vh!u5PX
z)~kYtQo#PM#BSu<Hcn9P<Ldn3IzYRq&Z?0wT1i}FA8)-4<a2pqjtYGZFEdsfIg;@{
zK6_8R^kFnB%PUFeK2(-kti=3Wl+6cgPTSev!vJZ0Y4XJ9snE7`s|6A)F3-x<y8M%g
zP;xim&$E6XTy3Nm;<%aBJj+MDm!5OI5v+inGFq@u9uQ8*+_eI+UA=l-DOD?!@IA1A
zT$leAB7IZ8=xJc>u}>lhu#Y$e+PcGaPB3}nba}=l{}1Wu=U7-+PO{v?RDReXhs=*N
zx~Pgcykt<Yv5|qd_jl3hWy?nZS~D|K*bBiWGyAd6;lK%ib>>_ER3*G{?ut7l>;fvZ
z?R3_7eaAPu6QCt;-D9~b8y8*8fgC0Qfvh_{AJgcsv#{i>wjLaW6wTznfHz;g#QpG!
zDo=4??o%~UW{`X+8^k-%@;TtHk)&;by4KK{#YK8&=VGg!V!<ex(_W5!NePizNxEYk
z@w)+?lMOv13r`NyD^BGA8)j$LhZ0ST?}>;o-c&hr@s}+RrOIZjsJOf~%T}J}8hV-#
zM{^MX@Bds;$3p0c6E^K+II!%cSuJGS&?DwM`>xTIz#n_B^%6thzKfCYRF&dG$^RYE
z5@W&7c<X)s1c5sR^tnk%#zy7GKpcu;$Bl(A0E_x1m|~&~aj<U{=^SNsJCUH${q-YE
zm*;lT=dLcg)+w3O87WKS)r=PPo^kJgJpqcoYju$;O?YNIpESu*D6~E6e}LHG<4%LE
zwnGJ$>R0H`Cq(I~Ei>;CvE?}imlPpiy7)eKPh5Yep|P~BwjKKe)O2G)dx0&hI-)FD
z@Jah*si7{dK90Nljo-6Om#$t-AhHauOrlu?7!g+JsgeLYzf)vb_Y-*uo@<zL(~hyt
z)C$d4Ku?bsd<hs)HLOfF_mWN&w2t7@d-^^pAu56O(0%-2h?;>WXnlSC&fc+3WifTJ
zHS=vwy^0TG7<v$Y<u`#7?y!&wbn$l$4UH2aFFxn1G87lX+b8J9P^c9G;U=S^)~6NO
znt5dLkXz9coIpnYm}b!$YXVN`$HWK|r0p@kq;|^QB>`^kv&W8wnX+IQ&kZNPf27rC
zX+lQ>gXB`21;Y)8eY-ZqZGVee_Xq|(?o*K##x|s0N&>R(w`(AxFZ+nvv<fn&3K)s&
zQKZyMlk8_EUG={)1FmpaOk+--M{51X*JkBA&vqY|497(Cjd#QXg^`}k_c9CHAOO`=
zVylN!oCDOUVPD=ocwC~*XAu)_`EuT0Z{^@V+?57^kuR{@#K{_wcdNTVx!!+cJGc|@
z8!B#KQ3FV#d8m;oR%oqUudVq5kn1_!>bA7!5;@vZe)P}p(!J+@$L3wX3lh87IN7Cs
z0ZP7=Wu4jY+4lIZHT|#U<>lMaxb&w)h*)hv@cT3?hcvFwoz`aBin9CFJ&wZ2ke(Z*
zTE&bRsJvMsDZhK-#E{qe8^As4CagN5E*`CzTb<VeFie9m8aUF&GT3pDmZ&4e#ssV~
zMVd?A&$At_jL3y<zchaB|0CRgvyPNV%|4Y&Y@+E08Bqjn-%x=UMi%MzQQOB)`0P(M
zAb4|rU?9Ez3gFm#-m$$snA2wrY?&JT=HWK{$p*#v)4|)%?`z>klc|NtvS7@0MfMET
z0SE-_8SDgXqy8#L*-*|7#hL6MxD_x(+(kh~j)#k?yMF!=&%h??{k&Huz|i7@))A@n
z-tc;}7x_-3c65wdFo5BEPNTiN(<TA0o*&Ny*cX!NoWM&=O?_3J*$fFu`r3%3t!Y**
zB@oQ^9&v7KEP8mGLJk~pLI28sai(wS>!QIHQ{uz`F!}mVr#7>8H69)wFua`B#y9)D
zU-LPP_rw|s&I8+tPXZq0=0z#by(un!|K8ihV>kSz@o3l{A=auGNay|5{nfFuEc93{
zy<n2q8w<&DyG4InI{@`7u_!&R85!}rpTqjocC@PDb1a!UaU2w|EzAKs^tl4Mc;(t#
z$7ttvBSd>H5HN2yQ4jgFNMV#gS?z6#!5$sTq5>;r)BxlpP_2_oS68!TdPn4-&gWLE
zd9${K^K1$`$X7L_4ftdHjrPU$DLM2fz?#(N$idVvh@fx80Pv=AX;Q)91o)SI{+ckT
z5XcA!RD>#&SXo_uhY`Bk(W9dOL?{Pwa9L@=%QC7ah=Q=<zEQ52^X5b_DmQQ>5)?j`
z6O$TsVZeM{Cc((4+HTWNMKSIeNW#OI6WKrK4MRJ<8|5s~zDP?+ZCqK{*BE+{{Dbhj
z9bV`-Cq;iz-wI)i2l!3<`I<l{T%WMGWvO9cLt{g(X3-y@@Msu{(!|0VQOhdAnJUN{
zsmB-p!FzWSkN@Pf7gG9h|3dT5{E>Rv^O+7uP<U!FpHtYMyFlF2Geg0lGF7IK#-Qq+
zo7Ign3OMr1pV-Ru6QFTakcq56&5Dr89zv9X+H+kFQ#_gr!&I96iQ(A@|Ad8P0p>_d
z-=fxRbV`Vw_XO4|7(3NA+^T3P5GwKbzCT-;StU<D1Yg5?%HiY}V5&VnoR4&`PtMx%
zjjhZ1^{e7*io?tBy9JTCR%64a9*B^}VZ&b`zvq_!Qx2f|tM1enuUw`o?)D}zyfQ3R
z*{NdxfrgwenAgobxBxo}RbjJjn4>pFSe$KDPypg4ZiMZ6f`QF^{8#=^>;0!U44CP!
zcjwe<oGE;-6#n|^!?Pyo;WzWc87s~_72|)}e03!%XqDMu1HCP@9YxptHay?z%R>^{
z|Dldp@RXvIOml|F*lQiXv4hr}3pk^N?`bQdlcC~1P8EyaR^Zk;M%N*O*}`oe0b4yA
zL2GI1SD4r<YX@#r(0=*9pVo_QX=uEQDz`Li+}lgv>Z)f8=~XJKch6H3VBFe}LzI-1
zJTe$EF#YKHapgwJF4^Bma=%Q=@!JncGixW09Rfz#el6g00eJJOsOfW!>imLyD2AEE
z_1mvRp!l_0;#YBp$F%{bZ_;WPT)s`x5%A@25)u=(2vl%ELc(Q@wZTbvy$jsvR95a9
zzUh&7#paT%!0_P(aH+HnE9vp(=8>Gl?}Ty_W8>d`h%c{CqRIOw$8?$*IzLU-1DyxU
z48Q`;j&8BGEhjyQlN7dv?U{Rwp^V;bkVm;>#yn&S{v2gDEAeqmo1NX**e7iISD-wa
zHgwxM6**!1bm+rrmgI|^h_G(<0umqW2|Cpg<uN@2-AnEy!w}k|L@`C73_GJ~1@zWo
zD(B-x?X=#3p6bY?l+s>et+QUr_S!^oBqLi1WHAn#UcI-sCma0bkw!9AZodDwqfiAz
z&HDKVPtn8Xr_wrLnKkOx&sY9Jf`Xd3xF&5}Oq22U<>m?Jtzy?Ux8*1k8)DUWXG9GQ
z*5^LeWSyu$Rbz>}R@PKq%|;zn#;)(ww6(#t(d#+56C9B%eJBq(OpAFsP?-)fs1Tw&
zHrA-A1*upnaY+X34MN}^q{>@f&&JR&AGRP?k}ClMm3VIDVm}?8zOcNXu{Qk0U%?PN
zg~qZph>yw01g&-9e5tnv8`#B!g@;vBZ4o)}!>5&j*O*p62G$i8ssLHjv69l0d0j=F
zCwcb{I?zDER_l;GvPHEwlKE?I>m!z{%x+)5n>VeLUB|aRvJLHI-`{>yDkx}8lDK_a
zO{x<<*&>g=yAg`Ni)}n|e(>N$SoTo{((9Xk81UaraXcjW9DVfG?g&$oZBr{`Wc0Qs
zWLPDzF))2SM|x|FWm@x3E6=;RP%JLtoKquIayzeBVx~wsDT5dgDGCgzfq{XzqZ?(w
zI%s#pncUuOyR>atmB_>1JAk#<YeH-`*o|BbJ*>1(C~62I`%*-3!IO)fdae2f&#T=d
z`_D~TqC9cT1ztm%sf#kaB$D+QMO33p;da`d^U=-F{XLv%iJsS#F=Ij^(jF&@_oke{
zHWkA0=%XFQ1MR>flD~O?c}+;s_8L?^(Ye0)&8j$%TWXjt)w*EXnd%xU)!X437S^he
zbC9KGbMGtB@b2&o+8;;_J4BYoSB6ru1{u@Ek->u;c*$)8qR(tu8DemP6zX<pEfP$E
zH&$d=B)1s><#yWi6Grot<#>5zgN3PpRHw!_X+Wgi4T0&)z>0O=`jw{~bg;}K5!O+z
zK&<>HOxEbV0re)zQFopHv_hJ=<30BpRw-Zt0b-svgqyC)aXwh{(;0I{uRw(mE9hs3
z-={Z8-IX@Pxk4T!|0?@YSg!=$Z|7AJ%l=V>cG}OMkD;sM8VPj{%je>41&@Kk)17&W
zk^U6e^G+hQIK#%YWYcC~_LKra$X=SKbL}v*9uiYRxW2{;@XI0&*CM4nrr6fUQ#Ll9
zyQN@N8XNbpH#bc%B?eImL_Rm5vez*Y-ozwh+y3En7YqR!HgTPkvp6oz1NpoUbuJj%
z=TKO$Z)h00`V(m>=g%>vB4~1niK*yne|nG8y*k%EZ0Avj>_Vi0Eb)7LLSgMd^Fum1
zI=7#nUa(2J=bAvUz)oIF*B6yi4<a@yE^c_Cf8u!d7!q2ZqWS18F3P05e5<y*ySo%P
zV1abP+wCNnsJXjWq{F4K3nCN8_vMU}aeTLLYqE<^2q?CFUL7;>5~TQ-X#+&*)}PnK
zJQ~x7yR|mL>@RI>+-B7@HOml^5FCYp`i3%A-a9@0XB?$#78W*RN4-9;HJcRaHq}yk
z{>J^sMenlJYy;nk-neU=;EM~5cYCn>9tr|krSUpuoor1h^x=^9Na)`R8xWjDrbneV
z*P4{IekL*|^*fuiTlc;XKWBW)i~HF6A~H4GWFp45p8JbQyEEdcZJ4;hyR&D<QK4@D
zvAaFme+=|m;JDlJA%s6y{0j@H<6EL$8<!E>-aHNDbX5(*o1`nX^W|Q9;HeuR&<%y#
z8pp%$)VTIZp*N?B)8$}xvF8)3Vm%x7JlSEBcQLY)93YVKdF7B7Zb?ZWOTNY$83P-U
zik#=d%YN6M1}Qze^QC_4Nd6V!knOl22m}bqLnRS3jFHYb64)3G0x2aYlb+l=$P|Jp
zyq7&lF4ui=YVa58UHCcR9O#%3y+ih~fpy81(V~)_OYmdsA6Uw*Yz3&`PgQgmND41*
z=KgIXLc5;2doE_mJG1_xOS!`@`jroTpH2K^QlCsuv;2K5XxB(IL(@|)J4Mc7=+jhG
zLMZ}x+79pgAh)3V)l^Z-|G4Vuew3T!p1jNI10_0I4>)_f^)20Bx@+`1Xt@YubdoL^
z;pW|wCZ5??x_afgUaJW@U%5H(GID0Td<p$#NP?lf^-p)`T?WMyfrnO$mF%r+vz0nW
zyAXuRzxEVwT*6$<$SoO-6Hl<XAD1$iapv5AJo*ymj<P|2b3_v>^7t`k+QUOWN%kaF
zY82~B7ht(^BOklD-GaJg<N;zXC?LR1`;Z`z;OgfW?trSZ7Q%V{7|05Kh|kQ8avQ!o
zs#9Weri9z~Y1<TGSm54hKdr&@T84%%6B5KRMMm%xQQOLCCn^)+_RJYoCB_f6r!E-x
zUDe^$05TP0dod7Xu%78#OWGh9+svv75Z;fOf`fcbQgzeHaz5sg!uBOc`#UbZ4QD&f
zw@s`}5lJU}exaN$4wY>OcEf|z>+r!fb-{Wmrd2lO+{IZHv<tq3p_esOi}uW~oyKrW
zB0or0qykV4DEv_ka3NefOH>2ss!?fa?8C{MH(bw@NLDCMFlfZtp@FhzAdpHrt;r|t
zPc;TetxCDH)2jEneTo4jo$<LAa6vf1VB5NWrCIDE|8X})Axq83slWG?)sUKm3*Pqr
z6Bba%e~j+Mt7l4pyFlTel>U92*L45B1efqdecI51>|Xp6!!z_JjcI=?J?8o=Z=jBc
zz9rXbM?m-G)t!0D^fGuLZ6!ZPC)&I&*hQB`{=Mz^P6pyXV*ySM6<nAmp{Tz)^<JBV
zzSUN*uR?6QKF{;~YG?mejMmWq;i2-cXp_L$;OWzs17HdR(q+hs{JTYwYIejr+-YKJ
zYvWlZ<uP8-GkuT?<ZI5II&mg)rdz_G8egTF;f=I2dy-=iM0=5N!ME}8I4I7l==*k>
zLZ>UVjD@B6JiFXdB(cg6-2{ak94V=u@^jBMk}Y0BwTocx%Sh!y{tk{3GlLBDJpqT{
zBslR42$&aNP>=ycDMXxMIgVSzQH7N`h4=4}n7jwL){=}Tt|KU&k_^x;vl*YJy{@Z)
zoy^}c)u#hipghl)yf=cpUqsbu#E!gQV?0dZ{x_U%U()bw<vMQQoW-;*76mAAT(vmU
z_vLt<>#fc^bwIkOP->@f<>SUCLvjpk!623c8o}d=U6GN6EU7B=ef^3Z`h4sV)8d*A
z*Uc#vu|%1cuD+PstTWOZ9#Z!=%7|fbbasaHr$hJWYJ0|;{cVd#GPy8CvJ5<R+!=+5
z)X5;@Y<(m*>&*oP1*?3m+k;kVqo&^{%5M<UukRkC6UmMDc57NotFxes@QbfGIeG?H
z;hNq`T`)opJX5&!0h|Bo5B<3in|tf8!-9f;3u$U>tc1aqUIf?KFN$VKZau8DKuhIH
zWqSWn8gq{u*pIy~9h~U}FpE=ZyHT=!-;50tDC<f2`A<D2P}Yc61p`FOk*U%S{am*H
zR9Nj=>*iHVEICtWWtoo?tLU>xjHwk{r^qHZ?!KI1Q(Sw_dpqd-W{(*EkC8$7;zipK
zkzBvivq*sQ!uf8eDIagLO{<?i)UU_0P7168Z>A3gi(kexBR89??XHP43~EHWi#xDI
zin9d{%!M5GwC3yymzS@!MexF>4jlVtq$Y%#t%GJ3`<oWOn~F0C-0uBhUF^KHfxrbO
z@#d<1(h_6Kqh{REy?b}f%g5NaZthk9BWDnNDtk8ycLA1GH+p-2b|(jlZDb+D%fQTj
z#>JQ}W4Bon+n{p(e>6^PEx++9)y=wwz<vFqQf^Y7613m*219)v)-+c$#5{$_4_2VA
z%$kzQ#L&Uy(cg5nn0jhyZ|^v<c9JRn$WnSbAa-yQYHv?of3>sR&>9Lo>N49$JAbmF
zU|B0Go^h1S&CO{hp9X;v>{KF}&c1yD9$`vOBUrV5GgBf%trEtI_iT<zLX;{!C$<-e
z(T&Z%VL8Sch9h&bO(kCG3Td^Sl{W@+)p9?6bP1JN2BY`?Y;w$u=9E`8e7VK7I+a*t
z8+K^zvnZkul)jk&haGI+W0cR!nU;+wPIRBs@@uwk8_0Cbx(+6Y({8VSW?^hx(VtQ8
zwp_#9J22o^POKQw8#!omHr@5vZC;dPvVBfp4BV9=?S)CofkVjYNI_A*^W8cg!;hmE
z`wb8G-`S9SRx!809n0xR;ub#M2pP~LUO)RvPflYtCvem`<JI1{wENG`i=iRUD}mi;
zppx@#A```qmOhn-OtL)XkR}ShN|637ZNSjnBC~J`%E<J{I;A^Bw6VU6iW=U19&b6n
z;@3RT{Hzc@`0T>#M1>$rWlh{z&6s=oddCQ1h@z51j=L5XheSh(eq*bC#4tUDqxY80
zw_6WeyYGx};G5lg{c{AWd^d<F4-4W~A_Cio(5cu0$1jg)bq<32Wc`=)Q9<l-`f`42
zHE~_t-H@Z{d&w!|DhWyN-{*F7wCdS=auWUGOG@~`M?X(sTk)Q_`CEvQdc^|=b|SvK
zIBeH1K{94Hy<FXGa+f+%g%6e|oLhk8%!x<a7FTt<5mBoOwm@>li}Du~4pd^NNJDP|
z<xi_;n>o8<6BnJ!!ob~UUPDev;M&?Am!D{ii@OPo$0NWP-Xhj{;r|Y-F9t&`TOTK?
z#rqOH*q;w2a~#u15N((fth7RY9rqfMRW>kaeN)eHzq$>1*qzx{vHIe~elwW5_cenQ
z5PHhHy`zgTd3ayQL37wK)n;kOc>_9lnzNyA9Pm?2cc%CnB8)V8dwL886;2rI>$|Ya
z_4RFL+LO@u%0qh+?2AaI<}huh=SL%Iwi!ErXo)Eh4a`2-QktMygPa$2foUA4-Po1Q
zbjE~lq@s}$L$xbdDUyz<VQr$sFeH;LhhDKgV3TrxLheX|m!{eT8to|Ve%$AruJ3@v
z%fRcA*82J-t|KtA`F3B=wA%`}-khQiT`q};P6-kr%F2wG*}}X$c2<V^D<?OZY&HVh
z(7`*ddr>BY;l=`<Qdf(z!J4DBw6Us6B-(vXb9F3np1hx#c|*j!NgExv#;u{LtNDlD
zXMUc=a-w<1VHqPmwQYfmNvo}UHgp+E@=N0BzE?j_M?s3wH=Cq^uK{8@Gcz(Kx3%oP
zxS0mG`*wTK;Dgih4t3~Ndb!a^K)p{rtf6;@(QRqW$g8G?p1fAE+C+Hmlu$Ug>tYSg
zZJauQ3V};L@XN_rz8aL*1K#%WXWX^Oyp|SuAW4AhHsI!qP!^|s`mBkE_M-*CW<tWi
zz;G7p0wu_&Nv$zjo^*ps3yX_#^@raph@@<~Jv!{*E(SNfi=O_&+)5S4#m1TdHH<3`
z>!%LCd07v}WIXZc{-R>pUax(}HW=qOKR35qNe{fonPeE2ebknC{xJn?$y;XYBo6e;
zVX?|OUBMnM+UoAB)K}2JCPRn}@8iJNHX}XK;a7#NR*;i>i&+p4($7XMUS3}85#pY6
zb256HASAKYNDZh2{0$3y6Nlp}#qw#_G`N{eAgx|T$kur|dyuAPkG?OBIp?gQsGEcL
z4zTlV3B1es^pUP>Ep*thJGK;*ho$Aj>GL;y<#3<uPDlcEoy&0*KEXh!q7wPc7VA)Y
zm>=^Q7Sd6xwFg^wsX@N|@TgXtR>5h>1fbfndFMb|%kWHHO%*$Mczmkft8LJmk5RUL
z{Ag2bC%X-BZCru140{B~?Py!o^?3vJTDYqPYDur&S%TEM(=Ld=r?0~%?M<AwS{T;V
zAdC=Q>JR_i+fFe9V2O^7n~*l6VxWR{s__P78U>9+q5%&Wy7IoXR57IVuvyxrlMt~F
z+4fzXK-$RFSBzdq=mNNW8wm8d{f^sG9+>N8EFk+)S~p;+46ig2^fh*-e99#|fuccs
zTbl}fO$wWP{nFFHnVeF;#UaC-op-jj5-&i2M$`8@Q}_4#;_F=2ghebR)Jt{PEO9OC
zzaapc0Zk^czSZDt^AItzPltQ9QI6Gb#<EG)p`xRsPgvy7|HxCu`n?jYl41J>nZAi`
zL}mdCmrQM#>9l=ta7DBQ!Uk;Z+x|>smm>X;=Jh;W&=0G&p*Th(^^{aU>$3Ugf1R4o
z%ypjq+8<>9yV<7CZ{@vfrI%Yeyqlpu!TyYA&aCb*dI#*z4gtK@eU1ssSEshj)YO`o
zfqXO5xlE_Bs@`yf4m(qhH#)0wz~+wC+tqP~9i&OQ|C}?u&D+JQ@8j*wd<Hl6(mM6U
zS>s$pXi)T3tY7!}G|vZ=A9?QeWAB0Obut=0iwF5%RCdU~ei*<rs|kU`!9}3jPc)TO
zm1w4sGiTc@%5<?SHGbPX?8}+O+FW2RH;PRBCXAP>6SgNj%hr#UMJxf7#mlfjP2f$a
zo^4gr@5^}a5hV8L=<u|}!gesYm-qI4XLY%N_4nO@UfT|<NEAR&5sM3pdt0{qGbEuC
zV*LE09{zDAh6Sc>*+b@xMiVZ(bY?D_3zep6NlB6Wv-PFPZcHH1`#JmkN1$Zsy&U{_
zW->64U2Kw?L*JLD8^Nc8@Uiufp5b`~1Zzky7bJLXlFp`2{(uxL5jJV>d2jIQl`C%j
z<Ir?zSl;&PgjlU_XyMY53*+@5_`=~{IRR5{HXpq2J)FxVIkQ(>aR``VSpk32Y*O8N
z{FWsd>lW{JIbQR45cX^EjM+BQpK+bC!>ONf9xSo3dZE%DP}d`HYMD*<`O%chiHh0f
zWs%XHpHno~^x^zoj?~>~v4d#91fQ-g7E+iRgY1sp6I&Y5u-!*jDZkN%P$o!WTlW>8
z{v2yM#9psF1m=Wwz%sv1&fSqpEBw#Lhr4*^0ZEO-L<ygLe_8l+PjYLq7&zE>WHF~<
zM?V|9ax*>;?O0<Kq|9{rH#$W?3^PAAbmH`deSu{Fs5mN0oz`y)>()#-lG^~Y%O<TN
ztpKzw4t#XQ1OF@Y*YelvYLI~(>d8?lpuf2{;pUC=ru5M(CyjTnGBH)QIqUfZFZ>}>
zTPusdqJQl)#l-kxVq=lpe6Y<|>S^j6O@reDeSJoN9;@@9oR9b3qoZT<CCCI(`ct7(
zpK5t!vMX1nDx<H8T3D0@2aQyDTt7URbx>88!|9@T{|u!ccH1f-#%60)w0(W+p4t<Q
z?`QrbH;#l-LI*>v;AM!z?!?y7ZsvnOx!?1Y#{k0*f-iuom4{cI0J?kp?!sYma%&`a
z>w2$K?edOom~r&g0dqUWgWY?0C`p;wCb&INxpEayUIKi4-38j43j@x)u#e*Xko!=m
zdSjaJn;f}O55@PvDXD<{Q5$yH?(wv!9MP<*sGGL1(-c9U+OW!rDXN|RBbCwL^oFNW
zFst#W?Os{yb~4gEVw0262}sHhQYyKmKZCh2t!?O>N|tRqAjsjLjj$iHmfMwBT%Vw$
zX9><E4WY{?YWSvMibWl=J8SqwDJ$}BSg0U$@DBl}H=0AufCCgS@n^sN8Wu3&t!I$)
z!Oo`{<=fRY-n`)3@|nol+A|C5;~ap%x;>=bR`B(%z)wI5r5iDCDdiveONlQ85ICjX
z9uZ&L%69pOsmqRU#pFYFr>+zHC+}j9;*H?Tz2#Kqb+Ware;ulg(ta;wZ3^A(0b6(F
zBX0Ig?^oUfEJ2Tl`F{pYO?~yus;i+}xRqtMAD<gJmb3h+mZZ?#(rIEZU{AY{rb12Q
zXO|38AqSh(4fC)S^uRN7E2|2{g@e`Fm6?`p+RZ;s>^!DKs73^>MWi0uBxbK!r8rHX
zR*&HUWBlYo`<t9IP$vE8kgc}W{UzAi^kU4dXYl1)h^`V-u^8Ax=Ny?Y<5b55VPGzl
zgd@DL68)8Ce>TOyuNJW$6L{>bJf(s=EH(Z^VKE2nhX-u!rD}4MGiydae5~!T&`D>c
z!k%XG43e!v_g3hg#asZbBs=Z+?z$Om>f8;DLv2$R7ss%jp{w-g&LO>WHutbFYsK-(
z;-;3xuiyngg&)plG(V8=P$^=5D%cZ)F|+nu9Xy&9V`LB0C?edSo;Uw-;`Dhppt7`0
zpH7-AempKZdgPBPEQlc@`9>n$;npEb)7J0JO8c&^t{}S(Az<F}=wyhSr>%}#P~sIf
zDvmb)z=U>7<-zMem^`(9v}_M=0>ntMWtwTF1%ZN4tadsrrDG&L<z0;1f4MQPHLRW!
zV&@_4nUt^U;~W@@+8TO8!bzIN*KPaw_>j%%l;i()`0GX6M+pO*&#Ts&DSq|#q4BGg
zfFd;xSluxS!xp95-s(9t{}B<Ly4$1zw4J)}ecv2Vep=oPdWQ?;dP%9N#X1@Ff{JZQ
z{pm%e2Aax3zmfxgFE38sesFFp+v{+LH~!+@=bv(0pMOT>kXq(Z!Q`paIgcrHbP+*r
zlk`FBN6kDkFSlY!ZHa)x2U%?*yJ01CPMqHIC*~bI{ZkM4_0j5hz{}=cZdcF#p~}Kg
z>$ISw=anbfx9GOo#Awm*ta`kzM?ZCd9gj^A5fsEOJKO5dplLdapr!=){y)NxIJyrQ
zFF=!rKaVNn&=UsO?IZz3O3Q5_2tt+v8gm<V^x{-@Knt|R1|3BB(VB&WXpfB6inYvb
zSUKkItQd)AYQCVx07$-kTrBKJ(Jg1pl*Rhaq^zISw1RAv7iWA8^?Me=05>^@Tzi7v
zPPpanw-%Nema%~*%c`lXmn&2JY;1ABN}VOYd!wE=nASIaySH8<`i~#ap-B4&&T0Ai
zH{<PJ2#P*ufa++tE=heDDjYl<d}|3<JwB1v73v(py`)c8&G@Ru&8sDY&-s=&__CpL
zW@*7GKeY}}-JG_FL8SC#nK}pT>!NH4O@wCq{e64i+a*`YU35gC%K_7tEVITFN;$le
z76$j4sP;)cmF<0XhK9e{z2X?P_=RX&EDO_YnidEAsq(w^@!$$d%r(C_WL9Egf%Uu-
zkv!jc7C``hg12s2ce9UJva(k4Xi#=YH~;`76Th3=C_^1dV+A|!jv<R{vV&(F(ObPR
z=+Sx}pfTSVju;}nNDBQKZA!M<M+08FDK9t2gMF5nae@j!P2H*%6=0<?^!83T2h1<O
zL$%Pod7MR!Z{QEoS)hkE&L0<ixe#+tw-%KuY;CYi1bo&)#_Lj;CGe}F++2Omkb^XZ
z-QC*v$o7oP%uGR@<1{StH2~f{80jRN|0o@~xt$FhN$_3&^#FsgogRm6%}|ubuX0^p
zXApdO^X}aTjBGrXl$<crL#>q8ziHPxViA^{gxim?73S9ow?PjcD5>f*Tn|b?W&tt}
z07q(bU|<6E9^8jUdRwQo(kGudy-h4Gz4s8$z{P*<cXTd4zwl^OayhR?+h96-_0CBU
zh(9qSqde6%*r*doWZrKfVPb{eWkbXM7i_NO;D8M+t#5s%<V=(vUuY@tW8I+L`V0!V
z!Bdp=5q;?sZ?7?I`~{r<UxSe07kK4T-!z>?p8F55n18(bA+P1a8vs8(Mf?k_g>y!j
z6OFxHQlF-C@LIk~$@A1zx%KaiSR{96(hA*};A2Hg)att^w~tjNUyNCyM6J6}Wqilm
zhyNf^P5>E_)}#vc*gSj0JCX8e;j#u?JGCaV8<VZx!d~X^;xpoopsiW|I$rc2cDnoY
zT1{F4Lyyx>2WiGJhh7P74LHNdG?L@`iz$ilTj$}^Wu13(*}^hZ|2-gwfi<!s+c1Nn
zhksQ@vLAFWm#V*@;Nvm>uxMr{q3rbN=Ud+Tg7yCZ+0Um7B#yC(v*VK^9eRhN3E+VJ
z3*G~|n6i_tnvu9qE7p<@`{r8z&{vQGtM^vUxUp0=j-N6;9OK-SwAF%L)F90Z3R=Xu
zZd#8|FU|H&i3B{yu3NGkLq@XSe_vTxcv2ErTmhW<As!$<KwL{~(wZOUcGrRneZClV
zIu3^R`GVaVa?VQlrH~ASVMU5kBmVfK9KFg%Wb&td;utT$t%^*bgaibP0CMOu4Sl`%
zLDm74Ol#wd5RqSGHBQ1huK7ScJ9xmu3!N#Ix~8-9E=7<<s$Xzm)H3B=c~B^3uPrBM
zsIBBY0O`NyAukPK_WLgby}2j=^u{2b!<tv7jiPq4^I63^!Bp;64%h*EYR=}1(HTU`
zpc>~_a<Z%Pr*SQ%%I9+aYeU2HfV3*>%B8)hA?<I68VsT$GyQ6KT$le~#v6U~-dY+n
zYQ8FyhW7`KljHk+j|8G!;RcP0Qi0Uj)vy-_0_D>BQUy*&*Lqx6@p4IM1r10qhkh+s
zY}>?^wV9jMkF?lgZLfkkTf#fDR?&U}18gzU7=B3?jr1m4L>>Sp$*;Ggz(avSKnCeb
zdyQ4msDrxLbC+uiKl%2VrPElgHD!Oa^(^?xsqxxtE}<`Q*ZHS??$VJsE+3OD)Lp?@
zTFW{{Hn9Rjp!7r7y49ks|A=q2{|p<A#5!9tg?LvOE~o*}2BUc%kron=vckgG`qF@r
z0V=6Gak>WSIN?`m)y(}nl6+ZTi)5>OEZICn*?n;Ud}$|@20VbuUTP%J{{6oJ{Qp1T
z4F3Nn{wII(zm3I3b|&U|zt2g=hE_K<YE;JnikL@06TZWyU0PCDC_8b6_IXO^Vs@rs
z)0)|E*Io%7opgECTI$Dgbt+hm%*0eNJD<!>o!calaV=d5sTUyu{m6k=e#+u2Q-guc
zU*DD)ZRq`7VIMq6xsu|^s-Ss4K0~U<DM-;ddBY+W(Uj$$Tqd?2bi#4d++=-?d+*xs
z>(*6f$eWR|A3A7H5AS3;+&-O%bl($9Rfb1JMd8n_PQdgpD3Wv1J!rxS$~Ao_DlDuY
zW|s&3OnGlbI|M3YvG)O1f&W#uhF)B$8Drr6(iM0^43)~S*v7RKOY;>$qYB69Mho}f
z1s$|og5y}OTp?t?`Fa{{Ksy&c&X)^FxnDDW_Ho#QywraJYiy%*EZNbCb^!<z`~N7#
z50w&mBp+2F&gxAsKA)7(0T8eY3WsVy$PRtbEYO6$<;OfvP}!F=&=VK!^0hSOQ{x5f
z$4^k++(hYSJwei@6f%-TN<S4SDV)X;I7*JaS@C<Fm9{h-?FUo4KPQo{5&t*dpTFY{
zfYyBIKcv`j*-3mN<)1+*WuM++sQkce+@H`fEMlvey4m2G=nmiUF=a(yj1SVs1Wjyz
zkx%t5)Rz5foj%6+S2v!|*~|#u)7Jzs>M^6mq#D~&<31Vtan-yObUXD|2TJDpN@Qw%
ztk#Os)im-A@=}#v&Rses;t;Kq<a#IG`Tjla<`ud(#w}jaQT~<28*rF$$dfmgkD;eb
z9tsM+;cf+9uf%C>rcU@H7EHL&RkwD%$%)$~3Oi_Ul;Bm7E7*7*46acYR1Tr7BFZ6W
zY4l-<TJ}tx=K`pU-A4vobm{Az)!sv5=sY5u)qp!W+#-m|cCO^09Jnyt?Kf|xA6SbV
z$F6ZdRtaurgtk{N^TgFw42U>8GmnVhx^vL?_qt!`#X6gvnLNm4Hx=|+r-`%=h@08u
zuSQlv@>9RNPToy@QwJ`QdERYRwNxk}#?8DQPoo@xx=v|cKq+@<yzCo0H1e(MPve~u
zAD(2}vdF@7)Lk>0kUdx&x4)W|)a#B$>T45QfssOPFRQ9@{iXZP+#H-5`IyrE8ZL0A
zv1TXR#`t8^--g{B%#7VA`qIa_e+Q6GSbn<v{@?ZDxV+3r0aa<2OHE(73iGemt?$Z%
zj{a)vi#+phcG7FECx}ShHD-MHcI+vWqcl&C!$+~>|6WD%`Rj{Lq)K!q3H;*9iy2!Q
zc4|!D{Y>}eS?$Q}n@|25=gQ@h33l{N%aiYRemP~ltNhP;_`euS`XV>_qCp{7FW&!a
zjJ)i%d46fsFholK(m&(m|G=^Sw}*iK7j8IT84ntb$;LOie13Q6>z-pni>qQT$GQw;
zHl}Y7N#iZh;F1g$@%~{$q{9><p)fWBRpLBtq&&d|Xlkh@l=hFk(DX+M-shso-*+-z
z8j?O5S-O39T}~*BUs(BZ!nUGvlx#aWssmuenhB!8_V1h!3Kx_7j?ILJv$Yejr3LR0
zdOwz5o$k3aX{Nq5R2ePGMvDspOvb9FZBrd8)RaG+)sRf+vOwsBSXsTb1n`iKo`%hd
zQv2Ef2sMXsEWOp2WQUvJua4_&P47}O3sbUxwd+FMU*hkC+5I}hlr_xNvl{LiB(y+&
z;u<);*lV_eE;L`uc52iaSzT&hIrzM0)|Vx|bP~Ne&BDxS`+P}LTl>c%XIrW3y|59-
z0#DNi4<0bqT?Fi;kRqNhG)AL|Ji3*8()fmXLIOc6A+zn=9V`FI!E0+2Pu`f%VQKoU
z_B~oU^SzYH{zcZ>t)zavwD6O=KIUCQ_w_Egooou4>tdsBDSLLKNIy$~n5oLKTI%r2
z2(2U_Mo9ToPT{4+?9$gKyA@mc7*`NUr+UUw_Rjq2K=zr7Qfsp4<nC(G{#gu{s0GD4
zTKUJ#T)(#i<BJMT`1PSzZWl^q2cttVW?wxYMdB$kUbt%p(Bp0z9?8av26_s9IY_T`
z_*XEsCYytrVA&X<m9h-P;}KBJ9HS%gQ^f%NqNgW+?*%PffopjsJGNrg`pr2^q3`20
z59ML<uT<j0pW>r{wQ)YhbB{pz?~yve+#a9TPd@{Jn5H#U9vJ^mE%WS6+P!G6*L%NK
zQ%(48t0mmZJTJQ{AOFl^3VlJLG$jqaHJ(AjsW1Whqhoy8+UN>EswX6wIpB<@J?jP-
zNf;jE{^M?Rk-KW|ZNSZ?ur~XOLquy@KG1u1KeW2PqUPcSMJ;f!AHac|$|hwM6!n?9
zO>T<0_S7VE%#*J9p!dnEm7H*G+!udE)59+(t?xfAiOiIGlqKurwv#Ok(3FoZ$jj==
z$TTXDCQ#5O(WWOK<5qp@#*zI$T0>9Qxh#8!QV$3BJ$of`a8@BR&$=Z&#FLQzIafu^
ztKNBq<_6NI-q?l!{l7UaQjDrY6^r%`n{E0nr_qm>>DK9NR2#63HogcmM<F_bL|0Sc
ziE>i<#S3Qz1*;)rD0j4?+@~Qo#^3qSt_>Y%2*m;EX{<-7iLQI5g|ayawC`d$p?>GM
z+esPwZvt4q2X=W!&_3`R6WgqhF6cc1y(~q0r^t*=TGt>0yDUqLG1~fak7;W%8qu7k
zNSeHdDYb{6V!Uqy><S-|&S@(TA`>hYGvGyK69!q(_P2Sm!MpP|uV%CAr*bK4tzE0!
z8*tZB!el9$HW4>jgt2?6Rs|KIl*&#2>9B$|^yck)$nbD_iPqxzrn#3s<e@@@Z=c6b
z=@*Wl;XoLdKBbW7ONp}4;@qQI*f^I)daHYmE-B@vM$=)PY1j!jZ?sEjD8#?0coZr(
zRbyw(s8II7`<&(hDla(br9x|7Iic(RX*ns)7z3w~`;0`)&+bCFlEag?UMH6^wdF{(
z8`)x><tm41XdlafH+^yN&MK~noMEhQfv~&QM9sFu0N)Qs1gOMOl0tRI@*3WJ90`es
zDu`BPD+DY$#uIP1?q{yGIma+d&__qr`Qg<nt?M6b4?i2LRW}3wAvIS(rh-=KV$nn=
zVmh$cEv2SWM}{4RD%0R%jlZm7gMYseYy)D!xc=Z3c<|{-zDB04s1;}kDbO<tC@Jn<
z!{e3j9vRlw7H@gKzgKklPi5n{t!$%Vh<nl?g%cxhljybP8DZ2c;4xvFi<$6AHghmb
z>VM+Osv-e=V%MCpuj4kTr~P)g`a0j;waC~E$@S40w~0nX5Lr%Vc@+q}MG|>s9xiRp
za*)m6*j-DPnw2hc^fjY+c9$#f9LZ7>AQhWBBZko7@YyUy<z^{1sVxQwmFNXCbPF;g
zD};Rt;#5@WAKw~PPi!5|fensS`h)p3WXpU`12jPsPq$BfYD~)ma2!~*Q>@A2P>-W5
z?8G1{WuVb*uFDNmvuD=^0O(xejKr~@<6)E?5A621b>MjG^hRjMokGjg!Bo0KymO&Y
zUe&CS-#h#$lvJTldP5y%75i>Bc$zx;a}c|`dMtFiLtBW8)F*=dT)aTo?WPX74)&WZ
zR>PKvd(9U%`A&9RKPLIIuu!57#X>g|*yp1bW86Ftim4@)dJfiHy~+&PBKtq40M6%r
z#cZX&!th?I4H1PR)Y*oaVQm&aeLU*sgm|>=!}KiCxzQ=YBgwe9=jDjpTqWtaMl<Ds
zMwKq!xS6|%wyg^2(Y)F8aJ&)hd9zbjndJV?tyvzK<C`TyqGh{p08<b-04zzyh&un;
zhA*R(TK|SDf4m~1ey1m)O16D3dfhqfXGy76&Ex>=&!TSVe*Mm(eltq@nPo6^>2<_-
zi}ZBm_e##HVR*&CpVZ@*UWKzgh>FgHcw_W588ox11_PSB87q1i6GCjLec#7y;s+1<
z16!1x<RH!VG|r@|x;5Cz8tE}>RlL%(LEW%eIJ}@(ivptkFY5zHVXj}}-W6xW64jJs
z_70CO-|U}8m9FTIIcQXk7kw3g`|f(!0X0;dJ;^~izn_w<ON#xWep12{>BLLAeMw#{
z7d1Ze2)uNkuI@Vr0XMOmi0qV@A*!1EmP^jBPV`9Vutsuc80<~^2%Dn}fslsUx`D?U
zhDrSZh98u0Lm5ilcYY8-9<4M|udc4f9-*Mjwuv8RLLZ$63`Vr!<)@?7=9x(9WRebt
zV^q}YzR&70cHF>5-`<3-j(>(Qz>~a0qGy%z1T${Q!DWK=SUkYSjnOa8JWz_|0+`$S
z<8DsPQp`!`wG9td@cuXv+07WEQ3(+fDN8c6sTm~$1f}X}6ibPsixVm|k`Bf`J@=Vs
zI|Z!5*~Ga=30v*ZDcBe%C-Fek*EsqlFD@E;B;U=CDoB?*LC98CP4-ldP71<q!@&%*
zs;er%GdEd8vF}GtX(m`W*BLiUv0Bu6Dkl@=Tt9E@Z@rSf!oHg6I^bC^BrUD?rluAn
zAws@mx#GDvV2$<j^?kzGU(=J$1JEyKBIE4rqf$Vy@OV4an@6L}c5p|#*^xoH$>UKI
zM|z8HLQ)nfWKs}*?%wLvD>AU5wWco&`Wfpz@mv768G$T}vb(kq=*luHvq4Ymt-Wq9
zi<zw*>S5`oSfiRizg)SalNfYOhAVffxA&+2uiPljoPyYQ@BFSe5w+|LswIyZg@k10
zmsP)E0fGr{<9a@58>J)N+NKqW{)^_g^Q8HMh{N91Myy}w>yMiCo#eEUtBgWN94A$7
zw)U&Publ8-vQF&@2PpUAU{XtI2QghjcSvhcF%Mg5VbOgA#hYN=n@F(Tv;o$;h9hBn
z;N4hJ=bXMm?F&=E5GCBo_-ZCQsWtd`Gw>mDV}K7qFU>hT?<Gv8IPX$LYEq&!N+7kj
zwJch}-DSnD-W9(?D*V&+ag+^maOSa{2EQJK3Cq+e6O}s(_)7~_!JG!Vahsg=!D|f~
zwQyLa8sqf<5!hJQqU*+_Ep!?97aQYM;k`N`mvfqYRa*@G>@iY4e!r)%2fMvgE@q?_
zL?18Sy|tFNm=pF0N*w*b1D2kVBu@5A#~5~RugX__xS>cq+=<x;0%Uencb-o@=($Cg
zkIBlQ5cZG90LijGi*Tj^;y*8d@cmfT|DJ<$O@{AV@?i#Hvfz5~jnu*(pPk1Ot{PBZ
z@6<>R$Eh0_4V}bgYt^~mtfOa)tPJyo5Ud69Q=ukz@5a^F13J?J>44hiyk7z(O1bQ0
zhq?_n<N=X!bx!@sg)1vJ#`16E`SjG75d4gtHHK#|OqY+r4l2RHJG3Beww<{)Xs-sJ
zsTPGZ=(kL4%kPK07z9H0?%jO|_6mAqAvj$&6i(o~P57gwzBHP6`r91_M~6bluBsUk
ze}Qi~<+^&g4$&8g2#0JVrU?Zawys~r+K51g6@tGNr?uZkpxY#WSJNQVV9R5XRbc5;
zPnkF+$EV&az(0f#t^KpVNr>s+ADn0BY1B*ETC1pR3VUyFJpRc>XH>kX3NGAh=xr5q
z3hJIKD)KuN+vwz6mEzTJQoIoN`CwW|ZaE{cS<-8S8>tsP(vx*vP^5Ig?x0R-_ZARz
z=Gt~pB?{IX#R2w-E;~ChiY+qlRF4J$>g$idh3w1@HhFJdOHNWS+y7I}1l`zEcDxp8
zfpURkw5Xp_l0V!?<egt+X`q{Y(l{3dTkg~26O@uNy?b}4X(Q5r_VaWEu=%ZV*mUi-
zSc7j}*ulQNq-W;M&O5%#5uLQ3JVBJ7|HlPIUHYJmV}KLy+MwmN;7`B3E3mxQ91$$B
zmamP8u5Q#x*_ur1m)%)17J9TjP=c6ZC07!)jrQH9L;+Lf3k2;S+N7D-?Q5o;#NGKm
za@(yU51r}pT|{{3Po)fyC%qL%d~u6iIpo&pS_PUQz2pww`dMqy=oahkvpG4C0WU>U
zwuvOz)unV8KCe$5?+*AH7O1C4z~Dpo_W3AOcwLJG2%eX!S{P!($QA)M4IM4&6}xKv
z%b7K840cp-9=}h!|8e4Na~$&(mjPQJOr9l7Cre>Ow$<<OHj?DmGDTg#SI<4*=<V%I
zUS^ptQ?5TsZ*y@ingATrn}gLJi4{E`&PA`XDLUF0Rl%sRiHg;G&C&@x%&8v<)Gvzr
zp_s7b2I1EhPo<Gz{@J1dj@2BLAas=Gjm2|Oc)l#FCJ}W$g}r#GwVwKH9}&p(LF^mf
z4kjPTjd~Ak<K)X<x)x_&r+>)APKj7wv#E_N{j9K`%|a<d#NgjEH1GIKRo%_MhSfJA
z6EK*whjEx}uz7m@GmXzUsQa`oyIkD}kbwyKWW%ujhXs>`lvf!L^FthLTcisiH9-kW
z9~HnRR#y2K2-ejfJLTrd3xrc>v%)poq|=MqzDQx#Yy6cbDlWREvK8+>&baE?TeXFh
zQkHEp30;*n&ebu0QF)0oZaeIbVFI^uB#*L`2Ao?X**1#r%J;tj&MNf3?M<+yw=5#i
zw@fLGg_tr=?tJ(MPH^XTFdai$g`PB~?wob=FmZ@f6#{&IP_ElIiT3uszYyOUdX8fl
zGnTs=S7~S5vJt`yumIABcat>A2=rfp*vu!}=u`hjS^v*t{}r754_tiE#iG62;e3L5
z=H6d$?Z58*cU`UpD;zwkqx5!ts-ULhc5b@e2n}O5PF{92R|#&<OZPg{@v?qrYQlN$
zk$TEm4jWC{S^A9SU9XK+kvxwx58*3lF^VvV`EL+&t_3sc@g>4-E|mb1f%#ul!I-K0
z@j$)~ETVz^4D(_z=Zo1O1Cf8Q$z|s=)s60{H-1*-lYJfzalO_b+LsZO`Gg;@Z;UWL
zF4XdurQs@R(RrCz?;?J$341fr)od!ihok$}^Orm)S^mOZn2t+o3>uM|=iSW)a!8R4
zswDz4uvW|QU_t=(Ec}dd(Q&u+Vc{Ho02ul<C;J^&ZHqdoepJTVn?ViaXNzD<lBW91
zBhtA`-S?Oatl~;U%(?C>I(rZeDm)ZvG3jnf=A=^lzz;QIgvdWvLyIyMr=B)=ofOw@
z_C5;G3XE<|AO_oPv*xlezqpeyG9GN5{Oy?>VRD12_s-cQa!@k<2H(oOLP;bZM;AA%
zX3X9u0yL_0|BhDMX<!4xME!(gZ<4Dtvx%b4bMSysmQ;5{UGkZ@4k(P@znw);ra?Kf
z|2?-dy#IEOeiDzf68Mi{nYrQPrg`)#y#KJlr{9co9?h|R*tAOsJukd|nnXsK)Zk72
z5=%;w{D*5!n&LXi_oW<u>ZH~5)n(LV_^I+q8R4Zunelar09KVGB4q$?=W2WA^wDpO
z{(Nb`v=g(JZPfwP$2i0#!#%Q6B6D0*IU|pM<UIp!%ILV;+{sZwpx8gy@3td1CP};W
z3-C5X8RaqnS%fe1-)h#*nP$JF%b=X#F3zYd)%o74qja`$w&s~&TBJ_{>BHM_i}5%B
z5gfu8(nOz2IYD6Lj>EU4ehCM$EQ#(<S~Y3nI?7Vb0<7>A@yUI;Om_A{><{mgmvBlB
zYzaD2tl~Tw+?~(Zu|i`vc{1}COoEjp8DVG|5c$@9ja#x;!uaV&aSth0Kch%HO#}D}
zTp$DTc7|gAb0g$+UENNdyFl8oDC*I&Oyzm)D<;(!w{vBWs)6~TRJh4d3ZKJfxCw=-
zVOB4{ZmfAi_*t74$^7(eF_OHf5Mp=#OX@EG{<s*J$!!uj+c;X2E7+NYC%o(Y@WlzB
z-=0_mas6hOQM5OF+G2QJ+W6HevI)Y|ni%kTFy+(?tFa~Mo{X7n?)aQnej$M&^`sdf
zmbWa&Sd5(Yp~C9+{Jry#?0T<|c|NR4|EIvfd%dxLl3gFcZ-PIXE)HH<I;mlT0}?w)
zLdF|9C=s2(ERo=UZ#|IfRvGUaD&}XN{Z-YtUxHyixlaf#8J}Fw#kBwIgdSeD-l+2w
znOEbwv<GIux)~r{{pN+vA<RRT(Etgn^r<ndT@oL6H|_g}m(pbm#z#ocX?PKvR0-ms
zB}Bxc=HZ)~@{8J#kAva8E6u<-m&lxC=hA<1aGX!z?i3p~xbU@+KtN~u;cw|Dz*&%6
zZTf&pY3y}PZw4aRu%pyi`4~ppmUQ_YZ9!AIPfrp~%v=dr^IaUkb9-vczrLUQcXfIx
zQspa<cB^#9xa_GCFNStZi7a#QeLnd4k502t^cM#mTI))W*RSiBZ*zGC#54kCBq)5{
zbZ_O#GSiR9meZK8hO`JS&`r?T!g_@KzjnFU)s%S0{x-LcS*T$Csu=wGLKW@SXRmLT
z8>hORD@hLSyjBiiXrNz@O!u^X3L_^89{v%>kZ|XB;++k8fUyiv;-kKP@3vS&iav4t
zrs1@p5}gjNT+;;{2>Hv5)*7heOkmONi2v9%m1}WAunkN*4AN77Y+Ba7aO#Raq_eYu
zcI0A}o7V0B-1P#&<Rlc79|ATeaDsc-@OrsNhN;_dNghMzk8MDq1+AWPbX=u}j&!I6
zMK2IW%A0vy5BGJ_>s<iNXX>LQ$wP;FTG^kpf-Ib11KRlf!TCq{>}acp5NqVE1|a@-
zbX1KnR$03sW>X~t8@Q00^6fkr9lusZRJV0Pt3j|;7w+eBOf0(m-6;cvzb$44CJd)b
zr0@WN?W?`x<sVD<izM8+I<FRGTgwUD<+f4O%VGYV5;<V5tUL56Pr1x@wTR_BPJoY$
aqn>~(TxmQm^*ovOHX5qBDpe1ky!;={#;C3U

literal 0
HcmV?d00001

diff --git a/docs/static/img/go/api-PAT_view.png b/docs/static/img/go/api-PAT_view.png
new file mode 100644
index 0000000000000000000000000000000000000000..c516f2ae2f5d68508c1e8b890ebe976e44c76baa
GIT binary patch
literal 139720
zcmeGEg<Di@+dhDfi2|Z1En(2z9g1{!!yw(=Er>`<OLup7Dj+Q}4Beg5J?xwJ`|x?*
zy?_6~{^mG1WSBMgTI;&6IM4ICmi{tQ!cUO#kRcGr6HyTXIS2%)0|L3<@aQ4<3qonm
z1pM>ZN<`Hb0zr9k^K%Chmw*F-yn=`dyjO5a*qU}u=z|e;?ww4H_tJkaWkS_`dC`PL
z>5ts?{LO29X#qJg3e^t*;mDb0s%3i6GQHUo_a{C$KXA&YFD`UFEQ)F!S7yeGYPAMB
zbqPZ+u99{+W(OR12oO%Qwjt_O8m**vz!m)OYc377pZ4|*_}8mKfFA9i_g2RD7yo$&
zi4pq05C8wx2!y~<N`!wrl+N#?qT{MZE&uxU(UFVcxAGpR0$kLG!Gws?yLaz~!}wT7
zb6ih$HqL|Tx5vw&o|fZ9o7XcU%ajqFot?tPmFBsm!7nMKlQg=Mc;d_Sjuo>cV)f{8
z^qBE5F)=f_&>ihJm1_7u6q}59SDrg}nECq6N*%kOaoxLh#G-B*^&;(v@<2#9qem~j
z{nqb}aeb8>#7|pJkA+BZIcAk+GXi{WY`lt{LBYYpg@3FFc-<tR?o6ura0?OG-iwI0
zEzo-xC!+_!Ns8K^E^TaW#Yfp===@AzarSsD4r#Pn4NEdmME~s>z4CP^>|e#Aepz}D
zBSMh0liNJ!>*rT*bN@8IKZ51xq9C`<Z6}5Iyu>qacJ+O1LnDiEn@A#igQlguv*v?)
zD8yVCF&S=W`#B#jSUF2feGDY7rN+w*#oJAWi98K&&+>}pS<pQzm7W#J3MWLdT9r|B
zG)-LQadDN6gQ#&Eu-)$QdeIBN>U@*sfLvaLFwrsmO#b4~BtDuENA4t9myL~$#iQwy
z6yZ#&bvj>6eZ6a5$kW@!zlD`_vP1mz_K!y+Ejv|vO=vaqG7K(R;r@!5g&G{TM$5^z
zuncEcbA+pUKxfa=b|DMZO1{MUH-#KpYeK@EjYAi8mK><G{U+OBaQsJO59!;Ly@a1I
zb%ebZ5S+GkczoI%fZ3g8l)D?$txa#VcZo}>R3Q@3(Ur_sjJ7?QK%08%bNAlCX3I`6
zC8k{43d?2U-(;lR9%QZe$cGQN=nt3U(qdxQe3PZa`YTI1x_tBa>zOPb*Qdn!S>iDt
zB4Bjs`3k88<>Dekh<kpp3PIQSZD4f82B#7+EULV@xi^#=H7QAX>gr8RP5vRK^f-q-
zBcgeVCue#v#Vot8qeU9p2M4DmYil^$TvjqY%0<JmOosL=Th5w~8}ooM$ZJGCVm_wK
zF-$7TH-S-7L{vM5FY5Pi<p-O_<mksssWpGJ^>+BTf4spF{_^a_i~Ns2I!W>^&usJ+
zs-<Z1&Bdb&hpHp8vob0=rMkka4DtCWb#!zvupFocO^ZHj!8#<>Y5E&sXDmma)iE}!
z-Nxn6+;7iaj$`Z88XbH-u$-Nq8l5eSJNPd6p%KAciBKzR%`TREQYSp;N{Ef8;1MM4
z14~2<Te`3UEt0`f9_}fY)oLQes-cKFm+d;im;X3di(+XcC&Vwqj$%)E{Dki+?YX|m
z+Sp!%zZSgFl+3SFtL_im*_poRVH{PeGOR!!iDz#l5N%h#$#M2Qi^*j`l1EXjR5C}*
zTBVj&l3KY=(}%^s0jZ}4ssz4ViMEGf%(oRhRu93Gv^29Sc!3ryb?=MYVG^Y>W%3%!
zOI8cnb!2H3&4np+*JDDNWxN5S{#{RE7tPj|yK$WQ`~f=;Zk_6z>`g3)^y70RX!6IQ
zpwwrAogOnANZ{CO{6!SWr7YDryjdtv9LwpR6<1|Mmp*88QX}e|FU<FZh=+I3RLf&s
zFp5r@6SnjCcF8|EZ*Y+2o<X5R;3{dOFKZbGj~kqACRzHGp=c5D@$r4fM=x3PcfDHC
zU<Sou>CK}Bv)H6AeV<Ez3@^>xt^x^t?rjZm=!qwDOnY5S^%z_kaHIHbUms*r4xtc;
zCyR;7tieU0`n<`NNsJ!Mu-JlU1{Ot?$~sA<M4taGynU$R1_=Dm%kaR;;f@y-r97vA
zeNsVgn=dj2v}r0JC?MQ2OQOz(L?L@13BG%PwSL~rHncRuarg2_U>h$_t1_IQU+kA2
zBLy?F!nH<I9*^sZ>2jWZmsVN5PP<L6#&-JlaUxeY`kZCu_D1EV=rIx3dAUHd$nOSw
zVL?G*vU*-u7Ly@0*Q(-j)gJhwa8Bz1&2Ym%h2QWs4w9VcnN8+VYfDq!fj}SeNebcK
zneh2Zhh$%Tvj`E|89xI<DMg)QJF-5@@}xDT9J>g}68>7I%y{<uBe;#%^M-2m9=hSW
zh672Gm_0Fy<7JtLHpAEjT8oQ|>0v*3#cT>*e-K{RQcwto^H5%v>6N<7=rOJz#@dP=
zOPf`l?!CyaFg<C~gRguoU!^tbENZ;DZP;;M6jk@|@Z0v}A3<$}Dzvy87!ln|ie|KY
zqT!vDlS8Rgj27G!!(FCQMbB=noWbgC{mR#7<<W2HS!tPR&Px1^7*GLjk~0BULmr(_
zF#PoKEQi}J{vE`*arb>#zWn44??a#WBmvm4OOD|~ct<m=NY`<?)}5@?-m~{Y&^{@L
z!sqom0d_+JH|(e{L{y8-W$P#Ei=frM2z3x3N|P4T$kJt=z&gv@%lhS4>C!`vmb;&b
z-16+H3U}FdR#vhMB%!~joCAj{Ne!)b6~yzPZEj`=X?jZ~3QHy2jhJtv_{viwG*Y>L
zQ+URcW3Vf8?W-@>);<-Y`7J!%-`^i0^FcCdomzMB{e1$GfFK!~r6W0pr%EGdrTzIY
zDf{&?+V|?8F3<4uI$?G@BQpk*pL~SFw`Nl{sp8GqEWa4H1GmYesy*J~N%2I~nw4Kg
zMfVMr;;qu7nrWj4Oe!=BTvpy1vPGY}DHr=2|Mbj84(@Q1q|LgGE05-`sJV*nY|wOX
ztUHTme}%&1qQ(Yp7K0HPdygv^M(8qScN9(G9d}n1bEa5{4aBh*ac9o81W&yAq{Eh!
zgE>X1#}CqYb6B2&M5owLvTL@Q4OPtS&gOLYa%i&VU!T;t+sgh8wJ*Lg2R+%77}UCW
z_*7uP&^ps<g$|5UGKo>LN4a3|3<dkebZ4zutQ;Pji&6Lql>1uw?0jOT^KxgpexiOi
zWrap1jidQG)tt*=Q*2E!9^U!$=f=r{K$`wUPIuNWPK~h8(9me=Q`m~@MdyNkoztFN
z_#y@>wRXArdYNKZ5giHE<z9AQ)z)}9g{e}rT><G;4Q7x2ti+xlj1GMk`_@!?PFoCU
z?Bte7Q*qqZ1$_?bgE@nXq{gSetXYd=PhpQLO-<c%x21}!hl`n3O;>jsl_ujG#$=+X
zqN*pbKp{cbC0*;Weo<J3O^K7!>T{m!T;74jG|l&tRcL;`nx<&`a&*#V@yKC+VBV7V
zMC>4oQsx!Z+d4g6m)Uw>T50zzWm4&w(Nn?6)p<Q|fLF%v*nD~2_$s->6n?EZz<VzO
zpUT!?R>1IpPDPI^MM~ThZW-RCSB86zO@~#WS$~pgt7tqRldTeP-jUc49RRz%FNonQ
z93=b-?H#-L)^%X~L!I)fIyVmHK?av&XXpVoB6rp!mfDi8`2O}{^QDF~@AR0-EGZpp
z#Z7eQcJ&mSY#wW}?z$q{1RG)L$>+^{0v~wYlq*e?;MKFz!*tF4qE_YtKQ$%4Gq*2j
zEC(zXJX{P53p+n7mu20(AV;QDkcpy<md}+VQ7n@9n&h691VYeU%M;`rp0km_I&93S
zr7@6<$Ia@o0h*LL_x2hz8Ug9}25rKQQ}{p8;s)hQXssUptu>*j-qtO5FsULHbDwRB
zGtLGE$R!%$QN39x($p<ft$si4dISfFL*%zol>|i;GDYfJ;ZQQ8d=p)|HC5XcGQ0pj
za_-Bj8G=)PO}K%8BBk>0U@9`RDy}-Vi}NS(u*;|rM!aALO(F&I-v*P7zg*F#xhe$(
zrYdoRkXEWapY8+^v&KNnuFC`amdPexlHOX{E6AIt;|@{~?pbbM6<hsLB^O4sC88~p
z^<;l%yf6ZGP<321Q(~O|;l#oIp-<~dD31hb1gqIp+J-cDwgC;-7(sxzoXq>li$Jb(
zTv7AtU4bz(DjBcw!P^tGu%HLsbJ#!Lmx~g^EU4NZs}v55DH0j2v9#OPJ#uTTlUCum
zo|~C_3JO55-ZW9w*{OltkxA6@j>VOug?Rr|ty$Hye+hv^Hj;WWk!XOwzc>isP>_YC
z)=_RxLP&6b(JL{I)fj~AW+0_>A}`bU;?A_AOlj%kdtEJeM`J3RteJW@&SIc0vS$ZO
zi)@uOwY9lwQDWx?mya|rR&zRn5mP%&vi@5icGitui4G2}$ii?J5eU`c(r`PwwE)}m
zyZ?JKFX4x+?AqC2rNIs7h^~w?l;{kjE%o{N$NjanwG@USUiVi+)y5q)!rk25Dl9vp
zCZmVG7%=b8s1JQO8)uY+kFN@K1Othkui67+%&PRe!Z}#PZB<4KJXj}bH6Kgf+@1BJ
zX!gHc2kogLHbf6&xhJ~Hg_o68>fZT@)ZiFmyj+!s2tz>ze%<)d+Tvg|(Iu_wNPn1z
zhlhFFuNc$iNcW0;TiKoEV_8~Sy1atAkln_iYNczVX*m1=*018B*CdJsDjzY?kmZ1*
zM^YK0#lu&7VuUBziWTCIElrj;j#!K9t@eoG&6{|6MMtBepQEhML2df9r|kCQDpqO~
znm_9j!0|(O|Ly}LH*j((4-eIXq?5zL-}UZw*<Cy+53zn1O<z#=yE7RFxH#@oCkxyi
z<*v0|_c@svyttYj9n>W|oZLD)x85iY2nv#j;3Q)C__5mVP-Te8J(Q3u7iP+)l3+Sf
z6ZXZERpkNlQu#!uHvL-mE*W`_6G?l!>TJZtRBa&ZZY+g-7V)N-xQGA!#Z|hoBChnn
z_&UKaQ>sf!{pVN@o-z^C5HF6<7;9kO`i%%3btc*vMTGP@Qe0Eh;~%?!{!F^$wwp4>
zN{Ak_;h<6i`oepy_l-7@C#6}5PVT^9H0HB#gP?eHzC<S3QP*m^xmE;;xPj!QOJv`1
z;Psf6*z}Jdn)+gX895zG-LY?94bmwjG;6zN)l<=jXkhZ$a#NUwbVC0cOykCv$fQFL
zq1yA^QTa*(mb10O_mJEvZ=j}%g@r|)OjD4@xrg`76~HGN!`1ZbGWK3H4aeEPG^?t%
z*b4{rP~DsfFWA4o-*P<7IABveM2QAkHg51Ah!ksA(7~~gWf8U)!MAvCpK3lJn2Cb5
zpIGy8=+mEkXY$s)7)bwXjF#n+NX~EkLg}(6JJaGY21!!m>rWp52`TS0ZMt5^rctZo
zZ@%JI1;xYB$PEgGy7O4n%&bo<(x^F(jN4+%sg;SlEW>Cy?e+Z1)W`45^z}&|ZH$gy
z`id7GPgh@mGa1b>sVqdu+aInQRv9K_N3AC3Tb6Hc)uN!e559TJl-Q6}bG=Kjb9`+(
zirs#DS&$-cZTu2>JBc7hXIC=zW``@%O0(gv$C#qZ{KXrwU+6adCs>$`-VwnHWEBB8
zbU2~I(@=Q{r<D~sQw#W76aOX3K*HMEdZI$V9*=Lf#l*D`Ptok*A__KLIc`u4&5JaE
zD29(5cXoCx$_Yi)8V%g*V7IXj`8J~>Mo=QZq`4`si-i4HY*p;}#N`Pqi^rMbG74qk
z36f{lJ*20TJQwf*x<Dnm_?Qk%1C4lA%gS-3A~W20^X9&?D=ros)N?(nYYf<O4sT<9
zcTdl-!Nno2Ex<pwe&}^5NRKwwHM%texI(5aNmV<*3-!C%x&2I%k@@ew)}0Whq<2b@
zju$J4JZ3RH=jT-TzPB~)+G3#o>F$|X6;LlmqhvN+e~J&8ZcqNw7HRhMp4}O2H&EBp
z%RnRGjkEZRt{@p~H!-@}uRiNH35T<3-ji}|Z*MnV**eQp%}y0l%qa|xHydz^&iL{q
zSv0$wF*=+iaMCO=NW#tX3_ZQMY&^PaQe9UFRn$Q<#Hrd+I{zYL_T+~&(@^GL6a_JK
zJ{;nnL$5SjR*N^cPcDcGiDKW`UzTApo{>s+<5eS#=-Oa`Q7TKU<}rT3gHeJy>T=|g
z=AM1UEe=B8tjcj`Ov`>VW7{xWV*S|@kLKdOV?cnOT<J)}joum!GG}&^^;dc|jmpip
z)&_=3!<Sz2&2tg3JN-0K*VabZ6_M)ZsHVsDRRzY-k&Szv{@U}e8c1Rg1Pq6usE3f3
zmshQ9P8nqF@dks9Ln!8p7xAPge;v<B0kA`d8;T2HHo!|7#3D5DY@(|H;fAekBuWFq
z(}BPr2;HY=-85STz0Ily5-)_qbtMpchSN2;2IbR0OhIz6lo9FD>B<|72FlFZ?-|Mc
zlL3o^I9FNO^V8w5To>r=-FOM3x3bT95oKMOlyCQheE@Z5DbPQ#+y&7)e$YiY+|$D}
z?oOn5cCZRFO!hD;=i%fOG95K9F)hG`noxmsQ9ccaD+9k*O#gC3P&6F3p-5#saBPn(
zLJVXf*6kSu1v|UEDWC=a&udN=$gJ$zKXdj1LPAO>qG{BX`r>&MK^UNgZmzGV4)C45
z6Mkwoc&_M~V<ponPz=&xmzKvxyU>6dPqXPs67j`M(~FNsZa`QISL{jOID$_Yt<L5z
z&40XT)Tq*_oL(g0aM8G$xgZ}j<pw2bGiJ9^{|93f1%b}V*wY(`MRk3tdGiBQl^2c2
zJ;hBhfMg=<iEb~^E9i?hzSTPkiGr-_eL$SgrQxuyACrnr8pidVTZ4t=v<WlCT0Ao{
zGu*X`rTnUe&?CQw#)bl|**rmc&1O4^?2w(2Sl#-OEPbZ>U0B0-V4mXedD6HkoQxox
zkkhSq!x<p_MtE~Itcp{5RH8EWw=qy*s^b7e7CyNyEN;Rl1$izWE+pKUqh5RmEtqe6
zRaLD*&p8}^gV6dmV@xKqF!7j6iuYH#64#FIAjXgSC#Neu_UUX-mrB9%mBjW5xg2+4
zhCe#SG`Vi?>z&Z*{MKEsAcK~aRFhK;cT7qgqsr-7zIudOqe%HmFMJ`B>IkqwOmu7b
zlm$JG0%gYM^P}~m4mw^#7RUgAm{<rzd6MNs$ATMx4ROpLD*(1Q)0&k$m$N+a5Z^_^
zPoq(HR4MENW%9@StC4C)<@{}cZ`I0K*Y#UZwx&Vay+T-S9v51<bLrO+=j!;Dox4m~
zMNz%HCizrMCN(IW93rw$nEN_I&zdI5(slge;_lrtD$5z}?u}J4Y3Yk=4!7$csi0ch
z)fAy6x^Bc6&*pWZ43IdRcRg=s{xhwGcWOZg;HRR~srfW2iu~y|*M3j9>Ug=nJh<Zh
zgPsMMCxDoZqC9mkx-|<#gW!gI4K)51yKpowsjaR8a>+!MMQT-{x=8qrpy2v3SmmH6
zeCav-WVw`4{xl{xqTpdorg+pynP54F%TXK}5l7Zyr}W0w_yMI%idT0eMXre=C53o&
zFY7L>N%!e=V1QUz*7l_1xET`;Djx5a?vo3%k{}^@Z~b4c4xS$(JTFzT>9oZ5c`2ee
z%8NI+Rhc9^2!U4X5oh5F^U7!#Ev=u~oK+`kI0>0{XEZ!kT<LA<j-it-+ockf&mK^i
zz2hU#{8xE-Cj|N&#6O~b=bMbxL`BminJfQJ?3$e1d8ZK`0)UOnQ9Lm_l)6SF?P`Ci
zKl26?t-DB1xEDhW`+-O-I)D|E@sjOFg)W>>F<-~E*21Utl~0r;9@uRI1h=YvlIW=h
z?x!xjp|1>3)1|dyIquOM2I%JR)bu#cWz%?Qk%%NH=T}H*qOvJ}3I4aR(oXho5;xjd
zd!F<<5N>igclI$&70RVP+^9B2`Eun=RTh)6CMOf1Y6HSGo61{kzx6tO@O#0<a$kHI
z?m)lInN5xf%si4Z_0(NFrch31Pwd=$bhiuPPTH==Xxvq%h>VsiM*g=V5Srd!e21(7
zgwJm_mCP<vY#`}~4yu6IQ0(J;0$Zu9Hq)}DqZA8{t57;gy0YIsZ|-VRRvDwQUz?IY
zN;2QDngxpC(Y$an7sg7Q1nJfOrkQVK{_>xzg!MmRx+W(sY*BeK>cXLk5=VP)-@b({
zZhxZGs;i4G)`&N`QwvO#)i<e-H56fT?ZW2kJ1rJv{Z|rZr1Z9~X%J6MHRfyrEUsjJ
zQGvduq3Lo%J(1g92$ZTKkJWzY?}}u@T$4h>BeQfY2R}fkX=V0?V6ei@`Wu-P=&jou
zj;m6ig+ecce8m+;(@1)@H+1`|<+JkLU@oGgF9F;3@e9e3JIaRD?;-^R28ti^3<q@S
z$$|8?Gt-#g6Z4_c?9Alo<)5&CFA9p=E_6mf3NY6C(adI%CwajZ#pEg4IGXFHRG^m4
z<@g345Ad7%8+10aHKWXN5Tmdd1BGRZD-Y!?d>%UAMZJxxS0qzq%g9okt@q}hIXXJ>
zD4smVM4>HcX}Ro<B8$;UPq&{>raE6u7U#4-FQ_t~jmi@@;*+ialBYyj+|uIK9Z#3+
z=FUh#O|1bhhQi0oS6M9QhZLa4nm5Sv274(qnvm%C#R(=QC7ru&N)>8d#Lz-XsU`gr
zIPNMmILTt7QReXbB9qg5@}42xUsF=~POF6s^F_hFk-`%>?S%l2<E+=Xy<RV2tXB5h
zHxNim=8dBK_tlaK*yP`L5DmQlJ{CPF+vn-bZZ`N?-D3RbxVh3Lka0Dpe|;p%-Haz7
z5gor|G@bKH=BR%4&p}STHHO_=*Z$>!R*Fx*EQBjmiV2<>4rBrP!Cp-MU&rb9V4B%D
zpck#p%Ur&Hy=<~Bwgx+-dGyaQgz{SqNe`c+v}a$kC(7Xe^T7~$s}rR-HO95^1nLtU
zW@dMkzgQFE)rk*26r;vS272>(BOCF*KZHCB%8vfYzn5&-D+jX7@V~Fzi`aWlAxwpw
zcd?qorGD0LUHz{r2`m_-&Fu@W#54Y=-ldU={J$1ed4(hW39K4xi=ERsdGEhgeRuc%
zVpk+sb@haAq|xyDziv<)v(<@_7%N~vy+pwBXf3Ac!QXg-K+N9YILhdxo_g~|Zv+>)
z5B>XE-=*F7BP&P!*Pu70G8*APO9(eOK{%~F+Maf#@9X#rzaS9hWw2?C0U7+(qIv4s
zN^#TIvDur?|F!?`7)v7S2-H|D!}b12H4umsGkVbE$LVv)I%lTdas7Xc4+;OIJ%x5X
zQ<IxlnPhLmPDtp`V|?;AT|>NrdjGfS_lq2Ox9Ms$48XOd6dJ&}pS-Ld0xUK`2KS%!
zTCfa)xL%dUE&|@6*5njIsYt#0x%;2bAyv<UxX4SbriO<<P{kmMK-Y>h^<Qr3#R4q+
zO@X~>W5AgbT2%3Z@?XBq4fZWI9Jy1OF22}C|8eI(_H7w|)FJ;0EZfr~ZyG(I96R({
zD(7#&Lm*Z}txm`!m?6dLwKAFfV(kBQN&)&L%JAk+xxCw10OZbV06Sij1akcQI0*1W
zQAT`d`FE>-d2fQ3Ha8{-R){Om`-)it71Nw#$rS#vA0(6xIAS!op^w`-`g=VK|2D?l
z9ym1!iOyZY8F>w}gco`L_WT#EPI#qQA%4Eoa#3+dn7Fv>KmTROxxIyG8s(C%alx80
zAfHdv>Q_!pO(|p=xL>(0W|fQodnM#nCr&Fz#~9-F_R`P)N*x(&Kt=h({^}VL<ig3t
zB}c!UG*788ZGX8hf2!6NRAuoS#}JR9-R!MJ0mY14v%#rrJo9#GFVxStix5b*YvDB2
z#&mjM05(c=e7t%%e6|5M3)6ITv+;ya*6DQHF6VFT{ikCE$<DpD)0Dh4`Mkf<7g2yH
zEwzqA^jNxh{#gZDmgMrrt-E;T1I-h{-tHLDq!1t7C#PQkO8?<VIo<lDZ(uGX;q7r&
zG@uXWWfuilSbofa{5WIg^NLsrQUX3}v4iVVc|bm4x$=f~7ySg7PiPAmGe3*~G<+l4
zgEr;ka{y)6qLgQU1Ef8?$Z)&nyNCQ>=0b!GbR$5wMo}i!8*5dPG~%Y#STvqfQEw@Q
zFWR}M`+RX@e)ayH1!L@?Tg2!@ox5`0=#$$u7(xF7@~$qH&oC~@IWMHW7F4N`Ip1hb
zo5Pw9x}bO8hd4q4&E0_oHwC*2N`>5PP|@Wz=x)Dn_2eN?xgbv54U^S|-ZGcqt|>M5
z9{YW;76r<t39PDIC^*r`dS<dmd{dc5LbmYsi!GIar$L4ifTTXNdtKFD3+$%Qcx;RO
zwAs8;dUi&$(sI@1Ae06ggp<G9lx$&53vlelV4-cm=3mz>`jk0x2V%TaFAB|*>@iqb
z{Qg}<F;^A3N~cjVZn!wnPN`f~amMbtljc98JD#SRr&u0$#?Htn_o)>V0~<TWyZbgg
zy{NQ1*u9ve+UWwL>0;A$k*YTWQ+*OO(Gpq!8jo6$r0Ea7wBb)nb+V~2feV(FUi;1g
zBD&FDV10W-ue`1G-o-Lq<N@xx+#fYOp7|Y^?}l;Ay?NhHyBv0KG)AXT?t;18l_<_r
zXJ7VxFtGE(a7VBn{pHDQACRH(4t_Vyi8927YfUZnZ*!f`XX9e6s#UsmrC!{g1OgYJ
z4?#7&%HykWzLIlivkod3XL!kTscSx7A_20BqXR`~0^qD_gsXkq8DewP#g(S|)|Z>T
z&JIWU2NEyz2Q(Fc>J#Oeq~maOW;bRO_^i<`HykUK`}Pb@++kR+eso>S{5~fqm#>Q~
z7kAPN#yhAC5=tjtpMA-8v|0v}DtfeD=vK>!)j2B}8*Oj`7)6Cj+O#%(j$FHqu>;@j
zTHhF)*y|xJvQ16A{j{$?-F>jnQU6(ZbmHh`6kkpOGB#}vkViP{@!3BmL$MAv{d_im
zD&%Us7evNpB)aDHEY-YXHJ`~#;eXKA+3pi)1mAIYQ2IxN1I(K-5-2Y{eSLl7`o!Pf
zw#<%`a1Q~>fgZru(ZJ2qSNy|rwzPislp#4^V|-{u*VShaAV3v-BrHnp6P~|&Z+g?A
zmn|?tuQVTSb4%cZ@>Uv;_qsLcU(hCUdA@$%TvezwIxG#B1ueU%akw&>RO09tNp%*F
zHpdl`CL$%Ur$-xSSz;I{(a>mWPS>4=<88izQmEt*%oN@SUj}_YOseRJQ0Yr*2TM!3
zz&NR7p6qR|6ZXr3q$I){B5DFJ$V&14ROh}LazlnlJc}fl@$C*(o0FN9IBZT$fy{I6
zj?j64{dj0>Fqs1IJJF%0D?et(9sWx5m)EY>;KRNIb627x0N<EBwy^iRmJ0jS9gMb4
zMfdmi2I=I<y80w18XcRzJRvfyw6qF)RcSoUUzw*YTbd?l$3!i0fkrqQPC`{-H%=Mv
zK2c>{qz22+RT*r%>FRFtS&7VEp9X?HpmuqGhQ!6ZDHsPB%oLBg0mVwixa=v_dCG;<
zqIiE0WSs6R34-;F$*D-7l%(|+S1N8#+)P%8-iTwr!*tb3to&E#G~(vYzdT7ARoCPs
z2h9}D#<Qx0g@qf+3-*AY!{+{4M{qnIhk^I>CmS_qtI*v^G*EOg@m%^A*r7=p{~9s*
zV`SSCO*OW(^~NiMTJtnMDM$0|psB;wMEb*lYGxv&hbwSEGZpB6pPLQdq-L>6whG%5
zt-ynF0}0vm)uhr1GJq4_cDQ9S=#u3rhti&3M!feQwL96-T&CL^Lv*m@D-U|t4)=Y$
z_z{xKo*8Y<sZK4NIAz#)Jiy@W;<5%Z9w0J~SC!{a1E0x<$2Ckz1!7-<GK?48t(+4C
zMEt@T!;Zt<k<+t>;h^sjlXswQNmV2A&B0QgO7upk5{nc)<vreo%M+n(ncA{=O}ifF
zgGrJ)(ED)PX+$)#0G%}6-Jm}yJIQ^f`fS<n=VwhG5>Y_LWOrJg<-@n8%GBBeu)>Hd
zjiyC`x<p?+eu3*EbCtbm(orGGI(q`R<mR#x!QpOj{E96Um7sudnlskaDceyQ=3JH~
z*vzuYnj^R=<<DagSC8v5bjhn(`#kU4K9~=vw%*nW#9ag_qcVS%%hGWew3NSx3VWOd
ze+jKX`2K}2f1K!v-5<}n8TKbd3>rmt>7DVQ0d))E|Fy=HH<=DfxINu8gO4FBD16h;
zoG7sl<j{EXXP}4=yH5^~@fDAINQb45m~Z+9V9+AoFwNDeCSN@JI6T94m6n{9mG=Fg
zb8X46lQevneu<fxI8d%Q@EcuEidZcs@<1r9X(?Q)fR?->49pH)7ChY_NYeB~FfhF*
z_W=C#C7UJ7fE6na>IUpUGG7-5^&yMfvGKtkS#ogMW~^tzWz@sw*#Z27n=(7HUe4*f
z5p?FLUMuJPgn;q))GFv%tbwiv!wH8Y!h5u6Hs^z1XdK^LbM@-qYx6{tiXTjDmYD3I
zlS*`^Gh4YUCs!SP^amFn*W!<sd!k17No>t#9Dld)J_d+*qRF;6Dt}lR2;*m!$;r^T
zS-KqUl=i(^+tuOAq}#kXH`pP!@#`7D{UVJsxOxmP?6%K?O%P(j`S5E-`*3dVDKOhp
zVLo<>DJUcqH`$!XE@ZCWNKHp4EqQI7rdH*jEPEl;soV#zaNee&ftGf-;R6};>fCPl
zw75Bjm`1CPA8=2Z9Ssiq%ipY`Lw)fdDdoz<%96`P7r*Qu1wSnwNUBfiW=Sf2G*j=m
zO-w{Y6sTVraRKal(DO#L&X$bd)&rVC!FQGC{pk#o&_g|(`OGi*XfVYiJcEs^8XmJq
zN{X}CC$+u2j(aWL?H`d%V^A?E2Y@Gw<#F1X(|j5qtW@0cz?#(3GWg{|YybvD0q-ta
zH1UnjxTDJ$J5u#QIq(D|I)*}MqX>{1VYRxh?nix39bn;V_-Cl1;q~?PP53+`Zrtnj
zx#x3>1AU#K_L?kCkRa1O&sb>phLwJJDS6?n<b9!3s39AE6Z2pYKobd#P-$5Vli6{G
zDEHj03mx5Bc}7bsd?A^vg|EJS>v}|~{LAv}Tx|J2!>!yq-x<(i<a2d6Y(<=aHvy?@
z=nZ*v#tzQ~z*y15xjPY+y{q>wufV39Yt@=03MLO5_UFR6eC+l|Vwv+BNAG=_S!u2&
z{T__iUdqMe@(4d;CmA>|xj`#AYSLFTFVjHV*c5c`062>wUXS;e$9VaYjKTwYgcMWV
zRBRZ^)?3^e5+9i|9cS50Xr6S`c-`_bQ05ZBWWRfrgva6`Xl=cBlDxmIVtc_B;ZgD^
zDf1L}g6JtOttgmZl+Q-;-Z-3FGh7=Eoni9CUHCnpj+I)2K}5-BJ~+eu0x>_n@-&Xa
zH7Ut_gx_|RW(ailjwTD7Z-8#ps+d2J=G5>V-FUWVUH~Z~idweU&5SX&!u6zyx&E)}
z`wQn$$GlCF>7QA~(alkFX1e!?5->+09u8XYed0m0O$2-&CcxMqKrR?K-}w|xY#bfo
z>$>%JJ3k5Y`3899mBTBp=g@7FM+@WfH(wGwCt$lV(R(7a%CYA2_p*b7H>%0m>EhE1
z^$Kh%H345lvztBWlNj`Celwar0XWOTW7;#ty(b9?37fSUp);baR2<8zTXkliiL6gD
zeodGWnVy_FQJEJH^<>&Z%7<$JrojD!v&8FY&te8uet>tEEPIKW%{F9tHC5h^)!3mp
zNs~+6?6K8(FUNt+;osog16`jO`C1*0gU!{KJozR0*#!t@vp=&QV=Q^?10!00I-eiZ
z?k|gN&g}$GG;h+mv*#3-U3%8;Ez#plVaz3Kj+g0Io<}gfdKX?{HOMF^+_~GiH9ubz
z_QQ|-Z~>j>JC~;YCUL@cVz{CEH=uz%9rlns#QlOwVC-?FFip0!vx9(63h%~30gGqP
zh5BWj&YdD8j6qWyBtqixP5`w*!1Q&-3=mYDH>6@;UwFR{Yx6~T@?FgMMA{rOVPGiy
zzC54w*EMVM<G8zEm}b~#;vTwFxyeSN@^Ma<!SvYeAjnaa5=W&)=ke9Z!p=_7`+FBE
z3F;Mgf_bxlslFcf{Y5K|PY?E0@m~ga2zct~F52xSi-%`;>^>O`*UzUuznM<~!#(S5
zU5)1+Ln?veImZEkOdCJDh5<<Oh9%o#UxyI`U2jO720EO`g}%}RV$r2;CPIzb@=FNO
zM3x#$er9($=LYcDIwyvv;_Pg{x~8+bj8m`r`SQKidSIR3AE6U0TK)^ID{#;OEzckD
zDR0lrNQN6RZ-5?U_?G8Wx$eP%Z_w!LHXGL@vMnX2yph->LM`ie;WyI*4ZBVzX9jH|
zV4CuKsIHC<i@_FKuFF5ND}ysYu&*jLYn((ue^?}(_sT4?!<}b56|oK7&3fJ*X!6_D
zeIx}T-yKd;o^g7W2Q@wmzkBx*Rwha2*TIYzoTpU(NfT}{UiaaBJ5{cDr^CinZlV|l
zoym+Jmt#?a8kntw6`eEyVL5ie(0+t%_Ub=FOrjeIC1J_)9WpSbB?YF&!ZUylxdvok
zhhTe>!??3bKfi2Ecc~;!a}NTL!yW`giZ7XnhcqBjEdMfG0|S05<8wgb8o#>eF`C&L
zRqlLh&g4n)O1-K;t<<h4$>dLXA8!n;U!Ka~n{YiX(bnkx;^sVnbF0|dmOG&s=+<n$
zQGaC(<(44pngn+ww0NlU=`~^~<Yt)q2D9Du>B*N}RJH>!(^ehe4Pw*LnzsPRF`soN
zD=v0@xdA{xTkU9&sA|>zUB7!69?3bd@paepbR1s>3za$rj8x>@q_^!K=38gxl0Z5J
zFi|WZ`4eL9`FhpQpFiVHWCs$)+4^SuE_yt&_1s+fK48;cvdLeyUUg{p9eG+Bby(U`
z_bV32C^bu5j2a}5Zr71RWmG|*H$P<|%1jFm8c63hBQk-u=;)3|gV{gim6&fs*$Vf@
zgSi~G7@I9dN}9NN<g4i0Mz`w~z@^^+U(vmC4<e0++=ZY6F$5ImLx<+4y{r6USW%JZ
z192E&ZcCp^DL&NC6A|W(+`b#;4y0s+M$?3na=yh>gRuvX)9-qRquS$^ppB<UN49Go
z$8|(w0NJQhYbI;>yMGD6=P_t1f+p`!G{Muiwmpc{+}^(f2=Y%tmAP6f=x|4{tlW%p
zg9#)0;=EVwo>Iw{6KbF>PLcO_n5+g3@J{lMv1{)l{s;F8waQ(#AA&|Esc1Kt)6V5n
znbl>7HgV(e8GHw$cILcbxN&x+hJoRlX4!3F3HM-gY)s|Al#j0&V?c)%h*>a(otZ03
z(KS%PM8(F-N#Wm8-}V*194R*RxB?OjTIdm&`B;Hl+OKP)jT7Cd$iW0hxz2nW42z_(
zlQTPeS-?EyoDLVt>R?hN0z1KPx=!C?I#d4Q{&w;c=h=pzCqMA7P@lZynBo4==vF&q
zGFev(Yq|m1rwl(LS@M(JpYDBi$(rw}JNnJLP9lymoSV)C+f5{N2$ctC106c8U9~gD
z_n}(%Dy~1lFmCq}^1lM*qZX~B<f44%@@%mH=+60M*Rb8&t*p9cn5d7RTWaj}Q#GOn
zsqlViO%9P~T<Y`%8hMV)`%05R1<>#&0gXkl)pCfGvi-fTjNwj)E|5&stG7p7!E`1-
z(Nq8=G@Y4bXc-+A5U+#QIA~u?rWM7flJzku!3!o+GChliCL3plMhWUi3jN%fQc2c<
zjsQznCj&^$<Y!Lt;gvKK1}<(ccCuv(QPWE@0Ifvj{Q7w+jk@;r_%^Tf$BVCQB>*i1
z!z}v)x;)xd2Jlf9N<59Ro1%-M&=B7C!;-9q^}qQ;?#Dq7P)PNAq7~&XCAPcdvy9s}
z>_OKr8*N*Cv(_*<95m%_kn2jZT_o}LOqCL7efORufugTeJe>mOXYw@bzi7EuM%gU)
zz81ZC&Y=m1VRXkZBEugVEK^@q*t;m5h{y-dEd<L`ls$;ilG)RVrg~WMKa4{LVEC?c
z)L<ee2?DMP1|rL;3dI8~+R@x$L&YL9V|yd`#N`7o_lu{wGv$&bS0~P48O|utYd~ej
zcabuDjM`fa=5!c$3lS+_zt*c=z)2<JdF40R%&NX05h&!O)Y+M2g9k%$tz_EhWWP(0
zy3?OBfflGs-00s#%}96?2B3U!db%V#AOG=r^Y(2N-CDDI72oyJy`!y}aUFksQ!E<Q
z|1>^x>!ghk3C8~Yr>wCOd78TqK+}6_;d0jVDt9PTOl@2K%74}F@@KAqX^rJ}z=J%E
zT(>m18MrCQxaxBD)wS}Om?`Z`7%L64aU1!;UWlga$lO`9Qn4f@PBGA!uzC}d)(98D
zr29y!{L?~>#u@GvKm)*NdcVMC1DHJ&3Wg5OxFc;lQ<noa!|7@h+7|}|7FvzVPVOI9
z9`s351K$9^1--|@4Mp?abob`nmiNgU7s(!Bk=8!e6bMUaSQ!wXY4;RS!S@yxf<!G|
zJR=}T$1>+MS<EWTRVBTR3oCT$%n(!(N=~)Jy2H`N9P+?}YRg&KlbK!BgqN3H*e>U_
z2AqJ`=;+d%-~nsgkRPq>-!OcP;@J{aeJc1M(9e5aCHU6XN+a?Vt7W}`{6A6QDXv`f
zSuG*Z-yc>}Og0JT3HN#=Jpb&K+!vP=-y7gH+4^}Oh-FDEnI7>h0}DJjoMsYbofBpD
zeqxcisW(97v=K~G4vm^~DW*w0u_dQ%rz3%a->$fIqu;#Q+4u<3HOuCSFQshOmmjI8
zR~JeJ=aHb^=~~~+(ve9g%5J+1nEv@Tze4i+Euy*C-G=W2$c!#KzR?@gj^8Y%P?<tq
zp`c9%nxeUC_Ag^U>;=&RE8IM!f}P$$Maem_0%jv$cgeW*j1o{nGig)*Hn2+kaTkAm
z1O3|WNHkf%k}4f%?*Pf#Al%&>8B?L_xuE_00tt|AyLJ2xOu-OAp@|~Z&2;*WXzF~n
z_Y(u)p6Bg8_BX(hcdlz004Q(-MLrbE91MzqQJL_aL(dT2&2(aV`sRQK*n?FB^*}r~
zRwe>Zv?vy9sRFr~(|RGY=-TxyY-111<h`ggxhd)sm9EJj+#?Qf>xx11ANkJ-97LG?
z&gBE)o_-lHM8WLx^BIffr~r8QuPQ$jv_)G#2*b(;-Vw0>@>sa_h*#D(QnauTm~e3^
zw{?x8&=doL3%TpD*}jz{Jn`$JtBYMp%?3Nw18nNiHo+eJ^R!#34C2)A|JBKJ{a0h>
z|Iyg{3n3u?_u-BG|9@Mb|7W59S9AE3$kmYmyM5H}&gJ-<2lp}2Wzp{`D3~<{z%3eG
z3QaXZa^x!IDxM}7n;x6~^j?MhN&PMnReAjuZN2!{KfJR8ovwxs{Rtes9lZ&&kKg=#
zrP&34vi|$-Kfj2<ad61~>rel8(3}4=!T;L?8M&HXKhN_$%$=Mug`{G(P6^NN4J0?W
zwTmmyJ1#nyU<ZHw`qcwnTpR^;XBI`r|NbhSR>$58!_Vfv$Sx_yi_LaB*yy<aWTDAz
zyDR1m9*fuc0pbDz0?pr4sD)C!cgR;1@B1Pz`K9YB-M@c-4)LS2#`*wlhtDZ;Lh!N>
z74J6+K+61P1^AU4EaKY>&(P6HxR8)sBPr*7+k8=8LkX3CQerqAZ;|XwyLwS6Th6JA
zd=)xh4m5o0xTEpt?3f_<+BjJ(6T!3B^y%wR9y2!1z~V}PaYW}UT_N>gI0~kfu#XGN
z-qtuu5Dw1+Xp;wK6$ckr>LAqKdiz{bqtW55YIoRk=jZ6?Va8=#hCbDfst_*$>d{9*
zu2}o;&iKUEr>jktks%OYjZZJK2Xt4q9(?Orrcl=g0d`Iz7X7E~dzg>5v2p5NU0~n~
zu}Ja&Pj$8*onEg{i8#;^yEEBx6fchRHwk)sBNYXnKSshPev@`6NE-36_v<He^{R}~
zDmQ1Fbca4lnO~S=W$sS_dd(>%f`|}@LzPA=yicA8L@H(GLTPdp?k2}Zd`@xF6Tr}F
z-0$oR{RF-N@oI3MrqA(w8hkZTVG{D?iAlOt;YOEIbmXrHuy1lgPAd1ky?GyBH+f#)
zA-5!W^*m6fFo4a$Tr=>EFG{Axd;hOr$-78H2tslrgpBXEr>CW%<2(y0hJN_$3dt@|
zEiq_!i=>{95+jks*(3lfhWF<iecYO=6JjDSg77!F3%}E*PfJU?L%#VCNF1N_0}V3e
zME$?6DT~PSbZ}LgJ`tx{_SyCggwuNrp^{^Clc`ZriK7xtVG9O2>9mGN;a$|S8%iFR
zWeCWn>wLSN1xNx86v<e%Gv*T<?`YJhHC7Jk2*M8v!ZrVx*ow@Q74*JbDe>9!eI86P
zQE;dztWaJ(l180hrP<}^VOH<=z~8^==UITy9<Gg|gPxF(lfeC*sm5eHL6)yaXgA-`
zwfGp)^+KqnS7Q8t>&=_z!v?)Se8rVnhN8%|Fg_q1e`)+6l+bKN!V(|`d|4z8IS893
zZ>t^iB~@pQ|1e9HudlD};i)m_NlyZYZCMNn$v*L$H)+t#okl;S(XzK$Qux8oNdn%z
ziPCPX`MAcWt@l5HB(b!#^tJgV?8RuObX;z^4Hq}}-Ew!Vk9~ELUjqW3y98WWsO-K2
zH_yB%gofq4U^(0Lp<2twPV3~#VoC_y^f#((6s_jHYgjw*BPhA#gO0+20tiGW?9rPr
zku{p4(AZd1=YyKp>4`RLN4>F(3!ygMwL-eO%QZGI>9_8!cXx7RnoyBlmVBb3Fq4|y
zd=u-@=Ee_VNLR<}U4>QjOWJA=VyyRuSPILYtikUw#@_D?Np1zZz+9!6yY$3z*T%}h
z=4ZAvbnnlg?$(qo<m1PAp=2r$42&WCsVzCy5v7I~F5lI^r^?)M1fJu&=}|3LZv;%P
z=gpA*@B=Z{9Y}v-y;(^oe02cIJW7DSHCU@_>UQzmJCh3DI@N}Mv^gRWMLF{|B&6d@
z@Z?R9zHU^Yd>?EQHNU*<Z#JIr=jcFrs=@tf{R!cSI#hPB9$yUOgultn;%jh7M+DhG
zslgT2<taL4216z7+t7F_$}3gE2R!>9-h?eI_b88fu90gsxD}S8%H`g-H&qtSect|!
z#Z;-m<p2-ds^}jLbaeDg7UzQ{p|0@mbvX>12M?dTG%R6ANKJ9d4R4njym-3QvltM1
zr<L7(g<C4QF@>p6UP)LXcPkh?(b_V|fHKp3?WIdLFt=4Jj<>$B!>85g5?DBS($YVQ
z1<P0DA0KLe&BXTO=1M&lSrgw*s;a4_Nah>-N`^ndWmI`fOng7PU*qS;*%vO?4=;jn
zWz$_qF!rb)adEwDa6i$qM7=lXeh)p9?@c|m#be<Z&$ll+(XhV=)H@%rehEp4)V8|(
z(?s*F`>+!M{sVx!?>I8Le=>ZKDNvE!7C_csj(ajz=N>BROvqJn@7W#YqSKEfHMwf*
z3suR@PMC{i{Se64cAWw>R%}|@ezkSoG+lbv9UXi=XQkazkSh?gOMMY9#j*PDLo}MU
z{00{l;ZrM;FVp1xMj>96*XDy9k#%(jk_i6Q5OWBmsZ&aKG{Kib!36k+*kkZi-X{rC
zK{E+zJZ1}X8|gpZ52hF_`}H92vWu=t^yaC5jU-)5CpUU^$-6@!XZy7uJC;g+Y3mk7
zN&l+e#o=~K5YnC?sb|WP#Pul%nP_YQ&;QZuojOg`UqAEOJ3@odmv~B#<jJaXh23Sh
zJH>Isq8@hQ5MPl{VfK8uwY^>8;2-qWyVf^$lmTS2p)|B@wN$|aA&8d`QmD>O+cN2D
zDM)uUHSBLeR2D;<KlurJ6f(!qLE(5^RkjzSMxzz4Uk&vioFA#<@VbPT6nR|FGg(rc
zA8y?B7bqx|wzEThh)NhN9GZ+=d?j0i(Gi4m-(MkoZr18(<4F)c*8_-5wh~L?*}ax@
zvH^O%G4{`X!jFpoQ@7r3LtAFYntX&mFYB}iEX>XH;c%B=+bsPmV!E<#o^(1`Nh~2G
zAn;+coSE;7cXax*=KrT|Am}l_4EHN~9N;dWo3DkJh0uSOYEq3E_8Q40`7=0aOTQ*Z
zobJhkCmeAv&`#ehO*)F`%jxxnlZc+Z0QJseqp)gv$|h4s6qw_ef|61+|1+*v^yFPX
z(&-Y|G=I?nGa%RARW6!=q->2>8tvHWm6U$rFKUUkjVW<k_GEWhpa$V#wrxglJK+?3
z3CKOo{q|&DPk(ts+BZw_Wvej~r0w6)@A+1AjB*7La)>+%K)U}>_h58drP-Qmrtt#u
z)r-?U50oquyk(VIvm%+=t3BOUXoS39z*NI)Zf^dZDN^7$Pmya@(W9l4>%V6-P}9)N
z&4&?zwDaen{+{RcNn2H!zId8l?n0Z(B<ppGDwDnpH#ha&7+TFAR~JuHzfp0WMp3W(
zQbsk{6J~qPT73K34$MhVq*+fgHSkMME(o9Zors~iIm!KYU0t2|RmYdtg|h)M8|m%j
zUMVTk>~>4+kY)19s|yDofj2^+`W_SfY43);wAvii1f&zufWzbVO~~14_MO1GY#g50
z)x=T!m}3j}lMUGYl!jL$IZBUN@)X-ZwktL6k=mN}R1qP9n^G4!9)p3-$`w*1ulAnN
zG~pApu~J<ksU%*q2849E(AroNrhpE59CMx@rYS2<qM=SCwH7Mm&(1W`;Rc(AlY46#
zrj=C*9B<_YpM?)}dcAvh=iPmF!@jtQ_SYcXUSLqEsi-Iw7f4Z~pxA=RG9r1y-VcAW
z2k<64Lh#8^$9eUBI!)ENOOI8#?%ttJ;=5N>h5I|tS=Vf;?gga8VA{aRHKx7ctcTep
zd?23Z@dFf>mYLV-^u@UhM`*P+btyV$We~5EUA{E)POY}8YgV)Ng|p!>&=|MdozTj8
zW(jLxC@7%51Hq=%8vZprF@X$*dHfnbbYvv5gGxF3IWRD=#O=Cuk$BZ{Wr{>1j!|8O
zPC1L1H0b3+h|zchdXbhqYszGkEu9z^oj2DBp-y|=5x+|(b!_Qgb0)-VMe=&+>xZ8p
zqT5nF>aw_eu{^iLEz|3|4^WG?p<$rqEWgZrC?mi09!U>ed)GtXuk9$lO83(MhLh8h
zu!IDv8e$UD%O+#O!#%R6l%dpUDvjsO+c$S0>eajNZyd?Khm>5g8>PQr%IO;McK791
z@@X-EY3}HMbNW+a?R2&uT(*BshU6Et21|ddL>-S3Cen#R^0>zF`nAg;UV%MBfUDDe
z2pbzb17nh0r*wb&S7g^6G_+&9NgNEo&cvJ<7{J_HY%Fz@I6o+lS-&=N@IG!Iz%51l
z=?;Z)9zG>1#>7DK@_qmYnOa+uS-ck@e-77CQmY+Hb@H^YLNqUaS6@FWbZ!n!R)BrL
zpj`WCcZM*YQNc;FZ{Ijln_Q(+d;AV}uDYt~E@Y$_isEIHv`;a-YLxNx$&(+2^>Lmk
z=;*R)SlA<qzc9asNKJ?^f|$a4Zw;xjTjtc!)wu%+2?@b7c0D0VMF-c>lA?WiN{9^k
zm7wZsf(cP+bVwHh1I4r&b(GZDmmHC<J5zkZwek><XiPHrwp^b>UPXz1JTA9Lm&jcx
zsi=TJ5*n=p9|d%(R(k~gsg9({Oz4ijLAP3&xrB?>7Sm0Bv^)=6y1SnrZH&D0Ij{76
z-KAk$r+xYx@tx5;<dX*K3x5HCk-h+c1F9qm2j2%mZl}*6_S@Rp@YP4@I<JtPmO3`m
zfr|WXp%bKyb5F8}uFq%O&F(0o%R_)zgi(z6;S9vepV*mZjaAr_E!otLZUR?+bjMg-
z{iT^ky#keFRxfx~z;M;<Vd#NO;neYQ$4Q-yZQpBZ$K5HyX)p&cMhH(QfCM;U{RD93
zqoL`&cN}7xa(;1ON6)7pAbAS)Cyc*-9{7#Kmh}DuPcb_!>mMnd*cg|OrKCbiO6b|X
z`(<W6@b>0=?Gwz>+h_OmLy_09HLYgT7XaPwdHs&vS;#asn#v)3bvFQO?`Pqpqwk@X
zmLP;YTgShC#x;+niE3U^W%Wv2<LRN>*}+}N|M+FZr#*JCdt+6)bl}P6z;k=kH0k1g
zh*z13tqV>MuxX(h^Lt;u?pF~$_j>#KKKo5W_1hxHRk%G#H8eE=DVSSVeU_B;0Mrb+
zg4voU>Q&o_$_F<Lhi?IKF#i;Cd37aUN_>Oj@;arH9`}rge-y)T=jqvBwto@b*Q;k`
zH!{75g8YhDpgc8E+`+KIWE`Wt5&1_4={-F;<Frize0==R%b&YbWXPZ4VWE|(P%}d=
zFFE!;-2u6vV&Q1BnqRjzO%Qqhw5z<!164D4ZQ)X}nbl;p;BJiBxc0}7MT15(xt%q(
zC%kPx-e?=^e=?2`Ui>xq;`Ef^S$iY5EPywV?$p`ErQTdTrJ2#uhgEz&Gk6{yOU>>V
z9TyMZh{1>Kv^Ay?K21jZj_&MST&+XhZ5i%7D3~n;#*3eoWJ^nJ+z|ViuV3?h+ceBC
zgTChE#7nF{@lhUZGddcW{X?zr4rf0@_d-dA90MSz0Xhm0KZDot4(4$vJx_`F#9xsB
z;CN+$f&8HD$6G)M@3^{hIn}HV;{`BtG<f8ja93OHQG)b8mUD$L9(_bGS^a$UhHe4h
zNS&XzQp_)49ff~;rq^o}_?zgX(byq0;y6ldSW@xEbG1T~xP5P^>AT^MCvwE}MS+Ed
zPn2l)Wc!*6A^iMJZ<k!j%k&()YJGQR7P2-*3W->Y)RFxKg6b;sP0i}<H)*p5637ZX
zPjOyRU&At<fS3v9MZ0mHMp5Nvld!PvS_Yjo-Jls^$|&v8!@X}JKS5df8KjD0wbQ2m
z@d7dZG8hk;gx8n<PMFAN)GAzwnG?`fZ2LndiLmf0N<=&mc;{1B`5)a$?9Ky}nsg&s
zX-N0QS97l8EE@nE0lokz<z1qh;vI;t@DrgxR?YA$oPnf9jA#^0N^J%028AviewnG+
z>$jwmiM~K&xFdt+UuVCF9MQA463houK?|rMjIq5rwepKu0rI=%Qh+9D5pcVq5=>Nm
z7NGnTA5YcL69daRk)}XdmGS`uj(iFEKi=%Ph5qGDGM6DEGNzSu^kNVp1LWBq1Y*~E
zaa40`!k{G{j$n7(Lk2iKJ?yyk2N`(yh8B|IRQiV9b3UN;()p&eN3mC;Xa_vtm8W;#
zH~PN$NP&xkqm4yb3i1xrRL+x_t1a}RqBbJ^*J0$+KYmh_SJH;)Shr=1C?`Rl?J<cY
z^H~xWnp@P`;__%rfZY9OVVMfz73;iTLHZWNSyXovrS|dRUfcN)rYSleUUUEn_-oqF
z@73D4z@0#yVB*pSwM#`+bweT^B$oosT8OQoB=b5BvhQ8sv=9jRFCBa<E2CQ7O<)D*
zwuULXa9(~He6JY}A=rAJV~xjEmd*S7huhOItJc)5!iSLm4{L877G?OX0k0q`t+aq3
zlG5Fwq|)6XBHi5~DUu@HA>G{|ARSA0cQ3s(-^1^G=UnG}e}DUz7qG9p?>o=T-1pow
zGc=P7;$&gD3~fxhkHm@cI7kWaFoZ=q%Dg%_^*z_i?(<a7<(hZqs>}if<{m_Pv2=q4
za{v;nvFLlR6Q0H!1mdar0Ms&8y16u45t*O=1Q9|a<oP|jf9mUrGHKCLl@1+fhv2ea
z!VQ#!&DN(VbpHpqsF_kRKc+ZGM?Dd%ogrW0HICbp*>Ct!aX*wKGny<`k*P8!(4o1u
zm<@`Dd3KOTV|D?m>F?+$!Xx99>C6*m35kR<)RtM8oBIJGsAE7nr;;Ce0~tap^b7$4
z<^(-M-$vr&(~3{%9j;Rlpx5D+GENnF4(~!pdvDWwNZ+&>J@E?6y$VusKiw>TW&9JE
z=c>JvlP@^y?X6}i5C43;1j@{2_(KV1<>LAFMzW}<8y`N=#>Ij^#1dhQGZ>nuY;OSQ
zz+$P1up{tH<RDRHWhE68%<Aa&XAvp4T~Pc6O+^nt!Tpf^b3=xAs41Wy0>KI<Fjr#~
zCE-%j*8(_Py}^bmoMfJHod`GEf*bQyWQW*!Q<{(-3B3lh63iB>z?pmB9igqQPxi?p
zLk3Gt2?)G1GGcWwnL>FEx9XaWLG{0NIuv{xZP4qR(3AXm263P;k9x9L`!NNQ=EVfw
zy0tM(%lRG6Cmx9!QQEfQkIm&SE7Fe_&=o_?`m`c!GFI@K^R5={p~mXj9-1n_bg4vU
z1U@!4-P81xluDG+5YcyNfCacZF?G(A+P7U5A1v0aM*y?ULdkDxzdjs>P1hTugSl-1
zstk!Q;Lny?0+z>TLO^#ykp?r=7=`s)8Qw{uLNOL7{s$m7a*+Wn2Ki5-td{s%^6uyt
zcAjEBg5A~-QiAl)uCQG&$<0l3r$o2;`<OA4Nt4svH3LXO100{x?a$SJ+%8_Izk$p*
zIX(yJTI456lc^FUvxx$fAEGvP0|-9=L6>14e(ZnZ0npYagLZg*CG`_|!9SBlx}T@j
z$ka?Wl6Zb2f>Ljdx>lu~V2c;}M``KM6W`NHV!_im$_*Sq0p2YYfKO|tT=>Vi5#XHJ
zbFDJd{vkaz8gLjTopPbNe<OzFL*H-^;NfjDv;EEh#9*Fgy|1b!AP4JFV@)T>2<$HA
zDYaX@P${L{$N&RLufvWCLJQ=j_#Z?cVx9^_2$0;;@xw~hSN)t}LcpgHUR*c{Z`3me
z?!M`gOGHjfz$T0NJd&;}!=9&x%`(Cw>?Z{2F)@A)*erk-zjT*)nvC391Gn`dmOi1(
zwZm@X*n9Kl>Qs&U-(V0RtD<FZ=Q5smMUea)%??3?oNV-lJu-{{=xUnkwRrg5`$<sl
zxWE>@<vCmEmctK{)YiHqn7`TgAp|S?POH~<H47_hH`%=b{secDQW2R#5t*KTK;PUL
zk&8=hyh!);gVQ!LB%Z_gNz+dp-{$5wfK2K>JlKndqbugyFr`P*Ed!1#eOa!_`fa8I
z-QXF)10I$y$nCyv?4n<S3>L?3Ft;0oxcGxg0`hLzky+=3K!$c3Gh3l~04KTtP<n}r
z8y2i&M9%sS#mDZG6R@V2cqABUu2SW9Tf|xAC;=m`2!HRMM=*O%B8V13olE2|C}8u=
zLL~eie}3r!f4t52g#rQ5_X$!YOBMsGvFfu<KVL!pzmY6Q-tfisQ*lwzvj^dfNb@3d
zZ9m7yK$pY?vsoQ?t-7tH^IHW6XXl?|tCq=VCL*IwLm*&7+5Mm(xmkaHxa1vL^TvH;
z_}5x{PF^03{>-rFzoU`g%+B|${s94q^3VQJVwE4w3puqr6fNZuw@kpgEG_10Buw7I
zR#(wLO5lO^LKt@6aeQ_Kb?x8Cnc(AhyTuvQa_-8Kkn{iRp)Jo(ORMP`F;-JZiwP;7
zb5tT>I+TC6d;=#{uXjTf4^K$`lAa1kTLvIz?CdF5Vz%wGxV-TmCzvIc*F9ZoefV)s
zRGTFg@q|#Ru=5{HY3Yf}IlAq--Nv5nls<%j(=L;_K&mUW#>UnbAwBuDY3c7Tz-`YW
zO%2}#xw&R##q^U0qJIE=0U(<RzV{Q)5{YXe;I|;ofol4Ip@d{-K_}Kdu?%$DI`$}6
z?A8;=65**>C((V;ACITic}V!(e8U&6R{#y#e*B-4{;P*EL@V*`sxM{?>0LR2_2MNe
zeujTt!=}H?Gjo2AGf|$R;PBi1{r#5&1pX0EzKh4S$)`e=<0;uJELfL2`={h-LirW|
z9T!+%&qE^QTEL|T4&&pCb%4Q{QMCKtGU%i3O|4a?{T?Fa^h4}jlj~k7{IxD^%v);`
zu1^$LP3PX!0}G}<0B-fMTXX=azQ@(I%!|}La;)G;HVG$?r(^lvfQSCTR8(9X*+I#-
z=zVE&c0R3~z{c~pv-7oHYru9goUdH;-75^((qmRd*+2PpDiu-Flz;wIzimDr;`7TO
zXL+}pNYnK35`*vQ+S@yh@9!l1y4N4MI($=JW{|G@&+F{r13g{`{4eK+r<Yd?ZDk7B
zRigu`f*4{yU4+Th(pB#^#T{uW0D}2twE2HZdDq^Qas9TidqfvEJkek*u`+MCc$3RH
zVa8I&7lXJbuJ(;6N`>@V_2D0F-(|W?8zckc{_htJ`paNZ0wK2-eX;M6f2scglm;-W
z1`mdC5}~_2R0+|uB!e&i_YEw-$9+R)S|40{Mu&<DC{jF3Qh~NTuKRo)c7WmW5ZC_a
zEB)sm(Ivr3jgbHQGtu|K|GyO|WfEtRKDquJXZ%1&DS3bZGUNaCq6~2$Bv7NMlYI6A
zGWfgeEzke@9iVh|cIcT)hA;J+I{o2St-n8%X}z*8q&XyJ`S8D=jHsxo94~Sxox>fb
zqSWgF%fYwR(I1V-{60~A{}e@wbbIjr>k}~t`b_f7SJ)(BJ&`p3{3Q_OBSP5zzgLNP
zw0lArYw<AJ4=K^IAqylace)=81W0lyuA=nqt^Q=}+-N^k^4eG4tqA?!JJ#CFPE4RC
z*0FXE*(;hXv#ZiCJ^GgO1F0RMm7M)8&WGDNZp8Kf^OiGrsVtFv^Jksev8>Y#(;v-J
z#2=EEl0PA+8&`g>FQyc}Z6%}P*W@W^cp=|{h!&3hY6O;XOKLcrZiS9Rzx)JXY9_tb
zw(3HzGN(Jdo(;RK(^ny#@ytd9tcHCrgj(m+>z%R`ZmMo`S^8obF)$-;Utos(U2w;=
zz1+4<=JTG(Thr9i%J|r<nRg^%igRSsoeR~oxhf#VAUWyG>V}5)Wf`6K<=y6T0rB)J
zB5c2;+QZfD;4#q17Nu}QeNNm^$DQT1kVpdvAfVU!4$^-xhG=iPehcC&<jGlpwhOX4
z5YnF6+rLk3b_oOL&%}aBvF<Gx%V1>J0s?b8Kz6*f*_&H5EwX^t6%Ee3JfVC_-X+Z%
z-y#<=)DuJJ?rWNvwLu`{O4Z)c;b_Ih#U=t;D-;UF4RPM@2gjA_u1yECJ+gf*UUx<(
zOArWv`(let^-myk&WGI_g<j&Yn?mSEyJV4f*8<Uu8fev^cmRe*9^c(KC-d4rxxu_#
zJx{9T9eY?PW9*BgGd!_XEn56?=BSyXb*Q~PQ!D^k-Z1y3*KQhJ=ZAoF7K=RaEFdNZ
z2?2zrt|Fx1zAd$aZ5@nrGc}1Pn9hKiY;w6mi30@vU6-Z!0W6jee|IYXyJQUQ<9qQL
zbviRTx|f~TY7}ma%X)pnA8LH!)bt<OYl?L~tA+ZA1HKCa52n4zl5pCXJ|h0ET}LgO
zhc@!8J_8hkl92bd-qDeNTGDd7)PjFtb+ieR?@s1_2U9BE1xY#0x7d>czy7y(Z0k{j
z6|>krPmJA-9-vOoxx;O}*woP^Mu(-+Wu-Iwp8{=HU%A^tj_86O<U?_yibA!bE2tq@
z%r?wz?-`hV?sI(oDb;xTpKkxZuPixoB!)-!tFVVBf~c{tRq&L!je0}Nvz~pV$1~{I
zOsTUu{yF4;czyoi!Xlh%;|(acff(oDC4?2lC1=HMJ^50MAGNKGj2zThek9ex^v`F*
zULapt*?23p7K-Lb`U!M#_^rlX#Fq6M#uZRrd!OE&bNPEC8$*Fc;@T46@y-U7kmXdN
z(xC$(FaJ!a&&qW5R(e|#>-4w3SHGVxC(=EKyrsFsKEb6=Sr$Ym8gD~L%P%YMO}D@4
zkdPZLu;c<yMbnzZQj?>jXlG5|$|%SFrUg-AxZGT?8S_bJ6N*89Aa2iYyx7(SU`jF+
zDr*3Jm^F0pSs>_ZIf1>AwCEh?AQ_hF5<buZe?1wWp%Qv=xY&Xb^8m_tFHlkaD$Vu7
z4#ud$KGrf?%JgAFtd{B{gbF!^T^Oo`B#w)91xdZRis*`r9R>_+($bwH$bP@JqSu^k
z%o#!nl*H{fn9ETCsi~=@5)BRkmwrQU41agTzG&~Nt}qE8oZCQl5IW1nG4xRpPMtZv
z1&~l~1S~*Fbs@$Zlxs4?k{C6^QW(=t1A-b4%|8em4QTkkAKQ#?(gVap+1KERGC_~^
zr}P@-L+c(F2lGBZ7dQMJ4ZP@-q@G0Fs@Iy4ootQibOG{pI1BocnBPNs%PCmYS7&Z=
zRSqWPVC4-zM7%GWeB0LLVjzL}vDE6#`TZm*j~f=y&yCDo?)16pHN#PMLFK07GMEi5
zhb^Fds&l<bNb-~767=7rsY-KvleZ2f7?s<q>B*yEw>V(}>{-rngPMX|vS7{Bx`CLe
zc>8;aHqn^V-a9&*fvDF$CtU1mEnlg&R=~rx(iNcOj{_eC$8y$DPTAEf;E!(H?`yQA
zadVB}RWaMu9>(UY?qI+(W`zW`Ipoj)C*y%>;g_9F30eLDL%to$2^p&D65Q%iYm$z6
zx>qr72o4`d|5lb}%ulzyfXxBD#AQ$WuPwkDS&Qq(VDA`dQhR@XJXZelyB{Mqp(t7g
zXH>ls1>gy9R-Wm#vtv(9+-Q`5-FGo$ejKU{NkOBO*j{-9F>KEduTpS*6T0#gdx-#U
zeCfMtS5FLzD{UZ2_Gd@pKUurYM=YzU8BGX+4t!Q$W>X=jApz4pe&ql+TxYxSXXws+
zqUfiR1l;6l=Z0N<7mp1z4ZpTD<rPWA1Z6i*liLc-?A=X7S4V`~OFcmQ>~E8)SD3^O
z-8t?o))&9Tnc8yCTbb-?@VLRtEKi+HBX<OH-Q0+SiM&hBK!ex;ae?iwfB!&Dl}ob}
zelYX8v9@$9PhS4vM(o|Iu822*=zFn*Iyo7B?x=uNCg5@Usqpc5ocH<Xg|r`vdNZt)
zwsWvh@pKsgKjp(q?Dl5ge;dftNCUZlOdfWu=FER<0SvsZ&fY8BbaEMufB8*EkLr#$
z{^IAu5OL+VuAMdab5(vspOh2^&LSP($KD0Y{`D^rd{fYE^q+_yF7{_^V3V$4<`KL=
zJ2BkqtQK}k{BR0<J}&Wev3E3n-2RYTZ9bp%`j3xY%;yd9+HeWv&$~AX(J)%T7S~wo
z7UP;IJv6g$v2|oLCyf+K@rAML>jx9Pp=Eu?3O<uDC^Wq4coyHZRA6}O@Ql)1;&U@2
z_4#Yg{3%vQo_b5sqUS{OLwe(H;ja_LI&Z+u!}VPa?7<B-|At3kaqD@wljSboyqiXt
zCUg!L0nebvCzXJ=u6F1S`$mV7RfTYmrR0m;@zM_`=y8>88zqpAbiz)M*KO^Q(k&7M
z9R59h<hOubfMQeo>J?igupu9R_k&mlC9E4Kt6?)ki@aP|&=lPN`7gRDt7VvxB_Nlc
zebCTo_MUo{!3vwd>d$*{rYl|}nQ2u~7qUNm$Lq8cvMiTI_UjX~$p=idH`5XXvF5u2
zSMh@Osga9-f`gK1<Mtg*KD?Q&f_(?Y5`eMk8T9xiUi2;1xjt7h<CL7V=XN@Kc?Mg+
z^*PBf9EnniXLrPS_l{iuKYWc*mg-=E@U`T`16E&dM3B3#Hov{P0XM6TK-b{lz>#y7
zTcjlVbF9sQcp842S^&r}-teSaY`vBJDkNe1cx2jl{A}#{3aSU?F+ZHA1~py~|I26F
zsvZ@U5MS|u+1|>V*8z>ekZhgzY10v;@SdkHp##a@SWY-ba#8qN_byPsBj*4)HaA{P
zKlyBdVLd^9&(Sg85hKdL`<<j`Y3lsTlEz;O3ftq=q~O2CFgK?=JDfrGyMbekUX$<z
zY!>q(?}5t$;GfxM@U3s%$2RL3qCBT)e?qBxrWf`qoZz_+=s(SR0He*eG78}*uvvrK
zi}SIb7^N8#dVYRlzo3Zj90oqJxc+13js|sZXTqYQXgD1J=VDfHEW#Vu%rPmgiZX_N
zi98Ln<0e17Zq2h_uU_Tp)l$VWCNpSz3whrA@{>?<TmWe{ZB3CLV^JEfJ&C|IT3Zn2
zlOAvY#7=X}=S$HD_z4TAEJu5Q^kI1{h#KMp5~VLKsU#-GL%RQxYVWDi$aS#nb)-vf
zvivE|@1*;jV}A6g>+n{!g#u3eyh9?~;ONKk5!^ch9IdaQ6R{muD4gNbXsq${84~Kw
z-grTvbOJFNiScy0U{9(55oBXrA*FHe@Yw8!TZHY0ndx~BZ<dVkwn#fesTCkfAS}Hr
z5$O8urXw3}JpD(vAM&N6Av;g4kr(o%r_A<6#JCl~BOMN=CrQ@4lE1##4?Q*rGHp&B
zW^)F<S)t6Qv8}04CI3h3?$on%;^18Qa(_O$e;VA*w3@ZbvTK?0G-Vc@-UM8>yujKN
zrYql07Hht!ov-&l5R+0Jty7cSb&l!5F{NQHLHQ}gU}$3ljh;n%2T3FKRvhBNVCDuu
zpfx!pgza#F`}qeA7M%tUbbj}HMe?vmE9G?;by4rzRfPOHcJr?`nSBw0KZG+XDkg@C
zTZoLrJ`tpPbHVVmenHAaU>gTen^MM@h{FPZX3wR%e{n_F9d3Zznbp~<QyreAYfB;&
z!Nb;-CDJ&F9LoV(m>zBQ<u_GQ6gr+E{i7S|NJ&bF4~b{sm$BFsO~Xs;^LKy^LiIUZ
zZsG-088y7*@1h_%WJ4t46UFFj0xs35@Q1J0<K++^Oi~2-^t^&v4KwfX@d(>d=h~xX
zhPZwX!e<014wnPT{uh>75J*$ucsI!2v7}3_ZZ;?KbkF4=e^2pC<-r&J*JT#2S@yM8
zo83~I6!MY)C-gR;Z+j35GC(MaE;b={lRNwgm@LJv{wgwY>n+a($RZ|kRM_Z`5>P(4
zHq+lppcgN%FQM;!JwLgEL{G&vAxW-`Z81^3F@_DD3zu%_xMO6B#0dt|mX`dj(`J;o
z7dFHqM&XyeMcLqPHTc4>Hbh+KdB+af$RnccQ=Lc@;=Qk)%(CGD#L3fiV!NA_l#uos
zRm(<Gbkkjs6N6L*x1@Q&4eej-8+ZSMT_yK@KAWe2qsmtq@^j||D5r04F2<ZozS2r5
z>|pmvP(X+pki5LlNkhY?IBzidB>Z1K|Eds#Y*8kXo3@oL`;F@`t&zru7hwmRMn-jB
zSKM}W-=0H=dF_Z99Ql7!Qy635&$oCHzWen8_+Bd#%COWa-j>Vnwvg#c*vnbR(S;7q
zmPW226mO~IB@X7)@jW}mH2vRh3?bN4J%W^hl2e8wO{OLj!j2@XyHb!fqAcq5^Rc9|
z%1R^%An&Lz-f({%_u5Sn=XHjGG#+kh5!d_2<+w+Vz|wa9PeMGO-o)<*H4nAm)jz!%
z<CZ$pO1I8!a9^PJQ>v9c@Za#02scM!d$K&TX8c0l-R8YoO?21AeRJd2-b{^lzkiL+
zr1F)iMwEGi90h84u}pgBW3SKLFSmo4iy8vz>nG(SdF<<6^dIo;m8dTPB!Gb6=g&VL
z^o>bJa^kD&8NotKC8^-k<#bJ0nweSiN|YOh!2Bu7$74_;P645Qd%n1}jCe{?JuO9R
z66K@ql0j}%Htta#(1C2MWKo-1NF6|5L89po15R@>ka3rQugy~_ef`d%igPO0W(5HP
z2>+a?4s6DDAF62!prTVGh}E<>kaUT(kL@oX!Zlc_xs&%&-#j3HJO&w{a>>Z>7kPdT
zfXoi$MDxw7X07iU9ys^*%Nxz1A2V#@KT)(NCt%C)ikBqw$d~)tZQIprhd&V!r_T5{
z3jm2KLz*!+na`EIA}38!vYV4R6Fn)vhjQWSYk6JsrRJNrMN>rzV(O`E_L(+ep111>
zL#~2)KtE<n%4)SQA9f&y>W(0P-v!?;tY-*!!#whEU8t&YSCdDNbGskKO>w1&Td!jz
zj2gaE5RSU`y8j6>ixD9iLX__{V36n;(I3yj@X(*a5rQKA=b9V^@%)}0nXY32=HrWZ
zLD+9V4ps^(;ktv!rXy9qRON4-W25)%?D#vV&NcD6d6Fvd?T4ARo12`s+``f?UoBzB
zvluH>Y%DdKy94RZv4PLX$7A5S!LtF(n&wB_4_9yaw+jp63XXybezligmtb{%CjV}$
zVr>hEhDgmM&Mmxb;{0lyNsZ!(O(HpR#FsB$DKyyZ4e4kD*Dz&0FWmZs{46KrXE<K0
z(6gr|7D{Pc`zI<wIPb5hTRg7J#*eeeRRjXD6S0+>jpamL{L7Mi+jO@laPaVAzlh~t
zcf>m*O=xG9)Z3x-cgv+rG(I%nMEGw+nc05>B*0`|ff@19ZuN!Vw`A~SS70IT!=u>}
zwHWQ%`Dv{l6DCiJKCN4dmy)FTtM-y2B9t31k%b-P-|-;$kY)(I#iOHB5(JU)Yc}25
z?s<|p3=>kX6N8Q+oj{5MnZ2JA&g(&bfi}wb+yw}=Wb-_`c%4nM*mTlJQWR=J?JhL~
zguibx@V%a>Bl~Y-q6VH>7?TeC0s!G%89w7hEd81IjIjxZ)Y5|6Md#&D6)IkOt+rC}
zBF6yU$p5ivdphR4H!6GS?tS}0Eb`T<5Z)<m=zDDOm7edGE_M$nR@ywl52{SU8NP|l
zNt_S0XneILZP(ROku!gf%0V6T-%zo6nf+ekQ@R7|`8q$atYs~6Nd}FesFkIy_T>c3
zTAQ2)lBcXN@!R#f=*kVA#%&mDLy}U#`|h`&0K||ftD~hG(1RkOY5Y>KVYoFIjT*}^
zFj!R+N0XDNcQ$_|<<|d;IBKmS{-p?9!iV)oBtz20%frvELf#V~_=7nRlkF$^OKZG{
zxjuG%m36P)gClZ($3tAjGH<tqMJUs|VTVS{N`*{0>2U8`@gx?Ut_BrU^qe$KF~|MN
zEi}C>z|=H2-Qokt@)v}@<Mn%7Vu30|k!PkCvJbhRMOHMI#Gq_nh@ants<%2JJ6Y-Y
zt%%(0$;1IC`5(hx6xE=zCwqIlK4ahPN`ZggwOP5vFtYoG#M{eBDNNZNDju3pRINjg
zm*pej1?b(dsjRFl+mkb%`DQpozzuU`mPuCrLu47TGbX}qB8>J|Llv%m?2j)SCcld`
z8aACiu6dgwKu8wd!$of7sLk(lZ2Dr6$h#c<2BZVU1c_{5L%)^jLf#h<TfQVDe)f-*
z<}oXn1SQ*YgQ@$cV}P$f1F!)&saFvsLSxe{78Bk;*b$^o9|-j|q<ZtPAJE@^Lb@R-
zLiPI{n2k#=Q(uwoPqO&x*Du007<2X8`h)~m-)=>3ld`KBZ2V!g$%f6oeCKVI?tzQ;
ziWtp^(?6+T$WJS3|7+|QE{HzLnN8=R?ml6q@*gp!NrZ&CWmBFFo(sNA_<FhA(th&d
zO>>6gjr~&^t;|}BIdqN!)qg)ml&~g<2JVf`cc!dw$?!r}K$!f-`kF*g@-mfGPf(@*
z<~K5X3B(6IsU~X^`U@*LC8Y{%UfBMAY$kA)GpOkUs&51;_v8G}d#i<BWv9MNE%;FJ
z&<F=aO9|IOpv+wPUt?N8h68z5n4mZqdK<99zhUR<8<UrVf`--wgsXW<g@lkVAOWD!
zC`lZu!U}$BAc28385EJ~&tkTB45m#2g{fTpC`CBHkv9D)sONi=|NiCMGaDa%g?wo9
zJrs_dlcpNutE~hw2P0@a<kzRC;1t4^&eKjA_%2M)%u6EdIVY+&`c#DUc}hk#GUUHZ
zrTV$SAI`2&1-;O4eCvU}e06=t{zvG~Q65oqkBz>(P0EKO7J2hVu*ymh{-fuUe_$XP
zIN&xzoBr-_5;K|dDCJ&T9qAt#H{_rQH{4=L2l;#0{G3CaQ?l>oitaHzfGqF-F`GVJ
z3M@v>5wO3=98Q{EShzH$#e=4i(UWpJ;H1fz5L<rAwYoc6zCZ#bm<#T?s2I%74RI0F
zpK%G(y{~VPl4|#H2$S~|fpD3#Sc@w31h<<-%IJ|%wAAA0PMaWndpTzO^qDsnAvKU(
zho!h<Y^ThAO@%6tmntDbUcSzMXo&xx!}3&q60x&>)0qe)DmKp05Kyaf2oH=>eyG|F
z1(N>N%U*l#Kb*8*h&>${y0+&kE00`X04Lb6WCxg$+S0T@Kx_d0z5?Knm@E2I8ZnQY
zE1jN2DC9*JuxtWdY`})zu@0qT+%vb(!gD;R1=6p7%NSIqV;N+UvG0AO41cB@HeN^m
zP|7LxQGO>@Sc5L#xR~ZP=CD7BqfucbF7D3fa5%#+23jmcu{PX0bV0%3tnrw3H`qQG
z<Ap%YIg-#8gXXWiFF8wLb1r+O7Ht;#R^h0*n5Jh%CnfTDe6>Y*lT+5yndROtF5E!1
z0)Z&zi{_z4FnPD|xAU(9N!$#o{?!%gMA?!K?_Ht2H(;BnydNlwZdyI9kE}xswuwpj
zY&F%L`VVN)ym9qv84vu)rq;MfAkhq6n1?eI{5@ew%p!D`$pnCPd`U>P?N-MoF6kY<
zN_;Hv{fS5yRlzDB*lQwu^%L*CKa@0W^*Vd4&f$W&<tcy1+*WP5&7pGG2<mEGeL-N2
zcecSLx1-#IW}C6y@S#|peZSd?02&&KxNhzIkwD!WFi!a2zw(YMH_EO!&Hp!dR>_lp
zqR+!Td_;q5iw+pl@<nqsj}ZI;oLEc}p46h4CCG4boLL<dj0MZm_v7UqlS$!Le1YSA
z`O*had6e<6HFq_3-&GJF!5W9sfDa|WBX6%D`sd5$$SR#LgL?ft`T<9-MIw%()}tiv
zjRL(Ws01)cVL5t`2km+FEsn@)ya{+L<ZLep$sSRwz+B}Jr&2E6&gD4}>g>)NCY^HA
zaBJ~4H!rb{&@ip_{sogazFdBINvgZl@e6Sd?V^H9OtB;cnPu}n&vi_^{Y3BFJjnyi
z6Sh@)S%UTIiI1P(F4tP`7(Vi!aSsf;{sS}R`>WH95rX%H59tb2aV%tyvD~%L>}TXg
zh|!+3F|dH|o+|b~h-f9?Lzd;%ThGW|5CZXY?LF-1ILl1A3aq2iAN+{~@%fz#MJD$N
z7JU~=n$;*#Ci?DU@oqszS5O42*G~-3Go3ilSjtIuU1Dh47o&u97=*SR40#CRcK<4L
zc$w0+6(M(g)~4cMGB^6ifQo{Z76madbmBFR97?%*XojB(`m*@$Hp60t81~Bj7>Evw
z0=!8MXsGt~E^%rcliV(sd1c9?ODdU{qsqnM+08L4qEwHf0H53f74VV74z3q_-9ov=
zLfq4JvkEQ?gAY-xA(yYPXz3;VsbL~=l2V88Kv2mo2je;;LX0t1It_#Xg^926rV;`H
zDn=ix<}-MXWKqRpwZDGj$yUFgF=i>*-v=^;J5v3JlCZLh3SWT6LDT`#c;Cr;__$_o
ziS}+5hl5#$FUgTWnM~fxa8M)$tq1-GL7s9b{W3&cA3`?0&G*yVs1Rj|XR=v5u1W-u
z;o+Pc#GpY)fxHgpZqqo)F9-hc?;qO&vOc|LuPny_K;NR==+rwQ0*p8;X+R5Z&&NAu
z+^1PxghKdxrT4^?DwHsxGb^Cb1XQ`tBtz25hJjF+I36T&uvbCd>v+}Cx7+o8HKvTX
zbxZXzfAe{gZlSPPW$PLJUWIrOw=dHfI#g$K{T7H(q^%<<-$&W~7agOsD-b03)C7JO
z#>CDpt$snPIsL^A6W&B~XHSb2ApC22oG2I<>*S48T<NRHt)bBp`I_qLk3miaD^#F8
z#DaP0MkrUw_57NFR<#(D3ywvjn}eclhmS`%2cFPCN_NrHg$e^quUq*^xlh?xXvD)J
z#w`pFrtjz@*jES(p%noIC=UQABctz(!@^n~UQEm~wLq%B6uuV-zPD0WGa-H(*U$1b
zbaUyOr6rO*+XQpTvAZGY=g73!!E$kcv)-GI4sWmBn{_Rc21w-XW`~+azD#R@vt@&7
zg{bYSuL}h2V$rjhlOew3SGj{m(}xMI+vQ(tZte=yojz>_{(%;<vKo#UhKFp%70hCD
z;Qpfxp?dD_BhlcXfHEB@CSl3)pk{)q$q~&-P!|mgxR)qOdU??Eg+Ir7nyv^Rpe1ko
z-*1u#x@FoASt(IC=*X5BtBaiJ^sfR0mhG$uo+W((oBq&1aGlHMu=T=Uw-2p{Wfh8D
z&Io?Kj!w^BprMVbds}{uxTHiiMoEhR1cS}(pMqR(NpFBZZ#-MWjz2LNzSN?yc0LZ2
zDG;F;<wvUC-Ghy!;FMS~J{zOgC_~Pb({7uPs%3VZAH{huA^A${6R4_YJ3V$`$Y=WF
zqu|+0Z7ZB?77GCZOg;;#k{vRTC`X&xzrxKX9G#yZkal54itb>wo-1+xQ8H=Sh>WSG
zs;c^UjIH#9!pNW3tSpAvb9?Xlbn&YmyE6?YG!oq3_mM0Ed@hAIfV26m(QAiWSMbCS
z6bZ=gB1kiyZRN6`6Fco?7eqtjrqBVU*|A~Y!tLbpJXNsnC$5x-|Kcj7jB#;T-P7F(
zFEHosm>dT^Y5VZXs-O+g-JE|ObiG5jJ-yGjX!5NV>x1^VtX59rO6xo}c=6~pzq736
z=pT4%v5OM`NZ$!kdiINIXx=rEUdy;uRXQWc3gc^~>G4pXSV>7q0X3pLc`@jn+G5gs
zMSxReJG2XUwL5oCszXef4~jz{?e+n#?dJ&EO}M$^>mbka4=g|^Dyct%hP^R9_E51t
z?r5P_{BuGC>5`6Te2TzkRMj!umU!yHsKqT+m$TUTFr2qTyZf+!Vs%KltWtn=IPdwk
z>9Lt4Tt}tDbPHOF@~%|9@}v6Uylx{_3y3koa+S_7!M{McVsOvjtjd(egyu~`LK1%O
zr_#ItS~0L=!xF{>J{5Pn)L3+>#BUC)_!@?6zSsl%lqPv&KhX!m%9SobA_kf~{Z-5-
z4fZch)tem98TINJwMl_e5N{x<WJ3PPS%3ddA!IV;__CJ`&}>)?4+lo0ELd(rO4p5&
zqE8_S#QPkCaYQF89TNI8lU+y3C7|em`f()MjQKf@`wO|G62e}?`FJwIQ$9XJM^XFg
z4~}sph-jNv+sABmb+{iViIJGi=9R;C`aL32M&re4t@4gQS1alhH{ilko?HVx_ly2D
zYAEX_bgX~ak%uQ$AN}*TCZ6%uA)?F0EhV5mZ2rNY<_slA*#0*9dNXu)naLR?3#5DT
zLK2Pm7cijVFc0NsHriKC+2ORD36{}vT3%?xeB^+@JV>iEmPAe~A93&ZK|*RYINPI2
z=R7hy0FN-XUJ<XMth8>{7$H;3_!n@*Gz({DW!b<dv2mC-f~6A<R-(v>ZkN11O&S<N
z^)L15X=w@j@hl`K*X||3n_i$t1fCd6KY4p>uld+6I|(|;j#%ElbgJPLE*wkd(Y6_N
z<_Zjp_c1KImzrEVSg0rQE;wfo12lvD7v^t9tlxT*kwGmIpz!6@1Q7!6Z)mEeV@;FK
zpCM&gcBiUWgFc)^uov`&y?fV`Ubjb%BT>yiQ2zKO;LZu@OKq@aXk1G=x4$3uk9Wg>
zzv1?sIgS1DA<YV?O8{-zPMmxk5E!VxvKrIw_NyI<#VXWJ)(j-?tx45lE-rO#tbjKA
zG~6nurti65XG(SOP$(qvdBb^)vtYuk$k`plCxc!nnU6h?0dN*4B8$Mp3kQ{~4J|cM
zuhr{M+8le*7YUoUA0_iS#k?!sa8gKg3^iRGRHS)!;t3>M5=R7dZ+uy}W|&Q&QvC1Z
zL#JIVQJ9?_(02B<TKr^$Wmd@}k8WS%WoHQPlk_Il^Bp1nU)k)^K-xK-7p%UVRTND;
zT}us~V(`(CP2I*&0GQi_V#?>ZXY9~&9mu1G8C}TrFG<jV1niM|ny>5|`ugCpw<}Da
zF9<^sY2Wyop1py%A(VJgFP=^@Lq1($tcLJZwh)fR#m1)1MWNtsZD4@TW%O9A0+AoN
zIsUQ#L1C?mF2LL4A;Y=F@dHo6-x=)ZUyP{yKo8YVN<ov^Ouxmm{I=+utimblOzD6`
zD$<VOn}nz(m3NukyIC?nIs^CeI?dXQ45*NG8su>=1y+H4G)*u`Sy1VcUOiA(fR7xI
z1Vu$f%m#fXXvDl2kjHxNF!ohnHIX=%vXYR{u>jDbfkTD}0h4Th2;5+N1UKX+T)<?Z
z;x#1Q8djp-;?`Uy2e|l^XqB0eoBp^`?p62p^;WiUmZ^<(mq3{x8Ri<v09P7-5{uiZ
z2H2eX@}<>8=KC(0<b=$$n12MEf70Z)0LlNp&2`HC?6sNQJ#KTqe!?s}gv}Fg4V0tW
z-5vvr!_}R8=)<i8wX^m5?P0yXd9H<mT|bP)$wH9c!hE78Rl&7x)2U6Ucu)WAk8V7>
zJ%rc6Jg{ACfnyXXz}5$L&}#Yn@XA5KlClp6@4mCT>=}e832l3(mBa1AI&7b@K%b`h
zr+d2b!{qj8Arg?9Z8OL<x6)>TALQv4HVswOm?)7NP{F(W^F2p0w3OEE2Cc@IOzBqy
zR+)fMG&}R|x#x;P9dX6RiNCR}b+UjnvQGuqdDVLZf4tUS{q5yNVR>zUN^k$Y?g2G}
z)XwIWLk+x=tB|#S`IYU*#?bh;Xh=DSKu6e<()tvvhX?{H6Y{srFG`o1Izj*3@tyIP
zSCETCp-^hMH1mUp>p?9XTGb~V;xhk$zWT8Z%mW~RM}BC=eu8)%WY8?mEh`G9SoRpy
zvZ+X=iZSJY{^a*ML3{H3qs#63YcQEBe?+TpDg9S_ML<0d#^DTo6-H{KO?}(qeitE2
zQR^_)EuiVAn>=ej-#qj|M@q|F_ZU~KAwIKa-(%9hs6ZQTUFRcT0{Ps^9T?R5N}TVp
zz!|v-AadTqGAS95dIOHbWT7TWTudhSq8RIHib7U+YgrA1ulIXb_7goAjEsS4juW{A
z_3p5b2=BjxDivx!5FKQ@1Z-Z1&H0af85sE1eyqlrLU;QtjoT3q5G+z>ETH30q2U`#
zmFa}^M2I8<<TV&Kkku`Ryq6VN=ym~GIgoKTS5{WkZ}e7)c+Nr9@v&4l>3;F%XTRDV
z`)J;C7+XQJ^)+|lIhObRt%|RyrKP3K`6^3>RoBvkfZ3#_ne<3CP+_7ObQjVdhTy%A
z&ht=IRD?yKv25N+_X5IJAsNsG8Ss3TX8(z_F~o_S_2JIKyxb$AQhAzT=jEQKW7I*5
zcY(<L2Xi&TRL|XUF6dvtPz(d?@*)s^6V%&ng1(1|Nb;cF+L>8J4$s~A<FNquK!9R0
z;^WNRLTs~?Ps5pX>N!UYnJ*fWiJ@iJ1ojMUsy9QPM+aIjAci`^)qS|wF>;c>K2dCs
zDNSr!@B8l{|KZfxiRvsf-{Z|V?kW*@&SE%A9LE0sN{4cEiwnk5@~-mJ;$N53NymT<
zOCrqnhlA%HH-rd{p*1wx1Bh7VIOTSCLQy(y)gLy@3^{cBe>341OwmS2V5S;u{=o%G
zly2p;ww`=EpPGuA_Vkqk(xm#aspUS(jix^{Iu)7iY1t46l%%zb?*Rh&;NVbn)DROx
zxjCd>tU?k;JTqL-Y==P?fWYk}%8{%&waB25Z}vLu><XnWLvv8bW_6pgNHdCGKqu-(
z07y9{X+a~W$#5OVe}pIQx<3G-BN2S7P^|5^qfW|h@ZVa1h33k#CYxhP;Lmc(1%S?p
zkjpw^FD{%MAaoFZ;(08I!B0wK)I`5g1cnYL`^_6~QYhbDE#nXp1~M*Sli*qIoKyqN
zV{sW6D`#l2khh;w44z?;p~UZd!M|1Zm*AW^Y>!H;akTbR`v;|)dvS3D?r8%*CZ5%b
z;vL;p-oaOOG8n~!4KXautUGw}z0G7n6<(GKJWX>$;r-+v!TId7t!=fL+6QJ@w>U&d
z-Im(<wm1A9@nlO0BW-Utk*$rNfBfR+UIh0te2!FJ@OF>QW}Dy<_(3A)R2qMMk{ol!
z@S3<6jkY5ZQsp4--;MA5;)aT<A~$h^NwOoOHc(i`-0dg{$5WfC?}iXB=Av<PT^C|p
z?DJ8aX~y+$JcA*xR#sQH^<>=1m&(d~>yMqtb7c$)Oa8%IT>!djo+Ppbp)TG=G~a|<
zXL>Ai-^(=Yqz?<fHne{F>-|^&8hmk8{E|n0Udtu~RZRIG1B&m@OaxZtZzw&BM4I9n
zmOEBan{bI94zkZljFM|xcTr0)M%Tl`-fS=y${l)2LAlqtg$i%`(<>C4M^Zvk=UkTR
zU2`OS{adaz-J1GtS;1=II;^Xz67?vPf&!=IVUO$D%i7>;<~b~?{%4_vNK~}lQDno#
zuC)WM7NMSWe36=-muwUcsaoauUjB=XyPIv%`<67^a}6XPY(pa>!VXP#^T|Iwut*~r
z6sTWR6dbQ!cM9-fgI7||F;zUcxjZ+CEf*_fiZwaoW-KNp43-pEk4e@jx@FFWl6G%7
z(wFKR9#Y$O=XV@xSyDZD5)*R*LShS?nIwjeMt@K{j%;wzvQ{LzojW+xTa~MyUu<Ja
zDP!hF5y$nf5l<3%M;KC;f1Myqad)!*Jepwa^u9vuqL*_uL1Muwo^H?FaiUmCLMH7Z
zh2`n+e*Gzb2|ka?xH0b0#<(?$SMvKmw_W(4BU2&CDV%92OJX$CYV0BTV7r}+hDIHc
z>F~h*>N!dC!i!FZSdU`O@{g59^ur}@dZYfRS|;WhC1;^lWJ^t&S)V+au?UY`uwois
zTu1C`{j<<XS~gj_U{+PPGhQ7w#X7a%k->7eFx5&p)<N0|E{93VTaeb8Rt%#a9RKe5
z+>kZF@!m&wcdj+J`&u%Ke+jf4^^MhHqjpS!8hUI$@1Rko7L>`liEYw&2AOfr8U1C5
z-3Zd1!%Z<4!RZtxp>`%}b+vit-X0WH?o)TzLtk;H%I6p((s0);Tn_VD^(gYo*45d$
zpY%)B_7bHJ$@nmE#bfo>7ULUj=&78Lk;9%RJ4bO($)IHByZdn2oGjCTh3$s$s}=(Z
z{ZfQtE&RI%UQ$d$3V35>3V!i{Q==9W618TvTMEmY*BTym3X2{Ge!r{veSTJUWmB4_
z@QT5A6)MGxj$bpDY((yL!g#!IJrx<fq{7MG$Cld6i&}%_5fjD%t!ym`+}WZA$!X5A
zqzBVyrGaQIGUt0!F*6pbA3uI)Wvi_6_WlXoxS*hHtRD8X{fEt(G}y5IP69sb)Tje(
zy$mev3}N3-Z6mz$(BG@wl4!}n?DpQNE;5(O93FlthCA{*m7;d#n@2UXldgyJqKEUk
zNkPNKzS`!BHdtugSLGpAkhdhE*t-b*d0m9?H&|N>*LlZ7{Fk8?I}@5*$gbrdsa!S(
z&AG{_@LIgm^zzQ;`nAJ$yp_A_RLir)ujT5FddODuY)ONOS9{+);e*t>3wzS!IM9CR
z)W|sd#+H@`<IT7|)9Wz-cLybD>8ezhZ}GN6f@^S|?CTQ79ou^TA$>XJC<Bepbxv(0
zb|@RvWMpj(?nlL4w?FVDV&)ne9e6t!a30+6SKkH2<^O=v%10MqhsLcrcWtP_fA6^9
z>jRr)CP};K(4IL6FA-#_J0mXbpOpPEl_2m&FDK!3LIZ5*m)l){?X|}|j=<G0k=tsU
zg4;?yJgn?4=rh|{k7p?@!^AO?3%!6+#5}y<7z{n}^O|tIK$Ac{ij0&`areTk-5Q|!
z&Ff@4-<DeCo)%7Qt6e5#A+M&>$hVtV@ep}P%CGpF>b8KCYH;|-U3YTmz@6f=-(lT+
zDKAd$e~kI3Qln}U-e6LRh&$I_cds6f#^hHzewNeRfM_A@#*?bK1KsW<yV+{<2w+dI
zcPf*W78;PRJ#GmMz+l*XD+A^$gP{RZ9Kzl0LCW{8rKv8PND-{K^_Wb}F6qw}98y?>
zT()g$OR6b%nlS}O?(g19^0?&nc*{C9F1T3ijN<Cn65$aRG{PD><4La+NAUOQZeZKr
zc1QEGSel(YSKdtb#}>2ZK*2_ro++oPlz<zju}y}qvk_&94`6usJRsVB+0XOjZ`&Tw
z{w(#hsfc|pZwtm>esh3n04wKp-d(QTuapz`Dox6>+o*MRxWHRzNz`p)3XHUagqNqd
zGv$!r*5^1e`Q+sEyyw_f?9Ns^$mx2e5gLa28;r#pnV4ECNp#etDc{*K8_UR@i=?J@
zn>0k*MSXrT7TH!y*vf>*sHwRQBh@=>++u8I&OB;Al`3s6cJ2;mvU|N{D;|~VI`3?L
zr7HksZ&<7W_fv})tZ}Q?@sN{|QQA86lseax9Y3s^>^jS54>bAgO&TNmc?tUSvIxP4
zORE+aW8tW^QNZ2O9t9a$6-u%YdPOM}cSC>E(vNO$|BzgY`2JpJjtLWt&>T%W#dF~o
zw7QKW*_stg5VVYHaNeWuWufS!%MveiO)8Q6WRV51A^wb+%it{fY&GBKsI__6RW9iy
z0~dZOT<Cnh-)pKPpS^qIggeMlC2@)B-p-Pk1!`zg(s!|XDp$Y23_s`E7%Q~dl6}K|
zI@Q}{4W)dbpUPHS&|YW7J=Q?_sd!$p9pl%6m~8MJ&!h`_8rp4dXJ74ExYq8d?SW3o
znYUNIA2Wr{EPQ@UDm_weaQHlBq4C0OOdMJ+)W4exGbYNoqf|@Xx|sI~8B&yw%u>50
zrG|2nw65;9i0ic8?W(10S4I#Qr-D8b9F5}3Lq!OLJLcOrqkP9gJaC65UAN9yWcQou
zH~XZ*cD(y`f-3h?#=(xbI`es=E$;QGDub<(uTugywXm>|p&$&>5wI3WbpY#7@P65n
z!y=NVcVuC=GtQl~zdrLqzu67!!mV=-yGp3MA7*O3J5&G*eGMPYK(l&JcU{PsJ2fT6
zfZwS%W>IfUiad?^LdVQ3vE{a5+g9#BcFY2N;_)?I*i}HtJxdO?=fiK{I4O8ESJ7?j
z&F58snmLpNvhUQGN~GbUV6ru|&~^5PQQ%Fo$z>T?*BM5fp=@C0MO&{r$%oFq-rkWY
zZ<N*~o$dzy5yvTQBk9(gMG3+FX1MH%%ZT?aM{CdI1g^fEVue>C=fXj`f_1ZACds$M
zH*Rq(C7Wv4R69|0)}zTn_ZRM0t@pYnRZ*DWe)W^1YIW5E5I*GzpU;jH$65Tsyn9gY
zc51oQe8}A_bb)PfokLV|qG9!~GJ<dnoQPwSYCPOG*|?1OOJidZ`BD+5F|o0SaC4fz
z5XMqV``2AQOxBclp6jKfO=*ud0kKYXt2yGHXi%}AC{*h<uh)m8vj{hxof(jH>*kUy
zG!{70NtmlNE|lB^39VFXi#3?{_*rpP85$e!)#K~ZeMNQ#o|m`MoceQk>}K&Sd^nG*
zJ9^uwBu=O6N6X!0QYg{rWbu;v>fyYUyEbEly?XBGJ?F6mxVht?1aIJVG4CoCE$G@V
zEaKR0$whd|)TAxQHQ;zS{t?W{M(d0#RnPt&r>!=ixbXliSjo`Wwz1e_a;!oHyHhzL
zmcmlIRp$y1j@?JvO4nrK-ob$HPM<dYcVzJQpwYx=XCZ%TDb3Xto~8O8cYc9ZDcEje
zMgY~Z$<Lx2nV%<S&`_UtEAYy4>pDy4V;qY=hBn^0A04+hT5G0l>eZHry)T7>y>#AS
z{*}o}W_H&t=8|VdgQGyBfrrhsyn(dr=fsP-BD+G7lg0MmExk(~ndxt#hf0K8X6ahb
zaZ_K=YbZLTUte9qqvN-^1LqE$biB?P#A?=gM>y1U3d~Cxn|^SgbSlg?Q}>$B{G1Ll
zs?@MIzRin#*)8M#`gH=K!_C8OiMNJ-P{2-&778e2=(!e78_EW>W}O`Mh``N&b05!g
zSBu#4_4Q>pT+Qu@*8yKv=61+adb(DJk+bz^9vkf1kgna@qZpr@PYCFz*KAUDkBSO&
zomxQ<=YQ}g<gi#)h^V|i8(wh6)h&ycmv#Qb7vo48?dS@Lfqf53<IK4^J1hwbTH3p4
z0(oc=*gdqSY;0t7wg0YC4aydVCm0^G)LDxc5ga`Eue8f_G1;`?Z1sD#=WDA&_ao#i
z_ufIRnw{czfmX*kD*f&DcRbz$aF_e8y;9m5{OA#buGeEj72p#|@r(8gh`?+bkNA!D
zU7A<zY@2Cdp3J&4GvTS?fM`7Hk63bvcD?Rh*`2K~GmgO4y5wVO;cL`{4h$$xrQY2h
z#<o0MZEeHqTelDSp1FG7r)D_UEuif*EK%%i5|xhJ3VDshrL|axZn?5XZ^D03JPv3D
zQ<+A=S1R;utRaEMZQRjAp|p_83UlYESVle50caB2AVKSFKCIq&r&j{Ck%r0aM->Yr
z*T5Z*^>;n4fd!j|m}~b#rt8(;EM8%2I?3b`O6MngS%$T9D)RE_&q=%*M5j;_*{#0K
zGdr*MyoykrS<%-Q!_cDotmGAM<Ud-{N+vmr>#PycZzvEH)8|D0m=YarNL(K#$u;SU
z<o%Y{8uLyy*@s!qIX58Pv#^YSeYGC-_f}_9g-ikmP95|3dRNXJ^Gb63e*(Pka@2HP
zy4LE$jjN^x^r(oYd?$+*(odgXw<L_HxO%I8Uwx|Pgmi0IJN@m%uDt$FN#oT!g9h8*
z*KW@9m4f|F+vA!aH^0oFpum{JL!3R{o}PL{R4XV@d7X#ox}EBO9(D9%9DSZeou}J8
zTc9#$D=~4~dhbZ5mnE)`Uut_?t~<435s>;jMQihVhJgYMxBb1h_?%>_Rce!#f<pb*
zuZb$J4TQnO)3{i0s;?cf9WFGQC#pV^XWjY+Jh)hH%rt3W1L!;*X5ewqUj81SE62Nu
zfR6Be0h_<ulehOPa-f%JsplJOzSmvDY^7yPSNM%Kp!4LFmH%ABh2*AmUGr@#;u8|G
z<Mc=mPS5AT<7rr}XkVhuT6&l^$4_rzH=F(dviq@ky;?7W@&)ghDM5$Fhi63{Fg5S8
z^_d9sq&hB*O}2e>bo6{CZt1#O+wkEH4@e1iR-bG&3gCTXyuI6N@MxLHB=x?QiE`)_
zLp&S64!1HimQMO3@VPhfrkkJgKp_1hw|eqwE2Y>Z?pQr&5nk5)<}z#P<`X75Q9)kb
zrvU$_dvT=H+oi4eW*vbHlF~(m-x03~@s9yQm_xGsoOpDAgWl*|rdeZ>Q#LGLtbHAn
zbH_WjZPm2oYMg(Qpc8tsH)%cIo#uH^j!9=u8r?1URQ{^QVxa^?e6AMjRL>JK9k&q(
z!-I2xu&^+Dy0;$Xc!^=O_tm+xM@j$rD!l0`q{@2f``6lsPHF>(MIKLz&w5_hEm%pZ
zx|{ms6%`c|nU-ADRukGuk|PMNcY$HN&CTTF9#;XmU{{6^uN}Ke7!k)XQE3?c#cC~u
z=h-p7+daUJfqew$lQ)zF-I09OBXmqSBzz!#GS<7Kmo&{+e)JuSTk^<Nu*Sn+U;|-{
z@HjL}%q4Acq1trt-QcBXI7PmBoUEC%CQ;V@(kVWXPP1e<>fHll>Kf<0i>7A7{iSDt
zZQHeIH!G{dh#}XuiCN;R+2nAoo@deW^4l;sOaD}_6S6zO8#&9x2Awd%@i7fgw|v{I
z_M~>N+a0dKyUH>{uW#Qt!d$mhz|OyF>nYWlnVIV}QUQdRi@NQCs@4dvt7D=yu7y&i
zR)s9Q0IoOD=l|sra5laNrH%rPBY>RBbb_*bszXzuOAo`}5uZ=gSW2ZV<mTEEf07f*
zfeT&!+jAS*9TOQ$;`p_GIn)SiTh$7gD#0zq?B>>7<&Eg9U2ybH&>Pc&g-&oS$tv6*
zv$RQl?VmiTm^%Q&<_nalKh`eTHMd-vMGY8Lf-JpQm*grsGxI0u{lOZvWm2RgknmI@
zJSR3!BC&!bF1sSFBlcXK(`kT4$K#{W=g~kF)atJrgbcbB(yujUK(6jLB+ytp(lBFI
z?Rw@0AGxtM`{FGD{j2A}Dvpdkd+B)a2N=}&r3>cwsPPP)6<8V`Lt_0Mr+T$h3fPG9
z<Hrm1h8;J9`-yiY3iXe!-EE(&JIo@t+Ol||5pFV{tM@r-w${8*14vhH7bCxEYaJVc
zHAxNkn{8bluAZt-yyFX|%*>ct)D6q|9+b|z%27hlnZ{;?MMTazowGs@JMUOlD)X-`
zXZ5;n8`n}*4*Xp-P8b?CW+gnBTzug|uQTc{2_@zDax!XNG1s(eO>?&N-cWtMUR{Ho
z-#9=U>xFJ_kvb>yN}8Iq7n~N>+_r-o$E)4lXAY1E?fNVGY+lQ)53<PRdHFT;4fRc?
zaH-s?o4A_ROD@Gw{icX}cmhcm)^WWOyLOmw6qHL%j`|JHw}-drHj;X}kAGUQ)fzD%
z;i062socmKzdnr+uxm|q+i&|CSE*jaYyB5jvvJ6MuOLT;&~&GLrYm@?WZ^S!)*g@7
z#AiD&mA}j_!}b-6&{8I6F8pZEYVTw^D2jbM$9%!pzqIvA7LMuNXFd}(-DDMvWj3X#
zs#>$lWeTg723C5o*w8oa9U;Us%KiCN0(ha%;pG;__q%#@W*{3QL=LyQ)vPruNobYk
z)MUf29+<`ynqVW>J-_xi&^!h~iG3n}&9$~s$x1hsvGp3SmQg+h1p9O$<A*<q98F7+
zJJHciYFihL^XAT;G1ZuT=A;OD9v}f(lDi&wk=I;4ci`r<ZZ61_mjXD3JMJsgEQ^~V
z<Esgd?Wn6(BAp^hMYtg1PqfO?`d!7ahv8S3GHE;#T#Ky#jAvFY7RtuA1KDew^y!X)
zT8t3?bxJb+Kg#Y%y88Nhus1Z39<R`B!g|B;4i@31!nNd5Od(NQd`{>tL~>(i0yC-&
z$-d_Xj8;zZd=R&*%Vo3MX7Gv_N$LN?-djgSxkdlO7>Iy^A|Wj)ogxj2gtT;nfOLa&
zsYsX7jdU|~hk!6r0un=~bPQd?z<cK2>%I4TfA4z#d)NB?@qN}()|#2;Jo`E4?7csG
z?{m(_>{3L7cUEAe1bxPeT{thp)e~-7%>X)48E^?{ft}OmNLaUInNkd$?A54$ygs}J
znZL$BXJ=s32hpp2?){@Nd)yhN>#A{cQV5q49&KwPeEfXV)b`TXy-P@zNR;=_QiSiE
z8~!Ac#MZI{dAW_01NH;=%O=YSgRZ-;4p!KInrOJgg};pwlTWTgCPYaOF1=3dw5}rW
z6E;!|$ZiB!l@10Plk@gpae2qxno%DQodV`W4X*EBQl#fg^z!HX7{5Z`*P{-HpavVk
zX8OCDzHXWcQLd#t5$x<O=Ptn>)r^}C69p`*WhTOLdcH@?9#_puT_U@5?4kyKfjF=#
z1G5HUk?lZCfg(j*<CeO)aD`r?0Z!YW3_rdxsvNa?&TtoV!kaRm^YVM}$SI1hxGd=?
zQBe3mP;S9^_Q+!(xb;2Kd2!Co-3zE^%DG+v<&{FsN=&o=F$nMMJ}z#KS&!8kTx=c9
zWn=m;Ip8*ZL+-5KK#&>h27C-)pl-5$?rkA=)#<RRrm0!ykv^(L-pJR*JyXuw&59qN
z-P|3qqf1@r&-{c|m7w1(@_WZMw8uk{qR3qChP0wltFd0&lcqU#8X6Tv5k%Ca^TrbQ
zV6`?9e)Q{`pqo@PzvPU^5v*`@v&qFUF5PYjywhme8L<eUGCe;FgoHmRtg3pe=hYc5
z((7?>xuy~RYTBrLqcj8e+&l9X1%d-)J!ic)O^khz0rJauA+k|Nry}fyp>=tbzTd}v
zt;TE_lo;65F6TbeY87AB7Q2=#<@QgFR5=rcdw3SZPC#Rp9bNq!)6I6D-|w`&2z1tl
zikv%lS!Y=Z<xMvUm1s9BZ2wr><^gXy;~6#5B(EWV>Qdo&urHK0@csKpD5Rz2IQ7Rq
ze}JCJw%`6_AR3ba$jOy99Y1a6vaG@(7g;>kGpwGhdd#RrWZ<Ck`T0~YJ70tW$a$oD
z9mmcsnJA>F@)e8sw7uxmpYH2Fx+rB~O^$>QgeTXmr6DNPz?p1&3Egj^W^7TNG*Uk0
zP9nI&Exqq?;pDi@bOcz-WOQ2>*+@K%kM@&hJ<N(r8+KfP{c=X=y{?^d-W@a)7TxF3
z6J4{7oV$aGx%arVhrPZ&V)n?<(ebVNoa|fZOh*+!z|a;Z28KZ}TN``^XGq-kswt)h
z`o51u<@h&W<d6w%!Hz*h_m-&_o>lKlP_yqy?jp&Qeo`qUQiL`id4?UA{{mK7?J{#K
z(y2ZyOimto#_PQ17%_0L3g9WP*d7?fyA%S`knK{v+M$y80>#!{vRl8zYw%K32<dv4
z>wGhdAgy{=EX-sPqr@R*CMH(jWbN{u5fokUTScR;^u|vG<A4b!+5TBlFWTdw>%!E_
zZ><$+65Vno&8oPWo1QE0ib!2<K(2GI<~xKcP-N86HuHNF?;l{Fz<;EAUKINEtAE(U
z(f`p4X&oDCuJ1G&z1r~|fjfI&bv#*0k^+O)<@>bFjqUh!u+v0sY=CJVqSDk^_sg1#
z0{?zyQpsXZRc>U9o6@MUaZ^pH$k3E=y7J6<gkU&D^A!)><L!7_Jr`$DJ>SYK!En)4
zmLVuy@z84O2jLPil*{>qRne1mNilS9{>y7`&NF9pbaZBBZrRV!#;5K!zofLA9kX;M
zoCe?-jc}*8p`7qYy7M*Rs|{^!DPGFYtWYs4Ko^{2Igyz-nL4K3-HkYe_wdjOSTNx3
zIq(2T!aQM(ett5irhlVdMb8A@q4Hd97K6v?TcLcidZ8ALdT2b$0kIg-<3CCSYq>mD
zylc;T+VI#Z@88eR7j9tUX4dJAg9sHM%8C(RnvSX7^#DVeohIC{vAd8pS!W^ZZwGO&
zq_-R?dw+TExxnbUWj<3_4;)g#4MvP=kA4pbkwY^kNMX#TZh|sa=7$g0d8~(&5+!sM
z`4draAtAvWK$K!}<Kj3qVEz;YOR7m|$6x{B$<-#CF0FCNf(KHlEWpVfPq{gT^NbHx
zS}v)A&aYnDm+9miC@CD95q$O40O?LkUv1KUgVV@4X!}nr?7M0xJn1~8uss{CdU5@+
zlIq)-2Irmp!LnC2lU1EIx1$#8YECcr^5#&}oT)I0PI=5}yyB%?ab8V{PLC<`U?yEJ
zAZ0`KEZDY~0|L6yV&{0HUX7aZ@r?~1QzBNKn#Jso!;cRtL$2bO9)wNNb=H>BIk~NO
z5!+1^21~Z=tgXBqC~fw*Xj77ibG;j@!J?DLtM3vvVDU8ZaJ?47C`7I6;`u&TE~TI#
z+BcpS<lTw_)0$rFRT~|RmnjL9U41HVxevinDS8@FN=4DKYO?(6*Lu@6;iHahVo74(
z4-V2EhwE({Bh{&#>9L79jkd?L)K*)0G-}*GhEkV{iLnnyPYWstGzmbzGegL~V6zKL
zN#W#Ko(i*j>dhLU*FPnneH&y8D4W4``;nrEh;F2)S32!gW2Apx%W7H<WeY+#F;Pp#
z+QY*{0|V`yGRTxo)_SIL`nV?J2v__1%Fw|IEgfA#FE75s4tK`)V)e-9MYG=cF{oCg
zj95#IvFg>{0mYlooXCR{r%+Z=yB)k4&O;`2jKKUCd1F{y7`^JR)!xsPM$RVZV^B1z
z(MM~+X5BJM>kYpYs~3qyxN6u|Y7rO|1?X^yY}Wcqa$JsK__KClTR)Xg<th?~m@I0v
zHlQ#0{?K2n+**T)!ki$}dGqu4j#|Ieo*NA6s254JwfQeS`KB7FEbdn4sIV52P3x#!
zDcj6~dS^5~o*BVkF2?5tX1y*dNZ$!w1OA4@W~c8rVs#&&p~=8oGF(YAPLrxhZ+FVB
z7d)m=J}{N9vOy?_In2`v9zh?*cb}zK;F$I5_oRK-uC}3;?%|6okiZUsUoZS>3!C#5
z=t{edg*C>%>dKvlFxz7i-up@_;I)>&b$mTh&eZ?o#~#y4%ahV(RE<HqwySw6PXhaL
z^wN80#+6JsDwl_uH}<re_VG3>!%vD<8cY_Siyy9KEzZ4cGfs%xHd7U{Pm_)B+%aRY
z?XERnn7i7zY-5jM#IKzqgWoOb{BvB%P*Fr?1nxo&u;pWR3}-xd_=*i$r2(Q;ZXLL+
ztSGvU_N?Hp@9TU{<n(tKQ#rlbRO?mgNL<O(=xUQJQzO$?Uj>3S89m2s1z|3#ijk5o
z<_{BZl!sUDI{&gyQdSubWu+w2coBRTuga#^*2E<J!r?whuQ3SFE3aD+`;5XUwGiAf
zu~C4g5!L6<(9S@hy#YHRTV7q={6U4g5!u>=dj?3vuN#0=Zq?g177&z`Xx2-{>$<C$
zXkenr6o=egin8L<uas!|KvSg3zI&}V$z*h>BoOn@cSJRdmQqppOk*Q0f-YWB)+~k`
zj{e7|sQ=!n=n-IbVM9r3S2SbFlb?Yjm$ww+dH%4SfBz`2iU~hVwsgTw!7_p?DniZ0
z|FRPNWqiyN2o8$<eSKwwgrF}$`8)P#CaTCFH;EgEW1VP|h5q@)v)FsO69f$W(X@>;
zWVM3Y5ju_~A=1UA^WT|N<Ydc#uLU@DEWBqGrv{Bu+!C3wx&FI-uymR~ccVIKlDQEt
z$C&qW;Osi}18TJrmnymEvFZiy-qcD@V4ymaZv9)@@c(%I$wGUMoj0!i-*X;CQ!f=U
zW=irTc1VBk&3pvQ1<Ghb{v*!%_(6sJb%%c*ruG62^sFbB{`dzWK5B78&J3)G+e$Cp
zg5;>4SJ9ue*+y>>CbQHNYB{m=2*$BnMMy-|b}f8d{HKM&2sGjtgxf2tipI-yYkoo#
za$Hw$?01OkGC6DZQ?&nn*n6sH9~>T^yqk8*{=Su52J?fm8B+euWQ3OAaGm9$tK(hA
z?OzQ!?F#?!@Z5WN{mDaDiLZY%jiaGmnXL4b{v!l9J~H_AKSO|aZ}4{4KMkW@3;*9Q
z|F;uR)8&6>!v7_m@PU+e46-HgFBN`eXwLbEfB5sW+vaWE2wZg+@_+p#pQGyG-)y&N
zXg8mH_?Ibr_KfC#zx=<x6RPI_u-o|pAN)S3mS~5G(G)U1VUb&zzlV<Dkp6qHQ$mVs
zt`lgo_6+o@_$bs=R7Q4NR;syFGx;;tC@_1PXaIki0uqNE1P@5_@)HtzN&&;sAJ>;V
zT#@9%<yAC20|O;ng(<2i+VC$g9riFoB1$a!R+m?Mqs%^c8h!4!RC%A8j`!DX_Do#K
za#&b6$}e9AiM5O26Ovd8#ea5D1!!5-Xj_2|HPPnP%+2c-A8erHjfzQ)F5226Bhb7`
zp4s}Vk!NaVI5^7HmiG$@@3Tn**@qWmysv`CmQXT$ec>jay|_us#P^-0sIw3R!dfh2
zJ*9+y-TQ^?<HwuK0s=B^RBaWL;H-;h6^>37OpV$EJpfIBALYdj4%(v@#`F&lWm){~
zf$xD;{6!HI@+$haX&?OhLLkxkgM+(0rRx6FC~dF>@)Bpbd3Z>o@cW<FtLHz5xv@I-
zK6=FJrDFX7%I<*v!MckbJ!(XU|JTpnUA;Rzyradc?jPXK$R?6eQKVvsa;ooWrHD3$
z%6aIdL0vLdm-MejzjiM+(UXzuaKCO;eT;f?RCdBRpR}@z0-JHjU#|SCFW6G5=AuxV
z-EP(SJ^<yD8Tc4pDsgf~Wp8bz$dumwtFievPWq$~A;C)auU^r?axea%I8-ZIx!rlN
zf1vidTFnu#v;28I)_Fgg+jQY2?GFpPf!PKaBVU<|^GHY04Jdc>{DuIkgsVJ8t2|53
z#83znpM;QJx<d1BgfQRQ;~qZl-p}{x9*R3L(eDMV^wS2Vzx#pZf80#=>s0#H>sk#*
z`QIYMcK&ty%~|Gu;kd8pC~1CQkG}j5p2q7W|NAA{|92;7+nZ>hscBT^hL7Y76GvqO
zo={6<7i+98&F?-%L)*o_*XEY2&icgut9wXfQNivmM`FL}#I}pp0qbPC<13KdfJK=w
zGc_h%%aeuTfT-O}T3Jr+$-g@Por-cSPS*oG%k^2RTA+YEOZ<Si{ZrX19_xhsfV&Tz
ze@rxk$W}2XI$8yj=bxAYO*M{5unYC@!|@j<9v>G$+74Yk8C1EZmM}4^58JsT^R<R0
zA6F**BknsHbvm6eSXfDEo9iq~boU#f8n8MKtOI!g7z;QktP(U8HFRAvNO)}-q_J@B
z4mH1k4+as<4VH)XMeE!B)6Um!4bToQu~(4}!zH3vln2z%Y(Z9QTY5In73!0TIp<?n
z^@ul7u3_;fwxXr?Z#@7l#OC!>KeY4Jwi+!Zx9elqs?g;&yVCl_bycdHrM>4sGI*sc
z{c}C9R&DLq>t&r{k$4LrRDaS_rIOR6p1z)+v)+u_wLV$a=;->rfq?;qwlg=Sl|e~P
zc{ox!ikhaVzzI662G**9+KI)~ajJmVlTkR#Q#(1%@{^{)sBxzA>35~=$>{8DK^Fvz
zfiS%`NJYs+ffHl$!O@zD^7Pe~6S|<HM3>y3yUxABFkrN&`IIUnPW!1{VFPA0iucuK
zx=KQ7_$RWI`JWC+2`SX&@KJ|TbXC!@8_X#pM<L6o1+?A+>m~Dp_rRPu+VqU@N#=)U
z=>qQLx7(xf?qPat(qO<=ST!>(z?z{wU9f8FZFeV<P8w{dAA~)~TYK+`0hqz2v$oQN
zyU$ODA+fQkOO-7*5UExpC*u74^-233PXL$jkEQylTY6@1$wkd}=CE*aRUm0I)7s+$
z2+z;^y4T^@7%3o^l1f)OQF-H9W63kn-vwGut7pakmcIwcKYQr5#w^{dQG7fB&htfg
zX`FqC%rGi~zKp`jCOc$s+R<u$yH0n*tF(iREZb>dJ?G-WD^h)ft-i9oUF>id`2ru0
zaKl;nE-C#+0hDrNc%XIT=&TV=mJJFor^Qm@;&q^g82)oO(gIp4EYe$TJs}4Uh&(xK
zq7~lzj+A+szkJ}X@=1&6&Q?)fT~ZRCyXEK2f9%;i6{T3LF5}FsH#j(4E32%!%9+c!
z6avMd4&mutYG@>!)mi(?oU!?_JLIX|M5%}KgOOsb2U$la?=Dw2p7lI0(XO1`Y*<`c
z0_&=(>?T@N0E_o4>!S^UN}b2X<fDZWYwhp7dAwJ2YfUhY1!1iC0|WiTHK~oUF;yC%
zf~piPc^5o6s{75)<`=fGUP$Ee#7sRmK6@EB$L;HLI`~Z9ZW)J(iHU5KhckSGFeHy$
zemHJhu-Z(q!g3@??Sxy98KgLA3v^%+Nv*GgqfWL@%3c3ajQJ7OoDX~2)r(;kpr{rT
z^J2MXX9`2l?k%rvEx}qWFLZ5pfu`%gG+KH<=<<u@x6x0upc+b2GFK-}7}~#i4pQbv
zi$!pT$9ZLqhX#2AKb;gsi$Q8rS{W8WKK)^@?9;s?xN8JwdYp?Kd-J)AVbSS?Z=tER
zvoP}1j|&5%8;mI;U^atD-xIpJDI?9F%{zDYOg-65Sg*GFu?1w--7aP7p!G*W$!Eaj
zJW{Iy9mf1uh^xw<<|mWhZrMq2Yw2m|s9F7|PmkzmN0|20E9t6eNAoGN#*@msE&>7H
zC3YvBl*SgM_27NEUgbpb&P>B;amQ4aDC&!D^;cgEe3DK2q$DI7gy)J@6D9fVDm78|
zg+i~BQeGA|?vPG2CR`ejsi+wl4Rj6C%-?0jz$U#Un))SD<WiZ^`y!_+4EfC}u~RmV
zbQmmJKhOr5o!^&&iCST&TYhiC3|LueR$u9PG9p2A%<QO#I3^z?g?l}c-k8Wr-gEP@
zO{=k;TX#+bR$+U__ZgVfGEo9mqVfksmrF{eUoD3hvI_KJ<?g*tjRhFKd7rp$xHWJ#
zTPapZmF-j+!zh3Q02cH!Eh=;Di){X$HNBJFtRL^XpLbNdsksF>)0s1Ae@g|xWKy9j
zM_NkLK!Qs^`z)W19)dZ;Wr1%hW5JNbWk64)_bH!<Z7pq9=-vZzY59YCFG<t5fmI`;
z%&>KOc@jb`To{a!Qe)UEQMmKwQt1Y)Bn#9wG`w`>CB#26gEa5`g@usFlNQ^5o|w;s
zdSX>A#~Kf)_3H~uuCGIddbTH1vu7Hkg(x6u%=$nn+=O;WUdl$inxtG<Fx00U7^uas
zPnoejA(;&fB&-SIP44%B(a=wNJ~OZv<K3D~naK-eYc6Z;YkTfv^RIMCVG<KTm=4QR
z0!<sqps6Z{7bvrpH9fX1$a9X|qlm<9y|T?BJshcen?A*8dEw|}|4EKM+8Q8B@?Ms8
zS%%M<8~5??Sb%0+FOmnVE@Y}N1#Rn}Z%@_kxlPy4dKCfw2tzvC_kXj$1H2jq9x1CV
zsa{j4;ac^HV*E-7(pJZQv_boDxY1>sGk16x+i$tq6L+nDh%)Adyeu29r~wres+5j^
zdLadjUHol;@oi_tR|L9{?weQuJO<Mo-6!~XMyhT7*(6rcZ#)b7RP~9IiN=@gOTF^R
zgi<|0{r=>q$5!>Hr+l>z^|jVBwsLu70;+XCWXM#es?j~bl0&AqIx~$fT)Es_Tt}11
z##Ign>a~DIUAx*^KjY}1L3$UWzWiZt&a_V*Oh``O%`cny<OIN5jut`JG7MjYoq_J?
z_B<gyz$Rkl$$il-=4=X!5P^-BzYv`9>QHMq3n&`NKw9LuV~VgEl=mdqPID-MZ3YMy
z!Lqq}NnuOavEGk(NoZqCe0G+Uig%pVRIW)d>^BSsa)4eW3L_fdP7<&Q;G`rVC|FJR
z7&q(P1Ft5GT;l+<i!@UH{L+kIe7no*y!=iM1>>DSNaKoQwdGKsvEKG%&Cf5%rAlBS
z@JPK1#%S?<9UMshU}mQ*Se5ojnhQPg==+Tq1jJhXS<@y&xFf(;lN>RWP0BQt+)aK;
zI(&BnrgF5wX*+<C*iRy29R!x&$u#|I67$8X)^m2zS#(zrY|IojZonWk(pXrSW6f8M
zFF<%8U_bvw8HYmI2-#4m@%TAVCfnYf$!e+IOTFdt9}ek?gG;z`faQu7Ag&D8xx&6a
z7ErBWNgmC;b+lP1se3oe3-tR+zkzBggn7<r6w=y1mJ@&H(=YSp%f*98W?>#Zz+2Bq
zO)Ul-nFa{Fy11rlwnrAIwY?A(jz`*hzS{&~B@HmI>tOk`x=at%_H@0D^9C(LxjwmZ
zlhZ!~oevyvs6!sFl<yaG>?;RP77&TCYCi$Rdb2`@r2vYI)3Fl4C$<+F`mp#Y$Cq>R
zXVNb5ale$5J`0rCFsJ%>=+wTNj*5pU*+n{AIqU0RUU+82vFTX!C4=p+V_|Ag?#UwO
zq7~Z=Hz0)flgnOZ8>msa#gA!s+o=MTyc&<gwL)M>NHXd+6L$U)>lJ}oH{p_k=*403
zSm{)LvR#ulcqDiw{a)beHaG2Z%@4-5B}(DxCd{B36H;2g!8HmofEs(d=)8|B(JUzd
zwf5-?ui8~>XyY?ix%eh4CyfV>6-R5f1)UeZ9uSa{F72WE*e9J^(YH@$elMk8T{H4}
zyns75@<bHuWGX9d-p7kfzFkr2^yCa-Q87`xF<s#2<i9iJm{?0x$@-71`7F8P0wq1I
z6Has-$#RxIvoo}7tuyNCNMz*YVG*f~Ro)1;$a_<ihE!CA2Cb#QDaVdl4wni`%P5Mf
zU*lodeyf^|w+T}LOZd3BxT>98qfi@6yag9BGAxHO3qJVyRa?O*a@5<c(9u-Wy85R8
zF3Ke<{q;A#W>NtQhNOR%+K@8W(=Ri>M#b!}JW#RspBJOO-yVSM{|d^`E+75>lQP0C
z-9jZKVrqke>}Ont2}IIG9iPZsjoFN?*fhRjXV|q$ZEI^I@tWevDIAz?CA8|T(W8i*
zv+wT=DWTYQCNApF^~S)lSg#lrczbGIP{S<kjAvP(IKU=Q*}HBzUDo3Aczd{lz>3GN
zO?g|?K7VA>CP7mJrt9#Ygr^wt5!DTCet`ftq~~570&A<lwkH5@TDAl`+s*fWs%cl7
z8VASOjC@IBBeSoeW#rjTp!dGgDX3)!*q3~yYTZe;DI)Y%N=d-o4e6+-HnXLotL&_M
z0zHfEmu5vuFQCWRSX(3~6WNYBuA6c4&S!M1%s`{)MnY5+6iUHv;Jj8MR@jDfGV+qe
z{Q;`@$i5AU$g5RKo!l!VBq$&kbg=?rfO0Vxxx75P3wbyx-NpwWZ<%T&qy;IhHNh_t
zXE9SzaDKRz`NJ$Fw=SuCvdq1a@TyW7`${V#ER3bKmVlg~033l(Xa<Y09L}x(sXScm
zH7dZWc?fxGJF8!KZs4<bR;ZJwUJ&P8ZQUsV%x}%Oqn<!D%pW<RjBLOxB-VK0?tX?s
zTJk!s=KGP{F==T^i#Clul(sYFQcjneYcNN%lv&A{#x$zvZcb5~bIQp^_Rf+%9u3_u
zr*-3aFpGmY^7AFQZ<B4MR4sQ*axw%$uMpd>UeSsyVyFC~y$6yctpi$L$Qz?V^l~#>
zdjEi%r|g`aV-_ZmEg4Xl>KUzbCk2BQ(-Es1y+6cJUP^eyIRU8vk|l{)rBV1Ehg18N
z+v*9JZ`8u$3q|0O$zL?)NLKewBdVPU2nn^f_SKW+u?eq=plQU*_fJppK({E0xJfiO
zy6$VOm|HgNG@V$m>a|QloMnFI5CPIo8cKC%%J(fQ0KueruItHPIs_POI?uF%_*Da!
zB$rNB<4h0IXxl7FlTJY|-SeYcEffcNp|2iwo;IUr5boQNP&>74>AONFBhM`I$vL*l
zBCXF<Do+lOn-6xv?l2DRo7^WPEVL;yBb|!R#-Q|-P{}<%p*VG%`;>h2Rk*fLTfA<7
z3p@>M>lnQXh-4T-sJH5WXdydk00x68ntS4~-KgCBytvi*iiZ944wZrL!u=U9q=}E+
z)Mz~s&c4S%$gkVqTF>2LHej;5^%o6yr=FPa(g?V%z5G1oz7y=pb6R6HGfSgE7%IUY
ze*P-mi@y`zAp3Kpa~SNx%o6W)t2CV<)U#hs6-lSu`-N;c%4H5Ced#4V>-o%e77;UM
zGrn<Bqt}XCYdcrs#8y{7Zj$D9YC9wP<`ZW+Nc(XQ)K4x+V!;MXq`~pkYDo6Rj-@^H
zO8P?SC2{G96Q8fkwejZ7$?AQoz@pKvAJvMEc~W|BS6WMWgAKLddKEJXC2ilDRIlh_
z&J$=*20-S@!q70IVKK^QvdpXD(iL_W6w)CeMfz3&ZhO8uzzFuANrkY^)hT6;T^`7O
zejY+QTCAj}(&}xH?z?MQz8MyD8<x#3wb?O56LJ>-{DgxaR*DuI*|_0o-wo)ar5|*)
zF2G!RdUp+X7UDq+m4$nXb6Zj3WX8Kv>eTgWaIr(efMf)cbynFj8jXv~$b}zIhA46=
z;X`s5hKW!dM1AlJg(p~!U)c^tiP9GVx@U=i#VC9{yv$y<jiRI8+#=TjHaZV-6Ne5S
zBC8+l2KdAwvdWD${YUT%N}fXn_#72|rIzf~x&Ditx|Z+np3>5agZY&Up2wq&pN<8N
z8u?;!;4?Ts1z~*()>C~ucYfluk>{~qkHK85;AdMm&5B>EUD7Zg(s;3<_eH4MYD$+T
zt*KRPOz-~OGOAN|4LHECqlTWjk%SL@C>GQfZo6S9<5+A)2uDR=xb5+%F}DO*epBb|
zxru?XnF!q(>fs?pTJCwAzARM6Ifu3T^arqZ#&vghkM65&h6{AT!qjy8$FC|~=M0r}
z^&WnmLw8w!L`{x<?YYEFQX_a5p(niA)p+EIJa?R?QE2eYw}(1-;pYWP#*m>P0)qS5
z##yc|t)jO(a2jQua?UQ(ppTu*cBc6&8?C=_pXjQVSKW&W0A~vVy7sT(Iw$+7!OgBv
z%a=Lz-9>$Ua?|d+4?iyqmDQAfNTOil;CzY~!D|!c`?GTZh9PRBUHX(iDJm)?DF5O2
zWh}n&sr<ve5(A7{$VG6uib#7wr3RK4x#L3;lKH_j_)wwB-h)Pe6I)xXbO9c<<CFC>
z3XyZKWu4ZRnmeS~0y>k`9z5d{+646@`*oj@dlMIomeF<Hj0LwNgCvcN@KBt^=5{n2
zu%l*mKJPae+AX}|+v6)MxqJ;*Qhb8^g=Epa%WivIgoX=B98X39{Zj9O7x=i8OW!qK
z=}mAeEX5x?{<8ao;<}&Mr?@!%d_=gK%K22Gj0ww`R|JDa`lp1Cp4Sw2_m{2s)SREm
zyP7Rfp^=l51Ex1J(%LO`;?2e!%Fw7yKouC7{_znX-<?~Mx9nY=Ka|MZGQK5REkqXy
z`?A${X0>betK>MLIyQ$P5xKZ*m7SYgu)XQK+S1d)xD@#Ma%<006nk$k_;zT}hk^o3
z>k?LpIYBT0Spmn-<0DE2tKn`XaR}R~3eFa-CpzZL_*i#Hkk^3FSVFw4tj({GX!FyZ
z7ox`efa@*Ni3n1_+IUG{h1C0#faj1cfybFvBq2?BqV3za+eKqG>@)B3<qVBboJ34b
zG|+*?N=S>!1bk;DjB?CNxahL{_gVl<S6(y2xd_U*_96$~>^!qyf-9xMfo0Z5rX`&Z
z3Gau$r%^T2n4HiyJgQI>=e`y1E39a2<kh#^l6iA_yD@Umbxk#vYtQf8xdWEo|DmPj
zPOrMn&xi48X=yUbs8c);rE|OewW9f9MG*Fm6pJiQ_vzPE84S_V<?cwM5!(@TM#h4(
zCM+XcHU-VgBcVQ|n?=R|V+8-OWKn9lwUPD5<C5h0Ux~eTN9U7+U()irh`X>?<h~u&
z8xVRFC+)Cl*1axV<N4gXtl8{?F@`*?l&R3l%<{v`x;5XCXzZ^%K4&wY;c#I?8ed4;
z>Gz_Y!?Xu_+YLYa=Uit!lRC@U?UtiWG&G~MRu&FM95fpGKK3!~6MjGi$dGi_Vlk!9
za&B6ZADNa$(Q@i05P-V__}eO<Id_$ogcF<}t}#?CEj`%txe8|L)=F=vE;B*G%BsuT
z{h4|1<B=$>X_|SR#&#J;cj2@@rc@xDtX%QdTf13mRzh;R<`<mlO-xLj&}xr<jJy<$
ztvHU0Wj37Y@i#AcQZ(1qfaNpMfM?Ti$M5OLzI|s6Wn73zdgY3*pR9&0{>FvWd#be&
z*=nKl<jIN!($kuqP(b`+VIpMX8xP1R!PSf%6TOJ`(S{z%h#^}5J{uC;RC>)Z`IeYo
zn`r#o`0Wy%r)-`1->9?FjKA&@*LjM*8qdosDsl<nMys+KRvlN6m6eKo|6sH<wZ(JJ
zaAbG=oqB43QST2V38dAs`?`{{&{H;wne#B{V}oLKL0fHY0Ycx#``dGr!9?r^*a#CY
zMxTqF&<i{D@HS*a#-?XUh?l++U^dVi_t`%rj*5*samtPKE`p84omF;WPbF$;)wwgf
zuGrNol!QJR`#~8W92K!}f5?2+@Sb|{OrguI8ZkC#7i;6f`V@gD4q0c#XtKlnJZ81A
ztL5DFa8kGBw4zt9`%eUiiaQ=vOFN+5#=?<+ypQIv+`pc3j==M{lc1W7U}S@6^L*U)
z#HA>r?R>vQ+(hZ!f|u5!H&kXqSsi>Dv7Hn==^ZGqA!vLywvAyvn8^z|EZ{wjnZ*Lm
z?DTQCtoU~0$qgll7W+lRRnTPhtU*gi=a<iw9Ns(e-@kwNuKPaIPkaO6;=SZnT*9)q
zIvYMXJW6m}qS;7*@PX+*&&memL}ZhVN>)o2h{it|!}2qGlko@k+73B^62Ixj5I4bl
zfI3t1@JFv;Z>2?+M-G0lDf5`k{c4?>U9~AlTw`b%`9u6Dc;87ei+c;5zm<DkCJaIT
zu?8Fo9~$B3uxb13{oXAhEU^O|zfXyYj9XSy4VWZjCq1hyM^B5jZwl%ZeGnvk(Wvf|
z$usCX>3z?PUH8GHej1O=+meIDL0Ej-08Gl<pm8UXRq!M@;$(AFYo>t7RE~lwDJKco
z%Pt!Pk>#<Yj0}@0`>EuTwS%y*aIxNAqWRpa?3keim05inpZm3r$9)}@W#7e)d>`PE
zlMf*-U9WK$FD>HTBPeN6b*t>EAEf}bKzn%Gk{8qi|KS~fU7mH_pSg-;w>$-{GRO&#
zWbh+0e^@y>WWgJZb666eL6zNJ`veDznEPqdox6AKH+FG`9wM&zB4Vv-2|VR&idM`6
zo!v#2I&=Erj(_mnWrirIC<|dkFU9x;0~RA{k5#=oN0pJ|ePvP7#wRoTzK<-YCh`^W
z!B#@dsUFN9i>E$EtC@)%I=%w$G$7atA<Hjc%C$F8`VemG7zAa121m^WM-zRl0p=iL
z>*_upj}=*K!NjnmuLY=2w2!49hxXi;rN!$@%{U_}s(9UVN|kw(9uJua5yeTz@83xi
zc#ia#>v`+!%;7o7Fw~Mr=~GfoyRDJ_<DMENaClw0HlEd7H8qUC9Kj)l8QWS@&Ev)<
z48mm8(bByaeuU4C{jNFXhW3Ulrqt)ZG`{e@B(a_IrmZ?UGSS>W!|04y{nl2JZ*9o7
z)#$OL&_ef1wg*_E&xx^!=BZ62&f3&LGcSck^4#*D3}^&e&!zXs<RTt?{l*6@#^;{%
zpIAAxQd&d#hI&ef+$-;DB!w_0VGVO)azQb!u4Y4nfW1=zeN}XnO4(Ynvjm0NnXAq{
z%5;V*a&l{I9;>&9Ba!#X55&x;G&S1BoDGQ1&d)e`dHrkS0|#5|&u&#z{Bpy8$dZJd
zsx^CDqOUO(fV;tH4ejb&niRc6duRN302?u*n}U_%JXhe2trWZgR87LTsQ_qY=%jI;
zPjPkmTtMCFO~XdD$^i4Z2I=yy`tt!BB~REG!Qd$CRBJ%B)r4kM%Xzpjd;y$_be57a
zdul-$O2J`XlJQgG`LV45I`G(Hf_$`hyaVJ|$22Di9~@k-TxAEtyVrjmz=@Wjy2*1k
zz(@|R!tYo>FWY|c#cun4rUD-@U9-^+g5kG1Z0a*gWKL``(nxG$$6qN;!Q1KfE`gh$
zA6XzbpJ`J1TnfvO=N`IoqZWP>-*aWRUkGA0V7rYiBt;dUWi_{#sk}u##S7)gq1{bR
z;<l+;qlkyhvRK1UmvIfJM!waJOApnSq`BH?sui$Qom@HSj_Wt<ODWBvJMAkLAMH@3
zEuT+iERlE+rpnR#hdUEwq$b3KO}SE9+FaBw7{0c(umlLk`pS^eXR@j3JLUj5lsa_s
zsL8VJYM&~Md<b5m`g|~;DcxT*GL>zNFJnO|C_I#CQjLZ6we=g#Y)*BbN;G+-WA9LF
zMEDCRMOLqP{TUesPTE(yK!w{j!g_jS7tS4|!e|*Kf2$c&Yxe1TzsL3{gA7d|^R12T
z_YMA|&!~X%vs`(kna@pxZbbj+5wdDPnU|$>$-5hbe3FK1>+6OyAp@^eESe_(wH*zY
z4AP@(&Tck5==;N=7U1B=tDWht+fsA{0P?YwMb&v{E12Vh>Khao1T^Q?t_Q^hy1gCM
zuT~`_g`vN+Ld6k;>?!E3ysJjg%;NN)a=XA8EsbqYJAxB`w*qt-_nw-aYnJG$Osxzg
zKC%Wdt5`R_an|vr`OWtBtdB0h`5cfJC1s`Ndml}*Zr{ZGTA$>XU$TBsB<~a6bbusg
zU321dUlAMfBL?8jM(2EC(V)>`>B8>x?d&hHSP5L9#BDTr;s_R|#HEACyruQj=<(VE
z!77^x&5ntjj)KBd<oW8#j8SCl2_j#Ts>QdsQ1kUxkPqrdch-g_#?#~CB97saV#<y(
z<xAy-%8YXZ{^<~0Ir*?qp`9w+mT#41FEjKye_j{0(^A^vt3LV*0;=98h`~=6Igyo1
zN6<wtWs5=P*-&au5FP5I2IfMr`OGA&+@a2Ed+z#x&0G!fWUWn{UHZl4^|W{iI_|f?
ziK0D<?w(ibAg0)11LykUo}Y7N7)VOq>XJv$&Xs%MrhUk2wIQ4#`Xqc%F9ma18>%L6
zr^(zKA}X@qKa{981}HvsvPXI;^PE?4!j+V{S1jH0*QwS;)9SqdoHd+Bo+~?)jl5s;
zv~U5;#23u1VI}S8>k~J>0-kgYEEBm^df`MW@9m9-23*l=TicMjx|=ZsKnf}mv^vUr
z`FL|<={WP1XDS~ry**nVC#jVdN7X0hZ~I<-p7iNdVpTM{*jvieCe?{12wf!_hqg8Q
zcNr@UP2idq8`R%ZE>L~jH`ayq0D7nW<IoM@B++tzTwZUZG9-Z}ajjyjI#s<8hEHZ9
zl?(9YksDbB2Hv#vbW4FHtwzg}HYAda{IPxV;($>k<Vx%I9gkZB07ulkP!pVPAbs`q
zsDJkiIxK+z4E6%Y4_UQWzVKPw6x+|QR-Ya7JM3SVl-GattGw|fJ;=)J_yv9MWmA>)
z<h=)yxZiMfd|B0tCr^Ld9CNH_{DIGvGkH={u`T?@#oD!ci08_Qox~_apt?|PIeUA~
zM;I6NkGWOrows0XM>RLXVds>sPJKX6N(UU6I9Eoj%{*lF1!Az)0(82}q{GO1qU_-u
zME_%=ie#o!U|eSQDL4*yFni|R^#?D2`tMp!-%WPidf_NjI4Od2{B*qB0n=xuTzlI=
z#h6A3p`{r!>EnMt*36}>G_5osZKEIYmjAk+W3P5{a<b9D51!5ljC%uU;G|B?la2u<
z?-*assF$<}f?2y(>aibzU3?~0fPd0J=~8ewQQ;)YRax=zxGK2gNyOvW6%p>_#KeM8
z<<XVgMdG^qb_vrgj8YNl{;tCmr-%!lq0I!q!1N_egH@Mr58!^%5(hGW-3VJG{p+qk
z1FDrX=4x-buy78uN%LvGtK@tk9}A8rPwv$K(l+xIFC{u!+K@@*nM~xx>L(x(Z{-^%
z-e0sep&MtR8V{o%XI!o~b?56qvox11mVTo#YDO6V8O$Q0x#+usgM#wgotzxnzxd2>
z<Qwn;4Mhi&qoZwBva02+sVV)6?=dT&PFBw6L?Ih|vLtwV-T-wKp0BwZzR0B)0ZG-G
zS~lJYcB{T0$t*dC(V|yMtJjO|JDY^^B(F!KB2|xD-Hx<JN;lW_55Hb5?da=`C@83>
z&vz@HT#Npc8S`+z#2|0HwJsq!xqXV6SIHSnTRgmI)pNZD#~XWl_0r8PGC8o`4+}Dz
zC3)G|i-SWdOx|4F+zwg=v<=Cj54NmJMk0s^kjmp@!^02gq~=D#bruV+mD0VsF2EvG
z_%(f~Jt$Q6>maAo{KhCny7v+Jj<6dGQzh=3$2Mk)r2cH=I?IA%m!g1psglARW^>c$
z>VSRde2O16z0KiW?Q?57UoH;5WM$n@8P1F+956Jaxon~<Jk#oB=BFd@O>Yf&C$&gN
z*6`Lc{LHC~NRaSR<A&t(^ia~vlMvy{btjE-5MyPqetua7&*PEM*U_6u_WCP=QN!<)
z4q1KenBrI#BY=u%hJQKoN015nX<@hAr_;x-@P^rG)_7EoExweK=_+si@q%g8&y^e(
zxN$7#p$Qkt@KjWU@cNznS`QUVoOzCHFa&XUzL5nL8GNph8x^h$82tM2ra$@J$v(?$
zm=s#RhK8<417FT3Fq#~1r**fkEW&r6p~6;&g?)M5R)@xy#{G#;wGUr?OM<&vZh6iR
zI)sr-Vmxy>TXZS8u;18<rG`Rmj+(4OO$jIk-Sv&<mWy~ZB%*JLd0uX9CHA@tyFI+k
zJ}?~x0};zYpZ}(IFfTwOSpH&eGkQfDqdj$J#2k+5EzA9(Ox)ZLbX<0zajA%mzd~mp
zRbQpVqgYwO`L*Cm^az4ohTAHuUf0mfN4~JNT)fF$tA+pwTuyUtco5;O9oovE-x(si
zj~F{)I$mw@NITJXC%2UcHk<Qp9~s(&D5Nqk94|sXnd8n0rH~Th(M!XdLRgY{`blOd
zRvnpkW0?g8!Wkc%g3IswAWUw|Zt@qt<37+x`P=D#@!q8GR0vsR$S*zz^al?6eapPq
zF+D;*P`t~TSnLdZ_@2Iq^xaiNe<P>G3iT7~2~styn)Yvr*r74_zNDzo6KJvFezAo4
znBl#hSzP=GEgiM4AM(9bj;S*UoGhP%G+_A|Cg)n@Rg@5mIi#62jmd6fu1a-{jX{$d
zkh!0O+`by6GkA36ba<F9c6v&`CW?{!eHXJ;$IKsv__B@%zEd?zc#9@*mTHz;O<nLm
z5Z~5^yAHbHwjwL^M^2DGY(^s7xd*g&?{2tT@T}CGPQS5I8cSpk1!pgmpH79N1jCDt
z@<)P%5?FMCwFGeG+K5$E57_^!eQHTJwpbT!c6aw&B(0O8S9`r#odMr%|4{4m4})?S
zW*mz9kK1673%M#=cdZe#?@wsy@@{VnRL|^o2S!&v^)YPi1r`RCqWO?~c`~Z5$84=E
z6quX1RPM0Hbj2n{@ZgU?P;~+6y~AYMZ@_YKW;t<-Ou(b?rAfD}_FRUFMEALRKZ)Vm
zyB%#}L1x(qkbooHwp!Ft9BFapMI$DzU-sA>abX^7fP$2nxh6Yr0eyV$oO#y~DtcBa
zV5!Z>xOO>>c#$z+2U1TUb0&^BeCy0}sg$OL^Oqae-a4&*ZeS3Q+akh*IB1M)T0Pl5
zOY1o!Vh^PZcqs5nFuj({aDg-PVS}qh-sqkzSZn&kXSzYEO3~fLN6D-FjWFm+{~9Q%
zP}qL1&jcbbU%1Y9PXv2=>ZxCF`R73#cS8N*9-?S7*7lOA`fd*ZT`%@FZ)vJ>v8(IS
zQBiSXA_E8BiDle7mM0OsU6RcEbCL(^;BVB^<Ut-tNRAO2wIm@Qvid!lEHYH~8Hj@S
zHk?z`jdCi&{|Njtxfno0#(6=oP~^%1zkQ)4BzEtG7>)QQ?PJD%kA8>CMbY+}hzOjg
zrHtq7q?;OScyy+anI@fIockMs)=B2uaFSAmhuoP489!2m<#ol*fCoXpbSF<ngnkyM
z9@1<m%9f+xeJCJM?;8#zU>NacNER?m=&5_&mXR6A36cSv7F&->I=#2D>%N`tLqtD{
z=UrS0IG#1M=93p4POuc_ClIx}XnS~w2+x(ilX{-%d#|jfFf7<O<Wfts`OW)$<S-;K
zgj^-^eYAKl$3tS0c@XP?sHZVKL#LK<KAB(<!?ngnw{X9#Cz+wo^-l(GC5cbbWRW30
z5lCM$c6DVTC`g+bT~R{sgXp?n5XVUQf?V0<ir_t%f@|ciEA7q~74WjbABl7Y;cqhi
zn!_3DJ<gIW-4BAfi9$@n5j@4AEApg-=OjQ`GQ*Ym*ZPWC!g`~(*dxF`+CvI1wU|4F
zE9M&W?zy>Ly9GM3<{0RK?RgfF*RMwQw&|0)ryv@Sojc+a?)!OSq7pv4`<v?dh&m^D
zxxM~fjmH2$7K9<!HRggR4@|?Ef8KFdQ85O2<b2^8%Nds;_9Xf)NkFsek^#Mirb9ZK
zAgi+k3IPXK=X1=*nqx9*#MiH<;d_$VBybpK<m-(Lw0{8V&fU;KlUeT2yJG~6PD~62
z&>Ancw6?agD{Z?dRM=En^J<Arx4}`xy!VZAxF}7hQo`T%ZE<vy?}_;kDYwYQMmRKS
zZ$Sf<5Q<)eKl}q31of2FQ?g5Fy2T9E)Kq*6h)plpwz9MggI@Yloz7Z>5zq3@In>%}
zQd_1syUFJ$Dm!9{AUwj&=O9z+i=m39_zzE-w3h65VQ>kAdhtYIwZT&WB|Z$aXsg&u
z(NW4#(lCWzF4Z*qi=3Pm9JJRI1anSS?=%0buI|jUWmS?!V8`3xH#|84o+xPYz)bPg
zdL>BI-9!(>vMEpv@nyewuduCy&v!Y3`C@NA{c532RBB;mF}r3U8-z*Q88<v%5Bz{*
z>Bdh@_TXt;%?6UL`gU}UrV~BvO|~3vCo;qxSoks8Vg5?-;CwP5;8p^cZP1{?OF3nC
z(My4<yWne7+_vwXZ*rNkm-%shl(cqk9wf<fn0f7w7o9U$qoo&o*I&P<+Xd-~@n&y=
zT!n{BTPlEBnbUBV6nZG|6era)T*A~ew+te^<l%p=z$EV{IdESsjUlM!w_yxoApOGx
ziks*TJdXyM47#dDSBt>XR8Vw481~0=a6Nga%G61e-uE@}3K<4s%8+wVk(eKc>nP>b
zB$vS_`x^nkdF8pC+IsOGoCl3*16Xc2I}nTK6E_k#-EVHV!w93iMVu{-&c7Mfox*J8
z(x2$Ye2fSRYXkjC2uB}$JvD$~zX6x^-<fOGFf$aSp}8RnXY|rq%_({sI$4<;IW~B(
zog^xi(x>0zsFE=t?6Jra6)ThD>J5pV^f9LQrPU_V0``-Yl+YL?D%OsCFouc^y}gOg
zk2b=3^G=M~QZNBH{Unn!UTGXVS<bF|E|rtw<J5Xy=XAtjDo>6H3MUfK>6w&rk9Da!
zpB*$Za_ehoa94{^Hu6zuDJw8m9{_!e3APj2#gXSllZk)N9R$$R#mPiu=9}ZmaM9rN
zFtVSd)m9D90hR`tLVNgz;hpuXmi$PtLS)iTv~y&yKKR$S>^IhPM+lv|%FINLZ55@_
z+h7{OHQ3wj8hKxj42syhINto^jSDPryA-9|x74D*AudIeV36AS<`+1bc#RUDEaZ8X
z=sj;q=pA_IWwYR_llpoOi11D>qs7(O_79%6{N?U~ZVxhVqoEvMPZn{s)ayy{QRk#l
zt;?A>UKuPY5XetQ#v6@BO>_O)Y(?V3N)e%B5jc0l@1<&VjAHt3>Ei<Wop0aXJbbtY
zn8HHN-@JMA`m_#rzu5;SvQ&<Qn(SI7Bqx*u9S`J&E~2UcH)9>CbthU~DPE5!)cZG1
zP?PYuU%TW#5iBlYTAhN(V;g|;nr?4bu0ozGeWxWryBYYAibY7~<&X1`0!$~TVXx>{
z0MpT247rCxoi3a=u1hLtzj`eS1~G}J^l=p+H4N8ry@7S#yOaicDcO2OaSucx&(bN#
zQ5kBbbgB1k4+WQvtu?D(K8bF0b~324P17S0eXPY48zQQRc8`=OlFImrZ|<##g!ie*
zaar{S-iGPrpQ%I=L~a2)a05^Pfc+3Jb38KfhWLGEoo-7hrl?J%!~7q#21VtaS?tZ;
z0}^9ye_vZ|zk!BIOlY4jraQG#0SGBA&B*ce>BqFRQ;mYWHba!T8)^Ybv^S<Em{u~V
z0B%Bq(r7*2>2pdHR<QVW8XlAC#|l@fPna93Xldy)j3bA@yyO86%pVCbYleg07T!MK
zf!s#id^3Q5<$QI&5BauUeW~H?@~su`2D09k^H<}wMtfdDK6oE|k?>W|(s;AGA8+Ab
zoLzfY1VawFjvw-d@JPL~XISy6xWi01z+MKQ`kiy5_JBEbp^}kGoa<|A_#2VspBG3C
ztl)N69f?jF{xv|?DH~y-=Y5DRojc^*Qcsxq9xH&ij1`yh@}j;Kkre*%W40G06=bPJ
z{PIvSVz6oC3Q#Z0=*7gu#DtS|$G4l@EiX+zhEfB#w1a$%pCF#X?H!ii{6=lTOnY_w
zeE6E74j}#Y6EY@@-|>|m{s8>CX3V?k<|})V=24x?8A2t`$!`mm2y#Jpidp$aD>*Ki
z9OY{1y@PnWuZ_~U07L(L_yUweZrw?LpLjr6<UL1=hk1Bp!qhzmM)3|MFVO*3;+xo)
zwEmaGvC^H=J1#SluO~M8nYg`<4i7=%qc92|*A4&U?2FvOZ@Y+e-wcb!Yi@*u1$fEj
zpEE#k%FT=&+M*TOIuM`gI39W350oPmx5keeCo%3mq3bk&c4g?aVxG<~<w$tk&M9-*
zMygbq)&p#VbJ3(8^A(m|mX5s~Xi>EQLrU$g4h^Fpd+Pj735&x8{)&2~rRABo?}<l6
zsf_Gsutn-Wq@n)-&9SQeSW_8IlN&}!y>W1IW|hBrA`(F%n6=jsEZsfc4Ck;!xO5Wa
z>|s@0MK0~yPTugP5Dp)&a|=f<f;w4i>yHed1APf5jkK(?N-w960aAuP`y|fd7>|#8
zScj01E2L4Z^K6Avt9kgLZK`VT1d-J2uXuW7j7%F8`q*guM09yrr+GKX92G^IH`c4F
zNbj$_eECwW*5?5Se0Ukud`3@O0J{$ug!baIP)_@AePRP|XHO7UuUg&NQ-r+l135_$
zozTaNYvtU)of9dfHY?|shsw+h^th6`e36e|sB_<Jne>bTW#uCQoC6WP2rxd6R?cLr
zjRU2`v!tgkPi;GJl>9MFEG*XRJeF`ac(&imPaU^R^#96O_xzF%%G-1TM<jrO@=5~i
zPU!Mc8X7=Fxo&69(2^-!EMXs|R@`gzy*Z@zYio=dB_OzauV)o16hUucQHXneS#3Oh
zj_iRMTi;3BXEM8kzw#16YkG7AZ#I>xeBEhL(G_%}gb?i!{ka6Al-Q)Hm9c*kPYPfO
z4-bq?UmQzCE9swo!ow-)Y$l~zVu`C4jFTpe4UL|EMN8{AW+aiFmxn=Q2I}X6nT~W$
z;!>i}VYB<U?}k28A4~SlWntF%P!#$grErplm6d#;oqG2PZE;_5;?~OIO``Zh4ql#4
zkYT50;H%PHN=PE<$O^ztDVkUsEz;C&*@=vyrq}4b-rE!VYNnp4P+**zkq*7B&G5Dl
zVZ`C#hv;tAxBt8o1G`l+6WY7^ukE6T`V<_TsA{%c*q;SVU<2y2u+gV~s?4V*y~8-~
zs>_1R(0vY?RU_cxEN!u+23F$lONn?XH7Q6Rb3log^_ug~sMjn5`bq1a*iv9NGZ_5S
zB<cpG`uVi9Fo*I5CPcGJZ<n&JxT?!~j0+knTl)9q?=bZYS!@rf5`QVfM@Y?Nkbnwm
z|GqLE7s~r?OA9nGA>@~}?Bx|1{Xwdz>GdB4ca&rM<LW`@|Kh;v0Dlsv@|e2+zb(8_
z;Xi692&N;$ydV4czal!wc7!=lqNJz%?^g?UuM1sT&9tcx@k8(;0)l$5|AeEzpPD~?
z`!mTS1t~?7)(o)-lJ)K!Ky?#~@!w`L(B>hAsSX-;_24*)M`+UG&sEd^5cKH3f=Z|u
zO$+j5e59eu-2d=LIQ4fwFlpFs78#f|v6+QE_<ZZXkI1y>ax1BN^BsTx4>@oAM^0T#
z*f7*dub{^#Q7mH8;!io9|J#Vu)H4-+=TdG3@xuQK1~oA7=68mx{=a^?8W-T)<^2<N
zkJ|s)=2v_y9>mPgXv6$Z@oqxmsx_Q{OuoOzfBA=#9wYV9q1y2#BYu8|<A!()#-B*^
z_fJ&W%2NdH6A=FQ)0r_|wZ>LkOEF9-F>w>}|9*XDmB6{v57N2+XM1O)3C}W2eUA?D
z6MDF1g(#?*8vpyoj0#e?RLVDEkpgHNxsGFe_m_?SGv!!)ZyargRRYn#(UpG|n19bk
zR$uSCn_*7CzcT*0GUWG+3F-lN-3@j?C2r_Ea>&0nwvUhBo)K_GLlcJzK@*+gW%x7O
z_iWbu00lagkPsfIzl&K~T3Q6Ez9Cqk_`8{)pqI^p=k(t{+-!IibS!9^o$084OMhKP
zmXV8^NtQ{@sOfogL;mWL|77*F!y<&6?-(|hLmm~B8qRY;!i$DROGg(U`mHV_gX-2X
z936lWW@g!Jvp26#X6IxDi>V84pFI2B``~X9-TK;MaNoV1_3lh0-kSlEtEumqZ?Ds2
za^<wsc6qwM?>u;5jP?wQQ?hrGi2btnJHuxy&k=iqQty);KfK1BDN`#wbi82NS{p09
zkfHpapI^@F!5#<*2z-Az@D(f(P(6=1@_h97RHx45UA23i8TAmO0!C~Gy7nDbMOU3)
zYRRXBTWBDtP-jh!8$W`EJ^YyAhcH^3Z?SiFW-H%pu~B>>cAp$ch6ecV9JWr^l_OsE
zef##XBk&kH*yhdY`0ZJ>ch9*n(9z%5Q1Sr`%%QozbgrUMtnZ;O<OON0w@*0fA|S!Z
zxhLOQ@oTC&U$>hKQ#u$dJYd?k56PjPzVW*W@YiAmNbAz-s%`YgL{#%n;M8w4y&LOI
zNVrl~m9L65q$&h4TI%r@tN))j7Pu<TJxr95Em|q-mJ5_O^<V^@Z6aTv&bgxkd(iN6
zYwD$(oY<Q;Pb^35uc5u&8obqba#^~kE9EH&ASw_>TvI%|%ZG5qG+(uw46v>ehmRb-
zU6aiztF1*xTie*c@+RNf{uC93g%%VV3N0G1^IGEl)IGnw9b6cJbK7elAEYD2JtR%3
zc7$|TBT4MbYW+=2umKpQ=3=_#3K#v(i)n46hu#$s@QMK+_?25|pQMlGm-H}3Q&V>@
z&SX<WJg=d>$_b&93lB#_qZ(*`q``oO77!3nR$Z#R#<%RqFDBN(L&3|-EpeBZh)+;W
zLRVLa;-=8pX<9;ZVrGQ|UF`nZXlfzWHpt1ml$Hjo$3`5gYW<3exIwj!nug}V&=9BF
z?(Y9X)mK1OxovH4kd#zJKw3dcKpN>3X{5WmySp0^=?3YR?go)=giUvM*S|RT-tXT3
z49_@YaE6=xu6M1u=6qsKhLshTc-6iTM9AALT_7$)Ah~t0R4$|YDU0U|-uV?7l4u{*
zo8GUAgQG;%W-e{Ne`E4X3mzTWe6!~LpM6Xg_kNV$djQvAVgU0}RJ_fGyI(dqH2BYV
z+jLy3@rL?xkN!uxgLyAXvL25n)6HbubZ)!1Af*Iklc86gj9x24c3?+4DJQb$+Ljjk
z^`#55*(~m%({BD)t@!3ehoi&*ihHGd#4JNZ1S*5mg?vKtW~s|)aREJq<U-*?T*(8^
zqLA^l)c$CLFxFPzPwHOq!3T?8!Gw($`I6tfK6<?UdBX_#YtR#fzK0?r!ny2h=o<J9
zH~o_XLHMIMb=jjQ4VZTb1DS8M_fFRmj5sbh?d!0Tf7zK<4P|h*=KYO&CVbmyZ;1iQ
znBFMAqt1;~P?jE%-Y>7L{A7GMD_Hg4N5LsuX(JXnX+|_y&`jGJFQSo<oQzim=x9d`
zVdL@2q*<)qyC5|0N;?)vTc6w}CO&@90(S$Sh_up#bf(PGPIdB()6%z|wYy;Ox%>Ob
zA!BkDv`M!xkd>8}<;%Sm!67c07wZ3Wn4J<^eL`lt>YPm9M&dIuNS&3^Oy^7($a2d&
zRN>45q(HDOn@>O2NS~N(B&ac2+$4ZP%yMJ?ahbqIR$V3MPi(pN0rQr)Ld*gL3<XoJ
zvYM8)kmWLRmmW^K+RMh!E@UoJP4)3`3;w=BZo-#-fXnHc4|4Y)p|?JbjWip>spyGS
z#>3XeuKSbQV+Dkt(TOt{fB@~{qULI=6EA;Rm3y%wrSMah^r0oS=y6H{2#{@c44v|k
zc(}NL1g%_Jl@rn11E_AoV>|Q2X{lTr;r|@|W;bvzKRP`$6sQ}e1pm1XKL(RUkwv?v
z%U1nur!j~SI{J%VLo$E{2q-dso|`SU*kQOnlJjyp7(WZKykJ78wVW5$muH5Myk!*I
zumAix5CU;Ae4WOH#^2V-hl{(Dt>ZzgtgIhz&c?#hUQT*n?s7|?W#{H__+dZ_!MiwI
z0*)7@6O5XYDJgsgOjs{_*ccdk{43ra?eCzyIeceSyteiVoPp)*Q=H$wKh*uW4G^C`
zYVc+}-dAPA`M!XR93l|n0{O_sCb-&z=I`ig`i6+tCA3#MP2hcOR$3I!-kv!GqNo_R
zb*Je@z~zn#vEJ)4k#{OZ5EK-wvYeF1UG?gfLI#7uxG9f_AQ^#X4nWZ<_N1#6`uus7
zzfBJpAHThGUeZ~btbqfU*Oih-r3%gj4{xXUwoH{@T^*K)+tauF2nm2mnL5v`wzl-W
zKAXDMWhP~Frv(TjZ8{jwy?h<_THto!KB&&~UJJrE-%!1*k;iJE;|j{nt;uYZhx1mo
z{M&c`-E*!=P)3<_+)G8Ku$15h?sX1^g)TO>iksmGuYi3pkN0_q4Gs>)*3K4*INkJ4
zwN{gB1XkV<EM&IU1g5~!(d1;8?V<bLyB9u<et4i`Okr2ppdyNhGeBjWB12UH5yCh5
z_>kN=G9p7+gr-kXiQ`c%k)wVy5t6;UvjY~$x;(%sb@r&$O-t`XJiS)$!s5e+kA?=z
z(O;3Kzg;1E4-w8i7qt<NBPg1_BcUc<XmrC_&I~-8VE%CD3NI^XhqdXI$`ceVh}bqa
zhXq+$KA<M(7tKgcOhO8=2@oJ{A{J&a|H7*SC}{2LKj&b2_=|Isxx#uGRxRoG-QEw}
z6?W4+5qg3C{<`N4l35-iQRy8WQJYAY&|(ukE;;H`EiIGRb+&lU5bza=Hw!tmd#aAX
zQhsD%`6^ocpPB&d@#bAv{hlu|TYOriL&yq4fB34y<+)<s{E*cbl7IbUPIf2mb*xN*
zEji>b@*q&YAoo7Ku*w(*d;5{9U^AU~f31s$Qpb|5bkD!^=9{$ppk-kCH|1EMAg#U-
zsWuC?f>u2PL0>@4MbSZ%lr&RVDio({eh{8;c5|p>;bOeZ88G43=^~MOt5KZg$DpaU
z>tCm=pLMqB1gwe*Rd3!w<O_7ETq7<IIP<^1LVOwtPqL(wF;XhmFSweJxQ(Y==~?;b
zp{~vu+WIJCJU6Qx5(#h^<T)Q{UxgtsFt>Nb!0hNAW9}II`vQ-!gaP5ddnn84Yp#&*
z?afYnLP@{Ms?cGRZ89$KB}SAJVx0<*SGaCkT2k$A41%$|(9w^6w_vih%pF^$Dgge(
z)}be}4$Y=0bD5dT&c`b`vkZWWx86Qs$<&x^*R<e;sM7aYnCgZj>jfes-<{%=E)6w9
zVm;|Kn|nHYrH_t|vAQVoAJa$srz<)fr3zdvOgE;#%nW@I?~UDMW4YkYI6Lx|*FrEu
z3%S|aq!(sdjpau3d~Xg2{*cJ-?rxMhFkQ~SC@kjBHN9q2S9Ti-*K<_aTRyn|#;wst
zDUj<EgM9vMh^97Y!sEyHuK2QtY}>oC7^9`Rd?HBOY{T>LhzOy|d~rDt6vmjC%T`kp
z(_jib9ZeiHOb*oab-&;KkW+TnZ<$7Ne;JOxUs>z$poXH6>Mi2)CJMWE&jibVHy}u4
zxz<kvg{v1j@CuL_oeK*HJv}`inMZ<rd|>n$6BYIPi$cee7AhV~q|5rkl*%$?DE<9g
zL87XgRy1^l;qtoBB^=BQ-%qizg`TyB)mS7wgXkmNBygCZj>(N<-hDv5B;x8i$A19%
z1JzaT|D?zZIuAFw5P3Vwg@Wr%nBe>sn)s08H>HyS=S46XE^=DTW-G~up9trwI}U>$
zE^7p7euNjV3|_EI3^#9P<dI%qc)a=Urv5g%4IFd}U4={?M?1hlv&v9frKcqYR`0T{
z&$TwlDTEVpzXD-fH7t`7(0T#;lq}>Er(#l4J{1)&AQ`{LBp#YPn4|kyS`Pt417l|=
z$DDsiyBCAE)j2<peQ;2^^|zTRD@)gUWepG7;8E75{4b{Rp9fhGu4Ng(y%ZDoh4a4n
z^;SrJ;YYvh4&iL|%jzQe3jf&H9b$t&$h{|GpF(J3Hy$PYN`<(@)#>6}V-swdtyaPs
z94d{DpR`wh%i%%HeRErDJcT=+8?GQ43V!;Vsq!0m5;!#SscPYCmQgC90!PABD35Kx
zh1PJo6LH%w>|N{2gJ=4=VOpG^NZ{ne565K%fcSR)x!M232?e+)gU?^azLxwnqaOAb
z=b)*4+1&qUKHNrwkg%?SBkaN?>AYCIbQY94kr$3gVKTJo(Y3`6nv986TRtuDR3;_@
zA?G_oQgyEPS`i-e&_a|s-~uo)F|neh1G(<m!K8xmA@31I$Ghwk?mW5PnvUHxV2kJ!
zk!pJ!;wD>9v}rcI#+k*q;srvD5GObMUD#WEN(HKss+Qa2(D2aqIKoC4hyt}*hG%ob
zQRyx+c#!3D)4AMF2hirIB_kax^8Y>fCt~PJkuAt~vMchD*FVXZLW=DRXI_5Yrf~{6
zejkDVoXH7W#n!!i$?o?l72?C+JC*V)E81--!a42J3$2L@CUBLit2f=~<?i%b{-^>7
zaOPcYbF)Q@hejbM%AAW4v003dM4(B`XB5#nwc3M~?@26+v56qMGj(G>hi_52ApA#o
z;xb`9>DeZhrKbzgAGTGZD=LiyHP9AJXmIcy*5m9ENYzrn{7DL_)PRTx?2W-h>aLND
z7PkMd3^s+bf_tzmIVt#AF1+-QcUhqY&{$ckh2o0x`!$m<EkM0pXM3MpuF;<zxRr3?
zI^tmJlFz+ZpOkIPed^23sYGMHnAKo2t~KLmU+xDY%B*M4=Ro68W~ae(iuU0JRSB?}
zur<@C>9zEFOPk@-R%N-_4hGIppLF5yrTAs)RD9q7%@&I32)tIWvzMHiirvXH%e#1U
zi%tktnvs%{YBxi}`1(pDmO5^0J{!gLa_g<@;tydFUeL;-YNV#3W^DHSe+~roOD~Ue
zETZP|g@c!+08EH2>Z$|h%-q}-%hxNtS!U_e=8)Fwm-!s7p#0SkVZXS$M$u`s%X9qr
ztxsrEu~a{@B0K1{^HZIq(<rr{1b;zaDy~$@A069VQ!Vti{b$8HZFBRVV^$kg$0Kso
zj}OxYl~&|wp3RFmhNVUZ`nuh-#Lpcx`P%e!)C%bZHHKBGJsO-mFf=s_Z)3^H$-`zn
zThN|6+!Gulhh%-<+MlbIcX5V=Ae`;PsLeqsem~UP6n&Yd3Qi1RP-VUp4BPPBnlHki
zt+p&3>xDv59mUe`w-Pp0Bc6!jfB%!8RcDaVB4(aCA++`O5jkE+-X^x_DG1cOs;OjT
zw9%q!FBCO(<p426+sNn{#CW{n6Uc~AAa!o^d<n}I=H~wNI76MCZ6su5WF0`5CncqT
zqV7ci(QJ(j*!EhV+TSxTzuT1tK8i??DlGZGjv2$lQ@L6_VmR9wh3C8YunGRYAas}A
zUqra`*Dv_uk|Ly>4VWd6+re?8jjE!4YT`1>0{dBjbE8}QZ1=pS=K-8ww~Kopu*^Sm
z^WM?X!E9{&ebjryVvDJ(w|cyFjFpgpn_ZaQeB`<zQYu5j#4YHIlp(omXgo232!KO&
zw+Gow9^&Mh{f;|~T;#*ktBTHVDJj0?<w!u*FYizuRLXqWOGZV7hxo{)xKt+$ruCv8
ziy53WI&ORSw4fcae?+3!YWZAUh<<cZ7~AOYEpR+V<oG`r1NEW6PlVv{QNMaFxvE7O
z(jYfgMxrhJ_@~?^>Ca^NaUhzz|30|N0(cI`)^|H<vi%6pa{h))$QjWs9j}rsC!|R{
zAD$&TGJ`^fh9*g(zmR}b@pO}3p-0{kRGweeq~8Y=6;)DdT6}U^eqO5Hr_l-6jttp#
zv7=(J8Pv>xuY-&0`J7{+mfXFh%SIxe6?l7AR?-n(?(REnLMDWV+_w*yhON)|a>NXe
zEaWk&&FWD^k3qzEjoS;KbNLz~ArZcOa1c8C228lb2KwqoM`Fxa12#rRe^B_Oq!xvI
zUjd#U<z`DcpY_`?z3GEzzyJJxAg%(H5g3D-#A@Py+34V3Tbp;(@`njb%b26<q9})=
z{5MO8=6J4O##D;lUx3xz_(xI~3WZ9@vo=vO8J4Lxl9KTNDUiFzE=n)!T^%6?EYUmg
z8rPe)wl;xS?3t{rT!4p)SRa%Cl;Y)X!&cNe&9N~hDk>@+HR`1tfg7jtw+ElBkvP2;
z!e*2zOoydKMZ2}~hF0b#@xMh!=h&*dxVz-;*ckk&pkDOL@^+IE$+Um)3yP}HU+3uR
zCJ$ce3)wD{Gpf*=){ND2Aq1t#)6xI_r=$AE;nz;?wYuX&i(=(-P(=h5HK)B5kDRML
zTm|jgv12ud37MSk?iS|mc%A`P=jeD-{KczRZ(X(dw$c*=M#_=gFD7lFZbx5MS^jef
z!GDqJa!45tVv=M!qA|a!kOGRJz5CUJo~7Y)B^)E*LIW`Us{%3P<F^rdmIwu<bh@i6
z(FN~c6iI@JX>DH~1pFbga&lmC1LDgjDF*tfpKix`#h~bD(yS~!OgwD4J)40+3DW2<
zq4#h81>yt*2$O#ydnqLJnUv$^S}l=0jaX0bU0uCA;;ZLyJZOq8TfV_x=2GTOVIaC$
zT0d;b{txW1DivQ5HxG5s__es$2B%SI+PXsjRan<T4jzI@kblD@pY|^p_P==T*MOC8
ziGgO)Wkq|^@mp>4)yRxw-vK<5@1CC@a%?Lnmij+y5uE?A<NWMcU8(SwR_?cKM^)J;
z=ql%55}^Ofp$n}o@e>N?4^w*_dO{Y2|NFb1cG%Z|)iSFm*v#}_uo=w%cX0s)?iIfA
zm+(CBHP7hA{!L<6mH0SWFq>|bTqpy_A`t?@DnB0y5RHkm|8g3iMlotHszHP-^&8+@
z-}mgxMg}j$4fCc&x;mIWgG^b>24GPP$J+{#i&IZ_j=;<>f9-@<pjPS#Q>vJ`ocjtr
zYSo&}Y*rwgt8H8Iod5RYN4S;Zop<?B{usLGJHWD(@86O`yb}^|a5?v}Mvu2+0y}G4
zD16g}S5C=y!H%UOxOM5T{m9h!AX5GC&X9zKrDP43KD&@(R_8u60OEc0+gKv0UWVOJ
z-`G2VSQ3bSu!l68A_qAyVigk%lIjzw-ds%t#^)iXq!Iv4)rSLaq%O%vHzagq`inZ?
zbP^`FV}i5+(TC0Lf}lmfUC-4e>>nNQVOq6i2#~JcUY)HvmmC7Hv<gBG2)QzlZ)<<G
z-f`mvKK~?3mclD`M)z-*VoFU(a+X2mXZVXSfC}CWHrib8489EBnKv-kM+zakRg%Ga
z=O-JvF>h!l2akYoWA($l5BTy*k2LY|ThtC6Xfc%BANo*ncXm;3&CQE3<rj<8DSCi+
zB~zAMPDr>_CK)MC?EIqx6cg-SWmWknM_xx49?E36JS&La%S@))B-n&zV|6?nRVE0K
zql-d+n|HTh8oQSNs;jGON4;zT5!NaMsEvinLVgus1!dL*;X^V+rZ0e|{ymV*%C0cP
zDGVktcb$oLYU_WyY#c*wL2F_#H73@ldd2SaK&@E1h)($`fM_nqRRMK-QN#F_wK!}v
z=Cv`!5iHO$bWY_y*VV%UYJjqusQSc$qx#X&zFX-D`M6gb_wI6^(%};&TD{Z2j_y8H
zR|@^Y?J;8%`uI?qCzBy%`nD85Dfa1>c=HcskmVFtUysL=!~|1&2*0#CtQ70WE@Y(u
z*673Si6DgU(kCY4Tfg|Htmh!Rpg4UGBKU^@*y!ld;3(;~Zkop*w$@gLw>{(|lat+n
zl8r}zxh)`IV;t}}f`^2op@}ncmHes&>As!eob0i(Vkw!anzHf_Su%q#3F>aJumapx
z!?3qIVr0hSV;JYVlkHjEW|&uGKV_zI8S3KmEeurf6bSb*LHDBKgfJlWhyo_xFrXG#
zt}L5wI^P|g>%NQuvdHIN&#-1F3VCLBQhU1CM;inGVV?>|Iy&D~93?wIei=RIP_W~(
zz)%AI1p?UuREW%U<$G6qiy%J{saV7Oe;#>y3_Y`BXQUxSMwgS877ZAQPNoc}V#%1~
zumBjnF-Jki0~3`FoVZ0ykfqB`3UQKOwX0Wsr??}HOu%Lq9UB|a-1=BnB}hH(IqwCB
z!kdJy5dvp}j9lk9-wJ-}030sn^L20=x%Ip1hK7c1j|YNK45Y4mZ;JBjY5@&tCucX;
z4BPd+Amjl_$#UCc*bnMW2#>F2d<3MGa26a)3-^dY%dHmm2F*scpP$#cFoa~Td;WR;
z(7BuUTPatv1|S{@PzebN<%Ilu1-^qK^T}!z6ezsXk>gdqzxizD*MS*;<R1MNgWI_i
zar2&+s46r*J$s?Txa16v&5drrm(XY4$whLRH-nl-Xyz7$Bn%9AfDpI(R9H*FK!tZN
zG9;jYs3!EehlGiy=;?t$#uoJ;nAhHuD;6>!Plu5kN&HqUl-K13HQlrN4KlK5M@!=+
z@iGutL%f&$T(hi(r2u3D{v>ePeL#pxi?LEUPdjwNBr*;O3k$mTipAKub{5FWKAkEG
zprohZUngFa22LwVOT2#~a-8zhEoL%K^)GdhnBeEn?|JTbI5TNu|7e?<s)qvfM+4oF
zHHT0jz`)9k)*O)snXZ|yYM{imTHrDw)bnd;%nED(Y^F}MM5vjl>t}?Rl}8)<a_p&c
zL~k>;I|jRj>8zj5nw(CLKGH3}HFmluW^l1YFa|C;<~eF#)I4%su&u1<!a!s-H0+f)
zE?DJjKH|`p@U7$j^EJO%?k4liX9rA<%V|>&e>ipy&OfvMN3PObDIoCfTXZb^wii=T
zQ?uzZaD=(GIhZzP3y%j{JJ|*11boU$Z|z#8AiV;T8GxhksBi((0+1aoohA0OyB%`?
zss2Y7C?@+S!{I43_Zw7k#k=6MaMb0L3yb7T1Mn&3)xH96`IVht9V~c-KMRsFPWh|Q
z--%6|%pw59lgdg30FYP(hYW6${?QM(!3w$aybgzsiWQzImEEoa#W)bl@g>K39$6^k
z3@Pj%bI`#=!KUl(N+W(t0&|rWBi~2tX6tZE*VVJPk980LZs_<*^kdBdH0tNtk2|fi
zx4_COoQF=kq*8=X$jRB!^&1jBN^i3|#SOf$Us^VSNjy`d=zYGzICi8XYp}FL$N17m
z^(I#=C6*tjv<IK|)!2kV0GgSbBjMqB!QVb?eKnKlKJ81p<E9Co19T1HQ*cuQdQTF@
z8~8LXk3f%BVj645U(uN`Q1uk;ydSt$a~(J*kEJmwNx2sfK#??BVZk(UW*yL+$|4KS
z!`T_$-67mkSu6dz+u&U|E)<1s63iEfOl|V+SF#G#^(gZ|nJCzg+?gZ*uPWf1(K5T!
zHgRmaB*`uDzL5lx4^Xid-!D^uf}}nBvqP21c2I)@mo`bvvWhZUWO@r_LnI?`zoFud
z5Q3z)ed^CkkjFaTd>{Y{^p3w_)2GexpU=5;bahctQ0#QlfrR3fSmh_HMK}NWGF=9%
zDRx{uyp`_$Y30Uait1I+-wKUoUIPLF#<b7+6Lux@Mv*`oJ~~jw1GIiR1|~iUIAxf)
zXQ&iX8hkR=`A12>*pR`0&(YyRbTAp6ltf)cuhAF)zB7am*w#k#`88teV*7r|+V4-i
z0b0LIR~E!CWPH}fWKXKn?A~FLPvi>gV4S;?jwBu%+|*Ru7jg046)U#a+v<An1SJTV
zkoaeIaQ~wPFf{zj<U9RXhr%#y*U$3$@>U>b<u07H_%Ps-vzFh~^i5pxEF7@n@Nh2(
z22Dw7>l*s{`;*-@9G3qvYHf+4P^~=*5JAJi-7#uCh%bEz%L7KM)$!?goqx$40XFBG
z?#Z41Qbb4})pO>C29lu?6KK4%`wZi92XKg8<4ZDo3tnW4T@A@aSgLH7fT}ZMpHbwO
z731&~>?n78)B%#WqO;-aN9~bunZ2uZr>))ok2Ys~&i9utp`H&f-Mk)&8|=;DNp5|j
z4%r^Ft|cKKZ3aky$e8rgCwOrsi?JE2gYXK0?+i>#&-z>Ez8}_ovRrfvzJ-bU3V2co
zA85-^4lE|7kG%V`&D0+ri~M79WR@-kz1sP-z*IIzSjgE2?Y{|Z*J-xpmHdrUlK!4?
zaj%WXJCuwUy>Q72m$E->Ha;x{$hAmWSzBbhh`;9Lrz0C!sIdk{IaxfNvo=2B7tsvP
zSCmMIQ7N*wPCOabiv>GFRDTv}efADJm;Ky2>XY74D=~H!%{T*T@5+qU<`Lyb<($Xl
zyH+&Nfb}n!qr;r91gK9!9Yfvlqu;n(sP3ULdGw@Qj16tOg{vE~Xdp}TlP?VVx%TQq
z|EZng#G#_aokv~%At-5MTa-1p0eId<C3xo+gbpdIB2#B%R`PoLLV^9C#CVibvfe$?
z7Vu&k8tx~{`rvnoOe}U}y)<oT%#!O>oN2Pah)iRr;aDg(5&Yudu&iz6H*!Q-tbW5_
zA8R<r{3{<WM9OjQ_XuRS<sKCfHdzej#f2F@(u8OGlgOY~M8}}orI5{FGB=TDguDET
zt(}bkh%w7vY!EFv4SKQ?+bZ)ZBq;?#nKDZYE^zN?d9kA0h><hWDAjnIotqlZk6{qg
zs%D-<g#fSH(If>En8HZcXJKg>xFZ#5Jel>PMY)Nn_OL*D07rP9gXl{CfDD9~je5n4
z-NgzGyMd%yT$|&<T^}@H?Gn6k!WpzJRR0S*G)XX;n?p>*i`>)EZ6;KC7HT)t)}p~s
zw|JXn_kor=vmxf)Y_(~qoDsdwd0=W5hN8{Fsr06#&!Ly7$odSI*(BferK;ZLL+6a$
zQvU4p=)?qWtGP<SFRzUsU$ZWLhnyarC=`zzEEX{#VC<3J?7{LWAaYijE?hnC%{#ec
ztrH_24YP=ji#myKXH@a|z#9C)#MFQOR_zDrQ_c4l7G0<Y)ytPs+$JL!>nn`PFE}B7
zR)aV&Wm$t`oO$ptsw)1c=<It*pN`FY*W;7YOX$4aJEu*L!)qQ~rW2~BPmf-opJiaH
z91Ss7A!9tt*bcjmiBRh@vFJ=*E@6AWn;PSt%i@?PqN;b5(UMSm^{zR?r^t-Z#^o9w
zzC5P?*toaG_0-M9CBtHOgWYw7*DrosQc$qm_`u%J;pX}}OFYlf+3^Z8pmtNCX)QO6
z&-A{%eMsuiO8We;0FYR0yn45h_gjGXgh=uY$hU1*(Csg8swq{@^JuO-lpHw1Vrz{H
z;KS?jEgsA`9pUmU)WNH@UZuBNm2K*!j-FNw&7ONa(s<qpk0Uyj5v9Hu<BM@@7R^RL
z*c1lVy5o)FK7`vpb8{$BRTd#epU-;#Os3<zXXr%ivnoX$5R$|vrgJFM)pqwpZFF`E
zWBmvh{~{o!8puBXeOFlc!+k`J>8KDi&q9^C9Y{1r871b3tHUaphz=J->8&p|c4JU4
z8k3W0I@Fkj9pQ;L>Kf}aENBL=U%y<-!@;F55=lP#D5M_IHDiRZZJ-GnEV(+2*2{6a
zUvyv2R9}`aFc%2<s+36zZK7M8JshlLH5-~=Kd||Et~ea}sd>%%(6fE;tIW<Gx^q}s
zUJg9kknFNwi)OP*yc@|7-*m(sspW(O(^g6zpN?BD(zhP6(JVE(Pa0jBcG@!JxQ3O>
zq;Pn&XF%(|3U)1<O~3v6Q+_3HzmdUQMhnRoA}x&pcXgX|H`6w@J8^qzl;u*{<GK!e
zzq@>{q=ngAwh-J=>=cLpq0HtBrlFJ@KfOV1P_kLT@Vg#mS1Cx+W->O45gs(TnG5=2
zp$Rz<bteo=gws9r(R1A`+F_~QbF$d3Tp!81S*jluJoh}b%(=~XiV`^<F0fOsxM8A<
zO`5WtY_3(Y<>Kasmg_H|PSC`s_RP<t(RK(h>=m@kT-<7!KR7myIwZY>l0b+*xX9gc
zA1su$T79UmQM`1Sfv)lk30+3nISwKC*g%XG5<1)1M+N;0CIA|{l{xwGXUkO<8e}M~
zkqq6d#WCb+MYcq7RneSaC?$%|_SgI0Br#u(PP)Dt|K*z4`jwhOP+{LL;g=C0P=NVt
zDr|EQQ>&wJ!c@KSMF7eRrRdab<O`13x$NQ9sGY&bzrA5+zAIovS}@oxky6iB!J9d{
zZpe9GtA+_ztj;Ckj+~I18c<wpZqv}L9_eJ%T+Alz-Ad2u@k<Cbv}n>)-_VehoE*Dw
zEIz_Ek-%zrDt-9nvvg+y@r`CWgpD86*dU3CPAfp;aCWKFy9f_KI2}sjd7<|ieatL2
z{#!!$RTo)BT7-b_(OrVhWRlT^8P+-MHb_C(-FRR}8EkaTmeZmfSiiWK9WW5HtcW&e
zIGd}(4rw&`{&+R$LK*$#V@8!hHbZE~Tgq7B6~`Z63npD3?VBHVPH}Jdw2z?*)M4Mg
z{qWt}`(QH%ou4m%$QI7uT{W?tUmtXL@WuT`L#Mb>%@+T*n%VlwxfVU)G4g`k6ZF`p
z6H@P<+-1v@H}#|^MT4zyAN>&1e|W8I#NeDK{~A28LJAI~!O=8GiUS5qEfE#P9u^V)
zc|e_1fGk$|$?2)^>Sr{G($kLaBHh1?JGQqqcZk%J1_zFD*Jm-^uI&k6YFigHQpB`@
z)p>677+BMPQ8E7dg*Fs+GN&+!^Ps^|+u7lyh2^(GUHztD8}EyxWY8~Wje7O>y-*do
zF2#l^=s_btb+q<=&|wJw@x&RbL~`{P)GlS$=8xT~t)oWiMEN+c=<W7hf3V*@+$Fm5
zAA{d0)Z0bMBv)Db>!GMfZ^(>3l>fNN7Z%`YVVmhfm`5xAMoVj38EnH!>7^qm-iDiN
zZ%L_yxhUZH+Y*cr+G|VWM;)H~dS7l1PoRXxf3mxHDV17J8Oh63+}hU=_2&2|`&~c!
zIBmtcty(h%9Xc_m$**Dtyu`o1`^G&JCYw~=`7z3dz%36}_nyuX0~y{4%5xjRys)6-
z?4Td%)w3^SScYMDo*%H}^1wN}8hbHNYQ}E9ko&+*!3EVg-lh--8};v}Pj%S%L3?8u
z75XocHPe_8WK)ek+m#j=d~m5jwU~gcI{21vC#tYJ9Y4>~vkYsEx!CW}(Q=Kb?r9!`
zu5RzhBBp!(XXkFNk&rUr0h=oHu@mvUvx!ZMp?=}Seb;r_ue-9_=scU^p|fGQ3Xh=B
z&7ykkKgTrw)RrRK3xi&tcU1@jtL7hDXwY}yIk~IV!tO<R^_(I0kf{@~4V-_-x0v{-
zL@U}!Gl%JBakqh#T;xAPX~43lnP5`x-aD3I$<GgiPRJd?dqEUfn}=_Eiqd_~_8b{D
z1Nmjk(H~AQ^Rgw}Y@8aEa4tx1T!}Zt3!gQgo{PJhe{z!8E3&h<s^kWAJP4^>NI*>#
zg2gd1;^H-=Y=NGHjqc;X!Q>5Vc8p=L2Aj;!RXy+Yt<8fOfm2WoV(a{S8V>`hU5)vs
zmG51d{cI>LstwVs1yk+7)ulo2UgVTCzHiysD#}NiE0VAgL$Uml#_?bUJAcyj2jt3P
z)6@NY-;tr&xsjFjXdzh+2147J)HazDnIHyTETe01w4|WhoC$e68=IZ|qo2TN@(Qe|
znX0u4yR?i4ul+uh$a`b`FbjM4O!WZ%>Q;C1q?RPUZ?tt-?`r+h<BO<d?N-9&;kW{U
zW}SP<f-CsTI$hr=%J-+6-(MO;%Z6lTvus{REf&A<!w^hM)nztt1L3H_X`3YSaKTIH
zki4ok9+5}=;<b88D(MTjru&}$B#1Wodv4yB^Npr)MY07Scjse+!=zy$NUW?0cPqvf
zdsdAPUAcp^9@<6}y&^OlS(+MFSJOpdJk1Tdi|HZ}r6L6%I=~n1K2@ZSUW&ok3@O2<
zh$N)Wg&sgNW9xXo$H+0*%r?5x{y{+7Lar|<8GUtN5Lc{@0a30nW=#qNG9#Y*6SqC6
zUEP?6Ea8SZ1q2mu249ot0K&X!e$C<P=CV{xwThYkEqr{Fe)a6^61B$cKDT71`H{YI
zhiYa<dsbYp>o{Mnmf?0Dd!-i^oFehf;aAfPI?#`My!KH2k$LET3k@7hky6t$VtPpk
z2j?w%?mz;)rC-i8id^wEKAOc((IAig&#xR0c!HB_S1@NkA_Ya6`qo6?BWzc{xi{$L
zalam9wc%o?gwVVmWHgR74FN%AAgvMBWIGXZc1ZJ*zYS#=tyg5X^>u%5S5KyaG8P#{
zp6+%K{tN7qeT1de$3Z`@<_1hSm@<hs+0!CU*ZWEZ@>hp@<mQVNIMlIkEG<jFh)H!C
zY28zL`fu#-2i(A%W7=`@TX|a1W5E6J{Gg~_+;x%al>}`m&z<F~X{aK0v&+dd%8HEH
zFtF@g;`7_~OWPwyz_dF#Id4$7_M9V5U=zXmW<Fo|2@W4WMx$C;ckrgH!tj0?m!~d$
z#`J#g8fif7SFYG;@+p^YXwGI=@itaBodZw;E@&QQYEth_Ee}3jJ5PK1RlMhb-T@1C
z`Q2aJtECp*C8x*CRpsnc&hp9_y@B6(*2gCf$B6@PE?MoOHr1?}$PPMFn%oCmoB|d;
z@mQW=q7wfU-2{$qaer1*0Lo-ZmJ*NXr(7AYH-76ghcQk=bEx!H-kmi)I4!U5^$QL@
zpvTz@N9<9fcAkIlno!>TWDnwI{`nF)i5a~oAzFI5v5dz*tg@2bB3p_$>s=5JDLTD!
zLk|h|{<2=4H8_nB@32ZN*t>JNu=uZq@(Jt?bW>Kdp$T)y><+B3pmv9YFr${z$MygI
zJ%;iPwk^@_h4STJ#pagZBD^IQi8Y|ldvgXm1Y}h(yF9mw1jNi4I5MT(u8A6M7<v!4
z#JjYQ1NBH1>x_^p)NvEEGDW>J6sF^WtLcwceQ%m^JPS<lW-6ue^UbHoy0$oqb{y5;
zrV+6bc8WCn(zpK2y*znnWx{!3r#2^IoFFw~*h9109Use<t%r8wN-IlU;ks`K)-I<`
zLVP3fdI!$t=7R7Rb?om#q<B}nmKo0%u#Ke8wh`KX=^d>7{3N1aTCIul83I}&bSIr_
zsX>kM7%FpHNe-gK<I8s8p%4;s7D72KEy|iMQ<+7rM=l24weknttFBcD^BjZKv52dQ
zXm1qJ+m^1V$dGZA&}V!)nXq;^r7x$i^|e+@Lb1i*-%F(y;c!tY795>kaIe%^YAs17
z8$VM3jds|+=-khhKKm?puwb@fNdXD>bj@JDJ1uiVg}tOI*mibn4^l3&yDtyiOd}*S
z^rWPuY&-iKcCI>tQzV~ofAG9QAs5`*Kabx<(Di@cZ^4hFcYk*N><(hA$|>#Q;iD-o
zCSHb<t9;Amy7YU|c{O#N-F@$sWiR>4a3@9A(&9vXPw4vFQs@Zy+DRCMuj#bZbUcby
z9Npi(mvB)-1wXv~bB!|FW@-KGp6`egMNwx0rA%+7$gUegnemB2(X&dF0OPDkZMk9b
z(fZx%GUcFPKx>@4{<zW+7Bl6@(yQuEWq&a7b4e#=k|*GCT#*Ry*)YtUz18*UXyU2t
z|GD#XqfCu%oehGz_gKe%r&RxXJ5NdrbD9PuofBBx9|{E}Ki;}@!HExrK)ke?qh1>h
ztC@`Oo`Fk-!D8wy0sBeR6`OczK^%|T4v!uYEzSVl2YK!Bjr6mI%(}VDn!t7+<JYq?
z1nCS$A?-oL$*uE|<3`mgiJIw!i>cx+QjzFaYn_)}Mt-}|qs~sFrp=5~4K+z_4~cGE
zAUl4r{dxe0jk*{OM~SjrD*GnUFPKOO^~r5B`mE&Z7fi>yx)+?D(BS>WlFmQfb{}nL
zAk9B=DWuY{wVZF9-2|v(VMeO%m?pD?FLNpjaB7lU?%MUkqPG&*Z2+c+GOp!`Zd+f{
zw|{hTf~htLa?F_)z1C4%FCs3`oFeWEnehxsn{j<5PIzq-hu3l;`<@nEMg|=fzow_p
z==Iyug;zly{pVO_Asqq%xG7ZhikksuU%s`n6JW|n6D%BEJ1M9}k)K}On2wiQ-kao&
zGTx$_-jdRy1Sh)<z({7Gjr_#YY~HhQc4<&5h>RQCUv-+#E&1H9Z?M>2jXx{jPdFQt
ztiBL)-vDA1KZKdKVc}7`nV<NK)}F`m%AuDhyI)kYzb#dL(5i2|i|2QLAKTRo1cFY?
zO@)Bm?<okeK8<6w9?Mn};rd(F*tcJop3s;|bWo}rrkNuaP?ED9dx$V^wp!XOA`y41
zk(XmpnTr+?$KcdxmIQ%0U2qphMWTB3T*AY{r=4YSY&U>v>MmlTZ*cOg+056Ad%r=#
zgIOnn$3EMt8*g7t!>QG|?i0Sma9<zO6+WanBR?j_Z<NtH7v5YL=EHnA4Q&#ePim@E
zzcW8y@7R5zV$t#SG;gvxI%I9lbk~$7R$gX|IZ;0ONLuCK0hizv1cObff~UuGv)94b
z*$?roDj%Jt{X57Q2e>IXxU=??-qVqamZea|smm3enkS}YS*&yIR)-*&sUG(RIo&Qy
zY34P?gG&{7L=CH;uBk>J=&i;zxMu$LRd`OiS0ww*9fu^C{Iqg4(@-1aejMN?5)!ia
z>Z^`k$}MSbUxbG&o3lurjc8Ll02bEO*kE%_cRz1&CuhL|FBfgBzHXvDl9)}gfk2N+
za?+ILVaA99Q(ifr&t3O>0&Ja9l*nkdn-R3Z0l)E*uzkU=_Z$|U*8T=dQgWD4ISmX<
zVXlDJ8y^V-lG74<{68Rd&z#Fnn)qR>rjoP1%g#wkM#)#^$*3~Or3?1)+x!;dCI{GT
zU2PT2t~g=S>NiRbH@{i>d|mVz3l>DMdA&|;a!w~`_E)E&dgzee2OipsMuIUCOs!%!
z;=TeCcH1+un)@0hiAO6m*$^T3zh#AFlZVy#qsC*(r;K%;8R?^p!%=weYs}%jS$5g*
z(F9!F%+z>>5;$O(a-}{}X7{(Z+h_DA=*B(|5Efpkpc5y(y9^n3cIo)?C5I7klTFOa
zDiXMysPUyjE1O!ETREhqXc87i<L_tr>=Zx8^<hYv`bJ3=O@)q;JUSh`?BU_Wg)Aw)
zffiBA&1sCc+}H;sa3~kZ>fG#+yV9ol>}b%3S6o<~L9b~(KN~aHrM?}>_~kJ9!)&^`
zU65b)+C!MGR@m?6;pp-*K(%B_-OF48G1E!GItl?~T#k;f)z#HOav1)G0aMF88`&FU
z=dliVtI6gxZYC#)YLni?&m8b>HH?XxD3gUp$D;_adRDu{QJbI9UI*z}_Tt}D9)b!c
z1H42S2xyy#badHF(OX?O;6cQY`^)Yv`<L6}r3hQvZpn(ZB-K=-{zXSZK7gM<K(_rZ
zjy55Jv%a3)W8-Db0}$o*-S})ZdRUEnAVf}V_qQ~y{a~h4p#Dwv68r%|Z9J|{5QtW9
z2Z^`O7rFN%gb}8x%(T=Z7##i+0qxp{kR!rQ&>j|keZ&bOfFAHi1aDdDX+Qa-h>YQ%
z!_#e7$w*4}cSYpmsy7lDoCR24D~eKM@juh36~7f@o!+absn9+Cz#v2Y0?wZqsS8{=
zD>=yTjwfs9j&F&RS{elHRU70lV0qp#siB4=?pEd31cFc>{^poWwZ<6MNJON$Ew8%T
zY#bJJUjDoq$RB&5gP&ms4Gj&Yrc`Nm*@-nn(~3QP_jQxJ;8QQb$l31Rfg&Ox|6f0D
ztgeUT0n<=0sr1tCikPcK3aunm%fxqIHr2n%f8SvvWe_H~IA@jEMrm7u$|NEYvCqz#
z^vmmT+S*0bA~7pjYVvH*sRmpwxGP9p(#HJFa_BcSp8tjStFrRwAt?Rr%AY~8ID0RY
zQRF*)eY~2wQc-lN$QA4BheU^M%`id&R5fd8)F0m!@AqiQzh=tU?H$T+)>UrVRA0<H
zD4gFo*M8!d(L4K{H*y@UXzk>L<!3T=HePo7(I(}6glns&MpxU_h);7jqn7(=%&3dQ
zd}zotf*}mE34!@H?rg>e4fr1p{jkP7x&X5+U_aR03@g!kbEu>-eKiVj#cPhr9qU%6
z%aoBp>zHppWcfvD!96+YQp06O2Ma!tsVCyi+Y3^y-acgR1_z-iOF|na4g{3=5^N?@
z=)PO>1CK;W2APbqGLnjk_|Zrpnsp7cLsRKVZ}H6UAgQUAnxxKuAxr6?WJL{H_Gnem
ziHsf-IwR5j_vWy%2~n;q-toxTK`^G%3hPR7QkoK~hCrNbZ5do{+>G%TP~Qb!h!|&+
zRKO=m7>42WM)`{=_<|hq9gR3XYHbnO7xS{11D4&$^M_4KkS70gzqV2-P*?D37>S&!
zo+ObWDYqP<HS^HGNIt*5>v+pP+uwaJ|6Xnr{%1s$X;fX@09Ja&{xD~2Ip(|cWX+uG
zKM8gN{U227VIDjk7<RUOjHjt3+(&7VU>ltFAx1_b16rysW(9xr^^KWcfVKvgb!$KE
zicck~RCynUP3jsZUff!x@;Ja+3U!05DTvGkKET>$YR~UD#!%^IIfzAAy*?y*xHS^S
zqao94@!+UTNeNZGzOGKU?@q<pVZ-;fLBYVl{&I63odX94Ck$qd!y)CH#fs}%F&3Xv
zQDJ)0t>sMBwFoNl1Wsuw9Uz6TthbYKd9Nj#r?MxTHGdfGFB%J<oK%$<n;&$d&pege
zZdOv*&*Z${vn$Fg2mAU8)HSN*RS#Qv5p>mk^&^e>+p(}f1OOjF0o`A9cg4kf)QGrt
zr>EU#Bg3e~+KSpuazU)Rig1v+e5S(;3b*ZjL{RIiU?23BsIjz~;k`aU0I3(0Yd=WQ
zAtkl2is)$%dDK8#^ms3bxgx>o61k+?KW8-aXU>meA#Mt*pdWf2wLafeyRAu+LjCFR
zC&#d=Nn+sNs2_jcnlIeY^hDqxfZqUa*MVfF?xjx)v(t)p|H-z7hRVZ;ya6&v^!}eL
z>&14R{dyq#o*F-K@Ra?{ok0qnBop+sBGTEWgUR{>nkPCw6sPfmsK+36O6Q=|fm%H+
zXb7c&I_FiHZ(a}=DMB~68!w1CA{U(qG1Yunt)_4fhto}B9kvmk6uO=d7W9sXx8kUU
z&5S0@pt(pco3y27i)QFh;m?9<{WNgjJkNmzz$3b&qc@52glZ#ouey@D`%A^*8&t>$
zGc#P76j2z2R|_)o^Q@|zsDY8OGE=q)#D2-=>(Ao~=5F>KQ;x%tr!9q^!26kUQywq`
z4*c(8WiI?xiowyj;erA@uz{LVkj$oVd!_G;>|I!dHDrBL-O%+m(>lvz`##z#d!gc=
zz>)bvLP)gNMktQjljsXu)5fN<e65|b!(S-9>(;@+S*7<e6*Dws-4j>4fS<l(!}CWT
zHA!{fl-hSDbvP>XvcB39b#L)RUSs^EuD+wa4E?9H(8V*;p#KA^1J!7u)VTDTvBqg9
zHw9)?^e%wsg!r@oM7LtU)`Q)SPT<4oE(U(_xUYIiPi8j7C_oh<-lNhOLJd-X?$W*H
z)YgUX?M?_><8v9UUc3&?%_McDZKXNcSz}nSmI6zPLnX~UDo6l2WcOO6W@IwZb_$SE
zH6L=H3t`;V?0U2BYii^b_K(@Uea{L55FZHSZueT=L<3}3CCBE8$?;M2E!TKYQHzTk
zdNk%At;>q{1W1k51ZX;uJMAtw(y(go)wGv=_b@gps*lT;v>%pHF9v;B&`C&1kxv(r
z5Fo~jx#WSUdlCDb7iRq`*R!U`c2R)Oo9BJI7D@RU?o0nXr+aAFlAOB#+U?%o_~7C)
z$NNR}CxIK9xR{h*!<pANC{#V-f><*Ko!}agzUeNG{Xp?%?0go@!g~&=en@DI@T4)=
zoVU+*-BdQ=EgjBwv(bcxHL9KyTV3ULO#F`f4%9uWH@*rW)qslI9o-K%O4Kk<#^#OZ
z?Enl^!NenOz>Y$kbJ$KHCGTx+WIYuqwYz@codQ_>FNH73R!%@!BvgIBhMT)Cz0Vem
zi+UCGE?bvcePh>(UeGf$x4ZD46u@23%5`Ah*~YnRsl{+|dN%ZjnEUCym2%^<*|8PO
z!+G&9a|IJ|W8lCo&m~n<F;swtx6q<b+t>;iXCpXS%pW7qdhf+>v^Sn0a2H65Yp75!
z+=^bL5)7zSeQq+ULPF`@ik9Avt++VPdheN?3n+?LJH8|tg16S$1}XNcw~MrX=>SXN
zyCh@}b$VSqhT^R{r?mL+mPqf3*ZEcd{#&8^>t(joQhMss;~rX2)MEB-4kf}`m5Gf(
zQD7GmSyaqT&>@d%_lfKT1g|otU*7Bo6nzAxHueLj$H8}H&m-?N*P=$H>4KeKXDM~L
zr^ni1<vriTBrZj@dcK<#R;SaBk1+v#DMAW|9siwLOi%m!{^_;m{hJ75n>qz&rkM4#
zy=e`u&jA70Mioz(2Cw-Xc_c5dA#PIOPI?r$-4uiVg{061X#1Jf^i-ylPqL48`uIHc
z#Llv{*UD|-bbG$Hhbk8@PX3bXa!=d-FiW1Y>_1w7v4xfMtEqF}>}ckc!tXDS;Z3C?
z-w)==s)Q$x&Mx(&;L!_w{JwZGI871KX@e}fayPlIDiWhB52%+8^3JoeXE!{CvF8&d
zyW}nG&2|)sfJJm2w=iI=vY3Z%HF*(zB1Ok=&*F3suli#;#*RxbO#q~BrpH{ocPByY
z7DsX(m`jIdRXojZ_B{!<{ET*ypE5-EO{uMAWs4>M5-5qH@DHNS{z#LQY$~6xJfydA
zz8axeDjm<WNHhw>z#QMe!J(;ed(=WOuwTb{wNi4)gLw<Fc=ggBr<a#j>hU6oaHS@Q
z8A)ikm*b6w)c6Qy6QfDh=)F<F5&}$8oZ<Q_$|?_P3dM@Wzkk-Yf9~xs_I~_wcbAZ<
zyLdYF6BMxa;jG`7+-^`l`|&<~#Uopvsh6pCxjs@w2ZggY<5D(tqN|uyQ`?9tx0l)s
zBS?_N?EyJ_^_Djw^tI+#y&~xQQBxf4nLFzA;RPX!`Bb9}vr&qg1dmniRyjIfJes)e
zWUv34rnIIz5<fT{{Axeboaa=jZaq#(;ZkpK*C3#86e0Zdkgif9KS@rmTre(B8ySPe
zbFYsaxOJvfTI9*cZGLT^IP)BPq{^SJpA{A|9P#D@dR}hsZuJ@4dh($cRuJgmem2y%
zqnRhqp@HnIHd5Q11IUC29+%h8b8<Ox3*-Y$<kFbb>qxYrTcpNXHx(f{)AHi!w4lrX
z4k9jwE)KRyW!V<OUWtQM(Vt_kv*}hDO6J=UO}gpE)_5C7$F2mU>dl?@)`t@Nc{R@~
zLY%jyup@UHuLo1njg0mY-#+cp*!tei(RLy`BkA^?b*pS}l`9s3kfsn-V863xl(Mzl
zCcpEfBwjC8zQ?O^KPCmV#uHDqUKu-6af?Z(*@Euo=2m5e6=<0{XCnJoV7%klb&a-i
z>T8^<dXD1i(sFCX`t9Pk=)?$+k`H*DVjp+kcK6SoC5tOswr!fl3t+;*!QZUzqV<>S
zU6MkBL-}Pgh!M_q(E(1ZtyH3@w~dHjTqy|AH&}1$?|<e?vQ&~tuk*KX_zA`6FPD)>
zWd36c(_D8&#t>T+luUDTwiD{%MFbBA<3a58ik^#2eNV5kX>id}WKnZ|X>SVxmi3&N
zwkwhs9f-ih%bm&v7t=IGN*z!DQL9BP4G`I$ESC!+_P|WPn<u0llsU!si*D@JYj9HO
zVSJvRFsjUE;S1axfW%Hd@$AQFP4*br-&+Gz@GZbnfq)jx{O$x%NO&=@vhrQ7q^H#0
zIODr_m16hG0D8c>oX0PdYQq4H(TL_bI;tbF-VZ0xPgQEATUy&V1_BCmc$%*Lun}Wf
zx61*DRaPrX2{B8tx}YbW=oL}dq2ObCDDYd`&-#)wI_2)&Rs_0O?%Z~`WXBoHFWbH{
za6g!paYgkuI(0;^K9W)~z@z!zjpiBQz{S;An!S=GE*n%)-R7WSvVkI@z8OIQ-V8u~
zhk%4xFq2Xs=wjJ<-@w9p?YGVDPe)#d_pr@k<CISOQ1p72>#NJwQ{y*peCbkWJ6hAu
z{Z<U(Jj-FyOI1+$F+m%FfHKguN6T|As9)*bveq!7VA{^RgGG={GQ@i6+7`};+^x=Y
zyk(%m_IYSAUZf*nT687uqcXuRWjirMl}c|W^Bnl4ePB;;f6EK3Oz5U8Bk!B2TrZvF
zxi0Co!oYBj_1kU$!j2Y;3fh}5KKCWjUPz&GUXFDFTg&43yyHjGO~ji@&vC_K)eCe;
zTW>#>mW6U4?*+l<5Y>pOWyu#)A0`T6wh9{nJ@*YE>2)nV4;#S?Al{RbqT9J~);;kz
zlJw+KAWUX`^p8>;!0rWkU(4)C*x&w74mYr1UU4W7cOxu>%-0)PFGvrXPg)0Js*01X
zju}lrULO7$<9(ZnsVf4&x3bykV!w=tZR*7kx}hr+px5fIL?<SaF9?Ei$+w$k%4A1r
za97^E_(Ct#)xqN<coS=D8#>yLy~pd*ysK@|UWM`^b}Ft?l(F42P3uY$uAXF1iswkA
zv&-(GW)V!B_~7!~h>!L%#1l5QzBg1X?<JGNey%Zx{exkas$Q_}AYPHOa6iLuy&|HJ
z*7BFv^&@@emThN}p#V<gfQsaMh}ptip)FUK0=4<o31aiD8(@R2kB*SZ@^asS1qM3<
z%eKDB-s_e2YCNy}cHNN1*^8Eia@41a;>ogmMl0d202-`cR0B|fo5;?vDR^pG2jX3;
zneLz0D_MJ$Bq1a;WygQuKl&Mz{oiPNLWmIlm5;~9XvqY}7P0AEoFRV`GXNj=#D?&j
ziSdmK(9kX1J*dsqOf`|kAi+Mp{5>amB`HlJMURslU^K;3zTJM^#AWjeG-6QK(D<mB
z2QP&es~Rz=R+G3lJpGdMf}q2{q7w#^%30NZxLAhsY$mB;qqDDFlb|dTK=Ika%9N0$
zNm0Fz=iQ^O{gWP<S_|K?)3w{7+u!=vzKN3Ia+G5PqVHuZea@8E?j=SnWEsB8F)Ozn
z#kaPx2_Qk*nrvnQ(}vAuhy!GOyrfc}X+JPn%~ImB%Hlmq={{c>U#t6_0Cej#u9%^L
z{?F}gdZli^5IsGHgojBny9Ge~uXK`g&nNH5&B~AF@c>uWbAbrCv)du4NgQoGNJosy
zb{P-cx=t|U9dx-Tmq@#yla(E>upD<ndVYp=OJ#vKCA4>0eRpxdd*u{6trBf0$$UT4
zzitbNRopaUrh$xsfZ!tb<3qfnVypYy!;xxn&ff;MNWR_=9z=qVJhKugfUw^#Fgd!o
z`1R+;o}4^S2Mm<NWiv&B;|GjQ<><a7NU#f-aJr8@5F<l2tJUdn%3vTL&2CVhu>aUn
zx9*+ca-cQ<L0b?L&fcwxyMfy@!Q>q&6}-4&ajpL80g5=!jJIU^hrp<K3ec59vH9_J
zPxIaD3`I5j=KL>`_n-U2!b7`5VvI(&Ur2@-fI804Z74JQF~cn$U9tW`Y4T$6a`o6U
zl>`YE3<Eye-+UZzBrcdReT9wPu4y^*c3Sppt>rtQaJci(3=1!n#Ubu-Z?ZuFO{xRx
zE45zpDuO=f)^>I*u2ynIlUEL#=~pYs>E{nTTYZ|}e$>b-7Rb-&d{(`j_af@ffAI_k
zVxh_wq^<YNK~%K5Ob&-mD@axaE^**Bh%h7Gnk!ZD6p@7$ZO#ruA%JVnvMBn<;7l}@
z(So}+>2T0t06OKsl<y^(_EqM9u@Fus@A2s|oCZ=^y0<Q@7Ji{!!zZ1sO*PdjoIA(0
zwz8SL3V$Dg$~688bZsx+Tc!3GKr~j}9CqIIaKAWy3y{dGD`%aHaGVO=*j!E+0He|9
z^&KA_jW{|yEe6+o$&EYc))n{3YE%F0P$Ea_%=+Kx?$Rr46FFh(urONHo)E8L?Y*!{
zn`_mdGsA_YdwZN$8;x2FIy;;z{q%M~=)<|7azrXS&eZj4+&~^6zn>h?vGSTCbW@q*
zymJEvP|BJjl1D2j=@fS)<qGA4BgEU*OzbK=dOa(5;UHo;V_S>0hci*&&e)w)z=Q)}
zAOZI=agTHo?S-D2Y&T9??ts<}L#cXWK`jyFH~ojMjgq-zP^@%SrLJE}cf}^-Uak<R
zH+y3Ju^oRU22ZEe>|;a!|H%3Zuq>CY?H5Eqq`N`7L6B}qL6Gi7LK<o54rv5L8kBhH
z?vfIa?r!Ol?tj?l-=2N;Hx~*bJoC)Vnw9rjYoIN^0%QCO0L0@M>!tVu+6%ii+vx?r
z4JgB4?xO=pihA05W9)Udg7Z4%H*T?%B+=MYh|wzMVeik!s{1>)ADL%QMqnO&@##xC
z#`pje|07RBfcprA_<rLB682Tm7qHUu^71m*bv`D|claGDI7Ac5px{HYy`a)4S^jH^
zw(?63&Qm)2w!%8b!{MNknAAAN95vQ#m3%uO(i_<we5bxl6L$^tOajRTq(lgaulm1}
zF~RVfs(yOFq@nt4ozcnbW1vKrx0r+sHI1An-cjfk*+`xWLkBI*@_5qI(k&uu{jPd?
z+X86T;zIS}*#oi%<Oa<z-SjciwWbN*e?L}Ukd(2gzc^={w0ZDD;}b^(e8u*tyt7o1
z@DhEd=V^@5JXemw>*n^MPpM%1M^9h(n^~9DZ|@FP<ReX3v!L$%`3&(fi<#0zT|2hT
zQ7I!TWBdCyuD9_=5T*t_m9Km)iVn=T29KJr-vxiRAsiyE0X=xFW^O2jZZ2e>Q#+Ie
zo@*<sP<NfX{M>^p)Vu!XN(Omx{-jDP;zu5S<H@$p?$o!-=vNBb2XhKLaQ7`2R~tw&
zYWqM73ID=|b&X0a0lY*DcaJN(k8ZvdxSITe^#@_xldWk9Vj;&9egA7iiR#;WbpbpR
z%qOG=SBO5_`njKajhOVCdJNouBO#Sq=#Cc?%$N|gBoHdkI~ajbuW|oX|H?s4xJ;3x
z^BIXp<vt_O(copioe|fpeX-cD_y$ZO#Z|MV!(nffGkVC|jWvU<d#-K4W6jeA)2<_(
zCTETXP4gQ9DNwTJWLg%V!;l7e-o}!1plesD32C8$eUqV+i^ZuknZW#nOte&Qvpe4b
zupBD!g!6P<e0+Zf55}<PN>~vkwx6N-Pu*|g86!96{NgGNh{aA~1q<}J53%uRKSB#7
z`y49u6x?&eU%R^@lFvkI<KjL7#k3$-6#4KxuqB<9!gk@Mg;tQ}sRgkPS<G+^vrUsJ
zDgY)%FNuI&9ONJyM3K)^ODoyGiR2{_f*3>min9)EEEA7#lfeA)!H$35r0q+^PLXWt
zV~{-c!kQRX^%baxqzrXr`YHHp--ZRzn%ECil${HcV=J)L)*Tp#G*?(8Lz2KKmRNu~
z^0Fsk1HkBm!ldX7C(DV98c<Pzg^8)mAUCb6>lcCYg$p$(y9prcr6?z*McTfAaQ}m@
z3ouv}4Thx&z%m2wBs=EcYTt^^-?GyKtf*L#+Op(Zrm&xg8U*NY!0i*DLeVx(G>n_x
zU6n*V`B5g(1<xy+#VG|tXOZk7Sj~v29S3{kiGjZq3<z&7JhJFF=d6w#A%gMx3NPfv
zyn1-@P0sk_@}@zQX=Yo9?CX3b{bkM~tx0-O5j#)s2aQ-#rLdE%Nh7O%1574bL4y*L
z<k?+Fp2Isi#{Nr4duF<4IP0C*8XoS-hqvK+84LIY^RrAmX-=L3%R74}6BQ~>n%6U0
zNl;QWVSTc()3es3kLm>;Hs~0N{j+Y@0$M~{$~V-DG*eq^ZfF+bj`v4r!#B7#5_)yr
zoMkNV5A7*J{<7gIu+*5{iBSA^9znRgj!2yMc|B|yA8aM@@p7tDnl3W}FSwe4ell4B
ze`q5y5#%)faY(|ncFBA3^H2m%wgI8P9tEBj5)L4L^uV7e^Vomo;rG#ej^D4|hS#u<
zgf)gkTJ<$U>?ByUaDHW}8lq~^y^pb`?4(4QnN*Mq{V{|80Py;2u&=C#W_K)8O1+tH
z|MF1TET$@@#)0eV95+k=5i$m8RFyzvMe(U&LJ4XpKyHW+i{_uOG70?w{l_D|mjHeI
z>C>3R2Y1=srJj25!}}F31r<H|ZAE3rq_}lEU-uPXdzCd)Q4z-DBaW(;TBC{{mMT>i
z;rG@DkjTS`!NAf_buTISt8kp!nnKn~2MN*<Dt7-?9*AS#AiJg85j)sO3#|X_=ED>Z
zW7C&HxnTHpOt75<Dp)N=BO3yU8yOmRI(59-E3AD%0e$x$9r8c30JmBZwJ%{r7!tak
z1|gjKT1FBD8hcf}<Ye-L(OQM{=%IbfpP|Ayu8wQuy{nm>KWwQ*telTE&M@&4A0S)*
zI~*rFe(aWZ53i;bCIg+-0`GrcFmFO@n;^i0s7F`VtU3a_&c!WNTt)ET?-Wl})!A)x
z=i-$5I$K`lnvLy0?IQpGELAg-+`=8byZbX&D@l^6c@u_z#XA181K@89PT(#IOhbA2
z|9vC$w2(so|4`fiKV=H&=^2mPQmy}vt|p##IM%q(zvs_|XB%Y1r*<*aJ=!%+`9Bko
zBC1=H999+BMwHM-J}i>te;2vwd*tix`F2*?(vbwH82@JhXyLCzu^9!nC#QbL`}w@c
zw~k;=53zv%-_1S|nO;%C0~1-ioqnQpsk_yk5>oi_e;4v00~>hij**IEOgJL=6!$v*
z(9d7zD`*$VTWeGk7d)OwL|ajD#U7gX>-qogCE8bsG!z9Y4Q}Et+*R=^tbe~lSj@Dc
ze{#BNA^|N3H|BBuC#>{mt4TG|YcDA!EG(<m%Q|`f?+cUylGj)vcw4m&=2hYU_vDrO
zDNXiW1JewBGC&K<(hB|e^5P+`lZ>@9eXrtvDA2JrN~#bYCCdJn*uXt+1d!^BvdA}8
z2^ifIE8<nS|5|~9>tePLcnjP?GS;dJBWn;h{r4J>=#{iR)<_MGZjP*;%d1%a`z<2|
zb#|UfnrikPxYC2CSK<6?iXl2oE4D?(sVp}Fd|GJJe|f<Jy=4XWdP%w5tS?!ddDuS?
z!~c0a4yVs~qhF?<!Gy=d^zN??oF3<W;Bzq#_JIgPT7CV!pD|M&lTPND^78R5_0WEJ
z1c_BvvcD*4Vb&U0^1Vf$V8S*V)c;QAj;c`+_K(d`d8$+6)T&<G?D~u`Q)c}s9MM~u
zx12hR6j1sq7PbYxM&6m~CzIiM;}=)6WQt#zxZHUugHQuL%921tKqaxWUE#O=77Lt$
z^}<L1eh(3O{c{gNh;4soH6oH^1{MNZ%`+o~*H~gjcGo+>Lr(TD@w2jx?bl~e3MN1j
z?4PmkeSeJDF_eN`o6iu%+1a<Iuo%b(Bt@Q6{@84_O=ziU<`-{6xuJp$V^dbjp%zj;
z7YkOFT;pJ8P6g$9{c*IDNg^~TnO&5{%YQ8HTnVs`K0!aIO2WIbP>UKZkil>;EFbk*
za4_!ndQ3zvuX^fy!w?&f9tI*2h(yfiu}eDn=bgY8`|(9ALbVhwg_SxfKlfS2f<i20
zie$g(rTO~{5(d6#1q!?>18ZW>P^qCmVKL79;QRN-Y&)qEhbJc@T3T04#Sc-5zsI~7
z10tYQeBo~0!cyV~o?=tg+{ptG0L9zm`_8s6@!>@C+GZ52+khtY-vQJ5#2s(<{qMrk
z*Nx%6_E|H96E*k<KH%H|ARs#<BV(jImA|USoWxL$h_ZDN4QK%|32DCCWi|F33|(*C
z__eh!uC5>upp^p&4wCiv)<d1Gf%VR9Bfe}p#{4O7{KGN))udQ<P#du4IwO9V>(qTf
zk?37vm>icxN1w|OA`E)r15}vU*jW4ZZIrJjZ`IrgeD6-tG3P)ZmHi+6ePSLj*;yoX
ze4$@E)&u~m&A`~$|K|HkfDDC&Z1eDEdd{jHp4fGdTgLEsZ<P-_aas~0At1PmOLQ;I
zMC37$$m%**S0kdKiTSjUQP@hZ{*Dhj*Ua!11c(uA9D0oO&njEaJbZi^uU3N)p=6N2
zEJRT3rPg%|DNGg0Fh1DckJJAp@cU#pk^NC<t+OB|fPR}=Q~q}kF~(CQ(nL4o6JhFR
zT$utM*l~>(3BG#4I6xQz3sj^f?ZWMP0I84r-5fe9>e+{5wH*BeQcx%A>DOv@|96ic
z2VT6JJpeUQV%sVQQc2rdX*oTUK-uo)M12>d-yIv|akF72AI?3H>+0Mtc8_h*i4uJ>
zM7+bj_cd#4c|Mwu?iFr{-Tvy=zIfY?7e7%WSAdJpyGuVcL!g%e`Y|1CZRk_dau2TE
z^d|?dY%TjQ?e4y1EBdMt2x{&FH{}`OYX?WiR?AU6%syt1d$FHsysC4H5QP#w-KN%y
z+Tk~p0s^lOcpUdeFd)&Xss2vsUZI~pRU*|)0;h9@Ub=;2x{1kK!_MtfN&j7roHy_p
zyl8sqw`o0lpE+Efr@4J#o2j&UXV?4*yTESg$Mc)A4WFJXr@b3Qcr*`KE~U`67xCrz
z+RckW4tNv{bCQ3{NbnizR%7C<aqug6lHG<Vb)XgSceMiLeEkM5Wn!B}n#PgeZ%%gT
zQ5S15RNq~`VhxvA6cP-F?}TYxSU@$FiW0F?$Y^^pj}O&hY5(+U_0(_0BqfFT`E5KN
z#-=`6Ni(}5Yij``6&0c~?VG&PX1SL{hP#^>lKv}@rGtZybq;#|4Fw;Ew}5jb3@?q$
z`UM>-giGnk2jEh>{cz5fqQ+t_U_A4-DWjH!pP&Dyy92ydm4(gkRX996v&PG=0&|ju
zxlKn1Ac6`rdCs~)oq64(i9+>fi3Gx4U7r>s)oFyIs;$3AOpHo0h#sUxEnk)m;_FTv
z8>hDoJ$pll0#eS!X*z4mD34Btd{v9d{)ghKZ0@9AU_#U%NgDvEs8%rUdo(r0v$kQW
z^=NjcXBcYoxu-l5^$hW_1VLm}#`WHp5{IP$P@VbA*BBl>mAuw<#>q05#b<MkZcnK@
zzhKV*r+j>38aIIz{6ngf^joF1_4U<`Q01wbd$yI;s;vg=ub7Qod(=}?QzAtSZNU3i
zYP=zoa&<r)_VJTZU34_LYkfnK&KuWS)9Z04W=B_-;X$)lNJwoM@E@0j7o`%%(FmEb
z*@BB#7U(|BZe(O*ym;4M>$nxRz<zbMrMTQ&9V63W;N<L#N<mS)vKVJ(_j^neB685(
z(AF>3Kmz={%LV<5s}FyEPCr$M&k+In2V(H2+;ybjx{u|rhQ}J=*vy4|k4(KTy>G<;
zSwkO9Qc_ddoKFzr`tm{|RQxhVqDX<%u-~7f-W9fkJ34wrH~flzvD}2C(sowHR!?}b
z-h8?|i3gM;3nKHn!P(*V3N-G%mynk)<|#7nb}p@`sK|@_hY)xxc*%vybcW1+;a)z5
z+o}3P{I&RbiB_r%3FJ=59;xYr^CQT~-hBI8t!<dw51~a~wu_OIPfrqP0b9>?aj_R*
z+(E@{xzDWj-n$K6+TZqb`PB$dln)2!EJr@gC$LW~Nyk)85*L?MpP9w@yxHH?<^&Ox
z>4f#6K`c~@H#ntDr{H1{O|f0P6LWPxb40}K=SBt?$M(#Y$Yh;2_A!{pi5@<U9=9jU
zwvAkmy}X=YAVNZV<`@%jc$CFqqv>SV;kDjlP)w%VCF8H(zI`0EhJ$g~XrzI!?2aV$
z4PjKzR3SVt)&>E|WLt0cFQ&~A@{EUIOFFCdT|!qkSarMfVZ1)yZBv2Bi<ucM+|}gh
zEN#6^n5sszMUh_bDRADmhQDKd#@34FlY@4(4bB@$Xz?a>;dfJ$!1IlW{L->v;>2Zt
zgr%`92cx9@C_x6)+^=7kZ{saHj&@=cr|K-pa0il6wE1~KiV&9P2ZQT_h5}Vk`{2)j
zHZP_$u?g{G>^<EN@%|WB?n|U-tzMuV{;2itQE;YO0Sv@x=R<qvx5(l5dyYy)2Q#;3
zfqfp84hYYs3zcw<JA*B&M30mRG^as+xvc$Me>=(m2-7Ck8J&LcH`#;_fLZG38HI;g
zstkYK(bf5J6@`e4tqv8qQ%;kcxe&u1wRT$yiz#NlBtDq<7FWH`;<U8A&k$L1Z&jhE
zKn#%?vtZJ%lDF!&268Jhs**!9QP3Uj;d&48OM>h~g4a=XBvIcOCk$@8N=m&})ums{
zbJe943EObbpj~ond*cSneG4iH`}xz#<MQ+z-uulfx%PA6JBCPb(J?f>#DF3;sSwcI
zFjgV$Wq!wZlY$Ow0oRMqolc<L!Jo0C_~`Qn4szAN;)=<GNi#cs)#@5ku2Ir*=zHr<
z^ywYRg3j(DKPxNQBqig%exuw@!pdRM6c08wKKvIL@@=(3J?L>Y%@r>z9o>ui@Ww`u
z=hXZVP%ye}^9IPpl~VtvE!NnP5q5MO5@W|N;6+}g;`X09X(_twpM>z}0FDFnnXbf4
z1#%%pqBRs-L%!6jQ15#VUS@vn>%j56Tm(w0+Gf!tke06#75@G72VGpz2+Y#Tw?4`H
zw1fl}FScihF9Yc}8Ov?&p8>T(GB=gaQ~to%U!J6r3~6rSvK7=<M~-sZ3;5kT&<QB#
zM{}I9;_W{at{+z{KT;1pNyzL4(r!Oujen>TisysuPF10C5Vasf0Hlw%+M`C!_QT?W
zV8`;RcY2|to71+rHa@pGddNFvnlDU@Rq>(iX{7rA9Bpcvl%ijR<tX=NkWDKmtMZ^8
z6HBh95Z)(m6W`IT@)6|r!?mkB3~95*-&laq_G;(fNHyx*%x<ZC1Co6}97e|_o4qG6
z8_@s0Dp((~lYI62DIJ5#63DuwDAsAuAKj4i3ePCWQ}E3i!QJfwnq(&$1r>Xr{HY~4
zq?ELTn9vWWFX*@Do%{}H?{3ldW-Nq00deD>{sGn>{-kp+KpbE(L*r-%$(bofvmRPO
z{yh}?wf6}EeCyuXF(^L!%Ytk|pkO0Sj1DO*<hOGwdIWe-l(SXT>U|0<q_&~HwOb17
zLKV2;kB4Gp63xsk8Bu4arZPnRTN%c)BP)(X%0l70)$p*0)R#|oxNXAP{m5G-(G{}P
zc03Uw8NIWXW@giJAR2SMw6an-`F&wRKC&x9Y^c^A5nlKdE;d%F^kA@^<~ke!@~ziV
z_Pr$?J-uj-{Eo9Rs0P*9TAQ8C74N0uh}?W{&o3E?&y=%{N5zGRd?;q%L-wE;O;7V)
zY%JcFn%!r9nMM3V^b{23(opdr)qP)AZsso!0W1hO^AAbw-XwUzpw2x7sxWUx6pzQ=
zRX@_``{XPo+~gYsbJ%?bljr+ubF+?9O8H+`w%9cTNBdMNn@pJJRC|r)>f$Wzb!$9o
zP#EvdpRnlGXC+3G4#DktdU~?i>`Ei=E_QcdTIgwtG*Bpop3P!9)v=P_2|D2(uxLa+
zh?3?QuSH#*l;N5;Xg@!nVOl{;S^n|9^$kKUMZxAtf-As?gPxLx;I2aKPNsxiq26Ru
z($sdxcK%UOcuLA6=nIWW8o$m{-Jz9*-?J#5KR);Mmnw5Ozaz}AsCo>4rOqQ*saVRR
zqohP}mYSMcgtGadQ2LMWSmgMvQ_*}|I__VDfe6gc59K(?2Gk(?my|@|fAVUS!qaJV
zB&cC{hoX-KqDeK0v><l%I^pPa{ERg=+3d5B5MU9rUh{$0E&G0{sU$N2+)@RHzs&K8
z;Y718S*QV@_lG}gKU;Ls_NM&j<uj5IZFSc}K_7f@>nuDPHEI+u>I#%q?>O?ky<QrY
z-!oL63FBj=d>Z<SUR5i>Ms{-v{<KJYm{4V~yW#s*8;W0tVPKXtvAnz-PH>Z8#Ce?F
z=m<M|*+DBtp-vTQ-~D;0-j3z`ryUn<^VMji+=jX_j9_I(#0-##WBBau?p(O=`h>Aj
z(3T!30G;oEvZq>-^$$s|LW#;#Pucy;_noE8$<PM_*i}d=C`D&q3ko5+HcD~Z-wcXL
z6*Q*Y52RoP`@@1->Fe*xty&fY*?vtM;ves_xw<E_xNz6H)n)?yTQV15^F`fLAr2~I
z%=Q-mbKGf|G>1zvQ^Qpk2~xs3_fTvxOr1#pd;|o6y^%@A$aMLIjVfQif6o9od8a*@
zEo;T3G4q?VoyT>d*e5{YMCW)4X)VM0a!XfM)~5XE%4jp=4u7Zw?<;0I_BjB=^BfI&
zuhdpl#EBC8gP_0_h(usuON)t*SbHnCV@5<oR9kPMb({c{@tbsIRlR{lTKTN6U*RC+
z(pHCECp~tKj%;+?n>}8ev$+VsJeQi~TBf7tYPo-JNp!o*<}cD5L2l4hz#3Y#0kgEU
zY`kIzAYq`~d)O+a6tbi_WqZO1Ff)vRBE51}-%$5Ow}nqWa&zVzWxexONTyiY*bZ8A
zII!?9uFU<Hd+77wP4;ntaMw%v?bo(Q1dovU=3sxt)y9TYNvV>#tHEV2pjekLOMTGB
z)osMp|B{-E%N(cpwv?Q<`}f_<KPriWE;2@FIt#%~*J#Ui&)@9a?)|)!HD%70)(lT=
zI9tv4^@K6kQe^#Li(1Z6fkEO<bar+IIEcT$e-qCe(31hsk{t8z;xe$g+7-Fa`1uil
z6?kap;t%R6PML8-#3ec(q~L-FQOlekFGnuGynu*oPh8hCZf>;aW%dd<1?Wo~Pr1>!
z%RCe_VWlGPtetPOY&us4Qi*|XiVVRYYT@P+7{TSH$c|1+3vGo6SDFuFb8&sK<r;f{
zr}7x}6qkMhH4iTArah>rzLC>%<K1~R+r583#(2EvGTULO`sxXbq>e;i!k4=}fBzlh
zyE)B}$jG*$soBG#9sdO8FKr78@+ljG{@(Mc5f44&|BMfaf_A<~6&tL}(-{7zN;(HO
z#_0eQaWZKSuw@ZaGNWNn{UGWt>XpviR@A8}DPbt-*42$8YVX%dT84`(X@PPFj2d8U
z5`F6Ft@nS^GG%mlzP6@vb2wUp&udhQFAmV$;u;kS{^c?f7-}B1xYT^NKFO=I2i1ln
z0nej<d<9}jPmlEQ_ir{jb)~}Zc>3PK{O5U`POr+4Fw~2)B|he$Q*j+07g$!#0Y(OL
z$G$Esf*=!?ukW4F1T2`m(qf#rNQ-llF&E_QY_zr5ZJ+S|qxA=HB>&~lQH5fr8m{K|
z-QOM*@}xvZ2ki3m!kc`88rjz}S$}X_ysahCZn=M~sp%3f&&mJ*0t22JXKmdI@!CQA
zwa^a7FsCYcySk~4v(1S&F4vsLmcgqlp#PTY4yYSs<49mOsM`^1QjnoQ7hb%v2&z?n
z=$8b=E4RmGbrPX)v~N;78v_}m(~?ZeBfEZ$I|;HQfv93+ULJm)YS48vFu7;#pM0)y
zr3UhSGC9ZnryL2l@hM%)B2;S<`07y`?xt*C$aw+kZ@#r5a^7FCW!nST7F?!FNcX)^
z=nBQR;ZswS`L=FL?&T;!1ct(Y_APlpd@X5lkCmIYpb?nSN?lx!`^UvmzJLE7gT!I>
zt<R+wXrwaCRx7l-yBnR55P1<m73b@cecbo<@c1|ol;sHfs9KBTPBcB;C5)cOA|-|J
z0@((VHy#q+9N5@+L#X*i6%<l3T6TAUn8TiMENYR<A3M5;NlT-Lg?$Q%h~T*3$)Koa
zr}ra*YinyG1+CDfWjStKeM2_&kSwOKA<?lZ&QX^CaG{;Y)<n^Q44k!icO9&q4@*k<
zlb=%N1a#`0SM}7hd$ExMMJ+8WeyKBX-bN?xd~Bq7FiCGZLkRWXIDIpDt2Gzp5mP=z
zKL1a}1|WG!s#xOx_gfe-yi@<%(uY)JSMGD6T<s)Ih6OO7{~@SCNYO2_{l(RuZKkOp
z$4+tq&-~VpzP|2iedm{@7}3eeE+qwG|BxH;?4-zMIw^&6!Yl*iZq}fxMoc7T6=Ao0
zO5^1CKMK@l$>c}ecDoW}Szw(E(p1Uw=pe^(h<FMACx_<G3s?|XztFMXJrGw@zndF@
z?|sZEW4y8gnGgP#Q&&se`fGfx>5s1Ar%EjerALTC_42x{15c1uluq+~zw02n#45y+
z2CiH@rR$MpPR)4|{WM7Nef{9SBN-j{(+vlQbkJ&)rSnhBTTi~iz`T?aAy*N_hT9_V
z^a~*;KZ7;0Eg?Bo{ggF@QFfR`MxH@Oj)W*(k|})<Epv62bPzRf#XdbBUH;DQo+WOc
zcT_%hT9<X7cTn+TI3_E0NKGTbOP!aQY82iW5Mx9YW5j?>(;?kavh8WzQnIUdlIVhB
zHXXa%HRSFBBKZG}_B?V$>pVTueO5{I1U^P3DWDc^b7e+sz5;(DPCHs(vWXnej7M)i
zM0FnK52piPWUX8xb|#<u4(+S4`Fw>w6ESyTJn6r#O&Iq(c)XbR#o&Jf5aSxdc4b4-
zN0wLWUM?YF=*3%To*wFxvFAJSP*VQ~pzognT~O)Q&_QgADgM1BKJGtcLlv+jJsH~z
zvpSCcub<2bOHgp(+R{3C+?T6-O2Jdo_Y#j$7OKvQ{3l}gaOQdNb~I}*rKtjH1EBlJ
zF$m9CV8FlH4=uvl{^_R0P}R1Gq1K(RRvp92>T}Rbf2_{DdbI8TuOAW%w9MmAr-O9N
z$U&iE;)&D~Hn5#dUvWPei0h5x|7j2RU<4?h=0YJVd6{LZ^H>z=DU-R|^?LbyhX3B0
zHgkJXRTyKtap&MXo-PAK=r*rK3Y7R?i#1iTrglQfjJ<xTLYOw03%!+86))aKMOSsf
zgk(d>6;usXaNzP7U{xMVs!EWjM185Ih>|p)eXAM>C*rrG*za9jpT?gkQ8mP+@T|aR
zb0IfFm#GpNf(k(u^?_}LX=~brWQh3a(v6|Q$Sj+jJG7lP8l>u?N7II|Z3w@lbJg1%
zrV3$uQtU)GLqjomx|uiD@{cBW<K~wpV+HkO;?x<xywzb48)LHT0S%}#!H7gd$zLm?
zL;28iKtp&EL{;p7{Ds-?*a$CGA7_REiHKNSU`SSR*;W?^b<2~tLN|CH_)9Y@gh^C9
zhwj;ERSLcI4{V9IPlRT~G3xv@NW5SCAr%TJ#1APir6$P&Ry7df+lc}tfL~Ri#8<@`
z4kJ+vdlVB!GF;qE*Xeusvdu+ws)$_0-mcik;xz&epQ=P2lw7jz=4^ouQm$k8VYyX6
zHahxQm^23U*D&_jr-C^l>^~d%KmOqvAnFSJZjb^EfRO9hlgrqXLluVhJRGZdk!JkH
z*lBVdC9swoBfl?;ytAm-Kr#~5VBu~5jjcEWw{>Yvkkz5M^$&I?&Iu0pH@`nLE6qqO
zr9JWkD$zFYZioZ36r-~^Z_0Ab&)OKMbTl+0Mobj+6)MGPDI$SYl6XQN8}L@KOY>Ei
zred%|Y`8-#su?xGhByfmao~SLrz&lq85QKR{Hn$Z@W5^`VESyn6m>~qykH>?kfQ&F
zUoWfD-=lz0Fa<tfG(2n)DP+E6+@w&g7Fu2w=82V4C7LSm|82rPe7?l+w;w@=8FQK%
z>M#^DZooky<{EQ(ym(6NJZ3*tQXjK`1gRjWc!O?$EB+Y{hDOwfU|=I~GU;)q0Y4(!
zlgnA`UCTg7FnKFXD+~-OjKY#mbwdIPdIn^FBe2Ga6^}1y#R38Hgh71#k`5+XWs*`w
zI&fCE&nR=F+%i?eQCl^T6i_veq^hr?lMtE$4qWRrZXT2k8ko*Fu$Ng|Jzm@}^2<Bw
zy&THWLN}r#Kb%hV+YM<4#bA!u@X=V*ZWF=CS9~dnj!OYB|2zX6|F#QNX$X4u)NqH5
z6T*@lvD%BO*`XhXfuc?C{SI_Q#S`c#l%u1mL;fN^O!nhhaf~Ftkk^VYO_!}DFlf{d
zt+4_Kofv&!+f<X<RnxKw)wa+fo4?zg=>8&d)X8i=woYHRstiFu|Jz<nQ`I#6f~;Z^
zp1~-mBwP@hs8d|gR{K{`#^tEpR89PB!ZbTERC?Am+5c3zF7f=27(YSCmF#Q94rrW-
z2>A=mEo!pL+JjmNvFTuaP+*mG9Rza2FqJy|Hny??UaL=~t|Qe|=sc@w;>-CChvTD)
zZh!;#_GL#WJ1SXXCdCV3CUxRsDKk4gS^EJKvZ5*7?7Gyb7*qtuaW+$~Jci;jZM%s1
z3LW<}a$LAy65o$i6rn-FD1Rs-#+yDbVYOApO5-K={wCq79+xJ`=NIP&IA<XY{;)ds
zIF6R=@T=-R=ADrf&QG;wnar(gG6Lrbe1cVu5Ba6g=a-$!sh&xEilO-6{wccWFsiXs
zOr)Of83`u&mP}<7g#4%KS)-kS-o^77z%>xm{U;SOpi5fGk0)mY#EzLnJDzJsd7B8H
z^}+8>5|rw5k!!Ba{+C`Aot|eIW7l(|6l~j|>yCd;86yYmP_}{N#zvJ6F-nD4b)FLi
zM<kYRwGdGJ*Y>&_Da9_gSHV<@FQIhpOk->A4S6|AFmFRJ*~Ono$&@xJs$%3%VPx|t
zOd5&_c1H4mvm+kp<_RWwE;Bw(gQ$u_HT6@vG>LOBKkMt0UbG+Z#IYzI^M7^=lrK;X
zZFA+Mg5({PzLWH=sn#Cquqnb_$7PqmFzfVdy)L9`NJt%I4P!4vUfe`7#D$x5DsD$j
z9p2&kpej*lB=sNuu!3!7u#Y-~L-hSqFNqszKF`qTm*BJs0heUhrO$;@S&VdpX#IoI
z<7Kr1|Cl@Go(;dmh{A`)nUQbi=jL0EWvyg~7p|%awgb#B(vP0JiW<FKuCY9EiBuq2
zam(6nXF%j(-m=pgfk8a1mn(&uOD1vKO@TWhffbA+x61{m`rT3wZs@0t1V;l7W%QoS
zAg(y^CzPpN4ub|3$gGnjaoj2L-)*!XSm$O~n?Yl&1Rbgi;zEz9q*OA&vZ?~oJQE@h
z%a;A?iPg_v+wC=@jAKcqOh}Z(lYH@G($^6w?wtA`>j9eAD$5R?528V3B%CcWUn$KD
zoe%3mWem6IY^D%Xd8}(i<5-qt$I1@j>FYljA}G@}>)_IbIB$p7Qpw=Vp#2dOzl$Y~
zyEffCX~&`pKIZ+<`th^3t86v*aIji%D)GX$?7Fu+9O0k|i_G&(m-;lpB1}DqJ7|2r
zb-P1$%8R`~{5k-iT0k)G8N^^PiI{07K_^C+>Ng|&DvmS)PLVaPV`b9twCPK*Ho3hC
z8U7YkbUUSy<vd1+Fw2&XXe}uoHGwKOO=<{|G7MEHd+Z527Y>0v3v7tflrCjok@;?E
zX8t_yh`@rOf3x4qW4lgYp#+_ivbFlz$ledTc8}K|wsnZWprCwu{EsPKYz6!+uIHz@
z!wnlw0P(Dsj|utx+SKaGj8@Ohol8EAuRxQwkA33yjQRWbm-yjv!AFAI5D3j_xY+%<
z%d)xBg2@@g0-+CocD_!3@|Xq)iflIg^K3p;{`y);KbP{PXakORg*Hk-m{wF6slTop
zRsApIJN1dxl&@mzQ4+Ki-b#>^#JAw%rU-4UFb*>2Fg5huM#8e;v9%R$C7|;$8wrUq
z&j)UmKOd$@vyti#_#I2?u&$S90Sg3=%B%1Xql=&H8x#t^?plO-Rquh*-3p<!*`Fuj
zKHra&OLkc<%Ux{k{EF>DN4m&{n#j)1m^rDU9145r9aSx{F<JfHbfZ+J{{8bdx?r$-
zq-t0nG#!RVzo^q^x5bGQgz`N?{V@RXXc_RKj3veO&E^U%=0a^1thuxhi*A_DfSUg*
z&8lLgvt38(H^y$zAGB3a)iL8-<}2u#cUGA&P8CA8JQbbFKof!QEBVvFC;l^2--TOS
zx3u{r^!2q%3kyv0y-vuhsK$^<JrCj|l+~L#v3jMz$I=>yB9?P!N6pZEB*j2OHa#SG
zRSEUvCrwOlwZmUN!X*<JJx=Wd_d$d1Mu?ohMTvkNW7tFk4kol5e29)d-1J_YPk5;P
zx0=%w-YS<(ZUhRD-4TK^d9nbfAQ7wK$A>hee@LB->QzVA_)~OsR`BBertN_r>8HFm
z>CX1~1L~cOqleB2JGjHe?4qkjzRKsebEn_el-J9tM@L4yd|qek`BTR;2iovb<r#iB
zo*0~6QGdAJguqGVT4n=t$xE4R?Z+_gCY04%snnt8z3?f~r%e9x;$HC#G8!dl9ak@@
zr>P+kyK0qH+Cx32FU<-FtoKY?e(JKoZklssXZMHa*S#x6gyq_TEgL`&sk#!`9VKYX
z68IyM<)3c!pCERss&<|WvvgOmwrn`Gz;G}6@RBtn`HSig>wYb0UGqXIJu;`MPX7Vj
zE=Ip3@js#<<gwZ`woj038U7NC*m-|+^6J$_O57w)0BtXPWENEx!?I7s&84DdRA(1D
zWMCWLT1V84wtyhjil&3#YF#K%RMkF?6OUWd0S2-a=y$~#M4po1xGn@zyZ$p2<xW~V
z_<?`MT~1rl6t`>c`i1j>pu%o*%l#4ejB~@|r@y>>Q1|-O{8Ec;5`XUwg;MxMP{6@_
z_V%`P^t5Iy?>8Czu|kPbTcymz$B87God?nBEi=5o)bXe|f;~&^vA5;UGDZ$^2?>Bg
zKQ}B3Opx^+@+2@lxiGhK0P4kslPyE@qT}!muRhT*{!t7JPx`yIV_{NehsCYlP6J{Q
zz=>-<S3Dn!^>^l~(2q)`44EqCFbWoe%sNW$4m~a<=EG361Q!oA6@%YV(&HDQ&I3&i
zgA+;y-P>p!%abq)6Koq@m^*!!e_0`OgKjuyo8cO!$X)Nn5F>vyHpKs}0~e#lQmt&!
zpIgiTkjzl=EZfxH874`)Rdt4%xVeO5lm~tSdLVy&*C*HOfU7oA>qX(IoQ~_{Le$q^
z+)F!V6NB0_jpoeU%dBMF5n<6Yu*xomt2eLjirGnQ-!EQ$o-2Vtih2_9WIWqso_ubG
zp73Ke?P^k>R7ReUJgkis1}elH3ol&0#O9P|VQSxLs6`H>`#5APl(e~SNM_=@cmhC^
zQbN`1+Z@J4Rf6!R5Up9}+Rl^+?Vr=;hUbe<*Gdb!g|8r1laCFOSs+qx1!W&&DMlm$
z@_mQcCF6hWy+8%&-^Fz-=au^8Qt@S|G3DUfo|S23MbgoGXNJ4@Q?Ms(?8b;d^SJQF
zeERpD%i3P<>87D*H6N>#bKR`N3|=W`GM=|xq-ZwO`D;^#pCipD2gUE;ug@>0V-Bvb
z^qbHg{w|e-_~exNx*EU5YHYmF$dBZ>20dy<ghrY?Xy(J?@=e7b?+j(h1D774oEN_f
zQE$wS?3rfL!fR}8krV;%-a#kG60@kT_S@P^MY0izriQtl8S8>}yy)jTKgnD5YJQ*Y
zOrqFaK!cCBl(OTT$4eyEKW)AiT;2+?QyVb^Y;EVn_hJ@3<l~C!F(Y+W!RJS<&!&CE
z%3&5C^W1MRtCg)vesmxV14>3m{HkYl;CxuF!^okdJfXZa9}`EALEUpWekaMGwZCt$
zqXYq0ZIr27&+qZ6%DT6dP6T0b!u_|`0w1cw?V^^N8{C;D$eIJjL$|1BT1-;OUFeFT
zt)9oIM*Vkwp2=NsE0eS{qO2c5Q3Vo@<};>&9Bune4^pjhhXhuV(IQmSV!pivsRX#n
zJfb|_!KwW+(zc7!{_pdHEgCM>*utE;avjip5s6rcW6hUCc{O%S<w!%P8G3=VWW8bq
z0l8159r%9vna?-z#}Tcw30H?pHEyucdlgbbiY@RY2!!DSR=~F^BP_xr6(iU<U%(3!
ziAAeL(o+%gT76DQjuak|fA)MGf1yW4(xu=@$|t|SZ-oV)X2Ni(sNi`yxW6|)lc^UH
zGkGp&J4#T^C9S*#s;Q0IWw=h)e-1OxJ-n(K7KmjJe-&t~x}k!Ip!+<Z2L=6wtr_Ve
zglcuanx@b4cZ)d2zg5@C&Z&PfAy0&^E*o_yVkViGVB9|Kn4m;^Q2fIHC=2b3)AT&i
z9>^^@>0OW95)~#D%VQ}e){!XG2>cF}q+i&Cgi9T7=6uH2!_!9yTCM%M@k4@wf>j05
zO)c1rirgJ=SZ_``kIgOKwfZgEypRj-nL6EU_Z!_{60|kl?<HHg_T-oNdOh-@jp+<N
zf8?}kwd9dKI+9#RN>V&ZaQ0iQ%DXBfuTU}jhIz%DyBJ%7obq*flW%HD<m(D5;VDgc
zsOm^Xad1ptg+=@+Eb<<eZMPm>y&QTqnx)h|w>LAj=#bWXF4{WpW}0D`XrxrDN=s6g
z2C>el*_7*T6O2?MoPgDH9sS8$k5k{+2%Fr3Q5=pAO$3}rKY8(Od&O;KZR#Scq|7>O
zgA8s=5Ia~>F}OZ0jRRv?h#rDz@(6qgp@#XOGGJPn&b{qvCzs`#nPK`SWLjy|{b|ne
z^?+Qreh|3_33_CF7kRVU-_l(%Vwg^k$SR#j^Ec+uLH`A2tV(%(nEM$CgKEp>?;H<r
zeC1|got3=}Ig7wFX37`V5ot4<2R4_TNsb(8I(BdzT`v$IV^6r3vdfr{4m}npW8`r&
z6Q9D1lejj_nhcI+RAWF4su_8{SiP+H3<-f{tF@*|*pv6ALNX`8LxxPb(;%eZJK?%G
z+rzJ)pB4IB)0RUZw<Se;LcbC%2jhR|ek*ttf!4LdZ&lm<DYW639V7eG-ahf;RvJ%o
zFHT^5iLnhx^W8hghJ?JZLN8Ut^C_x_G!p3$0kadidd(n&7h%58?Hhv`1!U8@N5WQ?
zC03kZ5kAP!O9X%MkNTcB^D$x~AwuZ=u1e^+ZuQC=Z<pX7)?3BcCsqWJ7$n&+kVmr<
zU3o0er``*+@0=aQNcNX2`C;tmj{e-=_*g@`I^Bi>195ST=qjJ5$6t8XE2!jo*Y%Vq
z#z;~!jbz!E{lg1~g||QsVBjqaxa9Qs8u#QV-KID?<;S$uBIDdL)qRdm1j_Indjv`)
zBJAB5!ZMyQn;M~CALl(YC=NeJ@GAJtBg(^f25=UPsK}*j2Bo~LA_hc%V*wDFit5-t
zWl1W88+9x5zH?=#Me)Y>V`F6_E<hG7b-?ERTg0o1C9;@UBoK9s=Vzs%yM3u&LgecT
zu9tFt)6hgu<LTMDQ%$Rc1p6+o(^rkvhGo3&mu<a|89ZkIIphgSD)q$i2H<532?z2p
zkQ*m95=uTv${*yJfWzrbQej_KVB9!Gn~deVax&nTtd<%#(myhmOUhFY;%(=Uz+gma
zyXZs@2WrP!ynUoLfaCGJ%L+Jn^!?CN1m92Pu_sd<zEzK?w=C-SPqF<aRFF-}9tnL}
z78YstW)#HsMjtz!Xp6CK(!bZDyDXnFlHh4G^VJaNG~h==OvSm;sBCIRqC^Pn;Z|*e
zUQGqRipCz&NqGpwA5M{OI`7EC4HrQ^H))t{Bt)bsfa}z6sM<@E;Pl4Wv-zyi9s9b8
zdqSdOQ{?=4vsO3zwn`&m4EhUajpw|yB-wJBLz&nm6cAp&5TIT$Jwfc0^n`4rQBy!g
z-#^Ca3x5VgrY|Z(am^RD@1Fv-`==3=WN~9B?Wc}j%M+&kc-8Iaqwo{CIB+$#+0Xrt
z3(L_>Dl&D9X|fn+KXG;8`Frx>ow<c3frD%6spKDSUHK;?@2zTW7eqZc@;M>qzc5%C
zsAq#dV8BCK;~o($HR0sSIu%p%E3<vm_k^_0)^Pi;L9_4na;VO^f?3umKnBbdU6y(u
zV!&g*>;avRk3u)z%Q^|wU#aXo8!g(!^+>XZnN^ZENTIJ#$-JQPgpi_sl=!$w^O+d;
zBhXrdK;jAKXB60p?MKgfnQ;5Flb4o(D9J{nJG$e`!#C^gsQ!d?!M+L${3r~iHGd07
z@kFyS4g2TxolQ)LuxV~9&F@J#_@G=lZ`?_<ZAjMc%BN-Y0~6^Mufzy0JocvhY|e+t
z%;p9U4hVvCp8M+6G-S&nrx6deW_#WR9q(^gulND0H;;8b>Fc!3-ZQhFlOO0Lj<Foq
zvvzAECf8Cb%u?YsrP@dD<&of%9b~HXfx{!%hs}cwKg^gIMOxgkvlmO82@$c~&xh?r
zmG<+lPocv(OdWKI_hcRztwq0><}3!jvvwIY5)cP^n|PW2EdUh9HBL8Z!ifZbHr-tK
z8<)9mft*G!=<Dulj|n35PCsA2+`*LYHt(o}hIB_K_v=LE+U9p~S`Dz4ws$quPtZUa
z#h@6;AF)2FZ>SB1&)ydDJ3g6KL#XFMY9rA#QsmdzSTMUfc%0qKx;||$)b3Zm4DT}A
zT)|69J>8<?jVd-HWidOUOSkbxTHW7*)2OkyJyJ6XuZ;dw9LOMkI415O0~K-N8FB8e
zoo6w~ouMJc6u@}Zdm8#Od9w>22P1gB3w=sf<Jnul0+W^A7^wY{7_&bt*8E$UgL>FD
zoj)N)4R+T=hhw_=)y__`(|<4EJ3vx0UfCqPQ}F&Yif)l4eOIiwQ*oDTwdJ+AMKub9
z9I@3pHT$`{)zhC1H8`Z(x{D-X+IvW9)H&|E_kH`={l8uAbxx*C2e*hnBb~OtRW7|1
zSIhS%1w{AJKtM(HP{tX_Ift}cL)kQx&*|mJG7!m?VK#pD%T8sz=qfAZ0U;s90?vpU
zCWzl_f#AlOhhq&CUk&)$u<J$PQ<n33_qAZ;{o7oM$^eJNzoi()r5FfnHeW8A$!S}?
z#-6xgFHv!b^yWKudR^=O^=zunO{3B=UjOQqI%(A!2mT|-Zzk06yB8Q-!46W%E0?zU
zw93qzH#2HXbFp8alpH59p)$?K_yPU9v$-P8|1CHV(F#!SOG%&_#z!J>riQeSX&&vR
zI`cDuY6*H)ci}YRRyzl-2ZhP;N$(<TtLU`PR$EnRB{n5&XvpR^l~^a616Nw_E2%!r
z0s1tiURRbEgh1(1Fd>UpC2!v1g!rs|9b?#k^8Z=e@VFGZgq2nk1hl3Zubka;ZoHTY
zzOY$lPrqK6D<HbN{>2dzI+2i|hK<uMB^*G~aHcMu&Y1S)o(zH$27Rf3lLrm+i6K+5
zUzD+3_^P%!&Hi$9VlzKNbu76zJ5Ite63w?ibHz36$vfU^=)Tf7Hs&-WQS=NX3UN^g
zIgfI`pY6DoWBBpy+S;(c>KxWRw4Aq#h{wuRnDL1xa~<`JSMERvSl>~@GkoGc(1?}V
zFxW?;OM&TmkWmIN!kb??&)Q5`oYR3@w2olo`3!nM?n`64dbsR?KTe%qF;(mnA}`kJ
z68(Us3=x+Grass6h}@&KRV@3>#nq`sPc-K}K_9JU!_AR0<`3t)VORD}f>F6p{QFi8
zP9E%B#=!n!gHgrE&7AGb5r2D()<<=ThwtSXU}Y4Fo#TWcqy84FtYSl|obRJRKU^u8
z!-D7djNxsyJ+U8Y9Y%-dEf}2Bn-g@b<OM^y{V0z#72s@p|GpVnNbvxczH=SfMJBsJ
z!2qo`)pb;{7MB|DiV);W+|*D`^L%PKVO<<zqeNixxiUUZR=X=Dq_;##HXlSae)cqm
z2vOrxH+P{2ocmiCR|sWbevlLwS5LN4!%F)p$9QBm(r#ELjayJSBok;%|4@nZVPtKK
zCYX3!ue;Zlx#ub!xbJqn6S(QHloqh7h5ev5U0kTN?dW7kf4cpuun_CCdTr%kOgRyS
z92l_p3I#AWA481kfLOu#Mdk?s|7iEoLMc@@qjR1WDjqCNE~HMr0~MVAGx7>|o%toB
zykT#H7e9&xM~O1G4Xun-%6>jPJgzOf|IA2*O-u2+1&Qp62I9&`i!!)@Eey*n_vuj5
z4!ij&vVV3Kzl6B>TDb(7&qCGeb1v3LtQ%jm5>{@N>9op>?XNUnKaK3TZmZ&L`r}$q
z&Fgp+JZ$#Eb@P;O?zs^Vb0ehB6=U*L8L_vvG^GVx;rLx>jYbo6rDX^6w)ZhHRNZk1
z!*^71ILc$$W<F`|IxoTpEDJwV{DJ;0Y!@V|#Hgb}j$zx6DxSmHzRg|QHxjDR`|(Pm
zu|0_PrLh4H)Vqi1Kidk_jOju((3r3md68L1ZCv*m1$3B!2_H=v`{y7}Fj0}4P|Yh$
z69HV@kK;iZVcYPk4%}z8sI0==olPmOhiqxCSHh}Ol=U-*gkQe{M|o6Wrx7p*E7(~n
zB+K0A_gR!_wt1~;X&Xt|J7tpN0r&bddh=fT9igkX#mbri7vuHZFEeAroS?2HC3>mQ
zH^kh8w^t_}r}O-jJUoa5Nl8=XCW)p*ans>gxdR5bLEfd#w>j*$$SS;iPF7K%dvrr0
z5vRpwqCz=<gSl=^(?TGg9~ON$%s@xf#~%-ucL)1Ctr%KBB^KjtW3+@F{EfI+w$mi_
z-uc9^diZ=(Z4<<oH9uTEqT>UA@1tb)r1F<x&o_?RZ)%=vh{)Z4ZYD!4qTL5EsQm?N
z_xQ&}e|vxEO0evPN6-p`kGfbE8-Jc!(n9M#Atx~jf29L!aByIzcZ;50jps_)bu>tA
zMj&;EXY|rn4ysU;JN<q9CS$R`X|6AVkhA0I;Onl!sFnaRMQE`xs0>&p<&s`98(ThO
z<@Ka1)T53{=D~n#a2P!T5~2}D?oDaZQTsQCT0sg_+yvFX6I#KcLaT2+WcwlG=$oZT
zp^>eRR={D@NOc&h5r`d?Bch^ycX1H@ewg`)VJlpP<fOi=K`NO^7GKap9OndNL^0sB
z{>;#Nc&Mh3WZ<GffBRhcakN_t!{1sZ2xV8TPa53RrMy6{Tyxb;WRU?CNMR;a+B{Z3
z^3A>(8K~1O8t-KT^{7GKM{CkMaGJlxIw)RSh~|d&LSifufP#yhKi;}=LgvrJ>&iu2
z6zdMI%b!8LUZb?lt#QmYE=3njBZIG2AOzej-l+q7t!?eK&F9Sf>z_Z<>3Hj!-E0Kr
zgIdi4^DKz4rp@>8xU9O%=RyjnzkfVh^(?j=t*3^Cg*9MLVki+?TV8$B{Cy?e`>5XL
z_)4FXn~O=K7Vf~4r`xzepyGUsFodC3C>5q=3>x)q%S=Jm-nGyh7zw~F0=&J2ehYtA
zuZsd_mtzm*<+(L=T1_-)Ojv2%Ai!(9bL;o>!N9=53UiP9^vSPNR^8xe1V^J{Maogy
zd`AzDm^eU>+qrw@G+E&6Daw;BtSI3S`6rWEHuLy&VPT-{vC(Z;(PzPpryADIB^wRy
zCq?GNjrs0w%Ws4!k6K&I7ppnD=AHQK9p!zdt-9Ld(z}<lyXR*mq$IMu7eP3_h-0R*
z8NQrpc_}k{s@$4Ztwb|8yZepanHeWO^5@^1o|_Zj9&L|>`s$TPDZNLEBoz$Z;t*~N
zRW@tf$HT%3lp;&XyG->w+0xl`VuwemC7`q+2&tZ|ehKiAXJi+64npZJ(|7pD@W`Y?
z2=n!h9aWQh{!^dLQ+ORvXI*yN>LZfN3|DcdNYX@OTeh6o!JW)~$M3!`u(Cb=c&Slz
zCG+~A4S_?LdH4tvoANzcmCOXa<Ux{H`?SMGncI$h;gvD7^X{B>)@5&>JMt^+=gVos
z_)`Zo9peR$n)ISRzUtv|Jw#kcy2AjekgT)83H`}gw&`h`6IGA2UfB8p7}M^o3u1D$
zRX23p`x)o0QrY$S=EP%=5F(Wrxi_34O3b43`ulzp!r^&W|AlcsUwR3e{!g`n!JX0N
zp*ta^kr7WDZH*?rvd?_$qLmiY$bkFW(IK(uNQ3ki_oHR0bV|lqcg~Nogr41qmGwDw
z?wYEquieey!81%776jc5z6)j#Wq1h&1P4B2W+r)nrWNw)8=WuQ>P6{dl)Un8?2gVA
zp9Vy7TE>2h9WKE@h6ri?QR}lqxf-)?{PvFtigD?W6cnlAdGsq{TLv-8T5-Q+pmO)E
zz^5HS4R`WFR4-&i<^%e<y9=jhe9m-;LLVdXS((b!;39YLrAE*8Poj<nt}8gL$(qmk
z0Lc)E54)SVHO%|gET->qz80*!w(aN;uS?7wyuog=+05CZgoHPo+cW8xAwdo=+T#wl
zW#7C+_h@;?3hoEm8@GjxE3^eSob&LecC&OCa{K#d$OOE&Nt)AN&X&axmUafsY7>jp
z7%}V5ItTg-4A@*3S~H*wIpFEGP5h%fZdZ$QPaTA>(S3bkgsx*_zXa)dO0C><QpsJ9
z^`Nb+Z{*Y_j*hTqzT2@8igMtMqX}<wAJuba)o=V9&id;%gSWd!*(};lchM+n^qaCf
z)6G5y*x<`K8d_RBPlTxNne9@HyZG5QL_wOPi-($oda9}ql++dO-C^0vB8%Cae*XMw
zey-1qY}XkfN9Y=<`F8nUU}8KXqV1p$FT+bmH~reo)YNdwdbN!9$Y;=6X7%Q19ubkP
zKGCfI5~-x|C~a`>5iD%!Zf?nNzOj4yEKnWO6K=u~NZopkbzc>?1@AW?jOtA`lcJIF
z2JJTm)q5W>Cv$g}-zNv><w>XC^4PCn!y^-|+H?4~=*Qi;MrE$d8}@!TOTud`PR7Fa
z#S_b7tdm;DTRb6zh`b+Jx2^tzB!#+K+<6yoFsP^oLKzV8PY4Z=^H=ULE)52P-gPpf
z!wp{^ocKXR>=t?z4~w)uM%tT_&_<CKuB2V4*KOcOsqTLMoVe^XKk2*dh0-a@$a#xd
z$d#PKEY$34>b73~7~k9F2&RHb*7dTE{xiqwUSHbr#InEO%cJkO%oms?O*blKzBrI@
zQcl=e?z?@bd9oIkjsW+4rs_eT3ablW-5tded8?yTT)0BrrYTFvh7R*mK0R8detH_|
z&fW2MQ24nf9hV3+W>9%+y*pD*_+)Pedol6-mls}@rk9C01xM?12QRFTP<AMx&dllE
z_`Fu=Ui#G;QzArmYUCI0{YuEBb`F8WtAS=TtE1BgSIC_(8;d#Ki^-*)qcYMG#lb_-
z2E;QBnNteHc6y7TcSNY>K}-I-gM}(AXIpJ$E08{DXqb6nIZhEy%#}B_$MAA5#Ey8b
zs`%j-?$Y-0dEvAt?zOfZkjeO3DY1n;e-Ybka{MF-Tbx?uyJ<3gSC+{Gd0{bz?p{+Q
z>XG@5)Wfm%=U*3jX#Ex+J*?zWdsA@(H|wJ^nJp;Y-)1p}Vo$#20zwhGDng@BLCJfB
zRb__}Lj^&E)Z9=^J(SSj<x=Y-Ju?<ZZoGB-8*k*?@OAlUU3cTa)p)`B?VD5-q3>Pd
z6M|KuiSs%egO-KO`GVkTVK<taI_F2#R<ogv0(*^<a)jNhzmjc+Dw|H`uuIw+=J$Pi
z)_6DG8yG+m?iL%3t_vr(&~Y?po2)9_(Hw=Y4vQ$Rdt6U4pODV3|N8ZedfcJe4RF;-
zeXshd=1)@Q(rjP2EwkQTUsROD#Hacz=MGxT<jTAK*m-Ut6|fpNeeeMV$Kn0^Ox(H&
z6V30F`ag#PM(%hdud9oW#y%kko(=Z*w+B9bMcN%=t3k%`5pMQC&YhsjQo?-Zfq~jG
zPA&o2T{>I!ZLd3=^oemM`rT;M-T$NNOW>hwyZ@!6tSv<Lr0iR^>`Ib--x*2veP4%4
zC~H~EzVG|aU_uBn_HB%v!C)|rvCseZzE98l``@2@>K4~r%el_^p6_+8b5Q#yGr^1I
zXASP;Lut~Ln;|SWe6f#UBh%DQ`>`Ik@2&e`qPySh`!kBUOkNvX0N4NQg;sbF2Vysg
zQyTK}s7$9kK0yLowJLilG3#<k_4&2sqVzyZ=n=}0j(3^CDF)kq11BkedIQK3=Nvk;
zKq>|Fy41jGlx6`w**}lLlPe{tOvJ>vr5>C*=gq2lrak$6#vl<+1A&T=2(1FuO4R(#
zm={T!yK`-(VU&!Ex7C?s*3*zCNo-Q5s}EDWfU7XJlP&Zq<^j?v4ZC5JH>EAA4Ta&q
z1M$%V83uZKfza22FA?VibfV~w?IDU5SY`(|<W83`+^qlCi+G2Y<;jtFfyE?<W~CCL
zdfL<cnF3d4ti*i{DQ{?R^DfwxD`%_mC8B4??OaV>`uXPL=oL5krw7S9xG1B{hZT0j
zFQ!~V=C3--J3D7sgLQS;-WIc5^FRA~D$-G$!?7{p!?v8_Er)TaRP0($|I&p2vQE3h
z?fUbmi&Ay?tPN1TOL^S4%nvXmgAI)o^cz@OV4}(W)78fs{7@9aE@O<?RIe9-kwd;d
zC%q|H38S73t%qm+QI#_36~{)pdfmfcS8h$!T{ZUF_`GrA<a+e!Fa%#AsmQ{?G2AwX
z3ENG<(u+DjE2WTjn>tc-1*1)dOU}ttB1m#LmcNGY5-p}pwQjuHN8*LZrBBGZ%vPA6
z!H3!ety>SVI<ggfbkrV}pP<;?nX69ly3sl-YwM+gi$+$_cE%i3V}}_|iY))t=i{4}
ziVuX@j%s>cfE0sCd?zn;zCSqEzTPtb^u}YIXFsHN25Cf~J_Nq#E{$7bi^g?3bMzxv
z_#(>XqR?oe>Y3^1m($6IB1ZE#TCQ|et)G$|^}xRFO1sI3{Q9ph<|2N8m!)i|g>bit
zy?C^?b5f>cHD3AlU`=el95V4ybHW3(LZ;Pu_HJ3_l|kL1lgXvZ@~`7JJ|iV~{X4zU
z{-rNh#0Sv1i-LXj*JULCV~fQqK|>5&WB1FG$B#+KQBz&TLde!jiJ6n$*D5;#M?;)W
zholMK6>&JdbH6xK_*Sm3W&(ZS^F|Iozq{7?FufNc-JctHf*O<gv7Aqojeak$C}2BH
z>v$XxY7Hl5kM73v9(OxrURi`N-&?A0Bz@VlI~)HgoGF+B15L@FsQ|7VPPh5U61<++
zf(naKoYh)EtTQ&twi%?(&rnBBGnBgxK#9^96BVHe!uZ$%1`p(o!Gn?s2LucmC_|~k
z#NSlR!o_uGFjce%0HY$Ob8{w={-VIdhs7`uL%PIUB)BDs(XF!dVu)!o9jC?Y)7=gq
z(tF2iw6`s?ZRa>Z9#M*!zPITwX0|{Lk_;OYcu|I##u3JTpdQ^R`+PK|O)v!klf}-E
z^yiedggVc;aThiTwmPpyCqx4&!L3~@s>4~YRN(<=`N`eJdGVWGs2<y($^L_*uDc=w
zB_;m9y)NJ-vipB9F0W4@l}&KqK5GaL5rPlOY7@_{`el6E5bFPV{d#y>nyINz7t32~
zD~AR~(L5+%9JinXJJ8u?XrT;_YqrrL`s3kL3!JIRr)<66MArxuzXp!Y9zA``!oa_p
z_rP>S|Md+WD$m-KDiHIArN&>snw3lZ$}Q8oF{FeHGkrh4r^}sF=ph7I%Y`JDeyN9j
z$s7?RtJLqOj-nJs`a0peZ;_#_)*G?O`cuNaz_e|FVj?P{*VX6)62`B;lMcW^uFk+;
zl1-LLdY`ey(A-zL`LwGj>Nn4ek2KfLyTT}b0%+5J2lhF>P&nJyBDHb%d1FQT+(5ZW
z{g2ti$i0p-*gndobV-vcufW`$xJ-eZxrBTXxT_$zlFKjEAnAX`cIh)*fL+`h&EV^F
zmA$`l9c3EQvq_bPM0$E650g!V9hNDUfFz2afGa=u0_Fzc-p{qD)LxlG2tVxmd%d}B
zpds0LoU4Is$t=vvUs>*c`?KdI1YV%-cY{*KSaVhyu=242ezOoE#CvZGOEj2_QjHD?
z8e#@6AzMbZST<Qp0x*^N9^c{g!rLbn0}bgZqci8uyPFg}8fjAH#}L`W;TJ!}K6L>D
zwdk#ABS;g|W_arPb7k5t`N`{gV-ZYhrAZsD2a^A%qDOmYGbzm#g5V1HVzrAEr$qjb
zf<ZViG40J5n#E8X=Bb24W~r)J*lSZN1;;ao=5@5~lkX#KQ<||TQC1$Rde%CODpa-$
zQ-6&B1I5d#3Cy?XkuuAE*ZI5nwIqZ=BG)XVlD9ZRevAK~AoDZjcLdb82r%y#EXpzo
zE`fZJ0P_*!htkpa{SLLWfL)pIao(S8@AN%>(tRPklp)Cv83df55quJ4ZXookHi7MA
zo#5z@Uzk0C)JwbG-cvrBHn%bFOjOVrG~XAX5rmz96y!Z(=0iY~2v9?^>o7e)09eE-
zFNn?e&}mwyOjtT}5n~DvM)n`v%)XA!htBL!0Qq5iP!gpRBq1G|!;5QS#7b0`7mfa)
zeeMD^7(V%Xp?=s31ApY=-o`GNEBLzCc+2c=Z!^UHzyVNA&~BL)cd+<8*ZK-lM00$B
zzR_3O++DfETDa0YcBJX6wNX<39rM(Y(3fQRvjJr_0l*`7zCX&`NVZ7{EGn=ji!d+x
z{iWY9*Y!ESSWEN_ggIT3I?8qmh4pnEHI#a4$HQ}vG=@<&v|A;(D-DLUQ;syampf8q
zG~b9f&xB`4`5E7hqDc>EtLhZ%SVc)MidI5%tp}y>^W4e&d;W7d!KLpAa;J9Q)j%H)
zoHEH<)pl-3)4J@e2mvRb|2)bi!>`<)B8k1jq6rhy*rt8XuZb_klx(wnO$ASBXu8L-
z+_*#VOfpkMF~)#&O_|4%(Yta72*;f|EOFoZW8}FjBd2pH`CFyfR*R}Fh?@HD8d%+k
z;FY=>wt07WDc5&-)1bBD?zJmgT3>0Wp_KZ3cxH9x`52Sy4vL?`!@_KnVi_ctFs6XN
zy#F-F@as8-GXiP5{=uso_7yIe&8yBhAF~#TTp1x|&ys&`0=Q`pczCF;hdk4%XlEsd
zSiQ3rXJexc$2pA$BD|2V21PqMo&j!sZa}le*W+qEJuF9kkT`(K5E6n+PLJ9|<v)-*
zD<8jJFEl(HP_9INvARi4|I?y#T5B3|uCa|cWM8KLY1eSyAMTqeW)8UafLALH@^^kR
z#0dXveh(H7GN?FpR4(7BueU@pF`E$LnI?yNneJ^JpYRWvR7xZ3+q44ZV;kZw$|E2a
zd1aM-2kpI@Ge;-CBlTK?U*7pknP?f^)Ff)UPWHKq2~N-(w4kGZNAF(m1@+~t+%+J?
zwV$Q+a$A6Ufsh>YFI-|Qn3q~qd3kwnCetci5#%9K>oa-`86LUZ5zE-pjgvAS^rKak
zH}gKEf_q7jJzUse6&xIH{@_8!H(WPaRD160c}K;sJMtmm*x!|U+;h2u3%UL-^n%w)
zgUvRyBwDLFq0orY0zJ}L_elZ(B%5HUX=xX$2LXSyDHFN6YCn1N1CWph298*XwKOaf
z1x5%;Re%M<!14RP5@=lahHn>@pylcT-_a3-=T4!a+jp)u9IiekXq8>L%l0V$XwKl)
zHPeN1(gx?Fw$ZNrPS#e_tH;l~>cm2)xARGP0&rXJKd-zDsH170d7N1Z)w@{W#{0Qd
z;tx1r08}0HW6t#R3Y?PyIPrg;{D-T-KB3V=j-~|HuB=~$b~IpuT`9TQOLVy$CGo_7
zt|55#j^zfZ(x8N?M5cqU@GiT0_QEYEPVDxaRONd;3%kwaTX*lSfk2q4g{GZ~(}<a_
zU{M$NXA@^;N~5@8hyf)T!!WU!C;9_`FGb+M1Q>w6MG(pIx#5~!ZyvpjmQpNTM~zmu
zSsQ6l89H5%+hu?cZV#IF>Zg)(8=QYe;~TF5CP&U%zoB*kNug^ijx8*ZGF=C|Y`dkO
z9#^kqJlunLZ5o#N)t$RVjoHBLlE(P0vXn|ufsSB5Ssv3UK<~c<+z_Bnb9fNgKj+ko
z@isMe@yyU`fyHhc_LYp&#}GK6A?E#k9$$WK0i`^b8p&RuGY}*7DvGh%i<h$fD=Wyb
zwa$HasCL$Im?niaOQ*B`sI#|WaA3oY>u)STWI_|HDM4$yIzC?KHnpCK2N;Sw956h^
zJ!X(~>qmHxt4xG76)=|O)dgBufn)zgfUG4!QUk@@6~Pc{-P=Ibub6Z4fKjMG0~2BP
zGsT5))`N%GKNR0^ctS<>Coi74-_xMERzx^ZWMHtS%+3EvPgZ&8Z3BzQdE7e69q=m|
zWc`$D=Sr+F5nDML-r-kEC(F9-YT${}E12JjGWsvQ`dR}Y8TtC<kxk#m-9mMT$?l$)
zrwq|^Z6-E@?%v)rip>EJRqoKy++5EDFR4YP3g73(8=@$>;q`WUOCC|U9gkc^_#q>t
zEht?kmpmQoFC9kdm1H3sbe7QT7Dl#<!lnWBhdO#>lP$)~2de!L{NJz_sX>xG^WfRz
zpAS2`SdN!`z5%`<urNJGr|h|YaHb8}KkBP%c30;r(j|}PfLfB6Z|8jmv~I|@B6yQD
z6L6!rS2WQmMRFz1TOB#1;C#KWaH{VUzxMLQZzI@oC#eG>n;n!{kd8N_QaEe>6EL{2
zyfJc@>EV6=uJxh@T*;FUz^a;J)QV80gs#TF6W^kJ<9I2DMegGwLpX{~gzp9`fTw;T
z{tzALw-TBx^J~WAiGI&4zH&dHq!zG|SG%BT_-X#7ahZD6`GhcL`|XVnhOWGweqafH
z!z+ZCJ^Or9ynV1%+{jN0tgXv()pC_-+xmU}t$0{_$Cvj+@2%1$1bw%&0|ZawD}~`o
zIiDt=d@rs}oeco&cIUZHRZ!QucBV&HO8yNV;r>H_Ndrn;d+n}y(D1#P4YpajWW)fd
z`Hn}aN|NClW>ZQn)2k*bUv@|Vnmv05hEr>$2Qb-i-FdUOW$~#=+U(bQDMB=chR@#-
z*TW4v!nP`4FG=~&f8gjA%HT6>BMf|LMZSFb@Z?XdlmL?~Kc3OLl$sp~?uh!y9E@Z9
zhDXE#KpqNFyQA<sQ<DDnlErQVkc5Kpoq0_4+f9<dCnz%<!)3xDBr~*U7{0rIWF&Kh
zc4)G4mBo241mf<3GDR7kOw2?4%&ANjfh{es7$dK2+yZez9U=_dtfj-qd2iHu`6F*^
z6Qk+FPuZh5H{hE>w0=mo!RBDYCR)7T#Z9%fP#}9*Vl;oOc@X~U-Ck<lNZawE2N`K+
zw*WTqMJ=M!MK%Of36?!^pC`=hRa1dpgLJ*W&kTP5{@g!T1$hnE0`O(O@%Hz6RDG%5
zq0rz1Dmt+U9~U81h}b@|C7LO>N0Ea5BVIjVrY&%9(V{YV?0^FeD9q?a*fWBrjg@u5
z{~>SQD=F_xZe<a2NbwomBH|!m5La^DHd&_|&y%y@Qx9S#Az+ax9aLt$ruBhCxgu2v
zNT+jSLQmZ+a?{sKtHPq_b4`cCDNAjzBD=vyHIs%F?J)13n<%^=-6gFm;blt<FbqJy
zEny8JuWW;P?WZE-c8qU-x<T2M@%)O7-8Ew3Y^~g|-AeR2I12bVh+>v#nK|VcC;(I&
z+xONR7JC7kWMl&G&T(FG&_DYGm;+0I>-mOXQ*FhBAz#hogZA9MpKPmWYm=xxt}WOB
zD4696t%tX7-Fhd}=Kp%9U!f^maYp4`^3S`m_5%whP7QD5-F{#mzo)qAgz&Ho7R3b&
zN<6z&wTwjXcLbZu<0{hkR#(HT*3i@`a`XhC;DDA>KfhSO9VlDai?ue3MM2&i=N!{Y
zEm{Ky0C#5VI}Q{uf)?8xxOyXQR)zqac;#T1VoY|>`BPl|WR9OsnMvEV9e9H`GX~(H
ze*Cx)vm5d_$gAb*SnBE(nc7m54p_to9T8%;ezr7%?fbh@fXqA%=())LCzg{)rrdh-
zz(Y5lZ(_vqK#}fgh;tWuAV{u~^<fj{K-IAQjo#-W!NBnsv3_u3;4A{5ch^A~(nyEF
z6XV-U)7ASvs=(=B_Ja=F@hX`D=qXqG+1r*=7d?pnwb9W?ekADLrGHklkNw`b&}+l?
z7l_<W4Am5{XLxs`gZg<yg{Jlg4y9W}_dl@7e|aRA@Zj?u=+Rm-|ED38@|U-tK9Fg}
z%}s%VIQUxRU3aj`6Y|YrwdX(}G!S1YH5+c|zL!_hX*`I!8r6)nC^IY}7wlaC6Zb5D
z!(rg|Q;V+<RbRU{01o`VSmedks3+}riFp9LxT9!lZ;?L1(fVm79~=p+)yRYFau_D)
z^c=qgAV{k%54Xd|Ov4HD71Xz5Vr^8rdW8y(&rRoF<$Q8hQ0{R-v|wsZ2anGj2084s
zsN7)FlKb6r=)IX_j2l|oC&wsTy!a|%)HeZds>e}`Ygpex^~`R77ML5jc-qsX6ua`P
zT`k40H2|>lObE!)Su;R5g=Qw>DSn8@9mDE_b1x4gQK<3H9p>CL9nL;-p(N?s#|Odt
zi9ls{z?XVg_eZ73jJva~0;VR$;)XOfEZ6^4v#llg!@d^C-wXpE!WM?oBxAob2ZwUT
z-ivw*Bn-QHg6nyA(FWcXTe{$UBop5EwzE7J-Hjf&XS=(1ve9KX{RbwRCho(8X*c<#
zba!`D*RDv1{W?HH5dmM_C^z7AAp?9ocn6o8cec+YpPy@>N7mp=*<(N(($?^AfD3>!
zZ(XA<*-G;<)g|Ki;IZ1oRdh@D$}PPcu1|^eZ*u7tl@+M3vHvh*MSQ1uHKb^8?CHa?
zOVV{e!a!q<POx2x`5jLO=GIcg)fLt6pu-~2#Z1dp4QX6TZ;_7q#gT_JQ}9;)lT0)O
zI7`OVEJ)81J=>!*987N{fI-ia3d(CvP1A^(!Rs|1$!Ikx0tGFu)w9NE+U483LFYT2
z1G|l0r_Qk>yYW3V3AxO|j=!ytSwlXn8*Zixr}ttH511YTSuH{o=XL~%oA~?siksSD
zu4?dH9ng=ZhrLn_iB^3pIO|5qJph1K`I&S?6Zymj|Fo<VUQA1Fv*ifle0Ud3Jg>F+
zFxET(1?Dk2G5Oq}r$=4cCSs;z+{)JAybw)k4KA>Yx4OxlOp{>AEVb;M_H;=c+A1ar
zVLT6yd8w_fTzsN+=kk1Fw7ECoy=!+Z8MuIBnHjvM#`~X~#Ftpq6MM_lE!Uxa|14`%
z#2@gTZvY!5;X#B1GWREcP$H&u7`xiq{sK3*`~fB53FFQP25Z;rRJ@+MeueaEXKO_O
zA3Jq+3I6Ix4rXzd@z9+SUFvc#3-$wEZL<)RY2g8=J3#wiYm9APPzkO>HqJz#VIPSL
z77ro2^2+upQ-H_x0bqWkXhm*o$lz08G7IBq{q5N{m`x@>Ks4XgfG*d=^i$Ppw_T4e
zB&o^kok9<#{Z4phy>_Fo5>o~^7IKhW;8tK8vPbG13Xk`y;G{u{qNNS|%AD)s?ZBz4
zLJaE1=vqd0mKZ&Lro@O(sznkwHo4O>AJvSx$08;MLtTiAHybwDinq)O{6dKW`>I0v
zv+Y<myMBc+X)5B>%j(JZ{lkFTksLG1Sn+b5(a{lX4{$5tJT~yK!@hP2;K6Md@+pH1
zn+$86F%9XL+_8Se1*tys`^LVvJ!o$Hi-CqIOY}tusFAaLxkB9KvCPpmrocb<GsRee
zv!|cu;g=-e@1qUUSnQ+b>kEN4*YDt%N9!hv?}mth{O%Ea`JNa}fjC{s)qo!Q3td?}
zYfj=hCs#8uEBx-lw71}JXYbO>Q2my(2pr*8qJo6OI(qQ?|DvrD+7BKtDnwa)hR(}K
zSXo;7OCxiHey!3#`;XUJW74LmU)(N1`QJ5L@(p6)Yl3Qdv3=}q;4rxI*|0kX!P#rE
zcjreSBW(;2UcV+Dm`_4}^W~|x(=cE$rprVbPH;E8(Mn~*T2%mR_!1zf7Bv~BTdjy=
zm}HGg&O<&Bj%1(L11H~{1dDUcq|>!NvP0&oCGY0%Rhp&h+m5m^^~R*XSbi_>stY6#
z=%1|d)46n7b8=YSmVa`V;ZHNQ&F`*Bhw&)cPBn-an~gENfB*ie_x81hooTa@nu{8?
zY%oOB7G6N@?%}bIoF#vyq{6>{@$A`qz>j{IB5d~&aGWd<fJbS_^JpIW<b|RFYql8>
z3|x9uD{c?HlneAI_<Nx&N9h^V$J3K7E?%eF3Z<R~ajn)q{ZiSA7F>lB8!3JJf)qDs
zRk$@QQzFP0v6fPvH`*=McAel$T7q%6^uIIB#YsJ@ylJ0JjPzJgB0`nM^UsGkRqy#f
zgOq2T>#r#Ez91w}XTrj=er@H<bvz|d9Z>I)Z_e<DzWU>;h1Z^?oUNY*kcnH@De8&U
z(%5fO(A40~h#!#;MiS?84=n$eSwJMYWbkLC)Wd^H*6z{DEIFx#M7pR`tEceOXZ3=e
z3DJh#wR4!?Wsy(W=z)l+z20JgE-BG9NhK1hX*D2d;^_azqzj1)`0I?m@T}*i?ci?W
zW+08~=|c<ei>VY$Jq2P^#uRSi!lyb${|GVR<bjL#Dtzf3RmRw_96}82tT`#A(TER^
zl81h5Se@LW{sCU{`ogE2xbQ#B=FUZ>|AdYmZ%GS^|D3##_x56vcsb-XI(OBclY&Q0
zHbnGrON3bvh(A#>bEti7baH=On*lVXL0J(^e)0ovgRbbxZJHO2SrBs2dj4gx8<9@f
z4cE?l8QlVboT?z&@?W-T^5?(g%+Ehh)aFo#fP~(9^*nBHwl&zXhV5<ci)1vi#eL`Z
z_V@2L#4|H<0Yk;hB?SL{s0J6qGf6I<Iq6$;G_grD7?>|KEqBTo@GnmNMx+W$u-CF`
z+$508r;m>>uGA6Ztp22VMsJYD#JN0R@lO*3Stok70=x0q7?kKlE35zSiE6@>cALnG
zKGiizYJzukurHoY)+I9YwF+Kka?_%iG(icdv(B+Ea0lzZPgYOK@N3gJcQW}xcF{3b
zMcrv6xf0HLdz3z)k$MJ0LGW%XiFOYa-3Is6=&4|Rh*pT<NY9v76~7L+oBuo_Mxn$j
zadj{Oujg+_&$WM>mi9t~{si=2XY3x{0y?o?l%{(AwdNV{-3Ujasr$JrsQO`<T<v+~
zEB~}0M^sX`uwMARKwaIj0+)L?!f}jaaZE9wVWYW@@edO*fiC3dJ9Ak6&M@#j4$ejH
z8pP?yO^HX<&7(KF|29%Y&4m>^Vd@%AycsR>sNz}m&d_i5F>_9om-8fOhO3r^fS|KV
zNrK;@@<Q3DQmA$;!b$Q`#rq0XTOP`;!oL%u>7eUxAf_^E>4p{ItZt4|3;4RTMRexR
z1uhJlZF_cAdM45A9sxmI-m?tH^SXeL4Aq5V|L!PIoa3z5o3?d-o{IJ|t}@EMbHmWe
zMSt~>-JmQ?)D}1$nSKMu?yYaY$JJ7*Z6YbyS%9I%b!0e#YiuH|^PRORUDT_cY>@5Y
zgKqcmOxORmVqd_O&ft}7H^%vS&?_J?u14isvX`fNLAw$n&qZ6z4)`Z+)ja~&Dzcs6
z;P2mClycplL^@?UeQS}HQ7U8;o#Kn{llj|NQF)0lZF1hbyyQ1`MT(wrpKCrxyD3S`
z#h2d?Xs|upjiy7-8(@j964*=Yj9$aZ0Hd@lR%AP#r!IX@ZoHX4{ep-K`r>bEnx9K}
zZRX#4Y>fY0m#B0edxK<xjlofqkbuUm#sqSSzH~lGp;kfy<=4si@pGFeyjCIeGZ4MD
z*4;ZeCD9$=S9H>orcG0wVz`R#{B2ZMG}n10W+Fpis+zFH+q{HtKv^$Auf=^5&fx#B
zph6}>{k5+Nf!r1Ht3l~0=>?eD!;<<1lM?V;ST>F2*5>yne`S7)me^P0C1y5C+6O}k
z_7&IuX<IWrj!xtYo0DN}P6~Iip$IE2Z0sj`to&5l)7sm(7*cckb^~5y*hZh8HB(`D
z{4JV+fI`XJh%P<87!VoZ$#kQwuL^{5^U><VU2f!c2>pW_kH1E|X85OhmfKMV#S}8J
zyR(fdcjr#~>lW0<DkyVM8*Llc%Bv;0izNu;)JBJpBll<QB%~$Hl&+Y6KRlP<Qm6bW
zGR`$Gbff35ILF=SDOI2`kEwtsm)u2cT4j)(``FZ7elCsHe!tYU@SjBQUfpvb@=TMI
zx3Ma;`@#-UJ-yBbrqff@=$RNJft0$Fl!gAUy*nMg_4X^cjji9h=^2T9ik#s+gYkCX
zPK3EYnF_rqF~umU>+<DS<(yXQc*ysyH$QHZrEd&rmQizzU4ZWU%NE3Bd@irViYh+R
zGYYsJ^>@Fpeb}eV{=87=QG?ss-WC?wPj+fDRZ<pH1=CO$R+_n`>_p_VixZ5yR_n`I
zx<3(-vB`|_M(d<M30sP*Ls(DMZCq<(G{b$#kZ)zXw(?g1KEG~#Sv@fNRs8$qe(hO(
zTOtMi;Xx+vkyd>IOx8lnavi)*&o`amU5&%7JqO1jnP?yM*ei_!Q~jBR0v;vVrZ-r9
zRkQQOh{Q@$G*$S$4{rZ7{f?@+!?%1}0vVreRPl7sy}LMcp|rMk%u`=Kg^oyhA#%>j
zh%U8O!_woBlV#J#Cd#^HSy+fmJ(czi4MEAcMNnlA1ZVeLJ?y$)jo$pely{1^TBOo2
zFbt<9y!+q&e<{^Jq^0bAprQy7@^U@|MRVEkA4sV%@Btra7bBz}ESbBSU-*DPmm{19
zyWb=-8ei-temagw)!DT)iVJe@-WuF!IpK?#Us_X${Xboo?s@o_7FL<RQ0h@L>iN<;
zC9Z!sQYuZgYdp}VF37FNwn9jMfPpU&9A-lBwC;Oci@%5PTzv6T1`qk+TkZk|Oeiwh
zaTW{m{4gJ*H2l&(oLTsPGxI_K#681CzV{Yo=o9vM{cX{A{Ni(WrCFz0Vc7j#^EAPe
zZt7ew(L&ZkLP9z5`*E{J(sW7j`9R~0OMTjH@9<f%kO}K4g9=~ped<ct^bv`phpdzU
z#`y0e$4Xm?B~t>oI;(lwYycl&eA-6sK36UZS(mUB5fkHBu$b((gI`(95}`N}mSR`w
zk}{&(?JN7j|4?aEB2~xyW%p)jkuR_Ni+!s+<>vwv|Frw%M$f~D2gQ;6ioGpDo@D`<
z636|rjXUr4;pr!c+vU)-5#z;AqxO(Urf34z7&UET^OzGq#1^t|a%tYN9_PokeT1Je
zJ9)yT4t#<`GeUtDMD+h{n->mfjO`osu*WU9;^Zl_?B02sZ^j#+MxQIz-Fq4m3sE%*
z&A3XyWzzM|9Nadug?1~g6f*(0Id?OzGAt1rZ+{w1)^a<UrLLUtwh3jTfAo-+_@A!7
zy0#J?)pZ7n?(Z9S)o=yP{UrHz7bi#WL~*|MY0`X%<MJ=4cd|QKZYS(2!P-&{j~8yO
zC{xVjT*?`Xu`abDQj`5^USdb8F258tqETV!R3pxH#=s%{e^)i=)sshFn04Ea?6e7#
z`)~WK^v>1}Xv31G&9bWkKT9j4w$;O46Kifd0xK%Dwd4{0e2=M}L7aODFVSdW+b;Cd
zBVF)h=6-2DMKV_dOq}BS|CTgj?)4l9K{WpMiV`5)ylzc@937>bc~q{p&d`00&$q}>
z#qPIQ>HqLcOQKFIoI)kle1HR3gL|8gci`M;_l8V?0GZ@Fcl%p=rKS9eX075|Tcj7B
zhikh1G(mZb`0QZG9N{VI(&i!B^UY7zo@D>b8-XV8jh+FPUV%%&^c$j8B2Tz=!?uW>
zdpx(b4W?s(bT>-!_d|rPOKFJi7;m}S`Lz!RCL)xkud)2JGTK_ieC$N?wKD*d0)UCq
zKOU70lJe4>!CpNagJqv8DgUZq0tSW;`ypSfQ&R3z7k<}ri_3c)lz9?R>k$xaQ`$IH
zUPQ9{`8(B~oo<W<U~uK(XK|C$>BiPRcEw%!R)-wrb&~bn>#v`BvwWCg6Tt;cj3BiP
zGEETf0UsJMe!A3_Doy0_kqlZLb}S59fQ(Lh)4Op09bwkGMa;hP>X&@Jc?K-DWnv+<
zydC5dddS89xmTcWWPO+}RmWjRy}VYuZgO|rI8_Jk<h_1KWPe4cgC9|c4H%z9YSBXt
zb^@8|ftOKqc|!A#$eP*R@y<DdGk(Q7{ikUM5hGlzL>~WB<?FPH;=WcJ%!&yYZZ9^;
zClc8nT|e83m(2798G^(##m`&PlkyK`Gz6kxoJVPJfx7v1ppLq{gA>pV$@)p4PY|8H
z0<%C9!Xk;Vyq8xpXHTT;QMeK{=RL$EQjZ>5IJ!>2KLi>pfF5A4n*&=2RLgae{nwNb
z=t_Oq=W6J!vuohiuQjWV`|#e-B$Iu-v^DiVvJuh9)hO$eU{zepub2)N56u`5RxKYO
z{q3ag)G$*&vp%e!YG&d{u_N?Nh?b-DDR<U-P-V(7*nSCD61q?*dU1ZmSM?D-m0vx~
z!oImHKi}J+N~}pp8Re+n&hl>`Sg!-gbZV*6m;<8`#j!c4S0rI;gXbVG>{^k-Zd!*Q
z=DL9b8>0gepsRCt=R32T+4AWN8dgdB8>hEt-|U(%IM1#L(t_@XQxsYiEB&A$X-_3?
zwcmv`?&3<+MXoRS5t3X4*N*Rwx<ga|P0d>isq0>6x%O8h5ZsP_-Fm%-&8b1W4j55m
zMbq#h$AEV4+?Q6B_Tg5GN95h01POgPGk1p@y>SVSvmx*OK<_f>(_HGsfw#JWx&bxc
z7-N?HnsI?e9qk{L*2f>vtv?{m3x#>_DtiX&+6L<EjN11Cni2Vl-Zc2#zw-9u0bq0Q
zxzV2@d0_mUi#jx!>{JOp2Wv&;FdZjpUCg?QGu2*k<&@c5h-#N^jh#+}ok0yRZ4&y4
zQ?qQx+S{=Ts<DE$f@r4lqFZ5kEmxp)*Upqlj(}bmbPZd&iua)nLgoad8m|BO!>8V2
zVPB3Y#&1_>-fExQ)vf6ZM*r;xf!`~2R=FCW@v(}`bir(=u)LEi!LAgRnTk&5p!$8k
z@rvueZPM5$Ns8)avnGQoS9#mZHNv!2O*rH<`e;(nqD}z#$Y<R9=A3dc*%Z`T^oqi$
z<nE247;4SuKg<`agWC5bsXm;Bz_;tS9qt*06^nR>PtK+p+xXa*4`$bU7f#Nk%?>8N
z{I^5OF9evfd6YN{)Hto{E<9h*_zr1SCHt9V8aSOZ)%TGP!H=Z?VD-ytqV?M#pGx#q
z8NhzAg)(<ar}1?CCLd7Cr*D|+eeIi(gcd{yCt6P*%F-3okju}6amHHQlF}ED@9=BR
zEq|B8%S~%*5;SphHJB`H?k3T5^t&y?i@9F8=%Wvc3VniPz+SI^EOtb3eNnx<UNXUP
zvVnv7Z!fc~AJEEPGl~P?$d2c%h&hqGhmQ7LsD_hAKnin`WVn0noOojD3Anzb(Mi?W
zclL<oKu0AGE|6$N>y8Xtn+bc+=*~<oZxnX_uz9$};$zHG;sdC~FaEyDIYoJrUtcuB
z&cdF<h@t|W-u_C4^EJUPcCIM3&o$@nBt6oJQ%iD;bJX7(Nq7WFbb;`EKb|UIq`9SP
zRAWR^-zOO+pY(=DMN3~!D=B{?u){lnFdGZVv}(I(XeKGsiY96R9iQza3Tc?#p0$^#
z>$aXMn9EoIw2D*X47IqR?B6lU4L%o$AtclmXsVsTs<da%V5Zqb$d1OP!~|S+DX*^&
z5}qc<6Si|zLY~~$b|x@IBxXHU5e>mRH%v3krnva2?5^;Q@dbO)-2B_3>nB!P#qURt
zb_8~2EoQOF4+H6wt%~j1vs%9|l&&|Ul&)mbT|cv5#0_Xg`e&>RuO((vrK&;Pk@X92
zJZvNFru0)EQU$pP?eq&$)XVJsZI+;(xZ^38X^e$!+h8`ffi=#9D8PdK+L`^g(|BML
zJ!|g`yOJ4qb}`)0bR$KDZo(zgf@`LZySt8a#(IoztisHCPw<f#0c8a|!Fu+H<X_z&
z$Ezq1V{f4}>o8k4RcGhLIjd-tM7NF=m1TLQapRh9?*UTgdcv(e?hcY7^&k8uR?u6z
z+|WGFu>#>P-4r{W77MOH;Y8=@1nYHDsC=ww{x|RDO$7PhZo9sEK&x23C`xvze44+3
zHi)0FbsN4X?C|@LDEk7|$SbD0z+6I1l@ExjihATlXJUsXZNDg4vlSOYSboVn#bTWl
zf(xJ9e7WRg6sF|j{I_9(gio&-ZV$vI*nR7-`#$S^D|o^w&QxDcFe#sdn>I<&Bq^sZ
z*ks-^!HV<oA6iEpR}(pJm72adwdPnrlFs3SS0{Ip-rk$#_c7TOWb5OX54sdd^SFgy
zh=N5?^L8(&1xMBg)J0(L4JR0ae?VYOG-^24q@ac@cTx1Ai^*=TsuePHu^E6KIv4Kv
z&;Ry|z)D_#BH>5nYnC*tS8rUs|NW1wNx@Rczi+@lxbFT7dVn{Uoc}pMz$+`AM=fPC
z{BJD4r9ox*VJ&1;JF|*AUBeMShm(&bbUBkkVtZH0OAa(i>mA0lv0D=p3z5lvNKB|x
zJPyYPy^5zu@`k#$%0SEHMta>P7!@*Vo1mu(eRvmE^mP8Y&uE$5!+NQ*=8Ka6rQ$<3
z3C8>ueXHVb=f(ly=;v^ifQ;oKvyrK$BI8JVN`fL8KQz&!ecx81d3xp3pl?v8rht!f
zKe!G+Y#Lg)PK62c3|#VAeJC7Shj#KifL64k^i!r%d@6##Eq14eZ=L2^%g5`J*S%<b
zcrm3>u=|N#(JBEj?O7DSZD=O`2Ov{aomCn|L`IL~1SdIk_9cI8&|r|%=9dP$OoIvE
zzdJ0jvON#u^<Rso6vjZB^>lgdOE__+mHU>8MW8nyR6X!=YNt<X{~$XbwH%c|64G}l
zoPtsL;Ue}wmqKIi-nf>KQLT{~xZeg4)!omb(}Bmur^3$LpYEW(OWU*$wXY^s!J_Fz
zHPNbI)3`dj0dGc`tpq}tIe62k<#?7<MM^QK5pnvlpbg*5Cyp0JfKk+Oc~>5)k4`#C
zb~Qj3x8psJ6$(qAh4|MXPag#VVJ7<Jph}gBX2>t_6#uzWoaca9>?R_%ou{VY1iNM5
z$84Tx7|F)_O;TQo92E}cWADv%g2!WVvIAal=~!+dZpg2d)#Bd{rl#e`W<Dq?@Y!bB
zlk}?un$-vMwaTMqUAJ2n%amHsF{O``g3sz-#H&MD9ZkA~vA9-^#PO<jV9rjM+;ZZ4
zcK8nGS$U=97cK-e8W(VHvjZY?c0(geWr0tuM~Q77o@R`G2vt!I1Vhh{z5<m&d6Xou
zbErS4Gbo7^^vx1a_Y1{D-!v&ZyZc+C!D(!pD|Rs3y?3DgA@5Q%*u$;{m+7nwP|)EO
zFVvj6TeV>JjttbixHtg24$0h_NiGOQh@t1X{R~P@$R)F<e+2Xd@Y~8|I$Km)1tso_
z=hjrXxz(>Hx3H@rh}Ai;`v6`pA(Suvuh=J@-|G`rn@~~JT$ne*Zh27J_ejFHWcV8H
zl*p@1<(ep-V@{JLkWqKXvx45d*EEe=eq$+YKh45>>QT@WMR(_r_Pw0k`?+~UfnAC7
zb4D}QLnY&eMf&dEWHdU_f(r3)<D_(ml9ze1^|NukBdEe-73p~`AVEQ)Il{?+U+~!i
z_@ZDJilGy69<P$);8Us=9N9wDMqV6kTAFz;t-guH4ui#t<RSXRdOmhdrt0<16Q=Po
zlFIlCv;(88h3e;1-E|SZ^3f<B0)nFZWMkvwjfD;Xdk-*v=l)d3L70uJVxjFU*uD5l
zF2AYW=S~!@jjzg5v-;RIhWnvV($GRbWe<Kwqa<K8c?ROB0$sL8i_>NBi$n-N%v$#@
zyh3e&5ZSsm8%a{n36@=F8Eb&9+a}jeH`u7jfP&8tK3~V8v{<N;*&u@jd0|+u0WX@(
zWc0iaP#Hc_N?p6l-yer%?>DrYNkn?Qv@%~Ay+I|UeVc$l&MUhY@U`W{(>(SEPxg@u
z@~Cvlh6&(Orsqs({6tnz4h8eHN$~GuL&SA;9`7Uj7fFw!>Fw8}4CF12!lF(7%yFZ)
z3Y&vD{HC1i9Y=Hx%>0wo(}mUfl67ucJa^7qs7y*%d_{7h-5QX5=)YHi8gKM500eEb
ztyp7YT8E#vF4M}$e%{USyF*NDtX?HkI;kV%yhp`rU(Y9OGBbFMQ4Ne*A$00t^81(p
z-sV#pwVIkQosos{@3l&@7wRH2F@uu!nzCAPbv7<3Ou_5q=fXH2CwR5W)f4QvQZHk^
zj=I##0=uoDRQ}{a>oH7aEB&D%@Q$Gb=~h1I)tjzbGHKiye|MWbbaG|IQpC|!R!zz}
z;W2}dHZTT$DZf~{agEF643~bXXSQ<Hfrwz-^isc6v~Rw@15bB96gjaR@|<xJl|CMJ
zI&nU%Bzl>)IgwlYI8zuDSNCSkxNUDMAT;JHe*Sr!M4dx^0J_PzEBsIL*yeDQPv+Q<
zuk6Xi7mf3$x<2#xy1d2Hx$lKcr6v`SR}|s$$!1TDn1fHE^~+~&c`v}7d8R#Dd|*Qn
zv5|T`?Z1Z`c0(TbOD(E^p%;7a<LD-*V$vbP+Z#e8QZ&EFH&onbfy!rlV6l&r&@<}>
znG``C4BoWtQYnpBJ!{!dAx!|($83X)ss|KoV0OZ&^R{x&BII;44x=%~?Gk8Mf=Pa<
z5I9s+;t=?{9I#j-jMA4xBiE0JL<j5vin(a&%L*1-CLWj9a?|V2QHYp<hgFd>S{*D!
z6#)eXP3OM)7W~xGx(GShGYI!wVT`r?@hRRDSlO+3{&xODUwxLWM=AzefEbVu`puN9
zoRX9S#nbq|SkTt+s6a3F8`(CCv_h;_QM~Io;)L&sW{bT$^UVF$R#w#h?ZOz>1+Rg%
zY|X%-R@n*6o+WlNAk%&<Y3JZLFa_WH+$<O_Pbap?y0+@erX*(O@%|3#F_qu%j~{)(
z!aFnWW|5=6e*GH%jb7gxbwH1NjOV{O;WfpZ%>Cej%(l#gU-T7%`pc*_;kD}IM??Wu
z(2M1SVUIAoEx^I+6CgVdl(}5`e2MiE5qi%PzbO<B&l|@k;xcK7MNRPfMBl&v-QRAD
zSmOLc>T~#GCLyj%oh{;j#G*9Xx<J!k!*f3@8&x6IC<obg^vTAxwa#xY%?n|Ijj}jK
zMzm7gVc0mfOjzLxyLt9NMVo;vzD15H)&L0D9SvX(&Yzc$nMz*xokYd3iTupj2*kic
zoSRL7Fgl+7vo*a**!}+ufWThjlG1rc@|K9OWi<toSQ8M-wmGh}LPD<b`IqN*)5z9%
zb~Kya=7C7c!O?(11ESs1;5#xKzXI!y`v9e?d{vm{8pUR}wuSZI7)fSR0z}d#-P<uV
z11Yz^U)^%ls`H2lX(o%xNsS=$Pv$WzhNA<t<K8yHv2Si;j31+w6WPc&#?+?Fy+GYG
z;CJ0B`Ws0QX37a{f9+Dhh2E6Nb%GaR2J=Un_;O=*B|4crXwT{p{l&O^V^}+nHy|)v
zUK+;VV@`n}mC&SE+BtL<Dh=P;IlMQ+=z;!B;kmoX{_CqG^{<3p&}jbz>XA~R8eQ-(
zlE3e+jx#wzQTpW1_#5PN==N-Y{1hf{rMJXr>}BZe_P}qF(4nyfKYc*WC+hfCj0O!A
z4LJZjk>=QcAe!z6`0mXiF<aWO9!BXL|Hx;FPrc7BGPIE9pg>s8f$c;|D4X8&t))2O
zgHKmVblBD7{wzD7?e<6U&!LWO+nr<F+fqwp^b#!Nkc%aD5U*SR``573*L#Rklfo(|
z=hpKF`Gx3sHnZS0zpaHvMIwEM`9CmgyWSzQxV(8{vSdCz^ySRNj19G^%VcT*t&idC
z_OjX~#Bq@ZP`u06f?(0o-@SGBPlI`BZzMQ#94revYV!Y?Z}&#@R5|g<$R6c4nQ;~y
z*LdcGQcl|Q7C-UJbF-xJ4=r8wSBe`Q!-X=sU&#5);S%x|&(Ed>6{-A#e6~Q+-%djt
zo2F^OCl`^_hE5~OCuv&gQ?vvGSq1;0AB(On;QyG|HoKsmCk$_vDEA(gKT<N9aRzR|
z)IN`u_WpgFZn_b|wh4pcd27txAU;;fDl{)`k+KnW9kyB^WWVj#vu#$btBqd<oBH1j
zCEJ=3s*^&6n=9AD4iX*Mhyqf><I`6rZWfwn%dxO@3H<4x*PxndVC6MwH`d-uUKTa!
zh&9yni*^zf+RhBtGrdY6H}e9LW`T#r#Ke%mgA9~Qb^{mhD``8b))i=w4x!W2cP5Q!
zl3lhkNMSRwl}BlQ!3ii@zYiXX#D!0)c~qE(z8Mv%rRwu~8e$&D<xv(8FOb><UYKpD
z1UH%nj69prjPw885s)K-5=|^Qr}R*6&kR1sQVOGSp>cW6X0w}sS&{w4rJ_HFj4EmG
z+241wz%#*j4oRc|z$>S)#76{7-kqaB89ynIcshj_ke9V(;2E{;Xi+ws9dalkL?UKT
z7`up=QjVh&vo9I~iYj%El{q%@LDqMxP5~8>9~{JZ*xas|M!PkU#x5hH-{v0hG#Izi
zI(&!(`70WL0t?8xh8e|7b0RC+QCT1jEuh#AixSB-!ccqe{(e1_@S6<+pdEFf<*>v-
zG*HgOv-ezMGdsXV)6+Ad{p5%``sw;_lJax80fX|1jjth(ln@Z_@#RO{Y<lM+&T~Z;
z)6lEH8rP%!-iD?DuvD-onlanWQju!*0=K-D;@kho0_TSefqCuTXa88>{58*HH>m8l
zhb+5DS!E$pvl%$RCy}k(45|cZL@SA&FVDc2<K^mK(;i3~oPhdF4eudz7E&srQyZyg
zk%y^#iBx1mfZ<0B9|ERNZKWqh6P=Mx%}i4o1-2^97Y5?3=}8<6%8krRz%{jq1OGPn
zrxDOhS<DCe`i(}I9)RX9%_elnJS#KUO!Kx?xZZyk2PS*_qW#a;LeN+(zgp=R55S`7
z<{8sO;dW=#z^B&&lFw@2e!s_KYU+4uAx~T^f7+0ZHCh;&oZOM*s=s7*vRZ+u_Onsv
zsv4}}Ilq7^NZ=#jk>}m@Ff?$rgxUI(+#rL$OMp#@QWk4$8vwWl7so#N{@9JYhl-S6
zEm9s)c!0)K1MnWvOrozWUy^H`Ht=5B=Z(oZ3&m1xFVhv*VB*7_fs!wlz{!Aq6TTK#
zP)IW)Bg3a(PDyLG+A72z`jU+^0%1LNk}pe?ywfo3iqsZ3OZV*2v*I*~8_zZ?eV*;u
zzboy3)Mp?sorn=q6%rOZ0oD>Qo{avx+3e;MKvB`Rv|$yH15*TkkJPH7Py#SzYEo<3
zgXf240E%flK6tn#w*6v99buC1rQ0jgz@u^@fD`!seJ%hnB`L*|L@VF`oaPiC<0B=}
z)bi=qfg4L#Jv-f2o}&QIL0O&C%!La0!4Qi^_?qYSfWb15Sqq4>2mvHZn5a?E5wRa%
z%!;uzN-79GEC<p+jE&@m_Y05#3UO>Ec~09gR$!oJyaw}0I}<ss)N#66S4XDMoJQoI
z2|nM^*qX?V2hv~-N$eP^1>iC6(2N`&vj**}r{2kSDfWP@7W+s0{4O7<DXVJh#z^80
z;D5cOp_IVZpbT8$Jt`rx^Nx*C3p|Y*-l*kCo$17sFRCG(PGC7NM23PO>i~SvjcYk6
zAnvb&(eumlBoA;Z&DMB@1GkdP=A|JU33p>hdNc3I_WI6)i>U&c2m8HIC?gL~lyq!(
z*bHB!7rm&%QcgY{aHT6n#EDJGA3GS^8MYjEX{$c^Cj^T)sK3X(P@1h3Q~T_7*K;;+
zKk-f!S{=ci31f#KDkyf0lkGD%Hi|R{A0d1kr<)YS<}W^F1g&}l>H{otPEF1P-g-90
zsIHYMRI);s8PLajiQ2hW4FLhw%LW!Ff1=HSJ>9qSXxLw0zkw;}Ox&++DPZJ3(w?hG
zd6O4k?`tHY|DmMD`~2}GWEULKQnoiV?}K<Jqn=*K$xR_76tt^orbB$pOE1yV(YlVr
zZruP^-sD$BGR<@e;6wxX_Ta_I4l5kw-?6HEvj^Y!x|;8)B<->~t>kl^g$&TLjG073
ze4aKr&Yp-c#r5D(3VtQL2EOBe{QXq;B5zNAjH%4oETpRw4cKDrS;bAj%G?rH|K^)_
zopR%mQVQUz^Fek&yyqSTY3kuj;Kj#-Crin!3(VjkXiS=K1zX?F&`1F<oU$dO8G2DH
zi4HavO)U-%!fRhnDx5socK!@n$F`9C^T0Il;^NEEu1Vz=Plf4~$80|xHWq_Uye`a%
z%~sxf7w+oi=3Td6sIV%YWtR50we?%di9;g`gGE(<8W-bkD~hF7kp=$iBa#DV4*OoA
z_%yA%6@q|nSF=f)%R995GW1CI8Co5#3Y}+&WdbkzH6yH2JpisStF>S*ASCZ~Y?@2^
zY4at9I66Eve?Fj-iHDMiucxAeau)E7uj0llHN?z-StJqPB{wi<;XJ~5zz<ieWH&cY
z*_3!qgvkfpKwpEt<C6)S9~=x$nX#poAH_blNqeFN&<RR$_s$_Xy2$Akr$RpHQjk(y
z*V1sfi?r7*>TsX_&%H%j+O7%jpm-yuS<q#-S)Tmt?cVAOcaEn@i&^O`-PHw@lru!^
zsoE#t7vYsM`rCqluaTwaAgcR{BO`NxdAQF8$Om5os0<l@)Fxru*rQ?~sgXpP-(4kb
z|C4ss1sdLgI5tG!U?{b*Wrpm%vxl6%(v|Ih%I?5reR1`1AJA(H7e^{L%R~5}yCA0-
zy0p&yyp>q}!Z+)W`72#Bh3xwQs6$Y+$;wCTGMv?3(X#zPlY?pR7`rjX&&eyDo5Bq+
z1mT1L-*FPD19<;AY?~qXh3ds|$(ElS(crVh1}BXqHtY_fe)?7bfRX%HFX&ag=7jiK
zwNBlUcC9M~Dx~C*M*09=1++&k+vb$)g+6{MzVjlAA=ukCQ_{KUC}Z*;v>ulSB$8>v
zuj?p;t+WMrj{sYMo%3ldl6neZu!Z@ZCc-XU=Fs-@V@O#`7C?ESmQJ0?CcHL9d{j!r
zFD3Z?e9%s{=5*kUh);N!4BoXzmDi-&I8M0A#pjYGs2^_x{6PSf>MCgi`^evBYlSES
zdS0L+KhPB`Ui%Bz-O7LUaC1Uo->sS&g!F1u*HVvBjPvZ8Kso?Jvw+_(C@$td%e;fS
zj;5En@JwnzbDWPy-BoXY0dm=cak%{X7NH3kyA*f8dm*rI`9#uVX=&*>CX(D=2WL|P
zC=yufUJ4Lj%hXd7^u~;wX<8#bhPiU(an!_*i#BR{dY!lMNnVp8uYr3dcg@epD-hPC
z^-lA3O4FiRT3TChNVvL;Th2>zX5+V#09Y0Rx&xAyKy3{SO+teMi>obTzEGw0qSql2
z=(dnw?jzJbACu56YwqCF8G5?l-@k_WnIK+vm15?Buf__c%Y`%~)hX8wk2uwVQ5I$f
zw*kzDT}sOSZtbJP3cex0nlhi<*|gMv>c53BO8VIShfn#BDb+ty4Cjo6mH`+yE-yRe
z#C8*Jy#=_fI)xNYRE&)If)6RCFdB2^l`=u%R5zr~R!aeWTds<1-j7jyUb*%fAex5v
z@AlYkk>U&aWda3-r%-J=83xA2djm}(n{+@FQ{yFd@E#0NA)&~Y3D{*O%8<o$rapgI
zB?Wl-5z(J34(J|j0;HE+->4oS<eSJ0x1791@WHp+;VN;HWpKl7U7=VRjK3>$*KoZ-
zn$D8Q`l_$z0HR}f-nr4?q^|H%oP`0z478;W5#{w-5@&bVcgaM3dl;@nq8{%)mL8k1
zDFxBi_Uc$`G<Y?bf1IWj|6k2RBj^z&$>@!6?@Dxk*~~^1e%Ie?OLDf(%B1>Kq$s%v
zGxWWzK#iWpf2fA1+^7~*sha*ccsHC(Ny73#$sTbcpfuXxB>4w$yYKm(b%f)lZuUmU
zQ*E~ebvc~|G}bwesM47GHoWN!v;`0{^!KS*W-!*N8haH8>)SspjlFkzRvCO&j^S?;
z5e6zBkVht86k_<GYW%WZnWlV&Ej~__2AR#Wj_}~*^2w0cdtm183!MrBe*nf{tA>=F
zyW07~y#Lzmbgv~fqFLIo?DEoeYQHEW*|Qwd$|m{3G~cMaMSfkC6n;$Nl<fFJ$~m_1
zu52L<X?=8{=04^%rR=(D8~!Bz5(@zMf!keO6=0c&nf<gX+puoULmu0l$#zSv8uHJ)
z?L-`Ai>6U2fD<6ns6O)B$m2P@1Vxvui=v)dD1<>Ts^@xvSh}>!wFbWQRxyJT4B1CV
zhSGv-`bygR4JI@oJ>Q|NRWk^772~pX$xRHbjRUZtOb6CpFuKJz#A#z*t^fsBY;15y
zyH1ImtThtR0T=ffViuF(prG@vH#qYu*UyIq`K16YneIL6E4}w>b2q;K&52Dd;3xkX
zZkrlda<$$5_VBp{=KY09y?Q(h0tyPAK_hKo=kk>rsoA7MGR417ldv8=;_<PS4VOf5
zA4Gd1;FlY*S0I42BJSNbyQA7Q91TR79L>$cldLw=aRm-*TlL+$Q!Q4c2=B283wbxr
zqk-<j9r(r;H^~r02$y`Ez4lm*u5YP|+AjvE!}>AFpv?HLF_Wn0mx|^spsb1Sd~-M@
zeVK_%YsvH!fF8IscBuj%FvS-BY5)`o&;t=XtXl#(YT~suGsOYW*m2x1)c%~uLQ9ZK
zy<13gye?oLhD~F%U7L1zO?)=?ZOo^p?+)?r`TRs;XaeSdD+*c|{E<oAC65~|>)*uI
zhvE-{N?mH2sY1w|JIjxhD%<z9KA*OVouh^YcDv8tOd&CeC1I{mLv@vb;iGuI(f`NZ
zSB6!!we2ocM5I(u8dOB2m6S#ikWT4Fx;qz3L_k_v8iYl6cZYO$=c2n~aR%?Z-FtuM
z{5;qBcjgbSi&}HeF`l@e`?<#$^bS0!-Kq}XyvVvk<7=g^RZsKo2EMKMEj`7#OKw8o
za-6!><!6q4lzHInm&YO96{%8KIIU7+pUfNkMs6BSg6@H@VjC+%?#ShWFTq0$h_s#P
zK|G*)Q0k5^uiNJ>e;3lJTMx%2JsZL~96GQtYHFnq`C3zQ;B}92ZRXdKO6Lf#u4Zaa
z%_bWt@S;*Pf@a)Q5D7fghg04Ou5t@+G@#6<8k+1$fnZ<EN2LLEVLL8@;nxj^dBX;)
z=+P$^@8NJgyh_DMkiW?smjnaiEhWchM&UIll@|>L#j6R+4bfuvMsZebgg$95E*N+B
zuKE8&0;u=&D}f!c1KpyT`BCNW)ZlQ536;nIjCOQ2JY&%IXc^zj*-~sEEdiS2bZ|{~
z{1)3=;@Y9t%zEjV0JwB}JGIK*tT7<JhYHk*DOY;NDMVllN+~$JNV;O=X;_t>%^izf
z-irm|t9_G(r0o5kz2Dc<q(nk{83r2IM_RCjB$xLBwJuW}=i6-+6Xi}t6Q$;Gu#6{D
zx#&v!s@Q>V1oU<y&WTVU(h4~fsE9_1nJC%ra7b{QJ_fdXg;Qssj(2IZ+tDLjTP45L
zbBFN`>!X2N5XdX~CYIqEF&DGh0$P?93<#t?i6KMgw#a}ND{W>)i0`M3x=M#0!Zf^l
zEwG<FWzC=uAj!K|E)58Ka@WKE)NYC0OLCHZUywDFB4D}C2%lJl@fi$sPQ)Vf<a^`Q
z!PI(sW3-}St>WKrDJm=!NOFvn+&by?*gn|kxgd`iCB7_Oo3JB3y4tL$+|Kl~8`JKl
z6cHxp2)Pk!CPwUE+@{1%3-~H~l0t1KHNNr?v{_%_&_3u3fzxJH-6)OZ-Bn2a9X9*e
z@VF5G9s0>`O%|yl`u3|euV3N$iVdKV!%`!>SrwCouqZ_+ys*$w7mM6Zsqy>~SZVS2
z<_JQTL<>Ww{sq{<@H9hlY;e>kLp~Ab`DON@UxLiz;xXW`TG69uaHBt$=kPj5D-LE0
zWd`(ujffQl?F&ju)*s9rk5#U>y*UI+)noJ0>^q-yzwhL7*p?M)t(7MA#@W==;`44w
z1rfk=1e_TH9<amJCV=Wi^F~*DDBiN|%B(tBo|MU`*-$3yMzIYdS4R^t8h@@t!;;E2
z$M`yYdYQ5wQUUFgZ+pVV-4k|6Nu4-D)kdMWHt=Izgo4{7#j}Z3O1Vf;<5hP@bpnV8
zG3RkeB%#vRwMlcllzL?YHUhRHDiy{#w|HTOZ;xuB&Y4m>WTGM>!_ll8hoiqJRm$9S
zee#I^+!uh3LKSlVJe3j!u$zkjSh>-EG^#<<^!lcxtv+;}hF&LIyKs9RXJ|4O)H@?N
zI{b8_QMtyhcLy1XICQ>aHoanrJ+DW(dcWnyqt#;rdzvVm;3fmu;V9F<IdXSx0^_m#
zS|YaWye6C-MvFjUziahe#@c9jSN5jt@ZT+UFz49{IB*6L#+u{O7e<|>ThV9TI7wUB
zk#dR}ZrT}v^C#!NSM4T?-P8nyRnz8MW5IM8bC&D&F%l9ncfDoGKw2ez;4jvYG-gq=
zaea6eSyXIrLZ%$?Y0k;JGXr_$ycVdMC-*+?RJP`iU=a)fzcv{4Q{d%zN(om7dFvB!
zxpXwgBK-in&C_IXmc!2dVzKc!A{Fe@%gVjui%#_>#sjy}j5HEPqif4`kGq@XLeM6!
z?)|eX?USRkt7xtrhwiwOD$~>qhB&TtsXVgvfefgj(kaMg>h^mT&Zm2b4t0uu#-60Z
z7#g&9yXJC2b-&!^{RTMoStbp8>wfWgrJ1ndc=042Ilk)l!PVL5b7kb07oJ{n<Sdrg
zuh;pIEM@X-duX?Sr^B2tYJ%)K)vwcrvqnARO~&%wDmDPZ|Lgi9px%tS2rRF+=1|Bz
zshyE?$N$#6!+vhqt@*QdDl*ljJt9`)bY?24fv8Zbwe<cb3?A})x*RoJ%mS>Yz8_6!
zUS2XMD~`pNb;F*=gdmwoa+}8n#=KU*BKn3?!xz6NXgJOyA;=LYICAgLO~G`kfV;|C
z*6vy8UlFLVZ?UO6EVrOe(5V#C6;IW;7)X#f$R{nb0BmKFTmBJxaVS5_%QKt=oy<pE
zAiX(~mKR?JVqqmCclNIvOUbQIA*63?e+XfcXK&=yeqiuUmX7I9_VSFl?fzwoOe%@(
zpBsM(x$$1VgT>gr2id}Zv;a<EYLit;?)R|AEAhz~#IlL(Ku>*M7@bpTW;z7rCRJ1m
z2ase^+{Niz$(bxM*wFxO%a0N<Z1+8<BJ_;T4KzJ@M$ZFc!sE6SY;EP;w`Q+)ZN`pg
z-L6A>cn|PI8aSHC%Mnj<X3Ldn6>~m;N@RVYLf3tMP%&HS6B6TZAtR`}%D->EiATT{
zF?!f%@+_o|)`rz(EhTr-G#w>oVy}1#NEy;5ij6XE99Oxh74`jI+3cAT2s1SMYJT|F
zs#@TXa{&Mq8cWp=du4OfN>b~cxNHrxd~gE?K&uJk+d`IN-r(d8RNhPRZ$$|N@;eXk
z7;dnqvxRkIrN9^%tM~QY&suxA%|cA|cl9i0gR@<bJLvSP#|gLG`ID~bI|t5>Vh(q8
zd)E?Rk&m5u>vr5OE9%d$pIoY&UPNlfq&mzdB!NDQ`}uxPOn7)sZ|$iNW9@lF^~{1M
z)jzY5Xb849Bh3kk5#)_A%Ct&;!D=3x!v8eUjLZJXq`)P=1QFHR3UO{29%iXUm5DFd
zvPg7{_BRVA==yvR5y1)%DO8PNv-niM5QGYlgi6T<orvfRp<6NTU$>}FdiL*h_PD^t
zKQf%}K_6fki|sA~t+!y8&ARV9H%83p>_ARK=^OwQ2hb>#TF3o61hN2qDQMlf3k7k%
zC*>^0GP|&B#UEAz-P}LdQ@*cz)}rF+$yM9s@4U3}#%lGuo#82)xv78F5#9VH+H(R%
zs+ewtS9qEw#yJ{MoH@}nAPfJwz6re6kh~}?Jeuub-FK>)h>HF7DQnaiY%wr=vzX=2
zH3zw~xV&UvwMP1{P*w6pc^XjPe_zs3|A?c(4}o6s&)Ns@-Gl!BN59-0RtF!?FK9HA
zZDkkv*Tc*`DAU^rTxUSh?$iAr53%|NyukCjv(0~2eS8!6TSb5KF(3YsV1sWz{G);Y
z|G)h2(Ek4s`oFY<B1H$3bQR$MvfSq8$`HLZaNJyQ+eX%Q$bZN8=4+ztaHUqYL$CSz
zWSW6xOCifvO;G3K?ReLP50o#4f?t@87fJvDP}=j(?1EN*?)Lzags`~uaKlr!Ggf^6
z^*PozpJTB@22zc#A+&3C{(NO}9Q0?jyJL)Z=dT1dx?@;#!nC+S^MQ1tEc^vLb-N$r
z6xvG?R*AM_v&Z=Ov?3~%ww~72Gsd}pr_w}yG2<WU_Bk;bMxif;eS$(ie{v9c6_Ir4
z51lCGQ8pQ|_+)*bRK~;u^j*jef6w3UAn}(XaFD0`B-dAugtE9z1&5^6WVqPP3P>rm
zJ7o=`BE+$eKEk$+9Bxwju-e~2j=!6=9L8?9-p4un<o#ZBuWa0@(y)(3jwGqd2554z
z!Wuw%exEY^sKHTOym+F_EN9qcG%~ZMb6&d2K1a;_??;Bn|4J6dmM=;b2}yxP(2Zu6
z5Ql|SRz+vMH)2Uw)FhoKmF*={AIcCgX#w166~}efcA+$8Q6)zDJzQ%Sy~x&|{Y`oV
zLX-;spcp(0%WHGv5f+iPHNt4*ID2%R*0Ur>`jC)H)dPIGp~K!<8E0p&XjX}VIplO^
z6&+sk$O%|n_k=#0nv+vye0-d;w41NYQQ3BD>K%PFI{<=?@J-2KFNv6v|1@|*Lx^6n
zajIYu4dIyCl*bxR7YZ6e7gOo)D|vc1ez)cvE;XYqF&k6?U|@K?M5W5y!_^Izv0faN
zTIsNntuGPtilze|5L0T{(lOl8)kQP7Q4*D^LN=lXc5_p3b&Va#nN5F8JNkRe9^ZJw
z`t4A$(c+vNo2sEpQL02(9I0tSL`3dTjgfY5xHOf<)?|rHRs?+*_}Sy@oRJ8#$xeC3
zKZeF{7CiLy4U6l!LlNTP_fZ|{jH;vQO()K?Z&pBhz-kjXs#U^C0PwJv_V3r20pwgN
z%)A$sW5;ov#d6}}w(d|drsLniL_9j_o07ud=;fm6Xk>e&%Ar&P$8GcS^+z1ZYN(|x
zt*wC7V7#BhcX4T=QfFmjSo5ytgSy*Zg=ltyl2)Azg}3Pa9vS44P2MYAP5s~!GMk}S
z0fbK9#4nJR&Z|G%f!gF6S@nJgb}HhNH@cR;QEelsm=?Ho-;|v5bK;Bkn8kh*i&{mk
z)$?Z_XvPcQ8V^c?xb(#hIXE~3ad?hR-4Rvx+lfU|d=-5qL=Ig9U<*2cZr4C9-stB3
zXDA?vrN*O`Q7Ln~Yu^@1G)33VuZlibI3KV60`BtAe^k1}`PET))`(Zc#mSno&V_Dk
zAU1uTMon(>F}|i{L?Ey6=P^+5{z^`^9U-L3lE`Wjl`-oFTbSogTGW(EzlztKcDAz{
z%^A%A+r4Nf@NFE1+71O%-2b-VgxMq=M5b=LH5`ctlyuFN&b#rd7@iAfS9~rfq@<tr
zP%SU3#!a26p1I>ay7i3TFo}JwhT;=vI^JXH4|K1-|HgSo{lxdasGReTgzs0pHA?<_
zl>ATK@!mU+&yvSfe;%KH!T)37Dt3`$XDf!C*`ny<7?(|6>%i9}j|;gP<7Ms(CN}S>
z%DRd8QM6;Wd%g&B@&|Lh-pSs&Nlr<l7WbZgd+`3BFRRoV;);rw3(Hx(_RoLyeZHnE
zf|V|u9lRGN$<wTJ4=ST#V;fOYQkJdIagvPXG%3!>31FSkXhE4a-vh_1JbEx^QMeP)
zO(esXUu+#89s7PY+~k}0Y)V)ixf^Bm8)n61*$hXMT}bVvu~!I<>u{ySTMo`g(i7w`
zm?nSOpfiH}A{_br`Sz=}JbUA;JAus1%;*?Zt;_jYFDR*Sl~P&sZe7Y`$Q#npuYyjr
zT<TRK`zTHL*L%6LG907EB_BRa&2OGz;8|I{Of2TJw=Z>cT)ILlFo`?{{}FaT%>Mjd
zm34S}x{IUJ<1}YW%H=2*+qL>&m?Xp!Z0y%nbZehJhV?ysB&Q5)*NyqG%&ymocA<12
zFFE-(tBJy}iv^>4Z6mx>F~83+UAE#@i*Lp4xfO+P3iQ#1=8GfT2nH~iKNnOR{S>;_
z<?77svU74cY?t1uI&31EGY(L<7mILa8#@M0b#lL+F8L7}GBcB3Ak&O~C&v3<X}yBb
zj+*N&{S-Ny8BBM>ie}9<*mX{23q?csiRE?hX%d!vWXE3Fhq$2Q?s0kX_p}A$qq%VL
z(^j=;J|E{3o9<QM4$@eye_QYFA#6CY^cVuPrk|N!&!p<fQJ#{JxyfZf&HUj)0tfn7
z;Rj=57vh(*EKG%UeKUJ#43dGaO!_bMSB$&5hO2o#KgE41g*LY<qh9}(nOP3qpX$Yn
zLMYhpzaUfo{(#sHugNx}b4lmPHs8l#n#XHbD)^A8X*I0#)pKK)Wu>g){qDo@sjkQ0
z?@kBqPc<BPD=RBKkmfW<st;6m8LzgB)QB;gbYMPSJbBH`+|;EOVDJXVTxe>=+}3~J
zRDyU|IC%thH0aVM*5+9xX6yP?ZOMMoM+r&osmR&YVTRcP7xF6?hcsFEJ|wJN7sUfu
zv9_;@S!>AIV7g{i=FA4`R}V)6OLB9;4+DjRPqzizR>p(ia8wVpW5-_=uE)z|DSYp=
zrn-kwN1yko;nWGf*BQX=Ue?AwF724@3_LzYtxPjPjMy3uzL>RVH=of5_bs$TAYCVU
zd++a)h3_&11_ZDo7}eOE)&KFIgs@<!Q+w~R(@`T@tHb7mKxpd`uvbS%yq5lc_ww?K
zyIYydq9wIPoju$a*{W%&`^yGGDxAQOf8gTvJ|ZP<!?A(Q$CYWI)mMCHKDIA)8iBB{
zTzX2cT$V$={49S9*7Fk;pCL}Eoo&~?RCwNHwqf1gHlM1%Mdg1J^h-%qmD)@(XU6aW
z9-7kOq^N5(kCh$0jxAYxMn+fs1+BimeoAWU`Y>Pb6I_P`Vs`WS#YI$p%Wz+zwvJve
ziOILSCl4Xd&1d^DK%59AC15Wl;0G`F+t06vVsfOXm)T5aPe+iW(BX03v77fIRWHx*
znPG`ksp{n_a`<P~u<P4x;wM+Nr9bqK4xOBwUt5g4h{&C4P7k8u+gRgf9sWw2Z@xwc
zaqVDxO0js>h5htzD}L4t8^<6gkdhEX48UJg(mPj;bSqt6(A2PfqCusmZp3}`sDgmV
z3)n~~bY(^vdUTEz65_wpb-&6v?r?|&e%EPuPIPnJVJ>(jAvU(lQ|xSqPE=g7^_fZR
zuUx^fddD0hj;gr<S=lpM+Bws%m7J>8$*P$4jYtN~b_cRIZ>&VMrrO(|%^tT-1q9BU
z+lt4VZMQ6K&U8w4-#9hi5YAv5?K`juQ78LsHv*xl_#-U#{l*H`sr@>YAqx>5J-yQD
zA|B0<sYzkpP_gZd^NvmO=nUb2cm0=;FXj%1*R@e5eJ>fdk+`U$>anD66tiwTpPprt
z2&zGj^`)kU6n-Vvm+ywfS!(7hlzcG_7mj4xoN@UfF^O4(sK(4hL*v<?{>RYnJ=@;{
zCWgXhI?<C3QJ-$3dF+9CYmq*hRW|UN)AH>sl7z(C`ugJR?6vFI#>+{4v=$UKzj8ds
zp4Rm4u2<@rFP1yQ8^*`ciA_whv*`*7^XnTL94C67GxT&=ZC;&nU(_jmfw;2eEwrR7
zCDFBTPZbmvHcm_siHQZYlOlpT`y1jjKhelkmvfbtmMW<#>*(oudU^^X*)c#y5yG>h
z{T0c3byUXNFScCccEBJRS5qI~jnQw&QvQ}}-`IO4TcvE;5H`^zK4Q)iZ<cC;P!QF+
zbUvjI-HQLPeBa%3#z5Ow>f_RRz`f<m%`>s=>GDvk(Ave-+TpR!dZkV-ma~y;uQgJO
zXN%&${wsq$CubDYx@^t4r=z>GxU}>osv^3wB$JjaO+A*x%E95bEmx~OGWZ(5P@&>$
zA#jJ&vokzHGHlfB&a>AhCMGk4oDXn<eu>^c`C3@ki@q>hOB!V``K|c{(;)L}X7-wm
zY>T{Hd2rt4?*m79kkOo=S{CryO7H+OO10;g(B+*1Kz0-6SU`^^up)A1-tTO0p%7d&
zybg8WGoVjbt1pUg)b;W6Gib%B+uyqofb1SoBmE5y55o@W$98=Gm5IL_AmI1>Z*PvD
z;FC_4-AWW`au(I9Hj7yijlsZY42_7``wcZnfyY#*j{Hm>Hf|U1opW=Y;VKQFUXclN
zn01pAIf|Fa8h)P|ad>DeJ2+TSQu4+brk^{3&_@;FFxTgvGfR4dxN?|n?C!P{cGTB@
z8MQ{30whnOPpjOfqixswCZ3+=4jcFDe-4R{mlRcr*67m&_V+5?*)EH^ZLs#D<#SbD
z>ea_Q^DXHNc`)H$L6GQwV<ly#5fSm^aA!D5WtawRoG&6z^Ei@0eSWuKkWQ)4>l6*$
zd8@m-n;L&rD%r~}Y&27WL0CuUmvybv1#d`5$kBEd3Esyx`|fo43=%iq7Lku1mrQ@_
zrNXW;5R7=-F5=p6-Do~=lok{)jrWv&!=L6V`{itjDthjOON!eTWrKfa*KaHti~hz*
zvp3hwXteSTm?rRmYPGHb9>S8ZFA%eb1EWFC22VfHM51Y}e(%McG5IpmO}wiz^4@1T
zi>=7*AlEgaccv%e{yX=u!vk53jj38xutmo#JMN<p%qRNt7`gR*qb{<UDLD3}Y-(6R
zb6w*Yu6zz}WE_$YNag<JqkE1T(e<ZDzUx%z#>&sAEGvcu|EeltnP7(uJb6i@BDckn
zTSwus(V2HL9kynATj{ytJ7Q6QPCdgvJSwU^z6R~>>B&P6qNxNJ=Y%2W(dlU{qrG1h
zezy&surOLzmp@u>mSWB?d^|qrIX9QX&T?z_J*E<s<s%fRvvh$DhpsxFQs+uQc%q}M
zEE6%i8DeRz=*5fmQR@U=yGGmqif<1V>e?qd9`(_echHs-g7J&{UFG;$FCs&U_X`h<
z%!$S(Q!$O`z(At$I0;psSEB`JC$V>Gc)n=w1dd|-isvarukwD<YPU7yn;WM>jfii7
zEliGMpr}8EjvVe48};+=kg+S`yNWsXSDw*|M<H=%dz9tJf(&Fmt>NK|KgTYFCaW*(
zVL~;`(iRP|E;5Q85qoJSX$sj&MV=0P(f(|sI{YqNs`lomj~S(KYHF)_cnnWPC1%K`
zVzepR3S4HNL7eR@yum+0s=0am86Ko-rV$0Kk3yc(tZUS|TNzLZ_mIpO?w*5_3P!l{
zRO*<^c0QowTW%||7|9FoRC-qtmt=lQf$j8&Uu@&+_o)0pl>gfa+vL8`w=#N(=S0XE
z^w1)<RM^wZx7I}`cE?tgp6`pW#&037&^oL{>K=J=^?RS5InuTP|JQ3;*}D7AiaESv
zX?u+;Sf-;OIawfH7xnIGOtk{s8g=<}bNs;y<7M0iyZIVw3raPQ-!g}g8_DKYm^wlw
zC*oQnsvT_ChxK(qPc$Yz>jv70%9K49{ldz@K{<PT@=G^-v7QMIjAf$Cys=O-jrQGM
zSC=?|I@XITW&?wE%0?g|{bV<J1l8O~pTZ}!lVW7XTt#kob#=)j#Y99t<;K0uS73Za
zhD+QwY{Cw955LV1m)&cqvX}$l73KkO6qkTAEyAG3o2WR7N0)mChdkx7D|hz0R&Rng
z2W-BO!3Ddr1)}N3DZ5iUi!ZMDbs;J$3T$Q@cpFA8XMZ_4IX+M%Hkr1sHvT9y1bja8
zDd95mY^j!QJ<i?v-JV~PBFNS0vI)~_IjOKbNh!OYe+~O(WDN_~e{!49a>qMJ7#3ZC
z!Cvgs?H)eN4ZmpX!!dMj9@SfO8;gQ6?26Bmw~5Rq3zaF<)YTzlwI+<g!5mw~6<<42
zZ%sZ?u9|=_sIgo&68tV&Icca1>ML%ig#cGHnoULBU^innOzTfKnk|L*^FnH-7e<>b
zh|F|BCJXfg+wYLAY-}`D{19`_Th=iA5g)D35>CxOJ;8dPI}l7sF#QSkGQj3e#X~;6
zzFviui(h1GJ$cDXCj2ur-4bIHcwj!*JYLjm;82uq<&smbOw<iG7~yq47oB>A&(ILd
zIy(&Oi=CJO?I<4+Uw~j;9xLa_*^kbljK^IiyQ<Y^JxV>XRVn@jE`zr&uUtV0b3JM?
ztUMu=S?!HhEt$LD70reX?3*8-&ds4K(%J0Bb)XwBzid0CA_e$#5ZiTO8z^ws@k)KN
zn}7_>p(uhO19oG|3iA7;;a|7CBO)S%0=(3H{43L@Mo+_|SuA9OK#q0E?EM)M;;SjG
z3t@<xat|nB_*89iCgf~1RdlpA{*GgteMz9k;D~;{h0DX`peaZ!em&OnpA>w`=wf8=
zfBQpQs}&XPCwNp8p`>Ib=@7^+qTPF6-&*eG7d8pQ*%q%J3iywlZugZ^0+!{Mu_a~Z
zUB&0j>UC~T;-->uvL&q~c?(`uIpj<CF~La>Q*+MJ6-<Y2IezUGLT#-N@gwCXt7V!h
z!|3HE5~uUo(Uz3Sxi4Gkm&@$~GVhLpY=5@7cp`pxwTLopWm64<2H((<=Y?XTny%5i
zmVG^}iDHYvulFBgYT^UC+sBojkm3leB2N$&i>s=z2SK{($+>H5^+jq3_SL)h&%3!W
zhqBP)K_2ub69}Ir1m1P3v$=?xQ*})GPCB4;$Y?+v-Pa)K&F1u8htn6>ynYk<eY%#0
z=}wMv7Y-`y?8Wu*>1<U_jNXOqFAT4Et-B)c9u?JHuP`q=_Ef{2-F5o5(&JyBq4AeZ
z)<{WBo1go><EYd8FjbL-kB2r^v-5yF@IuIf{pz58oWmfvK9>jWC|AA4-b035>gA^K
zY0=N<e<t9;H9F&Ppw$;ME@UEDEa03+%H^~YeEv~F%wRE<wAf<wRv)Tm9Ra&n`Omkx
zYB+5G)R9|A)$rRGu0Hm_TOG|^gH>>>PbY!iThQvNQUslP%hf5`H!lqt`wGQ8g{Z`R
z_ivu+lpK_vA(XC`)>a+t1T~iJ)-!}`A30zLN4zgyzI^Dm_>zr{&GGR8KfK2Ut2sEC
z>Xl|LCPWgP_kK`krG`=09>*1Ydg?eoFEjKRx<93(qZ2;82kL3&qfV)cCvKsBkqkwk
z)(nx818AwOUq+D;%6}c-+&Y6;fOn3Kk1uR}np)a+23YesAI>9dQ5!>+XxGV@sO3x2
z3ro?>M(Hwz9-Sgh{5-bt?Y6T{f`geD$WXe%T0vW9%`3*TDR=8MSJ6CfngAh>pvd_J
zJ^<`1en<<s?!x<{XWS}eD`5xIuF25rQk~nHfiC!8?!T*?mFw|d`aHI`N7Gt-4Q-~v
zP2He>>qy4q_~T1x@@;@6P1SjV+?#lpR&uy{omKuF&kU;NK|Bjg;1-w=;QGd9K7;&y
zby={(h)vFs8=ECh6RQ?`!zZ}wiGp;nGv%YxBZYx^UXG6|_Td{6KR!2C@ZP=MwC{e*
z5EFLOXU`Nf6-`WNJ0fvXfZN3Sy#=Jo_kbEH*UQ`D=vCGMW|P-_F5RuI(M%}t-D8^E
zJ1xDj92UDXpSi%%R*Jc5iap(3!vOe7XDP7y;-A!abzzzby^LhkWaYs50^}Ei<uR&;
zyC)}bmEn#KlTL+f!5G?>^w7}TteJ{QYU2>fS8fZ<$@Ka+CI<mADxHLjV+=7_`?D&>
zn#3Ny>#*VMR7u<Ba?NR6IK2&p(YBEZVpt$5OG+Mp$_h&}7%dg`iJbC7xi8@C%n1sx
zMF8?^n3xpvrc<1}-Gw|Bo;<lJsKO5VLb=MFtm+zIianbO6Q}2nw|@NinNn6%d6AV<
z;pj>{If8tD13w>YJ)14cca!TWx)V;@GS5SMb`kX0-{}NvbIUYgzU!YN^V_L~BX1o?
zm%w&3SR+O#G)cl4joVjiw^7<JpJ_z6)=`i_s#C|P*<>N6h)e7;yLvRVgvVw&)w7gW
zN73|woUbdYH>s%&^VYz)CP~|LkU?Xlrp?tkRt;ll(PS(S@vjZOQJb_hV&0PxQdquL
zKT|TwVb>vMsp)h}HEP{PUA#$8lnVW9&v}#wS`b0XH?;5H%bOGjVNcl@45*?D&ZD#y
zbN4O^hn*XcQ@t3L$VSSSQWx>%<&GW(J>tDu;ItC}p{M3<oIN<frotX~a!hG?vevNw
zd56{Smi+e#L7}>m;NJwBAXcRy$A;^2aW(DJqv}~$bbc$Kcnb>m`DZTZJQW^Coh!RX
zk-Gcc{0HTd33VTu6lyZ2%ZYE#o+~*`_m28S$+Z&Iq^0DQ%{T$euDw>r=%v0GNV<@&
znJWh&{oS(Y8@&azZ*ddt8&{Q2_T_jhf?8osBXJi;8VARRTBm)rvDXF|v(T$G8{(mx
z82i^GEa>ev!ey`Z`UhMmvsJ2mKAEsDkH2KvXV?iu()F@IgpnK#fREF%Fz|~su-e=-
z^$CL2hnviUb0C&nVDEJvi7965t@)O`<>E|K$Py8epyX9F+XEGMD(r*;65qo8N}(%m
z^`}y!#ne-J3H%h~WoO<2=|*!#5jgqeiGeVht1F-(<*W`y%m8qpG2<oRdeh4rkvCJn
zKTK?CYnzzz%er3tj}{;gCnF<6t=2kj>9e}?KucYo&fZSe{^sItKQ0Nc^DPKK;Vj0i
z1y<*N7=V~za$Are($^2$KWPHaH|g-)r<^pS*lEYZ>WsJOX3A7WMQPRu2?0?8C<9=d
zN5~%NPt}L`01uvty`1F91@F<-ZC7Xh*ve`_BR6`bVp-C{+<0Eojc6pR=W9Z$PObuN
z9yt9f<Y!oy2O7HL(gf*svFYp?743*=5`fJR+qJQ;5|bzSP(*_B*83*w!l4&0UOtqr
zIHL#v<&p5!N?t#p7H7yNf-=K9Xfh7y=~!Hm?Un<B%%^rfYlla@jfvXia+#meXUKVf
z2w@phA0a-`JdT@WZ)<4}*2t^7_BWvZ$DNux*E})&`DpiW9=(Olx7WT7@?ow$;4X`K
zSXM!3b>Y+I!vQ_^Isfig)w?I0-EE$kQ2qI{zV&>_8mTQXiRNTqAD^b~Px!lTu;!<&
z(6gL=`x0aM)`oYAjRJ}|RlC=`zW&vI77FxR*6#2_doP4SlA6)-nEWm`<71DGe8(B~
zj@(@UICYPE>uzcRxP;?xjV`1oX*)%m_%F9OW6`I`wkX_txuZU-KV!3**Vfi<&J!^*
zatEw64Ks6bkj&y$(3SU@?zJ|g(%!fQKOs<hAf)a{pE23ps>&d?lp7E<0z&Igu0MgI
zZ&WidsThV1AsWit8{7F8<azMiA|y}d#>N@LIS#A~J8fYlCGGYJ)qL_C$c;X$fx$tE
zQm9(RMg-30ASj#J?;iiIKumNClOeiMz@8_k7PM>wB|G<O5>M-Lbc3{047OZH4Oz0)
zIXe?2hNcad9lNUX`1XF@%(AnGVz>>vqQUapmx{`<45VQB3QRO=<-qoE%!sITJ%^46
zAjL3-wSyh04}ZMw)d#i_g<^~8pS`@UH=cdNJQ&Ut^AdH}6)6^}X;I(B*=!i{A-{<T
z1bv84pqNI$7GWP-tn~;l8a}qVy$%`aCgR(_az}v^^60$Eio9%&B@A^cftqY)lh<)4
zKDd5@?ter4EWnuzW_Dh@Toe5=HaT9XGcWGJraJ@mnCn;$JHX*RThHiPj<G<{w%sHG
zjX2}GW|<1qQZ*_K9cPC-u;Hrsc#{*$Gk#d|V%YJCT;R#(#pIlGSx*i!e0pKL(PCyL
zbZ;=s2F6Fud;PgwBgVpjQ9jTcdtHQ|S~D4Xv^wC0Beagz0~K@Bwy-Ea;9{o0%~8Nu
zMQh5_?9GsxDV8DixQJ%Y5eCe_f#a`gy_Iu9R7Gs2iPo0!hZa&e$)nbc9p$demHljg
zB383sVoCyg9rCRw`?&*X83>A=JIhrGJ)UtYVz28uyMOX4SIX{EW(RXA3q9Frvhblh
z3NnmZJ)~zVn)x8B0CV-g7)g4GW@|Y8H7+KSX@BdTzpKjw3!F90ITuZ{+34?`ZKpN}
zW3Y`vEA5d<Kir0R#qIjBA|r{;_3`kdr}(|BBJdjm@_S@Ymomnw;gA+&edzwmSc1t|
zt(YRB(m4ES2Wo`u1oG_UO|IuG(?oA5r`5}E(-+9pJ=zk8(s?J#h{a6z2<b(8pZ-9)
z29~p}QS#<7uj?iz8WJg-7ql^IA)BQl2&uF+Z6Dq!yZ35Y?BJ!H(exP>sP^VAJ;m;X
z5AqBekk@uMG*NvI^hy5aVD&Q4MUn7&w%Bpp8Hi8CuO>dBIM!$?mTr!<&3a2g@;{&5
z^{Uw;s->)c&CYIclIjV{`Eb5t(uD>Ow4rQ`C^GelIh7X%h?6ivKDjI*Jq3DXAgEtK
z6mA5`@Hx{u8K_&7cNg)NYq)>1V%PtIn;6X$lR?O~&FNI%hH5^^Z7wS3qK_F#lg#x*
z52AQ^Tr10Xd6CDr49JJIsRGJehCmj>abi_s6XbZ^T?`B?ZzM;zfu=a3t3vE87YCEs
zfHxqlZq;vb$$b9&k;v{(c4ACrf?u5)FAxkVU$X`IR<`9#2A?`UZUQ{1unU)dZ)|<v
z!vrg;ee<NC>)~%F)cEPNijnd0LaX7HEGx#Y&}!+dVO#T262N(+ieG2+wYkYuUmVA{
z?l*7++3lq4k?*b4kM5hwvE{R*U5^W99oL|vhci_!oKd)2-8@6JZEZpo0cd*h5}a|;
zgx^@#;o5kA;&jh6tRFVkCS}LaBot_{HK2UwZrBI7Y=4pjE@!ckPT%%=2{9(oc~ZlM
zScFBQDnbDQS^;}&Keanbln2`eOE<Jux>Q9Y1L<#?5l+sQ=Y2xODmjl{^mKK-;Gld=
zY?76B7}k0O)n%c=$yPM3U_3XX2{$RDdiDnWi$-3M{?-oP+{*e_QTQ+L*&RhI5g{QR
zAlajYJ*@+1fTyxJ3DDJdw-y%`2zi|Wmj{CJdj_wE1k#VbIG21qvR}I$%YmOs$KWU*
zQ?{jTsle$9=$usXOa2Nr9VI>_ht(4s8&(KwmV(yg#Mxb_VTp<}mh*K%>)*&B9?b%0
zJLgUd{$;5bcrcn#5VGD)Mg;Vw4_7mnv+LIVlu6e`3)}znb-~K20269)Yi|!7QjTx8
zT$Q0)P+FR*k&}73P$`<%JPB(7v1@H$eAgxH>(BERrMrh4xv?fCDuHotyBh@BUTI8u
zoR?%RMwIN%&h!NGOe)H-l|Oq^P~ger@a(={itNoZHH)p?m>Q2E9%v1Xh}q=~8~aoe
zcQ;cPt%B;fILfm~fSt12F<>9ioh(L^K|XT&5ApHyQqFtgJFhNqPR+NUud{7r3`O^B
ztriRd@~~hAnuw87chY|ixmQ8Z`umM$NLcuLGTWof5*7Ni9<>znL9)xs4QstFs_@v@
zUnFU8y`QF$(a}ODND3dHVV=l<lE-{*3Ap*S&RciGH*Dw19utRaIhmvThybQNPSkF~
zX1xm)@)FA9oeLGVrhP8EgScOb3Ym03igXL9V;Q%y@4Ws(T7_hByrxM0<>WGS$N7+4
zL`8)NLQPH0?aP?jwZflEx;_rQF1UVufS<e6ds{f8KOcii(vu)Z5BBDeCSdZAa!F^5
zB7pV}Lf~cu(Q<KP5w*SoBgy%l)t8EcNNd^!Y{+AeTht2+^685>F3FMB-0PtkqS7RD
zl1u6@U0E^upql%~b2FZt#|M%*vPEXoA#K>cswzqYX^N6W=ZA-woF|TPPe`5LxDBvZ
zpB)=^D46|@hoXhCt*jWQN|IbO+u;Ao&xqyj;65u$zKP?GNoNr>82n3djZ(Tt)vq*5
zS&olONjRM|`@YTx3Fzqy!L3o!S&akZxHac0l#~qb<*LPZiPKX_B~VdP4jWbhUMGxU
zOZf8=&rPv|PY0V(Rx(U~q81F8bp~(sMGaeImhWxRGg*L}B;(QNLH&nHl%^w1sHPq}
zb}<_KUP66)bLr!Fz3dB0N~;Ci@9ha@fX<W8dej_l!hWy9b~(z8><^sy-niSJ-Y}Gr
z(b>bcQj`&kfzE0;nDUNZsFoG-1xwZbV3D!&z5!_2VRf!RESVSB1cdyVCrtOG<g9FM
zpVCu!^ze8SnjKgWjb)KSiV*b9#=390-sT%z&~W>?yvn0|@ggKT!mB8h0^%J+l6I5@
zl{kLm)Yw)%Q<r8vlPaf)ePuIcILXJxnD+k1wo5Ar%c9|Vombz`JojEP`h(?Okk_zw
zF9YsSD!HNQ$6vCN5D9zY_apyu3s~d$L1g?99;8oS-+Dp(H^nTl(bOSCPiISCmKtWw
zIRUfFv8>!6rg1g`VHMBra^j@z=MzBNcS(`FUEp*vlg5PhCm1g%TQX*1{DP;Y5n}n?
z-ki8#r|>#b6m59?ByVB6V=sw<N}`m@?)cWxhP-gHf^Jg(kLYlYZ9V(LdIb{F&2Z4|
zr!XA)g;7;Xr+918sXv|daAR1IBdDCzi0KvfYx4#6Y>ji~L|TuNmeV)>V7F3SZubYC
zVz(Cmr2fCGc%k62)d;FGZs-AnR78BdmyoV|OqN(uz}C)24#{jasb1l9+;11a0rTx#
ze-J5RHV{Zxt>R3aB%I0ZgfJDSb}sN_D=(e{#J}v?BjvPXKI<^|p#M!l`P&WI<uc=$
z9}knsbr+lrmGZE$G&9s+LAS;oegN|QcU_XB(Z_)Q<b^*#4ipi4W2R;~D2}^N-}Ku1
zv{w#TVq@ETvXuroSS_F0e@JP!FWXtV(|slC_;}*9x5ymoRcO8SGF3cAVngwQS5}%N
z(aNLJ8DZnr!?$%27<Un-3n;`cc~4^BsRIPc@g~>l($z=lOFj|%|KPcQjm7sief`wC
zPgz-6cf6w3AU|Vbu%)n8r<E-ttxG>`lv*)zj?CG)xTr3lzWcgX?<y+VV{UI^l2wg3
z3;8G_q5XRo2Xs6^OQpl={d*nvTN}cGalc$fk0I&uG&B*6oj%M4<Sy8)pV5lR9T4Sr
zTCS^JyuJZG|9bUjWU9u-G$SJ;W0Qy)+^NRKM_*D>K8KodmY4*J!kHYefa94?l(wyI
zj89EZ->V`rFV;k4AI?A?I&80SNG0hem>9ssP1W4DIb62Cf)!R(#Ie*vMkqn#B$0`y
zu$Viof1L2In>OoK!LCuj4bQflOY`#~PbYr&?3l{PI0S4H1XUB86<-1W4O?6wGk<wO
zAF-h_7QW%sBeyy>G4`sh{cI=*blJ16i|p*^Wz%gswq!gOAK~FYBKSL}{q=T1^y?a!
zpoy=fs-kma#1Z;^H+Zx}CDQuJK4pz`(qo3~;-jv&di(gZZOwtU&sC2qjDu&}bzOr6
zlH1WKQVGwZh(hCY6U^1KhM%m*k}34ffdNG2pI4~<-|uxzoz}ZPU;rqmN;`ACVu@>w
zxbVeAs{45>haTTP$PU<6MVZKFX%z<mrG#Eb*sZ4wytRF;ZsW@{l;%c8GKntPWF16W
zrokVyC;w|MhUb-cS_J<>|Nok-?`@^7M^8X20;R7shnV<|3@PbmhGrTKWDng3ESRwL
z2m|K?-maI`6)BVSazA6ga1e<5ROUL~(GB8$C*8AWGB+(ghCUuab@juZooVLyTXp$S
z_XEYG)s|lV7cBkDGWNy>n3={3b@?ErBO_fgtUie#qIY$H80}78m+-x!BG>%Xci5Bs
zr$(`D&ZD0@gGCe;hdW*#HKc-Sv5v4){%H0L9DZ5ZN5rL@42OG~3Jx}?C4S{^@mJ$%
z!jBxbu49g-$gyv3&Mj{Ie>ese6Kr1e@~WB|Ux`TA#RbXk7WOX2!#k)*zbWuNITt;B
z9AjO4XIrxOFB#Bxs6^jVW$!l$4GC#X!!>wvKE_zoBrGLcXD$I@A;J=jRWHX6J;C1P
zWX+;!0}@6xES%nCyZKJidy$Fdjz9lvqk97cyv2;i_H0w-cHXFBBTM6@0GFL!oaO5`
zVFTb5Wr|o{YcQFfNP44K1U*3sytK*8PwSr0vysk{H=Qj>*jZs<I7D7!fry%H)WrGu
z^XI+-M7{wJDa158$8aJYJDfHG4){ig=R4Mi&C19zmmkH&wl$^8o#%rEW<|G7pz{Nt
z6mq9k=8i#cp_<S2DTGSOJKt&}{?;r;A4pfm!|9myIDAMU)2S=r%4?$x<(fyJFPHLD
zSf*Hop50t1U$0H0C%!Hg0mWKZNK>&yt*-Iid-^O`E=^#p0s#SyWKZ51Rg1&M_V$^j
zqXYa#r5ZPv85|Y<JUcTnEq)OO_1e~7@D0q|GPCg?qK|K3OwBGL`4CP~-v5mm3w4w{
z6drF9pxs|);*5qjA7|&-$Xc{fy~x)&ib#8e*J}?7X0O0g|6V>Pw4h(+>BGhlu)OOY
zPF+iyX4jnCr3cu5xYH0Ez3or5muih%6Q&?MYcO~@8I#fF2-lEU=3Y3COXK8|d-0S(
zJh;C6=B^q<teKx0`)9DfEK>DYt#6_xZ-G*JFilt((s4H|WoPcq%L~_?Efi4OqG}<?
znm7eLpH-CxKu4xDKRh8)=PcfY+47oDUR6hNYqN|*L~!Jt{ioPGKi>SE9)!H<&UTa}
zTI;2Msu6X+I60;{{^)K+D<%fNRvFH+T)Cvo)u>WVbW!(v%dDdWlUFY3bJMI?i$ZJN
z+A=$HULf$rw;6Srp6&I%dt_|AG9}1MbREzD1>Asm%;iJCogHfA;o*G@GT%Bio>0Rk
z<xn<U%;@Se9N!G*PH1VG-fF+SNb^|JpY+}GeLa+2I)x!a{z~nuXi)DK)=vwyO~H!4
z93C*?{5OF&!zLL06c0KVhLx0+7j_UWEqx|;F@_Q%xPl!BnRG}XwUpc<ViE}b<|6c-
zT1+H|Q#26fl~+7QnH$E=*~j#+<H*O4&ffVB(Z4QU&FGc+F8qx3KM{Iw;H}$2w)IqD
z#hR8<BsM+BVFpxcem`@Amo_%ARu%AxF~)olQc(kL;Jthv;oTH+?Slv(A0O2E{+YmW
zW~w=jp-&Z5EQd588ohWy8Fk4>O(|#uyXaAmZ}z5`ePub>PjQ#}-5#RlP=uWN-FoxV
zXURCM`9}C_reYPy*ACRz`#EmTCx$F5T?x#}=)S<LEZ0r%u~V3D<Yo=~lk)iM2dv|D
zI6~avS7Exke1qlXN(y<C#~*e)!^0_U^!*jT_B(M9KZ-^e&^@CTaeC=k%xT)&$^BPG
zc&=(~eczy06FK^I0jJ7&EA>tbM#H!3Zt1|BoSf6st9hYGj*0OD<nL!4XCB|~xLq!{
zbosy1&?wYZy9tVn0RSfs=GQW)%e6cmH2RwL34MTTXR4Ni4_VlisBXEuZ&+y0@9n8h
z+Z^Sawzkz!BV&LX0xByZ3xkt6cOFAPV-S@@JKP1Q%HUVRrmk%EN%F89*?Zmi++g=g
zOjhloy{hH=J}awh%Kj6q9vqIVO7UBwXOW3&T5D89S@|VK{SO=**dYK6_t$tUzmvx|
z5OzblJtqo44baT!_E*LTH>q*4t!JYRm;n<LenOUL->ubJee%*c+!qB}Rk#>*TZ)^E
zza^0gl9B@NOP>Ax9>zGOrvCHIGA_yH{fMpkNWrXAz5Yz@NxE~Z`(O)$7x0vPv(W^`
zp+95zzS<QSe*}6$P0$V4-NAz02JEj8j8n#FQN5bLr8KXx|5;ktc(DcSd=x?R!R>R~
zUp|a4kQWkCk~IoU<vD}oU9(%FXY0e|w{BF0{YVwotUQt(XHlae!Figsjexu$d<c+z
z5~Xk@aKWg{3KjemG4HdS6TSf{JXmGej<uFi?LNh&P&01tQ4YJy@}&OZ?mH=NNo|vX
ze73~SUq84$Vm$!Di;=j>r<tPgj`4yV+5S|$+x%sVTn?ZnnoH8%9IGIQxTq3Gvv;2r
zohU8pp}&H21qCo%4jllRB#P_6hLQk!nh@H|qn%Tkie<7Gb|l!8c`J1trm^xjmOeXd
z_^oZKQo+B&7nF^<3IXb`{;E>fc~chS01a{=zDAu;yCx&=%i}6*3bgq=`;sAktZlEZ
zYy-8WsmWr0Ytu>Udj6Z^hd(A3Ui2*Kjv@`ts(m!WB{XN|sAntY_K&1t>%#=Op=<?o
zDk@<xU*9W<b4E*DIi}6!K!dG^2kkI7Dr=a<NGZnmojcxvB?afpz(E7XeDeeIntF9}
z5c!NI^0Ak1i3Nv5cYuCeM9ze1v01q2vf-hq1oHfXz&kLuc`}OtSdpOTKFSNKG)qv`
zM&ym_>_gKv;M~JmpBj5dV}^$08Puv9qXW3U2T8p)%wl3rR!xft!=dv8O)Pfv>G|fh
z2c-t6G~{mEPb4;Q)hf8R1^q0qgzmt&4`&E)38X_NShF4|P2d1USguB0!$bfVdetNB
zReQ|QTp1rwfj(hW7q%6T?RNv@%U75PIfJK$Zd1hc-O;ML2^9{F{LcaXH$8=}-(`0b
zf#A7B03&()78#rCM@`DOGoThaFiVI8+K>6gPb7d>0^;n6C4(CmpoE@w$2@d&e!@JS
z1`wD8@ko+u#Q<QSDA*X{L1sMUrD*a#ZkbZ+20{VT@q%7MzHLGEwSG93aS34^gNE55
z!t&@`!qm)ctkkBizxO;x&1l`%rTn4w8-M4LES-#gc<F4>&X4{Ad<JzfztkITs;%kZ
zhqFtb9>;M}$F-Rv6VLn~^V&e_(`QHrQ7X{Kz<_CXE;xDF^^gl*^QuEWiil{B8(;Cw
z5(RKb24dg6PB<?^{B33}1DQ?&G<TvHs`N}u1iFbDobxIwD<4=<A!a8x*en(m+PJdS
zk<1aw@QtqS?!AMfH>(yW@qBCjJ2~&8YyK|395YO3Y8BD_M>9UPJbkSJFWjCeF=4-X
z8rG~&w-UwLBD#=g?C?16D%#^xHprBJd9or-mb?i0OIOZEE~=_EwI&K#A4Yp}2)ML4
zL0@sG3Y>1_0>)Wrr^H%M6gU_~@=@~5-z1-xq$}4jaoJyqc(X|y<tk=MN3hWo?XG<9
z1#kLEqpYYzd%<95VJGbxC)9WO_S#S`^=!9t^R}9MyAGLoSL}I)Y!GpM-Z%Cm6UAhU
zlVjJzGZsCEVv~mk`r^n3!fmnYBb3!V8Jbnmg>u*004xEe_s@6Jx^<5<Sh5vEQR{NF
zhbzre;Be5Gp@;ZZKGxp+wssc^)U&(Jb>?3f_$}yO$E&k*^Y8@NJWCQn6r1eK`V)+h
zhl_efrg`_XRa88&dii$4#^%jo2ky?3*+M8I)WyDeVj`L>uT;PLoHQjBPFUPIBLmb6
z;8;QSJ>>V%fMdlf{nyDe+j*Bwc!}TG<?r85G3)fgB;*KePWeoOhPnVm?LtQ;R;LMa
zQ+|Q0t0srv-`%j<m^l#~eAni-)fNZJ1kxRK->hA?8}%Tf5xcS)lhtNH{TB<1xZizz
zT3T8Nsi?fEh!|r+{c;lk)R%_Ka`;wOS}spuF=*84Tce1*+nTa@5FpevU3K!-`f?NZ
z2(>SBoc8U+hCLMMwA3x!;#;Q9v?tyU8MCJKYRoP6rtyS2{lWZ>dns^y$$%4zHYw>O
zA?7DnEFSyIom!C_E(L(Gcy2DtWYHiyPR$T+^51%^S!}s4I5b7?bD~TZ_4a&Vg^Gl;
z&|QdL=c%r)9%_AQ+(m`u+I^q)_Aw=8nKFIKntDe-E`}{aVWcvFK(Bjt4kJ%i$oSo7
z%yD|c2Z#(`O>{<$3{6~s_g}gllhvRF$ZoIor2@3k`}_CYSbNcwPqi@UN>C0LQL`y1
z02z7M;UUZWyl<gVQ6f<g*bvQQ28JF?!lBTpq9?Dm3?zuXi;5U5p~yx(a0p^RvIkE$
z(QpHp#b67pxvn#5(5ysxy;kH<P+I&UYuI{s*NVYQqh+=?MrD|GeoiY$B~H!>abdI=
zM${i1EJMO&N5-W}{59(i_0C4qOBj+DF1mgz(qU(2@v`MLz@&@HUAMzU1rtU&3ru?7
z1(I<|sJU_j(fgfnMh}2c+S|_?j!|m3XxmbaUGc3(;4n#XHnQ~IfB291Er<~2MjD+4
zpfZ2CP9lV}JQLj1dv=qqUbBzx_Wa;=1^S5^HqbfjMVHK-lr(ns>aV?l_<QLMU$%?v
z*p?oNh){zJ;s^MYq9R<1+4bI(JjCurM*t@I1kM+CXyt3Wm0oA)_~ax_LL0Ne`;X$H
zZin7-8R?3`iqTK0DLp40wr{P{^OxIk4J>UHoRH5gEST;e$oK8>m%XBJiF8i0?_M3s
zjhe{;3H`P9K2Gy=5aXDV(9a2{>$m6CBM<ww29VI@mo+AKCaB2@StzgYmDZ!W1^(3j
zerZk@qxW<2R(}#q*!Dxqv<%DyfM69J6bL@dQnk{m-(enqsxh!eMJQ^35=2w5YAsIP
z<@)a7V7kRDJWI@Vf5^#rH2rIGGA@YJ6}TA~*~7USB5M|lBYa_tIJ3n5oU|X$$G@$`
za=N^$C<RLCR4L@0o1|c83>VV{U?58vjbD+%sd<(0(4M5ssQ<?^59gIL?lNHG>&e%k
zWO~?#dKp1~`J_ZtFixcbh=f6S6qR<}=z(7DE<S<>f%-7t5y=kd1t#a_r$Rw-Uxjo7
zvrHcHmq~-;46P@!y1Fd$i#~nzn&vE#{ki}n=je%)L%cFGGs})*UbKO~v@++rs*Ghv
zvo+ZA+S)v0HgJCjItgnhDpbIVNhjE}8$wvKr}O2Ua-@Q=FAq1Y;Wfa&hJkVqw9cnj
z%?%)`s?#Lo+#kCRcqGInTV!<IJv`Low?ME<l9kpPDIdjTLgCIOg^?s0M3#aIAn9EV
z5#6a7mcvd9q|yMI<Dv=y%3!5xQ=Sr&yTn^mmqK?ga7f-I_rG5B))e_DE}KiQ`WBa%
zmKLbwsda1L<fDP&X(&UPFg%J7D9qu|Su)aaR7l0_h4792iN1DL&P_CyVV_3O31kg-
z*6!y29D7?&T%r=-DWq#l1%20gTfOFNYG6RoQj6h_7C^Q^Jm4j5J&ANjkS5|X$jyUq
z35h$h<R-hN!m7X|4Fu|gT9L>7iw3LH$+v03eL;TbDf&BLJs2l@L0PEX8EC+R^^D9%
z87c7}tgk^=bxa~3NX(v{L!y|GE{1>}8J8FOxgMQwbsRB}sz9`o`sY?s#o9?pNs|>L
zxn3ux>^pBKzU4O@vum_i|2h*+v;H-s#6(_ZAndx}B=H^5w#4LdVmH+(%YugwAl08z
zQiiLRncrT8^IJ^+LP^BnMHU){YmjFc8EsBo;X`I-T2Njycb<L97v~p|ujna>igM;M
zQY|x0-{7L~$Y4H{)1iFv64bJS$u@lWk2*kOVjU<}OSd{QG`Aze^<9R~w^GtJZY4<&
zj}Dv6RzPj^+BPo*TOIs1;zdSZva$|;CWbKCH7MI0RFC=uc9p1JPL4~}s&bd*71{d$
z9tw!;y!OvQ)e)v;@$S};oc?83q?`eOohS^ShbP$BN5Kd{UfET3ceC0WXC=hfHPEu6
zOuzRxnGYg!-5Saz1TT;Bbkq24)`*#0uCnr)v6cz*zT|8~1nmQJJ-sO5&g!<?>aE|9
z0<EvD*6B31j@aT{Y6KARO$4tG1#;B}hfCQ(#9H(2t=(46Bilj&XTfT>`v%+{ZOZi;
zL<IEvpPAACg2q+<;2$#5F}OYOuZErdHV06HYYM<+WnS_}5>@J)F^OWWY)&sgp5Zrr
z6cuTh7yxLJ=AcPR4Dc#}k1($;R;l4RWr}Z>?NnWeSFT^TYnkHXPX})4kO`vPdlfEs
z?Ks(Ub$1J+QE85QNrzx2Uim;KgFmZfykDaNc{Q3qIHem|!o|rYVF%<SR#qo~_Xqd`
zpY}=j-0%Lu?D2dLp!_-7wksapdR}A4#Wbs4jjEl>L_tZ9Di%O#uUs+(CV7)@7bid?
z!!scKG2mYeEEI??j&q1_J;2BB%wWbBw-fsxOzZm-<&XcXz3cpID*5_h75E__c0>er
z1u2Vw5D^G<v0y-mfEuY5I?`L{h*%ea6+{+kt{4;{^nel|A|*6I=>bCMp@y1-gb<zy
zy1(5Q&p+^d9`B31xOXyh@0po1bH3+$&a_C|1*?i^{Q68~$8=EcLpx!WrPYJ=V3TgB
ze1Gq?N*S)>TWP!lB!qJ9Ez^UTGhPvw3DJbvL0ile$UuHM_u6g<KfgA0IQHh(&cHHH
z(oUeT-jtgr-~UB;?h5jd)d{=e(Wivl1Mii0Yy|N9tW4E&&`W!V(uKixcifWvGwt@u
zJYm?3;os$s4WW*;dsle?BD8Rc;83+_9U$ab=`7wpy0D;-fzXP1gR#Up8=rna6GzQ0
zjCCkcBiZ}W5i0rrOh?12x8LyPM=563*02gMQe#)?;paz8fVJ0IoZ*G?pq`o~nq|U_
zFtb+xFX&?(DVfWM>Ff1sg9}_~QIS(GMK|t4A_cR@f$z{M<wF9}carwWxK8-6u(cDv
z1PF;Mkac$f&n&w9gDev=G-Kf7WWsPSALs;{J2KmT!M(nrL2Yw`mksP|z(zqYy6#tK
zTfODrd5(d!0e<m=ziVpWx_R@j6DNcFtL`hhUBk-)y^={9C}9*z16e0zXM5Gw&I;pJ
zj?MuZI`H^9cxIsD+yw<=!?P%)3O;!PS=7+e*8%vVABX5)G(=mdy004)JS1CK&^p#f
z`+j0rVlA{lyukxt!+==D<bY8Tzz(16U+%grQt&7#NgCjN{&coeCF(2M3vtnG3Xo-_
zKv=c<ySk-cB6uDlE;vqyjSJ7#84W$QI3%VC>rWF}f@#ehLQQa<=(Pv)`mRqafYPzn
z=uXA#CGWYfR~W;<vMF&TvRu?2Qrsl}fs7Hc-&a$Mfz`gfp@Cg!UN4}r4k}LH_50BE
z*2Shek{|nS&O!~f&~G7d2S6@+e6@|;L?c(r{d7>AMUSCMIdaH^*^H-~les(&V+wC=
zGRVH_zp@t67^#|Vz_6_jO6udQG0MxKx%E`>=;>v?z4Gf(iHyUHWuNnr>&I^*{ep}s
zDWU9}zyMYC9SSpkd0JXJroUekL^ytI&3nIZXZs<Pe&!#sH@U(Gp=coFV494BLS|;%
z@`>-E9m}t%4I@<Q11uWde56OYJ>J-wJ}7(lFAyLrZ__AsN3rjdfH018p~LPHh!r75
zjmQ^vW8!gXic~8FHc&T|4^X{|$64{OE$)}Jgcw@vQ(YD*Dk?f@#i$0%6A0fL^;381
z>e8=No{#Yl55-NqajP5P?v}pvoRK>1mu^23?V;hfNmM|VpW+vhfDUApmU{8j$MD0?
z7m5Z{-EGQH`Z!c?c=rtkfW^jq4+GP(NXiQor+;@sQunrhqTa-<t6aCmw;FaO`Ne0E
z#Y6mdN@K4Nkm9?}7j|C`GRo2nv@f)CEr9rb_-MiVf&gayGY5UC!n>v%)#HxnOgeon
zxC|_)TuR8&*Xv)Z7k%hbU(hPZ+{=K6bofipQ9hrb(?Vr00HY16peUdDEb-H8@2SpW
z%1PF4$-2R8*+27la8~c8R}P%vqrLV3cF-oJ)`7`4Z|2ey0cr`D8)|V)<5a^G2?RvC
z`hau&mztJkhQBC9YbuEq)NY6_4=vAyMk#})g=VsMHi$^-nc-`t0G4!tuUhxHunp&A
zD58ErzTo~`iRjK}E8`dqdvNT=fkR4m$dM4rZVNeCIp`W`xxSI4F+iVQhPL=J+LhwU
zbM4Vp`_hGRx8Cm=HE&dWWWlLa;}-*vwlsC3i=}WWce)qO5HmF~aT;CZjat0k@-LmE
z<Mg*RqM)Z2Jw1IGP-(qR#D$h8S^ee{Co8ARdhi)X6L-VbJMm`Cbqh82Hp0juw!3gS
zM^V%-fC5h%=((74FzRv&K;VJ-aJkTeQ_KQ(s#D98tYiaBbw)vXuwnQyNW&1xC!nYg
zN3g|Qb^k!Qn&*7b$%WqS<}Vy1ke0e`x^`>&%BxpYo=Xbydw?N%HP31IQ!=wXiaD#)
zGBjB3^#qNMtPC^a51Z}F-8J3mBc3<9VDl+S4Q=uhz!!vLLgz&MmByajmt7nnhQLAl
zla&iCOntfb>4l<plem#xkhAAV4xN4efG}iP;CA9-hg<E~l{;QMza<-2cC<8GQZB$%
zGd}55$O^lwhP&#65HY|qsM;K+@L{X`1@U`pd*(DC@-uTW-U5hCzF!X(icIrNcW!p1
zR;)d4Y@M>MCr-}+{5Y9c^eZZxRsf8Iu|E)TtWRI^Y_w05&Q^L4RcesWNdb()OV(J1
zo%Zjw+Z=x58%&A;@nEwV;wIUdo}V8`gi;jT6w>iN#Fr$H-k#q8a}|o3+G)(1>Xr}@
zl5cKPaInI8?553L-Z279Ntxp_ore6#UlCv@{2TgH?Qp!FF6^Z9#9YGG9g$Q{U7@2Z
z781TzYjdjkiXsX72r3nKqz(9Ao{_#xxvN8KSoc&HYoe2r(VgXh2G>%+gi@4wih_~~
z$}5b~w^&Fi%ldOEE8N`#dwoIFc-PX9Uta`$m1Z8##qxt@-?ZH2b%?Yn{%w)nIhn^h
zAd#N=wD!5g22T;T+<7=3zB5_S05BUsm<W4)^Xw$?YW}cCS;EsgmLh?<aA*tg$Rbm9
zQzv8b(kEX!)~rIEnoDRW?68j)a9fUJ$kJWm*8w*hQcf>_>xVhz3f5#h?TXVO<fr2<
zk7N4^S2tJh9^^ezx~!-!rkam0dFjwauLh=1jIxBy>?Xtg;i1szp?Q66uw02H>HlSw
z4Fga)h^2GxE%QCVkl*zYumm2pSsz}O8ULKh)WWxAw&l-^=h{IJ$2A@W!;VWvD{Ib@
z-!$C}vTxt$Ejo?=oYt5aLYBw9&Ef;Q`iub$-hksj9paSBcF+M(U{$<iGu6S8N@}cT
zwEY+L1m5yvNk_IF`oV6P!LlTP?EFd@45Dff>9!Z-;R*`ZTo%%W1O%W1)WR4e<{NWB
zN8J4hL}~+)Wa86<9!SbN%XIAwCU7)`_#2?WFx|ADJ4?=#NPcN+Y`kk~YATeWSMYvg
z`GjrB3!sd$&GW>Vy<E!}asGVeJ|VuPws&%*5~~Ohz_Y|y{VNFbuD+rE)zv((XZu1E
z-7*k(R0#HKNbT}^;5Di^rp$&>6ag`7<*2G^v2nz-#~ZVU@_`*2Yx5UkWdpyy17Vg*
zfP{7IOrH8%)l5%HW=xf8(ZfXRFwU#Hyq-K$Dz=aDSsGyZ8h7>X*lJ8rbM*&EK}^FQ
z2(bT$MeYEb#CNnaS%>h>!aSwX7Fd`0<`Ra=N4ACz)F(R4Nij3C2_2m!L`49D6yK^9
zq7KJ3HZ%wT7?ea&OX%o%LDPO#wgTK7`y-`~k(WWh+F|gy)hGBf2F08Wo36fbK6pMt
zN9@a{m<_<{?6k3lU>1S-eOx`Xys1fEHUdg{Oen<`U)4((&TLo@?!J+|fGik%R{_Zh
z?fJdMcl-hNT8(pTb1{TV@5-~?N@(Wjh$_uC4mfFbe5KILL$O~r=+iGx2ob9yvYL6d
ziL<@Cu5zSq=0B;!tABSq0mJH%XzKj;bxd(A=)kf-<<FNMTy2dfMNJYp-7|Y8gImqU
z75aD@5v=&dNZX5sy=FeZ`m@HI&+FMICe{Gx;_DF&=h5ISG+e6I9MYm>_D^7|0RJFh
zhr(ipS@#4}R(9vOL$Q2?XtcP<4U9cLgQ1^#vAf#!xKD<}0sPhoPizWiJO=Rw0=%M<
z&YNZT*6*GDhWcp2U@v>zwNSr28(l<vG09`IY^3~|ErDfLxK6;fW=QFb^c~L=(`SZF
z(ma5n7Ow7DurhQmwsMp@Wqiv|joe{Z|AICc(D6n+T<^}rS<;5MxHy5h`T)l;g?BXF
zXmhz<8oGJfsUos`{oc+g73*eztQ@XJfix49dYxVCQ#d9wK5%&jyH$aTDh|v-Nf7io
zi<-V3^MAaC3&IDnB!j_&8c9K_!l$DD+$s7J?)t8LSB|l(;ZMQ>zR+lhz%TD1vah3I
zt_HlS<^~rWeyZ<Ietfye)LitwLFZ}T+kIyH2eA<zQfaZ>UPH&RN&TD;<SKg$<uU*H
zRT`6Ytz$!{!+R4IOikMgY^7iq)ijk=%Dq@LeOBl7skT^3qD(|YgjOWGW{tt1G?Z>7
z5%f3mtgI^|PqA7|;|Y<>2YWbc(5)ri1ajNxqSOaW_7<5LouI#!hi~=fP^BmX*csuz
z>K^yW4_m>%AlPGt-v6mUu|mDuKT|9bY~vcbH@PYN_IOxDW#x<IKDpIaJbjS4k{hS}
z8qZScz+_dP)Q?(au+MKW7EO>w1QuSnbZChd?-4$~U!U_;rceLUN_TFd2MeacW~9;>
zbCV_xai6)F`<Co`Rm0c5rWKz33Bq`?U*tNO22<4|F3BwFlI-lXBIhr_VA_5&oww7d
z?~h8t{^W3mtIAClX;14Os%gI0cW@X_O}qYna<zag$3E-qLRsxpB#RH9o}O;nK}c|R
zpN&IprfP(aa5mHed`|8!M0je-Zd{F=-V~Wc)hsb(np0}neIayA#vJMu9<L&jQKe65
z$3H`(C$%|R6)XMHB2%<xMVm?r%}lJnFH4FYJ#J-X)qFoTrR05C*$g9mS)}HVjRc9$
zX{)QuiE(_Hpru#$S7It*7^Rj%XoTuQaoHeBQ7!#UHaX=3^S&vnajV}*KfObj8Jrn8
zMbufX(9rk73!LHS_h<J%tqP`xcVz>y6bb9C`e$883|~fUy&8r0n<4a;b7h*dG6n`@
z?^Vw(J)NsCtqSJggb^jxN71_>KBCVD7e1d^5iYP#Gb>maF<3mQr<%I___H+I4_8gI
zBj)AVz=Af;7utrZ7dp<7R|T_bYW&08+*CU_UHIYN+tpp44Cl&&(#ZulExia_+h-LI
z&3)lek<9R)8Ti2093-Aj%Q!M;hbhP(>TN?g%(nC>Mfi+<<V1(lp;;I6dRmYiP8RBB
z2?lpsH|cg4G)<qI`|3`b-!m8l64tW35kFD8UqlAZ*%ViisnB%K&}K~77&TTPk^b(n
zgtuhD$XU6lQ`ObgObmG=NkWU83J-E;svl&z`<S`1n#Cc?^kpwtB5;e#LE4(ZKPS{I
z*2*+TWpa9-$J^nN>8!M<HVs6SB4ulFGRKHJv~Hvcj6)#v3iz#u2&Vu?%|e7-b6Z=Q
zX@X_@TAPO+gGs)CtM(f-8bel8mK^(?n-A;2ad56>(VO=vEA6=TPEgPGOV~|Hf{M6T
zQ6B7t<Q<9e0qT`c;21jYHUDZRl_=Bv*VC^L<Zj~f?OL(7TZg5;pEvzc`AAscG5AW;
z8Mzk{_dH93l==#k!V>;I)*Uy^zTXN@6p2{c5fmrt<LY=yiZ#NYSQX((47=z1t^WRV
z`;)vU=06C+6BDB5rN`F8`axUaYzHZLV!AHs7x46y&fbbn(%QH35TC*j&RVLFWPjE;
zVK>Dkk|npYuvqn{|5li45;Et7WSo-bDYX|ylCa_$OZH0t*-ZV2oYCB14T(A<DLc>5
z|3F?^$w@{=B|6>;FBye%D;*hL8I@v=>d>2-a|k2Kpw+)FAJ7k<xRf|C##}tD(@Zb<
zJ2l~v74{4iL_7OQf+K_oRPFSb82-fmzRHR~$57|f4uxhD;EUrCQ3-pvN3((J<!|5v
z9_1C)!O|qRZ-Aem#J>e(;P$teA!u%AZeP!2|31z8(u*GjzYFDuc)*~r@+y>p!?a;X
zGPiSL-pR?w>@CEIA&+sNS=k#W1_Ywib-ta9Y-(jAZEpiDID42MQqu2!93C1P`oI1!
zJ<B9<ZSDK$W4yzvk73ovjluN%+26klo>((H8~`(u;C91EW*3o^3~tDH7k+Qls{*PW
zu_=-f9UUQz;A$AiM=u*2@yv|Oc0U|x>C_+sG@mHbg?y7JvtxtR)zt-Va*ILcf#--S
zG(U$}p<DZ^gK6-GjFqizQ(KQBJh8TR$A4?Hve}>cA@q1`te`NW6bfGJ2B~`@_>c`I
zfDz#0>RL4OO^@{7JaZ;yhC0)JD=#^>c{ztbR0VYw)lRHmdp@W*Gq<>(ustDni61#~
z@p{yCa5MF&)a}r839d>MKcTGbxPmpA^9^@&?AQHX6a<I0H#IE{nzOMcP6?N;cX3zp
zo}7me2t9Lnm~#~7ccMBX0-gxgJ>a@_ar!`7a@_v5p~vmi0wJOK){iwDnP%`t&CA6r
z<~n;DdG44#k%T4Ijy|PrRU8s6?Y3^|?6eqYUC7U8S#IZgy`eHYKYam-LW1t<?CMJb
z(xwrd3+xpl5X-22+zM!PI%Q<Zb@x%7{x$h;&D|%?%v`*lQ7ISnn0x^UygVP5r?_JW
ze;3aCXYhtI^Hewr>C)w}EdihXtqaNdCsdq@ds@cWwo_9%r9(9u-YE+IXdNZ{?Rp`Q
zAFAkw0{%V}ekkC7=Esjg@ncYIOW=oo{Qo=^?9656!7wO*pZ)DJNJ##FVlTfXB5R7K
U>ZS;7r-O%|Gdo*gc;oK>0Q@Sw_y7O^

literal 0
HcmV?d00001

diff --git a/docs/static/img/go/api-app_details.png b/docs/static/img/go/api-app_details.png
new file mode 100644
index 0000000000000000000000000000000000000000..730152e937bd8d16446fd92b8236a835d7ddb9f2
GIT binary patch
literal 213443
zcmeFZWmH>R*EU>t%Au4}yn+-j?ogu?FGYe=T!OpPo+{pA!J$xGQX~WmX`v9@gG(WJ
zfHXh|MBv?&bMEK8$N2ty|GsaGCxf(%owfH`bFC@Yyygty&$U!&E-_y^apDAx>a!;=
zPMo+Ted5GftqbRXE3HmBbHINW-JcnGoj7rs{^))3L~8oY6DMw+P<`@H&p&;A+Rs}L
zO=`p2tI2ZSRyg_S*4qacl>cI&d;Z|e!@u;-==?R=_a0%&vRe+Kn}oe=JvXoX{JHbJ
z2=nKkXC8g{^hotyk=Qo*uDj^tK+z73W@1$mxF<!%9w#N1TizJZJCom^Z1VwF!~gwi
z{5U>z_W!;B{LUKt>h6DE`Yn5g_2hqDdNq3c*M<MOa-#9-NtOS;^2_If^r`>81bzIS
z?!T}2vz?0h?<?Q2f4QIe?@Q(%{&z|LyG#E+&?Rev_ep6HqraPNqSx-J`~Tg2+e7rc
zay#o^0`aY&xP@;FotY4R@|^Rymv2{%UrB`6Xos(V)(8IcfAsx9K+c^ObeX!n&oec>
zN5TBcs3*LfwRNW`R4&zk{r%1kg~BL>l!^L~0!e3$AtingzZe+$@6CluI~uR*Mc%b>
z%E_CZ(Yj)XytQ8=_gE3HU>p9d6n(R1U7W$?Q1@LLW0$%6SP#STZf0{o`a2D~{+c>`
z7&Wt&oUT_QGEz2Ms2mA#m?J9j^ANMs_>Yaz!GA~N1o8H-kAe0VFU4CF+}^_8e{eOv
zL(n>v^(uq&-ovwC#&5;Pp5wvk$cQVW%DE~I3%|W=Jav(%Id_NNMmKS<T}bKkW7}rt
z3gmu8rgMLSxb#dx`@l@4UU1A`KECA(g~2NU?&OMyqCFl6g2b?uUBsYj%T&YUKeT)y
z+6U*;Dy5hSV^04WFnm6c`vLV9urNy+aPBK}3>d-Sqd8tVlmPdBA3<~hf7(BOkd`>x
z1bk=#TV6=0QImkVQlDxDxztNKPfXp~K6Y=z=M?C(L+RY#PVU1L%w8j)g>Zcqek)ID
zZ<`Kp2Iu{<hs(#_(qXNay<gjJCNKn1_TV`kuqt~CfBnm0dv*VgD7<>Ks;WJyNdNXB
z<?PkpIPaKKT6G#uzYg8i<21PUt2b{mFcwP7mCY?5pT5K2LaY)RQnT(pZ=}|^I&4IX
zv~ju#5J-UpR#I}0ax4SG7yDD<S5C#avm9zIw<A$EwIR2`&i0S~@eZ!;bA^^9BtMUT
z{gsTVTo#(3KezpoSV=iS131yCX6VK$7r#{CMc^ixtF~RfFFzEh9}Dl0a3m8jKdhkZ
ze)?2y+U|PC@RH!9yxCDmJ8?q#^?=w(<|H6sWaF#e!*pKa_~p%>G6B2vNuo5mpzF_|
z6As?8)oulHZity7+XRp0veA;qWZz7o<D*K?K3WG5U)BV&NBw0qxV0fV?^|qMJb>c=
z9g;ne5<JZy8eoY;*@!xB`ONs`3LZ}{(hp3}Zlaf~b?QZ5ymrHog4xq|-LEZ0Wmx%o
zr+%#h0r%*|{7xMeGm?Fh3M}s3ojc8o-zH&JXk%^2vBGQJ0@S$g<yn>CRIYm(fZ7Gt
zNAd0ZvGJ-uPySbi-+?-x=Th&7Miq1w4!*@(UuR(2TowKE^zRq{&b;_bru5fG<I5|O
zYDph`T{)y+wx76nqxG}C{&jZWs9Hu0>Uug=Lo`KzZvru>aQ1j!aUF<-q(Mep{FG=C
zG&Z)m+4vrx=%ayw&zCN`3Rx&wjJx<UFfxuhI>&c#Mz-eUg$enom;IUYM52d%-%mgt
zlp~)jKYh!~E&IaK^2?>)M98?!i-!*_Gf?^Vf9JPdXO3V0?M>$p+#UMxQr*j9R_=Hc
zlmZ<5Hs35sV0*w4;?jdw79LedcJP!=*xv7{WMnPhHawm|Q|FnxS5G=VU&CjeXee+4
zrs+`D-~Z`SpN#k3H^~AQT}vIEvSklx)_MmD8gN5~Sdrr!i|5NT!#P{qp706@<u_ME
zL`K4VCbih4Kj~s+R#LKyEF+zUBitIqrr2E@Eno5@M8Aknt!Q11S8dwpbwB+6&+I?P
zPm|GgI&LsybQxGJZ|<q8(~aw2h0J6-`bOa+UMU*f84BMl%Am(~Qh3#GM}xCS7sUy4
zW-?hdG$_&Epr^lX^uZ;66_^t6P{#Oh-0BG4oOSe}-xU|kh)C@6X6mt$r^X%F@04%f
z<jsh)k%ZK+ZumCrZpdZt>|EKH40~`@Wz|lUJ6^S;V*@LmCFgX6+)kV*jFKbK;>%3<
z?%nHOtecv8Gf~B(Ycw9DZ@5z5rJS~Butg-65Q29!`V$Nl%uX<K0IDQF7rx2V<vdu*
z(oh%_>;;bkt(ww>SDtwX_<IXP-?10zPky5OzQo$|MMm4l@bEb3P()N+-FcWL#t!18
z!5uGKz{x@rXko$e?%g}5*{0L5)GBMwI3PqMroiC4?~YAM?>n0UJ)kg!g%>bmc2$n(
zH3A=>Cyhjn6GK7r$}@~KH@BJze6tXpezd-Cf8TZLW=0PPV&0xJBy=GZ%$lPE&PuXL
zzgSPgcVWsW{@o>4GuhFAsNdgiv|(~`=0$-c@swsYMq0*qdHwj|(||{_!H(xoK(U3K
zUv|&sEHi5OqEV|8=es$zu@zi}F$gZ@4diy<yC9v@CNOu=mC1ep!NV_E?JYAseg2X+
z$-2w?KJwsH%w{p$pIy%8UHzm7pOys#KXr-{jfsltzSJkk$7kT-;dsb%@0)86sea_@
zpP|p`{C3!yTOLKDRALs2va`Q6d(m=qh_RFR_J$qJk0u?<VV1DF8t&C44ff?2bPT^8
z_tn<KOJWzTUpda^%G7Y@e`Zzv=%&9cA}UtJ@YgSBPR^Z;j`rdm(}vvY^ERSr7jwVi
zf97Nd<`fmJVqm@|P&Hm!HtA~+Snief)2<4AJmry`-4E&Xv-D`<XH0Vogj}J5Mggg$
zjjQk|BL+Y8@niZEo}iwfR|A2Fu_5QHPY&h)JDP|JBeS)<Mq$2xq<a-nn~VFD2m=`z
z1(o=?K7alRFP)Wn@mBb&yG}n?|5{J-*oxe!w{1HIkJ2~$A2}{wbe(zW^$vC+vBPn^
z?eTe9v}5D@(&N2NH)Jlxy%bGJ7;Y*nHHgHUYPxa@(kjr4Gn`@7vF471uKC?vC0SSQ
z1=jzAyrJ~JaI-JHV6JTT@->qio$cM_L;f^Ia(`ART`_Dw`z2u8&S^&A*~yb9FVWEW
z*4_3dZYubg|M;AFG4;}^m<Kei@Q4x;=dnoVsza7twIR<1FJ3HL#9*vh3veAfFD3F;
zh<`rs7Z332`x;_pVkBS(S$39ekaQc*Pfs_c)j#Xc;e{?ZQO;WP2)G>_UH8u(k>Vg(
z7C5gbPu}w0k?)pP^yJiDU1joNhu?NO_7Xh#?>FTP1?;%09m`(5s)sf`>pP=)mLE8z
z^?*82sn{KFCYV)UNl^22+7R{6B2K_Q#|J%seexthGStE0<F$!u$ru;OGyo1QBvp8M
z(vAdNAu0SBnJrHk7aOnhg8!X*wzF>(^!oM5N<)D-P7aO|z-GbIBu!cG756ffpGx1E
z-{*i>!Cb}ByX$=sHj)hf$A<|s5o-0lpFR6F!NYwM<=bFZGFl3mcJ=GpBm8HR(e|^q
z`GcS}uG3!#EQ345E&Yj_kb*Ak#zfnwWAMMWwJsA)jM;57JwBQTA>)Cjr>D&TRL5Tw
zVuBe1fEOW^hEG7ibCQ*y|IeVuyKI$}yL@6*-g81078d*aq>(`Re;?=^1P`o#YYguG
z$HIppG%Q0?igrMV;NpUb#jsudFj6|6{rBIe;JvyW{|tIYGwb(E$rat2ZTAqy9(kk#
zB?XrsV06>#dWX1%jjhZ7vGOKLl_$&uby-Mws@C_-*4Fm4Z0y3pKYk~s2t50vuTT5f
z**-Xbb-@W+!<Lw7VQRYW=?pV=Qjj`Q+CMwWHp64$i%}1ltQ@kDYwR1cJw8PLjP6o|
zF+4Qar0vpG*Yc~VcPyjjlZB1)#1AZ^0I~%>b>(3EGxkAoP#>r09gW+!du(CG40Lq)
z-@m_7>vN-Hp7%_Tk2fg^0OASnQ9R+DI4CGkFRW-Y6g$52u~D_ZY6j{aAcQNGn@uJT
zv|Q1JiTNkU@aaMhS~hpCKrp)-lLmpI!NL5Pik7+OK(H=b$^(M+Tfmg_+_$Y#Sg!&I
z$c6jEV*r*1)n7Rl0Sfy~&RQ&dj9lIW{Hn`DwQ{R+>((}*>^DbzhhE7(>(vi8LJz&l
zu*XrPFs6P-W8JsGla^gHCL|;{VWKWKI3&cZcbiDm9WCb-GI_z_U0=?96pt$c>raSl
z?f%`uH}?BYaQyiZ$Mm%GaD&;e&mqe>Z`2R(&d5kUt8!hjV&&lbwp#2rQaol*b?9*&
zfcL;nKE(`wR+!D(1*9S}+f4)e%QQuJ*vXRzw$0IT33|O=i~B+QeB;hF%sn#pGg3!T
zAs2isl~b{h0)5fKxqeqOxh^YSqYu5av)X12-Y+~n0NmiRg|Fzes;D*9HFX|p(=>6C
z-~diq;s|H)8#ZM3mPlu2Tr1CXd1H2fhb4syo~8&0K?%6AM|3^GPU0Ur=AQqUIO|gk
z@G8LT*OU7|q5(7hoNa6BoUuf6;Wu<(|LTXwV)kK11v1AWuDGNISdI+?iohb-;R<h%
z2hhhN4hPbztuVxnxRs)h;`wzTJt-T%iqk!aknv&8&F2>xc?$em$u<MRZ6Avz?wev1
zL^z1*a|*TG@J%U)9i=CLlF`WV{uv-`iLSTz9R7SafCTJ}tv#;feyu~*c(oU(KIyQ^
zcz^#aEcF9mE_ZYtG(4$1-ThxBl$Onn?py=VZJqPDqwHP}{eQ5rPRcID8pzTXRz*Ai
z<S$LsP;JPuKw1wr*HQrNCgC=tVNjwBM8?(j&yBLNs({~P0Q_F>R#I=_wgH;(W5NBN
z+v=5n@9SUD2yzK5gPRp=16wp?p7uXbx6@34KCLJJ^m)&O3`C#c+*80sbP62w++p7W
zfacVCfQ%<=XOcFSJyWPvc_wa^Pt9WSADn!GIRio71#3UeC+#S<4&~MQ@4f@UcKR0o
zmE}LFz*IAkgXo#w0umB!$Q{+rL#!BsGo|BSdlolNgFEY*n`dfm4)hG=J&QZo-X*6>
z9m@T?el2$(?|rZQoz7J^J!6UCHj08&)IFGRlQ%vFC=YbM*-bx%I*c7IZxAK0k<foX
z_%3pEBS1*G>ZfOLqrN!r*T|}hrZ9WE0!e5i*N{=&F;(?FdZcu+P$5XvhvbN`arzY+
z+cMW*CEVD_cN{CfV~-M(_q^iV<8!Nb`gaUlChh^*4RC}kHi{;`sldKJ$2Ymqh;sZ<
zi0|R~Kt_}bBssuA4&T}?GePPAyIxL{CMne(e5_Qkhka)XEr8ezJxX=LMn8KF>%N!<
z&MmB!b+Ihf<lofyJ37x=1>C$RLZ}ga4XlbRra1H=tGgV6Kh}x0(?|L2UqFss1t3r8
z&|mvLH-FV+=N_5Mdk(#CzOS7>5bJC;j%U@=*0ZS<Vpe!`_d^z@CLaMjFg;+_VQF0$
z0Gy+O*8e0jod4wQZ$!vvJK)nyTj4k(Y*~rRxFa9nCND_|Cn0`)`<FF%p!xQU)F^=O
ziw>C(U<A!jJ%I)0fWIb4Ij~<`VE6WVcRV*uERa?yo?)G%OUk})lq=hLE%TPwvvdGZ
ziJm{xWrI)TlyQDnxxCmJDs8fxK3%ynT|D3IQ#x`?LjKD8e@UEFZ5>bRFbE{1KK~D-
zWL3fC;}QS)SDO8Q`OW`jf&YQW|7ykm7l~=q+Ul{Tp6K7Bk*|t<A;+a2C+RYt54{nL
zn~P906DP@=g|zys4#H;z2fc)wmgXX+`0w3+5UUUzJ8zY<gUOlQA(`NU>c8?y)TElU
zwXHO7_a$;}%)}R^Sag@5r9(qQQ>70co!#4aoPEt2@*BUrDNtqHwC7z9fI?gNxP;9D
z7mZ?=zPbM{ozLd*!#HnZNbD*u%pjol&e6`jl5(6DH9!RVf}EUqlvPw5Q85|Db)IDh
zdtP;wRm8x0`B+D1#Eoojt=d=CHvY+NX7XwPL>5CP7eqysGMmjp`-;|P1oh*pod~kj
zZ!4pud-OEUs5T{r>(}q8rtWr{1OjW~S2*kp$3$&o=eLEM2FrI8eAth{x3*}SMm;qN
zyJ#)wC^63F8$!fb0e6bGPr1yS6n*<v*gRX&(qi1s8PC}<I$AIT_Jr3a-#dF|kKd(h
z*V6)NyLHGkH+Z?1Bi{l-(dGw1!R^<~^p?f&HK`?oA~HHHA2O_287G}d^IiKA?92G`
zI6Zi|S(LTkdDfOkkB4)VKMoFw`EV*Br@Sass!g1#U8JAuCOtE&GllE~Gn6-_IohP}
zCZ=AkdCUr1rbaPjvx>)7Cct4rIg1JlpFt7(nM<LFetNDzJ!>rNgoH=)Syo&f*-o>5
zeLfE5H}f?ip2W*Td<lahF(X(syss$kYhG6py}R?B;NTD&(L`}ADwSFye^^(*?%mbc
zlX`YF+}_-?>zEGm@9g(FcN0kYMbo;OrIvyb<R1kDMdAXO$8qnQm-p}f+tKVnwurvb
z{ujD&gl4hWXL0YNZt|o}n=hq*{CFRN`ThHw=(70NwP5ZU120W85s&nxo<jp=<r*i8
zp(eAx)oUvhgLh`YK+Y7niiT^oD=i%fd?Gb7sX`=h4NqpEXE0i<Q&d!}UnP}@d;dN$
zz5SiOQ^t@g|J-_XEJ*NyZR57&^to#{Z)Wd%DQ<Z){ki=_^hEOIrwIYBd;Je-ME%lg
zT$pXxwN+*6_1$dkg2mN+RaAeA@JNA>)TZjDu3|kOMS8cAx_k<i;!Tx^ck=F0@Y5<U
za8i4FPD;2c;uu>;8v!)DW*Fuy#NB%H#~acrge!2Luv)*dd7jX=LrWlYbS2=b;~%~t
z`;u0uAcpHVe}z{n<WvxiUv;Lt^GmZs0h&tTaN+uNXy4sTp|jELH5+oal8`Lgn3$LZ
zsP?KaNX~b&+&#Uzx@=SE&$+)k$G}LRS37o7mCHnz@y7Me*;$L*KYplbs*V&(V6i?2
z?H_*!vds=n{DhZprQ3!<`vVv?o||e^*SOA(pU~GYm(2=?qfJ?suQC<-DN!_JWa{)Y
zC&>w!5pL7P=2%rVwbIdJc;Mg=t5IiSr|T$b{iB(KKp7r2>ouwi%&_at<Of(M1<6I%
zjA4Wg@r(tBg@QkBqaJ&JVy?E+cDw}G<{h5k?>ceiwUlds`3R>TZp0pm_k^g+Z~o5e
zAe~8eBOx=66QDWD5$DA9jQ*UEc&#eEun4=`*r$9dnYNJVh)^?cSf39>7Kw}31|VW^
zj)Ep_2H3{t<~vYFa}ZGspPveDaTdiMG;m{k$?VXrDHFH){24$9XA_*)pJ(<z7rGfx
zZe^Vlg;_Qa)}IZA7dCHSz8vX2N{wA@15|e5H$eWx*ZU2qPQM@!l}gqS=5GB*N~C;2
znw_v|B3uN9p6qOI-|{{N>?flC26)x18AKF@DXZJSz_*6ZT|;w&Q%UK_y(9!t->M6}
zP(yL54(4hjvRhQPI@5=UJG$b|&pM*tUv46+Dp4tEoV)_1@8Txm@ma_$&JL6lI=hO*
zJepTv??9-hVHi<dDQ%M77|vAN>^Fa>+&a-15NQ`o3CPp@mHquhhMdi(df(NrZzb`S
zlg<<MJ`JH1+i)F7)leXzA4s?cdZ$+bCG_J|rS?f{hG;1%XUK9FeQP(EYkc_nq?*&L
zR$0cWnA3f0{0#`3k}r*vU~2tWo08jr01DnX7ts_AW2A^CF8H@&9RVH{Juv=;#1GT0
zG_Hvn`tjy`VvTLdjl*3f>rxCsfqI=FyU*$4Fl#V3XF1WJq{1TUJQy}}@ZbY2hldQD
zJ4@9E3@Gw&|BurN6TGTGCfC{3HJaaJLIB7L<8R+6X^AKcc{MXxzd<Nc7(E4L<OAZ&
zn{zw5INiWv%{2dwzHul4JG8Sj$+7lvXjdP7l+|$Yz#*#KKDZHm)$ofGh8;p|xhhxm
zBm1AL4t{QwXSi{LPn`4Xpp4U&**3nS&?QZB4UOf*)WvkDc6RYo$3yow!Wa&MZUR>H
zW%-I8u{?u;iK!f5c&QcZZXu#xT6q%r`JCA9&;ouLUL74Bx`_rq<cOQbP+w#ibc<Hy
zc264k=kFhD1BggqPxQ5VAC}D~=hG@?>aY47soX1iR3Zd2qu1aC3Iw=nd+5Qk8Ng2?
zPn}k)DQF_^vWWXO`v@uIbKIa7yCI?ejh{ZfoR-~Z-Y1isT8m+%l`3IVbETjM7KHTy
zO|}Uhz`#Lreq&L5pnrP-^1=HNXp+rRn600*X)n!X@RtVHIxQeOI}9M7cA0L{1w!ZO
zB7GYl-yMzpv+qc@_-kcm@Cq#g`m2(-|MRfCe9jWvE<?6<g|F4sf+WwGQ)RQY<BRsJ
z{&p5JtXF$7w_!;K1nrcH;9!CJ!*Y}B*ROv)s`zb=Uhc}+28^ai-?UV;inul_Of6{6
zx?FhSBnqGuf_JE+S-h}iBf!%C*j~2I&A{Fh`-bWh>Ogst6tZd&_ceq}<S$jeoT6zL
z&EnNGQ<nWDaP!m2OSG5cIa{Bo@BtB2bUA$(5gE9<!mZjl1GhLb7a?W|(^1oal&*k-
zgM)ft3!^a<N^pkX+)q)A1ns5aAU7?E8nhyJlWi#}!z0z4+SiaOhD#G2C9Dl->TWie
z9fXDo^`TnZR(56z9J=2vug;LO`d?4IX#-C;<Q3b;x~`4qrWuqOK~*7Urey(-Q>8{r
zV`uqvTQcD0IM3jYpV$PLU)G&w<CTTXX)e``2^cT@wL<8+gJz?5l!ho%pYmJy^U1gV
zG_oaGBQ6?4RNYLy-XC$KyLXxi-PXhspAu<^$D_xO5|aOdzP8W!LS_$E>jIS~ePs^g
zMi=eJiR6moD@BA%bW~piV-1-553gu8?pRIZp&zRGLt?wI_Pf~Jw~}S(TosUu+GLJ>
zX7c=2-O-#c8hn|(4J@WT`dWl~$ZKQB!&jk)At`hV2x7U3`0Al6FVQq|yi}DQ#e{+)
z_cP1gWreggk>D!Dz{$Pb9+5ZacSnD{rbc5{3bn;Cx}!>M&$vn~DYIyL(<a6_OG~wl
zDOG?g?)Qnu3DKV-;44;MH@HcJ9#}UUS3d`$8nfb#GquVpZ!>6b-1BiFn_Ts1m3Dn7
zx8S44iT(Moa~WvRRhdrHKdH8K#m}cI9Viq^I&{4#3`90=X!$Za8>|hV_AdJx_v#Dh
z#-!i(6_E_@7mU=MZ8tsvK0d!F6CR6PMU^m|g8$w(e6Y98+sq)+?bavC_30c;bYG7A
z_SxL`s|O!42PX(=QKQW!Z*OjIPKQ01tl79X^q5K1|5Yf}#W7>8L<_oD>A|>CiDyh)
zJ<ZAe6a4%80cn@49C*+=YU3wuQ(+h#I01JniEM*RXUsQ#dE*m^)8$mnkmG@{xUUb^
z<yPb@HBrf3)PPsT$t8+;t7^0HU%I=UF}1d)r87ZZ#U^bv$vyRfgZ_xa5ph8>fn{T+
z(R5NuU?}HZ6#**eTKc=5ZaK4zW2tYLA|p0jqX|}hfmAGTB4LFcs7jGAYfP4Ly?@ht
z8m1M`>F;8F{eBi9#nlo>FmY+o_yFZc+Cz+@^L@Jbz%XNh`h&G_(#rH`wbd%^M3ZHT
z0d+rD@o-PjOmvANi=Zvy?Fd}^97Ncd(yn$ST-zA0dBhK)78-FNielI%AVHcyCLfxt
zq^s1ORRk<bP<4w?u~w-rG>pO_%4zsR(J|3sYoi=Z!^o@v!-J+K{gDA+y$aNo5Ym2w
za5evi+s4>lK`6<$hCSq$mQgni8T!yktrEW-vb~6sEd#~!L08AVAeQ=4z8uL5shSaU
z3jLKixzj>PA-yDtV?rEeg&xw*`Za{^Zz3lU0d<2TlyYHvL;;>Lw%9Y1L=pPqK~ghC
z7^Cj9%R%{wXbLV0g(BXcvIIyYXUVkns|{V-z8|Ld3bMa_n*wWZ2E@^c%6l$+6s_82
z#w2UnnH`2fN&>2GLBK%W8l)}n38icARPcX(SZY{?#!42hIONI{naL>}uIDn01kajD
zHFP)dh?O)4Y+u^a*VEHm?en966YGfOY2N#Jj4VCaoO!E_351HAUmgp_TSIMF9~1@Q
z<oXF8{NSc7)*O9RrrPZ=G|%3Kd6`VwTbm=}?k^Q~*}uqaa6{_Eb4N)uM=L8UPh>Qy
zkZD=(pK_<06BMULGhSb=HcJ$X*GMH%tlO4r4!@s-Jgr9}k?erybsAk*Uu85;?6HgI
zggG&l9N4EDYzB;)D-0wn1>r(_4r?g-Jh4SRel9@y&vwS|1FH}&#L{wH>0`3ZAPl6P
zpvn#8FSd3Y=-UNK6F&j}m*iP95=xAA6q;+h8xSzj#6P__;cC|4&?YAgsgvXtc_>V6
z*b$SF#ErPfC0IPa71?^H<XzC#5nc4_$!Km6BgO*=iFHz~2213u8!WM!qP!I@jRw%k
zZ0h-|&-hkbO~nKK>qb*Gxii+P)tgOlp`5A_S7?WV+z>WzSt27Ms(}E0<S;yAXYMmk
zHP&T@ku1-W$PhVSHPqF5Qm1;CJQBN7&gfGFocVM}6?c>{VqZexu5K6=Vd`iCXF(+W
zI86p`!QwepFC#5%c31$ndi{p6uT+Frui}uuGtAJ;H&Djz=K#QsQ@5}j=wb%xnTykc
zm6IFHvh&vjsRWk&y@W=FyYI7d)lp{Iv`Pn!BbeQlq~bosK;1bN-Cw=+`T2!lrwE}s
z|LXVYQd$i}o7%=1L=a<!_m0vqR3qd?2?#2c+J&li8!_N$+K%8h^NKu>^Lu^d1)g3}
zLM^6C;>(7)n-b5_t`$t;LZ9J6_l)XbzJM>a=nht~6ntcs={D1tV%*m1^gYFXr5-Fa
zdKOczXE!qAggk$v%1AdWNDmUlCK%tbuw`75RN;iKv{^@GWfm_NG;MAL8b;n|3;MmL
zt_?oI3$6#<qBwiCf~#t)!w+*+uA+bIKpfGjgvAljz=b+eUsqqJ6RcK#woE;u-bZyn
znK9}URCf#6bW}Jnd!ZW@I1}PkEbEIiS(R`@9=PRsuia9e2)m_HlRK#c;1+1T_vRmb
zj0Tw(1NBb@d^<u27x3T}lC&$MA3{zq_WF=shL0~7_KP8r{xREpAR&gJFJuJKW`!z(
zFetNIRUM`MpZ)@n2WT%S$c3^sc_<FB0GBS)3>0uQ-By+LU-|Sj7Ex(DYHw?g&6mr+
zC)cn*oLp(YaFku`llD3Rn15JauhEAv9E5%Y94(OgMS+zLaiBnI88I63AS?_ax#8H_
z+I9~>0e}-N1n3Nlf`B8azgZY(N1QUkbsReAQl>s*qB9@(0M*B#6snd~45OfV4k|Nn
zKzf%z80e8QEvv1)iI6T^Kuk4RLxB1dTHxNZBi++hBv)1#XM6R$e*KzR!m6-o&oeYb
ziQfJqzD)dgsaO;yV4KltjX#gy_^FD@S|VfS^Jnhgy1A?Jr@{)#5%^wDlxW9S+pvSO
z^BiF_7xoEj<7V3O!LeWCJ}q?c_@FD1py9%{mJhKGyXjD$ft77eRjFBj*bTvh>BaQy
z><1ZsJ4<G&ft&9@d~8)UvoPxtm8Re8chxo$1OP^3ZIZ$D@?!Vx4>ROnx)3y*Tf-_d
z4V&pTjm=p&Jkx)P3j?cQjL`$U{?|D7d9glZDK3nJ_D2wT6(km$CT(Db4A)po!R0rh
zQu%%N&5_g*mMEpK3+(cREN*q6Ri>0SEOAQ4=rjoux_ji9U(xHT0q$O!hxj}iDl8!I
zLdT<`V*44fyhv@b(#&f~sDBX>ov0T_%jX7vL)UVSMQYY%HnBV^N<eimA;>Mh^+nwF
zSZzR+D`NXLB;)dC6ZPB?bP6stP;l=nt6%=X(-jr6Za26Sr4fSoB}XMq9s;%L41-d0
z9#x-WsA#wg#>Z|p?%>nos|tJVRmNLLrRY)md6U(|BJIvm6sYAr%?MA`GT+_1>LxYL
zx>gM}abM?_ua1y8dc@1|_=<bCZ_mJLyv}1sxzx=vu>mg}4Skjvw~I>|?)6<n{0&sq
zCM(oOwR{n}L2F*I#Q-4>W5&&qU4^BhK&H-KGOp8nS{z}&jq|JtiUb>odoH#1+-`N4
zQn?C8?GV?LKSjo_%BW9?`sq$fOJ`Krz{(uSan2d?z~te>*P^18rkjP@8&f)A6j9^^
zKU-Vt6EL;YLLzkPtk6TbhH0S>x!#dX@f}~uhdz;k-s)xUrGNrZ-SDR%#O=K-5l(5t
ztT2ji-RP_*1|3Kygh4J!EiEpxz@Dh6Bwe%|DWEhz3PEIhb49MKw5x$Uq9Vg3f%4l<
z7F_WjvGFJxX)6X=<SBL4JwCS*PqYx;2FiiQB~Q)Kui=oJv2dK)Xj4cYKL*HX9eV1c
z^OnthJ>HBMqyRk$YlEs%%(ow_cD8qpSagAyQ5%z7H)ElVlxufiCfE2hsQ=Q4i&<F4
zmIrZ2Y<hEuIDa!)@`1>?^3x=^Of`;kP2Ecrr(}i9=}!kPU%xBw=qK$xS6kwJ&>HVe
zJgr^t+>r4(v8>J_@!Ybk9QDT!v&}lMN}cUaeX!|K3GwsiJa9R(#lMf9ejbegFMFa=
ziD)T6VG2wQ?wgX9Jr@_2m{HSwwKaTh2(iZjDsVT~nbH()Q_nA5*u(mba~N6<pkRc~
z(#rA)m?D^!gg4-VO1nAK(}T3_;*9`fj>25T2#c~KB|_e-1MMnF6r46<VJ9G(T}ERm
z7g4<M)mP1%)PlkT{8!-CxTD%EhQxYg62E?8SkoutjT&a@Y2`M=`)gb}{Kf41#C&Zo
zfCqA>%)8HO@$-akId;rDbf|6&i^!<P=^5%3nrtS|Uvo|PT96f{e4aM(tw@7@+?(<E
zl)Q@|tq~rvWd~HbH$Y*6axL^GNyVPTjreF(m0h3DMJctxkqtRQ+a!k?U!BoT;}<R|
z=g{rxJDBu?5HmmMP5Iv%*2~e>{0jN`zTPrCva&CF(j?+J+1fjb3~tijqvhpNty&J=
z7;G0y>q$LaRM{dF?Vo}GDf-jz>-}F^>X%=m7}&Ck+eb1Ir(m&?a)N1-5)ygM8{qVw
zG~{yxnHJ>Vb)81;@C8OG?ua04!>Vuot@J6r<jY+l9pEEnRKXhdtWqsSUKqLewkx?w
z(Lgg~QzUn!u`yV)(X-O(T78i<u_?lFNMC9?6iL^8h34XjSnRAt88I7Bcfs_ed@~>m
zSVP-?Y&OZiCr}>0nYQ&+y&oS9$|~`e2YM+kMMmuGYzvoQJM4KIZ6mZ~eLneaXi4>k
zM?~DKI_m{Qs7(YG=oiV%BGu<$bQwm=8*+>blEmL-I62-UYI$g`DT(IIZ+v18&h|e0
zcTSEK;`fX3S2=pu&LtkPq1Z}QDZWa5`y)YqsAT!<Go7bh!(H<)>%;xw&$Ar?o_Nh`
zqN5GJKJL|(E{4f9YQqc<Yi$u+YNzS>;%jWv))#k9-H>)+V_ovjwS@@rwqg2!8uMl{
zlhJsm0`sY;s3`ZY#?8SI-t^th5}Y1cHf_2bhye-Yi8WYWiAP(j@@P}-rJt>>%&``M
zFiM&+k*(e1;y~u+PKb9+>EF-4czvtZ#3sRbb$vfPh9dCg9`e53_x9PQ1M6&^qqG!Y
z1^9{hKCKc@dB2d+;;!2t4i4<~Q<i~lDBaze!S9~rpK*!IIk|Tiy}TI{a&mGmfy|Nt
zs;*OsnNn>i&_=LN4=wi4nphG9>h~yC^5Z{EO22+4E)U0F*ddmnZ=zgf6KtmT3=Q?Z
zA~OO{fwWk$p1^`CBElo$I2ReOJIv7{pT%iy=#%6QEW*m%>pl;TPrz6>RTT}ub(4B>
z3;oE=pwi}4u!)7fagD(AyF~<3Ri}defmEJMu61N{2<(>}=4qEf*}UnE7G_DCPn<<#
z2BmH{4mg371+Ne3&AW}-&ZsFc-}(S9yjB=a9~kLmFE!&C8<;hyyAhLL(_;MAX$0j4
z{`rm`EZ$24r>Og?2Kg3X2MWyfDs&$U0UgrkuGBq98$GzaJrK4k%p78#0_eDc5&>{p
z*f6qniYt<Q8$q#he9-F($97k#I8Mfx#eHqgv5L;}MvPDp&niT?G?%PR6gjqW_8j^T
z9(06h06j40Xpyzu209!7vkW*EVMXFc&eg4p);?r~SiODrbs$Bhhc>EWgxJd*p-p+S
zkb}i7Qi)qrf$MaGL-&AQz$7NAR8VZDi7E^J?XWSX&+IS-G<K7&-Yn7thf2+K4J^}o
zT`X4I{(0RR>!Dh|^j=Qf%hwSD8?zfq!*%xq4wFDgXQHW(zyPHUlKmpHkK9D9Vx7Iz
zJNO0k4E4NeZ&h*+vrOZTE9LC$L1A;w{3R6CW`xyDYJYQ($C)eaLVI`j2zV$nNw3m#
zNlaTqq(->-KdR3x>;J&9zo^!58%h1rEz@;i{^hPp%)R^fp98`|qL>ydqhWBFkylBa
zC9vwOzgXBD<(sfIEIy+yQU<cU6)b;YWubD(n%vgP4?eIOBU~Rdfb@jKYwNB}askkr
z2P4D5F)JG#0GN3sCHDQ9jjIg+eQh*XhaGXzTaMvsFt1j3Fv|@%>I17H5k7P7@1qri
z<qjt~d{%2Cfqq;ejuL&pDbF(Yu)yL2pHa;=zJxG<(#lgpi4drO*H=hMiMSwqaf%(w
z;-fA|^U_YH?1}LvfyqeCL3b;~TT6B1y=GeCuN@|rvFg@ou0Q-m>L;KE&mt!TG?k4y
zU0I$@1F=n?GLD-G^n0(hIc^p=45SD~-FDWX$Pyvp>52uwrHiri@FZ@Y3YsY50nasR
zm!vD@>7ExP2fgd^3L>)i11FPc4oV~OVX&CH76k`AjeWDwh4pJ96<kKS0L#5GR-q2`
zI(0aUmW0jDkSqtFmB~G78XBKC%O*eNr(}f{eR*^KS)7o3Sh4|o2$Gy08X>Y&>goFF
zTyZ1=Yeu>l#R|e@Lk4g<T&pSnsrB_64A?{0+Q+nt2aW2r_~i7dH)@lOXlbp@{wAP1
zHzK0T88A&TMQXFHauXUn$^y`rUdth1`KvS+Jpx>Y1M+xR-EIi+(L2a3A(*mO`@h85
z2KCr^!Qh*j@LzI(L4>5ZV?^AVHmcFl<E6F95x8BX!<0UdZCdXxFE|06Z*3kd1q>HC
zS95e)qEJjsMnb?8NMWk_JLSa!EOv-WoAh2!lRKWh5eE=~rlI3NW0N42qbGz`QD-UL
z8aVGwW>@d6j#3#}|KFcHf+u+MOsqzUet-HI`gfx0+~4BIoM0>4+A|}JSz5x|+Am)^
z-VGS*f0%g>)|(!7uA#+zQ3)05w|fq+#ZQ0Z`t^}L(%U_Q`a=u2!!C~-b}}H#VM)bp
zwFtF23XthO_9;RWT-74%ApNSYP4<CJ3)RZ{%)m`9jK^UU;;3@AmYi^}XhCj!*h?Qe
zb1&e~Pw=R(4&QWICNUG+Xd7bH5Z5<ccL;BY_@|7e<;)K%lVFzu-_XNg@3yo=ZNzh}
zY8U9!4b?b<><l`hgA5||mt*g(dI9!9SksTob8r9RH$xt)<)+k{T`wkOOxsoQit#tJ
z`Ha>ybyi13ddQS(_1(7CUd3%(Mjnp)%P*`~ajF6gKe!RO-9&mS=bOhe>E)+Xe<Cd_
zE6XZoraJ&A(z(pmHQ2eG`Slji6dT+mw1U2T2-q^I%%ESHCWJ0%n8UcmVXaH%^eU5@
zEc4aKs8X}R#&3n~7n;f}vJ5t5uu@5ixW>3IXe*tUFJF122d#V(V)J_lTT;O6=vG?}
zElnh>TjlA>n#aj<!$&t2m=-g^a8TpBotTV<#KEEkE$R)yN72h=HzF&zK5-(*mgv>}
z_ci_<FKlgWcu6Z^{U}rEM^e-HS6wnknGoI|z2>ucP9fIg>T;5O2S=B<e}78cSAaZM
zoxz(OA+QtTLKOo#5s`u}QK>dBs<Mk&dcNGgy*5?xI0HoI?4T0E3be6z;07>44K<xF
zAyVVm>!MZ0f{E!yBa0BTQh<5#4JZeq3xyJQ@YqLjd!pTQf_dDjsBvkjCzUC7J0<~{
z;rrMSsDK@P1qLW500|v0amuc7x2HMF``1d+pgw*VH*rACBb?dOZ}Kd#c(5vI3N$II
z#cgHO;I@b*)4Ntj>wHDuqQq~&65GRFB_th|tOz8r=%#~W{x+7_NSD^mjt-vy>bCIG
z8o&!cI5U*23Xev}x{bZuXPq{)-d-vbLPG3qZF%u4n_u0K<j;yJ5(RBax|+k)O`Ypg
zX3PTJU42lzR*gk3`6<X$QHwiexX3z=b9E|LN_5g$l3H76!_}dbbddMZo}l~k!K-VN
zZ6#nxZ`<aLLz7*<=%q6;D&O(aN5s2%;J)Uxx45C5Xo|S~Qp4IX0_vGz@VzAb<F^}Y
z>2akAT5JgkV<Q(9*jSK~&aING4jlOBXKAKdK6HgOp;XH!^<$Y7rpAQo`7$z`pchM8
zb9TdB5+`JgI@l)oZ_oHlW=}NHqEgpTv2%_3ahzqwi_C>PHx5HreH5tvs)YkUuO~?3
zW(m+6a7R^bHTmmE*?g22M<``qwg)!EOM}B%3_jWY`H%J2ntAL?V?07bn?_2@<i8~+
z4EJ8h(M-K>;5S8nR=0fi-0-Y#gU{!b6qmQX^<RAlb6Sx>wK;2Y{wv=iTv{uQOM#y)
z0zt>p65U{EDr%QN=jz@5<tR7`F9nwgPWnEJJ0eiLv=t47C2*5)3*QfBK(qtu&;Ssu
zl<P$9!+fxVO{xJ6Y2sf|nJLAzGnsbcn_NdFd10g^BCf<Vfb8c&m>4uuN_P_%()KsJ
zjKNP3Sh!S~m{Qh08CG7hsUGs3I#Q7nthi^PO@m^h3@mJ1s`Z}p(mg;D>_m{T%FXpQ
zI8<!Iuc5(R>D#k)m%Y&pkWQ47zJ}gcV|Wz$Y_3|>H2`&VEmDA@F~G%YtG);-V7t1e
zu8A$t(D|(SPWjytbb5sh%R?k>v3B%<0t4UATUjsQaL}(m&sZ-<5P&de-IJ;Sdeghc
zqslDdnLMB2Ye}U<Zuyy>EslI;EyE5}BMDf)`g*?&0o6-auJn%{W_%Gl7gM@>v*p8;
zK}{*sJlAR2u2ED$^R^SqddcPGvQSQ-jS_^FZJ7R&7iJK~)pg_ck5o^b3v*!acfPcw
z%}|bdKXo4&bGW7MS^K~dmLdC<&%Az2C7Ls$`^<NL?X@Q~L~ZYGPC{{^lsql3jVZJG
zx8FK!Uie4$pCkW6JH;p#5JcGzm4b+DZ2GX>lY5%CZfQP<xK8)u>K(~%FBvN=AJY+v
zK?q;viZ_TaE3htD?pV+$cz->D=84{uGY`+K-WpUrJb3W_%9*%}ycj~jNT;!V*0@Vt
zidbZe+ioanA2c6cU}5S)bq(6M!I&BJ^vM(Nm2Uwr+FfTF&ki_b_}sZ;)u-SagHtJ^
zoNX<x^?NZajMP$F|2csD_-07R+aNArdkG~=19{)0CB55T>(+10RkPZ3xV7<9xM`<;
zZ)x%~gCugkI}3S>Zbz<i`8Ix`N|?dK?L+S*cMK|~Y{HB?UptG5BV<c?y{RiE+)G=Y
z`e<PxiNYb=^_2|XKn+;aqp;%6H?h#soUx5OW+~U}J*h%S#@h8rRD9&RMkP9l&A<t+
z(UV%z1OdLc^?eq_0Gho?oDK1^dGgf8*0vStRx2vB9z<|DESrA05$Lh~s^pr*1Hhw1
z@{?!lUm*T&Zr-DGSyq4{Y<KR=N9i7<T+kIVZj^o>EFw^JK&#yJs{yk+`P9Gw*51=&
zfmyEQE9!-EBKuO(_TZ$8C^n`yYIO*LC@$o;BWuvk939=j^7>HDL{@`q<3ZbGxGW|#
z<!0m!!H5YMSY>&mCZawpbS_|EzE#9`>TN>X8wT4X(?y));o}3k%Qplx5+>o3;;xOm
zgV!eYp$3AA{^WQ5>vOLM92?5wnxla)#(d7mU<(Lf@cYakje8oS#^*N!v@8x+nuRNA
z8pDJMq7CQQ8$cBKwMglM+Pk1jQcFuqTvS*7W)6M<VN<AUt8<zjduE{Bz9z{43;P&j
zQXL6%8vZ!#JI?EIkV)n+!gwTwj0uVb^>QR`83T6vD-3m#yv|@0HiNx)Pv9fab5QnE
z64yx7SvUy5$cWt)i&32K|7ksxuc^(7>knv1obVmDY#4)2vX`vODTVDb5}Zbh8B!Sj
zdLO)lx6i$w6iOe0sd34jG;aX(AksJOX;zh1jI2+mA6IA2Y@r+6Xsv;lG8@Ff6GN-$
zKAX5n`{YUWtaH3HIVy~6(^{g?Lg`LY`HZ1yE&luI`ZCYPt-Z9ygQbRWOm2)c=Ll~l
z^Dj{pyN{t&+WJ&uqkrzRv|`UmHewrx7sQoT!eh`4|5L2>ycozf+5)WHR69|liM{70
zQ&%TqHzgdtWgF5L?UcelYu;2jTNjQAk1uGO+E<6KghJaPek@W>H|1_zEEMvZW?)o~
zZ;S5ongDi)qO6&`XEGQP?VIMx+NZGpz<a&Fe2ip99OKFa+I}1+zUs_Ry`fd8=$zI*
zuRwV+@8948*J4F(Z+_rMvyliNlZnenH?R%*qq?x7U!E)-ohEY`eMqmYjHFY;556pr
zW1c87PTp*Ry>(8Z9(7LH03_fviy(f)#BRU__d(`C{2q<Ye(xz1ia+j+cKlihf$;I;
zM~AWOhgNbMba$Jy1Dd|w;g>FNo^Ms3&u)o{B+djXR=oJm%frSpl;30M(jcr9AU08B
zq@;7;*xiSpiiDzaW0hFM><`)L==$V+-Mq2&K~Dr|6bx!~a#2q$EiLB*Hu?i5ZxXwH
zdSa2NA7s=U;#Ay<k{l1uOd$D<|4z6)h8p{xbFC+(K3M<#)`3D4<#s^phiFMB`q^OO
z<GL6f^YXPYb;|abdHC!oYj8Hu5q11`0bn3A)~pZ_@nVogs()WkPo&&A#cyqxYF7m1
zw9`ONE1eD=dQ^=+fbYn!XaB?(>L?{TnPh+b*oP#^;-j}u?_!zXaD++Txnmx*Jw1l+
zW4L{EZc-LuMvXfYlLOVNn3c-M1uJ{Yo6IGmeg~9$QO)fiqY4emj7`IQkT<tl`&Y&>
z*?V)Stob&Rb4iPi+$oA)1{7i$asE{Zq}<7WuFn1m9N`;DtH^#WzCa_AX43U9@@AF2
zbHCFnvO#LbzeRdGy$LM8DZ0JX7druSQhxGNnK7L~TWR}+_p}$J&;l8n?r)5j8j1{b
z{~hn~J=84MHAD8ZJ|a-w`_KhH$nVw$YH13W^>IQSOz%c%Wz@t(wSP?NNo#9`%>Gri
zOrh&Zl?(?i@e9calW1!dwk}_?DiNGS$=GMIVqwlro%l|So9JGJeGVCT_Q3=gWehH3
zh*c85ZyrkM+1n)R3}io~uGFhQRt#;<epdmu>xQ7wi-=jfR^w_L)g20ox8es0+xj*f
znKu=xX#tKe(25nDa09f#j5sBcuaUuCHtNPC=ZZ8-M=!@E%Z3n$66%;#tZNL4o&6@$
zXF3;2L#52%g-!oO7~Hyh%wxdr4FQvVniy`U33=~uIro0~MwnO51~5VEo(1=lNlBI`
zPky37rZ<n=C}n48%wf7-e;sfq4pR<`_xXYI4zqyIc(^$?TBbQv{TO7`+AxOAFR_$I
zO-)TD6Uga?jSf1)B_JtgN$0=NC0r`mP0X_L=KhPwlJ%g@Y9^6@&T5D89HV(t%j?{m
zCS?xak+=vfw2t#m(x&^?*kiv|uv;U&bz4lV9ab_L;XBJK>%0CJAV?4n24)?@)F#yY
zZ9cSL*306CWK>}deO~P_BTx(~VLu8qjoX_lBF=m83ir93G0(^z>si+z&ZZsaiXEVm
z<+a=w%Oqyc^G*eIV>~l3h0#3luCH)qGU&<AZDGXctzb*#Q!yp@9zUg@wxH>oRH%7q
z?l+^VMC4*qcP~&xyd-5FybAL;e5_qs8LDqw?cgzQG6Sr@y>s@SMTWZYX8eV2%`8Q+
z`gM<&-I?1ebp#7$Oq=#IK3wI{?vW{j)>zfRn~nQ;e1XMJ*DzPhVOx~efa~@mzi8vZ
z>|tahMZ$tmHRRhxPZhK8(P9NHfPv)m)uEuWTcP6CPp>>zV!L%8=cyQ)wb9t!G?!~i
zQS9`Ok?eFxjpXE7)oG8etExX>A3s)LP^dPS$?{6vMS5<o3AYAK)R=Et3=j_+jfVW!
zQWztrA4%!^O)K1!9D7N1I9$FI!3KA>aNeuDe+iRuNPZcO;$IuOZP7aS!8i8fM?1~5
zCs{KEoa|)OX9cyXJMwqtBfzc^Cr8bgB`Tes5S-At_OYjr-tlV-3rjyEp#oINgAyo$
zp@4!N`)C-by;ugyQhR&j?wuO~rZ;`ohP4tvdhB8G>gBb!UDv~m?j##crQf}ycxdG?
zu_3CH<c<*qZy5(+Gl<q%N=Q9~K~JhjXE=(Jy<s7zDwntqNenRW(#VqG->k*HUI}SK
z<`~1ADzsYOdo+8fl<PsWzujUFUI|YOWjt)!$gJHSIXJRt0EBo?TSHdrQ9|J;h=9>G
zYn1lKs~eIgm^y%T{XGh?c>Y&Gx{u`!aD3_B%>$oPD!h4KmzI`V`4s^|#A0UQ)AT@s
zU=&VOBCJPxJj@ciw#X4i3P|KvyvlaqB7ZoD^%(nd9>6+Js`5243-mF(HJgyfNTXbL
zYojGl+#hktMD)P7hi?EsH&%e%3@2Yu2FeOQ?XzgjRw*i3!Aah3O9ZJyw>;Tg6ooYs
zA`pJ$FX-shE2}VMom^1y`Jzf?pNpGKVeY}tZO}i^G60eb$Lw!2mWoap7HFZ}Ao7jv
z*S<AuHa>P9a2@i*2EDn%e|Ba+>wF}Ql%&&G_Ea0cR_McrR*B6YKej~Hoov!Liu$P%
zPI@cBYJ<eegK$iDcejI{4K}Z<ocVdNq7&K}oEQsqj43cn8fI1>BK?%q{-c_jy7^j>
zbiC^c_wjIEk=<o{_?C`}0P=$;X`B(oXmM5Dxre1fyb*8<G9tg0<Z@^8MpazR&7VB6
zD#7LmA$RkWsbrk$GEfYiPg%B5<()G01}`SE^WXcZ$Y{zAp9yg5CVRbWW<ZfchgYN*
zqb|=Uj?M}ZlDVQ;=<wek$D)XLRk$+vqnh^u_u%-g61OC$C|uZ0HWgMcC(8XmjfKT!
zE`_A{H2T?CW6~Z3@Z}!?;1sA}9){Vtch6K24*2dyO5@(|_`clHih?$6Ysi7Z<;aw<
z0E%WCMP4yRdTC+Lzn!td<{g^p@}<l3L>aI7V(bAM$kcC}FVGM%^`cy{Uc(W@FBnZh
z2Y>d_GzZ^Rp<dTkB5tX<0Pgt)e9FVk$*a4^WYOBKk!sEwG;bv0OWFGwRJB6k)*uOL
zN$;ooZ{{T;ohjRU7x8^zgcx4k0<Io09x0yCn+n`93iwk0)kUdmv4Tc%8H0_0N7$R)
z0lZ182hVPdr9~J$P_r>wogJwQ2oUihMIDJU|1m86MX|f}lb=9~z;&5AneeTaSb5k4
ziAWPDP@&!&;RS@+J(sQF+O_&Hl*H()ai_gO)3!-Qhi*YD9V(sKt!dj_K*)|Ks#QJd
zX9Gv@wWIxv;`QWk15PRQZrvt1>$+TT15S9>Ab8;tu{yg{lv#YTdW-n1{1JS{+b8|^
zawr~%$kBo|)44w-(IxtkI(HRgxT9IPGB{+NpLol;?@J{>8|HJQw|D68TCLVJmr2e@
zR#wHkH8Zd&-LV>U)3xf-3gYernR=S1lb5CNUS8Wdt0a@_as?fjrtk?E#8q2-4{wi|
zx(qce(t@^JjR-nFlW<SUxrvh2cLdvVkz{dEF^HWhqo6UX%Hj6T-pY`09O(!IPWg>$
zR$ztX+8S_StcVzeva$W^5+U<MoxA+t)hYH6*<Qq6@mG}8q)o2>GNB;X98n+cr4Xwq
zGei9q{}YoHR!up#vKd7D=mzo_U<p2C^Z5Om41~>erKP8nJ#cOLUEBc#rOI<~SLeW{
z9WszR8m?M$dl$JiFO8|Dk0Ui6{y@#ocac?$5c{3<6_1x)fGrrA#8!_r>TSHI3E-D>
zZg@CY2V@ly)4Q7$ost|#@(XVVWaA;N67#hW?EBEKvd5ryA+x>Hxc((r%hk1d#$nPh
zu4?D;w>uU`-yr%Fp(*LaLcl`VT9ErfTbB(uC?*5-Sjlk0D40n%Un3GYZ2kT#5J1S9
z3SUJ1QDF8QC&4)hSaf8KiwP=@OMSjT1T*5m@X9AmJceK_8T(l&#%Og$U&qJ@ZIxT&
zlH(ZPCSto*eN)c$krO5XGy4@t&Z^zuj@_Bmpt{n|eNfyQxD2@F+%(>%^ZfZ=O3`ef
z^11H$VJJvga=g|hiixP+ogoJu-VhZN&6!?G`-wyLh4T*a9Vh@_clmypbTn~|i!mxT
z7xj~4dkNIRnhKp1A8|vA+I6Qh(DP_&?S~rZ7k^G<*pQs%+}hr@o_EuIL6TC?lQhwT
zJTearT_2*h@2w5Na{>uYC8fm84_Vx&Vu1Bqk9~sY9KM>o%OfRKGgBGD8ZvBIp>-B&
zYG{0fwuw_x(jv1!rr6rmM-vks&y7m1z~p3S-;#8m<Obfd1NkPS)47-%8wO00rgm$?
zs{?`5yb|dH07vT>8s6jx-3k~kG2sa$$aDJ66nR-)#zuILOGvfiQEVxDX&ZyK<UOD6
zZ+o`QKMVCs3`%E<7o83>6F2Hl!ci^6*-Y=vPOz@YyO+f2`k!AbEKuz_xp$?cgpI{5
zq$X+{Gj_=A{(UXsfQh#@-2e{z7DH=@Tx0c720v8LCx99+ok{J62`u$yam)tGRhp7g
z0ptvX%#xphb#?oAjJ6UgR*7m_<I#!#KkU8tThqz+KFqFfbr(ezQB<l@r7zOEN|P?V
z1_Y!NkPd->tE&hINS6{or1us=N2P=G5?YA#5&}{}4dI!%>#qC#;rR<bTo<4~UYT;{
z%sKac&l$Iv*c3C@{?k&<QM4(rqrhYMBBnA)IymSe*wwo6l#~~27V^@09w~$OAu`47
zk(8B^rQpihfm=vcu;1rYDO}L!_^CtpXc4XIZkQgV%F9}^(h?;f?mo}OZa8aJYP(aj
zT*45$c7=|vy|A=7*4Vp@2jbJK866*gmFpDuR*}N>#E{<xe1;bXPeJw*c?Nv$VGHML
zxmZB<1ei>T*>sh*Ur%K~zF*}iocTNDd;dyr^jDK2Qy(9n)X`kaY54Nf*0n#8&gif`
zUYC!=R$)P<dQI`LV$|A0D^Ko-M9To)4b!sU*Tx`qFAhJORH`?+c<6ZJ##D=L)@BB5
zvM{1&%C>bouM)_K_Fo^j3qKd6-8Ja$(}D&h*jxCCGSd^mq44#9FFIR`1GBscAWnI$
zBOe)x*q6B-DZiL%T=PUnkq`3{W<W`~ZFFd?GZCH`S76~T(9{sT-sBr~T|5W?Dka3@
z&c3ct?U#W!5OwPeX!B-|-%BJmgTAWn)_w^yHvil}2mIBUP39{pZjH_|N3EWrJCaI<
zSIh^Wy||zz>gt~6KRY`9e#%P7dvf<SUxl~cy?ggwpW0fRdvzhn!%vPhIha$LpI9Yz
zn9(|q=Fx~ck7>l6pV@h+h7V?x6%(jim^3cC=}$U)_AFTRBNDT5a)X=QKNY%I(tJzk
zzV-iUMYqF%%kZa|!sr4dZZra4y?Pzc{1KL1Bs$BegQoEhmUWIp4v2C0V<<Spp+w&N
zg&em>MAzJ6BPQF$%)DPIh10d=4cg2vZ_#$!XWBmG7Z#RsLwPGI29ie624YbLwHsmK
zm!}k$7nYQJ#LSc|NNWluf4e$=kmO2iRCWA8L!(n^*E?>T+qZSR>1pkE1LelEiT*~D
zliPWh=YNd1G&OF>vw}E<mz6aQzD1BAe7>OOQd#hC<+cx&7%ZS~A6&~#4>V_;HU<kc
z(b8MtYX3i#<T9LomAFqY(cHfpI!}X*d<_x>qgj`~ECGBiNPEhrU;ca#D@|WK{JT!m
zTyjdm6S04Oz4{JjpiM#Aa6*?bxi#)sDJot(B=#Ka?!3!(Jzn1_ZC~gbW@DW@p_b2o
zwfc=vBEM8W^!2%3G5(@8)qfsDam6;=>7W1I#Q#{v&Qaxu3U&{qe<)secar9Zx^+X5
z|8|_>jn5AS^qy9+{ZKnEi|L1BrT_O<|DLb>zXAL|3;Z?$|F^FG@sAW)h&2P*Kf1@V
z2BqBfOBLROP$(^6mGD*$Zl{L##aF;xM%}|-y}Ewbvf_98{+2C$a8l{ZAX>|dOli6-
zG&H#gFPD)#9X3iz%DIVa77@U|=1!~V6q_MmpV^y|E-)&kqoD!miA+UhrBQ(qTOlmf
zXIs8Uq+J?hFd!FhP~PEldQL!xvqed;i;ZV^i&&ym6%{p7gm{Baysc$+rh9}o5<|HO
zMkf7uOAsoojpRde+{0kA+2YpQBaW)e35^1}2tCEtd*{8vsZ3E}uU=sReitQAxL-~X
zbEynsEW^&&ChugZq=mh>a4kL`>K-PC#d2y#T(dlM>xPpV1(3O)SOfT;@3oLkM~9I@
zNJnbzjv8j!qJEPRKLxGp?#R_jVYUoB^wvn0L5{#(>j?>i0OO&d5n7I_-5QVWPppIL
zfbICT-l?}nCULMMy#vLjl0B^*tBh-vkCfsQo6Lh&IgEkCMR@*rQ>9HMJ%}bfaL=F|
z9i@MyMUe78002YyQg64+(ptM|y#+>s1aRAJTJ1(M8X2wIOis0)*KN{DZ;o>(i#pR$
z(T{}7lison=W0jwH!;!)Hg4O2q&RoP-XJ*b`%a`^^?f7K&jH6ArL+!&^C}z$=NwRk
z5+UCiqAn_!aHwLPC@`g>*g9avmO1r@N{$FAc;otSDlF~~GG#o+*2l9H6621>9gp#I
z5s56?arU3zUQO|tmdut5D@aJXK^sI*PmZ@zrwVo~ws2Wp9Fd5ysf{}Ml3LQ(oqo?G
z=JT5@sA)d~k-X+TCtNR}sg58s@<3pmtxGU7>4)}>4BFD$C;>!gqlT0tO}lt?Ik*R~
z3EpR11-*l@RB(CIVl*pjLX)_uYmIj~A*?Ax7dh{W>EU0PgqC9Fk~%ik<1SpdU^Blb
zox>=TA~rjfXHsbwO4#1so(Fm0E4{vkjMlH~$8K`h%-lxbwaStIxO>FWeMZTsO?nev
zHCfm4vVn=A8p=dN6MjuFln#pGDL<X7avi;+97wRpB!0E&Z}q<hF<ILS*cjv3sNHFI
zn5^1z!ttBe+%9Qe?W;K^edO*h=R<c1VW~qwGMp_l7N!h9`1SIBE7fHIsm;$TzE+!x
zhfftEL&0Pj7Lb4yGihIHk|w7RkL^legA1PkN#?QgRbqR5SnVW9e>C0xyR*KEcWYGg
z1_#LIdX3VGMuezkpJ1~*06AhEqBT{dldhQ}7CDofZoIT-1c3$V)(AmH3y_8l#Pt@T
zl^HYji{i?PWZd@LOprnYVJ()N6UP7Eva4%+(2Rg=1bj46T?Das4Zz@dT^iO#3){rZ
z+-@j@G%#t)$ds8MeeMLvIDc{n5L#Zdgl}UV8njwGR#B`)2Je++w!UJvJ`F!t18>4d
zwMS^Ka|=A&Vi+v2-HB^2c!gU??(FQmtyjNs>=WTGAIJ>gs}`r0h@STGcRSTWb_@1{
zl`8vj9R*?i!hiSnY1kfWDifxZ;#TcG?a^}8J*e54C$PvOgy{;>sThzk>c@MbXQ-uJ
zBaWJO=RD{BxEIwClbRYgIhwC0t;IiI{h3DH$S_3=uAILXv=3jK`XW%d6Nw<32_Oob
zi+9HXMPt1kmrqVx0g_*?i@-}mX>F8)=sFPN^{ocmVFh{1d$?At;SC>CUkoR}4tRCa
zcBkSD_Jm!h|J02#iEby!$R)&iNY6=nE+_Q7rNWgW#!XRqY?tKyB4&EXCRF+oUKyDB
zlJMSSIA^eCODeS4L|IvRz1a<21484u3TIcI@_zD+9}Ej#UX%j7<<64kd)3%>)nHtN
zxD!LE%;^KKiJgo){mq%{1CA+vr2O;Y7*ko0)8=R)n1$^=haC}cO1QD&%%$|Hmnw=b
z6<aTbh~d8PO>mc@EgwFdGq!EiYTBR89kdP6YLgqQa-7eS>`fJwPT=DviAr0y?sN2&
zi=+kZ&Wzh{VvMA~OMa`g?+?u%&Mn=Y411LaGVlG<<t2%|l{EK(*?dR}@6OKO#iS@Q
z?hx^30PM`g9PHI_{E=&GNt#7}MPeD@=~TY#J84x<UVx7i@30%D0$0`Ed#2=dWnaBW
zw$EuT{$*!3&vDO}=#KOVlK70y(q6U>Tj7z~Y&#f@>$`xf86}`vKfMT#Swk0@2n*DH
zDO!OqsfNa*oyPKLqU5}cswRp&`79c;^ydvnJg1zFO9}(m!Mb?GB<03Hqn<vWfY{^P
z-|Cst=|C9HCG;*9Z=P)ohZvLsaY4B@8Z(dgmFLrIjtxp-3}JNtq_&JMAukOd1xCLQ
zGohaLsXq5*_UCY0_|DM~vz={F7f;xFl_zdF-4mu?YQfLSItgu3O%3jIbO%l<!I5<J
z9SrHTH62S`bj39ghoGKc-w_B+stmTw*CaDoQ*KS1$>L_>tgJJE$0xck7}&al5HgMX
zZH4PQ>%yd~MwUTVnSt#S@Occi9QSBo_uMnN+|nzqsX{h}#Q8skZN|U485K0!9{0|7
zscc3j@F$dd)v71rZ9a%5Dq?v{v>n&Gk7WKTO9aYFUJS<Z7lhLjzaYvt>NI(ZP64IW
z#>wFJ_IC5p(bP8tSR(l9yEJ{qQQSaWnnGbh?|jAvX3TFo%m<A>1Nd)G(pv_|KJEq}
zQSe|^UcFjhU$3b+<uBh!JKqKpY}#dKFcHr;n;UhPG}@#J(C<R$(>qQs1O8nr?$~0y
ze!3$?Jop}?ukI#brWQA+$Z5VaRrSlLSJ$8He2|z=U3fI}YX`yfy<E@K2kCR{P^)IY
ztr&@=KZWP>g3}CLYJ^zl5c_grK4zPAXsR07Z;9X5h+H<{5=&yQ7OTGZo}1f=MQH~U
zSFgRtjMdXIxW0aMuo1#y6As;f6>^TtO$ff-9I5Ibu=y(N^xv`J`#Cb03@B}$>`zeQ
zPGg$7eo7BYv}6H`Ni8l)zIy##4zR&j#`F}huN!7+n2nDCu9`*9j2?E6j`B>=;l(1-
zLYUv&zINq`;<CVT`&T!WgmIsdmGW|o*0G|itHqo-s-(W-5~4c)O|7nE9Uf^$_PRPj
z2hq8Jsg=`=llF1A27CqNmQA|Xk-zF@{2pEmGB1}Nutmr!?o1I=O@CzC!9UqXBU{JS
z4Ri?Q0Vw9JcC*d+f)jq<X@=Z1|9fDEPb>&hvf$$Fp?$uoRn&QdhD>HEZ+Z%Hk5VQq
z@7HrO2h7zfN(u`Lrv<Gy#VtP^{C6XXUvy)7k}3s->H6i^hA(Y(p1E3y*?xC^BSnH4
zU>F)nVzSKs*8UXPs`JW&{`JMW8>q6f-z`oz>qEEuq`f1dQm#7I^<=;RAq_>`mOotY
z;f{jbIEM*v9x`mDz6g`CJCVyB!7uk({)VD%kYAlX@x_|E?!4cI1d@_M=NlS`HK*@7
z-k(1G%Pzo{<H_@Qy@5!4yVEhPSUU>i@6N`us6?qU+S?jLwc|wi5`)kq8OJf$;Qpoq
z*y}_8z!wolI_R!$z%N5H^`Z{}$<n^MysMcXb>RrY1YECb+!R=#>%-prK;E&m{C6D>
zio3RlX6G3%P*P@^?OUkw5}8Ke=@LtME#2O!e{U`Ex3O^SmshW9@FmBzg@Ve8=41QQ
zcL>2_wI?xYEg8qIyyd;{Gp7iNK7jHxB|?mH%6WAGM`k@AG0E9|;hI30dMW)I4|z1!
z%l<P$Tu{dqX%U{)d_I^7%sCT?JZ_OO<7?50=`3UlNH14YJ9Tq(=L=<u!r%u>|9rrX
z>(;J#zbhc`t5wipDIJRjKh;#YYcnN7X=Z6`{Omz6bG&}jYQi5tpn}k4k*xK1?<I8c
zZZQY1M{`sc7X7=2cJHDtNhm84r5rs{$Br|zJbkAFp)R`Y#;BY=>1BT17s=nX03)sL
zz;tD{4~DLG(Fs~ywxm84*fLIJl2+<X7S-Dbo*|wU`Z^PGd667hrzus(Lv*5^??+Wb
z$F$?z8vGwET>G^xD;&N*!^W+#*Nb9PNA^0qzl5Jabq~KP7@Zv7f)g4ue21JfPa}Ga
z@)$%8@>|^-VczP<HAul&festJSYG<=(`{TUh$sL|%pO_k>0!N>Di7>H)cw)Et7<cD
zmaQo&m9jxgf7iR>&iZ7wr|#i9*3vG08KUv_-Vj1M-gUIQ`{3Vot`U6v6fh*=r9^RZ
zl=*Ef%mfm;@}dpk5y!5BE|~Gh^Hj8p`*H^&+*!W!{AXg@Wt$&#a$P++Kh6A2A>?-B
z$tVwQM&?U*>lVQN+o8Ug=I%O<34mmmgJ8n&u+nB3+B5BYyqCfeuM)*<w$#+baA>3J
zAKoj@?`au)m8>2ZD>h9y;wpqqSZqpfl&v+N0<JlXe=;7sS%;?SF|tdQboL26>D~S^
z6};hpn=-5cbwqZb?U1GNkn@}`NXoCT*S5o%gFgd$ccLzI8$eBCHT~OVa{&t>EXqdX
z#_`^WA_uB9LF#63l#86P80rO#f;5W_Xhd{Mj8LxmQ-%vatbka*gJBc+QClPerCH=s
zqt$Y5i>UV;$W=~jl}{`t1^uN*N#dMtEGHZ1(_5dNz3?7vnKU%+#PY_uqm&H||5W0$
zXEg^y&hzrVe3(zQfIM+G!OFQ~o=(NCA%gqzRe1*>1N&=n9Xw80*ZPhojE^N0G2B;o
zn~ZG69lK5hVzN92e>W?5Nv-W#5B4W@m*L}G+Ih<kmc~h``F71$jrIFHI}JQTLMklG
z9gJ|l7g3(*;uH0v;j%+Jjxlakw5(6)k#i|<J*1Hfs!@VnU7`KWM5(&<ac)*tslVOp
z(i;;Uz(q#}Y}5$VZPYr?nFAno+J8SobZtL#r|)%mzr673G-hA6K^dNqXvd$-72nLb
zr}-knzy#eDW>{$#L7wz6m#cl);PlvEn(VT#YZc}Fu(<5bcChZP&hUbvrd@>8xv(tn
z$=OC6$?SfB({_+Uv*`Chrult4g3Zwqu0u6CUNa?LQ_&?WUG|n_!hx&XKHXh+1ca+P
z7KO?YHD4PRtqREKt6<YM_D)267;?<CPy-JF@kD)rqiJ1HTc_;;ztMt3;!r7wt3+HL
z1|#L6Q`G`HsSh-pS$Xf!0r(x?RwM({i;gGVxpQYOCcID8@%2*gSOh5YA+WVGO}pPw
zcFV0zP(JADdFC=-T})v~y<`xxJV=JXx#WbAWj5+*n)If9H4Wx{&E5Jk-^X?W!TgsF
z1062HvRtO<6H#?YXRi3*!$mYDL*bp$*sJ*~SP!6IbRI!xDyfg<!Ic94O*+MRCFq23
z`;zVp?ztW6{W5V9zW&Xg^Rc%q+skILIn$Q?%$WCv#f!5|AuIuP<FGTXO}vrvORp3U
zE1H%Q{IiSo`Wt>Huh>_{b!%u@-|6ceh$@lmdz%a;uaZR*N`Lq1PP!K7_&SsHR$9=m
zp9DvGa}uS>HQ@cpqSE=(?ma$R6NxR|Bj}|RXsW(N&CA($&Cgbc?c3dAbK~lQLN4Jm
z0d>_quW<xbTevczg<=&cYW8tyGzd}jZ$+`$%n;+xJZ7OjytCAol4!hIZq)yL{*!ts
zKfs^YM)}=Gdq9}rw^nO3R}#Q%3T?CnL#~F5S;}MSXth#7=oiTGw&V@Uw~>xFl5YD>
zSHJ^zFw~23S_bA^ylNH}L4Spj$zqOG%5YJKvOwezcwXF8;{Lx&)!?@$<{v{?g6VuO
z1>WqF!!3ZQL<_c9`?37cu>J}|o+;wOQEHlm!0p?wq)9uE$_ZqC$R?PXg~4qE$g;@m
z!D*~0sp`nk5iaEA7bv=$vNG+6d-ZCiDH!cATxY;%T=sjUT!l*J47#N`qV#3NgWA)p
zvIk#j2T$9j$7<5&G%Tz}+xUTaWT~kd1MA7!-o1Jx&?hX|K=)kTSkrBWcxaoZrxdWB
zzpQsO6)3)Y;sAELxDLtPSMxU0g0>gR6AZBzU@9Q#$qWR6a!JL8XMZyt7vdlabj5hR
z8tuB(7r+wVBh$nn$)hEctz9dJy&-JZHnD6;2lVMywFDF9rh{!<)^_!j>s6pOtDf%2
z55qlH>gwx@TpLX+39NOI##ivvF$DnGLDJFf{(l!}!ObtmuYvOPGVn2aE(H6G5+A(j
z7B(^c6=GkiW&~d4Q0+?2mqI=4?CdlccL+Q<K{JB031+8XQk0y}-}x*z*Q(bavDr+z
z2_~17jg5`D=6H!5q_pnkgUHN%XmvR;f3tgciz}Tgo=hj-*+))L@=9Df%v^}S$)$P3
z-*jE7;j@iy5R56BIKx2vP=I9^E#PpIpV`c;RA+i(UiQeUVY^*A)MF3mROgO$guKRI
zU6);2zGBy44%B}#AhrtixMyMUnps%jB^3+M7&6_EthK#RYEX66NFCbzDIiZqf6=>w
zRU_?==vE+TW~L_2aI2>@R(B(JONuHs4Y#{0+#{2_{lnJC19VVjr?*aD31O*Ji$0Au
zVRGE(k%<X)CmitOBCisMN7?KhEK`M_KYmjTTo7!e3E5u(nzSj`VWHJ6acqzvrv|ZD
z18$Tv3%Hcj>FL($E;HA1e-Y@=Z9v>Y?)N+<M>~jWjFb+r&fBP~CwYEkM%z)e{?*8g
zIw<xM{*r)>1c`IJu`d~f0mK$}zq>a8YkC^{yURc-09Z6t7iX+{&)y)wB!w#f<X_d(
zi3hIvYu_pS?UnI{qwVmynpjxwbU&yskg8Am`u>))NU7+_zaaom5{J=YfGLQd7`?{b
z0d4zM!na$sqrIJ>n%m%*`8+=H+uBJIwog2$1aGOB0zexjARXq}A@(<Ysp#zLg{%gG
zwVLYQXUXMaATl1Clyu`c%LBOd`uWX9QEm}Jw!w{4-6M-9hPt&Po7n(yjLu7sj;1*g
zkg2c8J(0Is=wzYoNJ>iDT2b(gcRn?MBlz4v#9=&Sue^U!-_9BAnh!B0qonU)0+x_+
z5NDs8IsQuD>#Ql?{~h=#2zxs3MD`x;69(d(2<NdP$51?|a>NXfkoep3M+cSVT?r61
z;)Ex*CHAPcXtUNf?U<}U9h2TLTO}$yPk&vzvy@ni?e>{-T;@0{>N_1&KMqGD)G$pu
zK4xuc^_!`;mqF~{&Xv=YNpApjj0EeHVw6T)M@0I=g8iYFcpq~9r&tfb*({!%(?s7-
z-0+zD?$TZ}VtdoY>iJXX&H`p2%FtW4S$zU}2vm&W_rOgmx9uN4Zl!&G8mr3^B`fng
zu+Gbi_LhONKzb7tv1~Z@!(wIsV*IQg5Vb5>HL@#*%c%+a0(iQD?;&zr{olT9Xj}>7
z*Yn}veP?w88DRmz_QNGo!6yI}%*FJSYD?|U0T>F|xMmAKZZ#{Fi}!N<(Cgb)gk6rq
zG3HC02&^Ek?A0ANeFVfE7B!>Ihz7|SIZ5-^!n;`wE#z;JC3uJc0JO}9srT`g<4Yjb
zQNPMlg$uFChucI-xny??FG`ur99hiBFA;^rb!Hq|#I}Y}>FstYE>)90P!J$TTL%Be
zH0hQmfdV>3iR0;QGj|l<zxkJe>WA_xkp~^zLI79Q9fguZ(W(b;7ITH<J3db|C&G&E
zJx@HpO~#0)XSfoBGTX+zOP|lD&|o_{S(H0UAk?8CR}x(-<+%u3$UpE0a%vCYVN*SZ
z%7wOZ)MV(O!)MCtwNsM1W%rcVG;5#y^2otarSBZkQ%jw)Lld|P*V_3RwRCw~-^Znk
zyn;(0ePWA}H(RSdackhuZ<sSg$MwBPG-vo01`C5&VtOXG6`kHlo11zN1w@5}n6=F&
zoEGq=EKx>j!R+Pt=MgCL#41ypItW*f9uT0V`hjpIhKxz}%LVc?AN2Q<F+MVA2n5r{
z!T1&TuOy+bdkog&_HHUYbiJ{Y2zM<kSaH1Q!|ZMUbAKEE!_fjG!v9E=KtX1czM;}?
zl-_i8w9v>5icvq>Q{}+|;hP>kPJUnJN}{=!&tuY!ap|p^_tqbJ&*-H*p@{|XzU)5E
zWNDA1Hlu&leP$vzp<sg`jxkw!I%{!Ec%92qFYW_YLu)M=+RVO|PMc^EsAbK7$^4@|
zv+2ebd{;&ae*fXA`pZlH(vA%CqpJ-&O=Kb>yPzJuA+2(PL~F%iPai#4xOOEDW<frI
z03fBy#beGiG&E-3)2#GkmeNaCOh$K03k-{q)&S+^7)z1#^l_=MT}8zSXpt2xGxz~N
zd|O8*5IxW?PXTc_5Ka0|kDqRL_Vh#%pAi8Fha3v{T~JUSmL8xAKreQ80Zd8kBAzV5
zi0zk<Cqud;MLKM(2^J}rHV0+NpRBBain+XFsRQ!5RP26%A0fiG8}6F_Lx3jAE0Hh+
z4w-~i9>p~nI7B_)Q)jeaUTBT&Z%Q4KQ1|cv<xQKl;!;E$uS`LQg|g*%%)m~WA4H~J
zmV}l-c7M#`p^-XsJon8}ZUKnLx+S6(<fEY0NNXAx-U(0A?VW=nQ(&F>mS;>%MAa~E
z%@+c=;*HFs%SAR=c8!N*jv;<N-Ed;Ots!r^I<dx*Q@Os_H~eFi9AteS%yc-AE*9-F
zli>;%lpe|t9HfcqJ7p?~?Qh;ycA0#qPL67<Su71|wx%{!l<JFpLOap|n?5ZWPX6Fs
z_CO+RXJ5(~XNLGL_26N_LYJ9hs;wG<H?U1cXB$ob=I`Hwiji9`iZwJrRq-yzXWgkT
zv8Z`6NWZ_eyHna~$5hwaQ`&SDfMfODFwf=Qa5R?K?9dEY6p0tmh|@j~50A?oXSs{w
z-jX?{1oKsGa>DOUBz$!vYix9xH%a%R+Sakl?A_;CYBtrp!<x|D>ORp}TZ3+1yMTG1
zsNh0(ai4g91tO2IlS@)kP0S?dLWv!2A%8fhgPb5rxzwwW6Z#<=19t>pl(V)@+l!)b
zVZh>yFK4`;tEv<T1ELj^#p43N;04j|c&5ThwqyuNsIb$yx~lv5ANckr(_;~bYR5zN
zg$&9fNU5vKc#d}!C{F_Xj?Je(L$`ojQOJ$-tRRh^*gpl9d?qwyY%o))^1!BV`nvoq
zntUdqv#+mYEk8TkDJiMkqGxF^M-%5TR;Bv+tt4;z>9#XDv{suc{f<i#A^*`kECW76
z^!p}9@h0v6lnmbo<Nu@}-$&yASK#s&WvvhNLu6hJ*kWY;CKDq#2Ve<3fqCOvYwgqN
zLG0y@JrmVFvMS8unDftLzwYm$C?!gehP~u7Dqu@O9df#_hc+6S1wSX4wFyW=0jXWu
zy!E5jMn9$*Pd5rMors`oC362NZHV##zRXMp{-^FlPy6)G8l1fKojg39oMF#u!fy+-
zT~#XX=|^rDnjuY*$ZF(<Gm^(i$9!$5?h)i(Yj$@5>(AXy4{j#0$4)GhNDml8lYae`
zJyv5o2+`8j*uOJv-*iJ_pRw;Sb@L1b^!@NTMvm1lXZD7z&PO@p{<=BrpH6+~_gZ`U
zo*m*n@nUVF(ah}c`y2lGeYLeS?&ryFP$+-oeSo-0u_5LJWhQdCdm-)tX9_Z8cy;8@
zmP;dVKGuW#;VdZs$0OoPGJ-7~CgO^Dd3Z)@?KKCx;|oPk+KfcYf>|_W=6=WD$w-$w
zIuLFouB8<G8p5F(!X%>=!UB5}C>Lc|3Mm!0ZzvR85>z`r^r<(Pr<QvNsw)}pZ(#Jx
zv(0y|1!X6mp5(;j)IzZTPf2|Iy<94Zrrk9LDW^F<!bE-|B{2x&)8k#Y<Qwd=y))mw
zUhG^_XDpEGSvZIgaam!O+FNPy-a9n9ZA=@(?!Bp7pg>(9OIe?ncQ-at@(!W(!%rt7
zhgqspq&QEneXQ%?hoBQ(&y%CQ!Jm%tg+`Vs?~Yl5GG~@IL4QcZ4&34n3>UE}42#o}
z^p6ShJYlIK9vf(q;Qx%|w|_WjOA%;B6HkxMy<nqJ9eOnzu+plkBDz{D*BAhb+LXlf
ztm?By4?KHexf-i2Z^TCz%YOAL-C8oQfZFkTmQAF-2;Jzk{{=!zPHzl*;&A?|wrtTK
zCr8|LQO<oG>5iBqs(kxMS*K@5yBqO!f?x*Vz8Ic#bYWJ~$ma<bTy)22zVA$Wc2-iH
zyu4-b$#BFJ0rB4!4lsL7UW$yla&c^>j)9aVO@hT<ydkxpI$ZU&rxf{k)i**8Wj#s{
z|2oSkiT62KEIEJm;#k%a>0~a}quzYdxis1_9iwYeQYlz-hwwQ94as-6QSMnL@I*gY
zsj3tlOW<FO$>QeH9!kp9PGD!+4`=gUZUjZUU2FCzO<qsBthtq(zF!g~@*q#azL|f1
zqe=5nE?rC3QTO?Lg|t+NW49Zp!5fWEH_pY=iGG$2cvsf?9b0it$;aJ>`@^n0q87mx
z-aGOU>bjqQzY_cIt<`NF1$Tw8F-*tWi9V)5$E~T`TIT~Ot8Q)Zq3m|qXn$Do#`~9p
z?O49=<52uQuqCEy{srcoZS7_95AOyH=bwp;sanCg?e11x^J<TaecU-<dFu6EOY-FB
z(LY-v<a}|K8>-Sxep@JdN$b3Iu@uHj^_hdljfbm(4W@#>9qvgBi@JVZnY3?)Bv684
zO5i|KETzQW+NiLooF59pu4<dogL}ciu{vdo1-GV&t~KfjMld$1^qpr!<m9_{)xg;2
z*3w=V+Oy_tbk&5#hUy!a-%NTVpA?7H=!SAunx?-Opy00bmgjnGy!I?g{>3d`K0|1=
zF>=Ow*t8IW;}a`JO;&xh*8B4=`}cm5zdvO}uY#`a?pB@-bw;;{JVxE?_N*tMnn@Pd
zATVg<e)&|fDblW3Ir2J>YIlFXk;%l8a{A$Ju%{lHL5%p&P2izH_7e%d#2$|H4z~O~
zKNkgM42fCx<luyAkB?s<hMll7h@5Cv5cBWNBKINsb)gDt^{BTwCKkER(WPjXI3ZAj
z`;>x7ev9R+G)DG04a34AxFWIQ;tTR6g%|FZR8Hzcz1C>gzAIC{HNVR9e~dWdQk}fR
z(J(czE~iJ$K~kIR!(>=R{OGd<Tgd94sw$3OJ_LExLn=&CPQ5vM(@jq~VyT9m<=rky
zWCUYJkS!Yz(E=Qf`=Yi56%_>&gesA!q>-n7`e!cd;4eox-EG*jPgm5K;qx_H*HDZ3
zHJ+W8zTiQ-=;%u&-Xb5kv!_E+ug>wXX#f*D@n2CCXkJDH&66V9h&Hc9(PlK3r3OOR
zl1UpSZTc}e`8Ce1nE<0=5fkyY)YE&fX<)YCHEy79JnrOOV%jL?ee$6t3Kx%_aYFVx
z@q}kFhrT_>nMr>gyQa-rz#QslmKbue!A@6Uj)p2!{Ng<@HoH*Bxch2UaM7jW%1I@@
zzph03HblT~#eRD--5qA&>~*RTg&PVdX~%diIdbJfd>6Bqa{*y1N7C4r*{!K|;Rcl-
zU_<N(@Ad`5LidU7O+EDU^P9<pr#7m0-dUBGDYt%_<YylIps0UlPN;SjXfSpkj4)pf
zdQ=tEDgM~F>a!hMw@@J*s?}RrU-e-_H>qt>IsP9(F1a}?dA~@IJ_pbEnFT~J=D_zS
zc;}M`10vqALl3NCgMx8PgeAsH0fl3UBANz<2He=?;Toa$i(3oa*FR4?dZ=9CprvQN
z;Or+;G+X`(v}P^-6|&nN8K>5gsTOYVQ%mO4woJ8_0`T=NrXT$9X<GqLOJ<(cZBFvy
z?|uk;ff3&L^Futr(Ak=>L8ThgD`K0-9e~kJ$scLd%vtx|udWm7Fmz_j;Z6t6G3j9w
z`72mmo#`4p%^SJRt}|$@pR-(r^JT4R@HF8Mj#hu!6*a71nt&v``8qZAW*_<_R{sY3
zS27AZU3TUdi5&OgV&9b{E*5=I%XIS4uR+XZseixAsr+_yQKP&y@t)M;f@-k^wvn2s
z(0q))T47q8eAJ1l+j}YRIN{67uKL^;qXZJw>Z3i32?`UGF85Y6S2chR7$bAk$T@nP
zl*pdzd8>Aha03Rg$}7pMd>B@!iQ^YLc~qW1t;=9oB;s`D^(bBVWs?#?tLtH%Z(fg`
zFcz}AK`8Dt3+x)d)hJNEQv%#d9oO7iLJ_`hod1TA)t!2*VyU7=<7FWxCKC5<4bN3r
z(XowZ!LtE2@_c^(c*@E8<*o9Ni1$`}^YCyKhBpN{YqUGD?CCv16ViqESdG7y;{?tz
z^9Ts&r%e?rvg)KLJ1c>^uQGqN{EW_%4JrJviB{MrW$$@%m=w#y{WdLRhveKI&|i;o
zGOtp$$rPohxd6^^wY=788JN_6G?+#y;F@<_+axe>UCdNc@-5qCT_~5DNpclX>a7`G
z3!IjsFbQDM+gCJiyzD+<TW#9gNGn9pYV}$-eAlswyC3Dr=zla2otrJD!fW`w7vH|$
zO!O{zYIA3Bx5UTRHieMe46dv#sn>1qpWMOhf3cbL&rO@O>D=&;L`>!zQ77F&g8jg2
z2TblnK6SS%iq`}^Aw(aZlNQl2KV=ZWs&iWF92}g&sU@MfjDRNtm{RwnvR;mu%XC(=
z{85(N(SoNc@{jhW(7bk~`;+qYBSC|2>ex}GkxLKMOrc2Uq~3Rnh9L=4>!z;Wz|*`F
zH4GT5=l9{XY8jv`gzy$6MQNZ4s(0pq!#bhWAw+eI$kU91|44IKYrfVM)5a=lz-fh;
zjIP0mz#>AttvaX?u5dSwumAN`2|5GN-~2Q23tgUtZs{{>?3YbRCu&OXp`KZl7*~T*
zX4%K(*U4Leb@`t@YOPhlRm$^gq}>Nq78&l(+YA}3r+GfqOs@^76+&pFeqUnGb#z)*
z)BrA&P<r9+rB|R;%mygKiybAEW9OLdM_(`-iC-T0zDm3<E;1x!F$u1V-R_D1HVKmq
zKSwetq92=|R}7*Q*_ftO(du}-!cebp!9{?-tiEbsV+1XhTM#j}LI~OGcIHF|$Yj1N
zfAzBM6FnWZGs;-M+Hj?@X2?m~+b?zX^RTjdu9MXFND=Y#U+VU|od09=9RJ{_Ps=u%
ze7$5S&$vcu{}RK?rmE4G*RPF3Odol!F{H#szJAc-m^>-UJXq!jU2%8dE4sDy%G|D}
z$wCfQzgyRni$+-RBPC6}-2OJByHhv+its!Cd}?#4`~m%q3(nRxYT#XfHCJ~wftfR}
zSKq-4@K@CWFFA52MZulMu63`ni@fW!Skq8Ngow(}jddE=wB3(VhhA#j*j@8Z)b_*+
zaF{&?1^K^y+yz%ad>g;V_dk>)Jm2Q*g^xK{XPK(JEF9&(ft{6o{!%GjVmcY$Im`%j
zNKgT#)z7c^p1jR@+0jDJP&_#9@ZeZcVf(E#v*z@p@>Qxtqf+Tc@YnO$??SqT-~KvC
z@Koa$iE0IA;rtfXdrVhL#tt4J1EsH16qXqi$}z<oB9+<SwE$6TKSzYGYt;#7Ldv>E
zn9E<aD?5vD(hoJ2zoCo?WtyxUDqCsRDz)(SCsYr=&#-cQ=k$F$FaG1NqX{=@e~!fe
zdCM`~;ep=$pEN0rxZTd*k4WJ&>~&vQWeYI_%huGz(<4yO<C)Ts>sI>DQNTCwVE*`E
z6Ja&jBaog`dveq|ODFi(rIHjB4#9r|2X}6L8E*%n2e=q~Wh7aRpsk1sNcZ<iw3BE|
zp51kd#;Crz!1U~vW0bKXE$e9VZ~0@djQ#5O$*a!PqA91IXzGSUnn(XV`cIke|8?Zz
z&96Uoh<y>!WV(?*7WeS(d8KEQX=l9HUcO6;lxbYub$Z!TNJaOv*~&p3$9(c{C1W(v
zPE5ZQM-RJ@aJ<~B@LZKsuVX^aaN(<u?)bl-J&^Ekliw;S*w7&8C|CY`l1+)4AIGrp
zi8U_nu4pD22{ZW@2vu{@|LS$o-%j^D80lN)#Vu_2yj9y%8dYlB3a*(SCNJ$dzr##W
z8hqb`t6%&(%*CG_lcglh^F5z0(qE1eIX=u53nAgR9bXO?*7_vI6hCBpgX4=)ZvR9c
z453*bs@LMDHT!~4E!j2h5zmsqI;p>(dYA48Q;fgDPAkQ$|L(%GtGye1s0r)Q@RC5;
z<vw&^y*lyiPnz}*$UC@4o^D47ufg<Z*L-<n7g(oW9@q3)O5>H7zpnMBpeT;`x1sz+
z_N*lroU2zpCqI?38$RY&rc!W|XoU44N_`Q`ZHnh5AE`{(uDyBiFjgU6idC0CWMUT$
z87OmbO0%S1yy{pyIu`bQ1nw>?|2uJX6~Jw%KR5FV%u}nj+chV)&W?eOHO_74f3k+Q
zQU1|ad^2f4@RLC@W68*hLta;Zo9&7cN_*cwY!}%(5q9<a04yv1{ZLhqeFCm9^WMpE
zo>A1s_HpABGUS#X+^A%P#1fnZNf3l?doG@Rku2@?c8Tgn0sjl7DZ&IrwWZD>UBrRM
zJ7od$j89?Pobvn7(?61to5t|woxVG(6_gZrbFclP@7!BQFs%rDA?C{GjPoGd%T4?5
zV?V@wCh|DyM)t>gs_A#KN2LcAA<d_euwt{R1^cF{+9<oI86)*`>#V~!8P8UUwum5c
zLvBcHE=%EN!Bx#5SIww27%oEr*`SRb;{_!*7vf6k1V@V`(^1~vBv5Z+zgy+17r1%j
zlKewy!kU0;vV3rK0w1JA(>5iANE8TtOERV%_|teevL-_PD3MKjzdjK7Q5Wqlii$_Z
zG6mr+22ygSY-Y6SNmjl%U;iMuGZN(l1;H|$ho5^a<Bt>3zys!(tWoDN91<nxFqQeO
zljr~GWd6^Q@;<H?|5qR~-@GZtJ8o>v=?&GqYp+sZ3;lFN*^=2|ZXvt2>x9VW)~0Zv
zh5=&~*Ddz^G|KaP?38)>o86k>!l`W{k1$`c<xSuoeAU#$M6HOowvXXn9%O&|6o2=h
zxm2C^!kflOCDcjIDknOwg+0lp(=S5TYW^ZFP&w(9o%^t!Zg-&9Reo0aW=Bz_v3KQE
zDdYldMNRu%f*Hf+vIC%yvP>`VjN!m5&Fyl#UZ0_ODwWbL=G-2Pjc2Etfo9bC@H@_j
zk^A`V<7wo(;r}t7Cv1Wo%6Kj3PX;PgE=A{ErAN<QOMdM{MQFKRD7u7L=N-Hq?0eF(
zY7k*nb$66vQZ2%2g+;4$Z`T*y)pVJ^Of0Cip<iQdDfwyBFD?VW4$^M{QY6E3LciK%
zXIU_2clcEH`#VxltiRQweX>6KzMkE&YiM!GyxvHrV4p{PZELM}lKY067hWw~(>@^F
z`)PCGOjSJ+e+K%~LQGbcINp`%%Vt4kW1Fd?W5fG-t*#p8(wQRgN+*4pWCZI^6nE>t
z&Yy|~5u5+I;f(x_Pnm`te~t`lHj1Ig&#b)3$A<h2tM_=nH?91;W2M#LsQ-(}%8V2X
zuLT;H|4G$kWnE+Pr#BeTL@!)*s2n`NdG`D1Z|b{_Y%2UD*;+nILE&{yo@6=SaT@S%
zcgBSfoL_4A>$$99@?|<kFL)SEbnm}>*IctBT9r{x+SumlzE^cO_j2^R5QrQV|4Iq?
z%~hub30Qbm;r)1+V3`hh=>+e$jQ{&nS16?59|n0=hn~dSofUJ6QvUhDud1g{V4@>f
z2&(R+U{ZNsjDpE5-fFPewfW^?Jx(asC{%gul4h$2Z<$WwpM{TmO<#O}82S5MSKJ79
zBO=zl(eUs&$yjf2g{FdK95UI1g&4sok%RYTe*K^=W?WSFNiVPQ1S2}U(OuJbOAj@s
zzk=*$8IiuxZ~gx~Z!PX86@{VI=nT1ET?WSe*yrmqtXA%5zl$WqJ0*=KH2(b4LTa{Q
zO5|4jnuqqgXAz8MvSQ4GTz^nW@n2qe`os7EL!m(kd|45Xh2_*~Q2!6rX=ArBdC-K(
z1`XN$b9m~3n+nB2DEF#+u2H~o{pyKwog_?CkNO<S!PGm6Xm=;z?Dx&)TaP8P^v*J>
zizlw0bVnp#r?NHIgI=#|)yuLxP(x1MM=MkGq9(0}1p~9|M)b1Qz{8lYQj!0b{_U5}
zf6qIDM}1kA(){2)P?24?5~?Da5q)#8-Y0Qy&ler5MGay2Y5h07A^ltx&?H<Vc*>;*
zt%Q4v$`Mg7DviFC%Kp|E@a4@JDWwlvb6@BXThqcG%B+sd&KDJ~1%!E}mg+n6jqw?s
z&tNmNDR+t~)dxS-kA0W&9xSC71)6md=JAVb-ycK%{&cTU;XEUis<;7kh^0WRt8*aM
zy>>L``F8ypcb(YJ4jegIxv9)dsaS)a;_52ri>ko|`2)S8KiSHS(Es?H6&WcPvUzQM
zI0vDdj&bkBT|!;z+$?A_4A`SQGvEk^B5_ZNC9sy+zM3WAN;armX&N7YkDSO)8kq3z
zeEJ@e!(3>bD}4Wt*Uqk<%g$ja#dzfqA|*wYUi?d?T$s97inRQEvZeAfSSGA;eK-E>
z4~@9XH8wj0H&mrIa2Y6{EvVZ0RkeBh%BmR3va87O90f8a#?|xKyFB+n=tbusn&QEh
zQ8TF-_5XCkA@fo^LWmt>QL6*?_Tj#cbsylWMu)YueJ-4NDw5^_6PYl|d}Eb`kQXw2
zFa2y$P5ygG{;eTiE=)XM{A@-!5e9nEJ_2h`R?4~USDJl{5(<BQ`gx|J-n*(a{Mn8B
zk;{q&-g=rhdklUY0t#qp%l{bre>v;r|3rPV_KnrxNLQ|-K|i9x{3?aZl)YF;<bJ%}
z`huTQjjp}oGn10<k;b?8b}(aN{Zix0m(_e$EC&&O{UztMy^$~k%)XX~!l6!5ELUqg
z;dbh+1wW%Q^Y`=7d`3Tx9Yqx)m0DsCSe)0P)P$|rTVW1_$$&y7qyL29MT%s{989*b
zY@6eZT?`~A$H2|7|1m4h`@e0!m3t<VPBrS>Sibt5G#`?(Wj=^YC-^BTd_FK-Lb-PG
zK9ELpBn`+Hh%fJjGyE`b6b_lGeO;+WdL=@G4<~DLF+s9lxVt@+D9YwHJP&uPhGTtP
zU1TzMJ{g#l{3qk<Y)Yk)xb#Yea9p72xJ)+=Ir0udS9LV}d^f;ejqG>M8mdelrYQVG
z(9YU4|L;Uyk-YIlgdL+-drzR!>Q5n;>r!YeM5m=Q$ckd%e&(Is;2G8z!wo&tIr+!W
z&05XA74ZJvW+oG@bBtUs3x%0A;f<x?36n#<vS*%}SF}2z3I1mtm)qOflHbnC{->>8
z|C7A-q^f5`^G0M&+WZq-=tZjxmjnE0BJKorTD*@Xp@ISki%>%qJtkP^ANjEKw4*0x
ziDzy`1WPm?buMX0`>N;N_Yqxx{NHZ;uew?wqqZ;a*SuiX$w$+1Ud5%(Davq8X8)R(
zR7`xT6%*@6J9uA|mFQG;zg&Q0e{>6ns=~R=nf6hN2OV*{X4-#%?LbT-26mUVM40U!
zh&!s49KUyz{QYiWcmAbFL)FA{s4PUlBp!V~;7Gup;!O{oF%xWZRaM&8Bu{OO5B;6y
z{Px<%3R-6wsiX7@eObpI$#5#54%H?zSSdOq%`ic2^t(^uU|jQ3GW1T*|BV~K>z<Cq
z>#69cv+!w4lQN|(8Tg<(g$v8aBBVEGI8?K<+w!-DhO804uda-o1PI$Z_ay8RHtYK>
zq!!+sK~81-5tGHC-aIV5*^n#A5<Ipb1w=w6Y@Cdl?#B@ZGIYZo=|MUBGwH>fO_qa?
z@PjJM0=dKQqFeSJM3@vOzz71wZD)ABmw&8$Gq(?u$iwqYW$DUz$@^mU;9icvf*Wql
zh4H*b;zt2^X;>Wl>T!G_p>6swCQA+u!;Qa>9C$_3@)&7a1?uoNZg)E$!M0+G*3Ukk
zf`uChO6_>5v5!C6c=iA}^Q2}fgXh~A{rx3_aQ!UiToM$bsJE-yD&jWm3k)cJcQCQK
zJu0{9Ybv-)YhQlXIDE{z-7(htR5lp1REM?jjb$bt&lB1&NghzhdYv+@jUm-1?ZrrC
zs>_yMFJ=OQ4cp-=p!KCB=j1>+x5>lpZAzv9;+0;@vfHADwf>`GID}|GWTceOwisHp
zZFZh|EH+9uuc4u#YG=?vV;S-!-vUM;ob%kD_D|_MTD+n<1Wqv_(Qg$9BlFa2WeU`4
z^=Nc>;z|vzHX2ZBrrv@X{1-v6ApM4foga9%VLGUM51<KOW5WeyRAP1qZ2GI+Imlgp
zBi${Y<tFiP9QrVU_nQZ)5|{K;B+$&RRn4bMO;24EuU1(`?5H>H67_DhM8u3B)$=Wa
zW*reHJ$l1^mVvX9u>E4AJ1-eHz@4&pg|TqWYiYh?m(UHep!l^LY<41_{Hlc~<D!JE
z5U;M%K4_qD%RtCxbDGeb+p6`OVh?sm;(BL}_IqY5?k4b6O%fbm?qg^e^}byb`uD6n
zy~Jrh31^~FWqCr38ctkPTT21MmFDM>%)VM<$;jU<Zy9st7yY$tBT}sCeqVsF9)SL?
z7fqddgkNlV5CP?xDgs8x6Fyo1-($`mikX}*p=ud`_)h2e${&=?==8ylcE^f?YlM&?
zj>$06i$qb+F%_V8&TVJ$c>^d4PH=%#%kN&p5zV6tQ8KqwVY}sAwv`hicGyAss-CAK
zJ9_D`rCb>H@KH!}3fTm!^t9D5T(PRaglpxFvDYSbnFsO!4dU~8Wn}XSj$eGGD>t{W
zqJjq>)Ck*q08x1_#BaWvO$R?jw&PKyM+7`uc(zz6&ZnL*SvZWuy=fF48;c3}X=2wc
z#0+c~=jK(~KfyXjt2Y(?9-?pGGB_3$KL}wpoUj)$T^7E!8y0V=cnyn&Y>g~<RRMuS
z_Cn^;O&;D(#N{0AfFg^Ut?t6oVR`0L`$kc;xp!!gFJ?5xNg=XdhLG3J{QE7@;MLN;
zLR3f7d^--;CeJkcb$M#D#5b^d3O{CIpIX3`22(bIcs^%e^+j6(9<)JG7uqSP*Eofn
zsVBwMiD~MoFnh)<1rkjfMUP)IXQM1mjn;f6w+?J}$7zS@G5dgwL?5t46^bu`uHubO
z)z4}Kcx~obLY_o2`_*i*b(whx-ej=wtnqf%RC>NuUS77{o5d56>iGFTo>zp2E9Q4L
zYpaRJV%IILJsn<*&YZgnZHAoND@DtGjSkj;{swL*X`XRUw>aEq$UnaI+&6X#uZ7v)
zM2mYvbZGLfxe^EUPE$*IN)C#dgB}-<KbQE8M|7K&V`WZ>>iPY0t0R^4e==lGKAlap
z<k!NmcrW~U&bhkUR=qYdO{Dgt-|Z_yG%D$NkMAVWOM_ytmDShY@MFzfOk<WB?PEn)
znR|oo{Ww>5dAmZN&c88knK$NeEWsdr8f5Et=XUhapc-&9sW;*V+QOee$ae;IcVyTh
zD|ob>`|#1dKP+<*9@dkxX?|-rAfEV$x}`}5QTd*qI)den@2^#2k2V8tp!p$tkhMBD
zEP?^Eb1G1y5&hukH&Anqe@wl!A)#&)TUxrl_gPboJhUlGlZ=iXA?(&BCEu~rZ;f=2
zm5d&zzf7IWWck?Bt~Q2A{P9;;!Ui=<@RQhd3={>?MW4bBv2~!uy8F~K!68AuC!;V@
zn-Sr2Wj`*3L*2K*Se3l0g0X)2Gw$O_fk3FA>}5TVxTLNYHd?774o(jnK)^q<)ypr*
zuV-+gcV^cmBl`Le4`>ljriFkNzJnjH7r7-0xDgtkx|lj3ad9H^0l)oFeFSWW=VNGp
z>iFYEB;;f$E#Rk)p%~zx+N=jJ^lL%4D`f+SUR8vK!wZBF`CQ!V;UFpNT9tj*I%3R@
z_aVnJFMWg~>Di0AlfGkmP`i&GqNYAt?3~D1jJ(Jc<3p@-E*;9U;VcMlmaCYkK20~*
z)YNQ`43~#(o=gxnj`uWK)Lgni%gi2YVn4cH`=Le(7{Qgh9;{!C-)Q78VIOscZsWRo
zrbsr(9T`G;<3WY<?nzjD-N7eM19NkIx4zjj=gr2w5zuA>0|VqGN#ZyiZf#t@txbvS
zT1QIV(&;7yADSS0MR^TN3Vbb1&8OFZE2#cxttxHtC@0wHKj~5JZLZ7Df`p@eWZv9b
z7)~=VI<IHd`uI+M0E=JMAmLChil^{dOjc5*o%q}4`I7Tq9S~}V*01mCR*03Nz@M#6
zRMzvE!Nuj$jVk5ez7sl*a`QR=NpPtT9h#duk%a_z;}-eK+mD&8%@jMY$$=qUtynyA
zZBv6DS;dM$1&k)BQ@lw2_D*+CgQljN^U9v2IKMn83SX%6#+ktdZ%+NJeB_&s6{$4;
z^~cpP00ZOoHvJv1$%itsxuNolG(hYS%bwrRa9@1J%Q<{q+KqG{5iq+L;}q2-N2;;$
z+M#OJDYcO081?aLAP!yd9^`0t9cv0zw62e=5xD&oeL=iQXdbF5IWNO;nX08=o?1Fj
z^(Pe&W)K6@c^Fok{65scaTr0%@`};@pDXzFJ_yMxpv-=3)y->*78hC>t;(-Eb}aXq
zy{Qx6;fWia+`iQd2K1Umppt^}YlGWY)FPr7>fPGyFS5ab=iBAx$}XATs^Qd@<br~`
zm-ayE%C6%yKcY}XAB#ulJ%XI?V)v-Y#D5$Z#XtqwV3M{Z#&-Xxt+sX@b=>Z-$qU|?
zInS&LVR-otg$?AM58~ixJ8~j*m^M95OAt)T-3nn!O->QU@$)AiN7DrfnJuS^a^QD>
z2kB`xi>^aSuTw4QdF~}ZmsWfF-G=I(Q%_o+Jxk);JVsBEGSX!0auL#2LxWO}rr(a7
z00+@GX>nKVP}mDuT(!{3%k<+=IK-qrXn8CZHi_+vw1G6*LD%ZQQj*%sW1}xJK{`bw
z1lIF;%RBYcB+KE2YB3uy9N24$wB=zc()ba*Y>qY_0iF@AbP}jJ-`|h!livIms`X8s
zW;O0lR(`YxfusY~3>-ajf>KXJr=0o}N?mLj!1xmL+nz<9rtX=qP1;qi4u)(bEZWZ&
z4r@v32sVH9s@y|PL65#*&?C9po3Q!w>*C5$GJ)ES<x?b>(b(S472IG}2R<Q;e@u>^
zR*zIbk4;ryw6SJ8jsa2<tt(k!`S6_Qa^LVEEmzh?deHVJr3x$0lzvXQV58|~Zz?~K
z>nsRYeGQ+;|A39Ay)@h|s=nKjb0<F0C=Y}^z;mqOPZoyz0pHK#9ozxgU)_*C<;xdK
zJ?ML#h|G7XT<U{lIPevGtlumMf*)s%rR3y02L;$P%E}+^?!fl#)BThCWajmY%}^Ho
zGN&;lKOBDQ1X5&*R3052-G()S%e}Rww7Al~UI5M=!5aPQ+@%%t&5>IE9LMh8FM8v3
z3tm`$HuUyJ294|ISjYx+Z&hx@S$;;4Wlyp3z)Rs0ZcRg?-%auVIH_;KJy@wKM-t>(
zCD`e@JUAlikDFBV4GbV|pBKGAos_gmZ!|>LrqHl>(48wa$C%H;4VpM~nQGGZ?(-+}
zg{S@si4cEiV|hn<pfb21Is#?`CR!?x_)!Wr_a|(&{Rw-fDpy*GTLND(DyTOZnS3(H
zMQG=v3x^Tb^5J`~<1`huT1nf%gdmmhw#<9=7Y7Dp&jA6!$43uK8xOIZc$5!bs&QxI
ze11SFx)2PU$S>?A=C!6EsPG`qE;LF}1b=`s448EPv0Gr-Dt_2fPvONMFmLT$eWJmB
znZ6Ng1)FU%x)M23+AGov+Xs_c4C?%r?#mxM?7D~<H!QU%q~%P{AMS6si6^ewTV&8`
zOX>k=ReapCfJ!WAuUW9FXXE|u%yH$=hWm7AF3!zYJ`aG@!G><_mX%%LI{Ejq`;rgA
z;WbS&>}Tp_hw-#|eI1KvdUf`ps<r95nb^Jof;j2kyN7un%|+;k$<fAa06yKPNfdY=
zM+epfpFo-)s$_u<dEHdLhq}lAo2@hCJOFLG6Go}p6UP}RbF<uH_iBDfM#kQPi#@yS
zkldF;9q@I88|VqV7+6f=R1<I`j?2Ho>(`}0cxn6mQq)uhF5?eSE}8m;f>q=G$D(r>
zc2ss&ma#>tiddm07T(Ni^VK5&59DS(HwG+ujY`IHPmeS2{UU-0*l5tSKk*35nv9IC
zr=AiQMc4ZZM$81nF^Z)$5n<&`KzFBnCWgQE+CT#78Yn~Vct29*SWR>|P3||4uUE{^
zUFeTym)#w&g#P9F7b3T*)Q2Lk`7p#Ss(qV2d;}2ZID`QXZSKxvy%WBr3_pGNWuan+
zTnM;3%XB!)yWALP_4tN}XTyC~cA88osy+&h^y(N^o7l?Z7RF=b4tG7_+pEj`)z|_9
z=VT(2y{BM?C_%G*_$9-9%+dtogy4T*00$09cSY}PtHF*-zLT|~{~vqb{npgdg^PNW
zqqKuckt(8~bfpOhQBe^PklsN>dhZe-K@m`qA_^!aNbevep$8Qy66qz75RhI10f8hy
z2)R3o-|^fZ?q6{8JYupldop`w&6>5|_0F2fIsXfPg;@m{$x&Y|3XWPA$@xqr{s(K2
z)9lW<Kkf$}h!x~7?DRRu&>Il@^&hX0@a)1rHB9fP8QqV4iE7_3EA#ZnKRSyVVz^3T
z0sJxL77C$@+1lgJ!eLg4vIp8ZOd1@N*897yPfGOo$af_50QTI3gn1D#cZPxmLq<GE
z2Qi<^KQF2bL+%ASN3<r*y8J2fbZ7nf+veb7aA<Yjr>&!zTDU3kz9R?K_`9nYrCl(a
zTv(jVRfNBuh~M>`Ns3;AKtSHA*MF9vnaZ@q@8>l=m6|N<;fmZfs6n`~z588uhKKFM
z%&_H4yf4cuM>aXz4gbUz-XH2L470o5-vrC5_RWtv$iox;u;w&F$CLZd3v}cD8tBGN
zlP<iP1^=h5ZXJaHHB>cm9(^e_`%|sZBBChfQl;&2hH4)5{)})A=LvUIiGq$lxYGJR
zsChgGfZDwL+S@hWU+rs`B}9kyW?wM8C+^zjSlCT3HVlj}NZoyDrugTtDHo(MUDoQy
zOO?-E9&?`eDBZbsXu40r^e+ZU&%0;xEM=b}K$S{Fa3uNkpSSh0&piCt_r}j0q8Jeq
znU1o`E7UlIpOxua<~qV4`9;W(Rxp0XG$qiyL&gsPF&k(9bMvd&haZ7c7f1Q(N0avo
zmH?*Ho=M%SaLWTTXVv?yKl!j|=d9kM1lQOCIPNm%f1tmI=G}B&?W@MmFExxa1dc73
zev+gkZ2@EFCdJYPj^?FPI_3t2rEHVL|6})6N&|?Wrsn)k@B*Xuj;=$Ek$XS;t0j8v
zD&IStZbJ(SZ>!YwJs46Ne{inK>coHA%ju&G3_ZY(OSc(OuaILj;7x!PnB`Nm<$nT>
ziyzI*48v0g8oP1|n00<6Ii<Iz5bOV}Aq)|}aX>?J=Nn<zc(2TPJ}s|san^Onk=RK`
zHgyz51p0i3?0w!jV7A4tMC^Q<>+muD^Zu*Y#eabN!2qI#ql*&2hmy_LGrail<n`ZN
zfK_;L)lcMg{71o_F<g_tJlWP@wGE(NU;ppAmSljs>RU~VMAwh?cPnM-r^~Kf;1^)B
z2f){k<u$Y0w8EWhFyQ|7G#lKT`JVs#e*E178ixHt+t$P^anMSmD(Apv(WP|uqYgDP
z47aC~U%k&WO|)Mg+j=6bXBu=Y5yJWBqb!Ul8v%oVJV8oqA<xtrS-oMRNoK5Bz}$U5
zO<iZ8(+uF5VFV_RSMn_>rhGy5A1!kpDlh@FN+qW{$BYhS)cgWxe%5-my;n#Ua`BXM
z{`)AHkE7Z!5py>eRw!kN)C~FiDru`L2UaRJ0MG1v>6)jks*JKMdHYfV0N5D<27%z`
zIZfB$QqSpM`juWE5D-*9!k3HDjZFq(EgpLMZSoqo)KkpsenqL6uja#p&*Z&J<n_NH
z@y5F=y)49f?t;OYXaHUg<2SW1D4A>_$DfrnM`pQ4|EtB6pRw|Ky*X>x--R^5eHTxB
zcVCBg!)n#kV^CW78aVfW6GvnYJxtK-lf83p${GDOp$sM7s}r>Ma#b7%HmD^gopk-Y
zrG8e^R??;@h8KmYJ@daVeQ);x?tfs^t2zI+wwtc1Nrf&_PQ#!<$B=xu#>t@i77$da
zZhPP!E_T50MpMF3oZwhixZUJSS2338?sZPQdxLm%BE9j(K;y3+qU0+pmf2L<RLzBq
zxBY?l^G5-ErMvmgoC-1mL$VyM@}~v5YDK2JmSWV~@f+;I_Wc9w9|JBubSV$=_5Y$m
zOO)mLT3c39V5XPu_oDNKcBL6$E;~5`?boVhr?(wpxE*=Uxt*zjg}zPzuP{;`5V$(`
zHRI0Gr;lKO-r?bgt3*;a`@h&3O-gqd*fS`<cycu&HkdlWvqlY!DWiaU%fLShY|k%e
z`3f^I)SdsQU^vAe4}Z9QEH;<EDJ_iu-^enc;}V1x2k%~mmhD~}m(wtzop&<x3okb^
z+&DJ4h&;>C<?w0~m2!-l>GJwYOrvEHOEl#5#Lb?1YU6L0#}B-}>*bvpralaDPm50W
zaMKj*@~)LF+jy&q1B9g9%^bH-G0Y$X^b*R_1mE2m6BEe`@|kf43aYCAdUX2J(qB$S
z`OKI1oDzr1vZKNHBesQEk*~aQdwo2i2BaoJ$yh<z*GHV<fAx<0>$Leh&fW^OA~liX
zh96pSU1X+qqi?pKT*)yu2?mP%s_)ldAH)1BS<30SDR!#r2b<t8XJX2jPH_T3ioqt>
z8RJvw%7VxIT-0O>0UE|;@x8jS7(cf+IX46HyUBs*2dT2!L;GTTmGJ%9&o%U_$l1*$
z351frQ(t%efMH2nmKLCXY)w6f8+9fYcT;?nbk;MkI!?*ySl=})3ra-}lou;1@_5|Q
zqL)^W4iFjpk5wUef}d}In}Z3D0D_JjOrE|g0EZ2_nYeJy6q5bvHbY(4nZ;VKT!^W0
zUiyg&_cGcTp&t(DnmXLjPV4W+v1W$@V-Dy(fWCB!J3%C(*w1iCWM%NF%)s>qLntX}
zK{7x2y>Rbiv$OmHg~Oi3C^<h~jS=mBmtx@TOD$q0O4O!ozuP{z{~lO?w;L%K2OIzl
zt_q3ayGh9gn1BN7Czs3vkuJ=-42(X;uy=zOGPSI^B}{2I{8I77%+Z83PW)u!^_$GX
zO#h>&wEq@7fUG1UrYW+Sx^xLxjfGrK44ayjq%4u}uNtod%y5e)H3rG-;4@_#E}i}k
z=ifhh_#hR3A_3MR-fP=<POM69_BTg~VT9*j5?!kEy(>kQMGDT>bLutm)0Z|YvH6Va
z$KW3cE<nK4t$ecLgH+K4bk5yGH=Qe1V1Qr58=7n3;#=+GzyHX+-oFVR*FSoz#6%A-
zkd0HT9VNzQ9Mybg77yrUj{AV&D=lRQsuhZJT7-vojJ=}UZm8=(2uuyyiWDtkrf@m&
z#lEQ%ru*by@{r2McsUV^Y}6A=KeMwVGxH`ED=CC-w68}qvIb*WewD$QsPo0o=luJx
znOZAp&*Zo3YSIO8(-->rG;B@;U-`Xg|4E#Zd`NzDBl)kIg{KaDp5mGS?hfuwEKjyp
zGd3$JH52Ns<2ZXF<z!j^%-vj4tbCKDomHfb*F0WLFOw6S1{BzTXg}S5$Jy<^>IrYU
zyjHo0&0I`{{Nq0;vkB0`=Et_d?Th+%Zi$;5^<!ln7!>MzFA^mtFSJi`f&*dB#)GPF
zObh%?EP*onRj2d*J35xnLGK35Gmp`QB>7>Zd5;Iej3{l2gaIL97_L>n_Npv*0>GtC
z;VT;Sp48$HJ<$c;V~o~e3pz%8+Hmzibguu4-!nRAAJ3z64ilAh3`HZv{cS#2sZYIf
z05uQJ^+MCsnikic%5bH5<fnfrvqk5;s)&#Mo6+AdM+-3H99Anj2!q){5#aH}@@Ll=
zf7=utoc}Tn9r}9BZUEH3bnY^v`?3w4n(*}5J^W9`o8aYjBfDN})^t-q?61Az(RpU%
z8gh1IS+_93$fIH@$P@{%|12H`BCaRy_d}Sw(7#knUayqASl|||^Y6ojuek$<%Rb;v
zne7-z)h!2tt#o?dqjX@8hblYz>1{Z@Ak8Tz&0)jVR#S6TNp&Y5TYgGc8ppFg<>~DH
zpWQ<5ix_{sFY-!!y>IBmLOGflPOz({L9S(Sh&f+_X+`Qs@{3qN4COe7pWeO;unPeO
zoF~}^Rm!S^LZSVVGp@?)x3^mO50MaM*38Zp(m8tA&#G1{$iW9lZBu0?-~K8;j?aV6
zhICCe#5VKBt8!{Kv<uTIoo}6P)5(ydvD0JFlX4Q^(b)mH8e2d-|APK*G!W(fsr=~F
zRF#>Fua)JF59&|4#KakiLm58<`+Yu`ZB|h8KTZQ$%iCK*8UxeGi)^D)aCwVgf$HpN
z<KisQ<32&e`hnuWG=al0D@uO}>^DAM@{h*P^W_y*RPg99n*!Wd3tYkv{&86+v(4u%
z*1V6Z=bd4=+=6T0*-LwzQ|NR+w-SZkT0Ob5J*-C_opTOv%|lz;G!fR9go6cWzth5;
zj`~;lE=HN1jd>Q~+7kOp4A`RqkZRfgN2>i$M`s5cq=rkyjR+~cqch0OB(gGpe28rS
z3{Y`V&WLZ~^OmXV<tm|I-0aYmhG@Hy{q8xf@$Z;kjAD7IA%D>TJL+vDF_;ys!K@zb
zrYl**q$>461wJxo^tAiY?G}I-3~Y$_V0NQr>OM<Mg#1|n=L(tWIDi>UOhFYZru{#d
z!Hj+Kr_g(^cmQp;xA^)Qe9Q5R{Q_^QI@2=zaeIV9GO|*|*xk%xx2hKcY??WO_P6Kb
zjCL}UD6yW_A01pTPXK&SHNTlfbq$z<(nfXP1J@t_%ll9*`R{}ZxC>Ch3qMTPI>mrR
zrb<cXypjr%RZ7)kE@+?BYyu{e!$gH&(D%)N+>j{y0Kh>0Nh8;gKh17TdvwS8bt%~s
zU{IRyI+QTUmsMaaSE}~Mn_=b90gdmp(S}tS%}(&jbf7=^n_D;Ph)?7>$N1C74vJ-+
zzIO8DNsc#sTzBKZtObo;%%{(2C7eF5B@=x2>R)FW*^}(QN;EJvxUtF(Oj7Ogg6r#x
zi!wTgWG8z3Kj{t`sW#_dH}yB2Fr<52A6X8x3w=zez6SkX0Zwj*KVU92PCVC?xLR;n
zz*fr7Nf&7-&819qK&t1C1T#nn5f9(Tw?y+MgR3<wH1Kc0iC;pMxMp?^#<2Mj5A)cf
z0>5|(-rj$bt4aIgUMuwd@?Yi&3KvLDt1x3sm181eb!GTgF6;)SS6th3mMJAe+R3Ku
zebDxkxmjg7Y1`gijMp{S+CvXdw}^4*h;zx88VwHm=nrT&rC>l;O05P54fOGEUT6V{
zbG49$dVzk6pY~Mbx-a-0ciPvfVM6;GMS%y@xSi0JsEsKbDP0LhJ5k2vF`0oe!_ve&
zoTTK}S$U9YFP7y~`{BALNi#kcF0*in<N*Wm{MowQ_f6stZTc5{H0{LgV=g4iBMka$
zeasCzTO&`~O*Bt;E|xz>Z}5YQ?B2o%wAFXllaprFodbX43Go;AC$7iemp>0Z_0hy~
zpf{rg8sO@yJf*3Rd$W^gP0B!PZ_)i$x~Lr*KX<pYvsC%4iLPqppsTr<)>4H8vD2V}
zHesVJMxu=e)vk6Y@F%`dHqzI~&3YoXRM6pF+Y7RG%+0z^3rR0>^2;r$m`!Li>g2%+
zTJc#*x!$2Q4^8SP`V`^eiHffG+sgK2re&Hm-u|@Afib!l_G>+-chT0R3acXAtT*aG
zoPwmk>%fEZNXIK-QBEZYA8=uBX7ai<IJ4KhL1p^P=a>7#8y2=tT^&2wPhh~HvaD>N
zc%H&$|Co{(lxB*Fn9G0xP#Nj4fTCo8EAW0;iemsTaWFMi+9?33?RzXe^l{tuWSh=F
z7aQd1tdjj|fBlyL*jAZ|LtM{*(hJCLcEm(X!5g?{g=y*=aJ6}bWh!TIwR52c@5x~K
zlm@jtm%79O*9g|8H>-o%5xQMce$Ig4`X1xAu%GQG{MMvDYX$^E!$?>@Tg+ZZoI}3J
zYH-t_JP!?#a<QP*ew{VI;M}xV=hne06PZDEPsRys86@ghW{vORE)-YwlYf3%qd+~U
zAH+$77^iXs8x&F>WEwW;VPq09^!mddc`<6_I7B240PSeX(M3Dg0}{N*raJs2el|<w
zjW&;|l&hQl_lb(x%3I9+4cE&meJoN?&V`BSgnH-%YL*xP_44)r{#`43?}5^4K>chr
zP_fWL_x)^t!i$@QLv*)?fmv$o6MMK8F#H!2D*^fDvAp2wR+r;VrNx#~0`Jt7&_%>(
zu<*q(DlNb$Czca{s<jNt?F&s!aLopB5*(7+s*-J7_Ri)~`MD;#+P>SEX6+&xiSbmj
zxf1aov){%^^<&8wIPjxM*TTVZyZ$37#tT}x3iJk?7WmnKID6;JMD%AXwUytNHiOK}
zH!(lwfK1sR?MBUJ3uk|M2H|(5R{q5i@2%aQ*6+Il`^j}XBKk+*@Yy&1{fWcAZ)VVc
zEv&;x&@la^fZk6^L^#(UAn^^cuPS0b<XiM&+>QG}N&j%#KvOL*<(H5%+w50L|Kgv*
z909|w>7Q`rJ+D8`Xb9^#=k0itF#dBj54RLrVLdy$rVc7v9LS6GnD1+c^*0Ly8(6v_
zp0ke7s0ld${bn)A7MD3xjOMO+-81VqI2q;CpYuE+r)I8uz;ksc+dah&6k6LB$BVxV
z%{Ay-PPXaGj#Djc)lNP&w7h(N;fpk+yEcxv2kxP!$Or4b4@!6YFs{5a_$s6K2yaQb
zv!RG~!d!FJ-SXzWNDm4z9lSlH7*eynC=AlK%z#{>eRjk7t{y_p`}$5DZ7-^-S}iw7
zM-)FVsA)R8QnPA<acP??YtB%FKHejCoB;b0u1qTcnSd=<>e{6ea)8sOmf9>m6k#<s
zrl!fr-3U9E7BX%6zUs!<1`_+OqBU=4CR1<#jK70^bKy1IWynR9^u@4#Rgew8=m;|`
zv|=3uX{KE9eiEy;)Qj;Vnth*T%22To)`<Pvs%l9waQ7OJlcOdk6{rY93#Z&p7%nl-
z1`etl4Qz-Av55i>za(MoxOCE$ji=jUh7-=A;P*ZqRNd^DuAeRg6`F}{yHwS~I%g{(
zq3x@{R}ILy3CA8>H8sFeI{`-Nk)Trd7(=_*=tByOwh95*v^HO6cG8vQmpIAPnos9>
z*l0GK(0of>Wt3OCx>edY(6gr@czNx$@@!5I9y@WlMqw{ksoV(-Y!@8s?m}B<#_?4{
z-M6|MXeHClA@%Ml+vTd+Wo5&0#^*V;!K4XVUosMmaFkgKZCEJ*jRn2-7Q~0r){BWN
z(KN;0Mj|U^OT%xJj0AROw?ERY3E4iDP9sM9ZMX+=*EBg1Hacf_C*EvM(1NZ}mZ47g
zqbxuke2PC-2UN;pD#qbnKO_J!ww{*<WQ~&&Hpw8Wg^F9V4oX2h@x?ey(bf@0(V-GO
z$-%mmt#D{x8*iz!rbQDtCeO1v6h%reX(nL6JAKVVk>w3P6w-qT&{I9owhOlXqxl&*
z?81=^x`u^Do82l*{+~4+monHua}9Bzy~#i#U7mO$fs<$45nV9Yh6GFz70542TcwyT
zO=&|O@&@(@dJO2Qc!+9>C8JVmNzBuvTd{nZmSxQb!A+i~J?J}ta0>&1t;Zjnl_X{9
zF-W4>tV{Akm-Q2Jfb*7I+gK^wJ>r^y6OeGyxUZsSzg--t^pG0q!gSESnfS0rn8|j?
zp%rF^fmHMs;zZrKwXyVp4Ria>K6Jo(@3pHudF8PR&b|KYE#<idJ)W)x+_0?MWE(L1
z7IF-`iEmphGvm>*DsIK?0=v;3NWzPcD_@+q*6!DDn4%X`iuY>lfl&0VIDuSo$QnO&
zn_wyDuvzdIm^<d3V}=_qLPDD>E!f44I5k2_vUgrt9Pk5%Whk3%SO2xh%eWle<)7WV
z`w4{S<w{#T<?&`G$+h#%*BzXv=b$tMQm3r4i~C6GjpKjF3%lZ+6)<71F%cU3!ruJx
zoXXaFDsdeuFsv55GJfeFH}j-`34hTp2tkP7d*l<+HHQ156|^3obd|cVcV#Yr35xok
zCYp#3x<Q;EQ1VG*p<L|~rSRdi{zQ<0*;0cnHbov6JD^70Y<2|+2Je2|q1ZwUd66?&
z<#^MYiCoxtmZPmlZ5u=s;oD718s2<FBTfMaj&CkZ>kUP=#|ah}x|Zf@z7`q0u9alJ
zD9pH0PTOv)+riXG|8Ub=vh3bw8h2JoKdVadq{T6nVO-;^fnG6HInoOR3$yDydkpKW
zhLv6QJX0KMtOEv@=LPy5K~ODJ!_i?pfiS$RRL-pvOrx@$s=?duj$DLm;D=S#*W&Oc
z8_oQ+xXXx8KyE;L+vS+G4t8NVcZ@~Km7oM=6=j!cMchMSoIiyHvk@Nk7XfO8TyO1J
zY;F#M+1>UWDjEX260jD?kO&c-lmdVBJC9U?ogg({pphJiu`g%i9a3I;9pwa!z0S0B
zT2Q?j>1$7YH+hHGvo7-Q{5$X5EYY4wBEnTgx_LK6A7oia<T73S$hLx&Lt06>0*CFU
z)ZDu^fIO#}&d*=J)1JIEq9>TC&Ppb~rAXF{7$t|!^Jd!Y10xI=)3mrkkzX!g_(c5C
z%P_yrpt5EaqPT5u4HBa3z9pXDJ*Y}n>#gj{hf(7ow0zpYC&9h=9Av{un}Dx1{+*||
zYP)^ME^4??iNl2~J&;BF>~@*v?P06XsgCK?wzyNOTBad1m7Ng{kX$eAL>#&tN(olo
zNDDmwBQh0|8;vBlB*9x2me0#Y@B*r$td77Lx-o^S_L&vKZdzMg*MDDr?cZstSAfeb
zE3PtZt|j@n*R}$?;=wWcIP)soVI(6TC+-RN+aS_~*uWuPd6yj4F{mwd7DhP;=WRzw
zb85%BYlQ}8UcpztHab6ZPE!^!cE>S2AWMoeY5aIcFzS@0TM=!0_zreQDjBr{ooF_g
zXx?>PA|M#wY}BP8*Jr2wCWG>a1gN2lWatB{)o%mH<;#1a4XY((Wo3C_W9%xTdHRv&
z&VaR|E7>|QVUV0M5|GTsLl%8jr3Wg!Ft!D#E#kZB<{}`_p69&dUV|~H*`3lVRSmUp
z9~%!Q<gG#|2fKFLT9Gc$y;?myELgBNV-M{49=ShGPPSFYtW&HPUhZBTlIB#FFYe`V
zPW`E1mM7VVghCgK=L;GLgy;;VrMsnoB8?qj#V-%GP6+%BG7;klT^c!|K4gmsiBJpv
ze4!p62rZ1MlF$~-*xbIma%*;7Fa*u%Vb%DskVIQ!SDyb&^8iv&ga+E|mPbns*a%*^
zu`0#472RFdt!oV>vK?Ray{jSU@3b<nB;8yDC`fdqBg|K8hB$>GO*CyD3!Rk<KE1Wo
zBfwGARe%c^7(#eWTl&sB&y)EJR&Br$b|W8*r10w*R>dqeV>*hs9ZT!YCc!1d#F)F0
z>x#1>d^C?29l5$k{kYRT>!XZ1xBK?oYf;_aAjeU`49Gxf^UzCvk~cGuETaloi7Zz)
z4_F5`QP~G<cRydW2wZWF-FQ^DHxKFumi^G4{hdbdsjc4mzg3d@p#$ylbQQpaRP$1l
zMOAJ_yGjS9kt%6qcdVU<XZ>tI)6P!ntIg@Bue*)vtjbtC<?S|ZV_59)r&96H)Ik=!
zfSh3bd%`zoWP9Lg<ZW~5pHDYl-ySOXfri9{CiB}Zx|%UAlOZtzsznMRIF_2FRWhwg
zp%JGbD+gJAYv$5ku>z%HC$IwV8i!|=fk>+w^=zpj*9S{LF(4-VLD}ejK-c*J(`%t$
z@a;s?k0<Z)v5`HromTLCdIWrOI=0JXYv5}a+Sa^5IR7lp8=XNfTwqi)QLBXC^~ATO
zLalj$9;_#}W$X~t9W|o%NbR=Uuzj23Dy1QO9~3=(FqXZR#8tC2Yid)>;@LoC4&8iD
zbsM0YbILo<;?R+%C1!=PJrswBq34sdEE*p=yFbGD=V=TF+(lavn-LAm)a8`a>b0iU
zwhd`Z<aJQ(lnb`DxV%xWa_{D1V-?bZQfDTyxa8{De{+KW(Qb{sdHwgXfd_^BXaw~B
z@G_={pZ~B<ii}!9K+E}=4V}O<yPbuyF;BqP_;)J8T|mvdovz^Ey@NQfjjMM(*K?j@
z{O4EfiUo%W4a)`AOFQTRZ1HQ|)WzbMsvcU>%8xbr3}+-Xd!n|1)N=Qj!pl@cQ#`gt
z*;MD~lLmOna2pF6@^kFl<m!wE+Mn_H?tU#Y5`$0DSJ+wKL&an+w2cQ7C6rkGPAp05
z6)6)*t>#z{qOalbNxJ#`*%N{eRN=B+7nZa}lqfV3ln2}cKYe@h!>-*aYNe)-1+@0P
z*+?Q$&XvU1mD>DXVXvS*%ykf0qqjrG6|9<}`Ln>H<=AjyvZ_b5e1f(O8(HEfepPp)
zU=u-2HVK<lR5_wFuDt7tFhcFA|JZyig2mS7-G*Ib)8-~8V6{nC)dVl+TXdUBCHsH;
zq%lhP0`B<4xb!v~v{<b6>p{avT(kUKb-_Q~KW4x^5xxYp21iP5aBZ1xi|wmH1|ZHZ
zeh(+16)fG&DL6wtnq?sE2klHLsHDnpx;>_p1vuw{_Z4CleNAvDOwx}$DBE)wi5j2Q
zyJE+yw%Z%7PLy<!?NMt*lyHT5erNSZThUOMo@|Y{OZE74TW@#DDN7F%N?k*~Ml`4N
z^BkN^tn%(Z*tK%#MuQnXJqVNR3L=v@{abWG13jz&r4D<vK8jf-joESe``d4nN03K-
zO|ffme@c!Z8s`LU+$?K&i-WHd73Y_}7<R*BD3iIg(ypb0y}urq;Yjm&K|`HiTQ(zE
z0nt`o`Njk|085y)<mN4<7=Bp`(9YgXxc97&c{?Apa$q@g>=BLw5sw=H$jm;lQb)JK
zCelbNu~{_$cfkvaz_>7B*GkN#4}0K8=WRZ)cs9+>J;uIh(br%dd-nqu5xx1v@X)6k
zLE4N(BK}FbY>(2p^_^>oQ1Nzt-<&+1bOT<PN+4uGA^XF4J$@uo5WH0};-ZtGd^6R(
z-rIf4le{;;*-ss}Hywn~6<)Cv^Sg7?ZLCjiqgxX=rGfN_a6q+t_>(sWBQ@f9?60iS
zoih*QN-V}pDtRD-fV`Q`A8|Ew-xlqKWP$I<$L0SFFlI*hX+8ymqm@^d%NHF@NvfUj
zyB&Bz@|bf&!?+#<+%#Sm?B;C-cs;#(kS)~}+NV&LX}Z?}q^OacS6v7T_3u4E0qgos
zeVxY;?l`*u`q{08m<eizh4ibfzPaEEPjgHyMf8eGUzt+U0Suxx*#NdNX-y36P_XOr
z+l%nYRLC|jb``z3>7G%o0k}F0nm4W)Elg^_dSSuKXEZS$si$~A0e8N~n>Wc|$5C~T
z5aaoDqA|8s916BBP{_Un*)_wi$<iQd2n#NlCv<u9<^%=lzC~XnUvP-ayA0me?DuXL
z$c>iX)_0>GEh={X{$z6M+$7=i_IPl#>nAj8#^e`(r*0d(T>n}D<E5(E|MbVSA4R&n
zPbdm1Wt6cmH`Q?}Q8B}H;+zp4KUZBDzkj@5j;sKlV1CB#Id}Q&RjF`%X+ywD;Hsoe
zR(U8T;p&QRs`AZbTM`I9S!jsvkK`@MCk|WZUvS#&qSYDs+5}17O}_=?DPxkGSm+}$
zF?%*DDS8Qx!yKD~?;(44+Oq4cx;Z6cP}}~24@->1c0SFTD(d)twKrWT!+OS_HBZWA
z>Q>d6x7wO$lLxd$#P#vvxwjXy;XiKiI<>G24*<Jl+y~UQ*6ix%BJah?$67eHUo|VQ
zso~zLm=|HCj$DIhOawV*!h-i&^PD}JH`tU3Z-vikz82LPEK~6;*ARp%Bh(JRLa{X3
zBuQGb7nK?p4?j(zeGHH5_thIW4NfD|jT2ej?F8iNTK&F&$!v{X`!&111Ke%ykh$9O
zg+dKNg{p#C0@7>h-D51DD)>$8_U0sPz(|aPx{eN91Xg?3!MTK7RJBuIFl?Zaw8PsL
zT2kYcNj=yafbH%Dc4Y_@lmh1IphDxNhd{==>Gs$@R;;HXFJ$N4e6?GUZ`iURn_5;b
zDrtzY`Dl<`kj&xr(hh5xG*qdh3GDb7-I?hV<%Yj|S~D-*JM;C#IU??w7hpnLG%4>;
zC!e*j4zEofnjFV_G!A*!16D|oB*2%kO%1v=N4RY!k@V9nbS0KIyl;!)t+jN{HTa=Q
z`%LD<8)m3#297Cw$be9HWjBG2SpX7A9Uc13P#QH2y+Z{2zN;G>kAB9Yxxs&5Zu?Hx
zO_98w1Kt@_Blj_oAlQgZoz5I_QKO7)?Cd7%qEY23jK`r6Tvz=<Fz972$d{K;U%P^^
zJnZ3`&yRq!NIN-UzoN<;%K*6rdFh;>>sQVPP0LZHb-ENh7Mg!Tjdn^i^l|GUQgHL$
zP7OtPQ6t`cqEls6VzAILR0mo&kL<v_{0wABFIYjm)8`$xL#J<&DS|H>y8(aNh*D=I
zg^vR5)lK^`aW)nw&oyT0D30DvsGb*SC@3!0#^G?U$QKF#wZm~t_-rBR^2+-q!S-=W
zi6bu4Na&RuLF*r~>ELy)bHoVu)g2-c<3nlUKlJ&x22PfVE1V<5&_Bv-0<-8Ve<1BE
zr`ImFiS4P2XDdLS$Fo68Spv&#O7m&dMuFg6=dKi0Q6sGPR{J3~Y-G)d+v|_+?tNa2
z?Toac9o=|<I6nx$SC@dU(BR+p#;y@Tlvnub?M7+^W<Ddh$ou2PSa;h(BR^C*p@bzl
z8aQf%S}6cscUGl-^IckG;k1dyzSdLA?&0%ya({%j4tRFu`{mH3lkSMcHu$8KRKB7E
zXi_<pNO(5n+@rjLs^2<J4i$3toq(BI3ZN>hCwK5mL+FW3TzAgVX?IjT0O&lXY}#^J
z=Y^7jG7zh5YH@TgxN*Z_1wPSk`E5V!`W_b%bVvRd-ba@V#Pgc@t~hG!Q+@FIyZJ%D
zYUz$;)$B)DdKSV(^afQ{cN&~7LYBE#DhF8MlRkBPqv>odBY-N!5*$QF!#zsfYPy(X
z1XXTDCri01x$|L>W)kqBJtJZqbPuHv0ytrd4aqj_&M{05uyMKW9)v1kB>NJF*Djuh
zb7XRZ;PLZIRibHA4e6d#bP!^aa{Y)lX#IJQ6RC=Am>^a+^s<ZCL_^9L{q!w>(W{hR
zuqz6>B2OPlW}Uj>*9@Nq8Q=TVrIpd%(c16Rc8h562$aC{?Xs774zSQl_bpr?7kqcM
zsa4x$z%nV9p8kH(qozrzyfF`eItC*F|Fy)hc|GE`D_=lIlq)D1WuNVCIg$VMwTKHk
zy(X?&@4gjrgV(sw$fbo5`Vi_qOuOxFh%awI#Hu~`PI!^1b<@<!-?{)&YSVNpDrCJ1
zfec-IY6o9z<BfFTqBj%RR6;sjcS1POlMY9OWj+rRez389qQ^+j)6@M?94=rONonkP
zv}YYSZX-ArSdQ_k05Yh9R%zY7`n)O*)d6Gou^1qwVPjqw0#`K)<?R`<2BrgiTg`t)
zw0{ADRateV+3_O1<`#i<>m_Qit1b3a>10ck(jEcOGYBeyOOe{?goUiVZ*gA<ai2S-
zmUP|*029&jXq*8ZsZq40+1a|&ZH`KbVujt}i9MUD`Nre*o_eYj!O)e|iK>`XW&hIN
zm3^u~2SQ~Z8D?hpy5VM0W|hl?gjBeXd3rXrEnKVy)L8vq2#|+m8X3GeYq2#xb(_Nd
zW!o|10aLK`_5eO+o;saDv!MiSF6b-YYbI-q!i6RQ>=e*KjV8Q=<%M3Ro-6Nxy#>v)
zjgD#S=bDu9`c0%MyV$^sfXjTsy(KR$1qSTb15D|=yyL!c)`LTd=^DA;c6V<6as^(;
zC=N#V>>AR+<@pfavgR^a@RW^v)ld@L8=xTf7dqY`KiUv4N7|4hL&kmz6EHF)gU~zh
z3%@OJ02TkTl)?)s1e{6>dN0{3PnxNczceXRHeXk7#9}XG;IS-$V;-*Q{+MLq7j@{6
zd49SR6MJ`PFpTcVKPOLo&5z}&-FTqqS?*E0Xxg@6v)QzYjpP;dXOX2FdMkZxbU5Kh
zz4#{9vb>Kyir=jv+YUgF)k0@PH#ddJ3jj8D0aZCT+Lx&Ub%%ag-z+q&4zm8f+B)jH
zNys9<r1*6a4?P|O^aZdcK8U{=eY4PNc)r=Kxp>CHRi|H_Ow|QZe&i}oeF&F#{`^R@
zf2+dIZ=@ZRMRzGw_j+xsNt@1yZKMz84snxHcxB>M#&*KEb?y0nh2KbGYKF?C-vNR8
zW6psLi%LKT_{|mCDx{DAJoDt`d$ki$alNIAHo2++*g6FdI@kxm6N{fWbc+uUEggy>
z!oWKd%2NZQe@D}CbRHFl(^tskU_qloD+L&B)^ws5I4-;t0G^~YF_4B*c|hSv+SE&|
zBSqZlE9MnX6V&2(Xy7XaY(URlxI-5#y9cs&lDb=jatqYj{YW7XGLBE61BgEs0E9_r
zL)xa&C`vH&iTl`LS-lz-+Cn>sJd{tjhONB_g`Gsk01$07n~2jcUmLoWMxeB-?@XC?
z_j7=@V(XPDdzUbk68w;nPs+O=!p~{W`qT~6ZZ$RCOqbtCt*5X-V;VhM4Kx`Ab}y*z
z^ni-*c4&<M_H35x>_(i@8$K_yWgNXspDQ1GTlx8-YOSOkHzzt?2_Hn8(IJoZ=XQSm
z7v_hqI}#;OKFo?Fz}aY1n&@Q&g*@eyv^ic2c>^T1KZ*64=0Bxl71|X8&yYm*1IGsN
z)Z4C{O^%!Uut5P$WOvozwDqoRznorGQBme=i6Mj5J|IQ{^i)CkbJ(pG)@`qqc>+uT
zw_dCgN_5oGixYs%Jjbj7wg?=M-fb6QkD7@ejPA%T7_j>^pAWjq=@BwF(c{`i3dRGI
zF|O3J9J!aLtEO77VY`p|bSMn88~rvcFn?dxvZ(Vh7I8fpoy!eAe&-~9VHmsG&xu_w
zR9W4t;*>UDQpWY$qc$lZY6b#xU(kAW`bUrE$bE{t3kdXMMixxi<_fLxCdw<i^Z|x(
ziy&>}n$EzNij{_7@EK3pXIU-NF{Y&!?iqRcN`K=Y0{g-+v}}#Vm%hl%WZR%F(#R4R
zaG9jPfi*=lAV@XunIAfFW)PZ9gDW65fZGfOH|bMvaY3e45blAPucD9c@TVJm-IdDH
zPL@PJj^Zmlp{Hir(=20YpR5v}gtBkC92~2wig(43!&<68cx1>A;oK4Y#U7L{Aj{#7
zWeEDWM+3V<_|}2rrGLEVRMn<~8&hKc>x<jB1%1q;79xCa2M-|oi*WRKZ<?viK;^7>
zKY<5h<fw6t*S+?!!njjtj37vNV@|TywY)hKJ@K~q!3CAalM-L&eJmVToH1T4M0x+x
zui$xH1bB7`O`Nmzq=0vofnTG)w%|7_EZL+(x_nbqMchB~^Zjhb-+xBljILC!8M~YK
zK@RpsN9eAoIk!9w{)vTm92e048T6x96lU~D^-0P;{r=BTA4lLmkLA&Rnz&!3e+43|
zoOgjbyTtr*f8|%an)JsG%BwDEgu(ruVL1LrTrsC(@#4^a)bKyo3w~T2+K*h`z4^<E
zr~ev5VNtW){*uXHw9kE@U%y&J*l(2A-P;ZOatU1L#uUXBmTl6Q>4n1flU>o@Go138
z|Ik;IgZpU$UCsNmwM&HWeS`EeVMqRmXvQlG==|&?r#ISv`~tlk14GOo9rg1<*tb6-
zt3R(WT#EXIWBvL>|J%X$M^N_X<<q|ZzoLKp=l}N+L)f<qIk<fV1Ef*N)4~A!@Anyr
z0d&OpfBYBVJ@@gyFCAp4>|U|DxdzZr?iK74=76t0zMtiHsqO$Mp_lTe-rARd?z0B~
z^PXGlUs;n`kQ3!PDtnLt^LSvpQvh6|d$pHd%lUt&`p5V8^&)B`cu+?-|6&M}@$m<t
zGkT7Ej{S=tXkO&Oe<hju*rCO^wtLxu?_XJ}08M&ux@6=Lq3DP}@%-iB-dFJe#P{*u
zzmqx)G0*4W#;S1K;V*`V?*@X3q#Mmt^M@Guk17F+B{SqNKHih-K|u8GR(gv@K~=GK
z-Swzr+gA8f2N-UfR~VVpjTFNO9>fxxT;t*-Afla%E4}RvJHk*c+dag<@X$0kBfslO
z%y#$Wl2vf<Y`$CO?o;B!m=uX(-y4^#|6=%<uhk=FY|>cVAM9CBeJ=?-r&emv<DyA=
zpH20MT_JY3sHq=fz!(QZBX6lx0!lp%gnlzPs&vP$O=qy+qFq1X7z4vA^9r|jNs{I{
zFqph^;JK6C0}NrGUibng<miyv{323&*8@1_x7J_IEt;*+?se1a6<{j|J3f6QZ1~#_
zh$FetnAcR0k*_w@4sj?pB=QIY^R1PQQ#>or!m@Lozs_^otUU_s!|z@9udfa%Wi92w
zX0ER_epV|JUUenSJ&zWuiS-TLxTT$mk8=Guv973R_3Yki03kf6<v!&ua~&&nC=Md%
zSLQkHw1vJ}d!&;CB={s%aBF&%yH{d)U866`pu_(yQxnV7W!9P=Z<+ZGd8@M95wOZ*
z;^I8;k}Pi~)RKjD-}<>#=f2N}Gj|e_mVzwOPvm-A7F`NaosH6YrF^Tiav9o%X{=AT
zZ9&w%L{}IWPf|RcSSa?XpL1=yeOWiVv<;j2^8;5cyWdCJStgoDVwHwE;4Yt5D^Zth
zI4zCaH=YDHizUABfk+n&6H$J);tdkfuI?@NHO(dmt++`g)4ev-N?uZhrwRspEbu7S
z2R1Q38S-6zIa@K&#88oj@CJF*^*q`{!2?kCH7RrC;2qTH5_g$wHd;&F@|rG6a%V^m
zaWm#cr&wZgVZNMgQ(|&;(dHX4YL)qgFA*Rq1=v<yw<MPI*0<Wk6dS#9wGi^KM7cLm
zLT_peAt$PuCP<8SxPqO8VFf)$OJg5zaup6;l@Tggiq;EWb`1|~<ONZdKh_%LX61@4
zbzP6!8-U+p3oPy34bf}s8L*jbdvR;o?@c}8%K1gz0}THZ6S($DjP=IymVz47ug4Dc
z^tN=Sr`+Yq)o*H%%jz#=<v6oafuDW;SHb~~s8!UMXe>k}!s5$|IHZO(wv<CKM&$Ue
z*M;Mu?k(>6&wcB<EIgJAv1AqR%});{BUbgQT}M_ZFLRbuOq|TmjG86-Li?iwSeDgE
z!XY;e`oszwdW(mwZ%PUxZmDh?w1L#Ktyvbs>>TH1bW$!^r^p#FAp~+~@oc_nQZTQW
z)ST<F-SD&=e!{EWl0)-HTcVh|Tw4vHGLd}gu1e12cspCc>;6J*(_uiGtISSO0UtLx
zQhKEbQvVJ7VGO6#qXzdqmpm|xz^7`RvJRPTbH~ZW3>3>gkIz2&{ZM9)Or~j!jF86H
zhojldN~D^3*_rcE%A>4G3Oe#KK^^hg4@q#uYJ9dj|NJ&SU+?scnIfBzM!QL><IxYz
z9rx3f;tGL7k|<!_G$D;B5?}k<;YB>LXe!$Rv!PLHwc%h1D^@&jru<;`!Ag@u-DKKR
zzCvDy#uL|L`(guM=f-EFw=R=sKh@p|zu%bZL>h$#l=Zp`b1lY9tuw>&aV;?s-gu`O
z3iAEfQ{wAYVCo({-%PGIQS;MT@rX5NQ!)Xm$1QS~!h=Pf9(Wrq%MSq0ka&@$z+PhJ
ze8e&3TQy+dlt&TM3FxcA>#@hyn<BhXw+z{RHrt^c7kAX;;JO`suPr+&`YP|cR(lN|
zD?MM<`Q6c}x=M)Gi%%gWM?}Y31Et8DTc;BD3J;%wsH@JL&lOw~nz`L^v1H~+>{Gt<
zhd_tH4M(t77DlezuRBw!ns1st#|ih^v$UuJ+b`^WDFnl$?u?t)!9iyPD>yX0qxcvx
zOq-8;KLDvTMc94bgb-Z|BKh1CLnHZe*D^<zpYolX;EFo&x004Y>-~nObyt?SeVNzl
zYj(@3Zm7q0uN-Duj$l&KB4WoTlwV_1W}FIhZsKZOG|7kD{maw}9P5zPyXnL2jvC%a
z07Z^4#kobi+l>*O;daMmBBUut^${DF&RrbWk)ya3K3JU3=340CkCyd=2|UWyr<Uk9
zof*0qBpb8)v9MBEL$1phJb&1DZmhhsU(smM{L~hTVv^zc%_8PU@$+~c(<_l@PH0zg
zL}gr8<aj-N_)7lm<<!!!2m>If*637k%gp0O@lw1S9q(&9&D8f)pS;uakXE##?0DSm
z>->6U{jCciZ*_k+WX3T=N4c8eDlPF<>MQU>x}@{>Z=TIJ-atAkc20pUf*KVT-laLk
zVMJ!m-xTn>BRj*bNo_OvTM1$E+;#M*Qp%>#vl3ia-!fmy*mDI}A&tU%!5~4Lcmn53
zo3aRN@k^V4LYD%$4d!^};hyLC2e1yzEaIIPhqL9O?H4PV$HmQ)IF@AeD|W3S-3WKP
z*Zr3QN>;}hHxyqeiH~JgJ}}=CTpYbS;l^*~V^LOF?taf=B7_=I?iqn$+@&jc2}_Sq
z8Otao@fYZ8wV}P0IWP2~#guz3xxHqjYrd2CC{@<_F&5O_koNmf%DrASBMI?MHM5F4
z!T5jbKjd(n*hrAj5sU3lF%~x#<51reQ5)LuyN^+;%o7|zZ*!u?w^UFGE!#Mue+Fq8
zv%7ds3o^=Gq2(3P{#$B-{pNTcVob8(d*k>ZEoCjY%r37=K??Oz!PoiIwtJX6B%j*a
zlT^J-^G*HiU0rTG_hGqouEr|X5Qgts-7~OkS4+y9%^^@Pfk<_psJrtSZFS*tCYDE9
z-r-4hWToY1Z*b|B<;oF!X)C@M@_Ff@NPG4zk~_gJ{p-Uz%d(NAD)37u0av4Z3_k7F
zNrZ8?*jFBsu4P(roK@A0_Hwh4TE!iwuddPC{HucjCs%4*MDJj2rm4ej<oav$qbM_8
z_zF6Ev=?ns=ON$yctA$O-tj+Hs-;C6%7fy1IxCOxubxc_RdCc)A-^<G5^Yi_i!a>p
zv#YI;@!*fa&`R>W>=x6xj6xPfiyD2J#l$BPwN#J!!)s_wnP>|)9QbYE(h;2~C$%j~
z>c^XBJmvg0E_w(I9E2Hu8E=k{IF7gdkX7i{W75<rs#q0%`=FH?Ik(}U^<dLpX$eWc
z$Xckv!gES1H_NBOGS_}%Xk)2GtZA>n$1eYZqRaYK*KJn+lA7!nz8S_rU6q)36Fld0
ztI1nSjtj)j*VT}ooG-!CJ1?{ggp(#4p6os6uy6mI!PLV4GRyop>PP!S7v7WJ=TC;N
zxCn*2PyX1G3laR5=d#PYm_u^PmLHr_4H;4U%cbvo$UlLCZl%2P8Dp=;>OexE<)`*U
zeryv-NxQ!QCS|Uqo#@?ii3rHJ>+K_a`FCvf#1Y)Z+bXd?<ZVw*@@#~?+K8xrbWnGW
zv6*yKNlO>SVcXH?#_u3B<1`-ii1bNDsNF>nBRq3nsVVX747b`0_ng@k?$6_U*JHa3
z%LI}QP0QsFm#t9AlB|8Nx9+?{!j$utMO=3dQ0+=EAR826i<mZ<m>K}g$DOGH=d@4x
zAAl;CcAcN{6~k5I&I>gAFe#;!$Xaf|RANw%w2KO+aO5_JB@vbrK74OMBgUfh)N`H1
zE(GejppTn}^jLc+Y7IU$dV_czSsrB3qfbt8c`K6?Z--|c5-HN<oQY1HbNA@I>JQZ~
zwlBA=K*rsd)R2plFS^(}J-IDu)MsFx&LkUJw&&%Y7;9V6Ykv$RuFxHC_hu!ZJ&DI<
zvh(zGdJf0OXose4HYJgZNOqxizjn6aS(mu!&k9Y#@ant$WBPS(dImyQw|HA(3~pwF
z9_2}H32EkvdYUZOspO0s_XW02H`Sjb_lS@RADqkzqF`H3dkU~be;ILFn6n$dA_Azw
zXH8II#KDu=CD2bV^7>T;RSQCs?x-#-tk+3@bi{4Rha_}c0m{(E5TY(QOW;@vBHlMP
zk=Acl#<Eo>t=?_Vi5aB!hbEMKi}*RFuJa-;RG4NVa?Psz$JyTeYW3Jm3)F*-z7Ksj
z^j@=OXO(-_N?sYyh%EOcji2j^&+fB0Hk8keDCya_HWnPnsUDj*5h&8Oq=K+q-y4TK
z)XVP-D!f!LT!pUhQ;W3v=slHlLF^81IeHwV*2_!zFv;`Pv!kN!^;5noZXdt0*)O&o
zy@klc?>N5n<md6iLhUlw+LzLqTN-Cy%wHZ;Yrh7%CYXOAS*OGG^8;<`*))^#&SA+<
zqPi(r>?aiNdbDKoj+a`(p^ZtnAFh{L6sd^#>~j9<azkXZ1M~X*oK`Lko#{$GAHI>C
zwyMiRh(?PaPGgdn5^i)<ta8r@&y4iGaqj5Dd&Cw-@>%M7D6yKTFNq9Af;;+LMr<tz
zvXYz<TksQ<evwl?Z<y6%BfAv3Tt3KdP1qhm46l7QSsEUwERlbA#nkgsqc)e+JM04}
zsp`Q|C5Lhki=P7VkIzd;NOl1sVM$(11$#Dlni21FQwgc>N5Qk=vNzW{hAgb_F3m5x
zuobUTGyr2#c^EsYpz|ZM*a$)?98sBqb7GZdMy>=ihsN0dki_a`YJF)8x^wI;6!zRQ
z?7?$V545kBqTzG|JF$HAxGY&dvFV@tE&AfV)Z%&2%z4dRvW=<z58kDbdo_=fBI69p
z?B0Ussrk*b7SG!RkIQ@apVZ+~(oZdaXM>II9}_9dJ+WYzBGlenYA-pnklptsKr#7x
zA6jvYQ(#pudr=*Kfk!>Ik61_?#X3nwEa@>@4wJV}k2hhL*-j;>zIT+J83_y_W9Dy>
z{G5jhYzpt??g9Ek@(wa<#Sd5>7rakw5)`tHj@Hf8#jmPqBON?pwg0SNp0%3T&304s
zqk6GyS?&S;kI4k|{*ns$Q)8bDk+Sno*@2CnZpzJ((B3*^Q1+zlp-G+&bIAAuc_6JH
z|Dlw+)o=$blP$Fw^|BV91^0j2y+<0ms^h|E|7rh}c23fw{C(fFNI{jaSpfw9Xe8@5
z7vKh9LLu@9*)N8+>I)%{F<g(lWn~hrH<kh*EZEO2ZTMP);>jUJjacfs8nSlC3s(GK
zQ>f&E+{)#q;O5Tt;QM7zCCS(4%J4}om2WIJONRp7SYMjHOwKidlkRAuFQhcsn~PDJ
z&YPgiE5CgvcuX3iF-K72Mp(2`Urwxgu)n9qoj7PHwqi1l`J02kzB3H;QSn-$MRUkz
z-fV07+=OzoNuz5meAc32wvsIANZp0#LG7{1BwzMMD5M9e)MNK;SUQ~OV3jR#q5LAh
z;Me84oo9*BOXHLED?JcfZ@}5X!>XODSIK%YyNHQy|0YsIK^ujAi0<x~&(>1j!O<pZ
zl-NZT(Q@QN?+}ajh=5b8U)*iiYV>AHU&LA{3AJwc(HwjC%7#EG^{%LJH^U@Y<IUMX
zm|mW#z^eb}-Aw<7*A+a2m~Wm*YOR6ZJIb~EH#T_<P*Z=ejY`xqL>ylM7Qzb<c@Lwe
zMT7e;X_S=z$*1EsZQ5BA=c!sc6gPH{7Y(1iCic=&qyOW!_xDQU^$VlGa_0{gm0M9V
z5o?dw!yuvT_A6;GJ!${Uq}ZW$?mKixD0APe0!#K>E3Z2~inDrg!xrl&sHHgb*3efk
z6dH9hi%rD!f)zAtqG~sTZEB+7s1lfWBx)><kd&h-e#@R<p@`9QP&<D1{<qrabZ<Nu
zPi}Jh92tDXv7@gp>Gk=~s`n47?H#n~J`u@wDh2%_A5wedr(x#Drj#O|77?Ev)Z3>t
z!+o>&BJ=fFUAr#wCyA$gUE#5$qse87hGZ{o08(HciaH;2N>P6)?R*RtV^{Pz-mdt)
zUG~}Qu?8oFG=hU;oBazXIep%IyB@29@~G`D+MrD2io<yzQl`KhbYfBl>)l^XvX2<I
zeZZu|vsn!M-jxrd-&Dd*Da>&1t~<3}nBzV_W9Ge(Dk`2CpRL{eB#MtR$I9VjL{%WO
z`;-u*1*k45?b6sQkwO~T%Jwl5%SG2cO24HS=L0*^$SJd|&BQ=vKhCp{rWl3VNkyr{
zYQXWvfMygem2pnPp6k5lagt)B(x_H-d0b~JG@u;TmtwK>tv9GX>%L`3heF<Fw?yLj
zmMQJ-CEG_gPx!p7C>Kga02VwucFK|!bl6Q~*t*bvTCyR2B(UKCQ|>yhDyVN0$)i{d
zI7!kJagktZF_+BD<#|D|?i$8zN_W)Ps8i`LfgWoS2b^cV*{$GWQu9p2?u*M$cHDV<
z-dsBFQ@tGie3;GT><&ildaQ{R%42xxJF60c5N@j^?$mox%|WPrhIL_u+lQ~p;jOav
zHghNd^>lt~e_RXD=wf(eZ=r_qm2}^QAmtDwP7RA|j<?(R@|2Hyho7ppU^7uNxfXbd
znX5W+cdV;#J6^lv;_^-${&LzkZ<!aNGEN=dUvtuK#hl8%t|nLnIaxIC9E0t@=Taq;
zY1z?-tjDRx!pj?9qE|mACqKUKs<Uxc(C5t^!rX#@#BG(Cg&>VDoEg&T>alaG>#Rzc
zJf}UKcxtY$1mNf@cW)@(StVy>JH{*k0)@TwZMN?`ASk!gW2ydWHu$n~NH$(^61Wlu
zc+lKFC9cvP7wTGrTD_Z24P9`32#ErQH87A_(Il7sil+FQ!r<q~mE&1HCvGxGcc>j#
zyQ|T0ap{LSCOP|<HtVp8kpnaXmmO>btUpTzGb$Pd0FdS0EUvmy99j5!`*X2z$3<d;
zQsge7Z=L(a9f>XrR#1e8*bxWb4&N7FkXRP8^NFjluIRkf$F5D(qe@5i9kG(DnMs6p
z4+Kk~TV>69y71X;=sZ_0Fq?l!O}2^A2eS@2b$ltVJl^ihwf437&t5|9P9_zzTiJ1S
zQ`434eP~hzzr^)en@V6>U@p#ZLj~Out=PUVrWqaaSo#j}6KrxYTgu4n8^5%nf7(O%
z*2`CCB{RnQHXG=(kMf;QCVKVNkOM|^=KMKcA34`YGEezhmct2g%!;0JOo6^~X$Ib^
zmCC@BU4im#a``N$K5Bi7gci?t$Qe`a3e>?S`97(~CKz_~seV8!hTpGQDmt=rbwo}N
zAD?ZQzNH>ZFz%#M*Qp&YsA6MBU3m*N(rC7=E|;n-zfVc3s2d<H!o@2a52a_$8`s$T
z-jhDx9;|fa5svYgk_9Z-&@dRNy*t#m6z8)&z^255>$=$C|2}Wyh2!C<pfrE8)Z3lI
zb>L!HqGaAT-L<oOr0k;~*vnpm8&gT458=jTwSVzvWAcHlwrs<pO5L+Bd?udz+M-C_
z_lpV0{J+ix1N$ni(7mnQ@R}Ny<nedsO05=TpqFd|;NYd}OG54OUDye!w#{=7B%(c)
zc2Cw9zO9z}u5|Ok1pbJ`n@)1~+)cwyi&NzH{MTbgnT`)P?a7Wd7a{G6GVW@xR&MJA
zdb?eb&inCpX^9fv*E$?GRqaC4)<`*ZYC1k!uHbs?t3gk<)*k=<+b)daC#hxjd!lkb
z0Mn`_Euf=f$ijsvpynp{<n+u)Rsvp0wdr-|RlpczYiVFgsPr!7UAZ7DcxY-^sd2U3
zAKa$E2p|`6FS^W4o&@^(!Q$hyGYV5h{|{+z9TnB~{|`$@x1<a)B1(!N0*4ND6i`HI
zkWMKXx;s=H2Bbk05rdR&P*G-(P*A!AhVE{B_Tcqi@8?^;wVpp*i?u{__SyUW%6&wg
z#Z4QvTw}yDMZ^|5^D&SbnJ19(WRQfQq0Z}P7Jit~O^9ZfeD`YN1D-wW*BLzDv=&qX
zdJW`tyyM}BEq+Hh;;DbG9>L+Q-nS;@{IK1L{RH!o-bxiz*A7uQOfJ;0ZBPZpnGc*t
z{v06EIrWDmZ@)!bv;<jaRR@HVLz`_+k=Ty18*^xjUW5*5(k*OJ!;ObzrT(iC4>{~2
zVYzFhJLaD_k>W<qS6YU@CXP7TrOBtFEo=e|MjF_pbqfvWMU$o3-#^CnYw!qN{Qe<9
ze_(QEo@Zsatz)VF$C(^NTLng<d3f7Hub@;p-YJBOrCZoT_45ZXbNAzg=Pf1&r$qgg
z?;odL1aoU%bp0X#UswReke0du%X0duj`b@+=5PF#9E`=Qc*1pQWdqV$RKIrAJ?*2U
zmw=Ut^)&d%tDr;<+av}(jn&V!PQTbaH1*2<X6vIi<MbG9;u4Yf#0e{Elpz=jM|_)m
z5&NCSm@k4az0Xo7y=A!C>J{3;O$pO2qqy(s8g16H>m)W@Cj<Nu{#@{@=U&*7z@}AM
z=TE9f9trm=eqNiNpY;`Yx2xP*xKVOX5^<sZESPBlFP$=^9-u9f5juO6Y}FfZBO)LS
zJC;JjU@8eQD@7aDtBDu+7AJf2{86C+%BWB6^{(a{u#}euT+&xI5A64q{C=qA>%bAO
zbYCr@Ey|p)2$Y@d2!k13N-^4<U@j6RXUb+k&KHhP<+@Fwvph!(91&9powN-MGtx~~
zq;jjJIPa1&s-8>V@$LL|mk4ea*qyn`dHRhOC!dw}oN^myIjJOc)|bW|MQjJcStt<L
zKY)lMpB9Ca8<q`A#ppJC7-}nWFvPG?Lgmv*Ptg|gJzG6_`qH{Fx$#s}SOae1#m&gh
zJ4}zsbW=A!+1IiknUg0zWlfHAj?kFB<37>?^v~T+oK80E(AyaDKSen;vroMDjZQ#q
z<b1MVibyRP6v5asMq6t~%{3qOOa@Nrbt86qtD4|J`0z2MZNX$Gl6KQQn=!*1ThuB4
z5Gzikkg!je#Gse4y2{3ZlFiS(<G26dQ0vMl|Bc4h^dfXt%#{-ZfH-}m3%`)os;YoX
z-W-A%l5-)WJ*aI&alN~+)cN<axp2%bk6&iolcnsA46&7N1@bColasxtE5FHu=iP_S
z(r>hj^xc;`SLOY|Ryo4DY_L=VtEno1v+Z6s1)l(-`LxyR;~FZ7>*d5KeM4((5Gnn7
zk|#w-SPLHnqq9b8pfgNJs&z8+q)nsTs_)AWdXvGk6!HBI$EfC`o}#nXEWB>hK&qT@
zMA8psVmRh)OrA%++1vd#IOa!7XDctRS3#o}ZL!>vMFV_?k^R!nQ>;^13YH_;Ml;vy
ztv)0x98LuZyyMAbHx_g{K&D}m^G!(R+9o!%>-HaKySlgc2!3+z#ZtpDnYxlW$I{pf
z&p&?bkYDni4XJMLS3~Skvc3zW8Xwvou*rRT@J(8yXRG_<#lFoNkT*5z#O-_#1ZO<j
zpSrJfLX`1-FY^#`o8R<8(V}WT`_{bjbF<8#aE70YeIu&ZmU3N6X8V8@8wMLUWk%+?
z6~6tV?P<Jz5IIHvre1-}?;1RNVa!|TQJu$lU48ADc2lhA$M<}xT?6+VwmNK2)ugG#
zPTTL1L1&gZTU!32KE{$x_X@d|hOc8g3@xxl(#hfWL$(?z-UD0}%EKei8Ia<I6Q`ZS
zDYxT=1mD*{(i&H>9bdkK6Suh0b`o_8$7;>hs?WrwgqRw?&Ad3t+Vq18QoR;|ht2@b
zzS%7p8|fE$*20M39-~cV6cK^C2}~i77f>5m;!u&v;#}L$#d#n(Bc=UK^ef09pLJme
zY>`gi6i=>j3kAo6N4&V{n;7rIrWp$wsJm_aEY22kNV*4}=dqVhb%b^TEz1%B7&M^1
z*$-`WIhW4kY0f*eg?r%2bW(oZyOFEkD|(FH`(_aI$>?G@(p?zl!Q1IemrmPfKF`#V
zY(IZnYgDyjMTyY8jSRXXSI<FMqqKQZp}72dztz*WChz`P2d|I1pT2BrOi~u=z%k#K
zCRtbaG+He97>fKA?2n+3H97y-7k-94CrQ&xt$JSxkyQKv8+aASw>UM}GapX2Q21tk
zqcEdO?E5W&fv4hM-Hg?hdbdb*76O|oce<_;Z}^A7EW9k;D@i_t!?N^0C4v`lOg@Og
zKdm%p(v}DIeQgF{9ZZ;)CVQ&`kfiHE5ir4nvt|8HU>BBwQnn*ogeFPR@9B_KC+;B|
z9;SO|*^PW^HNh5no8xDu$1rJQH|-jB)^^d7wSXWHj&YDLmX5}MzblN2eRFY6rPrOc
zAi$bc1W}33@^`O^+_-DPv}4dfpn^iVi_szDjS@%v>$Fq5T?E0j+?%bieV=904o9qU
z9;b#>M^%c<R8VGMC@$%OhkWZIt{2uzDewS<I_Gh=-iz1UO2pS&WO37j8TO`y6RWSl
z4+K1ldf|8#bJtky80$5=G*{1)a71CXK1J<iZ-i9E%o94~I_J_$4o>}r+8Diw2WnqM
zbNq9LdR9z_k`AIZ#%L1k=I!+dY#uW;Qa_Bh#JZeUDDJ;|@<C={kx>1_^6lxD=AG3+
zQ;hfPdT0RS{6aW+`P;$k&fSZbv7%AcJq=599@l2)l7HS*yF=M0^=Qw$>oDoYg7^h7
zJFqnSRp%{Y@-|(ch{yGlT!v9xHW}F0u(hOK04l8P`|Obw+7ST9Z10)o;(U&2EL}3W
zw)P@IiRXgz)?=H^vHRd$oG~3=(kyE~(X@rVdjUV`gag+;u7tzdPPQv!J8Eg$PF$fE
zqdI}i+k{68$^P{?PPkF|!V>#`N?irKM~m7j^#k8xa2?S0o5F7ZjpUf(on>eD1jjV6
z8jgt3k=>nGXL@CI9PAyi=K-sz7;{(RE(Yr^gqt=v`x$NF>I<HXW>~i$kau%lk+6k^
z>!)$HX_)Jux@)*i@_K<eHJ4xAz}JM(k$j?Spkte5FQ>wfV|{VJ*G)V6*%nh{7m3dD
zl{o}Q+bXE-i_aNc^5V95qTr&xustUH^tK*t@UYtHEfUMOpfUAQl>Q;`oBl{(9CT^7
zd65E7kGDR2`BU>#4JrI713P>w!1}_a-h1Ca|MDCUm4yR_RV*K8yH#9EWlI5O;^?Xo
z8x?d?B6ZrX(@bl9ql6CWFoaA6xV?J=IJ>q(uXlh{TU>%VW!_w>F|pwL{BdA^J-IGq
zKb-0bucstp>hWnfLgBWg222C5%1;EsRbK7>W`q`dk+8;fxU+ufm=mh4e@aRUP|zza
zV#~aG+vu#l`1f4;cc}AsEPF);7|$IbAND32*<J_E7Te(6Nf>f{(J=RDvA4RGe`e=e
z>E927`Gd`8+LzXCh^9mpxEs|k7esUm1;*r|#Bh4l^A|T-rdGVTfi)&6Y$DhON939X
z+Esn|{xU`a*DDpcjLx#rn2$CVqz{A1b*GH?mP4K=!0sPu_taKDWt7t7B?%r$@<*?;
znsRsL7r9|T_{=py^7l;(2IL1w2<wur@)bRM&w+Hvkc+5qD&8g<Q1E-p6S5d41StCR
zr7|K$wZ-h-o8SFDyD1c~I{Z}k+ncF>S<G_ELF%qmLEy%I1dNna@DqzMwopo?`-TXv
zS68966)==tTk)bhZP_>1H@?w8o07xI<3o&%BT!LMy{AQU7%b~fqdpas3RDrKPYDs4
zS&j(@RJWScE&yU3M~yc-JSxuuwpNKAz3F3Fwicj-74^f4wz}}8B0M6~0Qq^ns&X1P
ztq^VAX`Bo8cNg$CbkMY~Q3rSFt&nd<nE)Y!%8fUpfRa^0D43{8`#%Fm29`WBT%ibp
z-?fmv&dc;jsy*zi&c)h~0Je?5cdl6q;P{SHLA&#hCV-l%ssn!5uW&f+l~uzBx#DUE
zU%^!1dN^`U_4xRL&p}asnMu~ge&ow`<$&`P+G5cCF<E(bkp{?S6PtWCYhp^(Oe^l7
zC>O+rA3Zg7lK4JMb38yKwl$4T83q4TzMa^pk(qk`z7jUSOXS;)dmqIO?;Yx>R&(i6
zl?Pha6SyzhZz_jTBl24}3Ww>aq3*+^TaG3TQN<qZveU_*&=ygln&P=VtFZM{!Pud;
z?5pc#01-}j#Z2%nfHTcduh3EO!xWD3+Hz7xDawkiZOZeT5m^J-Y7gB%HF)C8k8zP7
z6S8K0F?kaIuq(|Y{R-ud@k~$qMYVqzf;F<%0*eC`YPMaKrhk$o#D=8s#P|d&8MIrM
zX2Aeh8JO60a+s0o?_}T!0)W2vM0;wZK~4AW#eJiK&j#2IW;eGdpEC^;nS288g9G6k
zNWPr?)`oiNnDs9fg`&-)VMMM2kt+xst3ZxdWsI`8UP;f_=&X|f9-cWV+&F`q{+cnK
zETk$ZHLi2vfy@W*vZWVylrO8~J0))N7p^$DA8_N6Tem&P=4rZnY-;99`k2p=#kPJ5
zwN*xmZeFzfmWa7|+T75uW%N~0+sA4_wy;5i>j}N?#USdfLfIIL54A*-3@BU}36b8q
z=nGf=WflPsBcZ=OfZqK;0w5L}Ib^W;{?Z(&Am~l3Etu-N2-oQ60xM_5M_T)qzwO;R
ztF@vA&2nAJ6itF+?hDQfk1t_GwY+0$uqlzgoiy9ql#qmm`kz#2@<zny$z>K~>m*NZ
zBP%E%@V^;1?R}R2od$e~IvUBgCPRyGjKPTihCO%C%)@bh0V2?K$ObG(7(^sf9Q1~M
z^=>p!>K30ZR+ED3Z}Jl{b71VYo=1NN+hJ!IQ6+owGWcyy<a%#fD!%wYCG^lt>ihKW
zb%5QB+&DhA2-sXdCGv)&i!nJ%&UMv9V2ZexFnX!Yq3(sj>M%9;F9fkn$dBEF0WWK1
z+oLz>u@vWJ`T~cf6(=&N>C+r7!;`{j=svLI8hlHCrRw+{p7tQPk7PCdRMDIzaO992
zUqGs!#AfImsEkqq5oKDzBkTK2=fB6jnD%^kZ)$V7>{}~#n*zE5bE678N5z7Swq`O!
zDeNW-%AccT1IzB2R164TvjJA~E(UF}@BdaCDHmk3dx_$^<)ov3=OB@_waD=QZO)YX
zE29|T7;F4~hdpeJsLNiD2?cXWM<f|op?pv{Y>3GBaQEWPi(g4Uy!1ARggu#+64Atq
z`uc>uy@|cpu0-A3_Vl}@e)A=WhV=Te(!3ym{u$4ABomcJ96264>VE))R<^j>JFwXp
ztC<r4OC$1Cf`(f}-_6Mbq(159Hm5)C3@R(qF?Q*g>$|`*t$|3YXui7{ujHXM@qlWz
zXE#Xi^g3Lyq`d91iL*}C7=v5%-KVSUUal%w(V-PhAzgz#t!@-$pAMxmaWxHk@Kfmf
zeeB)6*_au%k9y1_Ko+>&7PY(c4!CF@8^8DZK}+<ooNXl90t}c<8mq!U?FG74RwFo~
zr<2@~;=glOz7!;cgY+^HO!RUCwfu~9=5ksk0I!<O8*+&5FWK+tXrxq)M>$Ja3LDU7
zC2vPl?{c+D{i6MCCom`Q@!M&<1b>$0i~V{{c8?p5xjAtGOyLu5LWVk507sR_yw9Ux
zM2Z_QX-2??UX_N!9!YipLA<4F9dS^6eY8_#N-s{|R74$5WS#-^yO*2di|xo_iV1)a
zSK`3gOvDfF;}j5ykEJ_hY#0#Pr8H24zoq*<{%}BKN~079&N^52#sYgtIuI=qFb_vG
zZdjMjQ#<YqC6*sZ?YUgB34?`}jnH^%M~fNFAZo%=`r%$L<AI+#t|!Rfj|q`!?*7Xx
zIjtNYu+_I|aq-}X=b~kS0@dXI;*S`Sh>N5S#(u~p<!orP;+>ubK<fFXV)S)F)nVCV
zFJ+Y7{~s>|WSRZ9&kTQl)qHRcISF<@aFV0f$iZAbGO>>2);f!r+nfr>6o6J3Ati?*
z1h{scQq3BNZ%F`>cBO`kwB)lVR&$je2_rjEo{>{!(so<I-iN9%RyF@hFM=-3@7mN>
zY}c90=UU3ZAl~;Ap7}*;7FhMM9V@kHC#>cJ5u9ycK5^xbX#<Q^%xhnnxGLak^c?($
ztMTSKmm{{wr4BqPpY?q029P!MPvQyVQ@UG&p44t&XZyNm`N5phgC!*a&T=fBd9VTV
z{E^S`AxNnSq}-sZu;FXe645`9`7Vh*uIf+`EBZo@Iq*lD+qNl!c!*pdZ1=B}(}*DD
z`<sRJwnn!RZNR#iOw*jIw_dvCe3V(*pIw>v`@^Y7_x>t62AXIG=PyL686p16dj40-
zA{{LLb?f1#SB}$Ruxv{elr{A$j>Q$0<+~Z@Q_-3F!jk_Go8Kvp6f1tsJycK&F0j^|
zyVxSD<yMKuc5`5`H+Z_Lp8_2rdSq$E)V5*LNhdJug>b#4^AU4-(hWb+7TG$DfSvA$
z*3N{(9F-7D{PRN(xN)qTv0VihsS+DNX5*)y>P>pSF#;B9!s$*1fkI?uLcgdGco@LP
zcbm~&Mq7*wW`Z)=GIlni=Ye6v;H0SaoNjk0DnR9`3&{YuwME~aU%(Xx8+hf!u&2d1
zstRnJ{?XX31%_V7$Q~P+M_fjE{XYr6aMb)8Ufuo!UbD-A57EFl?VOeEo85_j1_QsI
z0k~OgQy92#`X$-|=vi0cw3~tb5;#69AT#<%Pvmpu{ljLg?nS~3x892szPer26XUsb
z21iDmlv1&*51u-}*4@d`jPnFf<E(hS0D&hbhjvq>cm2QC)$2EoE?Ke$Z~^K!Kd16~
z6{uwynlvub#xB|hT5C=B*dr?QII1xWh@EnT4*S*-zW&`N#5tiB2fhUYn?TO~nbqwZ
z?}fj-HGTM{(hRJ{ZQZ%;z0R)Uysw$Pddeso_w*^}bon$mq6O65C?V-qjvqHOnvb|l
zPxV~x$n?ouc$fvcR)!1OYUwsc-!68{$RiaRqk??OPF&U#un(@tWRy@ZaXLv*`#Qw2
zV~{!lZSj440RA?uy<Wl#LwjyCgs$1h*Om#X4ywiQhM#zhr61TT`3<rZz>O_xalnHt
z+gAXxy8P7T{?_$yz#}C@)_$4m9%cc|YdnKha(;NxS`VlZ(2zz%!2amSGjCZzaJhcM
zSi!Rj9qT!S1PiPr?Gw;hf%>&+7IVAJ9A81$ls+FToZ`Kg!L&$lp@d}#SZ+;guMO6&
ze5-$$@~>bkK=S(96}$!8$j{URxDD8$i&Cr-^Fuw6@3$gKd|t_!0N!a#4gTuQu7zQd
zpKwg@CZRvKL+V-J>~0B690u&vr)5oa<y-((>i?5-(1p&LsFJ++rSq%E8am6>x1h}M
zTp$HFKFmn*>NE@VoMOaOf`ct!>IMr4Hi1=kYb4OrzO`u{UO;Bln<faJQ^LI7eB)t)
z33WHQ5n%Grqt<XpyovT)8TX}UEoAuB-}oN>T?GYCt4NJ7pSJ&xSR<*AkXdy??3s6m
zTj8zpfa_)WNtWa@XZ$newNtn6?=HZ+i45B>tlhv!;rOU?&=#jR*bP^XjDz=h+W@iM
zd$J#n(XoHi<-7gXpX~X8GHPY(y-xE+di#COzSxwCMg1|(MN!|CD|iHbyR!A#V2XU)
z*Rm|7v{CLbvB7(6TNw-@#1X!(Z($ezGq~s-fBXFq0PbgVtR|8IswUmMd$8J9@d6})
z?&(RdogD`8^{1H#n4AHy#J=@>NSpvUm;Z(1lt+LnXv{)<3N$$1D+A#QxKSgpKmJOd
z_JHQ=Spi{VU|Jb))DD091#Q!1o%nd7Pv?~j*ly)qQ@htr8QJwG-Mynw%xr!4$S~*_
zY!d};XxeMeizA%)3QI|;kv^p+%{iTKw84|8AyZn&;JU>r<`#V13-ZA;`FNMw)`v&2
zNK0NJndSP=@kgGtc}6-RsKtZU;q2jvES<^So*QH2(95dp$^oC)ian~~n0wv@R1vW2
zg^#b?lF`fb^2i5#(Xav*i0!C(zYV;)#>9;w%UWO0ZahasSQ?%gF1Cr?yMt>ru02$a
zXpgH&%lg0JwON!~o$HTaL7#~aXIm;jQa^u}3F($II~ChiUeCrhoitL&b`Sx}bszNY
zknKLL6%Q2C>Xvr3EBMzq=PRSkIQ2Qs;B57EPQei);LPZ4zT9BOg=E=tB*{Gw=({d5
ztlzacpHDi)fL!;M;sUyC`can{q2trqQFmv?n4Di|d-wy6_>$4fR;P0cSRrk12A8r@
zK}R9Rd8$TWmzpV?si3uA0<U7@$A>PhyxyrKa@MCHx&j5fJ*S)gesI(B7ta|k{e$Ol
z^&XCfa?rb-wIl#eroS`iGd+Q)T&<KZf37s)qXPEZ_>PcT-7gLM<YUR2K0oMwwVe6-
zR9xj>xj>f@*!Bv*C<`1H79YMYy8q<F!3I19ZBc43^$?CILFk-~MDrBS{w&#=RN55k
zyE7uWR5x_6=l-+1qP14P!<v{REc(UG=p;I3x+_8R=#Qs_%ubz_d8d3b{4FmtqL+p+
z@;VtY1+yV5Q6jkoOst9cVQ3rY`G=ypVPULS%#$TAI8Qn@WG9)3Yz?n+dFJOlPMN|P
zckMj#YUsHmxt4xgU%#bocOAMcTaY9)f_&c?3=1wr^L)AIRC$&dr>CZ)W)S%_)CU`D
z<3$B1k2|))a{CMkmo~Pe<zO0)5cKMv{a98XN`6OGXTWer3H5n`Qh+V#xK-!&S0&Uj
zT4d>xuPN4rNcyC3#by7@^<bFi!9WqDgu?kN1<I-@qUw2b%j8-2xM-2YrRec$4NWw-
zng>y2X^LU#zdjMP=HhOO9xm>|oJ=xlp0%>S!AuO%++gSx^tfjIL;xpc+)xxO3BF+U
zsJQ_(dFQ=byjei0(kIX9$Q7CXRJT)hS_|88yTikTUI9wI?-Rv}PFrXkBu2b&T8yJs
z9WJ~SJ#Nx!cw4%AHPJ^#H-BubMdXl;fgCw__}JK>f_zLfd07bqPD;!}&E!$-CX?%R
zaq5zf9xvA)M_Yv02t7t7<&`%pWV|JsCxM!t3^5_|a*A`45gT#ZaD>Pf$xqov_zzC5
zcL)-%4r)OhpB+a4&FsM%Rb&v%fAYtri-cce>+_P(Z5@d5aM-syq?p%jP7CiYG<ly2
zBM$~5jw6Vl0h;JkK^-ev3aP}Q$NMvi^%rx+u|>zF?;6sZ@lQ~Hx)KZ{S8)4zut~$_
z7A;S8?2IKkYZk`RV5DIA{_a_<rctp0ZxE~};I(Eairs!h4vuhB)45RUNu7%xzoNpY
zFWe@TLg~dW<{)*tfwzsHe;L^NZv)g)TZ)2*WL+I=2Qa(}bf-WchZ<ShupYG^()q1a
zY@hkk(V}{%J>cFure}EC_ob&>{DchYh#go|k0mB#e2#xpJc|h%QYD^nx82Q1*5u3a
zWsx8lPki3yg&(BQF0BjZ!8_Bq##|SMVacCTd`$KuLj~MSNbwe}Cj#13a&tOsu?-lv
zI&U!nZS73$Rtuk*9CTKauL?6HKlqq^IaUdE&;<UTQW^!)jXrVjh(=4X^$XmguofZx
zg)A_M6?5jEiP#$E^rLxhGJw>~Ne)-}=#HBg436m3AVBjxyRW9;blo}Hk%AO52$oYZ
z631a<uuMo|SZ1%>4oEe5a}5`=DN$Fr%(xNHK*u1jgpm;ZE*xQ%e*NGa&6-t(NUMuQ
z{>ZixDu@V2270w}zT-8#p5nyV4qV0QA8oumMo|mk6FK+rp9x|?qUd^7tg;9=oWHR~
z4$8+@r3Vx=kABW{;7Zz8j1s4nF3+LtD}j9KeYGM+Liiu(U*5+#3dFHKOEcM0ME<k7
zn<q+@QRn()etw$ss8I2{#J^9xUQ@BR*WQf9fsY<2B9v!YX8A-s$~of12TiY$khNRj
zxSsyW&`*yl=(QZ|YpV%-S@UcTj`7JVR4p{;?1<!+Gi{RbRttjdh<**yuZ`=Hr6xrZ
zcPgV~8+jE``>bQFN?cf%6QMDxd|+)UAb~>rB9VD&Tmwzw>$VVmJ2a1?63WL^gSn^O
zUH}`rs<PB^*Pa#I0ZY5xeAlX^pJk%aV6%^oWy3&^9~0L#$$X%}$g`<qYP;}|7FRjT
zMTR7%h=dJn`oS^Afst#*R8YY|GU!pgy2g#s;d-(QywK)ZN5)o{fmW9DB@ilr131)X
z3z&!p0!I47qF*jJ`Cvsc9$*k8d-}E>sEYPf7FB|EE$0sVwx(Jgnf@G(&{$g-jagr2
zwc27@d0g@4YO&1u@~aYE95I23OYDBHb{c3>c$V`R*l)U}TPcSv1bu!e5-L5XyANk$
z!M%2WV(WNX5;u);1xxu!GyRP=A<niUogEqdv`zFwEK^#vOpRI?%w7VM!=UvsYX|)z
z(%0*3A(hyC3rj)Y$9E@&-YTQwx(}LMxDov<ylj?NcXY{1pr({iCgeKOgcvtXBz-PH
zKs;^yUO{N~XL6(^_2sKr&5`2cP%&)>4KlvoI$jyYuCU9uYxpn%_UMO>324`vexhS}
z6#XI?mT(J<%X=ZPPrSKLCLcBi*dExTrbrBK7sqwM;h1x8E4Y%d6!b~j-LBcRkie+l
zeR9Y{330z4V@LuKmRWA7g4ozTkW8N`l14Ytqg5>gc4zE9)L!*Dgm$8qqsgeHM2;m{
zM*Yn&ZRfBZr&|-a$Ww!ey7+lfaO|w}?O01sQ-|1f@8S3QM@u<V!1$6(Nce%*;~cIx
ze-GAYAGk5;n2&2ruU;+rp~pWrXiO2p5sT7xbR&zXQ_t?zS_@3p4+!5zTS$HFkS7qp
zO^Xb3iM^<Mri(2SsCeKd#Fe_PkJ~=$Ox_3ce(rp8g&UDEI(Scm4BJ5~R(qW{cf9pI
z(A`yA?Js92eTl3rUDq|kVdGb+AVNZ{3+ah|!;SITiuqjKh@@=mxyA}&(J9_1lpy?Z
z(&xrpoaXZuz6RQ4y$%>rR@~KLma(G&;3)4lyW^pMPkgsS5j7|ONeT5~Er1lFc#g-X
zX%$rWPO&2wGjbl4b^>P`)yAwF4kLiV7}*`Zy-`LrZn3i)fSF||s}gZdrR_=Pu^N@C
zbMfW=`~C7XkV4@L@2?=mdi8w%aM7%PG*@jzORJBA)zE9{*(DlOT+`H~_>%6arWKJ%
zM*$9dZ?(E7xjHT@RyUQ<Ja6UCq@W&lJBD~Mp7HxybP3xrZq8`!m9V0FyYTe4>*J?u
zmqry)RV7eAjuwjG80`cDOc|xEy(cgk>lalmhvq@kAYb@vQV?uyACnh*_t1&8(DI_j
z-{4P<=HYUC0mq2q7qJR$Q9bvAwG3eQ54LexGulsJKU%x06F`J;ZcMq{>g`9g95}LN
zZp?7~1&qTt6Z!14d|Gnc)uhojQm9-J;rh@+F9Xd(M~}3e59C6w4<wbh9(yT*o358t
zWzO>e+qMsuz=a>6i0ej+=<%Ei7F?85^WBI|KP{|FR&pOK`)%xvb8MrhbI{{&_Y=im
z34m4vtD4Rfp+}@&z~o?n%!~4$Qd_8k^Pmi;CwE=2(OHSn5r59JQeNM_Pf*oo!22(N
z!lORB_7Un2*r<DhMV*R?-$^RFiXPv5y1wdn8TRfc2vnZYVKvJFug{LOUGo|t#ESN#
zYVIgC9f$fY(4V!Qs4gii&QB_#X3k9m-2a?y&WVZ4!S6uHV>*77XC;5|gu?b7{ek*>
zHe%~Ujs({v5W8_Efby=yxN}UJkmm08!<b!~?<RVk&!j;*Xt2rQdIj{`Q1+yz4=xQq
z$D{w*v@B42JPw5{mq=SPV>{^Bsi9RKF%?uk^TONs)d=$}MN}A9b>OQywdT9|ACyqv
zi`MlyslgKpS4P<@e6K2y+tZ(u3^*cJn~R8pN`uWSfhJrQ&9jW}*vk&e-$$qfzjmV#
zePuKm71;fb0*V+m?ga0nEuaqETR?M>#ZD?=NFeJklhZqknrs1-FZryGrYPAM2e-vT
z%P;FFRI%UG51F>TgeaH!hu*oW7=tsHDm@Qb*i1+uD_7jer%Rd3L{VchXL)!+U__y)
z!!2b6kbTh!t|F8Qy*lSDy+-!OpK0a!Pnjrf0`^p++A@i)iTn$wN(vvmGUxmhDfAnt
ztax(=R*%<8h~D#?5r<*vuTny*R51j|^_0-vxKY0>UQ1WY@=JMfUGhML2K4$y_rD9v
z28{GLG#f0ZZzNNA!-UM&e;&;<aaJDpdaKw7!+TCYUtPzpgEv>0naV}8F#NV6DoBBG
z4#a+mc}`pWfT2oYifQMo9<)wO-y4<zTvsa1XLAsake0}Io;$P&f(0|<u%9QTcHN(e
zDx<3AYZNcvO1^&!WZVPpCzYG;`kZ@>hkq3Uqzcz~QTxQYtMEuVm=Bi>=|0SO^R|J<
zIjih}?fB;ByUimfd!^6+7Xz55i58BN`ywO#dDTC3NqngXz6V_-#umw<?=9_%h}BaG
zytdrf9L~4~v4J`>Su_QbYOKNja`BCmA1l(bmT#*a<H}7&XAL2pupJVr<u+a;tVUXJ
z#KW@-a&^Pgxnr-BG0T~1v|GzJj7M%2oycaec74IFgVpS;9+9HKUEO;QXwNzU#|9dn
zE#<nrsfbbprn7;-#Bu4S8k$!%G$`%HAlQbmAv)`PIU_o&o%SHdrR<^vu5xCH7&`er
zzkVH^_5K0;9EG-~s!p*_S2HzoonL=}2rAgMiGY;_%%iiMo9}vBg#eZ+MCMlGZBxV}
ziT~59=GoMc80Jyg5{F?{eW5P6*LjdUo|QILL0urUkUW*b<5B{tPDR}SK$YY+JUM9G
z8IT>s=PWY)+DGB4?<?=GY~U`%5+}Tyuck2SY3=pPaYMmHmv8wr{)tpnPj9G#Pv??I
zO7Br%@aa>MQn(Tdin%`}ctc~v8^q=rxr*4>8vJV3WRdZ~3R50bEqSys;#g_iN;QJE
z`(QjU{i5c|k{WR={cE&^wlveqwjA?J33f$en4uV2y)^O+B(Qcv&M>f!DWPK6n=GME
z3D|I~0W>;5NBMs&-jKbXaPqPQroIzs0D-gE*o%oZNd^*tNeM*2B#VklAFA!9#zw$|
z`5vD+SFPI^@}O7|oa?xr1aX`#s?7s76W3MiWq{`KHu;Llj#njw9srKNSr>VsQb_9V
zfvxq&!+KYirSDC~1JyO+=&a>{x1q4(9eiv!vUNCOF1@dumJ;&7w2>plKUzP`RYnED
zl)=XI-eWBhNF>2i0t^{c?a;%I(7!j6E<jE~Rpp<z=k9BE<%!l3sSTwjIItR*`woU0
zOBH(QxnUZlP0ZJxPI07ra~)%8hD{!*ev~@ATx-?Eg<a+T(5{_Zxh?jZ8%wXp^;jKq
zc}_w}7J_3E0-v^nl_$(<ewo&EjhGSDqdpM{bG30TZRSE!$$a1ihMKQ!|3mL^SnjRY
zQHZ6Y8T?)}0NS*Y7#piVau8w0t&$<~B!UPcw1We7AgYLx@5%JCn%g-kf=iy1meO(L
z{ztNA_rbss|IEO`U+k}krT?LX+VrQTh9nFX7_hPD8q?U2#6a?r7?B;rPk`=SQ#^RN
zjU?5J|4XQXq53Wic3(8BVt%9O^9f{_O7m=c)$@m-P(uj+L^9w8Kx<)*ox<T;Gx7E<
z0sGb_a;Rxo-p#b)#ahY7g$msPjQEs$lsF};88;@X$R||?uz$Y(0zj=07c^fn5Ftza
zlO6KgJ2Y3zF7-Xb-I=w7{WKpg?JW9d!xH1L?1{g?tF!t#UCf6tTIoa(CK^S5pmMgE
zq=-I~;&k%ts6Qn)hWLx#nMdr%QVe$jJC4=U1F);v@;Awt#Uj91j2Ed7ckac|{wTRA
zU?zd6HVcRG<~M#(ste2*r33OGmj3$6G3m~V5U{OxZ9zbA6C4jmnid*ai}bU~$#i`5
z$U%bSQ?Vlr|BYsKnbX%RHuyubI_+W6<HlU%xYyE{PXri;jWePM(tit9Lqfo7frYij
zBV90XT$3u(vP`XS0QPQx)vS@>pow@{`F+BfXE&ZxKrj2`iA^QH7_ql+cE)dCPE2YM
zFY4#U%=f_}k3qjjX~;a0sblPXsheB8m2i<VYV_i1tP7Z-=jy3W2^48zWA~J7e*&Nf
z!&-qT0EBw*0(2IxR!g9}UKbmCB2??;tkxUzX?>gDsQ=)NIcF7y506U07_d){-PjdE
z9-$BJeg+F(oxYrURv7p+uFFh}ZI=zLgtAJ^+w5TFMmz=LbY4!!QEcJ9nobE05T#eq
zoXEkZbJF!FG|$YdW5ECTn9Wu3QnE=RJQSAyE(3n<Boc?fQ9y*KoAVidfI!4`<!^Q#
zM`XpENArA*gi&|vQvk>Z;ksD+%K(<ho#FwO$;zVo0IMJv0SS(;RMLx@04csBOz!2{
zOvYmFdxT7%34Vk(pM0J8h{R32P5;RO-GDoQ%=!h3wwqA=p6eKk{y<>5FCqzG6FoXB
z(%WiVIQe<9_D7B3m#3N+-}RpA<DZ%4Ymq($q`%dTJ#qs$f@R^!&oTF!*w1W8Dg}ar
z#RV{Z#Ka&qoxKrCN<n>L{j=0#X`^BH7>6r<)M^2N+`LJ(#2)%Ef)r|s$(*?6OHe4e
zE1<x%Rw<`5Gs-#K%#H^j2g~fcGZ8DQI%|Iee$p{$)nZzbihylb5tYX3rv)Ay*CW6J
z2sr!;8x;@de&}hR!jauXXL0rpH1S3YGvTi8WNz7(U8KU#%{P{1#rg{mSIva?9HJij
z2<OGCG~Y#FHMNSXFP!z~#%TXk1dNFUx_b~7@n6+xyR!e;0zOcIi@D*C-?i0DEUtqR
zYsZm!Rshv4^!AD}pHt{2dbX}brwOH5yskP^*-Z%WVR6Bt^(MrKrN<IN(pBm#HXT3&
z>})P0eD42u;?(_8{kQ#=^hq+=+>a!T95yL*W-`xK$6C10V(FufLzA*+Ahwi2bQaea
zZEhS^Jat{-n!|&j4=br}{=$6G00|5kLdQXDasC{*%Cxnf^HpF>)OWs<NT>FK0SQ~D
zYEoNl{k1;<|8yu7|IgnOAd(i^{divcE@K~TPt}tHmYdFv=+=t}1CT$YrsMqVVrH^S
znSt%tb6<%(5xG8Y1W#pG66o#giGIAy!(+#d$d0E%5`#YkIBrwDuL|mlLh5)`aCdy3
zr8{T~P|iD!GYr#y0KTd3&{{?~!f_xn5?1pp>(auwa40O80xHk~j?`u(TH9s%o|PTO
zj|^?`U?E;PAvKB6Sp{;A6z%!kZwxvHXU`_xk2)UBj-2<5p|g)4(#?NL;TtLJ0mP}>
zllJ%e)wher<444nZk-+9W?9+PR=71mK>DAe>In6Bxc@|>)F#a%H2O5?Su=6YcKRt)
zG&kZPL=9ZWFd+K9d2_$L8UB{5oD+qZA2{`giMkBVxdL`sA|dbP)a7v4nhMGSJ2?&f
zlSF<|92prmhC|)fxhp1jq*#Ott6Alz#5-R6O#LL6^lvl*K8O-xk8>&fvR|f=fq4lB
z#uSh7QAeD#eCO*M1ruce*33wwEq)3lu`D-2Nn903`fArt^F$w$I}A5>^~P5P_3Iqu
z9ssIw{T3O&CArppV4V6jz~4(W;~f*cbt;P4DJQ^-Q(UTjHviD`cbhKQKC4tcLEQ8k
zzM2u^o{fM=4s9xI+oqXQ2+u7^&t?+dU(2{gl87pk{qfATO8`Gaxe>!}FNMG=e!fWh
z-_)ry0eIsD2H1VPiFqitP%S6WG3&bn$K({{BxB|Vz&HmgYI}-}h5*`CwEmy<=@AUo
zqAgOvLI15!=|6;(H+Zxh|3jT}Vd=RypFq}W^{cmw`*zVnx(Ot|g{i9dmn2(smRJ4N
z%oAy}7lLLep=yzsxZ}A`z=oATBpgE;?U7SL1wOt?sOiK!Yg=bdT_8$feXu)0rF3kg
z>YM!3#|5e#15^|>;U!e6=5N5!Z>S*e<(S*ihht2K)9<{z55^6vsE)?B&&!5%mk02)
z-uBF_mbs!+xlZ#9H3UMxn_=h1+BtVIRG_G{*^FKb5l#P*E~Q&Re0GYu#kw;zK(x*5
zPuKrnWa%%_<XIB}jBcUZ?m1eb>v@K4h`^gpzPaG29}}4D*p>JN?Lkaji)=T5`fR!d
zM_ij*cD=du)TUSRai)kZ<<(-y<3yaZ`7+W3)G2#L-Fn`O-gVXc$eXJ__C8D+TO?<-
zjvklr&@_@ccKh@yv-U9@neA9-j3Kyxm`vZXdJq=@+o4YZ(cZ(uv**^VG&H#pA83af
zz8P0f+pg0Cw*i&?W!07pz&QY_k~brt%<AX45ochZ4H{NLVFaW{)LEm<(p~C@u<n&g
z3MjQ=j?w%^b~4XL_gZCCa0RW|Iob&yFbWbF8nFF`<AXBQ4xs1bfXawe|F4Sl)r+hw
zp}8o(SKdj`0;b`YVd`t2RiOo5Hn2@T?diO=wXpNx+qZ^eNGdAn-4V(IZp?X=JS^Ao
zy0L2|j{#R|R|Bl}u__ora1c^j*m~z|tqEu_t?Bs>ydZ7$vT+A4i2}*V^AB~4Q(pnQ
z<%o$Mr6jQLNmNtp!tk`LXBS6DTKvOd39Hr2dmn~@aN>7lZUsM+fCBlQ$hWxC!}v)(
z-R5pD9PwGh539LkRfSRmj(tjA=W{>37J2ru=f;$;!eEzqb7f-K>hVHp*5m0aH^S6a
zXzyJ{F4hP|GgU{4t0drXk9AjYkA%(ime%L*frlt|G&Nl<!$6bNyXHotuzo%s<Ebvb
zQXk+2_%wV3L#KKDV#{_g%~q*Wj@m56DyWRffkrNx+tbi}+tPQQz2<<)H{ZC1-=g$j
zi;B3W@~{%(^f=wVg8u+=yOP3d`3X1Xo#^~tyO+AGiHpxJbM#acH-`JLM(6b03njlA
z=)r|D)gahHqATbkXco&g?lt`Y=UYen({0h1?-iOpm64tVE5b~3lsyjSKkhr};kRbM
zxD=Xa;o&Xd?UA~DSBZ!p`{nJ490}1RRi@OoBKfG@yR7J}dMipKV^cRD>9Z?jkkkIn
zI$NRpx&eKp$ia2bkbjI)Ldaw54!?f$toGTR7Q-V%3Q<Dk9;Uz%`CQ;WsbO*dofK|N
z85bqtkkhdD`#5&|5Aa_376D5c*KwZW0M|J44q$J!lIMdOg9X)OCcP)GW;mci?1hh2
z2)!B9Q+DF|Y{WSp5KeekO{<!erfW~BU*>wAMFebbND#+rtP%p_NT)uAY~8!~nFdNE
zke)^4$VLHISdNJV58@exQgZ%N;jja*f`4q$CQ_*2k>MpJ)Tkn2k2vaS8{n+`=C5-o
zGEZ@4JD1@7P!{z6i^L3y8yf!wJx#GEaM+WZLoK50xU1ewDyXzxy}RY|erj~C#zJap
zI<C*23xS*|2B$3zD$5on9EfVmiy|4!cu#ay1vM7e745$?N_CDBWuTDCR@AUG_(`U$
zsHc4K95rs848Hxl3&1D4<cZGWKFJHtk37!y$%TPUGdO0k5@df7y@O-bj&aIYi`1UY
zf?c}0KN*5w(F!0x9eb{cwZo^dtieNYBNk;Rk((KFkBUnDVMvdZGu;3e1U@e=alSlw
zk2*H$B@G<>U5<C}Q?>~1#kQIa7i!{-y)=Db?ER%OD^H%qk>$l)dpZ8xJ&l_)oSe&z
z3V`bVp4%o*K_gY6*x}vT1j}l>^h=7PUTs<dSW!<2MA|;!8$3p*aJCJRG@EA(-PN>O
zE!G`-7Jg@=;NS;R?NT=?M#!2-|CyBdeFY*NTn_C(Oemu^%)TSou^ki{WzsJBOWX)M
z2@E4}K?#u#13U^{f90d|3o@>)5(g7#i;@j^Fl<Jw7VOA($Dq6K!jB!<BKfpUhg+aG
z;y<GX43j<3epqbDBF0tTziw{jORYu<5vpS~PbA5J7-iu&^r6VoT^k_^ToE&#C+g>4
zwijMvLc&lZos(Mls}{=5vv?C)N<js`u=ZA>*|kRhiB9hSpwmm8Yf0-c4qg*vJP1pf
zH1S^af)Mbc>CC2bw2l0XK83@)8~=(+o9yiveuA5y!OGl-uEUFO0ww>8;N*7+9S-~j
z^l*@pP6M~JDKyP1;?-wbHzU4;^JzT4Vv^CRXTu6#-Ugmg`3X&fPyIJ4?Vg{_YBTE#
zwuxRleO`SU+!<8WDH-nvl9Sv_`7tfP`5%_9-?=m(TxIzykHo6y?}T}TY<Ez=#B-9P
zRMQd6uFdS_L-UMAE{-^Iu^|WNc!FU}E=K#@2<jmIGObg%%1xCgbNwYx%OZdzBLuNX
z7Cb5M20`t$A1?-o*(cWxJJaKwXdhFTf%myp&=T~zr`R(jc&Jl=<*l;}g_YR2uKWE=
zAx1_Q?>*RV9?&9QA$iyP94PA>f;em!nj2HM)=;@!IX0q{2NdTreYO;DuB$Q%fBFxA
zIw#}JJ)i=4;;16#Feb!!Me8IkYU8BKy`KO%yhSTte{?{3{0yz@(0QcyNmgDr9}h$<
zXy9|WsCKPBN<_ECp7k--0@j`MKJ2^AHyj>>cuIK96TthD!eRE!v#kA={U?(0tea`^
zPP4xe66<2~WrotMPy<8}!!1aTB&oD4G5zezAlTMB|M9X4YCp;d>`1N$8{sg2HJyra
z0lX24w&3b@)drG*&E|H4+SzmRxT^!-cFPw7!(lC7(Qu5>rV610Lsao;MZs72&DZLZ
zH5Fwbaq?@&arC#H1cx5LNOsC;<y5SK8444!4HcG&;GG}sa;woC$aV2TpN7l-q)Q)<
z4eeKx#sNH6LjgS3y|gg(osJu`s`vq{C3d^=q)qeP247$9pLvf&{V1DUFQF~ye%=v`
zbMNG?XS+d$pg%8#6VY!gNd>OQqqqgOVM!7eYFcD8mx^|R)+bqM-35GD$ASh12dycO
zpthQ1^q+{1_m;R+(jhP3qY%YkIAN9WNL_}*EZ$tg(m&%y$i1z2q{eFack=0gb@`?M
zDx+^tg}`)8(<?2@c#aU}%(oE5^MC<`0@D-lc7NY`v_)Yc1=eK&Lj`#-&r*iMBoFQw
z=as@S1i=iK!5Wz@M6z=6Yq<^l_}q!|&Tyf8+$PG{`|>sr6HZ*J5ubyvw&nwM|HSC!
zLswv<&N`CkQ9!$8S1BNAsg`0K)-yHm^7mhGGcH7XYTl^q!NZu`73KfxZ`z5^IL7rd
z5`>Rmye$gs_la$ER-fs<1BxD%hYyYM>^$>L6k;-`9>9(l3mwQX1@8bdNdj2X--sPY
zCH7)JH>?l#R~Sc&q+Y&nmh+vj7~0h4y5v7W3>8QCZ*{hEA-`A5Cyh?nvLvlv%wj|i
zZg(I$Mm`5WC{{wLZVEh!fVC9?DG4kNK`tb#3V#AIk`Zj%d0*#2BWAFC;up+^0^V5i
z=Bj{L)U=Q#X}P=T$kG(V<2SUV@AbVLxOzncBOFNaE4QrT-)NN-)LqIZuq#@i1(!f>
z;umxW>{Rpse^q=)40(Hk$1sgW!GsKgGJeX(Lg-i4Y0mMtf!rW-cxZ|Ux+e=Fy3=<$
zUGF6>YRyYcRJ7Ize8!ubMO`skU@*E6#K!R`%eQ|9V6l<j?3R4QirN8?1JF4~g=A#C
zF3~0aci_2JV7eE(YjY$16Pn~NlM}@6+S)tXAIFgi#`O~+k$<?E0cbN}eGXbAj*XKD
zH|@%?D$G`Y|2+c4PtQw(VfjDwb5Hb0(;{Egz6^pTw6JK2oumBxVkHyMO-`Kc$ksdb
zI52q(oF48f&k#Y2yA>9$A+YAXkVCHsP)JeJ8SqPH{C_Lr%&pubUcMx8jr&C}?@izr
zje8w5kqiT?)1r4ldV+PTh!C$Pfh5T+N-B?0X+QVvBk+YZerX@8GjadX!_hv1mV99j
zdvH79qe_@EG^c{9)qFq<IsLpQl0QJa!l%Cd%mTa?6Z46$by;A%@TKuJyi0r(%e}vl
zc&!Tj>v3Efy#yYiu<`aqKrpG5KFJE`&Vb#CFXGH_Be<~Y_!`c5Lf#}eS$-z*%D^6W
zz4!bi!SvM;9aTI%0tW+++G&l&L|<5^?i1no+9p}KkflV)FR=W;(;$xWXZgq*3G3Mm
zL-UX+RKYRK)2|&bhh@i0GO|-68NaabyP2<<k(~Djh&`cMY+7~#$9GQu2_X=XnOB-Q
zkVYGuA+Qc%{W}vc;qiGi3H0rjPdjfudp<B(@dDyKJ`Ch|xAQeuNaC$;TKgAeZ9ZJ(
zhQvK=$6+V$YHBN(dVDop;B8pa3G+00!f{U$LF^_3>0m``BZwhp7A=iUGH*}1jFJdq
zjs@^6y#DYqvwqTf=8;jIfokza@LEjht)k7L1qz@9OVqpG-1_vj#Ob0!w69Z_7pU4G
z6ZG-D1ZV6i%mrC(mCut`NA&O!2EM*jVz){a*=#v&qeucJ>KFGT#=)!P{JJ7w!K_DS
z*>4{+mFG_%Q_{Hq5G7Yu(#mw)iS5EEgL;!rpq@_Y;_Y4YE!?k=tt{!B)JgxaP}m!b
znG*4n|5>(Cmx?b782=5+il{RUyadi57FKpBJd!w~1hr__uu7B&JN2|zT9XuR6W%((
z*pmfwy{mYHGJ3yIW-s(3u!ZGlQ$USLU9(l-sKf9N%Gk%^Rio;{S=(?JhJQF4@@$?B
zdS=z*`O-U!W9!n&KP8)^`cjI~-&%2B%@!e5ZT{HBMskVMgo`+5^>s1=Cs4B<#I{6u
zixAX{f=OD(!2YuX@&?Tej`2AHBo0GoL-U7ysg2e2zVpyuEkd`WKgj7{ndKX9#An(%
zL~cGPB>6j}_2fc$pX%Xp6{GL=X4x<`oixLB1<mMQ!{E#^5qS`#2ZD@+kKs37Go`e2
zjMlQKfaJ&;TU2s$<bDe&@<oN)-t>2H2}o5ZE$el0&QY&MXzC8Q2EHKu2++yb_<e~#
z*~1IjR<DI_bGDdd%1GH$Dog$0UCMA#)jW>6a`2wUgy;|-S6+9=OGY?eGCuw#8I=%{
zeUZYFI990${}HyS=s)5$pw3Za>iG=Zh#e-Oi#S$=G>b4E!``i8aEudj%sFFny*eA^
zYAK^c2FL!CiCTD(_@9vTTO)Qkpm-91){$n0!x8>1AeznKk-=*2rfO0Eoj9E}?fi%u
za@qws?v;DFB60w&&4cknu+R@{M)ljWd==Nld^{MBHyBr1<hro_LcuLKroL{GGI0=X
z!QvKwm9SiA=16J(?N8R8#&+;>HhZ+VYHPq-LT(GpCC69Pl^zJ(o-gzmt0<h|yahrt
zyCv}=6dSNA!3%u6sL7FT_Yx<3sYmRp1;hCX8(%%XrHDAV3d%;;k(aO-eSNe=J2Z~>
zD?H_~E)yfKT!Ya(p7@TJCt^Gl*3%^XoEvlRS(ZN`n7JkZ4+JzX%QEXWzxZ+r(-0Jo
z=Y_w4+9L4Ckwje}1@7L&uuPhDlzIe+%m2@|%%@_|mXW!GPaeN&uKoqlD2wyh*jf=B
z;Qd}`i#;P3z5lr@1C{*h${2>jT(466&c>DxBK}Z+{2!$v(`8ghJR*^ISeb!I%Go2^
z!){@>hn<-hyPgN8l2-iCh`-rNMDKGAo*E*HhcDtYLbG11EXX|Sk}hS%G$dD4xq<I<
zdkmvrb<v>#@^4BVoZR2?PY7IMtz->nGq&3A`Yzb)_D$;kky*YEjClu?#16Q)kEjHN
znt+%>S_17EtyUhF1fz=IZ8-S9VB}xNI20w0lZtRafx^MK6fh%yq4Dm2c4gpyHe~`-
zB@DTKrHz1(2csrIor4gd5^wG!G>^s4J#hQFe%<QdaMC_G4PF8NkLV+Ubi!}7I-qX#
zUOk%>eUCvK>mn7PmUbJ&D)!O5xfUu(R&8aV2rtekx!DaQEKie<ARJRZ`eE4Y1dXf;
z9~*Lgdh%SKQZAZD7w8>+$xGNS{ci>h<4@tS+?WN0nS>KaqbfE&92p}al(SiQ?Vtu~
zrhv|PHHq1Q*g=lu4Zx4}!|`?}PMjW?d1JZBm{9>qd_%a7;O!V&Mh@J{^@X$0@2cjZ
zcf`R3w%y?JpwnqQ{w+XuEN%CYHZhbzLNd$IE*ZoT<o>`$Y`*JpWHrLoZC6JD1xj~7
z?T)7alY7+0y;TUE1(yJg#4ew4#3qB@zcNKJIN~yl<>^ER9f&6Ze*PA80k?rCCf*d+
zRTWh6r<A)0JebUiBysS+i`#>3V^?XHzWCmn>Mv_ih#cHi{M8sF8>0p)Y#hozS}4nh
zqGy`HEqVtOfl^DsQZ%@*3i<+gz&$^m%#NhG@G)Ek6_&MJzk^YFqqn!{aUA$?cX+K`
zTRBv;wMAn-XfJjWS=UlxS-CL=#Ri?yyg2LySrTlA4b7}t#M+UT>tiTV)!748M{Uv4
z=F+nQ`cKIIrP?xyK%8}-7MiUS>Tv-vqTpj~1Gnb8ctH5wW!=xz122@VuymIxz`KS-
z&}Oilt`#sOT_iSY+{VUKP^EJDOB4{zB@1wkXn>ZS>6+OYPzMB^RXZR?XR4n4Wg14v
zH(5MsnVB-EgtQCB6j3)g(#wv+(~Vw+!Z0BFlG~4s`uMwL0V*$z_E*taPzYQRwXx@f
zh*slWx(oCd6|Av-DcZFOUjlS~?}Z}!@0%+76p1JQ(Q4Y*qMV$3bI#D*{r?nddFZSc
z?hP(5Z0zP`{-YA*EL=s^W%38!s-b{3%d|dIx~<pI=zh9=|F4d!GkelsEfqYF7Qr#s
z1J7bR$ecE^fiJBigtqV;Nr+3xGj>OY9#LXT13EI0s5qgsx?_Mg1qdJjXkDYXNCarB
zw1U@BW!A5S@Z#$#CMNqh{3q{^f#jJA+y)B1(QzZ{o}BN4sRTPprxd@qb&`;ZwR1^t
z%U;hsu<S&G|Mjh#Sw0F<8>j+Na8G}c-u%&DuEA-15AbxhBrM%(hx4On>QDPri0~r+
zakuXn{f0RP^XO*B2$*X-+ZWyRjQTb3P7_((fAE0*rj&7sE%5LvFaOa|5yT~*ipUwr
zJ;fQA`{C--%P3li<}5gXp`hpS!X1X+cb~ac?ob7gSOS9_0yeD37JW<inz(k3wQJrf
zyl|tLSPajl2I@jpRj0z-!VWLpEcif6wZu&6GAL1&aW&_<okWUbtYz>c%<%uJqmU(k
zb+*$Yf+(C30GR0>6_+gr_J_mrU9AV?!NtG@6Xy}=v~U-&AJ#TSt+mw&bdeS=eFZ@L
zHahiOGoX;)^l*wklOVB~z0k9K+JKPKxy$engh5BK707gE_i<(dIY;fOfG?m$@HmiV
zOs18=ScFjR;i=(OV890S@P1@H0iD8ShJeE%XCv0eju#uaFqrP4zcdR81ez0RpgDnG
z(hCV($kr!q9cRGX>F3Fk$e{kEl@0haf!YUN>-iLdT<@q@8E|ATfKL;FFH&24b!H_I
z!|inb4HCa3+XLP5j6%R`H2W1%I?H)o_wD^jPgKX}l~=5W!V-AT-Lf=dj=wgp0%)!*
zcn{)ICb-HyhaiMHt-LO%pn?dH--9R#j)buRSM)&)_%;Kq%g`&nqn<=~2cH6#-c%X&
zJNwJw&22#wZ$5Z(@#ZTE2-V~4@b)_RB4ViE_BGzz+sA4k#o^8Z%EreS2J_cV#{Kdy
zp&IoQK!wRM{q9djMuGmMyt;>hw6yBsovRXj-VHgT_?*gTMsLpZj&ii<C|o)Ck|L_M
zk@<hPII+-b6x{KvmkN@<<R5G;FI-emo2)Ou8T%#HvUNmb>a@-N5^H{V+y75P5D?#f
zmh3+pD9`cHAAT~%OGH|cW{9?*fUA>%*Vio`Q;)?inascuLA{<zczerHgADX09|J$%
zhdD7%N7Y-U=vOus*igqPU9@xlSTd+(<hUBaPC5SFK#@L<2aZQ^9)o&&#(3Nai|gu)
zehi=k-WZ{>dgKBE;-=T2lH5`>rDZoYwJh$2b(wSgfzCR(d>zLUuMz~ynh)RxZ`UD6
zb15ORe+azm-_Rk*iesJr|0sL!s3x?n-J7Cx#D*YMEFeV?siBGml&T^EN|TQC&|5%I
zkYYeVdQ(J{DxicKK!ngkl_rGVA@q`v<gVb}@7d?P=ic#s|2P~v91i2kT5~@0_dIj_
z)H~2qH51N#3k1_p0JdaM0w9uWevov(OE?{jh>A@v99!l69CJbJ@QEe2Xq~}aOCi_w
z*jYE5pRk(v)<t<yo&`bxwJaGn`#1UT*z~+^iJT_?P19y=sy}@iStaNLZQ9#&sGYd(
zoA8mr+q&&1pce_JDIiqI<y%v~wweY%xx{3#4odt>_&X6X8VgX}Cnc5rCY9rf6wo7p
z#;=#t0F_YP38-W+98}lC>1Uwd{%C*T%8SLk4Uz$s2w#~#2=+0~;i51}%zyrD$o9IL
zAe~H;xaSb?K5*fE!E}#VXZ;+?okbdU?$)3A6Od08EWwoY>TU77LtyVDwfp80&mB;h
zfb9s6fi4!|Iyz&V?3R#!jP9{#fK9T@u&d5#ozA!Y#N8i1)E{a5x*M`*Ez8ICa`%d?
znBGe+t-nT26DnYa_qmc=Xx0@W1mALD!BU<4|3j64dIl?J#Hz-b_!VG&hoYZAr2U-K
ze-b4g6resIF;_VPDXfzP#KRw)WHS-eFoihUV6NvsK=GvrvZw}>$!84AhvXTz1^==+
zSkwf}-8+0jm|6A8OR6o>ZGKyV_oG9K;C8Km0Wv$9zT~SY5*}ZBSQP))9t;ed)Zr-Q
zw%v1p8!_!&j<GnKnZ*Om$9T|-H+=+oGcHVcq{M%|9lf?aBNvMWsTff9pUiK-H-rtI
zHU9$~DFj#}1M7O?6IOlSx(F}IH!7juddOwnTXI>qDg&p6^dK*{oV(dttDe~L22Al#
zK!*&1Yh*u@M!g~X8Ms?x{tW9Zb&9#CF9&p7e#s>R+q%DnfS!3=`i~~;2;tzc2{UCE
z&b9=K!jV5Lqaxk(=j|*=`qGZZC1FEukV;79hj$InKkjO1rKk_i<YGJ9A;`!AtPQB#
zKG3il;BPkP%DR`Ae6vtG(k$NSsV>+Wtjp2rBOg`a$$3r<ed+7**EJsxQPFS@@Rry5
zy)ejHMm{4v9F%t`CifN?iNBxVRrRM4bv++mA!>1Nat}YtTW~s`&sUqp=Tg`G8y6Pj
zd8f-au)P&mo9~-R4uQUc1N?%t(|tC{Ep+POwzD*dSq$t~w)`AXaGu9CucsMdwB~Y7
z?c9~W>b^fFh6SJdd??V1q?T;^zl-T8&Q%EKQ@c(9Sv9-imj^Q<#0PA*u9fsT1nkA1
zo3%uT-!G8^(_b3yOZ&l}#o{zH9LlEHnV=W3jIM`#m^824wttm~EC<2%97?h4&CGe$
z>Axp)pc9$zWG!VmZlUTtv}Ex*Qe?~c-NS!JM9SVC4vr!qoe1W^D=U>(c>rDY&_om*
zvL6Q^aaMYM-byGJv@8|$$DSliYb0IEVTDcu5y1hBI;XkIWMg%#Dn#=GB9-YD{C?1K
z16)Q?R2ArEhp)lmY1;r!E#lvu*B~<#IBAv?kwWniKGg;4fR!PWAUeP=_W$BQ4t)wh
zt@*+{U4E$C9q0c>04C|?6Lgf2vXwU(s=-`-_)e};t-yW3A%}oF@p<5aeUh0~aa&#_
zyLwJTviS|Y+$xUldChCyg8yYs0GOz~GMHZKVb`-x-Mj~PfcHprUb>J<o~^}WjNH_(
z4G2w__xy1rXviz0vfkf>KXFD-L8I80fM{o%X|ekU<^+bwVEEl>z{@?b2H$f)+BzH!
z;iBgDpNx(xy#YU<nEY>)2N3u;=0QcK&GaBCS2sK2y-m&7RNi?YE{)^@Wd@kysLdL~
zxWZyP-k1<Uw$MipFpAi@-J%@(p7#*#=s|n|B}cPs)c@USaPbAbmXiNDwV>FJ`z&Xs
zfye0Vi7U=3wqW@2<}B3V`+VSo^V4_s-s8Q7tK#y132{x|;nw)mWnBdm68f+b6Zc2W
z#Y|+$NOXJ!I0`PQz(1|Xy`)$Jo&x22`XCQ~1h@*{o3#v{6+&eJwV=`?989jrmN%Y~
z`4|hy(&qpipmAvO$;=uF<J03qt(EYSKx=YOv-u6J9L-y>S|-QR0{|!F_JRCpvb(o4
zLqe&!@yZOojj`4OQ-_|HM`ThnQfS&h$`imEV5b)OoqQ)qR@$ypTmKtB_+JeJ9MsbW
zDyWTb&*?S(gVT_^4v)(KbCJV2S-IumRgWQG^*v^(+AVyj8m0eAXn^YF!u%jc$E*1b
zTx%(X5{O!V3<6<fovn49%9}X#>EGHc@m&oPx9xHSHAK$C<=2@PF3_Z7P%gKY#htaV
zhSR><=Q*ydahDCMklWFY+EzLL=3-Gjub<Tq<5?gy@TVBBraxj4!c0N!2!v)G^ZfzG
z^k>)8HqYKsKw68;zVNAyTpmiF2(WMgW5K+pd~+VVydJUzfKQFLPT+{q6zI5Fp(3aL
zn1skTxo>mKgFizsGthOh%$GlG<#f*%()}0uui9doq0WbT&6~^i`qDb-DTC+VEI_Lm
z9^jco?U<|+zZW&gPD+Dws8ysexX5c3r)eOMDLV?O{+~1k3sAIfl1*yLv?3mV4Z|QO
zWm2--MdwfF_8nY>-}M=}xiV1RNPH#$!zY6@5YMDn26g3pDA+EjcL!q5snOa{2XSq}
zYD#ayt%Be<SyV+I_tuYvK}!IT{VlGUG<QeO2_1({7sk@8udLbvquPJAQ3iUAdMBbw
z^!5+6wbp-XYqDfSI!-0DlKp_G`5bD^4M+<ntJHDJJOIJWy+-b#KK)p|{e|2^MS#xJ
zK}6~a*<1>SG~tn}{a=a63g9x|x#06o`;Qgvji_NqWX@5@+ufr9M(STK#$=USN?Bn1
zWJB75K|gA(x{UR+1315D*}viZUt*?SU3wV<eRsVe#=-}tTlem_f#xCB3#KzKFH7<I
zk<njI^#`e8jNK;<yz|CD?@=Qc0Zbt}w?nw}<^))D?@OI-?(Q}`6LD|$t0hp8>7gGj
zxaS^tz2pi(eZ?xbc|2Wta-ebt^A{=!`|08G=ivikfEo{_8(rV!A5$&`*{mp^=pywm
z=XoshHkSUK*O#3BPuE!%KtcydvVThZsXm&m(qNkcZKEa79wv8)vrf-H3^uUPS<<5W
z|Ii$1cDW9yC2zOP-uzE)qLJd%vzbE;?G3wxZ<|R*?(@sm(rSVZA7km8`u5*}wqj<V
z`RLb$)6cX)*_RI{H9QPopYWj!icA6IEhLs;XU<FwQH_$ioOg<^)3&PcRR&kbtu%E2
zNcIT{f~?8Q`?~@F)hGC(WQmQ{+@Hvw9AYlKalZBD3##xSE+0R(KdlmgCfqTnl;#aM
z{wc4~W1mp`o4^*%xkXg-IaSCJ9^vz%pcV9wfB49BA>}UD_YZ$Kz}*`dAnJ!!eK6`m
zxeswIi~uj<(#<*c?~wdMU5)PPjm%rX2nkGOFp@e8gz6_U)^!1;1ygV1Q#%fORFr>(
ztg4xUF6RHr>A#wqq=h`A&<tli>I1A};LE|{QD~1Q`U>;LgaQ>va@;ZM>(g-H9@p(z
zd0O%wJX~8ld=yopZdxCJ6a?fm<}sRMWFHxOTz~ixz~vLJgK0gr^prwZ_ew(y2gCGb
zH!vtHbUHOn7e@)9k=wg<>5S5c)Bk?&|G%3hws-NMZfezQR6ss@#|O~-s#l<BiPFuD
zcmDRm0j|)!33!aRzgz)>|F$1FM-fv3A|Ni6gVEo6x2S*O5fH_E#A{>8+uVN}#)kq4
z<x(}`Wr9qg)N?LAM@Aki0Dt>GE-{oI&orIGIh4}Zxm+MWf+PbD6;w>j1xFo5$gh$8
z>ynnu;$@)U0?9XpirI&ZBe}EO;=13aN-Y<ftb1q-vug2N*tWgQaS~*Us@PtRnM%}n
zw9ALOlWB1)>nO6}j68tI6>|3Z)ZC7+LfbE)8FRAbvCrf{4+H@;+tQ75C>n+~>wtXK
zzpj4pZp(tFWLDHrk?EffFjTI%ZM=L??uMjpoe}<12eGd7UR~c*g)KG2iMQm%aNX@{
z_W6LGXiDYKLel<+`uY?dU&n;rvu9Ya=AQ0fN2T@Zezev8_+}SWsv&8^mMF=f(QoDo
zWh=#d6%efOML})$Tnfr4bM7tcv)&uy?6OLW+qPr=!A)NuDNtVR#?4*1CdPSGD&<Da
z#`O_vR}bp#Y0W8&0)<BQ)%y$`?o?bnW<HV)TV@dz51!Py%*xWr1f>BBig2qkmTT<i
zxYx1#xy&s7-1@hKX&DtSlRc9#b0g}D$wDt*qV|B%XGEcpBR!5PzGJpcm-^SUGxi+I
z4pQp1$oHF{Pk&8uO5w#_NiaYa%4wY~PMYk=MUZC2M~plxVe^VWnqer@b*#b+m$w&R
zDaLKIK(g6n=E{}uA{0lnA4TIzv(#kEHwTCHPbkIP{wlU_a;y;>5F2ai&?7<Srt8_v
zuMGvv7(92~5vSf!y(N|0PeDkOVz5o7IkoVtPp)uG{DP!mMs(bxsZWL;C(&%9M0-nx
zT1ksCxcwJRv{{<ylK2<`RW4-LpYMmjZSop>dY;bYczSWEq9{qruRcF;F;zGfxH}SH
z4#T$GJGDY#?h@C%EDa?>pQ`yb-JNQ;QvSI&pMKkY1c5R8ZlVP9QE|}oUYS46(l@Kb
z=46UVHl1oY_=F(LgxsuFP_!IIIM<qpuD2`^0!F?ED#+L6l@fRN({6BYa=9J3*G9u!
zQORqreHXD5XCJl66}wTUv1?DqKys-Ek1g(4`9jRB%AKcJ*C)%@j8i{he-hq_tG}_>
zzKY=`(iMZRc-npE&F-8->s`s0Rqt!o`>SM4GcOGi%&c$eYZI&Lp32$m>aQ`HE)mi_
zI`+bgcA~M@q;?W(T*toS@BGUb`s%mWoDK6AEIo&aIO?Rn4A?T{_B^lg(wPqb8aSfo
zme$p@c9%@J%kH@7s;17>6ivl|BFo{%&6K%v6Qeg7igLa~j5!~gYV0@^DtvPWJahTW
z1NV-f>K~m`6b`nSg-Xj%bQWejEl#u;@@e*S*`p}EyIU2A>E2utFc4v@xf;!)?IQVo
zlfqXV-L}1Hw`bSEdEgYMjg5&C-!oMqm@|-$JoU|aBNUn|#H&|V91+L!b<+5!Wei_I
z_=C=vDSjHIX*%~^Vaf52{0wbg=;zxZO~_BqT31O)ymiZFyXR&YA)Oh<X1Fg1ie;z5
zUW9h>L04O%LZ!_LdW^IL`IO;JtsyyW|KTpJOR8A>J!d6E@=A0M(wn-MB9VgvHMC8&
z>9t@WO-u+Ch;@q6ponca`w4tYiQ`JMUe=x9CQ=5|zC>Q=k>3`Bme8%E+``kcN&v-7
z`J}pHQjWU`$Hf;6yja$FQ2IL0?nTjAKc!`hPa}bqHq_shOto?V+T;qU{n@y%RN$CP
zxmt^}lC8$)R!DrFDi0sM>cmi9;Tw_HtFx^nha~Zdh%a%Kh8_(qeC%}Q(n#dTTahq>
zC7YH(Ai#?;0Df_BR}3T|!X#Z9D+&Cu7iis?m?2cm91PIk?6Z&W8{CBBX+$2Q0|J(I
z(mhPS4z6Eb=8h#^wnKH;SRsVoyGxv7WBS<Z7|hjxBlH~{tsoE`f@w<$*;1q5)evdv
z^5}Rs|7Wo75n|^g4KIYx1S$)!x0y>A4)7~YntV6(#){@Q|DhQ0X^D|eo)5t?QGLa+
zkXgmm<X&+>#P1xxq_XYl>7I$_{r3;y-3vcCtaiOrYiw?82|6DJ9T3VwO5JnJQG)2F
z@oT;(4B(_AFR#NXScSh^OC3py4(MXcv50lO0k8Az4C20JfRRJIDavM!_l9ks))B?u
z!yw~3PPR2lIk~)!Op%~)p0M?O5$0w3V|1ZdpQ+N=A^GT7z<T`7C~0DgPJouBTJ)AN
zhB;_%V9RejGKH}kJ4V|@;^`{>p<vx}6F=RUB3rc}FhLm<8{+5t$_CxN-{JOK#50hq
z0*hgBIRcPf`>7~l_OFo-6Mp^}RgMw|aS<KjcR+WQ%a=z5*Hi5dVj-PBb3Vm_1ISuC
z!WXAy^%&a1P=05rcbUWz>UtT+`|$-tKoe|r<V;_4*qoIJqLihoCS*A6<|xBrX}zRk
z(u(%nx&}y==Am3wk4@0U{!6F5mrln{U1-PbvX@?1Jo-?7i&|X)Y>SKR0hX9Lg52rz
zDb^szfqV+T)QFu^1wuG|yT)8=Iy3Zl;&Kx!P-{gr!vPuZKfhyE^wOHNpg0`aaa^DG
z@lsRv?$-r$$Mj&y=b&B$>~!?l?g>qnWyXhnrcEQ~)Sk3t5+%YfOw(nu;1;57$c6*p
zS_d!M0qQvyCA4rw@w`hZg#S6P)zZ%rSGmsIDpjgw(hp6);wp_=Vc&J!fBi)7?D^W~
z1tg4O<!|Ar4mctG*Dk33_O9w)u6+x+G%}W1za;a}y7iqX8>2#!=~Q;o3f|#xC?SZF
z)tF0e^C<XO935bM`R;`2TgUtok%;uAo*K;&ctj~MB?2E#p)=t-=7lK<OA^{B#gYO@
zSBO2P`-v9ra)JlJVkDnE<JwK-5vK{&QIP~$MR`<;b8RF#V0Ck^B|4BQaDsG@C##tK
zoc0TGBZH*-5slfeg7Fe@q)o48rKbDQZu?hd-CW`hxT_uRZJej_#99F(yXdd?pir^f
zQq&P?`dA_p&ItLjs0@_AiMqKlo;t)lwX*RQlkv1j8P}TXcn>4q(!562F$F(rwcZQW
z{=0fynp$TGSNOXzjgk8m>uIEg?M>G4`J_kj^40on_Nm5clVc~|UCyz1X%{DtDLRwz
zxcto}Erp4kcnavP{3QwJBB-@n6w6_70yFeh7kh55(L+j<P#)l&jyWYO$f{;hQrV!<
zenDiropi#0fk`3JJgcf&p(2?&VW5utn7a*abv#;ZC*Egw$L<;>9Gj2J9XSed`c_>|
z1zU8>o5JPRNY1MRau`PPv0w-2&^VKv_AecOg|0WSC=tFC3()7@urJL-P@^f9G#>0^
zyKO_!I|ELA!gYYk9$$MIv-K2K%tcLRyfE%IKWC^R={1C`auRstvt?|%$K$uG{1Jh|
zLMNtQy|w}7STggqq+2o!dXZlhm@uwgc?t3(j&d7Cu|ZF(4oBDrsJ?M6E^sJ%8thY*
zz8flh6CLl@vPisKk?~Y-#uiLhZ(6+odx5lKEF5ZG>&gT+?Ts8w*}G9Yy)t6#K~wyy
z$6eLu;_UpYEx@<6YvdB@(lpl_r)VGJ%h&VgKCKm9A3AfpumNSaJxfL-Kp%PTaejJ3
z*Q%(@&IqYDdUAa#Y}$sj?~La;$gaf|_lr?_kr->o8}=%c=WLD^Z--z=@-Ch*crBhp
zxOtF3>c`fjNc%eSBRHSrMC1epFLz~}?yB{jlHQ)~`@?OagLd(2N5+8kr!(8Vn|L;=
zaEE_X!ItMd@lF!L3yjYDW7`nx%ZuSv&uc6^znA~8K`Xu1Uq#Xigb{XsImFsxCl~r9
zEbw{zmz?7DWfSx3)uSU%czI_S)r3qn;1gp4YcLg@4Dh6aFIO7)N9Y4f!}jK~A7j1u
zbUXe5s@>DO)L-|=Iu~lEI>x+@Xnr|28VCD2t}$DSNgNAIBE6(?!NPy(ySdW0FFe6K
zEFexj!!1`M3OsHG7NUDHPeEt~+%yZF<TzO=Ud~R4&-w+-PGo#OmlT2|3h?N+r69DQ
zqcxBQFET>hvN@^KCz2RkdG^jGe$Bw~XF53}2i_kapybt3L^&^jl}?(D$Cg$((0p&o
ze|eQ@`isxp7j(ad>vp|T%vN=|u!)0B@b<oVbW$hnsQveMZk5}sdzMBxS2swu^Xy!?
z_ijcw66Q(BhbQ6L28prS)R*=i)jEDz$wJIXn(q8GY~mZDGicJ3Gd(>m%%{rB@g!x5
z(e3x6xd2Q&8me}4+cOcLXCe0LR#NBn;WHkEE(iB^+L3voe4|WV+=dImH3uA*H#vX6
zmP9edDns3l14G?+Is6JO&Tn%r8myEB;%0k>i5-osg|`D&*pxbV%I=ZrIeYyrH^%|6
z4=?O@`Vtq21i8`io$9Br6GQEzy0XhAMOui$_kYq>R2OQex`Zv_&NnUkG{;TI#1glo
z{okE&IuayC{2*3Giy<ZVIY39{A@u{qAAzR=31TGdUR59nXBQ5vM@Nr0Dp3G)Q4_lR
ze*9FMSF#swNavnj`-p{HC!d(d6IG@73CB}@r9rf{rP@D7<cY?brx}!kE+Z99OF2DY
zgx@SqzX!&|{qT(`<>ioV2?UX}J;|USDQu4~b%NM|qh*5>>l)whuVT_5@Ir`!#_ed=
z4t7RfHPHFZ7T+t@mLjrRnofFA@rb*qHg7TUo~L137_<8r^*%Qu&z$FeUMnCzr;UFC
z_Yyf4D@kTtGR@4V_6Y}+1*+ipbQ%4UD?!ID$hCq{&2k;uH$p1aDB-5i^uybQF$t*A
z*40$~Ai)Pnc1mn}&W)rso<0qh$0RLNpP-Ngti?u;BG>QQ$d<I5?TNHAvuV1YZRUdi
zm9y2Oau~Al2POJX9g>NxL-P7Y1B4tm7{65hF=u<Gk+WP5pU(#RQr?qLqvx)_1J+-1
z-7fax@c<}lfpgCOgMW3Vp+C4zslYkA?z0*0_JZ!TCi|Je;kblIF|sz%>S8w14-J>`
z6MHzn<1Es?bUI*$YV82c_uWA<)8aG4YFHF#hMP`c{CO|(XszZ*@NsR?-bOo|b}E_O
z$MC?$>i4c-Ho1RE*KYgOR;_$=3D~>ITbF_FRgS_CFb8ZW@<EbEbtn~NnCvB!?VDKz
zL(Ws~lEVLh1MNK@M9wgeRrt3J&YD4krb13BDELMttRf@A)S_MeU06z6p7VE&ipy_Z
z)~%7E9Y2_@_|E;6iYvwGmnu5)O~G#Ol8u2#Rf~Tm12sgNB0aQu%+~D)_DlAC`k1Uk
zzGONWUTl6Se};Z|{Gn3)VnEWPqn*LaG^?&x`YWGv^~U9Y+HFBRT$%0`cNso<Tp!uD
z09l*=IfwxnCb&tCNRvm6Y4I@$U&aQAM0C2TZ8WZ<rYf_^<x|khPv}X-XmLMp{mlh!
z+&Y3ck$K!k*ibQWMci5!cfyjv44EFnNI@HUDLH2@v3i?nfRS)xcf$>|)g;l`Uiwl?
z&s4~rg#6jG2EGHaIH;&TbN)FslZt0S>I_Pu(0+<k;JYScL%#kGp1o6tdCWXBBLo-k
z56ZE6mT3xZdGLTBup!qK2Pu2r583cBE3}gJ!P|adMlyj_=r6;oxt1*41PudrrZdca
z-FZtx@XJN-AMR)9EzD?jUF&`+0@8K#Bj3KZmb$KNtu83SsWoJqwgYEG7)g!aD|xJ7
z>W(jZvwqMMH6&NaOdd232MlGYglN}4BWAUAMg->@Z4XC(wA`MZQNNHVRu#}~td$#@
z#}}6;y?><x*4fj2GUMFx9Yhs{!$E+rMPbMp{EBIY>0|>fYBcZb?Fw~4mI}-7PC(f$
z5%JzfeXL%g7B=j_!DrT7Sbr3Jo`8i(>fC*zqb=GfKbwE`Qr?B81v})ZvGelSy0~!f
zMA2ThX(aX_-DN$y2LaoZnY0O9NElBDY$#%M82anVSx;?+`tNJ^8VhQkn6Ggz|8Q_A
zZ~KB&AIPS&;3bQ~7tJc>J8`Um*dGb`kCp<V9cNdN@;n<}Ce`8Dvq#djti2ajg=N!M
zS~X?T)~ij7ruO@FQ@tdla%lu;cg0hhF&Di0B^gtVm2FlgOYB_4l^a^>L$noEXL2d=
zn!di<q9#bZN#wg4#p6cRySw;h+}YW-ikjF+Nop>lbhCok06NE2TWX)x!Hu2)e7;JQ
zlL`577fZb>`o?-lnr|m{^&-gbzsONQZcg8QJ}j0Y;uMMZk}`BTojjKyV%riY`PIh>
z-C2Glwe_L1q%K9ghGWy+?Qw6GZ7i+)ebGSrt{tpAE#O_zJG0~da`lrlcw6Kabs|#D
zl*$Ten+fuf2;}5Xl7E&|Y}TB|b->f=xnAr9F<m+YYkPEj%bShi3@3Monrqb}j%GK`
z&fUg$t<;+^zGeXdH8^`{h9;2wdvtLJ1-!R=+t2z{vz?i+unX_-)SM@W)s&g&Wf{_6
z73mVbguYS1#^wdlGAc<f#@6_oi{_m>^cL>Qo)<J6{XT>E{k~=Taw@(`6CP|Ex82%>
z?MV{*1!z)JwwFx;c3)-(4XHgiEcn&f@Y(zCaDAgJDZiYHFh-AuvF;TH<1GiRd`%P9
z&?7EwAUk3fj^9acDP}j!Na5lsyiv|71GvZ@&xd52wnuvsaBJFG@De&n$790-oTK6J
zHG9}htv&Sk!wmevlfCtfJ)1v22>6i*(<tTV2#gP#j7(YneffaK+8wJsEU60%Kb{>x
z5p`wKNQtSFtMZ~L!#hZO)q^&&7OVxd;Ee|erL9ahZ501h`~Tpn!clYPu+T^dp>TJ4
zoJYxpWb<vj>0Km!-&i7#Hp_bJy5AbokM~FYH)aW?>dm(z=ZsTj=9ZLS%&tt@AvCvD
zpG|s*U)xrwfuQ;yn0|K=qa%AHv`T;W-pl@}1>Z|ijFXQg&oY2Ce-Z?7?6b)Kkczd?
zTgW{N0v&GKh)=~1BMsa6mzL!V-|l0v3HE1Xq*AC*Y6d1o+Y;j<oRVw<b>WIL2<h0V
zQzrWhGrf$On9W!H@mqm~fn6!e^VaV_&b>Skqa5DI2m!lbtkoSQAXIfmg5&*RvgMWa
z9TGT=#)B>Ml<e5fkDqnRA?1<!2`wiSP2<#?r|E){I^KYj#iX2)WzSEJs<U`ETvevs
z6;zYln5-`B2MqmL)e#a9xt~X65BfP58WfxkG~rbRWwrd+nQ=Zb6s}x4iK`-6Ow^Uw
z89g<YXG$X(A+PH@v>=V_NHbG_6AolbG~t|V?$Qm9KpGw8H3(I;17ObKK_06J^gHX(
zF-KEePx~v6jO>lJ>B~{ySoOtXr%a3-gh%Yzy=IG&?}9%;SW1@~=-nA)oXq8jF}HT>
zOEUy>;J6d;627!Ni{|OXhN6eoc%9jS@@HpiR%m1Cm1Ju|0)bGq`g?z?gViLNd%J98
z=B?G&REu{4u~~Li+7;KV)yv#6Qg<AKzD|`W&LY9Km~Tol^t^>PDp;$I@#gfWkXy#k
zmT9_Mk^OG$!=v~n<o1C7sgYk^geK>P4BQ)KPD!OS<fb1?o;ZskR*hf;*}_WCBDZY7
zS|hAlAT_K-499V~A$fFwRAL%jL`V*#4qUMalyLdDL;1Bc#xf^6E9+YV^Bwe;=?VH8
zKmL1+pQ|sh-oz<xREtW4wvJhD9-J8;cXoQP^ztlm>?L}-d>spOW*L97rD8faU^Bfl
zWEq-(Mdlp6wlk{vHKSwQ#rM_jDE_LbQ>Tkm;Pa^vKiS0gNA=z(pXLmp<&gSSdwZ*G
z-WwlG3-_PF!c%5gkMSpa&G4{Y=+*Sym~^c6+)xR9*V%5xQ#v=GgP%cI+;J=aq2r;#
zua<~;T^@<he<+Q*n#8pt{u4cI8?7Rw>mgJVc;xl_T=g7t;_RnqiIs{;T$ImhjU>vY
zSoDK9-%;B5`l{eQNb0RPz<b&B4NN3-pO}tPB*=6oZ9Ob%-$`G+&yvQ_2iv!V9ytJE
zJ=Q<>IxwV@$E0Qo1h}t0jK6#BH`h1(+}Rzp<!5p-TJ+sl0P=24Ybkz~I;<IK?5TJx
z97G_OTD8r7j%@p#8(XD*S|899r+p%?MJGwdUbwyzXbNHqa8nhn)6JxlKHHOyMoOfF
zC%kWqGDZXJ9L~(6f(rbvLCO^DcTGz*^W(f`bvjGpWMlu>RK<*LUBz_`4jY*!PL;Kq
z4<lxfzq^B)XXdx|2JWCV4U3o#vuM3UmOgatUF`UFMt&(t`)yQgPlZs2ZIZo%`lj%^
zF=CGMXXQr@Ysi)pV}4x((b|&D*-3_hHY;a&)3+63Y4(-mam`qvCS0&=PB!dD$CneM
zDTZjRi2;tmGl~PP=ITBbny2!v#F7IS;<2Hrt9{PA`-??&Qz%@koN>T9TL7if9&x~y
z_C7gldBt5ZV+sXZ7FgpwP{X_~A|{){1J|Nq?Y1ksFcOxI3!_?13C!DMsIavpt`!vj
z*$IcafeJ_|SFlB|%Ei|Jo!0RtknPmVA1vo0oHO)O#b(`qq>wAX@Z@U;I&!r#vJlyN
z4KLIBw4t;b77iQSqP6QwAX`jumV3GI3eb+efC#58l*l?U?^!`V`kIOsx{Bw#zpr(C
zIy%lN-c6y(SLka8tKzZO*3g$3i-$QH<VI5(d<Z)rAg>gR=|7wE+|COX{(FWLN2LvB
z8wh1Fy}6_7(wn@Pc^c?L^nBRRf;d56GzI$WL7l@G1*2Bz4G;e#?V2o|f_x}RnI4{L
z*`&-0uP_IBQ^`aRqUI$ssXWxt?<i!b73cx-Li*Xi3%(Zl3-31kA5-px8Q_Q67KEoZ
zbCh51&s3?LQ;R<;{#Qux{{p+qR`$<P8S(+tfc+%&<BA@$@lC)853$gHB@^8ZFS&~1
zHLCAc8&L)A^6*TKS%yyCMGUsJc5+6FvO`W&pabE5(g{1h^mLBAh2OnXTQS~yLrM;8
z<Ed=^2Z8|N64#!PVzC!Th>?N&a-E$EQkxiD4W`56<Q;2}jG|LRJbO^$y!Ys!qIOUJ
zo8uThJ=U35_-__Ke~pn;5Pc-7An&iSJmWL{_LQ0Rf^fB$TvtYY5M{tvGtRyfV3VpX
zS~M5mL8YN3U6&<DfW7s+z^+5vyuKVt!y0YlC9YR$LciizyEM1s5SGq%A$K>H&AHni
zjyu=PTjdMeF0A|XFx2%92v_*ubFUs?=(p|vnhkbWslb&or*7Oe&*W66$Z71Rbn)&Q
zE(=icS415wHqA%&JS=F{-c?RCTjwy2@U5+(yINKK<3)b-Ye!G@(g!N=Z$<3Mg8fw7
z{b@HHNA^FE?iGeH3GSm+)XA0+z@T`f08=?Rfa>VrshaERjF1OlzVz4;SdY}VL1okk
zbv?@tqLNOiz=f~E{lYhaGJcj-@F?&N6R1I~G$(-GEW)@h0S53UyoLxk!SB4lk!tvP
zHyB_WWRmwgubcmaKLdU(n3u1GcEf8g0SSdvE(+VV_tcA41|b7;3CT8`;h_|e#g!K=
zv-4E9)tiRmF1;hO>Q20g*8qbwVBRJE8kmxD#=50Efq9t#Drw{f+kt<{XvThN;0e+I
ziGXNE!y3g1!?x=HBWfpwVsR!4exJ~0+gECLIH?;y_8uY@z@QUxT?^zXZbm<}O|tnm
zN4!>vu?CQw@R^k*h?ZuXwF*r3{wYnp-RNHqNC51B66Fj3si~F;YKpq`3Gsbc;E-f_
zm*r;%)RZ)vwl(Uai)XK-Y>ls~hxpNMVsWYbK%{W$Xjc*+mizZ9T+iKOkS0p*vk?qr
ztYv~vO@7`M@Zov6TSAlTrO&u}Y~D=Wgg3MR17qgJpx){Gr1w^M=-%>e6x&TU{km$?
zbl;slo=*Z^l)080{mh@l3K6wX%F=}e#ub~$n&mj_`z&KH#-B*Ht1qNurZ%pVjs^?a
z*SukZZl#3ylK|=_1is6s8XkUOkbCq78q8&=Yq$HOp9b>4<Prej{{%PU9{z1OTd^rw
z1_HbH#s<1cv(&5yGzc|>sq3Y`dHeu5Pk@!*{BPVm$ic3dTr;v#h<{N-2tXf!+yDW@
z&S8hhJjmM{9I-$2J3p)`h&JeX&_VWYprw@fhBfM?Wy(t^*W?V-IrheR`u4^I2`Jx$
zNJx52kR|ZhPKGo0kzo+1yo_qBIwu~S!C!N)y^GE@NQ092E!bns{|opMQdTkBDM;?v
zyMfNhpXyl%-OA5-_Xx_jb`<60eiRWu6-9GojD21_=o>IE{)zDCOiMaRp|sI&nq<bo
zd=%>L{<lpU|1QS$Akw=nHSl8;)E^5Z%@-gx1}&TR&FPept;KaXn~aTZGVDqA>D59F
zU13cZ(i&d{Th4%HSJ%XikNmm{3jXxh1NjxJd`oEV+&=TYR;k7}Y}pk%&T~w_{iv!;
z%Q>}%Sy^#+E|h$SxBgec9fE{FtN9&ja{e*dNBH49k78caCDS?wV7?ruPW(da9<i29
zWsR<)cu!FMCa5!N+-9hx&~$^c6opELt<-WnrL<1o=qq;%8tT@h@Y&{Uy>_-ohzgpD
z>B`VzojvVPnREP7UckpNK>U-l|BS-?H9|px5}ByF?062<Z+~mnXOiMyaQ|P1?29k{
z*s;Cv>#3j5uGZi-GyCEW4rUhxMbinV%kW>y<GozF@mSzGc@Bmp|CR;9KVQCd3K%;7
zZCAnxKv0r^uX9lELM&kYjo%uAiy`?PW6#_DfNQl)?`AJ`;6GI*2!+Mck4Y$AB*3g)
zzk~}6kfUb}F9A%4aT(Y6)*MgK2xe+UQc?c`Jd5zN&gT&%a+_m=PM;D`Cer&8I}k0>
zm~GD5j@5I+Apbk3j5wyehbpi9AaPaMcgtk}vdG5(=oR@Z+}u{rxvVlRl)y0%F#^ne
zbdoql^BaWMA6ps74jHkpu3|~(I4Q%3V;NaS3V`?&@f;ngnJ-vgCENW9FPFfT+JZy5
zcuVmsZ?r<eGC`gNf$iDx6YUyb=s)$Qz~i{>%1bJfcCj^cZQf{FwP<etK}o>m{=*VZ
zA7c?<YRvj*ySP*+0s!}GuDf)xg3M<{I!$A&qC70hZG&cdjdNF9EScrB1@57QW1z&K
z&f#0{zMEXme%U@N<2L>_ba%~#_C5{}EU@NowtG)Zc1rE2D44SIcJ=uG6_6{Cdm;$F
zRqz!+Cgjv%*6faNgDUW-&0BP*s6cq>VQ>~+-<KRlX3U=OfcaBtRXM2@-CgFhexO^9
z9IW1Q4dUv?keaOdt^wb-h=^gqzp|Z4Fuy}@ImJ~zGNDy2duw=6%N%};jD&fB6IU(u
zKNbZB$l{ir)=rbYO_=QR?-(VQ@-OXOJNW$+VI#4GW3CSvq;fvi0TX5e?h3sUGsNqL
z(E!cmUvA*u{7$BGhD}f3hN&#r;x3pHSiKMS`1Xf*58f*y3HyP#SmhgK`)|dFH>yeB
zcZa!wpI?4@ZwMWb{#$7Y`Q#N?*2rz}1Xxhp>|S!IWs=Phx|l+RX7R3i0dl_PeNz3m
zUA5&Z7EFbIN_%SaE?5X5wTT0Dn=tdB7j|4_X*Xoy#Ib=u_kqz}2`%7_(LC7C%v|e9
z(?`@|(X(>{XxGwee!QzlQQvqtzu#0yNSJIQm+UaY4kR`Hvj166paz$6<GFWV<n(gc
zbDa>27i{z-0mOAoR*R?Gkd@NR6ZR$ieXT2Qk|A+dLR`~CZfH0${Wo9RL$RW{JmQNx
zb<3Kh1m#Hl3gHcT!9)e0nm%c>@nmUln~Ag*MdI(N_%%^#a(*#4f9!j5im!n+$eaWo
zwTK6t&?D->TqC-VSRhUoY+9~r&2P4JK~CDM$;X9Latg4cUc3iPj#Z^zFs{gb{#bYR
zW>;WktV@4NvLjQr!qarJH;Vl>{^YC-Yq0g40tb#4R0lS|+Xj9QuG&=$952$${|fOG
z0CuQ~m?^Se%eK{)#NyDVi(RgjRIIDtq3PejH%&(Tc8b=`Nu)4ohTJehC4c}hKyQxh
zyidsI30I|se0summSNh!U0N;d=1xHEzI^kFzW%@-hS;8gArixgYrH7vT~iy_$ZkL!
z_A2%Cp04utT}QOOsgI$}->WIWQTG-<H-KvzDg>KSG`#-dm{)D?-tk?v9lqjRja!2f
zsWRjPxg%9$U%i~c6j^R3f&ajXt>d&c<<Ifp;dTwIMHgmd*}cG=I>MGkZXA=#PW3wY
zDp!1*xMh7@whGd)y}_Yn<In#rILyo3(%Dj7q5?P(LG(j3Ep$uFko(bL4m+;gkX4V&
z{GMP0@qt0`k_X@2Z=M==-@MKuo7=nT$Rur=veBogC|mD7+Gq6XaW8K`ox@J5s7{SS
zqPZs`BkdlI_qN#Gb+BLHDH~}~0&9j8C46Ur@MsH^`z#=v<MS<Lm?2F-lI#WiJ~>w(
zar<Ackon91%N62CKR&(AHZeYbV&A7%#AWAK^!uUsuS@_-^nW4(!qQmT1w;*3=pYg5
zkGyy!{Qt@wy(c?8ST@H9*}>(I*SGw!8iK#<%3%_j(M+|)k9SUZT<E9#f%;n$Gr!tW
zw|Pw{_PXj_o#iR2l>&=N-vpv`bHwBG<2%3HJET98S1xpaKBty*taJE}Xm2Pvefer2
z)IX{S7a=B~jMoU9u^3cl7c()M#1gW2FO0wl1BA)T>lGaD5;N|Z@(WLw&ox`QDtn((
zNt-oY_<j@4>i+FBfaiy5{x+7Rdw<eTMbSQ-LH37%VNA8_j+{w5TEV|c<xi=%IZ3!6
zx3saIUn7<xyhoNs2WlIBp&FtI>!bR<Bm5Mivtlk4T1U?5_DXtJ(%zBI9SVlCMDsj-
z@Z;r!O}Z1b?v|H96h&=tb|}}BjaxqGo@5`^^_M<d1`z@N!21l)$CQswOx6Nk^DGqY
z88vn8X*Yf!fq1s*I!h&)Rg~2}=elH-yZilUdpvXU+*ZTy<%#gJTBfx{vWbQ2x5hcP
zYpF8K@y<#|JBOz#1kWP<u{RT{2+}m^^P%8;#aJBW&btiInfx!OPl6B|2Nn1YiqiYX
z&b>MQSBOnAXbQ`B7t!_ZJ*0*s6p5JBiOJDugku3p7NpMpD`mj+;Xe#6Il+I248(z4
z5PHZ5kX_?klu}=I1CB601fTo%?u?*b2z!ipc&U$X3*-C_Xmh;6HKtm3@cg6s9C<4V
zkw??pi~L3wWG``myrGjinq8v$hHC(ze~^zg07EZn(}jvLc8%QKkZ)ee2B2htZOH`4
z^FO5LrXX!&i3CLp<+TtJ_t4J#JY6j=1*zoi5ABYbs@=F``f+7_Uj|c_6!G!>bvV3}
zh5|BcykNye!tD%++_W>bkV#Yp8H@E6gPUoa+Yz1HH4XUCT@1tK3|EG7Aaw?Wa8bJ`
z!+dB<m~uFvjSm%>;+AjXylb%(9L1^CcNz?ckBBqWEo@7`m<l?p2c!ADT&^wEPNh?L
zL-(bP((xIl%8k`_U1`y!Ek|})7JgFW)ul%z;r|woH(CY09D1JpYVElf$z{LkPjU{p
zQM2p&(|s3kPmi@-niVVD9qxf8Ggc}{@nB12sDztceW4$(=#Cn7o#o!KNXuAi(?#<p
zYKW2dGhIg=ce^(iI3{VEo^F9#M}P21fpt9+Qw;K5pxjR?3jD!&F|!~8_!FQrDOwUo
zmO((0kh*#EiR0Jd@`+tzxxD(dR;FZe95CL<ORpe9ZbpDfTv%j;<Sv{52$kFS4Ab=5
z=Xs?va%IU^${TAw^Z>`S^oT1H4dA_BmLI0SrLd&=B8^Lqvj2Dg&K9s)$&Fdx<@?y9
zel5W|kS->x1&$#q0VpNcFlN0PJATh1r+#$dNOaDqa;QN^JzAvFp8CP~-yTqS$@tSC
z<C@TGJJhEcp-})qb-e7foW1f{wkkj70_p(azbW%}M46Bzv(^&0@0(Ng14V4YG%cJ>
zJGxi}n?f9oMr&2MJ=^TXoA|K|ZCE=AD#`(;l}!E9rMLcqdb5Ckzi@92M0B3=qKLWR
zjGfd}diO^3({F77iE8LU^7ny`4H|5<H)Dn`vDbTPlG&(Tr(5!%BIoKv2t2obp@Znx
zV>~Sowkv*L*Kq(Jwk6-U1mFQlJ^JPKwPeN0&65=bYoCx(PQx?pR;6{Zc>;b<JS}$T
zJKL5$mMwe1in%NIhfZsNrATwi%XIRyp1HZu9uY4JJ%onD(e@TZR5k6FmsFp4?88oF
ze?6`6Z665VY~M+MX)5+sSLV{v5i3?0v(m~u(8(~4L7rjJ!3pf$Qc;vs+3d7K57ckE
zwMSQ-<&bmi6uqiOnypL~l8i^z`I1;O{rnx%(<jFpiIFGw?MG+(QBCrKUdK9h#Ke<!
zRzxU8*qA@bxQP_aC62Yby13R{xvPcq$6k;WQ#QiuFVzma_8L)^*12_INY<&#p#cQ3
zxM6E)k8T>MQAs+Hf4;Mx*^C_i#7nJA(#`(5#@>+YsxD}@spMIrm~dr|9=|h6ac@M-
zxYDC4bnWx$uJpo(dHqS1H8S*5RF6#QZZCy@1k0vYayWS1i~4^NiHPqNH@@%G%-!N0
znC`rgsz5YPRo)le*evxT2_8F!ecFRt8nO;BbMUL~weGeKG<}3>H>-zoJwf?%Cp>7C
zHK~f1XS>H-d_Gf|whw0rJ#Tnqepy3#2g&a@H;s(%+Or;u7@2Fuo%3DRcmk52S4$t(
zy>Rt^w25?#^wH~S`mU7KTt4`yY~bo@yQ!2t$JD#`HhF$y`pxTQ8eWZE9XC5!tuZuo
z@;wrTUNYu`38@`D;&kHD{PI0J?++@m*c|6dOtJn5Z-=#Px&tz;*Hg*G`-Om5q2Gvd
zpj)_@VtH7D$uE&s?FdNrNIDFtTp^)Gv2-2|*&`kd9!`y8Je!qgo@u`moXFCquuxHK
z6^Sqki|$?QAO|38VZ!i$aM)W4*6v|yP($K`*Lp1EsC#(v6QtX{#uGXu-ayJ);uDx&
z5jw$too$j(RKu1*_&pc$bFS#!L=mo43^l=L95At<i;8-rV#Q0b#B}%2O6@lkw3VvP
zlipR8Orb?Ew?9)M-8fIvJMY)dq^j>1+p+m1D5SRH?#k;E&RB0RaaY;33Iy%i=#Zzs
zOE9e(%ld)3myYeOTrH$wpJPxS;vW=7%i<y{A@Fs`Fgde0YGHelMn6*HTSkh$`0oqX
zBv+Sgec4J|m^Q6=$CYbga5XOztHy;7L(>#2$9N|pZ?0?%&5X#Vk6H*k@Es23lt~`9
zg}#an*=DDkz4vzE6M0A5X7$6Rvwc4Yy%55$_PF1wF{R$$h!$Ax9u*0(C9Rg`3dJm9
z&<`)^12k{QMTa#0IeohxMF3;TPn78n!^>yWH8bH08v~2o^q*U~HwCs#i^_%-p1k|M
zIQFnV#G;+bGBhO>S+}t==SNB_Ajz)~WCArdc|#n=+f}xc5MBO@S{usXCtv+H>DRVS
zM{cq`E_a3Q9_tG;9r^KEo&>YF)MnX|2)2Z8GJ#Dy55an^9z=_HTz+Bh;xmaW<Rs(a
zp||n*t2PoJr=HDtpJ?nim^z<*S$S4G77Pa~@!D<a9j=HBV{XO0t8ln!_pp*5J|lDC
ziqOidD=oYIt4P4<)Kfv4R*0kJapO-2W!YaXzdvY|-?WL-{Kxhk$uj8y5W8Q{iAP?^
z*gkPSA?sAuIj~zMUq2L<;G0tT%nqcoZ0}yGSvhXy;cUu}%A28b7OhMYeYEbsmRV)p
zh1hIezE>5xp(+-cWuGedviaKlHMN6MnqQjaoRWtnk9`TPd706tMJy(G%?Hmk+FLE~
zl=toM&W&|jwM{1~rd)7sMq*_GX@}gA2IJ8O#iWXXfGo^ri1J5|%@HIvtA3L4eaH|c
z@h54G_FD$&do-b7O*`!;Ck5E#bC{cq>E6@cguS%n!sGad3&+8<B?IR<leP~k?M<xt
zhkJXJx7J5J2z#AvmOgWyMaa&gjH%MOj3ygx<?uOu9Rovd$0RPab9xb{bb*C*3fFk&
z*5ES|vHm6$55U3sZ(9vn3C%T6B$)wo{q@*>#|8(wC?hsQ5xIHoG3v(EFtB5><1Y6Y
z;^VT<pM5}5|I*|e9|h#+x1J|U@{7RCwqcP;S=zxa^68W&wl`*Ka*?J(%J`Z2`=FM6
z)~~+<GoNs-#N~_)Y)sQ7YT{z1I(`^@BEuWyL(l!M6tOI`WWyG*QCQ|4uVcfKK4=RO
z<akZu?<|QY@j%eI?s>RMs6i0O^z^_14P^TN@dSpz|H^Lu+Y{Is`J<(cB*ZU)gLy~<
zKHv0$1<!NRK#z#jjS1Z<_-s``rVLpcaffTgMgm$vEN(}!!w3+3{Rq0i{@hhuo3Slz
z-2aQ6oStb+A$>QsI66F^z^TD;BlR;)QTu0ydyev@suR@7HZOprE2-f0%0`wVo%F{$
zqW)f^*V9-5r2mL7?`)iotKtA|slIwcuv)0aO0L=U@})c-c=WoS>H3UiZ0#nA7*OKA
zX}yQ>#d9BQ>KrhZU<U$6#g3h}WhZp;?!gqiGie_Y=Sh14r&Jq&pmiAMa`bzibJmIw
zSmPB8x1I^*q6S7V`KfRO_VE{b6GfQVnBNAhoxgH24QJ*YFXO$t;pjiR9P2HP5NPNI
z)qj@Da7R$NlJ&0SOiq;?q&lZ~bbNAFVKGK0?nhQuLJK<GM6uBvg1`m(?u%9sygk{x
z%95__<~JMEO7>ibKP51ZPXTl5{|bi@`m}h#N>3UrickV`l|9Y4LkD{K*^mnQ;|hN7
zNy`wu;m1$c*KUni<(}q`enhMU$!Nc&3TE?3=9Z<^`K#SS=Np6+re*tKPq%6}MKS)t
zAsGjfYfV*kGt5KQpW@i&KLb%eX)aTT$;edvAP4-{0YPz;pPBkk{r_X|!F9Nt^48K)
z|F6$6Q<kClB3RO|)&59?>;8eqaD2mJC|HLOm2woiY?bh+TD$?NuLg2~Z9Q4(Kp-HR
z3G9~`1R0vrWTy~R1z3&G9H|^N((5XI29msh<#Bdze%0>%xH`|;ugoXuzB#+-RkKe4
z^L8UX7(PM(2`Y|?-G9v=kL1RCrX8yMKRaeGr(KY%u)Lcs8D#<G<Wn=_in%cIy*a?V
zxqHZJZ=h8UXb1=M&Nxra&nItFzy??jRGxSp)GHsLTF`I+JqXuM=zG)57y0dKuQdct
z)2@4vI%^9YH+wS<P7~Lo3En?Gmji#&{I~-JSg+O9y|(Z%82-qkWURQVUJ{pH`r!ur
zvEZ~ZVxbc0=Mu&8n{<_D)Q4VIs(-7CR>8D$eSZ@@SrCbS`sIreqO^|}9l0-<cJzT%
zxmO)ES57Q77jGA~UB@}SAOKbMYgFDhC~5Y__VnUtL7=*Rn?@>nVRt!t)xEwY?VYNW
zZQ@*jcC$E~^!p!PP4qli%Ongez+C-mExGxJ{lGSecx*lu5Rxot=4r|z+nL_Wa<lhS
z{l>y=(#+TQ3frn}VO6z3L#B+6l@uEu?keHV67=N(2_Nv_S~A#9ankfbN6OJNI@-m1
z3!oXmLuQkUwGuk+E7LaMi$Ek49|&auT=QXTSW)hG|5*r^V39f4n#rkARsQp+SaZ3^
z-`ktgjQCIs69K8!2c_RU(HStR$h@4#Pg0iMe+vsSLwbr=<dPhFF6H^Ge><nPfy|87
z_&fge27JY>apHE(3FyZ&Qo9EUAfN`Db2tb%4mQs|(_r8OQdhO2>B77>%*$<}<$xxE
zad-gFvXCDYmqz<6^wh=-`&yD?(jw4@m!nE8zcU6c9a~-nzE9pu{<Lg8DJlK;fn}BZ
zwh%Y;Al{j%3dP3?px1Uu_0f;<q$1@F8&|iRBo&-jAPV8vIGcyXcVM1p?1k|*i0$7t
zwQ$(w4ctOpjA*`n^EnrHn$>$ct794<ab$!JA{Te}SUNer9Q2608E-^aEA^fQgCgWd
z7!QokMBYbP``BmAx>+-{v-bK<<J?)~$dr%oc9escf_%MuD=*$pO_Iq+s`jUUMc%D>
zndyjXcEQUE$W5W4se@T2FcK=j3WyN{cgCa)%2q0|IP~fmHlTB8?zbDZKfuuQq9NR(
zE#7?S*gjR<?TQ1sP<94Q&4|x;-o4BhLa}JB-+8xRcj5TSx7P}TUmT&kIBphV(R%mj
z9jd`58Y<OzEBRx^MISF1kLGO-&MlYnj@ImT)l~XzbGUVg&)O^c9^|?A+ia&=L{<DU
zicVibpuAI-z3j24@fUJ~Z}dkTfwo^8Jq^u&Rr!`B&(h-{DLW=h=%s^CgkElbGW+qh
z1WK>>F4ks8H)T1_hCsIUFKM<M44|xbQ0%<iW;@j;=Y2hiT#0PotLnCfF142^Z2zXn
z>X{zxEy#D+uA3F0jjV+l@0bQuCq2a-FwB<YN-X>(8rmNqhkq+IwX;W2?_gSgEu5I8
z^^1z%;T0>s)}v)o5th<TrxiKp*L&7lMk30|`f{Q3)!GkiO+mL+)i$>vYq$Wj2Z0bt
zahl$s09mQJi)P1q=FC2mHVn#{!*DEVAs2MbI$;}m=*W{-LA+K$Nd?VH$k(Mz_1i6p
zjaTR>R4><=beMNEzO32kD<!~ksyV11>iEc&L8M`O^i$U~=<a??zk{<KbAI_gpsPmO
zJhrKE&BX;L^hrP3b$g4_ZuTHD<L8P#@<i79PH_8VqdVlxtfpaoSc-)qS1Ao6e98ba
z+cp>l68ZJkpD~!<&Xjx*-64{3N$u_Jpx4E5UaSK*8f~XifA?{n!L&bd-8M4hxrHw7
zyUm4uT`q(!))Hlk4?K!2YfQ5*D`!ab4J7KsynNRW5qV|pb4<qQ>|WVJ`CMGT6W_B{
zm!hjF($@!zO{wkfnmY`q4<kF^S`Y9m``@jc6~s^dmQKZt+T)#<c_(`Hw;4{FmRJ15
z?`nTl=1@`c@}E6@z52n|!TDds*EXq+R#axl5z9IY*hd`QE^d2V`Gs8m^degBdDGs~
zjr*e!oDrO~cHi}@jc3FAcb>3jK5Dw09ln{Obint!%1;%xn-I8BYcaB)Lh2={Ti@}=
z`XQ-`kV{tntD8<=L-Ldl(1hN-$|Azz@J>U+P5*v<BpcQTUA4YgWzw`Vg2+!2l-W)o
zwwg8;9n@wpU>fe`ydCkjh?GoV$++{uYcs(i$C5>7el#lR#=$^i02_9(;^bjRGBU=Z
zP|P0NI(n;|g(FRGmnG2sgvB5eE#K}A9Ws0+%nv1-$~6UBKbejeU0a?NOvfk~BUzk}
z?U>`3qKl9(<Y{-gkZijJc|)v)*72Ck3Tc+azgYmQ9o5-XB`#jE0k@^~G*jg-6t5<B
zf8ZMDy|G7V2WZQa`!SKq)&87f8P$(A1H=O&+J>YSCi7i+IUG7$ew@DAzNyqEcB<_d
zT)97KF53{N4NYHH{myOIE8(`xF6$?#kY28aFrq0Yj^?Oeilc((cG?brn|DZ@2{@SQ
z=7%oLBH%(JJ3NYw?o*hVwuzy%se)5gtM(2|?L*?TrjKhg4GPi}U=jOg#$}x^$12u(
z90~C_Q**r8!54elR%pQZ#7fv^aH<udlm06%^8B!ExI{e5si{29c8o8R!uwL=$;p%6
zYsbB(l=ip5a#IjtMUKc-rft)NAKFrwYL30cQorQVTi5&HZokIlLiD%BAP2<gQ()fr
zi%$05ghw8m<b5&y?D1w>mqUz&<ADbYY8QF3bjeM#Xz6%^1MIbpbKpsY3Gv+7vlL*Z
zP+zpwNQ}k859GWxC0i7Is5yl0B|G%u!M)rJ;U5Wmua!i~;sY*%T*S;lS<wdy*7Aij
zXKyz(mX$0!UBo*;u$+ZV{!enb-<`gp&fItZ8CB2q!8hsM#X$%q6?nCG;jCM=RMmL`
za<zTT072RqqofBPW5^Ken4(<nH#E!m-MKh-pu+h~F7#AzF3I(4-43v7ymp4fdU@nS
zvxkXLeI^O~`+Zx~iPw+yL?6_lnpbY$AJ-uakrEx}F#EBAzaCTJ)B^YL>*2fy1J#pR
zTWJ{L3I91n;Khi7+HEfwkMdR)X?77)FTuC)5Xu{96X}qXos(6az+Bw>=*KB<u%zw%
zJP6Gkp=fC5ua>71OV7@^($%e4`AXa&G$h8)uiW`wVTbwXk~cJXs)arxi_O(F;JLs+
zbo})Xii7`$uD6bgvTeVHkyI&B6p*3hMkJ&Kh7?dxQjnBVhmvOK91svChAu%+DQQ8v
zLztmKBu9Ga?igU+6QBF}eQ&Jq-*GKj*L9ue5&PK3-XV#b(^ft~XC2YyYPptT8cS8-
z%>(Bh<J3;wD{PUD-gqkJ8$&^$*_mFOCP|7|3;WMuot*KN@;DfKG1xVBlg~bF#$(g0
z)jc4jZ;DMVohkK|)a<ml4mz4iqSoA>S5o|3d(o7o=a=W{^9TfqCR+0@Mv^jKIq#DS
zanVY}+I*g8<<favKB+a#nh;mvU+tv%@}!E2sTakrs{SqUCJ6ZM>Q<(a{MP>3uXtj8
zy)OTVj}Ry`5@<Bym*zj3|H$#Ww=qzf*5MD?<SzH!gzF|hb}b{CtQr7m{6P`@e4c``
zE(WOj#RI!v;}>7aIr4S#M!8kk!+-}}S;aiJfn8XB^^mTd#sE}He6BQaIL9;nX_pQW
z24)!=ZnNH&B&cqBdfVo3HD9U9WABjBI1WbR<Y(w~A88Osf|_G9F8atake5{+Ig#Me
za1G`T>N{7fjumC^W#uOskqcE-fd3qY5;F4*x~IQhE?))oE#jK<>T27*N?jg8K7CQ)
zo~W#=x9PC4Ua>PJdVg)JSg{l)Z<0uSAluj}qUnGyswc`fO*tT_t5XV$c2MVMUkj;N
zh%>95f{Z03(<Q_VsW}f@$hNzsjB}GSFG5Q53(v-+xAhE@+h;{WH+9z}R?=R1?z$&(
z_O^)N+dB+OPnMRhP3_H4$4vR|=*dRxI^S;3*<)-xKHNU;Ykcf?$TW3w-()*$7_s{t
zL5W{u;k(qw-F+hy`@CcQbIIe1=f4Iud2C92a@P57))wd1>J{C#YBVax8CvQoxlc~G
zByr@oZmdV2irI?L&zRw9i&Gnrdg`XAnJNYoAD8|9<sbL1O4VmyLK)&L1+X=SyLB=k
zSlRIV82|Yl+Z{ATp6~n$;o~1GeIk9*+QqNy_d~Yc>#c!cemP_7^uf8Y+%@(c7^fLD
zcTU6gq@IT>c13&6z^>M)+=jn8ZAJmM6%91++M+BRwO!Q@C@iF2NGaY`BA6V5m}gm!
zz{Vv<6`a0@Fz75CZ97kw@5_eeB<An@O8NLly4fYZt#^Z*V1Y9vUTBC%%`!=*F$gMS
zbo7x<Ao5L<lNT<iu0A+{Ji)vqzmMGDuEGbF-#(h$RELhc^ZYHRi1eKMz6UBzI8*jU
zqFF$#tipY6z`u@DsQ_yY3{1eMuLt|>_Sepsp)eK=68(IGg6gUYjvlN&fCJ~dsEPkX
zny;OzoOI@onAQ)qPu2C=&etr{!~-!r;aAQ^L!*kZu+)a5OHyaE#ZeRKvd4C7;Hqsd
zk>r!7pFK9uvh7yBEYd5;ozq7cej}ma765n>$S=pl3>i8L{S!O)6#<O?P@^^tS!0B^
z`}n(L4BOj!u$Os}^Rwbb>w-nfy3y5;<48UmNm4)?23V#o(n~?F`ge#bQq8Z{!qj5%
z*!HUG!G{XgaZJUCu%^ki#>0S8^uyhxtGu5T4A&Zc>yOFYPph|VWjHELd$T>H>YK;R
zYS+qLrYc>#VLdb{R+6PaMGDF>VGqEkJ<KG(r_=^9edvOkz2+X{Gc%|@DPtt&b>i{t
z8t`n<@R?F7<VeNuMdG0)^^IGmrz1xLEGHgzxPbw-23-0P)hSlv>_JHntpwtP0zZrL
zyNtjgj)MywhH)Yun|ITd?a3nUm#Vq;#R^X4F3p$4ZxPeP84WxG5Lw2i=UpWWclX#b
z&~RjgnU;?8;$ySJ`TAs!y{LxxsoFz4j<FAXwvQJR`(H{=hb;?thcPH7WbzR>Iyob&
z=ZVvLi?)__R1RL+*eu$Anv!b2a_OO$ta>4ZwlFk}sm|Y$SQUDI!NY5xxRPq)r3tNv
zOF4S7N;<ZeYSZ%{-SO|&r9KnixvTe4fP^DIjJEc@Se~dbRO_58xQ!NnMV?Jb=UYuX
zB43-}V`<fPk(clwP~0Wu`8G%Osm)0y<<;q_7ZV0{Qmh#kQ4n5+-)}Dwr2jN<-X59$
z%1HheU7{HynAuB|`6coLB5qGuKj3zrtG1%ZlInaE{T`&N3D)Q0AM|D4Z8z&)cp?@a
z-4nga6O8vsh6EH@z<=8!^JsSfYxiTAjo~j<q`6UQLOF#i?|s{w?Xc=F2ED9c4!#;o
zIkVD&{99sUe(SIBM>13nh~%NkV@&!_AM3s+6uhWcX0idfPP{_bMfKm%OMbG+eQDWf
z<hhT=T7|#ql?P}r0&4-c?Oa&edG*|`@wniv{+T{<vGnZE)(>a`M}B1?E)1RA-tf*&
zpKTVd>{0YhTW3tDYs_MZ&m6v2Vp{3^Qqc@&xtr}B*Ep4PE6EWNuhX(n+0?rHfX@;G
z1Bse!q)+VpuzS1F6_X>3a~Kt~tgw8mk897aD5YqJhAgQfWwtZ_^r?-|c~Ny%KDS;>
z%1r+;p<R|m1V|yL!B+?7UQBzzxRb|$Xt`8L#ix#K@5aU2j&(Y^zHQmleY~daIp=vS
z9^%}^a?@uPC&Nw2U*osf(>FUOyHz~P(|B-r!x5GXqGnl0tOk2!VEZkD5vX)(c_|gx
z`rA|<pbf}q^Pkcm%%C&lCc0%K%)BbxgOYL76{x9Ap%9K`|87)iz5H{oVOFGlI%`hP
zvDDpq-Bq~pZe^lGqo3{B#%r$tlpgguzSi$ON-r`2?_GB~#a=4qnw!7Ok-f{adid(F
zW#1?%{BD)=!^TBlmwl?x*T~&frFhdj=9|*O?aSwOeXJD=u#w4KgV_%(7MNs6Vms4#
zLrjRJ`k#X-+wdQWEy7SYyX$#w1|OR>hu#brbRU&@gxew;k|Fcwl-=vF>H8;gj$VFO
zoXe=Y$yHf~@vn(9XdI31Gd#wb;)j|~d#`M95GMHe1dQ?UzqBRT#X`|~JW9AECR<CZ
zZ+YZ^v5vPz9;m*ngNir0QuqY;U1l*>3y{W{N)^H`_bs6NfUHa;k4Wri3%Jo~<EHC9
zMNze$g>TAiPIs03Jy#MbKMLP1G8~%AOWSd=jfe2Bsr+h5Fpz)pb^qr_YRqNP7y9iQ
zkycEGvDU|5&?Uvvsj2m3gZZ3E*U6P13%35KMBL2bM_kLE;r9q2OhJ@%SAR{I8<k23
zgAEIeKu{%VBRPK$?S1Me>kTg>yFjZo2Chh_{tC3-YOECc&J50bR=lXfW=i>HPhqVx
z0!3plifZ#TEpMyiHkjjnxpH<K$xqHh3MyZ7%XbNjp?nOvr;p7AfAlD9+-x@oswMlv
zv2&B?X=_~vgh^auLe{~$-=ctreZYMxYX{#|HyLN=^_h{oCKh%4e~f0%yoJ{y6@$*Q
ztJ%l+A_Rv8XL@KVK}c0aLMt$Fa9PwxcA1g#I9!40b(t07+ZiLDV`?uJeW-p}7kkup
z->@-EhBPj>vb5CKikLb2_ynaNcQjVfWRCi%ZF+C&O%J)(lc(dPjK3&-{dzB<(O~5x
z9f^IBgQKTsuq7ScQMm@5^!#M%6myiEe#Yq0!dGo9o%7a0e&-F=t$*}R&wMNAb#FR!
zZSd0tktv;?KAbLLxm<_LNyQH+sk%{nCS2@kN(YTPKKg$esbteXl68@w=Ir3l-Ra7*
zx6rFf9lJ5VML3Z*xWVM+=ZmZjAsgOo-3VSSE3G`-oIPF9w6o~Glxiy79J}guWs}Cg
zR*C;vepn3a3V!XEw~UI^b}OwJ{O3XK7ya3YydGQRvM{s;_AD3v^pcX!V!2Ax+}hH$
zr0{?@XRn-gunZRb6QpUsl4(S{p6{Nfv<nTjwQ)GY-!DUr)4W`8@Ato%S`6$4cboas
zN%PBt{h?mD9}Z*>d-iV<;9A{>5I|}1b9+1${87*U-Q$3jx;(bLAV|P<DWX*V)6vS!
zwk`$3js@#{FC!pB*EC1Qww!Uy@#ZR^#kHHbO_l1<2O9F9GfSQP;s2U6lCD++>h0s!
zsh`{R#c&VaXE9%5Mp`haQaf~siyZ$yn7&IeRRLN?t<oAAU^466NCmZbv-q}MbrC`}
z?p>_%Tp!s9zccsR(7?ErSa|9l_S;n*MvnX}%T!AFm=;yFgE@I*h{fBSq@i)y^ghva
zs-T1A^}a>1N0{IPrn#E5zU|?a`4|!A6c1-?^V;=IW+v~W2pY=*=)A0w$Jh0HSbFbT
zY}HXWjWteyc0c}Rm;Py@nQhpe5l_<vh9LiIp06VS4<SY$pr|s#M`xR7(`2I+RVM>1
z=i)Nkfp`h|!)15;7unEse6VQ|g68a5VI-noHHw9qnhfdcs&{!zT}4BwP=ElGn0Ky*
z&&fJo$aFl!{I|=Q-!%*h)Hsb6a&W07ha#13K*FgVAJpdgLeqN+A9Wn}#6AhI?^|8~
zhv<ynlI-y1ZLLO9*^(3*#iY570pGga)AjKY>f+^J7_vFvR8@6$$VMU0yO&f>!_NcF
zKX8I}B|Xt%S?YZ2tcdk0G*5f`!F1469vfGt(S!bU_|Od^RbKNv%f8}gs+OQGoOb*n
z^<X|d^p&mRu-_c2&%cW?+&-H=;?|WrV&?XPPUEo4n2=L=J?Za1mw}YJFj)>M{rZ5$
z*@EH$JC`X~aJ{V;4j*FU$X^Gh?VZ4ei|_tGaLf?5j%|ESJkY*V0eLuPXg{XM#VG!*
z_t&bcmPVOqL+xFe*o1tOV<)t6sh6O-uuM}S-8z40n(P^bFJ0PE^5@6V>;KcGoCtpY
zg^=W9KhkNmUe+ufw`s6_Z&>;<#yK6T&9lyDeC5sFs}da((<Gdo)8vR<FmLrWlKgsI
zC9qQ4vk<SCwG&-tyLnAT7pPa%es``o3-riX_vA<k7CAUM*loEb>1b)&^|9{z?#l|}
zY@Yp+7ppzX^9zG1{SJu>aZ`|)u!_M*_|QXd^X4oJhTC8Q0cFma|G%3Pb-n5p&^bgR
zskYTv&RO&ARDDsEeqB4yzxsasS->VklA_Ey2^|`}gW+0U{uW=Z-!SNw7&?JMph16y
zSqct3$kc{-Pj=m{<k{?Ys5LA9?jkNm>qqd^$JwMWf=9<|*c93BG7XyVW!Hb2Xdc#6
z)cS_pd>jzQ_;q}yqGLKqQGB8{xSmGVa&#gC$1~+bRm}!8HnU>QqqZ-MQDd#wPI=JT
zv+?<EsHg^`a!Jy7?sAd9j6AVY%K;*B@-Snt)K>+os`e$^?S1|X_ED<#=h~G^;@9VM
z?F4Oc{2QrFQc}g`pJY9$oU2T$)e2*zHzEWjXU$m(PN+j53M#re9oY9D`3aI}Ni4+7
z0vu>znkAiC_ye$0_@Y#z%&go3u1%@NgD$xiS74ETU}IPmGZcriCT-eLsGsLXk>lZI
zJ1hHo4i98|aNP+VF&l08u-+H;jHMa@9W%y|^m;P7NWZYM-L+4qt>-iK7MA9=G(u3m
z*Y0t?_VlvxgQz4zlHHSr(20|gor8g!79|8IzpJBO-Iqa^&{S*Y>f12d?x2}L4LXN|
zi`CLjn1P#pS?~4aE=`w0{c*u-mT=+~XVa|N{0Pu8VC+_uI##^BZ%lu*CO@t3T0H6>
zcw^^1f%L{fND-Sg1>?^m&unc?+j*W%_biJ}R~;?bmPQ_~v(QY9A*=0J7^OZ=Op6t-
ztX@z20cF;3a1`a@VR#bxsuEf4<9!6x2GVu5$aCk=#(HX;I9_lYGkMcf>ieVB`wwV)
zQvQ4$bv@N*l-^Ek$eq-j`-07@xt4FX&j|*>Vcd_BU0qz>Z=M%9pft|+`s8<*<um^Y
z;r=@CzxTHdD(@06;FU)LSg<f@w?_m%uDg3>$bUM9^d2Wy2Z!aK?8Xj|AFIa)k&}-j
zX_jQmYOA2AKk%3ak3FHgbJp>a1KJY;xPvx20S<1aRL~}LoZrvMotCU(nA@1~t#jS>
zv>c4>5TsHJd4Qh@@o5chdYMw$A)=xFHfHE?XvwbPkQ>+x_54p)`z%+>dKy8Lar@&M
zL$`;<;|kSxMiJpp!TcVsC3Ezfv3JtTh@Ug!v8Oekl>RQl>vH%CbxuYKS17-9p##gM
z*mt(ke8CoX;y~{zrXJf7eV}7B=s4FBb$|C=SL2oOkOS4wxTSZ3rBJwU)>b-b9X=;R
zbZY;BNeMwq7v{zjL}FnKbUEf6vFtc0E?uV&iM2^iIxns{-8Ac)*KHU7lMJCdpxX3d
zIEXa)K3?6BsRDmi(do-u{ZT7%quP9LRsEp&n~_R8ZNc@a(Y=-Ejsg0?RL$tMvUB>F
z4yS>sS&U7CM|kT>4z#E`+T8h11ziPJ9t(VH(!ma_*NJBCFla_f)~1ADt1p@oEk-=N
zmE+?R+D)f>fZkcE-8s@|s$@g;Zjwl5si%0o!9gJg0V|D^%($`<eo%2PW^(ROy5A@`
z;70APc%!bw{pAFmLs2ITw@EYxaFb3U`bCH}XG+Fgb>7|d3v1ig_EY<+$geD7W}7~*
zej=7$MVi#5>_~t9w;`x0h1Lu~77zXU+*MjW<Z1Y<Wnjd;d^n#{J%5zZkrR!Pg8`T>
za}he!=^)WC=%W{!eff3+)2n{K)Ew{zYGj|aKSuga7rb<F7keWa3&YZj`j9nzy?UVW
z2FZ}^yz(i#`DaZ1*6E30wXXwcA<i)3^ej5(?&1<H%}f4=jUAUjlL~&C9d2e4+PSFt
zomV1Ht%BDMGU}g0kkp^ndwHJ{%tGML&(Ox45wn;nO&`3SCEVz?`}<BTJ%37uH(_QU
zSl%4YbIW9a=+wtbhe6VBZOQ{DScI^UfF<WWW@&|W{!4r|T<o`|t_HNK;bAa=MrVrM
z?`aR<d#Qc`sfL|a&KzfqCw8uEvFy{pkO-wwsIvSc@M%AZxTz?r5L&fUoD9K$9p|G>
zB6~%Hcx7%_5UBbWa!p08dXuW`bt3b<ItNR1HZ(3u_hBKyFSgPp3$3DWBW@*Z53+OX
z^H|iWBAb@airX{D01%VRr2N&qj1d*={5T5)#f<Fg1##rQWej0Ez3y;b{K$^~?+x;U
zs_q>Ft++l<81El&bEQ*YPwpz&o*Z`EdbtmSl8G`aRgFRDcC)-FlJq#juF|p!K@;9p
z>rx~nL&PY*X>;jF+9a0tC>VOD*jgs+g|C7eNHo2_E#rrRQ=jhjkeq+%U}_<fJzqVB
zG`gy3+Y%6TZ|BXKcUszu!VEDi41si<xLFTd=T|{ACM+z|?%5at_O0L)o;t)PF)p6h
zu%ddnto{tP(I~Ax{7{(x{Y4}CbKE}GOcvK2Opn2IKErTqj~LGG?+M--O8JwA_WcL~
znde0TKj^R@rHY(7qGb75Uu$U=X?lz;o{>H4J1=EbuJxP7;qNu9MT}TurVb~In|L<8
zu29S1hZS9}9K4BXrQQA*?{mAFNu&bpu6zRBJzA&dGe|XX{}OV@X6c-%)Ys8mZij~X
zwy!iEr#x(Zd$$#=>Ax&bfRu*i>~dMOQINq5+N7=55(gKtbnGwzhIN>s*bg3~;qxZD
zFNQex+dhd7RN@9lw@_<lo41%{5Fz2Grza41>f<@;<RSM+lb?Y(4lf#ICmJ7b<kL44
z>L%s*RA8b&Zrv38doC@Fn*H5=Kx+=P^rZ@=roXuvT@}ys;_<G2Ir+G(D{5{D*r7zG
z+1Zvv+K4d!=zK1AY#NvAcXc?zN~Gl!O8_J4COj~u0A{#^Ci`b%51PasBXXRmOpIQg
zv~ec*vC}G%(LC%r07*6gqPhDxmpqD{;O^2B1>{5AfAC;XmS0NKk&q+4QKPl=+{78^
zhoPwDe<|(y*}R3=l~jwPB+3-&nbaJ2X2~4SrxR0vL$e52S20GycJ<wW_7*RBM+M#b
zdqODTD~^2Nmo%M<8*<Jv;@V+UF;1APUb}G>dX>HKrw;Hto&8&wpHL`&JIRRyW%>7L
zH8lYX`)m0PXA?Lw-KK50Xlt>lbSsV;DX{Y%@q+f~_kOTz#487p79Q^dI*yTD=;TK`
zRK<7v$&ur#7ym^1{@KCG`6WL~FHH;;0kuV<$Km^vj3*zaih6Rle200*dj)_4Lj|r0
z!@3qE{j`h+KN6~G`a~ik%kybFbD-7tZPOu9Pr_@@hJ`c=0BicC@G#;y@=RrTSaz@Y
zlwRgISA+ackgJ%HvGE)VzjuKVv&$Yioi<V984bM!n`L^$vQB~eT7@^6$h)Y0rrO2k
zPQP$-$*c)3wD>tu2v|<1E;BBb*!uZemD~LW_2}SAfe)9pZo|x;X?qj_JP2QZHoL$u
zS>r)KFv_w%7d)5f*n}3)->yHEYNObc!oNNv=M|#Ul4$%gg&=&H5Wx&gj0D@oCncNP
z)RO6~n5K{SVW~`i0%<b6_I+cfz{PXH-%2w{kDW?q>K|jQ^bIk!%onZ{Afec;>w|x)
z6#sA`H~bnm@r-vHWZ90DvZ#!Uf-ajhb=0t&{Hsd&4vU)nOq%w5o@FKSeWA<Tz*vcU
z$3#4Su=Vl!n-G2ifyzh$lM}`ifhYaC{ZH=rRhx93lcy5J;X8UL=KAXF)}N<-D(Dmm
zN$jQ)X5BS)NX<5Supaj7XHc7f@LgDk^+^K8t;0H=JGgVu+9`s+>BOlut?O^49|IqX
zj~QC4>U>OMpH9irJ*qqP!UvFLtWRC5m324Q(`T{4hqaU?It4!OtNIJ8ZlMaA39BRX
z&no9);_^*AZzU9nwjcE*QU=ErxNQiBa5qr0nxL)zTjBT6H(f)uAv&@MG{2AAxc<&J
zD_6dmDFeKZr8NZ7g}E!vI#-y(6+P-N37xL>+&n+D)Yx*7u_^mee>QVU+UU4V@1U_9
zN=dL)dw@(7ko8q%))%rQATgQ9IcL@KD#-KGP`Z(d<TR5?udd$v&SF!mCb$4bWG-#3
zI|cp9)hpTSqUAcbq-^<WZ`$Bp9-ot6)=Xs9Z=dCNBj#gkw}SBAz=A_q1Rny(wUScE
zQ8qOq%67Z0aw@ttBJ0ha_Vn}Q^wy!9zWnDzQwPz7=q1GC=($Q8&Nva7Nh&MbXgj>8
zg!TN<&Zi2=GkTQYv_tuQhms)0Q~c-VLri~>)T$jo<EPplec2+?e`C_U-Md?<i*HCX
zoogQKo8BH$7&}?nL73KfkpFnCd-ghauwJ4-pOz%eWYB-EW0I@=U7~51<6#b$qnBgt
zFK6KdlB0XEo6%B|RZ69o+^IKT*|zgCZrkrO;^Z7BEvtJCNg1Xp32Yzawr{wTgy|KH
zGbx<Fhc@W7^Ym{YWqh`#GXtxXbierIk+IvCVRx|}&TiK)dt9Ptpe-*QEE`x}_kynV
ztG@SSLwU{V1D=&AYKfd$5Es$++E19>_Y#3go$>J^uv>_Nia)5JKT=d+YXs8nXT!jF
z&HDX|hmTW6jy4`5hn`O|Cqm#xnB5aO`YZ6VGLx$J1W@MGhS1j7M2=o2pp;BV^^$rE
zsD9BLgUw2DTE?r;7l$d-*n7rL`hZmq2UfqF?(JOwB&-ylP(Ulp5x!?0ea$pfw|n<3
z+aQe|;8aW+T~Ejx`2xLqIy~fjnohS^W&Px_vv*y{$bqP^lQ!m7(wv%#MaSSav$|46
zR-=HxT0{q1_1UoxQfZKp8mB<Al^F$_Kqk}O>K`C$F9VL*l~37F>K$H%R|6p#_hl)l
z;N6u1gLLQt5{Vk~t+S~^C4tgEs0$fM2VZ%Ni0NS8Sw!PwQLv-?ljXF?q0&Xo<+Qe8
zI8jOlcn0KaL}d__GajX^H_IcD8+G|_z|<I&UB2XQn;BgpI;>8)7qd|3#l{E#Ng22m
zfgrlIrzVv{AV+ioFNow?E;d$qhE~sutpV^9UaMw=-nN1VX_`AZpB<krl%Opq2u<e(
zm`!9nnK-?3Mp-uJ9DV$~$@sy@%HS4WO;>^p`T~+wv>7<@UoJoZr26}sy#lhR9_#gv
zIzlchl<mG|;q9O`^B0uj<Ve9z9ilBh1GV_PPm?n5pa}J{N%}!EiXXfhOfT|=Q$G<<
zSF(70ICEFd5s%a?^*TNMg=>eB8s}{-i0a(VmnmA`iI`g)Ns35u*pFSN*iB&wU1dyK
z<?24>2pw1O9U586l1$nd;;;Yr?-&!l1KQWS+{PW&X#;$51q<={q_!OS7+$?Xtt>5r
zQZJ{+_nTe-ipzX?VK(iFXyj1L(0qtjmrk?vkD)l46g_MF_)*GXa=wwfG~f45{*kMc
z_HC|vEjTA<U*uR12}+P(^i{R>OPn}g**(yG$G?Lr-qbhpcWQ|l8jg8*(Q<C<p#Toz
z+oi*QA{JM0tB($Ibl+O4kr!vnKnH}l2y8m6r?L`XkJbK4$1jyuz&_9C=_JRO8o9<Y
zElWk}9Ehf!Nz?mGFWvGxe#`e%XJw?AZ!2Y_Z+mA_rnj3IXAv$<AVyFW%FrP4X{In)
z8V1Xa7CdU2=@9asb6X=2XlY%hO%y(v|HT+9<ejl@pj5*@f?J#Kknvm3YhWUnOf{ah
zEnR#iJA5%}&H9sdF?p3MoyeAn%eN05%)X0bO4zS{v^V$8LG;5Ht4Z!#&8|JxRby;@
zsRE-Oe{R)w(^-PSFyh?%oNL@(bGq+T2_bV&l%U*r+X0V5km8Tr&tYbR7tO>`zU<kL
z_@Zwv8e6>SN6$!7G-TrcP~A2(OIb<dgf%<|%ceXtSMJ<nL$M_m6h$_ygP7t#6d|1Q
z2q-s~M;`q<)S7#N;JrHCv9GXtD7MS!vpu`(Au`_DF?oM2;_$odILf0egpeeAm+_CP
zgCn%IX)tAf^M&=Ad*o)UX{xC#sp~pp3JvnE_D-6GQ<u(^gm~**7r!0k$74smK^4_S
zy`=DOD<phV<WDX3&yNTWBd5wIuQ{@XKF{`$W>G<JTl)nAnn9{GbVK9N{?*TJ^{1gp
z3a=U!ZLh}_@M-;-^T<#(EvkXO+XIIT@%9;|A*lFBGlT*Sn6_q&pKzg{<wXll0xPH1
zPW(Fi^pA>!u$M}fobePfZ2qxO>7TYzE#D4ao7Lk1qebwI|M^=s6n`2lXo2o=#93~H
z>8`!X>IrpiPvZG5Vv8iFF?ViC$CRYqUELpd&^UWx=5)8+1K46v_@HS<Wh!amU{yEk
zE0zSBpvGA4H**^-1sm#`AWHe4ws9AIjjET42V$~&N|u*?`1o1XU?0dK+ryo9W=Cc_
z7X3<~q5~4vmu%bGmVt|fehcd@a!Qm_M7TC=&i~6pdaPAKUkm_#{YjY=*e;q8gC~_I
zB~3TG4$SW=Q7zFk!i`=ciLv^(7hVYJ%Og`rwe#Y>7P|oh)AcEai0z>e)X{HqVXQ3w
zRjI0m7NXIIitec_5>>$p!q)FCk$t^OYY|O^@&(+aTNO!?H-y`HaAY2izB*%6;h^)d
zsY5s*&j!9Vt6Tf`+y#-)KIgZK@1<9q3kRpD%w20AzHP)Y?Rxpm)oQLD6`=~9Xq*rK
zo^D#5QMPBHY6l(swB6yz>rbspamKkR{*ZI~^w>P^Nc3>Z0pDx6wO}a|B4&apA71m_
zJiA)AQ<S(hz3VVmlcOm_HY7{FwjpWzclb3`;w|3g&TS8!huU(~y&y);$&Nn;wtcOx
z^CbFJGJ`&AL>jz`U?lrW9!b#Ih_4`hMX~j3n+I%2$z^;>Ii_Sb_I<kG-MT)}O6Mpp
zljrLsT-!ds7PIEMI!)2Qzz2<*E37vpZz_Rz-@+sQ&JN&BPV2H*6M8qcP~q4-UB1P{
zs+zLmn@?QI+{0-I36z>@0_Uc(G4H_Oi$PD|B~vc%hsPcio~%kD?Vq)dt*1ZK>D1oy
z2EnjKtJKTEfe_-*7(Qz4onyi`4ipl*=~Xu%2Fhm)1f=h}-|6dM=JU++$RvekIP$q7
zHd6_UCoJOwnZY3Y=$vvnObY>Gc?CduN51sO%y8>)$Is^_B2>_8Kt<{MBDbEJXJI;+
zVwDTky{!t5b~bTksi3hfyLPOP8qVAo%tt*KlWboOGo1@paRVL4psnJvZvCD(tVpoE
zfr-(bm!~-UdjauiWR76Fv32e6o3j$PZeD9{gY}((%oU$){hwBQFoP=qwo525fuQmV
zzt7(ShMq|Q`suATM;V=5E1|Dy6`hI&_#`*HUrZGDG?;ly;fmD{w)d6xr{=UIMb{$~
zkFw`5;wh@PF{XWsM=g|;9(ARNm&bPZB2X2+NIg#N;E=X+pJzn;9L{VYKAt=)8n+MO
z(_6oxQ2+|QlJqR+e}-KP$x3AskN8<18GAY2o+~DQ?8;+*&mNLFWU}p+%&7~ob->1!
zu~^^b#J8qjCbu$V+&-%Yvwwq>Gc>i|pCRdp7^uL{99H2E{|=opnhhH4&tul(+!8-B
zpb$+CHS0=w>oG$CoVPOaYoCt8hw28hl6{K2aodwuOrX9B2V}npr*d$WPK(ogG_;O>
zyFY)~L@)DqA6{1D$VX*dq3VhmGeoVOo|N2(aseb_sjD^gZOKoE?)(JhsDas7^R{Kl
zXCv2lmIZgqjZ4R~wmkOC%efm!Pe*gc%`ZeBF8e!WbyyjsNie?@ZFH_VLSV=@4egs~
z^dBPGK4-XiLRAyeL!vjTZwSk8x2q&I_^~{1u6u@#-VD>CKnoJPK$7JNBz{%S_OC|C
zBlGz3qzZ?p8Rn$6{UOGmGwv5H=(0s+FgE@3xG4Kr4(Y-V6i%<fOb^Cn{jP*mPFaQ9
z^zLbf0k4?1TZ5ul{Yy-Rh3~&#km6$Hkh90Lmk6H#vm%)<Q5pDOrgAVOa}-SOXSP-r
zAisqYz3B)Lxe}ht>`^N_*($~|)grixVn?u~s@*+WXf>>Q@HMnZ8zZY9UtNU4uViw0
zKZZ1|ZCJf+6^!qAh3t!(Hcup|(|68$Q`=Mg2-x<GF|XDPJMA;W!#6Z7N;0D6Ix+sN
zsEiDS(*|n9dt2PznDA*IVsUYfMAw>ODjgq&=g9uSFovb}!6+F`4017K($T<GYi@W%
zW!!M-{@U;mDFh@wD)Q~+ksA&QwL7e+CuHeI?DKpINU}MiI<M6(ry6(3yeaPx{@FIL
zYqNQ^dwcIh@OWYyOCPK0{ENBhBP(j~EMnUp^5ZK3Ur|av@0L%<?aRQ9GXP1>g<VPz
z%-wJTtF5n}<!0VKVo$eDd_atL`b9vC>{S<Ktq}K5hDsAFhIO_4(Kfx7GDoC((4NVk
za`M-J>~a7^iOie6{)8~}u(9Hvn8|iqtUOX}3^EZK-63Eqs&tYQ20kZS-c=|e7Z5lB
z-cD&dKy~P5?Gj`+2=Y|ckNk!vSXsC^(lO>O0IdqVo0J&@X&ZyE%OQa&8PmU}Wc=96
z9`YrOSA!u6rO@Foqu^cqE}<|u3A+R(1cR#aXDqC!yN&Av4mlY#epA~_r)jM)h<M-r
z0=-5zy(z-wt%G=7aG>%V%NpNH0Cl%W`02U^4*dr5;O*>;JwhzGjmASJeRg2)Zt~Pd
z57(7bdQO|q7X`Uf;(=55I*?vU3a>a75JwA6wWykc)n13xp7@eYe1q)Uf%kr{`_J)b
zeH<Ss310dy`ylb_i--@W7hE&MR&9gyCj_#F0;(uDE!0cIbk-2g1yT{u=7aLE+rT_%
zsaJC64M2Zx(v<x<n7GztCenU3m$=or%m_fvF-9R55oo(jj>Ggp^QZVtyAirU%i;2t
zLGwoaQaL0l_IY>(Tg$wlx0ga|B7Eu#Y0E;3`a|STb#>sgTMAV?Y!vCfcr)LV+;HcG
zp*$oIoxlVpAanc#1ph@PZ+ezz28`c!ev7=kdnvV3XegdO;Vh?8>};P59(TzE*r~o&
zY&s_vmuWiM;0hhtfbC7{y_!7a?yi6SQr_6&*!epElVsm*L9N09=DM=a0dfRBwXx=v
z8dpj<@jal!vDPvB!rP7!p6SGAVj+JO&f9&t()2_E0%_C_>q**oRz2o!q(nQ-OuYiW
zYJ5%N#W6!Y_gALq71!dMo-wFg##Sw{T!9ly0RN`Hjo4M_@CgrS#e!)88OGt+bUdg~
z@f}P)6Ejy#Fc?(Ye#?vcNk|e+gDw0$HB;JjiiZ8nxrgLjFjG+-w?$Q|noY@6a`<*Y
ztM>elRgCGB<WC!KmkM;qt_{4F(1Wj0)L`NBO}J{k@tt6ZWR@aYkisSWtDGEIlBg>u
zWUDh;2pf#=*`_`d#%J#15Stoj#9FA6&2utY`?HN3EI2EzDc*Hp#_jw$3MP@W&i|m2
zB|x7>f%zXSdTr7dEeNLo+Dex|Qw6@SjmQ2$t<&L_3{|_@*y+eeKv=0qyt`lvc5xQJ
zj$Eo-J~`ey_L|!Xixw1@tO}Xy;OfeGM2odj4WNrOZJs=EuzWrZ_xkYleXIm0eJ)iH
zg!3~u#}i<JDtSfXdde?<Bn3w>WM1z(P*^*$MM~Ep@+G)FrfTJqW`4Mojg`ju|F~w*
z@)*{K^Sc7=C6^`IE%su1x87I>)n>#T${7!im=c>HN=oghUdlIQ%`-4DzO1m7V2t#q
z_JQ&zQQ~2JXJn%&*;-d(pPt$e%=_*8+r@_VG8S5NL;X;FLca=nBW^a-n<kmm+eHX3
z)fg!HurEFE%eiGcaZhtJmw=`0am4pCEpv<0V!4M$M>=`hLZnG_^N~4(1+ruJQ$(%p
z@&yiDB~z4O{wrJ>m8mcWNy(z}!q>|RWxq9R*M{cCC2JxjP0u5BYiXPY*tu_IMKjIm
zM|cYt4G?qk``ynIC-Ie9)F*H~?XoVpb1UpE{&|%jgzo#~H@1pwLlsZ+B4*)986wex
zYA)XVO9#$P^nsq5FaI&PJW8*!o<zfK011uOUlZ%fi}m<B{+m12v3-!&t^=0b+qVt6
z6ITRZ8pYq%{_LN7uqazoP`ET6$z5x!M}c8zu5NK$d(tQVCUto|^5xd788yH9!Ilot
zx_JJlJAj9_itj4qBTZ2#A+G%;3n`gJc!rbRl@uoY7ls)__021&#~twd=JsL)euvFm
zeur|$@?nxJnJ8{hTfFY!T0Rh8j7p}v_vE{%`Dq38^^G%;c`>qD7gevk_QmUwAqmrI
zL2Omwk9Y4n^Zf0=TDm)96IHgG>db+$$IL}Ri<n^^Thx=?Up<<|Z1Upc?bFXE@QblW
zErt$r^NAZH4c=4UjfBN@s~l2Cr-p=KSD05~DG+udqdq%an{H7{LY#4n(D==mnR$_^
z_^(`V)9$+|Q6!7%AaeR`&ECjWE%k$%maJoG!~V`6>WJRFRlU=J$KkJ9#prEvaTe4#
zGRrDw$9D#Ttv)hsw8Gul!rg*_f}}9vc67KPgPMSo#hEFNpWu(I*OkM{E<H|}o0N+8
zDh?KBu-A&y8sywZKMt}Bx7Tjgi8UdbuJv4YBuE5Y!)aZG1C_*0JzLzDj;qcO$LwQ+
zGLG~-7d)$dWYmP+j&ByE_BxGfA5NtFNc=cix&3-+?96Zoy53|Rp*$4#7>VDSbQ4ud
z#(T|e@w$o1O0|AThA8}43bug9nG0o}h4eP_0qx}vX>=buG<W(F?#5<VIBUCV0#R9l
z-QWDW2S&+Y0c`(y8nRILU1HYjdG<2m5?^A*`@AwsCM5ZBWrao$PzqzFsU0-rH3QPK
z5#KMfI4ju}&0Pq8xBb|$zS^biFU<!F=Z$55#z5}=raafIyemYlTs~DMpEbgdm*-WN
z3@F4f6)g!yyvdM#zk-#z%&d>To$JaKnBRp!ei=jQA3H#78GFSfZEYr^UZGBW47KV_
z=JBQ!2x%~165Cndt;p&9&d^$Hr+#c(IhJVkJ{jUW`=NXyn;z`9{rTWzyqbGEUFDQT
z|EtW3I6%m&uHO%6tGr$CZ;`rEx#A8=6m&(p_ZEpyU*pzxVd3)Z>13pzEVJ}i6=T0u
zrSs_V3NhJTXh_?ms0@W&sPBF6gEfOd%^&+6&;K0`7Bu!qLCSY91JrIdO46sVm;}wn
z<CK!IOJfisPCih(b_jqGSC=b~#WipwCXWb|=3uGJe_GZ9h5w8<2F`&gpE`2XajvuS
zD9l5MzFD`lW>Q>6>ZTh%gzcXcSn7n$ZT#48p04=e*?$@~D}<qZ5t5ILJ8JbyCE^kB
zog6*W-^RKA!|AiSRX!kuLl&Ezug+cVdu_SfhY3kZhMb-9+j})6?<oTTTIwaiZD9sL
zWJwO3IakY8MLrCLTJ>G96_hVn5C2LTTZt+SZD|8$fPeIZ*iJW20sc?q-bMe)7<>IB
z@wkvN&hTs;^Xad@WtdCxJ|*w3knuqk7O)Qwy5GXhdgE^TR4rRNb>HR{N5Z6wBY9(C
z%Wr!v^xtSw^2h_;A6PyFhsUw^Y^AzX>U|n4w+k+n=(}*2H#S4ym$FfpaA>$n)=Gtz
zg>%_orD9I@RIDvBeu&>STV)?p4;|{2vEht`4PFd=laf!W_Oyo=uj9!QzC}v#!nRq8
zMuEM^t_<;QUWC0zb@z?c1BW5ma~N=-IYpiST$!@}oz%#8Z-7&F|BcW7=2^&CHewln
zRO_+t?i+P#KOx;L<C^5NF3oaP6hiCzvGvFN=dmi`puY<nYmH3iWQ7yy6&GK7JN0|Y
z4tilpE?;Ex%pcaev|_I%)A;x(Fuu?>@l=6c7CiP8ev-Mlaw%-|d=*TM-}yP$jJZ!=
zV;F<P9-A06kH<7wCA8W&U7xCC1$0p_G8(-)P0caL+;(k`U}hioo7S-nnXZ*~ULF|S
zM|pRvJ{MK0Y|qvhgHV2R3bxcLJD$yz1$;(Y=l+d!OL39dneL=;@OLmSfaA%nGoqcQ
zySnBDxeoNm?7HH625#v&=NCfw|9AQk_|o6DN9KDMtYp)60A<|U!Y(=AP8JX-Uk3P5
zeA}Bsc3t)xDt_?-*N=%1Y)+PicD(_SB8a61@8&%NmLsUc3U^Lg{y2p3X1f})*@!;k
zQ!;(6mDS1nCcFH%0g+wI&kmp7Z=(rjWwtg`-%K0VMca~q$)Z!~mkr&!C<w+KJbC|?
z(Ja2{`o3m}Iq!LEyww#=vj<awpAF7XweIi-XALup>?-s&(`>?&_|UIr&pWTBzg6S7
z=0FApp>E1vU{X-YKJ}(n*3SE+RpRw%SuVILHI0<(K;i(?yRa0k6MF*~aQxFiWa>nE
zLT3gKS2YcuB5xIfwvV;FJH59Qubv>+4s6${?hcI}>qV(i^2BB+&vSwjQ<6&(?CW25
z|JQ?e8R)S8W<k@S$)P(G)R*8C$$<wkGd>w-VACFdSr@JO;8A>5^ka^EVY&YUu3x$Y
z<WqksAl>+P&5dSbhG<w(!HD+sV8ciC8@-_HpLu2r=y)$mYi{cu0%b0#1RZbC3AjC1
z2!cGvL;@k)W~lO2sHj6_E;UE~a`nrFU=o*b64-$+3lH`QF!rHecd`Uht$Jh*g%2<D
zCmypZ(Jd|M&gy5#BR@Pu1u522LU$ndut~jda8WR7gb@#RNwk}oDP>3$OAmdgHg#Ve
z*QA#k(7@q8?#PO|cV1cOLJ2Pu50xz^-g44HYx<FNQG%&%%qoLPR_OhU_rfFjrxoy>
z2r{At82}ld^1@BMm*m1rz0Dt@@K8z8><L#7<PQ^?<{4VETxI1yTCz-|hHV_-_sOtU
zy9$w3B@Z58^$&m`tQs%6q&bub{)f3%u+I0LT5%d^7yJL{{)2WJki8D52XaVVS$ni*
zOphSwhgXXaVLJR^%wUA$I*e?I_X8{?BCJ(qtSE5RMUMUk3bBkT$csMbEmHIM9W2_7
zscJGwIs2eF-yKfL1TP3gMrQ$&^{|4ycOk;TkdT~9a>#=(#8g^rO8FF-Ho4npT@CM-
zYmL!@R_~32Al0jxnm#zm(9K3Ww9}hEY**poWH)O#{V$T{Q-F55y*S{7pXNK#l|pwO
zO?{>XZvylz@4Dp}%&fxLy8S8O;j(04A0A$;<*I8E#lGsJ-{|Nnhm6yE3KooPc?;*R
zH_Aj1L&v>uJ-XXf^CAF}==V?YuQzA_NRBvV0_lp`+=oc4Z!>eE;9YX;J+OKd1j%0v
zMZJZwW1oy-Al@ob?6$z%c~Iw5VwpB@<L<$PB<To}8FfUoS=Opug|>rbjWSxFmGwXL
zWZ&8sV~`J#>aaJ=1&>r-ZWogBK;R%oMuFkfA=s9)SbgrFo4G=cU0N=PpF#?uH4)?X
zT_sAT50Ucpyk4R}>^KAUeYvsihJzj(Di|Nt%LFWZ6@RFS1w(kg7GYnMz9<jVYSPSV
z;R9AMCg^C(D$rRWSo(o&cFd3zXvc_wak^Bif<NS@i#DYu2X=|LkNZ>A@QA<{jSg$~
zd;#=;`0Sm>?L&1_nNjRbfshGUBqj6~kL-1{6Gnp*T#rleGJkS#h5BQLbXkB~?gZyu
z>}7p6lzF;3P#$i$qP73%`Y4a<@WT{ZIHYLm_sf+3yo2XpMGHmf=3M~L242`3lSV3_
zM<~a46CVDmAswh>I0|5s_O3nlhy3`IkcI@`!TfWE^>YB|{8ImsVhzZ1)2!Y=xI-}!
zs2`khHjcl8jD3dDv7re11(~r{dH8N1Bl8rv2w&hzT-a~pu3XdKwC;nW7KJ0l1DQEu
zmsEyW!4&q1XFxPz)hLR6{V!Z(Muk*mBVby_RQ?4Q{>6%DT7n*e|NDVI*Y)a;3BUmH
zeF^z&i~<PI@@Sf%^a?gqyydG7>kAHX3NhG}>^~F3sC>DR7)eTSLkK-!%S0FXgs1*#
zx8~+zp2;^5HnJEvF@%#R6pRNQ7mUt}eMhIWiU*0_d6Npr0iYh_MhiFcT!mtn{Ho)V
zv{s3*NoGet@$??4QF{uLxFHBoSZ#0?c&>h-TPn0e51iRq=`myJuSBwz8UuOKvpW^Q
z+C1sAnQKx25He+6(#Ky!R^vcOi4i+;g9XHaEV#-grFd%vH=uFI!AyvyC-fZqf!>aA
zV@qMz*aHBX<}V3KEWK8##2$nI7_Vg_-h&SL_Sd{9_I?g@iB~5ESlO?Ab^d(={?C~U
z0ibI*jU5_lVo-c-fsjv4CJIKNVU0x7!HK25j8X>6BfoIu^Q>o)BN@P{p@NF)TRsJA
zIfx-LbP0F|{$lB>iGme8*wMO)Y*7MGV?OJt`|gkY?;;*8d@b&}9CCo!os<l^;C*e4
z96P#fiwp?ig<_MsZ2@wU23BAPp+o5v%!|NH*S-}@BvqU-z}Mw%0;a(*2=X`II24<?
zrbNML@fh8j%h2mcpa=qn*BfNmrE!%aOON<YJrF~*4NF_qfFt#_eofuH1pA~Svj-Yy
z0g!;YDE2-_I#wk=3K8sof4l_tZfn0@zq<ykmqE~H8jWo$Kln%v&phpCe_;za+oGri
zol*%xY}MBKch<KMx|gX{X62mNd)x-~`$;r}P`(qTw~zp&0#e8OOBAfIak5XR9^jNt
z>p8rOg^pQMZYgfLX08R*76|q1Av&~^((fvh+oTeTngD)j+Hco>5pd0fZ?|pi4Uk9m
zaXlov9;>E){WcJANsx*JVtStv<&iso=U8QwP(|dcR`(jA8Yw)sokFmj5=u&05*Eci
zXf=%ar-X}g3H|Ip>E+7B<`lRzf3pj>yjxQ!HS~Zph21w6Omu!p&|Qet{u4;Sg})0E
zRjL7&fESeRxH?v);p1yJ;ANEsAUqNL5MYMB4g!0`DCWn$Hqx=?#)WdoySK2TFWW9b
z-vQYCD5}v)tQ`%oJ90Q}VgX24FD_P=NU`^TEb0w-5V(MozzM$U02ifGvgv3(g7gH>
z48d^C-y>HCXGiP9QaVs_8Pvax7IeJAt2oE{FO`sr0bbw^%%K`i2%%mQtCz4<tFjKO
zi&d~lvj9l2KoZ%tVJWTuiJbgfH!VMJ9)Kd?zu^-T1Q|SX03)Q^?p8QuW-;flxI15g
z+Cn9*qjv6X+82CPvQg|&bZ{)g#kC=2*wE^*_A&uik_yVb1a8RBD0WsLwkhzXR!6$X
ztE<M^+{1udS4Ljtnse!5<~@UntJo@HCXVB`_g*@0yzg;^WXOSx!gl|n=op`G&Hm_+
zPJ&XDy@hrnaxtq$Uji?;J__K;&+YZtluU8H2aGptSAV5yp-T+74xJ0Cf3RB{4X+Yl
z(LxCecKB<oN;j}tY$*B#969u3p~j``7;ZxBsA%)dN{sJ){RNki#Jtrx@OZ@Iz(8Bv
z>HjB+me`>MyIfZ9V3Ta8{q&;#aO4|<!*NsP;(kzZf$-DNjF16gR46uHC7UrD=$Jl7
z0PjG4EL!*v2|Ah@Anrg=SVuwo3bd$MxZU$k&=q6E`tU96<)8kL`~$SZ4LM|aiSVJp
zn5mz^eO;M<x^zHv;`t174zt#8C+<r$yKwU|I@~6>ni(~xnEnhsfbfjt)h`4I#m>w*
zF3qV#sO7;}j>w}?$IE`TB002h+k}Mv8J?a0asdi9;=HH<R(bEos3zKJ-j0(M6;yI?
z39d>iVUO4miFM)LW>w-`N_q^^ivhVVI+}<7-|WH&cR?_Y$CE)7TkgJ>)dK&7du)rB
z4hHx1Au{`<ui*SFwTu+{x<oP6V(sGWXI-2OdM&gd+E?KgR0cbmZj0R0coYobD0Bwu
z{`|^9{pCf^`fo*<{ZAO}98?BQMI6kkR)LWGoH|em0S-E<oK)cP^_Czt8F^ME|Ja@Z
zs$1aNidsB!;guK!kmy$nbjh!;=W29pN-fkAi2Qnxr1NLx{zBHwI%v%y(>EO}9!;2{
z=6A+#At@CYTA2EAck~uT5~w>S8`zbBS-N2ZJp`NN@XGRX6b!UMMAQawv|#es6A%@N
z_%0mOH@lLw&`$5KD<He?o}UL82S7YO!~XG9KyGhGfJ}E$o1T+I!OZ$Ej>vyAOM+Z>
z00aXB%AzuqN$!DETVhVu?V&fz_YiqXZ`H(mL4h~{oET3wrL-Af;?CyWZz7cHP)0rm
zAt}6qm)p?EQ_l;!QVZnD0TfAgVCGa<?{&ty=MUkMU1n3NO*|IjbLv>R95vU{*!uP|
zJhNFm1*~;ycB~Yl!k?i9%gkKMHU5us9X#<5mLI8=E%B`+TP=qv7ofY~aOw(9X4qRO
zml((mJLG-=Gm!s*U;`l`z<j<2cSEj7^1mheauL7INS}2u1Ue;At2h>6r+@_OR(lh(
zALx!kh5IXCBB(CI!)Fl~<q=k;undvs`Q(4Kr5NGb1ZwesU8l_*u;zG!1x|4(T=75K
zq5oe9r6mGCGp$FlWr;XHV?(hXa_d+QQKJVYO9`P@VLaid@fEaSBko!KQmSj+P8VAg
zY;1}gE>Z%V*?FkYPTp(nXk}e~i4M~yMi{s)*C^pedkzfnvJ)qTi)5>lHvuLlPV1GI
z&ev}njg`YDdm&F#dNd{IY<D_hl;2cE!G_b%BW!feqrpl2)DCi?ZG(_wy<oiRI?#5N
z=^w~$P(bc)fETHk&Z<OhDeVt&_pPq+LrNYz0Vj}}wZJn|lRq_0?HxIk^nz;5kGqq-
z>Bffo%;rV|#}>sZZm(}zc|^_qs#2iE(o?&*Xb=SVYv*P<t7Kj8OnZz(=q&+yblMVQ
zoIEmS_{|09>Rup)onR0{lpJz<5r`sRoQvL0a=6(i>Q%ZdK6LaB_d7_}s6Gg%K(o0A
zrv}<IlcL%pT~<^U3vfTU4Yx&tfVzC)4aObC?rCbpa*<ms<dH+pZLsDN8u&kJc1UA3
zrFi9gTtQf(-%l$rpm{kwUGV3rE)lW2;73(q>|)jcz*|JyZmTiIh9Y(-$UuG}L2H`1
zMgg}%rD$3>h4w{N=X+HkUfVYSBK@gco~9GBaRPVsJvH_R1nq@yQLsIF(X&dpvHr;|
z1kK>#duj>AcM!UB1&PSF4^co}qRFaaIXepW_;-Ar4fs~vxh^KT+G*pUNBi5)UNpIz
zM7QCpV0$SC3_$*;cxQ3RWK$wxx(KW%(B>b?oJIQ&u=jcvl0Xv0KfKuz<PU)pg9)Ga
z8X$DOo>wA-+T)gi@VCfA<Sj=wkgq_FSqZ!%QH1mGCk0X-QF9jyZll!y$Y+HX#*IOo
z&4PX$$Ah8f#<3b@Mcc>cpw(4T(G}yu)vn4tL~b9B{!K8Y8d0zoefR6|g4<N@AhGIM
zAevMRUdR|ku}@vx8gDsdwA;rCZ8}zzzZ^IYe@2x~2RMKu3BIFP6!a=7X@C`{#H#fC
z%u*Ncr~V=sA}j@a0MhzURHn0X)>Tjg$!##6?y`Y0%*jHv-4^Mh@PEcrdS?M*xOVQl
zyq&TaftLRf$Oj$b2toD}pmpMRu?eW&Za(F(qml<+$&6(Hzc?%E-KhNkTdY@NINw3U
zPM)wTDS&p5l?E(|?N^(*j`&xywY)Rl!(@RCduC3?JfOOVspSlYWVHi>EiX`=k9vus
zz7?q7K?`<lfw`h4MOC<%q+<n$N9bHIRJ|{wc6vs%uJGUSD%jivCD@>Q81Say>3xVN
zL<`DwtOyXjih@b?mz-<%^L*kBw55dqghz<iARdBuQS@{%R{7?=3*1AP0ze!@b)Xu2
zAkBZ#*CJ)f*2hGS6>Fn<qQ|a#t?I3ZcB*;<K!Z2<FW^D7TKJmI_>L5t(k~4%P-O}E
z;rw{4aidw{{|Tb>aI6xR{Qto_Ks$SI68Pwww&0K@TCn^KLXgtaP$&&%J}H%$-ytzW
zdl13h7D9>kkI#LlP-g>xDrp6~NGY332PAL^ykkWIn{?Sl)v62w>g51=<Z>!EcIlGv
z1<bLw)LZ+p;%^}e-U6oyKOjaw`?nk?z2Nfw%^?%iXw510{MSzwqm^&Uxm9tofaXM^
zQ+enY<zRflLhgU7FC?fVfiQc_#G8fb4KO2|JlCns<O6IM66kn9y^c}KDA2(J7N?KG
z3Uk>|rHI<73{wmFmGU}4W{!MmV1^ts#5cx@dW?SpxaELKc=j_0vU+e5sr*e_2ITUh
zGkToTOeY8je-RD#E+B^ourg6F*w%7qMG5o^hQ0`bj1>`$Fg|}nA`ie#y2XArB|(Du
zxqrR@wL@6Pu9-HvWH&E;jzXUQ!={#W2qbyJodMiw#l*$*KS^xaAf5h=m1eiWEK`+8
zLMRS=SkvZN1*CnyX4ci{UbcAdm^I+g7zIO=LVt<fySM>^7uoX}DZ}{d%fhT+*4`%v
z>a4t1f1@OFm9A(eDx*FN(Xn#<#SP`l&;-9V&EJ*7!Un@bx3N~QLC`Fz{@bmSv+U6A
zwkPpkSU)_t0jB3X%;d<3DE3zlL~x)U4)C)qLTuK@n{eC7$;E<D=ya!O1*S|T3Wi*d
z`&h(p_b_qdxfrX`V&b_)*1Od9U-fUpG0*;pKgm9j8<*550Jc%96SynTcL7XaN`fSp
zNCAeyJC$2CA2$Ubkwcvv)e=Cjz7mMsPhNll6WG7e(qq<Of(npokEoab2%<G#mZ_ly
zBk<rQWjTdZ6l06l7P$bGz$eQkQ2D08m-)B2|E-_^P{%I`PEdUofC^+tEgpbY|BJmh
zji<Wp-p03-QicW!ZBwQYMW#)LsJ2<=nQEiVwT+RXhz4z&%o1e^A#>(R*a(?tD%(6I
zQwaaH>ALQ&`?>Gm=Xu`zU;TP>eJ+XpJ-_F<*0GM`SnE8O;rz{L47NZQ5}!D~dRLi5
zV`#xBR|VTUw3a?X+bBFci}%Xe-B^>A?3&R%Ffx13`Zz2Sq)$_sm@pdb?$`KXig5xK
z3?9k_?3Dg=XKk+>XZ)(wH+Pm8)$3^UCiAo*g&Ro8BC(jf+_U18g9c+>dn5lHhwGiM
zWz$xoC&Svseo<_1G|!F8or>~5Mr5!~?NKX;YZSVPhwOSgQDrwOYxAi&zzn<3P?}*7
z<K1G!D9aKTFm8z5tmJ<HMUjkR9r)_+LKeafeUT-djp&}Uyjm}h!$5oMI4C{6G#|mq
z_yl68e*%2!<9r$!qV6>k8t2&1)?&4b+in*wf6CZ9{&F~kkn5-n|9buDwCegmqD`+T
zA!nDQk@2Ccj7QFyhi+S3LM)Zw>Y+u-`^cr)%wDyn7f_A{-BerVr9LEvyf-A+m<9&)
z%ENFhipmdQWhE>v9h3uePybTmKAVD1?C4XM!%<>pfWe@0?%yO@b5H01Vpabv^cc#s
z`e(C}-0T6!=zj)E#aDag(e>aQseCYF4%fh(G-S47qry@RRU7N=rhu&T@!AuK#%_9O
z-_#}*Bo85n<JSX12ksDZWPx(8z4X^X;mWW~;Lj}UffF)tnI5|vW^DSh5)GtBX7Iy&
zt}R?A5Lmi*fVW}Pq%W7?y0`5Stlg&v;|9_%+0ot?Dgaf{R0k;F8qZvPI(gYnoE<%B
zFgajc5DOupn^>gs&e)ji8R>{PXe%R5k0R6hAU0w>2a>(|_s%Cgvm*g+7_q}vdk0-~
z8lN~LPQ$9H1fC6y%i-!COM=iNvdH;&wvbrPtGh8jebp>SLYe`jDY-yP;Px3gtUDaS
zQr)R$9Iq@7?XZ`}Y5sCFo;X2Nlu#x|6`JN6L5}#I<eR7*ewoDM2+i#R&gCw}r`A8?
z<Sgln?2SmOyT}Fx`6SrM^yXZu-J;L}&W4tH!}Hj7rekVv`d*^q>I*a-6!5iT<~3Y`
zhRkGe6x|FCp2r<H(*!dIogS}=2ORR`I-^r_m;x0L{yM8Uau#?+N|fHr1Zh#WgQl3W
z#M}<t{NT;MUq!5T+rb3>rGTObul|$s!HK|?kx?p(kFvvte!fuz1;RFyqpJ$|KHf3T
zG;z8HLI6R?Zp~r-;{noI?6AT6Q64Devjrsx(xqKcg_ZCD7oPqRxSMTy5Bcx(UMQ7t
z(yv%hWZFLc88L;}(Vh+ai6?iTIl$qQEN~wQgL+OD7Jc`H32iykb9+!R26&7g{azAs
z^7yK-`C*WO!w*Szn$QA$9txUl=nPi4aT>x;a<4Sh#a-U4xqLPL{9I6;_hhT($GIx&
zNj=Z7d1QFBY;U@>-y+;*<vro3XG5?)MNK4(@{`g>UAv5;=h#CR0v=NiRN#CE522;X
zke0316wNhBA}*W{VHe%6x14KzbxggPyXro$S(<y+BfSo_xp_i1_fZ_9k;nDBw4SWk
zV5X+sZc4mIa$$L_=v9a80`-Z4#O<9Xn(hoQRo?qsGV!Bw19m9}1w4wfsOm#@v>XDJ
zbyeOC#wsjDxOCKi&((Q-$3KE?w9FtP;&oQ!R8|H(;noED2VYzOG8W^+Tzg|1WdqCC
z3ZTQOdiZ%a@M_D@6bSa;w4_jZ#k4$%-ff6o!&{D|b=M}eoPI9zE=lWcF4qzi<KJr}
zCmD=<kr(x(s8BI%kx*@%88ZJ1T?4UPNJ*m~IgPyc>1!6|@X|a0V>_u>&{A5U4jVcV
z-!4WZP%xM7Ls9tRTG-KdTkP7@*lQoX;xGP763}5RkOIDj_OHMwXO)YsbFOlRNkx;i
z#C^p3aPt-<BcN`yI>3dY{{3|;NOW+uULI=H7kQTf$Y_?;%!4FUjj^Bp<fXS9seprM
zxf|QRykiNBHP)$mgdm*=2VZ1#!f;9O-l)&xiHz^y#6jHAt+&Hz`8K9-GqjEBg8^uL
zSiJVxBQkwH;@i(OaEhdP=6#<{CnQcE@Oi2fl-z^y3PkD;LI<2G!<0H)M^W`2k7-S#
z`x?^=5hEeC(qgZDmk{M|vSJb-{TadyJce^OW-2&r_3soSk2@g#Z<NJ;l$Cppjg}Fl
z_8*a?U17CN<h-yDXT?rykSukNNQGE28w?rbVjMTpKY8N-NYLSrv~C+^l1QAxjNDY9
zERe1R&m>a~@rS4wd=NSWEu8XMHBiL2`8@u}^FIxdXZI4j4;q8Z>W1lBNckJ_n%xRH
zN^IMlMX47A(Zm&-aGNyfkeX%sUa0csYOHr3;(L-)W1+OVSo?q<((@$~k>H2TO<TcZ
zoP&iQ??+M8?LiejZxrIoc)Aa(D*Q`vhpxEWrE?$Y_ssQqv7#&Pbz^DaPm%c*+I-sI
zisNhh>rO#`Mo~y6m(2QXkArF?+4*}G0nm~LS%=Uow4`2~JQ9;*gl9f8JithbEHFoo
ze!qLT(9JtN|4D0v^Ylt9EuHV|%tK|p>u{T5>K!LNc|#LhPczxep5&<B@=uYs9s=z5
zh1!q#C@_PvC(H?l_61&3*v6k7Z%g))ENHJ*Y{S!s@EGG|%q}~vo48PtZe%|R^Tj*_
zqi$a%W5zV5Wz7sff3=LvJ&woZ3z1rP+?>~Up=h8`VaBTNmgE-cwI_s($+6cut9!mT
z;RO6OhDy}Fu;oIHzy{?W2WK7!Xho&fN46PH$M>7agG7evt-|oE^SGnv`P2x6jQaKk
zh!9JABS_mrWrqj9LlVpPqm+%t?jfzs!vG$E@0M9ODa?w74^(k#ZK%4)_G9zOJu}|=
z=ZxF~%4YGwQDbdr1=w<BM^}FGZ@0aTvEa%$7WZo#dj1o2zhy@oLf@V;Xft*oB5KgQ
z4Lz<hK{_b08@*w|v5B;FygkinDvfTc<pIblx!RL9Fg(1J#>7!InSS5b5n=OZ3W3OK
zL|E`s|4X1BaWy~98OCEyhb<j`FVRGP4>_YiiA<8m=`rS)I?$778@EzC=JP>_8Q3nR
z#GlJ<bVELUzgdb`35n?fB&n$2q~|u1ci#?ou0`V{>G7e_Rbe!NN;tpzpp_g2swUnK
z4yrC6y})Tgh>K*F`P&jUw6Rz%Fus$P?!`IbpJOh|6LJ<Y!7nQcp4a7Ob+Vy3Jj0=#
zVH<+uLp$gRAtugwwU$A3yHJl*^v<%^P8NU5`LYv1YqN@O0!v|?W<{#JR!|u)>FjI|
zWKH)90rX^WDplhpt%#Q|5}NOUfQQc09?VOwH$V0KENxhm$`?LLS`cyu%b`iDXN~R(
zU)nYqzTGgujL$Vc0h@dO)i+>{ffZw^O4-uOI-oN2?ew)Z2S^`(0dSE%XKg~xiAm)w
zd}2B^X<1z4*nJs4^ZZXNg#oZD>9Kt5XdZXH32@^FP<korl^R1)T65?audtw-7}}F=
zQICc=&f;l7XyJ(E*kczUhnw2$=!Wz08G$l-cYhxqa|5VNTDYlj_Q;WK6rLL_kK+pu
z=6s_+8Ttu|FbR{&oLtI6Q4;anxf4cRsIYd<-DHFi%TtY0UBEJO6O!d|LZ4QkykTNF
zM~s@uUvzG-S9_5yoAB^0y#Gs&>KwMs?S9i_M8a{?6NFn!@xN@2V=eq}u&K%AYJo{f
z+dP}$Bg+H#z%V|~i2?YOZoj<}0BI<S9ltk&@-9~!{U4NfkW|yYWo%1`XJa{F=nO=*
zKiLVv2P!lu!5K<+^g(aXFZp|re|yX2wmltIp24qGfs0MtdGxi*xkfR!as|F*Hov(V
z|I5`{U8xAF>g%aI>F05cwA?-Oq5r3P81XY`Vp}~t#9o`E&HF(VuFTAmc#^;(w?pqP
zv!hpvUYOp71ai)g;F^Z#SOI?w@VhWE<0{1mwp#ZD%tm5@z9d+0KYsI)kI5nVWGhHv
zQj+s;UgB=qG*{^k6~RN2LZA?#z*2#Z<3WRnY1B+se!)lF=S=x8kM`lOl&DZ|Noa(O
zcssqG`Dz9eNvaC2WU~u0{pKZ}U!D#CvIeU3@a5J$Aa(1efBFk{$7-ZBF!b#J@8e+6
zu}}~taT4IcSTQLWJGkOk_fJ}4+F7jjok9c>t7;{77^0rsTfmr}U)znJ<cZE(7CD%)
zqnnDFvOqJe>V@9r2MHsEb4P!3-F^Iq1Kc~263B%J6?YTLCKdQJQrmbFS4Sg0;`iHS
z@$i2T3rRY`fHvh3*BuLUNMlYFo?|4CrRAC}lH@J`i!z{{`;LKo4iWb;48u&JBUrld
z*Ml%F<}UKs2GC1jg67j5gD?qRi-z0$CKE*iDeMui)#DzvZa!00VMpJJ46`vgO-;_6
zc;in4%C~6|BEyXeV76QINO%1b069wl4&xm|MJyeDf#(?OlN<iTy~AyP9~k9N-}ayM
zL1qo;zDNkM7MZdS?GB@WJJWbcccy_dSkF$v+BEev2J`H-o1khqhW;x-Sm4=5hPEdm
zk{ZCYG=IR2wy7A^-^4cArw;^kYZdm|)?n#JYn>1dK@=P(jNUl(B#3wy`9w&VaOnFz
zBn(Od=|oQ!8vV((v6<5LgL@IuyWQUA+SZn-;1e~@@vh{FsMs`j7!z7nlPe9=*i&;v
z@Eoz(RFE9FwAa~Y;&?jQ|01zLB-XeNky5wZ$b}5+Eb$3w_N!;MY3%)|OTky$d@78c
z2f+RpRnh0S&DFY5Vd)s`k6=}YckCuFX84Qw*Nc_uw_iOCf4<4hzeKNdaAOsfFsXxa
zTRVrx1_8wvfpxyFnqRI?uYj9=+gTXYOsn%d04`-NVFz3aKmb0EuH(P?o46(^fiI1X
zNO}gzr71cj1DuREkhBzlPSZF^aQeL%I4PzphmeL8P-6(qf<SyS7Gr-q$q&w~c&BFV
zyL-qsU)-&~CxP=38LIC1u%q*qc;D%0fuo|2Tf)RNcPnCMD0mEbGpfKkc67o9i0Ma)
z_QL&I&JW?%S)U&nfF`IVfw`qZFavhTQ!RqsUq=B=*D!B5T$xmMGlRHHB5B89|FfMn
zEVd}Q`VU*l_Lkof0IkH(5uNx%U`c2QhaQkY#TYWQANu$9qB?7u`mbC1tXdWrtm5Tx
zeWXwrn}_Npjb!_NM~MO@e7@F&HP}w=Ux5(3h++3^#FVb8f?;T;C=<mMZMz>O$k}8$
z=y+QW*K;1-b8M6QDI@Ih$sO5mmXmag0~LxpPWez)nkn2mQnH#spDV0b?uX>4wh#yJ
z)%d1ZK0hrs$lv~;PZHc)Mhb&q{MyBQ7pb-sZ@96JvW5uwBTn9V3l3tsAWXmuPu~k~
z05rckhySYi=_PBm@M-Yhs<Vl3Kl6fmCj#bZ<;E~aN;Pouva5CzId)@r!-a!0SI)x#
zJpcG=AsCfGozwE)^gdEy_09GHw0Q0sbfp%XK1}S+2dnMPjAkTda{%0<iH3<7w=b(h
zj%2XXEYpja8wYQV9n5X{!rrh8#m(r=`3Lb(9tqp~&cmDb^VZ+ySi1p|?3KI}3KcCY
ztM&06>VX8BDM)(&3d*J6du9_Bj229U9B2w7Ro&Z>;5mUNYJQdq#E(^>&%TEL*acuN
z0@ze;Au;p{O0u+))W6*l9I=VxJBgqlLLrYd@y3eqzcCNvV#K#CJiv7c7@E#JrG-b=
zkzqPP?2hna^%XcO!4m>y4lq)pUZ1w@A~~ZVC7Gp52TxNF8SJV2?jg%1-EFtY*}dCP
z*=2?2Wu_~n7}RCLt#0gd4Ai{ZeILf@T6|2&eUX214J8NvCy5WJExr^|7WCkh>i@Wn
z0scq#9VrwtrL2*WdSKbmSM5-2=vdaZrKM}OHh<F$Bzk(kuFxgDT#uGITCDS~n7&8Q
zzOq(C1>`hTCtB5T;I;+55np~VXaM0x@)9|H<euoCF7}`Xvh|-PJ78j2;VSbXu#>s{
z?${4JyP-A}wt#H#cz6Xl21lAj&R{_?(M&=*mg*SRZh>BxBuxy>z{ysa2EU$2FE=r&
z=1+Xg7qI=<+<=caO<#b3d;4Yl<^N{11AT_~4|rUk!GJx5!B{g#{-i(67zu?uDF=8I
z&;D1Z-OE^Tud5y<Xo6Y}L{l?;FnA*%?CnZXP7aN*(Ie#CUO$+}C)Rjh>`Q$X^8&j(
zPNvTutP1UYg90pnc>%bRnS6|0c4M8HRPt(nJMDl^oIDAI)?H<a-#&?Spy*QbzL1}}
zqwA&#>P6Mnqp;2G09|iqhsRy_3%4cb@&6>_nUIDIZ?8=Hz#nFzO_>C!$o}LSfVE63
zNjr>nzIQ!b-DJu(>T*n@5V$arw?aVr|9_D09zK!Tjs+^aJd-K<>>xg_{92O>5z3_k
z!KKJl*GK&u8EW8*1E8#260HCSQ4J5s1rs&L^E(_$UjWQOGE;My;#||+@R+2i=@cjp
zD5!G(Oa*GtN|lld;QSDwMQ1CzqcZ-f9(yfSvw@lxn;N~gWV}u~3uJV*73$4ZJZ9gx
z1Po-^aR&XtCcxh1(`5=z?PNNKv2wDow$Jc{5it-0v7!R9q^3)r;oLd#RZCqO=(Wsy
zcdQreApZv>cJ(CTK!=RKJ#+#4j=Q!vD!&yyYGU1&g&$6U;79)AS@)zgkzpY5(={~6
zeMQeff;)zN$Xg&Ihf@lG&aa?r?<~uD?&g6ltz18w4Q+MAXG?CKGz}BxnGl2yx1QIz
z_LW1~T3N4%6144aREu!O^bxpI_3S|?{K%Q7Sof5-rrF{-j?Nuv4FWw`*KEQ>E6qcY
zgot1KH>FPDyh=E5ua+s&q;vq-deX9ON2SC37nP2@+xEfZfZsDj+((;toDRw5&hMeO
zF`O@N4S^C{ojLsd=-Ia9zcso`b(0cKA3q&9FwS7B4pAbx_v|MJIb2K4cAH_#%zw1b
z1q$#Gqju2X&eZv<%vN=iV&KA^0)F6K!fz+?A#A?Mhhb#|c%5G{`8u<t>5$`@9qRXz
zlsH!c{_wz=e>gn^N%oJ{-+XI2c+KR_<8XGkm(^`xrrQC(r0_SS1UH@n1HU88ZM!;9
zjK95cWU`RO(O>t6^HtDcgKTAMHtWdrYr3H#9a<L4MWr-dPTTd_X{VzOUhmzhCu#XR
zEp>Tqcud0T<gCU8V@QRaC!kjPs@jzs2T|Yf^dZ%MXmWOWUkv^&@Wm{NDcLFSh;pAi
z_Gr(%a;AaD4S~6Czv(jWG<;%`3%C-NFDg+mYHg~4N^Ly~wgtY9Gb4LYxlLnH|C1KC
zy%a}V2#PF(mfxK6A5jin9-N`W$R*J68jo36ma)(c+EZAtN8fcOYK08@DaW(}NYZ~{
z-ozV}surl=ZRf^wgFq@&XDL*@ROC|f7)rO#)P$C{=uHaObV)R%aYmXvl7ILU#w%sD
z7di?_+S^#^#V)VMmEg3NhO;i4<W$QBT&fs*t;i<)i^v+?bbpeMm?=uWVb97Rw&5x^
z1p&i28t}rA1jES`sNli-Ho$nqK6@NsOpUvR6X!7Yx>G*-yyJ)*ZZ-!EKP@4V)BNBb
zyC&wGVjKqUeKv7cIY6=mx~|@Uc+96e#L3(7tb{WUoWjdPj+1uxT2J`_FFcTye%jFa
z;BU?tSb3(;LJkVIhS@Tg9~JGywbR7z2T$r$xpa3Ea_sL_bzJn>E7c)I5Yke0JquhQ
z71Dy14LvvxPST7mqCSN9<Ia%e7!Z;mN?S!cK+XS@+Qe}>-Ff?A!9M=C#wOXzuAscb
z8f%ey%eOzMIPk@`--DtXLy~t)806U9K#%Eq5{oFoz{Mct6d&$2QbcOof)=7aJjO{3
zy^gvPMEU%59UFT7PKZ3uIaWRxlGS_CaE3fd>B^@<xFzLXfWr6V<nJDns0|%^0y*{*
zjbwerck$>?QNUt3N|B+sg9>Qz7~#*i)}N+EZ&&pN4S0-Pk*U^pEX#82)!82HyA#YN
z&;JU^1$p4~we@45#VP9rGD44bmD_v-{oVI*{>U8nc)ZoL2Sz`cBo%bXL80~E#k36N
z<oe_vt(;(dKTOM=52SxX3NzNETJTXroMmX(L2kPrhd^iBHUopx7IW!B?c^b_Q*qb;
z!vQV0pk$Ez(M51GJ#vX9OUqIZ_)KUX0!$yYr>sEtgCTqE=yqEQYE*FmCy!&+rN$D^
zqk6)?XeAc#{yc6KHw(pmCrrU+$tA)n<b~|`qRF$<V858bEpAg>Cs>I$#0!q&IcS}O
zI2{Q>GT2t=t{~w#A5Q?z{>a3iLxrsu2`yO4VE*^F;T)%<w_o|2X<x><fL3rYvXWCr
zCI7pvkyRlE#jpz%A@oWo-68ESzZz7pCrfJF<#9<M1u3p7(f;OrRrJt1yzd1(2fTon
zaB)O1Be;AO>n7LkKotdTRiuzs`Q&iZPD4p0Oa~^po&m;+I3@2#%u}5OEvu}k{W8?9
z*))SYX5aHT1wlj8fsKbZGC+m7O#{aI!e?U!oho3NefDpH*$#-^Aw21^i`XzL8>oHT
zV@vs-lduYf;C}_Lb!-atm32{#LXF5B?7HpmMgHOM{h{9rBG;nAQu>OCof<VNVxt_q
zrw6c$4XTPGM#9@LR*43~@V7ZlA0D}vd0Qkq{>A*+wC~1U{!-UZebF2<7EaFR^k+%{
z!>*wZ)01!-IVyLxp5$;AE}(54T$Mw|uF*hL<0mqhd)-4yKbx4lk~(=tsD&-Z$5<qY
z=8#w94_~CT@0-z(OXW8`#25uh@B4Ij<@6ur{6Q=@E&eX&O_Cq6k!TENJcRTutJXiL
zUdS8_7H?I!GXByEm8np>b`e_Qgj$x3^r%p|!$y6=H9%ed-(gr|fEItbEcPqB(iw=z
z*KyjRF}tNJ?cax+N{yE8Mx`@>8(!%B@u^ps8)R5ILuO7QL%Sv?sD0s7SP|p+T@cu|
zNsLwZVY3Vnwf-YO6&nZAMhM{?M1$HNWEJZ`s=`l@7|R*F>tB&uXvf_y82wMe>J2IS
zl7ia*n+QfpICR4oDey%eI1nH%I`)!`yDhIZ_;gpofxoA_l9xtF8b1cEvdy0}z2IEd
zEYO)jJ={xl_A8w@LS*m>hMOdz`(u4Kgf<r*_S*EXR|rBAI{V8~tjfQ5NVYE7rFwuJ
zmqgbdz+>LA0Z$Tg5T7ZlH5x2<i1>C*!@GbICD^}62R;3}P%)FTd21_9t$f6&uZ$`%
zYnv3-aA58G4Nys58d+UZ$+FWWRVSw(t{kp1l59==T<GYD6IK3jNRur@r3Bp~l(gid
z-qfM@5%=B9MfC=!f<2}8h&+z%*C|{yIo9rh0Nlw3@>k)B55n9GkJNUd4ttMp_RY|T
zT}~^>1cj@KtV}7Fa`v!YcM4b~NNv_V;6pHZ<s`cf@R7E@F6G}i+yCGx+iRvxkDV@m
zhR1wU@wa`f@dsG#VOPku!yP)`U_T@PrA)R2`NjdZT0#OT+5FQ}_RZ_w;5}W_r=+z2
z;x205L7P;WBeJ7gLOUj)f8q~YE?ngpp6>ZCRV%V_^tFHP+s@^WpP437VG`az!yU#*
ziC7Gb^B~Pwpn~}R1MJZ^Pm1l7>Q6FQ6a1A6N+-`kslE|~h~52in#oS$0zoKch++N7
za}Fyr135G+2%<&nll{$`MslTOe>x?G@hW;<?6nsXF!G55f5o`;JkbMOZC?QS{^n}`
zo;X+JZn}?T3^0BpyB8c6^Og3=w)n(q&0lF;zQIs$xu}xpDk(mx{xI6#o?EURu8NmP
zSh>gxWWlcO1pgO$>wrm0+vbR(M=A`)B;V=ZEpm>>wgVjdz8d$i*USE-G2^8cKo|ZS
zLo2kbft&XA3fK;CJ&w0>QOaXRMeW7$8~@iLmXmnFY~5{~W%-3Ol;xZiDnK)nq$~?M
zJ?FR3z(wlg$R!Cj$FNjP*T9gQvV+&)d6zV{pZC;`gheu=AK6xR{|}4p6%wnER<d29
zPiC8c1gpz(#FB6sGIKbzqBTMum(1!(2UMkMgi8Shim8Vms1tD5?)lxoQN{2N1KB_z
zr%w8So_3m*vFF1QilpSiA#jd)Z3p>vDwLT0TzaSM!F%TNHG0s=LGsl?q`_D(N8O-2
zRnc+f&-RTuhzb)iKxRedH4U^g)FT~TjzPnUFw%<D!eOxZXHjl?|6gQnqZnM0sgtHi
zig#)E5N8uKez$6nOfW-x|JAqy-8_jh4(U2xdXy;1-#%K^?%iveq(QYQ?1CADxBbA$
zX?`|Fk<7Fq?C4-S9NinJO0w4VF$?#Qbr;3g=YzIeS^mbYun)BT>_eyg<Z)F?{Bazn
zv0$III&vQCVsk&C(4s|%kkfJ%yqFO=B2)7JR*s)@CkXXf!ytZbanS&y2SvY&@m}!Z
zNDx4+Df`Pk3mnAXA%5>4v97ylJ=^9c3B_oUL7hlV>e3MryP7b((}w&n1(z>8U6${(
z+Hc@mAh2T!`?C^1_K_<P`p5n89Q$NJ7O3a}TK@fIJ7I$6IrF5?4*>#Z%Y?mlsF&#B
z`a_I5s{_1)z&+w*|NisTuuabJJ84UXd3|*hjuyI)%-nG_*utCVtP0*oqGHbxS|}y0
zTHXK!N0AP6e(HnGyMO9Y{y#Y^?<0%NKQ90G>e~Z*K#%$|X}hO~ldzi@j2MEhl)T94
z(c?4Q?(*B<-Ai&|B511UW$08vB;8%I8>M$Tc4t@+miVU-^+fw<snuy<RHF{H%)7%d
z<6jT%u%p?|EnMGe32rsZgKWyI4-dgzX}W9hj<6}I6vZs;09X`y()AMwz>&j!wa<ae
zr*Ml5`@i;pX<F1{S|D{#ae?#cKgm&I=FJ6$xh3F=e6(fH55<Z=<oCCSpMhs4-6#~|
zdU*N?sVm|C7UBMG^4uY3w>v-KJG1%D7eQeUURlXplq<u(8rFI-{N^J?WGKO3Ql}n(
zZJ43?KhMq~9W%+(z$*4?7&aMyRfb-2>Kw2JqB=AI;ic3pwUQjN6njt}F5f#R+rML@
zPdAZ9E6#3S$nOBv=iJ`?sFX<Ftv;{|-w(Au1GgXlsY5}Jg$w(3YnJQ3OtK4N(N;Df
zKTT$lz^jgE4;lY&;yu&+?>5fAeO@HfLb?v0GO5kCJ(v=;xivlD=1iwcUh~yWoU(j{
zPjSvvPUj$RtJMD1<o#lDdrrkOOSxV=uS2IPcYgPU3vw6tBq@h;E1qs;#}^K<vOlFN
zjU8w#RQloBbocB?Q@LB@o2PNN$IMo^)Zpr4@+g|vxuSe94sjO@R~&0H_5)jnqzwF(
zF)#uwmz<odTr4<6*wL|#qs9bHWo?3xnzo+jmxX4O?->pvL-$%+)vHGn(k9jgK2H45
z%h($4{1GY?Eq%&XXz(0v%GaN=y~x6UK%LMsbtgH#>$qR_X#SU}mKPJYmuOIutWfxT
zZ-t*q{lsw6fAl%Lgl{sjvH9|Z76m_mtSRgVBi8u2hz#Fll5X@h8{hFRn(M>K6*5=g
zG1t~Nk#;%wMB4BG@D@B<rbK;+*(b5<X2a0Ly*3Sk=6?79rH{_SkE+C9wTj8@U25LL
zjz(ntL}J74>_d652(=6dc*HB<%vSh|1!D!M6Hz78kz*~$ft3%pGsLx(0=bCpqT}NY
zKjpI&aA_-zZIzgJ@;JfMCHKXNC-<BtDt<nssBtGQ9o79_%xxbkWy_VEJ}bYs62)GN
z7m~-3QH|^lZ5ugsAOPuivsN-8`+Wu;bMqeVuE4m{)k=mr<(OE2$`2;n90@J1jiIc%
zdvp=<xUcFrEf9rtK7qrQMm)svi+=22NA?s!%Wh$k{qTuy*@6-w^u~&^MOoH;W6XE$
z`ewa8w>)A;%ihC%r9lM{YrzdIEVK)U(1O>HJ*sUj>&%Y!xreJzi<~aG@;&ACvice&
zO8Es;w^Q8s=irck>UZ4?H##0p#3yDaq5@99vz;K`$Z8%jV^zR~y0N2EyJkl`Bb>|T
zQn><K0#38n+V)Yp5rmdtrM6i2T_Ci?^JZvMqdXX$cjKS$b`n9GliSVyWUApLM&0Tw
z=xwHh^|%#6%<ZSYCj!ue#d*;l-J3yWWa*C_D2(6*(tg@D1$=b;%TiD}uqGq!q#VXB
z8h`Ty^)-Wn{HM<cFI{*xkHM+A7lTk&&>g=ukH;D);0E2;B<$DoIX=&%w&4>kLhy-=
zWlXKhZJmnnm%Et{?b?kbbBE6d%MhL0w+^G97#mxb^e;e5L>LWR7w%$=XbnyZ=8jK&
zz5K}Ss=SW^E`>Lvd^U1SliT!%kZP3C@lAgumm?el)>HeSRZXy0>6iEdkU7bYuq6gp
zPA-Ad!oS#9EOzKccY;6CG@qP}gYZCGFOdIxMD&M%uXbI^vf336w4ZLgiWVlGOs;}A
z_~IF!oj7j(#2>lw4fgwT3vz>s^FC~aut?T-&Fu++Fmpu}w*0}uB%cHPuz7wR`f9CW
z^eCy^i#N|7S$;s0LNP`G_dYsT@)^8$$6ISX6|~SpzL&X*8B1mIx#f0CVB)>n#>Z6Z
zgpd~GRcg{IRC~SqRN59sFAtykz012(?r@5EHvEyvp97HP84?`uVOALz-Rf^5I>SU-
zpM&%}8r;~9=32}&uUlG08aegg#_)+5uJ>56&O^!{I=olUS-QY>eK_O!>U}CcQT{MC
z>=$kI+HvgS^?Dn`gxV!46h-N#97XpX>ZW3O*ex@&NrAi>rdy}F4<jAm6fjM+zHEh;
zFhbEBxLX@KXUIIMN%e1ukLhsbrI;8hn4Z9)VK{@tQfYk_dJt|TMI1LJ_ec6QM=ZK^
zE8y6b>XKSdu%jK9J<f@+Ibz-_;K*hb>I<uW-ugBspf20D{B`3K7|VR~ee4DF4xmb`
zPfEx_@53Q)(t0#{y{(7(R`xu)wDIVN7NqGhPU5)A#O3=))1nb&HhJ9UZf36oj1*(n
z@qopI426g%i(wEe?KI=Yj~vGr`%opewM+cU{Y=wfbDX!{kLuk8qtf~a{#h^i#9|$_
z^>|pq3h{}Ru*}~CiBaxAm9s6dkpiaQ>gK^L)jn6ZRs}+fmvlw&XcXB&?4m|`SNbn_
zwHFv5Ac@b6E!AAfK?x*Hj3+dVgQb}Kvb8nmgYd&xs<4B}z8^k9#WLTp_|xZ966+ze
zGP1uz<<i1M5NR5?&9jp!D!hhVcjwN04?u2sJcRG?FtnC{ePbPu=lJm0mje<1mi1!O
zI&6wdPK&syq09SFYg&>L5G}kZ$b~|$j$d-3YHDVK4~~Jj-;&YnM~wXe4N$Xi90Vsm
zIjcxgLuap}^<Dr_n~H&tLr%rrhlp9gY+l2Rg)~y`_<WPu6yBhzk19Jl^4LKCN`qA%
zZ1nMku#RW(cc}<nX`qg!R7i8+(r*;pOzzlhgjg4J2rF{pXy;l7r!>55Qs4v>8@^|Z
zd12zP!57=5*e$TvEQ)djBI9T^G+^I*LA0RK$FN(f%)3d*<HXux9`8EuFqBH60AF9Z
zfdfm_U|`rx;C$r3C+JPH8;bXv@!rEs&VpTh(Td-AdkA}hTMll5im`y9A#}ZPLg|g+
zfNpqxkt8ydK|FZsEsr}4nPU(psCZC4kEZ!ixJ*2A)d*s#Nqr>*9fe90Y)^Lkkhu9y
zz--QzhMt<h7Tk8M%((!G6NXf9zdh)?y(3EP{hUPbWUGgl_q)DnWR}N8XAk82pQxHY
z3pmQcgtPe6lI_E`Ii<lp*w-PYIdZV}_4gKVmj3XovbjOpdAYX8h!xSFh9LZE>jK$6
zRKRp)a&nV8S@=(}03PBE2Vo#c$=i8WbPeG_Y9FiaWk=7MnZg;XF@JGv7N6L49-RTr
z29N!b_M;v6!uY~VADFP8-lp37laZkj)|YlN$I$ixsdbMP@Q2hWs7PpuYz5P#JI_QS
zFUoy%<Oa@6DXYPQ9o?L$T0;C`V>Awr|F~;bq4Ewb$}F?F7N2O6e*}J=wFtT>*~GcQ
zYC($bco;tMu`9x2_r%qD8*?;RfW9=EZe&@cym>+2SJ2uVmfZ(?BKk3B<cPNb%;8*P
ztf$O(hF(<n#}yqnTJVW2Mv}BBj|z4MVwjN!IH*TP_I^JrI?i6(e*C+^Js_0fFuiz>
zSgwnK59YZc-Cl~v_@3Yrw7NDg12BO%qlyu`xNtNzerEk3mg+-T$ENNVb7;mtj~=_o
zirdcu3lr`x%Z`aJKEwx+;^$7})VTzw<B0I%B1^~+rduZPOOl<xDBuvn+)f0|TrEP&
zubc@P;*G_D)aGK50HkRl<}N;wm|{LVBp%r2Ij!^s;1s!M+G2wXp=F(g#JsP{{z$Ea
z0{AtB@Y6-eDVYOTI^!b{vDqA^6xXESd5TJp;98L6XPMFk-hbsDAGduc9;c)aN9p)E
z*2Ajj!O1r*Y5_&{_@+yn3ZbPn5w*6eadZ)EqUma<;f*svytz}Dv~>#3e!wEfJ$$0L
zr!>pt*PC;jhG$2^I=)h&O6+@W*wMVuq)6VnSx{ggL>wRGIQQnxKGq}H3y6a^cYhII
zA<OuDAGtv(SwhQL^6j4x!b3mjcSa$EByjlJa^0uQJc<o7xsQ|%8odEMT^X(>l`lVL
z-i22>SR|rm$m|Qat&hd#J9x5s?5v}5C7(cWOL<)}+C}99*`yY1lftyX31!MgwcS3l
z9Vdk+!#Wrl*wI@_9_8(o2^hJgKz!mhlKhz+lESUfrJ({T^Y!4b<-NT20D3A9vs0st
zW~u1U6ed+xeHWJAWIZr}-c8CBYlg*<7lj=NLeJX9*KR*<Yc8yUgf+!w1kY`m%r31~
z(oOd)A@P{-Ebno4d58&eZ)pu~vtm_c;Q+`i9U;B+SMs>5K5TUn{zb;JJv*|o#pOJ7
z@0loVhsdXL0my+!k^4w5sw<Lq6+^AdqQt0n+`5^BqYF!2t6{f1t`OQ~V0Fd=rU;5R
zAY8>Z7U2`apsO|pb^`uA>`A+giK{x*i!3kao$-Hp0sg|3w?NBmPY!g3kNx)SOvjp0
zNNxQ+_*@Hz4cPXt{|9WXLJ%T8xgRD_J@geI>e`XxKk$ixq|mr1L=_PrXE2!^2HfO2
zK6m5HX71E>;-rD&kmKb;Q)obF2~>vTLZ!Zbq50sQkgv0Hujuc1IlV1KAbefu1n6d2
zqL5o(-`{j2Lm*UmujM$oXro(5|0kSqW$*IAGxMVzCvrP)OP;h-4hh9_I_}r^$+Db{
zDVs1=T%T*Ne7DF6s2F3JR`KAA=#<m>_yg<J?)t6$7B|)=-xN2W=pJcg<RWY==6Ni9
zJwI-H+06UL7H{R2+n$YDLUVKbmpgZo_?<S556uc95LXzZze$PQ3t$jH{Qh&Zk)e^>
zmm_#jOykU>zHgljCZBe3pgc?sZ$e_TBmJ_Om@Ou2l;rrXv!R%S>oF{s;Oe{^xbs_b
z2i{#zA5mw5AEf9gJg^V<*N?Q&$+@NZb#~W5cRgA~!!n;V>V)g_S)N=RWfY`unH9Rn
z@z=NR{PztKkoZ6Tyu(6`@{g||8rZ+=`{!3q1wwlM$DjZGLI1l(|JV@!yN~|&i2P$i
z{Qn$Ao)K=kA>?jcywL69w#D)&=)q-^J7q`jRGOf1&%aN0pE7*eo~Lqrq&{4G==7@L
z7R$MBOSjyd?KAp|os>hp4N9~;SC|zSY!xTI3{^5TaG+%~S08)tS1d;$c5A)gwd#y6
zDpXdyd1Ka1cJk-LtviwxO2cdErir1P*6X+dqnsbjSDf2y?;oK5Oe}id;llOUy61F;
z$m~P?5524ixi!6vOO^xeZ=Z8ceCk<<L3!Tos_o1+Hl?2G67C#|mpuDrBd^3YGdAs$
z3m2ynB_)m5nVE(&E89^RZ%EH?WKbkxop6cTCT-e<t6=Nh)s15BJa4n&nkmm#-i|cQ
zi{fHgwy&Fw-?XQCP^`?ofTs<^fB7uF5IO#_PFrS$J-L<Zahlpx3aksBQ*C|P*0lIA
zX4WY)y(H%<vr>im7y|M3(z`<h3+3>WDXHB3*Ix%SiYn?J&tIDCp3pXH5fJZ;<dpvP
z?uzcKf%=T$l=7{YF+;7N4TdT(Ztr%HK!ZV3=>1?3gs-Udk1q$8W;zT*7eABx>CTM`
zO8RWR?5YiB=`mN!qLA&h?`B%|9gd7I%i;^KR|;Jl>`~&;c;3qI=uOutLxyP07B}}c
z3Fiw7=Y-EV+;)HKD*2pFU}58vrB6q1eu@!&EaN`K*fUf2H2;~TmtNkOH*1X<q<aKH
zIJUnSYcuJ2#ATsls$0pyPDj7oBR?|ir<cq3SGD<8Gu+uz8((Iw>!w=>Vajj$^)j8g
zR;FJoW_Q`R`P`;&j?A^2jveJ`d0qDA4OT_A6ZbU2`LEMp`tHp|PQ81Pn1Y=vTaz_4
zFAU@4m0S~sx?~@sRZfmO4_-%{w5Qqah0zGkk-DcUy8Mw{%atoh9wrz32i#jPgyvpv
zP7xDuZ26X4>0!5!a;Z+E<6})tfOHrcLQZ0Y@LX-dsv`9$GlhRCzq+14eCEsh2PPX(
z2SmT7b@fM-R;co}dHB(BTqi?($q1v(dN000GiAG9T)EYYW6i497ZcsewK(h+f09pF
zOJUASRYm_701#Nnhe^@LLVp!|Kkm#LnqHc3bhLiO7v4}h;Ir7RlxesUNy98Ns_O-J
zerPYGJmFM|JY73J++4X_avFi~H|h~i&cD{;eDUJNWTPy(&9a#FYAK^!=VXc}&%Wdg
zD%01;e0UP-Y}<C}(StYqGBWSSypQsl$Z=4tbP|JGmv0g=v`^05KTd{tp#Zze-+R;k
ziDZH8)z`GseT~EIp#xGw4paqk7B{z8SjcfpQ+oOlr|K#{W%cDtQ%h4I*f42YY0tQ2
zz%eQ#&D(D(L~IJzPR=$vmHw<=jZtZB<;x-6Q|2`W=9O1fF0TXBF`4S>yG?xfqsu(?
zTlM}_>&fiJEXxJ%`e=?)&a`XybD?fRn0a37S6rHoLEb#KI%M5Zk@FNbrPs{|lbx?8
zbDmXw{T!0WBeLm}J)Rn`Uo5aPxiG9#<SGivwfru4*S^V(Ym3y{Z-oQ})nkk1T0<0S
zb&?d>b<<3m=&0<l7-{_uiRd#{Z`%q91jT`Y%D|L6=lIpUyom4FW0rf6)gM2uIh!;g
zdqkbDG>a5aBEH8DI2}STHlo`ak0}@pdL-6jDEd1Zt&OWFo}+D<x@+(Be==N<W+6w&
zS)EDH&@U*PNxA7(b-CQ=Vs^t|%NALtS&?C2FtY1Y&w<6(DeZgRXAy`m${Qsex^FL&
zMXqxPF(3LiXrPe%s4KAa0K(TfT_JWfWl4U|LdN;>7&6CNtGu)e^Cx0tM(8)nemc<;
z;=9yP4nweQ0^e_VzOs1uvS!WP*frhA&vo*%S5&~@mcQgm2|9dgFe{M7Q%OJTqhhGp
z@;49c1%K0`f!^+siWlUwicUUxR*f%@J!hI)xb@U5DuJL_Lrd;^^Xu`$c*;!E%ATKl
zv_c=z3%rJ)TOz=E=&F7uQ~0w&^rcJb8#9es_8Aju;tUOxl$0^+1HsngLI?z7TYFKw
zZpeo{RRh#YT8)!UV;*j}_@5dB9>ML@jU`hrYR&dv%Leo>HH@Y`8!`NCxWIc@3{$QU
zYh3j?@jJhHp);vCPz)?_bI6?T$wS$*%6i<0nRJpst}O+-)Wk0xFPiusGW_U?XfU1b
z3lql1&FM^$0y2cJZvKtIj|LT3u1j&APd-<xw5X3*HJK$maxqFXjICI^v4#v@qM7U)
zpgZ}ja-0WK3@etd^TIA>9flMX%9uu;HhlT2_j>DG58?{_Zsc86o28OU)hVypo3aC!
zvS(*3i+H?EI5{~_O0MPR%+2aN$Mc%J^4(AW$?^4Ef4Ro|Jf-!FFg(Ayj!xLorqwh3
z19(o|Gy}nYQ;2kC^$-S`#9w1xXRkUvm5Gt*%a<JyiH*Kk7h3&cU=Ko0(s}5?reKkH
z$&12VtHy6mUi0(wlcHbF4{Ov)1xy844d@oG*~cs{*FJh2EMBjdrlY<xG+g3^K(zX$
zhlghK&kdH!cBI7*4<E_*ob%3}WR^U$%Cfk6;MfvjIGgbGCPN>KCt)S}Kq#)LZ^py1
z^{E-_%3xBeMP3gl*C791gg*;rd{=b)*x9i(>!%bo9$mOh(bdFg!G>iGA?YPtoTtn9
zXUzheTX~#m=i_V~`WU)XGpxOu%Bme23T+2ei;BuF7TD@(hRE-sJAN#+94@>G)}30c
zH*O<-{~B4{Dd4DAE7sWY##?~?BwhnfL0f=Yp9swJUz&T*Vb%p_<_uEWRo>Op{}G+~
zGp$_GM*q>7$K<hf#Jej_*4&JGvP+G6vO{NNzojmlk4&7D&w0;f=5}=3b=$8i4RJVL
zyll2j*Q?hx;_YIE^rwv!H$2>g!j0d$7pup~@GGTjCq8=a=@G;^Q6FyLQfV8;nWhpL
z!6bZg{zKbD+jUWkc1((9qUl7-h%5DEp8`#+g6(F1(si>tUHO$aU+iLPFN$?|rLRrT
zAEw)R%Fy{oyY)<W4*IF=rq-00-O{}2E`-G;HKwkvjg`f=rLJ(DyMRCDzj4hB_$W?^
z+qLjJs;e#C(Ir8Omdwn__N<iLWEFx{-o%#|!@XrLfoASA<Qs02K@Gz-!OSVKu_BjM
zRi6a}JxkC|ZBAEz!sqcdI#73ZO{@Meee&7s%@d6)DN|1whkh=4T%w-BoO^ImDZ5Nm
z&9>8_HR%{P!}%c3z?GKi;vr96^QSdSq8=7LaMw=KkI_Z}B}uQ*XL`SKl~0$;=%zM5
zTQWc!4W%~A+%a4|Fxpl>)HPY%b(r<n+e~W?7n>pZCl0R?AplJQB<bB;VUd=ew~ri}
z%I4QK5zWxo$~kdA$ewztqxJq^U19(vNKy_g_mD*(qS5o$?(62<VZ?Z~e51E<bMfac
z9mrZoFSe0D!<%I@PtTa;S*Zj!v-S9#O!Mp}kEx9bGFx(l@8w62RcK~YpQZP*0;14O
zqoaM(xIT-HtGuZhTQn<d1s8`{a{y#4XECY$dh<q0sCiHir6T|b7aN_H8UZOS=`4pC
z8=K470XZ_Bv)2ZC%Hy(6QzE|b?83=$7mU}M(;s8aCOp`uq!nJ@ReI_eBV(G4ZfJbj
z>b1^Y_5(S6`y?(wY|}11nsW91(|pIaegjtsJii)N)h)4OO=-~pf=Wa)Bxm?_&QvmW
zX1pNtDzW+UfO2giMw2HyTw;GGT}PU3b$+>gv2gn3te_HCyX5yAtR1cNK1oKj2*i5;
zd6y&2stSJ8M%U0CpXu#SH<RvNcWEncW@Z+hPZLV9mP-1#VEy9WYR4;YwaoDfBd>sS
z7SmI`IpGs2%Ar%r^j(iNf<^76u+#n#g6nFb?Frs$!~JnT(s~9wS7Mtcf@OuZG|sID
z^vU#1yOyv0k^n%U6pCY(vhE$qvo(gVaHwbVYCJdL(=W{LEhyF<`egocZ>@Cm$rc2n
zsABV*si?!{hI|3^vK=49H>Qs4w9<8#E)I>d*Qf>Wo07}P*ID(3q~flhBSeY^+vsE@
zJU8tdk3Kf!f-3K{S392J(eWrWNvgD{O?I7TGI51Frk;-1<Z_%;;Sbc8ZrN(Teb<|w
zx5X61aw<KJ+)QtpF;-OmC1_G+aFrS5@xfj?BqYS>%(_CyYqJ(>^Q>p6_H4IfOH%{Y
z&J~eK5Xxh%+`f-_l@u$HTh<*;hF3B9w0UgOPdr{|;9O{uaI(rP)rrG4J!KDByr;Pu
z*SJw{S6e)fbfk<3s4o>d+|Dy9D(f+DlR%R2g?f$YS?Z-D&6UX%OSX)(T+1^Zs01>!
z5-FE4$y!An>Q}UZM7(%o?70`8X4!+Jk8{4kG9vOv%;To@<Brr&iD&Y}Js!F<cVyVp
z#lj+KcD74FTPAwMr5wXkme6P1Z(-u-J=d7pkyIU*#<I|qQAd8{<HwJa53dig0T*%g
z9bJbU_lTn6=fWA!pe5Lp02#Pbv0ii27BSB~YF@7z<+(ncxKxv{Dg6xh_`#cuUrWhP
zmiz*PCw|?3oFdGnLf4TpG!}dB;H_J?Byar)gH^P!Yk;>h>OGIEkKhfTwDnl+2~_)9
zW9#_t!lg@-ZM5ck1HEvXb|cv6XpoZW>nt8k`7_~TESmSRmi@?(l2voH&W7e_KVO=_
zD(jLU<5;oQpE*@QOOIPx_9qGSxlWAd5D#7qZYoMO^8R9K`s8LJr}Wm3^_m|LcgCMY
zvWS+a95{A*0^&u=L|KW8O(tU-_nw#Q2w$r4xUS9X`^C9AImg>4@>1qf4fCv88k%Lk
zIZr#vHi_I{M$!Z}J(Es_@WwbK&cVU4^l6y(#+%1;)w~_)nue@pOF<1@#)X?RZMNyg
zr7`=DDbvU&QCU@pOekpgP-3*>b8ScSyHvl{@atb&Y_9N=^qBUakSb`jI=d->q^Yi{
zVO-y}DwAon9M0SCJ~JmAa_EqU{Wo{|Q~2iYh#zaa5r~RO{5STE@^zZ=@th-T*Ytk)
zt=->0st*8-d~mkObc>+@_9h=**702*aH@2An-!h;GByUR8~I<f2Rs(2t<z7R_>k4-
zU~fkP1kF*0uFSWZyYN=Ky$fqI@EnGB7W1nmvc?0@e|rIjzi31X@O6poMsHsm<jk?c
za|kwfVD_TBUppR+?pz;eX-QKZGOH8kb)D|dh>9{$YIXE^eYUVGL-(Rs>FRJ2DM(G^
z9u;(be%NVJ>d2F{JXpfP)h|xrX`Lo6G0u7;B}G%qf^JjOJqw|S9aB`dz9;LL2M;*t
z%gf&bu&dJ8x1^m`ucn)-blv_}!@2yQk2PeU*+@e%@!{7++2~8GxqUM+D<h@qiS!<c
z?l~W7epGDi?Qr{U5T4$zlbj)<9XXh&ddzE<vA<7ZOVF@H%XF?pe<R>r(h(jFMoZV3
zo@{Rg7U2!Ua;rpruhs9vL>{XJVqN&;{nuCBcx0JNp$wZDaFf%zwvTf}`^{cjX5Bn7
zFWutVne?`#yn3DT4v}4LP{!&*4lAEzMX)VA2ny1Pq!D<sL>*h0rd%$T-t)>Yz1=pE
zLalV7HePSCzxaR$@nNJ|tqjz?ZE8XE{9UiG1AV$10n6#$3ZA<5pY@E3=7g7Jg&dNw
zWAzh-r{j7HF2l)%h4VJg)6|xY%gnAceF;C_I-NFAO%XPK9fu+8A2p9L4908gZk43_
z_^X`3uak7KS?!soYLN5Kc3yAZFdMNc{M?x7nXxG_&<@8vB`xjrMf1+55L=*3JUKf_
z9Vb_*p+qb5DSE}PcZDIPRW~Nhr17ZHe1lD5(11hN)M?c-ovhx!ESH$i>A@OW?6>q@
zS~}4-CtObP<W`>`g3W1iu($vUQ>)iJUh!UIRg5W4^*>vxp5c}vH)5tHy3S?LBIHWu
zH`}8n?-1Ww8;2{8h+uj-XACM0=E^t2G-#J;r`sBxpZqH4HIG_OEgLh*y`ZU^ez`Ms
zv*PC(U7MWLX_K>0HI+}Fi~A-0<5Q25$CzKU7X-kA5+pP{{kUf+TCiQj#-KJ|*0%Fh
zx)$$kk4Z*zuj{8OWd&9zBA|+LDVE%$7iuOg71f#QE!mep_@nbUfF3T)#;X2c*MV%W
zD|~sDeS!s(=LqAN)v0V1(XxY(j-PL^e%3x+mKj&Nq7<tB>|FA)bO6&-s7|8MeUV^1
zfMd2NEV7#G%d8@u3u6r#(QRf6#m}Yoo_m$t;N8}ZHg8wU^srscwhi*~$y!%QtdX&Q
z4F$?%z#6=}Ov6&825-a6@do`M`_!gqZMo)pv707Rhx4T1ZCm=Ya9U4qD40a>LpIFf
z*X=j(5wEU(K|7?*GVlXVY)P7~<IG^`kn=D2JtFs+&2BHVlOgb0d9h3Y-;|W8cDc^F
z1Phuevy}fNv>ah_Z{7{NtW#wFwZXDtm$~m1HEWYDu^nTxIVqUt_{vwEadTq3d^I&S
zJ?``qbk?7?2R`?jYa?xwbyjaZ7#q>GNgi14tp>qS^C{iXK+#OM{W*pxi{9(zvGptC
z-#jji6lTUSHSlanW$vwwPHo<V%9@%%rpX}qQPAghjqAsUvi;^|s;jH5-@QREzT;@N
z9yage;==LuTqh``Xuh0EWf&2H3MOK!<PxlleMwD@ZL<t)vo0LpF2p+^D2_KkI$8Ub
z@iF9hV&ZArs+5_UiW=%E2HO1;%Hj2OT?3eF*VJg~5eWRCbE$2ZdYr3F<Oo#zaeYOf
zn;*+|#n3yMG;zCUUiAxQeH8rgVFv)w*kv9y{WxMv&gjHz>06Kj=C2Q)S-RCf{z83Z
zmbFD=^~b1CC(pUMQ}T#|>f5`mKAd6W=?R?>DSh=e!hsD>Hz5ZKF8GI!d+Nw)b#29B
zQqyMp26WsuVB^LEs|1|knVHJ1=VUcM>bBIUHqy?TF3*4diZKem_VHDUcrmSn%xb@J
zN-nST!iT<;rRB7sYry54bScC5XPG<{>Wmf1y1xH_J7%teoJ2BN>r{nBoHDhJ=`1#T
zwBVdjUCVQ$=aFuW$3U-c_*t}TDwY=={|Fu~$nat1brQfyRylfhS$cjtHszg#@{07Y
z*EuFH-8C!MX%Ga1T+0TVQ+;+~q9re~^lPcd2dWtaJ^*@scX=fbQMS72j44)cY;Vp!
zYvq;da=g%^W3L+t*E7ve#L-$wgs(#B+ID-Z;?Rakr*5Lh4~0Ofm1#FaZcCrUmoLMl
z+<uHde(xSH6D_0<Oww2EP}v@pCnF|lLAxjszT%|f{n5x%)_dj<YEXv{2Q76CMO&Tf
zn{geO8@&^A6wpS}wTn-$Uz4~)G<Y`&R1T7a3}T*0-k40yQ_G`F)`2+TCAoUhYjxtd
z;EIYCKm{GX>VmJVkz2Dmqp-#)=gDKlZC^jwH+1bZuzT6$yjHRds71jx(P^MHMb-w-
z*Q{0U4ZgAYGX9PYIpUx}MYGRdHihWQ?>y2HHVHZ2Zk4lZLr#v$p&m;&9PKnv(k`Jx
z`kDHVN7Xo$3bNI;XA~7L1Mi@w?fEPJ!)j#nlrm3nxAWR3l(unK{ZpRE9Fsf`%c2oM
z6KC1n_8;b5Cj|wY-mYrB=y!2w*o8Q#oT?tLyY+Q=v4bc3cwbF0W6F?TW)~EoyE>ba
zAGg$?3V@>}*URQ_uK4vF0HUGRwFKhb5OR_Ej=CD}*nzChB2l5vV@XkZ#1uMhOJ%Lj
zQ<`a;&+(ip5hpF1pEoWdVAY(AL#|!GD8(#IOvO~*h&FR~$pz?EVAGXubIQEp4p+xs
z;v;%qi&K$&h9B*VoyG)j^dHG~Z<%Uenj5G#z~L&Ue^98Hm^|Aw$kQz9kNW9*g|yB9
zi&OW~iaYeCScwm?De-CM<F%zjb>3dSOY|5XcG<l1V`cVAnFen6%7W8o`4lS#C4Az;
zTMF3PMnS9?mb8iLuGFZ`$c<d1V}fQ{0H-;XygXf8nS}TRE)7Xt#%S&4=A7^guKZDI
zhCsajQa3i#N(x31MFUCf<R0mo8%Fh^T=hDm5yz*dmX5J@jL#p5!^MBc-xjHf%tp!b
zM6XRCrB^EVa&a{oIJ;G{#Qdl`6~E>&*L{6)CUTC^rEIem!{j<N9Gdh{11Ge!K1g?#
zlML~}&zA#VM<TVg-{rVGj$Nu88`N2z?$Ig!wp6nm)~3x9{cHXd#}@|1Loa6IjI5i=
zSVi7wh-(+yrlv+D{aRgMYM^h3Y_UC3>)A0B#v!>n*_zyN=}n^Q#1{%F1mb%&sgNC@
zy?&$pjZElag}Zqvm1!R0F7qBX<F?^~hN`+5dY6-bSn6)BO@&F9-logA(px&`yUZ%_
z8VU%-(AkniKi)6h+4?*eFLIf)DHqQLc!;XGlrO$sZ%N3~%~ZZ!iLTj&@Q=(MI~hB$
zagzGj>5Eg5LtW{>oLm}!ICyz%S-|-lk=JWw16#h?RIA>0BN^Gq>$z-a=3}mAuk*eN
z9qg%#wwdhAvf7UnG+WE)%grtms@^A|-1<|fY6-%2bp0Jj|I%lKZ@J#jwNy?6u%~{v
zE?CyR#X!bGO-`6$PTNM%Y~i5a0C#mMFH|W!%)KJw5y9~i$umB4xA@LFzSmkR&wI+5
zcKQ9Ubn~JT{f{X>RQ~b;452tqoLB_HG-#=;*lA*IN+knyjBt+XcZkr%^_V9yo7H9c
z6;uesDeH;cp?v2a$IzrfX{j5(qOS5m;hVFCbFdeM(?O~_avH6QGDb4RnWjkO=4^S^
z_2W@8PFc@A7R@kMVqq7pA#a+LdglSB{gPtIMlrOvz#$#hdHh4QN=crlRAN7z#J8hV
zh@)VkA`myFTrSmW{7OA>|A2BRXdCIk0a{;)&q|p{lijkZXv?Y0HcACcZOx4*<m=9D
z&u+`Uy4_ZDDf)5b%L2d_sTdB96G4`NRqTOP@Md`Jd&{cUkGVZjX{qDT2e99zV2wb?
z+kVS<>Z0=WxK75UZ_Xj8-0N-q(R1mRwRg>!9rOA`v5Jl)o~GX1$26TRgl+6Nm(rY<
zMAbf?(dI~f@%HRw*{%&PB_^S_MVby{vtB8Ol9i8&2Tz8586l|Nx;5Xs-h94!4;doD
z>04#nB?CbS6Y-ZuRaU>pWH?<KdXHI}2+V%9DnPB)ci<Rb0;#%As2Eu6=z1)&+(KkC
zA3RsAW?3$Mj9KQJ&jTUR;o2B<?l{!{l7*#>85pTT`&qi1{XSpbEdN@_t~ZaDsCvKd
zcrN*?+e$0YbaX&yL^L|;RFvHg?c0jKy<0h>LIZ(tZ-t7Zjp{<Y&uV4^HoIK3aeJ?|
zRJG@Ak+Vz{_1H}g<o$o_on=&1Z`<|<ML<$SKw4>#lx{>qy1PWAyE_Dt2Bo{ZyF*&K
zyE_M@8{TXF_jA8>e}2Eb>zTD&60Ysco@<}yasH0u+T+_}%j0;c44z>#jO6aZNHyzz
zqKF3XC7E)eLfgzzg$veTQuA-M)<!E1vNCFMiXhz42k5(nsl*c<yZneQrF<cED42b6
zTSA@xdfl9Eml{;g0>*fDm__AqbHFuQ$}hER&B<zerpQ0}9D;-nvJF)mxzT&`g_T*I
z!HiChW=09fwztb}uW)g<Pi6#EtVS$UQ*-jwGb@mB{(wahDHf$x?dsdV{zYFu^jG4N
zt5<`Lr@pD6j-+XYkz|Xp!_7c_S}h{PyR_jPFFUl=%S`H<a<#1s-)Y@;A{A_84qx^x
zYI3pTfl7kOd-EN0Ukbh1h?u3+?rG`P{wx(SYtD)D#<#Y;*+;l&dd0riv+@x-UfWpX
zHjNh#g`hB!i#Gto4D>#ddMX@bwcKG}hRsB+N3B%7IOAdNq*k>jhFWJvjo<E~Y5d{p
z3LYlt0m_;r%k(dp9Ym8Rqnb5mKi?bG;j;ZY&WFKIAr8BWm@7KBiW?_#_7_cD)ZwDp
z%y7otqR2PVh-7;%cWfKC25#G`?rScdp7mp}gxJ|7YbYz_s$eVP`FEs?AGsH8PD@=|
zbX`7&K&;3^Khsfo8hKjn;WG3S2^^<79xaw4Z@whyG+rnR18_M5Ovrbpk5_?;u2<!_
z)%IN^o|6E;x?+-~roGK19zPQBFfeZ{*V9(~ZL^cclN@$>!Ba}k$L&~$u*A}q>j^lG
z&?yd`GC;)S6hlcr$1ntnCqRF{Qlf&q;RF-xNR+H00pKWmv(?4SKEC80%x2#TJIKY4
zWN-Umd`;N+gg`d&!t16>E4BxQJ%g~Nn=q9#O}khx7je1l3^`&J(M-^R)g~gQt1|3)
zX*N2o7{au+^1x?*a3x;b69sCx0Aosek$UAP3DmcD<*vRhDXqdVlJ(D=yfulU^u}wc
z(7@+Ts6?a8xgL-RdYWs|k?+hMA@{Kvj6BkQ^`81C_9QT!4d%ajM3DKx>nIT5Fa@tT
z<a~*b+Zo%MPN%5sWLuJ0&-$^|e<5bE-YxY<2>9q-rB+LaP!c{V*zkAZWbT%DNOT*r
z2FN>5(#pkJIuSrIVaA^O&HYJt!Xx|iX>7J~8ykyY|F|wnQDd2>DHU`*(P(5^dAj39
z7ch%|(O-|Ekc?WxdTD>S@C;B$O&CA==pW8C`LFj>7Kk|W5JGx!$3|_QDMm+4euJ`h
z%i8@1%=@#xM3U^eAHWPdsPA>??&>kyKJ=>cTvxG}yW?24frG@4fr%pe=g-gXwaw1Q
z5#^<TOwwvs#Fcw)N`wq0x2}{A!5ZrJ-qs-gJHRiloR17~Kb`ztXDkGkOz1b4h|aE_
z{WhE7TP56o0g92s=358wMD=gBqB7a)5>vQ)j|!&%Sbt5X^y>sc-rT&%^Ts8*fBk}l
z*A$-6Do?lnXnI8)O!3kk308|OJUbRoAU|=uEUq<WTd%@W6089OHvT1K*}u$_k!nL6
z790#C3srjKHEEaQ1c0`g!xKUs8-HLlC>Cojm>)cD&66aBsh@9)j^B7UHtb~X+WE}O
zLj=|CYh0U6nypG@TsH^vxgBoI3woqoZn?&HItd=;4wc;it5+U=z{mrv_58#x{F4M>
z?{T;2dDY2f^^IBo^4<i44gBie^+}$6?-y?CojgWHnib&jO{#?jhpP^D6E!uMR5~BB
zP8OwH$?0{S{3Fj`)N<zWx=J-Pk+Ya*xfpcc;|5t3_f()mzQP8ad3QXb0;|#?V4DI@
z2cOR~W7y*<<PF(7U^nfyH499U>msK79kEuN)$#2%9-NaV-ggHcWcQx|fSVc`bupx`
zzsAVk2Zgm1)lz!plwZahQC!(~Yb6VKjpjB0q^y6b1utk=23`b1Z7w^|&SqAk6th*c
z_W=aKIE)-IfVpIkUZS5Zh+~{=*`&m<^j3y1ThZ|lqI)#{rK&Z6gCNz?kPMFnMVs;B
zMopaM5QJ>9nLXMPSV|?(&JoO38lE?pn}!kcrE9xIh)EN(HI<HHfVvZ_le%U<kUwtZ
z@E~;JmwBx3|BlqBlpgZ)7kFy&0`!lIYQSsKxH^BOzoDnv9ZGDPz)ed@sRF~Nij82_
zp%M$y3uR1_BqaK>x`y5Dm^heoSsI`JW@2xmz!X2wW|L&UiTKxA@udJ;aX3k&`#3dF
zP<^S4*L;V-r`a6%rM*-!cWYm)#bx&$IHnMky_uT&@}!?X(*S^Sxx*sznB~m*m;7<%
zY(R&2Z*B}FD>ky<=Xq$xngAy|KPLHNDLCgm)l0JJ!J=}0GDBTo|2DpIy9s92H<Ao7
zd6bg8Ps^><=7<N@8@Jm<Q#mn_hq`R*U&n;KClGi<CuF!!5&SoIX0h{%1kKF7h~q7`
z^&VS<mx`LQ_x3em#FE5pUj~|e0X8AYwFPge>rMG>wblOnVqLE3*Xe!Hxx~$~P(`gY
ziIb&$*?fs?+wPk&gVtRTSXr0?b_n(v$xWHegVUUTy<}`g=;jyI+&C#3r;;R%6DaGr
z^usG(?fRlz)6M<R&2~TJJiy+U9OrwpY6aM16fg8nr?f4_w(xIfB)e_H4rb5xBjUUN
z41@TIvT`fKwGg7?oq59CE6C3WRIk6{U7h5z_3qmFYZ|S#CB(0}1YwDeDChMokNGW)
z<NNJ~$CQVh^;G8zG{q}Hi93ES{k=lh$I#p;Frw$OBVOzphCo1Xud?Y!7as%dV5jjY
z7H<<s+??=bw>E>72cQ|N&xiePjQZbC=EYo`8kly6vxR>>?jzqugkMmv+Az|VIBuzG
zZH_M|1Sh$iCa0blNGwN7t&IEm7_;qein%7&Z?L$96-ZxDb%!bems#3D6Y3H1QfxqC
zEJs;Uzut87MCKk5@|9nkr$zyc6d~t$x`V38l*xP#Cew?&d+Pw12`xGRWxMNJo1zTP
z$}4Q_Y$IYX!FMf>3np7F5fnkD#|tI}^2I*o7K1nRqG{FubW4wa9FE`S-4EvhS|2cx
zjafp8XgWi!kAIa5hkUE_P8}`g%QeCE4?R_yhIp@h2{MI5WC2bA7W@=zgCeN%EpeOt
zS#e)CkIbaUm8gjJcX3DbE(OxBbt%Hi^lInNcRrG_nvW#U)f=@ArSRnfr$=>DVl#wB
zC<uop%b(<R#<q^<uz?3?0VFNgArBr`0X5K>Vy$}H0?|q2K0y8Rb@hooMmLWk5H)dk
zcOULWW}#NPYtqTx3igNUMWmD1cbXb30xsIRgX(!RSI&!`^Mk;Ntlxd|i^uJO>+=K_
zI1x~@*69?l2W4o2GLUWdnzs*gpz95n>Vw(+Yz}1|j0j*RcijxdSR}6ed%HQuY+5>+
z3e>#udC=^Q(eeiX%XGnXs{njj=}dLLixDL0>zUeJF$iP|6TGQdDX!9``~pKrM4}=h
zyT1_qcfg-4*Msg>$2xaTt1%QTSVAQt3nZ&dj>B8`!r2I-S3ZqEYZr?QYgt+Q9zd(#
zok8r8o`BL@GPi8QES(3PM_)(iwdx}=XVzL*P@ZY@NzUm!0V7{d3=v|^?s;P*P*aN&
zc_rnZCqR$C7}o?Ah3asL1;Ao+GtG8p9{13f;$ykG19teUr0?G=fXft?LqXmcE`)`!
z<nI$;QlJ0vL^JeuxlmNSut`>2CY7s{)DO!`0PMF;QejLj2FHY5z75vL5e00<{nE6M
zKb<8Wg6-o<<Km8oOSzdnGOsa~*eun=V8%!EJ7%~e5YXN2{r1#fdLK5;HpL&&zJ2=v
zmqAOR##}ww5GN=!RQWL-18=_r@$!8P5xPHR^J%&J@eR-T+3du|Q9dxBrqh05xfgtl
z0KuRf^u?!-FFt}LZ*RO^O5C5!=^_D40CeYD$WM7DkSgw&J5Q9}Uy_nd-k3}L(0KW<
ze>?+Vlj%fUu5_mTE7~|+Y5Xbqc@=5pW>XQxG=1m|z3VF5rDE7WjDGDCiG{{eMk2v9
ziyr|%+bTW89gAT&&mi8D2Lje=`rWcp)dO~ntybKz>=t8!M>4Jouw@DhapdJu1N+4k
zTub>=r+bNt(&H{0AavzmrW(0u89Qh=t{A?Ux;1?~ct??Q4g(_~ho{JwBU$=OqnY8_
zDH0fCAUh;#p~*Hm7`h+d9t!v*KJUpW>m>%{Gn(#@dLBBT|Na@?QA;HkA$s%qgMIZ8
z^Tg%@7_#xUVc{MJ<9V%N0WJ+jUN)6lc8jm@G{Y%;r7a&x*ooYL2%57eDq5$K!JCJr
zzBJfq^FPjS!6s&!DyO|O_4CG@FhLm20s*$zBZWkowq&yog3HiPs7_Hd+Cm)5YRfa8
z5A7l_hq}DH93&2jo*aO228ObVG&emYPTHy%rT4*v$U+?VCz{3oW?`1b*y1Uqs90^Z
zJqI%xwm2STl8<k$WLx8m{sD75MOJSb5dqC-J@hIqI9e&siGP~aX=jkaTc6Y(x;>;V
zSNcKU{^3qU{2v(C0Mc=fQ&2Z4MG-fBaPk~h*8p;_(IjY0Qvbb2s(`lvfxxyWA*Xtn
z5FfWE?&e2IU3c<IpD&pCpdJormMK+R9^?Vy=5({EDnV#tGo5n3Cvc|c0MPdQFB}+=
z*VI_fKEk25E1&}Gc&Z3Y^3sjhykpNGkZ(9x>+?t$x?YXKsY7x5j*q)6Mw7+E%`g*U
zyru5SnO^hQ-<16@k1Exz1IeYcyNf3prlcu(*?M>3{JwvO_oy|FM?fdpuDFj%|Ky~T
zaF(8*#IYK3ipx--dGyQGdO?^-z^2b&WDVFm3Fm{C1*2uYFoD^_4F{R3JuZb7%+^J=
z#5MnhZa?}3$HI#7;#^Itj_cyR{UBq@MY^TwtfXcQlwG<ji5!H%QoY!8!3*B7h0g(w
zL;j(3GTVKy3%Apu&p6lcs`U=&y)g0zGnatqS*>AYW?tgsbuP~Og`3@Zx-@^}wPi=-
zk4`dP3hcP4cTtTppkM%*<1c!31f-}^whn=E{<Nq;;qpH&k5aUu>9T&Dp~q?SZne|l
z$e5DXo8{c#ScdvVr($^ARv)Pc;~c}``=xvgX6EvQtG%z%vY0Y(kgp8uqKPB{&Q^W6
z{6qpEi<7e~d2?>~odN<OHvw*kQlX6)y+)G|Xh@B8cHk`sleyp|e$8|N8$l?POd(_`
z4k#fis+Ra1{wBU_mhq=yMDt5qO5KV3GfM&CPAxUWNK5G4@R0audfoEAZ`b6tbrskJ
z5)ok}Ja}6vkWbQ6Md}k-dPE|^BD>387}+MYQsT5~Z&LBu@`@+TIIhpg8Gg>bqS5#i
zQDt>`QFh^b%KGB92r}*j+PNvUWDMPn(c=dTFc1@3ihj1G0;5HO^1J-6y%}?-!*I}<
zdX7)c=i2oZ*~*z36hvH(LXDRPm#*I#-|($#p^=BN&Scr}K?SUZL8wLIROAt;@`B#b
z^H&4}g#y!-7uURBD(97R4Y8xCRn+{^iN-Iq-NvC4QJ|=d`^=Jjl5khc5bZ$Ek4e41
zo;MvU3nMq_8EQ5i)$^XOP;pL$UFkOtX4GO~<~L@i%iOL59(gbSiWv`&2gV*-sFrR~
zWzEF2mb&1##$B&}93gq*G26T=X3)xAU@aw8R8qQ1=>C^{^I9$fd`NH!a0|sFaNO_H
z_ok%olDWVNGbmuYENn&DmXZf^IynUbzl5sEma2!KXl(X4kelPF7!3_ySwwGbX1<!E
zu(y09V|k}iRaT%xSNNqXXy-`#(Rh7}h+j7o0c;!H)ZiG)g(amS3NY@_5B9b?@jWJU
zXNpLAq6>zDq?`aOUWelK_vj86Oz@$aj%v0O>%hh~242SMAwbieFtT}%h<>X*3@*-U
z(6&wZmwx?BgV~%Nl&y^~9YJkni^<F^b*9s;aK_ZXu2tSwq&M@s1hLr);B&LP69G{n
z0VX(@;qP&EtePL?c(fa6WwJW0_{zlrxmUj9#`sTO4|%pnm7!G~{wUb^QV1M)c#L>B
z$dj;t=j?w5(rKJj0&9Z|knE-aLn$}uOwh`Yu^!|5fD@?_spG0-AQAgBiZdH`ocAeY
zED;nX#a@ZpEA8PJi$<lKy<&z-hkd@WqZ>tVP33J1!BWIO#lbE!*cTvB{43PUVtQ!t
z76zik$BH>PCVnh$?SjI=?e^e9df*64`_|iTF%eyk=rfvJF5T<FNEhtkJ<vydi2kpy
zAxOn4$p|K(W93-5oNOrU0<x9ijHy_6d=_8X;B>%pV>{F?=Y;jIe=SJa^Y8sVf|OXe
zxVa_Ghw|kaer%R!asZpj`=M+q9xl|sA|WZ&?~&aDmy+3Nc&qW&!LwD^wj<cXTPo;(
zo+EK05QNL@kwtal_}4EXzbSI^{@ES$U*ChjVn9gue|-o0N(~)kUjL8BXD(RC<$r&8
zZ~o6S_3t15_ksTZK1Yv6M<pGJ4NIKfUW_K6Bp1`N>E*sX=}NC_Y;5fKi#A{O))#H&
z^+&^*Ztv&j9eOjL30T<8>)b-0WYb5>o!pW^d!-|*#3PaKT2i-nPss<HdwZo12Y+2Q
z`3L-8kG$V{-ej2n`M~BxwI(P1k4MH6f4DH=|9mK|F#Z1Ze;pe3Eixej=ga>*y8O2e
zh}eG|oRpN-`t{1E|2(?zGxVo~f&Y2<|9<kq!vB5d{~s+ITJM8bL3a#7B|nj|pODkE
z27mbX!eoT|-xoEupsxE3F~4Rxg!r)JTKiREzI-uhjb}aKI3?QfQO1k^TK%JvzZqIl
z1Y-(y>UrDEl-RFYMKeDrD7-IOZty?FEm;v?7<Z@EKHMEkfA-_-2m!)*(odq+a?|fl
zA1=$xXm7a;Eb&WL;$`<%+yq?4iiO-Vg+P$u{Jo^(m+Th)hMSUoe%fTd0#gG1mA`0a
z+m@9R>Dy!Vuzp^vEqJA3C1Oa~MgLKm-O(>Xf$4s_!XpJtM7JhBecmAOxtitcRN%M8
z*UD0r%^?Og!ZHG-j>Y);6C+CyZ!D_E4xg^V)0!1wh`UGAXuh@`L{RDM<6YhU=dcv9
zY}$|(zPXRt3ajD^itd#b;e&nD0;)qvjo)WcVl=C~KFK|oO6DZ&YnLc`+;h9TxD{Aq
zmc`&OzuMq~2-=^0L?sdEH{4{8ZEi;Py>-C8tbM4%C=XBBaN$BmzIGamtEytvYIelR
z9nuk67{B7Bi+5o!b|Ybsk%4%p_)?N`aZ#j7Dlye@@}z%Q#HYr^hxZa7>EsXU*ev9*
zzF08OYOp114Hi@S{K*eFU4C&7>76P<w!}3V8yog?$#S<BZpqqNJc@HljA7aE_i2O-
z!)m652CQ!`N5wuG_q-$$C06}E46JDt;29zIhiu%cx`lbQR3IK~a#kKSp|sH8fV<78
z%~5D^Td=#>Othe-4S}>iy1X<R)*ae@X+U3iB;CJ-Hc~6*Mo!7!(MaO{!|jsnH1{Wt
zGhTlZmNs{lcVQulmbUgtl{}I8e9Q9ZM2MH}#Pd?0k@w&Jo>_O?BaYTNU*kXUc@Sg%
zVn&$X?si$M^W^ON@dE;}Txjus>hC#dd;8GLEtsv4?g`zyYQOb=>^DP#t+{3`^T|h?
zms&3e38tSx$SJ7S`v(OQs+a$~ZI;WEdz+P&^Q9l$YBeGvA@dTvt1KW*))kD)Sav<1
z{K-9roH+85NK9B%zbB=G%Qf_%$sD@tXVn@OwD}PZf)e8%g7uh!9d5wJuON5dT9q5P
zGuZ*@iIp4gb{H+wajuyM8*$bu8C$w^sfIQ_<lCm|V<LXqm7M0pp@|sIhEq_SG@dRf
zuPd#p?C377HL4%(WcKYe!qq7z6_rkk+`O19_`X`b>d|#i;z(RZ`+Iaq=51K|8n*V@
zA3}AHSU{z{Pj-_}lIPfZNW4-zuY;#gn?iiZ)3aI`6(&tHpJEBZ(N%_So}ET`EfWQE
zZs-LD+6#S@*u7Wb^-B4neM^VIkjm#lN2^Nx?r{G7Z+XuWYA9VP{!juxPRgMr#G7W_
zA8g}5!Bq*`uBla>ORI|6A8$@xGFnmVgd-`^N@X;lL3-~+Rhc0p`B6%Wj$f-f{WpB?
z?Ck7rOQ{4;@KZu4RQWH>mLHYunr?irAYWtEhvgKavpvVQZ-Rq+(GZ9{GY0d~qH>)Z
zBWY_;oZCPi6{bNRs0=wR%rC>xZ_e8#^bAIU`AeRiwUQamv35n$uw1^o<goDXEC6?P
zLApq!E5y4Gdy(mjwXA!Sp=3(Td|bO<^>lla@#wRd6OMhSkHs=wmpm9>PMsPdp_G>>
zF~dGjo{p3niP^LohDyA?nbW*h%Q%R?S)z`1e9e(TLN4x;+elz2?S_^~)soC;FtD<<
z_k@GPNLZAQ^+r?oMSl{(!7Jpm{Y5x$M}^aG9j&{3B}#L8d!4I!ij@URkG@YOgIaPG
zjTk?V-lpymi6y2^M|=;|M`#<8(Oi}tH?}^QZml4+=5s%jg-49}PA(qDZo-)}pp|6d
z@=td^38ueYrVJqt_#N@E_TVQueg0%iYIh_j|Dam(^VA&%y$i}3*AI+6nnT?d+owHY
zsV^=!J$l4xXzE|CT)nT!-CU275ji*~?l*NO7bxSC7A}3yAb*d1dU4TNl&{aUTK(->
zJ4$sdv&SYNc-+9dKsDF3=5``aM}C3fP!m-qOdZj*#%%J_0&tGR20FyJsA<&O$2+8t
zS{fVO_@jl*&PJBh&fDgly+#u$YiW!Ph9n<{kCJs{d~Y0oB>TZ_eaL=t=0kvjkBF%4
ztCKDV*+ske$#5BWb-mo5D2b4zaJi<&Mt*fk6O?@<)f4sn<6CUk>qK;t7LKRyVu#uY
z))BUy<jubv{PBD}l4}=(r5fborgx5L1w2+;7qyBeJsG}0BuIPV552>IK!mnXTXb6N
zC3g?_ALu&_52_12npTM+2T#6!%BKriTAb4xpSzS-ix-H*KN(AF(LOtLb8~(3dzm9u
zLO+=lz2O@^L_LMdWiwcIxuY-JZY1jieP%dr=lks+EqpwJ*-CJblEu2v+~eo2;iWe#
z7QQRp0|hFy;q?1UwRLDu;=FWf%~f>aIi7e6MT}(H?bD^YO+Ta_-__$oUTAP5@pm=R
zF_2)+%B<h4zUC{!5XIQ{jTt0}YhE6KTkHZz_t!_)bc=pbBwFmB79<~>Cz;B1i>*79
z3(eC5eEDz~<AO^0b$wQST{rs7<PPU5^za-#Z)s}0ZcRLK{Q@2^W-A^CC%e=c>o6fV
z=jK*6@!(nx{+ad?2TF!b`~8ClkLI05%>`|B?l&I}{`L!2%;vthwqpvXM^E@APbX{$
z^xzvrfJCWSfjD%}FL<a6M|y9yv)Arwy)^P#eL{6?nQAyVgt(=vDP3tUUaO)=%a|!>
zW`B5ZXQG9R-K%kY<J3Qzk<2oc*JBBRBIf{fK8&RlW;kSVAuV^_hoNoMyl)iu6^l7(
z(Oiu80<BK2T=`10A^39yh12HjZmBd_{+nL{i)t@(Gk2E6dAwcr4*Z@(SLZAE$(1MB
zAVe$pZH4ZyjEoAL<SRYvIo&pGy1qbkeYCTo^+DE4r^b32Ffx{%ri6n4VJ*-_QKt3R
z`?ItA?2F4((#fA!uOHu|JZA`08MOBecRCXL+|gZJXMK&()XX<hrAJg{vG{^E8<|n3
z>33J*GcuH1`glcIQUzKl(|M@;ny333i+lMs;@#<y`poQXx=Lu@&TKZ@!h#kY#Arz8
z#r%W)j_TRo90EEz`X@=r4kv-b{?ij&^5N7%X4f$-$lSw?_gdGB*J@9QG&nGOh9|*3
zpW)a3@uzgd<i{0diqs)8{CEqc?{MgJk})VMWERGqwVFLqvVA4tAf5{z)VlraYX?!#
zAgpJ_1NGS=kqv7Xs+wo2sJrvv!&h!!VP8JpY@^lykx+ZYFKC@6z+G$gO@pmKFoK-d
zlhA+L#6(oL183WTgREb>)^hemV#UspkErkRBRBnf>5Ki@<45j(ZuyqJ4>(h($@3i3
z1aCM*Ge=j#TV?gSs0hwueh-Xfs6WLlB6_Jrs;ZLdI;q-v?e#MjZy+#W!+i0Py-b$M
z_wiXYEu4{&SZ5EFhEh#FmcLP>LfS&W2fj3gd^%S&O}ELpaltlx5<Rzs038QZYxiD0
zNtq8oGTA(K7dLV`-oa0KmSgV=cwnIKVn?TFYq0!g#ywbYQ-kM}i1?m^X11OyC5d3L
zW17`bYvP+g`IPY9J$QF8VJ05M<ah5#J`3(h<)ibfcU#JDVr<VY&i*(i`lxI*oju+y
z?QTwHxI8t#aim&H={9P#a6Xqn`ulFC61R2Xj;!X0`+K`z^fQKW>qngi^i0s4I^S5-
z4i)3AAia@3eG*%`#Cr7@s5mE%Ekby}40K}@Jr=4UPaU7bnl+v4<K|%8%Fp3s=bDM?
zk0{J>&ig}rA*mIDyfMzV{8L`lXo;=!fqG9H!Ip_a9LDYY_e{Ad!XOP!VRM+9r^w_!
zpy?bFMMu0`eT3u)<?$&Y(roW7M|$APM6s6o<o+YYS69qC6@!#CLmC0;zV*|1)5yM8
zK!|Gq(0=QUBo}&H6Vq}$T8R|(3To=`SGO${=chwN8Ub*=b#=Mc(!&Sp)e^6>g#6N6
zj!6ZAW67+V&KcZ;T;9H2#e4ZOb<<2;$VW1vTKfa7oh3D%oYsW)`Wlw?UTd&xc&(|5
z?!tr3^oOEH)5JQjhc$<!R%fCX{-vGeLadfsz0%(4@{6Vmnk|Ya^y94fSvfiFAF_Q4
zD_Q#d5Z2cW#^Hns*gY7Z5SmSXjd94h`$CIi7W1JG=O_7d2Q%f5AOXv4aq&{C-m#x@
z*z9=;<fE`Km%;u+E!e#jG>>;b89|<|I~;apzc`H(U0i3yJW;CIQAF_z$d)uvA7?FN
z=XJU+>_7Z_JuyCV+kI6M0#|9HMR=WVQJfR_@KTw@1`iT(@rL+ZX@W`idW%hoxvCBP
zP=tiDSptz@*N)lQ(VYvZ1_w@Uq=JGqw3~<^DsJFcfeLP18z&WR?g58T8?Bwrt(WJ~
znXSU7mpKXX(Kc&4p7mPz^8s%7sYjug0|!uLYE8;d3#pe&w8yvmx(kR)I;bIiLzP)y
zrIM@R5z!xMA5?P<m7`G5hI$k>ll&XaYGy@rDBHd@7#M@4XKbGs6{Q4Z3Q8D}z%SLV
zKE<u6$el;cYKex;^r58YEZha^%Z{O^Ggs%19f+*>3(dI4UL*@~$s#1~2-O;~yZOK{
zy;e(Dm~4^8vVrv)Ox#O&NSYG$i2TJ&Kjr&9y>G8)ke;)8#aH_%Y%Pow+r6`KTmGhx
z5Z>6Z@8iI3c|E#gCoJ6kc~{KL=JwE+FuE=2)HTiArQU4Xa&16e`^}d3(vMk_4dQP8
z?qZ%xh%r^V($C^ALc%URN;oQ#gGsHZ9X*4ce{EQpJ%$wATUIr-8f`RrOXR4ToVMU+
z3?h}OIbeNYZ0z=F-4j$yO!fAddn*T1<#FlXQsSeDSrb+1$D7|PSqz1BD{B&29j$BP
z?@!tb=TaD`*U8Lfu|^BS@CbGFR1GTMLZQ+|g~#W|qNm*s@(ir6fimwH&wXBJvybk0
zBoJgaZI!rCswU5fx;Kvp_t0YP<RJ7#f%Z@!pfjepG4xP1SB0(0vLspW;r=4k`r^*O
z*P^MJm&sDe3-Y^qzxH^NgJ-~_5mJ?3tXXU9U1pn&sn$mVloKW<cCeRhY7a++_b@6L
zXX7{xU$Ek%O<64bXuKqqE0%bTaIp)|h~bo#Q*gXb^7y$UheWDnYxY!C4(yVJ2%2EA
zkkLjllF=4pkY@gj$Pksw2PW3G<6vmZ@Z9e3a|rNB*{++=_ND~me=7X7cM?&OqASs9
z4YjI)wvAuGM;Z*h0qwi{+%(N`uz(s%>*e#|2<zQGw7arX2q~$4#iH)ecn2DN!qmt5
zk<XwC2)z}r1J@p67$FC@Tb^ij(9THCb7EoP^~&>Q$cQ1WnNlf2d*6>Y(wS}Gb(fnh
z>t#y*kRld%1$h6J>%JwJ51*zGTN*EAF|-#df0vbK6c!ceoVANRo~-4ePdLt0!0y(J
z6#Ed7Mc3*JN`moJ9(rFi+K*N%W?tz}or9W})_0|ml(7o=iiP;5N@yQH$%#8RG_H+C
z=GM91<4jpC7?ueK`!~Mx@s((ADRVTD%T@@aM6+jUB+VdR8;d5uiLM9I0)GlcY<DGs
zdT;aFOpi^S<2}3Q{W?h!pOG{FlOH|xVCGEVDDgE_ZeQ8l{PyS1>pQzW!WxTZtCP4G
z6g1K4F!~pA3yA3G7XbmT0s9<BpZCLWkI4`7d+!JI4&6Ai#eEZuC(>}p#oIUEag-VC
zTQ>I;^YsL5Fz7aad;j(us8rGKVm``!1~X-oneA<uMPmD;GLLn9RMhtgrRum*V+p<N
zm!N!zURS(DqFY52e`2{9`n#)tx*X^iN?-2xg|BdeM9(`gRa#gNkZG*XyDbPgZ3%O~
zsu#bHVkGd<S)6+UL4UYwRA&)o=?}FlR;{fejf1XssDUd8k;7^ktF`s%jeUDXG(pH=
zqP)N-aq+Ic;T9oxcT(8A(qy9z?w^b<BSL7sfB5w7<W_*wext7Kfv>UVgIfLA)qW@5
z0iQK0t+F1gsT|6=sj`TixL0Qv)yhdU!IkSgF>i>6c@=8C3$$vYfK5}bRfjWZX8tK8
zM+QGEy|mfDejfDPbkj|yD0JFy?H9BQUN8I}hqSw$<}VYqQaU;ov7g>Lisrw3_-k#~
z2D+xr`jqy8z*TV9EFWPo=jXFBers_Icg_22L*bsz_Tk#s32Y@~HK%9x)3@5q*4ICD
zE;3Mo$OK{n8HsKa1D8r{Av~aa(~QGr=g(0c38ukWv)bum`S&rI>8N)q6a5(;EYlrY
zNy#H64*C-X@_6VMw1oFitAiPjPg*QNu5MqfTN!p8uqcRyyH|#>a?8nrQP*Rp`dRv-
zl9GHb`L&)72IKBb<zs8GmOQ1xr2;Z#EwQ-K=HTji@SeDEUweaH7at!%0!4S&j(>&-
z->-;>g4njHnQLMV?iV0TAexPwUdE{P+UZbaC6}zHQcJpR%(1%Oc5Y~x1{^scBn&$~
zcQX<d(mx-JSH#6%Z-WZnq?LGLwV0gIm7Zioy;6mAHzTO6Qt~`o|H+)OG|$u=yS>U>
zt!2nx*zB8Hay$3cOK|*0wOqEX%Xj$b?*RT_kY?Ci_n{rk*v%Lx4@L|x%A^bCM|kGx
zNaG6QYEZuD?QOW(Kk`b&k<3X@+)A1V4JF!kbudk{9Hd2}$3m*U;j&z62rjLKGIIe~
zkS^G&LnPm#h2-AE_bVzYB+=;*+;T-Wk#F}6E4kbPd(1a^e*MMy`HnSyLc6a{Iv*qC
zsI;b?fKBao%yjYV&y8A(J6@iWU!~TT<Mc!3YXOCM3^ksn_e0usU)G&I2&<P<qL>-V
zkCtahV`JaHz-7?xDDe;j3zbNUkmWUG<zOcO3{kIBl_G-w=>(fmZ1-02=etWX3lH~4
zidWaut<0Wh5b9{Z)s+>nTbp(*HS*Emme<BcR!>#!xfmiMCl7aqZfO{$Dhhm6>m}a$
z4Cv;nrOQHi>TYDEO$AUByB;w*3t7#v+5`fq$!~U#^_Yw3*$mjo%YeYy((dDHFMl)q
zGKA50w$Y8}3_ALOF)<X(_D>{lGSxF1INcAN=pLOj+q}<q^gKpt49J@AwY0yj@rz*U
z6i58|2@jD??aq7*$Tya&<t|W0e+pS>uv<3v&Wz1%oarugW)Aj=rd3AjD#|Zy`%qI<
zS)*kM)WK`|#L1rhaok<{=X+aQq&i2(pbXkw!h!j;q}J;+=ez>ddf{|jUY=Qr7KH$M
z2VkdPoyW#bDgaL3M>}pHkObB|gTMUB1?_($3}WW)$K{)Qps$bz64((YSq4*_oTgi*
zr|1dvpg*k2r~lABqQc7f+PcW!za#X$tIyJuo_kdpD_}^f7WEtp44^3N&XrRjT<jx@
z<P?1(CO*v5$mi8y%@3}{Eg5kulIW_)Q{h6Lr1f9jh)3C(uJm1!qJ~g!LH%5-3-!lq
zdHzB#Z-{Qr_oloR(!F($zo^w7yGeQJXD#hFHZ;7cvVQ?9%HmcG?SLm3HsfMAsVbFb
z@RhV>--UQ0x;dByd-Cz@c|7v*F31;r7f4_&3N4(rT7`<ddqI+lBzW8GX*4B#WuRd=
zH97eVOpBv=A2_!dHRy)|8HhAqyJHY3(Ka#b#2(YrP(0&9lwv9za72EV)5@%X`u?l6
zlM}4fR9TL`FdEWs2Y?n0fq0|GrRT8YHFI5V+c{~GmPwVd1_oAcv;I#{uZy$tym%e)
z7?MKJ>_<zK_1&8-YTJy=p4;&=DstCY1Y!ER!Hux*U672?Gg<}Pg-}=a$fm57dJP5G
z+012u5&qaBb6&y^S?_b|(AvYcu4UKfSr7dJ6*_;8+%TLE#&|(E=b`{@jWmjB(rLF0
zeSJ}L;XpBv%&e27iWh`^Dtgb&R%W)036o9DJq5}PjGmH;ijz3cIJdUyr$BaUx#V69
z4gxm%_MC}>h!uzgu;Hyxmy(e4O9}x@&Ru0<D%V{Q-IpofY(3z)P1f9?(BZmDjkn?t
zez?97f2ww|B*n>t^NX+bodm*Fx=H3-+~c9CF9o9A?VJg$a;ZITs)P`*f!p_N>eVI1
z*2W^@3@1LZvXZ@jbaPFU=(63JY2m_Ys_pwMZm#cu<mAKw7?of!<@w+3z;U$-ceIJU
z?b#SbK)i?f6W%@XJ>m-xKI;&3b~^m(8zM+?7rcL8qSN5|RMCh5=dzi1vD|uSpZZW!
z%1QtO!$}DhMWi;Y`0xEt>fcSn`w;OdPbWH?ZJqC&OCa;uc`P8Cken{AgAp7SDAKw_
zl%}vpDSQqcg#+kNv{g@04umE^X_-k|QcQQpt1?}J=u-`I?63}qH}hsnLF9_RsM|vq
zkfYoC_AVS8MFECgSzR@h=L_6f=rRMM1?)s7&m)Je*N<Y4Om2^qp=P_uBzPO!x0PAs
zGlfcds*Mdx>`O~2c{<fkVA_N3+B&q&ZX-+EA}p!qw3x!H8Mk6zNM<hB+o6Z5HmvQ9
zdQC%rZ0TF&;_fMu%XH0L6`&$?bW+qAhAsZ9;3sh82d@Z1zYkVqKSe{}XaZ;C>w{8e
z>uL16D3Ms1;=i+V^jEuOCDI1F+bst7hzP9&gZPu!+l&xruS%lj`?BGp_uEyLbOJ+w
zv3GbcB@6$RMR;7}&(q9Bm@0ZiaC?6~4W^B5A9bvBg<V~ayE}LJRvEOj-6eE8oMK^n
zDY^=U3C($`sECL!Rm5kkZ!t@T=AIMT8A<*Ao{v(2N<KiNxXqT<S_G}!_{#kH_Uaf5
z_^a{N15g9?$Jzb_iliNb7%r6kbt+kr)GqM<GwCnAFVtNJRA!`Hn*}~*LWX^y)Gqnm
z?-!WzGHT<Gl-ql2Aqo_Co%hnq#`}M~9&b~3B*75rs}2|T8^yil(5#8yk{XicmK!ru
z<I&oC@w-Z#Ot|@BWB2sBMyLx60z;PW<Wx`-$y*hR#grP6WoMb2KJ&>G$_!Q9*gQ`W
zabRL--h?1R>OA*b+Sq}?G>tMA6c*N&&$4ZEdcnsmH&P_89YQ>(Y1O(Vy`QdK*!`t7
zD~mko`iOMx>nz}{FTF5DD^_PT{Mn_!@+4U6(M*o{0d`+>@_Ulj9ABLMuA25wbPu!5
ze#)HX#o_xXCSsud02cJhwOw`HGH4UN7PP9!&(hE`=IW1-&<U@l>4I0G(C4^D_nYS$
z?8S^>rQGy`X+n*b=R%mM8KcJ5fD$C}+7Zjk&mjjWr2jVSxXl2ND{}L2DZd)YGDKEN
zSZe|6xc=QMWT{lvg`(L{cFXwTZ|@reCB7<1AQKCVlJPUkn=2OEz6LioGd$rklp!Fa
zjSv?X4+wT64a0z(9Zf#3{;CeQ0b`}z8}f3WUXHQi^SZputu+U4C&7~LnPJUQhn6B0
zy4a&ma_9CbK$JjjSPPIUMAh3{(;RCf|Gn&*Q$`W7&IHEUdXMZ2A|kRHRT||uW+>Y+
z{;$z;0J_F`5WF2l6}xp!3$CBynyE01pjb*tNVGR2{tAfACN9-Vr<?L<`m<s8>hz)=
zSS)X{Nw)nl^v^FC4;5dnk3ZFY4|=c;qu};XGa~2xvWT#lS!*t`-xFv^5~E8x5a^_U
zWU6>J$XnI?q#t4?)sHECcw(|kgyh-6pQoDpV-zZiy7v~}CY+dWh<#l1zJZO&>w=uw
zJ27YU4dn&qmoHz^WxV(RH&j>bd3~SUC&$k!49`Ic?1SD&PI(={Terl?^96-^hZ1FE
z6u;oei&{2%dNiJKBhLrm$$b(ZMfg$}MaycY#52EbI+hoPB&S%Yh<SSzxTFAXT^G}_
zVe>KM@SXTeer<jLefgz7jTAD@&e9xT6a`YRr4cwY=1mWQZEBJWG33v)CHA;Cc=;B}
z3^#c)B1M4*0dwQF7AQKihxr{G9NXPaDfbPqG3bc`+A4ng&-BPz-?RqTx!jgqp`n%n
z!5jYsE2LbJy3BQUp0th`ygW)NZHO^zK)~3;mTAS6b~NHnV|~NQDR|Ei!+?znkSmz^
z0*}JU#dntS*|wUvroP4(T_47+bIc0Aik9$;J{oSji^n?SC$K{$8X=<1mT+4P2*f_u
z;NhXz8jABi-fastF);}U3md(?$M}2N^{0*RJY^W?{Dhy6XXhD*VV(QtkHLNMv%TBx
z<;TuzM)8-FVR#|RBm>N|Eq?+HL-&HvHLJO?M@N}mx7~cX+2p_g-t1vpsGU6S*is!O
z!E^O$(qSr9QrGWIE>y%UOxBX<DGwmN?{-S00XKUF0c<P;sDr>qjKgV)(-MRtiyn>f
zA2m_A{sjEG)pAx$lnngDwTBB>t)~)xPf9}%7-NVAd$%8U#FN^pwaFT5a!ptbrJW(>
zsvIf&Cf|`PrKBW;K<bS;Qz(Mzi?J1FFJ<{F6<TIl_Scb75k8gMjH_eO`=8{^_Fs5<
zwoof_@0-(DmN1Z7|1}ZH7`0%~9esv?1B{B&X)kYPvYYnFF0TIVn(z6i+`jJWn%8fZ
zT0XW0%@-$f{5fH>>_=eqU_nd4lxJXx@N+nIYVh6&p)0C+)9QJJTYIN<Y3<aNRqk8n
zek^5vXU-hMm=gHB6ipZq07Gag7_b-c)?u^}b!V}6rG9%b$s12m6d)^1@0wz6S2Ys%
zyH%|s-DV_E7_8)CS;W9BO6Gsoev6W;zit#<zPc`=*7TVce-dTbahVkTVh1?rhO#8V
z=Y_bdmDngu`hCU|rDjbey)j3bCLJ1ayq?tj_tp$kUMCDV11aBAwC5o4l=NR=Ki?Wm
zdb1Q;8qNXxMQAF0clR)k{!pU6yjuRme6CEf>1zR32*1XAl*B2zuAuBnn1<)Xv0=J+
zDJ*>5t#WU5@3ude2jnfOpd>#Yb)M358?@n}U%C%3@4FlwB|roJv*W0@=_Aiw_X=Xs
zxZ|t5PfuH0T*hbN>BddvQCMRxJ6~Y6FxK*3vl?cpcB6)srrD;q#j)GO#q}nG@v1{v
zcgI4pAd3WlVv?Pc4Id4M?)o*=1K&Gh3{b@UgO`0I@`dJOLjMAimQgVYjOX&jX-%hH
z`dxe-HdMQ%F+<5fS@$2F9h90?yw)<w4@abc@902g%5UGa%-m%<FT#cqC`S(*gw`+G
zFR?IqG@FR!$w)?~e%aB86|hGXk)G3jJB=+dxV-_uSP0DD5O1KscKKAme$8LU>mR;G
zy%ub>+fIqApUeJ;;$APp(Vs5wp-t6uPH-b>bbh!bgA;d!8o8{I#Zj4Ib8jt`l2$w+
z<>o<tgOO-nu`q45)HdMK-+A%}m}zBS+m!N@Xg@`KFDJYC681|9-xeeR1kVew|I%^c
zrMkB~7xNm=_9y14AkpBkLW1l}HaGW9tRaiHM^f3uoo$hJ@{g&E09(Fn?>?SXPH!WP
zSly85R)YN$euM#oJFS*|KE5^=u|Sm}+$)r>*z`F_53v4pAicln5m2K`)K*Z-?~ME9
zvAVDL>YczmJfzM|;N@_H;>v*<Jh&@K&+WUZV5RjX9pbBv%z8N*WovtDL0D%6I`{5)
zTHOAS1p!=BSEhpskh!!t&yUhxF*)}86UaI`b3t|qqQ0B&rguF=S0~@C7Sm*=D^aiP
z9fW|^moT7KFlt=3J5S`=<8qhxU_2|u^I5*s5{>TOxY)VKLUK{C`>w0-yo4DBsYkQX
zT9zLoyN-H+52E~vWghYw8oRu@GTa(`Tf^HE@Lm!OS43_YnP!O4&nq*(JkTmOxp8bp
z2#mEsyo4@QkyZ%_OY|J~(rTe0*rYNx051{D890N<bQR>NL=$L;Ui_979}?rDzSFQQ
zbu{1pf>b5%kuaptAUL@>nk8;3U~csd+7;^_g{@uG2dkbNW<MNXny^~Rp+JByXhz6?
zVH7i*{gXUze2mFyRgBY(f$z48d^LGCQaD%2w}Gu}?^IgUsF(H?auT;4G0O6z60c6a
z5cSqj5>mDhoFBQ~)k=!majz)k+2ve(feNs+{S@+vRtiAJwOpK%Npmqfp{5?=`CPKx
z<hyGZvqu!n(T(;Y@<+9vQEq3VRY>Q8$U8X5B2Vp0A~*0_7{cHnGxLQbt*T;oPOB0Z
z{ZW!HV;JKDzbwrK;(_^_dF#A>ji+TTG8Fco+8-@w47}oZ*lOzK9@114{Sg1)xrUXh
zcXL4D%HofBzVCCGT!j?~*rAZ|uAuKgl=t~^@&O_D4WdS^G4SX<?8?%^&{9zm;g73M
zVOaiU=4?==GREcc{1Qv;WRzPl^Bce)W-4^viHU`EmOzO494l@GA538NpbDLK&*A+p
zPME}!Y=qS0#~L-|_N!WbzHA|@)0f79-OmalF8o2sbDtQ58&-Epz1Cec5(f9g&mLiE
z9P`-*lzZ1bPXaIw=}k>A%M~ix+_Xx<0K1KJKMiPCAjjdOxNCt9I#FTF;J4ILur=e#
zyTldC)HYKa$oOTA%A8P4ICY3MsYis4%zQ8xAAh|IDtEONgXa-A4Z9`K5d^=1_!8($
zsYdn_;Jysp4A{<vRf`bJ!2}m>YcLHBO&qfoUWryC1#ziHJuk>M{UB<@2;x?i;lB(S
z*pkGN!fF*rEn4*PK=dllYpN+B=;`EduTq!%%XGmExp!;={mcBblY5kof4*iRGT|7a
zen!R@CiiypX1a6`0P!ubUNvV)xqUS*%^oW4wK#yosOeie)y(L_8Qs@zJf49$S7rPi
zNZf;mU24ZeE^}o^9K~%1QM}D~`c28TdjOVQ9jq|?$lE3-DfSI4+3@9i?B!@etv(9Z
zx8ta*4JzmTWEd9R3N)H67nyo2Qt>VqQL)tDn=by=yN<B0Ee7|yzaMM!<3}c!cBbY>
zry~L4d{gMx$~~}^7F^Y66}Z@-jdHUUX1L|5#GMX_xmxgPHiajZ47?f6bGY;*kD*V=
zzjX0yZ2Ul*)oisZAqINMAm}CFp4G2voeua&EteZf0^?@H{$8AU1A#N2>8m54sS;D7
z77kJbh>(d=Z6aNqdrbLwN--JY+}ma@=N;A2+Suut6!uoW<j59f&`jXw&qJTaoJY?V
zzz7k$AuuJM#hi6CC?9=ZEO06_8T@irXMi0;7ng%OayD9Uj_}k!vS;7N&2zy)u(X2&
za<~-y`$y>98!GXLksO1M$7-TXLZE;Z&tL9Coz^B?eoc1GmIt&c2-j~OHY1%8vSKdY
zhIRcYZJ92-y0beGSZFCEC_?V95>D3wd6^%fiGCLIm+PLwuYei!mb<*tcBRbHu>pjk
zK&|e)AA%+Z&-;5me5?s)n6zKNxv6CL^^w@S=#8o_RGnsDyJ!-5hdL%oau0=<$z^od
z-8=XW@wy-KK?NP@ch)XY@?>eyt60^fcgnO@_PX^%Zs?guWgH`BE5gkmP#|i}hQWWH
zkn1L}R08eEWPTte{|mnA>95MA(PzZ3==Ut%XKn<^woDXuKKbn=aL{p{=+t=+gy7d(
zor=>NwZ)SV(4<CDEa9u#NcvU10(UE8_gZ}M(QeQZLzaB0^oH88T|<-N{KLy0y$>4|
zTZ*8u#=Fys986c6IY(&xnIJj^c6_r3--6}K!A0OS<%5A1cG?g+-)Z4TzU#4^lvEW@
z28NjCZ!aJL0U>Qcvg~V~!cl%lf4DdMe|(-gD_^q%m4pxBn??<HPk_{H*)AflqzuRm
z0%#a+4k3Z)kZ=gIURW))n3cKP7=k-)ysW&Ah=^dand5P7Qy2!77+8|bWOCU`dRcV7
z`C4BTUW$e#Quq+SLFxKTDq{jZAmLI`DHSK(AANMR-PfwDRR#C#T|Bq9%V~Rky%Lg|
z%Gkt<7ONSfn47J)Hu20gnPJ43$*j$m*-kE9E=|%ONA&XXw9{ljy-w(eh0E>mea#W?
zn?sJMXT!LiW=21Zh9kP53KaKnkhg6VB8a*{+|R}h>6wwHG;2(K|I8?<$Al_A#6KkD
z>w|>fGqctOQx&nXwQEJW_kuiT+{`r3^_SvuV}FgleEWd{Ht8&QdE5y38pyW*oBM&!
zL1w|LLl{TYtd(agj@ykU?BOQ1?M-@RCK;?0NSiJ9fT*7k?bn7`r`0iKI`tM6`_~jy
zxhuhgH<3h!jA|v*a5tk=1R_MT`E*6Gvt26ZCmlVWJyG$&HfOb1AhY$vKkVU`mE_Jy
z|52iaTiI5ymB>~Ns)T{wch$o0(URLM_kQDcN!N5D$v&&=hJomsg15JgP%&+{*~LX=
ztJDQ!Rn76C;Xsh}tFo9yA`sA|LzsYrv3%i?&;P5+R$0(mKAy}k-x%Cn(nXB1;DPLr
zz4<u#{B~syk(mW3vB3HJ@}3GJl~}1{#e^_YV#=(y_oP{ztY(Mm4~^zj=+RR6?-6E}
zvm3uJ#Qg1G6U6exo7oD(&Az>`Nf3Q}P4}%ue^}4`GV{U6GNiFFu`anjED45m%&@k1
zJapeXySaV&^k_MAGbv^~-d=IKkaUVaqC0i5<ol_4b6G(_!Dh1$%|^hkrfT5j%c||l
ztQB7OjHa)_bVXYcrG3`(J_Z>U@#o8gT)ll3AwX8=gpkns5KNkwfH(?18145BaE7lW
zWn@J6>@2(ufg!-;l*8aAujTIZM<+@?X65%wpzI5zm&IgM4S(9%+ID8RM567L(Cod+
z%F5a@&L$(x@cBLWPz%Cvfq~+CRji=K=Pj+fd2v%(CRVP={g70(TxmD3h#(e^V6upK
zFr|?un0h&V{>mX}_FH8AH>k<!{CLft=HPS9i%`uuRl`D9P-yP;%2h;VrDBG$ycMVh
zXsW6lqsCLltiXI_pp@41PW8H<|16-ZYh|OE^8CZ$Z%l27P5|A?p~wx!Zl%$1$WTZ~
zs7F*Khko|P#;Zu*6sNBOEr1D!T4s(KGugHIbGbrOy?D}NZ|aN9e`bBT1`FHi=u!Rd
zF}I^Nu&*pOHutqup+<dE99}x$Cs%n4)D^(#J;v+l;$!0?6Vl--dS&RYKD_Rg!g}-Q
zEAYsGK=3L89)xN$=X>Lmjx$H!$Xvv=riPCW4(Zm>8s_!E!U5q1G_{fh>W;#hqdNx6
zk@GblV^<5*a^iEjFki@NEj)nuf#FfE%drsSPo={<3T>RHy6P8CHL3TYH193)C-bjB
zJ|c6Th}%|+mG~9%GodF>QENtxS#RL*cT*@R)<?+}KZm<7cb-N41>*bU((w0uKiRfb
zHv+JR{tnGs1<2GiBZlD(2-R+KiGGa`^<~p_r#iei7}J19yuNYXr<ZLy%XFCKPrl=+
z6Pv<|m>pX5?}VOg3WZqO?N9M#R!Xm@bnmkzNg~Fw&UC-5cPRl_UIm`Hr;F<K*Wkb)
zPwJQ>i1#-S9;0jbV;fmCe6XK76yfo%(CiOl469Bnr~Sm0)x`9?W3a0?@4Js58Xfz@
zk+sJ^BtJB2S89kHw~iYz;N9~fdQ0x6`X(nUp#BgR*+=Nj1r}kMZOpS9$)8NygXJ0H
z6ciNC)|cXpRJw%}+YPptLp7by4Ec<%gjF#9vX9OhK%IIBK|K3!Ti^L>URUl5k~<Mp
zUITze=@TY8#^?}QLAZeVYPmkR0d)(k*N)5d(Uo1rMKeG6-D#qt;#dLcPrpyXIq*F~
zsB;|;`FwPqQmypU3+&yae?_7v`p)(acf**byYtG(wT%xC)V12WDWi#gmJQLyxdg`+
zE+q+UM~}<+t6S$;ttR%SQXM9hgLNvkv$k#5+s&-zxbgK!&7L=TN)X=h<y-)}V$L?J
zHp2RSK5`pr*z&NL&6iJArPIp;*lcqPF7kysm+1qKV(7oBiPchr5mVli9WQ_0MTc*r
z(^k7-vOs2!wm9fl_9ewP79MhKVuinVJL5!;%wg=@x1w(kj5O+k4?+dAZwTHfMss5=
z%QYbvcPYj5YO|d^srk?|Huq*}r-x`p-R{pO3eA_t!aOuQrIg}W@)zoAEI0Km6=fQk
zu$16WgMFUUWs1tn!K8Dqzj?cH&7Zj_r92Ru5v4oB`27DK-lnQeA`D0Y)|BK&l5W;|
z{F>bo#}z&4`z>aJ+3{aE?MjcZ7C!EPz(SadHqEck<Z+=8lE6gZ@uMk>Rb4ax@h{B|
zm+{NAQ9&>dWs03)g+piTkna7Zy9ZoIzU&oI?C_YwaO6|SUGQz10S;VVOiTE{JC-v%
zZahUp25{eBl8nc)-m7a|ixrXXKGbebZqDDMZE%28&bY0-?v_sRzdkDYeQ-?zH&Sd5
zZ>*}kBjApV5S9?8w{ED{IfJ+6M5q5xMQaBYjel`IXx`|t(fDVwbx+F2wc6>nHaNDg
z_r<g74erG|P9Oo8H%*MsRTN%#KRDHV4FCbuq<?;V>Y{inivG5n9{R3Q8J0h@NW#C3
z0A2d+`}g>?*+fmv&BDF{r0?-zzK}gh_LvM^JSt?qMI#=%|0<R~+z#X;C8GcOgI-yn
z{Jf)ge7j4(E6DZj8$Mqd_b*>sjMQmVCQz~^ZqoDUIDb!gPXb&jH54)&w$+8Q(CkK%
zEn)ob<@x^9ZxBPl)M1ml<Lr;k{U2<-Wk6M3*EYK8E@?>tMY_9NKm<ify1TnUx<#ZL
zB&54Lm6YxfknXMxXL8@qbKduy@B5|1+H0}qoFlI58e<?rp6J=7Mi#`{W)~}ej8vcB
zsl=W~V&9k9O7QYi!~X2<e%4;`POzR6|14+JtY8ur7Dk2Ps`mrZs=>Gk$}hxGL@3}B
z&cVSvWH-zV=<EuK$q0?U_yE&;qRG85s2x8XXm3~J@T#09Z1RaHO*EQAcIfJzL+Q+e
zm4q;63GrCVJ}k0He<s|>$)yP2SNkh2VRsO$Pk^kPV?Z8;&Tv^pJkbt)C|5V(;jMt5
z_Pu8Y-(Q;r3Dq5$$RCXlRbyL&82W$Z3~xL+dbv&$*J+P`%`+h`{GH;HcG~`Ff4;Yj
z3CNF%YGs2pOSnp-n@^zVLCZ@~F@w)mke43UT>|<o_9Y?vz2hw@;`tcj*)Jr<VSM5X
zrTY;L0qpeDtxur9wD*9zN*2~Z;0hWEbg!@w(1au0n1LthVljEC@lMo8>b2@*m8b`J
zmme|<!ugYdLj{r;)X7>74jCC4`#Ye!gVYd{asbW1T*+t^kd?ekZ}bDPZ^V%3NOZKD
z?J_6OtaP-~j_MCiYllX%FZ+M}6ET_?D*FPMqPJ;vze|P|G-7>6%e32#9hwWbLzD{g
z#C|A={!q#a4QQ3hjN)1$Gb9&^?%w4}t@Ic+xyC!|`tq=(RBWPx^ZH5j%aqE~0i(g4
zQ1Y|7T||+q&Fivy1J7u(LZxVbPa|P+P%*R7j590n=O>E`M^NrSu~2s;1Ikd&cc%%g
zKXDOUcp)Jn4JENZw@p>=T7C*szoezmXXv&KeJx#>ng%q~1;FkXTu51erddVu9rUJ=
zW-baMo}%E?A1(7de^YtWtPPYr<d6fJJ`h_~?>Z!FEJWAlW29>+(P=~OrrsvMVl*D~
z`CPIgwRC-ozqCQ>KHa(UcuiQ2aex4zVBpxKF%AN<;hO#c+U$v=8Iuj@dvhu(!eQ_L
z-b&QXQ7K{;#xdz^ef7@@3^O=uOmaRO`<3V)XH6;-9y#TEH;!CB12w0}Swfd#va$dV
z`pxXPP#dK&gG4nzvT3A0jBG{vyBXJHNYiBO%+sSGTWb#6$zlfG*m&kik9iJ@Rb}{Y
z+E-KVeSzLa!<<JyHTA@AP#Xb51d3$xBN-_Ts;&5}AWwX`BVl=tLr@jOj~;(;ZPwnp
zZoL!Q6zZ`)yl{oStn1)_YBKzYy{F3ZnMT%Zr6_icJ0tI?dv*Xl8BQdjbRLKf7`o=h
z-rE`n4^5hz6A9ZS6f!Ke-HBf5-O9;G?W-XEg0QRd?@qpJey(~`)j11fo1mQUYub5x
zV-s(Lurp-#+m0*D?@N`mc01zuu9|iXsE133NV4iB+h6^CL!ek;0i%?L?|I$tvC*GH
zU)^4sVfCL6T`J-}t6-WKKz0v1FyC94@H6%<=8GrvUeEt8(?tSDs_Rg1v(!ss+lmG$
z#MdFN&Igzc-W5|Y0Cqa7RD$6ydpV55<T(tFS;e_KS`3eH-jWJoLs+j$Pk8N5MS!M=
z#HUT_ef>L(_puAN63YcBWuPRh$;Awao$}7BUi=LLOa+?6ttG>c-iW&=d!IhPmq7ZB
zMKS%)YV0}@pJX%MhxJ>oO8p6}!q<D0ytjM09t)<Jui3V$n^SwOe3hSNyzJ&`jiK%s
zrM(NUp~+TW$bXWM0R~d4!k_6U(yTWlsb9obrp%ACBTaHTe*3cpDMZ_&4!*v+fCeIu
zr%wo~&dq)BlVV0mFsA<1^48lVhP*!v(oab;e0^hdK;YKUoaN%Ca?)<Ftg}5=%jDr?
z9$?rGjlxp3{#gw{ykX;UzCPO}rH1vpQY-8BJj;iH?9Tk~*L~y-8}H16n6-OSl&ITI
zpW)e$Bc$&*lbTW;VZZ*+)46s!Akfz;R60nXq`CDeuR^JTUm)zRRFhj0s58*(7(Tvn
z#Q{JjV2taQ*|9gn-3tfF|9%ZHR)~vphKYU&8%|Bdp5LJ@zyTg`*LaFAJ;S-1VZ!yr
z!sux)n*HLt4B?myUF&X8ZXlWeltOZvtCIjtQQt-Ce5Z#YhY-y66b~wlk_gYxu`!)H
z_g|#Bw_dXE-UYJ@ZF6waurB=F_*()!G<wOt`(hco%5i;nqX$f`WO{>G`mPBQ@4UFr
z^kCS~2_qdb2{+Vlc;&Dw{K~X*RPAoT=m6c@ajr?*+FD?R6!?J0wDDRD+-DhoZifXL
zye?jW<7>^2&4Ki<)!;`27$+#*r#-y8xiJ_F-dFP_S}aE+V0_?RIAE`?BePT>;pc#^
z^qLL2jPyQP43(wXq`)52q}o-97U-s1<=eUs8bm4#@iJ3#f1i}7N6dGmTP!-Gr|!Vh
z!X}iTKgllNCN~mA?S-sIopkq{7SwhZ>nY~v9s8xF&u9zOKC8z^6|mB<6+EUh6vc<k
zbK2^$cZ>}WOMMFpJ@rf0P~RF&Ll#X8n)+DxfNrVAG<0h3{OS3!*BxBMeAScoD4N@O
z+>TMJihsefkgIBdlk-ol*cX~#lnnK3r<Pld@-yh<?LKGG$adeZ-m89N;%M}qfyo^u
zJ3Ge7ctz7OHAk%TO4Y04+*`ehUBaza&cGPaojnBIlE*96SbBJ0m45))uIAzikE%1V
zdDMJdCcEg%-yHQ>+CIatoViFxKuYk7GsK~x5#}gnEEZl0M076d9(jiX)DBN+tx!`9
zL5y$J^gaHLRn&nwQ^dl=&&;-|mR%B_KGg$rDvw&WjuZUTnJ|tgF%n=N3H`Xek51a(
zt(D`Np4T-$Qpzp*B&0=x5ctzMe@HZGNJJd<Q)#5^SEXu?m#u#}VOEbTR}`2-QW<Da
zBDNH9<nc@Z#(BcXhaZheUx{a8Gv|9uh`zIe;pd`}F6~@Q&FGz+J2a>q;f)FX3<NLY
zUuoRj8mMcWDASDRVlPcTy^~#r@%?kk^)|DWlV=$<{Abm%l*kZ2?$^{}G*u=~O_nT>
zK2d_&!C${*?d<Jq>61ofT?7pj;CYi6QyKLrnTDIPLi(#_n2k*5@~VByqqnCNd}Uud
ze@fYgcW_}eP?>w{PDO%OIhudEM`<Z2<o?{Ynw?SWmhK+v^}F5_X|nLyEBZVj2)7UT
zWar`nkn1^9)ynCB(AR)MhdI#Xfq`%ql0-j_=ytXRv~OD{s%;VBK%Ug<0QeF$+o1$R
z32~fESU={Y*W&)mgbWd1X2eKstu$=YHBy%Zj7tj#I|V2E>4Qw|-%d}s&fZLO?y@&h
zJSuDM!3rqiAw}SAYHA8y2s3fv{e{n5vS$>_a;2nHmhRAvc!^yPGWRu4g0th;pVH9Y
zO^V}IggIWwYQHv;{V|Av_U8$}Uf(lTLd9eZ!#^7B^TU}yPq2aUtJU=h0S$pWhllY2
z<2^{w8rGS+QbQlmaPR0euz97C;l2CEaFCr!<8Fzq9}o;6UM6(f$x63V?&_2GOZf=d
z{VSR9My0rNqr3Ln>=z@%PdRq+N2;mGo=a`*ftTZVVMTn6wW0WlOM`b$%xb_pfFFu_
ziIV7*bLL{G)yg5XmZWc1{d=gZ10|O}j5Ak_vI;aVDSnA>DI!UA0Gj{v=ckDCwN{~Z
zrO&(D8)Dqb%gSujd0pxI6f+WyxxdmXI%TG2+E$XruW#GZ0&%%zEK|PM9Cj{DbV9~V
zZ}={YC4=l&4e#e=Wz0Yc_jB8V=-s>drm|Wnx1>=<%SabsbpFv1wcVmcsL@n#@3og2
z#m6rs`6{N%pggWY{9*$<4gQ*@I$_B@dlHZyK0wQvf3_4dHb3sI2ZJGs64i`qIB0vN
z`O6_(3>-hrIiCa3>rfAQ{@>oGGursF`Jq1e!g6<sr{IuL_8HKvg^o`98mbb5ib$_B
zsLqp60&+Zm+_qL(SV(lAK!@g_W8nE|@av_M56Bu+RvPH)%$`K(QKf-uL#I=^IiTvy
zpmCN*m%?8xcX<-+D=3o<#&bsfC>PKDMd2%B3ZF(#C;1YP5YW7Q`GTFF0EqG2ZaHDD
z4rTNPr<WQM6%z9HKbJDTe9TsqmF=t}6VYGs*OipHoQ;M4ZgQ7MZ8I?${rVLL{|vjg
zrIv#qNXx0{iLR(~B1g<V7H6*4S()$c*hb>T^!5m|C#5?cuBq5B)E6Ek;0~6A#@Qr5
z^9F;f-y+C%nKBTD`uzkDztxQoRy6dMaMHrM_XKdi=<Md|U4s&Y+jbYX))AK&sFQh*
z@7`1}yHUP4N!Dqyb~Isz6CGu?mi$Ng(U}=zxRudO6(<>VYJ7aS_)9f@_#0ZHbG5qQ
zqE^-Hv*T|F-_)D$T};3qXz(k<5@IIM-WNme2N5}V#sO4>8eSL!VNa?#pgjlmNHvyI
zL=aXBH(jkZ7hE2jW&D4#g>U-5PHWYhEwYy(<)6~S6=#w~ice40d3nF<ng+<-rdll`
z3|3VOdt2xnf7fE0<9m|zL|i2T(eyB=^mZ`*+zXXgv!$eq=)?`m`J#T=JvvILlW|DE
zV!MA-Kw{^Et$)M#)>Ff8y;R_qI2g67mLmY<3C|}>UmRw}5BIg$@0B6*vbhqU0K_g+
zAF8%c@lb4ieCpI+nB6LgD6eK}Itga@=yhR2NN@fsl0q+ROYV$b09*l7DYN=cOGYFr
z#x*-{2@mA^#@vUSk|}*TxdB@-LO=!h?WDa2IPG-7PRRsxO$Ou(2P*lc)^dT6OwC#M
z4COjAwLy)Akx_ir8bU`0FNZxM0A@-q`dqUTxElL^>-z|FDO9aXvy}?CPb%P?ng4j<
z>IGNw(A%%R-0czK<mb3XFUxoPG{#!o{Fm-x46Yt>UzdE$0ebT7={yVog9XuK1BSp&
zB*N-otg3`sN9T}_S!O?%HmCj9Jc=AK;;)26c{$n6yg?1qQDhWmx>u)|+Y=}pTgC&^
zRI*gL?%^q*zlD3}G=LwpTD-K;HwwOgU%OmFYVf#t#jMk)Z?9*FXj%QRl?dRh9K(ft
zrPp|7b0si9-oLh@ytTTm4v(=H60x_|h^BTP9hDovyyM50T!{PZS@lvM>2%4^7u=i5
zaU7iYHtbW6sz4+%#yoDu$(yba+?=yaPUUDHCtW*?X$S9T+rAPJeUQ@GD=YHl5E{Q(
z`Yc{^HlwaWDC+(|bGW$eq(pt;Nf-7MEsKGI+ukh(0?}-xj*)j^y=eJswX(K*)@SFk
zuq~~%WT9}Lu3ezaIu&{^aqEg3bxeFF(!<5!yGk*@4x{=*eR`Xl&wOZ}4v#8J49LO6
za`RKQHYw}L9?xh%&<u>m<@9iapx30G`z|_C3~7I8=e%*zUwNO0n=A7GYwBEb@!T=6
z;ep!f1x+D5s2VjaUW5Cc-!ihT1$wAs-~Bu<i2xni!Uk>vewqQyWg*}A<nr{lK=hn*
zn(1_@vb?<j`}{3&YuE{jo#R9qnCj?C3u>`6>+Wi7eiR#xd^&zHlF@AC%s1qGQ^c$U
zLL~eLA7N=EpnY7rh(1H0mM@qc0M!Uj)a`7|p*M(WCBD+YU*BxZS*0q@ct`yn_Xny4
zlpvZvOYX|7Mw3os$w`D;M6p^xBj|H?rpsBFi$;F8dDm)iJVSa#AsG&{c4?imI(vdE
zUB5Tk7SxcwbPAh1w@{2tqj~u-ZoCJZ?YOSBH&t3%C<Bmaz1^YSxx;Gn;SaI0wt6cg
z>U9nQQso-W`8LEmdjtvXV4LK$fFflLM7@oz+6hola5S7=B2c%B*K+62oZ2llXY1$|
z6%L9cO9ry80qse^48?O?CXG0@nD6*iW&Al3kr!4JR7wtMRKOk$r^12=h>Z~s>ft<O
z?-I+PW*d%~11659E|z)k^{pk*&}s^+n-06uO5}R{dGk(z%iRi+6}|5a1oD;+0-AJh
zE*x^u0q=sN$_+1YNzUe8YCV~i(7-gBmXPW&Up5lXb#T9^r{Kv}(BD7(gckZGiKe_y
z2({XMUtJI*21LFv5FqWZb`$MOaVe>_-X3DsZS=>qPJxBc2gkGRxeC|cp;W~YIvdJ=
zFPggEO(hGB4DSS#3ur1eUhR?m>~1?ONpFX0kdtl(^l?nPzOqUfv<rbxd{#f2QLmsY
zd2l?ic6kN(!G)tMlSc1q=~_1PeQeMv_(mz<R}M@SI!|olH6M1Ystrh}pP*I`2He?j
zE{(@Cd80{*x5>3cAjUwD{fbSh4%_K}iwk?S=;_CYCNh4fYw&?xE4>y47cnNyq<Zyy
zU%i<<;N_|16YiE)mH$|(cvZJ{8E?tMwnYZr^D%iBEmdI*Wq<P(9!T;h3srF*)9zUY
zy*Gq)&bUC~bzp<<&MrnOEoUYC!bC!S!CA8{SNUz<aD3c9JOb)pSD2rdIfe!&m5gU`
zzV;N6M2pI{skXkqokd*^XP*K3Mmn<?)VOZ1$on?RU}34*-?cWzv3cIAN0N@C0m*`N
zvB||#`4_#)pCQGd)Ox3Y`Zi%HeOh^042V>#5S!ty8OL(A{o=6hf3*O@6cn~6)VJs6
zEuC22Kq)m<tXgsH?r1QxOpW-+Q7h;i3`Oz{>ia30`a^Ev3En%Ho9OFUUS=i9PZ#(1
z_vX(9lAO5mh41=IZ-UNQU_epLTcRo5#Ydjha7VK@Sq<LM{6DK+e(fybDY4dB4ngD6
z%G&L8gJ$j`RO4nQOn@J*v{nvyOaygFy{Fl04{EwcKkG>6_?+Gn7S3lY7`9rO5Dz4v
zbO9k~xH0FVR!wyt=kuts)jrU1B-yLAhOjBTEH@y48!ik1=&c)klzFgup%*xanS5Ek
zX-|@CuNG^Q$0pG5qp*aH@@lQ|uytwBq%WaVA+r@v5x0hz9~Ac(?sV;V#4LaWnSBPZ
zr&P?X6Ss#@WUs4k;fTwXD(CtJ?Yg(DK)r5Sp)kiTR`^kjr*YMCPS`;#@BYtUbGM}o
zc6}neotZ4q2{9G@%lxgD<ycKy1N2U}V2HlEGt-x_es8+W!ihvpjW93)lk?hlh5SHD
z8V%%Ubw|QRPLGi#l@22#(c28gx@1tPdcnH9nGsN(uHIzFPcWMKb^Rr}g857l8$cS%
zbYv!JGi}A><cb=6PtV<Z@=Q^mw5Jb!$N^h05J2lhlFea><vCTG#mfnNLuXxn5t~v(
za^2>`vDeXpmRP3WoqyB|)zMzaDT>8R;?zL;>b1kt_=IrK(arngBgGG7VPcqxv_E(|
z%|%4tpC*oN4g7L7-T0!TUg=aP1{J8TaOg~8x92rcAPabjmftx%#j5NG>JHC$JNkXN
zblzzW40<%yUeMe=W&yF@*BemFtE6akdoT12h0eG_;g{bU5l2aVgYTx*G%>!_%YuX5
z5_LdtVoU=+@8M<TjgB}_H3j;Cm<SNTL3F)yEj>Nl-JdfB)E=l?&i_uh1_d!dhv-Xq
zu>UQI)g<eW^w&T!XcMI%V0~(#@GKAg%i1zLu`c$I2MqIF>s_59C9{*>Y~J3%uC<DW
zW-s0dfrw^C%;x<nG)C~X<=FTKp50~6;VYSW^YJ%^_^ZNO=V`L+$?kFQOg6oN{?-77
z-o`+KAU<!{(a^b}nQu_=m2r5wh?EpzW-A|?&NpItMMXu6d#jBv%S4mqB;1eu6oxYA
zaUNt4legp}3CM)V@NQ*6-kQzR3UgI;u-VwO53L`E1pF9y4g*FBy)Qqr*RQp-qH<KU
zPaVTjz4-1XRb3(Mc_aNtw@BT*H}lSgDdH8}>!Di_yUDlc#2jc>6!@1nXjKo1Jk*F6
z@ZGG~$U)cFI~;3kxY#)OQ8J3U20JO%L_E&1lf$L<_CXpr-YpD?pELt{KHE>04rN8=
z#78shv__pw5M+C<RBrPap(d2i=@{(23dD9cV}I!5;L@-D0oPHv-h0J2KF&cyPkV7R
zC6#x%+;~OAa#}5EVq$7I94tiNs=H7qQtILRX`)g^;cjA{lteA0?sg*Zi!GtC-MzGS
zix=APbEsd+4P4^`ndbU(_m&%U6ArT46~C~(TuVl}Z`JYFuEO~MR;$q-OECk9lA0QK
zs+9roH+@#B)DYgZOq8v)DS`bZTn`TqD~+z4wY9ZMi*B2iM<R5H+wt{Fcvu)Pw2dgZ
zvy4gJ{`x8o8~OBip_uh#xf+@laX?isN=&FpwWvl)YG-*A3$soe0xSA_t;J`3IL{8z
zlJC;8x6d*|Hzq$GzkNHqwGm&y{H1$K{@V{kzi&01jjk<a%M~OcS7mUC-TpyAe3(Z%
z0TWwgf2LBgSXo&`Tls~}rW=?Awn>S}La_WZ^AgrK*CIg!>-CK}hHGr1K>B#0lL<fx
zF%p9XPpzZ)c<rv+4h_v%k_?!L+MP1uup@rHovRo#a(uKHj1l@iu%DxQ*?Q1^ZOFI<
z^%^o0j=4SEhyj}H&$)A3i_ly_!3b~Z^b}#B<QM)h&i=blhpEPLeJ}$)SW43TCDB$#
zEUwv1KJnW~^z7X3-pi;6Al+hcJ3Z$@N52>=b5;gp?8wl&JC>(W&l0Ucfed{~DN`pa
zx``r5P(0}Sl9U+oTv&$)=ps{XbP^^fom>_+?ReEWO<@m3yrMJjp~suuw0Z1NOq$hj
z?bh0u!TPJ8#!!%4OL}%3XO7uk!<XTcjs5UOt1D?zdfjuX>uPo{1e0TBd*@mLNi2@w
zITAM5YBNMe#S91w!+8}={&U$n{mU2iU03z3<C`QlSFXA;O$cU4K=?b%B-UF~tK}E-
zeKi*()RGz+8goRf2K;I1`%?oy39sqk6*F2*1nR)lsIJoH82h6!N8}*U^c0n`I%8ay
z%<E0>tVQn}e}5Pk>raum1uW~m#jX|A^<rBtOtS(vFnXhHh8A9O=JWTZDraRwIvof!
zNaA=mdp&&jleJ_?_v3D*DO_K6zkoT^C7<|l37MCA)@fPv%*;Z$OH;BEW_wT12yNdO
z<>06_2lKdCX$4kq*;4Y-kWRHQWXsIB{GPx?aN68Ft@M1%giJ2DGN%b)3TABIygYlQ
zzumwm=j{UdJvP=muKP+}u%NsgNkG6d={bqK(KG>S(Dl(81~>`r+XfXr6Se?Kcm~PR
zZ=Ij5b|!vkwuAG}6xXvf3<G5vxze@tdPInTJQ0n7iGyTg@2QRWM^sY-0|5GUQMg@i
z;5+f+|1Oo+1fohLziqFLo$8rhp9JtWI-A33!8}`pV0~8KO?7k<9<`j08fIqj0tb4g
z5r9OZ;$kAx=CA8&3+T81+vmN33O`$UMD!|(0E73&)hcQrei3BGLOngb-38&Gt(C>_
z!y`KfN2T(Jt@xC6L7uJmWtk2SA#Ka!F-lAZ!cVO_-+u0WClwYf(#6{6FZ6McBSH}i
z#1TF^xW*2R+zTrmR@MCA938B+&yZ~MR(L*X5<@MRK|IZz8I{z)f{YRc#+kmN=NEVb
zuVZRrVz5_6oj1<yd^Z(tHa^ONl5$Qs1@)=9A=|d&eRj7$foh|Lcg05o3#1+U_MS@Z
zHtJ0tsgqtQ=Z0Jd5)2WeqrLv!v}_Kcg}ajSE5U`^Mll?OHk5*bsKP1?*`8`5U?n8B
zS$ckkopF-WhK7d)C{D>i{8WdZQ_=Hd;-~KeMXkcy)YhEYeZ6@>9@VL1F`=<qWfCJ(
z)Aem#Q@hJ9XCu?CEHK4ANihG|U^+@5CPI7qPVvS5V>S5nu+%Is5-8|lre6*^Pe17l
zKMRLYv(pm@W}vjtH_LxZ5IXOt3nTeBIknWzN;1&w>hCb>8{q*~Gldhcw$UtkA=-ck
zPRQ%@!#ejfal8o^g6XO(i|NNIrQv4wmg3N8<1Lou4$Mj;yzsz4sSb{I59v{gg+C*$
zYcYiLSqB5?r{9e8sKt@rhrC+1h4Z*0R6Y7N^wC4>usm*y&9Q15(E+PIoRynh@>A1k
zUcwgB9K=(=(ko2y;}5xSjEEi{vo+H8(ht6)+Mqha^?OFaLyZU2T%li;>p;=c(Mn5Y
zeqRw+yiFT#^%_I7#sLj;|5G=Zxgg>xh!~wTg1Eq>)rMl3aE}Gnmnc{)l^|*?U&`>u
zU!${X`^WeCjT?)k!VZo%zsLSmB_kQfC)Cx|^%UiCuvrZ;_R!M2pyoh(d~n5IY6=~I
zXlQ=Y8@SGXc7%e7l8Bt6G`+_|p|m99q}CT03&-js=^Mr!mWdu;)32zT?R?gC^!~m3
zE@)P=)O#!z<SHiU`{HrrHgbruWUc~<;}u3wG$tYNFWV=Ep6Az<t&=Tav=h7hGdM_Q
zCL9`?BRaG(WYY4<hSwj+ILH-sxwLy-VE))4w(3~9jdz^GEr<Q}i|!d=%my293+)-&
zei`HCQ0FzRO5-@+LT!ajZ3ggj^$IKH%00E|swvG1vt^oX`wQUuez!(YXeP9Xa*L1@
zJmMO!3VJ_0za!%TXZG=-QhQB6PGQuqGTVRgbbqb0+}Ywb>zx7x#ILlJ>*0PYZSm38
zzkvm1wrP*G5B&%UGX#!<gWQLpxjNrZ^mUJax36XCqWP5EVPO_E{f{;6yl32HDYRTM
zz&Lv`J=lH(jT-{EQZK7^ZlRyJdiVUU8eI0Wr+o|q3+3WgR(3I(D=mIGHK;nlcC(sI
ze<x4jiXHJFA|{J4F8;fMlbJe*1dO`Ql0c5yRrH5)-6j{L8QVeTvjTeShv^;;SxM=B
zszdqDi|!G1f7S~|3)3>q3)Si|*^hWPSkd`!xnyKSc1oIIY()&N{M+%$`p1@|$$nz@
z6Czg_47<2g$fkRnBBXcitC*O)`f$e3rB8HeLL~JJH?G32mmsVJb1kFAEdW@vKm8-t
z9jxe9rKPM!9g0<3-p?V(L8}hVdU2U3bMxb{XZbPld|;ZZFEzDtBRk=s&yv58W<uBW
zyquFxl>s+mRPu1bcki1`xa)gTyT&G9Q?&)~F+W5TFUMdkw}53XQn@f1-75O%AQLZl
z_+f8wXrwPEJ{2Evx47znh=fGG<xsn}YO!+^-_q5fXH{o=T<qg+%c?Zu35f|R=qI4}
zYoOF&q0l<dU8iiv{n^c>cIyp<uMzewi3kz@&7GR2CBr2mg*|8kr`}?r8KyN9FSX?3
zY(IIhl?bnJ8<FBAGJlKN<YEK&?m;05)?d`57twu0yY1!f3T&Zr^YbKBd?Rue&YgaX
z`4H9V9Y?hj2_}lVbaET!{a#G_QQbB%FY#w>Ub2&BX{&4T3;T~xajL<P!R>eb>y<^7
z-Z~A<t-hkuvbA4zo<IFEjWV!W(cMBku`&pnOX7g9sDG~w@$(HKcm@+q{p#Vfl;f+4
zP7bXy<`(+KZu!2OfjHCh+7A|!(|xFz26J685AL6KuE>QiSx8o2>ugR(nhqc)pWX1e
zU9Ls-9nb{+EU+P%wx_-e7@RV$t{|uDOr;KAb8ueOGY$As@#e?O$6vR)^H!xyvpbhQ
z!+$o{LVs7h?xB74f{Tl6Y^?H{2rvBGy#+EtG^s!oFv*q1rJ6jpug_j}7wM3jO|`tZ
zq<D~FFlIob=Qw^FIX8elIQ?b?-qu_{SXhW3kn^by{YZFY-^X!Y1b#zM=vzs-nKmu3
zT~ZOI+`C-rPZBhtJU>4Nd+GM-5_AyvEu6G5W`9Xv++cYbwKwyXc=Zj`97pAD!q3F8
zcz*jIdx!rYd-pNtmf>5RvfB)oh}y#vp_dQyCX2>s0tV;riS9J>+}WAjoOM>cp0`>p
z4rs(0<Al*1RaJHe)86RM*>L^Ea;n5tS_LcY4r#Wx?QotE__s;qceG!bU0)Fgyf8G;
zfB1^Q>wQS?;3x%$P8uw>M-Vk@d?@5ZdKYsK=Mx(ty_1~G>-g~e)jQqKKVQH9)vJY&
zSy~u0$RodKu5On#`g5SmKbMvjBo5qp4zjuxw`%(|r46T(2qW4pbno+TS00TL3z+SW
zI+gDQ4G@=Gu#DuPp+I2SnZ2TDuzlV5Obq7p{dj_x4`y(5dc+k)0L=gwYM?k6Z?1nD
z`H~$;F?;|Ynbq^*c~37P;#WMcD-@J4^#&_yg0e*_w)UaXvtwe|WuHLNeF1FLpf_@I
zeQPS3_QzLo4hxicsFe;-8zU1r%uV0}PR^wuh%p&?PFWG`;EJv+9FCL2ZrUFQys4Q{
zPtoJ=&}1vouCR&3CqElD+Q*814GUwl<QdsXZA!`d=A$&fVxR2lSCs|q%-8NO;#ja(
zuYa7$>DIK{{pAMo@c_ln?0s8hFOBR!u|z`l<nPj$ee{$Ge9F$#7e;kjdygxtPhPO9
z?|Q=e{XTvZnOgT|6OvaKisdxmu(fPRD&m~sEogqPR3};1)XpXzKCo$dloVH-m75fs
z9E9?y`Pn<<QQE?zsfSJKH69h05S(v1Z^(OG-`MA(EZ3#TLE?;e&a?my?oD|2+D#Zp
zlu7CjSh%api)t=3&x-at>s03UqYy619zvjPq+|zq1KMDM`r684*_#6q<p~bE`wjP@
zPshbw@9vi+`cMAKxAZ(pQesmwQlaM3K2YIw<d3wSiBz6NMwYB`oV~7AFgdHn!Nm<h
ziqX~ET3%tZn;bG=(b)(41|YvOR#s^}jR=&t?UIsGh9Ff`uXLe>jJaF1cPiUKr{Tg5
zN<|$k=o8A9=$x(SoA#*~x+XOkX4x$W2!J};hV_m;Gc!Vk<nm1^ix3CyUcIc%0!bZt
z$71guHen{EJvx%4m=cK5`~0#eu#Z)J=%iHY(~EfyE4L0H*krkGtPWQXB5ckhsPKqE
zZ_<%qas<p`9-N;`^be`-ygSO-IPmNlo$8Hgd@`C*XEdh=&E8jRK=u|!JE}{~$E9N6
ziynIEjz!)s+MYcz8;&$jvq!2s;ZsYsdwzzG^XQERFOJ|Sr(EA&xO0_Tdel+wtn6|-
zUy4M3Q2ik6?yt?0*e%9T8KLR72~}6P{k^N+V88(~EXwyqc-T=d@X}~Ubn8&Oe9HRP
z;cZuZyH4V^@_dS8$0}zFHyR6HZS@UcZ~R&&$RE-17eacFEQ(xb&ddxj^v&#Dl-i5`
z)F09@y6+AXW7?;)4<kvuYC7_WujxWA?q*ao*{IN2S7G*-fKjVb!(wjtzRdG}Haa~z
zGFpXh&)7|pQ{WH=BGepaWA=Qqo#bvYx1iT_|5c!wbR1&|0)NfPlt(k3M!N%MU5U0|
z>w?--ps7dy5oA{Zz!4XwU9@v9wLN}2Xm%h%Tvnma_FgdAUKymw4Y}y;YK*hnsITR%
za%D>GrNCY)^!YQuba?_wbStbn@vdu6q%bI0oDL?RYtArr?7rmq-KN07sL3j2X|2<~
z!{gGF#V+CMD>8X}@>D5Ud7k)dw%+^Ye7$+_)L{M~BZWrVcbfO?L7(Mh-Xe_s{RQ&K
z*-Cqylue{dT=6&VIV0DaTt@?}lQT$^yGW$B61AytBRUNu?+A@-ktnBRJ|yNiLaen%
zvmTsYsNDY7!otlHlc-5ft0!~c{R1c%nr!8z=j!uq?a~dr!zIb(y*Rvz9GnuH8X(8s
z_)8^7rD}57)_e9U+XcfGBKoL5v4IKyxLClDdb4w%mpa>|*))_GRr_*LEB%;%H9+-{
z6CNS~=k2EA5)vJa+0{jj15LkgS9lw#^s5`6?uR*YOsJ~*Gfe_lHB&#B&zublQ(b8x
zav5bmfBm6;&08|NAA|5CA7*tkT}Hjy9t+a(YYa30RiE4018%ClY=W=P3L<j|T(%PO
z<8m$x#KWWMxNP5l^*1uj%Ys6v#z%c?V;EXb&6b;ES^ZzMWSB_ghxq!&#$koqMDgvG
zB$o2LeDg2p`Bm4O%in@Wnp;Bfm%Gob>Fr8GDjy&Z4Ug{J`u!&8apCmM#EQDRi6O&)
z-Z`I=&*tp7Xumm=A(2~?S|G@!T`2;lZih8KC3TK16O=FeFxGxJ{rk6m^Kf&>MDgvL
zH$7Qn)ewlFGU#H!w?5n~8gzHhWVzMdJBI_Qa2n=*|AR4DEMCs$&FIgM{F((-cOz{=
z0=c@Q%pk#hnNULC`qn#qc3wR@Czr{fora2&s%h5xjjk@%RIvvYH3J$2tOO@>b`ExT
z$5JoKrXX&z28U5)b?xWYDCf$4Plb9iR`h6!MPzMl?Q;@-mAno~W;LWK@0KsIv0+#K
zneqp&42tF%iI!)AKLm3OYcExP>|;tuz`?gb3*)Owi^fgbn|KG#&*TH>p;FeqB7gr1
zKsfiFBB5yl@IseW1Y?uZKJ4>F6|KXsHE5B!sW^lvz3%AmP#TuYvG}v7{#Qk{5Y(YA
z=^JH*)Kh$(YMRpn5!~_7>~p_u@u^5%)xq?c$sQu%<#-$d@|!968w!ys6c4R2g<!)1
z=E+Y|VdJVz{X6%ObvLPY8MBU?aF?<}$!A9;AIz|BK7rSwKbl~?zup)zO-EL^zhM?~
zut!)KQ!uI-<Vx`w0(m4~=+tqd5caXDG{!PcK5HK{``FG6S%vmfa#v%6BTel&(@EJ5
zpCjmrMaFWOZw*qh{rMU&#4Rl?5Qf^Ms{GepH~z&|wt|)B{axhy*_Eowx}KDm6Z-o4
zn4)+c9q+NR8_e%uw3=K9{kE?wJx(5#UOq~{a}N}M;c^HK!1z4Yw?%a8h*ifPK;=py
zXl$zkZ<M+6a~yyMKP*0+(vt-R%NQ(9b{)LCPa4acd5ujKQT8Yo)*luUvZ2UkRY&on
z*}a(jdvTHN4=e@L`1+IjqhD9knbSsAD#cLq*CO0yOdw8*J1uUBbdD>>jW2w~C@fMx
z>yM$C+Vw$4Fe7Xc4a3>urefmsgKd9bFEux_PE^7`Vr=q-c0!G;f<phqR+T&vy+r!g
zXHqX|UPZw2a(@3M>gD2snbAtW6rjJD2%pC;xrqwz_Q*zbB!XC6OK$z3^Fevy<oh>Y
zT9mL~y3X@<3ciMc-}tk!0dx|cspx+lNRub0Z=vk|So*Tydy#L(3%n{q|8IFiZ4*5`
z$U?qWNZCrEP??AK<<>7jkAw(0!uqPJs=o<_)BM>=e;qTolUSZ3Y|}L#M3OB(rHpQ8
zhq(iAJYGIFjknNmo9^zi=L|pV6{et-b>`K&+N8#}H+f?54>@)1nWv{@KXc7R>S_Y!
z91vjh+7%W0P_FN_4vbZ%x*977iiZX#8cOCmR}^z{bvZyJ_&%>nAQBy8W0^ATYs#g{
zMdL!P%>ZH%d`O^gZD&-V7gJ4a(A2~dg5PVjJrMIiLO)ya-JG3Fwb(KHIBM!-D6QT2
z1Qh6v&x(QJ*aXd^uYoW&ytFwwVZKdKHUEVMNF6F1*QvmrVw01@G|;B2po+@4hO-MA
zxhA#r0Frzzh>HvH(<Ra6?syNd!JRYJT!rFSM2qbLZ=<4UU@>oCVT66qyArfzCg)x0
zZ%M&6?H?AvV)NX6qyFhrMV=JQdrAW%Cv*_f$Q&5nfw&ETS3w}MpYt09j^c_!xI38X
zuF?VQ%U|6pJ4dP5;&PhqB))gc-h%*D=u@qo&kWu)TrV1z_D#V)wa$Ua<a{j{g<Ji-
zj0mZ)A7*K=KNGeAp=IGL@9|rORqbBT9lh>zZ5{%IlAF6sOZN?BAhtO2O$t*o4+_Xx
zMzov62!q=lrd0{Hf7kH=q(QyO#8ZPO1pCA1Lfuj#Z;`-IfZl+hF=G2nnU)nj0MlpK
z{(j@8$|gb8>DUrc6pyvqqx+EE2IIv_8+em?d(2ZDVuVTTmW@MOzM$`;qJ|~+p?>vi
z{CEazy@Sox4wK=k2N|jUU&FVAc%=Csr8|TJUNO{`VOo0ugcbp^FXAA+w%PP;k`r`R
z{{!vU(`xe}L~;pdKT9DZkz?9AoqCcXVnRA5TB(2+z#+zGxRMsP_KxnzQbH$T8G!#`
zWgL9y-A~ZG3@hMsN9K9?NLN2THaW*&)K)I@7$#R90A9e0!2iCy^t<S6X)czJP7V+d
z0i`A=fVxcF<g-_=Ug>w8=jAPmKmGETqyALaOl*=wKkMe01ZU;YU<Zfm(1?isaju2f
zloXxmVURyj?y50JuVB3hiYC1yOrNip)Um;|Sy5(*vvhab9Wn-83$PV+Tc8$l7P#UA
zsy|GiGkzhd90J4Z$v@M}19Tl-_*aKzf(FsiQKwq;EtG261FASnog|;06|9)>dq3*;
zQA(lq%7odux{l}D^Oyvx1Xg@7q93VVaPc9?Jn{#iso5mzOUSwtW_}5bEMbInBnC>x
zuVkjA!Fo%;ZEVu})-!_-%ZW@Q750n_hkngEy)#^2)3>%pf&3i$Ic~8KK3{vJ9>$zm
zC>>`_%l8srqJNk!%mhb#fCT()ml(bx|AK~b<uiq0XKjtC6lF^uq0LyC$|xVifAVY%
zMBN=*9-u)$4=}VM5BJr@JWXV@7<hnex;60S8a5Lg7j0ldR?i%d?@p?X=ZwIs-6$4?
znuC8MlhYF`N=V*6*Agm*g%}vt`1a3TjR5;&BB%_ercnzB6qKY&Ait1A;I31J_>KD8
z4%U!4r2%e6+$h)Z;>!PaDtzop0-3H{?uwV`d7tU2%-LB_1_wojqQOX-uW7uvC-RG`
zNb+g0GPSQ=+7`8hHyJ<0)E|k&d*veEU~b=*e{)N7b9)1ZilW{qi(j_UA-;^d{S7`p
zwC0q3TA}UTx6W8IMlLRBYI9uLzgtKgnT~0)Ts5+d;%Sq3F}d7d3LGx`hIhg>bx%zZ
zYhi|XD^TK52?+u8N~mW!pg)!Y`<uQz%0DamVq;GXCi-b@|NZjc|Cx0T`dxuyO9Y5$
z;$To|DgM_u<=C$&s(nn<|Ng?4a$E%7XaC=euyc(0yo9^DatE4-|MP*TD#c3E82=ph
z|NZg*y&GLPEa`t9<NyBz*dGp+{HXtL7d?G%fDF}+=Kr|l-^Y2=n5zu#DVYj748fSv
zdj8l75`WRwL%X&VBI<>V4wIS50473*oJ$9x;(tj`kAli5iYFzi?R!|xoJ)fa1~8EF
z6`!7i=9rf{kJ<S=yMNntK7RVdzl`M5x8UmkMt=0Qi}vZYs}+L0yklUH)Y|EVr(Aov
z?dZsAatb9t=w+gz#h15JV+As_=X-Mq5W7F8Ojb+Y-z8^w?1w}r%hv-&v)`-NI7D<E
zWPNv6JCUq@bpe4KEhDYn9>^F^6M$2e@nq^P3%DJ^!(+ir-GBQ6=mMtlnusXUlx5`w
z-^*G&&HU%>+-+c!bBs@LR2Uq*3zU&ebdCe-2(fdi>YuI!SK_>9BjRuut30ApgyQ8i
z8KdQAHPsVB^nUGHyPa<shn4Paw>h(Nb4rr?QFz8odkDDYzuI1?=73PL(GmAQJSZNv
zaCx;TH7D@Udp3zHsu6Z(cAso6$q4$8`vDp%enz|5L#4)YFCu&d6JQ8WL?^eEP}Zr#
zn;S5M0u6LXM}i!0?=UcG)Ye97{>O+sEnu4}-s+oy$hJ1}eXG(h-@b)^-@q$ntX8YP
ztf*jRacNuq!dfzSO#(L4cb&cQY<vMA-cAh-gMQdQ{lsM%O3;P@fe5Pz<-w9_)|w3=
zR?~e2-7-r(efnFG6eH5>3qg-k|9%cQ%3GV!wDz*eJD=MzEDtTAjm=Yep^mY|NTgtW
z2!wy}>k=84g%XmrCN~UZvcx7B$cXh94s%~Ny^~7ezJ&pY6aoPSI6<(Wy)dhteU%Jm
zW=!FBLly8d8w`K{?hG9IMsyP*V-pg_TxeeYSqjPeYMq1%BHBobF$zHFjW42~nM8JO
z%l0Du_DbBI6+@;o?voC-q6jILq$p^)P!8P%fyC@%V`a8aSed+<8WMW9pR)KtMQx?g
zXdFDO{}4n5WE_lX955r%UwINeR2*dP>V_$?QSH}O(0J`O0>}5#1prz#UHtMSt+ka2
zf!F7+lN0Ygx4Ds-QeWx+IzPG`^zRi0h5#yF;Xds3mQ18!a^?WAqSku^KyZhd*JdN-
zCa64=%#Auo@OI3MuRG-2zc?Z{;nRh+T}5?*n^hkNQ*Hvba}@bJlIApXNBN*>yt6X$
zixm`*Od$!7lxXndKBn^Gy$w3G-?cJRBI<xZq!FDu)yer?z=0LmE%;InD#38TC}A4>
z#n;i@tlML?Lfoav1(WOow_J&!$I&|lDLo}*(6zSQ-t&K(g%!ksr_B-+q!Gsac>gz*
z*XI-#((&^rguHB|@Ja%MvqUWd0~HKeU^o==VCIN3lm*kJx<2D;LLf~|S`8na0zr2`
zkP)LYs}Vw!x(iSNHx{LAT3%R-iP^39cWsA=*Nflb+N-n{YUu(_>-pg_3?d>THaKr*
zJ&jd1&)&z9ARIgsuVLg#i~-@8oS><NRj7rqPT~FzV!2$|er2Qk1Y)7e1d@dGDC609
z_Ak00Pe*~?y#W^TF0D~3|A21vpT$2a%oJ~X6|wm?5bzp)ue;ZOR43Z+%xlvWe9uX#
zC-iVVf&iKa;s>ILyo9-OS3;ND^TuLOt&?;~^6r0G=$j(ohv_%~@AI<hzNg11>~vhL
zQ@_FKfEgU83d3##JKmfRd=szGdpD8?<!YGL*sH2u&f^o12Q9c#7_R(jKUqjHX5}G7
z@WI@@%AJRa_IsT=aT=t2(%x9iX>(Rj$s`2Vim2#col6GVb3FMA=eW@D5+<gBCKR9`
zh!jl<0dQkphVMBe1fpk_6(i+Hn<Hn81%ZtA5KYix^aGChn}vXJGH@YJ2RtFczveu$
z%I008R6izw9b}+*r&D?$6>hG;0$i5gjID4*%#n~=IKa1abgU^judG3-n~$1BWnW((
z1kxrd3gYVjdJV9tlLutdg-(|$S+``rsWK{zvFX~a4ZXayAN#6j90aID7I~hkm_{w_
zq$DEqnz!Y0heW>@bSLt?1p>tbgJi~}y34;+{;=2J@y9+*|MhdI>)gHA{sf>djnWsE
zxkZUG#C1hVPD6yKHjId50?03P5uSFhpCZ1i3n?uhpA=QY`^8*Sm}}<=oxCDha1;Ny
z_Mylcrvt8p|Mifk3fbt<E0s;oMY-}J2|zX13$W{_rl>^`eHWIU#Z@FA$$<C8>^|xr
zrDyzO1zw|zwby&V7cSECe`dj^q~U}G;A$UmMR}X9HT6<Y_;P<j!lv1dW~TT3ruP@g
z;O?&g9_9dH7&$~wPY=S1PKlSW%^wf2YLqrn2soLLLXFm<p`!}kBVjLtYK4p4Wt>sn
z);P}-F=FoNgk#Goc$F5xRXy8)k`gO;gpf5r$b)TUQ+af>JwqxoS%#>{W4f`qxi+z7
zm)2}2@x!^e$(xSdM$&h7R-H;fK*r><6kz<@hbsglm@cfWzhyoS5qhCwK1~XursI>!
zb2gXHMRZoGufq~t($+H{kr4lYD(rI`*@_fHEkup$xBbXrW8@1FePc#*NzPwpmkh)?
z0i{v+A3ls%xSZ+4&lF$)&R_H(MYwQ72dC-Q<Ee#4@yyZ5)~~Y<?NVrt<bsRZS>+7$
zxPyNkUS1NvXVX1Cl=w2qU*xVP9T)7ZG&g}iov;}S{rYsM0L)J!mf2l%sR0aE8&h*k
zj(MEN6Zi#rn<+>NP|gIta`rnO>-~BGFp0uLWD)||zdmr4l<JplEng+tRjz#o)<*O-
z{AUU3<J)1RwA-ViMMnyi%P|DGbs{;iw?i2-$eGQ?YJ}<Co4UqEP<N8~u1TLouf$|_
zZhb-iapUQH1j#IlKVBU}yLUZ7M8`NEtJ07FQv%@1Mlj#Jeb*b(p|>w|&hwPpmes#w
zqNq78#R40c_4kC7nH%1ruv_rz7rS_ofE-Ynh$5kHVG#+&VE{Dgv!0=K7&p`NY;cXb
zh6W`+KW0p3Yac*JRdmXI`&G@<%L(?aOFRD9efje3^Ic5F`jIkW$JQ3TS9wuCD#%<c
zmgD~{G%y24-!+~VlGNblb&vNM%r%vgvq)LI&}sF-;yD!j+?vh>I!$8{(t1Kf_3U1&
zmMy)+i7eRV&I=pg^)(O3$PgANwJp?;!eo$l{CHIcPfaax$rr3Fwx*t*mJ$teL_PhH
zZqPmsFbpRPo$DYl7f=5rOf*~1P{KGA8`s@m>KRjcbS$#(>C8)7W1H%Wxv>jxDB&&H
z+q3@b403OOU-HotbviaZJpg31FPMaI!Q51_vscdgwx$85qj1MFzs^FVZ@xZiZ|CTa
zj)3l>{6KXR`{i3?{ZT;0)o=Ttb}|6h)R>PE0cvM;RWIV(H%@qO%--a)8Jugn!1QvJ
zYDBZc1&DYycEPAlXB?sJ_k_IeKYD%Na9G*dJJLNBPgbPn3>kBSFZ}~rF+gBxa274`
zto#SZv~mR&1}bJZ;B>MI3L?fN?y@|%Shn|esa`RY1Cf#B8};vtM`Bv?E4NQKK<{3K
zhES41_ab{t_g5AumQ{rGO|8R*h8W>Pq*ouhw;JrXVm}Ph{*T>TK}5B?kDe;hLHG~f
z4Bvv*GwR*c)j1+<Ku(J!z-jZ55DXRfuO=*$XIc+QSx$nskNsx&U^Cx2f*7?sBOOzA
z!0NjreJS1@9y9@z2~|BU`01pq&RwjRC(SWpNjhD|@eChdzty2<MDmYX>zODjTBrdq
znc-vE6e}A$kh1~hi(qhMM%3iTDGn-7>I(zCbuzA|$Fp;(kvYr9V9lx*F=5hT;Hc=D
z{fSMYI^thiYLxJngv1g|wjoJQ4riGyZ1To0Fpfa{y*|)}eKt5`Uzkbp`a?%o7wMDI
zL%EsY8hTAkdUq$1H=T>2ny{(PZ~F|eE-y2-PTm6MF>tf(qQdP)wFTWRrr}!hW4S7V
z7A6vSA*;QEJnSrf5K&Nk{X5$l%(W92&-t`B5m+0KpvrVh0VGu~GwW+aOLtZNtTbXI
zlq_~7L>^4%F$F&?N*L(C2?>RHOPjcGdq4$ay-UD~FGp5hXS;BPT_vZcb{2mX0QrP}
zgqp44*+}<as)}Un4-Y73rxjNnx<n$orVzjQpvFnTqWzVc$`zZ5DmKAINn@(wj}CGC
zm@{QNQH|`;*>!c(Pp8ns<;d@e1k`$~=1ifT^*turX`eFiXAZdK?ZzLo#jNO_GeI4F
z-#^C`1)#{t@mV>K<p(V0k?2D0Zj#K;5|vgDcwydoK=vlMNS`BB9h_8cSK8xK)lu?;
zdhGijtY@R(fwN66ir%PF7izv2$&+1gT6N&HbE@e5!J!7mi?M`RASY~^9RK))0uE2-
zcVc;bL}LOFb9T++S9fy64mnub*dT&H1W**ZIhifqqwmw2opAkb`%x7{LUN!^@dM;$
zM>C|Jmt=9Mr_Xe4)g?KnOH&xe>Pt;+5c6TX%OujR<;e1;9>?=%V1jrQcI_`%o$s+r
z7OE6Wjk&-dBY}8NbCUL>vT~!6p98lQQ6V@vnQnLT90o%3Dvy$r@xw0fO1=s%cSj`v
zMTSy^rJXp6iO3aeO0R2e!s$2?srg>Udn<U6HNwI?*{kXKaPOt^T9*4ycLontQP)5@
zSj%A2Eo#;N;`X2+%lRxgiQ6@PC^hizd^^xbsQHccl@0Sdv!xccvc-l7j0H?s@fW-|
zTcMEE9aS7S>9>iWboyO}#|nL{A)-_C@kWTew;wM=w=S8aR<sSi_E_#lUxXe>JP~7e
zE+v6s@AWTm$Vc&XbjalpcyC>;f<PJphaEMX-tLv^U0RfglrWS^<IKFbZ5ERswVPub
z^De2~i^E`jEkYaXe<Jjo+xKA>u#hA^cX*P;q>SXSh6Xp}Qx-EjB1CFnYbs~cFZ{Nn
zPlFuMkVxW`Cyv=y$(FsZ;e|zzAgg~=af%c0FngqXd&DU5<Ph)y4ScDXjK-c~0rVjP
z=?Ss#ZJ0lT3U$A@%vKyohLCURG{BC$hBDfNp%h?wDol3J;}bcYyRh#UuVh?0Qb$L{
zjGP$1#>LG(W`mtpXR8G(pve$+#g0#}H(K}iS!Waw&LCr=NXVtUrmWmXKmtL(?(XhP
zb+x3Pw3!=CM!QGEtooR!a7ecpZTsf)av6=0cbBu(#>AeL@_>b9V?(K|w14(E!N<`T
zsxvy+4KxjNS64ezQioNZE=ND#WeR#qm0tW99PdJJ=3y~r2|fjCg-14I7M*qp2cIwW
zAkbtWR0wEm+kPY`Bf;_)?WoK3yB4OVrIlH$)z(aq)4CoS8Ui*K9w_f-x9)+E28*l6
z;@lm0{zOY2ii!!4pH20GqrUr~FadS3|8zUuZ%}DiDEeAbT%1b0n;Q6-^c8a4p$vBM
zgHfgb_ncPy&RB$r)@)320wGP6_mf&LOHmDE?1Nq+z&=(xndtjc^P$Mf{@ULI0s6IZ
z)A`L2Ft;?HNjNw-a6mB7Bl(^pte<0QV2fd3dL9*E5s3flgil|R1MSj2m<q$4^o1g{
z99cOVcA7bL1d#_dNF2z<R)JgxJ2d{M2@xWCHzk%H$83>j$?v|cYwJCB7ZE1lQu#PZ
z6?Ne$Ur9T){BhtV;%K3;_;~iUQOD4bno*Zifj)@=F!uXaW8Aqr+<7HWE?W~blLe<^
z0R$nW%dLn@O*KK$v%JCVI*2VYa-ULqxRLNgxIfl@P5r1x1L@f?Row^Kc*1bzKs47e
z0&GujFSQP1!zhsRaO9&WE^x0%JL_9o_de*3_u34laofLEWlS1E<N<uS96aW8A|k!R
zn)e?D)7ad3Z?8^G14s-F*N^w5AfF|=<|^Z-he-_2e+xtW26+yv7hq#dQ8|e3;<=ef
zswaSn$Jm|vmQtX6r@DWhjx;(8U}z6ifCS^C70AN#5V+m!mJVHoT7u9R!v@}OSO9Zv
zIiLUn(Pk!$=mBrOx_a&;%c{+++0Lm(=C7PhZ&}Fygz8=-uLG#{dx0jXuVw1`8Os2s
zk+re^0STdaOfeEj5obHdXB(iDkTI#)G3wjuBO&KY_Dj<12=9{e@{p+Ftxn)x-(k8O
zTdqe$B--jvTn5b6Kq)=$XUPL@o#7yYo;ZFtgWU1+TTTu&68-lAvoJu|`020(#JUo4
zawl^z#VQw*4cb~|m;@uq9l|3+Bhu0)3G;(!C=oq}t-fF=NgD(r<0<f#2wMG7mdYK-
zZO3xV;Vw@a<#{Tsuijr)0`_#eGz|l^;^jpT;Cmzq0GNJ7Io9D7b>t}vJu*COiF!RQ
z7I~|luI)?{U0)O_Wo&DfU(-Tj6aVc^)kK7vb#E?hkQnWy%k=hKDIDP9#SZ=!(=$>%
zC)St)p1-G>@Sk*tTR!jlX#8gf1WY^a0-~l$pe5xjp&eLW{kwzc?Je{JO+10Xq;Pu!
zNGY=mD3zqsFMb$a*1WfZ92Kl84W+dQw<aM&l>4#722C)Yw9vq3RsKKhy>(R7-S;*;
zhzW>ArwT}i(ybsZ-7VeW&<te&($dnMLwAQrNY~IQ-6#w-#B=8MzQ3`a_g(A#<9*ii
z&u<p8#sNNYK4<T<_jO%+ANy0&8Q4Ca@DVvSdon%ljvgjNQc6bjDs9BLC__88s-&s{
z^0-c+#%i7t$Z7acb>MEFg^_>y+(lG7ISkO)7&0MBpn|E<QT(wKkH{}EVL(haTa?YK
zeKue-brn7`0In>%PwzcP=|Z@z?o_&LPX}67flA~{!Js=eqC@9+zdwEQ%kY!ON2_N}
z>ymC`5!_hZu;-a*a284=+XmtzFlat*LE}9-z*t>>Z*#_6)qP}E)X9mtN6`1c#I>@7
zO=2g0&Nb$0x_EnoK{0$GWrVPFZ*YFw2=LSedM|VtmcCX2u?d-wGnV(I^4C}P-*Peb
zt(d0>xh-@E0X?Bu6I@pb{|mO-bigIz3%S^S<BK)X=yoTe)^^~%@H^@4iHzM+k&yv3
zwy3deCNC#D&{8qkLsQmW2{wlqc@}tW%=8U$07hHp@$n7Mk>1`nI`zo=SGqO0q>K)k
zCU{4+m8G)u85L*xGzP!&3s0OTnW`uUmf{T82L##7TjWp9dGR_gc?WLh(LV%Q?hAjp
zNFKGEY_rt)FZ5XR>i6+TNJ;%2V(pgZKAP=27Jv3}c@Obf1AT*mL%-LO#~xd9)ph6g
z!EdnP!<I_t2hAl62&YGWOR!lWH7~I`uyr<rGbQIYri<Hm(2*68_Cr4R_n7wT27ufQ
zlCHGm@EenqoP1~T=XQ%Jo1@daPj*H_vQ;1ymr=8e<k5!$T=Pt|JgpNUD$%@pvNj*|
zIV4CzQj%vzHwgnmei1JfZCj)<B$eI=kh?EL4j4Z12zbc|t(?B$c+L-vFdmRd0aVBJ
ze4A4)u?h12<!uKC_Nu6A0rcfY{Suw*gyEjkD?Y3T75morE#AB#^OHXp``NKvl%ypJ
z&`+>Sp;`^azftesJE=IK*CF=_9{8pit(CNffK8ogFj(~nVnm@X@GiM~yYnIB);MS(
ztPrLT$gq308<HCj>K*Ebd%S3a(%uVgj{a^1X<VtztjH0I)BBe``rH@Kjy=)wy|3Lz
z!>fV<rWF>^2Y@tJWvDlLY3F_3<W0`6feYb3CR5#)TS;uRC%>11hii|jv<ws%>$ds9
z?m5hMl->?hx70TqFdlQUP%P!Jm|k^)fG2lR`73i<vynlz52l2?<lPGW8YpRO(QJ6_
z?(kewaERD^Jy54+<P=lu1qFt-W$)YqLez{QK9#3<pc$6MI=kzORn}>0#Si?uGS~X`
znQ&GQi+*B&rj~)|SOGHRJ2fZl^jZ<@{bZ7pA_VKxTURvm%>R98|6ZNO1(ME0&%Rn1
zQ$vIW*{a$WwXDkxc9-RiQx6=`XTqKWc`D5{708e?zu6EUfXiPOt^mEV9kJo7`$a72
zLEW3X^Bhxlj9~L+S}rR^Aj-|4W&Lv7_WEnWnoe2WPy3(ELxeCD$~qO$Xd_-+y}2Oh
z-x;|0Xtngcxle9Gfvdfam;`@q4-agSkDzFx_vQ&k%g7prq#QGoF5_G$F>8z_+ro}S
zz=HV8s118y9GjkxX?nHG^q$h)hj{V3CMK=2;Q+rI)Fdl%!H1aK;6F~5^l&!NqmWCY
z$1y+5(+Wr$TNTno3=Gx7ZaKRT{gzdtaR5xhr?pe!CD&&i&}Pi0mp+S2YX+#~jN8Dm
z0|3btb@>QY$5ln26(w>7&-A!`9z2OXUP8=|4T3(P6#dF>g9l1mZWKT4Eg%FKv%%8Z
z;t9xaKL@q~{rW^{LCHSdAqmGF!LyLICQ)yhM1Dc9Gc2Iw-!`HweQWYAE-sEp=v~wI
zyE$;~?U>xxP|)0y3+zm=E9lBlYW?fwy2T?b%u`?rbPr}U23I|AiLF!;`@Oo=Yzo$3
zLkw?O((!0ld3a0+c4y`9=@ng7sCH>7Xd7Qjr)&jU5@~m9j+7>+s})QKWWlSSEbP!W
zpzf<!`@miB<$Du&Lv7khn+K$?D`BQbOyAIJJbkR{v;r7VEqZ+Ue`A?V6o3hUKmf5|
z5@XTiisa(AvCt#(P}j9CIa=NbdJ#)}O!J;u%-X~xtuULR&~AW*=VDDR@zQ}dlzied
zkiDk++F=F+zvn-`Y{mWE{f+Q;)ET1|R6AUnqR6^l?!4))RZRcuy%fGzVcK6;K%J9W
z4Roo=owDIG4ZK<=>P@_m8&5&>i8o#p(=8tx=m+M=2<81tqx-0uRO*QGNI^%(8p!Lc
zPypjH9bDAbUW*%uJvvfVfCjd)O_V@GmFDH89<8oC5u{RHwZhoLV*NH5bdhq&tNQf`
z+y<Vlw0B^mq9JW}74FTUm%{L!HB-p@m)uX0{2G^2LLw)}8feed4<ieM4%41R?CU&d
zYZjGL(qJ)SOZ=t`HgoWL6M2#F3}xd6{DeUctA1mSibCeIlr-u;IU^n|C#UY}!OvEU
zjt)QQ{MB~Wc0mEFUXxKy()SOOiDXy<zAHBb4^C^L<2iSLd?L1ZUPdqlh$26I`bLT`
zIGc#iBH^J=azg)l6RB>8HU1>oT3;JwtSame5V+~;H$ZBN3Tu5a4m&s!b=J~j8%y@=
zr2cTnWXLf=NlogwSz4)OTAql_nncZJBBUktK37W-B+Sf@Q^qVt@=FF#v(L~3mYbQH
zm{6%dh7~;F5C}{<vUiH$l{Ynw89h}NHzj~Vu`%8Ex^Dl(z7t}cqsz!wHga_2OVih0
z&KCHH5_aI|f&tN~@dzTfg4&m0DyQuWREUx)Rw)BhVm##z1)0kN6~Xd^W&!jEW@)N4
zhzSGTkDk8VG*uIunN2KpY*pdnIcN^zwm+F@Ryy!J(>Z}zO%^->`^=^t^8I@fc2x&R
zt32|Z^QLQXZL!DVCL~Sx7VN9saW9&VnJOqPZIuvGvEg9Oqh>epk*&1VMziBheAriw
z_ADpJ5cw&y2Pq!E{<{d}krJoz2U*g5^s;o{D{A2-4hKs1yky|3K$q(gro=!5@hBGP
z;7*{kO?cZEt2qZ?=s-(iet(w6`~G~-NVKQmlP8+H?#uK$J3#nMyS`4_eQg8ecChNg
zmv3eWXKIl5y;JH^74z(EUT{A5^M|wN!w5~;7ogbQv4ll49iZz&>&oT_Geev`hGf@B
z{d~Avr2F<22Nzdp-&EF*GnK`S#cy)lx!R9%u4eMy+J*z@)|&UF3D`JUgF%S?iPWwb
zGbllc4G(|7PrkoO1?fAoo0_x3^eNQvSp*3hey^rv<bXoNA1|wtm6L-F>WO%GCq?P-
z0&Q*KEsAcutxp!s$6l)_smZJ3>EyI6`t%@fD0oojRkVMnDWOS3B9Zw0u$41Gz@XlR
z?C*_|n6c`_x_Z8yr<~j{W1TA-$tsnPLGoIj;LV+PEX6TY>d7AmDh=H66#;mu->?mR
zYN3rZ@zl0=v>)IymViDS=qz7OtH};l!){g8-DqR`3aVPp?nSc@76p9&PMwF7+zp_O
z5AYx=>+k)Mhlh@;TH<n{5cl+13`3(VyC_*%Mx4-<&A>}Loubh1eFdHOey~il^tY<1
zJQeaEkZ?8TNF?8BH6Y@!I>fY{al4)^a-(JiZ0m+|9_%fr`$_*Y<OOK|B-Wy>=wlsu
zvvR_OAS!3fu^=b6oZ&p%BVX;CA1Fjg2(_DY`?LeS#<VvF`|w;8CMw~N4OD=Nq9_o2
z2`?h2Uy=#C>6w1v_zys!DtbO#NvVjK7*CIb-o3hs$-<(n{Bcxf&B=8S+&i}*%PV&t
zJRlAUdzI#jV!8k8j#PU?{j#yC*^<-C#kbZov9CRFuv$^~UeP#*Gl3O*%yueBQ&}7W
z>Fw)dvpXYV(ruJoJufnh!zn8-$7kVx!4Q*FHE{0@9;;dMm#B0oOa_LUYFeXX>XjWT
z(X%<?1r-s8fIkqdcWMclzE|qpBNUCviT_}Lnjs80$}{A4FbM+Q^1Vwk?|7!^3Xj>7
z^cv*m;ZbLz*cJpL*xp@7E=<GEn9aAP921>oEM9DQRqW>W85NN_%qO6OU5=oprhy;o
z0XajcFK<{M7bavtKcEa|QRh8k+{_&0s+Kok(4C}i{+n3(_g`4M<U2r~4mMW{lZ+ML
z0M$SN7Zp_j$Kg;Y6t7pa>4qn+DA;POx7QW$m#tv;q<06qM$7xB<|@_C$jHT3lF-s^
zdSP}l1wNFqW@2E}N40EkqU>c^jIyXzF4c$&R;Rp?n_z(lwW+@7wC?BE_vX`OcOWgJ
z6GVPD&rG0gZ)f=sLya=pDo2hcm}lJ|M8k0syRDlQpZju8>eYJP`-pP61*xz=TnEUx
z2;=;jFY$d=9nse+I7-9AZ!N8ZwGeQ~{Tp^#+CkT7lt)G;NliG&w}zrlj<U>^Wn>0g
z8fdmk-;P};A|ir7YC^^^IR4QB=;)3XErv{SHiQGkA^w(gX=~!YVdCX!3DEU~c_U79
zA?~xSE~NnUW<-SQJwrwd&{ry4`!a{g*I&ZmS9f7n(;WXX#gY=U-I1XvP(Dls%ZSl@
zzTpGq4P=}oCB?s~l)0u~({-P*GE1%_plqTkrf?F2R)YU<3vt8A>a^tJI!+r1Q!xPn
zX0Z7CXE`%n&$q-*IWtpfeGNdkQ8s#SQvV{;fBaG{#$4|a)ubllJqp1eH@jV7>V7P-
z*hWU8H9SEtSoTkOd0aNK$HsCBK+TlB!voznlitge=gev`s@mVH9|2)$A#2M0-=3sg
zCA9o~gtxyWMqs@>xJal23nLVIV`0^d@C7%!DnrfdkpTszzeB)0-4Rl3(~w*K%3o#W
zf&7J*5j!qU)B4#<8!7pLw>gY-yHBHG8PEDUFUc7V0Cffmv=W9&Us}4~GzC(2McaCg
zqaS6T=dXjB)yJlnW!c}yRO6>rz@j&5Vxvpc6_b$TUW=5SzLyT_Dys@yk(PQ4(QIQx
zZEq1juUe;jlz&<PWR6&qm+i%%(X<)~=<PYN0n|{36g*N{$0;CeM?(W`Z2S4!xDfOC
zDq_gX$M+Y`k~$$iwDS5HCgpyhkl6<~t$Y})wDpsGa+7In&W1+Vv!@w``-knMRgP75
zOYW}t`>%H0Y{4qLE@;facgiW+>CC*a{I=8U8N~oj4}o0gCyStNRW99s=PXK4x|Z-<
z8Wt9ezeI##E+#Xz$2CBl5mjn|dgZGA%O|6e4!fhv!1IZfB>$7==n82vzX#C<Mntu7
zvESJ(KluigUGu;VGEP~FBZANLmrXT&qe?Gzzp#a*LoFYPU*W8s<2(Zy4Ba_}iV2nT
zqND)(H3*;z-ZxHwo}7U0CO?NAVTt^19tV_DsbSi-lD_`WM-NCS0ziH70vk@93o=q;
zeD>Br=3K^)vnc#SUL2%%F2+meA3Qd<yI8ldAOgu!0R<nyj3}!v_p@87+g^$-#*%Ti
ztn*ejYc7-&5qTI)CidQ)!WRG6lYNKMy`c`FI_l6rF#FPm-UC3u8-LUV5LerL4$IGt
z1Bi2SWT&$^Co0)hQ%9E^Aw3<#4FrpZABR2)`L|9eP~s?KD3-o+{mlfqI%iDctwGO?
z1}{{2QdM;+Ln#vNFGzsDsO8}=8QI7q##)U6)fWkk2G50r6d8AvVqEQwoSnHsQ|f#i
z2<^&1=XBCZ%AIKr#>yj5#M`xMCJJySQBTk40e`^zJ-~l-3kWKR);C&b`-r0jbTA;4
zA4MiiE*#FDYH>Z9Wg7u?ttyUXX0f0ioyHjy_*2LN*c{Z72m_b`t$KnGaW+uS-MR_X
z@NZUOpWNKgut|SnGcG{GfKh%<sdIw(8?+b@p_LBJwo~wT)BlczBu|f{*T^56&`>jd
zNZLI$s()d9M-c%S^6)-F6W;~4;F*UiV0W!;$6`v*tXFULJV*y}p9t?7#M;6hQc_ap
z)6}#bq2OnjmD?T-gw;DJc_Mz3ClShGgd#+K?;XN_n{N(}jQ9r07+B<f8N3}ZK8?cH
zvyZDb7UbIF`L4IE)B*VLvXLDv&Q~LTP7|HCLX)H7^+%BOOFO7<!-~jFHUCfzH9VVB
zYG=joz!mF7&r~$wigX=!f+~P$?3~ih9&0ZywSw6nO+_IW3Hc}+v2X3&P-kmeeq{&6
zsW}O&tv^hyfUvV|+ionYUac>nxMZ%UN8<_UtHj5Hr9M|(c~zjJL!4#~R~EUmau0Gl
zEVu*kB+sqS1#rl@Z#fVa#uCrmj_McEi~+*q`>VI!0?s8`!`{TgRyk|vN=Y4vx+XRz
zo@%Db$_5Wro0$dldWmU%J$M^`MGAycw{ftT<NUf)+ZIzTfodY%`s+vWzVDRazFR{~
zXlU~6txevh6frbkbrjy(KKwo;Tuv-Lpj*=~bOkD?H{#NzNsyMXHo;~*CsWgGmHpIb
zMuJl%OV#s}EANPIG7?<K?@oNF0ic-wC68|*KW^CoFF!Ax>#hHYEn*aWmR!)x$V7=H
zi>VwjhM?e%aXb%nn*$c!+E(}!Y`{e4&;;T`BJMKbU{Kxn==SyPijWYKp=t~WSa$aT
zaR>esmxMEy$|2cq5^R!JYSG7v)>*)NWPwEdC%*RNRf@nGD?!Yi&7sDRuccP5dAd6q
z%9yRJ{+=8bS$r_m)z5;HPR8GmG777AH1`FfF5@EY$eo^91To0jTDrxqK4vr)ejCte
z8U3#DR6C}oVdk3+r$BQ<l=$?swuM+?qt?D=x+lP=AXhyDG<)BKOpfa{d9hZ0mTSLW
zFw=x0iaVWej*g~DNTOkSDs7sl<TReseY}6@20>3prNbKcue?s5dQX{{d)a^rp{AZs
zMu4@8@m!dQnCSBhS-dB`J)-uKi|q--k$yiK_NS^$j1KSDe^Gvjk`(ExMst-D^)|k*
zrMh?OLxC8=-?L!j@~(nsb72>NGbSy@1La;E4*=;X+S~!MO5*JoA>cP$`tknLut*~V
z0A>x$OE%7Bi%}Jt+A-ZHQ*t#L{@mJ_dBg}b1R(d%92<wr0#Fz=%fmZiuvK^CD~I!a
z5K#G}>HN`DTx%0!>Cui~a=Jg?`!)9xF&^CH13(cb>hd#z?3PqxcJS~_Hpk9hbQFNE
z+FJYlJUvdQbOXlKSuQC-u=YW;UL7qPSK8x#!O;S$6DD5{)zq-kOfNj$-Y%GQ0<F@X
zf~@wZ6L1<p2%?s6bIr%->bz6#YJKmPS?PA*&#5YFCWrI2!&9s63jYLb$k5j*g!Vm}
zRoK}ZmB9E;cB3A9VQ-|IrCWS3(!8fvf9x@h@Zhk5KBZMmUsQbOY@g<8t#<Z=o2!ar
z!RXe11~9K_@|)j*fqO&2ecgvn0SBVC5_@m-HK;4lseuMD@36bg+^?`4x((tgaYq#<
zP&l*zU~Pugd0E{bZ8sv#Sj^@r8DdKNTl)#xZXsV=YVp-MTKjt53R?o=;I9I<Y}(hX
zR!76vhwR9p?boQ9O_)8mfJjFT0{K^e1PfN!_nz@RpfYzm+#Y+iE8rh?5d<XiE$q+V
zzfY#{ny$mSO0M@)$Dn-M&;H6`{${RbVc^7hPIz>5pO6qJ7I$~Vzj3X?dhC8xm0At#
zivEpk@GsFF%k3k&pl8$L5vP#`mP~bTD-0J^aL8x`6<Fjzb<Y1=Lk=`fiRQDP0$+Z*
zqv$og4Mdt=xho%Y*Ll7Yk)}aSxW5wNn>y8^7U-Ms=%=HjqOh#2WB@%fIU;VbayEN^
zbtTO&jIbkgyEBGJeYvCWmifF|+2PppQXGRRjg<W6A!LGA8z@DCK<;iKI+6=}_UC;`
zZ=d5`(<YVSu+yRhn~`CFYV*kk40oKb-(z~DWo1Fh4iE$^{BMm&3Z@(GK}ycY$tNl;
z=z+@*3E@22)A9w$()R?H_x8{dF>Y^R=lUPLz2A~h@-oJhQnyd}*4Nh!H&`QSl1IkJ
zKPDw{f<gwGGBWJHvc8*urPX(QPO>wPl?y=qWzhw*2G@&FLGb~gR;=C?>;TyasFd*S
zxVzZ`ddbv~;gWC{e7qFR$-5vvL^{eG66J5W$N+IplWvM=+vNQG=l6p5_g68Mlt$i~
zS@{B?MvTV&kt0EgQm+*qP{Ut|e+2aBpf9ULvcl&nPWZRZY541FjFkZc17g<JWY*TN
zU+n_f#Dr(!vIlRC=N|o-&19!gPRLRc9{>nK+F;}Fdlu1x27j00R&)oJ&AwY8hELTa
zr{u8GQCEQyzBG0u6T0rDW<j1+D{GO_oRdds>Atk)HG7|&ilK2Au+Ts&u)PI(Wz>KQ
zS=0njpyT4EJ8!JpKesr1i9<X{o+A3~YGBUOUqX@jE!ibkg6zjHgEH%l+*#Pyu5DI6
zaenm*uXN$YYlZ9BPw7$(+l$5nZ(ti@yuwp_Wibq+rKW!Q@R~(J-;6L<-1f7CrYEE)
zjROwF<?Lpr{kDFIz1uGRif^{15Jj50eF@yoTV33q{aaa=LOSFD!Ccc9`O$5h<}d9o
z8mzO7OV@`l8y(kn#uJhx`?G19&(ofa>*VuQT6URMZdR_P46-t+S<E(TgDF|yT$o_>
zwmBIK8*aRN@M~>8t|uVC%<=r>jw(E6HqAJ!=WtZB>B1|{{dhaVN>`4?b8P9Zg>(Hg
z*|@@SJy#JmK$C5a4PhS7WUJ4eNJco0?~^+A;bTU{$LGs8pX&)Toyz9rS!|AFee9Tp
z)w?C)dlw-s8zFza7V2;FBroNw-gSZL=6s==!tZEsS%n*1+^+0Ryq4>k5Mw!?ZBhjF
zGcezP9w%QVRP98}CO=DHen}7{Hm>u$WyX0=w|X-cACABMLM#MfsJJu5>3AX;HNLsm
z!(e*zu&lxsF$2etkUF!!tlk_f%8KXigE4f_nl%*UP>>c6Vm<kNTy4>%`jKNf|5a^w
zq257plUB`ln_1cv&z#G~`nU|eO4}ioLTwJtYEr+nd9}+zFHeE6evO%}9wc@U*mOIY
zk5LA08nP10TlZ=!rtfgLAdh0;*GX`!ZolG*)j{B^MtlN-B7#1WwJ8GF&rCh9i#DAt
zLgq_VD!Y2Uh|zLwGtcA6tyMzKh$z=*Quv}D4ifcrB81MY(^$v{r<o!X<MY9Q{nDta
zS!3L69&#eB-bfIW>D!pMR4dNr_tRag-99U<Z7Sh)<x#r3#h){^Ig=K`=VDGJm9JS|
z*K~453ucGfVd>J@!iXKm`IwbSsRkYa$>uMz&ajlhcw~YM(uEo_Z&s->3bOHQJ?-u7
zTR+V75KWl=g0`$1d)#^E&DGd1tai2CEsj)Fi?zfeM(aC$H)oebs$cjStox^wNnB^>
zhtchDRn#D%V$&Fj2~DTAd1uEPPlDRhHxcm7NS72B6bfNLBrPMOZ2xvQ{8HL*ph;8<
zIdBuXJ|z{QQVFfGtv4yrj?-5!QkxH|TR~O3Yhsm5R_wjaB(`_tAzO{AF0!tIAh$+z
zTU+19KVQ2mHD|FGh}JSX=y^y)c7#SXH_N_%|Gv&^-^7+`%QPTFFpVmFNKB}6vLU<S
zU9-AU?A<yISrWwY#4k2Pa(>)E^F|fR^IyRfU)f~YDJhHh?bkkgM>DAP9#CAgoz8Fi
z^nA`S>xr?cA1#u_mKw%%xi|7vQFK<Q6X-w6F*_y?mwRJ5&CW!zu(4y?4TpT11UXaf
z26R@GcJj0uSLb!My!9*lcQktq?@=-APC2{;ttqkYKraiUfmPV>AGsFE-$_Qgf?kTx
z``k_i1z*hZl5D455?b_(C7n5~2wTn$pKjB!u_?IV)b}s##mQ>Bm?P%5WU_4k*v-D+
z8%591Y1qQ&hXaYv^{@610-x^e@m1=}iHrL^lS?X$ojXyu6OiK|>t^l3Q(@C-J1cAu
z@1^lO0mTKYGi^KxRodBYY#E@Ywb~UhTi6OJ_EvGPo1KZ_EPLq%5`n&zQ4W|8&4JqB
zXkT*XWck2~#Z^VcHofCEi&JmUZ+v*~Msw!3Mi>8#b)=W$6n0>k{Fmk0IiNin-f<Dk
z6jm>0&*|qFFe3s#7#wj}wea%~Cmtrp4XN2vw3(<u*hoYD+tRvn%>{pdcW_62WbI8U
zo!z}WVAw@gdUo16xXm`-@E75>o-3-~O(@WX9rf%QT+b7g2;IEAGvc_vujrtwSR~ul
zb&;i#FQ^(6ds!5IET^Ufl`h(uXVS{2j5&Yi-vg`CU@GG$)2g*B6rU0N!E5+2Gr0Fb
zDU>hTRSR}Z`9i-~<J2YDiD~yV@WAe{F^pin^#?otqeolLx|01?Y%dtJ<Okw%%%C1=
z&!k4o`bGk3T&ta&{Y9|}Se#K058%Es9J}Gffgys6N6FM{dtcjoyvE6o1@pg7JfgWI
zzms|{RY@p7;s`FVGqinkuaXqG3OjH@t@|I~aGTQq_}jE1zPgH2?IjhYcx&d3lI>K_
zE)EW@6NSKB{e&)lqaHT;58H|cX|t+Vkhj!sEG%ZY|EfHm_3G4QA|Uol6GY)!9%3q2
zuKVjJZrvU5W?iFQYYc$L4K${m>a#%WV>xj|L31AWwU4Za-x&82MzXUBf6fh%Zg2QD
zA1Co|DLU;9E8?~d${bwgv{ujLz-`G26a2yun2%D18SOl`$0(f4=cjD0BC1^4Jt^Ur
zdd1V?vcpwLFyrc+m8s+}_R^GnS87z9Z+^LkseT!5%GPmP@+!_eKZgqAR`8Qem0A`1
zg}H0+JMZ*VUhId{&2pU?T$C(xw<q(&ZLQh4@Hj3EKA63j&(qr9`6+^EL&imN&uvAr
z>kl0z!TQEE7dtYe@I3c7xa&L*+g1l^sM$ZcPH`iUwes<(=8N2Qjk~1C60b{>tOzBj
zehM%$U_6$0DUl^d+x$^hD3RE3qDUpB!=An5E4lMNlM7(bf-&LJM+G@_!&t5?$7}hO
zS|w~KEn<Gt%nu)~As3d-4*PHE)BSp*ROGpR#Nl~~xEKGz#x`K{=3j>A^Sk|_9^BWZ
zZWLAHC!3UU@STibuY;2pWzFSXX*D7eE)lk&@n)mxDm!G0k)t9#RJ<K;SBD^oggY1B
zZICwAxc5b__R|@4p6zSqMj@B@hYufdZuk33=Zy(<8xDQAr?2$#rH?K7X{sE|wFFi*
zX?<ylNDq+fpuuxf33hj~V&tJK=~DKsW!Od{^2HwUl7;H5ot;Ih_geH6)xE3e^n|P6
zDuX_6c=(=gZsC&mIgEy<>m-2IZa{IC_5ssos=-q}Eyv||wH6}tou?{XO;vHIv%=2%
zaxp%Fq5o9+%&x*T#4?{!QTci2k|W)Vsl;y_!kqc)s<WT90s})8RUBJezjlOd(zlq7
z^b6h+pt!QW3_TR%v{Z|vCZ8y8e6#gVsCtBl8-MLs+amA&!-AMT5{td}RDtq5s_Pel
zXB5&Icah?a)Kj=ob`^+IIA|)pIUb~-qtkG-E1WqxI<r_k{7{WvC4_Vov1(H<jTghG
z{f)tQbIBz+lG<jXLN-kJLMhp#d^d^AFRhh(HqxxN%yLgelrdK`(hqId5>GQ4`FwXL
z>$3ZgF7)IGgoQaR@2ACc=3A{5HS!V1Dl8j~7OCpqB^@0(B8LSYa*JDF-@#Q1S`As*
z+beF92xXY+^s@VF+#3SOh&T8i5@&o;4lvPAF%;UOw*kkiw4Bqx|A1NPIqsF>$`vy*
zX_J%Wt*`y!s<+=>Q{8O>WlJ;C1Y2ery#;~HKd?uZ+ZHbgHBmYIFbqA46r>Q_2&>tH
z9}hwxQ8fB)V<Eo-=<^3Kondujgof1ocKf3v0{VX8d!HqhX=fRw&fFIVX!6u*9p`nc
z(aXWK^Y&5Pts3y_TsD)M1)h!18(j^GS;rrcmZ`wCCULk|$>M$>e$;#tk#$gsvSR1t
zl+~`<VJOj&+ragA-kmE>sy`-loBv7o*Rwv<=>7HdmZ+hjJl(US*J(Y3hhmG9=j3-5
z&J`2q?Xp(hD3y)b%&0B@*MnQoaRvdF`YvZ6)uKu|mo<y<y(N-SxDku`?K}PDIzVo`
zvS$Zo1LNDwS@3KgJ{pLc+FLAll1<t{H6{iJ<Lpd(*Sv1+&Rw4naU$cHj)+jMNF(w_
zB{KhYSIl$e(ZdQ6W`bFLU0q!c`8IzRyhP#KJm1Xj)^AvfjTU8rg~Rh=_7vZ~K(8>6
zh0?Wjcx1=D?vwJhq&>^={30&qgv~Q6R`&5EA<t(if>_Q%`UyoRWDtlL2u~m;W+P)s
zP#&@}twPJWityDwPo*F)ouVYz5hJJ~dEjJep>U<QIhB>cTe;_dKp69`5aZ7^K-T!L
zh3;$eJMXC*8%K2ry(lk$L&vhRCh<vOBJu-nx&Z++*h@)!tBw1gc+VtbSewq$UUv$l
z6w9i6;6i-T({~^~WyoG^JIij-<8H&!T)o#ev)q=sogltlUm76T98k3yfZqM*Z1xf@
z4}`3C&ib_Ky&N>vGu}`qN{@D-D4Dk`6CdFOrPL<=9bwO3)HM9>=Q)lKAwjmN%yOQ)
zJ6X<af#7JBtBoxR#FOOw$D3Jhl<USiBE(~Of8QH~_F5>U-(vhOc}6?}PRDW?1v&$C
z*YTl$tdJerPBtFQYsaIn!4#OQDtdJ2*#144ZaVOvYhA#=kbtalfVzUA&d^vVPV`^3
z925CH%?OQlVn+WD{pyO;Zx#FV_Fv!oS-^S!>(#P$-~Rf4eF72k_o4dlPxg7Qll^n@
zKR@vqc(QQ&zkkUi)LT>i?~iz5N8#Gq#e!F#sOev9e%&QMe*GSGempmgsB|DD=fTUe
z7-(Xs7i?77I{8&Ukf+oh7?GLgBCBBdGfqj6^6!J--J;^T_SgG`#D^4WQg=yT)6vnD
zyy@331vMrFLEy`}>H~`KczsM06NOaL(5T_7u*y=TvSmW@ouN<(PXFAPe*5jeZ<{CQ
zd@sbzq*9A>Z%6)cWO%-(j_*dkGQ4hjYrjO=MCH-n=iX-y{`>xX9K^E*1Htq)(G7X3
zS!SID1i>^?xc;L09tX<A<NpkT2j;&ocBn$?V_A_%c#=?LCaFZQdL!DM2P)RJDUPZB
zxgiK7<z>r*Kj&Ht28!rdC;Y%pHjqrIXpaB$D;`+jF{58T&;sui+s)Cm5U`I%u}|tt
zF$%%#K5ggCAUi@Czb8_b({;7BHAgR`l%UW+J=Yb_tjV3)P<+Mu>|HXi#sW1sdO|f+
z3p4+&6}WQ;cQ^~v9WDzuwNz;i#SxwIrc(l5Yxo;wYyxU5S5NhLUQi{X;&Q%F>!gj9
zB8=POoKE%j9W~I-Ioa(}Rw|+yk?(i+spG4)D$`nmK2mxbns$$iap5ZlPR>4~*{Leq
zB5@>@F$gyH6*9f9tO_qrtZb6^q$2oStTUP#>+{9RK|eN}!89txv#q_mQ{MZMO(-|$
zRc>0oVn#kN1CE1Q?wKlC*SDDrs`<I6`d-E4^+$Q)$b6E)YJc=WED`y1e0*wF+}1-M
z><9@@8#EczZV%CT!g70V?5J|5#~2#PoA*@B#$T-**A_)%^H-0k#vUu9Zy*U(1$?5e
zOJ5erM72MIT7K^L@9byWJ$scu2RLm}Hzus>ewH;^&X(noAi}=1KPBfO%h~}3+)2|+
zPtS`oQ!Tc&0XBY9YPh41{}AaS3@bR^sm4(QE1Kh>d9WS~^(f4Qg>ph-w%$1^++h7w
zeI9I}M=Yfj-EB~JG1h9S(Oi`ONqzXoiSm@oLJ0xug>L;3*}iK*x*n@4gTKYLXPXI;
z-`s`$dtAx@rL|BSM-=mTu2yunv`o3xN`9sL)l%{75&b_2y^jO_zotm8dnH3W=gt$=
zVm*YXCxT&fqA0qk3F?zAjLJu^MId<1m+i^M!oi86zH#f;MgTEuJ>{U`5J=5cfaOqc
z#NvD7Z|U$lZ4PQFQ`B_|xWvSB!r`#k&^m*z6?f<=<5c-^YCMN+YCrjuB-F3rHx|#)
z_LLMrB>ZG@e~%m|tJ~X`XxGZH?B;=gak}#ZO$b8$E90i7R8cG0BL%Rjt!1vnxLn<3
zybSVWgmpvZ=Z21x>vC&70*<<2yTzc6tM2by81==z+o<tiq}Y!8#?&=I+bzU_$Yg<<
z*l1p!@BCFdu<odK!{^oNg=9sb<E_QpD?Jka4U4SIOoELW8|~`B?^knA5|~?dzJm6%
zLs^(Gt8dF@c=+U2wp$ZLS*H%0Geuc`I87=$(-j=m{=R<spwYQ4MyK44)&}V7Lq|>5
zwKKzMsiHoPJ+-w;dYQq?+5~SNw~nGt5+F|T48^rMTpD16HWmYKQMWkNLn8$aG#atu
zZ9Xvfao4WjaA-Z8J7HYLGLU_NZ+Y`oo#*;}O<keR?&vl|rlRNF?Qt3S_&I!%6;$2{
z&d%s1ZqW!dM4Sr!{3*XNxR^oWHjT7J-2+7@I6MS7dVd^5OKop)0pp+dKIwT{G&*+8
zzblA&DyBy&9FB!-X39kG#4YBR3<kP8PhG!p;|2o_jcU1`N9RnlgFn~iOlipUb4nt?
zUL5X@PTKW$H%fvnouV`3ZhlU7Fejz~NJxG}zT<OT&Q(%YW<S1*SpJnEeIAz>EdPb7
zlP<!~plk8B@VJ7;mC)>Arp)Zahw@e<W8~;$W82y6c9B%ZSv;qwVUdI2!SeNLdm|{c
z?1)kz9c1nxV=5_;rtuO^20O6Gy3D_e1Rfhil3<5T5b{UVHp&%}xW7HL5fj?YcqHCq
ziv0zE7LuRUf5x$|Rt;j|bGVE}2^=@Bbiil6g=jkOPMNXjj~<8!A}4s*XVx8Fq=IPW
zPhS8w9FXGVO-wuj31~#-OYPKbxd!<wV#iYI4G>is8kUJh$Lc{9iyU+uR%mRCiyNVD
zi(Ux6Xe)^TR$DQ=?ObU-CP}3u@`?86PvqX}4sc2(Zg-t(OFn+k{q~inR<EqWa!eAS
z11#fbMxCKDN~N1O{ydMwEuz*xempfXPQajocxtNt>I;RJN9gou&%MxEQBWHe3(%4<
z0oUr}#M8jBg6T|z6<01SRxTn_q9bg$kcyUWc2S{cHH0&_nf)bDSPGtv>NrfT|4fvL
z0LbE8y)9=Cc}VEcrym3B6*7<arr<X%K^xaqjuD!70~55=Qsp`FN^k;MYN_JpgFG*-
zGgwg>2%KlxEpt!Z7w`3;GpzXHk09L|-p&Ino!{nIUe+s2_pLP(MjENU1TK~7vA(`C
zebzJ0J@3Ql)4F$U?(u@)fht}$w6o!Oo}Y?Thtq-i^9F4F!u*4GYAG>x?uXT}fM@fG
zdLy!#)!5ir5*o^IGCx%P1B6*3_9egpb}pGsrfV8W4foHY4lm?;Dvw(pRGLpIG#8#r
zL>!b~?yVb`o_gNGwHh`m@3ZQfw?y>P(tZ^#4{s|T8P>mwnoTa6ztYOty2YQP)_js)
zR4abiP-8||J)Xo@)vwyzbJO@1RqWMeHTA|>YivB#Tb2u?eB=3<ziC`*>PvLsYBN{W
zLl#g<Jst%A{CO%O6Ktk*QL%lm@C^1bo~x+1kpBn|{*Qf~`aJkMyy*_lmL>U`R;B{W
ze+EKm0-mT$LOsuUGGEXVnPBxyleNJn^n{R%tiZoxjy@<Qg(5|ugXv&n4ciH<+yMhl
zJxKMh%Hlaw%1#3{v|!do9QLJW)m^n(fXqg>S3bj49H&vOH4fwZ#jUU!Uj#K+JXMub
z;;rP~d#+>=CQNtK1b?Y<LfKZ^XDs9F3vzB%4(Hcp%cX1)*hXc#2<yCM(Pkz<z_sfo
zJI@b$#M}=W2YT%@sF{JHWz2TMx~b_h{*~MARZn2^;b4^J*-jWIp9i&ckC%4VVQ)CG
zUGoab0iUFt+}MPae7&wH$WopOa!r$gR-gpA^%67GQfEgf6VqD1yIZwM>>L#zc=OH2
z*8S4(8R*iTWviiuT3pe~IDTH>!An6=9%`4BV}%}IS)Dswka5Vj&NCjDkt;2wbzJ+3
zMi>mm#K}hjg~!)V0%{Bqpc4oB#Y6c|xJf4g8poQkT-Cqx2L>3n;=Db>C<XB0IAw_(
zelqvXIQ8Bajdl8|yd$&>6(TpJhTn@y%zSg8;f>wGo9KxthGGvyS30v$v3b?6n}wMe
zhNX<=jr0%dR$8j|BAvEI*<$t4t1+rh&UZ%^K-wcQNws6NG&$?bKX?wDM#PcO=pXWG
z`>Z)(!l-^7+&-hJ9pxPPgpoMdaFeX_I?|tp@i)_PlFZjqCq^^6=OFt!ZL(H_v#fs+
z6j?%C{YXwe`xsU(n*Fhu>@5qot;zt-vySg%>PpZ+>J5$FJLSFK-?`)gZqaQ_hG7!<
zvzrY^Hcp6p-~g}k-_wph|4&r?XWI45vTUb{>Ej7BIskjFFj(S}8V=P(Rk%*>)mgu!
zl$un=$;p}KG>M0u<WsNZZ#?|1Rqdtx9+e~u7A(%#&M@M<Uq<4q+CtRSuOl4zOaO2n
z;V{}#5YFP+S~?M#uas3rO;1PH#n?IHvj4f34DbFzX>T)WHTs^F%H5C5lAP|kmmSSB
z*X_i#Mr48|s}JdY+4xFbcTPXTaic{@E7mPos4;OwnKmbT6X4>UhpTWrb8MAk7V_SO
zjp$e;d)UD=<<-|7Z0{4XBz_*u8ZdR%CoLi!HxDfewVTCKylN#u%2JOgtN~L6KxF{s
z=yPaJAN$wrVEgbV^?1pvRG5!ix5sVky7I>L2T#{=dabfrNYT9xWghHZpjE6KH*y`e
zq=V0B>feA%c9irum0I<7KQ4seBpF9EN1i`t!FHmgs8(M~ORH!p+2MtEHgKmJDy1LR
z7WBMC7}VHe?@<WFoAHj9m`h5Q)Sd%FU4>3_^@rn$e)y<TZ|VeMJlX!1r7;^AwbbIG
zLB102n~2dYWo?J~Jue+wmf|ZH_#Ddo{plPvI)B+5&#9mDGV#+(MCQ8T<eiMmDB}Oe
zlm54ZnOLGl<i2M&KW>(98dJxP#XBVuEux_I_D-0tn-gRmy%IXrqLu4_t>{>6;7-1f
zSLAI_D*9rg$rqWJUZP;O0>D+NUw3k_s^{aV9VYh#Hn^-Swfa^@SoWGr0G4dhBOsn7
zjUR2#Fl1D#5c@cDu`Br}|IvvQ4fS_MCMF&5L~=nay$MrP2cV|Z@c2A0=9l@auYzZb
zoa#F1#m(CJ`}Sr;Y)9XJ=q%3K5ilc$SG+eno?Iycs-Px>WHM6`v+;b!sLp1TnwXfl
zy-6=HgAVz3%F=&p?MH^jUxx1E&<042z7+t?5xQNG0Ak`OO|*CX&Yk|383;?nVP}Wi
zjt;HvhX`2`{KjN1?G0p4NJt;9c9q3!!yu|wj+Ja-&#imaL8^}g(YvxdI%-Hx#lq66
zV>^>-o4gWV6CCQc83iMHhlt;%?=NmBNIBD;nJpLrKqifp6_+)q1kDa&>DtBGa8RG;
zrB>tI60dxU)G&;ad2lC#a*X^~C><=rU#Gu`h$4_5oFf9g8}ZZ)w*Fbw@7?}8^Nga>
ze9t1a2{qt9tq(3yCmIlVt~b^@v^Q2TpNXOsu#pSUW=*dus$W$qPTZ0-uBhE6;p!PE
zHJZfurp1|0c%~!fv~QnT>(RC#b3h-LFuR)=KLr*^?O0rj9u-I8kP-n>_a)WUGAo5r
zx~E~L`nS~e=2!=y<2t;9IzpQdsiQOP2$|Vq>vbpe9#mRMM{wE9EvngSuOhX|-8qpP
zh<2SlzCI_t(3H<305LG{JKJV60kH&4^tL;F-ub_xl>fM&t*hDmPrVz?m^Sa-Pg)fz
zdQ=M^7NPbi@;mNs#clb`yBAs--@FwW8HwyYuwwvj56zBgu2yLmt0FB`r9Fyn%(HOC
zl8zO_DQ5ZBrdS0EB6gc$xt8P5F^j9T?Z<Hl%Rc<aht*n~urumvi%5rV`?$JlMbQDO
zn_j<9pA!2$`N3PaOcO_SZFLlYs<Yn53Lw4Y8s8EAs@sW<?q9T}YsPa~q)O1vB$-`!
z3?V<V_EZ*uZbr6GT3MSfOEo$#0mR(564RFenvAQ}c2`)>Y3xi_ap(`YOiDxm5M*Q2
zV$De-$640FebbJhRzB|X;wSzpbe6A@TI$!YJGLW5GW|oZNJrsIrA-zV&JJ#SUTe3r
zL6{eqp8M~qoW(s3nz^7~((N;`^N2|04(W(GmyJvpy@WK%*n+|2##^f8;;OnHit3ei
z(@KCOy<pkR-trGo1qr`x2D^~pn$zUYMnq;Y0n1RT42x2d7N>Eg2FFEdX`R{jqjsTK
z98r+{4R$c|k3M0qIa>cTgl13F&VPl0USnvo@-E4sHWyq~u-;{CF#Hh+wCJ8a8^bY>
zBXh|SI<*eRl@Nzd-`GLG*KS}Hez{uztk`LY$W~>SQUb9$K0Z18%*hJg<4ewA@SB~F
zz(J?9Q{M6iE2Gn-k5EMByW{z^OHY`2dx{l4Iev!t-7U*O8p1p;U9*V-&B&W1$NO)j
zhPU=S@@og=!k5YD_r2`|;FN?{**I+qIk<(R*-qFFpL%~A0y=lJK}z)E_q0CWyQg}D
zj<#?{)-AJ}QjZ?~tlX|vZRa}z1666;MxZ;GS4eF!HCn25I<8fybx@2W3h2}5n@3wF
zegxG!GZ}z)TjlGoyQ@7~?BZO)#>uIwUA^bTSiZT31c7~7?e(|ng{R!(rK>`yT$0fs
zh3$YybOdxbP}ldn`fLM4#`$KZ_s0#0w3-cqsH4~2=>z{`Y57;+VFqB<Y_w-vV7%1@
zjL{TnS!Xoil-yG^&p_;FD!|o`6JB_-WM?z=lj121y4vG@khM{U#^Q8kxN&QB^gS+=
zOZ%fu#%8Jy(J{3ig7>NM9tB~(OBnX-(Q_P8;qycIsrzojJ!Eg>BWhlW5HfUHw*vUT
z9(g7Ek~PKOUY9HP?ygUd)Ox3a`lrshJpb(82<kqVSrf@v7)S;{G!ODh6%-e<1Ni_O
z4zuoM?5X?z6N@`7)Lf)f*hJ{WE^Mc7=E5^t<>XLlGb=D&wY+RB>$aKoklgzy$j)l)
zFaV7`fCTL9aPub@pK(ma(DV4`D5tQ_6X&59)jmrd%(bFlA}U}5UVwui^|%1wM!ik-
z<hg2wIH!~nGGCR$>8B?}*g<QjK7c~nJ#=TbvPuHAS^t>Gf=(wM;?LWaLA00s7-`1v
z?3o&_f16E$0a0LZ;20n#H{#ajM@tfl)K<C|BQimXD0tkBstqLsQ?;1DRQ?pUB|F|_
zdcgX-R)^+U@=zCyc56*v4FF3Bn}mNeb<-RjXuvAUf)$-cYM+8&oy%r6ZP7)37=)XW
z(3DWV9<UBnE=;$tMt#!^74KZn8W-*@a`|tvHo6*6W>rSjyD4n4KsM25Gu^v3H+arU
zNRLRqNCvYU@FXCz#ctg1Mu9jboEp@6tmPY7l;lifvn)T|S|cJR&MJMB!+7*vs(PTs
zR(_-^3FZh0N2mS$p@#@&K$qVW;LzRkK92^p@jL!7klhMIX0kS)N@ZN3zRH=%1tgDv
zH8MIe(R%klj6&Iz)m}5@i>nqoLb9oz9&y_G{OinSW!_e}dE4_L=fNpA5(Fu>TQbl_
zJn?t`TC2907Av)gZV)nFk#O12NCp1*r2smk9%zQd_dgK9-JaCTMy4j+gtV|vS>lO-
z)l@||J=-v}b3?(n0_WahbD5C3@0Yig)?<>edt{0p-}0{Ys2AK%=PFFtXla!s52Bw!
znw6iz0c!UG$KQF6H<JU_iqY~PjN6%qL9_^>=9Ml;xnwqYzoo2%v=7MJXmN4o{9<W*
zq&Zsg&hu2eaH<s6Je`|jrmdimI#p?z52(hSDTl$tsz$azhsMMZ_r-1A`kjh{`2d=O
z6dAvsy6(0a(JhO4K`6l{Cd6m&cFmb)_4qr=`S4of=Mt#ry{!lt?<l9;Gz>^rpL()W
zhKFIG<zF+<$DyV4>yq9*O*fQ|Swuvo?NXIUtgz=ZDevM*jpYN${s+IRtfy5oJppa0
zvV4FB`u+OWIzDPrQDt<cX#SEjMuRz7-pL}8Qc{TcyV^mOcJGQ}zcEPtt)uaAxTCCs
z`DeEO^F2lMA3XP;Pfp1G4`S`Of8&1toD8zy@K4C{uaExclKy9u{=e`x|1(PeGfMw|
zae)8V=h829am>G7VrEfJH$0-U{)W%>{?kdXd|G_>JVkYlBTP{|NKxSq`j6<iffrqi
zKG+$OGx+5Lx(YFx!yPif>Un}SWien5$AExc=r)A;=BL+Z_U4`vvoKc>J7@OYgd{Sr
zxlHS@O&LSz7_No3@P^G56s`ARLG}eJ5Sr#W7?37^=P7&}PDrXXkuNqUiCcj%tA<Xz
zLEFleZd<4(cEvcvXSn5}oOVV6)5isbs{NXWrpQlo1whvDN;~P%4hN*gWl#<#qJ0;_
zQ(s1EINqg45QNa@vPwNaw<$Y0?HMo>l*jbwzem?*-_<3lE?%eWERl~RQ3v%SXZABM
z#(?N`TsU~ugx!SfJzlt-=&;_W#pYgq4buJ4#_1A$g(d;cK#Prl_>?~}ORyF{G{(Li
z&iPow%gdvEW!XC6g6T3MrMckpRT;esG4Td8lcpy*hFa8*T2x%EOR*bAWl#+h5*UP9
z`?e%R0+9}^7hXtwWjFRMjhhjYS}>?a80<^}QBX6_!S=5rf!K2qQA{uU_+XXYP>W)!
zVDw#FTVribRhYcS*q!XIWnp2K*_)dI)9zcl1EIs(O$qWtnM3w(qKEeVT!F8Iof_n&
zW@;e|*^~wPO%jX1lqKY)MGv`cg~kOw9^Nxycp(#`nwKV1*$v-rOKc@+=?}!YY`1x@
zK>~wOYw74~Y<NF*gYI~}Z}aY<=?zE}#nfg*I(XFJjfGum;Z2CE#IExs_)`V@ujZoC
z{R5WDlD_%UQgUC~lAnr%0*S%m<zxaFP@i<bg-2O|=f#H}(1yUODL8sS^~CshoX`Vm
z2#~#L>sGAWxQsp0NgtW8uyEDm9~xKF2BC+9XGS=dWH$pNRpGq54qRT3gWcE{EY(xd
zVeB&ZaxI%zaaJ#2y~bC77QX@Rn7LvE;uDdP#3GA6^v@pK*gM=Y$vz8g)!<-04ezcz
zxa=wKLQbi`HOVBy%5UEA527HOTi))oEWcsaw0chp^3q^PEmjCUa_@%ZQpnNA`3AK~
zV3+vxbVg(I!-qEGQa)Puj1Vvc9Tx|a?VcQvWnUjEg`%MZq;)F#d7hZVWk|uC1aEQ%
zZlZ_&J@h*5hY#OgoBy;fG4>jZfcad5_$1bN3;i`hGr+7?a2qvyt~F|6Kzt>%J*$S~
zFd<lB&UH-adGp(}=7Rfi>a`KwWHB$bglpFrjGJCS&j}&+UQ3s?Oz*%A?Vk6bN9Xfg
zfywvD1kTgmJG`)RE#v3kCGJ7GLaOR;2GIuub2#|V0dLY8hclO?tA~+mJ%3H;w3kbv
zJC*O5kPRSa%dLLQGuRG6;fcdXxx`@BeIjK_l03djxYhi7Nsy9s)>h3!FS0ggGcr0o
zmzEw?nznIWl)7gahIQiCUaAQT1CCTgu)a!p4VPIJY<W-4O9H=};JjYk%xyK>K`tg_
zDp%DKSe8Tcql>IPe3cmTH~_Wwq7w{b%~SAH7!OUEWi%T#M~3?)S2HLsBd$Yg(hFG_
z(GT{+kX$ScdOU6YreD6U^11)xXQQ*hPs}zB%aga7P_lB+>y89!qAxWp-*Y*9^21>T
z=yncxMD1$cTwbar@x(1WUvTa7K3o5Q%X~0%<<}Z388JM(9gqAi0YusNeDl5cD9DkU
z+W}a2?m)HYb6<UOKVHwh3T@I1moVZm>~$pPajj73JnS+IXMRjw9-?M?@P_m*WQ}__
z#S`Or2=XNa%!B?YQ@b%x6p$}p+`sAkiWG>n6r`l+&s=(J3$@BMy^H2@m!n3ng()i7
zjdebo%bTjqcbhquTz+1tS1$%1w^dY9k`CXZeE2XkS$7&P5nBZW40!;FtAOo2D4eYk
zWxUkUFY_0OLpxA9NsCGZxHYGZQLV;07X{FiPPNhU>k$P{zW12jNVh6!h0A>SwXk<1
zU*6Z%sGFJayx=e$PSlwucDe?!FJkP2ZK^SoY@}0=k7gM$au(=oD|X6Rwq=u_86m_A
z=PN{siBIKe@WHic$_Ixd=JQixi^r;k3+$&U$nbL4%z_VUim7JPbYb@_5yILP1|$6*
zq9ks4dWB`^fwLv7Py{V$O^Ar6>WrE%HJeqNFG}^^{mKdS=uJc~7s<TSl2$KE)I-(E
z#qm8acX0rZ9qxIvZ7}aUyR^JZF4UFg^psaSt>@OEO0g|D$Im8<sRkRnfB|xt09r+M
z%EwfZPON})yJVx(Uwkv>38oXOapZSnwU@)LF>=o#ZMtrhqaMJ2>I!dt@>PncfeQRH
zALrqLI_p;dt>m$8)hn?7!kEw7AIt(65T1EA)Fp3);pg4D9ZM(kaS<m=Rm9NxBXG*F
zri*uCX~{M+!=m?al$ZP-0D3ZKK-t5?@IA`dlbiezOi5k{<s1(9bEiik6whCKsR{S#
zmr$!~Z=DHvev2Z+M(VmNq77B<I@x<@#-V%p&09A%Luw-t<yQ4N(^J(p+0%BHVJ}|b
z^m%QFHllvHoKnD3=L*L4XNA?nl+|5u8l@u~e;R-2c$1h>d1cEw3adFT+TyT1WM2K4
z#{|^mBPN*c=9{1R4?8zQ>g>K1L|nX+LazhK(#3@oqs{etU!Tjp$JlK&Cgm=GzxS+{
zCP`~V-LpFJlm~>&4}mcD^VJ?ifz(HVYWB_RkcAml_Z`Q!n@)#|Tk^Tivd8@%AtbMJ
z&BmSUu8K$<pV4a`2Yai5+4=*;gS6Z#!w{tA<-fU%!{c}TmT46#S(hu-|B`>Iw!w1^
zWA?eJds_A^`YElL(XK}X)h|zt<%?12ddqs77!$c~eY86~ho|7VHh2sHZwF;-d!*)l
zdg`{u2*0-~XzNEhGD7Zd*<XKlzLhe|M|!w1DOKF-F8Soit9(4ISCoysvV=Mwuu{G|
zHFdj3{`gMYpQib|z2UY*0x!b^Ih42(ngOSo!#bam*Q7qX^@}Jhm~xlE_IxMI$=$v?
zNLnDtxCr~so#CZNd!t|AXY{<hs#aq*%!-W{=jSG+XFc|rkCFjmkbJzC;;(}Mdob2Y
zaA`aL@eWQ_#Y0p@h;NkM<5coZ@pk+=^`@#J6z>X8>q_2>jqhcL0q7ZS$4ckeI1fWU
z_x1OchT@J!vM;Qk2?$bC*Qi_zMTazz`am1@QqirNdrNGVe|=AX&IOy>)R>6R>xEv<
z0CmFF`8kuj@wxrQ{^<c$A(7J00}{WqT%*puEAk-Tyb6x`+D6N0wm$D;i$(#f4+UOs
zSNZwC24g%?`4kPuntYNQ|7Zc!s_mEJGL6N=+v^(r3yw+1@HEov%)F0I!<v8r=(`mc
z9vzgg&#Gr{R`NcY{RVnC=JhK+87`ObH6PARR`a;>v;AM~y$4X!*%v<=MPV(-Z$$;A
ztqX#5lqTI>RuK?TP>>GNYcSLhLU3JRT?CZgBO)C^dI=;bN+*$C0s*810wF*kK<fLl
z#oxaFn|bfeyfX8j`G02=qTk$m?m6dv&N=s<du}s(=q%C-lAt+1Wr<3t%uywMGIK<i
zkVa*QupD)w=@_g^clm<<U6Web>oS&7rjp%CIY_Iq5`Jj>57v(kVVnuw%cG;UVm*6)
zO$Yh_axH<h&lY&~{mT-M4#kNx5nD^8PLWsr$va!gTacy~7k~_7eOB|n{EWsrDI#&W
zz*y_u!4krM{&t7bIRS)`K|!LdDphv|hkFCt5PWls>Uj0Zj2D0~rWzml$C7kv2Otae
zTtJSAj-mO-(&3hsZImkFLz11iG>1LT9gK4QjVAUYWzn}BnMcwHcx1l1dIp%jzvw8U
zjH{(`a`}EFjeKbnk6o0pReuw+(X=Z=-DU9;Jx3-o0TK+2jEn}whaD`c`fiuv&KIP9
z-S%y3nvUd-IY0o4lNP#x1nwYs>w#>V1(HlYBY|y8o`F{{<S)c=J3gtdY%2q!yE2vB
zGw^F4tnBO-Tc$&aywU8ueJs98ts~wo9`Nm)jv2hR+X?|(pO-(hX@u4sz0SqIb>ex8
z2ea1S;ujkhGidMk50}y}{@_cf%O^x^-Jb~`A32+=bw$+#&Q{hOr@uEkuR71R4W<S^
z1NQlX4x;jmOif2S%+RE*8yuKl8IUzA-*d4)f}E?ULYb+WJ}MS0?oEomxG+*`A4nzy
zmV9dSI5arjagBJAH2>`~Go0!2+VNBAK2x>eX84o)>Tik&h~P4y(1v*VXqi{yiy^(W
z#tY##iLFY9aALPW4ryUT`>C?g`O9m-sgu>pYUP=t?9;%+3mops5?6GfB6X*#*P;jq
zp3cv)ZE#|wy*l%i-P+n%X}*Aaf>m+I0Faot+r2-p875)V7s-&anw)!mvyHWVu9p86
z1X3n>7k=M3Fr}>o#xoE}!jw6v+8L*D9=-`TK6K%7a^&lfn0HZ-XzKo3t$`(;;?@j`
zXQ#ARNW3t$E)Ah>c6f}-e#Q*fMmNmAeN!P}fB%<wQFRMPgo<sF3N0^tm)#XNy|G0c
z$aD=^bZqrajdVb3&blnC4+P&oIKaPEdF};lSQA<iksGDgYFraQ8cVC{JD=5!2mF8(
z@4+>ki8)|}fa?SEC{JqKwY$v$ZD%p;N|rEH@<H}M(*8i$x`WP*rOy$42Mk+PHo^83
ze0r!8@QZ+L-+QJhrr<FvcOBOlA>b%V;Re_3mS~|XJ+EHnkIyn}p2fVlX5havRGLbs
zk=9c+7gGXAb)tx6d3(Kx8V&lVdMnz)KKJJ0;a0Eio2uZcdr2udNo7Cjcdjg{V**a8
z8(}YZfQ7GFb8*jB2~omEWOv^Jj%<7G9-h?ly=oBNBwZ`fU$AAVvNVf1;?sQF?Z#Q?
zU9Kv4djtqjryXn@a0CkSc;p1==D`D_y^&h6>*<b>RAqbRpvRRje=;}!V<TJ1c+V`y
zr7~N|z2u|J!yO|Lh$ckkwt7NF#VW4NqY@TLe*_FWFcm)P_S*`aC!xfLGv9oeBLdhn
zlE#XueMrZ|k0wj0Vu${p=>^3g-4dbu!@hVRS-)bIGj(rH*C3(ObMg;WtmY#*(l{z8
z59Tr1>Q^<!M%gF1*4vCO{i^1V&sHgu?SXQ1wyM*O>J>Dg3m!mNOKC-Lre8<?CgH{T
za0f^(kpSGh2kEm)rmRY|;;hSQ^w-C=@thSZvfuh?X9Bvkd$)OeDDDBuvOc0u``W5P
z<Hgj7L-!9GdT87~!`iHE)qI>1zDv#9_>${V)c5MuE02R`u?4CN2YUnKfkm9gPr==|
zqIam>We)n)V#IqD%0X;kDm3D82zVOsD~3OG3?7J5=jK-;W?k;Pa!&6rd=HxIh57B4
z*NR?;HAL>tRN0`MVdy0(z1^&{rnza0OmiaO&89S+f%aSq{;_WY=5Ki~fk*fA#o!;y
z*;j690hN^cVdR}A7+9^iOcM}ZRqL)BdI{lxwn0=7uJ&l0{X{i`d6bb_BW`eb{AQaS
zlLF866icFTufMe15~pU~yd9J8T!55&pZt@dL2Sq^Akyyc!6j+EaD33#Qm>vq?l*0{
z!m?yG6YS9MUCPgn7yN)=wGG;Bkj@62e)k{WGk5-T@%%#SnW$Uy@yH_pAk4QhJhFkD
zE(+0#>1kxi1M5&y*{e4LyxgA*v8z=b9jDaecYv&xD;k*4$lx)3Xxb@0zR~#cGbs`x
z@w)yo(tVe{vAkPIN1A7s;;w*baWbqNOwrE7I6Y7BFvWc@dcj-QS6V)hIA8^6p#)LI
zw(^qd3nd(e<MbBo$TTP&yCQWMmToV^hXAGi=}8hO9s9(Ah=O~JyGUwfvv!GNV}wzf
zaDgcZ)GG_F;|D4fTu<*Z&9g0mcbaATL|y~(VTR9+=l`&0lH;eaw?2jS!!L2cvigt+
zR;^WWqugmgU!#N+2kIx9^^F6e!(%$p1jRLiB_!nNRX>hD!B3$PJlt=$LAZiyBOo?C
zOUK0p;=1pGK+|Ch1bHC$U83}-wkc7MqcV5MSr12>@~PI;1`!5uLem=D%6V5Cc_FTI
zCNMBRf&XIgv@aD8c#@~Ipc^Bb%$;iYF4przjNKwV?E(-&=THvg%$Mrn<{`f0AMG6I
zYqQY=FayiA3>nA1Gqy|ob$tf$D2d89a+_DYf48#j$@n>?HxIoIW7;3|uJ}p)`t0a{
zv=XpmB%?EPzl4=0XX~b*K5$wvP4adwaE8Qy;3-8KFTc{GL7xYd`_xtPIWc63#d8k{
zL+8|!>K}hG6n_5VK5z-UL}_?^uRq?d<D8xXt9)cFiT`lvN994)C4U8hE3IPufkSp@
zPM+NK&ehh4y#B%N44^*><CXR^cDnQC+`z$wukkSTaZ0{eE26|w5pK3XX|r}tmAT-}
z;h~6mD`05YqlQCoKFg+N9rQyt&kG2&C@e@~oI<oCoI9KB@IrtBcxX*DxFFfqjrCu;
z6#M`m>;`Z?=2)+g;;y^j`q>LiJ=mUzRH!|XkEx0u`tF3`9nZ_hj^+z^o%}WY$KPK=
zCQPGiojYoegcpmhShp)!Vnfulmo`SU`pj;b&7Uj$&L~;o$l1%k?YJ`fne2)6b^nlL
z-x@dfP$Z7W7){Nkgf1&5Ki!K!Gw2bzh!(%izThCmC#e!$2|u@Qp&g8!cF(Aa&iJTo
zh&2|lIyyZqK@F~g-ocbhjLo5?XS!AOZQ>##xrRy2DC{L0aqbTl{Gb;a9V5jAD7{Xi
zht4b1xYlYQW}7KdS}yB~JPteEb{YTP+v3KX($Z?PsK*$G@nimj#oVu_VoDXJp?i)p
z_*mf^`<a4?nynt!qudg8ukFP6>QfqY_5;k22WE{kwv&X=bKLSY<-4=VAVDeMYjzQ<
z0)aTVu}q@}F6$K)2fNSSTmvskS;61n+7F%vRo(nDG?eCO7wF=~;W)r7l3b@oqz|%_
z6E8lnP18fmaHt%%qG1iARU@^q1O=xLok|Llk7kX9^7+@t+%FL0y&G^eLFp%xY)uWr
zae+E==0mR;I&Ui3S~*md7UJjM(V16R8=9?!s?jMP_nhuZs}kM{0kwNh`4Mt@L-x*!
zJ{#4+yTDo9h*9;mV<7(f78Wiiqbp~(RT}I3$D4&<B6=R_7dxgZpYCi};4&taeHQCX
zf>94-is309Hr!E9Q+l7-Haq!*<7$GspE7vqt>S!Z7vG2CMfUucy62zle~6R8H}0HN
zB|Ndh)l5<Ma<smZC#D0KBB1u0SSIQem7U146?LpG!?C$8kdwiPRo20m&tT!r)>>?s
zjay*>l3ha~aUq$^Mp--<&NAknNsH49yXBS?wP&~4+Y1?y5=Mlbv1v6+TAW(*?@97L
zJ<a13cTCv1;$qR@#YEjP)wA{YuDVv~a3iW+XQQdIcmz7M=ZjDcFN{)e>&8g4rBwRP
z!Z;nN<PN@z%+F=cE-JDh+v}(6=|y_%=9;zu%1q<h^u|)1ny>H0|EkfwVmw|;CciyX
zxdB|dI<rjce?JXND}6PjQxMo}haGZDw4x~@TGz5}+S^}7;j(q+n#GOYaXTq5nG;`%
zEfhH%=}OLnxMryx|FL1|N}D^lWj;+0ywsgvUM{=%VmQyH89u|?XxU&~2+7JuaqIVI
zswx`@w;(W7gP}wADJ7hyzIZxI-!OxGt#!=y(B6wb7<;HU(7BwqHm<0<mXh;?^qhr-
zc9gRlYTyUwXIBGf^%J$z+!8DABnj7rIlE(p?KrK#96>U+9~vf=T1XLR1X^Vbw+Hvy
zGz_hDBD-LED3L1PlobOm{+uZB7e94eOWLk<nE&LGpy~OANS>8_yNPlTaJ=37>w(UZ
zt~E}8fg37xV(a}ggT0^49v^a1eMEC>F3C+g9aSm1o5%aamNpgW?{>S?4FQi3GT_U#
zmI4XJ#T1xUggp*Ua_wC-EUgk^F4b?0em6CxH8eD(wix1Tyk|bOHnwMP#6a_;SvEA*
z3s2m+SAJw=a5Ppv_ze8^{1`1^8amEp*y3&nR7|2aLb0+AA?|KB+exZx+bAJ_A&6GP
zvItnC(Hxns%^Z)c)o1OKW-S}^IMtyEp0;Y^)X*Pvj@(RtwStmott~(~2ACvqGfgQg
z4n3xqosQnD)9oVbf<tI{l`T_1w2c_%Qzj|aafPZJid8Udk=%jeh1mXI{PsUuVUYD}
zEtc}y#LqbFEN16LKVIdBtul&ZuBy)%->PcDF_x#(8~%Xbu6f?LZBB?-(@7<dvsqN`
zVC=em2=+2h@IcxlnN;c*@kHKc5!+fPw*RCDMJFj};N_rBxT;|#W|h`UGn5imT^VfZ
z_<V?X?l(xk>>W?jsC8d1=@8%}<%G5#O!v}|6zl7YYQFJ@94-eqto`2A+Kut1F-N&1
z5PM_yQ}2+CteS0_j|7utjJpGe!;==Pvfb-fXvJDEZpoa`4Qp{i+Cb?jNFrKSqb1?%
z<}r>VqoL1SCYV<+g0LzD<is@!Ln6qsxL(vOySJB&2qSjI7V_FcwzM3Q$8&~*<<WKu
z#MZ`$lG$tN5i4=2?48!;+U+)Q#Es!%lZ%^MAxL#C%>D-tYHn3zz@w>gBIWhH0|5~K
z#GSnvLeQXrY%q+P`a&UWxK9=j+&l<C$2g_9x;h`yZ|$M&hstB<h_(J`2-G}7#wmse
zCsls<ox+*03SFsxp>oJ%p9$LKo8*<OQ>`PDujny7`r&Um>>kwvVw^*&bh6Y^)GfxM
zwV9p*rfIqJU0&cptm0jJ`|(@xvrKlPemMKX{>QG_`<c-sh8{f_$*`<+NRJhTs+?M;
z<Qba8A9OR=m%)g=;@hnzGcVkaJ2`b&m19^)y}oQL?0(YXuo(IWDLvw@txn_z<_v@`
zZDu%hUWv)HVh7&AVdS4>27mqRk(>0^XY6@#9((G0KQk~%1;izU);yf4Jv~ywsS?o9
zK5V}LhW+dvcJrQ<RW}dkAU+ju6+z|!$n(pb9?3vN0JRNc6XCR8-91j%9wIZ25M+Ak
z5-D)*$SKH_GBO9rq3nuJ6%j_fK`p^mk=6<!MGr`K?PtD3`qh7ZK6<d8j?QjG&legd
z3FPkf=WOq|1d@Xh{qc>{nQ3DU!koAI+bIiY`he;E(;tU6%74B7({6$$z2sR9WNE6G
ze2YQObxF`x>Jo$BamQudpG17dz`^Y&j{Q++PGCJ%T-@$c0Kg`4g?+$M#H5uYg5i;f
zVRADO9jlDMHEU4oikHErx@y6}(d)H)q8bY${M6*~D*Sv%x>2sQ0P0u%GG$Q5B!ZCk
zxH_YyC8ok=rqK*euQdf~mV{iOKF7gfaYW1<6xaO*PV@jQCzNiHh*ib3LGR%hR8E^N
zpKhJpDS>tC$-Py@NcG&@dJT&=kt#}qnIFFI{B2%rV2VI^6^fWUm5N6mbl-vwTH}N_
zCt_mg5%c_<3@Ncd&!y=`=CD-Ebc}qauAdQ_I?A^UD2~Kx)(29X7~34PfW>SUq%LXU
zw8^Ch>7i}@af#3&i-dj?3_V;SoI2+|HgTcA`pAmUzR&KGRYYSAb7_ORyojk{db+Q-
z4o7wAE=_c7cOW>wxH+|_a<(`%LC4Zd)BscL(ziLjisvwIM$-CbrB<`Z^8&LR-!n6H
zUq37_59FpI5ftS~FAI@~xeo^0VtV_ZU*g|iVUST)k-H0scNIYafc02b$8ao=E@NO%
ztOt63rkC8O*ydDTYu|bhtk^p+9-%Cyv()YERbaz=)6qWo^#tL%Tq3Pmkz+-mRhkvG
zwaI?>zOO$waO|R4U!edJX$D^*AD{$sY=F%oqos&#>MZs^Aky_w9>YQ`9ELuqqLef3
zwiB#~8aU1Tv;NZ)(@9pG4xa5&#R!kM#4SLwedU~aE-$auvh?JvOVnu(WQwt(uHGzT
zIX3XXO<*ylSS-Dz<!7Tp2!Z+mA!6QiZIwkR?*Z}SH)+UF057Z%9OZ-JM$F@OhT}dH
zQ`-MAj5x#hfTqXMkg~G8xli6j^je{J^=z33L_W69QfnjT$!6aJsUAFGR2hoRs$Zin
zRdM!0a)GOF3!Xm5o=#ATIlbpOCdOHB)Y!X%>q$Q2m;=b)E_~|%y4#1$o}CRc@NZed
zWoiV5C%}e294c5P^G8WT_ELc(xz=tcp`@z3&muvm0)ooV*98ppRRfVorv$y_FTLqw
z=A}7Qn28wy-^Qn%BgR@+hXTkcW#~ZrI4q-l-yyWa&wA?<NjPE-4gHX5*5@1>Bp-h;
zh0&9BWOpL0(pb~q->yCS{z`{^`D_3nWyjejIRFV`h3gz65xZ8vTy0$BL$u2BDZ=Fp
zL_=;SKmh{HtFBa7RoEr-MXb-p(0+bAb^_FioUa@faA2<H1buv!sTOSHj?KuUAlAg2
z=a;nt`;Z&G??MU4&v7(ta>5OzL!Ia~9|X?F5!-f$E@RSGhl^>e78DgfqXb>jYvCs=
zYz_MFT(ZwZ)zlgnnQ^+Bb1rsU;8~opW0(y9>QcPCy9X1D*(56rv$>fTis+~KH_3lC
zmj+NGz#(W%dJ;~^k?3(t2Nqdsua}R4cCJc9L#&>f4h<4=It{h1MCV)mj<kc@vnegM
z+gp5S`B<@*tF`Xfk_yuY3hA}}tj=jhyEv411$l7?^Z`P5EHF(<NRU^&ILWf()7yT;
z-YiCK58@(x?kVfDmiG|7Tg9z1NahzjWMn>0*(W_$cDKz=!Gqkw3w7$Lu?yPrs0o_f
z{;3`z8-LdT7Kro9KM{2T+(gGATh>3y*}eC0sCB|=0~$t*bL3F$5DR`@-rl{&Slug%
z;gREuS^%ezfHGQPVGHHBN?!y-_Sw;-#bsN{p}r{xcJBP;ZRMax&tC{<P<8m0O(^@1
z95$yt7U5iX8)|j(0!hy&-#afv?ajbv^_$o7ctZE9cMFaHPV8wC-N@P(Y&f&HsvlXG
z-b$K*?j5h{mvszr2d=WYK-SWWqvaw49U<Wum+Wj?YEfu}3Z{)cc3BS$c=Cr+5>L8z
zh=Nt@SU&&Vqr=f0=IS)Y)r&x*rx#ULzO*N<C#AP-*0ruj7w>9?babY*GV2BSq^C0k
z2Try(oOXPNCSw^8dfaRpIC8!%6SY<Wl)?UUrds4hPDgcdwzGt&%LwNF%e-2AvF;A-
z9RX9_d<7gy>|zXjH;Ol_L@TU~f%}PiH0<5X>!sJ%J_RD-<`@^iu~k6t#JT5!oPOhV
z%=HITx=$46rYqXBH-r&8m!;30gl=DpwY1cmn1045-zSSjAVlHo&oAqMlK`O*)fgj~
z*5%ID`tkLLTnE|2T%@e-R^s9OH2u@P1wsNPaM<W1E1_+VedPc(Zm0b=M9Nzg#CrJi
zIqBj8KmALw^DUuC6|)mb;}}*=FPTM~k+qOC=@kjpd7oNK*IL;Z0PnH`9XSLM@7adB
zx`w6rHup5`0M2o*wUz#7#%a83)Sx=QlHb%HdVs=Dw{apSr7&q#ku;>T3o-Y)$5?+W
z@mH%e5z|Yv>-AZK>+6jHk${`Re0GAHJ<f+nrDEZcfDj4WE$NFaF;?$ueAsSPC2kbc
z68WVI+;fEzwtInsT5eP)*6Rzdmx%E?J@*#WSIa)z+NL4Rr~NnxW>4>_BKD`-y~I;m
z6#*t!$T4z);xi6Gg}LH^>8Zv=EWPfCx4krAGi8(=_xZ6U01QI@XytS}T47E&&6Zm=
zoc2dmgd#3-&^C~fyXWQ-IO}%zkI#>Rh)hP0wM2n1rK@_8u}Yef&j%|&zMs2CNIdKs
z6)9at{Q)UeufN8?YA5^Ro91TKJpx9e3QFancAnC^UXuAkgR5<=X@z~`<;Gbk0!<@}
zEoFGLJ}#f{^q;9UWdcf53mKi#omK8#f{azzBeTJ6fDv6Y(RZx0$mMp5yIo|euHLwu
zGj5-BiVz58*SLDw*f11kM*)j%kS32SMsJe;9D#_xT&fX^7JPw0!84oF6m0W+B4L48
zI16@2NzG`0%b&i&RHH*yBXdD&drrS^s9|!8OcsHzyfUCpD%z(iJ3yQP8%g*m&YJ|7
zLcM5RL_;I^ZfVmly}m$nzi)_qMtv*^MS*!vbi@}vHkiVrJhEkcX;L8m;mutnxNQNg
zePCUMJydm{ale&Nzp%*ySqQC}(yz{Db)~Yv5xb{k@K#Lx9?!0}<9;vVVWpqm-lQ2h
zaCR(GUFU%<Do@vUr{GAEM06%fUbLB0F#ZyLK_o>28gcN&phtf<MV&Rgi}bS?u5%U|
zn6d>T%2<)stFl&A14C}lZ1W1zR8&TYQ7jse_bwFM#u9nACJWpinyR>u{^feez)ao9
zbP|J7=B+j2)tNY0I$G;7(Esr`irAn<nRO4y2d+b{;3ugpytLu%@B)rmrSv32CN9T8
zC|rDe;no#4*Wtyb)=dBgwysw@gE2M(VahGR;lu0R*_F%b;bi<$PSvhP4J($Ta+3UX
ze#E{2)o^N;H&fFuWaRf(mZsFs)a<lYxgD84LTG1R5fR>mBad34y@xIHuj9>{w+BTJ
za80@@F0<V`$TiYQ>$-r*KbFi7`F>fC@XKqlfiQE~@s^9(a`$;%jP@Rj*#9XV_`>4I
zsQQ_;+7zRu>F_Ri2R);pw6^xfPUa;ZCm{C3t7+DUFO{iUH+v7f*Io8(VW4AUSl33q
zKn;FDq#$D-TmRMrtTViSur5+R&>t1JUv;8n6y$4tSvtjH;v7UyKx=raMlHFxzXCwT
z`mwb7?2qx^`yX>s79U0^r1m!NJ&lbmc*_54q{>Y`;|Cp&EHclxuFbxC=QFI+koxKY
zVaGuVZcux)-F<{4bFcV_phR$s5#We(mzUo>r)4uts0k73swtSV9V?m`Y*|fvbGjY0
zgDk(Rcj>kI5d*=%lWpjGv={Dft``9uo+}+KFaf5;=E$ly5c^Iv{EYeGmVtq>jqTVk
z8INzI0+dRMh{$LA+h$#gk{?7=O0qno(1888tDF_Aa){&!7Uc$6n!LczVuNQkyzO(l
zd>R)3GFqRw8GTOhR`a#HdR}V?_=IecQ##T<x1yJL*arKsjq6##L4USkUT%<g*oJwr
zK`hWl!ir;Y-)C%{uU%%s*sh`VJA(fbMAK%x*lnS=_wGH?b<nc{j&=*6*bQ&<r+7gj
z4-R>IRch&6QVQyJZJMSsbo&J$L`&3D7n{<FS7T%K3i}|XW8S-W?gI?d3=Wq70?^YY
zX1S&(v%m5$)d7<dFwmE>i;B=*MkEsR4<8?+LhL!b?V;-cx$>L&O6jM=Uf*!EFCF%3
zO5y9QV>@0&8Puw&niwy<%}x4MQ5#=qXKH|t0a{zH9~QU+3Q4iisTlDB#iVNLtOF8?
zF|o=u9cr`$pVTaZyPVwR^{POow8V6tBV97LDnY*9Ey_trHgC>=lqwfu6N1j+!;ed}
zoL7UvB&Qh1+7pHmqSxqypl3jqj!WKPMaKsqO23_8qw@fW@Wc&rMb7{>NZiGOykb?J
zyy0{UR;}z+wch*5UZM7Vv^gGjf3Tznbowcq8ZeZ|J)v86>cy$swP%2aKo6eT=-dDr
z8GUWamj~dKYEbN6?+n6~`rc*F+1vDbKuI-@8?^odi%2dO<5dy{L^rLJ6}$<=r>`%K
zkUjuBE#VFh-vowOR#@y{<(~>8&$_;OxbiM#>7B?Ckk%azl(A~SbvhMT?9sYi>n{dG
zE`omEyK|+(pciVv;S6AYJkYPwv{(_#xEFnvaug(P#({PL>qG0`0V>=0!d>KdfX<OK
z_2Gd4o%Q;;qQ3)llJCPnuUmGIjkonKIfVg5ftoy2)*7G!pc2XY@U>Ph(1T>nHb27Q
zvAG>24-R$YeH%df&s%OMK;GFlyr6nxAfXNv<u{Drb_yGPi27F%nQZ=l<(zsa{Hx^5
zy}*Cv<3?oxiEM|dnSVYb!vD&9f4%(gly_C2fY0GO3(wpH{>cUS^E)LP|H{L^IRGqz
z|M|~{fBnDM?f+z5slHR{hJ$Vj)boR!TK_&76?N^kT>23Z-h_1wB#4*1+g@G!$S7&#
ze8jWkQE!VSL&m$k&5Mt`)~mk+^0ty6U4_5`k@#rC;qsBQAVGNcc-z3*W7QRXuA7ea
zBeCwjSxQH`%smW}-lFr-z4Aw*roPzoqkLRd0ge2EJk*Wyso<8qXx4VjdH9Cxx;8jS
zhzs<v4mz`DFHpW47XbGJt&~r}Jv-4S_yc^wKE_Fa_iEXE1$0lS#piKoe1&B2B@o@B
z{K)H&QS)4d%J3#if(GMZ@nz6G-t5t~$l&UeJNZXmSJ{yCmDNmgqFju}gBIhHBVHZ*
zKaPexvikEMeUy#bV&_KvvXKjaji<8Z(M)0f?qMTStNO~8CK*vKfz%d>p0`CsBbjG}
zqfS&-=IbVBWhL#5{KXr^KY6oD3bJ}s&}!{o0G~wCH!^h9cVQwLMnLgsQt9kkw<~>G
zm!Vb_rxP5w^K&Bo3+PM1SY<FkBhb7@bq4QR3tK-^GuSBAmJ2jGYJW<-!ZscIxVrZp
zfC5f|00fOx+LR8@2<*j?2UeRn>hO*7Sq}I%<|mL+uUb{8$R0=XGp#Z+zwE&HPbS`%
z1(?_XF!63uu#csrVUcNO4scnLOd~g_tf0F3vPJP-(;*8XpQoC<AbS8|O6=>ci%)sA
zF$CbDCdh2MIJVL>5ae`jMC?fjW>N@6at=-}-YDV&L^u`eE|+!hNEeMZR^eDHV|X1-
zH+|^O3wmG>%4>&le>jD=EuYR31rR0Z{-K~AVodk!i&_{*5yY%QFVva`JfXrdz>aiA
z)9)Of8&puR@p{-CGuNccnA)IQYmUp2ftydz-g0I$CSrir<?{`MUCTe3U|6&Le8~$?
z34IrR_x=nA@-nEsB<q?>_@zriLxi!kR5Q7%kU%=XuZ)$y2INqj4MxipKIGe-9DmPI
z?qB?_y~!N$Y0_(ga}iEUwbV&j&aNsmk88Lqb}8z4#Tetu3;EsT&@3w2Tm5leeSL##
zuc`9T$VdjT!T@}<LK%XTz5-q6874~=);{X}!yvur(RxKlGWT0kE~Wc`?YoEaE;kjB
zL7Y>YkpWNLx7)gzMbprYrg!!Z1}pE~Wr@a0<;qJ}!F+dsvf&-CBdf%R!*=@2)%T)w
z8GYn|$*=(r3vYYmTQzs^IxzUC=OqpFFE4obug^V_3n^-Qr<z=BVg>|?k|y3p9v&V>
zh356y+@Ow1K%mMV8#zUWCaZF3+n-#FhsVau$?kry0PFutfhE^Xa@m1qn{{{fNQ=Vf
zE{fR#!HmQY>3{20if4Tpp*#uewFoiIzjx;k5ySi4N28`5WT@x_*V0U#KU8~ZuOF1+
ziTkcYz_NM@KD%~n9BD`_<4Hb!&i`(iNWe%ex6_ZM2Y^3l>AdV8*Ej0_OTCJ!2{s1`
zd+RmyR>CmQ*e5I7)|@0~+3W@aE;r=eJ=F6<eUt#C*~j0<$pSP<rqMS5u<4yzhm&c1
zqGULG*>62K8lxpMs1#UrS8HCiG`rquC;K?4;B_4--<LUKHQem(m6R9YVy;!IP6ITv
zJxomv;FcS|=G=rIEeD#Z8)&%{Vhe+5PH7Ge4!(NqajkIsH$)srkc)IOdPIE$Se?EW
zpL|KVw6qj5OIIyFRIrD>Gl0u=L{RZh6>@1b1#2v3q$uyMq`MCNgcBv-KGOcXH=x5_
z=!3E#9zh?S>4|Jz70|+m2{Hf{CvNx;ji_j7;c{|wLkP`NCP$*2Yn^9WDr{>Z{fP;O
zUQ*Rx4Huh&<rgPZvlkY*kg1)wq~iT+K~5RL)12%&0xPb!BEDzhq<Y9Oz+CN1TEJBP
z@krNz%E-6}X(V@8#mzfQ(!|JK-{lf%tpWZc=z+CIbqWBxQ~0SN!cflga`38LLe-M|
zAw#eK#n8%Oo%H?2bCA19^df1mDQfo!PD^R`P{hUd7M@v}nkL7h$PfI%rqGT*&ROZ?
zeBDM3qu0%(8ya^s+~)u$uN~>~2Vm>PLl+d^z$1yj?XwGE?$?C2M6Rgne6Z7#3Lc>&
zpb1^x(Z6fxDm{n}iWTUK&U@(+`rX?RV$;A0oul_;8-&fLBmDK}Z-b(q|Md3>y3T0y
z<*v7gFV(iQnIh3YgGzL4Z7Q0lt9(mc0P~*tx2NzzXy$Sv`lqh9l%Y}ElkuRN@+2|u
zyT^cDCAt505(Go(+#<<OJ1!qDx8S<x!hJ@WCOPpPNa@wzenWfHsMfI|y@4k3e@=i#
zjvhY+a(Z+2FZUqogtPJde}-=WBp$nX1hiuOH*JzC&SwEr|61+;A7|!&GOyy0-2WRc
z+W#6A=>M6I`@b0YKQeIm9+`V24N@=E{+ne<$bZk~ddEa9SpFP;9BOd;UbACf^&XGu
z#NTxnL7<EY$$<81aQG7?=gy(;>VJFgOx>O1q4)3pCW@k*3;Gr(NEV$C3|Kcz^%GU%
zcXE~RTcbWqM<aVG-xs|8t6B{p52b4+@1tC-9#w??UXk+Fxzpckf{~%pZ=VxmPcxc%
zyDBZ9h6MA)IOf|KmHNRotrSg&3wv*=^LlRs$u97Z2|7O+T>h)tBhZ-B*Q@>0ep^3W
z@DSyr#|WXG#V7N@9WDvzHir-VIuN8C2DhQ?J6~DJ*l}pF>HhC{1SRjZS0kF9Y_rY!
zMi#KD7UHU<_Y?{bI>CjzXrJhBH9VtEcpZJq;QmfsG{n6~m~(RewznlvEJnHu^J6lf
zmU5v9BRtI#3CeW+Q_&6y`Y1#^fqClTp9A?cIqGxPH&)spC%1>8XY#M!13IAqH=C+~
z!Dog~H$U{_^Q|iF%FT|sh~oVZ<Qq2yF`ZA^tEG;QiJZ=kSfR=p4`f&<jJR#*<BW%>
z)`TE4)vRywQ<CWno~qir8_KJ^T=--@xqMtu@Yl|0Gt-V2&{VwplW&c7qMlp|Sl5HO
zEHD?!hR+E~&LEv@|E}Qz(9i$j2Ja33$`m@3=K<<_B?)`v{E%AWw{8UaI{n(K_s*iD
zAw%!`97cUkpMD0&jkMSNS0QSk1;MIL=k_PmrP4m>^GPj0&@=jj;DzAiqT&a4l4{)k
zuHyuRx=+Bu+`{VP=h-p>lI_NBc54TxPpSM<(G#>V+hoQHmS2$lPiNTu29-Z6w;u9X
z>GBK4zan5I+Kav@7u@O4q867{65Tg@;G2vAI^6zs(p(V#zl)WXH@FfCf3CL$b@X{$
zI&Apx$@uPYbPvef?cY%^0(FxAdOB;L2>mM*?o{}{jI96s-v3!NZK_`{bThq!HYF{!
zp{Lv>my_2#oDJbD3^W6$G9hFgpY4^b25)t6tO?Q%iO{0Vt?R%bkvm;d+aJVqACV=$
ztqv%0e|N+3zKg!SE@I<|#?suR^f@{qbb^_?-DrR_N%HlSUox>Gq;gO&lk+ysZo$#6
z7^ubYpml$e6!#ft2iluk8t%y4WQi&bXd;tIOKo2L5L_?`WE}qebpCLpO9ndi6Ke5~
zzzZI|Z|Q!bsNuzyh=o>t2zjQQ8dEi!JBA&)S{HyP>@_l$r};y0S<6`A;2vHsQDyLL
zi&?yuI&T<I<M{7qM{@4baYa4n#)!>z7JVJ&>j$euIQjX9Ir(ioYPpQUdiF~5;CiWv
zQ>w#i(Lb2kv>Lmc`gFVa;L8WsBhL`vQ)-C^{feSJ<2Wq|U^u&-3CwNm!-6l@|LFnL
zsd=R9z8V|?Coq_B*~Y%5#bHdC1QJc3NAoD)GaNb4U;@>VZ!w9e*dLdeou0_q$<I2W
zF4^O+EagYdn4PYbjBQ=poAjYAPGef3=WPD2bp(_S4*Oy5MlX7&?Ag#G$2&vk{UZoV
zh+dICHUHh5Jr3>}l*7@!acKarfVwL*-Bny)D>40TMW#LE`vBov2J3AWd9AZAddbLX
z`X?Zz|Jk+Xd<9}o6D$EA8h(MICLjGXgyS;M?A1fJI{=pS(Df6P91r1EV+ZJ0QS0qr
zj0ucq7zx9?!2O(@$o+NU=DnS|^Ty3SlbsQCfyA9tQX4IS7H5zciz1Z}`P`Y2d)?M%
zS+>ob`BeGlrTksPB<c9z=C9{@itb%qY%ow;<ky3h;1(j7R~W^G1<Dk9B2P_Av$6qM
zM+X7xuY_(#Dl6BQD(oqOu@BYdaAsh~Ns4L&d;0UF7et@k(jX6fgTWI4CWMoi+Fl>9
zhDm$uIkp`1&AZuajQ-3N0pVKP1nV0*r$Td+MujvXL`U^yp>droyx8RX(LK?BWES=6
z^4yI-Om%`R-B4|{DW}k|*_UF}Ph9THeN{J<EF?$wCiM_wi`olw)=+#YmAWiT85j-S
z;r%YJ$<y7`VR|=k*l}#>&9H#$hnyaG!X$WH8jAfsa9feXN{^tn7$i#&b^LIx#Ae2h
zhQGH3Tz9vICEJ*dkJDJ38J99#9`NiRJ~MsA5V9#cOg|<}Gy(Vb#Cb>>s@0`kuP@at
z7Sl!HTqw<bZ?(zo_S?y}$ZoxewLIND9pdjAhDiyJp>apLh+_3V7dAAn7}o6NNVAS6
zfZ=1z*4>ddi>o{9*^Piurd@0t0{W*TD13>;T&tOMb7*_)H;{4qZ3I~K<L~*NT5Qz-
z9Qw&hzz)3>rSyw0FZPa$m;=cOy*&j!Q#HQ9wwiJF&s&RPS|YYmd6t)?)*C)|9jrIU
z$<BB3zAKcoov}QzGkQL0FRvc#Zo1n0QNeaJ>v8F{;-;0%9<wgkm$MfB;aVW@HVtbo
zYCW1obD-cZ8ua(9#tsmMR<#yuiE>!H>Dmc(-I_90OmnEo279eDrB8<(K0CXiRe}4v
z0v#|L8ZtjTIY(9x^>$;RyJ8wtg5ma;#Ui)f^pf=yeXytWLVax1qE88tPBoL_W0wpW
zLD4dbP{K!MS9~J)+JgfC;&ND%`0a@)nncfrveZ%*BHTRd63N`^4uRDg4JAI@TPkj>
z>VFf;RtPLoUoP4cO_#79p3W>#Xm-9+CAE4|EpM+LwVe$cd*IM9Dj@PO^XZm7ZpNd%
zuq^b`Q<Pa>ra{O6$XY?Fibc0SnANg+xZ$V*_Kw`9i4Tq3OApMefuVy2hUDx=b>(op
z|LEdh!x|uzR@cDsL%jOo6>+9Wq*t~(kn3UDe-TM{xiXz0k^33qu-S}1oGgapcM~XZ
z_QxY)Yv?6;C@GeG4?q+9r(J6s_7=_XZc#1X(l-1M!MfK%v90;6|J@dc4kDty4gw=!
zO*&{1$jH^Ny|nZy`za});lrsG8(Ak|Xns{f5z(9G(f-YJJMEvik?<zru^H$IJtf~H
z?;r&pTI!3SwqX3XnyMU76*X|?$6Oxm<vas*nk_`r5Di;cNF_IGsnhhF1m8_fWS(E6
z<6iFTHCB|!3CxTrMTm{Vmrcuj9obX^ZtZ0)b-5~Ev4-)TBZ=P(jFao5H{s`W(3Luj
z{#6_QgWubVcvq`wSu^}!800pe#<1!7&?@Y$V#Pa2{khk?;<|Vj(_+USHULt`Pkx*q
zw3Y*KC8N~DzV_kR_<3{TtMSbumxM_4->v{V$rcSzETLA4Z&l-4e-pay08H{}6U>1$
z<BgHaI%6*!ly4HKkEj<CQ65lS;D$<b<Q<%b!@6=Y_)+x(0u9$8Yg;~I^N;wVp7)$i
zC|IEZ*p|tIGa6DApZjPpMf`AH>q3r?V%pHX+4GO4-E3Se{Z|Axn=&n6>_1{Psq<l5
zbARN0@i4Z%#)Bc!Wg5P@Gf_`704=u<Uf51icRPJ5deOM*hG(pp&*zrBn+qRMU}*E2
zez<&eTj75eAC0mc#{7t+NkBQKw2T3)O(r!mBL1NabUQC<;c7Tw@z8-CE~)sqknF6+
zyp}yRT()xCH8JSc8^Fq&yUlX7xnGW0GDLy5rm3b=1vRWM{PMQi{&J*g6>&FUigf{b
z+9<4jHCk#NI=_l%Yklj$DF{%I8e=pky{_)OY~ySQiOJmgRb1J}W+AEzv)=?gn9&o<
z77$Zc)N9);>3x#!$O>4>D7bJJ_nZf~#%m)P`0YeoI1RBZka&8$?@skZ?ey+W&uHfH
zCw_q*ZVZaqy4ZHac;=~^fN^QAJVvu4tyQ23HsxTg0wzUuwE;aeZ%!V4`Hi50cfgid
zhUXtZu2a~O&Oxs%pOHS?N@lZNr)Y_fqNU(tt697FJgs8-%PWoHtQyXS1pv2b$VN=V
zW0Kk}b1=eHzp@P$oEI{uV3-7MqrGG<j!A7(@m56-OieWd+#Mk6t>@H^^Kst0+DC?R
zrkr6S<=I*m3Ze4#_KsHF<5(>TJ&cQ+17}Bv+I3}(+CZ7s^2OC(!JuKm4ngbF5<Q2=
z2RJOu?aGH5;gnS<_Elib?1hi<hTAhjX+&P!gzTy1yQcc^%T|s-572wDU4ekxQ;TlP
zSP(G9#U<k9YePvV@*=-_@PW6szKvVZ;b_9c0J42Kb&+p6h0@CYvW|g`_dkvP`FfzY
ze!?`29z|p_6Qm$)^$o*PkFTFv4|-wSjzqCnT(pd&pD$}ryEP8~u(0rz=VPsGpHM!=
zS`%e3P58Zm)$f~&pOpi*zgABExR<A+fn?1ZY_~6nqa<ioW??_z^t??ELG-EwG3UK4
zR>QfmmsJP>?1s-WE=zmvpo-Zma)4780T?c10YHp)h`&RVw9=$4%tP90w%YrX!#A4*
zVp+dwF#;w^cPVn;MS-=IG|hPwn1zpnZz!gt+zpuv`fJoNz!VFi3F-iJt=YzDkdqr1
zhr|?nrqUkwE}@B4KGMslFyRtroXr92`f3*xegbxp^t5$(E!6d(g{I5Uj9X%^RmG}L
zKa$~XWe59sNSn3oENeHtp#+{cUIKnzDTXr>o7WADWhlmhwxzfy#(AE7)f|XRWs5Tu
z>DGa&uRBlGQ?Kg2MnPR`RGd-LR{ZbW{Ym;TIvlg`burb5hL}&)*_&z@YSdy6ZU<+p
zerIuM4Z>tA*FfL~{s>nF7m%U3__8g;$i@CLB0LO^xw&{}(#O(*maQ(&_s$cWBsF!L
zXsAAX&#`-pG0+_|hMlHwCPaTPBt(L&>kbd!mm@05wxpe`QZ28HxRvztNofh`w+e>M
zFD1BQZ+-)~P8nbqQUAZONYwL>XaBAT2dK~g*Sl^DYI8UI9R+>ADxdjBSzmZuH~;7N
z|FM7UZzpbC=q>bCKN9oF1GrcGuP5UU5Ls2*tzfD~8X|Xuj&^vy#%<n22LJQ_QCm)S
z+`_PO*-+MGbGTQq&{6#n*2N9>-EU#!3y%fexrukwYE=2mF~PG)=YPKH^kXLINLQt5
zgqA3}x|bZ4zj|=mHvL<GCddI|%W5g+!*L%}6K(J?zE{0;On+=^ZdbYzUI#%{nswiw
z`)>${IDFk08r5&r=cjik-|iBtv;9BkdJF5OY0n}VJoFd;rAPo^&BQy|W0rT!?>r$F
zOonx+mregTp(_O5?<@lLa&)_XjsKg<b`F@5U@cz$@x~d>tnyE{9u4}R_igxI%a|n`
ziD4a+U6-0r3z5ZtXX`6ok~>!;X#{bM%kH@w^XPZUiyQE~AC>ncxTNOaGPXpcR3CZH
zH6cuPnbTI7)q^zw4cNi@Wwqm+smVSM4Fu~)!%A#`2y?g$*t!1eiE^{?oV$TH1q<t7
zureN1dBmAji}8nnb!Ek^TJWq|D_kuiq|syY+<%uyR!Iw8jyw9`uNy&S#PL2dRizNP
zce?gq<%uqngm2wj%;uT7vd&l=@M7=JqwLshAMXb;siNYBZpp3!H_HCI7P4d$F_+<*
zAdCvsz!;k3VpH-oEzC5aJJz~k+rg%~tm{(9h`cR!L6CfS(-ng^;k`RVyd9Hfp%8g+
zjR;2LKI4(f-gckk#dTy1-G);~*gLnMivJ_|_jafFgp=(TCk&<1Re2J66d-raGFynq
zo)m|D$KMvrQzgXhQ}3s)e~vdS>{0`qsF3l8-=rru*`p7h+jy8{YE?LN(LS@Y)xjcZ
zaJBM9X)@_<sUN=vf=+KEz2bBTOVS*W6R9s=JdnAVTE_AzO}^~^&A+nrJpR-LBB<ft
z0<q2&6;}-|)0_+{+IYbVyF1)1Qo5#yO1&Rk|Hx|Gyle6HKXg0QTb{ik*?21<cRFMF
zhBvx}-f1xB;M>u8;1y(V@bc?_UyQdrcSDl#%0;G>5S>tp4bu6EZ)0}ltv|0&)rEgr
z16jJdJ$0!$^*JQpWvH~$mlmT=2+`Vodu>5auu-_|nQhr{YS3^0C?W_Xds?^=c-4GW
zs6&W&_T8CZ>jqf9FA6n1&l5AY(!k7xZ&Rl|yy8Z{^b}tYz0=00zsc&%x0t*=t$pi)
zjM!lStz-DhPY<}CUi?Om@UyKiLf<}tZb<xVAtWK;U&|{uG!a~~R&j0)DO`Wnhcdin
L`b*`{PQU(dSM?aD

literal 0
HcmV?d00001

diff --git a/docs/static/img/go/api-create-auth.png b/docs/static/img/go/api-create-auth.png
deleted file mode 100644
index f16980baa91ba9987730c23c2c9d008c85ac7e56..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 103599
zcmeEuXH-+$7A{y&R76EVK#EF{uF|A~2uN3uUX>CcK$PA?QBjaCEkHo3l+b%ekWNBP
z=uzo}fRxZe;BC&m=bn3x=Zx`wyfNONn=z8?WUsRK+H<cp=l6Yczki~kM0Jkg92prI
zmGa|9T4ZFW3&_Y$(w(IM{y_&_DFMF7owbx6k`*FvECD}WSm`TUtE-c71KVfG$b)Uk
zP8}Bk-VDH-jO<kOTe362_Z8s%B#oTxB=Ajsyg%*4?<G$cq@DbI`y?H(pG;0$URfFV
z*0yl6vT}5`fw<^%oh1SlF}Bb2UG&w}#4R8W{Ld{RFRb`I99|w*A(QkF2R0q7T%NOf
zIM_Qni+f1j`mKaGuzmcuz%AC_inxHKZt1H(VU>qCS+R=n-{rr1OZpruE32fFrM0-$
zBgKDL2YyN2vT<>FDJ~%3?(WX-F31mY0tws`6B84-dtc!GeLkQBpR=c<%X1GtN9WuB
zYUKBJ9$7hCIN82*v4uFY9=H4a1;o`w>ej8}j{fud*Kt~T*#6Ozqw~K{3phc6<2?fR
z`0on*r){9B<nh1aPi#G`><u2-Isn51^dT)Oc2DxR^1tl)qsRZMssBgKdqTqZ|GVmc
z?fPp~9cL>id58nhr;GF-m*(G<|9j`ZD@qC+pZb3d#lOb+w|{|wmOdvb@Slq&eeMY(
zK7))*mQ4AP+%pgIm8mnyG+*hO*Ok_oPQ8}l4iUO`>FTMgjI^1mYYHJJv>wUk1!_Ht
z;(r`<>zqi)E!vRBm*r%mOdmyN`?EG|VnrADmHFM{>rQpP#U98gMNf^5jjge*A3_$U
z*}6a8KC=46>Q8p!?B9O8OgVkUY+=*c>(nJ#GV;Iu_&`Puo<95c)q!@O-;`|@=Y1QX
z@we?CcYLXMUg{qY;1cbLQw6Ort}mYYha>bq?*8Qey8qkZ`QPCGe>J^GAzm*zPT<Z7
zAUmy<t-{5nl^JQ-6|Ef2rp)#<{Si4cea#5JStBo<fa%B01ys*i8ECF|NifR0#F+k<
z>-nghj2!ol*_8icK<DMhF(P4^$}#PytWe2fJe->FkD+w@ArxT9R=OOKO*uwi?qD{W
zTZdaYRk~qa%=5==m_{q%_FwNZ|DID<th%F8Z6bOo!d7p+yiK{Nw!B3@m_*;ksgWFc
zenDXJaeQhTSRKZjo2j0J?v<6<Ub{y#tNBF!#_M0F3}Xv&Cw()Emm0xjCj!p1RcS#j
zk<kVkDdK!e5jWWNnOIXO2qUUf!<tN7zuvF@jHhnhGB??1^gdY`t~uq;n04#K+1JLh
zAYD-R$EV@UBt4B(@oO8~kk=F=>ZIYPQh(EiZ1wqSX>(EwF~f2?nL5iGv;E2t%!J7A
zcydXWwf?jaRcDDs$J`1%?WGIWnZRL;#036&7O(64^G~7;?t`K^nW3ZC-B*A56v%<8
zbiqt~ULTlM<;VhlUhO|kD_~mR*}Hs+Dgs%qtLd8cH?!M!-fzqPgzwPs$FU4yb6?(s
zwm-;Ds{j=n;+F4u6)>t6CONn5=8)cBVZTCpj~I3JVX+YB$lmse*zs|wnycyCtZ9&`
zRI2k+b6p|rU)QEA*HG)2n6QutM!$DZlbra82?w$GrcQJ$XEa$z?c|ivj;b!IUnkbX
z@g{2vwu70MP0XXNh?5hZ>7Dz<m{>0%PrScB*9jF%mbm^H%Y4V+p*2+8Aeuw{MP8He
zmdTQgO@imDfIewPQ|8Q|{pfHF9xb`CpFhQ>v~3@K=hd*(TN+M{?so$-b9JX>68yGt
zLpt3b8?j59bE@%{YmFy2+S5LjTH!8&h*f6D$jq*2@gh8DkDoDDgDI0`lTbuMT@xF1
zJP#j_9wN$73j1<foms~CaHq)_3C3~?f}mCehrqT4W4J@6Mv6+~fluDpGlZ_--p=Sf
z)YQi4ZEBSWN2WsiIv;~@CYhTwoW6IQ=lyW@X1jeLq_eNn_KLv_0r|7UX-r%(bbGz1
ziCU%A+My4Og>rnLzg0E8A>+BS1T(EWK~F>UPbkcpI^UON7<<mG!X~25eJzTEZ(MbH
z!ZB)HSElh`S%Ut){Rh2<aDmEb&K?=wt{6_y2?5h;)~139Rw+cuFs>rhRB3fmRF%Xb
z(D_OJXf&yBCOAgPh<v?GtLiDZ2#>)jbU))_*U5Y4#MYUlvY+@_C!;j8oc6|KwP(H%
zWJGxzFT+~3(4eD{Ds2G|{=tAl=W$D!E#2`NGG8d18XRUQ!@93ttX?uLa*2-XW9(d&
z*-=SU;uh<eisr0RyFm<}Ok8sl^W6A&;ku+T2lQu2naoYi`vy=0r~NHkF$)u!)4wj=
zXO#jLqk3MhSl#d)Br8Y4Dud8&%hXc6evYUDH>2X(N9(sX<{2A4G;ds!Niw&5yJeg8
z;tgkJkE(;!dNj-2WX)!H|Iep0h-P0cE|a|1R~vGQFL)DOJ!_q$IA!y%MHsbA?c}Jr
zhYxV#MD4e|5M_=%hje5Devr$~g3a)*!|B)5Y$zx>uGC6JrRBulY<>}4=X3*6ov}x+
zz-j#4tg*)25nQOyOf~0fl3rgDI+QlE0(WF?Le$i~YXZ@qgqq!3GCvJDlJ?NoEiiV_
zi}EFI8_6|lX1@G%u<>L}E6&Ihm}g5aFy9}~rRiaF$O&JF*$r1#!w9Y=z0vsjpw3k=
z-RUc*)x<V-j`+2wZ^`Z8FnGb1y+l(93x#~1d~tf{Xdjoxd*Ju}TADOx7E86JOTBce
zv|QeB{RZaDcqD)A&gxG&t$aV#qMaa&@|SN4=XjcZ=6hq!y&u*NXS-?-q-shZJ=|Uy
z6HsTwMA1!1f~Gt?O|sRl-#kyt7d7pRReL;S+A*n@{`mugNdJZzH}<I5xYot)wlhd0
zCQyN8E01m{G+C@vwS&&6dvsm9Pn{X%g+*34@*AXDHSFo;{-D`Ferqgs*;85fHS=Jm
z!8p4LH=Zh(Nq-^p%MEYL8Sw6`e!hvl9Jq=ipHN%t{@zfnRDQv<)RDw7W!c@<HN>tI
zo>U(=Qftxjh23d#f9OaPAv@LSzOQ<d=ZQC{vEH<-Koc&>RW{!nYIo-?G+)=NySMF-
zfFWpQcA99_De5GONZGZQBHK;3ErtUO%B)4mah|%(Uai@D1BT~kjT_HMk%ldFSAPsS
ztsZ!K9t@nZxS$W2EY}fQ%$JGy$aA}));$`OFEw+mSlXtK<Iu6?#ipR!!Bw7w-2h4b
z+DyIX@tuQL4dH7EZ7xz1?kiVG16r(5X_{g*cz<yw@s+Dww~Q|GR6aqmH8jQR0U<|?
z_-G|@f@!=Wx@x-SN&-g3pwu!>)YMx6xN>VZXdE?#iVN40%tNLVMxoyXY)9s;hSZwK
z<&)>Pq!_Wl8hs_^<oHgtbr=rDC@Z`y4RT}GgsXYE5E4jh-u@_D-5R$|<(7|YnjW#n
zdG4dVL0PAu4r9VvWeH7o_ooKNKB8oTKVffkp`e^K*Vn5>^;h?q)#sFPO6z$1z(vD}
zC1#f<Y0MbLG06boEAXN(5}9x>Xk=%^w8f5CyS;X#n%b`KwlaBbrm@;>IPdA#Q~kAD
z9wz+BO_#vSA=Tp{sKe+TERQYX&G&gDLGz|Vx2R0DL@j3DYWrk$Uc>s{;jV<6z8_qL
zsoG?e4r8x!X}9Tf7Ba0f#k@AvG$z^T7rkw)K@78;%+MKe;q^j9Nd3TXuQhcPjI|Rp
zpLPAv$}s$D)A6Q<g677dfPn8qVkQR02iA>|ZZ8W{!1_6!XhFciY;{!#TJ^e5(D%hl
z@$60>SdKmLju*XTT9ue(XHrpDo|Rb-B%iLUMT*h#sL)lb>)dPaIOc{k9$D-C<*ab5
zjN8;@`RTh3M`h5mmC4e<@{F=W&WH#VlXB-x6@$BLG<CJt?2jhO!BEJxn!3obs^=D4
zNe_{7<dQWuHF*MmH_hn<ygR4QvvHd`e%&xlL)&OkL^O^VLMJ?h-Z~u+XN>Mu>+_tb
zmgCDc?|UZgwPjW`HZrb}tw!I+Ym{P}FEf%aJu^~Iu`Z<Wby>Kn+Y=mDhWw077RyLf
z#_Qbkr+bysQ$?9lk{2-gK1Mp4YpB4d0lle6XxLODGG`Q-t!@R59pE60B)rIk3vH#T
zl5xP{b;e@1Hg~lvUQ#6lxt%E&ZC$Y!VR*nZA?c17RKxaf#>P^QmzCQdg~U3}e5miw
zd!IOhuMseY<3MP$eo<)>ZW1rdQ?&PLZ?^T-#=^Gn{YjOunBMLwQ-n2*pfj{qIF!^_
zs@cWQqgkDOWq+abX_wwExo4gh)4)9*SLiEcFyE8Ud#ywQRLN=DDPm=ukfVI`eT-Vl
z5e3bCS!&gD3t=SUw$VL7FqFbPS;qM4!YWo+--O1-;3wR>Uzf<MpG&!zk`XwQ#Zq_&
zg|>BMdErRwFkatRKV9rr!n?b#y|-H?CWrOV)+79_U&MXs9+%wJQRjfKs_66}!z)Ii
zSI0dI@Ncg7U8FmRLBebc6zKFXlz(9MvuelZrD9aDhk9B!M;&ZTjZGf+^EZ+kr}*Y6
zIO`;Jyk~h_6Re^dYE6}?9WQNdly=nS%8zoppQ$OZ=h)OYyI4VII4pGg&G~D0%U)13
zi?0}%z=U&os0tF>89t5}WHcQ$sw#$gV)KzEZ_alnqq6l|CT2N;%M2R_aos1PO=C}b
zTu#0BevNSIrB{y16`U_Zl;#EZ0y0Ig&gE?_va&KXJ9KH+2@=!e1(<h8O81v(mWvT?
zPlOZFDk!4X?mSarE_W&bhg|hdwd{!-;pNT6AA(Qs3-9doi8(*6b+Kg!Ay?ANitrnY
z(6XTlI7LXs2WAO_w~ZruTKeaW;UpBMut?NH_uwvOw#Tu*Jgi|%Qrf5@{lK=*K9xxD
z+1&pc@6}zZVAeSkA;p$caQafk;)mr>Isw>1<B^L`O~kVjt*zl)0|gHC#P6{i?NyG(
zMe?r%Sqq(uS^mZ)P-J~^0u67mlK@qG+2wCr1l-m6f<jBaww&|l3d;jg0Ux<hB5|C|
z0-O$Th;`P`<L7fHq_5$NgU(PZlQ^CVM*F&RsKXw)+!W)3P;Fh*02`i2sqhAzF>LD#
zAEt>KA8NqW;IG`30n2ruKx#sD+Bq6l%tnS~&#>1Y4C5l1bp5?>l}zai`kOsoWA*HI
zig_URlz@ZQ!E3txN3ScO!HImUH8PE;89|Qq2KesQT<3sAG`lm0vwVA_*o<fWbY!*1
z_rMz^)?~yuJ|p+e{-~Ku`MS9Kc8g@#DGaHC!ZAjFO<rAr#@?WGg>xWv&&-#1XObya
zV7#nPJ11S5MT&Ug?s<lBqELd=mu~Vk14op1sHf+W({SHi@6<zuFN1HKEsH9e7lI-b
zvIa|b_Ppy|mP(uYOeaDNJZE?$N!6YxsKk-?K<YV7Def>v^f_*GMB%;D?G571=YO64
zzll>mdZcm*+G5v7vRf!elU35D*dkn~wBm~NtpeS23eqap9=;NHmW;SIO3;%|64ukz
z$3S;X-ed;EhOkO2(CH12b;BrTLu;_&GO*j?QLacu0%EdDFZW}Wb+TP;2z_d=8!{i|
zO5Psa9T(z;{wl*8|6KPQp_N{c1b6}dQ_xjmR}OtH#VuGM-#UHFuBoQa{&t`Hc|@9{
z*3!09olUR~;-EZspDm^>j@b$sk9`-u#HVX6p%lI{FkTI3beZ=kwd@L74xEQG3vQ^#
zWbBtHF@LNp_)3L2*hsR~-h6<y@B55|E-*O_ce^5NrNk?srWcQ#+cFIXt}=_`3{_#n
zxpUj~RWO$aFtq&1u?49UOXF{m1=3axN_8%4oICM%tOwsOE)4MlK>_<wk8hd59l`vH
z#jI@3fuswYbO+{o@3#}CyT2Z45z&J=9jexfJDYqAp~z9Q?U_6q*O@Xo6N{uomek76
zp})p@##H1ORB<?$zJtY>99R@tj(&ErRVkt>&=xV5!DXT5|BCdsFM6um%(&zWP4u|R
zo2MmSx0?jv-i_jqrQssT*%=dXpEP=y!A;p>Zhj;!8#GpLRY$q6o3GW<+lwD^FQ&}%
zL~|MK`#Dd)qRH`e3@3QnFKkFY*;EDZhZs1|cM-L-y;tv(Z+W@q87=S&nE4S>FpW>@
zAE)xC3?p><Y*j#M<F>5HVMkJwE@~?A+^=+slurJfW9H?HklByC${mS<Db#E68$S@(
zq2+lIn9ne~Mi^(su6j4Dg0eyZC%r!16V;l#c;WC_u9kr)clwd5Y#J$9gyg(54lMUx
zm8D{jHsz`uC%#HzhHnVx>)lTcaGJ|k?yE(0<qUBq7-J0Of(G5hlL2?ACn9tq<Z!NK
zeTFmhtrFZ8A>lA+v#EDxtTZdqAXRNpJ^NYyl-kzYkT~}a^|&+4cWw^lgx}lC5KehF
ze+6T{mlZl)R?$a}mhmds{{B@2rA(~kQ`1;OAsC;s`0VDIu**g4>(S*Lsme#EQ9L;N
z>jYKZeWLK9K3L^c%A3z$HBP3J+hKn&mZL4&!;@ZEKifxBRbd#?q<&(sgAJ<Qo|7=H
zJo4@y^h&RM@KF?U%G5P*gzl(k%pr%TpFSBc-gqmfojShdq_=7;gL-metho2Hlh5H+
zV;iy7QSv4qe*#fK#_9ZuLjJ?uVVVe)DDQJUMK}=;X8vu@1`$Jn7vk}dyE>pioNI&3
zn1nt8uU--8Qh_*VfVJvLtz5mnov|h+Wp*a|j2L2WAl>sMsx{f4z|Mm$flyki{cx6o
z<B7PUlrJq+0%5SK7$Ca5&t*QW6q-G->q!vME#6mOX!tZiGJfkAM`yaiF(h*x3=i&+
z0TnO`FCoU-lo1M7XkfIKi|=+GLGK$1#%dY{Ku`t)i1B(}6U1152f}B*5|2Nvssa<r
zRS&sFr8Y5_K#+t45ZTKrp5!9iw)xmqWWLvRt>F~=(yhPX+~bh5m7x?U!3AFPrY)}(
z^rq|5bY0VIrQ;nNjaAv{HB+kH`X?v=zUsOhu}OUPo&A>>gZ1Uq>0>-e#_Q2)tvk=p
zi;FMpg3fHkEmy!2ud<df?a6js+1Tr#nVZwwr;yUVSGj47@U1mB+)gS@B-<VlKZ9@A
zWHoMoL<d)M%<?X#%m0AYd2NOlLI-9r7)vd4KK4O)5vM;_^?rHBP#pd`df;3wSUfUj
zUB6BEN?{WCSAg1`5`cs7{ElA0tsijCvJ3Wg_U%Ou;m2tU8+w{_*VV1E`um5O90hU<
zj3;aTm%hsfPx*0e{kk&VGXB=xZGPGBlQHv&v(>8K60Y3=LiLo)Vy7gti1eEB+c)(Q
ze#@WXSAU)2Stn1Q)ek0~9gsQY_=H^D>{XizW%NA@iUImBA9v4xPTJ4S@Y4DfTMu|i
z$IAY=I^q&Z{u>2dzcG3V@s-9kpbY?B*gS5wGroUHr>~YIf?!jQZtE@J(D%I^CXEUC
z%LM0N2lQR%eXuBXLiB?_e_H~FI)kA0Zf{~4dPc0q<9oVs<I1wDh5UWL+Fej|rgFg>
z?if`Sp0!GfJs{BQIuUwvAnWokr&JvWAo4|7A`1`60@8kiHEUVZDXd&6O8x~udZz>w
z3g!y$Y$pzZ99^yy{yLn-+>ygsr0j{atS^Jk+1!ouU!fA;H5U2Bo*vbch4L#NTyhTh
z6)ybkRQ)AR0VimYy!bb^_#4)FX&pG$+kWqAWPdr0e_2a26Hs94p2pUdUuT=&O1$$R
zKY_k1(`L;2%i;YC^80oXD6o2+)9d|TM*sJpz*zveEz1l3OaIWt%V2=QaQ{Hl@aP{H
zmRqL&{;qA*_vqgJ-sWG>#%g(g{|brr_olc0itzrs!es$~g!vJiaQ>gVm;_jwai*C^
z0+)Zii;jmb;2j;SIn%m)@9BT)V)YWMIX?VVdi+0JE7`X5mx{x8Z_c0ihc3w70Vc?;
z<H5k+#L2%64C@cToR$7(4*xTU|Cz&oO=tfzhu_U1TJhjo?ZFA{EETS`Fh8EO{9Rm8
z&|u93n0$n4M`bO{OI0gNgA01Fp0nlU@FaN(Kin95mB*_p7c&>@S9;WJ_KKNC;~D_`
z-I~Gr8bx!ca-X4Qj?*yNf32_+GOevo>$jP>q?)unHJcFuN?aJn3V<|XecWeb-8(d*
ztAfKQLl5mZ^K^1qPnxaWR0_Wl8#2Ps{i*fnwE~u+aa!AHuKRnHz%jqT-s5*)1|aP=
zj5w1;<{S7Td_;WHGu5IV8dmrk`03YvaS_PgQT@DcdRXG5Rk1PTr1$+Gx^o}<R^7;Q
zEFyn4h+2kfgsV_lqOS6gcWE#y)(q_ssg&xo4ND%{WZPS-mxl=#@`#(#3ueb7CZO@D
zdPm$bImpP2Bj(M5Zs-3pp5Hu=!W!9hHL(q|#(B`(Yx47!ebEM$g=Wl8NJBZO$A$F@
zC-WGMvUE|xAB{E+Gy&|C#i$~`7BZGDkZB&^Gk+rpOV4+5`UdmN9vrd#;R7S7at!*j
z|9KbGJ@Gp3EiQb)NGMKpzww7l(ZksN(id}f3j~6f*7D(xjgb}G`7M*$otX7CB`Ij3
zt*>VpRG^GBn57ymtoI3wR-lTjw4Z)V%WHTG%cp+>U*7~V<)RnN6rB)`-20&_l`&Go
z%y>B2s5qFZ%(Re8keaOC3%$v7RNeby<)h}CL_rP}03J$0Kv(v)SNU|NB_ozdKb$@4
z&Fo(4p*$fa-UrOyyQ#Mai*1br$}G`+sqiWB?ncrX%az?+zlb_h#+?;?o?Pvm=&+<p
zl`$nAvmwWN!RjKRJTvVp>?&9B^$RGoNO;l3$X7HO(hF{HUhYByr|6jfvcTOk^Z&@o
z&tO5tvDo`P!B4lygf2RN30qZH?l^FV&4Il<YG2(nvL`-cHOs{w(@iP6UzsE5i}frk
zDyuQ*xrlTYmGW%Vp($G3UZkDIlt7PS=~w9ZO}CbbBYp!F&JsN4Q?d-gpO<!?<!Gk5
zRkDcf7i~%!!xxEOYmFpigdZFQmsoHSFhcXrbF>iGsIK`!gVWorXtB;V{-gYu7mB+b
zL(|ScY{YN;k*R4d+5uf)KEbCtuXdk6igJtZow10Jyn{Ej;ZHHO$5)UP{RTdnsM=1Z
z#nBW@m$^4l!Y0b{gga#x!%PPnA+6t=C`C7_U*Z4c1~i9p$f{hT3)`*5iag!}*_n+n
zFCb%wD6Nf0Xub|qBgd2P<7sG&m0?2f)ow^U%fr~x;_s-FB1Ie+%6tL3N!`oeCiaU@
z(4l8zt#{lR6<Rv=GZ|&`ttGuAuf}@mpG;gP%hH~>6!#)qy3J`ACwfySZ~Do!2cmAJ
zbkM$jTXDFTs83zpE^*A3yVF70#tmF`J&IOSGL>7$=LPk%2DP0whHY&pzIXQ$ZO)vo
zzR6!kmh>vGVyWLm!w3^K4cnXCi_K4Z`*=wAWBr<`vm@13yk}<V4GFi&dX3}<B`)|$
z-7SHuJ{|k;y27af=oyaQR2T1>l%-G82R>W5Agk7PK8*+-NkYQn3NB06jzPj7A<;V5
zM5&?V`4<iv@L7A09i?#WX<8m9y@QL@Ar-<bJMU>Y`{<eZ^$bI>Mr}BIKq?TE9k!g{
zz~FCtFd1q}oZ3jQx|UfUnsVOo<SQmKdn?Gro{pQX?J8llD9^0t)wE0vd)7yuX?W+O
zM(3(whhf87f{%%i$$O&^3QDu({k$5ktg?3%0O+7|j;@<!i~ZO_Xp*J8b;n&-9HpIM
z&Lq3IbDA=%Lf8TwB~E<=qpOdw$rHHG*NnLm0N}wRUrAmbD8Jhk!!CGLJKJ~VS^+xD
z%(tOAQ`>HOzk4Ujkvivy!v=ciPliEuB1)k70`4r+j8b=O)VOedXR<)k`*V-<%RIoC
z&%D%eTwI(53R7{sMmHH=Zt;2^#;bBmZDy7!gC@tUHsc)917uO@=hLJJZMU7=zXzi2
zdjzcq3ZGhVbjzS$xWg4TQ)w$se5c`rvgP|7emy0-rAZK0s^Aw#XOnpRPKMGUp3$JH
zaLWg|N13nW8?3W6QtoOA73XIiCAHR{FsQ{31ow0gX-eDi_3Jj5H+l7mClbD5O4~J;
zuaX3JFVGK)nR?ZO=nuDX(UJ;IWsBc_u%tVMOti}s?iw8Pu(Q2UQ<<zDZRZNtrreuP
zvAD)T>=m@7B@Y+nv%9fSmisND6$8!D6f;C>hWVYBct|wc`z$2@f%*RBbguEba;{xp
zXT!|)ge9rHkHaG;bk~#C`vwIyy;b{0Ks0-1906Wk<neT@%stgd4B}Uwmb$Rsh&n^P
z=s+8u1ZLX#ItlT0Puh9IAL(xPK0SII#&-yC5mw<ksO?QjSrCnkT>~ieDi`kpDkWaH
zsi2DYt!Lks+H=02?x?BL?4hw36IJAj=z9|L2-#ZIW|QcI>m;Fei{mYYj&Epo#Am&n
zTARkXWU(@%^WLj*bLi_D71mo5TpTMFTiKo92Gcn8q^hpssF_C*2#eEEsU8Q<m1FN`
zji9izeN{?|-l&NV&e^Bf)K<l?nE3H35kW+b#*L-fciZ*?ktnk?YqvUa-B@nPo9rQU
zQ7*PaFa;{5h(tCV8d9F0(9xTCU**W}X(fc3$zssiL+9Ohg|Ovoecl9J9;L&8rb7`d
z{aSbuZ%0JxyYFYCR>n%ji7rtc)ggYIHpR7_Qcp#((K(Oj>ovDV=g_yp;DYajsT8LS
zN9I12vd@Wtw-3p|>xL;-l5SsyZLq48dy`*B%%+OgEJzpVI-$Y#)1@ZXKKG4i`An@Z
zBA$J!m$V=)F8m<K$t%!d2zoAYHGY0*!!>27Se^5f&s@=imF9{jH_5863r&>kuPzYW
zqd=*i;eQV1zWI^Unq1htw`J_|iU2b^sX>|E(l)QY{C+-uWXuIsWq$>)BJA$?eozxu
zPQ&nVNY+-(3Z3kkUdC8qvm9uUs&NGhb%FxKsx3A*r+3$-a%i|aYg3I?hwk!ZscW$E
z=JT~-pT;pKx^UX-r8~HpK+n|2CF$-->a~|<6JBZe2107jCef<Xd`o;GN8B0PqD0=y
zj_!~#LlQM$m5Zzlm#TWc`zEQq{F$`YC|c%>$8Tpem_;}Y^Dd*7rNWHre@6Q}7?Tiw
zi`?C&>#Ud<RziKH#eZcNrdt!#ROsXO1#|&>wj&HE`QFW@qe)g6w-o?g^@dSW#Sv+#
zioLRxi#y~dhR8lK-Pw`UfZTajFx`C0+tu4XbaBkLpUkCVyiYPI3Lpm~_gzy7<JL{P
z>p7`e8m;JT>SN`EwcmkX`NunkdO;l{b|S9UFIh%ONrLjjjy;?AoRKHy=O%(oU9G1V
z>gSk?Sj)F<JJT?ag20UmpiS_q3re<$;$_p`i`v}rPtFieusO@js%OFWW?~-I!Svbn
z0+2xM^~E2b-F!(OENg1ghMxIILjz#8`-#+?VQ#cqE*jQS1DiW|nYL3ac>KKvffwV2
zqSk)K2U&Z}#S_IW1c{li;Zn0RsQJ;PdS=(Sz0c22_K7s)W`qI=_(6mo6N*liwl~~W
zw{~GcYbeaevEgWVxXK2;nkSs((f6nlySWamK9%`Jcm+ClK%}t8Tq}sh59BRTecVp*
zPE5LejIt7;fZMp$RprzuvC*xm+IT++ggjL70V(6cuXe@s9Gc+Nm>Lqb8{CHUweS39
zhpuX!?omq*j{brrOkO(ibVwWWPPO5lz<qVtFo!-u?i1iZ+6AV%!A?;*U1aX>Xtp_A
zKuowj;CkSa(O3zkJrteLtU9XpD5NPct+7MY-+TF)@)o#R6SNw}Ed9jA8V(td;lrG6
zDz|BVbkbMcsDCvA;!AXu;(2F-SsE%UTPzsZQKYJLS8dI9NLkpo9NRH_&|>Fsv}xds
z7;D9LHFbn1dR<H9hXiJto;kgK%XRtLecOYVLxB`K8U~)huI+1Ac&e}J*-n*~I44uI
zl-Em}fA$=P{xI};O80c=)o>EEc+#|B^;Dz7dBM6d+m$9x7`1-T2t&E)E=fyJ(4a#;
zl)}agH!{}*qxA0odIE1=5x#!#MyB(%GK+Ybi|}VpXXNK{W>q?*Ti}Rzs9uo6cAy`F
zd6Lj-_l3<jp>eRCj42+62|wtvw?tujS+#IvVT+xw3}2b`xZlt3Iq9N-<u?3V07QO;
zDxJt9k6i{^SK!15Fd@FTwD^U#lC@n4w$Bbmm5!nvoGKq53$fb9@A@2`5KfW+!)OZ7
zZ+2a72qokxps={u@Mu0G+D-ABM}TIenNk;b!Kn{gxJJnYCLudhh}|n@*zE<wT<$HR
zYLB|8Rcs$F4)$uW>E%zot+GN3%N(5nR3=G!paXDdVXZFP2R=CK1b_%4-JRISg#wZk
zA<>Dg3S@RFX~`0r6ZzU_^*}gtO&Acrv6^mv!S!9i7sb6LfDNJR8?X0###7&yX06eY
zG<NtHj4M@90283uz)aXo57n_7KsD2)YQ|oZ>5Ww+fcH!$1^bUUPR)2!G=<iac?A4r
z?qdj89J*jKL|`n+fVCQc)b@E`;_^XihauS;9tTSd$kY~`y-G?$E>zs?>%O3i$*}s#
z_$+2G#dgDhZ?F-bMC+{z$bf7Z#hr2+h7aKaJ8pT4_R~y^dhaM+c7*vE!3(a&nvEBx
z1z1zvs<0zEeekWoc}d&#dv1*?4{q;Sb3E8>JxGk^13&wz79<JNZR2+^6cr{n_QgvW
z8J-MPrR%##u1s}c^X(bP_l%KHT8><m``ac?h~bjRimbIUe)&b{F*B8$O|Iu1pg{GE
z`N7Ys+0Iun6`!BKe?VupG6X69a9yfJEG65-12SwhUx7RUt@d#RrIKa=lA(dNq@G>V
z(V$|5QP8{Ec1C<~b0h$%eu9`F%Ur>v?vSRS-TIN2SWe@Qc7R0~XseI5jA9T;Ogh}s
z>`ZlA+pw;ELUP3HAu%M8EKA&$<Q0~R;b?>73*{`ZN!PLiQ=wZ8fIadtBts9DU>g%}
z)iu;p1_}iyTzO@RnOW}W4UB<g2G(=8>~9w(4mTl8*<f~Zkp4w8`8JVFj3Z}%M<3ek
z_N37Yvo`5_F!Nno(I3RU^TP$+MThr)hB4pYn0mjlv|uJ~GQ4RU?n>}(+2^4`(GxYY
z$l#+bR#XYnrZ<<fW0|)%czpYI-uty%aMw1!2wgC{(r`JQ)Sn74llNu3oF9X%-SGpc
zy?lQ;NZ3_UNymKuCupyG5`-AjK_%+2v~5=bgPE6@fC>nDH_kWhsR<F3bG8xbS(<}h
z!1_Ff_m&Q4*lgVL!mC6Y42g^dY+%gr)`u$cxY3#Z4DgwOCZUp0id1}4Tz`_Z*Cuzi
z)|l7PvYNg3Cqt?@T-bF|54n2KVEaBKz}F}3Nc}8&-OiWpt7Ws>pQGh~pLFJLU3Vj*
z^r(gJF0UyC`QM8L_%iVpJ48l66<)#(w#;B0u4y}+S(sZWc*#{H9W)?|Kf~f{En>^B
z3(bmfRZ|Oag%a=%Ui=cGl~NPWKo_Jj`|Ncgp7vAeQJ%xi9x=4|hHYD4l!J+Q#ril)
z@A(w^F-UWyf6#~*Kd`8tG4PC(3Y{mS(_3mrY0ZZH>i|h<#DITB!zI&zgFTlRy#b+n
zBRG$opZ&%YZWnE+RybW+YWW2!gyqbno-6UB1V{-EuQtC0)@;WsHms}fLn;~qM+`B7
zQm>I;E>udcdx&v97M+PP0E9;lMi8G-PnfW5p{T1*Xm}CiaI<EU_Q8nIn)97dkSR!F
zPPI6-DPccn?RG=SclrW!t#(0@mfL{wPf9-6l}D-?IF1j#tv!xBmF5*DO4>M^aTY4a
zalstdR6nS&t-g^Twp?q=TG=P$P&j~=s^2R+V8FqPMh#>E=Grm0-CW$$d?@V>@0dUl
zZUC}`sY2fpP}KtRn((Hv%*;0L=39c@XmFB}`dsExK>3zmA5mh=ers2$h_L;T-D+@{
zp2Os0gK7lkje~G!k!bx7?Z8*{Fs#CQ4aM?bQ0&+7WP$~)V96KwFp6ug0iw{af>yz6
zepLKK+CH6vGMtNIE`<VVWL-+p4790F=CJfdY#?tjbpTuf`su0L|Lrw@aa@18rvbix
zWL&X|xk%~!B@hWRPYB1lD^BEe*fc)_S=puGDknA;vm-xR^GUSjGXa-UI5q@ny~TUG
zAhB@D)DhIKIP|%#eD{YK_@)TdY9^aci{HrB*}2u-N5J@l%F%c4$sJvOJMYW#CXco0
z7(PI_%=z4M6oNv`d<Z5!)b7jP*}K(T@19+C3);CRU@apY3KbWSg!jTWD`J)vLD-4V
z=`o#^XH?r@-{c+qL))?XfU%FH?9WY-KPOpwHzyoPsm{CIsTkNoi_c+l`;YZUSP8G&
zDo5g9%-{>MN&B{Q3}s|_eybt{2KHK*5747lkE!}W^ZaR>0coB5jq<Le!Wuk5LT$*>
zN7x&7m0y=Xjekj<Qc5EfnSSUx^2MfOOq6nCe-Hk+bAf-HvVaQS;*KKaBg(m8{EvvA
z$^EF7abb<)!g&c`-^y{pjj`UE`AFTq49CGGb?&}bOnL)NcNd4VBK8K7<QRUU6&?xO
zASyG0sjjG>d4b&uK{S{%70tUpwI^A#{F$qf^#G`ci)-ua%Tu4^gXaM7&eK74F;w>C
za3dbK;>gD^S`0ecLk~1hi-ASTAn&;zd^Zxv#?)4)B1_R^F-Vc&k8E&-pk{Fi{m|^;
zceytFV5;OXTZI>SbgB3pjnr^WSKG0IfU=)v8&|um`a%|4OeE5>NyE+2Aiw2mjY`za
zKBR%Y%EmCEx*I7|I9xLmKJg=O)x9aZqu)uKnVBI0x1q)8`B{ytD}gJBvUCEoy2C~}
zs$boof_$1(Y3~mAmL99byD!W&=&}xrn&VftJe;~LzH3DE-Sk{eRGom6-{@TsDAdSO
zjn@@-_b`Q*IMw6S7C&-nKaiWM4i5u2P4^F6WjuX;RuIcX{gL<PzTkMbgVZAasr7n)
z^?30P&OM$2Oi-fpBU!JyY}R1N%KSt}q3@q#c6Rh<S05s+soFcXO=ur`yICC1wH;p4
zhc%$o&C(|U66(#h@v%v@=(5<p1Q*;S(zwY_V6^6|Qh4Ix4Vpz7lEz-{62m}=nd96c
z2315+2!58&21F2CNbABli#v^>KUO5K{e}Phq6_d{qZidZ+|)n|w#a8G0Xd##MXn{F
zn(+wuLX*vDYS%gn2|zo9uj#>gZX5-U!*0!bUGpwckZPj132B(?wl{?O4t}K*KC(|^
z*KWU{F+yT)0fRD9IpKnd7Uy?~V#8yWXI5i4BWg>&ue|&IKIQh<G@{HC@ZrsAkA}yR
zK5;9BAL4{!?^$@!khzE)?6AqdbwOr7nNN3P2<xCp8A;lyH0r&)FFn$v(eG3t4HeHY
z-sHf6j6#tIBX7ur_4AjWZ&B#nRVez@dplNbdPxIsq?#N3wU1~T^cBXSBvaL@7#_OA
zB^1`<g5!WUB!KC8L>scH-{+4mNteUto0vsk85#$lDwnyLDgmVeOS{x9-bygslFEhB
zXVgp)tlwrUdR6Fw$}}P0Y~e?*Y1L(hHr~Wrtrk$L(d-y3IZRWfmE_M|4_QkmtJS>r
zmnH1(HGs>@K1owJCH~@cv12V)eyj!?MBi<FbbTiJrmq+1o;+5=?wk4!c&u!vn^#ey
zA0a4I<TfB%&@h^wE#|S)kT8_#QsMLvTzk^Q=V_340RN&#2fhl{(@&PukYHhqu@d;1
zLy**VYI99qI0Uro_gmcY`P&m0%e~MgsWRK0K^n}EzOjh{D<#gV@@%=$t)44&cKs1e
z2es3g+Wl`=1)laoo@fuLj#|Bm{qn;rj*BLp)_+*qN5~?3C^mn6Z-|uui1iW@D`5N!
zdvtYPdn;ol=mUkoq4%tCo9=TG4glmaUgb{b9F%J?Q%iYHAFSu{RI$#UkiZUsZ0=M$
zl44Jb3hT4v`MUxO%;7$$h&&CeI#FqsxQA^(ktH7K44cI*2IlRXqVE$!ixeQEr?n+P
z(ct}D+3pdi3t!!zvXXKx{&ki)cS_WOU$W@E>6^#RaEGO_<c7N`hkL$z9VdF|aGnPv
zevJ+j8qOg%bX88G(t>@b7XX<h?VX{q5Vw+`+MP*fb{+qQB0#==Q#CBjVcRP!W2$@$
z>RkPyd_$*WOK{4N^+_njxY=_5xERte`ilzZ4<nb#ZKf)vtgTTJXscO!knM0ydnDIj
zL@28ajDbw9OxVj7#TV(%4Kt1w1#eDbV*pni*2nOXhtMymQEVuhtwQfRAdeM^W+y<I
z8VOs3gExACSTCApvw?$V!>#=)dqS#68}`+w$?RNuAv)(zf$lJCS8I<2$0D(uv)e$*
zQUQ<?kc@hy&Ep!pc43Z9xey8EaA{HR<0?`ZifDUA(J-Lec(m#a&fZ}H7R-fo4aDai
zME1FLQOEbBEi>FW`M3&7l51(mEYXAo&*mq>HtW2QLl07{TafO%=6EKZnrXkoIo@Dv
zNQ3TJ)Iaa7EF&Xj#<Zw|!iI9k!lQM18cQ~ydOxd-_P44_{Sm&}Emi4jP?|v3<CVVA
zcR~2i7s=oIRG|jj7b(nI9(>x8Z+UyM)ym>vz$d#Uj=)%Wirc8l#{L91!?!XzZJ+O7
z9g!!(Sn6d|mJjK82REma1%uUqER~D+sXMo)mssreuDH}AFOHCf#|ab|WLPm*qimIk
z`-VmFePH#c{TZlO)(EMLC(h;(H^c$pal<w4=O$lL=a03*-j}Wns^4h(${fz@6HvQ3
zzFP(bd{j3iztk{G-~$%O#ph2JG#96o$_07BNxr$beE3M8bIM-5`820BMY&@?My5A)
zt{yHz5(It7V7k%q_S5b5L>Fd5glWn$2WP48yKRS&(jqHBVXa#mD(SS}OJAm{T|G+f
zHua>S)1-89BEiIkwm1&Zi-Y$IC>TD3A{H+=N>G<m1m&pR_&zIvG0!q>YIw4kz)DLI
zhM?Y-rb@Fb9ylC8xx{NY%*If6bfK|v?~%JB=`GEQedAtX3J+zVC5fKMz$Rkh2{%!7
z=|%SQ)=8*<vU>rV?H_!!8<QkjGfRt;Iyak)ofe>>F6}~shT3N3HoDl^JoJqoZ7ho|
z?b+d^`@(s8AF;XuPEJ51u)$boyJ>UAjZmjLF<?M6kua+<cn%d20+lrixPE$CcbqxF
z3zr%4iQhZ_lVjEyRE6LBY%4Xa*hE+Uxl2=ZUQD#pYsYt}tkzR{5pmgc0)4n)BzvAM
zytEN>tm{;}F4#6n*6%aAFXoeJOdoS@HkXt69^Ouz6?K4rMH0Pvy(53mWcE$lUzMAB
zl&7Q>26W=DC8mrBT}ky5l5P(jGWb%nK^yi8$|}*`B%^MM9~(QRCR7cU!E8}!J}Yq8
z_}sYNK4D#ltYj3nPow+^Z+h7>n^}R1T5F<j+{S?kp98wSXSAyVk~lV<ypJ1S7qnCS
zQ<;WG{M~}%y*#rp{b@b*Vk|I6biRrDRtG=BgJBk;hqw1bX5n3Hl-9xggu*M4R{)t+
zYP%^SIHOBvHY^KU=zZysHsVZ`WwlAcQH&q!C_-#oz_@ak1OU>ky_W;+pJH+dB)PcY
z_TG~2Pe&{dXSed)x1GGZ$-F#W(NI4)r%?7dyMZ-3o2x4YXPvm-WncC#8E!e2E{6UR
zS*KP@Yw`%$xb&^)<Z(tz_q9|ZS9gdJ{?v|;QmNtBXD;8HQlSU!H}nP!^`D$vaMQ3M
zUN=eJ7{Opm%}isJToVXgnfepxo%J$TSPziX<TWxR*-p84@YOndZ_yzbAmdb8y@bPZ
z{jiIDug$T<eav-+8zbof--FOUO6UsKLT`*goW|GsYvM7k;{q=04fLr<ktO4D0hA=6
zdaq<>BI208)pf{lR2-WS>I-H%z-*4s1riRuy+^OdD9W2`)v3!EF{Gi#2!@g}H139S
zR#5ii1sDHWy>B_T;3IQ<Ju*Mlxxo#)@hSF}A}9r1tfyLpNk3EJ8!>=kIAGrO(saIP
zQlNEmu2BJdMi^K1bNmJdN+ZOid^cPVSJ#QV^$XO&O>V6py!X=9oU=bYfE_wFnDv>y
z15R{tD{4xYTU*j)9pGnR8+3@t@wJCUU(Vn>rptP!eTnMkPjQQ10t|)T$Q{YG&gOQz
zrtCAE8u(GfqLFn;dcfaw1g74b{)%CDn6>cma|8vOFzGdfbumW=JiF&+^40mKqLePk
z^q90NIPi2Rkh-un4in7<jSn<#;bqv+BKVXdYM&0uZ_8@Ns11N6PzXvgTrmf*Af^MP
zO)h5FvutW76_B5WP?S|ryP0cXsn0i=al2oGj`BpVc^53;5(2wnTInkpv4|Vr^`==E
zGDmg-km&k+4>6j@7=z^6e)zULv9PQ_7yuLveW7DZ0{kZ1erD9g)+rNZfrN$}g$~Ui
zydg4W^Jp6V?I^`PR)kAn<y9qw`Ez3S=Q~gLDTi2wA_=H5K|R{}EzBxCIO=g-a;U{+
z%?4ybNJHoM!8soFbCJYu$!mQ24lImVR4OxFQsTS<#=J3wb|Fr(rccexH`Qfva>8f2
zB1{%LV~8oUfp2s2j9gAxFIc0ex(L2x)S=NN&#enytPhro7+SE)PVKR)NHTDBOJrn$
zySm)qR8P5iI#k+b+6+##Mjmn-){WBvIha}24YY&nbJOXe7Xjoe=x{WZM4>*>nO3DV
zK9bS_z-Y-qQt(ChSR`P9W2p*EXQ(Rk4b&8z3E+V@_W)F8AtBGxA@#xDZ7#1P3l5nE
z(q0MAB2iOD{&eWa0BTCD-=78GI#@nRJh2CP_>f7SU}CuwtMnJwuJh94k6cQJivzu#
z)gpzr&XTLgqzPgx4MG#}6Hr!koKSOC=rzZx6FF|*IMF8y*ERa&e1RN6nu3e7!^cTX
zYV?BLfXbjgFh1ahH)8pKv_L`gZIFJLAsO@Wgu*HpZ<CS5%Pp*hUtNjQk|fR5Lm(lu
zhVO`!9iF|^??1;<cev%PR?H}T$z)h%{ZoLlMB2(kHbvN4rL~WppOuL@63Mq>gxYZh
zGXB^s-d@<)gqfwE=JCbtdn4A?1NSz&1aKm!Ze;FYkc4U4RFs*q^}b&xj6H^upNL$&
zIO4jzVoJgV3pYLLdl><#gN@(D^oglA+F_gXn<|BLp8D|+I+rVO^|Uryi2ODA2HW(t
zF#xFE_0?nt91CxFf+^T5+@eDxq3Ol@+;B%|nk8k-7x`4MVTL<4DN}RC#O1;{+G;^G
zDjSp$a4357QU`9`WY&{UQt3C1$$vi1LIBa<cPZ(ui{wow8UqBIVtqvR&tKX5O%>aA
zD>4#g!rRAg6Q9jL;4>j!Cy8-TXx+{>w5RI;;#2Vz`TsQZo7#?*{p{MmwSmU0X`xEv
zq4Itr&V@WdBmCysp?~2^F$Vtr1XpG<jR@I?r&bOIwk=p4+T!HJB4=`gn#1_bq0=iJ
zVEnzG1m^jV`v!g$*l%Fp{m7Jvwe-lRgO~o~4PA;lk$LKU=kvMrTPCs~!)%S%?pZp_
z*Hb6CV8os50s{qSeKW*CTfkP3_}OY5)|;tyPfWpR-o(DZSQw3Tzwz29N$BVCA9Z)0
zMVANt3DJF&4QL)aZ|D`C`zOs~3K^H2v8biX^?xYvP7N60D6vB0YkxZAKlF{?#DM~Z
zjQ7Pq{Hf<Z*o^<1V;~1(sOXs#|9m<Aqkz1n4aA|A;XHb8{-KL%4M2B^d;8(yFPZiK
zt`Nlq=q~Sf#O6Qzhc1jc0o|pmykhWQG$X%9!~vaGfmkhZrd#LcAE*AOtwI_=cUgNg
zqxCO#^7~I&%X5J4viH?o-tTSxb;L20fbMcCa^U%&=aT;vW4(W@yPU6f()qp3zYK>z
z?pTKF*tvN3AFkD<#A6w*vvCdgKXlRT3KTH;pE>-$Fo(y>wai1$n@)TUnPi`15#Y4d
z%Gs`yDGcM(Oo?8b7l^B9DvZeICjOJb<=+DI82Mkk@QhRd_17>WTU9A1_Yc-vcnq5s
z#rwQNfl&pkLy(t&hJFZ44<$S$C5^`E&y&p`M*Hn{^93-=B~uE4$Or3TdzIaAsU%C}
z$AR-dfi*e{NY{#%_6436upK&C<J67!gjASOkao=zqX)~Mrd*#;j^U`d+En%U15v(2
zp7;_meX=W>J=RS?DE`2G`f^C&5XIjZVY4f3^}XAn7<#E_%_f)cH};4q9?xPBGU1L9
znlE%#HBRMPcMqHiY&9gHYDsLrHt$KQMZv)QNBUw*Qw=d!xnJg(1p%>UT&(KC-V_~1
zk!rBgtMHRv#j%fi<Tuq&>DjpZV>5SSYLfo==>%Sm7sodBYU}Tm$)xbM2G?IM6|n%{
zA*zo(IuidjW`}Ci4fFlGn~DE2a5F~-q$hpnN)wFZ{J_K=&u<c4D7CM=GfkS?U8m8?
zu^#akum6!Va?In9j}Q=<Ez1D5Pnf!a!$BI2*of2z>=Tto%;1LCtHzZ+SvMp-^Z}Uy
zte@k-#sA#Ve_YOQ6tt|t1S-j0%#T4-vJ@xqB$5kDxyQNBFOy!4gn^;POahzDq-Y`A
zD@&s0?>;0w=zGQ@=%`{GEJn;9ah#Xj@lCfC7P`c&ef)rkd-#x7#I!2KkV9j{29UHD
zeFVS1Za1yLa%HHZeb$_Xt|;ay{ofn~Yr*M+=S=9<nL{K(zs3-az}oP$f#Z5NFsp>)
zaAd3roN{Bl?&&nsy~q38t1q%HkFg%DV0jtQ{Bb~nyi(oIt6W;0XVxO3Pu4+Wg1kjK
zr?JrWB#JN6N~z2OU292*u}0k~67+!EE#%@<(ZVty{9Kv5QqiQEBQo!!DS23Izvqy6
zW4fwqOI_QwE!J$mb0A}W6krxZ=e5K0hd-MR7`H}>nhEOA`4Vdi47bCaN9WDry8-65
zb3AoEsWE@xo%_B75zkpBoyZ2`5x01|RcbM$S^6^xwPF&@_Ug*seCX0V!<Jzq$?0v3
zcCA@zq4kB8?vcD_ky8`8jNVL1Tr^6fb-goFZ_YCa^wBuPdpb)C*=h=n7R}8ki}ecI
z7OraT(1{ZApLun!OjHm+n}&UO7A7UWWdtVQB2&hT$}NdS(_2%hp;t+}UB3e%x-ewn
zqF84dQM-808Kf}9*6;f_*(qe?I{-B9c69wM;o1d8F^y#*dx!mmHrV?DxhW+Uejb7P
zQFZISM9vEEvnVtlgKAy)R9~+dm2L#H2<y0TY<*F}RROn%Eu73F22lv-0x~t`X)A?d
zJ}7nOjjp=Y&&UC-IyoLO*ZmI{yz^5jSC{=#E+cB-m_ieQ+lrcziMlcy({UZ=!W(%&
z2>S0piajTQ3>$3dpXcB|*w^NK$AGs)ztxdBx+URvB(HK+;Kk_ysBplKgbjHxe6Hm7
znb2(VC4dmH)i{X+q^|BTjU<t<XUF-9S{8}ViiV7VfIn%tNPB9w%Z=MWbDDk~e&cZA
zU2<h1FlZ;|`l^b0VQ8F$_iD0`&A1}1U(@gwLLHa=bfG7qg{N5BYgcw}Lgo7_Nbbg9
ztqI*&r9;kwty*ogv#wDX<FLrYvCbGsPviguqNV%SVsq;7n|*AarIz<+V#d;mgag|G
zl3_VDA*tTnuhM?Xaa;ZHn?+fX@5F*-S%rF$^SDx~@__d_qnW{$m7YlHhO68jIUo6T
zzVsSHE&A`4nVcN6BLM=gIY5PCNxZmr2va%uvy=7j{1d}~>YUfL+k=Z9)#pAyp|IX$
zQmoJ3NL9L^kMJFdnW3@lI)tH6w8UyPpCLwg<WWny9_=~aohP=o=;}hshb*KW{qp^c
zjz-Ao6wX9^1F@0oc7X!fu~d<__(Zj#5bHs~wL2A|$QK$P??gTOtfjfVG6mVr(Tvw+
zKo@ao#zFNP_q_s4gvV!mt>DoMFmyZz6*$R!nUf_vCPEs{?lA7|ybQ>AWnIwg(N;3b
zK%AP4KZF-xi^nK!j_UX6_MC|fxuDa*O}onyIr~3Y;*4raH4VwXWo~@`kcf2iO>bH5
zMv2^?0H!fV>jYdchzd!hZJ19gwTil*wHCjmo9b%p)ANvrg&?RY<!CKhWrLPIeyS3b
z<oX22_Pz~>5$#PdF&qMw^X>eRM;D7)30@UKpY`Mcouhy}LYC-$o;JyW;bmp0sb-4d
z2yavRHit9(3`_p4x}!;){SdBy-FEywck$F=7QA$IK>_Ip|HI4tW2@T8pB}x+ETgw`
zc(8X~mw#CmePMA3>6$EQd-{3IZd1hlp9DC^o7dT=2h1ztfafnf0BDqfv^*1`=G-~x
zQI8cQ+6?3H5{`?R*qnZ`p)ld<I#IQmaU%cCxyf7s3qFR|0z@0Dng(-aF{dpv@Vtjr
z(Y~fpixbsFP0~-ABK)DLaU74Y4Db|~rFe>18Z9JT3LLH(b*l#3YE-^z*{3T5Ik68l
zC?pZxB6K06o$J|a>Wm{%6s}->E>n@NEluk#lQ-uQw)n((4$BgqGnhb-{_<P$XLe#!
zbrDgG=nI~8li<Dtj1a50TY)f_w2O5ma=0>dyGKwTv1B~_1oT<^?>x+ZJJH}alMz6B
z9824`Y_xP!I`W|c^9RhAfDy!1Mne(DafXbZH3|15Nfaz%j6XtVJJPcjz_Glw%a!^N
zDL{fZs1CV3UF#6MIqs*`3hN^+z<oK`-ywxAmfOJXOpIS*R;2=%uM~NSgNfk}voaqo
zaau00)FHNb!_*9^QHr`ndpdwj*LE<_X8GeQ;PD)t?wl|`+mMTVtx91#l5L)FBrHqX
z9esx59R#(HPJx}9n-IuJ8omh&oXb9%vKst9?7e4HQ`;Igs#rh)v23Li6#*3?Nbj+C
zU@HnJRgfkn^qL}~AX1_t(us(ON(o4>K`D_Ef*>`J0D%MuJ&+JWk{ixe_c{CQbG|?K
z{<!y^F)|oSvT)7$&SyUJ?JHHAe=XQ&aslMzR+g8XUK`Ni=Dfw^@8)Zz#M9_|8Ujgv
zb-e6&A9DL`aW&Y}jq3lm#3!@79ulA4Atu*uSbnh1{kS8d`Bm>(Uk_^D49dwQ{sm)L
z(IC&N)!)s0U;60!N?`Q0>AluNg*P5A+2o{qPSg^rV3jpm(@OD(&{aGtmDHEV#^z>p
z9D$EVO_L?+GHB1=njkye(3EJtKyv&YoSA0yl{mQ8{R>O@hUOr%lQ@Kw&f%%9cL}^?
zTkiu2F=oeJ2}=kdHC;<wLK3X28Fwo4M3M*kQ$+FQ5MC9#nxM6F6K>TnZrykM{f;+o
z3)Wi}15^eW+O=lZM~kj9U_Q9v$Jwj3=kpfZ4hPc+_xT96@ajuuw_Qzark3nWPE~>}
z*Y4m}>;`Uhy@x5q+n>iXPDE31FPXOIC%)2$I{vK^VMCxl%D^h$CGvEir-8OW+o~6Q
zvhTu)5^Du-OS<4Lh7`wW^4GQ4RHL4xj>Hqes{0^wyjte8Qoi9^ZW={h2&<S6!2@ON
zz~DM-^Ojc{(e0_U%$o0YrBVh<sN4M}i0W#u%`NwoEG)h{2lz#c>ZaD+MBO>fQ!c)a
z-{&-4(YldE@FiPiP`)3W?@pjbb+p>30LkAE^77+%TMKy)O_t|x6IZ*0AZ)qE%j*8N
zX6Vz-a>6@zD_jax9Fa7w{4E?sp6qa*5Jc)Yypb9zK0T*s(|)Jk`x((mUFpfI2~dIh
zX%DEO>$DKmYYCAmD#IP`NHAT#5dLm4NyX_2L@O|YIpwGnROvLUTWsN2Et-<*t5xW!
zBE`!ps&pOscCI8xIJGQ+7yoSQEMH5}6undV6=+p488e&C^wg^SlqLOj``_7F<^mh-
z9^pgZ&X`-Z#tygih19xlT3eP(JNU#7VbXb-6#V<s@fNwjxzzlc=FoG_Yio)dS>{IQ
z6DOlt!o1E>T{%}3BDp$asQWQ^Rp-{DIk>c_S8vXAKc3<FmYPYPE%EsFO>xJb$dJNh
z^wg2GxODiXN=$B)O|-J7nB}*ZV##XGFL}KpFlI`<P@dMlzqTwlA>c?^yc>rqC<<(>
z=IUO>6E&#q{^`6boz<v*<2J*;nMjz*{snZEbyC19&*6SPXI#2kvCo!Uov#BR;XQ+8
z9gpbd_JU?^?BDqzq@89|9slj+==%IQ!IJl;?^!aFl?=eDV&_Mj75gf(112uChqUc)
z42B2Q8z!w=js47Qiz%<K#>|aq15@4Rr$sZJnnO0~b{{?*Cqt_{6B6G<i_Q&H;}W1b
z-G8Uh3v5+9b>*4ewubRl`}1=zmJo?*r>T$pE{FFJv9>4N;MT}z4LaNZMkU@*(FN}C
z{12Uv)c-V{{&KZ@XINvV%OlOd<Dox(C$JGpFMKG4_>0N@>z}*#^4utg?!Nu^I^Q2|
zkT5%*_0O;Pb@6Yfw{iR(;u$T{doM`*Co6IH{|51Mf&V9o|4HJnoArN~_<tKF!rmTo
zeSG21bv&c&#azmMR(?5LVCX$x)ZUZklnc_K1(HAJH6&LL_L!3ZZgipeTM|8&x6vU$
z`i`>DPf7f8LI3d(uf&ZG0kNXB=l}HF{L9th4VrJ<r6d~hA0AP0mFKChZjL7WCGqi>
z`Laim=c%@jd?omo*u<}q49W5IT5HmI@PBd~KH11BDmvTt_&<57=l1fPTLp`6%Kugf
z2Opej-0)QQXHI<iQ?&nj6}aK4?hE>6`8Qg@hUgC3Z+NO_I(_c`he!N8)+d$zekBg>
zF52)^2e?$K{D()>TW>Us(6CuP@E_Ldi3RUK-J@4xCH5a4F`~@7;r|bCxFk_z-u&2F
zEv#|M_tGc*COKC+--{z>l`p?kP1j*es9`3?(4iAwY*Q!J=X!jm`or9M6^wti73Q^O
zV%I7JXY3_2G8)Bwua0qH^Ob(&Br9Esl~7#eFo+h4>#5H%`ms&|76$_h(w6L!Z`>Hq
zIO9WA;>O2_t0p-hI4sn95!Hn0KYZc#C-=uQ1J$4r%@0rNOZWaGQrgxxeJ@Sn)7E8f
zVRlXRizC&gH&2NMa1i@_$mPIQkk@9{>pT8f>E~^Uz|Xto`L3fGH=mD}Z=>@@k-ip+
zbBE3Eh+pjXJaVNGkQnjJtMeb}c44_kUWZNdjO(viB8kG2LL0$y0A%@C81+HPd%t|1
zc4@0PC7@@rq$l&@CPS+PMnh15oL=stVXe={G(6|*qbM((KT!N=qy5LE(Y`MGCB4?m
z(=TH8E{EbiAm3S_87GXty6VU`@*sIu=!)+@ZojLrupE!L%;L3I8f#pP?%{P5y&MrM
z0i@O4-W||)F4FT_*pUxiPSBO+8ovVFOul0~L9!pNeD85Rz6k!JD}Q_L&EZ7l)~0a$
z7+nA2AN1gLcE>`bS6^s_DdE<)wb~q;PBg=6HI%wi_fnFx9<_I=nktOi{txDPV7Ya=
z_oF<oT+RLQ{V_o9HwRv8VJl^;ile+PumNpy-8g{*Jev3%9;%^?ZO`kq^M5Ai8u!qL
zxqQ8H6<2W3a?I<G1wFhG=3J4oPQUH(u;+BZVb{1bK2yJ;8CzS#mPdCmK?|pmFSq}}
z4i($^bc^qV_k4b}p<<tnM0}-7>xFwfCG8Qoau5cW-TnQ8cK<A2O7*w5n|FMB>|!}6
z|Ep1?fYxTVbQACQ*D)nZyoKB&kNrW34`g5K<Z1|CdjGU6+vCRWiVU8RQ8{&O9r=PM
zn)RIh-TPc7(3&32W|6-<`St$0F9ioC<Sv9Fdj9DVnGci;#fWJ=Md>#9F3n>CRwg_G
z=rbjrr}T=SZt+w~7?B~S>*ed;P%$kbl^Quoo_Dyr<p+6KUEItbKEm_}V-tL@_P%@p
z44r-ulIyV)YI5r4%^yL<uuWV2<d-*K_WE7Y>wv)$*E~#xua#SB`=?z`60VqEJ~(yj
zexj4?wS%`a#&*;l7B+(u=46U5kcJJ+zE05+YX-Z@a0N(eX{_i^+N@vMdnqI5Tw0Fj
zP5B%@lwa=KOA;Df(wC+-)$!EfrMWK#MKZY_$lF}UJpcY*jc>LdUa(8902k(5dTzBe
z{M`J;yKAHB!PDP)ndXkwR#oHDNblnoCMB~xui#W=6h**Fjh72!t9CySd6Y*DJE}J6
zS){99J{(Mn2EE}m-um{aEdBK^?_Xi0-I1rP(5d=nM~iFBlu(oFZ$Gp#+DZT-Ne8NL
zR-Bh<MV{>KCEeHS4IlV5q9B3aDs!G;6uBmX2fjK#?BSJzK4Y`EFN&RUSEj#z$U8{)
z;E1e(-41$S1~=*L5jewh;hi2Cz7#3n@=TGCNEOeU(+kb1LEl3XHTQOv5hMD4wcvSl
z>Y#V?P*GXeY_jFVlH>EG@V?f$24@bA5L`cSJ;7uBt-_JrA?8!B)dio_Mn65;e`@Qt
z{nbYgn>}-y7qHm0|7PKvgU18dCyt)azMMeN+adSp`@B9SjZ%_a85&r8S+g29Ue4-B
zqxEvzJ?Cmd=d5x<>0GB|RP9|w+B@e0FehXp&zKbk36!{hX6w0AKR(C#Bn`;ddoBf6
zG*9Oy^J>OZLgy;`tOD6ao=dMR!CEGeFJ;>i{8OdE<JF1z<a2hHcf7w_`*thl3A^Hh
zVxU>oTzd<dK0tfQgr)YVOixsMecZBV_vRlTi|t#R89~G03t(=?#N73R?q&||y=mKa
zZ!r}0IY{h?s*8Fc@Z^urDZo~<be-ay-n;=uYAz=*|MT>HPf~MiF~VKCkLG=_Q~IkG
z`|{KJu7j^5R=Qs6MnE#w=pOCyS~g8JOa0MUIW3m$gK$?fM)Z9$fjDh`E9CG&z8{~?
z`1(9kLccHUb&J~^q#|?axwV#$14tVKl6jk{@+9n{hxTe<neZ2O(yb<JrRLAUKNlGC
z^JVGvu=4MYetAshumE1uK|)_s-10olY@xUM3hSoc$<c<vySny;W$ymHA>`=y=GWM<
zN|7Y*?i6?>t09|_lH;M-4Sjz&rMG`!b99iCKMM0;Twv5P_2;x72*mux7d_(^zo>)?
zty<Dso{*GW|ID%NBZ6VjMFZ>mo>F!EgPv8)S7A5RL0kDq%~Pb%hzCaUe@sm_sXlL@
z7(1Pt-)kO`iz@qgJ9Jhfea?y{Mdb&Cyw8z_xa|v@IDbl*I&mJhExOu^uH<Cj7AuLo
z3hnoltiGVpDsin?Vr?Pc=ub#o*co=d*mJJ>ZfxHva0xD-LzMPycSF;Oo3B0qd;BR?
z6{)QS=+Sp|lD%3)pVZHy5`C%eOJc=6uToP5fzz;AKH}gxyWl-MxdcDA{XC{zLE5S2
zJxn)2@|trW%_S!EoZCd);!$h@rJXvSBKikp!meMmTO2!|Rq$?q=0Qf4b8SBVwH4n`
zPfwd-(ja-s5};ZQW1cDg3foOOWeGxsZePj_{u6GS!lISy+VvL~@%~?uR2@GhYkH(4
zYbfTws$<mMcFO1PRZ&FgH`sBWUu?x4$x>VGmFH`Ven1c{ulb6y^QI72=QG5!T%qIQ
zeN{ls!cd8O@mrW3H%k?N;^-jX)%5xrNv?)n40xtI!OhIpj}#8o${j5M5VvekeE8?0
zTJXX3SZNtjn#1>GiwE9GCMT<zA6w>i3z&|h;1~c2>uV9=VUY3xmup)iq92%9h={ga
zpL71kE>C6lAsysBmS1*UG2yU0(tWM>E$rY4^5=d%XZLn@y<2>6U%G=lc!*O)sRj=Z
z>ib6D!rE8ASsP^v3L8F3!S64}dc*4}-pZq<s8FB7gFmFZd5^_jzMw`7k~2R~4#ovv
z$W4_5*EG48_Bc7wu$r2Tp-^Np2wcbNY~n@DQzB(j91bYmhid^KU&=N2SlDbW`LeN=
zn@JtD<D$(%6wCO0AjNmvz08;Ae~#~hR#;`?dd-SIZq>V4BlkL6yPEsb$oYV6=v;}h
zo*1JFv-Vy7PkA<68hHsw>m3Mc=2x_V^GF94+heXqEvPO_)(`$v$>s33CzxAzr)*2<
zU-)3O^_4=HcW!>QBftc2nQ`nm{nBBT;9}=wSG`%i6UPi7bAjzOxm?{7b>ruL!1;pg
zW`l+hW=2m-ssTQ4`6W9-E=q@z=5EVaceH@Cv~&u@NamF4o|RQl{0EG}o*R$I0YmD7
ziJQT*$?|5mOp;VSx2Ll%nbZOSp%0lWU~a$Z#rVU8B|EMqX*ytKUj^)D0t~huAcTgW
zj6N_ZVh5SoyI+Ix1(_Ud&bb=}`D*cVB%satiWV6Z?b<n4?#L9(H#KzB1S@O4UT5n+
zr6k8kDm-HIlNDml@R{5Crr$2K%MAWPpE~L2pKPHc%+m%g6WN(M?Dpc24=%=AU+vhe
zk(aoG{B8feQERSRG$6xK-op+Q6;KFVpT*w=7|vJUH$xO$J=60C#h%dMyKe#1D1qwQ
zcu{USeM`$k&m}t$ufKEhM;0c2N|ETjDqc7g{SP`mVa~^`UEb--FkmF72S6Tr^a#x%
zN?e=((4naNX23qR_ai!+4fY<%$z-42BZh9Ra+)p!Qkkb?D$hdd4`<xY7m;lJ;9~n@
z?o~S`pC24{f3*?=A1=0}@Sp5uj%+!wDCJ%|_o3wk?`0Hw?=g$a@BOg?ju-73gnQLk
zGb_^_BKCP|pZQOWCHJg7Yf6cUOH|mHvI6`1UP&#lcp3H)HShHN_D9K*yoLnk0SQVO
ztOvKXSqF+o;uPE0CAs;MW!HV`ZbkfKU)Fz;<((X#9EQP1YUYyHC#8p|8H>4|F3pjB
zyy{2-_yBeZ6-pjn1=h|@iB771H*E+J|6+FZk3mfsZ;GWl8?ui%v1VnQHAC97+CQo}
zSEV^&Gdy@CDDV5NDKQzH4vmxOX=7hI7N*G)b@}ygNq;f|FYD~S1>!;c>)$R2^Coc-
z`{CxHUtF4%_Q3FX=u4zsg2JDB<JY&pE);k2{?h!VTDJbL{q`p@{M>=(>|XBUaqj>A
zvp>Z4Kbie`vj0B;jYr6lMN+lNbyVdZ8#CEjX9LnPCnA*Y5|h<jfQtCE{cixuL#o}j
zBZZ^esg)eek}-6)v{(J>`BZ@uCVa!gofF9k_80leZQ#!<M}|O+BnYJ=mE%?in{lRP
z?hoKP0D_Usc7<KXmbkp18i7Qg+mt>XIQv#6>X+gfCMT=n+I3FNacNx6x67VgL(y-5
zFlhiS1nm2ErQ$ZH$;UW2{RRR}mdH&_oL_sBeP=i48F60c3$wBBh38e;dhPW7>J%W1
z{N!$n?`7)C+8_J)gd1O~N7ZvCp&X%xW>1J<%MqZ#b#gl(sT;OnM2pEW2)>=Omjq=!
z0;Yncxf4No(t9jqwtg?Pk@?OqPCJPpbf!VZ%(uIij^!fP!jUPmAm(|-%Iy4l{eHi1
za*0hvXLoVipW41X{zHWh+jC}9EY=cL-8cjz!LecUFzU17kgk1YYB<Q6>CRAfIYuZu
z!zouu3)r04{5gc0??4Y)@qA28tQ+4(#^hwUbZ}_E=tVi5pn<D_niVbW<y;nfimXS}
z@2z1;gIgmb{kc>Oq&GdQ7{*~|z(8xC87X?;s`fMngGm3LtB|<D#KY0G*i?FG`fXpV
z#`I0U6F)dAE2VyyNk|QI+T75g*Cy16)`w1aFkbCtw1Z&`1vQW9o4)-QiC`PXpt*A5
z8aH$*ft=!ovQ;kHe{<_4yOu<&&iL^gau0fR!H@<wEbnX^ec&yBEy?ZxuRHZ?g4eNy
zZ%3jJC`pvG*;Ly2OigUJ?ay!l^D4mSZOFFVx=zSM#lA?5j@RieKdJA+p)f`*W!7n|
zaYw<Yz#0#b@3Oao(1+H2b@cPaL5udq4c!4UFW4_6psOQ{Bq%*3fw|}kLKMu^P-POk
zYZ=(54p*yum!dF9^Jz;CzMcFc(FLB>Y~x~12vy>1cBxUCdP^m2+E_1%0-C=~M!?tH
zWWV!t@B3bck)M?2X<9GS9A$q9NAYl&h|IEaBE4E<{XLV|)7QMWlfmpLkMl=4cWBf4
zoI27XNkcDYVkEUXYGow8Vj@M@jT?$^Shn#g#k@q_F*%V1oG;f=CRqyy;dDnP=L5<e
za~oo1Xh&%bQ2LY%(z_3vn4+k>Ry_bIHcFer)8Vz16N7?S2Abxt1!u)3R#46(S7@eK
zgL0d>I+%a+v2Q@gsJCR06hC?K(%!YFR|1?VqWYMo)A|thR5?h)<&?wObyH(rYp=<5
zkPaY_;P-(!{u~hCyIO|Hwej?<S_5^=l}RegEI-X<)UlMvyQ=wS9II<o)~tdj#0!k|
z<+o`NA=qu?_YH<Fp2dh;r(xzcJ^|xej;+5{cTI1tJ~Oq~cizK1iCUnKtFbS)egmBS
zVgA)y$S(A1p$Wr{Rx4;Xp$zNQ<(yr!`R}QDwY@&)%O}XGnqx>VO0a#J>fu^OT&#?(
z%oG~=23QY=dUC&5+mOcAmzPH^Thdu5hDixr$^~!y3G2sM%=D=1>t8a2*ZOp){n*4Y
z2l(*%o{GiO?a5>SWj)u$EUS*?gw+hfFdKL5!{!FSKQNaup!*&AvwBWT_qZ3`CiQ2J
z>4`1-WzfG%V?(F~9(BwWU<z@4jDPOiVPYwE?xIJ9;dd(ld6i@cj?-NaC-*tSh)nUX
z05e|w$d_*&GQ^CfafM_ggnN!wZOi%EbPBw)Qi}Z;QSE))v#R9+xsNVw2gY-SrF;y;
z^~cVo3JAS=AkiBxS0=SQkLI2(#!w0N3w?#f9ojv-F3zRTn<VM5Sk~jkSAjC_hJIf$
z*gJ0dck5PSfjYHQ-R3@;L7wAvU>Kruu{m|t_XtAOvR|^wfDX%rQd>a6W>YiV=GtMb
zs00o%=(VNVeo}xoly2*2mZFJWAIl+nG(zU98CvF6{-wbaZp0Z_vLUQGADam<?3}_T
zogA(iKaW#`7v{nU3-7kfT*=aF*CSLRKa-3Wt_m4VR3h~42{g`GY^aFt_iL@NMNPg^
zAqc5)URUPgV1#;kgJH<CT-v0AiTeBC?1Xp82D6qAMYJb(`;L5$Ox7^7#cF)W<Yt-1
zY2n~=YS@#u>~{lG$<;~Gz{;Vt)l#6g=d!}FAA8K<@urOHF<b>;#Uz@X6$x!kfHq<b
ze}Bp4Y$1-yoLp?35vi&8_QgQ~=GVHzDMtbH%_@k19O8bK1TVX=BFErKZOW^bqgxQ)
zD#%N;89+2jJ+L3-M5^p%(%1TG<vWPJ)cxckG<(qf)1pJ#PKn7U{`Go9cMcmz#DkvL
zj@EHjQ;~yQZjMemjl+>FChbB5qMUaFY=iW7$OQ7?)nH5MVsndl57JUCmE2}+*k>JF
z7pk;%TjA;o4sPd(9^LCpoHeh!=p_aF%1WONB~+rB7~6G<ON}Sayh3a_db{e_2!cCg
zQ%+ID_9UiD(rU-v6bonMU}u47P=oSs+HH_gwMaau%yx3@^js-M@qO3vqStpzZ#kzR
z02v3ip4vm%3~+*mLu<?JPBY{5@@fM72S95isUe@)^V<=-GKXKJfz%fkPuw5xphaIS
z94Q58op4_rWyA$iWURpJM0h(nm9_1__vgR;u+WQ6ja)Vv>PTRgqq)VULp;{z4y}@8
zs<W9>;?Bt*=qC?tsP6Bh17DM@=eQ-p^Q1UV2{iBP9dZ(>&Xur25J^2|Dv#fWh}0XN
z>duj@QO0{xF)3<rrls#EXrKiU&RwN2ogDGF(<c0qhLFXt4Td9T!6c2b>&Ueir;FLL
zfFOhpqlTN5oSSD~R$hD1J#@CH+Ol!=3kB3BO~UUo86;T28;lk$^bU6dc^WfIt~70h
z6F{#dlaQQGpO4$G-^wE_TqU*Of}(WT6zAl9Xz0gEdX?nURJlnsbCy5ZmQ5Dv5Q#$v
ztY7A_JSTO4p~Sf`(W0mSS)X#-q!>P7*<`guY{MSUZCAmCkWJgqCt6Kse0U`9RafiB
zfVR(}25{>WD6Utm^U!aj;@5^ap#%HLY=G|J#$~MUy5rnyM%}PRDshE?NHVR1r!W^y
zaO#Qu&ZZ(xp^ZFG-ueXCDmKVUKyzsKn1{OgpuBE*B09v@cMu12tqYw-SkoZ2{(au)
zQ%L4=diyYA$ZZbI-AsEUYKY<eDc4J@yn1%cKIO{OKYVNTNr${v5Aj#uL991YhTXR0
z&3rD7`BpIzK~|SQE9Sqn5xJJ6LWs@W6N2{$OxiGGOfi<`-dQVnuj2E7P&EA(d7iF;
zjUpO0ok&908}v!w5}V8B4MUS0>Xt8;x3Z!y!iQ^Z2EG#P*o#^@mE7ta<Mc6mY5)F6
zA(>h4c5@T;aza3L@EECF0|WVn_FqBK-+_5qj~)DDBwmvfa3JToo<vQ*=8zqfBASb+
zW3Z7G@@$Phf*t)6O0IC!+BL{1ynIxKRtm1N644*=DBxAeCvep)9>>j+Ej@ita_-rh
z+_h{dsJW1Kd9+BnqNwqBc2wE*=oHR693BXl!q7@8A3|@XcE7T8Cwrb*6pQc1>9?^r
z%V;5khWkqIhVj{m)Y3dy$^N~Ua|cZfN5!0%BDB!ecS8sRXn$dkv~b4Y`7J@UjIeOR
zgxMLTDW=}aII7b5Ix(mlOEyKao-&Et0u4my%mK0$>*ChB2z@q2VW7_%ry*jv`i!}B
z5>rj_BllUz-WC3N;vJQHa6z>!QszE<2$L2`sS2*)e9pS=OoXFH-Q@G$!<Mr&)zMs%
z?J%`8!MWWFmuAyKcb7r4%gEDi1!_Sa5zcoVEZw=avkycDWjb5P&d%!}b3o3|prNyF
z0a~OPv@ec}_)JyRUz;fiojZy5U}-aSchm*KnOD=cg<R<)dS%^qoJbf3<Q1(+<~A;d
zT-i8w>Ki{xT!J(AXs`9}o55n^JRKKu;?`WA3&6yoqzYW+t@GXHDRYGFgDYuS`1y+N
z0mFs*aN{?w(auI=O462(ZYi&hNJ38SEf-X-X&gSWB(^u!K5zTr7sHUP=yOG%oO~)y
zx2+T+QV+U!;_s0zVk9qXX*YrahRgADCuNZA#zO^Du?dt&_&P0}F!u?EYAl;-maL4>
z@sy`YEQZDPS;MosziIvO`H3lR?VM>e!Wb|J&YZPCq8F$4a!yJ(kzri@h8#{F=7+rn
z{-#Cni`E%|0{mn9^yX^XX8R)Mi{?XgC-`$J@2(?RQwV^)O(p&+76oJT`>tjJyig(;
zoFQwhbl}j0-+=+#_^Dku7}+#SQ9Y9}M9H69r7A!$`Cd*m#)t^OH2~VuQE)8Asv<Kg
z4IGpsZc|>vZMc{OM$U-x@lL&xHD0Tx+KyVY5$A_Pp2*9weKx2Pa2u4!Z|L+6|IWbv
zp*cs0s=u9%&|N=UAg_;;gdfF}vD$3xjXwe2L6=1h?*>5DIy{9?4P}FK;!eFY19Pj_
zSRI;qLYOPAg|2vV2ec6~B73n?o_kCIiXHJjV!^I0sEumk*R-}$+8&f;9rc*3azL>r
z1f`{y=+f(OUY)Qla9s<nH%^OuydOwl29pb_=TDl1#=+UEkAZM(PgDqEt)CyO017S1
z-GQjYFBeUDt5u9PfAsq4{Z)A-VC62leU9@<G*!XCJG4)zz>VmNQK&d%h?j`o$FoV?
zhDka$H8h_4a?O&i(JnYkxoy_~m_V{-a;l+_>Mo8qw8q-vfpGNJ)xlQbey}x1+axLh
z-(Oai`;o1C-$5p5<Pgu==u3^HbZBS|^ubN~VUp#o61nw7olBA!SjP-AWq61h#}qt}
z#M>nLRq?-t)$MqRBCs^$$CeHkQVhYxxW}BVV3uW<TG+F;0XXMzXxny~BJWqVMW59^
zln?sQPUkS^1(gFdE0WKJ*SIwtpCPiBBIi&+D1sZ@Hv_79B;)chF2eR@P|XfVdkPe-
z<{G+d{8XJ6DN^$MP@`wnRP)>gmKK`jn=@dF{FGJgS~ETEHe`7ZRW&U^8%vz;`GDH-
z6R3h)JFhiHY*&>Li4e{WDy$vkELIUCO4Y<h@aciW(i$9lz~u;!cTj@|!YILowS({&
zfw-d4{G3D^ST-K%Xb$%cM+XO-U-|wDlYKqM$g{HPo#*O!oJeuArTb#AXi)WR8D76v
zKOk2rjdMSjxqr~Z5a0ZJx3%U)&D=~{bTN!V_)`6OjryBBF9x$4;dHtoM5+40>%NEx
z+UEH|;*1?QVDbH{vxZBC7zb{k)OVH8=I#I=hoE&qnVc^kDyYv@9RNaQgfRGONBKN=
z!MWfxy0-Q?^dq!aUNdjHLra}n`XiRZ)8xJ8n4%S!w{ul(f<yf0DX9I0NxKoJ8m1lf
zo3}_3lIw6(8xO*2MBiXfk7UwSV0Blm!_*agUp?K8g_#Dh$0?p@Bo7hy@u@R<ISZ?O
zvY^Fn@#tNzWkOU|rCtUOf?%Z5b|Wp~ePT8|d4Pwzln?aM?{J_Jmzb0ORzT<+FWwO*
z5L*~Lbjo1938g8@rQ)1g$6HQT_sl*OuQAvUmuukP<LLk{STHa7>`CEL&y?$u8vxq%
zL$2l**{p|Ghw%P^B{=Dj&&r|a0#n^TJ-1ALWNS>pm*+sn!{@!hwy`@60*p(wfI#BP
zd2&p*v1X(c-L;x)Put20u&K%SFO)R9kq)PWhm7VhaqI34>%PdfB%Ln>RWOz%qZH>6
z^0Km%u*trmxOCCHMRt~^gXU&+&+dGeK4hfJIry5QsG)NI53|<p<=#`pK8%HH_tgy+
z6Tk(o)kNyp@o|XfWyWHPJh8K)ap!O%`r~?*zTZNxnSPo3ZI4LkGMik#g)q&jhYqi3
zRqQ`^HrATqFz|Y|=V-ye^3z&I-MklWjnlixX?X5+mf3mMS3*8Wh+k75zJ%lTpiRQ1
zPBfiEgqKNqJEViZe+I~`R_#|@q{V7}$5KjwKh6JyO)_`sl|UJ1Lnlx)HI!)Bk;cZ+
zW**i{w(}ejBpcf60Tvs;Za07l2`vbi>D#W|#sz&m>%$`-%DAJs)r3S7xIa|H7YV&5
zA<-Y?CvZSzEZxJ}G7)`;dod^7)#iTawIFwV4hSCeS+9mppe8u=LW{A9Go)Hx*Ca63
zl2C&PHKqe+49mJ<bU|9OiPSV59#X{}5(#__KCB|Z7ZR~@&@T43Tl#~1fG<xZGtNh^
z$8P56maUM=N&r5-k99u7f=03v-zBJ72LrA8Ypy?<Q?8!%NbL!%=4WteK(sozOzUH!
zHSE?X85AH#*XXmE=S&A~*xk?>wPT9`w+WB-x6%(HR#+fTlSXejp6pE)1+g-CXRtEa
zgq|G7cF#+!`np-M?AuH;{vlNuXWUo}w57EsR#HOH%{~qE=5iSqWN~moFhh@U?{`^P
z^4OkZL3$-WgOI!vZsFKmP@1UBzM{b@%inBqL4-D`2*yCOlBT8xQi|~A>B;raH6Ena
z$+F6VqH2#~3B{-1+?y!Z$890%7dsw?5B}^0kT`3HSyWbZXVt-Q5mU!=^V|uHjB;^x
zvp&3wC2O=DcygXQGAe8!By>~3>?5j{p3+oYA6Tjd<uzULqj}^T^6Nb*-$@$i>t9Hj
zoFokr4@FW!9U3ByDegtKXrrLlRcTo>_yMjqQF`=j4b5Y|)@EWC@RQ(njspM~DU7>-
z)6$RFWr^AjD?mYi@}kn#h4(^`ONTRdu!UHja(Nle&hD9L@9#NvF2)=J;^__ao|Nx_
z!_aaTIxU`mpzoNA82~b(Cv3QB&9QpMy<nc?ony_J6y2Nq5ww_`HO$w9gHNmY=6P6w
zVEBCOesi1I?__N1JRv(0bc%a0Z=spX46^!K!=w#WFZ#j<MZ;h_Tps(Q-@b|`R3Qju
z8mcMzZh72(?MRBcjL&M$uy6FjhXp1*8zlu^XcEqSZ*B`#l+jIQo!J*uEuBFn?5yrh
z$;F^2_iv}$VRF#@BWHy~PgvOz=cbV&M(M&@P`<!)eM${n^yK2^XW()Xwry~;5aaXZ
z$3AVFCC2?bes7=^F3w=%XDmbTX5^W*r+s)4%c=(GrtXH(vx0V!+)V++fUi$dWg)!E
zJ@NIYeyd$S<7bM;H|x{H@XwL!XR@}|^!$cA9VT)VvL1j>Du&T6`c6g?ospL-s#$M?
z)HN8zT4pN|xXyatD3IU6W~We=`%K@!{(81MpcLh>;m=6+<%GO)s~Y<Tcv4zhd+dvE
zK5Lj4cRs)v9Py>UyYIjnJvGm&ze|qOV^ab<G5oXq2RKv!S`En>zdN@j4OO?M%c>}a
zVz*OKZe_5s;<UjS@osDYUE0mEU*ue)@SQqqujk;px|wXfRNlLO2XM?JmtA@vnZ`hU
z%wjZB=gUaLE(Cj8Yq<D`h+!vfwe!%$3FSl=ZaUqGVb6LmoaZt<2n$&QVigdpPlCgs
zy%VmW)mNX7AJw1U3J{9ASY7Lb)6(tEOarZ-+>%?iIMa?^=Lj*<mhw+%>7zsHpcvvP
zy+OZ7WmB}I3~f>vYXV>O0CX435r+(WjedpRZf%6#YJ(e6cX>^qYI{@WhMlYhH!ot?
z>46@cB543$El!d+VVEccc##gOBGre3dZWtPh?0aETIM0cJaOAqmGk=f9%XE)5=bbk
znoXKmI=O6F5>@|Vcjr#3T&C6+_r=jD|KgC#H_n-gqE|yaT$X#W(>7~NDNnn(QusEj
z7qfy$!!H^i5rts*>|nhd*o+e5;^VMwzt6XyEAJ4y$?&xZN_v{IGrqyRF60f~V7)UO
zJ3&{<QGl_2Q*#|V7oIQx9%T4$#~p2^K3-41Nz`ZFWbu!BlN-wJ#!^&B`T0W!%n+ML
zwU0=A1Tgy*hWRf7mNK_sDIjQt+e;*eW-AUG*}WXXtY4?pE#C?kp@+7m(u=^n7ZWcg
z?K6ap4N^T-Saa|P$<8aCB^bQb;-pF=X6HO|;9}nBmYv*XJTe&tpxwsjae4K%>fnQ)
zXKH9%lHV?#_2${5YVS*W>IHdC;(_-~vLRHCmHC1{6#*ST$nsPtnVGJz=2X}6<Q(jz
zP|kHcE4)egcylt4USvSsRz2W++2-zolpADHwnNrN0ZNa?gluC$-&4RiC}B+7qj<$^
zJN!gYJTy{<P{ep>Z8MwFBT&eaVO93Qo*<}O5NXU;wKgTcQcqTU+E=*4;iC_GI)aNs
zRLa<s1aAG7SSNo_K-V5#Vux5ck9gOduLw2W(L7w3wxfny3l20|0X#1MqACqJS}#c-
zXpnLQ?`3|DON;;MCE5SDeynMNRDIzLVW0dpFRXQ*!1Ulk%~(&L1vbBPu4_so&S|m4
zwR?uUSWdq|)rm}~VXq&8V>QeIu`cSKG-1T{0Xz1}42}1$*YyTXvy*p8q#Hi05P<hW
z%~zP88-CQVS+9LTxzy6Lwt;h<I~u`~Gk~wEytkRR*%Hk^qgJ|ziF2%s-H2|ty(qW;
zHQOikzw<J93~u^-+V?X{XLnfkHM=94d5JzPK0v;!u{_V?RpET8KO(^!)@ps>-cHr<
zyG_TOe}y9d_TsD@FT(nJON;S8g`9r+=KqWX*;#B1AWwVZ+JC?8Juhw|b6jWO&!PX}
z&G^@!LW(>OPvribwEx3x3A|aIl~d6Baq#>~QTmsQu)7;GC>(pK_TO*I+{=rwz8}B$
zU!%2$Rq{4wV3y|dbKCx{&<?BI<VA)>64GY=6w$v6?bOzYjTtmNHSPF6+;)Yh{ARw0
zPyaLY{KMh!&vN6fC~pQ9-mS_1{kDI{$}iCT(}kGX#tamVb^e6ZKYja4!eYlamg<Ue
zz~9T^XS!Cy#ti-kwx0+L`@b7(`y%fj{pW2EmVMQ3NIPH2qUzCv^}lXOySIBftvfI2
z$+lkn*DwARpv^~l3yYbIG9UPFE348az}xp-9Z#0_{2e-eMm$e$EdR-nv0G*T4Vp3P
z8|f4!YHuL_Z9CY-Y`{DwBPc=Xhtcx41C-sMJlWZpqkx}6|GNQ-Wo>NdECn0KKbi5L
z_tYQP^_Mo%O#Uabe@O8E10vgZ@y?l6=YxFF{5Lvlct_#;!z!LPZ)Ms4J?vhK@^(V#
zH}UJfnb)mXa&sH@Bow{i!Cg#0>_TXW6uebZEj&<J@b6(JHo5_@QH8HbpRQwjZ%F|b
znTn_P><;_9`x1y$cRGEoC+#{ZL`6UQpAr)P#B-tjMylmGBoP04r@`?jQEndh<-tqp
zybLK!%A#7Ys?++TJ?XVCcoZ#mIPAP2_6`5Ms^DD3P<u5U;PlzLFX@xFL5&ghm}yS(
zlp;>u&BU^$Jz0Bz7oV=-L|!`WbXeu1zzLh0{%h6?PbyiXk=U~$?V5;oXwc1`oPU#s
zU4=l5rN^*Rr8~F+(u(uiQ>azmzW~inw*kw8IaYx&VA27gYBXj_O-*+9?34PV@+$Li
zxTbFhJ0r^DUim)6tM^MhS81O<eBziB{;_ZS8c8&{MVhb>DzHbAdv}EKo5axRH^&kI
z)r;-U4Th-=%4AE@)>>`ifyiK?W|IZHoCMR%oAsgG+#m-3q#^2HXm9!youpt2p3$7K
zoNfZBKdq9qxl<5-MWNR;mZs8Sz8IW-y-MHZ`{69)D;*&XvfkK=DHudy?vY%WTa0hN
zwa-kI3keFV9PQB4RqZbPD>ubhZ}8E$FBqKWt!6+9=1-2If*s_s@WyLs4#;UuRwT8B
zq>y@fUryBweh$_4X(XE~tVMReRLDI$FqiG!Ml3jR;VL(C@f-e2$EW?L2Gm`A#H?(T
z@&!fTPL;<QKp=P>k%G9-G)IG4lDf`vZ%*I46Tuqn-UH#Wq!k1HP_x-Xl{a4P@!<~l
ziF&-+Mr?`}O{t6~rv!JKYtS?a-`bI7pKg0m;n;Ba+6(X<StB&2B;p9NdUQMa@jlTc
z5BU?<==)W^<K5b(N~eU?ar?%{7Pj_u>B@AP2oUrv=X1XLCQ-BJJM_=gtm{tuhXt&O
zpQ~-UHGBgICt~z1&dKwS5p{@rfz6}A1!MOjV~0DmPZyuGZNj0-Edpg*Rcyc>i)U+c
zF-9kyfhq1BZ>ooqxXY!#o+{1CVLQ5=@`4-tmEiZx<0Qd(c^M_&jGYE+%ab%v==wY-
zb4McyP*V(mNOe_?wWRl+>4y3Zy!O1Myxo^u;A_?~=t@6SGm~#CCdyx;xP1V8^ljg3
z!+YFRuv9`Ume3m>9k2DS-eE+EK~%p)QSzo6x@vhnx`7_=nMJ~`LgNBjs$i@0wMB88
z_ot_JfjFDG@Sy`wC6XcEE~VZxziVt=*cpQ+T`Bfzz0#al{8$|1v0sh*DmpUTH8!Cq
z^qRGMnK=6Ord}X)dVjOFfaq?VAVM%%T-dKlm$Vg-hJXz!+qLauHrigh4Vmi_K|~&p
z*5-)XjUFf8j(N9*{0)&&+)A~t`5jmwi!rDKEE66C_phGZMY=xd68<5F*`3stjU3ap
zPrD;u+)Q||ViBDY{3yf{r$#F@T#G7>xb0&0DW%*v)zt~K{JX6A&rs8^Q>xxVt}~aa
zW0o9~R5h%YJL_<&@KZ>SrLtOgPTrhPgFz87NYIub0kqLqUUoeC!DMP>3Zo%8bMwXb
ztP>=4Hs(><XKhBIb)%D1M_(7q*+DT8_Rbo;j2wHbxn*_|3H|sziJ^Ar%BJT*US)ZD
zarBnNwWwTNw70fxx!-nNVupoQHUL+7ShUZ@+w^<Z^4c(js=Z7E+5!}Mh#=ek*Fe$3
zKA0AH;-`$~n7$lapN^}?X-LhxRpNoeXzZ5mK9y#UVZB<u=%Di*U`vFv8R_IfyqJ0m
zL_b4#E%x?J;p>6y{(Y*-F?yF}6-6WWSs_IkSC6$fXqh<2?1QKvw2_z=<wx3pnK#JY
zfZz)4TZZkjNg7Lb*6uN%Y-F^iOXHq~oY8NN3jQ9f8g}q@;2!?EGweA^|8%dv+Ac>0
z?g?X=s(iv~D4)<C5I#xaBEK$9J(i*%bPm+R^l0OkFLAD^vXQ|sb&a*(As^=E$5WD5
zF4VS~$Qo-C7xg1agN7ByNEX9N?GW1cgm<a<S=`$USEDO0{v`2#=)ex?yo_+fh@#!J
zCQxHvZ-0ND&n(kvWrx~Otn%FBT+ZpM+luygs`g3w#O|hQCmQ9KJ*R7Daz~a<&^-FU
zG^@DJ${xd<4{8<K!NZPq%jRuEpuxS4Fkuh9S$3ILyBpgt4byTV3$$j`<+jqH5Iklh
z?mV@Gl_ba5w&?>Fx1~n~l&(DF_f(_x5gKhg1rvi3R@!@d)kBT%*qN!(Z?9@_rh__Z
zJ=<P#A&&u%4xfRQMMq8B9jw*1Z34pfJSO@kP{#_9A)(d@TYB2;PTKCe>GL}HqpZz%
ztF2wKAMK{+^DRx{E*X&Ms>t1u@=yBQs5yiT3PyKc1J|GK&rdjCD-Onl8|O(C%H*oK
zj`I1AHj0x+bwr$A4etMoW)@a-m6t7baiJ1f(cv&Wt*Ku;crC*{bZ-TgUK^!4yVP4%
zd8Yh3y}Wbkl>svw4vfDwhm7^0%2~Rm`8`MW0p-*u6T2+4VOP!1mVXx!`>1_>`)EC0
zj+<dUT<_Y8WPO3zz;Bn&o7yF4HM^Qm=Rlx_F&AgMxSdQ@<FOgpw`=@kZR<7GwDpq?
zD2#Rs91U?bfy<%RtL_*=@Kk`1EmDi>P^&@I-{pVkDs(Ab)w#@4B$g<6wJP7hL#~)p
z!5ZG-puQH9=q=`AxwunuT4Tmz(bI4fX~lR7X7Lc}Daknd+5habV6ScN>A+b@@1U`d
z5TDRQu$Wz1?}Zch&%y#6YU~ccuNKx_koo+M+`F)E+F2$h5i@FdPj;7232Ehu+u%W%
zWo?XkAJ*1AR(~pIOoFy!Gb=yQ8$YeIB)s@F`BOo;BJuDpNU1eAQ}bo#Lia7On6pgg
z`n%d#{tNCkS%gxIlDcV*QBKs`e>?Vq`A8W3usuR{>oKM70nymy7PaUT170g#FqJH-
z!0#cqK;-$RQP~(LnD#5->xyDI+6yE$#o>2nDR2sF+|aQrTNru>G-n!dQ+F$*3;a=!
zxl-gcgLxl6=BK@@fl!W<D>pI=K7j<0lT2%oGeg%@obnA#015zFRi#HN7t&6BH>907
z{f;~2<_id@^qB4QT?uwjc0Q*E?&b_rPZ-o09(R-0Cw}5oMKmU=8P$Eyyl|}LD<;!Z
zxd;d3tp@@A^*9{((vUw;-FfVu+GC3LR(X_|w%o`I@7tz<54`dUjfA}?qr0Xi>M8;E
zR!<uTTWsm4$8;Z%a!{(Xo)rT}QH;(U>2R*2=?^ZoR8|GA3A`whPQ0&74lgNA@~CD)
z>HyGtb>hYTyNZ^EKH62zLy-3?^HXtSy3$g3RMM91Zqh<Jj$9=oE@D`j{FK=$I#v;U
z#llfHjn?p3L8wVsZMb;Aii{U0i4}!6iiw{@wDi&%qvF%5{;7KEC&Tv#rU-r!kXM17
zp$e;-7s^e!2?*BAOe+nUiMn;Ao$;MGZbn%o>r5%2VIJa$eIJIn^@<PK`TAyuLiK=q
zs@u?rN2wu`K~r<gvvq_x=6C;Y5T#o}2OL=!hDzNVJYkt^zBKP|5s4CXXpiJvcgp~G
z2%dD~mN@UKgxP@Dy=&RhR21p=XrBd0tsJ}Cq!{Lt-A)a=WesBAD5G{OTVp&p!RdDk
zVo0^5&^h?!RaGK^lEqqcge{+qT3?C{*|+|hU0e7z)!E_p?Tc1>2AiS>3R}w(Dwx~Q
zUkaWH|9%@NUhFAD0cpLjCWf^173~~K2ixQb?Y>uYr2%-tC&v$K>=q3vJZaK8BA;Q~
z92>m#v6zBXAN_n<9^noGCgFVsDuw8?yr^$3Lb~_qYk1S`fv;OM1N56ejA8UYu6{Ea
z84k%9Ra|h|nE`8+T@v<okhxVeBvX_nt#IV8N%wX_8;SPY^qI_9zc#k-`zPh!wC^cy
z&aD~BhtyDv8HCHAA(UnMcNI_jH+6{wlO-fI6rR*zRGG-E!J(u^pS#)gZ<$B#JqeZW
zq`{6=uPZ<Y$M>>^ma4v;TfoFfmsU79X5f~_^nPdGt{RvdVfIRmoInxvfH+Zq?Zkpy
z&T2@tzHvF+#`&vSQ)c9m=W3e3tMD{I3HmdTa}6w5N<Hr=3J8jux8}qf+IIsSKjk3a
z;&g(VC!c9a_G@%oK)lA)=IGO8*Y3lT^k6AVJ8zpo!GO<_uo)MraFfs&a=xTs@Ipw$
z7A=t|oo3hPmBKtIt+mL%5vCRTDvM0o<;m_s1y()P{9I?)=56?$0*Mss;KxkuhN<-K
z1(b<lAkI?#coZ*(=J16BKyt)lVP%oN@e>SFbAYVSTvYeQM9g_{s;#F%J991#ZdqG`
zl^biUIxB_Qd*u)!sCIuuuWF+lalN9WGM`XZr2mNiZ!3_uVe@R$Cs{=$+_OH%Q!3{Z
zi>7~L3|)S8pwiH9eb#pgfnS9vu0R`J<3aWgG*~<wH0{(?FnktOPf3-Co8b>SPbN7o
z0i4cqT3kOM*K@Q3M4qQ#whq*NhpFLw@<b|-N~dzx;)#T{u{PSv0^(B0R~+WWf{}L+
z`C#|T1nDhO<o@D%aB=}E+n236{o;xZ+-ma`cwPiX$2z7of8jB(Z>YEn+ubj|RXM3G
zP8|6_(%T2nFJc$1t+Y78FG+Q2+!0(jr#+9A5Vq{SnoJpWe{OyN*xS7)hu6LiSCeka
zid|9l#Fl@?Hv3yXd%sWCzcyCe3=_Mp!+NC(@}A0<K$P%KGWngv%)BKlA_<7G2y~O_
zO@e)m|3t=-E=W<gIQXZP1$|ARzZ7d|4snp`mAp4T-;;&(njFIn=^Xu;O!-R*aY%cR
zao6Cu@+LTSPI5=U`4qin)#V#s#5_B$tAJOIRX6LWjW<wvY;-i;-|PIa-PGe~jK$0L
z>|@W7s3uGcn?Ew)waKMk+qIQSpBUX^yJo7iI)bO%-im;ms&qszs3m42+z+Si8-KMP
z4F=cAId@voA;G)aeCK^HQ&iJUr?nh2LO<#;qM<Tcvyqw)-z%$1o4?RFScu0!vKvTN
z<sI_PcWbU3D(AgeqA38TJJyh0oDZQyddnE5pB8gn9LTk?IO*KltKHeA@Ws&MpdPJW
zYUzGUtg<hWX-M(C-EMAZEpzCAZyQM$Z?})4Mp+haVY}=0?)J!CRemMyOY=|D94^p4
z<dPBDmb0{nq#{3~Dm|zTk`k%&9bI19Jjb6}W3%RWJPC)MvHPAaa`~^uyclVtPVT1F
zCKy)K-1U}Vjr-#Y>j1ZwGo>~lTW?{>p|hd4rxoCiX^)iqD3+X2kzDKAYgMi&8*gjO
z<&+_sx0mlcTh$gR+E*_JBE%`$PdyHK`N4CojmM+2NGTt#Sh%z%2-#=LOU&e#1t)d@
zNWowNkR1(V-jMGIXtZC#A{*W8>f|VX(3Lt^u+0njd?e+$ja%}%nr#Lch)3D>nubcQ
zoy^j8@!H4d+jNxr`rZ+n34Kq?=Q||>W%76$TA3<(?c_D?%V3$47bj2a;NKt@wzTUX
zWeQ?#MOx~V;(R5i5wt^QG5g{qgDZ#^u_2Nny@c2v?=Rj~QEg0_#rh}yH+omL)8w`K
z2V2(kP0_go3zLyql!M+=hw3Kg$kDaC1_|vrUr*w~zOkaZvXHx^Vi)qaCk^^%GJb1M
z#GFKYB#c#UZ~GlId%s{YWT&@|30o|3%U?BR9%k1%o4)xAuUdK%FD*c~4#~1uu7nQC
zeurDB=pKrJmSYtg$PR+f*3~$JE`pAgAxzJee{`XrjtrLP8nHR+6yf1<Ed<pqiyKBY
zDSMyahDPa4*`ok;)+>n_UCagVwNa{pAJdsV>s`eT>_M^?(|kIzL6c=Pi4(Syp&f>X
zq$6DGl~6XBk&P{H@1|HTO>-&b$?V@R^gnQ8p7sNs@~n$=NUT+Ad@iVPaPZOM+I`x~
zaMS*N0K~RDQ7Dmm7u{|0Bw8ZPDBzmyOZIoXI7ZhMn<ZzHEA!%kr!{zW+hj`e^8UR6
zE05Sm-#cWd;^MN5oov5vN!<<PjFnaer$LY$l>_WYL5uqQENwuHz31&3Gmg;S^?Q*p
ztz6thn1o7$zH0bklj(blzNx*CaMTyx(HE?(L4MvuVP>Bwa3epTQZv?kYyEFPru_rR
z)_fK03&2NRq7?H7OTB4(8EXOlNe0)tR;~|0%gUF_yV$6MD{GwX!;HO?pnGHIS7o|N
zbm}`W^e)OgUe@#D>MN~HgX@d};&}lMB+ZHKerQ~EV1<rcRpq{ezap^%`%Db3pm<i`
z9e<XB^ZgK=rBzilopurep{?=P!IBdw(MY-RNNSQ5??ogNFK9|^rK#)fTH~=!@2a0R
zc&CYkNjPsd((m7TTWfk%F#Fve_D%1>u|w*!$8Ku{9X2Fsn$>K#Y-~8dj;!eDjq{yQ
zq)2+(3Gz#?_zX>)9lrMEH%nRLi!wHPJy_EEnk&heP(-j3qwZLgpd@d87(>bV1lGg-
zo(XTYBTqM3SO<0tWBJ1e>qhSTIzw7(2t%54feRD*j_u{GSx+3GI-K`8UD5QfduWF|
zYci(wb!Vn7-uO2!hw4UE>dg!&;Yw%}XQwC1cZxCV@;jEYo*y(Ni+Slj3E)}R#qv|*
zuZ9?Fj#3>xI-}Z5V~)7qK(+zMe9f7i&8_kz&w7kLuY18LNu-?Ow)bE%(YnS<_+{I{
zdJ(@D@J5vX4P#GDsgP<PUdqrt$W%HrfzzfRziWC?QjR^|h3i@2H6Pd(t!oV8#0!rd
z)B>h*R9=7$fdE+|L$?KpfDUIA_c4lY5Gon;A>V*(x|ej(-qkjSVuiA6B50?_0jj$x
z^sz$XeZv>?#c@Nu*z(3xLrLLRwS(Sx-a2cUCWh+DcRM3R-osWg*1!x+=_MA%(wXP_
z5x&V_t;eKwLD-<*Yj+GQs=>n8tj>q%UH23~>g<)f19K2cG}D=g8-siu=$U*ud+mTo
zNU$+M+oHQy_)hIX-_Iv0{QKG~UpyK0JDCCB#_O~xDn>0@Ndb=4^V23rO-z5CWIrxc
zdIek_ue|4J32J1=JEIfP6HkAK<7ayxZrf>t=I+m(<?OpLRHneK0Adao55c>PLS3^z
z0vtH5!nR#aG7_6Q7rR&@uO8dq86nf`)5gnlIYV&H*N61ANCf!(;UgJK&bPNLt}w5s
zzVKIof6sdRE^!M@jvs|v6ITe%f&;r(RIDJ$DC<#|vq!k?ug7ooA>;5X@u0Pww{?km
zdQ3&Caw)44R%^iSp*Q#sB{(|Bc_v)Ctie`qs^QbNx~P59v*}~{J^kr#2)*DW=d>%$
z3AvvOM->naK?~0*pI<+TpLHlNCg>vUE{3-1?}7uHs**1r*yrz%1+~_quH3ndz>M?w
zK{r}I&nGSCkmLJk|G-6XV<z-!O^r>){Ck;zke=wu0*GYrO$xq8dPaQ9ArkBskl8zQ
zH$1;1%cH5(;T2`nC<}Vs1S&m1O0smy`FE;l+i+bsIim+$O0;I_9b$~0Db2KUk`%4H
z*Cw(`=SZIWHCPRL=wiWDq-#vkw-RHWx53WerqPx}{HoL>v0OprmDVRy!fa8kA$fYu
zx)>Xhb?(}{!$Gbg5QUpJ;-=ko&&X-yiM|U&1?Up#+Igv*#Fs#-Q5sY_hD2dA>n&Qg
z6z8SBkYQUbr6O`FyO4-@2w5{5-fL19V`^a$@5#N|tc55pp%3dE6<k1Qohk|#N*9sT
zS1_H|`gr7MYimZSHYhl4H-hG&ijb!KUv#~DJk$UCKi-j7IaP8#RYF2eVHi_F5|VO0
zpXJodY0OlL3R6_bP|2a3&u2^6!kC=qEXIa8&&<a7?*0B8exKXx_5S_0zxK!T`FLKB
z`*lBDmk_3VkvCN|`L*Dk7^T@)5YxMhVMCc27{`uRq45BO)b*8$Odb{C7n*3#W)?yn
z8@2@aWOH19m?cj6wLP)y*=$octhjt?2fE^>+wrQw3)7GUiEUV61SeLySGsi@AWMP8
z<^u8HrtOso@t{wU8T!`}0EubF8qR{Fla-9|T@C->sMWtKO+N%Lv(%+4x=RkqAHFJn
zkaNjYI8|-`SU<-Kv86j<KUXUZIoJ_~j4sYdEX=gDqHe@H@5nxL#WYq19#;3b@3Nf;
zz6~xUNl{GbjAj_KL9uM67=(}KMpT5-X;n^&cpAa<Fz=v$nLWO3qZgN37E8U{1+&!0
zIrHSfgIb}?=~7$NE;o^}FkD%E8CT$Ub^L-)Z9|nH{0RV8^aQ#gzjf2!{#Cb@tL20d
zC=~fvl+?iMv04!LS1r*sfM5>hD=W>!BmqX)(PwzH67`L_19cbeeiu%tsZKpl)@w}^
zq3dG;L&g97cpQPC<3l|#!T5obJn(YdW@+R%a~*L^BwM$nV1Kqs8NTBCZWGk6Cz1fo
zN1f3iCCD-gIF~oIX2JF?I%VWDiovUenFmsTZyNMYB>q+{#tc3D6Ep>mNuHoPxaBwp
z)(&je9Zqx4P<r<^cLZr%!s|J`AMIr76r=Y<DfDrEU1ee(zKk%xlNU4U`hiLTbX`vi
zQ6g$|Kel-Z6c|^rUPl#6Eo~D(W0$!7nF9B3Lkw=tKGBTQ2K}nYU)|X9Op@iE+k*`v
z#l8h|#lP6lI&c^qG1(;u+`S`SE;1TZDa#^QT`$iB&(K@(#&9SWX?uLj6FV8yVm?FN
z9ROXsWPP%e+>fY2?4JNk*f`I2N%ft*y(YjnT>B6vkWjJrd-XN%Ga|Ge_C2E1Fj4uR
zs1+#{t;L7+b~X@2_k7LdY0Z*A`wBrQ83Bpj;ge9b9)D9wp!eXGLUPu+#)FbWLvh=?
z*tcAslF5In6}T}-iA8E5zM;#F)YxZUo&<ef-|!N=)#eWh?nPJsLy-C}3iF%Xk1{dB
z>DKCg&bp!W9;qJ@OyX-BtSg1#DEDk>hAbUD`N^G|#&B}0QAEh5p4@5NS4G_yfydQe
z0(5SM${f!BfThNi9p@fxc1kVFky2Dlg*$09L?mp%T>5NZh>7q0-fzNrKZdnUPbkNX
zq(-3+QZ`M&DTjfr^lpP?RnUm}*gRQPLd!WD$97ah2?lF_#pU`DCWIOyEDn4K9qQw&
z#LnCqeFx$LMx~dl?tHB<3m5e-ekrn&mGk)7Ae2Yw#b$l5nvMFFsZ4igfa68K05Z(|
zQm81Amv5h&vhWz2`&}S37fzhLoK&1hRWf^1-iC&TyP!G&u1}yt;9ptI<jC9{d2X~|
z^1i$H#jtks&ZfRxi=fqlJf}3HLPeqwLe@>3Z|2`PqOK#>e8gnzB`;fqcvl*AtA0IF
zNbeuu;nok9iq58ZZ1NsKTxVTwG*|DL3VZDP)cO{4xtoLj1Lg-?ae)KdQBD$#qs>_6
z9soWPV-9!B!HoY%XSt3~?tcJ3E5P<)%tT=Uz`#L_&0`Vf#M!cs(Lp4W7x}s{&i6qX
zitd+}D7{P#=neMXM~aq7t+n~O%{*CU$*C$K({rx9Y2Yu<rZ!<?8(4}$v{YvE!S!X@
zM^f(gI$_8PXhwIt+&SAUBBtKjfcLE9x!L*9B_YfdyZo%nn7D_n-r)VQK&ngUG3+xJ
z$2e{D#R=$2#oCPVPdHBY-&nKy^hz)~eDoIRA&e0WzdGT=i<Z>b{bBQFyA3vZ8TD{;
zi>!Pwmwyd5UM47$hyhkc1SVoKbi!Fr8BPGE#)!q670b^lIZ3+*)^J7JIbMH7p#a~Q
z61&&!BucX{XwEFNH*9J>db^4IZ7h`l*m$9k8Yr$G_%o)5mUV6J(LWt5FIhJm;tINt
z+d6SmJfpIO`ZOx26vo<iM4t#^7#}nR{$wgN2X$1_6<7DWXR1}w4x%&J8s0IWu`=qq
z4&6f(l?5{S8{sm_2{nfQB`i1nBKe#s{vh?v@6yH8AQnO9f*gpM?q7hKs4RW4Cg6-@
zKU-{l>D}1OGeU1-UQzU5J(Sx)o_>X^j5{AMe&O5bB&WkoGK!bU0-QYn<8T0-=#)0q
zTJWZn&AON?*-M%@cY5-wl=-U%snO)u5Bw%x^6sn6Z9L;q>0^&(yjptB@fxon^4vh&
zszJ_q#KabFkD*vwSeZ9|T6NiN;M{!U-rh<SUY^HAVUMH3a&@Fw{PmmiZ)EC-0!gML
z0sNhiZuGeS&xlnS)ndNwPsUdXbQ1U`tWV!9fy!v#ZF%V);5Y?VAMW{VC^|aY6_KqE
zTh`d}A@~LSn#tnvb0CQ@9~=n%|AAup9Ok{Irnb6O;mL49n7GPeaBg5<vOXs0%_NV$
z!q2_<5<IQ7B}?R4+8?wD<LmRmYUgEQZSm8J6n|qm%Bh*{oV^XJm)7X#2z-G*&3w-x
zybzY*ta=V|TV>dh*sHaea89>j#tAi8-j@O@!=?8Y-^n>nk9UUONQ28xF!wB$BQi*f
z(T#U+LUj)x_+?vLCk}up9!%`Tw1${SQ}<V{fyYtMwQX~4hV8*QA!Rw4qG!K2WUlw=
z$2(uSh&7n{P$}5{jrI{o04&H`@yVd|uidDd0rW!}GZdmDth>C6)dqV5V)Ipl_D1}s
z9c6SsY4p0)&-#~Ix4itVYKDisOxp|F6D$j!1(zmlZz<q%6>?bE+FDsqL<JwJT<FI$
z4#Pt?>ihGO@2W_Xd!+m`*rk{^iLDf-gVEkUkuS^KOtnEB^JhA^qF*?@I~W-+QIoq;
zQ&JztwNC1>-<m`@yMNdpR0y1~MCQi?8LdW2DKRS$kqROo+0uLRXa=ZvuGNrEF!qVI
z*_S})nAfRtN@bTd?MK9n?5(P!4lQD}&7@JS+~P8MDt(oI$P_8-J2_{G<-?@k$&DG+
zezdsmH1IOH!WM*+X#ddstLnqh&Vj}Gl{aOMpM7~COVU5<DgzfIwHak)&f~ReC_tUO
zCsaLP{>VqUET|}X7WiN_txUa0CCi1>Gwd5sf2rQ@g*?Tl<7t4ssCHZluu0wHrTNme
z`nx#R&ih0R!zQTZoCcAXlN^}<P`4f-&s7Gp)l|MM8wT6I$%1<5mYaYKM0fw9;!zUr
zEj2l3(n9awPhyqY9m|f2*6}_?|Hb$NS-%5dU`K^6GG}?ec8jO+SHrB#kO*Nzusci=
zpI#<`m}y!rA>2CtKiT#FA>Ua(yG5aqMz;R4+eucF34{aPfX*9&=sW88(=QwIlB_wR
zpLNIh^nX3_+grGsRhWJINb%CnTez{t&>vuDNyI(B@jJ{(=dE?ZWs#Ky-F?of4+okW
zJG+tMQqJbFq~u^<isz665ifwV&`oCUGrDokAbeR_@1Ecyqn8{+dgxu-oJ^S!D1DX2
z{8LX1*md<Ol0NK`B@XhuQB>6K3z+oa=h>XXiN=6WW=xz1A8ST8Q<u<!btX6jX_M`{
zM!oE<v+<iM86+a-TYD>Kk;6&0z22g}f-}@VypcB=o%44_hlvlFKuqPXSsEsthvE1o
zKo{*Q-jMU%3Ek76YPB{ooVwRVD>1KoNUaP68S@qOFzh_AI;z4-$@03r!6FFb|Bj^o
zpJx_v%+9q$u5CIqx8-S6NVo7Es9#o@=mHbwdz4A+{yjf~F;;hyNIJ64Q|ps`IV0q)
z_Zq14#$A*JLvkIjQTs;!5#S!qq@&}5hd2gDUw1mI^H+|H=Ocgq@iy1*pqx(KxvvUk
znFoXNJKfDG&Ld|}zcO^n0e?I&VYX3LzvsYZqi^byGUqx5R#<}`VElW>hi6LHHCgqX
zEX$;5RpqvaF>CRT-Yvxlzv=y_zQx;Ir)qxxJdbIzYOWMt-mE_><9N?Zs*nBnxMibs
zUd`<KNpS(F&BWICuC0Jq@%OgPg??%<AD{r~>@kYNJDSb{G94u7ONuSGnWD6d+*8w+
z<hfDz5%T5Gl3P=w=|+-f4?)!Cha7d^r$<<~TZQ<%55}=dobqrID87@y?ujg$s~aZI
zoru*kYtFv855OI{u@&hWJ>Nq(ii0ee$N!@Sd^p8AmG1PF@S#5Rt2Fq@D{FN6N!1mZ
zE`D~8*7eZk^}HAcH7w5=?Mul(kNd+)b;EOHn1iK#-M%kwEZ$S3%@(w*SMy9Y=Km>t
z_^vVUu-0zNp_^$%OL7S2Up-igS0kkFdBOvw?|$Z94|+_EnrUICLDdOL1og2#{N5Gj
z_+1BK*|hm&ci-nxc`@s;@&ib`SM%dr0#*YcDM;7CpXENJ;^5SS8-=e8tOt~DdI{oC
zKhr7tnIBFIgY7~l-%u@fyWL+jgk(RnM&|`=WMMo2h#QSe?1#;ZLdR<wqZd6{V&G6H
zcXyDonWkv+7lk>Oci?C9>6FyYaPA1ss*MG-eXAx&u)vgO%&H9H8(>HIHMaomNT<VI
zCI|+$D)3-mD54d<>imi(?b#OA+heUa-H?a~C<0-!y&QgeW*Eu+_b$Sv_#Dg6UlB=+
z8tUcqFdpe%PzY;HIiJuU0m>=<lrvH;g@P-HCO2(o9<+#2*-@7OCC?50ub+iYZ<{Ph
zK7SEvg~7MIuS?7s*`c2uT4&|~j0GT`Q(d4MHX@lxVr(p}emv-jY<3zjr*j7yXcMlJ
z%|p{*89^E5-(xPcPG4Kdoa<M;Ot~|FQ{mQ>5@DE96-`=!5>#sEzF({C`r8UjmGROw
zc%~hxd+70{{V_A|*qs15%h^<dzSBjK$I51=$)HdJ<jPH#*6IZKO&#b||13TCt79TB
zn;?!kSKYe5E~)4~b-gwPdJA+B&Z2q=Kmx0PiZGu`6lx^{B^Ilu4Uyju06daSoqz+S
zY|JFc-$51M&DdwFT8u}sga!`#4h{@9ZRZ`U<%l)?^N0A&-*dHq(#Wlz6xklJo!SXj
z`(yJz$&3HbrL1>@<p4bv&#iYMDBXj$xdv~|I%8Ee8wTvkcWRX7p^*)cPK<O4ZF}{g
z1%&-<e9KtGd+ISR|5i%Fow4BCbm_we_2r#_q)NlZ{+LqdEzj7iI1T*HUMTYbfR}UM
zql`@VbBRL;KhiWWI~%`Z(TW^NwTu>?5oe<PG7mzrOf^S{Spa-%{XH|Oyv-TYV6-A5
zEjx3*V5E<l6{<uNO)2v*Dt%WNTQ#~F3h}tyo$h(;0g#pO_b|T&?{j-)dm}Khv+kE!
z<{wGWVQGVJG^a=E3tCefTkqhc`b<GmQ9<jEN<y;}OYGBiN8Ssnb``ghVRc<32WSiF
zpkaM3gnkM<+e7a|_?nNIw@`;alE_<ybMsU*Ago}RCzu0oQLM2M*87MkF1k>$G@;yn
z<Gm4!smP9c%kKZ3VvlVP@WMG-YmjatDgv+mhl&eedDX}_ea<{CYF+V3aXLv`gv$lC
ztm?p9RNiA)`@AT1l&+YN$vIHa;y}<hT=Pe{2dtLKsO$$#<bL~GCVSA0XvNe+C6TRy
z@ENPNw|MgdOHmNsDSS>ZS!xC_{zugNrhkw|NGmptI*4MCVI}0CEh=(prl*av5c&gV
z;`B;}X~}B80`iEVSO(;f>43@;`*^>(wVUzHn)tp?f@I<(D(0)=Wt(-cG$Qnj{{Rq#
z1r;PzMCO%|G&toR&rZNEimMaJ$phi|Th(exJTikJ)uemHGDA9xeD$*eY=nmVZ`97l
zv0EjSq{*8O#2a1v%aJ1R@6I*>RQ}1Ez-(M;qzKsmW}yF*NU@k@FO`vhnI2feu#(UG
zEL^;Ze5&@MB4%nlEVyS5FoTUh#U_L^e{VDaExj9h<?mKv_w0WOW<<rO@FN=|Qznym
zLfEuP5RMs)2y+7YM81tSuk8YTWE1qJTw3yotH?W|js9{s($s!;C(>A&NfeL1ncoOO
zjgqVfjKTNert7{4%^L-YshB$uY!5jKN4F6?r4KC`rO}DXC8VE7_BZraTF-j*=WRNa
z36$PW<t~}>0c?N^Q%zPVJ$tmU?c|EJB#2Was%2Nje4K7G9iz){`11^8(|>QaCvo-(
zTvij~kaAa5GD@-R`>*Rro2{R(Lid(V6u8-ka5%HljDug<tzFN9U65jX`r5A>HeOWN
zVYnJztp!0>V5r#y@Ei8la?f*;*o=Xt=RyB6G-y?WsV+*C)sUMG1$cD<(FGP9RdRgk
z*1DBJI!jd%)8I#Bu(qbDznR358YD<6GlATg9l0`=rDkwdlG|O=mi{XmLw^(7bKLl%
zgv{cp*#9%|@_(%6w^=?P<C~T2M@uazDRR3%f2uU~b8Aec6MDnH<ye*4DQGVQEq<H9
zy&j$fS&RSVu^v}(a(q@-WL>OsXg5L1+4FAQUibVy5%uYCzKnI4f8tFu@W+ep=g{*2
zEmYok^+V={CsCKXFBunJPiFwSK&*31i)7->LGN0iRAPdIOL8x%W_wq~Ie5onFx;8F
zOmXWrMKUVcyQVKi&SemKMa?)TY@zs&dDNa3)zJ;NKB1c3R9^xq<s^b75yNdZEO7N$
z<tI;VCQqYPM~>HuyL*c=w|`X$`BBnUs3^KFHBUe!-n}ixx&<4*^DYq|)G`z_DruxG
zL@1xW(3M5X*m<XEZLMF3vdQ2)-0A5&^{T(MB(Si9{>i)z7~#-Sp&4srFS<-=9-*pl
zm9t@w)`CGp0!-h3n)g{8LP>&)-m$f~ER8jb@wgk{0%y?^Ip6a19Pi8oJ`uKR9m@=l
zqGe-zr40_929nc|6ss<Yed57V%@E0_JnYL7s7C(Ip&EO7JBZpM&$M7amx;%bX~6yB
z!|4x@*MqB|GLX&}Nt(mj9v}~;5@s8-2Fk)bh*`=qGCiDMfL6lq;I7zBh%M9F@e@>x
zMp<Y%OYX_=Q<$KCk#!om%`G)EK5<(YvE9uP_X0Xr*l243Hv}X=mel3kk=Jd3?&&BO
zq-o=)X3c<N|J_sWP8Ep)F?8kRN%OMEfc^BSK+9E)Qa1GGYR1J}tV-gGT{_h)Z!*8c
zX?cOFDT2;Rd<{q%TYvupuNFiB7Q@A~A+uo#u$#zV-QrF33%(){0(A9{N%SvZG7PzA
zAWCdA9-UCWp6eKB>wrnb^!NDJXC^lQhB&~5|2vK7e}NZ^{1P5<XP#cng_oZ9yCY1h
zn|3w$xLW`9{Wt3Af%~A63kI2NrXa;79pfO92-^mZ&Gnl(WL==bl@!`ic7G;$;h_J`
z1}3ky&g7td<y?tUJP)HJj~1kQN-LB(f5%un5B?psZN6?ia<GJ(uuvRcr?ObGw|&mO
zX?^%gqCK&5-^QpHFG1K(m6L*oY$_1mSf?D{RDgy$qq+#Ur`^@&SK)>JKOJ6myDwLK
zKwd*H^OfzldAGljD`wdO+z5B3A3KoVVj$q3dfU7Rp?I*6VqHAf7TOB4gl#XvtQR-E
zjGb)fK^(TE2~US+humt##;Wwii;Y{Np&~r$#Vl)%JM#766O!f-hH^IppEQ{+<B8Q^
zkp~f?=YOeXO9%(ImN=1ff3+_Uu*{JUgXWz(XI)ubS|;T`D7@%@HC3nM^q$mBI?c6;
z)KT88T`AmEo`G!E?Q>c){`mNs9B!;Ko1|Yqyvihw^c}zc^MdEVw}2%P^_oME_v^o9
zJpOGbfY&U!6h{$|Y12Wkk2e9WwDJ)mZ5mC#(?G$Ju2+Va$vdn9Yl-w&1&#)7n`B)7
z*r2Q^fr0vblwyCeJ~>jf3ycobwX&31NNY%H;#~90O!neZ@)AX@PyOpJR9&x-OeU`L
z7iSW~j>RHBZ8PMyXg0>$4)($Q<pV5XT%Gs`Bf2<55E9goK*VDF)yICuXO>0J3PNUk
zgz#EnO0=wXfwrGFl%46X!CG^gEOP?6?^(abWm=W5H3uR$fKQ^P(y4AH-yX2?k~d@v
z=%D)$m}Vr-8<xQxfRsR3Z)O?yq>G$Zhqi1Bk@R8c-q2j`u;T2VcCK3dDvU(IHgq3X
zb`yWkP5CSE^55eNE?8a`oK=oF#d-1wz8>23KGb0p{r+?BL{u58xN=v!)ojmT&(|H&
zUk5VW;WaPt>){4UCBJ?20v44cj1RFmzc9S>GObji^$v3y_L)3>;dg0WOfmlsqf3!+
zF{~BpG({yfj?x%is2p$P18ZOW>I~_9Jxisr#G4)lP$k(rPKlrH+P{ySi~+%7n+%!Q
zoRr9Sx@O_bArY|w%OALVqZ}!6_osN$6x90SD=Ae^Kf5jX0m?S_$K5p~{2@0$NdQ~%
zUx{?3nMwAYsn8BU#=PRokSu7=IM2QSi=aZgX1^KrG0(t&i+_fSky>o)g{vZ2AH0Sr
zo~pk8)fooRT-^`AYR$ZfBb>@n=B9kQ`KCCtT{-#8%pvlD94dn+so1~c)MmuArg^HM
z3};BEY`vsee}RstI3}rLT8qao8Ok`d_Kzp4cS4?(2?-UFKYDb=Z9`*s2R$J^mpw@{
zkDQ8gr+(ov$q1ZaiZUaX2$!>fp6f5+_g6}-e&`)ctTr<1)Ua=z?U~;Y1I|IL$2vg>
z*$XNIsqY6@2gZbKoNOl&ahQ#bJeKt!4Q%DG)Mr3Ho(%_&g2Q$Fp>&}l+V6K^?z7Ek
zN@kXKOxVBz&FOz;0od>B#j`pj#cOyh7WO1qT>E|j;yqM+Q^5Yg_D*LI->3(b=YgUl
zANBce#o8P1voeVd$nO!w8h6+}n})4~6-A2dt1>T{Ct6ceEcAK4JHnSEi(o3M0*WIK
zvt|I<Le<2#^ziS6N42q%Riwb}<5@qNz}Xq*O2N8I|AEoIz)ERped+J}bLx}Mvna@&
z^^2n8u@M~WGCyg=(>7*N%vq<;ChPB}V<34IC6^2DG4%2GPA9Pq#qBeRo>d3Ufs5q|
zv(!wgH!e|OWHOY_GaH|wNd6Rl#~HOgTs>^A)BP5c#?0MszA!OMB%ca#L^;CfkQ4x6
z99yQEA||F1toJrd-;yV)w82}7#FW3jkFFwpj4SUFjy>|>5c%`j&bu~KRkL61H|p+S
zV;NjgA_AJ1#Qp6kPjdb|*?9*Q)!?7Q&|NSrglV@NcWPBOHuC`w;e;*80`pl1il_32
z+ItdBn$nF-fQyf_Q^HvKmMFPr;l=`%C%&;%=HHyZ*l5O?0t(RHab)7(23!(VtbHu&
z<5AK-ZHKJRlcirRXE<LC-Lns$xmPYXF!?!clq7JI1UVSVsbjwDJ<-DD|M@t|NjhfR
zeqz9TfTrBywAJHI#0n;kCC8w5bk7v*@Nj`X;1)Coj1*e9$$il-InG@%uVaDxhPHcV
zm}!vzXEHTfo?+4mPu5M<T~%_P_^F7#(qblr*(*V*BC7s^L*k5QF!Q3917uSJTQH3f
z3Ei1mJJ_{Wr`<I?s!W10U03J+@tv*)<7=_1(`Ir)w+-ygn%0e1JAh?Rtw8y~65oEd
zl)V~m1c7C5U78(*H;}&|2J<ubf?1tBRQ#IPf}~T?%Ttyt%}O*jvC;Fd@cC^!wB~sd
z1(1$)b49(3)m%QYL}dE72_mxYsFRBAVStu1MTm7QrQuIm+F!P{-{<kX(WHT4-rz)7
z6_RBDgNtG5-`K&EbJ{HEiT^+2ng6T%OuWJ3qIB5I83S@-WxRybm5)AWa3$DBEN-aJ
zkTtADRom}_=<cFr7_i-M5aU?7$w5P~ny*{XAHKFc-H#j&P@_Yqc2Xxb7+bWREXwL;
za98pUVFnk;`J5I)wQYD@0i#ROuu@yeOBW8zLaA_<6oOzd_oLTt*@F5cBrVIZe!IIP
zR7(2h+rQi}&nG(u=0tMG`Irl#=#1YNp;orNdU75Fn9?Vmye1cUB_|``HLGR235Neb
zHXaqr-LerYO3Ltg!v$JmZ)g5!0Nw<q_nRw)YmFv@1r>j#8+nQ_t2^v{LS=q@qs}g)
z;iD1Mfz~3YWy@qt0QC~hAb~&Q6k&DdM>~(dB)8b}#yKb_CRF@E(5~+{jr}JfBMHK+
z<b+~y4JNR)FZR@lu15PZ8NVJf*E#!Mh5993+=Dm&oqzv7E`8Qn4dvpLIT~ZK9yA#}
zb4=&S<3sUd6#;KBoy!I>cQd^HtN4B8zco-wYX<FZC?w>^5Hnat!l<Tv=bXnZh*LA1
zoPQN!+`0wuJs;&Cd5>5Xa4^`6lM{0<vt~l4TEmI%EQXFjUAc2;sy)=p$Rw40TUX(B
zF_Lq>P8#nEU}2#G3SJlGmdqe)Zu|vWEQOL4MKRx6?~IoP&s+|HY%)%L+!2iOnI_g+
zXml9xs)7`0iZ(8#@Ws!^9tVP^m(6RP<xJCEtg->Wi*=!ugGu0YBjV?h>7IbZ_yGBi
z9M|Xo<><(_GQE`1QJJ)pwYIRH$p+$4GU3KvO+PxzCHkVweC^uMH?ON7yGGxnX2qT$
zad_i)2s?WpRK3!Dhd6SfqF4K>HrKK>aFZG_tx%WQn*uzL)MC_<Ix$2968FBy^y7Jv
zy5Ht}GYjqk1Ym5)?Zw~urj7JT^`WJZ0C>PYB-06cOJ}!QS(qeL^MYm5U6u-8){{<v
zJ@}_AQ2Q@gU{v?8-9cwuX7R<nNZM?_c!zxi=xi%b_09KkDNFGO(M|b}7r0^iKWW!p
zQup_oA0-682<!&2WUj5ac-p!S{J=6QJwUwfsrD}Iq(-`aGH`13a9?I!-BQ{-Bq=2(
zJG_LxTY%$~jX=qQI(DFC4QNhElDl(|*WH{)f%Ti>l-lF1y#Dv$ui|q)UiWR*r0+6&
zg-7@&G)a!`tZ}KP%=t4Y9LqXCwyNeVTbxP7%RMo1VtF`%E<~b$hu`2aj>-sB-<wK&
z5P_^&=bUVMD35Xk(Ph||qsBs+DrVo3C^HUi>lB5CkubSsWzBny636U0t^aJ*m+EFG
z^`8lmd!=yY4#xmf@2QMBi@UwC*Q<ufdY1DFI$B|{<A(_7+Zh+HK3K0Zo$IW11rDn}
z(qIipE!OnBlM&BiG2C@#kHLR2P<Zv21|5HqAIX)v`L@mhnPun^-sL9TxRZ`IA|q(^
zPbT$?uTGEpyUoy|-hkZqRx0EPv|7kLS+XH8FyWcGh6Gzz!d9t~xH5h`f}=RFl$}bq
zy(?PgmN}9+T3`5L=WS474zvR*=p{m4I79Bk1!c1{@8vYRBhS>mjaT~>K!CfX96D&l
zd7R7$0Dg&<G<#{zyS!=hA9Q0uopw9xw)>Y^zK7`Jou#)S@lGt~!|f-u{h`fOF^$0t
z=YN|Jqz<Pu@HFKurjkfp@ZqSD7~MvkeXpoYed_MV>uu2`O?_9xI<!CPL?J{n{WC{!
za5TTy@{sYp<kkUQrlR^DYBR&D=3xt}SKV=9rJ5k!m%mSBrmiPA*Js&=Ph}{_kI_J)
zv<$q9lrV7`RhFZcr<`-P;d$;G=`D(;^eIptSHpcbb$UTdoh*t3nUrZikJ*FF==(2T
zW)65$evt>t(v(QnTe$RwpfwF<@bd;G1dX(sE-e*cSaoaREAesy4-0R%GB0U|s{jE(
z37Wg7)B~CYbCm`BzbHi8yyEMTn;^=ymY-uyN~*93FAX?w+WZsCW;(AlOW820D1E%x
z5m0;7!C$>EtGsMWFY%Wowznc_t4AW@hgy+lJW<I?-Q6>^)iEd&>!a>YE}k;=0{>JF
z&hYlrFD_bn^!R$w)VsYk)Wzv{k3!Y03Y{YknZ&+gLv&ooUYh_p@3Lh$rx?89hbLk?
zBab)S9SOL<Ht*oBo9O8&TIFS6_V{>9IhUZ!RW_0F`@v5Ce2sd^Cw{AyUq7|$#ciDq
zb`{DCveuKC+Lp|$b{ke;!$uzKH(_k2?yHJ7&)cURI?1^ylU5f&B`6A5@Th6x*LI8B
zWwe->rtXy%k{Q@7O(4JzzC+=7c6dIX@y2}0x2iBX%Npgz4q2n)8vzx*=k`^1`V>dC
z#^oLAf9+Eyi+W9*o1;a0!ha#$9d&qjKObK9HL%T23pt2OQ`E#$Wde02N~^C)5hJFr
zwCFx!PtK2FP#7MDnj6#!r<mv#nNm+t39%WIR$o}i+Iw$|RnSxS;)<KKS99J0M48Wd
z9gxnuoCLFhLMcQOU}g8#L}K**)uIQel9j9eWYV<>7xZ`c;zx!^xd2OAm#X*2&5=0p
zq@s!le&H!#hl5c!F^uc<3Jt7sxAE*H-E+^zpQ1d~v9h8F_HOsC<lf59_4SXwFfF-5
z&X1Q+ubYTdhLt>hKl6CR-LK=6rt>3_O`9asJ!5rltAJc^^81BJqI+k(<8X9U(%x;G
zEZwv8(WKf=csdz~bDh>KpSh=@&Ui%VVO$g;X^a|zww=2G>tFIBW|f!^?9j^Gu;+w*
zV7oNY9y6;fX7W$zi^anDxh(Pi5;17bF}E1wzb)xw{Ap>)Qy0PfD#19`delRV1b$Ss
z1)!}H<|)&PAr2BhjX}wyrqS4oVGs(#8%baP;>u)sn@7}(4|(_Z01c~NnZ=$GCsm{*
zR3-vjK5GXiv^Um``e*q-dTYYR<EUyxdK2s#A}_0x_^@f+Wtv(`!h9yJZ;jPEulL7X
z^UK<AcIhMBMnafUvlCV^_Wsw4C;%v|%sJaAyH))VIu(n8_W(S_4}OtOc`aF7Fm0(N
z7kyI`HWUVVen{}MlDSukjmsA6mF1(9cf#Jx9_!R|<$c#Jv42LOwvQtk;CU$GDz>-s
zsJOOus8kOf=Y0oP(K{tn?^6D-7R!r!N>m>#eQikDJ36t_sjs!hT5krl>sT1y+T+5#
zjk{J?;?EjzhNOsY!d6WKETKANcHD%aeMW_A+WMe5SnN_vChtcaEaWf$kxFWyKeO`e
zYA`4FkE6hma_Xl|L_MrFT%2cbt>8FNABl$65;l>_ZFjUld^73hf@LwMDL~{k!gJvF
zGiyr3OjAQp;ZghdMo3!KjZTD$*)>(M)xW>OA2u?dyls-HaxOwcIKC+3ksCb|jHgzM
z40R5xvdE@+yheNk@{68gjr_-d$v{2t8)Ol*qb2txT260^eaw_-4jO4EPVb2aCv!gS
z^UC~EaToQji%}Exb$C>?GZ$FCER4%56#*2|HYaq(?;_K!G!J%o(#DbL531k{)09R*
zS?W^3hc0zINrJn-=|+H)v}5@eBkwsI<kPm*y#4io;P~HtJe4c?F~Yx5X<aB#asbRV
zW4S=0`(NRfk#)}|csHKZ4j3xM83{{dMJ<d~s7dP`;-+nXOj$h$fITsRESa7BYOj2j
zuS2inrUm`hN}xg8%{<NrZ_b?HJIX6{!uPF}g|CIM?9v*8XzQ2#DtbqR7D;$P!P2z7
zd$VoT4qI@W?o&|G=rf8Lxf-^d%C^QPjEM^W(|9Kr^Lfq88I6fn&XLUt6g}@*!LbKk
zxr)%DVV+UvZK`WXr)sIO{IP8Z#O1=o&Rm@^2SPmW@5l1L+$#E!_{_O2dV~`Ch6Mbv
z)i%;M4Z_P#`7HzgtD>v@5@)Mx^tSmc)#fturXR}5$ZWm@f}|R{?GRGoApZ#SBk5|{
z7Sot~iF7T7ctfT<K42%cey2o4Hvl-+&+f64I!6LvWn@W!rH{~p9#;0%wzG#)F*t8>
zXdK)!l=dG$uFyy%o7b_Uay}jP*P><Q2lS?%)+AX~dK|H(xvGuY9d47sb||UrsLw$T
z73Q`f2|Pq@+if=0)3p;BgjDHX;q0om(@QD3uMbH&1xRaVzrH8?LZ;K<%2`75jvD!Q
zi}HT^DFJCmMgjJbPF5sWDC*&YUBa!kHI#Vl!-Tw@E?v*xtRy8mqnbZ?&}%UKWX`tz
zh~s{wyu+Sg=pCePnI|@S&(3e+j^vAVM%nc{b%S!8LKuASzV@>DUeEJ^wL<EtFOsX!
zqg;vjvg;$Gh#N`DdqW=qU3E*H>7$OE_KP-e&p|&uOlh^~M+@Qn6FQ!$g<Y$f5(+nm
zSgT_0N;~fye<k=5pC7*&hz#lVW(jWGJtrY@k{2D4+>P$H@1NeCHLM;FUlB>W3NLYA
zR#)1x7i(HmHB$)Cc{$9>Q=3~-x8q355DEy;5nOroR5^1!(**HoCNu~9NOJ^MQq=nQ
z<SFOzqs+xQrOAa;wT5dRkXMfNS61t9Nu;gzU<xfwwp%QIj_lQhpb}@b5|2h{$g=K;
z{r;c~lQjjz-eXj@(O#b@0>F^y?cmQO`1{h<wbo+Zdn*XB`i=yvWSyN`yJN22-c2=l
z2kDZMj@(1<vbviiO|xk2cFAPm$nU%)Ojq}}K}QheJKkIbT`a{|;44`X9w=!%XxJH#
zDYD!vj84-9riqRNYGUxSjgFVBpkQotd+q4PLDS*+&Ra#66A@0#16Mop04Q(b<A>uF
z4rh7@wu_%5C53KBJ$-S!dq6Q7S$qYWo8(+sqq%F6Xj-t9;qEH0o<MS}TIxA|SiOC3
zoXUx!pr?lU*_F@A7*qK6MjZnvzXQ8$PM|l1Asvnb304MvE0wi2vh3rR_*Om|#`5g{
zHOJK@F{i}unQByNjF#T@I#9+vy|QkGLAY>Yp18==^<n^TddHPMI3)&@rj#a0W%~P_
zmda1kmuYcvS1@LsKQJptpC#b0Y$)+9jY((}GHE2rjEw{Lf3h}FNz9()%PjL)?I9Lv
z>|RF=r#JpDDgNI-lvYkWC>P(6agi=YO}Fval`UjFnyiR3^;<1!N*E4sAuGy%S+VeA
zwp(kkVJ?V0={bjCHXN>rmNFL@+w0lm;l$wHn!0#)@hha^(x#nYSyCnc?qp;US5>UZ
zwU&#bP%K^3NR+<$lSIG>`o;pYITIALH1B33!*tMNpsWK$%4~&Wnr0*RVlaEflww|)
znEUh<oqXShw+sDL9Kcwrqz&4Dn~PCWcZ)z?V#og`zNxIfo)FY=^V+rEOLVWqHb6;|
zW(a9%irF9*YGfbdYBAy*{3YhjE>$m7lo51JsFLHH3cpR%2~YQfH@nej8<MA9DtEx*
z@c}z2<@+cfces4<L_a$k%=ya`fYRDgZoMZjO~CM&$|QlgH$TNlBF26=G^4>6eEOY_
zk*o^X#P%*?u6w`D<z68sp0q?-^a|oTBqE#Vv!j}SAVaV*E0*l%lFm^=b7StD|MTtW
zD@g4UM=g<E_xr&Q;4zohlzjL0ZG>?URW!h#4eXX1)2$UYg`;#y3u%y_8nr4pV`5v9
zLPz2RqruA&`2_Tugzg^@{W@l;cV+n~_3y3+y%Wz)k3|0E1vt7E1{tff<Pu?}TSbQ5
z;L~NSZ{UU0JDo=*hXD81Wq>Hecf`wSt{#;96!_TD1lNmMl(3sZJ189_bCmWDrjjz{
z<QqDUZH`mE9FlaKMA?Jq*KrBjc@kW#5#Ld@Q3SI3;wbi<Q(Y$mDlWE0+!<ZV(QJJF
zLE*HRA9Wnohj-e3t&4xqQyPPo)%wd)a75Xm0INAscvkxb#5R6!6Sg>G-A2<2uai^X
zK6MBK7n`S%^PeZtOr`@#^pV!d7+9T6%`H^(8x5wV2I2vDF;h;|FyoZLHA6+?>Dz=C
z6@3YmcQpZC4o7R~Ax4iJMW?~eKs4dNrsG8i8Bu>+n52EUy4KX51(=pZqZ@{cuo})?
z$6MzB!V3Xld}UI{W&;7SaMJB*CRiYG2h!oDA^dt6ApEuOxbm)D=#~eiOKpY^QV-zo
zdyA`4Rz!jvCscIv=oPmQtjKO_pX&`1Ki}vRqqxaqGjrbY?A0V|A?Qy{w+xJD-uMtv
zDf}3jjWvpF?NS)!c4IWOzwX-)YaGX>e``t$SSiO%gA(Ykn;s>G$&VhHCL_PQhW`Cc
zx)h!&bkP~Ai}@noy5i9;t}*kRm?AP@x5V%TIoO@Ru;Du#0}L2u8oR|9moC8CzwQ`{
zTw{r;NX~(B<os`vTB<$qrYa01G-4C5q(qyn%H&2IXDz4eDUO+ZCBUkkBR1#|9qC}G
zihuL(tI&fT?KPh8DaSq}^%QOj;(Fj<K5#pY#ZGeVL_c450O4QzZOeYP4)O8KT{_m5
z!L#s*D_XCv<0_+uRBJAFyA(xT|5uz;ihIQ{P}e&6nRIkLA0*t^`CVzwb;k$mowXxn
z=i`b^PQMvZe1g2yNMzpT`7$$kr>-^+r~6LR3<*@^e@52=t$7`gqG>Pu=7ey`KZ0Ni
zAljsBmQ69*b|i74!+7&BVQScCGxA$??nm&wNr%dD&t3_y>!2>SW3{^#ox^7pSBb>k
z_KJR3G?v`lw02sc6S!`IiL^2E`q-QY!(MAq=5d%q2B?dkRPl4L?j3IKH%bvz1!ZZX
z<IM+6`pCM3VfRqbo=fu;1sMlgN2~%Q--GiuL%k*P8B+@(bU8uGYK0`q2w9XfMz3&^
z|JnUrID4<nF8Sw)3s24^ts~pBHC6z*+gX0P@vfOFVpWBu30z(-IO4%%eD5upwY18e
z^{^?xTCy_MgfH{0-55Gu3K=sSI{Vwm<mjS7SabZ|v%`|Q$iT2C1ike3-<Vp=GuF%c
zuFif4!79tjw+!7JTSKB8-tOhKt0~8%dA2&mEJ?}`|8PQsT$Xf8(i%(kqbfrs`hJpL
zn{KiuBR6*=Nk{B$cIY%4B;-~2xRN!^dBjclRUY}0VV2+Tl7QY&D)GP(ze;GLgKhWZ
zqx)EinDCqruFC^4d=XcgE)zP=;cow2vp<>G><^r_=^lMr>6lsU@9VDBWsNwllh|pv
zB(QXqv5$-8iR*FyylZh@wF!Lx?plBCC>RU(ISbjyoS*yVlBB#+9vG$-9wLCiyz(#q
zam+OjN~)O}caT}osaS-$PKHKX0tw@8R^WQ4ZXi$A?styn{TTj2zXLhvF?FJM^gL^$
zt+ZzHcpSM7TKE-_RNyCKLXKCk(}<&YI7Eh$dYvoP94T{~{@l7n%9M71P9?(q;LEyJ
ze#3G{6@8wAlIYzS`A;wTUk62|$1WaIeSc&plisJZ9}j$ed3QZ3(1kKIuH&m4?-;Oa
z&aBL=89g7J*Z|rs3HwXkFTd4<;fgdIz6K=9SKZt3={Hsj?aI@LqmH!EhcEJf6yU7F
z>DtS?5z3$1{;a|~x1l%V2ztPEnRb01dc}nv#k!ZhsDm1E!4%#+&eXXvt|TcArLz^Z
z!hM_6O@*|SS_$O8o_)8afK1@o5e&NA3YYlS8)Zic6_@`KN}Wm}Ux-Y5Y0TWAe>prS
z&|;O-Fv^+sTllM7T~W@=mMBfgOmk+sTwg1F{XSG__lSB5uH$w()_mJFyfFIlM!A~#
z@zd?0QJ4Ba=Qw`S=I$=DzBQ21lrTp-;Hn3+P}^E-{J1(+ps6T>_jPaBz7d~5WO+OE
z_kLS@W-f|vZY_Xv+)>xYc#d79!ZPaHE+L7h!~I5JvcX!W8`8+l$%}WU^tHDGP9WSE
z7f&!6XiR6%i(X29K}sOp85K_?SF3&9E$^BskWH4!5J>v+yjL%lr}~`{q6eH4`hK_1
zyo{$K>L<X$P8|FNVM*(i?)3&G>W^ia8xq;IvLdLVeJ!=dOnE_>JG+--#&;Gn1BU-T
zyYT77%Rfvl_3J|vpmS&RgpR5`wHs*~f^iS_gMIl&l5@L043IX~Am6O%;h<1Xh9`G5
zSYl%^x<R`Rvbxivhz83zy?gI+_}UbI9mQI9<)7|X8Z7!t$lKAWMD{tsyz%lxNdrUW
zRh#_m`^>g!5%|z%BYFL<bt`w@jWBu`2`Q(U{-P5c*9vDm=C9%2Z^E>O?%8A=51le<
zeEpN47e=o=n6h@3r=&xc7~b3)IJMsb9#dtIPl3Vy(8!U6Dbj1_aZW}tp=0c-KwVq9
z2Jwi5R7xb@=fBW}Qm5|4T|G+Hl~hk|*!~i@+P?1k^{#V8!k2PBn8kKd8I-_b6fA#^
zqZ9YCbDm4U?pI$#9M@^QH709>7!MxUjd8z`scHK9#geugn2xaV$nQWrYF=qx49T^C
z?F^{i7mjYBbRa*N&|UCq?ww|Ovr*MlyH;80?d4}`aV19()DFX`R@j*YMRY-Nz~|#Z
zH9VOZ`$ysm%N=C9y4o6D*h59cjS=QJ`}Wvq6%_sRa%f61L@g5#2v^Esn2HlGK{2qc
zQyI~&cmL0J<Np@EFYw-L)5^W)J$L30Ts5s#Q(^6Hl}XxgoSI2fHYK!Lce#eoo)Q1m
z86l+@VyRuO6O8=ie}3f)B33u-*ukdxp^EWpuexn}V-S=OCwdyd-5~;taxxMlXqPJM
z`VJJ&N+~+^Mikd}-!B!OISiXtdv!L>u&*d)?OS`@V`^Tk9Q{jBk$F!+soz$X{{_~v
zfq*Iay@H&JOv{mmYF*&WVqRC(;`u}DdtE7`OZQU0?}`0lo66>$J^?5WJmF6lUD&+p
zv)Z&qn0$2pr7t8(p4<Ly!&bDtXcZk0C#ZqBxeX$K#SS~5qcw@q=WEBr6B@&RhCR0;
zwe5~}CWzsCI@5YF<fx7IH$D~SU78YsK<LqFwN<9mxV8HVw^EVY1t%|YF2mtYVAjrU
zEO^>Oj2$u@nvJoE1aqp85oZd#0X!KJ4hE=g-_(cl3BFg2MIb)!J8lct$hQ1*4)60%
z&uX%tow|Kt)sWKS!`gqf6CjY;RjsPP8vd<5G5TR|^ZP(RG##lp#%$mjuLsr9xFCVa
zx*ts(I9ne#vx^{3Us2z{05;7jWvxk%T!$Zis6Jqj8Oj&ye}FGc1KENjcV{s_sTz}S
z(fSekKz<L_rmR{?1HfO}M3SFm{JEyxJU*#VlTz$h-rge3oPT3sX9Tj4ZfT2&pbxMe
zG?vZRrUj96{I(`_WTG(k{!)tDLRH0Q!vgJltORr&3O=a&9BAShG@##1o<!8cYgEQm
z(e&P_-K--mI}dfPc#TFIDh1J|gDR=t^z9kyQ|I9q%tSGLe&c#`7@l4M|G65z&rx$q
z*$Zz&6ugFN0A1=heVLl4z!WaZj|$1{%`1q%+F-CT*f37>7AjHIe)4EwQ}JhsiI@Sf
zG@Os>KQzPY8s^R{yaazA9eVoQeB3K1R1}LZ^KjQqQ5f=*Aj))-cZ8DF-(X`a5#E%0
z##z$bXg4IolcH1c%@SjNP3j+RkHu4qoaE0jC#0_(S%J65tTb(#`WBwtC0<`M&h60Z
z$HW{!3a*A~lFsdH6DoI(W;N20n6D@}vn!R<9alFQT()4lALVopu=&p9XS@|mw$bV_
zoSc~>LPVxwo&v@D0OU%5<#xvUrVI->(@K+i18W|poi3YjizXAeK*Wf)7l*G}4yehs
zsr^|1)nM?4^l$jra8wL!mVvGNHE#5KI~x~D-}2uotu=Tljjc)!LYa!OM{kLd>EB!U
zn$(?v0^92Y6yyLYt%8y5+-Hn1__1cN_vAVc=la9df=RWQIeN%f#mp_)m$U}p$r|=`
z&@<AJvhxxoOV#OU09i|%+E%->PnqB*YN?a1NW4@R=$snac;$XmJW(4-x@pn;D4JY?
zi$JgWk4p9d%T1Xp$0!xEVy!E$-7T(3Bn!}K(X@;{edU8BFo~uD#;e<nlte&U^7|>o
z-;vS-_jX?S5iP#8gAT)=BH1tBl@kdgD{r%}L0%gf(u;kyo;)`TZy8pD<QwzKaB<JK
z)n8BfJE`>aqRc0;5&eTBcjp&!uRJBHte#GkV&il#exL8_enmedK#AD9dRLpPL9xzv
zFOe&w*mSNWx>uOPlG3YPAlFIrJA_1eT9UL(0Bg?^K7K@p9nyaK$4ht?Lkx2KG#R6m
zsw@eP$~&Inu}jeGPISQM5BzUD)lIX;r618Y7HqP3Aw|r(;>8|j6VFa`U!}>Ca*X+R
z&lP2tOs}f#iV+R>`V`Wu2>xEN%lr=dZ?R)kSArrsYz908c<<mhv(|1Xe<gG(p0uph
ziNeUj6S&YrXrmvah7a#d0#U1d{bSk_jX8nABY9k3?X7eN1xZ&nV_y?x`fy^nlx(hw
zK{CJS(%ZnD{Y`eh&D__Jj$>QMEP>aPg7FSYYY4RM*mjWaeSgt)u;>28PWHJ{-%N9I
zF<$IpteAdEaJnMeL-*IoXg@J~#uJC@#3v48rAgipLcCN)YRRe8E&(P1@UDo!W8uW>
ztR4^TSZbaONd$g6pV?VVaN#`gul&^tNaT2!S#~*Eud>2h*)_$fMj^z{zRH*!o4sUJ
zIZ_f}DscSK-?@zo#|-sO`sw^-e(_kVVy{LnSm3)!;5|Rj-?DqF%Pj$|+aqiui!Mf}
z(7Q7Z8h@>Hl}~9q`Mluha}4Y3T_IjlB>*@6NY0`(X0k{!rdPG4lK~$wPv@6LH$}x0
z!>AP(YNjL*sQ$T##L7VQ*W^onhbwr$fao7Q&i!j>S@;yY4!`5L-c9fB-9}JdQFQYB
z48(vFSMaN}26{Voh+5(Cab%gkXVZgDn&Kx5H&E#^@#84kY{I4?O*^>5HT&E8t*M|u
zpA+*r)WV~qIvOpt3y=qpPGFca!HB<NFFl~bX0e8!B%WL*Vo`69z?35JsHs=XrPC29
zTJKD5Xw-;+FB`2$iihdUoF`<3)23z_0ED1V1c`$HkeRSU8ktceDUsjniBe9P$=6%w
zfRy^=Z8%i^owG0j^itALi%YjcWdB*Z!0Fvzbi3k~*RIhH1r@D8YygsE_c)*-l<*L*
z?u>bA$|pGy9`eS>-Jb5DG4WG|ea{0g;Py~)bVM_Q16%aZ`^V#$*1607y6bt%nSKpQ
z*xtug*k^~M7zc$4VLWE@T)%<olXF!=;ZZs5J}o`m_`HUg^CFAvTX`a7{L@=#l84&)
zuQ&ktb;RoC-hK|8=;=x>>E==Rxm$q|=kd-uu8sTL0S0Y^|LjV8P79>D4bF;eo9QrB
zdb%*LbxYat>-53a+eDKk)xiYC(VCK+pstu7Kd^hdjWh6QlAXlKn>uODhuCDYx9Bv!
zR32v?>Tv^p?d|W|2Rin;$=4F#wjk<djQ*#VqRwL&PnSMK@5>Zgrf_fF?SW3wzC5GP
zAGjiuF#?FLA7BZeM9r8<$E4irf+Y3xl|9Ejn?49>kX*%ICx-~}C!HkAS+)sSti9B(
zAtf9r;1+pts$n|L0-<LFFmRwSW({FLh#$-t-lz$|dIuxdYmr7sy&Sv)M=OAo6js!$
z;aq<S4VCBn_Lkjg)BsUmg%O**@>TL$0_o)o$-DQi6gZcrLFWO!pAKNpgb)i)<^}3|
zjU0<5l6KzZi(sHR(B9o<b$EYl>Zs3*0FSz;#**}oSrj)HE6s=eDo(hU1KqIu4=wNW
zw!=t1zO(6nPBecy%W-5AwQY;JvT)?X$z=l<+Lts=mqB$bA84)Y8lZMu5&pY-wkjvW
zpnfl#y*-vkN0{H<qxD{nBiHJ2ZY>>#yf)9?zPn6lol6oyuUx(Q(yB^}ju1kN*u0S)
z-kPo^AcETZZm-}pGv3Te@O!QjdL@-$c-OBr1d;B(xe)CEzt+PfL@x4H?kXH4I5}Ru
zY9+b(!f}RSQCv!>mzgXYiRqeHm&99MlAPI*0Qy+MM#dNM<n_L#Ncm&O!)1@veUbfv
zVINqFx44!aL0ic$a7~;N<-kEp3+;Ib5yJP7(O#2pkvWNi?Ao8{M-+re-lpIp#qyOB
za?DO)lMOJ1U?nPhE_yaz1piuB-NxnVV*~k5gkL<PpKd2+^+u>EAQZ(}n*w#Sw0qT*
zxj`J|74V@tIIIX?emn8iGmY0f;SZGs@rhbNS8B@yITm&|4JoV6N0RuzEC76^N#`LI
z^vg{RctoYde9j!_q<644a{PwQ2SFt#g|pt(ag!F+rFi>^d7zvO6{c2P`VUfG;V55m
z{LTm{RG?4HztH%T#g}po8;0Ilwk9?|UoU!+w)axOuKCeQufG%{54v5mp~P})HDr@F
zG878f*-e-Wtyo>_e{slKET}jM#UFS5e6lBJT!OwwfqafV$#aKC$s}T<&8VGAV_N8g
zqt|Cq%GX^<#7hjI@8}@5&GRAVTe_!4gXPG&{=7;JEQ5#1g3yZbW@4yhr`>Ps_6^B3
zC-IJJlFYC?`{9#$*PMOc?K`06SE0&%HmpgsYp)J~tZ-en0ZPGn7#C!1iFfA}j5vL6
z_o-ODm~~hkG<9zBNzPZ0w>;X-nliar6CvN<C*V2t7`@#B7Esp>NuBe{sHS|BxJhhl
z>I3{g_P+cd%D3&mlC&XZD_bQYA}KplsZ>IJl$}WuvhUk0Ns_&ykY#8g+4p6bk!`Y0
z*1=$y!O++S!z^ZeukQP~@8|y3=Xw5u=eKLF*UX&PbuPzw9`ECQypQ!Tvh#?uFHe9H
z=CWW+Y51{-g+W;pzTt+rleBS_Hhu40b@l_Y>i(|Iwkxz}rIYTIs1380xWnFihD6;{
zMAjyI9tyg9Pi(wbnLVp=djAYpD|PM&Z>xJcls8ojf>G-WIf{*LzMG7Yvcm<ZAn1F<
zijp_BwtOUl8{}b`k-#EbHt%&J$Gi!?)Z`Qxd2#VqYOAm0-Pf8;IZOSKe`tBWd<ytP
zRwhlRDLZcMR&;A=3LiWIk#!5ao1*XA-uEmaj%FvK_*eHwl`w4R67(DdzMR;c>O{K1
zPcJr<zoV?8i#^0y#pO5U+m#BRUetJ{+Eb^vQ6FpH`a0;^K8dO$4q?o3yvL*D7602h
z=sNl)P1>X_Z2g5MHb1sj@*?w7F@n?9S&iiAVde8v4n}MHix))(SC!3D>c8+O{E%>A
zlcucC7m~dEE}$gEYLg(U5G~PHw7S$l^C(UosV>uJ7fqrRMh>I0rlhhW9%gU09#9_J
zJs*1JScKnYUBNP>URG1Ej-uJU!nHY#7Jg;agY4CWd%;?xS#n)X=K{1rf(NGM9+M2j
zdfnpM8=3dTAxn0m?A5hokj70=jI#ryNli^~mfEBuFPBM*FgZyyj`n8cU6@(29+0q5
zmfDi@jql~#Y_gI$n=q}~os<9R7&nouIc&yZaNi}6+jc6wau8HB=AXWMbXsH3V*Dar
z5bZhs&cHqEkJ#4BODT@oGUgH#boFzW(*hO`(!v#2&m^;<ryW=B@w>`I*1X&hSk4Dm
zD7e$`nrJKg+KA?8tc{|LRG>E415{#h>lA4Xyw2LfIVctklx0dS;3$&X#_iRD@jTFt
zxB>4D2vyxe)~B$PA?!I<>CN0q$RYIb+6~(HPI=rZJeIeXS_;`N?>YSrV;hN5xJB^h
z)BNln@z#u=_1rplV8NvjG-PT?pzXODa-2eT&bnlEG*;I5v)&Jh?;qE~N_0L91`%U7
z*7;iOPwP_Ktd{S!+Si|23(=w?xt$B(6>7`{jT%~O@vivqg?*Q+(=g_b!CE$<GoK~S
z+Wrw>_d5K8k1|!iY?6OJG+R!1$3yO?V)Grlkd8aMTE=~Kwc}h&S>EvQh%r}=Z)jtF
zg_iLmyyPB<lilAfqPK@85PnVcRs#Mfj^pLVUBuIQlI>7rO{@Wm!lK3{ehicxufI`d
z2Z9Q|RWnIwzoO#U`?xsXlqEGi!$I^w+OPUN**k#s<upx-@HqO}fV^W(6S5Hq)cVd2
z1UATh?PlM^Cs0<<%Hn}WH__y>^UlOi-m#?@y(d+xLQuWUHbS6fx{+G2ZoBg-(0per
zZpXNwh)?4l2OIMw=$5P4Ix_f^U-X0YGfJmb;p?Q%txLJl2;YdyZvJjkE`(5WevKwy
z_bY3mV$X(qZ-4g>b_&eNW<B!<iNxte?9KWf_3rAs`|Terji9H`QTA8v!pbRe<_M03
z6sWRgko~S}iA$E9g&C~K_~a|1m`;V2;h#9}gsLn<-Q;!C=}YpheP<c|6piqR;Lg*U
z3qER2OQn7e#dO)o$6AF*JJ6b^W9hL}<-hdn>nb6J=}nb`h#|;PrxIf|clwa)eR#*d
zB(jDs&phM$YXNC9Ku#Na>z25VGX2ezB__#iZyZStJQB!02q5f?*0*HS8>6N}-fm|z
zAZ~i20U&k-nMn!S3*5KaPtUU^gxDMEGP8~BOsr%{rn5R9F1x3(T%a^^#VnRK8<eNd
z3e%V#@6BJdPs8;yj;jY>Z4i&-djl^@qlkT%9y!m~{Wp?7S61|uu3g!kd3|^N1Hr&r
zOPNL)Cd58Z&!GLy&QmODF8j-0<4xPf;yL~Ieau)&(4WHX>9u>N=b1_D5g>tNUIg9R
z0YtETbU5P^{w^fF2R$McZ;+=9mHh2w(yDN?SAY}<e}fGZu*~Cp>(#62=MA<iJ|e7q
z_{!E}_;IcN+SkoQb8Q!^7fmsa84mfm`7ZidDCr@x?yWMElx6kDaIuNujZg2~NjBqB
zcNUpf3Vw3qwPedNI>+4EU)A{>(h!dve!k_GQqrT)2P#J%=_Ax|Yigr9Ls!5_{`ES-
zY@czp1dWPo>J8_{a9#YTwJ6j6i+JV_F~e%vI~fM?mh%_Ae?rbk{22!t-sc=iD*^2^
zX{PzgimCVA4Y~PoLYo{T<!VrZ7rN7mUM^JN<b|KV7Nt6e2wk;7j|+&OE!Y2fw@z=r
z<c~bZ)#;PV3?TRj1n-cc8++cLd~)H2{SOd3Nbh!HpA&WBoy#5^_(B72mB@?{w}t<J
zcjnJ%`)e0v@UZ_1v9p1T<@VGLN`b)D3LIC&PZNb*_1Z~e0@|OoAGr{!xsK{-dX(Kl
zu`BK&w*5${JT%crrBM@;3KM=&nV6!1kG32AafwBpWM$X)F6s%VjVmgjDMAK<&p9V`
zNwaQJ>&Dg~W$xv2u=g6Vc#%k02+{sY0qyi!SF(57a{C-I6z-CYOC+jF;*50v5b`_}
zcIaNokm*W=^c|5yUzyjeWIOlJ%1UE|W?r47jCi1F;P@TRv{8*O<FV5Oiq^~SD=NC*
zzONDYein)#a?4<B`PxqN2;SFC9({O@&!4$fO)=mbuXiQPi4;wb4L;?wrkd|xOIIkH
za{y#?yrU)8qzSKwz}AgzY!OSWL(y3B8)c2yY4lvPsSkp5VS;oj+7g=Xs!Pi~8wN4Y
z7mI#aI$qGjelWcuzkXLtL0yCQbhpNYlRo?v4O;#1F=o%kV!xpK6P~4(wmUk7<T~hD
zxJ|znpyNVWssmIbWFc9!8(p#QJ)=Dl7iaBzMyv0#uS%&QPMtM1tG{50nW}SjS&O?C
z+S_uI(yi7d{eHdGc%P`}@QSYo6@RYo@PAOef0gbD%RZg;jCO~>$t4qOeG9)YX%$W%
z;%WGFZivqory!F|6mj^XTT^i$G@o6*^3sYgV6#rK&Q76;Hpyqp{OqSNaAV9wKIoH{
zi4Xp#YQstB_|2oQ#gIgFi?>8IDI~_vm$|(96}K4thD+5sSd*t^qh2m=oVg9A_etZH
zagJ;UDj-3Cp{c?{wh4?X?`SYBM`ouUHzU|keIU9<<q$^xXy|1BJ;~#uyn<P|0X#||
znb=N9uu=On#X!A4k_vc~O!FIZ1)uMA$u!xSVzAL~>1jF_uXhwd^~qe30NbKswGYW2
z<)h!E8dw*%W<#x<;={#Rt2dZ}U6B+A9lP=!?zrABX-)un2uQml|BVgudr_GgmVJEk
zvk-wBBT<sXx8oxJh2;4UBhnZZTs|S@EU7VpwVASR{R!VM`)J&x+~o`1=^lNf{iG&N
z)|KEmUI|`jTv5_9CnjyRtuDi&`EkV#Z#8GRB{t*@(;rfNGjqwqwjh7gf$7}=>xO{F
zPPKwA2(iFawj9)DK0k#VLX*2xe%_WKXq7ShGcSdzdmHxOFjyV=E+szk=#wDp@msfJ
z<HjAF0lz)@hQoa#pN(*+>_j`7O^+^L{L$R#5kJ%Pg&6O16Y7x`<J1oOjL5>=_xb=7
z&nPMu4Ah}~rc7w0U+wxzuuW|J28m6heNF!<?z{9BG<vBFY?MZrwG#OgGtoMH72A03
z&`N{HSo_e(0}=Jn?ARX*-&EzowZlvChiDOIXu2y&u&h!q(58t$@EFq891-k|@lZGJ
zb;6R4gRqGVK%vK%T?7x259P9z>U3wHFdnbtut-ThM)_ckbH?4Bm_vm?4FuIlE4U71
zya>s0!B)pN+nh*6cfwF9(quFA#wSjN?72%w9Z}%|q;v{aM)fGAXk^oX7DnWo9!1r%
zGUyxju^n8&KQ6yvn7)=QS&Dz4&~=@lSjJb72GgRlhVaw)?q*cNU+HuCNV~79;38$r
zO=_uKOkz>0@}hiuGUapn8=9K;UpljI*KX_tbUY+5Lq9N}QJ;qTgf8%(UhgF*3(8T^
zUAycW9Z!@CI*)!X?|R;AbL(X#kAkfQZ`0#4tECb>0Y}X%A81C1Yad>OX{;wGs1<uY
z;Jaqk@g+llme1(SyzhX2lnR(f5Fom+ip4KUqoVa@t>B{ag?8%uFPNP>)1PNfwqYSG
zA$Z!y)2$boOdjDM1>to{6xt6@1#8d3U*A@HWAp?Sd?#bx_&7mkOkD4H(tW?VxS<eo
zzE~#d$IbNelaHhEW80bZ5ygN}6L;FFX4%=qh2Y7#HV`_tUz(*ypdI5GI-=_&HXBwd
zUh3yo;5mNtbJcuIqV6}I(R)RKPeC@R`f$nya;!b@!FZP}<2=Zv;ce)jJJr8H>rBp$
z8q;Eh&W^ikax#%+r0RvIkH_2GpFrn=7!M&FOAUjwpXtiALGA}}(u+GbY+|@65=Qp<
zx0_Ate4;9|gytEnFWsMt6oj`uNY_NWXvJyb(dhT)NDuNYzKSn2OmlUmFQ2>klS@^U
zBDSf*PNL(R2>p?7OQr*XmRq?a0s$*)C_yxdguiK++#hubm7gItIxb+Sn{yY`AWFec
z#bEcwq*mlkb46>Yy(5yb_v<8ICLW%P;X#P2w?F#$98t&Hax>U#JQ$@G4Q09zkK@*#
zuCbz8$Lc4hWs7AC6TIb)Dq(JNaly2tzMyDLr~k2$At@3sk3felqA~t~IBg=-n4xN1
zm-O%AdjGz7x%;sYw}7bLF1xP}PVA)ZNm91a;@!Y&zSFP)xzv4`0L)C*V-g3SV%I63
zv(9h18M7y(6@-~eD|N=y>fMz1UbZx<%!CMK9OiM5R!1mkUM_Db&3|Nvaf9}O9HY$K
zZlzPHpZSM-m1W4p+sDqlsZFN&7FqnVFa_?mJXN%O6CQ^rM`A9ar0W?H?PLjc9J9XN
zqU}bVuHkxao2*aQt>UO~YSHqA$1p8lOOeMv#6AzM0i=i<D0aEXMXzyy4cL`h#%Ikc
zVp-<Khkwfy6;&lbecSH>0WY$~{oK@LdI2sCXF8waUe~jxi^|5e<oON!Q5eMj7ku8#
z*?n+^2`v^6ToRf;S5sb_bfl)b$8qH7c(ruZL@B;a{>$B*#&ko$ixBCPZg&&Bksq*`
zlw^r<y`HVSYx6LQ#CTUS$2LGsv`xIuG09A-QWTrmxAt@Oq20Cfgd#oF4UPT;<+Yg*
z(d520BJ+UAPtz*q49B01gi%QW>n6&*XZ&sBQJjaLCt_t@E&oM+;S=c=+><xYn9BQ#
z|Dx^vaT%~AqkY&*=}G*nCEw@kx}Vvtun+617|YyUZw25p|54LEE}SbEp!HK%A!XeR
zpJ!$9&GhycXI_;UxV3cx7NtlX+bmZV2EhR4hBO<#@m-~7Mk9lEy4(ix7}D`Rzi=m`
z<sJEN6EFWO3QFG_bn{Wk<le)I)dTl@_O(7al=F6Qm?}~E#pRRMO{E=!nbGiS!;7)g
z)h#aWiVtT*T2HndwM4Y$zGiO<Rq%Xd-iYdFuGQ};w1ICy=EIP0GVG%ky$^-HQtkk~
z#I&J0)xfd-w3zWZ4l=-jfyjiUmQTl?dVt8=*y$#D12%iTqdgNve>IYrDB0!K%yaP=
zD{+t{qnpL4y~RD7lpu6}UiEzdVrU`G`$NIn4e%vPUWrbT^R0`potBa}`I*kpT6Kr}
zkm@f)uct6AZ;H-OT3<m_B2WL^UP__+56_x!IicuOG4|&7HWRDjnTg&)hrk@aKZNh~
z4KHz1vKwetHOVq}T(1Q0>Pw~bS-ew}Ginyx6WCZMVW>2A*?LO`bFZ_{@R-?3)S1sp
z`p^!y2N^&&P>|boUbl3UKNh3o7n$LdVnfv*_WK^|a9p7Y7v~U~LFv?DcnFo|KT|-A
z<7)Pi(gbDF`VV}f@E4)!#ehGhxtksgD3?U1*7%wY#Gc0n_K|X*ORe7xv}!iNWG0Vm
zXxcHG+Sl5%D7iopq+=m#FRK=FYpl%GjREs=1S*>BAvqJnXT0dkB{XV!y1eUcJ+LW>
z$!dzaHUxk^c%VS-O60qRIAUzcM7k#im7wf@!Z$tS&c7;g|J#0u`s~tb4*4#%<1G60
zq|7nGL5wX*Nu^Chu}<rAee-#fMI6h6%X;pIr$izQS+zbNz*X*2w~?Sn3{q?pPk{gQ
zV%IC3-_W8MT=$P3KN!5ImFYxjUOTG-RKTJxtF44-ETIbszFB;#w?5AIEsoZD7%xe|
za^5LBoKG%lsZV(Q8uN4ZGbKvD5wVbDLVhvo`z%i*lXgZz%n%2$qrC0i^M)Owr>nT3
zGa59b4VG4GLwYm)45AaC@lE$qU*is8&VswlmE%*TMo$weOBf+p{pujme9|Y1RwloU
zdt3e^30c<jyH98-GzIG~UJb8;CAA>6f2A72{)m!Z+I{^rU_+$Kd%J!J{5qd}OIGV^
zjf2YR4^PzH+7(aXUwYXpZsjgg*>6@?1jk7X7&LIHwZg}EU2v_t8mP+}0osCQufh#C
zmsK+#sDp~oEjJIehjOv&rmb1Z+H&o#KhOrts~-S>KX{#z&|O{CTsNNp$Ptl!7HHK>
z0B^3lh2o_9k?s_KSBoz?y=N!vSW5Rx?V^5OfWQeP9z)JC#Hn>7d1CHs)rPCqdgkq>
zLj2iti1QJfSI#JBnd^yCPeM&vyj%3eN)oh0JGGJ8jNxSAS?#J3lV}X>N>fg|^k|v?
z+GL$?x*&q7X?*N~<Oo&+m&QJ|U7rxE{mLNL$>uMcQFTf*s>W_s;g1z_^3X3j=>Dt6
zkF5OlLd5uCn2g;AwVm@b@2nn6r};|!<m>58Fno9Gi7v4Jv|aBN);z~oc|t{P4z2Wd
zV05DT<jpc#<z2MWBN22_KP}wG#Q>dz;%mG4F^7P~UA!LM>~H#)7}K;IHi`t%MPocA
za_s_<9AYwsy!R8HR!pGbX*lmEpr0nEc5TE~OEu1RIUou1ORAm|?lzkfGwWGto~F@Q
zaFSd=fIDO73i&IC=cFiK)hNtMO*c#)#fZOEX>>%k5Fb5Q5`}|O9MjuO#Jdog-bJ{r
zPa3p3ZSd2B<e%Md!3U=WprfKd3Q<lp0w+PUN8l0{C>nm2m=grWyi<SlioP*mM^3<Z
zRBXN9(ZTzr_72mgE>;986Qyx1CL_-y@w0UuY$WwIe2GxJhtP0*H`;7lWxL(yj%K`H
z;Ou$0GUDL-0d84r8pCTmN&ctc^0{KoZz4s#bIIr9n2z;d79o7grdV}trJgRSfTz_E
zYrZ(92EEFA52Fu3p>mF&KDJDlWZGuip{?hjCj}<i6_IC7w`EkDb;aV+JrQqwsu`DU
zcYk~OFD-y&eDDEl9TVq@+=_2>wL_8oW`E7WzV2E0xGgR_Y9;As*S;lh%&9F}stX>E
z(>Je@Y|A^P85`K3Y1|QsONH;(cxAwRC~+~tS^H#lX3*YNjU;&pXM^Ow44wV-Hz2dX
z4<J|K(A5W5ciDZQ?uuS6xptI`7SH7NwGoMmx$x>URwQGz&HrewNv;Lnt!^QqfA*P1
zSE}nusaDT-j;6l#Ei5|j{w&e$tu)ln5$UlxqxXY+z-(NDL<PHzYJ_v5;n<R%hNaw*
z3-?%?Hl0kiT>!fd3SX-D?B=d3?3*ps9(60L)^z4_sULey^deCMk;vSsj(?O$&X4F*
zKgAmKgL##mC0@$z2`@!@e=*e*S26C(^A&yRU~k(zWQ2}2y&2Q&`tyESyeTh#z(;`I
zJgMFQzzgO#(@gBTO=Ndr%Iq9nzs_qFi{NMnZc#_K?o=PqPyXHU0f_Jw%^|~x9ffeg
zT`2Q-?S0x}ln)ZO_<of3>2H`Wzl<>Ydh-$cb%0GE=}}}mXsZUaG?%0JehzSbqMCK#
zw(|jU1zwRdY}W03@X#{lae5iY4E+zoa=liz6zS2HYK7{GgaO@=Ktf%wPw?A5y$3vD
zuzDsqUtM6|ifQB6YCK_mk{Ud%^BMj%=>GWP`eh<H2`o3RQ6cV)@sCE36EEZVNtcKR
zoIXi>+Zy<h*@yb{VOcyE=`kzd|Dd1dKnXXlT+&Kd;`18Kof!^Hr5%;+n9yk7vC$1-
z5X)$Z>NKD9v9QWwU^&$=^m1JRx2QV$glNM4zfpP7YPP~Y-5Yx?OKCD|<0<osOZT;7
zZ9O*?Z2kOHY}YMwo!L0<@xu|i3AU_Fjr2%A^bePxXH%kzFGH)T^<$vxKbSP@ZAlD`
zv4rZ<|7k@%Ac^1c_(u_8EmszsZ4+E<w>>Ft(7`k~lVVz~;JO`NKT5+fHrAd679nk6
zXcz^Z;HeI_1uO|y;KhkM3KPt@ZvNX$=L>l_hd9Lg<cj9kxF=#_#iSNx#quc;5yzRV
zsKhp3@o7oSoqLrUT_4Mw)LHW_WDx<#hnHzk1O2s|JU55DyM#&dO4Cn`WbFVuQ(bi#
z&B`kxpN$igEynM`L&_0nIE~Py0`*##=dCaJFaBPD<51Y`OWFmh`~9zGA$A0I2#pN7
z#_&2u`fu~uDu+JkS&RlJ-M#ZD!1BYT;v|bb>}uv1W9-&ix=j_+Ka8i;@N!g0l1I<_
z9=7b}yL?<qmi14~aBhXpGn&(N^N5Mj^8#D16&wMk&Dwhnh_}h>z(7D;Xnw?(Exoo_
zWR5!$wPX48=kcwS<I$<W){$Uv<2~VY1y<XupC=EZH@=fL=W*OPIP10yRu)jcT;=K{
zzr`6z_ExdYRz2lvrpYySfx4MwK(`i0G4Dk|?1y<GgNN(B9a_8JNx4b+1n)>UsAzXx
zSf5fVmTh&C<f3MYi$Qr?=2v>wJj{rnT-$CYAO3yO9N+c&X-~<J!|`3FHyRII_s&HK
z86O|t`Dh&T1zg^^%W`wPh_wW>r!bdrq}WBo1d#cZHY%$)nzG*ew$-U2{`D3T94eIy
zPr%KdZ(uxJM8T4~vfs{kL^R+Ot;U<eYxV2&9B01d9vCO0>6E*JKc34rYDZlyB-Ca@
zP9I;>@uQz_e&X?5h`;6NWqz1%`ZWHYsZQ6R=1lD;Z8Py60Hp1wO*P+4q<jL1B#LUY
z4!7MtK^?jR28y2)<s?J;k{QOOJj51n=8H#Yb>qMiWj?=2)m8^S%K+${)$dh8UL-vY
zu;8DM!<FS`?g;GiSL^eZ2K$Y@yT}aK-TaPr5Ql;30-!0BUy76zn{B?%!$wNb@ELW(
zZ@ad>7|aXH<s6SRI|=>;)ULUb&S^c$Pw;0k4b!h{YbuIE-g$q|8?M=I3ghJUuAYI7
z$KwW;CKBE#2l`c0vSESjR?mEbkBrlb<3ynz5Hq!Izt<3D@-#5<4OnpOXcuLx{*%~*
zUgeBwQs8tBPg^vi_XSCMaqsE8FpZM9#P2+3$u8zIyo{`i-VaP?>`~slx}gS`P#e$q
z=AfH@=>pE}h)LaS$kA%ghLU#J9K1j$We4f1OKCr|#-pteggIxQnMA8|hb7S-i^+Zc
zlhQGF&{db~<hjqge_r8!awtzvHCk-pi~h}BeS>l_0zh=be1EOn4$H6{xg5J*%u|+v
z_Y?oF>|skoL?k~pf5-r#5>s$dr;4>UJl&{K88GlN*<Bo4-I50!D3IGBuoCcApr(i|
z_9(7!JE|2|n`EO49z#>T<nr%(5(T~oRx&3osA^Er4pSQ+teWHZ1En)u)2f5Cr$$2j
z{BNK+j7u_>`1P5)5m;(hPISyZ7}x@Y8p%aPgN8!vaqj*e!9~&9uRPN`z57DeHl48{
z^S+HH>EBDIRP8=GyF19k8YUKad?ipc|6<;_zX1|sfr&x6d?-x*RHH=nwE&6f^N~hL
z8R)TWd@gu@U8{229hR46L4n_!{l#|Q*O_|(%dpr3o;wHnc{k+wU!L+2Ylp>jaZXm(
zLhM>Wg+P>uiml^Y^M)2x-(Y61YbeU{t~%Dk*uX(c)CfJXQ`doUp7l=IKnC$-_o}Ix
z$CtAwmNkqIbcD>;vHe=Gx5-@3cgeYZQGXys8i7Q2k_pjYUcPQ)<lVCG&lQg+-5w~_
zxJj&Q55IoL1UlOrr=CeuqZ}oN991sn(L9+fXL~Bnubaj<jXzRsS6qnKVTvtk4piG+
z?V%V`^RPNWXa6{0oy<}#pdEbKxPAMn_N)!l`0;=a{mPE@m`71uWlKoo%?6qY+5^XQ
zOxHs=77+GSWorBUY+IO}#<j}2X$+C293Vp5GRElbX%)=^Mjij=zCyLf?c5>lhHt_@
zAkDCeo4t$H+v}GJHIESok(yI=L)qZ?UMIx!o}hK6+eNkBy(`AE$PV%cX=;6nQX54?
z_#Sr3C-z!Az)qTvNyaF;tv-kRNa3lQkC;NeQ|xM+RgkLbLGaUC#KC$lr`7h@qJKh*
z*XH_NiH-W|3BThYUm)c4>(pHN-**Gi)4N9Pb#Dh+yJjfuuK8H>-6JK(Mt~yZn5(3Q
z&-S=H|L#Y%Zg7C*7L)I?U9wyuCktNvk#j@4D28B$2$1`F2_v(bBl+3Yhs$0p((br5
zJA~bnJ=0nr?M4ck->Wz7;l+;dq=MIDz}Og^B=_<~LI8WI*wzH;G3JVmfyu|fmw8t|
zU#B2GzA-V{RiBo$F_mEWjn5{QccG<K-|QkxOJj7wFTT!fYn`WGatkH#O<0!Eg>{Hd
zT$_X#oEL(fp>q#S3%u0;y;8=RwuYO`Ube*86V|oBqBQazMGSI6Jh!7cCC7EuaiKm_
z5CKRf@Q|e90LiXj?#Qwx|Ct-VM~4By?SB}86*S<0T({M@Y_!Wij`Kp|xtzm5S-xeg
zAv8xY7CCAsdFG=elCG?pDH8o<DftcQl}vzpq#oHy2n<iZ=)Y+QUqaLRe<Hy+XLer)
z&45fPEswB$N9$LX@pW`VgGo~q?>UU4n0Dc#gDBW`s`5+_{V(&?Jfj^Zak|_=FZ)DZ
z2<7Ly#;&D`x>RngSMq;?(;pnd_@;M+jeMdoec!Hq@f(pC<R_i7#Fv=3P^Ls4C5U4~
z?w%^bWw@sp92_cm{q4j@zS<8KHsnNxERdgmf%Tlf!dP+^@3b1ah=9081-IP&Go3^Z
zI6~Hy+%egm^X6%?SdD4XjXHhrk4bua0(bagE>g@YIrPA}kf_Hx+D~<h17u4ufC5Wk
z;VMv;%52g;qut5U<3!|z_b-m-CcUy^6RSPhE7#Dr^WHT}W^MTbfn_ENfPyQ<UQemk
zBe^IhwW+#NLHv$}0mpW`5GH11ZgLTr1dQNDql7r^g2fXralsRhktV_E%KXu~=gf8#
z?k`p22eoHDLp%%9=#n0}#1GKG^rFcFQuk)R1qEkj0E~cNi51gzYY>bQxi<>KzaIyL
zP^!{o$NfpuLHG53eAacWT3(s0OVjz_)1%Iiaq94pTvz@d&4J(X#=jyA2h{JNyZ|*R
zPshT3=9ff8wRL{&>Pn)(2N~av(FsF&5*2HcnvD78j0RuNgW{^z$r~$Eus!}d224uF
zC>+f{i@Vhph8{AI$R4hVSM|pq?M|*8VB~GDpK6r#dEh^PVzNAvKaQr-!}Cenb-W1F
zVz1a?l?wzx^a$PuLn@0HSsp?kfn;XNus<4^BhG`GN53g?luUwp-!9I40AiGBh~`7m
z_7{;lA)DQ_;p0O$+>i4!#oI5Den0M<d;ZHu*y~yMPN!j?mr17K(xige;+?Wao9coo
zrlXVBK(xNy^K4E~fDMjAk-)8!z4yr1j0Xko4&{7gY-%`;OTOk9LS{*2p6mw}(RT|u
zvBXaQr1}hz)m7GoLPp4^QFv70M1R~R*1hCG|3KnuaPD=s3r3VZ9UQ9HPnOmD0+1vu
zmHp=sWfKB!sD7SoF<I8-o$tKQM14?hV`%0817yMh7>2I}+pIi~<VF(~p2wrg5Q55>
z`4;S!=~fuTm$+C*(RmOa<jl44y*GDV>38+qldtxEc~EF@d3TP=PUUlDuMDG_$_HI<
zzgxW~p_6>)O+3D4Pp8E2yaA|xwaanVoaN*pqZ}_dAACagLUJLjJvkWZ5nN1bsOV>g
z69gL{Ci#E-eow^juIm}iq`eag-gEKitz>3G*fPdA)7k)S=26Wma>PSjzm(k0H|A9Q
z#vEE=aIpXNQ(ej;SD(%~no}5s+#f?h<;vq*c=9|mVYhR5D%z#xV})c{Q(S4p&-^l=
zbW7fh)5h33m1V;IR<|yoZtUZ?tCxD~Ts!$cwMJ3TA`U;vGRN~9pWe=({{vx2zDC^%
zKlX2k?Y}O<PRIZu(^nHgXG56+lg15~=T)GQDu(Bh<i;Ls`khUc?vNM|!}3vvdJdej
zQ}_UXGVmtYo9BXGL#h7!$1m+QAi)6E7E+HbXj#mIn!`Cx-PuZ}ImE({=N-jjnyyJ{
z)fCmfQDx&VTp+rJtkN`WQ8o$WE}JKrB>8j^ZCd8&?$xzdnZAOmi}Fi4n>LQ@3Wr$j
zD0w8eCGv%&#Hm!aAL*0pS5|J`Fh5-$eDJRPY!A`>7u>iU!b7|oDrQK%Zl!$SM@4QI
zWxhb2Y&v6T`+X-%R7y=a*9oZQI;KTk=uG^hx;Ze(uRk#J2KpdnVz<RtuX&mn!6oLT
zd=a!j!6kBQI9E|q#2TSL)dF4t!lJnzrPukj)(tH$IGaAoU<I+0HI^dvUOBL?DA{Jb
z0k^xBn3MaMa<$0&6e%EK;}KQQ`2b-FK%u9K<5l0mamt)jaH;9?yipd4<PU;s5J^eb
z7cFC<Hs%i3d3;M%M}3p(YeM+@Mu+@DA0987r*+F999r}AadqPtPw+XYR9ofts9?=|
z=EdHypJ=IeRY6_9`aE5H>M`ThqH)uyfYI^x&m8v)zm~1DN2RdV+TMRITSKu$;vVfJ
z#dGF{k0{KK%Nm(#+Rt7epqziX(7kqaIeyYjNTL^E2<E|=4lN2VGF66tCZJ%~&j$1-
z6k|SYYn5#R<ahINTD7>dra#2xEMxuj57_<=t2L^?eE0xVl7+r@CNvZ%V!c~c^5T4?
z_EP}R3w%HhJTJZyuKdoqS>i|1M#K?}Z)xDE(BU@CB5m@wtBF@p&aozz7!~Vj)A^BW
zw4t~}(tS$NBH-3E4{?q6)CIc}`0rMydA@!2=PR!NO5<l5T-xzid}oqe{Uy^u)q?oD
z9U_Vj1C|UAyVy@w2SRRsBU`~GbLURoKjL8kQkvp&6k)p2OvfW=@8n#!*#U)crmwcb
za8iizsx@E)u^2W#lhQeOmbH~!NgH`fQ#CG3C{+RrmZs~st6fvS3{r}LE9VYs((8}_
z_ZCF(7|5%It({#dRD<jeA|QR}H*S9tQby6Qc3iLhZ#DUUR+?z+`nA@&W<W)ABHI*o
zQeWbmy)PU4(;CHH(bMw{mkN!4cfWq+%slv4$Z_|-RH%Q?r1{5v0GSmkkZptB5&qqR
zAO8<)ckbVP_P2lXUpF5-Jap$<$ip!n#}ohY+yDHZe_ZRE{EAh;cmLmmUH!iv`|nu?
z%(2tFx;uCNYllg_^dMgIvF8W9)$bp>X%#gVzBH$Z;Mq)tbXG!4PJ}k&_dV$slV|=H
zemx&=u`@?KY~*p;#V$3xn`T#%FjUww=-bK`FOC<J>1DN{BA{i1yFs~JN}*z;5{hMW
ztn2*w=CJ2G3#Nd?2uhr~OW!8}@+(TBiQdsgr}@g6$s;B@njiRo-iU7O4{OX(hF+$R
z>?AyS_YC_zBXIo4#@Obh*W@>}%WTf<E(G#Oyv}#MKrDPDt=V6FEAYwK_v?SNL?6rT
zl-PG(-&<jL{rF0L_~t=#@D^sPjzh?e>{Ql}U!W~2N7j;hno38h2I7Kz^lv>=T+1+u
z#aB`$*fV3W`2Yg_t%k-DtS#zR3%;w`Fm~SXMQ0DFcZfA=?%CI6M2S%~VSaA449e!-
zrD4m$nl`hlLOU;|crLF7r?KdfRT3$9_griW|1fSduNdB5i{Tq~y|g<se)nv;1E2L!
zVfDBGjFaZjbQhEPkb5RVI2{C8jFIBU*UwaLua!xKE>Kq{_4y+Wq@Wjo^dJ50a**cV
zjmgo=021i5+p#s}#O@v)^72$2#dANUpz?`@|68HvG`r2{k_oN+h&XU<_ZO-sYNo1W
z;7ttocbCD95t4$pf%jgq2BLd^$7hD6TW>^jJ4Rf5Hp6LY<#RC{1ZbwT_Yc5vBL#!;
za|B8MhZYW%Z=2PuJ&(fH`@!m8iwVS;fQE53&%L3Go8^y}D$~$i0NG}Exv3M(Y|`2M
zU;*%0<kHz>`1He3fSI389ux?(Kkn7~7WV=RrKSbvfk!#bQ~JwL>mZ!=gdiV_w!B6k
z@XHJ$My(Y1tEU|^9r@i{14g^?wlrX|Zv%ze``_>2Jm-7@WjcCz>$JWV$rLmTnO!Y)
zZV1uXZZb4DSlyZiI!7EEFjlM@J~{Qy+5=&=W{2b!P7ycOUixv4P`~!v6SnzuB~c%a
z&sT5Q!_Q#|Oc~<gas~Co)tv^sD_`CuyRF-3ON)3XTR?hCntTi+U5k;ueV5?b+#-7e
z$Dt+~(;@~VF^r60qH>ceqSTE(mW-Ats@(|TGmLJ$bA;YWP%3#w)Ax3|AQoT^pHh{2
ziTKQL-)j(BPs>1bAyfrx2@(g!e0ww_7jyJBmqj81;g2w0%MF{6<tB{#DLRCD`$e+5
zeHC3&GiclMg+I=!TMxtEmVrZqmIhWvl$Z2u6GVtse`o>!+M^VK^rlCOSKh;K9d6X@
zlpD>m$IuRBA~Pi{!<w)z7^!1HZhL1p<B{3k1KiR1krEXKHM4I(FPw_e!Z|*yG1&<R
zEo%>yON#%HC0BeSeKT10xtNl+v`y$dqRA6h<)mW}I#e>X$2HQILwCjRY-n0Fj9kO&
zo!Mf?5*$IEp=-iZM6{#>wU~u-nKCKe!HyMr*S#j~U-I!->l4AWjfw3aB{+V5mwTnx
zTdpZt;JL}-5_XK$xTZ4-pyr`)lE%*$Hr`u%+}iMWhU<Xp*~7s#_<F}qw~gLS7T*Sx
zPot|%kJh`mDxP4e$r$imP0<4ET}0zyL&alNLA1^$vtqa-y)7AZly8_KX6DD)GDkVw
zQqXg#T`A0{<_{!5J?R^nJltC{?W>(iLVUX4$=<?h0gnh?{oPX^5sVOxIj2Y-db-2L
zNH^>oLlzJ6Q6bJ_q#hGYowjG{SKel99)#<#m8TrVK+0X9;PdzYb`)|B1KV~E(R^k8
z+79jse^Sqr3RNrzxv0}pL>WhOMoPN=GJKBau$#PA^H5@9pt_f}BMxC?Or*HSssdvB
zM&c-o#2BJqu5d8XxCo&`J^4KoBFG1nndbB!JDvzJ&$`y0{0T-UV*hpn!%UmFt4%|7
zBMFpo#5i90f?y~5$boT<GrKX5A#0(a{n(e+7D3{$r$R`hJn~|<XOO=JWg5IkoM*Kh
zA$2qW@34LSKx@9k$Ar%hU;nH&$ULMc6{skU3*Q*IIB9TjTP!f7xMB8;J=-7mJwPgW
zdpm+#Bn6c2)ps=5O(z4qy`*7^XBwrYU7cdpQh5|SYiaQ{nOqO+Wt;NB)He%12aAV?
znJfwVnodsq-j|n7Jbkv#35Dq{Fbb7Nlw7uGO~pj=!dKTKRhjQjMU_z!%Fh8vjuL>_
zzc~>I-&(S0n^nJoa23o-ptEmIi4n$dzp6dOBX7MLXa=R6t^0muYQ4ON7hg|SH5-F%
zV^D%ap;HuMg6@QFR`GAN)PH<TIl9~L)c3BeqLluKMgs?d4I^vRNktU><j!m2f?1_v
z0^Eq1Wb2NHdh09F_8DZf+JkB@uzuK4jJZxI`=YzLYQV*ZWRecGV1^(8{lIS53DA&Q
zNd(VGtMIXBdaDvcNFutj3nl%MQ>xlak`r}<u1$rdFJtuZ@d#Fy&>Qt}Vn%5r1rwpe
zp_8a7ar}{Sb}Q*#qp9%EPo%+Xx0H8$+zV}z59fX?I8{msjVxXg;A0Q=J`U}0fmdaW
z%M~p%7o}dXQE1a)&7}!Qx7l(vgTFqMvSJb2fDgnI1CP{@iMf#+rG-NYr-2>*?b%s8
z$(VApyjwUv+Q|jPp&yy5KfrN8_9Hga{o`0fs&i84Qmyh9r7S<B-sQ&btCQ&#&J#Z+
zq|^^-*pYSd9zq=D%p(cQCEZn!<Tw&tV(abq9O^;(3<>;fQZ*8*a|~8Om8KSpKL}q&
z`}XL9Anv$^W+8K1*EJe`P2C2o#1C4fhgkf<E&1j2-TCDlT^Z+-SwkPP@Eji`EltFc
zJc#$3jnoOkC=^T2o)XmKIv%f0T^EQM9B4)iU=PFHydq6Py*EvzMtb&luV7webkeiG
z*`k^AC72>`2_u+TwA4Gg3s4A{5;1r_sd1<tMX%*gZ9kS@c;Ul*fYjC%`cI|M)WvT+
z5QPHNlYHdQ@=TX1By>@AWVtq1!oxvBnmGqbe~6Uzez$qvP+7o^wkm>O`k82=tF0q`
zfNt8i1fTro<*(y;thG$Neq*LeT5tn2ynV>m_Yza3%>)vJUzrF*jkFna`bSRFPVYK-
zPHX4Z$HA&)!URW)3*oyZCl5O$Y;ZsVHpjmpg?$%~qb6MNY36@h#IDD^kdj=Fd1^bD
z=C-vJH1Oj@fcPD=zy7S*0-P$Y0DZ@l_bX5OIk$U)^;&sW%2wRgcYUN`L;DnjsE=<W
z{>Uc^oIqEq=3voteO?szz?2g`q3m`Tazy1Mom!s83GJNY>sJi8K?q=FOr6EU9$u1i
z(oYy#34cTXR%y~kWGutk%_~jG=!?sJZ3*Sy)B`*M@kZ2_hbweR0;jYWS5)wh4Mf%C
z@=|3eJM^?csDl6p#gh8|1g%M=uP{s+l!ZSL4rf;O?cZqj)PYT=&`ItIFmmro6S+_d
zey5kTz>=2Wc{7zKz02WHicauE5NG`q>o!UGGT&IJh&JEc_5^Fh>j}`)yiNpCIp&4*
z6)(ZPb_m8WvN;#Dp``tuT&7Tz9o>#@lk#f;$JWpL7av6H{%m<{{5Ry{ljrX41=1U?
z)*k6_Xgbu$ua@c6VOfQwihvkJGnIxqX5qY`zL!<su6yoP9-cls73aC_tiwn0Hg-Cy
zZmPamg<mdPb0{@D8u5u4LAucP1n48MB&=Y@ze9xwUprP(djSx@&cM^NzmLi?Hzz{T
zwd`IKn7ekTI)3_^{fv<LUNShyMX@4OCG=B`Mi19DA8~`HB6yRB0#e*QTR)_UoGl!h
zoYW2!9?X=$JS(rfdjq*nFjrfv1D1;1ZnO9Zr>(bbfr0pMuyxwA@`Nh*LG7s|Rih|^
zG;sKP51n2480%kp4CEHF<bvkaKpX=xnWNq6D%$C$<L>B}1SyRVJO&8>2#~?mg8?}c
zY!`VPk?`8y%E8Ltb2ot_SeM+cGZt96zUZ~2lPhuKo51R~d8mT7gl-_Vd#6FxI{Lz(
zNAwS5&qH@~+7i@;ctJHaZi>SXbEN}-V)O3RQWjyG1E3a(F)5hSut%Eu3kO&^S}5ku
zRY{ZP)Zt;r+LbE@o+rk0qEZ)X`U4j+d}vx6He#GqdR)#X`-}e~$b@$pzjStF@f!%#
zM0A)`puT*KdhtQ12g%{62UbXhT)lkEDG<kdZO*l*;oFNlHEjZC{PEfn{Le~3ZRHh%
zfD3*7^iwI**3?b<iT-4_3j3f7obVA2h~pRpY!hzRwHKLO+I3DW6O_96CX%apjhK*5
zEPz%4xnt1Agf1eFZNk<J%KkH5L=f1%4rrTXYSGg_j3j(O%|mx$UQW6}AU$ACnaB$;
zAj8Uxlxg}ywE-}2^SejS;BT84?0eambR=jssx(lxpK`?H;L`J1aoF=$yav$8$X({v
zj;%pz3(A^qKGn+$QY-qApcwMakG5Ob&gMZ}%ZJ|jnS+#Ye(jT!k-StgL&KOWVp*ER
ze?$q`{p>MV*tsnF^A{-w5<syG{!eigO5(g;3!eM{-4QqxPd9o-2G(!-P8s1Lid)Xh
z8O_=g8_bpXIT7x!F-o<H;;`v`!aSZ97#_k}l^4_oPrxEI5^xd=jT1g=M(%s{jAM~H
z)!Svo<wLB+UfJhZ*p}`TV!Q6)<n0w-P6(_~$w#nvgWYRinaTu?Vo{A!#yV#e%R6E)
z(_!c&3-3jvMP=!w+D#Nh@DQ(w2BWK_tvxNWeXUzeIEtW*Yf+u0RJFZG!zHV2k0pCJ
z!t=s>Y1?V>yibz+{toj{ech;d;B4(z&xZF=H|6|5Vcb=k-%m?wG7qr#AIosrUGgzx
zMku*DBYN0-3^$wNuu*d)<lDrvLjgBPJcA|u-d0tb<aBAy4LtFe(-ezIs)&GyYd*D2
zM{I2sO{p7*t3R|5M7;w}{u3veFR#A`JgnJapTHPjT=sIb&$}82$>fZ3r`rze)k0=g
zx??__?jIFg%z%UU3jqrq7}*X;TvS!e-1U2qy7B5S^57B1l3evZ!yRNB2c8XQUb0?7
zMJP31dzo)%vCEhwjQ%=I;@#e`T`aNcv95s71haw{O8Zx&g{D-BflcHO)aRdf`eUB%
zAL@@O*oto4eR3r_XaLi&se5Q+n1VSXr||jY|M<IK$=TMDb%(=pWp<_~$0Wc18x!zP
zN9^{aUFF8p(@B5UX8e!3tuGr_enC}1OO<A4{>L_fCqD8Xc-$k*4LQx<Bbxu|=!!}L
zwuc|vFm&s8rNaM&-X2^57|S772$C|g|67yI`T&A4Rg1IA`yXEsc+uO=K$9kO_>a^7
zD<BsH#3yuhHmwwXr<nieQ8R3x5zyp5XlPRU|JLL|{$C05WINZ-|I^_9x_>VFmo{Uz
zXTqC5V}AeLXJJz(00((x%(d{|-vA^3ex=hFeu0zgi+6qg*Cus-0lJx?g>V0ivHrJn
z-uV1ilGk&T?ybLtOaC=eFCu{vZ}u&&{Of-k@suAxlbJuN4cdQSI{!Dx{(F@FZ<76M
zR{eWM|MTMipJXZayC0`IzH<?F&A4dJTRh=La+&qii9h6PRTQRTZs*N77ra_upDyoH
zP-(PpxmPq!P2E(uDC^H9VX_Y}3LqJe{&f?dPffep4Bn@4ER8ImN8Q;QGSY@UfQ4>o
znZBc&-U}VFbmH|KTNSd8n0c3(qmZ(9)BC-W^WF^i^=D3zAK{f?jfE`ToFEz?&nRE-
zo2GstU^xg+X#(&=Lshl2%2i{K#9yGmqh!2WgX8c_K4QPr_K&Jyw<lV3rD3n|%JO+1
z0Ixt*v*I^8!c}YfZSmV3Vw=I$8G5QE(bWyX2SWF}m|=PCc)I7eo&i4Q{Ia>GaZB?K
z^av9)VgCUrk^@^S*KNMcTGE;l(LQ_N@(K+=IM3gAg>56N_?9O&j7%N1B|mP<R8#3v
zM!D7yYp<~ODckMMwv|2+kmrSR`S)q>Hoc>F83w;UJp9Z1M>9yq4;O|q-c)sTVE0-#
zEWK4-m+F{U>rs!a9I}zg4epiM=KBYDw)_k}Tbegt?}RUG5-x^Wsx`1Tw42XXPYCpA
zZ^PHpB#f`+BCA}!g$|9ZZ{NDzTKFpJ4<p*RclSCtRr=}Cwkb=e;GcSY{bh$L92L#b
zi`~VkuM!%&x(cl!X_8NKW}xYkjCS(y?th@wu`|j0lEJ}+@(zLPNfk~-B@0Pkwy|}-
z-4~rwDt#gC5hB~#^&}`hvLCAzIL4uh@QkZ%ZzZN>^GHJE>dDgDFQ70#3spU7<vQ22
z-um2tLesTmJ?Q2mpz6b)Ht<24K*|Nu75O)N1$W7v(xJ8-aeR<8;an&8P=_&{7#5Lr
zcWm95#;|+R-WuXB+ca6xQRq4DP{`j}y*=TBw|HWDaT`5>$=k0L7gzJbWnn{}9MAnz
zN@^AV6s=)Fvs8EyOitAv+inc6dMCBSs9afTPIzJBhAy}L*a-chhkSux6ThDeMg^0=
z>h$>OW<I9zmRsaX5kKtP`brlpl)Tt{1{?DDC67=99PI5s%rPXCVYlA^KpJW_BH@MO
zJG-V?k6Kz)Nxw&EB*l|n%&u&y@`OX_{qyjBX{dGXodyrayvgJCEM+);9kf;&n6|yy
zYCE(X8xpz<PgyLQpyea@2qTm%uUSnvzo8<^dDtZ~;l<}f_yUSEyUDjV8SL#&ACo1B
zWtMZS?E5~A5bGrOg|b&(c>ykl0N<EXG62{5M*0s~UEJEjgg#g8;e-w^HzFbl;$`L<
z6fB&dKp;PeiTSANRncSP+an+ux<!5ZY_*8M$YzWJZAG*STWgHLx5ELMz&$v3J|e!D
zj|1zPdB5`669Qt5G2_zkwAStVt~S1j?X)ST*tQrSYjBwhSJkJQj5sq9t1WXF3&2>V
z-YFOGZd2Lc=gDXe5H{YFjp$vH7(#zPd0@0?o$OX(7Bv0ZpgD~|rLL57p@cY4#-M$x
zlcI>QwVyqU@Wvq?bWuEL#dDQOSQ+hZ8ly@{OTxFJytdk%p8s<9OD=8kvF16*NOXE=
zn8f%6>w2f$3@XmcsUA^`hxDJb9+QW$BmyI_3pL1g&BqAc1^Ng-fD7AoFD*l<dJAIP
zrBkux+iEg~$$zNuylfQw1xD@<<1N?f32Ln^k~^m>pl}n=)i$LQaVU``6nWyQ?_Dsu
zwX<+;b?#$AghTwcDV=&El7I4wcTVxEI|@V%KEV`@7tzH&#=PM|ma`XbeDj6!@)p~x
zyHdTS=`LI#JR%FcH9P$D!?3q(rX(M|y||15MOT~tf{~jrAf&J7>wQT1Ku$+)(<s$>
zhhWQ{M|F&M_~u+xNxqP}9(BsSc`K1zUI|_WJRV~t=eQ2=BqQ+Z@TRU!H0_$g7YN-{
zn;R%f1A)j0H<`s;s|kcnuGM~tB&i3`7kHW^L)pXoAFt^C<snChFxI5@bt;vAS`=&`
zPq3OMc*KQ!7@fgJw<d?pZJO&4=&6vM2F+QMt-EkIG@V-V*H&0fAZmN9p|u*!-mq9h
z1F@6HZZPA`IqaCP<%yrj(Ct$g$$U|qc`Oln_42Yc;U#xR(ABHscNE8zgjEa_{O(G1
zU3Um=y^o9k?s4HX07aIY?Hym*o;b8p@4og9XLXs<jNrV7Dv82HXJWwgbT4efCf;|Q
zLSUbOa7>rWmw8~qck45ueG5l<_xH*P5*dvCqwszC#dUxELhzbR9)1%esLByPT;?I1
zMM7Lbp%a-66Yn={pM8++i2#20sl*eqq@1w1?y3#ziY~*W;GqguA4Kb?e24ZC@Z?<k
zTDs;pU&efbhe!ZpgTJ{wH`9@uRK6WzS2Otm9?|*mgt$Tf@rm?azQs`F@*#GY&_;ag
z+;+>dE+n!WaG2~X@0(YUkF*ACIRMB(jXQn7psGA$1f;w0Qj}yn)t2V553S8?@mlm(
ze_yOQo1!Z`OD^ZQ+A;c8Hc~okw`=6Yp$k&(wn0lP64lMdq0fUIzJ)SUIwPnr-z?Ql
zB`$(`H%Cj)^}sI#4|amx7@jny`6$#P__I(`(}A;x;&o;pSs%fvU96|n#Dd<nXl~LY
zU-tKGxoXhK1}~CZ9iFdfUPpZ#*DjDk(nP>+uf5#12uW%Epp<S2#9Oki)40V;J>4y7
z$>L{g-QdmlM$O9!+JjptpZ>UlLr}A=NG|c-_4jnPA5jW>FmT*IL8wdJB9J#!xbYZT
z`{{>`OqPT=+ElolMQsn_M~kBmP{(7X-B-l7<!3qBo2avpjU&tZL~MOhTaUVqzZdz>
zQ`$cvXRTe~@Max<*rSWPci&mK`b`*#MXkJD9!6||Rwl#EYC>Ig$~T%~wuSVl4BIBp
zcpW`qKRZdgvR+@YGjg1gS1U7~3r7!t)U8ecW<?1%XKyaP|8`o-l_oou#Nj|4$z!t!
zxSj&>((7xnl|w=AgnmKMcOPS~9Ev_REED;G7yl%`z&YZ~f=@xrZRAoZJZQZXQ}})N
zcyoe=-k2{IIyGe=xsQjv0D#CkZLruyAReZnv(l(Pm5*Ey3Sjkc?BfQ_s+zdjfils9
ztd?DjGDBq-HQ!d^&<(vqN8BbPut>*HAe{FIxu+DFSg5Qn2tgt7eD--3&J37h8+#=S
z{GQ2&;5-!?cRrvwTIa2}E81eRN6kc0@u4`kz90b*7im@Z(v%lw4Bxra<k8-+!AfO^
z@7N#Utk^cyWiz(yyA8W*0nfPD29=s}AaL;?(1yE$L$fEJi*Jhu8kGI03>veIIyobY
zE{RcT>FKSDYZGoQ=pBx0+pV&aPL$etr=TsqQyK;@TbwH-@ms^olN)}dqz84RR{80m
zhmB$~x=Ai_KkWjWjdDU(5k32ITST@GbG81IKyQq%;Lu>vfVhaq7a)ANgzX3Ce+3cq
zi)!^IQ*8qa2b<oS+lmNVdBH+qMk=W69Z{_HHG1mxQongRzZV^o;k)f!nrGuPFC@HN
z71ZN5UZQ_Y8x4oHcvEXZ_<)Ti&N$b@?DfNV-Z;4Pm0t1fOV8n3-;7<S!ym3BQnx4h
zDK#f0UjM~v+dM^wKsTXH3=!KW+WDS!j3J8>xS3gV9hE<P+}|l;_;R)|=Dpk22j0S(
z7~%zs)vXnEx6)K7?CyFYeqg0&5rapZg-Lywl3H9bKlvc|$rx2HGc<BJBLOJWvyqTs
zAQ5_tFPK(|!;JTU5(qqG{1W7LLFwqNDpiT?tOy75Mn5zc++Hn6X*gbY>O!b6N@Uxc
z_y4i?pJ7d9-5)TlfP$k4=m^qLR8*RX^lAg?0!ptUy+nE^A`U8DkzSRiL$85Q0wSVx
z5+D#tlomn=0YXcEj&uL#9-W!@+xvWZuKQcAT>I>^);epi@>^@~O_zpk@%6K!_x5HP
zkMV8Kr1rlFKiotf+}|8HDn-rkjT$8?6pH`LaVl6%pom?@JXTh&H+_URUS^UOpBEOs
zjswH#P)Yg5ycC{Z+un=6sBVvRH=W#Cstx%~Fwkq?KlIlVlXvgzPbjFn%A4Cp3O=i!
zk>Pf)iRZ_M@>h8tVqSdw>Fg&Un)E@=LhJ>jy!L^zeB)betr+!E;eiC(fXPeGm^kC~
zy>OL+!EC)6_qAUhIdoh=`pJijar$lr`x`1w(bp!WKA(Ev%Z+bRS#QXj3>po+>3g(i
z_56HQr*y=Q$~XHATe;sks3eVF*1n_kHAWI0^A<7A3rAbWa1$BRWZyE8c}L{gUo_nu
zV)HhvVVmQdcVdKHc@#YyiUVCsxRft;L|$IM<Gji4aWU@AH%o^z*cM+N@gT{!<2{Nt
zq72#|S<5tmAE*96Tg`5A7B~)EzV7WgdV{daIbWC*ZSTIp%dII~wfk*d)tCgO6V_|T
zgcE1cL#-bp5_V$qx_k2i$QB+qWnkktduLq4xQq1heQMD+;a7L{dt6Uz%jn0)!n``y
zJp~BSFbPd-5jxw7o;>PGYcDUVzJw63nyJj8y8ozcj~MU_xbOMp&=@_KDzGOf5Li2U
zG~avpMBKQWg?}^5s8z6AMkTm+K6Li(q@6N%Adl_CH(`_H9Vkxc*ZECS1h89!m3mWX
zyMsn!?w$*e=t&Zv5?R-R?LzsrXz?j1dx(aK&B{0Rul{4+`>f2@evPPxE<+#f8;d=a
zR6w6wJHc2zcsq<rV1?b(Y7GYN;jvIXQOpR>m)Ydi&T%@<V1<0|(&(&jc2hNc+DfWr
zhD~oI`|h)HQ9&oCV>VlvhuMRu3*o|h4N+B9ZDfsujCY0q#L=$M*pAV8X13$c51)M9
z*}fO*e8{!rZS!4-&ZfqeC3V_6Sva=(lg7(A<@M4}M|*Dk`p~!{<Scg#j`6N{9Sf%8
z;!tTjz1DYD_~!3$UgK8$boqgU*dhf@o7gDb7uzf=i1e|DOiTM<PY;SdRsPLYH%>oZ
zTgq*+ooA2DiqY}8qWW{v7t&b{>KBG!@T_;MjEsDG^35pUd;5#pbG&oZSo7Z)AcFeW
z#oznX4;0+HBlemz>{Rg`Y2mXE4!ykaJfPSd+rD>PmmmT!(E;w|dcuC`>_tKMv+cjV
z;=Dr}3V$_~C()WSdoDF^O&vq2Q}M^7`xmIF(Dw^u2{ibt_%zOy-*KRL18eUz{?hxy
za|v4qxmbFU(>YDt!>!mj)BQHTya$H^tUok=vF%;a8hD_-P#j~*qQfd27>2bBztNZO
z1#6wicDDC!6c<+@F1#pXAO_%7kc+wv18T^WZ4^IfX{tOCee83VJ?a|LbZ(0km(dwE
z)4Z8F5Rq>M>~6*{yY11xfw1XRe3JXD-H>c(kz_usWOEp-Cii8%Xy(f*1M&d6`$?s*
zuqO;n3cGYk=8JBn>I>dE1JJ<fC6##s1glRl3ra-_7vz5_=v~S=*YfnU6C(;bP?I#g
z>kUC&<XGSS(pb)bqohjr8!y&##dsMDL&;zbGi&D-KcO_7|9yJ87B&9h2hrnmY8lAM
zt9g%5hnAWVTc{p|@ZCA@9Mx%>aElkB#kp`R&c>*%UGlJ$QwkAW-7&S%f|!f6C^&GC
ziG__*MDy|YAEo-54r<Omc^>8Orumj+=Ret(6$Dy#xAcJbd-WII5&7|n3TT~HyuW@+
zwAI*F0<wrjbEZ>b)rt`Q`3w8B{GNlylc)P}5#cv;GtUS%>T#f4%dVPM`Q5DAjn(I}
z_-Ni;G>2Cqbf9P68`P}<b4e-4t0-pNRib~6)V=iN3w~h_Ob$m~LORl-W+Eh!eTmsk
zY0*z~g60-=&g;ipA!K5dP;jM<q^xLTa4WPiXpT!jn_ty;B48)TlpJF9o3EH~D_Dvd
zp@0wV++>$MBYwuh`bkx~mzb;h(bP+gxm-=tQ8+?|j~0G&-|Tvz^`#8c=lqMe-;q!_
zP#Q?gD;su@Ge%tn!`nArdDU9}@UIU_{a#PIRrb_AC_JZIf2=>|*5=&vtWWV6=!S8J
zn_uOYLVI7F{bgCtqK~%%<HLGH{X<%?TDaFB>5qv=gUR1G;G!+(?nEp+xF;nXfT?EO
z^%ytLI1?9{Fr;uKfjn4V360>Bp{AO|L&MOuwliy+&tro69Vu!h$NgXLh3;yklJA2M
z@P+;Kn*&usiiP%2r3~IU?j`?uS!I{&Ku-uUIxxIFM~E?BKvxxv>Z~Gt$`V^r9tHQ8
zq-vFd7EfHMKgMUF`|ehz5IW_#6+FW()HKUmEo^(mOS!JisB{@6hu2e0#tGpkR0ul4
z7^_v|9I)=RXtJ7dhj9aKg1_vdalMxm$H|hUB$XZN_Of+j%R&6>-SMEml!lFSMW2ZY
zHxwXOwqf&jXzh5*!%uu9PkjAS=hY{f@ARl?<7St4;-x852F}AOOAbqTfl2z+XA*$>
z4T~ea-&A#xThHltxy2hNUIjhhqmP%Aw^XR!>;2Wyv7}Mq&ZKwmAR-M(KkL0e3rgo3
zO#9ka2m3<nP#(UUG$OuQtW`PD$KHB@=W1lGtD2Tl@<oVD`0;trpuMxbSjI8Z=9g!s
zvcoNB!FjZL)$WK{6V|=9h?7mrRuQ+sqXK7pMLOkkK$E4BGwGnWO@rM0>9hBJ?ji%w
z1{CfyeH&b&i1eH)^TWTAx3eyJXSm+eY8GBH`rX<SV|(QEf=j@+UmHt#tOMTIpu+>Y
zrLto|Tr-UmrMFM>5L!aew@&lek0$qa`)?rUQtFhZwTTjA6KijMyc;I;tyCCQyH>A%
z36tiqyFaHljsedm2A39b(2P-GM0VY&oaPsfRNIe~YaZ8o*Vc3^S6ltmmiJp<z!)+u
z9TA8FEp_P4(9)oi+Xl3gNvN`j<2`kmyw<cSQ_JeDaO%Eq+Os7ZeM`JL&B1T!RJx9n
z|BL6VCw}E>7K)-;lC+Y-Gx+a(ij_HiQo$;r3(CBUIx`!wqjdh)sB6QWNucPD5?gNI
zeIj${m5uWABZ=AAP5iUfAlE4SVYPreq=*+L%HOyO{C#gC)2((w&8truemhlQl;-)!
zzv`4=^p0N3Iqjw8wDIYW3zs&l=CsGwllUt?C19ItA2cYMjg41DB;Ed!{7xZ?L=sC!
zIvx0$K(*wnY)4jkjV)>~wV#Z4dhAqbb7C<Uk#y1Xx7&IcyD0+}@?aw(%Fj}Hc|*-V
zw5YK!{Hj@e7}B?ZIr0B2SaAq*^Pgt{{KuMkh>dt}jP&F%q#IF!i2Uh`SKP{vFs^H?
z4t;_Sd(Sk?mhbc{h^s8uwD+0!IR*JNWQK;!T*743DC7&LyN*^i^=&!t`l!M*SWlHL
z=5TAp^Sbd@Q7W&Bs^n{@oU9-Dz29ZvB`77>xC$?za5{ne`i%%0EjDNUvck8^M~TUq
zUru*<XT8Y*ZJn0vJ0=jYh;{xn!z(6a<1^Q|X%?Q2ysWX_y!m!JIfA*d4>{lz`gBD`
zh5QsDC7~c0?<|8*xlyV(%y#+gLn|3%$gB${MvqN!$Bknqyw^`khH_=q2OK(nO7}}r
z^Qc|JyRNX%<6DHR5dW6CD~x7(nT8ZCDQjgkN#g<GL`1K_c-Ru0+jzIAB=Tb-AJ~_6
z$ocSm2WdHNuyL8pEvuN^FWcf&bH-{cr(F@rnp}5r+}jT$C<hariQ|qoIi@R7w-JG*
zSmW=f<7<iO=Od0n*wAMapsTMCeFG!9q*oSVE)buZsdc3Y{(_smlDemP<Pt>JUR;s#
ziQ;j5WL>o&iOikeh`N;bS>u7r!ce%NrHi-L9bQ7YTUtt8%k`(<4Ky-aXDJfeOYfB%
zvyv8k|1EirUq4fZ+SNFXDGJEhhbV4xGzs?FI=nm&pAL0+D{4LFmNfigwWb!T!A1Rq
z!@C=+U-&TESApI2;;)BkFY>Q9a{Fk_ZjX|t*~aCPi;{Lzrd-9lg8ipI4XP~AgwJ2F
z^4ye6Q$+8#VxP;OpEIEF#^@SrT~=?+@!W*TZYrHtX!k;Ww~({us>wMj$NQIbQCkLS
z%T3jG+~<?#{g-J}80(<z!fIgI_GZeN`Z7kx72s%JQz*wY*Z=v`?~b*wo{g;nx36nB
z+zHJ-L+@67f=Yi<tV9G`Xp4-^;JBc-PET3gxzZx?MwzXGg=PGpaiBdg;o^<b=9Yy{
zfpi6Sv%`zk)0oVf9?eoon!CF&8vO`=RfSyR1b&qtvf9EOJZ^$MyYb>tMM=%YAjKA9
z60+z*sNQu)>uyMCUbXXSWO|{eUsL6j!B8=_WnwGT^_L1y>_aq*%e8~iI|)HO+Zlfa
z0nt{!Ts&f;H_ID<PR+@)xKuehgT24{Mt;xA*>dcIk7xO7XEz+#+ZMFFBI7&}q=(Z!
zjlNcq6j*d&b*w3Uw^pa)`osN3ZnNH6>s9N4iX?Dl<CnbPwmB0EL5jDx$lJz+rlrVH
z)NW-vH%7H(Z*9@bx;`gY$1{@1_hTUPM?|7YVPToT6YF*ZIQKEId<lD)(8Q460mK_m
zIh9)j^E4bSdGV?cxO_?mx|%c<G%ikPJMw2F^Pi9=n%5WzXhiKA4d*Zz`-t;M<&LV<
zf~Ddzp862!<_ga|Vlh)=_@}0zrd|C%0-*m!LTsFw6HK#ZJIC?Ke+lO&3iV$+?hMl%
z^Sb%RgQ$xm_1eh|n}<D1NXvORf9n8TI%q+86OFOU?c!+&nv>msk5&I^g0Z`rIw^ef
zD7ok_N2ut&{*rgK)C>y4*v!`DeGg*6NG;=2vam*r!SoJUpnf<zY;SdZHSxl9<4y6C
zA|o!*T`{aBc*vaM4qn#(dypwMwZ5unqzCx>$r`VL%vx*~#!kO1FVM1HA<Emr_i)Gv
zDs=e3Eb{gb@gCs1MGneVsIbjB9(menIPLQ)Xxf+fq;}kezc@8%N*doz;VAn>%*D3~
zHl%Q2s<#ItkRhc^Y1T;(z42HxlI>RBPC+i%8M<C-Uy4LWs7SUi^1#2FIN?0R(VyNU
zawYE&%LIaV<{MkXxsCnQ;dI`#WIFDBx|us-i`~zny@z8W@8N7&e(0I@{Vm1?%jF{n
znY>S~%tiJw%C7cB>Q^Q5%3h#t4s(<O_jQ$T7txaSy4CkDvgi5lULy|3%6VB0JKxME
zy7z}F<mR&e7@Yu1P#2K&<zpO2^bJLxWce<9YHUU=+9h+AmG}uWqUNU>28ZxD_orqy
zm-&=?G34N}Bd%bdtV1kp4HBHun_R5;{N)1B`j{GHR_l4hzORN(b;qs?>2Nm(glY$s
zel~!nqC83}hAG|Z`apJ}6^6qH>y1QwFs79DaNAy4`ehuO7mNmxGzZ(Zw(F&frK_P4
zaVF|FpAF>iqP%lr>&{5GZR;w3-7xLPj7Uv`(kCo&<(E8egUM6x0wVL@L{3W+3<f0$
zNQe=czBgeQE*Nq{>6zjhyLtY7ax3ACSeji#aHU*-Q!61@pOmY-nj%~his7{yViYAm
zD<ev`OVMau+K9qvX88S#T(cyIan;}~%)a2N3U#+NDx-9{E$2<m^PkilTKKpVdeknU
zY(_o$9W7#{L!~4w-ClWTZAvsUJ?4$SbjJl63B;kmVh*F@3*bO@WA*+dt?QX^S&^Zt
zN;?&egx5a9r@7>Kr~m3W4A+w~`%s=ir+6qYuE@g63Zmq7w9~2cZ?TI`yGE}0;kU^+
zw6Ko<a^dP^_pZMGu$t@CdJKm~U!b?Nfsr~bBL8~39m<UcDpL<VygXUE0H1|X^q~83
z{O}jrgp7`cv8M|*41_S|%4&N9`i)pwy^)G)wTeF~u%M`4#);B=WM)8i$I$6hk^xtG
zLBw*;(#+do;A%imKA8s(ts-iF>#Hq@q?ZJ2yexy9ZZh&ao6otz!sH3|Po(b6$>xO)
zol+{q7sSjABDzTa4ulv(32^Wxq<%}czqnp%-!fbJ8FW*jk&!>W1jEbrqiH;_n!6+w
z`VxqqDbJt>BT}de<LUClHvXljGOT~6+R_Q*3h?Bhxy$XZz>LK<aRgs^_3H`pr&aeH
zNqGrJ5*ZhvM#ENfl$2M&)FLAj@AoTQ<Nkaw+`peNe4XghBFta8R~ayO9$8vl(e&U*
zHbwfHJ$+VzU3gQ+N&y_3$R~HXoix#kg^CXi6mZCv)DuZNc!ZdD3pNZ}Lkl+0Q2yFX
zo!Zb@9W4sS_7*Xsl-pm!+PMlWH>YGuFtgnJxS!0ZCXzFAi=Y(DF6^o!66w47TfhF7
za!|8c9(6$vz7k>DK#OXyefgqO@ku!-B5*ul{Wh|g=+AlW$}?-OnOnFFS0O1yhN|=7
z#Uo{QDeF*5vir9~7=v&;)F8B-+^Zj|!Nt@=aC6NIvyeJ^MO#_p*#fIzs8!f%7KZ34
zn}$Tvm(Ae?^sT$ft55y?GIzqPg7I>Q4@x1>rKVPdwlKR<!O{pet{kMJFcV=uWzJ$k
zqwGm0BW)?3?)?H)w~xG<qys3iQNMKk;<?Ct4P=*)noEE(b~_%f!Pt3t<jq+TBwN6#
zXh7JK_zr^1QtUgR+-qMYNi)mB+eFeg2Y+jJT-_lNBo4n`9&+?=I2{pZIqtjgalbY3
zadV@*zmR_1)R2O`zfW8kQEjVpa*D_1zP!?QrYz!RZ$TPR+QSCe(IuWA{9QWA@f+20
zw5YA)^9^FzzFCg}gjV|cl)HQA05!>SzI-u74Rshza|t8RIJQLYU5>H$B_c`7S>m*X
zQ8Bn*zr@SK+XV9=aosfPYCZ+-uF)cKJ1})n-mc6`SmSNP=%`qJYE|1V58#-?hg%)B
zg?{>s2cj<nw!Zv|>ba3z%>nhfAmmLxJF9g)y<)<0^*3!c8~10z!Dew&DWhh#p;HZ8
zzu4=hL93knItA;cif*57ST;8siXP$VC#FY9)NjwTM~}9H+h7$zt431Z7Ll#9$Gt-$
zMwb+d5k`s^C0n<7^pqYOX+>E*A)o<>H8${fVXp={M3?k<!T+(4<dYh`A+<A-jURdV
z%;Ix81z!%oZ_9VRI~O(^dj2V;ClBUr(aX$~XX()SI12k%E%-C~szvj_yQHq-i>;$3
zl!uG1Bv2FRQU+I-56if>w^MJTq-=?HB3~Yz0z<;lLi?`W3Rm7%d|p@aw$%0CUY{+0
zjd>0VyJbMOUT+p-9Y)^~TLPKgLJzfU{C*YDQnDm-RN2K|`~AyF!XN~lXJ+Y}wcV(y
z5<bZ)oUTbupC(+24&0`Zc<9rQeqjtT+i>~xiddDjZ<sjQQZJr_&k?KEdO<&Xyt|Sj
zHB}QEnVLtLj8DpU+z_rmE-Den{ms~4QuoQNoWPC3tycHJ)t5?lg;X~i>u$(uaN9V{
z)oo8<?7Wu8Uw7p7GkI;b6N;z&TVC3!iES5|OWBX4%U@yD6JDMw9G86ZzJ(|;IOWQ3
z)84EqBo`LImy!B=X7qcmmCH<+g3y3fgzNIva#Hj&VZAb;V2AgvYAr;@M$r+Vs(hH;
z%cAjW$aqcRmzYtdcS*0*4XlsF<@v(TV0Vyc-QL^)pE%Tnf_<c6w}-iHuyq_*=6TS^
zuGS0(l^fXfbaXcJI$K4NeBd^A*M>j_YN{n_!BdwjGcq`aogbfND{vlp3>+lFoew+a
z){|-izsS02?DDQf{yb)OCQ3r|KiS!zp_cBG5Dw1Fgw8V*d@jxu-2R%l|E-EOqxuV^
zNoU|*Qr2@W7CCQUL=RA$lZ;fQrj|+@Y*CkNFv?Z~>t3h{YTspd0+7(NW$mec-ETnT
zYhSZ18OInKsocP=Hm#gJ+AxV(-BG<Ta-ZdGgVC5@(ko%{C6K;E+t&zh^&JR0RHFxS
z?rnh4v49>0k<#Kp0Q$RHM1G@9&&&T3V{Q#<x_<LZ;k&@du`}VXt@gOCCJ!;|iE1b5
zOG+j$Xdg-0hm0^0i;;67;)(kYA42yyz~am%wX@wM#nHD?flraf5ORNc)m<Nn(9cmS
zX~WNRqBe1LhW;9*<Dm)=Q2(Do_#<8^!~vN?>ri7*sp-WU&8q8y3TIo1NbqM_4%Sja
zglFO~-W?*SV8lfhszDxiucD@rF!o;5%aH^6b3x^aeaCua4ON?2?!pEYbi69n=!^bJ
z5#(#$&{5^{8&+3X^~Ho5LGR^SLprjo8>|U!Vv$s!9p28IfLjo_(`x`vw-5TVjjsl`
zkW01{heSO<!oDLumv&Dnyoy)XpcE{-`h$H~xj9#unD&-XgIsI$t<rczbT}bp-sOE|
z<K{xITw4S@i>G9G%i#XrOd!s$dqSH*yZ2sA&BtazIW5iUkvIcfk8i=)OLh6pi0mX4
z*k^X6G4j#;yN*YaSeGnEjAhANL?a1>J8M~<Rs~!N&%GQ&mk#)*esY8L?Q9p_E;xHE
znfv^Ww>^*>#|IT+6Qdiuk58V*xAr!@2cgwNn@Hm=55M4?^OmC;Fl{;0b60;}kDN@i
zhdFH9N*HDr#=4kdnxJpD9met!cj8o<^=!8`WQvrYth^iME0LMkauSz<+(Q8=H^Qpr
zTCcpdS7u+u(m`6h(SVKW%4dXLroh3SdD3Bb-;*Dkm7JcMa?lrQ1K_+o8G)i+adphr
z_z;I9naM!z9S~G?lYgg7^nk|tMmwU@Mo+;?V4>M`NLs<Lb)~|I-^EI6@>ks4BZTeJ
zCr_CoVrP4>L|}!Jyz^LVmAc`YCqxi(2e+s^GfUI~*mp?g|J;+%zv4gh*?XaKH{rfs
zD=qdY0+t_A`uhAk31T?;==R*#F~1Rxs#$f$y4hUnW^225^zHOJAWY7Nd*#vX{xjYT
zo5L4<EELa69&Vm@Nidyu$q7t95uyO8UU90nYgZ4>O;3kFq}z!du7H`_Bq1i`D~DPu
zdvV8b?7UaQ$%Lau!Lg>k$A65lGd+Mr^4`e_A66zDYN{!CSVk}G^ICn{SC4_oTK1gY
zV=HVGdy|aj?Wp6=78-|t_Zct~q-#At8EBU?(cm*_d6eUA5`IO->B1DKLfO1ZNo_4A
zna^j)tUYwBOfZvqdzq<fb>}QwIBa0@n$LZ_Np<p}iJdU#?fA~IBWx9AL&Fn4P!k|^
zFxVJpgG5Y?-Ejc2)TMG#C0^Y{3^H+nM+nk@-{2ZVwni-s23w(uBL-oTz45%0|I9rP
zM2B&4S|Iz=Mv{3=z7{aTt`5pjD%>sdOJ;0ZaqAQ~l{hp$qnG|;rvGOKIdV(WVV32i
zDHEP6gx+KBN5kN(W{Uk{>bcD~n0`tD|Ia_OGtKe~h5l?7|KdpbE-+p6{&9mp=l^+N
zB7nVW9ZmkplKgjMAv2J52|g!`{59Q=14k~3)c7=P{2crLcfkK%`~!^hU8MgL^?!Ba
z`;Y%A*WVWN|Le;M&Gk$jn@NM8$K;Px-IT7~Kl?to+KzpCCUl|4Jr4wK{6-p6&vdO)
zLaf!Z`%DgIi3z@vQpQcjV(_6?95i7K8&8OGUUm3%{*s((C50UTQgEDltqzn}B;luc
za&uj>-|u09M$65I=b=cS>4^2l(xV>VLUDnZ5^s5Q4fajx3h5;);bm3JTEZ5gj3@6^
zlA_z*wf@3r$#qYUD)Y65_uBES+50za&@1Q&z(UrnzKxeii3<AS?w(4BEOVS1Q&n7l
z-i|mJj!)sv1g-m3Fswscbb^BWYFUeCgHe93oHy-S7jqX7&X~N(ujal9Xmk58@;O}i
zjsM!TKYwh50$vAWpp1Xj5<B!V-O^+8S}>jVJ%Sm;gl^SR%33f&SHF;Fp@BJzq%l>c
zwN6_E8BNpbmWqwsFeZQPPUg>tV7grR!3uZ?CWt*JV&j{(`^V=-@XT5#{&WLu3;?2J
z#{w_`$`e_s0g1P5nyzRbvOo1U%BSQ7AeSl0Ks_~oH+4xXmM*oh03#R_)3FT{5=+v|
z_f4QHYYQg8S>J$EwjoN%6GKHnjH09|JaUCi=8+~Nz~gudVt*6M6HISvG?=DZv5XTj
z;OaKA7T*ZW{yWwo=cV#6X$lV4i#k)elQ_<w-V@UZ+ey3TvAwd5fvM%v{TLc>SV2hB
zHt{ze`%A-4p|0MCKa^7YK0O{jqK%(kI}Y@4cB$_BhLKTx<?@uUoe!nV8i)rDzE;Pd
z-roxhQ#(H0S2%h<R8xGeY@FHF8?U{$K8r{+&&xwy6`7idwE7wOwBqKpfOsLWc2hp(
ziHPqY%y+yC&6q=ZE5q0>h3~G6&O;@C%ars<v3G+G0%+3(OIoq4l<qS@%7RY1+-&LA
z1C}G>-YdEO_cRQGsjGYLK+b4T5JjFk*KZvThu2=7jtJbj5BI7cG6}VMf&eKTk><Da
z+7j7SlT^#e2d8!$Y$B4?h4Q1K`m5o_V!3(i`@j(lO1nBoB^3$hDCGjJEjYO^arcep
zspXMk7~@9wdJZQ_y`frLThrcku~Go|lWU!OEhSKJbA!j84xIXM_Ne^Yg9Y}9I4@NI
z+A4ZV+Po2QQ{)Mr0-z1hWlV6fUUi$yYy<_=Cl4dd7W5PQtD!B9!g<)}=$iMf*~9_0
zYm$2<(xs*K`%cv|{Tdy!S03(KiiM{vACCH+F>#?a#>Ff%o!N14tz$X<L(tf}QEXK!
zBQrl@nbh#{L42{lp~~CY-o)YPWTNZ*GgHMB)H*ZjPyPPG&D+{Ip!C12%|Dm@fYp9f
z+ZWfrXjw2^3}9w5-kUKyTVCI$;M0UQ^C<fu`V04A<|HFVzpSq4W2j<=yyDjpQ~0Jf
z-qesVaFRnuIAYruh1EVucLK)*!d?c=MIpwD!jrcNVg&};LSQpXP=Q+0VEsXJ9WIxs
z6jxp0ml-fJDhJDh%qz$bA!}gu^d#lK$h#H<g=GB(y`JybJ_MP#6TUPe<8ozKm8g&H
z6gAX~mr@1)0YG-uAG_?hNaIk;mTF!^1#CNpmr6@DJzC8l#(_f_qkFSKGpdzs^BG$<
z3qIIVRsQwt0<`6gp6|6^Zz#Uwy?uUGIQ1o^_@Xcuu8lU-ihXx-SO?TbGK5~q5aCs)
zrk>~<%GHay^^Wle6ii%OTiyNMvQZQENcj;#kpIR`<nF#BcDlS8HdW&h2<uJa&sitU
z+9Sr1=yWOA*Wx-uYgKC;;g!A3wbnJ`4_hyl5(rcELEye*D)B|bCK+v5zwG(wtEEc1
zC9+?#{?;#Lf<%fV!RGM!D&%*3;gVk6;1FvGS3!aVhPR$iIBXG(RoJ5|3Hp9rcTalJ
zH7!i1?ge0tKwcA0cu>@Ne8X(1d+A&|!nH`NgecWfI$-6~SsC_d=398ll&f&=amBUQ
zzn%$ic%-tqLW6%eItal3`~`L)*tCGp#;(QXemY4ZjDnyEXXo}tBE=htSJ2A=LF}`5
zZMo%%3wwLC_BIGN<HHT?6r=6683VTTy@X(WV~u?R0F?F%lFI^-bgQW?1sKg#Hhg6!
z{xY+p@bd7p(`>DK$$Lh-PsJ4Oa#d^JnarOE$XP!8A$z?VE1!m3AeM)16tzUxoId7h
z<cYONi(G4*p1=a2Lb<9zc~zTNc6gNzYzn^dAeFV2@P++pV{bi{q@Xl&Y-bw)QgjsN
z$T&FWdn=1~-8a;wzPmlHp(S#`9pgyxwICGnbKfdEtQ_fXv2ySyU#j2OS&T3(3kwdq
zTg`;F^&C7gXBXLx#{xi%&cYV>G2>DE5um0=y~zSIex_vgv|uwr|G1TrD(!9E+M=wq
zAq8`w6|PPTxQ7bLxCy_n^wc&8+oKmE@P-KKXtGk?5z8oLSD037r>#?zif1alPEZoy
z>;@2}t^ImLri>Fp`0TGUz!g>#(}eU5*&DrXoA*gZ8vJR@m`J!(xNw?K$V#nE)m!Z_
zLc8O6RSf{SM?|#T>y1@XY@1)T)>WjFb3i4tdn)p?d9F=b?btb`{e&Qkb-mYNlimeI
zi0j(<>Evx}D(q|rI8>4ex&M2J1R9f)s;k)%C@c3y^g#P|nTGWFGiNyy4+M>;rRyPQ
zxBIV#x35Vsp3|aKBW|HQ%9yv*jf}p*zA_P;`s*9%LOIM7w%>z+GGT1jlfK%r9zwGn
z*Xl=+-h<(UyH&=oo7u|ln_D%pXv&=CViu~Es6tk+cT^v{=T+acr^{nz9Z0%{`+6Na
zp|Y;SOxZI65?XsKtHw;LDq}gjJPilmrpW~iO(Bwlrj%#*Fsz8Zrb$tlIl+)ZXo;*Z
z`!$B6U%K@nbU9W9PHb7zDiMqVu!BCx$H(0hDuNb5gl0U4Um^Vtd5ck*Lf*}4sen2Q
zHH5B{GOXFloqEC<8<49-VR?-mR)>Qh0JU5g)t1~_WK>+T)p@;P+{{+Wx~)K+m*gHg
zcR%WugE=o-D<&9xiI8=gEuI@j0E+0bCyvQ*au4&^y3qq>Pr0TCKKNRC_4&!84@B0Q
z_@(XyQ>kySuG}^2(|90KAu&AND{{vM?FKwSh$)@E$MLl1>v-->7bCId;a3;AxFiq1
zexTu-I}K{SBG`r=T2hNZ9brvVpW7rJ?H4g)$qHX<bLM5UcIXK0)0_mbdeMyMq@Yj%
zO57ej*+{*?i^o|}YB&b$TQv&2e*5HcslaVQ?&RL`Dpq6r^THBQX4l$1e7){|7%2@2
zUm10}9M4A<?0w;%1SM}q`6Rn~(h{R<_^YToK`mEi19p_;1lc?l-(&Yh)L})D*CImV
zkt*sjZxcS_r@l7fr0;yksHT>o;!!h?3LY=dX*i$P_$f?x$Od4gvLjA3!a0u(tqm3J
z<1fu@9I@N$t=;epb6dwc!Ri64NJb0?ze~+0Ef|ev-%n%{ExOIw_Gwi-!$Epgsdw;5
zQ9d!{%*hYs7G*8o4-Wee*zxDPE`F+5Ughp`c&eh&zMO6X7yU5$j#(g58TX_hEk(6M
zOL*r!CNF$w+fp6I7Cesz_SRg{897Nw<gMG&*muh^7L;`c@Abk;l>9C|V=H+}!~B+k
z=x0Pqw(r9ke(d;U6BeGq#?0$vv-SS#l(pBcR)mxo?6>nzD=YYy&YZm!S9iv>Anca1
z7sIw+PkixFqguY?jzX1VK^w#VAtm$t={LAcnZ!3{CBmk}@S%u=qr>X*f>4GOHZ{Wg
zxZ3hSti#@W>NuJ0m1t*`k1>q&vN!(@dLV{-bpAq$F*A7(GG~yiMi00ovz1s)w{I!k
z3~STK4vUb3J@Y%9ZDteo-jDbp^N=9(<+KA=n#vpOF;fFF7i)kzres%$GwDIR)N9wx
zV545aj$mcXwrD^5P2g0fZ&Y<?V?`ZJ9xdHCBdVVa7fki^wUc41`%tG>LcmOA0o_pd
z(SFmj&M9RBPX(1-$>I4l^mul3jk_!-cY*h2KFR~J(~mK3{)9neUG3GsSbJy*v*j#4
zEJdX5Uof0;Q@pX#d<j=#KKHsmJi*QPtACldf@Dl9zxQTQ1JGQN&KP`NH8j?09!DmP
zX7k^Xl-|GoQ^0|^RTvb=QmV7J_Rxy$)+CSYF;Rgzwc*d@4VlJ*3ib&mf}>Ux-B9P8
ziKyhE#v7uORaF{-XSN!AWR7kW+iZQSw1F?QFxqlKO~_r*1b(!|f}%?nWXvjDvPnsl
zRmZu><#?ZwBL0I;km>sjLAiKg@K#GKGS)e#`8eKva0i0?m_1+JF|nVvTQ_VrRHoLO
z5Gcx)JT*Po$mV73;X9PE{KyTFIB`i9Z8Wg+xyT#3sqEe_Tv0$L&V&7RUVegKGT1vw
z$WTnYne1NSD8$T1SezmoSPwM87OK!`3wgoIqwdetj*G`|FZc`MwCS{a&^6aYxuRzn
z2bHS+7!HPb&)WLwV<EIeh+gDsDJ2mjBMW{w?uCWTFz%qJ6tsc8ZDh%Ib#K9?oLk<w
z{hT<!WYj?*w{H3O=8dM`2aJiP?t<o|k+oV{Df6kcv~t$Qrv4@V?Bh>+94r|0NWH>I
zl)Uk-8*qNLt9{7*P@|8OvrG%$jZuul(IwE$Yl3Y23RU5}Y~=!wt=2GyOMORsG%d!I
zK+2rlIEXyw?t(u!+f|pLh=+DBV{t7NCIir<69#D$0U{N3s)s+UQ*bwz+&!7&PYtJ&
zt$EqvLErB6IqT!1Yjg|BFogZJ=A9&T`oWJE%^Mdu6uz9<*645aS`X8nDg+$F1#p!>
zK@_8mm9Ou`J+ck&9q)CTspa1)8=1;L9jR;x6g#QxF_3;jq*Wj{%3_BQ6T$rcof5@R
z%9+!<I}mo?B|&S_#64}qXC*}`J8#L#QaXxp>Dh()CChTI=eG|0D(mL-X>AcTDR5;d
zA9q7rCux=Yo1p-hQmG(Ci{l+O4p+HRcd?x_dUY_g6a?U#4Wml>i8<(=wPjt)mwleY
zYQj6u%q5&v-{$sOk+fdOoNR@fc{|U3p-IU$`17W+rM=bi4~*v|7OBR75Q#8r7fx*p
zz9kd#@`-c!O|SQ`Y8WZ#2;zZ@@6!jh1e2kXzBf<}1kslz$k<f1@BP!8EFVWF>@hg!
z^quQ1QlwNPgVQ1}mJHP19uI1eRIsgXdj|AWox?48TYJcegJCu>C<vWJ^ja0|3;*`s
z)$WeC1mvES61<#cwj6U+#2BKA>M@_W+b3{KBy@ZSVpKQXSF!(2Pf(V^AWf#S1GfO>
zXr%Ynwry2DvDna5hg}RjdC<%MO<4DF<!>>4nify90S#fyM_K@ik-OC(z!u+C(|%m_
z48Df)l;7JdNk%fNS98+9JTJ8g<wf&5Ifzx`<PJoGT5)qW>MP|XHba&ed!;Y#fP(&Z
zlRE7_EDBGAW!^0aeU&CgEG|0y;R2#EyG@{A(|AJ6=WOd<w3y-kzyNqb(w3kCrakjx
zJpEq3M@fKV3w-Ch<ggieCw@f7H2VP<GTmEwP~6yQ_oWR80_FC|ovB`LsUFJ}yym8P
zB*$rYr4pHM@4{nds7`m%SOxM698*CgiYu+hdH2DR&cO3TO=`Z)g~bk->OEcOTZ!XE
z$7!SI&IAvHR5bL-1BS8hQ|&NgbF^iMsG4@akMPb{KtU<Ns&TV%ovm@<a4eT@Z=EnE
zyCIFA+H*J<P06qkdXT<dA8%xUTdW>87nb$#gzeF5wh>2-3^9xTycxJGA%A#FVsH7X
zeb(~y<m?gLJy?E5ZmO$WKF~$YK5Z_H%S;^}j9km{847d&4afx`_qTLQCj7&{Ck|;X
zZ9OOArL8;$qok4TiH}0E8zb@!3<Ke|5b}dQh1RyB0mY>3i8OB6*X9FfwknZ%8S?0d
z?Xh8K1GTxq#xJ7x?EH7`n*jSxfQFhA68AZD6ABddI_3rI?<Om*S5WQvO;&jeqIR82
z*7|R^L_He2m~{0h*JbVa$0|Nayd}3Dq&o-3D<d~Mrj!^-yikSN-JIBrh1e&x-ec_G
zEi8sVUE4CnEm;+H+DD;HakHzrHnE<Z(;+Xap};BsZME@Q&9(E)j^>!_uise<*5~HX
z4T6_|td^wmBK-8n11?lhuTZO(rFzbTk&2S&;gWQVYhd+61F<|`-<CIzysT%f`0iBN
z^*a4jW64yG_KA5WHFqsN2dah&%RX`pwHjAfZ5%A5Jh(fBN}68|<*Jf1-*O!3Jb39w
zYg5xcDxkvt$SE<1?SM_9B|`Ey)ileBG}=drp%qh>Tmx%@UAxJi&0h0W(ON9dncFSD
zMMcdgg{Rb)xxcj6BiU7tmdL4~Yu*r$Z!p|iRM4BS*DPhM(d6zqBw7_ZHk<@MW(xlx
zNi9$28Fo5w#%JtwU~^8B;__!B4cg3CL&T2qYAAu-Q1Ti5D+*5}_?(Z3N8`PZO4Qv7
zQ{lK}U=Ys_SIgF`765xJ6dJ67hz1jqF)Y*gAU9Ib$83Acl4Fl=9Z9>rrNF<dyz<mU
zT;0d;^m)H|kW;<)UfvZ=U((L^jIbp@{IJAO>tgm*mEFhfL3e5k+(H#gX1>a<CTCnv
zG;4Zsf>S25X}C+QRE;>Ox}bJi;o<iVu>QxW0TMyXE;)<lyMQd>n5`d+Nw!=lA`UtT
ze-8XI+`5P|(YoM6J#GKsc^1joJThK&<AlOt!7GLKS-<fsTuS6d+bCT{r)<L*;cB$)
zx2Ev&P|c;47tBsFA}0d3lGT>l>U^lp-}>seG|@5GR}r$vWvgQYJ!@Z2YrX*eA^`q4
z=iDhZk$C-eOtNy(vCB>4L?G+)tc7iQC%*e8fFT*uz3{0FyQmyjvEBny36me1z_25M
zWkrlln0GLJm1D`JOI#8bP>&41*TMQB7-?5e1vygP^L%$tIX}Xsdkz`+GM+RW4z`00
zHE?zB&+@%uaMLLt5T=bB{3m~~E&pwxBy>WPE(IiZUgMgS%&2^Bas`bJtCr^|)lX$M
zD#{x(b(ozny~;UZ_P(jwRipxMR#`a(?{qzO_>+O<0>4OQV=43d%1V_MB+EqV$t~p{
z@=aTvP6M7+_;^qi3$(d&xQcQcx`ncK{ah2K)gDk8$y}(0Mm;Ac`yIo(8}xfzn{DzV
z_V#UE%o&@3$j|R=4W^E!$!RcDn!K%outZOTob!@dO}+Ic^iPlnRwzaTHj=hhQi2ma
zoO-l;K_a^Yyowpve)?m-m24BxOZcfHD$MAyrV0yGmlJvXMEOtl_50{mU4Ts7s^7}7
zA87xpumi0EdbV(O;jV^11$6&6AR2lCsAr8Yjqv`oV*iwLfbGHPKxF&wQ0|X({de-f
z^FS{{dH);P|Nisij}<6j{Hwz8c}o9E*s89kgRObSP1m2&l0S(Y2?R=1wtFZQ|9>TH
zEDhkQO6u9r&%G@F_o71FFF?tBy)k(CM|%Ebiu0W~z?H4-@w_uX*UbJiSQB}Q(;|4*
zlQ8hNw$cAge%Bn}3JMia{!fSJ--wT{5*Mjiha%^)e$>@JnbIt*0(w^i1C;_||5cv0
z=0Hs^u)1AV>|Y791<IQL`_Mmr@&CVl=*;Lt(810~WZ>VmO;hiC1oLp!k<?s!GHkS6
zTWuT2tT<QhME7Adm;4<sldncm_uo&VN?F+SJr9CY5msaLACw~VC7{QF5j&sQ!DZW3
z)17YuXY_1EH66m(?y0k0h>+5srLM|2X_eWvhZ`jOs2o1Xl*;uS*0Y~8_QND1nhs9@
zeNRFkaheN*ZdXxe`X_v)0}~HKW6#_r3A_WQ8I;iwR64t}e!eE3@8<N0Ofx1LdB<Q=
z;r&mg=uQ?u^95liwc10#Sli^=ux#kyRU^T@dq_6UcO{xsS}#VkVc+H=v78^=Kp7EL
zr(d~!r<6-%q?SphRrzr8JjmpyKAq?zfOM3j#1cX=zg=6^086N?walmAz$tf_LA46a
zn7GV((cp%C)#t;%z4tDNRK6NX9li2qXY2+lzw_QNA3KeylAqAUTK`=i-+!EB3EReM
zP-?HNnu=Vwn-qmdzsIb_7Yo%(W`;@Bc<8EyVSX!ET)fQiUuYn=Jqo++;Bjb+ox7Di
zTV=;0Byr52WMB%Ji$r813+{;0!@k@buBr;~UKHy#WgLt#K}XTxlfDb^=GukJ(j<e&
zodKK|(SDy5j3f6dk)_?E0#ANinX*Zmkgl6N!Ws(!kocW|2O@$z?+Cw77th)6hw(5!
zg0iqZ)f}jxFLrrecsgF|aJet~<MO!ogi>tjL1xx6<09=cE>U%zBJCEEbz^cbOKFK_
z3CkU4mmLbBO-V8sWdEaiTKV<6Vd+Rv`aNGUmlGB?RC{N&eIvtkSSjPqEM@qmN&auZ
z#~e9wXse>%w;QeF8`Ja7QqWmbS4*%=nZ0{8Zbn~rPlvYUh0CIB>#2qB>dr#t1S;#|
z(12!^bndINskscS_<et>^4RBlPf$PD^k_rCY*kV8tkWzo9flF|Uy7g_hXl`QI{d<N
z;pr##(M^o7ewVuUKdNo-K+*X-vuf=*ig{NV*_`){sA-NDip>)b%8N6xD932tl(JRI
ziao^6ak+Z`AB_qt0RY3i%dZTNmGhm%!Tq@=j`<%9eBJr$FZ<#JHxzSz(p=!H$O7HR
zVX>`lAIf>xUtzEOn^W;Vu`*ZMSaItoh5Ad#9ufeTGBvaRYMUQxP6Ni-+rN(c-)3fE
z8?ylXm6Jp3zuM*l(M^DHo?d<^`F8{IA9Z?H3#{Kyok2$bPMP;fpo%v5#p*9oe_Z`{
zoq$!F7>&>WQ8oV>in;)_YviOh{`kmW{-f{{AZ0%0X|;dns=)woIr3tje;4+Drq@ga
zte4#3rtp8~$}I=r%G+?_>|d|@fxl?JqihwP$GrCbBK1cSN8|ynrgJN9|M18UG|B;m
zMdazp^?!B3nuXo~S4~Qm@&7K8|9$BH20MTL_}_>AQxg9TApXC)q6=N8&FcTfibW4e
zUFoPV_!^)H^Fe$&eS8$y%rcQjT2)r~$MTMrXIm_UUM{Z+n~e3YJi(MG6F4Dm#FxQ&
zc0>qRw&4xRk7f@tlgm0H$;Ec<VI@9!YlO%Mx&S}W@j!mK_<4J?w_D}z)SJJp-sr0H
zDK}rdzy=V`!&1Yfn{`)Z`r9rA@?<qqBCq)9^HI9W-N*VlN{o$W^Avb&Ak!m<Zx>E~
zeG_j)tv_dy%mjEf{rW*=#qYa**o9@z0(%;i6O*4pPB!`|MH6OQ%~#RY_Ho2W0?lzL
zLS^)l@~OXZR=CdM*Ks0i^|6u(OfJYs&BeB6JxsAE$Zd@xUB(4&xtPe<7p$*z9gClg
zrUfB-j(-I8zY(oS%If8skJ_DjXUJpr>^jSaua9q%Z<X)RKRN^pOPNk?c{m2Lr-)LM
zuRp%JR7ZW+b$zW40VE{2eYh5HN~Yy(THnKuEuWNnTRi`68KY5b`ge?7t^B-Y%RQNG
zY`TMQq*@`Lx0tS*IoS4Q$a$D)^QKfy%;zr5$o-A8$C?H#eo=f}9)v??m0#BJ0Z%md
z)8ARy;U!0p17A#~rgZQ3KSGAtajRVa+}59iE`X5CU8a)=#O8uYau?}vywxB}94IJ%
zq<BIuX8oZGw*_+Z(BR(LwbydxV%kD-mH$RSC5vtZs@=6R2n0Km64^60_X{3Kr6A@5
z<iGO?IP-?boPlIJ^*IDGTuURnGfWHig#1tMc;yh&gRx7RIZq4}jSgC6%-wRBEs=($
z{;Lnxq<!B~iLqJ%_K5xSg)Gnpz**_pM~VIOEr9!qCVy}29Bv#r`ESp%1-Jt;<Y}hP
zwgwxefe~8)JelCR27+B{aWpfle*Y|r=kM=yh&^@sYE3ZTSefe}1sz-}<laJZzAE=D
z=rLC6E(Mm4jnX|ndGG5^1|#kJ9=@88@0;_0mL1(`d>bfiw*^4zAbVX9Sc{7?d4q;v
z=1_kH)R$lG`uIftokGnr&J_*+<N$1tUU3=^UuM|uirJ9+Sf(!)!_kqJ)PnDMuiiVS
z)>=lJ$d}IBEoaED;V`Yzc^%h4jE31IqY@1@*$T%NRu-240K#|O7N7h?|Bi_^Q0$%+
zizX?_%`!T>-8Xx<4T5Kb4EP~U|4{qKn*KnnuMseC*}d^LYe^aU^vfYACM{sgR=SJ_
z&6^d~Otx`P>~V4TsSlF04(g!0L#l^!phllR^f!S+JS@V9-NxA8AR6w-jtc$4xkCdr
zReR#s63KhtfW2e<pq8RF{98S6dVbjUu=~o$nfKbsLhfro6S1~Cx$WB_jvvE{|AZpy
zVvi=c<4e@rp=I&(4G(1+GEufrx|Pt_Fd`5M*HdcFM>Tz%p{YaS>%kP=I51!I5D-PJ
zdzm*RVq_yeKELKO(;QnvPGR2F4`1)Nxr(d?#l1RXZX52Tyi&8!Klj#b#{g-Y{rwci
zu}W*m_K*sp1Rp%L=dX==xUd5!xfZ;tVvwZabXH+v3sUkQt|ve~8YH3Q83x*4(fP32
zr)2hQoKhiYk6Q917I(CV7t1*HmQe~ASMa;_Wr)wC3-B}*$*g5wRa3It;$#DriP=QI
zIBG2|8F2x_P!Vh%VsdYlTb62#SZuzJ*r&QRE(ja4R>*=;baDSOX#qcQb|biY`>U~d
z8NX13tame2z}=zh4eiUjTI^$fdg^)<wLO6BVt)rGsSs|pRRc4Jrqg}bE@QJ)MI&%}
z`4auR_Tlt~g>3%}`fa7ua{8{8GATn^p@MKQ8hgI*+~@6A>t7d+<@qNCY?8{#3T%T6
z!?wH7CBN}li3o<Sy)QA3BoE|9HSci12VwipD7Sh+IB<W67`}Nn-94)$L!z4TE#Df!
zbaWtNS83y2!$eq4M%Z{HWjAXvp#wGw#l9jAU)-tqZ9H`(<nK91fJyZ2*zHTs%Jj`G
z?aF+|*N3NqD@h1u>4<ww^JooP)TL7=t_L=-Wx}o$KIViTIKVZcbL;v&SM;yfH>J$g
z^XSyIniDpJhGkXkF1RB#KO`{3lJMHbV{y^G<MpQm{sI@ETj-5l(6Ej8IS*G*$LdJH
zdOJh!+01st>dOpT2vPbq9vC7!n2U2Thcvq{6t=0Ng6y-z@jG}D9PR(SW6m<U<S5Z=
zGmls+N}XWS2Ys)TK|)vstIa#G^L6%Cb*~S+*ic6O(l2Qml`KGVxAGv#^)Kvm$(Dot
zF+1*w)fL&m@vjbis{Mrls4Pqw&ZoJtqJDOW@*1t;4ZBZj?@zKWV@EO!$^B>{eKe&j
z$T>^+?-ua8^KZ7V_KWM*@Rop}W|Ro8U8Q;xFoM+~zqe5#jEIzVm4Kdxz7H{cX2~^S
z{qY4ChZ*D<R&183xwwLF+qDetP<o|N--5MJl=xBwv?qvEV5etJCGBjH6*2^JC#=Gn
zxRI4nj=j}Grn{7{@xmq2V8`?sr0;oEM%U$=aKYpb)ArwcSv;hGBuvRSQs66a-b}uk
zwSRl;kWC<|<&tg)b^CYzz65L~Wab>c6(i-I--6L^58so*4PG-PG>n}9t{(>O-mvIy
zG7zpH=7G{p&LC~T{)i0KfB1s{t7vTo#a9X9jNu<yRT@f<!C&MznWg8s8c1KE47jfp
z9#PWY@hn){P=11)GjO?WUM<_wo3?Nt{jRnIXl2-)jOb)fFKBm6!}#5yZ|GGH3xF)9
zn3)iF9pD5e{cgeO`;kYfyL;fvf;PY%Rl1KN*OQI(lWDlk1~L+9)L%`mj2+S-ZPzbt
z_K8a&YbvlY2J&c`+af~eucur2-RPVR5FGwnaCDF<&p_nH9M7Ck7I$8~k(F!K@UTnL
zRpHS&VVMiJ-E3#mvmju;f}2<c4T1aZ%@>ljF$Yx9=@PejQ<hQF!pXX|Lu6N)=PNLV
zx(gnx^x=)p2BHqnK5GpXVW8HA@~clY87NjK?RO)x%7jdPpdkp!;L<d+OirzW@UBx>
z+MdQ8%;E+VP7h<;bl>0La)(6*NjhtsP3gdwiubegiQ^IkRiq*#D-#jGX5IAl4r1)J
zM-I56xHLTV!rxQCffXi|#jC<xHun47(xtc{Yv@>1QjYjs_{c9<2&-g)+3<P!Dr!IO
zyhO*tR_W5EW#N>e>9Eaf3@_O-ZDQi7Y53(gyA$^L;`rRX*}2`}7qVT_GcKDAt7l{2
zr&J_flD9n)4oUaPm5UB^sP6%HlTk`Q(sG{UrKtW=LiM%c_GfkK(eJtMo_P5C5!VF4
z0eRfl0Qywf>!Bom1*vxWCu{fNNDe)qb<j+i@m3rzuk^WtFlYZ7DNOHmatAhuumh{?
zOA~gPU&_ebE-c7$caG8xKT?)^-{V2XAyO~U<$4F_RpU&i%|eRNjOFEqtyT2<wnc@%
z#{q?iU)r|j%CO>MG*R0|q6wDacbd9%TWqX^?zWg2;MPHM94k)(A03kMM|m{1=-Og4
zEomWAN9tysjha@js+(m`R*`Z1?nr@q!jRDq?%R`_Scp-ZdFcBdw6RGs{OlF9U*jA1
zLFwaCjJLy}$ZMC4TykqZNpiq!eaOuV<`_d53jE>YCkPQY+$Qt3?kMbtzQP~%IJ=$Q
zJfGgcLV30U1;R|pm=?cT-i30Bwh=0@0?`JdS`qLyx(n~ME0OXZ_u_J{O+XC@{?$9A
zNsYhpcvqTfLGMx$u-U7$YuZL`P(^M}LN@J+qKmBp@~unY(=N%jnVAdh{jtY#YrMOk
z1gW3S^}L@v#Oi~;@NyKEyk&4sgH*A@uhX<M(p@zrpCO7h)_qm{8u!YL<$|a~?9Ri-
zP<X#|$F^>H8KvvlFL=l=i$5P%0BkzwKiWp`a;@aM*B9OZH90D+HKHcxJt=mw!x)WH
zFD(UE;*p-f)fFQa6{VHd7C-ke{}n!rX#yAz^S#z{f7j+ea>nRg0MM8Qx%}-6gFnZ<
ziv|MB!|#H0{vFW3^8m3h+6(F}qmI^ZvW8Rz?~N&96odafspijVMDChK`=-K<I2t6Q
zr-Fwd_4ePga|=457b*}gWkuS_hJZ!PmRHG%-aUa4z*PMMxbZl1H%my-Ws>1h8&1i+
zcz3fhB<9QrHxR#CzgBk3Gtx@Zr%`rrg+;+Ljtl>qNZ?tZC8N?B7Ok_>#9Q{hjgTAv
zIdUVr$`ef8+!(8O9lqwE$-suqB&k~Ddj9{)CejWxT9dcG*q6x=+OOd`9Fu$GBK*6i
zU+|@&AF(w6UchIztlR#3uJ#^Opzhve$y%1>vO0Uo(@J}ARS}}ttB6!|{ik$fqjU4p
z?@G9y=w?Jj@e$YK<y7vO&-jMKdLFO4pd5Vr5Jt7+k3D@eczo$Skg^YtY_jM8e!SeA
zS{eNRY?YXKM9-|Nfow<4yz(o}oQpPRwj#b!#-pb@An6ZqOWB<pCZ8w0UNTecU(qYe
z*MBU}zKh)dcir`QPo;JGD*sRYa<lvUa{u|id|%z$>&~~PddWM%l+tYmtK-%?s=u6m
zVAtdrkL9R~s6bWn1-V9!)!GZc?vRP=KYR1*jZHdB3s3T#-xlpRBYNiZHO~`vMfY>8
zR9^EgPBg51)6MC*%Qrp~;gHaq#bh!YK5zkN01H{e&*e^;6FzD>UE_!;zA$U?s~`4j
zYnd!pos(|K{Qk%Ie|)7?VdU?!)VF%T5P$b5pJ6#h{|7ixC%D0Fhm~Ea^z_BAgd*D8
z4(!_dzLT@Dv~$g8jfMrg_SRj?7ZHdskE*~NS-qgjT6AER^R+zT=2u=nZmDW6`?W-Q
z4X~NB6F6FX>TM2YZn&_LrDg5hS4CDcC4&^ipI<~|Ke)d@42R>u+-Chx3T+KATulmN
z<JRq{>x1EPS6YEtQBSYg4=#ejXgF}I8ha*XdF2Ew0mP>}s$+MRL&95Ict%BKlqv$-
zHQlEd2&1>WAf=_khHr8h-2kww8g~f*yPii=FL0uF>>z`i0uj~xD9(qEc{;>`dc2Q}
zUa+8*$WWJYtl7(s-5(3|KogOLk|ik99SE1RT)W4N;31n4AP$<Q*ui6knYO{UGG)KV
z?ihg;+`uv@Him63_Fw=;=XbczP#L4q2@a3Z=p4<R;9_euca9deqlGP~8UfawKkDzt
Wrf(NrCAygb2s~Z=T-G@yGywpWNF3(?

diff --git a/docs/static/img/go/api-create-key.png b/docs/static/img/go/api-create-key.png
deleted file mode 100644
index 200b5f5d128f9f29d103218ed9f1aa41857b91a1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 31504
zcmZ_01yog0(*Ozx0+NE#ol1vvN_WSlLAvvD>5!IEx>35jyE~-2yYtfVF6#IF-+FI7
z);a5(dv?v9nLV>7HX#af;wW$M-atV?p-4)IC_zC%&qD5cgx8QS^!Ah{kO#D*lDH65
z$q2z7<i{6dfTW46EEEmo9RUhD$Q%mxr3&Q6gWOP1uu*|f@Q^14<W~3z4fP80gnlXi
z3G<(t(6c{Z{r9~dQV#W5Sy)mM@>Di-FgCVvG_!SDlfj>YG@Le90XP9<Ww;G(tr-lA
zY`+*YxLDi0G=buE;fB0g8#@`0xL8}+IC8u2k^QN`4S9e0%t%J^r;3v$9~nSafkfEW
z!I*@dfr){MjQ<S@2??)*kqNhwh}gg8kY9XcW=>9a+>DGM5QqW9%3$kY%E-*c#l^_P
z!pOox52-=#=xXC+;6iWXNdC8z|MVkb>}cp<Zs%lfYeVwVufZ2vpc5Y%*~>ux{rd~2
zv5Wctjb!8aZ(5KEGQN~BGBYqS{<m*PQ{I=a+zRF{##S04=GGAOK*r$z^og1GPyPQ-
z$^VV`KP>_O(~^Vbe_Q@f$^W~hs-v-ku&p&@NGJaPqs+g?|6BO4Aur?0%>M@yf6@Hs
zD+JH{Z+IF1OEdmAT&QLct`LNh6#1;;0)3bY=cA&EAJ}Rgm)+Qizo%sN_MHN<h!8ru
z0v)=dcZVR{+mFz2u*h^Gf^W-2g)|Z2p!beVE(A{Inkzvj)F6}ikn7#UMfc<W9pvlg
zl@Rxi_48PXx7?V}>rCydq=?_45EBsm6C+&BB7G7SvYMgV_r%wbN1Tm|C468jB7GXK
z6)T5~^!6S|snJ<1h>c(lY&PzNS<8?q1Ys!9i(pfhLQ!rJryD|X$naNT4vOCT)t&)Z
zF-V{>5VT=xu8&sVFG9ToEc75QrsGP>!MwE6Z^?y^oXt>!CM(;1eY!Tv92x~SKumo1
z0?Q2tbh<^xZO-9@e<`A{02Y9CSElTY#f{3r=-r=A`CyJ0Em^Z;xBXdT+t_T81l|Ey
zRj@sH5%$R_b*Z3V>h#gTj2utdnCJfR(ekY<z#_^$Fom%cbW%XWjwkHO;CLD5yH6`d
zS#v4Rlme_XUR$Zf9yN@m^ladd&_VWJu2O%%M9+f_yKfdI1md>YS`c|1Nq=dpP{z=9
zaF~-rcKZS80tylK6?FWy_cL~orCB?-@5ZJQ(}N8F{sjgSXbwaiH~pCmpxf9mas|UI
z8wTLjH`#6imj(ZU9_3bA1@`GwjX%90%&OKLiW@FQ9AUv@AL;fzIV3qWy@s(=kYW@C
z0Q^Nnx+Pp({Pl#S7(YfrXac!P2z}p4%E?7#`4>h-MHwk0KV!~W5&2a!mi!pAm(u<P
ze!7PJGVzs{@(()dOkg{z)C5`e6O5g3*{BQ?4lnwtd_}X5RJ2{&9Z)h$O!PuossA9?
z4(2zqSrDIwB)BS*W9H|`97!1}P11JiJiP~s#R#3`pV49Bd_;K&B*I>Sho|pMezj#x
zqgvQ($zHH&X{98-%t%lHoyj~XHYb60M<i&dy<(R$6n5Icn$W@qYbvro>JR4pVW6oi
z9E<&_kzl7K=~K1e1YDUC{_VfwyN`0Xy&JRin=N5q(X~{Sw*G9od|b@Gvq9j4k*n?r
zkh@KYi-esv4^P=Ii9G1s{EHZ&R39YC0S3i$-?oOlkkG+jPdxgM|9bWDkv_7=Z95Qh
z{aCh)^?Tt)cP9N0CqT$Z2W`vNwQw`i4k;VK1hG>j>rgd>Vw|)5sURqbX-5_%$6zcT
z+w6i}9v#I~FJdqpVPZ`5XAMZfB9Ac_hqD!&Y${ox!<J!=2A_0;sOSNiUCs{94k7Cn
zLD<cI;qwq_3xVRQk5QeEk@N+>MWPb^!)byrpQT7JVGcH#+xjUNs9|A&c)Sw6m6|Wz
z3&OOJ>g$Q8d<cz}*7zlnhz@|)Pr+LJOyCy%2a(?eoiX~viqFH_8tBS^PzRNV6oXBF
zNBbHsC??y#Yp8099beqxX21Tc%|toBDGxpKFAcs6ZX?{NZScMW@Q6BV5K%*?XjepI
z{sUElB-KY51wsbeK<$aaSm({uwuTShfr~Lgl;5`6bU)nvT>;;H@L|WRD3qh3@+E9y
zKGFxn!&oX~Br9K68cF<J2N<WAFt}B8e&RVu`@U@^RA>iZHPcC(!}t^X1ML5i?T1fw
zARygWTrB-CE2bMJIaSp__wVE>Rs~>LsLO2l-T~k%xF@L9_@9LRDM|k@HUbHZl(dY)
z7jBtCVX<`NSVwY+Ku#N%x{qaP+ct#DcgWcTyBlH}m6Q@s53XB@zMfkx?k5A|4@3t`
zvOAc#d);108k#~>X{oT9pDeSy(SQ~+eIr(h*od%*(3Z00{KD^9?>I~Aa@US><F-K8
z$lXJ$2Ce!n=Q`kn+9-1IFs**@{(aRuI)Gq<bG^J=8ZV{Zkk+PJ(-7?bL}8(SKtTT`
z8vhT+ol#RN#Gd-surx7@wD(uUF<o6E>D$YVJDp0ka<c8OX7rM4Z$DX6iNTP5hMNB}
z|E_oYGKs`);ww1IO77icKc&3GDaGL#CiUj|7HwRly`hYxWciIoiC+D_<Tx_^7ufll
zdeLo9Zeebq74{c4Q=lY?AOhzUPA+z3*4H$xGNPC<zn>aPToi8C%}d4OUdM^h<F~#M
z4ni7vwbh<&`*?Cvv2<zekwg?wFjEC;(<B|_6|40z!H{+1AqRzL#A1<}d!nenBZ;fN
zRHy7h7M<qL_HFff1rBL*Mh8?PrJ1Jy9TE}Y@SbjBrjq+n23tmyPNyJiumSs{w#1i=
zOum8FIyu2R0|7xn(sL}?1g~k;ih?^Ww~<En6@O{tIw}P9);n}drY+VJ>T)pr<a-+z
z0V_e$h~Sc;nC4%t=QT<XxZiVGJ@EX+*Edx7vs2eaY<|hLP((EQ+xD_2{N@jS`GLI&
zQ~JH_u<%&Pld!1y>H;m1o5?*^mdorJqv3||IJ;wlMK4QBSL;m$!m1TaVWXov*>##n
zT|S~H=t#bd0VgpV8%MoBE3d~j%l=}Ubx(NY={;O%ba?yPr)Hf7{`0yudK|+Chhrzc
zp4rPg9!f5*=H{>}ZlITn^K-4b#Z(cMp%_YZhA7g(nGr<==)}vl>bcTkz3ZcNl5Nvn
z#-g*drF4RHJVQTE^fHLM$FtX(qyP8LYnopJ*%P1RpSJ0}2QlSa^LmSdT5pP~S`Sch
z?^<UrK@&YFPIu2%D<4xE`EoXXGGH!y$x6LrEGQ)n*J-@&^PvtJDBqx_+j3Nm9Ehdq
zs~aQlM&HXNI-&QR!r|7wzjy0PWX*34BK0GRcb{L$C;FsBOt!wUVSGNR!LqY4O7FV%
z6Ew<jzDuq{w>Fa6N}^t(UH+yM6S8pS5m$A$YMS@W*Aw5I1i~ffJ1vF9cwIQN3e~`M
z8s$dpo49Tta`ENE;dTnSfgbSVSlTQ!E6hqJOVzbj+BhDoRi9MSVQw$_CnYnpJ?h8f
z%1Tg^IIKUEww`B*h=}wZWKx?kJ5fK@rw`9aVk@Yz!_FUaFD{88O}YYK1p$(mI6_-z
zj7v0{3%1&!W*P-NTCaMAMUxk7Yee$(YUAV%DllMzEsv6>j7P#kG@T-d_!t&IhZqQe
zxr%J#0spZ$7vVHd?brh`%2~<ti&EOnNH+YcGQli@dK;Z%bvoVOw}jjtBE4L|{VM%H
zdJ$v>28LXQ9VFqjC=*#c3xTlG6J@l|cIcwKA7bbfWfZn!3#SKs{erTTy3fz2Oj#*;
zdBMaPJYWeasi+Uiqas2=U$s@&L(uk-ua_Hb`~9wgztId={T_bD$)g>Tqk&q~gWA)5
zABkh1Jc-AUpB5_Rr;C>IZp7=1v$ZhRpdmUF5Bhlu{oU^%tRkNGK<Y5>2M4>2hm}5#
zt%Vb>-*8_=1CqU_XkzK$2)J($`-|!55C8`Y$BNUs6)mp^PtUygwzdpLC1=v)0UbQt
zZL(hDJf)WH2~4gHL-%)Dgp*5`>czU$!&5AgUY>4!<0szbMi+TB@QaJ1%A&Ilp9$OW
z1VG14oBh#R$4wh18aKmAp0|N&!*uP(N57|)yo2EhU@>eirdy5AqKKWm2Gt*aJr=0t
ze@OS@lnnuJQIaTP5T}!HEX^wE-9uoeGZwC86zNVA<}LHP->fV(8d^Bf{K{5W65-}k
zo@RiAgl$X=-gcpP5nE+0MVsI~(;v%yCh62Nkx%~_a5pAS6nAanv8%>Ml2BXgu7EX?
zT-?|}EuT!8?r|4OIoyMCAf5RdeCgU4p#z5oXSaIVO+BHCCM<tzcFfC{+-w;ycQ@ZS
z!T<f*)T=0R%(}&;z4vPn1viANZ4m?wwKd9*{m*ic_w4y9^<Rk-Pgo}OlLKS|>&QZk
z1s;lu-_sQ{Qwiy$Q;B&OEs+3YfpD~F=_vTm<Mna$8}nZSRM{_@?KP22hHq8)6^J|Q
zlb?2LsdKl~2Ut)M59+g$%HR%=q<s(Tw`kQYPa5Z!b6T075;$y$tbdW|(o;SJT8`gv
zd)|yu>*491j|X#fqpQ1gd=stxpglE^k4Bd83+39sVzEF~7VMYp+T9*z4aihf`~gEd
zMpq(X_!!vALKo=^=6#4|R$Kp8W-Jxo6;G#zCLz|i>b?{xQ0?t^2fXBXs#8Xj*5`qD
zLHG45!=hK}i_$yRuHRhmmevFq*l(=Cp<(AWl9mL+OS?S#3Ug+WLu1s%!Fm+g^H=HX
zD4f~1>uhdc4B~_~xv}Z4(1io5Z!fkcZWkRUz+WSa2Y-+U6{`ncgly<ecmcGybTvv%
zc5Lp-#Kx8Yy0RUv+x@+p{ib?R5HXY)eYaH`i!0LKw;@a!XT7jU1Dw2J*1ir>?zP)t
z1QhkkFqbS=xMI%L-wV(;p$DQQv*V9}Is6~eP>*0SeZIZ>XoXuE5fL&z(<_@mwb9d5
z)M&9Yl336q&)8R6;C@#O$^p=MIeulcRGG*Xk04@o=i%+asVMf_3Wg`GTVu@DD&4k&
zdy`d@y0%k5B*y8!vNf11=S8E~l;8$%>(xbnR8VWyeD8U*TfX7k`8yg`q75FlVpI^Q
zF?)y!h!;g{f-39Mw+{CJ)6Zp!j7%G>|De5I8c&}D?8wfq@BgGa@@O^-q5MX@7pWc{
zxa@lHz8&9JpT62`8IXH%bz>fPX@#b5|D{85B!vr{upiD*^;?Zwx6ED*NGz<+v$FCT
z@sNmcs%*&q>)G1eM6XtnHlSo@MCbR~khhmki_|=5|CfJjsXiG-gHyRofpKULZkz(C
zZW2RM^y$s)2l$3t_k#GKS;zaSS12is;IjC@HB-QbOG4t~53oO#KQw;Xv7I_TVK<Hx
z(|U5NGOyQ07#DjaM6ExB_#pYB*j2KIN~UwVDn<5hsYfRbb?i#k*oGzMQ7ICBZ;5n{
zHn1=`jI)038_{uh!br<PBjqWiGWr#Iy@5t`fXM!Qyl9P!=A@DnYw>_J4O&^&0ppPL
z;Ex%H9H0Go#;2RfFHtePMd}ejx!$&9G`APUwtl8gpII8HyBe%0b;1p^yIJ;L{mIMc
zl5o`_47(q4Y)040Ji0CFL$CEbw)Tz2lCu)kTu9rXn~2{-B}F4FZL(9*)%o~NULb69
zFkYSgvA$c835lHU-eI#tJA#<&o1`~ng|A?qju2c~Ax|6ZvA!vfjhqVU6oEPJh!mio
zG48QEwsT}_bS^k}KPa+jue_2@ZaEc2gwRoRO%2dJ+BLu1JrC%V(d7hGm!!PS6|GbW
z1+`~nbH6DnI^uEOuh6ICASG2)%S$W|?Chee3sE)!_`mv!XgPbhYHH#K|F(18@B2bS
z^#S{yy&)ZNZ>2V9%9u%%qlgC;4cl&`x5XlnIn2@NMBs9j53A>R`jvfjRMZ(|z!b7$
z<-HUzzjI2tl)Fi8_yY%zj1P+mSLvN$YKwn}@vb=&K~JFNbe=`Zc`}4WwP2`*nF*7W
zs!uH6tVRoCV-?AtOGtOs2-WPg4AHuecO-m_>kt%-^Sns(3ZiQOTFw;Y1iaqJxaR#m
zQQX0sGu_OfbD6)o^(tZSuC3D(oKQr)XZZCUoq>~9XA&DyMyAkeb8SNKJN#r}Ezk5(
zEq%nhshQBN08;t=3t4XsEtC5g)o<WZzqI|_qA`qlvgV^W{GzxA{f|Q#rQ5sq8Zv?N
z#SKZ!_DHVn10uNAOWA|*U=hY5%x=Fy$O@Pow6w@C*C?CI>+vB3-X~4CIrky39e^T|
zz&eUvy6k#2G=rR`BLI4%1T&QeBScrnLkjy`BC!Tq_0m{}{k3fA9l3D{MAPm!TPoKe
zkTtLrP%Rc>VwlJewtm!i&@O&eqLlyD#D7I3TFqL84;5*8?@Pr@mwl#FE%N}ZmlMRS
zNTh_KXC5V};TyGTSnj>}0e6r^0$q?<5X9`qI?bEJSaoz-rfc}km>MAVb*`p-e+v_U
zw$Qjzx&2eEw}(?($sy{h*EOE#u^OnJ?I2q1RZ)6%P2rhkf77Q(h&Cv+2<*X|^R9We
zEN6HNdg?f#!_2bc;CC^<!FNkUBVr)g#}QvHv#;FOe9|>d&Y%h~_%hoCGTr@DYCEUm
z=H#xR1x|>WsvK2D4drm%hyS`Il^_|0C|z7?%P_lzKsGJj%+z_vv@n<Em#`LqlQ0*G
zZT(64Anc6AvuX{dy2x~>uAe)J2h23y`)UYcG=N_r(~T6Wm+m{P-EGJ>lMs771n8cG
zs?*e1jERIEv<r)0O7n+dJL?N02GhCGl2o}M_MFhp^v!~D@a9fm_zfHOaIw?#M-jET
zfA<#cS{4p_yp`MpYekDb(1fd;AWKx5FS38ng_nl!v5iv*WF{jMM!@UTw~r#xLepG$
z$*gt<#;&aTz~1;PRg}Opwzb*mlq`tXb#k1@ICcKuoNawI)&~Kpkm$g035c%7dx&Ez
z?ZA=7ML@R~MJbhsEvH@M))~VU)(93P0F1l%aOTH3%sGB=EUDABIJ{2iY_OnhP_gee
zY;C646^Ef%eeGKqALi|6f`s*UVnlX1r?V=C^==mlw~5sys~hwv>I)qHpf4no%BiXK
zd(i7fHL&SMsx2lN?!~>}JA{4;@&&er&Q3!OBct^6v%u^YSTE+a$UPsO9oh`B{FX_8
z*d}#|Hwp(H{Qdm}R%+DkOH?xr&Nx~G9A|t>ss~mY1Jw-F7t}AkS&>7bNFA)P5t?XS
z9fRKTydS&_-4icBjgY6q_A^IjU(gK4{cA=C4>EjVVnO+pgj&ovTT%7K4EP0qe6K#5
z;R`L$DJl3Mv_)nRXoLLuuVZQe)+3)QQGPI_Ezn`3?D#*HG9mPvBG3a4gl2#IG=~^<
zVlc_B(F->8yOMt!cECO;D|?WXmC$VOyCFPN0f2vObYD8MRVjCEo$D3=KRVz9sr}vG
z9wbO+5pGoU`MiiuIfcsBOg;a8W|3_ZMmb}0$q6+Uxy*0F3waSse})uFg@R+B^oA}H
z`0F@{L;u-kf~ZFI&!M&t`=RXD6ViWOGX9X-(q$})e}Pb-7W72{>p>mJ{{i+pB`g7g
zm9xCbNK^y!-zv};r_jDb<{7Vi!Jl0dVE=h<{F$JyVc8wm2|EB9|K{UExk^6lD6h{d
z+b^Cy<n$CK@pt|WuqDN>jmz5tZ7M6a|Dx@etPc$S{L$$AUw4YpTj)1dSiZ&;|39U^
zeRNVYk<raHe#>6SfufL|6A3gUqQ5JyKwU<Vf16k#`yeJ371w0YFtN6P{&XN@{dgm^
zdDKTmk?l-UFMEFj4oj^YW0yZ``He-9iFR~S#;v;zdl?PA@YN@THlOxptZVH>_s11u
zYux5{0Po)T47wRR&EltJ89L$@-`ZQB-|Ne?(4-X_LHxmRYJ7=#&tvp55YC4<i@rC*
zUN)=a2WwbTn%EZe4$=q1v4iJA&iCigzW#dggFzOv-3f}0xhy446Ab=7{XwWVsf^zX
z^_nQrJFeGB-p``jDB3<VGx5J*_a;TqY&qIbML%3m+>E_I(cS9>OKsJZ==0aBB-pc-
z_Y+_KvEMIg2p$`(N0a{Hk@N+R9m7`RYZm4|&ibwJTEb>-ucnnsEkyOG@+ZE91%D?3
zEm6IfdJm#KaxPAiD0Hh{d~@&tz3$4&J4l6IYhLlY<*{C-2X22n?Qv3kr#6(G<IJyA
z8w<eb(rV%x^(F=Ak6KN6gLNix;TCGKLC1Cd1_b^`%g1U#GtKo1IRJz9AciUg|E@xe
zSNW2y1djsw+6`H%KNxje$na}VV%j%W;-%F~G<60eqIVhuNLp<d$>hTl4<`=a?2OXN
z3phn~b#H&~PiL%>!p~T!QUl%^^~+;D$Gh=S+(!^ZZzb0N9(ehJ!@|B(6CaXLPNLjR
z;ikLb@eOunE<1`hlLSSi$FRTBo4f^@J4QdWm=_-Md3+kY0L8SIo<zn1y-&X9_R0Y@
za!B{D9qtxgZ_Sse#QR;3T33&LU=ZSd1QYG=FwtwpMHavpim?@FKIRPlAg(K}b~0Pi
zHu1h_o?9r~NXYx3!MmpVF@~{}qHqR&T79c|t%3W_<+f*7H+#76N!|zMAjmo<<B7C|
z-LZs0<ClkPmif{CxRQoVYtwbyBD;QG3YT{~n)J~E8Bj5<r&zYc(S`NW+U6;Gek?k7
z>oi2U;=I&4P6%b+EnPcYzAgtQv?F0<)3bQ6>MT7qiV?(sMD7lM1(-*QkM(+W+^Q9N
zfD|q8-PZeA*pw~LlA6oz&|g8nGOEctOV$@0>0Cwwx4q<f)@h5?`ccm-v#}=7sZ~!5
z%|qp`=_+C?Nr2eD@cIW8HT430Mj=D*xag}^o?(s0BO%4K-Qv295Nx`5$L-*;PB^Sc
zOD7*^83~!m`g`HTy9m6KD1UnC__s~S`lZc<G4zxnl9E{VqFA>Vo8vIaiHD~ruj80>
z^dZuS+nhS=nr~uDS33Aatt9q(o3SRvbO*XYs<FCR6tB>pVuN_j@VZ9XFrik;N+#?{
zyvgLi+4b%ye_R?E0B*W>-n(3+Jzx1n-jL8b>Y{~8#Pbmi*;6)s#rpu|ylH>nfXS@R
zgUO@JYWX%@g;rhj+xwwX5oS?-jl0Sw@ESI5K`=upvphI%8)zXBv!BuEz^1E}xFPVU
z8APv|^}UHTFI|OBRVe<VE79?Mm)7>cVYP?%C?GdWE!*Ml@wa$PwaIAn^Z3Mgnb>>6
zZH_56R|R0avzI{(swR^ykp_!>%#uUK!O>Q4gZbcVj$bI=&$N##2_MukF%FG0ADI}g
z&I*OMX7gDcP8=Bzj(Ob8W$@1HCi7KvZH@&*7_=LTHpp6Q)AwkFsfS~X3um;>1snD0
z(7>`%QgMvlnhcpLk+3#xm14+I^E8B2YyFiwoAqZCz?nkI3T^<OWs}Eq?`w?;htx2)
zrrefK0FCljsxw!EC*BkSMRR$N`h>3IBgUcF6CUTZgJ`w8o<WiQZMDl&arRHV^;<!p
zmG7<sj|`w1Gm3i0?U+IJ(t*&EktkwSuZ3%(@3K73lA#T3sd19nGLIpl;jwUr;sy5O
zWZb1E@6&gvWM<;e@DpzqH<U_56qkB-QHf8tDF$ud`{tk$=Jh_>?(+4GdvUNA(c1D&
ziN9{WXt}K4k>jhfo0;fLabN>H*$!Bxf&eZFGHTW#y1x*nh#FA|;>5*TD0dii$7hDU
z7a#e!EKWlF;3W*FC<))bWw;?Ubb)vMO8-RIX}ebdY^WX3(EVVm2tGMKJyRa9@S>ke
ze#<E9&TGy<6ZseeMa{)!o=_lV#}uJlVMhAssZ%W_CuI7VUA<5vozTF%@%nMqx;R@e
z*SW%G0kwVN!4{ugniV+FCeTyrt?@BIaI$!bzCodu&HCrFqOjma*Vd$0s_FynKJk7F
zdGAy>jhH4!US`j2O&_bRe6(TisKgA9ZCup8nAt%O+A-tIOeuXOmS<`2##NsEXBoWx
zX?CDPUo%H_OkS{rtJgZRtKoF65|gcstFp$DU33sHDUc>Uo;b#Zm&KvzP!iL7f!Bl%
zkkQz#*iugH`B6C*&XzOGc#f8uswqsp!|St#&!cWS$!LMwWT~d)vP(w%TeeP)F7V)3
zXI1QyXBQ5id5<FA2jz$aGu%r%YH4nl8!4r@R1NL7uaU7z0htTNJHEo_K5hxn_r0+s
z)5Y4KpE!);79WS~=(SB5j1G?@Ln73oQyluIm)y4w($#k#ytEq?D`%S=BPqS*=W%~f
z71Ri;I|_h*pN*{(tK4J7)R&@6!35w7c(GnD&I;uW->U`6CuctD9nA>u1nEXcw%+#}
zCpzha;f3+NpBlA@l&#BkAH{5KrxhY?*V|zXhun}o?t0IEy4k^0?mfHr1Q)alXg_3n
z*&VvuYK1<x!Sh%w<1BQa%-+!RY*>_i!ub3IHz_=?Y(eL`-I1-7?}UiUw)%FXVryY(
zCA#v;OZw6InwYPIUhW~H*YiBKi51kMkAQ&2aVm`8FhE;dK)Y@HDNk2}UlpyT=HfkF
zz_#zo+n;R>V-#qumw|dtgR9#J@wBEzH6{iIy!>tzMavJhHQJCKNl^+^)#COMeYb*h
zzi`S#`33}f&!Tti=1F|it4P42AryR^D?jl`yYx$*@&9C5)smXnDQlrR!7(D4&iFeT
zps&%PDMDmdX0#x{qb-m)s&f~b76Tg!hq`Cr@iw}e$=oulqUVrna;GDk79;)p2P7{Y
z%2u13K@6+=<wxg1#6m(e;@14K*uj{XaVg%&H11-018JiPXjruMZ#G>u@{jUb*(2kE
ziEZetMg}44?MPU&>H^tse*XAGcc%r<%UJs1OfW@}I4dHXqeMeiixDBnSyEDRI&N^}
zF(@n#w}pASMO&7^Z{cSTK|2hPC58HEvCtEL7=C)5hOLF?D$}*X?AF2>ZrM)9nq2bs
zbb%OlJrMu-n?S7v?V^JsVI58MTP!r2&YY2HWRi-Tqot{W{2Bt%u;)DIt`nTr+}7uX
zTsT~;*0t{(=M5)u2i4eK!tW<-oyTko!%5<7c?sI;JKwjeKA12+g{*M7DV8Wdn^>h*
zu6*Sxs=VsSs@m8$U=sx+{5sMv{z8D&3@@(2(}9Mjc)SVcl^WPYW;^nvT^m`C%zLE=
z^W#bDQ`}IT;PAJts+l|QC)Ewk`mM>i3$@QR`QAlk1K+UvN*i!yq<0o<-_e=o>6AAO
z0ZvmFe-^1AboE!7f`^@ZzGkbPg<~QhYNHxUCK6J`w!zFge(+?cwE<AerB~C@wx37M
z#E2@?O2PHxMhk-?*FHmS1waV_Jhz6n{6%5m3#aT%8MR})uMRonid#s_cGm;9Y@Kc!
zqzu<hkv3z!mf$KC#{$9|<Zql>R2w+=@`~EhKr6o*z~_63C8wRjDC^`aT9cdfmox<G
zi~3x`A6O3-t#^J!^8OqQg(v8wUnvvSD59?h8r6h_AM~6cSw}Rut)D^}aE5(ee>M0P
z&Djp_eDeqUFh1^Qqk|H@yY}w&U#R?d$KuA|+L;c-9Q4Gq0hlUanq9zb;?k{jd{tfY
zqut?ttv>2WUh}X)3Sncky3m)XG>v0ALfs1in0J6@OUy>fj#=#KJp-Bd^206-L1u|M
z;ctw=vIuIZ4Xq?)n3J3eb$FnpV!G%|DbD9>Gwh>Ce59h!@&xByvLz|Qcb!5O^(Z1(
zHp>YH1N;4?<jeO8UTV{)@SX7aXS3^WbFWLVnPPF{ewHrUbi*AGFu%6OdMm!yDdg8Z
zS!0Z8?U{K$p^As(twlKsY?Uuv64eI8*9_(yTa5w4F82z0<>8ySJ|jw3cyO$-=^zIq
zH(V&%I-Lp39PzuBo0{^;9p<H!JS<t80%BZl+B)M6;A->Km8nmLzB$LX^2`+G5y9~e
z5pcOm)nozfN1u%YhE$f0M;76c;t_i|(p}1$RX!+cM?x>)(}DwOy#{x?%YY?bNMbIg
zN7nxK;3FH|lJPa*Gx=&GPs;NYy}q<R<>M}1C;UbcdOj%KTS)$j$pl>(-7cE=`q0o#
z2CFhuy0Cn`b<&8E69Bqd-L6p&ziyMdmkQr$$7oL&Ej?hZeT`<=QYPmPvdV0{=XV9W
zT2FahJ(hCo0qOx?eU8i2EQ)Fhl0?lp5%eH>GMHHkVCN`?%FbYX!(Z4#<(MDBGCXNS
zQzYxO#jk+&E^k4+l(#gXCa&U&xgYk+PM^UZEY*oVjAG}$YFFwfrmHYuV_DBi!lOoD
z7IP2sHN+XWPr93-`h@PtySf=15!E_*LqSjkFg-5ApsYJk<zS%7F+iR_T(mZwL_rfz
zFbaqdY-6$V7G{0)IStK6T286SG*mYhYElw?V=4U<*8>L6@;ofxTa**&a%NBWU8%QP
zZbp_k4@Eo!9wV#>{V#H>ldA&4LxgNSZ?dh?J&zI9vo1U$;V(OT!VE^u);Quu6EHzL
zwLYgK^9w0yx172tU=^ikC|fnFQ-xg{-R(~<1URr}?ROeH`R+ekTsN}c1a@MwQ(YzK
zeeyl7WU&aO62Y+@ZXd?f=}KU;<dmsuPmbc(xvISCPzr5zKAh&5#YH02LQAOI=rfq!
zo5W6wfxccU9z;}3F7<c6n_1cWutN7NjI^Ham<w?g5lXe$VFtKc9KK8BI@G|OzBix`
zT*+f@tD#St)fr$F*I2aWU6vlD3J7jnuL5p6?3XWrmX&qt_>3Bo0+54B_Lv=uOoa>s
ztLA`@E6Ei`;~x?;Op3o8I+cZfGNISZp{D(ua0EPBr-UQas{KBy>#b<&7s8MJrVhr!
z^|eU$#BlK?7m<jrI%azc*XG&DlV3yfyXe8+fqGAMi!|SOj>6K=h7gEyV7;z_C*kqK
zCeU0QGjyK%pjtn=kEkZ1pWGx?&T|KCeM_9gspJTRcMEfo9;WhE8a6vFiS7knqRu*^
ztMY~!6gh?Ni`DEbZhdq3bq%jGvAfjHHI2XUB=$Y1v6b5NDBS7v<kfQ`VNc5$zRUey
zi(AbN2{_pi+{oIyW50@y5IU&d(EtX{SvNuaScRsZ?RPQ(N&*b`48wY!-CbL?#9g#{
zv1LyJq62xj#fiX3XESnn-ru^%%F#&t?i-Z1!m^s}{wUs#qHi`QbgFK8Q*=-_9Cq;n
zZ|1mVbo&c?z8oQ<cYMi5iOZ{V*p=#z!T@z7O^lb~s%#0zJDa3tek!Be?jIq{o*A??
z1?U=%AQ`TqGc7O}`G0o*CEmWw=7_g#hzy^iE-i^%&aQWHi34oRh-3I{)ntDhgNSvF
zNLh155a;n;p>k+xZ@d<JWqK5|WY_#Ns4^2czg<Q6h&5!8QeDfHVjs3leff3PS-vqk
z{)ZTe$BDF*jOS;>hONsCx|O)QeNnbO`P?H4&+fUyqS2IY)?NpU5%z>V-iv)hDT-ON
zQuRuHR`zetlk;hP#=t$2?TGUL7aYu>!`M!p_O9X4rLt|0k-UD{Wo~hE-V9hQaF6Ay
zRIV^rZik3Et~Y4jO>V!{M--QMWmi&JxG>Z=1Hk<)80uL&i0bl0EsJYgMa_!rT06UI
z1F20`6YKTQ7%v+h_OdT~5>TwZ<=gLd)?b{p6szB$8iP~Og|4xvE^$yR=}WheX2Km_
zJd-}KFustoSHEIQ6mhi*jFE-idCmGgLy~YqITnBaCqIQ2MmuN2ADs@+^aiCAwF{)k
z#<iu%CF9jbi^%+=6MyHJKWTZ>x6WmlY#_9s;ELekY(U(0acPEQ;-p6uFD)xbW5xxT
zUP?gaG4|4>4?V=oM*o&)XBW%4%BWrLl<uscM3>ChQ|7G2z?R@@Oq<EspF?ssJXD?X
zi)Zm#**lmm`nan=%FdOWv|n)t9+v~?p@Mi%X&xJtC_OiI)O!YvW!OZLCyA#N@(X1y
z*BAS9PaKttH7UFhA7Y;uOv>iwYsV%g=#i%5@o+OQ+^$s5Ppryz^4IX)Jbp;|TiiW1
z0*U<-1idqRi4)GwVc8<vo=T|!TWk;q<Zm)TU*Pz%i|f}j7&z*7nEfc8d$W19zNtpD
zF}?$Hj*nM$-PEk8877ThV~TEK^&aJ7v+sk3CjTVne2s^Kn;xCVGK}AK76H+UUC9+-
z-=Psb>jo<A^RZ18LJj7}=Wg^w0zDZE3AM{W)UbVHEt%;B#T};w0*9HmzX>_=`NS3q
z3HhfHdRWVm;SR7GQRF?L`E+F>>9@<kI1PPg42DH3S``+>%j3ua4pjnqiuzV3(-KD^
z=E+x;Xe)&mwx>+Xv4?d{V%#@9maosKD4GZnz~O481fNp4_-=m9K$l8(IlJ0<7sfw<
z+DjyymzB26^mLknp$$)5F5c?i24la{e+6BI7>IIeLh}*<#;_CdF)WMd(<b*m97Q}M
z$k&Zq0nVB|x^Y?M**K$5%A=Q<88p}K9uQ}>*w_}$hvAh{I@Ji|xDv|((j@Q~Jeofl
z$H}B#hkMN&Sw6b&9-cDj9lj4$U*Id$-3gS`WtQ?Ue_OYveWdZmpd#Kmt&X$#`NO!q
znl3r9m43v`pn;!N6DkJ2AO7^mj)aL$uI0L_`&EO-ZTcpYxA>Ge8`X6-oTm5tWJ7)Y
zOP8ped9PscP)|IbAg-r7oUhjRG`ya^-VnwYN`s;Y2;3olQe%ATp?y8JWZvYCeeyA&
zQ~CsDMnu+0i1V=d8|b;?Na@R0(CL+0Dd^L(*{iiK=`Fovu9;wq>&DSMkWnoL18391
zY(f#NH1^3N+cK%UrbhVAlvdJ^rLTeH7j@jGi`m)A$rMT3YQ@^-s$qkndsl9n(zD~)
z5yqC1VueHOc~Onk2!bm<Hi9eTfB>7Ogr(D7P;E`^E(ps|PlwZA=hN}~=2C_cgXWFY
zp4U6!3m{3yDJ;txn_lC`f<}?*SRBF^KjSQ9?ayP>2kxj2WF7Mw9#*aAeds}DbE$7#
zn=ZiTZ?KoPEOd6xxh8COxh=prN#UMj^tzEnqSn<WE^LrG(_Ni0@%Uo2cUH?~?PvtL
zy6AcZ*N}GvJWHBji6~DV3AO0-Ketf6#HlW&FVb<MU*K+%pP9X$tTS0w2L;Y6q440+
zCvr-G(#dtKVyx>{CVQ6JnQn*k&{|(|pu~N2x>^kPfKohHgul%v^R?T}HD`alMqNq^
z>~yxoA?I~D%<>}TrD8SkxEP*Gx1>du*5n1^aCF~)A-!oWdY0x!#rr6b$E>TzV<;eR
zy4CEoB^Ah4ZD5hE<&L_vN?brG=<;Fr`cB0BcXn$h_ChBNsHU{!2S435#5|#XRJpFY
zH6|~!3X)4Qhu!#-yb3@t^2n;yUjOWj*``}KtFtkN3fevE<g*B6rt@we_Uvu(i(CJR
zkBOfnkaIP;2--|YtMVt*)o*Wk27hS|xdBem^v_1NIJvJVO0Vbm(O5jZ<4Ieb%xm#-
z6=(o3lfH>7o=b$t7k|pbwY`u|ue6eZQ0wmB!}nj^6a?=g3*rGkt**2azlc_K-xa!j
zXmhrIoSJq^C^8x~&|7M^*l;{7<Z*0Q+H>0(R=eL<qtQ_ks9Rhv@^xE#g3HgJCa*0}
zmtIz~GLVgQ-)7D)A#ytQGD+y7rkEf6>ID(`q*4&Sr8r7tHbt`@A@xZ?vt%#toK`$C
z)-){Jbdr{aaiB1#3~v(mr6g|QRgAx1HkXiWSjT<T8Os~_YeKehIZ4SCq#8)lpW9&d
zumvW_X$%5_P?<bE`%sUSap&9uF@*9@?77xgAX5Q(nazSix_kJ^oQ)fOtDE0v(aw!w
z<+dMsLYNuC&`iV(4ISMXk?gBWZA973kvndC<BlxIROLQu)cst|#+!Ap?d#f85=La8
z^4?O3?*34=t+vGsVQIaqliXJ5#i0#MOhRXCyzapF*o7vqgoCY9sqYQvd%Cj<@}+i3
zH+v|khZNETOzP4;fp4!{=f%c!ikA;H_T^m5XRN+r@bW6uIY^)-yEZm%5q6|22wCZ}
zHl9U)WRbVFd$O3HWu?0mFp>QZetw{h%(rndeb9-GoRK7%MfATLeEL|{{)9AY^hjbP
zAWxV%ofp_IV1e?{Kf55wA9(lRYR-Dv{k?p8yOm8yKBnXRXQ%~1UBx~NB)`pbwACV!
zFjcZEObq5T#D|<*Dk9aRR&!RtC5vYJcekXIc%_rndiO14&{iN=y@kf$(feCWh(4o>
ziDJh$FBSUxcB2Ami~Iq+DcNrfQwk0Vo?+MypGvia%Tf?@CQgR+4xNN=71lc&qI_5(
zcHEny$`$z1zZ%;pN-z(JE`HDGJgC#`Zxn`NH4LJPa0zw)gj*nbO$H(_OfU#C|D)qs
zVLmgKnNQ@WFt0+?-b+k|7<08*ouUtpU8W>KH)VBW1ugn-V>>|-@UrDIFb6dQHWl>!
zjg?zw+SEb_oK9o8(4Xx_Ev$a?`f~E|_(}hsSG)JSESN$(hGM>rskN~zk@_M!4QCD5
zXS5_X3P{q7Gpt=?_uqg`HIl6Llq%YOEz?gO<(ToF!q(oiPuY#3A1m`)-JbsBF6&_`
zfOJBC24)lAaVJAbG6ut8p%ibb?tK(dYn_+mXvzk^$_fF<yi5S$6O8#f-um_8>Jiy=
ztN2ty{&OK~Rn-|{6*29g^h>PgNv^G~RY^NM?#&mZ={&M`>{EfV#QxoAzL4a}mq5=B
zEM2YopzmlULJX|1p#Io9bClv%&e!-K1mxl%i7q6+5foI0>9NRQEK69tp-k|2|K-l(
z!F=X_oy_(-f#zR$t?p$HAsRgM5<Y@lB$$vOUZPLWhyRe~8-z6PNp)WWo-Z*^8FU0h
zUlb%q-tzvrYMIk_3zv2_9xTyB8xS!MxnQY$zbA-3>;)-PQgLf?FFprn$3ik1sZLt&
z<0$ggKR6#>C1^Lf^gGa3!Z*9~(_Jq)#v|i#D?QCO$=+S=)1-3OR7x@Mlj@=p@Y0nw
zpG6!B*!At>$-jW+1N${dPy(UIh9UYrK6bqFGU0QBh=^EUw0!d>rajv;g;nt^+zQ=~
z=6h6$2m-Dw6EMwqk-6|o<^b;PzE*_;nA=f>=x_WA7SZ?j+u5quemAm-r#W5QVN)=*
zjx%X=wgakCA{<upMHjb9kM!y_RWhlcG}Al_(u+LG)Z=zWk^cfxkuE3^)}B-zK?D}~
zs8$u+B(OnFdr<CDPR8On0MLLWO42=UD<`rVX2dY43K8v2>S8h805sWctt6>(F?Iqj
zw)-4MQOj;z9m-5kyl&5Ox1xB|848{FB>fEj65=6Qun)m1f`FODaGo<?t1-vpV(I#P
z>%o?e{#BtfB>hkN2U&n|N7f$8YX1%;6_sXB6TkL0qjr&Q6%G}S9-DUQaVn*_Oqj=2
zH%#Z?#!0%jR{q9hsn*~|UD%(rbBfhxSRpZe(u}uj`BTL@g$=5MpYrs?wW1rHPky9W
zc+}`F%~v?icq@^3^S`GSiYo=scZa@@El{P|bE#b(*OXP@&g)ez#yDTy9N41e{?uc<
z_m4=C5XcXWDb4uY1U?EpJS4}^>qzN(Z;47<X3*j=c(*h;Y@pCzQtP#NR6MTeU=Y1!
zh|V2W!avLE^J(GB@@!nF2H!mmMbe+KI{sd5;O3s6wq9VxO#PQk{*WTrC+mR6=UnlQ
z?z^6THUC&^yo?7Z&}yYznqvYq=;bhb)VMcFucW6@Ln)0FU%4~Vzt48Sx>V(QvHj!z
zq*)6C17kCOD_^HOQ7-K5KWs+{_94<~8uW#h?rSuGmRyq|DGnkncXwJ`j#oua2M(<%
z{GMV+HVf>v64eE<#;dIPaSZ-0+f^VZ^>cSt{>wb(a=KiRkS}hDa$t+tY}e?(c@`oz
zx3Ag_PIH-6IFRV?%i3Z>@b_=a(MJM2Qa39Sd0XUpoG!cU-J7X%{nWiV9dhj43Rl;Q
z`YaEg@r4}x*t{q9t`=z<B$Z3$r-!6a_w!QrU1?XinZs#IY3hFbn7?zhuw;N3fh~Ku
z<n6<lREGYNX$o0`)V^hP9+ZcNf;Jn*j!6+6cVEGYZ;Z(;aM$w@nC)*Tnjcp`aC1wY
zZw=G-Mx>X~pe#RpI(R&DdwuTTKT%wA=KmMkdqnMK7tKks$WNwROuS01vW&Q2#d{QR
zJ)OFcmvMQOCP3#LMpRr}2KvB{{QRVTb!1RImeH}I+>ftLs5mr?dtMTaAtK`^B{~LV
zi)Ge4tX0z=Y4Mt+7h<MHo4*JQ!Bb3qZ2Qw%X3IYj{Lhk*z1ZiuqM|=%g&-9;soR(V
zJ032ve<1RKWf6s_tB+P;B7ef+f-ob93i_!RYpQ<+f|yh9AW`X@GG>f_vW*jxasV6&
zQvZ)^Q+|<c9X%5Nk!>ju*~Uez`}gDtM7BYE@+NQa$^WBv9AQW)%eWl6BzzxkQ!o|P
zJFRq4twnsie+j`+kdbwqR(NbA9rf0k9oX`7bl|MqPU@C_$mKJQ2r?9B;HDWEqYQ1W
zy!r9t2L_SNbFOcLpKtR`%~mD$Yq++aD=vr4vY75M-^?3?^hEA?+Vp1LFm7%d>_5j@
z+6ZAt&ltW~l|8w%rbWpw&8}f!MjN$foNQjlTCy-TY~>ulxwn^SSF5$$Sp3*>t7W*B
zY;LHg>!@(Q)=m5b%rUm)wgLvFx(wNj$0Sx*UK3TLEQjuER^3KzxeT~h8uzv~W@$vf
z9xwOQ3i&2w9mQ%oGO%e*+!unG>omJy+pKt8cO)jwOOV28ucYhl*c7{B*xV>RMe}}Z
zLw={f0qm`*!zxEG^>)U#r98Vz`F_)8?k;jD0UYvH6zSNfB~l{bjd3+`&E`Vc8RJXZ
zt~8D*GWzaaoa|OfO|7(%(f+G}xyl`*hpg+Zs)E9~&#QX4PbnB<X0BJaZ?~oIW>pE#
zzMrpO$V)mnd~4!-08TB36zCSKG}{b+$Kpkf;4(DK)=NKDDo{ZrL<K(F&b+VKT`+du
z7=vg&AJ~+)5Ea!e$64>V6;+Dum210==G35dy!Tt}X|YLmB)wICO*zL&vi>3>8C*YC
zQU4e>t<<V(J$H5OtkJTLX1-kYW3oh52k8uwqptq-ZGJa!5Rw_a@+8dtv_-3KbnWd9
zKEuAilJvqKtXCbRilSwZyE<NA%$`Ddgd9LoyB|*b!Pt5y_U8Q%BjK?P`Q!cN_jvK<
z;)xH+4gUJM>BL@lvgsS6HQvsE2m>G=Us-943Vvg!sK04d#o9?;M4hwzJx_Kl#^<_I
zJ4>Yc1L4%Fx)RN1xu^N_+N%0TDswv>om<e1_jzv;3Ipy>Z9>(%JaYEB-Yaj3%o%c>
z&0_nLeco_^S48e2T6H}w4S}tVKo9L|jt)6j+dwS!F1^;ZQDimO<)-><(aN3*(-r7c
zQQ~S2yZ)$d<2kg}zE+;+i6eLAgSZOQQLnk8`IqAwKCrx`=$A0b)bcj{g>*?Paivju
zQ}C#9Ch_nmvHPmDgGoUAYCRd5s!Me&yrKeasj%S^#mqa0vvo>W@9p0C`}8B8tzwQq
zX-Hb%rE9=>zS@$I@g9MI*EoSHaj7x~sFGH@?kASRjb1YzBYhIbblh1T;)D}Ff>sgW
zt>;CMOD7DiW>xUA*k}`C6W8z#JYPwJ4bni4K&_edg2ynYvsy1acXfQuz_;ZV!(5eo
z?Xlo5w<Ws8-w3$eWcbr-74DBzI=HvN21<=4K>D&0oGObk6|H;Q$n=7PI^cpc__vbu
zo5Ew0O22H~5-an$T#?c$w^e2y(0(vH^(BB#_dL_BZO$~rORTz(o`=`vbJx!BvszGR
zC%iwnF<W5oBIIP`J9B2B<b_H2hcc`vUWnkcix>QjbQpky4dmE-dX*nX*(M^I<Ge*h
zK>^@IaVg3@kBs4%GTCQDc9l|^^bSmBv5wofkztps-U?xsa@y#?719DAYUg8g8^>2@
zkEZh2BHFq`*~`mGsc~G{US{*wJ09Tki7eXfjOtAWm6=2m@G&4bYHE0+#7?=KPnsLw
z5|z<R1j=f~)TMuS93T@{ui@J%itx65Ru6epy>%PIaCN`zLmumucazt+&o}N6%}mB#
zN89<<p3yzHS-YaHK}3QMkM$5st8SmCbL(Kdd8MUw5CjWosDU{sh<HB`|3i&F$?Qkf
zdu4L8jmA1RpLXH)25_<pZiyKZK{M9QXl^b3JTLP{Nr#;puT_@u)jzf^Cpm<VLX$Vs
zn(yh6?Jz}WDEy&yQtfaYMLCXoEqKSAdC_M`&Fm6LrjFL`vt#zfMCuqPU@MG5GVbm&
z3mPYOH3I`oY#p7QKF853OF>Rqn7xf3E+CjHRE^_rCW;$v(avjh9b-d0*ssI$3wR$|
zJ}32l(2`V`XqO?4-Ls}!>fUBAvH|(3NM74cwYOCT#Kj-6xJKSv#IQyReVnW3HM3HJ
zv%1#q;sZq;Y>?&lJCWTpA|f(GClY*|LoBoH@er_dreq3)jfR{q8aG!h0Lb-(yJ|4#
zwb1RRt>hKCX<aMK3rCCv-ta+mzvTXOJ|#Z8b)0Zegv5R0@$Y8B-U!0l@Daxsjb$fE
zvI{pY1I1wwro27yp890?Mj|Q(2s4O;ssHp~Svc#wm9(*M_@3CDgs6xyn57}qbSQ~7
z0q|-pz<8n3-85e#v*42jKz_Pp!6;TH9{zZ2`am5?sgcs&ev0@&g==5{2tMcwj(=@#
zAj*$(A*yTFsY_H0yYbD7$wyFNxitQA_v$AyK9{B*=&Co9n_K$Bk!B-%tyFQ+lvC|}
z%OiYsDK#<^|F;m61WE0BC0D+;$l#E$;26XL_;%;Rsc<sMgM(ygNb>vEPmG??mK)9W
zb%!@S;f)3T=FdlS)VpNt1UGA>h=#qp861mMd&K)eDa(As>`hJ@SYDNr4kNGrAR%5*
z#3^Etd=Vw({Tf-OVI|odvboUBYk?&_sl0x6NB%qQ8moKpAlLnn<tTD0G1)h7;^T&s
zcNxT-5HlKUbyJfxAHupw><XU&i~>(h+BOzTLId&ihKV6oPCy|7ecTo2K@?47<{txg
zyHQQIIcn#<^C)g#W7i^WyEN_|8QoIqTqgqWdiZTR+@oTq*$9b=ZTB#GIGG!inH3T2
zhf4I@VaD@5^YJ0wtp4h}i=qaKz=rvKF*ynhPac*$FbuP=Y57&3X3QrqtH#0u!Xe?M
zA~0}fpgVuP{|jbgdUsw{Lgu?BTfv?ouboK#me@>wzi~#x0Sc+OhdZ!q^V20$n1^){
zk+^{Uc?<!!hYB8hUSZ?;ShfwP43S@Vn8xyJJ#C&sh|0Y)4oH&-Y)~myl9YFu&u}B(
zg^1;cNI|8J_thoiAL6&#P9+}IdcMtRq_0Vd5fk$JfnK9IRyaorcYGDaKKO15zl+Zr
zm-h31+HNpL&_F4C&Hw|Wfz{xa<an_2^`M3E5l$Sk$h$Z+Is<pq>9>nxhSWt2pq5s@
z8VSf@4y!F&{=M7=NrRBJZDLzIa`vEhW~y@vimV9ldEH7rkgE8?X~ak)uS+CGk=wjO
zYN?44k7EsTnpZ|7D!<LTdz@K9JBlTi&W+`i5i8&*kX9?Fs>bg6NZ=<G$T)@5#Ge(C
z41j7XN6v1|cP2Uow&V;pfmk?3Tl>|hw_hqIbgXTaVLV0R=<er&2W(#$=QJ21U+GLn
zPziYzMk&NV3|*7xDq&nD3I{r8%#Ch9%R%RAc5vY*QeM#U*W<4u353tbYL)KzdzU0{
z(1S@w`Ad4uz4dN`yh31XMs{Jk>(_o8hiSCXsukP27@p+CZO14s#RJkCA-gB?0$qV`
z%yW<<KZVIp%+)e^zE~ksmeX1tKO3v{eLdnd>fxp~KhTBy0(a#I4b}|TBiBgIgCT)<
z*Lu6N47`=YqK1INK}lm=p&RBLB+%)q0bA!4aXfO_`|4vHC@4;wm;VLu?)8EG{pEfE
z6;H9+v?UiGE>d*j@9L+1(~IyTFbB@Ei!f4k+BGd?PsvRtOPB3-)!%EhRx7Q_vpFH1
z%B1!<qqo<La9v2Lx$B(X+V=EHD5Zd7dX8*p^CL0feEW}O;35SPI9MJ2#@u$0lc3|o
zuarX8Md_t&kp%`pcNAZ&Wl;%E^IFz6a?p^lHZmOro;BeG>`uR9A!VU~<c38a^{;Z{
zB>7GcCd*UP5-!0Vl$^t>7AmD=Gqn~uMavs;bKPPjVYGqyz<d{ISc3E3!<o?*fIjTl
zQb7-%uFJC91<D=kednlAG@f3~fedgcv!NS4pTVhfjTCkVaOGFsg09Z#G`cSOKCm&b
z3wvp`1gFiS_myDyzAD(Cp{uuO2Q-Cj?T!kRQDpqa#N$NHQ%F9|<)^qJ-neI$&>tRR
zA|?;j6FwFm#^7amRmtT^kjX=cIq-YJUQ#wH<HbMZJB0BkJb1^Dqg?Ug@ERTZV;p7M
zME#G$i}-FG?BO~&h!|E&n;05gBDvT!c4WTzdw9mv9vO+j)C%>n;<aAZ&cUZe10SZ{
zuL7>;RmL#!rGvik|4%z#6;xN$bO{6k1PugtcMXK#1b26Lf(Lh(;4Z=4?cy%Mf=h4+
z8XSUqkU1CfRsAzH5C79t&D2omg?nV5vv+sz?$zC^bU2yOOoRKTrA;~-2>2YJD|MCW
zc<9Nbl3pG3N(;#~#jq%g5@iUyK1L**y`AUG>ss^^WO@l-o~YK2q418L;4}nZen5lc
zfqFOJW%)koU;GFGC$Il1J62uz`Mh5j8BkH(_Q5FhCBA|31?sIKa6?4^=nBw}|9`VM
z@&79mh8hQ@mFvn98Wz?<S)tOb2s0SZ-8g=ZjDUcC{$mG+`O}NQM8gTYzvJ?Kl}x9l
zDf(y&ddHxt-rb{^MaQV!Mjc<|O$=<1JW>|3b#||SGOSqsS(}NyWWbH0>^yJ5=X92C
zx%BKdb5kvsmo1cbouX~;%@^kMx{Hu@^NG3#BBL_PF<GvaWzpHnRdQHlLTAi~IbaI{
z4s9?fXf59v72&=G6KQx!bg(r(x|D#CA_eYUf6Y512ZoPMPvIHm-MpKR^K`aOVvR8U
zc)d6B@p+xKXRDs3&U=4_oQ_}lm@GthN(#F+DVMA3YBpL>_5|~hg?H%Cq8E)glEK7w
zw6_k<+_=6e*Q&z~0S}E26ioRMu<qK)tSyj`84u6;(6gEPTr|H^!mOxh$}Pi4DxzZ4
z4%M``uTe>8b36a+$Iio~(?YM~QJB<sa=vw)3AC7}^{r~fr2`K5ND8OIVtu<zNBUEw
ziiW({M+aUbhfR?Bb&{~_3u+ca1ID5ODuEbJxAP$YSgPp7s3T?sF|X_5-L}1>RhN$<
z<Y$b;n@zqcJGFNyI#O&?f9qy)gG!@P8c6t?$Ni!S9MCTKti^PE*eLj}*kDD&AYG)K
ze7KfFrjjZK^gBy{Bg*}m3Yv4i43f_K21UvaZXrx>PA!cQpMh_7$C8eY32hhmQ$N>Q
zTF@|XXw)io6M;CF>b=?cjLF?ak2zG?JDo0(uy=8r`Nm*JAMC<*9PN(-(d*`Db-c;+
zK+c)?^%(2^=;_b=NvE@mu8uf<A6){kow29QP&3_xgM`E<&&7ZNaL`{xh%(p|dOV0b
z)6RR}XQskyalo3Z<#oTgcUD%4@|@m_@il__#6MV)gT~a9<)gFy&A$b$s2Akf%&J&q
z>ICjKPAMqYQg@4={$~EaK`o1Bwy)ACSZNh?iQX$jZjDXnUT(xtQLwN`n2y{D1F;b-
z3c;j*)5YH`r}WPl{4SZ=cdnaHnemj7Rq;&Q3<+<m+6!7tP{3W;F|q_pdk36G4&t?i
zNSEJs2j=>RLgR}zSCFj}XLN-1Tz1B}*fYcI1@hOAjvX5hmwW_*J1$b`fs!2kpEG33
zgb6-R%M_wGYUSE_!}sG?8E5+;I|T*-?q|)kMpZvDlQLSb1}47Ci9dRlKvke`5xp2<
zL}>pN|ItJ`S+%?Spl}>o+XG0F{lC2qP;?l`8|eVDyKr~yJcyI5q-DqL@<0`dJB{U7
z)cupKTqe-gXO2LzTwMWwKU66oYmezibXEe;r(F7A^#t_VOEo;S3z>S|q;%9-Tyovo
ztWyDy4c>AA!uWFQ^$@fPOZS%i#{GS^pJJJ*3a35W%-JlK_PyU0Ud9JY+~v*SC6IaT
zFJRkMY}Yj5^f+q6rCXr}AooVAmAl4*5vPOcgj%!l!M^b1=^lYs3&k7LO5PQkA7)TU
zMK$kV5(XejAYN+~2^9eXgHoGScPPuT6e(%(x)8eVMAhZ)FQ8eQwwxfo{;WSkiwMzh
zbHmobh`8C%rD2%ALPFr0b6ZT7?cB~cXP1X|Ek5A4l*?ssku?+0|K_wit3$>mAg~s;
zyN#rfpq>N54X1ekT^{UuY<FDNmoXA`%HPjy*s<S^z^K0w`@u2yq<0x(w|k=Cp#W|K
z1GmG7c0FdWhn$paw(Fvyp%*M?G!E_PF-|X+i(WFblo$hWEYHlzdmmc>8qV@=Jfylk
z42J>WrJE^~B1tQ&@-|+B)N%ks>+j$c94aaJc=S;{0`v{(Eyu<?>KM83a=W8Zj{WPQ
z5E8CXrVdSV(DsjLFA?NYijPc)9y(gv2-Dv{WM3sT08^@&o<+zrqQHFjl3kbwgC*gi
zeAq-@`=@+o>mw3p!)J*#0MJ0A*c78%h+fvu$-S~Vg^U|({d5=uD6S*`;T^CSplZ|q
zDN(JjK~zQ$IHRU}mqbE&UuU(V9_>I$!@_}YN@euGP?-~cH{RKRn|yJd<zpS+;$$%(
z1T^Z#r#SD2ii4=Jyjn+S(_5)fU3kR1NGs$!%Ez$KE0T&~17&<{-l|uL6QOs=Hy)v^
zR<&dp(GL=FI|~vSJuvpV73|mar>du4A1#Qu;N^MT962`*OOdUBq)}_hyPiWeVn_tP
zY%KL@M}Q^3X^tuB;Ma6Z!LMH}iR4A(!xHS~p8@!MK!x37F4kkadHt-vjH%?Z=D`V7
z-Ep<7zVM6dr@lXpzo>^hZlyQSH%tH=t-xw8?hg0y{$$ElGv;giNx812B^{_okC36N
z^Dfu%_|EqzOeBRk*nvOGR-(t#w_4c)*~CBK<o7GHw$B>`?C3WDPGQ*z?%oYm#y0EQ
znckbSKbxi*RwRfxcx*Jw!c>;-=&s3ATg9fTio&MNIBJ&q;WrZri=@8xTzn(|6$KCO
zdNeTmUKE);YVK}7i&Z|ZO#RhTVoI>I>RZ$O-k?d(ThrG@gW)W(gUj^Q`LBn)q6p;b
z&mvsyEY8p=1vyh40|(^|)(!lRRK<`@Xw`{3Rj%vvKpiJc${^pPJ6^Bt^5spC_jRsj
zRKUVS@cX9qoZdrQ?VV>h#F)dc3~Qz>ftd_Q=B>xxWi)KBo{V7A=0zi?ediAN8k^s9
z9D}a@mE6@2yxWNrXT#mJcD;V!n)kh{2Z3II>`y{KZx)-(U>F!u2fDh@ff6SE`q#sP
z&su`Y2B6-brV`5Go>6gMegNgZQ?dln|DU*7P*DFg_s;SUXwMA*(X}yqmTO4UZ-28I
z5J3wNyuqN&KCe$s=XUBXd_Ae4aFuJxZ)KAuWF50sBD50qAxcbhU{0rDfN1G{!NGL9
zzq<X)#j_V5Ghb<QQEafkO>2QN#jzE(NHjZZ;F1Brf+SeenH4?LnD!lxO{XZXhi}`N
z=xqk(L$?ot!cBq}vzKQL&M%8#uM*LzWQU3;(XE)YGV)|&W8Y$SzN>ebERaf`)~&*O
zb_njh?0nk|U@yFcX_cwV;)QhaK0Hzojb;>$FPD&A#aMfJIfM@wT$5N8xLjJa$^QO_
zZfos3ULA7c@b7uq)%}ic)&&D)kENc;jCx51WED%}=}beBUUoYGj>Orr)#Qt|P6f+T
zdVL#2<t&hT_h<!n3@8vA7<<PgO*zbmq!;Qvq8Gw{fY*wc#Nc~w1_=~EH}b<K-sQkv
zZ$FYB0dX0?RFclNh6eWeXNMy+vId&ZcP>{-Pu_E@JE0oNmFI?IF%4qrF~l*=m^Ck+
zUzRSeJ#6D??R|xDSX?1=@hXnToKvxQb!9%qKkYvS_!R!UM(f%$)!xgR;6&ZDZrxX>
zdyKMK@#<WWi{RrBy&7Sbz4=GkQPVqEqJsyI>J+akv6i(OCAA`FB)2v_rsa-x*D%&*
z%u(Du&+B7;>f`ZyachgGDqug;+A(=!%IOJ&u60{nKHm*f{w{bj<iCQwm^CLur8f>a
zNUHETU^UEIchmDJyM}Ba?|wEs;$*0-P~ms8#kwlX^9Wk(V5*d9q>iS<tSZ@w8TA5t
zn1#k;Ur#>UoEDZRGNYBua*mJ3U*-r@7X-BJUhzBKMI?6C#?x8k-6Rg71+(+`th<~I
z6*oSoL5fR_hB0N*MJ{(WFD+Cqyc>&O30rKmzIVJ|WG_27(pGa4*3fT`PGgq&@pM*Z
zyLlgkph#)$a0h^&7L)*hOsmysJ%_j0)6G!cl9$05Vu@0(!TZy{&+@>gwV=MY>}!<W
zkmAbKHL{y+znHzO^}AKT`(Dactdf-(OnI-G^l($QlI;z!7@Z9k>6wS$C8br)t<xpQ
z)vsZBw@N3UdSF~#WB90lC?AiZ<^@cEV5)$)<J-I-m*W+>EfqDx#;?c8092!e`;Y_6
zB`GMFo6hB=Y2V+cd2b0s<|r$x-&rwT?r$Vg_zsM|bF{o)0zC3r>l-Cpj`FIYw;V^O
z@kIxY5yGV^CB+Os6Nk>;{{j%-t@&zn#Wq)#9;wA&-th@EN|Jo{n^Goz4GG2K2aMuU
z0vyPuW0`b$q8-GI)KZunJ|WKIM<|k8k{I>s+N#UN08th>o{Aa`{yzL`PKWL3ov+A5
zld9Xd=U5k<j}ciHnd$sKllC@_GE|h5Vcbr_$yPw_AQ4rh*v8E0_mxO^GL3>(!3Vca
z<H1)(+4@@}-&y;F5Ptf2pP;vRZ=Znt8z0)24=H>e>s2&Mu7q5^0DLj|pB@%j4bBit
z%AhficJ#a(17Y(RGmd8>lDwa4m4T2(k50QdJ3$e}r1f#B3}y+<4;HLc`lP6=n1?3p
zS9gDh*a2T%p+u!NRdk}p&4_p9>W|B+6c9MTAW)w1l(tZzC!XX=T_mrn?&F=kxA1)T
zJ9ct%@=i%fqZefV<-BjSZ8%_7XCgR+@Z&eW;IGp91)?Gad`tTGC$nj`6CB<VmhK14
zg>KuwI0rN6l4VQfs=gLz&J3N!qeadAkd|Mr6U#5#M+1=l<Vy7Yl!S!xgIgdCKJ)Q{
zLPA2enzkQ6sW-d(9R2>Bt+n5A{d6pf0x_P-8#IX`9hiUm@#+nJ;N`@6-W~Q9&gGfB
zH4Zl}-3;UmQN;L$AC#c&!9?&EF`3(q`;*vd&!OVeqx~6LsrBxleEskDipBbn3^%9n
z@NlMfsJB2|vwI##5w>re@D{~_?1@ADNtWKv?K%9Rgd#Eeo;#*jW;5Ntzx}x8MPNL?
znm3c5x>N^qc5tQw4ks|_chP#)sapi?&{u(EOmFGYN}&wyXUl%L5O`*Q#bvH&H0^^T
z$AN!8#REb72b^sS&wXLS--e2caeNVxk%<5|iPG#kOv=OLPQOW2XMDn1U{Fz%m};rI
zZa5jG%eo(g&OjnvVscBVN4@djMoT7o!j_k!#>p3-r`jI#$3Kg|N{QsXl}4^;5YD*R
z3*mQ)qt-$OMS{yz>*E|dI`c4FL`utMW(~^mlNeg&6vjqm3By7|CnfS+x)0HQ_I_04
zUDHQXk)3&sHM0qVV>cMlmL-$5m#hieiqLSVpWoo{gRRJ1=9U`8Re?c4w4AeM&3&m>
zX7h`w)>qI{FTs8a4<Dvs;^C0j%Gph-ciM&O9i8O~z%X+C0`mRSTxP-ZZaLEwb{M77
zRpH>HTcQZ`Tes|~<rc);I@H>4Uy%u^Mc!bkCYkVgX#>HdgS`#W&Tz8axbJ8znJB_%
zVb?%R!4Q(bOW#xskBv?9ddC9a$|91=O4g<#A+2Tr;dcLpWz_Mda{n_XLqy8e-i(S?
zt!-qQAxEqE)Xr|oFH}{d!zmj9tW2?=^Gi{`bFJ5r3Al0(knMuFE8H<6DsBJ7UQvlj
zBR9v)^4dJgtTnP7^o%<e@0Wh{eNF{h!3QS5gb(Fuoi%9LOy~r7%xvamv_96F<R%TK
zqe*}MG`E&gH~4;6Hn1lWFFxd#9SCz>lg*YqZDvI2V?=0@^6x4txs0DWv+y5u;(($I
z)tv4GCszTD%srzxt{Oa_qt+e9<%c%+QFq?pl=2pzXhQDFew-q+5S>O@Bx?#o9yFtg
zG5nTJyiyh^^-6%)sjZ9)*SvcuU@NS0t@>EHx&|`~3_Ax8iU$X%pjcwomRYx2M>3Cf
zOiDqNwU^?;a<tw#St5MHMtR*|4>*r|5?@AVMvSEK0|G9iEAOAK4&VE0cqJ?HLVRgh
zo>2931so~V8fem7hfP8|21_Cwg0!s#qYrz7@kPcxg`-?d>Ur3CJzTOz1g7DpkrbLT
zy|+M0+Wznc{`(C*J!83_)k<9s+90Jn>vWNxXGQX|{`TP;_Cm`LVoE*{8kVl6{B>q;
zwGu;4_V}h;-1CSj!^ymZfH*p}^vrMP$79PiZo{jpMD%3e=Z{;bOiOS8!qnY8@0P!~
z{^rib=v;m*@z}L?c%>%quj_2f`nBjvLe;4*A~XV-fQ0iH(XiB5N%ev|?Zeju^~Z<t
z&KkAQkNcrGb*(dj85@1!`!;gZx8<pICQZ7$TvEIg()zCQ8s5d+e0CPIe}F7q#_Zc!
zmNVCEB@f=&R_})_&FQy9P(e2XSmnc|p}JTzi%O1t97-dT0lrsVLOrjp>yzs(IZ8f&
z2+8_zO?lu9y3uZolHLp70_2A7Rt?S-xGm+$Oggd7E-R%}Eft!zvg4{9Vhl+8<&>`0
z%AMhV_6>?JFGurLBQ5T}=YQMhbyb)7;_u<I54)d2C4Eh+PuYTLGgJ5tB5389lgKAC
zNBcE5n6<!|z%L*AQa50Fk~uMStBXr0ZOa2k$mC)Y-uPr}%^)K>qc)~i|2qVSm-MdP
zCNl|aeDYE2wGB?OE)T@l%QE$CgG@w|DBGhq?0@CFe4^ap1yLw|MnaQDRT`A*u+#H9
zsN)wQs})9T0DM~?N5?<p?^fD`$XT>aW621tjT)uZ^4)8@3>y;c%T#Dt48N_lon#M#
zg&3h0onzAd;>Xq1%~R46jr5g+ct&y9ZtYEJsKB<(Qn<y&6eT;|98m561^?0Udv5r`
zA#t|4i>AC&xKLX}CKM0(8p$hU6d^bJompOh?~A$BEbFkSWns!p2gSXmlTeN5aR~eS
zJQrnFz0Hiad+Ar`Y1{Tx@nEhVgY6HL9y!B=yckBxjh8@7O@Cl~x`Es#428+oAIG9m
zk*PTq{uTS<Jtg0_hmx5?vzNkiae=pBfSmNf#^#eDP(5S;Px%}X6)V?^qu6jtB9wF(
zZk%a(KAaNEGU)luB&66#I(RYDyiTG^I(OYr)WiFh+cy#K+F(F}>WV}{uVfUL$cY#T
zw_FoN_-@32fWWLFO4Oa2j56%g+NeqI;+9!L4BykwGGwAJ5p4KgX{~=FnWKinDMYXv
z`_po)2!=w`bo~<>JK>k=+yHjrH5?#ZN@USzp=W@d4K4PmH8t}JrUNRHZom~uBZG^)
zg<Xq%f^t5j6FLl`etn&i?MUIzMhg)rLk$R=aamIbsrGHdzl1`oU^<w3U9}C4d3Dqm
z2o(*^3XHki@F!(H2V7lpK#9>qoq;<23)Is^31IGrS4MmP3da(F5+XUg;6Bn9%>DnG
zn+5W-lIWzu61iO%2XXM|6ciNDFq0@W0*!NNXh`AV;qCX%OgMcW1;ttQ3&5Y+l?0St
zS{WPXgRAb)(9yR>7HYwyfHd+jTv@1aN^*3QlL}zqG7OW39x(5-<z8_g(ZNKneh|;~
zU#M#8YE7p=eTSUg<!Lkq3f<b9jy1%U=P(>~AKG76f06-lI8i5g;amyU?Bun}b2|r|
z2^en0c4+@{YDnE^*Dy!W_C4cyK?PI5=|4&~gONnWzi_@BO;g~qEdgqDICsB3D+Afj
zLn~PyT^*8~uUO4&08j5x44iC#im4TTiF<PdfS~zJ#R%66S*|fRP&(E?W)}S4J$s-^
z_q(reJ6bEYhF)IXI6^qFL$*8D;f^O7gzx6Kh(?HJJ9)v$Px)Nf_8M|U1PM*H<J{3*
ztlLo9mQqq8DgQkz`D4~Gh4-~26-({5qHAS$-1!}({pr`qI9JD3x%Z*;nlknchjcsJ
zybLsIV=o-C!0Y7*1NHN!mQ)!lOllvzbA-PBz(^>riKJ-IU<##I(PMo0urR8O9r1z}
zC<7^@Wh--ahtRK$nu0%$?`7=STm=kEmnmZ@ETlGaMw2WbJ@gMJ&CIBBraA0yY$r8X
z!IBQg3@8i}?%`0s8=B7E>(CN6v(m0$G4ZIyKNKxzNG(#Fw{eT@JL6T39QIc6M`#M5
zbZvDW#T{%yH39p250%RDCuQQ<FP!@;WU&+n1AWJ<F~0~_<LJ`1C8TH4D0t-TBsyFr
z85w-k;$$C-dNd#G;+VQcHkrt(BU|_H?FgS%Et=chDRu2A);Z6mtit)wH1fm575&LG
zcms+5VK=&HYvfe65R_DsKSP(%6tc@@Da6`kC9ReQOej*ZlG;cmel#4|Y*NoeA|7A~
zVr4c4BIBv#1nJi(Iwq#kQ-oBy$CDF0sf`xBNd^_G4=NM|XfK=u;aU>pwUJKG?;0h6
zwqKdul4?5^93(Oyt8VZK7F;(At9@pi+)68<GeC10c0kJ+a&((P<a}Bl)-)b9KmV7g
za{w0_{!SvKqtWdqRn)U0QrZ#?U9Hzfd(<j`wvN`;WYIxTb-dJ~Snr}VVWE_&!)*-;
zuXJrEKh!D`ZmbLZu{||QAw0ulzCRQ^PQJdDWkEW{zc_?6u0qYLHx*m!`S$Q^F?#c?
zrP;!8_EU2yrD*}VuF7qqnp<+*$uE)3{RRrIRb!KO-Q~wT8WX~QBAx_v)4i8sWY87%
zv)63Wj|@Xw+^iLorYRK9-Tw(ZTUc156?LK5UWVNJ821y_X;4Ace&qtSiA-?cc49&q
zmLnFZeT!pIZM>+!G9s@qvt>jLMhM7<AES++B9F&vC8H02VaCH@Jl$QrO9Qtt0SC}t
zgISJ6KUsia5b<=4WsT7-h%~M=Lfa>9LPM$dvGM_JI*w31g41G^L89nNa%ij8g2ypY
zIA<8MyDW;=2_%}ag#bCWd}Ok`<#}3EZGSc8?O$!sWSq#KK7&SX6Ofm3f&w<?u2R4_
zY0#%o!2=uYPM_PQ#UjfL1r>AmyMwyA`;KokB1=}NL&X{-&YFABbRLkc8TyNyS}F1G
zq{0o97erf@FzwKst75+GH~y9<Ftd@VsP*iz-<&ZK=V_9N8z)LEK9jlZrQ9qM(S>)k
z3V_}Exn;g@@JYs1F+K-ehXEXI;9}Ewl77kGHtv+{Y^F=JknL@Euh_TmS}B5tEuh}E
zgr4TUmR9aA*B(LZS1)rOl(_p?DlH^2Un}Zipv`vM4bK~u=IEY9Q4s;_oHUycW1q-G
z2xXYYm&-3f<y;b~%&j7wn7Q8o<kH*fNar%hF2X4)?>Y4h@%Zu?xyP7{7It6w#`UF$
z=^6Flxm^_Tn9`;$gv*)Kvr6QVZGW1R%&19gKVEFstQ9+!pw&DHI5Y9WD^;;XBqrQQ
zX~>hANpOv+MIV%2iAywDaX?Cg>>WpKps_ONf?LA{PXW4gfS;<#T>;5Oqp(07x%}Ys
z`@_WlC7}&t2^)5;D>+c3qpe`^<F<u1nyGKb!&~|pzl6#Hm{MT8@oHYbm|1UeFojWM
zH|a~sEi@lsgx4BLET4l-^0lvk8hOuC)4$a73ap`LcfJ0vH-oDg=z_Yf3eEo-a6_xa
zb}g;HsmLy+p?jW(D0t}hE}+~_+|hA=7~peR!_Y&6u>Df>3?a&c^BNw&CO3$Ig*9ZI
z{>KUSe?Iki4-*;@k?^b8A;_NFOl$c&&VSi?#M=h<HcO@yK?2^PQDJciSWJ?hp8mLG
zBPWJG<R1xKRa_#PbG5LO=z1~Qp3CBir{RIpZ%Rtap-H13^%!YPwz{E;g2Qfd9e?+J
zYrq&)?qU`;-9^zU0e%GFfsl}ZMA37W;&hT<BZ0kJK){VD{IZDxMkQUP|HH<H4*<Db
zq(Wd?Oz?5y54a)-t`RR}Yyh$iSbl=ooENG#KtVnMQw_r-`mfj-QVf{esDX*B=WPOz
zUSa{iODMwsP{;d{0p?%Kc=v^?O#n(4HM`3lGFsuq>k;n)Xw=HdSTFu{g+MX^W3~JK
zD1KR0^0g4)Ro>$K%Z9}GVgY06b{Q%EdsCoC6Y3xY@gH-)cozbAt65|DPe;l}a7T)8
z@Z*0T1_O+Rb%On$8u0)B*)OXtkdI}D^D-%23{W&SL2vE_4E*$9h-QJ=75XL}242~6
zcxnT7^Rm4OE_L6mg5lEA96pI__>)pM70);2YB$&^;EN95iet_0;<|`CHus~&RwanL
z#;n-Kqf_jSK!&c?if%MAC<sv3-KacgN_KLF`iHmK9(Ig@Rx!kg_c!?>GUsY~;J$+R
z-*3T^3e5xQWTf=;b&HYSuHsGt*lZy6$mD2a94(@?wfRI8$B4%5EwA?brp(>41Ch(O
znJs+|-kY6TS!S>lTEi_l$lBLXbUznJo&*b&b_C})LE#ZnpXlc>t2;&iW}C(bI0!Y<
zF9AUw5QNfHB`@s%Lt@sPnj>iZop`2zl|>IF(ddm;aUI(MK#Lf23H`HtZns9JhL4GV
z91>A*Ijo@T?lwB14=@98@1V?+G$m_<H`UNn1%H{p4ihOwkfBS0!rOR)Q}+Vqc@=F!
z5v{y7i1$+gc3@$7p-^sDVeQ)UXS#|IPs8*Pw#l0c`qf{DX9MhgfR?5TP)mg|)J>Rv
z@~eN~JxTwkUY>xrdGIPk+W+7GRzOr?9s1uoeIFqp?D{Q%2|q1Ixp9V;`pNeAm(dpO
z{zpC!+nj=ehM=?0Qgo_e>d+)CDsHLR%#?7r0dc-OiqNEQgF2Dci1;S3rP<KPHA8#F
z*d{}KStj|F<%vn5V4!KLXeTa6tj%pb^u}zjMiw~FGaXEcT&_J5THklxwr|&Roc~!^
zwqg2c-E8pHfEf;PkN*!d_LoT*I9~`jHj*!sdt%jE{MAVeI`e#`d#iE_EtdW|wR;*@
zhnBY0OggSS+@6mg|Ni;Cl$P+xDj9AKxj{-l786<k0y-77={DB|WUJ>+s^z+i{r8s4
z7Nq4}AM|jzKDSUUwOz|y#Zw|-(R&pFais47jcWqjBS4(gRV{^VqLyAC_lKK#bnJ0)
zbz!VM-elMMx_zYoMykK*bruA)^GOz&BODYlvmvz2M_YC>r1q56`qB+a?3G{qTluF!
z=W4Z<e05=~mr=DPz^hJlt{Trh?BX=|*o(HQ{k;sA(+|Iq8mhbcYUX@aZzfWi##a+;
z&ErxK!u^rG=g9kn{c6TT&wlp1AU<T9F#ZpCU1A6*;)(ZAMU}er77uqUkI_kDy2)A1
z{$8i|?1#2Yho;HP%^GmK3sj6IX_dN6teyvPPF8<2C7c;M$vRGp#;dU!{$O3vjcb1A
z8;5zQ(vDzida%1{=eIG*;&s8uyY{hTCxh^_?njvfj}(&u(S9sR^f@&%^r`fF*)73t
zN5GWTZ<I_^6uu{ZJD0nmDEJ10KWLMBWiy7uSVY}?Cu0<cepJpN+m)vpkS&iHMjk7Q
z?ZW7odSk-QHv>m3kJI41+GERUG(ml_KR7?UKS4mh&g?q3Jv7orS)eIHi9Wg<5cvus
z81krpchfuDPKwfA<k7?XWC(jJ)zj#;4}AsDu`u7EV(47Jo1mQ`$m!`mUgK9i?S{AZ
zad}Tu`CjWE)C!S<WyUe6YuU#wa&pzK{r6dXuT;x^#vv<X$nW0_r}kBvo;zAf5yGnN
zvb;xM?5OVV(qI>kGk=jhdi*_uv6||?JS?qM3u~PR>i=qtR-LK;&i{E*7GfC_fN%lf
z5R*O&<tDiRk?h@r68C(m$@zkj-b$Cv!;Pl%;NNJ2)td{hs{sbQd8SJKKI+CjfNcli
z7WUh2)k%7TDa+q6lVd~6DDAGt(;>oBzmnEUcMk6OPUtqL9ms}^)xDp?-52Xc+&3PT
z@2=wyR(fWuw0p<6Z{eJeBacn8Jc)EkKM+&let}JcLp*vG2n49PGr1exr}f|SJ2yUR
zCn%(oB3X}K`}`gYTdS*9btgiMpdUo_zB+f`F*c5pS9-kSI)y#AbkY_!V9w_k^H7Yg
zwLNM=^0+su?zcr)9=GzA=39&~Ya(~bjjxv-Q$f~CUh<x?K?=~p<WLnNQfg;KpE}v%
zKm2i3!zz7$Br*=Vq&>Vhc+53XMZpG^R6yV6?KcdumBT|et*eyQ+6M1=5+kcqgL7<n
zy%CY)<~XM1g3>vj$De0!9z`&!j?(2vx4vyS%SnfK`e@<eAv!<Yym=%%X>uj{#`0Kb
zzkSf9)tXQjb$?;nV6S3Ur>_~<YVZM3QuQyY3&@!f<PQPo+tr1doos(C*B?s9E_2+x
z$k_7AIkb#vED5238L|x)&lDO36#^1`h*QR>=ug>Z$Nv=p?t4C_Nhd5LhiF0d&Jo1_
zuEG|CLY*h^RIH|W{=x4N-M8!NiBkX;nD8D^{r-ob`<@1s9q%sRPx=|11nS^t`>{ct
z@phExR29M?=QJ7<ry#Cl259+ry?*;05^RVR;p*l$rBI5X5esb7zEcm=^$;A&KbjgT
z0nhXzChp7cqx`TsUg+F5|CR7{9{HaPY{!n?Pc=9ZkM1)tfN2uJbpoCeoCPuW)~@)>
z7G?2o(Q!@5AFW`Y@kM0w@j92gyTT6$qXvP68lAMUO)4EJbQdb2zW`jtQ)L70p~Ikz
znE4+1rkO*?jOb~oHzmcqLH|K);lADs<R(_WzR#Vnm-&N#g021>!&!e=$ZBH`c7A^T
zBi6j#V>IFkzujj&m2c-*Yh8SgDxq6jO;W1+OT34w=Xmc3yiL3uApF=<x}czdZ$W~K
zX_Ac1SU2Pzt#@v@vAIgwmk|%34M1B=BJi#n3Myxp&6V8XDh#n~VeUJ!o`7){fBJ~=
z_o530JWKZIYyRC&a!k=<tZ4XXM2uXXqEC4J;Zk&~n14JXo;IJ*r@B8x;6?pXa`vOh
z@42OWC-Ke(tOmrr!GWep^`<u|)X+&F#GSo)Om&j#dpXPin(}Fts;WaMt!0SKhM`yQ
zfu))x?HU(g{8%BVUVw_k6yQDZE!x!QuQ@fy38u~_9ff=rcoPAAdH9R#Y$9da+q=@?
zMjLJIoeiaFyUG)&XF&p%JcI(mFOmX=|39Kd4B;o^3#0b$-w=w4SAKtvEPqww1ra@q
zS{L=(-Oj5E0e!JO_&!~*rT|B_3<Om8D)hgbcA+5Qtgy04DgMc3FTB<7<QhDxuJ<tD
zxdo0`Xj}`~o-Yf=>0OexJYeB}K7`+XfwQ8#jk180eYuX9c>sFfJXc8ny>*?gTuK-j
z(#t!Dqwm(fHbI@|JJ!$l@c_BK2)H|ROO*}|bi>Ll>VF36k<O-r!n@w_|5#-Z9Nq5s
zJPaEJ>TDcHY>M#kGzEHgs>5t>1+DzwfD<vkY94LjNC+<7@8PYe49-3~f8d0Md^t-d
ztB?FytgY+ATTi*ek&)?;rzHKqFQ-bN+ZNX+)Achbt2NJD{bry>&5P;&-c4^pr@it)
zWobk}cz$yMJ-8Ut80UGW)>%hSp#y^PLbB+t50<2iEq$i91c#e`yjG^}ai7f7_%cFZ
z!TLx-*_D`B=g$^U7f=oQ8OSTxwr}<gOHxOph-;-$nin~<pkd$$qj_m>hO|$eJ@f-x
zz+!Q=F}AX8#LLpupicx!q?K-Iw#X-SZ27ig>6S{!kp5V4IyQ{Z9i~-?HiyDXtobdh
zRU(;YzUO)#>(tC_VHxPII;^`*s&|<>gS2lrX6Mw%`JN05`~{mN6M5&%HPY!#nA|Aa
z<y^{UZo37>@No3?$y#g|=`(H~s`ZIOWhpaM{WJ~20UL&u{aTR>@1_tvpQRCS_&#n=
z*S6O5u)1(kCt1HOl%r5f3e_cJFc;8g7%bNHN2O><)+|K~qYR5|2;0y^q4lns*KANu
zO|7P%(tj2nVtI<}%*h!HKDzN0`|PHHT0IsKMC+6`gF(m@D?=7R{gTo`)AcszXjT<Y
z>ig1j%&Z1}4ek2I3<Nyh2@~_tYvEbURcH2l=w}u9f_jqCK8xxW72Y?L|HXDm9KAHz
zhI+fD88_jhWhT9#J_E0UPB=(|Cx~XOeSap!Ni^f$I4_)o<ZGYuH(vfYA4r~N5cIQL
z$A}B?)`}DxP@^^c*)BDo<c9P3{B{shv&~3TPM=_K(R80p)XUmCEE0vg>NVY!q;<`(
z6uK7ck2;c`Q@{fQdn;MK?$XH%75(;!N9mH$_5#C+66?0LG$lg@<$5?1uBbGi>2HOq
zm`chVG<HF@e@WhnA1qQxYp$kBnWV01hW0>%)loFacdOXRmUpmO{5P7K3r4kK(K{H;
z-{t)RueR;;yHfp1FfHb$nbK5j%1;;z9XYtQ;+Wqz|Bby>MiFZpRYB^(epc$PPuY8r
zi&0qok;=h2yWi{5FvVJVnW=!K{)0-HH|cAu-<%=qu%T2Vk3f*afcVEZFpE^lpI`e$
z@XpY8)B6mkQ)mmyMNKkL0vJERQs{+Mp_$@P!j)5`-i6F)OSvv>N|ADuzFVifU7_z&
z>r-XO?JYL_C%Nv@0-0MgH5isAg5JS7xcJ(0zpSU^;kBgw85HzO((bxdLMx>O2`tCh
z7#KO(p1%9qi?nRKeKAKx(3_mv3>J^|Y5VT#+890sfvn2-iov7ri)YYaRFRM(OD27>
zhucG{SP^f+_$!*chNvQ1mD`PD<vZ(iBO^k6QNXeuf$5j<zFtUFSR|<bqg@s@hXUVX
z^^{ei0+L^WDF(^U!kLZ{k*RL7@_viLs|ft9f(v4qivb;Frs~Zv?4zRjsW?V27BSNI
zeA<!mGkh=G;DY^tmJClVRTZG5R*{qo7I0RIkA?v%G<nv_44eHG+Xro#hO~%eTI{k;
zDyrq%0<;wPLg1%hGeFG>)iV004h|*LaXbA<Ih>VMz7}JLNy1f25Krr`vqqA@)X<Rd
zS9Xt+Dgk8Q0{{MHB}n1eJ{srsu}=g~`WwKJhiFyOfb0gjb!%=*A>!&Sa^PBRsgiBU
zjhu*T!;btoU+k1DRONY-EE3?qS!R^V7`c;!YGk?<Fu381>ym=)i39L>hO{lhYH}@l
zUxbA?#rIEyjI1F%^_j(9eF@r*u0p!|2P<Mw-CL3TI`e(xh?6*Uq7YWeis?<&ry5_U
zdg~FLDWx}3V6kV8fi@f)`W1Pe8dZbr;Q2}vss}ZTZf!w8|5ZxHa2-zT7f!X_$J^*i
zxQbeZ4&pa|@j<U&^d%C4-+}i>rCF%Un%?NFp<r$`v|e~w1BtZ-Jhilq*!3Hf0+Cb7
zM(n03BbaB=(2qi;9&_MYGT&|Dk>cs@)GTECg($R_YBcecTYce!HT|iqDpEo9jsF|-
zx}CT(*B2v!{SGP&L?fi;;*IrGN@vD&hy$JUp(rHnLq%(7F<V?2H4~MENCDGK1k20p
zMZ?XHnd&YY%%+7oPW6m5#||)mV?koTfu8*dc}Y-U?Jf3Hs;FkqYB2=Ur-q0mwhZa;
zvW1ZY)2=FowkN7!FbDctOt@F*wCI{Dp<m)5Q%6tf(daEUC^CE`TTuBiz*u!ggMj;$
z3e~f|=m)|Dj>*7=;TqVH*y%baMnyPT(afd;cjB{`!^ig-+e+K0hO4Fb5Qf#_4-s<~
ziMhb{4PzG58@*T_eYDT6j{QMD+(Ng@D^>HFlM$05pbmCLk0><f@1rF4tQZEN8`x`Z
zhg);?pEss;DpW3hOSBL<ygi&f)!OA<&<K=Nt37psS;?Yxdfw(vv8qf8Yka7Z;Tpor
zT1gZCX^OnKYH`Dg|9cH1UjSUcMO`6uwYh>n{BF4;mmo5EE}+B&{+~Z^k>Ja-Fcl^$
z3bX8wY;G;$>hejygx0#3%*k&{b`>pzO6`Y6gmIwhl~Z1;A@cJO6TZF&__9(dF%-MF
zj^dUKYYb&h68f)Z%r%@*3o?GDK;=OVRNI%}&>}46>pC;Q7d{JLAhhB5<eipWdCabE
zXVr~(eF5W}a(eU_dV7Q><wnYLNlQf#qCMaKLPpfHj|_?WSv>oDC>{px*7O&YqZ9De
zl6Z(A*~S2KC{9^4t9t#cWIkorKgFPfT+-0V6L3uZ`~z2JUg#o>7ggOtI0*@ks2N84
zaOr17O{PteTM|@5F9__ObcLV;8xqcha6z>F(1bL5P=!S_wCV>^t&<S#!0-{(V+G7&
zEF{0mVI(`??E~bp_ipD42t?~Kwx$zb>m+*6gY0c<GQ8hZ98z2=TxH_I`us<-6n<DI
zC@C(yGt;}|gD<zzYrrI_d$(a1kMnQyVg3p)t^sF5vdHqSq*ACjz-@EFXIXLS!V!H>
z6$^6%ynjPL-w6otF12sv5wvUA)Au`)9_bHGl38-POAL@KAv=;U8*lrzI`)vgs6iI|
z?v4v6W7Ai^pAxxx`Qnzsa20cgLAbbRzp^kAPGy<p_46J)Al&7|C{|$m4qqi_Nw%Qt
zr|N69aK{PwjQt$OTzDECnir9aB}VnAr2M`s`7<BcFkPvI9wrG*Y3<hp&Jre`vyBvv
z5FQ_RK_Q?*p|`jF(iWXW^g~f8K2xiNW;--5HSlq`#D&A1fn803C;0iX?MIiy#ZMVJ
z*icd;JCy_b1N+324g&d3q~8Jn+yBN7-)#4nnM!i^6XYPX$i01Qr4Iz~Cm|v$Tq&sU
G|33hA{D(jQ

diff --git a/docs/static/img/go/api-create.png b/docs/static/img/go/api-create.png
deleted file mode 100644
index 1c21cf07066842a492b058afffe71b442d36ec61..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 182604
zcmeFZXH-+$_6LfBC@3}rk0?b^5D}0rp({mNkRrXPbRvWndO$=)MS2eekluR_MO35{
zY9b{8r4t}hLP-d`&As>B|Gj$781KXT@IG9|2s=A_ud?Twd#+i2bH05DR%K#jW2B*>
zVN!dbq)S6{tcZq&Hs=IA@XK+Q!6(4sh`X-pJ(`lfD~rI%QyU{STP-b`Tfp}dG)F=l
zXy^`a0X}TNhlYkO`ZdjQ;CLSRJWM}ALkk>_99~a9`sba;iqdKS{7#z#T&GdgyRW7O
z9QCZ+Y;2s}?V%ps#wN)?L#%_ok%y6%CddlvB>2P{`qW0y+sWmy35|?52>9w`<MD*c
z+v%CJJIGu1+CT090pAaQ7P`juk6Sz-ve%5X9&+7>y4i3^2;LFAb4`wsi;GLf&Ds{E
ztEBR;=D?ZkHG2;a7m$#UmzS5Im#84r%}z*IN=i!Tj);(mhyZYhfV+>g#}jV>XLs&@
zcJgOGN;d9RZVoOU4p3*V!+xJUg~B{!uU$JF=-+?;oTrVq!~c!s?EbIE0v=H4@QRSI
z;2oiV_YE|aIs6s$(81g0nX!_C6F?qd3^^%LF`0kd|J#-S8}UC{8vS2OVKH%$|7`jn
zmws*f$lb>6KGX>q(?jn6mgZlL|MTL%8p;SAKKg%<;-7T>$FBgP<rrmz{=H~&jG-X^
z2^ty&8Z{+FeeWa7IEF^e*~=f-+QD1bl<r-(p7e^^SGT`<HTD_Hxwl2em9e_-)UT_B
zUe`Eh{O&@u_}l9&w@}vefvMY|_N02z?LMUR=bomPT6B~9T*`LiyzHc?s59DU-bc?G
zZNB;9;aLTmBXocHukO=PzS5s-QZh$Ra6PB_%YQ1*pNk98{dIE%nxHplxgN8hO9%r0
zUHcPf%jU%YrtcG6XU`p_E8_kk($DaBBOE!3X{7(l$saz|wR_K>!<5YEK|y~#`x9IW
z9}(EUyY^f`37B5^n{EZ(za8O((FWV!((la)V0!0VFD=mhCG8H0dIVxY`?thBcU9pd
z=$arc@^44rdfW^7yVX<Rx<+@xNcD?NI`iL-Kv(3$^tVf+^pfTX;Z5BskE4IX9}2+Y
zm;T+g|1Eyd@VSAL|6o0{3lGw+Hf3offCsbGxbt<hqc8C3KDJ^ot8-BVUQb@TzLY4v
zTySS6Gq0=S@9P<z0xZOJFEy#FbQyYFRypsZg{@SWBV~QoW3R{unDrrL?T%It_^5nX
zsit4m%LdyVTOU$?ed^M6jriMN7j|0O@B49?-2c7bl5~Z4%k`labuZfI`%iF1_8jxL
z4vQ}`?pgRActADmOO;CQQ9de79d^*w$k9ydxw)CC8jes1eC(%t^7mzbV|K*NNOiUP
zgWZYiK0#FmOA&>o^(Oli;>#;?9*K`(M@#DHw?;Hqh93&>{mzgIRVS5{Ka#)RJ9a&U
zC6Xb_Uba|UktV2vwLfZPw9+o-b4WzT+k^ek<vtY`;xL$LL|5ytdJ#LR<o~h3`t8#S
zw^1|WjougD!5Fq8jIW91b|%+zg&9VBw#ZD?h|c^NO^(EGg;}p1^K&lzE?l?}$F9je
z#uaP$sX@ZndK|Uxup0J{oi>2T7MD_V&MI(;9P@b5=04viTmgESpsH$8m_MfbyO0R7
zXL+;p97a*~>nb2(*enATAzo!B{El#(5L@>nLz_rQY47(+0-tWySxURzt5E(G5I&-L
ztDN8st;ACNstE11xRQB-&Nj(#Vuf6oNubTYh;?0-_yJNe!+vQ>E1j;R%tNG_skrft
zSrk||XY(MQ1oQVhsH+);3C>%6eSb-r*C^|yfr8dZ{EOe^oKoRG8Q{(9K6DzjM8DXq
z)q~VAkf~d4LOU8bm9EB|!CfkzSgag8!bA+{zpXk{S`s09%}XMWcTo_WlEZyN61uBK
zmY3EI=ZxqiqO8BSbL4sqs?(Oa42WEk+}E<BX0nf|SLTEv=T~1f9H7uteX+CBP>fjR
zYAR*?ZG&Tdz5O|#mDwoUQEaKZ9a^3Gy7$J__H}2w$CIhLxt`+2O}5C*MfnN8O8>om
zQy$*ZCPm)F@d{Y-sY}8Jr;V9=9WH_LYV}JEI!mry>`O~%qU=Y{tF$~_TB1iq;QY1{
z!jfx2u$5Q$jzJ^UnA^J=(X5@{T$xu!=7b|5Pl;1Rf7adu1>J10lVK=n=NmJ8Cf8|v
zR-o|AG3PpqCEP$yCOGQTF`JH$_-GC2Q?pY)Axj|_Ef6;?OZPDOraNC>tbc`|yFUrV
zcjaCDDoucWxVJkf;`>Fx$M&Pkt}_V~;bizjjeKhH#{Ji)+!m%jD6uy$XuYx-e0lNx
z_;+sA8IszN_1??QoL<BTzp32hjRH6kN!eQEaWcgTDQi61#$TA<@b}s1;N@%<*j=BC
z50BW6uHR^JS=wI47=z>n$JQSRCD%NQ!<_Mo3chGL3C^Yyv~B^RQtrCm1E+G0s2^R-
z3;%85&v8x3N3$M5x_c=G_j~q_aX8@8bu^6cY&YedF@Tg+q_f<W_5NAblZ1M>MJ3hh
z7d<p6(7(kS;pzV%HE>Nl<S9C}No1udNw?8RC;w6AJ28jhk91YMT1l(J1Fy8_1tTXt
z555;k!^u^Z&xGuM_MUzrx9+0B`<ODH<~Q40i?1$J^MfSQ_uBd29WRoe6Bm()w2}%l
zJ_#DD{o1DBzU!8K1Gc2^wzVwf#Zu`%*K>(5!TTU}0^3zwU8u3Bd&7D!lsjwWeuU33
ze0N06cE%Nnc$BTQma#s#aet<nbwvwoiF#U~pTDe}7Qxq~;>SCK_yUtFZQif3evpR0
zvJpT~xre!(G~3&mP%=`A@}w+BloVMv(W{&$*wqM89OD?C&7;$_m#~F5f{$-S^Xb_o
zVqc(w4sZd5MW!uktnm7YCQwE^DW|71Cigs!x9O5gm#;Y_vf){hX;vD`!_=Q&_4%GO
zNy;IF)!gQVk`}DKG08|)rFl3`js+mn+p!iLHqLh^aLZ4OTb@)_LJL{9)mr3my_BT{
zWQ#g6)qJ)opE*l$niY(E%sPzugSqVV>j?O7@@0zgq>|Q06J%pBrZ67uzLNp7CLJtc
zg<F@{r32!?=DwY;P72fF<&!q*XF6jv_Q?d!`75yRY1HGrd5-MH)P2=T8}fK*(p0I}
zN8eZC4Vx5B3EyP`b>=igY5VN~xWj?}j=w1m0sd%0J18o*_az@+vO??D!PdHDG5@TJ
z^{7-lY9D71DGNgkSF|$X;{@TMVo={&&A>_b%{mNLXT)=ggk0q8?70NJ#LOP%`-$Z}
z#jO*Y0Z$e8YnG8tPhgnA=0DP!>oHxBd-k!Lp^3*8iGD@^jVX`!TF+kGnzzSRa#A*z
z99gBkRs`gs2W=Jt&?ags%Qt_mu_{L%PSg3lG#C>u8?9$<J&u;P-X;b%7^?QTvGKR>
ztxdNxk8o<yX2nOyO_<IJ87&VOlqZLJ%beMKiy!WXN_Zz+rA?D)U7EEljUK~jMZIKY
zmpVX_w2o3;6GAu|EdxgDH8_Zv_98);hHE~H5@l5aw%e05WMC3m*l4(M<uA5C#v=y|
zuH01=wknGj*HBgBrjJ<8k%1U{Tt&W-j^iROFp;^aM%$T)Z<%R~oBL!rT1$kc9gzqm
z;RyVunYH3mwcd-^ijV5tQFyjvX0>1@uedUS$;qm>i`zrg*GcJ{vRbRB7L1Yu_d17B
z5_YFsNC|<Yuu)rG`<-Hz?bk0YVjiP;ODtk<>u6Tkbl>7PEM7ZdK#)V6pGA7fi{z^y
zaN`}BNv}fV)fxHGB!0{T52jP9Plbb?aB?p(4`QtjzS1>Hdp+Y%618*l9KlA1mto%;
zdO;5?a<nc%Yr+B-rFJ3Pwxb905fv~hRyWJ#YGnWsdbu}m4vv!Sln;Cs)s_ZdsIn2d
zZLuEbu`+<3xKf7ok&iD|IXKw)Z0PnFZQ%Z1+YTJ(;V@((Y0RUBC%Bmgtvcq&lL#Z8
zp71jBi}jhV8uPnhuNXUy@b~IG?Uw46Xog<6zV*j)#BXx!#7hmXrK1>7MaAPFf~?GD
zeM!XE=pn{t4jGRxo!wU^r4|-`>|y8Q3Lf1`+-qV>B>$Y2D))qJKh(G+w{vM;b=y6`
z)2X<M)*#(~eOz<~xo8mCXM#D0YK`3qpLO1#=g(FyF_W65z%Ca>rP~!fUv{h~FFiXy
znP-G_DRXP9$k?sK<%1`j2vTyxIrYZXODG~P`FvGMB;@?^?icLUUg=_+(Keb!FX}Oa
z$0pqZH=MV=Rkb$wY&465EQ0HV!a0`91$0yG8CfXFbgf&9!})sauj6WR5G1*8)lOml
zlo9`Yi|UL^j}H1alQ0lMk$#C!u6_8=KK8K(-E-R=pV?7r;f-yx+wxl-sEf3tY~L{3
zdT&Llv-0Cqa?D0`*S+UMWE)5$@1Qp1_unRITnx!GnS5@W--J88tc)RFHbrxUgj(*J
zA>_ZQ?eES%FEX#iZ`yTMu=F{TR~ULfPc}hR2cG*xU3*nTW=F2H3g$UwX;oZWt}o;K
z&7!$3AC$*v1bH|n+nRx7Z0&Pk4^t$>V(g8WCg@F^Z@FbQ$}ZY4zX8<U1o76X?)A|Z
zLRKrOgs~J`5s;Q@x_rK#dDni1g>sP^S&TghT$Q&d?s4yaZ$ye{yLkE7JE*c*`#Qc>
zk0N0kM}N7xQCMoO{66X%vyCH-Z(lpH!!8Y+;Dz^X1BK{|tnVhCtF)aDZL!r%=Gu_=
z!S0!*36&-(=<pVus<}RcxIW{5evp%$TGE#4GUR7TsfKC~F5*jSl8YI5LQQuYIej`B
zgwH*>p?_pV4pV#H`L@Am<MEPe3nJO1Gius#7t02Rx01Dar(`^rE$eI5?lW^?Wri<f
zZbxNE;_P1xOLSZFU)(tYIr@N!hww540p_`SBZ4G1ygmH9HM7@mF*qr$3zJr(!4A={
z&iP{is<z;#Ntx!K?dUOf&n7-UH)qm9o$F?hszNt>sJl8<`NZJb?<R7B;*{=%4UsFi
zg+qRxHW-&GY~p=dWK<k<sX8&y%DfLA!69oKb{g%>!}Ok?8iM0xR~+}6IuU~cnPP5N
z5NdH-JQ3~lDiIsWpBs?$!o@lzSW|8dJNTW^Wv`J(mwK#JAy4bSb6c+4^EdOlvUfL?
zf=i6b?_H`~+KmdHNY3);{9&7Mmt6{Sk!cm~kbPSUzErj6h|HZk>p5RiLs&dvWPUK8
z3SSS4yLX?rSW}Z>6LEbLAbT$9a?P8Z+J~i3!*&h<i)=Tap%m%bY7~{D>3C<z&}6KE
z0K%koENNBC(BHTeatmoc#C8n%&26Vc$7esAfhUdfwOS)vcQ+B6fWpOKAnK~3k`1-h
zm1C!Or1=E}7s6f)<<hnU&EO}g`%Kn!yU*=>J0^BdYQ5uTLgbdOH$?m~h{ahy>~<vZ
z-{H`=T7LPvP%*O&%KPKVijYyU0Rm+bj5Wz{&8nt<0vJ{TTXcSNN`m`?6SZs?NP=uB
zD`aa+QOC_};rm+YSQOX{O#oB|UhUM_Gjil%#zgp&01so{$3>4a)y+^mj>+JXJU&e^
zrZ;dixLJdLb|-2gCoT>>{z%N_uJc~9$oJlS9&}CV<7$JnpJaWX+3MP!tkAbi1`xj>
zi<p<G5jE`g16<Yg#LJS6xc6+H!~_W^wncn)u-deU-|EqA9=qM5xOStVC-#hS$HldM
z=~$>LiU=_W=8;STfmLRvhmsZk9xpc%=joHSgXi|-_9tD{teSEwtUGT5s%2DC<(%5;
z1Xdl;zIv5nm7%w8Z{vpgr2>#+BRvGS$CDg9+oT@tIjQlZ#$~E*XZ&hv89;=v*FV~v
zqe~3~F3+!q5y@#iWS4iHxy97wb$e+kkDUi86uJr>C+79yFom(K)4vG~E|+?`YXL7|
zX048w)q*htpg|Mb;%Z0zxbY>7NIqk{0I(qyi%CL{L8|iTJuLlqVHAC&D!Wz@w}v0d
z+sxvM=r=lEWEkdN*iu~Y2}eI<_<o8g^uvS+sv+sI>sAWdrc0VQp4^*BA7d)#QaS;%
zgU1+rwz9gSy~p0|cadqvfd<weDO}DIQ>0TI4VxGTRKlSqualh{<l2$=<WN@Ev9Y>E
z)foCV<L@RXHW4p3{Kcm3J{|5B@&2eMGL3v&@pRU!VmiUx4F{`N;%y(+=Nhu>iIp$%
z@7aGxPdt8_-D<FXr_lWd2Eru=m;e~2=z|w>d(qkaS%oZ9a7wQ$kL89#Hz8jxSW7*^
zf!G_H>*pz4U))kNfe>@zA1Qn!CN;^c<=skGgDb7{g*hS^F2eMynuX+cH$@`?SZ*a+
zVgfc^Rjy9q(=@vxmTD~!KiBsS*k`F;yok5#)jz)W%6CoUtW-20zUM8uOOmUf37wp8
z5}JgwyUVZ(l=xIJn-1n`+rg)&l%6I(3H;p>o_cozu&Bv#7gZCZh6=25kF4F8Wv{|e
zO{x}`3muh;hZHch#nN5r``T)=jI&v!wzp@r)8w4OZdsh?H(ELE4{vsP8!MnUNQWAi
z^KQ|EZ{L@KR_A7`Wzv`T>Cs}&m~iU}8MPAl^kjoaOpIyay~*NH$BWW@(gfBg<a3N8
zU~BB%=JgN0zp!;vX6iuc@qUAekyL}n3F?3ypfr@a;9#FFRN~eLIwLSI^hJhT0NK_V
z_e>apVARs~KO=`3JY|cSJH*u%cIzTmAfs@9KU8@C%5ZkVsY^Rmmv${o-T6)Ls1}Kd
zu=RLGOpy|fJ{_rr*nB-+nWenpS4`lj&4o|6$fs5{UyW?*+D#c#4?6eE<ShG$S+>Fb
z7<FF1nj)U#)i@|}=8o5Xv|I1UD3XNaAl@Lyh|Y_<O?|u?ft><`zLM%ANVAJ&xO5;+
zz;M2P)EPfN?S&!aKORuG)vu)wg$=5rVsDy`TWoqykj9C+Ro1Y2ke`H<6|Q5zfBdb0
zBjPLK!Fps|O!8k@@tOay;#E{GbVsCyUpH_1;l4YKmgS*_q&fCEvO6G!h%nv!uk1Y8
zFDkF9vx*5-hqICrtR&UJ+-fjU-IC5~?A%$VuMJQWC4LVTe#0tygEOWvS1dXY)wM-Z
z&)I=1gK8hFho)*tyRH)m@94jt!<XYlndjo<xSuQR9mUSneVs^D({zm7i8$}Yq$TAs
zv!D}kZorjzuHIDC3>LRAlYe}R^UVZ!Q1o}6<KhU)OY{&<b$={+^n}ufk2?HzmEiY@
zf^afFhC)4ln&<7~YPN!G#9w+`SOJf7uVF+p_u00ih=w1Lap$im#|4|H9@l%p{7_n4
zUqd|mFFc+Dw-wYQ?VEi!*@LcgrPmi#8r6@(K79t<V3G@O|A?VcegRhGHR_4wi^)=t
z>v~_rV}#_AyT$$Mwyf}y5%3uIpS)jt_JQ+J(78hoOz+L_F}&Kw5xKJyqwZ=?qdOm(
zbp!6d2L;3VMV+^X)XAHRJy~(>5uA1}+8#~~(*GtTmEIrvVe2n=&>f-E=Yqf9j21N4
zR4`CI14)m+#^X|&*$=x;%Gb-CnRy#i_7~5l2IhiAOLK!y9HGlFQJ^iSv&tl&AN2VP
zy4xS&F+YU}XFvCM4(EG(fJZtOQT6KgUGtv<pREGsn!fn$-0#NGKl|j01zh^~^VLj$
zcLDyZPsNjG%TE7q5&&!cj}m{rU;m@T|0waRT>KwT{Qrz6vQGPId!9;CK-CD$U_c|Z
zj?f>M^=xJf#E*=G&8Ta!iAUya<8REPkqK+eyxoXu!u0Yg;OBYJg2!Fg8WXG7qA-a7
zW{@i;;!9X>vP2Y$4I^ouEH*1^ygwp&ZlE_#V_qF_;B{CAQn}l@hCRq0+A-2LGi3p8
z3;j>(38|QhgO7@K<8fvW;%>$DP^=Lb_{<*gH15|l-f{jBw;b-i+{MzZme4*Xg~pxa
z-IwMgV4$(t-7Qg0@<bQtyKl2mpUE1P6t>PKarp<K5=dkK*{|s?%lY!i8ydEYfI*XQ
zR8lq5?S<T1Yv<^8s`TGkOUZK`8X{t{gHJ7C^#sl8xMmB669DIT)QPw$&z1g?xZxrl
zW#<Y!uWI;}n6Tu)STw7@LleCrJ(kPw>YvN^ubt2(2?*C(@+{Py&Q!e0<atb2!f6b#
z@ErEx#cuXAx6@2_wq<vQP{MJyZ;{x6Df`d#wMm}PLQ@UK3&mVO0FmUE;!~NU2KcLb
zx6sAu8e;JS-1HCTdXhA;p{(^fw?^u?uYtLXVay5|4V#NH<c&{xb~gZDKs4ZA5h;V7
z@yW0Yj9B^ZKbQ}P)L%Uy4SG$zF$(di>!t0Z%qHcgy-9oyi|d+2Vm*q$ru>`qVeuRD
z=<fE)`ED!i%_txgmIV8-!;)ZpZyfv4wOy4%3`H#sV9&QXCf8!JR_wD%Bt`dId1IlY
zdmNXfZQo>RF>m+|ulQybcosVjHbIUvSFH{<m4+BoeXFza#o{(UlJ#t`&=x;QpSIN8
z8s`FgHNXvJ-4(l5v6TtL_e3_RYIAUcoJ$*{%}i8?N!M#F`7UZPs6+nXii?EmrxpgV
zozX99%!93?S#)p95<X4_5)UIq>y*sQne(Q;@*^X3nPW2FZkKBvYdWYcZ1GYd+jK-)
z0OsW|)D&bgaN6LYk$TaG7_7aA2^(groiu1?Fo1BLoHTm4KHJNjj}xbYTz|YAYPla0
zako3c>dBYL=E3^=m(xPVP}@Rw)X}r_{z#SkWj~26?XzfEKO`q<XrRVKH%F7Nch%{-
zbb#57kwSx0tpiUHZ@O=PI4%WSj~%kaZ7&R1F*sdQB#C#ByF$5B9+QHCL##LA(|Ym(
zogUD(keOZ`Uu_xB#Fb~JiKp4HbR}#VrJ1E=sl}Mgp#!iC25EO)b!+ykaPNO&F5fUw
zPq-~u`ksAN@dCpEkGIDg-d|L(PLt>7Fy}mX2@>|V{I*t4LP{A~Iyf;~v`%~9!*Mp0
zxknj_@vH`1jy>NDt>7>@tFMJhssoM#&n>%aBIw8bl|~3dg^;5CQ)MawUcQZnMWm>T
zjDe<No1LlVIm9WB{ZBT8c=~m5g~iey%QB<aVg5P=kMeJ#Tkf`6R`WOP&l>V}ZV0ul
znvQg_%&e$QYbpps;%|!(g86idJeZ{Hv(42s-=c4Sa7qKgO-y7r6Fr_`P3GXu4=~V)
z=zgB_`hlPLGgBaVYJSjq-{u)46&6cE>3!7z6l}o#8G$4<xWKlSInXhbm>{?xh`WIV
zAKZ%K?RgUb8-RLg`rA|u7g-qlZeN~LWZ^rc(7WF#WB^d8^XH(Ym-*_OyAbwjsm=QG
z93i&!6bT>yq5!Qc@?)1^`K<-Wmeue_yn}{jNZI5|BYD(`Dx1Q+O8L3Mov_PzjsbH+
zNU!-s?!g`21(+1btY%YSjl*`i4x8-|x|P9A%FHh!I~TL0mn{0D6rh+MZ{9VjI$B|k
zyrCCBoU!RlRZORz-E|Kv9k!*spUF0jy=8CdToER&WqIPpBgo_p8~*mJvu={9c>b_3
zKT|iek|)P9t5anCz$Wq&ZPReS<!>!>JWBi5X0334ypIiJj-D2uPWeUUe|qxHCs2*r
zaM2}k|L1_oqf2IDb2!G+*C`uDjD77j!6P{lsa><TQ`xwS5sQe5S{%%d(Y+DcDULOB
z>J!#3fz0;NlX@!X?=~AX_DoN>&o!!;NVFIhnAH2Y8&Q_aj;gxP35YR!)$=<xgtyZA
zCZ*)j(np-vTKmAP=IFdSl-t(<1XPp#M_1v?vun&erk0CPr$MU;-5<6N9(M2~%ILL9
zW8R}x8)lGquXxiqtckW9rS%|GmH(7QzHWZwVZ6(8WlUhwA7zlEb@0IBWgg0&!;HNR
zP9Anht4|#Hux5U62r59(6gQQ!5pEI{@2iC7@b!0IBTZD;b>HIbMevt4ZpE9A5HkaC
zcn;wrZm34W?I%3(Lxc}Le(>zO_0^s*2Yk`n>0&8cQzPuX4N|I%k8ZQYF7iFxA*0=A
z46CR|vyc^w2sF{VIkDE_8!Zm86)n&9Jq|izh69Pu?B|4OIj@yyZ-v1E*q%Azmz_nQ
zZp>x8vO%Y|%%H>xn$L%%Un%VqHV|TeAm(>{AtFtdp8K|L=L11rL8>T|Qk~BSQiNq}
zZpn_rxaa)qHo&uoIG4F0Z+Y8&KJfc+?Zqmh*IsGK0z_T!s(*`fW=~Cc^=e3%C(FE!
zyL>|Viy6=-%ivA2Nqy}ayKaLA!!8c73B@d<XJWMF-IsVh6)77E1aJjp++@RIVB*u*
z<c)3vZ!z`-iqJz*C$q`qVvagA8`47Y9bW(2gv_pE+pU4iH2B$p(@tTnTPxDEeat0k
z%uT*Bf;XV`#)H{f5cp{)(N+BX9K1;E;)X%4W>S}540_&|`2lZ1^`zl!S8OzZ@KAe_
zDfzOI*L5V8dt0pj{w;%>{D5&QLPf0iQRW8V&mZHxR;g40%LLxq-MxIn+MKvxN+U_C
zT4l3xYG>`BM-Y*5pEs5Y1m6b&c5g|}pzWSj9|XS+cOA^GBiQy`h~bvE>AJu}dXJ?4
zV&2}A(jUlt6n2Va7llIK{>7lb4iCC8>V7dytq8G+7JrKVxgkZAis``VmViI<DemvX
zLm8SIrF<GDytMBV2y3G<eL8yfo3$@SnTr@YtCq)`IxiJ3>#Y5VDcqP?E^;1P3h)V-
z;TmeLT>tUu3_((DI>!n5IFx>ZwJ(gJV&OrDO{i_s<G7~DWvMg`6j*yq+e$XRA-ir=
zRq~3IuRaimXrsG?Ei$v$YG4&zuUO$WM=I1{AR|BIE=fC<sqto@amvBth(3kj2G2_e
zgYG<ci_o}v2WXnu_ha?jtFPzs{ZLLtN3MyNQ!-h$S16|M5{hjkzi+SAreP6NO8}Lx
zYX=QxFpp8mLypYPhR$U-^H>f)F9JvA94Q_!;3AFgYfH6CQ54t|O6{^EN2!!F+c*kn
zVWF!Q?=6fWVcrUi*AQ=kd@+I$1Hn5n<Lq*7`iwZUP749hVg}eH?*^JFTjs^IZ?7%d
zf1Iuj$qqQ|dtV6R(xM{dlc1PGB`Vds5ni-UP(kig8h4-0NyTq2kiT&Q@DQPGLPxV;
zcMDl%)dAm^U!q8km<-hDisxG_au>4q4God@*iNj2lHQ@Uz-vUT)161%38Ba{yBn`G
zdLUi6`0a{06Ri7)$kXAwX?%(kl!f{wDab%FtD|j#!ek(W@KCZMb9;oaB7|~xD--;}
zB!7-QBhzK&2NCui+JyJ_8D(sA40k4GNHVhFsp;*I4s*NloH#JvMr->A|8r+7_Oda5
zLSJ>-SKrM5OGoEr15B6zF(WNPZ<6}Zx6b+Hv5n>pXT!8Z+y<Gn=q$0QRopHuf2CVl
zK6gp-nc#Q;{wfeb5|(uH2sv*9NtQa*(^p~{Iv2=A9vkNJP$a;YnhiXww{yUe^tF?Y
zsY`y-as<;8uE&a**P-|BT?wY%u0RK?{<l*nXhz_ybVX#NY{vSsbQQ$r#R$kalOD4i
z%M2pB{QQ`U?A(vPZGIKx@WEWHEDuexTiF(F1>rE8c+^bxd`RNsYVa5dGfsRvcW2+R
zt=86%i5~1TeFJqVqFqS-paal>${q#ZIC)WEBX63j#2Y=VkiptZC{(=5&g67FL_DxW
zcFBaWaMMoo+5p@4!j)39Y85;jnj`*BV(yBFP1nszdEarmC)EKr4>1oZ`+0Ba1F-%r
za`+rvjKGrpV*wD^NH5s_Ep%O(9aqd@*Ow|jpUWLBURI>6ni%-gc{!@Q!3hz!A*r=A
zJU7;dke$qW)K3E4BCn_kQBG|VwiMolXP8&G<S-Xuo+pPpVs$z|U5`{TjvpU|&T(QD
zN}5^46}Evuq!!y5={GstUrD4Kn_X<7W?*%yIUrZ%1dW>qEmpQ&XDjN#WhTL8zN_T1
z!OK@oRvR*#{nx)=NTWdRJPZ^&TQ>}f$7_~_hGR-BOKYfN*CSR3W@}?_E>$H(Zd<0?
zf)Kt-rlkNm1CsAS=N9Z<QMKsU&rz1@=2PUZdniIbeQR}e(vuf`9pT@3MV0omBul-{
z4+Pgx0Cd5XvhAZQ_8eF1B{?rXw~FQrT#e(b-CsU8JaT1f3u5zukbF(A7~8;JgrQpa
z?=o$Konil8TG|<6BI#vOxN1d5X?CxDB18y#yD=}+0Vv6cZ9ql-l0`R&&exVpd{(fi
z#fLh@zFF0@AhXol;bx<eH1E6Of2<Ie*)Xo$!uNB&lu%3n>At%lXkEJHeQI;^<zsfz
z<L`U7*Y93R{l(jO{n8QL7fRo<&05GBQi0$7i!7-76pnl&s%`<D*D<CO4yjMr9h?%d
zmh4u#cNVbi;x{uh_m&w>o>?Asd?6m1;BT{@GDcaj0-!rHZ3FjvZZUPS3hF3}DHJLX
zY1-3NU}GXWonVl+Ir%^P_~1a8Qj?~B+DhApE>@G)b#LkCf}X*<mm?XLI@k+W+Ydr_
z3mWMqOsnBNqk5`P$1;=9En<x{LaNo$JeN;NOd+H7CNfV;)juR-!N(yz|CRV+W@**=
z{qXOp&s-B(K2~<0Gyt7pI_hx9f3nUtkj+B&JWTq=>k*CXUaJr-ljBrGGdoS~xMA|w
z?P_5@&@zmu8PG=eY{+EsB3Xv?GDdy^&#^F__0|eGkm1XH-}0j809Jd*Z}mJoQ?asM
z<Z$(1vV8$7d$#jM<aL+nu|yrbwhYF?whv*a`&2)F<l!>51T!)p#LC`=;Pn#JGlxdo
z?>nLF&%)aVrRI24!W`o?*)Cb`mWsbAiU}H1RxMo0dnBMOH=uI}P{PM9sIp%wC7Q#F
z9UG1dFu)HS3c?h6HgjI!ANFr!t#IVTWS%XCy=E(<nqQ`*;R^w;2@9-`*2K{A6W-dL
zlhZti%eG`WIj_}}$vIf8d)vBAmeN|{M|j^AY=<6>Q(T@cWfcd_+cg`Y7c(-=bhZ+W
z{?;r(-pwt&>NUVcHOJ(+36P~8eHhD5S<6i2gyKAQjk;oQUFCi)!^{t@S!M2_fVVdU
z$1JH=DtL!R&}Gn~%lvF#u-j$$69apDnXgF~sVVi{T~4K?w6%r@cBx{e%uXoc$8-1)
zmsElztC)T9WM6+qsbAA>uDma;-Eudx>^}0u%;d{2pw}Cf9a65WzaXZfV`;dHxR>1=
zpBvM@!^;D(QquSk%Vg2kiF@{KSY9pnB?!l)f(BrLYW`Fwpef5Id5xTi2NMekTIoh<
z6h@cD2N+bcY;5}D>YD6D5%OjPgAzo+Ku_8}2>^UW)Ht^k*DQ1>32^$0NgJel?!Rcu
z;I65*Pgi!|dYxhaSZ65x`gNn?`G*bGuI}DU;8pU9S1v!oYqa^?*~yvEM-WMm7b9cO
z>7S>vZ#53Z%ibF`ej;FRa;%qkMNnI26ixR4h6K@@I$ETB(^B0;1&@rS(vQj|?&gcS
z83w};TOR=#;0qcXIsGxj@l!2;5wRb#{Zt<U@(}Ib5@IJ2EVirS>_$=cmbg|&TuHv(
zuxaQV{xobLYQtpEG{{=uE&L!!WpB?n%l(Yc&+qNBFGfs8`nHSGq}cjT=hSTv$&gnw
zN<2$!w|$AT2oj=0l=gM9zVxb7TPW_jyPZ~yEBXwqG~BCRwH6GH^!iz*A*r#<p0*_V
z?Y3j2k?I@21VD4cJ1w|t8CxAMB-PUsQKT#Bp*i1(lljDe$EgIEchS&&;mbn%%?Hh2
zZPjRrh)lVXK|<2i!7t>ZL4}q8=TT+V0SI{iQTM!*<i%wtS6Lp6a7vo8D=FFO7h86K
z9|%-@DnWwNck0BC4pMT5riJUB;V>+FY*{Vj@dy}|p3i+$AdWxYy#P~SJThZ2vRAOm
z$#fI47RPJkj&4w;2ZbFgOW(B)Ea&m83JvJB<aPB(csJV((&p7he!q>nXp62Fi%J7`
z{P8ZM)sj6M5jmKPWd?ujfz!4+TlMX|vegNOgN_bbN<Go4STLV6kz`(Wv-)s!D`UfZ
zjIrPMBGXyU^1&$kdH}{n>^&ljjRLU#MxoMYJQbu-w;Z}&$@*<2iC-EFnajC%8lqnk
z59t1m&d(EhODsW0(q)A$6$#@<@NHPh%T?j*&l;Bs3LCxDhTYkz1+8iVlrvYvBL1<S
z=YMKUc8?c%@O!Ft*u83skPEQI-K>xg@yJ5uY<fG}%iDcHp`6XS$#MgYKW%P}h)RB+
zSbSnq>u9T$;%#S!@_WW_Q1xcR|J#(EjNIqVjb}?)u6>@!mxCy}Lxtvk8lm?tpyu$_
z7zXWOlY7ZbrzoP7HSif}l)Zv!@REs&Df2gaT`{LO;rE0dR%O&1XGy+U&X8Qk`>zZ#
z3Hdd(v;%J|p%QTF8UKRsI!pbBw+52O$FNK@8n=K5(838KBuD(Nsp4#pn`{vyI@=tv
zSXIkbhV8ALcuOCriq5oR65cP+plIpFyUCfN@rGV68Xw9Q5{z^+Xm;vVP5I_V-b|vC
z{C@hLm*b>~7`6^&-;WUlM5dZ807VU8BW8y8VF>B1(~SncVG5z)o+D9{#ue6#9v35g
zS-LC{kq`Aw(V1*cz%qL79do|ZDrw2QacnHU)E9A2k@lmB$DnMWa?6qQR(UO{bM{hR
zf}ZbE6}H0)Qz@^};p{Dl0$@qnU@|xZ0NJ-VSdWYqG`}Ze)03EIHn(c!@UdxJkG4lC
zk1TMGG=gp1e}-R=xispeeR>Ixo~*!(h;fmvaw`TJKn!^~5)4@jZ=Ry;8QCnAC-0Lp
ziJ=PWWkhL9r!+bDuZ^~)O%ii+Q8mR5h|OgFh7!kF#)>6W_0z!13aa^mJ8M@gwRX*O
z=d%~nH*?L$S#7VG7pFw}FMoF#mb<=H`CvT#*L__JNMuplXrPB1w5;rZ9yL^*KgQPK
z>Zv~SseU72eIm6fQLq&^^Wn2<O73Wdjj)d~lI7yX3frblQh?t~ffv$69{c>^Tu;J_
zPrIe)%kx)Z>urSfnbSMAujuVpqWVHkbA(qqZGYWdw9=JJxqHcPI2V=LV&nJeE-tl;
zQS+<e=IeIJ?ztqI6wJs}dU%TbGjmnh$%om`26U*NH1Z`;{SHF()hnI!(}cjgwGcUP
zR8e*Fxeqr|i1Ns16*Z({2GoL|9~%ETgL`5nJ-<mHQ5CtP53Q3Ot<DsWvgIxh{(^{J
zAPC9F-D|sboU{@uvC`1BFCQr8aGQ~`BN5aBAPT)Z==w-J%B>l3dyh2w$&V+!nonoM
zWH^@d(v8^kYCGkcu!)o<R0US$CM7<qZ4#y4ho5LzkksX<RB<Lu(0ZC=E3lmm$>fkM
zPg4%sM1p=5SbRVLdZE$z34w$lVx^t1uE%Oq;tai?0El?-nOl$QVmZDTI|$UNmIR=D
zk)s~1U6&yjx8ErGndfm*WJcN?bT?$qToD<YM;DE5Abn{mB$xPU)0>7hS$Z~vnl$8W
z9jk}FdrgsWegF0<mA|AQpcY;`cihf2-}Iey_dY9Y;C>XtYsZ4%C@YI70%LsCwHpN{
z%x@&_a6_pp7kkK=?N0}hJKf^N^J(H5tV5fC9?CFx_Ud@<(^n!-=Z|8eYCuN~H0tny
zLM?ZC7!1%9|ELT6dV0=v`7dIN{gWGoeM~y~G=it@tGtiXWpNgFkPR5!O?EJa;)nAe
z2`o&fG~In-b<bIW>c5uEYAj;ssWN#S7ZfT@4@eo9CiPTBi_On&Aymq()hi>jUGdT7
znO5u12$XhNhr-JHM=yd??mpS-$C{<zxDx(h=Qd;2!SF8$FK^@k9v<-Oy@#>#dzpr6
zEj9Fqs1z(Ud_ZrxLf^faZPRG>BoCnGv(w8e2TknpRd0QK0RTELaWfnV47<X)rP=%8
zG9&97<j}X#t3f9bZkd{kraczNi*!<hLt40|c{R6ohw{6J`mzGFR>^5-Zkx?0X`i3Z
zHKcmwO@G=HQ3oj<CyVP}t?W%tmh8)6<bsO&{Tn?w7JO?l@7-TkaTI=J65jQZM~EA$
zM8HS5)1Zhd;oanEPzi3bZt2^24KzZnFiLv6I-^yNxNhHGld*WK>KikYFSh;)nuyB%
zkfhWvXAsB_r4EGFx7}ac->|Wb7^6}nWHY$qaf@aX%sgXo#<t8HQokC<iklO7(!t0h
zi;9RlX}yq+_k0wgs&&I^o{TT!v%U8yf)T@PIbYVHUiv|~<?YW;Z68aG&rOvAJ9sl<
zi)3-dNh`oU0l*QDhRzM7K72%hLsph-aTTS_t~?H;yk(O0z}^{a3?&BMEF^y5U!H8W
z?n^;EnI#-5XJpX9Lw{BuBuM)gr(<*^03JAjN`yH+V(Aqn5P5Uc(zWk_KcBv9P@)eO
zi>Lr^VzP8-hhBz1PLZ8=uPk!7-JG}`)amoAw$vx7*2#=7aMcW|3;IS7!e)ZI@|fQ_
z@L4SL#7tuP%u|3E&aUIyvw6ZQ^JL1B2c(|mXSoI?#8f>~nvk3eIx_n1hP#Z4%{b`=
z+(Wx&f&WY`%3RB)e2<XWyqoOrTFuf^$!jni^%k@=n5wC(YF%Ph{S}vGyoyDk+_hkB
z)NS#2MXE2t2?)i+?W4oRx?A_yV6HzTnf6PlwjVY?{ml-D(3Zf-YcZCA19U&cwL(~X
z&7Ce5Z+CtBuA8IJ;1}1PIVV%2F@M@gE7BYa{vvsGDpPyY)48UHy2E}51IE2i8Xi2o
z4gsA-PKc#sKW@F8We|3&F9NSLpwl-QAU=usxq6J3hC*#%5^?DA$mMTsKKLP8sXFZV
zj#UftB;mNJL|iHkG_D;SFs!i90KNEjTPuqL2a<9UwD4WDjRDxcAN#Jkxz{=jW7nO@
z&KZ5aEfkS_dODTUaiXdj|C~)?UD*yBmRtks23&vG+Yp!W0I2=D=qAe3X0`r`U0IR2
z`k=mgf}hhzQCVwZ36nvY|A(P)zpIJcNWVb8-Ju9P>vruqGLYXA#)fy6II!xaokAw~
z4kUCdLp|y>xJt3B2DjqZXVo<T(4qCbb|DZtko$U1e!2m+$b~?tPWqX6TxdjnAwlmw
zW&gZuJR^5J{#PCfr;!45e3S6N#rnH`Sq>~7S&mP;5)7vD%Eb|eL)^>w{ic|c_2l9(
zYl8OpY`HV~0boZd2Ty}KQ|aZ!rm{1M%Z;6678rZE*A1RG&#>jFBJ=A0&4Uu@rEdJB
z1Y#=B&pMypZ6)fRV|BnZtLT_Xu%s_uZ_-zJ^U5+!IM|!Dz`twDI+U#l4&YVSEDFwL
zemyi=lYH4c)>Hj;RG$$}=&zKL$FT~fY9Xrd+;anu*JC9uM2?uPguqjMBke-M8SJZa
zTEZb@My9h%bU{9D^U=M8__y>yB+?U3-u5;%CK71EXn}s<!XM)j#bVrVH!Rc8bRWcN
z93s3uIW=hO&|86BDY^7XD>m!{aEf^^?vZRf$@Xh^DOjXcswo~&)<tbiI#&}+Jcv>s
zt+HxWxv%<WlpdkLrV7=X;?ZFN#uk4_3S;IT;{(@{7Oex$R69F6KV0;)(92k;9y0st
z%P#m;*ot(cpN0GNrg-L}pJ~2JgZzNb{=Q#JQrSqVkq3Yw|Irt?>Rg)!+nCAR#*0aQ
z-4s=&EpG1O;x7*Ov#tx+0t|uD4~k2)el-Z}dwR<a+#fN5dA;1)9eblh#AUh&nPJ^c
z)k(>%H%_wP@GGNXp<u@a!PZ9N1ZBLNY+_bpZ&0*d+Tc~w{N#J#f~3guWleGeeyftm
zV2h)GllP-0yu9u+FJqIv*><p;#PzlxHsw4e?}>l}x_f9IQYO5ANsNjVqx<6t`w{Hg
z=HkbVw++0Zm8zvnH_a_)_jVHpit#J*cE_4lrrxvf?K$^?c>l<9;1p|L+1$313X)~|
zX>ZO{QA7<0)-Q%99ENYCmh)qBk)QoIyGPG{I>rw79ugR_UfmPYOxI7Y2_9i9@`e4l
zkpFPSlh??Ble~rEh~&gTE7A~LIrIfEkqT+HS`U?Z5KGako%c8x%$U~hkfpLtS`Vr-
z<v<>)Yeao|l|t=hBw!OST8b)4Ff}ZR_dm|X2pQHl?@e_rIsuBYR;w$3n%0{<jVUm#
zjAyrg0hy`CkhaNh2_^>lBmH%wrK(Jki>~|B?YdKc$f&bTVpWpkDIE6m@7;PGj+L)O
z{W$bpuG$X{4wr}ZG7}OkVz%YU!vT(cidZd}7HGaH!rXYM6i8#b%6w-8G{#HS5oJn+
zw8$s=<U8TCRZ}44lR|TE3E16G<{&bHZupTFIIUq5z~R;=kg9h#wk)mZihOh{_KM{I
z?5E@hqCAdQt}>T=%2VYBgyxZ@9h)X*_)c5#b_1Lp7n4f%Gv6_ptWx$Hh^iY4Z)O#X
zsH-VWyV%gY8=RnG0tv(^t0r9(Fz%((f$2Wlt{$<`veGS895O03b+Y=FmyohuPsO`L
z7-4Ec6H55VdGLX!#|uY{OO^8(VMz3Sz3)E`cekzmn%w3C(<+}~|I-VEhm^eetVP{T
z`tO6Y{43@%9JnJ(=P+Sm3h$a*AQ;F~-Los>+qKhAiG?xJo+|^|9QN#fN^t)Jp6g$Q
zucj$`TKXvcch>C#{87G&c|kVj5l#H*&h=#yWDmqJIR+yj(~&|aw5oNu4oK_7wLq<Y
zv>}qe9!xR(+)PUOvlc*+{W;NhCczKaSeTqI^83atVAob+kF2e@*VjVGN7<PQZa_bX
z@NngGt8L6QU{Z2R_ZM!?y>g$FOisOY$IK#4te1{S9QF=u;Bed)zLJ~>lPak<aV~Rv
zL=g5rCR**p-V0<j9?jqr^0*MlrCeGFPOrxyWQ4v&?IBF=@gjyE!>Zz6HUfLfP%>W|
zv{}vL{CzF%^Bt5MADqWR)(uXtImsWKABGKmbRI}{7Lz<X5o8)j?ca8<7s=LiCTW=p
z0`l;Y<%SK!F{x#n=;hpBPXN5)?nF*(MZ*H+F(n*X{-P64DYjUvCk61?9|g81+cM=A
zooEpoMuJKwxP_?YH6FB|d^T-5j(poK?PT|_N;LnW65ZtacGV|6=sxnS^R(?`4Dv<;
z^HqBVN-p;oS^>7Yu$hfDFAl{1N96fdOWAE-b~Vmb272)m#qzE!O~R4=$+W)axcc^K
z$H~bW0eR<*T0Tb%?+o=~T2lCqR)^n>Kd!F?w?usos>;p$PD_0@xV1^WvLLk>7V#3l
zcVZ4cPmmc=4*bE7AesP7jZfWD^dFg?;CS$H5~q;9+IrU_9DQxOzU=*f11Qfn9oo8h
zh${LY+gWtt^YC>{Mi50|DCoNIQSkBqMpJSn0T4;>oDdCIe(^+#v=?6L5|ig)R&oQK
znE6|<N8xPcE6dk6Y`SO9ey?0`yXk)Fzrq4si;R(<L5miqeYf8oE9pzsTDM4O?-KWy
zP+UBx9)Huek8H=U?R<BgSyh<NT$Rfr2(We5BvPI;BD~Cb-)P!{BIvICsL-FST&TF?
ze)hk+Rs-;_;OK<7n0x=t`2R*?WN1H+<pR|31>s-uT>o0j$m_>W81Z&?cd7jfkoglY
zGr$Y@cE}}{WL5rVjOZ*tkG$?<EXDU<ll#BBxyXl=5hlem+kau8KTj2+FK|6ZUKir$
z{X3+qQW`ME0?KytkN;kqe-H8?8UVV+%-GCk{o;lE^E7CI8GtIovF|y4i8}t<_*T;e
z%2z};7NuPH8(N)(17l<o5d&6#_n`l8*5f&B(_GZ|7moas*e9;59oqiu6>hqJ66e2J
z_qoC*1AuvMhNwjRqKf_dL9ZX8hSe+#z>I%Gt3PeC|1rh?H%yVAS=!xM+is&Vd5r`u
z6u4B{aO>vF=>sZnD63Ecr^K_<j)9(k_kw=n`*?!jvh=!c<qKV5H9y+|M&jn*t^9RH
z03~w1^j(_VD0ks;CidxEm5IXRXBJpC7nbWxZTbI(Z6m#ps2K6$?~GPQie%4sf2H{7
z9#aD_dlN=^&%M*28#!88tt+);*%cruzJ076I_oWA&)Fci_2vSq{>>!9Mm;XFu+nY=
zC0l+OfL~c%IX@0gr(g?ol*i<}1Jg(HLw@1V!&4v|AT_G}rrf!P03SN_3qrRj2YWgI
z!0XGEJLY3mb3Q|U#0DAmx}&NCTx%1?Lo;deH64Iy+%tV~LoV`}ab+T2MzSdF6#MYF
z9Xi#A%&_Y*r|;vl?2<M<Z8{1-y&|Su!mk*HhQ~rZq1<UG)~5Wj+r~TPyKBZ*>G($;
z17Yd={ko5}PI=F%U2?dj_vgFupD#poGayp30>eJLz2?))`e`p|^Dc{`>$|x7LAS|K
zISI&X@>pH3^55(9=W_~s3P7p~Wl#Cb8t?Wx?#`#tR(R|(S|(4MOD>Pf>1LW_dlN=k
zww7_cEeGYQ@wZQ|dV5N{$_7wy+Z7Jon7V>8rvDuJ&*=oE({(&yzi?T4^yp!<HIx^e
zT4i{HJOHkD-QU}NJ~l|+U;0`tkp8t;9Wc`4xK$&%?z1-}nak~YhkN+%<v;g40OG{D
zRr;_N7;JN^-hJNR8J)ORK$m-73doh@GcPYeZ{4e2Pn}yiKcR0npC7h6whA$Sai-_=
zU-6jEjYyA>HkA>ZH~2os^c`Z$cK25xf*G^pLcYx7^g1W(Zkb)-@}5KWaLFUBn!Pf!
z)2mdqLs-Ts@0<`cb2GIDv_ABjg=hA4&Sd{ED_hm3pznJYjk!eq%ZOAZf}rKzTl?pR
zp-u3w(#*xvPVw>qyRAjq34+K*N!W`+_{Qce8cDEuY&i)RmNwgi{rIBR87)<5FSxX$
zju6YYnH{WOA4fxOXs?>-X6yR6_W>Z+J19>e%YW0Z<72K3U;^h50Tb<lR`m}-l5;WN
zVT8X><<ug7%QGsNO}r784-~n8xt|gr*?<7BCc9+0K-k2C4KpfhAAB;)X`o?TqC_mS
z4cUcx;XK)F6IWRPKp%6^pO0_5V)DnsIa|ch2?4_04PQ_8R^-SGK$fU6fS*H$=#|^(
z*hpf_--d6CiBV?DRB{P&vJJ3k%Ua{i{^AwwZSRR^C?LwRP6>zE;sCR@t5=yiPmqxQ
z`4@#<6u3HpI!IuVg!L|DM{hQy1ByDh!`^`a;9m8O&Qu;zMkyzR*m~#jnAr&Vtu7!P
ztXrP4-5sOtae>LmH^JF_tXo^280p99t(1e_G4fddxDRjeGh~)kS$it^mOcc~w)OGe
z1oHtd!d-q?2&<o8^(~eeAQ8`IC(qTEdWwI6+(L%U#9{H#hh;8ST9#v1&854hk(?6a
zR4N;JBGfi!E(7zNnD?Fby8E1Fc>yHQK;S?V2w7j(GOhVXO^{QU1~rz3^RG_>F=IGW
zfu)TAK`G4KZ!>09n<*Aj(&zkQd6gau{r2pX2W|r09C-vC9t(g-JPH<eBm4sz9k?GA
z#IBEZXQntU4&}P@m@iX2B=e0vyqCeRT*^0U3UVM!efSJEH#e&D&R+~>kHm6SY}NZz
zqL9993X|j^&kZwoFS~Bmm=?dKsx#R@>58N@z|g62zLOPe-m(%8l%!FceP@&HKdLL@
z@x{o2^1x6EKDU{z&@j@>kr|lAI~&3&kqlYyOhNZT>;RbK%nXn!u7utnELIIvi;)N$
zI`eC=^B=EtbPWxkV)PcN>6)F_(x$`Wrniv$@@ppN7}Vv-t4?EHaV`5~RSR#23>kU1
zNd1ZzNofK*gPDPc#a?`x_X?piK@?&X<81d`!o<m3bV`(Ta+OFS5M4I&7*u8NbV@jR
zQSd>puhwDRg|WgcgWg*ewky7u<koLgu5Jj$8)f=ShJv5%EPdev%MxD!bxX=#G#$hQ
zG@&$brjQ3Ap2b<c!M#~-VbUpEl{VduFGhgq06!Da!6tkf7f$g3;88ZoEGbwwyWob5
z%x)atozquju3O%=;4$a)Q!;>~4DggGW<5#6l9ahM@xm5ny!ZHR$vUcmj-91)@F$b1
zJ_IrFEYmH&1R%I8I*%D(qf$v-#H@g(F`m2T%X8N<V(zjE>VKTL;%zl3jYqwk>%nlY
zP~u_T%Bq=@p7Ye4)SUZ#201yE5f*8lPNsKb9xc7j?l$a#W0)9G3mrc%7zB7Ql@WF!
zIz&_TiD&V<f2A!(Rvr7}39_n`$RaPz)aWSXzmw-Pv5lRa(-~6sPH@B6n`zNz@Ck^G
zgwUJ9Ue=Um9C7g4-JYC|UVN&4*1YtH6HqcpRTv^iSdsPwp&URlE&KcJY+)%l<9X<l
z`BKzuRG(}XkVq(Ezwn1zf<&>nZexs|EQ+N}&}hncwB_J=`vd#jdsj|^_%h?ouwUsi
zr}LKFhxUOYAimPuwWz_eD4}=s2ja+%F=%rnXW)*yb4ME5TsfTc09`j+qBD{uJ8*6a
zQECd6@gR;Vj+q{@BBcQE%LwX(wykmI!XdPi4L3gazNDr$><VTw%V$9BHc)aYx{vLM
za{|-l+HawA<quo;GO(D_27b?G82&;jP>8+=sM|9_t{y4rIY~QD@f04I$`I?y>=*$m
zoC%{{Y@&B8MSCHyfIPlHVN59yt}2)BFF0Ug5BzuD98jy=nj3v&wtNmUM>)`>PN1NR
z22gTI9Y|*GY8T~c8{@#f11dlunin6;K1>j`>w5=|PUH_%JFL+&aBd9r35U}3gXRF(
za-G!6V`%kpw~usXh5?mh>L1(+_4Cc}@7K5R?E!d{-9_dF0P>Ky_c&Xmy!+5+mzg=4
zvR86J$Xrjwm{0QuKZwy%)rdf76>L7bwk5&wR|;`-{NXMSlg-?E#%S!oD|V-TDm2?*
z=^ZH}X4hfgE>KzZ?wKX*kS151%j&60;_xCTxzPFlVehS@qU^dp;9CT-Q4x>^2}J~y
z?vhRgq*J=3b3jBwknToOy1SK5$zg~YkY)&pVPL558som7#~apq|N7RqzW4PH)(nhu
z&b7}u`|SAb-ySO}#wd<@6p4=CChSt`c$|bmHVdj?ERzo3+S^iGDnH^rSe^IdHqBV9
z^#CCI+lX)SvTs}fQVZT-WLI`doMvx43IL-`O>T6ji(d~d&9n|fqj1EG%=^tYw>whY
z`X1dNf-f8Jkor3{R42nRef7n0@cYag77uS^tu}(5rcX^D%EoUeb3Nz_;xpFneHTz9
z6KjFdVRj6xQC%KSk87bk(p{6?>SPczuP27y(l*2#OP0=dd!8=NB=b&J9E%_CNNr77
zN|VpZ<^Xd78Ud)O(MO<NDI=MU0%%P>#Jw3}>&hq#!#cy4@%ltS;pZ@-^SQ?j1F*kX
zuz5G5!l|Izn)yYhoaN&odmeC)@rM8a+R&EW9BM>rn&<U$bA;Rxqy_sp?LAZ=jjd=5
zz%jOhXDlImFX9j<1}l?w350EVAZIX<8n5FNJPVQ#F!fMbe~%KNd`cX*{%U7r+x*en
zHNhb}|H_4wH8u%$ONd!=-QlMdVOCh_r8YL5Jwo~@-=Z|HStf#B)`Z>qgo?FWdGT@v
z2XkX7vL~iVkGH34>`HY9hg1>u4AXdpCA3u*2h9y~#XuEAQxCxBQkxfR$oGIRdJo<f
z1A78zjq=aBHaPM){=t;WisxYI2t%78kVcWgTbD<Zd>q8kcEaa6IyZU7;@|}bxopdY
zlgB~vV{;}mIv0n5m@Y0UVUq#mDsKH)yR>>`yho<<R+>%L!>v)3v9nxhk;Wfo!>(e>
z_nQW~D*e2%TV)JB2@UE>y+YzF#$K5g7iUf3b5dTb?{D1G;Y5PyUglQM*L;lZN^qZP
z{-}E4way^~&Z?T5BglGhoe@Zrv$t&OcbqsBIYv9wEsj7vDQJz$%P22g11t~bmd)IX
zP38{pn@TyQdn#ReSV<uyd}dfp1MM#v`Yl&o0ZtO!H^F7E{5e*a*W8tBqo<or!%|PO
zfm#M;<8Eqf9Ma&?bRcKUj?33R(R}snJ)-*#y+<+}FrY&7`~8fC&6Q0chj&Fqb0mDO
zy)Z^2ko)A^6r`hFa8g?4%@lur(N0B`&(4bnRwK9PuP_iLBJuLa96yJ_c|IPe^Pi=s
zoPoH3UkBUc0<zOh0ds}Vd97r0q`gArK_*PraxN+W5SsImynfdZ-WYW-SdC8p)lyh+
zH*VVSS;p<<ch7-P2xaSaCq-^ao#RQfgj9zo9YeZ^w6>nUdFPh30sb@p8$e^n34}=e
z6k{sS(l0;meGGgF!q>8o&Y%tX^_9280Iy!JHPiGALH=+IyqbYAu&qR8&;7s?Ak=e{
zic$8w=*4ABM!@ZVO>cJYEZ)5U;v4sDOo`5NMbN*acn!?bOXCIZxgYod1VFy{OP?)Z
zbRfkGT}?a{5Pyy+|H9A%B0Z#Hn(^lalWtws1ZFv-Jn}~<_wR_-t;^|vMt|~ci1mye
z^TQJroB?Keu_}%B+z;GCFX-)<tn(KXxFAWZ@z~D&z~_g6us>9@2A$#i{)pw=ss?7+
zT=41rxgYqyE%8e<|F<RnPfPrvFa8Hxg2G|uWrT6xHG=*J1Gr21Om%_*cc%nu*Op0c
zouR%c(lGr)MMoA=S^gO5_glejJisP)FXA))BTe~tWL6{+IMM#KB=(oi_<nR8TA~ph
zg5IoH>ODtoc=_J})XIw(@BY7I&cBEMbriZ(0Ohycu$Rbnj_$hk0vLm8)%GjlITr=R
z0Xikn2u@}Z|2sDRkM2ajx-SKcA)<AY+xr~VM6Cl{16{}oyTw0d_xr7&2s#A)sYl58
zcOdHziFnPU@t_CVZvAJl_WhWR|3hGm+YVgI*Ux#-P<M1*0%krCcix3}n+6yojS)NP
z3<}?$-gptPVDoP4Tz2QlDh-{N_}{T9GUOVw`{VqCDGZ~h!r48sB$MDql5q@088Rtt
ztZpasFStDS<+%>Q^0ux>buLePorgEYiGMG6Gal~OCbyw^ChL<8$tbp>42cxT?!xCT
zecKI*UKpRTqvrsOPi5_@jqXoLhsOv4E@Fle;*mnFk`3MKFNkmkbLES#_d9Px0KT14
zy}6KWM7K2%ze3V7-Royx#Zo|%qYICuh~AT*`Ruc!XTj&1Fm|dZtyB6wgF%%hHG=aP
zUS(@LoPC6&Nuo}t@ZHCc(|P<Sn;0-V|AV^hunf9e<LJq(!1(MA>Xrhup5FYKWf2_0
z|0;;^W{8&p>Hsmg2Z6e}&N>#OJJmNO0;R$LQgZI(Jm3fW^NG(D3%T8vB6o;%E8d=-
zf{?+9&=Ow9^!(cZ@A>7Qo86z+tK7$2(pRd$8&$W|x@tNG<I@p^N)A%}+GYOgUOXo%
z^0j<WZJ^?KJhcj4xLpkt+b&&e`Y>UaJ=Y~p@zPg@D_NF5o47ZQ`LF4M=#%I=>SsRD
zW2fbruZwP4Kqel@HZtE|8t8&FdET^0F;JoxeUjDH>8B|A<517oUdx~#{EDi}7EL?d
z;6e`U^-Mbi|Bk~;K2HVkQJv|elj@Xl?>Y?ZQ*xtvdLU&>=vwCR)SKCnk-)z1aAUio
zIw`_kI)RzDjwi&Q)vu-5f9j;#PkO}Ai66db)pFz=!AiqP|MRg5>)#Nn6|}61M32-2
zcKP5QO-D$GIsVi!6p(Anon|+bA5=y%fCAS9UQ0M0ZJWPJc;$)tnKra|6X#t4F)PUm
zMtt31#)T^{#48vqBmO2e5{Z9v67*{5&AU(f6ZoFUcb6lKehON`7bCt*efZ70Toa86
zS}ZRKKtYq{sL*~!W#T@j<urECT+&@=Vz+F6>GwAry&3P8gih&;dnX$u6B&OiS)t3z
zn1NUN)JVa4<>;XWGtjg_BlNgJ$3wS;Os^?lsTNnsl%|Or&JL(*tn4yLcaHn?Tkprb
z5Ikj<RHXRc<W^so<%!LwM78HnV+n*7>nr|-v}|2jmRPQJFl$xmvls~FM{|!erq)i-
zrsrQwOB=!iX!$`{U(?q^O?Ol-SND*bEk*Tx$?XjA@LG=ut-QE_iTC@)@S?y1jv4uU
z@_nLw?Xm2{>$P>EQ|gc1@*VFCJLb2m{$|$i5>7Qj>|19nH8561GO0*OMLv9lF8l0`
zVxZx&)g&#Fr?Bjpyo`72vNzgVPNl7&Ra~m&N>wC+)qdKwRBDbdU{77mQb@JLhTi|%
z%=MbVdV4(CdQ*9+H&HqI*j^&qitlb7Zc8O;9;NaxaSE2+eyEk}oVXMZP;P}kkY}s`
zVnas=u)x^60PKQYO1g~Z8(^Ra+$N+lxM-adr&kQ~^TSZ?50=CBcWz6>G3eAAZ;KX{
zZhP)+U}|S=-<a9ABRFh~U^9@8{zM&6E-5AK`6BGOfpnUIPJl#on(*z9BK{`N!f7DL
zq&1B_1Qd?$w4iUa(K}T$In}m_s6lsG*mUbZNUrPU-RZa6=#0?bOR9d1ReE^hv&<VS
zpwClfO!)hPl92EUeSDzLTklp}dobQd*5ThbPKKR!=hxq@2rt~=J$zKP&}05~6yU3f
z{{H>-@NRchURqh9oxuPt;1_RA@YR+yI2v5UxbnF9Ivn$o+?6lb*?o7{P4l5{a<oS-
zs%GxrL*9vMhEz68H>Z@WSMvVtkzHZ9H9zMf4}F}Iz6OQqRygjmIYxTr{Cz(^_R3c)
z-M1evv8%F}sP6-+%-bm`!)6=J!Jpmtf~+i3k|6$q7+0Ts;l5yFo%yj2RK?OFSEcI}
zJ76zW>@C^s<^3vLn&v`?_s5_6Numqml#KIk-mtkERa3oUw*PKIgLtFn9WF7Mx1%Q;
z<+@&zN0w4NzZ93m1&k7q)vFX#TVTwZXjjC87=x}vNoEZl?jF?m7H+WRV~Ws3Kyy6E
z&Wn=hAhJ0~#LV6~4%W87k?jaBJaU`SwU<?B-Akq5{~mguk@~@py&9U2Rj4r_`<9n?
zQ>}65!#j<X`|yL_^~IyC0$ww#Vw0u(z35A=gwKF)Xhn#c+s~De{#uLhnC2B0V`{g`
zPaJl8_W1Fas5v>AD_;+F8<J`bme5_M7QJxaKyoXWx<o&K6GYJx{E)IkuGrh?*Bx|A
zq6A~sn78Rg<7~4_j(}~$J0I~&1uA>>;;-)HD?hQ;&sLR@yZ&peZ;y+eU`-w&C9Zv!
z)atAvfKCA~tjgYkU7v~R(9r515&<fvwF)>%`}ne6b3UZg@w&!Qq52QTg;<{aGGH=P
zFX#-&CVGz%4!!G4D>!{Gz>;VASVw=-()n*!HW6#rD4<cQ(n5{eAy+AwR!>i_)bfzA
z3^3Ll#T&AHmfQD6{J1eO(2Xc=b$7Xwt00S{idiH&OK{gx34cQ$6!M!Zj!*Y_Ie1Kt
zk8|~(UR8#t4hF5;by)lw$V)>(w`*uYdw@r)wp;;#G0~}&R!b-3t5FTt`uh0PjnozG
z6HPWSz%OGeP*7{NCpKKH`7&Qs1n=4mojdR^(&1uiiQATvsKn3~XN=`57%7UBess5+
z8YimPXhG&`_)g51Obf3Mr6;f*vO}%uGR?vb%{80J0@W^A0_(QCey$%T8#UVn5EM6@
zE99L4;-r3Q9Fn)a)4seT%$+h>(SWL7!dZIsH=5MT1gk%phv~q&=Rp+#-QCQB{;aW?
z@=Jww^PRLg`Eg@41*{anq12z)fYj*}YSrOqrYIjZF3ZPN&2WTFeiET5!HU&O8dsr+
zTRYwMRl5(SswZ2=by^73Mg+tceGR3M#3izbJ{)DDB^>q@SvL+cZ2wT}L-cFo3sStm
zVziE(+i{WqfYZ;rS<?Q`-BEHYmesIUM8r9`%VN4xv0tZ}!gMGj%-zLK8dydeUS3Vd
zb*Qnen%hKDaHhV(Es0zVA;@;L!PSzGJiBS}&@u6<yESwUTYl7_D5EV~D}or$wly=3
zu2c%BfGw3C-j5CFC4wuVbtEL|1nb!<J(Z@XeNxA*O-%?8&;eJWmxfB}-dsh7Vx6+~
zg<Zu-)8VYJJe8ujHx*#tF<(6@ftZw7t@S{E%lAJ>^_c$Ja!+`8G{PU||N2UwMtfnv
z=-fgDtS73VsWsPHYC}XSG}7IHi{r;v&(ppJ9(sk76tz&nGQV1>Gsk)<>F>KJscz4I
zF{4nmF<<4n>}}iQ+D*=}7~JgcUdT>;aLXl3fSK?D+@$F3Ci$*OU3T#$y^c!h*0$mB
zN1j}_;nQ{Z@XRYwqUOH0Tg(Q`F!TB9o(KN$I0Ro^c}EVT1T(drxC~@Q;a*XGFxIBu
z^wZeP5cC2N&)x4MPP;%zrE+2Br-5BS6NwOUkWeu<mWNJ8tKxkc309S;NQz{yw=7Fh
z<xYH5Io3trYP>WGpt>*Yl*JSIzE%3X)BvJ=m6#zvzm=N7t8<CZf#&7y(`4lG4SY5n
z_5ru>F^74RU$zDv2G;gcL{<=S=NGoz0|zNrZ_z$A(9Dcp)5P#)uht(dhk*UDPAs9*
zoXM!9CcG0FK9hey!)a+WO!;kF?L8;x`R8D(sJug!t+#y~=@6;r2^{M9pLb@cKL)D)
z!OM?Qi!SmK(MNY8*(12(;V}b}`*Famz<Z}(c9KQv#nyfX=Dai{1uud}$v@p+=!pVI
zc&<r}Jyz>o0V<8e_BIYx#tLAMrK1@iJO|N(6f;8YXaN32A8K9F8@CeXWC72v{sr@`
zGkhvRX1vRCSsi_P=ebjtGoAo08Qt1j+dpe%etQ9ewrCewvxubQyr|dzeZ}84=l^bT
zQoj{^{knKr#Xa&fz&O_7SU~;EcX#V)qK>}OL#J$mf#}hq%BQAE6rTKa%H<L=wXNop
z)tV9ejW<QF60m~VfNN{ZHTb&kPjz97-x>SV+h8D>K{8R;1%B`x_!rKJe-q<^JjT|J
z*_YwYkpqTMS_iWtOGKNWRY*_Zts?ISB{v564kNE0r&eW1;jP*l)D~W9Y!nt2)<hNm
z_C2<kLg^I6xIA<t4!Um#5@;4xxOdTfI-DwV$XKegmhw8PYCCOFr{dpIm33JQBML5&
zj(*74#Iz4}=X#`Hk~$#i>ae*sw6mGHW4MqaP&3lj(VfyX5UuD})tz2Jw#}KyFFsXf
znVHC04ViP4kGcXPCE`Pt*AxQu&wJ%=t3OpwbtWcvIq0QF;z31kEVp)+90}Eqk!&>b
z&>@D^bcj0OOOGsZm)}J<sim7mG~Fi<I*bzl9<nD+cVTil@DtS`NB1t>9PdUZMEaCv
zQlr9oaBeSB>A<Xvc3Y~9fZDj9gfY8fKZg8+7q`n{{K0w*BS`gEz{G2x!1=JR(uh5{
zztd$iN$x3B=oC7gp+4%SKgCo@ibAZ?7O1m2*bCV2`vcZpDEh(`*RsIhC{&f>t{)sS
z6mHqZI|WD%G+wbJ>VU*RykGU}khKnxkK<U}rWOmBzk*vPZJz(EGZmB~*nhSAJV){H
z#ldD13p1jQ+~C{1H9)>|tkC7k_|$U9_zn@#ewP!R-6Hx_E+yJ?EMI=*C{c$Q|8-J#
z{0DjJ8Zy^-*08cX^U-|9O$RvjvB14(O?jG@V7H;j&4m`Tmn3uMp{FPWe7nawkkkQ4
z+xzLq{myPm-1Ev};(f3*pc6{3QY7^S<&dculkBl6G3<ef!qw-pGl~Emo;r}s0T`;x
zBR(9Sv17Hb@-{wxes!!2ZpM-^4q7gI2P$bJZN{RE@Ef2T;W*?7AAMCe%R}|vy@XJ3
zOGMP1uG&vaeg+@cd46_Pp<4F>q}(u}$Bs70rrdN|b9EFXJW=KHlAmZxt-fp7uE5{_
za>`tRR@IAS>xl_tV)px?;}|XPL4U2CW(h6@7fDZZhfL?|c3pNyL1MO>2sC&aSye&n
z6Kox|R>X%32IW6@kRZhcELIwy{`n;S9q|LB)$5We{7EKKICURL*q`6r&^9lM@316}
z4)C}t1&h@|A~&<F0En?6I2w;}zy*cec;tsH;K*UB%-6afuc#L2p|m&Im7<YSJfT}@
zx*BMl;xc5>6Gv4?Qo#>G%pUT|N?n&tu+aq*<s8nZ(>9D}u?6;RDSM^{KwzObu5lg{
zixIQrv4+U4)9D&@ZR^oq3;4vrjX?)lFWWVktdT&ikYenvM^T_@nf@>{q{gL&tKUap
zAhaol@d*Nz(%4eC<hlJ7Kcev2u+KPGp+*xbjcY9A5^~EK8Z2b>IFT2TLc-%HT<c)E
zw7oU^BDy9^&dzgATk+#^NzVJMt8vH2BEw9K;Ms&L>7-zxqB8FBO#2)jk%mzzBslHh
z+8*sMm_W55mbP<aqh{3!V)an(?!_QGfFoYbjCc3Vd|$+5#+5;eN;^XHzJ9V(wfPJ&
z*}11~D9nR{4pU~QMQS*%L0HP?fpD6#BUU)E>D01X+*8Z?-V{F3iAt+QyZTZ?sW|?<
z)@Go=MAsYsX@d=%h`xR9{%1JKYy%qhYrX@c4kTm6IEV3b#SbW#AIw+4c5bBDl<Qsa
z+DCWrBM;bm(jK1K)Aw*rfSA$gF4L-m$Z_Tq_vOFfSR+ISo1KnupBDU``>p-6N6p7b
zb*5Z)=^`YwR9mp1So@Pjge5#CV9_G+U|nS_FsmTT3SOIOYaEwQ=KUy=p59#L#HxLm
zf0BbS;z5dY>zs{Ae|L(JY#7xcd#wIfR?>bK5;lV2k9_d?HUc8<;Mq?IVe4_fW0JX*
zExBV9%b+V?$T5#{52=&0fVH?d&b6{EdDgj+Vvmp9F;><UEcii0y!zYER-TSlY0t0L
ztZ?NHR}b(zZoCS10Y^s})u|V#Zb#g0XegE@R{o^`@vxxl6D{taO`EaFduBrTpY~{R
zSJ*r^=!q8{%5vyyi+%d+QkU5%Tqe0|%;G+S-Qw|MK37kQ)BMJRr%IsNkt`4gA*+2P
znuAO%gv4NCRosxRllxmliLDOef#I<)!**NtGisGWk~^<J@07hOnAlApdi!}iT8FMN
zQc|{TulNg%5l`w3WuHE``%s5mV>>KE7Im1w>}>+@-ht+4u@}miXr+S0;XNuk@)5nt
z$yN<&Gt#oe-A*ivv2nv1RqLVn$`hrwhCQ*h6>yIDIXJ|rcz2CO;`8Uv)Om=vPtC_V
zM@U4inWz<MgQMwH3Z=Z;i@KKw9!OBqUp_rNS{Zxl8=D|w)_nS2+}xGdnx%TulVQ@H
z9l3LlpLP2{31FmLSji@fp^;YUtX!`nDPViZe~>3HY8(M?)Ug`W&YjYbY`n)uJq8v^
zBJ(Ww{cvQTSU-Mr15#pMRg?2-5*(kPwsUP!CW>T?_%iq5Aw;Z?hPT&2tafhZ7iHrN
z{+-Swp6o<^kQm^GEp6pHZ9*QH7H}*LBy!OMpww_~`4QW4dd1v#cT0_onY2q~R{69v
z;*U1D)apDU%2&RQX5gFZPG4M`CBlha!b44^)kMiDr{K7A=vVe8AC?Vl?M9qT0GOVv
zoX?L`aw%XQ0vhV|W0H;=6ZD&^*5N6o&?n%ow+>dVzPmvu%$d@v$3yW;Ph5*{zy)Y>
zgr6-`!D2Xrldv$qJp(LU_lNCY?&Y1RJs`hMXu3^syf<vWBiue*ygpeO8Iw<7WIkpY
ziWDHB1cEjANnEVXf;hvPp0mq=Rl(Nf;hCNVtWBM}q(uUrDO4{vn>t)ukUlPY=}ech
zWl>YRgK9EOYD}ry3q4fBS*N-nrA$8;FOHQSdEQF{4!*$L4)ylrnZFH}+%al+xHeu`
z!F7}L2>^l|yVhW@tlQAU<;&DA&ukgruwNflN5_1*u&jWrN;_kvBfw9M+%xWUXY)=%
z0>{e9?mdNUDH`%!Pk9y6%p}Ah5r|{Q&73wCB%|MPJ)$Z4)Uu(Nlm@^6KE1H!1l!O>
zE%QWE@e}FxgO)qeGhv5cG9<!;+r>QNenFe7Ut;Y7HJzoIhI5MrX=NZL&FY7qMe6i4
z8xLs#$C;QRaPQy%ESfc4x{x=YV9Fx8BRQFwj5nXiWuAPUh*>I_Two>kz2>pkVehrV
zGUI``H!I(0JmdaaVUg$4bBdDha5u$z*Tj5bONW5bhSzV1Kns<V@9h^Hdt6ZRc5!2&
zW%Z>&MO0IXN)wLZaeLp;m#h5dUyp_|du)x{{O0?r+`7IAoP;xO?y_m+snp3=T1-<;
zI<2w874vt#+S$kx4&@x1(}Ix^1N9Ww2$<OB<PP_+2NRUdX26W`Vy(k2laop0Y)=}#
zZI0671;&RE?}TwR;TLGxy$6UTCf3|qm;!qPyC(}~YSdNoTvKWsOKNVeW`H$d`LR5w
zDlYq5mlo&RU3c2!$9juD5VFKB`G786XB%K)`wnzHM0?pY$^>7p_@QWPt87Q5O0q=f
zI3u!qi(hf&^d=0dgNJId{rH={E)gQ&d~~<LRQXGfG%|z_>hj|tDl!xYCE{jgii#&{
zWpdD!r-F_51RzsIU%)_Z=wXR_4Ug<s%@o+QaYI*w(fXw;H?KyoDw`?y*%g$e*(-<E
zLWkvJm&gE)lkn_SUb9+rUMcT&l&BB|KNf%tPl>l7F%QKnZtS><371Lpxn|VaFlyC!
zugvendES_L0=4YF7(B8)+L|-gA$!V9PE|6wJhw(p(AiT|$?}q0zixYa!LT_sjM-p3
zJ4?>kWRmHL0MQh<ejh$j5fi7Dal@l>`<b<NS?j!%d-@ztR>-lAB>;|sT6B5XIL>!I
z9SlK^6{&Q%hTY*()SRrWGUAqvXP&m7EOTm#ThKg><4$8zLd3);KPwsHu&&S8B!fC_
zPVZSAc^vh1>wtEbZCC;|jl-=c8x>hO3t3`l<&U8@iQKy2jpKZsnTXzT+y|b<Aa?}L
zpdg~T<x7FuidHWZ4BL#~uzgtU_87T8KOZdGFBe9>M9dnOwEe3IQrGj;ItP7$<4K**
zu5uqu8OxVt3>X>;<Q*!^4x`nALr(kEtc{F&qT4W?98yr<*162_!?bqAgi!UL6}fEg
zZ?}aD91ycP=dV|C_sKbum91R6(Tn-!sA?f>B!_B~>lMtcwI(Th;g#sMgf|-i11xER
z=ZQl}+>Jt(tX<J;w~~R$2B=E|z?N5Pig*<#U>tC_Gey2#KK9N6)~gnbsyN1%8+r4~
zs1&w3>5JP>>Grmk6Yy5c^^FZewL88}#fpcJRvG0QN0d56Gk;mNlfU}QS)aPg2}0!q
zUe4$dDI!uu{Q-`zkDnTcATQN54>c177hc$msap9y(@s`dyPUnR-Qowrf@-mME)nBo
zpv{wurCsq7x-q0YNC5vi2zKtj!De;G;CNWl6-8UF<+wJX-!KaragFeZS$=Q;SEU1+
z3G5ZGO;ms}ONiAva#kR_(gI;(LKKZa*0rO`grviKBqK8_evX5s?4XCqH$m;u#<SHx
z640z;6GAvc*XxM3GoBLU8e<ewpef-9sW+^<q6%jss#`lnrXFB@f@exY^>Y1gu2P{E
zGy|r!TU|yU!<p2NA9m6+aYWbULzFWM2(;CA+cNFA9FN}VzZ7Us6WyVo*2yeYgX%W$
zENj~1D_Qg$lHZI8@!RD%ph@xApm90u<M<HhAp@>iEAz;i6g4K+s&|$wHR>_T-A%7Y
zeOA4Qa2#}CK)qOi5gePU?D+q1ADbCyzAo2f_rZGQ^EvvGdf*H?(Y5kwNSF!zB39JN
z^hg3~<$6*zzO3nOqs-`WE3C*A=USV{+1=q+Hgw#L{MmFb(^Mn%h*Zg~N%cSq7VS88
znJ*$#`fQeWSUh_+_zq=>ZYGiF4p4h$jCp6(^?zklV_xMyCe(nXf+0O95}A}Q_Uljq
zDGpF$Hp{S%1ynil;^GS;l-kF#IRuyb*0-v<-OdP}m@DdVJ1K@ek;_^)uLirHWc2*%
zlWO(y!m(1sV#&s~5%CTkvoW?TJk$DUHG64&JCMz$*ea=GA*pIIfnxg}y<uE*#Ay<{
z*K8$eEku?y1X92e-GFC3$5jPh!sRA>ahmK_7q{0Y9V1hF=UC(PBij|*w(imGCSOEG
zQxsA?&?7hKt)M%A;0m@L<P6ScN;KnF)?q&?>#Wtcu<Y90dpfDEoGdEa^^xoCE<wQY
z{mztW*K3!}(>$k@E86=Y(tFN+AtV(9q#=B;b&GBM)xb_ZH)I?!7AL!_+G`Jvr+q<c
zQhV1(>H@PizkZt<gW^xmy_1AVokBNbL+Z>nERQ?8$vqik6vvnxt=sw`8JntRFTCd-
z$OT-gpYD-^PmBIKD^+Q4p!3g-Vawt&Fmm3{J`}9fO57FJhWrKPLsEoW9~`O<i}E?9
z1jr6*>bG34MO>TM(8ZQ#qlrDaF*b5%5U(LF6)IRPAHujuRf3~V$E9rvZJmN>r!<ME
zu=<rlZ#}neb)M+P$uVV1>?y@NRW0+~xZTi_w&*^RKx#^HG}A(r1@V_}S34k<50tzA
zn$fR-P+Xn$bw2qVDVuBkj!{HUjZM1iqOW+tq~q-y${ZdiYPg*#)_th~md)x;X+o=-
z%C%KnW7%tK@^xIBnmZEaWIZ}dpa=0t)LVqGl3fsa744n!&7)*0f6@r}_v|R6Lcl4{
zwDSWSL?H%ek~i&{%i7vOh#*Ns+Q5}MC%CRrBLS1L2((-w?N@*C>QSs+S)+y$y#k`q
zK9QEp9_9GElujzu(o$-;*lf3^>R`99hdJR9it?i_GLK$9e&B{&j{)k7;w*<74~3ws
z<6@U^*631#k{-I`PmRkGaXeY6W;OJy`ew<C-19sw8>=6LZb#9M!4Pc<EmF7BE+CNk
zZowp#{4bh@q$HK+TCjU9UW2T%N^toq(?qW(a1^m&b6|Px<6jQmyg<mbfx#V-X?0A{
z$K>VqNX4G;d!W2uJYonhSJKCg9KSE<6Vsh<3ig*O`~7Rd6ERuCuTO>&!}>+-gv_l(
zZm=)W+r~It%$OL0bZ_2^D4po`%MkUv!b8wkQ6MVdNR+^A*6VCXrV~PLSle`L1$+4A
zow}Dt9k2c|#u&)dN}Az8zHUY1Un6RI{g-OjR<J(u-TW0M&M>%eLt!<cYg1#TY^o<T
zM1XDJ*>2-)6owRRW^}~J&dA*|bM+BzJiE-Wx#^%h*NWZE8-kwu9`YT1u2UWL8<C9Z
zE_uPUok#8PqR!Gbf%wCh%e^L`!ug!)rWL+XSFacjd8@c5RvF8(xYN=RMwa;@!&VW6
z)(w<-Cn$*P7Bca%X8Fif!4MXge1c=<XO7ldbSnjJcAQJ8NA6SL#e>f?UVQU>^v-!4
zYW9rr{BsCLt-hUr6eCZ4jE3w}9x8`b(ZzIoD|05Elq#+4kPY0MyIfs>F~Ct%vF_M!
zxf^uBVK{CBaM_A6z_55iaGurFJTp6Z)+a`XpaB*Db+%h9-%6`td;nt6;wL(Zv-uin
zPB>&7y4iRj?5bhSXd=bVfZ8(reGW^T>Bkyq7f*Hrqll;z9LNK*`#!*5wOLgSndJv=
zU#jnS)UM)Z_5tr-Q6#k>5*gzd+bkV=9aL$>I6Wz49REd%Ee-cF2+&Y9$d%KUCw9*|
zE+OFR993kGEb|i{!HJ>9R;}JyvLT5=1sqM4DR#Zbbhh8TpaSpS3JPDwH0;q}wpBM5
z{*a8(zPtC0vQe&}5U~MiwMp*{!altD;kwwQzB$>V9{C<iUOca7F9B{ofvl%AKE27*
zekNFC*kd{95*v-5he)~70d{X->xyD~SJkkwB%Gr*w(*PK&6TwAmET+dPdLonbJ~cR
zJ8CuZqcg90veF5aE->gB-GP`sp;g`dYgP8W8K0(Bvis3(IIW0xU(g4c2XFz<mYptG
zeMh)NZw_DKb2s7fM+9TaqE{kf&fV0g;SI`QAA2$8`;M#zmsN2_O=isLQ+bavk2tns
zl%?8X_IzK$WCldF#w@7j;3KqJQaUbRv@N;D;L+3xkBdp(!MF|dvr~=5AVl47uaJX7
zcO>MC*^_C;y{9Wo7RQ&RB_xXDj?-D%ciUEZ&7)(o)ChS{R6C#Hb1za7>JIp=LA{wr
zT229r6^{MWCLzQrAwpxaH-6QgQagFADd!fL>*=L=8On>=ktTDwjnVwImXl<c)Yy{G
zm4JxQ>G#rKVuwZ}Y6AC=j=U4{0>_ygH|=rWnNy&aOK<^dn(QqH_DX*2otGoejJ@GO
zBp0>pVcc{r$Mw6MuiQvk@%*#pXI5fsY!{wz^o{)9Q<tl+E(cu$y0b4_#;mhKSj(Pz
zz^QpW`ArvL{u~-BcD_?%YwHnXH}1}HKiyvZ^qBG%k5|I5tUfqJdy9I;^iq+B`@EGo
z{&pY}tNj|#-H|elLo$(l#ZIvbTD$eNaN3PV-}ibjd+jZ&zIWSI%hw9H2iTu_?JSOo
zYb0opBDBgJh}qwJ?6%e{Gqn?z0UT&Mn`1$g6-k#mQYx&fO`3*{s*nJEH4$4GKkZ=<
zuV#Au!4QOht}))C&%^AMQ^;02QK4E{%T#rVpT>rn+mocH&^$NeGS^Wltf8_^3V<3n
zVAJ@-#7KChFTK`j-DF~!X@yYWD0ZgBtc>O4Cy5pX*5!Svj?8R=gt|_6uPIXL)rrDE
zguI3|CTL+~^x-ozMl&6nTHT7hp#Cr5eVge;b682kP3YTE*Zhu<ln-#qVe+4u!@Kml
z(B?g=%s8eu<44DPY{@(9K`Z+^Q|&c4J(sB?|6<8c50hOc92;DN&MhkC2xmH%q$%J0
z{EXlDn#&rAY$jCZ>8YhlUxy<f*5LX^JQ4M&<w1VP$wu&&%mcUUpb;l*1mmtsp{7k?
z@Te^}e6IG;DZg@~*iBt3vH@mz-Oab6AEjNrFHip@Y1sH=lVq&J!Je1xrjnkoLuv*D
z=d3i90-mm~gF*u{f3UQ`)jC7CBRRvXCdrE(b;$jG?~HV~j3M%9tOR22-pKQbCH>j6
zXT3qm?xcYzQKz!*&X9iB{*V=Oi^{VKFaRL`8kR&nu^W#o?b8dgDQPZQY~U)lL5liI
zAK3_Sv3`i`Uq8aLfRa8yBT7C6vW|Yeiw2JX&I<$ASx$@J$>SgX<If*n&bYwr&&k03
zOlD}Jp;w|IjlYv>KYsh4KelLr<UjNwA<#bTS9te720;Igf)Rj#&ZUX#ob&g;fLQ=R
zMC-`wXEfXVnV-5v0HpeC2Gg0&Sb?9@tVbg}IixO~SGIo3KM=_MRxb|{oI6b@`bmjt
zE}p#>z%Z?%Krlyhcll>l_&;UvOE|Zz(N7u_?sc{x0J(g-4+x9Vb@wMM?hiqs-}-X^
zPr4=6C3vp9ZEgd?BH%;)4bu7ZldTEBlRBpxP@F68Y9JvK97qQGojCuONWRIQpP2nA
z@Bja73qcc2ZrD|j_gnuJ*i~?x-QVDs|5`+^Rsss5gnjTEs=vWc|Mho3gvG%A*|Gc$
z!~1hpC_<^xP^9-g%|id=T>p4=t9a4vj6LylL<&iCmGzw%FYj|_K%v`*JY!q_oRVNT
z5UNk2X1s{~8<Y31DGD~nZ~kj9{C-R?YBb76Qu7j!$2@0ey?Mh1yZEnf{VfqmVPI2*
zS6?T=Jnt0$b-}z5`}cVN8YKK3u&=3Y2stmGGyGq`(Q(K5L#F?{rM?3EUGf|A>s#ke
z5i|dQ>|E(e+(E<TTMcI@&YdE#0r-AD?!N~4A8dek!lC;ZrV80W(7ni&H*{u3R}zot
z5f})|-@pG^pLo5fZSo!^CFLCw5^8XvkIUMoW{$p(kDqik!jQnt-EI0{aFRc1a=a%~
zdYTd-8jJw?4UNBiLAJgVRN9j3Urjc<MdD7H!WX=59AaHGIl0~e+@Um_569aSj)e=D
z<lCmZ6^RSVI=)xxSn6+T#8fz!RSZy;Mv2sDJ2vpI#;Ut(xw$n#_lz$UpP*@fHLD6+
zfPljKqoR=H#*lIwnZl@Pe(pJRF?~+BQ|E*Ou~wt?G>#l{eVxQoQ3u=s;vG9n=X}$7
zLpZi&O_Y9{+%3bG1X`t?B~J)1(J3QH;Q&&^CaX4w7m+aiO87k>-M%|+)EA($uzV6U
zR498bWOBV5=7H+}z-IB9yiO|FJuO<_ecJC(C3p=&V#&t<w7S<k(dO2XBbj<EP0$|}
zlt<7Nc1&zAwtFR<PO<%=R{IAM5<~JmekW@+!psKcHCWArIeDEm9G@w^F(r7vx!iKN
zHcrjy)cQ-Vs8QWcNrBcu9(Zf1H+Gr-T?b;pvzJA`_gF8yV_m(*eCKM+@h3=sUr**2
zVg@Z#J#^JD#<2s(f;mgzl#`(w*&GHU?yY9LSY410B$Wt@fU;*R4Uqt-wnQ|;$&29Q
zx-QL*m!8KK(FDD5kD!Ie;$z5=S|C8_6uI@vwg5<*bbTn(?T>soXCm69t+k*7pMZmz
z?6TE5Dqc8RsMFq96~M~`X?pgjU6;T*<BSQuy$m2Rg;bBpS!Gw1vbF%^kR;NI)DTEx
z9l{`Hki&*5lJ!Hx#v>+n&o3obOz+-_G%{^zSIIH!4OQ6!WT$Qsa{#?29{tpUY88QS
zJ|R?H?$}8k|8y%xYu%aGb2d#M0-9aO3KH>-5fTzY_vD5Y+XMpGV!7_=m+H9!uTv~w
z#Y$wJxh46qYRDkaJ-tt(vZr#LhZN|&1Ynn99NY|7t5|59HZ+acoC--6dHYkED5PVi
zug4Z@*R@!HA*&~Mmmq80hsr%u2Tk3h^o1<51g=kP$WMd6i55V*d}I*~QS<=*C~jdl
zu56=^1g;~0A~%#FOGQ-7pgP08GTKmvj(*nG4}%BA2=>+mC_Epl(TWD#4exe}iRq5&
z?kN>mlv=SJbr0TT_7925Vqyin>NOy(iW5E8A>ZBJr_qP(Z$K(V0%3qqASJ_)Nv{;b
z{CVd_@>2)y9X0QcVdJA^6Wj>%C{+7^Z~9IUR?_Xp?STV@>gN|&?A+H;vSY}0N;*BR
zJj7DU^|0&|S50l#%%pU4VA)76mYk(LLQ^qLL^tp3-nuu1zdSX|re=)=TkJh-E8IT#
z#G<(gfE(nJQS!{{EiE17Ii?DN&eEr;UX4Zk<cx?@WI#_fQRtDu{vo5o20an4)z(D9
z#;7*f!D!>FP($C|VgYw|KG%-c#Om63Wf5CU91KK9)2$p7-mSOlB+&V3a83*5tg-T4
z8K)!ba5L{Qcc2S688igAqa=u}lCQIUNSPV_EPVtVQMs}`u<D@Db@ef_9OJ8X<8;s5
z6L66Z!P3rPDxzL3Vj+_@C=D}TrBHot$gwTlg;sa6K-z6(PunwO?ocCVMSxYcz?!|>
zt*lNadAmVc1?0WZ`d*RIp>`-^%Wf>;j%i=QEr8fJtT1V^1~WftfT0p>wyly9uZw7x
z)yV8GlU<mq*$JNe`UdfqJiA-5f;?)hsPSP+(D6h`pSJ(XK-_f5AKg!WTrghm2>cVd
z<G&y3;S64WtXBKE{2mh0LA!iU)~>9^DTI+Wm2<DBYx@{yhnkgDguB9gy(DjOV^po5
zjV$*Oa@wv+I)Q(T6Cfmx#`7$4%n9k~_S-}<v)BocbI?f@t9Psq8iy`FUIiF}B=U$?
zxWAP)WlV6$0(2;^gH~-<h74VDPo!yaYWOZfQuMVOx5)<~-%v*0!3%lr2t<`pSwCyA
zIpMa@JYtyeV57y1^bjfPS=;-e3W-$i0QbFuS6cU+c;dvzEf9$W7p3K>lez2*MFiIF
zu`pF*<~fk_IBrDyGKpk8Ux8NWM^3jdE<Nt1Q2OUe{O1*QEO5DErUyZq(TPfL-w(_}
zOF)Q^K3<Npc4!8|eFq<(kvwEy6LtOGtLa;twdK3vaP<z?EwO-iSM<d>eft5xg^ApJ
zAORE5SNj<$V&fXtwfUInB32uB(^?#zOr@@GMmw=gw9c07`eT}91*^wV>E(lvx%i05
z1A3`+PNgXz6O-npk7P<BT`OR9TXE?)$n)u^2rjH2U2(9JZAv*v*Q~J>#aE*fu_x!o
zg`}jhl(HE0>Y~g%buwRgXZJ0>G#@)KTLf1sC~w#>kcS*i741z(Sm)-Lasx0#aE2Wr
zJHSi`PS)E%3i1<;ee!66)Vl1j*UZq62K5_&H;o;J1)J>N_YK6^dH#*_{ZAw0j&d_w
zd_?i#t6dY!OE*XjZ7-VF`oNatV-9l#Rw_DxL;*XC6_9!fi?ht-@&#*frS-sGikb26
zzIm)!&ng82dX5KHf{DMb$c$5xheW@h6OWJkYTY!cQt0C&x}vXQa&tlGqE#03t7{Sn
zUSQA{-exhx+XL+`oIdQO?HgXx-WBuS;2`czE{b$3Q!N6!e7ikZ6nnSt!iJ`YMs@4c
z1aJ-1rAD-jpqKax=#oeyVJb@x0+rj89oG~8R{zNO3pF*h$W;PH3a4qciR)meX7T<n
z@e2U+MM9-oe&RUL9+0hU^ppoA=6jQvG}BUszSJnN-h*3u0>+$*<jGq3I;-EC?&0bF
zwW-dbakLL<W`DuSb5AkLUUGPCW|oRS!8|^6cV$@e<6A5P@J0iprT(_v;!qgg8P=K?
zCYsP=ruFHhP&zH}r~x{%>Y+f(Al0?Imp0OYzJ1+F>*F=z=s5RdYgkDSX1-ek7^2^-
zPHalHs->YU5yLSVuT~sSrFPL3CX-;gO`qV!dz8(hNX+(Lrea3VE;1MQfqWeCrRZ{_
z)mj+upq0hIXDEp3wIvun_f`jAtt>44(sa^ft6>e00A7fAsv}1DYA0SGpO|y;gF+Er
zR31NVwp@~<MV<XYfIejSGj7NzD~IX`u`>T*ZyyJ_{a#VO$QWUlM&*Y8P(^T*r&>>&
zG(n%^4O=(Yi{C2UT|_6vMBeqR3>zD6j}WF=^O~Sys-qQ^wRhcJc49Z5$(G&L8dRIZ
zQ7(G*c4wu)@X$@cSOboH)6W{Razm7F-7bpFO+65G@JOx9h`poKc+(@K@93CoXFN{o
zOlboCbCPa(2{GsW`@&=%M_g)6W*>PKkyi#&Gu(2XZ^#W24yf<8`)r6RzC@!=g30(c
z8oM%Hd>tXbh_a8kGA9<Fsy)1DEn>Q)ZNsn@pU7`F)-VA_T{5q%>QCGlX^g7h6PuUC
zo+dsm(&JOCSPn7VNHAC_jUuy-CCJo!OwS4mQ18evdCp0DY45|@8l<#)#;dSw*rAD=
z3UYiY)>YHxY7_!qoTXtZre3xFO=U8ceWKPf`--a5#(q2)zQnu8GZsXKSWHr%GX7?s
z1c)Kz4I;&}U}QGKzUxk!ss65S`o_YbI!+wnG)l~?%6x5LAnvd_|14}Ub-kd$JGxoq
z7qV9rsY2DY0}TdmyO2tSw=#`WlEW^{$Z5F-WOcnhDYd%^54zhBHJIW_0~DPYun(Nr
zc!3GOLQ#i`uo?~P2%S2;<65#EwvZ!}H*qvTTf{4IoDes&+n#$-cPE#LuNq3l+>#xf
zbqB2(CSet@go74(<$8Bkrz)xrPKM#&>KF6G*ZMnlTzg`)jDpPN>~2)XJk((8KCl`u
zZ|h|R6E4{>#48&B={Z^L?+12S{*8n)nyfwnSxSRL4NHgp32BeTk#_i*7xDh(NdQ*D
z6-IO|&x7FUo2;<i1Z!kC5H)rnq)^QIpir>dK)ddpO)?ZOplT-ocB`!{H-+`VuMfwE
zjK;JN2+->{#x65ARz(eEN_AF0eX;YfYUO)y4P~mEK+^QFauxsB7V`EDxu!!$H*}sf
zLpEWoR!z@zaOZ2P<rjh@d6sXDA%aCA09KDtr*W-x(q~NeE)aj8&XiL@L7f%#(qedF
zJ07S}Om_z(+kr;!^xcqwt9=W+hOZ2?P2Hx@ApI<&EoIiIjze$p&N?lg&IexvLaoMZ
z3MY#tKNlppLp^m2BiKbdVganjNWo5QO)@cuC7vwSoVKs~ZcbcZ5ljElY5iA_-3PFS
z2Fo78D6%a8Ka2r>64|Fw)zjkb2ZROh)B3z$ypY0zG>&5jDVOWJ9dZR$Qr$SqbGst~
z_@!@)+ugsurpGC98+>D*8L*H6WZ6j)pp~}r=7LtJ59Fi{{Q#MjW@MXkKoAkmOMnV?
zZk*|XxK*W56E}fu%uMnZuBi@Lf--fEJ-hxd79p7|HVxA<^2TyS`)(C7BpkwMwy_E`
zWsd3chQ&pziTZ-&zO8R%?|j^vY%&B6x1xoG563)?W*<JA?@#K{Z$@=Zgv1gqy6Q{I
zXKpr!^d?+&wOoHw(f@oeTjX8G<EZyptIkJ*M2yc=3YDO@i-Z0Br-}}1;3Z62dsQDu
zS(LV6(clc{L7`o@waHCm9t9u!b&@y*qnVjm#=~M2wE38!Fi5xr1ha272z|o$EQ+d=
zc6P2-s^7f50?x}@?zL(d{N!QEb0fBC(k|6qz^<^tEk@kavtN_D<To7oKlkOWCtj%*
zF48Chnrq{fCFzlmQaQHjUT>u(^0_f)Ccg^cFG{NdI({&dzmG}aZhxSZtMrjJw$W|i
zWS=Cu<jhqO0#@aIYMJyI3h$@o_6eiqMc$|Lim8FP<9EPczi8cmCe6~1A$ifj<Tt{2
zXZT7#qg*p+k`rhm-?_0iXCS7se!=I_xsz;0^NZATxt$$V0v_Z$P|iDX@#@R}6y|?<
z0bXco4`;i*pXh)y!aFm7q$;rQ=AI?RAHTz30s=SR7uRn8r#17RpKb<fF3oWsDxDko
z#MA~BW2O&6b)KZ&U<0ugvge=94ZmKl2kgt{gtD`2@SoGd0alAI_4!#8X+Pv~%NZEL
zi^KR=>hmAd_3u|?K!D9n@Z)(bvi~n`2%6BB>)M{8zV2V?yBT2?Fm>q06uT7PnVK9}
zctI(2p-QJprEbfSLZJoW3UK50gaPfzpI;?-JfqO@8*=malm6N)q2XxGfv`M{!xDA0
z+UF0UWo2!J@1>?vbg(ZOiql*>XIBZ{A-F92t;0#01PTC#(6tWRR^Xf4L-gzOtzC+Y
zOUEV!ei@c<qi}wZE6{!~Vm7_K8!(%s{3?s27NqcGbk>{Z2NuG4oEQPHN%cEFzn-PJ
z#^|^*&v2dqf+&v$XtV{SG#-_*cuEW8=$#<g^yf_kXe9iFyQJt%#VH(IBz@Sw8AnCP
zU!GDu5ZWKlR_4xSlgs<EDQ68*rlW0*C^b!B1aWso(fa{tRaMtrGHM*<I-Q|xY5D<H
zXEn#oX{J6MD~kybXR#lkcjSoJt>{Q$tCVQS0MH23uyX4cBI{q12~|SJX2a-h00`L1
z>B*C>D3)ydDkF8Cn9ar%Ds!-Pcs88Z%19zxHle-b;ImI)sm+eE8j$FW10936U)rv0
z8y;BB-jR%;t(fnP`_kLnA4XN@&U^$~+3HWovd)xRAk{DauT%XWQ=rBIx*}5h<h`D|
z#|mV<aO@UpTpi|1@$65K&6H(^-<y+djaTlJddw}Fgs}78|6KmQdh64i$$`b1h+5UG
z(J7F7OmO{`iTii-I6MHznniR+RojpdsX}W(*}#3SoIgcD%O~Mu>(u=~zcJFu^?Ky6
z@j&~s{{RqfF&;>YAV@A^G9E~b0NS=oH`G=XsDW2rvEB?iD|QFy5wCYZxmnWJ&x0R|
z4)UgZG^Sk>D9Xm*d(&=6Nk2yh!;N0aa2^#oaXVxqnJ=>?Y@O@*kM5pX@}cC7$5Lke
zN-u{@1ryJ@R?sq|ru=cWhy}&ce!MvU{61ExVc)CFD>bjS6+6a6yhnsuglxCIWsctz
z5;#W<Q?vlIwSa-V#q-@Wd!W@tuz`^3ob(yG9x?+{GFQcS?mS&)^%PJ<RpVGo_UFkX
z;}M{6bF>MA&tgkOFHv<Hu-{;>2oi_SO9X}I0{Sw;)sU0%oM!@RHZC``^>aujTNNfk
zG8KGE6@cobD>rUPhIe!d{m|spg@UT8)g+wGswZl7FM?AzqpGpLK>wVy1jP^WYRjjV
z5RTzoxS=edxb#A;!Kfe~=wK5<#`@!e1>m|H1)48_N*W=fzGI(ML;*^++2y~@Z#qq&
zg7Lk(mxB=-K)cX*d5sKsQVCiNRD0G*-`6J6U-+<pE*^z6;2A|4bK@_)iyM9KetVn`
zxL!g(VD4J`o~-}bV~is74qDl5zoapCxUch<Bf3h5`q_mON9r$u?UesLlgs-6)yf1D
zEz!9b8g)4^^gDbb_j9EC*M%lvg$~<9ev@SUD=YAO(|`D*E!{t-d?p6CRhwc>&dq9u
zeg&>PT=m$kKbPe1!Hxj_opl1-pnqic$E!Q)z{M<ljpZyhx*w*(8y$>~9u;XX!f$c9
z*?N|Dy!bS(g>G_ZGU;Oe#BK3z&eqIDh5C_c+qL~G)_tGO<KX$G1&mW4K|A#ZDCM-f
z?qR&55YFeu4yki$I&%A-ntrmK*%Q1l{umP*JI<=5MW!(%h#d6CTz|c#*aMzg-<sfi
zvO}^5v}C|0B`DPQ#%fpb?Ue2q+(w&`vVTPQ->;}uE@TbTg6WqQs$p(O21t{+cOqAb
zJgZOV;Kj)djhNuzF~DCAGnDp-9_~QKuZy2dKcW&Kn;+k3e7^J1%+>^E1gUXAYv^aM
zCSd2}BG9u$r*Rv)sK21tiz-5^c&cK`SB3(za3CdiF=*`xUEj-6dgvL$l@5eU8Jwc&
zXn-P&C>>7?gH>&hk`n3Xll%xNCza66rlg02%m$&A>#%U#2Xay}sL8qS=b3T)RDx2s
zJR`#;6Jp{|21r))E8smq0;P9*pGi#88znEj-a-D<0q{8^dsGTLr;%e%CZ(h5pLu9J
zk-mDjx-Wn7G>Y-1aAN|ukg%|DMwfJfLCZi>g6zp&RmbdkhTnI9y{V!}p(|A@$}B{x
z)_$co%<NGJ5Z0u^qZjGV?+2<Fa|E21i|;ZiEA6doG6^v3zZCOim)j<w!(CXjH*zpB
z`2>LRH9ZomnoFi(C&4!#|7oK9UO|tmp?6y4Kh1y52iP}CZC8qDtr7WzuudK=p00J#
zt92x<4VPpWmP_Ws88nn#W<75hbbU^d={J`>oz(;)!wXSHvPpSuuoK3l-_?NsGG>p^
zwm7zet!b(51~N?ujv!{2gq?V2u6l<^pL#v(oyEo$*Iqq7#OWl>q?cTH#Adj*UnKio
z-8y6cxcmxZHe{v1$#5DK6y8%i_$^cjL^^r2zPa3tagNP9lMNhifsf&?EH@-z(M&~&
z0-oBrqn{X_`38jp72%y!6=t!|<f9%b4P{AEVI!@gEAmc40gm3T1g+YH8AKGlO5X?b
zCA&nPO=HvjCZjvIZ&Na8)IW}gbJHFtb-enU0pxFG@bmn97YEi%K&mS>=u$L5kx5I)
zViXDRW%sZ+q_CD{<v~4*xKKbnV?qLh6{J=c$SsK&c_1t5QQd*edPgQ`3x$O9^}}wp
zRp<CG+z%gi5}CjHa41d~dKP6STExwMe{pE-dPPKXXf=6ElR$&8%Z}ub{LB`ef~Kcp
z=4Br1>ao{}`PI1{oVCb4xu)cp57svHCLjt%T=yw=GNXuM3l%qA%BIQWFV3h#$ysIM
z8+PB`eH^O;T^komgIjZ-Yn0u(_VeBs<JTXIW3(Y~E@->PY_>aIjWf^swm(%ai8~5l
zIQWt?=I~-i8KzZIf7D=Bfo^x=kWOxHv%cBEX!66Pm=T=`0_#LQoon1GjWYXF;fEKY
z?W4_#9oKo_6eDW;ps!K8ga@Em@;$Q;<Z}}O?K~M5&)xzV&KGP|v-hQYubk%}cA?9E
zwyWhxXwLoyiqLPsrS`w*EAH!L7Z-mQ;m7!Ke^Z1`VeU_cO%>kj_ybcj15lxvduHDG
zG!6JC3(#&nToZfWAGVT&DF%w;*{S0%-0(lAL*hO9Ha*BaDRWGp(kj6a0!)jWKW&hk
z7y#jP6CtX~`%fEFQ0ngG?&zv{M5Obpu9ZaFg<eK9jWWi;j--i+ge|vy@DIWZ3PFtc
zOCrWVKYP^vd&LVA^mTuR9Vm){(J#XLpl4rtfYDcf8PI^&u8;nQ<^SKx(hJQOrE0zR
zvx@vIM<2i+RS?|EJ=a{oK(p8tL)Xsi-SFcu10X1KrYA~&m`nf615+8;u(}Np;&b-v
zn>T1AmbUJv^XX9Y0n4h{wd@C9$G>zmS~^VV+qL=md7KOsw^Y%NKElZQTuEu89euBl
z=kvn;4;BN6{9rs|JMS?Cb<vTZv4n<mEl6hohP966`!9X+d;Ptd(fqgh9Bw}$lK*zh
zZhZ%^U=#n}-w+h6#dZ4D{TMARE#Z$wkTd{{gc1OsNXC!kEU2r-iin7C;>@bb0T<m{
z@3#xxqj_0!lap;^U$mV(b{(!aqPRjn_E1t%DtvTTgEZ>LpcOQzOn>^Ink0$?-#sbC
zPQ&f`p=MImO6eijPb|wq&bZZH<#PLnjeCf3cc2?Z1g$I)os){GT9ZfFoGawe$+J9U
z;JA8fV6Y*jkVi+rdafEtueExU%Wg4|gxkFp6rrzGgh0T-AP*)p{o}^We>V7kyt;*Z
z!AP}3gg$w4&tsE;tKPa{phzo0rIWNRu=`^Je12ww?FU3ed~h}>+SdM5?7(i;qKv^j
zx|dOZwNn4oD!hW;GeVs$uWpx|#kN>lV`&c3V3;YbAx}Rr0urvYR5c4~df^erBfDp*
zLxb&D5Qc+lTFR;6!dU`wGF5>JYC8D)qj08x1h{kHUB>15u973yyckkT`=dE*b~H+5
zeu+H$y&E~gf!`Mwo1+H+mWawG^<-1=KUr6ALWSE^^w>tZ(Z{g^wX!xjRVqMLve4e<
zzW7ZIux(3XPS$#|B|SRrzDCO!LS(>S?UrP^<iUI5u{nOR5RE^{2Jk12QFA2*@4sy$
zhYr$~8trFE{vYn%JF2O-+Zsg>QBhD3ks1UP1p%c9(t;u)O^O225)hEyq_+g6Ns)*&
z=>k%ug(^J(={58Y0YdMD8q#ijzw_Slopavb829h{_ugadvG;zSXRS5oTyss<_{Quf
zO9p)E*sYcng2YqWtUJ@J)MVOSKoh?gL?>%)Yu#A>=U}z}vr|v+%=`Jm!Ab-7ep9O_
zytt6PO=8q9<Xs=iVJSv>?|=KH;Ij91YogW|k@Wa=G69b8mxsiS*iZEC@IG;~Or#9$
zNS-XY%8uN~9}l7U(e)g%x$zqx7wJ}Y%V#xr|CRJt&hAE%Bpj8V@uDjxDBOg@G-5c1
zObHRDW3vYBUvMwe16EYUr}bg3^+)kQFsSyRUw5cL`Sq{Y^$BlE&Vnfna$Al)r6}%A
zs&At36(l2spjw(=$OXIYA-I=;PZ^Hm*e<RkfRZBu)Du)GW;Q=59f>&~a<JuFuv*<Z
z6G_V0jUshCTmULyJCu9<stoG`mz2YeIm63KC;`*Cb^9r0DP|By&a1R;D-Azo8dT3s
zR4fJgW|BXl<b=sdYdGw3jGv%h9HmPv-i_k3*lT#OC9+cXx_*q}Ch;y|y3+1$i%P)4
z#Ln(Xbaqf;NMg$4Zxl0u7z(8K#D6K@VWOt(j9bI{eV_q!USZOyk!}C<^_RaLtkKsG
z{a(QANn7_ntj;oaQQQ+br~j*4`hT1~|E0%e?LZ(2zuzAAh(JY6c_<7@0)-jt{43|O
zJDA8k@WU=KS3M7!f{poh4mwZ$L}~1~OngQu(^U2^k3h+)Vb#9U1sATa-4+Jh^3vcD
ze0tnP7|M_Pg(mW3zkqrDI;hI}`0A>@{TZwy{VYShRF;A=idnah>t@cRi5+b|!aDGc
zCk-cxf)j4S8`tf<VbdQdhIL*B4+I3XhyrZI0dl05nuBJg)g#P82F0#V$dti6Ns}A1
zb(M)uyGLGIO2fv|vbF=hb46Y6S1PzlJtd;s{w%>2DBy!>{Yf{o2S*B~I!veV1xlXl
z&fDT?W22`~`Nsj`KU%rko?9pWB}&%WV|Tgyz&kK@MSx6x^)IKng6!U8adeI<MP8+B
z-H0OWsNdK5Z5LN5=(`mONvAX<`HbWM{xg`_s!xGG%Hru=fPJR3m4?O@25FN;KEWA&
zzoXw2xg>JRxxYPYB<obF9Fpc2ay55mYO@?UOoP(Lu2>4Aq#U=IipJ_F6qDL^9{8bn
zA)o+)wE6KwL2Z}Yv{z%k4E!o#7y8|r`bdU;5{(_DG{fZHDY_wq=*GsAJ8=iB8V^kl
zG&^!E`%_i_YCvjzx06Q-W(O!Qjwu+WcwoJlRPGDoe&}RB?ilCghj9KaixPni-M+~J
zK%je;@Ff44pZ6&Gk`k4Sr&;2=6%>T6?>ltRiZS`MG0l4NyJd<yh3W7A$ovE<I#6O|
zhrY=5GhyR0wfE#2MX~q2JQ-J@;1^f8%-+vGw%JN{o}A9C3LvsnbOqe~t#4;$XbqkQ
z!{l{aDvu5`=JvD>EbR*zukQE?);UuA58l7-V`r?97$mW;xs!(WvxKe|Q8ng{oK7Tb
z&RI8IbKCj*5r*=chjZ5pBscv%e_7@*>R8Crow(mskoBFgS-pa`$(j1Bx)BB1RYu$%
zux`?hMJywSt$Vkyr<X~anF)f1Go1T><tWnF&H_r?L~=;Mi9z(xN{j$UQWJ^7_QzGr
zAh@k$|1)CW`iAnWAF-$}9aC%%62k1?h}-fXYE$~CpLAcb#$S^}9-X2>!~2;;C^3nd
zXDn%oGD@c^MVec()Q--e3OfSL%kfSUjNb02Po6e(<IZ@3k@ecoY*EpWYW$Vq_SX%i
z2t<l>izl4n0Ymw!LWwe~@dh9#hknc|m^HkAM;=1>8E@bd8HX&4T60(miA<D{lIqbb
zeDioUqwR92!9DO;?~Sph-2w9w@lQu4BdXTL6z)=Sr>>%M9qpxfSTUBpHBy|VvCfpc
zf~E<Z`Rxtvqqrx=2^qKdwv#ZZ&J@;Y{00Z}jWNTOZJEZ+Mz<@!|LRdHj}I?|%J=>i
zq-3oed5R`8tPIMajHT>Sg?*K}D2*txx}!DKR{u6c{C6t!f3iU6UqCH8E_liYvGSV>
z9Yc`~btY9<=h&Y>K(JRdqaJoZ!SP}!yUECW-pZfj8$UQDEaUtiduCY_xd@eR7ys?l
zO`1);Q@Cq5=o_mdyjiT6>oyqZwhIBs7<6q^ahOnIfXwg6EAMyzOFH5(N69xRZN3hc
zTIV*Wi#QZFa4OILUsVS7xIRF$X*$5)F>iS>C$ijXlOdL&W%&CJG0PZ?gv8o@sE-$&
zLJxIZR<r+$b74$SGc~F|`^8}Jz@u<VxBb<-M^|Z2IGm<B?EWn-nTAcltx~F=507Y^
zVVP^;zK(v(|Cz69eM?ESqq>-oL0nV{u8Y77y6oEG-GVp6)*ODAkVw|$!!JMbO;<Pf
zDI&OULIw=K4qExdyhw1JWV;Ahxzu|>(KC!_;`Vq6sNxd_Tt9*{8cdPeC~^|^WmY`N
zs)+H>#|~z9m_F8|=%y;2IM@gtlk>l`q#pOa&Mz`{Bov7t9x2sn{Q7oRpla^nkinq)
z{iF2gD`$3gOvDc&XLp199|M5q5pEtu2~uyxM?6;C^Nx#`s-)(QrQ6BuW8z1Vq_-=s
z_4@s(l3F{z-aG}_<Gv9dL+gT##79Tt{%4i-uUbY?<F7-&>qk=@AD!eceD6R3xp>*N
zJw<%8n<?st?<qI!9vWMFb>tkbv$1JxkK|BXw+y<MH!(38DVf`bU9OW_&kjc$MrB^h
zQaG;fHLDx_iBhmAiZ<h?YTDEmqRPXqW#pG`Qp4!Zs!`*Zc<vYZX}OY)>Ay-2<_3zA
z<FAfTCv+GiXp$fJ*O2G#tLO%EtGE|Zf^!r?LZ8&w{?l}jfc{@7^}kl}J3flsVj@4M
zNkOwX&`MbdRpIu;d+qb#mh41rcUe(|-KLz5`o?&n#rx5nnJN_t(+<b#<#<{3M2Tj*
zv<0HwrW9AeyNbW=UBC2?K(Xx>e}3ja9nNg&co`;Tlx)~VIUp*Apx#<mOew_r6QAW}
za#zr(iJKo1=p7udH7&Uv?uJY>s*Lr3l12WC9UM7G-#qk_zj7rQlugsCFRLwUD!BCZ
z$y?8f{#8W}S80(m`<1>gYo=6pE%2%IIk*MHnr(k^=lfS9xA+ixV@xG9V4~xEA3C7E
z(P6IKbSPKTetAGd*bcsK%#N5xYszmboMbr=tjm&oc2{o?{M&i-zi(<*N(x=?!e7mT
zvSsyO&N%iA{cGTXQaJe8V?a@FpN!3nAkTcQZ7G4(#`o)Dn^U4dG1c!2x^R<P-V9iZ
z<xq@Gleoz8Hbu@AxO2z`^yOUn%dSnR8Dv&`lhg}M`0PRs8hfN^n)!6K15mtx)jRJ0
zCepE@kjrh+^>--td$MJp4TJd8jrK1aU9&7bU6f;Vxh#)l{b|%LQOemV*22FfS6IYi
zN{CN^&HkpJ$F73`?&#L_>$t{6?g2^yqGvx+HRmuP{KRePq12rJJjsvWW8+P^<@#kx
z<S+1+yUBPTD1r3t>&OrvN5g}%uK&l9(dl0%nunZ6?)II6)PtA)a<}gKRTo6=&(XTC
zeE3~t_}m$kG!l_}Z_s}wxjXnj?~osVi%z3d;y)LiH+b%RR=Fwo&j^4p1pydX++zHX
zmG@sbFPnk@z#hE$C&cRF`M-?9kG9EwqDlh;RVd{-w_*N2DjF{S<yI6UEB=X%qdEtp
zAOP~^+W$Oi#O5yoaMK$4j|c!a<xBZlX8zj-`M)np%4_ocrB-N!`$_-n%D<CgIZAnc
z-1+REfVn`$|1UqoY&#}I?SCSQ|9<30#lPB*N@@H*BLI}4EK_{+@&EXmAOHGz+PEJ7
z+bR8j-8fGfkyG{mhXs+zZU5`PuPCQWA2+L84L^Ll$e*sLy||q$|1Z>vU!Afxy0GQ0
z1ONBOxF+?H<D*@*ch$7rjOSD5^G;7c-dkAb!RHBfCm3soz5W+m^<U6=<^PS{eZ0Xt
z&z}EV$(C0tQMWVv1N%k(h^D@bpPf`kecn}#Ax$1xCbv8z{*sM+ln1MBy~|Nec_n7q
z&1)-W75C<8Cew{pzyZH!xOA$ehzs$|;}U)S-9%B)SNhfd&iI~0ro*VMjP=TO@s~C>
zf{<M1H!01|%IAnl42+E5)LBXNYbf^>_w_rxdUlXp=Qd}V{wGgqnMk{pED!6iiw}nl
zn6&YG3>GjY=T)A!?!Cjr`R&JQ$Na?^G3x6JOs=GwV6ItS126I&^A4|Y`*|4%cy$U@
zJDi8&Z_d0;2tZgN2BilTFYy!5tBPrt@TwyJI;JYoD;gplsqbLoZe`Dy^zT-u_HhZ0
zi{*XWI~>DbI`f+GeFU*+KALHKqoP1xEn^3~>YYL=F*P0IM4tm)aCh*c2(sIz_a}w3
z4!!2I)MOBy%m}B(%R@cyS>4#SST+Y0{OZ-9`*g}6n?k|PDeg(Mll6&LQHs9ID@$Z2
zNvh+^P=CPyrq*zG_f+a^R$8HhB*%sR(qpqLfSqyT&Iq6?ndUQo!u5SMB83iOQ9m7Y
zuFjR}I65`Odkt^{VoE~I)gKzwTdh9bOsz{R_z>^7m*db=c0FA4lQ1paw^zZf%C-Ya
zpI!w2fUWJ*pVA&?hF#O;=U*G9`sp6{!r_McrLwpb9z+L=LHwrYE3S4o4!7Rgu_-?&
zdJg>yV~Ltt<#LPOkFt(>vf{srFRAiMJ7@+H_pqbRAdw7Q2N>y(*(D=~F>Pl+TqL=D
zxd)7|>S08jT2roei-P9xy{r+_m*QW_^H6$L=#Q0$b{V#x4M!g>1k7ETy$!@TT(`_a
zWbWKxII<*|IA)!N%DZ%CyMoaJ%=%}wyVD-?24j9RX10LSdXGpN{zd)98pm9PfR*@j
zygXEkDtY(V<-ZxsOzX)J<d^2{#W8CLLz$D*#PUmJr=Pft@~+m)1!i*f<VeW;+Y3PM
zTzgD{xifL?A*5g6TFu8fP5dZMVC%hsj1X!5essTR@KEQU({%mmLM76P2%5Z>F$P3>
z;pUdfwFJ^Q`J`u;a7>oh5gjAPXPkERAj!2T6UdP)x`D98sL()Y?Ev1}3E;MuJCZs}
zeW+V;HDujakK7H?MzMl?5lUk~0HeS6+*>fid>;DsDVhrG&d)#|z4f$ka0jx%t8SVd
zwx|!?*fGx~u_K3KH8JyJKAc36*NAyupsDX0D$SEZ-`aNyzqZR?`-CKVE?`b{&vro&
z7hE68e-rBkJl$D#hU|KYKsOmlq%4R&{Qa+RUH^4BAuka{u7&2Y0ZBUm@Erb+fgfSY
zr?|<Ub`C)efF3r=$j-qN9f@CNP9U4mdO{Z&hlVq!cG&k%RKsXc8Ten|8Ule1=!NS(
z0oM5MV{tvKA{j!$H6FSrUl{kkjO9-*98|JMH6&clFRn87NVZmT87Q@nm3*<(#?ms#
zeIoUpqz4OH?IKxoSsUeY+0L%@zdZ6UlG9D-<anjzacZD2y|J^x(bGud6fie;NyWw!
zun)bZfW3~=BMbvEY@SQ|mSkf&6VXPvR=Oe}E*_<_OPt5{ogm$C{j9(`!rTdzj3pDB
zfxZLFqo+n6SKrJZ(QmH4*`*CYV(pRsxHC9WJ<%DuO#^(%EsfjdG?BTqZSV;d&+%l%
zCtg(SgEnp5))4<pIp!ROPV>HnvtgQ?cU-&NH5lE9FnMT@k+J*?jI}5I1|vfq_Sc|%
zNUXI|`sg|MR7A(V*!j|)-(IUz2)a_PQ?Z`|U#pYNg_@OIufXq3&82aDP?=@HuZkcw
z0L<WRb?E8fatCzNI1xya6+JS4I|Ih&AboLvP~@r}JeXLK)AV8wQn<&iv)n^-T=r@c
za_fqPOiI8S^CghU*uD36I}51{j_2t5k^U;~j;wa>WQn7`Q-)IU&bIw3w95HCvx|PQ
zc{GSaM%kkey{w{#fK%@w&_M&P4Y(MQJHP%_b*D5e-^x~7%J?z<CgA3{@Lu1mgY5>U
z!o5i7k<)n2mI~;Sdc%<GoC0Gr`s{rCR^68?><bO8P#|1b!N({&#)nCVKHBG=s1u68
zC~XLeZ=vjuAZH>f5qb(ECEEIUlF|5exG5=i7kYp#1VB#ay9vA&{nA+1#`nlQ{4G>V
zK%<vm0kg@HKxT)NG$s|3w;ap1g3ueiNiL6serW?V@RyWWGi|xv*H-+!0iNt>qUPwJ
z4DD{cO2`c(YVMtQJFU0)t%U3g69x<t!%r><${DS6G|!{HGqGZ%h$FKt8pLS~dCVH=
zg99j>OeZ37vd}O#xn14ZG1M|e2|>nUCo_ogJsoHqrbh)yk`e))2B8bI7Hg0?-|G_Q
zKfIdM=iT_^a}IEcnD*G57KN)CQSge?!UGcMram+<gQyx+FeIv7nn{Ijua$CHll|TI
zv<mls@3$~ik6E}OWouge^5Nqck<6>kFI;}q+8<w}TfE9F(?Ew5Ha;gLHsU-`avCX`
zL5F`)+k8S|-5^U6hAC^504BghcA?98A^=h>y21YdN`%+4b}Wak4(lNgE1(P5$i$3V
z!deGdBrj=QQpLFb^{u&E1`+nFVH4H?_*eD0-*p~u9-^AXsfI;Q_8-DZVwQxCwijr6
zfLwy#d>HEJ2(jJ06B3yfSFpcRNgfbA>ig<Tjz}9ua<{Zc_Do;FYm@t4O{2J*TfxdF
zpUD?`%&;>rUD{zinm%Ea&3oH1edA5@Dxi~=8utYiu!^0|z_;`OPiK80h~MLv8-gx3
zK+K5@5oft^r#%}$QX$X}w}OK1_tWRGtv0&~y`0v{zUn_Dw-;Q41>We`i~2^#3veL5
zyp>;1dfc!{_;z`5rW?M!{`?hz<|t+F@csgD>JjHn541G$;XRa`wx{C@;@se6`KD9L
zpV2+qjTU3}CV~E6jXuoxJaVY71Q6*E?;LA{$ZXEbWNnDK1|;bLrfE>v6-fvKfFOrb
z<h3@^5IfY6m;*fmHZ+j4q0uqdtXZxFJr@bby}vj-W;RZclDsf2r#S!kP>1p$^j?<f
zDGM<CGmLM^t44bmKVJ$v{RLc7fL<3NZC+G-;K%gi#m&_=+qPb5b@2h?M(W*$tnW;O
zqVdJ-CrT3>K;Gt^-&;99AoFU<_@)ln%{@BAl_gc9UL?K!H9`UXRG-4)gZhu2@p*7w
z=?(q#w_bM#UipRXS6?g#?C0D7FNR*6lc$)XW&3;t9=evc`g@QXy>Kfh5DZoeK|(i9
zfQ>Msh2#Sm(ht{zCdWqP`o~=hm3)ydTnIg(Zw-$`E1mw~nW<laU%S#Oy`#i0a`y7)
zHuq~N9M)=`f-xrk3PN+DH?(HmD4S|$eYdSH3|a?THa!i966Ngh%s*?TOcjM~WbQ*e
zv@9IqMfh@Ncia&QvWZ1EoG_;2636uJ6HTy*qrlS+^7wK#k_a>v@o>fj*yu~M-4CKG
z@tP?arC692X@&Nk@NLmaD-7J-)tos0S!**;I-6ZqBlN0E?97#Oq0k!iVxx*Ov4!EN
zW~fYVDac)F9EbzupkT6PFA&#(%yQmz&Bc@3t_-bw{z1vJEh%{GVy|M9zT&FSH#zfE
z>0RjFXb&B99S&B&)04-n@apy&cCxz}iZVRFlh;UZ+_=IC+=R3YLyA>a!37@zdW2)U
z;!=7Z*F3ArlI0+Anq(U3r15*od~t0FbJ}!ben8Lppj?aB>Pd;#9#AfNp|_Mb#u<)Z
zaJj+=)iTTVkmhWeg+gxk`0TEfpm-<G8IaEHl-A365dq6Ofhxon<|hY&X@nCu$$^v)
zXKuKagQa!}=Wj15`v!u?GNQ@b<H$<Lj~DRVYIu`1;*<}#4{mJ47p}Sq1wzNimf?iO
zWf%mfl3c);DpPhK*F$3+>oL%&!1&!&yNWXDx}&z0HHPrsA5*L$jo94vW?bs%sw79G
zvS!ZCy+$59yF%u09OQn%L74BQAyBRJ_qW>0U4$*fLvMVpu;z~B?=?<2RSP6>m;oxu
zha6vjGtO=yR-_7bh}mY61QIJ6>Ay~wfovexqig&R7sBXBeW5jZPy&in)#C@mIUfg9
z-f9mmtg)!%(O^tyVIVFv;nzdc`-AZ`bX?h0?*3mcJi-9pUSZ2~S%oyRk;DC0gPB$Z
z<rWi$DuV)sJGQ&IgD%xM6$8>DXzD+E$&coI(ku4O?>GlOes+6zVUTa*QL?6g3bePM
z9u@Y*dC$T2yyuiufZUCk?2lSD?S(!U8V^S~P7nNnT*(=XC0{~<eplN*=X9Nlq6$C=
z3;Sk3$@YmSz?1DBAbtf6iSauFlCX4%<at^0RuO4-znGCbsV}8V?__p29pc!*1=T`c
z=I|Hvk#8@$sZfJwn(+F91Q6E~q`LOki|BFBNg_4-@{flbACW>zUBZbvxZKl42p_4s
z$uELywf)q3gN=B^IEN&(he7wY{MgC;8=|CTaunsLSs?GD$JCpunRJE@miIwNCLIK&
zkcs=h2ZgJtO$y<X99kEu%?wY>I(JWwA}Z5RG!-5KyYD;AsIfkLA2Jx_J!_~k>+XAn
z6}naS5^Fm*Kg8z7%cAwDAA{isb!o|Vn=^~EkGnNL8G|^sYx&07>$|G)J4fT5(!7Y<
z=m5xWUa<>Iw6o)g{OWAYi@dY!1|%nnWDt|Uwf?8mlmL0EMSAImIp_Jp-#^N02V4MT
zz)h(DLGu;}POzIqfozC*bIFbIew7>4Q^m5kX9$4bpK7i#I_#+s#mQgj8q_eZ<e&CS
zW#DLY8;r!#_DioJc8IkXR?aAWxVC+m-2S90rT$f<4V_7v%DGo>-Q$K!JJ4oqTP~X3
zaue2snwdB+@ANIe(8{k@+dYJ*oFmqF0^<f4chGDt3O!sH&mj6M)Pg(UECWdGjVcCU
z<z@f%4#*Z355_kD#?&zK1S@?>5(~$jFycKZqX6W~+yS&I%k{+rDE@k$f!^656f2uP
zPXx4FBYz$~&Rb^9S_+%6=@MmDOO<;o0i?R5lC|@8>E~esQ{K}OFrI6NNE@~}?mA>k
zZe^_45FxLrc|tD7(fM8j7;wG;YW;ylf?r~K!16vzqUVpye$kyLE;!yiO;lRsF+G(+
zT&bUhY{TOckzhHta}5jC83zYjJs^2HDr(#>HYAfSNd8I3dXp=CQ#nl=<X$q`dr54%
z6BfTtxMBx|ZIiy78R(NNiF8^Scz}5;RN{yZOcH11D#^FPg7?|P)?b?j>Ae{1TdQis
zv=Yr$sXgE_Ca|p=2gP`;i8yfdw&{K&WNCeE;#$NzV#gd~Z}qHs@0mWU?+9D*qqUU~
zI`5?V*XBQlu$5&u+9z{tlWxl2;6MJU4!l=<t>8eW`s!jS^$$z8Fu5Ea^1Qtf#zvI$
zNb;5kbH<9)DqmkdN1*k){=(I?KOX)EVlVr6@X+%fp*(Q%WLbQw$G8t8%;!5g)RXV(
zi*96#?K$zE6}<PH@LnB+hkQtj#<K=aZ(nKn94!1Lx2~yzH(7KK_>M5+ch-Txj`n~F
z{ZhBg)s@%;u<yO}DvS~aeftj+{k*+==6gD^1B^jWLd*Bkfj;k$LSN`^L1?`E{J*f4
zaBd@e{LWZ*ZN2%|5~Mj9NPP->gXj;UX=^tj+0J<0OA0l4U5L%&bq3PPuQ#O|cxj)6
zpF~bpg)@Pd!V>TR4Y%zWEnG#w(2#jd$5`}!26=}y-Brs#@2G{`#JlK!$N|M*xyj`+
zA5DBRlw@E9`j0IfM;^fbtm39N4bIi3x3Q{{SEeU6NWwG@uP^_xKX~l0??gCOMJ#Ne
z>^48C_W?V05jr3#KDX&$Es-OGy!9C0jle&o7jv-&lI=d|0|D6gKjWKbZN4CPt80jG
z_?)%u?Pf8PhQ%(fd$p&6+rmISz``3_IoO1Z`PEqM1K;eQ50)AizOPQ}Bz#TS3N8RY
z(E!;-X@X*Or9{ij#KCiX(O3KY>70?^;|6ip14hseY7yUjg7CoYz{#*gQPMP-cDDuC
z1r08Xyp7HSA+hlQBw;NKjFnG5{bo;$?JPssKf9dh<85(R=b2Ra`a6j;J!G?V_BI&r
zCzkYXZn)KgFBk*&I6*`})ln8D%#P_&ABy&C0Vi96GlzLW)b4Y?!nk1OZEJtxEIu}X
z^=D5$Zvzl585vL|CERD|WxMoEw;aM#*WJ_z<nmdAqm&GA9{wToYbx0kdQf!m&1J^L
zDGZty(2Mj51+EGtr$g~6b0Om;12Z<YMheA*rQ0H;m|XcbIy7-cJRK!4y?I(iT}TZF
zzl9qSw0!~o>ph9P1P!8J;o#Z)kc(+R*8I}}$Kzs$_<bTzV558G$!2GJD_;!3n=s#`
z#^HUCvGperjKe&L4ZukvWXe%Ak6`tGh9NC*-KPrWL13I|n=NU{321$uy1}Fw)ppH!
z-hdQwt;lAHD^c?Ts3|`4TB_c3%HU4B^{1RWkXX*cFjd8ncUIroMZDh*@!pn?shdyI
z1bQ-AwFfn}ryvh3^!aU?-j!yYzu2rxehpD?ysi?^`9~UQRSLe*p>22Xgpm5OAz_9f
zd3p>BSowtCuf57isR>x$P=jkXzo&0x)=BHGA7o0G8Tcl{to7a-zV-5KOHBN_c3(;V
z+p*C|LqjOQ=Zm93wmfiZJ)?$KlQiK}T2$XHeW^XZQE_ygs4BXg<EA8DX>2(9`f-28
z6jxZH<32qaXP@l_x*UDl4Tu`}C6Y>YHN0M1h-NKe7N;6#g%Xm|-gt)ilk3De9NE31
zNm@{^3r}(B<f!vky(Z85qqy!K6gy;D?|MFQLk3<>m3$DaXc7Upn*->U`4rp%E;nMc
z9(g_sK{d4IX*W6Hi+@bPQ}6$hP8nK-T<0K2YK<xzHZ4SE;B#1O^N^=)qF~6;CKAPY
z9J#n76ScDrj~RL(w-T%~#h&>4q<-JZ<QRL)V&vz^Q%C=8R!q?JlG`5R{+R!*Rm#+n
zkxnp1XLNCzy`wO+nO^+R^BaChDh+Jr3xta$T3_{_r$rGBgXRw=E(1}r6D`c7y-LJd
z*$aa+>Vb@>7f=U#GiFOHWY3Jm^y3RwCQLF@u1Qy!pZcAgL5bO-rV6Ls2N}Z|#C0Gl
z3b$K?=$1eD%&(ZQ>&nKbzG>yg<_1#E5?l;7aTpD{v|RBszvo*+to?)9iQsbv-uL_X
zs1K-vFQi;un7*?$?r%@-7U8DO;ek6En`Ov`eyF_r`?$iCDD9eFjbq40gY9m%MXo+`
zYnt^@&b!TA>UsmwY{gEmHus|^o|9Lw*eLW{4Z~d6#mj2$mOk$qq>8US@b7o@5BaIo
z@IbuM$5JUl9GGU&2KezZ5<kz;&~?3_Mn?>}ag|M~H?Y_NK$=5aNS$O}arSDHJ%I&)
zt^ZuKFONtL*Ll_`Cd2oK{9QX!zU7oz!l(7Sj6-UOW`K_ik7t<H>Th6iU}0%|;^x%3
zE!Zu-?eC690~eRlpWhx_1m~`c<EbxC`$%)mF8?^XJbgX0gd<KhFcXj1KB*JH^JQW5
z!$^0w=gMUz=D(e`pyisJrter<v7*+|^+5+2rF-tuw_sHH6X|_1WbTqEC7p9?-~t<2
z1h08bHC3NDQB~Il{x0-{Xb;35a9A@e_AIL?5dJI&!4=532D$*QM*aCkAhmySD`PQr
zh94tRyvdbzP$0ZrK5ABX%;VWIRW>ku3+!F9H}ZfjnbUEvkR}Xio|8hAQ-<`vS<Eza
z9XZsOco)Y+gL)%Df52K8&Tid`t<Ko|s-lXu2YKCu5_n@)?G`#r2AO~t_Y;L($Af8~
zY>YFfc<`68#o7d_u4+hMl0cr@c5eEO=yE&n09|-=BX&%kF|Is`TU2X<UGHJa%Rt6H
z#lxV=i{^<pr|(<f`si*F*MNK5&i*msC|5hkcd=@|MF}K^2iXT%VXfb%s(%#S-9*(T
z>Z!)Mg+U>_a9h^<;2Tg7O^08`FY@?v$@hOwh4QvqelxS}HCdU4Mnp9Ndg1r()fg>2
zK^48-)O=pQ@x|mrM#zO#<&CS);@$XNmqu^4pY!pI7+ycMH1=Feie!6s9&*^1cX}KW
z*ciqK-K>C8nTu;-u^(8q%J}aFa_URg0PGckYpfULw_kr+s50uvsGL6+vv)ZDk|3}1
zb}135VYol7`=Apxpr)?CJ{rG&U1fhN!Y8ZwXZnTI&Y@e24b;K02Z;t?x+M1~*iL`a
zk#4QII6CVNOK7J{TF0BOqM&D|zAMW<I}6~IbW-!GJ5VUw0`iKv78d@%W@ER~&s0Ex
zxoFAHs07u5!JnRPe^~Ge$bqyDd(X?G+Gjb@P0R*o^HM%w=eKy<hP^TsBurdwB#Li$
zy$6yk&D}kCXS#1+JJ<df-mGmMzxWg{sUW8n>)~_*_-rPg;kF-;<tC)!#5A=Y_r+4D
z>`}%QwRDX6#tvQL33&bqaetWzz;*R3*F$?Lxj}zaYW<U&_k{`+8U!k)pbh5)4e|@B
zMoL%ATJ$n$JIlt)o$uKuljrG0(bloik6s_*jraeAA<rjKt+J-u*M7ABgm2~{1rViR
z7IQviPrW+O{nrP6bVq*HF&~oY08&dACyu<RMn!2OOc?Cb$`Xvc43*3rLerr;7rWZL
zocytgPn@6n0GcHxc>UHqq^@T`n~JUuy>!0|FsEo6dddbQRh*Zqq7<_YxoNjPa17dd
zzwicrSa|t#u1!C8y5Y0*bO)OJIIMwDb~W7FmrO)Ka!K(DO%|FlWxAFE2bCt9$lTkh
z@7c-AzsC#5^<Fi;DyZ1x;#kswfske<^HmDnz!h<r5R^u?$0FdZ(Ys(9vgfs@jJs#_
zbkIT7W9=!maps6al5r)M?NF2$7b(5T6v~=^@bWe@ki>E|ri`@l5|p83K>tV1K))X?
zw@Kjdo#gp0ch;aW@#3@f0o?^Bhhgxlv|Jq}apO{{EaB3}Go79R9tM;=eh7*A83TBe
zzE_MoxoiVuRq*l8eb?B!YGZvM2of4#@g~x5inKB2Wrz7?XvaV25|SLzY06|w_V~0$
z<%$Rytu2>cM9~y5j4I@JhdfvcyBU^}^K4Rqp@#bU`0<}%wC@xh;?_5GJo;vaxbWdN
zp*7k+9$Z^~pWMaS^YtOx;ke~|iIMxAVaMLgiO^|9?j`W1hq8A|TlAgo-D0eIL)JYK
z%d<ww&_=t6u-;C$>cmT0n#6~alVvxtEfv1il&T?R7GlM7xxukIBY0Z~*dBy_kBmXT
zhd(_K4_Jxd7N;8XG*n**KC?0ot*(1ax6!MpjJfo%Xqd)lCC>wHKgy*&Kk!vh6a@eI
z1<!le>q$TH2H$GWN0IQ1i-f(hCV$(l?>XbX1|9g@`)#52w$f5>AF8#!(}@@nN-umG
z`-S;6F*VHp*H3|FSAYjw(pL+nClY!zQm5?O44a_{^i2a(HG?yRY3kGWY~3u%jU_3O
zE+qzVzYaJ9WFFKvo#UI6e-3@=QcO@u@Q|ozq>$*RtJ=7S+Mt%{kGF1$aJ>w7kyl49
zql*R-m($aH#p1$Fzk}D4Bq~Q&uO0L1LMJ|&s4WBDth*tbvN`rl9zIvzzEQvJJlKUe
zZy|<IeO<<;&~BvNTOfYRb5V>m%q#B44=yg;pLn|$a&iiOv+&`F;^Od0!GofAJ`G5=
z>PtBIL+hjO=P<*Ac~a7&J~NznvZ-DoI)bE&T8+M(SdnW*EjY|RI%}eO;GOg>VTLiu
ztPAwx?mN1R5^8@w3b%Qa++JSkho$l<Xqh*RD=r5~eh7<5TGj2(Q*!eD^VDc+kDY4N
zgT~XbH5KYE`q19~K<3&XejiD8e>F?x#wu=l=G+h!t<A_PIp$xFE}biY`hGSvyJtAt
zc<0J;G9`{1n1`M$Ig)~4;ZebV#)te}Qw{{6rnxs#*-=u=@xip)Mn>7xOlAp|2FpTy
zK0%+IkPt#ldktg8<d{#Or0GHxvP6vk!fo*{ETjZzQ6ybsv9eAuz14G}0!-ccIZmCp
z=hga|_DFLZ?Wi#Tm#)>jg|u5s6PvFuSp2SG#0e;wearu?$(Z8)jqip<-^-pDcWw|)
zmYhP09xU1#p%vT5XkAKS77e%a<$ppPr?->q^Es6@@#cIrAwTmn{NoKEDPf!>#_u>8
z2DMUH)d?!L>d+RJTGqL=iBFa#tr(JWya&*76JYpu6}70z$8pgjaLo^Am1^`1kpmRF
zEEVW0GoR!&?-QYv7t2q=F<IcRf-)DQvuRVOo#$;?$ykA?-GWgeC?5C5gmCN@Xjw~M
zseQYS>ii)z_iT}_@>a)wCu*UaJ1}Qx@KDv|p0ABRUYzrl1Fa@k?B_oJnr0R`n@jK*
zqW!=z)dP8?)o$<~o~}Hd!8Z`|z}q(R+xDY^z=`bfjwJR(;E~7V_OrF-%2Q@*+%$|3
zj-k7@C`nF})&mx40;OdcF$>_jxJ#;nTBu-BsgiM@$C_*NlC#{n>XlYwVg1wB^&*C=
zmIIz%CgkP4UhZ!mN?OzORcp_!JWScurF`SmICZ}$H2wHEyBTubD1-HrI-N=Pi@usT
zNKS;L43<V<9^p=kVr(2^y(UptL6i8xz+b@f_RGn#9Ud6uj#7O2M`9<vhY-_1d%QeL
zvguThn&0Z?lG=b%K-g8o^{R}IDqt~>;5TzTE>{%W<uKIsQdITt>S7I6x=t07?^s?D
zP-tT{2Aiu0edfIf+-6;qa$FuYb5EFcx@6C{pHJKKphlwsw7P64!@zmmFa|M<nXvHp
zmW_GdTql~3SIWE=#hmCRYCsr$Ju;0cx!m1+Tq=Q3{KdNO)j_9FQ(wMkxGT`bE92rU
z8=cWJ&>;HQDJyZEvwq*{thuqQm0ho3d)%Vfw!dD;&&64o6(}U>?F0jKbil-98@;PN
zy&PI>(Wz+vz`8z9gw~=-5ANpu2Ep`I3uFhkZGqrk>B8HG*hG)w3_rxV6oaRc%5uVt
z3QTPDnI|nWl97xGgdyLF*zvCFxfa+b>or1hHFZnyR`nPzo&|WzV7SWCYb!pegJu0h
z1;3|mb*cfXe-`ZARq~+d2$jBIgf37_I?9nua$yTz)o$4Iv7F;GK?)c+<Z#_bh&*TX
zn)By&dm`cdt~qpJk(r!)r-KqdLykh#lkRu%BPs&>w4C)s8$LHcZ<}5>xlq9}>j(<v
zWUa5dYvs^p>>;Qm5GUaa5s@3u(>1~Kd~9GaAeGsJAjYP8uND)Eq&Ct6sxK>L86U-G
zmV`87(Jk;JRymzdSYLE1&m%4%?FUHO`}dFO&-1OQe5|zv=w2sxo~rngi!+H`x>x$M
zhs}x155L8D8*Z)!uB_{Lt^C;{r3Y>bhk0(k63t&6W4W8=t38QY)g3xMKBw4sAuT1}
zm}A0l)#+-_aXYDt@58H<OX`_!9&(JSDmw<n5tv~u+|t2hEHO>xJx&lTw5Ll6n19Z4
z1aS}2eg0g@$`4aB<-jUtGRaiF^a{AA%Js}bnls=m@}pDe!H>oJLPaAUj(AAtakD;d
znI0e)jIpjh`lIdY`m!3~yV+2QelJS+4#K{k+2c>|NI`<01fOiK#$>1ux_;-xTAElE
zB*=OC6~$cS=I5VU{BAn=jy89%U-L1pEu~y!y5_~N`EvR)%$5pdSpc{eB>D>wiY9Vd
zFLfkNK69#B*P;;#XDyYBu(SWf=nvecd5|O`XPrSa3R|#2Q$^6S4EZ!CoGp(QZEjq8
zH{MsesTBL|M<dl#nw!yglm_bqN-~h>9598J=zKe^CH;;H6TGfCQBdy^)#EgFpH|R{
z$PaIwC;Tw*wKT9<sBrjPXv&8ex&NV}M-TVJ)mI$B>t)JPv>16GcOO2qoKxenJcrAM
z-Q_k}o~-aN|FlVv%UsgbUm86?5nh5WJmMF<z~vfqeX5)u9`F&e6|5&cZOUq=9-pX{
z-EE{+M-L-pPHgD2x8CWE{-tu9)1VKT6m2dOQT|FWFuhfB*o{7n4%NX%<hUrOA9c&M
zL|*I#a&$XYMn)u$&SLI%Pj|HmLYK?k?#zYLZqV+@J0CckM*yna_*eA2qsKq_L<x=+
zoCotP+yr6P(2{emLXpBw%lZ4stnI$(c1YXa$#*YW;Q`qMJ^V-3hLR57BPPQP*4X)g
zAR&%=1L_&LTHLu>4JFh;A_nVYAE4|3QBU~fUo)aLjeZ6`ulzJUF62ZiP63%<`cXO*
zmeNmi<y9mzed(P;8|R3`adi_n`v)ZjLG)}-95-P8gMEi;pPaAgjaEIR-I*1C&xQC#
zho*WY(XfA~BTndDIWvGy{*U#LbVT)gMTk0^s~%((0`fe$0do6@%Kz-$Az^z{^dza?
z>{GZfmzv4(Ww<LYE@}6iQgV*+m|XeQEl$GpC;j7jD-Zn<g}d`ceSfgu_uE<bu!^Go
z!dF|0noID#<)`kX=a-di#0(EdW(v7+@YANA(kKm3?>XTHc1MH$plg=KEJ6SXchqhu
z<X5xDvx^-T)8CH#4oM)~q1+;vsjim6l#b1YueH(8*^EVDlQvJJbT;|($bLp@Y@Wab
z6@Gk)&aY^s`04HUAJ=?O#|PN!`VbGgO8KLzTn$gyuW``zT#2W7;YH}<o2lC|Ufc7^
z9TJ48Y9;V1*5dgv@m~(YUN?UL6lu)RYn}6i##_|yEIi-4OS%NXex->KBroa6{Bo1L
z$N5#e_!1aLj|~J;WiQJHX8LX;^yifY_s&9&BIEXx_`Tnj8m?&A9?9uk?tEQgN#Ir1
z^~CJ|4vPKE)V^o@7%Iz@jouSEJ!5*#Adm*hzM8_ci_CWc?eDtui$cDoaWNWOj(B_R
z-3xq-6R!95zMqvbbc=K>dqA(?GgQy}6B0hoe3J)xUD8xEXm%O)CbffF+M)>k-T?C9
z9?jx#w0c$HQAi0%HC+WV14seBe8C5$6!2#&26Fx{v%7JdQZ4-FYi9NqFL~*4iuUwu
z9NKmSA@}0ZPLxdG#J!UNx+nW;{U#D44SW^k+41X>IQQ}wf?)WPj+2H2&h-k0zG};7
z$h>jz_bE%#QMK;HmBfG+$+al@Fh_I27Uk||olTpPFZaX>J{@!Wguspq8<r&h+!J9I
z)?HoR{;>2pszF4<X=#8#iEbsuCnnU@&1ppO>i*zC&h|X4WP83keV_hEMxd3m+{HLx
z9{otZXmJ!H)Aee$GhKBK-+KukNwlA~F3<@m`yJWlfpX2vZ>O2&GqSbB$>XXKGHWdi
zPvw*B-ULNgtmatcZka0LQs#YUg~|+tRzm4d*>1gCWxmjE_wZL<bElBqlriHrcAn7w
zPyzLA-a?M~WTNP#-Hk5_CqA2k;jR1SMQF9H-D{LPM#`6T1CGNw>_sI+UNfK`bDyq(
z-zGbiNbB9}a)5miNFa7_?o4JwJD5&{l%)IF)yvwGCmUUX27Tkx+dFUV*%9pqx1J-o
zIiTZ^GvNj?@Ub6eErSo=;KVdKs5j>K>etys`*Z6}j%O@2z8TwGc5~T*PmuKxI<zm(
zeVd)4ggyhpMc1Xolj{4{XV$>o>XcL-Exuv9xyw<hE3A**WwAX6jka|do+PB#$P(r-
z0@ktq6?;Qx>>#e%Gap-MUt4mdXGI)Y#S6IhSNO2RiC;MP9`U)L{$^#&n#ru!ie$de
zpN^B(KR+M*0$4QvVrJ4gXn8{}+WryTYJl^_#EefcZ6*cmee3mK$T10dEpjU;%;4n_
zR^*!P0ewWon@moGw>+4&WVffc$LC0f)&Io6u8~3HO??K5)<AwJrq_?u73*QVnWOg0
zce(Je@fAo^`JRO&YYkE8QF~$)9PjH)%e&GI)%<$gFMG)cZE4{_6qLbC110u%FKI$^
zV;go)gW~#VRp)J1pZqv)6K;&XCG}PQjtn&8buDrVxTe45QxrqBIrE@HcbRlq6T60L
zTd+EsXG&jSWT7s*|1P8cl3DsO(7W8f?rEuD@)Pfg#f+m!WKqB@Fe5VW%czgn$w?G;
zip*N}7sQ6L>!)c=c<?S$Y1ql2@s%4vcNwX;dCnysy8gDj-?~E+L8s?(XPSXCx@=yU
zK2T|IqwSIOnHDl!6nF;n?q$*8)G~#AG`_sj7@7uXt~H~!dcxQGpzdioTetH~vkG%<
zNNl?28k5#n2CaIJSy4G|YH=->+!#Qr_QU{D7RUBN?u?IXJ#?`<`l03zQVd$6;=FhM
zpfaS~Pi2H>`Jz3cHo?V1=D1`}*TvsTMeS+U-Amiv@tun>F8<Tn1=eDo4||f{49j(s
zXwR<%3~KTd+5?mscLRNWqOb00)?~VmunMd4y~Z2Hl8@$Y`G=p=gJ%=Gh2_CwrP0Np
z#>_1bd!!hX?dgU+car8xOu*NNat5W}>2EPxO<xM^{>Zaid!2XYv1xwYK!K>1<OZGO
zANSdx8S$BHtfAVA5$~7T-Rq>Uhg3h}IPJE&L9NZmddJ(YHNbL}sRwe!!Hh&xxxtID
z(uJ81dJqQ9A3{!r@K_}go5diGDNn!^7lj)|4WVU(HAa#}I<Ij3!8_BW5Z?Fl2L8Sc
z1GJZH`#)#bzTdj$2y8dm?G`*%xg+?xo~)CKf$G*I>xW>KHxCCU^t@R_^*+v>+?{E!
zVnTpx?gq9x)xzvyv`~twXcrsXvg_l^eP;#KatO*Q&c3y!lF7;Qy_1bqCN(VOfg=2z
zADwel!t}MEgLbKmx6vo|d(P*@WuL6n0(^MnEa$TXNk-mX%Cicey1oWr&d&!WxG%lV
zE{o~3zcTB*Cmfn4N-?Fq0;k?D@VFOB?dI3h_4x{KUY(dYI9=%Zf>;8qAt!l594*qs
z_30<q`h$C|g=%&zoL9zV{l$T17wI`6v%SW#W~m=dzv||?#5lfLjQ}V=r5CL`f{j%d
z7|Qvx*0j)#uSyl6yLe~ofHCi^_05DGW=e=pa$KSIMfW1}h|G|C!Mcrx@t%dzn~&zr
z*RBQEmmD&_+gsz*ilR!++OeMA(I_QWpn9s-3(@$8vO<@{&)2-}`1ZLhSbov0_9|dc
z3ike!J!j&Dx|!;L{##u|^M4pDua?}?_dkWj%shrN1NgIUd?k%8ca}HkbA%E}dFC(x
z^!w0bGSxdvNx|I!?lh-^{2-Hf8=O*`uZ1KdSs4YI+gt}s@4+_oDADqc(BEjOu7BWI
zyEpJIwlygth%YP(BHnNVcQu`1_0w;p;b~J-nCbN{K-_|8IN*C>8<)xr9mxEHdg4?@
z>4Gy*AeDg4d5&eKU%WZTXxFaJ!~a^CWKSAe6(qAiA*Tl(SeRZb+U|yHE!{e;yf-7L
z`0QmJ#6Ihh-`#EJfV&ff!RdKvU(UEb+=9~i@lcPqj1fhmpu3%4OP3==xY_-$Kj4kt
zd}e4csji=AjrMGd1#Y#=zJm4WklJNYkRRg&D;RVUm<|vcCUFj`;$$s$TSmg0FVYqm
zX=x}G$KLX+-@o~S5qeEec6$ghTcxDmfxlSwZnOW2Vf)1JQ{uvaFQYG*`|c|mx%*Mu
zC&%|sRYXj|8}W|~Jog?!i;O)yr-n?Hb6VGTMv`JqbjGwCXs<PRr?TdrJL<iDdBS$!
zj?+>F!Xu>j$wh%RJcJtQv9W~6j|nu3jrBDf4yfj2ZSu(!Df#M<u42NOaNzP|#q8|}
zYnsGy&X3ux`Du2H0VD^lVeFqK+FQzOXmgyusu2nKW~<K?Yi6SH=9wUfBiG}88iXO>
zDqZUJb_L!ENCb5$rYZxQ#j$3@xa&yOR*`axb$28D?AY6O*zawL5irVFoWDe*7CmRf
ziIn=<cm)(qiE-%K-tM~@dC@@!AfGx}p_$>!ngn>xiS4-sA4lMk*WTOgb+iS>&%vbK
z0NX?XLO)1?PG>=il^myQi4vWsIdG7Z$*}E{3+ZO_Lq2RtrIByXmCOa%H3!Ng_qy>u
zNNZVS{CnSoCqEj`xi~cs;cug+HT$<(vq$d{n^m%Ok{iIUp7dthgAPKZR#j=L8}=IZ
z-72W9xxXmq9S8|Q9+u?VckO6j4J`gfM6hi)t3du$w5DmrgBXgS%YmYel?at*s{<Bt
zs*fT&LCqFVyNo;Mw9>x2U4&9<*6jm^(h|VC?B#%!f(MmMI;=9fp`uo~4i9)<t$iKW
zJFJ6K4;kzlcQFX=D?cVj;dm)iTRTluv|Kbh4%CTi<ubH%7lw6GNb?D|<&w<d_D@1o
zxb9;~zXIM}qyC;hj>_fppJm9o@8De;J0bVwm@fCqw&=(X?7RJ^=O(z6@hs`)i%zO%
zFhzS(^sbNL1EeuYL%>I%)Dmx8oMc{#a;bN={S93KkSWrtL+BK)(mK0{b6jdM%|%ab
zRA=@5K0mVH#uUYoy?eU9;x<(xR%tm8$y0Fm+5(?H|JJFVidj<&#UEV~-v%B#UOl-$
z(WZ`J_F&V6{>4q|dVi(8i3LmQlvCw??#AAYgQw4SCRr^*qAd8gnpH$3{NB(3ADyKc
z_CGWWx=h1Z5R<VL8HA~O3Cv;a<o(lPaNHR_e7lhl@UTS`H?st5+=~YsEHz&aSd4ps
zUbzIwIoO;MMv7GoGKM=kTB#ky2hfZ^kDp9_<m)Q<E2B?U-$aOJoPjF9JBxn5^(s`;
zs?FH*_$@tlU|Nn3DA#KxHP>a^`o@9v<Ec>k%+5*&?Y+dMM3xvRTlqQWmxm0xY6@@E
zqXTTR?=GC0jtN19oc6W0#PQR0H(9~g1n(m>c!(<oFx!eq&{*G(q1Bux=?&uAt&py3
zsB(e8%iqeMrx0VyKpzBm%61x{x89>72lK}@J}M2fG>SWIz3?X9VD+v_@%iE-LfRPB
z0y(ibk7;&_i;i8*)TrFjwE<KAz?B@8&qfcd(mD;qd$cKwdT5y#s)IjTCcZcxswG7*
zkjppe%nRzV?+o)p6y(n9na*FT6#Ky?hd}bomu=l<(%N_?TqeY~_AT+P3)k@<xW{z>
zyyjk7v^uGdpS*Wpw2vwrG`&9J$^t%|5{cj-t@gyCn4f+y5U%<j>UWyAd0o|JAMVO#
zhql@BSF>>-%{h<J0Rr|iJ_K|ZQ|zycaRs~uN~VL8&jnc<qH2B%=pC1HKTxM>npzDO
z6?*LdG-%bax9oI$0@93s;UIg|wpf`UL6&Vlz(qE2fu+i=Lv$6vUp(f&Bs_|@f?2ee
zAIK0AJ?9g#%<GScmw{H)e0n9h^f7L1GF7jc5Wio0OL^damM+LoJcb0n^x^#y_Jb|%
z?U%)2!EHr&ssn5<hW%FMo<8+bUZwdtJDKyxl{U$V&8ty8m#w_T1y!p~eF4cr67C@-
zENqr@F^esJv10~9?!vd2-8sO$+M#g%aH`O$2FYvP<ri*k4*gNOt*M>W9t3eKIydMs
zxs>(dM(wpi!rq;wetT*@KBHuehLXjLyI}9kr>{NN-ZHChZquU^1(63_yN}N_E8{hH
z3O&_xi?t1PxwYQrhY?sAeccORML!8qmVEr|MrX0?8#ZN$8>+H$jkg!aJoMTy&~oN}
z;+xOM_urh|`RG#)Jh`6b&WnYcOVmqdKUd_=IlwjHt*$7E)oy9ulS#NY>He0lb;5Yl
zrUFdhdTxZ5%J5F#fxCaxf={PM>#EF9bt_beDJE&sV4nr`liogp^#7QVqoujwh<#~s
z<SSyyc9Wjw>S1%xa^a%8e?Q$EHge_?NCnQ~E%h&;X?Emj`>osC{reX$3-ycB=Dm8Q
z(d7SG0zot{Y9GF3a-0pkvY=(QrZ%m#aKteuCJiH85FuI1oat(+aN=Z&K4UT-?xUQ)
z9^}lF8!!U707c;p0c?-!<&LcAw(^ine+tEXByKP?6jG(gduTu;7T=LTbRo{-#HOUY
zcLy93Bu~|+<)Cylg(H?GFO7$6TzQci<J9ZJbC)9BOH-yrM5tegFC4nXSX$l*9;Oi?
zxfzWlBDePF`Z4TXPHX``#RnpHy7MrVz%d5T)#_zK-`2cF5t}}^d2OS23&kz}s~hm$
z!$onv_Udo*BOwDG>%`l7a7NYc>vD6>5zYo5rlJ*;tcZ4BaVI1R<bj=sOpaEfdlVx#
z2M;IRvp!F)bkEEe1hWN3f0GafPT$!=s<^(Dva+99+^m@SFdb7HvBpKkB%-5ipbbrL
zo#%u(6$3%L8T6{+#lQfAs+5?mqFi07<TVEqr$Cqo>iqGVWWgCq++mY7dkEye4QntD
zQ_b8ok}nd#OoIZZif_K*u31#VJho1{$Wf8@^m+5?_z68Tb(VK0%IW9@h*ul*hNh*a
zp_32}+HDPC_fYrSkgoYQbz!ut+>&d~C3XAo|KaK^-=gflXip;`A&7KIOLsFMN(zG_
z(hNvRNe<1>AT8aD2!eEXNq2WQLo+bM40-rH*L7Z;^X~o!_PxJ*@3lVb>!gcKTMBg;
z>?geqpQR@0A1|@v@L@uig1*s%RdF%(BX{#PXm5EXQm8Gt4G=*wJ$I$$w?1TrXr^B4
zGVmj2kYUYMDi$y%rT`Wj|4MLqeG1kKeILy|&f?Oxk%=w}i{|$~7W;~z{-tMPvTFRS
zu;0L_dRp?>XEUsQaZsbR<+Kc&=#$_nvyOA|-8tSGTS{X=Wqtw-mY7bw;?<VK_y6@-
z`@&ix?S*rr_Rsv~sLtX`e`lC_sEbh-d(Ab7jI-TL7eV5{BG&&(1Fuk$y!P3*GPS(a
z5kI&+)P0Xc7-vS3DLU4fVoAUO=&^-OIKb$DSoEoyarKr@B<Ou=#VpRL*)xP|X4h7;
z?WaQ@rV&SAs;OTCQ~gcGsOFPnP&K+p!C1`8dkL|_!Fzjt_yX|`UHvEbDaj;z=I@Ae
zhinT42ZYjS-;L`X5>rV32~SV_$fDY`ZBOMl<$Axi2pBMtCl#0cP_QXUoJKysaeKAr
zVj%@u?OqcAK8_B)@WsSQ-Z_a9Q_!wQA6RleuMv_g3-U~Em($1o{6_kZQvFcD=-u)M
zU`Mg>Rb>0lE+`e%Q}?>v_-PMZ^<Q~f9HIp6mV!9ghkos%K2h}BNPhpq2Rb@-3sM_^
zsZEr@hR?q0Y0@FZ=kC0;nz~;+LgY3|4Be1Y8s|$#<PMP_WZl|8Igzb-r;RJ)c0t2)
zW8VdWbu{rj2~1=S9UX379dDgW13uYd#ZoyYCWg_=C*2zQT#eF!rqx{(uy~85awJ9`
zr9N8cZZ+1(^~d9#{kQ;!+rr_2<jI$LwIGH$0XLQM&pRnqM_2GJhK?xq!|b(lvFdP+
z{&GoSzop_Js1RV$sS?^bgIuYp)|mSk4<MB{3lwYWGXA-og0UDmH5oj6#mfrG<83%j
z<bTTkq-IUnBozx(F?dinr0(te^V`G0`JK#B)x?R1eE~()kS}i=53k1|!}#`2Bty)e
zf$HA1u<A~OYw+6Wyqh4f8F_HPhOw*khucgw28zJ(5I+0a)})bpQH=Y{sd=_2AlJyp
zRqy*b7T{IeVi5t(C2;ER)WZO=hFxU}3rBxHhV~r06WAZucLw~niJ1OZfE<mED|w9D
z{I^oI6N4toP{^zr_vHE@_j;JT$W8%0IUhtNPmIMarbr(p%dZ%`+~;SLmp@IgvEzGq
zM)Tzw>eoQ9*nAr26ax#hSjkv5A>Oi~qB>PSJM(TDZv5%v8strLxec;xL`fH-)V@S<
zK~}?87v6aA#~H8%&-KK&G`mN)IL7_^t@m945zI#^A^zORWi(j<pW?SalXWjP|4@SK
zy3?C2wH?l|H0d<OJfQQ9__m|zI<;E74s&CQq_o-_AodVg8Of->+xkScDhU~Y#cbg9
z*|2C*FcY)tgnB+azlnA)Jt#s`Q2>TVUVl`>Duuou=fvZYEq&{WN$^UocP~=f^6N&(
zdmfpgbdJ`8w|c)=S2D0aWY;eYQpwJ|7KtxPy`;Aou8=7xcBh}agm|R<*)>S5Ww6{X
zSyA@Oi}+rya4FF<9Yp#t%3O2C*LcfC+$H~^lj{-w&+u{m-s}8%^&O(|xED*z57AQT
z_kL~D%wJIg1|s{KV}F=)cRaqC-=5f6<7Y^kI&s@65&#l~7^rF=@T#rJNsZM4C_=gA
zoTuqHZ1_18>!T_b{KDd5A!o6PJvtRKjt`_sKZq(Oc@E)XKp3?cSHqjYzS3<%KdU;A
zcZu53sQ+gIeYzr~SJ4TE5fF*crX`CH&U<hqOFp;}s}W`U6jqwNy#Q(chz^r%+AP<3
zo_#?{;}A&C&a<nv$lR{cd{54Sx^#fZK>N;x)bVg-&xf$$K_=0_w=on_mi@`y!uq%#
zaQml_SEac_l5{t72=+SWFUK?!|7^v*>b7$rspECj5koyAk|1QWJM2Zi)|~oc`&6mF
z+@46T`A&iLeEDYo+ElTB)l&IZHv~!UaSgajUxVaA!pU$LZ-yF>jYO${GmdBavnik6
z7-ul-*}S4|39?113Hr@>m%5;F`F(kfVrQLh{UsxFkW-P<Ywj%bipyVQ5~#`kLT)(L
zhv0(@-*e0_=KS-`*|S7iju+=%B24U`UY#%;0c!7hW}a8hwtCU{p&0oZp735)e+F#W
zp8hZx?s7}y##bG4Mq@6q#Pr9o?Ijo=GL7sVxFx%_qz6~%8)0rx+fhoqn`f*~LfmPt
z{R0=<;irM!wi8CYZva9a9K_uxA6TCkC!hJco^`XyyNC_+huJjD@9R0H<x6sCJvm%?
z=v%pJpBRPz6t{f)nu%U}ZWNI;r||KWYO6@HPVby^A82W)J#iUy^p(G_z&9$K28op6
zVCc2YqHF)PuxI<o-sW+#k$dXfb&n~FsvpLQZ5!tPC(5fG8#lf1eP3gk7POVITH#yb
z^4;tBDk=MdfML18S7OW85cwMSF^1u0o^wrOtdNjiak)2y^6nZw0pN|~ws+0-iW#N?
zKZV7QVkH{-b?9huYa7F;p@iQTT5w7VqCI1=x3*d;Z10zsJf!s9d{xeNWFSk=2#gO<
z4<VP=9`9-Q(sL0@+wVN6Rm{(s*k$~BeZ1OselSE8i>SNPnrB?|w4L)nYk8&Q=Xwq<
zKkVU4HTC*DvaYT31Vg`Qmy>X|)7R-s_a|028EZ<4f<|b|s=2Y2Hx9>4^Q}DheyY*3
z&Vh!DdL6YgP})SpQ&nh|PHvh<E$FGN)umt#!U`?P*WLQD?<jk%T<5%X&geH@a3V%;
zP1jO%td%Da2Sf=vS>gm#oe5rf8m(<(mjIipQmq-i(@27vS%ajLdz=31`>ri=3J|Bv
zn2+o+>bfm%i<&;<%-4Ab+Ub>*+)k!qQVw5q6L~yGU$Z-A0FP22E<Cj%$HYe~E`tbu
z;B5-Q%5Jn#MDeZ2*%l}sk|nIT)n?s>b|rZQgEUSc$^e)$o2P-+Vx`igzDeyK_)E|+
z8u<TgvP1uwNmB~9nk_o;mX&lhnD)k1^SOE&7GobiuAu?RZ?6cP4qx(q;IV>$QwK9N
zT-PyK);|pq6)NesGrqzhZnwBDQR~3PJ?@Hq5XoPG%(S0^&J-b?NeuVL?o;h|jwH<4
z$7!Q(tFd=g#^T!@(1Opq6n?6U6POZIVGHQQB8E*lmfYi$Mbzn2dE|jYobGDD@NQAS
z>z5&rA6veu$~5%S8a656WHqlbn>H31^wo9GqVi<u$9W!~n`fm?C{fhtjNtH2C!M_~
zFOdsTW34Ljq4Hlv@pxaV#_qfy8ln(XoGRnqU#^zT<ha8sE|&J#c^`)$eXG0QNG!-v
z*fO||H9Pc71*iSBiW)}fwDr%upCM*toqSS(bHrO{tOOsYBRywA95+eSXJ-t+=$I`p
ziJ#R>t1&YU%Hp?<KQjiD$|<1++{d_ljC9zOTU5R<wq>N_$p+70GeE{c;E%?r@tnP>
zGPHE)c|1Tjvi>^6vB-8qn#uY_yVqqka)!D5!}ej5Gge9f*Gg67!iIH#8iK*IBOfVO
zlHBr*yY>M8q?4&Ul#4!0I9F$tph6i`Q_x^*$?i$|oY!q9Wg>p8+no||J^!MJUem&_
zGL*7f!(sw>3VfN0)aO%q`y-5Ptc!IG$1fI^EPDnFZ&-*HVPY{TE%p&f{&O72*V3m(
ziTb5LW%OgT8<{AEE=-S<ZYTD+3p|C@oHe)Rx1w~^<Hzy=PE=2?T2PM(RpSdys+mkx
zxXxCKwN3{(sq~Dh&ed5)1D3oRfZ-|7DA+SGJ@j$I<FkF?wxQm+WHkK!D-0uqNc)VD
zE}zNO*trIu^I3=vEs+*KW9^*@LZ1n}DFXNULu?8r;yD!k<@mlV8OTG6zLG%UsPw+T
zf22So@!BJavt*N}rOEYr>z!@wvz4vx?R821wND67Z)Nc;9}~HRZt$r1m$z6&p0*4U
zr-9=`lgbF5)sovycg?vt0(@BTa|e?ytkm=`&o!C=Lxodf6A~K@$ymQPXc^MaS4QcO
zvj1=q&EJaZ)w-;;jr;CvHoaCgJtU9)QlIVNg)%WtU;G`@94Gwov>KmS{Rgeh<U(`5
zO`+Xr(2#1b^j#N!$Uw4V_;dy_+Qop_b_3Kz2-NgTN|D<GB(}jfJlVE>-^SU-sNa;r
zNyLYkvCG5Sd8Yhi+TF9W#|h~x-}vq7Mi_tZ`{w5#>nXjxCT8rxL5}tU{7`liE~O*I
z`42x5nZ$U{8G!jrU66U-CnSDJGmE^v*GWzQwDe?j|A=keUIE!)MyL3{EC8ht-;esz
zEc53ToC873Hgt@VB7?u!<y5wo){vpiK`A*4>q-wupxGt3Q>}CQt`pJ4cfV7xCZ`m~
zT(_JFf(X%5EAcd+4>?q%_;yomq^v+>r43Gr1m%Wm{`c*hvVy!S@E&1cLCP!n;%(^p
zEy{d1?VGN=Cv=2tu#1HsQ}~2-SiN@o)-08#3D<)~k;w)mKo3*Fvu0I+smT>_P<r#J
zvWP7;v0!EW$W`LiL7>~#8^8xVzO3oF_ikH}{_V>CSPn}L-Dy`bW^KE;L+s;EoQNI^
zJ%!W4?SMw}dqF>yqM@dfa$i|))o=XDt*Ql%MCsT$ZNDpJmENv%lGg<45ED?c9?g8?
z6WMN}wDP?|XSCzb2zzK8J7UvhOk&vl$~OVLF=;p-9TFx$6GOY*L>p0XSRzmo5{lOX
z?>C83&x^|Tr0APm4s;?JoeaB3!rbC16pjd&5D^lG#8yqa_yA#q>1(0#%zBI`QLy}P
z|II*p$sB!LwmHz*P)sdJl+L8wRCs!?XDK+q_)sNO1%qu{yNS8DxJ5C2M_4(gC3U&E
zjj;tbpt;n5v-D&=i+R!`;qFYqTe*3cskxxuTheo8?eUq8>M8_Zv=pjbxc^mob63J;
zVpgPqlk7zutlQCNqs-k~9vjX)G4ClOC>^43Wg*0au&rB&W2SEuVnu8I=wsQET0_Wn
z)nfaFh=FGC=}BrsK<t{q{`FEZhw-mQ63anU^N^q@H=Rlw^mBb|&l@c6zhUWIThV;0
zovFRQf1QBkZ4Ck2JhpT7Uh}n{8i*89wD@+tU#14vrN{=8I`zs<`a3hWe^8%$dWWiR
zI=p{FDArQ}Xm;wkfzMZb(2%U$;>WvD7lSb8&6H%vUaat%MBT&jt)&({e+WaVM8|sv
zXx{7}PwC;N3^{iUx>{X2jTnf2LdxB4a}lgpr_p0Ge%A_LN`AF{){AQl41S9Xt$#8*
z)Of~5FSjV#f$Tc0zVDG=EXe%%2v+_*P)=4fU*BovD=IN{COr~%u~2(7R;U--?H~sB
zGLm9AdwLe{?!3GPU(3!<y8ArE0>(06><h!Z`jk=c9*6zP92$*R`1&9cp(4$CCJre<
zR(W9GN7-$MY>C#Ga_iZ}QDncOyN9j!{UADk|8u1GZ3b-Np$GFM=2ThIm&9*de*Nuh
zE*bVgP(?giN7c{^|EqULci4P=PZvqIcmrZ%si%!m<9}{)=UN~450Ia5`B=<nxPOUN
zu#y^IPIp8oM7_EgH1^08m{$3xVQ9qOYO>CN3r61nW?I94CbnPJY?&CLYK`>f{g5AH
zrPtlz>_nxhJvDs0-CROHf`|N_4fz9}1gl_EoB{3XHEub6vhS4a>Ea%$!PUo(b<8e;
zR46@Vu2)g`H*-B@rMaCD=H;qfE5M?P`HCau0a4YC4)4|J%jKM3enuBTzw*!UDRc(q
zrH4-(b^ev3k|+RnFPTj3aZ73EKtBc3ohl`LCVybXuA6d79GEOMzf5!Jb9}oz#*Ke2
zPm}ihP&n6K`TMsw$rN;-%;%R29$5xDNiZL+Y4c>CCD(dgCLlWcKSke}0x0*#BH6aB
z2U;(L1ybhK-kt{W9cqM4BGl&74Q`|9n@r@FX46bOxuxX6AD71&{T}^8eZfEHGE0%>
zLIm0o6@o9Jxmab6X03G=_VmbzSn!`V&SfWK(myneu5=z!fPK90T4=LfZ1EEk@s{fu
zlz%4?U1l!*Nq5WqI4>lX6~z!O?(O{ab98CH2(4Um^N)>;Y3sXRxzU*Y%c_}NJW>Tb
zq*iBliA1l{C!SJ221^TL^I@J4jED_&-UnLzV=2DW?JBOEF8m=+j8B%ZFaIkViuGXh
zy)##o_nT!>pscLu*aoz(vzA->${8Lzn9>8Vuz<$wAB<xw(TtXIy7R8fn5r>^dA3-3
z4@JY9bmQx}BP}k|Dc%SV+3RA;;)dD%GD<W$0bp1R1O`YEZo_UQ;9kbqQOXil$%eBB
zgl+IE^x2kkv_zr-0&o1g$-3uuoZF4NSpsp!xFs6`m9P6@Or;J2iHE2M=UAQn^5;7F
zTpI)RyXXvwdY|+bag(?A@tj5HY?{=w;k6~}XEU^4a9n=lDcP~-j`ljVK_2)mnAkw&
zYJ>Kp@Nzu^t=DzTcLv0I*QISg9Hnx2L`{=S2bQnBNrTu!NfHyag|;OPJ5n%Y>ReR^
zz51a01nAp!YdG3|^kX+m`MNvM>#M`)6XfVtvL8u>%<dR1*PBm@xrUxXey<km($@rP
zY@hYNecoS(!X$m{4;GGWArE?3KnkFNq-A(!X?nX;TBt(`o>$Zw7`k+&!b<N)Ty{V&
zv<cN<6V~oZp&BXSf%ex*i*|U40v_-LJlQ9kba~bj#KGskK8Z?ilV;Y?5?1qhW<J%}
zl^dqSMpRF|!4co;co*J2O+O=Lz7ZjWB*HAPxzCVlWNkUyfw8M2=ui@LZN>4Y{SFIs
zWA8>%P)r)NLV)bw*p}H?B(o@cV5iDDs`A6LU1!dTLK3LP;Xyf;-H%qXq}L5GTU2^S
zPOAH;5P%<g93!s~n|_ggX?zX_TYHD`gPgT~;`@Kvbs*#)qX!R;7r<qYUlZ+)_P9&i
zv7l|QQpPgc9vYMfB$Yz*?0Q_f%$<jp1Ti$!%_N&r;?P@ShQo>y?xkFXn$T>BYr!NQ
zF}@(&ExYGJP$}Hfb^1j)7dg72)H4^K`?Axv(8g|(&>PAyao-lSng5Wz^$uYQdZ_v%
zr}FHIOMjm5FYl3W2zB(J>A;OLx%k$wzQyC|*%0R?>8<FPX1wb*>)%7SB%LcG&p4CH
zabg5-(3OP~t!0@3x(Lsg21V=x@t9(kMA@Seq4RW`%^o4d;#N?%dmBnpzfXx{W8U_D
zIzE4R9Gy|n3k9hk%r_<0FQRTFCtUD(c-MOH)%%>m6T28Gv`xj*@6JB<!?t9Vnk&rP
zOnb?N^PA)KAMUxUobvB6fO7{kEY8wH)pD-e3kKwR=r+z;uaxXkz5~!9*Vhnh7N9Qc
zUk<n1*fLqSKM|*LsDg_vO*&lE+T4my>D|mTBwxeDE|Tz1a|g-vHZpU39Hsv^)8bN5
z);ks72vjXOY;|;Rm*owVUtkh1Mb<?0<dgTie5jg?Y&3h%G;m#haAigzTy3FXAX+Za
zIMz(k7Z_Jx(F!1HYctINX2Ex5AojuAe1>6M#wQtYq2DTD&(_$&?hS#h<+Bg?erK<P
zc&Ak5yz#ee1_Yfsn@Hb{lvnl}Se7j4r|>K9W-%Q$ZI3QdJ+Uoyk}kETtM%~sWQQ>j
zB=SRt*yQ76cB`rsRL!(TKX>uUQB`({=F70G=*;U5-sW7T3)ov=>Xsm{=ye&pYQ(_M
zoz6x?o-ie`ERpg0<i2nULYmaMarVJwWAwJox_3Co>?Tu}Q1!{^<MOxve&zegMHBtf
z(MLaE$vuU@<j1>CyF<lDzBAnX&$^Ebf=!3eI|c;cDmSc&_(i=(9g-;1RWf#`|EBEN
z%nvrT8DaHG_b`NV4i-=}ekK*LAKOfr#_X4`Ko1PYI%bpP{_!)J_$I~WWDahKqA-a(
z4KJpK;|}0^e;@Y&jn@aT``pChS>`8BLA9jsvxw~*Om6-syg&W*Kjlz+(C;>vK~#4)
zXLqvJZ}X<{u{QrdTo%nMXmT@GKjoN8=ozoL1UBAL$nk~nmtiu9{@QV9-(bjoAo%fi
zi{C+}*MtL`LC$_ISCcq2LP<(77L~Hr4|Gz5tjkNoKP=#t;D&4Vs)wC7fBn_U`?Kj+
zwMg1C?$+JcXgoS)lc8^u<d}W~9imlio6n+x(j>nIINS`>Moq<jXU>*e$TnE+4ruQ*
z>S3bUT%vc=re$W+x#GuV8sPeH0krB9T!{8VLgH6cxe#)agI`*Q#nKMHch=-}s8LD>
z+DcvhZDb+PDQa{0mc)KhC}jM#8^?Gltfh+UxvxLyOd!zDL;Nq&gaOqRV|dH@Om@l`
zQxxv6?(-$Nn5^RM)uiX!2pncty8K>mV=om$C-uG``wDI=@?Ur^b&NXkTaSAujGMOk
zxIPsb-@C4)rhM@)%l^Lk=38ThF`V2)`~7e+cZE2wdR;=MT}(UWFLmQ$-cDy3oq3E1
zKGcN9X%YoVO&3s@Rmb?3@<oZxCL+@BcgT;2t9wBdIftjj5j%(ARPeNqkiPSX&;Gc#
zgtSdEhc23V-AO_eUF-4eHDwZaHa&yeL1gW#>L%8wneyqrv<@8|W8qhW<=(P1myy1U
zpJ^JT&3!Wn@W?qaTDrwIxq0H=cu?@Wt+ths|D$Ga9c1$e+w=vE&Us0I4u{U@*0mb8
zrx2<t96Ar(%<o<KJ%_oX&7L1EZ|yPS(sxnVCrI5Z7Z{v*XfXMvW)@BUm3gA<wrKGA
z#4)}c+a|ZC@?w5RMzsrn$J++aH-C<)8k}qH;Np)n(hO~lW=Dj)Ga$Mc$g18Be8!7=
zt|K<ZJl8QN$&Lo?iIjS|qcoysyuxt4ORX*D?DU&G)X1{N!`o;R1K99ZRd;n)sJlCa
zDT=)Rc(SSz_f)d77bBJ3$2EY6$8>t7o)aA-MCaN}g3zne>o?PPtB_JAZf64-n?bQd
zHM}`oqzPnV*Of%@wE4p;d6Qzb-Pky4!Wo|M@9HJ@W`dt6DN5}3J$!reZc<~X9S=3A
zz61<Iy4I3+M4wTiC&qxzYZl+Wx`K7<{tEDj@Oy11-H*;h+kQj2n+n8I(Leh67TVRL
zl`JCj{HeWv@md*dALe#X8&`_F_!~S|`G@~56XP+H&w2digcx+1GFXW%8z`Ji2oPP<
z{hrX{m+5eQS3i$-jBc{JNr3)q@|7HBaO;MHx%4*fp4~|G>)p)kin#|{Y~!N;YV|WK
zK!x6~F;{^!!1JI)C=?hDMyo@I;p^WWvsoA|ooFm|@ljm|kG#lW$0Fhp#q=(5i4Nm*
z-t9u03`lT;hbIUp8$Bs>5uH>10D865cHMjbV-F=rBw(Lwqu2d`$&I!{yZsYbM)_Ip
z*=Tv+m-<}9VSx?X{6qfaMPx6Y#fI0n%`0GFvX2e(1Y4Cn1UcT5Z4EzQjK+Xd;KTX-
zO4tTO|Ay6Y$IA>=Wt85%cx|zN!3EG=ESKy4Xn?$`Z#%xqeOy=1yaL?CTOFi^`+SN=
z*|zmRcd<|~9ruDzJ2EI)qs19(@DK=>eZyPyENuHT+$msl<RbsF>Tc`v12bP}IYDU@
zsDCx3?)zC7-Hr3n{nVNKGli=FR08G}2gmur{el;n1fQMzF0|$A339i<*eQ#WIiEH?
z`nX~*4ArIR<re(8{@leFHB?q72#Nc~L>XE4g5(R;s~E}yiDLTrP!%Rd8E|W*aZPSp
zE7hy$shqFHOaA;BO&pkg2<eZ_<^(CNymOw%oQW%kC!EW}PP?qV_|s=X-im!YVbhY;
z?7e)_hJwT%PSPHt-h_e>Im;#3FC()v7@up^$&<UZ_n*#A>oPEb_z9|mFliIX@ik2E
z&b_B~VV~DROZ-~r+XC<CZ__Ns?Us!g^YtVKT;!@f*k}G!NIMCtimJOlJ6oq5qiK{@
zZ$n$vI`mkggdyXAy<+Bt#uYQ!fA!&+iX*%CI$h?;uyhu}(T<QS4ETMw&jw+sxoC|!
z(wV62Nvg}M8-0lD83FqV&i$9tUV|1W7Q?UnQubS8c|9THl$(($#pxz!9BxnQ^ve7c
z6?$^r^#&=*kiw2KLPRtkCdv6~3ZrjbJp*%b&nnrc$T(Y_i77O8{HT0SIOk=%BTOUj
zVgGgCi@~$c){jTFI8ryJNcMMnJDE!q+`%X0Qc*?kTU#6nWFIS{c6Haja?EdwC#nVA
z?X?nQ#5TA+;@!sjMIg^vlEd7>wLI=YFg^%?fV}R-Za##1>QAmoYwq0p0K_61?KX7^
z=Bl5MSJ2kqRXY+RGxRPrln=LkE6{1%=VZDuENV~+3q#<(wU}e*y*R<=-iNznPlnqa
z%2zfgfbzKx7c;Mxxtz6o+s`P*-WG?Q@?ojA(2%UNj?g46369wN#A8c$yJwa!7NE9&
zL};E3VFG^E6(ZjGSz7p=r(&JhZSEuSbxg@)I|$~ktGmk1mjH;TIe3#||5y3uldbK`
zf3~)gL;%)r6k`KED2!l?V#pK(f+v=aQcv2s(HTV=$Ic=z0|>9L!s>d7!k9l0;{X`>
zSC2vp+IKA7TQImErq(>&edY;3VXcBMOz)mV?Te~ON5fG>1MN7@3omD_*(_jKEc+x<
zIP0#5-@!<Jn-DZwecaLNk9`r}YmTLj(ua`T@BvRgfb4~0^tw)_TCRx@%Yi?6#z2n-
z;D#%}0~e_BXbn31(Y_CWXUM$B_uZ-A)VPgcKW6tkmZZCl*6vAc_-K`#ZnY$}Q%QtP
z<sS6H;`CnlGz>#1#`HIz-})h}pKHS$=$li^oJ9iS0mFWfY~{-_AZi?>$w4;zjz+_Q
z8U1Kgnyj>kY6hH#eINNNCnf#X1%MGdImi&Rm2bR$8y=;RiWemWmITreb3M0oi?CWk
ztm~RgMJ8Gu>%qn{%HI=N6xLO%!()kW4<cGfsu3W(pHXh_F4cq(AbH9Zh3jPNZxi4)
z+Z829;AqXZ=FRqL8lDh*AQq>$aLBX|>y{5taP|Xv62@FvfP-+YYEx$5j*TIU7;Ep$
zeUgYh7JRVOiwDJWS!sk&jNIm&X${?+i#xzm*dg?}Q_iR+|La~)I@A;!R3~rBJG0B^
zZ%Du!80nvvTgz$qJaREJ$@vBsGr1XGVKO40;2qxFnjU2q)_bq?x(+PsC7VB4=5|-@
zN_qdn0A)YMNhyvIWQuz}LVl9xwVieKiQ}^#kn1iErra5a!?ohaMqvT3MU%0NO8a(A
zlr*%!Z(L@XK7A2fuS!Qur>qY;ni5KNTFdww-4@{u=rAKJcg|`5v>1=Og>7xO8WAzQ
z%zLBj6YCI`MA>>+rTZlowc7u*QSV<!*kLWRw2}l@X6|#~+pWqc`=1=cb<&<QIbEi_
zdtTRHHK1Q5*%})|*gSiQ?w6teyc1c^lhw)JW-*;O)lRlV5;!Ar`hul7kTH~C%h{MX
zDa@h8*e%KWhL1j9r}A@qLq9VoTF|TPW%lVL!KsMnf>rk_{zK{iZr*yIb@P34>ic%Y
zK4!B6ylHywxdTP^xa`ELbf7pNdK4b%G;oZ}DfeITg_AQs&<n89qMK@k&8?Jrl04Qv
zaT$#MJEFLMoB>9V6$t3(DIPj@Ea4Nq9i$XkzSnSnu&lki$ap_a5X(m}zWD^D!68+$
z&_n%X=7q#*eo>P=whF1HzKgNys*=*UTm0@bHg>k@u?^e5xchlK%y;#KmeO9sk~Uv5
za_=*E=<Ne|6xTY6^iS0sqjv*v)Mn8|yF<Lo6MMBE`TLE_sdUKzf8jauZbows+1fAi
z2qNk8Y6o{H+z&>GU&U}mukfk?e#C*$6RaLXlzM&wkaPvY1Leg{q@?s3-_KH*P`E$u
zY(AJ|rb`F|Xd5R>F5-WAec-sFt{B=;<Vk3s8oi<6`#2X^d15)nQXuvFPfKMzH~wPe
z4?O{hp8P>5eI5DnlTH^_i(ux10U`hPjIz$HZKwoT08)&lvy?qO59SVg;Zo-|LZolG
zI*dc}&it>K`R4cYJm^g^_R>EX5xwD?vDh28Fm_%#n5~Ie0_V1UmHVwt@xptaj%MgB
z&S9VP0IFYY;)91sQdM9Wddh?hwGA%bxT?_iGZjX|eLRu2m0#uNE+;QjqsO2D+D41T
z{6pfkZjVfn-c&sI2TU`@(W3@eA^I}%f~$W#RR=Dag?Np}==&h+TkbmPu(FjF`*MxC
z@SXolVlXH_cU^wYP%8$vkWBkNzv@QY&J|8g;duy^BswAcnR)xe#euffT;iABH#q6s
zVsp=aUnsuVH<#?%<?oDW2|u^59?Vzam^s83GYI*n)oSvWy4P;|xN_}cN!mVfk}wo2
zKliARPtIkQQ8=0w3lH7s*JEf80qBg+4(ZIx*T`=$h8VpoUp>V*X-Ty5J29D5r5hi9
zGJyHwmRxI?er(ScGs}54=d)pSs$=wG(<P|%a#WTSDwm*}4!?xF{+L_)C>J2j^hS?}
zSxO*XXH({L_DF0rPhiH=g>qI~Z&-}<jrz{lw%Vw{YBGr@5{OsO@n5q(&+mO;{cz5;
zWnA@BpR9TP_QU~H8mtB2oy~1CQsBXFksNaV*KgB3t*I+&_C^vC29?h82{>|)xK~$x
zU79dgEGEaK@kkx?V#4x}d#*dvMDy+NJ*L_eO|rCNz_<ODC3zp2sK+`G{?>i{<iUsi
ziH9#R$kcP_CSPCA7WTsVH_@_od|e2#qpc{P>tKRF_4v}$D(`wL39zvKCcF6|rXj0+
zm>nw&U}w>JQ>bDi=Gq|eG3Q)%)wAaI#9>nBOh164_}?MLEZ>(wAo>dpM>=_Cs=ei>
z7zmZy2|zN<`WLD-TyY;&CGViOHF@fu0g0xqZNWtRw7zNw6SIDm>bK{%hG565s|GJ|
zA2J|u1I?2`>;ax3Jz8)a3xj<X_lnCQeB_8<tKtGI#M-inS~iea*m?i%JHX$@1KIc%
z;!0)uWIcR#-wA$0NB^l?ZC;8yZl^EoDqYRXZA(h2PyOzz)=p%f_t{|V#8SsuS30sl
zMx&Bq6_u4N^009w?x3OOGF6P`Jc$Fa8YX7fJl`>!iL2)DHEwc=Je6uWVp~2S1e~t7
zbhDJN&-!k*WbRez#Ga*v&ry6q2fM$HAyqcE=M&)``cB`W#z(N=Kk^{VaGWFu*-vh%
zBFp4umP=`f2y7DnNj?C)wc2?v+v@;yi`T(#*(9hxC_1a+Dl<0LG0uucs6GrAyLzI6
z>2<&0dO8JDR+Th`J1qpD4?c&WP8xOxAb8NtF0K9&3Smv78SO!5pwH{WPflt{?t2JY
z&D9>a?Vh`h0>`XJDzT5Uo`s$#P6@|lt$-&OCuZwmGWcz&4j27V&L{u4QaCM4_HRIM
z1(9^(H%x}*_*$<GzCRa{ej5>KSML5w5tl&3+_z`}=2OElckM6a0p!S;PlZN9i)eXr
zm@(-aeIB@bzBWG9sE|+?bz%pD7cZBGU+Rr&EaEGDx*)7aARaaiJ|kQOleFA16cva+
z_m%&sSAxMd6a=VDs!Wj|`pA~N60gk<@-Q$S;cMZdty|sRn%6V+{yR7*cd4(P*=iX)
zmR!O8c@A4v9LPz~AYSuXPD#l#EViT~=Oezj=j{Wj+`qsTp2uD#%Y<^ga1c|POjlsd
zufF^3rA5@ru2dAnuaKiB?E3GnztmSb+Q~&yE?|JI^!Z!JHg=y}n2vN+PB}jrUK=&k
zG#zbbUoek0rxr^QD=`*6p%TuY!<-RQVwVIR{S&c;;1rS|_1xu0ppD#P!7i}4+Ly~q
zx;FgG-}|K)<!=D9#o$&83D@yi4+pNV(iT2*+*iR3d8kO@EikVa*}n8{-<Fd|c!<go
zMua_p1EiPoGq8K_#uq`-pH_F{XR$4PmDis#as6dlNj`PX$27?}L**kh`gxp+4g~L=
ze*2f+6-`~Y?=Q(bc~(jNkQuna#8CGFzY~p}kHW)+J47j9tbbA0cJybs3>l<<08M`|
ziPMYcJ(Uk_ZygrrI&87CjsExUgc@}MU!XI5>F?`P)kvjf1nZUu)ilXGDP}u9mL8vs
zGlarZ-iZ-g7cYHe_aWQ>jkvYcjJi$k4%PlT-+9;OYGY06Tll$zZBUrh3N<9(&?1@Q
z3OR<2MliH1k610t9Jai5-R`UJN%ubgARiAJtXej@&V~3CGS&+@dTv3*^}{f(ZYbL^
zI26uPcy6~0e_o9Rb63m9LuWiV!SDYDEX0ZMLYNYfRRrXIV{LV@a4+~Q0ouKHN)nyO
zj3_4N<e!o|lCXyinF*da=y7&ufr2A_YPbP@ypzhPKQ?VcWt$p7)q6CVL!2_~Nyf`M
zW9>l9e=~CL+0U|;-n+?%xGr~}d4&M?dvzfdQllg>W9wB?-BHBA<JeBHuFFvEu94nl
zpn(eS82%MeRCajD*n=ywxTWfGb5=Zb5K@BvZGw{9Xer08Rf^6p70reo=FpH#gNc^6
zJ%cyeG;nh34CmwmQMFUPYx%IQ5TqhQ_+`E@Yk!{e`uZY8C4IT?_khGw-l$r834Ar6
zlHzw9^nvJlN0|(J$E$?;+6(iQk0VcU!VN%$*N3nC{y*da(79CYP-bLlD}eY!9(C>!
zM&qqdorsKH+=tg~A!W3#>`k-l>H5ko$gvZz`}A|Uyzf@!US0GoN&-KVKm#Ef(>^h`
z1#4oyK|8)0V*<<Z#C+pdZJ#vHT}1JxPYYTETqC<$bajB=MM4KX&rx-uKJ=vHV$}X~
zK8-<0SxICa0;i=1^C*#}rHNw<ZtwgRyEs@lV7K(2idp9z&Xe<`BBy9yze?(Au*K-t
zJpt`B14~HOWEshZ!DNU=M=Zwv{o5A!fOoQ`5FUA+=ZH=c_TPsIN&BuKpf$rad17uz
z`OYPdfPRc;d)kgk=3AA~yEk>HPnN2Jl5yGVvR6ln`D2Gw_~c(_q=pWBvP{;>=|(+0
zaqX|IOfPn5`8TZ}8y0{Qv{28)-cLCv$O74Lkn?*?kf+witj=9Tk+^-=Kj~Hop{7+S
zkZjRp-RvQtl<=g*u3`__Pc`C9NcTttgtiwB$viGouKL+FycY1eGZ;lFggbrFIV|uR
zdLrrXlnO2Z&Y2#6H~7h_XTJboR~y1CSyg27n*}ZDcZg|f3YT&pHun*A9@`9%sDD(P
z_oByw$I!8)u%G2~PX`dY{|+DvUJs5>JNJDwr#FA97qh(XlHV$6ntr=x?hKvZSCWEX
zNfG~*WW9azM%B=OE<76Im2xP>P)7R!xJ1%qpy%Sk<OSyFZnr<I9!d9Vp}moy9ul^?
zWaVGXHEv*&)y3{+v<$i+@uUwaS;OYyHNH3MQfOj#7&(tDX-FVjd+l3Q8_OVTTOF2-
z#BNWov47O<>zw-lPqoMbu&!7$WkcQuvmZPek7W@!B7!&$&SbCpLT7)5C6UoNuJL16
z>E*>`U7Wt0lBA)}7OybRkOl_)Kz6$#%N|Spp7|jupai>&AvEAAM2eI4#)BZxH@%2Y
z3Z1_4^${P@R*9w$@^iJW?|WSlj(^=G&u03Aujpz%V_JdWB27{u1{%^`7-0|Q``~)h
zg$}LR+@BS>tnXl_NL`V~=ZsC81`lrjct(_}yMMqttg`>cliQJbrN#T-3L^15+cC)L
z(Fs$$3D2eRUK}^1S}w(!b1}>RULUG$g2o>zpL|i&fL;c+_QARAV@1^0L>qlWyH&Np
zfqtLcY+DdBiNfPiHHN9H3TA25NA#@`^`-tpD<?9e$5cbiW&k&oX_~hXGQ&B`z+qQs
zX=h!{i;w9{b^$lSUH4#OEc}Z(!<?b&+?W=O{o1xoXbi5%dpp`Z+8&~elR=9@ZzN39
zFyc<D7f{V$f1if;6WgdpIog$nu5H_&$61W8EprSeA$%reN5sA3%;$497mAi|@#3}i
zXo1v6M(V_G@jAIQG$qzW3E&^k$Kt=vk=yPKDvl-;hZ7i8_{y9N`>3S~!3;I6TZtX#
zufxyBwKuw#92{_=Pl0CjC{c0il+Zh{UVQ6YJ?Fr_cS(zp#u8m+^?&0!luPn;{(kx*
zx{62ml$uN_OmNBnqrCw0!<Z0)XW=1IPIJkNLEr_cgS1oR(YuHSu;p}c{7*}_5Ik=x
zbDC$a31MV3v+r`C^YWJ6IKnTSpYscz@g(%9)8C{pf0f>a+OQC-!s5~b*<6$901w%J
zz8y%i`9}yvcOc9kpNci&MRv9hQLoSgMn3~*$67qRkkP5?cMfBGltcT-ngIHcM49y(
z+(EPt4Qqr{z>AVbq&(%Rh7A9!p+@}&c$(ukZ3DlJ4JV?XbxJS1Y5xA(h_U<_#sa@Q
z2%jR7!GsGA3IHYcB!o4}i!O2jUX@FHW(CzpF;iFTJW_3_cqsAScG?dVVZpxS80{V`
z$O%0&E`Kdd2uht9P1bjZ4yH?PXFl&RK!b7m&37{RZIwcn?#^kZSTfrwl_B>uj#mFb
zXrI+DBmLuRN0rfa2Gc22N3G>Rz6&8gA8VG%?+MzUXh1KHl$!7HxgWYKOR!8fy1<F}
z`l8$WcXqS$w-{tUSCGi}UJ_fkg>gx|h_YbuuI)5y&2mZ7j$2pC*d`O6{(fw7jW^fz
z_r{VZxC?vXg#TiKoBp^MZ-PYk_BSF=fLn!9M+3#MLNH-&ER&=YATdCA)V8-^<yMi=
zLXCHO#@Zhp-Qc4_4>nJUO$CirtDA+M6o_#rfUBVT^IoAqoAI}R6s5Ee#3Z%GV|BQC
z5r3)~giD2C+QvlxkP(5lV(IdmX(AxzX;Y33%9<^1+^fIr^H^nEn+nzI)E=!~8Ch4%
z<z<F_(8P@DEkEk+`xcGJUbT$XuBzh69p4u|aeEI!ez9}<yAS3q^A7z-E)J)w*A9|I
zW7QUQ*jFzS>NnN<HX50ssuaudZ4Q~MlUysX*pb-UBFYhWcc1m3Afd$>j}3<<y88Q-
zeSuai=j-?HWUxqH!^GR|5;r-5e{Xb$GL2P2){dl`6~cN9j4cKcXxuhN`_!R2y7Mr^
z2M+|S!(75MV4Q;06Z9t9p=8_k)jJmZhj@pU^(TeG$n8!dne%ywyA*{e?${ct^cwhC
z;np$Cj5jp~q49tNZgu|o&THj{AP>Lzl4LF2-QzuF8|(F@q|orKC@X>jYN-|BvUleN
z5&!~mHlK-kKKfm)3eVQrNfGPUe_t{1MI30ivW*c|(n@iNvUFEgCh5vYd<}>u{NaC&
z%hdClk%o%>6C+>)mobv$^-FfF;J1v*j4Uh=#+SHwG&FrqFYWAtLg=I*_uiMrBK5^h
z;Eb-hD2HK*xmB2`b^-lNrstTR*{DG8b+kZVrtL9!cEO$D)1}lK_ZIZB7Tv6%=qij`
z80Oy*z|QZJbWP-^r&wK}>&wwS_=)w}hVCuVa<1$^`?-1+tCZBc9qtA0z8i8`f{H#|
zH@=p00q=69O<d>=i!6(}(M}^K=uw(pBj4y9>#Y}A3iu`jh_yK+;L+<JQPEhNaYd|%
zkd4ok*}WGkR7%ALNo)NIDF0E62Bg6H+c{M*Z3qw>GV;_cqieI2oLt=CLUg#`uP%Ih
z#QQY2lSw?1j*L9Ih*S3*_4sSE)UA&XS_|j64gju>Y+-dJ{6K)0rO5%vWbGNxo2cR+
zhU8YGj<Dkvj8jGIQ3l<18g1Wl$8-FWNWz`CSBQYZ=brNM_s{y!S0iMLx`tA#l~d_;
z*eRqzaxPRM!C8EyXAF~k1NXnQ@50GEpMx3<b$dV$PtN?J^rLCau;L1quM5PvbzKa;
zhsS(4;_waGOXuwKyok`@^2`eT7&7m6)$n(V%(#@7Zv-->i#G-hm1u-a-_Pr+sjz=i
z`t!|qLx*ost$Lo_P?xJch9dJQ>Qp1VZjhlj2k3AP{d__c;<Ys{O<t$G_fPWq@>f6N
z=YrU)hQsRh$tA!Q^*^5$-Z#2ag2kGSTTe{EbS-Oo<b7m(%@GQ9{0g}Drp7{RhI&uN
z-`gj&k&B;Jw(mO9m`73BxKU*gm2medw!g%ADJ#bFpV-0XT|&yT<2Ua)?5IU(S>Jk?
zP<x5u+^Zd>?7ij(%{Oh#+iYT<8N-PD0z?7%yU<q<>R*SxropH}7Ifl0ea#%FKQo~(
zprhejI&|g~Vd3#9$X|nZN-M(&EuTQWteE%nq}RW`OL<G^$OuOiJsT0@K20({SM3qX
zMyP3DNye<n_z7Ckkq+o>{%tLr(Z)f5--^>l6?A|9;de1la)rRZKHQztEoTuQi^w3$
z;WDNXyREy|N^{z*c$ZqjwY^}lv*qM_<$I?`R@=n1cMrnbk=9HtV!a2`I~j)9d3(^S
z#{LbTBhAu60k7vS-;1+_JM0MEeeB&7@dL&F`u_OR$b))*a4o1>Lc`OG>KZ@hI_EcB
zb;ebiC)K7&HAUCEs~$h|lC~tsVXsJutbmYeH3m0JaQ=*_ZbB#nElX!M$Ltk!j3BFH
z*CDJTb*?h!FnAoO+?3BZ5H!ZoO4La?zxk~GUY2EMvXkqN=g5l(YZf7ujZ8#N|BY~d
zwECwQ5lX5-4W412J&~dL*IhJ=dpz!U)SH^0S{yT5Gj%w_I4+OEeJBDqv!1<)LYcXJ
z1#cI5t;Q380uw??w}s8cw3pNr{z0R;dlqP4>UbWVyN}~zgc$|i?oXJ?0P)DrSR!Mn
zQ@tcJ;Zb9X->=~{n<T`Ye;%UfD1(lvMGC7wxTavxvDK|(T1Evlvp*<*VB?WC3vrH*
zj6uHq5in2fK+o0Z)WNQGMxxff4ML*5#??j_R4`;%cUeTKEt%#zciILwkO7AYflBdV
z%*b%|-K`~Tq$sWNn%tDFBT0;69p%5Sh|-0;^e%g6%I(*j(pnfip7S>3dDXjj9>xLH
z<^NEaht=i#-eDj4zI<R$Nm5m(;43<eXVw$NH=?!XTP7;w5|Ie9ZI<$!kFUrXU@c=%
zB<DSy*T`01a%0cr-ykltQ17^FU@b%G#rux%dDfPwIiB14f^k*@LRY}se=>Pce;@;6
z9E-3fb|BM^AUveMn+q@pu=}aPg6&S-m2<FuqmXqO?YBh`e@DtkK&rTzrnTt`aqE{V
zGlPv38u>g$e_$f_Hz+<ScU!5Ro27Q@%n17~5wN#RnFcF7#FZUy@cAO70Argn9`C%0
zv}U-5w)7Z53le@;8)@Lo{GPIDHvx`!{|1tJcp@eBpYU<4C$mf13QIYAAytccPC2c#
z)CO5GK+wTp`Nab62z&LtVM>IPx!+{=?2_kSJ5~m-#_!!w>;76I*)ajlyUrRR9|H%P
zjzC_e`H0wegTS+#vKz5Kn+e_ByMg40yhGBMypq$JP@{S_^Dv(qY7f#%d1!Bot8A|X
zj%sL*%&kD3A*hp2*0a-$tzZ;Ib^vDjHmtnbQ=g3eYFO*J^J|4#Yx)?Hu3ME8cI`&3
zEY!!Dt@G2fQNT^|Uf!_O!VX_+Ul-uYTkSKXBi6!q>E;7x3-MDWYs@;X#(k=M=hD39
zaV3-RaF3B~Ifh4i%PE-BXUN<;zW|jLH9fjc0Yfkqw|(z@MTr3>ua<?~@~vDxEO;>|
z{x0JcSGS=L_j7F1jhhQ;TXSuc#{1Kx<B>UZ`4boYrRNhYTM=m5G_IlBvL|{tL8hrp
z=R9K9xMffV*v4k?wUU_M%|=Y$^E4@p%I;meW;!8eRkt^kb0q=suTDQq`GoY}6~8{j
zq#d^ED<E9x_y_V)aI@fg)0Z0!7O6Y66`EiZw0u62;XA|CU@)E*Tex$XJ*63Wv@uwG
z`wo4>B=Aaj6${rQ{B~Y%GMLXInR_j*oPcvj3gEip79MkB?p14?WCGPmdVAH{+RD%`
zGg}E4Iqhx!U~CTjtkeU7r`eV&Jb9*Kn?A2pavXuD8!<Ic5Us%VhN0YRg*0*Eo2bh|
z>6aVma7WWa{#<^|x5a2z8<ksDf!KCFmZFH~;w2)Fw;L4nIKB0gD)+Pk*K_JAZ?PEn
ztvw|FQ4miFW)u`T0rMzA4?60WVo|6z)0H#|%g$KUNO!-L=Z1>(HURLvsis2*rs2u)
z%$xybzdF5`yVt|S=v1iM>fNj9M(Of@dfMxE0hfB(=dHsDI)9r;$_qDbx(G(6&)4}=
zJ^(5xiP~fde;QkbQn`Y2f;1?k8&qwMmPQ1wuwy7Xx?9C$^*+u<3zF(0lf~isn=~n|
z32T%IVBw`gr{HY~>G1@rFe;9)&JjFe{?U*jEK9>@k-c5(>Cc>U5L|B(3F5MX`!>+t
zC~Ryr%?tT+*P9l6k8m*&v#^>!>5Aj5R_PzbY|q>GrjK6FbgUzSpvZLgUs8K;Ew%?<
zHb}}O%P<qIW|YDVz!B?q3$PI;slxK4Rr;!@eJ~XniF-6m_6-_++z-!MVs@O*(ktB@
z5Gu9)h_>&fjWN#)ca4_}Y}*=;MVgAwc4S~Pnd@5=8+PQ%Fs|DcF0QO2aD@@kpYVix
zCDB|f`r92#ATxc@gUUNF>kO7VBbUeL)xLO44RDD19Y*}{bNci?a87<y(MJ>y$@^(9
z(UE{GyM9BWt8^igXA5L%A1O%ZSE`IHb4FXU>!-rp7`s7-B98Bs0W6{|?8IR8y(WQ0
zbK)LvRatY0Bl~LvY(1dY^=stgt+p3_w(yPdF$Zy9MP_{?hIWNr*h_fZ)=Nobd0}@g
z$6V01z}P<B6*!BaoTb<_q+EFG%_LYAcXIV=;*k7hBVDASmhfxkLBld;?;s#MxBb(`
zrS!R_Y$0W0PAFV+!zuO8%3w<M><9hOf}L&PiY|0B>$q8#t0#=D+R!kOLRbq@#;g7L
zgvRX4`%Z$C{C%QCPD4cMn39=mCX$T}+jth;$GAFagRx7nPwZ9|FWix(g-B?N?oseF
z>w89H5|(>`wYVoB`@>ILiK7X`m$%v9JW}Al>8W#^bn~i;Y1!H)Gs7vtX7EaeR6G~c
z1Vhpw!Yw-jHHk!bYb>lbbAbV??3l4J+zufcQCL2Q|IS?uPa3P;cB&>kE@>-<|Mr;V
zG%f0$-!h-FCl|`aKhY~CPgl65;Ig0?5Q=M`rn_D7CDnU<BkoR{xEEd(g*@M=5afQE
z3|qea+e)O6v!XD7WM^WM#R<C0HbaFv)1|#YU-F5gbQEL$F8o?LlUh3X5SocoJru~7
zy)Y{4dm%C-AzNl?%#axtFTnpDcHV+vWgLLOowYKayk=wqu}rIKPzV?6yoX@IBDr`6
zqxq6|RAUX6q-!hn#By8wmFPUInC|TAS&6Ag{noP>_~Ps)BikLxO?GfIjO`U6T^js9
zJ``kNy_jP<C84}h9Ax(Fm1V`ceOIDGP=wEr9<imP%HjQ6Akl0~ZSBcM)Sj+!=k!dr
z;k>*Pg^eqEz7;8k`St@p*fwja{rKwCoyb2T|2HO->NacAp3ks{>t-YNZZFQG%UB%i
zV<x;Kz`Oc>scndOY7GVpCyQ;dWw?+Gc$8TYPqRt4#-AD7sJQUb%qohEAmhf>lA(Uv
zd@+6@*;v-7Axvxp2ew-)1!OS8(6>J6`Lsc5C@w-cldxk7wv(p%0@ig<1JJHvbvjy`
zwP1&~wu$#UEcth=;$<yWV}<bvqEE|y?D|0{N;I`MlVa}^@O9ml=^U6$;jp-?sbl4A
zsR7<kui68>Q(fCH%C0E(zancpA9O~yWI618esmzKzF8S*RrYUos2<IYQwF>vHk=bm
zSXvo0R)i-9NYxhmYtQN3v3D+S)4WhF()A8l&o^V;j#S(HiP+ES?L5;&;>Mp2x7Pz_
z8_gYHnSZ6c9dQN8!~I0nJ-jksGd~8oeV{0qvMYuJ*F&NPy5^*kB=QPkj>YbRhFoJ}
zH)1QId`w~?aS4yVaUb@O!jIbJ19%Silo|ExemGfeqfFWQoCh{xlH58XYkcGN_|w;E
zfBNqoJ(wfueq*Z4Tz_28EiW6Zo39sjHD=EM$(kFW6gLRj*AjV$vyj~&^T|}cmPUp#
zAJ(vDq|bfnT)m+j8?=$8?L9A%$Y1GOI=^Qn{|CN6LBBYM3Dg9UH@~>?(0qjK&dQqw
z?EA;U=;0JG^9B~Qc#AK*S(orxRxHv?>+1D&WjPzuM(&4RC!7H=(5K{XLA8HmEnWnX
zHx7|z_Az`dcYK<+T!}`jiRQkh%R&>rS-<os^YhcP&B_C!`NAvR860{&I>EI7on=ic
z_dO4KKF#asbj_IcZ=NKg>aaew9&o3LJag-HsPm@bdptm@cTdEM)2=_MZ?9YONbutE
zdeyqgrxL6>H6Dp6e()t1{E-PB;Ku~T(DTnen)f3-x_-$&_{#5|c=#MUKNz@aiieS^
z!Zddq*Jn7=_tfi47qqeLjD2%Ie8F<!D4#hiCpxa1@F!(0SD{ORs=$zRB||T5yB*@I
z4t?F-1@JCl=;Y%(M)~#$b!O+C^9sD93Y<T%en;hdzk+c=(M5N@u*`kTYZ-EoOP()M
z<5hQY90gg_%fLQIQ~~P-a>|dceo-3G`5J0FZNrl<q8Y`$NDRi<FNw>I>tbJL?{}Ot
zqu`vM`JhE-uGT>uI#e@DMui*Z;u#F$m3?v=aQDPNXFzrQA^lapv!D-fRXbTK*PyMN
z*kl-$tD$N`-%K@l+u^Uf1=fmrlFuHJ=$85(c)?%~uEr+Y;mPWHND@*TDES%v{yU~_
zDb%>7<T~oBCgnP*+UidA$h4u)P4`fd2UWv*5tj2Xam`A7>_)b|3hZe1qsOSb8H84V
zhsdikA|Fw1=1crs=W=tEie%peB|D(K?_#JT=H_<UNAO|ZN?S*=ulaMEt#*!}vw-(h
zH~MB@7N6`@f8m5CrwP`&QtL_-J+^uBGqCfki7xpwe)F40{7^c}5m#>1*Lj>3P&AU%
zJpAxLia;Ep3J~5HlfRuRF5#6~@>e{?w`c0nu9a6FUWD(xFExWHO|L`dKMZe2zvm{~
zj;CEppN*Qp*f(_Pb;Ceo?I#aBE<pUlGx=+`_IU6ZU;DQ0jEL3m@w?=Yv>m^sW;(?!
z`?#*yuV$-i5`WlO&tsOIzJ|Tedt8jCjk(`h<JgZ%)UXPu*I)SevVAT5Qvsx@xK&%0
z#p9|F%fx)p*!6<2<2`V+j5NQ^mT)b*Q+Z)b6_33xUAP3bM?9ky3Z`Bj%qyqD@Bwe}
zMb0+&Cw_Koy(p(;FEt!GKRZt7qMkH6zI}aV#=+-btwAS{?94|W;ivred_ve=zOHJW
z-{2KTWmyiGj(H>7oX*6zPr&?>mcF|SNtf#=UzCv|z`!y`tpj-H^=Jg0(6aV5v~pjt
znIL?TRh>C~@lH(4EBiE3W+z%{W1u7|lNvTJ0JLNoi{20%#fv<B9id|plt)C%5I`Q|
zoy>2)Tf`ETj?)?umwG4?ZPm(cDL+i|sKfowPx!-kKHo_oIF5(-Ik@}uRo#n6_*#hY
z6k&*yrDWraXTgU!D{De04Sy0I;H8z(Vdn{2J@DKU&>i15mF|pJp-9q+7>{8zt2LuU
zfK<Q&V8Q2MNWx_)kBS+d47o-}@?Qu}!80`kB)$tkdNk?O(XbA)V@-p;vf?<IbA4*G
zoamGMbN!s~;ac6|V5;ySVOB0|adI^~>c9*~M?oIKOYZ#7hvyYIqY9iqus)+gzOQKb
zBB54N7p-Xqe3hRrUA`#NUjB_Q%>D{3eAy^?Q6)5SipB~IcCQfQ9glY0r<31khj7@-
zzw%3%*!7!WB$9`6!;T)mbn%BQ!>}W9D2->=7Cua3TYlroaRuZh93$i4I{3p(H1#~-
zyXu(yXk!b1)*<=XilgcW0^tb=f60UTcR)Im0N)hl-*~J0Sot~O)}k}Tp}K~{qvBP5
z`Hg$><jbTWoknS@FnJ*zY1)6D7V%vMIBJZ8WbyN6kyA^&fwyM=5Od`J-tDmx{2{I?
z=tO%RGk;1>yw-t5Q8P+)<5+qedP4?pz`8A<1JLoqW|?&&UqukPXz5})IUmg{fsk&x
z<!o?GgZouf6Q9VZdD>JCwZ8_a>bB?|f(X?`2~@zu$v!HabBvL|nsuq#B7cl_>$TQp
zvUk`W5%irFE8GF9Lp##QA=ja?E>$=BpgBGel~;wuJZLN$d9n{SuKNfIWyQ67!De9D
zD=%)(1;IFMrC;OIvo*ryJQk*KW~}{aswJ=XeZO~7j?Cjh$ML(Tgz=ts7gqa4e)b>Z
zy?sAk{ewGI)-Gv#&H3~(lfo2gyLjX&NiXX>F8>3)6^HoMzhKBRo-1xdiYMjjJ6qbe
zxL~l1XNoe!E{Vf3p8SvM5B>Z6EdO=P*P9A))UL~)Qn26f&siM&@$qT?(AQLmKg(u1
zUD*_&@4pf!vI<+T8py{hpO>4FU}rk<!M8SM^Y<hYz%ti2zy6?}q?=oBaK{PXU>QBZ
zb_EwN44ozTH2Z~j1RQMcE%&2T?egnz6R)eA>+=c--y%o&gZ-TQ9p4vnUyyg2&qzR6
z@xtEo=uQP$=6#G0SYXC_tOVW#_90_l4yPSk(W~OM05cyMdp`{V(ha@}8{U?O3o0Ct
zl7rWpK7TR|EudG39{M>4wxuk^XpuyUANjJ^WpCekzVN6C_s>!7cSaqhgItt&X0I7J
zKqpvvL#w<K-s&UxokQ`A^^4tdf1YPK=ZxsN;HN}-T{Dl$tCn-@6L1JtWv*rP`oXg2
zX?)g8KHPU}^ZM65XrAGdpWj*zlX?rDljlUI*0|&`3S|6lKe|vb^>(WLmi&XSI*s96
zn0w$;n0w+?Y2`Pr&)jRAUIAsrnq=5=&7(*2euQr=ce0tbOCjon9M`)FP(0)MS&2jx
zE+@3FpYyt#$5pL7sA5>P&KM)?D)7l%;gjgVx1sRo;=BT9Q-Sjb)@M`4_ZN#^K$a`g
zlD}R^$JHvY6Y%kcOAjo1)Y@40uP@N!0*8xgUuZ#-=+^oo*_TBmz>A;#OTswp@W(~d
zd6r)G!V!-Ehjzv_E(tgfg5A@x1C2aIhB?~~hXe=_F=@i%AYB={4~99h8KZvToK9J(
zn-t`lhK4DC{l#B#;y9UINOIDBHW+?1zcR_6kR|@Cm<$W`GN{l4w^|tm8YyjA?Xq?%
zOf7a!y~pT#NPp+$n~P)kFc|-SIi^m$iRdCM$$KA+*^S=ppZW+2mz<ZO5{ie~_hXfz
z<X0=)@%c-%?fc~D)h71WWVBk+HZc&2&jZr1FiLvbOG$h2Ni)>4kZ8nTjMAHi9;j}c
z(ZQFsGT~56!)e%UL|u}XBEnvrr>vLw6|(}Ds9?a?%BU_0BC8IaA2VTItuRsZx4t_?
z0zZFwY#93RQ{Rf^mpko4i22%ePhWYtF7#i(R2+@pb+gB`F3fA*y_H|_D4oK*zr>Nc
z)SPHxS=BH&Z7hB44<u1X?5hXIy?g%IYkeJIQfR%Mj*htxod2<HWrq2vna+y0*?$<G
zN_?!~ePVts{ChWbE{PgNk9FOu8q-({GVIV{kg;Ev;2*!YElE0flGj;C=E@nhbZ4Ac
zy1rN9HDS82MRo@Y!&kn(Uq$`K%Y{9Im}Pt-9nDAT_I!ugt(rN%Id5h_Ti-uSuS+Al
zoL58c`J7oD#kcah8Vsd~JNH~ihTJ*yJ{$YZJmCv#wDX3e&r%IKEeb|EU{DI->-)xR
zWLbUidVm4W{c_*-mAB)R+Uq+qRHh;V0ez6?ZdjS_c$Z-TCxWCM+39r{S2E|pT8=}$
zef^g3GdYNa#v~S5aTnKjI&gp^^^(C6cLkuOTe%(9d%|bp1*Gr3318>=x*uj9qZ&W)
z*bDVSr}5ga10VOudA;m4t>=K%zNgJ6K;x%L$Q{9Fp2@5Ynfu!N;Wdc`i~+f8Vv)1U
z8n+@OkmQ{I;R&L;F^ot9tOyT?ANd3yNeklFK8hUvnqJizT9;Xv#YY2hW<RnU_wGbN
zXDZn&$FTxHLEUuumbVVGp&X2liyVN@u7G}Zuwvqw&Bpo4(bEm}xje7H8CKx@f%O>{
z^L<0b7YntLzFzf3D!(C)g4Zsdn*0C&KmbWZK~y+jc<rBe*X>wvv9zP{hA<3&h?LaD
z8RG&Dyf1%>L;rGUT;oLp`y8i#MAZ-5iWB@k&Mv>A?fmrO0Zj5rhnHe$>y<Eh^+e)W
zZuQauNEDQ4oWIB`LI<+B?@;n;(e~;zzWm$1=GQYwp?CS^1t$6Bg{r3se^Mu0&jKA%
z#(&t$9}3wi7d&4GQAN~`Yumr@Kwo~cf;aq>!WRw^?N|B({?Y>@KdrL|;m1e{+j-Qm
zczcG{zu%5E9ZqJhbGFggr>T$qvi?2Ysjk$S7Dv@n<koSKX;0Za5<nL4C>Pq<>|R|A
zCO#>1(7F@55W~L+XrgZoy<a`xkvG2@1+MtefKPP^bmAi&Tk58sDW#QBd1W{;C63VY
z)WPXD2`DSCa%qb?9_grj<vz$bBh*U_b{)|=zVnA8aPVxs<JNL?^uC^fkCer3IK32S
zSh!rRDi#Up!B+Kc(^Oxv;Bd48(kE-6nKvU5RE=G27f5eAX*iO<M%j;r89Y6+Sl;K7
zvt7z_&v9yQ)WDrSUinY=Q`lb9#Sa7RzvQ`$IXGsY^sz(c1*rG4_Vu*CH7>q;_}6LS
z{UyIjE+<Cu*bffNn0dtin4J7!R*V19@e%*{m0aO{wzk)5AL-d)_{Y!k4E2}-zD8Lz
zp7<9#^cgR5)hqYOemJ%fNAbyiMh9|oMwvnGUo}aY?BQ8+-afOszTFWG_WxS(@YQ8%
zdO2Qsn;!+Eudcf#nMT^d{coLcgKhML=>@<jyy$k?Il&g0Y$(mwa>pm4Bu8HG(07)T
z`Jg-A8HhOiBLCbnEZMxZ61*Q>TIWZy!Phk1DOBcN73uq1nCZ%gQeF>|Q4s>;_v@PV
znJOG60p@iLuV_JT`r?m>bU66*%9&S$=$2afYB>1Jdo=y#3$NcHJNU+Yok;Gpc4ba@
z$Th$99k*N$aHG|<JUEM^2)R}c5Pnwy0p^4`#5a8^ol5K;_+(r>^E!g2Th_nxNFs&r
z>jwhoJf9Qkb;vw|uZ`AtL{$FsM4&kB`ZLn6eF25=ow+;9dda6NB!{v74}k9pjvxp4
znpZq}{#l_1*x$ldox1*S8=p+(!bXSvg7x>bh8$L}sq-oPa(y8_>(0f3C-)Otr7!MP
zvF0&Gg{b|QFtu$&VV*S)Uq7dPUy;XkctG7d#Lphy1<b$ZLHF}^UV(R^0_P8`--V*S
z|0r>V(M7W^Oq#&%s<Rt<j^)oQaJRW%$^+F-ab%c_HyQkZlNvha<t(>FkWde6yeR9&
z84kl9+~hao(Qlma7|UKb*>~~8&%6)^b%cwuY$<%jD?D7#Mt({V8s01rm!`Z;Bo$wb
zDie&$Q}(GJaHQ-Upi?i7BMNn`R=+%jCX@vzm}+roA9&V^B&m1}fmaXsl5|5Gc8~HK
zYkQfg^Mi8e1us1FL#1}LoB6W=jOWoiLV0S4gN-JBpB}TWsq@(PtPj4ZK#QMtE%do(
z^tz2wcvpKr8#fp^9ydoWUYAgTyuazErugx&)J+ceL?w{Cl0l^lxO+htW8Iv`o3iq&
ziTZ4$9!P!d@+Xn>W={O!wU28a-V_tzAFkQA-#)L5W!K)f-|#k{qtly~s+$9dB6-yS
z<tl~(4!adum(;`Y$zFLYdq?tlGxAbc+WD39R)L8J1N0+2z3FNxJNmhKwYKcU$=5vA
zLIZvLMt*kGc@3-QK^*$z+2u9t=As{4^3vdac^H)$RhlPK`=I7KEUEO+xcAQenUU8w
zHRiY)&O6&HZwQYopB|T9{#d=}TY4uP>Vw<M2k}SN*gVST)VStNITPO(&XMP#o%7G`
zM_1P$MyfV-rO|j^qq$!>1Pf_6d@3RDcW6gh?Y)dqllVt}PkEaE!{`wJX&sMyI#185
z^7Fige>Rxr?P5&TIg4&cYkySDl@3iyURe+NmLcmc$$SPMM{~>dbC$E6*uD=6@9Kcj
z#J|f=yyfBS;1HgY6S|lu&5o}_O`hIXJRh(|a+nLG8OU3<`|y>c+2QM|ns+**Dmnyx
zdS44L)+b(!$tKCe$j|&XEn2zZ;I9EE4Q*_ZJs1pO^tvJne085NOW_7zctdN+<DR!-
zL%r}KA$j8v$q?+bS&kX^evPri6af(7S!8k1oz1+F#gD{%9}b6FpLlcu1DrU>cXkZ{
zlsFh?nW4<Xu+&3I&{nP7TyM}}oN~DUm~YOjU|J5I1z!ZVPWa(I1$URG#8v&FNZ9b~
z6hMTKYjY30hz~qGS%p7>U)VVSo;QS%#IaxU2>X;>`ObJj3lC4>aflSH$gL|2iSW%l
zC<b62%2u8bH7s24vlDnUt@b4fI6@{_BM24LLmdlWJTgNcd_oy8=TXz3FTQm(oXlB&
z<I0Hx<<*EO8yW0?ZsQNrEs|V+i?S094}(>6xHv+2#3#Pz^1K4?paSO)tlvTLJ}}Tc
zedwzxu440rj2Hh|(L*}XRMI0~uY@m0;bVm4)l&A-?cn|mFa2!qhclJm{x^a9->3%f
zhe=G&0TL$Dksmno@MGA~<Cm`L#8)0kSFd3H;g_nxZ^!%Qmx(q18lXm)zw4L$YWmFB
znG`<5mg0v`UKK-_iNvw$s~30bQkc#!6E1@AlsaL?Ld8&yS?9ePK+QpQG+KztudHpT
zUDWyU7KZ+{3}M5za%JK_>}KQ-Il?(Q@bHHs@lwvD`@WT!(_D!@{Wy6x*&$UZdRE0s
zpSnp+rrsBVx^Bfo(G4_W3qJ#~k)BO@MAJH8P+`p)JJjUS!jwbN6ou^>C`S1a2YvPd
zUDRlH@bY$bMtr;33;9(64(cWrMR2e4s!qjMkfwx9@d>H8u~E-?PKk)==y_wmg+b0H
zlU4E2o7PKK?sG;de+wLUdG)Y6M8nTtqAHF1BI2RWpu**P*Z}C2LFFYFjZ;FcqbKV>
z2i?`pzBo?vl&<4<WXB!D4|tC?!4#_wn(RHtlYji~Ded27&oY(FHXinS`^Rs{)&HUO
zHQ~n9YTtW2&L~cuEi%0^wsjrHOHdtF`#Kt4r}ZAde{sQJ8H4w<vGkLF{C4`j{FHtj
z`?U4>>^U5_$1jrCeW$j{htSv5h(Ftw#2g^kA7m!Q{{Cy!*NOD~0}RyYA(lGk8|UN9
z2VZSW)WkG!PK&~_?^6J$uP%>qrR)tp^SjnEcf!Tn3qY*-XfYac$7g;rxfM&zmf@ih
z!6f4hIn1t9UjO|lYI3Y@_!c?4jRd4^KIF|6==(!hmDWf=3h|bW1WnhSu0$B<HtN&s
zz%_)P{A!kY{mZ%@$iW1Z2rAJGYahWzM$SqtVlRuY_p9z-1T5YH6i@G0sA<`y4_)n}
z$l_bJg)^$-no#b)y6lTD1G<1d&-TW*KX$b|AJ41SQHgu5WRKspF{==cO_W+stLm}i
zX~vppP3z$N%>DD>`Cb8fT`G-ATjfV02kTLJ6ign>x7T&XBgFl$XU?PXgP63&V-t%f
zQWhV^de?r<hA*E5_jd5%+3m*~>ipvjI{(D4@{ZwL7y(ppU0-K>=6`^%L=srCx3lvA
zW?T>K-|>qNg@l0vN*^`CKBBMiko#p0PveW{wCmltek#m3B!2LaBOAJL#AC@hT{*4_
zUw@Ie-5W2G^TT-s&aeXK53J9ynD1Mv<&{=fq+ClqC0(CzphU~iBaDI9#q_8hms99h
zJN$8VJG{{PQW<{9#G_;!{1Xnw)n0LA1<ztHobV%m<H=TW(edo({H8qHu4HhCzq(AY
z^Al;QEdW-al6xB?t57h|uiG>b9tQeVrbALcsaFyh(8OPHteK7g3tw`wH1V<gh)EM3
zgE>FFij`B_$vEi<AxGQWT87yUCw~#)P*AY)9Ps8zQr6fZ3zT#ekJ?grT%Zqt$b32T
zx#=c^b<+NUMQcTmDk{pSQ3|C24mqJ@omsP=3Rv+JbqekCw#XE!j3tQnwoz}SRe9C2
zG7);>-xLoVzNsI1iB<>uEq3T-Qaa{yU7*)Z9Awu;;c)$epXx>sTQjITvN50Xl#Bg_
zJy2_SGfxlYhmOiV(W`Fo8F=&2g)Mf)!`N)Jkjz>moR`m&vO`$QF`6LJIHIn8Ca_N*
zVP{?z2FFJKqETI^tddt;9fevFQJY|vvZEVq6PK%g2;AF|mlK=$*ndB_QGt8TqH2-4
zvT#J+cO3foKa|8OXCFTh?qU6r{{!((y954goVU8CjOFycIP^>&Fx!XqFWQ1txw?RF
zcbu1zvz8B7ga>rP>@vaX>beJXU;k3hNHG&+g|E<gU0V6pB;W%xuUmbY8Z_lPD~g{g
zG-8f77z8U``r<p;rPne%C6}RqI4rUV7v8YZw+a&pzqyf$e0qJI<m{8astBH0#<ob3
zc36_~i%NATNkcoDw|q)#8bVtkvWZD_#SS`$DY*a#Kh$}B+{=B2gP3tN^F=zkkMq9i
zbcJF1Re{Q{c?BJL`t=sRgTN_eyyM$nf9HHwAPA6Pcq3PTjOcTqd}oSg1aZer;tYxJ
zo}NNYj`vDNK(Iq*9i6ERX0CwrIcTTi<2iU5-ksrNFXzz{(S&Av%`kY##)0bi^=!qT
zoZP`YA4y>2YrXP1-$r(5tHMOicCp_Jj|gKwdjA~Y83x~{?Qh!X5uUj|T$8MO<K-`i
zdJA5W%2w%Q-NWN-LZT9wM?_|eRq=N`2l#TPuWY@6?K$Gw+&4s(Ya&|W7(BaxoQkjW
z!#Kufn-Q*9pGNJN4kW)4Kr%M7ogdFDa8?yKe_(x9m3%+*@M_E!smmM2yza<U9bUDd
z;3Z5g>iCDoR^Z_P&h~G+JNw@NCcORqLoKNlmXXVWjBL7yUb(StUwqXWUAnk!U;ol}
z;ZeWXR=V&j|HdP=*RF5dmtWsbE`sfoFKpWrkAdIw8vG2-IEBCd=63R>SGVo%-EF({
z=yu^7KgOiC?W<SteN{PCWz;`BRKb`na2LMmlj7Ia{w`i@f9nf}5NZTN9OSw^c4^xl
zzr0;|?#XR?q;4uIzbXq828cPA^sAs^l1@3RQwO@S6)wLqwUWzN6{-3$9NE+Iiv;80
z&$+?Kn+M6l2WS3zA%utV#F=;CYmEHF({|mKWOkij<2ruu&ZOgFp5nt%GWlgf9~7y2
zjXJAfoLjA<x;W@G&43kQQPi@IrIH?pI<Lt`Rq9?KDA<EVb@tgTP4BbzgqPQ!{+(7j
z<X24db-y=?qSPUrm7n78OjBNOUj6KL^V;Wd3SHiw`pCC#7cV_EoD);=GXQ@jaO2hA
z+-|-370vUR7ymI}aV|1mTJ{rELyMlyLo2E8a&(6TwAX&6UhedsTJkDfu8ZwKI|p@W
zH0xIS*1<{dfN>z(sbjC>7bptFj}Bo5nUMam0m{}_r}FahQC9&d*a}kGGEaVX@%dhq
z!6lfzEC1O?jvs`>{U^10R4t~dul7_f4#PiwmZPS6nSi_WSp0Piz1H&~{lf!N;aj2u
zzW?Km*L%DC<BvVFJ#`VUzqL_Llf?bX&8yqhJGVi4Vf)t0Pi-H46tA6y%l6yLUqY-K
zCwPsA-?NDGZI3-$ldT#BpOR^;YFM+k$8V97|Du2AgMIkZ#?c>0)*flJ{;bB~IRp95
zt28qtA?Vnx>$G3Fu#dH2Y!eDTZtnPM&3bvy=N)pRfblO>Z9wxL;rE#Z=i=w<3A+8V
z%Y|85t<=IBG-VPl=?ic#uz0~Y)_dji2?K|M@7Q35hRRt^`3>H<)$7}GA`U?K7CFqL
zSBb3mb-CY}<}>HTR5?Z~_>isG&A%#BkHeOA@VYdxc#FT(^kEyaD?%+2#h5;&&i!`p
zr_PWpGf#~R*!y+I7hbIoAkB+}6t?o~Fxf|^@XGAabzBK@KRB0taSt!^Jj0fKeh_z=
zk4x>am3IT6g=#LJ{DNO3Eqgr14}}-|;3+=EFCM8>C(h0r<nVe_c{JX6l=}l+&#u0O
z*SuRdwzuxQx!u77YqrNOKE7SL_}KQ;qfc*-UwXnk+%x-itBsv?f9<W;w(Gb2^Dwji
z#8aO_T^>0dUwPj}!e6}hnapzg$m1_=k3WjI%BHJbJW$s8BB`Nw0P|pb<>ptmo44Ok
z{|VgRKmQnh&PPifuikuZyLRh}*854^8$5UU1;yg|QH~ZFM(zU7>&4K16O<`<taK(h
zCw`yn74bzCi2_(#vad_!J6?Z);1}J?=FSce2Xc?B63KF0hl`~4V-R^>(5F!*tYGJd
z^9r0@1<oH>pIt3KI85^eiB}=Dy6W+=mMa_eQQOH!UBOEsuGxtG0X~Y75<HZzdwmqW
z(!zxn4{z_@e9N|*5U*X^wvRsBFAn>3>3D*N!`l~L*-mcxh56(wSGGsK{>4r!{7EAZ
zVD7&B+P1xcSa7(22gkO<N}ijyoPz@3!2C3Kb%t&3kq7_8gX2j!tZ<!XfA+6qlCYoP
zAwB2$$cxY6K6C)WXD0$^JEa}X&;B}2(5VZudWjU?+|<l1_-HK)R}7j*;a0!O8cJ`!
z!M^yleazDKkza0J!Z4(g$UXcni+LvR@4n`%I=M30jdg2>dFw=~`E%R4Ledf^J9YMJ
zd#$}$%MSzHu%Tq$)zpim>zw^*wz6v}%w)UI3s!z?vDk?Lzc$9mi@r4U&Ahy*LL`#Z
zO;qP~=jL|j*7fbqc7410@-J`Ce&RcEPmPCQA{vL~oz_q@zq@zd*lq*Mb{9AI{<RTe
zC=3}!UQm@@l>l0rI@08bMv*`Ek~L4S7s=d?<u$H13K>tw4^Z(cKZdBg*~FC_^f_;m
z=&&cR5RUxm>sb!T88NTqZ*<u);CfMK`^YOVJ9$S>;=5k(D~F|SitoJQm$=FH{V!8N
z&Lp$n_fMPUJMk~hIXqR%*lSG{BdKBF)h|blW1sxX%nJp(z3%0I9S@zQhwaYBhsm{X
zWXCEmW8xk6jk|ZYYj<yJf89X;qs4cc|Ft`}wlCklDSyVh4(#v754%r2a<Su6AAV*#
z#++B}R9<uFhi~^hia$qe?O$Gd{~2unYsOx&Hh>*8Cl)Kl_SZcEA?2_08{_EfGUN09
zy{bq0nzas`>{&HU7-W&;O^{mO(sa4w()F~1FH7N>B>k6m4}O|<fqcEobuZYNFuF+C
ziicZK+aQuKx#3U?pX;S%JH(NS(TGickQ$PTYRR1O(m?APl7JevS@X-k@VB?;pTjSO
z(7yPkm$&cw-tV6s<;{S^_<V7e|NIaAGuwai6aTJo#}3!7-Pk_&g)eTu@teQ3{guD=
zUv0ngYrj5t1sM7L<X`#^w;%YY|CqGD{{Q}i?T`P!zpPvpRc<)&i}OaS)4Qd$IS$@Y
zsMw6v>mJ<l`ln!YA#{iu-kVQOb>4FU<c-5Di^$~n<DY@y4MBK|Bio>f)$vL(1Fe)c
z;2yvrXWMG#Aa$?Vm-)!tCU$1C2Ey-WmV6-vfPl>Xu5sZW^B;jGd?_0rQ#%7+=VfoW
zHGn)T4e!CEtNjVfJ@AbK%k8^wZ7<*W5*}3h=SrW~@W90Qu=nQeH@9neu=~{IXSWv~
z|0wQtcdvusAYU3EI$wG76}&<Z?e$yNwx=&WV;4+%j-Rw?r2ehD{5jelUwz}t+wXej
z8+1+S>rJe1kylBm)u>~8<Mxg18XlbM{6oykc<}B8i#XYC<KF$&owvku>&|82g4dw(
zNIsT@=XnNau0I?5v-BuO8plkH3m!Iq$+>6}st9Jh?=Ny6p%L*#pX-xSCt8H3;}a-u
z;i<qQehiRi^Exj0IowKcK02?!nN;BXf%Tb`@dHMZtFSJzoLjESHBa8eP#2l2qpo^1
zm4Ass<=R#_Q`i=Ma#B;{5(Z*WuMoau(ha)D@Q?`)t@W^%@vpqGUBE+JwaTykllB`o
zx4XCTkU9LX<KffSy$Cue^yP_+X+U`gKP2;EF&hofK4t$J`UgPZV7qV`@AN*_Dt^i(
ze)>}Z%5KczGTupjas0Qe4f&qD#dnI87azL6jCY8mCKo>byp?=W;g?=qpo(w3#H4=x
z>Z$|?EyrDc2kYx7Scmd&d<-S^>a9d}hQtYeXRbW+j_XcKH5$I!1{^k>e}IVxZ}w>7
znk=#)=10}BKWsPE$`ZB@fW#zKi9R1{PQ8v@N>zvtbEIK$)Lh49->PzD&h{<;-WH-!
zg)4rsE&GhgvGN^k*}q0t{*_nr7i!%P=2QO63&Unlh|Wu1+Z{ZBzVXWcvpxONw>v@F
z*+_+dyfssP(bG^ZxyT-MlpWvBR>MgNQ#yX=3@<yC{sPz*`m1Tk!!EDHEjRH?M__T#
z#&xfuL?3p3!_AC}Pv!6vRQiOV#(8C$9n37AH{1+E<wQbbcihv^D<E6PQMJS7bci^}
zYw)%62ff2$rcRtIOK{I|`N!|R@-+XU?`2?I<g<>mOsDzBe!Aqe#&QpSrq1SgV~<FW
zgZ3Gv@)Cvp>qx)P;Rp2WN8zCRJl=KodoJSjUVg#t_+eY^<=pyMhhIE~#Tt+I+ITnN
zQ0!e#8%O^x%f7r+oYTh9Kd`K+)Bj8x_b3Q?)l%z(FoH_^MO|+k-%l<E;~GBrsM7ri
zI=LQF&MkZ`N5FC`;>zzBANQ>If$*aQC~BkUm$<#JLznqR_Pp&-r-?2f)Z}%r-yl(W
zHg9KZeBPPYuQ$7S)BOj3;QO|Zz4T%sx9uCg{!`oc{^9T1e&*+Xp>;W9!Wa4MGtX?7
zFZ)5$<lNmCUbwuy@WS)kxBtH1yZsAzxcztk-Y;!G`s06o`}Ai&Z=Y$t%pqLA>ysac
zeLBBWua;|NT$g!$;Yi=!r~x``*Q?ZC9|07Xl~$`TW4)0R+&ErZh9$$-`zd?@&FMo|
zcM(H&f&~bF4^7bgW8)p2_qY$=nUl{MNv#-j-PLDW=317y07P-@+|=0t4yRZ1-<@B=
z>QDtM9^s*)bbCO&vh{j<-GSEp3a`AmCyKbj_6u0>kb+fo-QSZC|5NzO*T1mc(nDf%
zU%YT}yZq>5dLzb7KEzhL(C?Uj@yU<pvI2>?;PKB3_Iv|x<mmGOD#pF~)|KsPJn&BI
zG?RbxWDV?b`{XtrI$znIxtyQp%`osao(oJP#;?8kRdmX;_p`^#kohAI{_Jl(M!>T_
zpLcU)`)TS@=X?V~F$dm0<9t05pNQH=jb}d4o6UJx0WH63f17Q>7f=6Ot8B<qp0ywM
z_>OcxeDUP^yQGa+;qmK(6z7NY3Y=*L&L3ExX*oY&WPBm;m2#O_U6y@)!sRetaq1T=
z7<j3S{Xn*zmsGxNK;oi$9A9yeQ}ghJg*bjZ#+UfpRK&WD{{nOepTUKPy-c4k29n7G
zy1RTp&DKQdUd2a?Jo_Z#TOGS!xS+iH<_dV`@#%$)CXylEGf&{I`z7@&fwoyWj)qh~
z!-tU^mvMTgfUxLg=URO%$(#61G@*ER`1TCu{{(N`sh9xd>|q6{JQb+zWutQHx;{|M
zx*0eZR{Hr+xQ<U7i57(c3%>`es&|C_i)kJ#{)poj>5|AZ_95NV5r=8iv>&97D!@rD
z8@yISdaR3z;7X(-TCJ#5kZJv(pGH+K@(@4^!=?7n4Rz@4Mbj=Xfz2R3LfuBM7ZrxA
zw|wMMezQ>D8S|#HOv>fvjW2H(uY7uY{F$$>IGhK%mDl7AH4R2<s--EQOpZdgipQA>
zV%(@ps2U*}UIq2Fs$nA!W?T9>F9CS~l-EUeoL?y&ngdPCTJuS%L*-{<(#ME=JepHC
z*-laV929i~o#Mlz@>0&Ki!zjc!D~=?iI9qsm*`vHokGoXmg)n1a7~s8)|#*?YWE#;
zHLzPk75|5pgNIZ(olln!=g*Ba@<hM(Somvu)UHPY(<af>h^LN{h0%eX(Qd=`>9=qn
zu(S)?XQ2Bg{Fi9_r{=|SJ~&c=Ivu;b_ZjDQ<zeNK$ZubjJux$60+8(1G$6T;s5mf8
zdy0F^h?c~l3F~ej&2Qe^ueMPgd(4@H=Rne5?l_dBkMCnM4;kXPN}8sYp(GCdI-U8$
zm$p$Kjweko>_nO_-2SZ}{o#yS{<%N%BiqmX?08`9YO3-myQM<-(75Z@aqd<km+^*=
zOPBDbkEwm<cl`eCr~lUfxP9Aq{L$??e@-Aie3Ku$n!_}W@V4yObP|)LhUT@l@-82x
z2Xod#AS0`5zSb9?A9`_*q|)%94Z~%9GxiK%_G&brIsi70`FfwyUc8GuP@A{;m1j9E
zKqr)NkqmRz&1>fQEZoy{NBlMa6-7WXlw5`!VE?=BmP@>O{=tWUjt_$`;+*H57doP$
zbZ1((1I2)K_>=9`o3Hf4YJO(*OHX`!<40$NkpFw|+FMt*SKoYDSv<=J#|T#Gm-M*O
z+^*oGMQBfBpC2>w7Jd<|cR6FcW>@&)HMTsU<Adj?9(@WQ-G?`U*|@`(T17DVHN2zy
z7T!7Dk=h0VZ%3cT<V##i@jFQR%lQU(HrjIjj(uZXWm8=CwQlm9@s&?-kvlf13l9Tr
zgN+GM5rZXFY?eF*zg~~p=|S<};flq*0*J;3$Db7E-SY~ZSq07?Sf5!bKY&DfD#Cg3
zVux1OJzlKT)bXR{(v;f%ffqU~xY(Is*vr2>`Zs_D<Ry|hv~0W`9>Kev@8a{QyYb=j
z^Lz(%;VNNyLv`U*{uWr2hS2c(4SX&%UaZlaAC$o%(G&dlLgpa*Q}|r1i{o9?oQK|F
zO;!x-Mfd7O3XOw;)6NcjD9I7Kwa^7W8Sp?{A4l?=U%*G3;9cKrc*ppKC;7m-{Pp5C
zh8;%{7^otZd&eOcnqH9EX*%D|QpLs>ahWPVh6|PL^heDwFY05rcHnFFlf7_AKsaEH
zcf5fwecKC%`N_ZXYk%aq@M(h3D30@F-s>!^`9K|61U5)jr0Nj0ibOlNBbC}F@XS7?
zjjh+;L*sEIPG;BJR_Mfo5sb8WU)W!Ob}T#Bg$Xo{tZwWnZ4RX#w&a!l)(8UV>@U!A
zP6cnCZM*T>Z)}$ydv3dk8*|Oy1d}7XiC2;$&OLvV##0--;<S!1rL}0xUg;8|;8XqW
zU6>h4B<n`m`s$F6O(yCpK<hoL4l6yKOC#L093nHHgH_z(JN}v4MIsn;Kr8<xWemoC
zDZc>)h`Elu#3S9{^KuYdes=oM9II+QUyp}&^yuQXZ)a&%ef;k&2hTnIVD$Qye~-PB
zkWR0^crwPKW;-f78nX?u%*z-K9HTW)4Vq_%d-)b#M~n9(k6yxOdE&n}<6}f9zk>fd
z{Bi!b;wf(8Kd@9bI3(_aj^kJIVd1CwM}KzGYntnC^P*-;*-jfrf2th(yOO-KVXog{
z>BOO6F7^76>yBR!Z4(4Ov#hHjmbvmhC`kF&Mp$`)=?h@|)&RQyf{JM|b)^?q%53nG
z;mb6gl^l)g{6H37SVkE<6FsbUL5zbhTZtieeEs@o_vZcB$6wrj@3(w&X@~eHe*d>`
z&ph+gcJ-RySTf$x=lt^X!H8_^H-FprsG|oe$mS9J&6n^0zCX78`~Tjb-(LKvKfm^g
zCm!Ga+rR!-wjcVJ{#8tH&o^>Vje25LiKVVneWrErdNfdksdsCull7RG;18n~7TpRv
z*4s>6jUu+lu%&^$uS7KX#(Egg`xLy?uq<jVkMk|%5U_B`ujG669oDYT*hQIc_Qj~b
zeQG&iu6isobBEmR|9LrG*Zbi2^@Dq#=c;qzE5V%K1D2Us_WByu*Rwb9U^g>+>4}eR
zPx4_kTW!oo@NVnp9)Es&3V$==4&H@*8J}q_^UMR^{5;QhYV%`668&l1M_;Q4*w^rx
z)-OC-c(EW%UBE0kb~ZV3-|$?19Utw%&$AA3_*)ha&zlo`7|H8;ceOHgq?%9WwG5d*
zP~#oeb^3ukKj-%Omb@!)^8oMUEZ_ZiSl6^F9~F+psr}eLcPFdee$4eV^$RZY0H4B_
z9M|InNFp_V<q_SvJg>mnRbcwefwLn$XZnCufY%{4bkye|%IHcJwE;fz1%-_=eQSIS
zhEn}mG3jLIi_+Ro_(ur&09pJHe77{b>=$YC#y^~x2fg@1i)kl#*YycM_5&P8as1<s
z)lQzpyQtBIr$+)do_4pE?BLtDfsVc0CCat>g;4F##~+tGdD<`jbU1m_pTi|H$5Vvx
zNLR6kPU$cuf6Fe$;t12;zT!9%$1-<n?ANmSqc_fY8;3@4@gCxb*W9DCqwZySP5EUX
z2CrxVJM;(o$a!<Rey6c|9QB;Jm#j^NsEEC=g|K?|jy<wzD=NADk3sBZpY-RvqLXi>
z;Aq6as$>(tbh3;-{YE4+7L_dYWV`zE|Ao(}zB$#!NErc8tPBe2_)<0(BiL6x8>vHY
z)V2oJa!@^D6L-oIN^<&N?1GuJ7~(N<g`t{k;tmT9?7LC=JGzW$fDS`y*etDB^D0Xm
z<?DDllB9I%s6WT0J>T?jE{e?@sA@Y#)KN@YjpV3<5FhNrJp1%H<Mbm_g^Xu;HvVLs
z<JRg)tF@YQg7f09^>t3tXWY^>&C~kY7t44sGl)DEJJY0=#*^(c`~yw$+qO^Q;q)i)
zU!!CH+*@zZ)Z^&mKgQ+*-QutFqm<;yxX&B<>pOTzD6Cukshss5m%nnH{FUJ3-(v@4
zE>>k+k_L9;-|}91dhd9`e<u3DPueqUoGV+TaxKNIE2pSt$$q{UxSVj<ODm?Ja?rSY
z)zMnhg0WSogE~Ww=mk392SGJs%|}&HNj9&1wVDS#Ddxj2<jhCXutZvOvi;kC_D7oK
z%9X3zjT?N|GoHKPNzjk~oBvuRRxVSFnWwB0*4vT&JGh_!pZ@2+wSC(k{HL}reHniw
zx!QOAp+B%a`}ETug*V1YCeC1_5n3pui=@_0EhidbJT51p+4pzXT;`eu`m#zl@r$UG
z&SJ-3K-%Qye5aw*H07I=a&5VeY=lngl9S7<4i|O#X3y>=HDPE{G=k2mk+!%PZHcRK
z93tUNr|Fwrj-{%B1T<l^b#kn3i&OBlyP0wDKwB!7W&WnYr7BVp9O7G3ZsMRXI(t0d
zJ?)PIG3p7ti@EVhrFbsl{}$<C^&oVD#ZAG+kN#jI&y)DfYJLnzIQd5%Pw>lMHSv^%
zxlxHjd@1KX-?csG>d6q`Z}}F_m7A~kAB|M3<xs4|b-=0(@uen2eS2}ZYsI51M{SL<
zt?_YP7^0-C`BO@b1HWwQJQRu?@e!W}Wg0xfm#;m7i;VUZ{NyH&**%I$I`R~svCrFi
z1>S`UoIkLB7mE6Uqs*`3_$x*BCDqyWW23Ap#Gk|9BIy)P^$T~PTVv5ITybjr5&U+z
za2KxDjc@V$eFHcGcY=3PD>sII34fgNsqx@<!^dsVN$(J(3?A=bKDm>t_O?BOj}DQ^
z2OgP_u*P#J^pIASn|+&K3}%so*+^l3*wrnCejAL3)`3w?51AFm{ruKgHrcC3e>e+A
zImJsH+v!u713WqEo3_M_Brf0L=Xm64?4+Cc={V;Hc=21>&e--VR*&haydsUphyd{z
zFDGHzLrxrhNSaFEHDFCtI8Hs?*i{Y<)RQlL&<GQ>>K>lx=+@LdV2A=r@E|%LW*xw_
zYWAU@>;<7+x<x4+)oe%Y)XR#S>*v3zdi+?wx3=qF{WaqW^q1`fl&(l^Z=KC_&i<tX
z`w9lhZaCc^Hu)MXzxYxWkh#o5D)SC0JBNxTkHsgsfMLl?JVm4Ym=@u465^a<p)2zE
zm7UzOSX6ur_$8m%t&_V|=rS+T(pGjkRH#zhNl}L13@H<g?0pE^1J1kMs?*~t*{S25
zfBYcTJs6kbRQrf$eC?vi-}=2@;+^6T_u#y*GR{8p_$odx^9ugJBAw~~@k@_wpTxJu
zP<$2d9(w~n<Y#<8ne7|D)5g)CndE#qhkT#aI6RP=)7u)KvPR5x;tl`3B;C)f9mFq%
zipVG&Geb+yqUHjfEt8}hz3r}!;qak>n2Ar`85f^@;wumHiPt>7mcj;X_*yPmnTN;0
zOI&G`tjE+fuksYaI^||(L<}1p#2cBZ3`tV+L^8$?egF440UZCApZeeMF(7}Z$A9uq
z{BsLN+>ApWB}rE*MsrR)?*75;hyRT~GaS+T-aqnB78eF9jr|y>43_4U7V-73e3TA#
z9P2<?G?H?3pp3=M0dae2p72?k)4Yx)tip)Y{NydZNDm8x0msWXk<^uBkNuW3?s+Ey
zn<svHPkdxEL-E3>o`8&VMomEy!`V9z>l~Gdxi=)@+tD^BYZcx3uceLDm4!n6Ncyrb
zjO2{B?}DdFfU+%E@)W)#eY0m2r0@)Do7fzmnmt})dRHLG+xSz)jkjgRPdqdzKBSz0
z<ePZ;Zfe=!`wSjdKZalW@?${A%kLZbLx_~Z1UqqgPWC1C*-QBOys&=Pw5yhw;Yluc
z@$Tx^-g=c06yxw+*?YVkL4znu9vpIxB~3?X>2OrvvT6aH^Ph0RoBnis&GIxn&CI2x
zI;5k4UpBTZo$`;5U5ZBzE1vUh9&;}EgcDEU?O<H+k@P=r=M^~P3Y<T%KI4LZpy~3=
zmcRa6eg#Mab)0?urcnK;Yv5lY0!m-%ENx|<_{k(Y)im%}Qo<whaCm{A<6P|opJB~E
zkSL4n!9l);{|4nDURCi<>G~KDLQh`jf02T${DQw*55Q@=@c1RX!x^8X0}k8OC91y-
zcV5XaR&w+^r^rzGm3MIz8)H-)<LxC3-YK4te1|zLiBajVamqt};zcjAGf&*fHsvQQ
zd4#Ln*l#>NsHe~LEqmFH;%OWI7{GXQ0dC%swkM9Q1MP%}Cy2rx@q;Y>mQ*PMeLh@G
zbyJ;OL02M0gO0UANo=j2YMcJBxz^>W!RX7o4uu@7jKS|(gF=zG^{pdH{xYxm9mF&v
z)xxV2rbzs4Q~X!Rr#|}oD*CqFy7?+T9^|(w&hTSTQ6<uk9g=y$L(!@)tNLYU4$4MM
z>QR;Xn?b0GZ@+<&^YG^|QHw_zBqps2z_8V?3_7M0=)B}-_m1N%oR@hVw=}|r-?|(b
z);TlHj#+uhEBSR^#a%f1P-87Q_-(CqWv7ld{i9^_QQZ&4p=zOdKR}-an|)Q+Nq3L2
zRv`ATp;W#P8V_^pJb~c`(Lc&*{8_$(T4TJs8V{=ZfnS&Kqu9qT;<dGWKX;4oz&0+r
z52M`IU>S2S%{98mSbnh|m0anuX0!j9p2`eC!j{#k{a^z<sMqdMpBn0HnIzq4DJe`T
zs1rsVI><0&@yUm-9Mg@xmZgJ2x{~%a-;|A5%rN-WqbnLY7{FYVi8)I$`X8P7PgqKI
zhn)Fj7O_!wKiPip`~Ud%<dgoNisbo;zxbE8|KKnDr{d({`RAY8{_uByC)|sdG3uN7
zsqaH$oRf1~j&T3QzyHgcSDe55JHJC5$u;_x3c-MtH)1tEK>AlcN{2d*b)Ynpr5wfN
zlxZB_!jMtUgGW?2SejEV@+CiP6m@J)IWeYVSeS=8j+bvTP*;*Y_FK|O%`7JZt0#VX
z)4iqnc%+U-^#r8ij9LYB4991{#I=-D$9Eo#FGuHQmoZ&>hljQuBcY8iU+RRBybqpm
zlSrm42Y4uKqh!zuLilNTS_&6Q5<Z-~^ay{BHP5SWyxg4BuvG-Ps81dlDn7A=f8(ud
z==y&sKLXyz9(_W-d6zYDSMbpu!JD-3#p5|uT<D&C{Dscp`t9r6oA@74jjuf9U3mSW
zMdgDxq2L|k`pj$r%qa*DW+^dpP<-G`H%TJG;{?Pqc&MzJNYa18R|ta4Q)HC~JP+{`
z56!|wN+C9erKj<cr6Wc*O1qSlK^Q{p!=s&YjI>X=ONqlI7d!%)hxwhi^9r181<oH>
zpKU!q*lhgm8k>Hz#^18lH(vZO@R%=!HEgvyg_9`X!qeS&%i#T+Pg+daGB~NN#RqL|
z7apnY4ExD7e3n-Hg6Bi*ySUOaJU`<af0*&YbK|C&pJUCxoZPtJ`EejlQV+PP7KiLH
zl@bQx{Y}5hnlU*&wAk9OF!rz)QKA>F`qYtte`xV0{^%lYn8PD@=q@gD^B?v4o^Z-T
zR{L@sALS%E@t>Aop$D$wFePy*x(7Ws8k7^!>M2mEg^S%*lM+v(Wbs3Y!+I;lQ~U!@
zDDjjAwVz0e7s`Dcnm=?+bz&_rbJoOFcJZeAvCE>yPaP?Zklqwk_!@|_RPZkd$<VCe
zI`o=#e4FJW4k6o5ZdSQl#932vD<_AjzH^PikPF*mPvZ~HJo9zRh=(_>{KM@QJ_|2g
z<SC>lK%l<GAe(#%wljMPGwgFhw9Ba=6Q3;bjXNC^Ngc(oJ$cQ(<*fWu*Euh9kTWqD
zpn{0V$yFHJm@9#kU%D~PHu@SLUc<#w#E!qS*N~w|K-W4DO4>1`eO68w>t#GYJVXWd
zbvtbw{X<DOFaFEegQNENO-6Mm{n0VzJ@j_wSlf>^!GNDp{aO4`sQ7&fpS5ZGh3!+9
z&@cbb;DPmBd_H5w2a<ac%GR@g&+!BLhbR0!F8+to8?3yFhY5R}bIs%EX{3FOV?UxV
zr}nQJpFXa9;&)$}r0IA@jg+KnnR%6h$@c_c%N!M6Bk9N?>kJbwv@*`JyeD2~VLmen
zENsCU8DsP8r7*?k*CKKe!8W8^s3}!J90$7QC7NSNbFIAAnOcsDGxO0V%q*e&u^;(i
zCZ+Zdf9EsX=Rg0Y?Kghox3@2S>E)>Lks&|I$V_1Q4xg3nUcQy5M#-6;BpK~4AFe4U
z=vI@RXp=**=F$ig)W4R{vM)XX)fZgc))C7uAK3AC*OUa%g=dwpz$};Yi7%y_@oRAM
z87M3c9!4519ixj1HW8MT(j4+Oft}H}d6LCL4!JU4_DfPJjerVtHiru6e3YpUipKOi
zgAw0(FuWWfpmDN85*Ive2RswLd__l$z6&32`H+awE!lUouNZ|T$35^2&>TWJZ)%B`
z+~LJ{VSD`2lj5cq-~IfBYoFb&>vOI7G;**mJTj2a$z|_ey~U3Mv5tS75gr_EPhWak
zlKorws6Bo&vEbRyx49}V^pD~*v_FD}*2MCg52PuDFDVOrZ=KxQ_&M3;+JO6L`^uHD
z`ex5OWvLvJlZVWaboN!B_yS6prIa-%atF6aMjiMm0V0%{=U;egcX+xbz93SNxA2j0
z(m(q1UvMpDFj@J~iT?^=Tt@9<hzV;lZ7Y29z<%D&D{#gYIDcS$#s&RQ(fM@^Q`WEB
zCRtTz`@Sk=(69Ysi*sbr#Vi>cCB8K*9k0sIjdxk=;d7bt8$W(db%E?lJKrrmeJscc
z-c8;9%<rw+_>5>g98MU#E4#Y&+tN0f`xgB98QS<hxq^3OQSu$y=u48n2wIX+Iv#91
zxrxuEegl8$n4eFL?+v)SuUy?u{sI2j;+J289~xgA{*jMuCwOR0(n3lOCNnaY?UeaP
z660bIZk6y6e&F1jIAx#4#Y`T>sQesl^^=DkE62g!{)>H&hnMW}R>X>|@T2C^24DWn
z%>-rr@CjCeC6LrAxTi|6KIr({{dl@kvwhSy*!YIAmda4EmPf~tN7*4TG<F<q9DeNi
zdyay>T&T0%OdJgF=$?4~o3}?F8=t#(?JK{!-NB7Kee;iTMahnuN2`5!IKCq!3(1Z@
zSgf*_qg0>qK{+B3!x8QI=TR(_Y<j0h`y{U>D@!pch<S~so*dy3BQ^eJUSp)bY*d!T
zc@IBY*nGYvcLA((x46iHe+pvXLfa1g(56Qv`?Jlc57*HZ7<0}zGM0=Z-(@|+s8u{K
z?$BxNk_)82Bn_htt@X9;!R__gA=2}3=>MhL_#wLVPh5Cpd;a41A5<T`cxk)Ddkffa
z<003}xBT}a;y)x^cKjMcuY3`Avb#I{b)HWCV{F{wk3sCw_n7mQ-T7cN`D&!O%>Hmt
zj?%HGaU^R!;o5$hKDfPn5PyVvG=29!)$jj*Qpr4(kc<=ALW7QZj#4CXDisnEBFdI^
zjuYAI6e08QvNN;CagKfLJu?oDJ<q}6;Eb=&`*!>O1<zlu=i|B__o?X@zkf@h>~*a5
zx?rX2%hqp6HML*kYBgJi<a=$EZ?|!OIv?lj-X5F%O4r|YTbA!g477YXt)puzRQKKD
zEdi6OnOPK@xa`nofg2;Sf2OlfCUD?7S|<M3m#z8>Vhc-kO4=%6^fEAH1Q7r`IoKbr
z$whhFEh*O>6m#t-l7CDcXy9o=HD>MJ@3wLg2P<tNNmlO$<+$D?f!sm@-)6@26gk+1
zevqzc*NMAr=!9u_#qqmMujIebtDeBGR9Dg8Ty20EgRRwhIeCEIrvNstnP-jQnU0Oy
z1+NxGgC2uDA`gVRRZ5wqa!t0b-SnGIQ7;;Jq?<S|mS3S~Juh{Au2^wiS{i*Zz^UcT
zWn+CCZHQ|VA9A6~B3zSCKmLisx#|_5FB8h3m!TKP6zMe6P}=|_L`>NhQx6VCL6|~M
z#n>B>zt)G%F03HfftiQPa?_H0{e~3kdO9UU;K+N-6=z9L*+_dX!7FX+2Ju}xiW2+`
zIxTm7npr{_a&-;}nJjrS^spzBPk2jkO`8F;eYVD16>}w2;oIJOY;Zt_xU)`kUd5H5
z5Ch}YJYGqcrLOI3#)(#X?juO`Zxi>_<6MIBC_${q*vXLl{Y>VLf4A<4X|vzSBE3QV
zpSCgnf8!v2lv?VtL`Q-G_B?4h2C4^ZAcTXaP@Fg)`d9m_amoT)B5~yCBtY0Wd2dlp
z-5L|*q=?U3c>1TmBu5C~b97lWXr;cWmx+5;e+#d89p`E9S<_8<aG;Bj;EM~Wt`=Pr
z+3Vavqi5O<J98z&=$*M(^h^-C(bF@Xe@8j`g<I3y;ysI|mNf-OPsCn?&l7#j7JCV0
zUg>WK<EPWnNYy+*$KLOTgRbw&k~+U0Nh%j{ohRN4&JNXs>mmK7Y=en91~pw7E>Q}_
zizc;Ag@SDccq+SmjB;=02VIMlXGzNI>%d1#j?zfV=r_9P5~byz@madnmp^`mX5-mU
zAHAL`aDvo#$v4mfL2K#UPLpeT5g%TbDr9E|kJ*@gQIJfUh+E{Ccq$F=)jg&R8GwYQ
z+ZY30$8Ani!rrZ*4oOPSKL?8=rRi_;2s5I^(&NB0Z8*%XeZ6`(9%D1qsD4%naM>W+
zm7K0znEd){&ZPRnc!u=oT8d??f}1=x;N{J!LG&-<2dbUUS2GP)shy@xrU^ePI%d(M
z8L9?aN^6&7zp^-AoQI{GFpVa<uclT1Ipd&M%_4-`ak#<rA-o(Y3zy2o<_5Y=O*S3+
z^>`ZTA>n%-<Y;?jM)2OaMLVNelnaj{sQuMVzXKS9{1&7yUQ^!&M(^wZh4oO#i0J%>
zgQ`*7PP<59?w<%`H%NWQcqfdonsVcHz2Rx3nBOnk$zSX%y@C{^2!DFEhvL9Tmg_YA
z$j@?|IkLLVAnUdCbOU34mH6iAHp%O|d4|_o3jH(Y#J6HSJh_&?&_87M&WHdEjgNkZ
z9foF89*cG}StJ(f{6?_sq!`qDoE#j0=*x^b^gP9g5rOq*EdD;RqLbPna)ODp*WM2W
z71yn+ptt!*K6DggiDBo$m_(hlMeFuFkd>e6F<N{+IdSFuFgBiOjk+x)b@_pnc3CeQ
z(tE_XYC++-*BjQIWj70sK$&D+UTBQ7K~K}U`$!m1s>EI0X6-uSL+M^IHU4$BiJ|9i
z&tR53WD`MEV9p=Sn7$SniHyygYi}7tnShg+#l_z(PdFw3P;!#4GE>iR&0NMMOcrq|
zOX)IGs-$|I>(A4tfz@s%B}~Vh=kNv09VeMazY4~DXJlTCU#N}9{bNLOTv9M+P!A>x
zu;nuY^~EZtAJ^5BSO}!PW%em<idTaUNzYu;q0d&H;ICA>)(z<iMImfqpXKIr!FOsT
z5llPr@oXXEj(#3<Yr#9op0m@ljXJ@XS|FE>rU}4L>K^V3)RAnlKKuQN!r08<-AlpI
zQS5-rLAhwjwCN_fGUWh;{CBCAHjmZ!WYeA;N0cmJxnV9gFC*LNw>19T?A?9A1`gG_
zF!g)PTkX^xYxF;NEZ@GCE{Jh_nMMun!+vcE#ln*@IH$S1KwYnWz4$kmrq-@PzOFS{
zb<XV@e98=~_vL|v{uc&>!>g3wNAFKAt6!BzgS+1f65(4u3?-|{(<OncJe7!)YcBck
z>5#IhjNr{;d>m@D32MH0^&E@m8?@cH6pZiCO#RGCed)=}%LP`3SVa8D@teMiaqOI^
z=U^}N7Pa#)gU@VlSkf=(=Er4Q2)KE;1hXUno97}{jC<C!0&HN?YuO6B>D|m4V%DRL
zepQ|GT0ZZEUP>N%ShxK#*c`+i?@t+kXt6nPGa@TD7pZij5I&jDj@Zk;x2AJ-N4EL9
zgM?fB?Atn?HzG6rq~=T{dBtQHCIFfMnbV@uLjJO4N6t5wE^kuWw7+j&8xDcfGc9zl
zQ%gP%@d1y|#_KHef2OoPNP~4FmaozLqp)|Mo$F3yfv1!D^COQUI^!ui+sl(jN`T1=
zs3R7j)$Me}aL93V$!8h1&tZBTC+8w=z_m|Gt6mgTN}ODuu`TrY23<d4BrmFh9|`Zu
zBl<FS`_gKCR>lsFg{UP`i3U|r@LL2Rz>iF0g-2JWPZ<#%H#c^3X^tnYhqJpg2SAk)
zZ}n&Ij=_-(tuZDnmB1X)r{Iw21B_flUK>nM?=I)pQ=rFBvvUl@xGj1;k<L?(Nq*P%
zgw2Z0;Hl;*@cqKpFS8BmL{j5_+xkSwSI!7iTtr!7#lKFnBnDNB*Pi&|N>m;gy}V{C
zmRhHNTTJO!+vB6}!$4E&8iTe{t>(ES1=(#lTJGK2ncvG9rZ1u>B36%Y+>cV328}yY
ze(WIWKX+#Rj&|r<TR}*5{5FJ)rS}{x>r>SmQ^KpG)_y?nTQ|SmQT_LTynHS2SO;{V
z_b}g2@96F&PVv$CM)iVLyM=oS9&}zU(sRjM=W9D;mwqh%=lFz6MP66zM6T^6>`gGJ
ztnuuXZkO)=tN(-rk_xX|*<)^46U6}qpMw*64*Gwdp%W6g009aX^U?G9-2GQk-VYO!
z?!}LNhzT#LyNb!l>N)U=5)xAnp@d7PU1kj3OsIx}$@yDtlEj~0d?aj0;<er90Y9oq
zxZtDWjRdDT#KAw&*kfW_9IW1ln?XoWhCzBg4UK?8WT5YU=a%TK_!laxurtASbCF3G
z@lZ_VV{D%nM(bqvCX&@nU_5-BgcIsL530c&OUzEc{%s39xhQNh&QLZG{*T{{H(vF_
z$otG!SHyEEIV#bhETZMF7<#za+XEHBq4~wL@5H2g?i2Foz1q4HM7p%s6l9|QemTYT
z7s3?wgkokn?stE<UC_KbhaMDfWt9=V@PDDawiZlin|*Yu(VWnmM(oFPtcc#=n+oQJ
z^*7Fcx&Lksb@k1uc_AU*$dDckHG174I^sm06ID+S<5q_Bd$(vUaf7XMfJ-_kCSgEs
z2?bO-v<Hw2w{V;~k8!(xs$O-ZFdeqD%upjw*`f!_IPX_=Na6#}-46qcEJ@Ff&O-D~
z#HR(hxwBh-1%%z~pEQtvwj3A}HGKNXDt2nk6(uR-duV~jJAw>0@bz;*jWUuY*$Hmx
zyC`7Z4E*uP@zZPU;&_m~8o}}hRpxU~v)qBQaoP>O?6(x|#p24r016+|ZlT9AT2cOb
z^TbjFNUq&Cd`M5P-X-fN_(~YNq`C`9c9Jr;tb7yO1cVvQwakP@FB1NL7J%j7g8aLc
z{goF-`cEq04lZ^(=iO)mIsz=i7zbtjq1fE9?%Cx`xa&vrI+32)|1`MfEW@9ky0mCN
zW2ui`!;+%UR9X1!wrzE;APx`O9k6n3y$+};d5weVuSfaNi`}=IZ{znlD+5kma=q!J
z)kINdeTQ}qd@~$GIkHOr(MtcA|Im-$6P4k&zf`r!5RI*)8iR(qUa9`eRW8#KFW7hg
zh@+SBL02lPapRY?ow=i7!e4E!vZyB76?zpZd^3}=P)$Is^&#_5imzn)+>iY0YlZ%o
z33Md`kB6Ogs2M|LOrjfimmA-y%O6nWhWfUQ(r0-mgi$Tbs}mN@-`8*y&)a2Ro`Qos
z|7#$wW^av7QGlk-^s}=zv|i-A@Q1p-ut#*~iFw?$`xi_%V<CH15i^PUR@adfLygK{
zJ=|V{{cG@{Fn~dsF~x8);QWedUc9HCd#G#Dw%T^U*H0lNnE1lzXpuFK#L1`4DYLfV
z2Skho6EG1r8hq}Vg4R93gI76A(ftbASzpa@lx7DN7ELZCe@uVzTAbZ1(e}YFg+f_@
z_O^sml|gd?pdbNKMFBFh3g#Y4wOUa07?THh+Bkw|mW<=WuBcU`PL3?DD#(8HOH61{
zpi!aZ)0|vke46+2C#sWlO245mjVwEbIvz)$KdA0y!mM^ve&m|pg<xB=E!Iu{z6k{Q
z+SzYKL#c+*^8#f*iEP7XBH=BSj|6uM;-&%RvvDsD;_jV0rM-4y&6KiyQ>p`+yU)o1
z?sv&&oWbWmGPmBQRWA<K^G#hb|N2h!pyKevNIiG1>E1f`zYkAS#U;@J_Y`BL&|c}%
z(ptNK*==HepVquv+IMdxj(IkhB)^(Vg!3^9i0!81B(4qFsorCh4*IqkPHVZFVzt;m
z?@xRJM8TsxEjF4Y9FQmn6q>5Y*9bNXj@{yi6<5-wL>o_q%PKo{W7M$GKnL0cpT(!k
zjGIt&4Sel*Ws!W`YZQnLMbh3=lPOQG_?WkD?3X7Tm3z)hjpB}UFbktW@gl7fOQmhL
zWwt=84`bU0d&Z0pn-noCwuW-$W)M#N_9-1QY8Dm86`Yt`ZbE8I@q^32wsM=^`2P`A
zfpisB^c22bYTAqJNaFNa)}_{<x=(@1*XMU1Z5C4cyum#@9Xz-B4%S}gbibWCd@S?b
z{NnmTC+4l#g?r}fQe7bdfVd6+N;*-L?wjFQN^!aIsbAgP$b{ey6Rz=j-|J~&(Wtc*
z>p(supiCdnij`D2Jf8#@4kJV)nuJqdP$iB&F)}3ZdH-(mebqhV)eG|L$kOQz(o3j{
z#Q}v#@6{*eEhF&(h;x8>$jNI+U<iGC#e7m8#=acr8MTMn%|G7S(-Z#sv{fZ`C`|02
zp|!`|P*Bi~{mhUBd&e8$pASZ(xtb>BR|5d@3Q^Yy&Q~SD!gl0ma<&Nn#Q*-u+>;^H
zuBtk`cn-in`)g2G@>EV`lfRgpz*|ZszBM<O+<Lt?y1i9n@^jO{SAS#jWSU<LveQ2=
zY5r5Z#QF?yJwoyy4t1hU9c&vX(*C>}#~dS^`sah`qV(>YAn2}WPyH8b?Qg<4AsjEg
zrGse!fJseB$P?93GeRDFCn+xZ1E9&No#y>_B&sGAwb{|_;r8VDKLDLW>*Lf0S`;eY
zQ&Y9~1TT%4mr!%rz3vwc^{ZaYy_`a8;eT=P!%XYmdC=zLS3h4S*g>X;luR9dux)=C
z+3|RUaYK}Sg!~+|Iv6PZt6n^DX*BbNg(s2A>}%c%KqsDm3h#s1cHeXcoOiBB{fzRC
zK$JJDBR`ZQmU!v6@8Kw*Zprs8EUwb0C;ap;UAs$vALktA3DE^FY)S62;;mM%jZ6Oa
z5sVv}$+WV$N7d=ShQuW;t8-eNB<NAeM3(QA6&na$gO|&#kahhy@VNNkj@*VV!n#>G
z4DpJKu?Xjlam#m(S=>Atz2QCS^04)ire(vw#Ul8mkLUHA#((^G_u-?hEZ;x>G~74P
z8UJ)m>a~vAc=vUR?0a)Q&wDA90(RkBs1n96tu6kbl3P7ta<2R78D$s!Hg)K~s9u!a
zZi^W|^0=QFOvOSPvAja>`?}OMx;1G_o2;f1A{d)kO3B4s`{0tq>7!OjaMf^Oiv^_(
zi>0jrX>OEqMXz$5>aG&psAXiW&8^Osybj}rp{~dlu}PbV&FHJHw;a5diocKhJ6!Zj
zvG{euYqn^QCpm;_>5@L&_ANS!La!M%is+aAkqlt7^5ckCUQjF0Dr)`v%`mjB&?GVv
zmYR9b<MWS}!t-Od?YZU##&xzLnqLUEFvq^mxe8t})Xnd{f4rSPeMTF6%{=UW=7Qnt
zunC_4opC-gF$qwLN7LF5Y|!ONJO6!*l=YHS0vbba!z9QXieVuLF;diVvI3i;P`lOv
zH#`t$N+Cof$b-j(!;#;uD^lK9;uOFbjiXgV3gL&J=Y2@|@#(CoXbA8$Dj(eQ_H*xm
ziCo1zX*th7)-fkNW0&9j-2S4Vb@7UCOkx51hq-V(3VZ&Uj}F1;cD6qTR_^%AE{YGO
zF|K}BHK0VW=M^q2geUpW9UChH>5m~nt1#!&6!U`rrI;5isTi86!^eAE7wz9>e>#CZ
z2+~&=a#slH2q5z$K{$RI#<UYzSU6`tp{L#79jfIWyOD@oo9uiv{>r9^Z4>o$IvQv|
z0*Egd^->y(d_0v}79J=gz8B`jSv=l~sEt$>gEO8-yY!aO)Xe&IcEpf_OuycmFCGrR
zxsE!vgOtv0PfyBEx7K5c-ebZ2){*^LM6(k2laSy)*v%l*`SwnEALq6Vv6boxwRGlt
z#hXib%7Vk;`u=gdupfcDxbQdco0JstpI%`6mI?igl-SxJHQ5sHv)U9$44lH7ujstd
zBsckF{rBhTdZ6py59UhyuNW`82BrS2jfZ@Gvd(Hc88HBhR=C?TS>%!RpJ*t$I*Qk~
zxx=FG4VT1{nCEYS2MDQCJjw_|WS^Q*qh#jVjbnCYr^-<jt>z~Wp2GROy1EUN%Evq}
zHK`zJ%qINySQ$>4bEba<^}BEU-Z<Os*r09puxdGOBU1N?ddQ<7HFwXPUlk9}G~MrY
z^O6yok}XLy(tl5kJ-;H}ud^Fu?V8?2>Eud%yQKe5bH#kRZ|M`ywbyFBT0y<4woyJD
zSEZw)vT^<v6}X)=s}smsh9oHo&RpWwI@5??r(c{U38sl`q3-O}M0-X)kexP!Rg0U+
z&=WR<hWSs|<f>)QFSq|2I3vYKk@PHuU;`YQaYWLC-8{}*<wvdfpBqvVq&DdLPh+$8
z7CNK~^^a;frY|;DLmB3kk#~&S-*;2;T8{*uOzvn1(@Ev;$Qy#QlTzbJ=GEwEa<kim
zK~;pvd!ZpNFqg2^F@lZP0*~-$sJj`^wDBWk&Fg!HDBC5>JBgdAoJcjltG~dDQGytE
zl=oUUsi$n0d{*G2Ic5C$q3I*+{t$aN&=l=LXg{z;aG+kmvl@2S9cYb72pDNH7d2aK
z-ol7^)J>bZY+OLO?n>ZPcW%)l;g3@LKSM}-2-gz`V$Dd2wd8GmbXc#<)pmfrs0OgM
zP=I^MRijR3M!NZP=%0=z=5%vpq29&Fejl#MxFBZu${p=%AI;=62(w1|6@<e}k@tX<
z$I8t_@Z<}<0H~FqXv9-dm|R3j)#&DN^l{(Wt4i3v&o*EwA#OIBMHW|(ftVL2*cg_T
zmWyITFMzmolPyK`A8mjd8*&>RE#a&!g!S618}T9zxQBxDO0;;>y$&ci1&vxbm0`6r
zV_q~>MNO~l|FYu-$&I=DT6d=6W&4ju91_3JJ-QS*C%!BWK6mbN+qZ;sP3XnmbCH)K
z*#a2fZam@)5DicO=Y@)jnm;tr{ve~99rLFvU-eLx4>3OG3v?@XLii#aQ03h{f5(N3
z4#)oOjK6hiK!V#-9Q@qi#~?6GiOQ~ZWtXoF-##@?O|z51v_YyuL6tllNfvG6Ayldn
zJ?Z<j#`i$TlSsTTjoGIqsYykC^@~A&xJ{eD5ak!y2yq@L@jc9oey81Og-&OMRfb`r
z&sBNTay`NZuiS9G|NG&39+!KEj(pkO<PqrGvjOGT(0ljIi%o7j(AjI|>eFIEysrp;
z=!G~3eq;(NT5F8|mWq3hhM>=eHI+Bz+&nn;l9*nchkFm{-v^NL8oOW5k%GzHqq|Kb
zY(#_Fow*HOF~H0dkXb{63*l>wK*vB>(NrEnYhr73sQQ}5ML!OZA?(WWT7lPm7@^*x
z*~ywc`>X|d5Ttz49_kFlB~P?9q41Y!GZxLvuBA?-0&ODD$)>&Koax>T55StG@xiGF
zRT_21d+$|f>tz<fLQ`egE68?az&8v2=8_9dq?s+w4Y|_KU+uWxFCbg<r>=s&QVhqf
zHiv7hLiDet%70z0a{e!BYQAPe0>W%_UG2GyJ@;oj)mFq_c7hCtnaq}o2~kIu=eH{9
zlTE>V61bwyJm_!iW-`R646sMZcrg(4A6A%aUT8BMknA2k%_mt2?ED!_`ZdmL^s`Ir
zE*0tVnCk_hm5=%JJ-R87HZh!wAbP6PcKd125p_5_<JPV$mWcSrcU`#I(E)nGToKL|
zeS3<3WfHRax5!jQubaXtnxj8I7!rMHOpl~t5EV>MIQn26vyLVOb)G$5c0&B&xAs<f
z`uo~=#X*b7*N57Ws2{(bUW{=`XUpl##Jk;W<axTztPpWE#d9=B1aO-Nsm0@k@|f&0
zPcmq!RDjd)&;59@*|e_V>WV^aB&e`{#XS)pYrzjGv~Okn!fdz5M$oX4(5HCf`%4>1
z1pBV1fe>WzJ-@rj79vA_36qshBY3VA{-c?u9GGF_<|9)`>A(o~q~rB0=Po!dWq#w>
z<mAF#%ez8pS(l#6*M`LVTE^{)bKdr($TQ6?eRCfjY`+I<;C#hf)rdQj!W`MP<lg6%
zn!6nm>ivM(#r{VrvLmybiw({A`}j101j&$^Ev4UVZ&>I7Ez(!9R0VZfCxm9Zbsh|l
zVFVn_WA}FI?biG3kDo3lE2LBsYTQ3<>{-L1eBzo45~7&Q>+ayI9~N0d5@C*jmuzFy
z3sR;lm9APz2X}M&Hi!};MY1y0w-dH$9LPWu9`0Lf8T!Ya;Q<40;9|eBr{Cf8)@mP`
zPknm>j(RhRmP&la_A>F=V()O(gU|bhL9&<^GLQMvOkp8%EbcX2g$0E=U(8tINWrUU
z^$<y|W#*_RTguWJ8dC&{oBs{NL}8DJmsgdM*k(w2M@wMxG|$&Ww>(P2xP{jV3o+*&
zeaSWQ*B8B@CJ^8N5?yj;-Y9~47d+bQj@|FY#trTck7E5S!@3(=aiRx^xx5Y4&l&l#
z3Sy?R@}iedt27e82Qxu&d@yzKw3di0$+>ziS%-jEs;5OFwUd)s0NkC8m>I!70ipX<
z9y5v?d@O3BfT-|a-AzSND+YB&J35RP{)cA%IDxU9dUwEFInP}0Lme^CJNL_nk3g+@
zmlY;v-eT{7jo**=<$>btq@w|u>wKpo;klDMT7HKlj715NIVCV)ilT{qvrTD2fR#`6
z_5FzTK!ndNi+z6qY?JJ*ccqE3uI)zf#WWyQP^e1LOZL5BQ?_1Kd;U$KK<IZ1Pf>wB
zSWBu7v7jg(>R<H8K~FR_H{u_iIG9?d-LaUEPPorGcISvSPTp;HxG;e&{Wd?(zx@IR
zJ=tmv=LlekGI=~ot5WNmOXfWLPk8#(3lp%xI9sW)`YWgL1h<m4I1E>D!Sdz44OPCk
z-4D~cXR>OGd!erdKUzvXS;(C6c&dhsg5Cok+r01Y<|``hZnrG1z|GjZpP@{sp%BOW
z0BU@034H<T5C_{Ufb@q>Jpj|sap*x@D)T=>&Btj`<SVL@JLgshAQhKiQY@@*MJ+G%
zbZFF0Kvy`NgTGY0Qy`WWxQR3G1@wIy_#G%w^152HP1*1H^|<v*IITYIj%f7#IJj3Z
zL@ssv&S&*1HIaKmvT~u>0{fYyG#O{prh?^7Tlw)@J%S@UzxWW>>PtElX#KFo%;ly4
zDuPrg1R;farp+!xl>R{W-AsH{8UYq-JTx5<PliR4WVs(dLj5lVPs{Izz+b{{aLks$
zVTTe_#!3mJY=J5Y);~}}i_oR1FAH2E+_1`57v_A60SsX>!UnNdf|p&|I8meSB8uFr
zCdi040ZE%yh#5cHMZYF3*&oxod8p7d4jawJ)-6fOm|I)oz`~sz*vvTG;vLKltM@H6
zp{GHk>iyx-?eN90Y(JGhrSJM*T)XmW0e_iaa|hodfa>O9Kl|f{DtQn7weI#55lZ7`
ztO_q_R5FMV8Via(f}(o{dLM9)3D0uwoO(_7Qcm17cINh<A(>nXH%7J2+?$OpQ8Z+{
z=y}T0)TzTa${wYp!2GIlSI&F)OI$o-VT0<^{?Ux{=d|rnQ63+Ciq%8#b;w`~;H+z@
z`pKOQFnepi0@3C-pZZ5L^LEg19HltH&4yBptc>nw;-J^a-$!e6{<oC(V(axU(F!*+
zX;j<2BI4$r6wKf|lu2#6NfO0e5_YGl2WO*xk3(@Yx_tTKT`#{Voup%Vd;Z2fX0H~?
zFc5cWM3}&tS!`fW_KmRAQ#W$LkwP|wHg3^0j)ZZ+%rEZG(AEgxelUjE2T+Hfclvc0
zr%;J%26|8zal|^X&f!W^xh4$=zISRuMn1d~@Lyj2!pmF`cBwm7BnI~+qqEUNsG#0!
zb>~d~Jddv933zV*SK{aYbQA6iCF)4t{*-dk`JdDE*#55sW}yOt4~66Pm{m#aEj8S7
zE$QYC?XHUo<Sp`a{<5jhmijR&eQ#LQpPlHeUGvc4>jULG>}92>HRjAZkD9-7f^#7>
zNhL#}MTe#}D$8?+F9{{374>2}n-h8XV?hj1mGR$NJ-$O=wkHuW;JnS{aCLU#Zxc6m
z>3vl%Ae_J99W4|Dy6`WKdFX~ROLFsCaFPJ)x>SO~Jkku7j9*G5q(Yzc`?k*wEXWNz
zEouXOEthqWoNSYPEoFvA^+_AAJhjKvhpiEve-%86M4Kqo=bC6mp7>Xikc3Y%ENUEO
z0(rH@mImqsyYydCTF#V$$Sn~^*@3RgzPA>C>{l|b@fjAx>6<}{5b&DKx9;7206F!2
zj;uFZ>pg)-KTB2rblawGmSdDhmn^#n<Kv4KHaj<VxBBThxfX4}l%r)MKfg;o#m^pf
zn6jC^ONcz{Q=XV?yQ2RM_euWkbW)u){&SAiVUXrGu1P*!<4*xYkgvajW<&Mh>!Z|P
zpqi5$pO#zorgCn3FYQu(gQj}%-Y-^M>Qw*AVus67ZEtj19hOSJR_T(zucoM=+g4rD
z&T`JpTd?GhrtHY65Nc<;yc*TA3HCkVp_@6sRp^jgqg}$BU1YT9Ce<qE9j`gT$ZOTu
zJ^mTc<c?3)Pnt#Z;RyZKZ0UiIx6d&NNl4W6YiGnc`3b=bK~fMT^eKYLDYUzf9P%no
zjyFU6#7P6bkO@Q_E6$G4@B01hh0mAFAz#u)bchO7S1bxZM?VkYYnMZm&CV^_7{b%k
zlSWHE3dTcTC#1c8ug*GzL|jRTcy%xieqeKDw<^$pmN_28jy<+LdB|AwHf(6${U9kJ
zSf;4L{_3@G#;V&$Q<_A+C8_o?P<Uwujpy;>v=biO3NyWPBB>xA*N|al#KnIGFX$p+
zb*uYvd(`lg*->(6m*Fh?F@Q?IGALFN2r87CpUYT6(C`Egwj4b=ViibjfFc%<jDov<
z^X#Vs9F9HooJT6`TBv<G7lX@hG#m3*75-7TeXo3q$HuoWN&MJ++_T|6_@^U}%8^45
z@3n?WsoCWZ5C3_+svEx-Rj{xvhuM95-7xKEhU@QBFZF%ite*M9&4ar@6Q{knrken!
zbA_?@|IPDMHC}1>c2&dccN?#lA~ymAl6QZpx6LJdMhU#=oSmR6l{gyUSfVp`b2awn
zwr}k(4pKw$x|-{JkXBNC#Z)ks2ou0M)5NKyhkgqCk|a-)k4YELdCXt~Aoj*>IFb(M
z8jj#FfY3qcHNzW7k-nK;cZH+o|D$Z;AR#-=?M6<bCVmVhtgNpmXiC-L*Hj}#=>`fX
zS&mo}z}_}MAq4PdQJLyr6r_3EHff!+=i1)D%vjs!<@-&8enBHAfbwR|0j4jzI-S{H
z!m?;@-kSPYei0^DC>-(}wWnNk@Opjmt9uL&u`*-u2qhKtWOq@`s@&vIH-Lp~r!GVM
zkH-sbN&9aJ_G6|<6AxeAimtcxR6ScdDSw{BjU}C1|L3;1)>W|byh9-M96f*gbe#{f
zz#XdYuwb~X)8-B(k9M(9J8jgFDT@1jjKL%71#BB+Q3{ANMO|_>-(%fq9qNAfn<}B`
z)7d{eGJK6SGSAyy_&V0ObpnLUvSg!V{(vH)@YP@1t0}J~fP|JuyWK*WC^3HY%=feE
zo;AxxEsw^`9I`7n^XrMR?L{|dyu`Lu`UgTj3aa|~fAtl#P1Bn27&#MVxG*y4|2ss8
zS~am?@kw!Bg7{;c&G`%Q@pR#3W%pE<>&EkmygXke9+MM<eDs65^nVEQbRCpBJ-=fG
z7P8RL=9TC+o4JY2hytE7HRly#in|l&60ejR<#oJYa#94vw_89NeI*M80eS6~<$c?n
zQ65vJi%uM$du7LsLjG>LNO=gQ$J-l_GH=(UZFfIg8R3+BU>mThoxOhF%)4#!DPbab
z#p8Vfx(?8*+$QXLSL}<!)fDN0vec<;`3*V3rk{ju+EtXg#Qg{|Vb2b2e%?zitM6<L
zmECt3i6HOD;8BcRB9AeaAN7aMk713X`f=e!Xq6?W>w%N+ilG-bKch~{1<QPtfFW^G
z;G+esH0XjF2(j>m$}X*d%-xyWF{Ij{C!bv`p#f=>spbM`9JLNop^%UZY&+#u*)4Dp
zUdns2kNtMHpc?`j`PX27mgv5tY6enbU4~`^bRB~H2edevMbDW|dRU2g;vP+JKM6jb
zOlx*4!A33jCfD)HB^Aetmpj*Gbe6VHLHEhUPrL;|&a!n-a}?Hb-dw8%AFzowZQSn9
zofee%w)YOT+Vbn+=n4Lz*mJfam|9mdk6$MehS;<?UJ2Rmwm9k<Mo@sX+`MJ*nX<pw
zXvP+U!VYB|15a*xrQr7Dxcss^fD|ppt!cqplFcG(XT*8$veA`a7#>3`;Yi?{w_iSU
ze#gie2a%44;I<b?a=4TA(c6R!-ORna0z)rY#<6?vRXDnwy+WY&y+Wof7Umkn#viT@
zm{FzSUY~~D3(6bhW~14@?!w_jz{en~;J^L#`U)<*8V0HO<$M0z2>tOy+*71jhn<S>
znw$r*LH^anhasIcOj+zA$7Q?<DwFN(A8^cG4PZ5VuGmo`u7`by{un)f66Zu`1B=tT
zkGF08vfFV)JyRQ$Iwlz6Oo^~K@h+6ygDr3M7xYrFy9HF$ORJ=oo#<tOPP6xYRsbh;
z!XD?kMZ1wVk+STG@n>L<T6a*(3m*JZCPpvxhT1bvHf`}oXEB1CQ<T7i1QaF|Qb9SO
z%CXM1mJ=U+oh}OsfrVdkteSZSV_tG~Yq(0NND|h|Xc=csddB?JOg?5VUNwz}Po=Ri
zml<HO1qxpr&f-pUvrw5_EjuWfYk5tXE0;%|rpu(-)b>!K0Bc&OQzYPjQzW1b_FTiz
zzmm}GKc(U*g2}!3{@&H0Bht{<9SSYb`M`<wpVf@x#X5*4fE}VwBU3N8<&YCSYfM>y
ztjR||`M5>43n;m*Vml;$y4y{P*2<>Hpaiqi16oD?ZHuGhVNd#yMabAy%!5WCC!t7^
zYzjH}o|zEOrGnXW!-j$~jxPQ9e%}vD1`+#zAK`L+U{_Js7%%(~30DHXx{S2diIx8P
z^o2fbO}OR{$MtOwhQV<r9w|2MpF;k~G4KE2G@YaTcNugv`V-(LE~wVT<fx>C-MF;j
zI(6eSIQoQ#_`0PmBfzkArkcEjo>N|TiW^PvuKyutzxU;dl8uGIKq{=ayrQfN?}z@#
z8Dbqhj7){OcWCeN3U@&EzMmrUdI&PYm^3H@I6N<`TAz=xP+a=Sf2<wl3;PWxycL(&
zHI{q8p7?5bb%_r&wRAP=?8~T@FE7`h5GJtiuc@UD%t!F-IB|3^KUJ-i9~&s;`nmcF
zG?n#qq0Ui7eGKuysGG2f@wV1x3`ilwUx`HuSd<r&MNkEr;qe=d8<#QCD<h<wejd)9
zG4ugnYy<-bCf%n?Er9k|ZK<=o_}n8rd`XYu#^p56J#_k(xBw=RZQ%N2w*ZUenOyvF
zCsYGoL3n5mIsC$~e4O*_1h5c0{4Q|aw_`n4y!-Rm2%yOb{{gV##6$v-E*t~a&$|uw
zj~@O(l+cZ+4CslpazQ2`(XUrQq!#OurX$L<bUUo#a*MJkbCHlN?{HUS$L9pS05hMb
zAi?K~AU3Z!2-<!AMdHVK*l;L1ZZ~yUh)$GBAn9psD?bkBlkgBXiWrZ)^@{Y3+GN4l
zNTa9WcavvuNBs<2hWN<si@f>KW_BAGx&>{V(K`$|Leg&DrP59@2>9`cB;;tHhx%7r
zI1tEkWrL7Tu`HaXwE}Qv+h41K4E@&k70dq0xuiADN7=4q+VHDPqMm(QBdXts*yS2H
zB+T;3Mwsq4`?@Q+*2u4=E8m=-I?8^_bNM4|@{)pqZ`z5vwaT+&|6Aa{4IN?m6xI60
z;kVsQtfgy&&nh#V5W*kG;>R?0RWd)7L;1Y1<)bWls3EYAysr9h`NlV^sj9x_nTA;q
z?Cgt{L@Mugs)pZrMB@)cD{%{n`HpxTh{$J`#3WKV=}aGlC`Q4ha4tNsw;=}cj^scI
za(?F3a_na31Gh7GYL;)qL3XQV)9DgBP0EzuBR<kcm7SLT56-&xCs&#R%Ld3fN_CKL
z(ARs2<a#w%Iuxz^CsSSinsH~;cc(svAfsk+<~uko4^LbJ>Vls?)(=l?&kNDs4^8%{
zxZ8jPPG4_$W#C4-h0Ro#{V6+pYhbn*$3LSuH!bkSOOYc_&ZXVUc&*NZ%6gNetRX`j
z`rnWk;(-%q-h2bG3jaKbuq-GybUkbd?kaj7a^Jf-yjoRbCZ)rKv2+31PuS3)tNO+2
z*$$8lhn(OePG_coHPfGxkPD4F^|12aEG{TNNj!kFM9*(eK>OUA_R#E-wZ_Ab1xQ1b
z=Lje}&wEJu7ld<e^-L)JE?zO@8J+pc^Cz%yL6jInzvdG{P@yK<_7~@Evy*E2*LLsC
z&vT(uioemT;nh=T;((tq$<5<_Xz2?gnjsnW0=MXkdbJmk2+|pD?9e?c7n;5=;VO10
z3UaMOUEzu0Mi5l++)MS|ovw{Rp9D6+y+DKb7voHWe;n2eqM;JYXclb<@YSXF%;eM(
zA7!pvzZH5FIQ9ujSvLc=`mk>^b*$V*%ewzv!m#U7(ukf05Yi{~C)!jRh6<uU6ZJI<
ziRbL8uSzf1?>mAdUaKnhOk_RrZDR6wB;0%cmeVt1aLD5cLT88kcR9#T)W<CF%Y`{G
zP3VwcZNz#__sc;d2-)hSbF!J?PA7YMt%#Q{#Nv8<eIBhp@FuV)FGM^hfxwcx%GfvO
zbCL+DCN=w0@L7D#E$$j@9oEYLo4qn~0;G)CqWqQxEXEIwy8*dQRx^x;7T>J?x(hHA
zG4u^j*zP?jss-rqVgHzM3&Whuasml}enCXCM?z}1Z)GSSJ8Lrtb5u+8gBef*f)_PH
zSEB?gsVp#jb{mfG5d@?5>S)IeIWV*1<A$2WcQ?l88-@|R8R&RZlmdS&u9ho(74t8$
zuJP<DE&oJr$?x518HlSS;R)*G(SHSvs$N^sDa{wbM`lNLPH&1+l2F-csDYFz`J+R^
z-EYhF#&7gWXCbjGWTYHD5pf9lCUBc&hwZoQ>r8qzeG7q@EnQZpIUx2eV8@1x9Bg;p
z3l`m{RNTs=@om*hzI|@KyRQ(Zs1tR17LqUL*E@CLH%W$xqdQRvo6nFsp!z@v>XHtM
zp@YfqS_Avv{CoClwks;**;7~4_-^={QPD2g%|7{&zQQ5)AaA8ergHG*M^xq4GMDSk
zDAwLTV^{h2UY3mMcitF!Hh#S^Esdm)cI|d1n%Vv=24qUd%3X^6@ILlkS9_r4nWsa=
z2k707-l?BL?rG!Md}(dgX?*~8q85twGgo1r*$lC<fgSja!jQH~HW)8G%^GNfP%!Nn
zO1rSQQbMKN1t)Hu4?hv12e+sJTUeTYBgS>x@3e~8Q~NQrpj?Ya$!c$6)ULvUESQ)e
zXn28Whc%l#jcMGF@wm)PEo%g@3N%m<q@G&1)}Wpv)nL;J#!^zdCIUV?vxUCwHaD43
zTt-m1LGgyORS;FVr6|FkjO$)z*hc0|ct&wnEzw;g(blR34VVoJ6(`Q~!^UD!)llJO
z%)tvuLt#SoIbg5OdGoxpo|u8dpx;16B%8Vs({|%@PyOF+DBH%wXQQgL|E~HujK9+z
zR-+Iu0b6$C1q@CfNgfo_r}u4s$jD_v{Q0WAZhASRS_CG_Mr0|agT@i8_D^=&mCd;W
zK<9uzulTBcge@EwK?!XnKFHqwWti&8nk3>$?RAUzmAz!CYrYICp}ZYNWb07H&R4jo
zjZ=M9kchFDYq@_K!_8rGFhPU9>wY%)vJ=aKw=uR;%Dys7NRG~7?o0>?p?;LZHVChb
z7io6o`qT%j>#>J7WUqxre`R3Tu~VO-8~pTmzT%#rqqwFC^zw!n*Y$3vJKOR8s?-S&
z-0EdXh0Zn6Vo?mzpdTNA6wWCC_l<vM5MjdA9W)z)<d3Y}Y5uPby|jQ{Z7L4FnKq~i
zwK!qDVj*I8*Hx|i;aQ=I9fpbY`^|#{<nD)GJh~dS!{0*`<4w&+w~edD5!-POl`iRN
zyf=b*i@mvabz<-fJO$ryHudM&mmREW^5!9IHe!}T4QcdaZ$5bpaX7W3PLoGprU?)m
z#;96hRm$>P7Oe_7M`RJ~iXo~cd6epCKP80?N2KnH)BirMAj#c?LV`ibHvLKaO3Vnd
zbZX~1;&2Vu*b8CO9XmZ-7_2{Ju4c2Ez7vO{&+`4w@!7UbJ!PoZ$K}Tb7&Vaymy#ie
z9_KuT>r@isewT!XYd-emYZi8&3_QB)6Ab^W^_|(&#<jO`B9rukKg~n1%uF;>nX-NZ
zN_tW5)$*WML)mhKU6@6>qe&}R|7rfP@z5oR^e*J@QjsE%iD_&1zq{=)cdP7Hp<2e@
zHpYf69hHkEfsSb9d{;jDyv|_oF%~R*jwi7(kXy_N5NZhhhRM=f&xgJf&BBEq6HBwg
z)iT`=SC9K0iG#>&byfmHoy*(3)%uh~IuE(tWi%vM^#H;tdaAeR!2G^tb04uMgYS5r
zv<61Sev^a6B@~ZHw!}v)Y`&=g1c>dv{4b+%d^s)3V<bJ>z~;=?A74P_LL-B9E`hJn
z*-@MCBHVuWJPm!|sG?x^A-*x+^{nE6zfQb+>)-DA7)~c4LT|SMn%0&Jr1v1#V~3px
zNa=%%f~YFLleKa9E(^-<B1(pSjeefHW$?fTc35#;8Sd|Ne?#hNT!US^*=;|k1Kg}A
z5Jpn?4|5;~d+V$B^-j?Bg@G>^!rwJ6yy~Kv*_6C+^Ftjn@tpB^rm4+hG)rf;?BaQs
zQt{jF`|DH_16AL=^sWAAm$>$Gz`Zz~AGThCY+iQ=n<()X>6#Re7*OiJSelE^tGV;C
zL`oo;op<j6If-Yr<lKpD`%#<+@u)Wq^d9|Z(XrbCKZwN5&7_`I%}^FWXeU|~(BWLY
zwPZu{N%H(`A$Zpi>mr40pPQU>l9hw(wphS?78s`m!VUKhK6U)T*Ds9j>G+*Mty9!O
zzu-Oz-9_^!6N&bds%fW+8Am4}A;|_-Lk8=B_DViY_W9l;n|4r8v{mqYo@w)`a+b;h
zY@Hak6G?*ZZa7uwaQcl(9g%`+L<6zdqf_`5pGorJ(Y*5-f2*;$#iPN;B$*@4Ej1o2
z`+GRNWw@EYOI^zgWBoN*KXHrig32@4;h8l4=;fkZs2@p^%-|L8=6%MdZB%YQStFbJ
z7i&V_7gB?Jz1vOdZXffw5Pz8xn){@cWXyV6#H7;w>{s-NP1R#*%c*r)*tA@hzho9-
zdf9s+;z{nxZp;gk?!z12Zl76o)p8?%8EwyHz;WHsgQ$}2KLXR%_;qpL{a~TXY>19i
za%g3pUn6Mw4wJk8=caZ)Qi-r@4y3ygeyxhmM*<08LZP0dw@18~*kb`GzR6RUP`7;O
z+_kg6@=&Bdm-z8uhrwZPoryTMeEfw<#!5nv5HJ~lxWFirrpIM1-cjGqDUn^nH28(w
zN;Zt@q%?d#*sYlVhpoYSA6}pHI3fG;b#A<oC)JN5_8xrZC`Y{GF7NMIDMW6xmLsip
z$?pz}wbnAZNDai){x1<ubC#3doi*UFdQyAB!s27c>jTTTnNm=vclZdr=*l*~_(e&V
zzX>Ha({GN4cTP00zVr!ER6RZFlwOQtMeVZOyR)aeyu9L`Mv>k??DSK07o$LvL>wQY
z8%kRohBA6iFLry(^>eROuY)GnNLti6HOlyt$d<Dws+dCz&XXwdw)RiCl@C8-v4C2=
zmCk;@3`LQ%4X$+DOYo_~$nM?&oGF1Ca}6h&k2rvHM2Xz~<MtyCnAG{g@z~jGcg64~
zMnx-uD*m7ivSNup<`X+QX=SmzONP12hc#t8skkt9Ar|Ugb>73ejwsnkPAqHk;<RH(
zo0^zfbUqjjKR-v3(pRhmzZVA}6H)BQqTT1QnM=8uM;^d;vUsM;*zNBoekpj_nKL#y
zOgJQ*z7vD)R0{{=@rB4aNVxAl61I&i**q5B1TvbTHk!_T%^=jn<6l8DPy@ql9p9bz
z?;vz<aPG}JGKT5JI(|+dY_!;Vs^}Jn9Zt5$BQ>;&#7!A`yh;>%8JxW_@#*~UyzfA=
zERkq(;?L?xbYN=npDaBqAF@~|xlf4=7|6+_JlXNxiB_PB0C~Lf|HnV%KLvZu`kt?G
z^W5l>sC|<DLq50{GduS;W@YkSrBDdZh4l@@)74KQ-*<E>#;{(WH=S1nQgVgp%{np$
zB#by4h$<YtCk@HkB<Wm$<+(~oeD>3B0p3Xr;Sw95{&{<#EdTiSRqGnDj~m*U>8fv~
zp685w%RapD5sPH=a7wemefnM_l+Mm^vV6Pu(`T>M82raL_~=Odu))Ut;$_B<5;LaJ
zgvX;=oYriGf1dV}wd<~l;tXQB?7bQR5Wfl2Jd^4qh2VSma3}Y1|A{9a4O|Ov!2O7Y
zv5)p-uKN8u+Yi4)+0`3l>_d&M@H!IpjZvGUQgIu1HWGvfOuKWA#Fm`WG990fmM~f8
z&JzEKWN7M>`=f*I;g>b<dZ~PmOGt_B6~}HJZ*5B`ij+4cLci|XVg`C1sOc~PPU{W7
zCVsIE=n4#Nx%m!oI&QpxmCV+!fiKKY)5FOKKn&{FG75b4JTHrl!Xe<P>O}ZGIAHSe
zd*Pj-kRz8(o+nL;2_ukUyol5Ea<J>B7Pr~R;n?sqXUViQ*R0m-9Qc2pw&I~~?;Eeh
zdqfDIs0ITXm<@okGAxR7&YB#M>(fS+2y@DtZ^U37%)D{r=cWg(%MM3LuaD?c3_1dK
z90fU2o5z3azIp3vx~rxx>8bP-g1W+p$Yq>kC{&svw)+_?Pz0Bcr0BRx7-#M*-iJ{l
zsFQI@ob^-P7~!rHc;YlXx~e%gh5FMaT{q;qtFl)&-ac~2Ba=<Ptw+mSft&@@UwCY_
z%*<wWK63oZ**h)Xj^MlBtzZRQ_&TKL@}@ne!bsaLQ8R`$uB2E&<biLe_T%{uGjnaH
zWmC<C80d;yxzE+5VnUnc$US*&at6gtIEm>Ns%FY%jJfU%S5Zp(X;ex?{jC(kV&-mp
zxwS9tiG0ToPgwn8-iF9duKd;2EH#B`PTc^(qL{62UlM6*FJaG~w*GFq=-A&Fx$_V&
zD8b?WJ=Zmw=Wy0Xo!Fs0uy9kZIrHK7l&64=TL}yCjk=c}HeScFIY1{=3!lac$Xc&<
zWj6M?EA$g@q5b{&nA{e$X00Eum>^dvxY`3)lOFB=w&LdhZN<&!;R6jJY|fyu7m1FZ
zhK@1iWSn-?eVzM}_30k5qJ7v;Z}i@S3yD&g`K=Wle(w|cGcc-bki=|M)8j#PUId8*
zMB|i>I2nl+L%qs&?D9vw6ty4oc!5Tx`8>GW!(8Q%A|A_^hYRg#?ITzhHcrRgf`)T#
zMi%_<oKSNKwx<{0kR%&r%Tf?{w|BD~eCO<nWl$0?KGa2v*RMLEm(uRtacJxx4<)xt
zb3a#-^#39c(3jgft%i41IQV+k?co&`numt<WJgEh;%*k+zVy4+aSw$1Ic$B&jBiEK
zR`r$uZBl?PS}|)$0!&8^E)kYb>2<!4{Zxu5n*hiB)KJ;?1->Uaf>Y$0Pa2r-tsCzM
z!noM}^=r5gtql(?#sx=MK}xW?<+tHq3ND0g7bo=&m)w-9>)UH7F2Y(bQ#M(cxJ);E
zbq@z=?`3~{`h8=k+G1K{aLwZ;ZR23$FraM1w|KAc@bI5P|L0o`j>Tm>MHr*reS-5A
zpAlmXYpTVAaj6?B!O)EG1G7bXuYAb`czCN3aaG0k43a^sc*>Zy0sZRIOI1bb8GH;~
z>ba`uO{OclQr1hG(svciR6g##Nn_Wz7Mjm|DSTF7C@ucVZa%D`|De`wC@FYvc#k`&
z0jekCsLL&NUfQA?bmHVK3E_%ICmfxZyV<`tDRbIf*lx8Lv{U0a2eLV%iJmj`07*Be
zB$cF1g^4f<q8C?I3|<+bO{ewF8qJ1{U*qI6@2|g`fE&nYx_)@{fDj+T8Y~f&h}<pi
zQg#g;hk2TJ{W>=#WX^1B7RHB(mHM}@FXS|~A;wEjxH9*8;^yVP+`Za9t(IB&T=<P@
zO7sSq*b@djZ4^!Tc0yh%({Fy*OBTNkO$;SY&)uUZZ_vU4{Yi}Hv6re6EqI)R%=)|g
ztd>2yf-kHr%+-GHSG}hG&a3d~pZDi-t%a``SwhTuA@%hQyEs6qytgDWPd0v<6zH0A
z#l*=7b|v&o|J4gpc5OOL=(_G$v=*Po%AkMK1+>e-sGsKhyM9LMyCP(34-@1JL!v-Q
zB;2JOFJ4^C{w>^A8%cQKpHSFH;M_<kT>id6d;NYZrO{JXjwjNpWLxx5pzHU=E|>3k
zo|*Uz?nk+z&`#x!60Cp4&xUE4vtJOp_?UjsQ$9!P0CAN7SSC-LK}_z<UBQ3lvcigd
zp|{>_Y?Uo`(M*Sac6h&U54LABMl1F9W5kwwl^VX?fAGBv-p^e3x4!lV|IZ7nM{i&B
zWbbi;l`oC=CCdR&3T0h9ltCX9&+j8${XM&oI$L_qnB!^&mp-OrrEmmlB(M*+Q|LJ;
z#@;Hpk?2aJ5Us1+W{7VW=k0#kJ!rE93HKrvOgZ7+g}2p6%MRvbf@`MDWYnHk&K{tW
z5Q58Fwz+VuRHD4$bKkGqp?2kQ%cC=Ce$Tq-y#+9<e&wado*x1$p6Q$fk%uM#@-r+{
z;yQn6NPmH2n@G%ZmiMS>6L+fWKSNN?-SIsdI@C*0;e~$@=D$7lPcwr1z)}pKol$F6
zT#d2TTi#yXaY%x$pop~slxDT;Vd?92p8+sOdT5Z|r0KkijDTBUH|#58jC6`uBgc){
znH-D29_lYoixSU}&}Vng4A5>=Xrky{FZKt@+n2&dz}PhhgjvH&M!G>^YCC`Dzh?pR
z{r|8zS9I<RVa1>)6ae_T*R8;ra{32pba8C-oTgy7Yo}W7`ZlrIorAA-|MW+@@Vu|h
zNPnpkwm&_tg!@M>%Np#9-rCKbJgaGb)EZ1m9*usiuoh2w>^yJtMA)@l>&RfT#{iQ_
zZ85~?4=rDgR76y+N~;?fXblYxqy&e${u6Xs?z}dGoPVRTN{kzy@rCt6PobhrrdNUz
zb-{nX04KcAn#^JD!ZB^4U%;Iu1=bn~|2$m(A6M@k&G!Gs{ToH?mZDZvRc)%&jL>SS
zT2-r7RMn`x39(mEyY`5^SM9y`UKM*2n<PdM+&<sm`JMZm`@fu%{FQUP-tX6SUC+n!
z2_s+(ZNf~J)0d>IS5=|A>x=bD_MIzG!F4#Rp^N*TVTgXW@g(_Nk4c$-`%AiI4a4O*
z&3N^ZFq4<F3~d}Z<NO7Dpd>2xMe+`a{|9_az>pTg!_6c(c1k`QNbm*(Cv<{iI$2sr
z@CWhC1ptlARdsaa)g#6`3@eo{)bnt8o~rPuClH8DNPM@CBZ5-p+oqdkFaoDdbx;~l
z&Gv%?7?BF)4(nm{2icy&02;UG|6R_aUxPj_7vL>o-RxrFkLNsvbeFJo;m~uF-Bn=>
z4k3(?1>p3DC1zwfC;LcFN_2dgrt>(MY5hc+D`<wq7CA9wvwqoK>o9xR5m<nAuR^pl
z&g%UF2e9S0K0Q7mYU?v9Qo)}j&L_pPw@FYeU)J3A_^SbWR#ar|)Z3^;9IjOIow$^&
zo(M^I7@($rBk$YIlz%A@vWybnDS6p@{1Pp}$<GS&(^vr7k?4C?SA#YWd=d@kgruzQ
zu{iK<B%r56uL~OAVNb3v9u-M+>H&steV4>Ofu$?F|F&QApoho<&EPT10V3xS$g@^w
z;)fukwaBPNyi5mb-y1N+>ojv%q5a>sOeg5<KJ%fy6TTW>7%<bsNB?V4(v8`Ul7bY<
zP4=-O;~uD}Yxe|iR6!;>m?UiX%_pW}8WqH&&H*S7HC)xM(9{2>ls>6Lf<xOk=V6RV
zYEmm^sIP_LdUtfOYm|n8HHT-PjPA~`wozl$^Ueo9m86x%&YD=KL9fGi6A<ZuCb=7}
zb=$?~Ca(0YkgVIy1)q4KwluTlww;CR#6+!6OUDUh(pj7;+l9nT*o<9}j`)~pY&_%A
zjT|Ue3nIsz5!_w^Uk2d<6Un}@l%ZjRTniu;@KD|Cq%OhQGc&yIw#LL`uG4`?0HwBl
zY?tNr*@5cA@29KmwJhJidX3t;b=9T!CFJWSV1u+T*eLg9l)Qd*v7Fmu$i%}l24Mv2
z2!E~wnE$Ui2!1Z-N(=&OAhhX7<4LJ-Wh(ZbqOx)Ou#sU|Q4Dzm&4X+>!Vmx8{^nK`
z;8oZ$74H~?O}7z~EpOM{c5Wc~(k++F>b0SGl($Jf$IdsFkJjJGFj+2Jt-1dUL%Dml
zQc-@gwlt+xMH*04wPz*X$UjZZTQ>jp_w>wS#DDBv@=YCuf3V*h1LC=^E?Q9<Q8$lL
zC(Tu|-(T-zfF@RhUF%+g9G5t_$)0rY|4J>Z>1V?)A{+a(PX@$fwyX;Im?7ye*CB+F
z*r$H`edI%67Gl_$te)Eo1G%eVP&5+MosB1;`JaMPKy!d-EJgd7q>Xe4@4JJLCGb+e
zEeWIY`Qr17a2A&}LKY?$4K%tImr2A-;i@YkrSWIMRyq@8wuK#r?dgI6<)MiD`iJAl
zG|Va$i=Cjb^hK9qMrHQreA6M1#-$CyETxY@caaZ7G~Py8&v<hkNV~X1svJz$ywhSv
zF!mqaN%bFp+@65MlI-lwZ99%MBJ7hEV?4S3Hq-ej4rued4vh>@IbAq#%JA}EINCoh
z$`2<p%t2iVKl)zAjwWX|a4)d#nf;kv#Q4cG77pS~5qV*^?A)nV@^034lElz}yGE9)
zwO{3V(aTiEDfYLl7Vy!=?vDv^K3GjrJjdbY;6%S*wBO1DVbi&-fGM#@y*lFPm>Jra
zwI@78x$0dQX$D)Z``5(9FQBpzOHyr<=WArmXgOC%YErrC0(bZ%yn|U%P;6AwdTAe~
zSqOJ^HIaUQJC=(A_vXHnmOpJhOKLp`n{6>&X-yL}37g`NynbI5g)ebRL+<(k&8LIt
zCp`|mE$P5bUrV!2ZrJ=5d(CAHMJs^F{{Z2iN{#Tdb(TLYXh9AgvzT=VcH=6(QAD*q
zP;rFKi;!%MFrBnrY8NxmkGOfz3aD<@Ev5k#iymRv_6Z@5pS9CJI-H0tZ9QZ*Wx=mn
z?2A4)bYTeE-An_MYA$ylIk|{ymkkeR{6GW@cZxb#h0X30DP`;cJv5wJPilDzqgSpT
zof8J9E5!6aR!RMrQ?he}whPED1v1b64laneD9grc2DGZV0`{N!2ft8VxSHSR%je4;
z;C--V|7Dx?7Wf3Gh<#tZ0ox!lZfWqs_Q|M+Z|zALObK7sm^LrurvwG(CIB*@!3&CM
zh0D5en(Vhz^trXqT(b2=>{lFH`S36`>_3F;=82Fq>97u{6Z;9M{*a447#%n3)uXKD
zo2qhC>-bCHv-$fCqe8AcOCEjFlLFmEwf~j2#{WuNqn~JmRKur<E8;e<`S&8VbAhjX
zznX@1s*7>KyKLonz-{<JXB><&yH>QUaqS|Td%VN8d1UHnzN$y)r`Vd4k-*&tiu79#
zFF}12qxD{tB;k8fjZQh0yYJ}%iiy}n{|H*UgHhXc<(myvU`jak8Rpp4%7MZgIn4)^
z&iwKYBup9uM2M~i`obLd3?Ilmm!7hx=%B*p;N~8ll2U|P(&KvmcMB;L9r%pY;YcN5
zu}~OmIC2k*M)#R6^4ZM<s0fVONv>8{O3jW5{}iC9+H;uFWq2*p&H+!wJmerh^Bs8c
zsE^LSr2-J!cCbMFOt&*g%t+@)t-mT+wyM98jC>+nK!{)PX^kFD_tQW+QeMVUFL4e5
z1OMDi4eW!*Y;$&2z|oY@+0CePzxgs!J8gFjNf@Lv9}{r2xWfa2d=c$|rnYL+)DQOx
zqK7lj^?r_&E+@4$0LZWtS04f82e!9o3pq1$6Vf-fhk)kwt~YdL@Zu{jm3UXAVzT$y
zK8sYNM5t|UzA6tivXvDi6yniWXlS>u4V$fjY2H~}-eQkUE?-JSbYF9t^y<w?yp%!M
z4tTHyIGVeFdkQmAcre62rD=_wul0=5Zi77HxEr#!hn$ATRcK%u6z*lwgTy|Fv$0*(
zt481q!clSODsP*aaPyDXM;z&UhoX0tO(I@xw4t{7J3<^E4odd@Xh8Dc5{#o8JCkhB
z62>OJfbnDwp-COx#f~UF=&8eCaJ9sSL9<D!XjGofDXwhqk~^6)gL>Vz$H=RDn*$MQ
zvo*2wwG`)naewK264MNqNRJ<Hwzyt3+Qj2>GP$V!5a21nHk2fEEHuv;60RbeR-gEA
z0OF5BRXsx`X88W>OT5}>xE17Rp<r@akC#Ui9WprUCS9x(fzT;fK_74=|LXVea{k9S
zjTI7JSFdh~Wz$MeBy@iAJdGt*h0X7jvH?BIL{!70!VQ5r>$dz>DvjK)+y~8EEBof}
ztQqz7Q~CteDn{%$V5_nfZoSkL<J_=^&Iug!LHrhQSXvr_#w}*`D^Riw$hcsFdvTRm
z(&+uZ48Bl?9PwH^i9~1P+3Npyc5L-Ki8_e1d>2=n<3vbA7nt;_xQDFz`^a}A&;{!-
zMjsEcp`(?Du2nC+Tdd9Q7PBnjo)6o1@%I<}Z3o=_oey|MG1(m{!>2U)k%1=(Hxy;|
zgfO=OM@;W>GxvrsjyqeT)wjUr|KAJ1UyHU{60A8gwoQ|N-rE0Ae^30)V+Kg<V(Jr<
zgNh0%qEcS6A4i=x-DXv>9zT7BKw=q+@R<Q=UqCorQTwnw_sZN%HakL1o6sL(+Bmw?
zXFT_>qj8wbbX@`l?huRYBp<0tjyRClRpa>qe=FSIyI-sdk?q5tOx<T`$$UVkGz&l=
zEfSIrrS?gY5`f>9BE5a8gp=4GL>J9sLP}3J4jV8_RMIN3ECcpp<x<{(aj=acat_ou
zBiW{c&vs37EjG}O=`Z&!>WAWtv%_Me%*uWfcO|K?vpsmU9AOkx+)wJ=Pgg9npB!kX
zj=0DcK%{SaAXvj@6wDXLB;NMj@UwZi|HBh?vCK1+Dsx@4fBf|bSP$y8g~wi)-00b~
zCO#30?TA);Uawc|UDMPyy3wFvu>`kVF{e6F#3*Fk<lr_zv{sDr1cZ8H@b((bMyPJN
z1r%ECT~RH4)8yqb*-JQ9rnGY4pCT8$WNuG)dIe>&=+-w4Y29~yx`^Aj2Q_g_oOKc=
z3Kn1OHbn4itgeoSh#$LdRfHpY_S1zK4PkT_`<wCF43EVm|5^o@n;QHM__VwJe%On}
zfazQ?#W6v-ooYO^YdfrZW56(h+-F;m<;~JY+BZv?ZPD_XxXzd-qb;BS|Dwe>R}2{$
zPUp~5HJ>%dVY_j5;6LVSm1im=bp~#e;?NqG^dUV63hx3>9uXMw3&!;(n$RZor3}l?
zo}9Q_jl-S{C#0EY`L{E*jIUjcK2vZqv)HiLKp6%7xZjg@<(Fj;C2f&Z+GV!azus>d
zEd;}TAz8TjXjj}qzOu>mN*U(^x@T6{Bp+X8+20|r&**rN>^V7RMoJ<?dOg}43a<3y
zoMUS~5e`s7>DG|;#4T2V$aVT5hT^(&izA@lbK99;NIu0%a@&rL-H$Rjv-`D`qve6N
zi{bf!KU5^<qc#iUOnZ53@9nAL!(Qb<Qt#)(1OID51}s4J;99&!o#@xDA)YILu8Kao
z9i|7I9Z`7(x;W2Xov7XR-^%^nvzcfy8n$(l9Sh#L;VfO5_InfR9@l0o@n*#2qMpz-
zr0OK1@uXv`?9G*MGGeeCv+4ln_1=dACFLSn6hh3y%hA;*Z=JriAkWKmJ*lmklPDtp
zN=n07uJ*AMV9wbM7}jRH0aLG<`nzo}7`jGcH?Z0UDspz8d7q!V>yL0|ewM~hY?3#c
z=X<BgK2j3A?mzGv$ytadUE-f|kDb;U{P#sD<YNl7g-Ntc5nR0!CGGyS08-lOdc$;1
z2*~=u(0U{pk~Jh(CO+a74~3-JY7|Ner#%z-Pz%e9T1ImPog7{hJmzgX*s}aS*~OpE
zJ<%`>4{xD<k_uAGky-oZk*t?L7>vEu{08GNMK*d~u4&w9_v@JIh!r2Z9j<&ruk69P
zTI9XiBUw)*1fPU!pNW5@yiEUNUj?5k&@GgDQ(ULpbYWqrSH3H4^HT{1-C^=9eo}ZP
zYjZncXuHzc+M!UrSY35|a{JyOkN7&4r+!FEe^M7+L~e_;R`PR})_aZpwO4O+ATh`O
z)b!3KNcZ#W0B__URVv`ZtF)P3?d5&P{1_@nRA|=q5lA1cy4AgWJrU>nw^WO8_02m5
zCJx3cN8FwmqyTN5KEY?@%(rstZUZA-ut(iH9kRbKttH3S$PFQSx5$?JP2WQ(2ax(B
zIKJghl0j+eV*o1u_5BW|ljByw1{qg}-spTatCR7jt$<?KODHx#;ULEF(o~9lY;B3d
zX=q<LMQA0VIgjZ+FaS1^zolP^?;z(NoJ?CzS<}5^-zhR=&-CF{7xS4|x*H_cjEUy+
zS+F%y|AgdVQK@6m?JEGzRgJ)i=WqJE8kMd{0ilVJln8r&maJ|fO1*)`1>Rm_a_F^t
zrE}{0PN8dlv2N-t&0`}MT?$G3d8A8yeJO#>Fxjh1A$ghp?2RWC?6;%Fs%h6whS)&U
zHA(<HsWn;p73AVusLD4t-CyhMs!+nHQ&<NJ@HgDO3l>!}gt*A}{QhL`zXj<Bo|Ajw
z)`y|XXV)^^8H~SNl#a9HA6dmLa@2KE+945#IBw_eZh8jKmdw8Kj!ss8_vNwu)T49c
zvJzusxB5f{Gs2?OOrX-d>538o*twoCE28y0H?&}wp2hka#mSP1djri!Z!sPsdpP&=
zT*D{w7duaLa77~Is$-L2qEn2VG#yLrdrXT)lw|=4NA%bUj{y>MXNyl?otPe{0&1^6
zyOxOWoY~1qBJ`fI;!SctlieNnW8SxbNJfp?48kZ4TPeuXi#b4@#fNUjsyQZf%+=xM
ztw)TtD6(t)$b-1YZ)=<P%J(&|B;^WDPe?$0>?EHWx83b$G}0h%W-A$su<vE~5!#<D
z-M7VdR^6BbOD3~F6xLf68JnaCa|mp4w1gM)2U=Z{638{0;#g$!5J;2_0knJjc6)g2
zl(w6yx;#@voWaE_uX^ru;|ijJVvuf{Xx+;1T9AWd@Oaw@Fi%E6)MiYc)CO`ozGmq>
z8hxaiTpah%b0MYg&#;+k%4*!niFNZe$nA_>T2L>w$5l{xjFjas&}K4=;?A`#E}+x)
zPk+TbW_q{ot)@W&6lg@WW=DOwFkxNN-}Je{KbLAAF4t5SVnb(kh$!+Gx5*2Zv@)VX
zcNWXca?qY6o}Az1L+QWTh7CQRm)({y@o>`LA?@m}vaGMuQlAkOkr`$uz+?Vyd~Mir
z8^&J*x^i@FACVb@Ta{lt5H*PSURt~@-b^kUDrzeRV9U+*^`l#gHwu)}OLG}o?Q!gI
zO|5x*wCr!&uB4x>K;ok=u_rN%;s<>xL)y2mKDJ}r?lh$Rjo@SLsM76lWne%4@#n!H
zTj<GeQHGXQYnHI!#t#OeGh?s+=p2VdDFM0jaS5DTEjBAvMA~r|&Aty2@ij~Y&oAJn
zW0LMxLy4|*nym<G$0;;R=l<ZRPB}|#mLUjWM>wg0;vYA1#%E8E6ZQL!U>wqNT3}dk
z^S$6!R&~W!n&F;RGA97oer+=sXZgYMk-)8L;xT0DQN!G5Pz0^0wspq&vF!_4JV`8q
zFi2i^jX1>nL~SVUtIa<Y6`*ue?KUuB!IY9;5`vD+vFt_cY&v_PQxF4`qo*)ru3<(~
zN4Dbt<wuA<Qss{bqEIrbkv08_LuPSX<=?yRk`%q&0#fCXFzIBJHf<D^L%K&tRB7cs
zL_m3qI)C?#w0Eb;)>?v4duGHZ>ioe0<OF7wI|}k0XQX}D@!bqXOL_S4&W`Up$poVr
zx^N_0L`zA2CsZmU*!d4lwoeNMLGqJT`2MTL$AhF&L2T+XTb035zI^?3k!5ffd4bx9
z&Rd^Ax#b_{+QioLzhfz;V^rvYvD$T%SEL>GRJ$yzvEI`T*%M&Cuz#9)`Pjj4{V06c
zLBiFA1Q<!KcBT2LW-G8YcqB(Vi$_r+5n+D|)?97ygI)b|v^+~P+jdjDtS<k_*XW{<
z+HAA#Iz=R%KpN52<|X?2R`ja7VL}?=U3?MPc-mlBmHKwk#Is*}N2(-npEFGQU=^a;
zcMl6LqS_d}!fsN%?L{5bY<Z8{xFl>|&K+Ol28WPRdtRkZTz}FUw-Q?SHH58no4u&{
z(SEndWyn6`Q=&Nk*zD?MG&@JtNQd(JOI4rykk2MxJ;8f-VwvsQcT~*QU(Z3&l{L^P
zGoNJ^gt(+|n03t)Q<4CH(z?9kS8djVaVWvdZYY}oG%3if3Je(F?{gFGWNZb=b6`=a
zYhoK~AHHq>sjH2@+a!ACJ=-TJJoPYVL-m8rip+CjsOz!}mqfXuipkHOyMyu#7cT)~
z@@T<g%jL4-qz=z_+KHkzr6rTPA-_BZqZ{9_7?wYU431wl(fS10oH&z3_KDi0OMibI
zS)&ve771nd+R(xLDRLW-%T(%&?&Byin%vqAHMbLmo9t^rpI$gek-d;;(@r-Pz7EJ@
zZ|ybdX&yanOgUZpdYweCL&Pj(X#Na=as#hDPVbl^+UrQ^sb3dA*L)VtWs~EZNt91r
z2o&M%v0VJv+x}S4%`6_{G=SN5wjgrq5sk*<XVXVh$|D&*e?`yo<7~mFXjb+&Xj$IR
z7$Ye!3)&U`2k<LuqB_tW+Rqp<2b+DpWE->5Bnyt+<C6Smj_UUl?GsHa5c{$wbsxEu
z%$`w?im49HnYOE<2L!dfkiNx`ekH~y#X@`zI#LXly5PdhQr`9-L&saXo5EHA_4NAC
z-Ue;2)85gSk`aqQOM#=P<P`TWsE4e%-X)`RTIp-B`MGLd{MnP5GLi^*Hd3mfy}@0~
z1JQilBS4K*8nNgP!?g^-r<U+EF9V}V@K-Q-qh^)=x{yq+<ZcJLVclnTJQkcIY~VK|
zh_feTr{Q|>+yC-sP(1utM2*UM^ftU%%V3yO(w=&fuUFGRu5F8mZYC^!q#SaloKzE;
zIA+$Z;BOyJM9dHitKJM`9u>V@(CHGr9WLI`z8xIHw=>}Qo;8)X8Zy|*GvD|HEe6^l
zu>+R{BhHG>u#4!nv+8Z}^d%OML1MCZdB_sm(2r6Ij1Xzt!>YFHw}GAI9m9s+&k<L%
z*id*8i&yFR#cpIVf`5!zY7(?wG=}^@$%950R#jLu={iYxOn;T<q7|vdzvb%xdTH_X
zZ#HqRM~e69(j&}EnB7@Ix6Qbpt=dZUfWDSzTGE*1A9+I@A2}6&C9QjHV^z)M+?PIC
zs(dSSv|PUg;Wgv8oEBPJwNv`9`y67P#RX)?k7Bogub!w5z1%mlJ$aeIUb@vVm`Ihr
z`|IvAz9W4*-%y^B<3`H(XLJ-jM>wF_tY^;{G`AdR`%#u3JknIwe3GI)LGLkBMOA38
z5bRnx`c#DD`|bI&Tnbf4mj=VzLdFl0b%7}Ca}wwo(C(X3Nn%cu@xp8WKIeB`VecQN
z?PWVA46ZHj9Ef>nDQ2IQ^Q*-D?iGnFS{km5$rg4+_E1I2E)$IrNQ04J(*(*r8^`z|
zqcTJL2P-a%!ja=NJu?u`$w^~dJ%lsP6D4;c>Pc`|{ti1GrJk;dIT<K)pzSCwM5eVP
zI5^Z%auyg03!HPFNgb%4cQ|e*lns9L*5;tIl?ryf0C?+`+Q}JF%LiF5lXbQaU2I~{
zv|&cch<@4lnc!FrTwqAEqJ#Q<WyHn<#KA0Wmm(Nh5ckQu|E<;E1wzN6l-%vge}a$v
zED9Es4K8pBFUaXhmJXkV6$?v9^7dak$xtaUP*-5CL?ds4)EL#eZ2L09B3CrB!;!Ui
zA==Qc9nrqkKLM&MfAn0cF~*H=l>Vwyb{UCMDe>GIxiVuXd73Nxyn7Kid@08kJZ%B;
zP`?R9W&t}mY;c*TuLBuC4f@UV>`BJ};I5-@rHfb^s#}mq=Y8@|dXor@Th`%)_tWpp
zeM95z+`ri~c9T?-e0&O3$+t;%zb3+&$&=RPukk9k{9OP!^ZwTElHFy_JcxoGi(6r4
z1z*W$1W^#^L$lz>vyw0mDW2o{en6Xnsu1O0&Qz&jf4N7;3H@NU<lW*wPV-R=ZLy&P
z%kl>1_V)|J>!ehOU)%E^>00~|#nrp{&!#`HF-@s@ovytVO1n`%-udalw9-UkKABEj
zr~Fw;>@vBH^C9eZ+tBkSpXJW%`c;%|m8(a=?SZj%OJ3VeytM2I=dIVB_+3q&DmG8F
zC8!gZ{O)?1vDWRK5caSw-Ad$SIk|KB&~{M7kjtof-caDL>)GC|@ToiaooxciQQ({>
zWZ<o7{ZXXI{?F~2i!ftcJO-JIx`V6}ZuKA(nc>9%h=syx)#jjiT7Rm6`>I)YxyFzK
zrkHUS0wg2G?KadNyayduHyTAoYMy5&y&GDZ@-rRGKoHR!uLjCS@Ejw7pR&8)2GHTm
zF?P1{h%HsGtuukPAeF*G(Jmy}NvU8@^kT2j27!<C!Nx=AQj@%3TvP(Y74&VbY1_nS
zTe%KBf4TgWN-FSEy)(q^e{}i|#|q8A2jKE^NOTq6GdlL(M)AWLTkb@xRuUXIj<{JJ
z@r<zSZNlpriO&gkj-TLIGb;~HBZ}&%b2|<iBhlT**?o3?c6ESN1&oxt-S^ee?W?(V
z&*7d0Lz$#TGsKHS8$mQ^2~jpH0Ln=Jk%WHk#`(eJ5Rk&Yl+nvAKD-oP8ebno-R5>>
z)%Uwi=+9Yw<A`J>W?bop?pffwM;P<l@l=WB)s*28lIZ(Xo&Kjnq_5T_m3bfhJ{5<&
zJTj5G|E~A{JuEyKk|i#>1cxs3WKi#n8F?16h8{=!bB^2j;+%w%*2mcf%T1I%#sW5I
zdAw$trPXdq=|>Bn8rFOssbCB!rFYJ;I8#PI-p1WWwzrAFhTk}?&G5_xqund!WGzz5
z8h_Y5G4Cs2PNfcuYgB%_TxvN>t3=?wg!PMk`1j=75~nufV0~Jn<vWENR?s+!xu)f(
z^MO5y4?87OCUK7cVpFt1O@C!cs(f@P)6Jy(=dSfRbQ0bFyr5xrjR+VQS~r?c9slv9
z0Sx!-x7pwj@EQJrVpeHAqHOVc{VCb$*M|qA-#n=npb>c5L~rpKYD%9<&J{?U6T7oz
zo&KFt4UU$uh1Ps}x8iBPoB8K%vLg2qShg_|5~bk85Vi{1s+87c`9@F+X{2L!?9!R?
z6@U2-&PbDDaCI)<%R;)^x-?XnP<ov5jRpJ9>oE3?94qx8)<Xa1>pAW7Hw^DVHw29y
zm3IbH23tgj-l99@#9Q-hbxt({nTCb`XeB@G-Vj-C&9WF6mp>cZ7=ccHkY{}1pA``k
z#;WSn!Mi!)P8dRej5fd<Hvf%l%ZM*(c;V3+l6Cm>Qd!}F1QpD8I^TiC2Qo;P^klgA
z2Y<7k*QP|HLm$@{EM4oeE4M1%Ya61%FRRh`U%g5`Ut;nKuA+xX`L>)tU7@~yS(+Fn
zFKb3AYaX45|DuOC=)On#G4Gm#JV2|Y%Q~Y2Ib@22g{Pv+!|)ML$^EU@DbJ9Y3*d77
zQmTv-m_=9^U%1YuY6m#ZDWsxURO7RNr>JA>&*=rxQ}6rKxc;mPU$ZigN6)OK$6FnW
zQ1E>$5%cr(MB*bLNqRvG5J=uiBG$@*eV~jFjF_aS|3FSMZWouE`2?UaTMOxzA)41R
zaXldSBCLlzhLLW)W_EB$RK(`7HuS0brj4#jg_`1DGPvb6mKmy9x1V!8ZVS=wRsZ=)
z3%wgCO#Hww7;)m{!F1ny*!{2fuzSnmwBk=<r#)jdAXRhC@$ZJ*#1(QAWWZ>L^=FAc
zIK3L-{&mH;WFj9X-SATw3VyvmvN>h*g2gmW6{Y9K^V@arJnZg`^xs!rcI-tUdu$Y`
z^i=n!+ZWG(hxP?bP~wY#-62p9fon)C2aUvFOZBh}5mM50Ue9Z?$4)>x5!xirM!mAo
zhKgN^v#qaSlLF@XRNW2%?jpwKK%*<gBtIJIBZM+VAH7n|PIq42+W1G{vF$w>@HP>L
z&u-LNc4Oz^Ugx6@)7?(azsg7niL(j~=&UVj@G9%)BXa{3O4e!hG*;+s^+A7i!k`P?
z_VyJ*Y%6(co-&5)G>jy=wt4gK*oUbsqv*z@eX|sPNn~TTyx;KGn1mr^HX@uPd%I_o
z>+gS737?0x!k+4gNsvYhT}N(oeZd`5s!ICzxo24CMx_BO{YVO~KLf+qJ4oB-!)Ubb
z_T;mow}1;BJlA8_35Y*KchlLwLmUSsZ%f^7B0*S>#TvL9&&tS+^Wj+&hi!JN_Xv<O
z&hMH<^zVT`x*12Zcyhsix%yd9s|0V;JIUj?^#wO6HA%zEk#U2zi@*m+_xA-Tm$r0I
z141`dU7G{ww30!-(Quq?dT^I$mjP~!?s|p{vuQ3fQ^Ca{<Fb)L21>Of4VFhVqToUE
zj-tzBO%ILd74+0kOm3K?s6+Ahay7_cx(RjW+<W!jRz`@4h{@~4xG=>PeL0$UWn3v6
zdo5E>LR*dzfTEcU-7pg6X)pvyHGkx270+71Gv?<+^-el!5^LUrbU<N>%@~48et)vh
zf{z83xWe|f8YkRV*A}iQU*R)A?=ADUkl}U6-wiknry53+RokXFNA;*Ee%VYNc~pIe
zYkRaOSQq^i`twVDQXPtJjG^P=pBqNsP4}^(rrxd4qbNVjqIZe9#egwrjfr|qqI2W^
z9U!5;V0%I@ze+=t{$W+7&Un2`Zm`fBdaqSB;FOp*3U9-_5P6QjOJ*ijZiD7;N4d1R
zq`&ABj;aVIV9KPIncYV9yl?*qi$&BRc{a1p3fjXo{__V5`*ZJXcT<WZqG8>*_|@aU
zdMAQka=wu5XSpo9)3trUh01(N=!ng2&N%+&CVb&(%>Z7wRLVq`f8EQL32wlZb-fv~
zgZMaesfXO_qHR0a%@u|Jq;GJ{bCbwy`##Hf{z>yi8k<l4f&DymXstmZ(819_?ftBW
zO+EJx0h8l%CV6S)f3IS4el39`(HF&dY4Fk5nKsjCbOB4Qmh^oZmZWF$@k>=tKyuiD
z`;PitV#`BE!nbAG(hNbLk@oWxb2YAF{@ee4TtAv?4%p`M^{ja#`3ZH>TqYYtUEZ$U
z^t*OSFt}1Jbz7744@SpX&=4K_xNO8SbG0sfs-!wOG839O=Ir}&!^+@?CRFH2-GNP9
z8{}X4wIbTG1@mY`78@gTlK;LEq_T2NGCa)cv@m8eF_-OWdk?2Of|{07hrb)r?pyf#
zTACi54BnK?os5t!RH^I>glHPxU6fMZS)vy&Tnn{9M`(xPxNJ*E@oS>MqVb|Ul^NuL
zr6C_|{n*0#N~0F;$k!54!-CVaqhoygKK32l8?>g|0{)qBW|9Ld2cq7Ljr2p_tQ2by
zYEV3~{^vrKmnCiK`J?-E-Tq|q#%JY0J<jkq0mRLo(~fcEAkF7peW9W+F<odzfFgi`
zNssVz!@+Qjyh*ZN=eqRti4^JUot{ZrPuyipFTDle^$>YB{LGGEJh-vHc<$vKLW4P{
zc;QS~TSI@#XHA2<e_Y9UL$TMM_c$-t7Q;;`reOO-6HH3rg+X1eMll9Ptz}1E(Tb}>
zwgR~=#%y_@I4dRD`bRHcEXVy@ewV)E0@9Fn4>tXw0r*E?=u)WgvM1H0CSQR;aP+Ls
zL!fF9laAaXi9|g9nK_0{`c^(P`0i)`ANG^|Y}7HVD!66zU;7ot;XLkLy0d4(uJcLY
z#KlLlp!Jr~?;{u*HQ!BVA(_O`;Kf-(O4~`Y7j8Q_fKtX8WV1;Dze==6-HYi`S-_5*
z1@Q1WXxc;|uS;l!0QPK#5O$M6AcpJ;?S1pb`oC^FMf<<wkODvHIJqg4S)oZ@I*oY*
zqdE`Qa8<mrbIkqaG$vXMik_0kFtCPj1XKh0?e2nTuV&#KZU+S`v$5X~Mk6D$Uhsgu
zreCxL?b>b1-#y}!92l@w4z4@+#U|NLd5bZF9>>F2UTb-o8tccbdoTUd@){alt(Hum
zfAeLJf>iG~lv#$^b`R#mQ!y8GM`PbFj=vP^R^4Vxv--!WEc!kCZyw1FzksOA7%vb1
zu~LI@75{gEYm8ma&bOB6(xIVc;-_?TkH4yMM1Saxj~BRPa7`*SxKwQWnJ9Xguy25a
ze8YxoHb>HpwNnBgeRMUpCCq#LDI&!7PDo%b8ZJ|?iYe?6Gf3DJg)<+D?fBho9+gc`
zUwoTNkOb=0F$h4MVfq1PU_WY}TfUE%0MzwYU)Ll`z5qTcFsXr<#>#AFcFWb3YTNmV
z%rJ_I!V=LA_u4mXyLLdPo?m3h7Xb;6ZLTcCS7!HJKhn1MS+o?jHER`<U2N_{mSm6M
zEeF~~h^v3v%k19AgJ)2a^+|1aS$S1Pk4@UVi!k;u;MQs7vMHbjInl^CPW}xvK@`|B
z_~(VoQzf+i(^e2myzLUxNNf{*bC-7m;C=RI5hrhcTN`bKpsdS4mcR)UVz;gB;ehZE
zre!f}o|R;-YNOT_l{33L;N>vOYuRZoTUZ~WSM~NV(QcL96r*h<VoO2fc6;D(!Rh(p
zvO9%-RZm~o{)vPZUKm|aW|ACM(o2vxPs2p7_ZLakO7)AG_l{Blb!f?p`wjU7IZI|$
zdh#y0A<C0=qS-*&H080GZ#6F(C=Pie$Wb{KY`LD~Mk@^@ZL>?)(WNq(>2You!Sc#y
zrndn2_rJGM{86B4Z2)V(bg%?;vWaYYEv}}l1e&2>K{|~#a@+#5l@;gC?<{(>{Xv+J
zbz0log`0`1^c!~ubQErKxmLF<fTV7~L>W52ECAZCxV*-DA21yPhXpsGK0~?fbCgc#
zefBCFj~@$UG(fbV-Sg~c#BJ-5>#3`|_DpN6xAylI5C50m_B`f^VjO_vFHDX{gi^Cd
z*i=~WQj0A9c5SkWIp@Er+@K8`fdF`Y(Q++I@)?$?>yfIc#n}!yz~6TOm+q<XRe-l$
z@J$R$Q07{Qbl3ZoJ`t;@*qscbmf6D|N2<w!MJcNv>p1R8jts;~L=JBpa{mRg=xf$S
z#VV5j*$gmWbBQId=rSTTqw{mH8Y#N3J9Xb{%cusoH2d7W`mzQ!Tk6uEblHMp<%J?E
zsM-&RtpIZ`{R0WcS_~)e{HSF~#DkWDJ@FXquMzj9S>`M{Xq2{Ol=yJIyjBm#?$&2)
zZ>jQVU+cRtG?ffw*z3vcY+W<c1k^^9u#cROtIv`?b3IJSJ9(KV83JqMB>$G$*3P(+
z7jFD!+j2>3Tz>yr9e3;w{a47=E<4|hGTiK%?rsu(2QNB}YTAJpjbUEz{gpNx3*K_(
zu>&U9x1sn8oW+=0#xx>u$;)c^<rP%4%!($}XTU7#-0%RGwPd(3Pxi9m`H6*@Cnw#9
z3#pIU4X{zbH#s1dafP0=xdN%otM~)FV&6>u6*g#Z@;`foI*S24&?PP7$}Skwn?NB(
z%P7Bp*{YPmTqh*>U~gp4MdW&U+Uo4=?WWBNRieok@K~~={!;=u_!sQa2zRUidJj+i
zkwsj|u*Vp>U7YvZz#36?Bx_vQ@n+hqFO>MxTgu!!7G7)|f9cFI;+^k@Gx!Ed_YYnl
z4<Ea9;I`m)Y5*1_%07K1{^`npfI2YU(Y+Y#j=C^NXJ#=Y<OR!IPg^LkRJ*ri(Zj1_
z?A)69f2X1&g0D*>nYu+6r#`y9uc6y?P;D`H1jNO@fD#2iytt^6#3+E=9?+<6n$Gx~
zvOb=ldB>8#+$UN(Cmq@CO#>+KWRiVexw;jLXQpeDV74wA@-eI@8(Y9@V1g1uYZGVS
zweJ6PY_Bk7=@%Ywb=2undp>GfCp~}P7QFvoTkxKSg=uAl<m6>n_LnB^t0mFP6PbI}
zmb*l~_<p`y@f4b$Vid_DD!NVmBuLrq8b3b`%(^+DiW3#xmy-+4XxXegK*BJ7h9|3x
z9+#|_v1|MudlT620&mfZx^>Q}SN4xEhN9xN%<wriRb~?g<rf=tN9}atGSm;pOffvJ
zuC?l~yx(QX1&#gk8>)_!HLOs{>_wSF4S9Taw}&qU$<l@-Ol)*P<CZ~if{kkNV@V}l
z?uQj`F(st6&YTqPt3!j)SB=oZKb|vni#eJ+MkUNH-5eKrOG?HW^bqDezVfR970{(#
zeMlo~`H^^Sw=Fq~#muj6j~9JXKaI4Zjp>jyXI9lc+Pgn=?tsk@Db_KjJ{~UXzqJ8)
zG%#sF{BUmu&n?TrzDxK=f|*5$wTp%O@$imQ%cr|9H>l=}>9bm-6ukV_zyxvU-q5Dk
zR&N~nbc=`K<E<3)xp$pYWoa|VwzjzI-L6X2kI%~HM~vA~vUO;7$s=_YffJjiDsN}J
zNP<vn-fQb)xj%h>^YPU$x5ZC8>sGhtAcYetv=$lag+3J1*MaQ%N>#ZUfw}2z<G{f>
z$hBX9EXnI;<StZ<o-=>kJR!lt)u@&074N>CRzTxF1g1xi(%1$3J;?Aeovq%M<d5(_
zxsj*nB1jJ<IQgk|-)}nI+lt681bf2w*AWRxa$$rBtC67rVds!Wv|fYeJU02OFm=Y*
z!gZscGZmj|u9bk@p7SE2CprPEbyJ4#M5S&sf?xg|UcRy4Y|--YOFC)m{wqu&>VZ$t
z;BfxL5nvBYN0-jEbHWY^IAP}nJA6j^-8=ct4Y7yfNB(=9J}Dq4N3g^z?DUbo2Ysz(
zXJ@+Kc-L&!{53Iza_#Rdg$|nu?fOAgLg4Pf>j=~VrrSdsN*jg7>2QQAZg8CBhMD7Q
zc)l?_St^&zb?vD$Y|cT13EEuXQ#z~@t#~%#pE%E?Ln2T>iTg_b{J%>7%*rCnl0~9_
zocM{4l6f&_A;-(s^<igzRbAgQVa^HAUX*ffC!VBKe1=iMuDi=`q9Y5=7=`2XHv58P
z?{}nE6};T-%;X|_!`%m;1t1acX;QA%p27GOh_Q27j?(fP+wjHrwF_0f?N-0Fl!2bl
z@t*i2RLJ&6Sg%#8uQNtq))K!~q@J!`r8pt%sCP3lAZ;0R*5xUgi|&ni({>HIu3RXu
zEZA`HxAB4QkLeUODwVL6U%llY_NnzxHzw-CGn(CTCzsm?GV1w1_tC|1Ca!pi3GDsW
zciF)R1=MtDx_=*6!mIuw<XlBBA*w+qY@I&?t^8y=7L?MA64q<+-vA0&Fg4hx5sXC)
zF+u8WY|zam=3HLZ+m6s3s(k04;Ko)`NI#_-!OXD3%tew*jDbQE3!gv^jPxaz`X#m=
zTwoy#{&pnbeIalw80ihkNbrWVuDJg`>?e}C$nNW(JMQgKD}puXdP@9N*&lSgJ58AK
zLirO2o09Wg8Abe}vEUq^@OroP#y9O+d7(?1oZv?wHr4MWsck@7Fl3b#(wQ0XZey0r
zLAZUsOj0r0nxkPOXUikuSht?09Xoo+xnlat7UkLzyXae?0*Uk92;7rUqQo`+<nw9&
z!ts*Z$e4QVVogQFp{uZ2=jr_22fg$`K3YxLKd*AKbYpn+;X~1U085w6dbdIO0b|?%
zu9cV&v*R@y=|aN}x{rRm^4~qA$__G3`0c3$q6f+y>?><<Nfw!aEZc|s58slIckQ(%
z+h%)Z=UMbYAD3MRI*SrB+wV+4)G}YS&$I#YKQ5UzXSJ>xm88V_P9?uo7nCpJ=~C|t
zOjz6Fq*ya{Y0niu*(jC6lWpH^WKIZXt2BNk^xTKa^hC5{XNtfzjIvqSbp{c^K^aMC
zZ=GUba<8vq@I6@-uiK&3<^nFw&Ju|*>H@(;D-Vgrq837B24!)n>-c-LLpkJL9N6@#
zK}{yBKL;3<4*bNW6zUuEKQzcAnjq1938J-uB$}?Wg?s;}N}BthDrwFgGz%i5Syh&k
ze{uZXvh734f+bDdXJ<Hbv(9#jL7KjENg$J$Q(b_PwnQ40fNP)^m5eH>gTV5`JHjUW
ztA`|dowO^$jAdPWiv1>a^3wD&a)6;D?6&AQv9SFf%t)#EL8_avfOk$-uGQx`7&&FZ
zWr0^EW8L1<?<=ewri)}55%!ApG!?h^zxjciX??*e{eosEdB=Sp=+gSbw(P62W13dq
zn_$`7ii>xJ^zhOHi5}70+a5({m#1QwUz=gcuLA5J|J`z$XdD>g<g<KEp!X0D5)PhI
zHka<R^&&RJrJGCf?OhRb`9e5QeBDv;6FLNYY{CdY95<U(OCbwb$VU8)gX4c6j8DbO
z-t*-|LIahDRg-1vKBL78UVkW&nMLg)Fb}YXtJLSa|BrsyiZ{9Ny6$PIRbuYF`;YZD
zqHnwzj16U9j{N6pdFEPPDn)TmK7j7YhqnfYjAx8*h8D!=AubJtvWWbJ#e;n{jF*oI
z8R*NXz!-n?NDWlcrEP(|Id<h%0fg-O%r(kP=<h~Qw|0fqTpnDul|$V=1T5u0Pmwga
zbT_Q|!)h}e5xjNvf<<^M&^b3vi{wjde7V)u0tsK-JxJt%;sa=XvVHeD;Yl8pO~~F8
z48}5bNz7pRmwVc<KuNN`#OPP5&0Bjjx(`vwXHS$^*tEdfU?Ivo;nBv%b-g8{b7-O}
zcCg@qg1}Nz<aX0Y29Vljq>iV<!t;^*e#zTcGMz8Te<VQm@Zo>DBF5H@^7>ZajK1+R
z25*_Sx|cXprI+oWR71CPoJG5u))~zSfy6wkApHiBTh`zQ_<YMKsf`r*oRf^KoT4!V
zqSYt`?N3cHHuDnJ<q9H`_0em7=$H&|P#C_n0`$nn{5(Hi=W%Uj8j8kfH~-Uf24-w;
zkjFdg!UrC=VFtG|kwfaqn#Vm;!<<6R?36%Lf(NH_<$4>;7{V0-CIFb@KVFV93olZ%
zMEX||NUW`m=BuO#s$Z`4FjGX9HLXtDwnxRode)zx^aa)z9R&6O1bo}z>!cJ}Jh9Bz
zw|}ao)3J6^4t{Naw8kLsM#+{vEmR-Wlc|IaDF`+-t6bP1>qtR##^MY!eT*#Sl3y+<
zlVJR9`CSyVs{iooMt^WFRg7yRvBM_bk|F{QWI@Sl;+B5m^DV>A7afu(4Q!m{LOL1%
z-c7LY$GZVO{OtG{-V<~7^4bCK8*N_uf~Ik2%u8Q_4`FHKHgIKD#50#n7i^a5iIDec
zb@@2Q1`y?cTgxxY`AKf=ZJxqc{&T(a#J)&Q3Q8|5*P?|^J?vGh!LX>QNXB0Fd1cIR
zcVdO6cU6bPHB;M|X<!7U;r$aH&;Us`^J<X;9-}-)!Hx6Mn=u>ff^}o(nd;~_*UvA<
zQxi`;8kRxkcW_>%sa23)xWbtCQ=*IEBM$AkOGa^WyAuwaA>xdy#jQ71rNN{tN&Vl=
zgMQmF(Y3}&SA5E+kXgbN0JAmqXdV647eS*&w)9vClrpZN%5T5?=VW&GKD$nC(~pDg
zaS3bgK5Gohy@R>gBrcmzD0(gb+0V|%%VkfIM`Kzu)Hnw#QX<PWj}G*@Pqn@woxhfb
z-q*YN15i?OpZUJJ7uobBKE(o1l*zaMHCb*o8OzH3Uj>i*9hmy-Vri=FWy%B9<e=nv
zfe)2?&CkXb2<pPi+Iz~?oWc1v6;p4Vi`+BQ6oz&#{c9q^z(7syFAWoY9#g`fe>6G#
zVLXXqJ_8()nGaRDy--O<f5s_@H-ctV)?5-v2R^e}YXS%D0$MwWM990j?bE1O1UG3K
zN<v`HIikfJ5Dz|=>2f!2#4jRigGfCFB7n}r`KL!p%Y(4mbyfj`4M!W2JT_O~ng`x%
z_L@7{4_@cDkNN2VLs_s{qGcGG!-;!++!ptL`nWBN%Wqc|8vmJx#m#F@Aks;wZ6|HM
zHnuH<3jnR$gY+>UjzzV{5!<6I)~F^a`^u>c(Z(?^zoa9vZEBu|kP_gcE(W8w^Rmbk
zXGC=%TJ%y-8=xLJoqMT#qx-O_+=B{M30&3X4fe*<KcHJY>GMAEeWQXHaWxL$_x`b{
zX<F;Q&!O>sM)~WnRr;eJ1qfNM0`3asm>H+?d_IN7_so1ivm3Ycsw@6jiWg*^#s*fI
zwPz~Vjk?%%JR=daxoDrKMaL51#T#AqTe&~}J|Y%}vk5aj;=6sDd_J`$^Xx5X_aIow
zJcork%}<H2X2>tLckEe+=#|){1~dCo0sWQ`#2V^Co*~xzq0%$k9AW$bLBQ(W`_U_O
z?8z5V@obM+Z8A!vWfq<Rt@8OjpXQ-P{JLD=<4er_bKAOd$c;ZzA5+|h6#5!}QyFV@
z&t!sIGo|0{egqt<0JVRhm^{wZc*SDdoMAVIG`E5+zwH<bavAp<xNqLm*HL7MCLfJ)
zy@!c5MwYAY#FbBWr;V|5;4rQ7_@}&&iX<zg-m-t-wYA?mr^-utK<Kpw^L-YI&yk9M
zcI!SUl}%Wo4_kB`&}{9xVUj@`@D{VrvP&zIk`;$?tV|0D3Ru08mEGdsQ2aZcjyon=
zwBW~s!uxX^HPo!D@B@Kf8WjR==n!*`fyNB`{%&6|-Q9}B2N4S;-0F^U#A^F{CR*`R
z3%_KuKzd&#`J|1_)RgrLT^6FZ^TBmIZyn2cg$xr2D)$oXU43>{8XSAJ_<HG&4x8gS
zkQ2G4h)i~{dM~Pf;&U32C=d``j<~lA$4&eZE}fH9x9|LhmFU>VqhZr=RWN^#k|CTv
z>5nDz>?S+`Ja@{BZC^aG`a7&6O5ac33SZzkk$1VztXWi?TZtULJE$_CL?*o=qWmoz
ziycsQM&eR{eY*1_F`Rz;_2n2dw`7?~3AZCMTmIN(y5I7Y4^)UCoTYJske6v{$2`BS
z)PG4GWZx9DGyZQF$(V5R_9U}h=0e>jr<s0#C+`#U6K&__1Cn6v`Em@E+^3TOd{KYh
z(kO0G+^<n9mog!M=~jEO@OAk;!dOOf*;Vg6Nvd#a7?G&k$&C4Jx7sObEA+Rl_uAkX
z7)#G#&+1gqLb(>ce|f@!edXs50A^&*bBNeb&K0_-xKub~WHM@to4n`k-oTt_<4kSR
z1%G_wI3o`%`wXz;mde+!xkZK+!_pcC4-i5IYkg;-q`{56jMZJ#J&k~pox$Rq8MkUO
z<&PH32@OFM{9C@!?#)j#5QCAx@vXw><$Pw6T`PO9wP0iP>ri)e&qg&*>t(#b=AjDs
z%;9$QSL1f6TWH(s+NF=45+oyWFo_~*ss4Uhmo1aA6i8jldKqsP^cST)fkc;b^nO6!
z1^C#xYP}H#bvtA&Hbq>Y)s7mKwEeg#hTkyXx}Md$_X+@4*zRl+!^i9e{r@5K?NS@E
zqVMdxy`79j#&)K@UI)+&G2a%3^ZG{Kc{cLgq?{!wZG3z;LBtvE{Vx~2Gxz;#WX?vR
z#=C>XHR`;GD3^VSswZBO18J>rV2T^L!;6Y=l*nl1i;5>4P*RPq%}Te@d5qEgpv!|j
zjtlN!8wTxVLG!|R*PyW{;y#=3voG;9(4XhXTB|>&JB@WO7~w6v6^%W==Zl`WH$Yks
z`yGeF%A18KJkpw1E$7&~*tB~anTAb}SMCOLu?O+x365I|1J68yC@lE0GBXi>KKUI^
zTIVi(Wb4}{JMV4r#15uhD@^7q%fD~(7}s8JdPP#-<>)UT)fJxBlDaw16n|+Io-!@Q
zC#3B7*}8RWeBUVb<u_<_<h>l)1~|4sqg?H8SQOBOF~bwH12`8|%b8?yp9v1r#P#v;
z`;g~7BvZpSJQjqmJ6M<4kz3y1(dUU~!t((=LbOf_O<Eg~0AM#!?m+m0+YbNK%fgh0
zl3qJAVw?1SsE43@bsmY5{Xu;1#vtFpH<Rn!9G4*%|5;PN{-1>BwKKE=n#j}M5=Ue!
zBJsS59?crSXlLTO__wd^qynSTrNY#gPIw$|kth8eS>4qaC_E5JnX)IscV=GuT!5Zq
z>E0Owmsy2H=Q`y8sp>V=w&{99?j+su>UJcOs_#wPOg`+}*Nv*XO4$2*$sM8Np6n--
zr0wG8$_QXDh<x7|Oi<jp-Q(TSgMGwON#d0J%&hcPk9FF3PcaE!DW$mCGr3FL{rfN?
zUL5wqXb@m=X=&+ZRhCk0wW4cjiNe*D)-~b&12YA}&egT8tL;iVcXBs99fEc-V`;9t
zJ7`sK{i0cjolI8AH;%CZ=HY&5;Xk{1)cfVtkOgZV2Me@nGK++Li89mh#az~4SnY8E
zm~c=P_2x20Z_~_FQ}x_spgL>awnv}|o6!8n#sQqe9RFhEhP(0~|FkgIP4|<Ks7*HY
zZ>s+BY~tsJq2afdjUNk`sXwT6eY6}4_Wb#@O*k@G^2t-u2(>?T{c$58Zx3-?;e1=s
zf=~G~OA+0zbC%*uy1{mt$1W1Iea!50Vajt*gVc~;^C9GUcSS|FiE)i*7AmajZPQAv
zG3i<x?{tGTb+}653DZj&Qb#+{0~8!Z$6FZRm%YfHxJA3$)|MQ!vQou{wM$~rY_V4V
zA&sDjn^<h0AaUX25Ej=`M}^mmUHaseNN8di=~5Z(*8-Y7En{h${f9DtH}W+#<?RJu
zH2uZ%TG~C2F%)F2BNBGG9kA3Z^I1@Qs@{<G`!f!gk!1zX?awB<j1M|ro(G#Nn|!OC
zd-!#8E7K^zsT%RxCSOp5SOC5?h0AsI^V|`n_WC>bTwF=e;Xl%X=>@*LL(Kynk6(CB
z?VA2QKl%7`&h4674K4|(Zg}Pw_}*7BhlXBhF<0S*mU7j4n{<8ldcNoK1WzNop&Fvl
z@@xan)~ni`<<mz{_qBD_x9~@PH|dp@*4=K3yw;b0Mm%EWWrIC<Hxkoz-c`OUm1%@G
zv!e!k@{%8}<)>b8Lbf*K)U4Kzuef=zUt|aUte{&Py5U}nG7}aMPB(<hYht)8eawOX
z2mQ`c_B%%0!UAi)Brgr#(~+zd*93|HPWV3a4bnnGi(TAT(BEEjDW<bsno?oq#{Sua
zir~7gpxIU4=W<v=y9w0}8LrD$*C4jiQ$oC5v4}v6DB+QWA<7W6Y@<QD!lz-*ttN)y
zLQr=oDZRdvFc_!Pt9f|f^j{gRalXd?Vec)Y;_8|<;b6f61b26L2-<|;8r<E2yKB${
zcbDMq?gV#-MniCE+^u1nXJ*zs@Au7f|D8YYT6^{CK4%}hx@uR|Rdx2}2F4oPYwQeN
zeyz$Bs(4n-I#6dqvkRv<D)!rbkxnn_tFansLjW<vQ)zZ3Gg)Kor!go=&-pxS{v_yw
zLbGINHszs~SFF+^xpv_$+HH!L-|_U!KB(OhS5vGFHopwPN_p{tbpeg9)PED#Vz6ze
zDR@Zh(CZk0{pr(vZ7b${4WF(h3>&MDg?Cl^N-nf#ZFP~KvP<(3lRVP!QXOfLqmRMZ
zNxZA{V8CaAM9%EUO8*3VH}TFYVfwM(sj@+|i_Jpzh&0$(2$NSs8cCDQj(x1W>=5;<
zJ>1`BzBps-_-l`HLmO)L#`ZJ~-tjJ~U+a$8l}Xb%nmG9Yz;~7v**bFc3_XoUcfFgn
zKcpCA>QT1XH<rylaUmVx`#*Do{4P`h8Al)j|4b3bwF|7DjYc2G0!b8^pz0=Pwqdz{
z-@rx4T4Q@J;C#1n^`<jjQ$Eevk&t9kN5+QI5|3pXi(1X9NE3f@O>=^aAn=}03ZWvz
z6|$<aN7S$BM?oBL6k3T=x<*NkNF>VPm9>I*6*V0biT5%Z=vY{xWQVD`HTh|d+t|dJ
zX)u-HmSDh40&wWt(p9z$_iuD$;!OdTwP)c)sG*S1dNM0KyFQ&ZBZ#Pj5^!RFA+c*v
zBwZT(B#+?Qx5SCntV>z>j3mV`ErWYZyTYjFZnm7I*-*)SDGnwi<XXgV{Tf!mK}V#P
zRI+k<q!G8NjUfrflJsp<X$aDB5s03H%mc2wkwMF-i6Um1XcXP{YbRYY+h!}xP&Hrx
zYhKWlO1vqIC}reZD3j>m2-Qi;JN)1hR^ujOO>L#u5`!P*$t#P6;a%YtyT!?+W!Ue1
z>19$WqX@r^Mh^@g5q2w^Gw5HgDM<II%P}4CeuBc^5oZg{?a6ChF6%2_no+a;6`obr
zwfNp_@Z(9URz(ZU#JR_B99nl5Zr~lb!e%JKOb$AWss|OMFk4Uw;DsW}M|YSV2_nsK
zyr6-<Ji;{hoke*l(NMdiZTGq;Ha6ej*AkOgyp$GNX_hr)X3a)fvty6P4-o|n&e+~f
zSt~8Y?6&0;(LC1byU8frSf5YruGfq`Ei>%4i$rD_jPr)Y;c^;-l{8TFl~Tfd3&a5`
zA$lZ_X?%)2PfFE^G1$R)Iyao|$M5?wpMQ4iMW)gCd!s{Hny)5T=KA_yfU&t}m_PGM
z#zj7PmgU+Qq?7XEM(hBa34t+4X0CAwup2347!wE3vnL$fD_{JYz+cpPUkg$jsA0O2
z*VsT^-An2EViwvpRG*de3`z;K{l}Ei^%@BIZvgl|ktt%RSAFXVv;(oBz9_9xEYyf;
zMQX*?g^P6yN?vh#)8P3xKCekNBro(mONi<#>rSf4hPKYOBkb5_G&dBcIL8?%&@YZ&
zW}jXTw9S;trw}XO`J*d&K3H~=?CMpGwfK4p2xDLRbtwD))m>vA1w~!j(b{4bu1kMN
zT3lyADnW)35F(K{3MUER%B5In*!DPfqT}HL=nvu5A?VL>7>t~QQW03(RHz~?gR@uV
zljkdJ6^++Uj&2A|W!;eB9qxl!#Ur_cWisv2(yb9oJR1yaadb=i3>sOx31mN`oTdiQ
z{Z?MCGN>-ALrMf+))(h2%G3_)czZz65#APNexn&kFXL-ceK&Jdsy9M!MY!7jj=43>
zw>}U{Zx&>ub*+gao+fzY6zq!WZ3n!d&A@(5kFJSE3duTXPT7Bm(`ouHjfxQ^x1w*h
zu!5f?;f5oL@{?foH+Vwo%Vdy&y-smsu^U}z#JP&7RrBck__AD%<y&mtkNY{-lz^D@
zqoK!@7Xt9`^LI%EX;RNNeVe#F?#0{~(thc$a|tdo3V~&YPdQ~}K8+%~tb8F^;eN31
zHkj_?2gIMW@byk|LTI@k<6)0+AhUqJWbv@=)3P&Bzh1#vTDNbwW?&TG#_WEfIVxA3
zXZ4^BGVh;{&)V|%w)~ROPk?5qRG{pqT!N)Ci<=7_i&S)}(#h}$hd=V;k&aQleCcfb
zyXl}hoQA%?1{W{c>aS`p%<K|-;foYle(3<>#jFBpoz94WY=m%_I=+}7*AL5iv|5?b
z&st7V4que#RhYFF7v7Tts<CMCq(>BMM`U!RKr@8xe-p=WN^?3zW9E_#)IBn@0>q~1
z`jI`Dr>;03sBm`+4TZjozgFnF>ntjFt=@e~PI#gnQ%8#+j$2OQHZ|Y%=+ay8>?*<m
zm``&!&R9rr8OTaM#OL24tFhd$K$i-c5au^B563sy&U7^G;NCpo91{Fc@l)-`u~r{<
z>L`k_9KH~ho4f^5tT!L^hBFyu#ArmE=A0JSVI+w6b5;0UA=mjSoqDCCb?y}IwivL$
zch`L2bLCSnI9I&f_QMzds0F5CIZgqGi(0K8dp}SV3#26D$?`_1cUeh{g&6D^D%p{%
zc^Im9m}88+Zhf-c^{fJMo-)IB>~?gP`@McXJWXy-Sj-31MN_Rln*Ii=DJa)YQ5xJ@
zGa230-?V8q?U5wJ>}EhtRp=_<^-b-1=tzr*&{r>!%k+|dVDx8slGOdDk5ft&k0$iX
zc@ZuYx7#^G%(hz|MYuFLz(x}#Sr}|bOC8=NiK4}^<5GywOU0W%xsh3GR=-!A)5I2|
z7_j_2TlQ`u+cwIf4=ArUhVH5{hsRL}i@<e9$JnVVKZKyC!g|~W?yX?;%uEWSDotLU
z(~RfR@@tToG1yRF4`0A(3dd4$fzeXO3Q}0{$7DCf`F*0j9Dlkb<Tg{GDIfmwm~F!D
z#PNApOn{`l6|234#&7^RdWcxMR`ud5?hb84?T=rcZNJKCFuB)7<szYrf)rS-W4-})
zS48V{q)Gp(xeIa@EX2Duz<Knt@9#O5eGz!Hl18Bs7;t1Ha1g*Ssr`jEG>#cDp)gxb
z@~XRGQlfEVk}g5V%=)#k&__{1Uz#+V{9EWiYuBdLH6XAaT$&fNz_jE>M%|*9c=jj`
zBZhL9&o=!l<~D-FQ@6z+pS38n8#04GqdLyDC?Vp)mXbs+P}zVH=SE1G6!|p!xE8k<
z<O!$Z+<%!*47_S7ILj_0j+>Ud+t?a>Y^CnsO-~odqaEoYZReUL_#)n|6hKckjShWW
zbBZ8AaF_(!p&_Mcp@s7NE3)3_LDfRktLaN}jvj{|(~*+ir7B=5;?nU$A@l#93qTsM
zN6o38?Jm)(Gw?$WQ_eg;8xVIJKZ_7_kOT5&H#cBeHwNn(u<rFs<=W$Prnk()q1~|-
zdh^W~-Bl0AcwJOzEydhOKh}0&0PZk7_5G_`AaiNCY~9pbl{sj$!L<a%#!qy66g3OJ
z+zLa_W;dY>-CmndSmiw|3D-=Jlm6yaWil2jG#TK<D9E@Gl)i#2S5u>t;W9rm3Vd#O
zZCR#Exvmi0m<o3?Zk=Iu<~<S>pLMNd3sWtZG}{n$T05zwg9^!bZHi7T%T2|(8-vzJ
zWK6Q>R%>Tpmke(4-PTFeagfDmdWZfHCTn*?zu3K^zmj>**Oq{@RvoTYb*m0t8|5n?
z!acp`CoB)r6dB%8LzS+32X0^)v+PtLd03ZDVdh@0cS^6+@ghHSk~d+8A5!V6l9gdX
zQxm1D24$NZK3c13w65HkUq&4k=@&>khd0qt8`LSUE2g*$Sawo<TrQT=qTAia2R9!B
zCA*04VFaQI*#us8GNfI4Vk$|7wjh%%2*kpzpEB{Zw+fZVlhT68i!|m>3O{9aD?_0p
zEpF#QN@SDjazT=w{RDYlEBdo-%vk%mb?aOA)^14cwInmqS8~7%c5*#?30?|eM|v97
zt&X<n+A8QMU_FhRO|HKE&ssci!<D2qwjFyuRtEEPTPGInbh>3Il4B$Mvd@ld@_J1P
zaL9pu<p#7%g;%~Q;8jPc^T|z#`oiYRv{!qlDGjq2cC|a~d=0qxu~&NLw--)_P((}J
z=aO}~T$KprUu`NYhCMS#QYT475pa@s$gJDSYivZ4znK|48ubi}nF#!KM8oY~ha=3_
zqopID#i+3~krh<|m*K|7@Pm2K6c2N1F%f}W1Gn3%a#{vhGoEY80O;TkfzB=wWz}v}
z)PppZ*=l!pq1*7Iq#wZtN?Wlw^IF^09K$tS5tR~$Erj)Xs*C#O(|im}jdLMgI23X+
zt0suCG6j&epbNF&cQte4iIt+Fi?;1G9;pSC4Aw7hn=!yXspAi~JCC)050Y#FGpG!z
zHl&&+WZx&z4Z~dbHD{IWDZdgq%4U1l5$Eh)e!+O&f%@DYFh|*7I(#SwJNn=j?<i1p
z=7nQ{OEA+lLJ1s|tz8+i92=EBWT8c*>y~O((PUtK)Yyrrk&y(%<>pRbVKru4MtFI4
zl_oK#T-M}0rp1k`+z<s21QtslM@SdNf7NELObuOe7aftR{l&oT6#|>$g$T9oeR&%>
zQT9~KRIEPP%qKnXQ)*&~7R1J~DD%KTb(j}-qG5;6AWr_Z8H_U`)!f-0J5#BggoLKL
z7~F{`J8QrQboW@8a%!Zp^p<=m?T<G&HBsu~SE_@>*X`K4SBKRav|_?T7yT`-@eHp;
zFdz7$D#YWRzS~O>L4-m1T7gq|Ie|`PhEpd##hSJ!!%FehO3v1MovGt}U0{<UuXI~>
zV_WqXMDkO#CWE4hG2VKb+9e>kh1hcyqn(!ZkA+|FLJ_E|Fam&JX&-)5Ud70kq<jH&
zuT<TZ3#i#`-;}}4E8N!EIk5E8{W;>6`1^v5<aGwR35;E!ryg;G4G107OxTsoKwmX&
z*mpeTFzwV68g#SCC6KjJ9zK>pF5Kq&@S`GJ!&r6#Zq%)u<oEl)A<N$<GSHWa$;|zM
zx%08_R0{tt+_Vg1wdX}E)C#g()~cG2N+YndRF<_o_iLU=C~eyh5mv_`C4VT{-GVQA
z7TgnXi(?$Xx^*C$yUFu#rNoT!la{$gt9?-Jr}o5lXy;xnUvcziSKqD)lzY9wgBxU?
zF-fW;wT4GWuWiUsJvQ6Q(n*A#&|&}Ci~hGvtk6wmh>6u)MET3CyKGgpqfPPYK?E^#
zxABmWObE~4U>wnTAT=<sw&WLwx+In=RdXpRHj*VP!l3E$9i!r+Cg&*qOn^zscwJYE
z&Q4<~X%w9u5NHKFD6hcAUtkg!lW(iDEkK$3B>MihiNWpq!Yu)|V-Q9}18H-8MGM|o
z6i??RNqMa2dx66i`_rA)nc{;q(0+7yFbOaYnB>>67dN0}pixj{Japlq8%vK(H1Wf4
z<y@wK2+joK0O2ikhoy|VmVy4%Lix8O6E3rWtKZaL^q8UrztJZG{L?fJ4aV*8Cl~J-
z??TmCA<lymYj$Gzvu1R5RKNap^>B3}E?9PV06M-Sd&yLO44s}g^;ni9xRXdDl9r2<
z{qI9*pb{XQ+SmCLC&H@>H-X!`fRL{jtZGY6)EhS@qFg3$qv1z=(fjQI19pF|e1m0j
z|H84KLM&bDfaf~=mfLBDMOlIkY17%ti%P+2_I8Gr)>P!S1}jHnWJ&32#?J5yEVAWQ
z#FL2~?Ol1>!xtslpMWO+BN?XQXJ_wZ%I?yh)U#Q7V#HXUS6yLN12B%h6**2C>4seU
zu>sS2k?}SJaWzKPZTrWWZW_PC7sPzKeiH|Di<3)jjCvQwrTB_<K~B%15Mj|@Yjut~
zqetqKtUQ>Q^gDW0u50q1%feunGPm8K#r&)W60nn}qM~C1#3##=)4$tDWJO-enQdbN
zdBvSRRL<#D6Y$n2jEv;HXKijcWyFvK)MII3J+Z6SgBJCgFl(DWgacs|JB)DsFIVrC
z`DWh}7!&F6EQqY?ocvTZ2Ua)7>y6AEhj(syG2ocQ*-B1dY+FJjii)3K;Y=#p8JOI$
zA^wP788g;%*<xq0oems139nmS(Ck-AiuX<v5}*uM7|>TT(EPoJeqw&RR+Xf2J9Y9I
zB2qeYSUQn6EKvwanRVRrtVR8wmSf&e2s8v?m7sbuLAQ}aT&dN<5O+^<J<X(!iXfJ;
zN4u4$s!G9)y`-%>390g^jXyj4XRQ18Zz-|g3_@711r@?0TR-cx*q`O%x=j{tdTl|q
zSU>V^j4+X6a53N{otgBe!~mUtM#emd4(!3BIJ<YU(F+f&gA{h*qz;8Y5@_SgbfQHW
z4%?xxRm)I(8!2!i0vrBDN7tzP=Sj|NHoShahbP&deWBy<dj4uKp%Bz%uUS<c$$^Ua
zgUK-C2RxO)%R6-!szJ!A_e}Q&Zru_FS+Z{7+eY(uHZiiRD*B(VC=Y47<=DOGg~h|1
z1ZH^hcKqKgM_CCf?ukA1<4fH5L+Jh^0U_-$)(P&7NxLbFQyeV6C?r%N{w+o68yJvt
zum#nct3cnKuELl5jc1l2_wxp3UPaZ`<+OrNRo3Empq|LqP5|uFLW1@vt3oCXHf!o`
zum!PjJnI<EsiPY-M#d*ePd*&n-IDA*jj;<?dP$aWtDC&;8P|4^AKAZxT|7e*IG?{V
zw&4LM(B?E0sn$*98CdqEL%eh`rW|IH4}WWf3QLHjH?;6I+%D)4bf5R(d~D|2z&Vab
zwjRiaVQ8bFIo_Hn%+FjpKWQ44+`I%3FkLFq&F)GD4d_=T6;LGk(2<uOr(~Qv<;Oqd
zEY#Q7yM<p)WILgoZJ-Idc@I{ek9F{nXv<+SIbxEp*@!HH=X{iU#Q6i0viCD~d%G;#
zUjOKy<~U-Pqc?yoyDD0;aRzhr6?$}<wYYt(Mg6+gv^+hGo+2JhK(!yV=obgzZ6HBg
z((onsI*=QuoaMDxKE|8F&1;_Vu{24Q!Evg=MyiD9Q(|D%Vq@IM)5{5eksj?C2AK4z
zR+JecE|6ELZ$d<dPS?0YtDG-dO1iaN+DTGAP%4!(Alm^kOua9+b3K1FQf1>iwiApg
zwyi03Xa!od1TOU$8#UW>>+4xpq#w31)LYnjispAB3A^?bi1R$A7;j|H%WAr{tB1c(
zNE0zHN5y|bJ4if9Q%nvrfNf@UY|seL4{of^@;4l)_FfPh316OzPhWB-j#68LU9hu3
z7ufjRdu+)RQHt-{KEh;Xtk$m2UVmndVO`6{K;Q^dl|B+N#g$9u&r(S}=oYI?rBw|-
zx=b_w(}12VZBd4+C9hCqup{vnTElhRG>NjHE#Lmvd_ZzF+_0iH`zl)m*F?1RISl=I
zzi||X`#u^yO4XU8+#5@q6gV!&hEowoYf`A{NBEd$@<+Sku`9<)fe9CVv>JAR`8`%G
zPMB>Ulb3EuLoO=?jhchpfR{iKY=Y}+Bhi6%-~q_hlH(v$d|W0#Fj?j?J7f8~E`19r
z25vIaPh|pAa7zvnhfudL9hYrs!5K*z@rY#6@lX@Nn0pA`la<i~a`Go&jGLT7oo=`3
zuZFF>NNK|W#F{>@0Q6ar9P$7YuE6XD8zq16ea58_`RKh`G|2Oq=DLJswB^39RKdhl
zB1n1z3&}O1nYKTq1pws=F5~m2(9>P<vWNy1E`?*d8}rR{UyBJmrd;a@x1BUAoEpgC
z_%y+yeO&9N066_9wrkEgQhE2|v9&|fHHZ&@7ls#zYigk_P@a6LM>g2%S>LnKB_fip
zaR<Gu@1xUTHQ)w(_7Dn<qB$wn_nf<o;8<nKCFI5X>B4M#rli>Xg)`a*n<0<R6p^}H
zwVJ8qf!nV%PP1#7^{Mb-OGCe_C~ZjnN9(t-;qlQh8W!71A5)pHCIfkn=s!KyYKR_^
zwzc%_w%$Ln=O>;WYIp4{y_!~aw125TP9e3A4_s10EAyj<V!76bZrgR~1BZ9m3Wxah
zwNV|o;fV_ZBIe8sS1WBS2_k$Vb*gbMSu7mkXBT$IqcwhmnJS-7*Frl$YFjN<?Jm#a
z1Ycc=R}vVGT{OC;kF82K?>CWZg=TW$(v+Dvh8I7^yi#Ckm>e&&E1;uh#@=juHDE=|
zO=4<(!}Cm$l6+FiU5Y+B@e2COQE#fT=&}yCw!z=dV2ywHIJQ>PR#HWMzs!?Puc0C~
zdt<(4w5AW2uPF!DVnL9vGIrr<18p`$cud2H-HsTEAeGD$!$k9n+(YvV)aq_N^)1h@
zF1o-}B)Q&@GSAE#LtvVogv3I$4evz4+pf7qKl+j;nMlTM0IIP%+O#Rbf3J8|)_gW_
zb&7Ed2&Z+^pWPU=Jcsg$v1+Ai;0F5GjYaitd&jluHBZm@ik>hr`<mfK;ju6@v275g
z;IFz;WI3X<iZ2$bf7|rk3G2#dWXR&vgf~VMI3-W;>bq0%+sX|Iw-HS@3BR;$rh&?2
zCN~FGuX2y2E0&*;t*WY*XZ34e%o_82E?~4uUo3x%jSl4$(41!cc3F$kQr9-B`D{?f
zCFY-g)ShYwpvW9zM^l<r6o@vHxKeJ`%+)1Lo0)NWt~`>2k?uC7Ju26koWf>O*kf2V
zVOUyAv=Z-Znfw9EFaAbtQAi8;hP_jOJxl~@G7Bl1j<DFm+wl?q5b+ysdiLOnO9%$F
zXS;vUVp6Aqd92bH9&l-lnNx85tUcT=?Bpy^gS(sWzw48dqRAn1tE*^Ie+IoL4)x_`
zK7h&0uPu1DkDVSCHBt1M&Yf(x-C^Dto}1KC3*uGX=Ickw>8d;2iu38m2?CNvLjEX-
zG+SBfthPn0VCh8I!i!&(*XXq$<w@gsyNt&WR)Z`n0I@^rW_;ppDYm!Q@n1P^%ooJ;
z-c8E9se<0BO(oWkbRo6S?1CQMI95ih4drkj>Hb$aVxGSmmi=+`l(Jt&W2muoC-et0
z52V7As{y;~B+_2kAJ)eK@+pEUGftHfwb*3(lU(@Hcd{p<jhf-1csEwiFiY8asK`x?
zBcc(mNmoA0!nG3*mLNq!out{Wgj-2f2~l^Te7XJW(M6ROHYIP0v?EK7-q~M|_xStA
zjx1GUUMJrRHAS$dxgTn`>ueksKv=aEt48w`c42PvDz(V@GjXQ8G+5aZ@aap9%0?10
zQ^#p(p~0$*JKxUXe##Rx(j9wp3q@<Qb4UZlj_(Cob~@iBIC}p<#o=8k=l_5R8>Ob}
zcezxT|AEe{T}-*`;5~;CQ?IJcrx-?zLbX`YVsjD=Smh^e?_UVcJ=^humynoR^CbKo
zSE8c!IqbI#p_p>(MQQ3%J0S7*BC2AySm=t0HE0`mn)|LaohxPKY}y|maVop&5{V-5
zXQaqaW!aMvWE)o#)R&H_i0}am&c0E|vR1Xk-~)4p4difkCW>zrd%LuQX%D@x>W}7S
zjeb^V2XQz|4D4>0Y<as8nj|`1{3ZJB*+U_IE-=azrxQ4Y%F3ANYSIHwf&H41-j-_2
zWw_qK<)!S;^M}RbEo9LTj_sc}<c41&Ick(C;|_7LBb)R{iJZalX}$iHA4l1kmaXP_
z8Q+VaEGs(dpNGo8Nv3p)#N_VhvP@jzC5XIYLIUd7`h0T(>VW!Rp?KT(Ab209En`ku
zI(2zrp;`?>inM-Pav^eshrF;?uNku1v>6OCWx*L<xMuq-&aY9sy&bT3XtZWyjgh^6
zi5iwtno^3<3!6+r%Q0Tk<VOQe&pV(OPw_PXfVa&bACEKmvHV0cAO#aFt3fvsYa#Z#
zfOIaQ%aP4@r_~qN!MAy+MG^hnd@(r%yE7o6lH-)MD=Tj@q=cz3sfFyaEpawqqAsD7
zOqN#w;R(fdyn0!oHfG7p+<XlU*7$SfH$I9qR607bz$KN+605l9qk)?K+YQs*<`Ulc
zSj(4Ik%l6z!UoN$27m9Of{3K+{4vd#%iYTXuK`w4C1`BeIo9Vue0dn&V7%o#2TboH
zXPFq}(-ek_VtY)fs0}l2`MOxvWVr?46C)1wYInHr>>Y1o%H_8CF$jjdX<P9cJ_N#U
zf)5AVK(6=#4-I{T!BvZTXK3Ms(H7W%>wAi!EyzG$lKdW^Ftl_6#U41+MALootP&na
zWCp(eJ0yPc{MD>}XUL)%baGg`vY?zlF#Dcv_eak3O}_A!U`rMSkHDc<opJRi|MaZh
zs)cp5JN?gq7mX7&HglF%{~6&)_qtS*@!+}lXZz9-5pE8C^wdzejCLA05x2v9;Q>GZ
z&e5&1Zf$WW2mBnuH%MS`(y+)Q!WZ?qdbLsW`IpDTNKo}4B!pl-)>DzDet<U#`4_*0
zvhk53PR2d8A!uIIrD2YsZ3MunYO7(7OPSe0@E305tSs~r%wzkBBC%}wui<i_K?=TP
z<+mMkiSXMWI0-`a3C-|WvUkpTvvS?vidwS7UYa&cUvLAH@g8tj?JE>*hKioP*h#9!
z`>8gckl5O;T5f5?UL%#0PTVTmznTuAhzlIvlMgJpQJa&S42<S^F8(5IrS;X|yim<G
zA0n-m*uI!4+wETTt0fj6S?#+@=(<m6Jz1^==lhizj<Q5gRgr>rF-l+lh$3k_nFzW1
z&o5|pfg~q?`saQ<$4;xdSx+FUC{FXM9i+xMAbJa`qp6v1w4j{~7bD&QMDp`ACq>N`
zoOJcK5_51k%(R%OQ`C`E%%Y4doh09#Y*8_!XvKe=QY$lgpySX-_!*F+nG4B^Uun*>
z&gN$yMG#L^&!_-mbH<(y7k8;APsW_S@U{BaMf#u}xhDr$(>F&JQfve>Z8Vxxpnm!;
zL!$A7^}XTd*90|IO5*HG+lhy(kinwsOcUB_US4Fulelv(oIrZ6w437xO!Fx}Bh1@y
zu<{l4+%A{O)kJm*=%FpgihTkss^v!{wR=ROlo)}5-r+M=3s&P~sxLM0lFWT%VZPnz
zHlS=5y4x5le=K~Mj%W(^si*BGnASg6TSd{j*em@@@zA?rudl~i#(CrnTgGeyS*_Y)
z_vmpksn|_Mc;)9%lB($1R03ehoO&)=pbny%rwboFby#O@J5vfkFP1mZL1Kc$XIt3>
zAnPYiDrWMLa`U)oYLrhkVtR@M(@Qb9g_@BJci)IS5$K~28{-&7CBcob^J}1ptH7ec
zr4urgT&xVQ&Dh7S0^>~jRF4MMWWh0}3`bkkk(wp0I%o#eL?NqKJ1Ga(^4h8-B&Jna
zzkv`Uon8$LjP{xAp+XzI?<xow8qX?E$(YTG!=EH0IBgq^C5}$ipsXF)=wGMtEtzAR
zQ+Ct1u@g`Fw+}R#xW(DR|GEu0=Ywt`Z|I77d-(-d;hq_%36*Ccx2&hDHs+)DprFtz
zAnS{eP;xfMa5osS%(d?N02Yl08qS(eu*&MXHpQDOQ8rCnR($V1?WKOgh<Fq&{1#U7
z*NcRAW(XbT^H^AgJ#BhASV}*xQdVgU?4X4^f7~l?uyD+B&8gy0-Ow!|5Q=E4%M8$H
z+Ku<a3WL|S2Hq{Ha!uhP+gI`ru8OTG)cWshYc?gjvZAM4bLZ#6mUEect|!FC2f`1E
zPo!n(uBodB+lqdRTz12@4NLDv{90iT@$yZegUt^Fm0Afr+O6ME-yZ$ue2;;r3A<z@
zR5Ltlw?Q6|U;7@geBVY3iqlcA%NG*6rebuQjk$b4{6L$xbco?BuXtl3Q}{^$N=Bcl
zs>VL>v0r%Zj<&3btXWQ5I6Ufd2EZz@9)}IG!F)I{h>IE5-FRlYJo&Jf<@(1nID;GZ
zZmRs`Ws?FYboEA&Pvj3u=}m9fRrMC{(-!h4vX+3M<k1absduZtVmzc5WS{7pgg0b;
zem7f5t>PTFvns3hx#Q_1R4(nzr;dv8DK%VHW+o=xnlM78)L8v?3;VWEumF&cF)KOj
z9Ws`-Ih0AJ@LHgfp8<<F9s4Wk@1<Cp`|a+Ui>GSLTqKgH$nH{djt*Q`;2W;jEtC#V
zD9<^LF;M<Ia%YfJ-*$?_;>N%6g#PAiqfRpG)g(W^+pZgKMsAm#6+O2}v0~qJdT2XT
zJ1O0@?wSH}Aewmib5OpnuNdC-F=JK(o=X8pd-0sJn7<ji^$h#b<b(`!xuLZs&_J<e
zUDFvLOkG<*hYa!U9oJ$Vb%SltX(zPNRGx}Y7_rGN*+N})#1bW7WwMj=yN7?~eqP6z
zz0n@f&$aU#tPh<ZoPs(3Y_spySn`cmy{8&Pl;3VLsu^($7in_U5*wn)RAR-8<muhg
z3EhC5JHZq&q6Zn_y*0zz$chp6uq&414bE`f^m<*w-MG=7AN#9eDr6b!NwL?e42EbC
zd2@`fI&65$6$hZ2Q|9wG=TRr?$>PHYMa}MFZ|VyB2NGmgV7lUO4cuFl75?O+EYGJA
zN4SBvx_%w2wCeSHtcegsTtWDmftU_r;|Oag`I~LG9VM$OB>(Cndt5zx`v<?c4*6AE
zY0|-M^X#TuO~W?-h^OyQaZD0nS0@y-E5C9++y@Q}TzqMW!y=X*${p^DA)Fiomn`54
z911t5`Pp<A7~m~h-Gfc(CmB+stBobsZ%@casa`3`u8P@WM{UdO>&yh=aWZh9ayH8n
zW5f_oqd~MatzE-=ZgNWg$l!0RhdMm|(!Wd~Qoqig$Te?)_*V=A?cv8sU|~sRmW9}R
zV+>X86jy21AJ+w6N1MmKHqsmpYY3FF7Sr*Kc<@~aChtac9HhD){OrK1AuKM@7!C8S
z4Rx9?1Fe=$Ute7c0Y<-6Z{_HZ|6tC{Hw0cBv{h(R;85*gJA6Ly`0D#G(~ugMEDP5z
zkvL#AFAL|bP5=8k&r(mRn3)f}SXd~>at#OF1~f{zATG&OZt7f4W=?zHiL(V1#!;qc
zn~9>hU0}Lr8e1odJ+oqv(R;()$_1yA0tEwG%+iccab~#<#Mf&2+3-MGI~l|qC}#3s
z)Y}d{C9qU|T~Q<$KaVv#Md)Jl426q1BKnmECT|Z>Hkaf*nvmc=#D9C$Q#ILDr%Sqw
zj98|(aHu>(pN=B4r7T_8=9$~|QoXYsM?>pmNe-QGho5g>@H$&ZRgOS)z?K0jUhtR6
z=KH;ic5He;aL|&)m2-lS6!!2jgvYcnmbo9}r~n3<AMl$^C5MeG*ZwTtvn4GvmzQ^+
z<_?K(7A@D1{t&9C>*l_7dL{eoCSQCUonmIb<ywZ7YT|+)L5QTPwKK3+f{sh97U4$D
z=s#Ggd5JX<jBSb?S1F_2=I6jhgJY(oW1r&jUKS-4@iA{DAxSVAE=ZS~jCq~($NGEx
z60T)3-Nj06Cdf;5cdKPp=Gse~r37gCom>1P#26^G`|Xly^_ZZgjWz}mvjVmlCA%{7
zDuWh1rwP8I$B4Qk>rAGf(Rg3IJ)vSlJ_HV}FYunc_iaR=&D$nv|Fp$K2n>rl{aqaH
zw`p!fAC6zOrcjh~oJwF?o?AfbC~o;Pk5q}iv^Zp#8DpW67dr<hKC56486zXHQA%rL
zK@K{;3TJ&r%DE83Gjkt?jlc5h(-bcVrp%y9(n*y#)ONe178)0=;;-_Pj`3a==;`Hy
z0P_u}9!tDP7=*29>l1kzTGJd7Tm@LolS5$~aD8_iJpM7DXt!QP>GmxcR?4skA#y#}
z*X#Gj5DA-Pi9EEBgvc3J{cIUXOPy7hNWf)JFskh7$EelXhX^;3q39FiUm|U<&69|n
z6*Ted-#+TW7ycrC_XnL!kEYIU9l5q$Lfu7ZK=Vt@(%{5HdVeitFF%gh`&;J-2C|Vf
zAx+UzlD;<hW{rMxv@8KD-j#?`DU1p-&CFG`Cv5jMK=VE&)q3QRd3{aBv8*^*f(h61
z8UXzVw$yF@=l%U#BsPk_Zf5MQdI4-u)&2w7tF}ZJ1aKya5^Lea2j46_v<e#bZe<)<
zpoS6H6>d$Cb%3cq5A18nOQKhp=gTMPIerGqV6Pjg7q}_sAFoy6n4)@mdsS!=-?wgE
zdGi~F&`1TqzE2dPotlC<LcV!Ih4^`QSxu($kj?+zR>;n;SidxqFN}#z7ytNMTY2+Z
zy?W7-k*q7fEfZGeUg0)pO3nh|;D^Nb0$5#F*2^SeR{a_Us}kNJ#zLBiJtdomy>seI
z{Qvy@A3m?;-|7M~PDZuk{zH#{ovfM?QkkX?G<8Y+FE{z`Hw^jyNb~kE6K-ae|DPTI
z<>xQpTk^EpnuA{sno8t9Hs6GI0u@i@?RDz^(1~gqgaDC1AU8fS4HO31e`?>m-YSHA
z>-Dr4|8pmZ<hs5M$)NN|)c*zI{}mFEjkhwruH~u<?0+Hsf9>=R@tXe)Syy?9FzNsL
z&;D01>@gr<Y}jZlhW`_?Uc_(6w$bGG{UaE>Z|Z2@#Aq%4A7O<Y-x&=-)>|)O#^@ix
z$an*TcQvVz;y=L(+5TN$5`t`J)yM(cKZ5b!V)lQq{%<k+H-S3%e<@}ybFlA8ea_jg
zr@wG>3+%*xX&SdqItw?66t+5W|2t_kGJtbVH3(4|VluY=k3sOqeG|~PQ*O62=8xIY
zz8;6vIG1W~yX6rK{jJ>;ZmyVbR{;z?&E_v)CE;4#|Miz2M8Qgs+9tA%Mb0&K;7E2l
z{IPXAmGo){9;pdrwN0Ky9UpQcen5hKX%Pth{GA1~#E5X*)K|1Qv44t`lI5-&)E&X}
zNzvmeq`j{(C37~mxyQ%Z>JPYCZ$4H-KGosbv2UfE8Fx|BEX@iB2pMeN2lVv0>*M_K
zd8uMs=Te#1_T1Y9^*YD=`I-S_x;XRKp_3Cn6e~Q|sS;+)^y~d>RF9&;TId`CEA>n6
zZ^)26QZ>L?l8?QrvgX*>t4rvvq0jmX-fgSHd8%x8I}<P>wvBeYmA)c51m?GXru@LW
zRwHkg`WZTi1IooP*Q9J2#?qhdJ^nK{^00L?WkniF5o9#w!br84)atE|S^MSBtLG}=
zu|MG5i;|LqGyPo;1&q2RJ=Mu7>?q4E3v^_Tc{*X{(a-1Ez_jnUbZMMB3&;|p@1VYW
zHwADr(cXuK7`F|Iw;^~TyF%Xo<EQ;VMm6hfJ`20)KXzj`+_urn=HFUs*IfD*xX#i+
z_V&{zZ--2MoL0jB@&Uc7^E#1jR*KT4V0tbZAi`f{`|1`%>VK(q55C)gF@6sj)AnHB
z6WY}5rTIHdW((NI2`*XORn9pnvObIRPok~*53yZ+n7ekFVTytEg8S}m-}P0XsH*Lt
zU)z7?a|pcR%iXE$-BI6RC68V?RZN%#tB|8JeH0@^OkgAo6O|;8QnJ0}@NDPf`e4ui
z=qxSQZRfWFXJO0cX~H%&w=yV$8rpt{@`OhBo4rV5EPrCpD683jR4g|>V?<1lnrB(I
zz1O3G80Bl*H~X@BGPctA`EOs0FiMWkV@PyQ&#(*{UL5;V#T<yiu7_94Uu|mE<4>#k
z!hNK_p1RCF(i;?*J>ut;z)YbYIFqB8HgvtQiaM=Shjh3;Zr=GABI3V+mJpL=_zR<_
zq*}`&o5km17q~e@>W>t`%&|erbLqr$5%e7*E!jPZ35pmr87`s|na)l4F#JR5ArUOy
z<hq_Gwwquy0AhYLhtrZt@kAf_)9JKa=Hb6IsivrdU2y*Emyj!#Hkyj2KW;|A&KQK(
z=6eF8xbAAqX#QLu=B~$4S<tWQeSHr#**}gMC>dS>-e+?$fEsdA;O-Dflf@T)%r}Qa
z_{}VWdCXB($sD#T-OJ~_tSe&+cs0GnPg?jv9gJMIm1-&Sp3W1(3E4gy-mjFM5905O
zo_gkC&N_VzdZc2!?YhY1_<!m-v{SIOopo%koi}yx>~fey@wHiSLR^XiG-v?$+S%hI
zs`&={)j!KiQx^H4#_Rkx;%1@m&Y%_0aeqHyY3JDy?g5P2FMVNPWWvt&JJ81e>{L;e
z<1sH>7Gw#_A_$`Mg>yu0jhpP7T(v9U7z6t%3Aq{mdDO`6l8-_3FuUlOLqqHP!0A%e
zYleYWfcSUs+9@p>xf<HU-{%I<92RuD%)*}LIcVA2=RQ*2>onQldIR7XK$Fn&40x^u
z-y-a1I+d&hj7QEX?k*R4RO>Z;@VI}jMy^5v{_(KDQ~oo)WPa5s%drHgZutw#jP_#K
zJrGnwSp7-JrYo+qY%N-Gh`1|d<-4$t*U@k5-Ub!LDzi;<pQp-2pxJ%Y_ITB*z4B!c
zBNZDR=8{EoWy7N)cpq-v;%>>YUYp1RWVtW&6yksCV|YJCQ67v9Y-pxg)UIsNuU0dq
zK#c8qhkn1CVxZ<fxop9Na_O<#*i3M2*S_nO-ZY^AAMC!{g^!kh{<Vz2f%$c2C?^!|
z)xIj==~(c%aSX?3Cr<K1jL?Hk_P7~DGd~AFTo?H766V<LG!CO_xaD8{0(IRd{133+
zfun_mI>4v!M!krGDBIDT$)mO%e;5d!zR9|nlX{+4QIPgt6ldZ-5<5$zx@=wa$vY*0
zs`)-c-TH%XfDT)w`ygreGI|<B4SkQml`S-gn!I9an(t2Zx^KLG#CZk1!gYVDs&{*M
z7z$$_#AD9%Jl);AEVoCcjQ-@)gGH9Qf4Qr%fmGe~(p2V4mfv{VvA^js1&%r3m(b65
zMxm6M6n;gDx?5hbE9=aZH}kVz6WNAZYAwE-^8{_gnGAKolajJ@?=99G^j?KtO?~Pe
zz)$EQQ~Wy|<c@d+HoJAWvb_tbbXx+fdER|7S}CnCao<85nv34L7{uq)rGG+`a4>r1
z2Nisooj7&qL&ZEVW0#Nx+-;RZ5$n40j=uxPnBgFI4?o-m&rPC*5qXxatT<#P$=beK
zP2GQ-Y$rt(ICa$Y08h9#!uYr>zZ!V$-b`01GQOJpWLu`f44#{6WfFYs=QKL59h7={
zF;NuCAaMcEzifTF%CRtDc=(Ntfv1Z2H+M!9d7Sv=Y2!5{Y4H!u^X;mATTF8w%o9Ns
zj6>C4-=^CSrBK+%m>z5=1qpb_Fe+cTQPE=<*Sh~LQyUY_%JEOXFW2Nm%d7Z#nDW9b
z@5(5o@-Bm&!~q=DoarBH(n~Ixc{CFFX5`SJzo1gwm~u=1qW*pdxc}tyxQq*xpXGS<
ze935kAPLluzkecqA!LcuKy^>@Y;4-F>Z}0?OCAkyeaQBkEVOcu$>IfOY>205DHh>A
z=*~^EN1^LoO$k`sAC=p4og7-|e~_*2C}r8+FNLp0QIX@Rodn*TG;b8Uus}v%mzbXB
z4PVmaBujzw_kApoATitbCCLHUiN=eUW*1%9%i8@MKTC^ePqe<jpX&NPiPZ1jsIl+p
zw?82F$qQo~XZrW`0&oL%+%~3}rt9T#H2}42a~H-+L(g3YPrr!v0Tk%3ls1s82e4G&
zd+4_kpmz8U``!_Hu7C0nnYCSb?R9#)klr0NA%<&{`|tXlkj(xNY?;6r*xh66rMx#e
zqXOS;3H-G%OlfYcs;$*cowx5N{PaOjZ&yTyP3GB!*QFe%95GJ1|Ea?nOiUSrgaxI4
zAG15~X7$uZ1V9&J9q4`P&!y{ft7Q8SY$>^?X*jSmDXaJgV~`L?;*mq1wd6d>Z<1>G
z?AVLwboDa4{VMIG3(?Q49ybmGOnZQ?U*813>y$5=FbPgFs*N0@!w5ESQ-9Edvm}v`
z$3kBN;KQ3i4C_fT@Fm94HJ)&Ij`N0>TMhb6aqkT}x$BK*v>|ekkFK$QR)>A>Om0{O
zg1KE$Kg)Mis5&ifQ5^InfDvT7-)TvhLb1qpsmXS~TYEh?cXk6;y?^)uO*Orb=n(9h
zV{fcpqX&(*8B%l6RvzqcS6juB<2|!LkVBr&&R%DoR){kL^pYfS3=Tj~&GElT+Kb`1
zlzLpDuq$9+fPZ=3R+v*12pRpmUq96?H>T+Uv4bvIr1}g-n@EV)xKNRQmaM{HRPQoX
zP-o~x%R;BMqDsBomdt}30(HMBl4lJgK<tQwTEi}X5t69n^64cRGF0{bHlAaT5p4+E
z4mmdT-rV&zlyRi+XL#Lp+<CR{0IF$t1VcbimlAF$$x2cGZx}sT{{!!l?&z85P0Ag4
z>P!RlqBJXxD72&)%tycLrA{94lqq{;sLTlVx;C{XFO`f(7!~-+?#1xOyCaZ&DbilY
z&3UhE_2DW`EWYi$(yZt6Z^>-cI5*$kgK0s-M>e+73{pVKHV5K|BiKb9XE>phEoOvZ
zn5V1)$Mp=ArD6pkx7UD~)YP{9$1%D6>3jth;unbge-MOD{bLfs-Gr1N*Zo6bEXZ3|
z*C59$Q!fmSHt5q{jyvjlP8gxvlFRA9H*3Mf-oDbdngO?`&>a64zT=vkN2rbD-o`6J
z`%XfZ_Ha_g%IyIzi~|ttr{1>eW;PIz=ex>e2c03-;_HNf_x;AJ-#qXmYa;D$gqDZ?
zZ=l1XG|@fan*JOcd=dQGuWhl;qqbEq<!}T4t1Px{7nR~0AEOS(p+&XG17ip$fad@W
zTz4ss_8Dvtdh<Q;jEBjujq#J&h0uy%(;#l?b>n99A3wmZYxB;wA|Jqp5v@u6WhkCQ
zd^pJ~?&Z3k^=Npay6ZuGV%>Lxa`wBg@yN9z;5EJohR)0(1ojaDDifI<_%yGgu)-!Z
zbbLtz13g)cpkd(Ot`PPeUMhlx%f2TpGkG9rb2(-Hifyve!?~0|IMI`36(!Y~AU_SA
zC&ALY3@X2j-3<Ou^osElxR>*_OPHwR?DjG25W%5psN@^0F5z{I;<ORualXmFqvX0+
z#E`Jx()mcjhW)MxyXP9(@A$l<@TKV&%gcG+tEqN1?@exPH~S{Xzs5=us7%_6%{c*6
z(`)3Ib*j731ZyJ!uyfxvq@a~2#5*udB~`SZ;N1M`_hpY&_j)s;MW#n=wlnXFQ%o7&
zze0+)*GEXi2+|jh(|ZKYd`q$>O-7%aJPOY*Xmb)Ciu`56@4sRS=Y>8nqbmqJ#V6h^
z?;DIDOw71Eew1UKW%|HEY)-;9i=+bkSK^l56E6JCedL5?v$(F{l*c`1$Ak6fc8p3&
znVGa2*Xvxb3j6j4;#lMI=vq+gv4FYo$&WbjN_|0DXrYBEnsmB8lQZc)4w*V<7xzl3
z5D&E}w{P+WKS9KR+95}-x^|M_6`^=|c&MAX`!jz`-kb+^8bADITgIu(!q9MOrF#Rq
z7O%c%+i82OuM&SFyEZZ@Z>MI_?$Jg~v)n{T0AI}ozY~dDN=&P5=kf}_FRt)fD4}WO
zv$jMLZlFQxDJ@#o<%lh+um@PmWy(ShItb(Y`WB(AM>`Z+R2kG9az*WLRC;{i6yEv>
zgx;F2hdp;dyc>If%<MydQc2fw6I`=sHFhX;%5=q&@<+;z)xQ1KChL{J&8{2tSy6$V
z1Y<kO!Uu3PsB^m6=t9v4hk<tuA-TM!t(_NJ;J)kFb+cA<K3+07KJtl&abd7@ZG}3V
z`w1LOFm)M6^05gW`yU`~7UbWdxNo@leLB2Gp37`XC3T)LTXe6j8HT<J?%TOBAJ1y7
z^$~&2T67<lEV|@#O<==)^QSZ32`^sX`)V9@T-%wlEpL3J$?TD^V(#qky$s(%%C5ZN
zyx6wzKtXq&LZhc_Ks$DKk{;ARO`MrKs2Lp6bQJVB*x<2!_b0Un?sis|g@~l(WXoX^
zP9qfERNtCNhfVS}(wTLe22$^lLs_#AHFR(w6&dQYd6D7ThT4HD_!hMAoek=op-hdz
zW1yes(i{WANWF`EhFyNJEnp=amG^j@w-5PAhEd~W0f<=8!Y$&IW?wxaYe$5!)Gj@5
z{_0aiw0Itq5Nd}0aVWl*Wx<n`(zc?7A~as!x=>{OvpZt=OGQv$2FEMSTku(AuLZsw
ztKPKsG=U~f<v%!25ZJ;z2C%Bc7>2XU5r?96ZrOh5Anp}`4q|{3Ea+v2*$7KDswyO8
z>v&kx<L`V|gkPf2I!87R3vo@q%ltiuagXCokVvr<;6XqWd=|s=+(EzD9-_PcOQ|qp
zZIbEFK9Q`LlP2JDEWLkpU@2Ho2C4~V+UwPK9VpzPJk-kpU7(~nD}qvR$w}q?BsW^<
zsGZ)Tav(ZgsP`>D@Q@ABCA(+DLbpJou}|8r>?&YpQCQJjm>9vds&z9uKq(6^Ed;I0
z$aGlFDaiLE${lVz?GVa<Z79ryO_?yi{34G2wIyMU?Jce$`Q8RRx%l|46q}dDcX~H(
ztP0s90oq>r?{*}fmgjG3o~_H~jT2j>o$V8(an7jckX>>W62G6$XA~$`cMqVE;%qg)
zp2mUOrz02m1UbPjKg0K=w#2TGs8(qxCm{o3P_Fr)KWR+X4>N3TO6Dx0#j&t$WIi^*
z@I#{Hjzb>rLjG-Yx0O;_<oz5+k55lKU;6%Dn)fBIo>f1j=9v^WHqFqxuo*u|rENT(
zT?QP4r04@tO?j1@U%mg_a=_E<wGPZvx<XZxYzzJ?m~<_S+)dF}6=<GnKOhjQ-nRW2
zCrQ9=Q+q-1__<W!9u_beXBo_P0ws(QM(E`4Ts|pT6xZ`hq-P_z<$M-oUG6<be0K=L
zD#zIa(b@AMjC;^5=t$^d$pliPR6~ucBU0VmyuM2&baz%0byDnsr-y6TcA`(b780iV
z7A%IVPVIh@+_K$!hAhAPBECTLK7hGt*r%{tO<l8$VbJxBDU~v;nHkIq#RP%BqwtO-
z&V?unzZ|1o2Z+0;zvFLXgDzN@C&QDzgrIeVP^FNf=nYmhJa!!XVBgJSI9KnGbL#&h
zRLJ+I#U#Wi6knp-{7;44c>d3?Ss1_4e9EtX?j%XLMEXKpl*;~8-j4_lIV1>Q+buD!
zv`qBx)SoaUv`k3kTo8b72lM~UKs)QY`+T_9sL<p;#|FHa(8$795CUz@>R{u2k3!=-
zZLsK`1x;n0BMwnS3U9kJt=KodY!v&a0Oyn@&y409PkwJI0#6qGekT%@!2a=isS0TR
zRg_~wFJz#O+()#Cw(e<pzn5{=d+iJs>bTxv=J(wQo@3I)X0F^0ssy~;tE4(556B+s
zKA0eW=v*^8>e0ZpA-gcVG(<0d%s)JNIZtobQ-)DQ1-5(|@_#zHgQ@<geTohH`1-uY
zSSCsPN(P;Yv4aLZW&Fefb&`0LXHuqS;kH5Dmmb%X6ZDP*#}!-KwaT?nXJSao22x_6
ziue{A>ZudY*)$>@ICwEC0B2<EL@xjMfP_xChTwH(_+H*vn9`lTxKxv?_A~!!bYLr3
z;eLLymX0-HjA~i~QI5aQKt~<L9<ZA=ch6=mV3cQxYb6=U0dZu((gDC0Fk-Y7<h$)#
zdP66bPVC<}c*xOzw<{Q{T3tUK2W0gsN3fP$0k<c9JdyY?9oMYpX7V;y^9X|eowh$O
zeoHd|%<8A<{||Lc_C1^GJat^F^MC_%V;aX4@n4e$ze3*u+B9K8q#?KQ4^2oB!r2Q=
zWm5lhZfO1^<UvrdX#OcP1mU3s-#8dS=VYmWx+K-tFOX|;e@*>&RQ~@rIeqn(bhsMV
zg3t#4A+PebT?7SkO`wPo#y|I(dMhfN;<Whr4_H8UaYL@D_uruXPrM=I;D3Yme`N2!
zCGFpp^#7rH7FJWE@GKere)Vdz^G~y0tbrs!P#tQ|yW4Y#vm6IWI4hoGsQaWSqo(z)
zh!Z52&y6ByB-JwdPzB^t&C5pk%>lez5WeZ4DYh7;V%Ms3kihwx?YGDFH^*;;^PZQ|
zv;>+1Xc%s*%Y&<Nj+#rt$$CfCT`M2=Z8dE--f!|?wrv|^&^*b0@Vhtg$N!ewFdTRl
z+`6CI8X`7j9wod&=YPOnZDGACAVcVL{`=-$bDgv((`PHX0sFY3=6Gv8bn{7Uq1uk{
zD7LrfJb$!EWxQOCBz6DRN~=q__q;Cz;`QM=98dOnY)4~<5?Boj(i6X~80pe-_PMBp
zaw-azm?pes5Fjm!a(dy0FnYpu$iicqN$9SMK}B!MEQ9$jMuAf&TVF_V|BjMnuC#^r
zEJ<LO^CVWpfaYtL_Q@DGaWKg3&mp+CBtJ3};rS9&z4?G^fE-5bs(pX@M5_GQqq*eK
znbhadheCMje{ccC;olqQ9VU$!jF$Mn=K`Q10NB(`=tEXi0mwGJu?2_sx)j#}dy(fo
zeToGxF7an|>w}vsgl8Wtvb{ZJs#(VQRwIo%xnI%sJr23S<$HJikC2o>p0Llu0&sKE
zn*=rNwArNRr{~5O1q4N5u#bOx&DzE*LAJ-y!}&`XX?awmx(-W4*X%|gvGSlJZO-b3
z+p1c{B4~d57VQfPpQ@%^<3wNV7t~x=67PzcK8R~PUnM<i20Oj%zqaXp^b!EhV`1vP
z&NJG+QAd3BJ3e$cM=xIdnK-Mi<ygu#cdZfzvhONSJZ1DGR9^*}wPC)>@+%L<PR?yB
z3IW#qfI;g@CnZeLtO*K&pGWrmU!MScG#w<U0(;lz-T#BBzm99djsE^|2?0eIib{iu
zf{M~PS_DK&1wp!`yK@YrR8m2D3?v2Vj*%kL&0utnF-C3F#>RK=&+m8N_vfEI_Q&>k
zEUt51=e(Y;bFNF`hXM57KoQ69yX~Z{`Gald(Wz2{(`n;8#)l)aqb^o4<x+G#jAC`h
zgylrVsL9dxhYO*nDqK}d^<Q#I?cq5Wfe**tf({hsW7vwJuOWEiDU*39X1J<@^HMz-
zw4UB`LdOHf2hIkR$<zKrkqckxXXKP}l`QM*r$VC9F&3c=La?Lg9PbW1KFe*6{mp8)
zZ`;2)E%DU=E~|u*6$wK#$?V|O>0by4u#rE)^_dH~oVBWZtA0)K;=tm^k|pL&kK#sG
z?}{f=C(<J14kPel<AD6<Mf%MLrD3G5(GSVSm|N`nZ(r+=C4UeZOQudIFNi1Vhg6}D
zAWngDX%#2S`0B?>;H!#3b>PR$&HEkf2g0=QGocQ=okW@L@Ab@3J~pPY#dUXRiJZXr
zO-hVu2ZPY*eA)&2!*h3XeR6#{gkbix6}-o0iX><L0Dg$4Rn4?h9{<SXW5o_0$4y<s
zz-jbEPP^gWfZ`SzBSv=KoQe2naDW}{h|JfOQ+I!`6nvTgA6boz*x+k!j3ld;`ex+`
zBvYT&KnWtx;4_2Lf#u7FqzbY&v{;B+sya&daa!fOg%Q7J#fvJ*_Kg0O{KXy$mdTA+
z{dL)vG!f)Q0Rg+W9lPn?m3fsSu_tXqvkW-84v_i7WMvk}8WE;btrMx!aNli(toDVC
zpMZTjK{DJqEBkAM?sV=jta7?d16y~LJr|oAx8tAi9dlm`F4m|#6-ziq@><8`iHWo}
z@Ym=W+!pcW7#_9D3KSmrjoAGXWH5M9Tj|cr^>zDq=)tmXbiR%>|HA1?KEBf{<(v9-
zvTkO3wlOKxt*3h_(&u82gacU2{Xl0c`MOifyo`w6+Te$Kzt&ZY({<%H3#>Lb(;mk=
zpr@K)vYm&i93!pEnlTdGW0g${%iXj*p|=v`Q41cu5{*0C#0>jv$&B67^6{H8m9sC?
zeYa4QBVyd<!9>^Qzh{!qYB#!b{xq@NQYwa%;qy<hFR~piDF5he`8W;2ULk#XRz)tX
z3td4Gz6KK)Y@4h8WEI3aK`sC;O!zHUS2j_$aqz}PWtCh*6IF5-(T&rF=4vM@a>CcG
zAQGvS&r8YwJq?fPjfR^+J8}$$KwrgoFhOGe{*U=it(&)4H|RVfkMB)vbX**1HWAv@
z>l#>0gUp&t1%>%D0xsO9+go}0jM>y_5$+S76VLRq?(O87?3?VUX|01gJx=($J$bdK
zzU92H^++nFnXzc<Y-@hMrw@8NzdGy3^r8=s*@O%3m0`A*B6^_x6>#tX4tZ1mC6<Fn
zdDAb440x(W_~hsNS8REg2ui^_&|=SKF>1-=n{ED!g#C%nMZ=QD@;BtC-aww*Ge&*n
zs35DZPREbf-b$43RtBgN$xycZxUmIf7}YXRIRG!e<PHT$Er(hRbSr$O{g~xeRoY%&
z4Oc>hqEDtbUS`poad}(P@FHVatq(kwdf|~AZq4e?E&TO}uY!hMu*Cu=Im=&y8c^>l
zZ)K?hiR}bZ$7)r+u3^W1^W`^>jYIolpiA8}w`22SlwU)PpR2N9M`+W=R}R~Ud#e;u
zFb6#_A$K~knwf-~I$Wa-to_+Kgx*mg!yU<cdr<G-h;MEWb8Fe%#ms`HwM*+)F1#Jv
zh;A_jezK=Ot*NC&Tb<D4E$Ef20^veH)Y``hbERW<Cu>?T)U6d8URB!mD*|4xNZgH0
z8Hrj_>6C@7hyY<aKw>uyQZdQ<_>tiPQxPQSt1z^!xpu>v{@=OnXOD{~$VYQK5)K0;
zMx8yJrlWvurFiy9tq0-ey8kVe-b*}~!kw1%?DT?ONLUxsPR~k(&dHNSqADurFA&v6
z>%OO<1$%O4{$_afWdW%&p-BzPH+<x(NxAM=@p4TQb8x(46FTkMXlkf_i^M12IofgH
zG^=Z_K|&#+J-58>e|5Ziz%Fy7@ST3zqOkUSs#cKE#I45e?642o)6mLUP$Ue%8u4@e
zgghW~nXD|`L-w*~`B(==eyNrY65ga~Gl4M8sFrM%(;NGd8h%}r(&5j|XnNM+s4N@m
zIK~%9?5s^ZTl7suazoOb$Q?RLx4**ESJg7Cjl)sJkatKs+>;j`Hn34QlbCCNdHDYg
znTuLuYO9v>_)`Vr3_ti)dvxYp>dyy6If47ZWNJFqemNvT(6Y)JhHFfgwUM@Dt@`8{
zClmY^I{zbmRy$Al-tvr}`?3@*CB^zrVJwQd?vjNeMpy}tXXNS+^e=mJQ^HeHH2ODZ
zDv|KOiY(tx{CvCTXHw3h#_svD8Xp`$MlU^N6e$F`suCmbzw|)sS>@Zczbk{4?bm{L
z!F4H$YO`b<|K6Y3QA#V&Yt4~mXM0EGWKkKYGBSbE8_Q@$GiF83*=H!bD|OxGogmWO
z_3cJy1U$MS1r6x*AQL9^ZGonwZU0UkD<_o0%Q@EO#r<@#9&e$xwI=p88v^ELG?^My
z%{36jH}YzawpIM$-!@J51C%-ij94WST^V`X$GZGZ&JD%4MeaM8j0jcQyVvavIN~{6
zyul_uqyut*M}6UAt&F@zxTiK3{=A5`yLaxsdQK_fHZ^VXx7!3vyLP(mmSYc71mNaU
z;C@8aJQ)h&l*<uJ^OM}NuH1GRj>d~QW7qs^+FpE+;$r$}|GiO8cw#?AOz3*w@x0i7
z9*rH^kZmWZvbv~R;_^d4jc_L5M7YL%KO$k8NTo+<wehrw_XQVE@Y>u*juW!T&wh3O
zzS=!}uWzku?IMVh_g3PMU#3;MtE?@DL1m?~=k540UfpN|OymihP2AgKU)?zC9!~~W
z7#UX<B$PODbrAQ0wT)l7Ssw)PH*HW52(tU3Ongw62Qo8pOiMqc<VHF+5aLmEMF1Jo
zBJ-f#e)}J%BchwP)Lee5+~{M}LVGPoBs$K&Puv7t5WbMzE0SMpjYk(^ls(yY|8j!F
zSH-jg)RsQ|qLDKVeRF2@@)-j3EJF<yJl9y15hUvBuf<a{XdZ*^DK$Xulr9<|FG^i}
ziM?qSaGj?vJ?jGz>vqUq15z9Ahy$Ftu38@|<Gry-xDXP3G|(g3d+Q|14o;2!-QFg*
zYy5I}je$W<f7ued*o}BKI)Z7EoC}7RcSkbEl_B4n24_EpL;w_z^no->L48zKdFRL(
z=LfqH0eXz*XWW0f2yT_j?VY}Jt@|L>lZ8uGNYFpD*l4zx^IVep*=o$CW7|)yYZH4a
zhi&C=|6U&?X;&_u$Zwo^%r*B#*%ssk#z-XeZ<AT!o{<Va_vc?d7pS+C7@r`}eRm3L
zrW>S@=9SlrcgMB@V|@LyxyNE;LPPg-G9cf}(I3h*(fWaPV%s;jckm1^J>;W<?M;`7
z2g{c`zNAl=QfcOCn}0mq7a+mWrj65HhVbJtSKrEoX<tzN?hf&l|LA0ZN(m%*GaQst
zF%yd>r}6RBKx|GxzFE;lKiv&JuDGVIE_F{oJTkf^?mYfxQafDGWM}vW@C88rNF0M(
zbexaJ`Hq%L8fmHzxHR{WR@pNyy)F*_&Lr@)k-h-%xl}V$f)m1D0hPB6sDPPiNji1G
zwn2$7fSitOx3DoS*Tb<c9yRYaJl=!?vbeOm>$jJd{LI|@6GP<rR)&1Y(@HIirw~Mw
zRgZu_9d~{ND@%1cm5)nvwStiwb>lq75|g6VM-GncP<9BEUMiwT6LPW$Ld%(?8GeTc
zFMs1`05Jk}fSEi~@CM=!0iQT4oxWlc_UBf|Q^;bv&~5L8JoD{>7kw<im2tKNov-DE
zSXq1I)dcai1C)eG+=D)b=WgFUBLY^e_)!c`)cl32$-^U!#6L<OHPzzofQR%F0$axg
z{Xc{00P=W!X|lDa087*^mkLpqy|-JBPW9@MudVre@pm6|P_00H0PxP!!4Ao22CSiw
zb+v%W6ic0tXLSuek9B2_HzvLuRaTuh5Tawa1A!q~!#|3y>W998-z;>S4jb8FPDH57
z{vn_6bX?P4X_-dlPT$S?!6SM$;R_F>`eRYr!SB=1_vJ`a-uMICj7KaQ^OFfRiTTXf
zHyOnWfLW=T6h`N^qi7HlS99&K9Lz7WnUh;7PITbaD$^Wa1=C5op;wHn<k+sA>*pcR
zM`#zi&Cop9d6rE5HY9NVlnM9GFV4+rfZ}gP?mQs;&DxI^YQF#uN%Uzs?tHH}VUs&}
z5ks)pw2AJ6dbP_XHQ$SqJNo>Kd)~c1^z0q5N~H00Ty(fQEDjNL5|wt`6wxT@p}goa
z?_v+_^js;hIiY7xP^?h!=@w~nv%r)>)RMAp4K*_aOY^NLPi!RXJci)V(reMISVkL#
z;5fUEwNK2HMLz#5I{uOpV(7@HV6e2x7BMC<c(*A-;kLBFR-3v}JC~O1@CJn*w`JYQ
z{hD~<vp#-db*1@LA;r{n6H4D>{V3%N<V9@dd&=z)xy!ho9y^W-b0C;e9`^=cb?b%0
z=@;9CO(^(WhBM^s$!h<lTqWj<jU=LYx*6EFu#*iPoPMt2&p0=F*h$5eK0Fd@c8;|N
zn(L!8#QJd7vq+0nqJ6PE0mWfX^75%|u}P8Jid2(EUI-jp2?T5+{Y<k~?qdSh;|h`E
zdZR5bH~p8bYQqBSh^(K{TyY;&)$f@Po)B*U;)KnpxHH$o*UG$>)cIApEs-6UwK`4(
z7JPtH5jqM$&)Aa=<VcpYePBhhkl{T0$-&~6Vrbx7o`>u6bgXx>zz^Bs*S2%}e7RKi
zc~>CjrwRw@oV7d?*k?eP@zpllaAo?Q8?Nxw_eOF`?Yj#$R7HSh{8}<j`TctuDv6|+
zFxr_9OCk9Z-MvW8{GeHLPkA$j*^#kpc6uq<>>~=BV;(ixHii~~j-aZqF(HN)KHm{x
z&oAjhWNmY)Zfth%mkG+fEy8^;ijCQmV1aTPm{~nJ-bZNa%p8qXN9|jg3g{KxV+dWf
zx=nTM#^dmcie*bMW;$)sMu>*p^x0{qG^34TN%Y==n7*$`xxcR&VA0@oz|0J8I5@Je
zjz`KZj=;Qhvy01)*MMaGm6xo)N{OP9pKLF5(Ozeq2Nzd`nTD8yh+OzQE`7hvJE>EQ
zY;oCHFM-Nq;b$3foqy3eys!B47YtE8R82B4GIIGbI=|m0B&FUP|3-FfOry0uPP99Q
zBPaAkmCY!yx^(#aF!b~JkMa8<WPT{&BWlKDVbSNT)8xq>Sa7p@QIvtwjoNc9LksBQ
zksMcC6!7ReR&s=IQ2H0_a3&aWGrq<gylw{T?=Dl~W>i>95jWmYMzQwA-@_eM&9|#Z
z!x*L2K#Iz0%+`@-b$Z%4FNM3u(OZ+W&l(Owp73yOZ#Q-IQo31>Tg5!lF}`YgB}`FG
z=M#fZ7cGxR&#Ud{4fBTTRo2u;v^=2S`HRA@(bfD=z1p)TK820544+*?Dz)yl2Xrh_
zO^1J+ySL9Q3>0RzDSW%L+yAK}Z+GJ+b@HSpKm2_RTMoU{R_||ro-fwQAsoa3nPxq&
zC$lm1EBt1fkv=g%N9{Zx<{=jOb|&CT=NsKCkm!I9b(4xx6O48)r>uo05Nj%~OV&dF
zFdr{#o<IL~0E#4i?vL6(ZrE^iHiWHHAUFY0c0)(WmbMhUFRRVgT<PNEE=I+KP?97t
zI0N>8t@|C=<jwq)V%_I&#94n4V<CVUMlAT>=k8#h0P%&Vm3fNy2{cOwS7=Q?Ch$S_
z0^)CZQxO`n=H2|y`OlMBDY-w^BP7SWBF9{yoh7zD28q1xN-G~efhy<P5jwJ~_h%|5
z-bUGUqmZVh4R$}?9+p#b3+CDEE}kl;=oIz$kb+(E-QAlQmzFwJzM?mzkE24U@6KOO
zcrP6-C*ZCdC)~!xEb<f#8}^$9yt2aasTtT5_=XM*C2q26&yR@o6IoNNcZ;)JTN}Ci
zVp0+(*5bqIN95iur~FzEv$?M}u||~>P!bu|__f8m!p(Q2Qo#E|pcoBAe!H#9_Yc#=
z4C`V1*lyeG4@Gd%x~dsOo&iARf%)VOT$1jlvkuu{%QIT^6#SzQ9hS&xbNNdrJQ{tQ
zlUcatcD_DYBFGur-xkA#bYy0q%Abia@u>Bxr+exp=0;EzaCx+K)w3xS#JTbUr0qah
z?Zffsa;&D#`4Ai)z<VNW`>$VppXG?L-@r8<Ao<_|{j*H`q_O(K<XYxq#Y@7WdU;l*
z*q%H!0)rcHj?}S~YdS0Gza4^+QySsf@;R>J6AI>G8w=MF&ZZ}yhvFa;TZi)%6cM1X
zbaX$+(6%l}n!)U16JRUSSu}U=`+|iadBVai2VY`z@Jv5H<im1ZkME<sERT4ZZ*szH
z-f`pXUtLaf@|3GpU$nxH%@zfuS}WY&*0nb;E@FLZ(fe)LInuhwP0x(~Outu(sed6S
zknhIBTM_vA7@{qL-p9^LJd!ppU0F%}Bi$MOs%&#c*FSY1rMy~}d|G5CNDcG&ul7y1
z3OxVHdzBDNSFJz@=y9`*I_qn-Yrz3#11@(xYNH&5$QHbB40NPkSDygP<9sC%FFLL{
zvS_E6xu4G=Z0(aL4dxXUW_P4R%^oE!YlR*bR<jub_r`DTQSe@GoDI<C5(&TgVcSEE
zKb}@@_#`a$s?Wvh1BIw(my@Hvsn{TfC5E+OH#w>Z<9+eoo{0~S7d+7no6`sV$9#8L
z#<ne;_*d3wNFAqL>KdH+4IQ^F)KasyTf)BS(WwkRW{<m`9a8h9CuD-{i{YRGi+o%H
zsi~hq6Cz)reP6Qkpqd3bouE^&%14q4WKC*hDJl$DErcfxzfrlubvIFtROhFp^^`yh
z6ifUzzCSHo6L$j-oIm}R=o%6-H$(h+a=Ki@@cyXdk`!~~XDaa&9gt56Fc?b>Y_&pg
z`g}%G=zXvx^iV;`&d?XNW9Og38kxq7GGA=HZXeAJoeq1V%%qkEkl_wp$go0d!x=9Z
ztj$2lt28nSE4&dz=AumNckhGEi!L1NUCl$Mho7H*xoO+_w@zW3POZ<dY|KD*la^B?
z+UCOHkT<p5WqmeY(MJ#(+8u87?ds)sAdk2F?4bG(h!;s&R~@5myX3P=uw3g?=46qt
z1E#j#u;C4()%?$>QDND_?Q^5z0pL4&D`7aps_xl{n2H9iw*Sa<`N(-Q$bxj-XmQ-d
z#JxnOu>?F59a1{-e`<$|xdayT(H2&Bw~$Bkp=J&Sr@%R<%u!E>g^lHF*4>%)ff97f
zN}se`k}R%7?^wHP`Xf$?WS$c9Vq0mn(ss;zn{J2-!7%B(>i#;Td$&ZzZ}N%m!PvDt
zBa`*;2SorCX^%>b_z4f^B&bxfz$*AcL}A;T?Jqc#a#}|yAWo+ewGq#5%CkYmQ<P<Q
z9rRfujuSh+lumiW9WWDhL2(2T{a4_YSp}2_e~4&nwhiKtv;0NFskxLAe7i&8k0)*W
zitEpo80%L(D!7<Uj7p^4e<2tzHN}L>``z|qhXUYnai4MG;0m`MpGcBYF`am8Xpgvl
zlR}oqC(jAr<AWYRSua^Wx?Z?%eXn{kINFc6H{uHlMHvTIX5ZOC%9+9&ufxve7E8^C
zcqwiPQ>yCT|AGso+)nz_HiaAr88{QBbW8B4#q9<2prW{nqDly_7=gTFMql7N(3H3B
ztf<}mGH~)pc}Rhmz~}UsL#QajUy$gLm14#cC6|Fc#K%M6M|7Kd0dG)$FUuI}zK1d%
z;!||rGUd_MiuohIj|2x7Xbd~AjEGkiM0oz$<gZ!T{oB0J<IUcYAzc?#8In|!MV97$
zgQKz)zhq2r=c_c$eNMi*m8IglJTOoq7M<WU+bzyHJ+i`_xS+0{YFQ_xreuSY+p2Zr
zU+EVWWEZaV=N?;)(m_{Hs@1PYuxva0!ClSz-BIeZRhc($XxI{{P-M_`Qu{eB(?Unh
z&t^o^XT_#q*RPfPd#qP8J*9g86blO!<io0hV8V9T)G15kE{?Nh()t)%n*4KD!-i-v
zgpUjwQ1nslj!LKQ)|{@Ezx37drL#ov3`OlzU@ffi-!%9$a>bvHVX+{)?g2k~wzylT
zLAipg=dq2d!Z1L?^SGJ{o3#_PwN^%WWzPC6?P5j4umRyu3=in1dx<3?hwM*n*i?Vj
zI<K?M#Hz_1x*Bd?8+LxRy0S}>G69la%&tf9ks=SW=JT3VRBu|Da6VS~k)A-KH!SP}
zRXSexISVLF{D`TjCl}cZ28PHB)4PL;nn>O)lgj9dk=XK!b1^QV(&GWR$ctv&ij1A#
z`_l!r#UqoWlUv=ly+XR?1?hl1FdtyZML)7-X@?ddBfQ2qS+lwji!LKyF!iv_b!|0P
zsN*Tflw(p1blC%Nd?;CQS=#r<&NZI)Nx<WTt}E{S9Ddw<Nl(^<yZw%Tq|S^0Iqk=q
z&0yx9fq%i~l#3`F{-kw(qib3ZuSEC(U%uWX>3$b@cx6tu!lPnPF(3i($Yx&7pgkgd
zzr~X5=z`5bVyyT4&DF|cCIu}(k7e&gyjtM1xmEHX!kX_EmFK2;wo0MJotoxsp#^2@
zo(rrIZ1f%-%bj{ivHbdlgRfbl)LCg>S@7mXOM7Wn<>?mI#~dI?<^WUwL2CIlg{-gR
zQnG`znL6?(VPS#UWSb`o#QSdLk!1nHmdamrc3J;0t(sN7n9nmdBat{CpCLYo)OJ%h
zx{qu-jt#Zk2cbH9r|ze>Q1aGDeS7Oa{AtuXfNTRD2<cmnS@fH&%W#<V$&MShis$cd
zTs*h@-g9*~RtQ$nZb{t)Zo8hZ;&HQOrgZSN{RkX?zqjzN#T%sQpM^wjvTw1_V`nZc
zve34DK!Yz+N!Cj^XqajXqed%k-V?1ICw<zSYi76h<?m#rXv85Oy7Fg#y4XaIb?i{t
z<TJ~s2_1ssl}nF*=Ch%PDb<pM+W%dmXc<L7RBqp;m@LKx1AfLO(8d{bErh0<Q*rgv
zkyfnSGFVu7``_wFSh_7`eB5)ZTNJ2lFXX9K;c{;|UMh9y0T$V2C^tmZeoUDmt9g0n
z<!WE0SpVG;?i1cx@9jehXYv5<Hq3j;6LY7Gkmh+jY$hsOR;{F>)*i^ILbjuq2!GhO
z>rEor?t60+eXp@0&(_1QC<MhcYgRUG89<Uby-R{PUeG{pvC799ntD>j>J$fmTsp6y
z+yeHYQQIy(&Ih&sLjDD$S6^E37fDf%HGlf`c#OgnQnXGnmmng4L!tdMeEw!8MoeHZ
z<cKcIy{<)vr|x2zWxCnYB6!_ZM)F1x4{vXY6DMsue#ZpW#BFjawJ=3`V4>S*S~ndg
z)8Xl&q(pm1q3*NHr6=dXlTc&VtnH9}CunE;S4NKo%ZTSi>%Zm==N<XuoJ@4pMl88q
z;&Qv%gR?^Z+=aYLS7+ws!@k`N-f#G!Q|(RG%LdwTqt3`#oapPlLP51)Lm4YBJ#`{(
zQny7uug6#8T-e<(uOf#SJhWZ<d+GZ=&l9!22Su^n3UQ5*2P>Of^LuDN31di^w@tcz
z`?QQ=nrr<6S$!vGnyKrmW%&C5y|5Mh74OxYz@^O=z^cvnVh!5RGG|IK?=^4dwP7kS
z$IxK#>#gv=ug1t6Pp#OE-L1*WM^SAa31<+rh(El)tE)hGLCdt#b^78#*s+`(aaR*4
zpR9PGusKV_#Y@Ibs1%Exm}rT3^~wV_o$3c!pMOQuhmf6xy$n`yA!gRq=k-18yjC~4
zK^JWC=aa#7KE;!0*r{R#=<|C+6FIrPKU5pQd6j;uTiN+!xAC5tuyk*S(fCf@2SZ*-
z6ZvenqW{8qXXmf@Ef31_isge&rpZuir+@T9u#xxTe~COxGu<-i_va1oxDn0v9_LT^
zpf5WNSJC7)wZI^~pNr_A8z(Ou{3_)dL-elY?X{ST8DHS`$*$ZMaiJnI01ON?CHoXh
z_{nm9kRa&k9Vw+F#j9}$)fi;M_U#4xV4?$HOJ~7N0R1rXUd~j`lghF6d|6giLQ9Ae
z9oKAtEtBrc!@LG^7mBfkk-}EhVm<cire%Vvmd#sOUbyx`6;Zp0T1E#L&op+3=K7sE
z_BS!H^si~@cG3V9uy#CfuaYK+Tj7<@%F?_O|Kkadn`kcR9={qlH!qLUi_U-dhTcPH
z<EGT+wjH{81noo^Xm)m24MPH4(8uI#^0+%@@ZjZ~klSJSpHSM}f;HA}Uy~ct_9aV2
z1lvS}PPUHj3(CDw3MBKw9GzN^#G&9XfsjLGR?{jQbKxOOd>C*g`Zm|+v#JNcNssVv
zF=RXbv&s`U0m%NzQ#SMG9om8?Laq2M(`V0-?FkPcn~ymF0H!K!2p<;-6TMT%EQ=Wz
z%Jx0Fzj`I3h6bCx{)Bj>DRehMcA??UL8#u&@EfKx35D#(?>;TvUi({R)ak>qu8DjO
zEF0?&!(4;31z;&x{pWQ4J3oS+32@#1*JpAku+Ls>UOIZWwQoi=EgQo-270e%zUf_3
z@wBo+v!gVWsmO^I+iu-DErYrLFs}?m0|16}^pd5?<h3<6cScL7dM7CXkoX{X{jWvx
zROA_z#oG;XmrBO>Lk~tsR}7bTi{HZsRNmuj`ToB1d|QKV4Z0h=-NK5BMO2*;4>+kr
z3<G@s6RcL~L;n7=^I5WC0~8AL2=07-Yj+l4u;doN`sLf=Su};3&4ZO54}xu_xU)4%
z{YGDysGMogrZ(Q!x6Ss`I*ob!Ur$E&1@cRL^Y+qx%6zH-0~C-<vRxr#C<+h2+`dZB
zIj9RHQU(UVLxO&1XYgpY0u7PCCJkr5k<rbnIKR=%_LRk)|EU?tk^Jk0gg}#97wKzE
zUGb1)gxh{VKKg3lVCl33MTM?Md03XamX$upA<m}T?a1{j(H6P@QV$MDY*1XC!hS^j
z08IF*?7a)+?27ogxuML(t@J?dVIOEWCa_6m1j$j^`qj;3+u^Sa57pHb7RnQ|p?FY+
zmVM;d@A5+{S-C$wF_l>KmG|Fy4mzs=ynhVM4)=o?yG$Hzz+#kIA?Aznc8x({3)g_N
zQX=@<?hdO2wzCpp?kbxN-?A8MlIvGH1#*^3oD$n44!PE`zg#0X3*>_7>RLi&we|!&
zpH=!9<Y#Nzj-@O&az9vhDy0FZ>uaC-c8sRK7@;`B9>m`OVt;`Uu!_FwD|vIU8vhS)
zGk9?G@ES>87jBlebvhvLnd4@_|6l*_ZE{Pk>w;tEV(jgArtA*Xd>LLX2VZ<nh(?s=
zjy<nbz^)-C8B}+@vn#5$47|i_vaYMWS)*=h8Tt}W|B`yhJw~UuB`d>e@gP&d+^lbM
zG3Q28Nw4V)>1DlfgRbkufKc3L71|F9w9>mPHu^jvXBxA9X%RRz=4W!byvT(~JnFN7
z>6`7Cq&4Sr!AYGPvMXDdD_lM!R&J)*K4?l{g)psW87)=Q=P*~En+Ep9M(hEW91gv|
zGu&iR<gpslG1Z$^gY%WJ588V(c&IDXZA)&}T6Vax*wk<1o7$8kFJi9PTi!)?TkHG<
zaNXF|zgfq(nH&V(v+EJ+CVN%jr^R?DS#wPul?2W6_V9Boi`ll2RV?PT?Cu=q*lymg
z7FTiIp`mi7e)1+Q<|nqJvT0@p_>&#$w}lBf3vZ<!;#u0ge+yXe`IdBvS)>hP?q%;h
z+-HaR3w(WD9X6}_<~GQ>=lY4@)4QG5pVEC6SG}$J_2=j7k}k9Ke$`egUtjA{r!37+
zOD%J9d^g>B<UjZDG7um%w>vU&;V0F4?&tS6IKyKTdueJCAXQ=r$E(#sBBm!5F9Tq@
zsW!$PgU2-SZi5pAuSTayfdnX)sF=6`+sh{*dtVK%r|!qTLZiSrH}w7Y+i<NzgrH7>
z7_$CyeQ5;uinLSx8!q0}UL2EEF;qAI&0DB_PAoB0%IVait0L-wk$Z07)LKTh3Wiy7
zL{Bt)E7sQ-m56$Pg%mpreK$_is_Oj*LCDUm75q8E>nHd<@jrau7}$dFep;l<+>RUK
zty#zxt3WToCBKgqr}-Sfl{BCi;~c;Ik9n-vU7uAiqGT2WP^W(;M>}?84WjyAb_n5$
z`q<1W8sYgP619{3bxT?^{JB8L@-VVZVsAYB<OzkVRrz9o_>#9F;o(olr>FUBA*Sv>
z(aDkQ0+X(lQseb#LD&+Yk&#%QFI9Z}OH4b66U}Uc9`bFvtid<y(SpjQpd?9M1qa^m
zBWZr8Aw|c$cj)!E^)FJ;ElBdEMMFZm9HY+|oz!enp1~K!r=Co;9X5s1{{S0>-rZ^R
zdI&%MmZCkXGM-b++bsBe5bN{s_;qUFYjCJeD*L;Umvm#@z?(aQ=EZ)~tB^WX?U)nS
zk2NR`Lt4i%iV#0B5F*r``_$*tG!R@xBA+i_=FZEpUtR@Ku<g(qKU6lnOt#Doio|=C
zhI1k9lyYrVwCPhS-Kh34D;*&Zy8sNvs_%p@+m1nwY4j<ExsJ9FaISCBV4X)p;i9fD
z_{c4fsm#8~hHsWsIT%P=R?pd&In#?*k>q}oZc&9=onhPkKyIwK92O(quaMemGchDo
z&M)^~VqYye!!;4z;)vV7bH=xlov^g?iM-|Z1xTmMi;K~75>)+2VN8MDF>v7s^cE3B
zQ`+ip9zHU^1VuZ;B*(#p8mkGLtBDGaY`EDhp}=uxX>I%>>yB}W_~w{xT`ND#leMG+
zJF(U8waM#&#ZX05ylO-lu`I2e%bAY(u00ex%RNUHxXBadLWha&_hg~}_1xyvU*hVy
z#YkvY;>O2u@X{~eG9o5y95$qvGLrm*{T{dcPw14SnGH&$Q2AI%su%a9&jUSHoQH$b
zbm9ne1gTG#HO7MFJptH{wz+B#myWR&RFyYB8{Av)53M_Y<V1Rd{QIFIh7yuYrH!rd
ze+VzM4a_+aq_4cGlv|)=u<3M+Ps<)kIl5KyzPR0$!o(aM>nG1{O4^y{Q8lr0q^|;}
zRn~z<+l4nV4z;gQ=k-^k6%xwwe-QXV`eo6M<@il0v7gs>3CJEo4NHlW+rQry%uV${
z1<w8i5iUphTQU|+Hg>HjMI*wKvA*5>Yq)Kj?j^I7hcyY+zfE}TXOubZNAUSCB@x6h
zKXoQeH0o9c-(jSWOwpoWh2ZE>%Jiw~t^JdnpXilR;MTt&u~c=VVsI)+Ku_y(8>pjX
zR20BD`NQ}w;FiHb%>F%FTcbUn5tGEXAcRnkV}9Vfw<b#d!s|T_r~U{^!p{-=S^j%G
zY{WR^7fQ2Yn$Ef#g&GL?^c+K8jUZmBrQ^7duzqP>gIZ?S>c-)a$&2S8dgqGfWP5ZB
zzT6an#&7%r1*M2{BayhIpQ+<?V~<{m8`}!Ix5y9Z(?ov!qO?H0cKDdN&u2lBmhC=M
z?Ug>Cp~#P6VP({>!CI4#K9@;;<h-6w_03;$U3uH`FM<+p=*?`{7k01NB1}+up(FnB
zeai9cDWnTdOlG<wgnIkdLr8<9uj&;FY9^)s^YGnN33@O6V4+OIoc?R#6-v5$VOJ=-
zsK2Uzr#pEvdGr6i?*F~x|M%=MKLzE?CiSqB-}UV)k4HKndj9Pbqn{pKj%J5k6sxzi
zorZkdT7|`7Ti*5rc`X@nsjBNG@}aIc4xh}+W~x$-prxrVlD^PA3=gXX^m%bcmli3A
z{stW;GrhVRo=Pj3oUH3&`19!@usG%4>?39z>x_3fW8__JAj~G%aomNc^;JP2HD2)D
zGR-kM+KhZn!%i$o^LXkg%+3qZkI{o=P67V!*StqT>2vM-6`a1QZLywi5)U}%x#p!A
zcTLdgf+vjA_pB=?(1$7IGPUx1jJkHx@};RmafhU1%I^=&#uaGKN_z!RHNh?Z<4_M-
z7e+4s<4x2}Sx0c+Z}jgN5KBxbuJN3-3ncYQsnQzKr-<)QJI@SANF6^pJme5cNFD9C
zFjq^jd6|W1lzk_-=M^2|N>eh`RrEkx1;1=ZSVBvkiJYU-=DrCUShp9e0aACSOJ5^3
zThq>-ePj0da}oh?y6+A<)p!uw)nX=iFniEm1J7waPkBcR%)}BX+3*L<4eqa@fc%hr
z!fKDoe(L5{@Mb2*{ueJ)O_uz`{&0-|g$#dLr!7m)qu~Ae){uk4G==w{;WEAadMvQH
zMh%<hi=VY0F)hcUm|FJ-f<|zG(KI&2;qT!++)~JegTMtp?E8uK#hYHXjjg+u{Xu#`
zRWcUvN|X7D+T7eX3V57z;KdgW1>2IOWM18b7K@#!3P;*NS?q<I0<;*xfl)lmC1wrC
z@`R*1z0X(ppXK#G57+MIM)`h{QY!sT+8LA`45t;3ZvxstgWl$(AJkls`Y6YFKB>?w
zY)#_ds^4Nv6%`9nB;e<v8{;CQ1C5Fo4}Ls-pTyB({xF8e>rGW}p;biC1YyQGBGf#G
z=i*>pi&@EnUo(}&f^~{$)J&8?zq21hr7&-Fj}-q13cRbuLjhYA$M^T2EYnxEJqJHG
z=Zk4jP~wx9Fm=+eyvzJ&XWDsKyGr5+E97lGz`sPVPJprPA17PvT>FE~{vHGzhyQc5
z1%a1y8s49#NGT+#tLdhk(_f}GsPh;+=!q5D{unV0ke5_`C;!3h=aJU`3Zr`olyy}J
zyml>ig^B;{qPPF@CJiDjKtjL|UmMzB=mvDb@VD|p$ob*vUJR5rQ+}gPaqGG0b4bxV
z7=z&C^FL`*8xelq4n9LQ<_>asPu=$#(CDLa{lev=+yM|36DzE$8gqBraOcnJ%q9tx
z=_8JQ_{m%b74-0qlYF;8DC(~T|BwMw>uWc>d)5&Gt+O^Qqn+xn)2fY}Vjast$MODY
zLFY9es>GMGY~L~-Jp+e-Xt(Hj&ViOurK(d6I(<y><jo?bHoalp#4~2WQF8e84;gg~
z{^_rrH;Sm=TWUSr`)={(9u#zL*7=M$xJCVk*_OL1>86&}M(8c&!}P2FFD$Q8(|suJ
zREtx;lLK0#81HmXhMgqgk9TJ8?auFmpRV(_Th}VCjipYkM-RGas$>4zoMZ=1Ec@8x
zm6slm8)=(q3pj)H{im8VM2W4?-MUvK?6j03BCNhbY6iE7W0P!pU#oVUYc!lAYmvFv
znq~?fjuJf`y?O*+*3=v-OFTYlsW0Q4*tya_GV&cW@2%}Y)EiBl{u{jelxh#<W@7rQ
zFPb4M<Y>%b{q&?=!*9MmFP*zp8$I%V0{pM!*7IMLEjT%5Q$_QU_5-zXo|>M$R<q1Z
zvO$ujvxR(d=4{Wp?M${J=qO=hI0~YhRy!)K@iZ&z8h-nTuvL8sU&g=so4|Q*A9NPw
zxJdfWpEX{T^<!x0MsvHmB6$$>h8H;+y2RXb$tv)&#t4x3^4CZF{>b29TI2GiR!*qf
z*9GwYbFZX1#X3?lH1t(!<%j2uIBpk{rqd2I-<)rZwx>LlX;JVYb=y^3bn2eTbAXE*
z0S3?2sUl*U`FZLVseL-uLv`;;S@?h91n<7}>bleT?_n*#DNP;$N#ffNIl|I!a9|_<
zl4trjLeJ>@c6S&=hHJexUrRnd?n&(EUs<)0M`OV^cY~D(oeU>1w%?|tK&-+!^$So(
zv@ET2qaGfY6k3cv{Y|4v^=RMwYYr`xO=`-A<LC$GMVayRK+SOWVBLI~dplvy{*W(t
z|2}cQ#mEU>YDGEopiB#HG~eKwCe%(+HqSmv7(HAg%JcLC+fE(#ZR@WX@AGK;e;`OL
z8~RCr6rACf0Qr-;1#fk!xyfw%W78(TMVjW|&d;}yy3p(CQh6anWc&$iDSfFA7g1>j
z`fb#zu(AdUUVMxwu2r~SglsD}X&fx~XZZGIJ-UA*ZTWkxEK%2oLrb)h<(cU-DGTtg
zsZyh!t$NFG>t@Ve-U&jpQ6*pPco%2JA(1j{((te9rta%e4xvUkXOIrqbtmR%m)?Cg
z@RJ#oVaGpqw?&hx`D|w%6A}cHvi@hb#R<bAD%>kM3IZoVLvoFC{F5#Ity(@=I}Cqp
zFDsG=G4Ty%Fw}65fS`<tc|h+jeGx$nCfKq%Lm_Fgf4P0smjyZw|F&*h9r#*pFqasQ
z_MK4FB>f1ck$Z-ga>1EL!vEh!OGkbC0Aq50<(ZZiEd@g-XW$0`Y>#IuL#Kn(9s8V_
zE*cj9`NBM0GnQtq#x@Jbfh)PerZ7TkYJ>Gni-NnBkE&69Zzpm4;MC$A$OG_*#ch#{
z2GO>E7iZ%*7>c_`qkcHCTh<-5gRMm0G0RSjAWidVX4;KHSbTEGzYM~%mF8W{qQ81)
z_$@*@k7o?e1o?s@PTa}|qZ*fHwr#S>n0h8v6|e*@Ccc&090nBZgA!kb8wxlRO$mdp
zmXrti+Lx*F!GIbx>%#ubE!$G_@~<E5ZRb#F>7DM_B5f@t3>$}B4rx)S#xvjjUfW9=
z3cl^mM1Fq<XTtiPtVh8!^O~U>UwyLmB@|P9Tm5kCC7STY7!=3FAW9J-N@J`;#n$zm
z^cl9YpyxVR%MGLH7jSQLkJG8^`u3!<!=37U-rE}!nztzD5EQU&#`pMxg<3pFXK!0<
z2&X5v{JYh<>b<c1@YT>PY|J%-SgvgGDU#$m(&%S7$ElO)0!zcv6<{85{ODA1@S&8D
z?o<7LBE&Wp|L0yimkG553=f~QA3?rnqu<_Ka+$_DVl6LW(ZsFo#Z1NWV>9<XUfv<z
z%e<DOYsd0TyTM`~nkPb7UVYi2C7An>w`E9#I}G)jxnv|+efYG9G}zC$u+&M&{u!<(
z-?4p)kJVdhFtbMuYb+)bCt-ZErMBC?`yOnf*4a~KdL~adJ`Sc?j8^FasR=oN#)LP0
zzf+arfj?z*V!vKj9W5r0hsb;4F3Zd`oVv;j{qCvT;SkY+-_S3)Jt8$#^DU%^_};M0
zST%=Dc4+Br8qIr&t7|5m`=7t&$ewo2v*&}^MZleWP*L^+ZCAl_&evfY;Jpm~EN^Uw
z*FKTg)nXR-`1eS@#^`j=qJ%qXS@dGO_;+t-yZpz^QVFl+u|CZ3?ufmA9sFKi#V9U1
z)33Nd*+;u2E>+ciO$L<|0Z8iIl6?n_o(OB*vmw$bK6P)G*JjVyn^a53)`zC;#NUE_
ztL$=eWj(-~@T8rQ&{h>4I>7dLxyuRtV3iHV+F>6e`{#Yvld{0AAkV>>@{!W>*#Cb5
zOpYF<SK*x<0WSo*V}3oY+TMTEaQUGeN;;dQU^sPeA5EBvw{D$vXtS{tcLf!e+e@W~
z?EviV<$G%l-gmvvu`6N(7UO#OhUz6bO{wX6>`EaA$Jt{Z62mtX>9R-xj46U5AT>W3
zq&^|yH8_rZz86Vcx$|^5n;7E?DR|y3;jlPKZ35FPi^!Z$H6P8O;FJJKts9Ojv(=Z~
zWC%kg?&=Qnb};kbQRKd8XWMuS{^#hlSQACGl08j~dRO?`*3s5DM)1Q~A|}z03Wsod
z{$`@ad1B@rV!&nStUuh2URK*A!om~eJ{n^4x8ok*Mq5wn`lHErIuZC{$ifoicc0Bd
zB;xL@P{&DyYdwogb5tzpa05wP8=91z<w4eJ#Riub&uE*BK^#KsP9)5v9Sm<63)y!#
z1X_y8N*5?JR4g_*umjhw?LP~Q4@*>XbISo$_Pr}1YDbuGCCD0AwEwPMJjGq3Vwlkm
z*n1DXz{Q6a^?jKf{;Xj3bMYqEgwthGUj<E`GyJz3EnC*fIoa~3_W;Yq`~n1UxFSDx
zYFFiT)r593S^eJBX$_XhzRUR=$qRGL*QJ#<GlMKu!?tr{zZFO=k;wit`%K93=N@DH
zjgZ}E7QNY%cZv0XmXxL(5!d}Dx5^uQF<}ae5uu}(b|ZzEpUQcsM9Rz}94ETIw;u2A
zqrSfE%lBwm8XMJB+zjB5n}&D2d)VHU8vn6{vEuAlN>Kyp4ICg1pZsthVz#wU_wt1`
zR~9b-w{e;E=#MPkDl;-j$5<C_#Y>?2o`lo|WU6)916g=+G;c~+oDS*W%W(|io=)A$
zOaQJ~PTC^!L^tw08+=a(D`EVLL(JC0SrXOr?@k#Og)S;b>mCswv1B_!*Cw2EdWL4X
zgNQ$MKckfD*mr04|NYw1NENh)TAzx*tn$J=pSw>#{jmYwvg=!o;of+XrU2PgEU7oI
zTm%u0z3QGIBas%h%7JD|#r7Ggvq9SVguYjkr&8DcZ*q1e{MA)T^((w)ndk2eluXu~
zO5fyt5-+h>cppPksfvUC<HJ%-o_}-Ye|Zi?+2#Hz=W9CO2Mf3g2lNh1E68l$bCg<`
zShh#(6+Jp&odiXJCwS(t!|U~BL!yYj4Jh{V2>NJ+@T5rMAe^wzACq}kZK=GmUNuP}
zy6xlKNH|lyz^D2xkrnpoQiMTvW**}S>tjb5iD~iha&qalm!WFHVw=I^(KSJK*+0=f
zS<*wKlj`R)d5X)1@j=I+F`vTfr?U@oQ23s)R`__bj`ZI;y8Xw;J2Rrs550Cn5D#=C
z{=m(B!?T@@W5FUsT1PAHt235uB<Y#kE;0nGuuFX@?x?N9kNZJRv2LysT#qrf#+^<R
zspSu;AKaXEhr)JU@KZ0z>zT?0oL(%8EBd_TAv?IBHNIyj{$?HOG*!Zfrj$$N-kY87
zTX1hVxfMK#<iko|&KG6nT1xeGZ*E%ffp~tKhHu##A6<KiCGLP2mkQrf&1=Un|4t~}
zLJu)hX5zMD{X6>EBd0h<6K}NkF`EBge6c;Oqn(!^D;u#4ZiC<KuMsdTKYpTlyz_pu
zA*<rM-PW~xu5)El^7R7A9#7bpJpvtb-zT54-eLbR19p-sxODYWiUkdK5FhL`IEOE5
zTVPUu&r7g;3Dw=6<Ov$iTXdm*t&?VxCFxqtQz@zJsf}2ZnL5r`Qkp@t!ZLoB|E`}G
zgehNaQ-KO<n-#_^TQH3MJ^=4jN0Ev}KZh!WMv$I1)eIsax1{Rqx{X0tF<fih^^HmE
z)A5;g9rmNK4=DSVOW?9xRN*C#ubpNGrVR=F-<xh&#}x`^@Xe((rZf9~@JU~SU;HZ3
zrsz-HTdlD^Ti>zXfQJm6&X+@l8dO>x69`0WvZD;<p{qm%D8T7*a!I50$#`x(vngD?
z2vVRZ3E7|?Qp9gKkLLyyXb>Jw8}ze>%-kJge+f6xM;Hb)=}%J6K|=2*ItNGkNOjc-
z4dpKohx1{0-lJcAw1G8asTK&;e_Zkv)z3?_LkD`EBl|niQ74<fh<Ycx60^=u2Wj98
zgNsaYro&{%F4Y(JQo<A}DiQ~r;T(uhq6?&=#0~T$H3Feah@PGa4gXFPR#$0$d7Hc>
zLczyS1%=9RR^rlF=*M~&(i2m25*AIc+`KL>H2GaKSA4lrhvB#_znB&Cy<5h8C-6be
zlRj$2`ppgn*D6<n-#9jHa#OoxeZ*0j^Y^p7RECD3lGRg0aXPn{8PvfUok!)?NHn6&
zvMBCb<9NKhIDBqVNtMk(3;Y}HP0SAug$3qPpeG(KCIA?B9t~<4+8~BA70gZsYI!x2
zf1p@^xZ@1BzOtcYeY4?}`XFBAMwGjq=?zy2vvKiP9xb{icI*HL#Wiv`HAr373zJLd
z&Qz59B+GG5k*Z%+0h|@?+hO=OzHQVm#;^AnwyW*onv`o}qc5S`w_P9S#)}c%h;X#H
zI`|d!ztYqI>NP@aU-EOI1;Je9zsQ^rr3%>5MU^UO8Yl4UxjQ%e!aPkyy=~HoZwVER
zqgUu3F00Thjy%8dR0gy$6J05Fh5CW~4Em@mE=%P_5kHi{0ZWMB&&5&IV$hSUvhu{%
zZ11m}A#dnq-+ZGfTqdq~6I9-Vb5Z#X>~AI&fU;TV*#(P%+W-~JgMtWDmL3o6z5Vf|
z_(YwXm$~fVwgs0y`fmlx{EPv3NWd-px8g~CeLdq!LE>}}Kk?B2qFNon(~b~z#wRG(
zWo9UINWg%{RFkwPb{uUd=6iGG>X>H@VH>W%y<4}!SZ`V->Y!w9(uwMP4a}YV7SkyD
z9JkkyD1`>r1NNT&5YTj<oc=_5Lv%fX+TAO4Jvp=))+2DVcev}$t47S2owB*kslQgF
z!03@uk`wAL1w|vkPDxIk<k8mmGADi2o5=f;V$hHSoEzcwhDQaEQbz!|MwLfoInt}c
zlyTeSK{|T8T?uBc?|*^L(Wl{z_gdT*)d;W>a=P>bxImrTrq{F|uC$!hHBbm@SI2`e
zW;Eul|DCnYP47b6@(B;Q{+)D^WgXwGCmF;OM^3lu5(PMExxTl;51or-=Q7n#RM%cj
zXniB_bhrjz&;=eeoD=k~<Di#sjMS_?0|q(^e3UPCYBbtem9s5e2IyvS%#)Ll$rIYp
zuE63i2{L)*?Gf_Y8yjrfm5h-kaAu%eOsKAdIUb~+d3z7P3prJ+MFzV*!pPk@!A~Xb
z4kvO>4rgMyew{mng_f|LHLKQwHr{!IysZh6CmPcGhpL}`ymjAjUWOxnlDY`79rX3{
zWV7yOgCE05+O;5O<JIX;vLDQ~)c=nx%A}-p)xio<L<nyXoa(G#Y+-pEs95tW{EmHO
z5QCP}1dr3YKaRPaVzlF~P`#p;Z|)1Ous1wbGrkUGoS1opMwBeKz;Wp9x$|d;4jnca
zt=yCxE(S^?4{!!qj`bbG;Dw7c4gz)zG`BOuq2dgjlEySAD67y{IgTa`j-4cx$#<wt
z_;M{2t@MUnd@PKd{2m_iPZq9gV21K5wpgGVz|JJb?^D?5K};}%hc4lQgJ4W6^Xv%K
z*`p(ATVY2Coe2>~0sPDo8Pf|DDFIT73ox*>)6xj<pN<i{N_HxF^Sl5TX(oN+`&^^}
zW^zWm@}m;f8UCRYvG)8Ot6B}^QxVULrS4PyP&RQ!ODbUNn6>Y<2Y}dxP3xMP9@Udr
z+hK%huVwi~S4|1b_l-RQx1`%*VH%shUUGv2+@O@bN@z)_EZ8_U_<CP#%H1)gFAevm
zIm~n>I5-qZawgFV7m>xwryhhX!Lo1`m{DP3k?itKotzO1c{TBSg@gsx$**q`-7&gS
zLW+vp)n(<>$G_<1D<tOlS+ru^v>Aq1KEBriSCXDgohs$-4_j_dgyUX-EC`ipr+dtF
zr?6cM>wS<R?d|FCJw(0CkdLZo8F6HaU%yVX%t5cp+nvjsIT+Kz&=7UQg$VsWvjFNt
z;ZkHq7A)rkm-)u&zqEN^u3k6jqyPmSLgZQ6kB>eC_q-;Y%y4w%y{l^vKbkQ3H!{m6
zU{FzA4)s-leJdzWoadZIP<zK#W=!q0=jFc+>2rXyg^%nnp(l%l>N=b;pHweVGJ367
zCilDE^!LM2IVzAIGpJ)(AWUI02sKQljVS-(*I#5-zTIA^VPftKg-e+QSA$-w7CUkg
z0D-?>avh8D-w9-pme;FP$pNXhWGa!19klO<Vm;Z}Q((uEKD@nJ<9}_dFCQemZGBrS
zoc8bA#~!)DI}UB`^hQ>c$zNWP6N{P1CB?X&A1WqV&YG_nMDhGY&zd<OY+lz}qUW#Y
zuCf*g-qH&q_8BJF_1b^h2gkv4SMHYVhEjcgWVPjGoA~DfihWBBli!XOGdj+%A-Yr+
zcojXWzSD*A;TxG#uSd4MVEpv1#P+~J1KlJY9%86fH{JN2W}At(;~cwWiL*&?5G`GH
zT-`h+v5U<mN!?!IvLif|-hgJ`mN<wBDH@y+HcLH|McItA-}7nF8|#9WW+;8R4AD{8
zJZx0%2|7BxXcj4d`mN7L>#A-|R0PI-+&~3;%_oEw=qKU6sEf|*+k)^j`(&Q5EUz}@
z7i3v<5bzmAmVqeyrR6OAk_Kt>>F{ZNvLW!&cV2{Rn;<cP$tRfGdfU8&W`D7t;J3sT
z{bX!HX4~L66@p$W&L`H>xIk_Xda?}H1m#R&!%sc8QtnSJe+ZGVz~EIX-LtXZFI#ZZ
zQ&{h+Q6ds>Y%Y)cYuGjtNUmXD{OGw98&;=njaTQAaEIj;!<EKOo$+b?1Q06Gk@={x
zBj9Vn%p+!()MmX{Xb5%$N>*{+oKW5YGSmwgonHLdsyw%KWPiTB?7&QhtY1YGDQ)@R
z;IZCwKfYuqTZG-6>F;3BG^28zW_G=PtTKmEF~YWu$xU4T`TyGc%CIQ6wrxNfL9mb>
zrCX3jU?}O38akvwx}-q_MUd_qk**<!E)}IgTDn1E=y1sIW<Sr~;&b5t?>OGgubbg!
z#kJN|=XtF)1MFWASh8G;g(kJR-#`u}AHRKQm%H}S|D~29<*bi|)f(NVA)GBo#FZQW
zQTP-OZ}^lg*ELNK`tyBD(0Y8LlaN2Uxjt)h<tKu;iu1PqOmHU#bAa2~*`llP09BrU
zN=l<<Dsu0M)O%z~FEYfh3S4s9?U^R6kJU;4t+W8S;<HL6A$XAR*>p>M{w0h}Q@_^l
z@G#pA^FP9O^Qm`z4Jh%5v|RSFey)>!Ch}+RVa`gGHuQEseXjFE(}wn3CD0Gy!@eAY
z<F1V+gCnndOA1__tM2{$kf8SA<#|B-)aSc!rKKf>$KjtX9-nj){qU|oc=uv)KBn*d
zxIeMS;1cI0hC^6FkoDO->+Xx0S$esK=Y@DyA#-cBhwr$PISqV(q>yv+`aP28hI~0F
zWAB2_<V+mJNp5QS4!;94_;0vfzrN1_y+31xihtd}6_M)7f=RKU)|(FXL8i)kn<o`?
zD$HJH%Rnv|0L;BnnPtXCe2;J4AwE80?mj@WVP^*T32$@G)<6c*^9PB3WnQT0QDD#`
zoDONCKhkggU_U<>(&r}mZ+-z5zdg|eprEdqe3y;+)owF&L~1PUvhxviz4VwZ&9Vm%
z5mM)|pWie7=FH5*q|M#j<+fhjtIN#<-vJq>YWfa`{rzEPsvl-jFW=%Tm61AEM3Uno
z?Q)w#EBQwB>!stZZ*>R}=#5YH7ifAXyMWx;NV-h|Kl0w?nRRFb1J}Zf7Wog+2-qnA
z9iYEe*jTb_DLgQ@ZMMG(FMGB~ibTfqZ?}a#{!NgmXrnlq^aT?CIB98Pe?8J6b{7Qv
zILy$pbJ)fapf9kF`D_Os{Y8X4v_*cQrgmXuVtOm3vEcvrEC6sv3|JHT7-%f@#X?+A
zo&d+bjZ9rA98ijpy~8Z6uisdIdS=c!i-efYRU3Wy*i&Fvt>d`61F$o%ft;W?4!Fl%
zHQV<vdSd*TZq#NZD9Y%p>e(XGiik-Ji`EfTt*t$>&aO#cn_^J6LhfDBcx7j1e0E3j
zrhN1Wy$IW;_g>&*j#*lrnny}&hP7LK5Ex<#asdJp2)xhhw%ZxF(Y|x1U@>kgAPXQ+
zMMu>0R3u5hSLJX`y0O<ybf{au{Lrv7k+HL1CDL(0NS?V(vh1&oM0O`v$(Cn(j+>q*
zG)Zr)?}D3WY%gdP86_baZh5NjR@-~!#TRrO9k;bwm14Akk6aIrw>bdhY0)K)6gME#
z_x?+YSeJNv!s_>@ayT7!)^=u2-8x`(ToEC~jgxWeyObOYZ1ZP%q0paiQ-`ZY@cZjm
zgdHtM1WmqsSIG^W9>mF)vkn(cgFaJIvX?KNkn~HgL8@$7$Ma80#0g?1CLZ&j@1%+D
z;=cWgb;(y%O9RBUZUqMe?%&%(`7YX+!5+qP8q*{5Q#K(F{3yuO3xgivc?tgEJyfB&
zQXG{6GnbX|<0oVZ4H>ONbZ_cq^?lc<$BCT-JX}onZbfIBZ;Gn)q1Ry@)(zb)4acdZ
z96LfuJlfz&UOuMsW>n8ttAtvj)M*bfrRA%^bY;rQI1x<%?#oWb^E?VsQ?oNzuDTEi
znW{u}LU;;%ujP6;K7sC(<9i&vx529$$9CKsU3DIUd&e=;18(K&sD4XxYGBVgH6BVI
zKzWZ^<WyjM$?1TE9?5Pty=jg%r@iSDKpD%bQ`zAH(F3{2`;ID(vNvqWCsxg{yI=4I
z0E6|Gl-x&J?%3yBfU#+N*`nFj*XVZ$nH_*~No;oGwsZ$SN_JZ=7aa2n6FFe$t-Znj
z6GiK!m$Rm2Lf&GkA{eJkgnH!ghq>+TlLutHwzz8__Q$PzCl{Je52M|>@ZSLU;ykj@
zPmA3_yQG=%c!VXcNX!o}{$37nA)0yGlqjx(8&UaESF{EePrOYwcSU8H@b*uholZL^
z1?IWlMZ*CVk1py{o6dQ`<Hrm|I+Z1&%YnYErT!LrwjV$FX1W%Ueqc?5o9+XM4`)$@
zK{Nm)M&>}734~uW7r>P2HrgJsCggY@yz@Gr?<!dvYeF`DD9V2=bduSH^lp62vw^fP
z*!F_$*PAzgb`=UxP}YiGB4+UBLog>kdx-?3EA=E1)Nml&59>Bc)AHpR*lh64EGn<$
zgaiOQK0|LJcpD&#pXt0U*d@tH1F23Qw`jg~_paAF1NLE5lY+grj@{Z!gcOBO$pxo?
z<O0D~-iYfYA=DU*zbaMk290CZhQj8T#<9kR*T-swH1!48FN0(zgzx1dezUW0MBjVB
z^HnsJ8Cu~&6VaV>w4KklAoLa^6ckF&&9&(uvAs=4`aB844RxEtZ9O^z6^#e_wo@;g
zY(P47FwOb}10|o*dTcmsjNAHqb17!NvBFsQYs?rYM>GR8&qLIP{_9h@c>vv=HpKSO
z-<{ra&5~PlZfHy=-k{F4Veny?hbmZP0NhkrHVo4Y3VR_&>HR+3S-2p>rY03?0GjqX
zEI)Z@oXs`rsbmST$NdLC#7*Jt8IWl#aoYfvf$+-glM}B2+BT~k%}VBYusaZ%-uzn|
z0Xx|aBK&D3L?Ww5^2<3rxT$H3_TFV}Fe<G96Dy_ZuxR8h0Zp!Gw{bYXSav<q-$tnD
zk?&snNaaxJ`AgEDLmNCVY4LwNNvg=I%r;!>@3l&5hDTQvnx=+XyS>s2tb9ul!<AcH
zlnnQ^+f*BOzW+hgT0t9Hz$OH#)gS$`C)dz-aC(}&5`VNMek1Db9j3PRn%#9TBnC#m
z+YGfUS&FNp=Zc3U@rrAA;Lco(+he3f=ccquN&V3cAC{;uiCDk(z5gq`nA0JjPX*Gb
zf4dt0y}REG%}od1wZ8YMdP8vLwlG_?5NYHl_j*38GJu8ByXE5!K+VgA3u4Lm<D?O+
z52&6cRJCDhu>;i|&KABEh_7>FKoP}j%)`nAr=^~%0FeH7r1NOjQ}0`b4bmGm^B%{e
z8Uu?`o!62_h0ByUC&N<QmfD5Mz{ln=m71~&TX@rt<*}k5Oy__i>p)9HAu@F$y~xJ@
zq`6tpYbRuc%x2PS=1f6BWRPNUFASluwupvY*tL6Uc0QgWk{L+CRocm)lfb5~{ay49
zd}zNeJLHbSSaAg=91dM6RyZF|(uW>J+N8sZ>Ze~E8w(bB*HJG5&_>8X(`jpcpli~U
z3HI_c^SxuGlKK;~dDcsd54-a|5N^$jk0JiI3!bBX?=5L<{o|36;L|6<_Tk-X*FJQ{
z6-S7A+m*5wv<mOPOcn0fyD_=@wKL1Jsx$Mj;j^jXG-dxq;%bhOtrKY}h*o_l@=!bI
zdbJ)KC#v;nj<;m^g;%i)Z7*1U2YEv<liTS9a38ns*|7!&(s@`%VOrU3`oJgLl-#r$
z%u>DfR`w#+NV&X1uOobuC!8l~E9JtKntp1GRSESkKrD7cmP8~4J7yX}A1Np}E6X72
zJPKC&jhnA!Ja4F9-uDr*|88+>V$%py;PC)kMp2IlS5dx!&#91Lva9IM$XphWA)+E;
zSh$|s4q@%_wYPlT3vis}r@?NI^HROfr+3sjH&%!dYs%xzJu`<;Wp`wEht8!~Q<w3t
z^lQ$50LG%fN}Rvl$Z8UZd@3e};@^VDWud8bmL|fR{nB2(wWakFc8j{7vB1L|SNt*{
zVH$6BoZ**MEQ*LWu3gBr#S-2-SJT0Tz|`6gJQ1f_LBU7E1v-K=oB~kSwe-oLLY=0M
zo*X!En0B@f;W^U#ZrEos)~Yz`)1Y@m%h{cS9D4p1TS9TSt;SzD;#Bk~yJIAYkYvZ6
zC9svTPIeQ<s;oufROVl#9=D}~JXD{ctH`_;%So>kSW9c_Kj|*vJ>Ijc2)5p^_>w^7
zUv`V(6j`(0A<@&$4#rzsm<}5JdrJ_$(R|M(s&2zr@2I{FdUeL!A2;Ogo_s=|jAHck
zo2j#z4Fv_mPjV|g|0VX)xqI{$H5oV>Ypc$Q{nbar+-j8Rx+lARhv_@GTp|O1>m;DC
z_8}<Vnsugf$^@6Bd+G0BQ1?ZgjU)i?|FTS%|BixMg$?+)&basFfBU#!0pVXy;3U8a
zD(+JFt^N}h{?D7XL?A;%9IGh*?+yPmB7ZJoAYxt;L>an-B>f|piz=Xr2jJ#0R-KoQ
z7eVL$wEowxmTcf=fo?aH{J)Fw{`aM7Nk2chP9^%{rJ|zWy6D#hV(g?%6g8?}cJ8+)
zK$NJ~RnKucE=9z@4JNY&$R4<+QFDc_93nPo<}OhEXFGZ`=Gt!!{~D3B6Yzp%<27aP
ze`NFfo6W3f=!KJIv<z5(=pteXcwxW`>;2LH3gEwz^V0#!hyL9VXxRU5i2tb4|D6pH
zk-D^>^S^qr_&~YBiB+H7O_60DLNbLsuHQcM`@0S(!Vu6$oGFyTDSR}2NT)t~XOW5U
zNQbapM-g@*w*TPGErEyz{Wu*8ZvtZ|@1h2}#w)ND&I^jRi#NlBUzheKJ2Im&i-Bq|
zy8Lxcd{y5`khkc2_!Lx0?e(0$=x&okC&Xr-aRIwGTyN4PU*6(pJ+2R)mu<sEMZb9;
zuxLc9g##F9OQG7p|HetA>bX7qS>&_K{fJ(dc%9+)eM@w{>}WI9r^@ILZq6ixy$Mbv
zw66m{jcn-e>FSC~Ns*0;)qBdxSx!q$?J!a!sh$1Fi?MB*4e36fSyBS#tcby3i5};r
zUKBUX@eAqc)n-s7-)yn7w8Ph@j+g)pNwnwj)1!WD`&nI5?l{rr1~l@4jY*!E>;AxJ
z^6^jJnG)JV{e<E|GR3~EMyZzOTX*Dq+zBltZ|6F9WYUPPM<mm_9Y1OR)=VsFJ@T9$
zcTNnII1Q>EoUF_?0b#g_=0FHCq`;CWlYW58mJ)4Y{8SD70U<CElwd7F;Ipt5nla7W
zcl-&_mNbWF>=v0^0C1@#1?OBkU`1>6j>&i&oD})MB6W*Z3{{tLrhm6w+u>G6tmpMW
zF_4*mSArAh8hVsubB#SrdqlnHG1~S@pp&Vp;&_L6rvea3L;=&GRY-UV=ESp?r{5jU
zSjS$!{jjy{tXL&>40c09FmQNySX+PGA7^BW0MD0*;jZ+D-SWE$)BWq!*qK3qu^;>%
zHuxX~g}7(-)lYK&1z-&nVF*b}B5e9*4hqFLy+qPC{pSqfuGc<@&X~w*>$6tjYbT#a
z5rUhsX=agHRb;&B-#v+>eNb!BWzKA*@jv0xoClU8Aicwn9Ig$%GBv|Q?@;hFuARu$
zB0^hy(9EI7)>Vk^zeD)YVM_i{?lT&14c@7Y$m<BV==JhLTeC!Yr1dsXCp6>0xg0K;
z7L_(tTC`V#VB%lRELg9I79^*==3%gg^a3!So#XnZ#YU{JodC(?nY|V=>1GWQ-)MMx
zU|sf_WQ#-ROsiJ+2;W`ICzZR`TzHdLd*h_O$V~Yw+Ai>gBJ}l7Kol5JhbM(Poi#XL
z>{gs7-13~5fIvYput=Ih3{S#gcH*>lcQG^!kty0RR%V94Og#8<!|{A8M+gZi){qqT
z@Q&Hr5Rnx=KBCW4zAx4I!aQYp_v8dktKvmssQZz6;@PBpuk-R3d<c};Jat%~bhwy$
z4Zs$FH1O%s4bT2iMaud+Sj0VHl)gmY?-RBfYdd)v_Xq4CLbW*eW`kWZROtv}C*5oe
z4TzI8XgkmJ80{L)v*f*IDFnNZMG)cq61Fwl4+MPy$m%rGTL&6h2Gl-oj(X`k$sgNq
zVWJLrFz=v@$RNTAg&>=aI^v^NXzESfS|GOrPx;|wr~GKlDW`_@aTB+ityN)HmGddR
zEaTT1so|#kWBZ)*%Qc)^A9Eyn$ESjg$8-WluqD{vLn`?BV?VLIXi3Lvb27$iJ3!Rz
zOjX!rmb_O!bNdu|kTQ{Ri0!^PzrqtP<Z8nJB!+tnBPBk1$7gxVId9Y4_Pr)&zkgob
zt!izL<(*uvITK!=xy!lI?!R=eH~vuJj2TiK9Y#-1%O2WfK=9m2w9R_+x$2qjBSPwJ
zs~dvs{pz4kyH1-rZ1LraLW)cpg&^Oqa~+Q<?oZ2@QD<gn3*CK7DMALdlRRBgs=a-P
zaZ09~lo9bt+wqOvM7G0?&hWNFk)F6ZtguSxipx=94PNH?H+t_S{DYvi4MR?OspeDQ
zyujR<jRcPI?QeMI4O`da_ZHlC;d&;MNAGqzk_SxMo0u1N@RXv%r(aBzTV%=JK}b3_
zc)-^ySO!QX*gq_@p0u*<=HY-hYdonF`D&pPKD)GOi+f)>Z((+_^6Juz-CPJ95spdB
zc4<W}pD1lK?#n`vXbpWk)<V+QAVXsv2f^&2a+&!_6KI3$?zfG}7m)Vu&hpm1Iw~KV
zoWq(^roK(=&B5|<jGcvyLuqfP0N{Is8l%F6PZbGlhIHwYsoG|5wmS3O7gnP8m+l?#
zAfPx^X3u+?kyMY|SmvCMuW_8<C^9|5n$J>1kW!YJ9dE2S$@6lwy1iRfM{u034l1oH
z<l=Q9-M;4B$^t5N(-!%%g>Kh_-^ZYNa1ke>US|%{^Rb^MGx4;Ak$aB0^mk4;*RD0T
zX4$mD%8cgCRz}v6N;<<m=1ko!25D**H(qB==8bgl-1<Q}w)v#jQT%ussE|kW{-E=q
z*0PgbTT>M{#3m^mzW%n;K$lo4s2&W$$9TXmV&E-9-{))Kdsy)Je8;nFbE-~mq_bzI
zuXd^I5m56l&_7%KIm@*ub=f*qrnj#Sp<;l!k60=XZCtU2HSNn>Z@@v&G$>BD7E&j*
zxVUj?cZK+QqFWdt(riR!IwU}4c*{Iel`$Gv8}zs68fXKg9?vrdr+Mv%ZS&_;#g9y#
zbv>Fq|5DNG8(~h@gh(u8<=K}Ivi)QY9QnB0ccN4EoQ}O|yL94_eW-b(9@$W|y7jQ<
z6qctEdrFmHQLDu!QCINF3P@SFb#MCo#M~EK@I#ezow9B9(qsO<ij9+><(pY$HSR8x
zcb31m#w!UQn)QZH-w&6M$yay9Y))A`J$IBp4%rg+#&{r@y`NBbuv5O!ixIL|!B+L6
zI%%Ukr~b4b`}q60OV#yl`9t4QA>Q8Qgvw<TCu;X*y^%4)yR8*X_cn<b8o)s-H)+)J
z)yr$~#oqa>s*fwTBtmo`!kkNzWF@wJ&+QV|hPdB6QhMKX^y<sJl0u}QyfG01(`0wa
zhUc6<&0S9eroC4FCT;q2mi^+5s>e|32vW4jRHzcC(i0Yg(ywW9@F@@Kb`ib)#oK+x
zcD<8iZ>PwIVeTgbEA&;dM$}L^K)7*tcdzuAyKF&=)HZ82*zS<w-H)(G)z+l<x~1&5
zLx}A*JBr8$V8!sqBvvmKrevsi2Sa8G*boas{OfCEn=iiYeTlyh(f0~UJ^WhG8?77d
zJ1uJL9jA9N%_KN!{>+bewu8!$i0*zwKiX_q@C&Me8{zJvmCr}%l8UoKdIYt~%F7qN
zj#F)+7r4~+%%9I|<{anPFCIdnhuE35;A-Q!6DP&8R^9Na8%Sjfl;h-0-)L7Us`W=g
z6Uk8Xv-=`vM|COn83lx4EB4R4!oUk?BqZr%5OQNuM~i+;s<V~J@VC(CR!%=f&!_^u
zik0{+tvpSbEj`tkkB=I{n@W8%PL-;6q>`z2sUy13W_x<cx>bpQ5}Fv}@d^UX?tp`7
zsnwAp+M_z{x^02oL1VeDsvn!CON_y~Bo4kxz2@Rww{Br%7l4F%Ta!Kw-5);DqC`dS
zcmm{lqt#Ibo#>zRURb%I$aR5P{EwpaODytoM8>5H;LfACWGKKPoNU)fI<tp~U*yo1
zsbtasQOQtt1%R1wUJ268dCM0}8l0b4>pWjs6W6IK@t%%5cp#vQbfKU@@0S5haHLNn
zEPMxciP;!Ga-JS1x`MfF;3Nu1wqKv;Ssb+v4iAwJ^tExYqorfK?fQ8my?>QLiFi0)
ztElC<;-PT**Ov^X5s5S8=hnkEdlh3aJ?7d?boy!gMYpAScC-}`;l@c}QPzI&Tn^<L
zb(0UjOhp})&ERb2xLs|_0q=R#%FW&F?c(qBMEk*#o0+W>-Z#RC5#v6-yUu~afnFb0
zgiRKz<1?G>3UM|UA9z#12qKq0djZsGBM|s?jwHirr9l&c%W*~HlE*m&F#yVMvH278
zh-I*1y-<Gq2DGPqa)JY<n<th#D(-U^c5<J1NgQ288JPA{K!Gsf75lI0Y!sqQ!?ydg
z?HAc?8d+Y0%Wwg?@jS=%>9RZ@OmYr=W1-SbsxCQFaQeehUW&T49{bf@2BxkX{GV@#
zbeF!9s7<o<IT=vUtNT8$g2fw7=Tf&yUN_-95Dp{wmfd;)hon#_+)Z=;96SApnw?Pk
zn!o+Bx%ac5Ten~la>Z-(A}5bqUFSJGex_<X!BTkK@tC!AYcnfbr-51lBsf0hHSCaa
zG7!TnLS(bI-xi^>m@X=Wct?*Irl(}orI;%v*a4&X|HO+q8*x496br+SNd#Bp^-^^=
zD|paDupG7&$2yFgybmJyi4M}2Sv;o_=@Se!;wWAz<eUn4Hm+M?MsM{_CyGn}OZFe-
zxB9P!9i4uA5v~WEmpH44fqL<aSHOb^y0nvS!%ni=qfH5=&HU|KTcn^~#Cr*XyMy!3
z5B0|OHMsIJRtO|oBfsSo@MUL28tbFK#Ib;YNU|jt4h$cCU%?0r<Xl=|bR0Co>S*CO
zwIQY)D{~AbQQNOLr=TXS)-HDyZ+q-I4fjVB*Pe2`ZhHh=tv)|aL8qkXCC+0rWd(Ii
zdAxWn`TSMuX6)xK)u#d$$pjsIr=N2quoP~@UO1R|<=t(P|7^VVdtQRZak>NE5nU-l
zy%kZm&*%+|YljAHIoAeZjHjM%z=2vihmdSf_q4b6aU)Ga8>B|Q>{PDycq>9P4x8c6
zJSZ$Fo@wLYQTu@>FvP;&5FHLh-bY(xRi1dArvJjsY!O`#*$~j$&PZPw$xDADKGLit
z-p=QzLWN+sV6B0bZ`<mRx%8+o*TR5$u0n`Z4_{WQ?u(6fp0?AT*I!Pz_G^4YQ%oqm
z`%hkr@W=>re}rArS*LcJ^r)%-x%&D;K+h{#UB1`-v*mj?8KB16I;v|NdfnIGe?Q0#
z$U1ge9@j{4JMist^nHlX={q~vs6ogI`gO?_d$SA`s7LAxv6qX)z++`{TR13WU-$OQ
zfy#h3bb7dWefJZrp8<C{yR7E)=NjqN><8gp_}iOS&64|FT)YW;2|XM|b=s6A#e4N<
zV!PLBgLDVs#fwV`ip33KV{xf|lzl*QMw9cbeM7i@BtL-JY6LW<=Z6`~z4AVUy0wuZ
zBhBlJrv`LHQZn%1REIsR#23DpiCMK-yXipo!_{m<WKU*XOchJiPVme}(0w<q$hCwQ
zKjF2k_Su|Wwz3njetB$!qe$fE5z6xAWvQ=?AO+G*vzL9IA-k_yXqTZ@wUfH{TisTd
zKK5^THbQwsZ8?_h&OZ|SrgAIkd#<VWZFmVIp9PtdoD&b_YgFpJ<{N;I3sXqZY0lLO
zCR`sNvabR^K|JXebK_jv*rE4cA>AAo(_k@(-P^Z!!RQKn{=_U!4W_|v!m<ClK>s1{
zv>m%Ay(YUK@flnV#^d&Of15^Oe{Cpkg(@^&|5R!;I`6=ne=V8VduJ#F_-f8$l_Pxb
zPdQ4@PtzY84K`HX(6vd-W3AmI*jwbij_v+(sH@6Wn^rOqBfAebzE}9WgU`TwBO#>c
z*+hclVnSFjds*Q83;8u%b02Q4#?<X(-EpTkdgtL#A!bG5YXYKJCa2x#9Ty?+0DHFL
zNGo}3*bi2lFupe7r|Huq=S7;VBNLAq)=@af2beSuf{km}-_4f=VTW7VWbMy*Pa^P_
zQc~u4h{t*nz)eX@NQc5jclS?*qt?B83vUP@V{?{xK<J&C>21V*>Xx;~#ad(5tv4gT
zlyD$jeJFWx*};J1tKkA^D?QGS8V}v9><$5~m(zHz_Yu9&iRrG}$Ss(FN3>?$X#a4Z
zX(U&5Y<#?3@AB+U?|7q@W0l>QLwmQ28((q1mwx(ya^3gZ<$XbcjKN`Dr}!r#9i|WX
zL=4Ppr}}~@JoE}>THRK>zUUpax8!A)YCw-$JLHOe7s}@tZ@umi_S|GE3U6o;HtlPh
zcp;3O*bv_3v#a<x0%R=xiyd_cn)5a1)E9@%eLEdw11XZSCyTXp=rR-Z7l)<~KSUVe
z0+k|)TVEF>bSTL{M|jH~E>?-HuSR0EW-BCJGXvTIJi#nEUE=FDU!S9Vydi4<&c@^H
z5xeg{oT8aDzwl=Vw72*Qv^t+Cbkeo{0EC;Kb*lK<no(<PXVpE)xVFN>v`QC{)|_`J
z;KgmopeYIwa_5j5tH}r@z9W|Tm%M=(?qx2!R`}`t(wWz*uu#`HTi$sNM?#_2!?|>0
z_HuT(b&L*^dcryxd&|o^j8xV#ivHgyUeKDSGH|2$pdFMARKz{}NaJ*$REDY35DpXR
zH-yJQI`t+R12iZjp9?O@V4=EE4gj_6)qn{A68!;H(2=nRkms1*EgZIazib({vNu7N
z=R%I&b<6*#$wp`Ri5G(6HT-K#U>X!&e=z=rp47O^WLE9wo0F4zpU-q77zH&Oido)~
zwV4?Ju;4tgx}s^$mNMW_pt`Jf7r+%3i{vKzp8`AwMU{YyqA9A4xskTEb%?3W?2o0)
z#R11LA7cxuxg`b3(VO=pUM-uO&e5qoaJ@Sm4EDmf=giTVwy<P|T8y`hd#6BZqFDby
zzS_x;sLDc~z@<<8M9F?GbOFFYdCupw9dCdTjeH<dhl3ssM$FI{)cx=Vl_m5W(p`sE
zFel2y6vAcPX_D*{a?8!Xz*zD2ouv?hmh5XRcat2RS!f}SDBhycsepoedOKR|RwOo9
z3d#I`0^1=BO3PoP?}ukTV)p>|4Ok86;;942BcO|!1lLo#4}RDZ%!WGVR({pZ=r9F2
z>+vxGFJkRJ7~K()8x1nSmdWR;e<FP3rHSV6OlZG})Y`AXi6uA&N&%z*h;F5NXrQ4-
zmoMj-5`3x(ASMDsl??kbZUBPhJbf+Kw*zM#+jZ2#vcyBmo{z}E8d_b^n;fH>BZl3g
z*9>1aFS6X;E<ES{vR6L>p+P5<Rs`B?ubE_U=|Wp#(KzvqzD3-_;S`06h64;&@h9DT
zl>cx}uoROZKWp@^QUpzLd=Jgp13$lU3|(g*4JPO&5tJAB&I}-+BD@GT?}3CBu~3U|
zC69DE=kmKqfVeU02~3LP^RysVfnWjbzc9mr^rgQmnhtSaq{cMp*H+cXTn8$fWI&G+
zapkoBMA4wDK!840ZFQ`Ieq$tlu_ZLIz^=+1)4hH7cS7MG3Pf5Dm~&p8O&-agm<6>9
zK+wwRspcQJiC-04f1n<~Di?MkzgyDi5A*OJyr`V29gj=;tJ3S&=>K_=p#?zEJRah}
z->+l%#Vh^)D+oh$PGx}U8NspFt+kC-1_4rR<_1K1tDf=g+qX22qPrtzx|>&tN?Ow?
z!%OMHRx~lRDE)t8|EP&I77&hGc<D!mKIbAYXC&(2!dX6{%-Z1x_Q2t5O?4vws_Y4?
zF>W?~iay6cShed!-YKDxcORU|^>Lg-L_`V5;BM*SY5>gGDF5h(R^!58V*w4(I4O`Y
zpoQBGG{gYCMhG<)5Xa>$s!;F9?Q3II&mhOneCOvhafj-4DZF?oNzlfXjA_-;|7QwR
zPhaM3JmCc}ZZuufZ==H_=Ssl(*!Areu73;mLIRnT$K$U_eA&i#Ox)4ur~x39O3G0b
zAg;CrvUlTq;p!a|@K~MvC;WucWT?y4PGO%lnR>Y0SUgxlz$d^AeZmZa+ZfdWmWuv`
zob6P#J`)5+LqbwIX{2b+tto^i!}`9}fYyn8b^D(6Ttb+7#3IofJwW4K#T~)T3TUNN
z14{yRKhLA;>}!j(hZ|dEpA=0_s3~;31k2+6*v@WEr4u4R6i=s~2iI=sI!P&fMFWfg
z=wR1rB19sHkp|dbAIY4KD~rlZ2QUHX$K$2kr&S_p1OFuMg5-Joh96gVyZtzO7s3`X
z;SL>JHKp<(61C>FvFL~@LnAF5o>z#b^z|VBnpC~?-{FGNmY2WFi4)|}MX1+kH=N~Z
z<e3!o4zng_%EDKHgNS$9ySqa=K~LMw!0trSulxuI)9FWFzI?0&_p+RL3y73gmQxJG
z1emwn>I4$h5xkbegsIUE0lO9Xc34%o$<U-+87UQGl)5O5T}W_dqOZd}ztR1Y+k_X;
z@ii8+!3p)Uq>AYEVLh4*u{-SsJaRm~+-yt3LyFrqORh9OL%>MfmctX>MpJW}cIv;V
z_zw$=wpQ^Kil<Lhiac0>GtUJJi;Lr^Gq`x8kMkOa^7P#CezdD&33PJ=uxR9|Xz|$S
z(pzhsLFm5BB(UAm;FN5Z@-rTL9l(oC(*Pc&99XLLXw8D3<vA{7sTeiQM^A;~f+DV?
zjg@(Hy7k@x?h|U}aK@T5Fo4yZO1=mOpI~$xoRFXIL>cc~lw6JS6l&&`sTJv~GO6cT
zy|m)rvq6+0#2umx-nUhx^gsRL^8PO3n2mDM@0H4I!bR08b_*LIx4QfMpcy*<GLdZW
zfZ@^o!$@3(F=^M&ccZk58sAvnkp)-*KJ43frDwBaKU`z6f)0)0zj^o6df4H*h9K=?
z(s<+yJDMrA^1<?Q86$5ET`^!(7baa}$S)h!4|lh$%xvN&w|kb=2erxogN#ndK=AY!
zGv9@$HwLBi;eRWkBA*lfvRlBD{~pnIB9=}D0`<+G#`y-1z0FYsy(MxP(Y9|h5QQDc
zZ`Hq9UTwp>=n8~!LE6te$&$TnY6%q$rM8}%w~VoYrCC$Rpwxs#C{pSb&$=!+@yxo5
zumW&~ziLQP&@5TO4_S+NMPmQv-A8atYGD$$u`kc(@*qL17acE}<@8_f_!1}YcYHxF
z+a)VM_>-6Tw}roa?!S`!Puau2a`?X{hq6gXrZfA~r?uBwG|xlt#hW`^Z7QT=0E;Ej
z9<N!9qvrV~AK=*&qH$<3T!Zr7rFfS+$+p)dzPvixwY?35ky}M&kCgR{&cjrUim7P|
zhBqE0K2OT!Q7~$}U8wV*#@Cy@#%YQ-<YskPM|k3u0ja(JUr>fcS8@sdQ}V)|Tz!N5
z$~8JImjhW%85PSf7}jS|-3DQiAKo!r+N8>o#nt{3r(Uv-ne`|EY;=ydHZ61&N(36o
zM6aD&S#7r13(_@KFI*X}gGq1+OW4FGzG)FlsW5N&a<UePi^s02;%gV!I6Sb@W0JTl
z_D|gYt9S_fJ_Rt&@sFy_UFd@HjRtYwh40DFNqS)n4hQ82Lt2UBCN7)ue_CLm24Xo=
zbTWZ)3ZlUeV(s}hn3^=P!G3V=uU~?5T@pdjj8~=v4uF&?q`EB1%kB?$ty>TqpGjkc
zvKp;QmnQtWMC_kl0RPr<Q786|2Na?0v!xji<+i?Z7NCnFsnQ=`>RHkU6L3D8`8jAl
zFuOF%UoAG%0^ze>*?k7gE60Zoir4^N81TOF{_N6vTwWtTxeIS)BCdS>>MaNcO<wrB
zi>&g>9Rdt1{-QdrJ?IUDBVWBEO3zw76ykb+m*3*hN~KQLwaxt};U9eI8#O-*<4hGc
zXz{t0LS|<qewL%+w$PiGpB^NZS_C+!K7{btGQX+Wqc|w0mXws-X`g`e6rYl6MCJ+U
zv`2A|XHCwKa4aif{$Xl>?%e*4HPuuE=Niv?TR4%x+^b|@8PL|sUCi2=?0e`ursL7{
zSY%22V5K6SMZaP4R>_&$sjF74Yn|7&lmm+3(wzv@tL2*605ncBjnN}i=#Q__t6!@n
zAhZ*b5H!RibiChGW<Dv)lS>}XG@O@Yd~H}!KUuy2Q5gVW1249Sua?C#p!|=b&PdFu
z8rdQw521Jf356nXGz2lU>phZpRTM3r>QM6eiu5&?f2}yzhO5KeJzy-_HR>>nx{wJ6
zD`WTh)>y}>S^P{f*X+XY5zNc)jua|r_v78D=(w58<&wRvJ9-Z(812r>WRDsv!Dcsv
zWv7yBv~7JI(&Vend`F91B}Yr(U~OI)8;Kc36U&svPJ(6U{&EQq=SuRqNi!LqO(IO#
z6;iXd*N}Pojmjp(9^ts~arZEGEZd9J`P^sLqh_w1zf7p<n<|$6<qh`BK7p<99{zY1
zWjC#7r5>T4>}Wdlwf;S~rEYOlXp@yM*-67m`{>Rfv7BkRK&**XxJFcL;(c{yGnrUi
zt^Qd*0moz<;qa3!Dof>zm!Z}6BJJ!9QAV3*rU7#y@)4fjbV3#usp7_6)H~XDuGi+G
z+8{;*M$i+AxlhfkA@@nE8<(ml*X#MUNL0!l<8nf474@pl#_N1c-FG_fRu<c^8dL>0
zb<TQ@L`24O?RWL!U9Aq%-WR+hl4sb@&h{+K2mEqy@hgF+bdcrF#Aro=eq~QZ!kJU*
zU~UZSa<V8Xd=VbaM!~DI#5(<KTHni=noN3_cWmb<9WSY)Y0c5J;|6oesNBhr;l8A?
z`RIy4qRWZ!o(0(ppSkiZ+NJ$8`_DLa<2x&UVco8IRwDf_6mTVl&CwU{e#!Lm6XQhz
zXglxLSU0l&TSd@tvy1<LKinYofQPkkpBi67P$u9rX~{5(L*xPDTs)5*dqk4DY?G%2
zgtAr<p--dR50l`csC0ALH8`a&v$am^(ywf9ToSojyCNvjvcjdaUx%+*BR9I#9Y;Cp
z+P3fxqIKxbS5);8xF#!Oi0r0S8@hYC;-o``p!1?$_-=)re&^ZgZWC)Zb9jevXY3Fe
z0xF=K)buQb+~%mY(e~4(FmSo(E+_ugO7a)75oM=C(Xtg2=dxHRzAD!#l;19B25wPL
z-dT_spmM3phMSa;{IFlokz1JfOxniGTUjBBm`@tv31H@lVa>j?U%_uJ-&|V_T~WS0
z_N>-2gQ<V}eQlYKb)(lKU+>&eIj?NiN|$e66^qv7vQp%0rkt<MWtKu&Vnf2GB&UA#
zsd&gAsa7uBm3DiSupp}%KE>YaW(JUvS4t_f8vOH&RD~QgT97koTT$a1<i+LrjzW5S
zDf%D+)tonyI%zNhBJVqJSYHdiTlk%+s_|#eU{M-%@q}~4g!9}+nXO!!Gs&sWH(LqZ
z(^?#No3FUz`)vuG$(>m?uEB4*>k1+pi&<j;I+DcQL6yX7N_Z!6B}zio$jAXg%PVwP
zr^bCvM6vM<?4IGt%-?}t<%{$*mRK{Q`@`<W_YWO=mlV6+%*VaDG^c$#(I?}}33J3)
zyke*||C(ASN5I3o9oaS*sJlfrM_E&G5C)y@CJWWrw_49?I|!28s!yCppKvn=tsjVY
z=1@O`O{NgD)x8lmIG$Lft78$&&1mQQV48609L(i~zDW&^2L(H@m&0KklNPUJt*aJZ
zAMq`ij|EDzwENDqg5AHUG=h;Ff7l&SQotFoD07{sDpyYq49dFjWP3|lj#n-gaJX;h
zqI@gOMpEVvuFgN^E)Z7rC&zdE37u=F26V7*JilZw07O^&17;vn37eL<eYFR)1Kj)+
z>EcfT<JQ`pku%jWYlUKU{>m^HkD;`&2bWUHf3!Tp>jEyT?dGJ}EZ)4S{ZdWey_9u!
zRc-3);8juq!7nf*6Hfur!Rw<u$9nAs4Gj0Qq!(lJ^Tyt;S12wXsqkJYEEQ1zO#M*#
zAvi<(B=q{|-WP^;1Ng(Iv@$jO`B_PCOIdjoYnW8-U;V!-pbXaxGf76Ra+6%Or;)dl
zd{xvyfq@t*mglOO&!Tyv^vsoRb@wO+kyht~n)!V>;SMo9{<KnN)8iSHm}rVNtQBSX
za+tK5?rI_X9Rtfq?@VS{GKQl~oHXO&AFN0G-SR=;r_@(%Jc<r{V-;CE{wtv@_$t;V
z0t3vN3e5tXGD}xSTBT@Q^9s35m1nFQq?yuO-||Hvx1MvSTb)udI-=gn=Xq3Mo{cO<
zLcQyZwHHPo(qFCTG_db8QYa{x95NE3YRZ7<(6&P$MWPz`C3j_>q~oZM`@wz0ngx;+
zRLM&!?^`=z`GH-yT)Qq^8urf$`~6*vY_Vo|%cA=`QLZam35-#{|F%TH5CF_y6$VN_
z0X7nB+zMS+uS$l2@ai$fg!rv+CH{6w_ct{F&s~VshfEpm>P~=;fxVqH`78MRpQq+K
z7qMt52?P4o0|0^oRO^Gw3jh0LAQxfe7qj<-zYXh`U{HYON3nkYpG!m41&W2o?j-w*
zT^)P??GTojQC%gzzdo}M1V#sWj*0uHqYWTn^4|Y5<zK)4JNbWC{@-nXl?49P`9GN~
c2=)n;{*P-80Sd2dQGg#ANks{mnBmL+2Q-An7XSbN

diff --git a/docs/static/img/go/api-create_application.png b/docs/static/img/go/api-create_application.png
new file mode 100644
index 0000000000000000000000000000000000000000..c074d0687fcdfaf85962b46d60a713a9e3641200
GIT binary patch
literal 135770
zcmeFZcT^MYw>FFwMFkZR0Vzt8E*(Nuq=eo==#eJUrFWtzA{~N&^xhI6(n}~R0@9^~
z&=KjOw@?G$@cf>3&cEOJ*80}_o-6{)WHNKlUG~2AwXZ!Pn(B%-$Y{w(NJwsgm7Zyn
zkX*S!LUIv#<ub5m651&S{JHu{$-tF_<QnDK`y5G9$~_ViCKB+oC%RrKD-)h>cOZ0a
zn^SDb@5nQQ?mpgm@hB4<^YFQx*2O2GuOEFle?Bm4BQWEUiSC_iSFY%5mYQeoP5Rzo
zeFn;8c~>#97ZudbJED7Aq&+}p;Z;x9TIz(gHJf1P<bpI#H$$Hl1vKEVmu%JiH2$xR
zv%j*f%uoKkEh-!M?@h<o7tj4`dz|Fz`G0NJoV$JTUz@KkumE@d_v_bXrJH|mkdS=2
z5zX|k&DV5H|F>WGxraN+58AGv&W`d|-rk3Yoy_QTRd2t!r8q?aU$8(es9v>|v!(SB
zFPrhu#$$t$bRA>;55IXCAS*4;p`@gLcjgzhM6x?5OLzC1KT_&dE_WE$Mb;~0KekI$
zqng|A7WLf<6>rcf&9CAFxdD6r8P8t|N;h9$poj&V#u>I_p1OL^bK&u?$|`H@7O4C!
zgUrc!Vp=-VAN+lt*WvPkB-f>>k~kEf(<Qp>*MaU-n>WzpC1Xx?2V>$&$S?hUsH})W
zAc-Y`hbKKFa%&5<g4Y~3?5cemI!btJ-mG2=y7TvuBqKMko_FlYf9g6{gu`OZzNpX6
zdxwI`zG2P&Ip)U;Nn?5vV|HszcEkmN%#__aPT*f?@IUv$l>Fey7qvP2VHN2(qgv2)
zmT&nkT)<}Me>n|s!>{DT=?Dl7SvhF%8_WHRLM-5aE+bn9oTPj9I{ul9?A_m#Kckn<
z*6^RNoNKo)j(^YynpfqDzI34L$eK>pZ9@Og0k63uFP;-MBk&Xh&8q`l&(Z4fF|i`>
ztl}U4bqW#^OEZ=$HCKU7DIq`S8DjCza{1*L&GhTCAE!`k0?Z0%8fJD5Y5;UKa4Y|O
z+u+XC^CKz2?K$_~I2hAk?gvMH5!rg22>ko^F|WBlTzq5SgVN^uV}P#bQ0kDwydk!8
z|D_dASgu&QPEsXdKo@faBRT&0cEw{1h{W>#I^xY%7gR`YD%(2tHrXSD9Aam#V*unY
z4jOR?rQXn*y35K6UMNvm9<a(66lz^*6@+PdCtTNcTXcj5BZ?jdk>NAv)dmZ+{2^#V
zuywEL&-ZFZ6@GJus}t}a*y-Bw3Jwcwot5CKjF*0D9igv#arQL8m;*K`Y54e5<<duv
z;-IFJ!fJ&GS9c}H>~J{vhF5OFz`{djC)?h}x1%-Q$?EUlP0svC>9k!CxotaI^Cr!&
zzLI5WDi>AZHG;IP-rVNO61_}_V=-xTfmpP`KW6g(p7gQUKy7hpD<O8q(ob!7>(qE7
zA5DhHCCBkOnYOeT=zecXLN$YR_3ERB$cpmNc^X=g_a|w^Uu4}qAta#Wo^sCiq^ejb
zT<0HRhwlWPNci>y-Evm{V-7~seEMq%-m7KsdNOH6XSL{SPXo~i+V%k>@_5Pn6vH%F
zG2L=lGFydSPDIWpF%)NGt+bp)S7g>(+*0d%v<baJR+`W6TWUue{&PL4Tzw*U!{o2s
zJ;@9}H{^<i%`qq>h)W)L*>xvwmX=B%C9exFc6%CAN9Vj2IO#~0fM&JRl{bDu=BN36
z*M}b$mKZkKEH{w#7FT-b<j(gb#oJ>F7GL@wFI|sF7wWcxLlZa0dr~D5&UfrD9|whj
z;L`{di+0XDHKMEuNSX&cidoM{s_^3+aiASSXUjMB#Im$}|BigQgr}ipUQ4CLqHO07
zL9ITEaBE$u#YtTuPQ#q&(7PN(GwgDAZaFvGByZ;vIyyVKQCMUkD{?%xrvG92grbg%
zgXCw6%229u*86R(tycJp*I9PfPTwQbO#-I_gW$+slpJFC_u8vJJ68B{i>$~z1eu4D
zlfB$t)Hc-Crg*I>z0d%rt|lNZi;$F*94z!VqMyW=R@&9T*tJJq3y?1dIYo51#a(u{
zvpZ^KH7s8dO_Y*Kt>Q2pFMZg)%IF#6z3=5~x0nHS^IG>g*x#>VdEe#XsM6m7hYuxL
zH7#vxu+@O>Fsaar`+aWqX}{e9sWm_F-I_eALZ5wJI3uVr8N1i1l(;ILgs`)itoIJL
zDj(5FV>sU9=UVEoZD{rxYcsN1Jo;;T2yZlP+IJY&6sb<u0!BmN17Ms1!w;AV(ia*U
zt5c=Q-N~)c;t!D_ePvX3JCikqK3OKBH@y7c1?(SCq?U3y82+q&9e+a1HWca}wxv$&
zPN|i7Bq{k6;jl9p%;-Pe?}f(}$Jr-ejg^U;8!FgQNocNEOt+$;zncP_RIB)q2Z9Pv
z!8-m_rpFNad}s3T#|L2w$$^cRc4m(GOm4$oNK~^HdhyFZgGnq6CQV;R4e!6X7}X^B
za7N+5lwM5+y6eRP*v>%f1tuzQc2vxD$j`!i4(aY_u*-ouTY!GoW<9;S+S=L*$YXDb
z<^N$)0OwXhPD0aMzR^H~y@cE3Ha0D#errPie!BT;HUzk#(njC)fJ$G&B@;4?xnz|`
z^WAPDfgRj`I!Rmfga|{lTLM4*U3}8I2gn=a^NQa-qi}Ap+&ZLYV^LsKx~7|Ik;+V=
zZsF51hj_GM{%tEej*Rdoat3K1imX6Ey)b!p^;D6esPyZ7zpYS02id*C@F8oTm6*GT
z9JUBN%B5v%?^xfe%GC(rGS{($zxkSb8Jhrm3|itduFrWG<N$eMC}hW7o}X_%^IKr0
z!R|#lncRQIe5Rl@R(N&Wpd+SP@j<5b+7n$RKBuP5q*A|=V|gkbLw$tMXSh@M>2$(%
zZ;hV+SlF`5oL4M$(i%?y<4?maNIw%g*NN<O?Y*~r%57ShS3D}tLOQ-QL6NsuNG=t=
zd;VbC=G*Ws8k!e*l-8w-zoxSjvo2IV9XZk-<mKe#)N!-@QoF`Sfa<zclunk(Qzm?m
zN$hcuX?iG-s9HjP;YXQI(@(7aiOamCNsTbNCLzI~!PmX>=U&MzePKD+6qP`yzmPDl
z^;!b&KumJWnQe1l{;mNYDl}p=DAogOAGn;`;xmw(n2L2h1Gglvi{6r*ANi;_Sp-uT
z4<3;-p`(H}lzBr6^&Jyc`}@j8E9SntcN@VKa87LZONZ)_XdfZYOiF5IVSK`Ks;<>s
z$B58E2=-}5YO`FEV^anidTMQNgv_X(^y8M@OXy%`<fBNfzgO7e%eTBNe9B5=M07d8
z<|&wAH+r+P4jOi0`X4=l-!0FuKB&8YEB3+BjC$hIz21Glvdy>8-BiO({j6RI7!4Ph
zR)gt8opj#%JVE57O{5R}*kj{(`1?J}(sX?HAO;GRfA$O?Bz=L3jynGh(NudOQUmq;
z2`nhcq;J1{U}u0YEF8D9x!L#WmfRg(3C&#PcuiINqNk@4*)-+z5*4m_9uau_&yomR
zESc`eQOBZ>*E_<hOwLuEJe&0sxvQg1C!?LV!x@n$ht`QNdJfbNw&u0k2oAeS%kxO>
z+CW}lX048S+I|0Ywbi;z)au*IxJ|x7x|kR|;VFD(bIl|T8|z@0|B^9af0Nn}W2TZM
zqu5yQtt<FBsUr^4>$Ngsou+A=QjCy$_WcI&pjR8L-IF3N<T=j{4Et!Q9eR>Z6l<eu
zb*zH4TOc5z`SBfbJlP*U(2X`Myw)q8$nc&buDB&*CK5h}M1&2r$38&nXQr?enx>8-
zUVsse`)&v_YVM5nyT@7S0R}lP=W>O;$0d+{D4*{oQb#+-VQ3Cc&W>r}F&SbFgY9O<
zc@!iD?G!+NO}Y@cEt@q@ndO%oSM!}&JRHY56GWrxJpJ_|7z*-{5Kc}uHoYSXhJL;#
zBH-VNakC5d$Fe4s4%;7Wadj|Ol{>hlpQjaed(z#Bd)XfA63;8RU<7F?Txn{lX;w{o
zv*dhomAz*{>#qgqGv=uP6D&&aBP`}2$a6Z7up*ve;0pg)MUROMzsfO?;pngnpSuKk
z1k>~0njH#>eK6YK+mz?G71T3@_iEI!?TxD#m*~HpAW@*zfDEPL;slrJb01nB;yU8E
z@-OeM^MLVV7>x9hOVxlw=YGQA$E(?_;Ldn-pEa!8dDL-;S|^SV#&9;34yYY)*PQsu
zk&wb1Jqlsr(My-GZZ#*TCpdF?g-N%=q;pos*h*JYVF%+s?r}3Vzru3F)_)(|uY(pU
zFf!_u+^w<27L{nTsw{TZZl8@|z!A}@*bvjVBvQQ&!w^<*pZ4+}S@+ye+Bi{?8ZKyb
zneWPsj@H~|lr#o96uc!3nr^s7zW4k4_tsYA9!k!Achr4`A83@1+j7DC8~8$>O686O
zQM7u>^}c>8J0Y`<{HvzSz~U#xU$Xg;(TK=7nBr62IZTQ7_dIG83fK~In5@$Q<`BLX
zSRGc|Y#h>#6QF7+hMf^2D@&88%0@3vTjWkxwHVv`;>An%u&%X;H~tap^Z9bUFWc7q
zM=_@vYiK=rgwS#ESD)IcpO&zEV_6$_AA$`QZDcgpIg$VQGitP9{q<cQLvufwkAFD~
zTh&XUkg__^m7J#fRkjX6>#x`0={(u^!dIqz;Qqmu2Zt{=3oWa?3k;uhFWMYAbF%dy
zL!C-Ae&%VloIgbRTFvb^ORw9z70DA9=!bqcM9Pdtc?rliFmOKr(;l^5z2RR`QQsXI
zBw+r#h>W%pT#Tab{~k#-YoE~>;~L}Rwng4zaQ{@YD~+vt(Li2}>j)IVCDMcR47fIQ
zylb5b-*>x1?QMXgW;<=3Y<NZZ&I^DCB?KFM$2*I@t!Mv$s_zXwDuR(;!gC$fM2(JS
z@qg^|$#iW(4l#IAOTBB@lrWg1<sZD7fHp>1r}=6j21`~gl1|#aynVgJ{n2C0`Hox+
znmSrqT3ZAGyVf0w-S0ESw<jD|_6w8z+Klnb(Bn+bIIbVIl}Ptw^+RI5ct@h3V&JON
z_=iEt)jFG_k_Pgqv31d@-*FLb@RZYB!z!<zHr$?vUZYT2VUIGF+(XwpTRa)rN2#Y@
zY|)0rd57yO;&Im=6&Ej4s~~udYjQ&0MBJ|MCss=P97W(}r>E;>yA#V7cAjAzK_26q
zhR)ST0vNk(C6(?}VKo4K*pwdGvW$9kjy6FWjbF1YRm+?}q9&_uH!o<c#sNMj|LId~
zv9(OG{;_M|jBb{_T6S}><)-=JYQ8upv?_dHuhg*kaCU&E^}w31)b*$;I7xVD9Gx#N
z)rxQkMOcFf{Vknl<Wau9iNbJ#HTcB8>xjU9<332ci72E97?$Lh65!D~hXljQrAJ`e
z4Q0Lv+7q9wg*DhIHxw;>!F{0Qsho$11D>>166?E1uNxZ=z;LzZL-&eBoHqc&Kj~BP
ztm-qI963qjnv0XfCqzU<)MwZ=2674q=ovIRYZ0TqiiW>ksAb@yay&`G@hlGG^=eU7
zt66^D+l${bd0PFC-sCx?M1Fv8Z4M;~&RBr^Pc8&w3tD2Yjw<yBMf(dROIcMKLO#D+
zJu>?d<IoYy?ujUE5OqWX)223Oe>oXzi~XQAvopD9rmiSJ$|#ddY9tlM)YmoES!4hU
zuvhK--G#5D!!8{pP_nQNPc<ozL*+<4(2zIB2lq#>(}J|i7kHGmq<!p96@m+s5avz2
z$s&#!-sRG2Zt$QJPlawHnQXwzs~}E{#Y7>v)@i54yayK?QfuMFa$^&p#@{~)j)YXA
zzs+Gn`R>W5Y8}7vt-0>(%1(F!yzsXA)b`=-tA?M}(eWkvv9s3QC4m(72&Xs4h#akT
z^})9EZe2`Ol+FBt4h!q4$y3Dp>no`0se92cA+PBr_6p<{5`?Vh*;91>K!le3s{GMv
z-ad2A?pJJv0N>udY|^bn{#id)5Sn#|_HOR5m=P(udPEMkQ&7ZvBaHPB)SO<UG5LbR
zph)|r{zr31hvhk&{uOGJ&9~y&*J5Fi2MJDiL(Ah2(PRPQ!etJ!fjHxB4|-<tFSc>y
zr__bm;F85b*0Cs^7aFmXc2M;jT(cVKsWI=mT*6)FyUg4!D)(z#J5|LJ7J5v6#-VWG
zy9zf_PQUCA{XDq}@?x>+tV%`LGp96u66sSS{}2*_&EpxP@;m+*bMLu8VmSQPEzvu4
z7AV52=QzV)_1#W0=pEogE#!oyfX#mL1qg3O#lWyCTkPG_gND90?$h5`Q)S?NUeeH#
zlq6A!=_`%jQ$X&9ICQWC(Q{#O4ZAEt(^*KoKP~!@ii(~mtmXGc(%rC@X_&IVv_qD{
zbvjG8&kFL2T>JYRCN;0x#V)sm9oTG-!tZFd9^9c>YT%ntBX@F&<2C8fhgF-o28uLZ
z+FI^~&9g0Di3$xB2zbc{#AqJ&hPEuE`o(%Cb@%fuzOqM%u*HHe95&=I&IhC+?@3fT
zq0$?Z&F;?tcT@3Vg3V#1Za@rr0R_cQHNlggkFC-rh_R5q3szkG@|Bs4$k(XqjO$s&
zu6%tDa{m31`>smhccvp(iH8rLB6RaTZZrs*e<;=HNs~fDP&m8w#<#6gUzm%NS;x#m
zzTcqh@6Dt<`8l0!Sn1QCK1r)(E8>f9VMwK~s!evCtD0S-w+ZPq@$yaFeLh1PzUxdW
z6T@PHVJHD+*1f1GT4|PvsiX0OYggA~^ibI8^}U{>OiK)J1pRhA(COTF!_<S*`mlDJ
zQ~Vv5KMu9UPO5#LsJfwYAH>|;%<Q%^>>TXCXg@CNTUDYY^dh!BM+Tml%mf6Ldc`Br
zJEZY$oGe0pzD>l&4-pXqA(T}tm;~5L9t@u1V4Q4jZcgQLD3dDXJNXh;_RP8a__v&e
z6yQ=nDn<E2N1Jk_y*#~;kz?p<FKFm%fk=L=YP~<nJ=twZuS^pN7zc}8kM6)DS7yH|
z>_*JK9v&9+4?y{}eVaNFSeurXmc}33{|<o(=4%XXh{9Y8ZhCO<=R{sgf85h%D7=na
zJiRfO@&^^mbj>{U%}U3L-$i!?yk>R58rO>7yYvP`qjZS$!jf5kjdds8@{ycV0kOg)
zG`y5}(~2Op6x_InBKUi=f|=8={|xM2prTx^r`+yMrQRJqmMhcGHI_~@<S(iUo!=Fy
zlJVp*j8Y%X{7hHnUB>QFltFNJ$aRyz?hO>c0wZuf#c@rcb9?bDCSl<^V^JQ9-&^(>
z^T&obvkFZ(l@WRFsG?Ek83{+hch@3I1qt+rdMIJFZT$Q9Y5V~{u3s;juTax;7<-iO
zFy^@wmgrh(z5e79whku4dkm0Ht<mQMk{!UT5*}+>VTuy>#^!qypo)7ALTPCIhD?5h
zI^qm^1EJjV_x78+UYo+JqZk;X*wu0(R7MwYN5CY=Q@xj6MeidP(F-ier7bM}@F_fd
zAPc}Whnr()mJv{^k&r{q9BPOaBV!7;3qN}gEL0W4ipr`%`w7MR*;ZV*yaU%~^74iH
ziLzkr#Zvk+jL6cC-XRw9W*XL-drOU#MEuRjgzpNRuvV_5r|TAEpaFJ5Xm8oZ_E^&>
zA03x=)IZUczMUv{DWXLM%Jwo=6wOn67RAe)9AjQ|o#+9<#!q343wEmO_?f9`75WMk
zZ8E^D;pVYF#vpa<eq(VD!BXhn`2wkfd0*u?6=&}Uum@@kr;(*62Y~G!DsXP~SsSmd
z@M%YL(rFsbbzUk^#90gbPM!yApEmLpSY91VY1czRnicBv`I^$4?2THRa?ThZ#YlQw
zS)5&^{hZ-0ouu*G!@Z#&)eZw`Mf#QMtDs%wo4AY<KAKdf?WQ9G;$;fY4>sTFE>t)+
z4_&0X5$(b!d74sc593fMWA(a$pHkGx_qUSt5M2mu02XjzL}zM!e}2C6RK3q?k{oy)
ztdqYyCSHXkqY!oiVr%QV_{oxi#arP1rY3m4kGmZha3OTX=%xed5eEmXi?jgpno>Wo
zb|KZgRqK~Dqz(#vcKs*39G^EO=;DX`R)Dp|w+EM#8D*7_9<8gL@A_;)d5vlZi#er3
zo;FDIE%}mSOEQ54#$!-rIFQ$?Yj0c>dO(HUjD67FI&nO0og!_TqxocYqEvaZ`u3;y
z5njComSrxxmw_l4_)$AGubQNh7!f0<sJ72rcVc}dY@-X454+QUa4libX=CFKj4n1d
z?TA;njVHLe+7??6%)lAYXUA))5}sd&OMsc?a~u;aWIsz<c%nM;b<C;p1vh%CM!t`~
zwDph?&L`Z6zOgc8G{w6w{FOk}nSdQ|U=$o$Mco2d%?5H%Dxd)5d<J+*ot^*oqPjO_
z>o}H{v-54K!35aE>vzm3N4l+oCYLGX{hPO_^4ny_%~(j4s&1e3s*X9hE&3))33aq9
z!NH>*$4Q61<*cMi{SgIXYWi;dnQAyb0u7oK?8GZ(u1mWi;`=BcdYt|P#WSNQxwmhd
zF6Z)^g;+HcI7DCj5WLlGrRUvb91_s8k`vG{+PW1%7h~fSF_5{bBk+;Hm-rInM172m
zkMbOhx^_DFwOLX4G#D1nDD~EnSilYjnAq9R6IeT3Wx&i`i-x7Q6k?L6mPc!xu*x^K
z!Y{4dkSf{$r(^0T-bk6*U+g`Rdf-E-#{bN%ZvN1k%QbW_JCdcaG*+vqaC7=Qzk<t`
z+)gw6;Od;)>3y4BtaWTS`4AA40NzQdzdc%0*nX(>o{3(uEvwY0A15``M*<Rs#-;T>
z?r?Qd&k}y+H!A%AO2h(3=8t^`s7*a$JguaC1%XjAtEE%VW+r|Wkz@D<tJ~ywJmp@l
zw|bl9B%D^lKqUb!G9+_q`83qr-+F&p;bBK3G59{nkM)dYNW=e}5YzA(i5L&CTO_eK
zXx3<SQ6i7FUl^wBl|+Aa3Rl+RCU8Q+HB>RKyt6=9?qfG77F-)2<I`BJoNvT^m&dfO
zW4hL&O`~w?*EERM@0-_(V^5p}tNXf=gYjC92HLT8tJhPP^w4*cY$k1e&PvY-Q&mFP
zDVL%LU1YWSzPQ<1791SRIY#WJpc|diXV_hP7TlxMPB4Hm5&%2lvd*xjYRP#UjNj}h
zabN3$E{i%~=ZhtFkFr{9h>s9C@RR*XrDMY?^9X>w=<!+uc&9D&&79wRmuvyff*eeH
z%4<@1fi&vg@(s$upKhZ4u2Z@5HQ1tCGXCv}f(!RSF05mo@1Hm|&Qx?f^GJ~J<i(<N
zI`vPVe`_P}g+G=Kp#4k+@Lrai@36ypaLJy1^=g0w44x%v*K=OP;@&UCuuJ6InMZ#Y
z|0A9BrQvCytOpgHYwuLQd8PX=_C3BHbG02|hDXbG-0<?Xre|Z_##B>F5Sf^FZv~;0
zJ(LaNVvQA+_9+m>Uh$qMcBRS*-)8nqcD1Wws!lGs{^%Sa$c^M~+*=iMH|aTUWNy6U
z)4W9^+5P&=Kba+<?{%6^+MsNI%}_R(*xMHkh?qf3Y`<hwQ~F2fV~C{z149>k*GDL)
z%+~CA`&G=Kw<X!yGqW3BJN<5RYeDX+Gr}rCC!5Mt9TE<)x6e!lgGqXv<?;`oA_wYx
znU2ZT1tpY=)w*DO@O8S?if+J&RJa=*KiY0%2>4-x37<?bNR5h$`qpz_=)^&PH=iwn
zjuqha6q3uWdr?PWXx2koC!&*mR`#?}wXGxf`iQ42yJMVT(|{(1lN!uQ7`A&Us<>IP
z1e0)}yzQfq;FQ{y>lk;)qt(^>NRW||615pC?NR4om|AfZF4(lMd1Dy|#^Hk9q$G_I
z#d0qWnq=BfhpzN}&)GGu)p6O29BiHA1vnn9QuC@%Wx#bXjwhLZnfx|&DiVK0SPSSi
zR|&=1x)->;8mnBM2DuVaN=;`@kO=!YMZbCnY-Uzg_8Cp84)a{AmZ7<N>qU9~c@z|2
zP+E}ghC97wn8WJ?gv#}g_U!@$=I^WYAipmC#wH)ETbPRSlz+nLOqKQN*L^YNgno9$
zMyGM+@d>&MN3>I}e8DFCh*L)iXM9Do)H=KwhD+syBA;_psO4lq6n^~&8~vJm@PsKj
zH0)~A!ur7`;wHq))xYfYuuJ^YqTNT%J2J#Cqs>rChid$Dzc#(T;}8vlSNUPMnb^x&
zw-e);9)cPNgrVd{!f#1eKu6c+Hv2ch5h*8hPNGuZR%Zjle}`JEbm84MWg3Cty}gZn
zu5G4DAa@2OcwfxzyG=3`7ml;%_wgrif7zT}_}u0?xu;jpK(kybNZO(36k};s#y{7U
zXlJv)^OqJtZWlkOTivr7aSO?iHwY8hTa&TeODdcaMHJU>q$F<AXF1gqOUM~-sGEm*
zE$xaUey>`I1U#$M=LV|_mO31%ThuDYg%<jx?+ho5m;j6@TflxIa?s~-pO!xWkIgRP
zQ*AG|MrDoFx;ka8s;7X8KN+QJo0`6u>r6ftM!PL(w{Godv`VmmhEKV4f5vlr90}76
zQV3K@_^$b7rJC6Y6FbFQU4XFjEOsW7{tO<Fp+N)LC$RkzLkcTId}cbv3j<r_6uhX1
zMot((U*hJiX!-3k23*;T7dlcA7|$FLUQd3P{pS`3K<uDS8QMA$p~?#>t7$Gc?s~++
zBE2c(>1Y&}uiz2#DANNQo>IE5TZvAyTwfjuff?y=<%YcJ8Hd(=WPr~;I7kT9@M=%(
zNljg9Sie29QX~It{3k!AgTX|ia$qTYtkSmqsr&ktJ%Wm%3{ztAJAe4_Bp8-bb>Px!
zY;jO1QcRz=y|eKcSq(%&XKdFV*}{La(tD93*mF!4`pwNbDVKnx9CEIg2CmEi@@4Mx
z2<~Y~DC>1aQOYpKapCu~ZEwrpysp^8$^iHI{N6gU_A@YMEGVq48xt0-ql3aZC}ZvJ
zl+zv5dv`_(weVX2&W!kb8(;*m#VVxO0xdO__~Lk{6F=KMH#({xPAH*L$L6~xn6$^W
z58;jVKE8`2QYZQ<RDAR7QK~y~zkmSDI=rB+ynZ9qcvBn+Ew<-YRG3sPTkZR`ZzJ6?
z>`wA<u1F6R&mG1W6mZZ1SsiJB8F{Ys_n7#u*KOC^%lZX-ZG`B6t0HQgoA<|%CS00a
zPzm(OD<e}3IaK9#YE`vKtu5+MyTR~S+~edp=zCKB$Qfbi(sePy@5tSv$9?Mj0T#%&
zx!X?Z0mLM<&C&n%$NN1!-*`<#;;&IFkL-nP&Hc_l4heBCauM_zet7_JVir*qLJVB1
zFl}@bq3klnVm2e(AP0KbWac)XziSLG25by@eM6V+XijFSX{Mh+s#t~i$g08(#;k=p
z_WRRmiP)MZAhR<4yM@J2d7&p28rM-3gT*4n(M-{%+R69!Uv<8~<MsgJm8{-6JI$nF
zox%IJIB~npQ{fUb1qH<=U^*7Yw!S<*Vir1V04JSbMVGcr4O-p;IiO#~HaaYYZQH4X
zx!ZzQM@QI05BK*Aw#zk^#x6A}mk}GLJhtZ>c=CJyaz}E3vLaTs0qUHHlkITpibb)o
zuC!{9wTrL#$D?W}6ZE(+dGO<<rMb^0PrnUO;s(t|)2_pNXZ1_cRT}%GTmWV^JNDJ$
zFQ`r&)5fetad?a}qCzCD{Zci(3{6(>nA>1~6Z~VlrS|h(Bw2lS%35Z#BDPTneQ~Vn
z<*1TO*HQoCy^r?v+M<rn@IGEOq14+dI;u-%9q;<i=(L>go!6%3k-fKUp-AjX+>S%8
z?3;a#CnXZ#LD{XW>})K5$o4NslLlIuAmv6s?^t_ZUsL;bk>V#VB`^w61wUxv$g>4L
zV`VK>>ebP??hLJobk$SC?M5P4?lJ)@s8Q|wsVuXV2&r^DSV!I;7MoZw>M0s>8bt=6
zhf5MJT{~nO7-cKa%K)N*ZwFPpQb&d62W3705~{TCdj>G^@s=pf4SS3T=WH@;RicT7
zV|78<Fo%uTb3-{jjePGGA7A;FuXuV-`=neqUFXVDV(y7T&zSquQ8=|To9Ehi>(*Qt
zji<CShsO1tosFMau!X_^leSxfT77+?A8Ilsy<H@X^9N#4dlLX_hy<bvsllRBQ^x(W
zKwI2nX;f5o^(5nVmAS>t4z}oEX)C}0fa4%_9!m*cFe4q9cDSiJhUwLs@o~erePgu@
z)t^b|SL>E(56YCF&Snov$RDWj8i#3IDKM1u%vwdpg~EADSps(|Sj7VBE}RA?T1a<v
zxrI{`E5GYIj(<+09aQr!?2XC`7mi1pV)E!Qd%5C~r52NCsm&JizQ|PHJBL#=K=vdP
zhzOB(y-;k14c$a|q{ncc-g9B%&cyX>LCfwsHT=&5Rw_;d$O%=TZl&J9oe0zJD`(&$
zZ33jM+*tpaOQx;Xl{y?p*d(ZzUAObb#MlH!-B+ogH@2So+T7|Av~><#@sVE}Yg@@C
zUisbOLH<nVp@_YvXh?jdh~wl7ZfXu~v6iu1y<w~!t+Y=)C(b?#UzxmwhR4(PQgJS#
zf{lbbKkxO}uTVDB*LT@kh<=mir#M3(>>?&z)7f9~Bi0$mTo;%6*d-*4NrAMfy|GNc
zPe~3$dB%klNIVM1YXDqK2V@y>OigEp;q&%R#2y8esKW-@+K$q`rx_-TwDtC`L35OD
z^W>Vhgwl2zRjqb>{-hmy?`8V^n>5}!jH<`as8FK1r2=m_p_OkM)pEZ3`TXEMavbTX
z^jRq^+2ZnVGWB=(B)2tfM>JK%?R9jyEcE31xZBb!8&$6=Z>@VoOb9nVJt*TesQ<(=
z=KnL`Frz}1K3?z7uxealZQCwCIRx{`Pf_iK+se~pB_e}bDEsJI3ma?rTr4#+r9*<L
zx=Cn%@zU5_La)(Yf(x<!JCKB=0K&8B>07Ob)l;fano|VWab{^c^PoJBCXSS)5SsoK
zY#&q6N-+p|>r>_3VGZAIFq9m9f_<BWQqNW#EFJ3vppZcRSOX9y^GkgjKajz<6DBI%
zT9Sm?VocY#`6PFW`N8qj9=i)yFt^j634VtEW_Dn7pr3kEV*&lWJ=W}A<q&n6*&sjA
z8d9}Pd`dl&681r9<Rj-1MXM(*1?^9X7XH;q-!J+Eo@ki6Elz2(%7)5kzNl_zB_Eh~
zv{Be=$i(UOWP@jb51sqW)q2>*7^zkk>vtAo=O{g}ATGe}vK}$eRog>}q>Q*+qwTR|
zRkrMUcf;PeooHR-5tHYYoaERSK=@;#;far%ZOZMOSr_&{+IbwWk@7*ql3NE9fJby$
zqD<P%`?7){{4q1eWnTP%6F*(6H5(YZ9>Ojh@&?cyWXp*GX+nstNZ&h-bbR2%4igPW
z`Kko?(Bmt*u1WoPFFaiJQK$Xny<uDpJK+3uQ6luQ#~A-Ie@~Oobl#^;(`dR*GY{NJ
zO!MW*^4>51HrrIb{Q5(SA7<%Z2<T9^^?I71R857E`b<xfN3FJyW(WIiGNvw03jJv5
zJ1@B5Bjuqk2VQJ1EeJw3ix#=qD!u+})3tbE(9=?C%60BW93To9Ji<O`tpmvL(MIQx
z!-nwzn<Hc#*W#BRVRBb#v_UnvQ?EqL^?L5=?b|+*Q(*Y12uz19e2DHX467oAS<HM9
z0T~7-u7py}!2R5YGADCq2DV;({h@WV^$iF!hj3GV>6S+r;(Y@45<V}J(k<S^?=5Nl
zie?(IO7wCQ^7z31>VrOh{v_eOVBIDPfyu!103FL&HE`AKrkU3I)C{!;Q|AE$7Tqku
z!SDD@v23!Vimb>KlA7+{VS@qWG0V*%79UTC?vMiH!kOS_^EiAdc5c-Y6jstJmHmWB
zFA-~DVG%LcAHu>rw?WXu8oAO;wFi*Tn|Oqftz`gOod_!c5x75JpoNs^OFzK?e1+Xd
zlZCSs$nG-ZsaOSv@lVmd@1?_^_ASl`SFnu?RGX{P*~*hSxQ!hjlyaic7MZS`RoOkf
z$w=Fot9)0qCx+;ORqA@tdlB*oKm~_;d+Yb}1Z#9sSQ}lBPi*62Pe}^h1VM%X{16?o
z_7}%~!goxj&@j?;Dn`-cSTW>-JBZQmUyeFHih$nnnbZ}ba3vCw>oYUidOS%ib^gjF
z5n$)tMlNd2(WNPWd*c-6)hn2klQxcW{Aljm(&Mo#xK2fP{d#~%e7fzxsQyX76Ti6-
zYF~G(f36DaaFuClQj&n<M;EU)DCzW{B<ylcHRZM6X=g%9K>Ae+3fCQ>yj=nzZ62&B
zD`xgwQ^8ie#K{ve3kYt#Lh#&qygp8&I)DNT0ECK@MJ$UcKXE7BQ)x^QmoPGrV}8(3
zxtr>f)WD{j90`Lu@@Z5S;8E<hcjK!^hOYYl*3R)r?f4`<WTC#^6^(14gY%hY)^5Xf
ztBqtdeZ0IDC$yYw2R9znxh<9Pn${KF7x&Wz;_Zub%5s2;VXfhC3VU?A)h2WJa!Wt4
zJ8f%YLlY27D9E4lJqvZe&DtFLwHkx_CyBvS`VB~yr3TOUHpKTlbzb7CKrUN&ns{1h
z6-K(wSyJ%{=m#y+Ve`_L2OX7o!0zNbEOecMf%K&(QJfbD(dH*keh-8sN$$G3uWaOy
zQF9jfs4=LB%$Lr{X!kBi6ly+!&2_}-V5+%sP{DcI?!#_Q?VM;(h3``e5y$5hXQTlK
zgL|Ye7l=*IDbh=WQ6oSDF}RSsK&6X$-)OWErXKVT`Gm;S(2oh`Z;<u!dN+BWU!*WW
z=-s=tzLWzQBtU<%g3|+p)Kk;^4X?pXa(>OQLmCXJq^5EkI4AJWiy+x`NtKT5V4p@P
z++pmqK9CEs0;0{6RJ)zce8CFmZ4t;L>WmZgjzHBlim1o)S0>?1jj?6+vNUI@UEUxQ
zY$u--Iwreq8NiFSK=_POo+Be8u7|(B!H9y#7e$W@=%5MyPc$SQmxW68xee?5b|=;*
zxviE$g$*$Q<+P$j?BKJT9zq|>0sW6}I_=?vmKbwFkTuQs7XWfI6|?8=l{#MQYO@{*
z+1exwwRVpQ+3)M0aos_F*A{0u*6FUwTlb_1DyU3#*CMoSLbxQh2?8ja*!Qi6P*|@@
zpNH=rWB(aGAPR4-;;^-fu$I=ArP;y(PFIwxbL&E^u*b0?$d5&zqS~<}KizLIGc;Q8
zEBn(OSt1CL6G@+@4MYt{{nB~{-<lu>pPU9Dcub9t!e<!uLM!b$T>wD<q*z-EkjM2W
zz<RL&s)1B0%Qx&ig=Uuz0J-Y1Yo2@lto-oPlj4|rUg9gET`x59_f9@@L3d}q$++*o
z{0u}b09g+RF^~XVf?e^xHVZh=lHN+3?|Qw>I4%|3Udb<BGU^$@Sb&nb+Y<+1Cr_E<
zEYCI#EO1}C0159ev**g}Y(DY68^CpmCNrdXWQLR9*3QvPUfxSgVY*)-p!PX~T>!fR
z0&-mI@I$riR&~9-1qn`gqu&-`tAD=obg`3W>g8q`<V-D5=Wc@r6diGZ1kHahP7kBr
z!19-#FD{xXI-(_QG->YkMHVB)V-576X3K4HD*>>B?Ona(q^q6cY4u(@{x9g=w#aB^
z4!gx}eDYLcbT4M%(};EP@h)(>2H$n>7ZKuC{<<LOh<`h*LjzUbcD#OXONO}9nVuwb
zBsimJ1852Z0_0O7A5|L`C!Ms|-(ZwFDVf5&oPJvOYBNiVcEr3?jGlkph^Yz4Hr0G%
zc6>Pr=x+v=1b2;ts{lRF79ZrPBEjKtz^f)ANYqJz1IRmi(pxCIuilp->uPS6TbH2u
z>Oa<`qKCIsS~P)2%24wRaaD6l?<a6(0uj@_-WxQ-(AYe64UskS-i88LK#J9I#<A@b
z^$zg9U2(LWK9>YqMOnfqN(A@D(g!mF=q(04QZs0glpjAAodV=Aez;Nt3DO8Arz^IN
z<3c*p8|8+cY45<<hgU}ddcC`vZo=!>@<VIAj6Cxc12>R`dwR)V_z*5fY3~Wz32&|-
zSsrrI14M3q^$k`6i8}y++3FhG+K>%Mgst43$8&2LyIQNc((V;_vg1d0!@-9gU1<ST
z`9R9{$!eMpz-o;LJefLAo~l(HWKxSHPlcUv!@+IKm$4rcMhJ1`Pa2qtjmsW?tpeDs
z)pXaCG4bLBW#wGqk`;WMv{XdjacQaZp?Rw)$E3&5IHQogk_=e8^RAjDVF$=0q#WMx
zQ-O0=u+9QXke6LQMDJH&0;G)DVmbOESG)n6oDiv@f&lb7)1QfeYsGGDMsl3K4!Lp_
z@UC)-HvKhP02u(Ocxe_)#!+p+eK*3#GmD%-{gfju(DoA2c;qO27tm-51+1K=R7Hf>
z7cx?xaDWY~&B9{7Yy%W{l7Lx-^HjoYbd7WVY)J&iQkOfn(axP~sSg-jlQdri;LY|V
znG1?8Tz@S(Fh>-?+;VDJ-~Kg|f9JLjoBY_H$<zXmVp(wiFWlkckrCA!kj!c5-IK>U
zKpJvuOF)9CPEAFX+uIb{r2dyG*ZoYDdzZe>2uS@}FZzBrELu8A!a21rO>>Oxo}{z8
z2@9y}VX8kH=Gw(LAKH6=NQxNC>%7Hp6OgVSw%s<fV!HLB!XmqA&se*`Q^amL#4glh
z>wLmD3!$a;Sf34Iab19*g#ulxi3ED_=LF5x=#m+r*9KsJ<9yGlR$HJ3Ab{+c_6}>w
z+FszZ-5rgv9bO4>1Cu}Y^|9TqgX`9RO8?f(JXkR|z^Pk?^b3RP1=&&*U}xxeCu=Ao
z4suuveW}L^28pCmi*e_g!x4By@r5qiO524se=?tp$~?HRBEk}a@7*g%)@m26dz){K
z=j--75?5%H&{`I;clJ6v81Q+AF7xAeT0UFsNkfVzHJeTk(2nD;RHJMC$1wyy2%xP%
zj7G6@H~^BFnp-qYG8Pu=-AeON7+qdIXh#!JPT$YVh_<KK1+bpp2=YdSbe!vHYimp4
zE@i6Fuiaa9_dQx3jrkg>sulq;THgEaw8u!2aS``XsO{t-4S=2ao~Q!a0XstdB>)<`
z29x8H`}*)$Yt2BrzTM?%pSeo2IvV=o*B$Pa&!^MR<S1wPl1Wrkp1(8~BwY~mAtFo%
z-H1jx9IcT_2PpUPNA8&ba_uv_yc!6DWR6}Ktzw=g+RWj1$%+P^j(M)=g`13=jFHnz
zBZ1cZJb9~lyWSIs0X{0(8IM3jF|!qn0VgJX>IATPp88Qo0olx))lhk_<O47uWegjw
zS}y^>n0N&sMmWob>lP|l5O<azg0+o}zpX=n=mHm<?w9y$_)G*7@b-Pam^3&vG*W%1
zR(zYfKw;wUXoDv_&{Yx$5Q51WA*t^vtcTs1JZWQZj(G-vldD%A4>_@up2aYLUar8U
zo2_;4{L$9B_7;$p?^yI-SgDBs@;5-H+0zGpCierZ7gDQQ9@#Tpv_crv1lGSrTYizx
z7l-W0)R)KpfO>GKfV?7LKo3G@U&LeN$yOt+ATMt-Gw*=BGprw$P%OZ(@D~7lO!Y{Q
zgXrrOW3#X8Se)|2Q>LyXPEu97QrmlW&aA&j2N!ov{Ho1-a%a&O0dIG4Nrko^MZAJ;
ztLM19<Ixi>Qflk{qn!NXgDqsh#3<;lpQQXYO}-v_t@q4GAaWiwE7;Aatfy3M1Emdb
zC2&dzKn<Xost_e62?M+zq(s;BOv2J5b#xyzR*t|N+y}5hflp;eXw9ucKrZp92cg8K
zMm7t8c%o0G`~1oQ%Yv4|&`r%&m{rHV-9Y?mdzy~5#+rz-)zMvzfXNLY^EJC{B>S~Z
zBM)im6@iD$#WouOGXPu_`X)a(_)PBjP@c>Nx8`5>GU2f$pXZvf?O;X;u<R=Q+Z-oU
zvvm4QsCXAqfbesa&{xt>I62vi{(vXN>H=5-^lC#1St4j71r-4Cvh<3=rG@=6N`Pek
zN4!Ns^O%u)pzROyQroc}DfL+IejOl+K^kP&d90710U;A$aB_nI^;LoTD(%+h=FnF;
zMfYP%rO;}%rAq!><I;6bC^tHE?m~qHZt_l4nj(HbfxE<I?!5L6{p&xa%w17uRWi+%
z+LIoXRvpvJc+F_?BGG0y|7lHwqT`X#Bd>l8eyBxc%XvJ<hE`_8J7fdUG-YJIwa>;a
z02b)NdojMLYfP)kclq)f#-Pe&5p`UEp|QL0cX`}ppjzm)M$n5619UQ~Sr+tRToS6K
zs8<IHS6z7H^W<>3dVi~*3tBu-R4cRiD>EB#17~R4bY;ZgNu`5pfg&LDDR^QRlqSB6
zjDBN(CZ7~8pw4-6;qacT4U8O<<pQCr5&65c==mRoJM{(3Tvog~P}6|+1aF0TD%Ulp
z_H!Y_pS_bC(}=~Ui+u)&!6F-GVY|^EHe-vQ?nz-AN!!oKf{dDMW9l2~?=vLtOk4AY
z{#{NaHUm@(zH)lzaP$@X;1{p+^;p88k;Pz@zvt?3ts*~vDS0p8v(DTq`bAGHyw-5E
z#tIXbb+L>uR<+dy2t?1^Ssr{h;u`bc9ph;pdQSAWPG+sk&@vwXIQnu-@&X6`2N^Ut
zCU<{-{}CYI=QXX*2}@`;rYDbH1qwIjV90kpX-yeFek7NW|6TSb_9XCiay!i+_&)_-
zIZp?_vWAWm8c@xDD9!%(72U$$@;W&L*qarJ_H@6elvyyd3?~2A0la4wVKK|r2$twe
z&*)+3AG?D8rKrn35Gd-Rstw4?BIk7mPVfx43d`SZAR$qL0tH>AKOCmGT(%{Fx-E%k
zj%jTbf8Q(#Nq=ggY^kyyl=K`<;3z&`LsQZF0OH~P$dPA${E587(UVfMd}I1Q1onS4
z>$Uxdi|6hEg<v{BahJf{hC6U*i;tkHsOM=RFuErH<<Rhp=fpN1C(c3&<LbGD6094u
zO32xb!Z04DeTsUI=6~J>CNs@HjrpO^a)n82lJ$ZWuZf~*u5HI`>KJy~^4ieim6nvr
z!eJdFD*8HL&p-Y1iW&HZ{QpFWVhqziXC-+}xADsTU)v;1Gym=L{|}2pyK+_HUb+9P
ztd4}~t=5x&w?_0ir)CiXi~aXbp!o69AEjP@9{9hdu>V{9`@iMRH~+P4{(o8EeVpEK
z6d9R?KNUM^&$|VB_tQ6))`wD4_gT)PK<%8jOplax&S~l1ytowjnn~^AIgY^BuXorQ
zz?2;Q$!_O!qKU+53dUE~BAE7gmZN~w?Ue0T>s_hqEV07udxCp_Wo49={Z|+KzuT;;
z3N-vn3-CX9+W$S(zeebPa=iYJ@7SBaR?m}=c<DAu)>fFe+b0u@svVaPKoRc5c^*F9
zIH7$bZlrc$igNrTBv4gq0|d{LykLZG&GP^r1F`1MXz+IAX!&VIFc)x^KVDx%Z{2(y
z!Oj&2-NwNnA?87G(k7r>aI7JR&ihA?9%}{!1cXLJKrAgku1#X{$Ew#CM=O^{E4-6m
z96yG&sUOd+Zk=Osw$aYl)6dgPCVW=S1S&zp^-4_FgOInI*dk2(q0FS5j~;JKRbf2W
z3mw`VO;3|@)#Lg%d^y210y%rHgnNART_xgp=+{;SgaZ179Hwe<6*BUg(eKF*bPILz
zDwdACN0fQ=E4nu7scnZe2XM4CMLq9AKYY+kVDO)DcMLJtD6q!$y!XeInCSFM6DhTm
zOoY>Xw2PBP)i=a$-MR(xJqhed!(<HP_u^+^`R?=Mm#B4L!Vb!EcL>Q269K7;-Jf=|
zhl-}`N7tQ77dziDa#*y6i}(YzZ3DAQGBxFr|LH3xgNIBcm-dgAQ>#Z&UsWn0J0ai5
zu2-Du>jQ}UU5=)b5?RoTu8ewbmqPo*R}EviZ`UR;=qZZ(Lm$wMeW8$LN!JS`zh*k(
zuHyFj<z^Qa_Vj%_K0Y{{#%v<>i>o5jC0BFtfJ}V72^AfEXOdU$C_v_=DAUimVuEd7
zMWz`{Q#0B|HiK}j7YSV5L^~VhC+t`j$sjSk<Nfv!UVw*iB@%j1Z4#^O#}cFaRs99$
zRjhha+IcL1&}I48SLVZ|g}J1IW<QgLfaW>e;z>_3Qs>AZA<C{dS0!Qf@<mhc1Nln3
z?K(5qn(@fhzaE9K`Fzvk+(sG+9PU4!AKa5RoE^YO(DVv1cYc52_wCz=r&L@Y`&MWu
z-GGV<EXrg+9($go%TM^&HTl&SIe;y<Q1qXk4n<Ihwd~s^4_~~v?~A#ZP^zDDN+m2N
zrVl~se)jEB^sj5F&JjDP-4wq{c3n5IpLKVnZGCw-vv?Ha5N9j7o1=m@BhdU-J9lE4
z_$TOt&Y&Hok=8g-Y`L9vb>po>W?zx+PawU89++k`+v?0N+jDa*w)z^Mrqjs&954^~
zkhs^3-`$kugU*RJ2Ar0B!`)g#@HshRh(Xt=UfD{fVZSf6MkG)2KG0e|Q4bb-dnu0d
zBLo=L35@5I9Hdq;ZCt$aRnHxInazYcw<AqJ$3yV=>tPj$E9cKkvjNjKo;xMe#Y)9{
zB}u%@dcbKpp`eX4-S)7nmH|`3)tw}5YEb^-WN!+>83%3Z4dxIK=nsQ<N1~^iP#f;=
zF#Bzr^ZRc<k*Y_ul_%{3LMY<K%tNPyn1V_>EO(CuP(U%cOo+ei$N%jDRW0nzvG;E0
zZv(?dm(--nwb@mdKUX!&IeY$Ja$B<<nHPMAe1-0BL<8)6ff-TQ;rGiZ*cg?76<MW?
z3a5%XCh)Hd8w1rVj;Fbu&=lGzYvIii%=+uG^R!xfu>l*|<_G;`*UJ4JBPtv>laf)J
z^`n)xFW0Le9nrkS)hd4uNA!=<z}HcaplrrX+)24#WZN3&0Q$zd*W@SOJ$dJ7J=hJu
zV~`5+*X!%+>xh-e-<oaD9j|pMc=h!dd1xsQtejszYkH-0cpg+wQ`rpUsOuepBsy{H
zQ;>box70%l+RS#!uBi_vivwTDqgu*sQ8uU^<z!IYSSud{nd4JG)>k3J2{KeOtY4~H
zhL6KPI4VAS1dPYPLStWJP@r1R*zp+o>co+6y=~pAzJSHKCTaY{#I%K+;ESKJaUFI*
zT~SXwmD9x3dVZ67dc<~3#uwSSt{63O*B4O2%7|{2t~1q-bkUw-${ctVz1U~p22;N!
zci?#$!&FwMb_X5qhh{x~36UINVAalU@&DN?!-}$BNG+8T^uiX@JRjYEH8an1gGNL_
z$GS_{UuSbL(Y1fxA*#}<{dQjDsv*(>Gq3DmeLGhXt&zeded`LJ*5DYcSKOatBmo#f
zRn|~yt!iHS*@e9(Q6i8D-fe%K2|QN<)oig@G<rrukF}DMlMmstS4qVt*G7$?C8n-M
zH?;cr5B)X@yi$$IEcvA%#bstwWiUOP@tmcr9NiDTe*KCx%nj68@Egoe#tXfi&I`2%
z%&=l`<S`A}mB@1!C=peem|88^xZSeCkSt*JL60}J7^v-ET(`r`xJxm&0mTZxt(xlW
z|Fo1Olg)Q8NdLlF$#7bA+{Cm!Q&2#{PWj@{O7d#^9`6S_@4@Qa<S#Vd%QOz^SSo+h
z?7lwfpKL*36w6_x=61Fn|ISoz>Fkv73-Z@G9fJS75?83JLnMv(x#Ar*xEK4C)3C0t
zRs9owP)rh)CT!h$5%aZ<s;Ok4K1fAMU#owBm`a}KGz=3?WI^j@7Cn8cT~p4T;C+)0
zl^$RUq|}@WKzyROLNUFESAhOP!UA?Q{|bN+wCB&akI!y4Lzv(Un6?ygUsHJ%2=3FS
zj<HL(mIXTpJSNm|V?ev5wN)9hHXfpBA<7%IqTUjEXUpTN>D=<(I;S7~^ws>Hlz|`o
zl-Pq*Q(95yBwko8e&-(0)`2VoW+{_~P@B_;<my4BKQ)EkM<HN+cYT%uffSk*BScrq
z^|^h}V@7M-ojd_!jVifZ*ug;>*A<2Yc29Nxz14dZkUyX7!^H7`DLR~r!&vhM-C(6}
z*Zh=6fog72UBGs{3ff<WQ+ZWlPj}v!RX5YtVUAN*J%QK6c}Z9j5TVsi@_t465l>8l
z(98(3G)V7{G~qCX>jzyGQ$T)DE7k+xc{iU!z#1)Exm0)W+74F(&RZ=_WO?fIZ+InO
z2qaWoQ4EZJS&iw}<FU5FQh5Or3%kY<whTpoawoFdva(Dxbb{s?6DQel257^3p4~6A
z6bmIAOd@(`*r94u>VYD`{=YXwU-DGq(&fva2ym%@P@wAk*Vj-)UX+ig=qjB=KxkH$
z1yGS5(0uYUoJKd-T--Bm-eZPMePE-Ha)m+A??-+b$DeGOEaHhQQzEB!O-4rom(?gE
z4NW01<a^KM!O)kj*Z<p9_vrS)e3-G*`+#wmW_UdKmWoyF&vju2d-mO=7^u4ep1Jb@
zt=6``FSq^riT2}HKVH&{d3~>t(O64C9;mug=>7TZEv8aIxcd$8D70CodTc7of%?qh
z%3*6v&!CDAR=FdVE5FRDGs`zdOF8jj&>6WFo3Cy+8OU1avYVt*LUkMQjdi9*1#mqO
zq^2HFfudE2kdG5!d6s}S#m$8!?6j3q8rJMn0|HyMpZjTd0VjL|=A$J~My*R&F^Cg)
z{RB8X0RK2G{hn)b-}q(LeQXvGm^Pj9g~Z_aBq64bk;-as-^J=1q`{Uoj?=){+hyTr
z>IV!cVC!R*<3u4q?n}67Oh!L^q_m5dMgz~i;DAQjE61_{PxSHlZUR&~YBf1b6bdhk
zVk+MQr`bJr)!=ZNl<bJ%3DeG3&!xjTEv^Kqfc*9g@_JK}Gpq*<&Yhf)ZS28|c;>%e
zXp!`a{#9CTc~wX0)n}F^!m0%CK?-rb+*S|O)ROguWbCv^!q+KePLL0{s?SMnKBPd_
z6nFrSPN8;gf2EzM+sW}Ihw(DvRQps;o^j$U_ki*U8@QWWI9`b9%fbgo6VMNH{+_y%
ziv0xm=_#_3&V51s9ndZ-SL0kVE1-9u?yXID8l|ogw6paNXZCpVxU{b`ZWSs+{Cb)p
ze_C#(qAOQe<bY;-Kq<uB4~u{&H7tG&HO|%zF~@Iz#UKfm^0~@!{cELX&<n_+{6Fly
zS6GwV);6rmUH}V4kYYiRE?v5ch;*b%7m(h26R-gaB1)Amy@cLE4GIEE3y_2o2%$(P
z^bjB<`DWI3?X~vze<%OZ`yOnL^tvE<o;k-H;~w|8$C!@aT66aos=jI9rdU~7i(}d&
zZ#6x59M7$HA7JRPPMU+9#H^W1zH=+b&>`#PZNomgdGDFGal2DRCiP9PUcXvlm$vzS
z*R;vc5UZA+3A{|ZWG!@6Uau%_X}Gb`teBMQG55nJz*JegEnt6Th5!l%{$kF1d9-YM
zh)hSBrIn55X!SgR81STDXQDE;F;<<jrX`gfANKD{dX5M*nt`pZu^)Jn9ZshOCG6Yp
zG$~Sc{I?`Gp-+$`j09@CCNW;#oSkT{sw^Z#=e6*IV+lVsk8ZGnwhdQsIVU4oM8A|R
zHSeYl=BhgqM&R<e+!-$N;237#j@Z{MP!E&sW`b+iSJq~HQliL|7Qvh7%f8%ob1M(V
zR&>}1Znr6sk+E=Ov_YChCUcGVjIedjM{>o^$jB4f$CX87m=CF92bYq-8v+{_pK-!g
zC<!(pdt7k93gB4F$53CXBK7W@Ve+1I&6xT$OG|dU*`gW;(nEv9H_|d!Z{5DTWgFs1
zu-(M42YCaXHJyIESB<MP*@SL?6VgeRUCYmPKx9?)x&uHe+vqbm|5~ZONlvpK_{ljz
zqoTYrnA1pxv;i$cPlm)#*S+5d`KuV!2E5JuhE{(mw2;jM%9G!mIn!I<%Jsfq2gM`p
zZ3Z04Qa>!z2<njaO`+57*XMUW(QBi4b^Oxa2aIec2WqJA`*#H<0aG9QyI--E17G0#
z3sFA3>eyt_7%@kiph0Lpy2d51qgQ(A$AFc1r{6O9$N>qz$JLB1?OmodCuW*RRyiV)
z+kpi1)p1&89I~D=J3pTfm97cmyHf79^9<$J;E+0h{KN@}m!ErYI`qdf{BfjBl&Ifb
z>>UNs=+h_H4FFc(x8C4mli3bWuJ+TJ7clYKJ)k&Xnkrxi(^kih9hdTI%E-t#&G;jq
zK^{J|8Na+eyDqc=tG%8eVD5bB+%1!W7jg@GwY}f7uFEZK)T-aP8w2J_<rtV3Lj2Dp
zO3BWB{`A_Z_3)rP?;i&etXGun2S;FR&e6~e6s1T%_Z2KfSf6<?-*aL2#i0;Xp{b72
zj;nUFfe}k^=?!s_{HUtSpA8#>x2*16{|tEotDb_VZo?UA<^|0_ht7JrP}t$a$_|K1
z<rvzNj|P=UFs;~!f=OiZaGs)7P~7)m%8`Ge-bwZk@Y~mZ+HEFpTz(egMe0xoom+#i
zQJiYcXfbcQwTJm_hoet}?4pG(&~9qw=O$F7F#Wo*em+-$EH^l2Qa*MNDcHbZq1)GN
zkJ+A5{^j5y>U$+TA#{)oAlmoxDdV{k($x`!8q&eRwi&b!NDPyNbE+tL0VcvWyV!~4
ze}TO9{)7@~PX9GY@MZmIhAlC0uJc<DQ}mifE~1-p2C{lJ+D&~Klr|`fSaD0+)C)?H
zDI{zTo^+wilTFMY%?CsnZLs5b$4<wdhcru{cWPV)IL)l|11qyEh&yb7(_#}LH}c?3
zWnnb^@G~}dSZV!qfgPfod@7`T?PkNeOy+CC@VZ;0`D#R0EG&E2*n0;AJ!7mHMvd6<
z0ZKYs@3k25f$TrNzWY0fCZgtO49c+m;?lfdkpZx<`G~(zeZl#2kHUCH_pTG>u(g5Z
zF>e;fGvmRAK0JJw?9Q?Bf<@B+)ewKiL^wf$&+xXw;>A0M1xO;96Iu2Oy?f-#Ou7sq
zrcyPi={;<{Q_I%<V_S}!64x(^KAfazI>5;;uZpB4@4=`oT&B`jfoI9a7>DRBu1^av
z3j+2*o^(eYr1FD>TXU54lJt_t{NIM7;hYsBE*MyLY)G2W3hzhxGIhV30?dQCdLTVh
zC-UmwnnC)-=w^*v%)1v|i0$<WX!`DiEI;fpdQfvT%A(?l=z5i0m*YHfQXM!VF&`vT
z9tk8WG%2;iq=H*izj5ruiIn4Z)IKSzA(=K<#l^hj52H}1|KydzC)-;d2pEWmXd30;
z6v{f=LGJA&<@5A8U@g^%IMT))A^TkqHku_$CZ^=Vwd>ctr+?X(nAB)oY)Q+U<sDw!
zPV)32{1ABD^!6d`9<tn(06TJuf6O_cWw?Fym#bRO5jMHa`~-gU>@{0K>X<(2-y@(o
zH|!6-FGiEbVhI#OY&y$2fGb#R__gdTuh}j=fCQqpMr_kdi!QXMzx6c*yAzOUL(@F@
zD<uI)@f-Y?YdP0slv0KT^gpc35o?UWuz@{d5w(7sB;PY!y*BRvpTK&9^aSB~aBv_R
z*l{#8)W)kI?2`gfnx3}KhZMF$3VyUK;WSW+A$m>8cfSbiI><=4R0}#JoA*^@^E-ea
z%*BvF)+9Us%q`2RkueMh0*T3vWcm}iEpVV*MqFx)sF7H}v>^+SLG6+sfYX67OCwRU
z_1|McMOI3Sgf_;Q(e;5DCwNuR4c?1S8)EvBYf|u6#D~gVhgOaONGiSp0R&g~AC42k
zt}i#{legiv#`vSf9e+Wuy+^E$XWFbilGUmoQPgVr4EG@?An!8x3|mDl-tWoPS5#C`
zT`4B0wevk|4x{>ImYo`Vl&;7;Uv<*^J#zS7#JdlV2e?j?$Mo~m>K0ReUA(EGqZ_yJ
zpiKePhO5Tb-qPQ@xBsPcERW>L#5X`}mPeJ0`8w@u=c*Kzy0&EYu^I7tFHvxs<gwZ`
zqZ*$XtImK;ayExddEi9F3>SWJzO6c-x1)2SfM%Uw5M7#vBsL4=O}*mAzSnJEn(J=v
zv|f6!6;yEj+UinAZ;DDhPrP=%3Vv;g@iK>@>{kSQU^x547|jV*d3P0cBd>liyoiR_
z{f24yRlN?4LH<eF(}S-hb#$9;jx^#!nFNc5+?x)=z|08z3cipm6*QD5sL)WogsO^^
zs&+lUh7(D}_vWl^2NR%YiDs_o{=%Ti%Mt<HeO6Mnu9;x?g`|v4NwV14F~X|!Q>neh
z;_v%OzQEknQ#YGCKBOFsz(cg2zA%E?W!)pmi<%ndS%wOq7BtfZGmtdg*h)7auetDm
z;9*aB7n_f2#9jfJ&UTF}rl;C<^4wPZGxqNt4yYwOXr9kg&uF)N3@=UF-g~-5InL=5
zV%}IP?R$-#xJJs3kbV3JXnZ!@^nUXj7cPSY?R~R#DOjbO?`9*J`qC{M1b4uf=(Sj=
zrbW+`%=k8h6l5^+BYGBR=vnEXA>=o^;b*yIDbm~{6{enupOru<vpCUA^jUTbwRO-H
zOFPRU<5V1Wmcuc?1;Blp{Y_qwsOzUm*A6*GEjiBjHSd2}n-A*@Tq3vZZt{9N4d1sP
z%n2?gwYIA|pva~O341Gcnf}D<u%Q@h-Wr=d8Q@07Sak}X2BQL2!TE2NGpivHXa*M+
zE&<KUV}-D&nxxOYiCl@N8G2kj`89*sAi8|{!<R2>PJqLSU#8?@Zq(echm&6iWc`Xw
zmYumQyXB>qLcY)*S)k_UjvEc>_j*5y)w~__5YPaqI)A0c*qLG13GKDu*MLX$A~krG
zwzl5K4XvD}diGIIrZ|ys=en%tquR95u{?Szv+zXezL_G~#oYvkBw-t^1U`$fAcRew
zPvFb%+eu89FGB>wJ`9vUo}nRTXIY8bFRAex!;Bmg;5u_XNoS*p0ozROVMa2!R6xA3
znvzEv7!WGL_LEQ3`<Vc4RZadn^`IXKCzl73UkE;AK7N$55I{I(sVi5M^WmvF6<MJ)
zM2}~1mNoabw#a3}*OZ5MW;WwnW)8@|x7kgey3M27y)mptS(ve|H%tZt*Fw({fltLF
zw`f>l(ZE6%OMC+zH{YBW528{d71u%mbj>(bG<?xPmh#?$2qq=r!j7;57ou;)r55E`
zIidrsuE+whV<h9+09b*AzO<9-$x?t>7!59a&nmT<A9j{vM3P&v7@=rmj5cUb$}GXH
zxOA&DtlCh_oIs;1BIV!ZCm5)CX<tzu0dv=Q-U8MKS#BT5HrhDgW*P9kpByk3`Y>!>
zj_9Rl-JRTC4hI>va-;-XuqPQ%K1I4DMcgP%WpNN)YB%W+$w<k9N<*vc=}sx1x4ku;
zN$Z><U9I;JP{TZcO#`C(=&cd)l4O=zFrCw(uc_TVJ%b)oe=#%PLELR&esMfBG609C
zHEMClv<S((zh`P{)^v22==g1%+b1JBy;(j=WIe1CaJP;2SU@67%TNH)Z1CHtthDKM
zLNFx@z2-5v1u2pC;VO9O+7LXGXP+@3E4@_c5RZ>LQ+umm<GBJ(+U?f2ncuteRvunF
zdp7!~#k%;40@MY&^Yq4sm1}F&jPaTzo5z!KyQB{pcdSPU`kmq$QM3H<U5P?Y@_q{i
z;k@o8Ksn7FNFMAmEHCz8;F)*3Gnx6x>SnSWohH42-N@>D-Vk#=d~(_6up><+kEUMn
zn5~>@gH_E7EM$}C#=Jf+Zo3G!?W|u=oOP|-4#Aq4s&|ex1SR(BGrCied~(go3Q}@I
z%w^gO0rLT?DEd(3H3O@qdhH=Uh?Qe_$8&sqLm2J^E!$%?)-g{`MG2P)?RqXpNru`{
zkdyf&6^mYArO&w%t7j);zYooh7g7j7kO4Aq=qUDQFTS;ShL%>phKrYF2QWVl$Ps1Q
zC=vgCy1XEc(NkAAj}5zy-^QIeBVy*=7Tcq*^cz7<N*+BLlT@74OIZ(C)}N+5nRD{A
z_NeewSdg?Y4gpxR4##oYv?#1_NKrt%U(~!kNODD;1oe@AxuH2Xukso@iTHOTCRA8H
zy#4UuF+Q1wo|!r6i~IOu8(k0AoVoqDxS3VySh-?2jXtXU318S4U5-k;Hc-rqvaK~w
zWVAzQHA{Rv$kR7WVFyqP^Ag*Ph^>Rk$)^lFcEsBKF1^e27p<f}QC37yGpr(Cu~;`X
zWl$qHxC7UWkn&nB>^3Ns3QBK&p#)~GUeMNl)vOCmSQOp?Q2(Z=iv<jS=)HFkk;YK1
zRYlqd=e;Wu*t5%>cQ2hMzH8J;EH>`wvE#`*?Kj(Aod0b-^8ioUtYRf7Gk#A$?r}t=
zp_+d3qU-(Z5tOmIB`yTCb7>f2-9Yboe+M%GN>x+O(gr4G-VJ<`e-FL)BaK(-72$}+
zlE&v^+D})r_lz4qe3rBN031!s7oqVIkM_zi9GK8DTyZg^J#ZXbyL#Kn6<MCHZcJjz
zkRT<=dhOc9jI>%U3U++U?nx5iM)r+i!NfPci*3XV8RtA&Rw+wFx}2#INCSsgKS!}3
z#ZnK|fN^N6L=Iefif)oRvcnonK9UzS+x7W`!8pIDLV!A}M9->FREn<}@^H@gr6}>T
zlpPxOxse3vL3v}wq+>mRvkz!W@oEF4NOJf+oqUbiZz{hRgHxYs8=g!8$vgEPnrnbF
zD7s5-(x8+**tizZyull0C0=0OS&jkH)(Oq-3%YB)#!x3Tz-RP~$wK#L0$M@iff{iR
zo?iToB)|Ps>|Hl#dpJAx`i~<s&ENf=>Bj8`?<?N#@@NG69U2<SvO}tMwtdwx(M<4d
z+j;KqF<RZcejt)J^IZ6;-K(YbIH8$*kZstbzOUBzrifSCN4}331oVj*=9%C&)kVqM
zh>Qu{SX{{H^p@x8TCIo8fdQR)!0|F{JiQTZEb7_-hzvDizFJBywsvjvsp3zCKO+Ib
z1*9R=IUr&a=cHf0sx3*D64SSg`KfVtb*W~Vz4$kHyK6a1QV*EY2GKzTr@G?$AvBTC
zVTAqS)?JQmKk0i`wvRIU%4L05Qvpq8^s2)LYOY^A^g{DJAuKTmBxc$W#;BU78-gsN
zesO)~O~1Y^H7yHD2PT|2evF$(s$)?okyI&VHt(-ZBRyvI>`{gp2SI2;zwNxFn*Px3
zeP$kmAwSh~%INY%sNe9UGM8o=7*sXP0Q{r6d0XQ0&6^G@e`x_6b{AaF!q1#Ot2J<~
zcI>$mW?%EJ)llj&7P((KDX2qB$N+s%N3b=ba;G$7w!MaS0Urb-0eCgh#yB}L`UaL6
z+cF65ys@V&ip(RcG(!L`dj1^Qm|~A@IwmhIJFyQ?|JD$H+xjz**cF*%7S|>h3xE8a
zt7*%ATx?9c{k$=B4NNhB%mk4Y0@d!@{kA8W@E3Q5JwcrX0YjQ4-*(qc7VS73_Vw!_
zydN~%xHO5^)(3~K!tz@+b^+Yzz248^!<7bNV1a+E0TP@;DPQud1U{0URflFpW7Y$Y
zr!_{VayH+a0|ht`sLfw}7HESSm1Cf><lF49X!3(@yUL@0c2mouGn83MjCVwVq%URX
znkIc5pz%%|SDl2~?G#PvADZC`;-boi2SDevUe@l6Yo%>ps<L6_8)g@a$MyFOsYt0B
zfFAX9^6NIjjOzFX^Eq=sW`a4&O^#>|u>W{7`zgQzM*}+s^UHr$QzA31ro~ndj;SL1
zo{hbNH8&OpXX|gU41?l?u$lF}%9bu&6Q9*_N8fga-)p0M!uTwwNd8LGV>Up~tr%9-
z{gPVsTb5Idpcmi}5h&CS^E*i1*l1Pl1+%h;Gp#(I!SjGo4Zg%IZxj1!mdF}Px#d;k
z-j;K&6$Jo9Ee++q2BWMB+qd!@XNoeaU5O5C^3{4(dC^-w@60}-6y-bnPTn4=y!zu;
zeMH^zNLBKa=gz{5))h~53GK;YLHsE#HV8%rwh{)&5Q(^E=*f5~eJt1Na@)?%&5Q9|
z8tFc}^BfaXt`&A02aB6qTOzV~2H3+=o~y4;Kvd)!V5BgMD@rl69D5=YEwN{7t9rl2
z#&`2_e&1?I<kbDJ(gFGUXs~|kr?lwrI__7Y;wv9}4uWtES=m<fc9oQX*kQ9FP@lN?
zJk9-Le&K#BgI@VlIfT^;=@a_V(--p`ooAQ?1Hqb{KksgUzg&x?at$?JK7FjC$h9{1
z{Q_T!AOgvxnKE?<5W15cDi=$KJT)Pv%QgX(9{xZ>fF7IWRI#u~k_qkwNZtwk#~%kY
z(ak=%u*Pop!s|-WNdjUMMSG4$O<uEB&QyL_(4z51*N}7c8n66pqa@3&AxDbxOd=q*
zIp{7qc#=iLidcpuTr;=2^V_Px6qeH4(ylJ9Wasd_=MrOpuNTA_ONiijwXT%amYPp*
zIvVjY;{6EfG_1ntS*u3XKRr?64g0o^oC^Gz-&R4mcID$)Hp%^b6-H=UQ%nvTE<Y3V
z;%jpt0rf>$y0OzlI%H&ZEbapkL7+&)Pp8=D9|N+0NXI(3&$->XDNCf|2^olBkzDZ<
z3&dIH!)gJ)=xij0g3v5O5YilWg=coo`{ZihhyX)fqjhV&>g?-|Q7&Gzf<32T8cVU)
zu3noig@Jq`#iz=4eUo8qcI#pz%2B+?;&p>KE}l1`%HDCj05&z&bCC;78peM5^l5)<
z<P?K|?qtOdU<P?j(V`%?-)V7{thCkxz9Ot9Xp1t&c*Q-SVn`%lc9uz<NX;Z`=GbJO
zJl@nURjU)W6{k}KoZr&B)?*kC+z>wtSK*7Vj%7#@T%#w~eNeR8dMfsNbuRGQOvhy2
z=+;j<epDq<AoEZN<-s1Kzn53_6nV^X*mVd}CQ^TmR8_V&W(uaauU9M~ASp{NPY{JS
zK7v4(%dFE;q~DxJ&FC-ldaKQqYmx3a#<Z%^Z~1U5gPCn1DLb=*`i7rAmC_)0UzKsG
ziJd)3MK9E|4<Z@a*>S9E$9WD+$#0wNrSl9K<O&KzSGNq*)`vx>udlU8*E+g983qua
zs(%SzJ)E8>;LM_)cBgAqs0_MV97tFVEXevbKO=_$W=GYgP(A7D2(E@Dbzt(w)|W0Y
zKw0+5seirgi|;*t3I?3^2-`j}9PsVBWrPO5a+XevSkm2}U~Y0aukr!Np!Hp0r1Z*p
z!IEKP-=Y1e7D*ZI6+p-WH^3YFbF3?UaD7&4KWJDgyzMZsl=J6(y@5Xlw=8H~7I#MV
znNHA2`n4%a8(Zn}n4_({!FXVn+I%(U=?WGTYd{2nnF)>~goR(tz=ICvs*JE!IX7+`
zoz5u~0TWA|(U&EPC?hS)sGx7_2a1s)LM6--1Vl9A>}zK_bz*R-xYNWOaFdC@-6TY8
z8;9wI4ErKI#fnBv?JXwm54-*)#=c@tHGNZ1haE0WSvyPya6O&3<CIOTr(x9_|GJo*
zS*l0>;%;o+Ypg;&{(y;6=W^jVeM&jg;<Y?p?d5T^0z-vZuJ>A6Prob*f$R?rusGnT
zOHS)K@>=a=QBl5%K~bTtnO#nzxns6q7+N53?Mz=<iyhh^^Eq=g>b!F$>fXNBqKy7)
z-V$sbs=Rq<ON>mS2o9Gy*L4!0Ixq<t32;I*Qe~VGW+0W$J$X828_sD5YpOpB=a6<c
zV%2Lio(O_8tAsO2;N(I0YG}d2fiI9>^K!AROAF_cHLP#KoO@&`v|crl7X;X!efPtM
ze?#*_l&6s|pE>OQ*Z^}TqAkp+Vx0BYzG6R~YP!2hftnAs;(|yA_3i_HM%lMkgO>;M
zus(JOM`wBvLNw)9N<n}S$8f=%l496PS2>c}?u%J<JwcFDpe~Cua2T?9^vrI0%1G6k
zF9N20qnC@%lwXR+=o>};C#itXXTnmwr$aNfNUA2I#vcAjHf1nRxda6E0#nB^+%e##
z!Oa<Ec{5<Wo&-&V%vXrZ%gfg|k&|z#rxj9(D{`tC*ga6ueb<@x6?1wH?pWvjT>-pe
z5kW;2APO08JI5w`7$*+htZCb4<~CZB9+;O5Dud1lmx?FIs^ye-tG;<kVg=^L)btBY
z*%~w-4ftI={n`RbA38HP)eY7NSfK+eC};C<NtOOVgTP~)a^v$^7AguTF9Yo?RM9~=
zuSx^R%2D&N-}bF%jYzv~&@k5}Taf#niB~=%hs*wYcP2XBx_h|5e+(*P@_5h_)M%(V
zEV58%bQ{3Dr3$G&^SXl8(9<K;Cr+H;<>XY18S@Q7xJrX`$9}igEz+h8$O7z(o|cEU
z?W6^+e2})^Je%_31*e$n(4*MAKHaJgnzL}C|DwtX-tc^W!`p4EDYzi{z55|)a?9XM
zWPmcIdSXvB5VNHn?`2?cZi-NT-bB<74BFWsh6Onri7Qthe%WJ@xj(m@nMVSvxHP(a
z@gF5!D_|;4>-|D`L7<+uZ@;PwBwy=K6?b~mT1Ki}>zESTG`qn0%d42lXW2P+beGq4
zHI=>eQ4z&by=@2hl=HN1t!pRfF4xZgOw)m*3g$ksP$#ORhik2MqLGshDIsGPBW5kD
zTU6e*t-KeiV~b|n+V3@%vc7F-(zI|fCg;M9_X=!)#drrX@%sj7K;Fo-64%<bk?d30
zKJX|%5uMGANjuIUBC56>juEvO^lJYub9?1XH+@mW@u@4Wz^V0j-SAv-8LsmCsbX4F
zh5PH)AFKkkQZHfOP>QXyM`uWR^WZQID!`s)pTyUL6mV&-#5gQyZ)+BKd?emY@n_pn
z>A=rQjef6g2;6&lI4_ev@bLK&qo!w}_Sm|C*RtAe9Z@YwJ2iGgw<c!f2u^svj1(>G
zXSEeZ|E!PbOK;eLb#Ei!-7~DdWX<kBp#f?!Dj{r4)TG(R6vQCUFP46TRiL)8e3Mu1
z(IBRgfGjr*q#8AF0or(ncy;0l8fM(4<3q(xyKeoN7hteAvazwdEa_Y(^PuC}4ywzF
zYk>*CD|U|Ut*3txhcSOpl^v>4M%+Vva;r%qwu2MS5WSn@p2UPP5r4E30%r00;_!uf
zW<);0=M*iNgq;@z%4P2fbsO~*&<U2j(`#ObT--R#)U~!P`A+?LMz*q!P4X&tnxyAV
z?|?QEF+<R(VQ_nodi6?IBLD36XS~BOvNNbj;yly?AE2nHG*+FjnW&FSug3ggJ)9my
z8|BD|+*^NL8iwmOD0a6q(Ny8d@L!Dq1YM9k-m$T>+G$u3L=jot$D1gi1k5wOW6~I`
z0JLX5-QF$bRZ(|QJPc={92;Q~v#O5R4`M#h)0IXg4nvi(rC3o~v%jhorXbU-2V|U9
zG@V>cpc;@Cl$gnB#=_Y1bPKg_?k0zxnH!$=M}XSm{C2%USdjG{NiOBZ!93If2Tbop
zOABJ=__5=5lU&VS&(<E6m<pNiZT|9DkO}0y9mjil)r;-ad61Ht&5Jp1Mp!gnC$=^2
zlQq+&tmMp+Vl<*qK=DGYhaklKUQ4HEp8#GMWYp?J`DMb(^dci}Gb@9_CmOsV=_T1M
zuKIulR*Q}Vfv^Gfk`pNAG(d63d$&Ol<!^@I3SlUN(;A>*R?!xLOUObe^iB1OmgcVt
zK<9+0-(qq?BY=PNI~Y0DVf?zz*mA!|)rk?X!@kDpNuG?<aRz|L*<0$bt+&UnNS?v?
zU;y#8ocz<{;LpM^Y_Zl+I_oL9$*9p1rhgzK-G?29v2KXLum46w3P+DV{|X8?HIrOK
zS6kxV-Xbat@3pz^6UB-)KejpRv&3@sDmOA$#~6$*&>a&O(82p@r~xBgXk_+OCuWp9
zR#&2PdR%y+ot1s7<b$)<KHM|_qGL=|fDKNy*Vwc_&%OO*h}hz@DjXuci-EpR{3P&E
z5DFA`JRz}Aj<k3|O@TCNm=gGufp#6D*t5Il;qcy1{1CZSL|eIQXKAy0`q~mP`u%$(
zI5cPBj@UW;on?Q!g|E@nI%Jt9r*xMoe1Pjnc+zo)SAQI-v77J;5_5Xd<~`S&rbFEV
z>qwiT`#|vryao{6=p<@5tHYUr@W$R8NPO8wnkO<dhCx-xasQW4o-0k@Aabq8K-gaw
z$S)ZADlt-Dd*D8`p?*l9ZSwlHAQax|o%?+~De;nbKz1(A$mnbGbbI&GU`aG6@xXu-
z)__VT6Tz?n7^`Go$uN}Zt{tNCopG6S4iE;i2!AQtaWT$iOG$)OAK{fNF>Nt?9Ug_h
z>-~E>VzLgoG97~3Ve9h`NJq9kNK7m2OqVWw5$9)ts7H1*06;tDyE-t{rsTc9B1sCu
zH(a~6%5&$=BW95tgO|_!bsM~t83aC?TUcZYq!b6WtQ|su>Ziwim&HiN)gY-7Q%Q6A
zgStoE!Fzhk;^du?m_9ONB(?Oty5^;ek%C`dT}uOW5&vgtMQ@hsa^vowI=0VhjA+(M
zOh&bnZ~GK9c;QMupP&PL&EvM?AzAz0jz8gWO^_iB=!ivOCwx1aIBxO+jhwQ!o7P8A
zebz1$FDg6y`k@_~FlP|~YQT;?Z(p81D@qoELgO|SR_iD_`S2pUPxr-ffa23#BQ%Vp
zA^l1pibZjVJg`W*KT|9#<UZ`_1@v^@3rGb7SF}*GPxo9|;hd+Y{Yo9TQB`nN?|09J
zYWwXjRly?F`5m5*^3hY5NW`EoQ7N_d*p~|8LGl7mvJR61xK$Hww|VO1ogGMK*xJSr
zJZpdlD;e7zYk?R%qdlXymTrptRdbvoH}mdWRz~7-N`(T$xu+pDF_=JtwAd<;%b^Ob
zQtm_>*95%QnQ73r+y#embFQ!OWyWa60o~ct$Wne@j8W&3*yZhSN*RrKmUrL&j9{eT
z^>UYq2Hench@?lVRLf|`y6qJ{odTW&!4jPG4DASMSkp6q5shDVXP;kNE3392yafvQ
zr)g<FY<VuU*z_DcUV{-T5cu|4Tpvz%zJ1<QZuN%{c7ez-*SS1iY2E6*TDK7)xFO^+
zElN!ft!I8C!gmaZ4|5FWSs8dQ58eYcfT{jx!NALGJ4HDJ)IJnTL;*$wKcB%hEmNvb
z%0stUMS&wkL!{~f0%nc}G`k;BrZgo5FYmDBs>h<IWM5T1>s#q}_g#JPS>VV7xM)Jm
z<%uS!iaOn#R%H|{no~C$=sC(4J`PG!vl35wuUds|vq)CA91k8+qUM+tR$Sh@(N-!c
z;x(YJHETVlJzhjf9N`WKw%K*|zET(^t#OBiT39iF3sChOd3~R=FLF_|b#<$O5ocEB
zw&_9U5CWrrv>A`%S^3R&AU3_EMQp~g>!X!617FD$H8-OYeN3IdDgZSqDK~2rTvvco
z<2LA9`BQa)?~pdysM<3o{41^1O98`|OQxpk9`@WUke$8fRJ^k){bh4jWmMK>v)WK2
zD)2YYyf`*M7e(xl9y=rRs~6t%eF50U%z@;o-p}_knMLYqKBSf;a}r<Njrej!4>a0W
zhwK)daw(gdD;YzFOqQ#}i<<5I%AUaB2O%YC>=Jx@x)v6zXP|&}FIo=d=nSls6`+c$
zTB131-(_iXE<85~>#nqRUm@K8mtVM2s0v#?+}01SghGPCnBqf4{{wWV=0R?kCJGfZ
z3z?SL8O-Gks0bEOeE3jG)CZ`PT7^TUSZQ}>7KHRl9>X)OltM@)m|%do5zy^$x;<oO
z$=M#=TLv92As|aAGO0*4Y9bebeKKwi@Ohku76U~ljWjt(deFYK$!o}3%W&rr4&#lf
z7Eoj<28#Y{<(V+YeW<zpSFYymu5Lk=up^~rjio?A6+ygt;jpiqlB+MSBqNc$q{Rka
zt?Q#)+F-uwveum|;^O*j6HE4lc^@FNN}ijnJfL$dXQK7X_S9sPcki0o7`H&5B@!+I
zmh4Qh$Me9K;R$?Il!U!B>GRZ955!DEjD-Bwh07t4iq_q40vpd}3{YW2hAPm&4NvE;
zn&wVrp3m+`*`WgZDXf^xEC_D_JD~;`#=qKfKQ^5^w|);Y<f5D2%CJo;_6KZ;HxUn9
zY0+39Nf+ke%qGi7SUOCHoAAAx%Y#D3^BR~M!GVrQcW*JEVeRQ7%iV=j4bS)1{7iXo
z-_{zfw0<{SAA_925ky^Dks;VRjRJ5%RG|y&7|%f>WQ_vqvJT@-R!tp&NT4>*&FVoI
z!7SBZb#5N@l~*d6@avon)W9|eYI<L;?gw(;8JXI^GEFgCGW=A7*|TRk$u&#G$08FJ
zS4KTgvG8Wj^%y%5w%mcf0e^)(BZEqAj<vYVFy?o9iMa;P-4Lg0lLFrPem4)V?Nui-
z@|#XoNHGc$^?cVRM5t2SB_QaEMp?o`BNLHXxG^5R4M_xp+3yfE2@<8<f*(H~H6ymJ
zGw|sff;)*k{I$LU&VG&j+F`Ud(u0u?0(jmI$5hqC(gJW@A60+=<Ruq%5!APvT?}v-
zYKR3o^$DQ9`1ywjs0--~45GX@k<9sJgaTLw&EsAsa|9qyXJj9OFblYkFV7WumO$Z8
zBLl>GY^8JlKAxft{7P!+>?#J}qS+&;;;{#W?5yhb`B{zVDgM>q51_UUS%NngzYZtA
zb$u5@-eU<7@_O&V#52FHPalIU>?ZCzO|JU|nfu}<@>_2}9Kb-}n4D}{C&g(EAv*Sj
zubJ2LNIH3xb7k%nK!X^N#pz_DC^i929p2Ps{3a34uh;5Dqygh9?!8v>uTCHJ?1gqw
zqxlJ5e-luQ@L3s$?4$)0JW0y0@!E4J1AQWY{!p2S$(d4YQ|_E|<1Nq93l3uyDf(rY
z0>B!kvUfVvEOo_0(B<|JISv_>y$D^Th@hy4o%G8(nYU3WAmroL{N};3fqFpg%TRDd
zf-30}a<M9Thh(BxU}P+|EIt6Zq-ni2K=$Z;vAe-<W=WxW2%a*MNf2V+tq}k-yJ+e&
zuymr4z@~+=H6Qe>F-Psw7_SHnPznI`M5?qbIn7vB48M50e)<EELnJtY`d^UD-q|L}
z1kI&}MX{8D{jlphXpctKS|IdOgr-G6zX_O&8a?d)Vg0+O*JM9O(av~x(b$*Jq2jS$
z>+mh=@dUSK0=hy|@^st)&<%VTzPt&>A88M0qpE)~ZArLsP)SF?FcsRQbrcyw-vQCn
zmMiw-loeH`lV7%`f`tp4l@fQ~=_Jd#K5pt{6Lu<|5(xpJ-+8oFWMU?{o<16NNM<j|
zcW3-qK71o??7XjO?W;&AronTJf5xoNtNq4I)8=4g7!Fvv&RVqGFf*Mz7socq1el=6
z0onF+@4`-rD9F{ksIncirecNgXa_XG6TfmMDo#ujT$1HlbSyFzJIyI171YrPX_x6j
zz`;$*)SpTI;KeGrPcr09nna)rhD69b*7D!_rM;Ru8ZR3tZr$_QjIf3suDJ~L+S;cf
z0bZKw5UDEBJ`7RD$Q<Mx>7{0h$2R95m$HsBB;2U7%*yiGIXIRk>wAw&BXtnmEH)$d
zjX4qYN)-WtKL7{WGX5Svfw}znluaciXgSw=oo(p>yn_!F6s3+<aU0k2b$z_r3@&7V
zv{1;#AhSabn(KE;pR<UTUZwV&b;Su3f^f#&^gzh^$43n&K}v~;ZQmlYP{e3s*~pZz
z`K$uszbV-TWE((JPVHaeQKAZ?dE!gWn)490@MYk0&^7Y}zY@Nwx0Sgn1<&iXyD}uA
z?<<HbEukExJhnf7IB-{MB&>p40^b{#o*7o=%kcl#ih=6V6!oU+fB#G#8L|BLf51Qf
z+ba3r)%f=c{MQ)%y%hgF8vnz_K<S(a>XgtE3udL<R3GfUrPVc|^HERy+8;cxZcSUh
ze)R_}Jp+Sc>f~|vnO1(<xD2_IKeXwO(Leif{NCYDnEUpNk2Z<fwQhk3ac4x%jSRx_
zKt5sI6E17Nrta8BNdGPHK6LVrqra5`e{TK%+<z0A7~KET0{ky|r2n0dQG3_-tHF5R
z_Fdn<N-kjMUR;P|{@<~W|2r4$zfbkIXaAo&<Nw`-f9?V}$bbL$g?v2?#kRtTf$@Av
zfB8vC*33$DaitOS!|fA^yb7gf69)&i;{&7&^J6u;a30pH)z46szkK{owd3`){Tg6=
zv(qf~M=(O>ZqkS&nBR@8;M2bx6`>tRvspy&>6o2=Jn(Y)f?7<h#uD<~jEbgonxPh;
zt4+*v4-fo3C~7j*mbHl=T%l7SJX=Yy$;s!Hl{IB%){smSsK?BI7wNc>4pilj-s*`P
zzg_WZbn<DumX*bDo}nb?;wdTj6|FgV&$TqX;;HX=y$k*gu+R7Ye#blcY0OPE(yh8M
z%Ty=Ya87P9F}-}vjD&7~jkC-N0Ym2^TU%S{Sy*_KyB?_`Hm*}_`fh4j+FqF4=ix8D
z%J|3c+!lP`*ZSq2NoPC1H(dr1u_%XFk+#BLzn)n?yK`hr*6&$W=q+$B<JH=8^(M?x
z!Mo<Ud7Oz~KOP!3u(zV|`o~x^`s`vZaDQ5px~3|)_>haaiT|6ha4NXpF=r4l_^bx4
z3)4<r`B1*Hv3ntO8KQgj%HOY&8aqCEq-&Npow-R}MTOQ0I$4vG^GoFF%Lw<R(AAZY
zW0%0UJ-GY#AKVF#fA=oFcj}`^+s{d7?zp%(KHD%I@o)ueOG`NV;*XDClRQ0x;syS3
zL|%9fgy^&=#dC8ht7zD)*H(A!k1ED<8+atJfE9`VXIe8~@I!d^hH_zHVeu*R2(S+E
z$;mv6J@9Hy@S8#Z@tap7QAKYH?34!=5&1{PFVpJ{fetSoBSr|m#qj7KLh&z*J-~AS
z5#_(1{e`F2lLvE?&JP0`O!{JObIC@u&U*2JcI&~U4CgEELGc>@`O9`s-f(i0TJBlL
z1slqD7yrM0=VRM>9_3=15Za&nhBhRpBkz_WUe~Vt`x_6XzAmoq$-JA7V3<t*YET)R
zU?@MPMoyie^wihERJi_W36kKNVC9%`m!WWZgJ&eZ5`E)2t)MHx)vG-SkN<qML;rul
z&VL-xLoWt-idBw`cC|Aa6Z>@Dsq7KyGO88t{{7I0Ufe%f=APbFyT}jWYaa|oFJ6?Y
zJ-D7x(|O@9v_<`8`j0KGhf9CO$~nfq_{Sd~I;O?acKCwo-zO2|`!(xme%;#H8@U3k
zSI+;(7%JYW8smcJ-Kvo#r0KIK9`OnN<D>4vR08kZ{pWffx|`k?>h|KF26^a(NgD6e
zp?Cjyh8NnU>XkYMH*=0PT)uN6O?B#!a^>DE-`}4+d7V)iubsB!*HyUtEdN^Cpan#S
zO~Yp4Go~oxx<d6eH2Z=}R-E*3>){Lk)`Nh*&VAt2V4N0<KuzVSGNiiDiJ3$w`z~(2
zIg3|*gd%G-GA35o8$WrAB}NS5Ou)<h!<-JqJsr@1qVt~>1jVR&Ynz&J*nZNL6*Ij~
zo8N6;;b36*mTb_M+2*6V;mtVz##8J+mr1MjO~bg9e0%PPpUhHg)y7u^G^>vJ34X_E
zw;=>DHS!Ai&Wz6QtL=jg8?}qy9DC{|5PpR7AI5b^<xphKmUgN`NLQi0y+&v*Q=9Vr
z@zb7-C~<Ce=UCymOO^vm1?NcToD&iEpIjM9TmHWm^iWa4s&>8(^U}v(x`z4k@D**t
zd@uJb9VV{4#iw>}6COxb3tju3k#_gg`LqA|r-$Tu*SsL6+F?@ZK85@C245PlD;K3M
zA-^E$>pvJ)bMZac>KegEzb?Of`)%>Ck#!1zuXaaO<v+LmD_yIpOMCtu)YYGbVTBro
z<FJ%L`GaX69$s$upMr`m-Ag_Y7nLv<&7WFEZxvHoos6`GGA~}`yXPiwI`2Qt<*v{v
z_eRu8wJKYT2vWHHM&QncKVWQ5(JTS=_e}*djvnosb8A2?={6XpdGP$S96&Fe;}@_p
zXb3I;T7PBa|1t<UeJ)fk?N5yw+4xN1zJq0^&}{1<$vy~Ic+T5Anz$x^C85;z+*?p2
z{*8{Q=Cg&jn5@|W9}>$?H%EJh_f)ey-tdnj)yHNPowxKYL<cqVU<2$RcYs^QN|{yo
z&d=<;vN~NMOd+{bWBFSUckmsK=loB=Df_2&%6Xxq=PNrB3>FkOM#roJt7A*FkF}&>
zt-befChJj8Y5&t8cl%GJP{OWchnWgQ&i3r_F+wa)5O&7)beygROEX0XjQoE-zI7?%
z>Lb+$pRW<kpYfEr>G>MAwvh(Ik4Cl&&fgn2Py6Ga$MOZ7bpxS*|1`YwQA`x6%YNZ}
zX@r3{L6w76^5n_5<8O}il^^@_-S2+UEn&%zV6d!&LS3=Bh{D3dEB|T;xVz|!oD09_
z*{JvUNZ@Qk<MiZ&)WODc<x)#r$6;x>Rif9MBkxb1OwA6XWBanOP_TkyllHNn%CZI@
zFquY+L*J5v#ly!i4c?86f~GD!ggLWCY*}=Xe#!KfobsSNg|$D?bAHyi3~tQ?(MU5I
z9TP}Y6~R8&)X1;Wn#YY7HXGGAt?HR3cIUQ*N87DUkoG+Z=2Bj}k23p`a@Cg^mqs$3
zKcRmJ&qG|jCcoZOFf3@xyzF|Z_~S>B^C&ubvdO7a@8l$HUGikN3Q8L`Jw~0xN!6CQ
zE_L>-uixM0F1H+&i5D~%2qexLV25&)@&byxgVGEAtMUSt@ry-|n~OfMsrJiW<QRAr
zs`>{8+&l+<v|h3906|WZQedcV#82-KJEvpujRk2J5=!`nf)5y$@)s{?-D+o}eWa<;
zUy&ilEk?DnxJbuev|e1#zv0yAyqHwt+KAAfF7mOIk$Okyv@|2Ooo=@at*5F-D1PZ?
zK3eJBDCN`Kqr2MM?6HDnt7Jq3D1(&|a;MoWzR1pAN@|q&ynlNmlWQB@V;Cy6mKkI`
z>o#)6+sVkNLHwXX*%P*(VFTMsHz|FUD;PqaG8S_lEYO<ov+v>eb=+a{q_L)x_bTha
z%AvJ}AZvJ|`Xz~sR77lHwE7^wmCNloQst(BsZaY0OKGk{*b&0~aYaQ%8&`P1+V!Z6
z+oQVCL>V1Fzq*~3ClIah>y14)ABfek8Msy6_E6xz1ZpycM!Z{F^D~_n4uV$`chdFi
zAiH5#d3)1&lwLP=Ues_NFJ+TRmS5h;eJ7T+S@z3n)=HSeZ?wg>kuRoiKar!Zik$CI
zb6Mqd4}Lc4$8l%9ou<f$64Lgsqikm6PhR`F6=~UbZqFY(u-WZDoJ?M^3fRpIjC3w%
zNY^Vf)6>-Se}u>gQe*O3Jh!m=tFW##s#VV3{KB}T%lpo?ZvJf7b*(XJM%5{bmfM|`
z2v>}@rktEI(bu&fGvmtNzoGBAk;mPp&=ye>q*=NeQeRl?{M@mHa9!2DVgBV{Rt{z!
zcJ9K3tP`s(s?@KMpyl|55=t~hW6sfj6b{KBm+`Q3_xjffinCOTaA!QMwES={47ig@
ze+5O+UgFi}EH{R!Dj#~m*2DEy?+))Os_l6sZydy};LL*!OV$`eIO=GRB^lVtWS25|
z#c|?S2Go0veQDgH4_rTm&mL2Wyc|xq{lqLgKupX<SN@BpQ&@QTa^^eV#k|Ym1;%h*
z{Mt8#!^^5yMxAaf4|5Y_CIfHa<OrcDuB=&sYh7pk>oG3PTN9mo>=zm5B;V*IzxMmn
zw7>XqhCR{E{*3;>KG?b3P@xdu2tOhck;~EJY9<Wa%UC@@nM);SsH9KAiD`Dxn%*Q$
zO024-cGo!~sdaBX7LIC|-P<$hQCu^d%N31@jm7tP3NkeGGRT+ddwEUh9Mvn(0yhX5
zh{Unoanm|M$JV!17t0m9IgZUVy{uRC<mxbqPX5llBjHhf-YrmVZS88e0pVyOxQGo|
zeot2KLsYM~;j6l?3Zs^}6Q=(7{`=~)6x^%!V{#8;hA0*FTAh1nUsc#J&`S%)Ib+Y)
zO+Ng4$K1$!^9;M6U77gw9|E|X;x7JK(!6&|5Bleuf0eu@l;fAcRE{bxE<ZE&xhsvr
z9<LK~y>B-upgvN%i#*+_LXlX5FQ1tay=aqo=gpB#rMriM2Z{|5cYUuG=)L9USP<~T
z)!UcR?~i1@F59|v?vkj}d+-XUF)mp0>#Y)z^?h;xF4vaETExs>p{!-YB@@o8Og9l?
zkWLKTS;+hN@#8i5djEy>^HG<)17Ua`{kM->V2O(xN?bfLGUMff$f^EePdVLgAIvsf
zo)Qq`0=(iqxs#Gd2c2hDb=p5)GWEO11%?wiqnq?dWtZ8@$#Hps?6>$;&_SzbyqAZ#
z*M)#LWV!t;&ITr>KHD9y=iw2-p0Sw<<^k%QmHih=&mDc-s29^ck9$bFGFx$gWQz3e
z;?b+04M4zDjsz@bFv+d^n_r0ZS2m>wFk|i9xfkZ5&f~ZHO;0*Vp74Mx>J{k@ZQEwt
zjt|-0u-y;di#W7hu+Vy60adRftuTtlN?fw}RX*n2;E%lBEbf_LzE4#lHRD&6_J3`a
zZI3Fs7JBCIgpp{&O;wqKbGM9qP8BWYrD^1sviVtkY5c^0Y1RKL_Rlv$LG-zi?vaTC
z2F)ECa;r3dZsVO{)>9j#mAr(vw-rtNGYiLYUObE4xl%Un+%DT<m2WPcSmiZAnVv8s
znXFbL<Zy8J6C!m9^ly$db$(}Bk8JREJl1gL9>f7v_vOi;#l*O#8iI`jm?{(_DRfts
zr$M?S>J!T0c}nopO?pJ-QRsWvw+u`SXPQ)eu^j36VuCvX^wa5mKxNZm<_U6Fb;`%L
z4n+vu%rp7Y_~-K->a$RChEY<5m-bbk(a?y+=RYSzj=xjxy5p{W3QMv?b5Nr+sgc+u
zPeJeT)pA~8)w+H3=p+-Wh<^2y7`<tVKK~z>P)iAXg>sQ`=cW7Z^(GA~r?*7!=l(3X
z{9g4k=gsu~F1?mT3T$sk>$iWvW|(&GY^+Ectz)!x_Ik6!e!AGkB;P$57Rdg>^-X9f
zc;!DIZj#kU^m}L9M;}Pmi9j>6D~pKGQF9Kt<>e|pR<sg~orTo-?ZT0l5AS@Lywv=X
z8uDKb6B0T3iBn3lq!rasVxJ@WN$e^|*-(jbftpv`{rgT*0o$L!#p{{J&Lr5)jjhd(
z)}kEr+KziO=zObV_lace^*Zo-mARtp5h3n8k!%|X=4|!jpzn3z>==3-SQAL%<I>af
zf{1i>h`Ew|mkq-HFNENk%}o>(p4;I5{R$XYqFNEp^JD6yo`XZt2M*2thNzV7A6A-<
z^QD-*+N}db^g`2CvPw)a(K+p=tgu)h_UkgyvDFk>sA5tK%6?-MaGA2~9sdX_K5^)F
zf!eQsbrhXMLy!d)L5dF^{&1<Hatnb3Qg&2`(?Au%Y;ed~dTT|e-ox5^u^ppkjhi-3
zT5`ee<zKjP!PB`L6gc;R3iso;;UbH+{fLP7AA4<vH{Kk@p=*pChg|wEyS9|I5LUaZ
zG+~U`hTM)1>=ryB>r;j3tzom4o%Td@J5)P2g5j)nM$kq)r+pVf(C){V<+DWgU^g&f
z<}waSPIE?%Y@nOHqpqHtbQ|$rlZ85V#UhRja)nfZTW_`&i&qLs7=gr6HW?LVNt?ir
zIj*pSM?T@E_J#HhK?e^=c;7j12k4mSe%^T&@m(ps4<$Ko-=56P%Uc2u=78Cc3Lu9L
zZ_lr`Y_5b0uK6o3xj!~A^|D}UhuUWb;Fk(aMk`fRR0c~ifz`pJhhPGt3TbU@?Ux6G
z3tPp&_3*_ahyZ+oY>jda*xs-`jqGS9jF+xr1b$4A!QSB~PE<wW@#7LxwBR%6S8xQm
z&p6aty5>Yi;iiynFozuRpxdaj=Ro?(GRvp25??IwK~>9VUgguLP7Tb^X(IIucJxC}
z3ssKZk4sI>!VWtlaWiXz+ks{?5Ak9F$de#c>Iuzu^KQ2s-Km)Atg-48;5XZRo!25N
z0vAt~a4fRT2zUUx6yzxm+a<o-va$*>x_N5Vt1a`irlZhAOUo{9QBhrP?))07`3$3a
zhbXhOJ&p7h>4+-at6M*U(skxFaNb)#G99qBH6Sj{y4{IOPA-xKdL;a1a=)g02~ew$
z;gG;WTS6&|(DRSf{q)k!xv!uQ|7i;OO(DG6zuO0NW#uPJggj1nej~-Y<YQsm=5(Dg
zvVA77z2yX53M~Bfag!1Yg}yiIb8zz<=CY<FSL_WeCfwhYiNUgK`6Y3+{|1w<f!f}t
z#~oIwq_~{4MjuD~l32j>PkX7f<R!h3Kl%K-Q*2OW4T$1Z0jMVWOiOhv-)whs7ov7m
zf4@V%3K}bc>tDnW>Gks)GR^)5vD?ZaoQs+#;Fc#YOucBWpaR#FM&Yl2mI*Q+NH&F}
zSd_bf(-pBcg0R9Ey21(|r7N+`LEUwMc;I9L)^Lg5*4XY%8F)g;7;3)jrBs4ddC0=#
z^7c3)ng=;`ORI%wD#AC6pU&`mmgT}GEsQO!qU;Bjl{N*~!H(Pj=V>u&I1l1e!m_us
zJhE{#H~(^31waX2_Xsc*W#vzt&Y1P8>1iI@wKBt&+(B)`HiEFF+hWERjVm?5rv%`|
z<Yt2jyT)QurN#_ErkPp=(2gvA{H(&4>)lk0-KbB4*xvTv1F3`qW@2kw3crjRpv(mq
z17zV}JLOToy|Qh9|Aink)6;t2sSZN$#Pb_>XpzUz-k|Hip$vWNM{`Uf@O{IMg0hac
z8bbzW0!UH5XT}raB=7p&OQangbAcM;Q>sw|R-HGLTS%27Zl<~Uwzo=cbR^R>%Fyt=
z2I>nNefQ<nHP7ui3@F16<}M#ny^^!k_HC5u-pu{B_b2`Z_)iC|rltp2R(6cbjQ<VR
z)2`<WTW8@3econiB2)dPD`nB_(xm}WGYr6|!1k8fR$eM;ng}GWHdD@1qibFe3^wmL
zR8Z;)+t;db2q2J0C=F9aP%>Q^JZ%=2B;tiP1aq7kaD7DlRA)w@_jCBFDZYKhFs$-?
zw#)E%SyYwN?mqt4^OlU3rxgZ=(^3hT8BGnu7Q$QzB~4_J43@d)%~JCi9Ksr}DFZP6
zcYS21En03Cf5<suAHTFvGHkBZ&DgtH0*18)<Lf=NN?+p)OeR#<T0G}!_;y_ikDskq
z4kDTq0fTyG^v9gj;vzGPu;qJ30i!uW?G1Zu#$`~XOlp>0ZjKfWZhfZH{Azq2WWQ~A
zl<iuP0&&-5`I+SNUj?PG;5Xt<<16lzTqg4zaDjYbS4I4$v*X6#EQ^d&wKih#?5rz1
zHIr9hP45e{nM|`1WepOI%Jn3!IJ*Y>?(fU>;2JIkBHYx2rZZ(IW-|W5%A``ZJTb@N
z`7x$H!=y@MQH?OAk-S^+=D7o7^gJQApxBqgcpfsiQs^OiThKn}U|=}@03RKb(>Bx-
z+iv3i$wBTJxn~vGfkV4z?^R{ACO^5}W$VoFV2_gUVf_D<^eEo>vi`Q_YmV`7pAli1
zK+PQrfkqKb!{boD_o7ITm+1}|<i)_-@wsc7r_-Ug>qY}E;jvi>#1vvfQ({`9oBi-?
zUrpa$Z;HcI6TJEKiAUNX!zf}k{<*G63h>sIthFrd6fH0}fP|0*hTUFpIv-f+><m91
zc)X9FR}8S5HU(dq)5Ar&sZpo1*0hmjZysMa@&^sQiuSXd`Fr{9(D57;FRUAk6SI~x
z^~YkM_9Ry<)6%@T7Dux@f}Zw~vhw2=$MAWN2aD$zS&I77(9B)6PMCCXMG5FO3+yh(
zx<D86J}Hm}<u%iTeZqu=--pbCXkPVo*rJ@<IPZPOgs4g6T*xQeJ9oR9TG9jOgw&f{
zo9r_L*Y?I-m~*{b1hyQ`X?8siG1<YG$l@P-qZ9<YZPM3cI#Q>D2;-~xjaZJ<rz3Ly
z!awP0*XNhHX~8XvMaKCF!A~~TOF>F*w9#F5%)uArk4DYY(q*lOwdb^NIvVinftfyA
zWyL+~-#{{mI#FfT>v_n$>p5kAI~(c+H-#Q=ayDP;mot-=DBIxyn-I^V-%l6WG9;qY
zJ3O&mCRe5@AJ7ePdlAQ+ZV0w6Zxb{J(EIH%nKwlfXXJ{_%RWp560Kz=tvz5Nf)ACH
z>^BZ1K?*v!yz|>>r>+kOANf$LE*o~l<Q-SM424O@zZEL~)1PNlmwmJ;^IG!$+)J@U
zCM*40>^JyXpPr&I$Yqx(a%c&R#AW>GU<=yWzf}M7r}walJ<A<U6{*}7@&x49v#k{S
z2M^w)Cky}7s`cOU$=JTZ$@u{IrYHENA@R8Ud|SJ=j^1Q&y1|jNN%k27K&G&e4q|!C
zbMlIej0u*EbwY%90_oXMF+pwsX=~QMA~=_9qxgfHdohld_0H#Ia$=r*VX|1!e1myR
zuwl(j;<9<jz6Q<Guoy~NT@^tlouHx$8IABjRD3fEBy<X+K>D{SQw9Z0gi*AtM~l7N
z<ky$4LE3OSsPSn<u<2IgVncymRhU`thG=scO<i6_fX|u(4@W>7znMD0BnBho@_rGh
znpIsd)nX~@BDuNDwl#I$JyGow&?Z*t;PLW%KlSJT(gHZw7@<lW=S>_GVw`HvA)Y35
z&kn+ZC=2~l*Ym!4DmOTeU()&f)qrp?k`lK3PU&U<>p9Sgg9KsBd-um<ofa@E0(fB)
zxIF36%RU0gu#L7FH%?8kpdeJnXph~v;{JPpFf4BcdJct$Ift~QPd}{+U4X!`-4b3k
zKA7WWV=I9DvXPN*-wtwb#HgsrWP->Y*hB`8)4O?2Wh*DRS&Dl2{^Y@k1djeb(?(e`
z|5cDCN=!fw-FL6W@kU)n4Ih-*2A-YH$;q)B+et(3cG@8R4|{JJR%N%f4KJmnK|#7j
zk(6#wKtQ@X1Vp;KOF%(Fk?!v9Mp}?&(J7saT6BDqd++=Co_+7*`}h5O-*p@w@MC##
z%{j*$bByym=NOB`Km)F>H!`bmditA)*j83pnI9Y=pr<vs)!G;x=h|M?Diz(=uriT|
zVLa<{V^*L(ckM(mQL5g9XDur&J*n>lgP-4khMVp;(Hl)ZRDZd;G==afuQ9ok_e0p#
zDVLWhTdl?@L+gE#lOv@9L-a)aS+zY!{!+9QI5>*3e6e-5uLDa&KST`Pr2ol~nyZq@
ztw{)Y6$prp`o1LQTVqb^1x4siO6k+Xd6jBs2SF~l+gNa&C<^u~&qucdO@ReE&0h+j
zW+moM35hf0tlOu%UM6?PYjbWv?n6Sn)35eQpB10GMH44Y%ISKXK-&y5oo<#C&F5Ph
zOX}PuPaW@+)?atOpddz3rQJ$twC1dKn@v7rXfcuppw+t}fwS-3bN02{T;@^D`^VG!
z2?vn?W0T?BspXKJ_o&H{B{ud+{{B4!poTJM^6omyscvtM2^c5t)>%fmkDq>=)QmE+
z-2k>i%(*V7TCyOvQN5ipvDe5@BCZUMB?M7H&|R<Aq~$%G#X^I{>6zm+wlL8tz&VCj
z&RX6kqGQ6r6-*g<`rMrCdl;_pU8vl)%fKs4VlFKLedjRqaf^H;^jN~}Q`n@$2B%fh
z&RH&<A%p6;G<ynHw9nCnx>nP8Q;LfjyL~5R$LZF%%2@TLeSH;2&&=9Aq9QX7vjI1%
zxuc;&xci5lprnyq=B3`<%FA;H=Be^yd0qA;WYwY>$pJ0>w4jY@^|6>_S>=Y=Jubns
z@s1!i{kda<^mO;t<ty16t*TWN)x1%KYLXhYo|4%7H)GE9`t>afUOqMX`<NXl9-Oni
z)6Zp7%;^)4HW4n!&w53lVEhdEijkY*cKUnCDNQe;6tubOP@cRu;osbgP_HKx(39AY
z+dZjj+tXVt9@WlXF{x@rY~wDC^9fh*+JeQbVslQ@?DKFz=t0vd=z$p<zCqZw58Q0A
zR)SCIhA{vwRV&{xBu^HE{^37WfzAv-t0nZu-nW3#=~cND46IfJUHmpprfAg9pFJzk
z-H=wvR%5S*+2=EFE~q<^R4Y!BdsSOq$-Rq*?cJ0RedMuL3}3?q;lRo7Ds`27EhA3T
z8M#9;j{>y-wFa|Y*D)DpY?&r$Dk_tYnuH!Zf(1&2@%OfQ^<2n2Z^yY&utnYVl7CR!
zuL1jx+vgjf%TDIhb{LepCGmb7-jf*Y*U5CoL1+Sjn18u-Ul?gQz89WgmKJTGvzakH
z7`RkI^Kb|5UGi1b1vy1K{cL5kWi&lrz5Y8PS1Y=>yywZPIf{pZaT-g;NbS_B={q>Q
z)cpk7sgJpt#`4LK65ntMBPAN)y`kad)od;$-L%`AG-GKhFjqC?JPKkTi=VZm+McMc
zTp!T?p&OGB6SD(xmy!yRbBmi<v$Tsg;xvr2OLK&lT0nCbDI?&qcjuw^Q`LIgM0X{6
zQDdc*FWShZRe$+A>Jn6l<R-2CFny#m*+}ltKfmn_l0h}TsLT6+tHu)U9rTI9M=Sq!
z5?j3?7;$#mnwVX0ao|d(ygd43`Gx-G;med%^Tw+diSdlL4jol>VI-U!(EiKYby7xK
zzT^vU812@;WKRDw&yzie#`*gY+v>WbiK}94Yuq=T+v0Yz5?U^*{VqO$71qQmy4R?a
z0INsa_HhvAlKtj+Fl;dIe$^}_9NStQYGYitko6lrAn11e%WT`p3|n-173GC#B!NXb
zK``iJm<K3>po+QzJ3X?-qn^3D&;4c~Fl_kPhKaPT{q797nuf!5yPP8g6s!W>T<NN_
zA<Q6)77y-YUo}P8#iXA1#L17#C-Smm4r6+U8h3*p<m20m6WdUN)L+aX`F4jTt2>&d
zS{w`N$3z!SZi2HcD7UfE(Ymy^_p`v27hKf~b2c>A(<aWCR-rVP=iUR#dMrb!YaIaW
zC+m4&H_va7bh>+?UAtgcT4OzHR#59SD+iExc+Qo>l9T$@nG;Df-{k$_%Rbcnfqt>f
zt}>x!H-l+Mo$zC4-O2ZTdgbR@Kz@y3I{Vh{-H>%qWZDm2X~kG;FM&bCDub1e_gey#
za01tm<hFq?3%UWxbs=bkQD72*Ui~K)O6+lk7{R{gDYRh$El?GW+81VT6al143{!&H
zzzjRP(+AA&FH(i9%sUd#Li`WTyf&R1oz9x0;Da6%iKkwzo`EGqJW9vw#AldIx7!ZX
zI)5pqU%zu=d?xmtebL?R3;D?8%6I>K;Tz`3*7~861n14qa<>(F#(YGvL{%C^A!Os)
zcfZdmV`-Wl<`T}1V(E0zo?zvTJC*I?u7woKcj0110woA}lANsSSd6Yf5JH8(!LZ8M
zSO}9A-YqJ-yq^2=%MQmXGqbG*zSK8A?^9!g@E3cRI?m+=jf&x0=fdZ`4m_0o-?N1Y
zXLlUlrNA9db8YT^{uS_I@3MeR5SHN7%SjqZyYZyfxltAb#d>F;=1E_)Dojrh(-_ur
zSKedWHVsImB&sm=+!{B*w2TA+Gk>#pNC1*;QO9H+eo{pX6~&%2qWAFJJ|^F>29WF>
zxxfdy#ySb^)FJ|1LZ7{x9+js=<WGH5elP<tIHkw-bqrwME)Dm&gDQ?#TW$g}b?Pg&
zV~w<qfi<r4eU4pQnRci$J603bys9Zi7l`TtU=)`nD9j_sG2+Scfrw+te2fhpTPEfE
zjZ>Pwyj>i8K|%-><wN|%=~clbkDj1A{EQH*w*pwy-dy#p!urb}>%V|!hV%HQ(o#_=
zQh1)kr-MGN+v|!Q_Pp)FRs_(m8v~VwC#}|>?#EjZ<9x8XuD!1`FK)%**f}K-I}(4|
zZjlqI(8$H)kgwbH(2hdSbDER9<AJ8yb(56G8Ieh2zJ94(%Y9cIAS`U>SL$SSl%BQ?
zJZm0aX~`OT>c+^ObjLn~ovXUJsQXl6M5tBB(ggW|kMvB1$P1UEBezB*OcV{83~8&s
z*l29I6d5HE5yKQG;J9Vvmq1@ey4ab(F~**g6X8;wJ?P94#ZZdTl+fMvF~)3qdiRTI
zEDBx#D}MRX?GO`o<V|_o@P?+jL>q^9ayKUH^sv}#;ua~HKdz5Fm5*t0<yO#D5@m?E
z%$a9b2$MN!u_?cM(b}8ucBChD<dm$@(>dieDmtbrK!7leJ<j$fQycI4;BlI~IYu?J
zR^CLA<IXJ(6ax`a)JLl(H<#C`oqESRu%NxNVTF#W<+sp!BYx$FXXW_|#RFb<Sv|7G
zf*y_x!xxKgFr%^YMNyQE+o}V>6&p@Vo7t8z+f>9$__>zS=t~g2@V?(zgl~{{fcj9J
z0_wjF?x9rejq(?{@i}f5f8IjUd1jdl>UdTh&q3#6RwjJVAC@`xv3%02ADlJ|<18D4
zFLBP6Z7e3&v|pGkt?f=r{}tW&!f2l!8vV|*V2OrWr{D-0ExyUVZTi`PEB-?5x}+*#
z-7YQiv#sjxVzZ<d4J8iY3+|hxvB=j3?GIS9LHb$V2?<#O#R@_9b<0!du8_C-rE8Y>
z_C@U0wbPC+;cuwq=~Z8yX6hx+1nqS`d4VaP;@q4TrFNZkMe;86IE<o*MZcVFQAjeL
zLTQ7uOdAhm{C&N)eINOc6RX|f1wt0BUb9?5dmyZ^CS;u|H0qD$ZlQACAD-YS6gBwt
z>C@(2%Xu5eRGIY+MZ#fU;#=$1XLUw%gkxiOHZ9R-coHlv*FpP@S6m%-wc+)O_k@d`
zBdh$tkcA;Vf22`Rz}%`6_BzK+*JN{vN6EQSKbNv50A6L-CGpfeo9u3w!CsaZx*07r
z^0_w421E`9tgsl3HS>2cg-=eRIM&cY_}8z))$01`LmQq}dFlXwf)*PkC9jr~R+jwu
zG`S+p(j>s1wsCg_YsH*ZM0(V>_G0V9_wX0b=+}!D$*Rp&Sq`l>a?}Qha~45U;aj=#
z6!zRqiHLlW-|?J7hDJumdAgob+g^1hL;9nEx)rsV)HI%>%zv%i!LFF(NQ!DW>5`k8
ziG@ZUeG~656}<^j-Ozalsr1pben;2S+Q9wUR<4u|tRGQ{Y$kW%*26-n32qFoJZWDI
z8?e696v=!WOpN{WmnK00kvF#tUUn^=9{utOQ*ehh-45X1`CRDF!}Q9(v%WgGf{{2*
zYmRL!x?K&pZ$Y^Q2jzwfj2)bIhbI(H2LxafQo^3S#~eQcRkNjxp(U!y&_Y$kwZ8HS
ztx%Tu3F@9AbfEDgPjFRdu0EcqSi2BHedPISM>To~SBNJ$p@5-;TxqpNI^-J-GEogX
zTax?UfTkOH6o|(4CySJ?YD_*x<|#HO5Od{ioN3|{kC$4|&$cc$?Y@=+IgZyQW?!w|
zEB-x$V%t#cMFg!?*LEIWUfS4%6x!!0uP|0Q%{5peW>N(CoD#$rUX9~8*TYima(vs2
zuorEn<UoekbkUvPDb)_x=o|7F7@Zt&`XEM80ZXL9SyG`@Bhacb<gz<u*FotW-Phug
z(a1A<nx%Z@s;sFe&2=FX&o*MN(V9}A7N%THA1&L;fRLTF5S*WX!E*I4Qq6OtPS#$F
z3C*tlxHL($6Q6)St0|Yt=a*J_Qak<AJqH|#Xes)!=4LrYrn#}rD-qO3h)Rm04+BwA
zRO)QYcGE`!`BJ&B!NK?FQQ9Z-*p>Xs3`u!uZcE{lO=S?}MC`t}79qp3(!Hzfp666_
zXiZ@OwyO{<>hhJO7<I*lowRYIw0Wj>NEm@L_GA}O#MnxSTuiD|IZgVL(Pz$=rZ&%>
zuQ%%ia$o9>Xg3d`Iej2v-F6;RBFI+t+=&S(RvA%PcW#6a#8RwzSng@9r%uvf&lkSw
z_}$Nnms_CvN5&Xbo<6dmP~f@85-cg?CFzC_?>kQG%*FdnnyVJ#)nUJT5mmJtoI1Xe
zQ8H}|09V#ey1UMa%!8~0=f7(QDlNf|QBF`P!pTe&$5d}^X;!He=j=!;5+)V$>@36b
zywJJLEX}IkdsnEoo;&B&-1IuC8<X>NeR+GKxX{puA^u@BEz;S)vew9Fxr|a}l7aC7
zeCC~NLNIwby8sUYddelWbqmq=$#W+Gj1xF-q3ptSQL+9(2qM(|FLQR<{$Qe5>J%wA
zP5@D!2@R$1<1JTzHwCv}6>Czw$y!S_E!W$i`Wr~5osOAYw!pb>9E_NeK@A@yVcAaR
zW<xP{ki%wtmv3gaJzePIH>8gPtY}EaODq6I@5wOswS&-F><>q&#k+F{zu9*@-a6o<
zQqF2o`TVk!TQB(|{hj^30Fy>tmZVkevnYzD9+i)^v*SNI#_|^GK+FJW-Flsp4Ces`
z5RK4lPw-^RnQJ9*-Ih<YY)Fg%4v(ltp5UOFi<fu0jEs1jPDS{+oV!S&x~B<U;?Yz<
zgY#0@_blz6@b5Q8@NS??P2jr0SLUZ(ga2?$=C7Xox{*tWJdE&ji=#!}?UGFA@$Bg{
zzL~mff0o4ni3rl1D_C=8=Wm=yiha?){7>W>&{3fc`VUaz%%sQfR(sY~*;`W&+Wf7#
z@(XvkJWQ8c-Rtbm{=VuYnbx-KyGf|pVEReNeqFyl@|x&hwtNJtpjxn-+y~)8W_QQD
z`a36EDqg@bj0wpHph!fJO)f1P-800gNsCe4pwRPA?$mr8-XVGJ1|8;PAukZ>KHoY&
zMC3G^E1SBkFq*UmdtKP$%2mW4+^1Ex-01J;*7y2=CQT}2uaen4M-+LB7YvSLr!Ac-
zCwu#fSu0{e`#e35W5Lv##Kc;?MC%5Z+jFB({lTz|+15K>`X05ug>YVr8+)716sMve
zZV^wrK_E~C63LD$`G`<v1r5_Yx!fG{-2oa5I02(p!FUzNzvlG=P=<(bV^9ECtg6Z}
zna@cI6b)2~uB$V|Ebi*+BCd%b7t{ltzCWzw6!Tp*npbP7=EyjH``8E~3@E_J(~liw
zrc=B2oEbQoWM9ZXf600%)`mc#S%>{Em@tNhD_`+J#24bxMvcoq?{*^>W{%swJ|v5>
ze0lyIl}>0O2=P8{w!a{&c&o19K5A#2#8ZT$t#OO;)VCGX9};UqqWwO$r6Lt_`0|v?
z%CmO&^}Pm#)v6%<_a0YEJOBhio9&K-lisNN;E_T7X1(%w<DM#uVZQFe!{Tukc$4aR
z8||*^oox7rIL~}<9b5{}yoXe_wz_JA_JhK@&6XL~;w~5T_Y-X!6S!D!r<a@?p=Ske
zygk?!DE0|mD$P*8oSa}}=Vaq=rY2bv@sG0H2$z}}!5gv~^REYL7tZ=G6dko|t+*{E
zB;Kwmja9~x%5&V+UzLiSt(CtVBC07?D+J|%8Ue}1hQTE@8h|Z(I3@nhU66KU_1zPh
zWk~I8F+lEj{C+8`RC-Hyso50qh0Wx>_2h1b4+eM5qyo_!#;ngxbFE6%-mh)wy6~!Y
zjj37|mtY_Q2r;WZOxw@99`oGeCU%?&1po*Ete3KOjrCAA?cE=te|dM!@ELS2QnNzc
zw+3X|c*-`v`%W!cw6p!0{B7AjQB8bb2b(}@Ci+T4PqF>M_YV>DEZQo(yzFvUS*=R%
zft->3Q5qt@<N0TEs6b_ndo4QO_Ld2H%u?R~u!3(lKP&s!l<s!KH?P(hfKPN%1yVg>
zE*sU+U(ZsL`bmr=A`}3uo4z}LX0ikF(GzWo!59Z$8b%Hk)xz$rRG(Y8Hbnx5b>0=M
zzC-1<Q+cc!#Q&}E4hr#bLc=NN#`%KDXDw~=NhOzN>C3-%0GLTMVZ*`<Yc)#wb93-5
zGvTId&QOrW(`0W3lbB;EVb?0SqhuReXujCub0j!1cJw%r%ZkZSAK(mGD?Lvz#_}Ra
zg(UY@v`MzD7Alw~e=hv-7ThB0_EifE3DkVUWD9`(xw7QQ$h`g%LYzpyHNa!ZF2eTs
zJ&(!tldLw@&)_7o#<3@xIcvhVN_nT|fJa9|v7D;YY`(%g*;#xUsQ7(B{Vy-{`aSJa
zTfW;(gIEv7As$;X6c+9XlBB&d&Iq%mVrNe6^AO9muc`bRjA~t2+r>T~J(rv)o>(Fx
zN@dJ_d`xG~LmApEv;H-k=pE|Yly{U0Ks8H*sNjE}8<ouiz~Nq56+5#4D3u_C%lS{8
zPwsK)ccY6QXJ%^!i`Td5SJAQhAE)%-J2Sq42o-~=V@2HhN3$2eCR=WgM2~;K6Kgiz
zuy?{@KOPoq({uG;V3KfIGmkrtv+H?xsBpQBeiAuj5(co_<x!=JYN@r=SPKfdd&blt
z`l5FEk-GBqvApm)v|L_5V8pSs<aY0j8om)74<oGUk7lsY3R)R?kum^32h$5+wpW(w
zg^xE>XKCLYf0V^1CkGMS=*^L@ppy{19Od^S4Enaw`+CILT42DJ<0$B7j;3J~=QgsD
zFC##Y0GP^jxD3f(Z7%&+UeLy?=o=x<XxxE6(HPp}^~)g!ub8I9k?d+6C8Cl31jZcN
zarI!)NWfp$a4qRwoBFaZ<0)JD{Uk>IB|Uzar5JFHaw&*;+jQI=s+UT$QPn=ZVQnhl
z0$hw%#ga58v2FGCM1FQ;Bu?qjG6PV3ys~7u+u9J=Nu8`Jx2$Q0vv05=r`!YF12gcT
zic>4?LI6kUC1=XSn+663JuUG0escPoK;>o6lX`IEHe46{479GyO1NGU%&FKwBl16Y
zJtZAeLI8H8w&|DO<Op;2bGEvXop02AKLemFdoKWRq^3RzTp18-HQsT)@i>S~-~B^Q
zuzo3&KnpexVBoFj_?_rAkJnk~T_uLtyt;SXm^1BnUHt(+60>s)rk&rJ*kmnFi&G9-
zs6J4w3u+edrVf6eCqKV4ud6fR?r=8O(rS@+thI(VDQuXJ@xjcN0AcAg&#6w-_x-!v
zR@6`{8o+6)SFciKyy9)oiZ94PNi^fj`Dx}J*gU8mvpOyQ;lrnbr)*`0<r;YEyfq3v
z?n<M7TmKSiwdPUjNoucO?62)*2aej=>?{_CJDFkaVBxDlBR5I0I{MSr-W})L@+%)k
z)CK->yZrB`*Zao+X()<(9mG)G=7sL~S7I&vt6uNgcPETuhTB?Y@x<>iC@hiF=cl2l
z=GgPFlVj|~go$jy+2Nm)_dINs(XqMJVpSgp<#ESR>Y8&Srm>Y)?QkKBP-b;u%=V_=
z9-p^uE*5Mt$LG{?JO(ao@ynkDKK>+1wc7kpfYyCi!{4A01oib3djO&HYTdk(k)K#w
zU-}skw3nAB$!X*KvEh$GaK}p9T_j0&g17Zu;?)=NuwJi7p&F&PUV<B<H_Z;ow--Cu
zV;mC;oAZUaB@Go3`JUsO{Lzt-8cU~A72t>;Qy%&C>(}MSg?5qJ`uFLqZ?<fwINeu=
zMQUU3iLd*pr}L`Y;^&>vSZr!@VQ=pv<z@i1Y|r@7gnA0$=^4N-0Q1d#kFQwiH0l6V
zf}4Q+JYRK{amSE7&u-9B;|qajx$F^UO-)OVd~oR9K)=)7j!jFV4N2F9yV_mNV3`%@
zW^)z5Er9$RX!%CEIs2g?_`Nutrr@%gF`NR@f_r}+;nX1_TD_Dg4^8)K>bbdyzk}!A
z(}623fHyQfZb+3`guRrP$9A24%Xt~o_#-C9nl6!NSq`wFo+Uj3*Tc;-SBtPgz==ld
z-fpC{Vt^1lKiXpRUO#b99p~g<I8?g8yp^Y|j3kI^_^TpVlx!=W{l8m%*Xnf}dB*00
zW`TXan;YW#C+I@Q)^b~S<Z7cc1LS9_r0(@iWPCU5KYU-mb1|H!Ceu7^83GW`uCbwU
z1f6zT<m>jJw-2xZ!@NXcEULf*2-gEYCtx>Ku0KfujrYa<Y&-pYf+;#7CZ{26W^+7$
zb=N(!JA88A$^w%DkK1ZgQk%PEd=%ybuvG8Kb*5RBTxZ#8>uHf@5BMt#t!}k~yjne<
zHysiSF}lutoT{xQnz1{<V@m7qBj&B6=B<^%`B$KlU&K|cZTfqlquQ;X3%==8ZHBg-
zF;!s|yu39A*yo+YVAy0wgm9Fg<Rb9xf&i|Yls`0?uCoixw*&|?{35AdN_JrQAbs*B
zU^`1&gru=$gxHy`{SZ*#pc>vzH?Bzzcg?iO$sBvcR*quF$uUc-IkaH$N6fd9j{^zY
z-^mHKn{vV`1JFTTS!MFnEP0{S9eA5J&`B@2jU6-MvdH=<fqxa0Eb~i1Vlm=D@tgVN
zuxmNojyn<A{T7yZ@z&g-PkGGASbya^zERIy-sFNO%g~BBv?yJ;w)n7a$e@;io}O*d
z0l-7b^DNDMc#OXypytq&y}+wL9{ZDItqM!G7I@1|tNg0t(;|I%LMMTFe(-CCUBOm+
zsEyX`3d^?po1Wc@g9BTpq_cW}(P_07-Kx&k!jwR&3(Z#caN3!f=7{<Qk{r&f(0U;^
zvMBPD0*lg?cDx`d`Jv$xqS7@FPrH^BY@tgTAesJUtIxq-`o-B&uef&cMnSvAQoZq<
z>t4^qX{k`F@$rzZh$1G@Bu}&AKpNioF^<b>P-jJujZI|5nxxpS_A3XIgaQtbdWI7G
z9!aR)fgiIJ!dF6~3)FLC_*}N~q&@ULpdEnSx?LS#`EUUgaso0-lbq(PcV~;nbgi)c
z+3`{v7ADQh%oy)h9YF8jE4f8c^b>EmzXMum1$(h{I@SBWmbF<|h$`SjTX(tcGq%0S
zO3wGaveT{F7GQ3_oGs?>l(vlS9Hc$FY3LR(zKctg$g`f;(yCp?o`2<-c5hou+O<I9
z-Y-xU+4}vo<zKf4AJTN0D~3QbY-9O{+;L;|DJ`lthBD*_m@ao8Xoe5!=HyMt%C4oC
z<E!L&XeVnl(5F5v;=}!Ov+?Q?sY`=PKLn41G_p(Yxr6xN$*S0Nk=sy_m*>1l_O52C
z37HQSC8SlO-aU-Dd5VWq8l>StxpyGRZx(b20#ccmjl1LdALd!TGxXfHh&mvl9R}*9
z(hY@^wDZRTHbCEe59a23j;_AE+@EDZgM(brEDO`ZTVd>J@=?;mMoK-O6<yuA6%o<t
zz1oHQ%<#w97ML_vulM`*^-aW%mzT4F?&jMcI?~>#sAO3aS|_2t2b&ANO#&m#Nod))
zl>mxfl(7noFyaaI%pkZ^$AO<)%2jRk4mw90-(}8nJ+ti60LPZwm(W6$td-D?UR+Tb
zW91a@bV)1g#d2v7vH%^DYDK>}5G4g+Zkt_&>$;KV3z)3;hR%YnI4tYtyT$8kkDFAd
zQf;z5a|#9xtF_PtB(=XIJKd!=UxgP|T&_TF>qF5$_aWmuP%Vi)IODonTOi*5mY@}%
zp!Kn2JSo4vg3V!-j#Hw3w1}hjk2u=A-p$`y0Ndp@B(%PDy}GkAltWvJ{iTOzXuTUZ
zQeK1XgAV%+Ltgu1f{PAv)~g%rpocIDkDX(yX`I~`F@L}lgBF3`bUi)&H*b^m6-S0_
znOCW|kwOCM0onWEw0Sb2)MVzjn?{pujA?RZ6wUMStG1<E;xJ_TYCiq3QVkI)b9(Ff
za9@{bsdheYbpp~m50=r<(ex416L*_J74v4NdR)S#h&G6i=XuNFPJDsVTK=sDJM3Dc
z%9YmLaqqLaw@?N=elayu0*lps7hXp4`KI*H=gj8n5PHobHrZ-$^IGgvs)Ux7c*N!I
zPn>ljif7NCFT2Sw>Lew9a<Z?-*qg0+b5&#Y$q9PxIoxW)a$V)79qvY~6t~YH_OFkM
zZOSiNx>7bW%B5GYeH;xSl0HvE$9<S4%Px<GUz$G03>tsk!!zW)=YWATEGg59MXz;4
zOd9zsiPEnfj}&4X^1%IVPz14wT0nSuij8*7p4eX6)4C^iLv6U-f^NitPp$Y?4sh*Y
ze~L+3pCF;+shBhBUkG~Zw4#E#dfnwd^2<lj3Id-!KYv2(=m@W?Z%7kuyjv>}$hp3l
zR19cd$x?cWhgMI=^Ez|n{lr|?xxJqo=C23};jSDe-n+cim>4W<7dx5;@ys^?IW|V8
zO<ncd_$4EzW!4>P*QH)VI%MjNIo_QMJM?sESab6_Z+G^^=KAfJZ5@g<8x?KltA<{z
z^XrR(Mmb@8aIG~49$!WV;na(`DT0GS=p*5h#SCuz(3dD!w_p0a{py_fsVCPsjmMte
zye@e;*2;0^YSEHXy~AzPGq^a=$08*3AWXZegCdxbU@eJ)tnrldJee`J|K#C={RI!-
z8NY#J4)ekK$WUI`r>}h4h1Tpzd`7N#QR>OH*&OBzSPW{#zf|Y>Pd0>2X9_Z3C3)-U
z2n2<Z7S^WjOG-3gkzb-aZO03%FXUm{x42kT&v+tj;n!TD;r{D`|J8)|L|Bmv9-JYf
z88G|UN6>Jj!gO@pwdG7dV0PEys(r9A<JXEZuWOry=tq4v{htrwWn{S(ru-2g$d8(8
z#?7PYik0%e?xHri9=20&a6pv>n3>53v|QQ(ByTRP{k~E}TwxM_ak<1~uM=cD!hJ|w
z)jby|eMotfzA)DkuR_lW>PCh8i7p1~7mK&s{)*3$ArG#xX?>YRA>@hCs)fnwv@Y;9
zkq6TYxg}U`{wn<<F<F5jjkk$@QoLTO`e5Z!)?L`#WoK0Hhum;HF%^q=_$^`TP+aH_
zl@5pKJgC|E#uTc`nT>yGOi^b8TsyMhxaB!5k?<Xg(F>!l0#0O-9Zq6QtZO^OXio%N
zq0R$L^N~N%k4%S&O$K$_K#j4m+ct`uUEUhYS+JOI2>A^{@?*74SJx{I--#k4nedkq
z!+cJ@ygkyZF~{7W_o399EGpm9OW++buU5z(cRl<=JDAey3kr*N6ov@%Iqns@l&HVl
zo^~i)OHMFPZit-T;ck5_JLhn86;Hu^=+Fc$dBLpP5){j_g5kaX<VlpR;4bndmM8X4
z1aS>ZF?`*d%M-lpQXR|zWt^~Ty`e^!*QW=f;wx+YJOQ)NZ4OeN^B11xTw)sMOhsDF
zYL1Is-AYcKaWCXEai$Jrqr!IOQ^XBMbJ-Pg^`r&BP6I8SwtoyYoi)hLlE(?!uo@ca
z6E>}b$at#3i@<!`DkN{yq~0BK;`i)#p;T4^o9dk}I|kes$eN}c!~$U<-6KXXM)KVF
zPqx`rU=EENX9$}M9<Nda!q{A~iq%5P4zx{Yx5%2tYzX&-KjR^(5_^<De1);@!qREF
z2^kaB3cEm|S;f*rZH;pCuzHqhI%yv)CU}e1j-LF#U5%lg(pd2}?Nv2*on9f7(k|E-
z0THrv5iT5NeM~shwOam*jjOZ;>%%GSvVq@{uS}3XBASsc1R_Z)=%pWO_o`|uh~#Vj
z!AtFlC$hv)iFYU{VnUvuGJE6_t`BDj)d@@x$BV;2`#)+bR#cb$xdFRJa1U;lN5|I>
zUq`qE#c}%ZLayDG)De--(YKDNVh=vf?$<Nd@?Lv3E3(i*jQd<EfmK`2Hw3V6oNS;C
zG6jl+xB2oNzz>7O9+C<=vrW>lLx^Zd5XbW|O-v-}czBoh10;1?><2ys(Bd|`$6WuO
z#4ZTsb26u5+<hJn+89OqLUfJ$-KkIh*o`#I%~i^lckd|9Or@Dc1?6eiJ~d3~q2|~{
z9!$dg1*M}$`k9`EK#Yjgw%Gbyg&rT2MhkV=U|DZCtaj+BnJRP6Hcig-z&FsOkEW(;
zqX-YrUS3jom_FHo`_#Lz?bsU%8WetU_j59^DC~q<7}R5x(JOZ&gb^eDoNZ*&>uhQ(
z=6A9Cvl=fTC}FHVFoYsYJRuq)6<Ai5_^94>x&U5F`9DWOm*O-UXue#|8neZipq{)k
zzDa6ves{Bm-`{4`Lme=y6t3TS%!)oBBwsatJ;*Jzv)<Msj^7N|Dn_2<^ZZ<8+CetH
zKihX0mRLN!QI7m#<Lk=+iiPF}sF37Vy$4q7K6L7=Mj-?KCHnQzM5OOmHq8#3pmvH1
zFS@91kMslCcp&e6A^7a&@;0brgr?P6JZ`RuUc0w~+9P=ef>h0(YiDtM4k=yzl44?Q
zF_?=P$%6u$Lq>**T`YMJX|bHu@z44i$Iq$%^>LrakAe7ge=#Gx{B5h9QlaNW_wWY8
zT3XQg!M4S^{F}H$$b(?tZQDl$2DaLBhoO=U&SOh8k&n?V9k>K0uM68De%E#fW{}Ak
zgrb<cs8*l1N5xMfO_hqA!>=PZn$SmfXlQAXoSmH^Z0oROj%86sjVghj6)i3se`Gkq
z+a1trB9$cZ^XH=>u)GVm`W7P%KrixC!R+(jAG%g*%PiNI2vQ`bt@45-A>)<lrA;!Z
zROynBeyzEU(bky{twS@Im%Gg*qfc$E$2<PG2@BScd|~-cWrzMSV@M?9*WG4nO!qss
zJdJwCiv+rx>8$dphC}}I3u5wjY3(Fy<?c}Rsd_8HtkI$f>GLq{K<9HqP=CYv^yF8D
zM~PH+_hf%7Q`_TzA0)WAirxZhl80uz+PjWFXzD-L$SqVWE`@UM+Rdw}4Zo#A|J-;)
zU?{g=W||@&u_w}ANf1eInXdTbQ(rS`)u=z2RXa{lokBUA+qNa?Of7=F+r&WQ-mDEM
z*l9z}%S&W;h$<;5DfZ>@DV^%*gVWPfcel>Yme>8Y4K00!PjK-`*y1s~0=g6vTlWM%
zpEw=|Bh&nQEvYlwC78aww=qKs=j$Eel?z-))#~L4^n8Beh?+9nSGMr>i)mLOaeJy>
zbRC1w8|tWzeD7G#4frZdKN2qr5}$!MN)`OnS55CB{aH@gm&;m(uxAQlMvkA4*4w)n
zHpiPOIEcd*xcK?`UF#atrPe|YPHedeNo`@b2pm?>2f&q<X4Hv^bq)5ch<9|0Q)!)D
zd}Tq;<M_9K6BGMjcF2ax#ru*Ks{93=7R^T4I7BRjLeQ$bcP!@TgVOR?0&J?&>s!yY
z!}HQ&$q;Yke4PifHJ|`!Jc81EB7VU)L^N1#c(0UP3STHVqBLp^3a2q|zI}@rZiF=+
zV4HuDh)B_>{{&uPGV+0!*cJlHUFS-VJa~l<C7qpF)bZSZuOWUCT_7TZZgkv^S->OX
zWwVNL$!Ak5S)DR09&<~M54+m?k3Eh_pB-!t%S*Z+;XST@JaZ?G)yu4_R-u4|dhc=3
zFQ&-WM{)|$8y=~MRa-6~`uRC2R5q~m#j>CT>i9`SkgsgRU+FZt;+qWVzE(M@^k;sK
zt609YwTxA2Z~Oo<GL*8iaD#%RL(QhH@S4m(6P;-=Scm?x+mnC4WAk92S{@qYbC{cA
z8!fBsLrOYUvU&Zy<(QbWoPJZYg<N{*Lmq7<KizPtfUu^(FHw~=kfr5$l1Rw##SZ@P
z$J=0gd@l&z?WJ+as2|x9-qhgk4Gs47=T(!D$d}S047I^39}&Vjkt6%kzxA@`5D!bG
z`{6xCrBv+c;JVcCljm-OJowwN?tf-XDk!4j^gf$>Sp0Z=^PCNn_Gow_brRw?D~053
zU;QSe%2b9H{GT0GZpo#E1=u%II3n8Y_u;-h%5SqF4-u;#^NvzVG^h!z`EnF51t6~S
z!bJYZGVXu*plkMcN#Pxm+>gl29clc87p7EW8l|Pj4uKfL4by+>i%b!bBjL>gtppGm
zWK^+T&A`>%2+CR}RLl>2=|qoBY3=h2(8JV_Mc<GRyS>Y*<7617e1QB2=kGPY|EZY%
zjV}6qRMg{O(yC3kQeeXu;?VU}#%ROB(8t`C#!m-g^{{jN5viS-dio_?42-nVeDSot
zAVx;NPH4g#&31-l@viF+zj=s(L-`+bBl1Fu>Zg=CZNU#230q5I`s{TUh1WFS{<ugW
z$??%Ks))Gj5}`f*JXKA~LO$o;-c4R+C)Uu6@_q#|?Ae*@J`&Nhf6O*DeU&wX@%gB7
zP+F&>qfdH}w$^?Q+3?>hu3^*u(0zXMej2pG>vHAO9gDH7P+3fkYc5Kpk?{ZfY2#Ip
z!I;Qp|7MK8S8vpTPby?qiioRWhElaam_k5NPA_FKG!~mCGRrwAOkLIV{q)F-3V+1g
zK(Q#pk*2U;ZjTZF_n@gWL?~q+lG5k5nHXEyl~rMwv2|Pts`i%U6_HKUF%XfyzBqn{
zS7XNd6dSAe2kx_BJgxju`U{gDT*SY9`(HovB;WmzDjOI<_Te=>97M<8er^tdpgtz5
zX_#KB8I@dxD3bU7=`cWesgiwN^xbD&@?qab50$KRO&>2C>ucZtcveW3i9M=X1O2ix
z8yT}XrW~I}ZY=jV>RUdD2B#z?G@IzhP=qF@q^~l@f11TNXVI4+meNcHU$y+xUKG<R
zuJ<sXc_8iEtmYo+KUSNXnoU$ZvW>HF&1UbvEDRSH^w{=6;3_95j%no#KqRDm{U25?
z_5(d6>ofI#FF19E4t>a*hxVas|M`6}m9KQ)sVSiaY2RWiW_UT!xFyH-wV$#4!?JO4
z*S;}cP<?RK818z7o=f;2_DM}mkNjURqJr`2AG7y4j}U|w|9iiH9mDz$%gmUJ6puoN
zL`ptG(s^9*<M)|T=DPqy2-=_G=nqLT@Iq6=|9r%V1!#No0Mh%x^0BAxhnCoQm{pMa
z^y^e7=84jbFR-Wo`_F;zW=kPKde<r*GNWort$V~@EIfU7|Gftf|6^84)5m{21GRzD
z>6X4nX8-G{Zwznf6aF#E6Jn`%At;bud^Abpq!%rDQGL%M?<NUT|GyqfRV*Hm_35j)
zj<)vfLuSl1^>vT9A2`^>;s}zycen0c&wM|@3-kVKg!HV;Pa$b4^t|exxX)wz!EX;f
zH0K6B*ij$p_@@{BhNw`e6p3^85c1x}M!yXyqp8mm_V|z9>td;waefFDMmO}||7#SX
zp<hH2q>$oukWo;${ygQx!a9xoWh|+jk3;YzyE2<H6R~1&;8L~fA1k_9{S0@;&L~yT
z4=h<=7$%8bC=LpW2c4y5+DI1F>2%cB=*P>Y54$f_@&2)sHl0ov6%NWrG{fq$rJ`4p
z4g=$Km__rIXe<2@GE(tU@{#UeROwlGO3REt^Cw!<F({Jmf4GMX5lM#Y%(C*psKOVk
zTwD;}@o^PEW4(^L)#4y}>ZTNrSW{D@Kpze9<%mWrAF4n>!K<Nr0M=TBKI)&tfal`h
zDECd1VP%sB7Mq!Kj+=7=py*pliJ#h)76;W+_s3rl+2Zj4qJtLr&^}OPDhAB29joHq
z9v$gnU%x5&L}`1k!p%R{O|hKPx>I#(Dnsn$iz)sejCIuCQnEg|KI`uK_>~xfcb{Vw
z>A!t|@SpA~1m8}yM2tSL*y|mg)t-S-<|h^AKoxqHx<B|d#InR3X2f|a`I55lM5L4i
zs)%K~yQ!ZLMw0EQ8yMty|6`K#rbdW$ILbqc+TM?~KI;(-fq?gHQ`j>wMgHHrLa{t^
z%#m)yrX(6-*;UPzX?6FOlkPRaj=CSaQrJICMWx8t=G{24o~+tYgTCoRsXuMY@IT!b
znPok#1=uW-qyEhQ*zLHQ6#p3R=g%SkJVbGE@e%&{%>N%93<xz0egCoFK}ZMrzc2Q0
zqxdhE{D01jts?0{Dw^)9&AynofE=9LM&kXVUk3=H=`o~!l=YPTyg7=ND9{RnE*3v2
zW>;MVm*hU#8w(se$w7F$xDY|ZF7CPkXcy6qzeikkDOECm&D(6WHQD_qsga*O&S>le
zuaU_G-3^@=Aj2EU`?fAlzo4uT+dX$4pq{4J;x<30oSK?~Ku+)M5J6AwL8q3WukJRF
z#IYzob#^}U<gsQ0F?@w&i&)@Kxb%yqtt~9bx!Ezxx$T@u#vb4YI!51CrmN7GTXwl<
zG<rL{!5gCnplkVUFurSM69LxE1$MVwoYL@HYWF=%k~!=!5^i64XrH7c=$yOh^fi^E
zIW6?<-{;_mADts(>e|DBWr$V{4QZhYrUET4`1hH%FK8u1UACO~*R=3Cxss6h=tP$a
zRB16K2{gUkk%87GrkgCq1a}|qGV3*j#Mn5o*6k&(p@Sh8LHssNh7_yay(*8x-Rz$z
z<zEEk--G6z`IUqhw>_@pPb?0v*>&rQLp~Psqi%^~?ik#q6pLK;BT1LPA34(5NYuSa
zYdAMrbf!xFo`5!V1U*h>Q8YMQI;H)=xCMcn8(&#}B^1<~dLAuxxati~BE0qn@TlcJ
z=&-t;oHUP{qj15+#iOkY{o=N{3u&}6F|pE8zFW?6tA4G3A>QzPRkXCfr$9_>eHjno
zhfN3aSw|E~`sXGGO;ft(Ua>=W0lD8M%Uyr|_Ggw#$u3X<N0Xo~e=R}wypHa0nRgm=
zP(9<5;DUQ4QhP~K`{#6oBIgwKY}rJ$jH+U#F90Lc+VgDES1?d27jaVr5F3Y;N~y1u
z(cC44+LGC-)AiLP?D<)tO1?kcd~e8^NX8!-Got{n#@bCJ6adIPd-m+9LjM26rN28~
zBGWDMxtOD9XFpb;H?T1YU0q%EXI4sIQ5bz-^8-WzDy8e{l*X<&7q8Tt4QU^v0xIaa
z)>(f|ay{S1a%*^o8BIs?#r*ty+O<ucCuQb_54gYd(~CuiLtxd*cBllIBwjf6nw8Ia
zC$X^NAyM;2N4s^%#Jg;zA1_xP5SY9ek%XWHlA^B<v@N~y8m{;75%3^4QoH3INP4;i
z^9kQ5IdF4aEzOMMxb>n+E>NOkW?nGgSh?{>i)uV0e_bpWAo2~)<H$y!{G*AUDUsW6
zv>O@R^?g+jTAN@m?L=|*^=~-@!m4qav0@k#kUTs*sJxaUXb6SP%u8~q{wHOie}sXP
z=6QTXuRZ*h?&R76O1DY9^e4M8gKEd2;%LV$1LF5WKE?3&`P_hs;Pwrwc&*pTt?lom
zTeFE43YoTL8VQH!ySnmBj1rr<JaWrusjRG=b^6wW18wnKHV8ym-{$w7J)ahb1!Ga6
z-T;Azi_Jafkr?e0%9ZS(`rLxw>5}vw*`-+^^ZoQm?CUQs;l}Jk?>B*806Q|NhXCw_
zpsZTe@FE0ecQ^|5XO2nv{qnK>Xm$^zNV}4Bt+{WxcTs}XggKXhvLfi|K*FPbZkzcx
zws*@&8pMB(GGp#9i`=&^LDKysGSuq)6XnsWc>lWWaH%{CRq=@FaEo;6L&k3{6~=;Z
z1&v+qYV<W?q_PRQovXTrh@N_*>$+pK9Vo7(Ddh*kTZ9(gx;OZN#>;8W@6kD|N60rs
zn6=<K_onG^-D$>QddYPipk+AFAd93+DhNQ&x0$hVN2_LdGtTZPoZDPo!D?8iRP=*$
zjxGH)Fb+XD%HMH?q5%j@`?x(k25C~Fw!KvWjPa2{v7J1TyXa~0m1nok+?P7_*R*Vw
z+pC8eC%LIZ?PGbSRDzC?@Q1`Tds6|Y$pLS7KKigCf#|SmhF71UNgroT4)hlS4-)$k
z78WL=(c&%G1d;xq9RG($l3^O5y^BNFL~08Pgi*7G7$8`W0E)b{Fh7!RMS_TU-mx%<
zbw(lf=OiA-lWz?@t3V|~-~$`cwP#_*n`VgOP`CF_!EcdqbXhRr&m26KO^t~RLCyR)
zVcRI}lanM;BqU<O9^n@01{xOw*gT*E^{>gLHPxpMCh~8cged@M^`=-2z>)Z|r9p<>
zMM$9T4o%PG?bWTQMw25x_&XovZV<su6#u9wnsGqa1O-vm-Pr=VM~P=*`WJ3TFy`xy
z%Qpwd`Di8tFFL!rR!;XG72SFZI`2*Ax(I=NHhx$d*d0dvXs7STVcYN<ueVoww^qU_
zJ)PTR`aP}BFOgg%-oMsWDLO}f1|b&{YR~Rhf8}sWUAf*oR7@sZ`edNc12Cv+#d;Qp
z$E)g-gL{E%+O;$X=ZDHgv*+wW7v~5N-^4=nZ4~H0IrAD6P-Q&syU)NyYedS-@}<UT
zeJa<sM}<j432KbVq1(`F2!w>|=BpD)O-RjMlNsimj_$$a$Vwci2`(f}c4vKaq?m@7
zy8s(duVSDJICS`xOgtaT*}gCiS?b~y5~S&D|22oj0wMIqb7_6szccIET$3A0?qEts
z?P4+aRi#2^14Rr=JUT=nH{0Oyw;NA%N7Au(%YsIODVC+BWn^63CuTtuz)U`xB_oqI
z8ut(#Df5PS7OK7Z@|YIq2}$Viuq`RS9dTi+_KO+)$v;T!iao7dkoU8t9tQ)p!o+h!
z;G}M~ynO%xyJ5Hz)+qT|9;Ze=ne9Pw0=J)3wn*z6nnQu-Pn~wg+rI}^F6(AL#^XZk
z>~3lMLtA(-KNI#*mmyyz#30}*-E1r<PjMdGxZjnMiHQu?1!e^E>xgSTun6dJ+CJdw
z4kJR1mJ0j^+{`?1X`33vH&>@3jd#^ScRrX4wXnIaR3D0tU6xihS1&gGv5p@3SC*X;
zlB)Sj;BQ{S_X2CRxFw?d@V_N}53!hRFI$V%FL&F)s?<|=h5`G8o$Mn+>KreKyJfHE
zHe0~^ili>g<KQes&_~mYFvqUk0-~hB6Mu)xlGDBQSATU?Wo3X*@iw8rD+a=MC6PN`
zK1qT;xauWAXlqyIw*-IXQdRv=d$SmX;S<9i%7Cx{5lx11Xm_4Y{=+|ip5S<|JXP~P
zM!4m<t{t&o%}Pkc4#L0?pKqvE%(kbMjAT`6&n`@#YCOZfUef$+`nMLK<}7W*h#jU2
zY@iMF?}0$P+?_f)Q7JOM=JG=*kCu&^gg+{UFXFet<`@xqWD^9&Hcc7GW|{*d?nr*F
zPwYLqKiX|5vcoVx4xHnGfG0q`zM`zW{AXs5JdV2{DT((blFzNNX9HQhOb~7da)ukA
zdNeDENu^`O0h`-yJ=b}v@6!>J>ce@#Xa9ZDqd0x2xiFOd@@yxpcD70kZr(C%%27vV
zN8oWv+E$^uxS<hqEyR%UJ=Pr`PXVRcLUmGmvBHg}u7L-A>--a<<!m`n`83_AF*xqc
zVck|+fPtVumYh3vbs8LzKr1h9zP)z<ePxW}CxfJom=EVzVP|giUjKgB20C7eO$rMS
zb^je~sBpXkux~Yz?jz~poI;0%{5V%n82#=pn|Egm=)L-oq~+zz{>Dz2au1vLxr~gA
z$jZ|_yVZzfTRUgAxW)chJJZE%?2^DB)E#Rbeya(EWo!x|@vsKjw>y_jV`TkLhXO?m
z1i;mZy++pUjxUn(@{_YQAC@gK$O$pNh#8)^7OUwL3#V{k-nTRN*juBAiu7*LfaUhr
zBNyT%rlh|lg1jI0eb1P{J@z3Un}Rna<)`Q;$5Qg-!yE4Pfjd%x_lQ`e*UDAaTN%6=
zLFv2W+Z-~9hqNsh-p!gDuX;cbRQ7%WgDN>G>1zQeNeD4@Wq*DP(ecPt2dl$nu1JH)
z0ZwLE$28K}ZV0rn<?-ms3%RZtc%p%cNw9=V=_99=sn*=#d=KF$w=RMDmmFI94W5`x
zGmcz^7_Y@4y#vGS?T7JBeM%QQ=Hq4Lr?6k<b$9kZmG0>vc{k%T5FZ+ZAM4k^CM<^C
ziQUM6FNeJ5yzADe{fI<7j{Yi6T}z9v`)ewrdC|boO$M-MXRAdBwhMP=Pd?O)5b()=
zX*V_$W~KlLUKrVL3}GYwbZySb=JxxG&uO|lr#|Gh<u1C)5hh*@e0Kr0Fop>a{(N8`
zs6iUw#Gm`sMc_5_7=j4E8A96p0(^)uUmcbxp>D{LKOHT;ox~?#*25j`3BL}~;$$Z-
z$r(xt)^^!99J_?NUnKE4kX!Mea>4B%eBj`)S-i{~fgwRaG>3DyGmH+z82H7hrx#*h
zDcB!FY>&n@J%x;zPxludYG;p{3NbD0eg$%h40uDS+00irg+kSH`%{(7vs*6|tV~$j
z*~#%xy7%4b&T|fn864kbzBsdA?bC$cJ9?k-JKu)mX7+@(G#<G#>5I*Cxs}L(hpc}7
z8OQBG@B0<@<^{G*K+kIJ!pBmZk`m_g1Fsc_vb(Aa0?${@6`G|Ilm0BZ2Iq|kvfhiq
zI(1+7VHjLfruiPQqY^dju^i8@emC$|b(29YU)ugwPR*zDXGY_}Pr|r5<>Ljgp7a<a
z7J!+zW!PYtS!l5$DZ25F9~nZ3WZiq)`ZM!HPq{b&TJF&!&cn}3EO@$Iy#wg-vV&{G
zlIsNvC*iYPxzvt|=tZL&Y=$r)Ze4WDjyt{+5ktf8Kld)Y)HrBM;pS)IVWuNRcHtK!
z?u(dqbX&fA+7lT-(i3%Mb#BH0Y$2nzMZVPf{Noxm)!wFFmnpf#-L>o^>qo72=$HvD
zOqTsSm8^fqJNUXF`iQ%aaPC)>Q|AMWRinZ2<@IGh-w0ndz0Ct6hSro|n-~_no2A6a
z$j?9wASvB{=~wGA#O%I-=nKlZ8TO_LwMR67>(uv43tXhHR`T=R7vChse8>ge3Swi!
z!Z2I3tEZN*(?H#h1B6YAtD2Ra()G`MMNo5iiE`q^0IO3UB9+yygpI?eBq3@vtYP!&
z&tYDEQ&R*Y2LU2fJ#)NcuguTW1X3j?N!FSV)_gFf<B>6ltk`(c(!P@LOKGSTj+I#(
ziFdexD?54WCQ;pRS+4fg$>TT;0nZZ+$yhpr2<|=)%{|Y+pV^gnpZyUke6UvSi9kH?
zVp}$T^6Kqb37PGmR4;c-wT4tD%9YA8!z}^D;m@r3^!TUyccPLW?sbWlNiUVVMIT{7
ze4!Q-sQuCe13wd>(r{wU%GjZ<Y1BK?g#aO#<50P0%o0o=eP^QRRo&i^afhIylWZy<
zssz?HO4!yy=7Y2*b>8diG2$pUB&3P1bgx-iZ>)Zg=nl=~B@|JicphYj4H@?7v`Jt*
z=>$dD$^32_EIh9Zq13dTs#PTtwc%6eEA&*!sTT2q!vji;x;Dahmi|ELR0!RUZuVJR
z*qm-wF6ndIUp4qj$R&A_Vo|NtY(bz<%hg_*(s#JPZ@#J!@bdx0_T)TYCz`3WF9zNT
z^0yEn>@Q#5efB=palA?7um%geh)*_KC}Bc+;}Ai|LrKet4}>FM#N7%sGl>UD??gGY
zq~#dBN{jVbAc@?b4DQx_x4McT@=+`0NRszX#h3jh-`wCl(3FqJq18cSvw3u4+fzKu
z?!G8Y93~DsW-s%3#hiNAQ{=D_TmQdKlPZ7(rYZEME9JAgEVGScm?E1D72I=}!Pu3=
zLV|Pi!`wU;o1<KN9%;by{!XdY_%S(*Yc$O6`uQMtap_xo4M>Vd?vsie$|I_6?h6Va
z6bh0LL$+nw2}tF-qqejeDJp;E>5&t!EQ}jtbFZ_5yXWB#lit2zQf#reYF_?mGNAhv
zOZRFUJ~-q#-|XT1AaaDkwSS2JU_JqUuO{*=9AjwJA(A(^kn0pYaW#1a@Pp-DO?)f<
z=76lMqSwBxnZfA7*D!ut!aY8eOz@r~*agen)?Z2#hnA?$&pOQvu2$u{zj((99-Xne
zs+NRFwfN<&l6*!}-9hVkhtT$WD{A>bA2xM8)#y<<Tu9uz8E;}8ajTv$Lxg>P`2iks
zbKEPO5fprZ9*f$ql#jP^OR_z!1^Ri0j)KFSaDH-r0AH4v`_)CyV^}t)F&Dk{bj=f+
znmw%hxn$JWRZ$1}I5kf}eaVeAZ>p$YWuCtT6ln%$oP^Uu^l|3;F4~Ke?sZfe<G%QF
zl?>YxxDiY5dsp)--)^ydB!o>Dc?>Cn9p}2m4Nj9<#{gG=Iv<YoC@(FmVp^|x9tOFP
z6=}c&%5<r}y+8D4kvR>j{;{vi|2jQVv=I8|{L7fe&Ahwid<%n70}hQc;U>s^)#~;^
z?b$eiHT1gZ<3I~dit}+(Uw+)PPhJ+21tl)26WI#AQ~(>{peKIvTsA-*--o9`{mt1z
zz_+9%#@&rSyB{j38pOVQHIpAqYV`FE5O2@^iVa2rI*7YvbXV0bn$x1mm48BASquic
zN)bL*R#d@&;5P6jfqr#~cr?!P%SO1Qv~;jmau8~&9Kq?pP_^Yu0gXE{_D>*j3Uqpz
zpYOg%QMnN!te&Hhx$x1NpTHjX2084Lg{FSpkHeop)AklNaLtlS(l0X9v(h;!@ca~M
z#tADZDwtcR|MEUlC7rxjPyq*VuG3=N;Bn^HHnwU$%+|dtghI8u&){5J>0Rs*%e2!N
zYnoOL+{qp>#R0)dpK3v10d%JWtcVcd)yw~fwYQFIy8ZsgQB*9zra?qR36btl1Ox<>
zlm?NUFuJ#)AgGjpfV6an)W}UlN$Jjk#OM(t$F}dqeZTMb=l=YDe|-P>`XB_hS6$~i
z@jTCS4y&wRXwS;b7o>TfQxZ^(WxveMyWa!+2+E+)Ae)2bWBwtl>EOmpb=xBjWQL_3
zZ<17Jp`gL6X(B_?rR&6tz(09+{PcYFen}C7KD@P;tnyWZx-qCp^DstZe0D}FMsru0
z-gn6yhHOoK+xG0WDf^WuLDlry7^!;gt_ujn0D~{6+(sAhYi2vECNC3LYf6b>Tc%$G
zy^{<|gyeq1ME_yYq^EZt@?F<il!^GD2+)Sh3<pnMcplRt>;_MG{^&X<hu>WsdQLBT
zv^ksOb+ms^n9-R(2N9m~9VqSq>?mL_l`^xX`um?L+VRPOJ@62emXYbrc6X&<kYS-@
ztT^*Y;FSFW?TTU14XEcLC*z?A&{D~@yNa)VUbjFu5NK}k9>ul|BR2bVEBp#Vde=;R
zXuhv9L~nx7)~9JXMG{8Sq!iw?K+T|VmFJp^@as!~=m=J-PXhI#6wei20JkWE8VAsW
zckDhw+c;pSZBwhOy@Vl?=RALOH-XSsRP_As6j=sKu0>ioNHOOHw7hqT%cDa(9bqN-
zgT|kiPuq;yu!Z!Mmx+Y4$huqu0`BB=_XGvKWG?MOml!lZxc+PdTwy@`Im%BWgAjXf
z_Dw^bXyWhgkq1lf-T^@*1t|ZSPD2N}$A`rZ^C!#43o>kTt%M7HiX;5e-$q|ze0PG#
z-T+8{U@u+Z(nwVRuJ0qK4xrAD#VxvIrZ<BN#8(NIen00grAbO=-U+IXQ_WiJt4aPe
zh1e){>h4?POo@#R|EdK2v)(}UqZZtspX{ufalPMZh@Oowespwn2H0wI{FlP7l#sT1
z<przo^<K+6z}igD%yNAp&g-Yo)Mccnrp+6fIPEFD-<a&FQ?_}|;o;$VYdy_*+ao=w
zkpsaNfOw`BXePrc{8S@VuyO8a2~d82=I)iRt1T^kALc<T>kJ54d~pEu>37@KXSX}C
zaR6{snU%ZN$8Xl0rf2R7aD@vipkMgr64uPT9WOzS;aTyS#~PXf7pb!6f!j)-?21TE
z7M91U!*IuAvutqx<?f^2TA(4DkoLN6xUm!RN|)XPrmEQTBM%x*mW`#r!aW>VDSIkm
zx}7LA`Q{at+TCA4l{~#QmPQl|CvHH|gQ{-O_WM9npemWJkF<){hAsQT<-XF@@Aoe_
zoC(H}4+|uI=*R-`a~RvXrVeWPnZ$@EL1<lqZqE%?IJ48#lKQ*#+tZ=i;bU1#uHCyT
zgJqG%(<y~A@=MdI-o8=+9X_)n`bs@D8e^kq$*WuP@}=40B(5v@Lfas=%)P@pm+poB
z6P%nAJ**6dOQo#|TqcD%A51)-@pYdF&M4hVtUQy`Us{or687Ogz-q4T?AeonthkFe
zPE)<|0qoNsKcMHA&O<+UZ%ataOei*0XdJ%Io}xv?PxZ&M)f(3b{&4A6q7Iw~NPPfx
z2yl4P)6?I%6~uNvjaAFi%7B!-xwBW}E_D*{PwA5}eju-qo@Pf$x$@<A_vf?#!iTpv
zeRg5Pi>Q#;SH$<M&yXG|-J^hUcadR0^9e+l(QSE16DmIaBOQV*Y%a@r-s=-~o1&CB
zj0v;?F~tCFegQHf>u3F?VTE^3tzT(wj~t1ad06Z;MI?rbeqS4jcb`;?<&7`d#;=bW
zynt^Bx7#*t5~(6bh~sc}qLMd%dA9fd>oH~v17K^K2R`@^F0za$e?c4X(QDFr_TFVf
z<D~A|zZ$FrX9QzR08bd`OoJbXVRG1e;uNj6mzV{7q^-LQ&7B-^K=>zWS=cjSumZ+T
z9sr2!FruwWpNoSSk|dKdXf)j4-()Kb<od%~N;fd0_v)r3H41Pg89KR;0B@5QzD6#T
z2zlIiqPDNUf2TN(v&0H+P%str4%2smrWHTfr<?A^BBZoWFPe$A{rOf?mhfoceE|fo
zocbPBa0h<$rmdc;fdGG_k(lwxrlEMOGBiRoI(dC>s!=YS{%DHQe}@Tqi=F+lypn&k
zrtYk3pG{eFgI<w_!ng*G-mhzXn{Xo6EjxL$MAzg+)z9*DfuTbEnw_?vh4QDvlmebx
z-eH*FC%nH6(!m@-@o?+PQ?CCXu>m%8pA-=M<7m8Vbm3W7n6*07$3E38>chP?t5?uu
z;_KJuAgl$`ua01=fu&PZQ#4w61LmUu#k$ZTLCpk)DI162f2uxx`go}?i-IDCXF=xE
zBV?K!pgNjJRSMNY4U(HHwoI+I-DCmgKQ2nXX($Hix;0VlEv0#2U<88lccz~yN<D}-
z0tlT(`<1rzYk8^a@;U3oi|dJI&{uW4z(-Zu{k`8y1kh0QL9z_n%Sac4kUWB-?FhAn
z!TmS}V(7wS?wB7_vIWX35ll}bY9F{S7~_GJc_QX`>GQ0+Ec}l!U?;!L36`Sx>RIAQ
zFJvlxzD3!x%*V~N!NcTiru{^2iY?ks2;20TZ3y}Un`$j=4Yc6HJJAfUd8<AHTK1Mm
z`g;jhId5)ZS!=di#&LQDA_s<uDU=$XxB&z*0B2%P)6k`vBpCv{j?)xB8b+=xAKHl6
zg3^sb17zDvZyUiq!-crY<)WdVek-*PgD9p~X2Y~|y5psx{u-Aay0{1e=+wpy6S#jW
z(6~PItAFTsY3;^`$`Q%D8+NY6CbV=XEx7gb{Y!bc1Z<|Ryq>^^^jf|Wj9-M))1{gZ
zZC?e6nThXndj|#8!;Du_KT*VyQ|@)db^BPC{UsIo`rgmKJsN_boHjqUVS5?~wCteB
z*K0RVyDnR?<K_FTe~HBgAP2;Mj*7a)tM+s?E;?w3^6^qu$O8SSwpkG)9DvCuL8;0m
z`0W_gtbLF9mlxSY^eS*%SLLn*wGY}?N{BvYCPUBrPxyd5p8e29KtzO?Up>zU#v*s@
zW+$In@)R6o=3abrOEGAfuSD)v@j>3D?Vp$i#T~o`B!`qOpX+x*ea&7B*$Tg?`Xd!U
zIIax=_|%0kM|H+wF^KI-{l@n8<t*Hk*aQb1MRD+?Jn%EZ9Ql`{qJD-6c@udDhL)b6
zr_e7p7ONp=C~JNlw12mK`pi%>=*#FL-5r&MF(*xgPQ_QLat6^Xhg7ZzF}8v{+xzUv
zF9MJ^rN(l1pS>75zK>5PC_nYj#VckPK(1lo1*+Z$zyIOawwtrZqcBEzE=a7%PQ?U%
z7r2Sot7j7Xsr`K*-+)h(Iy^Gcpk-uiY@tSa^gySGm$wDwW${vT+hE0TA@k<4!><3y
zcwy|D0>6Bp3mpOi5@y?pNRGfDV;ip7H=+6^4D0S>ZkR0WzG0;;_tSebOEcl~Y6~v`
z)B)(%3?XQe5_Ig%_tzY!cGgD~zi`NMiR2T$Opx-|D@XGN4LHs|$ue-Cy3+lz`9*>0
z{5wZD&|TPSayeGu$6h3GgKzMKuzUa8T?;sI60iE1hiBc&!Lj6}yJ3Ru{yd)??t4!o
z@dQPKkK3b+GjBiy<V+#o@Rg$1sTTCBZ-st44MGsm)R!6d*7s|^r&V;A_<`MYFAI_4
z0a;SUFH=tOvBnwv3g2>3TvWox@X5mk$yEKUze5?~cYfg11C%R+VAB<yRD%PFECEl_
zm5?|!<Yfl=lwkK9-iPi)MLSoe3V<t{7wDX%@bml4luaCG6E$B5)qFSG3=`Hmd+Cda
zWmzc(_>IrIEzK~6gizI-w2m*U^R$IV<M}5}#`dL68tpGO?L7mfqrDFZqx0C5IM{mv
z0Gb!>rBczBzrA()$~oX6UA~$~J_DPyqfL>EXmgb<`2*G|cfd%KR?K3wN9WP#WJ98E
z@SKZ5xJ=uHK2Tb<C}e(W2#$Pu*7}rSyNO)x{VK;J8qJLKUg-3b8ABWL(=P<$uf4X;
z>q(oqC)0zIkWQ;S8%2flY7JUrBk!{%t9{9);VqAq<>*pGq$eg_MgZyi?|*k~KweP)
z&q9%uEnzni1X}4b9s1ofXPcTe6KH^=#2z3R6tcI)9Ri2pgHvU8ard4k9Vt#-C~WE|
z;3dgy)tS!9eA=9KS5-Z~y1L5SS9<mOb?U!hysVDl!lChcumZdW;zkvYiyHz;*rEFu
zvo%;tkQ!oVZ*nP6?R@j{mj@~9bhZ`X-CbXXywH*Mx=Z8b?C#w4ZBzMv$DyR}?(d_Z
z2~hZWVJ~{ibpBbLo_k<0<`GEh1;X@Tgp9>6IlbM1RzSWb7nlFsQdO4qdF^p<{_WE{
zO{r9HMHU1xt+3LNPfM4()oRNaMhd-WX3A{tDz{~kvUP7|>AtGbEpZBpKeJZ@eaqHu
zc@}(Ph6TA4v!+1*&hr@L?yiT#Ds{D_4NMFaH9cZt{<H*K<qZ&eUPO3O1W_-6Bm&RJ
z6gKcsOUcO8%LBQ`)j9ql`ad}&PKnqDNL`i?<4&B_oq}{){AWc}b@Lu)JOC9M3tpk?
z4P1mLGXH?wkG&(eUz9w)@pZglOfT=+PD*>&70%V(^)=DIB1urY2b@6Qsm>e&dIJrq
zzZMb^K;v~KOY<J(0+`Er6{EdxzM8YKk$;S5+%@_Zn=7DNFt~8wHzQW&gY&jZ9G{BX
z#T^(7+^lrnGhLN(8nMTg2RfQap6vif2StP~M;U|w)Zb~YO51q&5xnMZgY&j%$by-1
z@^4X*_o=B%rupaJRlnKk%PO!=g&Y>XOYdGyiq{4$)}B9t+q*Ny-Z$ctT=?^g=SP|G
z{eZsa<~fOc-K(_Q4sOd=d3IU5!^*j6J}_1^{eW74nz;=CcWSUs0la_(L5dMce*|Cm
z9xPMubv|4@ke=60`@!_X1vEWN>4;8tR45E7cP)-U9IudG0rJKTXE8|Y&TsE!^}H9~
z(o2)R*w*Y#eLgyKDmy2~a>sM!5?GCPy~1}j7vg|J^L(WES?lI6ye7q~P|2@G{EVV!
z+lOo18`^z~BzSiUZJ$`=>(}Bc*Bd(M^@j`1LB*0wO4NS|u6Mcq+9yBTgwpY)joy&&
zX5=PSi&pGAHNCIKS%yx#h35g_tCMR;r*7o_6O<0l*VV^2BZO7yRrQNBnvB+b(zW;C
zfR7>y@~StaG_%#>${3x1D%b?ZJS5d}YSk|HMOyu*aQH4W4kb492m3A4R7SF?>wZBC
z<}l1?T07%mIKq%vQgAmFcq^qZ;$?jh;_Wd!9GR&~ik3r3iZ?pY;vpd+09v?{S?6YN
z<3fhRd_MN&bbY~mVxXgo$RMX&>jU<z<-I4>*(J;_>p-HijIY9yKk6{!%i{8wM8Oe2
zSJP*Tw6(MXtvto_%R3zS0KOwXuX;TY&lPQxZc&ch9E^(bij8331t6m?^Zxe!X20}&
z2Gh}1;;J{QBW5W|1Gffbb_ToR@Dln>AI9hUvdssgKK!WZot1J+-(BtIrk_*t&*X<5
z97Lqf6_LIuAR|%rr_qVg(a{2k85b}8g5bN!&sp6l)!cl;sP>kvzqz9Sy+X8XR_Y(F
zd~rw!UIlT+Os3FV-Nl^;76;yi`$7gYVO#%Y-U?Dto@z~3jdgoaO#*3#;|-1<xOeqt
z^gR5D)g;?%BT?wfLDO9d&_8bI!7M<;g(S%?8ZrXzqhn)?lT|B7%10c5k8d@O;n1Q|
zX0E4B4>bBVQJuE~<z^a_hY2#>(1!<JtAuoXlDAr?<b8kv<Tid&nLT{;UD<S$J7#2a
zJK~E3QM>nWn$)x%19g723O_*sl9|_IkI!7zf}K+_IB_5Bm-~yS#=gu(cUzwaAe)XG
zsNKXat|1Oo@9N|iN=$I6Gg}Hn!K1UCEQ|ltHAN5-6okBorsnIKKZRZpJ)h8*<Ei&d
z-OukNif9qgNMv?f&=ga=6-mE#diBq0pdMesc{^=|#FaB=t%d>4D!z2FpV*SdVI9-S
zOxO!i);sXoG%k;*#8;l8Fp$l@Rr;!-GTX#=_k0H+b((dG$(lR^p!H)M5lHllBIDYI
z)<h9Ub0;<seu^21c59OWV6~66)hpFfRn0GDc9|(Fov1h97|30Z%W<XO;>J}<d>bfF
zXMdMxN+fnWTa5O86MpOKAySKbThp(|p?6g4i!Sw(or|)?(5ztuzXStP0k`gN@640`
za5}hU0m<@UOPJg6Gb@N_N+$~K6rMNr1kc{N&;jam#1YGy0W#GmDUX~17X4GY<^xC;
ze5_j9{gY4kf=*u{oPD89UAory^yL|>GqLX+vqbe(46m8FQx|rk&*9Po9lhWv&_rrZ
ztoNuiD2R2aGY2HAEJgveS!r+G`OO#LNUIYKnop>}`Y%vp7?0l6L!D?rVRK7=>q@Q(
z57yf!MpP6OFg4`*xi0WOe6e4|9KrVl6zskCSpzXyyDn~AWJUBZ0F^C_A$~<rTryS(
zJk!!wGj!D~9yHLZD`FJKVIJLm!>Y77_s@xhU(*)2khfM{N#dEqQd)PSXZDg4XJ*##
z6dF~y#pEg%N`PRS;dK(qk8{90!UF_d{B*BQ=T+C${E2{#@0@&h47SJ5BHqioDk#5a
zvMMpXa6OiVS=D?DdsT5fOY7dT^AOz}67Z^U{#S^&#puw`khy#(NaFWC&UrI1;Isl_
zH~mN9jf0BP(umQr6mjoW|HTo|Y~iP^>~)^cEnN;PJ3~mjN#^4;ULSW1W2$DVjd1FO
zB%RCifwRM3O(|mehG-c#^9)Z9-#-dj44$zCSx1Tvla7&*ID><`F+V(m9<eKzXH$2=
z`C<!^LvG8zy^~~_Ze@-m9Rfy$?yRg01N_ae&gI)D4GoQEE^TXrBI5{Fo1H_)zG~El
ztc{Da$B%he^3AV~4jJC~<z9wh+EsZ#+1ROSdnH(5mwf&6<@El2*;o6)>GCKALRFe~
zxss1JctS6+RXgtiwN4IdXgRdv6SHUN`r?m4@24L+CD~6?IehLLlXm>vY;!Qx<k6hj
zV~~cO#brhilwk8^rndaN#m5H;OzgfBHdr?-3V^&0c4hT5bN{5do^M*#w8`YXsAcs~
z_zXu3)Y%S}-7_{$I(Dd|bGp(^u;vusi)9Fxe2A23Z|YyZ+p2aU(K}*3d=E47d{%2;
zzdG;_7vPo3{(<gw>T;RcZIu_5K1H8WcINd*D&Up5Gmnk~&ned3U517S9iKPl<tN7$
zw>4-3O=*=2khKfmlK!7A#075o=;sBRjEha@bdG-l*jtqY=J8$^i@9Y+t3WE?wFLSB
z@?W**_DRPnRDi!^C41zPo?LIEv@|$A_-Zf8gegrR5A;0+tiE#~r!c$TK)7pEb<tjL
z@46{Jg<rWJdqTzPSHw#eO!1*Aj_MD1B)@E;f2W$>ocm){VK?5iO60Tni@h|=gX$dI
z<k5pi+)E98r;~7*c4vJW^#$Ft(RvZ25vE5on0!{|m3-E$MXUJ?>-!4J_J@n#eBl!7
z9NYWZR=zk=RMNY)fbz^}dHMr*slO$2D(4sAps@4;K*?@i^j-s6?t)GDG~ho>AT}-m
zAobZ~w=!Phm@J8J=xkf93Hj#O>C#(kCln?o%x_Y~$Pr9?9GLruvajPNQSU*ODM&~$
zo6fg`u;TjjNeQn-eq+=X?sl7@2~K*!Ty!aBUx1@G140!T6qKPFqYBdg>Ai<G)L^K=
zFRF~-6Ro!XvYuNH7Ji$A>QtV0CqmN9Fs4pJO9l`c01g?W{jONdh+Vo$IH?gHp1XkM
zIDfXrk5fmOT+Lo&D6BY_+)?ebCJ6`ufG_yw*qcPr#v;m_|Ma6TGVY!zPLktJvN0!{
zyRG)zh$}Hxc>4Ro{((=(NwgkZhV2Bkq0y>gka0b)Dj8G{8`rvA7bze#c6HJ8TmNnX
z6ph3kLtb5Ik;C`t=V$9&w5p+q2R`(NyGtJc`zI692Lg2O2BlS%RG3A~nU$ygs4o$q
z6$0g_-cKk*x1KQ|W`T5EBU+Ez%cnN+VyrXRc48fL5AVlWOeV}%Ullkp4kuE3;wBWc
zxMLo?v_*)M#6H)9YU|++y$da}zN`Vd1;gie+JLzFdK?83Xm4GH&x#5&Qr8#gJOYfJ
zca~G|g6p8QTFR{NUjDJII7SZMWtnE><jiJ7$TcMlGMtbC?8(HTlIDQc;P>xa>5DiB
zkOBKj`u$?~*O97Z-ySUbvNbca>h$4!v^Z=*x=&;&*QC7G_V$14A<~~7Qy+V6g~h#>
z3wxq9ZbiNiLOB49blixdCWJivO{@w^Izi2J3M{494k)QEi6GT?0n>a)+qJyrP@t2p
z=|nq2wXYL%Ugd*IX*n{$_>S1fd%cDPe$k`q^Ef<HY|gNl!-5}vc~p1NVzkWrYQ^iR
z#}yH(SxT+HI&5Fa_1Maqb(y`@V41qnZVEErz?-;S)txMJebR^e<R^jOP937jAYZTf
z2r2^#JOPu<&PgW_EAVY`aBq^?Ol{W`M-j-@);X`+RjVyY-&drjH?5Gb`i@VIoKP^U
zt;?Mx?XI_&wX(kO@vFb2QclPNq<|>z(T!TP(AfyLg)5@LHN*98OHnoLVrZ=Ibr)YW
zy`bMky^<G!Q!;fFtzLYxx&`#iAIZ&~<BNT+@+lovkZ#%Aw|`$%qWl2127*n-aqCMq
zpOkrbiQGAAgDTam-bghMauu6`vR@`r7Ib1zi$w%{n3cUWr0b=Cj<j#mH0mu-ri)fs
zGx~v1j+h0T(@Q_^6vYMzB%yluudHPZ+J7S;iD!HtGNljNr#)*`%*a{<_Tw^(<emTz
zKUMIRAA8Ck#~CXF*BcBIv24e6rihKZ$3%w>lj+sD+&vQt3ZR+N6yidMU*<t-Al-0Y
zqolh7>P$?hmroB}uZm!kYG0)|@m+9dXe=G14q#aGBf!H`jk|yP=4^tPL%LiAS}CJ3
zl>dhLY_?gUVfJysDtWXHx1YaEh?vDmmABmv36%LkqxS3Ejq8d<lzfgw86){byUFqV
z!TXhl%9Vx{L-rv<26VqpaJNn+mOg5on(f*qa4bZ1sJC`@sy~|E@jEKC@f()G`i39v
z!@KtC+zwRHWDhp4$$HZgI5AOfxslTPWMt<1*0V96V-Md7ouOIGk%GG`$V;mD?0@4r
zX}wpo*Vyu^+~Bxd+dhf6S4>I`R$gw%JNqHW?5t#I1`npPaj`Y^I_<)<Wqnu7fqdJC
z4?g%AUl?M&wQD(JwNUni9mL+=y?1{2fKR1=F4hRwKWdYd{e>--``c*Y33N_vtr8o2
ztA_v6Up@CID8${A!h7ybtXH9Z^7Hc6p0UuGkjih6uhdp&>R?U0vY@4!QTF)|VPawG
z;vo}M+v52*%;y?)Zk_^sbE2!rO`Er}iF;YNebCG3Yk8NruGZ{uHZeGK*x%yn=M<So
z_u>^|K1n{QiOyaWL;I>yhZ7-ttTJ|f1rE>^WL%8CZSyGIJvsEv>7?<s-kelKS|i7u
zr7mCiT4MU}yvym#$!fa-xI2M(!Ys|Z!IX#vW4KnLAe4QyOzxqk@!PfFI{d7}1THEN
z&WGT8n$Z1UlRiA8)<U`!HSv8R4P_qSYl|c{1KZ$~>D^~G-<hke*Wxat?Yt1){oP|G
zK^^mYii%l)v1J%%vg69)`onIGhQ>Bx0and1M(`UR9Av}$xjSskvy4Eqb{qJ?G8PjK
z_#{{A)hb+v9nm}eiCuBAF`(Cmuc|VOr+rAriBmj39Q7ZU-<u{My&k75=FGB^+|3li
ze^-bosLm9gW^k>U7;E4%6S6VM;weTwWR1xA<-!VERWT7FkahI2<fmQ@rfXBtC6E%d
zf!L%=1j@AfZZ77JliTWr!+vYyuZkG{3*wISK||1yOiN8k1$|T33><^($Z+NTIHP_I
zIWzDejt&DX=(+iLhK0IOnRfl%(Cq>;HIvxNt`ytF#ctCQ{ey$kwOa{H?t8?Dii7d7
zWlT}!vHl(2=#8#?HTuzC7`)~eXV&3tYRWL^Lcf4Kr7B*WHM}wyVPl$Iw)N59b!7-T
z@Ig+p?w2SMf21<Af>f6r!x)w?608`%2tCKu6P|~VSzbGdSNL@L%xfet>i9qQoiZtk
z7bW^N><{Y`Nxrv4&YTyW>h9ke=;z;WXh~R|tkaap;98k!NqMHIXce+&vzOwhF1P(i
zW^=%mZwS#ML%Z^mExD*@eCy;?u$Cp+q|_<$jz&thncNoPhN`VWHKvjk*GPD3B)Mht
zt17U-Or%@iz~rhMv6DDIKP>F?<D6lYU(E6fB}RR4P~>o9wp-+`P5O<BEmBEI$#Bne
zWyogK{0VecRh7mz+W2c)MtHAlH~I?x=~)&c`R`Gs6i$mmoSC$c1L!AT`lhS<bXkjr
z_u5nv9>5EwStC$J^}@L)%=4U=Ndg(lw$O)ZqR^?aKR4fxzSf&rr$*h&qoPUdd0Bg>
zyrfPmLe3>Mvl(5j+1YL<;!xVxujM|Fx%u&ZDa3b5qv%CV_GG|1n5|@~6!FYMkIiAU
zR>r)2XXs0(byzn`#_!*5$1(yMdj>mDFf7ufq4>3;qJ<B>sEn1l8-1s%V%cmB@I1)I
zc}SYHFN&3QzUhs<$RhYeqA6&Rz}Zn*Qkpw?aP`U`_pQ&fx}_ygFnor6>qj%!nCJ>J
z?u2Ul_~d)6k7dmB=pn`5yMG03nAMRJ1N(|4V7uUC!_4v%JFV53<@B7LoezCxkPb9@
zd|$|KphItfkU_RSglT_OR(ia+KO3%RXHcV8XzW^gOHy6cB`Q4G@AI+Tf+ZY#%C=l7
z-ShnfQCQk0mz%qw!gjOo)1j@J<QTN>kv3W7$@^h342%sgl~ImgNi4FANXfP0(T8lu
zI;?d;MH59lem|k^X2=(Th}nYKp=%@|#ePC5Sh_@{BV_Z!_A~dPI#Hd*BLjhJ!CL5#
zA3ydvM|0(6S81rl7K3^h);KA{rZcpC*lo1Ez_ZhT>%vcGFUiwJ3cW79!MCrYH5>Pu
z0jA7~59zl_ISRX9H^&vlnBymVxZhu!nM~o6{Wci_E7v`OtozokW07vIAwI=JCr^zP
zR8suaDf#%2mn389<s(X+`}Hux+1BL-9dzAL=gzsnKri$(h05VLguGhjadOey+RQVH
zU;O)ni<5-!(ApZs|EOjPisYuTNotC>JMBrsJLQlPFp+yHI*nfrq3Q1Ko?loP+dr@4
zS7Q1x0>>HMHrKID3Qk>oM~8LO3^;*5i=1=`fcpMw7vbi<ztlYR-($M5o;=lKIpN&h
z6qQ*}Qu|b|Kr!kX3ro@B;-Y_rMvfXkX-8y|aMSE0rR}7FkcPI4Ryvf73TDOq`xy7t
zUcGJ)n4ElH`k;Pt@}%1v?``x@KLY;TRONYOq@dC7vM-%3HO6B`rJ9hT*FESdxIW$Q
z!#r6sCT?=lm?F6PT#e-`U{KwSQWok-u~Tqtz`CPWgpGjFH4Kl25pv#cMhvr5?rj#N
zqw(}<XcA3Mm19RgVv6{rL$8nqs_@Sv7C#w(r7xHPT!_;H>Ed<AlmER<3W{J}S5L8j
z{Y>E|d-Bx3eilD@>E^$F{C?U0e^w6sKAhszUqfX6^Ae|1H|78JYJU!j6aPLL^NF*U
z{`KeSv-18F;ZI6XM>a8Zj=J76dVEAjQ%^A}@msLNUNo$Grq0#uf+S|n@{Zl+56w!K
zwz$Kk>vWzkFVw}2z8>1{COury;~gMC(Z!iR1J@m|{B!KZnZn6Qimy_)Iq$T;5>$yw
zzr|5kBl11+9=BlM9<z03&gqzz*P<&8HHbLSrSi7SCLtJTbk!n*I#mDIs0pk0hNFpF
zV@*`1EKCsJg*F}htPP*&Ec)-Q$S??<rI2|-hL5&)8)f{EVR9S0r(IVk5ga<$fzp~u
zq4xRXNy`$sLzTf*AwW+gSP|Y*CNRr+Yl&56yRvw$K8F)1L1H&MwxWBcZ}^|97H7VE
zlLCJ;C)KCy<;(Qzpra({^1bfZ#m+8zUk^Aq*DR2bpBqUW#Uyilpy(M$OV^}J%>=v!
zMSvR|9~cCRKcNV0vCQN^)HI6*?C+`DV75!s<r636X$4=8^sGDnV7FOaj8t|bHZGoX
zxEKqpl?0t}v3erX9*m8x-Pt8nx(tr3JL=_Bub`B77A8D(pFPVxeSvN%DL&5KGkVNT
zd`IM;3#L&XT6d)IpQdIN{#uvl)XE^0ok)4Aw&t(vt7;L$+#dpVacHu0(G8f&as;Vh
z-BGEI+3{ajM*Y`=^zg9u6r1@ZbjzmovIz*r9x*w4eJ%M%e4T79&%9}R7C2cP%vP@*
z9TA^dC>vikzIMECz-)s)NC{buO!%{+w|$56&f*y4e!qaSx=vRQyQ->&j;?NHl|x7W
z1^$M7PYf9va<E>9)l-+*6rZPC?H3s)YSH9q$C>)Qu}<-fZ4P7MYkE*&HSR(DlPv{i
z0gI|c0Xgd~Mm^Ox@%|v#*AFtipV3J95VTqT_`2T{njE38DdpBl*@@5uzMTHNQL%}9
z7Aa32c6QU_V`|9lyb5CxQjG#V>1l|#j?+GKVu;VfD{DPFzgeVI<9<tOUTu!hCX--R
zQ5C-3V4PZm60OV@6>xhi6ObHx={0az`LPZMk>5c$3k?65Sdl%1#JSbr51Gi00%W_K
zr-KqUsm0$cmF~?33s%jq_2lb9@Oxql9=0EMuZGJhAu%o)XYjZJpiNb@47_VdVq_kf
zqeLzpJ=0!mhBV{Zxy;A&;Vea#Tx@Gnv5}G4siw}~%xd>!_g`dL%|9f@rkcQNx&X~}
zXC*NU{E7P>Uq9#qiyyTyTjb|Q->5p2I!pp{b4^@+y^e{Eff%pb${Y}sg}r(xMps2+
z;`A3kaHaN#lpHlQ4d-&e%%T9p#ch_qxL2h`bEx&Q#IY&YguemiFQX3UJNMO_cELv9
ztT@%!tN6Cv;Iez|L6tAD3yGIyOcBzF`<;+?kBg<?4dr28eyviXD0HyA8(rAF02?hn
ztXqcJh$ilAQbF6S9gZ}2!o)CH?ki%4$8UbBqS2QXXPn!gt={{7rfF`+r;-mEJcS@%
zl_5^3@sU!v;Cr83TEZi56A8(CJ4a@up_jFv=WY{0e{fC}jT~(uew3leph%P?Nt*RM
z&fuR75Pm8<5O1O6DRztbVnhMh0#C#(4}}}H`uabHzPA<WJl+AE`lclxKdPc<^^HZ<
z5MD>@qpyov!hR=`E3La~xu^Hv9<bTsb1z3_nvoYGB*{q(j1srFZYGbfJ?~nyoO7$G
zFegzh4~y0P^05aYOLK&c-A=*|yak8e6P<MFf34Ez84|lVMa9;yj3bs0V(NS~Q5uK6
zqbC9e*y^`wlbwzPqB4(;PKGgi`h^^%9yVpvZfzOxr9|J3>nI|y9fhSJmInP@S!(Dy
z8%WC+B)9R}hBBC+4=!?MQ}0UM0KQHQ*-x>BS!Cv`x0x?!((TqE<1o~l)M-6fAAzxR
zRdsIKK>T{O%T{!F=!1dZ9o~Pt-94n%EytiEWn<!zEPH@QP^m}9#}^-@l9ZS1@`|$W
z-Mu^TF3vauH2?R^B{|91&`RU0j|b5s>JJ~u*8<<YzXRdhpzxQ#*c;PWPPIS@Z<T1~
z+-m2X#IMoO@u-Ydctd(R&Q$Civ3ezIX+^mMk#eZ4AI9v*IqswD-sTg&Z%J*#=&oKZ
zI;s~z5h-!n+j}$Vztnc{<@`&7aj6cK&>|!B^PH|~`N~Rncnh+SY}%k5#i^3&cPQ6c
zyIOl=o0e5rUJady9Z&UHmN5M0q8^;uqA(-#A0L<Ed*oZrGc+9W@k>5C^ESjYs`ii-
z9b+x-xQ;a`kBM)}E7<aq-44Pi0=uk<@Ed@dw>=2;FTv#``=tXFG!#%ZOR7W6i@g}~
z^B=LVT*M)KHP{*mK^XJ+@wH7J4pGtOy)1jk9S!=NZnD(gS4xFZ16W1osK1^subDIk
z+SC5vBG_KJ_4PmY5?_lJu=?WRCWy7`aBnFWei|LK;Y(VC{(h}WcjDfO#uKI`V&*-h
zEj1uKWhG;}Bq?aaG97czv=f+7%EEp3E}jSTO7MULB1FeMl6lIrlFc`iNh~`D%C5w>
zlt~(KA3v%con#Oc?89SoSaHvYGk#soKx;@Kh^`@6y%N*$G{`_CieKew3)a5(ttRDL
zN@k559CB<;)XYiVrgm@L2ps2P)7eEb(2Hq6*Xli)_Z%b?^C_z{f)Oi(5HpNqsaY6v
zWCmRd(K2}1PQ`Pl(g|hrj|mXhx^&Zt-uoz$;1{59Y)kIfX~52e4t=_;oadQpQ9DCk
z*MY;|9J|deh`rBdQ?d+8sI@h3DR+`)vDV8mbIvT<UVJ$`y|$J}DKADm8VjIlR|^Y}
zMiXaKj{}@5{byFdCfcUneJX1mg<Ba1!U<Vy&4`JT&}nL6EikFu+iwSReFnkg>K=O*
z(L`O~slHSEb!;(XL~IMMXi+WIUns#dji_s=4k*e=loWMfvBgr3L%@0WBOHfHg>Ni{
z%|}jA(~CYN28H$~R1(m;u*ElZ*T!F$mUHa=kq3cnTo<`bH$h^B8{OD~INHV>{}&^N
zHJz68+TD}rKA6k_1)BCpy<9x^VDFEwS-HPk+gT+K=Z9J4opc@Ud}xyTVb&F9=A_mq
zhw(958s!k4`NC$mKVlgpWtWdBqy|25?e<i#`>IL~;mo?EOBk8ZCY=o5<?T#zj{(c<
zXD8|~wd|=5l#}WOw25C2#$`%EXdp*32uhB(G1Icw3l9pHHe?_w*&W8y*#lh!Jm=m)
zIf7O2GA-8C1H2d@GgkCLr~{90re2%64HA1Md?qNZZsI(Y9r-N-*Z@;M(m8{o8yJ%Q
z1(Ys1Z8j!Wr2ZFXEIuKn3EbXt6pu9zr|Xv}p`hh&7`gd9Y2vOJZJ@ETem!pNrKlJQ
zTc2C~7&+mQT6QK(SL^T+aV`onFzvM8m+XCbPjxN%ii-^2QZedA*B<Xbidy;O5Vl$=
zLg>C{1(ZOfl{@#P`CvzkG`Y;UBbVYG4;;Sxu>DQ!3A-D7ruh(SOyRLiW;UNdT85|O
z@}o)FzsdlrVcm6@w}7bm?z!6CP1J2+^Q{0gkIQf`K>Vg5?oHOOJAL|{<fgI>gwULY
zYAhDgl*<|v1yWYnlHyg1p%^*hr?XxCd2g)3Bl78;=-W$gd>seDD&-8iB&a=kzo$Mv
zi6?Z|ZK$G!b#(_NXXeVmczZ!k&O5DO9CswudLMamOk5qIy#DLW^2!PfV#^c+Cc-9)
zLHp|u_)3akTc58A+x-y7kO1|yUonpSo4>PczCifp>Nmp%JjCi%rb?6}YSTxCaKz)F
z@k_?CIS;k=CrZl%F}nuGdajQZ833i+O_I`&dQ~}w{}JNqhi!5WLmO56^n@jRj?=I3
zQ8#pLzo!iw2k40#Mj?WbY=$QaChuo_FX>RolS}H39~fcNNOXRKGOJDhwY}zGDZbuO
z5v_@5!V{;_sY_)%CA9lR8O_OGb=A<zQ3j_{ybezj4<j)I7Qz}XwYQXA!41gIZILrq
z6qO$DH>kbsjltDb@fz0a*d%*?zzlDv!b$In>qs{mcH7IN7;W(4vv|9N?Xg7m;r^)g
zMaYa__dh<mQ>Hm^8sB%;%1v4RUJNL?fcOdmYT=c#6+@P%2RN?nqwHTP57?1|WykUk
z)bJb|IcWt+US5Ho&dkfrJ)SHLBTyz#3$wPa?b`Nz%c&6ms;^_5{tmNB))JACDH?R4
z!T0m<Z^B~i>4U6ICk_V&5MEmbnB9G6OTTeoP-mQ49K;T)8UP%IUfR9UUt{bz>4PQl
z=YVW^aoxg}Xh*k0RmJy(P9vkI{eC@Tj>tUy5^)S%yx6(=@z@$_E%WDNu=;@w;dg+(
zy}dMuMi1IM$>06qY_^WFB=cSaicpM%N#<MN=P7wM6>h@f;F2inIL3I1xo0jyQwEDn
z9e@2@;)Tf$3KG&WKLqsOAE5N-fc!`H*C6a7zGWx}8f#WF)BKM|<8#aUl6Yw0cxjv1
zC0QqVIS1qIWLDUb3X#Z0KCgCASy>6<=)o6o@~Ws7)fkv?iXrvsoe|yMyJ0)h(-;N1
zDgD&z5W1)U5WB%`XeVqK%6NntHGpgTAhQoBbQBZ<x+GTcdi~a-7o=Oe+VKvayA8H#
zWH<rW{V@hYBgyeynGI14TnR-*MU^O*mQefhBhC&zyJeLYwJ5;^^+b&Ew%zYZ$B6v=
zd>CP-x_M@6@GaDRJ%R~+3pws!h(0uuA^hO+`ICp0tf=zIeGBV420zWTg4M*=)jT}d
zFuU!#knyCj^m2wE<e)2)n8PNZv$+8@!;~@Br-_JK$z4uh<Rm`>>_`FzGvgs%{~s&l
z-;~(vaV0P^ua2qb*P@w82O4o17^RxMH!Z?DnX|Bd-JG1P<#;Z(e$aFDafg2K&{c$w
ztoiwcfThIbtmhoA!fuP^)GX59#r%2O#5!TV1FWSBURLENW)~P4ce~H_;Ef(RPsgog
zC{xpN%bSmUdWZreH|`P-@>*!4e9+a^M6=dlf@y`m)*sTF<~45zM3#w`VfJca^P9=W
zfHM{Gq%Z`@2#MLcpb|#uicJ<$003j8S%R1uq77+M3Qfh-I2q469bgl2izHvi?M~)P
z442c)h+96#ex$=VN`b%oAeeO6jxjnClwy7a>)O4s3fVEv1@d;~&n#@*L_k4anVH`F
z)zWvug1iawSgI-!XHJyY5XfJ>|Mi^IcqpqvXFcv?%!XOL((1@K=cW+SAfMrq*{QS4
zN}{hP3PXVXE~($I0C6s?1#E}#1aS>0iKuw}#`Tq`4jahQR?LZmPU~{`K?uaXw{TnJ
z)yDS#8jYYUH+u#>Rwvewa<=m1uUnkAe-hSw8;THbCX7i_4XCy7sgUsZrQ<MdPqn^q
z6RGjv+Q!Dq7cM<fTbr~#1d$n}V`z<0(Ch2%r5L)@A%1JKA^^s<y)3sotjJS+Evic<
z6PHcVN5^vY$4OFT=d&w56@kuw)0yoh7XOq{+SZ@dci&XT3$s=`yB_?b%#o0Gl;n;_
zF^}w3;YKc3Rn2Vl^<&EaHap*E8f~4oZw6m-RN_ga$X?JV_pn7n7>EVqm3`>5m&AYj
z9UjmvONr|bo5JFYYnHXB8AmYCPXc_ENLkV}pL&wCx|HV{n|ybB`@oL_wlf#Uo`g|~
zQBzX`pl<o{n-l5@n(p^iz$6-~n3CMw7k|001$rg@D*atFd8B7JMP-R34ThkZ0-l;t
zc^KrSB~VN5?mG_$U4ik3v>~_sIvAeP%jtm_bVtpSK8Tgvl!{05qjsfOiy_SS!MTU_
zGc<>egUk{~(z|ACc;uk{W^zR7_|5<utFD4cz*G{!v2}-ex!XV)7t*wZACCw*M-HVG
zm&W7&vAsRp3~;hweCNl|aP7yhDpq&T#ur(~cV6W1I9)Q#S2E6%)6cG~kj%K8ZzT-V
zv5I1ZYIQTDLLQSPbt(qXl2BPoH>QY|3_8=Kj1T3SR~`Q00z~KBD<|8^>=JTxw6#~H
zpydWTD^%+nYkQqteSNrvgEM^8O+9blg}615C-W)_XH-?$(tndOboESUIxOjf;l|w?
zNojCGNF474ZcKLPxZk(|i}5z9Vegi4!f<bi8Ah}}=jg#RE)^+{Gh%#4xsgpV@sanJ
zf*T!z6@n~)Nyx1zG&bYg*UR8a%EgdK@&5HQ_02PQP$RQAAY{$W>6&XzKGGjc!O9VS
z1h7==%gjhzXo1<W-u@H=TbwXDl^60>n<n_bk4cCjjC{1gpD3es?jA$?qST8I_v}7~
zheZ!M+H6!^i0{-hSo2V9X}%}Gsm=hS;$i1h5cSQ($%>4N|LjH6i16+37n3ZCQ7BV1
zktlT7-_LKqvsDr^CZ!nlS<2%xe<vTh-Zb*^<*4JZufO}S%|d`>+Z+3P!@;+~^!l}H
zXJVj(`68%#l@I5Zfwltfu3NQC<3xy48wMmCn$D<2-3ev#?Wq6(oa*acMZzI9Q$YUg
z8gc>nCMr=H;s?A%Mr_8idE3R#;>RA}@n<J&8=By;^&x7m&L(Z~T(<$xz*bf<ILR>a
zn@^~Mvx9=pU_6u$y?p=20DZ-7lJo2Iweny3uBE;kS#xQdcWGPOZJpiReIKDnOLZq&
z<wl4B0AocH)%6n9d%rn@XQZvJ`!2uzV}klEr@P&E<jIoPDhJSC9!{U_opxF*C_#g1
zq|+M?n#nFnP~YA^Sw%F4N+WB@!{0A`d3p!E)0L<OJobU;@VzzYWGtOq4GzBX0ha}k
z9(=nRV)=yvty8IQFKh3&Z$&ADtpcdu__=eN2_oA`di|vJZ&XLwb8wJv8!wdN=2lhd
zjJ;pI_`{VrL;+Q^F_~>`Z7u!WKf&Wlni=2qq5*+<<FcGiN_jw~0P|kff$%yd6~4cR
zJ;3m(=kMoNPg)<y?~Rn(ltAk$37jf)rcRD^?Q5$jj|UD7HXxRRJ=FP+Vu`dMPZxEv
z<_-KNp&E^Xo6_3bRdw};^V1sdA;+7h9q8;6l55f$^Olzlb@lYxXKat8I!8>;sdlcS
z5u$IJnI{3c2}q4DkeZXHXgKJS5LFAXt*R~wLa4th$fxvc$TlL;euIn{4+n>2s1yeW
z-%ThOz<J|0`8zcEaNUrjL84$VU8IBVE~i8r&db`m7G<>Y!HfyIZ?(~{hMTA~B75V|
zC?beOcA6oG$X_qdJ@MTv+>Sxo#h>4M-SefF!>>i5fzH9XP6o9GGNQkbGA@t9L4F5D
z*puGK#lT<-n&`pM{=FQi%U&{aaaAY>2krPcc(^eB%b_X*$hk&N2NKcLUGf}0#dsYH
z)dJrf#;bJ-;$UDhu$Nkdv{#(jc;<%j?43>o7Jxo}<9Q9*!ah3Yhm_PH$+Io%ZR9!W
z48qrvhC@NjF6zg3gS&5w&{C=8=Hv9?1Q$#|1R;yCF)4Nuj$`Q0SwiE`qxSx^wL@d>
zE3olz-vnyOQ{zWnAj#8kut(=k;6vM%7Z$HV(oi<3hy~BF>IEr2!;L)A!o#Xxl7Gjs
z{!JaE#_{*LwwyUO?e@ry+1=dQd_(ujoh={wQW+gDnV@C+6<rfuzKC&-g301J{8Pop
zifri*PvT2bey#|-cscD9ne;gqn|csXs28$uw8P-gU8hTiV=320Pzsc1sC(Sy8U~<i
z+j26*xBR%R>ji$45&=}yJpe}UUx6MOIU<$&bI4Dy$udo1F-K{4WcYNM^bk2=iJ}FC
z^^ZQBI|op<0qC?di0TgEOCLRA2-{51euf;)ZS`}AX1v{4IV=Xa%h|w^-V+j1$WXed
z?S?0nEPxx{lXPqkrI`$=`mC>W7g(^&=0>DQ2U<^Ey(kEKQ5SqWq-NlXXyE|L+>EsB
zNZfgsb6cdikr<(G*0U~i(B3i5snXuY@JB4U+Je6JXt|1tBC%c&OWlcDKaaKq0XO&%
z5a?CaP}KpkE{iMv@#Mxf1dr4w=Osex#CV6RYk-6AM;vxU+F@g_kCi#p9b2rnSABC=
zb0A=lXAvpfb1EUDu<)rmb85lpuyJt>u0F?#XXq~HJrz1L;eH&?EY>XP>L<C8!@6w=
zNVmxHBFvz|D-SpvMI>SwrwGl(5`!xF@hWWFgG>^!9A-7!v$0{Rxtz~)KW1=D{29DM
zz1*E7Ayfe;-U0I%<-zXWONOZF?^K4@+t`?Rr5x`h^<!k%lt@TSGn4;&JAdWcpXpft
zIkhC1SmYv+3<w4gDYn`$fB*vU`lV%tRrz?#h?GedVYhw$wK!gn;VWY2F7Tv4sV|3)
zmf<o%%XiuzUOTHVR`F#QB!)Mb9yE~CFw1Y_vHRJgsV;w<6Tm0j8{jyxCB{XT;R!t|
z=$pd8idmOe9cJzK&GU%Nu7-@6I0iJO-Rtif@`a+;nLb5){HV1)@|>^O%EVBw_`-dZ
zp;pVfqEQNL-HLeFC<P+`K+5m0jj&v1aJWLN{ihp-rR3zgv)mhu+o4{!vf0_}=+Df~
z)}sSsNHIFIRQ+hPDh)~JGAJ7GE26GlzRV6<E0jw(xkMEdS0CrB`i_NEtEJf46@9Q4
zEeUD1LzS$}&idN@**C@<w6NA_VojYC<xzKlZ=$ECm(7nG)Hlg4C^`QWxsmwGXZ@Z2
zqvGQoylb4{G!bVIXPV*7hMrBNZnUqo9eGAxnh=AIW=F`z=OjXp4EEu7A8G087ICF|
zn<6Lc$uff_(5l0o&Rw;=u@&g@+igT)Zf>q#$8!ELl<<0vy~>Z~?*+SL8ib?7{k(Pt
z>YJXBAo;5~U*O42P7_66PvI%;=(P2SYhZ;Q^9ne98L9J3by3nBYKo9a`}nc_#_;+G
zpf&V&*FV#g-buo2mTjHy6erx8$I_je1FG;43@#J)`gwcOySoH7Uu#_KU!l%SWAn_R
zxTwfMD6C`D2h`d9m%jin`Ct5nxY?UlPwaP&n$?X&UJnTPSaq#{?C1IF>>vwUGmA)8
zpM6ip&qB|A_tv8azWMgX=A`<nko{KH`~_Jwa*qFsn)bhg@IDX;OL2M|%V(B#czEc)
zl@E#}!9+C3v#!Tr0`lEOkKg1~6U^Zz!rLyqj4Dib_v<&+&i3a3hB=1VBC=C+#HNx~
zhKJ&@$@BUexx@S41&^62e<i9wBuv_#QciGhtE3|G33b)HI3{=iaN4_J%70r#r1BU|
zb6=>TLw-5lgDVmcO{T;gTq|r8@LOD(SqrQ>^bhz#Ea-#IhkO*lR*Ja~IOi-Ull|y>
zvUlyb4;)+E&*zcu`(RWEl+K2KHhm0b=t7m*e6@yuljH^m56EeqE1-!>il2!uv9oq5
z))(*2g!@pu3}Nx^hBs_TVLX7EGDWzqKSW&pd!?Pk7h^szC+;RUj;G{gXLlhd<V!La
zIwU=@14P0~He!eOH~|p+E1fndXXi}?M<hrWjR<gvfNcFx;pA74f2b1Q_x_5n&|wj=
ztG{(?bu0y`&7)U*j@wMX2G|cbpfNZ_&YZ=s_lw6=f;a!%w7gD7ms3IqAD?;H68ryS
zG88n<oaHvVyZ6WZIFW(}T!`@SzK^;PooCPJ-B7c4G_}+nl4E&I*dua?0UwXy*eNck
znmsd~ReW{YtPX)+XOdhW$>3BuPMm$?I$caRb$bB9D^e^WYmGk(wrnrJJt{3`7j7aV
z(Lm{m9J3`VrOY~Fi&j4$FUf@+M)x_?6Rob&#$^mT6}A8JVIt+>A{;nHlHTo`+#~v#
zxEp-u@<NN(A#1R1R-mUjxj5~o$f$J9zp<I=4Qu+cQI0{W@{-$mwfSSXru%qi;L<ra
z{JE|2%hyxH$o^}c_2mbCY8QIYJ~u!fKBMBsP5<KU?=U1G`(1Z8e^0A(3!5;pozv`a
zD1+Rg=IRD$FP=V3|DeVGx0{|lQVmMCoCWy;9epP8@drNPi(l@7My0vM*@o9SPX|Bt
zryv$!Ek2x}SlgOWPCcw5;M;nn$O*GXRP{AU76BsUe)9e?WZl!@I<*M+2Y<^0g;S;w
zh-JbZj+X1w($W%*0>bTUgMk|gA{@EjTNoD1Td^}#;Ii*PKvrG8yX^HrezV9zFm>$h
zWa;@+$7l+GBXkUOIYUO%_xDXdhJ|f*c+Pfu+5yVOWbdp0oCPGsBYVRFkdAR`rrj0-
zdHa_;R|MufYF<^2USnX%IZSAGbf6^`*t|RguHWNFn@|Oy6v12m%=+d*Jz@{>Z5tP8
z?(&rMR1RYbK~BU|U+h2fOySRA2%@mtZSybl)|(Xj8(!BUCqIw|g#-d9d_KRsKxg-}
zlpW-Y8hk;%T=_nT6_#vFb3;RgCq0Mx7)4wHwS2h>07&I6ZF+r`M+aa|hZ_Lc!;$y(
zJ;mt$bM^ilV9qMLic6i$<iwRgwf{NEF$;m^#<mPS>n-hn?v%p+&eAC5D^Vle=cf0X
z#Cd~GMR)-(|J;X7fJ=-aA$6~|l9$qN(4!Dpdn`}L%Wq!1{O?;S#4pBohDCo6^77rc
zt&OuTuXN5uNjVnvzTg87=a&5cyb#>?|DB2Oua_%R{J$hY_*d33{p;Z3Wt^#k@<Vg2
zpSFFg20L`H4xX}2w_^$?ue&sKW`!>EME8>Xlqw8jA3kRvUg5QSc2HmcweQN!e;r~`
zuhOXfbF9>@xg%4fOhy#9y{Bw+W@cnOw-Hiou9owj-7B{Ed};RiFve6~SD(ek%P}EC
zRLQZNXa04N$$SgttmUeh;3P~E>pe9?+kn+r!*X8d%k0ArA3{E54PDbRbyd;{eoMKG
zj47~Cw%XWvXZ(*K9UsR+YxfsT+c?SUWWo!sJ3+C%kh|XyhOIkyb~R(_*$eq@wu#EJ
z&-u*n<l{qF*4iKW|Lf#m$GzK`bQ<a(%pJwPNGw$N^Qaw?kH5<;gql1^7o4@qzsQ%{
zC@8EE`@-mnH)o!Y_Z#VX>a})-e;;G|(=*cAeQ%}-b}TYX<x^oAbwJB6q@4WC&(cx1
z3k-I9)4Exwi(K=L#%0#Jl>hfT&Bg1v$v*n62kLs!uPq-jRfyTkEQ<(>EaIIN`d$tA
zJj(A7z4QD|!M)7-C>@kj+(l)A&HbD5|GERG)?8DQ+sY~?tp|JxFReaaa9Adt^$dJk
zRTbQ;E?Ry|X7|(bgI}Ys7_P8rnX0&a9?0`?cYfl1?%xa;X2GXHX<Odo3SH1xmCMml
zk2+R&xdph&J72X)#7ET;%{J7uK$FY(!8fCn3l4E@4<5Cv{qOtuGh$Ly+nL3V726B{
zRHLc$#G5ZB=yii(H)Q2Hr?%C5N<1w6)jG>%a0&U7#@sFI%b&Kd-u%~Xh|hiQ#ISoS
z5LC^gR%fp$bS3uiXAQb;!n76cBRL!dCxY6sxU&-I$N%fRm*(<3^0x>L;Jhs_tXOW)
z87`=nq?ezh+RiAyVwLX_tdr^fBI&olP|p}gp1mDPda&!$w%Y&V3eh}|3E7%2a($PC
z5#@eZ7A(rk%EZLg^lEF3=}z=ZONEQ#rHM@AS8hR*)xZlCx-fzNW*&WKZ*%h2-90{R
zV&R=p<zUeV&;jqy4}?3Bsh^_nXLMcFGN=+bCupGV!1Y@3Ag=CJ^&>OKG?m5ef7BFs
z2J&=*iMK-rx$F3}^g`x?GlD`FjO13UWms!W?$^jTG6eN%IWMx?58vQ{KdOD5_l<pC
zj5a*d8&X*xvzGed<`28bTYQ3vd>?He@O(~r6^?8Zy<1VG7FCd|B(n1HQ5S~!-|Q!v
zb3m_oB$_;b-U~*w$3<O<j!B6v{vFDjbvvgbp?h|>eRdPzO5khznsW#E3V!o{czf%p
zsM_v*97IHsctk-^O1isSkQh3L29@sa7J)}nhLY|s=@?*Cgkk7LT7;nn7>S|dd;Glm
zywCgpZ~e|<tzib{oICd3_ukjO?tT9s^ife&pxe`Pp=+j9u${p+B{<oS^z2(@49#O^
zIpffvNQ)<8tu<tlS5*aH-5fWG*RCXLM_TstFch*ia-Z%3Le)Q0wARo;gmj7j_XsXB
zF^MT$ofD3}T>$kfjr^o?v2{ft?J0i>FPM?;RYE3^i33}y-CL<}kDt$je(}EL`O+Da
ziawOxmbb!agL6M0_;<KNL+;Z3^wl*ptdI<7DX(ug;7Th@3gMMq;V9D@ihSKegr?FC
z)`>Pvt+Mqyo@|nKDb~;DB6^94PZbrV`?{b#)c#uZzP;>l2<^Wut|vtjq6nzLfFz)(
z0X<9rTUsV}P|G!W5djU;Htp0Q#5ntPP#L={I*=c<<JhNJCR!%W+9x8`QV?reuLE6r
zUi1tgy$7~zHG@~Y^>j)5cb#8)hsi0;J{BkCXOL%du<gb)FWmM!Ko!@tmog<eu0E6<
z-t%hvB~Uy<fB$=!OljHpl-mm7TdfHAfMZ=n*HUqRwEu2-Iap5alTvUgKY}Bvhohl~
zEmKlfYYZ~K3n|QhE;O$+HA9>_zpJgaCG_k04visK{%_N?P};~JfsB-Cq}stAv3jXl
zB7Q=;5p7nS4e@^`iSiviJF7sS^p_F3!02TF`TTv!l=7sjDucGFS>bA9q1fSi%ip!N
z+^Q?sw~?+sj*+3Q22fR|8*T(@JKG&9cO$l7--LMLprh)TwcwlvutuyJkSwD4Fnbic
zu6CEHx_&2vHR&eTRE!V1kg(n~d4ST{F8z<GkDUsUg%($}oF#V~s=5OJwKPTPVt!om
zG?xMVu|I9W!ukSG>R8$NRZ1^6Ju%U0ntpzr&CYDv;p`IpxT<|anrayE?zgs(b4=_J
zK^(QH@-hehNM6O1y^gHx8xj(dHBT{J)0DEer@B*<x)nu^G24_=beef6KS}M`$IxW|
z_3!TwerdG(!!;8Vvh~!n1|(CTBX3j|EbyAhPx6)HDDl5ZgntPEXA6sM3?5D~(;F8f
z1?Rdt4V*Q6@y3CQ$wzBC-0Uv%-ph3!!=j3;or+OSIZWOGZy`E#k8(#<NJ+<{V`H^U
zP22F5h5A=tZH3i<Vfh9%_w4GezD6W3&q;&#;-(J3-ou^zjB{4IG*8`w^`AFw3#CTZ
z$zK3my??H}ZXln_6fdr<qj8?NjWV5Uu2v$lVGg{-S?+^2_(fxVA}OSQ5nUl(+{Fa0
zRAXgj1w21Jtwd9;#C<ll0Uf;|Gm1M6_dJV#j2tBU^?Z1LIM2*j{>tnXxpAZUS1r)9
z4NSl0zK!22$2jT#(Gw*{$1E-ppHz~E+PWW0O^Qh|*<gLoWHl=*Qf#<lJbCe%Ihm(X
z=a9UDLWRq+svcMu@w$%f8JFByL?!ZA1X>iVR8wFyRl})0ST+d^d=kCo?qklA;r5Ts
z19RL)>$d~?&KzbQA@p>g_L8054;sVyr_)%99dA!xm;%8ZpG4wZecMN!a2y6!Mn*7d
zx|UFc`su@YJASgp!78BWEe5@;UtYfT<h@sN)%4$7RWw%SyQwosB2k#2@N>TOFEg|a
z<#mI9`I$QF1$HtA?%H7kw7`F^yC7wEmm#qmzNzUpT@w>VxoYC(V^n5YgH5bs!(jXQ
zos^WBviAP`ZTl8*EvIHs_x1DdjZ1asmkj_L<_-~M-qF#cMc=D^Y-IKFN4bk=%DE)-
z>i+&apz*#e%WMfR-%O|S@^U>xziNB?EH+jTfGQp24!uev;V~Xm2C1jcBeiY@3zK0k
z#oO80&`InkeyFU9Q|DTU`p#28jf?cAAGo>KR^qD!aM1fBC@IeW3PiR9tW~2H3|amy
zs-w<zb#7uOJBAe%-epBaU@;}vPzKCU^fYG1yp~ZVl~TYIP?7qEhACJ`h+0ly6&K7i
zTIwpW!Fz`zjRCXG=rq@e;2t^N^~(@(dmV#}Bj+`l(2zEj&T%V|x^}FLR@oMKDf6Zz
zH#kx`I)-R2HF>GLAK34Ljf1y2siQto{2002edDYRD!*wwVrl?wQFK}fsqn>34PO?!
zw>>2?68chT4eI*gp<}g0N}(N$`e}CHSe>}?)4S@K7TK)(55Pp0+iPORht282|LsXO
z#!S7QI<qmYYJYM<{2ALxMg84aiQ3b7Rede3d_jll&2VC=(M6x-VwBAY5aE{hE4fex
z?q-jxJQZ#>RZqg8gg4(wOXaI@wHYM!G7ne_mg}47W`4$o=xUo3k+Op~vs;$Oc4nm~
zEMR^wq%-D#6A5r;J_x4|DyyNYzrOXw41J(YdYAvL=B00O{h7GzuuJm?E1JjW^;l|v
zM`P9eHh5%U9sPdnGkL_zQT9JkA{N%|Axl2Hxk-Mc;9x~rnS*#YG2M<efVqWiU+GnX
zx3(*5N5>vc07Tp}pj53`=6s7wF2EU-&fwuP1^_7h^4Jln3zL>*?@A_`iPD}!rX)k)
zz`^L)Xzkp_F?$Cv?pwvhRQD-#Ie{pw*t|;hUD$J)&wPL-8Hy(Ym{U2*Q%<bJq9Fkv
zzy2fYSfP0sb&x)K%~KCNIdIn<OM+3<Xuf$Jm-43jp$0p@Bv9vk^!sRm{PJd;u$jKv
z(DlnV1z+fb4u@u*@Ncs?EwoDIWj!_z1PK|xWk5LiCc|uM$v956b3?A%%-aPW^il8)
zlOh+G;Zx0ChuSMSFzWjGkL~RzL%BEUOa7?b;H~Kz)5`v6x}F#Fy2cy$EO19&c6v^E
z^-?*l#7^Dizs^4izR}+|%%KYw1F!!T&PNxotleFDAv^q(uQoq=<W_Fn@W0*s&^#c=
zLM6G+ASkln9`I&l2I><FuD$L@8|dmL-ytF|JCR!07PoH55U||5=f8Kh>Un0Bc3ymQ
z48;{YZe=~+9zX`e8yXr&AEf7<nIqBM;(TVp3$8KXYNO(Uf-9AKAJnX89mlt)*f0D0
z5QxNii<z5@lm`^A#_loa6xLb5H}|0E1C<-h7j6ODpR5(t4t_tEsVT}oY?2o<5>Lfn
zGU7o6?mo1!>)ZyDu?Y!F7G192hE`n_AeUylDA+h~UR$c)4LT0Xn2K;uod(vR&VPrW
zGMd1Cd{Qck!pJ*5&;!O^V*vOSgIS1*in4KHXkxwE2&<Ph87c+A<#y%48__Y*R=fdC
zb`!m!?riK=^E%7l!A_=~9g!j8{wI5!NwY<2nL-y-z|qUC6_r;Hg+(Nc>N{jCJm9#O
zIgo<a=|gx4@0C<zlZKu=tL*U}^}L%~9|5%znV%8PY*=SfTK{fC%VWqe|KapKia*Oa
zg>!+*{aW+i<b7He)^~OXPa-9#T`mq7;r6QvH(^(a^or#Nq0i5ls9O}hGjH@~!IgSr
zV-My!{3@6C#|q(PRbMC!Y?QfE9z8yzdMaoi`{Q+Ca&9i#N5W^}1!>A;^EWb``>Q>`
zx10!@6ciLxn3Cw|Nr*CtRxBo=de=iafPYS3T_3+g>ghkwcRQV4F1Hc(dWD(-laD9x
z_RYUNt>^C&G*V|)^#Y<OR)5gx8X0Z-I1YX@Atjw@{2=x0nL@zvDe;lDjST|nU77zm
zMC>?`9$vN<`uS>8DN|Wx0H>cy*f~(94I&We8y{_K8#83Dt>*PT`H&(#Xw9vOa$)qV
zr4Zt^5c?NuFJSa)GmyCM;I~p%Fv-%iM^<*?uaf1DU%5S-S*<G5#~cJb+aM<Wx7+iE
zgo=vU<${S=(_J?C;J_P~l7`Q>Oj!j752*twY_b|y4_(zMRiEf341-@-T9vi;hTI8T
zDz7twIjhOcU0+?;1N3@qxP`^*HP<^_6r-?^`mWRMn9$XS%<9@8!+D3POjR<&szj#}
zxl?kp@`Dg@S?*7ckRX%!2B{aZ8ul~pxAE9+Bs3!3e$pll0~;s)xkB?=O^KR>Wog@d
zs=&2|TRt3oe9A(Zrp`X!v9{{qN5BRxNh;UC%TqU_Huv)7y2(a?lr%h|$x;S+d(5^T
zUXj|b^bEMxXvHURbMzS-*Zs>M5`5zoWAu=t^{2HLR0%Pt;-Vq}L6KWH_^!5P^Je+&
zRHQ)6Z4K{Bc67mXu+DO+fH(Q&1RUA*yW{)cANsu5yifN}`>;d`Ca3iV7Kdwd9<Ekr
zoNO7vEaV~yz*=ri46I+AwQjE8@nx!s*}pa)N<S2KT5O-<zB<|}tt{y+_d-pdQPJci
z6&|=N%4FZW2L>$M7}`KxJwE(V*F7vOS}f3u=em?!2|`YDYd(SBK2qwX3J=TtMP)bf
zF~8HQDMQfOGh?r9!#O4Gf?LlOnIb*aEOEm~XtauHN4g2$P9a;-6XMnwlO7^GV-L9~
zVi1+G^Sg(2QB*YgbX`#QpeKIx(C4rJ5d&?o*_=oe^o>E`6&_%5=03g(U#>en^-b3;
zWQ7Y8HMTDj0qe9LtaU}pN#y0d(9_e~SHKqN`uS==r(%}dekokl7g9|d^pYEP7#6)^
zoSunl(ZRvNWxV2x7c5-UD-JQ;hUHBT)2J3$fHBnPoI8%k^*a_7zhAV}{nz*bwQ%;@
zS7pOmi`GVOb4xp(>#^fcI>=fpopJ7a8{+l$buLPie-&Z@r=CvRJhoK<MEM}u$9(ke
z|Mo&lk1k<`9Z~o){5HuCi$<5+o3wBDA9GE9iMT&MnEByDnN5!0^JT8NQk_zaj+a-;
z@|jj4-1ZQBgS~JUD&Hg+Hb4|hBmBIlhY=gTF`Ql5=CRQ{n;Lv|4oF<i<YldQOF9^0
z@8AGHv2t=Js*J?tKcIm<@v14Je2uT%P@BGf-qZc3uLSQU$=An&?zTxT-D&BEElzoV
zQMcTip8M}2eMIiuqSC_{U<DB_JKFE0Yh;#|E^04PO|Q^j@2HtVRamuT0NQsPDsXji
zqT?su2?+S40pRHg(e8eKe%0jd^nL%OiRT#O`2?^}^NY(##pjiKY#LU2P21b-R^*>e
z+27`Bp}{?0zTXlvdL7@`FCn(n;zB{iog{hm?Dzl|YAMp*BFz*2UvUo2t6pq1(TN{Q
zMl2k2-0BQ~1FEg}JS{sXrzS}wrvy+pb1$L>soWMIV&x(n*{W`G=sHmOHK>v2pFW>Y
zCL08uArC$^5=DV)3A;GM?+}hBvrc#da%yk>DqHH(H^#)7zN`a-@v5k;)Ym$j&O^y<
zlo=Y9eOM5XFM1J`Ed5%Ed&<QwtN4phqkiA6>o06cFH!Yb+F#WFhFI<z1qC%7KU!mD
zw+ICS6ifT7nC-8=P_n?LIrO*DS8|vQY3WkP5BFu>Bm`Z|6kSxerdyqyImfrkIioam
zprKu-y40C~TDE_5hSm7A6DhVA8QF~O`k;!y;bqL_`1G_$qur_ktg$r5yCV2(z*yH%
zt5dpsmM*5JqFqc5H)6{FrjXNJBs^141|s2{a7>z9)?V|1OFw9yVziu~8^ASpm2(Bz
z8gC6U$;YZBbCmR6Qx^bem=)if`#f8!|L%%yn%C1b7C}*+<GV?!^%YGiLrEk~bFQEA
zE<a{bR+}1E={ejFuc`gms*pQad5>*3=TdnWQA;2q<*@GRwA46@{<f*rX4FxnDejYk
zS414Kg88-cG)p}SUqz@T8{70t9n`4Fc;FGg2rJ+MNNG`3z??nGDWR3~>fdl>&1wHD
zkDneOP?*h3#@xPLZ^X}b#-@%MU}r{$H+li-<G8a4?2tjtaii#W$fl<6OpDr2vXDN;
zee63**8Q_0FV6s&(>cA5s*z)z4ny7MXB`rVdBT&gD81QBDpPY8_WunR2noH;_bxP$
z$E{Yrx597J?U0c^x;;$7^LmYil+0^)X0rU(@)B(NX&><PD;!*#-WLXSP}d$KA6GOt
zD?pC{{C;tCh3|n`j(urG>K^LApB=W$uF=#mfN~=Iw>gm2*3mD<T@Ip+8hF;d3wh-m
zxbgb+4sdHHnVfGQMA{Zjp=1Ht+Q|UZf5nGGQqmNOY@*_t9~;eEgr1bOH>>*vbfrz`
z&8+Z^iL#OHrnc0qVn6$Q0EBC8EU<y?`;q?xfah)4yG}ZME+7`<^{M#rdew^8m@!G-
z8>&Y^k>0*%GjlfH`vMN6EN5zasO^O920!pBD=)$B1cAZL%F41g<I6l9Y~1Ync7_pI
zHFtJd4OkOeP<L|2f+M>t4{Ckb{La5~mDlc6X7iauO=~~=m7p_ynlk|+ASV7V3O~xw
zu>2QD+s{xwZPEtV)RiJ?AR6vrC1h;XY(ToqE=Fsr7N=uY=n%zH4NfX3+zEyQ^6I5#
zs{<1j5GX7A_<~3=Ji7ltSFb@|;qg_;*P`1X?d$j<K9K#fwCN|?b7{<$w669Hrq-2L
zl?l@pm<*tY*+vNfG8kZPI#KTR_6^1D|5_B!53k7QvSIQO@=!sx4Hib`;_`wo>`Aj6
zNr>@kCl4s0o}RdvN&Li$u9X$?rom^!Eq>DL8or#;pS^b^DtYpGfthEJr#qka3vDYt
z-4C|@H(&g#DsNF==$!en6JM=_#l%!r<;9$^RTj{?)9@4U^APYn_Q;h~T+UV>2UTpJ
zD7Gi5`<!QN?Rol`jleD1D<KvA!sW_Ct7FS2Cx?1EIt>N;WK@!MaTVAWu`41K0hYB)
zu#nl0UFwVU0a2J!=9tj`_9paMl2R{byi%jGs!=)Sag{C$dFp^C!n4h)RU*Q931sJN
zudSl;V&B)~oi0>;a#yplvv_pq3rKlV;nAX2>GwC=uSA1A6|+g25?_fPm($T|Hum-m
zl3*!JDy1<00it5@hN>|}E&DEP_mb_0?QF^_>>(yKZx>1wBL_Hq^}?<hl0Z!YEoJ3x
z^37J|oYO_^y^_idg%QqAB4xTCUXXs!VeFP{yrNO>*IKl=h&=ir_byaMi<SWECCeH#
z?XM?)x^u)y;xM&dJpw?nw%bLs8G=EHCMB#Bt_Z7ks|;s~nz09Dwh3_3IEASv?<ypz
z(^knVT;@vG`?O|N8F^|9s_!*9N>tT*ln`#YWzNu~P6+welHR(tYLqi9QGW|dT~D3q
z6XJyS&(kD}v_ZSljdFNIFfJJEg`nPqfKz{#r#yByW7-yEz_qv=#~s9F@$C&xvlV-y
zDoeU5+gOgKM2;p0b&|z=y`xIpP}HM$Q>-b`18$oypVnsNN>`26KWUR&dM0XC!I?je
z!HZfm=#B{e)VfAsO^S7A@V&bWUAhU@^FIde(<hPmLW3&33u32<Yq@#L_67Xg%8!Wj
z?PYs(Q&M%y8Z?%8VjX=yAt4NH1agrpsVnZ5<XjYytP`rzHpLvX&7AY<h<XmgRL%iq
z=~ShXWL1U~)e=j?a@BwzyAR|Gm><Onv!}-*ysIAEsA`g{kAn|&@boa#qH^vXk<3JW
z)W|eq>@c?;1ay-~BQ;=p)?LGh!Dm*W?ba*NNQbpdyqBu{l*Zmw^5yGt%2bOblU;<$
zO_ScUGEdl_V<*6?WoT((Bg`#uPLJf|np=_KR>sPVI?*jH>|`;l>8cpm@B9_d8xHYe
zCF3MICp9r`sN(-II{VSwTAygN`^-xqnh}>>?<tw7cwE=|>ZoR$=@lWs@H#0ruNI|=
z2m4Ir{LPwbt3~%fi;hB%k0QmYwCpd<H9F&X_73*~2|>nE&n!!)%GdMi1X`7mzq(Us
zBl3wVhhv#SA0d9Ru+)4z6x)L!E%s%b#AkOuChn9}^TMw=UiQnEGGZ*>%Z%m2#vYUW
z^j*MDOJyS`AZus+^f#|5P>PE+ccir5)nLq4m$SP1_U{e(JocjTg_iZE2urAuF$yZ_
z(ARf)Hp|%k-Xu~b@|EXpT*}$_>Z9fI?D$pC(ffREuY{ecwG(dfVv8(aOY~n&*1iw^
zB7f{3i4%CAOWPJhsEd!qQ`ONhl7eoWvNsONo%504t&qEwuc?_rN}7&oZWikKu?rMX
zudmWFL*t3yme}>9Fl^sXSRdiDk`n;!t;ny_a&j7z6(;_VSd%j-&SKxBQYzN>Ec?3I
zlQcb$Z_d(0K<+U&h0Hs^QzVvzzE(e>zJ0s5BWDHcW=o&t<K+`~O)Q1C7OjsYHp2M=
zi=$x&rCJmuccWDF$cR*w@o+MXjqc&**&3u48*r2WKkKRBln514{0P7Yc{U+1H9l^%
z$@JS+$b1%*XfpqNM(XZ&XC}g#S;yXY`#VpQ{U&cmV8^DmDDB6~j4#c&GFtc?FoiDM
z$Hn>zTCzZItiNE#sj1o9I?_>w7FZdkK6#Qk`E8N`#CAW56rUIQCzUGV1QM*Rr8){$
zLlF(cGezdhcZY|5`mnxs=^n+*-gqAQrs)orY^BS4aS72*$h~`yxH!M>xAITm3kV6a
zl2ANF28FJWy=%0Ry#<W#0Ri8GKRXOpwbml!l$!`U8kX(fvDdHk@ig0R0&|6Gx4a!_
zW5Njko_vdi67E`zmQTmSpMAn=V#LNOS&g-VMXS#+UeerrbW(5#{bMkD2Ahj|;U|Q?
z7m@H2L|s&^WOvxo8t(wYkgq!lnH}W3l7WLo^=sZKauztB@*IGEsnbgyQ?br;(dn=b
zG1$}3FW<BMxg9NQd#4#<?)rlCbyNoF;;hIm&L>8|6y8HuHQZmkjnzj^cv1u?Bde+8
zr~0Z}EqBPXIR^T5A8cL@|2B3qb>jPdX0t&A!HvkWt;A0HZw2{sGA~u#-Gf2#3rS?8
z6}(uZa_2ddhh~D1OQ~E2Rx%fwu^HUnjA69WhR>hjk2XE<&7`ZPL}Si22jIzN32`rD
zB8jlWc!#%6SGY34n<ZE>kx<8swMVaChjBS=vZUoGG2nm0e|dzujBibU{m1n3W#o!7
zFeh&Bw<al-ugr$y+K!FV((<f}LMYpAt;h=B#sX>wFepaE-u=L(1NmTvwW+w_Q*<c)
z2M~Y1V=D_t0LHgtzfI2lwPZMs1uk}2T|dIqlR%v@bgY}#q-`uzHuaw(1y~~Ys-HSo
zHGSnry({@Z$4$-oGDe-Mv)_XJ$_cCY)}G#<mc8U~cPwAo4@$?BD4q<s^?HxsB@M-k
zs^?7A1wFV$UQ3DKWhk7tX#1^hz}I4p#<Jt0sq9me+#k))8*Hv;@!k3}alh_*RIoo5
zRIlTmpUKN`_in78E-@BQh8FLi2V%uKAszzy`>L-MfAOCWfnRto@BRyy$I`t0|J&Pz
z2xqM5?s_{$u@JL1a1OX4L%Y_SDq%Z9lGEQ_G08r2?*3v2P)YNM#MHw(j-k9-ve@Mc
zDHCQq*#fdMtM1$dHcEevY~|{>>dD%GVfNbm4-1rcMdnI~FK2`pb-bTth`uZi){*YC
ztFzWU!)&N|ouB6(leL4$83&`&-Dd_<7>d<*5~n^jjb#qnAVrj?b|tq)`bjy`Z06h%
zt_Wv|qP2Z0xdrY24A)D?kGshxTrC9M?^i`4oQWbsUy(z`H>TewU-OQ~y(fr5IaJZn
zhQ3;LgC2FG)=`iiJ-+tEtW-7bF+KM2?AgTD>V!p@nud!Dn+&@~+`#*FRRXs3`o`Lt
zkI$oA%=z{2m%imgJw1^>`j#4btGUc2I3cl(>x~)zM%zG|-qvCzlQN`2WdKvmt})>R
zTb3MG8{{qQFU^~&-feR7%Y|KKv>A!AbAa0S->{y~S7PQqwpcM_{;kz7>=6-I3X_9O
zcA;41XRh_bj0OC?uBr&&+N)?OR%WSFwANO}2trTD5RzOqU%h4y<15<z?aB7yi(3sK
zQ&cC4b^F;oJ$P=b@|)5w4O1A1LRhioAW3#OGc(`1AK{RbJ?5$yU9YVg&tR17#$HT0
zH9enIQ}J9@i$VG%RI3~e=nqZP=bF{vNx4}+pV!j+fw+gKG(O~D{isZ^)Y;mL)~2()
z@uOi$O2ZfbZ4Y+LXz6hBR)5HI4UWV0ny5~{791X)_*ZPL2c6+dBjTtmRiKvj|6MHJ
z?_T)37S1~zH!$`_4|~k|Ip2SWa&UZN+*wEdaLH$hVbN#xHE!T+=I62Xx7R1d56>6S
z-dnrN0fsb}Ti~mMvqF1^k&<^yt$DJ@{5rkK*ZXUlH&5e2M@*y|;1((+k-85kjdN{E
z&3)R0IOfNQX~a!Nk2!Mn=FmdYrx(v>sir)h%tQP=AL+Yb_2Q#<4v`ffgnm+)l*m?I
z+nql7J&>`yyZdDfh}Hc^t&HSs*&FqT3uGj~*a-*)5cArnoT~+G_0Ohz!4vl`FP<-+
z^@S}E61Qx<tByPWa<eo2xK=_9Z6>JYBhhHCnE8-?;fD@?`GWo?lM-a9t3#|IutP8(
z&>jN0c4R%p`45`oM<1=2OIcILw^}4?X9b_{R>rVek$Nv>;3mDfay}f4XW~3t5L2r>
zaG0t4a#KnW`#9f2s%$!{ODxanDrSl9OeOM9F`iG~9wam?XRx%u>C^1`xPC6ryV;wR
zJo8bs2|Ql_u!EUzFL1F5%4tGgCQ4Yh--fO#=?C5*b5=r~yUyXAM&}V5Uds(l^kZM2
z>G9&TQJZvCDL;2<H<IJ9Lmf+_M<h;$Nd+V9r&$}Q>}Kk0KX+q81OjC9ZsHhvbc9y0
zUjE(2JeXp$y>;bm;~RdE>xa49_}g5Oi&M^n1t5D$#}`+)&V=fE8=|oaM#yi?mP%C8
z3Ll<Pn3!AWtpo`3I%n|~zStOK9jLmo^2jz5U+^A>Uo15p>QNkQo;;05X>jL`R@vuv
z1!GKxvOiD{bs}9erH&hRqf2+Pu4;^UwH|Y@OpMzx;`^D-dC--3K{LEgfXW<<-wzFi
zI$!8><>v8QC)<McWSn+Wo2l(4h_8b+=N&wj;cq|cmudk1XVTt>lXk++)hb7u%dqng
zW^>E@ZB72_=}X=UO~W6|3NrX=;{}>gDd7*UzN7J`MpGrqN46e1l-Q)w_!XPoT#UN~
zp%y*Xyr7Q`(%Ws_B67aXeehY1A=BTCJS?>}H&r$Fr!}?v{(~{a{~~=#?4t3bqp?3m
z^Tmmj$BU=O%}3v0hm?RwVRtsd^pg5J{AXq#dhP$fSF1fjy_7R?@DbdC64NA4%>cy^
zW@>W^w^D+8Agn=aT~vN8teDJm_*7D(zjryADiOl1h)Qw(=&}YlrEw>*V<UiPqixc~
zezuWhXq)6OU%25zOD_}mvA4yFW|e6SxDs58L07UAk@@;W3P;&dC+xX)DP~uz6(BJO
zutBNb1*u(26GrKUgO3oZg`08!Is!A}Q?tnhmnb$*q8>XWR7|>TSC9&}`??jcYv5OO
z36`f3H*aSW@98uSG*Xe%sD>D<Cl|Zxk0e6f0WL~-)p@7#-ZCw_d%?^VWtz$oLd6Q4
z&E$ijM9`#8`O1KI$rz8T(RH0Gglr#o@Il&v^WF7@YJBY0eXuq6bSoVz=DFkrsQNB6
zCzSy=wM#9s_Qn28?)yc5)ktX$^co`{Gk2o6gdunpo6)|7#qZ@Rs1toU9fdRxG(2w_
zzQ`ki!Q>TaP7*(*>ksfuAZEYD!`Dn*-C(t^PP-3O4cUCA9NXAzly;qzr_fs4U%86o
zod=)^KI?34l{V~Co=Wc)N0hl*Zr$fj6vYs<bv!G6Ld<e~Kx3)sQA)u(P|_!9S0^#m
zVD*-n75HcGD>KI9s-&c7;v<XSf!>|!>SC?W5bd)-DaN^nzzHJa2L@~2nFnX%Db@2v
z2PYSgZUO2lCxa!oK3<%Xj(pKST@73EQ-%l3Q%t#MMp|p!wLRG{yY?JNclWyYT#cY~
zVAChVWN!j3)vT(+?mlp>!F95A>4$9J|5Dz*pHn^ON!zlz<n-kH^99-F!9=AybuAah
z*1E|&jk9vxhkB`&M#@_W;yDqagNbMv>7Nza6vT8oY*<Yf-cwPLx(OV1SU3!mZ+Cqq
zKOFq9+l({Uu;L_J9AtjIN`3WucMLm33Zkp`W9$tgfAE|tWS$x1@91E$ezoAgHE4!&
zYh#3S2KWB>O-^tpsHG}BpK(G~bY8XcXbWfwAa2B)HHyUR5;GXepu>>>uNi61K~Y6L
zM(S+QLS6mZtg@DnkOuWef<XLt4#PExGmD06MK&_u<L>uka)mjxKP4I8wNgkicSzOU
zGUrY&L7`_W^obQ12(KmdZ!h|9RaORc>`|f9(;9;JW`s6vJ!BsaNTeS^eU({UWWHNG
z)|jYH8yY-|Ww2ZN8d_r_^}MCSDsm~{gndqbCg<>y)JAo*1M$4mEx4_j+J1sts$F0s
zNQ3Rr9?|$7FgefBZ5K_00lnWgvYU(;T`vEo>>iY`RvxdK!msj8c+Gunw9iQl>faUd
z(Nons{gMgD#Ja>@c@F1LKvKtjF7W*7a!S(9IPdPg{+6|B2m|vpM<wQi?Bm6(!*;F^
zk%xc%<P6FraM7&kPq$w_|ERni=;18xu#SL!f6Yh)D`;khaT}ID?>w0ddz@00&aHuQ
zOb=5&+c2#<rb<{}oW84vXmM5ZpRIeecqx5#=XMAG2>2%<4dN|6A5C{GDTD!aO4KBI
zhOYn7w!$(}HFYp7VH^zCzFP9ahwVDJr)dmzp(_lPcTCgn-4)?VlO3o{bU{e3QNkr(
z)d--~@Ut)p(NaNaB#LHFKb8J=atR>M7$3UH8)fK{aOv}q>#C@%s7zS=eDnDTYfece
z3G&YO6+WIP93#lY+k+K3NHL+pKLCyIN!byqzp+fglRU@3vX%;U1QY8?RZ7e)wA1xR
z0)yq5DBmm1`k%>EPVd=+Ed&->^&WVlglUXR@<s+lhwqykrA*i@kgM5+n3}wcKYki{
zR6byB5B56$7WMQ;y<;hS({mni?Vz#Vbz&n0<D2l?5gA7*zV`Q5OagLo;u{Mk`L!^Q
z_~A_blFzM}dW!V-U&GE@i3E$pzeBy%xznF$%YVG#7)@|7NWO>H*koMcptjxt*Dw{5
zOXI5UhoT#mbFWv=Jw-lw7p(%YlNSX-ig#y<MtUsd-On(8xS`<rnKU=T6EYv~*(jQC
zs#uurP(ZgfMqF$Be%9vWhG^=?6s6gqoQ=<q<WH{yHc%63Hr?3olB=)0+@_kCke-w_
zz&Ipa%_|R;9UvtmUn#+EPPfueOlLAC_op2<=>UCQeM&~yp+!D*IZ&gy`6j_iY;iuJ
zqXaN}$=_PcB9pFzalsvmUAQj8vm^W%f|SmyV^xt)pcer3nGWSE)QC)P)eJ+<9G%bA
zygSr8C`mZ+U2xu{2;5gSD}cmEGs1b01|Yx?CM{-V^Yw~jJkK7(y#7K<us83OrXxS~
zpY*$KaBGo@U0kIjHwTFO-U0hinLZvl;hUcB0}p!F!sd2L%7{9)lrnCx4pXkZ&LId9
zLGw~}>uzQduf4?)GmM+%(VH#K9e9fac)YKd{hM6QDoLWuLDK7lY@P@kWW}Z*<!=wa
ztWkhcpDpn{!0*#0;Q-uSB}T^Q>CQUkFJw6h;ZO;kzGRu>rnatLGPb)f`v%Jq!7D!0
zl4s?(?d<!d;&StIoRU9(+`9^NsxASaKYC{^o`>!V&L51=nc<9@^Bf{JM|eI`8TVNh
z*U+ynON0v?(adm;5}r5?Nwi!kWe#T>m*8OBf_66M`6uXF)#Qjn{M*)5@AmN&xpX+>
zES(h29F10DGA?GDDgZOvodyO$G74BZZ(ff;79mFn!3n|gL3WV+JHz&aVKq_uueE^L
zSq@na1dW@{a84R_QZnaOrfT$YEME*J4j$~S@=gggIk>lJL_S-*Or=O?z3sosH%@h-
z9~{yUFH|a?U8y4Jzd4Pp;8OD`SoH3xQUzTFb{+l<Uc_ty2Km=wo!jnMQsl`Pb)PI1
zwY95;6CBdnbcoU)8LmRt#-ONtoWVLA;$mmH%L006GsD7!%fNv3y3aWqzWvj0ZW`1f
zjmXRmmQ6LE@!^}6rtloDS9@RcYDCxrYJ%(b%A7B*_6E-zfjK=w@asJ|=(AF~@w=ik
zy<SW^q#ocYDs2|tra!SNooRK|ir9m?)fIX6{h$3FjMury(lSse(+)$TmAS=JGiWZO
zt9padH!ME8M=YP~Q2;OCPV;wHPuDzSJzJif47dU)XZ5%9T-L6QbXB|HhSw!uTy8QL
z05cc&Iy0D?nPPYUd})h)jfF~Csq4CR=b<=~ty-%Bsg&R(K2Pp<?#y@$d+#^cvdM{`
zb0r0W+#Io!hF~<puPLi~ag=wAxzSZqe5whTHeEV(aj?PJ-l`8N6c{u^LA1-2LoVDC
zcYxF&*sEk+b|>Nn9C)$ZfbO9IpF&3Z^h9+cx3pZRyzB$cqx=$(nE_$R(d=Ej4;YUn
znBmRHg9yHjFX9eOgBhNh2<IBTHJ9bSa;5iW>9vpnpbTP4$4a67*`X88jq878JQSOk
zp*xYX92nmUCbdL3N)Pnz(YvF|d0K^B2qaI!tkzMyxVJqX0Pfcn!`y=6<aPi0^uC-8
zk!lx=934#+(J+kXI$e)BhlPBr&Q>h+cXuch+EekV=g2fG;I}ENe9WNTyyT_tEFuGO
zzM4`OgpY^4Ib2WKknq_}Fq<$mH>thv62c2u)w2xY<y=lD=~AY=r2RS-z}s~>MWj+A
zS8rOk-sV_`mI9SK|HB2CPv0A?zS}P7^WzglFO9oWJFoDGY`^=_@?r_|W_vKEKO;E7
zr;0KEK5YLr6D4i2Vww5LDrY(daAehL2c_SfEC)l`nJH;OK9c@Q#za=q6UJQGV=m(7
zhx>vPq}#sBfJKafU1_TWZ4N$IdsW?Lk>pL2U`73O?{FcF#so^Mv-Rp~Z#@g(_EFg@
zZH|izS+U*Y$RZi{^ElK`Iz=}%wXft<rvrbMY^v6Zb3zQBw|N{S`1XE#V6wk7=sw>b
z;PC|;VyT!p*}O*$+DhEXDKFiSnE5#n0$#1XHUvD*;kP(Np1!noA#&D>rc%W-LJSTq
zEa#goDH0#Gz*UBbRq+6-^yQ=PPNFMVAmxs0U+Y;ONq5`<C|ZaXkf=V6i^t|n^vT8u
z2G>18z*I(FTx9ptegw+R>P3EySN!$(wXepL2QBmbDYrWszylnpAkUD2?iTjutq@DW
znSN)<5?xcFSW+XeAnP{FKKkfG4Xxj$S5J!+2MBPHvyN<jN3utig^vPP-xb#HCIiy)
zWktJf(fa11fOf%IXT{Y{h|=}P=4QH4o_I|yZ$v0or0RITw?XQi$YznAw3}8%LQ^pr
zC;-&-4<1a2Kk*P#hx*siYkudAqn;q}RF@kyorzxyOWr~|`xl#2^9PmIBrr5>$z1#C
zUpJO>H7ppzU43X^4D++s3&SPUg>z`XbET5o!F@K{1wEue)GpmQsU5kC$8$nd4v5G*
zKyWo~@f4mIeDS5O1AaC3aCY=la`a{KA>Qg2+}V@;%*XMB_5wGq*&Ek`6^KYS=L@-O
zWg@R?Q0D^jywwt9wX~ZP)G3Ny9oZd}k{W$~Pk~!Q&D%frSkmFpIjL+Y(q}N*dF3fP
zWA|_fcjFUc%hb4^MIFFa^Wty(KE!3!krn`mw6N+1SMC?fAzc2z_z=&tV{gYc=|`>P
z2SehTcCLn<^k$QsZBO|JP|RBrXfEo+cm3;GI?{k!k1)$px6X9L(!A8#Y-#t0F%4wu
zqcGY72u02&PE;y`b9bg!{aRG0=aQX_PY!<v#RT{04=W|f^sdI})7^g-uV~}SVYdyA
zeM6aKnUv(eWXT(MwX-$~J1<n6q>k~vhZkFN*n<&FZB-3ty~E=f-@+hJDJFS-9vk1b
z6ZK|Q3AQOD)>SzH^)xWAFH#Obi@=sGYCh=A+1xu0g%``~$Yu!hvcN$=6;X<Cm|ymM
zaRaR4D}P=yXZCahP8YO-B!NsF;e9J)V+BXD8C2p}y}X!Z*Ujl*y$K*2ICkE|@C=d+
za&?WQk1yRdiJhrWyE2KbD?!P`&w)c5`o8b)GM@yC5l;E-#moyl`dQRq&`iH8HXQ)U
zPCIU~KO6KEjKxjDJE5BMFH&<6Z!m(aoxJaRIzXAmS~#F|5PfpfxEvIFV0Y!RN<2VX
z1*v2ZUyK+?xe-qntE+_Do+KsOi$PfHTv{cs92cRd>><e^D~ynNZuC*Zq?x2KBC-=d
zE0ZdJ`S?<U5kp1pZo-uw=6Tv%2dOXYypjGsxtqA&34*L`BM;SpL!oA_h7KI3up8`C
z*{-)Xf|}JJ3sySG5|_%b`QPzbxQ&uKAAM&6&1|WwRh;q{<iS}W@T1I_q|B70T>LA+
z2B%o?go=m)xhnxvcc_}51a+I_EUZ|;C}VPbl=swDHxfq-Fv{Sw8tz-S$oZfNa6as?
zSwVW?H-5_L!Zw{SY-IfErjmto`i(ZM+?YGFyoIBB@+)7iiJYfPwoa09d<bp$qR;VI
z*uvH{a2~FM^zjvqS%wevJ-0D~<yIp}3f_Wb|32{x)3j~EiOK^F-qFnNxc$L;xCEwv
z(NysiEyCA&<`9XJII$W_c2o=r__FOW-|02W`k+KV$G-_TR;@(3CHij*WNi+lux;b+
zucb8bkn4TGdbDcksR6QRj&$*q9e3m`l!4WE4=?50we5Nk0K;lmsK`ewwT91b-OG~t
zWh+~(*r8=rC*|b+7T)(>E8&PIfKl(B!+vkq=5d`>HxboV>2~X(<HV0(f5gG6=0oYP
z9-K!UsV*>H(VW_QlzeNPg&5EC$N3ZXyMVja;m=bL^SD&p0RV%&=5E7|bN)VQm?^Jx
zvY+`9ul~*D$|^)1bP?ve`o?`RVD)vnseg=<Vl*R1Q!l65Hkk~0>`a1{c%bl}!<e8?
zr~f#7d%FVJMy0VLb3@-t_#fbH9Oq1B;iMSVcVjWM8{{~vV+A_4&VBOL6RQ(c#NeXn
zVgH4CN{FyZvfD4`!o5*cTrzxC<6d@6t_MRZOhTepnmuQ?wb@vs>?}-!@ZfIbn~eq9
z<;xg%YOf#F^%ikk>Rur?Das0&r!~w-=_~xUH+q0&W^vua;~$aFh55+9KR%q@dO@He
z{fb$G7V1Pd4v#!DOmwsfxj<<Uw8s6%1NiiFn*%TRIv|MefxeDub;i?p1Pw>Z2n|rg
zHfdmYyXh8dWU5oCWvL@0$*z5ZB56W%|5lc)x9V-2c3>!-4ouAh56Jmoek&iO{OtTK
zp|6yryMhy^7wXDys5HhLqUJrd6nS3F(v}Jt2vxt3hT4Iw1+Lpoht5YziBRQEv*Q@(
z&GH$u<al6r&Q8bA33fc;gD&A;%lfA@qT3?zM+?JUil5c1e{MD2+lsI8srlfmjUD#R
zRBXgt^4l~#6(|JAXC-UliAA4(p*6oy<9B^@VaV6?B9r)N*-dz1qm7%{h@_qhVWni&
zqQX^pqD<mpUrz;rY7o?j-RdRoZbrVyw7fllWXsM|U2qR=kHo1m2><akxOi=4$Q`ov
zDK%u}2`<=Fn1GYUEOM8n`55-7eXT(>f%&*PZOYeG2JT9tB?{J#+)7;G)-%tot}J3|
za1<os@?`>nb($-}4S9n`FMel`x+@24T|n_p>|}Oe4#@6I9@b@F-@M?fBWMo`5ULuj
zLH&P;CZ&`5ramfRd(MLi1X)+d-%d&!9?edm-1LBLYbQu~oT*;@tP2;@lx`i{f*kz_
zn;tx1RAEC35f)d4ErOjpT$M{EPK8kkTQ`@^GkNAPZoKVzevf$#f`BGRqjzSK0;h>(
zra_kwige@<p0U?r!Ub2QDYYxAxV9$sl@eoc8kdntK6A6sahryI(m+s#Q6i@g%x(Gm
zI^)gHh*`f@Vqt>oOYfGA7n$p7sy;>LA$yOm+!x1!PbdHfDR<pgn>62(F(RSMFC+NW
z;Ci?>=CRE{u8Wkf{mi}IX5GVAes2J30Xpk2<=fRx=&^?h7XT&DDsBz`oW_%4XHMDl
zfz{EutqGnbppy;xxepB-SGn(a5tN?&9owG{d~q;Ed1v{(kNEP!eZB$jiSIbK)H~#X
zwUt-(7dULF&B?Aka})nty8qr9_p&|O(dT9GcZ)Kv4Z5-5eKblnqyHJ>PLX~7_Pfku
z^UH4Pp1Fp@s^!2fPf1TydIbS8S7!}Ku-NZ9*`R>e?R*VRv=_8X;+Ho!mRxjncbCRY
zSQ_mOpr_}(&~;l-n&`@g`d#aUhEAK(vniXIBe9BwZ4y})OlGI^$x-}{TgYXYJpQ@A
zI^K67!l3nPeow2Ga-8-`wtd@`WXDW&VB?KegIZm3GZi9U0cJH6+cBTbU&>MXHK-I?
zYy81*DS$3jhYyzYN{PnTVnnoEe;6N?B|3XHiT1S(f$i>&EGF0}B8PKHMv(&*{*F4P
z+hf8@f{G0l6Q3h>L`SsSwdG2Y{3>{h>*k*KcrOQfCIp@>c!-5-)THO6v(ed!o+A&h
z@Mw5~d&~oP8Ym@zY7Sm+aoarrVg``Gs7G~aiz=Lp)n^i&5a6|{w%O!J9uZPMcS7wY
z{@B7&^X%rfRJ^Du7&mo9$pKON>`ed9I{}WX09aL1kJw7_eesUIHcQud)tF|OBWmgA
zE5wdpf|m)G-$uvtoQ%sGpWh22efQ>ZZCccsaO2JS#U-4urgqFTNb5P4Tz@@K8T*>5
zeIrud-Dj|+%T-zFDXc?zs4n?<sz;XwR3WxD)q%jq?VKGxP=YeffE2*a*GQtPof1Y!
zkxCjEl|GWTz2V@{gw%X7!FJXD+OKIi)0nIK{ZdoCLX1?4dNaL~^jrxe)dWf4O7uiy
zutv<2IY@>Uazej0qwxM?@X>ij+?Z~OSm+j?Ct6MAsAXmwvm&fERT5O)ex_fm0+9;7
zA?iFz`30LYrT8`N4^(<C^G7uWyHv_j>$sSi<hSG+a@LApt)EQ6{W&v328^vO6~44I
z8T-43reN&_U*=t3wc|pHiYJtHsa-2sQ~PI2+9wNbT#U<eCA<tq(9UCTK+hLFSCX^J
zA4pxyFDWjC?DtQ2uDo&og)s>B=omG$YR}~Gvra5!!(SUgE8AwS@azx6{sxe&X+MvN
z&*3+%!THzqZR#O&x}{11%D*t#0DTR}yui`)L}k-u3`%25LPgucSUErbCH$l|yB10<
zS>{tyr6u22D7YM4zAW_1Z}VSnOVWLCzyd%)3y;CuOEyHPGfB=2%^y=KHfntxG@$dn
zZoEgkB#oa>S2CMrdvSx*gnzI!@24qGIcxp+$$p?NX&Nb9c2Ef`{T2h$+y1IPTmE*i
zpW=YKL)Ut$YB1-Wq=QvY27lr7P==qohFO8`E*U6tA?b0YC5Dji%fqM(CnEOBHgFv5
z<}E>jxq9Hw6d{s;X||82?f{tHPg<pYCcdY6RBX<!2Q!c4W<ej39&ok`Gz6`k<tl?K
z66lY)jt^+ovV9T(ywiH<R>ZPj)DP~fgsMm!_qI+xhxGy28jV<q`1=f+(?-ChX2ux(
zwj`rZ60#@BC0o1j-vM#Vg3kOCuVDb{)u%D5@JpJY=O>h7BX0LvkG(9cy*W0@zDC-J
z`)6l%N&^|*aY+rT>A1(LDX)|!*n-Y4=dF>8$92_l=`&{|%*3c{c6&?m@k#t#v&;Sp
z)lyh;4!cxNqx%~I)7`2#yX$1nwu}2@$*4EDTUuTG6_@8Ha3cGY{SQW~sZwq?M2lzF
zxCb91Z&9a7ov&}5+vcoNIXlketk#(=Z-|fdgUNk=BE!-uf?YkbyRLHl@O@4A2)0rO
ztT$DNced(Gfmmr><xrpeGyzU*zq-^_`nVMU;FpGv&y@f(T7)kD>&~iqNSA3y8%9-)
zOGE$eX%v42hS)}T!*Nw)JZNNESqyV{`Loiiz1*VWZ8@pbV(`#{qcK-{4fKvCV&y#7
zaSCuLD_lP%0{~aPu-Zh_(xe9z=2AYBkV76Q>Jj_kn#9khde0;27)Y*AIcZ<E(G2(=
zRv+k&q*{D9s10;k+Re62s#>kJnO+sAPIFm#0@B{f2pPD2M+|TjApu_&sNobkRmqg7
zwbGTpCHzX2xvo{)l|x}KJ|8;wLrpK(Zz|Wq;+U_*;!||j##}0ohH_Ic8ToKh@Uw67
zJLZ`jTKe7*1)l%2X<Yq|4#7)<NkvHek$C3O5Z;O1%vf2$yM?jQ_$2Bum|aMvl-~{N
zyf28EhG_FBP8vOt;^RCGP!Fn{@jS9T{Vs_YThwk24tLYxKGbpBI<Tc;gYjVrYx1pK
zb4l{COy>|S=^(L1L{_bz@X|>}eA8O$Pj$oi;G-8}l%reu`lzPu0dCvXE;2@K@00E_
zDaa%h@$L-n@<Q3P?{(s8<wi2=C~vf6V!ao<`{LqSru_`P5pS6a^(j%=dfyw_$tk+=
z+3goVyy%G*x`M%|H!<Jh=>Z&3d~(`pGJwtswMC^Sw&CzpcYac;?D)8tH)Gt-e7S77
zN;=hJujpt42IHz}2|-&eo+-5h=Yr<Agt+ETqlc@5zl)4dh-Vx%*d(mY7MAK0%QyZQ
zKw(DNF_K-x-tdjf{EOx-xf5qJ@@|lW#&JgtkJvY6(es7q7M6n<ZXkQqlC$ZzF#RwZ
zc4RDggD&-0Z%%N&ES@tDp=-!VchAGTrPH{UsU{B616Mt}%HkiKiIZ$S39iqbdTE#_
zCU|w`5#4zix?>wO>;X(=y>p8Z^(CZ$`(`B>(DoKZwUAc%-CF5q%u90(oS2Kr<4G9%
z!HLU29i;Tq|369$@M3ycavQ%tf?6p?{WvRZPdY;?K`aIm3oD)m8}=y>Dt%fV-}bYr
za8cWy3TKu+@W?CCKNqyomWg^gUU&eFy3?L1&Rcf&FkEaYV>DGRk(z2GC>^{tmG$n~
zuJnVcuJ&v3FYIrev!xnz2@{I|)QGey>(WU-tK=#72Rc^M#P6#o==Tgm<@d?}TwdkE
z=$ycL=W^N)ST-mXGp^D%7>Y*@4ND`M3Y*ous_73qIWU<<QkA;K#3wfyrS3VvtvNHE
zXjd&xuZLHcKC<6$H3jm!+EfneYi~ilN#_?eDbM8iOtxM>Pmg|1uOnuA-sm|M6&^*D
z(1#)vhFkTUih&@U;&Uv_6ljlt?xQ}^90o)(mBagoXy`2^UJsL!!Fmwij|YZzI=T48
z+>!I#`gU>2v508FoTDRLIj4>w^FIT52IN%~RDrZTqMBY`>I}#n<2^m!lR??f)RlQt
z#pFyn{KCdG<qB>H#RU{}{O#vAIT^F}K1#KzqYTEUJ!*vsox;z@p0pet9fx(UmuGGC
z+A2Hv5UFjv;<F;2t<$6=n1@VB{2Vq0;1c_tkn{UR(#B9XOR?T;T@$bcn)II|8pzdE
z|I2FvDn2}*rTx=L;8o_q%V_Mpzo{HREYr>)NW1`Hpjf23S7K5BWyu_;O<Cq2mKhen
zE_m=4R`fTG9Eqx23BQ9w=iG}XLb-4M5QVX@y5F(>_usLwSZ>|^7sdPk>$klU^j8yg
z_ZNt;`udlWV&63X;h|w+8UCW-iBD^9GGWQ|+O{$qHZy|w)EYi<Vk@-#4|R?w7+@0u
z*kiAnAkC8%Z!8(KKa4rfL_SQHj}dg>-${R*@yTHFjB4v2&K_1T03}!$%s4me?l!+^
z!og}s`D?IEGT`hVdxNw;q1iR>ht}mEijSXV|90E3V$Ff(R5(jI?_NwlE}_DDub2>^
zjjesF&OjCN2tVS3HP&W?T?T%HETn#!;`h{iI+d4sX~JVENTc<7WbPODF8Nyn7<~AE
zw8mS;h%a4R;7JMt!1ugANA|LD`_lPEp%&wRnS8yHKpV5hW^b&O#?)YGE8lRPh(mu^
zi!>Kx2InH~kVg#NEh}!)({7KJ0fEXs#$hX@Lm-+Z{xTarzbUm?JYB%ZB*kW#XWs`8
zJZP$hw$O6k!UEYF`_xvY(o;E{q4nqiI&nF`bcN_@nW-ybZE9+hXv_PxF#w+>ZvW}L
zCWC4S2$Oby@$YA!`}{!h+L!=Kk!Fdcv`6i{SkbCG#mj8X$l5K^ZbmtU_BS#!+RV7`
zRhbw;!MPgPFmvY#UApw-RS{e}VojwIyNZGi)fHC*$mGI!fl^WRr+>~PihWcVIR3_M
zOzwvPLRL5*ixQEzCQ?7;_Jqo~*%5c6Rtw=rlWd{MaO=}gK1$=nCTYDR3~YcgZPIPo
z4WSf;Lr|`{5?UjhpU1||#)oopa*FPmPf=p9Gz4QC-yz_h5I|!5Nq=7O>EJ7E^<x9n
z-doKCzh{bP9N-VyW#?ll#?y<s^QAoEfTseqhhiX0YcqU?>qsBE&(U@v+T?tmt<BlQ
zCyoOuEc2J~p-wPf8P~=Q|12wv%ksfipdxh|TtfQ$o}qLvWL^%UI2pe8xjRxc(>DY{
z0!ure?;&E4oVi^3w5nFvSmD5Q?ij?7sNtnlELI$Mj`Z7$vB9l8-{Qn-Q4wwSue!1S
zb+-?FhyY5dc&0}<lkhll%xklyYj<>-))~aU{QW4bN4$Wn<Ro1=mEzorXAq5N5T_z>
z%{nrfUtFIT$_j*IhpNxU2bBiUz+Uz75Qr)OJnocWRmd|rcdx~eBi#QgcyuCkl<-qI
zU-I69Fhd%Bw|cF3<TFvO^hiq;NFouwQnucmcAwL+FuXh(1;q_mau=K>DB;=fWFpWS
z9-+Sg7WP5JZ803I5|iu^L?S2R{RAVW3=#|Liq}23<l<(+Ep*uKcI@yb!0`QZg=)nB
zT>dd&tjg%0eOHS7f9$<?I9y%#KRnW;A)@z$1Q8{ACq+p@i0E|^L@!}5I*EvGZbYvk
zg6Lh85n&9`dpBV)`WR&l!_0f!_wzj8@AY2Sd%b`Ee%Ir#!JKpUUVH7eK5MPd+3Pl+
z;=ZA9f#0p*U{Em0V`Ei1+6Bg%+WfyS89KYfa!HU?&6kq`x#s^(TyU^Q2{cHPH*>S?
z-!}#YR{|{NhR=NbxAN~_mGMAP$f%~i3|4vYpD(=L1n9A4o+8)g_ilq^BxnD1I4$u1
z&a3Cnson-tW+h-mL95r^{O6M3%IM&SL%DhX!&C)DMidYJyHVBO-)n~j|L6O_2UTDq
z|Lf<!zy2>_{8u>t)s6pAhyQMk|B=Q29d_fV`Rb+X4DI{$jliq!|M`hF(Yx`VUqGOo
z%Qyb}>wn~tqknlU>fc;||1Zf9$eVM}6uq${${px$e13>VVy-1$ok|{WlHKO>j(I=V
z2*tWdOPG1YoY7559V-cCNj#^YswyHfxNyJ9dF7Cjg2Ri+>rL|e%mIv#H|IdA-#`G=
zwyhe{dU)p0`9c4A+2SSWKQTZK=szz@Jf!%~k_Df;b?e`QzxeRszdv66AFoFbqM-QK
zpZ|N~|GP!;6w?Hn&d&Gsh<ba8I-I0&7~`QM2PZ5R6RbxuqQ1S8{>hi3RP5c{N~-%!
zhRR*B-pgas=#V%rOw(7d0*!)LT-3ot#NuME_sWmt#dI8Mx#`Z|suPUJ3VtX*So!3w
z|8ZMSoMykt4es>5&OH(M&6(>nj_*60{%q<l2A_HjuwV-|oEd>8c&Z5)_8Qc7Wl!uA
ztHeaZ=-k}Spc1iEP5*sdVFUJk7<%`9c~q*TWM7&6EE876O=l<rPm9c8ht7I}s|T{T
z`p8O*r^(y$1p!0(6CGS4&ADxEO<NKYW$=>|pV-7cn>@G@9UZS$^bi;pV+alq?^hxZ
zrzpI2h}uY-`C*&E9L7=Qs-iMFI^L<(#KEksd^mhA#`71J8kPVwh1Mc|cXWv!>4z7#
zxgj|qb{X!AL)Q#;VEgOJcWlN-JHn;2Vl5PlSN4H-yJeQT=oYj5xSVh)<qC&Em78Mc
zF*OC+*|dIK@APINn1gHP*je5eS?uSN$i`6vY|WcF4W#KPtEorl^O~ClF||%oY`{Px
zb@G&8c`$iNHUAx*{*CgM9lPtS4f~JB=2Axbn{Sn|20~P7NJOF)7yQ6XuvYKTCo8$n
z#%j7|P1I(y0a!sMTvt$5xT#BPlj_90SI-M{hPZa@_wSstWKLk7<Ku`!ly>;Uy!U--
z#r3ZSM}GgXGzRA<Eps@|1aq<nhV|O>-Hb2_n#)Ffp{!H5RdM`RB0A?hK7)=rJe>Jp
z4fEpDdHj4p0bw_9V(|k+J8I0(w6^=*LlqUV)aYeO5jH*!sER)c=jir3LS0>8s+p_J
zLm+WRi%HULshNQZlU2W&^FD?%`T2mde8ST^+?iUcu<bd^+S~V$6vQpg?7$uOS&5V3
z)$#njb7Rt`Lok;>MkWS?In<0vvC-2!r*e3077HA3iAFW$H$qKwaOv)=aeON^3EkFa
zK5JZgR$;#xWA+O62D+|Ls;HbCb<S{0P7J6xJ}WRuN(ZP7Zfh5V!jrRn_&=3Yy$X5v
zu%je9vCLc!Y2rw_ljXPgzF}P(vvRUIa0;0+8CE`)b=f+U#>njv{FF_(<HCRcjx=(a
zdQ^E-E*-5QB6nXY5Q|`L>|5DWtT#>W$L*Ylc9u$8u$&&_U2XvK;um<XuCEW9bl-ci
zn0IIqeTtuc`yS5t&xXNkKFrCK*({{9>Wog64Y1AdHT(SebB$ewsY_Qtni8;ig#9>&
z|1@|AFu+I~u5MEZTh+I3Riie9gasnev9c2L{zte_cq&}x8E*nEeXA~<)>V<MC1`*D
z<d?ub;aKuX(_3v*%*@C@3;p5g9@+gEII;~LYg%THXD+5Omc^%Ts9_7WTf?hKgaU)2
zO35=ttsJmuQsIuX8^=YcaC@OVjr?~>8af6B)16~N^NpTcH>JT)V+CB$p@fg7Kx%Yy
zc96_CX^pjyv%aB_U--u#nll;HsipqoPPRS?U7C&nwy@htw{53>a;9`a`PT-SPhhu4
zn|?c@eXLfkEnX4%#Dng&roC+<8m*JPysxkK8F_!;6x_dyQ%>r$K@+dgp%b)~qSn*W
zn1PM6I$r7+!Z*dkeT-jYaBV%dK5<XjTKN(B2>!NussXqQre<W#V}JXH-u|{eLjZB#
z;YJ5PATf2WW7CqV6}3`>C**u$=Yb)Zosu)qtT;wiBvq3)D}dB0Bxk#y;wIZOz~w=3
zs~q~Yp^DMs!0eZ{ZVy<_2ua6Kl1{S$yYieDT_#`F^8;sLXvp;hIxEl3ZQ*xX>J1#R
zy~6TgZM;@PPye86jSWZY^07E99s&>S9dONf6@!s#Y$X#p<Wm}@$a)m<7M$d(DJXCE
z`ns_vBBNA@n>%t?RYzBG!_RXjGYGa-H}8}+Ve;naEyMtyBH`m6&8g^>g=tovFu0^V
z&Wd%_RSP&)Z6@qGLZ+AV^D8}C=ZBi01BE8v)%z!CX)BK%iaVzYI8dwOOcQ24Z#**Z
zt9<UZUQC>rkEZ4Frymoy>2U86qH`=!y3^>f{TX5=FeO#2`OmTm7G1b79VfrtC=x4o
z63pB@D+W2Po3W{8_8-b&KEf6HWSN?nu?Hz^EM>s$N4_CNky+D!CWBBxet8SQfU%7T
zpjP0u2skZOE3fSRnUDUoklg9;#GrpoL_{P?owNDAfyow=j;^WnfZX0)K+gfAKD)FL
z#$I8Y;kAo(PfEs)G#Q$CY}>n?+_SAW;gEM~^;E!jh`UWFbK2F4ri(#rJg?8$qe5Bp
z%HT>~^XMG!C2&yB8du<$Dy}QiQ61<&nSikf#7zxZmA%DjD{p)txbLTghZFF`E0s7#
z`To6Q;%23;neUJ>WExog@fq)#q(GJzjVrr*kZGWWFYJr_*32sE{q6hZ%+lsiV?pu4
zAQhF2AY7tOcDIU3M`%!^obbuW*k1E^;UPI4a{dHNqr|E%wR>3o!vuZm{9AmWmA+Mx
zw66x<7%s9h^PD=WMA)z`e^jPc_Gl##185MY*w~bjdO$o@1zYv~vO!Dg*&R~t_(<2z
zpo!O;TlF(yWerOiKzBA6;2gp@JuO45{#l)?slcX6ox>|hR84JWcmY;v#--66jxqP`
zo}$X?P+FhVJrhd-He*CP{C084=Mlh3pjS-Eti>fibP^VV!^5?ePPwI~os2TvJCEXy
zP%%SOXImSJay#|kFf*fSU8tM1tA0ZTFN=|KB6uAAYFw|{vwTesELCzb^*I6nL2N6D
zr=Yx~M8c(ow97kS>=={XvE4-7v*x#vN$a+C5M-ag%A|tL(g#jXRVv5?oKzFXq5UrQ
z=M1)m%dxcHc++oC)NS#eEfP@3n!@MiC7LM`vR<ge3Yo(XJ?_VJ5h@v;omXT7W?Wi)
zwET|uSt=K7+F7XplRirv2twvC1Thw5xCL%jVQy0yDF1_A`902^+v?@Z4jlSpv-xK^
zDS`vzd-V``36Euxr|Aj!e!K-$?`R>PK()ZCsy^)gf99$BQC^c4xTb`DC$E?ZGpI(%
z(H>ac+}wrmIs|;8U|?*21aK-ESOA@GSQh!A{rhlhq<E}6L91Xfj*`r{HX2{;e>{ZD
zWJI_2wG=f?ePiqFj1e5j228{@U?SFvi%Mfqn+@8gNt2f8WH~4?{0xc!4%iQlnIo5n
zp&Qe;?TV|Cn3K&&m@@<>8xWGr@p*)V@O8x0kPm`jh-emZjI7HGXLB>ioDgmmtzED6
z<zL1%8~|MVGj#poMY;vc`{uq2#xLey!neK^yC)s@TZ>iBScFN+Y=5ZMj_{C!MkBNR
zrLz2RiHsA3DJC#NvYk!oQ2^pDrpCJj(VYiVP8boscQ2x<YB-b=x}8t(^T09&wL-d$
z-M%O#L~uYAAJ}?Eg@>D#wKlg6ERPwQ4ZapRYKJM^<JC-?UGc2z_+GqH_Ej|Ccwa%k
zYRQ)nhlEVeHG1~hAA;qe`O)2Ue6>C={x$GaVBmU&V6HGOi2L7bVdibouGm%&Gzm2F
zDJ#IcHmt=mE7~}PSk-ei>Ti3lucLoHftml28<4{e1A21!4ZB`knpW*ZjJJ8kBVD<%
zvCil_d%wJ;sEv-mcH%xKv-nrt)DyT+^TBp_!<#ZbjJ!u-v@+OpAp<`URA;lP;FO+W
zl@+)WdbSgV;#o~Cm%3n(>5xm*T^bx3RmosK@d9(b&#^85%gY`H*y;WaHrE;wchNuR
zCgil-ykS?s>AgDS4XC?pfFBlawZAq7(UMQp>|{vJN{94zJWD_y+Gb3=Zf3Y7GV|vd
zfz74S`AgP%*?{#TAz{E_Q2Ee{QX?KrTExh1v54EKz1aFid0~Bh-Kx42YF{DLZd{Ok
z1Mt#5UyxuuEt!K1W^pewEfoGqePniNt;tv2BEp9A#7Z-8DBb>~Px%w3w-J4K;Ks{<
z^V3r}&GyS{;Lj|GOj6L-IItU(e!D&@OFsSW=(^lo*PBD();3j8<757><wyjUqYh9O
zHQt2O5iI~qB(s&Lj3{BE>2h_Ev9cKUcU{<Ak~*fh4pY|7x<BVO5pc~M-Ev57dW0Hu
zt~XkB+j|T6@oxK|xvuBeudR;^v_|u+n6PliJ?%J8CiL8_UH^rb$D&>rzXzH^OO-Vp
zFJ4lH`E3PRhiox0GVv&LChi^H=eFz;xR0Q8Rpz4HZt~0eZc<g!)UOSh1`a&zxiYFi
z>JW!y-=yTIuvH*;oUd#<-l*{j_}2ttfC=CaCf(fTsDirJOsx)X<BF*!V8H4jA5m^5
z?oDd|ZRBCfiA249Cy48l8?-nQC6|y#%t5NAX0{Sff$KwZ;0yK^?<RXfzK(t(QDt8i
z10MfA(Xhcq(=m6blrmyyY)nft2lXqqC=d#Gu#0Zk|Gfb@J~NuFQ^L~B?$}cr1f8~W
zE5C+gWpUY$%17Yj{>;T+%2|w7%6|7<n$~_3rc8>Lzf>W>XL!&d>V^BUS^(Zhix^6V
zvtr?gk3t}ZCT{O$g9d~|cQY~Q_&qIHV1RF}ed)jE7z)f0x}M6^`7t8F{aCnVwWMJ)
zzM3cXWMQkkxEQ8*sF>UB*66hnKa!;spq6)^N-!MoB<Uk%B_(!=ZcK@NQd19<y!WOq
zNjIoBD~oNDC)!H`TS91*g_X#Q#ToGIlEzmV0n@lr-^|_Jsxx$-c7PeaMjFhm98kh)
zQ^7xR5d(j9$gJ*+pZZS!V!>G4<cd9M7@Bzg{JG_ZkW`F1>7bsl*`AF41<{HDL@%;<
zHGMn@i#-8AZO4<tc}`V`GjeB=j_UmL8S0thZv8vHfQcb)Rhu@St|#E|_q99TP;PUq
z>3!FC{HI1{rwzc6AIF-!)C&8P8SuaWKjgTnQ`!i$dwHU>9;I#Pp3$Evw_JmaWkWeg
z1|E$~$ZieC#~ZLU)!s?y_CA^l8aUeP)F4NQDEkV*$;YRJ8RvGk67~l!vxLdOiPM>q
ztQYmO_r5zixF5&LIFTp4Lk>(1<PsAZ`i@7+!P$(kmi97AiKFQsfHpW#e6Fh_b<Q9-
zpmP(iXFhUmj8<B)H;_3+cjuT)6uT-POz)mLYZ@EdvqL)G<BqxvEmI$zLM+&TeVY+5
zpUs*f{$_Z|$g?kIv9BJLj+q2vgjmRcoU9Vpk;C;ln>~Y~e+VEsEwnfIK``Y5vt|Oy
zFx~$&-4z}Kgwfwst@<}?>@-fj?}m(XHc1Krfs|~}rF|?DFyOeScUajEdm$nS0Y?{R
zw27#SXgv-Uz}18eFbW~blii&?u+#Z*;*81#S^G1*VEN^*R@{kZVkDpM#pN)bSXtR|
zl=qA`fYS5o>dLyUfM|-{ZIXmr3F0!fgu^dZ?o~LW=O(f;_H37C29OOR^AY9hEiASf
z?oOZSnK10x-PV>pTVAg2&1X+#bCwds&mM+*6X$66PNZ{z5Z491T}9X%W2&E?_@|0I
zXz>*jba|`Ig2=&wZ9OpiIzp9<nkNS5t@x3?K1;|0qvj#giWpzZz&HEr#)%_kMWxQQ
zl}!1qDB|lA+^-%qU}eniO!%D?VHVRCq>*pJHs${gE`UbcWk!%Wu*g0EKz8%~8*?@s
z#8GjP8oN!ZaWLN*j^zad!ho204H>&FRTk9Q&HA(A+SDuCT`1Lnm?jfCDTSZ5DloFD
zy-k%g1Pfnn^*}WMZq=$jfV%HVes#?<(bT|zHQ=|e<i;f6dl9$Qvu<SfS@lFrarzS~
zy>}Lnxj+~y^R89Vvf#}OfU~I`BnqoX@TN!z01NBqjt&{e{vnPJW?i{VAMV<keIwZ{
z&^g0<lUDW=rhMeo4A_@FMRL=RIxc<@5y#r;6>2ukR54FDM#5dW!uV!oFrQk-2)XH*
ziH;8K{qh?B&xwgE%}QRI4XTXPDO;b#MZ$p-zvY1#cQ^z7=zMalV|nu}YQ^1-P*%T{
z-gUxQlDv>p1Qk6~J{q51-v2jHxu^S0t)8niu!30DzW5D*i>|%4_D6^p0lak3`GBBV
zpTpBQ0N7N797b5hD)2XYtz|%F8PlEV9Z#$iy<1YH*Gx@KTUz_{O--2$saoyd*Cm|g
z6wKU@b{dv;7l!h6kus;FXv_M{AUcGqsw~pnpTzR-G^X-!;6%f>_nmdL4ZCS<>7LtN
zaoI~X01Pa7;5`*ub}vy=>N1<Z<nhKO<k<MK@C<xb>^#$|FNeHWm%VnHM3FJ(tyn5^
z<6fYs2j<jrq!b#<5LgwcnIR#IN#UWMQI?uoWxA#}@oUn3l~WY(nHg|%uSsDqLZ3lY
zbJ9u!ZXj6=h^@6yZhV<6@>sWbT3`TIH@URB=p>D=uZyQP>`td!?g(s1HTEGH)5!uf
z`n4^9+wN>|Lt{=@<nig=t{q{xpCPc0A53PP?Os#L$3pcs83#z^S{e2S^;Z&jk*+Xh
zMFVq4`=v+U7ISlrZ2k;ilT`ZKx<B;ezV)zrmNXG0u{z^6S$9ow+aPB4R=}S&b=H00
z;O%<ZtwckMFNg^T!RVdgo;|SQ7tw?Q&6urETXU~P_Get-0*xN)4G*n^3(vwaFZu0}
zoFvEch6k4f=b&-pV#;i;6&6k{h;On1<*hicSuYF<T`N5w>xT{E$JBBvHUcm(6V9*U
zL<e|8Cs_~JCFzO@AgcHIUg$h`0Hd@F9Sao23`7=_#m32FUX_RM)scu~b2e>-Q-3`}
z!}@i}Ru-~3fSo^?Iy%*LtCjk4{5`MWyQ#sTzFoW@R^9W(3oTS!*ftXb!}2xB?R=)}
zxg2ac6otyc=E2mLYbdEUQHzdL#%~dq0<;wmEu)aBTU&?ot`!1Lo;`b}0CYpXrm*tC
zcPpkIO@lGZ7)b^o_z)#FQqKW5`Rr>=gN#edLSzO!ZF+jr{xD>vhDLF{BSp^Bq+gV{
z-QrkM^UFQzYiAw)<eCVkhPc0-Snzzh;8{XJ2e5vSV*{hW1;c+e(6ke|aKWxF3<&iz
zynwC`Wliggys=rW39<6IZSYNO4B-Kg#~c1LIf3%$E0_Zkq|8<B?QEny_hW2O@<>^6
zvFkhW%KWp~5QlH#aX&Tyyn2YE&{ab-h?T<LtcGlWB9MG-r<wPQn;1@EBl{cYnO^gk
zezTb21%Q0^cdM1M$U8S92uN^xJwxZB%kR%cvRfjpCj#1uHDGa!N$Q`>L!~a=yZ^v~
zC@u<$w5^7O{^(vaVyNqnqt42e^(Q6@1^~(+%;|(ltSYY%I+GK~188mO)uy$^p0t3L
zv9J<$HkS$uE!3nNN`iReGvzfoPnD#hyb^vMZR=P%E`YA@h;8B+e9c0PkB?WiK+Xo%
zE*w`budreE`{qqvyTBCidJ4poAjq*V-b|oh5#1qG>ZW6~#aFyk1NJ#BRnQ*}1de@9
z90^=3vfb1Br?m8QQT<`CP5J|S_gP=0BGoZ@Z_wOr<sMSXT@8JfQS`<n^5qrsL)VCg
z76IZG&WoScddlG}*#3h%J7OWn$WTm%9BSiWZA^UoXoHIC7$&=2V>6*3lEAASF?T4d
zP~eK!#YP>k_yclug7=l_7#g-dEtePRn*v7cx9R5%Bzjl&Ied4NM7^gTIln@GAoNff
zc77D)>L?yi22!)z@+frB*+h4r_h9xF<tHL(PHq8+zNuW11r>A}I152~>X?`*pdcg<
z5{r(Ro<u<=kWxv|Znf(X`zHiV;y-t;rVFbj!=pr68p(jGaMP-DxV>)14F_3<w!Od}
zn(L48a0dSAZ`fR{X8m{`IAfS~X7d3ye+N3X_t&NS%x8!KH+>DJ2E@)WS=A_urjB$G
zWzM-qukN)V62fp1SCEyCIRH8j7Gy=uV0>BORaM+1pMkzoub7o%?@?Q~{mKHt-3_Vb
zm5uW7$jIFc_>X$Vl$oV_y66s6cIHU((>sgUm<x)#Z$f}XzH{BQ1UGjQi^MGpA5xqQ
zu?EeP`CQWXWIWyVCUn-_Qww!S$9tB<A6}^yE)rHa99;!cGk|_hTBE_8T~Kg%W|;HL
z60TKwp>Wc++}!;*%XcNTPWYcA5MM{cXOVCJwJ~A3#a`aL^E4!V`~2}?6jOHK10d2t
zH(}whI4)RZV`Jl4QdOr`4|eHG@YMI>Vyiu8sB?uTc~%X^!q#5iBuOoAjmjXMIkLlf
zZ@F(;nT&Z#M1}9R<0^onuTDXVG72JWi%UzRS`L+~Lcs?o96p;xl?#_PR8dMTEBmFV
zBa(~ZPw+9tpG2l}er7^ZT<K2Dk4|iwgc!Y}hlk@E&?}B6{`2#c>@1!K)dmj;2jx=X
zeL*d6`Zr!U3q7a@QtI;5v#u~Bdqf-L`1oLpqae#eGXoO1SD$Qm4ao_y(~{5BLePe7
zaZz$s*fyWy!@UnrX{`2FMJs>(d24krW)SoC(t+!P&TT&~#skPj3&#9$@1U9CSV$;^
z91xr?7@9K&DG(2F{Y_XTAQ-L@+y3Z8L$lj~@cy)+d`LkCx)_iP>@?PH?_ZWG=?<W4
zlOLZYSS?FRMI$*I?;9BVgkCBy7%3|JzD}#Juec&VPQalMB2pZz=*}3|@mg)!y$`D+
z1yHB@J{u~F;*yfH{E)=Jo^5Xm3lNVjDP&uKnSmC*rp=^bt2iz4&Yh#w0uC;iBF@Pl
zh<c=c*y!Trm+C9W)086sI4&}H)NL(RH|vjP%ud$I&jqqhKs2zpvf=K!G~nv^{>N4g
z@evMRtgRw;)NaYws<@lefG#J8Yb%qh5Vf^Q9A0zEBzLraC6G8-*-xftLTXQ#2n9Bd
zJM1Zt%YshsTL6vSq)OhA81bjhjvLN3FHSb*XL8AAGtwSg!?IEY#DEo$r}59iaCz-_
zi&}N|)(O)7Z5UriSVd7VJ_YiCCzc6c+@@2RI`-GZP5c9$fkX<l-MMmjz17J}=5<{F
zwVYgFH2@nt*J~Iv5BJ4II>hdm)4>#voTB<2BSh3;5vWXWH7zhu-Jrxam3A*<W`=o9
zx0xktYoksYX=&?G9&bM<Cok{!olQ7~Q(TJVfyjm&$9G%L`c1qj1<cI%qS7dHyxbkU
z;%Z7^S&=>7r?%D;M;swDhq1f)vl&b%`OErhmek>S-THRYdD8o&h|O3&&FIok+q8$I
zJ(RQ2KkoEr{IiESKWmoMOd)2HCo8MU-lZ~tM_Fv4<x(>@AJJyCt)4ndBDo>-Cy+mZ
z3>jaR*Y-K(h!X()cDUasD{R9L+kjN^u7CLt>?35yVCJFeAHGP_S3q|_l48HYVSI)V
z-C0a)n+;!ey&5D=YMS(cg+LykqvMr4J$0b+JUAFC*DgQX`z!m(xKT*oG+<hRez`u;
z-a*z{s9@5m<qQy2zVxj7L?j=)E0M82Z8#)_Sz6MeCV(ua?l;Ytf^47LNnp>p2K;fW
z;G%%(M6QwIAEXwbn3Jm$?Tb?w@{BbzPeOMG6ev}tyZjKpR9@xMyn`}ivXA-4=V?T$
zV6uAZw>hk?&IbdT{G9ivR%?L)xj?G)ER;Q~QQ@XA;JT?kgi?!d=U@7U(Pwqe$jC@$
zc`q~n<Edoa`i83-;3d+{=vM0VU@n!5yFCc8kV_p6uARsfQS@RdR81v-Hvv054eVNB
zjvirgeqRG222|jo`Pob@>eK%jicvg|v?BUHT!4QcT=<Zp0`bomK%oED)`R~mihm^V
zU&h75f2+d(DWbTQi9KgjGhC$iIT;$gShdS9d@sVfk$?D}EG>wi-t!=}YjjNQg{S9e
zZwlu~fp%=;@v(pMSXqiI#ltt^C<nh4Q_#!F-ul-IcjOMul+v->c76y%{!k^PzHoC=
z6qOGGMWq%c@FABXP^vHbdi|5DRK!u|KxvlnF}dD)Q1G`D*GGFmiXhl!t~mDzrVKJY
zCMl_7YR*<$TdM;$<Vr2!q5uZct-}3kO^=>|K~?9O4v>%;@Nxd#fkijDB9|*0?<OBH
zf*zzF8O%HYZfzru`Vh)<YcQ69DOv6C`@D|XtDCg6BeuQKYa_NQ-}=SwgMJEjdkFmQ
z>B(&_0l=Zd_hR&n8(70sI^pa-$}6VVkp9;|DO`I(b}SU{y}s9!a5o-qvaRWftvhU3
z0`ZEDscAB{3KWdc0|KZsa05_GfEXILHCb-C5^aAZ>{w|7zX+=Ncx2F%>Pi6;dIP`M
zmmpBONec64dbA-REF8nxk{s(Hz%nLYY_-_Y9oKEWYt9I&VD7ONJM;2S3v_kN%;@tO
zI4oE8?RCJ|^OK!`$U#DH;bUTe$RBE?0%E(fXAUYY_tVG9wko_xlemjo27xsGdY14_
z<)C-{X+iu@%XcWe$Jps?2-kl57X!!TfPyc+g<ss`y*1eHv0=f0xO-Q}&=ix*2YUTp
z6SxB~zubnecN#s*e?w)XIQE1<uivD)_N4=Isi^3!&#?#UPfy+4>^)XzCAql)Y@dd4
z00rNj+Wess)^DEI&>%4|Ca84wm~mi%Wq|8*YJmktpH*99Gn-UZI`&z_^XkR}1wcPP
zoT1q@pfJ!u1G)b9C075hOCkVbKq7~{8gSK`_^ufhXpplvOIOcplX*=~U|?)18yME$
zbZ@=;*#t}b{I9VBRSUk~J+`O2dgi)xsg1`9hUY;wl)wi7l|+Pdt+0mn0xN6hykh#}
z?<WGQM0MqI4ISd`GA%8jb?KPrpkTZ;e%2CimiO1$ZJpcvHz>~}Zu$WA!3>zbircei
zXH=8pi&sH*iq#m#YRtdxdJX7%dZvKWAC4H8&PEcymKz>kSbxF_8jQ3V5V9GNyqbD8
zWX9h5z}IK`adA(m>+Y>Vt*^S(^S?Ev{{Nm%;{BI(`9GZd_E$fY;xE@J6_q-E+9_-9
zD%I|A4{mPB;>>4iD%?O#WhpD6PtBSqJ~dp0mrW--rm#mXSBfq|Q|e~z)Klxdy#o+P
z(B)=axJRzUuny~*ll|A5s&SEvPwz$ooy58|#coFE^=7%f<>5{*g=vb>(H`hz1IM}+
zMjSgikKVOWGw+RV-0bc8bcG27kb3TLM~+1BYu(M`PmIp>;2!Q)xue_t^e%TindpBX
z3Qvrg;&ObuF0PZ@t>$bl<**^HqnjO()@Ym^L;)IvU%veEUDcY3^>9RZyxu4SACJyw
zyWPoe7SHb7q>Tu7662of(3zTc`sye~J9ZFP0!*aeRS)#=%~N$9`nv*oG6H%0zw=~%
z2YKU=x&=-=0c1zsn?+A;bZK?y*Z7^i&A4-Uzo|QG!qQS$Yp05Im}*N&wZQCSUlpl*
zX1JSI!_Sb9=;nV`@APHTc&}9D4jq{oER*Q4->}}O*;~@x(K~&dqLUtR?3)efvf$c<
z3;dT;7p<)|5_AmXe_y#E!9iu@9g(Xt%9PJ7@Jfe^eC@j4gu0~-Z@grxRI?c9XRhIA
ze%SCT{oNr^=^KNeBFRijh2h(fbLYoIWo<gY7WQd@???gz61b}xQON&H-RIeN#QWfj
za2sC(Le2<TNv*7`r(=KpIK{x6X{`1aaI~NXHwDFXsgoS-!P}y)q<rr5EQX7AJr94L
z^j^LGl}CW*rsvet-a^=DwC{bO7O7F<L9cG?5mlvv;mX<_$eViqo_a`p{ie8;nwMp7
zI5t<<Vb`1$^z+=k=XZ0fBsdcDi})>6z6ATEaxkyH(xI31OihuiR{GXo5@m9BKS5C-
z`2`ibTU1#7RJBfm+$te?H(g7m?uncj$8cOqYQ$*G@l%5dOp_oe*yi2~kLcZ1&itW!
zsC<cg9Qi}Hhs5Pn22xlOEPegi#H$nb0Gs`=`g8J~JY8d*&&d+-eez<COlEXhV)v?v
zG5tvKhShNNbc%)Zm?q#XGJ`=|Y5_iS>jLieH;iuny$EU1PR??}BkMepEyAd~6d;N3
zf<ux5xk&Dr$2qm1)e87yv~&^x&ui)5+ZC9NjR%2P^^FbaGkcik7|)gFH{W4c2Id0D
zxMS@=)KkqFu5k{ObLHGQLEO4VLfo1W{gelHx#?xW5)~cpb@>7w-PFjXrRk@ApBpZL
z7-`-{2%pVqc<RKJr{aN)^P@p!xjV&{&%K;_yR^EX&p;r+DjKIn_9r5A;!Wa}=hA8~
zKGH{8dz3vzb`(j9dVXUNrvNcZ1JA1zLv$Bn|B7|$j!!Ji%063P^C%wO%!tv?jZeof
zUj>1Vbl4Mtr`>;^E0)XQd_TQENiCWA#&X2A=v{eU2TO;up<mVWapRUV{H$W^Mm+W}
zzLOaKUF+^pr63($fj)9S%}XNn0?6psmCF?!-Mrjl98tM&OWa&YsU+}zkdEOi_9FX(
zxC}G4E3N8)r@0zJi5PU2ih#HHsp-R9&fKc^K@1d~%488!KY#k5isk)P#ugPZmgGz_
z(FnRVW;Kcd1C@?UPJpQR8)^)?Cdksg`qwHQ!;m5>zosa@Fgm`&T~r7jb8l)WF5*|J
zI#816RB9rB8=9z^3NJ_c)A1+~WR#9Jd+s^}dj3(8M+Ew9-54nt2)7Cf3T!^Y6OV+i
zfLIeXRXj=sW3`sIi0G-RMeEND$%wCOp19M|v@ZHVj46-_i_NS<S!xl#&5&rv#w2}8
z3Ox^2=OqDBnU~;Pfvp0rSHo@5p6QI3nv;4n(@z-uaHI<F__OLh;3}oj@IJ_0=VG`7
zi)UsOcbr*OvZ-T{6EE9ZL}<&_Pg+VWtvXj7^mDRgOO2aUdJGN~$Q4Gy)8K}CT!nwF
z^Lqrz9CgXOLuIbipaP-RPL-!5pOVWa6R-5EU2X>9-QJ+=?teZqu=j|F?N*BGXIyUj
ztomJ8hb=)o&&r0rv+lgc;TD64k{h%-HdEBfW;OszMx<iEwMIdOEi3Eyk>{aQ*&}6T
zWf6~xNdhni3W@BaalueA)OW!bs`b=}IN^$c`gO4>g3I#-C;4}6#z+KblaqA8X*Ct}
zj9b!UrCPdyqjZg7xI~jS0^eLWUCixq?X^+`?E%hQ*$(VzI8-(U6^J}8LtJD67>ZBt
z*gDI<L={yi6#|8>2|#?r)l9eDO3DFo_8YW7S<$kHb8eBV9?UXf?xXc}WQ#Afb;9L|
z)u=oS8Rn{R^X=Y|QpIZNUiBDc8pxn#7Cc|s%ICvIXrltS`-$z9N5U74G(Dg1N0miT
z{PRHDs9Z<OhaS)Od!YBCG6BBHq~9T`qf44I;)|(kJk~vJznCg8>x_&NOU)r*;_SaC
z3Nm?eNR7}LEBgB97X>Zt+ER%#Wh0coA9}Cm!~0X>O3j1`<f+B_jxi;uCL<UW)uQRf
z{oU_#4N>S~S{|I6VNCHkx2_p;s|shsfEMl-8j8rFpi(Z(R<g43-|xoYI!$>Nqslu~
zY|8Ro>!+PUycfTiGU*pNyA=0HN5;o57MAeCs)pnJliSTK0=G&t@J!&CKHa-7HeMRj
zo*wT<19WJkz@xXj=F}A__nv=NJ?z-s3e<SN0{DU<#Y%tryT5nMe{)NE%@Vxvh>1mj
zeiOxH5hxB20N$R#N=%A}97i(P!$EMa-Z1NXMm=A4fNX)euI^dF#IY9FhXffhBUB?+
zXG&}4T<;CCXZ{`;syDT#XJY8Ym~M>$qv^J9C3QAMHDAj11fZiR&)Z4^a9T#K!$bHr
z<LEn)H+3dj?z}=x)NBY*8ZayH_sbjsD<9~6D4wcm=5<i&Hs)C`Z8R?xr`g#?+-B!v
zhdliJx%YW4IPeAW%H{p7T0OYNYtDWGI&tWSF4D*~6R-va;Lb<tnOWF)RwJMM<z4f0
z6)6H59ufVbKm9k<Bl8p*kyk}UamKw}jGam6X%u%oG6MUTsg5U1ti}j?%eHC*-#KY%
z<FxV@@oXZoV3#^#uCN>2!e?tsX5*yT3Z)o^sIebGH|Pr6jr}cwmw@v!`mP&sG!Fax
zHDRdU(b!+SsPT0jyPd1o^u{W4AYy8$9ICHyI@{ycmOmk~%j!Q40DHBE!3cwZw>qQH
z8i$9v>rIU6nq{!j(P{tWVP2B^T&V2djKwI9Lj?gP^6rKjY`{iL^rW-3vlKcHu$4(O
zgp;0fG#A<5Lnm=&r4fov!`@5@bK<2_=LqtG_oNi)8**k~Zw4b?zSUDj8Y$GPcGs(@
zctlVDkSm3C%eH(n$@ky@YS}J?kDkbG4eIyOJ|zmlmBoYLYpys<I%%BODjh~qajQ{}
zUUlO4uNioe>`hug*Y8BWsug`>LOk&=RwUY-Kr2tn!j^0QSzy{5uPgOX_nbA}+Z19`
zBA>qHkt`Ahtnl|dni=`y{j#)?EHO`$k`|m+TwiYx;^SGR604<DF4WT#<xZTf`pdw`
z<t1DL#3-Jb>#BFhcd02FVS!Y^K7AWy`N}^L`)b$b_ozLt%W9z0wQfp++s0XPu-Fy`
zaFG17?wi*1B0+XVE*z1$kRR`Uo&e@L(pqe>>E7dWHPHidpx14eFIP+!ZM>pS6<Y{i
z`Ck51T`Dzv|05o!p(l_SjpF#>s)Z8e%a|zvE}r$83mwWg#SqqeMBTbXZ2@j2^%LnR
z6enC;Pe{^nV7VL_NY|>k2E$FWVI>P4TNR<<2jdos24-)jR!57T07Y>jr4vFm0TTj4
zC?1}o{L5RrKPkh6q-P!g)o=g(jhXwex~-#Gq?Ig!ASx#$n&gg}HE~um$WGOHt5QjW
z7;7=vf*^o`*(>V>Wb1Jq;$-J{E#rkh?%fw|)!eLVH>d;{@Romq;X1}Toaok5C8c9R
zwang0vE>pnyVkCG3fl(}X=cTM-OW{00LoIDsME{~t2xi{@GK2am}_hL4QvcEi=lat
zZS(Q5JXPl^(3fxa1hdD(y*NZxU^BelD)g$zI>Y_s3ohMRDh6P*0I5mmXu><aO~}p_
zD!hJd_#_nerjpd?*m<>wD%xePu>&9lqS4w)Fhi8Lv`fQ57Gawh5i_3slow5sFOSt5
zDhX<eC7)izk;1Yie4Sw1=D>ccgJqXhItbQp2J-{t@H5H*m;cVQ>#awwRDpQb>S=-d
z9Tg}iPJnYJdWm|Ktw>J*4s?{C_i?qJ4V+MhbgoY4>jH)TWvk3=lC>7N{QGt#rtAr%
z(|>h=58!AgtoS+S1gvHl$^FhVh4&a)0&1ng9WN?MRE2AFr~e?M<_n+$yywqdBa$1H
zT8bBYbz>tLlGx~ha%c=t0ZNgrmQ!mcyJh&{b_lPR3V8=wmSB8{-JXHt9D*xUnYkWy
z@G!(GGAe4ZhK>eSJHdK0z}HX};Fm^oNGmCw0Pk7&474tG+k&$oPVf~gQ<86p%;ujt
zp12nss>$X|KvDTQP&BwFtcYDQg2d?OR^=*udy!2`L&i+W;14m<a-CUC)G+}0L+tO+
zoiU6(z&CF%n~SaSfY%LxE9z2lG0^#=2U?`|yRzlb_0ikZ)3ya?x3bz1J3V`igI6<y
zohy*=Oo6=1=GI;s<mx_8I-DsBAKo>-9W~P5C^+x!sFH_thIfkq#i+w*fQPGmDi*6C
z3{Cu&5Ua>P4u+N%78OOEr<Rw6XFs@SVEQ&x23vx*8vF?ds*Ut?d@o{q%7G*O+>tGN
zC%(2CcM>WO%bxtLYe0K1US9)G7?6M>oJ5HNMA3oHyN2_lt3K7Jg0!?o!qyc`2L>F-
zktydHZvM%c0jPgjTt7nT#$*Rd$z=s@x4Mz?C!~*0Q%@yhIOLV6iCbK`-@Zv*qFQBY
z+N{ub+V82gdQFClRyWGclm8?%U`S!;Z9gV|P8vZu4Nrks>U<?%=d%7~Re&S1nEp(1
zPq_gkw2EO+t|ME>ci?AS7z2Do7y#Z!T#QpR+3WGi7M2EaP(RCXa3Dn7bgtDm2#55a
z09#1UaH6wfj(WhSrIM`ewJ|O0HRrZ5X%~`>d>%rn%9|dctxOaEcs51MfoO1gz*gvK
ziB)J@h~;5seax7F`I+(pv=Q#kSfbRt9~tdUP#)-L<qBw=sx^Cu$3g1k2!BGf(`x(1
z?D;qu9m!6$;o%KvSDFqm)~7;$-Sm|2K4PkXOT0L)yK`KgbJm)w8pB0POG6@dXJCUI
z{X54~gfrz4a6cD-$6V=fqU?9b!J&G9pg57Q4v_Bt#&_fK<IA@{-uOA#Btbz-p{i2B
z6iJ214$irC>ngu~MQ~wG&WA|;tKq@)aTcl$mv1;c_MH>kBl3t%b=zo&Rol-F$YxYm
z%Zn4eY}(;JAgF+tJe~zCCTcUoEJItX&G!EI>vq?fj5_`2;BLIQ(9x3PN#l_=KfNG8
zbB-V#&c-AOE&f4oh2EcV`SWLiE=9>P!ZgV6<BeCkqVO*<N8ep8#0iT5FMIx3iK!8A
ziIC7wW&c@ZWOV)cj_*a8(sRv8p{ji!bVXnC8@(gzH`)69bXfkG=EMJjJ>@aA(-#I!
zIKyv+Yev=kY*P$vj7E;C@jqJ*JrD&^HkW(&w6fY2&u4p7g%X7`Ca=~u%0QIA%mt)8
zaJj?DGK_L*NyP?5BeDa91f`vaFQWowX#(MDVMHaLb#_i42liJZ!&?@6dy<yRwvfRp
zW4f>zCVKkCh#|Vljq>xqAnK&!E00`0SGD+V@tQyb9`0w1O3DAK5S-7($$e59)RwsT
zQ78)|>PHe2Jh2O%A=WBN_f6xG8PLu=?SX#kLo(iv%W@5aipYXR#CFty4bOpgcdy+T
z$(8m3D421y2b=hz-1gJl0S-30(6Q`+C-443qn#^_9*{~8aedQNUga$Nav8F(#PSj7
zJl@wm<8xjcR4k)R*w#I{&(D#Ma=FG`J122indS%Cl3S9|-h{xgne#uj*+@U5%3rhx
z2P*C?P`b*RPw1y#p$Pu-*W#V;OAxYwo5pto=QY<OQQE;T4$t$8Uk5YMT~Iui6H3e4
zd0BG*<zvc=dasWb*(%uE+pdZW@&{iz;$N(O87{blW^_N&ONleQyCw2aPK*$xzdP?<
z3@)d}I|&^LojM^*nkB8?w;w1QKcG4#&I<{ucg#^mA>fgTqo_vX5sUVnFX!3u;=zmX
z;L-?PjOFsWCn#7qOzPK6&#h+dwe+4AKd)cNz4=dSd0q|VRy;==@J_?~l9CL84cH5I
z>6;?a>=d9$za1GhxC{%iuAJdmqke9C?{of>CY2InQLquo6YZry98Ra60ai(v9d$18
zJ3+B-Yc`Bl8%AfrHQCCyGT{5fyG3w~#h4ktbYI48w`9)Iuz!=D6UL!D^2WV`V3>u_
z$m2Tya+Vw!-ekIeypo-iXP>Zm>m+(g<K1o9i`hb{_Vw8TVOp;T+w(Z;4(b?jl}1NX
z#GONkf7YuqGvp}^tnGkp@hkJp-u~fxs}$0F7-3<9h9j^Q_^*2Qqk&sIy8d~;@ZvAB
zYcJSTv$$&eb}yjXR)m^%mQo^wmD!4n3tRO|>h|kD#ISlh7W2aM4Jvm=?k$uW{>ssL
zRBrP{|6Y!P*h>NC1u|n6=1t}917mOcw9+nVx32qQJbb7R(dVvd>eHis->X@)G0;hD
zuAhAlZmnO#-zqZ`LXGObLNh#cYqswD9eVlt4&>OPE}*2wl*MkS&1Z8V6&dzt>zT-v
znQ_Ni)qUSJQZF*Q^w)6c2nU{ytQf#~NW<YQ9sI54(cwWn{YDCD#YjQcvSNg^vVbOA
z5_HkCjX3jT1sJD1!$#0)`@-=RTnui8rsv}_&b6QRZtZh>RLFU3+lQ%y(B+DhDl11&
zh5Z~R92Rv6l%W_zJ9iv=!y@6P6~vnG<nYbPs9~lBpA)K*sXg1LZ`()q_<3FSJ!ugx
z=SIcwzKx_j3nRN!BENvxn=UJnACiBCjk1rTxW8W5@MU-`p#GMR@}1yoykXw0-`A#u
z{NqM`(_DN3baD6+c2DJewa!J00#KgdGk_8qOTm2inngkIRN;qvDj~lvD_%|W<|#<z
zsxl?y0@vCENj5w`xrX+*YINcdIMvv8h~hCJy*cHDH4jv4E9u#|gFu@k;$J)7g8?nT
zY;1FXy6D7Rk=Au>vle*P6&@ASncW(2@e@P#e%9PHdS{z!EB?HoL9v~2!H6Y-uUaM3
zy84HuuKH8wYMw8*AIa3&Dsl$ySm;n@pk;<s@3cQ)CjYLsqvbOFg2$3h*>v0=uBC&n
zx4&NRU=r<ZJ30@FF$q=0wi>U5Mj<R|%^R+-PMkLlB>md9Y}$W8lm9A$#zyPsFWK1h
z8~wcjQ0_DR_lSk;?Z%}g2_Gw6=Nx1Mi)5RwD0#V9yiI2Rxu*~r*})^Y-C9qXB;-r!
zbFp9K`<2^JPVl$Dd|t{2uNPqaDx!0PA2?zSdK1D`gGSZ;F7QyRDP5PFrxCEYmSmXY
z&1-T=usk?&;xUrg))jV}*{u+U2fkTjnWb{gOC~qPWk;Pp<$3ehp*AkK=IL|4)^%Y2
z2XoF%U+eKXy7-ot^66=*AHF;6!QuijH1HF`LG^dyM#E?K7yE(N+rvrbO$+mSl%9`6
zDm)fEhWcijPtJXv`+Z}p^+`G-^U=~v&{&=_;~z{2m7{X41~n*>j*k6k0~^wi>Z@V2
zJy%Ufe-(+{8x3#EO(&1co8M8$k~|GEQh-L91CqtQZ_TD<3p%;}<kEpBLCO7jxNEdF
zqt^YsS~_xu*N;=S@|a&Ds33=A_Lq(279xW5;6SmNHMmJ_c>4e<U{m7gtA!E2m(%g|
z!Ukw(JxbehdMP<`o_-a0tbzZcuLt+-uMYHv)P>E2qz@G91c$gA+aXQpb3;wWH%!!t
zx9iHJf1R(nykpRwqyI49T9sV?;QIN*_|Qki4}<Gj7br|R#t+ms?3DLi7(W7+0at4i
zZT0`n1qhLYoA9%flkdp8mY!=<Lz0u{pDl$O7LEy&n6{{VX8$WSF=mfR`1Y2;Cp+^Q
zQlfK^Ds`!;6au3$&u~EZ<CVT=nuJUEMF?;5{AlcFBV>PH@y=)-O*n}$GU07U>#0z>
zWLw;v^6lBSJ}Xo475_Vt<}rTVM-L00mBVN`0mm5`e_mlospvNyuz^qOxvcQl-EN8w
z?0KQyyO>W~{%XKvY-_~A<C7o30%j(FFF!|eNwP`?9<T6x{4`kO|M9Qsh;_3#hc*X2
z0~7b)ZbK?a4y##?ng<#z+^j{Bphck@eo2s~!d~@derittzJG*-RzYwg`b*b$qg&N-
zh2Zj7J0C2ZhtnsUNu4oSsMbi35HJIN`s_z+_)g<X$1xe-T$z+YJpobM&W*=m)j2sg
zL{42l6-G}~+&;z4*G%N-@xPYvMQ2JQ7h~!*&dop1e|7n*Nr^!TY1_7WkA&>%?hbj}
zW{IQJeFtvc21UweiO>79(0!v%c5lIc(Fu2C54FKndIxNZ|58$iWk$}<n!S<j`!<`%
z?(Frou<HUiufC!gU4A}A!c#atUgSI|D`4@qW-8&s&V1AgJhZ=s%k2kh*x$by1VWwe
zu))m^cw*U!Olo=3E4|DxKkS-7iS)u4X7hQ)+&5qr-VbqhjlCsKCvZ<`clW&^ez}``
zWFeNJZ!asngI2tUfRi2cHy+rwiG8)TepIBlNb+m4+HRr?jY^^1#>Omz%i7}T3T8=~
zfQ=U2e;@eE9oS~fq<u%3WIeH~2O+6+J3AqV=Rk7x+A3jQ5d>fl{n`+L`LOH6E&Ot~
z2&7PJ+2^g>nx@G@=Zx5k0t4IW2yX)opkwSIZd<+rmlSu;HSe4B24Jb)Tv(dgV^Vz-
z1ey$5{Wy~ycH@;ei%$9QH-;T6ZrZMnpIlVrCLGPf&c?TZ8IdF0{un`tG>VJedx{>o
z6{4MleZfA+15%K&zKuX*^*JtFJVuA<b3HB?xjGO)=r;7)=*F2!9|hgbYe|R~$s_+2
z_p6XUMlDA2J|lPKTirLA#(PPYs5UFYOdn}+Cc%O+a6mS;J;7@JMhw3nq0LWp8&U9A
zW<r$gwJ43>hG8Tl5512&gp*JWV9rlo8!^7HWVM`1cFYJ|p;11%I>Os3ShI0t8)mhD
zyx(I69UW=^h<w(a9BO~}Z2!<cp}bsfTw>5Hx_rLGxSp0bfn|RFQuFQ!9rMv>J1Ejs
zxLN){|AerIeajo)W&g016BK#A(GSms=nfkAH82rg*yU@4M?i(^F0GGWVeHp+u~4!Z
zFpU&3EDb?eK6;s>JYH%cc%dDQ&fS7n*SQ4MyL|g*HNQB3Lm#8!64Jw5GEJ<e7E^zr
z{sL^-nH@8F)Rr?r0ixz4QEDUw#-QrAF11&9<0EdT?6(d*_G^MV!azY_fdGxCl5~Gc
zzt`AbeC$7Zd2ixNY<A~bOjV?q9m4}V&qA)R=Ld*?Ow?%0zB2t$tHYp8=S}XGu)|Dc
zC0k$FsCF}ydqYn49*~%N7JN8GT9wYD$a=3RaNGUP6_#u4Zv^rI+w-P-Sf60Nay6v>
zFgq<NmWDAP)>D~@tcBkk=gbyPyM1T!U~P)!(R-4XtDNh6Rq^A>*km<j-pFEWYnz24
z(S!=@PaV)hZzKMd{<M$O<V2ETvA$6q!8|$f1;l-~!Vmk#!vV?!;7e0$6~#N?npTU!
zwVGcfiq~6>F`Ta1dfT0o8AWs^?g@%VmREVT)A=+v#^gjPij#ssr$GVvL)tX$%`~kQ
zY}X;_W&w9aLO20@7NtbG3T(&w!r&jV#|P_wW*Dx0BuKPBNIAgEC@496FwIW5@z~+!
z^BcGH``7b7jQyEf0>xg8eC+Wc%<iY5P2#yre?CZ5T(Ey>^g481jaEYX>QCQ_=jmfP
z7fP<v|B&3{{ynkEW1{4{8;zX5FVYH%$h>r$uYOYu0kLTozOd_^g$$sHsY*8tJV*oo
z6uWLS;LQQrS*;+dw#~(udM%!YW`B94B4g8Q!Oe<zTkFm&>2>v{X=k2G=4;TyiGJtM
ziE`9a!~t88*Hldtp8cJSVKZQk?(m3T8-PDxc|v*EzWBEI-Je0Xp$&~z0ySU^LZd!)
z9lsGiGzQQm?)OKi>Z6g85_W~dMQeZDP}AyI9v$e`gP$~q_?DT46Kl}B%?_4*j+2`9
z30o}=J~JZ_e%VEc@fw_LFOKJs`DAVifB#D7gp5Q+eaoAhdjc4ox)GbDrIjyM<!`(w
z_S{^X!v_C6^w@ZH!jU3=D(SJQ&t5oTH|o87gbekpu7(V)Y*WT1=<d!5@$+|lhB8`C
z`*EEMepz>f54C>u=2=ANe($Cj<{9tDQ45R9@89D#yC^RSK2E*x@xhBP=u_(#m*0I_
zX1J_!{Tyw`IjQr~grIks%9l8^Hr}zM+%obJch`a6tQ<2=Na6qT0hXN13A}}G$H)|d
zcQ%bYH<Da#CIVr-UDWC+Iu!T#T{^~RR@tMb(Aoh&cr;4K-2I$Wf+h91LyliBoS+gg
zS3w1m=Sa5KvQ4XTQ(KvYtLHkb4}5ZQMUc?DCYLWnUZ>PNM%mq7CGDf1{MNi-H~lqk
zkn3Ww?4HKF?Nr!Z%(!K3t_D{99d1{D;YUV>f~KFVXl$lT3<6RB;-?NANX5xnq`n3p
zgIyE`(4;VR!@`q|Nt}4wo<f<qHloBQJMvr0(-#`**=+-VmPp{xbXJ<{tIH1_0T+8i
zvE&B+oR)xzz#6P5eHgTyj+De3>(~G00|-=NUVjDHvh6D@)LcTQF{3peUz{GaKk&ws
z8a{B?{Olg&@;Ka<z@oP^=2ush_kn`@!+!YX(e{@S`d67hJu(jxT0eG-Gqgh>YW&SK
z`@+UTP8Go|SJ^48m&SStNqX*x`_r{9!U`m-8F20rD98Kx7ZJnLa6WZ<?L<92Yj+v_
z_j-OboX96I_?>kgmnk@<2wdvLs)pG05I<j!n=#)-G<>W$<}EHo`&BNf9rulT)U*&E
z>EwUxF)Xv{3TMKt<+A(&B@!BdQ}4$)P3y33(^>b#8UMh*aQY-v7U6NKbRyV?bma>e
zkkq^n8U5Too81gCnZa^QFw#ujQ3#x=8rde+lK+S*C~rIa!<WoKh$~l0>F88ODw25B
z!9@U8IOX&<@KAKSx6C>X4SFikXLRVYwXo%U1M%nb?XOZf_bxq6ta30m3Q+KSq^oBb
zwyC0=!hMjK#{QDET=yq^k-AqdSLFJ-nd`0hW9k&ebv7iQV!gXQ8jMjF6)->kkP4IM
zJyO^~4<!b+xn@XJ*EZ+z2T)}mAl!NArdG4XF9J$ATwwBE3mQ@Frl^xT)e++=E<XBW
z7FXOC>oi+MryZMWm(2cdW;YRa4Q8BF`jVxryp=fh=BLN-{!#8SaeHm$oibp~Xq08g
z*Zk(RY(T+4XB2igcKQB9<r}ou8(9Ux(Je8Twnr4Xo~R7?&jq_iCbFTJw)_7>)nA8I
z-9&4^@TMfCTN)801f;vWyIYX%Zlt6eq>+$L>F$*7mXeZA$#;0p`M&qOe|X`wf3at;
zS+i!X`@Uypm7BbKi#jAi=Bb_M1}hZrojRSypNz4fSe}&Vvp_VJ`MeX1{<joyK1gwU
zsu@IzV$Q9k6qATye^n4nF!}EE`DOL?zLngUIUY_NfAFsV^p0QWBNnomLjPbPiFl~1
zTUb2I^<TcoXui-T8@d5IJ)ZP9)t5qG&6^|jS7WO7$Fwr5LUvo<X5;$DU$>3oJ4^Mv
zypyCd?cbD-w;_<<T=Fv=h$yEbp|00{ZxZwwi`QZk(y4!?zahdVqor<fxIk5M^e=bm
zu<mk6-zPc#$%UGA2~4ZuZmSv5_XW=&JsN;Sx@OPssi_r;lHnlCldp+RMl8ir_<Kf(
zj*`JV#pi{FJVM?TfO?bQ&0L_`+0wh@k}f*WXroQVxq?QX@91HHb9!@b?I`G6M8cO2
zM_!TT2CAh*vk6*sjqx`xpKz<5Ox~Q|D0h`230SGc)9GWFO|RdL2+dM0uTP#TC-LnV
z1Kh`b;oHaiuW#5N5q~yqi#Jl=S;U}`zNNJj@aXprou-Kd$DYt|Isd&-Xk2+NW|3-)
z)m3KB(V2HOl}9txNwOGU>k+mdm_AAv&csh=0XfOpZ4n}Bf&#nUB2}9BM#Uco)Eg=d
z1B>3D&raX0TW_c1-+$Lk7E3`bCpr!VlNfCYnP3S@p_$>;%}R!`m=NLi{B+=KO;K<0
zl&*0iJrd>RAljsGc08J#W!zyDZRbJds|0n}IaR5in@^69{S4$HD#fZGEz8ZxQM|rc
zyt*MTq%6WgQm3(jgDf_A2utZ|EH&7?r!71j{+A!0lQ%b%QBa|3mQKv&agbroRj-s!
zqxd)ai}%3p{qXD?$?-wVKVh#ccW*=HFSTSuDbZw1G|$eo|BWihFSGf~8L#-+p&2#F
zmBQ+_JFf1tLnh8TFr6AKW@sD6BDBjf+n-0%`;f-dN6pGK>&AAjgV3QNwBqmvqMp{z
zLbCJ+%r-eYKD6b={yeI!xL1=TUDhi3r}weLEdmU(9=8;jxIfU%+BYw9=3wtpGdsKc
zvXM;%WfHa;Z08NA@@lTQ8Ss-CSd?bWSym_Gwsv?bsTHUZIm{?24>nGZUB2=8rS`m!
zpzX$bWCqjdDOROwqZ}xjf;K>YI7DLC&M(e-CzGd?=X4*R54G$o-ZDoO_6EXaa*bJd
zQfGXn(5;HXor#MCcR1PG_xG=Eq@Pptz%?3V-Zmd`=uJR?eEb*pwf)bJzK>?kRsVDl
z(U2K_GHUJRWE|VvqY;4($&a8Q{A>F1^Hf2qsCD5&RZ3gckD>797%BtE+%8wmN)^gA
zU&{}pz6$b<>5la6=$sGOLdX`10*1692~C79?0m9g?tKM`hvwG?&+nU!7KgrmC#MRt
zI{rm{g2>hMkE%M0>0bgi=BCUhEgW31e5ul(?LQlPXDa6Z*5wX7ZBfxv`TPj@(*$rJ
zpsYGQ-y0A`%vx=!#kn$Ff2xH3WLl?yq`}P2wY`gjFdfZZDov|l@P2+Mry7JK<AXPh
zNFz}uxm8Bf*{Ji>L9uCHF<~W>nBUBjG&zi0;LwCm^lVpF%u#*RWQgcCXS9E^H2?4?
zkfFADttjJ{c-;UdI`7W<^zKBNh13uG<zBOecB_tulZz9s!pa6oa|&$|-kb&+ujSNt
z%u4bG^ZT`5qr!x(Ww8m_A_WIrskDle|Gd8ZluoQfqseNmND5MduVK-mkM?J;y%c^0
zev8wJCqpOPbpLSF_MDXNl&@7Bd5QJmk6eo@9}e$0a(1!l1!v2Yx2c7X2Fv7m+5WRr
z)2NL@^=pUIQ-QD1C5*f&ar=wNAB824j75E7E*ol3#bB2)p1cDslkgSOl5d1qJ-f4Q
zzDBIrVhgV|H4|WyZn0)0yL70LzyJ3Um6!`LQ$FGYu};?uYMPuBx6i}{iQR4Z04^dS
zA$^~==&GT|9ZikI>zBhS=K-}%ka7#}xXE*uiERfO<kz=4d_A6e%;Dx&@NmB$-TJrM
zEGjqls#P>^hooC9;D<+m$Cl0>s4M4Ea&dVqfI&=-n4>i<p4;Rz5bdGM`HpB{BT#H4
z*al079f#zC_oRlH`U&Hi;cf50=ILYtj%^E_M&){<Pxh0qcrSajxb7AWFrtC8e*UG+
zc$NY#13==7gm-6M-;~cealAz&KSsWubkFZFouHXy{e|4sK6`JcSE!!j5rp9qsr}$Y
zh36q=s)12L^Qv!vvrhyOVKy$~EPPbQ4auQC^wm|@ir5G!H-`jK?d$^0Veh_EX5Fv4
zimPh*Cp|Nk#K}2|iksDsT#Xwv(y#d6+%vw~8NM@k?kuyYMC547#%I<{Bx8D-RqEaX
zxx`lQQ2d29!BIlDT4XszcaQL7z7(r5p?I!Q;N8T&^iyTR)NXuU<)=EwD$Vll8RBDg
zeJbFbK`+i(MW|+|dhT|O6v)OT;So?OPX(jP^sm(DOhqIq5&1~Y!|o3Y?JM;>r0}vd
z7K7#QdDLeUzuUVVjb+B)A~a5Q{z#;Sw0L|b-f$-gjb2LOe2sKDFk(W|)A_`=v3r;r
z-Lhii+G~E<->Z?`!^g)%$vJrT+Otyx5t?AJ({EO<&DvH!QDYzS)Z|n_NApeA%m{UT
zFC@;kP2t<9cf0@nZl7^A#lEnE2lw*F+I@oawG|4GFpIw<vK%zHW(x`vc{`0mZ_p-Q
z&9ybo;m@c;I`oj;*fsLzQdI<v5-Xbispc@LwAzN}db6AW8G=0?;AwutZM3ajNs@Wm
zd)jroc}P0Eq8`1@4bi;V66d`h6oho<+<ShPGlq6OdS5{wyHHb1!?at(FqXlc5JW8@
z*BSrMF5=In8ZEY@^&-I09!NkPyH(7LMdz*3Qga6um|bNCcegeIsPp{LBxtHE2DQaN
z)9yaHEf@1&R4!%kfZ5N(H~hQtAHtG#SgkfEVWFBXLGfskMI0S;i$7T_Um&%=sNd`@
zS4*UI(6aeqIUga!==ZLbsQ8b^M53VBVT`@<5b^iVr-^q^o~)%OJ8@Q)3W(RUWP?Th
zXEIHV&U6NIK30kJ&~3AlBM$tIjrFlC`qhqC3ho<C7!&3*inK`!4L%I@CrhEF8g^t%
z6Qq1Cb$HUtcsQv{E`KQg@k_E{8e?@xkK6meJjIVDN=pZKA0ZV2H^agF;2p)kw^+_s
zZ@nG}YHwDXDMd}Yr%lF^d>^$iBdtgeGkg-l6};DPX58+c(-WWXwh!o1WzA@w(<?ah
zp;d}7g(Y1i5TWy@wCd=~Uj2g^hEvjK3RXQSvy|X`MPs=Kw<ZIpr(98XUr&fF7>5(y
zoyJW4@0br>Y=n}8gp9CHRm=LPJ5<gEUr(Gjb6?lem|W&9MV8MwdCRUxR%o9w)WBJ{
zSO&IZ{bJl2AJ4{5v~>*e)WsT2dK&tVT_e92xe#nds&{rZTJtYvOF2YGo}Susxy(j#
z6_X#<ld_K2qV9f5rA++vl7RH#Eh~+BHZFAQ+uD*q!-UH$5%PL_Ba+tz;`%amo)OLC
z;Pg3*AZ(Vp%t9nI^#f>}Ljw@SF+23;eBPjcrP$6zC#X4YC;|22#^mSc(31{YM05qe
z3)8;~Z5_YXrMY|$A%>eXXq`-*c|G9?u-ykChI=rNf9LK2bn}hZ#y5D)WaOI9JbnRQ
zA=(`RvZ<g~7+0cQL%+%V04j=~=_T+*=KXxe-(u^eNz&4<Dxc$H6TJxl#0Bw(dTciN
z8<e`YM6Q(B%3Uxc7f@Rpf5KV{`t#TNx<;+{C=BJpPQGH*t?8&Th<*!g{TIBl?^v*<
zgPA;K!>gLfb9Y8G=+tq#*&VPURPgA^!L7AO_*dtl>R8=AiUN|mo_&^Ijqu-!y7y>Q
z_EwKn*f}PLDpiVpUkukpQ~h0LyB(>K|DzyJXC33#X=`4wRLxKe7tEnQm)AahH0k|W
zIlr`?w9@KLo|Qk}5>0yl?;k>pN0!_DpZhN{>c4~ID1-7N5VypQfdSmN>Xd}DSvqpi
z*UMHFsg6o%ja)=d?-jBmj6EA1h(fz5u$;A{=%th#uaag;;-A;2mF=V~vB-l|C1#tT
zd5VMGUsc_5lf)@uWQ2?PW++6-p;nn9O_B+W!DmRX3CKlMB6+`-;_lGXzpnqC1BvuC
z(=2G%nn`_o>OHg?!yY!8QFgR&e-epD1rN~3jgd;f-qlAEv9^9a^u<~pusK!5_BHf*
z-C`WnqbHyqQ-uNk`>CI?!=~r7P+v?__Ood3YE(bN35JcyGD#Ec0&JE_#fp8+4<|2~
zB&ukena=$?fYxFY@w;}nIZlN}Cq}+%&8#-iAHu6dh<T*@?o33UZ)Vcf9qPjS*+i_!
zP>_hHh?6TP1X+l8b3sV)`=*-t@Mcd)K)G0ohTjR#m+_7}eN8hhT!FGXbXfwaFOCm$
zQ2s)dA}1u7K|6qPuqT4g+KtQ1j7TUP1N4&#^LBL#UG4L7nL6r7yKW$Wa)t76+s?Xj
zcLqo42=)Q!eD>$igtpdB;btJ;-EK{JqguPXn<a+t>%6{)y8E&2lvqnT+JJlpCJ7x5
zQqk;K<&Lq8Ttd}&7c2U#so>w}D1(T2n6V6*{xT1lxQS!_8LJgIFt7|mM=uGLJ?jf%
zM!Q6)X=}43)8Dt9m;M`t2wSowLqWF|P~R;pmulA9ZEKh$z*x_sO?~&F6eu!{wu5so
z<x}!$2b=EcJ1A6+b=x&AT8AuJ<B}M3#D&jV`3h~d9CsP`MZh1;yu)KmVywVa>e%+A
ztt1Lm0Zz{T)UKjwJJm=IM%?cwFBwepjz{0XRoA51_7Zdw-0;kFb;KbkfKpU;pc$>a
zIr%Q+?G`lPDwg-BO;m+W5|Mg%QbU<GDc35^Po68gBpFm6xl34G6l~DDdC-(53Tq`Q
z6b;2_zr;NfP)p($i-c`eNHtx~O~13y!;BUFA<E-;rnB=}26Qb0OV133ogIwxb5d_o
zcRkj>&QAWFwJam8$)biMp6gt#<tO*8qb5$L4_c1*!xVL+W08J41mp=fW(N!_vli&$
z?GNe&@=zFrn6Lut@$~ysPEE-Y^72{c(Jj6{&0KoV8_JaUH>8esYg-*Rq!<hWPX_zj
z=bTR`1RK@BBO>LR41^KhkESCA#;2UP8H~f`yyrm|*I&yIEcvwEGm%J)z_;aHl5wth
zPV3H6w~G(exovSFmbV@V{dhL?#o|Bk8Xl7UA>%{jt=8=%Qg7{E)agP+(R?FvTJ1rE
zK1^03pS_-<;@74KehJ~0`&dBS@sg6RH+J7&e)5wIf8Ajt;_50@SHnDxDiLw3Y2-1t
zQsBCr*xvOF@Oy5b7_a*k2Htwja>;QTf@;%rP7D(DfyWRp$rg47QPU@Ch4h$~d%o~s
z((+CQ4mz=<0iVZa<QM>u1I$o<&h>9avRv?hMT4cpET*s}g&!kZ;>Z4mRu^e!>upA_
zDIqnaQ}sL(N<a4z{B`9Tl!rFUab`!+F?TU@N%SAG?ofgbqy<u?zF)1Eh>e&tF~DfY
z<U#AVN-*pCRKhi#px!$)y&F6rPHGp_Ohe$OalyH97L{(X<5@X{liGgo*p6Pf%~|n_
zKSlRwWDq?jxzeEW;9i$8(o?l4!?Ie_eqAJw35>lLwFJq(wV_E3LiYR)^M4CxepGc~
z=)xtG0GCY)Q5oT>^PkNTHOk;{*BecJp3`fU59sE!(|modC#v-t$^IbijJm^flreWw
zhBgT))U8}3J1bMq_P%=%<MyW04*aXk^{}Md+^dcsGbnU*`!2N=B0pC@U%jfAtNdWn
z-=_D+Q=IfBfz*G~BY-$=$?WsN@~7V)w3<tPVd~XWS<->EZ4QW!Za-QnXgRJ&Z#tws
zEAzMG(@FHWYaP=H_>Kz-g9iW<BoWi1Aw<SUiOkjH(S07|K>6K1PqeaJPRBJYdG{B-
zLB)~Gw1uT_AC9o(;>>BhizO7}I|PSckUe*S#cM4+@TZp<=6By9M|M6`fMSnK{i7Ou
zAc=<%c24_ERt5e-N1-|K%bb~0AeZw~<zC&DYLTzFXfQ~RT}2NEhbw!lvE<G~nZck*
z-JOVNoAI)==BLxy;U9scIRW4EGNxg4h`!H;ROmfBVcTT6ij~o#tF5jeZ*#d%I<Dz)
zpplky{bDHf>uRaB!J$zswO>^Qvn^clDMm!<<EJ+)xmE-5<2z-twLe97fq>vkW%XOF
z>zE_Irg?VZuVt5(;&a7tk=#^EV)xxS<vwQ&f$9OSlkH5y-`*O|(0$jKfBFawki@&o
zzw{4lR%{2GJ0EF<XJ3sO6AL`o%entzLRrf^FX?fCzdR(rYg=vGRcu;vcoe6N&ZHsO
zGfIzb1oVJXht}~mG5@>vI3I<|8k1r`HGC~H;2MI_v%V9&M<wdn$fF+79ak$TSq3TB
zzuQ|*Z=00}Dj$7-6ahVoL*obXpc&P=pB#cERHY4(94#)=*!`Y8$|APz8bM;CxlD69
zbJEa`SuhG-p1<DYDv1+D5dy_XSY?WzKlsU*YS<ui#Q#{tcy0ZNiZu`g+ry+-ta^Jr
z;t{_DkXCGaB5L}|=VKFR^Az(2eL(i8`|#tXC_IKGWsl)zb*RzGu)SMqf4c%wYoqhS
zyv+J7am!}&f6VDh9>hyj;m~o)%YP$hwLgv<^t{?|tsD@QFdm<?6B}3ibX;X5a<>JN
zg1=eM>mv#g@uDxYNjr?hNSmJyrGcl)Z5A_1pa6%jO^RN*VwGl#Bl(xWhu~dY-&$qo
zpS?*A31)~f0Q3Ml0X;Kz_lTf(3r!w4AF}UMSlRl3)f~1prNY+L-TF+%c&??OCzUW3
zo_B8=-5uX7)mnb=WLSSkv!3rT<i<=hK`NKd>UjSXj7|<a@piJ9EJQ*2X;NDKHRXrd
zuy78t<b6gfDk!dTAs2g=E8PC*?Dw9wU4NwzP%%ka02B|gA2k!b(qq`Hvb)#T<-ejH
zBY7l#{=4oU$m7=u*!l2(Ki33>;lyvznk(^qwJs2kkGvXIt&rd%S^)l#977^N<=NJJ
zIgp>$a69txp2@)bQ6%;7f++L`?*m>k2+P$^%P~jLjX+{>x@%_;cITTnAdgXQ!eiX7
zmyYY|gX1Sad2RcM3ixn`XBes2R5j&(^}<;M%4O@(v};1{g|{r6hl{j0NPnN5%FVgy
zb8Z)`SF41bt@Sf+D|#M9gXa56#*Yfg4%Z48UgQ{>?CGQ5uGfsI87P9>!z+c_gRJZ_
zF>P{vzAMePZ~HH^(!wo?-VbX_3641_>H(gO)Bd*c^qZ-c_idL><HL#T+vlG+g{U?x
z32FciC4)$b3aR!^@*P$?UC@?28Iu5(`TIvdv{Du~6JmH&;sL1ieIL)8zd;-W%L?yj
z+hla;J^gB`bQKlNHTGwSRm?unU;HaRNqlV8J(3w8{L=T%_hv~(Vfji<oBEyMNj;l9
zmj2EsuV`VBqe`^aHk5^jX-9Vg=~pOR$kfBL8roNjL@iHyM;*mEo$(#TjO|a=a~ca|
zK`W`2W2?f-d7xr(kK*OH;KGS$?brWp<>1(9gX?nk`Rb1PO<Af_TL5xvNU++7uo8`r
zL6++u-H%xwzL?3s(rKGH_veaVH@jHEK)TJ}B@OfUu(Hs->B;t$Q+{Jx@Ocw#&em5{
z7z#y$>RPGAO!`9Ie6SfmGe;+geicWR+PT_NC*iG2nZfCS`<%s(7QGcj3tb9^B^oZn
zK%a~ThJGb#$m{(W@z;79T%0b~U(7wWRnYPP@{DkLBWAA%dE&Q6LE}AdrMGeYvlPX;
zVeH)7a}&55py!3!X*gjr*vW6cUT+$V2|fJLVMUVnY7d6f=K}#@)T`GA^K~s4fJsY5
zt#@5dbsD<0na&n&;s<WzYWMFIfNA669f<+UPdFedWS5YckrfvV8s%0sP-Amz^G2R8
z`|U5jHyHYOUJaF9!Q0pwGR+8fc8sji(b#(avYs~B$-YmSRSzpN3Ds`Pgd6w*AM*w7
zt`8!&sK+T-SdamnE$Xy9=H&*>eNFg|KD)zS%U!QPd1D=>V*_y9=4<r0C_Op%Z809!
z2gt&bI}^;l6N9XtdT=nt-}vjexqh?b7(8e_Z_Ib0+)wiE6a?ToN0K7lE~(tz4`lld
z__wc4wtS|B^f@^`T^>o8ueWW#>LBWH`T2*j@4Syi>=7~9^!vO;gkMBdpQ)n`yVV!+
zz`IRQ834{OQU{6$SmDoj7HolVfC8SZ$a(2|&6^Qi-NtWUiU#d@nZ2vb^=E*7lWM8`
zWyFFC^wtL8`AuFCv*8{Q9rlf*q1oQSg`{4Jdl6Li*5NAf9GjPmpYjU|^K8wTa^Hx5
z{lmZ3>=U#4IhFsO5^P@X1sHhehsFaDA|8iV#l;rpg!2dh*{`{xTCKL(<=-HB4^CQM
zsYUv^%NRWLNl4h+g!jR)!%<@Z2^FdHyPg1eJF?{XuaNA?uM6KKm7s^h5_atYt|xyp
zU1wsI!QYDboWYG&x)?bzLB{&Eh?<+9l<_&_%WRM;6k|Cwcj~5+B~FC;YfCra_Jm2$
z<%GA!H;c~SK7F;@pP>ik;Wn<eUZrl--{tnX9d4ola^Ct<>$C9Xv-iv4;tlX~ppbC)
zB0$Ig9SY3jygz|tCkIaI=-_@0<aQ!iXh%jnVJ^HE-EWDOuJX_e-&|cXq4?yG%4f=d
z3Eo1-(4YT+xHU?EJj^DzUGD=Qz1cs?YIH{rX>|WbE1xOl*chdIq;qqD%gcF60`Uhr
z9g!B_-lxC;qYX~h2&=b*Mg{~xkfOmU0qSGT$39-~7FU>G>U78ZYltv+t9oYE^8`So
z2NEa&?=}Qbdi`FyN;gcB2G7C<%3T%ZQegcU*H#`=kVPP8gP}r*mG1gC$bn{SL|LiL
zRqjvul9P$+Ph|gcZL4|1Ns5CVELQV(WSZS}G3*cVE5obvrrh|S4O|Dj$16_glv%#z
z!o;^z;Em8p(!qr!K7xCnLPCQnc<F0@T?ssF(<w1smfFoBQ~q-1W_Z_OoBepdd;GY!
z!mq?i9KevZbqd6p=JT{rf@i@QN5Oh6>WCmkL2_!9212}qAHM!cBWrj|rwf!YVtKnD
zs~dOEa^uoS;}QM>BZjBk02CgPz8*-?L<ygtDtG(kySf(>nA`>JAblJZxp@@B8M&LF
zrbF?0NJ45G?+hLIJyPH_!Cp<^zo}#vMJS$_`WEm#r<dP2M91}-JYmLp1rSL`{dDl_
zb^$^K2${e20$xuPB=}EX_L^?+=tVl#^ny-;Vq#MEPAm`dQ%(mHqGc8^gi8eM-eLdN
ztK5wiw?6sLh(JISwXnuH^hh)E)S5b>okRwKjJI+kN<3*ZCN`7<v96iiGiiSZmxQLo
zuwABjUcX4-9a4u1(5d``gPX9ZQ>4MkO&@RQ>lb~&eY*0-+m34<K^n8apV}>VJowcU
z|Na5Xw1UTLO}Qn%>0pX9p=ZWT0GkTIdbxdIC+bhu4PU^CIz9TA7Vr?_8MA4{{bBzR
z{?#yc%Wi}9YE+MeLiinN-#yJD+JM71HoN!lqTgs`#i)|EJaPNyZ;yNpr>}^_QRjdK
z6d`VT&jl~L^-A=UscI$-^7sV+-B3$ei1|G+17)rziOxRm1$PuofdELncK=(Y;aUVC
zE~PTXJFgUrGOEr|8%hF28xE5)YQaf8i$A_Hg|I0Yu0o^C$l652v6s%%*(S94dsnyP
zQaQ@r6?ai05>1kH%QkPa>DlB%@vYMh|0mO(!K-TCAH3DkfD=dY+=eTAaAx=R4#z5e
z^o|1YzF^fCR7yNf{QY1<Le)l_Z2D(hFeLRgvkr}`!gP<)nRa|Gk5<JRC(Bi7kFH<z
zIUtuu41>*LHMy3+2Q&ow$idY2Bt7~OYxb?vvuSfDjn?J+q`b;rCKN)^IV`H<wdA<e
zU@ua4`Q+P=FL+Fy9|C)^qk0==t8!Kx*$eRZW=Dp-=>0Eo9HiWB0*paA0!`Bly76g8
z$MXrlK}o<Ip#rs8#1G=CJ_jN&%)9BZ%r-X$2Aco2?(FQgtcEn0(RTt7y}0tZ=_FBE
z0{|Ky0P632{D`pj_#11|3ail9U(L!FBPq4*$jp*k97x+Fvb@!3NKf`I_}Dz5<uiCc
z-*^KfqWB%Ck>fK+q!TYTn=tBU^S%MpkZa`*9`<IQX{m!op^)a4-cX;^_u_}lJyRe+
zLp$VHhASC0V*$+)p690=&Y*0lUE#ffhT|RB=$rpx0-zPZxTme2ZE~Ul&9=MW#^=4I
z&p}1JwjKZyG&-$f#^>>U2aw~Gf0=`0V|{J{4<Wbgk7r<JT5fB17?FRe@Bw9F;pWX5
zEdrWIfA@*1`HDC|XFoM}ejH@Ly~R#PPwbr0J>wm=eOQ!7h4f@WGeq3|q|$3=x{*5=
zea?Y#XbGkUY+-R|BG}V%$v*Er7@Q+J4sl8qg}AW5*$$|IA$&23bo0Tx;wZ#qX)0>N
zcB^3Kn{3d)gY;3BZE4?#OwZj=lxU%evhIgeeH+`GFris9xFrY=m+f{9V<3jdxUjjS
zpRXv)H5~|e84)!#j>CVQ3Ur&I?@37lgGnpto&3~hNq=hZlt1Cj=Cqr84F3}Q(9o2W
z6-M$%IslaEv95GI$1B?OxcT5AiENM8<L#F}df0DBKVpt(_%hP^ASYg4cwYK}#X{#v
ztJTiEssZgk%I`y?`}xxy+Z)b!V*v6wanVlAbiUINdt+ds`*|K8)T57~k-eicI=Lr!
z;}?LB?Uoo(f6>={NML?(r2K|mat;OWwr&Ta3jLNaaQp$X%DRis7y|kE#Z+;Q(jeBl
zG{TLLzuPG7&WBKl9UEr%4nbR)64U9_>@oiL8Fw-N4#svcq9VoZ?1@4rO$u{8?xD<Q
zTJb2-T_pfGI6>CVLqf_11;inEHatasmFIP{LcE9UP4_GfNgQ(yK(^G|(1r&lKbXbE
zCfB16v>!Kmhn!vv%>QIvmtQZoxZ*rE!q^G;dR<#eiF-hhP1f{0a@y|&tzH9>0U!oR
zwOxr`wuhTLN?!;1u;F+x+`4)UI%lmoj`V+OmM=8>przHdpsASs!dtSc=d3`b02KNj
zR^@N-O|Fkq01dQWZbEZ&Aq<L0scgQ$KqSu>H})2JGr~IdRkdJnZ_|U&ZcVauGkJjy
zY06(os>7caWiF@aJ1@tO747IhU2{8W(#P?14|8QJah!muM6hoH#Uc5}8j=T}s741$
z9J~*DeLIPzBrOXx44vzEHact)zP|ip@ASHpN;!0G^Hgak%Pdd`IV}CtIi~F&wzU9e
z+_F+pc4M150ZTMsbP`}9Ts4Jd<NA)97McOmI4;}Ze{pWDsVA^%hV~OC<KqL*cgmBK
z&!R1J4E7J%(~Z_nBHh!rq?Jxmc&oH6Cr758#UgKlcLo4)lU&}SXN!kJ5PjQ-uiFwA
z?zGEDK{?%K*l5GETxT2Yr_kbuij9Ojn$}B3PY=7xsOze|79G3%MI^k`<85|Ap`(PH
zTIRh@fUHT;cel1&WO7-e+=<nz@H$P*`ps8<%IChagA#;(+99~J*2fQX%=8i4Sbhkm
z3tP*VZg=UozqUk9uk%wN*z20n*4j@e^gT7^BzS?}zP-BLU3cR2xZ}P3h)FoCtaoRE
zb2Y$dfRqHWT~Dn1x>tn2YKtBA7%KnU?4aDy&Y(k|xYi=cpK?HcLwBkVsZQtvP#C?f
z|0-f{Pxhfew`X#za9B2+!Dh2D&fRDm0Vsl?F&z4mUg0PA>5Zm$4vhF`dZ9L<wA(#d
zG%31tUT2uIS~^=VWA5*3aXM}$CdNowLJsV3O2;0{J)yMC6Q>5WXVE4o$-8yHFVh|P
z@aOjw!wtMGr}C$bSjUm8=lMD*k4>EEb)pE6%s?PjE(7cCm#NPHfxO(1>*hTLb4&mJ
z!_lmqm<e%%-%lT(*0Y<ZJlmVY6^rqvJe}c4m!wdlBP$Hjh>+KZCd<)nw$w(R(x7tD
zUdKVJ(~d&MQ?bA7wP?8e?Rc4FoJ(1KG#@Ye+v^oSmFj7DWKn2i|Lba}aj5NW$!ynX
zRfCtc6r!U9;<A=+<?~{xxcsMS4U;WkedNrd&%balL#uBRSw)6J6)O2NlxR8CLG=YR
zu<XW{I#*nR*lHVP*kB6ax!XM{B7WMVke>2OS?k62LgD44hEV`KG;6*OSh<X(*IGWR
zI47wD;{S-`Rfe9FL~ku+$G(@F7gXD~OzIqgC9&aB5sSrYBV*`?ptNr(;`eEnS>f2!
z0AZ>1poUE`eKjm!^gT5BOo*IuoK=Y}iKoLQD)#_+2#RQ+sqE7E{tr9ktwG5`5lL3*
z?TL}gevF!^taJX}Z5vO+rs+Y!H9RBe?1Drq93Ynfu-l7P!1{iR3l$#inbJc*OzfTY
zYPCiPE{1Ual$EAdJPZmURoZOft@_V9{l+9KVg0yTX(mD{<hBqoU!@%s{9@GM>1^})
z=B86lmT8adndK2k`H%dPzB_}bB2Ac5Nzi+ak7g;?-GdUrKq<Nf6xuaNM-tK3YK8a{
zAlB|gn{ZJAF$7Sk#xwpHoS+a!DCRN`huTz959D<!#u3}=8dB*i7vK7}X+jR)H1?X@
zjoXe9Mx38b_Hw1#(s4r!p^0S=gJ#5+Vj<el<AAiP6&k}@LhG7pzNz>K*dAA0^Cx}8
zYKLE7&~3l#Awkrd`*Y?QKEO>+S2WfiR4tCmUaxtSezM&J;_?Ps5)5GksK}2=HFku5
zOgVP%GXZ7A`Z|GHNw~sE<;~Heo2WZ4NPK1SZ!+wsm(*`Q*i?T$Y!L1?b9J??Yx=IM
z66O2jt$Z!ez1OI{BMU+o-WJAz{W@?e{i;>n6IEI%_SL&*9y@(@3E3yhDj~ul71&d4
z+}3y~lct_fL`-F&aRCmZaXv0=D8Mm7#z8;jHpL;5_a-DNiXi80Kf*FspYFaHoXB13
z%C_?-dxu-xTH9HKD^Bx01n#os_i#$-+{XR@2`pr$94m6&S2N_{i}0t<yPcovJNJ&@
zNJ-D+l3u4j_0}-XtEwefWdJs|)^1r@Q@?%lp4R#`K>LVj;b7XtJuyw){c*e62??}S
zd0_7?(MfXpOv6-Q_t=n%uu*=ghubAxZ%`W;EyO-e9M(eo@g(@ece9D3f0Yq|L`A4@
zwsUXmb(Gu=1OSO%q}~-JX}Wa0tc{ESK<PeTW*HHvgMbyBn-;1<{_c@#)Z+-X4?q$8
ztx|5A`<-JZrSP%nDtDcbp?~(Cc<`ciKhSHGRH*?8UKA=+&EG<jY4PO8nRkxFSWRO}
zHaByTaJOJFo@N=9is8PCc2EfHci%Q{Cc?Jhb={wfkqXIvfxG${x@x24ab~S->YO29
zrbp)2R_X%?RBT$84Bhx`$v1A+Izfy7eWMe=;XJSXi019`k;bd(kwMW;(S1n4Nh6p@
zWDhW!W1mwlDHU=|!w0%?q!=K=*Vtz*23`G?a>k2-q-VtbqN%6?wG2fK!8QT`vCG8A
zbELlGT(jDN<-=Md`A9pE@#Hphn^#EFDfAs;3r5%eTSJKJ0oftt#5x|N>U;R^AD8(j
zkpYbPw}h5;gcc1S?aybp9_*&*0h_4iGL1m)hEBXi=Rs;DOHtbzgHj%6kQc3w5Itjf
zGv7e_*jCqy*8NRXcLPm&DJJ?%4Ap?|k5=XJT3R*a<kvq0#u#4|J?;h}O>>0Sw#(m8
zU^$VX^e`I{r#JKkt{+swknZegxx<G--2pK5bvf{=`~H;wHW#3}lGPT9zFgFJH=Ja}
zLD!mn;<prO^=#7ta0IO-afG;-6m?H;I&M|8%x2417JGHvu)!hSdx!9Ld1$rT#O_%V
zLcaVTr|dS=EorBw?Yb-z@-?)aE#Y!St~lNJ45oYm9PnvdX+4J?kI_KPc(?0CD8U%z
zjeT`63p{}o#giBbDZ>8fPEJ=+zN-eus`~kNb&0KQx&7Z;i;UY{lyhX{vo-i^br&Z~
zI8c`Zs|D@X0X;dukQSFDKn;$u^=9eY0pl!m+$1<Bhr=#k%|RyI!4fxF&|(_eo<25n
z4_^Ge!56_3_VP3H%B-5BN?!G+cDVGLqZAvz*5JVLE|jW_+DDpcSwlHYH?RgdUmY3s
zeU=2@zm*QPmG~01)jJ(p@ffm&@o9Y$6wS9a3POEWrj|*(o1S1Vs#C$eM{K4YC(Vx!
z-buARzpyvS8i;uFuacA<2+j1hf2X4Zg_QVXx$$gyM}ZP^(QaizEgBrmr8O>WQsfzf
z#*8J~<|Y>UY9sTd{+g|g%D3#8gn^jN?5%;$izK`c>^hv*Tv<rPEU@|ccsYZzMz)}V
z(Mo<1v6wG|43@E{=s6cXvup^e?seWLCG6b5<FsB{Xl>jaSg4nu(m&Zv<3ajeR=7?Y
z)!es|aY^7WTDiv6w^veqRv5!?e-rwNPWjd{b)x`=3Anl?VW7C@9xH{UfyEFMfI#%T
zE`?W5?{?PIOXs&L>W?OKU37G%xnp3wZpZ}IFCOud;>AQ`Nu)Rm+ERq_MB`FR5YS&%
zaW@8H!hV&|WJO}C&~O?i%8e^vs7vJ%rQ{Oo%vBPEqGgl@H_fmTN@nAd1z8}eCIqM}
z(1!)t5v!?j^vEMjt2%!1f5krtCC4K8-;JJ8m-&5P1=~;<92nl!BWk<t!3GO!r)wpP
zeR8H06=&-`CSG=U`b&_iy{9Rfa|sL8CLVC9`#--4!2zBM0e$gI`c<T~w&%-=EdAYo
zaVCx_j}2-B(*&p7aI)=|MJ#eSYw&r-;p3?VX)DApw)iR|U6d12Yxt8C3z7JQS|RXL
z4u^V72~@$pyTC1T+~Ds7x>mH8g~o8mH0E+I&BR86gNf>mdnV_%#IMad*}5cVLKh<c
zZra}OK%`u0(33Qh5}TA7R`yGl1{>)X{#Ez70K^vx3ZX&;k6!2CXAM2K>tVF#6=jvl
zA#RL3k0B7=Zszqz{S6;zV3h_cN|@4_CM57h=)%X4L^8oo1MdswP$9npED5w7KQqBg
z%b-I*`@dkqf_q{KMf%*O)+ETVRBTG%Rowz)BlBUQa&9xUZc#i4MPJ?$GhLjofQ<g9
zGT}Q_G@wnMU`YK940BeknijP<Pj5(co4@J)sV5-V=d}Boefx(29WNUaCBO3LYf*?h
z(_7fX4uinlT#8fyp)e-D%>Q}$j&}LSy00%Tkbj+vxEA*CHrZfH(;qp1A8w@&&azYL
zQ6~BOCz6++KpR6ig$avabt)l}s;zSWFOM8QEJa><oZ!EUDe6=V>bZvg+`d^6cA#zd
zuLOWF+^|}+>hpl>!|9P_=nzx^DEPJ{P`8#V+k4kCdH$Bb?V;%Jxjh>;rRo3R_9diw
z8_gB(3F^2PgJHiI?6Z>0y|$Lm?C*R$@<tPT*)!$@;R7y8a9wgoSt?T>5@+avl+zrs
zgL5j9pYJ2d_ZeJ5DAv^utByC!!$sL@f@sW>wEaFLCG)HxW5l!S&=2@osG#QFQK*pF
zJ8snxTwJAi+1fDqHCnG3d|JVT5@?vGKE<D(#qu&NVtL@M(!Q3t|8ST0dQXpO=ei!2
zPr@SJ=U<qQ@?tY_!%jhlGqazJDh5C1R=B`5wo5}n;t&6GEqu2&g<^2o>8yN$+eN8E
zC~>dpZzPKM^C;~%*{R`67(p|$ckTC{a5XHw)0Ax1L=mr)vPy-iuD)3$(igRez1U%s
z5DW#aGt2}SNax?Y#P3vYxLnbxM7z;1U6xh&DL<+V8bbO`HY9mPYn#)|F@xu&+3s1|
z@A<?re}9LC3Nf;GtMn2b$N96nRd~_?GvH9u1`x1?(`mG-w9(vMp0!mN`oq-N8lnN&
zXeSV!!3GM;lbM<nbXiGrh`Xxv?s_{(Emu?fzipV@t=E%+=ih@}6srD&8zA6j^Q`T7
z{%3G)X~~wMvM*5FYYH!R08)Harq0M#q!STDhF>(X)oL$yox#=#FTJ*}3lA1LOubbv
zWk1T9G7mD%+O6JC$?m*3A8`I<#=>rQOW*^KikoGkg*&QU+dC-&Z|Wxys15}llM?op
zDK|9wsAFo4^Wr0tM?i=us@^KS1ee&S*kmvyl*w(ZSQwpjmz8DAO!IxL%$<NszYjY2
z+%ydf*rk^xu~i*xAItbovb|qYu`mqx_3=lt+BjT4->d^?y}%Ako6y^>sWWd~&RF=;
zV#|2Kwr^ygPBAfI-GM|Mm}Ul+HVhHkmwUXgfv}$ymw}YW9ipYBWoxtCtOpN5#6z1`
z;qpmJnkN=@46%@|F!DyzLZf@kTTsOf9EUV*o|SJp0Ri2MG04Xhzd+(rdOzy7wx5^4
z&#<@ZLw%B7fJ!oa@or04xV-q<HWH|hb@|>XPtvt-4q`&e+YC?D{2TT?XA~xQR@r~#
z;bGq4$4v|%gutJFEN^sZM<{gryft%8gx1g+L;^J^=os9f!9+{D@De;`Ahco3n09TS
zg)4-Fx)iNsFj33Z>7q$oPsDxh$Mhy>*ij)l%EeVq_v#JnHxo}jU!xSzf8b8+ITxvL
zpv+h3zn3^%-744E6t540g$lO=={cA+M1lSFk-}6^+>0KTG6m186Wovgb0IG5Sayz5
zT=7)x%`DtU@5$T_M(@MKx9pNl5@Rg>YYG9c$}i0)q+^c9;kHi4Qx{s^5oZL$=RunJ
zup-U)ysNgsIZW8YZW8(j)d`;e`^rSj!U<OMd@5(|Dc<Tj^MBooEVefDwOU_d!9n4#
z3Hu=a%TmyQyx1}Rc);-$Gs|kR<aI^)^JMwah{*r{HNwZRFM*{`=5Nr2wguJ7FdZ8m
zvc}XDZ_P<nrywi=9V3MCYC($6?WL27iIgS2Tj84&L>i;n{SaB#I1oJ9U4&JvixyiB
zeVFvDBCW`v7tHMU1QN;Q`N|5yVkxnjwv-tY37r2zdRjmdXP>|RQR?m7P6VEHvOCdI
z$9(xw1z4p7h(IKW;J*Y|)Z<m47Gb)(Yp&Dtkm7Sy9w&bB?ZHfcFe8_7s!t_0R=Mv%
z564B_Uz=RCKawoE{cmCf{->2s!V_JQ4NM+O2*#EhTSm%7inNU(v!SrwOvHRs9e)pu
z2f^5G7+bpTy4vR?lx`V0wck1tR90X7FHIz7YhIpA6SRyID<5X*_*eMM7dHKzMStVk
zU|V3cr67<y{uoG`@isOg0Y=5>J5yhP^iC=*qH+u|&fwb@135&2Mz+3n?dHOvbis3@
zm!~=#oD87;&x6&C#eZNPuQpa9WGV#=;ED_GZgE$oyYxgREdO-4-Ie`z&Ur~h{MUXJ
zE4?N*)mV7>`%@8KA<UN9_B=j?-EZxKYLoYrV38w2F-AVFmMR?|)~CsR+BLkPk&(XZ
z(KnNA3IdZCJ5rc~<KtMEu$?uErL#<_vN*OXFGit_m3r~R{|TSWk+u4b!d+hyiW%Gp
zgL^S8|JTN}@I8`5YH;I`*B@``&K9~6%u%B6-+}`(qiqL!y9_=mCaSdS8w?A;NqQV2
z;loW>=8$qnBRDrjDO9y)tAY06!^tuK7Z)JPCU2$DP)zKI-h|d?whXo#<Zw#)?|S^b
zb4s7Sa{T#o1I$45_wcZrcXg#T^<oFrdAGPP-Tc)Gcw-4p^xY|r_`pk0Z(@;r9Qy1r
z9%)R<-_Sn2?XSY)SY@%{ays@I%RbyF05t|SclPmk)Z>tt%<hXnaJ5x7FckC6V(-$A
z!qR7u3O*OohKE~39?n;6uB1+*&JPWZ;WFIc{Ts?6BfDAvnJD-c@?N(8&9%sbB&QtQ
zA(#C%fpaKm58Th(@+X6F5By!s+HWt}oB8_uyT*S8IKPbc*rjg377Xvm$j>WTvF7gN
zb_*-81GN*l<c<J%HOt^Wo|QjfuTa?+Ex?Y&TW_&y)e4}oLujHrjb;BBZo*mB>di6c
zA`Ykh`rPUE?hh5mC$JZW|C>Ujv&p>O?}{wuv3tR<!aQffX1h5w;nYq2RGrt(-yzte
zP+NpU4k})P4qM>N6Yls$jRr=eCl#EA-b$xil+fy_eaq)^GnTo^f3M)+;N%;wnZrvt
z3krWoTgUKarOcV+KK;Mu{zP>JJqR}Yq2W`xuCM>8J;D)VXQ9m4`Qk9jT<&YyyeU3#
zT1Kys|Ji16oNT#^K963A-F}vFO|6tNVmsq(poZVQPJBz^4*!0#s15I+fr+dr;FZ2O
zT$#GZJ%{=?Dw}bcRD*yQ!z77YdXE_Id{-V$CyPyu3t)KTmsA_m4)bb>?=xF^we2X!
z;K+zmQ(M;vnfBOlTu1ijxCOue>l)is%zbHW7r*JwboL9TyOs^@+l=9E^inl{_9Bxt
z`%?Tj(xQ{pp*p`n7v&_C^SPvR9$!3g-=tZeY)Q+Pz=h6z-ki7t#~t@TBc;Mz;Bu0x
z?II00`qyU2zjT}`bTqss;wnNyaOg118AGrzRGl^heGB24UFnH`00I&s4xdKWHYCI-
zXEvpGf*v<w`9zQ8T|_MeN8*g(<pt;|G(!G^;X4q0VJJvJSfG}Mhf^Qw!3;(qw@X>=
z&BfaSDec<S0z<YJ<BDiP716fVA^w}_I!lD?>=-EM{kg~pmiVJ)L3v#8o2%0}o<rDL
zxV@K85$?Zg=v~$M)R!N@W^^dp|F(2)R(K!*<mBDw73Dgy&QBR5N0>SdNr@o(%cb=P
zn#z3f{n0JVp`*tiY-aIDm5MC+-y}67tvZr97#{cS#|ZY6-a&Z0=imIS|I#E?R653^
zA6^*QR4Ovz@7YYzDt~&KDQYGC-#g?tS)>19!aHy}zUPtxBvEyp&T=NN0}5_}l;#IJ
zunS8shaI^#zu)!q(W;HT?yLv=>2uqCdpyHXJ^hHQO=K54yAYH~i}*JOqBltLh^CUl
zIjlh_Sdvm{QfbaVdQcLEWJf-QpiT$XzV```&3W%^c`yNSm^L&S@V6rRWF2V|@Kz>S
zoz8;F!{GRS2)^%2-6yL8r{fCOo9Fv_yKx^*3HM{Zo2GG(%HQkqp??>K#)vV%X1#2N
z0gz%UtskXtyh|*9<PSts&54SNnsx=VU8Q{J_FsYy_&GF02i1*7Lqzkr#)O*34O~_w
ziryB%CYa97?c6#c3PvaW!(Lc{di7exEo6Adap7vEqo=xz00*Al+H!bVUl1Xnp3+W^
z@gMY1bmrd`@U0kXFt*HsmQu%9KTIQZ$YO~IgvLAl8LLz1HU0aWxebgJ#6ADM-HrbG
z^=o(!4m+8{315Ve%Me7;*D%*X>{Iu>FwETgoPQ5vej-U_;-`UVVpwqNa3DjIxFh?a
z0v*-(MeN_hzV1I@KZc`559%zxYigAz_LPy0rq8}85c`boi)q%^It}ZIH~Iz&9J=$_
zY`lxr37O#Ba*ABbPG~4)>7P4G?r<!9M`HKq>7l0)9BBVA@B5?P*pEjawfAO4{{QTU
z6Ph=4bd!cFRSX??;X*WId{p0*;On}ocj2(zXXK7kqnHk^t@ETosrD<PgCEYSQzPd?
zySsij_dT$qe{A^#-;cPoxbM%QU1!(h{f~zuXC#=hMb|A-a>AHhaG-1@X@+Zt@c-9v
z(nH54mCGcxL=6PrJ}~SGr?hr4{%^maZX>~3e~O)+;hXhyeAfCD^3GuJbr9>r{?<qi
z{D@ymKt}SHsBWDzd2!ccV6q}k`l0k+$w%Z{)9h)1fiUKNC!%X!DF)TJDf+HW=O*P^
zEvPcd4C7vm4nN?FXJXGypalEvjif5<{*U{-FIYV1NEONJJEBlTRE<mxZ=wWteC85<
zdUsK@rxZIBs_)x+@+Esz2eTi~w~A=8*?-CeH$9wLh55yqwgqH_Zt}W*CV!EAcXK#@
z-Tm==oUY=zm%93TxHOSCZzt_)VWFAogl~kYYPaB7$u;t#7@q~lN#ey3_ch4`r7fV*
z<2lj-d!F<J)o2%)vFiQ%52-;<){v1IlGEXsXga?iHv6@o$JOe$*R3!=&lY^T<EIrc
z=Y>ndXUjYkof=FJdxJ+tK|zZK%|zTpJ(<9di-16WI+EgtN`5}hP_gPwtZlb|B$w`S
z^Fxr#U&r<ltF~;NY2zE?(Hh+N#R;O%A~Oqd%re)DZ{zsGLFemE#J4CSpy*6^d^BLv
zi;PM|S>ys%$=$4>LWWh|^Div6@oKrZ8~Z);W*^zN0*=+Xu?-6C@zQbSJZ1D-1AW=$
zt?xN2-g{@szSv9_U{2Z(B97(xe!bu9VGIgB)sS|$J8;;qy}nN>o&P<?xDtw!Qjwv~
zD>q$rT!QO;o#j=XQ*6<_3xCrV9v6pEoWUrL5b%W2WGhqSB>rMIhA##3{<N|C&}=Mr
z<fUHz{D$3Dku<U;j{7k0oEHyCr?Y*|fPV~<;!YKH{mSmgJ7o%TrSGH-)`DW>Uy301
zTMKeo-qk<l=|ZR~slzSRwlXs1LvhuS%wR<iA6;A8A+Hq?bQI9lZFK(v-eX4E<Elhm
z?R<cg!(nQC)>_nEc20HYc{Uu;;xJuk3wMb&ULgD(z24gqp1sbtYkv%t$m;%eNN6Z^
z6gWB~qLjnB_gscCutI^C^nw@7>!$U~v|eWWqZ`D;WJh{V1)qJs0es6>q%JUY<=tRE
zDGZ3f;AT)@Bdj!gu(0b@_opn#UA+d=g@L(XyJ_aw<080wIGkas^B2zmG~`vU)D9dp
zq-r+|*7x3%ki)kQ@vJ!lFDhh<J557uvURv4*a-*Rw2xm8!X=2BTtkcJ3VAmuJKhZF
z5P#8JG=cld=icjdJE5{4>?c3%S;IlU815Xfo${hZn|86v?KOwkvxXQlxlbM;IHt1t
zKCQRJ4(Ynny;t)LahzgS{Y3yg=f7b5zL3k<TH$`;mqvL{4{l@zGDf-w^%vop*}0sG
z`u=&7Td9#I1Q}aKGHa+PIB3w9rhNggk+p&_vK=B5_XOn?$luN2vAGhB{mwr2Aw9IS
z>U41%l`st14Hkw_>+_Uyw(JjCyw7h%Eyl;Ku{SK0dNEvhw+o!?fXG|Uiw_cEO2`B~
zVsbO<SLLdf2;&0xShc!sBn<Oq<A?9;qbm*(B=Qg>3O{I~3+LoLVqbUM`L)|7*vt3Z
z$KfaGtbZg%tFT6fehH+spf}FNCY(1ywx3#s5wYf|SPU*JUVRUGPfR&@1ozSd@nK5E
z&`=P`uO^MK^K`@Jxgez5-v(o=+m?upjJjynu&XOp`|l#OUW_QUUSC4~>RM#O%6v7M
zVwR1h9SnMDIfGTRGU&SruGl_sf-SbGvx6NeSLAxT7m<eDO3)6SIvIYJzMK3q>)G0w
ziTnMaQKRkITm(0K%@lKu?mB2E1uZ@@>>ys+22`Dj--$6r7}2i+CG&VZW6~tHZM&lJ
zWD{gy8S-^sIhF<AC=fG=2=Kdz=;OmDsh6rmJ8;Q2><*W&Ii}40Ov?J6rb;&(jYo)n
z>EQOS1e5pf?oB|Oh{4p8pUxd)>-*WF8{?LpEu{tUSITim2VlT0f;mB{+Ef<)H5+*`
ze&!JU2Lsi>*zT+Hh#^8QqJ<k;)W2RhQBlYaI|G&CK0UnP^hDSmqrHxk55Jo~SWk<x
zr*|z*D%EE51{_ZpM#OJPEJlZp<$DJR_B&&L5_uWv#2`YpPcYb7mj?X))j%-8M>c2D
zsaa7G(fL%*{?{(SU_0}*G2biaA+P&1${Zbf^p`j&Q9sx{i2}=fk$w+N;@O8m-(wb>
z3XX}>!Ckfa7tt9<NPIPF^j4lgY$Ol8Z4&`@dn}0vzbg14m*XV>W?LX@Mu%4Qj{0ao
zjvfihv~)8*K$9lPUT<l5>A$~oD9mdUfLY9hq8|vfaPoqB@fBg5Lg%EC_~Zn?zjTi8
z;A0dT6@C+tP<+OAMpI<^FVb^!G1C+0Nf3p6PpXG&Pdzi!bMXHjl`BD%9Gz$Uk|`89
zPlY@z4HdW3JL1k8j-~w6%{WM4%vWW8d0cch2o8EX-5*HD&TRP|T=>;YaxMRRiq#Qc
z6|+#MwfL<(l@i;#l0V>8U!^H+iY)Z}YB<XO@25rDRf7KBd0fInPuFqzVW+VLWO>8r
zBsJ(#X;TiYCf08dUcAWwm7eN;nYs@V#e$S(u;?TBL-t-?a)6l$8lE?X3f%Fzo-USc
zhqQ{5&pgLZ)0eMM`4TOilaFRyh}NpP%JhZ?bOA-l$1Y`R!6b%QhYiu4Lq&>AEzZ|Q
z?rC50hrfO3?-vdh{L$JBFPew3;&pShRhhkhh50IUTj%<zYs!rGY=IKupS1={@^D8v
zefOB@_P19r`=1G<lkWMRFw6a%U_XOai5Itz((h4?-qx~r4JPz-TtUF#Adz;;NkJgm
zoE2%{!v21@<D->{uPPII=cB;`5r4fc&Y#gz30A`3T@Q1+lg<W`r>yg>e;fTrI`;FQ
z`GaNOMRfT5mDoGpr*n~3HLbxH#CDl-;BJE{nokkJgM!maVpMRN+$UDVq>F%}a(Jj}
zH)UYgUH-V?Lk{c61#?8a%IW&>Hbg?Y<+1lu`}OZ^qb;_>iOJcB6W%+R1@>&hx6geh
zN)MOC15l99ECee)>l`u}N)~4ip(Ue|W8%CNe$mcl)KUG-OswV2c#T2moO5|UygDVv
z)G-IpMk5H%_A{5EAYo5XfA1EvFh7f``eZ#ebcopSqM~)$WP6dF{B-2a-l#*zDDDP<
zE6KJQ-4$J1^0-@qLpNwmp+{G%l;-C-wx_^ry{>l4ZrlkR)egMr-IIl|Ob#1jKRv9N
zjp~!<Qs<SWwA<TY4;t1-Kg>4=hy8w}8C@r(eIjTpfpw)|S2b_XT~{LS3kD*uhPM3w
zCtm`f{W&daT7YOYf{xCflIEdOI6St{6x7u<2=XK5Ih!`L;G19j5@L}^-ur<-0L@MF
zl^@R!p->PH-G4VUO~d?#dOZB?2l2pPoL6Y1X;{9r8J2CMw=Y?mM5&?~VicB^MHq3p
zI2cBU*o#ZCO;Kj$sYC3A0r?_C3t1Rq_T5}RXWQ26a6{{cDZiIY4&p~o{RiGS^mY-l
zn%d?~*I>sdS^)qpAFIdx_kI>XeDYbjp!|253N(J*5UA`zs`|RQsIQ-czQh0wW8%}!
z1)cv8RhX>l!E`)Cf^yeI8Pmbht~9P%K1Wez<>_cw8W~gmrk3e=$eQxqOZ~EH<t5{5
zS*B_FQy{?en2KEAA$7vxAT&+G`Dbsl@qA{gzhz&pg@~wX@opCRE|_uQ*318?Mf**N
z+7PU!$kbo1K;eXmXuq0Pbip#~9smH_x3%WI-u#Cj2fkmTWN6yv&#TXS-O$ibqD;nI
zv3e!G_uX#;0B*hWK?ra5E+|y0y18@kSKs*Z_yW7@y7<k}chPma7yZcrbab65afXG7
z$6|R;|J1}{6Tb7neRpE#O<OUVPFMZYhUA|Nk_cnDbex1Zjv8$tnsB9ptjbRU?;s(L
zD~XjsWh~G(HqOVx-}(yn{OSPy{vUo^>U6MpQDffg`ntK&G5PN_QNE}C@lgZ<0sQdE
zXYkUVeG@(}<ot)I5)EfvG|iPSobDRTqCOtPvc~HCf2S*%L)W01?wG^b@>}0ht=i9H
rxV}R(HQUZ-3i(_1<64M_s@LxTOUHZo+q_nc00000NkvXXu0mjfMiE?9

literal 0
HcmV?d00001

diff --git a/docs/static/img/go/api-create_service_user.png b/docs/static/img/go/api-create_service_user.png
new file mode 100644
index 0000000000000000000000000000000000000000..6af66bcbca0c3feff5e804cfe179733048e7fad9
GIT binary patch
literal 43016
zcmeFZcTkgE_bv=J?D#wi2nbjZRGLcfb_`Xi(m{GxAVdfxc2oo;bOMQ}^d_AULQoW>
zBP~FHh?E#Y2oNBIkmTHXp5J@s{Qu2&X3osZn8_Uy?(DtS+G}0wy4Lpf9dn~Y`z7`Z
z2nZYk-M(QdAh2hLfWWRDd-njp2{xSx2cGslxNRRMAaLL){~;)lm3>@5;G_WP##QS_
z*^85q43Xh!!(V+>ie`-`Z{AUS^(KDw`_m6@UnHQ4cRkc#9&azzeJiZ|ej{E<&R_Aa
zm70HPB~!T)vUvK<?gJ;mW0NGAA1_jONBA9JKuP2=a%O06cP5rOm6Oxgt?fm_ZWQeU
z#vmYY=eC&yR`8$8mZxX-{&Vqo$I)H?TwHmw4;VJ^^S))*zn{6|_Vk}$2%Nik_1}wQ
z87Kd}*l&8|-;3RH|GmxsPiqrcd0>aRA!T&&GtHI}gVhbh+VEepnw|goLSNH=EbF&;
zYlvV2*EiHXD4v~_m389Lk0cDM4m;l!0U3u;ogQ{z&MPQ%mDQ7SIKl?^n*+uE`D+Q{
zea4NJnj<Gcot>Sb-_Mf03uyHyGOhRc4%v>w*Y}W%@hHPS;%@$jAK(0P|F2zv_3JH`
zdoT8E@7>ufxx=)&_1%}TVCs`F+`q%QXRRoDwZ)mKmm%f~3(B8k{Jp39!mis0;FS_&
zlJU!_R^*>A7Cjr+b6jxFENhmF4gQf;QlT^0_%cEKV!;u&UnAK3;>IWxu{(R6g1a`d
zRDa8sjt$jO9J?eFz3lD+o2xw-v+*K&W2|s&M1S!YXRtJ~Iy24AqNwwSg<+RM#i1@_
z2+pd4G*_-0lrF8`NWe}GTNQ_X`EEB<ve>Cm_O47QC`mT+qWd*v%r?DR5$nf0w2Fh3
z5U^6D^~Eri`JeJH)8;juLTIJ<DW*hCJe>5v#DF_njS0R!@Yy5yl`~{qIY(C|lWDkl
z5u$Ojls#>LEr?-9h^u-BmN#sTXO1xcOsQj+s$!mvug+Ta%~E_&7Kmtg0d1h#h&ePg
zH2Wl0x~r?A`BM89b<Ob%N7F%t-o%Cl;~CA`Y4oWwlZeTOST#Qf6u||q%ADXWpP(uZ
z`*keh$jTtZUuO(@4{7os31Gx*yAbzenM18HVw<)=U0u((RINyC4k88`yoYa<kIU;r
zH-6Z;zU?fjz^9U3ADyjeG6+mtpC|YP!(hUEI~=naYzw{;V`F3I11$T9_#RW}<&zyJ
zS_MvBnF+AHn{*V;iCZJNP0s4#V-0ZWeeabtO%QKo3=Q!5v~0c=bn2^#%zAVY7h+>$
zGsmA6OUya#;Y?d!)x;EZ32|6zT=S3Cg5<6fF|+RWFqTUmE8R8bjD_C1X^t1*nGd$s
z9Y0>BW!&w{!w&D?@iMU5OJm#@w<l=kMY>B4`Q-ak?Gr~-xhRJ^-z45dln-u!R@>g|
zH&SY!Z*5+ry7wN&g1$J~A|Izy6X3XihsF{fHsbIx1mTGds_TA#3ffy2%$V;98=;#k
z;^0QnYL``-))oS(+bc}@0+aMSgsej8=Rn-k$1YtPic*A>&hzVscWg`q6{M(VZnca8
zetfa(q#IfvkCs`gH|p%_Do}BHh$+Q$8$k#QLyls5&V#5a8H4-zjSQ-)rXgO4zo>8g
zEB{FNX8F0dOhg=&-Q^oitr%3%bmi5rksjc*U77-hi)~==wvg4>L0GDH&xLt^_}tvw
znEx+t469LLu*f48Gkz<_e}Q?@EH)x2!1;&;g2T+=-25GR*IAz~ylHKgdD&uJY~&Je
zO<u_R#avnromf_JUNzcoB9gGCyQOg9!YWSP4jD9=0~u``VZ-T@knA8<nv!G6wZ}zl
z==<EB9D0Jz@BS0vEmO7EAJhK~cojKCQX=hrq`#ISqG0n2RV~f`Ohxo)T+dO#!ERcz
z;I+qX^)v6juvpWE<+XuBg(|CGO)BQUr@Qn3yDj;wZbbJj$#UeAof_s{wo1ve)Y3_n
zAYxrd;a%6>P@<6(G}M4KJNT(oaS|KR5!$7Mq}5BNphyw=12rG~xZzXuDl#m#w=xGp
zV!JIhQMqGj;_RLV?O=J(VVz$>s!EQ2FI@Zxb!N8`#dQZ8@!RVQii2U4%(V1$&5o7!
z6L+%=$xV3Aug_nrrb1UzGp|?q8Jt*o*sIO#s}2eQo0;JnYcq3RN;4)d1PsWEZLicU
zHnl&=)Wd`}2SJSIQnptclF9d$Xb_T$8HxAHLwhMbHht-XOx5HsJ?3wP>QXEXvgeFz
zSkD+lNZpgFWHP8eJd9yJ(KbBv`D9tsz<%+no;8g_G6tvNEUHZ;YglstT+}PxH1~M1
zp>>4suf@eBj0MS%-U#Ub=_;N;bVt05{bzN*{av;?cwIQV`F*~e9dBmKDY6GlI?r-J
zo!AQO)#m-)UhLmlz5Yunlx4%q3flWl79G9nSEP$fG=gRMpy1~TJaXNMt&g0l_FyY|
z-O@l_SR;gr0N&Lh2E}Yq$dN0l1j*>PVDSc4TOLIPzkNYUH{v!B_gi4l`6fdSIDa(+
z$8ed7BIAH{)hv?QHNorm0Phj3R)tM8up*qQ2m3uxVnDp<#Q5Z7@pOMTu<CjivKIE>
z&25H<Bgvd;`xT=6sS#9<mas{Ue<sR=uq27MulBZw(9{`tAJ@|A-j*lG)cjcZ=EDmL
zB@#o;tRSW{L{b0e@)Wc+>{qT)+6ay@CB$O5R&>tUxguL(O>mbeR;_lk9r^!=S{?U?
z)%)Kr5Y65lar^mT3)G(P_q`rtWoCAmMfnMSE>P?IU`1psf*cd-q0d&Y==z@S>`Xm9
zyN9X~_-i7va;#1A)6F<h5CW7eH;3pdS1yxOYke_!+V8E03wUly+n0wE{ZS|RyP2I&
z$|KbUA;TAjDtkk*iw!}P(@{3VYX`Ql^r}|Hdfe~OE>lw9&cyBjE3!RZBwfXf$8K|6
zP*n9B_>>Ku&cpC>+eK}wy^AjW8yZA+#|0gE*R6f9VRe8JI+sV@Cnzy?AtuVFM|{f^
zzMLe#I!{z3tvA1qULUs0qexF;m1;Ok%x9CvgNb?@)=L;(lC`Zl?Q6bQN!r*0T&<Xc
zqiEWT$nFZ9MyVRE&xNFNXoPq#7&n7*;Ed9nI2zzIVpRWp9)+RYRHKHQ&jQ!OIpD3l
zCdyiDeQ;wLY^SWsZ4uR)0!M;!{3v28pp?!Bef(4}wM({Ic&GQxy`LWhHT{grqW}mY
zJ96a30WeQ$yk5l&zcNBR;De@(d$Yv%RN+>O1CnJe^w&-O#)QS5U`NRXFJiilq@kA0
znIj?5_VzIN);?hW_Cyn5*Ud66UP4E2+55qg<25siy8kw*F=hrkC(9m{H}9rFrqV;&
zV9A~fCtHEQ8IrG~8>m^R#u@WL`%E;fFtC(E8qu4}18dS)TE-kyNfkK|_p)tMnjd)q
z^s#aE%E0G~SN48hE*tRqKCretedaPIlzV7VM;^QQ+03th8c4tJzNXK2HlV+RnaW_^
z<<MClaTaa&@2-k1yQ1zI!SJ~I?lO$oj#Ta6g-0zJG#?D$!kFa=)%mVE@<?l<flbyD
zCcNI-I)&hXXDbuaT|Sag(DR_x*?ymb3LbYuH7G1z92Nd(@pUev78geSVuVsO(+ru?
zOLyIF&yH!^XYc;<r0?B<d!(KGQOCXc9{TxLqv?U2FLB$C(iTT^doR02vr><||7&d#
z6YjS)$&BsGpWU{)dl!Y4j=EEZEs}}crbMepb)TRf9uKWvbIxNb640!6!@h^hzn>sO
zEVG(d=7}bQGSQoN4S3PkI*_H5l+?Lc_EHi<r7<ueC`%@dGIquX{qU<IffP;Dk6i4)
z;QJ?zw{I`8Tf?SZ%YXE7=|&&~O23i(=ZtWdJ((L>UT^=ih7#ynknSp#R>FN4lS2(|
zU~LS%uQ{*K)gp+TEr-fnD3hs~TYLC-InLdmv_)`+o78PZY(F2yt8PXD79MC^|9h~W
zhbC5^Yha*+R6Vg@?7?#(hVous_D~uO6G(%xycabie@(ZC&Djv<sh7gIO=lToRlD>^
z);|_Lhxocn5LCs9cs5XZoo!!EAI*)aBL&|HZl;yL7`-rFA7GaSqn1I$ei-x`l50#e
zFQ4`DG8?Efqt*nDeF!Im5luX9tTu;99u9DH#zue$V{6bUAmxs^q)Y_P9LirZ1P!O0
z$FN4mV;V`JL}%8|Cu~{Jo)B%f+}(moj<wz60eute-D<$nt~dz^#z%H*PDc5RI6}(;
zKY!5yA%g0qGje%QWnsgOp%eZiWu>6xv1aoeT?oqS$VLC5bk-L2rymKn0EPA2BGaEf
zjtC;AOxf`rAHai2vXNw*@M@3d41cAH3JZU{q?S2H8M~3C@)K1rdUuZwSc%3xMN6?t
zPC(YC$3huq{xKsC^?o^0FAw$}CLZd{Vd}jL>%~4wn5H(t=JPYr|GL;s%U9)35S{?I
z?-fbUb|km745p-}&b=||?J*~Y;Ep)9r4*mfqlnXkQD_~o!)5-;q$}qXL<p|Z*lu4p
z_pz9V>SrHchoL%>CHv3bHS1A?7n2{{4MU6X>5k#PNcV2s8^wVKtAKr~`-KjndLEjg
z^dieOiKFe?)a1VIbXRkkgBzOdGMRa43u;WsY#LRK&HQO~9j#!-boR;{SPRA;Ja1+}
z74?nE@u4be&TL9tM@KeKw^s@P;FP>ZLZc@)47BPwOw?O()w+l$RaJqikKB|CLm+01
z<xHe^GyGpbd*c*pZ=nTHpwwJE`C5LbDB`YbbgHxo#00TM!A<NKYcD{<P(a+z3oAHV
zz}$_ReQW5{{|h@&!DZva=F|y2Ho5?mM2h(Qk>^z5opr4;J5p04r{@R*Aw9zgSvI}i
zrwsO6EXBQbsx#M6H@G<ja#w49AuDTp_SMX4pMr{U<Y4~!ka0D*Hm`fJj`^jiyvVP=
zPR;_A{e{@adEdsvu<&C*Oa|pAIDTF=R+x>~Bz2@Yc26kvtMQtrM*=b5^FfGVJI8fm
zqX=c(t4O>K+U`{EcU5A2&W<&+JAF1$%n7kH**N=7hL&!o;h^GWmOtNJQa+(e48ht2
zV`rx9gFRdf!c?>VWBjU7A;Ibcf-X^B3%|Yul-goRLGCSI)ql4p8ehHAhte1QVE}vB
z{hGCz+&2IqG=kGZ_eKc15ua?Kbpg5r^}W^epnmhI+RS4ND0CxJe%L<PK~o0=gx9%&
zIxzJuYaY3Ks(H8jUG4ck1Ig4u7#wE4wSE_bNRZN<tw~PksW3MPYo>iP;3EsujEj}w
zO}fE&GXvb>LO5kW8$=6!;$5m*27R9|VpiR8i<;-remIW+{{8KBWX!1Jq2R7Um3&CS
zAb=CIQc`;^9S6|Vhw#4)LC*|yWfHg5<a45I(`cA*Wz3&aH6X}>s#y7wJsNv6Tt!p=
zC!6)$pH%N(y!M!1g*qObQs+NZnzzSIso<kE%S}M6%%cD+ns1c2bRf`mSY2IvTTK3w
zf9KHBt4^dw&kHiDxn+atta>;DX-eB)RE}O<U8TI>BPT9YxkjTmByQl6;o6U*7{(IY
zgdrK+5FByh@}p+DkGV_qO6tH`6ty%}KZ01K#+wX&k{`JRAH*ITk1U{Fe$*wH$Fg&Y
z{FopSwgH6Rf`|%6nTXvV^>&?-vc^!q#^PfC@;wyJuhzs+Y7iuS-si-{Xm{Vm|2;3s
zUESw*9dB4KFDfoKw*iCq1S=i%HHA!ZTGrx{yu7q&-#o<raGSRmsM#yA2aFlO#_qUl
zbfWPJGgB71fi`dp_V-_%2vh0ZAh-S{lfJ-DC-#BhpLOS?88X~WvIATDHxHKLEh2Kj
z)3rKu@Zhtvkj2qcj)x{{{+$eFX^YZj=U8iD>+~>6)1iI>2647om_vrNrRGCO;CAga
zl2<{H$>2w$#7rvZu*}L`zo?0ZePOs9%<zBm--qv20q?h73Jd}%a0yR+S&C^4ekxkm
zcPl1|NN-ZPUN?CGRJB;8AKKCk?XI*~PLLWW8woAu;Ca-xXuZ|JJv7FXSed>SK}nyF
zAwrH)RW#ekwaS9aYhz;bOD7lHNiq4t8SL@T^<hIR1>JSg#F4VFu0wE>&dz~io07nW
zsqq6|rH@&DclGC66Sr-+oJ5nsQu}I$$q7Zp>*$zMRu>9B`F$U%7zG?!wg~I^-jDCe
z{4$tddw)Op<tC6a7(;lDWb0J74mDZ@booI`8|HTiue%)`ZR<1U(zSM*cW6YZ2fw*W
z1*b`Bxy_iO^t2NVE>R<b#^GC6+C%W{sR^|hlzJPJ4+&a6_*Ozszt26@qJ}!?>qK^b
z<R@pEaW9J$f}RXxx%PtCbwN}`JPjxYCe_nDkzaO(vA)Bzy)a|iD?`<*>x7Rci~>}2
zVA{P8Hm#Db!X&AS%q;jeGy&We%`lsaWO4?!xojnu$(>4_?Rrt&qbGPsRex|?^=F*H
z_4Ip#dhErx>N3VqKiS(sW04k#eFa+;C#N<30NLA@H!gk+thDE4b_U^wA3JTNhZ)cO
zZEb5i&m?dA<%b58*BP5@aerio4pai5X^@|%GdlxSeHo?LrSUu#Tl$eFD#6`FvHO3V
zc=-PMjg|?(`j0NZU$F*)eSJYr&LAA>)QL2YAu8dcD<;<H3YRyK4_V6}lf)V8e`=`x
z8eK|QQ-_)igU^ebD@O-DHBD#Q0PdflxAm=vo+)QG0NBsz!A6nxA9<smx+#rk^%)e-
ziu3UBFzfq6yi$+MXP!&mfx@G07KMzb!Oq;sNi$YY1uV()i?Bo!;A&x0GBDltP%-Y@
zn<k(j2~(^ulwpLaG-bnGAXXbwVd;B@OMJ&`Tq*`}!g>ha6qpA9sYpVMJ&xX4o8}CS
znVj5V7B;!A=@Ta?NpOfDOjb`B#k`f&G=SrN%V@8)v*j~&e3wID>v7wwWWx?0G(1Vx
z-oMDac2Af&;(&6aVzQiBmLC+msP{<?H(p#a+Xi<|V@~ld(uHM`R#)XHgU}ZPEk8i3
zt0f`bE4WLVXv|g?@!usqZ6EmbapWPv{J-|7p$gEE23T6m1MX(5)j)||U(tcC&VhV0
zYH4FAU5Bd2-5lh*jHP}$Bm!?3eM1?yP1m0N#X*=Jl7X$Y;zGwrT=gy;0KgcNdvhde
z&`R|gQ$pK2g$-TkQNnuLj}o*Ocmqw5i~)g0vTL~gvkhlgC5M_HSpnr5?V<WmW#@{M
zZV$EQ@h+^yHEO+sEv4ELM@>=pv#cQat^K)FeQ3uLbUBGn59O7=mNU=Juyc{oAO<zF
zHrAG&AY|3mG3=?>g~<(j%u<`9m9uls^}|yYYQA9r%TNs%%KL(&x|gx?He(LM>18iW
zjDQMIsc5Mvw}>e}V$sz*_V#Ix!I_Hn6PHy}Iopi8+SA`iJ(V$GjLd*nnEznP?;ir*
z*Rsnlxn6thw=ihdKh7D+DA2H~ueg=iAsD-@m+lk+HrRB#0SxaR_KKNV+gouY!9_A{
z5C#c0*P0WqJ}Bt#ea|2=bWV{ONdu4)iY=`SKFW9o5J!1BO7<nD06W%t*z;vfMeQxp
zz~oSBYAWV;@k?i?Ce{cgckr>9X0ct)RvpB0uGBT%ek4<i;rxp<e7rro`#b%7N0Jdb
zn_sSjER!2aCe=`0cW1T>v9q(diTCBzz;<@y?yPwVPv13*`{3ITQ&b$u-MJi3*;vGo
zaw9o_3vwsU0&M5P=5D?p1heS+)srK;#axrn+l!+Iq0~v!<A#hYEx=y*VMB0ApJZx#
zrddF{yL`$wezTbR{CIT7n$I%(HJR5?{V2iC417C1tBCrBpHFx0Q7<JXil=J&S(1|l
zkII>LH*)HGjm{WmQiH7EJxEOpygGZHT46*6fR5kdd<#!3OTFZWf5}=0P+~<gXb|%G
z2fhH;2n#6Z6Nlt=_Yn1S8GOpw?Te%0)5o%uTGK?mm3~^@MYmwouEH)z>*IY#<-9)%
zUSH)d{}opFuc{H({9SJE?fjR5iH46Hr=r=Dfta3P2CaN>Rn9Dwltb{z6G^w=_0)^~
zD{tI69%u7E;)PoG{Y&>Q@~0_q5%OQr<G)JIKdvC~UzO{>3gCZb&Ht~GuUqqRt@m&Z
z3LfU6xl<scZ>zk?GJ+U+oBv86L&!`LD|pPcz}#eh`8q5ktEy_7*~?x9sN#$umW)h;
zMI(fsm1roPX;QJ-e$9Vw!aiu&U<{m2V|2))=YDsUqdZu{?DA|nT~C&udgy(u!E3(L
zU#t6Euz8V;H+ox}gYlEc1TuVpMAWxpB*QQL=laBWN*~)3a)MYIW$8bX40UDAveY`x
z!f`rh3^{?PYQw)sHhh;82g(QxH=ihpJr4kKr_~z*2PPz9?0Ny2Bb_T*id-MD4@j8f
ztE+s4?BJ9?<3)dCWc7HlLIH0Nb)F4~j~^5D0u$!ykAHr+74kW_?sz}^R88;~_FNwv
zp`fCzqM%rB>SqrqUvmR)H(-bU(+gmjlj<r1y>X`QpuoIYoM=x0w`VGFW}C9DI)AU3
za9N*UBlEw)o3i9AcI|*zDW3%3VK!C+E63Kt(rlF+X6x|=7wkCe+qVM6fuyFnOYkE4
zphScHp1{Vt9-1Dx61p2mMO-++DSFzTQW;(!zBF_`-8D2gYJDLSNWq#B3<0<1KaE3{
z+T1^_l34KrcJ}sJnjvX3iCp`afB@ZTnI>6|(~}HpZ~@AacdK&Tcz`ti{#x}>Mq+~Q
zLIGvOtEerw?OIsJ9Kn<H>~P=azN5xn#l^*;{ilrhQbX-uj(Y?c1W{yAc3Iu%r%GgH
zKi^bik<6WpEo4Z6q8AA9Cf_V<OQyFEU|Ey_c_Dt{8qkz*3YdyaYI-`ksoH|Yn^(s0
zt$(1`K)uYNPEjeqVM>jR0vnG|>TmtCeE5$Eo1nC%x=je%N+u_LF{8Ry?|eyV&Hb{u
z_U+%iDss85hGhvbc8u3&H&F$JikkZo6R-zqw6QY){_gx-Kh+}znM|KPV}L3Oym>Qn
zPtc{40p(+wla1gWf-5Xl%q2>l&;Jz%`1_}FD7iv>T>-QB22ZA5@~8%M22Xa7P@Wm`
zY$)$~;v7kHN~66lMsGDaoIav1r5pakPhKi{#zLq1OFJRYgdC{tHd9)+(8;d@Ser8z
zp`>St^V999Vw>O`Sb*m*QRIAOJGyhmLO+=cXl-SCg3}^s<MVjP1X4&kN)g~K0BYnk
zl-?XR;t;T|7BH?xZ(?5MM$+Kk+K=7aH)xlAy9D_air-*)kinL(r=JX%wep1h$(dM(
zna(Fxe~Ahx;7@=(B?O2_y7Rol`WJ;xtTOiC_XvD0%-qm~IsC$tn`1RL6E^32kUrG1
zJ)X7AC7%GNyd1Sgh+KMM$LNETtV^8Q6Qn|y1r2`)$wX%agfyJR+5JhS)s0<HC~Jt8
zhKKqFH_r9GMQdFGRSk<GJ(tsv1;8S$P8*#GBRez6V`47lVZ1}yD#i#vt4G<e*Lth_
za2b3!-qNGlTjaBS$%wo7ZV^vk!mOkbt?ccG-xGkW?W^}xKvWXH&9dM#E4685Baqa^
zs=+!8CjlDv1+Ai@<m&f*E^OWpZ;l)(3rHooallmsX<hQDD>@4@CF$Z|;E61=ba6pV
z%Ow1$dsbhn{=*d;5kwW)b%IZk&#xXBDE(kRVvlu=m~ux>gi~|Y4Vq;*59o`{)Wdo0
z^kmOWlz!EhEvhHg$MwgGJg2;-3D~KgT|Jr|ZGg!%Nm23vrBjftfGT73Vilu~MJpoD
z4#f2um)MpWQ==*xqW1)0?9Fu<P5k{(yMdql^+bF7^D|&fE)I2_#tPp2TS)?nt4E??
zUih?o)=_hA48n75v~tW1S8HWum5S$ZNc^}p2oz;eGP(kao!qc4De<bw_iGDdXK2LQ
zF1k6(CP90;CW=7v{J0+4eb>+|&H*k7_3lx(?MomE_dba|0mOlVh-yMmQ7^zU7damR
zFOC}M(mw|k-2!B;J`|P?#9Z*5UR`#|nhT6I&^VV)P3_T`x(E<JcHHol)Y=VFKjVWe
zX5LkEo+~8N0}vr;XsL)hh*_Y!g5P10Pac?j4%qB-28;KR_qQmNqv=$CY)AC^I)T+*
zt2vJ*aO7JJPb5{Pcwy$!lu~J<mDiQ^m}@nDlRCrd!;zbn@?jJacwdaL0Rqq<YXXQG
zaIKkdI?QUi3pVZA<JZY@UdF>IO&e{F>;5yE9{7$53msMU%qY9bTp@b8NIKo7qS0`|
zhq+iuO*n62-)52VP9DAG>H?$1TN6xi#0NRGgw7U0j!!Y+!_BzT$|zE_epL8NE*)d(
z%E6_(HXqyZR$5gqQIBig24k2ZK7s6$`DLu1rH1|ke$s=%HWRG?Ujjxlx51mr>Ednl
zHEj+IVfWiD;jY2Lw!0zBL}^_OAQhP*^mxC!BIjz|K?r^g)TM$iCRFZh`TdKG-!_vo
z&q|S{)Q>ET1(8p!7ZU<9rL|Y=jPh<W=8KApJL6PvSp_JV98gs9Iai(8j5ER|)l0p)
zfyj>3WX1$TWv;ppe;ZNbJEcc(iFp{Mf{(sXVA^ri;&4y<8N>6#V-J6f@QbX0?WSz8
znC*@s`Ms|2nVu##H#Toh2Buc!(tcP#Kv75Uua^7n)R60sfk?g>)?%T`BEnG>P4kW6
zfMzvvlT11R_smK$>uE^ftouby=h>N1`TN`nQ1<}^2Dyl1_p0hAkbu?XTUmQ0rFyju
z8KT*c12kp$bHS5lW6(rrfPn_}YBN49*7YT-0u^;2)fo_ssv_{}0M$`J9#G)kb(jL!
z`)y8V96}ZghsOdc^^EFp%)G9}0Vhb$cgkq)b%$F2R6g;K+c2!DS=tUW?<$UoD)5RE
zwf9)JVE~N_`AwkY6Dxx<@}PWcvkpMH$_9~K{xod7bX;wXiRcsF*oN_UdD_y5x=hc5
zO7~l;21$YfH&uftHn$fveP*)_v$LyG=6*ff=rE~hN^=jv=@O&()J&{&%;_G53#;rf
zUN&IK^pVM^RvW*u4>w1gnNaWu2be?XuU!1OVZeg;A99jqXpJ&Q3w?Q=<$}Dh_cDu>
zVXy`|3WRWu7}tO|{Th&EM7XH+03=fuROV5QfeO$%`1uupMdDuMn-zH50*xc~;M7$A
zGWJpqIR@`+xDZ$2&#6YrhBR}6U&6IcgI001wrD>?^`eeTcpY##z;KiU7Hhf`xL~!5
zFXe0Fb^QQZFdqG`HBl$mmfuzYGbj$1hXbH&#GW~;%DorBWr?|-HzS2YY2~k_A3fMI
zTv1p@jpwvPQP)hmM3oS-iTamnj_ojI)Z=-&R>k?Upb^)4(uu^~0&f=P2va}Qc?||2
z%e1QP>9<D*7l`=W>aZ<(U*GG39A^cfIgH>6R|Q%AtnmYgfsCT5S^~+kq!-83*TXF#
zLkK!TjhqCw@t}T`qH`81opBm~0a|=loCb8&A36aQsj}MCw?|dCKPF+QOYE>N8f3VU
z$OlTsF^ly<*c;`T-xjJtB@BdAvg{-llIb_e?-66S8g++36Lq-t7%n|M-=@UY9_S@H
z@tH1-S<RwKH01y|$`fdF8O#S$)dEIJUBE7nR)!CrxL6x9&GdQn)(|8evskpf*1t2^
zl=kK%2<W#esA(o;l?=18)RoX%HkAX$3Tm6j1>WB-XA$CAQ_PWWfb;;Bq$!1M$e4G!
z8|pTHAr=*$>s$UyW)8|30XAq5QRCySm`g+*3mzRauqIE6AgcEKsq|2N`1@Op@6Xdg
zY4=WdG@-=+jsE+oy>3q=0US3F9($NZzSj&8)b(>U&0)y^`6SaTQBvU`A@7z6V9R!)
zrDPeY&k$+oecxU^_EUhW_4+Q7rZDVh`%}?5ZNZvs;BT3H$)l~erYWj(5xZPe(UGhW
zHuMnRbCb+dHtWpttk91r2N!Tl7u7r;>^UUyE)NSf0f4DV;;QBiFc|FD=>L*JFGqTh
zp$6#^fy6qq@wy;Yt4zNc>1fV+#-4g1fj9G`t~pr&6&S4`hkA4RTzX%k@PxdD!FqQf
zwUmuhucr21AHXtK{l=<pp7#uS1qf=CLGZR&1*><v3H84x45bWf8V`1LFBe8RH-hbp
z!^z`DB=J{EiwrIT?hG)qoG<0}AvrL=!A5Xaih4&rNAos-dqQU`<$X3|Wl}p`!&gKw
ztPL!ACP}TENN+~R@uI+o*(<_UX;s-=;>_yk(d$%2V!0X8X^UKK453)CW1|;GA5w;j
zJRH<Qnp?)TR|hGOV@pkJL2*sk*BwMLfn#50J3F_3XC#Mq-1Nx<vcO_p*9P$Bwqh3=
zyj4*>k`<6L-<~Lg?rVo-&i7m}hO@<<-=s7FM2oLe8(>DHnxCbdow+$;ZDCl|S%(m#
z>44z(X5~>dNwARob(#2WSsxUqV6lpPRePRL;0;J)AVhPFojIb3)4QfKn5LeO492PU
z>9L~`MUdY?K!*!B4GVNE0OWhDHNl#^0N>WV9x<kgU5a^dSZkKdmzhO<C0(I2Wdk+b
zCxY)`Ko{F-_*R!l9!qAa+9+oZwo-lF_*4r&M@X}!vZNq}C)rZrkAg8lUtBU=hkD}x
z(A;)ruUqb;?GE1AOr6hDbPJwY&Q9t&$t@?aab*vPpOq&bbxBoE&NEb+5suBc>M}(y
zz~L=`cC5CyIa|JLe)v0^=BsWf>`|V*Of;MYH1Mpstv7F0!>Ntdh=1B7)p?DTBMm}5
zS<0hA5EOhR)skRn$o<)TAly~pj%@wp!w^*T0=!zOn%l@h04-4)k>)y_Y=@oOBkEU{
zw`<P*<2>=#kF;ESID!#NU7B)jgc6*Xi6&v+c${<3>L(PjG(B0M72>|R!So-?`YV7y
zo8Yi>J_rw#f2#;a)pS%qdYXDk;g5V|V1}%?q5CzUbqOIW<`iy^_|(*-2gj~8l{Q3I
zSmrb<RHVeIXsJR-8x;pf!$0nh>K^0^8f3iQC4c}1msgaQUT}Uz2cV~4WO7y23GlaE
z3hwvnftnaV9_s))OEP6C{HlwWJvflR{&(K`GXUblc^t$<#LO^d$ggAfxTwIriR|bt
zZPxED6(0<&Go>hoRUbf<n={KtM}+_?%OcPpd7vpKZanfY0fBz4w|})<yK8Ts>YB5O
z&4zWZ@KX`s$f#4qz*OL&ZZ+nEiaC|;1T!o15?aFBIjB_LFxOtm;Hz66&Eo0iCK2Zj
z)j-BldFN7NHY*FN)~i)K0c2#%j-aikAAq?w?sWyQ>4kbzKs)_?hpM(Z*cUpl4ezW-
z)c(-BE(728OIw;!kFj$B`qO3xq8UA#;k0pWvo2&lfFf+MV$Z94IbkDCF~i}$B!iL-
zN)FEndJ}*rpuzmPya)M>`8t!0;pHOz0xdi`P-d+Tx@Nx%P{zOS6?`0Pz;FUOMs4`b
zp~woJqXBO_P7&i7TjM_#y1?pq$~lU^{g3$%pyhYm^W`JE#YRFR(2~nj(3iSs1~vl&
z%4i9&oMYPDPoy4e=KJdj-3k@LCV;j05Te|~40qeW{r9(R%5Q~Gq7-xF0(={U?}~&s
zs?Fe~8Y%$u0~xpoWOfU-Wp8dkD|O=ZNgB@;OePtYU^jg7s;WYJUo@}xpRt(T(507!
zO;+Nyl|D9SjN4oR)^EUr5)9&tN3IEa^WQ=w?X7$!v$7T(7|GPJd~qV6CwOg4F#9KB
zNYC<CPF%>+FthKpw6RGgyu_tGgNItXpxl4?2%M{0*pq$qt;G7x-c1fGkMUaEd6V45
zSXHPv3*uWE=;0~w>Jp7))oNC?!(!98(sp(h9H;?}{r~~=$9R>GyV%%ZU9R`>xAgDx
z0i;@sNjoujK_KUy?qWJ<%(N%+QxpN~lHQxcA9CbO8RRkmgtXHtfX$q^G&u-B-<OG-
zg+nj;KNJFKwt8(~5~v3=nwVc=<3|#J9iF=6oZbltb&Q`sEF{XL1nwN;_Xo~JDJ26=
zz!%tR+jcr+h!*gZyBqhf{~Sf2Nc>Ai|6e#~pdPfiXPK9-?5va5w;wm~5n5jpKxnK)
z?i5f%{QQXTc$H}6J*rD54_X+hM}&EIu?`5lQ*<G#2#{<>ngh^TZNa;EaA41a2Oz0a
z@skGy-2P%LP($XD<WYW$-a{S0=kKK7WNq($uME_vZ%#cE`s9-cSYOQLk#_4;lsr0d
z>qC;`ZUMEl-kda3^pt{US*<P5G_G~uGZ@d#Z3`NLXu$;qylb?w@dDk(k#QqA=D~}%
z?gS!(Ys_t(+{fNZ>uc0cMEFcSV$guin_GzlZuVhiM&5JtRpROtyLGU-eE?t<&JGrP
z#YHbqx5rP`$o9GlJkC^F0H#sx0T3XC!1Pn43-DAFd-A4`z|bnIP$iV0&y)wy&48|R
zW4QmUs5XBTA$RrQf*D7z3LLOTi$tBx+|t6qKL|c<j5b(^Yg+!=1<FV3s>uPjZOK;j
z2cE)C18HvIXN*6-5twX2lH(4bEX~hRFx7?ln(_y+buR^Yn!j<RWyf&2GgbDXrj)=%
z$H88a{G5MpbR|a7_}?4-!_NP|a9-t#I}nW813z<h`2GO=-20>kc$q-AFkb6-fA$)3
z#>&<<?Jt>_Y#YMp`%2_40mTnG5sUBE368oY<pc5x<)5SZ^cv7=)C(lWw1QXzB(PoD
zf`LuaZTD2*{gDK%?ax3T*I7`M;-o$?5a$JSPB-5Q77-ZQnCOqK+789dN9xja``8+y
z0NoVv1KWzSNR}IvaVRe@M-@$cdwrAv)aLUnF_+FmJd8TiaQOj_dC4s~KD09go}*5<
zR~A0C?3|iv70Q-^kO}grG~n<-ado#Cx(T_u8VPOKY85u@Tp&>mEr>wy*cwnj5{H{f
z;6_R}F-P<s(aW@#{-8A@!sdOup6oQH;pRicfLHrx;#BaZ>bxnajGCp1fZND;jUQj_
z?q>9TxDP`S)Jh67D5DEH8@6Q*Uc)w9vqDf>8nPTON8X+uiVET_D5&(7X}Th7fvk~s
z>I%ZzTCJy7H#pr61=lki4I|j6WfDm4NR2Wo?>E5Q>hY^39IZ|&Tb=L+DeE_0bJ_<5
zb~#h;yP+}aHd)HS)goj|)}3pU9IZ~oN^!fKU>z^)Lpu($2w=_mctDMeNEUG8SJ&~A
z&sqLg(FEWG$52)UbqDv05DhJ2=X6SUsS1)q^d0yFl7?@VuQ`L~GV3^F<d3TWOPzN!
zZk|$QO|A(cmD}R*PHXL@{m}2(p$nO+!#U0wcVtqn^1H2K04%uos=%GS7Wy31t@2uT
zK0odq5aBWE6ghU2#qA}^gA8QWZ`%GD3~^TvNUEWT66aosxt7<KMl!tZ!{Ub-)EQV(
zk5HhcLo>@;(r1P%ISY`5S$?`?-U_7l+GF5QkQ2PMM|<8*{vUe5CW1yUOFhu5uUb-}
zp+B@a*C*Vi&zwjHn1uYAQs)9MpRpxP7x65hFG>!y)IgnDWIcPf5cv(LKYuCe^oaoU
zeRta@P_pV8ywAIx&O0fO4!u<d7Luvqna&aJ;X*cuK79kxKzXpC`%9knGuNp57;vZv
z;PKvZkwH0d7wGk}IRclndb8L>4w(Hpi(Q}Z`2)4Xo<k?z$x<dFI|f#JbJDxZNmHP7
zS)kM4UJh^eY{yH0d4IA~$TQUdmn;j!5>4hL^9t%ws4tFK8O{tI^QJx-^PJ&kTH0sI
zqouQiq@xw-%}lPTS3N1>0iVOBmtms(>?0$S9cVF>RKn`KBYg<UTd!<eh*9+|QL0)R
z=d7;$NQ&I<$c<diHDY`hbM3{1BF+M(7n|e8ENxuqq)e3s7)Y}~F7TLp<y&m9xMuK#
zBDJh`e!>1B%LRnU?K416w;BP9BR3Y^A~!~3>w0%2NQE(!>d8xN>F&p78pfB`(QM*U
z1GJ7-ROp)}6&q-k#e)N90K<>jNVcz#mhyL;I`zE&)Y{)sDyMHBJ@)C<{=Ivj9=m&W
z*Uj&TPoIAJ;pDle;eTCqx$)-BZ90x{<(lx>HP7Tlb~^%;7I^#Gj(t>SSOVD;qY8zH
zPiL|xs+JS;-n@Nl=~gbFzx68S#+A{c!Na(X>>`IegfzS<$yiiHF7A72ZGfilPlO@(
z_l<kTFj0`@oja%WC-d_<Q!W%Oj#VqnJ}T4*p89~nE8kwxxBSRG1Aa^91ozc>!kZbS
zrTB*X!wxTET^~5~-mfg=o~a!!{ONJQ{zJybl5U|*z=;3)0=Q8`Jo7`;Bvo~w;qFeB
z7c)tg!)?Dj`Q~j(eSJMDc=8&c(<FVr|I-JZ2pW<+Ch+baw!pFIR&DYA3r=_J%AJ04
zpT(*}rgpq|p3NV^QB_ZCr{sR%NKt{N(1u-_qP;BW#r}B<Ywzwt3#t6&NcLo6joY+L
z#}pPq61-qj)o_WHgohsnLvx?WnW2)*Yx&1qq!p80QI>VHae~Zz3+7?Or;s)aV*)#Z
zGUP&vUXQGr+k<E1wwZ1IoWA$*<+?f-dABoJx1XZ!)0bmck?u-Zh1<$SlKgEH0=`tJ
zBAjMv19@Hk>uZd|hcfJxWqGHYL)RT@eF5Pr^!(2fBfCQ~8_g3F*<^Oa;>5?apmFNz
z+};ARl4xAM>6Wb$I&i*5$SE+eR8-mFgP2RSePw0k>)sGjljY60T_6MurE1|=PwQWH
zm(iLCpf$#4X~fjE!P$8a7nAn%)P@mIvUt0`C6zyMyW)1(7X7>un|NaQ9Yl!IBUoXK
zP<Cnh^!{&=92ZiddrZ6}`^D;f2W>6dI>koj5XaO5&oSuGne9urGwj>GE7B>Xs}E<)
zo5dI`1jI{lf)LCGF`sKp$#|(=6z#eBi7~J4Fumw+zK3|x;U6wr$;Dd{N0bmv?KR?t
zCG>!22tD+O&+IDe$V{V;PPk3I7>aPTCrc|OlK#wnYXP|rG$QyoATlp8W`F8RvbUG7
z{*v7`A{&}1@h6_ZUg*(uNd{bEkbz|`T4Bj9{Y8U5z`b$b4l>V_cO>iH5n{H<ujZH?
z3NLs*xU9(Y$#bZudS<I4d-fZ~jBdK*=E_^C$GbH*Mb<#bQ8T1snr;N;=SvGYsFc-C
z!4|lQ_iI;yliF`XzQc`y<?@}%E&|C3%ASX~DfjTavRtCSu%3ohtWnDG>D)BWzpo%d
zXO{=@a9+8AJ~j{2%e+6oCZiVmtsT_dZ({j<{}-JaNL*!q=rsd_v6`?h|5|_64Mgj&
z9`9<0+URS#8WqM>E2qpW@84V-E0EE_5lXcgp0#Z%X#{$z3j}AE-n(*WKj2P;=`%)j
z2ZLNYcJrsmuzb19UGHRtg&~L7oBBN&IzK5aW09@^;(RK9s2xP2qs+lblVtd9(v2%o
zE6l!JXGg+>`o5E(95mdV4GBrXLVuIb;m}Dg`i*kNI|Kxlg2z+nYhT{gFKs~rF~2U4
zH+!Xa?oNLgWl(nM`mL&aik%`y+!j?_R?}Nq1w@0nWn8nl*L~IyMRmL`rl8U_H~O=p
zXqWzoD6naM+%rA&Ja(XSI6$2x&+cEWD|755Xkum0pZ@)3o>SL<jtT6Gc-sECXX?N*
z9d2#yi*@ZE2TOX^-Lo#ar9QX+vjz74<xI7xp$8n?{nP{*Vf9X--68{@Ev7V=+^fgb
z$Uv_=WKKfl+&fn@q+b4oRE5q!jV{m2lvbut!1lKe#3#BuM^;l)bGXRaD$iI{vmAXH
z>>VA$b4Z#e<%iIh{C_qTRq`E}qve%f7fi~{8ZIfk%8BBKBw6-T=tumf^&w<kXhVBQ
zSV4)~)9H2FfEplHy$4*SI5cnn1*^uCpIS~053crX`aK;tAfD~eu_=)teOv)HENv2U
zCF$;6hvse9?`>`VbH(cZL!X;vi~N#bf~MLhCwp>Fd9-zFpJ#z&LF&bJ!=DpLVOkNK
zEpX68jSUg9co*}_lK&S!3ny1QythJU?;JX=_HCLWrjmU|#lj*M8aP&W-QB&wx<0~8
z<brj}BLh_Mpe3LZ{Y*6MvG%?UUVS8@?9@Lhd`Q2@PZc%-0R5p)pzFi%n(`IiHNfrH
zZt?8a#(rEn%)Cwa`LseSY7W#u_Gaq?2UQRM09;2>GsLW-;*fx{*RRKR!^Lw)+nRg4
z2VWm`cfdv9_KRG2e<Ah4IiLna$O6ORaEXB;N;YHe&uty<zZ4Q7$bJvh2%vnxwBgn7
z-nHfEL7J~;zT78zv~DbL%g<o}>fg)qYQCiZZY<C?bKq<(w69rh=mg(uj?3;?zO#Ry
zb}nq^RGO?!kyFQ?T+vXyAuU+Jn5vw%tl*x5QAUQ_T9dim$dIPuQ}oe-YnL)jv$WTt
z!)2syEuI4jb(mS`Tu}sA%54#@5&E{Z=H}GY)WS&KM>&g}BF(89&1>@6U*#?U#AOWK
zhAE~iNhFjzTfMFtj*lFNXR?v9?2x|*>_-1o<NbSo_;sHm72gcAsj&Ut(2ikD?=Qb+
zl9Y6}?UD>Sa2)G_OM2`#QTXJ7UGcB}fF*Navg!dp&5`wiCgH)GWRJHu9#@1!q#jV7
zSv$*q(MyYe8HMc0SHVl9KXv^UJg?SX1ZzIQC^OjheBOEq&O0%VhkpFo&x?-rIq|pP
zOnbs*2^(2IO4VFc{&l-p=un}HO&7PP!5{vgUVzQvLh`F=nSjokG4q19j&orD;fr;e
zA!GCJ_GYR3pcF;p4lj;<YH`|dNy9-S!fx-HsPLIx%d9ST!RD4bVX`(<_6aC=lMG|0
zBB@{xLmeH5L^a=~BgwZ1&~fAv@A%?2b(w?WrNVzJenzHcOke$`-jk(aIsJ6^+n5T)
zsS6U;_q@8&EUWY5=O~m@9nwejh};)92Bq4}`p%3M1esFCHTNmqYq)pjCERmSOu^y#
z4Zy|%(#C+1(RZqDToU<#?i)pKwx-+w34peuhwh~+h?S05j6p|%B|8%m5;EBoX@%g-
zshB(UZRnci7&wYn+k17Uq{#+BTMp#xnSJZ37de<lGZzbpX*RJq1Pgc^9kY0#cB(0|
zOG|S(-Y%Yo)C?&$$K@YB)Px9MUr-+o*nD1B>gvAsO|qZo1zsB0?T8wV`UFA@ZU#=&
z+)P(7IvzI8gxA(btu3V&P8`TVYt}IrC(*z6%)AkK8h<MYH2(Ra$p_iTp019+=9+h|
z&Ct%rG~sZ=MXjn?22?T7fR)8}W|Q87<p&>RuS`HFgOJB^Z|gO)p;1wVK_&9)5boC-
zUaC(E3SwK;_Ep1C>4m1Irf((mr;Jr_n@{!h^ujkL>|+_s8F5V1de#N&BIF+ffydvr
z)|TA2or9~#hMKK}3oe1GMQJrY?K&T?HhIJrNc}D77cah457{GpyRJJS2RqD*htzmc
zH*Sza&u-T97KQ_u*0H(-+r7pYKLAplz@v<Jdt2aN1NP15B*w=Nx71HrR4qQfN|$&o
zklgX9R|-A+4P*#HM9`)R+Jl8vnG6QlSJvEjb?7Z}|NLyx;H_s-IS%U9b*4o(;&)!U
zbV*`^^5X^}tH(Q4#cpJjH%Hj512LGOke@%#?w?m8T4Qa&AWKdZIJwlycz%@!=JJMc
zNSx2_88gYVI`pNb{MEVN1-m6Qxv|(Om0Ua5CBHyophm4P#|hy@?sYw9VPP@XlWvEo
zfz1G@^H~)5ME)*`wfQ3j1d|PybywJ>?&JFXn6OyW<h`!|6bs-LY3U`zA}^#nLtpdm
zOy9~(uEgq>{u=~Rg^wreO{%P*z{wXVs18h)0KDa}K@KgLyMO=w+T?T4)@Cc@>=@zd
zDubaO)mw1Z`-fs@x<W}3I_6WNfpjk1t^%w@M(SfLr5?_8>cejVNbJ&p%EgNma6YiG
zkGtRA5a1qNaym(0$p`gahZkJ-GL|6XdwFOV=-KAGkrSF9)n+HJW~oA+c=u*~<Om(k
z!&OyP-2A+l7<qW`$XPGu63(Aty4}xBEg3oAP#UAgca@PchkSh~Ghn_{J4;oQa?25P
z;oe1j>(`2(KYyO*mQ{ImWzAyD%=33P4!%lq6@M+@Gq@8>S<Aj#UwE!$aF?m2aq1hM
z>f2Whh`?uzw_{;PrAllHUbe#O0>>=3iN_R=7)s<p>&fbyJ+n|P<AKEFf`Co(M=NU$
z^#thycPW-<`LJ1}|MeMcO%yH446SW+Kuo!rI<${T6=!i0z0Q~F3!Jo=+Pq2kxbI;p
zMo3XE0#h|X#*W>~C$se-E<U~4VOsMu$u^jsVdqWK6fb9*UPks5+tyZbnMB1}|G}#Y
zw%_G<mOI7EXg{ilKSLxhlW+&bdPxkR@D+Ic_Qq)e-agEZ-?1-|J>Hzl0mg4CdeAD(
ze?f>FIaxX}bpZ1ea-u6;GjR()Zo+Y;<pI;KqmLFPxh4z`c=bZbc{kk3od8tsrQh2v
z(y6^D%=&dy-OtJOdz?tBr_Asj<%YKgQd>{>k8)RhIX;b7;@)a>*4QcKoJ+Sm?|XU9
z+I@og`Qlh464~utJ&0MZC~(u_W>%BK*Y3S~Bf1YEyAI7ucUc%DX_0D8qV>7X7@eEo
zH_56#hdtPvulunnrVe*<uN`Kq78FF^xOUjk&;uKoInXJUp>UI6Q+iLCb&dIJEMc<7
zeI32Jv61E}6SQ)VW3&c5KJDAk=D~C7?*JU2v6!+`c*6!v|4h1yYjb<ZP63`iN?N)t
zqVmH{OA*2`g}*&zcMSZks<*eVhF(mAWZqx-$Ryq65u!RgF9ZMlrY0!GcWO~zznU8(
zdPy$4+o30<-bp~(JWicriW&inEg;^L9sSp@>GZR4Oq?rncxBvf3s;o*GU4{nl?xzX
zTNU5M6~i*sZ^~cakieD8$d;%(3<qcqR4~MJXk$6*0k#0PeXdc?ag-!*X%{EWP{%ax
z$e%5DXSu}iS}oclzEYknWsCk9{Hut1mY(@b7iAE$p?o%Z9(~4W^#$Tr()%xRs(S$d
zAOV&PXl+w6mz>)fw!6@xB3LKl0ah+SX6AwNNAzC;k1f^iUpzln%|1@_do6zXnXm!Z
zy2sJLV-btN6q%4WdnJ5&zwwZCI=b~<wVXOC`ors1Zj#5TqKb3CB;W13$ag6q@7wie
za}kS-CK!jtgeajW<x9$)YWp&mN|~&}pCtdGKOr_4%iXvM>P<e5WHHF#<2p+-$z~;X
zig$C2kPE+Z&lDBY)5?fB$~UN{U(+YFfOxnt^07j;$QhZo(BGVM!KV1Vlc2U#XR5Nz
zHDZ0K<=Fn(W0I03Rt4s|*=WFfm0jN4UajttORn->9|6|#nAA}Z#p37+IrA-0t3jlN
zceOnX*4*awJxA9dV7m?=p(7ek{+e{cMGbE*eUB3Z<=2FfTcrw&j;ls|b?$;fBY$|S
zQfxgxnP+PSpOCq<s-VQCqL0PQqj0aqV5TbViLu2XhQ{jZnsr5bWAXRoo?}jRDL@dJ
zzf;bs4w{>u&MlvGP5X2ZeoH_gA#6lOU-Scy)4Wy=fIxM)BByJ50@rph^E-gn!2n|Q
za7Nuav_Ki0{wND7v8%9R`w)$*<SkGE1UVb41ICu^8!NA0j*i|dh`Y=`&n&$2Z^2Cq
zEg9+ZuP+W5S82-PdDEZ6G4wi`ZagIb*j%V!c8Wn1U5StE5i!rN@CaLf=In&>7n*^U
z^~-WNmy2PDNgNp7+Vr#n#_!kv*zPTAjI}y{_t{pWFUwE?y!_)*YyhExl(HZ;U-Q}F
zV=b)Jd$=eForvcJ#0*tiz`-UL*SjYo4_L;KmX{B-rCeu)sO-pg0E$AX4MQpJcW3f|
zMJE9ED62lmN&1r2iErw!WXZsaHg9=9ZQg1_jh?eEe7r|^p(24s6puG8Lq~nh7?A(R
zFOP|f`)%vOmVYIM#|7{i2)R@3*W+ssKYhAivfZZ}RZ`LZ_99oG%5*?mbC4oO-dWj{
zSYO^?F6o{uQP;`w2l_k(^nl`NSNeSoU6~7bF!8Vl5kP2)q9%>-2q4|S0EpUYQ%>!t
zVq7N2K`zN@xg6$iAjfb0?y4*%6~1U)DInIQ$i8@y6aMH+(CBCG&N8%Y{B~$*<z%Vf
zN8;d)RP}`T<1CwEI>wtO=RpL}{#lb_SQ9_LKStNpyau$)a<+3S``1=QN=|gD`3;>M
zUcX%uKnOWbJo`q}tSTFgrt6!*PlDvlpHl$CEL8W+6zl@xx&NJtgiqZoZv|T5&c37P
zJ+Rka{9><)cYHtCtM{it&iu*t3RU~&jc<vTaj#$hT+(O1<yfALE17g&fES1xnuQ;y
zX?x6PtBo83R^W#gfD!wv$9~5aw43q53M%k9zJW+nIS%HL3xauI?~fvVB7ySbNsvyc
z8!}77&o|o<8(I_*<oq$m(Y6H0WjQV~z#cnebp34%M3{Ml93RFUy@v$6+}MvWqCQ>=
zj;{-La#y=g^5Z?Z{^m`U1lzvK^HSYWfc6O<9Qcz%?_SQ8IgTG3xQWki)qKZw;Z~Hp
z)?2v#B9lv)Q!!nS_8CUc7WU={<B4<T@ls^1_`WK``HsOsRuku$&^jTYV$B-hJBGH3
z<c~dqns3J=>;AOGZ@%25x5cNS(IE&l21xmBA*zcrOiO1UpTj5Kx)xSmeHH~uLuv(^
zBFItefBf~%bfqiZUWH^ZiPvIdWYC-1d8%9Df{%HP_SG|zpBQsJAHRgG1K14!QW9`s
znF;LJEB%2p-tU$|oRa?r{)2~?(J?bd9a1{sL(|*uztD9TEspb2{fA4_7GsQ}x03t`
z#lefNxF|DHjN#d!RQ{ow%ST@SFZSL$s>v<d7Y+8Zg{_DvQY;_}0)hh4u>gjuRH;#E
z(mSCCbt@uGL+?s&q4!W!1f+%*Iz)OW(h}0|iu;^9?s((<^Tv2*ygS}K-`EH{`SNA0
zx#pT{&fom4xghep_giLj9Xr5+3V^A!ylxQo$-4e7ErX%#t$WhMZ}fl9<`6#Q(2~@w
zU-~R);l$7U6uL}h(1QRMcij4z0SJi?gHS#Gs**v(ssVeTAzDf#VrB(-2F2!j>z;z<
zwdl5R@|`J*lqlX)Prkh-F+ac|W~kpq-^Z?;70*;;Jmfuo=Iq)?JEHwdi>mC9%M5ia
zv?+JYarnKCk}ghhDpvSXuKVHnAv-|_j>$qCXDh~Q5+9q^MqrE1nI5ElZxOp&B>W4X
z{y>A1R`At~g>?bwNL~%jZ)#M@gOJj)dvwr->gY(>w;Cj45kfkf$|3&yl%+mq)MMCV
z-{w-`HW=q$KujHW8g+DBI`MPm&bM0u%SY`AKA8{O=eT9gWdQ3{;5ze~>BO89)09`a
z4~n?#4MxrJM4~KezK!<&g*gVH#s?B<`XOy3_%!$Drbe{fu0?znE2bLTov(Br!3KO>
zOMN51AAb$dA{>w}%AV?H`Wc8&EYps#tuMK5W`4QKO&CGpvfhTpou_PWI-6`$%mVkP
zO|{pIfy6|}ILzu`VRFlss2Jf1h$3WzPJ#ja_3cFj7{O}ishl_+soR8H+MRnfSFUmd
zDVmiuNImLeREZHNyB_9D7-~*{6l$a8DYYI96d6#A<72Oez%t&=r04Vu#0ncl(4J(r
z+jqyOL(7}j=~Y%uy#S*bM#-JEj?i@-8)!4zMOsyi?Jn{t^bZTZ?2gUiM0@Lwi1K)?
z4%zjj+{S$QBw6LGqPm*SQ8=_r@Dv#<w;t^HsBi*c5<R9hT}mP8LWb7`LD<_S30C4k
zqEef5DFf|?IwwZb=t-80vqC(lJ9Gr7s2Fp2Z)X8~;>0`#-xn<})LHP#C0nNi4&{=X
z)li6k=B5Pw5E(iA4_{FIl7F=W&fqBV2l1aG-MS1`Jg#78hSQU@ZOw69=%%!Ed-ItP
z1R=YH{`nhUo>Ove_~En6Y4pZldTqSQLDqLQyxgWIBfxj(?wudpVBtG_l2N<lCkS?q
zGwv+!8HMBKu}xz6dhNEJH|J~R6%-8k^B!lUCBeySc#gIm(Xr?kGr3XAzrM7LSJ<YX
z;1td3j1{^|B^8@CLxJyhhj6>)_5ldPdZYwq#9(<NxtaW=t!$=6u@B%{g8;(><Oi<>
zfUqhmMxOl2#(n3<sCHDsz4~Uip3a3Z?lZhd1<^-B{kLW)9on2bfm_)|m6l!h3th=-
zNCjhs&j?uKcujodTW%wt{lie*FRw`vUTJ5@Zk?XAMk>yq&a9E4Z1eR!&=0_{$pfpk
z4EGLj16~~<8Pt11=SIOqx1T81%TSp<0GuxUj@eKo<m5Rz6OHk{OPJHS%`UmR2&Q{`
zvXp+8U^2jC!1xyQ+)k}xe7zj9{rtILm0yovh$V1Y4xgAeLUDzvozEK92qdrd&Fnup
z23~%9l5=R#$z-+c$R4-Fa?5w^0>2Ga))ulr{(~i6lR7_Ci#R|uIYiE6y-*3`xBnGb
zIm6zj;pxY82}`4Mxg${%r8l$`wnWWp^V)h$1WkTP8!2nY0yq8g@n=98r;oPW@m=kH
zNX(}!&xPg)cE*V$tH<6fK0w+5t^KZ@ri-fA+N|q^kE8Lye$CYSmNIS`s(!Y+%Hens
zCw>+tz}FRjHD&5Pl7=CUSM4)w<>e<0K!A|uUyTB$bMf~QWdtWYl(FZbjsNtCIm<`1
z()YsNMV;Sp?RJzZRHg?AnHM|+;XfGQDv(%VZ3iZ~7Uvcb5`u0)^dcbuviHl^L7d{E
zz8ds@sH%FS_JxzvcmsB(7L86;kGq~DTjh|ay}<>9@3y7Pke-I_{Mq&`0pfG{T@a}1
z?|iyOw%&9J<??lsN^YTVBa8~&Bh>aV9}Ge*tmgiCm!^*<m}Bc4TymG>;2S6auwzNT
zPlj%ajj=;6N;^I2D93W=#6t5nZl~_GCb-EW)LQbQC$dd|+8Cfn35t|iVasBg94H5%
zHE7%WWb8wg*Y?oL!zD{gOKgUL|EZv*2dN71=@o^d;g>xr3PvjGhMwaT(dU_slCrY>
zq<PI$sfp)^p}aC^OasmL_!)U|D0R$vqDgN-Xm}VO7Jp+LnhHMp7Bmzf8M|0%_LRwQ
zisp|Kw<Yh8axbuk-4_HiK{9ZED_6+$i(!VX1j?o-G4~rjV0o8R0YF6GUU|uvL*Hje
zk>#o~F{Wte%nva|SxOAD+NV#EOS79EiqzL+w(~{R7;k8deDuK51?W>X+jJHPL$ZH(
ze;N;My>T2QCMr#8HkNnsPdn&D68TiJLAL5a+P>cGyf-k)y5v^L{u`S6z)G9fx;_D7
z>)$^fZGbX-K$90-*-Pj5Hyc>q8urV^B?F7*J5nx{tW`K%G?;lR{gDK3ZSv?p;vcbo
z@klV|zP_>C?$Q(DN#bQ$B75Qi8`OrHb(D|@g6faSty-TxeS$WXsuL`peY5V$GaDQD
z0Q{qGEovZLv#BrrC=SF89KvxUsN|Z;fY#23ne0e*;5Gtl8Vf$G7WFo3xm8JWeP`M5
zN$3j|FRD+TVadeD)wDfd_oD^(-@1di_wniYtCi0O&!x(M9oK85&&D^;0d+@hf3rSo
zS7kq!BO>c|<tCPR!=flp$l#b^T#+%yIj$Tn)0$lJg<2!9^w{r@W^NOA20?y}nMCsE
zlKcchJq44JYATIdX*t5XF<l{sCAzlS9{T!*sGh!w%=$NLBXK1NDh#kvAy{$IhqIzt
zAP{gGtG?PVtI`3DN|*_1mt4vA%s*2AD=Aiw6)K*rJ17th4PoOMq|+!>FFVp%^&T96
zxJoAq1hE9q1Jo*T?^e^Jg8&owWNeWIax@TSb?dnO!w_W4kTQ_;pR4xP8D^QP|6l%H
zTXN+}F%$`$pYC5tOu*@;sNwrC9*HwsVDWzx+I_YeqU`?Y(66Qwa$Y7#{ep*Oe-(or
z&_BCpU%agyy?pg_Gx$)<Pfc(;f5=0~X5m4#`~1*Yq1ap_9tgx$2pCg?0(}eJfc1}`
z-ZRDPE@4VN0O`1VI+(J$KIXbH27iPcDzdw3k;4KBeggtqEchSjKw4mkC&AI@$jEyz
z7?4SGn{a0S>|BW>3!jarz_0PhkTl)2uaLt>7WM0X4Q#u@M}Q09IoH+`Ud#oWcd71x
zdx3iEw*6#Y6JX78aCw^`ik~L;V<rA(HdxM@03N&9HXolGBa$init$cuO<&J7@yrEt
z5HEe~SO={V9&zqnw!f<aS_?_(=ms6U```+MO@DI|WOi>pI=sCQTjEk3UJL-xpO;Rb
z9y#m1TFJ_Nykoazg{eouyRNNb5LdzfRdvptWLD>8USHpS`j>0=-+%wN9R8o`K-Qzo
zBVGn2&Oq0h`lQ<dR2VX{w6c<4bF^`F*9;^8Kz<Wjy@9TRGw!wiXjA+(KBYw3S?vG)
z1>ZT?VxAtj6;Zu08VFOuypUQ8JIz<{_*Fm>apFqPzArtHCJ%wo9X@cL(#?(B;D@5U
zH?Soq=|6vQS+j0#o@-RdOYdGB+7p-cyYo=bwpR-)c{QZ5P@O|~82}n4ic<mxBZ}7*
zVCz`{r0uNLq`bWAfn?GMF<*71P%p%Ger2WDz(LB&(*U&m;|cx)t~g&`-vVdUDwH$N
zR0BX#SD~`*y9v|2h+0vLNFU`YG=jXh@udM6a%c&FW6k~U>b%QRP0mdcc1cr?NZ!}W
z@DNFRnc;4&4n@{``o%GGLMuh^DA9tam!Bf_EBvf!)vlo$UN35mKuB)TD4UPJY*Fs>
zNnh}Qd_#i(^jw$#Hl6sn(kCOdp|L^ND?+PUGxgZ{(dMYvT`>cFAe9)&(VcFDZ&Xlj
zf6#Kr@rTicr*hysvJL_7>GAOLOY^3Hu~E2(hn_bd-<);v)BY<-q(L98BniFdZiYf;
zL87QAtnP&)uGUM~d~+;!>7+!*{GHQ(2hC)Z@vuM01nkq5j+Pelg|2vU!qiP?`-#=i
z5Jd|pTba0cz2AmO#@zI@g?q&)4A6cW@)HuyhwS8Prv_cx^Y80Tk;x5)AVMrRot?Mq
zQ@Kl3)z*f2%D!Oj1E1}oIgLsz^ypOI-Ko(}ZDmk)RShIzQz_vI78o>TA+Yux^qT)E
z-bily_^{n$sW%%wy`Ed1t^O0RX>5tTvR>ry;UZiLOO+-cEc`+V7)R?4qzW!PIcAZv
z(93ZtS`(TEt8k76Sy0r8h0d34>%Mk$pgMn-%vCs9Ny%sj4(1qmoMAy0TcC@9E(*%h
zXFk4a%j^60;GI40RSR3a{e_Gr;WuY^9ELs@A7Km7LhiOBn|FKQ(R`j&16JR&?8qBL
zfu#MON7h@_QJwEYL!V&cj|%N(Ib35_H#a*KcKE8^U4KFYxl#P#oS?RNWTWJ7gF3YB
z^mANC=!f#vFmc?<oKCZ5e10VGf|DE*6Fn9kepAxzN2Y22HWlBo7$Gp`@9Z*KtAdOX
zzNCEb?FlQZs^Fs;0j_p|v{pgYGs@*rA1)|tTN)IaT|Vdl=38*gi-!=2SYL)|QCkF`
zL1>1`!p1_j5oH(ff^=N3&uuzC8GLt2zwAZn_F_+F7pIsVrB@+|(cJo>YV6F^ARsNs
z!hK9s!j5!IO__s@t0M*2wJN){$cNTbQzG`%(M+b^f_5xZ--eA>5QERrw{k%e;WBg^
zP%h%@6-q!jap(EK9bZ4c)qKIE<+AqGPWy=d-9(QnyDo1Mc|Q-1;pB%_1f}J&KhNcd
zVug$zXTFQF-%HvvsR*jrUh2uriC8Q2!>ZSFaAc>-5nnE1b~s|6z4zIitlNDwwO<Ec
z8!oVM4B=)Q>=?A=htkLm*Gq01S9;T~<({lHDA9f5Wp8Nkxc|}(DMJb?_i!g@KjYaf
zub)$zeKAttgFU$$=C!?h!2qRivB!r(&9;UuPu86@DRV~|7MUdv@d-d6qE~A@p(GMn
z9Vz8BowHJbFzDej5P(jhy@vex0)s}@91IJKk|YcAe6}*mRaKe#VnP@>aaHP3o=^WJ
zY>APnwMP6$bZ%}Ww@eP!LF#1}!928+Od%E6%^eZqGc!?a8uQwox4YWpn)BpMy<erX
z$U+BuUKkh+JpDmZ%`Z0dX1BpFX7(>~cRwcW&pR`t^i46(kAMUe$$QG}JnA$NeI)+I
zjp)`4%l1fz{#hlj`O)Jc{y$oM0p4v-m^{4QwV8P>Vztm_Psp9P+xP8_+MU2fGZnMO
zBwm;~a#yu^+TFura5|8XFqjCe*IqzKu65bdUE2JGdY>(%#mbZx2w!ouTL$9&;swM<
zA`0Y3BEZn-s71bg*-?(D3|!*PC2DL`4DPgQZ}+5`dn_@EO(Y9IRcH+jhFS4anq78N
zBTT=>f;PCp4ClVm?p=W-_6oMBI;>`uApua(DU%{>+>obukz5>5ZtZc`qR>Xt%cnSE
z+K<Q{!dc&babzSosFCO0cD(2l&7Nebp{API`Varf1pv&q-zc_-Bg8YUukXAV^=BoD
z8dkoyHz+9(<w@`7v}|)AH9N#e--_o_0?hHsT@2#RW+7%CIQM3Qm2L-}#>>qCH%_{9
zL&^20&sd3RVG{F3F9)NMU1JYy=EM%G9z90P)P!lgn@XB9D{L`^OJSI`#A+Rx032J$
z4>lQCnSJWJi1SyW_R~dWfPCP-_#1Ez_N}@Kbd-FJvNg_n)an3UkzbCJ2FkqV2_GBZ
zM(MBTVS;={U#PwYmtYnYykWsVZp9D#GYU)#>$$Kcg+#>*puU2cagFFk#74(pkm1kJ
zTjuov#xhi@K1yB1xZ5T-?1*holFHSP=G-$XJZgIe*ZGQUCls;|pNwCgIIb5y=d!zo
zveDx8xNe$b<yQ4_`XS(q4StMLJs&~PQJj8M(lj~synj*xK+#*4dzFm7(~WzC_BJjR
zz%^iRN95lp?Qnsup~rQr3SzM{b=BnULj3NCQXzk~sJD8df2a;}7OdnQ?5e^c>FJK;
zb}c!mwz^j||Fx~Q$YzH+iR_`-&}$}@`(lB68*FV`|F}(K3rEh-+N?EV`=Wce?7o`v
z<;Xty6a%<hH!vF*^XBJay@F4PH+tn<nsNrR)vphqD|Bg_$W3wVZwLiK1-9i&+o?6-
zOSY_;0gq>1+YfzC3ra&PD`_UKxRwmb%elP^xO*RY)@`rA9-AkWETXEHgXtIBLB!|g
z+SXH<`TyGH1g>L=y(=JnDJ-FjjJd5wJsAObj}bfynu=rPH^4W7MEBqizTCAEgrU&z
zIbi_n?vZlw7Z)mQdR{dAG(j2CnqKDTXeOh0<cL47C7<BzcDZS?w3cj+3%}sZ&vO5M
zOQp{k&ZNv9<vdj{0EfdBwg7bM#Y0)Rb@jOG&ag=9_=_q4vYrjpaS;=19708BWLj1N
z6p4oR1IdRp7s5IhdFB~(0IWn_SMF#^JGT*s<xX?iP;0zQw;Ok^1<7^#bTs*_AnC?+
zstzMgLse@d0#Gmek-nvtGbK}(0Md~SBph*3y3%XHJN3~mHb+zvR=>hz;cOsq_jy&1
za~@}Hc7<LR{LT*zix-WzO6Seq)9XpKpv=KxT+raI)2GR{3tS==gqrVSW=QBYNhf{W
zbvY|n#MR@^s!XbUyQG*hVC7K|f}UU%MS)NVEKLMJ9?1ox#Kb*`DjJe@othh?c6^eL
z>mQ0Y61@Z1HeQu9I|7`EN4}^-&vp&m!{N5@VRCBnY=W?|?kdy1#qIN7hQq^}_=s=a
z_eo$YA9>N=a%h%<|LYbK0{9Sp>#(4~%0v%<$y`XZ(hXbG+RchSuY&~HZ#|nZV?iK$
z&^Q(2OlL$IdYWfa%n7FW>Ow`3WHoGc`bNJmjE^r?$iNH<(uSK4uihP38Z=>%@wiU?
zE`Tztus{=eZuKgR6vw{Sh`&S7qpbf3t@Xp6KV0V2F1j)8zzAO(aao>i)gY3wAj<v?
z5eHUmVB!6-h2ww4pwZ}Zo2}u!i_&}36D1cL2dDkuc`c8ZNGH#&O^CO|PPMD?q&sDT
zb-hr#r+{@~Zm}nQYbU_EXI8|tsAu^(VcN9hg0-MlV*Z#1=XqjvLXZ9E=VH2fmEseH
z#)gJU2cpF(KAB-VJZjzy7=bB&wmz%_fztv=D@Tj0Dnp}j=$8fqS9l-?C0Ch`xyU8|
zn?ut68UD*~Bj(}_dbsU)<t@MWC|qUhbMgT;I9zMrCJUg-g@A`>(Bx>ByLOTa^zU7e
zRNH8Yd1irP5JL+(;DM<ge%CXhOPgYW_?+iA<M)}#$Zp$8M;L!*#Z-NQUQ?JNAE%Kg
zu7s?O%VW*xHF9^>rz><yn)kl6kdm-MYY&&9P=XzdH!v%Xf29*!xH`S&W!`i~X-~84
z%G;P$xv=}%|8%^ND#QsZ2tfPA`|U@z1XQLsmBsxx4|r|t7Nxl`DhmuyMO5FN<@uG{
z1%|DPArzoJyW_#|2uhG7U5!Lpy2a(L$1ay`;P*q&t%--0xV^|4V-+=bPK0ENJPXp5
zy!m<$ke;i%7aD)-2F%fh5}RL6Cd>#uX~^?y9#RR5qo*!6fkc7i@<tSoA03mjjdDMH
z=(^6c&jEoI!dGV1xq=R(1rYSirp9{anie&bpZM}0=!huhLZ(`~R?6xwFHR?|Sf*L@
z4uM@%dy=@|>_@7q!LN+DEv~sm4^UH?+Vbm<w(MQpYWY+_*?)w5-8Jfe`z@?C=4I31
zn~<p0hk1=57P0CJ0#M#f-ZqkKRUyuek<9uaO<4cB?WEjuz_fkw!g6nE+dw<y8w?#}
z{$`pqpN51WcXiWW0p|}{G<=?ROD1UFyXA-%ex>Pnm7O&{`#d{)rp~)4@4KAVRrbra
zFfK}}tbFP+`J%M*U49mRyQwyj50Rm9{6K{tdGN46eiqH1J04lpYVZ77X31r;KKtO&
z^;183&z*9fAVcTsFY^gnJb2c!=p-9RNZ|*`0B_X?_=GZc9?%X?;B{nPZcwf2+$L-z
z`B4_={+B-^Zd;SN=WxqO*o{m=w~hbL^g)~soi4-ODY)K~nlyR?HNchrgS5R9rO%%S
zb~h~5o#dXaC19$hf=2kRVIFxpnZ2owkB<jV4|170pKc?NM7Qm!-<R3#x|Sd%j+#Ys
zf{4Pez9*V>X*NfQ845)5uxWX26gN_sjoKxCkgWG4mGj@o`$!|!#oIDz?Zt0Sv;2%X
zK;3wNb}C=l9rHNB<dJ^rN>eDzq3vsBIJhtD#`A+H#}rxVN4vJ?zb62U4M^n;)jn51
zJ*_kJSfpdV%qY5SD$h-?Nz1}6iQK4I?AFo4)S5nd5*mpzK|gVs+WgHYt%NZ7A>w@A
zZ?!Tb<BZ_#NN%|=rZvtTK#6>J7NDNfV+XpCo{H2ArpAtJaH@m#UhBKcYdC&7K2PuK
zu5mM$9%*lRy#LELkO!yL>*e;YlJ_pcX({(>qK^SmfJv42+|-(WbxfIg-3ysq@lVOE
zytDB)?b5w%@zVzj3@VZu8XE4b<+_cdfqQ<_#6~lnT`;>$&+m~#!0e(;e<fe@leDj9
z$gI|`IKiZo&5veYw|QfD&4((~I74>Mc~H5uI9_+XoKkIH;Yn3dUXyk-T#M`Bhtg~2
zu)DW>$1(PU1$Eum0CRzs)nAIsyJvoNI7!N*c+kNzGqq&w?=xo#xMQjFn~T>fIy`kS
z%oW(|Xeh)=eXQIjmfsvbW!mIZcBM^*4bHZpoxxeJC1qYW6($Op(y9oBdo*$re^~1k
zB^a#AdCUxDDmBt?dD#!K%qa^(sm_>4d{6ASj5ca`SwB`M^ykk<V^-17YYW}6)zgG?
z6=P3Zehs|MYM!WClLlK+v$>nb^a5N=Wwiiorfd`I`sr7O%9}fTA!X1wlnK_Y|5xqw
z9;a?!Fz@+i_-<EQHYZ!=%I;{3+00xY3p^8BHs$;sgwKjjJ%Z^G{WX^Fg!5eQC2H9K
zzGkNTH*1h0Q)KqshVcTgl0Lvx?5m369ahXq*3$OF;f??|&9!E<-=;#QsMS+?MN)Dg
z^~%+&RlYmk*gOjrx{P}s2;?@#D_}fw@>e^W&KXR;?!B?lw<Vyn>F?(a1oun!(V<I&
zb`*UNfMG)i5<Li)cicRd)dy;Dv^-o8Y;|{B4lLPGhQ$^o1Wcu2%aOga30+M;E&8wA
zOS((&sB*%Y$BU|+Uzk&rz6!iY%YVLC$>kh*gi08FdNu#o%tE4-3>;1&R;%VBUI3gq
z<O$G30e``_wUH-!e~55#*BB}ni5S{M8ylDV2vUqceIoEqId67^EV>OIhw3KVq6JLu
z4kunOG!Wb4$?N3kS|Kf&6grMcxWhf7L(n1h&3#YGI}&sS1<LeHF18F_RV?esal>gD
zrdya>OC?IqZ;W88)Ra;c_?%<v0u~CW0fAl{WUngU&DJ|u(!KN2TY^kUA%{SeLEhad
ziBL&nJVpAPdNaRIwz^&2B4$ya`ybO=^1#P@AD`MnwVI^}T8EyE29lLe#)kVOt7vM0
zzeTf~UUX1W_7b|WNP7y_-=Rl%iz&D2$N)t8mzbu5s$(x&Uk^N{>^`Zta<iNmlP}HZ
zkmk9k>p@D^x|aETZnCbDxP1`vm7~&SWc=w}I3+SQX@AZ$m!Xv=J5ihCRJdO^HAknN
z()?y33*ZkxXjAzpka&X#5DhEGc2ro5?u7UH@K^Y|)zD##!)%tFDjqMG{&M!QXx-=y
zg)B+M(8$Psmu4~Sd$IMwiCW{yJKnpujJvl=q`%b2A+3PJ&s(E*$;w7hC;iFKjnNYQ
z{Ml88Ivh&K8ko0J$|VQ+?kq)H!Oq{6kdV;&Gv#=L_z!%vI|QifcF}EI4_a%SC-SvS
z;g8BOdWeOBMtDG@tYoU_a@-kPOxj4u12ry+3^jm*!y1d42*ZIW8k&{{C2DH8SZMow
z^FoL#o-TKOvm<$O*6(NbkI+&*WL65D&I)~ZSEnXu;QaAVzYhbF8l(K2&M4>c>W-W*
z>47NNqKGFM*DbT-HJjCVS?QLMwk4Qw2t;6ot<jzk2cB#!2gl#8rtGfzjg$lNNOAr4
zCoBi(;IxoIi3~I-FD(iR`tCj|PpM$a$S9zkijy?iZ!e$l+8KQR<w3YdvXo1-Rl4eO
zRg=O%_B7FSGNbKUB1mou06*FZy(#My)2gtQ4r`Ks)%NoBZQJ$GnB70K>bL8a)4@lD
zG^!m7%*s->U{m8*Y@xqxAc>@wba(S4X{i*m;5P^M`rL7hX{mxCC~x>Fy9#>OBA;w!
z+-n1XzQEqpNV?t1cVqkCFL|JZ!?QW`TZZPc)ga)b*qUCP0F3x}eywCl>2HnAy2`<U
z=NrbXbVsx?_8qSi{fH>~%D%>^R@yC-!!FHPiCWk8)+Qb-bd9UYr^p7X%6V@{cJemT
z%0;10X@2(srs=gZsvV@g2-jK$TSX-;$f~Re7)MvUWG`^hVG7QIyhVnEO_b;M<N$Ht
z>A(1vtsxWw3U!ZWUjFi-){mG^UZmH59o_7&%H+4}9$^nhAe8)EJ{AZpLt!=EULyO}
zA8a&v1;fUQ#+s=%-A@=k(MSB60!=d=AAdQJB>y~|o}gq7;Mpe+e{j&y_Nn|gfS1(7
zC8@7CHk*6Xemt*fQ8WGX+h%Ra*~FS@9~DcrQ<5)Op`EF6@h8qz3X04EV(~Q)JMM<-
zH1SG9Ln3)&`3;Kxb{s-%l_Smu`JZ~-eo^{yv!WQ+)gvJJjHSJ0HMxUG%F(0>nK$YA
zjh6Z*Un#!Zi%Fj(iW%j^kO`|o6&;FIR-koUjJ;!X)RDP$@!dvwChF<RQv^n~;4!^{
z95Ct+7pZWjT|33I6`N6H7&6BIM$*Q#y3hoxzP+=D-7itQe(jnna&D6T_QYt&z2?b^
zu<ga;`b&|RJlbuP*UW%5$%goexN(_iTD{rVI<a=Jo8<L{*JV=q?TK@bm3z69B&}0`
z>~A`svowJqnq$PWl665qxzc{z@~lHxEMTAxA7O%?gBTu|Iw!SBQ=wi#ELzhq-&D{N
zZI4x7CAR%-TNBU!HccKS<H5*X8m~fvu(jzt{nZO6LS5ioQ?iy+1h3q^Cr^g?@xc5b
zRDgN5#U!RXlClxSeT8DgkLcv&vX`y^CJ-^9#)Aq6S3vN2iZO4l(muLW53d+~;97_+
za5SzEnq4&r6t`)Z_NRCO#|9|l%3E!W&^VV<cuaU?sNu6`!P;qxnV&M-^Iwq4J7<=d
zVC&22bw2Be$hhR>*7pK0oXR?r<>ED^lK(&|yL11D*K?o#vb_9sp?gIzTJr<&Aa_SY
zk-D5rx4d1DcC@KvOb?u!Q0)j#3`+Ih7%Op-^IijxXJ6iFzK*FLEs?YUGv*IKsq4_K
z%|}RN^7XLzc;`vp%Sru<y%h5)7r_`nVgM*esa1*HRC%3AmE$!)ilzo315Yo2r(LAv
z`+5WZQ`Qc%f~K-6z&<z8qZ1K(&@vMg(_fWx9xu3u4=5sr1bw=G{O_d=ws#KQ((GPy
z?*c81fu8~XOLk=5sK_m=t7kjzPh<;nsXZrVDq4sY0-{_v-Yozk_SPRiUT%SnDZ~~G
z_vRD`u7DkqFm^#ygAfq7LQLp8G&*M`qDCo>A4H<z4jF^BwVUB%&7E94A{8Bu4dEfF
z@+eUSi@{e9)Ob2oRaI9p%|=|5Yl%!qB8>eeFXu?brZxaI@}+UKhn!;ONG$^A!-|fg
zr=~^PsfwArjYpR;3x(Xpp^daDN2w)Zcw`k{6m${82^MXwx{0;ZDrR*V9Ks{lOcjT1
z24P){SSy!#m*IJF=ztN9{`qufllbg8>9FL<o6aA~RabD>wOzAZi?)|<K)NH(2zO5w
zPJdnYu^99x!!pAQ(7e+SGuD~+qyhVgkm~QS0%M$a3kAxiDRBc#8h<wK0gb@vzG4N6
z7yY}+9^ZaiZ;G5)vLl#S24H4LbY$(!%y8`wtDR_6sCr^=nLAW!!rrb)Jd=KY^Sw?+
zM$xL$Zv|tNVWQPQDcjMm7g7!YLtX8wt0C~+wfb?>4H|siAtsK2Hc74DlSD!~T78EP
zL66(wZU`XJn?A4KG16_ip@g8LQQUf?8%iy;{9jR~HFqotC0yHEORUy<JL|w2e632L
zZpXM!cOJEJ2X>U>XFOmRLj}KUciL;!-;;G1zA2<vUVHz(PEH;?8thzJ=wi=%6A~$O
zO-f3k5ET??p%1{ic>XG%`Y_<OEdYWY3th(Z_wRnI;%Y?vfWU_ppV55(&3uERN0+DS
zIkKa3F_VLP0HO3^Ql&DUevIT*NOQz^RCHtk;CaPt|FC(3&y6vECV)rUKD62vVcJ2T
zumCrL`@Mek&3Hzn4z#>^uXEsld#4yW3S^ib^}8gWzNU3P6X0^-{)_f|jy3#UBF4AC
z(Kjk`-kSr!r|1N+^uw(Tz~-t1$&9oNjCxN6m<_=p7xfO#e6g--TOQr&I~&^=M0+RY
zGLbmzulCRk81vZqlR41<a?akj-UR{1czK{vk|O?R8M|FQU`}OeTUlj!;}t$;l$S{*
z6Zqs)X8mE!K@UPA|H;a8RPV}`@>XYKyP|lUt@&eqZo`cyH-A2zhxa3!b-kQ49UTkO
zF5d9^*Aa0B>|QV!kVIubWfT}&T1l5sAlbbFuLQ?j0cCl>b)g&dwlhxjGSs9w$fG=r
zza4cdcF0c~yrq1<=rlzBS(Bn-XRL7Uix;|zRm{(r!2p(UmYu!u<DrvB1hb#f8@6|M
z^#P&B9PBS<8Da(<Y`6c{<aQ480NOv-e@$|`&f4?vZyZt%9<0uBQukGW@4{NLNM<1z
z2Z=`ye@MPfl|=#W0h2VKYP3|$<Qn{E3jWV_>+s@3^ozVGJ*{un>Q<hTpx@UjY;l)S
zW@wqr!kM#7x`XSr+wEeIUw?tT-rpj;E}vf?-d0CeyWp}9hD0t0?7#i17@Q{h^E#7S
zpdb38KtI2M|Hhs5N>G&OilwmE(OFKA(d=sh1OsK=n-*gS6uXzzzg8)j<R*RK6fS!I
zzR;x9wG51N5r7G7JgYzpj?}x&<!JwtI#l+NUFhkh<^u;kgu(#fE+nmUxd3`42p}Ax
z|1uTcwZ3+PE%fp{`zse#zV71J58gVu)FK8l1<e9b(536}&EUU^Pcyqwi|#)EpR5fg
zQvn%xS3#^FOx8reT&xVFh(fo@9;p6#dPj%j|0Hf4Ag%AL^4|62f8ziKQlg^v>19#x
zpO1csf$1h7q4%Gp4Y2DrnZG|7jQ^y8S<&B|a#s9*I({bc#=n%B|4@Se11Szn4F$aq
zW*~!uQ&xw*m?M|K{v{4K(g#q+paAU6Quvw##tq_Xz|Wj2!AD>IoN!qNn}KxohixkC
z@J$E(=6Wuhpq=Lei$Nh}2*jxM4+%;6nzckC*i%s%M^!WmqZ2(;jhKMT*9RX?GasjX
z1neOUbDplZUZ>E~8!4<66{5fC44FaX@#8CR|F-A)`~H1#-JqDmyf>phJaRjHnxoHP
z65EPhGQPN69%p`0vHV5$``4WXdFbVOVJA+OH;>rwACs*7`1gH3iNqa>rG#K&H-Gd$
ziJIFBd-bBlDIS~dP0<d;$<dU+O}v87Quujsc}w_(==ypu+=R^b`xf{9T%}JsX0A_Q
ze}VduqpyyGR`!KVdu<+-fN$!hTDUkn_r^0w87W)UdJZMDJ>R88y>z;xiK%JL!ry=e
z#FLW$3KV9Ns{{;!2K+(3UOpRo8Nno5x8w3rzR{3OAUyAf_d(Ac+k<?1bY$g~7V}yt
zFZqE;B0HH9E9FUMP*3utl^~Q}ox+ZcES2;I+D6K6|JF<`hrI(w7ORLg#(-1ymc|i{
zqDr-k<IXs|q#$=PJ8qw>nJy*izgcFwy0*46G>EZUOht6!=u_<#;P5EziEu8ND@sk|
za{dl6#>NO~z(^Dt7#OJN@vYr`^@gC$^2f`@jeZ83XvVh`Z!&s&HY`lm39(s+?|fdO
zc$cD?789hU<r_q&PQn>)NaW@KIXHEuSG1j+uS3Ui`|qAMu5&lgMzq%%m;QRoeU}z&
zMqR*If8TE$7#)pyE7p`C7PP`xFvT@yOr-M!Z(v~D9#-_(giJpxnDnHNhjZ;#9Pb$C
z*GN@BstMj0-D>9>oFQpR<Hi^Kj%ubNVbtA_3sR0RLq?9C;!1EsNA|e2^QID;@hK^u
zofEh5BvNWMA9z2AJSXhY_i9j9B>7elUh{l2TsvTHZM*t*Z!g}NjMtv1c9HfS_$OdR
zIDWo&!sX|*|Aw(?F046+o4op9U}$vo`NVDdc1*xVAtR=(Es}BPg1pZX^D)!ZoROt=
zC6e*9|1=2<fL4f?_T9~8?pt2!$ocL;ot_k#sD-0AhIfcpTR3m5p0?tXW028%Rq3^e
zI&tMg5Q~*ROWj2N!CbzN@CKTg17=Bn`{iaGk*>X#>erbJ4q9SNUp`Ruv`zw}C@m&z
zR9w&~<;9>$>{MUWH5%DUXDN}H8I|{BbZejfoSmKBva`6jXy&nJovJ-vQj(t!Yw}oW
z<+-Aa#ul2&K75ZLAz<Coq9peanuu{Z|4v#uZl+O3ZZC_vK3*tAPJ>D~jkDBI{c+3g
zV^hRQbcYkmXw#JIoJieFTQaPTa0L>~JoO{+<uC1n1E2^8__FoNL2a35t1%68;Wdj!
zBj(W;89VX$`a)17*!sLMKiIok8E9$wpoxwZ8yYrk3INR1wZ;pQ-Y>3gz#pkbrha4#
z_?=nBzV-kd!KZ|v5AqQDhx!t7a;jZcYbq<}(eZ&wbA%-1^GsrI-xL3ZTqTBq(-fUX
zUPxCQaig4S_ZZI?1f&<y0CA;;#qofhiTH)KWQJgT&|3Mp-(ap*&xDQ=ia-UWggP&W
z&{f(t%V5{mJs!V{n3lsazD3!0Maitb=k}Oy!$-MpLtQjMTMMxEbPB?`OS;L|IB0h+
z-DWWrzJSzdM)z+(M#UYS{sNPF9ApR~5ON<+4c(|_jY_Xpnh&p-jwbDJdYTZbN&+tT
z^z=ZH_Ekx97CVbzb{ymxt^<dB>cWiT!<x5A{2gO>+1q^dWkH871PR~VVXMSg2*>$j
z0=B<n7RQzrv2iHlifedz3N3M~;EjayNEsA47p0IhA<kIY^!FGlWB6xwmDE#{tJ;A_
z*0F2ElZY*pvv}n?jSJvMhhIpYi*oR9E(u!LNeuegmisQxu#f~R@$XW_-vCy{Nh9|-
z@O6gWRG3z0i7@Fwq%P#UY`Tv@1&igz=xaEtQSPz6&2nKxf`CRGKXi3<Rl;s|pS4Sg
zfr0hZ;VF+pj+Hhcn(0dRQEHLgO&wdsCRMU7eqAdU%@u8S^VXXvwc|TcbexXY2gpWm
zATGo{3Jz*$MdSTRu}WuIASY_-jE=mAKzQn|fF_Xp0*Oi=!8Z-3jbIHV0`^P8&nwEm
zIf_r=2W3*00|*%>w}%I{d;8lPFQZT>D3VMj|8@S>=jshW#@LCxJzZ~%_n&9LU-Bj?
z*jBX5_!F*HwbLj>+<bj{!>^2n{n?C&Vlo@>Q7%EC5AW$W6OZUoch^QLjpsH;N^XF$
zG6tH-tZ>{I!<NP%PHi3x=7GWgv@rEwbFVE&n@W@;=8MLI((JG5RzJAdtczMA`3G4?
zl^CF8`bf^6%>L&U9-`MOw2DMRSKyi`j_$r59v(UCH9CX|xcfDoq=d|2IbU3m((8!2
zy=pnBI%?mAqi`QEH4sh7{l&Mz#IC0fGxT(nD#j>~XYDm*=Pw<AcxwHzenZ`I_|8IB
zIVm<JSKAFmh;6E`pU9zboI@1rS`F+*U+VDiaCeHYQSOLZ1ox*X`V?+HrY0rfdCR+|
z?tYiaT66fuowS}ZKQ9g5w4Fyp;RC-vls;#wvXu6}))nL|x6`F3Q>2^dl2Bw$PTP9J
z&gX{Rf!WDGJdI~q;boh+?|grI^=hCZy#KHaKF}8K*Jy&W*;|dPG&CJ-hBc$ciSKNB
z(xOKi3H$sVA7X`X+pquN9TS6;$gidEgEF*Iy*;m4z)C3X^5)`xwGPMb(ovgi6V$MU
z61C6B2}^Gd+EVg*54Kb^d~`t&KXl)v*8as?rlz_sp@<-U(s9H#q1~6dm4<nV_z|&)
zh^F*IUxyvguS$<WN^ksGK$miKl1=<4$H$Y7+V&JHz^WaMH?~Z1e%t5p=;C5g7bRNd
z_zr_wa<O70YlZY%O=)Z<&~E?%PMu}NV0=ds8@CmK19I^)(8+4cb{>DvkmLhON{D+Q
z3-D<#_{LVh8ZWbwELw%4wD_|{&!}cI{V+ZV1B2I1|GF&a(jO#k{p~epIUvN0@0?U5
zA#`CdoFxT#H?n8IDi2(Mc3$)X8b>u@E=h6?K`S*)BQqp9jABVkk2hmyM5#+$jd$7(
zk*ON_(~CiV)38sqBz0ipM=a87?mZoar$bY#74~AJm-s}f`@_`p7xzZ^sE;<bf>{o_
zkMKxibL35M-;Qcw`0%yjVv3BXihZpLpm<*JW@0#SUC4dr@W~ka;hr5BR6t8B0+{L4
z;l>R@B6Hzi`8`f0o!s6-khJNG2l3DWZ(SOvQu8$(d2#6q-Xx%2_SZB=h3AOVh1ER{
z+IOV}Srd?Ge4P?;ilGdA9S5VsRO)!)cAZ!NIGT_A&>LrIHoZltvEI%)u0Z!-?A9Z?
z)acY_%;|u%!YIHofrxrZ4_@D!Y&}7D<?sz2gehBH)d=n<6N}$<0&l_?ZE*j9o8a^;
zS>|w%A2$bSO%>~*40j3<46W(F&7<{Z^w5){>Y!@>wEw1YRd6X~bFLix)SEH7V2%86
zoCjiqL=<fnT56#1K#^dv3djj_Vc@`eCPU7<Dyw;Q*FE(&xn_Rcq4?)>2N(CrzP^tg
z(bqgL@EVplcdX#=*0fJwgg`8y|E|)Bz?_3kV2fMr>D?v8jHq?FJ*><e55A)_wot0R
zM~y+(li3!tNDo<(M}mUbaFZtYg@Q>cu4eJ`h4%UHi2eH^)=P+a_PSY$5j^2V-jv5q
z8U~G#5fe-cP~D`?rQ6R<#I%ORJNHH<f?xBJ49a{1zF}u)vSA4wz)%UZ=wvIVLkTH9
z%JjLK=85GdL)7>_4y39Y1`OVXCpN6;Z2gvKz^~T`glg2X1Upw@81x9d#Z>Ox^@W|T
z_orJtetfxI?z1u=f5%^Yu{W?_!inqRMTw2z{4tkws4sbJ$sMCWw4UDCsrmMDB$4SW
zDLqq9^IIJ2_FJ9-l_|eFk?D|9f$DgS7-ULZ68HjVU(%_E>o$!>T>7O7jcR~<3AYA6
zdjom(#NR1u+u(=1PGf<5e)u2pbnt7YJq6d}Tg+hv*NJO?qJ4<+w}1Y9;d;V<94&U3
z9ZVW<eSXHA+~7K^2}~8Z{$GDcutgQ9+{WMW^K=Wvhad8lP(-V^Pq7VYn%_AIDV3?t
zWp?=Vfn@`a^q^}{3E$a$Mc(6(QUwP_Q6GKmix>%nla7%aD?2BZ;r~GVuthRa0?-_t
z^i@+Yh;qDY<oUFf!Q5-c#Q(U})7GCtJ<!K<IoM)v(qqSiaj+tqzeHi?E+gRxME1PQ
z3m*&r?`}{eg)bp>DJ>b-es!C47&2P9vBms?RSFxo+jAJ(>v9G9{NRP#_77DfxR_=s
zI;XAeCcrtm;zaOkUsxc4R`c&?WL}OBaU&-CS8&a+v=oYF5U5%ms8Ga}4(f)Ua>9dO
zQrQw#-ShU~fky8#S(W(p2&tnZEx-caCMw;Mlg7zbl!WvPFz+vR#DHJ*R}PhGMer(I
ziEhUyx>>?IetkPg@w*FA<}<E*30+jAY1;JoI-;9Xrk6M&m&VEzn<0*m{&V2!jQ>3=
z?!Rm(|0u}+7E1NsE&0zu|KD-S|M%$pmyAy7yCz-;KNkF>%vZR($CNVDTJL^}NT-%8
zA5fktNbRMRAbzp`ftJz)4wXiD$#*r&2+~ab?f4-Ro$q#jdwH#!avmM$Ji#>o%9y_o
zjH(W&?v4LGl)z3?Ua6Ps#b(cym5H1<_CMc0GOlfdLLdtzp)J3}?M7)I?}R6%y!$ez
zJL2-VfP+|a#NvVwcDS<GEG6!($Do9Zp-EaoVw?)b`~88n*TLtRt#oYc{3ssX^HW=F
z^*qb?L1hLF7t_|rx`BSq;uvD6<Y#I)Nenaj`_XW^#G^m;h^r(2Ru)_3W+Cgy%O12z
zSxII<E<VYxwi)BWVLpsWhccHr<tSIFIEw+5LkZ+}cbdsJPeY!u7sS?sKZ|zL$?wJ+
z4-adha;5<23o-4zVC;8q#OS~s9e)knspHR%4$5zctSD{01W8&@lWGjCE3NN{htA)c
z>sI7p`x^Q3YxwQKTRxhcf8Kw#1B6`aWt%^)W44E5XyqI{FnR*3ZcfHCa`@LG^Bv-M
zTV26(f_Y*pDt2r4n#;y-`FL^>Wh?PV4wk-gm|W|-^B1qV|7HR6+n#BFr+w}<I(TPO
zD%0iNfyW;SmidKDaR;L=AL<J;(Npr%g|QuY7Bb>}(`mz-dCX~W@iCU&yuI9_JpE`O
zdb0B^$lI6aWs3*50L%<|<^i7g@l@{Nf}ASk(B8!%qk{*otC~08vqJ$+|E@B)<?A{2
z1Iq$Vg1H48%`YHgBlVW~><s4XaUOAT7X4CAZ`lnY3c2>`m%xk93XlCyKO&g7Vl%m*
zsr*Er|9E5>a|as)A{GCC<3u!OR1J(=g<Oxa6b84HN&=DUJHXf=zc{{@odd6op82nK
zG?-2M|I+1=1XD8Ds5pP_$m09Z2kt*D-bmO#*5gg9xe1rw)^$$Wdy(erW({LwV>a`{
zr9+Sjeai>tqB0)3kvJD0q1ec-oK2})f;{rzOmQm}hhFsRt4Zpwu)tfL@wvswa6W}g
zg{H&vWu(`Cb_ND&9D`IRW)gXlTp9x1lPFj?dh;vYt8O;sM%~J{x1_=@zU~ik!%nxp
zr@75Q{g=91;2mLIChos-o$+fk%qILkAqd*=<3dPOhl<Mu+)R}%C#uuQ<J<y4Cd?f-
zDR4oi_C`Bi`lcZ7T?si<#9=jU-lWTNlJjFKh2$5brq<2o-m7bW98KkjzahKz_h@S#
z-$MOI(u@i_TAKqUI2rBiJVpWbcFy}d-vg-QGNhqU|Aop6nLDj(e7G-Hl#$^V21-go
zm~DYb-iP$9HSHA#4nD<sKM1y$^c^%}#8A>q>N}hiJ*F~A-Cj}7VKaNRU*u#enUkfI
z=30GX*<jF{FX2HuTd@M82E7Eo$Rf2MoU7AWn##3Pf=GymQCCRoG8r&YS>OBD!g)XP
z*D><5W$+(*iD&Pw{OXsn-~P3(<owLrzM$(WMht`Jvxsq_Iy;*bUPLtKqfd2*9*yj-
zoH}ZQndvdEch{m*cLxGCYIGLA*~-$nufm->S<t66JuD|GRkcpVHjq9)sanvv`7}*Q
zv8i^@zrm0CtKs?hd(8=_XR4>1I|ol1Ev5;^&pQCwh}|@AtU?$td;am^F^J#TaSB_Z
zf(3RUX{RKSR!$(kv%5O*7}ha;HTkyfbUAg_B{#RY+?lkTnyhP#Cy72FF9<Ga^%Osl
z(;lhl`WPhhV)kQ7;BK)DMGnzxuHz|x4+lOy(wmSn!gH&kW$o$_Nt>wCw4L$%mYr;v
zQkn+c!5KN9k_qo=$JN?~cpbfiT>^qD0%5(qR!+crH7kBA6~2+2NxU%r9NjM`z3^4x
z$U=Ba+x+)6-VQeBK<^4h5VQ5q9(V;RKt4MTdSBG{r~dX3F86!mvg(4me2~kdhr+h}
zHw&_Qv^2nL!aw}NWQ?hzx2wp3B73`@^t7ibra;_pyG)S$502iMR|DM%u96mXhPNNS
zE&DJSys^Dc<uI=DrpBso&x~w-Qc$bhpyYEJT4^~{4Pp<YuwD$5+0>S8^MYl_&=uvX
zB>COl?MeByR{64LD#+@`uKlKMOTR<kFjoMGX%`2JatW7`z4FG^x@}F6`sY)p)^Wq)
z@x^A*=~JYD;)cD%b=e|V+)YzG)1`~H8`0#d>|gXc4Ubg;;?R|Q$N-WPyT`z{%z>w{
zj^-2@89cQ&-Jy#&z|W2~`PN-9>YsLs14^Y*pF9W@Xr`kN-VU<z5Q?4W(@9LYE!rqH
zf<s?oSM+mG{mZ_aPc-2ZzptCI1}k-F!#tAlhT%}dln%eI9VscrXUp8zk={AJ&CbT1
zSOQAkK)3g96Fcr*9Q$K9Jk@}@V1K`gsA?y6n-64CoQ?H*o}@QcNJY`tZR4?VT2oHX
za`4mMlHUvBhEulp{AH)4e^Co<mquytY+XG9S<~-kwUiHvHHrbT4;6DiWhf|lVvDHT
zF1doxwkZ4Qg0gft)w!x2PbJU*zKt}4kL<{JwdHY(yFGfx`ts*L{Rg*ydvr-nGV4V_
zJiCUJl}k(-ZKgVi_j(j2c*PnvKSfMy5=R3^rjmax8lRL?3HF975_FMSWlaNiexFZW
zRYvc*c*}c!jbmt{Ppzf5k*kF{&fPSgTA?4>2yz>tj?c9SCh#(Ss9@CG2gqlm9)CLn
z0(U<FMY5aoUM-^;7LLtpd9sZ<J=@sY(tEemFUH%yp~yDv@z^<WZ&o#4T6)+TS0-mY
zyUdbrII+q8*eKu8lNKT4*ceT2IV$BmJWAk`E}igVcHpxxFg=Bf-KG{NS^P`j&B4=B
z-WycPhEzi+{vE)p(=0~a{L+}ljqX7F=|JF%>wiP>su$lH=29wPoQn{F+9aR*x2^n#
zAdRcjV2an$#&cH20(}_klH~~Az#x^9X8dij;%-IDiDKpb@68Hn8ZHTFl?gr>-$$Zy
z{>|e(@1m>O30+30j#&-|duj3%7n?#&1Hos}Qfy(U1c$~_{x}GmwQ8WPL7wd%`Ngz0
z|7>KyT2Ww42c=jkiZLXTf_%AJ`--^&R2}<G3E^Bw#nC+45c7y~M!QSbbH?wG9`ZRx
z8+GQBN>w`$d~>KIbDjUSz<vM(%j+2ib!38<2TAAr?Mr;}&xy`87sd0$VRxPGd-F}Z
z6iyR+_ng1_Q)8an<>9ElfxU`;j^nv>M*jw8VOIm+rNwr0vcS!AA@s1YgPYZEuU4Wx
z9l;c^-zVnkphMgJbQ4yWL!dqoT#sABq^CWXlk~2m+uc@O8rEqL%I!Iyx~3HHOLb%-
zCYkqX!XLw+b;_%5z8h*@EN$beN8gIsN|f-PGC0VtT8xhWrp4yX3K49!A5z70mfG~x
zYaBkZSAtvilg60T;9MFVaDOcu;p|f1k<}Hq$x|M)udbq}|D4F~c!UV%&{Wc}{WKg~
z6tI*^8E#5!#*C&)?0mmqT-hKH)dNdAtYK*TLt87cR>R}S9hBUSCaZ;{At&o{Y9E{J
z!Uqp<lAQJ^;-NEX^s|}o+U+{TCNliuu#$_c>qFM`Tl}%=?wyx2%kemdA__bI%{Jbq
zbA06=MS4!7JLRg_!rSb^3d-*wQa5zYV^{HkG&${Ld{vf-Q}U7greb7QZz2*mS#t@m
zU^6ngH#!@zyc&Y!M+AaNx;0p$4GfIs5oznix3}F%B038MHBQ^yHZnIF*Vo`iet$=@
zlJ+}F<Y^i@{b{)ug2~T-G-NO_EUJV}{X1{0egSlCydA3_t$%xc!)SM-bhP*{zR`q2
z92#+LQ{povHk!KFMDk^DRLFL>D^X5{<bG*F+Dnd6t}+HU6cy=h3Lb<f=;0jlSi&0K
z_#+WUdWN)`O<*DQgs`obYEe39SsOXugbhnNf^*1~Mfo<fjJm41T8z^5=r$=hNwJ+V
z$amY;Vxs3YOxnvwG>9^P$NRQZzaCf}y<qjiVMaw`^L{ZKZwq_Xb)f>W{INp<`G!cV
zo!my|6tGAHfT82<lW|48$HCp{G_0lX{+P9Kb-`TdhJDq>#XYz}(_OxX)h|@+LWRY!
zmT&YtAA<B$yJ3G*p7i}g(bzLvto`=#PS;La7hj%AFn=O#y*yw)DWoF6%VDERJ==-q
zpKgY<RD|0$!FO&uQI=;FFiq4ZdE!6;Ye`j6{^G#Jv?B1iI{NhCM7J59MAE2+F?OJS
z#<~1i$7;Y9x!q&P))wrI1ec?v(V@NvW~aXn+c_6?6$-NUzHTk_z(+SK?e#dfkZq|6
zi}HKlJLM%@d~@%XemS0b)M{XvC9%fGU^5+^^?-Z1xAwW#1tq^+c{;URUJ7Adv&P2L
z_wgX%d<-X$K#Ffyg=2O!qX-yDa6NMXalqe~A)lrHfC68KC73WGxc*N9g!(e6_gQuo
z+fA4P(YPD`M*xuj74B>-&~@4Xj_dkwZVh1ng5w_?``oTCoC<R=uk)E;JM{UMIgbWf
zc9E%Wo+`&a8x0vu&>fBM*0>x!@Hm)YX-6sh6Lo2Tn5-bqmT&$4@~rsE9^*1{s2tgc
z8zR@_)vmk4!Zfp{+Q&YJ6v@dL)J)GwhNX3^s=2I%v9O$dzL!~J-IHN!k6Dxb0eQ}B
z?{eDT%2BJUi?LmJk}(Lbos`Z8^O$9iCoK@EMT2Y3XPH5=<8c6S_Io1>kXcCP^9CkL
zmgi2htoy`G2epnDvW!ROGJEiEDAq?FJXobrQcOE#y48m-rxrU<UOa}#Wi7zXlR4OE
zqR?Sp4dIJa9aCn{AW~7_`yHCOJ{OM@Y(ZHl+|JHT8jYyQeyH?#ti3}Vo$hZOguztM
z#VctEtN#(zGEI!x#@fBdN%lh6YNe4%B^M_xNvytUVLr}R^N6OBjFvy&aBk+I(di<;
zd7?2P7txaxpQe>vj8qrOAI1vgXDN2n|NZ$-bd#)e>@#O2P2HdXS^%oN_<vM)ki=Hz
zjGF-8Px928wj9QENY3;4z`<LdH6Y@Rv2Rro`YQYYh-f%AY_R-yN2UCZvZ1`YsmVE|
z)Oz))@netU?ae0|Syl^Uv&!jM$o)T}A%Q3r>i<{XHLR6Zw#Xs=wHL|-C_9wl#4yyM
zAc*~yQG&VvbX6CnuWOXgzorsgO)08W3(hhzmeyj<tgmq|m)BSx7pNoc3t~Yha*9oW
zZA~^eG>INE0O=In5fd#T(CmR}*753M1;eAkx|OM4VTeeEy+FQ(xllg8SFFC!n$FRf
zp-^Ufl-d41u&lyksT^2^l#I16@bb#9G}O!2k0#rj6k>-^2=}f!#OG(Jx%)7GN#$|6
zLo)02;y(z#UpN3v*0>KAK>x?uS2Mr5cF%diVKs*J5^ot7yp4?A8r03I1Tz1Ea0|n>
z#!^FtsoQ?DZDDT=S(UlAR#@!8)RpUIh3w*C$Of*20}h8s0#!}?CLH;?$sx#hX_V*R
zDsko#Q|*A&#R&)a)~)MqzRk9o87RIAT)8yNQwI(-t>tF&T>5s|%&o<-x#_30q~{o{
zzHi3N{K8gx&gJ#j-u2(RdJ?oo4Vbngoq&Vqe}!YO@~sb@%gh{CDDwj-+;C5sWrJ)1
z6L|P%0WeO#f)qo<!Hj{N!T>v9bljV$xuL_(+xvkF4(mW`0q8&3G#XQ&o(M4849cm%
z(byT$vGc#ax=aBy8e?$c{x7-sOi;~bpayQFFeLauW~vX&fCiBvxN>1&NCwwj3=GFy
zAgQMZTvIYINC<<glTiak0}-4sMiUZJX41K~aYvAZV;Jy^Ed~ZpS3j3^P6<r_ZcjGc

literal 0
HcmV?d00001

diff --git a/docs/static/img/go/api-download_key.png b/docs/static/img/go/api-download_key.png
new file mode 100644
index 0000000000000000000000000000000000000000..ce2a5fa8cf352414934137414c87e361a4b53c23
GIT binary patch
literal 66369
zcmbrmRa9Nuwk<kwf(Ca81b250!JQz%-9m5(?!n!Idw}2&+}$m>yUWB~?jURJ{XWjm
zdG}HZQfBX?YqMHg8-yszOCTfQBY;34WGTsy${-LFH3$Ux3=a!@BEH4!4E%ayE2-fC
z0wH3&enWs#(r`hbcOa>cA}TIvN6Stg7`r5JrwXx+b@3l!YB8ym9qXG=%<8|^v*{z@
zF6y^-;0}+kpPY>1^4=l`ZRqCd9!Q<sNG!;dNu~UjTf`Iu&xYZ&3^_O}*gFqgwDcLv
zTMI&#L=V$Ch`E|P)}vKaS3`kHKDR(HWwiBAU5ka@=jdggfP6$HBG<if%J=eVROaAF
zuD~!LZreR>#wX|b63^K(9ij;Q8H}U^X$o|7^yv6BNHC->$S3Y4t#^O&CDeja;T{)c
zyF04$b-7les!hcIzN5(pCl)>K^bm|VJSe*GoWbuISYyd`*s_u>N)S&+01f)Va=}%7
zE%ouEap{*C4^%mPE)b~M4J*)OXx7+`L=^TWC@HC6Vs(*JROowB5F9!>#@PcH5dst`
zABoGKg_@R@-sAY@?2V+PtY2|4;#VuH=-8a@BOV8cAB^6&4>)3D#3UflH4(QTT~av&
zXlY5C#qd_x|IX|3_RUQBDlH?I<;>gZVpSN>@UxYma%`+z>kUm@AH;Y(!A!|~-i=!j
zij`ukHXf*5fz6AfkwnDwTv5X?j;(0~AC|&+I6|vVDPI`|B)l65HhO-fz!vHqN-FPZ
zdkTF>!ODt<zr^v63l5h2y4rwRu4i$*xwR3_@*d8Nmt=i?{giPH#vRVR-)c*dZkn=A
zi8i64veLIYEG`DKxgj`s@7V5c(24!aXH@$JLP5b5cm&#z#X7LYE%kj{`qRU;Ph2${
zv`D*9!RY$Yop;abeye9wt~r`s7-54^P%VhvBrGV3xNBkp&A<Sy-gB3+Q#VNFkD&Xt
zHj<+BEe_YAgCa1Y67|~F*ODcD;^nF)3V*DI?QaQAtiBy@Ope++awVmu{ocXbI@yW0
zwF>B4+L$qyhNU6~BArC7v@}W0Ao_ts`qw^SK$DY`3%`YiPGEf9PTbuuZI;hVU_BZ2
zkd8N?xdqyA;!oO4>U%BUz$@?1u4WiglZT-|-Bjcs-a@-Hy0=dZD4nOsl8PGW=}m$&
zgM+CvC8cFM2fRmv+pLHd>O>mWSj8u2i`6kmqVQl}(7kvq1CYE4O#F6k@QccaFj?!H
znnd10Yqz2KO%{wv5tGqwg-&@&-6T!0K#TmmX_O`PFSj9u_wyOYDYxC4Tb*lgAd$}$
zEWk+vwdeMY^|YmOS{Yxmjbmj-!$bH05=NMwClU&*Cx#wcGm(C5R|6RV3Vjf>#>evk
zHP`5Y69iiA6vSn-XSQB#2$G1(*l@bFtZ!<}_PDE}R%HdT_OI=)N3xnolag<h?KJg-
zci#E>OH5RH67-v}A`wra5^!1d9jY6o7-64@6(>e0jW>b5oh(E}M>i?{ir?^RX<0(U
z#)c7|)Gjfr8{M${(AbACFfdS2T_biz)>=_n9iSj$Q{Tw_o_ve3Ot&TS{_0D|bPpcZ
zV3L@$Gy)0{4@4mhAX0_u1=wFy%0uVoxNa@aq(SWgh&U5@F+YDj<a!BIemNFz4vFy3
z)I<AiHHmIr#%S8&O-7dUxN$U(Sg6@Rrmds%E@@!ARZeE=mlD>^i9lzrghCcJ^eq-s
z;2_pe*YpSsXuMX{VOXyMQ+Q!4=WMliO3#)hAnVW1t4qh(pK$}@jj9fqv?_{bZ5mXC
z(1j|r)R+kIOgP`qxBarzinEoAvXp7j9w>=P>ufeJ=MjB0g+F-kTdy=mRGCP3jZDLM
zK3uo|9N~+O{{aswe5(yBm%{$Nw3GpxK_i5V#pV>;_98k-nPT7NgX(UueSqwO@c{e$
zEH+UqM_1p_@MT33`->R8QgQ4d1OgPs;4k2C=c1dTba-n6A|e<t5nu)rkkKF1_LLDJ
zQHXg%f#wZf2gVlQcfH;ji!}6Y$G`;ItM#kVym0);IIG5uO|1xO*U@hJhOs^PC1cLx
z(m?N{n0UuZ2ZVf44Q_Ab-CBncG)%(x^cJGtC?du(J^V`i_44<XR(;l&`*#pq2r$1?
z%7SSV=suJxi<FJe)N}LjcJ_{94{l*TK7c8v%2Y8>P_Aw5oH~LH{(LL8+1OZ58~LJ5
zMn+~?t$$|kcrryyA#)1_LU6<RC<68?)G2NxPk#qmH!%2|JLwGN7j3{yit8dkMux7N
zK}@Y&|5iK#KRoX{xr<Aq2xFXRsT%OJU=c1l!E^?=PGLnw8aoZfBvHnsu9+EZl*mZx
z&lM=NYScjiVeF{1&R_vh+lJWs*4B5j)_~KqAK8Y{xes1T%S+v$eCu@lin_X>urN09
zpV!VY1MFyG+L{fdsoU4T?Y&K*60|KhdQ7#A-$W7f_mVgyt(~;M1uIC7y9=<eycx?3
zGCYe-sJGt^tk*4-Mtf1CWov!QWwYW76%<KIBQ`lee=Gw5%E>jVaC)##6ZAv@ot~~^
zr15#9`MndSjO&;j!jPAb3=R$H`NctSdN54~^2tiPe$V52&#tVTmp+#vgevBdwj<C2
z?-}5Vn6%LohO+>oxsnktQrYMoS^QCFju$_$aKqs}!FuMhu^SWr9m6}bGqIG9)nn}A
z$B%b0S?Co`L-Jo&Yf#b9lmH7EJF7~IMV6amdq3RvxzU3NaAw`J@kMRrU*6~2ij-=U
z&)gxe)|<c?u5^p|?1*F+B*8&L)O%d<s+BLtH&R)-)zHFNly)N}2r0+Y=20lpaJ20M
zR!v-SKUPvos^g$0wbFQBx@5HitLd7!z2`*-ZPmZ239cE@?Mq~?%I27>jP2C|!x@_-
zqWshsj*Otz?ms5Qr$<G#JabDhGG_-@mdi))SXj{d6w*3>jw~`Pu=7{j`Op_goEa(_
z3dlOwjAnWuVEagyesFP#@3|>e>|fj7hQQl`j|%pYHo5gvqc%Q0JM+~>0i^joqu@lz
z6At~}8#s4&epF8j$5qhU&JHA;I~-uH*G5w7kpSN~pqS;uXK1t;W85oA44jz_h6J3J
zi;Ej6rRKf+*MWj_#<J1Vb4Lm750IUD5}IGz{A2?|HYGkVCT-50wb`xvJ^Kg*czTYv
zDWD3&eqE@-Ks^!qBVz>CM@4m3C(kE;PfJF*=|5-;xW~x7IhSg2P&M=?4qBd>?l9jF
zI~&WaXmwq@J!VrH+613jQ;)Mk703^wdZunKJ4XZ{L&KGKur|Zebnt$2IDvo@)rpJ#
z;Rg-XHjqf~-P7GmO3Aqi7ihtXfjeNlK)FpJ9nXxL#cr*l_vuqE_UYQXk^h4f;C*D$
z7jlrcMH)I(CYi!!vzldm-#{S)x=2=)C)m=M^?4!(<P#r{+3ZCWnU_b-&C8pmFJe=<
zpIC{X_(<)UWmpN?wnCJ}^>~X0NRf5ifbrg+A_i&L#J7B<htjgL-4jOMn+I2K4}UOq
z`~88$3WKJ;<KZ@V_W?N0k2Af!;*sbO&(zw5Z@+%EdW%NvyE~S-S%c?kec`Z1)?bB}
zwN=;ty#pQ?8?7bm{L^@BzWn(e1+#(h-{<r67;ATYC?+97YhbC6#DibIhK&l3zA}i&
z{Dj1`M3l#ke_a=vMxgaPFOxr3HDr7^Bt~*4tUUprumMzqEXun$hk1<GE)#sRKAMV9
zv=mc=#*+}z;vFHKD{t%x++}tm|Bkyt!`g3x&@K+q5aHSTw>`oi(HKEXX7}HA1M$?P
z<X=1nwttuQG0~J+m}PnQ`$*&8$NSI8<(h}_@@1@zl0LbTz8-LnbJ}Nr!|S)5q4Xoi
zlCS6S(Kwc{f9a7jCHs5G->2vmGVTU&c*fqmt`Kb-NiFE_c4DUWeg2t6%^w2cZ<_`(
zEcHJ_aNuVBzjca`g{A&5y5;wG1@OrTiqM4)j3j>t|5(A2{_&G#=i2wbjrJ)a_?WO%
zf1Bdn!>6*$A5xgP|JmG<VHRva$G;1YaD+gR*nizLSx$2<MwX;M#!SZFRVrD_AS>dg
z{qy%qT(t(yKiffUkv}gH_-CkQvN!+jqRYyn^!{%br4uwL%>Rs{8wZ6X|Ib15R)qXJ
z1~QMO!atvBR=@`Q{i_5P3iIzWs_>B%|7rWeEc|yGvSI_HZ_=c24kCZ|1MOg`2;Cy|
zw@)zrsH0EkkAF8U)eC{(kMVbuL9t$_{~o{)5*#(GKZZE{Kj%@+J<R;?)jWX$uqgid
zR3h*HdsuV<MA5bOJqGb_w{89lvsk!x;U4~#6_^Us{mhD*X^&>oI<P@^-=}kKb&YD5
z6?*8zQ=Fux8@$kp;C}vLK(G<jam-5eYCw@FC?Fq+s7!<Q3Om;{Ix@0BFgwMbGxf<_
zjR{344xQoI)9AA&san}QGzgwn12O;s3sY~BVQrVIV|%E5VnRu~wytihYw2wa#~Fh*
zyja+6=#V{3pAIQm&QUds5VtE|&X3=k$THPRTf<%<d&_GlJE58!EB?~?oiUp)TTb7A
zgE~i&nf~}uO@BUz2c8}c1iEz{^(fJ3qfodI{rE9neHdO5x|yMd3RGdW>-F1w;awLy
z;O9jtXE{}aBRu_+%5}}^N7CJI7-EIU+_<n9RU{u5S4J689RN{}uUl!rj}Hh_H(cLH
z!28K#XHNI(qPM&Ho;zk&#|HOH00kbNm>?~$76#M^Yc4k?m^#YU-Sq=y+_n=Zu(%RP
z;O2Aq)ylLLb<KQ(gZqJdA9#OVTU)5!1S<`zX$o&>!=%9eMG+1FAlUPI)^vD#QTI+?
zI_KwU%By2-xaa1xb&v7Q|5WJK3f0B>KAS6+WAiUB%TkR}wi$|zXIabDH#L~L>!F~a
z6zXgW{I;0K%!h<xttrh1Cm*Fnv5Mr=#|E(@G!UxN!sLG0MgRawRf~{>gao_IACM}Y
zy3dEvOu+CCYM6eDrIMirW>=sJ7oX1(cByX)JA|phUq_4iaXm7|?Rny-@ld5i&Fpl}
zJyoKM7l3%z-Yf1-t4d4J+4a8CWnS~^QsdADxC_??4EgzNw)~V~>wQ@ho;{o=Z1{}K
z;pS#U`A;vutUtcgYuhw<@$Yze@WwI%3>WHz086dqwn)5E4FQB!AW(v4M5fso+k+<x
z$sYipUIrqi?6CLAXLL}-wGG;)zIW&9oD_9vMMsYtFMhG*_qty)cT;fYI+|}4Kl)^Q
zaM^|{VDKfd4_D|L?)~)<{f^~|9v!eg{1!)lxJ!}LL^;Lox@coBeBq0Rbbe3bPp!Au
zG&H}EqToQefylyO;&dP^qqfk^Q>FoMLI`rIv*G@r6XlJO^g;up&M#;L7uOGEpY-K{
z;9^L<ywd4G(7zAilrC`O5L=WnP9$F~S7Ozm{^gWK8U}W)04yj`6iY$AkAaRp-YVnm
z9~ZLIEfAM}p;RVoF;%Dw<4XYvTq5#-<<o<gPs%i%%#4^spW%7ZD#3`%$bl-eTetA-
z1D1bkaq(7KZy(iK@5oz^`+2V5@JN=!mIP$lfTFm*92NaH+&mVmsqf%}BSSh4oV3nv
z2G~rG!vL(uW*o@~!xk)jDRElmJdmld$M)Wn>duPq#_U&|$Fk-$3-~6pdpn6qZ?oLQ
z^7JmRGS;u2^pNYgU7`B9pINSfHNSFg3@?@+-+^umMLaUyFSyYBf;DqAd9#Teru>HQ
zs;7D!$8CRUS-aA5NV<NXAB#)v^U+i*N9*HPLQK<PqH2dR5s#;3`ogI%cFP;C)ru{e
zSav*uf)GxrzquNi2m&B?<xgS=op1M~xF5hTtfO5&w@)wVC>g;5wwRv^p7hzDZdpXn
z3|3Dzs@}mDF6Kc2%t*Mk!}FHz+<y4dRMDb@%k6DZy>>}36ZU92O)}=#j~_oiBN3my
zv0mliuhLdp?fhJ4-@2uZhjG6_(Hs6k=nNKOPo9a6Jk~V2pE`@p>iz+sO#S{ng|h?I
zAN7n+Ex+~8q|;t*gy@rB!Y15{zWLWm%E~8}R9^}hg<MoxJ)y_<caxXVCZJCr)N<Y~
zT#ixYIKXw4=dbpKYdFZk8W1hk^r~knFyDDz@n6D(-eO}X<>us0)SIZs-Ms^pP4ef#
zfksj+2Vf4naX$4XKUTu|WGwUMSeG8)HLtv}R3B#hJdW;&aAq->NE2a|nz(IVjReQX
z_f@Cuqw<=Zyu5hbis+SJ+`N!yKzZwrLYy>sKYivGq7|DE*S05W4X(pkm{=1kDha?G
zOc@Kh-yD(gSQ{J153E6ht_itmHOf9+v>;8^eVO=NMGrv9masF>FX?=JDO+?RjQ4Nk
zVZEmanrcg!i<yx?*4AZinHu;3+L0z<JGe;lDzy14ysMo7r(Il`$xcg`rccbsdfq$}
zCBWE^Phm!5Gpcw$Y4FyfdM-@yT9VK)Fs}SCWLDV{c}b)b_B9zleYL{ku5d{2So^40
zObY+U#wwr__7jzNI5CMMd*fKhrufDo6IIHUXFkEJf7U=Cz}T(ga|RpjhhFV1SiTh`
zd}O&k63R(3z2D8mU7A@Q!HVmR8n<j@*$x9MmCDPglun{^9MpBruD(F#D;HI#69}d=
z51!k=rf7zY9OC2(LonH;OXq(Cqe^V-Unoi~h$A0lS;XDPIw@rEi<UpXSFHJl_&Nx3
zic|N!93MGMu_i}xwyBd<#6any^Vwzc?~v(W(kHo{8k;f3*lktIkyLn_r(UaA69olS
z7k5{D*~9&lz)oJdr9Z#D+X5z@ZVqOosyxo8TnEk{N>il}!T`zP`$p1U7$qbcm#D++
zIQ3Dx;hShxM4dClrEHxZ2$#Qt$-@I7bjVLLLQF<2S2I1aP_2&R*VLEDv4WTHR7G-g
z05SF3#)~t>+2~-lC}d{@UwY=v7mgXLrO5SMs%*DqHS@_zt{q10NPwR(Oc8j9`nj6$
zF>EJ-96~|Gk)2r3BfO%*wosM!(S5y&+*5w(^?p{Lnc=jYkGg8pAJDKEN=qBC?BN!_
zog_VKwdlGLLAEDldis3`K#-nEf7~TZsXYk&<)oSO<rw>Qsxs{sMyZSaTQoPhKOngg
z#mtO!ibG(L3&@M(Hf!c8Mbm`K4@f<JJ#@&hzk#46F<JzJN#xvnAr>mtB{{xT10jnh
z&GT+#Y_0_yt$Tl>vtV?v6-9Bl;JhD2wU4ll`0~RSxQ39Sa^05R2c3KTud659>yiHM
zoWaLOFe1XmC@th8X2S-*LS}oX5z$l{^R_&_*d6&93+UcL!0sgRoO4miKlQHJ5loea
z2<@1sD&^bo{;5^{^mrQaTTdd17|QPD6`UY4;(X^A+6@_!&PT5yXtlZibkwq_E|Y=H
zq*;Z3fz2>0!}VnjgoHOIVbhYOmTTI@2|G4@=C4KW8QXY+M{9wi!dZwpL;r$d-vDVg
zrqg{pphwEWqGThqpV}&b>gijXelPu}MEj9|Ruu_5$vfqWYQ|>4`cwe!7E9E_(C}wD
zp75lN1ebY4SeV31hmkG#`F+c8z<rZkA451hs}J89#cXki-k@i_VeR$2rx?|%k2ess
z-^i%kx|581ZhjPW4jFhB>IuCyoSjLCU9&v+O;T~=v;L0BldS@vk-L5<2qxue)SjxV
z05pmAs}qZk!LZv8eSRWbQ%3?UPtv7=0R|HQ#Gq%gwg3eRA$|%ZK#~XPZ_elhN5*{9
zE>)>)Hf}J^YRk)_fQJl>O8)wr&GDlO`?F@Pns(xVvH4<^hT5v1NZ9U3EG(6u&%~w>
z7j7C7!IB<&T6cH1p)@R!mqLbMRPn4$=n(PA$?5qx_Qnk{cW8aR%K#@vFA7&<n_X^@
zbRsH|Kync!Cmae<5`CTdLc4w=XK6~X_u&lWz?QwEi(VUEWK>igId@1{*z94k?cue~
zRLLqf$3abRa8v;<JrY#=rA@ww<AN|`qvOLLP&>eQ;xFNV_&pxkWjdsyP<f^OFhIDh
z=NSGSZ?f?A^Z_sL))B%2T)d7uGAmx%)|7zJz(ov^kQbLKdRkhO?SQ#0Bxv=8UE&Yw
zFSi=$*jXs3M{<CI9lqOSdL5%dFfg25dr<}m9EnU}sE^!Z1=iPN#QEq88oc%Hx7xHd
z_M72HQaNMkgT61ZX=+8AN;N8F(ZVKiB&b$Dv2M~0Od5#1J)KVyTAP~pM*dlzX&s*f
z#2+b0Z)dEcIW3AbL>F$1x^~iIw;OAUJ46bYB=F(j;8eU7v~V$?A=(~mg_(53XG-EY
z;Sf)m%D6m=i^JGLu^7l0!E>I9=y{H;;|f^{s20`LY-Y$&8$Xqc<-ByqKIloNEOT>n
z?_K2vN5;Z-u6lCxY&^v+)W%-JHNLEoS}!#kRX&Z~J3)NVYi3Pmqypo~q(>c5r&~i;
zlbAiG7`Ww22e9qdc$N_o5mDS(ym-k--GBcMU9w!k(dGFwuOb-$Mj9Cd2JyIQTai>_
z88R8V*z#OlqPC4b6k-W}&z_AY2e`fzk5w5RDiF^-EOwoe>=vKZtDc)Oy?UNS`@*f&
z>2-n(|5D#KG}KmFdPRn=11#9jHIO7%$CTGn(R7%v7V}xVLZxcCLd2886ZXT06H<D5
z{w|{e9Bj0Z+43&MimaXH{w@38Usoj0yBj4M1z}|pOGN_CMK%=c_s2*<>{j&0an)ba
zU7rlYL&9XD9er*t&*PhCExByER@>_9wQHnd2n8zeif61leoYg^#K*>#ZbJFk7+8>`
z)es<Ykq(94-a_Zf{rOWJ=-xYZ*H5dZ1w%+k*li+GD&7U_G|udA1sWk_Zv<R=z#*3n
z6i7M=DZcsJ{Zh}@T_A-)O&1PLjU;2QW#1SR<d|v=5)Sd%h}{nD*j8kz*Zvt9(>gDw
zHq60{KLK_~(jU4Oz_Z?sv4(7aZV~Fgtc04B>rRS~^)sRx%Sx6fZF8T!c7u?fl?Tft
zn!Us{EX1(~MLqfJF4u@i_Muo&Ku8DGE<~Qj#3;F(AMt!U;R$|Y6a+C2t;mqd(b@5y
z3S=%WM5m@gP)|Wlj{B83DJG{i0I;d#2yX5ji%lRx!Xq|WA)5}?-_{e7tSQM&sRZJv
zBtA-Af}LGKQI!^p#9x=1-w)-=y5<uI10icP{c+#hWt6L*TRj4C^A|CySpNBP!Y1|&
zF6k!X0c-Y#KFZBME=fC$(qpy&&}9E9kb@fOQ%MkoAEJ@fb~PQ1j%`9laags6XkrSw
zk-l!IhQp2&BqkS^Iv^;heb0gbn?J96^X8k2%lCm+#NHC^Y9;h6m9i|W=gqY>AAqC`
z9qN0Yk=3uW8)6J6VN*fkZgR3<f~6+n`yB(FgTtuHk{qP$3$eFcO@}{K3IQbDlApCR
z16td^59n<sW&V_*q=jY|u?s<e{=sfQPU*#uWXW~Xp0<i3xs%1xvofP*(*}^f!z#oK
z6kI3CM;TEiw0iPwoQ!mimJZD=h?2VQr>7xekpRYz*DxI>SD1On$SBXMISP1MJMgo=
z>~R-*wV;HUMAt}<80*www_TUr_JNasbt{zcQ7SjQ-#eOcKmomeMyAH*uygkd?}e$?
z1J2oGC?0z@f|x}ZNl_e`<egNT;mA)}BCe-OviG@b$qV!I9UTzcgYm!x@a;|1_-{Qi
zC=mJ5u&|&-kqBX>s;U;15ET{aEbhcUm222EyQ&Wedp|x8Ih&5P#Kd3#lB6`mcx$>q
z&i+eJizy4lUL)Y??j#Z??lhi#7-R}Zvv2tf5=Op&B9s{%aPN)XeNU&GcjzA%8|$~a
z!#Fx62#^(akKoCTDs4sq=d-i3eJ+6V7{r2w#N4mwG$sPLR?G(>P<zV*Y6WlV6INBu
zSWs>>AjCSUNnu^6L&mK1DGzL#wTB^dTz0T^GP1JqNb1c-vtGFtY?jwx#7gtBZ{2yZ
zz7W(0TDWiCyrITWk=8C(p}pd5GMlMv8_SaE<J_>nLFL^z1e;}x@>#)c7Veqzd;KCJ
zbDM4L!cE7go?lqVF}<SY_FhLHOqzyOrJ<n_r-~?1roolLel)bTAHreMTki>*b$Q}N
z%4X8b_6DO4yM>bA;6y1<dcy!QF_3J_(Mq~5{G1)W!V-#o)`P0&9XNm&UjLJhg$GYM
zUm5)}o)OP{LjHVbu*jW~YE;7X2`pq`rDbm~UAwCF^@w0V;1}N-)GLc=h%7B=_i*B=
zQkLg=pWzi>zJ!U59og|-u;akQp@(WGGBWaW^;bq-$A|tk&T_pVnZWu|<pxOk3|_OC
z$Fw%vH|y(Yv6KRt9{hxrc6PB;_YbH<V=4|5q5xA){zmatu-&z^Ub&oEq8BY*M{r}r
zBJ-Cy2}9lc%RK}>Ej}rTn~i)+*eG=XN+mL+y{Fj{@9SQ>X^^Qf1CzFBO!C#*P~g?h
zVFCbM-~rWW?70hI69AgoIh^=8CNHo={`kNYj5>bVHi3);<bMX^KonFb$!UTlJE6g$
zftvZ~V{z7UN@@WC5|Wf>^lJ1rUxEN_M-p5xIu5yN_@=WkQE$+q=^Bp_0ocdQzT`HU
znY%lzt{XjXQ|2cil}JAH<ZfooPVp(RZ0Vhb^;{OG=E1NrBRr(3S(QdI=?#fs;;_c%
zu?|R}(K#0S1D(3e1v+q5W@Dl~+xXMPSq=rYvFrq#_{4hEGWh?g1xWtoUKbhLdFl@r
zHQsE+^>w~gqMSKRM>+vPM!l>Ht|drv=J0x*rLTIIiDIY`LdSYA#GR6BEQp51<~I~<
zzcK5jJeRSPsepp>$}hDteR2xmDn~ayM%;B5P41FAe5r42)W3~>cKz{w1Ue25MLG!E
ztIdhc@k_bTYTvpM6~z$8FLe=(^d0s28m~>x0ZDUCPR`gJ+F9$R58r*|uQlur!X3+E
z4gBvzya5A2kY;HF_BuA#1Clg_S~7gTS<?BK55sx0)H>PsV=zPE^6c=qCs45(uZIzy
zNMT$xv)}o`D3j<vlq3eI_xmCTc_7$ta1uN^vXcAR;HJ8;YkAb~>*jD_+*`_bLq0?S
z1$7w+rvRQjdtdFr52&!wB_u$2elDm8mONT=P^_}v^AR*(C~S>kU=Kt-iHa!3*|-=W
z*_CXi^uB9ZvCW$-kQXj;6omxOwdg5_0ks#;Y1v#%{)}d3RKvH|4qtU2a29GT4A_aX
zEPnlVkMg3rXRr3w`muhUTuG}V;SO{=17lDjj}5mnE`N7!?3kRk+(GRs?#}}8UNkWQ
z44~<y6Uf%tp+~~geJ`Cv2O!RD?d-6V-m~G&G2B`P828$PKHv7qy13$69~fH}w=)UJ
z_xYwDDptE;`CC+x{bQin-$?zrGsB-Pw<OP>!O?rk<3ii|Bj$i4ua-i|+>Sbg^AxBm
z^D>TzuU<Y6?bMi^@11^y{MG7eHTMH!Uy6x$P9V$}5Z5TB0334{hUN9LLNx`9P{Rk`
zdA7DraCNI_%R)-)TOZT!*$RD8-TOvO%!ZQQKn6d=T4y2Gro4<Nwp<WOT<V-6Zm81m
z3>+J>1=8P$w;_Lxi03LTcqjoa?f_D`(L)9{mH=S%I~xiwKfTE=HJ`3}Bb`9+Yg6F)
z<(%fx<^o$L<43_8M8rPtB;=d3{?JrX=eH!8`lmGsmYn$7BzQ#r<2X#nt+jSTD7k$I
z4Gf;Yp5_aT$RW@`DhP~0PkggECSkpJTbf2!RSmdYrtqBQTHyiS!@>Y>5<4pc1FOG$
z?ix$=l2o?B+@SZW7eXT`bQ-&Wnmss|ijG;Quch-UgjQE$++QDrV!+kqYD~gXs}#Q5
zdA@(ozdS-WmD=^^COm&kA_WeWSSoP{8pcrnMfcRvxvSgmz1?-UbvQmHQ4Aw5CAK$%
z7M;MifOGC|wuo*wdwv^5=}S5~X%i)Oo+X<1aJ40RezXbxN-Xt+i42db%A2u2(!yKz
zzkHMdjsuEsHuuxR%;`0w&jQCv7uO`^djGQ=Jfj{q05*9<{zzr4hd9YdDXpiH?5qXZ
z2*zQ)Bj7BI2t@vpx};k=n#@M{K#AfXsL-AQ*xKv6(NX!&4Yyp5;No=t6Vra8qd89y
z!0MpS0?^|U{Ny_jLNM)zU(1Qd<sK3l(i0Gtbd_<ysAa-!-XB@L%a~(<u^)H4_XBsS
z>7~CPyS<}}>J(tGVx7JuAOLuVt8pX)N`f3l2Otd6_<th<u0<qYB^zKSS|F=fMpD^@
z?b7jISqFo$>*-(s2|CImX{V)M-KPSTAo>UFPXj!1^Of#G_g5#O$`mrehet<8%qAP=
zvdP@|ewtRcj&upq2?nJfO*QUcf#LYoSdqitd}(eyecTYsx2bpGL>!XZTrR>kM{_kK
z3Qk|ha2{*Wj~CdJ!t1y9_JXA_#0~#^k8$gAKUAhoh#r90Q%QN`cV}Fv{Yr*M-Z3<U
zq36jmu_l<4lj~so7DPtoR#%BCEm#d+Q@T75f<!}$F}2B6p=EJeK>eIrmK;N|T<-+8
zT5!lt0>E-zw&eZQ=WwRh6o`D~Hx6Rr;@Mi@?0Tn%vVq?hFPfwpubA{cVsTh7u|chD
zI#XeLtLOsHI<D0MH|xy;E5622_W&EWgWAHbSearLP>yqZhZTnzSgzgVn_Rt%w>*2+
zreM@}0_9dC3tS@ghSp~$ZYf~MLc34Z{2jZ1LDvUbVfENB(*ViHaftGTAL_2LLXlZv
zOXMeMeCBb`Eyt!1NR|yen5I1}wVBNq;<Q>eskk2hY-|72%kcYnPNMup)=`$e@rKCs
zcc9`d5Wh?`>M#vtp}q1N?H~#qataC!NAEi8Rk5%ecl}8KI0px_&xL5bg$5Fufmp>{
zIr5t~l{f85Q0{}x;gmLufa3wE8%7#xr^7$G<(UH~o<ZX|R?YzCd{bFzgM?iIU4tJ*
zEYJZ^KH_mRB)CT|){=dWM3*;5LMg}D0mu!G+l_f^8EI+ZFkx!O6#+jLy7Px-DGqB-
z=FHAN8&P^hIuX<zUZF}}Y;4oXrra~!qvD6@xT8p(=SxpqTPglh`SE-_ws+eRRPS_H
zHqkCxq++<6;a|9#2lec{|7+mU#Q45W$Y^Vh#^wH~p(Bf(loaB1J;U=C<G<y&zW+@1
zVQwi|kx6VeqjwVg^I*Qm{b*)fzYn<HiRx8bAltvXcDOori|h#(-ns0KdU^knCnYc6
zn@~JE0kA`tc+3lXg+>4``!VdBfGrUE=Hd3+eE0zQ%4e0ez`h4!sYPe}Q6Ociq&7gP
zgMc6`KFKCM%Tw<{ASvp~&|Z#<fOGC!Pym-9fGE~~+$1@e#cV8xY0u*~l;E41N(bo2
z>FvO$rIr`w$%o1s)wQD#fsIEpzjs*{#bv?aUVIs+3)GnKv_!!`!sH!1B#_atJ-#pf
z+9Cw7uCFvb41x=QCm~;S8UpL<(^5s2`uYeUyn6I4jl#lSn$iwMFAfGz1mZAup~jJn
zPjwTdZJnKaCe5<z9q;ht#r;T){)`q&=Lc#t_W1`zozY*4C7!<qDpy}-g|)Q_fkG#$
z<nQqS2&7^b&aUg7i}7bU?aJ6Ve?1>>+tF}caX_>_@`x6M;57ArdY&nEml!xN;Xyp7
z{+kAkS3UCoU=sk4W->e2u2%;fW!i1YK|HU?!km(5s1m;HN2VvF^{~ki)W2!QJ19#<
z>Q&3BER<$tsuw7q?(UC3@`eu8;dPde8YV`(Z(^K2(Wurt$*@UC8!DskFlZ+B{X1SP
zPhRAPNpm)i#M$cvWI0P6l)8T(H0Dr-!u%FT_4m`}KK%cY^E74^Hu%K+_o+di5|Mus
zpdFz9ktI!rSDbtKH}Q#W`9D&o|9v7b%~J-@Eg-L^`9s6M^Bqu-0DRdKr@H)2ZvHPb
z*39pP*Wv%!LOkDR|NlQZ?yjFc1wo@ZpqebsH05Xr5V{IaCe7asx^Y$hC;J;HXY5EH
zKIW9uwlX?EC&Bjjus(trXZ|-S^Q~UK{=cOHXxsn02mUV;@m;<1xzr$1CncYEk{IyO
z`Oo>VphD$XdpeuH%e{=O95_V!%+=wD{`Y#dso2uVGYx$peSH7cNo+Iq4wl~u*}C>Y
zVM3rpcSunN`6DR`!{Yg4z4jlJfbP%o^Z5u7i~~*nLD&mLWn}^+hVk8HV9PdUdo@nt
zbrNzYeJDI_W1leDKrTNYc#+bJFVE*FksJAM<URgL)=y~li&6SV(U<<ne9?q!F@gxK
z-RTCZDPM29C7;lk)n$9~-8K<|B0E(tg#O4spI>PkvvLQ^+)+uoN<d<cyoq_^6L&=9
zI`lf_<)}mK04au1+#_0EvqQcUoZ8<4feAh`p+wJBUyzuVJEVCaI_2vg+;H*|JTE>m
z4DxXdSKzPl|5d%qL>ArF1d&g$qY5?XcQoZ1?@IrvA8=FOPST98;}@P#PL=;FQkQCj
z3MT8$l)@7gC+0D)g4%z6u8wzGimEu*4CLy7GS>G(@e!-{|LVhelrx#|fP&S@Yg4fO
z2QM0owjKy+!NRuJ)sPKh%xI~3h5cJuFlh7Ndv^(f#5^qR{il=0T><?g3e3M%8pr?b
z^xsmBF3NH?VH=#bPQks!+M<cs1Zj@4WzS%?S!*&@N=_UHQyqE63@9!M33$-2OT3KP
zc@`P{O0qdlBYe=>dYJm&?Erh&vHKYghGMSvTaf+{(}nGZw>o_-xP-fM566X@4+?aE
zbdP%$BITNr`Pe-_0dYYYC06+Xrt;>}^|9*9Ctb6FFUUvZ2mvhub{8EOU-`Zb8a|}I
z%zvILRU`&6J6utg%sY1*K8(sGwkEa`&!8gzQtMo%8e?(WA(50<3N7DXxrhkz^y}xc
zGX>XWCGnxWut0%M+35+v-jA-e=g9<awO_*n!Kxq5KERw&l0rNv=(UF~!(H%deI$dW
zHdexdgc{Fv#i;)CYl@cNohXuNm!T`4@5X`KY^G;r6gzt0-OypUv0rNS`*)LDbE7kl
z<tS8e?wA*6;-4Mq$#RU4exBJoVBM5P?|Sx>l}1GTAaN%k==O&QZD_?`KvngVh6LT$
zSwwEW=yvvKIg?uqH&Cv?`192SRQp49=Hvn;G`c6&r{4g7p>B|j5Nn0Ca5yWTUGdq=
zA(dw~wjpKK12r9g8V-aB|E(+US>SXzmSf|v@y5fHXJI~Uk#}Ly#Db)u2RPVNuX}Vc
zL^qikzJ+-y$oLXn_m7F4pn&u64`n`jq$DM`ZmicCf<a@u3_+UddOO?{4y6yz4$!yQ
zoyo;q%#VGm=e&IJT^{@b6hkY-CvFxlazA$aGuhs$_n#eCam;z_ftyF=%h+}`S(EhE
z{r-41G?}{U-OV#?2Fduvji1^!M~3%4v*D2MuUuJ1ofAW04zkeDQowo$$W)DX_26*~
zCW+V<fmCRT;Q0b}(7$TcVIQcK`Cz}NlKQnw^Kx-^-hW81$f#N2#I>V9j0i+vg<Lka
zj~gZ}?9G(27q(8m+A%jZA+7^ymIK;ak!hHgB~!E<&kL<%emo;2gh$7U1s{0qT<4<N
zHjbuK-S%CMV>kdY=MiUsuXnrgUAd1-DuWnT;TU^4GE!m0f(M=2e(N1(@n^BV_R}7r
z+NP)CJG4F*PITHCM4q}gM+(KJ4SrC_B#`a0?EJkZ{L(!7A>(!P>W<p{2dMZ#J~^!}
zg!kyu34<RRhK2s53_-N}?`8wFI6kw)8gQ`G4Ta&}Eb(*(kG-p|8|+gbo|8XPHEp1y
zPk1jN$&xJK=)6|qvlr=NsSd_>=SRD{rtwvMha^7Hu%4B>Q&*M_oq(h$e^Z(lkIBu)
zjr(;|uk5=X@mBx6u_J>?qUKxr+VV$W2D>wGACoSgT%ToB2?SKU_T^KdFSSld;l%7s
zI&V~7e7yE>jMMG6GtJ*+pD^UFuR%U|MuAz=do-|<wMAM`SH;k|vOXkB>FH;;J#^X)
z51_@U%--B_oY>#q9=r&goCwXK!M(F#YWPUcn$u;G)*}RDKs5I0S=*26?2VhnuXvR1
zXhtwl=V~xN3dQX$04>T}*W+#?vp(0BRC#v#hMSK!%hP|sT%{CU8jCJ8_{V4MmIqMv
z?AK9yI8lI)x-_51ogPdSr)kTHhN!=}<auuLL?u8W2Fe?ACakP55gaX7-hvYt0$87W
z);G3-3(7lf56+$Fm#X->HfM?n!*32}KlUj5+S*t2wG?D?dz^UJKW$n3JO_idaES<}
zv6B#8T{oWGYPz>&oKH69i*5ZEd4V-qPQn(d^Waj1-I4JxG>=V|SD^B;m-zoOk?vTX
zg^Q`Qu{~TjDiN|JoCOOFsywr80CN{Xxphv;O-4Q~_7tBzI(__k!IJH)9)Hb*P@~!Y
zhv<Rr2&A1aD}}T_g>Bz}q!sz--?jT<#+o_uMNQ0~7E4KR92G`D;4L;*#NiFG!OVdi
zY`K##hH&`d^cxYcp7rDPz=}fLCAVAnRFur_8h2DV;>nH`l<GdzAX!-Lwi|eF>m}0G
z#A!>iiqB{s3t%WvdxK?Ng-6o*L}2gr(Rb;5$g{m3M2{wy(hhc#-{!%l)5XH2*rz>9
z`LPozRrX^Xg_>wBT3j8u<Lb8-cWxlzA<gOW5>qS{S{?KO8tL!+Zs9OmHwRdexkjt)
zL(^DjyzlW}<KlC=NLW?c&_miJTHo(3$4=f`o!*kN(ww)?NHIg(=AQ~+Q)Wv1*4jbM
zQj+c4i#L^qHyucbzeXcbZnHE*RhZQA^PfV=#ELpwsKzS5moS9f?j3vIECQXaf(Au=
z6^o{R)LC#@^ShX{Th&zMvs4&a_HVP6EPEqSy)>n)*TnyHh;uVnEr5MQ!1^vr+2y~>
zWV^m&MZfB#Sgx>{<nNv<DPjX)uGEquXXkGpg2bIBPFq5$mGYP~g2dLmxvY(z6PGof
z(`zqp;u>z8@6aKDwzsqijHG23jt&V+?x-1U-N$_jRgT9d*Su0qW*ZoBr~5YEBBg3Z
z`ax=YbA^oj+B$Es2!dd=z8S3Ud$T<yk1zT|NHZ$;&;6WyTLTm<sathkc6dU70tBuW
z3vkZQyEmAq+RLM(j9a1#;C>|`cD8?GsC2v$d91ZAzSYeC<9ljr2LaM<b|T<YNSjy$
zUuHk89j$>txYMOjrX_P(Njr-%P~Dr>e82E43giH)TB8L1K#e*o6_v#3ED2*xzu2mF
zV{_lP>bYm4OoRdHekV!x<#wv<Gl~Oc_*?&4cEAzj8ca*$uGA3yd~C&)VAB4xSZivl
z@pwM~f99D_v$hjBm=8ITFXefecHh!rkYN@<5Q@!FEH&fW)Re1ctMRcrMTq_~)*>^@
zZT{UrV|z~Pt-+Kq@XE~c!ycDa;7aW_)YDnlo^MKwoif%X^OGye;R4G0rr&Y==}dd;
zzF8YR<JlrQNBpk%lQ_62Dr{YVDD#<l`$Jk=gM5Orna;@QS!M2Qot-``hjxH`5GbI=
z&G)FpqaKFp*H6FA5<1+h?y?RWkuoXJ-+K^3dLYWoxHmMC6}qteF4e=xHGA~Em=z^2
z_nvB{=)F3EOqO41SzcC}Y2)VQ_!YH@!?ZcMieoaTFx)o@bwz8j@(J%{!!VnbZ??NQ
zSn|x_mlg{y0c!d<qDsrsGIOCQ0Z2IF+@#`akEZ4DBV*k9#d8b$@gWSv881v}$%+F9
zUA!2u%tGL)m*vK=2?5>%PX(A;><@qjolS;befB=BuYcYsU8Gj(#(7zug8k|J!l4CT
zIUdhq<Yh0UV|;0_fO}r3RR=q;c6Uv~z&+oh3GTP5%iz$3GDaL2oM(pFoi2&B93QA5
z^rk5U%Cydc0P#Uh0p2k2CDJmQLv16Yy_O5?ljpOc2*VOdt^5@6^T~Bd@hoG(V~ZTL
zIg6e}gK3k@gWL*(AbI_%y9soliqN|jX$1&!*sH-jtGPx#>|E)cF(>}htS$&I6oE&7
z9RtmNW4o>FySLCxdhc;&6zH2yn)v87c=RN&-(_8huOb~=t6U_kB5kFM48pNq7H<Hx
z$?CalG|2xs!2=cQWD~-EGY`Pu9ttjZudmM%&E-W>T(P5P*^N2<f%~1`3$j^Mu93BB
zcT3|KC{lkXWF;4u)I@Oo^xSeSq4)Of)ebUon@2!*ys=%X@3GeUm{e}haireVX#PaD
z2vLg>>>XBu2Od}XU4||`pBBOGow>NTQjzMt&=xD6nzw+)qdiJgh{%u8ilWGG*SA-3
zF_bGUD#Z)am8aEqh9Xh`-4Y!9(cFbw<%?XCg*$=Pa56LGaw=Es*Tp8MPmfo3E@z%a
zQ?w)03`$CdDV@3*x2{KTTQ(V!uS0;U0vXxvV=4tSY$9ZM$Y$*klB=ElA@#S=BH(*$
zXpu*=5=vvqf?7jc!;@Veha>&)qXpf^Gw*9&B(t)W@u~Z~oorG6#viO%LG$2_w?LKK
zqSv!Dy<`ippgNk>;DFHKoy}Pet)44lM#jQVMa><XYBWUDuvB&-A#)CcE<Wg=OW?0x
zuKjCI$>8C`B73W64N@E+N3P<Y9ZEj`g6=(prYZ+snz&w&1CE*2dUmfx+E!ZKheiEc
zSqR{mU9Nd$wNL)!wd$sLS*6M(KD4cBGs#WjtM-hxq3ShbW_~x@&6wnHIC^{LPRq!G
zmc72dVMY}<z`Wg+Ve9-2ebT$hg&`#}?YrKr4aRJMm{{0iu%qC6k+;$DU!O4^fy)Z%
zkdpP_?=&*(c6bdCFXl+858g9u)mbVMToi<3waw;iY@C84-fFkHlMK+x*=hosspi2!
z(`7Wa`uh{V8X6e#l<vrgStlSCVnYBc=|}MU-50jI*5`YVW?Z12&8PT=cx{z{G}tYd
z2A+?PI}7juKoMsDkzE%@N65Q({FJaPXJ;Fh*7EY7Uqp9ycq+GUKB=96fl)+1*emzm
z=zajIX#`}nsopo$BtcVIlr2qw+oZwRKv_$S1|63Hc>jXCZUeQ23Kg6K#8~9T@f#S$
znplJD*PCV_AD+!1QPSD)ZIaZtQO}d!iR=lt_3AiCUsn-8<5|*TD)g$5>R`e4P=TQF
zqL`flh5Rhxyc>fi>{t^Lg{Y|mljFFI>xhG3A==sSX}^Bs+ud^x*&i*!^rurm$l@B;
z7y3~8sfd46yTRbxA$n;0hv4tbdcyPDH}?veG-^eQ)R>=Hk1<qeO81YrE4{hC3fW0}
z<ak~$FpQug_^7(08jLnt8L|bzs?u$YDR4k&1GZ~z`-E~-L@C?YXKVj@Pyp_1D1~9e
z9`D8Q^WBJXb@}u@qPoF-rz-ATC5Pb21RjW$Bk!xJ;Mlvi9COvCKvPkX@zgyQAh0NT
zF`zxN`Z|%TVf5-@{}2vo+b1Itct1jlHFE^y1kZhT%;45}JgQEKLL_zW9`n*JXM`<}
zi*k2Hds(qR%0#-jJJq1xh{aex*!#|=Zlgb#DbsDaFuRDzXX*_FXdw{IW;q}J{M__H
z4bs=|o7t#oed-qa(Q2DeuK)n6@Vyy`m*wWTb&QK}<C_$2mmNr0M{{J5xmG!)T0yEu
zh1~K1Pymxaw|AUt$!4WrO?Q<o`3>A~2{1T0FTe3z@Un|kC!dB*Sn((?j{|{i2k&>~
z=1?p;|Hw)PIrYrObsKp#d05p3y0u*Gy@B<72%9^SuooIKzO`4>JLB))w)bEutgAmB
z^bDfFAm`<oGwO=cdo{*@56ZT@fSt3y&Fk0{@9WtdY=PT|yJr#L-I!c`{v*RxYi4!^
zUVhn|bu2J5v-Af7B2dZ%nN~zH?H%EvDvEgAf$HhSU<Boj$#A28AG5=@_}N1>AlJ8F
zY=wj={Q*2EXg)Ds;$XNBE+|=AExso1{nZjgakJ8JSjT+%zylj)Fj`|)beLx-C0AVy
zD2V=XYi|A3Ee&lVLVHFW-Yoj$ViX6pF^A*gaN;!`r10c7HRr7u;!Mwi*~o`Fpe}f9
z+j7HRGcE?eHSak^F1ChNdev-<V*xpW@YxDc%AAp-u;AsKQnRuVG`#II?^-v)<=8}(
zYTEjgR34^q4$4aOrTQ2czCR&V@)Rs1`|*ZmRche@C<6E3_M`+fzWavbuIpsu@Fr7G
zB3*<e*X>2=)?@@*ir^^jMW;s~eXPuF{?Ep0Bh2rYfTb8{D$v{WJ(}L(G|L(H{<2}O
z454sh^5+)AF(BQ%2Nv>-oG<3G#5QIHFaWpAohIkgr+E6G4UC)U7!$4=>akSM8Y4m0
zq`ykM?c}KJiGX<1g{j6h@E!aQ%PgW+#+r9o>(L5|HmBT3FK1j*!f5!|zQ{rH!9%J;
z=HSv;G0&d1o6MLQ%w8(W^(56)Bu<)P2D)ov>=#A?MeXyHg0Si>3*Ic(KgXG6Z)B%g
zi$=7eAr4Upp`xGM<!1q?XU?|6#=;H3o_WWUJ`p>ZKy7V4N$7C30(E(N#5Ztb*`Hf*
zYd7y^*HAk;UcKq=gl)-eBjoyv%iZ0>F!rZ@>OId5vz^dWrHFeAXPK@T*a`4)Q?gB&
zFc1!0N9=bQgNGhTZK1(`5YOdxS|h=UB?I<)F?U+u)(f@|DONKVBhx#j(pQsxk2RBP
zm}I<#Os<}5*=2O8_!Kh4SDCy!S0;DuUiKZ1xV`Sv2~8sMaI>PP$J0gldBiTZr%nZq
zKaEHCDTIIf^=yz_EBbZ9Z(#?az-fWx#=OWXWgS3IC!?bvA2|v6;DD4FCrim|EkP%C
z43W1Li~Shs)#}!Gy56b}<jvpZ*O}gP_}9RIBY3T*C$(yJqi=8AP4bTKH!<SEy&6{C
ze<CXm9$>~phMFVVuQIYMHE?Sr^FeVNUtdgFakAPBG5RlBPZv2+XAYo!flfy9md9s+
z9Sorv*yBH=Yf1TDva>nUMHRavlX<yMHg9?hxA2qHtZbRN*x|QkDd)nQ=c-Y7SFZrX
z5bwhsgPl3j!k-xJn*RMiJ~xL>v8$@|V-=<@a6y3F>MSUq1tbbcG+%CNPzeWNF>w%8
z6uNAVuDkwI3((nv0#2;o{R03Y!wOX26Z*6H<gd(hDCuncKRT~B3!-BekR&MMva^yX
z^`-|cRu@B;gOIEV@Ucl@zqYRE;t{_*UTGO>@&!cbRu@AMX@-p;l&^RP@724sc;-1j
z#C&Uy%z<e+yQ)B4*YChv;>v?9-+!t!Xu7RSO2!b_>3(%!HZs*yPUu89LHmemnu7lE
z;Q4UeaXjf7gmnX@db<Zw>lLpbv#vSL@u_jOR@XhLbr6z$Mr~d%*%MZoEq{JvsrO?k
z_G8(8a}?J8K&E!WL$6joTU<hvyp?;saJ?_%Oe`FrOra>)PU0m9v#xIw)SYMiiW+K*
z<VLLp++z1NPDF`?L=UIRn6AJ5<THg7Mq6Gx_;p5U@S@!q$g<1_;q$qoUs5R(5<rEp
zdN#+;M9RB4KpjZ;PbWVt)Gmv?i{I5XF^+Bmbw{Xi4>Y=kSp)2ik)xS3oGdCus(XUl
z?gJS1GFwI`z3GM{dP57-XFbi^h9Y&v^4?(piW*f}adNG1%=#*9r$SeN%zyOtcd3Uu
zSb*%Cwv&T>=N}6UG~jFiW76?B;(mHLeMnETsEm^NLgH5U2bu^7?%Mb1QsCZNpkkxP
z##I>Jh=d=kKwNXynroN-;!aU7SBvO*IudZwedH@R;n7JtS;Bd#Rib9Cv62rB3B!5t
ziod$)It(tRKFCcsd3->FI(-U;z&q)ho|xFOt0lbCB5c<eeo%|`k*iaP%2sMb3Q>^l
z%*A0^&(s8grwSQ)IZONjrK(&XfAdx7S|Ji?-kYjso(066GO@(L)tdR|M`Ihqi1O?}
zGTrQI(LPqc2j_|P=v!zA-IFqEoht4xt?I<7wImaVC56!g6P0qFUl$Cxl_>`!0bVFJ
z#(z|Il3#50smkk|Y!gyh+b|Y)>opQFD_?n~3(zv-p{d;6U7DIgJZ16KC)qjRf$-S;
zGc+fOK!^p@6Nl>22)^O;O4r`}hlj3)EA!stX9lr4sN;01UZ{YFu@60MI)s;Pw*)Gs
z!BGn}9|M#jC?6u?&zLBm8Blnm74pE2#j_ogJ^%$H`*R`zI}PL`8%-)!^nz!?MdB`>
z-nHxR)-~S&QHwxuX|+g5cSHDL@<6qFM<PnMd06EX7YJ#^9X&~EXyg5x;^GDxBwo$h
zyk(ufcGRe$guSzw+3#XKxZ{J_j**}!mM=S*ZX*`<lY;_5z)R7ZU#j1kNx<2?3u7yi
zD`H$}j%dX4Uq3zx1P%s1DpdT5Hlh2eWMaR~u*jWJ$PFX&9V|6PC}!`#OIhc<5+A%D
z&#awe^FDr**y6RJzPp@Ui1+#j>aFdNB(xZKluH~q@8HNVHeS0d(x-y4?!j`Z5a53l
zP>O22Z2S<cXA&eB$7m~CrsWw+1YXiFRQ)pYL>kwzJWtbwpPBX-FIide*rmVSuX26d
zqS)d@z&yY9iHLv<@N6D0(2{wqk=DfGDYW6M=WZj?8#MN$%pbJ_nP(^$Ao~*Jeu^m7
z>M{&2ji`NhN2{zA%<FxOjjvve1lpTvCcS=iP$P^vkUY>v=Zj45O@g`y-qOwnfY#@l
z8|GhdmWyIGLfM`hNpZ0W(%cIcD?tUR#U0r`5bYc_uJ|D8>4lxw=xykyH|>5M6lj2!
z0^l~*j`W#k5b{H&@4~mwAEys4)-RGaR?noQ3fc5adZNxQensGpXLB?!F9VT%<xW$P
zIg5Q&9$q@ddF9#v;p{D=>R6&~(G3X_BtRgzyKLOu1Hs*0g9Ht_vEac8!QI^*Hf{+T
z2<{HS-Q_jsobTTE#<)N3c>j>@>h7u~bIrAC)v9AP=1s_<j?q?zIPQ3P+s)l#WWmCA
zA>LFQMX;+igLa`xDSBp}$I0g2ryB#E>U+`#l6!;zfD^pGwC-Ne*Hu+w>O|AER1l9_
z%d}|W8dnkPAx9_1e4zy#oSnpC{S5%1m!QR?Tdm73JUH(y)i<Aow!k$|vxLy+e-a)l
z{qY=nu<U%BY)5u3nN(ov3h;zH0+2tkalKzTYA9Ig@Nn#wv88PA7iuYlG8^?KczyOU
zdWa4qzlC`Ryu~cYw#zp{`MU`JUN#=RW8nacD`~QlUyVNAOv_SM8hIHe$u=rMbwyFT
zt%H${rUH{(|EyjY&G@q4`(~pu5;1zhixtw;nq%$p8K%%;i?pd_^8rrrm>Ni*eA3rl
zxTYw-dL5%tjDYp4Nw8dNE2AQLLMDB*zI;z@K<ZF8Y-mUonFA=HY0Uf-rQV{Y{2H5q
z+~?N{1UqF7ik5JpLsLb+Vd<qZcE*<;NMTwR#JIFd$x4NH-f$qcv4*LfyF$x>&j!Pf
zG7Oi?pV84q?u&X*s8$^FW1hSJ*D~=Lp?g>p5Nms}+!CDf7*tef@wlY*owNE5*%hg$
z_;)n6^6N~O1ZS<M%$GOyO4L&Kzw+x!pZ|o+?C<w^KrwrNv+~qnCALWTlYmeLr*O|<
z?#4PR<kEtJfb|Wdlw#L-_<YnU5U+l^Fz7>R81)!n(!+i}nk%83FMLau5t9}uTYPw|
zXwX7^RryJ|72k7rGPr<*UZC|_&u6<t6>_nX-U{;DF`oDFnPQwp`>UDWE;?eP9*|y+
zY7LhNm*oN5VYH9|KD@q&-^V?<1gjl$BN+laSehgb%~GsjI`Vhl4y47{dcrQJ-S`Y1
zJ$|O+bxB9h#~^{DEG()rE^Q#yZ2sQxN-bR{UgQTRl6#Zsuf)tyMUl84bV)2y{5{80
zt@G8tZ3vPnU_qYs*5pSNOds!h98b4DpGuKeNgH#N8@%_kNYYwTxaL<#gU_;}Kgk{4
zbmV{H5<JMy7eJa4a@>!%lVH_<T%LIw`*4#_-3j<TrTjVz9>sW_APWj=<F$mP51EMj
zG6c26Y<Ma7xK;>$JVk!><K9l(Em8x7ydTWuz`?%Hr99;FmrkMp*B2mp4pfr+ZzR@H
zJPc1Jmws?FBUWwsTlbgbtf%tEdR%64B<rur2O$4%^1yuVcs8N#sGmQ<%gq+Ut8p~`
zq`+CMfd^AO@@dpC?rlX3b{W<wlOLCh&7LiDdXNx5F!9q_){@n}fuxA;MA>g9pT?HG
zL%7x396`^^d4CHa#~+87AjgcV3APfVc;x=;V(17@B5?1O62N%=wy!0)VEqqZ8SC=n
zCgiW>QWjT8KH58_=E=|hc)L7ye&S$%^z+xqXUH;S)MG5Ja4<y7K8nz`>KcMeM3brd
z#;^D%?#gItm&<<JBacksCR#kN>tB3$=s9bnUFC*|tNsXHuI;!Qsx5=b?uugY!)--W
zN{b>QUC;hlY+`0~H@PIHF@=YD?_hV}KA)=Y$X%W>zHk=KXoY@P>e|gdW2=X6QIui(
zXk<7GJ6BhT>eL^|ypE31vJFN2z^9+NzEZ5JwMwLcxseZ#qbr-1jl2$5Bo(mu2j%WM
zgEg~m+a~XY^ry;%vkr9T=sVHUbvTq4XefV2CtA2|bZvmJHe9fLPuQK$Cu^Wdp%S~;
zIYQj8JIBImKkf0<(|C_OK&!307CeDnr1a`fqe?^(w$iC@pZgd)guZ|tu!{YL2<A!|
zwxdct;noy-G0Wz2<vJdwe`>m8GT`SBt~@qG>oS!>tHI%@2ppEr<AFm=y){i31sNEh
zp)y?j>iy&tuidSgoU65N*>8EcM0aXFsVqUrg?Qn3!-ho+MiuCnT5mQee1*%0dp9@e
z?Y&2S{@S8nH!nG7*NjtpUWSLL3v!;u*bz;&*rlZ4nkLIwJ5GTv5+8lfe9+z=7YqGj
z1O>jnHT@OwtBPZ$ZU5S?FO47cTlX{zaka5xcW|ih;|2sMz^-`Uy@m74#8Dc4qZXAJ
zLSXQBF;@5aa@WxM{?p5<sXyLMhcI0m$S>0bg8aq@&S}o!d8)xc?hf8mGJ()dbBnan
zzuTl96Fn!g`Zr=KHuGwmg`G95qNUWVmevWvWi|LJy*1QytA#XPCSR-Cn>k@54GEOQ
zQN*nC`euE1%SKuO5;ZLflf;%s!i^5iYQkk`C{-M-zn}E@V%KH=b<Q=yFq<w`8a*`)
z){xsAY2jv)BS2v8kGhteKt-UC1a}{$Gl6hMwCarg`ooA)6*!!!JY{VvL%+$!jhPLf
zyPF&Ys{TlKCX9>nN{WEM&IAn8V`O%0cVl#hYuD-GG1T}FwUX!yEArHPdojjPb$ucE
zQwv*PheNWJI@04K%9s3k$+3mGH^+*2;m`+IIbefPsVj-neS7Kp@7tjyAzKhMEu9n#
z(b0WNg|O{`xndbv%10Svp4%z{qpj6xBMPL(ml(>`k<Js)(Dn6<RURdvK789Lt`{$d
z@Z;a)P-*utU}n1Fe}{OE?3@VjO9{~+_83k1H&*W!j>G_MFMfj&GuwE-5vb`cFK>mf
z9j^ud7zURuw&UO&FNVY_`B{l0WcdO;l{S4z)OH9<ki-`;HID>4V=B^{E=|7SHj+r4
zUh%qZFeT1a4#T0IH>vGdR!|Gd%ZsOyddwsn3-Ya5S@S(C>W`P|Gsx*d^=t+&&-|eR
zC)e}O#yh`i0cujbwBIL5$P1mjAlh6Tyi_E2o{|>(?G;Xik=#qav&v;3qMlZ_et<|^
zw{pVwhYGTmxN+amsd#grpZDJ=Chn^xtVCsYL0Ku>H+a~boIDt}T0Sl0u{JPykbsBQ
zcZD^pEml|s#zwya0yxc>GUTn<*j;)hC{M%&l7IAeILNe-_Ra{ZARA%z5Fx2p9CLPd
zyjbtxOCS2(ky&zgUXG@J)RqEOM1%oR;0=|S8^u(Ed#TQZLlxdOEbiZ8WuXhQp!8g_
zR!DzPc)MMu6@VCDcvJG$uqlkI3kG*tpOwMOkA$1Ox`f>E&9--|f~oAvRx285Y=Tn&
zZSDCvXMw!n)fne6No88ddY}y71kP3uXKM9EI2y+8+FKSBc$XtT(RBWz!^D`B;M-E4
zwKms%N340evp>w<rfdlcnZ3xb*`1u+Uu6yj4)m{em$xpe$^)Xvly9Aksaa_%ofze5
z9^QOO3u|IkED*`sW3*>v?zz)vFUKM62Mco6tmwNk58uT5h6_*O`K2$ESbyq@fi8Zv
zdqfG<^7oSe)V||-;g*AQRfzPbz_uabzD_q_o0>VQO4L*<n#l&uAS=^d0rs-<9_(@^
zr6S*Wr8mLiQhf%p9t>$^5qhNDi2F)z^-n~*u%}BV*M=M8HQN#M1?QMl;k*(QM@4{J
z2*%0!alEX)-4(}U&>ec{n=##F=;E_&J(!KG*$f#_Gm8kqlyY9s7)|~5OIBm|3vqQF
zmO=y9qF{E|i@el{mlN!sl|#^Xx1uz{R%#DZ;T>Ns4yA*nnD#P6^3>@2;(_|g-1?e@
zo8><#JA}p3+OjM?EVy&E1Rt&r3K|scjLEQ{YxIwuU!5`49QqUF>Q~))al`fX=~x=g
z^v3`)aCTnKtbg40;$2`sU5z%b8?E)`&#r3=oUK)RJ1f;!nztl<u<>@}Eu&i^1_o4o
za@(3J^r9x7@Jvf@`of4H<8D_WIstKPveU<%!&}0nRP3^hSxgC`j#L+9o}*rdhjb++
zzoobIUPJ2Sdg}ojVduaII#B=nJ&U=z$r_UY8|%I4aERf0$O;;HV^xgJ2Lw<R_$&;m
zdTZ7Yx54P!yxCW0jk2yb+ARrvbKg89S(%eR?LE8v_u>^pX?2TcQOD)WeyAZ)=N;k+
zl7N)9FWe#sJ$ewl!xBx;Q)|qFG5JU*^k5Y?@2#w)7eVEzK}_G0@rKT7m)!>Atv+<v
zyhd4FOT`}$r`)kJNkpJ#|DugPrBAEBCaLO%;MVO`=dWpa!;uV&DyO0bwLYpsQX$^_
ziL;Ws!(O}te#qBn=Wdpm!91SF6~>G7OR{d04H%G$2Jvt>RsQbPHf&mxr~by6gR74a
z_EQr~M|zP@iU(k4FiyV>cKrs2%ZDghFCNcO49?UdBh`&=sibG}>Q|{Jy}vh*;AkM?
z?_);Z6#Z@;9ztz?U8$uL_Vw7yA7Q*&4;Eg8IEk{r(rA&!&<X_+;ByO@^uL*>`o<~N
zX;z@9BxAWzWUfv{w@>oRPNQ{@XtYPG1%C$idF{J{ZvI}2CpCN3_je!wHe~%!2_@zF
zn?Y@C;vqp|nm;RvZzNzQmv^vbWgP)G@VM<&be)7I{^V0KIL3XAr{)u)alx-Q1F57w
z#uUSqs+<NZxvExg9W(Rr&zYPheKpd?mh7X_YPC8>W;UDpDU8?y%NFl)tdmB$f8sXO
zv^}ag{kiLxul;HVkxlc_N1}qZTusfW#N?1T3V}2t2WGarAlI%ERM=oqOhe|-K(R&N
zccp*wG_WlSKH=>mm{L$k&`|FS{>ms<r+DoFS=DgQGw|K4$6!H$ZCf<9{~UQTdqb~&
zc3})=6O%UemCk4DrOe;`L7P?aL;Ui(x0{4}buqG4-P4{T8(rS3ZPnU7Byf^LAPQ1)
zUcFsF{fU4uw0r%XKxkBXEZCL#F5|b9I-sy&fSNPHK7bPXdUl(vA0rXZu0TC3o=eE)
zDR+0BEwQ}sR8(A!46br+Jes;@M)1~HPo*{TWVv2{74ZXHw6x3^%dQ9N>3uPu@XFl}
z)fGr3(+Ul9tNW2X?<*Kk0tEZYWasy|dOl1T2nBoC1GOxNVb;xt!N*C}ZSoMbCHe)N
zk)LmBRCu+Bsfwh8=+O-4-m<njI0o~x)%pv>S(Hi&T?~;dzSJHjY`)Cau0jF#ck3%T
z32G3C&aZAqo4G{~)d1Po5M^&MTjo{t8#2^C>)g~%Ly+foEeIT0Ai9`!tg>`1$joA=
z``7qe#?;%Mu2FopWRwa8*V*c0EYRv$oaRaYW_G=vni!&0)4}Jm@d8H>$YbR}UOlZT
z3V3+&aRmJ3eqMq_lDYOGn&#WOkwJ#uc$@6qiE39%^onC2eh>JO$2Lwo1~7g0k$xbw
z*R#<+NURzcJY+Ife9p;s6!0<%T9SIHMzuLim>RvfiWB^kkS`Hln6`>`g?$Q&!WEaa
z!pAA6l9qy_NYR(KMkL#mEVVaPN=o>AUqxL&{c~_sQo*2op44Ls1P97{cZucUqPm2v
zw5^C6)P5*lXGc=MiyUAkNB+;fd2-&!N)g}x)MgE@OIoW`axpTbZK>0uEBOHf16LSW
zTWdrA`3aFMuR+OAMfPo4M?{dY-Rj7Z>_311ITQu^L&u3<;N6bhVvyE{WY2#ur!!Ss
zfOFUOX1_)SVq*M=po{l%1biT5nh01BVXG4=U@VL3Ya)(jh-#%!B@IL|u%D`60IXH7
zfi2!#vxUIH#u*^jpL6+R&XdT-*dokO$P<TnG>Yf;7`1G^xg%IcyPC+*D>McKY!Mu`
z_vwwS8dz*dxf$J?5Y%42kNeQmD-jqne#+zeSLZWM2ry5qJl3McR46@44mn0vcJM4H
zoh(&sjYaiNxZx31U+yS*=4U&{mfj0{vlLDb<}mQvFmPNsg)|p`oAw@-mjeZV70L1~
zh%&dA7X@^RM@!duZ`B7-6|MAjjpWZ1vPZ<MD!+O)Radn2n`wqH5nm_qnSl)UX9%48
zQA!WjUlxkfANB{I1byx)ZT+uqIb}L^{mPBea@}u_3<>M;M?^N84+;$pP!|M(eSDA1
zl9K2Zyq6`Q{}6p*n5BusSb9hvgJia~O$MfZJM!QK0s%yR@e-_hcR?)G>+Tfq{;IX#
zj%Clg`Yb2`2M=C)P$He&<HE|jt8@(D;dxE~l*ut!w|ou&%*+`QQjDsS)<R#g61(s*
zzHhY6b<g<er3aAQm5?)0iR>^`pDa9%czNsiTu@Mq)4M+tHm!(!R_pthV#|dR<i)jJ
zACvFS{@2hk`0RBMnlDy!ujRelj4iCg0)MCle&{!vG2DqsPprJY74v^!Epmo%Twi}J
z4IrARslgz|4C$y`S~GW{A6xFnKbFV+)^CvEP*pAV!Ig=4pwIMqZpa;%XkfvuyK{MW
zyZ{cg>br17PDT~Ez;!;Q`J0*tC^-mTkFHHL0>s03i9g$NAp!BkLCV68m{{Oj-`)~}
zl9pahHJF+lV>y)vi4oRoZO;hdV=-3oSS^6m;T|rJ<<lzyVwFOH=k5|u_(RIo{g}g$
z;*UL!ruDHBLph0$*EU0yy<2j`YmJ&_7uEr+%d`RsEtgU(KD4nmiI_sR_-gD|wd-DX
zzfm+VL?-%_#0A86i+V<O)?vMMUj)MBJ1eCW$=GQ$3&&oA8WON^xvRMOIMIR|OWA9j
z&reyXv4L8)%9EzB_F6U|Xk;z2L8!a94k`?%Kne@PNRA1OM2MzfTT31_2UnI{Q-WS1
z2=Doz&ZS>4<P>CVHO`Jt(}F-vERxBad=i>K^s}=ZP!MifZ91c?S2beA)fIF`|G;)U
z+lplwR|wtE{*fqT)NuN**9S2&jkaqp&-%}OkfpA9e0gsuYk{KTBBF1E$I4@w2A!|>
zEC|Z&gM}Oab@J`>G~(4&@6U`Shf`Nt?DDx@bwsI)1Al6vvxINhPwmjbqt(&Fm*9eF
zBz0X`57tM&2EBmX)UGwI9M!)~khKmX1-;#(5A5qbA7rai<p*c-6XiI~E$AH{qEF0{
zFl@K~g0%JQpDU5a7U@U(a#aQg71JHpuPwD2xnDCa-nBeRRo|X`tT&}WI|`SK8#sec
z;Gdt(l2;-%IGlQ4>3zn@+~ibKFFKPj0s@IHXIR4w&PzIv=eo!)+bA@goy+g85bUEp
zev`)^R5oz-C9&1M6FT;s*VXP?=|SyjafKhM(upqL<!66~RDHIDw>#60dW;KUU~uQ<
z&o*qGeo0092%c%?o2#j(LnfAf5knG~gCm22=BvAwGm_XnaXaaSk2M#rS38q^FX%}C
ztyRfX#%4BAigKO4u^DkPaQL2{8C}$C`I8A~LyZV02KIJ-$E<HF8TEX_SxK%1pt7b-
zwaxc*0|Z|_;YW1LJVm?dg@X*iN^cY<YHJ-I*C-??DgD*eK#&HjH|I|Ak20(%uHL5@
zn#n#Hso^N`39#&@m=8BX!b|0e;g}l3-f_qZd2Dn?Ku<|BPI+xS^}Kqxo~*3A*WXn}
z6vqM4YdUk*!Y&)^cvtOd^eVV3hi(HD3^P<C?UV7VH5eceZoIb5(wTb>SbN;NJ`UHK
z>G|Fuj!m!wJ+!kym8iSwe?9!Y1*-3dqMP@%H5zt%DY0aG(GlU$k-oHQ4)Qmy@dKZ%
zujB{7iqQNpn<17YZr9gPy|fEHd-daw03b*=^eID8(83=7_7O4sTYy~2_dZ2Ok}43n
zN#>q9*NeGo&&9?vQ34pEU+UE1R3<O-W58W9%9v`hmN!1@aR!#jpO6{5?mzkJP~Z59
zw6e+P?p!17;TpcN%`!Cs2t>fZJkM(Bn5^}VYqjlUJ<MVRG$r^`Bv!1RNAfps49m;2
zKn@%hy|L8uk1ULE_1<`g29<I<loRUfa`rHjv>}Tuhy89gSJi7Jc?(M7^h8W_WB@EL
zrm(7p9^=S}gU5!o9i&p5gp`3>abFkBunEi0<g8o77vw2mZmC_y?+`K5a(1g5$6BK4
z2I}loI6NJnXXMlOuYUA&7&`WOW@lPz9xI15^Q?_vysEy`+S0CXPkH3K7Bt7fGFo5X
za!<HQTX^blTkd4gFG={oOD}{01V3b~g0GIBt6-uxHsiek{D#o+NGMb>3hFWX74b3Y
z_7aURy_WCV>^f$<s<8$Zg!N7KxAXS>;v)q*qQm+?<=QqW+EK?!Jqh4Dw%QuysNQ?r
z;>H7J-io#eE(kXQh@t0S)6txzUfniYn+jAcp$*JNw@-M$AIzDCI1iOx6K<-%hFP6R
zzrV2_va|CZT=hYxrEh&Ys#x4FtXSG6($v!PSLeUpcqoVP#pgo3Et!pu2J4|rTAJcL
zG3k{ku6$gm>j}EF7NQ7#F1~~t=?ooJh>hgr&6f%z0i|lx`oj;~QuP&vE5`zzjO-|{
zgweRuN6l@F--sA|?C`pVvDX!o!53O-!aV);er#`fc#I%YP_XIp4Cu4sRb$8S?tMAi
zUCQaD^@XPmS@5voFdPjC=pwtGTc6tOA{-CNXPauKfz(-zw)x!MF)lw+#Qk!I`M9v^
zhcuL39ux^oMDa1L2pRmJMsLJM!o;+}Qgn@=)Lf#7_xd@#6Dkj`V&{KudT=Uoq`@TI
zWavof2Na4O_j36v_lK?QsC>wGm-i_MB8I-`qm1_@YM!#P@#T_k<T;a35W-a8dw%=&
zyQNo^^?zM}lkAfo8r+^vb%*SIX@RbjgU+(HukEpWrn(f4$uEzy4t(Cno~SYM&{0ff
z*UP7tJ-|j*mM&*%B(#iR8!ka=B+5|eyG`FsMzy{t?qaNs*uKvygJd>Hpa76T+FJ?+
zi8YDTek<-IWSn(M$dErCJM>4yFw(WWO7U#)>tDJIuIT~;Z5HNsQRTA2ox-V_rnhM`
zYipZYhi6vrvcF>t_G<Mq8ou@Z$>_`RneZ4F;Jw@xw?NmjZpRyvvV%$n!tBnN=~1`$
zDQx>%RgE+X<+mhHI_Id%c-*kq7A=wcr`Ku?)1OMJW?rjeng+hUTbo+eZ}w3UW9$;~
zm};YmHn>ZKe4bcsw;q7<KdIZ@>U?UNcLgopBo8CCz`O%2z$G34aN%?Le)EvkTkAWi
z#hY8e`VFUrF_>D-@t$aYkw;Rg1L>in_Ur-0Ov^TvP8<AXj9`{JT}zb1X}sw5cP!Tn
zF76rWs)sci+tGg#S<H<L5d&c(_NIvBy}cc7k6vkMrx-gVMpdzKBY+k?3BUR0tm89B
zlYv+6_z7)4|1K=A*%}_{B4(Fr_fMvP-{|fBqF(+#wE!K@Yqf?A;u>8>Zxk)fvyx&;
zGKgo<!6PFqZU+t*Rx9|U4P4L&yStJjK|GAi(1<iW9<8C;&~)8rqNjFOOselH7gjS!
zLKRFPKWL5^Ve=RD4Uco=a3d2cF{clgzWo4*j%f*n#WG=Oz8ysQ&=3hO^={uONv@WQ
zWSCVI+HH&2i`ya^P~7+##NZCVA(lKF1OSveFQnYKul;V69fwSlFRyN-#3Us|{mQKD
z%%~KC!G#Ch6(ZA2JpHydo5k~SAwFYBHltQOal0K;61yvIOM`WVobNCT?nFJNEk0*=
z+IyQiV#BiUpNEH=){mR$`5JA*46#QxVAVvHB}=OEUIRkxP*Xp??-krc6T+<L&n{dU
z2zYM7vT_zH^bRU2fFY`6zE{}SqxH66oG2asM>NG>M6;-H?6<)<T>rpS^ZZUL0mca9
zLg{Pl6rMTyM&ZzPH|8Na+TJ~VgeuP&7@mbWppto`x$ucAAz^o}0FG%9sod3rq4rY=
zTc5qVtpE^-DU)MUkWrx`j2ZfnnHRkQ!U(O4IIm6*=@?;vF$SpL+ndx1#uTwm79CyX
zjC@On@^^MochSbh(yE3ewl}-_OyaX6Cy2K9=k|a^ZCo`sLIMmJ>4DFpLEY<tbHaF|
zXl!Kx|J6^_#2OwTj(e|!75DXsU;Gr=3*Z`lEW(u|oJ9cruCOx2eG|l&|89D_3)4J*
zv}+y-nB7o$l`*6(Tg#zTx2+@7OVM3(753UHqbbj_`x7EN>Z^pWPn^Vrb)P42%L#^R
z*&ZE_$lK>y8b7R5HY|pR_WwjnSeqzNud1$ljSDYyR1x}7ZlcN8%Za{mF<Tq6e224G
zY=7_vnRnCb=I_3t8<RgwZDYzAWJkYvO*geW*T1W>9&J>X>QleGZ+5omS+CLP5;Xj~
zibo<*>~BQF(Ug*gXg^~X-)`Cq+dnFwbv*#Wh`5gqLBaQWSr;8~(tb`Id3ifw<GX5e
znf$-W2Zdx^u*T?7d5UOhK@&e6L+QrdRX4yiR+;rnKm|Q%`_XoTm>5&LK8)EpmMl&9
zw|yCcnoDy<g6kVRi{J|!@##;@qYRY`c3l7gayKl~=fDB@L(jyqG5y;m!?r@9RWFH3
zCeLUo)?PtvU|UkfD9^(Zn-{MQ{dN?=*N*}BIffxzP)NQ2W-Q{$Nai>1=X(?iPnYqQ
z|IimQ5-V<X9+vPCZ(wvmJ3Qz`rXLoUs*Z;xd#R~&<>N%4LbjxU!SKs|#bVa=j<O(M
z(|r`KbY^2xaRr1DAcE$WcI!dq^L#JRZL*HB`#0*%D~L1Z!dLU^)ezLhYDgk;a7PG%
z3R`WJ)4hQn)S2Xi7)${wk>69;T%UGA-}`tJUCynG%Y_@0el@`C05REg<f|s^_v*ZG
zaI+34JXdLahJSf83kn?1M^X02-zcj7S=%`ZGdR?-N>l8O0pN+lc49mWHvXF3CT7`e
zJ5KaQM)&jt?9g&Xf8^!Ip}`6VFGV?%cjWKhVQf;3ff~0Td3jEcecewe-#!uB0g95p
zydg0tK`pS=f9u6!j$$VmCgExzB#=gU`s?C!ce=!b%JO#^-*ujrN|@zeJO{TgAks`<
z$v=c(6Dv9e!`5$o9kx4d?FWZ+xWB83K&wNI1#5SYQqm*CB@;WOfGY3NBPoT79`d>n
z1BhvZ-dElWT4h_{DLYsn5*?GE?$JljOMz)<I~PgyhenJPs}oR#^ZrP+1t1Rql+4HM
z%b0=L{8QII)`h1t`T!aIja$uQ-W#zRi#cs=atiLmQrlW^>FM9L`XD%=lskN+a9M}V
zoNcgz`CI*_Fbu&KSdg4#zZQ=pN8{%$XmS$NEC@yz#&AePIP|p`NMyesX7+l-a*w|n
zY*AU{_51nz<wDi{z9Q*6e8+(OkS~Y5pPAn!t~xHNM#AVzx)KTptS#}qLV2YLf#}UQ
z$z*6~IWB1@NLEXru$wMT&?gq}3BLKME0Xgr!x1J-j(!7mmDv=`(f!*l-Pq0|7_M~M
zxw4g)=j7`A+#w$n1o+?paeZiL*NA>IcBcIuYI9H!bOspD!hkrzZvLzG^ZiGggq*Xt
z=^YU;=feFPH-$0Mw*%7VD!l@-{lDR4-Q%{u{V)17ec!c!o?n;**>^F^C8w?AUHH_B
zEGhcx>|W)nnN5KIx=F<SCPScHN{|NT%7?MWm4VHChN`P*3aIw3)b(GDzmO%siZqxO
zHZ=<jQsxyH|LtG7pl_5IIL;ZqM2Kc_Sf+8u#Y8BU^G;I+z&`YDJkkA3?R*wf9Uy6O
z1)fzsQjFurQ~=U@Hx3t|N{hXMUHTf<-z`zodYy5+3Fo$zs+O2bM?-m41?~ol0?fKh
z>?+d2RLE>p;vw%qS3b44ZSxJVLp540RtP$Z$&oLwnaI6kdN5$PK2+X%!ehYu)ocg*
z!I3va-G3Tzh>Jd0#hT4;04I3o=XhZ~0&DJ@Hh1PiRJB+(eP)NR^3glFP3uV%x1ntF
z%*8&tYFg%kjqM%MI6w;E@p|YW$m|aRx+4GJbwbMoqs^zFVQFXW52Vm&!AxBNyISc1
z6ymrul{DBLtQepwuYKYN$E)xCkANp}d`h&30iDtn<F-2#E9`J%<7G?wk#yDoOhm}L
zZ=Nw~e}IcHCT7tTRVPk1t-de6e_{i8+M#}*pFao7>+Um!9t0NASC7IX4hRDWsIr<Q
z^ln8xe{W^f)msOK6SO0c+KZ-LjzsH>xjFBQ0qXtLTpL)pzJ=}WPY8zGnu{pW?%CI@
zFCWg3K|nAl0`lA9b5!%Tt4fj3he}7%$ICcUfV;DHh6kBDJFa`^SCl1<9p5mml-^cT
zr*NFAzBOvBwaatqIDLdT4K<SNKbh%)>B=u@{*Ki;I~?^dS!YW1*EAJ=ADmG#c^8L*
zO=^=fB#2k^y(&AlIeGdq<^H}?Yux*&IGB`?P7w3s-}hrCiU1gyv;^oQm7XW)7ouEG
z7X;8Su^<YWC=3sfH3!IOQCck0*#YDYgbOi%Vg;SSOc1<HD;gn>!*`$n`x7`%ERG>a
zwHpTO`(_UG6lq~$Cw4AO;pIZyBr6-p7I~8EA<>gg#V^Z^6W!vDaR%#k*Y6IUu5`=4
z|CpDbbb7gmZzV}uU#ZxN{!nFvjpO&Jujap~d?uU@7q}0;yxrv#aK$k=dE&LCP;O%^
zAV4L<qCFN*Fpt&M3XRjWU%gMiFXe2eD!yM#KRE6B;kY|dLnkLmkEv7xM(Q(J4EORM
z12Q=02Wj&RlrKXD0d!peES8E}a;U@$F=nB_RC9jDAneB>4IBKmFr1w--vnRt#i{mB
zHiClsfeAvEq5O_dR42cOfHwr><MSKBMPDY5jsp$pU$QoDH0#AWyl|u{mjA=DA{Mg)
zK?h(`U#`VtR`yfjuEqNAqVqjP{TnKP@c#GzE=#hB7D;fbA0K{dG`$3Fz>Bs>LJk{*
zrfmrvki)i_WptQ3UOYW8+(lvAk*-^-7w0NS^5dmAb}g`m|J;!nV7=7XuJ*7m%Zpkd
z@&V@Gm-FDA9B8o*0QQ?Zm237H#WKfFDH#9zTo2K+d^W7a{dM(rJ3SoE8&HtqQ=~u$
zN*@@G?w|M0Gp4sNcaN&Mvl9%JQG;^8$lRi((8npu{yVgl18{%d;LYXYo!VdfRjXh;
z5LgS|NbAYQ4@#9UGT04^A{T@b7+*k2{qJx<+74(H3^rE=HRv@mnICG*wUye<xD&Yh
zbpsJy`$(SFDHU73$m1}U{J(FQ>*Dp%+gcE2&(Nb(<VpUtgXPjb+8mT%%wb3I-;gGq
zZ1etccQc-_P%}naKWm1tn$kr2+r&bkFL6=qzpDZjQ6GX*2^R@9e1KBIAo+rkgr#9F
z{?4nDsMNmDsDUww@ijF%*lCl6)0kO4@apQl$9q(Mdm)7t`u{#gNOjs$eZTpVkp~9U
zUlwcHyd7{>{^r326FDS>Q8`l8hj{8pC!U6|p#8raxYP;FiW&sexSm>=ARk-Yi&dfo
z>F(DDTfB=^(6shuaQ-FQ@ww#nvnN9+COi1bV(*Mj@2<%%21p<|cajP9B~S_Pm4D_z
zT2Mn9zVfcWh&XWxG>P!*52^b<vY_HS^*neWJKHCV`Pq;%lK($xQhr2}sLKZBi=keJ
z1N0$qX&#fxYufkqq)Jrj|4QJQ39j<ZixdOD7BkRlzyJ5v{|iC>Puc*afbzfP7aorG
zpXUU|yy(_H?<OXlF8ZGclI4xElpMkWk5a~G{X*&`uml5=QcU}xCuS0KfA8*LWc0ku
z!ik-&1@5X`a22PIYYWZUvz<KY0vblafe4?@v4Fnsb#^n96zs^?Vm&9c<Vb7@<>NI#
zKw0el@;=f;Y(5924pohCAhWGaGP^OK^7{sWb34}bc?&~fj}jdz+u6^^Zz#=sc{)D}
z9Mcx>TM$uZd$0@%ZS;O<imj@zF212u1!053kis2qR|vEo|G*<@0Q2@Whsgj?YP9Co
z7Nae0*``%Wb_V2Q@J(HUta>dj3kx^*K&MZe!|Ju+c#gKiXPj@q%b;dq15;3JSw_Iw
z&1|C~Vn+G=-at(+qH!DSuSH(G^<8~s#gcio*U+-r1%^UI#E&_J6IDzpOL$RF9|Vd7
zGgf<U;mp=}qg@g6=;-!Q0ndN+Vo72=B`DvS^t2os*;&AYXyX%1jvk_8;}SK8sMsUw
z>UP|*P6MxXW;dh>1)sP<S%$|)T0FkkIBD{kT*Ny}dLQo2hj9!vfW_eq0L-zNv|x?v
zl#^Wq5;8W4&)xeBA=!#8l{OwrX1)GEx>`~?MmSP?<6F-;sd_zn;HF>+MqrIq6us)r
zFdiPgnlIy5D*FPe2I7flfNp@miC0LGuO5u8ts{DS%@$ipg4^z+9bS!iLj_oD`qe-p
zDl+ub4>kGS&ZC)+@W4q}F@{>9m6{J)k&5{pX;6WOhI=$9?`LvQ=hzH_K7ZrDlnuAx
zCtg56C;t(%JmMryQ+hrZ+ktX>;25DDCWG=5T%b1CtHTLTFOATnlAn(!%S9SF!p8+s
zNVfqtnmmJ)j_N&Gd5SnKRt}@z&m!D3K4;Ml56I=Nf3`S0EU2ai*i6$^^6B^~7nk1}
zw+x>X7WCzKKK4a?tw@W)aezlV<_4qn@5YKZU3QEaD9KLgX5_XJxjwW6BP&q8dqXTG
zL3Z)<YLmXdREyI(P@SQ}ueq46*W``eBD9A{*ztk3d?$m=n4{5a_2iV^n_4_HB4Rt?
z(F<x*P6%iVO1KVS|MQ~odA-o@uJ>VZXlRb=f8V2>JVq1H3%dR-L?**Rf&nSBvT9X*
z!jqAaX*win6UKS;y!QL~6H!)3+fPyGnZ#!q`YN5j9s$(E$KN%xfLVR2=&|GC>Kd3>
zhycvGPFO&QqT0Q)##CGqPn``xcYHV?p*<r1tfdrZP2DEIrB!(>WXMD#BVC9)D3O9h
zz!)2CXbERPqhzh-J<H9lomU{8dh53!X?b}mIa|WUv4iA4lcR#pca(OwnG7@5F4K2`
zh2Iuyl9R2<<AG#nsIl@(qR|Bl8QbJr()B#rinqFzjp)GD=jJVbw<B@zw1Dtnu2d`t
z6dQ{%EWh>sVMN!>c|o_{y1(r$2*6!9lE}!&*r`6{OWOO9k&(^j$#qw-R4+0psSo5W
z^P=YKcSwB}YDs|Bq<sS<P-GEexw2;~IBL1n+-Z6hYTDn?x<`}MM5BZ&ntvgjKmgu&
zv^-GWdL0{|j;c#QfQSoIAcr3wsk{00XK4?D^LeyDRKy1hR|OYglls@3S33#LPR=&f
zlrM|)?cYV>cRQtTu+?-uv^KN)=2Dtyv$V22{<V?G)cpNZoJ_v7?AYqnirXq~<HKN9
z`{G%Wa!>Qth^}?x<!cZWD$u-T`K!2I>xBUOPmRzHfRhf0i7RktE4e|P0}Gg$-VYi5
zywVeY{;VBuz=8f#|B@L9k&x#*dxca`tn_PVcJ_<Cak#MzDo0ES3k&nV9M3ZHHPzOE
zt0LyegK;#h^;-D<`w@y>&l~Uph??;5f~_w7H`NrASK(1n8wsyqy`~y8KlIn|K-SnA
zh0G^-pqIf;4i6*<&y)9Q!B=ww=gnYquoj`vohD;qD6pQ{|3I3{pE=PTA~HJojZfQk
z-*zY4QSCEX`c~aQyNlI~66D#-$F=4Q#8ok4Y{y$iVH)K+pqQ~jr<>hhC0I*FAEF8U
zH5hdr_7TuBMVzd4;9m0j#ftx#HTpQ?X?_y&jx0aO=Q&G~&Y_-2-42g?Vs1R33<)<}
zSSRaLFY3zG{Wv`t@#I{2At4SpQV^}X*##a2wEB==8dF_HCKR@OU|UvgJc2Zw!Ws`@
zWZ+LF=mkJ-o^clIi{To>!ooHlZ6z@s>L(#(WAj&{?VX<*Vm-a&rKJVKg34~}7~5~p
zR6!y$3WwFs`#KLm{|@q8lhyTuz;@ttD)mxqqs}bf6=Ga2>k^&SYM*m^tqu#S#!>&i
z?a!^saexMY!ydtR-bbMb%*_=9x+NQd*|rZ;)8hirgda;j42c6d{XQV;3OLT}%}EZg
zi@%y$mxpXDMn-maQHDM`U#-{yMYCIe)AzM!fc0*Q%&4=o@7EjlLd9wKif6m!sag6n
zO6s@2ime=65)`p-Y1iL4Iazb1SBA$?=%vwT>;%DuW6~&W6kh7u)PVufwMK9`B?la`
zgi1-8nlcz$vx??~^ntZq|B~IT%<H=tw<Zo)hb3g8-El|(dcIsJtsozuM!!Wg<S)5i
zYX-i*<M+B9u`WOEVj0{jDZti9w{7?0-K<n!GzS{aEkXqZqC&efX%sigc}bKU0I@^G
zHMQGP>oSDDl<(hm<<ues{>IriHTT9K;|S0Xk?ud1F@y9O-fh|rrVlr5P-OM~bFf?z
z*S;iH9J<&~*{Bz%^i!6cms7sdR@2#1ekbAjP*@LB@};O@QVE9{7|(i9FAW`c6#;}U
z+sothaIC|G@dDo9{(&EpP<~7JMz5ppcpdOd)RBn#G6Cp0{UamqCHwk*j*S(1d;mNO
zREa}60}wv|@&IW4pK*aF{D0ue{~69l9Hi^PRGpokfJrkowHBH@u;GHf<NTA^0tWag
z8~kD`fS&-{7p!bx_cf<WVmwfVc<3H2B6hd$$3Ka8Ae%dp{ell(F8sfE=Km{%`2UBz
z{?DKCe;zh>o(V*j=flRy^&xST2sm;RURT!!EAhwbTrJjOi!<6UIxEj~hTkhVhYR)a
zLp3};XB=l|$n=8!b8{G<#dSJ+dWZn{5*vF;c&do$_}EW`g@dzy(QZI&_i3IIQAj9*
zg`Hh|qSj2{+c)vuN0uKl`SHZ|mZp)|j49n?0|c(F4L^UnM<q46FCu#v{jqd#sFE78
zkVl`KCF$=c7x)&{(^DlC>U$?wc&3|_nk`vN{psBzE?2{}dqPrRl@vy3XhcQb1JKS~
zbff<%zI~v6zwrdjD_M935{U*{mTvBXKuylqLMH3)=oeQeXK@*Ixq><}nf3J2l$4Z0
zo0?t+3ZY0@TYKgoYo^;M6*L?N>=^`{>FKBaZvSk9OAxN4r4|@hIC|PZ5FWu|`%{Dk
zC3nVyoxRraY2rOd<XK42==10NnbVg7*33c<gFkx);()L1p5=k7GJ^3_e_#mNdPL}#
zzA%ybfLL4`jItL3SeCCC)^>rB5fS|jL>;+W;ED@9;6Tlur174n!HMJhw`=|75S?po
zR@Sb%UmL$Ed6YI>HRyZ(Iwv~p4a1f1RIzaP40BWWEG(#QxH>w%X?SYD!B8H@Z$!q0
zH<dyaABg(Qsc~k;hNtl4f(@Xiad)T^Y3Bla0XfTW#f__j1HG~*EAOE9wW5y@(^bD^
z{Kj80`8Ve0t`Y;iHiAzZXxm+LbISWyY&*<)U4XW0wvd3pN!QqbQv>~E$hDdN450X&
z=|}#0`+(})U{NE=$)?ArM~8#OT0@%{r6n7sg=-k4M;oP#%0`;)k@T*38Zt5r;j*RP
zg@K_SROIckiN9VYdEZsMPW~o>{H7QZtR8PGf1bq)lTmE&Hrj>SNF!Rg2Nqzv4qfp2
zVSIX`l0o#~jUeWI-R9{EN1>!at(CB)&UA2i_`9iExZ>HZwc9z8kPERA<!FHa%6OJS
zKz8D(*Js?H_vBPrgI2ch9pDDKW`80^_`y&Zp|2hz1J138rrLTyS1V~_h>E0pdNf$m
zXKIX;gH5cpfegSr;$guwvzcBzB%-1)P^VfIJU4mV;1>x4;*B1lv*YCQ^M>Sc_tKK&
zz9k1Ir)YFVIy&C_$b&S!`a}CRUbu9=hOM>&9iI=RBKNN4%6fYK?u;<qCz|jgMfoaa
zd&AALKixC5|M~>nU4K~MDsQ?p9eD0<yEoRkCgHZmg-6{({*YC+IcUbV%n9H+i4ZQb
zrY~D5^QTj7@b%s#xa;^oEXm)k^#nPSaeQ}+q6LGy8%t+IsW*hZI9NGFuPcZc1Pwi?
zOjt+tn@~WwzZ+>P7hCu|_6YOnyEI%X$p8oWPmGh!`36aXJ3dTaO%26o#SKxLw;9mZ
zp1^8~@f=A^kY8dU|9m5A*T_POuK02W>-#QI7|*untfw|0hf}5&ymEE0qwX&iP1qe@
zX_!ge<id|-^%oE7JnXUWa%AOFtmW^G5WP0KbPrTwr==0H0O*m2XZ96{ItudMIGR|T
zTv?+ixQz`I6?Jy_QoWh)>$rEp8%mYW!pYgU`6hR~%nBWprN5xj<h6wlgo8~Rg$jho
z1OyC6H-9Xd*1LtD#dLJSut!pj&Thuhao><(;TiW6#GTI7yoa8-9Z!6n@x;Qu!VQT^
z6R~i83l&^q^`4i|(&dH)%8FTS(T|oPev44AW!^wo7zyfrkl)3{4o_v#mjs+kO8Bwb
zntER{B*2W}{_aSukz2!Px*6-xxxPNX{ID~67=MiUJ|G=(MZw$w68j1QPLb~Qdur=s
zL9sosWpNiFd2qRdidKq#UO@nsEM?f|-sK1q|I6&gYRSSNc_=U6+-Uzw5K!dG6E6^p
zg9yoykM{-7cZl~0b4T}7U-QI9>TB)~LkaRQKXu_{fiU3nR9kRhOz=P9179kK50<TM
z8O%?HY=XuEiRzqgWndm!vw=$VV`Tn5RV$dD)zLNts57vkMXSz%$xE$esz|85q6p4>
zxX8Gwt_}nu6!bv?nlJP$JncGSrNAR}&(9;F^kg+PCC!Ab@9anVczZe=-;NBDU=R_E
zxfnCj()MnZK4;tPT(PjS2LF~u)PNWGrjfC6h^N|AbF|?5dWYHIs~Yu2MOQimZFPHn
z7*6Hrs6tQnd%ZeEgr^Il+rt$R#PRY@UOHa|*jPbVY}JH$hrYyDk3fOmIja@8GsYhK
zBdz4@NtNu~uh#h|w~e<iU|+KD?3k2>8%?wFG32UT+{oGjDcE>*)2Q-_=;qclTO8Q%
z;FsEXw6@qc1oWxWxYx|<(IPgD#Srp*Cc^!;Io4WJ>wNlWUOt5n#o40ck`D~tjNhoL
z8klV|rvZYt>$VrK^x*@wPD6~QEfBXl+$~ZC=m*TVqoFvW4(_iMBFs11jFcbGJA)KW
z*6WTk6Ed<-`FFgZB_(%PDrs<EN^P_neF$V^Wt;c)=78phzkt@-JQ86L(_<2;n3MwB
zZzV^Zlz|+2Kl;MabJ&^D+(2hYlSgeK97oQ#d%lY`y3I6YKwVn`*vD`VDF>G$^#-h6
zc-`2j?mEzXcZ?c&U!)=7-PY#5kiz+9J)x(EA|^RK_mog7>amZp6kcU?Gzy)zrG9g3
zYojC8jgz>;=Gez>PWcpz7}Ou75>@|EUVh+_<&ud34{ywIBjF6%6O6K&uuyLW=j_Z5
zI>XL;M2IdXVvd!r-ihv6^!!sG3K)QmL(JVu!uxkbxyz^uB()apZ%tJ(L1&I6!ew(H
zJY8k??q_1(g~yP7Z@ZPYXaUL65GAwMs-_-8eq<FdA}?}TA?iVFSAi=~#N6of*s)+O
zYNZ}Qa!v2n5gZ(xT~s7pxdCxKMqy_Mptphou^0)hE<dUxDp1Oc^MdNqfyApjF7emA
zJgl^b{j%x7FfDT<FMu4k*DY2XRCfnl8<+iD{`C8zoEFB?8f8)?5+!7iSiFWo^178R
z-jqy1Lp2`AJs>AN?Z>NMsc;Mo4av#cI?;*Jc`-7ZiYfB%<J~}?2(wU7o+^w`%yyOj
zrxpPH`Bc@idCb~;DikuYTrP`Xmx*8;-CQ`bB`G<Ola+<;2SxMUdHYa}pOJC2c!r6(
z@#V`@p(Xdt-C%%7f_b&oK2v>#+LpFflCyp(C6!6&`<ah%;P_55(oP&d<A3G`Fb5?P
z<Ye2!DWi{i`FVN9D_?VU#tIn_5Fkg7S_wcP;JfD?r3rtrmJt1Pi({|*uep8+B68wX
zim`xmy87INAN*@|`oSO(Dajc!kb6R}Jzngf*^Tib^<t9;4nv1wh!lph^?>G&TeZuN
zZorxIoJW7M+iFr}y}DJGxvC|)8FjTeC+>t4=oPJl=##_L{@^6q$J17Vdt&!i4Jk}L
z8YvUZ9l0;Er%jQOkYZCy%XT3xt#pHBa{Hc-ANut5b8<|Yw$A2S^xnsRF3!X1Ghr<&
zFJC?U`!-hknhAPT!Gz0~C*0_>eLz({SD_Xk7QgaUN$r$Hnq5`ZZmw6tfS0qEv*_?X
zt7S%HO4nX)ONXwvkLt#8X&Y&*u=Lx8!Bzr^fP0|7*rSf(-NiwFec9I5R_W65zeX?;
z{uibgiWn`r(a+VVPg5m$AP=gCpP7Y|S3>}jTv2aX+1=PQv}Ap}d;{7HSUo>GYi2SB
zjPxJsj(!3O->U~<=!U83M)TL(kyOqu;1nE=_A!QlJIA3Q`uFTpqTO%bx&oH@kCx;9
zTpRn0cToIb=83K@=Q_RC1X4y);;%7gzxsOU*}?Xn|3IvwkyS<6&-{FK0pWh<_`->|
zSFX^{=I5G-k{`4l4{@yHcYwwVwo9jwAgd_L_F_Wen8ZXh1O)!!O#WB-`6>ePa@~jg
z+4wt(z~(kmIt+0$6BMAT4tvD^l=Pr_-bX><t%HM70>6IjK_~i57T58sth<>kxqXch
zk8=80MU#{M$y2~viuRw&0cUP)%=<RdA37EO^;XyIf8xnoj;tVu4elb1&wEp%zcr|K
zjsH#zpUWC3H&+|lk2CDq$prVht$-zu4fJ7t4v?3vH0d7;?Z-EhTp<D{@g)|Lnd3&_
z^S&<ac!XW?t;Jd?zeyV+rKZC$J#SdD*0&TR33eXh;?hXEnWse@6pSYlbV970DCA?|
zW1zwL{>}r33;2}VV`%=>MdRoF1YDsnq>UNbMU<_rbbpX=;!j%Jt-dE#+KSR4w+!kS
zfz(p;W$PCr$_E2I3;O$^yxfDr@my@!T>}HiLkVCp{`k7C65zOiK{!Rw@1j_$`8vBd
zBqYqQU*F`oRaV>>tq~5pdy_|S)}d48(;_@7CbPf;HVAqMNMn+)8+9eWk@gj}xL&|K
z6m3v#2Oo4sYV?qV0X0qGPE>6FyS4R|t6bM)c-Q!5B{4InIDt2yF8N}f){Yl^z&fL@
zp!s-rv0C#DkV6|nG}C_|Y7<ashpxgXAMmPqP&yenMTDZoA4O~m13(Ya<e9)xgZ-e*
z_XlT7W}}8JVWB^1tOp7T3O26NmF(K1t`5b}Cvxai{$w)L2+kFICxj<foK3qO^GD1S
z0!0oEU+M;ChJ?gC@0@{fs%LpQYKTo^d;U@v1j4a2@Ak{d8LTzkDy=in(j6MeF4E9o
zh)d5scx!1=a6sM5hSE(U*}X9IikG)JG*VW?!h)-;47|4W7lwpHkp<-yQ2#DnN$?Aq
zLtcU$g=jJQ+5kM1Q&fZtSeJwZY(3soPUQZy#==q;{`r;-H?Zyl3~si-(&;_21;xGx
zw$s@e5b~e`D9m6Li+~|Ba#`s`E?>eXHi}@>^%kZ0SQ(jEO(jHRcGZf9{sQWx(|)su
zCW~AJI#1w~2lu$oPuXN|L?vIN1U!YISowJg5q>U#{EzXEvHmD6=bxI2EQhtE4$1;n
z_R~@go<`YIGWW5l%Po*NSU%wPU<3sPNz&5M2L}c5Y8n&pWO4J=p>_?D_$Wi31tDl%
z^Mhd!J|;HS;1Go8zb?r@m{(uekd4;uaJ4AByHLol89T#8(V8a_f&BcFp`m08{S5=j
ze)gS+A+;%)@<*X8SwpX{2_G*20=CLypQ(I+m!E&V=XzVji1IZBmeF7@>ujAlO{2HS
z^D=aw1QRn_Uf0brb4<%DkPdSo$HUpfCZVyBrsa!mi0`wi29xvoS@q`~1G#jb1RIR%
z`o^I0w(@>p9}z3tBqzxFScq123J5)QEzN5{+QnF{*F@{}Y8-EndN1fIMFD#dY<w~u
zQEctJ_lfPaetgl%-CZJR>45`}qYCZX<Ln&SVPBzW+Pn1MDI5s^IJN|W#-sJcpdlXb
zD{`bWWOS@mgs(~<Rd&^;=9X0ekH=@^Iv2WDX`pCKbD@O+!C_(e@|KQlO@^iM<-Gh$
zh|i?o994_ML_tS~SDwNR2Y|HUMHHa*4fIDFs1vpc;OT(VS&fa2VJN<WOuoJT`!`uy
z(RXxYt-A*7b9bv538OI?hr8HLgjD(=vWb@*fMMvFF^EzKkczX1dy<gYvfV)nEW{t|
znd~Us6pdVhEkHBgvt4D%ZemFjKNAH2<vFaao0sF2fdD-swM&x(gt+3<$00ofQBkrm
zS(&D9=<@P%4x;&&fD`ap#7(dqQ#sjak%uOC<+I@(1q(_1p^j{Rv@I(?J-$qZUVoGw
z>&zc|?jD}Rg8hmPAYGOY(5Yf(*WiSID(Xw{s@LWkz~7h+_~@k<$nGZ~={T05-+Wo$
zVXG|56MHIvi4m*#yVz70P#{xNjH4xAEn_!EW;AXT!r!U)i^BG^!SCX;s@MQOV=teH
z^3_D?KAVE3Zq!Pxpk*coeS$?98Huddr~){?Vslar%6=~oS{=F4*MIr)jNybZsvFnK
zF<K@~4^Q+f+|-7n?y|-L7~r5)ZzBtf0!Q$0ZYZrmeno6PTms{hpRVxbwa4b>rZuDD
z2McW1AE_NCr&8z5Na|h>s*4(LM!&1UN2G>I6h&CO7Mt}+L{d?iFqy{X1_bm21#4;u
zL6&<g1kjS_r`AYKDJU$+ddXIgkf_Q0^Epu8+$HX7()FNyR%31T9$i*u3ce_sfD@%Z
zEK5v<e0wAS2KNacx_h4mEzt|8nWhsVrtI%Oubqkqv=#`);AiN^DQVG*i{~+sp<J$%
zjSstyYWZ}zLj-J1!q=eetSqJdMd~f}e;g4pKBXceYte3!d+7V~OkiFS_($SZy>IVm
zY4jr^eM_*@etZiJ+lF6(^{Z?QQP?p&8P(OB$)B9OK(aiXHhY+jbx_L7kC%~oA!eb6
zK&czIoftqyB(Z74TN^21FBV0~o?eyQIP(_2ez#RCto}izL~uxJ4&?|uL|*QHUJ~U-
zE1V&onlO@*<-BvXcn6TWWU<m7_mdZ#MSt(J*jn^n=@Qu3@p3Yjcb^x-Q`%K9>0ATt
ztNl{RV_yx`+=!1gt3?EgT^vk*(-rnvuQM1Z{Riz&`o7S1UnVNu+{zxTSv4Myo$DjS
znf;q(Jm<iS?7oT0Bj2gmN}%;7>o&Pf?ax3cZOCQ!r_{DwheLee?cl8;a8h4ZwQP*_
zb&4kZmGXkY|HIx}#Z?`3U89@sM!H2ny1PS^?hXkl>F$)4P(Vbwq`SL8LJ*`=a?{;;
z7SHp&@7=jNcjxzcDZAExtu@z}V~n{bUFTT%$5)^l@m&-F{#0!<XnZy8-TFlZIUs=2
zUWAubVz2#2p_cjCaE!z+HVq|zo$=P!(~K<Q#W1<k4`pTScBlOI57P%K(lRB=G`a~h
z|74bs=C{2uH0YDLHB;zi&IG3P*SLu*IFH^*n{zumpSd!+q?kw{ItCe<nBbJJwC2v7
zeE4sWhWigfZ*1i6nw^A)eMwEHNL1z~=Alh!Un$6xM9j>yt)4`Gnn7W&cLl02yvnd5
z#~4QqCYv=~Y8?o>%buK$zZ)6q+dluO2_1V8X5rxEeyyoK`6uV$bPc*%W`}L2Ar$OP
z;YgVx)6e0%zPKR8X`O5;zCGXV$G~P|WPIjH1buN|O-+_>w!nWdHwSMNst@P&^YMUw
z`<tolj|H$*Ldm}^DB-^=Kagl?tAp__|98CV6eab{-z;rxM-)#{ASQ7%+=tL3Xjz(A
z#D^-6C!Dq+7F-mskW1w>;pY*9BoO2z{~d9mmLMPv*_~&p>ikMcbe-45Apg9+t!}X(
zqiHLdLw9#SPnZ4pxOj9?wB8g|RH~u3YCwEh&-<Oz1igWRG&O4`!5CPtA6pxmQp)@K
zUd=u(7?s^+cDROqRAlGn=~@H_?!g%ll8!GgH>NdP=FQD5sEt0fc6DD_^mKQpdH5z|
ziQ8v!QDv?gYX1Ev?t8pU=6W;%^W#|^3JUTc;xumUUhtRNy!}kXsbWUh-VfuyJze**
z;c+D<>Ti!yDmP|*{i(e?s8H<rNv=mv$lc4sa3r&W^kdrv0}#56)BGSEQ&6#fU@)V_
zH@z&~G3Zp+&?v0~l{aRIX38|VIZR|Oxr4t<DvtG(HMr_`hOnRGn&TfTFUbg{YG-F0
z5|aMk_$xKCgta!y_^UXozXk_GlarBtz#}nQ`dR4i&lY)MyOj|9rcz63$@|h&9Xv-{
z$YIX;p|8}IB9@-R>8+gH>g}L%x-ce~&z|)ENOy2Ru{htJ$Kj3Imxml*%|+{p0fX!D
zp%7OSswyCu6gzfjX8h(iW;_k8c<q<^>fEhdKn{<tS{o05q3N7uG<G?1duy9W(-;y&
zRh7erMdc2YtS=|jrHdV%nT4ft|L@fayD+RkQ<I~c)0_8Mlzfeig@xafe@u0ElQ}45
zJ{P^JR$%u1lX$>>WPr7{Ca$cjlTZnyWcz*4=7Tj=EoIo@h1BNb7Lt$v2meOW_x8l6
zF+ePhlpc=^|JQFxOvt-;uNw^{5UVf&<ipKD=Vdc!)m!bndZw9e_C!@QlRj3OK}APW
zUST;3)jGt8i%~ANQHBKvOY#fOW-EfLiiBTx*e{fw2m`JC-!=o~QCBtd<wLgdUS#Ck
zPow1X&U*!qq6PoEKhgfPKka~Ep4t2x%E-;@&bvLK+m?z2xO?AoTHJ)MJQ<d|8&!JH
zLSz){(UMZT<!ZduxXq*uo(|it31vd(byZln2T$cY%}}wZQpdnE(!X@aoFBj^D(`jr
zC<+4B_Zv&9^WM`^W61Z}Yq>Zfpee$`!XRSo!-bi=w_A$fV`x^;@r19pU&+1nc9tWV
zc36zn<@yO?^QSLW5gu(r=9U)gcRZw?6-iOA-YO}Dw6q8#b8>NQ(lIf!v9iJlUG2{_
z+MRt%*I^GJ82SAh&}u-8?nfx!9IiAu!;FDKARt{f+A1uC>Rz9jZ-$hVxL^#Gl-*@1
zXjVvQxH7XEH^m-C1?|*d)^Go9NuBox>|%vFwD#LOH{M%%Wz#SDmV1LGFT)+X3{_Q~
zLc0oi|C?EcZ-LZkd-HVaNrmxCCs5WUUp^ke0pD4Cd_<ktQ&dEuRT-3MvVxFEViWHG
z=5$C-H%g~SBkGK>A~0$2-@)qWZ@lc=$GN$t*(RTW&@%epsfZ^30!0@&X3AH(`-W#+
z8L_C27M>1UQx?^40ll$o9+ngt8zbxMO9SiMW@2j7ogV%{cLPMO^OR_Q&kcBPkK-=|
zBM(Q@hVZv{T@#DwpXDm)S%LKtv|n|9Ac*M0U3OASL4Pvph^(!3^=xYCnjA^wTcsYZ
z{xv*2P%eUW3?1asTj>Dz%@eX2hQ`$K7^IUmd9i5>JKpZUvVE|t&?DAh`5{JX5%s<X
z<N#vjOP_K~mk_13FGvcD5AGm^%RHX=IH3b^FLB6-I$Po(H`f&#i5jK44a8V=pG8hi
z9i<%lbg}^<a9^$3;iU}u7gMy}g-lebM(ln#XKZ4@r}*C}ie<Kr-#PSzS``(rS=sv3
zxgC!aj(zIPjuZJ03WYQKg6xE%d@*{jZU_+6p*?G5Wu>^ccUTwVMu!zh<DPR|1>4qX
zC!`lu_4UCmC0seV>nb$kM$~KocEf8ETF%bTKf6Dyt#371hZC2O0Q<eRo~gy}WvW=T
z%VYHx5YWc~mxn^7MSD+h*LN1-FD~(Aq!)dT?8-ESO11RsdN2>FTc$1-+MpFa$_JG#
zb$TUr)AOs#3|Uzb4At7dMjsw<nrP{Q0t0bYDxfDE>&vML*yrs>0#KK=oLnb<s8z@e
zJ2lNIJ^Fu}ux#+@^!=yXOT;}Q9O{4i6y0DT{<l}sDe3>di0J=xJ#t|GKV5=W-i!aY
zVNyp|;D1{b`G>&#w{z0}{h<H*jGh<L|L1iSwr0y07*Y5t|0iv(@(~393V1X<J&qgO
z9QzBIv33g{xmlIlwtN-32#8iE8)nfsl%z2i0T0n0%TN2Zd__tqPF0QjU!z+^9qRPH
zd`SsCXt~U4ZOuW@2mQ-_M}pO=Cz7NV^y+FQGCSl}5*t1lD)_T@0O(2($kY^~@X7v@
z$wKUsWp0WkvnVejNg3i?xQno80Q7(_+b3BA(s>?DzrGUCV5&SH^v%{Z#8pnQt2UbM
zy0&Zz++Qt$li{<2v9ByPYioy!HAT(Mj6a~9_G#S8wtj}1MljPUf)J<92JZHv-^18H
z!X)IbDKz0P0=(79$a?h2q*-*f7NdS)sA8_qjMDXai1x|h-k1dI*}bxlv~=U}!*N9A
zH!Hnpm0z0?anW5RY@$JZSIdVNT>R?BzL&hqeh&hmv2>1Ztg^K9z65oSmhJ9FWaGmY
zC?aBFW$h_%v!1PS5aZ;k!6wFu?FzXy*)KHtW5WXpeDw3C0Zq0;`(9b*&c#gBx!ANV
z_&#oWc<zoPQ6-=-R223GJlWX=edEE1o{DNY3K-d}ijSu{-yg>?R8#-c<bs-rIuKwD
z1YVh^b`cJrW!Ud5({vw0ln5tmyFh<k8;&e&)e?LnqQFqT(S*b3oQMy`esN=>PyHWS
zq~>HRt@kkRS4fY{Rxz~KyCcnxPbM~@8vHPU?gzMgOBP@@zVrG~tgV@XMNmaxrTG^}
z1_z0AG2Gs6xfw6e%>Or6oLB^Fx;g|x-6f&pyF%`{UqqN%ic$1>P|=;4hUPRjIXI$F
z)B8T#C!c9Ihhc3?CVHuRaA(>7NnIh;3B&*TX6BofX@Z<W#Fe#BLZ9<!D4y|l2}a{X
zMtG&oZ||L|RjJ$ODN(#6c}+ggH&+GPW(i$BkLj-f4}yq~>z6}^Yacw!50uvDClrlP
z-fdTEotjJK(x*L2+TK3Xah91}y9IcVz?Q!BJl#n)sn#*LOl5bcy}dXHolG>h;$|ch
za)%YV%3IxY2nhade|77fF6iC~RQErxc@R*XIM|6k{~8_bny6@ZNrg}nWyuUAn$yzu
z%EiTya=~7z5AYFvzP3y-V@TF3>wk&0i~%mmPe}=lOZMM9xiB-$aa{dWwLSgn1qw<P
z_$2<s^pNzHOVf+_3yQ0z)2QJ;xjuyVcPm<@I(3LaFnXUUg-}C~E~M`2BN>?3dV)Sn
zd0zE=_$}CUU&psRF#AO+d%O?^B7fLIu5IKJz2GjFPnN*;J<w>WCCl&59T|O+Myvx{
zzy7GVnytfSq28~>orpgx?pz0WI1HBu`U4s|%{iO)35l}$WD@#wW#h`<D#?ACvXQ#{
zVqiOa&GvY|xAN0>L0Y;j3Y#RIMiL%!GMV`|f;B)wB~2esHgfx(>uGoHJI}f)B(@1H
zd8Bdc^A^qh?O!O^7r)pTdUKWABN`r$bbpzb;~f?#bm$36#KcDRGL4BvZ5O_c8z?C(
z?UsrYh4PxeD@rsQ6p3c{ofVI}i_D1t&nt$l;}Hgug@)4KVBBi#a97cKYXK?=sHj;9
zGFzVlAb}Ir&Le3q2@CZ#mPSz@w?<rj0(hdLhaIor;%JVf+lSYWI&Nsb&esJoMCrJW
z^>{w+JW1qgH61u`|8N{z8~EbHUb5^SN6teQebn{>^1fcjaXjB;ZwU!Pr%Vzq<j@8a
zxXzWz?^Zv2=I8A;V1~8y^0$DXp@}L70jnN!66@nls&cEn{`z{p@p|;;iu~2x)j_B%
zMe71+7y!|olXZN0%CPV<r=h{(?~RVoOCK$IJ#nzO*h-hmK#q(5DLK<`@?c}hw(9LF
zEh7zCrr-4sd?jWrrU|a<%8wo-jEp5@11Ol?@?#>fG5r^LS0!W1ZYcCGk~I1K*Jzow
zWbY6pI_q34X{blX^-Z~nOse!u8d{7DsuyIE#oC*n4)vXuTAA{$EUWaK?t9-QeoK<V
zCm)E6K<<-0Y7f4iC5jsW_Y7CGUpKm%8tG}pex2al@rrp9GeFTi1LfuEZ*~i4s-<u8
z6WV#q|I6BYrYu5>fLZc8EV!En*nZ>|q-Eax3%FXLUSeZ??Q%yZGk(EU&wr7jNF;<i
zCfu%biw*`*=`-d}_EwDcfmw)_e)TCMpcQ3>2S;_Ui`qzfa+kLLUA(;|<)B^lIwHIk
z41bv7L;Iscsm={)PVUR>8EyFm;nofNq6u}aOC09rE1cwPv8yFFG`i2^F!_=};mM1k
zudu{eL_DsKL7&;V7xbsfYbOQ9U&8WVCpouX^~+l&V53Q3I}Vib{aZ%L3>-A=+K}IZ
zK(u`CinvRyPhV+I349t!$g8(ww?Aj!c?7F1R(s`MycsaHp?t<(B+c>ff0@Hl_-|7%
zH%__y0Z$8Tr2ci~b_NU|(mxe^8UFh)kl6UY9S#*1`VRf(Rh_1FaxU?JfnddmS!nvm
zCawC30e0oF5tq{MH1u2-gW?aNvamBHBujg&92sjWJFk>%W_bgdsiOTDzS(^T8RB_R
z7I!>c@o~vWAM~8LOohr{b=+Ae4F`WGi9tMSe<WL5H~m9LO+ctf5|>mG;1H%96tTV7
zM}bdc<0k1UF>w$QUY&YAtCfo3Qqe(P(RKlY3EeO~n@*o?5Q7UeJA4aOB8TvMYZ5Fy
zh&6bjjCI`86&IgF0+&TvnuR^az79CuB=NmpzKAy18qs0q6~0(}dUu6~=a-7Tf(`bF
zq8`1)QM+rhBP@honP9Cy_2`SYnjr0~9FH-3inxojp*qjwFO~*d8@5aBXqzvRCLWAL
zn!V@i2KmGLFW=RPFv!MI^wbj1m=2u_cs}KRV3n}{J5A32Rb5{^%jas|OQF5_@CQ?V
z)^|7BnOER8>2a&xHu;QrQCVZc99nQ<1L&(-VpcPsw;&-Ar0Bihu>3H&*BT@NcPH1-
za4@^hYu(=84wnJ}<qfO6Bf~ee%PB7JQBY9q-zNCsQc}_{`5%;F3EQiyX~mv@o^N_7
zg?Mq*xD=c2BP`bbG1FCuqe{{2#|~Fh>tzRDbl?7I+PKxHK2sq-LLfie+llYYMid*i
zr3cS=tbiL_6eUc)a4(K62*0AqIU^4D#8E9#H&6@v<T*eV8LQan9twg^l}*eHG~M{)
zc9y@+T{M(YceL5#Km)2m4_ZWF9xUV-E=Wh@AWLB9WyJo>(HP3V!F6xZu_Ru5AWoUk
zdpY>dj`Um*Kpu9B4Qxo@{P4!fPh27uQiZF15tXA$r>gO{N;cu&3mJAel8RUDK1UWU
zJ+-&k_xpJ)89*;#U|=x(F=%q8W1n$WdhWn!Uf@K%;$N)rQ@Y*SlGO`E6+&ttR{z<o
z>g<FV_)RIGQwl<GR#%Nmta<V`@@RMJ=WH+AsRLVE=XVV`s#M)<y)LE0!kc{Uh1`$a
z7A%ef+rK-_Y2^KMKi0D@0rzvihPimUhslzwaHyW4qp@KDDNEthpz!xl>Vh!+zP>jv
zIjAX`yarMq+|baX|4<KB<=i1<`bKW9JWggkJjYIY$~NO4=2-kn&Wdz+#U(Kj5y*BE
zm(vWatY7ShUz`dyxKVIg7V>h-`;1P;%#0=2>)Y`rQ+t66t=UAc7@9raxy=oj)^)#U
zmn@ljo3KZk+dL0hDx&tRfwG9d)Ah=YlaY39Un6_oEm{>1>OVd)Bg0a79hVb$ElGuA
z$~Oq{I9lo2$Z<Yz?AK}g%Qckp6kY^`3aK&HT;*M*C4}6C=8jVMNeG$c%Kzg9NR%7U
zV#H^K*>R0j5>XRq`b~LD!U#^NTv_yQhewO)Tc@oq{2V_<uFuaL9B(xFOiy3Au=`zJ
z=$ze!ad|%k2h;4ho6*gImaZWAtCN(G>C?GbpqzMcw_A9>tjV>z#3rl}-a^Q7-rO(i
zcUfR5*MJ0UU-{LC%gC00+0to#v*^}Yh#cyk@&g`as?eSL%?HgSSD&p-LZ2mju<j-f
zewN3({{*o8c%mjwE;Dz|w98DnjaH;WV`#jrCRd?y%A%*#3$1d0_~?ggRd0_#-G{P@
zG_Q9F<jE1+zTF_VESuPK@I%h6s_#8oocnt+O3Ef)fOgXOkcVPcxu3wtVcpHpde?tu
z)KD@!ebAD(tH79#i?w{z1f>JVn#ZCyoFMJYw+=g~hM;F^_<QHB>v6YH*`gf|*ue4v
z4CB*2wi26}wMOTyR}tt~E(;c;`#Z?!t_r*LI%PUlLw@A(HJfX%6P~}xFs!TXwjYW0
zL&mzPY2LA#k<qGJ6cJ=n?iJ$Y(ZK~z>E-;8@u--PWhU!gb3ML`GcH{$>84Z5p`p-f
ztiD6Ms4@*rai0K#^d#flzPs?_2$Sdis!w*jkT)lYVr!`%j&kHGWQ~@=VVV3=m>d6K
zp6=~OZHRbX7sTr&(+82W?mf?~lRiiwNES?XWGl@2*gnR4F_2bqj1%#B^Lt<Hqe@`2
zn=HOnNcHEjbr-6}q?8HYpoMe>??Fw++Tj@3D#U$l(d~6T$q_I2G@*Onw6)|)a>X3S
z%C3EHuz)29zS~vMpyA)B_rk+q_2zd@FJV{eu0K|j*ZY8H?inko@;LJU6t)WvEXVUh
z&6dN#g5mZckkL$9P7<Lu!LkWoh$RnjlVGf^<>26wZK%zSsM;NPl<GnS4feLH*419s
zMjW$Sf01rd2t%Wb?Fzne$shZZfJcw|r$*lr(g`X7oYs2Z(bCm-{pose+)I~tr0IYl
zgvvax$wsRQen@AV2WxMyQ*PyBMZg!2dw4-`u7fn;PkCAHh;u<Kd8OkxoZ=}l4o)2b
zpe`nD?7&G-v&GUItt|FA&pj4TQUV*B4FA(;da&@}*;T;8@dg(gpXaMfk_Gquem=3%
z-pypt7z{ZgCbk=6#&FYVfkoe4uHx+AiizE19~rcP0<h8d?#5?gko(_vW(VF>!{Ef4
zm?zt=&+=@r|8(@%N5MR2wAf6$`aVv1T-5sw_Kf|zDWH&i{~nTvieO>Hi@?Q}x>mm=
zmRir(2<c4uItZT}xS{9-E<o@-*ERnD_4M@zXWaSz>UUD-fwCF1ah5Z~?&rVL2%l5H
zbnf!(Id)xx0+krO%~Kac=Oda$_p1;HS)0e;yMsLE5#T+QsmM4)Q;*7tnELosdL@E`
zlkV^z09bc=in{1HECP<cu`e#?--j#NI-S1isOpBo?SvnnpH-|^6&TsN@)w;fhs!(d
zrDLu24#GB=0WfUlb>n$Hn0!3T#U>v|IXc*fR?&))TU0+%L4}MB5-=?CejYy7?klke
zM)Gx6O8<L-%R_k&pE5h4tF?hl?VHKN5vjTF98g5td!L#GsCh#)!)ulv0M0+jX8Lv&
ztf!Z^<MtN_`31?u4b<v5(mc^VF13<7w4R|@{MO&*NrQBL4bSX<ghR@|<5}&s;$H1h
z?&t<VBR?}}YODGCdiw+M^=@kBqUh5)z0z8~_R6=zg?;x$|1l}go4P9%Ro%_{HV|f(
zABY=IzWJQ|Wh>e9i<6dyl2UUE%6vkGtQCnB;21szXQ|XH3`a!#h}0{4bChAIs-+e5
zIYjs3$T4iqG<Ter0|o&>hW|&ZwgW`YW&zP|p<V(I?VMQT?kTdWl!kBFzb-U{j9W==
zb(M0V>NDoUE;YNq0nX=GinER=LrWTV@o12mW@|9SyPOlnLNm|3i~;??nyyA2MZ?L7
z)n#5a*`f^MzocaF^V(M0AWVDrHxiH(|4YY_t;syMiI)EV57nmP=_g4io6Jg%Ly8w$
zS*Ze{k&_>;a_^ZYu%-A98JVsujF@<Rt)oE3hc4GdMgxhU*{8wACz`D;d->c`I_E4(
zU;Lf@3g-F%dMLv@jOr(3oLd{XeRrW+y@NTcmpD9C<>^8>ACr|Jfw@fsl^+($y{{tC
zv3ep_LrgeRDz~mMD(7w8>?_n5+5Hz8;H~Nkizm!LKCC!#*(`k38=_LI8EDvRh$TFq
z<p&2>yFFfp*6gYzWAz==YasUJfjA;3XN_>XHkipGLPLlIHp#i*t5+Yc&3aZa<_r1@
zaip+c5W}eApIim#JD!@G<i`GO`$!L{q97{d*=9R>pkk7^rG3lMD&ep_hS1hW%IbW_
zM9f7Qh$SDWPjB(NMNgCy5G)XEKSM!rVqj&I@ZOTxpG(FJ>H4Qms;2&R93<?${nDW0
zZ7yKX!?B?60j703q{o9d@IKk_?x4@l|Dbbax!z9bh62(#8A7E%@Ws_`NY50-q|+Nr
z%FiICK{^2pjrZHIN~lw%PBt6bKv7}9XJBUR4~u!aX>}ODJmAO*pp3|gFxD!Q_>j~-
zI4>h@87D7}0}qoMc9nccnDlM6ASs~JzDg3F>X&(-!t#V2Z4Mm)9(jz36cQ{X%!KOn
z^z@4dO~<I8ecO%qwrdxNSw+SH9XX>11;&Ce;E>K?AUX<L1SkxsNw~pO;<o?xo8RH}
z{|k;ZGobjG`aO_Z3bE6^Znf-6OhU^&cKGc1)DyK;30bhJ(IF*Q>5m}}`u7ji2zIo$
zRc@>nkotc9b<A$y@jGb(#pSIdyXfuy@SD1VR|@IEIA(7!L#aF-vfU38gHP7q(AWha
zeq+5Op^NTYe|#oeVrG5^DX88BXq%>bo*yoeYmZ=`3=h@0Jqm+3;PiV@HzGFH)vML-
zt{$)%SU(lhKUI8t3KX$M5<bkFrCTmIid?e!cp5lCCyE(u-$Vfh1i{A6veOW6I;$rg
zueT$G1TsX;*0(*PkzhFWxVgmtm<PH33aT;O&>x8hr<?Pl2@e6LyGmt3{fJ*rP504a
zSpjSeNsN%dKGQBNv9h2g)1(Z-gUfGr<TyOhPrP;j>`y%0DrI#`xv2rN%&4t-=8nX$
zB~Pvai}$qHPQKCU(V)R`?SAeTzVl-BKf%u=9K9b%bLSQdXSnpsE*v)C%CtfT6Z&~P
zJDOZ9cpGP+wkck78lTCz7GI_DKiNXE^k<YBy;j{Qt|*0U`0blbGUWN4mW{FD71B9z
z&MGnvoSx$UQ7zV3W$W`h{hYFK{5@6khn1si{S2^VK1(yYUS6Tf3pd4<4XllOu?TAX
z)}>%_->$+#{2w>@$OOFi6;kPm1$-;<l}OgU7A3H+pISplz(oio{rO0*s9E1Mw>^n#
zMe~J4=!K2jzR`V0+)dLBffx!FOgBBua=bJ+M1r@%At#RnfHrO+93F|9q0oJFzT?SG
zpof4j4o3<pM;;nG@c`5(P<tqsn3$AnXbM~2b}I)~BFL->mD4`~9xNxP8WjR6Za&3{
z-oOUIz+AMCBH#_saC5^$9H~TV2Is~6&ynv>2Hs@$sD*F1TkUO1&#!>eTokD=^!P(d
z3yan0iU4shF9cXPICh_{{O#!}4uvW^Q`j&JiogKgDFP>yzoGAkWbpFvW~;w)`nH}k
zk%_pI;h1E9ce>#QLBXk2>xz{~IICj8u}sLmNdlEms|I1^p%GWV{@{}#{&<15$4G_~
zN}|mRcnPpf$9h8Igx4=czs|psYXDb-5$Z4>!qmxC3_QXqUbTVZVg8>=DW3fU)(dnL
zc=VsY9Tpsnb!G-U`1B8y;Q*RJ{-@#WzX$tfe+oelIqPb7>@QDFC=5Xobx-44TT>#7
zArYhC49_#!|Go-=q_YwM8sJUt_<B9yIo*707q@Y)PxmN=?ZxgVk2xUNcJ6sRtApC=
zKU^j3uzI&xgpQ~9#N@7AoX?IYUD%%KHEa@!XNc-@%k6tSNI1dk^LJv;FD9Z=WhBjs
z12Qmm=MbPXXMRAq!8!87>$RwE{bIoZ)PSRH(5R(Jk%&*Oxy^FS|M{uyv>O@6V2M7G
zf%Sw*E=UUl0acEhxGEL~{#E!&QBhGR`)CzC?l$=1PS(WBUQb*jZKuxX2Y>M(>^I#f
ztT3-Qg%wbb-CM}V+RhQ9<mB?99*4`}>o@dHPfHCz34n*U%0@$Z<0X?nd>0WD<4)FN
z)6*Z2Dpoj_;Z?+4i|gnMCHXs?rN-zutT;1`*jkP1yK%lGrjFV~*0AE+=IU!aU!=w8
z1kFK+h>ZM7@p1p|CC$?oXRmy&+Pen%p&|WN4(Unf$6L#U;Rm2S_$;!5AN1quy$8wG
zT${dS#lYcQZmR3uHpf$1;8KSJu#fVi21M`*wci|CHrO!}khVLbni#gY+c;Lm>vFLr
zDP_4IDV=$#)mM05?nnJPuJmqrridhaq*Bl8Qq@f*g&_kd+k{5J$KC}^FUQC0=*zk!
zf>^a@#hy-uUZ?TjIp1JScnI?IBm1R=v4X;HjpjB7<7RpOBBxVx>Y*W<a0@pfP0wy!
ztB71^X$}IN!;0@Z59=x|2%Y}M4cV##dX7CjD%O(_ven(BndP8|+Eq8pwSEBbS2`Y$
zI8`;rpt)L%Cml#f-?}3iqOPs`Y{-U%#?9?$Xr5LlLQL@v;?swiNn%Lo*tFFnw->dI
zjDm_8+qm&d95OQ~=+WX_NS5oY&)m@giNzU81_Ptl+bi9qsrq%;oYm}-&u;nf<O1n@
zFGi_|JbsoAhA{~h0U?w>(T!+t+M)DJnt_fEwFePP-1&|cY<Py(uVu8{F}2Db+o&B@
z@{=tc^qL3obRhiS-H5#Xc);eRLWT`P--n*jUV(!4ygdFbDt>R}T~_8l*t)v1f3l@;
z!S-uy(*C!py;9_IC(o9_yd>($PD(CBH`CN6$vP0<^)R08hr70J1_*LhHMOYo&r+-i
zShs*>@b~k9fm|LbSJWg^0Yu2e+5s<@gxdt5$!>#~uzi8XP!%5w`Ij%Nvw*@=pi3Ay
zkdqs>x%x6Q%0<js*nyAA#8lEcngT$}+cAFH-^nDRuGsE}%Se!40^aB-Cr<H$@V*ai
zKAvSJ>_pfEKj9!dpIXA?isH8d@$tFK*Yu?L$0~08mW*|pZaoy*-<O^tijrII7p_{Z
zw3oS#T#4$@Vc3;MD_~=T_yD45MTatk-Fri2=T6(ut`p$(AX$p$f>ATTee77;G%TES
z$!4yL_e&HZjf_uwr@objA}0r`mGMaut~IKW5K}}sU*=%f+1z27%V`^|ujPo?|Lw8%
zoT1#~qv516_%SJHe~#>1b?=jW;B&Qm$Z2Z^G#=Km@bF#7h3*@B?K3GUspsP{R~Dn^
zj*|7lQ%%5hma5@v8KB^-7V0s8odYdp<m%Lrx}e+^uJb2LhLlE32vW^>OT+qZ^V#v&
zTLXbJwVli5Hl(Zy`{w0@d}H4bFao4tDyk|)VE~}Mcrh%j*As%0tuigRP7Yz4y-Pzk
z#6+OQjC6R{yCSr`adgC<uaoc13VJv`Epf=LmWu-`b5ei&bse1h{xVWq`~137MdLm0
z`Sv&h<b6r54mhS=h$l7`oz;YP+`T>={9%L!re!!4j+)udRZF2Vm^9BH_12TOEVZ{}
zfOI-<A>744{)nzY`Kvv2gCa!jwXA{$H##C*RC>3j`pv(D4~^!#=6RN6=fd}Y!n0L?
ztohw}9De6<eua-}{r!WBnpAMeaR<`jC&~OzOEx`RY;8fn=@2)N$-4;)i4CAM^4SX!
z>`}l-U5eE<3c$kakL_)~AXQb_7JZ6&*%qOPmHhO3nCT<jyQ}iFz&Dfg51SgJ>Y%Ti
zkM;~T<GAV<z=w<|mXwxCf?)c1+u}~C+|!DPvCXu^%D~{PD<xfk))f+cl-LbmPtSPn
zfaCFd-eTqSR&XRcfk|YQQi6H*us=(&HWfK~cAyaO4KO+FySFS%?cKr)*cq=(9herZ
zihRLY6(tuF6r9*(bT!moCCzQk!PQTfD>f1sKD);S2>V2-?fr_cwg=njuho#M<Dc`Z
zB00Zf!AY8!JcAhc=MVNsiwzxwO5_ZiQQ6Rt5FSRI-X|lCMeN}2VtuS*dJfb0GlixQ
zI@6t_9lzrvagry|k4@%|%1cY*Gs7!Q8#(6#b_rE!rPz;!N=oGzDtP@d-Dk>T!7WDy
z5#iq!Lz6QD&;f%k_I#TEG_9IF{(Z&d`-61zH^v#X`CL@yO&CbmXV$-^miN_0vx-X^
zlny)qYUt$!!63f#XEzcWZK<Nf^>3jw?*^VeY|bN=Z36GwXF&XSnekKSO!ws@eHf1A
zu2po@@QjR&lJ@mwj&-RPRxL^LprN$LeJ4mvE?g*fc`z2AK`G?j=<0JMIv|K;jl^lv
zFi)laD|^ZYn~*dH?*?JQ{UE)V;9$0CVDq9pl}~<m^Vw#z=g@vs?cb+a^D{S~!zljs
zMx*yKbL(A~C4{UehBZw`NMmz*+|2W#3@iUQSGCCTDjf}nn0WQf$Ah&)Z)M6BnqUAe
z*>`K&jT+8du(sYY@_8}Z+aPxT8ED3mKjWne(E1~?;g-U5et-9`(ugbuKAo1UpC;lR
z%SLf2PVDj|jOWm>fU47(x``Ku_J(Rs4{k1?S;FfBKoxz88e%McI-^ub-ECxC?od`v
zHihGP6H{n7Oe@yWxt<mqw*9xH<@}6521l%1hef0St(+y&aC?=py=E;3cc)&htk_K6
zV>H`w=Fra`&AVRS*5#HJ7mz*p_z}Ye%6*mDa3^a_4m>+#as5PG&fnz)PC&AdOsxUF
zp2OmtJug3hy=JT<Y_5n#_e0Vib|o%WhdSTy4!zw$A?FRN+!;8)WRK+|<>yrr$+~=`
zPgBg`$2F71l5kd|nWwMoIyQOGYYmc~Y{j%7|7P!@pycdTE_=l~aUeGBkZ5m7UT#?X
z$17HDf%k-!{&AFk*lwX$e(&`xvsUZnmXCe(o*!U~*onwoR@Bm`<Gu@9x4M3{<Na|w
zw0G2$hEDR^Lip_dqy0y7Pj#+Lc*peXBSl>=yQAvcNfa$Zkdhb@)Zfkbz~BFTUo{I(
z5x0qlq6B)$L+%kpLfp^(ejk<Dll@NY+6IKZs<GuMyiu=M{K>>B?tg!{R-6w~*boXG
z-?)sW2*x0N3SHX0_WG5C`q}Zvin`h4uX#6ft;go+<OZmwv<}18XuCo46PQH9C@lV~
zpDzfLvskrK6>pc3gCR+3s?bZG@^+h_uAB}$`p0$Q8AZ>Cy0VfeDM|C~LS_)p$EV&Q
z&5u=PP>P}fYzPqX+0Ra+{k)g9a<mvZHUTV)16<Rt4ICp=iGhDZv)kV1REOs24-4Q9
z7SrMBbOxr9&ch|^>-Ab0`hi#yR!svgQbkW_n{p~N1_(3%F4<0wNFTfU5(cP+6_8-S
zSuagXUl(Ku55ak|U0!#`rV;dbI9t(j72?s5&sTlP$q5VS?q__abZ!&oF?GFn^pq!n
zZkWzUh(W5?^3P0HH+1-&SwneUPuBz&R+E9BoBQ=IRo8>Bs40?|F>(mGbDt+;>(H9K
zQa{-d%4EvN>ZMI%oP4+o8?l24WJ({pIb6vM8nP(;S9>_t0alqKJR+iak=E)2u#GHG
z`olm*Qv90EA7jY`qS6dj7>lRs%H{n1gER#Bs6{bbF7vurqh_1U_z*E%(T_-lEb@lO
zia^pLDM?0u2J9)xM$KWU=;)n5ZlSs8-=GkR&D4I}s*ahmmsK>5kejMB!f9!Hj2H5n
z;I~%#$`Ivw_n<8DZF{-aEqq~~ar8ekl@<hd`+l?HW9mhVT5=>_e<QP1N_u+8GYELW
zpz`{~cb`pkS24Ho9K#lAbn;0`aM=gl!Ft)gXX-V-wNW(qP-w{5BC8TMj)2RZ@k|xb
zl#T6jJt<-h!swHR3%OU$G!#ICon1c2XW_cy`)iJu`2)|78t8#i^RgvVS&F`7kVa<j
zMvoQ$WWV{^$Ygtuy=mf#*5k$ju~DW!^sfZA94DEbks&Ff3bSQ#bEZk&O1@1thr+I<
z)fqN#z&6TNBprZ`r?t_KeiOndA^}Y>0DSvHCpwxRJUcPgA&@%*XniSg$pX%y#-jM<
zq<+2Wro)8hB{(c<-EO^<oqi-&pE%5%PGe+`TUA~!FXU54=I3vMFnG08@4~7}O1|m$
z;`)b~oD8|GdxMEy0V$t%<1h)!aK{bKoNVlLRk%l{|6|>x83S@~t>ea=%9$aI5=Mvb
zomBF!wMFy`aDmmUSi#W6Y^g<`A*BM4F{J)&O}Gen4CxVQQk-?Bv59GYtZ21#5WL)X
zQ>cxOKo2p%cC4<14>s7bBcu_O-Q3uEhu7@mdhq!uK<`!A1V$s~QSlcye%W0aVj&Cu
z_PbR=>o)vOH&{`~rwm??-1b$S9EO~{k@1gsSw-YpZZuDMYz{?6bP2j7Sd=e_BU|y7
zp$kn4&E=NuLoc|1v_<(=Y+K!HnyU`LPN1vO0H_>H^{-g>FV2>Rq0Lyv1BTH;v3|0~
zXJQ_*16(|Vumi8$3SKH9Az6}sF1sPx){{}$KZP0-X5c7ZdAcr<I4A^<^7!9Fv_TZF
z@KyK6N}WYG8C~5bjX|c?3?9?9wBl;w)<mvy4);k%g{DGY+lS-7jJC_of1y|Z-r3t{
zXuMz(C@ND<>iHp6svdv0e^$|Ef3<YQ<OtF!NMK>a?aWGw$CN^{jU)Njg=b~OaiRR@
zVv}TkVn#)2X?J+0|IPv_RgPBvV^=+mih&O5H$r-wHeS0qIs|;f??Cu`B}ac$fOS+{
zb&{#5CcZN*@Zv^ETfL+N!#*KPes~Cn@~9AUK0L&ub5(GJXMW%=v{4XtUZ}~au{ILk
zrJ=c#e>GcfmnsMsb*6dUEy#%cs?P3Zn=Ih?E*iwrorL`Ap2fB?Lq0gigF#$7ci$b8
ziDo`diB3Ddv1IQGo7pm6qTd!)8jQ)=;-mieH`<GSP)SHEsuoDE@djePmS-F(%7a>x
z?t~wXYA(1XGurDrP~$T}g~G~09l@Qr=;)%e*~mzgiGybEf&N&M*dleCp1~;N>3<bm
z+Ze?r+|yw+DT`;&dE7)fS>zWoRili$vT@`UO9eqP2#|q4mCeY(RCeo&HS*HX<S>j<
zx*RR*yI2ucyilm2fRwlW*zyC#)m-W~)^zbgZX0wb#^fIvPJis~)(1YKIRe*&qfa~Q
zl+yZL`b;A~-e`WPY%I~5n^33$>jeZ7E5Nxt;;eV|d?6l?;EfvWY`o}CzohJl-rM!8
zq_(oUZb!QCSN&kQw)^cZd_U{b=yPKBEZbLpNWG#6F&j|Ms-4AA0N#>Bv;ni@tob!Y
zu`(-9Ym+*?16-xz5)9AXCT)??n?k2vYh+cM@XPoqjxnp=%6TvKQ3Oa@46(q-tF-%O
zZ^H!5Eayj2%Jb@2Mft*Fca0Q0co@0-tE@b<qO#Ku9A23v8fFj1Prwg|3(hCE$0F*e
zoO2zs@KK!crm+U+SJIQkK%@g6=eOFa>4d5V#<I$?mtS%xX5FA(G+^<-2KLC>D3i2!
z9KeSf9G*>`M@2DOU+X;iw^fNPi9mn{B$KXn=K2I`oWBO);7~>W8=6(y+HKcTl^ZUf
zuz`X2(*5AwnP)5J;6a`YnT+bWj!i?8-(?@4=h~OM{IM=mPP0C1ykC1c@x%EgGhk~y
ziJVBLOLQhAb(Hm_F_FKh55pv;s@uFixktp}5)w%xLVqLta9_gOM<_g3Z^ma~Ac(*i
zLjrQ;m*A#2M68uTkjW;i^<{{baJ&qE_bL(Q{XsK^PK~`($Z|LzxbBP<Ex`NMs39>2
z;3*H=Us*6lKH+I4moErrj2Q))gpdFwCfT+i@_6irjENaMW!u#gCw6335?NShiiL^;
z1F82Rx;wP<)W%T8%P6ym9<WhG;>488*W8ptD9_;fyUyX(jBUW-2kwlefL!KJDNP(L
z<)#j68f0xrUzQ^xB<6fo+u%2}?%0bBwMV;f+nK~6R3Lk~WPI0hh4+_<wIbc;s~0=k
zCPnw?4#3ngK8KCOGb2r~Hk&D9M}PN9s%{&^s4|MJ>hD`JNo(uhcuIdiC)U!~S?Z3I
zD-wr}7G=06*{(DpZK?NsOADarD7DeCUVYwQ6Se?o0k-I-HDd&DC_h=-w_)?rv?TQb
zb`o-EQEkplPhY<@q!e*3l;_udf{N+Xd6WB6<H3XUkk`J^9@CX#dUQM#etjCDE@1#z
z3k-vk-{f{(%ov3N-CVkYV#(M0H&<0((fn*5p<&=#EEf-ub#g2g4OpLjvtu1o&fvzp
zTK3{%O%W`*A(4}YA^<xf4&>j_Q+=}n1hEzC=xc_u5EaY3&U*Y`lGg?LmwgS5C$~+I
zz{91MfALcajsN2X_|oTLvfiN|@579RvuXkgNa@wo=B2RV(YI$vuSBll_j4lZ_ITfS
z&wc^mAA5sSxb>RV7MK->hK8TXie^_i>q*aR;D`9+bJQ%O$9**Z%EN5s5j{~`gNl_G
z5s(}5^zn!xID1dG1M5y;5I8S1eO~$B%v@Y$e1b<Zxh(1<!^0&z(*nd@YuC}LE4YKF
zbE{0~eVtx*MR`lXsw>dX)QT+9S#=m+GU36aQ_Nx!DmQh0=&s=-eOd~3GW%FjyLU0g
z|IcJLlaDdK``LuE{JxjGVQGWs6G_aQ)|1Qd2_K^d|Cjx7#4t&3FeF%eexsGkY;`fG
z@v8<_s*nSJ3;a#du3biPSqu>`GNDkq6|k5ti!|o||FF?Qo7b>=sZk3Bg#8XAF<)Eb
zggyD3<H%*Trg3zb325o)vea#miY!O%8`gh&h`9?)r|BlY3uP?N5W)kPd9i?EVB_)t
zn?h>=j^qgc+$`tiIN;`X{Oy;WtY2M$>e}}s+p9nu_@qER@D=H>GehLg>3(vtbTnO1
z?rahw8~5Gi^$zePy_@<Cm?2dIwJ0DRmp8OwOqIy;F{BqCA|Oo~X>3otp2}BnoevuE
z_F0JdB?cU`I1u2I%r4Cv`QVvcuxnW0La~Jad3tD=+N%efY;6qV$#n7;HQ=$cSF>5o
z?$Yzge<hYb0uA)OaZTI6dr$`a2}A<3H&`xn?EsOJ#LREz)r-=fq8(qhWWMjZID5_?
zRbJ=2y-rI?N?h%mSw8Vj(^ZPzCl_>`U0134n{G5U(v*0TBAC#`Hk#CEVIYc;tem-v
zi^|Bzn9rlws(W_l{h3%qK@jGOd!vGt(2&3D07^vg^Q_t}2K#(_T1L;Kmo>_B_eR@k
zCMWdIPH;YFdqMJPoo=b;-h=WIU6`@pg=F#_U}Z`(iZwyV`UWfaW{Vn7ws4#&=)qK3
zfJC3CYaVN>*0;Ofk9Jt{UQC;D0P+*gmsPdzg~O%9$!|?=TtOUbv~fQm5m^9MIjFH8
z{ZhbFPky7zI4odvsgYs5FLuL>+7^8rhUA8hNAJqfSo+g=`Ix(26Y=DGxmb7_CKq}f
z9kO<G90fF<mtv;A%;{gpW~2GK@4U-VR9bp!J=(dVr2S4NmE30nbFzx(7--2S0Tpf0
z6KiS>nu{{3(k3PxqPH7p&m?s+l=ra(;mEI2Lys>ftm}R6C3(vU(AjBNSPTVYD?qB)
zzdqI;+}i5fP%L4Qi_+qL(1SPDzUF473KGSM$P)0DYPLP&GIGdiEVQLHIpFE66_U?o
zOn`G9I=AolrS(em9$hw#j$UZYQn$&5g~DqMK}Y$(p~lOYeAvtGi<>CCp(S;f8@L3V
zS!<?GjES-2xc4uc$x1uiL}d*LZ}f|%fmopW8%x#~7>T7E^&sS%30^qbE>w|XiCvNb
zN;yHa;;*q73k$hCg+EElRrA=#+lROggZ8*ruU?7Pt)8zGHR~wfwE_nHq(e5d4{-kP
z&nn}K=d8LbN@iB8EREdtRh$P#MJ7H*=WL%I1+&?-%U?VkqGDXXsPxoD{}yqd`E2Z6
zn`AsW)=<!Ky+I2O-UBwfzd)gta&@JZ8y-?sQGrjzqSpa>`rtuAd_wBXh7`YRGd6Hj
zQ!(wmt*LM?(-`{lHSKeEH%&wJh-E4e@9*3rRTwsYjj>s&+_9#+XKN7K&6N9H*T%Z>
z=zV>YFX`+ov_U@RFpl~Wf=y8@WoyeVjq_{t@}T7fkdT0p9<!~T1WV-B7Oi$7Nv}xS
z*%?>C0(8Z7-g{V@w5i+v)6N2njkm(u!2FH(EY90-0(5t#{Gj|}<zzd7?N)<5aFM0S
z0VgMirgANrM^S6~d&IUuC$ODLPnv@ZC+R{Hz^sQQy!jz)O$J`1qN6k7C@BpkSNcj%
zlS8*|&{jhIu`<3SEzJNQAAfc8$>+|NFEpaC?>QEzCIBoUPMrWC!b@=J5HZq{c0K({
z9{De65Hf0(&}njNf?fWnT*ndf|GlP%|6RtYwT-HD=~5I?%Zn;rCes70-g(=IYJD84
z`Ro@mh18Nv^VtM4RyL2FtV>$av3&yy!RT)!9PcF#>=LLtseZi=hJ;XM>BVQO{1k6D
zi1kf@y>UiR8p8jT{Q5mEN&7ALvxGloDo))&z&t-bX!C}?1m(3B*Bbbq+0qE17jmwm
zrGkegknvaumKzO8jsacIyA)V@bJVm%CP#yxof4s_#Hc)+_>3AT`?a({?Jq`yL%j)A
zX~9S@wQ#NfF+OM^=(h05GxfrjuS~+#UC7m)OU>l++Bd_1Iy4EriDU=$1$cMj;0DX0
z+Ou2Wsh6{7at&5m=vMzTkvZ@C%D%uu0=%39s1~-h4FV^^<?E^0yh-5yk3NvYD4tt*
zu55x*BjVe*kGq%Pzd=mJ*#5u~{D9zABiU)6Pm-#sXRBsYrJFAk^qD*Zyms=IBTFSA
zx=Np8Id1^F=4HHVr5DAaG)BTJZ4>aJPa1lqnn;|L*f_wh*&8TnsQ`($;W4W&!cB<L
z+;-ropZ%zf$_WOqLY1(drw|020*l}*fcgP75si}wfmk6J@{(+-kxaA6ob~E=0i#1v
zUa=7kx1+|Da~qrF%lT})gXhV!tD(M~G=H#a!QkL!3hw)vT5FtXCx@YB9b73#{#hY(
z=&u7Cn3r*ZaF|dM85kV6-)~+g);8$=*mN5*cQzj)#~Z|A)Zk~<Ud=N&M5f^sK=<cW
zmSUR6u@ie?V9Q(EkTO30Je9;nyj+q8^%h=BwoRxVHn3IT(^(iXO5Zn`fk!RK$B`93
zrjZkYLMQU`J0r(<o~$QchAm|hlXB9!=4zHfs6r@73hIlf52spxxu_r!l?&imyqvO;
zludov=vw<@ydDM4C{iJoXIH%R5B$1^X4a(Cv-!o9^}TqucfQ{5?;jZkn56`0QmGO(
zP&jSXZ7OB*`v~%LO{Z>*EchnvrNp9f;8+mRxk>-5m`bbQp%XHF9Xv_W3eVRg=X_C2
zXZ0F91=TaKJmX+xgjl(>OzqtS5OvTkT}zppQ1vxQY*lTlWb$R2C1bXTw<o=S!GI;l
z{>QdcJQ@aWq@RnGw^F94ZvsN@{|8>`$Wm%O0{pXK&x)6ZfG_M^+;ujvD3yNyvf^Lz
zuZ?R%@`#m5iEH^6fjMWb9(hI5^L9km<^2dh85P)faHfAPGq+LoT>W_OOOVy$o?kzO
zo(=phInzNfp;@>x1}3GQEVsC>)x3v{5B{Mf9YrCPdUz2Bax6Y?f25F!2h_kMC}@7S
zn#e7gnk-z;W1942Vn-k5p-wA#Uc&xCFq^^zRP#=5ZUXittP*KuCQMDK@GzvBFgj(J
z-6U>Q&YSl}X^N4&Xmmf$znd3#BfIcSn)ckv#16mkd`U%?iMZVu46I~0>6+*a&}^^)
z`81MEB;2e+n4IjitWWaagj3db75<AXHAclbXq;4uWWv}an(e%idc`TQjDp;A2a^r;
zTZMgI7eYiTqc1t!ne3;NP5s?;L$;F1l9`V4wZbd7srh^5RG^9YCB!wKUwpS?koAT0
z9y||5r-c8sR@TX0t^>-Mq*<cCV6d$lRv(LLMtBnMgwF>Ukgs*|KC{&c+G-#;Dh&!K
zVZQ&=M50YH#4)9V5)-!qmq7KtNGlu~OryIW2qsAn9!`$w=ckChiw~Yz#mLm6m)|#j
zC3$kOqZ?bh6>eacYrWQ~HT#xL*03w@XGB#E;!=&omuq$^e1dYd=il%<0wzC+#ByRi
zWeC>wyozzgD4*nskSHjVN22l+{=79SFv7Z@aWR|i4OX;+W+x`2h7K87jN5Lfg+2N6
zQ>-9T(MyTd;>svy?u1WRE;!&Tggv%V;eXUXa2EM|mI!(O`CXjME$(M-?Yr7BFh3ON
zv0G`+5zxjNouTa0sQp0OEzM#cTS!hup$XD)4INPhLYP^B+FwqLJQqpIXq<*UdB>`%
z>Scd!Ciqr7qA<c>8l7=qX^!}T4#v(to;R?!c@t4TW1PRk=Y~yz87oOw;j2!rR%Rir
zsv8(7dfxlu7k;BAVRRkY<+JHbF%V{x3@o7&^AFVJWvnG03*4b3SfSGE%9`S6wV(B(
z$G2>RbyWlHMN2iFoWvO@P-E95fyqwV^$nPB)d!Y0t?KTu<hE|g!EEubkIfxv+yCt9
zFn%YI!TcvDB|uTkT-=b%Dqr3m{D<Fm{g1@+P-zhpT|VQ|9F{Zoi)i*0e$+(GrTTZ#
z>DWp_geg*CrH+S;d!UoY)@675RdD8S6^thb11uYYOeHM`c*Z<La6<yLeK!3qoAiHX
zOiNu_!1iktqDAy_E{7;7vUOSX4Zpa#7*(DtpL`$08k^J(9!{YI_^~*Iq)aF7UZS;b
z%#Av)epT|*l4O2#V<uMkEeCN-$|f7rz^5vVJ<5}aH_2ut5VH=}FL!z#sM7i@r5HV=
zQQr8o@=)vyu@Y}FEIT(R$}o{qAwmS?o3$GeLCU8XH+-W%QSQEK?qnXj(E_v2#kaoQ
z6!>B}YK&P^HrZMwz#*8G1cOC6*g3i8TXFZ@oU?V}C)_t#`p!{xaT^KVRC0on7X%3?
z+5}`hPeaPn0(_hDWtbjey`8kjK62ofEOTUC!vMJ~{@;55d-De*%LrPXttfA`yx6E)
z>Dl42>W+fRFyxW`&Jn6>1zW~h<W$W4b4vxM(+Gy5cvWdRF4psSM9stnh5?(3jYGh=
zG_zNNW2_rHc3Shr{K81`x-F1hm<Shv$wzUUS@qYZO0fp=pF$j>ZR9~`)n2>s2}e7x
z?3oA5;iN{IQVdMzQ(-VAUY&u?1Ur(!*=SA*6w`Ypsz$1j)M0YWEW;tAhhFWGFJKSR
zBKrqmvMDm@1xfLp1%UflO(o@PYRrK0mM2T7A!~w(y_ID8830}p+xNYJ&foa2(m-j^
zvnIQ`W#g;wJ+jCD$eBWRCb{mVChO0{&wy=`EeH{Zt~Yt|J+Vt3WF#Z=pu$>ws_R<0
z7X_~OFL+uff@m6Yq5Ay901tRsXUsS{t7LaKM%1IzZ_F^3oHMX6Awlv6=uOoWs%Nqd
zNK|`ICxp>!Ju_?m0}dz=6Kkkw8{KuZKO|B3F~9Lu_eO^?8bYp6M>6%57BU|eu*keO
z27d#_0!S7=Gb~>Bf=RmIpY?i}9P*WKWKx;l1eC9yeT+zOa%k$WU#QiUpGL{KHvBmD
z+u?xsL7`vy7|g-M4D$juK*RMA6kx(bz@(a}l(2*UT=CH@<<O~Jznd`Iw&1BV$BP7z
zRQaT|A=J7q)-h*BJ2zx7kW$XMEq2^E8>JuYEv?-gm)I$b1aH+^J(g1JN-A#54y#~c
zdrF&z)q$@DdDE&*vEb>BVxcpzC;&wql2gohqW+GRrtMS0)Gn1lMRZ8$>ZeiFsW-B5
zZ-09%!@``oom?v(2;_kS?YfDU@Exywbln&55%*Zn17gHiSvc?%6C>qtFB!0#E`oDX
zv=SaMa7rCDA*jjalP*$u8<&CrqaEJwlb(QU*0A=M^QeyoyuI+kOx)VUxe5IWN+IpR
zmJkd=Bs)Df3|$zW;DD}O?6O4D;zcGgi0n#Mu#cx|U&;&mK3OuM{b=(8i+3XvMA+Hd
zHD3ib;lq<AJ2{qebosz9tDp1)a;e_C>%i8(uA|88_}PqJgZ_eLkr9NOQzS6t!jh>^
z;m(}GqS~G|IQ=$SdpT#)byPjAe?0LAg)8`;<YYvfE2{|sdh!al>|vpOTf6?ZdR=8<
zX&7YzW&|r{0HvwhPc}zu|C2$`O*Tks%=KSJUDxjO2e&5vqkBHkBVqCpkRe7)W3o}n
zxW&rwvQD9%f({S)sGSL2Unny7ta#SzPJO4V!Rap;$DUOiXx%SoU{iX2y;!kJ)k;9L
z+|5FB%2t8+=6zlAX-_f<6UWr>5f<28b)x7DzZG6adFE9AS$C1$kYk?g^CDZ8bQP_F
z(<zMZ!vXiTo+)b(NcK$hfF}e+Kuol7Pi=>fq#($^Tm9~##=0IChztP`5R4<dfM{ac
zqO0uoD}e*pCOCD%8RUGq@To66cA`Z@uXF=3g%W=d*yDT&Sje9If13O5Xt=uf-yso+
z5(&|R=q*Adh~B#}dT)u|qjwU)t2658y_?ZT7esG~&M474!RYNC-rslKdw*-)weGrq
z-L)_{XFuoJPx(Bbz0Wy&1GRPipuQ1B{|~~$U^WhLo(>)$9F>%4%&hK+k&Y9}hYcw0
zr}RiVt6jX_w#=gYvq6wNKES@V+x$lq09u`7hidvYoAPA08Fnq=+`<~ydk~&jY>-IK
z%F$zEu}B1{pe+AM#PSike*r7DfKXx{?$1f(Cv3=9*-it&XjwhrLII&u1yi*Cr+~UO
zp8!)BRcl8H5#@BRr_1j=F8MLan%$uF>d)6`lBnV13X->ddUJp!0goiK`;Xw*{Z91s
z_Kx6tmLlG+Q^zH-o-Yh=qnxLxvzM%%cl|fOVft7aHvat!Lv#1K!P9Vy#ffKWNP~kz
z{&z#U(!?c2fx36>luh(YE%~n*Jx%?!g9A1>Htv#Y3uOE5fmGTr>_a|{as(->F>7yN
zO)=<i9jD|rqbA0yjYCb~fuO7F!mH)@s#%(ahff>GLZ5b^fz(;40?P#UUn2?+05Ma=
zW1svxeLh{)jIY+Q(_Or-4h0OIOz=RCKqZ7GpPUtNi&>^0?(PUG35z=0rx_WNO;PyT
z|NPe@lBcDe9)ubua*qr8=K9pqgUQZmq1<X#h*$iGb^Z{Ct37X(HA*lb<1g6Z#X#yP
zQ1Hi!9sbcINH!Xw9k6rqYEon9wsQHUZSfnJM<@LrtyOqw@bwpSl<0GOx7rkmbtnK0
zah^>56m|&Xrs*RGIl!=dZWWk$PX_;1?)ADQ8@0CdS<h6wT$|M&@j*j3q5d5mj0ogp
zA*?*xi)3_u@;Lc|4u^c<+vdhe)tC<7LefLDJKS67_}dE&!YbvH?hppN;L+tjA`$nj
zSuxTOhHJSv@jl#wDY$H_+C{fm5xx7g-9H}Ooh!zFMI^HP;W-Y8=Y!I7Ory_5npV{P
zHPn<3`m|yx<^CymFa?I}*%|@jP02l=s^_BFbGrv((3kviGgZH`^FQ-JLqaq5AB3xe
zK+3T1u0K+%W?A?$Y&5NuH;j`s%Ppk+s@A!HSJ{DAAAeHDF>uby@AvY#yqf*oU*B!_
zwypg5orUx)4hT$#`;F5F_jRZAY;Al|KvwwvBT09!o_3_zd-XOAN0O6vn<T~jMjO`2
zAkk4%bkGkC_h((RX_SVBu>vnb|I$sdD78md3@vjPpV@)CTmxRsC^y?<fJmza^Tn!@
zjRpR)?hp~Ii2eq5y9K<iWi{yoP02s)NNRjAk-a13#~m6?!t|+8gmj)#Oy;GHI-@bW
z5W17EXER~-N->COxj~#V=ApKP*W+xE?xwMpV{MyW+^UN(R0UVvo4qGTHR~UlZ~BHf
z*2+W*)3;m~K4<Uv{e{QA*0ui;3U_Rhjk;A^Kam6hUM}tgToU9#x`%2^3|t$M%+En)
zF%JelOLz<dwElw4wB`EX8Hb6GME%I>7s*eC-A9agVz;Nra?*Y@P_{arX(IN^?rlf3
z0mJ!+jdNR-aD}2kvmWp6FQB9&*A5MJXPxbb7Si+RqA*uAO62u}hqg)1HorglXM#n?
zkMJiyce_e~C$Wv^k7$ceVHQ)EG(DNS9&g9y3hF4|ZQUXpPe0UeUED11J3)~{L-Uo>
zv)r1HXDbQO(GN>{)WI>1%G-JE!^MFb+xjs##p4>lt?_Z`V@;cQmI*QC7%UZ0k>}s(
z{GX60$b90S*5f8WY2iPGI{Eqy?CH6hyT+C$LZ>H>4*u~nTT7kZA4qRIO5Z=dJWpp}
z^Q-ZOKpLr(oiFjaniymc*$oPQP|dzyYvx=pgP0F)uTCFFx3|`t4}8(E4f~epr(*UI
zrcljgUSCR2z9M)^Mykjqu~b3H{2Xl10Tu^=im}9-7{0P;uIGm0z4Pc(eK%MJ)#;5S
zu0onEk9_O48uAW6hu8CZwe9|VwEA+68PUi_Ko(bj25VfCue^eK@G5druUqW#3Stkv
zJmPQeSY+_>n$CZFIW^dCswE@~@jCP1%_%NAAM(=WPBoc1&Q5KD{F--y#mqH*`le}E
zxHl3-{GGtOTy?VpnRgR8yRGd6wSu3uevT~DKP5V6zcM;$b_{N~yY%XDo%>LoSc~L3
z(MxlT6m_p-;;O};GK{Ovdm0Vb+PpF8176@oaV&Y}V{JZu!bHK8KEnqf@al#r^kIqW
zlk>R>Vwvuby4|H)o?&S>In%aP%!r*_LW{Wd+3iZi^02Sr??lS}-EHim6G)V4kheA^
z26vOVxRS3bB<@3<`b{9zXi2-$;DC0R_)2mAP?LD}gbkUyF_b|xk1!G6bEBHoY1*w2
zm83eagj@%|b0f(YgI{86hYiKhji>rVJo5d5JhK-$IW0@%wg0$gIU*}bc^$gMzCS3m
z2d$E5lNYA<K<7+J=<%DeesOsnJKY`2z8}lhOR=T0Q)Ey0lKjK9$~kw_yQ=2BGK_s`
zqq*a0F2&h-aWZ!ltK(9ACgF$eh{H6m>nF`Ya-+u6e0DQdq~qj-4isf_^ws?*gW!G;
zFx{VxX^LO^k!W9VdhbAU?zF+~Y;~trnV+YT;=_K~H1;|wy&J1NgpT(>6j$&tYC8Re
z*QS)m7O@-zKiH8zY*)FNKEIpM$@k4;8ORoKFV-0Gjye0#!xxh-aUYt*bLuOEaIaS;
z^ghJUO)7hz4m%=_&?hCl*IW4;DXx!su+f9)=o^uQ=i@wwCw>KSnwBiS?!k}t&Yg~L
zhuJ<yMzo-`YF~Zba@ro!su`?Iv>TYGd`YNC$J}rvn#b>&{&%~O4wg%izC>-JA2R$3
z1S%AG7$;lqz0&RxM_h71K6fQ2r?}^m0xXM-j7h^I5*(A2iodufm`0xbeXGdHP~db%
zGe;0TH<disJ=*Z*UZ*PLd=n)B>(uKUSH-pZ$ZJKrnATwAZDs1p)OZg;nwL|@@Ksj!
zF6AI9u=0|xq76cDNzm;IcqM_3G(kzjL9uOFk<(y_r_K>G($rr2=8-I<U=_9FvsqjA
zxm|WIq{QiIC|$F~W!QXc=}+@#Adng*dLNyZ-qKQ`&)CYkmC*!ypB<1m9nCmZMv4-A
zGrEWFjP@$c+6a!uG=VcUS7hS{Vj=JTH_>s>oag-2`gX6Yh=K&YTj@L!S3LFcZ5g#Y
z`&@Dz47?&jgz?jZ^x#3BPa_-QqoWCPwPZw*Rpx7MNUo2EgZlKVr!R2u2&%W%%=hJv
zYa@g_H7wZQnpBS6Yn8s0{OYZ^&gf^>_p&2dEGd38vSvPeG|1gSy;R*cJuYU(8R5Ny
zO&K>=WO2X#MmG}Ck2sK$h5mT%u_#2EAl>y%Qx<}c$=OCbUaOw|4i-J$q?gb5ijg$F
znT}_N*`v-KSWAHO=$qKhHgi`9$|85Tw>X8J!h?EWS-fS!X;r&c`=q^!A$8Vn<=TL8
z)~Rw3h7~OL{YE826a)f$6z^ksJ{n;E^2NEX&l9W=rF3#QIE~z#ca?>tARdMDx0Q3#
z!trBcN&0NNF;`s?y-8Ji#fEX(@}@V*J532Dy7|HMUyS5yoy*;NJ?UpM;>Vi=M$?zQ
zx=6XXJW?g>3X?1esT||tPkmQfmGT*Z_s0<?^4#*!^LKXDN>bH^RyxT(yVKpO9`Lfh
zp)vyXt#@3lGNizY7+~mQrr69WtV76qBaO+&4L^7%SLMzdBA0esW8$E?pK@az*@pkl
z;)t^-Q~r3$ZH|y;|CD6mrPIO-Enn1b(wJYwZ`=bTR34;3a!r)H%+TvwHPZ7^@|v;)
zi()C}T|!5iJ$9eggg3&~`Ptp{PL9d2nh%^ft={biI@usTu?uC69VD*c3{w>~p5<^7
zrK|td+cScRe5J4$8<Va$d<XvY*ua)>xDgFl38V<dx<RU<N|Py3vax$y1B*8wG@V9P
z*t!uZj3};`T`%f3h~~L#T#33O2U)dW%Z8ko1L-kwWbza<Zmg~SPYl@`S{t?x;^}$o
z#Dcyoyy6}NQz?n&j1^I49@bTaJ#@^1(H>C(P6=!6y}#1{V9JR5P|HfLD0eg8gk?3+
z?j*mz0nOAb_$G;)vvHj#6aWHc9;yu!qHwTYXg`pI(3l;B70G?_M8|5rP$G1nGc?(E
zYDB(RIF)GgJ($BYMO<4iuvGPUW8IEK)K}J5P}4_V)&4nft~OLO%*QFO*+|`aR&aL1
zhH=^Xbj41$L%n50-&Rg(G;}F)nF%_nOEC5KBs+H7ddSP#mEXtR%k>Nz&lANsUSkiG
z%S>gn(aN`{jQp;qh(V8%73jO#*NzUmE|oeO8B^FrA~E=aOkDK;>df&I`!L-#t8_6-
z9b!U~Kk!R{^kW&P)bZ20IZQ6p8IP23;F7KGimp@OKt4UE)q3IHmLJ%r8!v88kZu$J
zpaxhbCd0)*nq%kyxeUb=&HfC+#GXHfGVc)|*6HR9JADpDY@aG-`iOI=(CI>DqAkQY
zsWLGg4ldUYnZxVd+>Tb~(M(rQ?9*`w${ld1>#5yepPBJuYTVWLfi7KUXz<O_cO3RK
zdRJL-H?cOhd$%}OYZg7wHDyQA$rjfyy^|C2gRA%in~o2~n;%F)k2E59p90Q+JOeX`
zj&ZzTImES#ST1fw_f#G@->I9W{m-)i)>uI_gv$+)kl~v|8ZTdE$Be)5maJc$RJ|z3
znf2<zReJVir<+iw`=wJS6@PiztIS+v?Ta~f4~G;1R>Q>Rv=1KyI~t`v8~|mq@#EL9
z8=9&v*&{~`1E-^;>u_h43PZoDOq65s{y$?2F+Le$lisqh?G=rGG#MU~IVD7Tv}{CD
zF~7f6=rv^R;8@kaB=R_-bPH~X-#aVYQ78U*$od8^FUV0+4(A#j1d0!)Hi*p}E06W>
zbJJ@|A#2@=+2(Wf!ehR^WF+)jyCl0fDCojvgv32{E7~u}P+tnXti*m1$uT0E*EsXy
zW_p3;;wq}!BhrpHAZ?oarxY$ddCb&hzn(52f`Xg`VY}?8Xp0;1vqGP&;gmp*VhW;r
z?jyljJeFn7<*-oD^=4&*kIZw2J1=U#cb*GhF?Fb!%=0gt3$=3FFPPw_oc`3!`tOY{
zz-^%VMk<h5tqjN|<>a4$3}u^JxKot6_W2y7gIUSwnhby$((s^!c)R>Rkdo~9#My6D
zoIBIn^UeapEwlNfBOz~3?X3)8g0+Z0E%as3bIje~sL1KonWTJX+G>%|;CM;{ql#oG
zWyZivy<<?r3f*T$cLfoRIRWN)6+XwMZc~!VZJiZ{Z20TUk6FD!3rb4#)p^!CH1U@<
z@F9BxgO$gC29_jCTu&mkU4Q$JBr8TfVX6vQ{xDLg(mp;Q+qH_K6zct)?bv{qx@7NM
zwVG%iHi6IDMfL7ni4<7%?Aw>;v40#w2$zX9r~i@}<+Htc4wmzIga#5>rOs6NCQh$`
zFi=_gg!Q9HTZIOdc!7fs^6wKDfj+dQe-k;RFxXYo^0mmxtoZC@+JlEL0M_~l%@lu!
zslxHJ!9?MOFa|>~wWV#P`^JL7(mOy^7QDN|70sc9+QC_!vX(+eV1L<)S7|EpF`a@r
zK}F3~btD*oT0#DtPgFQj-}JA@XEhmVM`y`0`Qk5LUr(GcOB&LHK<WYhoU*{`D$Jg@
zrU!rDBOVqi<_XCwC7b~(<oNeVh(PJ0&b~?Rx4x%b`}oL!S`|91@-|P%3rHl+FS`P=
z=?52FCgDE(>wK1JiQz*cVg6ecLZs?dv6N1?nZ{e%>;x-lph5<K!a(A(q~*P1FQtEf
zwY0+p>&y8BQ66E$o7_ABlnC_a4DtN~XZ5^2t`POmcT3iNpoW>Tz11*f^t*fS$&1^8
zJ8dLIpc2BT7~|GDpZDyYM;bVV-alYNXIY3ppynbXoge?K<N34yiU6=3E?^vb9C6{p
z;83BHuMTiJ<}_D2*;+2{9?-bS%1bKVb)`V+&47-KwBNofaMkRd3t*g(S@|5yFipXQ
zE4jar6mF$TQ*6Rg^((czzumFWj&}X5hu4pVn?8F6oZa)2g6p{8stIW0eb?p<Qq!^W
zs=IwIw0jwnOV(=7mx7_t7~|x<k}6C{h3iJ#e5-5-ZnPBwuA)YZ-uL26s=Q+38Xgr~
zlZB9nyug{@7{FHVuYHXX0L6Hb^IMg*%14<ddooe$a%H<MU)7Er1Y)v(7{~lq-X4q;
z?3^?^6SEJ-U;Kxzs0DWBO_(_nk&29wQ43k=#XC6c85hQJCi1aq?1p!13sQpoivh!-
z!*X@S*(9lSV?(zuA_E|t%}iN3#m}-DzFP%M&&PgkTU!0fcsMVUp{PU;*le?bNVyt#
z*>($PN~7D1c3t?hfhl84_>GHckS7=S7=a3yORPqei`#?&?sj^Trn29w$5^I|*$A{1
z_e-nwK!+Db0Oo0W4$l8&F78Cg)z#AJ0?Ub_u-Cj5SwpUN1$hoy+88Nfu_V}PCy!1=
z<1$`92*AR_GZoPG<2tL{nyttS0phsz>7b9~?n4l0b@&i7MaYd4lSGn;M&e6AKC|kG
zHNj{0v7wJ$$NmC*bmClStxX0|Vp%f^GH-EuT~^C41p1O}wGYp)i}A*-6jgJ8qqz#h
zy??+5y}Jb38R47#57Jm_8+wI-r_jW2W;B0&0wCbYJqVeJAo#EBUm*Sj;~?J&vX$Wb
zPL9{YxY-mLy9Hc-9ByRu_P;pxP$$MJ$`8t7Ez|>y{~#cs;C-n)ge<k%_qPwYKh#@e
zhAoPli(NB3kQ7J)PgJHtMV#?Qq3L$=)KqUfE-Z(u=)3PmnfeDZ)%RrTGhgUPIdR1E
zdpk+`H2HR!ViZ_jh7`i#h5?H`f6u)R6=dB|E*9dP8mI%j@!`oZ$_YV$@Nk!#H=tFu
zDP2)tPf?B3NQ(6V+2F%8n*)E85+{=%C-YQ}ucl90B=5qZPFJ%F$Ol)raPH-G+{z<>
zEgAhY`M$`7LU6(dToM|m=t8GITCJs2Ui-i-3!C8ib=^AncPNFIE&L6%N=;lc^dks}
zh@ZFHO0m=(V-dL6VUbxp^gfOIg+#eZwmU-LBBET?3)h9;*|*f8q(OEzS~9@S+C~YB
zx90`F-yjR3CI;Crrhqu%zl<!-m+?@~Bpa`b+}q(VHe=LB9Yl={PQFR;U<82%xF5z@
zy1Hd5E|e7kErLwc+>R+@G7j4d9RWY+H%nJjld@f$xml5+7QQZFrvXs9B_#qyLwsM`
zM9{O~>jTe>2wz6_NXv-EAJ)TK7ThF=iL|L?AO?TWP@CZX_XsQyC=MIF59c59AUg}K
zT*WH)=QZ-n#y*Js!lv&p)JWmmTSG0h4Ri+H)ZL1s6S%lxFU*?(WHDm{8u1!=IJ=B~
za*5Z{TnjymZW&*oR;uW;62Smc4{;f_bxhwbn`pVYmEXx{q09^{05u)%&lzwsWuT9&
z*7Bhj>r43@(9jGQ=cdLW97-rbUh+Asm!9b`Hs|MAClgsm?WV0I0C?vJR0m^z+YFes
z&A3sBO7UdpBNw;*=i|zA*o4LNUz~y8^)*ehRAkBCE9g&76%!Xt0f;Xl!i<d+^li>7
zQjfu>ULA4QigKnJ3q?&yQhs%G)#1y^IDI*mM<3)OiKA+7X*K>d$}d^>5eU>rh?b{d
zbMz1;9g)X~374ZsS-5%i0+CZ+&++^>?cA<TJPT#%=b$VE*P9V;C8K{Ek)q{=3v8DC
z)+N^+w<o%-djG-lx^TUGo?tTt=mX=r5{*v-Vm+En?sfZ=eX^(Z=MtdSK>zKYv<UM%
zC3kCQk5QGH_(Btt{&Cv}X&2pJmle{brz=*sG9K|A$A48MWWRn@qfMzlU#+HuuLuGG
zD<{NpR!^R69rDT_S0hlr5>KT)k6V{<GSKpo#cE==$T`?)#AwH998YHd+Us$HVi&-e
z_>Y-Pi;>mNw#%R92n*Tkhl5NMTDOEUQ)rs6sNa58kmUh{NSvbC%5=%?xoKt^Ome-^
zPztG>0f9gellRr7&hKagXBYi)>M(>&re0@rr{Ty_J#pKv3eaEPJN=H3qAJXQi@$aZ
zwydU08{@f%+T<d5VSnar0c#<$`2?l`fs&p9i{D)t+kkIp{1m=^nGh%CRJb<P54(8>
z9u9n!A4k0zm2-X3_;tCMVm&pSEdQp|x8<grDj8Vl9poP>B~tW?RrSf-{6g08GEPoR
zZm^H2Pbsj`jMmBf8l0-$Y-c$H?#t0_`BGcXCEh4Qo=Ns!LTf2N!p4e-6md}2Urd3c
zgm}l)E9D?`ow(w+_%<Vx-#(JDRDkFlIIZ-hsh*r}1T0dX&yM&wTgu+5Axq(7+{}4P
z+ZTWZ;>1LXz~qp(bMuo~qYPU5H+7cVVOeHA!eICks|skjimsV;27b#wl}E(Lwb#;$
zXlf`j{+j;T)ExwJ2z|^%SlZ=+LIkjHD=8W+b`jfV+!VtkTTOPKq<#-0F!nM2W7^C@
znBlO%4`ej-m!9NC#RCus4noVr(xb%N-oEZ;xN_C)8&En|D3tU{BKH4Msz{FtY+G*d
z{^r4;lApL2aC~&^WavPq14ME$u*#s^SbZeW+p?67W&#+;zT8EKa4sApr8+I^LywaI
zXFgsa@E*R6L;EzXENO$_R3ZE1&~H#P0|;aUj1P(jiWlu$7>mo_FKNz``LIpp8lHWN
zV@S`#kxl&B0RX8qJk3Zj_Br0U)v;z)z1jvq#A74<Rr20M1RtLUbl0$O-Oyb;Z#_Ok
z)fmMBKFmHGd2QT3PSy43c+nwhNKsLsTLN-2V=zZ%^*aY=9cZrl-Cw0s!0{L;z;+Zn
zDsvygHdn0?0vDd;%5IojTs`G!#cJz(7daNKLL__R5a+}1k()dpuYGK*_6jY*5D+#9
zl>ZFPl*qz$<YEjAY_WL~(daALl4QK$>nG!ev4vu_kH+sL9D+C-)0DbNJ#tp}2Hy|}
z;4KAZ@jt-5P}zOylCoUZ1X!Je_c2qIOjztlMzGg$i%iBh#;F_{S!p(1x65r8&CEz%
zOhPkLmMk|3Ow@^1D^Wfp?2!9Y565v?@}q0(a^>!iURb(!RQex(PHe6Zmd)%V1;Syd
z;$GhRmKfV~|2?d+&3O@u_>?}i=H-o<DgSv=ieKlw8?qEgTb+jHeC35=OE8t-ohKeW
z1DjQlP5#FH?R!_yFc=SZ8{$YWj&c!F!bjs<#)jZsqV-M%9f;!A@j*E(9B-2=q~{6V
zD*2bO%47C6hB?wg^DIfAM>&s~q9<LBYp47H<Ne-b)H=4V)~{8<JO6e8g=-9ZJ{Zu3
zeyY{8mHFu`=`ExAvx9H>p@t{B8De*o=UYTWw_(BewiP!((9vV29!|P4C8^^*nO0a7
zZu*!&yf=W_(m@@4@FuRUPldm70S`0)fC*G#eImS)1G?b#h{xplzAJdZrscSvL(AsZ
z0GR`8JZ55I+2Cv7<}P%TzNk5%TYno~yKuNg3OCdhL=#-bwMg8}2{uJf$bF~s#a2P0
z<}K;?c}S8*u2Pws^-m3Zkp=9rZ6QAy<Df49I&eygw0+koz`t0wXq|t)t9iuiYn{Pv
zljJ$EJjrb@f)qd#+&&n-cruNvr~_oNt%6j|+vnp!COdIn<%i8SIt~0__&&x~O(K>J
zz}e8BfgReLU?u(d#`=WhBZLQ8u`m#Kx_E-Lmkk`KV!JiKwvs|FP>pdMQO-Eh{2D&O
z$t^Xpl94B6il#SgLTwlXN)l0)o79G7lz%6;)>~d-vjP=5R7|9e8G!XG2?cw=R}mFi
zngUmaaYCab2K^<8faDni0OnnEY9mu>`98}3<|HqE;XpCyG-CBdB{@;i(u1!^z396l
z)l)j$Sdy*7T||@TFT)Z{pPCt|7$AedZI7AUJ8@)7RGu`y70Tu545}6)O{?AC3C2-P
z%P(6_h(EWS;j`1>vzsR4Q0T-F|I(qR5VREZ)*A^{Fl)1w1&G2GEajZpe9Tr;XfkHO
zMSY#mO15B(6JH`VPG`h&&`G5@?YpryV|zR*l`%8pX)vU@7GdR?49q$2NQt!NT7OY#
z5TKk`lTb^ERW1|g9O-1L9zL-OW6UgQMiX4Zu59NArgP;UzEG&ISJX+tSGHA@s^)z@
zUf)}1)3Q&cDHr7G?me@GYY|o;1yJs0fqraYY~(-v)&HBN<}#m7MmTP8LgA2H7uPUv
zef&<z#{x_1g6;ygbpKlS2S8-8H=c6=SUn1yU-|1#ZVg}BuVgi`f`TPJ!Fb>|y|9sS
zLcOQDl+7ky!MEqt$P=rm)wE+%fNFrGo`Jy=Vz8X?jx1AkmMn~p@d~03%z*7xH3+xW
zj-d&FLn!jg6#F%TEv<(gNTxq~aY?{|H2+cen5oc0XmY%1QBLP*lzGriB{^eAZL*jY
z*035|;-6B|w@L*YiJzl{H4&1-E`aYt!v2y&LN0~Q_<D-B3KTrH6jiS&-T^;tT#})F
zw1jOy9~`V6GXWo<zDLUd=LG5xE;_*2K>n4YB7n9aF!z5BqXCQuBr^Rf6Zilzk>3rR
zK_Jrre;^=0nKsXWjUWHNXly*}3_vT0V{R5|2V#hLJBpj+e5b3wc9t{K+a6ZJ4vJXm
z!&~?9=KwGOC#sim_{3q+4!y5_2oEn>@@v(zAoVD(48XeUZzjts%tZQ)RoMl`;cIR7
zM$?Fau0YPK<6>0U^mK1L`F7%{ms-(sW4w)@;^s}{0Ik&8L3rO4k_?xPb#B1gLA`o=
znC*<Z<3vFTxL*R)XRMA8^;VIuRr9Z{&(}z82=Y}LY{Rno_ca?@KaX*g_hB>N>skz{
zw|X}_P+pd-4v)1T#V!7ct)BW?^PtR)rSkL(w2$gSUE9yA4+rR}T12}8zQFe2p>2b5
zyzAFcRns2CrWD4oXVuHqVa=jamdF1}<fvW$*?2MowZ%94?zUS~tbN=Niu>=?LN!Sg
zcYa+h8tW&Od8gP#QzRS4PzT;Q7ECWChcTJzR6{bsg(U4*7hR2yX2=A3qE@Z99}>4I
zn59EZ*Q?W_?P}4I+qWf2eShrh0AdB^Ek8NzAP-jLTo2GyZf3eyB2<0Ki$->$>77|2
z8<X_;x_BNc`#x}3W@Yw678^LpiH97l!HRcAo*nQEjvomVyNkj?qpm{s4qU(Mf%gwh
zEm7wj7v9X$_YzqaN$|%T!965G>@1k~9;2zJul=gRvYh&_F6A*E7_>(?{uQ%}M>(7m
z68Hc8Z{Z8350@ip4Y1U-T*tVVA*L?Ys}+~wC~W`#6#V}QL9c3V50}Nwk27`IiUosZ
z%F=!c!_~N3o6SBm9&~!Bq*KFc8AOXElx}l=J#w4CZ9lDx=ySvKyG-I(6>_jF5xTmd
zKh%<HyEd<R<Z=#mqLa1k9@nI@o1CQL)hky@TY$Xv*3$oxoN)4K4VXj*+NtK(^p+TU
zUkLat;mUV^kNy36^j9}ruejS@A5QP&Jvt^9NA7ul0r~{4OVkD%xyjlpM24oU;Plvf
z`v%Pxxd6|c9Km4Sb{X_wv$E~`4xx9t(rGOf-JMH&H|97%caIMFKmD5a2fjHRp6wYl
z-|{!cEAV1m3f9044bQb3VSET}Kc{O;Pcy#^->a94CbcwoVPQ1VeA*tUGx4%#{-$qu
z=J;6pX@u9ngJHMLuj`HZ4VFw!cOC^PH0TDE*vXDm-2D8$Xu=8XB?o)Mmm_Na=5f&*
zi%k(tHU1e)=i%CAD=%J+!@7DGgSo@5Je_yKg=>6K4UZt62OH5h*8Oh<7lhPMNzn@<
zNS@(I4A!k`Pf>7Db;(?J5bDQ?o!A7c#9d(h$mJ`e2Xj#0tnKe5k1X)C&X+Xa?38|^
zOo_SV$<TnOywNGOzd4L<L5-fg?QXfvmb^fvBoN|Arf9B@L(4>)ZI^-989VKK{&;y|
z1?B12<%=Q~+=I~5+dWm~Q?479O3miHzm(XWof3}|C@St@r_mQK0l4BXdyH8^R*4LW
zQ>`Ta#Q8p0z;lV6$D|`<TdsLA_o=fa;YTyEKw}vm!zQf--~AG-NPPrduI^F0?7E0p
z>pZeRUz)~ocEBgG#VS&)MbC2CdUANwZNbfqI~66R;^}GFT1)j(?bC;!sncX*f>Z)t
zeFjc7Ihc0{9=mn5>N33x%PQKHJewq+?4jH%BmF1e<$BWaSIdyh$${>CwZz?ZA<n&|
z5jwzScXtCIxhd@0N&1GX>9%PNtLZ+|%U0eALav?own*XV-6s_a;)Zp;9<CYow_AlR
ze`9OEeWtwH&|$MZ*{-ffYyN!XJy)|jHP-Z(MGEh(xG;=wB^bG08fk9UQ^Cik%W7uI
zUlRwxF4ie979}8nv0VjQ8hN}fYu#XdcJSmx>-7x}+8B2o!!y|w%K7QE=6zLry=*f3
zd>+%&-wvW5NO{*N5c_fbvzLc^*hHyItSNK%iJPRhXu{G+fl{37+fQsNe%pB6Nc)^(
zi<vS=$Z7v($JIJVxY4JOF@5ePQP@EB*OBVL8ex5w_3eqf^lu-&i>0kF6Hh%N?ux0E
zBBOtZ?-k#V463oSlz~*cV`+XDZmi*Myhe5e(4X>;5va24_SND{Cu9LpXY{&^KV6_0
zTWR=v<b{8pmykp41r77{C(Wpq3x~#;#$}A**jpVtuWq@ylgRkxTK1KU1_zD74bl6c
zoblx#Cfc$VP(ATV80b~s<>P1rS31yW25zU)L;s@AU<TK74>02>q0iZivbrW}wslcw
zW#rDc(i2v8X*`!&WxyKnEz62maN*=_+4hkCIKIf|dfIk0dj4o8@FI#aQt@J+G;|eR
zMBnIYe@@UNjWq2#Wap&y_V6Fy@)}jDx>9v}10KzzL-bzlGEqU)K@H#S(J<3)9a(7J
z7|Fmx*hjyrkNN>|&(pC`nSgDKR9sM<<G}6Ho`QvH=YeGESYu7;4~@;)^c+L!Dn=i&
z>R??8x%*-HsLo3~i=zdB9PFDDQo*KoJjN|=H+qL$cvE@IO_vWZG-rKZNdKFimw)|s
zd+oezRTo;%OKo`ns3?dx92e&`e6T;fbU&Qb^w`}R>7M<IiCww+oi+qjH|$X=oR!jY
z1ffL6mt48bj|}J~3VO7y4YOMcW^pgA{EMxd>Fz~Jt-R4GVU>U@hkfi~Cvb;vNo?mJ
z(dich=NF@4I>)=GO>)FAOQr_H7OxEcbp7y(F6+%IzdG*$p$M*8q4OY9jPCHiQ~4T$
zaOR8I0~5QUzOdkTZ7Zz8*24+UgsQj-w|S~x2)cGu^7$OF6}*+bdGYo>|5TUq_xDCR
zGPDxY5X!{m&ilbb%5*Uki?HuAUbI-}wq@ytv2)T8mB<ua^kvyReV?1|%VRwIezj50
zVQXTmT}ZU=+0GY=%`oeZ5x(YA7woEz{`P}vAwNUAT}X!SnO>O=I482DPRPwLh4NZI
zN@4WZM`E_Ic=KW42J+6$nLKnp4mi9w<EgMeD_{sgts>wf$K*QBw~=osc0#wp14WyC
zmIcaQJ{4TA4nnQL_uK>bmv+SO9TK-ereM{vUb|_%&!?|hW;--*xLi~1X)IDg9GS-B
zSk9V{@LmoiNcX>4K=QfVgf`gNcQxc?*@P^6$4KbxpHJ*p5;h9d7D;xP1`xkLLk-?m
z<!>C_UO&KmPtuQzeYw+o>C*Mh=)_I0ywZTU^d&!4r%N7{z^I2994+v*U-_mJqm#e!
zh&ljd;HNmUcJsA#7(>mjK{~3btebv@8xtodqGd^{IsU_tVeTp?F*;^4rR~%1oCdG$
zFLS6g{m_;8hY7iw@Y2aHLg=&d+ttFo1?9S}%MN}olmZf1lCsi3G(-PvR#sYRcXxFB
z_Nr;-h{)0TrRMEPKdlaDH=NMvLFGXE`C9;`g?uLs=Bmm#OzP|yUQleyTU;OVol7?-
zsLhO@1Ozl3=(disAFfpl<W3!(_Hy8ul3AGy#n0ZxQRHNq=B4mf>8~mt2-vmZk)Di=
zR|0b>KSCT$>madnuB#0&GW)YV9EA0!eCjkrsUjM@h^>_h%(<%I{YzGhv%8?v3H{<D
zQp7c~PXfSU?sSa;hxcU^!9j|}AI%XH#ncwtKl&>mCDX&X^ZfR4#w3ox4?>xH*_Qp=
zpRog(s=(SEpKeQ@RJm@y9~q^M;Y$NxYwOiq(Xsp0$=_c;`4_({ciypy|68_i%rhQU
zTD{r#1zS^$S&xw3$=ay!%8LJvhZjD*2M2(0xhmaeYROXGiRI0_Plf+oyg$||ndE-j
zo>^vTgdkOD2G8pK*a9p$t97fugJznGKa6=tK12w=ct#C46M&^y4!mDw0`k<JOvXXd
z8qFI>nP_{5<{VjfLR;IDfe!e4=diEgV`e~OTr&kCgs4~+ms;^>fU%VSTP$<FMyWN|
zhTB4jt*%+NDAT*%S~j^;s`xm5VaGnVe1Ur+xI~H}oWp*lrFN9O3lK;VG9TYK{(B|j
zIrL>Y<F@v}HvMj9bzDiZ6>JO2#jWB1BQsEYdVfkM*=0nXwb@=o6Dny5>G$FKV|#d*
z{cRQvyC8!&%UjWwCNGuyGDSGRCG}<lr#^^!l<U1C8kz5nkYw#Fb&%H}5sXH64}5lh
z8Dwuh6g+T6AfDgn7b7LhNv5OG0Ck#B{~bH|zm6}^^+;hWCJ24rAl8mAKpg2!#t`ac
z&bUnW8+>WQK@h6a*W6m-+TO;D1W<6|s0JDLaLHrD9V-6UIDm&cx6W>D#*QxcLnLjZ
z?^pDGo_-yN{GBdIV9djE8m9hYxi8|Fb=*s0Gm@Cl7MZQ)7pyQk5Jb@1^F0m=n-Txs
zXma7-;|A1qe@8FzLAK3q2%GmlGignesWNCm!UwK_PBH-xVW~=WekZ_v>?j2Sp~uQf
zh^om}0(VycXC^5G(P_erO=@RjtaVir0ISe4lB<NiOqSGwdJsIs>WH=^f!;jtU?Njw
zp^sbXe;7C5fdhCn)U=074+>ie$6}78CI!A=D`b^8ZXYrn(6s8q7ym%98DK?Cyo}Ip
z7E6oC$M+<-Sc)N+1cEaeowLYd2&1EAFYFnNBq1YLe$2MoO>#OR!_m7k+|J8r7em`e
zao@M%a8x=IGKEt`XCj)qqbHY;(QA;8FIsJ)bH`@o>1~7~HV2u<YJhYi0j#N&@xIBH
z$s0N8(|nV?{sr19Qx4viPjw!#tJ1;Ia(i68_jRsNCnrE|O~`!AAimt4O6tW;g_MRq
zJjjUi+x-~q*iqDUC1Ekr=Vd%Sv0Sdz1v&m5gEx!#-4Q@Cqh4Rk7#%Kk2hT}0#iumH
z@%^dpcU%ROM0roB|BqvIW0mGRgNxMv_iXe)3(PXOlVC<9_+N7acRc~%faEC?&i>ti
zpW{gCIP;m>-AMy4gWT`rFp=l;k64PW0~0AAf6{-6-v69M*ondQi!d~Y@qR4Pe68st
zE<-`lU1L2gw2O2DE6zZBx$mSV(T87nl+4Pr&zAPTX%T^}+(q!99b+uB&-&%*)}J<7
z=mVSKa4sU?ToIRdLWc)R^#yRfH?q@45XAyh5-IM|I#>y&-%VYu&Gf(X7aXQLTqPPN
z0ll!fOH?c-m8##ZKM|Wwrd#ta%lO12Q<9*0hv~qX`Xl<l&qbtmoOjAw9p9ooNPqOu
UNNq$A_!}fEsVD&xGy3*F056A;r~m)}

literal 0
HcmV?d00001

diff --git a/docs/static/img/go/api-expiration_date.png b/docs/static/img/go/api-expiration_date.png
new file mode 100644
index 0000000000000000000000000000000000000000..826a87ecd60010d03404e93ed56e2d01462dcc58
GIT binary patch
literal 65018
zcmZU*byQUC`#n5LN+aDRDM(1Cw19NCba!_tDGW$=mvnbacQ-?Kck>>6KHuLz?^&R0
zojG%#JFnP#UxdiXh$AE5BY;34WQngL3Lp?v1n>(F4-4E0B5slg{(EQpRowvuLd1Ce
zeFI8L!3BXxK@uW@O0Fq~%PyW6PEfF?JHH)ICf*pusn=$}!?PIniG2yIgoa)d4fH3K
zipg9D$;%st_(Gu>y@L;?pZ7Rf7Ni|(nb=$rn9#8www`?Q6d-|c#4kM^|BhMWyV3M-
zaw&(;dY@;%CAm9UM39n_LSIT9O8&giijhC61p>u<B=9E-(1ijWF4e$^gVWiYjt-vO
zGbOhqCn{BnU_dmO2zw1ra432Zzpes84fH2n59NiOXlmKD{e1*fR2TKchwGQ1Cphre
z!4?l^VKp_jY_FGcOUkTl5{eHwtSh*4sFJw~?$X)geQ}ctlc&>l0;GJ}$e@JV5!3pH
zh9pnfkPwN}%S#Yw==oNv>LfKdxPV5U4(8IW2JVl_yP8I8$4iQ0jVf%~LNk!>OA8xx
zuH+pB0~>Ps@XL(p(|C4ZCu9_rwy^M4|CxN*fg-3A0zm~u#-#k3iebIIyZe$U_oZlB
z2>7>Tq&+{K5&HYnJw>&?8`3TW4peUSAd|xDMGP8iQswwD&D1Kxba`n;-}>au1!|Yb
z{hKgOVK_@NUq&Dz|979w!tTbK6ErxBECKX*)k(M_v%D2S{><TEhRE}7`ljCbiR$<7
z=x`lb35o8fhc&fo*9J`dH>4E8R;Owfb|h_&wQm+{Pee4_xk1|BhY-RmD(uu=9>flL
zY}H(N>rU3k);7>Y(fvs?lxTfiUF#{>KM@bAKL08RLVW|$D0$=`U3r3wN>lfad${R}
ziYf4rMMsxcyB$V_M+L|DTg-rc#Kd4fX*K(o;V?uAQGh&KOhc*#_Ab6kcc=NFuFlpF
z(6^e9lV@dp%|<^vSP(dUNY^~QJySFUE)VShYT0!Cmk!}uy?HuX*0*28w(pb?C!Lt}
zw;Om4c#%K?FSW#H??ONzR2P>Rx?IGl{Lz#yaFO@$f<hbW$61nnr0|Y|MuU_2Y{X7;
zr2vhRo&n{ywFk<<itQbzxq2glh;+_?>Y<y}ot?0Z3<U))#8#bORXd*~whXm7OlvfF
zgM&NQb3f*c!S9w55Q~WqMu<0BtMwiPu8VvRr-+h~lLLuJ!xHmFIJwSC=K3l;Kl_rd
zo^AAwnSOhzQlx`{hJzE%lv~}4&i^VYQ&ISs(XL?Y;M5%u3}0mg<y%)ry`;SynUM19
z@81t$MhO1Cz6#!7zkU@l*J$i^3JDGlCE!rSxxITJ`@}x7eNoZk+046oastlTG!zkV
zKP<P05p198-^i4sDYv-MA>?wNFink&oWQ*n^8vM&S#YfO4D*N`)HgJ?_x2L(?K|?i
zy*F`6fAhxsYw(Vfuw5?QE)*#peO9)?d9h`<SoPkIjPYRLs%-Mqlx06V3ke3xR-0+d
zW1i7$hb;FBiHIl>=H%p&QNryQdi<sQK=!HQJbWny4O-rOOR2%0GP<Ke`T!f`xbvV{
zcalI)P05B#TL`vX$fpT)y$qg3?#8nq1O^2RE3pIWAxr4a9t5h<2oD-({wggIkR0?;
z5)MXET5fpy>wBZ#)vqGJr8ETZ@4M2{nCV_ahX&oTdlfUKbhuChXELh$$u~PYE4U--
zwZVb}dj(qgTzg9BcohGtXhh;}-p+v2uYb#V5avVvdn7oRe%+DqwM`KbL-YU&^naK7
z-~ZktB7)7#`TpOnC{d({|KDRdz*J>4x8te&>poRx2C8r02iRUAKSA*89Z;_>4omQF
z118Sxcd&xwz(t32*z(C}?8783;Zcv=zp-@3GR!t2#Z#gOWTV3hzdl5MQLN4QSq)p9
zl9!X^L!6^>(T^;_r^W)67P<)qMZ2>JwiHe$SY~Ess#%+*0<u5KMdml&*N4kN!NEb!
zHaM7=!Pi!rP#}H%wC}wm%g*s{KqE3EyDKFWT3T9>k&(XAnzcIxDUV83#>lJ%x;R^d
zfnN%hR`nc_N+I<jPjIM<)n0OPr1<QvuukU6K~>QhrP^&FiY6l)Ge<n^Rwu{%q1X(%
zBBtH;r#Cmk=H_(AD=lDQaj^Q+CjwqYoEnSi>PB$O!%J5H+!{L(m`|g|GU89{M>1w+
zn6?r~WH!q{;E#-X#PHR_L;uaq504dRWm-gvz#Eg=PI>8K7*S<qUH<k^t{yKx%w3##
zf1sq+TwZ}dNJiO;gUpqSNJ%p=v$9Cmdag7%ogY8Ee~;ndWGNz|&dbYtY8l{OpqNi3
zdH1k!+yckxaZUJ1yY;P8;Ebu42{rYlcMT78M{5XzKCwV|M4QXjF79HDS@`Pe7vM-A
zF8h#*&*FgO+H|z13bmp9Gukt|dM)_{7J8=GoR2$mnvxMUs$J1zKgPz74Az~j^sZ5e
z13SaY$%8r;!D;`;TH?Kve1(vkh`2!K9b&xQ{t(v(N_7F$H(!R6rq3(`?rCroU?pSU
zkB>70#uxUQsNB;kOAhp;dth~SvU#>aeQV({^8AVZ?Ce@7eWmOR8T_2fDO#ykLsYgs
zw9Cor`<OJzF-^)aPtRs%hXs$*vorR)d*DT9S6L(((*rNY+n%h*Mv`#zEo~)>&g-Mn
z*SfA8R*!@$gxqo(&sNJ~hxa?WO@oP-$BPB>*-6#Bhb4B-@lm?KYOMND1Z6mu?~QU%
zQeq9NmUirY-jQxCm4i=U@@DNsS}DuSmo+#WPZ?zh4A<dnTHC5E$xxz`ZuLIyr1WgN
z70)S}ly2p}$u^_0>Vovww!L%&3b1Qxj}qI2<NEKUdx>d`^t))+NYbqM*bqVsy8LeQ
z+WEBY$s!=$yRp6Qk4~}jWqE-u_Z-QLRpYVBgk<Kqb$s(0;is=(*-dxYaB{-3_r~_o
zT&;mgL<BgPM(U=NXskp^Ji5%t(D3`SDr9Z{D!Fn;_@heuWg*7liYnk*R`9J}oI&NQ
zVO*zYGumw*sPk8k&Z3V#Q81B$(nnIso=VfW9f%>`b*$pO(GIn6{jb(U_#u8MEnYUg
z$@c`O?2CKj!sbDZ#Y{WThL~V3%Zd)BXfdQ5X3;qT)zV0KVD;z)S@>(>1eLC=j7&!*
zR*~&_^`1pEu+#N>s&8_P6n8#@`ufJc?*>;GgDI%#ROrEYiYq^>sy>5OhvpFz+D<*1
z2JdWpJi5Jz#hDj<M84FRD>I#JBvy{mgr2v78=cJcSC$e_ZC&E|(lbZ;#`!TYteT>Y
zq(@b`J0y%C0*j$rgM&f_dfOXY;dql&3CQ7~)$Q%jaf+Z!dsE8n*=Anev-w_<q}Tg^
z9~%{T8r!@EF`0f5aCC17KirIYI?2{a)kt8q`}Nc7Ho<FnZ2IG@mBuKx3>^%A!gU%w
z>-LYT=+7%e9Fp9Hl$4YPD?7S7_04;V)LFpSDx-7Ob_$i~##*&498b*e^{tM@C&$;j
z^D2+n@WU-1bojUjt;^BS=Pe%Vqr@`DPwRllYOUp+!C0xZ#XNVRS)L84M)t_s)sMA`
zkSur(4%N%UmHFc%2tNOurE9-Ht#&>t@f>O@cXf@cj<sAF3Y9D?Q9ZYlX+X$HMBGoY
zt|J)1FX^gHdWXAfRCPCJ*PY^@sgqyFdVCznoGqSVZz>vHHd`RCU7PZBTgB^kKXu4&
zzdj#$#e5LZuV6Y<m{#T}7CVsHT~SB}MXt_nJe6##u=jj9jfbb!cu1YX??GJpsnoUM
zNoseZkPp-jL~1rDM8Q8H&!kpOw&SP;nv3ojB8;+(mxq}TWH_Sea4%IQZn<nDBO|UQ
zx+KLK7s<nmNF*wbp9=D2@EE-~_V)H}x9S8=A!`(4=Ax|DQ)mHj*8yQ+h|q%V^>yOk
zmwpsh0>fv<_4aNBIi^2sm+-v$Z^MGg@$$9Lxc5Dv0wqaKE-t;p#V%&=PS*MBtAlCL
zL7ZgC!T3+Q-RH4wr0ne2I>c$fqXz}5W$Yl*Y6X~T^Lav#8={!lOgVU4JG(a^5x!qN
z5T2U^&$4(%-LC9ju)~?zo|~KNdUj&;>V|>l_Zq|XrtI8}S<~uU*Oj*gpY5IfJ_DPk
za9bHu^l;t-t<7fcm!lImU^l*B_GQAOpg@Bhj~-c^U#ethENfIpt>F<6B5NTH54w*H
zb_7#+=JibtdbeYK6F1}4XAZZ3J*fA((TRZYpvQi*(x?;B4mgG}8P#r2(&bp~kEVW&
z+ik%3up}fTfRk@+Y1){phz^zth69O+iLND|#C0wX4(@w5I_;6BW{+ssZ<cSIoZ1su
zLMjMo&CJ+Kbh9<EeyIHU&fbhk*tIeKbHQYPR<sD4aaRXRRIAw$X3+Z)4+v&Y&rjRS
zGoQ}BJvD-S>0&>w<*E#qo1FM4(B?jR0ui<g?T21oZ+}q;L)TH$4Z7L@NdR11Aa_kC
zkTDTV35RV<m%pr{&&v-dunRg{Ro?G7ak}opS8HVSUySPS5|l~JQepJGpl0{t&4N@*
z-qZ2vJYBdKNLQ<chRObIxX81hcgS++b>3Zkh}DY6z}G-8b3A~~n7g#2xAeJHQmZjt
z!6YVb)DQt8A-vB5QJ+?#6%|f*^4ieQ(L>N}P+&8P+%C^gMTCBrs&7o@SFm4IB;OvJ
z?wy?}nne9h+Hb!ZgZ8mrGFNOXy}#Pe`j+@T=!l0A1{(S`U<Wm}vutF$Rkr2<IaKG<
zsqN7HcLZob-~4<yz`LO1<ny>a+`0~$<Kr;se6kpEzr3YgYV{zgGLi9<%>5CcPo2c>
zjS>V-i=5e;C@i_Wo!YAc@`s<*DUmV3Kf~g_pZ{Pk(9xb9tufo!`Q>j=Ll>LdyECF)
z-5_f$^YaI^!Tke9PC0d`e#8m6%kdnsGM(!0IMw1uJbBcT8v^G1{tM*X-lCb}STF1~
zbo7MhH7)wbbBy|?CP6glsWMf#pa{a~8MlU#=aJ{vuzi*6sh^jN5(W{6p<_2nc)VQD
z3-sk>*27?gT6g=_HKf3Be`d>Q@2uk`V!c<n?dxEjHKco!wu;GR#4+alCV&(km$jU+
zmDzO0ZTk?W=mDNy86g1n5+>sz_4zLT3WdizS0RMV=CapCpt!u1#aB->>u2EcLaW7&
z^TcOrnY4aq9hpv52z|%HNqFqYi*zzCBVq)wSw5v=WD|=S?Eh*QGk5Y*CgJn;XWVA&
z3|<R36WZ7Tfy%BA=@29Q-sGa;W;FQ~j+-)H1vI!`e)XBW>8psYe_7?<9!Vn8PQJar
z2M)H(wY89tV@)g`9{%A<6=QsQxD#NGe6feGI658NtyT{=e-uXdNG)Qo<^8erm%R4K
z^`PE6YlRa3HgikJ=Z!E9cJvcPgKl1VQEs|MM?>>1-)|&glE<tt9$wHQtY8*IW75C<
zo;*XuTMib!NsV8qv!dkVciS%Re-lbhPQ2ca;q^JfWPdt}7}c`{eA$JKcQ<B8(zm-S
z&grN|@=fPxUi#X-8)56sZfhOZM;||09_MEYKKALHnR4~hSPPDD9haPe%-GYl%bVP>
zf|0)0^!A5_RU<fv5{oWI6g9wy1n!x~pQ2YrZLZVZO}!V30LO;qi$x9jC!J<`hM?&&
zR9>w2?~!s9TtY*`!0|uDgr(w2e-p#Oz;6CqWb=hvE?0MV&=_05i`j6Q*g*js-mTph
zzFC8J%YvA;da;|qn8gIw{@;*Ec4P$Oh{B}KK;(Tg()N3sRYd7Daax}?!V{i0Wg1<S
zEE=Jr>Gj@Nfn+U{2gv<}ed5G@@|I2-aixmBR9s1%P<AGXj}}z8*iCa?9Y+%HOYx<~
zgL6r)aR-o>M*ZxeUqc_Sw1~b>WY9ypGnrxS?d?tWDvMy*YpJLlbG;vOvs_53vI9}I
zabTC0-dp@4SKH{z_{z0$aPZNI3h*S!?8zj>#*5d>t_E@fpf4>8HHQnMV;!*6LD44m
zPWDWW2iHV^iGvqJllxfAO{YW?=5aFw?wdc(jhlFomX;QFcjs<yVc^IuR4RO%#A^OS
zGIoHBh6YqvXjbndK&V-J)E)pAHQ{apcE^yBq07lFs&F6H2&+ji(O?%27&87)<a4)t
z7+h0l1L?RrHv$sL)4|cUWQNi5>zS@DMR%>Dyw;cYxHjj6<!7)!og`EVut&eL4ai7h
z$)t0Efq<Hj$GgXp!ER_nZLcCa`b^d|Hxw(USG7#%vj<^BWK!JQpF%fvaghnZ;BC(c
zAh;~CG#Zj9?DRPK74>Z0ML}L+AA8mvP0O#df)<1Dw`bs{XxiLvZQaP#!^5D9BzefX
zY-B8GY3>$!&n|W0KKU(JKP>^G6aA(}1DTqd8ZZ^}jzd6Bpi$#4@9qgqc(&kKrB<su
z)Vq+7)AP$8r0}LQ#k9`H_r05q^Dr<l<n-Tsgx#*nwny!*8||-P0Z`y4U>4ZckpY|s
zG3=mirY`^T_B__208fSQqW%{YR>pw<WW5_lzD2_*hEWyU`nWXM`w}<)lTJ@w$-RTs
zWY6f@&%9A6&`3&4u+KA_ZqfGInjZjN1%*{%STDB*32<1kRoP$xAN#&e7oRgif8|AG
z>oq;qb_ix3^5`J26!9Y#6?SLF;^E3BrnbP~X-`|G?nQxo{yoU{;aXd(%?=Ua=i4Hc
z<TCiLG7^G?L%lj_X_d1nsVO=9fl=~Y1aD?P!LGR;)TXN4JWv5)N}Ig31;&;P(ZXxq
zJi&f}<Eg6TPtirbrPF;*HnGtwn?}w>*?rgu9K>HhDlUWuU0*-9l3DL)i)L=fZh$F@
zUPLs9N%`s18<P>8F99ZwWQQesHs2S98mMNKX`n9;$3-=Cnx0WFcUQVM8$qi%N~^<q
z0cTpZe#)NBeybT@co)n0pO>nUeXM4eE9g{9e@!_G=PIoqh)R8nJ2>7Bd{cH6ND2?&
zO0?Mg7hU4AeM#X-8x~{WlOANRaGe=&B~2)&`(w=f5ytQL=mZ4RSDy>jD(F9HH6qkd
zK|vVr#`m9#lqYW#U6V>^5i*Ksp&X?%6(=WF4-OE01W1<Ja8PQfTmr}panR4uAf9!E
zP6t2qjvB)&(Tu@o2I7*LAK3t?Zs=hk?+Et#BtV5B=?y4?NZ=<)+|!4a>s7%I*q$wO
z=6E&cffC>{Jm{lpr6)*eQ*u!^3ns#{FC2`(7!*1dn>Q@f7Ew71aYydp>{xwN={xUv
zmRfK*zvJn_#71=f2stfn|425gP5*iN=~lBk8uXi3x;SwFi_~KNe5wKDHo1`dAAdy%
zxjmOiIq}PMKNjPQf$=|0a~hppp9@V7#GdM3<W10Qy?ghrK)DJQlwqvqM9AZ;u)iI>
z9NAHpt+!qCD_78e3W#F?P%lyS3Qns;!-y6MFD)LqX&<-Nn%U^3qf5b-m2mZVENX+(
zakIYL>P`FTtg5>w-(p|WbkRXm`BJ?ToD3b7&_JA+y#fMpH>YtilrSRpr=EkdtInT@
z@k0^k=F)fPM&o7RR-etD;YHiEiP%nJLOk4lyMfq`AD_zSCX`5pv;F8Cpczq7QIoxQ
zgPO;67kUdn?-1GBGc|v%*54Yv-5&%4aVZc(ie#G*tlsudiY;CqEdxeL2G|5Zls4yc
z3h(ZCqJRBq5+{AwFDR(#(p^D;1wby>PEM%3VEGzdI?tl>(TSemli6*0%gLZXASd(L
zAJGH-hNgRI^NAXmqD%E|JhSPq6FhIX(&|M3%0agmm9H*LH1-rC_w;h24veha0=lo9
z49@ggoSAsGS*o|XY%D8d6p{ZSncG>}eGbY~DYCm+fug_nZs^)3=Jhz{9ZCDl&phWY
zUSXFV2;|d$s-JTQRnOX@gaN48AHc5a-8QhVi8!H4Le7C`NoJvR+yU9JV;rARR`!>>
z1w0UEk%f|{@rTEHq3(Rr`aOVxg23`%Q+^~>k|77Lph!hd?g4nSuWf9o*~IEv98}vC
z)z)%y8PZ$vv_v0}f02ih&paO16AXaRaB#pcC?uj6I7uK-AS#~kyJ!>qlARoTp?sA4
zXa6D}9aJ1d3aeU+$@fq9yB5@J_{jPj>zN94Iev4GkDko-w*<GI9d-4#dvxm<?^lnu
zU<A>|9;U6;&Z6z&QGW`3d1}0m(`qYz>U!o#mF|sS{0asph>{Nl3CUNb2r!c>P#T6Y
zt;(_S`B#1sNYlmY+UCdfp;_|7##j6IpXisH9KYOrBFZt6$Bc@M3>M&c`pM_9Wk9tV
z!%YDtpk6>!)1BiYF2!N6vA%&$NcaOaPny2ii*Vj0ijc7{LqNl__-ZvF?hi>SeYHMU
z(LvA;=xoVtrlBkveWy<^<4M0$ev>En+I{!g;Qw`OZLPq72CDM9LgI5pdjoRCyuhvE
ze<s|Z`qn*#=fGrq=uz1r4{LOMaypLjb&$|sD-&(3L6K)e=nbn+X2qrJvis!4<^0Al
z2kcicm`DJ|$vFK-=++ek%m9VnO~4w0RIyQNw;_g{>+J}<U%R#ePFq_mC&MZ<IvNAO
z|GRN6j5E!Q#UK51(4dhHA*$C}0Vexd!1)BcbuiVaK-hEHP0uVMzi110k96%MvXHxb
z;}zN7vX(Zp*8sF9mksu|55K1QTMQhWAa#eW;iA_KGN42Q{VkDoq(D|4a4VTEj9wSX
z#jX7!BDMDR_P>cW3HI*K47{q`H1o9w{#XG<8UVXFG!f$oEM|)1#oDf~u0#m}w(Hbk
zk#;Gh#nG>r@Tp}}E7Z2T2UT-gy?jpY;V2+!z7mT3f19HD+h<|3hl7492Y};`w@cP&
z)<-$aO_iuX)i#T;fV0V>Sr>HuF@OBA)*L_{-$FTti-^kqwSg6!8ePq^cdXv>TOk%b
zX!G#UNP5$**##>B1{3qVa|#r@cE|dx=m=_zV_8|z!R0L{;ZI{j4i$<V0y26y-2i+g
z5*wT5u^jY2$|YI}{uFRcnax;A1G?^(b0PC7N&$K$QuAYLo_!h56B_^y&%L|({qaPv
zi$pUr&du`p*m~F4b_W3z*gCF@ueA9bV5`-r-@<-$0Rz!r`eBy9;#FG=$<fH}o-n%a
z5J%!keW|+fy}YHwpe_^}WsmgsOy>{pF5z)0Ar7LXSRtgJexH}0ZxAl{c{P&7D5qCK
zV&);HhjKR{yDYuzC)?Fqso2gjj!Ved$np#Rl`a<ao1GC|A$^7S#6QFhWdtf<nw(F%
zuL$aLc%~(D-`XI#4<C16SsGbb8Jw(?;j#%T6ivI{v#Q(^K!H?Maem?P5yrB>p$?oM
zW#tC{@(d0_C0ScM8DgWJaIkX{%?;gJ+t^@O?w>Mcy?p{RP+5GBCs?|qAtL;7mp<B2
zoT$iTG~r5r>xmMGj7R!Z0@eNu<;LUBfR4ooKmo9AqBENGxYuMZ4mB(Jjh0{Wegvw#
z&3Mq(*=p}NuM{H6I5=prn{?i50B}7avRxknFVE)jVhIW}x4Td_u`Q!lPiX^A{w1Fc
z>28E@4BmUE@%g-4L%+vw+@E&hc;j;Xtcp+$*lW|t#$5S^qs9I7#nb$|3Mxx<wLdYI
zD3H{q7g2qCmdf)VO&wh9`<YwGZvpn@(hb2MWD-Dt5C<5;;KPN#Q!bvDa}pw=qOU{}
z5M8tbE~VVN%b1Yc{cT9deH^RNU|h#o$5VLis4Rf6>`p7L)JR~8exRZv`^4YM#Hws0
zm-859JQgz%7b1rR`;=R)a-SE=sEU#q>lly~oE4m|vdBN0)l!`m44HZI>wwaQ%4qsr
z{dB@7S2T%^iAhQ@Y_S)rydBD{Uy8T4{D7L%drW*!vc{n4yb8dbnM!o8xDo&*L?KJ8
z<T`lloy}PJEP4{=HBXdar1_M-@f|{0Kx~V@l9y)NMa@@Ge^FP&ml3lOz7PWd?V%KA
zi6qb4k>v-qHodBGcYpyje(-qPsIiBdC*u#~)Cz@vle=K`*Ej?cv<1p)tjD$7Q=&3E
z29yOh`k1|5#<**`n9Tp8nR)*?Gk|p7hD_!H(0^k99*LL!#q-qOp6lZ#E$`Cu+WI<@
zAR2(pGF$e6SWV?fAVvp+_UBW0mWvgLM7q|=4W)0%jPv3pq@=ol&70&I9^8l7MetW0
zDqNkMW=QsnP3YQi&+7pz4)X^xxMQ)Pc+IZKE@6%x2T0oO9mg^$FGb+K`Couy9M-He
z;;?6E0V^S12n7a-XITax=UD+Ef!*V#nQ0Aq1TmlA_ORoyF;BG(1Hp%U0FNuQkkHrv
z-EWOuJ29;L*m~I9%&s|@_v;rDs4+SFQ|V0E15$o56Ng%4rcRk-+<miojfUs*R^3-g
zcH%+3mktUs2Vs1CKKlYC;l*ZkjN%tBjP>_~Pj&j5su9G?JRK6bzxl(8X02Z#VKOe!
z*`y+n1)+M=*SiC~nASx9wzew`Dh`gP<-ZR%6!fJ$hCn*F;ebQvVvi;|NnHu`LKJH*
ztxQK5h%|HLb2}zD0bcnT7LSgeNzyX765^ejlH!yKNoI?yWkZ_WM`9Zx`1XA%ThnB(
zB0as#QAk2owzpMl3fjpOg00QHC%g+l6RSPaZjeq7SO~Z&`KqZsP?{+#i=IQ*&c&gt
z7`zg1zMaPF7V4JHP`x)-6&CDDgP4Lf5I-!>6@dnvohi$Apw@(!aC+9a?LWg*Pw(O(
zl90Ci{Cw71Ss8#7F*u(BpI+bg-$D{3=BjQol$^Uv_Sd_O!^3Ou3^sHVSPW1iQaQu>
z`htSP!^90Yg;V%^1g|+-7CN2+g9~mIO$u_8#01e+b1Jn4F)<5l8Zd3PI$ITfo)@SI
z&V~yCV7E@yr+9IT)HTyNAQ=gW52B`vV+_J)y9^i^*G&6AEx`3txusL-KSTjI9fDtc
zpQ~(H>hapFyNvhh<^j+&mTpfR|Kv(ib?+?A=Vs>?cWHTv$>dsTule!z48xPf#&6s`
za8|!V(62m(hj&Rk*YA;qh2>XLvhi$#fu<vy=~<2b7Gu5fSla|~7<Sngd*fA1=r=XU
zd1(DM>H(B*+Lt|0nRcS@6ilJz(AXl7!Xl_nDQYA{L}D)IW_x@0cZ}yw*1TQo=dV60
z{qaS>a(wdz7@J1Th#w?mjfh-c<+u{dg2`+h7xX3DB)y|wG2f^rZBX^m@|yD--^uoI
zV5v6u+B~cifT3GB|B&pmnk`-QHQ7JNlcv$EMS3fBM@F?x>rOBPcHQkeBlICYTBz$N
zf|aK7)_$NyA>xiW6nB2{YjrCL3k#cmy1U;OA4fz5vo^IRHxU4gjWWIl4`A^ojlKPW
zbC7LNKK&dJbfy6z202npZe6wMI&96Bm6av7x-b%Q*sL($rM<FkeFdh4d1cPSOd^3h
z-kfJhHTZ4M_dKll$O|>&Y})%v6?`bfyyn%%8{*&!$3oB5RIaLg37>2Zo8^x2Y-;<*
zR5bbi*rX%`@X!ovM~5H0&-Z6ByYCs^Us4i!!3@vdZOn74f#-Kp!C>&{nT^u5N8h$J
zbUK&Eo2V#M`MhsT0Af9sS=I%S6)@T8S2Q`>47uA2|5m75hrLke@h(>Q<3MTH5Rtfo
z!uwL4Cfeb_#e7v4&+9D?TPM4yx5Z-F9koYX$*N<^!^k9~X(+O&%imdnOgG`WqgMe#
zU061aH@0yO8qUaxYk=GME=VKqo7tY7Waw7K`&axQU}~fWU-b!a&!2U(O~V#lj<cK@
zmT5Moi&SgOKFl_MpQAJzzmW>p8STXvpJCD<59WFSTVfEG3gF%1BDGnCHsuFRxkzS@
ze@WJB4fQDywA#1}i@&h6pFM0Foh^gJh#gN1Ls*sEk5+xeqfEt1OpX@V04k}$baq?x
z_TfRoWm!RSl70jc7vlo+=J-HZb5v)Ulm?pBQcmC^LG<w~fA21_*lf0x?f!BClB!jw
zhj@L+%*Ut{sNplKmaEV?J#dM<qH~WvNzBW{hhwZ_I+XOlLdJ|v;(7ay#S#~~=e;ya
z{*W!JkHFLNI-oE?w0Ij8b>B+AHON&P=eSs_Jz-$+@~H|5e~$6uxS~{cTb2FWgP@3^
zWV2xU&6wmi9P=ATiX3CN+p$OZ;>^rgxzb{5gjcL@e`o2+s@icm{)w$?yyRe}l(Ob|
z+?2Iv*_58OR|)<tl`LV{D|aGx^+&-}$;6P9mKG1M5})f%u;l3pwXn_T%3OIB$kRts
zb>pnBQ~4cq@Rvr2)icKjrCdI903(<bNC<PR*}FLJGJR_22{a(v1*`ikWyaD;^ja3O
zHyAvy?_T`zP6~Buv-vx+>~ZAHIFIMtCQo}onwDtR5tmw3b?kvHiXKHJhBp$ls>T9E
z(WSfQaN`YKt-%0fV?jYYLJYs`r?Wjw_TWBrbfSKZ{gVm*j+Q|hrhK47T3$qc<qdyR
z?x6SY6~!5!{a;9r`o{Kpibl%CYQzQ*Z>gk-)q&W9+x_HjT;_A4Uw9mN(JL=<3qiDP
zChSt^qUgv6vt3dpx_~<-U_RQfN&d<_z5+>dKGMi^DYI5+AOLa~Z5{^M>Xd{Sni5Ef
zg?QD0a*;fiwRP!)i?hHICud`0!@fCw3vaH>+N8iOr}znFQ)S|0=dO&*yBUr?GASPp
z-{WKB8E)%R6@TY#ObYev)p`A?zRX+eah%)r3w1PlB#eBl8Wr%gTvy=L7;n{GHBG2m
ztv;4Q$r2G2ISVx%oyI+%*<z0?Q#?IF?Az%g<*1qA6{F6vRl%p6t5-pdD}k83OUx-8
zdcEsj==ep`%Y4vOjM98f{-dhu%AY-efs-rwWBuH5dFg1mP)T(1EhR$UM)q(0JH;~y
z*~Sc+`tdSiytL2wM(l{`)jHzD$>RcqWB#diNlW|e?9fcX^qZt)&(xj+{YbypMPBQk
z>2UeJ@qNX<{eV=-mDe)``M2~P?rNKWR#*pu=L)-zwMPKat^ctrsZ}bzOkM4>4W%K<
zOtwX%)e;jMIKbdcMg+-UR7%Xf@i3@$=cD#e>0<R+)x^e;&k1wWO2(V}LL`9059LIx
zad3OJv@$6%sD&*~2O~o$Yqe&JdAW`_r|mxCr(6D_^{ySaIZz4KarSrT%CsO_OoaK=
z`kJ;y0hpjqtozBnmdmvmK6q1-i5E9APwg~;lfH(tgR35G?ni<0R+UA`AGe2+=u%S@
z6cm^ZwyD3?>Q$>~;>wVq<3&ACrRUAP?=01tmPJc-vilwyR)k20f7#9J@|-2zD_5xR
zRuCiU>fyGg9FR9S-!i2kKz@=f9w**%adp#U8=yBjn${Mqm~YQt{}w%Jty+@I$bap?
zrg2L+$k{5hulZfv@86+{)Y7sh@+BHrg=TFup|=2pO*K2nAjPp1$Dm8$!N<UWOz^y<
zpM}%~v;6Wd%X;&qxZyRIr;<qvDbajk7w`@U>6&X670@>?!X93Yn}5FxD6pJ4;++6t
z(bD|nYV5oQ4Hp;8r120N{yc9JfUc3UIheD>N`}-jCblx8VPewM=mTfqV1@v05#?wx
z!{+38!lcpd0L5}8smbr9G6n@D(me3Zazjami1>j8o@Sl3-laP+Oz*ntV4tlTFYXNd
zOo2QW5l?M=%O@aZO=Fe8cVc5>8@9aYGiUoF=@M+o$5r3ZwC0l?sJAfn&NWYPIi(dj
zQQ2ZfvL*}gEJw#2a(UIQ+HGs!In<Nby;dxJdg*zdXCQWi8aIGI!qxV~uR;2o`C@G@
zJ*zdO0WO)trp|0pyXiSLFVfb@spE%>7(vNoiKe&`dx6;qzoj!^S<MHMl9B=e3az4H
z-e$Q`FM;2QT%*?9`uwWaN;AtC`AMW5h;!pwo;wl4nY|W7kVu$u=?H?}ju!s?A@adE
zBIf|$)H?$1@k+AgXirD#<tMazH#ZIEq2~d|>1wl%3yc$GYhZAP`^h8zIZ$emok6Zi
z208n@NV&*=1oj2CY`Na-+7;%fZ(;OGtk{?optrjLh@`EO_vndO7rV^XD~%KkqY3B4
zyq_OxObWG|U>lv?)HP~Z73$ZJx589Q$&L%J7J8_p)4Bk412aI<6j<V3Ehqi`D`Mu3
zqHR%7gI1Hrs3i?EmeCH{(@KksB(16KZ+v!A;L5Zn8icAR<ad`uunL?-%X?c)3E1jh
zO`Kgt#Yv{80I*fsx#c3tlUuDz*|CDaAU!|-O2YGV)5Lkr0ms>H1@By~&CUD!>lxi-
zAb}w8v8=YDL;v{}m&cuR1&?Q9b1A*Gl|O;Stoag8R8({@59`9#rR&y?g4tsG!SwR*
zGyBnJ4iv&ERO7ii7Z+&Qf&6TT(^bxH3Tb9cY+V4?TE7q1R6v#j9}@wjo%T|r7aU#g
z`>XxwIPVnD_sKXb<3W5&Tl;$ZD{lRCH32Rp5`J7K^Zid5;()BA;^dp4#-F>jQmd%A
zq`-G4!(a9yNkv2xNXVv^Qv2c7)+Sc@y*zH(!w>4B5)y)a+Z6y-o^h&1&#}zs`cNFK
z+Sr%GW_dT*3R<jGc2Kv<1=MJzdS0x|pF@~32u!yb1D*hTLD1s9E9O!npH0V~enU2r
zGAWI&z*YUb*k>iSXcpZ-t}EBxzVi^A*LN>KMNMt6|FAI(yR#XC>B;Yd{u?8Db#E`^
zC7ci?SHbTY%RN)PPKMLvnVdYEm@FfPv9t4!R5T`3dj&?m-C34*gfxyS4ifPk4xp(N
zx~r7S&o$VRov{(CZ*0iYS=OlB!Gx6-PWRDyxihQ5PvNvv(a@>96mRBvwgP>r!oklL
z3;)CEy^i!A<2`_)1@92>eN5gtOFoJ3zy7?IIzI8Ji~+eL>1pFpc0Yo&z>S}6u>%q!
zKY-=9x&Hb(^{S;SAdpg-ifCgt@@^7QiS|SO{EZnWm>T5ywERBI3mg(`Sz|uT?a8^p
z2k#GJWR&&1KSN64azVGNIHOT5MFL2Z=n<&?e%iSji?V)u^Qq#{)$d-z(|@Mh60}Am
z>+0%Qt;A;<TqSBd+U@lhuTwc)Z{b;3Sij1!@-4@ab$$F%&}RxLv4F+_?!Wm~Uy+d0
z7S~@07+q3ESqPUea#?Cs<K)qN6A7RSiB6OK_U-S_usluH#PuBe&J^`Y!&xH<35f*u
zEuwk1`BOW4NrY{$vvAh#xmqHg@j_wE`o=~;=%zo>WMF%Ct}OB+sB3hTWOS;G;tDb)
zo1aJWB_Gf!?#8Q6Ca^tsIgIjCNOwhfy@1M3+Q|S<2?b)Z?E3=5c&H$zm#X=CuN~r2
zoi@MAYDWN45lPixL++UxTc2dy%&tWxVTVWF--9J1<TJ+&1QXgg{Z;+KQD^*}_K8ir
z8{z&SoyEw1ym;?o;yl&E1wD;xcexcRXuLvL^G6IVG9V|@^}Htow7wMKCTs1hYL1iG
z0s8&tcaJvA&O`81D3dVt2wQ^#d7^!d57!SQnrEW|c|l>N%0;kmp(G^^O0}#s6)|6i
zTJ_Z*AHC=UTZ%U-e%9Cz#a`W%wwO-basd<UBcSVfcSk?3C8kk=ZC-;9Kq|&y(V>*4
zLUm(|aUe7xtQ>pkh-ocz=AaYEh-pi#aayRhCPR$yd1)a4aKPoJeeN|6507jBcE0RQ
zRDW)`h%cvEO!4FMa15-AkAHkPtKzi^D=S0ApDGJ`0f^nHOUEAoNZ{$V><bUXOQw&H
zRh3s&1Fd!!>~STLs3E24Jd$-XTm*2Lv_M(~U|HWUJyo~@%R;h(F{r7&0;;s7zsGzJ
z<5X1*rnEjjj;1fa<+%Vja&(x-_M)*_R#rt<9wdf?o~814$?bx9r^{?Yf~#6Vbbb|M
zViVBx+#U|v46|2Q&lJDIXD^^G@i}eF76ZhqF^W;>QEKJ3=smxP-^EJ41L(u-1tLJ)
zy1Az~^fc$X5JVqve-rJUU#eAg6j+&_4nAzgz{E7wv)cP^*~s1}4H>YQwaFB_q67K*
zJw1GHKWH&}LksZr&Ywr+W}L3#N_fufo7feY7L2x&22#@an%a98rLMJTKhDAcLLb*!
zLB7M$Vy;PZ(Qk?D1fNa5#aJ886k-K(CsHIB%NI@Gt{0u4U5%Y;NQ$)apA#(jllED^
zHKB%oyHI0B3DX;fQ}(Jj5iC^tf(EUGQW6YES@5j#0e&4-N@aa-l5_qda7RTD4Goi!
z^e3;>il+fck^pJjumIrnR`B`NH27V2Y2xT7M<1THR3RJLc&|3=4Zr~GHo%(3aK+aK
zB>llI+3cpur%X}#JB#Sk4#<+wNYY6k&ZbSPT_11XZTnmiIcp|-YrZLJq(TH>@srj7
z*ZaBJ*6_g8{*CqZlE9W~t%y~#uSINLL3AwS?**POKTaTD$2zGV0V2(W=Z@aFD{yH;
zY3@Y~>8_6qy;Bm0xSk#e%YlWpN6_HmI`#H`krDv73J;sGMA7Ze&R$_qwaaA|Qq3x&
zE}o=oIg^O(xTv%UE)pNV+(93qZ$k#z(Ty~r!C_%tbr6Q$9bHd@>K7mgRwvQY6yKRP
zFNU~P8!k5rob8$D;(6)#mf8#koWg&5`Hu3uqPH}9nI#DKY%%*QIkAU7r1$pSq}}6R
zGt+N`CSrlGK`11>w=Q|)EaVfrPG3|pc*=cj%(!^T-xtkpTK^Ct&pHGYn<0fHLp@J$
z=wgaIIXOA&fBQcJ5Ol<RDIykKY`nEI6`-ZNJ7;4*x;cKbRiFIp^?<6eEEXMrE+H);
zCHr|%)gHhBSGP+RD`!RJr>^3c>ak9w(?Y6Qm#_0iy45RTbAX&}uGOGUdv>`samT3Z
z4ah1}Wl)?EEEU}Q_r_%XG7-?xOGn3M1FY4~G2gcoUX0l?g7n@>-DEYMz{B+3Op0D+
z>rPBU0XvPxk%871#r)AV9|Nkj`VjA`<l5uN@b3gqW9Moh^=gg97qQBh76Et6fVy7U
zPQQSlaDJ(dWgbqP@xtAlPp~2^Qkh@E&12EiBMq<Dr=$D>pyUT2B=My>aEG@+sU(s?
z&}2D|W`Db>SC3n4lk?N$3NUYtJ9y1lr(LLI7+EQ_<38$Qms*$B+ik?js|`xgQBwni
zIxKKB;K8oJLGrc8KQ5j(&kB?(c)c}RumNy<a3h-)TZ<bvR|;<Zx}+%>T*tp}VQLBk
z6n`u=yY=oj0t^Fui5B`kE1UI7YxIHff{2J)ckd{{me9cJ{?%ebT3|nZtmM!A=^|2Y
zZa_y}3ls3TzP}whkcpM4K#PukCpXjGmBjDm{`KOLn8$9xlwYTPTb-P6V7MD*`j2u4
zfDWVKn8=n`9;33iLvR3O+E1+LKsM333!?Hhk<^oA2kOHIs`Vqglbw6q!>z-^UrB6#
zNGTckI65j$shI;svmVE5ET|oi=U_p$cMHh$kNXdA`LnVLjfe4ZIgFtvCMKAVQ)ywm
zI03;q7dZ{IXOk_lQlbILw<PYt{k{trbn>J47dS4PV>lXZZg{}_bh2ZV_?#=EJaA&K
zi1d_yjd@wX9rCGucDaB`i8Oj4;DQE~8@e6CiID;lbQ-J0>fb^e0dVN-(yGShzNww!
zBHn?$X?%?tj(b1|C5q!}3T=-`h^WhAp!R`|b2ynJmfJ=k)a_R=oIH%Di0CYESb(5%
z;*d89=%A?I+82uh4&2c&Q|UF7s5=~Do0Vn&SEd<Cxl(UE9L47eFj$i`MfxQI!&oe)
zoRga?2o$$4wv{sOcF|63dtEyTlDq|qLrQP&J%n==$bdx0<%GXI_T#LBvd+wv_ZmXv
z9R~4eT2nB9OK;zKTN;Uz^may1;Nt!(8jwuu#3DtU?%3oaupmU_FJz|wr`M0Q{8@x&
z@qFz@Z>r*N(2>suE4GML8bb6c%csdFWSw`fP~l9fF#Z|4PD086-Rm!HNy*H_a{Eu~
zANg?5`5TiLQP!7!Wo`VMEq(ozN(vN30NLxOTW}V$sol(K*q;AB6|tpH*i<2W`@c`I
zV7j@~uq}P*Ti2N3E;zY$<dMRWLS738l(Z5XXBf=&6wnYG@66ABGjMME_<y9!j1v4;
zs~}l<INK#k_7(e^D}7o`1Z)Sh4~CW=%CG;vEE0zmtI_Xo)~NB=X<%$?XlkhT;k8m=
zfT+u2zZ0AMqV2lE^{2S9cc7S*pS;|k3^^_+Ni0nNx7~Zf0F?|B(lk>EeKda~4O@-3
zhsK5{X0hpWWN`Kle8<ii0qC(D?Sh21e(MGS#T>xZ9Rd280j(rSqx5OaI7cu#&eDC@
zv&4&@c#T=tJd)w3SZoos@PDNeTromhZ)1z{=VveK9<;~~i%jx)Q6px|@nLcmbzavM
zxMIKfPrQ@Fak(h_%)3A@8<2g)A6{(sum4%i*>VkE<dRM@drwW1c@ZOKT0uVtxXPTR
z|8?X;MI0Z(MltHo@GiLCiaX)D$oqeb9!%I1co^kFQHnj>VNa;BVJfRIE8QUY?>jMd
zhyBENiVtd+e>jQaRt{f$!*mAzn}e*r*29id(;>2sC@cSe4Ha<e^+XwX$iGezdDdHb
z#|g920E%eNfBnW1AL4dzK!|uG{ok{L4?~KqLdp>V6#pB2EHo0B3n>CA{NJ0Ee#cxQ
z8M@fg?~&mCH}G$6$v+WX#?}k|{ChyeFiN{4s^<Tmj-ApFPyT;x$@dS5vBUKKzU=@c
zp1_qD?SfZm8(8*se?yH^0O?;3=}Hp>?Yqov9X)?zXF54X{nsk?E=#aMm$Za=q8T$M
z_jLeT$JoEh5)l|t5@I48$8#!P>{gK^S!rb_o0QCdyDb>uH-9u{t1XpkeZ;7xt>ZU)
zXUin&fA6p-?A?t0J!Z&;YC*V_PHaK&-{6^;MyP(W-C?C|u;39oq$l9v|9Ah?-qDr*
zxF*6)Zlmviul=bzUg$>eD%Qd5B9TbK`foH?MqHz;-EKdW;bu7T+sJ0v|D95KJ!9@F
z%!qQ8gg$?Rk@uB*QNg(XYnO(Jg!l;cYj@2Ib39u_9t8BiDaWGR{`{>YsJ8P9Lc}$-
zfw%8}Q~!Q0-Ye9gB>SzcrKzFSe|r;4G_LBK9y}O^8ctgI|N84{Z|F)dgW1jS4&%R$
z!A6W~z~HPL7Tf*5@7WYPu^Nlp(kGJqw-iw+NAm^s)u+|WoEqMB#a91q-SxljJ+uWP
zYD^C`WSrR1!QcM%WK)ik`lI^0h#3L+{~M&8q2^3QT4JcMgEC?VGk7I6!A11HmnX*L
zbA4!ol6i*vLpZciVB%txZF=eZYNLW_NP;V0s<1TG_7mPkxS<^;VEu0$`l2oM8^*F$
zw5CODtB;80W1GWngZ|qH-M@(Nx~~rvJp*J*lm0B^+<H6zH#;#{d&R%o;L;g5xm|at
z!ahzwQ2radI#p$G*G9<Q+c0|v<$zVwho<jv{~ZQ8iNnD!qMT$&Q7+QTVGtA1e=T*R
zSA{7jc8qt_gg>tS*CCn;vM$c7nemEY<qJkvuGXIM^@`8(|1GazWuyeI>W~7~H;9-w
z#hu>aOW;~;DN)W=VpUtapRhQhRl~n#-Nd0uHybe-4hy{;hWHVoVuhs)h*>8xwLf}t
zn=~Fa=*~QcjBYayTzJ))u0TIOdr#QQ$rTDITi1;o0djtc343#M{G{qbOI18wA7+AK
z9arMlI?m%|iO&@#5Fak?f9IcW?VRl39XTm>1@B&c-XHd$p5L*bAcPZ;-G*arolm|L
zw4O*^#Gv|m&c&Li8_1Aw7*6uQ0GIPQ(tmp|QO^LIR^bWlf?9W;kdT30kwIO3%=pcl
z=K>ANsa-dqzO>qOrXCbgaGSvHMwrC^QheCZbVK}oYVibX?B9ILSLl;%#QfcRcVW$q
zLP0L6(MiZ-Uobx_7LJ<&7FTFSI)=ajg{iT8I0OVitxynuG0n>7p4aWrrvnou75dC(
zejH#h{(^M=t*N$Ts1;i!8{f0J`TXR2Xvnpd#(HW6h2dy!Uf$aDb5~SSlFAqHf6Lab
zKx|CZD>E2%b6(L?VYoL|inX+)m1|VP4Yh_YKT!#Q09V)+L`U*~-5pB)NMiamd;I(A
z*m!V=o5KH^P<oulBpj|?W6-DN5-=jc+yP2hZarq(Dt8*4&C}C^lyYJbX~VY!=zU3d
zgVNuNq8mU`0}nV(FqiyZM=pP6Om#5_8Lco4%1@c)#6G%7&42s&^b59Iz4?;*v3{Q;
zIO{p!;?%Y`jB(RDGNpW9c??+n+lRZ&#^OhsSsg%pd+Ri<&&kzq0#3Zxd;93JDH1X0
z<m4n+MKzkK5i8liEA(o<=w=YSuKORL91nRTu(9rC7xj96{YDMNAW8R)HW`5em1?y_
zB<W4(&OYDFd?(~|oI3XUMks*52x$5Med4?$CXfuj>ci(;@-^qUUj~P1bA|k_1Q>tD
z$LAm3VF^5iA`{fjYp?ivx137Wq0kU0h|R>PVT%6k?lu^0ePOzpgb@okG#tiBtT_e>
zS@kC_x!8}Y^q#nHj}P1wPQydo{NtNijBhGl4M0@(W|v`j_qP#q!lMyiN@}2z6_61d
z4FYwNzlj-j@4^n*JmC7zY#q8t+8BC$XWhwizL{k=paE30T(-ONV~rj1KrAxtsl9{6
z^tp|EqhsV@gLc!++QCWOqH;uhKAgAa6(3dWX9S>va6pJ6<G^A6;2<DvnMZFl0=Yo9
zF7EJZgL)LeM1+8!T!l=pCKaGaZ6VKVG~xb}mbP}z5un~NoBh{Ud7bjl*_<CHFqgHI
zNCP%7m%)RLhXLz=vVtV8G%n8N#RH9&w(#FxGTWFU?C^UtcQ>m6WTd7}+Od)_s;cpC
z893@%A2*?<N|m**mjK4?Y^8eMITk~u1>t$Vl~|AM4_*sZXjbtZ6X^EV)nIGlX8}N5
zT`n<Ny!dLA#FcR9EqyI|_@u}U5AaES*Ed@nQit5$uZup=(wQI_I??w>B_LZqf0X=k
z8$sw=(C)QtvHl12yu-`kJfr6E%zUk&y|K?FKQHf+(dbWc5xt(Ei?K>CSyqc_tP|Pv
zfD0VPMW-P*WowxRZk~;chR<W$x!9FE6aY{e&e01jy8oz2$Napy2Eb5BsXqRqV&KUZ
zjCM91%OMK<g$t&ZO_MwTN><8t4wAFXtI2DvAPgUGy0@i&-D?})j4YlP3Xi0={iv^Z
zZGu3(9ty0t^OccLP@4%fIl+BF_~PT83TOJ}aw#OLPsY_NS(G1*25XUiD`sk`^S&H@
zuH3mM;`JZlgZ(~utqr8M;tG-o&W8(Oe!{)qpGY(<xwo6?IH&<;c8{XTcC($m+G0`R
zTEo(kP{+%QlU3v4+3k978Ve{8lp4ejht+mR`kO`K9W(skdVdI0eXs;~L-IpvRQZn@
zF<+x|WZaHVi--zOp+X^(;dkAt2NgQ#YU^pO>!o;IhT4PMSIggL_p9owoy;`N^3?xn
z0jML4bZs|x%;kZ}2N=?FgIS&IEAs3tqc<=hF_gL`EvJ#7lfgKQ_wSjl{qOwDw?{OC
z0rpm%YrXj+M?O;iBGcv3&Bw@?7)uwolZaRj>L>k<8+h<9mWEQXkNTaPV8c<TqXl_)
z!uUwvjr@@T9iJ8(*{X-*+5DhlvGcVqan5+zn%Y;75+g2Ys@v;%w4rv%PyAp=f@yNn
z`Z84dFlgg55C;^f@_v;WW^#LJPM;~Ra_7Yl@7d>eQ!dSxPCrL!bhNaXWe4V||K0$Q
zfo;rQ5inRg9Q81$M^7Ud4fg4zzf9j$8tLkiG>_eKMH?Zzx71m>-N^zV=f9%gbJ?@u
z4{i@5^v+|y*${@t?SiR@v1E@Ht6A|2FBZE$4wb%YBfjAZyr+vj{@92A!DJ;Kf?slQ
zcxX5ke+(3;Y~Lqb{8?I>D?ekb=j6)N>vD&ur68$sydLU*1sy->v>Gd_hgY(7NCS0;
z8P6@l#U(r2+f;mj&@ZmVd22y>$p<as92RQl7ts?H3Q_DRH6C!pfW$m^Yif$Mcrnst
z*z?~4I-mD*+B2~Qbx>(wjs<7m(Ua`h(XWUh5s+%4fP*^&;3uWY-+alQUhg}LHeFGI
z)KzHiTvG)Y3|nUV{h2n;c7t^wFB=%9mB(a$h=!RspAgl}7<afo1;D8|Mjc<7vgQbC
z*^S~jRmQ~_e1Iu%bve{@CQ_WCsSJD~YkOFu_GIz+Q%$InP3I2<b$TlQ>vD<5U^8GH
zSEm189ugDF4}*>t)*kbl&c{c<OprAh&ypZgq^;%HFBj?eZ#~5*QU5|gySGq}6-HgM
z*mV~-7tstJuJze&lVSk2Tz`1iSYt5&Y`188yJ|Px((GS^7sStM4-|ANG}L@MfKJ!R
zA}(v=W0`PC?W4F-h5nruNdQe~<rq8&*p(fZH@$;mSzabX@XaqBy^RKr&OI05_yYsC
z#!+4uGOqznl)>HIeUg_n84SlV)aNeigoTOCs#+Txf{U#!Yw^56wx_fleDRCSarTDg
zR+<M$ADP%F7Z1;1(&q*9sbDf7K=!~;6Te~}DzYaM&BhvcS=GGtxF|b48|T17hCl5+
zKf(DvmTW+8P4e(TrPlLBkaMOKVmZsK)#N?7d12uL`H>l*8y&aUJoR<}RlrZ|<N9#s
zlTpB93b)sYsU-G4f7mR-?6SsKw}>P5hq_{ZJEn>P6v|#^*_>9@lpb;wnip}TYp<rR
z9<YfE8xD+mV5XmcM_*=3xgjD3;LTd0RyyMZR66?mCEQzemXiQ>$aU!M@?+JaPOG~%
zdx`jFm$=%+B5V-h?7C4Alj|1}npjDYZ*(*Q@TWJhioA8e{4I_BGf(#aAA4^ZmE{(8
z3qOj0bSTm-NOw0#C`xyWbhmU%NJ=B!9U|Q&-Q6wS-EbDT_xHZ<81FaEIb)nZXN=?6
zf80LLUC+ALnrmKj&T9z;dFsu>q_?WBUYCn|S&_-zoD|2)oIkDU^=ThwyvG`HX4Ok3
z=e>-_<MMKIv!b%iY;GAk*H;{PmRMa-`QjVjIo)=T;r=?EQ(wLA$*rTB7y>qM?G3g4
zPhj!WWpyk*+wd}(F#nwRqnd0Wp`J*sNSf`pc1L7VQTrW~pWZPG^4<b2yZNkdWu=?#
zY-f&Nm2F!^v&#dz@`tB(wCt^1%WBKk*ggQyutzGXeR=nAWQR)UG{8dl7OB?WQRNk0
zDatR>=TD6%3e1l;($@YcR68!+v{A?Mm?86BJNWKgQbx2d1Adglajou<EvBe5+8fYe
z4W`($D517M$5*k)tzt=|&`mfpPe`w3&~?O$JcarAP!y3xrD%WGc3E%|a8_IhHzpt)
zoWCv4i_#k~o3Cr#vyP^T@Cz&uv_{O#$mouK6LO#2#)Las>@CiQh#aA`y5^I3zXQ0=
zo@@@ZXHNnfZxJ)Sp9YUB<ujuKmxS8+2q$yUcuy{n4W+Bj{35=h6b41^!}YaY<Qc+;
z^J5_DC#y?vhL406U%2c{!M1@q@CO@)u4{nN!$1g&v-zlh^RHDi_j^(`w=6faGN+Q<
zuA?}1v#%KZG~d_!%U*+dfVxNV&a2RUH<EY#&!4XgiuAsvr4d6{guPcEE7WTh?SgP`
zv)WwiMt@-|(q6+*N7Jyxtuxg^YsK$3R_V=1mKHx;iHslxJa(4l8kwtQnTa&s(;(Qk
zYTHYy@bK`y0<)>J#QTToyWk1E6pE4Kol+n%4x$G2^QR40pV|20*q#jV$zcLKjy2ne
z@^Fp?nhWJ|%)xN5Fw#pTpJIdMm&Un&Vgfcl+Eu4)?+zFOKUa|FzlAw%%{rwX0)W$~
zY<#f^a<V`1Vur1#`DTDmsJ@1E=%<^R%lTOLtI*YrZzF*7{x)<Bc<!Y%y|V_^$CoT)
zr(1wrk!}l{DmgzS;Ho2YqT)1A)O(pm<IpCg=h|&kYU5PgzzBFff^ZIfM<*C5$)MfM
zW_;)pXL>5OK{7*){kGw+-ZxS@OZx_H4RLie?8QjfjL2&D>cLEz-kIy5w$?TqI^R+D
z<LD>5_K}!q`Y*)-Y2@VoAIJijN4?O?e@5ja25?nNw%F^=L+ZZm0~@G~%L~tkv3(?q
zw)s`L6PX!PLSa|I1%$2CovsN?S%do6839Ma$`J^PSUgK~euVOG)ROqNnN6p!D#v~S
zk>@B1U%P#vdzsM!fJK_ahUFV0?q6j%wr5jmVH(Ck8AJYrv~F}sA)%J2IJ5UN6-z*x
zza4G`@G@^IhOSoHxpy0zJ$cY$s?CKwzGvcx-Q;VWd#+SFw8a@NzsKbttg){|h71Rz
z6JojdsdaTXvJVfAj)Z-z_4KxT6K*;6-I)l%+lb?X0jUDTA{a#MU^Dmq=6P>FU?(sf
zX*kYPch=Q4+)?ExW`w(iY4Eu)?Ks-23OhJFVp6pq{K*)5+vOrG$_vbfPBoEVzY2qd
z0sd*bE$>i%HNz1r7PFfK8W&$N;ic~K_%HRCkH6=Q^^7`eGF$%(FFz?GMuX;|Bz97q
z!u_2+i;gqh09oS2DVS542AAjN3k`lia7sc+mN^)$HVL*XDL|A5Y}ya}?^Pc+fN7Pr
z3BlWLk-;q2%>@HLFX@qk-U56gADi*UfG|eL!_`a>+WWrT<b_S(IQy4(ata+~_I=rl
zIjl~;&0zuFU>|faV|?40*F{O`kg728l;`34NSN9<IG&!J&Qeb`Gy1s#rgn@{Mlkkh
zUU}-M9S{jX{0Mki!LEJ*_%n;w-9NyP9?e(#@PJzb@dhWN9)F4Ao9%Vwsy{1$n`-O%
zbKc$w)5d9iBVV$EApY?65Sd6DUA|`>X*Y+cKh~Dke8*`uzw@5A-R#3}7(N_;!T{bz
z5e;E%DHr|<;vYbQsbrAQXbCMTDGqA5ruWxcvvsbODJX%DpOtzph=Dtuq$9HF{;^T_
zAnv;vYhhW^UYKa2{;~NZkKk|pcJt3u2r3h<hQ5UpWj72V22GGiocE9<v>a}%#f?$D
z!*&NztV3iVK37(5USe0o!-4&CJSL;x2S{04^>UXmbG%9peZ*k?oo+tFFIMjv|7_>v
z`7DwCrT@b71(?1WTFi{Mbet{5ZcD|M{KJKLtLwk;6UHr^Qi9j9Ugr5X=OqlkxrAX&
z^YMwN-6$UYlHnWU2p~I1Cwur`X)P4j@?Ijce1v@Qd5?4lT9`-$bO#AR``;VF>n;k?
zbt6hh^J4wyh|p;p&%|NG9uG+Ji(;aAC>m!vEh7E#^Et17lBNIbNJ<KBW@IP)u~Z>M
z*G>HR(Qew-kIOj;au<_!wrmBxS^toUJ|DFMGye^xag?B$E~Ll)8>HhOP(C}MrHT^b
zQy3EY_c1Y02&zyHnBZ}yQ9VqvXc(fsR24ldi^^Uk|B#)6y)+e{2>-pfPT$4OXOa&C
zL0GpJO(oZmB~~x^FRdmc6B%mf^6!atWs+bz(quLt2aPZp26Ld9^2%TOQTUY#atIzK
zh@}C4I_uEG!Q|Cm^3}!b@v!p08EcgzLM0S@Ze}nZuPIEWm;9_-!BUs*k%>%O4*DVH
z=e_cmgInbk3tfn73{%wG^D(Dq7aQwdJz!X)bes8!iz6ZGM)0_fg8M=zH^FPoQxd+d
z8CzUh@*RZNJFt!yy>wN7Jn4!1*&a7tKspN4h0QEJJ|&3=8k&f_{7%WaW;oD6;sleC
zmynC<gpz&HDPR;$ZzoVQEqUEgAsk#!O%;G7jg}GPU3(tty*kbvV&d_A{o3uwsg|3Y
zyE6E8uD2hxp3D{|#GI}_%?OtJ+JzGF@vdZ+WR>T=Sc((4pgMXcguX{-NgEW)E+xAc
z$Cab~9ST%+uL<;ww-9;BAhUtBL|o*29p|{^O1(*>GP%OV?s;G7EXHh@U*?iy#QuGj
z%CglGYj5o4eh8C(DS4U_ZiqZYOi)BR(ailC26;bBhilF?dMznm*n(tNM3n4RSBVWC
zhDVGH<JH9Dn?RCALf_F;@^%}>l5*|24+;LvIo{Zh_VH<)W`*wNiH;Y0Z5m-ky#gos
z%Cqo}{@nJhM|r&#WVuloajdzaRDw|;Z3<Sz7-w%DrLBCs((15Vf#N0hs~N@fqD01v
zh<S(ye`wP08xd-nX!ccJSZD5?J2P6y;_0@s%jEjVQ#v#ZMYje%<?_!@Ad6k4?+|Zn
zBikyMb~imwO`;(X5>l<Sg_NaN3otUTz;}BS*a*n#c`SE+8x^SEnh0WcnIh;*2$ma1
zJ%NC_WycR2OoS@o=&=%w4=1~0NQd9v#~#iJ@wnk=4vGxtQY5LJETni5mxo-w9sl)S
z1CQ5H(nRo-YLz%jJXLnn?c4A|@#`8}V;GZaM5-w9i-Eo=xYb)%>1=&H)B9VBaM|Ay
zvYF`AbrTI}75kUWQVr6AIdaTc5e?YT&dyeEgqp{^2J5$L-@Sj|>_zDI`&;9Hs;)CK
z^4WLYBq2#;3$YFnaP6NA3<3xJLJ?{xe1ygiOG`?+$W~{1=Eq;n&lC86`zCU-J?TZ)
z?;f6>?rlk@(v#^}7QAyEtWGx&VK(UQ9VP6=)WG-dgWRHua7I5%y03cxRn*fb5W>0z
zwEF~3Kftp6F<_+amt3)^XjMC6pOGzCwGP5#!$N;2J==#gLLS=Y!E^D1n*DyvCXnXC
zx5_sH&T3saWBKp{=tYxt$3L5?6>`;)6KB|7W<^BE9WLu37U;@4)YJ-)N3_h8ayZ#r
z1SYfZU=(uaNEvW&Osei6yezXfo@nZ|XdH@fA0K}Oo<?v$?fFVJEACOQ?q#<4ssK$K
zJ3eG^Z!W1*TGh!?&Iy-Rg9o-Dv(9Ss2qP$-r#2<<t*}M)(p%URxsD2dsdoYsp)gw?
zSN8VE<LESJB@DQnxF@G(-~<^VlQWpT$M^%ZR|7rS#_y>i&necSlEVpL3W>tr4HmU=
zx12O$S}gk|yS1)qxPM-;fGs&$UpUyZ<AF4_O`)+;#b6GP7ivC{loVN?U^A)4i)iS&
z)1w7iWqukpAA(!ow1FmV<q~83G@V}yFY0YCRRv!%4=5DLr=|o7K&J>>O?c5gMZ+M`
z>yGYX?aS)pPLa=bcL@p(Y~3tfKdw>M^_`sLn61X7`nZ2{E8rRFz5Yt(4t3tjrSk2I
z0_A$r2@F-1T<B```sw4CAr2?mSw(({Fi*4EyA}hed05CZrF@T`$~`E^)<mIxiB}`i
ze6Ac+Ma7oZ#PCa_4dz9J*W_dfJ@)&&{=nw2+={~0+BJl>PLI*2Ezx}uO}9ZJ{p4pk
zZC#(~H;VfxOZp^}IE0wu)MMCN>EWIi+M&s7Z*x1<f!0&tJw3|rH?K+fh)V>zn`{Cp
z+@E`<$CpM3QeRv-z$Fi8)MPSCxClKB50}$6A;mPt3gn!8zW<gg%17_}$6Mp^PUNrj
zS`BpYIIOo7Hd<~NxdM??s~UqMDK2YkYgEQbfO5f&`RvPUkdaAw@ky)mt5^fY;O_A(
zNsnWEO`79%ClgcTckx1^DAi^#&48d5CnZa|H42x#*$OnSO0(Bncw%xOwyB_SERizu
zsNWnuUd}^dQdvz6AvsY)<75AuDq}qsGj&1?>PWG}<syHFJM{BC-li;C?gK75zJ+7E
zpOtU@DrjX2#mOQMkD=uSlqX5m>)j9l|NfQfn1g$AhB&2;U)<zb2yHyOFViu82T<wV
z*ofN8eJ4&n@om(?2B^*SZr8q^K1V4R&wrk`Mu4QG#j{n+YAe~@M{j)Gx^AL`HV;PO
zYqA!$z*8Qln`i76KA#pmNx25f-Rf)7t=k}wrXbEh+bpBm6gsX76KDv>$%GXizoV-1
zSzoNSC8Z*wSV&USz2uFzEbu^Hwh={Au0TPm-0z9A`tAsfi~{f)<;<xf&&3v!2nFb3
zNckAy7W!@l%Vr04Omc4va&0Ls%8bT7#(uG}7t3D@_SuZD6dJ77F)6K3E0&a~Td2lQ
z@)i3uC2ogOcDg+-RGNh(4YKbj6tJtD_n){eI7?g1BcFZQ0PH_-Sw3rIYLM2~C8F73
z3`yi7<;wDfM?4Ta&I(4wQYOf(;|1G3FED5QH0nW4#D9CbHw3NVO|_I<x?Zv$%D?o<
z!VkFPQ{3iMDdgHQ8A}+S!@;!;n6LpPOxCeGo~wXQ8^<cN8UO}oc{2zWuslk(alq1d
zGLX-#s~@aUkdx1S=`WipPQu4Wkc!fJaK357sadH49<OlETCfaj4oQKT>A^{t+>O<R
zJBOWWZ8|HkX2GVZM8G^pq<{sbmO3X4@9)m39GB-RAlTvUeodD8w#sy+QHXvpZc}Xr
z=4*5iuV|@WZ-oF@jh@5A9q`NzNAf81<dKDQW#=96V>|{2{U&SgQHAz+2h|icaM*JK
zxynr*w3if`vq;6CKU<yex!#oNL!rNjC>u7IGhj2F_l&pSYZ)nhHeF!~vVgo~(uA#q
zg?Ty}G3j)+&v->++9F+z`dK%DWVq?*?q`>2CQ(e6@OhBG|9X|<IvvE$PkTY~0v-L^
zGvafhk}s`ni3`n<HeIq4=_MV*c)qjSyJlvLdMz;!2+*gDZL@9G5q7Q024SCaf>4L=
zVPT&8YjmQr;sI0VGw0mpBK0-p5XcAj8<A1YU`luT;HgHD-B}W+nXciN@RRSyFx9)l
z$qtBie#~Q-7L<w|bixyT$7Z2gc#fw)g)uBU#twyYzH^?69v;vxVzaVlR%SHy(&NhW
zmsx%m$IS$s_e4xjW-Q;P2_Wp>vMltCVF+SSr^xv!Dj$w;?OeB35g7J$RelLJj^#2!
zG+o%(9hvEY0+CdL0|XijR$HdRq7A=8X!Fa*@10K8(>65;-F;(<)5?cAIXP1m`#wPg
z1Ozy3w^=zl_L&`TK)h<+KyqV9BKq1yo+gIen_$nx!V5hY3n`S*d^rSHXS>z{#}8!$
zUfg9Sp3CN2G0XKlA2x2F)Ic31)kS8AF^wqQXyxkrdp(NPm0*x$p?$eL^)p--Wm>f|
zg!(o5oOcxtNlF4?G))3ruKe7GwL9;rj;=`^lW(^Lo7bFjGUeiWLp+Vcd|2mW4BA(U
zoxD75H=_l+iYP^1s;u5J`T7iWnl-)+t~JC>3tDAKF@CUdECqgcxRu%?;~J`$<GI*D
zlrI{Gxne#zIj4fO#*3e71|MTtdQu1t{#aACyYr$4<JOVJ?Qf;^7t46pD4%b$nckUI
z8akGeBP}Uqu^5jR_+F=?Fj|bilyL+okfdpWurQ9jJ@#<K7Up$CN2q9o@2T)HaAC;s
zR^e!N#Er+B?T6MZukaBD7zfV<)}|FC)2p&tcyXT#F&cH7{%#LE4;D^qiG<TK-i4(P
zMbFX5hY3mMN<SrqO__I(=m-|Qb+RjK5EF28w>4hCQ7YEx_-%9ys)l*x4Y?CF-u3v3
zbnz(Qix!a+P~|2HVgq~oI%~6S9PWn!hK^v0dN2s2-O2%ov3lb&l%*$!$LaJG!TmyJ
z+aif>Z?BEfV(oS086{=h{_;+cwOfPXR2>?*WTH3qgn2-;$-Kdr+dEi3+@lgj$Gm3>
zLf34x2SBt7!ygn^LoZQJUTeSkl^E(eV0dbJI$#f*l9F;`c30>0&e}#~S9R<O<nB(d
zj9{;iGp4tmK!P_q3vASqBg3C6DH&YEoI*k5bEJ{yoRP-4__JM($+qg{a3QFd%bAw_
zvCfTVb2Xe)k<<tvPmNLFB?r#&`S9eeT4X<MT1$&Kd0&Ia%8HFed{SIAor`9LG56Zd
z&nGsoEPl_D#WT1Yjl1JAT6BrhC^tZVU|xtHy@4KSuQ9aUyxXt-AT8*s6D{Dyn9kQR
z(1V!*s(#f4xo6v3t1X1k81fESXIPl@8Y05_5hy?8ebJIpgn}2TM5B5}UDQ}Df~J_s
z;n}$}#lPh!F+O)bdP(_%{r&pqHipCap?8uJo<gapnk)lp@{}U?tGcK3@n2on)eEqU
zCkAitOr+c3g`~qG6KI~j>WgD(O861+)sGMyDMm)d-{lZ}6MM^MRMkA#;!TL)I&vY>
ztW7)R+J?W6O;*6&^QT+q8g{%lIBAiUn6KzNk#RzkxxCwYN}+6ZLJO;}FC_*@lHTUZ
z!aM2@@vP-`QNEhntBmM)j>7o9tIOZ<R@K)0bbsXScAUvv8l%2MGEqVgP-s>;?UI|%
zS0nfc-RdZMH1fadPfjgWx0t@#mP-3XNykU9gcc^GiT-Y|Q41yV=xn&U;TbxOCWjn_
zRPXjgT1cs>nc3lPMv3aSE5AV=1#lcmiW*Mp2zUGzfW}ZyNJOG)%!1PqOL0#o5JF9R
zC)H7U@Q%mz74gnQz>`%53Y!9DiMF}fueT}E6yQhq`H2EaQCYb%oJ}bjciL8@#o!Gh
zBYU%QSo-|+YyJB^xFSW2_;I=s)rkZX*M9p5pA?x~*=5O2UiJDfFG{SeAP^vQE;AWX
zFYEtpMLJY$|3w=A@CF*VlDr0gcC>KLfuWB`$R&_pU~zPO+T70i!3S0wL*75+o8a$b
z%$A0VXf>Vb3`WkirPU?R0lyQ!XXq3P;&l#};$;isPR`n(5>Oot{d3lJB-VuK=n?@W
z9B<sJg~fgN@J3=S;e*P@Y64m-nqcjndbio%KcqAAL$w*-ya~dgyDKTuOpFs6j0Fn=
z<4X4CY!T(T+S@;8=fjb=YV!TGR6@OOFZOo{qX3Z4H9-ZFJ|OKAx8bc0zx^y#U>`a;
zJ^Wo*8;UqRIMNx@V&GhxHk2!RvaM`7S%!b><WA9hOf84AAc+U%BjgG6*DEnvl^X>^
zTQkQ{RR(9`KR|kub~?GgTc*iW0dWI1^HT`JX1vTr$~uvEx2|!6B08L}d(xbborCae
z-{2%7r=fc1iGC0hfUWORiE3m7Z@V!JLai-2oKhoFkoQm73^_t3FC1p8tkiPquXF{Z
z)CY&QcT%3ze;t5DxkrHzmH%qlSeil+Pemd4{AWVW=aU3o%;))n+!hCkx3K4}OZ=gv
z65389G8(_ycfp8hAJWMN(tR|CNK3KL;YJcsK=M#xy{WEUPzP=%(AeT5XT{o%fyOI3
z&2PY8y_~+cuf5o@WoL~O(keSs9<EHxMGn&{DuHTTJg1&eVm-xERg)9%@6MHzEd7=Q
zT#WxfX>m+qBOxl%iK&H2AYn|u$a@R=i|8ZKjxV%UKt6%j$PD3exxfN@L{zlPr_B2F
zzv~AXAX_$OtG|2>XjhToUSsjPptgUE&1FV`dtGID$dsk8$?s7Ew^d-Y@+8MStVkn0
z?q@P6SJCIq%{7=1D&GE*iKW}$_Y*nJHW|y=TG^IE2X8!Tmeh?a4D-5fvJSwhK{uZn
z#G_AIP(CPa_JWw{Pu(YuLY%ACl!~-!&y#z}w?XVA2CK?#&W!T`Me1IaP_FFf`4&A8
ztVF2ocw1A>ptl?Y)=^73MZ~v!o52c=rcXc3mz&eZq<<FRwEHnKGPE9{?H|(b=8-R#
z&xJFZA57@3N#9GYG>+MalYbrxPgU4Fee2@-)8)`qxu<ZbL<iS&t{i0`+2G#Hc?1X!
zz9)n~6@!IUuW^AcU8jFxT*dpLY9&S?@DpvNZ+$&)P2CIufbF9{z>z@UDpGuf-h`n$
z=jZ1D-N6ZH<TIPhhvW5V?=`qYFi!l*9a$gTtJk!&v1+df-m(#2_zrg!YeQGxHMu<`
z+cAuqHM_0V(YE53ng3Ohe|Ng9Y5rEs@?H?j)YOzgCLQ)7dEB(~u#WZ2%_L{`PBZS8
zdti69h<vQ_``24q3P`Sm+amH`EH5R^T1{Fs8#*-y#@kh;x?A*GqZ2Qz#<-RyrfICJ
zL5|eu@9xaw65FMZ9Nd^MXhE=e{()mlq>3ukI05e+3Y}IpvcT<jYI1R?;3^~Q0v|8G
zM|~nb<dohc*@a6r-@a_O_DuW0Kx^r6#L~Mv9Jdd)0^;soRsGG+-V*F=q@_h5Teyyj
zrQuI*`Ov%LKwx|-X#?8W0p&|<tlQI<zxCKkOQY3RN{I>8GI}k<2i|pbK>6u(1+Y3?
zY{1>sTVk`D`(P!8Mx;Y27Aq4yTYShbo_xOy`8}#*vgO7WlUZ?1#f9Svi;T(Y7~+N>
zco@<6BCDR4cX2n@E!64Ly=IFWB9b!=JV=NKr3;-my{N{a^ShJe6Z=g1Ew;AXoX>Az
zkT6v;97z7v0(glExEA&Oh{1P=qDwrstGRE|4oc<{vn}QY_(A#_8Uo&muLJ3#E>teS
z15!a@_{`%PrG-K7s!qL!?utOmjd(O;&iO##CCk&TMyO-V!lsSl?2Vfz6cS;+d{BOY
z1P(6)5KZTj@CU0JtrD(J_rPL(+e1FoiUoP_Bz<5p9;<DbKvVqT9@ASrPW?=my*$tf
zgBIMuX@gdsOZkRF(6w>Zfn!IJYg!5#qy<Dm=do_B5P3dJoY}VM1H1ge!gZp$1szDc
zL=vs>tJ@pBmuL8$=Dq~-oD3Z<?Gg!;;8=^<V^ca$)!r9a-{NX_U1ya{WMuxA(Ko*x
zipT4j|D%tC?E7M^(H3J?WBgV50n|w0cV{Q>={lZ@t2@oL^}Df5q5*(EgbkT3X>B@#
zW)rT~e+|NgR2o>x=gUhPZ~?}{aHNjT^v_nj0*uGH%=CT@26XKi!EfieE1kZpK7WUz
zxl-k}Cdf^V6PziN#q4|%!FPl4lZKGswq4Y@>pS;1zbw>!XLWnKDi!r>-60&-e_{p8
zeb;I*amc5&-p(81OjIhJaf^abSWE)zJfoe!`fHT+*!%vusg?H%xw2g(dTt{D$>Tr9
zJke5$o~Yff2yt-caVI%}<PlL<*7uR^3I7fy=iPR*M1E5rJ{KC}r!TQ`2$(C3$97a}
z5^K-4dXF!AD1Pe^RHBp3B3*K+?qBN-A-*mRNu|SNB0QP5eXry8V>t8cKm$&qq!F9a
zcm~6-SM>#=mL)E2s_Em<9#vJsg%Cu@o&B-}G3r1bBP>K}0KKJ5D7EQq?%Hn6`Jj_A
zL$|?#EJ|F4@7R^nrsxzF<(FEkgR|48-kj7HUXC}J;(F|?nvL(z59H%mS1`J-w?C#+
zzRm3|X^o7pEOpnVQW=&rz`>B`;{NmQqqyj3{*F#q`GEE3zrQY7tn=gCg2r&KjMFl^
z?)`0K4Zb)Ugy}C|JC2~L7g9lp$XGF604bNo(b44E**O#cSuveOE0|Q2J0V0MV9xK3
z%VZF~<PfgPdWFweUg2DPDp%vJe4#or`#z7r$u<XAvEG)aSX<iL_{!#ft@Ohkx8QyT
znLO`UxX6&o=DDJRrj|%;8sByPX?IP)F*%cZE~YV5{T4TMt#!U1d4$}}$0Dm2eeRD&
zLgL~2-K>ej)9!6|3dkqL22Fw~lmQTu-*3nJ;nHr!q9t%g0%xqF&Zox*^J>PV&N)NH
z<j?MpxuG@@UJ2fQt-2sE-#ksxK==$tl@qjAwIOl#<;!HfYvI9sNB)K(B0i&Hz8sXz
z0Jhv&DcPUXFIvJP2>b7@qGUqf<T<(p-CAR{yK#P8uTjCn+mV>A2o6T-j-iFpT9B0%
zgob<lT^W19=iJ*bbg=GyYcJ0j3cYo;yu){yyvSFZeDmTYXnSH*IbV}tXa!R{1&qb>
zzBi6`!()q+d9lV#Hv~ClvWIrA)BEUP$#bIG@AETkt4fK#Zyqr~6M8XSQ5ctQ*OT?!
z70VY2_O7Lw^!|m0!MHVN!Rl0@_St^#ZNkYB+wPO`%-9#*m)EIrqMyiPa2L?u9JL{&
zzE4j~ESxX9v|AXplTh`lUJp;T)d;;(-cr_QJl9N)iwpQsimAO;xi#Gm!oJ~q^!vx>
z0;^JcIV-a6>dQ{<##YUEEB)t1nE-5}<-TXhv9F>5VYxnjwFu&l`S+-o(PzR&geXIn
zcq*+n>a`eDy@B7PS{4k7(weyyXwQ-6g}%M-Qa<e=FPOQ&byMZia<I&m7S!P0R#TnT
ziEWV7{l(*!)>x@#b39f+3FmzBdg7F3wOA*c;pW)$XJx6kI(aMXzWs0TK7hhC{!*ep
zP{awN^oN8Xx2*d)bzf~*o$-}cR`z%gtF^}`LhELj5VHTrPq?CKa89+gn`zD!6-EDP
z(oLMfvdI`0*7;=rm>6fg*n7Ect}G;;?D9GajW0VBXTI8-uK}mgGFz2mVAhatP_%J;
z0m{_YHt0Y=v0v-<wy%C%%$*lIaBTo}uUQeD`q{;`&gcR0#pex3fo3gSEmQn%6cy#(
zWaoFAbw^#@A|uFYZJ4W*-P^t`g{6%RX(FAJwFy_b305PxwWJTx;S(Lh=mW6#npHsn
zdsD2hQ};S!WB9n!$DXHKYT~O&KwA~o(E<uqn<&207GZd#Jf5tMlYAw<$8F9D6;wCU
zRa)bImSfysMTDgaI|#o-zTc-w`}`YosZq&%Whvr$PvjkKOmtS0y^VWQ=!dnZop-Ib
z?^cK}+jmie?wkTdDhwnW;C+O0mLB}($1yUmC?kl^_V|NBYZ_4?8{_3KD)#3?8*uQE
z3l~n}DO_tv@R@RJC`0pY7=O373u208?|kAQUD@5q6$ikq?}`?SB?VJg7CQh$WVc6_
z#B!JwQ6!S}W9yukX8u|Ivdc=~tEI;_^FdtP%ZBlkyN&l6x$ji43ANlrz7^2#Xil}z
zqbRmOc==9T9L?C3hK!iFwmLd$l<CP9buf7r(+_zm@t$u(RrfQiN9MJ`qQO(!6I&+J
zvnIE8>O3$mT<~_rFzHI6bk7kHQRAL;uUfmXW$-gaitkLhV@b7^F3d?vzHhFbqdC^J
zy>9?C*-9d-z-^I|ct8zjYPz>~(HIR~<6eAC(fbb!=jy+{-f%=mS53rFKg4ZX1%HCG
z2a4!v>CxX~%8quXr7uUzkJu8_gnfKIDh=jDUl;Qzna_4a;clIs&y%TZ>zH`QPI7?G
z4+2`yYY0$I7PM3>?r^=Goe&6!I#r8R8un_O{t;m@ns0caKR)^_l0J~z9?5xq44ut%
z%5zVH8?e<afTfba9ed$MDIqRCjFZF5wZ<y0kL<jtRq-*TT;a)`Tg&>S^4z|{<jjxp
zk3+IRX*79x{e;IAhmM6dPc56g#(p;lU@^E&8moS++GJWX`pRukkGMz})7@wbq#(8|
zP|ZY_yfIT|zDba$*bh}<CV$@Oq6Kz}Ghg;Ff^Y2|7G4F83mAX#O}*?-;RK0_VM(dT
z1mGtwC|rfH574LTI}Zoa+LJ8Wq9K~2FP*%Q=-TlCt(t)2n4+iBD4B<C*|$D%n*?+7
zZArI&snWVc5@Db?#kyl^rcD-xHHI!0qe=J$jo_<-^wMCM&Sd>MN@_bjV8>}<dB+OO
zu)4#~C0uPaBBDR-RqGbra7C}pZx_Bs?@eNqsnV(s2zk{`OTfIveB*o<-USr<Ta!<r
zoeN){JYe1pmto2^L;4#Mvkk(2{}{kRpnFbow8pt&Kzly9yI8D8<~%Eah5!N`ov-6}
z4%FH~C#H}Xx_MC%jNQ*q&uxxe^M>S%*O9BwnT+0p4IT)bdLNs_V4iWHGQo`&r{`K}
zQ;T=JJD%x%z)3<<8_i8eCwMU{v~pn>zQLL0xU_%}Q(~lcmeTFbzZp!0!`q><oWS^n
zUrk)oY@+mQt>LHhg8569_@&c}1Kx<^fg{0~ke0WT&7@+C0D~4jSvmGv!wTaJj?XG)
zCeT=B;mX1qJSQDNFi4rP|3z2;n6stp_NIB2*}1^L(A8jWNN?k~9jEolGbf}Aq1Z20
zU2f7r<2jC<P6GpYz+jHf7aGs;0))!Gw_qNsi^RM>lHmNWk5w%6LLQ3^1lA$fgOEx3
z^if*>Kh~W3`p9r#kI7RZ(5y)f?P`vOL7vt$G?s~#r-USsOt9<Ym`iziO!rY+M@Pq7
z<Ty)bV==VEu2o#VAZ4yqd5S5M@uqa=@GFb+Xid)HBB$Ar^5l%My(v-52gZYyB*UqK
z)aF$t)&<&`bKRJk0nA|BhV=5J_&{b+B-{el&g!*LgeYo7hN^-%7C-aOylSwTUf3Of
zDJ+XS_M%c0DBPOf?}bq)0I9=yINQ4C-?6YS)i2bG&CLq!aL4ltSt%Uclq<F4bEr=N
zA=NU~^<LThn@xM{Z9%C13pSL{S?=eI1|T99y17fH_S^99!*rhksbmo%s!};`E%rNd
z9tY@)>vV~pEUx21Sx(e+U!?wWn}lJUeZ0g*2L%(y8AXZXKdv3uD5cKO_*_-V<0$fA
zY{l{{eMmpLIo^1`bnKisv$-S7pYs_y=)#4lfL40sN0#)W`Nmsqr(yPV;_~5nB{|lR
z)fKSLqg1SEZi9k?ErFJTuPleyGOJV1Tpr^ek;<Y(YrN$&jqSCKg-XAEy*NM`jm`9=
z8jSYCAVTX<uI+u0XxEJJxJc5rFvvcKRnq9?jp>a_?ie0*c8%)xG@PiZmhK0eAaB{s
zmfyKHUytj>GX=`bhd4US;;l_-n-gx;CLi&77U$vA8x5ieai4QsK(I(A_FZd@Bczif
zZR<C_*jV<;TyXd6#H2?(+kgXQgvIr3Z|l1$di6ITzwPiS*=G|}uXQ@2#~$|E^m_qj
z@rq05^{`d|Ku^w0rI{zj8O~>T{sb`q14zbv#>Nfyd-EM*CKEp9wb?=U=p9mt&4&^9
z4=GI&IHMx9UucOVx(734c!wahfQ4(h_@vW;*g9@jJCrA)!@<qH5|Nr-j*#1WyiSjH
zwU}y{tWjktVjx%Z-5KQ}UmEcIAmqS#O&HXyaIyz9J;ZZ`3*(v%C$g%gKiIB(d0wOo
zqYL5?7PWG;q%^!&G-okDCB9|P)o)3r1s`d9jB@ZWs$C-PTi>=)6PSoA*w~b73}0O#
z$%fJz{2fG6%9A=vHo3BzSX?=TU~(K>ojX%5*C!3Z<JB(Nt*NQ{v@*RqS?$aZq7{68
z>4~SC#7L&4tY5cLmsXxK!Mo#e1%&L5HhyyFy|Q^IS9D0;c^fQ+QLOKSBptOTdYj%h
z4-e~$&wtoC&F`05-#kB1y5Hgl5_a`QH-zGqWtrg~s8;@KVGa~pv#9`9<-1l>hzH>E
z*^0G1>#suva%I!L1b>n*RPEaEusf~k+n8*?z{AG_Rh)yKJP|P25`m5rhyV`R8jd`*
z+Zy$Fh7S14rmC(|P{A89plk9i?*Us#y<3+O$6NTFDSIsYeV+$retvfrwC32-$@PL~
zZcrmCFzGK(8Y`0kL}RDco1dT(WY_TuWU27ksec(+*{=M$i_hWmlJJW&CRu$wQAGDo
z<F==Gm)p-k)O7%83MQW~3%5JX0yb(-PEq(c9Wjn^GzrMSiRH*$zU{Bwcpzq?gLhQ>
z52m+|r1Oz?^|{33cz5E6FPQhsl%>>{zzucpPZB#X+FxGVMeWt7qM6wL)c>$z@I(X3
zWPi@x16!^G&Jo<gJ1nY=rSvx-C)(X`A&U(1>BK*k!+9@!T)EG~sAC+xcdF6nc9w+d
zqp)YX{=Ndd2$y6+!&e(j3!_5ersR8WXb~rvcDGBP!6~m8KR-*Ip~&#K0Lqbdfa+1#
z$jHfb#_Pzi?oXe0>M>1DPc8x;4k6LsFaQwOQb}v``FYis{jv2}{B()l=zCkKoN=s0
zq58qwf#WiQJ`3jr=zZ7M$u=9~nR07<6rM7ze$RWH+($8hi`|RZ?N0B-T5m5wqx1qQ
z67xD;dz#~j%=iE%AfD^qzfFxdkpMh&ESpY);rt~?SY+5??AC8Ez*H~HLuD|iK40`i
zrTLQ$9;H@LlE0P`y{9_4cV!GLc?ho0{@UHAl80$AAtHam0uG<*JyA0N-7lk&?p;z8
z7Y+Bm?C$OiRw~(_jFp&fpDkG3MptzW4r7=+c9iSIIao9n<Z?%q7W5%?Cm5;S#jia}
zwd*1OF7Ol-TqYYF%MZRk%`uS#JqW+1QqZjK-NJIXuHk_!4Fm|q-dfg}%Mk$lgTEX}
z)13$sm|O|gdJ~=lkN{xD1AqZoC~!D~a`>moKq{U!LqEW&%5^6Oh~U}|lJbl6Q$QQ4
zeD|r0)4jyp38%!~5~IS`ijQ;Ni*!mp;wQ(Lw3vPI40>#@`jTOkFfrc|3C<|?4OS>H
z7ut=yGy<1WH^1Ltzd($Lox^8>%kBW{cV>>3$PLo<EiHczRB9^rRa-Q4O`4!XT3V8x
zpU?eML4(+#B!cDxEjqz#Wi?<U{ezT0G?ViD>f1sPI#;M80P?H+g)cI%wKoS0M;Gxq
zIJt!ABDB}a4zVuV9hy}h2wNum`&Vl=fjJClx9YskLryd*<@h#klm49ircFO=ru(2N
zW)35=hf4RQ)vFw!0edeb_npQlfF<Gf{3+iCr}RnwmuR{Bn?M3r-$j7w6QLX%0Yfsa
zRk^(4*&6KhV{X(%XJut5{~nXW;ZF{Ohh_9hknLA7;pJnr1w&T)o6DHsDz~>cxAM|U
z%bEEXyruchZw(uiF8&yCB=PiI-p2jT&_%>PV|CN4MLUFpOLHyuf(MUfvgX#_g~uVI
z|A`+zE+ewReSJ!~rtL?>H5z5F!xsjEVM)kM7lPw95lJ7Ud}L&b8T6*rQ<*ctI8WE+
zwTn>wkigu&v!0MaIm!!@P5E15Dk41m=cgg~K=bpHA2vW2Talx7RiMMFcg0hn(kNn*
z2u5vs`^Wb44~iso#}kGUo7kIGZrjMdE_^V~Cy2htIqrqY_qWzVti+zrsB$d#@1RZy
zS<q|GZc^!D;9PSlPDX1aZ_SB8$(wk3KxM&obzmF#2$;V5<;QDgo7^yD4xGl@A802_
zSsnLlWEf-wMrTqETi!-HRhMX-Q%7+oPr!mq@&zg1rFn1I7P}}iUQ&E*sie<Mi(y=_
z^K7T8TJ`444M`06^yz73zAVytksLN>JXdZ^A5XjqQubmuTKSTf7sJxu_2ccR$pNYI
z9oH9l!m~@331p#%Ef#3<8CXH@`3&3_huapS)5+~i;`33*oR1sLEN{b-oJo+@=GjYQ
zttFl|{lPvypyE<xp$C^R^JS;&w3#oEb3L5cx`yERO1Ysc*15hi<_!)z==>I*6c%Fj
z!oWCFDNjC@OQ*rIml_skF>!jjknAJxe;RyY4w1RJ*D_*cH(DWOF?nCz7hF7K;Tq9%
z=`Rp{I2b6Y0MzoR_vS5{s|p^KUuj4OP4qyU4nJTm1<e*iUgM+CW-+j8fptV48Bt)v
zo59<c#qx`_SED;N2n-?mW1cg_i+*>rB9wZ$c%p(}wROVjJy9P14pq8=2E60uezVNR
zGl05kovOwHbtqp%UX(@)Qn`>qPEfD|g_j!;Ns%AOyf^2ba;`lRyNirJDwWg5^W})J
zH?Hy-WD%4N`r87Qz|5aMPz=9%E7RMBHqb(fc6j3>v#o!4d@6{oMJO!R*giMtC#tow
zX8DEA_eig2ak@`UwK;^7=R;L%b|ky`Y(u=oLdR4W9LCcdEA|uZkXE5Tzei2x1}0!L
zUB#C{x{D|hyDlgkSZBg_c6K(cWG{)vU`jWJD$Y03@Q7ED@{q_H3Mmf;O~pjlk@NC?
zXqw1=+0sfX!uveFCBdfaCA1yQ@zy1zGyb|Tw|B15=W;gfhB#_Q*G+aJ@%_BN{%E6>
zK^x67&fe_Ii+70cBg@0^Hr${^+$+%Qzm*wmchSZiF<WL-3ISAIVqATd=n48N*lr%a
ze-e{pNR@MIy7R@x={s?nSF_2ljpdTedvutP>OavRE@>Aqh{E7RU6SUe`sdZ-ki$3O
zjror+9#p;<=7@N?P1V)aBosL$5F%32*2R9?P7dhuWXDHW6+FMn-h2Ne#a5^Cu<&qr
zpyL3GlyIC6H-N5Q(*s$i=L)t#gN*Ox<!$M5zflw)#?jO`n11V&cIo)5Mh@U<Sc&~$
z{_kJ?dz+j7{)7L?=YP9WIx$*4deBKo>aqUqPpOF)LK+JENT0?6pdlV_21pnWMr5GX
z|0+yLR(`fKhH`Ro34~wrn^cdcIo4Klq^qlFP0mcKvS|JNkOU$gLP_7Y`$H*X=$FWf
z7ajbgf)zs>`~zjoXUXs4v})du;&R~(1gH)nDxws1LCi;!f&U#T7RM{uC#&7BY|$P?
zsvG=X^?9oA5>>~B(o{(0i?ASSYPdjD@$Ah#r=Op8sEvjaT}+zJjA9NDSawI9dV720
zw~%TrF1Jxn{?yA>oc^WPog$ft(^41U`Q)9XBwChKBA?&rsQi%A|DTG<d*zK({Q2r%
zIrY1UhnIA?TKNBaNfq+gW8N|GQ$B%U!&`lli<KbY$C1DpAF1B4Go=ALgeQ<Ndd-ym
zH?1N)CeM_bD<i;ev0rli3QSQ4Q=NzY!NH*M@Kgg`N14jF*<^sk%oose))+>o`*-mt
z6P<MC+j>|O2JK;*x{$z$c>0G&C!<XkWx$J&kE<aLM(b<z)7f51(1^w+1}mJxgp_k|
z4om(&kJZxLydMq8%nC1A$jRQ2vg|OX>3mM{5`T_kw|Qjl+<R^Q3-x)HK?dnj+lM-^
zlOK+>wD0(1HKoHZD%R*LoB47z-3wkkO7?=DR)U!3--7(J;QvyPPox9F5`^^u1|9lG
zVYQ4*dsd!)j&dqbo?<S|M~j7Wlzg`-ijOhp=dEd%BQ^z_wJxh%^3sBtvfAr=P|Bs|
z%uJD6DL+BwIhN554?<L>iaM*FfOgCE3W`qwHY{*WN-Rp;6XKCcJ^pEd(A{{I{;^gH
z3pc{;&hHVG?~aiLR8EI0!_^d<yU+`=^Ba>zWXO12##?(Jod)RYNdj0y^g-_(xuxUa
z_(~B$QV1|K`U1eXTIDvmlI_r_=5D(+4f}AF&w?SAXE$VDd7Vf;Diz9hZ5$!(EFe@=
zR6slcJ@`=9373^+_|k%y!<4_dushklVfOc?hdP>u5P=-kXCN@9c>D)>KBu81_-Kl>
z?uPoSvy0q=>N>dk9L2&o4cr==3C%>Kq{bj2^|jhyGVv<hdZfqqh3aZjeoWZ9`Xwj;
zLO@qF5y7PDI#4px8pi}YyJtdha5>y%Br0F%KQy?76PWMQEB~gHh!8@Fz4(Vj&H53g
zRL{jaRB!SI$X0;%n^;2IA{qaA!&GVr9UR=ZS2JvX-$Q&vJc-Ef-(R~_gvX69Pl%H=
zw>XY`l{EhaqK{r@XEgQqBU}I2^rN7pgagz26Nu9pe!#{=3Hkcp@P>O0myRLf0TL3Q
z0Tl_w;7n|mtc<MX35mv3wf*Le!AukYke-X(ahWS(Yt{Lq^TiKW|BZ=2Yib&zQNdpT
zII#7~&Nj=++IEyvi!O#FM;02gb%@Kq#r_hvVn^82G@-5gTsmE8oPe;wpyY8r^xtUo
z@l40w<9B)OLcmo;SnwKs=%@+e{xRtwv)>Ms7>PZ(T!Bj&?2d(d3JX_r)M}mjaVM~9
zS{qHV6W_bdUBoktiUJMEbeU-$vj*6lW3ih4%&|#0x^uhGZbqbuyQUR4IU)G)sPDh$
zm4(IJw>UPCQxS~f`YuChhaxBw`_<PsRi{=F0s&QLTf>Q`<JKn66p)4Q`FI}$D4iLy
z#I8c0NxtlJK8HMHr7wUqXU}J#(%~Nx(hRC#fOkuII};syJ@>kbgBxLc9<JK&7_%6D
zL?K^Z$kCl2;sJ8*hCy9C)eOOf)tW-`*7X&@e4u(HWW}xoSV9ztp>iX#SH8TjI-R$7
zJul$V1L?((+r;MP-})Tg<)|=Yx#L|SKz?3z_#9AfBB6w$8_sUv?@ZS7OP!NFP9&PY
z!u3z_Nro=&O}Ds+zEL3AN^X)czLpsmweD|SthS)(BMv(=<*i<ob^8*c<6C=9xCnru
zp>!i1B&8}I7v|*pUF6z7dxq36G9#zkmC}XAsE|*iKZ&t8O@C5o05l3HGCT9@!La*O
zvwVFBL=6`g@iHUyr)kS18rI#|Ye>_-8<>DC{gMY&gF5XyYJLoPj-z!(?dkr0#ft<v
z8@0!m<I3WboC34NUkK^RB69W}k17Wh|AluHe{sjGPY)`=9UkO+5$eP*ph*L+Ouy$N
zDuOxy=ZzOE1QEFUk&v+})SK5h%;8oFfil;=klZNfsureP<&epcm@5ByG`8!)txNoO
zTZc)e6exF}s@XIAIcA(Jz5mH@zt*>7omlJ8c7Xpk&qyTXclt+(sD3i4rF-j)dU>*&
zeA)Wy*ZJh&`ZRq>#tvj(q4)Q<Ndu>*daWa9s<k9xg}<{aP00WO?{+8wzo5e(1OULI
zdt`DyLn6h=g!X($XeGk7xc~-BkBuNr@)09hcI=<Y1C-b1CU%w0c|-H+qj|>(_x-BM
zN@o6c|7#0jX6OZZ1^dMLnPK@T&wny%91-zs9&k!&?q6dL+GgAT;(CwxkJ;xPJ<LD;
zq6|!^fBZYcf&U!;e|EUn$dUwkv*?sI>S-2Z>@nZ6&G2SzW@sMgn=p|Ka?yH5vG5+-
zy`G>vpOKjQdApA)LkYoK?KuCQ=!3q?%RCjEi#5<C=<!=<7%z`auxxx_{G$HV0%%1m
z_0DBo>P6>bEj)fkMkWT<N~&o8W^=mkJ(!B7!siR)gCrFG8mIo#4aK1CbLcCCZiyFL
zsEk`zeEaLX@=Bv7=%N*MRGYVxZ@%H;KklX;!GuxOfAKg62t!lzf5y?NkeU2U!=~`~
zjsJp^{*OGj|A1Zp?{NPPh5s0HWYil^Un&Cikasv)eUR!Kkm**sM%$JC*CvOyiUbov
zzBQWqP}B%k6@$k3XV_BN>bCLL+q_R3PD*F}5OrHDejCc<XIDB*Mox)Hzp6&TbOb#+
zHz$1jhY8!1+55eS6BqC?3-@3IwA>~>jvaVvC3`7II9{~)=>Ea`U*Ye*UZ%-&DGg9c
z_1T?dqeZVr_xkUu8qu;**%a<m9U|p~$=Swy^Gr`wWi#=&Xb*w_fam_aN3n=@@t<pj
za7^|zHx2pEF1(`)4F14C2ZixnM}UH6q(q(U3KspxY|ifAPyV1Hri1eky@=F7r5Jjl
z^FD=%?ylSD?Ncj@%$kv{Y5l$W1aVt8mIMbffbXRma5!Hw{XncV_j>?I!1)5)PxC+(
zBu@oo^z2U{Fen?rVxdW&wnKO=t!)LiUr7w6XyQ+DPZR$+<Grac;U`II9Q>gLR-Xq~
zgkThv07=yHLjs27fz($%mjr`_zy8Po0+^7?3@1wr2ggVOU>dMGTL^Txq*A5s`&vRO
z&By=&R8WtbIu!rHu;Ex8<AWc|@*^HQytT?1G4P;^0Zy6mwszlYZB|4^Q%4j@1Q0<Y
z$9eMb!r91$R*Q>T%5^Sw1TG)`BBB6}5FNg$GQI2r$Acz5)t<z}ga<nT#Bz5U2^d)d
zqusf!5OtX-3HTiYbl%)Q6zd@npoQ&v(ePEB4r5sI$3Z44OM}BDyjtab2vWTLqKd=o
z*WXj*uE#efD>B;}|CuzwPUW~Ol|K}&zJSg6069Z(Sz`gL<nNef(2A8$^T)3MEpTDI
zBae8qL;bMhh2q2a88PU8B7MF#T|D6jf$(b)vKUKaLQo0NzRg4Nb;O;j9c-`dZt&~A
z2AgIG1dFRmYu@FbBrIzzj<s|szmTWWuug=wn-r?iW3O33<R=Ot?~tnfZn2uxilV>a
zyjL4_YWI$Lj$~pS#3Pi?MeDhMl0n0pTq7XE0*k4d8t_iVAKU%AIobyYEyt}$?Q!1K
zCM#)qDA`+ZpFfdCSqWpkTk-AVwk^t+&M@f<lzJyDBt(*chrhHYiwKdf_-Lek`Cagq
zLHB!=zD(W_y+wJ7xaz*>-%(iqjWy(wf|V5mlTQ5!1jtg-jDdDcpg3vn2?ThEFSaKs
z(~o+cFq!ht2K)LHl-D+wicXVjovm_Gyks+lWvzep^ZcEKSxVX&lM9v03GA5TqmVB%
zQ1tuMo&vZI%zaGpzi?W|+i@V@<Kkc-4)~ZTm<9&G@|^Y|REkF4_%8sU*9q3)bAE;P
z?Psq&78F#E&gf512n48-!A)aF#Y71|6%&JnH03KXg59cA(i7<k0o9(>XsW+h_tuZm
zk_MuZI1Vsp9}dua16`7sv9WQ;HZTR5^lgJmyRNKV=3%g!Jp{5&um0+Y;ING-FgpJ6
z@!rLQ&8UYvy}GEWdV=A6_t^AXOT(>&O4vBIyf+^!jpwnTuFs#Q5aj8sZXrQDyv0I@
zsY=gE0P4ZIoO;tTNC;$<h&NSlkay-i?DAi!?Ogw}ZD_a0L+A|Axb|t<-z<IpmDeqg
zy&k->85W{CB=XX^^1yM>aRaE;*Lj5rd?rs`^(VqqfAp2apGgBYH|dP*w{$&xv;F;&
zKP$^cWY;Fc|1MaZ+QB*mL#!^oSz<Vz%U2SOt8oiME7_>Y-yv|Xg$A*3G5z4=40P6$
z_=Sxu{AR@l8s1vH`9lEO<Uj<T;{ZnXV&PlkkU<kB;@|MRPND*<vXu0W`{tpQd#uPW
zgG~((kBp4hpsvF;aYAhW7FgPuz|Q}nFtO+BE0o#^!YNE$czoSi;UJ59ns{_=38-L0
zH#Ecu6ZO|nO#$}%Pf?}&rLeqKno=8sRM~+JkbQra)i^OHN6A0HNpF<v@6D)8%9lf2
z4pq)j@wVC4=085V&HZzT7%h7Zz;UIkKSLmkJ5vb2(D)~o?QQN$zI+zGzj1i0Z@!fp
zcy#Ar$V0xjQnfJQ_b8;f6NTN{!)DV1btyJ>x4N?|v<E=`5RVS2<V_@|$DvALkY{^Z
zTK3w+S6GSa+ZBIe&uEVVCtZ&tzUyyR$G?*=s|R`_A<`SoZ~qB*1(Ruh`)@GE|2~NN
z@4$eHAZAL=!HKQdCr<v0$P<u-p(FU$3f*Z~QUd3IL*V&+kb%dYKw+>gwbK9h6tjTd
zC_ELUQyWA3N60GG5dZhiKkcSxh2t55X3rGhDK<VojzN{)zL|5&qZ1!5I^VXOVGIc5
z{W#*cB6;*vcdnS+n0#yX=wq%c|9For$$XReYIgjnjT=LbL-7JD7P;(-KI!QWT!`gr
zx82uSgtnd>C1`c3$JccQm<L0eJgjpx>j8NQodQ7Z86ltMU|U)xXrk5kU10<Z7dP~+
zSP0Xn2j(e_B=xJa6%fS(+$<@QwHC%2(vDvIyWi^LpUq7=7Ad{IQIH~C;1r;6L;)en
zk%jQ^&H<;c{2&%b9L3KBLWte5Jj`Pjru=AKkdqI!QV~?A+gav49Y6<1l(}xjjDIu@
zpTvB9c%>;Uba}V+d9R1v!O!zT52?C&TJ+(<sq%g$*>TR|{da`e|8>YLrXU4DpnY?+
z0m$U&5kTAp^)q*T-XeC_RdG+l`7*Sv(OhVId-mBnY_G<9zTg+`$)X@lXK03AE{ny<
z?c_=K<z;iv3<BhU=ZKSl$0?{#&3?JLmBITsPob0xhusCXt1DNz{tMJYe=VvH11Pl*
zRyN3|dqVeRw+*QD@kiS|Nh^aTjqdpE5h+ltKs-Ra#TpieV$n-~e6@+@j_gQ7w+K<B
zgQ;w&ucx){CyXS?jh%M2b2YZ@=Lq`EZEc(#EDJ%{-!3km1>y2z;8vOrunvsz(~5Gs
z+o8^8+oQ0U&+|>#vCzh{gD$Tj5J>JvU(hlhx18^BV}R`o!X{JPT=`ml$cdGCwX;Jj
zA+#jot}|FqW^-nhl$N&6&#4{sY^^$Zx6^>{E0>rOhuoBWc)o>*rcV1Dbf{<L;C(#O
zDj`gWNRSwuJ&h^@0{S=MSWFNB2rz*5Km)(!>9hpJ%gq)hYHI2-iwRW&&0rkR*t#|b
zbUu7rsMpoiRb|irlGuKql#=qjiDSLJ@rqz4Mw!uE%i=Hh!zqC><Eh@olgH^Uk{_%z
zj3#cHFx5P@&__pv6Dg5edS%<ANFdc)WMyr4NulPcn`S8iRTMn<FByd}Jt|b4t~I1^
z`;&zQeXm@uymGk{ew{0I^T-?2@_C~Wu2Z$9d|MHRNW`WzfGB_h^n{IVe6q|9V`pav
zk?uYkDIb*E=YCsAJzjvLr>73u3w73a7cRS35<$r<64b#$VIjrslA=G3#-ww%xVgB?
zF0D3&WClUIDx5x5yY^Tsx$m*DIZ=E-s0tkPLbvT^2TWU03=8e;ppV#5dh=>!NlE)q
zt23hHKj#Pq=lHCrN9KgWSV^Fy)fgh;Ae=FN1Cjs+>u0W8%4Bne`|RVEK!fb+=%w*p
zRQcjL<x#u}v-npz=aObn4W6n$00Y04O$L+wIL6ZI+L}t9%TPt7Wu-Nb<;6x0Opo=5
z?7zD^Id%fZPP2on!$UabD&^VM&A8;~Esgcxxg+nS29Vim?VSmE`FD&D*#6G^`~QQv
z_l|0E``SfuyA>O<Er4_tuz&=mN*7TOklsr`K@bQ<N<s}NDk=ylz4s0YQUin{A|iy|
zLJJ)N1PBm9=-h?-_nmR?Ipe$MpYz9Y;CM&E%Ujl(Ypyw;`OG<A-4DG!2MP;--VSth
z@e;7l6^<qot6vXUYwGm)AHRR?`orDQGQDFCT@@$hb4`w2h7LITzzk7~2}nxf43CI_
zXZv$)bEGhEzfJMqQ;5a*g4&XR8>MZfcw|s9iMJ<+DN$_H?}X!vr*FC}ZQTx@d7KH1
ztjBFhUwnSN1QN7Y;U$Q0GG#n0@jHncPjeK|cAU-<z=JM~>ioFvvoVi)3G$wr&O46v
z%Rih)JkIt4yWgK{m?2NkzGw63HO{=XYSx?_T#I1-{Xv0emJ<kW+iL}jk7GiSPk3z!
z`I2a}`=6vGIzS{;#k<+6P$#Rzc4u?>p9q{Qm~xjfg($ZtagJSGUp+VGKi!4?sJ)MH
z9DnA@dZahc9Cv%Gd@>{we<Y>=K-qe+dKaW<mqkZyZ2tK8Tyb^&K#b!MmeOJJ8@OtZ
zdRc_b?^WG#Mw1qdf22}PDv*qzY5Wg&kQaP+FSy}G%v*5H+`D(hJYRG@**+4zvX|rB
zw=D8*gdULJ<u=CM0lBSWu)n9*w=ZqkjNa-N2K^MeH!^N&szaK4S5I}9J+(240C&mg
zDkWd-u8Hftk>>qMKLU3I)aYHg!Y(6ho4NPnd+|qaV1GcXY43A1PaG){JbJv(+fe)Z
z*JnQlh1Se-Hh<LQ=HAkdU%au|c7{$N>aWMWDxXwN7VYA@r;QG#*`AwR|2h#?J2Ejb
z@yylh-;q%KGZHCaBwPSV!OyImIV8UPLyYECW<m43{?G8HlJ`G|tE;cNOF(J(xSHj7
zvA2(VCoc$nHu2xfv`eS)a&mII*dCsb!2K!VV>HA3=V^a^FaFZKwAN<?x_ZV+A(`{>
zb^-6+{r$WyB7(=k(SeSxStF4drF-x0_nBo-S3p~Izca2>iP&A|<^kH5p6LZZ+THz;
zPd8$YWFhz4@7qUXdjgE@wT$iLXJ)>MDqb?kopWjig%{gl!)4d#CcrvNXKS$s1$%)a
zn0EwG#SB0dI$DN5zsfUkYYMCR`u-(VJAMgNw1}0k-^#J=9u>CYJkpD`?PKS-SVeUd
zo=+Hk+}et~*nfWv%VO_p{!%mLl6vzm8~U_(37#XVu0~{aZx`)*vAz&C-rPK>efIEn
zKS+TMuoJNfo^u@82yRGPKC(!dY>XRt-YW4w0YRd#jALZp_&UF7oAbBb42#U6-5X#5
zyzktnM_$W^I{-A&MAY%ct1*x-^AN|Z{(b>;8reAT{McfB;x(D2=x0lPX+rn#piv{}
zM^gC54>@xdzWO`$>zVT)-1K58_G|iru7B`2tHV(GZOaU<$w`7hu4#@z==R{y(DRMo
zo$nUF#sd=QPW68J^l8gxO0QcA>*4gHW~kRqa60po#dPOe>?4XzJM^7lQMwycLIPS%
zRRC<|q3u7$)mIlF9DjjQg_T~j=Mob+-g_Aq5q=UR;`7m9Ab2mH4r1|WOriI9PTOR-
zrQc&3nf<s|sS-~8oLk{Ena*c2Vz!S{8pWn0)jzu4&~<I!g*0sZdEfrNJwE@KfB<zt
zH^W=ZS8V63S=FnHR`nbZdyU-<<NM6M^?fy*UsTebC>J20Wr0k8ki+yEKAi07*_-tA
z^fG64B^1=3J`E@@7jtkZEbn395Pk|X2Z?oNW{JmgkJm;E#!qch{nNBEdG6i2a2_=3
z!Zm%6*=SJotv8}ce?C(Bn}VdSR6j(iL5dFFJ-Z+HSkXyXT4Q{ow>PMH!C&n+*!kMo
zu@Yn;-?i+!f5%jKJbk<8a0pA@x|RPvWV+L#MCHkei>Kanovu~AaN(FjP{4`D8^hXK
zmHg&D4G1Oy=A~8`mRV0LC^dld?A6B)yp_FAfBB~;f<OyXzkwYJCtMc)LEhcIDkA;T
zrekGkO3tSv5%g-O^HdJD66;MvvK!xF20u+dA7S7B3JCaXpBTD3YQoN!_mcc3ertvo
z!z@`KrY8pbRrUTCoFuV0`aH%PrKa@Dg@IN4p+v}T*vM#DIL}@0Ga=jCp;DXD#6A86
zlbwd<6uV!ARZ)Is;8t|W7dQ&y=I3q0p!X=0vt<avN%)d?^w|EmUeT`n?w-J6H|%vZ
zWLI~4`-Iboqj<u3Zn^ZsQI{0&O|D$PH;6XQ(adhw3Kq{fx~7!3XgjQGW5X(*(l1kP
zKTdebDcjQ4dM0-dF0p3{!#kd`<vzOUtfFDR{oF3MpFz8n`ekklQ$jVu;OW!Pe%rGi
zoHCJ%w0q)?WBJG43Wf8QKea=HnG}FP4E*ox>zY<L2^iLbW)N@!!(lWp7@7jF(ro*I
z%&&KtgDad4O~DDeO25`#hYn@=jF+6<e)Y@vEq|H((OnP!;V8&!{19e)fRQ)Yx}PBK
zOdUj(Ul$e*h0W&on^f7uv$$Bmc@L<M4E2xx;I-!8%Kw)gn_X2k<smBh5&v+{fY$bO
zbov=vSf@1)i^S?vp|fQ^WH}X`g2*`q^l9)rEwP|_60<+8DKB`!NP``-@`V?^GWy2g
z=%o_f7kPgcxDn5XtJdvK^*w%dC+9f5PB~)VMy2PA!tqmK;GFw*eJUUE;1jP3=%+F8
z=6Ie0`a*yp?{%qz?gxmw{0lz=`7*;pFU$CohYP&nm-H}BHNzMf>TZGlkfda5YwLML
zKe){6*Ztr!c1cq6iN}zjsudcPV_v|fu$;u2L^aw(%tXGFImzC*)(o3pD{pU>^K+)^
z0K?PTuyM6=zFtQxSnX*seHj)SUbAHBMEOQoS&#Xw1-qJq8ra!b%tkos1V9<UT~d1r
zq4mb~cg&cV?Dg1u6zVdA=#_o==#}x1)MT8u)XO2L^6Aii9ZO44yTCbpW=AC`IQTpQ
z{^tR+a=7s;wYz05q|gYo4}Zfwt$$}e=SqN8s+ou7D-Lkl|BdqSe_lRwuaj%UjA`RY
z*tY@~&=zb@eP<%c@Xr`)*rzq1zqd@KKY!bwrR&3Y6K|+w6J6m<K##Ks^_DRC>u(KO
zbnX}pbZPC^dFF8?ZJF`)G2eXnu_>LH?4=hHPJ;a^EZSImDe@M|NAT^v#c&^s0o7Y`
zKOF2jd@GoaVI1>&tU_J1rzIoV;Jy9<P|kV=PT>b3Y`l5eZ+T_qx7BB7iS$@i2peyI
zukNLrw`AJ#b5eZt1q@K95mBvuC67gF#kX&(^klMF;4z>ICoco5d&N0cHm{cL_|2xo
zX9gEQ9ad(+P^P|g<4fv?o<UArKDFLS-HIV>HwvJnXf|>8Z^_=i0p>mncKv8p!!$Re
zbBf`YSubd_>Yx9;dbXp#-nnM;T?*~R-KCm0_T$-6mR6ST?fN{Lza`nhGqp>E^ehmn
zD;<M_g8Cj48MU9fmw6+|`H-aHlrK{Hk^S~jypNR(_V)d~F_7x*Z0&rDBB%FZv%yVw
zMG+ff;hD9&oAiRBJ3D)02#PHq-+=zINxAzjN+M|@K1$QmD7MNhL#bu=d2=W<Jd=d3
zerf>weYyxJt(?CCtWFrAu6ZBCDeH@LTsY_E>Q+8Yh7Nm7q&grHc=N0&+0~Sa;)X(-
z_n)zACJglxHO~yExo=ZfFSu2G>q0#2@S;ZXxOZ<Wy03gW<}|WSS+|ZMn02<bNnL~I
zYdB%8%OFzzABW2{@_HzV(z*55gZ$>>c7{Il%f<-R$<^C6hsNQIB_(g>tLjhrb8AM-
zY<-<fr)<;C(7n!oVAy}A@*rN|vT;Tr?*gq!jXHR#6KCV$doL`gFl~3G<}qlH*<0XT
z$I@mWZEBhHH>+>}G{nDfoJFwThub$lba`ZcT2u3>r|lQLPEtk9p0DisATQMY;Gg{p
z+fU+-Lx_iqdPzTj{!IKrG4uV(Q!_I&XMaFDtMOY>O@Kt%9i5Sg1hwja|9(=tvm<@;
zn@tp%_E;?{Dk=+nl_c-}CA%{f%MS|7giIJ61CJ8H%f!rFP4J10i$Z<iO1b>mUOzti
zc6$Kyy?;$!uZ{g;*(DEWtA`H*I+uf^@8Hw<aGF|<`6;Wb-%8HvYw5jU5VMcHqq1Yy
zK-Tw@b8g+)o12{_Rkb)Lrw;4Y77-6~FEoCTtR5fu-21g`<C)=UAe3hsivLRI;Y5W5
zHhpQj+cu!&--l++Q6O&Uen6m@F0mBI`fM&>##u<TCfr|W<zO52K3btjA6i|F_1d-J
zx_xIPwcTU58ky6)ZUFn(A&Cu>f;;5g2nmPJuU<ewG1_i*2OUdwv9U(VwVg7AQDR#%
zp>3AapFEI^+(i!L0pXV_HDoMzN=gS~;y8YQv1yAhXgBq!j3f<YWt`j~TglPD<-{hI
zO8cs;q-SSdz?$;m$4&?ph&=+$;B<2|mLnteH0_i_?Po1uVicTn8_A8Lj=wD>Wim80
z<h|TZ)3bG3R*H`_GBkwVd&nI8*rIdS96%|r3SPd=^k#F{uz-_?jU~Ojc1T6#@jF9L
zF+M|1>>jn(uk)0@TGQFz+2sz;94?31wdD##MMtACW7}GjlatjGHE*PLmqemcEONuL
z{m@xB!}#X;5o}I%@_@FWiKzZ_zcg{DvHU}%s5)!2NW1X!=LT7#u>8u(D-@0<eBrmQ
z>?XCtNM5Mxq?dhndK`j0Htq5)IllNFo9MR`sWL~@*4FTFDf#t4A+*SO?r?r{lz(@)
z9}QJ&3_Pb5qp{3n&SRD!?$}!>RDat|-rqc>GWH5w7L_sd7e3$m?Ci{pYIsjisNHfP
zaQDt_h|Ctg4C`&1^%zfCEPlEM>(AB?Dx7@2vrA4gsdmWngI4}TIe3lv9QgW8TUv@%
z%pWvs$|a;FVQC;&c-JnekF<fd?<xHBqSS8xm*CDUrfK+_U9jnp>95f6Cd=*wXaB2M
zLUvuPPad9?pkHLp={R1eR!VH647VnM$tP}*P@9gX1x|#&mkC&l@xzS*=DmtRD=$sC
zJ<n>TbKEynqzXJV+mofo$;e}L4~9Nh{=9tH8_L@VQ87o{!*~rkd2FjG<%)gjHBh_6
zU8kHwo99<CDRwPi@tHqe|6{tV;kY}g-dXF($K9*v*~OjvYiaUxuASXAL%K{CFQzjI
z7?P6dZ&pXvljN<$wh~JTp;j?a3nZo1+<VzErdc;$qFY2$CNp;47K2=;P^e(-0%qPN
zsQ20lbJ8KDD0t(iNQA7@Sw=?uG$R28Ns{&~?8TD((>3K&9OV!rl_W8T`DfO|nR$|z
z{Cs$DVD)m0_f{?%yCyz6H|LFtn7QJzw(#kaj2vdes@a|VuDKk(t3mJ~wo4J0<iaz#
zS@yDXZd9G0J{<bsoR2`6lngntiOq>G6a2fflDU!VRZ3yiJt+2PJH=Mj+ne<66W^~<
z?rGxDU<JkRjZTMW-aD+*Evnxrlcf8sx4t9p@Fg?nrd(z<e2S2)30k<VB;D06z&mFB
z*va`XF2EN(;dQjc@ej}&D&AyNi>lL?%+J%!@U>Zq%1Bn>RR;nBXZt>|lKZBBv}u@(
zoQlAq2~5r)4vz-KL%f$Jv4jrC(vcUKp`!ujQ4U)yDNtKs*`!hJhAY#uYvz!mQ;o`@
z^Xsr*ailkX*{TA5{!Evd=SR;LxsUiYZ?VHyuF`z8`0T*8TTOh^?EZV<VDQ1XkA%5@
zmPN|=c}G*y`<I6TD&9cDKm!b(x<@Aa`UaTfh|)Yi1DJBYILF+5yE|*ER?cTdCW%0M
z+7!LW><|NW-XEvmvE0N%!ouoS&V+EdylHkS$3++Q?T5)&qj&R5d68li#rMXISKhGE
zO?<8WzQ$9q?avYB;eI7l-kiL7_XXpY24q~i^1Re^Rbh@>w5(Ccq)WFyTKe97jT3DL
zi>7W>YQ*#L($k6r<ZgZct*Saa^5llJ?qL;G>HWKRw{A)py4A-Qd5opx>-(dkdCN8I
z&>vQ4&aH1ga91|&1^BFXJx59*qvaBJsy3GhLW+TbNzz)1^fA5)A;H1@1raI2Z~H@`
zSZX^)ex7K-0^0B?8x-gh8MsoJ1n{;*G@-S%L!3saf?>9aolFHa0}D+rxx^Hw8x%iK
zDMe??eLCe-!mlZ2ple5`Z<T_w*zPTl6{9S)QsL|pu=bshIXcDDYvt~wN)ob;xg3V?
z5fG9~1Cl?qBrdq+_%*v`_iNqZ0t@)q)bwj{=q7hGue$dnJS$7Ox|m8HF?BR4zZ)iU
zFfNe`<TN}JGrn)+L*sTYAjWDN=B1`;v5Pwm1dKD^p5Ah4Cb6>@d<q*QmL_M_uK&1X
zW82oz^0nQmH#{p8o#|Y+Q^*=5?mUv6;t$Q;NI#}tXi&iA?wzu?P2^u5Egv!K?Cg{%
z!dHhR;0l$;$7JC|M=K__i~I?M?0(q50?;~rf$2ydSYKDErd(zqL-^<>YQ7vccvVGn
zk0vJ~iXN#nE}d)ZO%dQgp_Bcdot~jedfw6>@mSJZoXnW3YZex6!@pb$mv3)AzW>y#
zr%;7QC7GT({uS8~JZVdNe|VPv;%<sxcU?No*!3-M?fx&y+>_RhJtSFwhGOc_3hPWr
zTl?Lev9k~}UjC~4B4?+2+0>>~#)o9&ltS39`F)3vz*LI_nt=JRxNWbHRakUxr{J=F
zpRQs!8f%{kVRuP8#|q|iAiYVg+?#Ncvfqn>y=0j8u!*AzB9>w^{M6aRHhh5pI>B9?
zZ}7cmRzQqauzh4P@;1lxD;(dk?|NM)<+_n8x9yN^Be{Q_%d&XB!qh2}7c4g0pG;P5
z(Xl{Bp-5=9JOQElN5JRR2K$~I_N};GWZ_t?_Y>E1H2>w;kv2!}r%7o1P5G=y=5|p;
zo7j&10b_XPhZRnt;K?o2L=r8hx@_;g(VfL{@>9Vrc=7r=rQCfqshW&76-^yC4$ox&
zMOeVY)_+AF+Kmpvs7;@%b|#78yI4s5#zVrZWu}rV%uwHMt=i?Zv*TmPT{v!;F&28R
zv9XalOC;kgjrwvtG-V~W8H$L=`Gb*mB7*$x6GYHT<fVTG{)T+kVC)s>J=e-?jfA{i
zZf~8U`n|GqtloQHeZ<yV*`s>W^8%A3w8G2mNC@>5N&IwGXm-{@V6jImwai3uV^X?^
zzYgIjW*1us3Uk@wDmeXW%>iU)Qfrfx9KR8yCJ@0}d)V-Dk$}xH_k#ziv9z$<l+6a6
zobrH>+xOfumPV`$ybY6_d$EUD$q{~G+p-?zhp7aHy2s^^JyR{CR8!}a37tcc&Uv)*
z%~3wZKrX*kNXXi%dG7CWEM?O_0j1vIMo|ehn2AaDAGH#&y;{^6f*D1Lc)RyoF^==7
zc<-ZVW@9Nj+j6?ekCYy(hKF*fxOvrRyCSKwq;t&`8Orc|b&P;W0q-c`-ocHeBWsw4
zM-0rAH?s9`G<3Ps$9W;8pml#cDpTzPqwd3+>E?(gwHRz0jn$@n5oLJuc9lZ76v8$K
z=+*?(SkqDoi7GMfwv8#Ogj~CJjm>*Sa?UKc_hp+l9>Q7fz3i>-MYAgP1%@$lV+<Ca
z`8CFD0)YZ7F?IcizJmR^7glJL6LfS3X-&le=HAm#!v1%w;X11voF08StiPw-stA85
zS<baFKk!&AC~*GJaq=Q&#fR)Ks(#}AiSW!`EVi?exU~M2CC;K^+>dO9Sr%dm2?zc9
z(sI*<N;svZ=9blDef#)CRdv$Zv&nvY<v%FxD07U$A(wys2urQ=+`cVD!g+Xbx^CL3
z7C&282I@*JL#oOA*MHDh8W4^qs;)8;#I9Q^2^9_^rqdb%_6&p)#}9HTlcxe*ii_F&
zDYmlPgU5wm+>)2KpvkPp;@v`6Jz~^k0VYM=^x;#e^rsW#Z59!M(~gH>-z%xa%ekSQ
zuoMN%?xNq`f}vX#G{L|x1((o^O|c0*zeixKuY5mt<UY(fhWhlzi#|2*tlTZXMJ_MB
z5;)AP9#ZUls1Vb2OA-w=F$ru&3hYvEcfM?mnCjema~zH8H#GAr_S$=y;@=M5xo5^O
z`<9TrX1Ke?p&VBjG>$Cm9BAQ*=50>32$QF#<Bl8>b>E#6Zu|NE(5Z?;3xAZ`>5y<y
z63%PRRV1g=-^QTAsg`ndLlye-S@Ed6)2COUUu$n46bt@n^tlXLjGq$>jd}*`X85$A
zhX8*`U|_OOD1-xn9(s>fX?#KO@AQ;iYg4nwSInq60F#qCi7l$;EU2{3vR3P)F*Cu2
zD>DTKLNbcFLmo$ju$(Q9bcd4$(IJSvTHIbwwWrF&@m0OpCM|Qn<R694gF-{sjWW9$
z_tQYVMT3mM7U3BrT{<xC+lkEV?6Yfd)FlhkaJ_oJ^zFe&4|yH3h^C>AC6s~FHFSIH
zQfJ+aTWDiqjSQw47^{zH%wmhYcn@;NLi^2Ln`(v*-Dn04s3vT{mAuKGTk$x}G<?o)
zKdD)`ey`f-b~{IgJHmEE6=$$FTT)wtM{75poGah8T1ask!DZAGX{M&!cFyQ!_CU#+
z^Is9S?|TrQq3^NX+V8YGw1jXRE`frkLF;T!1t_&d^|hKZ?B<HDdGao!3TO|e2V$Qf
z`W>k^-n${RLMDPDS-)*CEtW=lBH|ToQje4#-4dgIv`o)nVxBvEQfd6SsH*9Qb2=D(
z@c=8n*0$DxGNC!!VHP*{1Fz#^2jdxhk|u0?c`l77ZH5L1uQdIt?!0X{Y9AMkXmd;`
z1&&A@?h{;Av*B3`6oG{r4-G*sC38!<_E~MWUSu*>G&J`s?vTm&V2?*<0ngC2lim&!
z!<la)>TD1BVBF|i$JHEKRbj5~xusIOYtZsQ9!p#5B?m{JH0uPbXUIC{n&KMVSM$^4
z9r^n2#7(fLy3f`_w2vH)OPnYzm~B=k%Gg&knRj`x3TG7u)!=ceupb%~yzf2LSq_`s
zINp*hyOQA@oh59M@<3j9Y-V;=MO%9=jHzjnSv@K|DQVhHLZv4S)G<sj02@O8r=sOz
zzUs2|I-1PsVxu-6r!cO~1M<(cHV43z&owX`y4J<b0`ln<-tOcn=!9Rt{-fQA_$FU>
z<1N(h4Y?DLE>3YY6bH3!??{JSk$XywSd1gk(Inweb~)EbQ^WEHnVdMS_R9O5oo#)q
zIA2D&>yjq-gT2@tGKJl3M@%~9s9%O$O^l3kGn9MXmj+$L?E6wjElweas$gMNd&3Fj
zYIp=?_7|zh)mRf4$Qqo(_Wg_SWBu2DTHZU3TeC{W8l24Es_U}!+V)aamo02t;t;zX
zfAgC#hrr^+TPoe%-CX`g9})J))YNGE8A?}!a(;f{h0zJB>CD#40kgQKrK2OtUIl)M
zR4JDnQBY~L&9Psh6mrT<Qns<4rfpqEJL4!W@-A?D-qN95>VP57_Cav)r|wAn&A8(_
zOox>bU%%$PdpCT{LlR}!*`0A!0%HkXIY#$ddWWKywq&M^DVY*7B#B45r%AUrx--2Q
z)V~~^o_?LlM$pGTqMRfVj{{AG^SY{Pi%k?o7xF#;^C};NTVyx;&a$~qGF2}v7PGlg
zpshGK*~XBy!hzrf!NBmt<o%BMZhcuzk2Yrv*m2!>o13|+NA@h2iUtJLlxzqG7@`68
zfjfD4=-lHY39DSA+0U;Qz?<L_fV6)JHz<8KK|H1nh4084$rmBou@0a|=8K<tIk?2*
zOP`k<67CdCQBMQ6wY@uC`w=YKK1BN4xXU5b^HC*!8ec>P)g|QR$E_r^HTidI4M)|n
z$uS0o!Ow3=wRRKsCK?pEa9gA(mK4#Py6uT+J2u2xKbuR_m5}NM`Qhq)^6M}|8A~^B
zZxdEN;B2Oz3T0YtrCg%6O<$5Z&m0b*0(Ew26Iq?$>IA^L`?VD0Jw0C_;J%WDGXU0-
zi~PY{w{>(U4ri#*J^F>9Nm?rIsN1@f*&#FSUMl7`)f>@%njCEWFn?~@rgQ{em<yjP
zG|$=PsLV9-^sMBn#NV^G0V;8&j;4*=YdNQ)^WsJ33Kmv_N6Ip6x;9ezC{)3nj49fe
zWa-L!UgfiG^DZ8h=Zr30FhJxMpX|!7aoARM+g|h!SvAV`?|vru{{8#mVmC~)@GR)C
z=|>T9nPZh5t+)wbJhMcfn3Xg2at5@4_M^pE2qj&yF5B3B(Uf04x26nrs~YiB`2_FJ
zwXKdgPOmG=g{>jiKJYs=WZWkx3CyJ!Et4hS%f_d;5xE=xvMvw2m1hoB=?RlR%x09|
z{=s+W!?tZ4^#*^>+K@%Pi&_;4m;*9A_oI7fW6X00P&)1=F`@C>3({=TJ8W>U+SJ+j
zNb46^>|05laRlM<{qdXOnILXsvP!zHqElN9r}j`TF-?nVwWS_IiY;egM2W$StsE+=
zz|a>aX0iKf$P>g@yx(7DICX*9rk??Spk~p&r$yHEY8fRqYRbjT%;)bMM8>oo;iq`0
zm=488v;Uos+T6*}xsBjM0Hj9rv!%n(SJL7^z1ql3jvOBhASzfwnwx&kw*&jAtucn$
zy6)PYxfDtiHx^9n7)Qg^YPZ*W<K>B$sH9%C@Qt55w0OcqvhSv~_3X_2+q_;laOYHX
zQbc_63t~XYh%xW(#Lh0uE7i+$-HTlV-91$v;|H&?Ro>yIeNwRBT8cSd3Z_}2y)Yr!
zWqAD*I>m9MLg&S!cf%OREC8SE$l%ekyJh*dyu;b*Yzy_5RzyvIg7r!r5a^60pk7AC
z*VGCZ8kd@fUuM6Q(ac??3~;6Q#wfPI!#lP6a}+KtBAQ4YTDlCOXIQ$a!Uo)U%5W4>
zWVVI-G36nfuvzs-e__XHNyaI@#t(}<!JQHqG3VhY&UNdbs}4qki+p4dSAht~*Uwd1
zc($LTL?n9~feI{Q7zVa3!;IhndjKVj`R*Q1X<p}(ukVu4)X{0VD$U&3m4pe=R}Ho~
z##yAVDk9PaF|JM@rTzsXeJ){ElI;nH89UTv)SNnqm6tC9kvjTc9c5awp}D_@d+3Jj
z2`(zo{ZIkeQQ5;4s@<P8$MyXb-aJ%PY}<_lNOJf^64*t*bxO%>&bR@z`LLCZE&sV9
zJ#4V6p;hSCtL=177M6_PA5VcvIoeA_w-WvA`|cV8KX;>Lw@3ikch}Oc+5AR9OEY~4
zOI73c8@U3UmpsC%Tg_I6%S)ZGy~uU4ydla!;W@bLL$SqpoY;$3{;YwKMwrlZtaG_R
z`p+AjgT-EKtHMDfS!{Z0;}@<o_uDtEaFT2ih%t~7OFMOPLYH|Z=knaR&b|D>qj@Ce
zl5=+wU*#y7xx8JcoP~BA?V%py@plpkHyZD@k)nZ9elvy2$-hT!46C0{Eah}tt)&k0
zE|2*<xTh_qS74(aV`rgiTJ4*)lQ^W?t*sqT-QKk!AjW)SI-NdWO7YVs?~khmg$C&q
ziFnT!#Bs;rO9p{&C99#Utu0i45IW}V7=9=4u`Jf3-%vzO7&ByzUu%0>3VTt!UL%*6
z_W?dLuicN<SK}P65GU5OwX}3^^Pr<HZvm?m6g`jKHS=$utuCK0wJaT>&Xfv~);^H6
zpFH{KRCB-|Qgxs@bjA@v?%p0hEG%ai_xdl{X+kUy<=Cb8=i!vhazC!VlBM<W*hs8Q
zbrwMpwOg&GejYhg8}it3d#(E9;c}<E1#ZpmwQ1vg!=g|y_WDLfSGx8Gt&}8J3?X;!
z^p!9P;BJ9f+h5jSGu`MDvnGj*TKnk@pr}knf2pZ5RNVI)y59R8r1n*6we-F#*GDb2
zk5XkY)SKhpb~7I-?n58l#B3iFwfdY?2uIvev~sR8CD+L7e+c8aS8v25og9}(wD8uw
zbg=swH|^!MUA?zh9Dlg4IhW`-pw;~33(&467?;vtpRu|H_~@tk%ge#5J0YeUMFq|F
zjlbG$p70+8B*diT93glGN`$5L6SP1V5Bm=MIDfruol-$RfADi{14Ko34JB=*rvAmj
z4`62@X^ld2)z=gytEzTvl8G&yl=XG7wS|_}+wm#Fw~Nt>{iuSaLI-s}>!55F^_^wA
z#gi?RTZ!+jKT9nx9VjOQ=OE{n0L~@M08GZihYw%GKzGk`^krPSxsah**Tp&Q9L{Ua
zA&+iOaZk!|YVIJ!%QoMu)OZoXR&BLsgrWHEEwF%f^QGxq>>JM`0M2H^)6u=!LTlZ3
zIj9KB%jC&w_F^cgeq)GO+Ww7@s}OGAUzoQ~&uG8L$rw-JA9h4HAFfU>v_h)Kn$j$f
zK&2NO;t8-*kZ3T(JVk677AyzP>m-5{t$=wfmm+D153OpSj%3qmLK8xhuwt9hKJKEZ
znL1JIl2l}TK0s32e8=w#kV%v=`joho{wWx(wznp1cKfMUiEk4>2rnB5US`ql`GIlY
zR)r$>1&6Dxa?YGRYyJD~cm{xRMAsHrjzHTQE{QKR^VAfJm(KO_`n0E>X3C*lQBZ{O
zxnQsi#Ifo=v}OE!vBx}?+aErZvsG)pR~=>GE0{P=p~;DMJItb3S#oC52l|TUkVPY8
zuS#2GvV7!afcqMLIPVA|(gRMfc8lqO^`3YkCf2f^nq6Rh?;NMJpBab->ZXWbao<=N
zWi52>FAv^BZf+Zn<^1!F<*>O}cYlW}YWqE|B=Fs3#}b@@-W(z9rH|Y%d7}uW7U6S>
z(jLoeK2CMHxlj6w3=NHqCFf@PXQRISQv?D6QsL1n_(*mamtqjNLj#V&Txp%Q_E-C)
z9y5RPn5m6`Z87kom{?c}zyvLPe-p%zs?7z$G2tY9Op~Q8aYdHt;JVj;AZnGKZ)#|5
zCnxlggYa&+yvz<)A-oBZ2l15l1aW;^+mDFlVG`|0f;zi|p1XUbxWlj+n#je(l$RaC
zZr>a2$mFDd<`J-CfJ(Ln(Q7|sU@NHIfVyTM)$>qNvI;^|^1e9#GT#Wt+`ch9lf$dx
zR==$w#01ZR2o`GuOifvqTayq)X*KEO+I3$)HP~3$S6A0{{ypbN3HTJOK;bPf2#X8g
z>Etttun$3r53O)_;C<U!YvW;nKQMHbW8ALo6IP~U!utM!XA%MTMRp>t-j_Tv%-!i`
ztVz6s<xcq*uC4l8IVZox2_rD=S@Gk?!z3lTG8iSAGybsAIXP_kGDm`#W1(Be%B=0D
zZzI+b(73pvk|BqD?To+!T1(7qp6oxDlj~}Z*VSw<@`^e4{LT_^@LC-c7y(<;QG9iC
zWuyq!Jj%SZNJp1{`%k>y72Dhmv0DpgGFd0GQHqZtH4I16PtPP^Z0~rT4Q<M~dycwH
zXgAZ8jn5vk*uQ1!_hu>lT=3%(J%U*P-9HYRa{K9Hev}i<8|=>qE)Bc-<bQ&&y;%D6
zlAp+B1@ONP!TTMF6cl3FWjS<XWNOytRoRn#eE|*SuxuY$Tbff++vEy`LJ@P@#JJY=
z<D5!cuHOIa{-@>9T0^q`YFu=Y(PP^}OMsLpzfA7VP{o22`d9gGr$Z4ff&gK0GJg~L
z(we{8HndP`tsHr>`J~FHx%FzQsX$)-gVmbDZg-^Ep)v?i_UQlPmmuY6^FFM>r^o>~
zz<mSD(r=H*5E}M=n$2Hb?%>Xa4hY{E3=M+By(Z}XbK=0RM?`p!EB0jW(;6Bey1=#g
zA{HONi+Z}@$J_3M<2@odr0x`iPZ-UM=9oTu<f)$s3<o;8R{?q|ui9Gg#BoTcA=>lr
z1LG15!{2$~6S2wKJ+kG<5oUdtGe=*3Kdr;p;L?%;1Dh56B7hKT^Y0(AGr-xaK6?ER
zI3(STzzWmN2viBrq@1L7S1e=8teTyMUKqYT`DtfAtUiAVv`z+G3snQY2JP@Vi&ZQ{
z#`(29J}BZ^o^fxW{Q$4AIF@(lG@wb-(XBF0dKl^_pzfv~XPKEL1shW~noIOsJ8&_C
zZ4k*lBEiu8^Hj;qGN^XRQbYQ3`4#UMPLvv1xwPnq=M?GBbAG*G$uLuPbefjaW`M6s
zxc1)b$-KzPt!bA8D=dK|PTt*`8V)D^i9Znjvh_6ENFizH59s%YK&5==b1}cS!(w7%
zQw`b^ZdLh(Pfex2g>r(cU46E&&|D7aIF6&$;69lru~NB88fL*6gjpfhw40j2Rw?EL
z5WQ9XR&WfQt``p+KvK+m90+@>Dh6An2J}yPhO>!Rrm)?RRtkewxt1S=FctGYyfqUz
zy8J8n#i@S&tSTvwl~h210VXJ_isFABQLe?%HDz?HNiYPY+{V+E8UI!Srzc(pWFOe?
z)MJ41B57yBW#@7(lBD4mmVd_Z)2GumG(FJ&5=hOB4?2vnF^v3^@ZoY5ZA;6CUtsT^
z0VhJYU{0M^vO4D?8+g`NC6bZeMj$UCT5p}ek^>2_lH|jCjN(DPoq?<Pzrl5K*_y`T
z!S(-P6;0iiuyq7qe{ad(!a{o6-%OkW=g_Tw`ag8MEjkFG2e9-rnz@oDN)A>tH1!Im
zkKMc|_(wwMQcnF($I51qUq_cy6B}y_7zAFb8cwNfU%ztUBI}fk(}TidlA^Mbq&@8B
zVk`jTvp}cwm>#nU$I*+c0#Zkhx|P!HEbAbAmr<1cBc*(Ok^!4X@2&oiAMZ~R>Gu>~
z9lhyo$KT&enb_Icm+Wsr(AgcFGFJ!t>13|o2a9PUav;-g`k7%vU!hm&Gs9!6ACJc2
zwXVriclU1v&+^X;ro6uSU$nE&`QAZNl^&%(3Jp|rh$~32QZ&M50n<%`+^x?!g6U0{
zk6tY5hiSeL>&JKqwI@sJhesy+Jq<B+-!O9O`hFm_Toww*ai2oD<<Wws6$`x!BJi2t
z-LE@`D%1t2vIQ|x?zTCfKR*?ORzH=8Y@y7W7YEalIu`t+<HcaWFfMc4J&&YPF~i?n
z+`cy->4Jdw6GkCWYLOas5f|~-@JmXx<D#FEe~R_a=1LZ@Fjd0aZQRa=02JGM7ZuY_
zEHqdBSR@EcY``5<2l7S2Nm`IPe7M%J=13n}PhZ%WfnKClW(nXD=7Y-3)+-X0Ki`)a
zaWG6bhgw%U){{a_;hoUwcH;EX!cFe}l34-wv2C8Hhy>F)ApDD|9*1P6@>_7{hROsb
zu*JZ3h^6kNW!i0NX>6MnRk|Q%%!deXYQ`f*Hh;gR*&n`n%Z8Y=9xn4Lz+36{Q-S?J
z_t#^<Ml5_BY*S)%=h*(IPq(pQ2dk5fZL?79W~GDLlaKge{b2W&Rf_)2YhwTp4rTuR
zvl=cs7YL*726%BDH?@mM@z-&)@z0Nqoe%fk@e)!Xi}=Lj>JRFETaTQLxUo2S+GDp+
z5rc-7dCxu!JJvDu`T$uz@uA8otvL4i6*jMhSNl|=v$Y&CScoHkNJM_ktHb*fynG%{
zc30|LF~|M;py+cvyo365`LY34V$q|ie&2UzX6K@evpbDz+h)gE_Mbx}a#J$l{(=Vk
zncj0&V7%$ibM*kt0^hKWUqWE3P>Q=1CiOdvrH{K%2Q3U`h}r8<e}euo`7p~6b}`YI
zmu>MdNc~|4i4D0g2BD6Y!@}m;4;2zH4*CiTZ>j`~oj6ek6p5x^zdU7>Nd~v$4_bU6
z*S575pCf7enmbl4uCqie7YTEMQZwMuCuTTb>tXI8J)kLnm_O@}cDF-;_z$%`abc0@
zE}N+T{~mmEo%AZ1HPBBR7;5~pmFjE~!ZAsWgYS09?sn?Cb`8#KE<<9FhCDwVS;0N)
zI$$yJsRV@;p+=g=Gl@6rCtX9e@n&hno9cSDwk@V@P8e+Yvz?v{A44~PECJ2!ztiNq
zHx;aEqAnsFT0mOZFFX9MKq&@fd6ZH01L{SRYIu4^26ZcgalS%&#Y4Jt#JP4!rxQQs
zsZ5jKvT&1?tE=!ka0+FUK)f3SL?C#7J)~bb<*A3H2C({*eGuu}96-JyRZAxOtJ8nQ
zxb|k(<y?F0CJNZQ>V9i>@RfmPl({~9AHadmjPg4_Ps@&5g=ySRBOY&k%iL^_P9mB7
z7Z;$=DM@N>U0mob{_lKKJOuK53GigaF;LF~ueo&zN*(?^i^b$cHa<IY-M)QqagKv{
z!uH^|G-7pR6?N{O_X6nF{bR6g$YP-}O#W;xnn&5p7D67vcFGVN8OI#ul2a^FH3%K9
zAU+Wp7ncVi?DFIDPB;yAU2`JN_Z26BsMJgJ;U10*Nz)ELBKwx^q!3+GW~L9}hx7;8
z-S}2}L9Y%TNPP#eReF94DA`SC3(k3$W~*PmI5qY-n;(6|wbkPKyV<_brv1K~7iCUR
zPIbq5=HujCiQ5&Dm$yXB?ljl>nwlvBQGu)ds-gik<-;?#*VOnzkpv^C&;EU2+nm(H
z*CD+VaKX%i_hNKSL?vSIsPWvszD6z@prrKyp>CtbySO-6uhbF|ZbMEOQoOd6ESG?w
zAXKPUs>v)22nRX`j=0^Mp)BDhDIw9x7a1dNHOCP{-CQ=oM&$*O7{PN!(nIwNij8uv
zV(cgts**PKbuZ&_{&$R>Amq_1Qz4cU8GU_<a>~1R0EuRwi+dcXjlgs4lVXEWS;oCL
z=GJ4}>h8t3xw*FcoOs!O&_ld8;5<0PyqZXzN5og{;TOwQ0oZJ^xlObfAYjHF#(KTB
ze@~hm5LMl<&#&0j9)+S`)*cvDk6IJ%j`}zLkEd!VW;=WKY{X2ZVTYGi6i};Tuz^P)
zSiS+XKLygY90rz(+GYV)kkp`jV+a0ub@i^8eWU~0f0v*M8NnAC7qt}C=%?)-2OO}M
zh~2W0<sI(>kGYCasE^M`yLv&iVB4%>ULIuR`j19^j7C6JU8Y{FfFR&Y024MYBWsi7
z6OG%16>$?iYBfkbEoK!X%YYwUZW@<gd2nQX9E`p7Oecr@t-%X)k@Zou;BPlKH?ZYp
z0HUW^qYy_nc%)J@KfgE3`^ArFva1#-W9%65o-~Mge!E+cnSNKCJo1{v1gPI<{o|a^
z)9Gqyr83Ix^kudAa6e_(s?36VtEj{bAE#%mBES~HfGufe!j4CcOqA5BCm29T>=Mxg
zPIsWqZC({x<Oe%lb>cvxs(gW>8`=ExjNe5Xzp1VJ)5%ZhJ$hA`%_i>f3__fnvs-R`
z42&SSz{~Q$d`+_X&N9*2ee48JdDnvZ_Z|qVx$t0HgJPa_U@?#$1J`|C6&+O^^CF)1
zG-<3hfz=GGHb~{xndKp@P%3dQtaLZ3jQ^ncrw2yUIUBj2JcQ~4q8RGK<vwJ-HyX5G
zZsQo&e56N*%i*J8S5}%iqLW8GfQ#L2&bQE#WARErmkEDFiN7TT2C~1#Sl4aH>&s;o
zz@65y&Fy!PjpPv2b9;%*e?v51ave`9J+`k_Z2&Red>IGdnkqev>vg(c3g)K5_x(!M
zp>`25KR5a|AM|N`A_+P6$oa+rO(A9_mD^t!Dy<sw)WlmWr61PnR6J5+ogf(%NI8{%
zu;`EACir`_yq57ltX0z;+fFg9`ZIuZ54`T>+l%!V+VRAITt@UEa_f_Qzhk~PgQ>u^
zyee;+G~RlqqpM2`xl27)DqwAgGRcm`b-Zo=yY=olG1%}U77KU3s<25lT;v>taF6)6
z5&lR=uVF@Q(K%UJB%o;B1Pn`URL&+7oD6MjY~q^7YJD(O9KRDI!>7H}4`+}uUR;N8
zs%@Bc!PE}Oix84Ir$hgpDJ9%K|GBHmt8YUNY<IV=6LwO3pxI?xFscbuW}U4)nNq$T
z+s~Fyzfud$Dz_bL<NMr>V7t<sz*;(Idz6n-Y5U2b$T$bs($<&}KFJk0==^?fxW=!_
z(#oop%28Xj(G%Pbmd6L^oaP<1!_r;b^|P9BB#;2HDDo_~*{KRx)^jD#uLP}Tkn8{}
zan5xOHW~Krou}Z|bF`Ykth&VbB(?5mYaLiAbPpbP=>smK>k2*}I@0~vr6FLv%whXX
zk#$j>Qz62^+!`TJJF!P`C(1HbMY7(T`pa#5b&|*LeX;b4U)ORmxT?C>{^KN()D+&^
zVEb*4-F(x*Dm)4pf}p5Zvzd9_=%G^#RLY}|m{MIapCrHMih<-eZIb0DO2+DtrYS|G
zM;R10kX`9#ntFPX(U3g_Z4d;s(v+p7%O!|6lH{V0U{|7h9dz}+fiCXQjJ2!QUM&XI
zHKDN2=aoF~w<@{cJ}Yln$nR0BqsvH|`ii&hDAeqy6`F@<auKlk@Pf;ZgOydI&G3P2
zxSE^S3ZAk*ob#Asv$K*AH}@nHL`Dy*y~{cqED<qmeK}UU;?^gdl^E2rueIO=q<u|M
zX(rXHAU2W#*kV53i$g5P6~m!FOCtAFb$&80^WJ(v)sl>@YH@{zu4dbQYyI6hwFSwu
zoi6r#g&&nd!u2zh7~GI^OI6k@x<bWhzuj$EOrDZcrCm*39Idu<e*iT;Ut;d<eO~io
zl9D39e<HQB1aMF54>m%=Bh-|h>~BRZRPWX)x5{XywpRaV&Zdmiq2lY7Vz3^ga2}bc
z{&;*fTxI_Dty}Ix(TStq`934%C~BB}<#X~DsNn3lt;K?Elj3!u6r!~2OzxR8XWE$S
zLOG?k?vRVV@~BqVZ~>s<^XF+fT=TDA^I_xlh9J(gJ&3{(GCJ#Hp>tIwrKRw#)eEI!
zU0#<BGz$l`nxsR7u@f=l$mqizoE_v15+v8KdEk<)2h{RM|Lk0Pmm7-Xy{C%lkMuXM
z-Gf6p>oG-7o1)(K+0UQP#W==D62@brqgU>IR`;BMxSjbJ+##<?@J?Q)_=d1ch$?3A
zE{_lav(4fyeYATX6e#!3lF7;ECMB!%{rUR6zDsByt{!@B|2f+BfmyNY@lF>Ryb~0A
zi=V%hG@n21%w^Sa_O?o|T*@r9lH338<Jyk-=V*TsvJcdwu^x0our~JxX23mQ>^%Bb
zK=(H%*k|*=CKiVyV3TYDPiX?C-IMls@q2iGizRQ1@d<_F?Xyw-s5Q^e);QIbWmsH~
znV@d`ZsGV_T2)1&pjpk}OE3R&XZ*0)!A=6XCc4z<j>#6zx8EZ^*yTrKm`~!R?idxJ
z8cPU!V48$Ea?Gj<?3x64v!|P^?0zgrW?U>@3htCmqkK3I?rE}`0Ku;Byk69g`&ZU(
z0rg9r5#f8Ab0siMtbjQWm|jk^fc0DuCKo#;oHM}_CO50|OY$?4(vIQkr2P~Ts(dO`
zyoDjVH|7e+Mknobk5oInXo+OCvs;KiTn@9A$tdYpD<lc8&u_4fVH5o1owIdJBHxWP
zC&y+Qn(x-X?yTAh`{RgI`E{QlF3c4JvgfB$jCdO5WfU6|^+Z@RmOOSiAE<4ZKsw7J
z*bVHy3$JSVDMzZ1j_Jr}v2W>_-8uM>(rzaNHgam?p7C(4Pm#evxrz4IuZulZ8EO*h
zD%Ji!`~lD>?pEuR^!H<B<pff1&FC%$c#`T~yGVklO(bvgi*+G6T4b{4(zWHWQqA2>
zZmrTAAyJW$^F5En<m(^cL+Yw@k||j{5YZT5K$Cud&EUe-?)n#1zt5#7*XuHlS#0jV
zop!F*<o4aj!&yn}?;`fMmK{WVWvM@TswZ~}%6+$0-@pF=Tm4=NT}d0oI@g=~lc0>$
z`X`K|ZXa+~vYO=VGDYduLcAfRt~bgs>>gf#^yfvR-W>UxK(W_uuJb~Xv)17pf|?BM
z;#!S?3^LL6yJH`y10!Ut3}S(g@A=Z!+O(AK)<-;rfE?!mjIvsDV0}|SkFwuSilBx^
z#y|P>^C)J$lZ<T7AVqt)-Te@PY*~%uxX-*ADt<**|IVRX){*WQOVa6aEC*`L9^~Vi
z4uR0<;*d}3$aJ_nVti~CZRm?KaSGG_^~ZnYKMsVuDxrBCMbEWY)Y&puT2kUZvP|<j
z$3RRrz36&iQrqF^V|O$*I~&~jAqf??ZsI92?}38`=2e??UiPmuAtz4ob*6pmLe6wT
zlBD8s<2&;^Cbj~HxoO+m+g#kBIP(yj%Qjrf^Hx8pPX2HmTfH$~P*%3_I&?WK;9(~o
zlm4$9pZgzJ*C1aD4l*asII;}!Z#lL9vQtcACD30b+#ETbbjejNxG7x?QuhD=kc#ld
zfv?Z6441ow`R#eV>D)c*;b@vsS!tvadZFP){kp*eBFb1q<1IbIAF252@)VG`@Qm`1
z)hm1a>4;^M;bO0-s<9GBj4)B9kpJz;O+&Isr&jL`27M#j-qxssjoH!d;R>X()*?^T
zA(+(HC9<3If5%WS$p+bf>$HeA{U!O!-*Y-iGr%k&sF>xx-;9KE;9Z$0VGe&8CpQO-
z4`B|;ZDD4*E)zp_?<g^)V+adAa3g#|=O6w9#;{jDC2K)0`}Hjp@Ha$&Q&QH6OCI@F
zR#xVY6n9kmzI(#{=W6(E#gdYe0A@D6g%Pq}A7)&?=&nKXznYXeU|MA<{K(-iEWEQ!
zz{r0rUt5;Rft14r(2SPq0MN;s8!Wa83K85cu5~{<@d<rai_;}+TE$_|i_h&e+O+=O
zN3q+cF&!E-34_uBIRF*8j?_8&05}KKYlRKHe|`1p{p6o!jf0vBg`b@7-Rp+*s`^SH
zZT^9QrK}+~?z@{&A`Eh(7_xG5?jerl3xbXBC)l@g!S=7x)7L4-=;~M#930#m7?QxJ
zq8!T6-;soUYX&g8SNtultvxX3I@Bb~IsN?^-p2zUrP7F<9j!g!6j2JUC@Lw!?O`Xw
zR`7)9MQL)t*9LTe1;}v7;Ho_t3H=Aay+JQtaNvQW2WfM3{mfAPBRG;yu6ybTrJJ~{
z?|tCa*l5)h=EHBn?A%;nJCrXMy?gMV?6`jz-?T#T+bgoOEmKXct%w6*{#PCAb5O>A
zF*l84n-2`27*;v)=!hosO)ptTjHlOV3Q{285B4|FHxZdB^FhIxpohEE5YVq)ZvW2_
z&_<WIH)^t#_|}9;^mg)#|6IzO4|7lIuMBM-rRdll;q*(HAB}E{J`}zK>D3q%%sOt}
zV$gV3HFRF5?G_c|=0z;Y3S0IfRGmR&6e3kM6SPYRF6QIMhJ0eo-u`=UJ*~@Ec&uLZ
z+41o}j04?1ip1u1u>^o21z23bg>fULeGTDLpN{byVRm%)7mOFPe?M_R^(0A7a+`~R
zujp>dD%(Ety71?L>E!;`Bks2BekE_7#zWsPu%m0}g-nsFo5qnYi`M}y10);rs-Se@
z>8oyl-#zHRb$~YA`wyIY1R00-Rk_ida2~;qJ$VuT6m@{@l7D+8SeK=tIPpBklm1~U
z5Cz4P3|D22K*db$o7c?2r!TxHkOX;zH&-d0s`&D8eoOiIP(yC!CHCkqs!}?ud$q8l
z#eQ`yLiL*cIJz9*iXc(qmVkitAn0-dkT3&qnH>0Hs@us8{YQ@~5zAvaWIyvOOZNI_
zc+$3*MS?%4Ygxrk{<>>uwjQc2wSPq;;d3~=QI{2uWXNzgCO0F@J@Nv=c0B!l-YPdz
zil<Z$eL0HG(P};NpiAL1)+}xbAC?g@^)KF;9G7$~AILG3D2GK{1hNPIMcFLxwC`9?
zmOL}e=(&QTXA*qxc{((-Benx7yd2%5lK-N>?Nu55KOD=)PAU`m2lr2fG7F6?`~9tq
z4V$>K=%%?f3m|lm#Cg8le(X^THR3W03+EF5kw_g=)09UOd}wyl1Dx)f@6Q6lpX95n
zQH)3VzON%LzMVe0Kb`L%i1z>IXsM@vbYAX_YSGYcR>7$@FK){EvNthCRsqe_aD*$<
z<%g`OTSkUoVO_GXOe+9MWk7%2{3BTZ>#+b=jpzF#VRSX5-fHH5uQ0*>pW~(f=BR7?
z?I;KUWUxRZ#Hz2<%d9*8TH`Gf;TLjqThpF}+RLXfR-f6szV*oo(~5Iv6tIt51-_A%
zQxJwG`@#Q;YHE->j043ChsBZtpZ|WP{#uSZCNr9Py_T!qliPXMfVn#VNNWG*A$h>m
z(t%0oq6`(xyN^!)LGtxqET-?rSKHQmF{Tr&wK!geQrUM03=>XvLrk3xJ*~Ryl4&jm
z`hsuE{(aN`?I8a*lTcGK@^8?Gj@xP5mgoOFR{5U_|1$knF!A+B+8Ax=vAkYGO`~(q
zv47$%0}nLL9=*)0O&OP7+2!kvx4hf#VpIb&)Z449+nw&s0LglOC3K&62pYtib%217
z%_=sEWs9T@8=NA`H5Z~A!k0rS)iEA6wCbVMra$xizn!K3Zub7qe*ayiv%(qqtzb1w
z=_vL9)P;b|H-!p<0N+pmG|E4->zU!vo73gTU(34-PjFzRw?>Vd=MUW-)ZbCQ_FvlV
zT#Jpw3!F4Mk@Kwe>0oW!<zHt$p?Ug0Mm*%<eS1D`?7#Ffh~1Z{g*zyHT=Hs;!jOep
zoSu}ZA+R|~zMOYcd$P`M>ko`Jql3n+uXM2z{_{s{=M<T-JONBsm{|iSPklzTI7PzA
zR>lnlz71_$t4^~j$y}R^|NNOw@G?$ULIbhsqn9n8Ah6e15ku!%w4R&@U6K84+<HrQ
zM>|7Cp~N!e6PNvD=)ZdW^0Qc!Paxsz)sXZ^=Ic3+jMM%x*z5?bzj;pv5?!mv)SvS2
zd6_SB=gpN^OW2jVk#G4-)gJ18|I|J`#GjE^n_Jbh>b`5u+I+U=Y$18)&tq$S+B*mg
zw$J*3<SdX^3@3cK=A->iG;s`-T<s$ztA%#4lc~>MN%?2I2&r9;gO7d3)_NB){&@+e
z8QD8K<2nJCT4X;)Iw7T1Sm*qMhOek4V`?*Bk7&&Lu<!bD3PR|q<`o;|>q3oE2>!$7
z&RV%Ydun6^39sY-(9(F?Al*LlJbN-)U**B=G0&0{zo&>+9wuUKAAAWuwvk2SIrwQW
z$mIBh<N@apS^D<AoYbGYA9G!tFyw#z&$)t}5_IrmG`{C+gvKV_?W({hLXTB%djxJ|
zh`&iJO{_J<fn?VcKMK>10_{H<8(%P#^Ydn=N5H32azRSuUVtx1mjhuGQ?Kn44d{zN
zJE!I<rs)3urgA2vAg4=-aM=VC^$^B~yU4|ZZSY84Z2LCy0@tq9&`sdKU#WdUIwtQb
zvR>`uozq`#ntI-utAg1-o5i_>w#xYFbK>CsJdk^Qspz6miLWuxHpk@QI_N?81$z*T
zJv{XsIKaPt-V!cR`c@EN54I;$z$-cRh3>WgT@ZKUxWY61|8(`$0ZoP7|ClHsib$6V
zNOwwzf`F6mkWfYrX-5qhf}}8zZbW*N#7F^=?(Qyu(J=;t!S~|({{DD>e{H*a?sK0!
z=X1|FpXZo9wjEAuDxl<4xj1g^GC0hpdCa;tRt$G_ub^5{a`vQTOjjLTN1CJ~H4v2T
zf;-To%qs#JzFb*eF^E-MHv|apXdOq|6kAzZa&WOJo_d^evU8J|^*-Rvc=Dty(13yl
z;6CKNIoxkn90u&<6fH^D0HgL!hQQP8lBX~umF^`_+t2A3)Qa5dM-xZQ0L6cC2Sg#k
z2zbSLU3~h7yZKqnw@i&bhCxQdqF3&O<p)Ku3vs=>b?a8yB+c6`ZHw}09l++fl|pY}
zY1wI3%Ff+`?4Tu!%9@$^^>`crW^j)?;S7QK3ghrtw_k8=tH39=&Q_f!dFTGgZ!N{o
zbAuF<msR^iZ@2$WZ;)x8h|#Dt!iwwKJFcu{5QT<@Y6FjE*|0XOC1p~{3?Q>70uGHi
zu}%W0I7-gv6ALp$cY$**R%^0L6>`7&>#?Rh5Rou04325|`&)t)iyGp0=6ouy`!Ydf
zWGl^6n8z3(&H{i_+wF=#yGLzWkn^W7Ozjpy-o@MbVd}|c^!G7BHdXV80t#BaemVD+
z{6K(6T`GWxYwPLZmSsMVbCMeV)n0lceG_=9cGSaAf4SFZ#MQa`kIcllL#^STvxc-h
zBOj}Yc%i#FdT1etv?L#H<_=VojLJUjnPA!NA_Rdiq_-x3Lzws5pqARJu^ed%+IZ{Y
zVYE90z*Ab`w1|O(#KczV@H_giK4eUy_0LVN6MXk{a<Hoq-6BgtK3)$kkuE~~^H&E1
z1%aZ<oSprQ$j`MX8r?$Yl>mI^AR53@N#e@-fCXXez*SDKYI3vPxs0+`F7fhmd)5P(
zsMPlT-C-Bgn!v~}^ecepNA^xIJtKQn!Gj$ojS(o>syf+C3gcV1LfCjizkl^D&Leg&
z%zMlpJQJC4;|UAPXO;)D2#}?q-uT7f?5G=5#|`Q>dbEc3d{tYAO!KU*voyh^&TFY*
zFnTp?cM4ichxuD}Y>0qkS2crJXqAvm&oewzU+IiSq(nlczE?h=|EjG=b+%5O6Kcka
zNNp(vhSt%XR15V;L^CS{Gz-zm%9qn%22nQa*gmo<1XKX~V@lEl6_hJ$Bh1gNXesx~
z?u;;Net4JUC-o272cvhK{_A&U{s&jeSh$p85+XTVmDRlqdH&}w0ur6JbW15h#qL}N
z05?9S|B-U}q<AbMz_3qN`w9_9YE|rU=4sH=p@RO2Ujj#MbH~C(S{~q$zO>rYG{K=)
zP@CX4*?-meKQB0-y<Y!QVg%yI5?4ZXMj$1_sN|ea0_k)2Z*2&MqBT?fqIO1@A>3pA
zgPl863st8lau&vrx!Nzq0y3<+py2V^930&Sb`N`<2l+H~stKkP<%%U;ubnT!X3u_&
zNXz>gk;nqVO@fm#r>2c7HfN@Avj)nY=_eow?B7+-qgIB7BVu+!zvTx*GZT65;3swr
z@U3rx&%DQSZ~W~aP0USW2cgkZ+4u2htey)QiparUB*ez1OeVQ<Y>X3o8(2qwFu5w@
zTi#P!Yijksl<pV0m#?^D(bn2aF$MW^XD=JR*<p^4F;J8=n9VOD11Z;{q1d2Op!Xt&
z90AkQweA@i94t1)pHt!w`jSV1)E*g(01(qQv4Y7NTE}E5A=0$7=Li<%Tb=Hl?0Hyi
z1eTbl9#7@;mTW94rjKMsyvSIK;~k$Ug>6=Y=d-ocJR_#2!HrV$m_Fu_=gwb5?R|=9
zXMuLI*L5T2#Wqnj%hSSTD3j@0LgWDR<CHw{z?r=d47JBxdQ<&8-9u0%`;nA@-GO%A
z^DuyL#mi&dpb7tV`NY_Bl1jv>?J0gwQ3l|`*Fi@|O__zS6Zk&at|!KpF*VMOvVjB@
zYLCQ`2w$q3?U8lMZ1Z|xIsYtuYpH_-ts@Mb{im6~p?oF<AwrZJgjF*pA-q=|ZQVbV
z7@g8*1EDt}(6)`nR(z5kgL9*3$_H;rbncbP6R&LsH_w^LG_HwZZ8i>KS*u_Ret76q
z=VeX+@tQ4q#d{QGTculg9$$R<H{7t{z|>&#a_>ycx<rHd(`*zSrbVmYW<F#YI!5yq
zI`Yk7_{6)-X1f-HJG=oOu4-^AU-rpWNz4*bGcA-OeW5;_t1?z;Ct2~al@ot~g^%s-
z)XD6MTBSNUe@xDgMqzsG3~Rk&?eY5zo|YR2Q8EC|d|*PwAU)`Fo@)VwE(n!u)(+?9
zm%jK>nIpmQ+$xLFsHW(><Ql!G?rxg2=2^Id-sO93F0q}V?TA`Bln5{tOyXWCr0LIP
zwT>Z!mBx5OTo<qRTK^`I1If)hO#&^d;ydhTP7bE&FMI}9SyAH?>Lu^&adC5JX-Dt0
z!x(4t^R=FB%&UsO9XG<-@tpSEACBYm*>!?g=ZzoPXnh*)y)3f5JnX8t>)D2weHX;&
z9N8zmsa=m>kFJ2Zxs5f*xOCpCJt(KjwiC18qVAn^$mx^9yp}$jk%3N4GL4SeO>eKJ
z<3|E&mxR(grp9NUmw!6mVB4^Ao6Y>nTd(OqXbnmSM&V9+-|_8U+W3@5Yk@Ki+#t{Q
ztD+1tjapGh`QT$H34+-W4c%oW7S1n!zKsdVOoDD*z--)hzk``5l_BH(d<nU6fh&(2
z>m_J~!A1p?e6&2>2e@Ki^oKl1Fpr^lzt8!fuY5LYrlz3nB17C8Lu)UWX;;9@Xj1PT
zvUx46xc2;^N^;a$k}rt7ebd&o=4~6be5OYI0s0xhml`&C0qtV(#s-#{+qrG3D191T
zrJBC>v!v0KugD-be(YDFwbT)h)cdrC^MLLxJD+oZhYgo_@1Z%%S)AU{g6U;31=l4j
z*TuV&tzoqx%(z!WOay?wzl`J}lFjGQX818_&(+?E)1IiasMv-UmghAi@?ne(=!J@b
zYN%eLZv9lz_C5$Ym4rUnfnV<1)t*HYZw*kRvcjjE>7|Yd2pIH1uU~1yFiSc1m?K3U
zDuEfl8yT{WB&CT$Ia3jOFB)rCj&)mtG8%r_`_FkCbtZ|f6&Ze-5J(cnzbx{xDFO&C
z=YKJmiB<Qy%Z^4%;O|nG*R1DWDMAhktJaSt;Wm6S8{X}?jX@h)sFN1*tu^e$aRjZ9
zO&Y1hxjw_E6Q?OFv@9NQ0vw%0_pe8FH?V`I;C<XYFZSJGaI18;&!plj?5SRVgP<*S
zY9k+Zy-GY`Fjf$g#4h)?q?1=?IuP`CC%%<faXJEiu%~dguT+Ay9zLG%@DmtfZU1}W
ze`2MUkahfbBLCq1$WZ&mnFqsBHruB^RcWJt_+AwE<DF69);&6_o}d1kl{?q!4{g;p
z_ex%5gX5$Mo~NG$?RdK?h3r1a<MsmwLtPPNOnirno(<Sk&$OI=j{?dD%zA|_>lu#l
z=-cH<1>S2c%*JC{-wPL1u_7t+2DW`@+R*1iAM#ol_V*Kz9c&(7Yb;_^>6QKBWS1(}
zZhCsUfS9jAw!MD$<2{nLK>zc-HiwDsM)+_9CP+p)p|baouW*d2!K*$?e?a>3hLuF4
z69EB#7QIY~7SBFp;rI9KX{OnfN-4}K2jOZO%bJ{n(#7Iw?d7{%8J_v1%5yj)T&2-n
z5DP^dKC8@~l{{#1;2RAT!)6t^bf)rI1FI)7`TA#hV7fnFtkeeu-rL>F?j5ncqm_NT
zlZ-iN&8WSM8;|+cUS={siBd||v_C6-KSzJIzhxk_)gJH73uhG?t;p{@6EKD~W1Wkm
z4Ofl$;l%~6*9d+O>~&^F>9jO9RvY^d9t|z<z^C(CltMtxnkr1g$iNf+p@z?S_V~?$
z=U5^B$hsBx^It1WSiOd+R0>*h!LwU8X`+|EOaSU;`U%?i^eo<jiHD~*NzAR%vNwgd
zyUaXHqs9Fa1{mk*L;&dl(tP)>fF+;zp@yyP*DU>YuciDoqRL@FwdUkJJ3DO?38+ex
zN<0$=z%`e|G@URkUH9xX>TJxaXjtaK=rZ5-K*lf_PSSX^4zh_};Z7K_mzn#Osb+FG
zyH(l=SuWG7`(;OR^AR8wO^oWtND)FgYCJzHC7Xkw>s{TvLoh%JF1H~xSTq}ce1fE7
zw>F@t-jNtcCJXF<o{g_$dZ7pmz?TY5w$^W1l7L||V$)8g(<KGZR$=>EslF21qTsSE
z^MZzcejSaS3A&rgbG(dk;HRgMy8%2h%^0V~;MOC_3etL}HgW`L1JB-W`6_I&8-20q
zj8i#!Gg{~iAakH@*gV^D-a51O_;C~1tdEiD?vA>$@(?qq&dtsC&(RI<ZE|3@RE>a~
zSZwr_E)vzq!@luK+eZ~Qz`|K<#?w|-U*41N@tT@WKW}zL7m54wFTWuzm4si|o{f>W
zQP1v2(|xtKT|BSBjrKc~$}Km;;YPWscnv5bJrhu_Hhq8Gs*yV$rFQMAnD&z4kJfo=
zbbd){rkB3bU<fcl=q`OSAf$ION`eDn0gCwbb9TQG_0Dt4PR%6d{KjdcDC_QXX=Htq
zi;QN8O$tA9@ATe-+bPhXiGpO&&B_?idtmO1xn3NG_)Tw1*J_FR9MY;xy8XaUwaXko
zfw>M(@1AGRxuHF3FPnn!yPpE>IHLEx_CuA7><)2pD}|PNCOh_Yzy><XRt+uxBo{vi
zKO}0uRK3^{Jd2~<?j?gorRXHPPH%_N4Q7o=VQoJ;^x<(+Vo^<p0~^c-$5n|C7TGVE
zA}hRgOWjlTlBeAp2WoKH2r0*sV_FfxHQZVnH1y*1NKRs{Q0u6})CXK5=3;r^*=+QA
zKShW#e$})6vS!o%Y+vz(SMf8oq)1fXJ5q_4^XIrxi2cVH7M@er16QW>Ukm3I)37WF
zY@ybbx>z#;KvZB{56G#(1-|&4v=U2VJ=(V7F_Nv=?zaYryF9iRGs0$BC21+r@hyZA
z)Va~5^r@IymRbA}-SKj1GaY89CbMj;X7wB|Y=3j~%@@LP0DJvj`2ON#@GGW#+Fnym
zZfi3|(kjkG|01t)cLMOAnvBJXRod(hW(vc`NMMv&Ab^Ej^%PplU+uL@oYV;45~VT4
z4^em?F{z=$#j0$&8pxq|l<9!Rt|!a@2gisgeVQZe8`%5MJTfuxosF?ZO>F)^3%~KX
z5u&dcGzag?m%z>LMhYlIv#AYrS^-(FXFcM1YxkIwBrKw6Y0;Q<xyI4{omxe>$KHqS
znaS*CQfd9G;Z@ijwb@-u+HBB@y8t{q@2ig{R<gwFV1yX;F7A9)dtCQz?_GR3OSW2+
z%QSNdS_Tmo-e>sB+CgRO<Cu4MCFHfOKO#k1(}k^K)y@TDJ8Ou6R2|bX5tqr}7JP8M
zLhp`xaJ;?r(@3{|nrvY3l-#Rcu9DFQ`JOR(>AO%h7-KKcqT6DUuBNZSVG0Q9VtGQ|
zj+)-xi#;pvJ!UFfexKPTtV6AiRjTWcFo7iT4@~vdOH9YxVp$U`&tb<$Ik(grQ}CZ7
zHsNrmf~2IRkpcA*Vm@(GDicSaDT(^}dR$Y44@5==pAxZtAA4bxsp!^4o$1o24=@+>
zQ$}4K97-;B?_<yAtN;MW&6cZu>4Tl2Bel&rn;jDSgijP28F~OpX0ht@ru#JX8NB7|
zHn8$R!uo(8CfOae<M9{DV^ZPP=gN21N?d!kbPJLvB&Z<aG-#b#%|6+_)9|Xu6Iw;7
zLKEi#du&aOlz9Dd5|=|Nc~D=A<C-66G|?~G*-5KdjkDP3wFCHJTKyZDOqUgN@C&wW
z;LriCbhrjn<2n)Mh=uR3Xj?}aw{+FV07?eWFnipfU1{YC-V#;s?d=gSjXTjw61lu1
zeLCWDZ2tV%wZ7hSD<oIM_JRyId;^X$h1+a<_NKtA?Hdo{ZRDWjuDd&9d_MShy-Dyd
zX~va*T;KqW*PUL_u3DNyb^fKc*i2R5@Nw0pcP9Qsn)o=1<sONl#8Oi3(H`-%NP;tS
zdsALEAZkA0;CL<58n+@GA-LO<aEOh}sMM)y&SzW85ZlIhCeii!GR=5AyUO^m!X7`Z
z05fnaX^ehw-AAaoy=O1wdKfE*p8HSJ{wnU8mJwKb2Ire+DiexP6&JDLx5f(7;^Hjp
zw|~kVwb8x9^bD;QS0zik)LQl@6_1-t|5&@IdCH@#`=@1pS=essk@UriP%(BE&`?$M
zztnHs@b`4W(ArJnEE8cH5&ZOu1ipsmo%))>7ZaiB^WhTMO0;W1XikKU&O5EwO5?i+
zzwBDx5bj7Sm$+ddcwIMaG3gJnU2(OjZ{NO|Kl)})13K{Oj)MHWZH8T`fF+ktmtx}_
z5_Lx2LFd@(qvBz+J^0#!3mUOHzF*!;G)<-ADSOTLub%q;srXa6rqW7(X1V{k=n(&n
zYghc=H}n7hjar9lYtrT`5u#N^?w<*KQG1gn?@K5+9PWJe0uH%38I*wpzI23;%da$-
zYQRqVuKXng|66^vS)nzm&X;qsj<BipjlX{>QyQ+emJ@sPL#(*#!*;+r_$tcwcBi$2
z-m0YE%MQ%!IF370?%i>`k|Vd~<;zBv{EX6!F6meL|IbpPE?+p&cw^cm-(FE&BxLu6
z6Zdx@H^$eI>1j3)#Lm9hS?z&t2$;=@`x?Q6PdAd&OI)ecS-r4L8bt((K$U805iI#d
zMX`&>y~2iKRXe+)sHm$}G*Qr1jx}C{aAI$aMxF1_q#G98LCB*wnbh6fw!Xkmej<Q(
z^bgVEmbG=Tk#QOI)j7ac!9hd%lp})B?W5-9R6BC;iM9stDO?SX#!E#}GTx0s`7P-C
zr5cxh{W3iTB<`HkU7dT(EipB{1pzNnUnh7R?5yH5RK8_zIZ^neEfi@rIcrcNB%r#@
zAtByI8aMUA42L7EfKI!DhC0Za??$laW!9@OE0V;s*v(d^LYN62KZ;uOR`8b;wZSe|
z>C`CZ#mq*`Q<jLfHC#@SgrRT^!=oZqZa(=F;Yz3H%I4NaR1@<|$z<g<`5>O&UL-)*
zg~J<vP->|@$p^*)sCoS7$%9b_$+{7gty?S%NPJ2TzMOwkX3hfc)F1jihSC&920FPQ
zr{rSv`pX-K(sZz$9UY<6AhOoJ1(ox?I|fOiZJevFB`&TqJ}t>%<8M6+`skABBT|wa
z=P8z<{xgzc%;LE3RaI&?{QV(zHo9Q2zl6jTnEWp_C{8}OPy+*nLLl}-dk9x3f;PYH
zWLvD#ep=P~Cc&4WZ((6!6a`YW-BISkdsCe9u*w3PKi50IaKHTht@OtfenPFnYL$tF
zyz$52>qn(wVW6UhfGyblPmbI_{muNrgZRF=0TL#m%yn%rH|Xu;j89r7h-;fE5tre1
z+1wWBd2e%F-PTqKRp&>5-q{)KE9MQ%y-pz8R@Q%do4h|$!=TJuo@ewPUBTE5RgL8l
zxq>OBlT3$RnGyU<iAc3expGTOK{y$xtynY=6D7jsv%6*H2ey&ZNfkp>>$5>GcS=N9
z#BZB`<?0O$4M#>s@&a+UM@Iz+HF#+0!;tXrruFsS=#3A@+5|84Tl?n1SUbyvsbP=F
zQRW<+To4Y3yv}@SL{e^p4rcjS3*QkEDh%xqOu2C@5#XL2yV|^;zJ2ebVYaj_<M7LI
z1$ku_Mq1|mCrAZo+_yhQc8{6{>HgW~q?EoWDwSouA}2;@3QBc_azYIDGYU1FvQ@=f
z6lfI9X)=QaN;C5J2l7r(;iUuY2FH;rdjSd|3+pP!ftXfN0PXo2k|i^?3o0nYJ&n^4
zeh8a=%_`4r5U0Tc0kvsrKPy7K-)hh5M27}^9(iC!!|@|HEbLK;adQHF8mD~V8|&8_
z=l2k$^BjPvpmrW=2B%sGTXP$H3sxS95{T2LN`Az@eS1HJ?zZYNYv?|(QR3*nP5jBw
zv^gqNn9I>)z12R^W0)lmG-E1~fsu!!2uCeI6VK!HknwuRZ)zB2X&3{qEw8ZU-7#tU
z0*_Jte?o8Jm7o--4-E0zH>UIvic9ZKbT9?i9Sg#?6XHCNe`3%*=FY=T0-8FzAPwWc
zzd~q!m`5UmS55>49dxW|Iv;)}tNG{sRL?T^tq3}rG+<s8W#m9}4hxufb@;|f!!?Q>
z-@Gp@bo840S6vJ{re*vsjOWdGP}5!0k%6V%B5{^~6W}FJa4ql$M70Mne*)P3bCiE(
ztT!|DzaKU4XG1fm^8VxPr2lVZz<=fG1IJNP`_Va>tAdXg{v*QGDHapG+v68HdaeX9
zK_DWsKhH3*LCfjNpGP3hDd$MyB78+uQLpO|JXQa9*_WWe$hw;;<v$)#^;;i^fa5u1
zhj@WfzWfE+Id}D3Ikh_OU8VH`VmyHOo|M-ozW=_{BO_5=6-x7*h+}Wnj*P2of7sJ3
z{65`p|9-@(JP!Wn_C@;s$8LL#BIdX5{Btw+E-fY9sih+;1b3(YK88nWFlO5YRRbPp
zbdbJc1NuG<ryeAO$Izc8;@F>po*jo;gtaT}2~PL8r<L$TV?i0Q#C$yGe!0BbEWdA?
z>t8jL;0=+XLcXfQudPvFM-Lxp8+?NFM48#KCMny9EobCA>{+B=6;lru8Q4`f7UIZ$
zwY>aAxG!5lOh;-N#fM<+^P~Gq5%Z+{s+6zhBL-SxE>lNtaPE}``^{uhVpW*(82a@;
zre<yB$ffTv3nIj`)pSQ6{;OL8Yeyi=HLV~TKV~NJt19@3RO9kLsuAt>jxQv@k24m$
z{^`O<zRVM`OyrsO?RuO1hvVW=G*_2zk{Pt3x|9)M?Us9QuB!V^qU>m;8S6KRa(5&#
z8^5~rxKL0?w^~Rqz@eRN=l+!femQZAIr@aQ<*ldEjwtW$ws@!^(N)O{&XiYgI8-_H
zoP?Je{xQ~&9a$?;M7!fy5w33R!n!NY5NzPHOM6wgth$$RwVpz;I<|BvVNEMSkAdgk
zs`Moawz!|0sNJ1N-JPPq^~jY=>bYvDbqw;#*zQ{<7{@A~Il2?b70c&dI}f(-&jekH
zNr<Zt&R(tJJRaA-9UV{io@t`gcm>R%-_yIUZX+<I>5dW^;9GlwwAhvR5Gz?Y<2)2W
z*xPr1FoWNEzkU_r;QNp@FsF?(ylvG^9BCSOluNh@W5R4m?y*%HC<xjo33eJA4mO=M
z&(KYk80yYJqc&F!(oUWGMx7n#ppdH=j69CEjO($?zsws}_(3X7L(!m^bmwxx`05_b
zi@rSCFn)B;yGwNU$k%htKV}CWf4{0uC%e0Ug1k_JC7z07%F6`x-p1qn7rktF76BYU
z@F7k{{k2iya&_pkB`?yyO=+T2;I+tOgJMsi7|N3CO@q%LJ#zt@NmD%;0<y{|U!cLo
z*KLda*=>g>-hMmro4F=f{=|<3sK~F-F^Q9!TB(+@zt>T-h9sOrXra2cLVy}nmS>_}
zy=g&;AdPKI@!*78E1NFaTicc460BxrX;8ntO;T={Hz?eRy6RqznSGPG>{|{;)$QWd
zql|QWOU?bMh^ZyKwAD?;`*I4zj^3$Yvy$UtV-trB=V041l+<?IQQYv2EN%AJImhgu
z9|K%gU*`kLheJUcabR6_zRv;;IdxIyWjYb$`8c>YxMqykB6BF~rsAb6STx=aMijAc
zjy}M3j5MmTj8{rQOB^?K$J{M;UkQGGdBuz63soYoDXBVql9;f?Hup}2<)s+-Lv+R<
zblPJ1uf(8Zr+_vp<(lB7{g7a0EI7ccB;f@5jnRJfo6u`o4+t~7d&6!;f}bd;^YuH`
zJ8?jTsO+Qf%e)mQWVExST+m?!PvV+sp_&Vh3Jn_V?^F6^OUH&yoled-hrDP;eWagO
z32=#iKpY6K&(w{GK5Vu<+(oIMneg)R2IMZ)@xcJu=R5z$-P?HQ1zVq!64UX9Q;LmQ
z|7oQYH80(I|NQV7N265JU^+50ev`iZIEhV4V(f{r33i=j&`J%P?POoN-cTLZ!+YZK
ziA)xFCn+K}nP4yCUz|VNml38!idqIK^jmE<)Z-ycRI9V_)!pR;j`_&Z3N{nYi2X|n
z4R7T=T6g15d3g=hr?(bNt3MS?$pC&OpqF0bEvGOOJwt*+LyH)rfHs2k+CZBG<cfF!
zGJRY^f<zChFNp^UO4Zij1h$_}J(bOBTolOWd!e@#dMdAZ`txe=IoQcFPnZlsiNgc_
z{Ln&`#=HeT56n-JiWrVP$Lk5)p~@4FV`MD9kq~6dP#y=%ld`loeI0xxBb9T+Jee5E
zHO|L<9Z<d0oPK0`=h_V|i#)=VS_VDZ3rTG;#uT1|=^v1Dbax$}2$!Jm>!>)=mL(m_
za!b`BCH_vUq4g{*q~B<z?InyQj?~B6DpCj>`7{Ai|BH^rj}Vu=F0s~px>IC$jT|^3
zFpsh~VpCCR;i)+8xjE`(a@wEF*v#;!I7k^|R{6|1>!1E7^+11Ks#lB4VDOJb_52l1
z{qoKR^bs!Gf~k#!{FK^1ml9~uGp4(FBO=?q%I6;v3qBPq#Ob1w@43leZB?Iq=d!$o
z9hJ0!^&;X#TfN=G!wiCV;kTV{wHtjdu0Vn>7Snc0+<KDu+2$M%FwV;8<&hAGBks@L
zSm16sC4z2M&BVIc7oB0CU%Gi+>(!63Qw=i`EvpS#d!}Qn8B6-bBQXvNBQtzf_l<j@
zsSE0)5vSGC2R9}?fHg+@aNy;-g1juat<hc<EFY8`S3YazrgL%OPLDK%Kn|+wla*;M
zZ+x*})h+)0MaaX?PW;OW)fM9ynfc?h!0|+kw#BFNMzerzuc`D4-7Q+hwMh`e_3Y*W
zoosHwXJm}zC4Y&d^54aFjAE{GD!jZC%gVHBD=aOQ6R03YUgc@L-ft&9qeP;GF_I!t
zSLh|DPv!J))nfoJ3d|pqT1drz4Fk>O2#5$vY!|$bFfL}3y%I}*O4h$?zWoEb8~#j4
zma<$jHz22FV134wceK88uyMt}ytOoi3P+Lmf)l$ma)aBIpV~k-e_WFC^cDG2KzTi&
z)G30na)v!yHE0@DGRU||aq<1Swp~mXE;!4&Pd?zfp3~=^8uWUZUHn%t;d^vAb+^wU
zVkQ+N9|>&Cmm)gPBeUdRM`PY*+*8ueh=G6?D_ue!88zPz2)x8)nuOM8%q*6sc-@J(
zi>TUtQ&T<kR(T`2ZZ_0h;-66E%qMy!aLFrV^_J%WtueN~`n{g2{5=h*h-#I@RtB;)
zpj{J*u%Fgj^j<OG;gRZkYryA*F6_cCS7^zy0==KP^M2q>m)LN)ob?e8|FhVVse~dN
z_T$l|FS}!SX7YP|w8$6xN@$G<0%D@;u58@j<@u2Nv|*RP^=jfM9<2K&blN~h!Upt5
z&YbJMF_B|q3h)PFYw;Be`sa~4yNiR~qXJN-gUa-nx9%fvo+S<TSNs77TUKziH$B>`
zA^`?a;@Ule)zwFo(Zq$pk2rAW!)Ju=j8LW3eEfQ-K^>(WfYvefU5d~|x3x5Cv9x+S
zl-Qk2DO4c^Yqce2;!pK-Y=uu0XiLm9EGR41t<dtL_ije%MD%Evy&nDva&>vhmEOcJ
zwdz4ap+ww6iS03>Vun()*mkecZX-f>Zsou{+ABE{qvM&^#q`j{Vflq{oZ)1!+Sd&w
ziv9>FUZAjE1+3@>S;_kVxTkq*Q-htxu`Q72{$QK(LP|PDrB!=&+ohLKqR4zf_ye<M
z<KZ#K$tzU)I4tyT=;X96FEFfP!a3d8(v#=?{XHDf75yjmvz7W~BOep1mJ%2lztX6p
zMbu*jJ5?<u6U(MmbeZb6lmBU{jG~zD33aLG8Kp)Pb!JnTT9vLdE;9!cxBB;eB;oWT
zMo~uxwfCmZag<OfG``kqoIVJti#*WBMe2xocT!6F7KNd~hW$j9DR_T#&EnXjIYyvi
z>OLkVD%{2O!Le|I(?>$DM=#%Irq`uCw}?_e&=#ldF!C6eB7q&5(V(ua6bPJxPll%}
zL&tVfH$bp&S{YxS`Ye<cL?@nIL7nrc%bD^M-*tO<YkvYd;vlH)ghj>&we@r9=dmcv
z9fFe0T!A>#%Wy_$);yco*D7t+n{~!rgObJ?@Wjqs;gv7n&Rp6KzBGIJJ*4FlD-Gvk
zD*4JA#xTplAu5G3%+PSAp~q{818wbqd@y0_-~T%PHSF+y5avb`aN6g0@m0DwgUQG1
zy6V?6SL}iz1UvF;WyH*i_o7+se7u!tB(?PGS9o(;k%;WuwT@pDIq<(Da#VEQVbbq_
zRxet=c{Q%y%L7`mNY(RFPxTei*SoPK;cYsoK_|Xv{mb+Zt7h^nQ5pyOPKBtwgvdG~
zj$0WHtGckpJHXbD<dL4e$;SWo6-l_<HwOAyg^HnKH|5!6dMtIt9=nC^lWa39vnxpN
z*KHFx^4*D!7EhCe78S<n*pWp2D0T|#U`J0&Q#DgCk_*BehuB6t9~CxS4XVItv=YC+
z8S-tA0@Ku84fUQFO8WX1AvkA5NImCnnm;|G)+(;)sWPBx9*h5>e<)OQH~b=7n6Fvu
za7V=DRfnwk-Et(Y{L*53BLU6MUP31<q32N=kUs*5{Bcf~{X_LoNQYPW*$r^Wb^tfa
z-zW<DdinB+so1<1fg)0t&WHYJ9wSQTU+GMMfU1rad-X-;5v3-(a9n2BdP8rD?O#uU
eFRu<Rulaw}7Ht|PF92Fh0FqaIT`c?F@BaXJV|R-H

literal 0
HcmV?d00001

diff --git a/docs/static/img/go/api-new_key.png b/docs/static/img/go/api-new_key.png
new file mode 100644
index 0000000000000000000000000000000000000000..f499194b886c47fe9f69ca38cfc7b9d8f4b8898b
GIT binary patch
literal 58790
zcmeFZS5#A77dC456$M@kARwRu(u)+45>ROdq&MjzJyhu(MF9l_3B7kh4>f^6h=7Q6
zAqfbfh!Cm)fh2S|n@@eue|av><)1Ma3Bk4ZT64|y%x6AxZr^EZs?yT1(407Nf)@N(
zN%zEwvyCTCoT~We9Po{B3*i><cESCzvFC{s7q1@woIH`9dHuwRn<v0Z5B2>re@^=P
z>ETa*Uf;U6G*wg-Q@f>o=AlhgRMb_o@9a0DPHSJ*e{lApzJ4Yzf8)W-3FVUv`Vki|
zGdwJ=NH#X%os{igi)(jzWQ5AtIFQrg@JR4<8vsc+$@zPF#155cST+N<|KAH1vl~AH
zEnLhpb!xoBFsp-Q`1_Y!xqli@{`tlA-AmR#AHOI6->?5?ivMeq-yZS*#UZ*)unfE+
zmX;ioKC?;lR4vS5X}_s&WBpq0s{>rVe<D}6Ys!3IhGj`#gONqWuYg;&Rio4+AE!<&
zCvLEdsnqDs=>RZvcvzgglQPZ6$%!ReGqba!?0zZRf#`0;U`MC-pE~bQT};a?*H&dV
zV>HW{81sb)zK;FllwEJqv>F&Ju-Wv-gCDrqNkFip7T6@-xMCgJ2D?uCd1?zi<Kp^~
zND68iIykLAD$LeT5+e94hY7ff=(|oM@EgB)_fBj9lU{6Z>)-|#sF=aK*ju}ToEKKF
zXNfP~Nr{tOqcF2bROd9Iw=)=6ypOJi_cXW>bU9ii_1?28GX_>@nEEWw$J6r(AC~kE
z(*K@Ju4@?wvoJVns;MEuN%t-cca3{((El^vg!~O(B_>PB+MaB;ftDQ^Ki+`}*U8$n
zs^)p!6e?+==Dl8HR(yQv-K)h+{JsYbDNB)^Yf0B#7dYSzhr2r$-?O|xM>m}ReG>>Q
z9!ZP;LWmgglGMJ~NV>*tE9pIaomLJW*OZl>T(v3EtkKleRJ59rlvJ73Y;6{hofC3^
zbqxH3zDgl6dG?c*;wIr|qmz?%Tih_zL@f1FX<cGg)~uJMl3!|env7<IRq9qzVX@;T
z!dxbRoSH7_SV48k=!Nu$rh(+-yxMkxqcfprf6vDKJpF`k20M%RBj~k%zr&a;1L1Z8
zZ&<w5&P*Vuy&6^<DJGt>JUpsQw9I+d@4&*Oqv?U`v?ve1rtHAkV$v>kFUM>B>;X4%
zkWJom+z+(9i0xeU#8wO7B+Bxd(AGvV@_RoBkBAl-lsC*4>cfP!kYYY9%(DJxNW*eB
z*xIX?R*?%ltLA6%XAACmUP5xGAulv(nR|ysL0>IUhU&XMrxX1B{ZZ89JqETq%=ohC
zZl0rN0X)*eyCz-2Roli`L_|v??f&=#f<Qu11}-QkgDMqSH>vZLvNYiYXktc2`8z%P
zQmk=GS>RE5Ii=+{l)mio@MsKfSF~1He6{CVen^vNSb{z2yAbOl;YQWd)boo8aY!FI
zXs9t+i3hf~D<`0H;@%}iPkSa1G+@4deS<=|i(C+ST9z7o{$i52oZPh=Hym8y`;IQ}
zydSHn>HM78t~F%)y|9uOo#6zYe?4+g%g!Gss~^5;J@ksLV2t*kuB)3G&gWLZJr0)7
z#5`^;*h(X0$s$I=Pw&YjIkMojM=vqkxWbByR^q#I1UCGrEplTdAJ1mJE<}=<^&hLv
zCo#I_Jopj}DN8ts#N@z3p6+M2pwWGM^P#Ou@V=eub57jv8}0M;cn^lLS8e^SwVd(P
zVsSbA*dcCHM`Q?WDV)2uNtF&pIemX=@qb*lk>!7vT`u)JiJY0qTVuk&K77Bq**YC^
zWJ<3QfH>!rw1&wVGTFv^c*@?tubt2p2j!w=`KFb1V;*O5v}PDw7v%k}i_j|mxrGE=
zU~4MKkYgZNvp+-Gz@z`qE-V}9Hllx(6E&qXI3KO*MIVR6z@<(|&VP8YOKVD=q*qv(
zUpXhxV|B92JdnDa8SRz~f^WxvRUSjSG|0uqRmFmCzyrHL#?N>9O?`N|B`a~WCY6RR
z2P>vKY&rI_qjq`=b;9^H0eNx7ot73k%Ke3O-Gx5af0^?d1QZhR5Fzr@pEG_!CL6CU
z(l+y;P~E6+f8uOOmfA&RS4_?wZ~(EX%Zu{;Vzl7azQ88=htryY0mG!l!54S1E_t9*
z(kvmWRQ#l`PAvDGQqyUHq^vBx`B~X>6ID+SJ48?i*{bIJvU9bs(m^Zl!WLxyEx$vT
zx1Z_1DM=a|HJ2GFV#+EQtIPfXgW1Q&5lB7<b&eUUfxp1YT|a%7Qh)FD1C1Aw6Y{S<
zGzTrKeKcPv=6!LE<w`~Qc}snvK_bz>>!VqsvU<qZ5mIxXOPBlJ)929M83dP*Il{y|
zfPSPW=SaJ%-*E9ohbWFxPq%Bkb0pzPc29}B`1|Vm$l3@3RKjjwqF6vWoFSXguE8dE
z4aU}NjmvWpz{mX~z831bdxrFG3_g9d4V&m1=<XhBJzc|{yyMg{FUGb>)roWHj~dKm
zOiC=&+0x>3q9i6J=4YtH00zcaN?jVNE*H^>^r_5L$z_emJFhxjRY~wol0i!SzQ6Wl
z&sEnP_a8O+Djqra?{GG)6w8P!cmD|p>d@q%!(x=rl7oD5LPCK&lNtQ<dHUv{pe{bO
z!^sxK*Hsn!LxY1)*kBoOj_0m$<7SJ|3Atk3SQ3d;^r9egWq=SVqhSe!rWaEu&l&Up
zeD8m+BrCw}1CA=wl;sUg8c8LEOKPrY&#;iE4aF1Q6;7%7g^a90larcO2p9~OER@dU
z<_2e}FtD-=ZSHXlBn~<WkiHokkEO5g-=H*o4=5@w%Gf%8ZhI8v^ZWWAOG#_ArirPE
zW{ZclZwR{U*d(qy+$+F${Q9amO>eR9h_MZ?w(o?ju*t6<o(Y-%GNc_Tv%7KM@2MMl
zvlJVA5Rhf8*zkt{(x~50E(~Fs`hLwL1#pF#xeu~@e98yHEe|hrLHUcSO3asSJ_-?i
zC!!-_v|U}R{4D`{lXs)_AXU1OHvK4CO~SkGQb~P)=^npw9e5tCe(P8_sdg}KYA0R&
z9FtQFgcm-ld&{ncA85vh&Cs4PO;F9NFT`A7|5h;dFna!Z>}wH_<&o=DmDKzId}iDr
zCwo%MbKJu6^Vz$9PxS|PL9jiwxlA`!(x;uQCQS!H%E*T8y#cU89l(x}rB?9l+KB%_
z;E48n{;sBjf#E}v!qRkux|iLkW@qvyg))TZbdx~p>0$wlGEimsv;15&{LV{LsJwBt
ze%<u$w_`+J8}L^FAO-)dlHZP6!6$Y}(JHTPcR4|dJk-L31He`<trgw85@&F6Ze_)K
zYHK-@zP!2Y_wr9@b1##xamU)pDX6-b+`|I6s|KwwEN?a6MxeGZYK}|H+^c~muzTYG
z%%~66`AnWO_uNdS8AVD&(sc;{pr;%1EYuZKM_$mf<du>#a&%<g*xE|MFYj-xzMERR
zMn3)fMlWS$xmDbA-1k6nkQJ)=ypOi_%T`l~!J=RwDx2+Iq@gJ(Tb7kRsx_6|ENbfM
z^~`qt1Zm*Ef4^G05lzBOqLx4Jl@+=Eoi*FUz3&5G`uImfQp`ZQLwEQ3Ny+^gi%Wd7
z{N*M+Jw1F|t&Wb|aa;;xy>JZNQ=~~b^r%i5U>4!*gT1|a?KNDW{coN!!0i~ALhC2I
z|ITv!vjeUejxH8>)iZ>$6>o4JQ)+wlYS-!D4k>oZ2y1Za_XM;r;^Qu*a4D}%m~=>%
zrs~<zt?IQ6Ox_)Dk}WPS|Fcym@a--z-oL+Oj{o0e<$uQezsbsPANv22to;9y>;5m}
zfeQ#rYrSVtVchd;uTgTDs5dA0{EYueg;b<@?Q||I?Vq$4kdu3IG9(0ASRZp~QpO|9
z!vz7UylA#H)Uv>E?cbYVmVlL~wsv-S_xG9_8u=^`>P4-`P`Vp370qj*`6?@$V|yaq
zU0te809Re!4eY6RbCFF!m3a3SvnWvM`~&=#v*?+YQ>G6qmiP_69Zh8wolsC9f?33z
z^)-xO!|$8+7_;z|3He*>!#H~jJxxtl4WrV>A+7QO&wn^bM#X$xwj6a_-OCyEO5(4$
zJt}@|#ga+@2iOCM$~1Izd<~hCu0{cN#UmBw@RaH8T(yqXbMZ6j>)WrR-j*0G*5tlC
z(M~cMfHd@oUIIg5u%wsG5ofmdq|tPe{k^^F5msN8b*LOIIE3d5*@!$l9onR<gaXBy
zb!Eo1{a@%Zru3uGHpPO-(RVKiy#hxjHl<5Z`mZcN%}ZgPdyk>0Ove1<+-Ak?2)--u
z<IyzA4cEW?t*U{`@mJC5hWR*5ga1m^a)oVC`4>usl5joG@dEUdWO5p>N8Advw4}Z9
z)f5!yHKZqQZ!~ru2g~u(o|!p2L#47cH^>I$(A|)$`1EOx-(T}YNx2FwMl;1i;z4(5
zDeA>`<L%z<-Q85A5M#8>b^KvDTVs{Z>wjRR58rcHN+Sh=%PmqjQx@~`^6)y6$T_vZ
zV-R~_P<r*`7QH|y-dADY*%e?ThC=CO)_Wt6$+9#S$r2GT4S8!+T#siF9f$ea4o^0K
zuvMXcJQAN6s2P*+*_R*@LQ8aWPM^@^7D|^CZs?QhHC#$>d(8!2k#fB?QAJEX_*EBS
z?p+fU9Bf-RMjlI<9(fEhTQbcNd|JkHCpNxQG%*pHuQ1|L5|Q4-V>JH1cwDBI^-tq$
z9GAmhEJ$<9WzP+nENsdRmO)M%vv_U^)tZ2~!BW%iMTQ40hN@Su2vpM9Z{6=`Ip|)9
zzJNTL8+Lm+JjrDKAP$4e?^O5#0R6h^l`<f&d5f#}qD7NVN;*zFh@|Vpf5Vwqkt->z
z2!}<D0tRO0fup4&_ae|SR_B)KZ*avlU;(c9Rmc}qF)?ui4DA#pe=68ASoV~FXp2gA
zm*pIl;H*!7Eakn)`?1Ia+|Bofu=>e$wDlko;$==_v}fp}NjHPIXy&4IyvZdr-p|h<
z1$1?X$?Nv&UMsXlYETmir~GUX%E9Hbg0$<mn~zSPCmRAp1y`a|2u;ufHXNQDgjAFD
z?Mx+JqNk@_#F|6r*4Esnrb~kbydl$N-%$I_wvn+nKz6RaYd-11m~FFTswy?TqXfml
zjC?8bE0-Fa2#=(to5ruAwKkaqh1Opqa^P{o$N7mY!XUc%eUfz@pWWKY12Q2;Sg6Hk
z4>)iBb-ZJnKX-$Mq__tRrt-`MXq%U>FtbOr?#(b&8t)-@Qd3|sVK#{eYy_ksa0%P%
zy5v^Haa3?ht1&`ti8(DicC_4H3P^&Cp!M!UVlERcXzjGOzeFc}M>U{@S<TPMGdz}Q
zakS{==ibX-RhqYcV)u^rbf=~)SS0slvPPP+f?8U<?jM#|_|Km1{3-hsB73cCdeG=t
z<;b1on6t-FYJU8POOI<FcjGV5I-fnNdJyPqG<)uHEo%go<1M~eNVfjh3bA&9*c4<@
zX)1|**=k>^u`&;txM}9dJQfu@2H&}u%quhhAa8?bJb;9v-L>0+?Ck6=P8`~=RII|v
z{S#DVk`wcfd{&2KIfMmY<PEsmdkwz~u`e~xNZz1Oho=rA$%Jvr_|>{;A}XiCXwY?e
zsv*Gy>0BI;*QWOP$w;jEP{6|Lvuf&tygryaI<($^NPsU@WW`^kHFTc1>@tPW<2ZDS
zS06NG9k88PoS~ti`MN)t;y?&(Hc-gVK1a7$1l&^B&oA}4^(<v!SHq-wu~}@iNN#N@
zzsd<TAZNZnUaHb0nfBTtoffLD3msCs9<9Bq{`#x|GWJB?!UD>rrKOccSQFe_SB#81
zzAiTy*s&2H{fOrZ#%v&;!@b$Y8+4E4LAYWAaXdXecE}n$-Xx%+0N>GLm11a}dYm*`
zOeCcchnlQSDJzrafb?aA{`!n9R-udy*v0O!A~j8L64%bQ-^$PnUvQ7*+Z_NYcsJ0l
z4Ntv}&`5q!(FgZ3G{h~_%lrB&9*v%Ga}&wJ!eP7QpJmDY`M}{XBOQ@O_Rp$k9l~X2
zrsAc_LJk4|>NXOyuy7yblizPtVN!s{ROxk`yNt4*dk<m6YeVZj2Q5IG?WR2g-FLV6
z)c2B$-24Lrmw*{`i^e=UTDV`<-D;2+WieP*24ZU();d1X9}QqnJ_>;^G6utLrC8>E
z|G59Mc5Td_k){z2NLZ8ZB%;`*juyCu!&?)H=;56O@<?2HC{`UFdUK2ffFSmDf$Ft@
z?EF<v@~A?Fgze|@c`7rk!3Zgwg{xHOIo?buOQ~;}Qu}X8RA_O{M!x8S0iJoBK<vQJ
zVVyX63AL%IDa|b@h_)qqV7bicoMmAb3}g1=eAma1C%jjN!B8B^TYOUDN8a;Z%^SWc
zj~<0_gUds9CtENpj%?&F+d3PY>o52%F(GdTWH!CbeM#H_t403d<7mq@@&1L_slePX
zFJ)USN{owN6g-Ai=Y{65Lq-Z~P}x&DM|(jvQ(2oar`TG({-LAOZT6|`VRH`zEY_a_
z<Gp`Bbg1Uwyfwpu==1s~2gPBep9?DmquHTmmoHN?dsI~3tn`V?tfUK^cbt!QTUiUe
zm*S^s7_B_JhEYTZ`go!g?l<O62a&st!sowuJFgrI6Qx}o?#sSbR(TM7e(5=~g6UOQ
z%lB)mIlsQV_AMJ6vzM7<VqwV_hIwo2>W(ql(88I@mJ+(kUd%@DWT}5R-T>)?fW>a+
zy6B%qDYPuPvTm4xrG|^gbH67f`D<co=OR;bE+SJsXKIq@SW^NlIk;g?^?i$rL*C&x
z;Eb8OTX4M35=DO!;kc2s1tR&G?*(=+PTnVbG(d)MrB7^>8h0~;i{*F80>P+Xtl;4!
zz$a#;ENArxMhS!^RC;_;QJz#>JQuJvLqQ6*_6yf&8Y>y2*+YJ5!W;_=_eTLrW5?q4
zFx2H+y#_WrtFofP879Wyf{h~g*4CN`rpwK+XN@&@=50DpBa+UU`^C<;?v=J0x0<A-
z8Pm{S(2cg!-~t24G^*h%r|)pMq565UD0{N`G4#i5T>8R-AMJKvhh2Yw9rV<}LEi!3
z4)_YNb(ZhISir{8m<b>&!Dh2%b73u@tRuKgTTTBK+gp5vJx}+Kuk)ZsiZ*_8ZYd4H
zz2nICN3Xr-nRiHIW&X2|PWoz4D}U(E1sLK<d`Xo##~k2gx#l}QwHu@f2A3(<km3Bt
zS64BLQgrC{{b$#inBWxFdrn$?A!Bi&zZ8x#r;hO%tgB{%`tjpOf2o#c^%yDq@P>5A
zFS)UftvHDe5<nX}yEr7bkk=zr=rEcm=^lo0WsPEB#ZOqAB4WUNrQ?nM8HfX<y0r8T
zN117ZLzzA7y-1DA)PX~ue>RY2Esqyj#}k1}(=noonVH$dKS(Y4ICJgpT9tY&nlV|m
zU2q{PPN6JwRzZ1-N*<Y8-&%xT9OSDJCfZ()$j%lU0K{smS@5msazI<O8w_Z_gq)4L
z<IuP5Xm?$IBt&n>C;M>wv|Xc19ibt(%M}Pt8el#?C>OxK%>68KbO%?^NIRKu0x(yZ
z>#X)v<_=LWtoLht^+TojJ%A!D6f2m0U4vdpN=>zqUtJ+pc72{Ucfi14F`hJU#Kpww
zdF(K;Z0d;s4|R9fF7@`sah2uGw^9?Cd%lr;*kqGS8XNsK(X*tb%6C_3Mv3XSUVDxH
zTInAZmXcE4qyN18%sJEfUPjm{wZpMs7nzi+w>jIr7f2m8*CU*LnqzNBmnGJFZLX`(
zE<2IUrJD6~dIGex(%s{jUF~gbc=`B-mQa4!>bB)EPKC$s-^=o609qGn$q&>&;6ry&
zeS=z#%{=ubCgu`J;ra^hj=2nSv}M%(T42mZy`ybQvh7_!_qB6yKoS_xzL>+QYU4=y
zE_JA!5aVQU7p)B1Qx-ft$73mWv_?aB>Fc7bo0p8mmMbi62GMVa<<zs_C1*xhISi<4
zrO)_yK+3QwGKS@_>{K~JfWwDVg)|<##MnJyTe#+`u4|~7Tw7b)i*NNVa$|tq9<5u3
z4AxThj>(dHC!b`PDU_<TCZ%elEEDt6WvZfPm$G_`??`d9J`L_PY028(m7yewiyoBc
zchhn+_n491{joxfidHDQyrq%M6-=EG*Z{GUY0-}L*g+V#<6;sMAf84x>URMSlrHLD
zyn|f@C<%If<C=e9K=1SGEH8Q`19slia}l)?#2_{gMc47e91>dxgZ(ZX9Bybi&su;H
z!vS>nn)w)Fa@aAbEbpeKmVVD|GH-y5paykC&!|;SR~KnF5nNk(TF^nAa68cF8#(ey
zP#@Jb?3*sT^n#INmwdtuqa$s=T$w{w@Vg;Icu#k?cd15CK0qvL$DDUP5AFmv`K3AE
zYks7tcr9@I@ff|`^#I3tE@hQB>QLb2J$PELFCYauoruf=fhr-`vZliQU(Y|G6B6Ak
zZtAc4sPJS>7DUgtZZ)Z0t@FibuHh_zO?3KPA=MB#C=cF&<I6?ls(_UMF13o@yrU7a
z(fK^R>#OC8l;h`3&p!ESQjBK0%=-2}U#hjeNy9^O7(``8#)1&oQqZExSHaA|73n;s
zBn}*0vick7PuYLV$$f%nclR6*BKiXklYILu`R}*-?gs~Z16ifxI#Qr-vt?#ny?@qu
zy2dn4?yyB#q<S_G#@n!DrfG*HP=;WZOLZbND${YTD|gKOLKMI|1*$oL{;u!5OZ&F!
zfh-|4wQ!Fk%}RKc^~#OH(d-<XkQZJHm7@@VxtY{a-DsN**~8DAU+O^SBqVZVPTdbO
zTcY)Y0+MjyuU}yzuPp++vkebw2ZCC<(qJn?kt*HT=Q{4sa$PY?{OG+QCS~^W3KtV&
zc#*(yK`T5wT&?HmhxbH*xEJresi2?-)9fr#^K{_hH|JMz8l0c`q`3{?=$-gg%$5&$
z`0N4&KWtlmoSy*&2lAKGoc#w2!POrfW$vglMk}vKIgjWK4&L4Syp%<7>?y3-sDEm6
z_tNAGf;QS?|47hiXKz=Hf7@d%!?s*sK~BGPX$L!#2n$|Oo90(jhTG$ZvWZKu<5TfH
zO3(GoR_no8J^k(b`*R@xX`CmCFp2om@NI6%7WyiDIdX?wj}UIH4#nfvKHj3m*ym$g
zih%T|-paa7>zk>}e%}#-6)y3b0=m1G)$RiB>FYZ_%@V4YEPZskIbnb>DZc4b&Zxn_
z$nuli2xJN}2sa_Vqlb@9zx>+^pm^{u$9dZ0;MtDMnJd;jPkeX5K2`n27vlQ$hu7)*
zrn09{n+PlJk)qq#*_7hq!65St<mxcu$Vax{+?;Vxe&<8FWH-lBPI7!+AbaLAS#N!V
znz4cKTuJWl6T5KXohG2w9~=zYp%1A?G{J4UiC{fT94#k1j;(+vV+N6UWFj5Gr@<=4
zOTDh1QaPLmv-A#V#T<<}$KFXP#L6<nd}<!F;`#v;zA{f)@hK<;Z;Xu<jZD6qtYTG-
z!FnSn;m1`hN0#hu&I`M){%uS$Y;5zNF+00$8|1zmse7E9ipScl<4|*7pWvh<b^TGn
zRj1jeOy`YyrmS``K7~TLw&&L&SMa~)CNuTt19ul|l-@V`LYV<bd#+o1M=P{*qRLX?
zQ9PwXy+Y3zARS_x)IAO%FPfX&jsR{^b_pCAgx4Z$ybPNcGsKXN-00-0>pu9-c~Ysk
z#S0o*Zb!Vx3VCqdvii*VbE%a57nHT*pjo)Tf=!%_7Ez%7LeDda1Imr?-Jql3Nriy@
zQlre>&!0624T~$pd7q=H$zE>@>3bQgjc&D5se1}Q236v{BIUF~o!x9Ovfg7XQrR=S
z%pU+MkEIH_DIC{9Uk+z_oJ3N#A3cU9E>!<(*%5ITE4sh7$*sKF9MmZ?@6wf9BSv~R
zW$D0<OUP-qaLD!FlZd=r7|keRr1K+=i&t9mr~~5X_w?N$2EdrkPKKbxmV@H*EOv~Q
zLz^6y^`0x=^_qo$p9`BC?oXsyitMztOx7r_Tv^ez01k+-$NJY=QJcke)m4KopB?YM
zo}S@gdQBmTNPqu54S&Mei=p;i3a12h)pQQ1V{9DP&o@H4KFZ$w2>&7mtq-xDiC=)$
zTg~3v^hs2Fz>Y6@M*i*``KwFEUxh;0+=w!-aN9(LoxQ{=6JsGaOAafwiXzqdH0$?;
zWdR_RNktN(&AthPIQ1@EIBS{N;5t<JDFE2pfX!q!<&dQ-Y@QFgVj12{xtK_a)M(o3
z0Qnj7HgV2orMGjM$#^xA0mIKJaHK8}-KlHSoQTvA*fl}jt_^9dFw_F?U_{4St+nEb
zA-hESO~kCz-kf+{lK1|;qM{=CX99hx`T`ZY0T0xA658}>;m8W_raYw(+ID3#8eh8~
z)iyNYt044Z^6j$2bUrSk)w>qRYYNL;2BUsQO5SchDP?f8;n_B?o^|?x>}*5WSvX_R
zHYD#rbA-3nLzN}jZZGsK$2nT{wq8R_NSlNJ{e+a+@elX<rht5f+)RNM<{s0#WkPv|
zg&)aW+>2vT6j?Xx@S<zUA}ZZ=_Km{Pn2jd>3JZ%a#JtDaky}ucGG!`G^bfjQbt6N=
znn#W(QD#x*hvCzbwYRfd`k41r(lwQXg<cLBH^BDQbZBUgOxnPkAbyPA#@u|7ghZwQ
z3}07YUvZ2?-TyFIFsIBIT?>$=-L38%R3|||0atAzXvb><@H4lgJdaT<!^2l6A^4Ve
znk(Nvw+v$IzN7Wv77vdEgiAy;U1XVz*kZLrVgLME=kvFiTMp3T06&)4a+)fP58*3n
zDZfGBKXiD0fxD=&k#k-|Ql{PsXero2?aSFZ>XmL-^j_6m)BnY7@9zGAF_daox>xUN
z{7WDgpz|Qv6%Ej#!(sg+HUblFWz5)(AH-Q_MghXLfsZS~|Go3KoB3bgPC~zts2)NR
zPsd26iR0gp{2m|yux*3A@*dwYW+%=iUTn;`=V&t}f1Q;F96nztNabmvqf4@vU*P|~
zR_&J}K+)6?3iwo2kfd;w*SyyFu(h=n(73#bwx=n?A8YtJRVGgh-08^YS&u-Nmto3m
z)>Jk@ufD69)b&lF24P8}Qlk*@sP7gJ^4H^uC;&?9>$o&h_cQG@Iou*97(289IQO15
zms+Ws=^#&aSuU@*nPm))0&<EJUGpRR9Pfzs_D2_m77f$VrQ*cgQfzNY8A-l_l(1Hz
zpTKfPEM6TRatqJ%ONWkKtwV0h1B>(#HpoLwVc*e3U%6NENrcW+dcWuMx^xuOU9kJo
zEmN5mL{eUvWp7DB@xLBKnfkQ{6<8{YvJ?FS;b7>#x~_V)-t}Of1}`LDck{dJc%e?(
zDOV%>r@$fvSxA+kDO<X%j9L*Ba@?wRqEou))N1a>6P~Z+!Sj#HfKq41R*}6O<eQLn
zc{7BVoE%>Yr1F<*k(1JSIC?^r3Cg*lidpP2wC_9RbDmLZTqt?zIcx){`PlK^xOOcU
zDDpFKf4wD9N8k^A)!ico&^xdG@6p$;ToH`!%r_QiA95*Rf02%@7u(e^CKyAZdb*O3
zpI2q-)K$#`@!XKn;-(#}o0gUckZYzoBjkXha@nVa)$yW&Y`-~q;~VWkK!)<O?}@FA
zO*-d!0d*4-ls};W%A<;M{KmlILn+eSB7Sq84_bP47#`a6AtgnCO~KdFa_#w^vkrvN
zq#q9W@A++}pP}SJX`;aGyEWfU7WI0rF}KQ}jpIqq<47!)u~6?4xsGt2E{)^}tm^A>
z0GM&Ql*><`_XRDQg@r{L9-*pI(P|4sQSNUujXg)Yjm1*}4S8-^fL>mAwX7B-Q1HLR
z@4*Yr(wBkl09z3qbVX(qn0dO~vnASe6R@Ts^71<u9~wMMk6gaSk#j7TNH@uPJC|FI
z?i=%UWgYEYG56m&Tl-XyhL%<*$6~U7DA<vid6y`)upsRt2yX3Cl|VW(8vIP8t-PU9
z&CSCELP8v0J@kIMj$JdMY;vS;eb(Eck_~}Fmz^nRcojAv)~m0A;d7Fe-F50<Jn#-$
ze!Dp+ZOR#GX&<}a8t_G#``kpO={-E|ops-kKdY1*77(KWErLeHS$Nk=vnY1a=LUMo
zR_Lf@hKDtP*lEXW4baMi9!m;kn4@2(3(z|8SiR2-<070wdQ-P{f-AuVk2{lRjF=lp
zW@V3TTVd)~*bPM++GEY{+D>8an<AL{m~Sv%(SJS`K&MykyyxayBp2$9PR>BAin>V&
z4&Kg+$XiOdSanu4jys)nmzr%_zq%IM3(|NOr}&Z0{FP3pa%uOLn#NXTK9FwTF$fMc
zZ2WEY3z})lcg|Y|v^KdXa~*eDVBglxeF}RvpS*I;$Z3-Qw%zo}O=^Rpa9RDV-NKy1
z<TPtPX?<(jYU&X2)?bJIhTt~ex-C<V>CYGEEqz}3@8v2!_M3a$wm)K@Ibxw)y6VUR
zcrAIm-l#8pSaSuZ37qow(kIG$fIm0gSExEP=UffJP0-QO3Fg&H0F4-Sfx<`Y_8RHC
z`Ff4!1|A+8uuaiRia-&9ulC8yj<?T@E}^P1{(%7dp#Vi=^-SH_GhIXNr+2sbYhz%r
zhHtmVfe2dmNO>At_4Xfny*C|Z(}Wvg9Z}=01vj5ux^O{QLb?6I4CPVQa<wgCK+XSf
zIY7vop5rcDCok`oZ8p-cuOx%vMkYu5oua};giajqp+i{VzU3RayDz+&mc2W<7t%&k
zV=5}tj)oiWObbX(BBOMNR*Vgh|3Pfw!1;+=Z4U$d=WQlmtY~kx78WX@H)l@4JaR(T
z-}?uCVPGl)>v!Ca^KENFdt<@3>@{|`v7PggpMi46^1kPQaIG02yL+u=N%deZdCs*S
zShW3!;8EEa|LN0z<P6TMJ=$ye-U_tyl>%ZMO_Jj@qDa$s8*0_sAs?83k#P$0Ew{CT
zaUq;`MHPqrv|eCV6=*wF>jFC#HJU&_%hYiV>Z+d2$Cxs1++$f$Su#45oMKN62L#Xs
zlQ@W(_MpNMU(3z0k0;S(fT#evd)D$x44`HmmiV4Omajj(@J(Jyz4h=UbVHTRb)p{q
zbvDJqOEZ42^1$=8fAi?r<h8$qeZEx&{mrLDV?mdJe>d9)SLDfh_S#)^8z((u{opIb
z8qJGM;~O-^r#H4JLb%qV?(S}U73eHyJ4eW~!kF9bpe~u83fE1S1G^0HJ0>zA(v)v+
z0_SG+wv9vq(GO{+pmchdD!R7vwJJ&YJ~GaD5Rfqi$4Kcivj&?c!!_nkfY@VSGZ?(2
ze41vG>G~p^^+uI1AY`KZ7WC7j>fz1DCxRSc$VM`r3RzxTDDS?yI;1|RsSnSdjH*0t
z5PYd;l$Dxq^Zn)2^0(H8CKtc!G;pTk07_W@*(yz-r);D^&ywFO##Z4lzZ{TJ0Ue|l
z`+VppQ})-m^3g?j=sf`tND&60)x`l)<@fJlIh;TY7&Y+K6^>GX<^sbi9-iJ*wVVuH
zBgwcu5UD(*Xmzqj=|#`$pnmPQLRgY8jdmG^{a!~M;$|{FX8Sro(H{o%6{Kz*pbsr=
z7v`?<H+vez9GYOj_C6#*aJr0tMaUsZtI~KY?x#<wX$l?c`-J@b+g7086EZs=MnB|q
zG{KwEe<!;0c84f=#0g6o+E=a}+rX9E8)e~VFTuh&%CRZY7^5y~rMFL<IFOaIhi<bU
z=M-0Bxee4XeCo0}+i8vcuA@-~n56=(R$ZWV;W$L|#Z5RN)-a|%*TzS6$WsRp{O!;)
zlV41$hUSHij+0c{+Z~dSZOZ)0)3M`30KMJE1=a<`&#8>fnARQFq>Z0GKz{!)O9mm}
zS)HAln*a7~0MI%T7u&2p*s_iI>F+Ot){~v|T%etQp2@RkGb4ra`J%i*CPQJJ`Au+*
z(I0L`%U_0+fGUp3B+4h*?E;pFEA}j<VF=ce1<J8QvhcyLDL^k4CgVtNv-rIiKxzyC
z4cmA=NlM;poQIoR!>8FCD7rqcaajH|w0jU2>P2B-g7k(qORV61)j^T4?2H2cI{Po8
zmn7X-is<L%3Oc8&aIuqjAyf4=$2F+<%R5+ZKv?Vd3(;&EFXIKgb|7fUC73)Q=x-uO
zbMYcx)lC6*JP2cYm;i^v1H4uW57EuNSn<%F53g(1$7=%N?16Lgo7dG_O-m;OsX!S+
zpS;I_S#00j14C8fP{yJA6u2(ie6~W~$`YI80<qL&cM@{k00sy@i|K7l-Fw@CJb-%V
zhS@SM%38U=;ArW)W~yAeNU4w+uai3<0}X-!+pppQZ8L#uY3TeK?yG56`exX1!^um1
z)l;j0*)<hT3r9`5j!N|!IRPEEoylopvkV|9(yg=SBZ1W)7lwiIps>EM0FOEbz6Wck
zR0+Zdv*7a@tmVN3Lnx5?HjFN1(P(X29f!WC=^n42Tk>WlJRHr_6WLpbVb6Py?E;c@
zX-SuQ54F0!JPnK7-CEKqnP~fVA0)X+3)>qO7o$+51iXmE9W0v??jrW|7OgLT9l*_{
z6}-Izmv^Mo_r|>d9jX^X!9{B+l$oxD=+_biil!UK2kZf?{NQ%?lDWGphbOtHAhBKo
zy=~HcvOmQ#6u!B;1>6!S!NcMf(9h0Y8(#0cQ&*>cNvX$rVHIt%*%d&MDK9VF-*I$n
z4SB1V25{l3lfi)~Iqv=+Yle{R{?W(KfUTd!a0UO4B{SXOVTSJuri;g&p#6K#@>W?w
zvMzN1J%cG#sCNJK9Dpnn*H+3u{JSvp;W)snDNkW}fNm;0?Wl#Yx#@PzAZ8!&Wr_7U
zl}&rIcxP?L)m)~Ou>L_nOzcrk@OmXsLKLcxD*yz7^n(#q)LtyBP0dq)BbqHrLO1sI
zfMj0KCwqOPWMEVbNErvw5=K`))1}~-`P|&x%*Aa!G`*}W*xoJ}54~v^Cnq{=CLs#M
zw5fnCJ(vf)l~OaXI%e?j<Vk?!Q$BqfVo_KcyPbo1(Qyv7Nwo@J9jqB6lRe#dd0-n%
z*Qy-$P@ey%4g}SQTeO9BMOg9PmaFI?92d-A2EHKhsW~H{3!C)>lA0PA4|EGq`Zw?>
z-wE864i~=AnZ^ti`3fQcedNCOXvi^vCJtg&M&jw60PAbU5s5?wIV8=fkbrFSrv>5n
zvsy2;>;`+W+uh=njZAtVN<j|m_ul~7o+*O#6+K&=-1zHRyc~^uANzgx$LHzTgb@w_
zD#a=a5*lkE_1b)nj+&HeU@Bns(FMzp^5)NS#dC@6(L={U8NId6)Kep!<7A=|0aUkj
ztv_pF+hzxIGE8?~z3Vp&V(oPueH|xPnOMJ{lNuQwzT6h*mY`n~V(n3r1@v30YoyDl
z11W@!?2<QPjI;~rAE?>vcRfN&W{C=qHjBpA_yx+JUCXq(UP~YWomeWq@3Sj9)kFI*
z)7eH7R#8cMpB6W-9(THJDp*!jWQHvO4bw6{f;yhlM^EZ3f{h}d&vG?UWkQ>_0|9d1
zQwqA&p&i>_oHM##N?6Uz&1&9+U3Cx2Q5yy%Kk}y-qrOqf8$gh++~4ti&$9O>MBxy7
zl(1FlvhX7+bK-|(3J~o;!R_e^BTkzmY?=$UNCHqeDCEh>s-&M6;rGBe4z^YmbY00B
zY_r3L!CM6+U&>jH#bF$PUiSv4K?`EG*C8O~P*)X7bgb_j>kZ9bEeQ;x#Rdl^+0Omr
z81Kz57shLYVbTgM1%-t+!S_SsBc`Rmw6{5Nd)xZ-z*zRc+F$T=8>G``Pk090fA5|U
zes-J5Id*Et{S{D7SjI^K<pwI-{X!jUb}WiwAdU=GCX8n78NL8=+43r?pt=I6rg15*
zd?YoF=gytWuE(&&`w8fgb0b#m>qq(pnBalV*s%?dhNB0W0QrQV)P$WTYfDd^KJE2O
zI}`gn-BvPi<mx>6j<|)Np3}%7X?GwZZ$v1g2U6oehy~f2*i?ilff^jxi!^{ZVG^KX
zTy9>_gLUg63;;bw{ADi`f$~%(a2$zcZV4q3knzGApu&Qy0tF@|8Ptea_uRhEt1XnF
zyfiIzl*H1L@)=T7V$fSmLl1{3)<pI%F`5yHOQo7@1c$DH#oMswyc$4Vg<mgXi_C_!
zC~r%lOXNBrugHM5Hq5}f`m^U~XfAzCCN-P2-oeF{z)C*T0y3~>WKZJ<V)v=j2Y7_7
zIBB8|Zc?=*NijKhZns>cd>*KS;}1{QB*_$YI053iod%0Kv{+#aHBv>m$s93`bj+(K
z$3SRr3XHd|P9W8Er&f%;k+AZE`WGFKB}*)|LXVm?sA}7f{sC<JpmjHXM^8ZIcVpr8
zQ?A#_jT2M?NZ~wO#JCg9Gt~2tMiuX?q!?65<4e|6_?O=gLw)xF+M!7Zy~Nz*<66x;
z$*otW;ewfp?4Q0yqT<K*x5LBFl>-ev(2WJX1Dly)mMWb|rT_kcedQ8OuFvuqI$Er@
z*5(_@WS^u)oYOzdkIl`}@nzF^EWu<Bg1T2kIKA$<#uTa#REW92%uC@+BmaArB3I__
z`9Dp}-|a4ePx?1OQZp*Q%!blBkI^&`d3gtmpP5#LZEPHcxioFmEObMVy}hm}20s4m
z)5(Qqz&V@AGh^<#cZtXnAx2BjZCs&7{c_ZcaT&TB4SOzRA>-VCBx^&_EsHcb6SE4d
z>TB!&=T9?eF5|`r+<hKBArCRU9FL+<ojCqBk7B>481SWfE44+<pIxijJln@~=Ddd)
zL80T<*OOXq%7MF(I2ha~aOVbwRB$?5zAV$^lrrb{<459v7bF!9(jwIk<D>;NvVb=}
z0Ry&LEHTAM>6cmW_V^}FMpm)1PMijmylOSXC=%+jP93##3w7C`j{3NT+Flo=ecSW!
zBkk{t>2oUT&Q1tYzC1SE>a#h1i>#2qcYYZa87y8++gb2`lwDXkb!f7{TBr~lRzD#1
z_<Y6G6VEV@TYslh_7oVOmEiN_K<o-$oYOeIX-v|*h-LN`8%I%gF~RFG^qLcp?Y2JL
z9g|WjKT!1kxNKgR^oDTr?*;hNEVDI&#h^F^kj_FOhhF*Z;<X2_&NYppZWG^DJ(j)=
z9w!pZ@gaG;-6Beu-E#ty9l9NoN-oO(ts(4ti<$X{^jvk_ILL$DyZ%PQw?A}(snyHX
zc=Z>CB5Vjh{(<EpPDU+m|EEbdHT+{8W!LD-p@NJ>tc<{(dR$VxM?A_13}SaK2We&d
zGz-@DVqH`4t|>W_#m_P{UimlC^z<533mLTmpOD0o5Ld))t^JIQ%G{O-H3g*M7&9a(
zD{toA`6OFEhoaDuRtg-pcDg-r?qT7(Q{+F}mYaEM(?jw;@vX21D1V9>Tstn{duQpu
z(2caQVNef)=YxW;%@PY7v@A&!a%p`yOC2q}EvvHJ_oeZ}R;rw2f4BZ-<|WDA0sYNc
zq^YevFTYfIJ7p8G;HbT<L#qZVo4But**WLr_@J?s=8_SO)fV3%fQ2HP$Uo;ySd1$x
zE52|gfo`Q1$C)IiD?2J$-`Q)Kfj(&HoDmu8KRuD#V&>haCVnJiTU2W8V^S1!`GcdM
z1NcFs{DoNDT5Fr2uCWS*6L_v`NESKbuE8Ji_i;z}hc>Q=2yTuM@9s#vAWz++E*WRa
zaE|=L-CiE;(4BLT1mBlp0**>PE(_L!SjV)|<>a({adABysP0F!s|rx8NXR|6D_GJ>
zXNu-8E%s(T`S+=VE@P69`G@4(l?3{giTX21QegvPa^!N$YQx=dNO))}U^f1S?A5*x
zI6)r0g(B|739|KaLbm>@&bmL;a68g5M7uEL7rkDU4sJr=!{0XNmoftUQtC(^cARAQ
z3t&qVSFYd9mN%K<C}Rk*+U*zFPGrtA*8$8<QPUdsU%DV8LVDVy+RIVn2YIL+jJ`U2
zd<>Gz)VEasIw9_EzlWHlj8#sR#yf#cxuLO$$dT=Hj=&5Jx5FWEDI%MXj6U2dRrZM(
z&{8P&#9qP4a)PsMgUmf>6?4vyjFwwzT<iGafAznGtJV(;d`*25j1uFn>cf7hpwJG(
z9>$xn{9C0@ubzaX-#NA6jFO<d1*~p37&9kEa!SY(In7CiJiSUHZ&c>9py*HiL7|WR
z4TEafgA03J#><zJY!UOX4c&s-^(}MGDvRa#&^l%(lv;I1db@aJvdr5xwd9x&Ltnb1
zuZ<`XS`Nyq!WwS;oz(YY%|SK%w>QBoi2*oba4ju;@KtTCoO8;{Mwn+~J=fk9ls&aE
znkIA6s>@eI>&5kyU%IFt!lbPw5-B;Pvi6d{!iuEy*J6!nK4VMiK{jy%>az12@~lCp
zBos<s9s6!=WCM*;WE9OnFP?!<)hpPe0%cQ-YMG`v($=7N%OhEY7(8tr5C6~kuD<fW
z2TH9r;*4cW?CdP!2;I0iBw(dMZgvxmRz@)^>cV5V-h;ovLYCeMlM<Y+2k;ce+l5OS
z^zezM$oyTKb}uuu>dCuN>-9kW>15Kd{PbBIwmeT~w~MD5A`l6Ap<)-M!a-Qu@R9&9
zMdPB|v9*`UOsr=nenaU4p%Hlj4Xw_#kuhd)QF24~*ZhzF^wUMl6cv}=PpTi(97SK)
zli=dEU>8n2nv{B)aNA^LES&ekpQndkn(&H>7}2v$mJ_bhC&{pZW33jkxsTE8EJfF~
zav){5Ai8y#PbNK`F~E)|!_aewRtb5&k64z&12mF!yXGx<{sJoGvf?nF??w6zjOt}X
z=9S)Y?tXgLT&DJP{*h$^A&Met_@<O8J=^;s;IP^z>fW3BQMz<ls9v->Br6T^=C4&t
zxZ7Q%1J-|q9{YZ&?daYah=-EE!R%FST1iD0UlqHu?5OD?aWOqLq2_i4{Vi1lUMJdK
z5?2AiC%q&jE!q9H%1e`S%YgjWIAcplWALXRrRQ%G7NhQ%|AVvw4ErEOYAOFbCt>k1
zUmL~Wv5TzO7eLX_swf`MlSuv;paH{qasRnYZS6QIV9p^X`#qubM04dgk9*ANOv6t(
zSsO+Ja&l$FJJ0aPnGf5ood~`$@nDK7mldC8^7G5H&}NO%!cX0VY}j=0>m>Wcdu?FS
z9LEPtD&%>4JWCb0Q&joF?>kIr0_H`tH=}Wm+#!^UL)Mpt8YX+;>5vFiuDK7YxO2@g
zM^^;`-@1SU(T+R9S%tNGuKk(a1KR7*D{x}qXv%e0o~Lr&Mjcd^kw)>Edp*w0DLE06
zs};>G2%|?Au*qKiPlh(oE0XuQTUngWtN!&J_lt-A_xfd86zi;!0yp8?d|<=9@WuUN
z^9HV)nM;qgU46jnr`o+kuvI`1Ed1sHI6N>_^E$e<50)1Wt{A-jyK4;=*vuzFlgNi1
zP<kfQJENi!k}ct`kO|`#hHyv)+j8yw@)TF+31htuQ(oko9YiF6*;0G=N*p!qBuD7}
zPNxJ995~2&D=j1;%fdM=%c2!k4`xC$j6e0qKb6X4+2A_<oN{j|-`t|LGubI2s|vp5
zqMg!*TP~mAi~VmhBOmL}2u)ygW)PXrdxNe`JYbTNR?KKQT~=dvpTT8=?rZKH`^AFq
z=Q@+$RTCX%4&Sq+CTqW!l=Z&s{yS*p8lt$DK1_icm0PL#T{b)>6{rHM^B^-!!!Sq?
zZzh{r2D}F}hB&=<{_sAJ<8Lp(w})W%5uovWe3QJ|CWMmaL!>+TF8`%04=R7$avY9#
z0I?y<zx_H6P3P{B%G^#b8`$GdV5Lq{B&v;#T&Pr$jTiLb!A~UIC(fZa)dp`7okwHM
zYadI>>f>fHvfRPLk57lae3@IzOT)YPe6&G;f7!%B$Eada7~yRmxb`j3w`L15(qN^0
z`SOR`H@O*f?|{TTrxos`arI@1g71j)O~+kIYg*`Q()xk+Z5OxC{=MX{)}PYkCr!6A
z282zSY6p3`nPvEowD{dWsooX4`R$x)OEEDH3j;IX+RM~KXl^kc7B~Kzqx4|(!=K~-
zAnwB|#bI^V(z~&l%O=MjyCGry-KQ*{>q5X={tR>2rSYms)I?;nx`gimTy4`o|GM$f
zgRno3Q{GKk-dqf)MAtjHD1VWcvZ2KmNplkK#_+0~b583L^>Q3|JeevfXp>{^BtZUw
zQuc_Si{-uY2LRueDq&%;dx9h1cKLg$Dji>?{R_M;Ra*OayUxAoP4se8X&vZit^EA2
zTYF3;d>Bg-%#4cVZ2QebU#7lDFJ>RBR!V>f2oVIF>DZ+FDlB|$Ri(vpJuN(KR~p-_
z4IDk6BDBgXaUEyX=Op}_?_7EO$4_qF`6=e@Hsdy4Uffq3{F>7ul6LIjG*_`QFxsgV
z`~+*I_}NkMZMgPUl`s|*j_Dq-zk-T6^M_>Q4}9?Q9HL><HGqs+JokkJ96qgls~+R}
z?7<tsIQ3!jehq((tPp{|k{_?pDWI&pQ+4a_tV_hW%ym#|T}F(?2&oiqV<K16`ze<s
zah)!tUez3&A$-?&i61&){-1?)B%QD(SvrWR+RD#%qZeKyM~AoPcva7O#c{89%UJ!Q
zmeq_25$uyINBuKKRHVyVU;j7D`8QFI%v)Z(w>5ojh2=Yq#A{usIvxq<xN4Su*WFZ-
zWyG^VWUNsow30W*LqGWRg+K9Msgusz0M%+!WSe0WVMlkP01h24xWVu*o8_G%r}>X}
zHzIf+dnk6Ry)TDHdFZ1#{*Lo%mdH`1XAn-pO1vI_0$x~fDWHdn7jRtvSNTYTJ@?`U
zLg$z9O=%51dImv*^ueo?#sKlZ&ah~B5A4e%jQ#LgrkC1Vr@AO<<m2`F)blw5BZTlE
zyVV%Nz&dOGnlPs$;pBeBZwUTcIlylU3oe&3MxZ~Wm-ArHt4QCziO5#tC}Gm`6e3W|
zrwYY;N0g=Wr=tH_1=T+{PGfF@8n1P645~d$vIZqEEcQMDrx0Vl4sYA^Qq|Q*9Xwo=
zy<RUD{q>ey(>Xs@@`E<r-ZT11{Z$y^d!5RM0W=4Cl~&m4jn5@LcJz?CUfjW13||-F
z-`8IPn5u66p5fd3kxN=%Z39__2uJa<YM3r=6>0ul`yG(5PMxQ!F@osF>SfvH=J8ap
zFN%@tPh|i1MP1KGgka4thuxd#1SkXX?aS;XQlcOzS^i6{i<(QgT~g(H4<+=)zjjx`
zrS3wqFx@hITh?Lfqqekh9!d`eeOyM|4-&uEI?IM)P2M|}yaR@u|8Gc)d9kaAg_W^k
zUf=51zE{>bhwFFWURrEop;Z(=AFI<ec^Nk^sxfI;Z|0*@_KD`daebvk)_UtKLM>_I
z=jHM5Z;x-aRy}nY4(!=e#Cy2s3T`8eR~0AwAHFDEqT*Jd!;;A^mfS_a^CCWpoTma(
zM$O04Q&R25e85W(S}IOeIzKz^?;hR$VOdn3<ggot2)v}2VjGwH@l^HM;=*1Jl`qyh
zpLvGJOSQvzow!oie_$Y-p>0&!G0C0mLSIZj64m(0b-b?oz3Cgbng%&xFntj{!dbT6
zJpY1sl1^-i{r@|x28=?@`Sv0xv3~vCH?GWp5Nax)Wte&@*Cxm1-@a=Wi+odI6zbj0
z4@Fh}s{6gC4^nO{36I2j8zj3J*|}A+WPnZuIwpD5xAwj_RdOZCy-jDyFbDqPGKR3u
zGF3%I7qDn)sr*IEEWoP$Q`?cY1OTZ66l@<bZGBBNb3S}-Qgp*Q>k4ti*EPe%5sMq<
zVVP2A&eej73li+y_7&;G18T@Ne_iCOBX**bW&9~qJ-V%WX+u~<(D7Vry@t>^9`09P
z{>l2~Dvitc>`Q|JCnxV5=lyWm`Wj8uh!X$l>HE+B{5J+C0(c@Fm%}uigb3N-UM!3K
zBPJCo(*-1cH(N;BG`4NlhPAq(4=2ZWOBp&89()pNqvmZO#($AW*lw0vVd^oO%v8E(
zqb8P4uhO9}5!)m=a0Zl-4AbkCI@4fYy+n_m?@8`jobHnU>pEUN@vG1eb;z~eFKg{z
z>{j*><6MZYp8}krLFJVX3a{&isoRCAs|@f;BS8=5Q8{zQyE-?AT<&o<ynldb-b?7+
zvYlHgj5;MPB>)zy0M^r}PWFIkBD=mO=;WXIy*F%jk7Z!aS+)dE$0mM{Pu?CjD|0>*
z)#h^(TkQ`#Sl^!G3~kBWvnXk_YL;+u<TI@`o`kyUExyHiI{GKOEF@R1Y~`5W{0r7}
zgvw&G0v1RZLW)I&$<8hEv8!8MTnt<672C)EvPJ+ObSLiZNq}NQpnFp>L6Rnkx0&(U
z1$>gk$=0Ln|H6gLPu#|-UJ@MTq5u8u+NZY}JQqyuTv-Y1U*E02{33<`-E_F)8@;OG
z!F2xzCA}AQt-F+AWZ`+}!@oYmCRSLZxo6;3?;LnL_}RkwdxXCCN%2r_>qy5e4*IvE
zz`K}kZ903}Q2Iw9K5|n-C|-paxLj~miC*cyYk24?=h^ByhJ>kOKEb@6f9h9H*p`x3
zUE}G2=Gx!g@3Jj_EooAu#`qbw*mcI}t4~H@!lR)4e1-q4Q9Wk6%<EfYOSro9`gZmC
z&|-qSZA~s$02g4>OGbvcWj7?_@(tN>^9i@B=mW~$Zyn<S&y%WB?QGaBhrsauJYU^&
zUIAvFb*cjoXJtT)Unlpw7Up~Nd@xA8b0x#`|BPoZIDVZAL4D);>ospkyuR;<RHT_P
zL{ugL0x{3{6xzkpeeao)ef#PB_IuCX1iezVD;Jr}Saub44(Ls?9b;Uc__^{IyKf4<
zE7m%1kYs{DFZaCb(|n=_<r9|_5t}_Z`7tyoU8Bp%3-|+KBE;RG^vaVQTT{#bj;hsI
z0qO~#yxUhQ01v@AspFkPrgm<u#eCdeb~S1@)voB;q}u%wT;<&szN^7{WBnmPFUW#q
zY|hwl|Nmj{J)@fHwy;s`jUp-{ARtJQE(p?l4OOIf0qIS84X8*_nuK0M4ZW98gNpQC
z1B4>I2Bbp*$=#m!#dE$t_wW7j-HhRok?gFjJ=ZMHoby?0``o^WYd3pl`Nq4d_zfpF
zrkm8O9D*P(!&M`0%E<rTwW&QXLY*v$uNH5SEj&i|Tuk{*7$FF&=~QWt6%c&NBW%N|
zb}wn@y`#lTJar%sV`hInxUdH^V<3Iu49aEAH;Up`ZEj9&*9sm;OX>8)R6kd4V=%qx
zmS}^CLOwbXqtkLs5w*rjs5Q$WbvmA8P5cEU98=6P>wyC?!^_+lRI2)uT9M$)ff%XY
zg>5Sf#sAL8qokmG8VAbhjv-k4swSQ4+c>TdEdrBWEK_w4la17$sId97`sPl=9>bc7
znP*e5&@t0!16FGoE)FjH$3oXWIZ)az?RkH!b*dIV40%C!o%E9KqVgb9;|puw!hvjc
zB0lcWXD=^)Im75afbZb=uV1_U?4HOegTxu?*ilTu0#;c13lUo*Rq488dey2`OD}~+
zo_;QfM@gqufuo;}|GQs3!-|SJYx?`ZE(_^Qlp2I|h%|fi_wHmeLdo%$vqPXxo;ZRb
zn3Rsv@5>DP!Zo`7?+zIC&-X5dzuEPbmq(`3UeEBgTj2V9<g}oHhMb(wkjj(lW#HOq
zB0io`@p$`OnST>QsqRDGXKkxQe^x_tAv8=<h9H?tcwwn_GO)JM&v@C3((JDKLG%Uu
zR>+p>oi(OOnBcMuxh$H*Vj~->H=Wr(g9yF|hf;u}x2gwQ7@EaCz4XRHHq_NwH`Eng
zmU;ajJSsu*+$W`^ro-_*FGIlB$|@c$_4V=YIpi9^EE?wu^S3*$Ck~OeO7}?J2Cq$q
zcEnL-^?vt}_xpJq)Y-TfS~B))ccWF-0%PiKp*!HrIN?4dDa{BHFDn^ln<MwM3SG-0
zqU&#a?1X=&F7>ZFc_KGFY}jy`99Dfy)5t2wauB|jJSEhJ#mF0ZFN*3nTN<Uj3~9|A
znDv#ju_<)~y$ex<kf{eW>IhgIe*k*C$DPPa@berpSp!Z3?k8=TF|ZRTyeC-y-n6J;
zzAN`=iUyd7QSl#*G5a-_kXmAb@Ky?;sncofasVkRDi0!j)rNFv`^S{j=1Q8T?Liz}
zXjAF^Mvnehpvrr~x3*`0S}Jfsg;iB=tbYUgAN8H|G5-t)K(f|MxQUMfAdsdl58n`|
zxCL?-vl2sIy^|i(C|b|K9oWbPQmVGw?nRqZU#DjutylPb@1HNr0NY_kfS=XE{c6gn
zZEu$&dl0{d%w?<oosdh(`%GuC!=VV6MjRv+IC)`YeN=;F4%lEb(oEBXPTA_u-=dAK
z+5fGX)-rdu@ARERv9#nTdqQVU%TEHHSjr21Q{Vd$<N6VTg4t};lg|w^;t_mH`?$&-
zs5?GQheb>bQw3X8fi52j1^yst9y`T4<(6q{u7zmLa|nG-FPVML4(~{^jD7l<=<k5f
z_eU3by%VTW_H1SOqqp*ma<1JWhhwLY#W7NgOti52sJYBEkLgn3R>FI%-;LBhHtMhx
z?RMH!u`qsTYW<onX6}o2IrMZvdJBuLloxwZ^U<l@4{qcY5mvX*iom!_*Q8?#C0dG0
zZXXD{tQt~RXv8azj4qlu4z4Qo1h%_O5Y6}wzf@Ftw~-c<>*Hvgxhz&D=3+<Gqc|G;
z#pis#jVvv)nd_E2XRy%!$YG|}5x$;vN7b&Xq_9CwSXs=FM$OCO>c+-KTvGHD^?VJR
z*iZJsS5<OYNNb0c9fq^s^q5whfzcY}Y86R@J*^=!PQ#r*%CVlGkainOArCkD?s&wS
zDtuN=F&6bqJ!(YfsYZC>{H5J+ID>*i)2}I%dE9{z_t8&}oA;zEIQ>oQ{a{PgN*eNc
zN|5%IJnJ7?bJrp~hhskoy|IsHuvz%6*>m;y=X`;XHyqIEtZtmTiO}N<r#x6<3H2<z
zcmLj$eTwsVt|>E|npj@*VQlriohnrb-$5Y7wET8z3Cq)w23|QGC@m;#TxYX^UuS(T
zgd~9>qE~6SW<+jnuB>!xP~bRKKtE(Fk<6>fLnBQ)VVp&{tzhU%jK!m2_4_WGBfrMT
z%5bGR{?EoEI>KZ7zFyA}h+B3k9G#i4>@{bqZi@a@PBj&<MF1|hHct`5!?EAKo#S!C
zwI$+r;(n>#blyJV1LGC{K~Q(iLui}SQaZ|-4>MQ5_h)-2b(!Ep$0E44>tLLL(&w-D
z^OkH{Dw0ga1A4zLNw}bRb4Q@MSq1#P$Sx9m;gucTjB_U}h=?Y@?C@vTl{hE`bJ@V?
zFcIGeZq-DQ^1ejk#>}C>Db5_9;n-h6x}H>VG<En+tIZ#g6kw`<gUNfxrFR0nZbjce
zbO1JR7FKo#TVJ8-h(r~S$UC3soJpFvZJ39ldNU9^Io#b!cbqPb2zEpfPX{bjxnoX{
zDh^XR560FoaBU?Bp|p@`rMUX}@G%FYJn<}DQJ-sMQX-pyM!|g(4cSzX0i2^F21=24
zz!1RwB|<AgAO86sW1ke~RjP$)v>m3y^B<pn_i1a$a*wrEeqGiuM;U+9((k+-F=`JN
z)Z+S?*$4D3EjwXNhiybo)61rNJkj?`XbX^5wo{^amL0m8gwesqqE3cSx~9`j1$RGS
zJ<mN$ETHvs53g<GS>_l)KDd;uZ^!)f%<4zl!orAx{`wBPjkcZhfe6<LUS}^Q2o~=_
z^`H(vzfcQ0#Fe&iT~#9bCr^Lx$m^$zx_VeRHlLtfcUUS9H04`2u=`v}!Vh%nF#DH1
z$VK4Fz(4jaoLV{}?dVa=kR|H(ot7_dx}+6=Dp?K~l{TtQ$U%6Yiy9xN^U7I?Q)2{N
zgzUe#RzD^Qb4qP$JGbZiX5x$JUmW?epdZn#0;m@;O+qd|d2FZSi)t_;z_~xjuIS)*
z-lp3$L%<JgwdnN?tX3Q(=L(MZ$@7(LyusY}om!{A8JA;B!bt7o*1b5pAO71ZJO209
z-wClVUG_MC@_h!`ysPmUm}Kcw&;DozY5~Xhk!i6-P61r-EphfDv{V7&xn(N8qJr}s
zevI~ud)Id$N{x7S4W-;sbo;3~`5|dhEkG+ni_x96Z1<UHSLTfT=^VR)+f*!ce$G?2
zM29WRPWS+P<en*}GIV!ggd9xtSK&0ZwTD)AwNI}ATN#qN(Zoa!gtO`E4x_eKQtz(#
z#0B&km8ON{Ubobrd)KRwhWlyOgD6tezt>Z9XzXxY<|I^ImbXf_wh$QH{XAz^`aD-D
z+0M-u44c(|MGwNbbum%byGBA5(UdQq>orCyXt|aijWEVCPfin*wcTPZ=$#dR-EwZ8
zF7%%uBN1M#KT@0eqmxwH`~hh70jh+Yw)e2S)5L@uogQTS`^0JqMY#SwrbG8=->Xle
z<)@dgE?=WTQNi(bOE>1WNj{HvmF+|}ENa6dPtWG@4mU+ss|y0%ex9U$TkH_a7U^1%
zN(=j6fFZ%Jk8p8M>A1o(@|0)$z~;tABo&^bE`rJ~Eq1GrKExfuj#B#AST><Mmfs>;
z&+xm>Jq_I#S7%^(XF%*-5%JDu4Xx7UV<!<y%{LWYRx35^%JtP5`daQd8BDr4PqmSM
zB||~OY?16{k#N%hf^)Q9_wgU|y1;mD*%-`qvWGPchlH(zZ2@?Lg!bMpnhccFNnWJr
zM#i_2ilLFQSAW8Cz=@wtJq>Oyo?N2&IJ@Qp)@m!dEV>>Pe-2aY9@}cU%KQzAtF-Vq
znt=VRL0WA@(1uMNVCP;3ut3-oG*lbKZ{e2rDmmJbv_V4T(#?Wnf2*Ktmb896Wqpf!
zR_Qs>2A&Abu2xSIHiII}-GJhm491p{wF58otvCj%t%9BSb2<-4Ki>#{BP5P+eYJ&S
zIQexz5^2cH;0^LfWJyQlFrDyQn<$4DZo85O>mfx<>nrO|-M10aA0g8gd^8TvoP4*=
zDoa_dzjw=vlW@xJtyx`5J1NB=B<cEP6=VNF8c*m;TMjRIH_v`E2iTTBG(0_Qi#JP8
z8kx4w@?N4G8?hCfZOC*!x`&X*L$B=Wshd#;H~iJzo8dEJc_Ix8xhlDefb;V)i`*8p
zsZJMh5KgN(zDuOwtO%hL5d)V$^HT4GlgCzjpKT$7B*Ff;Y{i<Ag?xvD^$@K%YMehN
zFdD#oxXPRCe{DotORFRgx9^kU;9Wn7IYBcEYsO%|3nH!CKaWgB8X0Bl%$_`<ch=XV
zu`>E-rYT(_RM-B*>>Dq9I<F?#rz|qyT{LAgj`=0VPZA6SF}sDax%D8YuqlSjl(BK&
z!}ha#Ds>ye=YU}H&xZ!?OdWv1{-9U1AfMc^qaAH+w=Jr5W<t<YDqD7xR9YiAg4=p@
zn_8szAB;b!9^41>2JoP^^!1v_?Om^fvZ9^QDy}Aqy?X4npdQ@Nv%<x-a?1YrRGHfO
zOfMNfQZ{q1YDq1F!|1f;wcq#8y}PZ<?#^_=Ri{x58e$`{rkJ<MuzPtkLqX2wi(Mn|
z5gK!zDSImac^&RAOg^c^DNMw!1w(cl#}IvoV%zDx7|i=A9Xws@^S6{QCkdq?^8q7y
z%VmxUn>GNU7jXy31}1CJp<T9IyD2f7E$PL^6*+0fqR_ud%E1lTK;C(jfQq;u?#pY4
zfu*+4W8xV<v@CGKpeDyT+7rCrI)Jg6H?x4{*$nqD{z2Z>3b>44yUH4Qy-jrnF(`=m
zX%jssNO-(HaH`fOf8FdO6<9L6BhQ;H(UkhmfAS2{gi%MAMy`wW?=GXGXPgIW#|wPW
zzS!MQGYI2g_I>YCdBb{R`+h6s=0~McWCs*HLT!5eltbpDZwQ7Job<r|a~z_yX?$eG
zS-vNbfV##U{O;Bxkp8$@cZ|XX{>dt=c8g)!a;{GIKG0T4<H>9tFsa`lNjpC-s<Ga!
zbPVmEin_%~ZJ_s{8oa6xk2T%><iGK8HGci$YSuCS+C=@h&wL+Hs8)|;@X&qx5Bz@8
zEkY9&DZacT^ec3v+HF!X$yE7}V@4N7VTISwAQ7M|1d;;`9ru_E_EUr6!{n=GKfm&R
zUx*=t9DqYzYq`uW5~gr={U&AXW0x-r3#rNeOCP4(ha<cD`d?dG7QS>S9L-|vIb8fG
zn|zE`o2n}iv2^APQ-YvYzV;w%uXYePW!Ksk|EZUS(_g`qWk$GnA6(~J)3b547Q9GV
z?s5<jMfe;A@gHv8acUQOpd|JuZ>`o*(R+mg%Fp+vB?y&EYm6uMLu3;CfD<O;pQ-<I
z7~6Xe3=>PA3wCzwJIIM(#;NS?>MZ}~@l{(B*^5Gs!GSa6&=#U$*S&l*JJ?G=K{J#8
zOPllNa}|}E6Pcg~7(;YX-M@wWH(~MZ%teEw<kd6F`_@uM7KHSdF=e0K<6KUgBvE%B
z?_xN_1h12}5nrV7_R%csi%ZHqwcuwOmu0l_UAGsP2xV9HAN;p+{AoGnZY~M2XTsOF
zm$QB{;RUUhNBp(ZW#})eX3xR#shO;Q$_;PSnwiGs3Y9;TW;(yO4#n*X71T-viX2L!
zitIhkxsomt+&2Z|<?A!C>^-$M+Y2{$N?OSDC3fyLF1qT6PNH^l-WK$)1+35Fj;a4`
z@{JffTNpTsj~W#UjF8t;k7>y|vOgI%bMtFY5~JSWtg*l2?s(*Wp^0~E%VLH#*Fx`1
zrLXL-{VI$gMMdf9-L0s2uMjr2>#Z;*mx~ekM;bybqJT7LE~N3Pk4?I)&IKsI#yYJn
ztOfVNAnlgx-JFrv+@LFqBLPivWyGHOu3Ka}we%;apN)eqZb)b;samAx?Nq<JV?@!8
z!us{>Q?;+{?stSJs0YuBBh|9eCZup_qd1R3*BcJUARi|18~9cg|KCy@vEHWgU`W>$
zc9bg1j{SPDc9LW3SELbp$$3SL`K1|abQErJ#9HW0Hg6a<_V%XhW?<|k{ngN&qw{0U
zi`yPFjS5NR7V0x9{*aF047cz6D(<NZKLLX*$=ff}_i4^799vwSjry$W4f&AnL%q&f
zYws&kg72S=zlh5j_YsPU$i2Fp47BRVsG!BB(DT<QO2*n12cD%OR>*2zLc_yncO}!I
z#*nf?g}x5!lqFmK{v|QEeOjvJ?-bFV1qg2$l#_Gvzm?G5ST~@-XMws!CJR(a++3Dm
zK}<x_5EUY}me^yYr?B9|yMnVOb6Tz4T#S<pt)WwwW4zO^r@d0Qp7b!0^KZe2|7}va
zb=#HNmpC(Bb%=TarcP~}DV&zp7#@T!zGP^91>D@|$>M&N;VrXP&BdsJBF9}{h$+B7
z?^&#AOucV*bYyGw5$G0rE~fk5xX6>&9z>b0mG;ubJ1}cKu(dWfN_=`PfrUE-f(o_=
zb`u=3wY)<6B0JB_{Sy|i|FFPuo7C(WWn<z@co}O`teoWYM7jpsh0-1YqZ=g|beYTK
zUH4M6B&4hnb^`wsr7|=g!wLqFy>MmA07z<P%nb+Hl_t9YF1(DE29HV-jAi7Yi?<n9
zCI(&F?~YGqTh+e5+)2Us)ctGh*DPy}qYy-I>_*{RZO5;9UiFmt6Jta-eV1i|X;s&A
zV1~XUI@tx`k(u$2UEfAYN)Nx-3>Y)!vygPKOTCpW<hIJmSm)|e#Q-YOVP8LZB>LfR
z=*c+Vdlc+QTOPN~Y4~uo*3&%+_qs-XCztT1IfJx=;@3yP$~8vq1LYKZpgnD}E^JQ<
zkBSCFO$_ElFJ&K`15+dFbc`{r>ancik7L?phWEjE7#(DBMDbUOUg|T!8P|_4_0Br}
zt*aXCC9}!r#XAiGJrqd?Wb9e#0AyIpyefnn0)$VCWZYZ0O0b{YCIg%$#fS$StlX#u
zQG*RIHOhj`GF~XRel@k@j4<CHnAUdvh#J>S&JnDb7V#C{`@F&c)zL{fbDXSw@;w)6
zC`dYI<@DEY8ZE@QSsab~n4^DW)JmrNq_x<TIQCLLT(K^J^baPvUvL4YgIQ80Axkfb
zG=gmuUTOq4;V6K&G?+HkvNj1%V~`&xrj8_7?n%ojxios4b~!3KDh*#t8MpnKH(QDR
zvQ@IY8Q*-Q`qv6A#2Ionh;(WJhk3OoO%GwrmAhgqYiO33O~LcF+g_2Wws-Cb&ddCb
zs1-W#5_C)_brz<8*`ZM3t5wN9t=ktLw+xV<$`7XOV>fY{JZfMw*uQT$Q#m*L<-*y}
zFJOvIr&?^Y@AcK*vI2TK!H_s1kKYr&nf0k~3~+qZ5Kp5v%x`aC`=#<}OLzNKN4KP*
zjdYunDB+aR!r9u)co1qPX8I+=%&Vr?#9@`fHNh(UpUy#{xWBDrdb8%I#{5=9V_J+w
zAE!KuSdjDE_nNo6x4(sQe73I=%$yL(ZY=op`EB)!fRt)}savYAQfyDF-;+L*9Ug`^
z0?5SeQ=^QAEgL(^v7Zul7<uA|^8D}8knVe7o>0$ojzzj}XVh*gYHu|D)O1*T1?jiO
zj2K#>ta10=RQYE$ydeFIaIB(dm`R<8&-tG2W293#T#3%Rnn0sQJ5hq&DUpKW|3S|Z
zH@q#ZJ+_~DhyQx}CK#C=ay!1;M%~}E=Pc~}R4E~UecUCA3a&77hCij{qjgn@YKR!&
zJ$&{3b*`_dqytUsU{HPb5_;v458H)v2+hxR1|`P`{si{J3BftJh&WA$>H0wOt=8ZK
zDtPEL&@PM&NGKil3R4qR7*6e_)2B>$P^0TZ^>=`}#uveBn?HGbYDaqbfjBgL6W#Tz
zo#O|5O(>^OGcV4m+&(2C5!U#kc#i$!-=4ZmDnO$+`ZmN`+o4xGr(SJnz(4w*9x}zy
zt0Lhq@dmYIs71H_Z$t6R{(~PcbfQ7FLR8g?<S_?S*5J!Pk^Joh)}d<KYZwH;xCjAG
zjGJ5~vfb|<)I&E(e)`*Y9&|vcDvzk>wX&nyM|Cza3vok4H`gu^g7_bn4JHOt_8g^D
z25+R?W%M6>co8Dqif-`i9h$npEKn73vO>8{Pr6AjRU8H^UlW2=PE?`;my|^lqiL5z
zeYh?Jv8FBdA8J5N|J9zOKZ~v43Hnc`A80O>vQ^-ge$e(`HTnvVu+XE`{cqtw$JBK#
z{7;{{;!Qf8jp{rP+N7BU^Wl=Zo5Z2qj9#6gc8}ak%Ky+6Zl^rma6YuWu)(`zcNR6=
z^p0-!ylhk!)hyR+M8?VsvOW>=C}TlNUsJM3u$lA+KIRBl`~1Ij2ARHq;XSvW_nGky
z&M-B#2kb*9LY}eNmm83(?vA4B<ua-xLiOPN_n8<qedE~d4XTU4`J`~W|8Z6b&vk=Z
z#?vMr$MdqOT7*!y`lT6j6vkE*j?)3&jz^PN5{`=|NoPIQn)}=8Q@2oTcxhL+0$b6q
z%{vuIZuE~1<{y{ifBxhL@W1UgMpp6An;nIZiO<`t3=Vmw|MA`5M*Aqx@9m;4fNNB;
zqpF%Ce4J<KBW&|O|DmOX+vX32Z9Zf{p{yry+KTa<eH4-|jbVQ$%+$o=<~VB&PL4I5
z6zkL|<41Cime!D|M-r|jch!*jxT2+q_C^hA|3t0*J-HsXr`^$qqJIVaA|g1mg=k89
zju8e-8zbW5e@+kB^Jka0601P7+y>6x1^-+iWd5txmRG@1{_=(P{L};(6kUO}BUvX8
zdOY%MHV{AN+#Dx`RvNQ90QNE5CT*MJOht91;ddu+#ra$YTGQ@pe8dBP$UkNtDhTh(
zTt78GR58=<6vML{m85*p=_IB1zWMV@E3doj?roz6XZKDq6K0qVK+>sqh+MliPV!e^
zQLg}<I{A+JLrUlrW7dAK(M1#%x3Dh<FsG^?Ky}m{b&Kz_-j+V{o{1}IA)YlRV}L)6
zys$B!@awHG*L}H7MEKcP@KGVlNYSPg*RLBgJx|n{jg8>1e8*ygwp{<Pn0ly6u6IM+
z?)d+EQuUg;AH=bf5~k!T*G--^aCA6^vF=k7%C|M=mA-PBxRiBF-p+p*csm{~21-~8
zAC1s!m7?ib6Z&gI(SLgO;T{i{l=i(36u#e^dEF!hie;CKWjJkW$n^@M;nXeUg?3b`
z0Rm<L1YBj~tsYs5zsURE(`;rhDO1OZtLA!G0k^LCVB@^z4sR`j^-FZ7I7R~;H*3<E
zG2??`^vH|srp=3rd65n9zWxSN(W!x3EJALb#QHP|4=M*jgY}!Mj;#9F4b*<zA+?I(
zt+H>PHO5xS@s0*>!2t$F2=Sz(ICG8+SDk<4{=WnS(OJOGsYTx25QQdFRYn2pCA-cl
z3ipq85g}3!CkE?9=1C5enB=f2>U5bV(_w+jiUNbTGHUuiJ(K${Xd^3h@aXHO&UFRU
z(xED3i@yeDNQ>W%AueH!BW*hwgg=4+e~xtooaGeoEz@D^9X!&~`1Jw$O#v)z@!rhe
zAm<YYa8iWc6zyVIzLQm|!Qkp75821=Y?9l!Nvk}_mNt3bkSWJiij@W4)`G#g-?l*S
z8BPTh?fSIFQMauPCeQG_DJn9f{+Eg{NJ{1rVyxT;kfHc0N_m!)(Iu3dZf3HX!+tb<
zYHkJJ-yoQ!ln%Y!^ww=>0KYCR>Q0AEf^7HoB8#VoSnaGXji$2;wwa6|{4{LBpRQAy
z59ZHElSlsB)AXqmN5*b$|FG!Ztu^s%9Niuz(rZ0<ZCmQ6{)MPHP-Xa_oBq7Yt)_A+
zse%L47AcUH&=`SGR*X`8H^acpuLP;~X@fkHALeVa_|K*ng7?PgupBqEuv?QDsNWiH
z5)W7Re87QBu?zUaby5F9EIJeE?$}&&WHn=4?HAUC2B<03JKBrBV4$90`fp}UfVnC?
z%<EZ!GpbaaG*Hk?hNP?YjX7KiE(DU$xRb%EC2vZ%`F1`bM5T2YI1KIF!0DT4?7o~|
z#-M@iCUpF(-x`KuQGaMJdGX|(h#<GO*`{kjqlPok=rTTF`DH_Ofu3kyRnPePL^r))
z-%%7v8KG#pm;#(+LJ{b6E0W6nWjbZtpwciY*;MjJ0uIe!Ycu8mz);5)#6!b%Iol+}
z>in=wxm8E~B7i+)I_7|5;#R?TQw&)}{naoD5-SBEfII}~Axp;yjy|>zmm(tJX|-Y}
z`LW11P+D_KcXhm2WfO=)?d2G9;RQF9@ppf~(Tin;;tO9x;BzZspeVo|Bb^uLFkv<c
zu{2@G-Q4b_!w7Mgs4)v+>7|EblU@1%KHH34cdJii$MXYS%#)d<$>Z*5-3zlNIN-^q
zvUT%bXGH^NP#w7fWDRRa{nFWY7DYc+*4ozwwQR(q0HnEg@`WBC=iSD7(=uCaG!&ca
zkIVP`?=Y_yH;Q-xVj;CInepUpkS)NR;Iepctk5@>0J7QZUTeQe%Gs!VUJo<u(0;hi
zrIqr)3Ii1EeOa#XGP{QQe^y&>zv;_#v04&b{4j+6YC_3a=JqggZV^ye@L}PT=gL{J
zt$C4&T9CGGrLyB|uGH<&d}x=EC$_bk1etZQuu*Nl%MqcrjUez9_&XFWcV(vbs)K&f
zQ(!%iYmP@oW`%#|g<{bw+_+JbV$RaGI!33JD^y#l08l@L4-Cr)o8yy90B~gubjbN-
zCw%|P9FquCXM})s6sGgA%hZG2Vchx=Aa4~YgVjb%4&gaXLgzxP(OZS7hD>c=r2X*h
zm_@Ro0iD$ie2W*MG#6}T17P)(nAU;`E&^6Y6y;U{GJNkcwT4~}yOVid`ycK?UKa&M
zfJMWEITt8o$O?2LScVR46jkbvN?AsLF{cVEN;MW^r_unS=&0q8i~_y)PuW}N7txmh
zoZ8A;<8;VGZK9XcT*O~c#j@ek3iJMKgZt#^0vi{&pExrERI-XIw0(6FY|1ux(Aow=
znL+dh0E7crWXUP<MNu(4%iOv*c^~{0q&NhqJRWqLQS0dCo2I2|O&52P=AGW+>{C-1
zJG+|T4^mJ!5>J{>dxPOEEmagAtFLi2$^{zbaf>!<!-+*{w}4^u5)1_a8kOv`VMN4L
z{*Q!|iP<yEJH_fxgS$fa8l_=2wx``=n7z%@saLNakAeRw&m1rZ=KyqHH$&NI;sRDJ
zDP}7w_zE{6N2JpD!bv=;Y`3ehTCjoU9bxXN$W$q!0bP>W(0bTcGD`8X8QncRJ!%L}
zNo)^4A*TNx@$x!R?@;*ts4qTdzOFzs@UxW(UDrPZ;Jep2q4EGN*&QJ6z(%!Y7@Sd4
zKJrc4?TmoZsRQ%Z2UcdIP6j9u08dVu1z14RRGYlTndA7H3e{FhJHD(;?Lg5((wT&g
z=e%6pDnOlSok%Bsy7`Rgz3!i%hN%g^LWMu3*?i6b>d`J94l6^DZ$AGAcwpiHrYpe6
z8vdX~Rb%C@Cu8XW?{IL<@0`~JfVXU<06_TAH1jMRUU?NXlc|^@9rv=4)q!|yVhhN$
z0g9#ZY0FDwo<|}q6~@wdW<m`s08-Ziv8dN62$;7h0P$kc4w^vxt53fUP())lZDM;?
z*T;9N`pefxmI#}nJQB1_R)rsPJY){yuJX%Ee+sAMW*?`!dXS_0?*zkcr$}=(x*Sxp
z$%Dko00CLs0t%VWGSV456}mI9yx%$YYe+%Xe@oYZG$DTg!gJvLx?zP8R?u!4<*u-n
zsqjv|b0rs4+PI9%-^TBS4G>fO`(T-@B7lf2-<5=UCa3}7ozN%)!fLX<1`Jda*S)!r
z^#!bw`BW7^f*bp=oFhQhi>0Nw{^Hv;%T4Ot<do#1`ht2M1^`pqnK=Mjr)6taVt^Xc
zDX`KU-S!s)g)M3vfU}hT<j&Zin)jyGc>n74gQPv?CS+sfA>hU#v4Hl%5OOG_jtv%L
z>tJG1f~G8tTiS1bIl);76x;>G^uiV)hjxCI{t;?J!zT=5hhMMp3}G+WHw0$I{pB{2
zQULij=W6Zb5_Da(DN`FLd{?`hmjv^V+IpFnT<0HWt4JZQAk+b{l#f-Dw&495R!;R6
z;rlgHNf}zsp8*!E&OqqB|B|6HZtQ`8avV}fz6mi=-1jwhVV`wCqs&k(aIcA|d!P5&
z%%(a(b*hGy;jqSxiDH7v&;?};;v|=3*khGjE>Wf$*`}ROrHO*+fIrhrHG*bJ|D!@7
ztXsIUWsi{C)XuEc9R+|rOUXAC+Iu7o;pPcc{<@RqaF#BIsvhcuoMmTF1@Vng3ZURD
zZUslZg`*fjKxG<z6cOfHyT1BP;B6I!!L+=zbT(m%ifV|FahZ<sPP};PsE9{)2iu6%
zjJPIrd``no49XJKQPl>{KDHJs70SxY<X+QtRNLPj^*j4CWmUJTCa{~i%47c$UENw+
zSWqwmnbQv5vT_I8@A!<fj~?2&q9evIk7_o^x5f1B#5hwrwmT2qwmh<z$|q~y3=MM}
zInaowLbc@0Zn@)vs-VDQ0&K%e&%*1q2{?rI8eyX@xKFN*{KpQsnd+*t9kfxH5LW-L
zYEy~(a`K4J*1Iw`Lu6~KJ2gR8$W{Kq0nyWMDpS4#U3*^5lnv<gcyOeUU%-s}e#=|n
z?Ea31%PO<J4Ginp0b^~|qxT%!i#rLk8JW`8fkz*xMl;O#tv+qQe#nzPYFVufu$wZ)
zDna_wz!Ap2o2?mQK#R2IcM6;V1fMxi+-^GVl0XG|8kYp(%+8y=L}<to?1wAkirkmo
zJ?+|d>}ns0`;`9aD28zfG)oU8?SC5)!WYLdg67W3U&)^zrhWxS3A{C#@$3K^=Eq`Z
zhI!C^E^1-4#EgGyt|VAxMAKcR<RPw7libiJaNOyc?Fhnlh}pD_-z!Bt1Y7b1*t~D(
z^RAz7%6aQiy<ry*VL;^%UX?f<%?)ubL<yCnZ+V}qKW4+-!ZPPt#F!sZvMXNWPgf#v
z3f1UebF`bc@3z;g#E#mon}4kW^~hjY2Oa}BwAJHiJA!N9C$T;wMmadsmN=Z}fi+F$
zGRUFn*(@<0nhp+Wa@*xl3zNnf7^<{I6T8hPOR-+y;BQP8=Li;bLi8trBP{k723xjr
zZ)`Ux(nQGvy%xnr<XV-QxN(A!mt|uGuieg>tB#f(x&b&zVSW`j`+#|hI#16Ncd_Uz
z{Bs<GO;ILaO&_@c*KOrUOEH0H5vxMfe&1*yIeO$qML@qXW8{xIkPBn=%j=u-wzI5g
znpGfEXPmReY{=B4JeoW<&O<yWugySqAVU1}X2VZFNqmIj*{%(i8Zo2u1>uIADSfc+
zZdP=_NjPy7aO8+PN>nXB>jwwuPundwx1JpvIcd2m;o^JR%@^P0z;c#!H^o)pF(vPF
zdEad@5Z-r(!pQaXG>!5`GZLn<3>@Bj3du2I4j)1Is@84+M(5V!POh{!kS~bO+Wd$~
zgt0&em`8YlGoD{VVt6f(X$R;$uJy#HBwLz(!4U~7=}RZ(#6tu7vxB27_hXZj@14ju
zGf)I)h9B^zxwhX*#<vww@(2vLgs+&(*w$bF(;&p`Y|fu&qZBs<UV5&5@V&N8>+xGG
zZC2hc5~gSOdDj_zgmRv))j#PoNESm&{85JUrs0v-?wuce*O5DOL$OAl#LeO%(q-ZS
z(8rP6(6D($(71=Wob8c!o-K~N%(nNXfzz(w%;^haa^&rdAmDTt+RfVsTl-E5dr;)@
zjDL{D9QbI0@9Q+q1IOjF96|CC<F<4NRzkK}8hLY^ba>}o-*$=<f7Kei5>hj8#B1Vu
z@7@9m-QnK6UsrlX;^288m4w1mI87mWdXq-5X?|v=I+j*U+R@YfRm&mOmp{t~7nt=X
zH_pzZt=A%MG$NUHufYi|(n^A9nvZ=zxB%T$7l4VI9Qj;D<1{<(I*ssSVwL3bz@zkr
zFjag@_OhFh`&5^_-Dsz&5H7aG)5at;!k5-ZE=ugwEX5&Ua%Z3cJ01WSdc!YP@L7wu
z!_?-+=Hc+>j@>-cseAsNb$>~M9rp8$8xi2vIQ%P@*I5kf$tl|!?kWzipwfBJ0;s<+
zJE$8VEx1~x=Tk7N#sH^CJ0MMp)x@y+RQz#p?|wEXzYIWWQKwFn>aGW*H`Z!54J<+U
zot~Y8-T-4H`M&=vz}T6#MO4Y50m-nfhM3Aqp5+&T31fP@SW5J6!hOcmxkQxb080a|
zJK!0!u!cFDs^E`vX{7aITJugZY5C#4l!;~G=BE2Cz``vVLR}p->vz2Pt=5J)m2K7X
zR<I!4xb(_#3M-J1`kY;oT-2w=r%;JJ({XA($*@<!OPEx91#SDD=z)*MJomi8$qlHh
zX<~~4DpNMafUX`aXn5MrNdr;TqQxLGAvztl3ayithw`!&?}$E5fd*XJudG>xdJf&{
zpoZ-ROlkjN39OYc*Q|bE4obCnR08D&lt;F%#m?Ag87=f?uAsZCf0XXVcJ61jsFCA+
z^6OKJi;D-pW^nt32!tea+Dnv6YJU>~o>x_N4YK6IXxHJ4s-5(h46@n?-{&L|S!w78
ztQjLbOMmqZ%ZsNfI|xkZW8x4$F=*u3rl5W!qFl+`|7?;Uv)v&J$r1HPd33<tvOYpQ
z`r8yo!2%qe6RBOMhs-^9=wIBmp5@<npW!&R%bSTB1(cfsq>-mQDCWCGIRvH?YBGiv
z+S#I}0qWruG#?+IB-*%4jf~83Mrf5A^x8+ikhAf3@5@Ev-kx!jJX%(eew9aHy4O)0
zNBe8TN_8DWetG1yACv)4#hRAZ7BQiutUSnp#8~~t`ib=kV4*_uqmw@PY_7}rH|PF1
zDQeffQ=zlED)*nxRtEmXjWxl+a?RN9R>_!zmg{2e&3OOlbAi2L*q(4oH>+ktg)+nq
zH_3dXt>V;s-p2k^_jJW!o<WjfeLckK7K3DI!!8Z=yPt&3r`sKc`R{s+v`Rd2*rZ62
zZFZxRvJ}QsE1c-zU>`bC&^uvQ$aCfMJa|9t)hpesdamXY=|~~z1Y>XCC#8U6<y&$!
zJAHAz+@fRP#P<#CAckai!cu$7{CF-u2PU&Zv1&p(UQfP`JdQ*>G!)q6r3j`2YU<1U
z;u!3XXl~zen|t#$q&vYH6aXqW?~$*Lb~uTXB{mDWj+5z^zXQp%i=A%;bT1w%LTC_;
z7S{t?=LZjUFjj6lTF5mBn-u;Y<t^Zb-IjJ&JCW7zdz;}VlO<T`0oNVrfx_~983^xw
z_2SfMr{BRW6%gpppbR(FR|R6_p+17|0)D8PKfTYMwOyLRso^)$(ZA!nBnbXJlt72Y
z{a)nykmNuAuCb^lb1-0wsJ{oTpHZ^3Y-yJg-O2#sYCcLg_8l=<umQXvn=so8Gi-&+
z?@PW{#V+G!qQVY3?{fuj2_NUe54-S)c!p(?{t*^t<vSbZ$*^fHoEo7KChCQd;c@kg
z^dxM9*x3Xg?_G5EA=!CBT@w69oOjc6d;F2oQQ}-(c&4Kgq%i{s(}M^YHx5V#{`!^8
zbvVRq;%+^y(1HlT>OXI0Ny4G_v>JBfZ!myV^E8;LJ#`bztx1sXrJDqUDM0Fbcd1#2
zmWX}Lbu8j|ZH7cFY+?fNK%0n=^f=&oo{8Bb_?<_fVHKSL;@<pIEF=Hb65=`P+hK|a
zzyn|vA+I$w*vT(R&3R1eC4lyj3Vzo8e2}v{f@lH9aEA3mxcG1-S&=X=tVGM^EtIS7
z?KPhe(0z}uO98ED7>YLX<OD!SjG#8g6#AEz`yY#dl&v3|KALtcPLbH=wJzQtI^kdZ
z*yEK_^Kep$*h|{($*MBqpB`^CIHtz|%J2|#I(dEoc45SINf8uj_>C^rbIAPzzgWpb
zZ20oPBZ-sJ=2QO?JIvC&vpj9_E#Y&}@yoHL(&FObIm`3LR&$SzO>DgJog>UXLoN)a
z0ND;$66DaW=6&9JQapmEjD93F{~xE}b00`2F1PQLr_FldK76x}$V>MvnVF>Q+ww@^
z86NrQ$eD1+RRW(r%vV%AZ|THuW>xXJbv~i?tZuo!_d~XaKKa!gL`@w3@?F4j*Zr(o
zlLNv#4>^c>d($d6Rj0hqj*>?-TN-O?Rmlxqq(eGHR-KryZU<n`KV}^LJQ3*G&vi%3
z|1`FQ;fc!T;!D1qOz@lds{gvr!-c@8cKT~~faHAE_!o$Ut(`!_WlGxJ=u&OjAcGc8
zy>+Ls!H;^G;f_8t`2{5!&Ry*sN1lyE0O8-n%WLU3T|D?9hjD3<W1T#tg=WLfbtmjq
zHTow&+}iuHQdfK1Hfm)c(eBz{R(6Y>;&4UYnUNS&E!cD|Vs(ckRhT)=**Sw(LEe7-
zusQpOH%FrACNBuL_oy$-v>$xx0E#xS=Xp@NX^6a(!EYK3B7mH|(4F&N&-}I+SA-k1
z(3vA0cinfXs#$A<2i77-$8AQ5v3g>w;d(l2HTdbGI)Oag@oW|Fd>WJ0qvBEy_DS`*
zK0M>QfQ9}5+p0uDOh}cLNlDvW%bzQa{a0w(+5{Ov35L#gA-GGaiHR9u{o*QCy#m@0
zJZ&}?;>h?_OCYW?Z<#QQmYjV&bHvJHJ4Hf<h$faTWQG%@zlZw584(x5CxJ9_{_xnN
zac}>IO^0{{F+%}4mr-U%y8q;!cd)6hu@0lns<_&nSfq`|Pde;%+y}qoD{9wk=Z=3@
z`TQy^VkhtYk|TM=m4W4X)$_+evbl<CN<_VHs`u73xNOSAcd|qQ*y$i2HOQ9$En_Q9
z8Cmv1Rb^(#BvIIO_bND4iB5@|my$_@^`Dj2`}7Hk9*y>3P~qzz9B9FNasDT}<UP2|
zPgu-sdVkZyYGcE_7Fsarg#W;mfwk!us<EbzFvzW>wB!gH;tRoF=YRjca3lGf{GJ@)
z9P2AFhQ~Bz{A&O??|vm7c>G!M00LtSxqPclKHZP|nave9_|%k;5qPl~q954?xEhk)
zSlfY3*PW3<S*Ug2f?CbODhVI3Kj88m$u#%xaW0KT98fEFM68as+;)mo!UUmtPudRv
zhh|YQ)8xiPic9&PdqV&l`I8V>tsqLziBpEQT}vYGM<LmqMue`Hq<OA@AZH!>!gz<%
z2fYBrw-}fJ==&YZ!-vcRO#;6Qpd+ecLY85dI~J^ZYc5+44bAZ}+C;&UQGGDwS;61>
zbLssEM96Rw^5f)cI&1d&;TlYs_LhBFX~7r}w3$FtPSBYt_Lq|e?~GO(hzX+G2^|4d
zY_X4^33y*iEh@Fsf=dL}yR>0Tgae26?8936Hx3xJWGciQi8QogQw2BY^bcl)T_(_l
zfaBofcgJ@;;O7UF;M#V8c#Ao^LiEoIF2D<)K~Is>=^~-cgT**;0X3lD)t)pDhJ2g1
z#`5R`5`YF6!K%3Gq^<>xJB>H(wcki~AF7FWSfdy(<%%6x{R0CN9pv0>iVHU=o3V2P
z)raMDA7s1y4SyGLHt!vIK&_Ht!H$hqy4cPxn!C?9YTnF4zMWg{2N)O6c+RktztMJm
zO$T}T;DOy}Xl6I%SJETby+0HV#$5CO@qrIm$R3k~S!k^XZpLQ|N5$(L71^@#$!_qQ
zJqXtpn$q^Kh?C~{21L*&-xfX;A&W=KGf)5QplNk29b&OMubNr)SUGGKP4nguILZf}
zc?SR+#-ANE_1jJ7IOZwm>BMhlF>3hLL*kBVMnhyh0N9;?Z9o!KO8y1~6fd}jMxv%!
z0g5WL!*Oi%is~SMp6C%=@J9VHEj~phR~u<l=bs%U9kUt+mf?QfJ0Xcb-=~`{Z`5?t
zrZPu$+&|j&-`=u2*n}+aohp~;SG{Bn%cd7%Wu56(P`kq*FH{7C_JEdAlb&;NwdqU%
z#pQQ3h9iq#s0{<L?fwS^6z4}i0J#8s)I6!9=B1s0ksy47AU)Q>Vcm(1&-UjlMn<M*
zT>QRa&~}iLD+|XMV^_eoLl-bhH=HbT9U)vA3+&TDaf#;St;&gIE-HeweUimX$%^zB
zHg1WV6U_JY^o@&i9VGZY1Biw*Bm$C9#D2A0#G}IVqe&wm1q7Z;wTJyW5OuKWD{pc~
zpNlgoe#Q1U*>%OH!&B*F%BIhqKaqL=5HaxL(wYa<4_Ct3vcd_10Ke*6COXAT4ur;p
zl0ZDP8B1)pfoUbc1>b$i^Ohy!eP|uojgMJ%$3L2NW*TkB#tYqR+zpP48}*N8#}8e1
zK8N09{h}Prc(-#W>RXV)4??r4<9!jaf#&+vSy#xL!Q*s4HGS%)wY5hw;P8Ij)hw>7
z2;yL9z>~8pA0Ij5dqlj}?nvNj_PA|KOgZy$(#(q^dAbDONEUBoo1IqL);nS@>jB5=
zdL4^tu0xlW-V#V)U#g4_uO<-FigVeQVV|x}+7vzPyNmD%I2#QzJaqoOrne>Pb(`Rg
zm0jTc++inH!nNFG$jv$zJcFP39Pp{5B?y@q>f(f4VH|uIMi<jHX!V<+^R>p%YU5`G
zl{kE<aigDVyxvq2*~-rG^ckmuiQ#Len1ZujP>Y-m77|oB!61%2tyh)F0X=$mKl*iw
z=T-;I0ZTvtV`_WwFyoB>nWN*Ez<`o_xbMQYKe%K?=;<->;px0o!`1r8`|X4>=wvOe
zT56FDyV7xX-~?VdIBxMtOxKfppUbT_EA6kuPj@y+jB~Y=%9LDBi^V0q2;d{QdB+ks
zQFDZRcT@-Q#42KgjN8`QDb4|Vv_-Ik*(O+eak9s=|89%K_3pt6HE?xxLC^cyw86Se
zW&&@)z&_!lD<>Yt=JefZ(b7Jd_DRD8?^}*&T3b8ze8!wUN|)Q7s}j7A&b*|}nQY9k
z*t6~_xzfg1X4q1+_ae`9Gkj`LT;&!1a?qLK>Z%ZFG?VE!6&coZ5nmQg!}?nU@7$e#
zU<`X_PvX}%HZs(~p1sL0A9|KOexFuCMDXiJT#7)zx*Ta#WGI3$T75{j#_<M$H^=xD
zVVyT)kfh(m8duCJ9?IzJTQ8tLxXQ!dtc(twEa!3Ouj;+%*c9_Sd)%Yl)pFgz%q*N^
z^Y&5P>cO?joYyS1IClw)MsfJg{ma-N`u3GOUui#0Mr$w=w$*1F3^u#k>FPa{cXriq
z+a7!@e_Y&F_JWz<>wxkW|5Av^@d#}HE(0TDkwtGVS}7}li#Ap0gn31o_6C81ii#}s
zJH;X<{*SbbZ&4{_9>{pfJn%p9{_tbhguF!7TK6hJhDuNH<ZKhW^5i*ZXH(tM$K1`h
zbdt`V^s6~>msyJ2m`>~a2i)oDRlZYB%fyx#Ut#{W(1m{I!5X2>(G)j+yPCr$;!R5r
zYZ><**5uvqwaFhewh!r}pP`()-trXBRNtuzFgYZXm&LoMP4P?T9rbC_z}<H-U$Qf|
z&JZ#*?BO)yH|V2pq7C@vu;blU?;PgbZ|b<{bp(8`jIf^ld1tvN?t^FZ)Y?o5b?uH=
z@gP&)K-qmO&iRg{uprqAPNU{DG;&Sj^=s$T4Qk$lLL=)i6$HsG>CJxWa`Q#{#FV6O
zV{Ny>R#;5R4*^>|pn7@DANRp~o0*4|@=CBud!$O(zMrFN0RH0~SYl^~>2{|2ifkw1
z$gX$bb{1j%IecZCLn$*iH}_TYk`nm3+K;X)RCIuLdmonN8|JA*$5Ln<Hf9v5DG^AF
zc34l>A2Xorif8KXv<#$Q{Velwc4o>nCD~4Q-!%=oDI=5o@kQNd++xmf>|<2*+DY1T
zl*Qh$^sA8)9)g=Mgj~$tT7M05Uc!q%G{Lp<3d$b3Dypisqki2@ZFxs@n0)xQ?wpG`
zPI2EaQaS#7_rNFIyTy^1Tvg-Ii}Gi9f0IfYm8qkSs#UJ&ufO%?b)|k-o!q#Zx$_H@
zC<4y>Q4wn|7DAAru`_g&C<f1biZo&R#^7+NcuTB>XJllgwT|?hpfjL$g+n)HQLu$W
z|LNJ|NQzQFCVj^MRjnGIlM}&0uj<w#qma9l4-0<#()00=&6BE6c&_oX*2CNTP$ZS9
zP~d6yMK~_Q`XF&_r#=t%+lyMeO>cQ9va-#8uXWuyLwHf!`g&^LwED8Zw_<foJ-F%2
zz*S;L_1U8CZGv+5Rmn`=t^^u!@CPH`s7qf5($j^(BJa=e{%Uz!PL9R_<h+GDoM&RX
za2wA^@b-l3g9_(eg7=bOVK!PFPH~N;#XgMBg`g!gEA5-7@$FCJVCT=JOauDQ%BYgb
z-0?CpGWcu3*D?9J-><2qW9T@=GV?>SNgpesB;~Wx%Jjf8G6(2+z%vZBgv8ZcBX}~1
z*CUO}d83>4DKs?nS;E4?{n-9jPsc6?&OSW68ycz*aRPWxnK?@T8^OQ@|Gs$dU2&xU
z`x;gttowZNQK-VxitF&?&bK_FGW4eS9$DI!Bi+9rhT_lyfd(qZO@!<lbT<*X6?aK5
zUStoiPusdIPo+7TtyC*BwZ_?be(`w(+|R$SAXR(ArqSLknx8F_%Jz?q5k5rH(qO;<
zSYz2vDS=f02K_m|xcVE|v8;nm`TLW+VVTjF2!5Hr_4;$4GK@XrY#5u4i%|h_jOpqb
z5D;8Ghm!3o+zw_`{QFJdR=9sL{k={4h@bEOJ8bCxyA1ws_@WK@A;DgE|2Ql^MB=YJ
z@y<?x(qDXTUhV&1(Glf3zo_%J`lDn2z6k!$&)fcg(f+Rq{okNI|6ku@j?w6qCl}U@
z;VQ3u9$1ylp%`B-#clqSpfZc*o`upUHSP)k%|5`DeI%u%(Hgx%&j{eizb=bsKtJx+
z#zNvcX)tO|jN%IgRaRofQ$wT2^P9)Fb(};wHzbG1|Mv@7D?~G<2E(@re*c=+IB6!7
z@p>ym8ui7c^+%I{VYfhrZQN}DqJ64}rc*t4&CU;zO?v)cGh$^(uVMXOn?oiB{_?%R
zHG#t3F7bEg%}?@j-*zmXB=aAAbO5n=jTin*nx4DM$pgBuNzI$Z?7g2V83^Hg23~Kk
zs-`s({sDrY;(`FzA3FR$>%e-oKeCo!$pZAq(GCF&E#h_ZK%(7ONjB;d|HVzK(>>FZ
zGWJC6SiBh`{xr&T-mDzpRIql=X8TS!wpO|aX8gO*;0^|ZsdL_>QBAK8$C5yoF_a^D
z;h)k=9T6SBN49dm=E7F6XFquDUy&$dO$7+v?0k=T#P4k!xe7p>2w231g|~=S{FjM3
zFA*QiWqv1730<$8sSbk&d;63Z^RUQEtRN+zuyVqO<+LR19mgZCQBuDPYtx^ou;FeJ
zv3(|Dj4HV&M}iLY+>sv2T6`iS<KKHE)X*UGNT}TRLpu+6oA&F&C%<Z|pNGggzi9H`
zCwAVwb&awo0a!*UhI^L?l*1!j-GSbUw)I?tb0m89ddQphY4LY^Tg#UtD)N_C_*flG
z?g58jdmWuEBOhN(%!XZ0o#g#(qB)dPP<#9{ZvGeF5BGg5KcSN1*iC~B$d5C9#%>3R
z(IgeWse(J1%tlqoziiC|yYfY>ZI)Nnd~es<FSnkJ&7x7vEL_*7&>29tPd-hdduX?1
zLUp07Spj4bY2TY&x|B1=BY;?$wVYCJx=+L4rz%rqN%XtpBlJnMLPk+hV9Dl6cBL;>
z98ys+-fZc(<(cS9A6?qI1_1zmXye?6rq~^_vc>5b8S$6k^+~s?+ZOzwCKEumH@Mme
zA|Nm~e;Ui7K{;z&GnA=vUxDEsfy8lti8F42@3F9Z#j_B7YukD))(yJ9QGAG;m*-b)
zC41>}S8QXnI7@7&0FV{Xh<Qie>3~boM}M2{y$ayuRs_IlGggaF{t_rZz$!Z4mX~|?
zU5o#|szu|+eC<gsG*UA!vCgZ>A8R}ju(x%Mm_{^=Vn2TIDEIvNAo2=9IOWu_3Dvs<
zwoTnp>AyCd#by1rBxo)m>Dj1~|1OV$&H3uL4ERJd{!_U)I)v23!OvT(;G>c{37rXm
z*vj3OEluY#HM_E?l<8buo@xD`BP|hb`?%ZPMujEd3o2)J!jPFd$lAM~Wy&kriCtgZ
zmywetpQ>|ncOPs?AlVo#{^GKn3S@=97uwjSo3J+xJRVCZ+owwTIyg9JzT*fCo=yK@
z&R3`<;pf*>9&mQR$iU#IEl{S<sN-ghdZ1OL{ocF)5*ilPaeppBw{l^i3_-Ba9D?{!
z`{6@+w+C@9day5#5s-CoOtvU}cGm7m0qsjCR1`J}td)+;R-&qQ7`qvni~ci%J&U`*
z>5EZgR35CcK}pYjo)qd7-6VJ<=HU~Mq$JSivwNRDGj)joH|zO0BnsNIdrCn?k>$du
zBOo|+E9$h`E^>7A0fB^}p;SB-JKqee`H83KuPx2na>3Vc`t8$1K}9;g)SyTo(j=Kf
zFC2_atS}|TyUoq@%U_YR{hT@B;a}QA2H#ES8eAqQ)O7nE#0I}@p?oM}XEsvk{hW7D
z$EzvU=oYWz+UFg4qHm$QFUWojGQ%UkcMeKqf)gS+hH}l7Oy_Ese9kI-*a*CzAZ)vo
zs~u-0<{vBFaTNfZOp)awcR&~Lv1LjFG+i-{Etae{Tg?CUl;v4IF7dff#`8@Yg5nbP
zR|rE2xAlp8zQn2DP6}Ei<C95ssi-Ixwxat0Q&X>tZ!RHf+H5o*9h`l{?RdT4q~Q|5
z+E@t(@Ku6Na)jo?17GiP8R@bqg7@X+p^vXPzR<WYg7D_;SyT$ZtDCk2Cy+>qeY!+Y
zTY63%LFL2x7+z5;la{PC*a9bc$c4Y(qwUaDYjR<=^xf1EZ0cqfdWJU@#RF7(E5I^K
z@}{VoRM*V#0;8h#iDvK5cOCO!u!R}yt0p4i51Opko<L`soySBD(36q^T)ga;3ktr3
zX>`Bk$$`Oc2i&_K^U3_Uj7IY&JX=ie>GL%X;2F7>2!M1`Je-y=WZ2_`@~0UGkbxRZ
z1f2DXE2WGnS(z;)O8)RY!k~Q(>s;;+q_=!hX1el(<Zu-yqB`HyQp-;I13fybIqm!V
zflk>RndL7)URm;1V|PLdrTwHX13ysJB%d?~?d@O+r^&zTh&{crFg%8mI(KoXcy#XT
z&OXZhH$I*xSWgpf|3B=#^;=b4)HQq%5fl*>0cq(jkuC+1Zlps*y1RsfN+>DaARr~(
z-Q7sTp<B8SaNwM8aeLp-`~31=-#_qrU0f1p*V=Q<Ip!E+?cLAiZ?v*pX3j`RKyWuI
z*0zpMFvm*>5D5hR*RTGW-ZQQglu`J<Cnh=@cl(q_3m!vmn1!hd_)~DWrSW`v$l`F}
zc<W&<7oic%05kgRv>#3@v|UZPIUsnSNEjz9wejI4AJhuFmoMhC6iw@X8GV}0LWu>m
zFn-)AFZgYcX><SBZ6Bc%GEw(JvBaab-XCDNA*(H3s3leVvn!PE3ftfVKKFOjHxs(b
z6g+sl7!PnQKQgFao%SB_vhwp2RW#H+d%+^cR|H6t7nZuXT<fgtV;gaCaksl<LLd-!
z@}x%uqfR+fN@+qewIaeZ*syDVd1bdkFn2jT%xv>@t1^_j<o=s6CkE;EXjQUWl7@np
zs&b*bZCnG3m6erB2sgSg3aTigZy`aFWoPL4p|Y7O<@+L}VYcLc@ws=w>2Y|@Xv(ED
zatwJn{}CiG$)fuTdOb;9rs((W=ka{bc6gBHOu0WFMM&0|Y6MnhE}GD~``Y3Xo{EF0
z=u%Zx<+M2h&*IP2U`b%JDw?jAr98k`<w`QWu6*oh8XO=+BbG`|#$mfetd_gVRPK(V
z)TNxg<8vHqgOw@WNNZw3WQeN4o_rFDai^ifmjcQhX!u_}espbVuKO)ws`|E}pkw#1
zz!>#6a~tfk@;Tyj0^Gj412A}=Rh7-CjbWY3z^{wF{XRQEy-O<_2nRP~%>Fhrb-0vL
zZ{cm3>1dx!znX*Ez7NlZ+|O<e%;2_zVo{c~5tpmh3+h~yzUM{?b*syo%o+qT^pQ&@
zIjWTTQ%946Ut{AI21^rui8;28g}M3CDl(*))m*Qg`hTY1rR!)l(QH`i<y}}-N3f%n
z0hRS9X$Y3v>6_h^lCl9TPIlyeWv|NyyI$AoegFhwl|RNCscT?>i?7?)+%f&=dHj8<
za4E_$4a{7%K#f-|!{g(h8VW*`6a_gL`1*oRodg6PZ*Fa2A&|I(t5ad(j5;8Xe!O+-
z)<Sbn3pr%CK$RIJqg#qz=zt6G-kJ53Gkn!++p%P{;YYk3&BV8|?$_XkNBS8(K+$OY
zGWn}CcJu%A1X98;Z0^8E<;py9?mMK6TN=OBojN<k1_2`{|6J^B!<+qW<?%7@lgg0b
z`$u!BB_)(5@+3h3Z7hZCOPq`HeQB$ke77{)BX*E)6PD88<JvcWU^a%2E{S9i+S_~=
zV0@g-C`>P$1YXkE8r+M#-QZ4NZo6R3ck33Hjg*<Wd727_X@BZ5`YrO54%h42oC__2
z*|GQ_0EUeHx^}FsIZWIPgz6k`^${ZPhsShYNB_^TUz(VMB+%YYBc-bHgOvcpVe?cs
z2Q0oMrenZwmwre;$12u9x<|##vd^G%c|GfEx7x8_S--Kkii*n7c&uxK_Ef1iT6xF&
zr4o>r+UY;Ov9cnydOo1e&XPT(-;#n(KMcwR<mJYL0sEa3j3g0HiL_*Bv!$URn+O`)
zc*0t4YIlyA8~64%fBgzh3pdfR9BqAukn{}d7Ix8)PihID2L#n({TT0kd2@wjnmrQ7
zXY!1gCx?2>l<?c@1M|uI>sfT0r*rL8<h1{V`tPPMZxrZ50(*1Bh3$8qMelBn75cyL
z2!?cTONgGn6>bw~5)*Ip+r3vf$OL;^sH8rnj{n&-TPD+Cs?k3Dp^ZU<H=$Q!B9`am
z9R`gCehasYCo&=S#+~vh0pD>ATamTKW$#ido8Jq7I0FL*@k#sS-Dt{&a=f4uI3>Ls
z5E#N?b0p-KNJJfQqT&%69&XrpsX~bId3K+K7k%v)uOwoR`e51kyIuY#4eP<>|DiBc
z@In&7l6y;@z1E>fNyzs}(-clPZsx9c0-x>_av{X?yG*79g=}*kubq^Roc+7hK|Z&W
z{1KNgm@Y$n^bCAM*Y}Br<r!X;Iu0qzUH*Z83|99NaH9CcZ0dTK>ksapw%_FdKKe%S
zfz;IW3<N?KhI#;qHjN)5a8kZck*4e|@Ih$^nBMVrEL$t|n%Uz#`?HNiHgoQAYgb~w
z79$E^t`seG#<oJW_D|ML=m6Sc*jAHC`+)Oz;KQ>xhbP4&{Zn$(Glc>Z6PLuz_-q!S
zpP_8};tr*k$Fb~h?VSB%P38Fnqi@Opo&i+1-l0rs!eEq!HoxF^zP*=Pkvb8;Ne4)A
z267>{Kqwm$w-M={c>ZTgg}_>e=aZy0udlzvV*iCKpY!^y_jt?L<|nT&GSblC25}rF
z&+ea`zO(x9RahrBO?IK=o;66;_p2=MeXl9*F+S8k>7sjabOwQp<>)^GU}w4aZAS;4
zrCQNf59e9mYg%R=X3|)b1b4mP6~QCky)pJrD%o{wQ`X!xQe%cM1G&B|+zwdGjt@FS
z?0`{v9-4X3r)c!VhUW$Ztq)zGK{!4t;qHh!X`2_r0BL@c_AX?3vBLNPAbS1b$@}+D
z`i6dH{k#`s{>JNyMhJO%DtH6*Aqg)|`bQ+o=uU?-WD`G%F7%hJ%>8<+Li{5UkjKL>
zDL|nsCGGp@2;P7)sTKNf@ixClFX?&3WBK^R*_n&nu{c0-cWV=tfleoPjZg91YejDk
zlz%K+c2~cy-e~8~iZGKY=;{mPY-Q2#B~m^9DUs3Ih`ZT*`KuW2839)_oOh3H7TkT%
z+UORq18}GH^Hl59HA_B(Dlw^7hbme^nz<GT&88c9zt~)wn0)}RZve=tW$dmv8YIPe
z)(+l_mLx)7gszw2LF?y0sZqG_R<l_tc~A7L<3e`wcaAq1q`6R(aOL3en9qIvxypxJ
zGtDBNT2~v^kJSK;KLtQWxw><EvL#2g>>lKYV*mlx$Lj~6<eN=YvuR)4@7%81Kis*%
zR{Qk~ssI|*)`~><BO?5ekuzFO(@wWERFOGiugz@q*CWtZLLiOXlNj`ax~->)a5RV@
zQsncaFP^Pw<z(d*752y}^&Nh@$0*&}Pg7Hx)sw&c_mXwm(%m}ccEHX0p|EQ)RprGG
zEHj62B;L7Kj|T`hP+QP+CI$%g`z+0`A<dO~n7{L-g&{s66|^q4dj6tSdw$l^mgQ#4
z7(;TrPmid<+(}D03-l9R2^-g08coAs>6ah=Az}NJcyncN4So1`_+n?WWSofSUBES?
z0m#ad!i%9EbJU?AF5*i`yS5z_LHV~Rs#G}`lN}<GdLCw9F9@-)+}altQwCMIzhBPq
zy_N5HpNZl5)E~dc4k!^zDyHh*zGj)so&)IVoyXRkq%za5SP0s(t+_O{<BX8t0VDee
zowu|7r0}BD&y9`xmAe)bIf0&&3Tc%Zmh}(R_4VG(_vb!+UTj)9$+)jg5Vn^j-sjSA
zEX16Y!(nFC-0*(a1r(a40Q-ekG>=<mdT)7oICYQg?OdSJP+uvqomr?m2ijZo@&Ms-
zJ6y{5tbioLYr9ix<_3!VSW+z&YFyc;-rS-#C|5QxP-JMj1<8x)f1SuCUShJs2DGJH
z00FsF^0+yz<Zwh1eIMdLCdJ+ULMqZfRsb{vH@nkfrR|TfON^ZL-#1JESlzZD-`dio
z-a67s3O3dA(!MvuT?X=Tl8`46#J5;qRu+3su<8xyh|9{uLPJ~Pq#b>)*Sm~_|MLO>
z*wj49{xYsZuP8LJHQycLb~R>DE&W}iOHr?RxcoU6IGxshC&*L5bc(%M=q+n&cP}S6
zakTx`ViwEf_nr@%++VTf9{-d5!q<tp%c~yR*iO4cJaJQ=gyN7*ky&fM@O{nFxtZ3$
zX?><rakjg>^UN3a`!@yW6+)|(x2d3jrTAmZi_Pur4E<!{^U?Pdt*zAKGpH&l*`I!8
zT}TzIs+AQyP{bwbJx+-S6&{#P&yolTfQO1%TXTl)z=D4{Cz#Yse4ZZV_+h|nXh0Xa
zw0A98?Xtoq6I1>vR+3dSOMa1y=XtB&C_-s|fJB+%xN(9sT)_Oq!WEi7A2|PoZqeHA
ztJvMU@pAs4EcC}W-2<@rlbn1IJKe7wN_;$$fKKa6!@;Y!UqeGb$<e7k?aNjy(QI@f
z+2Yy#)GdeoA*;>{{zyH4uF#JB8E$)1>LoJ-j45P=Zb$+MKugt9G@k(h($?jj1N$k+
zV};b&Ec+n>Rd`Yv8L6sPDf?HleR!&jtOv=v*hb>b0qN5df^i|3(MC#!*k-a8Kxk)V
z0wKRrb`K5?9U;y2ewM?T`+W7D6bZ&l{Qz<RM1iq~Q}-b^cRv3blEm*y+qX?YOz=$^
z&m_$gWiO?ma0fy|M@PkOGGq{v7jF`rZGcGa<1I1Y*4M4^AgO2&TtSK(WLC^yU!nib
zaW*)=#8}P!w<%1w^^5!>Oe)heN$GhxYjA_LD-vCn<~-dmf|#Opm1k$w3a-PRCY78`
z`lb>vL~&m~Bo5VTD!TP-NcIiRZox!j)7uPx9G?a~X+zY=+O{2o0jBsH`PQPK7^C6t
zyLJrwpJLHIiIKn}cs9ohqg$PwoSlAWYtS1SFv)*Xgzpd6d$IQ?Rbhc`#4d>EtL^^$
z8h)dr6O7@Qg+Cuj-Ak+7Q+j$Y#owEnDTW=}$Vhy)`dZ04&Bgm`dAU->XYBUJoO>c}
zG211Zn^KGF1ym}k#%>3jM4&N^s&uq>c{yDgiiH!>yprvGFAZL$ASwAd!RGC=Xqm(3
z&#)ea^DnG{5BZd-nhUw@1TDHwPkxip$W-Cij7wZzM%m<6(0m0=Pj8(7H6<k)oZ{lw
zN819HpbV2!88`eBf<|_I{69m~|6&6HxnzzfDSJn@vf#Oe5Jj)+vU2m;9}hZ1NFfkD
zhh?FO>lz*5<e=AlrJgvDXXjp6{vpX}<<kH|zk9E8zlV|W;18#md18_IyP`^n&p1gH
ze(z~f5<g_p;m9^Gz)#}GM;zPC-TXkE#h$riF<PHwC`D`BH=?Bz+cNKV*K1EKM1kO0
zM~EOiN`E_b1)AZIc?4O-dz8!!$gOHkXCbl>&W}nIkmf8h$v`(63?pM}GziuSRK1;=
z@o5OFa(X|&M?f}#K(s8FKw%p=c9)j!5xd^nIlsVU(#u!I10uL-?yHo@E1`vx>BTLA
zQ%(Vm6<nO4W?(hIHopIFXDQJ#BSY>lo!KMPW)0zUJrw8+-DHo_d`nmtG0}P!qJyhe
z>3P1&UoT|&ii$v7lIoSp3~vo8q@9XWw^!gUf_cJ5d79@16{)f^g`o|b0cL?m^u1Qj
zZ<?RI8w9Ws`{H76{b3Leqd}^jg$gvE`ud%n_()Edk)aE3^4A!rMfd(k2+Xm2!pnsQ
zX@?Fr?qsVa-2e6(GlpQ@V!JN*OG7ak>Eo=@xqx9TLs-vmq=6ojT0U#1|3IBm%Qz8b
znxSUR-jEfHp3d0!db!-W9rDARnjMgjhR}h_9n(aES`YN_o71CXe>GYf&)cccJH(|l
zP?thqzwMc`rcKDE*XGBp;b<d89Q1!^>$UD-F#HcmNK&oq&WEHq!Z&|ta#B~E>h+3b
z3_5iql%jXVL_YW~0Cb2PM{`wic<h~YVOa<>E&R5Z`X})ygm~<&S(S<S;F{WCQiHFJ
z-VECJSjX|l=9F)<8jte-d~$jvZsQL_;rt&hltEHk`$(%vTDo`gKHg6mG|0@%FQaU<
z2CpY3IN31Q&8U&n+TaizzuhUmaWv2O?>l!Kyu2EAx-KY2O5|lXH#e~ms5)<*sY2bJ
zw^N}(L6U(iv|ZbCwFo7wY6+@GztmU&0hpR&-;RM>Lu7+;{XbGcIw>tJ?JENViq6jI
zq5g^AzcC;;gyVFU5zM6Zb3i;s6T-(Rn~lLsD7m777Br{~4TbSqoh)l`iq<l+4QNkN
zJQ4Tn$B#vfu2Thly;kJ7b^*b(vE`wd!c^#GVq|?+h;8v%bhmByfE}XA?|+T*CNLp@
za<jq5CE%51_cJ1X>Q8HHYxLma1Dr6m8RXkx9mBexA(_3~G2Koqi{sl?T^9z2U9J4Z
zmA!6yF@;k<loZ;Bn_o^Llf=DFos=o?7j&?LmN7^(E!=T#E)xE~FVauqb<51m<ICFG
z;c%(%QAtUeA%MhgfA7v1`CVz8D+e<qAtt*KUEjEWifu(r#<*@I-ohE$orOXL>g#z8
zmsxrmq7Ly4ShO3}(?VWHJi?`8c2|rJm%;Cg>;6!BEBLu-%|8d_HOD`N{3l#)!r+_V
z>RJ2%RRVy!4D4iojoNCVuBb7gAL#W`axp_}g?eSBBRoK9V9*#Of;=R{%cyMRew$|!
zQsUGiX9%8^aDV3fq;G`nINw@NFPWt)`ZwY|K~rfW*_O*v?_1q!C;3x*5K3DAJCvaN
zqG-8l<R2={#~EawTB!6t)lcDuKsfCW`HsUp+B#S0+0h_Qw6&WvoR-ZZKcO05N4Gro
z=RI``yet#4aJG&5E@{P*kI&C<yKx`BvJ#uX5LkK6I%EFsM{3@-j#eD=j^t|wcGe7=
zUt%|5Z2iBFJreaKiO-P;@-C++EF^CoZ~=rj`5)LiCJN%v0cz3P6-JCxaM;3}m9VA|
zC!0Pk*L6S%djy&^z&Cy}o0!6eeE<I4hnjvcuK_CmyZV*z&bedFLmTiK?6g<MgKmV6
z)62cwvg~TBYqSb4bM)oy39cveU6IBhz!EjT{EzJJU_3g}z_4N#cCXMFAk<(3Q-$u4
z^_c-rKD*W68H9pD%=^98igWuBJE`{f<(A`5ceT0I%_8ICzNT)lsCq6Wq}zY-IJfMR
zF*EPkD5s;R&rl93bi@BC;M3@iK&#)XMTgKlz8jbrPff*yAev6u<My@AeSz`GcK*Yt
z_Vshjnfq1JE4TJI+Yqf&-4NRaujUvs%u;LEcs4EI9$P<An=Wn>{wPfbb}A1SYwT~8
zPqT*%Itm1F$Azs(XB+Ok568+L((62`fQ@@!7a8t+^#)d|Z&6WCoHjYra{|yIK;HPj
zcDQP3)*VO2!)fxPx(0}gpqIco_k42K8E}I3{VyTSUnCp(JdVT)hcJ9Pakg$+4Tw+l
zw#%~7Nw!e3f#$5`TM2P?*Qnx>8^8oxg!9?2Q>6%b#_zi0Y)y#CSM?TGF@L&|+&-=b
zl@S(FJ!jJ1y$&Ir#m>s=WC|1YB=@-vP&7rocFZ-6<+(AE1;xIas@zse8FF?iMu+4t
z)MKU@K62mIr4h?^8Bn^Z<2v|~a#ljXOY(kl-so$$iL(R5Y;Kn1EpuIZQ~^%9(fh+?
z<A=Z-m<s3oM?(4yO?W|z5t+^2?lUi9HeD`qa>^y6-QM0|IE2LWdu)?^0|x!Wl0yx=
ziE&7nWes2TtwuemcRzk0I;0;6v|7IjR8_w6b?v>SN;M{l$O+-a?bK`3f?{fe&t0Pc
zEQF{cS%AH$oW`_10Kk{0vwqibN{V}YM^}c$@_$~iErOZL1Y|!51imNQ(N>P}pmBB8
zEKFoh5CZ9~<4fBg?qMprxXwXi(CI{j*qwdedVh)$u8-ZxXT6gkB}s)!P`+djOJ4`u
zESSiDZY;FvG<tA$kfTTD<>}Pyo7=>cAE%ou#y^((R(Nu<s){*0+eb%HL!;U|S$q8O
zd>Z@q9gK}F-JoR?&=NEqoTdTiAM=q9Y-;Ku_J-V>p2rjS!eZ@N{O+92-bg@MgSt^`
zLg-$?EJ$l6E7>U^c~(R)*ScB<Ef5xUfMP#3kt!vN&6+SVbXEh@7y_Y1f^RnjvRa-l
zIpm#AE0ZD`Trtu=LxJ@IC%9@~?1+>_qez!rl@902r<7$e@<QX};rbFn<UEuVP&0!L
zDS1J7S@Ps)cq_pqkV*(sb&N!!dPs@qzVcPYhFMCd*gq)bWaI4m+!5iu`R7l1a0c1c
z)t6Ga7tAaaVr`sOJNF?z;^sOu^wN*68qLHeY$e2tYNslkqs6M{()DbG4&SCE8oO+?
zQ2Y8xG>??>0YeueX8O*o_?@%QG_2IOe8#t{@a;}sV`SKKS929L!_wool=2)A>#ddX
z@r*2id4-g#i|=q>dRHlG9lTjc0sU>sc~z>fognCLamj_n)uKKU<b5l7q|Tm*VabfW
zL<&W{1OZ0PM)_(j)wex3`U_~1GoEDylO%0dMs_}U+`4Pq5#g@tSImz*HWm7~9JIlH
z>pN8>8ieVsT}yR%U>>_H&CFE!IxppH=(nJ@Hu^>^Z}y^N+DAd0)+1OitT%IGkdWqz
z{EXs)9pR8r<k#x}1^ms5;nC5KgiJ0!JHaAi-W+OQ*xhg6;?7rW-31mvzd4#6`lNNY
z_^Z^c=lPSCmVLBt4UYYZTyBe6#)+3)j3&StCkH+-Jj|in<V-PSaQh`)<SUlPX{NE2
z2Zb8U217yrl&j6-jn{xhKg#oi8Qi;n&!l=60KqEb2UV)WGuae-qTUg0@kA!qwQ5rn
zlap;>cwG$Ertd!le_Qdtizu<T*Mw)As5AY5;sV;xYqj0o%@epgl`|vqdR@5lG*qVG
zfF0dN&L(Fj>r@1O|2ZJ_01HcHMJksggm^|rlgPbq5d9ukLBNBZP##udF)9M1li~R|
z9vvj5*G7x#2`PsNY#YgE|5V7L&(zR%wzle}QF#R`8m=p^Zk;_Z%w^D6CgZc^^sUoO
zn}S5oHc;t-ZK9;;idzmlVPHV6*sz0CiblXpZ2?_Y!x}&IbZ?&A-`qga^I$XnU<TbM
zppJwNDta5FT=Yv9Wled(rfam9(KoWex1MjC^R`Jd2G~GPWJyNh1rn|8!wA)5IygNv
z4In-sKb9L1P_v0pDo&nzk3kI6VsLbjooPlJzDDGGHs|)ON|2ZPHoJC!XI+{)VWjpO
zsseiJ^7)^j){@6OF`6}I0yK}wfJ%)?SUB4|dHk0QPfs8HQ5Yarot%&msE_`J5=3OC
zmG#>c!pFq^KUZlCQAG`yoR*ib<Khzl$wa~R)P$~s<Ie`a7zrYR)^6!UB<@Myx&Ohk
z=tLfZ@zGj*=fL9GG4AX4Gb}oh<<SmJtIIn-l+f=%07>=1923Ht=y4aeaW7ZsZf@+~
zCUg6#sMlU<W^nh6eBA-t?w)nDOrZ?)O%(7bJTjRUfj;u#wOt@|%LlY_Z^^(<&M)_7
z!)m$D&LGcF>f-CgL=Yf7+aK-VLyqFxTJKwgV-@JUfILh6l*|wMR!iQ!<$kRT3s|TB
z9kU6Vm3{rjOWBoWmIc()Tx0|rVB0k7b_gkF8{Ie1(vMa8<Y`(zPe=NeijY)Z;fSJ|
zg~Hm#C6J^B7!Ar;RcII6#4+l7KLJ#1<&^AFf%y0|^WIzHfz;#PZ5tHsf<S6(Yl}-N
zA%D9+^U%P;wPMpQV$eWCSXo(j<|~O^i<0}#hG2wM@6_|-T2JW|;&HUHP+_>6lQ^K6
zwA&uxJfCaw^_)~>_J!Hb-v(S72{!86<F%J7CU)q}fIF^!TY&Xa<k)fB024nHQEqt$
zA{E|ahZq#Ep3J|es)`3_FKQNDd;F<D{M9m1<L5+!`bsPcMXUrFB~_Te)Ep#$BN^BP
zR(?lr@Ht)8i$P-JfqI|d=9&IEkLz({#KG7kMID?>W2O=qLd-N5$N<<U<h2n7&HUXL
zzktliT)TKPe}RDlO2L<Q<ec-ify!b$|DGhKCujzjY8IGD`8@7$a@uRn1eTW%R~TWd
zIXV010{4p-{H9%AcG6xvUpuw|E@PW<rq-EXeELmZVNkYJ-RcEk8YbTxU(%j<1e`j6
z4JE(~OOa@1zL2Q}0S*clzKZ$1%6);K4kax&L|d>bWBmbcYdGFU87as^(ZvN8X}_D`
z6kXNf=)iO^oa^P7Sq5)<VWMe}Cf8j$uH$HxnmlQ{kQSvU9ru(ZO($EO33^9pcFwny
z6r?jlOC7N_Zh%~d+hKV4%uy1Ib&t=Vl6?sX`-t!Trt|(jHsGI9E*jgvam7aIcL6RC
z5N-aN`F=n}WcH%CWq{c>JPgSm)K|YOL$ZxdHp$FrwgOh@RLJ6`1{FJz<I)IDrkCxU
z^TUBeH^3&QiEnqd4jFh~%4*CgAQLchm;BpfZ=}Z8>FAIt$Hm*gqW%!ZYf^w-*bBn`
zoedj%nA7!y7pX|f=>|X7x7Q>$>jgxzf&O~1yk_}?+2kue6G2W$h@uZI1T65e)Br?H
zT*LM1G<N2OUY$MewTH`Xh+3{LIVDA@H~C+C%<n4m-k;(3mR$62^t7ZPuEK@E^NEYJ
zmF$DUHcZkhPjshInN|x+%eLQXYB9${2GyVUuHUTNF21(N3P*#3Hs8+&R;F;ug64W^
zab)!Bm2JsJ^WB?Zglx{HVW`_qF_xE=RQi;pp#g&98q?21c~BvfV|&A%gXe`>b*1OP
zug&Gr$D<~!J*7VHK>7lLq@`aMQ<USIZ33L=2@RJbEqt7Yt>y-GZoqP30L!{EpMHgd
zJFs3r#5)xvL5Di|Cip%Mhv}tTl)c)OPp-;ud@>kM%MmxsPDHg?v$gYaAHh|A@zV?=
zb5A$-vDXVWyBw#n9j#Wz0Mck)!k)y%edzaKv$n-%4@+q6zhDQe5Z=w;QkRa=gGVi4
z?tAP_l^#O?9p?uYj{qwe`b+&v!<l?qtwLk4KxF^Y8RHr5Of<&qALok9kq<(rry2rT
zj)X<nK|C|lGYr;|@xaJcoq0Wbe$m8qu(OMo&7N)>_F#B&QWCCEV7GWcL_<q&Y91@n
zro$xPY2X=VxIDEVr9ad*hlBU#l+e2c^3vS%qBX=?+s$aIn&_+Id9X#auA#XWDHxW;
z_2huBU$5fUv;is*t0`3g*`U~@%|Hf$pbqd^sF5=_MEr5Qu;^FF-1Y4WO|AWLQXdz`
z_gccsx2A?jPM&M;$wqdQQ`Y*?_HEF9Z@p!1?rkM4`aIvdZ~VQNM7hTKtd$$E9KHdP
zixUmAlWgcd9x2?)O@;N9&TekE*V%L<tvz9nCp2r^?zF$>Bo}rMrGRSPhe*lEwc?5n
zX}G5V(RassjaOPsOw6xK6gqg0NVs_5X`-&);b$%GC7fyfw}st=sXeuHpR0AHh_>YI
zs63TbE_u)Y)VR0fMwJkuc|uaPv)pfenFVwhuayaOn(Uu1sR%NDhHwK77HGH-2w1Z4
zh~T}T^V##1CO5zHp;W^k*#WhCZ}D&KfjWN=7K@BkhE4#d7dG_z5h%Zm&xs24n$Sg2
zFZp6B#l6^FK}IkdJlX&4IedF538WY7B^Mc)dw@v%jGOkz&fevr3`5R)u+OuC#FtF+
z{-`|Oo3$SNvCkg{z2@NMZ7Y5yTx>N?kaqp6gX^6M9qx}*Vdys)oV?{{9A^U0iEm@0
z2;lvEx`wVEC8$@vn?E@mo*efBRUPO$iyIVQpNF31sOB*R;&b_HCfQfnb}SQ#;j95L
zHS2YL9~hnN^7N(M^qNj!?08E%G`P>&+Nclu*&zy{XT_|B=s<fA5f)sY^|P!7-3Vx6
z-hoCGa0agw6*VY*(R~2H<7@qvyErJZXZuwLRGqv!J5nZ+GJLanq*Vy!0^x9ZExJV5
zc2t33aIHayK4FU_G4h9hsjR%65pdc9EDld*&Ox=oGjjhE<Q1SmEuD~lqJ8E<>r33n
z$jIonjJS38?l-$UZSu$89sr?+)8+%TU#I#GbXPc#vuzEV^TEz25q6BVQguv8N!kJE
z_)FNA@kBPRd%nHS*<fV9i2NSMz|t9i@usy-?$vgzh<Bi0O-+1nYWD0IX18tO&mrRd
zsY*tHO6y;Czfw`m{g>9X>7pI0h3vFy1HMC{m72l!ZHRk_Z#_LzCH9n%XD?pdq94+2
z&2`jxGMKB=CC^~2(lXB9CE`T$c<k7&t=U^It$-D9`)z^FL|pYN%Xr`8lCbo?v4K*S
ze!w4ZV}~kibs0`{b@xvBOJb@ydEk=jF-(R82a0VE9$B?WEkJM@wwDLMXSB;BHZ4cG
zeMr8uV`&xU<GrSOL_C(~2a*7~5{sgP0P9PSg99QV3ypwp-xz_7>wr>?{JZ<uFDBjn
z%^s-lF5?0&J^@FPh~-^iN@ODy1jRMx>I@I`e4u{Hy1QeAV>Q%PVLmIO6ml7{@*`>n
z$kS-*2l=!}sw-t$9LK3fduIpwcTCs1DkNHo)a@Yw8?olO8gXpOSrPZM$LfVJN?oJA
zQ1q!r^G85B<uu=UCYQiN@%S4L3(IQR3&rGy;OK3xnIJ%)^mi*^p=w>M7=2-rwsUQ>
z7(`qOI5;OICV$vD<aMl`m7OM{I=`dM*&TG7`}u7F74?(1u%H+~`Cf^gQ>81A2ju+B
zLKE4Zp7{$`Rm1u^EN?<Ajyhf$G<p;`opC~*68CmJ1$^hOB{7QsF5P3YC(JR|%RT_*
zDsx-6jKmgwF759hD&j)vN`wtszq`qDTjQNE$(RqxA7Q*i>Uz3ZqC=#lq?*s>0+yEc
zvQ7kS=Nr4$@~VKh^u|2thjGu<R__kFu<)2e9?c2A+dJ3I?XA|)24b*63^;u6?IK+E
zpWVKQH$c?iKxRs{`3890L3MQI)dq_MU7yS8PEOcw$POhzP#SeOL-KS=A`;>*eAXWk
z83|!6QA%h7o}0wUt3Yq@>_t_53sb`3ZpwxyCNNk`Hx??0h{$kkSj23!l=6*Y0(JlM
zCa--?4_8}UFg+)2%WxAn2A_s8;d2p8hk&juX+h)en$O5w<MC7H?J=LmLN=blq#*ol
z*Vf5>THRzaj$#9ispzOMS#Q-n^G~V&nw_uf+UeR?y1#Kr2;Wb)GM}Z2{PUb0Yns9O
zlK><~UqYXbn&TjZL&qMqG}?MNxSNRneaO4KJSw*KYjChij?V7ZGL29Qz{U`i&!ih3
z3vN-KdN`&Wc|{)fnkcfyjaAk?=!S)T@<+o2EC=+pBl#Xn>jr1L4S6CHRBpj$(9SMF
z*Om%9W7MT)<R>y6Lg7N**%~~CJh9-6cC`P@Fxtq%{npULGLK;X$TIuqyB3v>qJ;Ji
z`o$$Y(M%)g)^?bE<OY*33}UyX`$pKHtNaKb@gUV-jS2Tf;)`E-!}HmCT!weHv#fhf
zZTnIq>*ZBcB6@isK5FjWzY3DCy^`$XO>9vmwTop{Tsm<)mO6lgKRRz|T@lB0Arynn
z-X6G7IA<~P@LR1RZYk<P+B!P7$iCf%_|{H<Zq3OmL-Q=_m6t2zh=l1Pz64fct?D*b
z_~2!u-4gJ0`5Jk69BGf2J{bqNp2qZE`RR#MnR&by)aQ!i{&j$SXA(x<aPB0-`3W&j
zDmgXByYnaY_aXusz@D#!*0#qnZu;O(V664l)V$4ObwR?l!Pd6t)%87&1-1T3oKf(j
z=&z<>wr2-8m-kbAdqxT0_5b8I&{zM|LKw73OhTM)P!u|>fIvjrER}|Q4UJh~cn)gI
zNe^|2<H~!vRDn034OyI+lf+=#_{(d&ey#T8h07iIG`0rkRb9%BJ!ON6y+$eXJ-^|^
z>K{1+6#NwXrPzBaF!7g^>xk707e3M92>U4=U+xBo>3G&XZe8*3yfanqpdZsXFtEmz
zBRi#u2GLF8+CooNDK#^)VZd(oy1w<!Hj#%s9P4|}JCg`yS=Wx%KU#yFGKmFA`bbJn
z&bz;Vr`||bK&U7-g{jQeUSnZ~CVfhU{%EbC>pZHJ0UEwz(%VE5Z7SBZ*PoTO3mk!@
z#AeX&#s74>`K2N*VEbA-%8xj9wcXJn!2P`p7ES$P3;Ow!1`zjcQ+$Z{X#s(wR6k#<
zUOT`RzFrGF@_Pf4N(gAdm|*K&ss_;WMl2soE&A%(s8<&b#t*Od&=YtLZ$W$|UN85H
z^0P1I27@Y5)k2x0pLq*%qqF!*zBYsviUSJ;XFJs+fl70#*~P;`4cTg~Qp=%mA^7A^
zWxe~LZUM6V`Yz!Al=#Srh;U$!d4?xqK6sKDQC}eFB6~`c-zKX<|4>nhn#Au?kU#R{
zj9h<*==9^@<askq+Iu@!RXB{e)%0u8f~;IZjIt<V@JluzhVNGvq~ZeoY5sJ!#O)%r
z^>9;>vxX`Axp%LSrjFK+{4#V8XKU=b2%a3JK_cLS>{|VU?dJkW?-TOp7;TuRFZJMC
z984znwE~}{j`X%ej%<@z3^L|P1pjk$8U%ITneFLOsrMwjr2~6B9KG2JEFEMs)V~j@
z{__I#n&z3XDMswIv}FVAAs{Cg*wQ(33x{OvQ7D;E!r@zN)2`qM%-Y9#nwpyoyFh8b
zTh=H$9sPt{L&F^#axas1Br_lYfGGkd3t8Zeq><(_;Z;m5dva`|;0q8xVE%J9l<`0V
zL?v)Z9g{!xSr9ix>}MveuAqv9`S+cto7*={SdMC)0AROYN=izuy~iX0&XTHFK~O_I
zoUFeDq3ZmAH5Ln7XHV3D4b})&nE+3v$cdxo6Gcf$`mPNw?^TGQrysF}Ei)HzUt8(&
z<5GoVfmPD&+r0a}kNIRZYz9xAEz}Bp&a4yDLCXl@3EP;jF)A+3w+>F87Ndh7myqz|
z{l#;)qaE5>=a|^n-%wXXDBZ^R?2X~_H2Ti_k&{t?MC&@(H#NykMIy!H?8=&d#+CH`
zm>5&@j-)#tGV{Ld3rVb^NH=e*1!(Zz+P8bE6--1y1%pXdLVbtT=eL170|QvOfC22Y
zWBkYglqhP$Tg2CY1(?MObsIwPgR(Np8(0B#=@*{%skQ3Wvq-~J|Kxkyxc>^sKAwGN
zUIrB(vHwyFkAR!O3K)_Ik*?ScwUy}4*yofpONDg%bW>>NkZq<)*)jEFuVNpt`aTn+
zV|%bK-s<ZD996!%6^Y2!-;sn4q>}3@M716Q7V+2lGMCE<fP`!-pOytHOWrAQcs#fw
zXH9fVGcLQs@V1u#++RAnthmFKr@@KOHPT#c6=;PU)qp7KX!4Q$b|HX&=jWWnsqa_b
znQEwDIgUy|13wiRKzd`D(ZO5+miAYu@(x<i8UbQ}2Zn5=N`Gf<eb-A*FPb|EFlN3E
z^ps3u@*oj07!=-zEWRBkImfIY96cT^0OkzcMh}wH?TOD7nHc$_GAp-lH}<$>d6+nQ
zlL!2Y=K4HZ?R)!mN4ppZ9b>%{ZJW0c2)c)B=VxOQzlbNMjnx;Ck#zIqK<m4E_bxEg
z`-@4ZI@xkv&*dsLvJ}o$=bd=`;a)W|!iypwvWC`#yPqLr*97kcNprgUq$VXrW&V^C
zXd*;=+4lx`-yWRt-<cJ7eD{Nr9_;F*hWY7i6A9o@b%|yh5mIXv2`_$O50!iDvl}!3
zQf_)d=|79_WsJEMj?GJbn1G(}5V4s23cIN-`jK|S-ET)kKXA6|u*;(NML%W@4~nV|
z>j03dv4Z6de>LU8VjNr7vZ1OwBPZ*rlSr!V{fe#)P!Aj?BUVn^f_Gwzdiy?u<*enF
zw74@PmgtG`#yE0se-i|8va`-ANXfO=OIZF+>%uxA6Clc<>sQgD_iT#^t{rW=bNbSq
z(0%yh+KgT%*Cdx`lscgvU?aeC>P+iP_|c=v{W*=s-u<a1FTY)U%PLct>8tA!lRPC)
zp*b+F4$ga<hF-pQ2%v9m@}6Ki?ejkP@<zTb91q1Hyx}GF^z(doll<cH&e!lSp0~b3
z>uyqP4Y}+3KUDR73Q;_Y3{ggFPsF^DVO^pkcBZw(+aiXjp}TI;r~YF4mwh-J&yS8?
zf%fe40<=4=!sB*BOw*qBbd*KO&`CiUP_9fo8-Ta%{X!`Ix#jVDDVkne5o08exK;jE
zB3dPFK6tPJ1>`7ET6CyqPX777HzD0N`VHnRV5I;Ex&@(}RaXZS<x4q-4pk3>pu_69
zd&e8FVtQ2UgQ6?%Q(^|T^{oCNRF&(-C+BhF`Q|42KQf8xGs9v!GJR~%f<9v{|DXzb
zz?9fnn1L0#augWY$J`&x$Ml)xbKoYH4aaAOdu%y5)PdNy(r;zH3?GRRBV?G1<mquo
zRrkn`{Iu4dnV&tn7|sHZx7ceK8sJ|F+xI%ULjIofa_?mh+b%<0NRrmh+mj`3wG2YM
zXRFB^rzjD&6OQGTg+19Ks0xe4nHROsJw4ZsdNsf3(e0`2itU0otCt9D*Jp2#c}rEO
zUXG?BWKs*~{7-ca;X?_@5<%pO5u{Gdjf{a*##-w~wgpi89=3&sy-tf=`o^6OB9VId
z)A$mjgrm>YsgXaQ&!;yLO^&)GCV|%hu+Ry34%UktcTbKBd3SA5g(hZHILkM>dcogk
zyI!5{>5~nS9L<`FGD{nmv>uB(YNcqFme<;D7N1U@3@|eXeJ79z7k}_eml=vc1eaIZ
ze6Sx>=pwzYuSe`gWAN$d=o}Zqy~>C3w^P;!Jztb<^vg!<h*(=>?ef&X(ImpT6ru7F
zy-$<-*qSaG8}wt>4+YOWQRQ=V8lrse?+@`B&bYZldgDU+?G|)hhjLgtXEdL<&*drX
zltHD8jF1<Z>@q4B)&VI&BM-;~XaozmJT{m3qdQ&(;F8U6i^u;;@9q;6{mIn#oJ)|9
ze0SfO{puXkBe?5g-Nd!?<~h*!37pC7=zAz^5jsV%>k#@sM_(xB#<pFyXC`K0ityFg
zrn6)kX(J<}Mu$VFG2DF4u?9Zp3D>>Kg%05s)v!pCxtm3-PQZ{c<9W;(SSen^NdDcQ
zcoFH{aaq6JS1k48aT_-J2cTcJt2bpAq&zo1M^PXb1s&zWw3Y`}T>Artymh?Y28_p_
zS%K>jfiBft3<Jsd5w*WYnDAD&c%I&l>yX<s>7%wmWef@B)pYEkp7X(u7r3*~)Q_hT
zVQ(cZPsSYCj!w)~^I-Dw84f+!sEo@NaVXL>+3x{`o86gDtut%}=C~ps-613yLK@%4
zE-Z?<Q{@`y?@tP>Eo*rOS8k^bdY*HN2(M6h{mQ`jZiurj^n9mkZQG#n*+Rn+_O$E%
z9Iy7mrLOY;PR%7kw1?f>OIE~tDHGjWS4YQ~r6VUxnbG6p`-2EVQPCoSHRElsS!>t%
z$jm;^p%&x}ZxPwBW#f73gCVVbH^<X2@u^qK>!e;|j*c_Z^e2~|Tg+km_}wnoJ5MCS
zhYaj&LcM;66A3s;xuiB)vR%(gKF@VDobcT9dWJ11y6DDK<T~9!F)-Qm@fBOcW<9C>
zc^Q|}=J#N-(Wp@c0m{_6#o4W6ugi$Ox+Yt8Au3>C-*6aTOC88l+(Yp~QUVj9P@NdI
zg4@SM{JZT*NPpE|qMis*$1q*{KNm#YrAIB(IKm?D66^cgbrA)!4jq}P{TCGO2B*lI
zv(C534c6wr%xQDn!<<h^rsv5vGwc3@xf99ECM;@{$V4GE=eUo)U9es6h_pSe7DS0;
z)K)WtID09aw@oxF?QpH=9S;>j`i;XxQEU4Xo;$(uWu>(h+|&UYty%G0h<&H4YYN*T
zGIjx~A^vlpU@}2ELg?1Q=sXcvYa6!$bCm0@Dr%%ed0e8Tm7lneZYvBn)t~*es0PhX
z0;RbBiO0^mcCD3rqw~14`|-9Sc-2>D{YG;3M!su3|L(5!xDu~4o$H{E$kG(yhp<1Y
zWnCw^{LAh`JtMS=StTW$MqQz~LJLRu<L?ldqP2|KDNbUYJRyS$D_v_Ov3hZ(EP4Az
zJrVSI$B}hc*I=nr&7$qcU1@$~+(tG_pqv?bYC6M+evFrio$JM#Ei$gEagBRC9AD$3
z=es4#2;IYiedDk{btX+-@ZPB`@Uo}+G6d;ym*~RuhIk0gv?IJ1PA$FOpO}gucQgA^
z<Sez3{wYKv+{nOb)kE+D=JGE~o2k{VS?>*D{-r5s?*r;Lt24IVB0+?r;r1&j;o;Ph
z>V<tcx*DR@OIcghF_Pq7`5ILRm%--5$?*E)6a6M<yWTzo(nKtl8dsFYG}ZA{MDNg4
zg=jTrk-$Z!xs_Fa-2yUet2>+xn~<&dBDG<Mv1vYs?2UR+mmd9ogyW#MPE!|j|1$OT
z^4WIr2C3$p_aSy_>^^d_^R!VtqJEdPs7KcGN;GTRBZb2-`|2QJ4}RFmHB{*G8oJD7
zFhD;fC>RnF!oP;!wGpL3y0GC+;o+uVc<utXWf4NT4;3Os(<j}2mi9}Ec-xDdmf&VF
z1PbjJe>tvid$4!>5j@_#TT;Ycx@muDHI_n$%(3iOrg5amyPJ1yJni3V{DS!1MPPi<
zE0Z&(A5-&ZvT0%Q5ZYvE;*97tD1??Y91o(z8V|;q%Sy|*>cGtgr^49x{N_@-M7_)#
z9e2a>x=@>)1{=$=P2m%R{0kDwAFMq+$v>JY47zR9)a-x42}n1VoZe`xu)cOpH*jrZ
zKSDaPcc*uy=G+<9TRJPnXLeZQp4|9?I?Sc%34@*`>Rv8rfHQh)&Jq|*Qf1T`N)}nl
z!nM+<<qk)n@+SMYxfa|NZVu2p$aa{{P-@i?_;Kaew!=JzLH_)L@xV+)&4HsqZsY!4
zJeS_~<OFcVv<6qbRmWdQy!G9o#tZOR8rI~X1L2F+ky*!mf73_sv5EN<-0KZfhdCV4
zB9|dotwsmq!t*n@1Jaaj8(xBP>9k}X`d!JBdfkdo;#GhUB!sZ^J+HdTMfu@Hs)^p7
z*0r|OMl_&gfu(k9Drl)K!1QQU@A>=oul;csFXvAxagBFpdb`6zy-i|={yZ`>a32V}
z+}R)UP42WFkxF(Jt-hFW^^OaJUXHNn)#gvS+ge)>utMvFP3yN8JVQFCW+!!OES%@v
zIuVYeC}g96L6fXjj8?Ik{h-K3<i+}1(anneji%bnOPz;#8gP{GzWG>AI2gdK1^tSX
z>Lw|8qvyUShiUzB(v{KK?3Sgo*7!(7k-^1vJp!F#+Zna%I<I%_JrK{^G}#yrM^Wz!
zAu{3--5FlqF*7q0>x500dh;g}xMy{XTM7d!4wobf@+w+C&+rKKYu^&KVt`<piV2kV
zBpZhwNsWK+?37D+!6_jg?tV<JvyT<UHuO}Gj{430J|k=b+sI2g1v3TJ(VYI&re}HT
zRr&DhUeaB2t&;c7<SByChAvv^K&m>0dHyib#t&bHrbi1^U3#WC<+Z9e5A|2*CrnYM
zd*Rq3mn}5W67)s;J2VTVVAn(BquHxSEnL&xnaTn0l+&B~Q)YIEhn{e^p<;)_;k8Sm
z06!TSD7|O(Xns)!$SX-M<B>tF8V_gv<1Dz<7bZ_;V&c+${n6v@D-5j(eweo<k?0<g
zIeC+jdV$TfS@vZKyTJ2(Z$#oh;hL}y7wt5WoiW}>e(pUR3gR4Ub#O^4n8g@LFW(O`
z^aSdIM7VJFenN?ShT}s1v{s43xO&c02*ihViM0so9<kaN3$5#nE~ag`4(6qkF08hA
zH{kna-1l3weS4YdoX(0&N<uA#aw%(hMU}14!@Z@R%)W?B5>XpjtztWS0+v~~xcP~B
zkps3rrKH1rLH}SSN3MgetL;D03R@MHldG4`goxSKtgHozV`z=JDZQEztj6P8G2W(~
zMMHa|t^-kn%G{z&f2wry@^P311$c7TvzHI)Q%Hv~A7)7Iey?g+<2DCz=*)ZdKBLR_
zZkR|V1Nbt_=wj8Y6q1c)T{w7U9Iu6nEAwNz!9_W?&Z6nQmoMC7zm0bY+9I!adpzF6
z6<^HH^9N=&usDuGx*~<hlAM-hpIc28C!wZ`tfFn8U_(eH8QJVuyN)8%IYQ?AGK9G(
z&z>8W$|;{wHl$xiFOB>NGZ@g_Tl!@QO%k0u)6g5f*$9S)#>;L0o3JVT5ae-*Fwx(Z
zEw3trjr%lK=P0f;XJCRn?qmIDg*%%MZEjA_ivBh@h>r=*aa6zedAN4$%}yXX(L}R1
z{};b~Qo-g^&{;#qa{KQu@L6;ksia4QY(9oC8_NC>h}GMOnZdKW*;TVT2kN(<bOhju
z)nQ^&?`sE*Cu=g#{@bwMBd1hk;uYpzc95swFxbHZ0lOxex&O6!vE5-re?2OVrsuG$
z{$;mbS3+0F5cu|)^z&n6Kq>euvBvAz&a6Y#p*-hD|D2z2f*{n8?!|swazd9em;%v;
z;{GPieF^#64Yd=QoREQ)&W%O%v%Vk$w-5ff6e*JH?ESXhP}73G8LBrS^OVv@t9U_{
zx;?6@ax>dGr4tf2du=}3>27<_-RP-U<V+-l!L<)%fL8DBX~&jy$i+=1(ZmaH&l77L
zjor_6{^#XP#SMryYgf|=@vsj=e<HceWA74;z7Y7<INDOsUAo5n9E?i*=`eL?#C?@p
z|GcPo>J9;$J{650Yd=-w%>f}}v}nBleB&$)*b4CPrQYLz#uTCy`*-~Q-$(x6xPV~r
zAFKT*PNo{8!NinT0YCD5@*%nTU1fFYg8bIY-^adp>o5iX#*@{f>wuY~-OCZd1p*gb
zm%q{HCew>V{y{yxQ<DylXYy>H886lu7LLQJz6s`cWzN|%#!$Gb>4dQD+$UG%EG}4~
z4F}eLe~r3!veu|1ezO}z8Hp>`c0Q*XI?YeSDIoT{rBF^={io)crT{rga)$iEQ$U?<
zYgXfKZBU~*FE`!d9k6#FdG*54iaF}3c{nX&7U{@}{+4)nu$c^hI%9`#!}F8)uIwaN
z(-{+FDX~**a+-^>e4XEH#edt5K&yqVW|kNq2+)cR?Mia4eZQaVVAtEE7t38{D?jNL
zvG-A@Th9`wg6(EJAX{A?t-B3j()Po-k6diR0-s<eCm4ECjJntDAZM=qh#&pUT0Z$C
zAI>&sz1I(6jii;i%kf>NQ{`=fwx>|m;@!J{2jxev{&gMW8(!B?+ND1~_%@@SWF!jO
zMiW<Kf^>UxEUU5F3~44;oVksur?N**Dr$r7Vc0D>5i@_MaWh>m&76d)V<2O|Snbow
zlJ~uoj0p*TGhclF-n%<LbT=l3r7<UR9$OSR>`m%fL}@?#dwO?HljK#VH>E~6yu-Bd
zUx#o9FHn<>>llYYU(dl3{%+1Ap+(0CZbZ#Qv=Vi+qk)S)_E^Nfd;VGHS;x@#p?z~E
zMtnE;X>vLX!o|L9;NJ^t=$*%t@nEd9XT4AEHRLsoz=nPOcf((nLed4>Kh}E-i#nsm
zqW(S7E9Eyi(ke00mY)*-ZyCz!u_NQ=vUU#l|6fkycu59=_*ECTvd-VgglzqL);_f~
z|HKRA2ixBhh2+SJTj<@4G^BWKm)|~s6xv)(TB@T;7fO^e9i*{Q84$Bp1s4vV4$`sI
zBe#0=Z=wyoPd4(Mz22~h6#CM!2!R{-oQa-%Ht7R=)&Uji4&ya7d28uu9q7y2{`H?%
z&QFETo*>09ePP=I7W<~FgJB}P;>1DLYWP-U0)In6(0;;RwM^&u>(;Kp{IMI`^*D8n
zZOgA6QFFCHA&*$nI;dkHl~%Ep{LD-ru{yS5^5220#4F<e_}&>|$txP6cxC2tdS;Ew
z+IRC+zCO*5@HMYljdiqCqO{Wb_skXKo^s{adMznZ?7`!}RUJc%>TPwRZ|g+=w?koi
z3&m-BO%ryTxz!D~iNcKIUU8S+SE`bxGw0!2(=#bV#~SMqiR&io8O(WIUWXxwpXTk~
z^UcirP<1ZqF;)4{mR_hkl8xV_$sTks6z6;SEZUV>wYJ*F2T2~AgZxe&s#*Ilp3AD|
z4+w)@B{o4{xDM!*^qd}_Q2m|GyX}#Au+o(W(cSwbrsUsaz0U^o^<kVpx*nLbIP`48
zdt`A*7q*e>S!vS+?ynWxCeA;enc{B9HYLQ;OnYu9Pg^c`)Aan}Cc9|n#yvsQ%Tp6O
z&P&&2GenfisaLvSE}4?mSq=)=SOk*yT(xtymG1vk=06?2dx6}=K5nrjmkLl`%9j)`
z`1_`+%HXDcef7C{a46(uN!#(ED!lvrw>a<RlqhtyrlED0HgD$WU^yn=Jn#0ZM0k={
zt4;ibkdX9ICOKEVfs4|<Qhhd@e1YuUf{3S<y7Qe`1GhF2cf~L-$5gYP{XOV&u8ktO
zX(F>!k4@hs*P}fW=!%f_zY|IDu+Vlcc3fECX8?|Q_jcG6e^n}ccGh7p&3zl2-c-uy
z_r8(oU{Nqd{IQ#?zV~l~;~i8zH+%hJ=nix*^=L7DT$+gzPOkuC2GmA!P^pFdT7}Eg
ziMUv@soDMG6c00aYi#PJv@zRxV_k6XH%yIC_P*8rqJ>1L04nsVPh-DFRun!-3Xd1e
zYq=x|ouXCk#Mwr)Km0d6@oLWqIGp%FdxVeG&!&0ZyO#Jj+Rfwbk&oQx9tpyyQMG-0
zgJr1W3DWBxK?gYXT$rsT`*8|+kjfsX;Rk1gq$^vYP1AOq9ztkCbQcjEOf(%w<NmQ@
zW_Ets(EHF5o=bkbz&q4ewCA2axnjbq8GRGv5i&W*OYbee*MC6`ELx&(Vzqq;#a&c=
zZhLXsAp0wMSkIq_;G#X(b2Z-xac4wUz2X#+B#gdaNVFh*^oN9^Fcfdvb>smN?=Lt*
z6r7y5qV{@sK~#G#g~!m%8F4I{nuz?kF@Z6@YbtNP1%F!HO>>hYtOE8D>ZnY0MX046
zR#S|QKgI6Ge93mf>@X$c<(|B9e?_iSYtk^p>0l<F!f&p2mQXF;TRI{?H*6%)-KCK~
z5G<)~f?~{2c@pgoL)p)Lk!A{#B`>#JJDm~i)xB&AqmlN1VBTF!Ip<ZyCF0)xW}$EF
zkeX*H`Pk{di7`uI!aC3sdnH^X^dVdKq_#ozNp$gLHG1cUj<7&p;+q%iUi3RLE4WW%
zzZnH&r-6es=sJxiecU}UrIS|h9#k0jLFBL05`MpG%g@w;O-qXu)VONSDcf9euM5pT
z_i^nR4gZ@6Qs@es9F^w})Ah>WKS9sfmKBzJXO?|xgXrRt2$5ML`D;#@E^o5j)Lquo
zg&c+w3u~&~_?B<>r+f1e4iR@fC;O~z*Of_UM3Rdpd^v&;>E_~$NE^gpj{M+k>3Jpy
zSJXLTJ$ga?cgAOjOU72Hq3=obF|SCca2q={y00V0L$^f-wG)bFucT}mU8PU$alJ1u
zws$uh&nmkdF0tuor3XEF3bkPBCRQ8E5n&?J37+e4{c;C+o&T?|YYl4Z+QMKjSf?WQ
zwlTCkqCiw$feHi%qE)~Yq9P_J6fgo}q#>Y`gm4Lxs2O5!Qs5E-1h^5UX^;Y;kbn>b
zq*fl`P0Py!sk{P0f(Y_x2)PG|Go4P`ALq}SeP*At*ZS7_zVFZWVE|}pdy$5>F&unq
zq^Z=U@6hwjaoZ7s!ouy}owtrn$7vUvzeBNI((j%(dRS4H;CU%=WE8-2THTC-_&v)H
zNKL?VS)_hP2My8Gv&hP+D8E*y=`TrHd2-?%K3`>Kk$ZNA)r3;1E0*hPCCOKOBge>d
zz-%a-ul2?~@J{y03sogMqpB2VNAIt7xu^|g#Spg$`ciG~L$RX!PVS+S&J}9+@?n(S
z=(DlfslLxzX^XkUQkj;r%$awu)SlZM=;3ii{{OrwqJGZVD#OR*UvWFr{4u+@VYHvR
zlLjI_a*o`T9u<F?(2@bkiCS<w_^l6VwVpcN;vU>kQ}t@1v-NG=v7w5_%fL0#tyM=W
z<6{Ns`|fHzk}}L27Shd9H2$M&aYCwEzd@xQXvipTC|tJ=8k6kTt`ymBHCcu$c>Sr`
zxPA3{7`GtGvHdk%>3)L}a7iQQxlosTUq*hW7P%K}`bE?q()IAiEXTFejS17#0o81T
zw`u&VUj*jzNGK|I>vfzKQ9)7LHzh%fk4AYht@0jCypk{WDFhAy7NPy<gD`?j^yCM?
zwA(B<cI;wj6GRgaROf!X4Pl)Y&UJ;=BZeB6?ztW@@<T(5E!-@D=YG#ugl8VFS@ng(
z!!iY4svEp}%A#X?@L>}BeU0Qm$VIUSu!y2`>bUaaH9V<fugmM{iY~y;xz!ptHD4Na
z0U^mcRg2AO#}b1kQwtwi2W`|iM_=)t^Srcvr}cZ8vD3Bo`KRS`$H*(=gXSxJ#})aZ
zCR_Dfs3{GV5j7U9_?aYHH+Cs7W~O|}H4spLHU!QNAZI6<q{8DUDT#w)R$1eMuTI()
zmVQNROK;cHGx!JUr04lqvm@7j={0XubLCCp7a$jFDJL>Uh~s-klE?Q1*WU0`<vlD4
znrVO=0nFox0FH}I&Z9Ym@PM{5x<-%w@=e0RX*9@|#c%~7*;Yt4B+RgS*GC0eP@TJB
zYJF;}bixsDev($#EeczY%pMkj%cNxnr8OAj+{2o3YZ|wjRM6!3rfd7?{+2cU1+luR
z|DmALap+|1`sS8&{~MWEz<-dSzuQ!p8lqGAS8WMcJ@|y&7_4I|<}mwctbX;l+}KnX
z**#U|L%{BU10l$E=;I%(aEjrn_(gg(EH!`DV>O%5Y_1B?v17_!EbX^15DOKuN2Z2%
zHoH^$e#b-kKK)n_KCJQ6Jauk<;7OxS&FLw*3D1Onu3n(?7Enx3$z%b{g_^@JOYn?w
z!G&Dia6rBh?P(^L>+nyf^w{8MBu+?=KnGtLZ)i~9P*YcfsPJoL8q9iV8-BdNlfx~y
z5#iTg*LwvG#kb|}ypB>IJ6@iEj=?EcH(UvjM+Z>e7!a6i4&C1RQ@w#q5U=^_feA-;
zk#EO0W}+3Rpw?Qp5}j8~tMh=lTsy<GLZX+GVdu==5!l^SB!)AvA+bdHD6Htnk^h2l
zA^SG4&%pBBf2j+(mtPX2gX}`jxGU1d@}&uJ#TQ&gQKd77Z-W81WbM|S`p5T*e1VZw
zC+p2i%thiL#7u_RDU6#<TU&6Ir+72Y9&_+MIG=sFlMhh;_fPDscg6>2#*b`>VK?>@
z6!M&O+y`t%3&<!t9D&RfYWowO^9FT{{_#!FEc`aGonRG12kgppsL~$H*9grpIXHGY
ziF*-aV#<W#AAEBcALHBC%VjWHy8EDMwoC?x7kP@36+gt>o=k>izGzOiql$y~%}g(f
zYQqZdAGSp>IcXLs4-DCrU&)CZqF32qT+d4uSw)seZ*L~aKyJkQ7A5&{UZ{$FL5AtF
zm$m$U9n0AWm)M2{1Gsc<;`=6lN3XXD5QsM?!-M!AUJ62p%}QBcgKZ^Gl)}^lsWSTQ
z?T>H^&a}cwyB~|{Y4ugb_IgepCIW|_(H)mRxhJ(^XO|ZdTgbRc%Br$#Df^vTo3^pD
zOq}xX8`b}xvqcFh(FA9w6?ne4x<6=n*p4N2kM*T=${hPg#V|SKoiR2dq0d*@FVDZ6
zQJF`uL1r^!;N+pt$8Ji_Bp#xoEs*^wWpT-Ix`GeDkTz%YMOcz1V4zp~p0$HT+2AK$
zR>KgnuA-5oL=6}h+~A)<PMO^sY2u}9KD$k#LPPopMMR?yB7WXgJ@=pOf2^^)Wg7#V
z+oyetWj#7~JN#!V>M#1i?}gSMmi&t6-?w2yW0e+g;be(gyTj~ys{z_;a;t5ikY`T{
Iy~1z*A6)x4;Q#;t

literal 0
HcmV?d00001

diff --git a/docs/static/img/go/api-select_framework.png b/docs/static/img/go/api-select_framework.png
new file mode 100644
index 0000000000000000000000000000000000000000..aa7f112fe9454e3333ba9be39d1382ebfa4d5e70
GIT binary patch
literal 85996
zcmeFZhgVbE7d2}4T7Y{+K)Onkt{}asi1gmO6zQRd9%3a|klqPJq=o>YhZZ7Ty7U^5
z7J3amguH|I-tWCX;eBKLGKK|mlAOKw+H1|Z=G^(LrJ+c1li}ut3l}Jqm0s#xxNyzr
z!i6he|F{PHCazfFPvD;$?n=g97cShQKL2y^LQ3kr3m5KRP=5Jb&o6Zy=bx&+&)U9o
zxc&vw)nLb}`XP$L){<8z)FmhCVc__~z?VC>#y^#Ds@&0j^m*OJ^199XHDNmpRxY>Z
zOU-1>VedDKzV@tko8AMN46j7pv_n!bmc^J5Cv*e&<bNKN1htJz|NU@*MeGXS|M}tC
zUnT$N|My;g|36o~{`2Ck|DJgJ{C_X_zh{=T%C7R+yt=J}w4=aHy8?fU*tOh8qyNup
z{(2Ny=&zDIg<EbK&p_yhwFxDwt)3hZP0C$Am`*@4-%$6!MHE<ASWJi{&DEhIwCTjv
z|03aW(}s-EohBOP-R<q4^~Sn;FS<Ad&_ws@hss4JPe*_^teFz{@8Y-Gt`tToVhA@%
z!#mY%w*F7elz$c|*oe64%&hoa{O_vN*^#$zn%np%ppPGQ1Q@=cb)F4n-;lePO~Hs3
z*XRB3vbW_^ve&~B^YTR9j1ZxVU7X`~-Ws%lvnnJ`L2glj-o+FvOT-<`0?*f1<Eb7M
zxk!|)P1U?+mcE;99(b_Q8Sg9_xiMZ88$=3<EsPBNtgp08!+cXRcb-c_V$Y&s?}Zo5
zqo}^w+Ieg1{o`(b$_>-ng;=M7WeH`SmoGos^_aVWXY8E~40FEkQjYHA%RskAt7d$Y
z6EhGd#=`{$LPKr4@iQv}i@X}6_v!2Kiuy&TaZb{NidK;C=G1Vs4VU-wPwh`Qj5C_w
zIU{;(%qWejA^$5|J9u@^xHZ{jrkLd{D2Rv)NW0ar{5@V;>%JumW~erYotvFqugjoF
z#Jiq%hFX<j2wCKLF^5ArPa|Wvc3;jEhXx~adGzw%&U&#Ml^-ak$v_+H*E^kOS7tNI
za#Rac7DIVhwM<q{N#NZDM-t}ntq&PvdDz6p<hq7qF{fc>&SHkH4>UF_GD~uPfChlq
zCZ5N5uOBIsl>VgpJ@s#Ge{F1DvzedM!*;0B$|rnG=Zjen;rqyo=o@WUY=-UW_pEBF
zM%Gj1sNB`fx&~%fo}Ha#kO(OA*%-GkO{)T#a7vtMmzI{Eyjk;s9AG7CeFdjhgHe^v
zMK0rI47HSsmlG~-9qN@@D|B~Vr(zx6lJYg3I{cInPIJ$wQHz<1H%ZRz+uIz4!D|KD
zSp}J*2h8H@p5Lt(QdozpwPj=s(Fr(`E3UQ(G1xGKn)EfnwMX~;t;R{Jn%7i6-Gds)
zu~9)~i!HI4s0NES=muCkkFi-Fd2mobNN6BatI>QWR?$De&p``ov3u|ts}7%=tMDMW
zg?{-`Q4LMhK=IhL-KMMrbtIQBQD5cjt)~qR4rVyqf!!?pGissok!kHm|35lR(XP%v
z{`R;j8PMbkFS2wHP!6b3R|P|eq?aNlvHZ@oUK{qksa&uB3HoPc?nL&(fe%rw<FieF
z80uJ7^1L%Cw|?g&t2?~;!3_$9s^61RqgI4Ivb1E)>s?x0%n8|FbLc5M?o5_}>w=7I
z^V;R#yBG^`-DF@#46bcV8Md>{&6#b9(=t-e5A1M*dyLEN`W2h6Ef0QXGk5;cEZ;X$
zP`qWpr<JV3F{PUt7DEUesCT^V1#DZE^z_xA#g$zmrqoMwGL<93`un)h<C}#>y_?R_
zBF?m=t@0g)?O;v+iCZIQv$HD*$Bc+*RHWA-P{Ph1-*HpZA2{BX%NPSAnIZ5qAp7dv
zI81yuCcqm~?nXo^rjZ@$yg0T%pJ6||<1orpb%ivj8dIQ0sfX`Q_THGFK!Oe#_o4+X
zDdVN3;{-KbY4}Zy_~BwYjnEMA?!nH;9%6o|*v7XGe6~lRB~@FM_dqtMF!pF><$x?z
zBKw+(tno`@A^U-i5-H`Xo+OOYr<-`qvgxiaUDn&{Ad7TqaLB`ln_S~=<jm|@oA<wN
zB|i1<q!V2W7fxnk5$IsZ8g)^1-{zoTIVolD7#%fi4W%`xc{||LUzizm=6|2Xs5Et=
zVeAEO18LgM6yNuEcB+JD{>#tSPGet-RpK9Ua?5^!i`(U!U?=qZ`%6Psz4I1M)0K4U
zs`|K$N6Y-#dd!b1TS<!HX@%X%LLA1HIlH<}1NrIMM_R5^T!S&|HbTi28@_8YU)KFs
zKH&rM6h~jKy%#hadiO!G!guERCtOVyknajy#s>llf{gwB+U$uvDMN<i102JP8?uyX
zTsFC1Qlx`FPH%_}t(g3qSACVM-YN*Ol>J$p-Ef=!bQnpLr&3Yp<TojMLBN_E{7ARo
zYcG~bIUQHSjAD=}PlGkQ=z>9qnLCSJnRu%rflnWu4yP}hlm?{LV#l>nr-Ww`zME#9
ziDGErsR<X}r+WnltdiD84EzYotwt?FG1n=*gY|KCDk|{Gn1*g%pGFz^v#!1O+)y(6
z8b+G>Iv*VEioRDeb|-i%eX_WV_I%d;jxaBq<AI#@9D7<TFKjP3FdAmpg62m|GBU4U
z<NGYjmWW#ZKFelOiN7ua($l<5+>g0S{)+K}`J~7|KW9qfIBKw5$Gdogh9LiWctn`4
ztzO(fj%psCu@ExonPb@Ogk|7?sSB^oHK^D3JM=U;J*H@>;7rONsZX+Meb*c;BEmoS
z53Q8%lOo}KBZ-1;uIeP)IM2mSZe<>w?5`$hr-ET;sP}TvVrRT|-T|o6z2l~s`M*>A
zE7g|%;ks1>CEcs)7|}2EPnH`?UUJ4xZ;E_xlAmvp&5+RSu~`4A?;PxYQZKy3r*ikD
z9&}>t<5qFLF0vN5O)l=>;?Krjw8?0Z0!yyeRV8I$=W6%&Gi*0LB9ui&MwZ!XOmsE<
zCFeTzEjF(&C9x}kf6>WbLv?ej18y#vM3(hDjXPMEd2JD#HHhq`NmG+$kbPz`O@;sL
zU(_X~+!PNpzj<T0i+S1rh;KqIiyPP=1R8K8{*ADP%75{Uektr6qXLhq`{S2sJA!`*
zk-HEn<VC%vcs+w$y&L*K7O1aZM9+XvZ3iqEIu`Lga6I<bDPfHi_p=mYN|?cdW)R_U
zsIIqn1v@te8X%)v=@~j4qocE%qM0F+;n0xO`Hm*lb?uk@VblxqZQjIz7-HZYP@E=2
z3Q`j31dTI~Z(*MZ8a}c#0P?D<R0gjKtssNkQm5QV5!u+V*vxBrY&MHCX-Nsl1O`}H
z8PFyxt&bv5Vs>t^u%w8)CJEVY`xd+ZGmP&PI_$5bU0{48K-d?WP{|C1M?{SH-SQG)
z&vP*@Pa(?&%-MFP3ai@D@S2R(r*7X5T<XQ)!D)j=krxefIz{B}rniv@S~&XjbZ(!n
zG9Dnhs5D(!|MIYeu1{p?+V`%sg&$oIs^O{=`-T^$vIxu1e*`(hN>H)}9-Lk!RTA9@
zo;770z)dnTA`h?M7J~@^!#bIX^SH+Q-&AucWEe2qIM0?A$vUk)&<r`~b8YgTgVK#6
zQxOr(O9HXV(2eQDhf5n1$0CGga#R%W%^Tqv#QE9JE!3RBWVF(Xvw-=ovcJE7aw2&G
zGrCg6vdQnUX;z{Nmf-#8j<JiQ%y{f5signZHw=J*0UGx4{G?x%e^53!90g-G4zb-(
zIi?a5uhRv3$P?#x{x$BimjcK*^zAf&qMSe66K&HLrei)vEsixZckcAHj7HW5&vVYI
z@H{elj6L2OwC~INApr@hA3_otorde9{c&zmXG1-cRz8uSp|25_I^#-eA*XqkV`*yj
z!I%j=*09L`@$pH`udv#HeUsCdQ!Fg2rzgB8-QQ6JbM5@s7u6Z0hE@+m)<m6%taYib
zavZ2}0AS23%2g*254YAV{66Y}WM;mV-lX9H0^ZLeCN3^@CKkqpPRu^0`eb2=I?`aC
zM90JO^2+Rbtiff(IK7hB&j~Y2?*$oT&wgdH;jtJ<eY}Ltt8*AeNTQhuMiuB^($DGC
zjmb9PXIMkwh-N1m{|x^^uhPz2g%}f2x9s)tLb8cOU{#^hczyIp;bhc%{Rhqoe0Z#8
zs(2dT(vi!qLu*URkLG6GWZ^e@CwnV*C|JP<E+uVhNvm3>{<{kX>C!btu6;o1?s=P|
zQM9_Vlz5ksI!nYEs#Za&12gW~jUIKhF^c8GtuLwukoOAABz~?Qcr_-b1}CN78C{>B
z&(UcOLz)b$1RUoW?C$T2xDj1WT;xHE-O1)OmpYeo=uGp~lCR4v;i^4!Ed?!YszrU3
zdbc{7V<)d$R_8m5v2?56rKd+UD@G#B#*aF1Gs}AgC%2hqM+l7Z{F5I>=Y|mFA(3){
zXD_}j>g1#k0ZDUG#&x^oiAkw<RT+t}75$g|$;xoA%=)#0f9B_{RF2>GT>$*2h&hM0
z-q@h_^Ye3<F654R`6K4NwY5#Rmz-^P(gWk(XkmNGur;<OwhC9$E1)?4F!~^hC;VML
zc)6fio*J`-^S!SeiJ(DZM;X&BV}Zr<pF5QE*?3}*QSM@9sHYb<*uyz0lE|a~!Zg_A
zjaLRU5M&`4=n0T>M-#m$y1lI>|M2asK+ob_=)y_5Uw~h}L3mzISC?V2dRgDMR^F!`
z>+Z@su{h$%$s-<~#gN@VJvFs263@EgI*y!Y*VbYkj?YL+u!ykmFkO@^t3!YN%I@xN
z3_23skR++GVX>9&l<_ZfIz7yG_&%pp9rHGdW6``WSoi8~JC&wh!OMPI2}OrxeT7%A
zcno`)sPJadPkrW=LIU6LnbeyB)fTVEJYHsNumj@^$SD5>XD7Z?P;{PYyicfSO_Qur
zjefg0R!Y5kHvJlnhMSBs0r@R9uXo5z%BOZHLXC6d2$I;Qo`T<dY_l0<HWO>7zS`B!
zCF}n8=ZO9j3V7@~VKkj|lZq-4izUm&;?Vu|3d%F>ad#L3)D^;LW7uf~4aRz>mE(DJ
zdHOwnM$ZGeYGs!uoNSvCa(k0axig+O@73)M)L*Pn>uSn>R`)wSH*Lw-O+!ki(2Tu?
z7d2&{N2trP3vV^j^-x9JqUC#S@3yqZEN+%4U>ThUgEgdx^+?aOD9RHNxHTL##pk$G
zmh@%w7|w9C^pH-IyGe{*fuA-E|F;q{hLEx~gGG^uRPaQ3l*J$b4ZX#ejbg06u1nnY
zetEe0Q8kp6c5QE*AnCdHk&;y+p`cOaJ+QL%C%d<R4UEC;;W|Ij9uf`@#mKla|13QU
zBaJi(XG$ZMbg4G&i*H!3@clLWSI81>qT&raz4%W4D~eU6nDioj^B(xn=-Fl12GhT7
zk!k^jOSGo5oo64O7tAbhC=cK%c=b!AAE-J>1e|6U7@{6318^tu=G`B8x99{ox@zXs
zI5CsH`3ZvQ9D;6c{{Df^6LC)hDs}s8C1$eD2khyd&vlM}h6Gyi)*k4Edc4=tdlA1Q
zBg0N%MzL8h^V*<Reh>$2;V6Bfi|}&pZBuh|<{_8!2p^AOZX6}E1b*N+jmCSSnnC)o
zkbTJ_ETM-nncU#HU#lzfg}C4a@Y<|;|BNX1{WYAq{Hrg%1^oZ6*B^ZgvhUbtRb0$c
zt^Z+azu9!~jR#$~_~GonHDpJ*v%RhlHFDC@PXms=+RDs?!_ntaieHrW_e5H5ZFU4`
zC<j#GKYX5kBeb%GJ)At{I?BA>b^{v+ojRpMNz|~nA1?G1Q*olPP;vwAaA`B`x=d)T
zkAKf1LCTpRI0@u5YV5DsOl|q=;z8?SMJYUn#i{s3@S2#UdAk(mI=7@`umA&<rY7WR
zA$Ab-FNlgz8DZgz2;seP=LKy*S#|{PXz?16RScm}9ukw?^yyZ9*BWXpZHXPozX9c4
z&L*e(JOHK<@$R(@#$}#>oe{6X3u3Zqdl;N157H(o?K8aSX5WrVNhdAKERQMg6JN*m
zkc92K^S2BHqNJr4wze|LVsUjH(4CZ6RnH(zClcW}F&mW#K`N*kPPibIn`;?{$mYre
zx(M-c$QZ6JrTjHwI=DQG9pTXbA^?C{DRtY<@b-9a{TDLRtF{&m-rO&dBd5Q-nZ?{-
zj>~`Vq&)UXI;RmpS^l?_C~}xm(Pqu6Tmr^d46szamn{&2XFH{!^X8Y1&J>CARuWt!
zSfi^UB_}t0&3Ut1vuM-4Ydcb|zsMBb)5QvXszfhzG%4QXAE~i-HXO6)6M3U9&=6<=
zhzR<wjtNMpsEU$Xoi$uHPtz+LCcaD8V7LV|W(rSxH;=_m>qWF9!zni=sy!tHj_q1~
zZ&F~KEH<|%R85}Rr+C`+*?Ev<F|{jUeQn7oW6oGvCfVLaNr1cOEmGF|{G06S*j1@$
z?VIDT?Aa>IlzMmo^ggET3lpE<)={J)K-~8>cKvI;4%6QYhCEsy0ln!+Fjlxlr&H@q
z#rcwoDl#fBai?2AR6t{k>K+R@d1o&Ug+j?@?3GS0_xIsF)EVUx7YIA~)z#wr%+dq(
zQ#pf3{O9TOn&CA%LpfaSJ&tBLu(DL{kQ;~0HeD3~&neXr)!|Px^LkUu>t^QNdpa^f
zaDxJ(3k7m=OJQm>5CRh)u9CuXp(-GcYe<b>*(eWRj@NjhokoLS>8xt{$T|FIPmu+u
z`cEglze;dy9rf}ipFzwUm{=QZyAl)tHYo(9<xu8~wd*te=G91t(`o-Q9;UZ~xXEKt
zpKm&G`Jah#@d%`%HT-v8pqtakDinBdyu6XhAi(dDZtfQzpgRC0l5aveDx3ih^)~Gp
zPDB$iT(y4}!YdtMJ(j)ZE*1g?g?~@4pBD7k0K5YcO4Bud%JsP9#W$NfoC^taFfOkl
zLF}fMt*z~8lN>dcE75ypU>s8nT!(nwcuHA$C~oHE`6G@yE0l)UdOu_LVvf1f4D(EE
zkbk<?yHjAhT2}uE-uiZhimEyO@i@duf-XqAXcF9C1%k4hWC)l`(s1i&DTLnDOW;eU
z{se44bHhaRiNngS8_uLFkObp-DBV;9`nN5dP%ZKr!DQ6P4@9%#i-gWd>1VLOse0yI
z0k^~cLWwZ%&8e$6EL3iXk~6lcY4g#e<)l}U@Nbz}oIC<nb8a%VYajNjg44)7om&+i
zgDCusmPxd87MCYpsY27mrLgpt|MHZk{vVGu_gI*ji~N1?pZ$hXDyah0##iZg9xJYe
ze-V|1zFHsw>(9O<qNt!Cb0pRFi@5uTq8!`7y|W<cxmjl+<6~*L?%}NtB&tG`3|Z0n
z`)nHeW7eeas^w5AHGmB^CM&B-ee1`J+PAQ;EW?(UjVM@UlrPIM<;Xu*^d|ZkecQ@l
z2S#DJ)NB4T24z?PBBH$kcu)K!?!F0AcsXS_^PKH2H8Wese&3aU0^xPI;)rz47a2_1
z1L(B$iF5lk!e!hQBGom7D;trDT)4BlS0Qd@1Z;d6^YYIEA!a_cAo1S5KFxPDm%Z0U
zK+H11Je6G+2iP09KF9l&<pT(|kaYcn+0DLxcVI<Z(Zw)!8g9L3SU1u%Q<?anS8I%-
ze8S&<6AQG_pKP#i|D_iIa%V$d=hF%LQD)O6$t>q@LXlDhmM~NPwYY*%mn+ulm}}K5
zw@_`O`RAQ4T!`X{;rO>P1^ntr%xjJP@W1CSkgxu)^Z$QO=l_3_&HtkHf6@9s3G=`7
z{XgCI|M%*)->_`Ve_nw9kN6(t>qK`!nz9z`h`I;~<TPgWl+Xh+RB3z)z3>Z*@a~uk
zs4@^qlY(kv&kpJ~6%}%Pl$Bmtq^B2HqN-9v5vWVYyN^sq_&Q@a%7cP}ytgc>U16VA
z_Ex-3teQDN(`D+~{ZA0)Lg#_<OYY;_s~QOHqR<KKL5$OAegV)b{Q+Q;>1m6Y?4%?k
zps%sIi3^kr-mNe|8KV}FqdX7if_V%#>X%kW42n}FVha0yZDrgXzVIEY38)ekcE^_%
zJNJKCFwxQFea;BZyb+t1XZ=QrvM9qX_rZsge23`wfP7q1vn4!SkWWH_hE~FTD}6|P
z+<FgwNA4BA$KSgKbxAW@i0Q3*#NNuFF|Mz@-Bea~x-;p?husDL7w38wBKFnF(25ts
z(d;AA?pnm%LWT?5)dT`zuuqOJ5eq$exh5kcBT@|&G_Uh92h@!;mEp!ThGA3|{UGNf
zfKP@*Vgfc^3F-aDaBsogjhA3U2z~P<&Gr6YXBd|d-YRM1!V&|BuwkI@S>dXtp{LiU
z3vZ#w*$+ha8-^^Ro?~zC7GCRkGq;>+QstMR3&_^yl$beu=<h+4gtPFKAfXv7C+@!j
zePGM(deKc+E6?gU7=&kq)z4gVO($A_&K?~cX+uoxk?-U;KPaMwVtC?_m!cB%Q3m7q
z13<S~Tw2Qe@#Dwcg5{kA+O6hW_Rw6QRarOmN=YdnUU2LSsE}V9FHh^|s?l>OU#DW}
z|7vBUQ^Rw92Y&VbwmrI?aT5ynH&%x+VX`bw9*s}TR68Oq{4s%Lm0JRqf~g43@KqqX
zSXeSoHLv9cJ&)v;lau?DI-dBbu#TBF_hC*!uC@M!fm#rJB;V|rBb>OvtrPvW^`hgB
z?5Rbc7}M&fy9@#P4>Aq!G6gAfX{7b<%yWS^PAL5S{FcXdVsAFwi@7u`+Yqr%Qup7L
zj&@+4VLZP#cM2J!*ZMenXNRHfca&RhLdka-8ST#$3fa<&Ux@Em-Z6Uc9VC-^;na6s
z&V9`8`yCqQ9(n8QIh92BVy5x^{-0-}hZ5kE!dk49QXP3Z<Apv+3h0Kibx3OVRS=BN
zKjLlsUl(r`rU=`V^}rr;#ws(4kqX?frl_>KgJrXA1!bLt?qt0j9fe`P+yY7LSy@l%
z5Eta+)8yK#iG97+w?hIKzuP#hxAg6+OwtuzJ0j3MZp35_OhEirv-=ImrffnyD$J7D
zEOpbW9Cv-PEYSOXx_9}vCi>PUX@P}ye|bb(qRhU$R%ZE!hd#8bW&*rk{02Fa(oCaV
z%j}~F$YG=H^RmOSZ;;4A#x0(wdrmQ;=bJQa{8nsEaJG7mO1#p>oeR<-0_K$ZORiho
zLOeVjRr`#hj@#R%2(96HZhjmL0;wOa@Q^`H2JRofb#GPYiQ|o(;5Z-uckCTtj{Bu>
zbw)U!<!$X@*X{Sspdxc}`A9L@_}m|Ih?eXa6qX%bliFr8>}s*e^(%ddFu(M+eTa%t
z6lq(-;6w@%)<@jQkBaI#am8H&>=FqRIWh(V1CVOKHDVBmT0e0{83YsMZyN4x>1PH_
ztk(SAOJv$Bd`b^h@oJqJf~Zzdw6?a>aBi0F1|_}3^Q<<_;VzKLD$s2A-aAq@>};{g
zfBi1#_vadorPY~~_|?$zS)@<oNLQVIP|q!X{$jCYHK)UqNp7<qtm*iGW8Tu8^AVoH
z|17!x8R(H2<EmcIiq-l{b+1&hv9awB55#M*Mz)*wGL7rjUAb_isj7N78^aN5YzCED
zk5DBSy~|DyDpPVwJb#x9WR>p5_w1oG{4QWdo6KgKv$K`|_f>$92)qjLb=)mpnCUa=
zvps*sTjxKFqF$bzj=-qK8|M4&7G5E9)_5(INsh=~xPJ@;X$dr-%c}2lti4Wk3>3>W
zUY_IgyXm-%YWdSjsmWHz7?&WS%8A1U$XrF1qRhs13e3w>Zqo66t@roheJG@Iwlc7?
zyQq~W;cLNb2t^@B-Lid>ePj&ta(UtekuR?9a=T5}*V6cyHcU^~daslLjnZO3PZ%QQ
z=i3%NNJF7gL_lAy6>gDr6<z%U{kiuhD9mf`eiOFubKW?VTk#oVZUz|^7zxnxRP_Ow
zR(4w14cxJBl1tcEuV7-P&Kj#0mk0Uz2NX1V^%a;s<EHtMXb6mOWJAhocmKcuNIn8)
zH~Tf^+=i3A8U==(HYz_0w{r7HwypTELMYg|IYkYgl$QEL?(gp;<h6fTpP44=NtC>I
z8ZFEXUA(MUtrd*J&=muEnj@gUnN&Fy?ably3<2$A2>%Jsqgz%TO3VLEy2fiY*f#sc
zix=S4ZV5=G?I)nWB(C3;wFSqFiUQ%~1n5i!R}Az3RXx5@4kKW3b9g5<Z*Mq;Mv^Y5
zA0f%k4UqA3sr@F+k38w)T^<1e17l(P{zYCx?;Y#EBUt4S`*NhYpMhI{sAljR%Au%K
zZynB>Nt7X#=a+z+ytvqxVd(F<sHf&q_(C4F+LZI>)vL^2CnD-a#1fHoiv;MB*Y<Yw
z-Qt(K2Y_UdnCL$~jj2=0ymVfLFYzYmcHGhIv=v(EKE5Rxbo4i#&!_<4>mj`vvJgrA
zz}lDsgByCSyKfdUWHH5NSOjmPJa~P<5mI-ch^wR9+}qF5%;;UQ`Q0cT`JKy82E9+Y
z!kGp%xAs@<JSOuppoqwJNJ<k8hkmJ<G34>K%y5CW{&}+yM?MLMn~*lB7$iOGb*bhW
zEW~xy8HUx%WTmBF9B15qI%V;Gq)$w@4=ss!aeU$UXslOCoii4&9Sp?v+1G&I+q(%0
z?yn8XgG|v{rQbd=pMbr7ENT^*AI642rTg(~$^5EzfIO_R*qJZ@^m+?)UVr*W*Jx~V
zTTk~oT2?-H(A3Rjo$PNGX95+|m=!<+{<j)N-acSubRCSLL{;_YQNQB!XJyO!7KdHd
zrToMvQw!FE8CvSB=(H}bIATA{;_43fh`rdoooa5$yWZXIJ-VDh*}cq@9KYX<>9~u*
zRWpX?N?bn*-cUJaS2@w+y}M@&Z?}|yKI(UN5K4Y(+aeCAPLKM7!A|<4fRjY;K6c;A
z?I9c6a30wmQobu?LpS@({K=EjRh--32?Ca}4p{pFgOL)d8N<pv-f;*O%B&_=S=Zj-
z;FKf8DS3P6Ps~1k?emB^CcvD7cSx<`yo(dtPBDr^)jO0YT!y{Z%d>KZ^;uT9KM!XT
z)v9zd(61^qUf(<){vZ(W<DHc$yT^RZ?`+<4XME9Fq7>vZCc9Nr$wl+RLZCkl!x@J3
zi_Ikdc>$mUIkY9-+8BwZ-E59|3i$Z^<?bvuj8|e>`|!os1E-lYd5yFsZ82Be$j6Ss
zjm^U)H@SS<&s@|+#FeEYr_s{DZ{Sb2@S}xf$TufV!?FnjGqY4$0prYu%Zg*t_Py)l
zPwm@m^-&fI!L&`yislVL3g!6V9K@jgByJQK+2Umt<ck_1zz(FrY!TQo7fhfFE^?3}
zn^!Erhb5zKX40J}L}^MOA-0&BPdYaxS<#{uUMV0<igE==bK^8Mp0=Z@$r-ETCc|lx
zvOJO|^K!|#+=C5Iy;JKhCjjPvr@r_+9y7qeX2Y?vTDi8mvw0shU5i7^Q+sc2m$iL4
z{l4<#7zmN4j-9vFQzY5?Pei(wkUl+5l%K9d@E8||=*mP3*>~m(EBYE2EhbCypO=+H
zC&Iz*K#nkxUp7?+g0JTpb+9EIRTY^!%#F=<rf`%Ginx#=iPORMZ-MFxK1zzaZN$D3
zPwD17kGBM|kR75PDANgk$~RjKz%ROClaaMxC)t2}g>pN=fnT#W%oC#y=5zuf`9bkV
zwFAc|PCM_(2tecxnUwX|t*{8HK?;P3i*9|)0VHHeZ+}HOmoYwW*=6H$&v!wPp!F&`
zz;?%Vb9`$&ip|sjvUBVwQfS$}VwJmzyEXdbNh}3SWdKW%UEf&D(QKpC1(X6Q2(~_8
zzc%2IwSZO3Rk=bIDE%BOc0aVy!&V=&GTc-zhIQEL6kocC*DA5xLW|gHvBG4@?GYJz
z`;z>8u7usap|NOIBZ{Q;8x8Ktf@o;h9JcOcKiKrc3C3BB@2T}dQU~QH$@8_`wrpYI
zQ<_UGk}7m15cY?QnHlwPZGvL4s$rZIcPrfBg8<GwJ~?tYf<g8-#Jm<4+h7{6zOe3R
ziWXUJ?#aslilQ*gfG@2m7&GIu>SxL72AZsRr7KInIPkGOxS@eTC?D-}S|-}R&31Kn
z3A`pRWB3tQgS14GtiZ(O$ZIu05f(DFCXghN{x-opjI>N;aE~?Q7^^Jsi8n?M`AVO8
zs$2n}5_lacN9_X_Dm<l8oo8k<a95-T0&3xra!j0zsev+(kS;LG?bV&b^7uy<YEV~G
zRFJ=Cot|d$00)Qia7J-<C6ZR+Zn4rp<=O!ZQfP@zh*+N~2K2((r!d8k+h-}_K1o$>
zXT5XomfRftQ?M{vf&4+mGrgsV4YOKHd}qA8DqZi-rPw=%ZRY@^Jst*w?Jfkrh}k=<
zb8}q&b;x{ndYxIq$^!ztnIwIMt{djKc5q9x@zU`gaRi(q`o`s(RZsSj6>*Bb_<ZUw
zxXhF5qgy%#?ZHxf-K##9tgNIGyV3ygR*bdCIi3u|tH+|ziKH}UEwqL@2v<G9527#i
zZoG}b6=j)DoO^PAHf}lZZNCeN=t||zI-5Q&@4Oo4qsknkSEZ(Wb%WHCIXj`#3~O#T
z#u=bA)Q^vkYlea&UDNoAv4Mx_!~W08Y<sh@0Nt@K(DzuGq9W|=4NWCy6aYNN)mfN-
z`<Uy|kzK#qaItaE&r+=GOfnOPa%jfjSL>RxlNI8dPC$oH1-<$43zdc?{Th(Ial9*?
zIlvL-j9W$B#_?*VOFDZ6q6Ic8tyf&ovK17MOjWM?xM>5J9ygMkHP8eRFM09y>}cb9
zqMR62AO>PuWLZ82+NgmS9peVd-e28Cm?j=DoLO1Qx05REQLXzksI$(+XXc^gb+E&z
zNf&LOXU%U-^ey2J0Q~OKRB^!$fFZQAT>}sm<ixhS#1>LAeR6EaAhjwF$1;R}`7*R3
zyj1BiXaJE|;suRW>o0u}oM1An2iT5!^0u~+p3C?;SzTwaZQo_n3s3~EGM_^&F^7Yx
z)(OC3YF^{nga3f=4e-{_Isr2k+q5TuJ2U!D>S=Dc;wT3@01MnNt*93QunA^gxer)u
zjp0vjDS}IOMOM4!DzMbFX#aqK)#fuys%xD}PH4c~=TurWf7uhUrjc-@e*Wv=x{aB7
zuxVajsv)4=*SbG>8BM8HB4exNRta5Hs3Xb<)MGG1)z8gET#ZJ5dI0V*fLw6-hw7YO
z?&W7RG^StyypL-DeZNT+>7I{KOBQn4{KBm<8oTy6^_;cN-VeZr*9ZVEZPaHQ*f?o8
zSkJoxxZTws{nU~G!zu;{BX-(MqJorI$vpvo4D18KVn<O%gQcBsFGXxeHm_kZH^6Yt
zrv*7$%*!J=fqzny;n#HPYf?ugNV40vp)b1<$Di|rP400}YEF9W2jby?F3qJv7HVp0
zB%7k911ZF^;s`!`0wQXp$$CxW*F@*LK7CFg`wUKr{N5Jrk3%l-F^GFtoZA$y-dZTH
zu>_zZV4FEuojBIt!1-!<;RT07hu2cmTaL5=oI23$NL}O_85TCU&}Ziakhr2vVNj<L
z*umca(h>k496QR~Dv4Vpfl((_z#qS_<J@Ias=7nC<GnU6*m3XVM%kN=LLfUBZ-C1j
zrk~RASaje&5_C>e8LK$2CT3U8kh1~1#JBP#LH2Qj^Fn{-5XB&ppSbYAwQu^vU7w|5
zc7*d`!|Ft7nx`G~afL2?grD!46tFlc63*{>QnHU=>BaYCTtjJl)9gG<^CD0VElC|3
zl|+Ep(vG&bwmR;$^zpgEcRL=@aGU*ff&={3viDdeRu1my(eU9Mp!~49yyqRCS6KA~
zJm3H#LktUg5*J(v*i<L*BqngS7EG)Xvi<S(3%yX19DFjS^ibu!;s@CF_8<HfwK_JO
z!FFe|N;}jVqeY}IZILY21dQ86b^0aVD-K)lnnRo&kEY5E0&M_a(<;8mG&C$+7x3zK
z%e=9+wk|p->x^fs!;kyna*k^5pHQ(ldbp+m&eqi;F$+VoEUsu|zlB;t#BJm*cy(kF
z??3gRXbLu3Y~oNZrUifx+2q|%4M~;v`|Te+Pcs=7u~w41DyuKse*$!xDxC;l?KOb7
zIb4-`c{wDg5KuGqtGt!t1&qyb)61_tk_v$l^d#FCifP2Q^>HN2w=x4dw97sz^h@YK
z5gfg^vWNgE8yvP+=Rrt#AHm7;kPl!(*A5`<tNsb7GmFdDptd_QeNl~;m>GXv0B`EF
zeWCAOBOiI8MM2{U4l}KmC>=HLFP(8bt`>BF0o`c}n`|kdr5CsH%XL1tNECf8{eFki
z$4)gDygw$aZl%F*lNlsAISrs&GG8_2GIBD^PBV6A(1p4{o#Atp0?>y^72s7+#;lDN
z<#61>mK=r6%EKZHd_K^*uxxcMbgl$Jzy~d^NUVXy`GJd(@(dizGv;Z@mK4JjHnG(*
z7Agy=>WR7!q{iT5$N1q54-b!kLlRY`_c22qc%d`e9H<Mr09x&6ZkAU~fFLa(F61WP
zp55aDT_WJVb%T9EC?N`b`c^3OB2N)Och6{Q<lmNC$i#V_=w%^x%@KFHMmC%Xt8nEJ
zLxi5T9J!?12_79C9gqp4+c;fwt6OrL&TgRXNwWhpkpY7*LZzq8AQEcES%YSmlzgR|
z2Swb7&E>k`eO@Q;w1$n#B>ojKv_IHqI^5u;S$DC#lBoP1I5%PV0gp1mxq@N>RU?>W
zGK<}?8MZ<$089Xiig~+cs?K)npJDB1RV$`|-^HeKgB3dQZM3ez<}hF|Pcv`JkY6X~
z`%QyG$H7es(k^oU7@G}khxh^ZeFm4T_9=id3{}6WW2ai;2ZZY9z=kLQ%0>sk!g^Rp
z6(@E3qLIn~$%C28`hK4aEDLTHbehS@%dE=PWVSC|O6QH8GPM>;-kaAn9h%3yQ*Md^
zZ1(49^Td(hrW^nf1zgBL)h`*tA1M!tG`0nq->8?C8J;iFaGK1`@!6Wrdnf-&YVSh=
zy0&Wc<CA7S*Dk|#Za_0ePyQBYzYB%@@j<_lPJRfwt<>D^9~g*O9ej6!M<(BtEmh3W
zU|JaxC%yx+V+im0)K|^kq6AP+h5wq*evn&9D`@eO3bHVsP~9B$98)AabW76HEUk9m
zXE`&S{rs?l$zk)Wu*vlv?#F=b4LJ$mNyD@dLCJHFGrT4?w0C^KWAv>oG``qL%uJcr
zuGhjAJQ>vpxs4Xf-;y$bX`H+sGYVVd3TL&d#6)#v@)#nD<<EgtiB-A9%68T8tW7$f
zff0b67PL$wW2w0`k$%s>;b})Tt*|ir-m7&YW*#j7xF|4h-=vgT531DlJ+G?B$;%l$
zTf6nofHdZY8MG8xtyH^HtfZso{YBIb=PF{xZCDl8<Njvs$Blp@FDh8E*u%MoRk1+h
z=ZX=gIQyw~)(KEMjpO3)mSdr-RPbD!ik$vrrn^E6;C}vkQ&TSQ&c(h*meHX;%{0{l
zz>A%RK!^kL0F!k`Pl8Vp(C`|ci%JP+Fkwj%IBMd60q2)O!@~ymk_q|%SvxlgO$OZh
z?deEW{C)`z@T1~{BFj<0EDmrM;QYtx?g_7C@Uky|vK;QGe6wboG1Zmn)p5(i%}<O4
zZ}xrHfKxmYVUqz3!{b_}uj>1AFs=Lj{Z9gR;srt`*T$DFhk11!9Umh$%SHHDVtEyP
z^owmtqx0r7!IrT15%k52(-?PLJ+s|W^^g#Ff)7d9jpN(N4!z6sIv+DSiLR_Z13c=I
zu2#K?-#*<cu=Zb*kx!ACu^44as++TdSGf$1%mkwWw{22p$b{-zu|-|+1cgP#k-Ko^
zmyD<8!Y&_u6K*qzwyi>j2M2X!%u+u>wtx1Ul%53UMWVrE(tIB-Mb@ifR&=sqq{r!=
zQCUkY53nM$qRjCC?PRt9u|dguwCM9{P?HOyAP1_)6yvH9M9S`-E2AwfEd|<PhJ4o&
zBJvGdJq3}?&qqEep4aVX6ToEFRgrfRRjx>9T@6dDd-@zy&Pm~o|B(@}(u(&vR9{+i
z28$=-0uLBjI=P>tSs?ty(2=Gn?#-V7M8nrmvWQsidYjh-;N0QBTsv<Db=eG}L4%!h
zCsfxDOD6^&E_gbGk|*RUUn;aO16JBXS61NxPeCr#b36lJ9g`_LkjB?p)`Rki>1oJy
z{@%d(zb~>HZ8;j01{nh|bxW_#QQh17i<6jN;~c74x2uX7DtWp_P*gt-N*D(9FpT<E
zvGZG!Fb%2bmX-Oz<CB7v@N`Yc_231)x<mn()95C~08Pbw+Mv5J5o@s7yoDuJ4IhjI
zV;d3fSGkwM(M0im`HxpdHk;pcv0GA^{GOLxw%70E0iWL9+1ptj%bIjrL32c%@0P@{
z1^{cG62m%7gvhtx#7dX`A5Qm6ej(jbCDH5~GVVq|n?iYH5`Kg;23a`RfhW5q+Jbk^
zO5BP*Ua538Vv)xdhhK19R-{fXp7(g_J#+>6+$!tZ{=(Y#Q`VTL)#N(b(U}^r(N!&(
zK0TyMrHp;ZysG<Zw?DJ^U0W~_=;BD?d`!x=k#7KxSjxm3c29w$Z-ec<#wA0m_N9J1
z-!v-eX_$)+PbfWVIhCD8D&7qf-2hOkL4I!;b1itgbQq-1W9VILZaUBjsaCS;l37sW
zjJ+1@KmtEsl>&(IpxnBW`(Dyw=FCl+Zq(B1kT(MKdqP$pyngq9PF`RQ7c8$|^72ik
z<6%e@xj_{GOd*qwBMTCk$t>jXhG0d->9cNIA;(3A(Y9nPbAq=LFBKJ49{zLb(n@Cn
z>`IO2Vu~u(U>Z%1YTX|%e^XiA@a!xI7<E0EC@1C$1x&i<N8nmPfV34r#%%gb{z#Kb
z1Q=3PHR!Af#b125zcWIuxlmEP5wxv90ximbhaNLNHxA3CFn5yT{~G`qQITyqKJ>0M
zz>$E&7XqeJ2_mX?{{9SP!@bm+F!Rk>LJ-gyM^mth^ygGjG0A=dT0X!<Y=NRk8FjPs
zE{;fneso^^p;s45%A17e&s%%8yEZ<#@84FnaWuGEr9aa>e5BnWMfKPD%-r`EKhOnz
ze-D@)cc2HGQj(zs;qym=@Q>_KH*chAv0;4qzTSQQOhNmZi_xDnceS5cK6`oP<@1sc
z58q$?>v^lnmU;l}=Z%k7{^0-kY+{qB*sb!T+b+@jD7beg6<6cCDP0G@jh79~Kyq{$
zs>V!A`PZcf;-BCq>OT)s+p>jF428z8RrLIVAA+42-HKCFQ@=gGY*ByqmE-EwYxh{F
zDEN`U`0O0lov&VJ<N~>f!b31tX2pEGH|bsGroOuJ`}<Wh9#Hi)iS^$q%XAALp27A!
zc3C6sWhEyB1voD|hqTAW>OKuf-KhckjNT<Y-)q#1n2l#&?-mE+OpICNP^A4s>pZas
zf=ZN3(twRlxcIA=mzS<lyox{(ZRxlR!&z@NU;BasHg}PC)Xx9ZyslXvVV!Sf+I~<Z
zLQIq^4+=*v!iXhV+4?^9z<CAjey&OnLKR;m;qbJTK_aNck?7SYTinhHF_I%6pkHC7
zw7I@%+8w8yPyX9f#rIdot@{V!O)9)|vWLQhu2cAFFLpAZQk3TL_}m%j*{e+S)6Spx
zCBv3&CQVH$3O|JJ$YoKjVi!k{kny;?OnrU58rP6&+#em$qqB}$(**${gp<wd>J7@l
zS*B>K@`su)=`~#FC~oSl8K50^%Jg%W;PF!?_1-xvtM623y5JGM3qSs9zbM81gj@NO
zw2Uy5*d%Z6{TlCMPYYNSo6qJ{Rstu-X(;TjmqcSsYE0>sZ^%ohB#KBb4i5XSBN!Fy
z6A)5sT71V7v)cu!4m$SCCHcOwvZPw5Z+SUtxWXXeC;p<&2Zpo@FUW-i1=SCio6_yC
zk0?ZQecNl#xV68tq)X#iHb8McA5n*o{t9t9#8G+a<?Wc)u5DfiOSbLc8-s%zYSA`z
zx7#t8a;%z~UFh9|j*%T6$t0~Vbq-ZpF_4t|FD-#rG1xEg?Hb3)?MytpU+#Fhc~|Ht
zq?Vn6UUp)yet=RIwoMu*NSIYem7b=t`!lecN6Ed+5Sr2D6t6ZCc(uzaC@9!G?~z#S
zwpHZ(X-m#w0>6B?5U`L)EHOTQr99El97JZHGTLlF!v^21bjAtfETu!tq{IXVBf?ep
zRj|{$qQ~g#zsKRLRC2%FWxPQZ46hhzlviXv2+TF?yWK7=;|cZ9*V{w5Fr&N?cg7{t
zg};b)3m8uYHF+MULnP=m8bmkhj6);EENHar?7;B?j;F`_TlS~nhY%u_q}gA3^?rXl
zPEK#Ha}WC*tV=Y{+i}cA9rnW6TiLm*jet4WWi8L3E6)%#+!%MZxFaY&=9lqpE#7jo
z`Q5uV<a-|2jhFv<0bE2)s}gfxo`F|%>Lum2lez-Qas0X}Zf9<9A5ysue=K$DXif|K
z-LYGsi~B=9qBiI_G-Z1FIWH}#fMM9}$vU+`&9}jM<01p|nwUz8RMeaD@e0V&rVHvr
zMpBZ)bV6MAg3Gk#Lk<oFxzi)nkoixL@U9|d1ROcj-2i`LiplWrE&(lUKMy!L-s3ec
z!09L~%6Bmwu<mcZgpKZkw<VY&#1oXWdnMLhXRW_TXAxUq;k=rrtt=L3$^tRP6=sjr
zc+r);Ih9xJrj8D7_*A~g;0Ofan2Wxhju19h49-94i_qEUOnJP?yzjRxJ2)f8MjNJ}
zDLZX$&bnMEOS-nw=O5<v82Ca3U@r=vuUU>!Q9#9L*hIZ+rd3^ki<gd0j8$?<PM0Ba
zjjhiv@QcKQ-H-k~d(Yjz4DD^%FRCzkl+vkB@)+`L4X{v&rJ!fhzS^g+a))uuTQ>lQ
zg*uvXGPrbVwh($ZSLg##11#yyDItwhRJ6CE$l5_7P1@0dr_(s1^Ur9rjtm~DF*sM9
z!I$bzyK;JslWSM6+IAhq^CWGR-wEtL{U;K)-^9v%+_kRc+_kXQDYFPV24m#Ts4-8f
zv68+HY^<zHs#zx|wEbvZIqf<P+<7Kq`f~SoNYbl(d|=2V8=#h_$+*>S9jEje8`N6j
z)_M~k8-1+4@cGeTRmi^ck_l79fnUCHmPv7IG%KL!p@6Y7R?z_MT>>VfMD9>PPsz8k
z7FV(rhqAW~C`wAYH(2GQkF*VF5Dujk5#WwbP2CUgh!*A%ug**RfiL^iD@62vLOk}=
z-*>Xg1wBb#pIj_B^<<TWPFLSeg~Q>U@!avw9`~UVcRbAcFh?mWh6Q<w>3$Z#`5OHf
z@4b-TxT&eV$@P_+y}2{0=Og*P|Df@`nb+BS4}W@OPs(hPF=RJ}qx-P*hufXl7z*bd
zRh@mOw#5O@7kWd=z|Em;`&xpZADsNu&ILh;(r=)rIy3eZhq+1`8vWH&vR!+U5u9Df
z5dF@*Ap0v<?rjl%<*VJ<H5f1BP@mKgH-bdRc60hc!jckeycC8@I&(qeX?mT4hqJ==
zJza;uX=C2exo2nlhwpQ0$+H$b#+k+Eo5`TigbOJ$Pi8gm0c<7n(-2<YOTU%tdk=w|
z*DW;CZk~U|7|t3l?mC8cw_>efjPvS5b>C6QT<lyhxebe85;;$+esa<9j(75k6>j9`
z%~f-)ABMj<vMCP;V_2T7m%r}!H1~M;&g0iFtHCPZ%$hArK6Up2p*pGOO=1*8<>NiB
zaF8gRl3A3D>rtk&4mULQ3kb07BB8BYZ{~tv%<FwX&TfW?^K=GrsE0G?d+}4=y^S1k
z{RyFxK@7yNIuFnds>Obc8M;qrX#HCw6ygyV9)7g_{!;kbA*1?PuW3n(cj}~@a{}ne
zVg*RbhmnPfQlQ{PdW~)%l+;#~JM+Fs5AiF`tV`J~^6YyBsHNnc({y&`i}zvlRa8J$
zMmY0X)DC#Z6utrzVw8KGR(>5?6GqZP+UMs4=vmN4d?7i+D9m|@qwafR-<vy0<`M&q
zIW*+SBc)7i{ZA(<yH%<2ExEYkS=rOcj9Y4xDI$(ZyidOVQdUy>$=EzIOag||lFi;M
zo1>EOV=@0cel8fY0ZY)I|J=M;J(k1qFr7pn(UU@euNckW(vtXcd@GUR{G%Df?EH#b
zJ=TwIG|yi=J6oOJZ!imE!=89eTc^p`n>FP<CrvP%npieh$pjv*{oUb&bmrjXfV<kV
zniPLw7(vaOm2gh`uYm`v<jzvu{DO$ZGPz4bMdmW9JNLcZ8m4DT)>GLx#vISa7b+}+
ziCq;yCTuijsB<l1D9~z1wVGT>64uy~n+-j6XSLY;IyK0Q7Sa7%`5Q%4HVu;8&y@iM
zjp1i!i*IHYzB>Q%jJNeK-e0AccAt@vtXN`Yo*+bC!#YWqt`~4;M2dlkRwI4%5owZ;
zwhA@%oY2hGi5#1%miWQoRGHC=BKyeeULYONVgWc8<c5`aWN7_kOBOEOvt8Y4t=%;V
zXRHcmvT4|D{ZSyYrasvg3F*oyE%s53S1HgR4ATEDi0u=WZt(B&8T48mM);eTR@V{w
zLWQUJY4-!Z!5oR2Ucr5>4g+xX>(3t`s!e*lw>XO0FwW^e-77pfd4Y^AK4+9Y>mep4
zrp|QeQ{3|Q{qNA5jERZy68!Ug$(~7ee|(U3hvUWGqW%2cyZ63+{eA&+W@5Q9T_&wM
z18kO{l1_N4TcyeV(oERx$%YisL2ot1SnuNwKxeFg<azirgtdO-jx~dS#ae7Zwh@k|
zN=i>;fXS-41B-r<{%Lo8!jQNfE2yqoa!<nd?ERU=>(d@T;jMb9#)=}>4Tb`<Cqp?q
z1NCxv^}#B2I2!Oy@P>e{Qz<5CWXqAVchZF;j)=!jcyz3}Eb2ZlOAsWMASiv94FDdB
z$vb!MJRN+lb3YFV5Gjpo7E3%$o^MnT+Re4O8^xS_Y3JqHGHAcZ(Uj=pi!jo9UEE^D
zj-7&8_4dp1MQitu%DDD_uP4@=_YdAOUc5n@Ej+)b`KHE>dR~V^)uDOy_+;j5qS^GX
zqhov4Q9_@L<HQ*-5AoJIqHor#Bh|R-FQ1Y`mSEhw?qUL{d8G%MRN)M=MuF(!p@CyB
zz5Z-7bszdutgqVSW_3}rMZoOJ8UtDl5p!bK*)CZfn3fAY&TPh9iBNduIA}+3gF#Ol
zA0=YrS<Id)$*E;zf2bQ>A!#=YZ9rFIc7j=_r;lw=kqdEmNxSeJ6)Lvayd=$p6o~-7
zf!U?)QIxRWL~Fpw;q;&ZdS+s%0`immN>X};@7Pn-=nafmYliewdIGXQYqf@5mxA<$
ze>I02tdjIJ6MMNWi@$`_PtR09dZ)1E3<e39gOfi7t2luJO+Vk#nKSg^tosGazo;@P
z4{XX1f$ufAnAqm65L`_KJzEsZ#kv8NpFmDRJXE+@=S@2Qwu|GYj7s~in*bQ)7(6>B
z$p#5mPt)kisL5KEXCRP(^$}Qls}F_odFP4yEu8rV?HJf)#)Lxc;NAAN`{;K=i=U;J
z;UW&-!;(2oQl1v%rNI-N_9n@~xWHDY%GLOHcxu9D<&G2lq;c*BP&CzvKE>KN6A`91
z&q}%gImF*2_}+^Q3m)x<FZWl6hGLGr7R(<lHDKyoo9#B_+<#O+fP86E^~?V15m7?K
zBKqN{{f_Hd6*hx9;LR}ug%6j&Zh3VgL>P)GUCeJ8sNYSWAQeHgf*R^Sl@W5hQfNLy
zqEC_D(??o;(!;vcLfjse&V91Y^RBM0xv`bLQxkg36Sx&Uwei`WzqTY#6Wmj>vu)Ln
z90tJV^TUmJ>QP_`oV!jGYLSaY8sYmtFQ+{Pbt>j!ZHNb~LwHad<5b=_W4Z@b_S3=K
zplqIa9$N;*411QrUiB{hLI<r}h}+Ap2H~NVkMiM8RwkG|U;pGOuNZ)h1+|Q=-`=WS
zmvaAMb)!b?+QA^IyupX3gZbB19!*%V{+sJ^svltD8dvP}gKMauE3au(7gcB~eAiU+
zVsXvW_r89Dp5;qcI_2AT%$?ZI-NWH><D0#1HbIVF>6ZpcD6mX@gGh}&I$8D!XO?JL
z@#>1>L0Gxne(W+?;^>^a<ThoSJ|?CrU{HLoAdh8hbC=HfJjeX9YqnG`L0W7is1c8j
z{MN$Xk?umgVI%xxdDd`7#Hi&Oa`Z$Fh2qj2Drofr`)vjEkRiDM4Onz9q>@YfCd|ng
zmPapco9&1TP`-Kd_RoQ<UVAIBtpXe32z>)-&9xLbI9zbDO4tdNtu@bjRWBfj+M5}o
zxV=5vSDtIP+gYCLHOj@5kWpY-7t(}A4Ma5xBK>1S=sEc@w`g<#`nIxFGqW~!roK8p
z-*`KA^?d)#qD#a;<HZ?J(qIM7x^y}Av&~*lT%@|;euXnm$8>~$$k!5@V)g#0qrFZl
z_2Xn280I+n%g|B}Sg3M2lx1G70pE#&m%Zlbmz50Xg_3u<OLloc>s>tcZxvy;MjZ|d
z`yL`l%GY@}aVDvX4uFB{thwi(q9zB6*f4co{ARh|nm4Z&%d4#1QG1xlB^<ugdPWuo
z-2#Rs$4eeS3LbW7^%g|s!A=e#26bq@(WGekg_U1$qL?I*@G(zHGOEtXmCWnBpQc6?
znmy6e<x>Ayz=4%8%h^6y-U*cm6yRzGn~bvbiBEYqEN=8vIuks>f!h|%FI7L^c@VJF
z^Lzs9Rpg{6Mm~IlU#~H#^pUS>Syuw~JrygkX}G?rO+p}Hz-G66YP;RFdr0W{Y4KxF
z9zxvHX=w;&*w)#)JxaD)ZKpI;y8Ds19qx2MWr+X~nR1L_=8IKQx6OG5Ob^<#f-T`@
zYA_>3M}vDTQg}?H5awVut6dE%{j=n`x%$ZhgxD9TRQfIDY!Nn563_rtNmW(4?hfyu
z^WdsZuDO~}m~uP{=)isi=;b|tE=mNa={t`g{~z|=JF2NIY#-!auX=58EueycC`GzT
z6A)05UP24KDZTejzzU+$LWxq97D(v5M?`v4Lg*nPHG~j)3xwHNe&5XBv)0V4nK^6e
zQWDPDXP37=@AIxbkCw(&J&gFzg;4wuc;KlE=`k@MhTnJ`jx|R8me;)d3+76DyHQ&6
zx{4#A5E?eMvVwr-c*2l{9uyfDv3+!O>H@!thX*1)=G_fBISZr()lbA0O+d?QjNt{D
zfRg;2cU$wKa4T^UbD}ur`{UJ>74g(=h=}tSL)h((>eE^!AMUXZH}p>K=%b<fXbm>D
zrOQ!6PW{Gh*Lrxk%hUkrQpIu~JL_g1cD`4jZME;UoR6B}j5_tuK^T5>aR%@Q#m8R&
zAsbu&(6@K-c27dms0iJX?tO=(CHIUgh7TS*du%nOS6v)^^5SO4`rM>3o(-mXib>dS
zcuwz&W^=?BiY+Zar05;bbI&9rQ$-*pyn%bmD72V)s-)!P@)n}VEmpnn6v6LakFjrO
zIbk?fet?RKSQZ5XZt1*($>_W6S5Xi3vXwGVi1j6}U3|=?f)KXw-4#<xd!<tl)>{x&
zt-aJd)0Ob8RqWL5eVNJ;XQ`m2`rh<t=;Y@KK4Z~#?-?v^uG}6sQa)}RQpcdgj(6Qo
zq9s*5lnHA1-fx($e#NT#qzEssQH#8jO<?1Q%#QsR51i9zYqnt_j+&RoO!^RS8@y-Z
zLZ~r0PJd-EZTZOR))thUgwsR%Y9t6+(QFd(u(tC!i3wl6uvaja8M~NrHLJ3b_>`2#
z{^_K#gEO#$DPc{spCJTS@qEksQowA!C)~JKt7`)<94f?5F08r>BdO_k1B_Xvw%oTh
z7SMpBgO{`V9kwH38Ft*;3Ej;jR<=-uVRBrKiPgkZH8v{f<=e+#;{vgb$usUc5V%gh
zJ|5SIhFu#t3${uEgCKhKqfKg(`oTP~e&YDy-m~L7>IUJ40!+;+O2BBMAVU)!x<?*O
z&ALb}S^n)YSJ*IeyUAZ^>^N{rn$)SFxYH0A*IM5`+<W=YMK4F4&B#ZYDViW3w6=dt
zdc%td_C`$1V?cIOOzdmkJ!9g%{8bxS1iQYv>~65~qiJ<R5QN>-BoplK`0l+hu7F*=
znBmm}pF!i0l&eM>o1LmwC5DGe3@E(Rke;^dnck$-En9<J%?^ewZ~(7u*cV+CfkA+q
zc=)Ek6)yrtk#&-3iE%+-wVhjd(8z^&aISMa<l9bs0xEJKUqxPKR~f+IR%(x7Mh&*g
z-KK8Vc#8h0#&$6B`rwMMA1X+d=@lzN=Qo|7Y!q5Cv6lA%BjP@ayUOQluUSwTY|#yK
zpi))Q2<hPE6-uoN7}LbLj4C1_=^caqvx0^>wt~_`)yI!3qnu{n<Pk_ummvH^sV=q4
zU{uVqtFVUK%NodCB}E0a>r~wp?z5(k%0|{V=NUwU2e#Fzvb){{bsol^cmeIb+TJ=g
zU_v35nJ2%HycNMoN}BkleTqr2D{&=jz|GMwG(VbK;}&7AsXbyoj`^njwoj<IL&$q-
z)nTA2id{mO<d+!{C7UpFi=Is?qqWMXy@DEp4oO){mYO)oJy&|Gaf78YHv}tQ`(Mzl
zu~u(=AUXlKP~C+RaA#}+`{K((pM}+TOoC?b9SF}n*&Ac;Qhzw@I`<EaY|bQrgN9q7
zDVa&x?S;pAFX(mqnDv1S5I~k!7kVA~jNcVOh%=1-id4qf*mzN)Oj^y7Tzio(kZDVy
z^C}JNNdXaWyHmi1#*y%aE9{z{hDwCX$>MIhYl*1?QxUR8%yWSPCMAkcr>d_OYfLr{
zrNFjw-0Ta@RgJXWoiFQF+cp*4e4Mf%=1>5UrK)yx6mr!SR(fv8q43L^8r$2akh_QH
zMLsOr!@;x9wv1SJxeS^)!8*i})8&Y}EmY<`yC{j|zG?Q2Tp}AdA8S`8s_h0AW2l}B
zWn8C_!&Tj_PIXOWuBbNQfu#BFj8|8yE%cLlWpHzhD*cW7v&j(zdnQ4XY@W0wq#ELf
znXH7Qqylgpv?E<zDC;L1>Pvw=2hAURDA&6qqZUzJHrGoc${z9FYLGG2EVn}f|8An*
z1&JD}(Rh=XU%f=);X%%m+(PwU7AqRpg~aL3{oKE{?XOB4v6CF+i84xUo3g6v;5GwK
z9*6`1V1n<?o>E%yeV`V=LQLhjpv)=0tg?aKGo-^M_|)^{pHo+i>zxx&gAE#jW8UB1
z8etaRo=O&OYqJ<!s9+h$9@BLk&PYux@-*GTU*^?EPXzd7bQ(D1GRW>eIL^T8;po{7
zELtG%G!CbNFlz21<?Cgr*kS~fP9dq@3+#e20}Gt1Khm~0jpTif9|V)7eaYXdBht}e
zh=H3eL*Bg+o)(Hg`kZ0eX+#Y;=YRv$LA<1ycDDc!-=PA!G;6C!=Y=4v>Pf2whpV})
zK5+mHQu26(!I|VLU5r8a?5K6V-^T}m-zVt9T+%~t$tV@p*b`NuMWNwoOCtB24o2qJ
zt*Lpsw~}s=3~+9via>I^<K<2{(6h_rB%LvKY|XbwRej7R9rED1Vx++gvqpt;3o~`4
zWJ=Bhbvl**+I5IE$$x|h#3$+jt~KfQMi8}8Au2^ONYesxa9@n3amfzx;zf$tUtT+_
zj2lF0E!@I*P7!8b8<-g>wFlhXTn^Y-mxY7TWRz*<d$k#orw%ww>2?31!vi<<!HyOU
zoxF`a=L3}1aeB5vWI6<zkklh;`PCg^AU6Zz%p=yJ-sPl@BO-v8s-u6$&TRW2t=oB`
zQnzZtr^vX9f|}tUyp#G)LtV9>u!caX_Sgo_;Uk7%`=Ce!?YWV&OOD>5r;a#_D=4Mw
zY_;v?x*%Pp5_-_#zmDQ(?k#sCU^Sr(>T>uD1d4#<ht{gA?Dz+f*58*&F~U@Vw`pAJ
zTmjB2oPWi?x(*F2E@+KT0N{2p=HPnGFL_J54f2raZw<&qq)?&a&iblMUF<XEALv5y
zAtoX(6Ztd0mfBpna3S~2MPa_%e8y+nu2nesRr^x#>6y1KF!1I`yE^5ZoRNn%nqCeF
z3?Qy|=t?mKJWz^a8|oB0m|vaA*U&c;thSFa7In+#K11pt5FkrwX~tW9ih|~)I)}NF
zF(1=gkK56Kd6crtQ6LS0_HL=INu1Bq7F73f#A%I`W`klSUPd8PLp!U--i!Y6*P;|0
zXOcoa>+AbndRWlVE)yt9PbJ}B-W+gVeU_KCS?~HAq6hPbzFA2?cyE?zEMby&%61!8
zG2U%_FA||$V<x%IBRYIgR2C=iwI9{=tg;y(20+jv{Ij*PqK_U+MhDv)B?y|SHnqsd
z$H#n_;>qyY^UvB`#2599`Pz0>lv>46yQjmc?iD7eT;TT~MtD>c_;}Gc)ckzh>pM(&
z&yPo2Q!#csE5Hq{$yVjU;}-M}?+7HRmX_9sA3uIDo<E=2o@>9qv-QJy=RteLVJ@ZI
z<A|7pp2bWTBCf|4JJCQb2OF9^&YDIZ`V}l-Ji$a)tvcN#$Y(mt)4XC4nv68>+vt1#
zDu%rpZh61=-A)fD9$yJ;%8~cKOZ453a($-zZqbmw;PB2gHjAUVZQ4_mu8_%8pnch2
zm2GL}SM{r_E2km&T2aI5v&j{*w4W~D@ph}jWX#<Vsaa<srC;BQdHv5RI^~7o#)_Xo
zzccKTLWs=2+$%sRM{k#~?_3DdoKuSqKaml1Cz;L(&|P)-QhYzG4bqnKt(4KpQ<9m^
z0R#Zov0E1HJv}|eGQor<)2M$BZECu!&{o!<zrJ&0K^_oVs5eneF6+R0N?iKRJv%j3
z&=z?2hMSw)%M1Ld;^Iz6A0;nfD_!2K8gbrTB~d&jRe#>&i5_^3@%0H7neJu($2xG?
zonS{Hr6c3@$LiNp%t;6J*!?+S)57QB*FA4u`}rGmUh)4Pao6Ps;Rt5&T&Lkp5@jtR
z1rF~z`<Fyfsg0U6{!jr3*IS#8{^B>iDiLG(m%A>Dbf^EuYp_hoZqYq6_D_;c@_uk=
zZb*l6=(8>bJ)9HzGV2bKGl$o#axq<XUWMbxwdRuT?Jj1iJ+sui0a6Ut9)wuO^(=3H
z%WU(MgtM63v%HrB3pw!m_}Ni>sI_OzljF}2U7vEHnfsW*v7gR}d91LpoykDlG)d0$
zS1!IQBjXK>9dXx*oI{i;epf?PUA32V^H4<4(Q(H9-Ui^`?w7$%_;Z;)eD=RMdOs<E
zN&9pC{~sLA#Q#4fKlj7`+0DQfz)H7@XoLmwf}CvF6tJhYw;PX)*4xzereR{xw<>Bg
zUz!ImskF434?G!Cn*aQA*tDS$Z5~{RczygL4uaYHm|E8?LOxhsgYf1WY6G3|fPW~z
z@8!S0wl^J}k;1d1#BmTY0;pz<F_%(@<}ks)(9d>K>_N8-9tRR%B4_4E=uc1RWcD92
zz?Q#Fo7NO^0%}l;NajJTu-Cyr#JsL%s+ZrG{_4u6{#5Ik^)J|c@7->r@O|lWx9fg>
zel0C6|LYJv`TN<qM>nnGG|t9qzkc;rXFX51HhAVWXNQKXV}JG29QECMOcGV55nLP`
z9ke?_LP7?G?`LNk`{rrAWN3r&yRNywK>zvXmFr$tf0o>WNxo-pb@bF}vnWhHGM$vZ
zWVnHXiaLH_SzX(JKEYs))$gUWYNW(ZmDF$Unk-<c9>5eB1j)MT?Ty0Oxj97kn*6ip
zVvCUmqMqF^oL~Qvq#*UqUi|E+=Ggg=dq<9)sgiRWFE%eUl>iF7S+O1o;RzK)_ayQU
zsZY&7Z**CWdpL>s*!$UuKl~-Q>FC;p4V(T(T#2|-_{PIy6Dr_PJ3e;5>IJl)Jyd9*
zuz{*4mJhF$buZ%6yMa7%oSwMPAghMB;xPW9&{)(Z_hbT}vOaqA1^d_6P!fpTK0Q6;
z3_e<_UGvS(;$$g&$IE=_gRhHm9)L-%o?14rwvN{?Fh}A@;z^BBIgtx!hqz-XooqP#
z+_`d|y(dfp#yPL1csN!53JC!ex>4it#>Wa41fkwDs?Ruydpm~Y(K=!57T;{Q<k5?#
z;G7$jArk;m7;E!OL?95ORW8}aVrcXOdn2=Ick|?`rG8*9ThEVGL4=J2m^6}BBZFZu
zAGbE&Lwa8ND|fPh{kkySfraZBT$5RKzxXo#MxmEouVarK%Ldir6l<eFPm;J^wkjhq
z4RU2BsbbVQIq%8GON&i^W^X6f#IgfbQ^!fSGfF8#c8!ghtgNimQYOvAU?DpmsNgpj
zv^`ZzrN)PJ;p@2Rh?5{sFYQZ#KK$YVBGRoB1n%Tfza<WI54RlQ8ncY&E7VJ<_?4iZ
z(T%{M?tef|d(%o7v;9`e$DUthVR%NHi+jI{M@4Sw$sa6$T3ek7ns5rzg~!V@8wPE$
z4}6!H(BH#Q+mv+<<Ic2qk4~cXc;!Qros+24yZd5pC5_wODa0V)JQ?|f?gd~s3APYK
zbX8TQGydcCvuy)26G5CRB^QNJ)TusRUS2M<g8(nPc0Ar}?V_Lt;$Cfo!ud0S6-D(8
z^|wu@7Hhl$7itW=d1;<u9{Ty_NWiw%(JTX_l@p$D0L^_$#y_;}^c3seb01}4$8)4-
z=S&`2DKUrz7s26iVw0IF#?{u@MCwlo1pbn^t@@&g3(5zLaf`hM&jK|ScJ@Wg`W<Pe
zDw-<#Af?}%CSzyOunGc~<c<X3k2w%u<BZFE8-56x!8t4JCmvEFnHTf~3QX`Q+I}FI
z6f=W!=Kxv-6f2cq9<79hbLJTv+MEfxzAt-Qmj`AExs-x&zprMHKS(&m#1FPrO@{{A
zxN0B|drK;q^8rX*j`Y20@Yg=u7RCQ#*rUJ%GeX=Vl?msNzD{0;bB4;vHBdMIL-wNo
zGuC&bQJ{wfwE#6SR!Qlv4Hf4j5~g*&eYkoiaOP;U7p1!5y#Ujj%`nOkO+MUOcOmFt
zV*XL!GA*jKBgbXT&wgkEwprQ9_yE^Hf)QKaukQF$gDSir)j2R}UCiDl;)k$BBA`?}
zM(?l9rTXH|zWMKI`xN=&+#`2mV4>P~w;zn87nvuQ{A0k;_dr!e<y+m9+@U$vUm-J)
z9oJwzSbHW})cH%0LF!yyM|wRldsOo@$w?@)%p~8%2`A<^buAeP>SkhmQaf?Cy-ZbE
zS#VO!YtvK)fN~Z__V0^18d}(>Cg@q~l^+TUh37g&7_T9=hTGc(-c|qsZ2{Z{A6{B%
z;1+A{tOoM}S>m_~TsC>Hf=Sqfyl9fp`=rUuVOAn;noKT`s&HC}4X?YDxLrFM`)bO#
z(lZhOrp0_e+tqsWPD~_LKFINyIu<s^jpTIt^kH)Je44Rq0ghEr)cR`|5aEfOks*}p
zR6E^_hp!r`3+GjI!s{sg-6LLHDtPwVKAQQyq+2X^$Z9rhj~8oe-}{z#b#rr&<%osO
z!BCi4-`FoZmyYfzGryr_`&gUF`H9e<f8t~V4a)3-^P=T0*;q7qN^vWuYtlxS$Ayt0
z2#%U-DrQTht15?c+kWeOe+5Vl5>x%;iseGf+n&=;IrZl@$~-D|><J9=<mxG>*z!tp
z8Nmn2Jzy&RM-CEOOGopWcQ=D-2jy6*ZY)gmh7UEcft7Xo8WX#Ty9N+08aT9m$9lcC
zmE1rw<*gb5Sn@JKI$NPD>&sdnAEaIG9jkDPmI1@yHz+8xpaPCgqHJ;;4}|pCG=-D*
z#*MEbdlOM)&g@153(b8Y{B}fyN>Y{kd(OPa_9N;RKSPvY-;BQkVqcy~;*BG;C~2}<
zLwvvNQP~8`LEdBlqR8}HN=@kH%A?2rQHDpQzS4R8SSM@~7}DM|os0mMj@Bc>>8H>}
zQ<&ieP`BWQ41s@yjIwc7jl+%MAb+&50qAevb2!9e4;8}zQEr~d!xoziZ1vnn3pD?9
z@1Wc}%~-72*|zJr4<W27a0~|X_;K%@yF4w9Q0GMjkTv7q{E>Z{tQ4()(%(R>uJ2KN
z|GTtpQEJoAL$SNV^OXRBPwNi1WpDqs4ZbVh2eB&WQr<lR^uG>$v}Vey!H)oZVT)G`
zN8i=a(K#JmXCkn=u5RYyv4m>SC}i{_mI5<^@xph?&BoQ4&S7>cmD+JYIC0=)@tiYN
zj-8*kBKSRLs-)N8<gld8EW`_!8)Akl(AAxom`GZl7+Zk#w5|?00$o?@OUx=RRt1sy
z-eQl2GUtP(r&bk48e@gC#MnUAH^~ZIuaC1t^CrU}zgh9=sz+ihpMLCGLEtFRIq_sa
z#n(8#WM|K~<dXqG?>E=hy%C&TTs+cOC<~krM0k*7#kntzWt~54wI}bI`mD4rYbWjW
zSnp7G@*cm`YS<o+%YhNt#Xu%<utW|JgAWnk*v&xOv5j)7nm}qMhS!Bxx{eis+Jl+-
zir*6B!_~(OOw&o_rKVgO`VS4q#}|X@Q>1)GCk^Yima61jwTdd$hJ;-`_s3)6<1-A7
zH9A<Rc!ti=d;0nHeRcb!);AKz?=)CwP}N4AZwwD2t{|xnOO!RQyS>B1Z{S&_HeEB@
z|MRRv;LLfCy%(H$hTk$!zG|%+6YTYvOqmgPpTAq$6J4aqT%Q8v*50WNF)VKxOdaz{
zjWU7XJrER5WW5%Z{`Ez4qx&$@VQLqiHLr^l3m))Km7!V~iDgET%f`SebE-78JR2z2
z-oJuj`~7|wL^%y(oLT`~K!$gf_D%v?<$ET`q;61fqgz*oO9fm>qBAVvR%X@zp#eHn
z6%Lri3mMul*MSx$wkB`jt@mZ;SdJdQ7zaux>`V7|0p3+FbN3*DP+JjT)dP|vjR(6T
zH6}Wtf}01))-hSWE+#7Q(W(aB3Maj~G(>uD{Y$lqV4N{_b9#D!QRpvP$fiGMo_w7&
zF4F`dU?C?$30Zy*OXx9aHrEBiBD*v-wXDw`9J8lU<mM}AFweV8zh9+2dieR#nps2Z
zc-tPD2EKNJ2UOojvWSe!M!0#XX<Qq&#=eN=;lFijtp`g;Uw*$ZSorb7r+c_u=A3jp
zO{k7%>D{~IGu#p?dDOyqzOxzc-ib&7z*Z=&K{-{bJOPPBf-0$u>G**L^M3JYh^i_a
zsNP!ll?-qq=Ye|XW4@3D2-zK)*hRoyKuM!QYMpHC%$C*qFatEx_}znNB8dVf7>}|;
z8-?A?ZGRUlnkoxZY<Yb&uQ)myoV~2K(3Vo%%Tp!0j-#h#uxRAnaT(F&gp2E={C)hu
z;Z9>az>9<G(A2W0zu)<uY|BZeEUSv_!e!+WV>4+AL4)XWkmhFFS$>&W)H<s-O`0d!
zxwP8I+M}%9v25X?UU?c(<lZSnzV|{Bkar6-L-rnva=i$Z2skH%fdMFWV9AWKHd^$_
z9-w>|N1f#6njuL0#cjw1_VilzH{gtbLB+p|&z(UJqQ)}&h@V^DY|<=3*D_^JOmj;Z
zx#$ZTFWdogmXeCI#da0ZV-xrdZkNOMMhr$vys9`m#=6u1-9ch>bQMseXxHd1Z5<uQ
zzdHkQ75(~iSs)r(pLqV(NIp@n&d4idNbLw{1)=`dxfFO4o70^w)ps<gOG-ae3+8{i
z+Kk(e|E;F)bN4#^^oLGHd7l~8jBA-08r1q-PxcD8AS7p=6+$WDoppU}wsP!eKC{y5
zA5%qlt_Vj0OZYRN!B=oH7~Nu~m8XcrLe!(5CN#Y%R9ryf0`DRq1bvVIhi5zwkCv(^
z<w3^tX`9k$jZ$ovv(;7*YXZNyp6S{d0JM@o4P1Sg01Q|0k%2<pt$O-DI)rZ1@;*(>
zcbWyImzVMPk-s@rcpxp)9=}5&baYwZ;0Na^KVlclwdkYmsXln7*dTq2;rbuN`&|xz
zQyZs2dL1j{!f2YG3xM4DJ}i|tI5;?pn*V(3-Z>Bn`*R_TR)6AJfByf;voH{&`h7il
z141u<uIg9+=RUX#o-z&LQvC<*ICBy(wZ{Mbckr6jm7lkFy>wCN3voN*#!L3Q8F4&T
ztA{^#Pd!|$iW#5(+AWsszbT8M!)JVc$@}qTz?fUa=p;US_=E3Kz*{4F*VZL;CJ1t=
zjMn;ue+EW7fQ$uP`9-@a5e4$RC}w@5jRl;3&%z^+OvbUVA!d9);O3J;zU5Q1(ar?G
zI_)^|tc6qm=aAa(b2POKG@3ab{b#!bew6OX->)>5ICy>f63R<0ISqb&Cje>HYY%=0
zo|S}a*2{S4&ZY$5F{VIq!n05b{K~3=rxZPZ28y1Hdq~Z`t#rk65HXmZzv%8Y-8=kJ
zX}0c`*$G1E&FJet)$aFM_-2*=C}Eb4?t|skroUBm?ma2uED8K|57Wf|!-s!X=KD1e
zDg1K@U2FQY%5?v)`k*u)gzK2a^3#VN{eIVbg&a+PUsW?_AGe@xIrqbldR4%%sQ)=j
zo-dWmk3V4{%x-k)0lh8|ef|=B<JM|&hQf328^Lb`5)V96_0eMT7$8bgfy?rSNf;}g
z*~Yv2P|r1t_*G4KJrO{1IrAR8)T*d2c$rva9M`7(+d8_}`}pW7&y@7^bO9!{#Dgy3
z(Q?=9>{FrG{+Afym_uBts6Gdz?{rbmd__<IqfW#R4uDhPAdgn+gUr03+E9-ssBKr?
z+M8dQ3b+vA)tD;YLEEWt!1EO~|9*njy_s|)r}1Kd`&*TI;f%{SvJ!LFf}CL)(53pi
zl){3Odu$K-UbQ^_)>nqnCDj?*QY(tuPQfg25xMp)ZEd8r4hvFy?5leEj*pw<(P24^
zZ4dLD&z;|sck%{+K)2y?vEAil5^wrKlTa#Xb7j?=>xoMa%3POTTF5OJ^Uadh&++CJ
za~oAIVqp7V@|jOfRim_f$D`JG+@s2ua-#2z78%S-rej6Yw8QD&w~iSDcJQ<pNCSyd
z5d>WBNNUpZWGGh$aMTnVWJDRR|Mv8sBwyqQ_&y)lvaFcHfEHsXLKlz{gR+|sBXWH{
zc@Lqfqhh#1vYF#}aiiu#1&58%4dYtp?A{c~<d1H1K}(4U0}ioVld+I)JU*lFpzu>{
z76`pN5ophif*#SI4h<@2TL>)bOym_*sofY{M?XJYqkExpDj*Ic_%-3hKReso^G#Ig
zJo)fSV1*6UQ8c=XRTWjuc(LS<)C){ZIp<pBy|3{ZPf|CXTDv8~C`w6y){0cgq`{?f
zw(YQzUW493-Z$7aTP;CvE1Y6rX!s5gTcHF^sz{WbH>WKSoX|W|6@X`pkKcWt?Vwdv
zxxc0cl9l6fG+(Jd48jr;=LBxJo5N-l&IE37fiYRz2YI#M1F1eGvpSiN=e57(Sl!*~
zj$;;C&<OC)I$-p#9kPOF0q-`?3$Y{>O2eEP#~f^Sot`>u3b7CmA@>>N8)s^6`S|UK
z)jV$c%oVuMp~R&!VQx+wwe3sce#0g9bXhB!2S<uXt3|@bykUcdX6Zs_&oUe9%Z126
z#hmm+>L;YHhdE+r3j%YMgqt6Bo$8ZA)ArNirmMS6zzf@`BKo^2NYoOh11?IYxE4qp
z!(0RTn}AbHq}aB!1e{|<RWz%Nsms{-`$zTS1t!^J^No7;K4!Jv9qYS)_DR^eM>n*<
z)>ml`rx#Djg6N`ceO&P6I)KDS!a02ff1yEclYF`(0e$EsQ2pFGZ^ovxzX+#5w#E+#
zjQm4^OYeC^I1LJMtCdWndwrhR>DQb!H8lWBx;xt7Qm`=4*tm6FTDHnogT;Z=nm{ji
z9zZyPMyqg@k^Ind`>#GNCw~v6*YfD8lW&KPtz%)SloC0R7J2>ZP9Xp!@rst`gD!BH
z*A!kWtD23hv=sr0HphK${>$czYvsT`vkMK`S+&tf6_*DLbGq2pGXtm@@@C|8L;XpI
z&(+^*(Rdg<OBj<R1S;o1FhvjQmiIXN(Wr#T;*_9qxj>tFXp#x7!FP1S%1W4dQ_bW(
zz&>1nt%5#7ClJ8%7<3yKIP8t|DkMqF?B&UT(LNP*_5NP7x(d+VP0V3j3x}Gx2I(6Z
zdjY;o+xE%fo6vy(!%VX+nKeBb{A{*&$K2ff<zgF<BNa|tY=QtjkgdjKfQ<4(yH9?G
zXRXe3Iee?P82F&F5VYK4fc3e%`ht_#(Z(KoDExSX34awBQKLBzLoh!vL_WXeQ*{l1
zfjreJw~wJoY%@~Vrl+m(gQ({~C_skXCJC5ahq$m!uP_FfSu=sn#VvF<uWd1U>c@`@
z`k5sSoCA=u&;-t&JsLl?Gdk?d0*G+GJG72*_nSFY<ik%7eE4ghGn<>!oNZar7h@Ve
zT1hJ!zySmC%4Xzi*}T>s%5C+}>dC7PwdbsyhFrelS=qb4x?$zi81=cth!-wh`mjQY
z)H^UZnA6K2*{FeS%(M~pG0tO+YE^_04*Vs6e?7=Iw}ylq9#9aP9c<h`E*9E!uE(PI
zA$(nVD||5`sU~!<z)!J(GT`+4m7k!subn>nc@36Uf><vdabBR!i(KX=a^(T=8F6#j
zKTB!%#eMgZ$D3^|;x1z2Zkcma4Pw4~ZAt4bq8c>MS|JPHlrQZXMGQ+tU%!@a&Y|^-
zM94ua0Iwlhjq`rlW#%{WC^UGs+sLODll%xHJvM;`*h}hKI9ok|=wC+ia`J=f5P!7X
zsi>QKdfLjcK;NekQwNWWBezXlzBNEJ{5{T3i~uh6^eefEx)>eJCX;jY6ynmR8VIgr
zbyyI|Rbk3-)e8*TmX=RoWxMU?wNIWt9RmV=gAc_}20b??(}5AIow?SBIu;r#C+0M2
z2u`OC*;s6`tw0|gR=*QP3{Xof(0cG7<B<uHp1hci;UvC9nCt53ls+N=UzJ&M0Ty{#
z%oIL7H-~nFHkWTDHCVp2ZkrqY2ut?1={66sDR$s3nvX*c%rq(Cwh6eK$yLr>qKd!I
zVl^A5q1M%S0qAGiotC7Gx-tCBdJPVZ&!`}YE5r5kO`Ql|@m=Vc!9vpyW_4SRtqf(N
zPMfBwQmk<ePwVVk;Br{9%#YbwTY~VkBLEjL_y&D`1fPn=Fukk96<A2%*KE2Bq~AKN
z^fMCEBpe1l<^7`uMA{jaL5N>4EhC%0&!o{Y5@@xlb)Vlu`W_eqCiFXW9@EpqZ-B~8
z4|zAcUX#GDU(90|M$euHx-Np&kE(E;^Ou0^8k+YDb6S^f_96Cjfd+7<nXPaA_@2g`
z7hq~jp!UQ0-yj71hADeHYdJ0ef>$Ef2#<*&&MpNtZ*|$0jl{{!bcRbUrgH<qb#jKr
zAK}ZzaUZ}HC1w67jOh!&NqA~m{<_(S2AtqF05)|TudkThTdgbP<g}hQ$x=RxAKGC9
zWIl$ZApy;*6Tz;ac=IytQ1y(I&56z-2+*o;<oDbLx6fbt&oXq;`SUf76^y4<lfscy
zDIRHA2|3JxEJn@a@>chstzZA?B-4d|_0hP-(kT$9{e`WdQW>=uTLwC|F|)#|Ly2JH
znD^D+PyzK6Wr5xlRN%(K4bE!A+7KKn%z>1XfYL@9)s~t`5~J#*97&a|0Q0Gfgp9FU
zq&nZ4T3SjI8oA(u3tNu@dxZ(Mn$;k4^%EhF^xK@hrwJ-m{swN$eOXyqcovLGztB^q
zXwy|)7P@10_(x}9mfR;Zrgr4`dW8krI}h%NTNM|qv1Nci0~`hK_Dhh+@Mq88@N&<-
zbvS5^?58~U+@8M`mqxS!kMmfp-Y)@!QV-<20NZZ$bCKUGe|7HXkuRCzS&SwP<h{Q>
zRPBFDb4qsGP|(Cr)o%}&O&Wb2sweX6%l(O+-hJ%VMR6*9dZ|ke=}SAE3B4}Y(pl5T
z2y6XC_duwZBYdAdw7f0{w(&j(vTurK3;FcO0^-+4di|$&uyXN-d)tp@1*lW~*{Ta0
zP5T<u3H*`}>uEy9^GTC(w=Knhz#O3gly(Ek*V(*)HQB&vZPx|`Evuc}0UHR!EIMfQ
zK&}%<i-ayFiu>L#b6C@FY1yyZ>U^i&3<btqbEA*rkRIV;T8W(8S;hiz3{z?~!Tzt?
zdO_OTIkg$`{CHzNGY-uhrHwIXh28bYXRF4<)s7Eo`;8CYm1j?O-fa8$(IzF3_4gFH
z3j+J)KW^BLMr~Hx!Lc)6-@wu;DU{fpwq^$VRten;=S<asFSW?>MXet=(0YZYmlK37
zG(qip|1->Nu5#?P%Y|aJhFCtmc}&6?(49efsL_q^7uD)#35;CrJ#OQiP-^DS^-C0_
z$pd_c+7Qwhce95&h4iMZg|ow!*2PMvyyCL@cpw#Wm4*UI2XiT>Pn4=M^3PYL+YK8q
z0ua!dfVI@qw?K5tDRg{tX%M9^)=m703psoZhr@ZV_9nu28T@7NCATueNQ)ivqYbds
z!6Kvl_Um<GJ8Ka{IBU_FD~_ST;6SP&_6?Z3K=;a6C0~cOS=?@5Co)NTE{JsmqtPe3
z|Dpi`xOW;;b~S2Ag;YDM+Bt~KPOfJ9oe%i2LC5)+rz5L@Ud=4>N?9fmIvM`24%hO$
zlHcK4N(J0C1*bL<^lWM9n^@l8-Fs7%+NcOt2rfF?a6&2&*C_ngUo_Cbv@s)^j2lfj
z<-O`(UFmB2@d;gMP&$zHIVL;s+4k6fsZ*e#kJElq%j-MU^3vi(hxRhk;wK^SVF?Gz
z38o8|2>Z)%t#4CfmfnHlrjgs(&;rMIdwapyiVgPV+K>aMkXoxgS%L*<E2{1X44s*E
zOGIyN8IF925uWe`upVX!x70#T!_gHeddTK&rt@Vnr~aF2MYpQ(gQX1_84!@4B9YL1
z3H&1xNJ!bir~CMkO>;z1EU->E@uMhME$5r~q^o(L#xl(CAgxLnA1G^c34)<Lw=Ns$
zXFYZLv=(^k^kh@o9~U=8{@Kw0K1m{GReOm0_S?4sZqJrNzn>*foOc~|1vR%z>5-0K
zvl4PN(_=r%fV0jl-k?i~qG}<8%x+(~E(ALD^t{Vv_DSYneHi~J{Wx2o`V@Ca4)&H^
zVNFPmFh}Zie7tub;L0*%`Oa*B2{%9t-}YJnlobOGIlzo71PZxX7DOu+o=2pk9$}?5
z2xZ;Y8({AN&4(JB_l5257=(EYJBz1ANoI1mMd?+gLEh8ulFtx|HdAXIaSJ}0`~OR*
zo~`->hnl6FYmJ=WK?W%Uyv-i^Zq%0mP~wd;Lx=GtG5|{&mm@fKh%WAi)W5E)t4k7f
z{ZQPQ;JrS7tH78Vty8EHXboz%-vz_ov^V4B!|B<1zs7AQ@aby-oqY%uzIDs4++|Kk
z;o%iO|K8zm*Vp&F8aRKudb{*gyS6!Q6-K@nC|9yEz?Ne-Q|l^x#^@1k%j@e}J72Z9
zkevMDn;9TWxCJN??)K*FMo(=A`I1hzUZOVk-K-QaD&x`CdsP~*v!ig9@vJsnQ1zNM
zKPTsjynjdFT-4i}Hg8=P%O(iy&F_QoHnZKQ{RT)o{(EfEUVV~V<9!Wt-NZSnEP*n#
ze(UfgUX@u7o;j-0e^D3X<HZI3pUqbPzUJvzp?O1&oP_gWI*T}R_Yz15j~08p5g!+e
zZMZzwXYqBXF0k}&?&s($(CygFoC)31huT&<tv+oHmigIj0deQ%bV|}7Tw(xs?>+DC
zpA_|5t$oKtJUMy~1&aPZR6;8CGQ&0^eLz8vx0S--Sit3e@Lw_AP4de^Rx#fJC0`OI
zNfvts_v<sdPy214cZ)ipZ7egX^6$7^V7Qaag8HK|snKi#bn4Q6LOK_P&HI7r>a#bk
z5_w5dlQih&?e~*3`|tsT!w0xDWw2LRev4ib`jZ78599d!`!RHM>ev1UhjbH+_|FHQ
zIRE~iI9}YpAe#02`oI1c;90r3PVlS`<4;`+K@1ECn1e*=118Lxn-?Itw7hEhl#@73
z6oF@f=1kQ!KMAGjXeLX0CVRby@vu+NpFRQcu>J68RXBha-V^@yUQ2P{h9DIBEGsKC
z`3T*U<468F#i?@k>|8|<<-Ur}T2AD@zb3M}?V0CsQ~*{Ho`nx$04lsbnI9Mqw*EGq
ziBy>1#iws4ha<3^$vjo7(<k)om5l(U<~-n9tM!=5sZ;wo>EA7`-|+i@dI8;TB>Mfq
z0%%PsZY1!=rE8|#&9u-zATE`HH&bDgTulUZo&Q=3Y_JvP#CT?poBcA*4g%}8*ap}^
zk=@d508ZiiulUo)@88GybTe{K&h{anJaJwU`Wfnd5*i8SODbUZ?IycyXR#$9b^Y|e
zU%$ujpx;YLNB4j4!u}b?|AY40|0jp^L>?oMihP6ITKGY1*oC!hft|Fa{Up?PgM!ud
zveWEO#~kD;cp(=Omip@I1is6WCYf>N#OU;Lmnq?e&EOzE#4p+6y4D_B^|l4CK-cb1
zGptZ%e9)-^2T`}&aQ1-l9>&QK|D_Qm08v?jBQl&H{kHx?KciD!9^ZFN7vL^OMlTib
zB<B;hRmkHFLy^#5(k_Bc;E97sPB5wr0D;J;mL(xBsIM~(Y8Oo&cz5<W-t6S<cOc;+
z8nS+~&b<Yc<}Jr&F7ck+j^;Pc`hX`)H&>u)@|fq$=g05cMK67gcy5v)>Baqf#Ghc3
z<fXr#9M{+nte6IHG(faoS9bxsS7xU>`QRw03TPJX>m}B1-$-+;FL5q06t&$$Fdys~
z)Ov0tv7rB^jYY9Z=M4|v+1cjYw*d9Z2fkJcQ2<Y>4tfQzuC3_~cE9&on-%m!{FGat
zWRw_~K7ls0r8RXg^w5`#d+}UXkMQf=#FX5HwN^2UKfW?~^1JQIi4%_4LiAyJ#i|X0
zqKwG{CF|;kut8cr-Rq$Ix)tWMj3M25&tuzN*tMn}E`I%gJ^W6zf9OmU;sxQLsf`!H
zIW;BBbc2H~!x_vQY+insg=S8i^!EGZ4UGFSxT@Xye(cesk4r)v8l4EinWb|v_d(jI
ze|F>B6c1kS#FOLNppP8h?3a(U#VTX?U9SwppcYnUQF<TiS7%Noa=r{_$3>-r+SoBl
zD!n$G=Y|&8EpX2L^56u;(A{hRIuf<Ew5WiUW_wPb)^b+Q2k`VF`o4{?*}43@s5X#=
z6ZRox0bmKAXx3ZLf3``TIP_@f_u@v74J35?-6huh$V_po55jFQ?L%!Q<g}0nf=Ocf
zxK74+u!gL19;(T-(Hy_y^g{*jE+t!8_ok>k`Z$Bj)~(A51gLHD&ZanZzrrWncWJ`O
zKz`;mM_{EH3$#E-8+6Ho1D6bl-t1KAE&KU!s|x{>8O@`Fpg9d0oub4HtH<l6Lupc>
zD{$0{myYZ09DGLgxxv9O?;V|Z#ZV~~-JCv;-LaY81l>oB@_Oi5`PSOtfal}|i&F2G
zy%zP;>vzCFHiFxbdS!}YjDkAK2B1Z1<B@RDm9C<S)gduWf}awaNn?FJGZM-rpck<E
z53jhm{-jcr19?}2d8Ol@79LK{ptsWfQ}q*q<-wPI90~fst<hWgp%5=<qOYK6{uOjU
z6<ywsuAqG42&W`VIKhFMTG)~kpMM_RdgGH^o%!OZcC_3e0K{FuZjdC_=UOrAqb!v9
z-3=Ca7Tv)j^VcE-o6Cf<q}M+;0L#BpG}}-HmmD&8OWCm~udc%J+rt{K<0#ealdV#3
zS|0nkT%nf(v;^X#4TRLKh_9<QhbK-&$JsgMSm<(uxT}YZgaT+8BeogG0U(mN3h=~f
z5i@dO9Rg6n@7GoU+G2;JGrid?60QrMKDxWmoRS+;ZexjV(zahLp|z}^g$%3p&Lg|s
zt1YxFg?f_rvpIPImWM3W;4E^%Byb<E7BN?~bzrUoGO^~ceHT_q-v{@f)(j9wkONuT
zG6}*4#wSiN9qvd5HG}auC(0cAY<u63frrNmI9T~KLrlk{$MfgUMeRoII#VRez@9)G
z(1r*OXO8S{>43^hPL(MhP23N5gfxEWTf=9tIbG8I)eDTphvcEn)0A`#9!To9984u?
z|KoMmw5jqm#Hx*2o*L2@Wt#Ww^+n-p;M}Fk1Zhh9QLv>p{1w(C!kU<7HM|sR9}7{2
zS00opxoxs6dK1>GCCUTy^FU*VTp+j(yA$AFN9p@--*OqFMa%B*@u$kNaPY2Rx@@}Q
z^)?(6Tmt=k?YFW#isG`s2pw<~r?`F7pNfi2^nc6++DMrLEu{msqQ!`y0-lXja|$&L
zzgwEE=GdH+4bLJCx#e1R@Qv=ysWJ-N%JBxje_i1twECb_40@UusX)*GJzgbKmdc#A
zWGl$a&+sctg-Fe2edCQazmwew*h!C!LR0N7o^))X3^mdR(YvTtsi=~KanCakDJbfx
zElEEOMQHZjfr0LiDaX$28^$#z*;J9Ep>Om!I6Wrfo7jUhmY1!P#P&t%_QhRxOnOXY
zNXy%hDhB{;i&oX%@AC~&kSp55FO_Wpg+VYV!lGqrrC^j4H;h4_#PK`hOyARg(xcj-
z75D1QYOiERrCQ*^dQ5cnoB~sZqyZLfgP6;(?o1UIZ?*=^r~=Hi6(sXMk+aSP=!*FC
zq9V>bk2iMZ{xol!u0)(GM#S#AUZW=rdg2tW^l-2A^-bEb-th-LBw?dDPy3CH3-jt&
z@fah(O46}Z<wv+Lv)4Y=N_y*_-abu2pAWC<7#mZAUpRX<uQXwyHs5aFO---S)IlX;
z$aKY1>@A4ECH7|oU=w&Cu1HFBWF$6u|G3j;6=BRpdbuy~=#1tSZik&t+``wI@Mf!c
z0dqZ*L7t<3M<&T-WBe9xn<Lu@`>f9=V7hL56wuSSwZ~**<RVrSwu%%#pJOuCV24Sn
zScoYcO531#?tS5X33Z!ZZm<ZERqZQxaHw}3&M#<wB4qaj^Lfif+<c38(3sPcLMrDb
zIgv*zNGL<{*#aZbXrY(G>D#w&jvIP*;6&E-?3Sk>Vw;aGw79aSPFQd{jBSPvRPLXm
zZ~nq{$~M=P{KaVluxy_!*nQP(m9;VPJzXX_#PFtk0-qGS=4~M%^XK7F17CPWye;Pf
zk7iri-!u^WX&EeEwR&}P_+NVZ{->dXV`53%oSf~COL~5!k+#c$GRMuV0I2WA%v|Ob
z@ub$)*6bUm0ks-x1vHzF8rA1O|Ik;jlod=il>a@$i`H-oO+>tr)G4*?$><>^j){Ke
z8Q)kB1d!~;17B26Z5<{^)n(r+Tf+(g5}4Ut+O^)2op*8o)I)aH@=0L*c1o8O6m<#Z
z5Z5L-Ug<T*hNRSaOxg1BRY41#d6N%Kh~a&1R_St_E@ZUttXA$lSu&xfm)kTVGE&!i
z`Y32Yg*QZqC_M==zH7pD#gxB8g&dHOwHNTb;vjuvVfbT##?%~ss2-@7V~uzdDEu<F
zE3R}$vD$OXEne8Icy~Q;M98$JZV*J_?0-~8UtyDzDdJU;3RqPyr7G)~2B(yyXfK_w
zdi=QDd515#*0J{A;MKV^;(+ONw;vT-qd{Ua-Woes=gtM#t!690dvU+LT&R)``>`sW
zjToTerF9yNZF<sZH5%ZN6&H0H-*Rhg4^L8cgUEswE6F9MfQsCvH>G28C0QJ0w^rNM
z6?FvfY9=*2AV(cLO26gBX;PU#x-&!(pX|gB<%2wQqVSIX&e}0)nW*<`t3$gp3$zD3
z$yA^ev`tOxdqNWUp<gFbNqSjYPcMYBJ2^A}%!=MUs&9VTDTAN&R4h*Qo12^c%O5GZ
zW@GxVBYg1uKiOuUgi8O-H2h9xLnJwjP!LMdst8Z!E4~*n(`lg@X>vESeN81Y_2ntX
zub--dq-D~;tFAm;1uMF1OM9&GUdqG?a45y+b;y}fNK*w6r86STIj$4+*}cMhkbpN~
zdCu9johDfs<`j{y_PL#BzZb<eAFsW8xD!BI`;C?PKE0CB>n8=Y%oChM2lKEhXL<rw
zr}f)>A<RW2v5*H4xiPa)!!xlL!2Uy~lK~?)gVI~EO3WC=C;8YEVJP3=qYe~WZ+eDN
z*g(FeQ-4TKzd7Q}<pBtg#F7Qnj=|_oKuHC%K_m(1ZwOsm$B8XDM-oAL{bk(8SDZxT
z3}&H(M~X<atK;uSecb)j)a<)aL?~{VajV*(um%=7L1uU_pgug~V7|2=lHA&Hws|p>
z`W_1}<OQk5lJngBkV&nCLPL|6s!-^2ZWr&J&GTbyY-~x=BsGNCow%emKCZO36v@Be
z4mr`bbs2E3uBK~8j=`+gSa~4ojS^oYStM{}Thd^Po;^DmHvEF_2qC0-TgJA}Ecg58
zkB9RDxr<kjaGSWj8MIfD;~S@l+!Etb@nNpe&t8ZW_5Ey}ypd|Lolf5Pw!&p)qF4*5
zmu?q-#VnPZj)fh^Y$cXlVPQd*Oq~z94sg~Ed-IRP&wR()1*3I1D&mpuxzA38qm=qW
z#2=~ERYvo$RAz@CZeCBje?gnHQw!Jw7$dKl#?zyn=zT94um&!RTZU_`#6U7k+@ZE)
z0uW^P`Pe%dfG$#83D-YW@<8LlqJpkhIHX>fUK$HkzUBAQvZEtW5baTvtJe_gIU|hh
z6k{g6!_~`!Nn+k#`48EqObj4m(c!8WgdOV}{fVV)K^bv}U;OZZ0|kDk2Q~!k2N9&k
z%?()AdX0p7s%R_so|OL$(~5;EJ*|)b9lcoiK^4bBtiq8F!BnZ=>M4j^q7`{#y$mn5
zHwAHt+IRpsp_bVDe8>*F(m(x~<*SzTOqT#}RRPFfy&aM(+BWO+4QR1V2apK9a#ffM
zVGq5E52>vha>8%yT*R98W|zX|TxI&Z8?^-`tz>sT*)NwE3OJ6IrsDsDlr<V%g)l%O
zS;X|<12a3D3v0bv$hLa-6*!y2s3MOhmsmZ!Oo$FZX$^jqVTn|17l+)<kz8X^fghrr
z%z`%2K4_)LtuHMt(yY3&Kv@KCsXN9@R0p6(%R`%N({uR^phYWjQuTJ3o-^GXppC`h
z26w9$Yj+@no!w*NQ_ND!Eg9;%s|NR;vej`*e1i~5W<DRf_@aY(ck)uQ4|_CC9U#!Z
z#uc0oMSL=q1a0u_L<hy4#y`zE%x{H9_HRd2HYfv-UuIyWu~S<jVR~}%BY;BWnUk3{
z=N#O*#pa-JA=BFYUg7#e(EQx~^OvH<+2wb4Y{EYCL2v&3<gtR;R&mW09|bXzTn^9^
zR%UI5GCuZO$CBB^0p@z}V8VaMzX3ptH|BQ|ZPhiLO*fX8wWgF7n7vNn(N3xWGJPjI
z^<Y@m=b($?<nnjA^zBjDkAe4Pqbq%EFQGStRX{vn{i&qa{O9a0acTf)rRCF=(@L7*
z50zk^mAib)(5TGzR%OE=$t77b_3`5=Q3{o76wDxP*DL!L=g2y5x)kdYpG@{9Wg<2*
zxeB$Ro9gl)f)TAx${w2Ne_Pb5rdq#gEb5e1WY>p?-*ln?>lm0fHvhcuD|gB6z&g*}
zAQCONo4`@l%P@SzD(g9J=x5g(Ej`<9X1^;@9k7<jEFRivtC<ZNQJ{1pTgBzg#av7w
zf6+!5eP&S2Q=ES0hYsz5tV+{o&{BbMQ%gR%=ELD@C%U9zyNkHzSK5-4;e26<2Ef59
ze~eqW080l(>Hx|d3Pp47o4J85lRd^h#geU{>-Iop^PA3Tl2dRv*6zCZuJa2sNUq$V
ztGi_S&jvzt2TbdhPn&8v04(r+(T3;UCU<q`l--84rz@ktT*6zp%U;k1UARW?P6aQ~
z8>9u-*Ob)%K#0-L^~Gde_L^mB)&OlZP@pfSX7rAC_(d1yNlNtv9|h_rk61Nmp>Pu_
zrWPSTJbpQ>?Qu!284{7YBpqnlpTY*^s|mRl(wai)&yK}`mfQ3rFZuo6UUrk_iP+HH
zhXr!=+&>#YduCSc*%qN|=bZMV5VZCpGGjf>5keN(QDzoCQuk|pgik^s5QO~kp46(Z
z+@>{C(G`{FzcA1~HS%-=Cv<on{x3S_f+pBEo%wJ5(=Xk*lXvmWp{8e;x2l35=0-2C
zO)K|5X<}#Y>MK`CGU2{<t)JVp#CP!vub@$qsGll`D(J|h#9bzC_^|`&sAS^jJv?RA
z0pWKEds=(mP=)A4F4)^(u&Q~6E1}p=<bN!wx1;=JRbv<JDo&O8hN?N6Xbftj(r1E~
z812%C!+3Ca@m>@U0w99{x_@T<PDd)@V(ncgkt-$#Pn(@TGdjr-{M)#*0MC-am8Ci5
zz?AgA^kupMV5+uZFAQsShx!XWx_9y0^P^!I3MVgjjrlEl?qu!s&!D|Q>>|@I!bg4?
ze~f{ZxN6wz4=QHV61!VTpuK!v-1Cn%SMt`}eE{wBlDo-+XKOopz@>KS{uYCE?7diq
zGVGD?B<YtMS2)jl6ZQhuE_J;;Ddm<QS?kF)lJ@V`Yd}ycRUdP1j-f_GyJ15NWVLM&
zbHZ1z)|Hq_cJFM&Coy9K%@0Nz`euDbZgcs7&6a2Nf?dW|z(jxvd8U4-&_W_@U0Cl1
z@9El$Lwb(Z<<u9P1!KhuXV1o-q^E~-%B<<}H%x5FB*OwX7F`7>qYZukP60>3Wl02U
z*W<Ng^gJviLma|+MjKid2xXP_;Dh=gzwGbTVFEXjzICBupziT(LlYO{a?oaDU#@ly
zwJB|o1_qMG<b{~{b=tSbfwUvVm7Evb-`wMl7I(^$*u}VAnX9o&7f)=CzT!39#kWHV
zz!NJwu(nRyU;W+=0o3szJY9d3jDWA{ND2`B>cH`3I;b8eHX0O~V=KuAml~8$UQ`YE
zl+HHS7U*Bn0Fu!_81d46(i_pyx<EIaVpo6qDrR`g`?ZTg%;%3H_>2aKAuQsq8c-P!
zBPb5oS5HoCy{XZ0q9mz(^sPx1e3qj)ExIWmSe%!--iz4vgLVeG>y3*eDSZf!-SV1a
z`&2HW3EvD`;i9Z4kHH~5q7IkNp0pw4UMgF6ngKwtCkSY(f8?;y%kfrW6f|wO4RS0z
zLkjy|$Ahb6vcuJV!io^RmRiITm@kuMJ=)%_#I3I^f6;0IZO8CwZbc3v=Yu5Tg-tqV
zlbCM@mzS8{Do^S0@HOhuoovq&v9l>LeCzbVI00l`LsXI+{boXF_%ZV!mC!b#2bnxv
zp)^!zW>D#D#HC`EPO<z)pa_#Bnu053#5k-(cZo@gYs$(_faTUn`*1I{P9}6f9?E~2
z+PlAWT*N|H;m40D#)}u-P9HI-wZ0Wj&7Q807fM*4c!Pkm3z00hwXa*=I{y!{ZKuOV
zEO>Hq*(%ES7hanF=EF;zD({0~E@8JNeSc)VX*i!+mGnglk~U5>*Img_a5e`KnymRy
z5MLNA^-%)AImJ(Aabn1FU($(@gELE_I;s&LAE<_g181(0QZWm7x`v|(Lycr7#sJSM
z@q8l`?|CJ(8^vIKz^uvK_;b}j=f6XGiuI83TLGh2k|Rcg4ul;vPm&@i!lw1sB3oJs
zos2F~Ak8^xEyv&L_$o^$JB2}M+b!07XoBKI6HO%H3LFHg>?ei|X?t%R4pDpuw+1)n
zCyaC+zq64!L5+7P!%mKkl*wXtRwdc#Z%Q^bsWd1EWm(F?t=cp%bpa-IaRM%3{f^vV
z^Bk*O$b+9DhO0L704p3}g))&#NF{Clr%*T^aLx$sI$lkD+&3^%)8*SwUhqj8Q}<1Y
zO_laDzh85nM|A?IPBHt@)*i+hB_QiTr!-ELOu5voN%qi%+1FQs@&m5-q)0W*=Iu*^
zwArC?=haXruUMUP`v>gvXw@21Ue_9#i)-`Q$y0(wK$Pc&;KL(fjqmO@&&u#nlB#(8
zEQMH4$}OyV)z`ym*nr8;Eu#9VE7?O85-VNA)`v?Vrj>iIu^tY8R;7l>eEV@Nr)OIq
z$Bq(Eam3cX3=6rVDC|qJzCr?xZ8dq)A^hoMTLLOleoN2Z$N>M2T<bYbFIQ^Y0bis&
zm5d9FH55p^zz~|qHpj!k(NujfQ@qggD=cc7dHmFAKkf)b7N9$<85RM^Cn2ky`I7a}
zA3lAJ&&B0=arx$Ac)2NaN%xx$Gz4g1Qd4qntJF2P@IRg2mb4{oj?bx{q|Nu=sxN_N
zo$Mi|A1lcgTD`$G3BW==nNZrWX?kYGr^q_qi7yk+liwg0T;5Z&^L?MTu)nLO2tk3^
zGi-O{Lh_dLxU;mV5s;E*Az?+)RT_QyWNFr|N>6znWDs{lVMC+|t@6Yf^Myg}gCH)4
zbJTPLnyY}YVY!}%M?^CN6R)Wja9i>o?Pq;hq_%YFn1%B<%1($kl+#pf+wT}eUC{`<
zdez|MgEtupakR8T3ry^fK9%S-uMtODCcNcM_3-(hyTuUnLzpbbWmWnyBzskT|9;i#
znyboa-PR|WypG+7ExR;F7({l;e7MmIQIf)MN6*L`-*`S!?nV?Vg!uu=Hj>XZ|4YqZ
z`#~%+x368h#;B8*R$D)yhAA+j%yv54fJwMM!L#(L))N{!o;D;8T3iPz3;UAo>&<Hy
zFV;yu2O%nGK5qPaftmV$LMnZgWn|W3hb}^E>4vFXz_Y)57}K9-&s9|U!uod{R_v`R
z0`C&H(w27&T0MgwJoBZ+T`+IJQ5iE4VVoLCdp;;9_iWv8q_epR1Jrgf4TQaBuKY#o
zOdr~C|KHeq@2)1du6tOIM?H$*u>b-B7K(s?bm=N8y;rFs(tEEVmLn)g5d@@*^sZFt
zA_7t)C4?T4P6&|_LV&<;Mep;x_ZN7_c>Z`Yh7O0Ci{!fYUVE*%=9<&Wch2HfR{5!U
zon6UA_h5}QDd(%UgV%nI96WmY{L$eMw88ZB{9iu}>#B-VR(3jm-V|Tgx@x?(E}OsT
zTG&<`;O)R$5tJCXCJFca?9N2|RWnN&Wdh{B`LS)|rDZx-b#q=v5YmAGUUDrSWJS@0
z9?S~aHc7ui>86$c?!3h!q@zANe<r<g+cxjG@+)!}1qR;l{}Y>*mUg^iN%GoH$|*YR
znc$hc52j6%EuHvx)y>kb4K7#P+uH1RBD30@ad($=I8#wQ{VR({xv$3elSX&e3h%Xf
z^j&%uM*!(4$)zwMnPFCu`K#CBEgEG{hQov%OU75x6Fu>lLz@PiT}hPmUqv2t&y|Vu
zSNGg&J}kpm(3E2am=mbE!~eW;EPnENCaaxHUPtw`c|b>j7=k{3H~*DvV3lYCJ9W`K
zI(qmZ&51*yK~5r9JO25=UXYERY4JU=fbBY`XrU7H+1HGjIm6U{YF6TPboBjt^VMln
zbgAxuOOwpa$Ht<*1p+Cfnf~Qm6S2k|Je>ur6L9FzyUH)(022tPbUX(w8u|QI)fi?B
zn6wV0ES{OgTeEk1IgzqHlU({otfc7~jQ7&e0wZ+Nx`5tUNos1nT{Y_;VAQo)>K^%P
z+IwHFG~XAs;<H2E_H+F5&6nPNmmNQ`8M?c>+uy)oTNEhzn)hC}OCS`YmCgga$=)k(
zX5=zWb(vP>ES<5B6{ME$)5WENS9Jxt(ymyQG$~Fy$bu2j?fZP#d2<!aEu*j~(K(t|
zSwhp?JZ%M}u9XR8Sq2!&E4WE$wD&wAsHusNwu;%_3~t>ZdE{=?Zw8x`oA*_7zpAFo
z2RgP@HKBT)k(q?VS=I%c)(R6X?)LAx<}5&u&S_{uvgxLQY*Y?{65(=B-OqKXjUVZ_
z9`D?SW9VUlx%yzA9kJl75-#;~_VtaBicAK(ew+yIg$KqY<MdiRs_(HY$sq7(!`*bh
z`Wg+^$sC0`iLY4R+mej_lQvC^Qoh&V+$n*=FlYA{(6=kSDrkNV4qfz4F-g?=hn?~Z
zTI2E@WDYnCu~>B^@acBu9PEV5eLcKXTE;x!dA*yqMG(2tyiQgF39F-WtFF`=&`c^0
zd+gXTUhVofDn=1ZSP<ZO_ADL~X%^Vukk(Y3W{{9&5u8>E&6_J(K}-N=DL)N~9E7Hq
za*X*Ru?j?u?EX2-pCmE3`qZRy|GOotw2uyX{V*T(KX=58T%Vjz56+T`SeY2Whqgp9
zHHVc(MMbV)ixfg5^E|STQ~eiPXxXX*!(@tUy$IR#^1X4dhcoa0d?Xh@oE4CAyJiYi
zg8}%!>zAn6XMPZKos?l7CU`fHnz<K^Lq%+RZ|8l*w{7&IDq{hK1nsZa;AB}DxP1)m
z|FPEO4|+x6&t?y=J@}UkAQpFuaK@KK{6R{NCYx=!%g>{kDJxCT*`aI=s8rU<${5`*
zNg1uR%%+3>#_E~e*Oxz8Kq^^9HiP6K>r|#(Ib}SmoqB3UIFcjw8?s>Y*@1x_@4a`=
zVQk<>*}Tc!_%zI9P7kth((ESL_DoaRm>`$926cdxrOaXXOTPWKK%<<TajjiEP+c&K
zBDS-5JP26N#sTZ<_6A_Y%p1*0jEc&M&`Qm37{f4o$~0`MNO;>}?*?wNX@N>o7z5A4
zapcN^yxSXfw}jL7vhqS7+yi{SDKbkq<Yj#cBr=|n8<M7&gTP`Sr+<M*_TQQ9)E*;v
zoXR(>4qZ_02V)=SCI3oALl{9bsX64ybN#v!i#R2lLDNf^nELC4@%#JR)5GEnSGScZ
zM}zLG30zfvc6`pTK}t*?OfZx04me^;a4&M}7QW<*kScN>D=0dw8J0V7l?s3{Ewe;X
zZcYTt@IQPp0AI}nf^${>NqK?l#F;V3?14$j<2m<bs%ml>-7?GosNWIwv8C~vEbc&f
zo>?mN3WM9LHUW9YoOMUWd{WIDxxKNgQ(rZmgWC@vk^04_xuA6P_w!rG%phd#*t!6m
zUfVR<?&n}e?aUSU6o(G3^>G!zxu4SqJI$GSZHmIOM{V!Ew1(D^H-7x4NF#G8stu7<
zTj}@}04`fpTKVFOX#u9$q|WE0V~*j3ZRrRZ<junUt$|kQEEmD1462HHsjRH5e!)X`
zv4E@+h;ij)vy*Jc4IA!i4zpff>eL6?*x6+7JI5IZGke&y^J7{ga6v;U1ShUQ<lkBI
zl@i|D=aVtoh9!0h=pfFa#>BdBbKZb+r<Nrhy;3P7Bcu1u?-aV&Org?2ul$&yfO&0^
zG0`N6PVzj&fSXaWeahN~F<h@uU=_P0V`@gk4V4`O6^GNJb_+^9+cu9g6>46y&D*x6
zkeT;K&erV@RoP7%!Oj!~K-+ku1+_G`kC^s`^H<zyyUPy`$4B&<_1W|1Ig|_ZGn2Y9
zNWUMu)~WZOdS~oC&jNZuX>iVMx%;Wmu+)BJO`n%uM-^FweZ9O|V%8Ktm$cm^VM?1+
z(Kq!oGwek~<ro_zR?v-H%oyzv6HRO*R}7v>kABOYwpb8OH@7$peH3O<|9+bZ=+5eK
z6-DNtwhZ8I42zm7ztG%NynWl@>(4%3CY>(p7E3SYkb(~-x$wxGxQOwmSvDC2@0HM@
zq}gh(6sI@b@6+Vf&8QkG!9El@5kZ`1hZqL!%Oaa%sbTfoX{YmLOACW73Sp5;*2D0{
z$9xo*hJH;aQPi{7w{80zV^h0+;Z%9bizrPcA9iIrM-`M~XU<AtRZ}`=BD2U3#E(d|
z#zyg$ZiG*rVIm)}1OmvFjSdt&TUP1d{uQ}cP_w0B6kN>I<jM<}V9*F<p~e&H5?qne
z1eyL9vAM*4M+7kdOM++b%PG6J66<hn-`AQS(nHR!;14xN)svthYa1-<nbt!j4un|@
zY_P(-hR;L=XhtMI(o#8pYZb80vyhfWo|m3lJ7?3|1?NfOL$WdTNzx&!7Z&WO!$tZI
z;z9v8a_$1y(A=U}*kOhDTHaEw!*Yv@YXDBFom*0xZxSVOHvN8J)WR?re|r6NQ<x#s
zIE?KbPHpnzL1TZ})I56Gd0BB%IDW>r1$hr_EA{H;6l#MhA)tMdR?tS+U^x3m6;>s+
z*X;FEYYTyp+KW8hdc4pyvA^~_eRf3hzD6J6$LwN$XB_VpWaE9%_A;&`vFdqwZ6NZ7
z;;R!90Q1sqenR$M_<0In<LH+V*aO*vw}UK)g#|mSWWXixW>zf**V{s9g9D!{WOG?M
zPl0Z3?W>(|r&!#pl`}0zh$12MFJDCHKYkFWqmN46>4uo2;~hb*_b$^eEi8|CZVxOi
z?jgfpdf+*8ofcz8-*e^r>HuQ@(mawgjNU-0M%cLAB@=Sj20@}9z>5xXVV$S`eoJJj
z9`3fE>5e%pqDR`4vB=d(*S13|>TF0tWTnp8K*CXBIbd+d{NtN<q(2YO=|F`@&(2;7
zDvmh|JHOH9w^VxHZea=?*5$;Q1aeBJ0jv}x4FB}?pnorOWs_i(E938>8Ux3QK3J|#
znEvvrIuL#C(uo5<1=mza^AW!|H4P+r56?R{MhEkW(WfA40%?81=+`qk@O};$GzShS
z2_gcxdoEWX+67X>>%X@-JQ^Hpw2xc+b5{J17HMkfrcVFsBR#4+1(Uyf^v0ET?*I>u
zz`()nWhHiF$+{=$4n(O6lcuF=`HCe{rAyv#(WL9QKK*fE%kXOqXLx+6DZjFDlVvQ>
zT7FDEiN2U3k8J)Z0B9B+tK`y9fX-*kn2BOks#e<D@vz7jeegMn#BTp2A=}3PQ1K2J
zyqWn|ci_M$4z8O28IS&7%6|M6{@}O&Bgy?AS@C~ASNH!`>%Vs(wtm9wz|RW{la-m1
z0qgp8MBCoGdBL&b)Ts9J?J=N2j9M_LvTcqTSK^BhN9iW^-~D>)je=9}FX*$CXsffP
zBUHTEOMsU12h6*1ySfT0>p;W(U1p{?ew2#2mpltku;2U4Sqtf8a-l{83_J1y&v;_H
z=w8{!4CX9-I5RiM!%@&udmFdTHnN5hS5Fb1ZbYy>dYP;9?C-;eNA|04#{lsTJMZxO
zha1BWZv})LO^Pr?<0=`cT*=%W@|Is0^s-0Fto0}B{q-Qzrgj{maLUKlDG<k!h@=k=
zpUi>JMtq1<B;ai0`AlN|rIK$kTGBCODN&@vym!AFG)z?IcDc32fvfPsPK|CQ5J(Hi
zT5(<_e=F7OjClTse*UTH%t4wMbTx_3SQJ@X_OK&GpdIL((eadPiU8#+B}`8>uMNgV
z*>^l)0_*dtc>c6v4c5_G5O(|hx)yQq^LHH-o0-^KWT}^Y$$!Wg=t6y+y7|A1_xPZA
z7bUN2i_0o?Ch!%HV1o&51^;>PCz*ivpYo3o*@nK|r0CQ){iZqOqx|xWt;?;a4jR-v
z_^aiY<~F=x%kb?{nw0IO@IC>S7Ji0sgA(J+JMvctfUV;VO&?_)VA1Lqp3Vt%)Hh6+
zPt&Gytk|pu-@I5fmk=&dvAhWM%X`$;@uQpUIXmu}DKe=m?Y|hFAU+}Y=T)}_;N0?E
zGt|f(BY{C~i6C+4vBH$k7-S3R(n8E4294WjR<s%{xN|0A*Dd<V)2Az=gfK3R#8)eo
zm#29FM5<F&GSC~O=fAfZUf1=XuNd7dbo<=-fMP|%+%X^gWbP=fiR1~x^Y_Y@8RLre
z49{?@8-o7%hrOO)LT;s+%ze<?Sz7r`tcQx#3@R|6KX%It!I6`$`cC_oJpHkGUGMRO
z3UWi=PEBv9jkQ<Kmf}Z!ziSzHemRt<)x5hR@ayb{AKwpP&$7&(k#6o-W15g*!n=~J
z?O~`clZZV}^qSaDR*gTd8UGLI6f{X_z+^e~2aFj_R6#~S`fz%8>><?e6EME<>vf|R
z=>MsI98NhoUExB>*)ck{rw%s(R{Ru|CjaYo!3?ncWg}=AjqM&P!x_vx+c8pKyVaGT
zJuxZ<td*OyU5rJ^eL|fvJh8oL5#L@}wO8Js(t*5cVMRC={XW=Pzevmc8O@wwV-VSk
ztnxajp}~85;~su8@J4vTZjp(Q5UC;ra&rg36zK&GW_(zi*EZL5zL3ME5Zf=o8oPv3
z)$j_GVgv0Zrx^lH@&>;LEU9bYGS9rm%C14NskXNxM$72g-_YN@fhobl5M+CW`?N(8
zi4voS{#N9ENWYLdCy2aOaAQ)Y^OZ=b%S3JV^XKbQKFc3%5IYTY&)C(`A2>a+LV#US
zJIO#yEc9Ew6c!PIDUl5%Vuo0^ttfXV>izjz(?_zj5mb4YY}Ew4Ntqf5C1O<8;@JL3
zCK<b*x3I9Fhs>QBC$l}HVbpv42RSbK@6z*o2f@T4g{mQ*9&BzMKvz(QRHPa&>jvGr
zm4xHh$$NAv`0njA%~is(3YUdNGA6&c67YA2$&FL=0&gt**XPU0{F<p!nV?B&KN5yL
z%gCNyBF1fW`s^8&c`plqxWrtHG@$|q*)z$*N9VO4&iJ#+1?i~<8|TYQP~zqSx_@r2
z#X!d1Q~Pmi%ZqIG>&ZUyr1Br#CzB%gvo0RmULdATu)45_1eeKe*>xjIzM31^`8Ny@
zys4lI@WlYmXB05+|9nT@{(JN(0hXQ=vQHZaNKkxop#U33|Ltw-f%dvgU|0nZvwI7S
zF5Z@tD_Pe7x(%RLj>}tuMB*|zf3Ld^_$>LF(7EwSj^{NmQVI)5OaWk&Q@-Te+mm-|
zcV#_~Z1G*as+Td_wa{S@1@pUMK09B&v@PM7JYy-{H(Tyzn`HX!<Qn6`kFiUSR|TSi
z(e{H<W^&w;^O1xyNdizSz}`MfFsHj>q%=4+Y1?UBk=N)#`he9PMa4p3A|};+4}B<4
zg4lo?@o@%fEe{C2an|jl3o#o*(h9otKgKDnFcFU~L>)kgAU}L4ahMI;_8UF`GwFSc
zL`G;myQixUg<fu#rW65w@38Q8&!Imrt&0H7xC-bvS0Xm=+_`-_X-^|^21w3Nk8Ws#
z0Ksc+&6S6wCOB@O$jy_OWG(^@K+MFx*Om{JQD$QXQKQjhBQ{_oh)-Y4u;ko3de!-n
ziNG9GQm(`ftp-|%-Ff?YjwV?z*!S>N=+g3<<hz7LY8NS8r1dXNUmE;%*u_l919yPR
zg`RxE$t=CsrFU3T|MM*(&SQ++Otm*DT|MJtIb1j)?f7Y|!HmxT91{Q$RV!~>6eGuq
zT!%hBp6gAT`6(M!6=1+pz3W`C0yyvjuCz^hHx(*{&uk8PXL5VrNOApILrRjsLG#Zy
zQAEh>%7%^s^II>oH&e>z#~`AFR~x9v2r>JYV7Hc7Kx+Te=J19443+w%OHd^|%7&Yo
zBxV0H?5u#@c0<frpcj~vEs&Jj0JDNgq$1E^?Y5$Qbz~(}fU|rzf^sXf4PjXxyt=zc
zwH}g@9dJGSxj*A%u8C&WOXl}V{otW?)|hx|n)t3p7o_&^XITkdJR-!+w<l9w2*WGN
zwCvlF;0dd%PgoMep{K}(YQ!v$4OY!Gsm$Z((@oRQGYCtwE2!KpKWeQQm!!V@q+#mm
z4i3#`rW<sg=flAU)EL2WNP;E?J8}%Vx(Lw?GjCk~MSV;ifRz2#g@gFnNr6C?BBQn9
z0{NLObKOiA8ptzTw#zZQWm@zKUD8GQH(qq+FLihT!RGK>r+sxWYVuIQ#QV4|(vi9D
zj2F|2dCHmF`D_|Lfo4u^_U5RiTP-0X|6ouye(#oF+cadT^Wc8HWsfFwY*qS%Si~I*
z!S-mZNEP)cTl=Zh_DV932C@*SFc=nBT9wt+-}~IZyZI04rebq~S2FN;#Y-(pl1}Q^
zMA36PjMRVFbh1cZ0tb0$Gm0)uNL1Rb==o<`O*b)J4rv4t`ng;w5M_j6FY2|I25_@_
z4Okc^a5Ur}8rBTSvH#&OZ(%{ZfK|mIO&+X!A)5an_lud51v}zI^4$X<!{DJa<XA*S
zn4B*;dAvItpKP#L?#`Y~z3365BkubOZNbu8?ii*TkGW`|VGQk-ebf7RN%`>FJSg^*
zM_|lBRUg_Ei_}jTR4)dsdHxh>^hRLzmyAlfmC3h^b>3=3;tBv??d*>4%uEdVAc_xA
za!_8AU4?;|$Q*eLaM2-_NEPSfJn`!6<q%ovTIiLNM0_*4Na7A!ih;gGRDF<sQA6FK
zqI;riEu@MS4Eu5jk7@)=v?!~bFs$0Gxzsup29FtBRR(s+y?T(8kUhDiDaFuwy7}=}
zJM$Cb2F;b_^T*{2fcKT+0v6hRn&GyEw!F-ux;Th6j&l{qc$j;ya54{;7NhyhB(^4K
zutAh(i$|<&0VovxiI)&{(vsIDtfSJ@k*>RUGA>5480uyQ)%1^+<D<^fVvb;ff}j@+
zQzANW_Nq1b_S8oB;6T)}09mz{mU9DT41Ip$goJLt*URoikwwfb&H2qVr5B+E`a0?6
zvK-3T?l*S4|9H&2+O9;`OpCxcW~Ij+XJb;i$Ddhp@5>m@pU-k;G33dOo#uz$<}r<s
zMu(w|Q=vGs#cwOh2^rtY@oA!n?u1%Nx&R0TIVca-zY(OK*AGLLMK42d0Kbd#J$!gh
zWx(BI=C5ctZp4dsM(q7&zE(P72CRe6E5dwDemVonCtz==XyR?}MBqd$>i2wJ)n7*6
zzwHuCQI+2p7xPaZAz>DO;<q1e1(GT(8{kOUc3Y?uNOy>gj5OGKHEmquP|1Z9Qw8_c
zA;9y`;vNJ?e~T^ylZ+kG+XwAAL2@cl;+_+KgU*2%euSE5T*bW3FR%2Wa8bML4B_jq
zcFhB`las^?(tk(|?eAqCpYfGTXlG5xELnj3VYJ3Esy8J<37VQv44i9tLYHf)v#~D)
zMTD5+_>G<<(QCxUH^WAE%xWCUOQ=VT{i+k0Oy=C#`}on%?4zGDT<Bx{BnOXe<N;#f
zx|lBU-a7E+j1IRe=)#-c0Y_6{--mM%S?Z$;gEbDLA0H1Opf8*Olo)ARt|D6YHJ`A+
zO8T$hxUv5;VnXKf5O9IL=bZi-qSV}@(m(;aUINl9bxd-A1WDb!rmLPZO+bLIA7DFm
zm}W)<adKsR)jnaYD~{h<!al&mSZ=6$YP)4hF_lhY(`fxJGkGeoW7GJ>iwJaL`Ki%5
z!dq&01Ztv~V(u$fv~a;DF*%cAU>-m4v9IOq>oI@ACB;Z=rllwi{nuPHUsD1Be__*Q
ztZF}#JFNzJQvO${`Du|592Ne<A{+b3(gFBa;BQaxXrit~pv0q#RgY4KG#ZokA{tG$
ztZHRzSYX8|pSdeFkp}Q<U%G~e<SLQc#MIppr>pk%Z)}+BHpyz*n|w8AY-W#s_ae<<
zpnq|bI*hSXh}c-~#Im}en7)^CVo_eBxQDR8cumW~x{l3r+Ap^g>Qb(lshl^q`FS*b
zVPQ4aXDp1KC(DvRG8|}&8YXfDR2m}9Y68?_28-L1sdIR<RRKThoRj0}o~FXHRo`B7
zOb}CkF*Sf}-RPK3aj66BR6y|#kK<5LXS`UUJKK=dLW2ibtR&E45(E_Op)A?<*}G&G
zR)((}f~-?LU8dLN0a1E;V<qF5g_=5AhSfJ5<``1^X~g^%l%|<uvH)(yg&r0;Z!Q5-
z62>3AVB!SUPsBN~n`gL!t=CC^8#lgW2wIODxR^#I?B68RX8<D1Z9+h)HoA|DJ(w*(
zFRkgg<~FI%N22TopEuJ5&ct0Y*HbvM;cnDkB#F(}Y5lv72$bD`y^-9F*4K$0Ljs(1
zg$xElgR^qb>2}!fK9fYjlX#?ZfT=E&GBhz4OnTZvgwY_;p4LhMWp0f$18jAu-E67j
zauwMYm6KrZr-2A0xiMdw>xeZOXgr_1#Kv0VF*{g}l9_Tdd2qo`A4t!7n@%Hps7ZvP
zqCVdFJhETuk7Jx1Hx?Rvp%L_Fmc-%P7TU|54Pj;<7@dp`)`%{uAG~=xdNMHdTcGl-
z1=+-hbCk<A7rG^5B`?x$1rK=?CpMr)<|UM$C$4u-nn-#)^xX?ge)BoTF8>sBjACJY
zw>YAhYWMimxh|LdTL<Zpq<Bqe{-tN1EA4y!=<4!lZRfTF*PHE?+<j_dRIT4q(26X$
zMHUW0fOU}mjzARdp`KURw5aQ-)|s{wLc3qcFq?<Yd$vkj!BJh_fw)oSBvtSFbTN0r
zwkIvu);x&6)$Ml7<T5E{GMHlBk~}9*%e=BV=N3^AS7Db%?$N26C}}KhEPSE6uk<1E
zef>pd=_Om}1nGk6Q_?l-5cA+!*6R6PA)+C8qhPZsAi~LOUZN3(QB%F=9~*dC+@wDE
zoT!=wLi#Ib{Z;Lv=iuRJ?{~;JW-mn?+=)2$w_(&{DZ*D?-QAOv(tOic3K<f{DAMS@
z(m|5V#++lKFJ?F?`(qQky3uhN-Tl=1lSax*y{;-*wRX^x9{Q(GLCyAP>xfgQMMc<{
z<B6>;XW4xx*Oo?T0T#ATqwGgID|v>Dv$Q_W^`sU3{DW+^{b2fs-p7Zu3F?G$GMRVn
zr+7<thPd-&&YZK1$=vdk0AAGTXEhI7b#Mzqr4wPq{3;@CA>XxW_uKnYznW2j@<I;#
zkta+AI{8l)-yl&YMeXSUJguMPu3fuPo*SXBE)jUh8{elG9-l-Iw5jT7cm@2tr6$Vc
zK#}CS+4f2yxUBv2r}JoS%g^ya7mxJIiayTfB3Li3p4Bt23MSshm9)3|Z!rG~LpMgD
zt~Jrz2)HdDw4+>rY64IAVDNH3)VQq;GUvup7_$q1v#=EE#4X`E;|kfLFxgft5$Cs4
zEwPlIQN9NxxdBgC?)&5oip0iRIO4?4B_BMPG<&%P?iIJ4*w<zqtr2KF0~h$CwJ<SF
z0=ap1!m#V(K3vLSA|u!5_VNck)yVTBaXlD}_2$!8(wz4t!No6UFW%$p%!{V|d&`?P
zb=(KLK-voZuIF-xjgQeQk?Tr@@f-p)w&ksk&F^Ld=CUy|d)2yCUdqL0a_#R4U;CyD
z%&VV`txq(x0jn|Z=D;S;<P8#ug!zDAnFuak_Ngnt*q2ywUz&)VoyHei?MNi{cJo*?
zyn2^ubz%pyJFngEHUsY~oO9bN9Pme~F-`Z3CjZ7yR(-y9jXbw=F+^nDKp-hQjJ~tB
zV$5l^({PYd^qRxdR$UKr4PBYu&NnoBN$-rs%#clQC@=L&j5N9!nNd!!vPklKDo;c9
zmij7V-yoc`zNA;yMvNt;;p{&N2d{Y%5kxap?}@8o2UW%8Eu2kdv0j^&-HRdx+Ju{`
z`|`iR8vCc5pT7^iIi~CV{rklTRxu@ikNL8oU@a{=S+bum^;b_~-3?9IedDk|e-5(E
zr=vLtRO43dY_jrzZEqi<c@xwVFC0+5eN(T_b<Z$cg~4+%aCKxdpavTl-?pxo&K)5U
zTs86oT~kM_T(bz8WtAN)sOjplK_Zc2&f_;gHp@ej`>N}62ejzE7fBb@;2>%G>h#k@
zzIasU=&iLG@zjj_`feqrY&|yD&UkLWWUgFTUWF8yQP9j_*0={`&7uot>o-^A^Pro?
zG#Oo8E7;njkt$Wp#V-|Dk#Zm86LZv(t!oF<IcS-Mg<Bz;J-zIMAPwwqOq#T*-bEMd
zPq^7U;b`b5-5YST?yQjKf5sPc)^o0?O>IkEQ*NcUXyCG$^tmHf&v0pC=GmL@{VO2i
zbu?+5;1hp0CJAkZWE{r(B)n}$p$tLO|J!m6jn4UU2YO6)7l-{Qd)rh>9hOjtae03p
z`cExUa+$2j@#lJf@|onk28*qP0<5PpgMfLk$&`x2mS3PF`Ez2<R40HO`c3X8pMPt$
z3Li@zzkG+!pwuu?g(w!VJ9t*2$tM?bGpP#4;#zO<{j=^dkDNx-5&}owyB99fetRvm
zeoMY(v+aloU;nLyNM|*9o_+MEn^N?iZEJ79It=~QqMc<^b{y>|-d*R~^q`he5tQ~9
z*L1$hK=6ZG>}4|5+2dkc`nrRwtIZn4_GXFp%l^HJ?tYKER&6ya)gI-VM}i2eM)I_5
zE~AF%`%$qRs5k#)Q-_6B_x-!3aoA-%NlrhdXRhBo%k5@MDZX@?D|wG?h2q!Q<?n4b
z*6+sk?YZ`u6H&<R4n^Jb<^BU9IpyIYbS(IOhG_oeF(y&U<nEPLM`lTgrrs>#$(tnP
z4q7jQk5ix-jqkJ7K?FPWq>3rSsHyNWmHD_NVV^4kMh<TJzv9q^V+UzuV(wSt&=PW5
zamGEO!9NJKL6Y9<41XLtBpUSfhWeKG^RemCYDatKzh1IQNa|zavwC2ZMNY0cTQ)la
zt6S)pE1rW;Q1q+1Sow+x*(>JcI{3*izc|O`kE}g*Cc(I8-C{Q5X9uzigp=wtDG7Xz
zLF*F5_;G9V77#X(O*$6K(aRv1+>xe8-<2TZ1n~l3xQq}4WX_dd6cb0ufQ^r;b=B3?
zNfM4T{lQdZT*m8*ThU!wT#jEuF72&LaEy`U$(`4_3k|Cc!mQ+o|G58khKb(!qv*rr
zP~$gy!BNANhCqbTTuri>44T&+kSpgrExS6d>YBAZKDh1t`Px9zw3E1)OP@0LrA*<E
zyua>@o5&vwMjn@hRS*`q(o5D3`HoR?#vdF~r*cbm`*VngmUcet=1@{cS&p8e3sq=J
zzA8DLPs3<NqFG&A(=nQi9%IHR;f>pN%0bC}yDHvm<U!eE52dv65Iju0i8{%HIeHGN
zzM+)6-`vSGWpc;vhE2j$1&jg>$YmlV`dgqPv6eU{q>=N3YrR#qB)LRYXZ67|+A(RS
z<-pf7BqpSB<6aNlc~LsG?#(layUDAQoHd@adLJ%58#ga>VZ|g~mcHb}*UL~ESBR<G
zAn)uHT2e+`+MT?b+}}&%Q2rr!)`=i~`K=kpYK%%pRcam8Pqd}6{-VE{?b+Hh9~?_(
zXR$6AL3w00!%0!`<?tv?tuFBiAX`nHDE_T7@DXI|vqs-#^QGb_)pkQlC|SzKl~RlL
zX%-{)ru~q3ev8av=}V^D1qS)|{WOAto<J_5vlJe$MvCDvu6RF{TkNW6m*;Lb?RI@*
zPr9uuZX(j@$d1Bbk-@#jM!Ar7LQRBb*kwvLIWXggnvK!Jkl|q?$@6qA_m19_EVDIY
z#gw-525#O+*vxF#Fk+)hkae=ev}aFXvDlwmHb=^pWAqA5wdvJt8vWks+?n>IVfgAg
zEC-791F{d({L2!ylm9u(pDdv*E-#<3300bM%$~%96gIojZ`u1bwtJd<Cq6SOgWhx&
zAkHUtg7>UnTh`T4-o^`9IFHWfr=AMb1FfKz#;W3E96XPE%!EQ$WFtOFMjvvL#{Ic7
zEhDNrKb$gqqc+5M_kW{NU;X~Ps&obndofR1yEv7jh|2{MI}KTvo<-QIbHK{!PakM6
zup8Mi-G1`a^IY0AgwWu9|IJMraV>}s&g1p`J#FhGl7!h2Zsgv3FMrm%I~Vk>ShQ_y
z9pXygXiP|z@-~*IV|&GARcvk*q$|Z~SYoCci_7IKf5gdm&3IFg(|{Dqd%sNP4M)T7
z1NJTq>2_m~WeA>%o4(3y*DuP$Il-o>zD8@5hMe0s9fec7?WN{8b}s#yD!pxa%|F-F
zS;Vdtuhz&#F;%sHNf9z@<TdO~3Bf}^{BfoTDd_6G@Xd0d@ki^+r;NS=w%?AdAyG*S
zRoE%Fg%8{o!nAe2^PjfM_irY#$lE8iX(r_`>+{)n{$qKZrpGbB$;~ZVs=_({9+DDU
z1Tucx!UENNq0QXWu8J=n-0AnKALP}#kZzCNqZ}1^A0w>*CpGhf_d=wJ5|}9hz27v4
z!MuXcQ{*^lO_$jdbOvr(bcc@|`6?ZkJc8xFb?apUR#o%h!M1XH>Z#*-LSYnIRaY*U
zh?_-)doDU^p~Si)hbtvUobo|4GQW?~LGn0uyfdSdzKdz4b)djnq-7f>DDNBBja<#>
zGSsQA#uNi-<o>APw;n=E(aN(%*F^%7!PbZA*Vp{cMcQN)$tr}1Szw$xm$O5|AvEeW
zf|8gnZ~B_2YcFNq>^41%=#TBoU4x3aDdXG+N7sP(r&o(ST0OS?zuS&BSl9HXjb{`2
z<{iEpvM+vMGaIbvpcI%_#;C+!0Ykp}<Hv>5w0#6Sn9iq6VPp`SDfU>c*uTGZb*WCU
zugvsMW?9O%+_(BXW8aY$bxv&3ZJaSJus@sMu=hSa?>QI0-R~B6nX6QV&B}fjC1V_0
zOD1;Ic5W&3*j}>sCL~>@`Awe?J}F`pT~cCJS5h0n)?aoQ`Nn0~G)M1PRD1atzBX7^
zytp&=^*I%%u~V<O9QUzTd%vHV>6J@XU$w7qr&{fDsV7eLr%m+qtPU=lJ(f1KQ({9<
zT8}!6ynEsC@cSf>@6&(&th2|W3+<b-OyGz;LMwEV=Rt3ZKK%JJ?WX<Ws*++v;x(~*
zW9z65AIaV+H@l5to{mwQo<zZ9{z>baW&{4Dk16|KtfI~h`K;_7uI@US#4qN%GJbf#
zv*^0t@a|~yP2Uw10;tcTE`z9m-TcNxv)>ZFTZ{*3`puq9l(eS>DJKtgODs!ld)4>Y
zi0oDne`NDfPtpGRwhgx*S*v@8Vm9Wa(`&~Ms0$_tnhWFk^vmA(l=o50Q0-$TEk}@<
zy{uyoM-X~twc!ab_gPbAea*9Zhq}HyoTf<bu*>djObg&aD%IT{)VWJk$KYn4NH{%K
zVVw*<5s5|ou1ak5d^$>sF2}9eSNbR4m-y4fe=Htzk_YEqj~ZE&E@yZ$q1<D&e^#{S
zZon|Oxt%_}3{Aj)7Ujh7Yyny*IkalaUG=Zumwv6jN2lWdQV6;3HAB_MJ-5kpn8&cx
zOhTsW_UZ$BW5WO`cj5kuQUh8H%iBfHCB2vS7TIC5B1Lo$BdMYin4#IF{`}(hDHTW!
z!RnwAF)vVT+F<TEC!jLVTi)n7-^)@p-)kLoS?2NyW~t8i6Y?hF=sKPY`Cy7##<DCV
zX4x;AAg;_TIqFwVOmH#g>TVw!^D_AH-Qp!q<uto%{VRl$5?l4WKefiqLF8((>?5!6
z`H`L;40vzm8&{yEX;Ot3m0jsVZ5P^9b}||L-cr{TK0P_%x%XssP0%M4*DnoenwU)0
zjlK7x#XPdDBR^<Kw_jx)pN();%L)DZ)o!2>nq_cSeDx!LUUPuz?pKg`*)sJFZvIBo
zlodM1N^tg=U?~(z`41wv9LC?3k9zx?Hlzh<`_z$7-y=QI%|$U+1%lDe+h$=iCJ+Nt
z8u-55F&QPr-emV483vd7`XQDUmAcn{zUA*Mv$3P8QDfE4Jg%-7`HKQ(wMDF_0>_6~
zVMxB)N-MHr1ea@?sFQ=>9`GwI-iW?mU8rBTl7lr76cnULB2r)scMI|OcZ~G-^Xk`Y
z{_7#<s#x$AZZiw+Emq~WCtpW3t2Y#NUcJH#wQmU8?dQ)^)Np(J*O#Q3+qJo_pcdm)
z<wpzWRoLtN>?1v+IQ+@RZ%f`RA|F3Xw@0#`0u|Avq0Ub#F*}Zvw^}ym)Cs<FE<;(5
zRrgn9chsLo{#j>cQjK@BKPeb(k+I(^?Eena5;8AfTqfL_1cYR}VMy(hxtg%5udld_
z`hM-%yLwMKh2I=zNFkNA8BUiCd^@)<*82XpZ|B1l>3I#Y6+eFumeNvW$9?tPn*BF|
z%7b~9bIZQb%qG<=*w?hQwA$iLFGv2cp9ta4DL<(aU+)=j`c&*>rBlwOXEe;4sn?nE
zh2wCA``i}EA&-<?mMZS$AWn+bU@HV068YQXBsikhp3Uk5wsC?~lXTs>cFet9ZL8-!
zg?f<3=v7C$=ZQWXE_G>-%L1G3q)jpBW#%LI^s~#z{h`PnF}kd>cV}K{FA=|l=TJbR
zeDFJaQ}?H^U(exF@n1&K7ooiG@!Ai4Znk4OIzG{Ters0IUf-ZLSpxaNlA4}2vi`IT
zLAwJFvSrg$(z8IZI+DrYsBkZ?wEq6EOZAw3-IPMDTc6*6&pBy&&$}RqEwmh%WugdY
zROk1w(|CD5BiK=bO~cbu8UZUKlLB~1D_f9aleU~4Sv(>qo{sdgvgwe^vgyyA``+&h
zxG_vZa<(Sfb|+blk`_Z<v;7*S(Nqbc2X{{FJkUrNO0A65=QpZ1#RkcLso3vRl*%_G
z^)ea#rT~6qI!I&cwK#nDsBba4+02nR<S3Zi@#b<clijF<eF2U;U$Yes_q#a{U%Xoy
zs&P&ljGN5al^duiHAIyh7r7_SU(9dup{;@tdvdZnnmPJISmOA@$wtp=I3&`V(c`S*
z&Lb|=by9c}d-Cgd2bVY1_g`2B!T|Edqvo~yfQ6|E**(`(`WE?oLIBSh#)!6(tv#1k
z9yB}pI$Zz9i973*{LVZ$1=%93X2t}2o;v!9*p`(EHts2RjqlR!FV>;-KLjP7DEiGI
z<hXeMrZ9Ou)P5`4HICa?V74Pw)wOA_?2@>k{_4AYY~l3!Nvw`g>^k13Zf`sAu_g9v
zUmMFc)fLxw)||NydhL=sCTYP;idkr*?nM4Hj&LM-^BJrsC<=wM=q``!mRXNh5^U~v
z-BRvfLgTJRQFFY-6BU6SJM0MSQA~+?_}I3rzjQE@)ad($03t7h8C<`dW!cVbbIi;1
z>pj^$U`Du48onITev(yaDARq~Y1Q~c=kENq%JQ?}XOCkLl?92LNT~}}!PuP864~u5
zQc`X2QSc@JID}L5f5Q;{a8|`6ZsG3xW6L_+{2uQbH+iH@BG%>OB`yR{CGHQ<porr5
zeH`JL%C!;p8OTS4C%#KSewHL|{|_K6SJ9W1M|OjV<WN_8Qv9s3jBAq0o1lLA;(FqW
zZ4M%WWoQ6tz8qWNPV<cM+wduQ+>I~H5lnlTW3p!8JT};-K9@eZN3KKhBOPQ!Iik2C
zm<kS^a@^>dC*=C=#__dv@g4s2oa^VvF{`Q+{THWO`6F~2o$QM(BoiLp>4zEvJSh*h
z$U&&<NtC<^k1N|@nL9xC9WCFyJ+Ahd1NvS5Z0*ZNEEF<c_Nu0APEQo4Ba?q7PpQS;
ze>(dO;Ju26BfL><aakDb-f%^!2A(;f9IMI}#i=X@Mqondp#6mBW`Usa7_4e#!%3x3
zzx9?F*ylcS^r-#HRZ>^uZ;EP#;-^1yA#E?Ti6{s`K&=rljb`+A+UIH*A!MI@8ZSlC
z$3#Yi6I)>zaq>;&7(ReVyUw!iUga0TDuJ%pf1E>G>D$h$UufFr%r8O3ainTpGtGnc
zlxI=wIZKeu_SM@T{~8}$er2c#3xd-plQxmNdo0FlC@^hfTJG}$gc$RdAcxtE2uC;K
zpB@LKnsv0YpAdVuR+dn_m!7-{XhL50x~*S*JaTNPr_yR&r_yCa@1nm4ZZS7tai>(y
zBd`~GeY9f@_4R75IpU2?C2S5O-I+<z<Bt!8(vGoASQzf@r9CsAsPp*-8Jl0wZo~H;
zUwJV+4Mg=ZjNp)!Y+ZniIrJ6Je(=u^-r779$9qrhPWajWFG31>l{$x2y+MNfbLR9W
z`}LXC)9x6!`+-rm8DEmbSY)IGIwmPcEA7|C2ljj?7YgNb_Lj7tr}5dokLTY~0C-D6
zcCMJz-Q?;U7OUO2MBZA@=_=F*Cd{FuLD9{>rT^SqVVY3)*_ySk3>QGGg!(>1ZN)0b
zp8k>T#W79dCQcAXG&KKKy1#RikD+%kV*)2iKy~oyT^q+6L5-6EFh-s1Tm(rD-DkzE
z1~vk{*{%C(0}#3O;Eu&zR@?;Nu*t~+(+??k_k^|J+KcN^Sf84EDbj`->giIv&kTbD
zM|}f7Z^X98=oPEn!H-nkA~X;!VEn9WHs=B0=?;?>8GC7xH`_Oz^-9ys%$^k9C1Jd!
zS!|}~oRjw2EpjN-n6c4vAcA$Ze6c7kz9-pkJqacuaQDgB(<;QhCN`Ir=pL>eL#2L`
z(uORUN*X8E-$kn!SKSY>*^|3_rhWIFCKlPUVR~+?V#KdaXLI@Sw&S)@wM2<(+?9em
z$o-s*r;YLH$%)z|D71&{KEGzlp@7KmHta&N`KZ+;bVK>n%lKPUhc}w*C|(yHMA)b?
zWdj->ON5lgar33Si*5FV!_WP0Ti0=?cgdp>Q6wixAx+!X@gfsc?!?OB0U!+F$1C(;
zom|`X?@5<eOGo_7*~A+ahtYTM?~9R1iN+rS8fLf4-rZ3(T<UT?nz$*C-q8lhI;lfc
zrBq<DO}3?qTu1D*2zI8)YL#vx#9OTp2!vjVlYJbYiIhHu3Y^H1KbI4Knp6=ooN<gi
z$?55qO$iAJY>2E_>MsteJ{}dU?EQWrO5Q(R-a-y_Tr+!N;hgMxkbDFaxqMM*Z*MPv
z0#0Sye1b|UraySZ1vHwQZ|0Oz3_yXzZESy8)iuxZX>DhM;NZraO=ot!ovM>d{n=eo
zJFW*97?KPhKR(DKaAtPp%na!0isRS8fAWzgb^yT2%XJeMEwD2Zx)!j9X<5X~+cj?2
zHpscWkw(5qLsnH=S`;Uty}Yn@)!&G!<HTL!dl*UqDbdTnb&rbE9zUyuMV|DnO|bA+
zj9?zrhAKlXD&GQDW@%tLM~6)~hD^iwTK1aONcqu#igDu`Hy#1JMsHg;qYYPc>H}KO
zYsi@vg$&}4stS8_b0F55lU*DE4<=&9pT$GG^Mp=AAGbNweskpn&}Kw`yJ_M0RnuZ=
z_Zc|+K}UoKf_%=-iHYSe9ZC(~Nc>%u*47qC2_w)m&>P?)v231X7uFi{y}j@$Ba_MW
zcPdR{vw43ZQL}MNLy$sp9^h2!|J?grc4_x(EE_vJD{E%xD9LL_c|IAyBfhJmrR`Il
zX$?Ex$N?WVOssMFTsOvqfLL0^h+nx9x)w6Cdfk*sHn?EBaR`eSI_6WyW;fB}pV^-Z
zQ^NFo#zw7S44Vr%KQ*6*IDXSw*X&D|^fhM@Pa+(;%z1>rI)qOd4^1uQ4>sfPy;_;8
zRj)zOz5tQVe)zj95%->b1E0XY)WIFV9Kr`k1B0MhV%qGaJ9G8IjE~Pm59p55!vlt>
zO1feSy}klwQRiG5Mp+uen5z~wL(con3W^YU^;NCR>wL_P(y{pjc892&T#fKAr><#o
z0`~R9L%|Xb*v-^X3{kdFtJy8;bKErdC2wRoU498aU*Jbfd03c~_3%6nmx<g<N-9yc
z__g{U-3A_~koyvQ!NAXp_~9Dqo_02gDG4#BNo_cR;(Ny`yh97n&KcnKXK#!eN5<!w
z$NJQ=F(%|pCozdTJgMDSxSY%{*V9%phTr}<;JUHIl2+V+1n3d%ApdsSUX<kvfG4qn
zjRT?SC)HMm+qdgeenjYr99|PC{9MpGk-p~FL@Q#8N;RZ#Id3#`TjXl%`-Z}(P`*vW
zQQZ?_MN%Fc9}CdIH+FRY5_@?9vJdC|to$MBQX^L<y6iw@{kp(CRxMFn)md6LXIOMs
zw%&zegU%cK?4jhH3rU*Rz>t}GlMUP!$2o%4zX<7y?4MV!RlxA2m_wg3h_4sx=4xO!
z{iw~#+|WRrd}*?)LwXGCVEw#Fr9;T`OFr^vG@ZsP^ohw8x+rcK^K{p->L>$Ai|ogs
zb>n6t@(j?X;B+|?2y_FQ3gfPB$U>kS6b7WuQGEt~Ocy^hlQ3!YC@vUu$RQxv=K5Cq
z`h)@qEeGRoF@&~cte!y{wk}2Jn#{@Keq?to4XxXQYtYDAjZdA~K8u`zHJ`*cnBJ+p
z{6I75$Wz~^Q0B1K%4W!+NV?sNV>C$3l$V2N5ZeVXUB$DaZfygfEk|OUl`b?Ss;p5n
zj3Z*p`^h4qU~B8oo;PIQg0_Z{Bx17OyC7Ee#7)}*1tT7zzn39cRW5xS@Q6m{zKD#}
zCYhs>f?a|5mT__tpYT5i-$iKtfj^>FjRP$@>yE8@%64dPitPMq4Yf1SiN>L8c61BS
zZ?oe|j6BDP9K-nS<t}!;A}@Yu$XtWj+2PFS&o0$CXt^=NmUF;jjrm7?Fe?o^u61c$
z38h&}^$;)$FtLJ#D#bQQyE|%83PsnG)yI5S`m5!4-<_VtEhHwGV<b<;?+8=Te~M<4
z_M!?=)aA1)8|H7=`W;OuJqj0oFk|eD)F~$G#aac$m%2o$o=Wa#rA-k0Sfzan4Jh$T
zJI4EUdp3(b8elPNV^wTicayUdvwHoF48Yr58WaUE+Upx*56bu_*~JG*nYf=2J$s86
zx!1oYmi97Cqx?f}>iVv)Y0RR?e4bO>4ly0G?Fc<^wxgefa#0JYrny2u-3v?$69MRP
zC687cm)ktGq$*u_3DMt7etq3!zO;ts#7>nnHgVZ@#>W&kH>znjq|?wj&!Szu??vn@
zHcD_5Nc+1F7&NSHALZ5mkd}i=iRB`4C>M?d^Sn@NMS+=%<KWKX{u=?xCN?20K1u?)
z^eat_Hm~<!ypj-{?EJmtwLJ1ofnk1@4k%X{^?l|w%7Y002etjBaVNF^#n&s4DhcbW
zj%R^5LsXJzL8%UBc)n7`ljB|Knyc>aQo+JH?V7ijzBgYst_#*pn)p*q(BEU0sv56X
zp>z>6SCl}TZV1|0Ua;+9!08(V;;`WcK{Lm%jPZt$m+L}Vrw=?zGI@uOYx^~*JLLl%
z(ve(HS=}%**mFx^E$=2}v_QA8)?@BOd{lZmmA~{XJU(|(-ID{_=>|1r*+A^)*Dp1O
ziP~pWuw2Sx`JYHO*%JD~A?x9$u{yJ2W_|q+x9$N;S!-(Q@C<}GUF}@2-G{HK6z4d{
zA(P3Iv*yrAd`q>8r``qAYo;0G&kw^R(5tc9Qo+0bP|4=%CcY1S5`R_B-`VcKXxD#U
z_fO&O{`=<xMz{a_9}fP1zL9tS{MW7FzySv8B-wvn|M!Md|96-EcP|aHjnBcaQo9ri
zv6lrQE44`-4YmLJ)vM&Mm5qfVZA5@PuksS5Tg2ZFCM$n)0g&F8gn46sC()pk5qR_<
zP0AmC?0O>`M%h>cWyRwkamJFj#@{?*_&b{a4BxM?ME!p!K~bZX`wQ%1)f@`9W?J_r
zhkrN9S7T6+vfJNNpvLCz|1pJlboGV$%75N};K0=fM`&DB=jl%7J0->>Q7}QE$Zj~>
z`C6}9fK{*F?-U-3)WQZy-1Z4oh@pl)V^OM>aTlLOqgJX6Q}*HT1jofNv5vMA$2u}?
z)0VR@1DSh`Aflh6=U$0e0G)9&9X?R_eVK^FEfH}sSx4FJvH+ondH+x<j)3)KbeN9E
zhg5Ep$$7Jf)b)#vIiH0xej}I9S6Gi}^t>Tfm$%)eU4oD%RqKOK3TBcs7B{(7CKO|C
zp{DjSBqHg%N5r<bL%w_Fc37lbcHeZa)L279{oqn_PJwZD%yCA6ye>vT2gNUJJtiO3
zay8S1f+$q4kNvxmv0!g5RpGDIlQaRXgPYUbdnGW5o3+)jh|UZ@&d8gG!<6FMn=k9g
z{5wYa9T?=}@!%<)Z<paVi%Qo7DQ&~CA^sFZYuMR-2`ud^4%vwvZQ1_fr}Z<l%Yw#P
z@1ZKwES7NTlV+!Ls|uZ`(G9nW;84DJu?AhEz+!8W*w2Zce$~4)S|0VQ?&i7IKVn#R
z+g;4w$N~~M^xKRkuEKJdCEi{uC!IZi_H|K%`NYm(d7y0raWYrRZ6VKNzIV3X=iwj^
zMVx|q*xt0)3EZrr=fGbIs~m0cMV9SVV;2gSA3v62Vwyc+)cKmX<Y0PZE&!8U(wmLO
zVjIXP*>|rpxgC}&STHqYA}YDbNFjJv2XyUw_u~1Ja?ZU6!WHX;VPP$Y{mO2uOVq#4
zAx7<|EtSr|TJZ{j8TD20vXctjOj)K24Upe_Uh9jyBIv)kROx8kVAD{gxEw!WnZQB4
zN|Hna)@{6(b@WOvL#}#q^`f5I549)|R#0b?*0WZLf6Xsv4yJYk9bd1^OR|nt8mzv1
zmWooiwYD%%kT-PGie9FxgKVhSGPBLG`G<9x^m1pMNN(fak3-7+<K*xZZ?K!YaF2gv
zcUP}yIKsWo$0fO_$*=EoC)>Fz%Ell4o^kMi05(+3f+<s-k6RSQT$>*_PnMa%SAbcb
zArVcvoRZX-sJNMVf}C#%sNY#6Oju%Si7XLK$Myqol?ka+ot<Jhv7hZ3E>Zu^6dSdl
zU^vICU-mJWZ7b0dJA^;QEEMpdtjZ~P1hj143Ld5FkFhR{A;Lp~;TLUv$iGyoiVXJN
zYenpPzvozdRl-`~)}fN%2#q2QO<AlaG&ABj5I<ey#T>K@n{VD!fw_Jw&4!|KTa<E4
zfH$FNGKv(<;k`I`7fTUUi-E3rY3CT9kZKUF0Y%+8^IIY|d&SN2C$xIM-<RE1g3MA%
zK{4{Y;fo)4^vjGsJgls+C*CMyx(;LY>O<HM2*>&9L}V}g%&p$Swbj*E9F(8y*C=AH
z8S8I;?vh0xEZneO@5+(W+!##v+|xEq;U9T(@ZiDG#>=-3HInZEQ>``#;X?dTu6f;-
zYLTeRj@Wb#oBuZ!6<HmjIRUKW{Gb})kbQKqN!QPmsm!)I5a{rlT@oWAikrI9IQxWh
zy%*Q4m38dw%v*%G_r(X8fC998ST!}u7e7HbVaQ>>nR2+d9R`*><Vy51iZ~WG5<NRW
zUt+Xw|1CH)2q+iaYY5|@vL<6V*xA|9g=Pc(PPq6Ujt>7ISUO=00t?Hf`veTN%LQ7a
zAU$DP^CaubY?}*E|9OPBUsH<?ogbJw{qP)t(*3nKzJTcoP1)myaLboXHJq`{PXq9&
znmRK7KKN*<?)#53uA8JlG!tGnsq=ZNI#!9ph&j)lSH*l~`}^%cE{ga16(yLcTwh25
z#+4+y;+<5LA>XNfPP3+9Gq{JxdtWK&{3tV1F4ypY$qM((BQ-CX;w5g!=)J!mtlYoc
z#JEtC%bt)>KUn4MS$wZaIXGC3SNoFt-LB^r+)H?jg#jEeV1-~pxn}qA$y1Lju1Y_y
zcNrGF;(%=On?GI*XWC?=^Fu8`vCj7u2f#2Y$lk>CB4qy{lgj%s-QC&^WL^4k#^VVb
z&|1lEEUi!YA^D%@_Gl1*xs0brqw)xj6j?braL#MB0vCtuc>d%9Ex(U&LZx>3+_Ut(
z?jj@p7u)%289}pxf7ac_o18k+1qa<sL(kXx3Aqm`L+21~kWSyNDTvDNIPxLX&*EqK
zO@itTO2_hu$yEi)E!z%S1Uc$=7_GKnJdXpeUJM7!<Mob!D4)BL_vY?l$(iVcdc7<q
zOGw4}Cx6zPa02tJ!ns`|>eg=@1MG5^V6Jsy_Bh?p`-|8s9GYy(5}#kHCX`$e6}=6_
z<wYMnP(-e?pJbC#L3XFj_xXo2@aq%W1Fr;bF7uu>zfo)~dqFwu`S4}sByp>%B+;T$
znHo<%pxY&hyIkOLN4?3i?&?jICY%>k+*}U9tgdeQ^m^3z4CvSyM4T7VKIv;;n$p}H
zkZ0}bJW{J09$&j+|JyMIgcDeno1b`*)=3uB&o#p86OnpNA73j|;sP8u?)1PrN9kCV
zF^&Xzx3A=nI@xP%>As$S59GHf@a_=Q-Y_Be_?1U1ZJU64F97a{HK}3rsws#v2ej0@
zKM;JR*}3@zeF~w+Da}r(%Qq+-avd&W1Q=@d*b5PJD)%>RT(t1t*c}Z+4ACV3mYg-e
zkj`P>7emi1VW0Hlhg0vKQ{$rai_R6dg&$2Uy%G?8Bt6cdIBKZAsq{>#AKO)7JIzc_
zU#3305_5u#&3ZgOCJR6|F9Bb1B32#8x!8$ztYu^2Q?6|ab|(AP?Rnw`>T=gtYiW~<
z>qQx%Qs3SxfBb8MQm+3Lv0h)VD;D}UBWa_4FsG_NCHE$nIA!V|l~2G-OeuxrAID=R
zJmI)y|MM^97a1)JmhyQ(^XP3<neB2|(6n%vOpi_J3gWz1>lDW!nQ(2a(owT)&t7C+
zNo9QO4(JNkFPyNB*_E=1;phOZ=O(&+?TZ&*bY+qK0&#H(FhkY(BC!6vRFED-<{`Xs
zd2lR@)(R*er#s&NNl?BX|39CvWccaf#g&;3J9=KD8*!ZpXxB3#i)*umz(rAOlxu`I
z9UT>=S!<4jw8){sJ$$85-we7K{etp{?0^3GQ(46a|Lz$Lmox#^w@y^3v}8KA7TE;{
z2HY{+iTehn6AK>r#qvFaaxPLKM9brlX6UxjdHeTZtU$|r{*debvppQfU01K>fh0Jb
zD1-fHpC^J10~w8K`Rc#7vHO0r`tp7VU3~8g&GGe?DYrLl>q9%~5HG((U_IwMvp?^z
z(5_*|4+ju?PHqqm^iEGZx%alO?nk=n-@3K7K1p_aMCEiFmU6jp5a4k`G?kpudbq)Z
z*cg#umR==2oHzaG)_0Et(XKLR);IxIWQwpt#o3G4)NQEhV4;4WS$I(!fKOT<jd>Uz
zg&A@lqcSL<tnKu#&n=bjwV5Ps9!=+iNX(IMG7sh&A5s=S{Ci;Fs1>(uu<dyz1xtSg
zy*#at0;V7H-~_WaW~IhI)Aw)d8ydVewvLTB4L!{stMM7p$@cp3Fbh0cURz@RUFTW+
z|7C6#ZUkZ{|9O47^xyyRU#?kK|4Vw|J?Q)W|NMrp66G{Eh9I-f1L>NQ&xfg0NG+S+
zE=!-xz<jZbiWmgaoj35>SnQ_yer3fNuKY23KGE#YviLUI72WLP*1~nazt>8Dv@d?3
zOrPb~Uqm18hE^yT`02m;JQb70Z&KxmYCIGsiQtMY{0-KxoC2s65;z^=l0G2VkRQ_Z
zFZ-(s*Fkx8|CET)_t&DHv!9=-CheeZJ^9V7?bkN4Gl%{YV5^5kVh<m9B>i{tI2>PT
ze9B!<PL=$+ThV*abnY8RGEi;Uu4L|#6+~(-{Xgp7GAi!mYZvYKOh`fq1PDPAEI7d(
zBDe;33GVKVWfFqZ!GllG;O-tYXmF>4G~RTe@uulpo%zo>@BQ%J4|kn&*SV}UYi9aq
zRke5R{p?*&)dp__8^S@MCHaR*@%3!v%l~k09?`8IK603?G#raMSqJL}!!O#e%Bd~?
z6^1F@o%MPW_fMqrb1C-FNOY?O_@#QD`{gfU<5{&o(Q`q6ODE_~;(xvPufYCK%`BL6
zk&RGJcJs*a{6}gajC=gQFxT-{lNMO3_7Gn$AMT}``qHA$-SqpkN-!?%hFw72AY%$|
zoXeYAh<UpH{`+sm(tmcffhvLmZ*LOp34#;5CRfg?K=l;1sK;WwRRjN;l!f=7JN^<;
zZt<<r1U1&>)PN*;8vfbD0AAe^`slw2%DW!C?IQ`k{jmtsNu`;m_y{pVmKPVJI#=bD
z$*7!>2aa5$$QW-`Vm-rHsSnv|ra6F9egV;-1$|aah2QKIG;g=j7xOw@q*`?#amZtR
z@DcWGT9jS4@s(%O;_7*m2lA`%$t2*!O1XogNyw!p<2IGdg3b_FN``ui-opeAU4z(a
z$5l%zF<%3a*0-Iij-lS0Q}ucM>acfkmU{YMh3OLoESon{5u{V`e`aeGnEG^Hj)?D-
zMWxnmE@!ATUS}unx$7mg1nRYBOW*MnH?B2JnDf|uD_9FEq-(LA%_HXgGyDtyR|6pL
z+$Db_cYT~)S!<4fF$M<Kcnr_Qy-|0;qJY9;qr?}`e-3Q6%ss8|54ssZjVa~nydizQ
zpJ+k^(%+0$7cd{^cmBl<l{fL^Et|3Ocl;%WwiKnZv0$|fxRuvL`r1Xd3Gz0+*oLY=
zftFhEbECU$eusp=neS!&=<B1mxVk%?2>|kG{z!}(&}>k<QCAbsqWQ`=U|+S;`CrrK
zykT;afLk(}Qs{7gf~!AqXk?a@%xXM3ooKEZ@X;npa}N;x{Ue<FGThIfzp27~E`DH9
z#0oZU$MX8Ek)NHP7rw+cvS`;<(|`ZX#tR$fB4g7r_4W_M*%#{PC(>`3o5yRF>6U?2
zfg-J;!b0_?M09;G)MHu#$2K-N8~98FcNE}12{wmpxPjz-whYX!yO56s5QA;C$_gok
zTxDayW@tVP>^qBY>Bp@~vy;ifWk0{miyKm)n!rrGAiG|*#@+2{7hLy$4%C2{3tuHQ
z4;`hu$=VKwpZOi79NA9R77e(7<2bdF$8zcA!14HF?PU^^tYs~%a=yr+69zdf9QxYn
zc!!mlE9cCq%}ca&b#<h5tQ~dhnVsF_!4)jOO*PsF<5?1SgYD^4pTj-<GU3eL-rl0O
z;~^v!0ByLe<HR~2t$g^fHX4G3PlaUqz134NNK-1A_Za^el^RzQc)ky%Zu>Wx@M7J>
zpVmC|Rtle|xHw23&v|S+dK*;T64~6IEE?V*^g_m4@?CJ*MJs?k#^_7k98fnxFmw8=
zDxWTnU_^r57~aJ;w(R`1*GvT;Molyt)|o@gMCZo&UNq{qd?alA!1^D}4iW(sFUJg<
zLiB`_E@N}ZaOg(B3hOlEG-}RKk!Y(Rln43-PDhDj^oXPuTdH;%U3oa%3o556PffSj
z$!x5Gq|R36S;U=QSrCQ(z(u)>k7RNxf+6G<<v-T|)h7ivRTuyLSaAr$w@-V8lV1~e
z&th{~7pdEv_bbgub{4eNn@)C{N+>Arg@E|oVXn;!Wwc>tOp|Huf8!e(;MW=Ai9*CR
zYU8?BXO;M@fda<Y@*j@^><d*?(2cE9otRg{y#NT|53{K2MJ-jSfcXY?sm12dc84!{
z-gR-|XP~G5d~Dq6*IhjVc!(RTY77eW^JNSSpgNks9i38x#@&7L|9e|qHySGxrx*y|
z2LoN&SpD&7!Nw@=q1;Oq+qJ<*X&)2*H4v4z!7AxudU%+Nc&iYoHom%=4bm1H=)P3`
z=#e{MX=!OGOn0s0bqJr`v1ncI#+_lXNA`hL*I;tplg0lroy|qBlIAo4B^RQ>fW2wF
zyk*Ln;%2^nNQ^B#G+?ujD~^sw8pKP$W-!P>PpE&~qVdltIQq8{+%yUwo-VQ*G>gun
zIjH6v#99qgr@m)!8n^Zz&dlq!4ygA=XS$1*>eZ+<8vjGPgFrqV;iDplg=(oJPWTMe
zqJ4v=5G-qUniXjk<RlsU&7EC<ISMK*Gl=v!)`@_I<>Kgz<>K;%X~^zy{#^(6?LM5*
zVyF4>PAt{KWW*8~HS_7|(Z7y?oB9d?ch_eZ^)wjv!mq}B+5RD`7X2(29+@u8wh5hx
z#N^Nfo_AXmw?I!sXrMkmTOsd^bL>8Gxu5EEcZ0*};r>;bM!u~omBI`K8+3-eF1vpO
z2d`@ar~z31v-bO2TK|-s0NGOX{qiTTo5yjh<~*tg8wBIWN~|6SvLC=Ps9Bq<&}zrY
zS2u3l5Q5FNSY-x0IxZT}0kwl<k1q<AV9e`l0aEscC6}m{nDrXt23M)FL#T-Ee9(x*
z#O&t#@R?fa9WC~Wuuh_LIHv?Xfv-_uc3{f%zsnYV6d*ErOTlkb()V@K+~MWRmn?>b
zIc~&f^nk+l2FzRXXt#^gKTC8P7<E$t4G^RrbHL%xxelW^3W+U&yQkaGX**JuufUix
z2?{dl!dbCPQ<-k-xeDz6s^g#xp3%y(Ud^Iak`IoC!CQily#Qvb!m-bFYPR{u0XkId
z-9GrWdVU=86c6Qen>t-qE7&=P&t@D|ob~6A>UBD~9Ql9lpe73jvcqR;ddmUf-g;>6
zZlP{|fpk>z=2+$@=j@yMq6#7ZkzafIAgk9qSH`+H7fzoqDk^ege;Z3%&hRNDGL?dw
z+br}dj_Kn5()wPz6QkL^>@Z@A6z!KUh1Pafi{6La8*r@4_phh}6~FMO5^84YsLmoi
z!S)1A=n0i<Tm@&EIIUd&Lp?U7p5Ok=+@G`UhfM6@K%ZQ)0oXk9OXD1Q=U&dwpI<tK
zy*Gb3z}(IcAEmciFe>;qxo=f!l^Eq~f}-G?|Ll|n1EqUS;lsa*_x}Rot)<T1fXH%a
zTUQMJkCTc%UA6r0mX{Phyo_CQHuwC;S1vSp8{dPpr-%G^Q0Kp0%d&TcDYg&$;{_cg
z5~gj5SLeznAe(&iuivLFwYNN}K?VM43Gi(y5x}==&h;3xm?!^yc4u%&rRgT;9vp-P
zLB*j#hzzUaTa<w_zlY(IxMRSGzunBra~lvG=-$0DAQoZr4=x@|8pF8#1&Sb7vRqAs
z4m;drTI0mG0HTw$o%Z2x0N#uHML_r=&8;E>qAPm2+XJc7NAan+e~`yigHK@kZ)DwY
z1|E9C`u664Sm!ArS6N^xEHhGLIPE2idSebC=T{thrHb7x{QcNZ$K}y{U8j`KYM_J!
zn7vdIkGA|W_nxPfuiWR+g+Tg*KX<sQI4dbMQwrb{chFzuz#$ZBmFx;fAQ(O0<9@fW
z{jS!MNC;x6s8Ex20O&8OqjUIJA6^G<SH$<{_SM8DqXUWN!OIsB(c;;QO($}(;3Vk6
z@*nrDXx{!4S=9Azws`1Rhl1Z(<mOtSnOWH*^=VcY;u)XtJ#T;Zgy}GQkmKrBH=jX6
z0yZx@ni8h*uKa#*aB!h%@Bt`oscFCK0e0Q9ciR4j6;JGB+j8p<f<J!MOOUsnDz3n<
z&#ZLGvFp@ojYYBRIkq$=y_I7ly9s$=dC+h8H>FoSN?xF~q(?n`$SQ}oQ2#YzAW50B
zdwCWXve>!$yPx%`;DjMkUvDgQVQ&#r<A=0dtxz0RYLy^(3RXgsgM$#I@pI0Io{lp#
zLUZduw+2&l5J(cnTr7}$BT;$%Pu6SirV;Z8mb#A|phoy8Sb;`LxJ!=aI~tJ=dQiT?
z4;Kd*E@j(q4|{P{UT~Mn94r6L%<bnwX=$tLVyQJRAJZeR_Un<n{G*HZe&fx@&kg=6
z3+DVI%-pZz`f3E%x9KNuUyy(Jlwc8-@X7Px4_i0kROJOR=)v07)*hyJ@X%f5<U<ON
z)yfIxjM72-NM94BI22j9J&nS2ogc59ZQlnyeXj8Aypl`kIZ-8~eJrOB%QDVnfLGtd
z*g5D?LEh<22x(G~g;a9DVfb%cni!G%I&lsfcybCU|8bp-_2chfwMfCJuvuJ9)O_*#
z9Fu{Bt#1&Mf(PZrf2hNZen+3}t^)pjrX=9DdshZ31&)H_{&_N-mri#9cdh-^{qo``
zlbJfn4)w9|12OT2-k=%nYR|F$=MzsAvVDso?Pm-ox>FR!Vvic|rk{1vUZ&C;jN(RW
zkVSXu`Ct8g_()hMC9loOOM(!h@Gi(=wy@<h1<h?yEM@T|(lGM(8~Nv<C;L`cj>bPU
zoZJdR%e7Z#DH(d@>M`qvwu0v&Jjs4A@p)f1Nc%V9ayA9Gw$KN7tkXWmkNIT5f1L~B
z-1>)(R#5f$`>4k)CafV5crT&DB8?g!4|w9bZSxHhgqCWr+#NiYFK9J9dS=A<Eg_WN
zfg3*w)5wTVHfx?Ltg5oP1%jpaG?D+T7{8Ej=-z`6nB|SK0;ZVZsWM&$e9DJu(K#fl
z!;+EFrgF4Ao(h@q1FFg->NkRNzx|O2PMESh<JQ1qro@j8@a)tpln~OyAd6&?q!ka_
zGVpWzm^;VG?(M~E?cc!Y%Bma7X{r$7qe?c9n(n>FErkCFgS##wZ~L4TU84dn{q##d
zH}XG+UNj(yA)g;#87NfOU%*3SofO8s#b7!}Imw?oT4}swhKLD$@H1pXrJ<vUSN{rx
zK&HJiawyMwarfiBru(3~LAh_&p@*{zJFM=6kd4eBi-(Um!?gv(K1Xoi-$%i?m<@w>
zsu*ulLv-$3O?>!52rs}V-*~P<bYy`p4gdTtP`!nsYwZV5Oz=YjlC^k&okrs62*t`7
ze?r<{0VzG+;*5`V#qty1*!xFs#`t|v8N5uzW1D~*h`9z?4+*l+v~homSi#$%MA8!!
zq?{6nF-)y;MhySj;b15fqNDe3xX%pwC_;x<7!w<pvU`w$zy6bOdcyEOB=(;?RZ#qY
zc?kb12t@6{f816M{r_zBKXB#Kzo#<(uYHk+{E!`K6G6L=hU0d)tijEzFU(!J#{4@>
zPrz8_E$Ci*lf5wUDBmf-IL+rf?oqB^uc_Cq&sNu(j2=C6!cLOUU50n>-G;E0DvA#q
zU{^<>`zMlbJ0~L+A45zY^|OPDJnLB#wam8{$s`*JM5I%M>C{;yJvSBUul3Reo`=bX
zcWxl+J5wD)mj>WMwa)xgi|AIgYg+e&SI6V*G;`A&I~5XsgGWO$sC1W9A2FI_Kawd!
zE#1L%U)tD}H-=TF8+%NAUPC`BUYXyvqT}%vj(vsO#XL`^Cl1~t$ewBC>sMM-9psZK
z#p$g15=zycICr)V=ew4&OAFUZ6`0A8=m|&${PZ^WC6p;e{Yq=?Q5!gC^0Y5v+ZYy2
zu$AcCIgyGrm#GuOn$y$0FTlJhNpp&LHGLz7UQSYSO-1y9D#uiHf%r-C7vdPCkgIa9
zs5ZjhEwZ>Jr_y@mW)@J&-{%6PAp@UsV|y)I{0kaH!qc1b{3LiLh?6_as>C^S*ZEX;
z7ldlxL|%NCv0Xy7{cP&Jgj(^61)_v9c_2E8+-HJrN3ia`ln6T7ET<8>Y%$t{UK*W+
zfGd!J@SqzyS|4kd9$bU&MVg`y=~xf)GeV<#aopVRpKTnSA`}_>&BnLQD~HgHsNBCN
zYK1=5E@<dF3h)1_MvnBJkuN!09PVP4`w!;IaMJWx&WRck=%R`gb6loN;3{}W*4Yep
z^n4+IgXFJxv;z?De0KSMO8-cEeM-y2^DOKSvTQ{A23<d5qBmKMk;b3Q&+E=!y??)%
z6_ikFnl6w!`6j%q;Lzwinn@%0n!|{{xL)SjX>l!kjYD)sQ9yBJnh3_gJ#a^2_<ZIl
zR?rPQB2{7W+G41&thtUu=d1XMk_;+pxEFUo8SS%ovu=?TOV(OYnYJTDzKFY+uUZPo
z!K`e~dQC?nV_lgmuW?H6@MMPOk)bjx4dEHn-M^+%>1b)yS-R#pv3^6CvpAUK+r?HU
zi-Xa+le?q)Yw+R5GDtbC;%#kO+Hk6QGv{#+Gn)9%*cuW@d1Er|9UansB}13>xy<k-
z1vuAg=S67fw>gECLxn(Q&=~$AEa9$?Ls~0hI@=1~G+a|OpofxjDr$BV@>QYl6uUd0
z4oAlf);1Ny>rM5xm!cxa>zXBQ?{KJqGR-}9tB33~q036slffY1L4p<y3%adxN>}*r
z2pxLAYAE1QUO2dHbhfB8?Tr@n80YM1Uz#4VZOdKXOL1nPHFd@~5Pe@5?vS0{W3sQe
zRi2lYyyMVNz-XY$ag#AUDP}lb)pnj2)yw=WncQZcQcSy9M0xRWiK*7fW`-kq`JzVq
zhV|=tV=g_g{;w5rb6H+ea=gMx3R9Iy3j9_9dB;^YpU%f+VXXrwTS2|2)3{goSt0}{
z3XVn+ogMc>5%k3VNzGz61>pA=39;X+$9L{H`O1-`iexR+V4D5z4!i_?0KF|?s}si*
zd_<D2_~j%}2|sR7hfS9%#xm79M5|#EQ(6;UOI(h(X<&I~CsMtufkH^@MAuqo-_p|<
zrs8?+6QewhP(@Ts-yv00AHPh2nSNxoLus?bSS_<M{M5;8NZ``n921=}KJDcRZ?bJo
zN{)HgM-%wG5-9J&1Xbq_N5P+rANh@GN=E!#d$9NT{%DqOm?AgwlHyJGwpR8>Hk~3X
z*1I~15NeHgc^Wp`Hrd^T*G*a6jmZ(~d>%WPx;9$jjEhXSIV&{U7-nvMcmfPl_C%w&
zyhEz(uuFl1!l40{xMJOoCY0%+8d72&kn-{~zJ9QKt?v|;xFHUx3|HGLX#qM~PX^O<
zOrG5?dn4Ryx|HouYPu6=yf(61mikvgnnUzuOBt+#%1dMFVH0QQlEM;EIw7vkCc4T|
zys3rluA`3)!UMg3i<ZYduXN~DI;`3?p9U7)D=vz_0G%M8IZNlmk}tU%9$Hk6?*GVC
zZdhy&b}A*%K6pkG226r5_v`$fxun!aQ<D)pGZVJ@zI3pqxHDn-2xCiql~)26wduW5
zMk`O3;Nd{TRe2n{*|J;8#P20FZ=dHUA4{H=)pyoDEV52nPLkSWYK>vdI{P7!H|OZQ
z;U&d9Eu3%0k@qFti`T$-#@DUu5;ipnOOC3wlAucNAokdaNN>tMIq=f@tJ%~|`_KTK
zvzbC$a?~)QaW%2Sfs?o#QhxBKHUL2FByZber`%=<r`QDAehuk(p)kNteE)dF4$OTu
z3TN%Ucyfy<xV8U$Ici$+?by&nJ<t_Rc36U~^ZWoyS!#4Z$=lRmL7I)%mYa&dAAp}=
zz_`pgAH|OcKNJQ{hz%V*C!>M|Ff~%2u71SpJ+~kKT*j%aI~MIEv-565YU6#N>#%=W
zz#pH0x>CV#uoPztgS`nL<R#;14`XbuweY^|A|~!`*}OKfb+rUKEX6D_rD<bf<C0)6
z(zVoK3OR6Ay9r0n3DG!J0K>^uy}aG;sz3R)3>eARsio=Ds}|6Vh*C^IndOA$mqJT5
zinDPQ&0}@@y>QcwjI&Kz2%8c(`sAl5;7KY>0b^liJ|vZZxJb^=S{)@EDtzH{IjCN-
z{!XG;ciQWWP|Cd0!$E<4XQZWSz@Wgw5ZD{(F6&P}+z&<@`3XG4hw~Sb^Ua2GXm_nR
z+gST&^X5LvG5VIBj;3f*5n^q4!BFc`J%hVFpUb#3j$uB`P!FV|1x{PTXhT^-2s@#V
zaHa3GvZ{e^kBT;2nvJ^tiipubLap^zN7=_8!2_zj&v&=mB_;3dV)wwbQ0(6-B_02n
zm}-}(f6t%U)haX9JFwSl5W^MsDzI7{v(@h^^nK9fx{;8c(dkD2*w6Ky^)FtK^6S5K
zpbzN4g9J%<F6yi9`2MMJ?%eCz4OzT`lFzxCNk#_9Lrr?AMty$<!ub2ZOso{Yt(o~k
zC3c;uxT)Av0?R3B`D-G+mw7`kt9-AYT-WU_$&>+kE|c`$;5%!f{Wohc2|+UnFj}VG
ziwLf<nr8qD$Oy$rwr<F-LGMYAk3#eAJU{0=1<1lf%JHYSg>UA!6aq7oX;!lwe|<?w
z-XqHJseEyY*>|hs$8U4&R-Oi2u4UiN<I@X5SG=ga)|-v^u}FMl6^-Po-{Bk8(>#Sb
z&pRZvGn?|xeBO!I-6*!LmjB|mbFu5H=7L%8G!AEan6(ugSPDvRAnT-ds&GZieL2#=
zq3LB}6c158hG1YF0)48fE=)TMN(&$A3v{*D>az|wjQG*|a{9T=aoVVAkkvT}?>p1e
zVMkq0_coE|UqZ>*J&o-bpRb~f^%^qX^9^)IBV!(kCi_Y#aV}|}Ex|Ny_&~}{|G-Z>
z#rCUga&+nQc6pq(z;~IS!*Z8YFzSJ1ovCGIe!>CXs~!or&Yv0W)9lQVrHZWVPU0#p
z4d=&cU{lvJo$7G_h6zH4+KP*)xE5;JKh`Z#D)sI~4EKsJILqgUhISy!LR%x?T6F<m
z9rW)wv_9pA8a+nBE`2(gGd~KzDZAIB$-_g}U*pI-^_`-ZB9`=;GS~S=55G-Y`L&BI
zwB#QMd#!IZo{+8hvE|fSi4%3sJC-Qk6{tUJoC~rTSFoM)5<iw8tqz<#5WB@f7b5R4
zZ)!cDG<tC{Jz|p?7cmb*m7V=sObD{5p24<)$@{DLWFF{G@6Tuv775lC;KhI~$hN5~
zxI7!VcO;Eo=H!eBvT$|5Bm(J#hOU#fQTZofO%PUoCcVf}uGADkW_mfbDuWD*KlpWP
zZL5_k%zA~6{)8k_f>qFRh$7KVFr0DQrfaYfhr<_Yn=nPqn0?@piIPX{g_0c$b9I>z
zdaH*=68glViWy7R-s2vlZ9AHG>m;B@ut`w^<^J5hLz*x}TufL2aF3&Ild$ez=l*w3
zRE36n?6$upxXdnf@&vHcEkaq#+^jN70t2rM_r8)3e;p%+R<vjUbE5yOBIT(ZW4LDK
z`p7-%%<;{jv)D`$?<1q*;mw8>nJhtmdFC3qZe*%aa~roj3*4>TvU;k0I9}Z#;r3`P
z4#g4??2)7-!ksnK@a*;uV?gcvaiIA*^N++&+bhR-ADijt=l(?_(oYkjHRG!w$=#;D
z9OaHI)g3;fPRl|Z0()&9BAs8s`Yf5L)=_Yy^-6mK3qoYr{~54rChzd@LXNKFv0Y*n
zc4WlIxS@3;d#0kL(!h2*dhlnMjvES-JuyN3I@MS&nS({donM&xoU^7k!_v1rG}K_^
zoi%iwI7R}iAz5&rE?p$+q@N}Ncor~G_5wVrsn1OTTu*QSZr>Pf(s1;XEDM>eq9NTF
zU!^qa^<Bi&8hu2>rDqU;6+=aQ&JveGS)d|AM{l(Zh3rM|{@7xwDUNbwq?vuUm2VBi
zf6?`9|Cx#eNyYOGvo98y=qbfGP1{-W*>7&Dw%f%vNjqYdKMadvBrZ+Xlu=~`fjrIo
zbL30j4r}KyDKvpGY(3jJ)dQKZ?2$AbElu&*N3~@ka5<IMG;7A+a&xd4Gk<X*fOpDS
zGu-Fpt*9{+Y_AOG+gWSHiEHiO0ZL%)yMGyKz7=?!omRx|2zNbYCF0@=&pGN#GWFiE
z_D|e5JsHwGQXbx#QA+13$M7W}6bn9WUnnMSiI8-!kJ=C^4B4&w3-dr^vq1=Oe%#FO
z3ar#ovdW;tZ)sd%$L5o_7xJDx^*W}Mz7N_x#g>H5#th#{k2V-t?z^jWoeAOk*4=Qj
zE$4>>qE#Q}$I#ez)D$Cero(X22khZ+h`3<I2t9E(V5g)dfl&_JKbhLiMi#&(73mU5
zLb6v!B{IqVW1V0fC3T7z56hb>U2|oZYSm(x0&8(!m1=SH_fc%m;P|Zs^pIw6Y1vuj
zeK6RFb6bomC59p*u5C&;5+V$5q`n;QJEjIDO#%KpKVJGBg$lYMRiwYTt=nW25|mkm
z_|gUX1`c7^N8tKZqSZ(XW~hGjaqnei9_)3h(^oq_ARVR}rO0nveiwAiuqyAHbyK8u
zPT~iM6a>Dr_mr<cL~HK0{%D{ZZeFuuQJ<HR<fXYh;ME^w;}Inqjz=RmsyQKoWUI^l
zzw(kKaeLam?MnhV@Gy{=(lNP8Y9hyCq0dsrll!ef=`pX`WAb<&G&-M?hx@*R3U9_3
z(>&Th@{3azfkP@w8Ntr6ru2P!gjzKcw;A6Hv^tI$^O=|ZhdIE0Tk&)TmfV-^o(CjW
z2`5P%XR@r!_og^t(=~m()5Q`=qgT)j%!j=xPL~p+z)wypE^9iN4|Tg7pBn>nyTpwM
z0MScLHxf1_k*0DR8zUj4inemb4A3!7UVN6jJiP47^v$YV0HT^uzL8{}h06;2#1(k3
z->0cGTRWjiRyUIF&+!{IR#P@N9r!lSVD0ZZwD5iOTp)TavKRW!uq-k|p-p1g0EfnZ
z^lRju@X)@aHqg&NzZ9_{HuWQ~LeYXm5(r!THb79@pQJ#RkL{}Zhbszdr9a5JE2eW5
z#Q_=tX#lr5Z5#W-(y)ha^D26?U(|urCA|wQ94!1RvI{+Xe$6tuBa>Ze5P4xjUkTFH
zrx&b++`ZO(*9FJ2w#R=>W?L7Qd_Z&QHWWbBBzmNu+@&niH7vf}ORA3^g=U>?im7fc
z5Ot<HMSkmfoHb)0qH+dIKS0vLdV~QLj+hQ)O}46Dv|r7#iyonW19$MELHMGKq`T;u
zfXjAXp!O_?-n6B6sxqTPL%$%)zHWJ8;s&e^`(;mV@O2~g3H=M+Hm#Gj>Z+SDD^*}F
z7t7Krl=5)0?&80mZ5UKBGAr2|gVavBEH?lr0~MI8nc4<RmRWFLbm(WF#^-paA$y&z
zJvKgBLj_!P8NTvu&GcvTa)!_eYg7(n@n`ZYZ|pPcZP*0L!m6e(*NTs|9gQRq(7602
z`P>CTje^<-!@cI6NPWA+xNp`HvCA2<{kcrA$*YeFgpC!XS~uPRWFxhUvj(XN`g0C%
zvq<;7;$}FoLfME-F+Pt#THA>E4P_8EJ1SgGWXC*u^i|ZEX2C^fJBVRCkWCNf$9J=K
zk%EZmT9Yv`yG-i?Rmx}pb&IR*gndz!g&3}SH`B&4#e(}vy(qgGjz?Rt^;N>2A0LZo
zO^au+mu)a6vd6WVCFYy%?w}F8EvHDgxseZHm-On_iy`IrK|Uk&ICOI!J?H*30zZo+
z@w2F3u~0zOe%|#S;h})G(KCdap-%aa@Sz&IXL%`!c9pxyRwJ*SXtNATuipkqmrh33
zeZP3d8*H<eWUOUz?>4eUwP?&;n{pYww!=0rr%;k32nh|I66p#z?X|+ZEea!J{e=L4
zs$C8cxVQaSEgT!klu>NsjK8Gh4i62mQv$F{dxqrAMW~fI0XBho3jngY5ts0yVBUs$
zf95z?Tpf0O0$J1=ViUetM}7K=K6n%!0k$x(B)>C@K?b@E)Ai=54Ju6-%1P&y3fzDY
zJoV_qhk>N{FfcYnS@eOw=D_=Tr_9Os-@o5Z7qPV?P4i{T5_KCrK{N9>i<;V3zeE$j
zL!)IRn!jSh$l2|Uhijsv=VW6WQKRxAG~H8o`S=`M#ctVB8*D(MyME}jtNjx{^c{;f
z{a8$EaTO9i#u=s+-`2SucQsKucq;$)1jVDd<I3dxjnDMVhcX~rQXHxCC_{s?^{9P=
zR((^cW~7_9{wNomE$>Ho%ge8~IKW9S`a<3Orb^ECyn!ZJ?Fh+D(zVZ!=jpm3Y<N%p
z=bJTZomgNc==Aw)LB7t5q$h7qE*mvQ^HtX|J!`$|RsRW9K{K^3OEz6$UMx$EV=)w(
zn+{u2Xlt`<KsY;8oa7M`PO_aCxM*vrpleAOI>q?1zX14vI9gjdp8Zl4vm^9;wQbvf
zF!#4?zHmyCoNrG(>;7Ub^y_Q_qpx^PWbbS9aQy8m4E4SAQv0~t8SJaCrCjkg&KVFB
zE&%uMBS!*+D_d&l@>qjW!K{$>2XC(vl$(2qpMMebUxl&`_>;BKHL8e-?=ZXK6J+Ru
zx`nN0bb%KgJ}4`_*+O6D++zpT;W{ZborMA)SAQAPdJ6|hNs`86NjF?YBR?y`4`eAH
z(%EsOZ1&D>WSyOrO;_6pdm5X2wQz@1iO|w!%~U?US=T12cTa%BdP!Djy7q5%js&zr
zLO~rZ?SU1cmXQjFBisW=GrZl=`D6WY*2zH=t?6F(UbaT$@H3p%;Vx8rXuCH5GGHmc
zNjP&md|u+HqS2%@M$OGDtr2l80m0k7H`114dAnH=hmM#bgM8&%luhgy5|9Mppb`{s
zVaOv*t|S)Q!_lL@zX%c#rfxE6&1c%CIZ)K$W5(IdrcL%y=&Z;ytptTpp@@R|Sb7Pw
zRJR0xCxLsC?6NitCs=Y{f(gZeP?EKbAie2vt!^Zmt1Q<3(D*b@5Q>1>YI%ttSlvxk
z*)xWBJ4FB&L=j`2FQzCoO=?wk7AAOB36JbpEGvMvO)O9$4Cad)4Tkx<3sM6aloyU4
zb2SIRs~s>LzWPJ1d4Ya88V|7ZMp{(?wS?3u#uuIlD?U?z-VJ!EFj_;M7+^}ODO;?R
zF)0GcejwZ(@zoe^&nfeFWfDNV{WvTM!s7(Qw<&$gi${7)xwT5!<5zn&zvgWdDS(9t
zMZVbIp6H=8h_3bKc`_s4v2#X|ml1z*g7Hja6|1Sw<bm3dG%UT3xpN{(4-l+FSj;fh
zXxm0jHlcD69<B6gC{3!HnP=_2sAymXIUSIEwzbbprJWaO%iJC&@y$lgsz||?1b&a)
zyJeoy^WFUI?HCY>l7M)FJ=R_uq%uT6Kqge?|0qcWJ=n!HZA=7GlDzhHPd3b`6RMO{
zcW0>Ss6<RnHoPW|vXNVXpDU-NYEjns=H0PxDyejI?nQDnFZWvqp0CD;K>xO!2kLOg
zp;7$iadWL&QnnLnhc57-0+<6bA|k7@OKnvhFB?foe8R%oXRm7fIM8HdCySTA^6N$+
zO$0F6lK7BLaq^FB*H-p(4qrPEt9_{~J?hhD$$kwod6|O7M5CV0$Jx$VybsPc+KdX)
zxu;D}h=}a=FxbteU+k*GYguME8L}EuwYNjTqi#bg(H{wdTXjyN0%^Ygnq{6(a&zEn
z1_@->@raZB+jM#$I{?xQAXia=0SO%`kboS<5`2F4TJwwH@h;DJ_4S}`o=Mq67rdq6
z`co$;w?ref27XZjLYPGmy60E=nt;&y7Cc$)i=}Ojty}{MQpKMwg>X>}@w76|u}9eu
zM=<Js(E(BeZ2d!aSvy|{hcOyj?6)qx?l?kyKqd>!&A<~oQ<DLO?5&Bon8)5+;p}#1
z-bjmtkR2i-f3jvSVVW}(dJg8&uoSkH10-#hgZV2(m7Ulr1Bd1!1DG;$`L6bKNoFC$
z2c#+i(xgp^UKBtE%x7H8GbKrz0wE=M<R%`CR-r=ZOb>Uy-#L*Mg3tZ3a|}FiVqKOm
z@KItg2m|g9^ASkJjfl(R$EQc4ngF{lZ-cy*hq-)k-<^y|*IKdgA*!0kAnkrs&{oEF
zZ#Rv}F*9Ca)ZKoac4rd!=z=^!?2p>{ECB5D=4868J226pF-M*}kCuGh(!OrPHRduf
z_PI=ZKWme;r5z<(#Xu69qGTk%x8LCzS)B@xrUA$S@87Zw;JoR%)XIA`kqWNslP+;|
zN_%`Ak|&_~kNZkx{uac*$>Yw54*^Cm*WeS1+Psd1A!i^a9mO7jcn1XX<6>RI=|23G
z?|YwVt<9Tx?+hjQ610#l_;4&b6&pmBI$=G*F@gdWg+59kYt40j+$w&vZb^-})Eq1v
z^v2O7;{qb(!aGL|9@5_3yBKDk&p@HM@QW*pZPF=5%@R`!=mDOOtl1*$(wNJ(h*Bq9
zexF8^dtr0BxwMR!(s@eN>y}aM2=2@JOTTQCrqDbua#{agAoJ7(+G+9zJHVaNbNti6
ztPPiBrbz!b<3}yrz^eoO%Pob*?g$y60j9w|bYt;sn_+n;FG-Iu9fEfIZB)-|sSqYo
zZAV>fVVMby!Y@XltPynSO{6U|{%?o66M_V2vwZm52qER6j4EV|z}qKYrPB$r$VU8<
zkQxt@$qL-?>goGvXG?ugYar8yB_$Il%}diFV0rSSjWYcNr+R3xzt?DU3$H;I<uN1#
z%x!<^WxwnWjO;*i!oGliOm}+Z2;V7y<)-^3x7zN5T#f{GSboEZt@*4^q8ksnXicp<
zHAfRsp^9I;`j0nIeiJMzzT_ENmgY}PPZfDHy#-TXi^h*sW2Hd|pyM`zF?F6UGP6e4
zsM_0HIE#WrKi<YxQ(l-ZlBj`MYb|yfOioTv7VB!GHLhp@kOo*Rvc0qGt9i$<p};Yv
zDl~NW=f1VrA)+GYB{6(;S&6d%?~X_LJLApOZJ^sUSzd6ka`0V}d76UG5V|8RsC18g
zeeXh%DzV^pBG5_2J7o=DA7o8kFODObubUvP3tTsI6AqZ~;OzR9n99-t2OjaaJ(ZMH
z6Nc5O$kW}`CfrT=Lp4=dl=8bQ?hJ782IKZ)*xsj>5`)DHg;$l91Gy0be+n~CWagRM
zYubeK%S~P!=b9g4b2R2_MW@zR7Hg!gz7=A!O3hwapvv`=iB|~jyO$X?=&U07KIUrG
zl9jquByU-my^A3CwO-PCWyuHKQ%6J%$FjFuviaoKkzbB>qXV}s+8*T^*a4FY;#iw}
zrIcO2G+3_fp`9UdciymUf4A&MC@qhlr&jiB5HwM@khSpPv+<?3E(Ng_ZVsxpM#Q;(
zQ1g$<Ql390)5_kMN-1!=99ZB$P_(Xtj)JG1=qV_GpoUd>>AWZbF?<Ur2ykO%sMysY
zcaUe*cCSBJbIbN1i|hZoJc>)?$u8s3ObS3W#&l;7B==*YqRTI&>8`b_Spc|W&(Qrv
z7GxwCqlXr}YcZ62VHeIL%}CC4SMyuZGF@PxB;dVHK6^Z)AS?h&je#J;4>I(F!sfy>
z8)gL*SUqD|e=`6<e|t3mlHYL-B4_BZF;rWy-LzWEg`cIUaMxO)%9ao<&H4vKVE!Ny
zrjt9=M?n@^YWFTAr!KY=m~kJ~_cwyVr(S!>cv{=*mHR>Olr{Oeh*W<|YdKg{9p;w-
zYaIBTfA`*Sq2}%au|HJCjuj8pr1pls72VSjroj!|pf14g*JBL{x)JmzK6rLAaQo;M
zZw@jlZ}C|d42$2_ws^2q3_=zv7`D6caf=#z;Cew{y02eF6P^$-kVwHc@R5S8{o7XC
z8WN-$1$J&HyE#e=*U5PPjQ?vTg8h4!>~w}E25mT8*WJD(f=}w^>0Ak7kiAO^(E;`S
z20s2?+Sd{W3;S#|d4K#SOW|n-|63RA@ic)K^8X)G2z2>l0m}sZl^6TeLLh+q^8e7s
z#D~RcpY`z!3@zG|3rP8?YsBIeQY|6knE37KOkoe(WfA;P4SwBSt$>u%pS4-z-weUi
zAz1qrJKx`>0Zfx1#CI_X2piwk#L3|!JhzUGeQ)xLi7ud{JV-v!K-Js+=85F)x13L$
z97Ebo!3Dj)e$zhY7Mg&@GyYEkMP>2n8lJuJoGgPG((XrGUhKM>q-}x5GmhG`DB1+b
zf+2XGh_1`J=cC`x1$FbCK;2^QK-g|xAs`}BWojhHf3ACNi4u}Xc4dG?!_j%_76Abq
zPscTRl?_EppZo%>nV+~k?I1VtFgeM$IV7)dWX1zc3+jHZVZg3b@-G)aHtV^X@WyPb
z=;oE6;8mPgQo6gg9>P4!-?G2KKxY2%4vATpvpIOL&KtUJdf%JjW(rZLfg;pa5$edQ
zw?!P1MtC*RqF59)EhCq<$4c=XFA4(lug`rs#o<r;E+lv$5XJ$(yb#3o%RP|uxya^_
zlbmQRH6kW*scj=yI#aA(i|ex*h@mGckf6j%VuCqI2KO*r?ha``mjTn%g4?sZMw)HP
z623Peg2q57l8m(S%yUURMBhms(-VPPdYqrq_9K|0dN~ntZjnkx8JD5VbNInjOQ8Mv
znet;KyOrrmT;z9NjDr5pC0+(dc{!LaV_l!)Tpz>?%6P`mo4xx!b8o<`SC*C=Va{tV
z7hBPp_^kGkI<>xlhq2!`yaFWH`N@~|ypvOFU?0|K$<UE#-M?56nN}uT51@n$10mez
z<_fns$T8M*=qJj}2}mjb&Nvm_+TZ2f$6f0<wwcg>W39MsKGGV`#S!|v7_}E)Qur!P
zF;`RVsEr57Ucl@up{bv(4KZ2%QztaEf;>02P?5Tuo8oJv@gG{!Rgp#1ld;>OV0_BQ
z=soJ1leZtraTgeJPg;WT@tKKktz`<MeV!`Yq=!z={FEb4N|8n|8`06rfzx%4Yv7xI
zORt(R(9+sGf2@PtOx!<bt$Ng=HgsqLDR;ikRwOATM_Z6QWydR6z~Px0SyMD&8g{UG
z!&s<bLdS-rS~1t0;yL)VR(bMX1YK5XsXTYX%>kX%Z7t$%q+K2Rh<X$$#3TR^kz&q2
z<<9B+{ov^7z-Hvz@2B3$73+LS0de<u&ogxmt?^QE6+l?W&w11kzu>*Co!1Hj%lqwP
zbbu1Ko&RSlle<LAx#>yVv7R9eG?!Uh{+E(DFQSm05edEz(Q2s>*(%6Grqu5BD|REF
zMG|^*iIGFt*sctO^LtPwhHlwbL<W@RrNtNV)3iNjRWTrsHf)%r?x;2aPlJ>Ed%h@=
zdDACwvGbuuN{{8=V*%ewxxKP~&>+IXweJCu2eQ{V@mX22PHYu;pqxT6)lG4KJtu`V
zuJd6H5RMO+*shc6!F>00X=w{sT#bp-6g}Q)AHT%!Q__l=C269;jjYukE%)2!-@Nvl
zbU0g-d9%3oo&pvVCsUzFRVk?fvwXDZX}?%a1|7qjh|th|6%PJ-^$Z;z!}>Ar!~U*D
z#rIx|N&nE@o~#D%(T#<$5hH2)lMi(IxGPF6B^5LuwjQkIbm!ZH=XIjC<%<;`x+<nz
zvW}aq?w_cAV6{jFEGR+1dgJo%<2L%$dSGNhKQJ*5D=pz1BfG0VoX~|=YV_NH2Vw3|
z8<JARuhcEv>iBf1I2g+3L;;Fo;kgyxpDJ{ny1&h))1}Souucq3{tI^2wC1+|2VRU?
zfyN>YpRv1nH;VX<HXojhLdxHO>A9c?MrR?9JH;Z4L&1XZZfD}>Nx%()m>^O?POj0E
zIjS>ZcDK%D5%}IOfS&gEwkjKuTTw5!53hp72gS~E3%@qdsrLHwHw>nECJYX$Q2fB}
z1LcaG`)Tgl$89)2dTfT+vAUy2OA*Y@2hFrG!WU@Od70NJk@4o?r<~hbwsj?N%VUQt
zL1$oUbc{`zJzBIp|C_<ob>@L8*%WyZ*v{Bqs0D?KF7ldG71XKCstkEDH(iGeih$ma
zS)2FIh#;iZgQW~HVMxZ(i97=Ro)b;iw|FOCRan5?^u|I>R(;mf6L}>Ft<qk(qG;UL
z8bCiV7>vrNm{hAW=EEO=Vxm_?Q!*xKkn8}3n7jq;&*`Dl&CB4hU;kv`PE$i>KYjyG
zAS|EDO}@1IHnA+fI?4(HOC2`AA++OosxaZelRj(2blVi)Ik|Pxw85N!O#BUVV3_s%
zt-0NnG20PUXMai$j|4vhH?euC!#P!GO6x~%2IanJuVk5swoEoS70*)r!QE<TQG^}?
z#u%bwm`5lRsdps^@w&azc2G2h!L;!2TwhH86ng6S^#)6_P(==NrwO1!{(!$|wLQv4
zR72*j9>TtgNsfl#HD}UfucLSE4a2vupgqdKf~c*6n}}a3NMeJR4&M!E^nx!zXen;7
ztX^k@lwW|}*PK(ZPLjEQ&w0tDZumzYff2aD#3GeLwt!IsG)AfY+vftA8p(+e_DM^(
zWhOic--O|_gEx0V&lmX*CO067G*<}XCT_74MR7v%2@DxUrU~BQ`{S5*PrdL@Er?0O
zgYxIW(q!H|A^34^*I1Cf)-F$L@-(=B<GT7C3-H3Ahbo`0LW<r61^fK`_WO9^ph+nk
zpbg;f{|Evkz9Ijg<0&vO;P3zUP!U1ebdBv90uK$_g=E41fKC-Zxk_sJ+~aF(pFSjr
zq1YfPU&FZh4?N*lP~a+Q-ka2nK}JR9^!yBf0DIONoE{stDSqHsb-JwwZUMAmf;dId
zu+JB7UIhWuXu)GxWS(_=Zpmv;R1K~_2d^lM6gT-A@as)@sKH5MAF}bOYbr<7!W>nM
z4Pf4IpYddY@J~gJL(1msGihb2@E9{#Z{Itop1$M_yKjkMe@pe@UE(f-U9CZ3>`g8q
zgGYo~dZm75YbQ(1-iucupRIze_M$pMF26jemef$8Vl>B33(xCplG)C=h?V(lWL{IG
z#ubQGPL4tNWmzE8&CF)~-|tNG_HEtf`$N05kw?$?oCBY6HBE?9tZqFt9Ce*cPncsT
z9?v<yz)u1m^mTttJ5kr%qm()hqa<(~+M69dr>MjTC$dU#`BO@eMMA29TQ2w(X$>fD
zNKgX)i*~vt_a**I5On}y^@vsO_0TX@8=Ogx|8)gYqzuCAfdr?>(6F7X3NO-Z5pW+H
zaYkO5>15{cpodfR#ZoF+889~yOl>FYeI8DwY>&I~L!pSbCD_e`i{Vt#e6Ya~IH03X
zs`#D1gCB!}Lz$#J(F_rbe?o$!_<Y4QQYxsx6-i)SO15n{V_hX3k<r~dcK{^%q~Dai
zM}e;%lSgZ!>%pi(s1>dD07%84_}&!=+n>qnp!z5gk;ORP&OE0Bo>Jhv{qM9>Rp7?!
z!gij%!$Wi)w1$7e<Mi`yudhRbR4vrs<L_ntFVRlXkFI=fe^Fw{-xZ@f^x0th3FI>%
z!GeDQeEnZ2)`^;>@ob&|o+pw{%YbX3FBS<bcs?>DQE*xT{GtdBipD<$`QOB>#=rXi
z9K({kVCn_YIWL_XC8{%QW^|mHf0QbmYKp74JUt(`THWha=^Y(^9kJLVv}6ChClET)
zI#biiARYkUKdlM$wybEXE;gvirn~%ki!*H9fH45<r0u~q;!e|!-Ed_~l<DlVObG)n
zqitu~LPuL6j`I{`4vy*Q<G{;=4Ko}8c4HzWxZKQ8{USodlh@D5q@El`{V3E)94dS-
zozm!M2H!DOz$q*<;AnVrizbW)hwfb|FuNA<yH<RV8;Hp$`Zu`uGf|E7Mh#B>^m0h3
zHgY$#&Y+E%me%){!agxg0B`Hz%$C$9VuD+)D>!u?L|KtmFoApT0?<&-@W;pQQj%S;
zR#Sby^$z0wD63%(bAhB937->0MMDvINdPK6iT92Uzx%q`Yfy|!P>3A+y89!>#;#v7
zR??i-<}`pp;$&`dbTS3>3MK(>`}@j3>Cw>WRD48l^l|Q-BfNIFerKwLr}i;5b2m-k
zzVpSB6`^E-D5xQv>c>Icc3De6Cr8Wg#n+vA(TCViZ#ydK-WvQod+~b<+2=5jQx&c=
zZsp$##3}6;vTk=Kd>7W^-nT+E&|YGo$5IN8TNiR?33UedGqGnoE7`d7Ip%r$J;y@B
zJ=>HlhA4MFmFtgY6(1zulwdu%9E;j7$ZX<Yx`>S;n5k-DO(5OV5!l@dZvs1_{kAts
zqwKStmPD=lEmrc4YIs`DE|WOsP*&Oswd*KZ=)l6Y@-yyKki-OkJY0X>__{x=U)NRE
za`Y|5V<huYG&EC~*ciI4DC+)IfZtP~oAsn5Lcp+&Yp$2Nvh8B5rXo*_Y$Q{cLj3`9
zeoovhRpNA^;}ivY0z^~L`pWNeIga2*RRY+I?MokUA>t`5*(D+7(&+f1tMT~4hu~h`
zK^#p0+f?oP&J=hZ-@ceYbaW#HbK>g8<-zwx{#;ifaqN#U^ir?OG;%8~2}=@=I4!Lp
zdMc+DO~7B*oiIPQS~_3blQ%s2!`VTf<8mH)+)a3q6ta%^Y?HRh-gWJk@9MT86%o;X
zM-z<An}#uU2o4MbBq;e0ouKgHMEhox5}8Kg03sBQ11-mb<Juj(>p5Fb`wC9IaOi?l
zga9(C4qh!3fKeY|PsWq62U6A_&HJ70kGph3QDIa&`iWADQMv1N;x13by-!BLNK;I$
zG}wX@z+asotVZP*?pP0L0q*N7q08lYP7d=ribi*Z`R3hx1CHK~xc3Q&YtKHefCE|{
z2A-b1-Zu_htMs0HxI;&~k{Hprnl<DQaZq)cCs8lqS>hC3h3ys;dtUjoH`AU!kOnU_
zOK{`~%jFKtfck8AGxWWy&`MO>2@>qaJgj*t{;R@j<r<B?Z};+a?a1E9{7+fAde?i(
zhopIasD20OKNUCriYnQ_lH(3Ws9`bztLxSjsnomC15+GxBbax@3i(st?Q!Dx&nWg1
z-+V$#TRJ;QBw##asC(Ik?X|k2ZJEuG6h_nRV7K7@(#oJQS1gv^6o<xwSqEL|G!~-}
zdw&!>(q;yqJ6)cy?XK#*wc=0XFHB2o6nON}dvS7Sb<QxIOM|UDI|Q?GBH>lO_jbRh
zG_T&*N~U^UCZEHupJ9JJ$-b~T@MqTxznzAR&`|3ks}<Oihc3O`147E(DEQf-8z1Hj
ziE0wOd7Ey32`2h5|6FFJ(J*~K@iBkT5LszhZJy$8;1`L@b34wieCpy%t!)XohmCvn
z+Dc#Y7jKlzvB1UB#bJ?GkAkNcupAii#<sT=NU_H$s}2J8VULeJdzPX~Tng*%6Vhx&
zNMQO$y?>dYs^OT>P{LNsL7x@R{<qoX(>fZT%C}$8B4xApC7cHm$(iC;tS(pfKW?ls
zG>NPlx7k{O76)E*zuuq3TCIF+G2B-#qfDpWb!xqQmD}gfk=ljOpI?n0n4YqSOYo}x
zT;n06hP`{W`q#6jDS_UT7I(J=-_ewr#yp{WY2=Zd;=U}Gn*<@27rq+<3Y@#q`0q~d
z?uIHYD!Hspyb*OS7r6ZCc5Bt#c=e5qnYQ|caT%N{$-xG8*YHd*pcdbkD4Yul?Sgw3
z<~BJS8&%}#-jz`pgc#zSCGW0qlEFE1iHoSHCp=U@c<*(+F=+NV)Zv^J<6@sxX?2xZ
zsIL>D7GEI7Eyvx;;>!#>X*>E>kNCD{?a<%#h4}S8K_J>(^vn;5nz;*YTxlwszpstj
z4K1-tS)EB<_Wt?C$?xFZ>i*=j5#HTi!o^y?Ry%lO=;w1QG1?XOX{TsygE=bgz0J_$
zJVjCL%8P|6oZ`hO**(6CSt@~ZXr)joeEcC)ptfhW)l}54`k6TP=l2wpMaqB77~oNZ
z`M%9Mt!YFE17g4xwn|Is)frYYUalD?N!fv9{7(9g-ipX^Nkpd4(eP;jp@izm^RwEB
zsV-IyD(p#A{z%VAo1@q6(hs%q^>0xn`{#E2T^QWu)+xG-GAcCmWT92;a?uM_U^6`x
z9|gz0i(nnVc6QgVkfFfUp~bU$Y~|>E6L{@0fOl?I;zll8DWRd8RBTfE>ikAtN9QU2
zPR8?;b;h;);x4%T)9-|0M(Cv-AVZ?;Bd)yLI!o@0Ju@Q5pZupkPBn%MOJEDr_s7eY
zG}WK@xoN8#)Ru@Xd3NTV&O1>@1fr*-UW47=vx|@H=4I?+{g4Gb`*m<pt?6}vwv&}j
z>qk_}zpBa>sZcl!*c5Ovd}2%q<&Qi*Dr-A_B`LWe?io!>`%yYPAqX)~<8716KT=<}
zSk4UI-}QbMe&()zvAnT!EzYaWPyYh$w4i^&2d}SVZAIk`?VrQ3o`-~!w_czbl9X27
zOSt+VHnJKCr;&S+UQ3k>0SGgdUSm+EB;^DL6RGWO^Y6^)Q`|mzC^EN-6mW<h5%Z%B
zSb41?DWlHVdh{-7it3~e?&30Zz}|Kq<&)~lsjfNSYLIdI)@POP@#;#6!~TK7R2M4X
z_zhSP6p-@T>GIKs$H0KY*Swl&z#oP?3E?PF6ykTp4^d4O-IC8h;_3D!&whr4e-4Kz
zX6dm&Z-R)l46k8Rkw}J^5yq|FL&@!8NX6jc{51b`NgHy7Z$G=v2}XncN#_E8cm8Yj
znQ;S8z%gG<+cW(}I*!>X3a5quby4TP1p-dr6ZXzKE~IUv@S#w<A~%n~6|MJnp2~ie
z{y2j7s^m7JjV85w&6cnIPK^yz|J0U8gl6Z5to$nYLe3m5zUBZNGA!`4(tD#sKW||q
zuyJQhzJ5$ZC%iNNBg?y2jA7pJRL)Sol5E}m<+%5%YzaG8L)3g$;6F&R8S~J!kNGvf
zB`n9NQHlzYcWS~j1q`a58hK5g7w~7s;SS#?^^9nU@rrx9K5xC~+Vb9&HI9^^3!J~3
zx}v@0+A$##7CIu~TDZRRdAG6znE<@nO3mHYXaHWCrePmh>AGF<^K+aUJu|!9==O$V
zIwPdxl|M^7JyF|X-l%h~Mzo--FVpZn#ShF)0@Ynk{wS$&YK(#Z8JW}953C5+E@GLR
zD+;j8=xfiU?b6mN<u2y*IV1HsGsux1i>1TfPMY-xc%#`Lm%lpNiA_LtdLi{`(uZcr
z$vL`z$=b|ij&5D8sy=8?+|?5xQVsxTs(CoX(y!3rw)?^Uj0NqCw9~T&Ow0822Uh>r
z-QL^X?^4{{ccd2g6L4)UB80HQ))T=?A)dHT!R0;n*ROu0ilMrmR9K@|G}VhOSaB_D
zs-14E*0O6k)>1{)7?n);GP5`rG-(wX6_xz)^-0t22lguuUj3ol$1i6obOMVL;(2Wu
z8%cj>0COZNKIl5UHh3P{HsaR?mtpL2kJJ?-K0<U7?>gts?o8J;+0~e1UTX5`p!Iz7
z>kro#vlCopolm|UzHP*Xbex3sS`}^v=?5bmF)pGWFTAkZEAI@C&+tAL0#P>5D2IHa
zM_66I<>)l;<z3Q|cJH-{A(g=&aE-CQS*=QI0w?!eDSXkxqZAT9ZhKH;_n)-X_ytb9
z$**pdOKK}0zLW~|EOXR5E!vlN7g~Fs6A~yY+vew%Dz0n%rK8Ot>#+KI$?3`W*qrT~
zWj$hzyXAW@bN2J4gKbM_Xybs*X4S2p*@sMohTP9hi^@@^-kyaV)OMQfpYz;z(uU6c
z%yRv)KL<(t{ZQl#jg%?keEL<Sq($}It~H&-!3>Rs7WJ49?`%p++mO3y<!CT4lh62`
z7T=vpAm-V<v3t~wtYZ*4*_w>a@e1@U#8OHeEZu9VbvM>;lB?W9Rb}qoE^_qQF6?Nu
zl+U9t;@-4E6J#L+boS0(23i~`#?w#M`!^n*@x9fQN{SYd8!;5nh~-6}FH^t|8XH#^
zC^7p!c0S3}cM5dmx7H{8$?p6(Nas5?6W-NUV32!km6jJT$@-l9{O5x+VIEx@E)nz6
zSo;5~y6*~WYKhv8M~@z*2x>r)A`(EF@zA9N1QCJ;L`oo-K%_}Wlu$wt3t*#4?;wO;
zM2eJvfG9<3fFLn|N|6$J4}ot7{h#Mt{I}o5x39AIl)Yxnnwd54UU^4mh<{5#1*e(l
zA7E_dQruq{gr8VRYM+a|+l{FHnS6VqoIQ9WsgF?NI&j3foz85~$PdTVVBg<1&?Xt5
zT<vM`^;>>}=H463*nRNR<FaL6UTDi&%}n@glcaSjvyBU_D6D<dKpTqDxS`ZJ0)e-8
z>kaD2#N3Hmedv7r*L;M286-|S+$y1@ZWW@w)5W>9V;@J@cey};Cr^T<K@bai;9rAY
z*4!kS<F|)K-MCFh$H_W-Br%u9{#iM%mM>oGCFGN6P9`J!$@!7NO4+I|pF4KuwOM^L
zVgypfFib--hk+Gv$0w2kQvS7x5h&IhBy8HW-iY`j_&jBOBXzIs5@R)u7aYRk<0KVc
zG4wZwwB^IzyE&~MOQ+j$;DWAXc4YK2n}rJQUo$WIu0>gQR}oQlNz&95fj^wq)bms(
zb`SUDdkviw;u+2n2nJvB3aYi7Y}4yQJRBLyx1$1zTU%3{Rp?P|u@m|n@x=t6q?uG6
z7%Y}1xMzvY=`@*s)|ens<A#c@_k9pWYeGc9s2=B>xWwV!UDQlVD_SNvNC8DEP?Ww@
zxAAz)W@TJg2mAd6gi!zXR(M@)Gwk7t1+!^5TSu<up?9c&b&y9VrlB~wy4V!|mVp^1
zK9MQ;?x_8EV`_uKUh$*|=pa^U1wW?WSg31_)8zKWqb0uwAiyQ47o}D|mT8Y#{tm7}
zs9#oYxHCe*zj51G&OE_bjlQCO-p%+XO6aX!-`S2Qa{RJ>kn)lAlcs}sQw-S;yZvNf
z0#{pn6*)yn=KS(cSBB3#S)IGemt@BY96ZtGicUD;bni-OCz*r%_<LLW>!^OI7QbRE
z%bM<hWaybV!OA^}YO@PJm9jUGA<#l^F|x@=;pvLd`qDspbU=zw?%Kj@Tcn>!zwi03
z?TD;~qN9f|kPlnBHm#c+eiF}1JWk2FP%=>*^~*DNF@a3q+g*Bj&u?dWr?jV}kZ9rE
zN#$EptpA28dgzk-$_MS1c9pS4n_F|nwK5d@lR7&3dtCk&HVDZu67Wgw65vi|mcLKe
z4>igkG6P!_b)HBLrir=e;mQciHxFst_W-a8xB`o>zPtpADy%;9NO;o5)0q0T#<iO8
z<Uk|R(h?efM0)sE_K}NUUPFNY9`ktB>X|JZ>x%NYth#8tb#ZJh!4vO~OA^m%R-UtJ
z7k|%>#dZ?Kb1G}Q1MA_g7!CZr=QPi`!tag80;%0y6^0G()6H$Ry(zzTX)zQfi?*Yj
z)#?E$u<|$oH5bXea7)n-Bl%*r1f+gd*PiQ#{>H`xNkXkSOBGa_IF}k}c>q&;E6btG
z*qx@18sNYX-d5l0CR9@0-hqz`rsc))oSOY==v`G!+Y#-RdQD8`_wS50(=7>%%!+y;
z#?e+Oi5FwP;arvdEl(J1Iu$xY&G<}c`XJ95WdWlJ#Bx96xaM!XJ6#HJLL(sbp@qtW
zv9IMgOa3<QjyM+on80CFC3WFGHK$g*La>x@o-bZdF!lkY`yY1eaC`c^N_CRI{`{oL
zHI&DvcHcLJGmj2d2*#KxO|RM6@zEM;*|lqMPO%tF9g<?$QSLq!I)SDNN~bQ%-Ff(}
zD#oIOu9H+C|MSgx_02bG_*lJ?Q*jrQA~HI}Z0~B{BkiumAh-+CRh~HNTe%!HlMrxO
zWIe8@p$oiPyq32)p{Ljm0f#MPDC>j^1+IYLkpj8aZPRB)P$i_#G<gKQ$mtm4)eEz=
z-(XtL!2W0%T*xDD=%U!>4{nP&_Q2ti((d^0utfVbtBX0{_*DbMO`R0+AGk;BCQ<Q`
zJ(;Cyr&+D!+nRM(nZPv+V~T`c%>Zn(I49zW6=^iJc4Z^h;;ehg1@ceicn8+}3Ec{4
zuJK9{&YdVh0{6wzecmZR<}58t-W1puhdb_RK&5-B9qkV`e5-40zrnHeYJ)b!K+Z<^
zK-OsSuP93O=P61j)O}`^%AtJoEW7Eg6T`d1T=66b9PC9$&PSUmIr@Z|{=2dIxpuXW
zw}n23od%!yA@;y_h{YcP0DHUu!yX7exbyUb8h3MqJx%$C>ZqA7;?m7C2?8YAP;P{o
zZLe0mjp^9iS6+0=tlYr2<(E6-Ze8&k(kg0>Akc9!_|+>W;gb_B+3VBS4LW;Vh3Sp<
zGSYANaE+J(Nt?U4{KF2!T-~w?>w1FK6SdFxvOl~?X*9zz8RaxjnM9{5Brqjsk#}u^
zh`Vk<Fe+CvrB7Ai%2e1K?bC>ENsLb8y5+R`FsHe!*5ho2+8HW|&LP_9dhK&hV(Bow
zLh3%SR>4!053&GT;A8b0^GMJ+_^@}WMG2IxGLSDhCKKN!)H5G2?ReC0d!~_(OV-;?
zR}cIN;b5;jjEH*Bk#Ko^8hzxOQI#r>ucah7nNwskV``$Jv2=Qujrx#N<<8fzCpeG$
zp7v2)8ZG(udATch4ed&AP19rSq6)2lRj09YVCrW!i!hN{G%x~pA@-|?(VP2JclUu<
z!jU8|M)F_4D(pg2fGsS#$zimnl5Dd?B{f7Y|G=?4h!XF``{(4#U)T@KkGZBP<s05u
ziIzO8vPbxBhFoj_W?ZQ|N|o?_-3{AYSz*k+W_-#wbkh1rFG)?#6Ai!7H}G0+t&RC}
zj-JYpR=$b9jY%{R8ZH>9|GCm9@9MF*tg&Nb=s@Gx(y}+m67|A>^`to!eduJR<PjBH
zzh6JpI8-E-wbs5oJS_B*S|3-?m=Njk<F@)`<Bh%2pKKi+xIw+LfF+^3Sn%EBJd4|X
z1Y8eS?j>1-<1QupMNBt4?6}B%6-){j^d;M4Y-{1eGa1otMN@xOCkF>Cy*W_x;2V71
z?&!skU|XGlutc@S{It-P?<>!=1O-Dot}}{5XcKCf2E|iHq!5^7SW~LP$r(c>&ML!&
z3*H5i<LX?UnVqKVxaSu`c72#V&!~W-)PE8=>1@(E`->EN>1LFhnuz$FiQdgRdFK4G
zzvxqw_xv1b`+y&4Z1V#<4@fa>v_EBqO`bvIUWc}YOl3Ju*u3`Yp_}#|sFIvf(>Fx)
zN6gt~Lk{z%&nEhNmKS1+M~!oIEb~`M-_5RP?UB5qVHmt-T5(ClXml6<$aTt%_UPWS
z((1C@Yu78Q_MA7u@|_mj<%`T5fW-yrekR*c$>i7iJBA~|s3>4}d(ePk+3Wu{TOWyN
zkAR@%#n8aq%)Ea;TZ~<g9R7(YrJ)b7D7s5akp-s4C86r@i#ZwHf~Rx5k@J*H8Pj~%
zb;tH}d9?cFj?|3v@P<9cd~Ox*;tUe+H7Sgx6b5~lgYuCATt^oMBfg9+fdxD|=+8;&
zL&XO}acf-@C*{fuGL5uljUSBU!fIBlE3h$gx=+$Np*=IB29X_(7YZCQ&0vZa_v@v5
z%bHNxV#;3gts^zIE;T1Cd1hZqenZvP8VHTbUDGZzHbK#{K94~Ar;;QmJWkgz=lGc(
z<)#wjO4&NX2f`qx19*CZXg6BbL~gHIH_q_O&4vC$%rOn5&{x&bFzTesAf+MoLUTm$
zB*eMRUCe0&nT<l;&cRyb)hw;LOsv1nN8T{5vFVEC99{3WlIr<pc?}K>IZ?C~ESczg
zUBBY(dxL61)ap+FZcuz5_bT?QridU)vOz+fx#Wh%qr&_ksxf2o<ztOYeiI!hWQK1Q
z&BHIE<wT9A*cW7)BbNJKKWHutjS36vW?`fNtE@jjsl#R8J1Lp6UJLePt{clksN1IX
zSo4F^pE;lHNHGkR_<PXz*-oi6FaT$LwF_+{FE4HpER0rDMDvCt+$$CUHP<i)!l0jU
z{gt<>f+x*|8!ejsrVFuVrI*s(qcEHP;kdbl;aJ=7`daO{uy;H^IkXdDGS|sDc3&wB
zL|#_@zcY2=N%rnNRPS&jKh)!jQZ)%}WaS~n48Wr$RA!WEe_m}NO8WW}PoSFK<@<%>
zkmZ6`cSqWpev6rEjGZF|9jXr)A%6EQ5(r-apF!P!Nt02daYHD-W4Cl(mF9-bb6uSt
zo#g$sHQgLNCLf(V){`=|PD$ael*x1I>teczzUQBz^a(<1kxI;NM6-yCjQW;Qq|;df
zHjYVP9-u9g0-~}4NVU^#1&65==4#z8Hs;2X8DI<{qhE_Zm$b%_u@^*SjE>)qr#PuL
zIMOJ9Tg~kzTGnEjuYfmt?glGJW7lq{lV#>APRy(zOtEQlRdr?X6?dWRt8v<Zxl_Bk
zIFg_ci-kyJ{qR|wMV-bz_zU{5^oR!wLIE@Gubt77-dEu-%7G<>FR__77(w0!ZziHE
zY8-aWX#a|<-Ht45nPE#s7o8CTPp4CP2RYm1v-zqFp%;hVyh}r6w{H&}`4&>S^?ZEt
z@>vrzGCwYX;xLm9Rq<ZxUkLwZmD@W@IU{G5SE{z-zO_R<)<LToOHlAzZa&Yr=Xm#6
z373RQPZqoZU91!r6I9{K=ApE;+L-T&@OP;m<fV9R`XIprLpf6c;A%RhPBeS@sakz6
zKx*Bd$;WhTOf8+llxbC1)m5t#sZPtEFjr27QiPb5tZi#sxC{lzg||oKzEBBI-Lj4A
zN_=~(A{6FZ7ZAGDDNAaoQTwrOx+X|d@P26zm2~u?y%qvHehph}mmx><@R~T!3qSgh
z@hx@CIg_-Z<=|^$kpOIwvK4tKAtV@NmQ(?#tjpKQ?jvJ3RU9VWm)&h?im2Cy-MC>a
zDeXO5c{$08Qnz>sr-Ka@gH_&k#tjT>FB}AnugIx7;5%_~CPQTH&jvos{aQ&OR@dI{
zu<lXgV2LeDgCtqegc&)4oBwe(UDEiW5F-0@-V0Rt;KKCg<AA{Ch-(u#<m2WZ05-7v
zTNW)^Wth1vXIxQGcSYw23hB&$6zF`3Ep=1MuYqCOTMb;4!jw(l2YJBQaj}*~!(m`x
z-S{+>-L{}q5n!0Yr~0q-v=hnrwu%B25#uEY_@8FlPfMjt^p$eNrZ#Sps5$N%{cYq&
zjA7N5Y;NYQ3AbfudaB6Ai1KZq6rXx}EufVuhTqO6a4O^1?)+!98x^j857%}Ts}@GZ
z;ae7Ml6mElL7W`u%(nRfgt!C5*$ayZ86Fk@mK5b}ldcA%C}Hhjh&CsjC=6$x+mC*D
zDq?;4I~PEA6;>E3XYkHJ5s_A5WaVBIw!(d&_s`*ADlb^HjOpa;9MQWE_U3Em%cWIs
zM`n4|I{)-B*`JF*DL@1;2=t();hV~^AVjDXKv@P9D{1x|`^jVGS6Cl;RZ_U6QIUY*
zu5^NH@FRnp0$lsan&Kj?DAAPpojp`hVd`_I^~C(bjgJhE-*u}9uqeBJonUY(erEhG
z0jhZ=GV*&GWaaTF6#f%t3fw&V&naG-ul_?of9F3Wl3XHxK4t?20#E;GC#$ND|6!&-
zckTZ%g8>Qu{)fK)|H3OK4z-*F9El#qdgy*f4>#>8{dUU!Kdp>_oFQtAga9dANPnUI
zY#$#7P8_o3D}t^l4G3<rA}N($T-}D9n#P|5vVlM+4s;yt#-jH83SRugp93D;<Jp9r
z+6>rdbkwx`$NU_8d7gS=K^sVVCRKlYUx+(bK6p00+s63dpy4a`fRvBOMFtn45%>iH
z(OIT=h?kvTIEQfL`h>)enBWnhHZJefCiihwbEh=#r$N$(SP@R3z`=ja4Q@sruB@Rj
zO@pU3mX82HFPCocbR3>$Wr^+z#Itg-q%iOpY<eWz7O`NRHxt(x3RpD=#BZ_IF<EI+
zVm|u(A2U`)kN_Z;)-l(U_9;r1n4_VVysf0k6d(Rm0C>zjg;@#XtGXDG6}zDQN!Tg^
zzR#KmisUX${_xj;6eoF`a;KFvPZ)p_f^b-XfbYFsd;oBxGw-z^wTizvhUYeAg>ira
z*H4qmf)kct|9pHY(OkZ}_IDS9DQnlhn&i3OdaHd%D%xkc|Gl6nAh?6mNVN&aXuXtG
zC+rNTb})MaX9z^w0NxlF6ulp0!6g8wzteAq!#K*Z-6197yOLcyl<eN_zCEGeVbs@_
z(-xzyRXoC+_!TQgPTvG}7yL|iGW4Nw5x^fiE<-E)lrq|CS&QUs?mbbgY^zfERmy-I
z@v3JA{CiwzJ~$*TUZ>f5N1r$@R~V>sELd8Wxtv6-2;GtOZ2{V1^9-vOrA@@PVo%@F
zdw-`hlMSHCc05E4+VAHc9%S8d(2~8LtQ{X9yk~syj?6&}M*}28f-FD2m=uL=hl)hB
znd7NBa5SLg-VevFX*uM^2aiVpjcvoWUecmIhI0Zjf57#@8#uZ^fUis$p$%(}p7v;6
zOp;|c_DlrC;m=^>w3P&Oeqq4xss8n~7lnI;mDZV_`#M@o;Vw<rnT=?PZpyddmyts?
z;Q-;3#ST3N&n7p^&vE_cz633z0p{bYmuw@kopwhL$;jT=qFb@{FZ_6ZqU}|7Gt|Dx
zfzBO1B&~ea`kwIVay=qDIYKVWNA#BWC5>5tXZBneKX-jPf1l_LqHw}_^L-ug!~WvA
z%FT{~H1nNuF3~VA;Qb{0@^qKTeQTgikpfXM=2-owQkfVasu1Y$&w#7~8846957~*a
zY8;DiietswgEXgvt*@|~N3(vjF3l+ZrQZ-F>n_lS;}4%9E9rk}w(H$H`1B4!)KH9U
Q&3Y$X$KYzQmi6QR0Vv9hVgLXD

literal 0
HcmV?d00001

diff --git a/docs/static/img/go/api-select_jwt.png b/docs/static/img/go/api-select_jwt.png
new file mode 100644
index 0000000000000000000000000000000000000000..161c096b171a699c6eb2d765d37b428df7b588c5
GIT binary patch
literal 119147
zcmYhj1yqz@)IB_k0+P}VBHi63pdj5{0wUerC?(z9UDDkpARW?O(%sE>=eOSX|9-O;
zON3$OnS0MYXP>?Id4l9+#gP&45g-r<vc%_)iVz4aJ_Pa_1s)dsB*bU80Q~dD=Cg)9
z1cHbG{dxgOPQ`^l-a#Zj3M;#$9xOR4W6mtVoiIsZ(EZH(QAqusmb1c{%qgdLR*F7I
z%<%ZN`>}viSnKcTS@h=Y&gGu)!Y`uAuh4Q2+q`eOM*od4Ru3NixOq&Cv0q<GOB#$%
zO1odY=l@oB8(i|?<NrN!;Xb)J`~3XBN1HAZ`&+dC_lR1?HF@{`{~oO@WB>m@cQefV
z{(pb_^Wt07G7)(C<J`Z2pboz6sd?hp0>XL8GVE3{3|gwvglw2bk_o><60+1QTqvxT
z+sqHjyryoF6~2u(2<tfPPoQX2f9omwYs_Ljju19FwfzvSfMsVZR+_A`7Ar)e+v*k;
zX*`N%vrViU*eY{e=7|wbwD|q(pCr{YA1Mo3t*2K<E8O?p*^&#x1Uf3S>B1lA#7E%z
zKK!Z1X>fifB^E%DJudt2!|gICy~1By3SNEK^@UwIUUElOcx>K+U18cCJ>DUXWmFL<
zWngDVswH^%65079KWtBb>eyc2Fy>R~<4r%C$=@Qi<ZHRJSK2&p3Lb7J=h4y8*A#~c
zDl02@Crd&lvgAKx$?K)YGnMD`Zf_4o5jmHoiPc$X#4Kofth`-vL;2n2D;_#MT8^j3
zwnWI+0HgbFaHmDbARFD**7j%c-Om|)Ynz){8jIN)7}8Na{H%nP{8Ph#FE-E5I)i4)
zC4MNDTG=9(V$q{Bmk-fV+`O}fJ<)R~^t&(I-TBszKcl1J1xY288!qO~tsG?5(`^2U
z(m52UP^4bfD8Au3Pu5CIF}w;rJt@+{a6RYk7?@BzbFH+sg@<nl@t0EF=*TjpJfeWE
zlfwMh;7JJt|CisseS>`-ou8*|eP)-`pGk-5x{qbbAiFwVPTcY|9*oD@S7rD({fpD=
z9?oZcBfr4)nLNVzmes~-fT?9PJ{}u)vEA6s`M8A3z4uk^3wsDN8(Vi*qtZl?I35XD
z19dH}eaGS23TAQe8a56?Fr$jZxV#lyR=R>geb<ZzvzdaskH(&t^h3ieg&8g=44S#j
zZV!`!L~dXCMd6-;7u4i(tPb~VY$|4Oze0SpdF;Ekn>D$&ogsZFM?OkzEtCf|o``!>
zMc*@<amHGu_!=;6CcrZx=5%x}?r}Z&Lh<ic2P7uT6ngvwD4_8!nIes5a)TX8!uCqo
znQ8U3HN?f{uTX1qj8#0nUZ630wboJy)~9`v<b2bWlK7GMmfMB9?G<<=x9EJ&7>^Ax
z<cS;gh%zGS*_fgJ5(}FCE5f<zlm@E&xOn@W`nzN!%(_OqF6Ye;{D>{V=}UZh&dxPv
zJ4$e<R(BiF_wqP?U#wCVxvV3pTK3D>?u4IWG`dG-kzk{uvj4|EPPqO-VP{1J^Ng#z
zb$L~T(<!dU-n8^(<GqvRXRnOw!}&}(=Usvd+hO#B`8rr0yB)7quoV&Q&Sinef4&z9
zCS1RPCV^Nq=CMqF#UklrM)Ld1ZN`e~;nxe=JW*6~M;Ax3O?!)_<zMfA%*E*Im)&=~
zgv4G@2T+E2_+3Si<gl3RsJC88Gz}UU`6p|BJLcJ}6n|Y_MR}mGg@JcV+S(k+IAMqK
zsH#^TN~u-%D^b9c(8*d0#-4#~^6%dYVb9goFR0+H^i$}l>=x$oofD#4J@AT8S!7=P
zEFZ4B9F#Bo@}2##dtd^ckF$L8j<CSPRiWDL-{$pPsmU5UQ4DK=t^n`aeg5U&mJEI0
zyG+%~0nLo=`&ZDt8-Qp16b38vB;bKwuG>ECet$_&M^M3K8dLSHqy9jwgXloWMY+Ls
zFkOJ)n;bz1X%6LX%V?N+!sj|vTwd%qK|yYpF%C1w^%=GK4G_W6dGqC_k|4L(+h5wv
zZ%W92aBMSb%LXnd%4&{et?Ze9`-~P9HG8_P8y2CZsYRNRLq<qs*WIeFP+INXUZMmu
z!$>GP?8fjms`JN(+jHZ^yVs+7Z6YQnxMy3A^5$wq%Ib|y_Pmz^Hk!32Kjv$TB?PhY
z@dL>EWY_jCwOmeFF^PMY<eQY=u>aB%KdW}y*s?6`qtzSv`_40eh|XFUPCA8M?5uKj
zR{g<#=T+HKga17$ah8w0S1h9rx}&*D3{q^*Z;v0(jZ&HsegAKL95eNw*0CBqF2&rO
z$%YXcxs8+O0s<zgkD2)|8{y5(&1<j9bmsMsy0BbMCC`V3V|nW=gR(y%ARcnT9DNyG
z_MVtmnfRVsLp@cZ>Q`IK5hAj0x}6SlLVXneqWuvG5z)R-nO3{e4dbxsA$eJcEx9IL
zw7q9$XiT@=%QtExzu(J?6vr5e<bi;<=3bcfW=FB(P2clUQRPotw|-0Ggk_zvVuf>*
z*?M;}Z3ONYH~c<4HnX$R3X#rp*?1yaA|mg5<<kBCl}zn(6Y(4+JUkz2)psl=?K!G@
z5pZknSMp26eKxeFsa~iw&HH*+#=!T~Re^?aLc=I)$9H^YRAIMEh{>Qx-Dvr=9`|{&
zY9RT44urzjp+%V7d<(qYht-uTu&AN<bSRoMm<Sfy&FWWP(EMZE`zlMPNI82$u05|P
zBA1}NDjj63oaubUqLaHzf?7_0k<RQfQ+A_X5AKFok)pHOwVm~#yWx3K$}J@~=Rp%B
zTa?FX-Rg@g_D!BU<WqmGep-CBaBw-eblw@}>*=Nm<HlG*Z@dCnvD$r=qU@+ui)mAX
zW4lKL;3k^2OjX;YY4q1$K#=fwgyC6pYdmLkF=-Uu>~lQ_8IS52Y%S&$!RqoaE=^48
z4LnG?H6U6BhNp_O3+Hga;z3piYEug3TS>(tQUa*tL~U+%XohqewD&7rGX5*<c&}lQ
z^}bJ}r}9u4J#Gn|e$M_}U9YAwS)wF5Ex0wB{PUNFrQa3De%<QrpqlC7``s@OiKHS6
zzJU=os~Kb>?hzU4nDcLSTM!;86@Br}2=7W;zTtgx`AD8za}X-TX%XYmVp;O73gJ3g
zL}BK~?$YZy0|UXe;pUTzqkzuI>msrm0VJfZ{L<#HmLxbCKAqitIS&3!i5%9Z#iP!T
z!OP~Xts;yg6*bCw?8GD)K4t9}F|83;=A2m`ad#%qO2^6>gZ~rb)VL-$2$)R0N%qMO
z2X_R@v~go?XV*MMR{QIzBx!tg*z?^h;$MbdvAl-Ci^zXJw$EwNy>4Xg?*s>j?N52@
zg7SEWjK}c?hfyca!(#bYQ2t>ktkEE|wYOW5YTl1Ar?u>h?Vh)1+rtgD+|-X8;BcC_
zKdn=&uVaMT@#}6tVG(uCpGgk<39a-+Cu)@{Zf)&U+hebHWjgJ79DT)<{)i#|Ye+rX
zSs#RPj4^E)Ud2iJCnm}@IQ(lG|8}6MrIlmnZ+Akk^7444y>Dv&h3NqD<2z>f1*fA=
zeRT{|^N02eouGh7r__Gls3VxBj~_B!s2-J1Tc&d7)52uX#JxS^eb37an<3~aGPdz0
zZSUh(<t>EQ{8Db2ialrYv~dld+k%XGt@<aUfy!t*H#e_-EmRPJ?B|02AWa=<GL${$
z)M%GoWBkSi)7e)f>%(deRfE$b_HsZw*N*KF76PU{-H&LB#kGT2)N;M{&er?y4QMuf
znSCsj;&ASmjtrq9uMt1wDUxz;^1LJw5Sv|aHl4QyyH2h78_OR7+b0Rn=B^#lErTx9
z6=h1?EtL(Nt~J$3ED9+P*=^gqp~iA6F?RqpY`2RuY|5y2){!!rIBX9#@zSo0clI-k
zX;541V#tic4{VrJG0XgQBALp`eh>@wyb*dXr}R_<cuOHK8|RF7tJ7af?R3YsLiqal
zAXd(#x}u7Ghovockh9?QDvb>;xCvXN^T+Fxtzj*Gc%-iVih41=^rA9nySdq~!f%|p
z8gS@>o!5?S_iEb5VRypvTq?6gQW_i8%RA*mUBjRS@ck!*tj}vAKZC=2OVrB4H2?O@
z&*P_4gyejE<GeYL1k>3$YQwh5nEpzLZJs3vM8+Q*T$8cxu#mneAw6Bl2W@S_rYBZN
zpWGuH<WI`X3#Gn@kAHgwMasT`n7BrZ;&y&QZ@R|Mz3eS2G#8F#*a(8IyXtS1Ll!nR
zwxJXjUAyMO!iYp>OWk5`(fetJv2r=o*b{0>4U_ZkKx+OsD4n@Q=h4rcmcL3%(augJ
z&)S8=#JfwXP`k+9zkq-%HT*Zh)9<TI6EW53u9te%9=T_mi$u(c&5*)@srU|gZw7Ht
z^&x68kcp#Ejo{y49QOREUd#LaV@GGYA4y7{3PmEWwJ)Rff<q$uhEtrG4Mz-8PtN5W
zGe88bABC~WQ$IPgxgFjyuv;)P$;jWb=GokIpw!m2-lJw2ujogQKA+jAMn?MRwj+0c
z7wwC_KfBM?FqzB@e;XPUA=mNCRSMb?Xgo%X7Q@%9Bvtprc+t&R{J!WnoFtwppuQlX
z!^t)^B!T!S=KZdU+h=jTd)Vv?M0vmxXm%D`Zb6A&5ORM)?-rBkS~D!DA*T9wP0Ifu
zKs#j-`tuJe#3!1#huLwRdh(a<rz-WY+8+GjMAuT6{8{BbbX03QC++Plf`Y_l#8^fo
zC5rxbxO`^Jv?|n8NjO9hL9ft&=f;p7E|buMOwkn8;j#OK4Eg!$+(@UFH`;vv4i{|b
z^;%yb#{ZgVViL^|{d<>;w~_h+k~aV7^V&Wi0#TM<8<-+6nW(Zq+aOw~`<?mJDnC^E
zbMsWU4XNiRi_&E9#y91xEdALEQ@AE)tkEEhK9m?D6Xwm!(eX~=e*-SrH3e{97IVrj
zE#mbkg<8$Yn|0MVjN&FHiM^hDv)jFXw%rQtRx(*$GSSfN0@|RaiybDqr3|^H<k==+
zftCAw25*C%o&F-Lk`h&h<S*;9`p_6ujo<TqlFUQ5Uh&^J-S~1Nn;JBzW}UmME|(tA
zQCfI+-C`xPJEKFQ8jnq_ut=0AmEdC>v|dqHrRdJDHj;`zN>gvO(tS7VZMNhM5+DG8
z{Cm?yC=1#KZ^;A&UzB%uovbtt;<Eo%GY@|z&u?1B8~91;IS#P-<{(uWwkru*P#~%=
z^Mo@(*-{Gwzt{Ron%V27xPgxci>)M&f#Fk)Br0^Sh70-s{+OM&pI?0U4$l@p?yS1D
zeT?VU$OHiBYh_jR<#NCN(ETfW|Cbx$sA44~$xvjpcA9&94ARw(kPA|J0KZ&qdy!5_
zGRIlx4jK&kF$Uz_dsg&8RjZDJ+x7xC`v1BCA!zFy;%eN+N_=F+y-kJ9_G_g^C)rvz
zkH66yt<mo3SZwThk%HZP>b0Pwxxrw7Q5SM;EI7I*r-o{aEuLyF2S>Gkqq#KgsN*DO
z`4T2?8p33-59ZpiRcKuYm$$RX3dUNuA*Ed6oSYgb?{}Is7yM}KD_rI@AEvA6@@0ri
zFL7Z4!sF7UG$cXOVQ|TM+PfQ@A>?K9Ts`)*GvW$%UBz7L^XHF2RUC?G|M<+*g+g&B
z)a*F?D7}yQ{L<Tzr+AfA_v{I=udt7diU)bc@(}*nxI8=6)@?KCcKvNG+dNnD3J0h9
zM=t|!XUQ)rl*1K9p0Sk8*`U9m-%a@CmDdY?8cu?~a(|5fl*pg?Mc*nsLCy-n_l#|u
zF)mJyuYWmhUtvE4Q$|671lkURkFx6gHDdG2uh_|Ox=YWKG-ixJ)l%^SC!sI>KX$7G
zg+Sd9UJ4L0OWU=wHV*lZG7$9mDI)C568AYeGEgm2z@4+UPUHyd?JX(ol;ChGKWwYl
z?)&?55>Wg>pQ&FOKzI+4FHq&6*J3B*IiV2mICM9e%TL+-rDd2Z`u8juZy%htR`1;(
zcuF2q^T964U4exWv(<(~W~$}%`z|T<M-%4qvI9wm-iX!rB(Shqio=wq%k}<^Jn4(=
z<gd)3o&9Qd>$~Eta&PZn+CSrm3Hq1SBpEcF<B%$hE33MGxGIg+O<hNSe@pY`O%U!b
z-|Kx&tC_o&Cr`I8XE$hOmc|cECfY>#qqjZXOUMK>jPag=uYDfjBC=<!MK6i{h<H!b
zLWw9)UZE0jNbEO?mz^YBUo3O(*fO`2aE#r!lwiwLc=Xe2v=e<F6<)LwfXl~MXPdf|
zEki6o?Gosbeg<3HbBbYXbM}W=e<~X@Pci6wcd!0=-ICd%p%_xfNoV_;(Q?h^q><`l
zn6gyA>X^ILyI_@l7Pl_xxqF*|1f2Tvpw0zv)QpdPR-O)f5txR{R1M8ooli>y9I#w@
zS6t@H$3?IZcAXMXEKcvUlez}J%E&%D6ARTnC)GwnfetJ6v<b7%%aPkPKD&2LRyqv#
zV&j}@vZ=gHa7XA|Zgz0k4l2!JSg&AH|C&a=hTwA)`ieU<byR<~O{=5Ru7J2*?!=l!
zzPL&4C1Y@UbbR}wzUR9SZ*2);<3nFKKKUy=$d~2pf118XvbSgJRnMfMg!6I*FGL|G
zb1i7ZuTuTh=0a1t7f2%n24ZQWzzabDtTC<F2q$1bLGkx*RY|E$j7<E=_O$K4{YcMJ
zt%0LaJ)apF!e*s+`PWq5VzR<(w$`y$wvSd}5gF9pjtPIZuijpSMCYq}{yBxJ8t0km
zMSx`40B`*;e@>Mq_zWnGL_YhMvc${Cd_hS~e<?$M>+wzRVt$1P78EtQ-je?!7cA-J
z4cwz`9l;AD@CxLcksU-~g?!i!FRgUmc1w#eG6PUc{k{)7YpJV?u$E%4g`B1La<psW
zq)1*Hv2pe4@~_EClfP_+A!w$CQaI3Z0{WRa&5?NQzxD-*HaqZUyzID^*(cjs{)A~~
zJH6jPB_~l1Nd_0SB~4H;BN#T^wMeKn!_+sAb#C<R^h&TGYrfHuL-k2etzaYR%#BLz
zO~g8U!yXmgABcxwJyVhpa>%x<f_X-}&Fggv)dZP@)BAHNBLOJ{VOS7T{cJdUH5oYN
zA{6(38}xN<h?a6}DKfQtn|hItRuH!zQ2wB>l3yBKoIEwyUH#m=R3|7uGqO2YMVS+Z
zg%qmfAOI@oJAdP$11~m|SV|J>#SOb1z@k-$bi)R*#jdY!pb-&~Y5c;yX{m9YVm%dO
zIqQaNz0WockW15?I=LRX6miSS^%C?xMNeSV>&wZciY_v#`c~U{CDW8QK%@Grkl9@#
zSg|O!_JEfot@+wtF}tqoZtA&NxMna81Lpn;GyNQNXG5tauD$7?VJ%A+`T_b`a}QYy
z3;OIFLv}$c;}pccr=>Ss4ELYqc&d#1$_~vHky#-=&l-;t+Ig`(0|>Qds#x<}R!cNB
z5>pGG%@s`iMZOOjM|6yECTO~Qc>I_?W`s<ZXekwZ5C{7_UN47QTbJ8%VtaauUte8U
z)fJCC_?4s&x5{WRI3+>O?D?UuXYH`r=C@g5ly;dkP3#qY)^wd!&&!AD=H^~c+BnIN
z;(edJ%D<0p=ee>`AsqH{gMbnk#cO9uegg;RUdsvK;m!_je`h&)t(mfLk|G7WV7kJ=
zY^z*V>t)0+#X^|lqkAdEVH6>W;;#T(+mQ%F<EJ<zKdPXxkiR!XFg~O(ZcqSix~HZ|
zcw-(D$%%gBA&cxr7-~LaO}aUU*gu+;mq(GEEx6~nSi<#^-K)-fcl^!h%W{Kxzo=->
z7&21f=ku-txd})12e~8BjerR{6teeZw%bQAp!tUZ*g;A+WWLTUU`u9i@F<X`+}REp
zZ%pb&cVJg8LDo{fTsCae+dDX<TPQFbakNCIx>)x3HrLjmxL>JYbWa8G-)T%i^q~>I
z)Vjv1ip8xVjW+oNdcS_C`Qky5A&b}0+x~ZA4h~3wX71^cnmKvsk?KDdMVtAdUM2rj
zj0%~pwM1@FdI*qeIx@c>`8S$?Q$lf+0nJ#{kCkG+-;0!K0TuKLqhO?Gqkt45xXpVw
zb_6$+!6AYBn?b9I9H6|wkc8)iZ+Q|SvL^GhRE;)^2fG`7Bu@ZJM)N<_?$?tqs67gb
zn<&x7saKl8cu)<a6Yo#uV0@E4RpBeER`NnRTA`a-+>rpREqP6=2Uc)oBn}|%0>Q6l
z7q)xHHwugnnK<M`(+!vIEN}7x-P*j33m$gBOQ@DE{NSM5lG^%xd^ZRwz1M9s$=^h(
z0s9?F$cObz%$uItMPYj4v9{RXMQ;iE06<Z^n%eU!2d$BVBHQe;f4ev!zHcseG0y%u
zetddxJ-s^Q({Aw?e%E)fP!M=Br&^>Ool!|QWA*-ESc`j8f#d@bmm9NY&2GLkN!tUz
zc7p>}8^*Wwf!a|zPSEcGqO`Lq4$)5|9Kvj;F4Q_<_xra;7wDNQY)*?el}TOg7S?9c
zh4gnimb(s|0l7C`X(?s#cy0}n9sD5n$XmN;m<%{SO4%geH215LDSaC{MO-DSa1oe{
z`F`)gwVVP!b`}<N-zI=M0cFuK8&n-Vn$@x0M7yuXgbo|VTW9T0!-i9cCB@OpqpXJa
zFBJ`d8Gt=H1BSgRaT=W~M#C%#5)fhdA<&Ac{4DF%A(+!(e@qIpi@(Nd^0#h+{kv^G
zeM&~%w)9j*^UX0Y5g+5@r|#&IN?rdpY`bA`ub<J{x9EU>E2_pem^pgv-$o=zp`UH|
z#^TXdl6R#oC58CVW&#U^&<B09#mW~Vra>R3@)`J842CdkYd(Vpo7dR{c_j)aMz7km
z8auxTa=N;<QQ@$L)ZYg^_bYDB;>Wr=P!VIgbS0c&!Fdpce%gEzAB!#)=EQYMVj$BN
zuv=nbX|#=&iibH&jus1wpUGZ9NJn)uEemu-nleBZwK+K+?&1V#AjlgfBl6KXw+{dU
zC9fx30WYz$6)OPD_EhK$4hLRWBqX*9n$N2%7e2L58iC!+?72psO3#s}Ugh(E^vb5E
z?VXmEmMSP2sKl0|(8RP&mYtV3Y<jDoaTWOc^CYvM3CD;D!lSr`3ppSERacS@&MLQs
zR^ja<BL6GUQ0#EIAYC0iikB{FXLSTqRF5~Qu+?613bFTOQ_$INFN<n;_a*4IA@o4u
zto`V-;!kWxhM!4FeF)n;kV2gje8L0!!Lk>hpmcP8RFOIR@7~^lfsDtzCHJd><UkH1
zt9x>gKTQ@YsUDs%;IMo~{j-m?FEOlOA4XC|2kVlJFWXR1<Pqfo-?-@%Ewt|dw1N{N
z9{ExRQc^S(GmhSzzE1pldxp&)A<smL%@V;8avuOj_UnWcrC#W{;Xfb|HD8VIZ;9f7
zy(3-{U}_Np@KvE&7g1ZlTN(EckJlNJrZc7*54kPqb<Yb>5f)wxpajTmOygT4F$@h?
zy5DQo681}g{@kzqnnclD>KGqcFE~70_?fh=Yd9}!so6`6`lIW=J>(m9ORC$4|AZXx
z%lWq;%w<0f4ALT`u^L|{Y|*O+>{jDQ34SY+|1uixShXT$xe|DCjaH~w5;Wg&lVCPe
z_#;iLCyoMigD2E#N-k}c=Ioe^>L1SB&#!d2J@D&0V^)pvBR1BK0^YQBzs17x7laW*
z@YSE5o_2A#*S2eW)T%#T?{g9|C*=MU#|HP(Is*sRYWmm0kF_=>^7<DOUMQ~}+=rzd
zM<BW9x>P*7+Yy{Z?v!x2it`n2XvtjW)HQ>p0$D*U=IrFIHiLTbyvvREAK;@C*Y6TO
z(!zNr96gf5C3E0${2~!UIZW_qsl+h;GR4cHq8y!vXq>6kOforNGgZR;Ei9mDLmVFF
z1lpJ!wWCbTdP7ba^<aT|2H#+>w|~Al+iHp2c5jg1%n2a%iI6jzk}>0CQF;PUl(?@V
z+-$cK%0(2aJS;U9fReSb>pR#b{p5|3_Mza&AniMorDpxBVf>PEgW0MLrV9e{e0WxX
zml=zW#iOAuLr=0ybc7K=?or-OpJ6K%rw#aAUAP9~6rK+XoCKs<ohIKQ5zT6q9x9As
z)P4yl^E#S;VQ(xO`S{R$O>8heF@>*YX&OCkzF6tY=htBmi2MQ7tMR*q;-!e;N`oS|
zw^V@e8c;2!;#XU!-JAHgZ?c%3(`z0#=}LG*_~&q1%7O~Cl-U<CMM_i}T3X$t5v{V%
zSbuFWVv}deS28^)NWz3+SI;A^Ecvbx4*d}ucO0d8?6&@dqlw-j9BxpJPVoMD35m!E
z_yR)8%n~5cohv2xw7a(#+_=js1h@i!AdnzQ3a>*x5tC6MafA~tk|I6y^z`NQl^cZl
zK$qv^EF)-fm#6Se(mdk<GRC%ST5J1A+SPNO-^K5{86`)<$%qnX#?I*$2|B@ow?I;x
zJLf2PquKB^E>c!FOa6<z(D3*7JRVd-liWKmJ)X2{&1OW;0^BDW)~X^fK>9q3^JE8f
zbH{P}xq6F5*jPGOIgH0%@OM~4t!9I^&FkK356e=33>&WBy(Mb85*uynCO2N}?d{F3
zaVA0{79@@{=M-khAgLLV4gLAxGrZu8ct}j#^Yw`%KMHLGuX>B&Q^^$w<c1eMPof?a
zf0c46h?0sv=cQIvE6KfyK`ZlaO6GB<(X2TNUVaqo=&$`X{SF3#L?R&Z8SksUKBER|
z56Irw`+D>`m5ft|W!lZAk>CjqH$_}mM?&=bjo8>*g*w%=;lzvIn`dNmCZ5aHnd^Ai
zsNjVIKv%zWC$(21?{-B@n>%v1=Dq~mCF9r{Bbuj}<=l>j?~By2UGw=er7l4_E5Yuq
z_u@y}Z254)xpBo_^GVV79I<sX65+K3b@~sRb5%;#aVOLPSW?CtpT-<>a*LzSRA(2n
z{?`kjbGRoGDGXlMXyK?xc6GMWo#bfIGjm#XtOrk)cT$_zX`LP4V?}qr*6gV3Ujv?v
zxXE*y=_C70^MA5^_dp_9nqHPBvR6llT2_&u^$33@%7+1sq=3m%DL(yg4gesix4Gr~
zI;4_LquY$Qrlo4<Hnq?uG@G(6x`gc-Lm}bwmrCfF+f*z+&!w@i9a&`9)0DS^UGAbd
zLnI5w=h875j3VQkuNiRJje)ENaxR@d{G-bu5if>!P@WVg<T)y^P5FbW(BMV(!9;El
z`8L^6tHNUHPB|l?P<ee+XPv(LC96GsABav1BN9*o(zRTV9*m-4Fk~G6^jX3K{;;dW
z124;Sa9YRARDR+;|9f<((gF8fxGKHft(5y6MSWx;%~wDB-n_w?+UZmY^jlH{F6$-i
z`N4gga5*N$-Op8D7350dmS==K)2`Zmh?=kaB?B=q&flOC3!=}{sZv{qmYEtEG32Yo
zNV*zG+n&DJnKpli@3lgl#XC9nCt(yV@Y=dB-%%>^(|egz(%Rdsq_HdWm9?tnV>w$}
z^)v%{L333C^~6CsX{+M>H0_vz(F6{6Ax=(J*5Q2j;Oyz=v}W?#wg|i|0f8-N(A3t_
z0gi+9k6#GI;7r!n#^i?V?qWQEGN275W2#`G^LK~F08})!aVU`gypq>n{`h-U>Cz0#
z$nu_<8QzljQt~kf(kqAlR}TnN$`|O~IZ(@n!kvC*=Z9EUV>$t3SH__~)Aih0gv;o@
zet`fYw0dSM2H`MG!liLAcqUZcTyxyquxMVLBj?$p?skpoA%F^RMDy)e{$!bqR2Bm#
zC$?04Y1~o*fZ^+TAK&iX=Nk+}UpPH(S*A9-^z8KY1J)aVs;36YyT73*qy97fz~1T?
zrdy2!(S*zaKN^EFXMd5X)I0H%n+6w+-87$3UkNYc5ro4}2sp8|ty#*&I}|k(<m8fD
zwOny<s69S@IliYqYMTb&w~_KBy}n%c<2W)$$I`Bmo(_dlaH`U065mTa-a|K0=?#i2
zX^m?fljWJ$Vgo5`X#nybS*{bSe@H@kcaFBq4ZCRwM#0lx%~y|7!}v3O-`m+o%jD?n
zgZ4i`J2Z&9WS?w0+WcnQ3g8_3FAo}T=B9o-|G@Pbj{cN7%y>zVm8gY=={V)_NXREC
zeS8`CVqd|p)e|lw|4_cz!_s2DO37*5{@UQv=}M5NSgV{319=;xxuS-|Wu6b;wg1Y3
z3b_~GXV(Hz8SM7w5h+0-qh!JVC`7%aCfphz!@_%)Yw34-qY`l`T0c=SGRj&Ol_w?P
z{i0`hOLZ=$jsxUgKThLqk3>%W+yhT;o_|XB&I1N{$-n!kzQl)W)b^h69xz}t>iCkv
z<QhwY7RF&OUjT;{GFeJ7E#6>z9zH_H9-eU~zI|0XIp6YE{~a}lXg~y4zwO=CE-4S0
z>wN0uUra)N2g31j7LmOm07r6*sA~w<(4u~Zg<-|-CD5pJt-eS$=Xxp6^r@J98*}B8
z;dy)_jmz<qC;<Gdrb2D8pk@HQs5WVDYYT5%@v1hBjaa~owq|ZFS@1Bt%x?1!WzDCL
z#RYkiqx%^&0`6DZCiWGhV8aLnZ1I8irfObY!Q2N}7G{sndh}YiaMPBvjLkNcq}q*6
z7(z}ruOVYC5}p@3(`YKR?o!zGa_fgG*kplM-Sk0Ng{CTX4iZ@a-3b?r=1ykX*V1Cy
zDi}~0YbF9x0~EPVAZ?jBjtmVAt;RBy&j+thd0TYGz9IATl1pO7Cu+V#yGo&|CmM)T
z(JRVTre#@zZ`adnLFn<(-(dbS%k2_(`MbQeDeK9Z!+#1>Zva$Kl!N7;ZZh-uEkck;
zEue~(Y=w;%yBf~jf7Wm>i;aSP7EN#cV8y3ZTeptKd?N*r>;=OhcMh8vv+bUC8p1=8
zq(S!X1U%0_95~7p_A`mUg8xRog@lB#nGWQ}<_{%CFcNvkN+;DgKkIAoWD${nlY|TW
z>C0Q>da+YE7EdPbly+@sF`C}a-f!#XbW9GFNTbvC*2^CQ{WPjLid96g>F9j(F2>2v
zL@@~!k-oUZpE2Kb4CaW-`Ej~qpc2P3QlJF;^Ro>blLNZ?FcKJd&Uks@FHu>e%MVl0
z2+S9cLn=3il0;41&pEXZS9V<=+3M(3Rc)L`;6O8KGsUX35c|aAKnRd$bgeT27QK(g
z-(LM*Oubi&je$Vb?E`|X^c{izija8aaYhcrhghh#FY<eP*PH||*4Upc&q}jlu~H6|
z3x(3+M8)1-N<^>yB>|ax1})8|8)wa=JvXYE0=ddAa^Hz`3ctxbfK!F9F=?>&XG$n;
z3G{))+{N(^@X%Fi@Amfh!XOXx&bSb$<s*?_Klkf91W3z3f-sQ1Dm)X^w;31?4lVpI
z>>v{luJoG*sSW{5x_$`dQ6)iYZs;ISMmZ(%j(zCG!<0z6qajOS^TzuoM?zI|y~~6h
z8Xqmt%x%ueyc0C?7)g6%X0*vahNlALDss5&_hdp}K*v~hg?25Gs!%RZ&77$xH<bSD
zo_t>@<8tFp>hf>R>ITmdl>#=o+89G9qF1@*rwa@TCi&H1WR<!`mf^kXO`C)#Cc_?r
zcptx}F^MrdzcFrxR#aDXMvyVh1ffwpXx;nQZyMdHToRa&6JCx0m@XcGR7XKhneFwr
zuEFC79;6A14A8#G_g0f*4<&`p{q5VB4Px8jv&rp*yHKjO+Hm@{&_D!bymw>z;L8g@
zYVp{c>H_8gBscAHyWW1PXPOai-}V2p-<oLbTN7%HE~3DQG)40ic2B`3C({DXzsrD<
z^o6}Z-<zq4FZA5t6Q-xNlrDH=%9Qn0J)zwX^1iZ+<8Sv|scGwkL7t*`sTc4z<I4@!
zywAlRgE7nuGAR_{*63%F#>C)<e%4r2RBOVlk+LQc3U;+op^ZDxIM(>p^Uyx3w<DNy
ze~Q6^+SGVkukqdp>~!?uvaZqEp$ezW{ZpQncn%zXt{vU>h~-Tjto3pW)_m@S3|<V4
zn!JO>0=g*dl^EKL2%g<r6~=V7&~nTDt>{DdCq)v>r{r?)aFnY=HlR99l_u${D*Qn^
zd!UeXpXrPjiqHB{e|6rNm-iZ<>sJWei*07$)u5lw3J=QqrC$ApNw=jdpjOJS&ur?~
zx04UPVPRok-8BUhY%6VNEmyrLS)lBD1W2A*x`F&6S|2yzQg4s>&1Q=8r<eD)8O^>2
zT$O6U7Znood*rIw%)TvKhW`+kEMs#u`65d%PZD2{C`$PY;pc^Ig*;`08NJ?H{<gTn
z@h^LCaG_0bE)fiJlJ<Z{9b{Fx!J;Xj{Vw@;Z_gWFepjNNl=(^Se>mrEDXjjgVp&D-
zHCg0X{%v-L`QzcF95=)l<g=@NwvG(sH9hz|49b$W=%$Y7$f<fuKzMKm)~_7mm6Fh(
z+ejPxb2-&x`O38ZKbrLRFRia8D{u0|3(7fHuRv+p<1!DF#2U~aI(bp3TUs^!t_TnT
zlwkznKm)IIU9iHqx~TSiChR%KVe)5}T>giohw*Q?*;!=a$yfaJFViEk7riJmwBgbU
zx?@o+d4_zMY}n=AE)ZO`1Pm+k-juAM8WI8hv_&GPebx)N;&!Ue(Te94Lz9K#B+X`J
z+J+i8im0-)%Y80t-MWBIz#TE7m*D8OyT+ghK;!DY47UJlOpIpRfvKN{Lef-U#JEUG
ziMf8-^@c)A;uv;DZ&IyZPMc>Ffv4(I!?<r)({rpp{EOAzVTdnDf!{~cg%jr{ta`bU
zKd2;rbp}1Zy>?4<)9_D(8s!WlNf`x+XRMcd<1L%l_`G0woeq87!ZgW9I~{tyI`-HH
z*oFZ^U|r+y&fX6}oxSC!ciYYmsBTY-8itW;;EHdqPbBEos}Nf6!#;#e>r`$Z`%)g|
z@#8S*i4QsnM3&2&J}kP!kKE{e@MzhJr48AV{oeZfb_!EAU686q0@<u!YJX-uvruci
z3sxvRD-q<ygh`}_5`0SRMfbNq#nI_7qP@r(u<eA$-}_Gyhx`ncF58Goud`a9sKMK)
zk5SfPY<9Rq8BnOmRKF*srha^>2MsCm_22+$M%FXmNWFS9EbB%1h8S6ayQUUT9F&BY
zvSyb46jlz3O25?6vSer}zOU}50`Jx6(Yo{|@INhj-+V5A#IkWhhZO;mnZ;!Gm|_tV
zqjuZ3lZ}Svpp2wQV<sdoLd)egM4Wj9EC<d%ZT6s7wIoo3XB$zW#kwNl|1q`CxzTQ)
zKwdxm$I)QoF*Pb^ZecFlJ0pXFB!xpxI_aub=NX#ISknzyW-GX?D;;imp*X85UU&o6
zQD$7Am4Y^Iw)&dnVD26jm_){#x8-oz3^F6}#j@lxB@9U{=4nx?@U@h4Z<+*MY4e$+
zN&?Ymc&VstFBQe~0VXHhLh%237y-(P>EgGui`&_XZ<U%Uz(B&iJsQ}L@mo{J{Ao7%
zDjffVi;LeFCDw1*lGRmXkra?2pp7@^UtooFH6=<f5F6~dh}=Y=i<-<l7TK@U>V$~A
zKcir7KJf>RZrVaJ1I5#5B)#>gosncwZQLn+*14CNDqwzJFDkV2c;PUj>}`QMyKQKs
zoE-dNRHxykJr3iHd4`c>oX<*S`{aD624<70Bg^ZbibWp_Ki++>Db~m-9=rN5>J!@b
z#OIEtLZ>EgPN!MJ43;4(vKLb_jjtvkFYk_mnsN(c-f6FhrQ?Ky`5(`QR`s`A{(g;C
zsC59WT-Kv`^HZ(WoU+M12vLXKajxzH_h>rcnwC;~_-+a8aXjt5Ha7C8uWlzxlNi4T
z*rA(7m+3ScoopODUsJ~$#%pSorSd5J>A{l|{Vh_z+aEi_$20#K(=t3PY|4#c-uVQ6
zS^OhHNhW1DQ2?x<<A0uL7Uw5c-wTe?y~#4ln%4wt=chD`C_ohG7OYRxbT7CntpEl@
zUlJw;XnD*G!L4aG@H?h~>O;E`MKP?6FwenK9p<X#q0z(!nkeXpv$b;nwVS-oHwssR
z18(t{@!K#Ro!${ekN1wVTGUENlp0zZo!U`6ZTTDI!5`@2B<W>DUyP;HA4}$E-!z)T
zwO$tuhtjlxteu;vOI_MBm;jEFL0G^bCFAcl!|fH3l-f8fF=RP+!BbTRd_>D`ak;x<
zUnC#XQM?s&!0IX#I63zBiG`(5&OLGHJR{)HzsvP^y=No@xU!#JIDn}Y**hZ1zUSqT
zVy6jDTZs-4S-{1Vxuf_9;hci*`?1yQ71!3g>|v0!qUn03%Mz_m4D;fkW}~ocEN@Xi
zN$qDPO;VOG%Ya7Jcl-_H0pvRLDj-!(m#X^+Kf3K*63Fhk*`C+gemj!FY9Ikt6#AjC
zlr2TI4KY+~N-9W49^K5}EG}q-=1Oegc0TkbCMA)|1<#2mTP&O=d~FJIq{G2&(n^{D
zoXY8$O5vEG)8@Omd(eFT7{ewY2w_0~#FQ7`dmYJQl1^ug0(5n{sqMT300#?c6kgpe
z`qP=VRX!X3b;=qZXF&xE7**S<B<N~N2P}v3ResH5ZDyq{bK~)<@qY}ADE1re^CK|k
zfypn)BmWqH^XO_d@BJx;;TOzB_^%XwFKBpXw*wko=fg_}0jHlYX#CX)@RhS|wyy(_
z(L?H9c0?H#oLoPN0?N*BU+?=%gHuJCVPHy{XVi<rQKw%uNObs?PgyInUl-5LoeWZA
zXPKorvzv>z#Zm<!73#4VSa>7rcJ~EMb*a>p(bU#=?j#!3!88Hv8Z{2JV_TrH05+1r
z<-j&+z~C&AB)tybpDYe|K=;h3es_rlkBD79rb$5FpLja)LP{rz4wKvUE2@{tI4*`q
z;QHF3J@0F-K$L?p1N0({$5GwbR#crbTa5f6tO>Ml!)Crk7-9p0>1_uV_Wf?@jUwNV
z(A)jXb=r+$V-^3~At6}&wwIE54fGE{IO(6~R4DrROuGK7X8p)&wod=`FY<42d6O-s
zFpG^_f%T)uU;0~$s=`x}9QJwSO$LEU2ky#3^72xP-x-0{B>`)`PbQgxr{jrNIyH?8
zh-0O`O(3y!9F}-Rv#qir$b8B)9@R?T@?^U6468tY6{&}Lmq460R-+(LI(lm3+&vBm
z%`2cU4MioHbpq#gLBw;~9^`SoQHk7mW<;yzz0Nnz>pebclWJf>|J(Nj9ciewx(6H;
ze2XVaxi8FExwCU^UoNaqNQ2okQZv|$TEsrTCX^xxu(>4p{Kj8Zubk>YV@v*nL>GI4
zgu)d#CV8D6Wi|w*Js)H6Ps~=X0+l0Pe8w>v&RAiYI@}sf_4yXIKgb(EgS0n;0b)Fg
z<Ih}ynp)Oj?utfQM5E_lgxYm5ZW7z&tM!D-Sr{>WUfP<*aCM~3bnD6Iae)aUPr~XN
z2wzzYz?Bs3=$K2d(I(4^+X!g;$s&sUA+(4%7_BGu;IUOL_$K!kR_G-e?EfLWH*KN{
zol+i;?aD<WJQgd|`D#dr?jgghKgt0`#2qR5eH-w>>p>q|UwTSsuxnaEmPR;np7<(J
zOT05ev^6L6lj$%MIeKu~$a?n0X9*6y%{9wxuZdr+AA1^9)XgyIFgJKJY1{)h*;^4}
z-OiE%E~s9nu>kRLugp$lLQ{WMoH!1P<<Nnw)_>12A_;-&meOQOaQFd8J7J)0-+9yn
zhO>!#IS9nB70uer-Qm!OHBWH+(Fq7)?avP|q^RYYt{Ao*YsZg)Huoc*S*;4byba#_
z^ky?}jgwR8FrgW7vB8B9xJSjFJY2KnsmB@(%`f)G`yt*_GaKvw_D}d2P`s4OHPK$E
zJ&;>R>!hA<TvWD?<tY)YRf5W2aTmc5-8WxxE0@LKer3_%zJUbNz~p>2P`V`AL~YOh
z94W(j{7nJ=QmBpbkjcBZkdlQZgWULu63bsU3^XU4&!>E<^l4<dhs<i!V?|4--1Z*j
zk<+gr--fk{|E_wo)W3IexhKTuDx^d5;Q=O$$tZ#7j3lVtvEIc0U;}r;^ck_iMS}iG
zqsou(NJq$*7OT~-FZF!8yR5VXs?N-A*ZG1<P8mV+-Ar%NJ(3pE=IFa6{3}ZIe(h|o
z+s$+OuN%r#9L*@69-{mGA}&u&M(=ZP1m2H-Qs35&g`PWnQ=Z^k?1|eij~F!`ux|KI
zu5@yyi@cttT_4>~c7n!Kn_}UTxhx@&imIB9Uo>ql*e+OXR1pg9%cn8MewKqS@qWN;
z7u{zEM5w{1Kyu^T`~>jY`ah24k?_V4udQzlLF0q}w;YJYh%)%Mg|&dyA-ukqD=>6x
zXzm1~1X)YKP})WY_x@%L%VMSBWlq4QXe%#=e2JS8^jxG&Gjz75JQY%$KK1?f5K#;I
zq8|-VH96u0h%zFStHu`)T_XY8xo761l^fI%^y;g;A5l=F*-W^jdXo+8f#M`4#3#G#
zbtRY>d9^GU0j4~@7@5A|ThQkA_|p6<6YtABKv7^0NF2qY4}8Lk`f3&TAz(0hbaU>@
z@?7|0X~|&0*X101uo0TZt#l?J#cC9=rl{ulSd=yfW`_c%OOr`=j$RYaR=)u&BMeMU
z^59fGEY`xrk7NW;T{C5Y12OsIn*{Fzd22SEgl4&|Cv3Qgg~hM2Z4l}mU?>aZcC@<w
zBr?8y8QdV?4P$orV*PbA9eG++RlVv<(}}xE%8?Eq^qKuCB>x6uyVA@HDAZ<B+g)CR
zQ#T-p0>u?cV)=})OTfUwZdK^swoD%JBmE1QTYx=?@*);`Blg1h@&d8(&|=N`fC+G2
zBJuRo{aloE@gtpR5t3a)GmHXvYXgmBUC5!9WvMsr+ipO0{P@wUBM?;q%+B~*%vDJ)
zA3#3bb23z#EzJn*<dqz?!md4)R*QJ41H%TPKm!bI9KzZ$S*AR7B!jtXKYx|pkyH#I
zg7yD&EQ_p(1oB@&r<MRU=W>2UWKs21IGw+dqfHzy2w2qljB@*<%%@xOW?OYyr+v#l
zWi3432+V^ogN^k}Y3294l(699Iof)UyH*S<i7zQY;nCj@_}9O}BZY{luCDnx|L8L-
zl$44v{Ji9j+*L|P<sbKIuG+Y}{l3nN@$DTi5(`VEjYCBOVJ<5hn`q!wsm)cF5u{`8
zJi%YM4H#y~z%E+MKTy3S5%SOR6#(_W+u5;L0)@Tb=%;;Q84wR|G=Uefr%?Y9sj3_d
zq2*|ljQos=LV3-+ba}iL2C2DMX#G+ulGPEw5rT$8g6g02-qmQPT)?|)q#Xr1o&anZ
zZ4p7Y<U{k1_Jg!HX@Vg+eR5<#km?C;%5IY*0#<qIeQPc(RA;W5`%2fdb}WR~u-C`_
zZLQ54>v`tzV16LQdCdlhwZ$s59Y9^Hh)^--G}Zo;*$<`zXV0&NYoe)hkv(Kz{H^dJ
z3M(<ly*T31#&wXPq1_|1%l$m6Tq(lC56>L}Dq*d%q!t&W=;2-IWO@o_=r4xKA6Y=h
zgr=#VAra#0vjpmz>Rr=}3B8$GfB<x9!1+rP*baqr0Chn_dTc*|@n_I2)Z5>1<Fe*F
zmhgiZ&RjZ)@?TGhymqq}qAofO78pcWT_K~o+-r`FGR!yVOqGZ(&jW`0%VI2rR<loY
zbSO>-%NZW&W8|eX4bYjC6n27YiV4p6Q~IEi?Ff+~<#pgQ{@v3@TA!A-iQt>tUTJhL
zmdK;_6g<V6PO;`~Clo75VPLrN_VSeMz`~M3t?OmRzWe2_^~0p>e>kLBx;2}$I+5Eb
zytmK7qN;FdXm<8%XDZ%?|F(b^{*P%Qukpme$)O=6=+s)C4@Q;oX#VN9^C#aA?53xd
zr6v%clb@d_ttV8gev+NsUJhCsBLe>i2MR7!(c2$=RBF{H6i~HKUj^eM@<6&mLAmO3
zuQ6J%`uI^S|12RfT^Y>;ERhE6=akq@zYHNDkf6_B(jZt`8odU}2;hzjPTfzacW7FQ
zb1k>rC!86<Oc~JGz+r-#y62G>CLDg%xSi5s>Ub0Ts3ZFxgIslc{_hj;0!0Ivk=uEV
z^$zuEh5qPuh}ydcPrnm>klS#_%BiqNQ-UjVU~_D{o6Lj*{QN#HHaLnGJQ1uD7Sk!E
zv$bJ?xyVFLb2O;P<`nq?1hMr}fF(ZMKq)<gzi>6j;C9iY`<cU~H`QgS?BQM_rz`u`
zNUD#X`xCG&GU_#wCJBzjf(f_xq{7lG21ceq_*1l53v!1n7V;$Q*3<H=f1tW;POsd|
z{;be7UNG>Cn5I=S21@32J@k}RFvYR+K`IobN`J&&;t#mQ|8_?A9|9vF{@$qO#H)2x
zHGaTI#Lc@kj{6nR-aEGo@~w!kQ})~nBnDRKL57dyC<&W>*Bw{FCEpr;L>JyC8(U^*
zw9|w^Q1=iNZ`owpqPw>q`uzHWfSYz|8*d%I9#r&1Ui++G`yi1lA75XA)U-2mBvwcV
zaB}Zqe*Nr<1op$`k6}5>pSMIrzIT8Yr=P-trdB*`=;#n|iJgpQ8CIneU|piQqY}n@
z9Dw~?lvIt99*<0h4w-1RW2u;N-RGbAdGCT*JWM7Xq6O!}Dc6ONgtE?72S*JUT=4&%
z3Wb=jsDu>52YXz<ajePXM+>L`fVEy}jHq8bMt1w9<9>x`86NJssxqy#?*ux$ahea+
zfI(L-Tz-odMdGlh2aI8y)+=Q9w*YX+x0^OQpt6$l*zDj+#+6Vc1&F19&Hkm^j3=X6
zTre6OBKKi%ddUI*o#z?*D;0CDo(qi-hdtk{k*p@xDIT)wkf2*Xtdi-R%oLn0MojzK
zLH*$Um4XKDP(r%$@F>Ni-*rOIs^(gi-!OnRR@bQ=9JnneU4Jn4wRRh#R#ndy09^Sw
ziN-4ZvHC@~#|NL-P3Ade`ZAhrcv^}l`+$?|V*Uv@4qVhM-|_j6)M$j9+|{ZpNw}@Z
zoia0jHi-Zi2>iKYZBo{0YIYvW#~AD;)5OhBywvUlN;=1zKf^*q=YlWE_hU?|%!Vm}
z)udqNcno;E;5!S!st<9AXm<U5!dcx@c+-4EI7SD-2K#f!`y9Mg+WekW0ckbwYoYmK
z%O|>3o!S@adn`Yn1>d7T2HqH)*xY`<OL^h!a3_NXA~jvN*7j1&XXKF#O2z&CgZVwc
zd2NDC?C)OdZwoCNa3B@NC)g<RJfu&x!HNF;@zB>Yt?9aZG6|8~80qB)FkHcDz4Tfw
zLXtb*=-odhZ9+}wgP<~@YpA7D6YdtQTRN;z_c4%0!BPi=r~f)_40`jXYgpOAA#}QZ
z*F5&-+4pXxe(#6R!ZmvvNyqjz2k=VYp`L!~-XeNS!?K|p1ElpVk=g*w6*6F41q4fu
z+tOA)Op;dJ@wmHcL0N_&Pq9iV^^oNK3F!cJ(U;!PjPC%;`dwXF*5FWjT<oy$OU`rv
zJ6a7&$E!g8KA$YZ@zR8?#ie;r?Jr39VRf3WMQ#4r|29vIA|k*E1f!Z+z_p;kHkXra
z=-@Sa`DoP!SOEM>%`baHui@R#Rrl??yOs?G!`oL?ixI?3a6MW9WgzJ`)tjVj=E#ri
z6#$)c0~2gueE0`2cobqO$;49oB`Io-_O3rY{I3@v>#prvub?r%J0;3Qt0$e%&+D^1
z?hi!Cy*~f=1blx=&?vosPX^s1Z;RQ0<V($tqR%{`>C8$6DoBc<j*s^fK&2UL>Sl_j
z`xSlVzI)~v3tU93rCK4JOUw?NAHzzRd`9VX!U_5O(f^rIqJ}bQS4kf7zs>5t6eG|X
zVFHJ0tV#!!-Es~ODCeN<g!)A9WER%$NxWG<uii?WuzAchAn$Qm1_F1xnFngy#om;8
zD4q}zRxwu>@K^E@m0R>2+pOvhfA0YB9hcYcJ*~3!&$kS|yFh*r8CO)P0O$APC(lW@
zA@F<d4eu8+nhqlVdtnZ`hhG7W7aL1AJCfe)2WEDt_2%Hfoa-lTkCsg*5Ok<8zGHdr
zLZO5Ou06(P0jRrlzvj6eHoqp1(j`NI9PpQ{?yA7;Ph0nZ2`!~1O5lIdsyhrQ5vPE9
z6#kwfIcA)Y-{1|XTy>_t9#llm2ZouA>BDAReh+?a0os1rk;gn>cPmsVe+@m?6&3aP
zqj&(wRk$5~b5Sz~^)IyEE&<x2J@pN7>Ydh<a!|!oF>{H}vF6FwR&gP4|LdzIc)@ME
zC*;>UW&Pz30MBu>v4Q6LI371|{YCt>PtH`R0S4{7BzOVK^pJq(8h80I>b?J}Vh7&V
z)|Sid85Z=n|4L?%onZElR9}HPlXcIJuPp5Ubv*_~ta@Lqb2T@8)B{96&fZJuWKLAX
zgfiJD=p;k2N|BEwR_ohG7JSr~zBXVCD-E^_l=)TQIH|1z!`uoTGOadMU`*a*Rf!-x
z9L431{nhmm+`5>LmFf417=ZI=-4cAw*M9toXCQ#yhM|CT^uL!e?wAKNa{q#Lq5ds!
z?*jQEWtTJZS5MoF_zqt>$F}7?6W3FPi`cF%M@v8JgFf;NMR4<)gbjRn8n<spCKa!x
zUZa64Fv5y~xqp|d2a2P`#^<S_Ee<tm`Q~pb4Ok4R+HY^gI&^L_+Wp4Hm}4$FdAtQ<
zX*CExX(M(G3?RHYeIqaIzZ$vCy|!IGBl#m1>ahe3pnPXDA((ZudFsNtd2|+>;zdnv
z;NBLWo5+L051^&`_=*xkPo9?Z(e6bPP#}$|f&UMDOi^2BF2BG)GCe_Yet3`2k{PQ#
zb_LNG<L_!w;2svWb*xx>X2>t`l6A^bsSh<?miZ%g_Vm0F7M6>oiV#Q_@HVYD_6Hux
zM!T&KU>=@Y`_F5AeQWuSxi_7pqo-hg6O~+b&t&30fiaP#N3Ha*E3d?4vLy$w(f#X%
zN+tO83=F5#J8!I(o4VO0px8_g4Hp0BP70~<YR}tE@a@l^p`FSz&E>)o8S{o<F4fGk
z{&-P5%#C59Ky>9@<9AqSUcPHG0{3lz{`tp`G+|&`!X$;;(TexN4;rA<_Wyg^4%Rf-
zOSA5AmI%#-1?M%*ea!!E{SoE$KR5lzmNuTxRS;P?Qz4khqWbT}l1N~X|NADkDE5;6
zO?`HmndRx}8}$q1>7xG}N35^^yGHOXN=a;nEn`k6D~6vxOG^iWstg`RUf}*B<6OXC
zGQE1QOhN0<nWtz0N(n2Lq4qIrF_dLo)ln^F025+lz0$G;#GVU+Vtw$Iwzj9cV;Inn
z#!AVy;L)S9yY%M$dnIbUe9YkH=Azoi)?+=7;E?~1z4s1ka{K;;^>`GIiX0mVD2RfH
z3P_hOA|kzaLR6$T=`}<}L_vC!4$>2ffb<d-Y0?QH^r+M%1OyUF0?FOTIlte1-*@KD
zymSA!b7#JpF-GTkc3FGvRrdO<wZ*n7IH<$VGhE7M;Y>&5!ETWP!3hwHOwjai?k;jP
zEPee)pZ0-gz!u*Loc$9V4&{56w`hSJHhawbV)Kdm<H@Vyv;H!aJvzO9`+T38d)<Q1
z5T^nE-W>k<{Qs<t(thXAzi)!S@sa<prvD-9Z`$6=llq5<zlZVqf!qI1QI`L7{2x;9
z@7e$3%oRaizH{I3lYpWlw&canw(u_iq?6YH(h%wxzfJ)>cSjYQuvUQc{&xHQ4M`cB
zzfq>XqWy&TaQa%VNwoG=mRosw`o$j{r&y10?(dJi?`z7|guJt$-MD4o?}73%%A{1I
zp+?UAIsg7P7a54TyZTrK-FUo9R3G}^@4n9aa9{bDfQi`KG|`T{jx15vy7rde;%a}#
z+K5{Y{;$d&{eO4Z5CY_BgS>36b=$Y9sOhQD4&W}vahDs{-<2W9oG9IcuFT4w1?5^k
zF)Dm<gL;Mx&W@}p@w@hFNB?@Mee~}?cycsUV=imOoE$o<GUs&goC=vK9HRI6)#dCz
z!e8j0RZ-Cm*XJW&e>v@RT7Pp>^<f-e=o5WO-W9BLrdXAj=Zc-AS?=ao{bnsUYEafq
z(-3DhHA^zP-n-7$L(^P{UK!e+X%zR;&ALf3dhaK)+vHca;S4D?;g9Nmv*tOOBTw|E
zZwX~cSGEpQl$j`lWrA?Rijl^-^STmY$ZlAUx0BOMD)b`^%}p3<uFCE1a+f%C=q(P%
zj7*kpxB$vq9XRl8;&g=473CZX!G3GtU|infqEqU|s%GPiO88lksKCHLCz2xPdei;c
zx9aD1B;b8shmFf^Hv@J*{LRccY4YaHo79aTCz@|>yEM)S2?@1-nQMz+>(<X&X{J<i
zNS%o1l^6FYO4=b?WbU4nHY-J(GSw0h5s~=?z1OgC&Rh6;MB8Ql!jgqb6-x-EkMoR8
zh3V{q$$d{dc+rtw8Qa1oIVs-_)wT5-SJbFa#?#E}7WtV>5~|b_Z$8?gH#9WJ)Pag!
zzh`kqNBlrct(`zAblnpX!^4NfAQ<x0XLKql>;kdYc}&!YCUxZF`WMdlENrS`(jqpi
zrMFrkoK4vF#A6Np)yHPXAFqWZ{D`fpicc@u8T;MpfoJmf-yT?;sL%R_X;X<i%bk_&
zz}=@i!<upK@8NsO_um?CZDh39TeS9S@gyWkP1ElHdc@^<E(kAnWWoC@YTWp)72Pk}
zbf2H}ciHw$t6+TQ7ZbZJ3r`jCjH+n%z;N(cGW-wj_a$}9`?PN79*x*eJ1^nTc16bJ
z6Azb!>39=C@Mp@~?gnLf%*Z-3Bf%P0Zd!eR4)F@1o_}n-*%uyFoyJa|`!=tp=psuo
zPE<eVwfd6}Qs*VDL+w!$)(*BnD`Xa5R+;pg9sNr+`OxnUp9Q_nJ~(!oo!!P6+7d)#
zet*|-@>b8g>4ly#Pahs-^=>#ce-2gtZIy2Q`0<+DlNeq%;eI(H5!I@?R#HCs6wFCA
z`5!U`y#-Ch#k?!3tMjX`yIshkNuf{%!&X`lMT_?G3brqVAT95eb_0v;q8p8>)m2Kj
ztg8z&Gh8hfmaXpfM_w%5Aek2%cE!o~Q{PHDkG}uw3=~^EI(idp+}Cdsa%2+O&a7;7
z<wI(TF>+&RtXz0Ouyg1|jTEk<{y5vY(--od?*<@@x(lwGy?^OLnnnVUDZaZNmmk>N
zYl~iIY&Q6;OqKh%m@jVIW$D&ewlw$%-j84vM!!s+*7SCXfAxrfnQ;vrId1IF@Q?uo
zBx;<e%2Xnf9WVq`)lOz!zP+BWb>lr&HqX8iw#-0%9`6^tYE`Jz@-{`G<OH%9!=v5M
z>?W(rSOY{DwNW<ZofY&eNj)%ei0Gz+rbaRl=~?AR$i(6(k_GZ{+gkYR+Xy2hV-V@q
zRJir>r6%Slk(m1-=3#v!TP$yVeFMU++_im`aZ=TOw;hgdZUJk|A)Z}pF5z~Q;bB9;
z{W!WyrDdgxdIzK~L|;(Qy*OSQ%PYS-nJ3Pc={j^vGnbpIjBwD%sN`MP$%_i_fBnh`
zup{uxz~(JqZK7AEmkCoyq_bq2LaKrVs@yVzaKVJlu6OH6xO&pH92Je=k+);(L(atB
zt}}+!j(istgY|Pe<b>56$BSCp6-3nI#21L6K3N%3R>4*ngi+rI1(2%~jqOy;9Ln!D
zS+bH^XK!AW6>+0)QkQAmMy2X1&Aa1_V%tbUTwdvf&teOW+dxzE?UXlZ{Nq4#b3^eX
z)7Nt04NjZWyXI>%9;DIwg(S*8hhDP&lex3z^_338Qb)d0%j))JZ$)nIYL_WXuoaWD
zKMcqqOh4mpEBHNhW9AyQXr@LEtez<((<<FaN19<U*jau42fI|VF0GMfi?>)|1p2+S
zx}bP}B#pI9khp*Z!48Lqs7wNeLD#HKTvGr%iYP+H20Z+FsnIhC1{(&!eF|aPteJ{)
zlZu9YBkE)-Ag3BP3HfYU6^+5)p9PX$9ND8?I=w~4*EtQ56#(Sz==T<?Ck03F#VLnJ
zwImhO9`r+<u$&XFuC7#j0+B<4nsTD7GxhMgg4nX63^kRDTlVv9<G%8@%g*S#afXFH
zrG`qa@(|f?ZEa=;F$nuFU$GLN)J7jggRG%x1UKvZ=dcw$<VksN!f?t7Cx3FzqvC1W
zdzC55>PM-!yG2Fz+a|}g)~R9K=ievuM^#yTAL}oFn=0v=t+cyh)V(3Ul(`n0cW^g=
zokt_&LqPG1SLLWJQ@}zsfu$u`<$DjFYCS@r)E44PeHGO=Gt(jIk(;%y8J7-^I3y9$
zPbo7MX%ue6<z0;=6tas?4%R(i=2p;+Tbk~uaY^MQK^s|}*ba~hV=7je`9r0o`9O7c
z@prp#3wAO_8#lA*rY)b!A{&D&x*e-WA!0Q2CdhDLYQ*l58=+#5A)V$P^N)D4uokg@
zViBK|aqfIjSk03U51vN5UNowBfdag%ogtHZ!=#L(qX52@#0r<1ILfY_E@vY(U<R1J
z<=tv<0dd=>&r2))SAxja`E%z=Ll`QHkHfcDCu&^F0BPdzl5UH*#>P{kU%$2!X1mbg
zYO5brkV(Fat;KG6zV#d!mccx>Ol=A^M|mTpKW${!kxkUHnWK1@iH^=ci#Disp1wCB
zNspZitTWr==7&zGz(%K)8VL@0$2v<$WwJ`}+GmUQOWw|w>E<{LdRUHe?#7nWhTRI7
z_;nExy+WNV3<eq7?hb`=@6ypb7By#1xf=o>t^JQ-Dc-ABIT-h#p#EKj>CIF*ycv)#
zd{?g$7Awy9C`N;L31PR^>e~=3l9N^h>HJ`~5?o64EIp}uA(2;FRu)gsIV9>lL)=z8
zzd2(tZebJDWRM}2?WSWr0eA``Q={SCcc?YKwTcg$b-O+h>@TmmZy0fg+BR252mk19
z)WTQ0;VMHl!CiW{p^^%i9%QS=>qoK=Pb(Plc!g&)Ape!L-m6(d#W>-84e*3n=}@Jh
z0uPUYXB~IcZNxVT4uowpE8_g<9aQO-f&P%?wt~WRctnKB#L4EfXUEkgh}8ozr*b2m
zkW7X~y1j%H!~%%_@bQ&$i>$>~td+AOsJ@f=*CjX|MohXw26dugyf<nE)GEzO_Zo?w
zR-Q8{E^`d6Nq{E?P{rEB@5?uOix$k)n^B%2Dot<7TyQsxxAIqIPV*i<#1cLD{YTd(
zbt{*ps0luFw+(1%j_poUqarIPbDFRI97m-1!_I4MAURn*V8tr+mtoS%jP33UCtq5x
z?Gi0vV+8QR$Q$J!=Ji224c@L<bCOWFLlc#}bXmY5yWRjxA8%wltRVz#SNqP9xbrx8
zdW~`dV2%8jcDfTW8Cc~=@=c(@w+)L*%_-*R%OM~RK229@S3FpqR<Ng|#2kyz*^$?=
z_Ibh!K~5J|21^Z+mhHA+yOE@W%J+-akV1q(-#UVXYvB<<6zO%=B8~pf>@}ydVzMtb
z#uYNy74lG1?m!eB#vJ<?=<-#U=E+-Z)ICef+*n;mL7=q4tiVcK!YESGrfsAWF?9>j
znl$=NeuZ3MtQoBSZ1bWx=GpdT7TUTrAXc)OFu9wzX40uS-k1^xWot%Aw1P<}fr8oT
zTSl0bhnm-}q>%Vu>@WPCfoF0a;BAh{L8W8^xvpD3bNER|YH^HTVvU8DSs7#`P{?*m
zQcmO73}CR^u%tg;q!tC;dDjA|8(tnAwWI5R$W2^c9H07=ZH1pde`3JdCBXilK79sL
zwer+j+t1F9Kaxx0@|0xM1^Kdo$O(sU!}xLdub37ZUG<`@`_OHL<>J|aA8mW8oTWR7
zks~rg?;nNR&+1B>Rc-1`f8?`-EVGxavk8qiyH=Z@13IC~P7^czOTzJQ*0|!0b_E6X
zD=Ru2mvl5W4a<XDtNn=^&Y0WOuGIiqb2P~+5PY9&ffZIToWnPTq$bgJrU;JAtgVI$
zmuhn(v0InWB!8<cpKD-Gcf+fo_Ows%Qvu|zRWQZ@!HE<a<;yIG+cDWAWRgP=k<o5&
zL@Q1FgKVMxVYq+NbpZhfrC+V8Q8rYrp|$n6@;SoK%WBl!Xq3JdCcz+U5SUY;lCFjP
z9a_VEQ?!pen?}^YR@<4aK!MC#W}E%@<rTZ=4!OTBHV!jd!YYG9_SfWtGFTM%IReHo
zf@0O;VN@Z|GS~FPfq*v$YvJUKZNOWMu}k}+pKUY$_2!KXeECHMH}DwHF6u*Lo(n^k
zH!kyt=%IERhDKRVB2wlll4)9-WcE~7TH^Js?p}<M{?M={Fep>z{h@uk+Io6}ad9sq
z8$MTy`ZM7zX#Mw%jyt|T#Uft}Z}rVfwd(BXu;@+>hIM~<H2dp02cyS2E^gVk^ECtC
zFTr?%luYX_D4!R6us#}yRuHSXk+7+=o}T`&YHY~z8Eq{QDdWDDPyx4=f7MgxAtB&b
zWnOB&+U<*Yx~rB{lDa(?bmimmB4d?4ZSD37o)DV4I!6NP)PuVEdVExS*Q3_Xv*@e4
zm2!b-cP)R<ID~QWH8mMu`U@(vcHkvN!2kW)?@Fo`g!2OBE@g*T?9QSY$@9`8B4$u~
zu6<f=9Od|~i!D<;d`az;YE*$tFfgpGCwhB(y%a&8#}H<a=0KlVWEyg{K{dRsu*wOW
zIa?@v-B>g56K%E_UCeq&TVPIHxFae<b5l;OU5*|%T&HJh+uf8O8WF6YcCvZaq9Q8O
zk8t>+Rz<;!w#S1z(r9$E&(D{IWa{i}Tc)bwYI+iV$07=ol+<hSC6W}!7qQ?7#Y=n4
z)>V*x=!v7TyD^U+%{6>hI)>W{t0`kZ`lACa`NG+{y<~x>HSP;DzYcsMt|=LHb!s!}
z)ZINtWSVwKI)R<?aE;33TlkK{iJ+R2CMh6zalCqDKncdnCoex(Py1we&^n-!%3eL@
z>>%U_3qeLyof-#f$ksu`|G%aFF<yS85li$1gv1S2qSsfS4Cw}CC%Wl-Ja-dcIT4MS
z{g`lQEx%b_tNN6FVNC^WerfDPKd@dtRzMnkHnQyN%!2N|u!TuLy*WM(rk~Y0<Ck<j
zW%*KF+v5tiD+-<=J!9^(_G_0=NTkydyLm;OsI;Oi*JF>b8~?(->);y7k>@0LF}c|U
zn3wpk!*A6vQHXqM1T+#U;xc4cHE+-OtlaQazR79o=Sj7=Mu5yMi8=cg(&RNpmf=vC
zwo1)-Jh)Mq6)4bJ<3STkT`PX?gncY}8&rGV`;4g!Jo}^YZFKF1D-_vvrbD2}I2)7)
zw5b|9dl9B(*Oy*p!FHK{J7GhzMi|oY7!ipU_!9cQ)^GevYisMM0(>LAm@Y~j<nQ2I
zpV!duw$&Pvb6XvPeq7FqY^R5<ppxeB#g*S=Rf^8Aac3c6bFZGaav1^dlG6G!%Nq#Q
z)rPjmdRdtea<56&6GVoNU7tvBEvMwsL|*2LlREnP->ZIw<rVS=Z@c947MqH&9A?4{
z#5`|~d}hDB0#9v;wux9^*ZDiIT1Z*lf0e!2YrC?7H2XD6=J({DO@3WGe(Wq*y)^8u
zW6%|9=im$#_in+c%;WVpqte1p4ZUPs&XxKh-#g(4DTkO?(i~^9C|$?LsMM_|eq~uu
zcI&{_g3<zNcX&d`_l~Hn2kYsPX|)K?XeA%?)=njv=&Tj!eZxB>9(%9O?}t8EJ!s%2
z_wWZM?%&#^c;WzQ%J<Xlks9xHO?k}Uz!BYXWfLTn#eBaMI)Vfazc0~;&l2i66LQwz
z%HA<Tz~++U65QTnJkNLfU6G^F4YhB6kRt*s3b_J>*BYlXz4krnx~ad#v+v;jOgOEh
zc7Wkm<l0(8^;q_8U`?YPZ}A}w_l-_BxHJ|^N){YF@hw3hV;OybZnJBc6C`b|IA`#u
znbCN+LH}ES!%RMnyuhgP@@P<|G$BD;ik|fAB74nPnJ2f({rhTh;1D9mMlr~yp~Yew
zcV&}vLI7J@2ia|YRK-!-WU){t?BQHtYA7GC6B-1P<|=llWre%Pq#g7YL0&XRIS7%f
znw0Sh-i4V=BpqvMdG*`4YJk}#5lI7O)vqAXr!rzh(b+jW@%ex>)(Dk7!)^V7PJf*A
z^uEz`=Mj+efAHND|2ldSmlQDY(e~l9Z^^<=4X~`Ce9Wbrycpt4y8_}T7AyEVA_Ds{
z+AhVBVeVW~Q&1E*PxhT#noS@yjb%04Ij<=G%IbsE*)OpyqLq=skRmfQF1|4^)?#CO
zh6U;{IjUM6IKjcp_0$b9!>4f;D-8GwO}uwO+NWDm7+Q~L3_PL#lj1fQHiFE>UX}Ol
zCJtFwn2Hmg)AXCC^B%oR#SM0j!ndmhQXGYO+Qv_{MV#v<%N&(1{g_;M-RME!k6&AL
zvkuuC+*`s1B$&(<>4CqB<H>odAQKeW3163+aK<})YHO>jNyvx@UWYlTlNfZ%TdKVK
z*Kk$5Ykj-2EBwB}c!hOsg}nbzRdI0NBc9KxlrfqV)b^U$`?~o)>Vq4}!iKetE8k*M
ze>4AqW0&nz*$&L+dBfde=u-M|!}aKlW2F`r7GHde?yWu!nD0_04|MXh|E#mU4NU4}
zzIAb0w;OrA{D#r{dm^CHqDHCt^rLh!Vnq45GuFYYW1m~O21l50JgG1}Yj{H!R6`yj
z_oIfB;I%h^(BL|+&}rI)wXJga^=q)b8d&6%&w=G?>Y4iXi=7=qr0$8Tgg+2Q!2NHi
zTimUMj(q(~$AK0#6@ELwaxa$vcxoQ*?vhka@ugVJsg4nnEM?0;c<;$1Uiqz0F!N@g
z=A`M5Tkf{aqIl^&4|$#K=1A!A<l%Y)S>}tw9Y^nMEX!sqVt3+;Yrslh1J*k@c>}gp
zZ<ZKDQHZ7m4h?ePl5}Jk7wns1q}h)jdWI9VC2?s;B;5+7Hq)*%0y>=|nW=+P0pUTg
z_<}y5m<?a)9L@7u{-SbG-skSzZafpA7L=<^^J-<v>KT@wk{xT_$a(YBdF*F>d&7wZ
zVao(?xOV>}_d7z<aW-N6M5qSe9NkVlzhdU9W1Fzr@f4Gi@8zU4V?vdgXTm#s0|1*H
zE^%l*K}(h1g;YCWG~>jH=uJalTF<Cm++RlCEB1GuuPqR~8-Q>F2N*miY;2`lHqS+}
zgIZIn7M56D`}VZoBW0@7XbinLs+4Azn;E!jgm%#winZn^e>D&$lwz&+1_mTS=|YEm
zETQS^*L%%dLuue(4YisIH&bl%L>QO8djtgqr46ejr#>!Dm|Zt0_{iG@oTO^|k=vMh
zU?B-N%cxBFE_ac8EdxgX#R4=3NpH$ZI85F-L?y@Y!W4EP63!z^VPdO>_sqwuU5b5N
zED8d4!GT*tEo0ZgGPVWMxVfif^76d@9<Ol~QbSl4znJ#l%(Vy>Q*7iIDd%Tf$b%o2
zaxjG6fJ5F9E~ND)&C$$1`lWEOOH7VtZMR{I`^JFD8yl<Fe)j(0Aoio{Zoy58f#Sz9
z0H$zW3iMAJBF6LQ`MY|NC9c?aM)WT-1D3bPS3)uQ27zj7#MH?hGpg<9(-izzTN#7%
zTOviGMvyh)`c`rkt!ZDtUi!;`pGO({J|30gRyF2PT|T<CWmvAF3KgpnTTi&-Y}q8^
z%WYq4x*B=#>luC>{4{+NiOXh+w03tOr^N34PrMFF7kI`~0Coo*Nhn5R>N~PE;WW7`
zRSP{P4_a%E;abFupdgw!UgeA0b1i_m>EP=;5jEA|hp(()Y?t`gF6|u|9XsYy+;7*5
zshHtE%k2h*TUs{xERQ3pS}Q}KSpx_+JYw@#Y)8ApdeT$1xQK|Vq?<cyNfJ{%U@MMx
zc92-}lH!8-jY}*`zke{6@wiDkj6jP4Uob<?e|)(bnBUEcB=pU&6Czhf*i5$<%rPzl
z#%Z-LZwLud0_%X^JvG>X^jV%x&i5${j@ywv#m=7Z)?$%9@4t?+c;Z}cR;!=^dl09p
zw|NtK1@JoA7L;Hf0mp(>w9PPZHd$<7Cr%GFp$z2e;J;Hsb7x$sCB3`zfz~uKzUt+P
zeICbuNLWM0Hs*HJrX*h-)kzWkkuP=Jh;jH0&`cb!UR}E`V?I%{GL+)EpjCb5^o1uu
z6FXnK3;<>L1RR2?GM}pf4_s}$!z<+%n55qv^DxwH!oQn#?I!^--^<~|c+T+Zoc-B}
zK^Pj6%q7U1uX@2zVS2Ho#~1u-5|BDcy|(ct^?520Q&SN|?ya{-lhypHj!47LP|P6&
z0i_(~{hj)(>dF?CTI9YPAmexKZllkNhQySf(w+y?v$ndSPa2n~_L&N3D>${B$CvGB
zV}vlZLekBXukc*{J;ggp_XeJxQDq^^Ho)_etOlM<CL0gzPyWCq_#*=EKfez=<cLth
z&CaW+xdnf@RPOZ8$@zgxiZgFsr7ey5ej4OEzh)p9YDTVh3V-`n|H+etD6Zb|7p<L{
zRSSIrqN3kipF922*!FQJ@yWcP`brMzpzJ9F<|yEEi0`gT%LJr92O#m^pF4DwftXio
zbKej~5mym<&E}a*C&6A1+_*S^K+&&)n+f(mvw?py|NHxs_=x?#zYi3g692E?=%f3w
z3h*D#9RBC$U+mpC^853ULuvo?3;gR=WcI)FJMixQzvMV@K=aCfn*R@R_Sof<_<uO(
zz=8j4E5Hi>5eolzO3c)%+~arXGqXSV7DOfHW+7%HadS^7*94J)f0?CQ@~PFlH08Sw
zHGVv6#%Co{_R=%#EIgq0^yPlpI*&aGaNs~*=qlHN`Y!!%<*#}NRX(kjxN>=vj#~<y
zBX$>iNf@~Brpss7z19ksuQPum5-V-Vv;SJ<3-FqMXm(DF=i0A0i_$2M<IXqI+TyOb
zm^(|hEkSbLK@{Ty_I1&$NPFOcS&0{~?)J#nA;X7Bnbz>9uC^6pUV=ff?`ws-5;yi0
z)x&7eXw;nn-J{ZhMsb0y&kMLyx)Cp{n9epoiu&2l-4{>a@BJ7jXz})GC1su&<GGXP
zTx8_1`XsWcv!qHX%~FI>+KUd}Z}FJS-h-(Iv5)f^{evo(+|Cwbl$IlpX!!4_s>VI3
z=*++S?ksoiRu$7)3;cK6&;ED~2C;n*w5^wC%yjNA;>@DxtYwWPJZQgfj{`IE2iA@w
z0o|89kshioTe+Ufu^$vXkRD;V-TTkfxrj_3x}?Zsf9-pE^YvnT^p7Z^D~a#5!n((h
zasTxY=@xhhwfE2@=gFS+&}X8pwiTVtKkld|?~nfJ#G@vrJHg5Wy3gvFd=m}uj-VNc
zc0RHT(DA>TaoKA|@v{B3>~y&%!#r1C)ns=K6@pK4d|2|o4|Q&yUpW{9m6mNdFnhAr
z{NnoD6)&kOvzs1BjGi9nf=t8N{mBOj@^=L8s5c<A1cfoBrkaV(5sSlfrY^D`M#v4z
zVY-3dm}A;1SN5+8U{XHv^g7jPW-P^$xI~$DIVJueuFV#me>hq|<m%91{yrsUHKZk`
z4VqrZPcK6uq!&$zRt6R)p@Xf^rI9X;iUJy#;5Ey4GQ|e~(@o~^w7xy1WG<DH6W$<g
zLkLQ1yNpHjde&dxAKZkA_S;QAHqSvtVM%@3I6mw|+*$MDI^$@!>@};h0@~xfwvKWf
zyObPGxj3>3nsT)0HVEc}RR2u*pc%#-Rl@$ep-ZUl<<U2o%Yp$n?=1^;wLaIY_{*HS
zVx~nSy$+rXFs@jA(=Nh~R9WXPODk1iUpaV;WyJp4LqOeG!-iC4YRf6n$?v2emxWpQ
zRoZwb*USrtFtf8i@?UnY*PHDdq@P^)`P&2U*9Zy2b)>A}y)6+9Zq$=}1@8=}+Qtyj
z_F;o_+`el1WBRTH<9^i$hP-u|YkT0cyCM7>$IgSDd~s-{mq$71g_eBbE8^mIPygIP
z(fB@7tW~9-7sIp9TRUeppDt9&8r>rUTUL<*H@JPRjo9my@XZ+YcJn~!AtmL5GqVus
zewwE6lTjbCW74?$J<|TNY(soHG}B91jn;2CF6ltMZ%%pkTfITI72UR0{EG71pxOdj
zo(1djtRm@Va^dcrVdtee*gr4VhAc&;n3l4_D&}80Zk@y6Z&XmdY^X{hylr3k6^9;n
zO|GTkH+%h9bg%s_e)g7e^pO9EiT0}#`qLvPe|P`1v2*#Inq|=YtMsS0&<lb7ye#Zo
za%WOXTlR>}RG@wRVaYPzT3%NAN%p)Z<i4x^-6t;D`YPnEdN)Sezw=ktA(KiB*Nps~
zA3$DwGEKLv3W~&Bp2C(m7xec>#wdxJ$o}r@j#4sst>3r&v9oFipW_B$X3P<Yne3+z
z33+$>9AlH@PZfOfSavi*8(gtn>iM-Zd5qmdz4*D<1;`)28+eux;d%dd!%I#7TsQCS
zqz5ODDD3POopxcjj8VOwWS7Bo2?d;oKiZT2PRn0c<TTcJJ~zpy=Hle<*#0`(tG|~N
z!-K5e7ldbz_>0&M6~>kaNZqtvT9ISTcR*e2@@f3NS~`GKZw8ZX1efFS>xDNJ-?K`{
z%`H8NO}HRAx${KXO0FyBJWRS{e1BBeu2srR#~b+`4kT7jA8e=3E&fTN-;z@u?|ZYF
z`8szjt>v#f%X{OxDzfIB)Q9sSBLcLUO@i*Oc|Mg=9E&kQ^VwAU>`(B^C8-Wgb0&Yn
z43C738ucXN{o^ykKT3PU!__)tH-0b43((N2{>Yi>w_jd0S;l|X{D&0|LtG<MJ|gCd
z*;`+{jp310(DOxAsqhQWO?s*R%Y*Sxmt%^FL&rJSJbu_!{Y#1`^?($Jq(TL5E?y!9
z6lD2a&{*h<$*B^N9%tEG)=wPFhc$QbQw8PCrzCG)fM89lKHEzrD<2UEtj0Zc?|Xfr
z=+EEdzr^T#BNCrrK62BBP4p}O=rC!jbR2&Dx+*Q!qs8aIHUM^=z4ce@LgLenXLuqy
zppr-U?kk{F68`pAz>YKhZlexj<J-ia&nltrF#mcSpqKiKe~iN}i>i+6yx9|Xm+Y@S
z`*~T?hDc3#q-^!_g#L!pzRz{7)8p|{o=T*CsyE!DGbYB~Ad97DZoKaI6h05D9oAj?
zjPYP038uAq5aZDmq(vj|%(Ze}2V7S=+*yb(qPJi)1nF7LvcD7)W<DK(sfWkIPP~zH
z_}T-J@szkf*KCPyULKzFYir}TtyctM;tSBb2h`ubG3=Q>=TYizS2Ny4diLYhyXG4S
z=i}F-7xo3k*|THpE5&9b%22tO3!)F=FqeBdPI(c7UG#U^=!0#GTQ@0PV2{?_^433i
zu8L@9=3HZuwfK-VO-rOP*vD&MRvy^S99zv4xp-qV^n}@?>IVmdRjRz0_tpn!r8|80
zGO^XaRHB4tlFCAbAM0J(pM~Zv*=g&pcJjC_P)%nQlJtWm))?67N9L<1`@4Wup_&|9
z02aV&F4^P)WS@?oT=wjcZDz1mPX{^YXS)RwZc3)Tm+Eo<cObPF_pAu1Kba3(?rgV)
zn{U?Vc0b^AoLUH1gpUr|{O<X{q|ct7!`(h7U`%CPfc)uU@}=#He$d<W?hzj^fw(-U
zw1peCIQ9Qlus~<r3BEg^``~Mqe2g%C%W^^viuKw3Iq;9Gee93DUfKR+4t=mQcBm2}
ze*?Rg6W1132(tjzMma703Fq&gFERbr_`gqD7{*abWgZ&{-pyBs<_sImGs($-^}t*n
zMJenP$nuLH%K=rOvcFD-G$I~MEmzLzkGuRY45ChHf4{C$W7Yb@HN6#zclOpO(Bzse
zwqO0VT-FtreVK5{b8qt4qa2siDjWPes~tV-4NKgpryBPxD7Ff<3MP{qB3DJjZtU-y
zJH~s4L;2t0m(KCC2umjy3-GUet4zAdk5qLqo6_j~IeT5LlJDzv5o+b>EB)73hurzn
zW%IVsjcQf@Xd;0<+Fbpge8^PH;Nks+*u#ag{pT#=|H^}!^ox)?K9K?66}FQp=rVbl
z_(Ix>7;H++n#(9<$V$fd$9pUPnO)10zs<a#;I8`noize+mT!h9w833L852mOh=Kyz
zwl&6FaCch@js5pL>e!uuUtbrQ=4NID)z*GpL*TReyJo#vI(vJy0D|LB=55W`%PJuH
zF}t*s@Wa0~>}03$fNr%q-#&ZYX*tV!x&)jza)J;XL$5<S-Rq%Bt&bPO_M9L=NG(;A
zV$e(`$et{_=9aj+I#Qy8GiW<Tr+T+R1AZ2>U4ZD<$nAXkJF*G>;qsMSGD@W137zy*
zHTjA9?m&a%2q>_IAILchV6s@}+OeuYyTnc58)|z<rC?~i%!G@r>ccxmySod~?ZKeF
z*GJd_7n5;<w2tET>-I>PVVu{GpL_tb@bi0k%*9&RK+F(QI1)RKlA31a=Dlt8zIT4{
z^zU8q0A12QZ4$aR_jb1+k`uv*3A<oASSsCkyZdp)gSc>3ckibX{wrbIRfb4gZ?z#1
zN%xxX8JpPXE{)_EM$fACbI=rn8TmWc!)|}LysnV4Q2@^5pDaal?1HLMuCe$H`sS~r
zdziHfl)pw@Yse8K#xZDvx2r34HQ9IlxQPi{?lOSmOV@EcF?oKB1At+JsgI%%Scigl
z@6M|xhgfcW`6_kxyr~3+sBO#-lOr)(Ggd2vuZdn4#rQj6U3xIo-}AVY3nGP(&P!^(
zH4Z{{{QPbFytDrD7FdQ50HgJ0)ZPI>_IC@rvg1o&8NwRJ?Qtz3j)P^Y4GTu4`h%`0
z_tp=SLW14*PvFb<g5p9#R?ofD1Z1e@sSDMps>G?5w6ru3izx$T1!h%J>IuCj(1F_H
z$=7&9M7ptnN*K?6xuoMp`GQr7!j}}U=>p61oUoOqqR`G=((*EKQ9q{pi|>;DRurVz
z%Galog`<V`s2HsKTIK#>s%F}+rTAhiPj~l`&Ql?jA7nFsbB#AY+YA9Xkhj>l^phM(
z7G;mAES|K480CAko#>YZaIohXBs+~$ayM-v-^Q#~=;G}B{8cF_DgV00LfNOyKcg`m
zw5@B_idQ9T?z}t^X9$3VR(>0Q0c1PrCY08G<IL=Qs;>_5$;QIrStesuwir%ASg3sv
zS3$(S#FYL#)}=;TaZZ`9(7O^g>n@=`_1)Zm+AcVLOaRhA;X<IWZbKkULB>q3kk_16
z<~?l8Or}wjr8;qY=kr?cwi+%+T|oCi0x@%$pX)8nra36zZzW#KtS$~v5A=6@$grw6
z)EgJ2t^ctW@(1N!>ni{(eiRZAmnRY}pJxOw!w|eVHEY?xHk+1jye19;KE`EvH%zWn
zTQ6`mul9Wu$3EYh4XHI8M<!Uo15-!bc1-plxZe+MB7#jJ0C%fupqT#1q#v-Y_>-s5
z?Znl=xf>=Qtrx7c0_I#UhTl$g)dH{*bc_-VMCGmksF~sKXv=i&3Y#GMi;AMnHdpud
zw&TFFKuq1EBF8_C<1vnyOnDk*uIaEt4K@ej6nR190TT<?h`|grj+e4Ht_P8=H3^|o
z&T?`hT_${qk-iE8%gr=2sTMHkE9PZnffi?Hf9>1Lm!k+Pa7hP!uA65mLoW-@o;6ek
z7{1gsx>xBg|E@qns`v@?yAJL+(BV?~ywhrQx5Ru!n3rn&5h{KGCt<xI2f)>OAh}|g
zvfOy~f}z1eA9SEyive)1ik(k$${dZZBjC790D#v#Xmo=(xqW=R0hVkVL{9`+(3zaI
zzx|%h1rWy76#^co1WwqzAh5wVju!|TWa{&S>~w~YHqxTdCzF!M?Vog$2Pxr+Lj#n{
zTN!Wecirb~blAC9G_zz$GbtdsqQ|nN-5uaaD1$UN`|lsZ#9+Pr+)XKXTxfb+ViwzX
z`@`4m7Xw!QCjG_G;L}Km0jMC~bp->`fH4r>kAWNL?LK11t)+);oS0}{o|!2Hh){&a
zf=}uWwGn{Ube5uU=;~b1!8zU1@S2@Q$W)`xt*Gtf8^}fg@F@{)8L4Bl!az~5a>Btb
z;_<ERM7@U;N5XV<2$%oTm^fR0eU-N-Y<pWA5UnDx*)cJkFjU;k6-W-I5M=Ly+e<r#
zVf2+Brvlt}-Wf9DZvH>8)WMC`r556P6C=Ht8gI{13lKcc@|VM0cnQGFMS<9p9Gg2&
zU^1TCh+x%|+(lTc;Az)bj(?!d2X_Oz#-x4ON><4?^J_}eG~(_OF?x4M1^7%^TGgge
zfu@7n(9R00MqB`;&H`NXV**0NA0N*-?p6dn2NLIzr2%*Z13+0Y8d(>o#Ns%Y<z!Gz
zBgaSE0}umg`j8?@6mii|8H8g8CbtzA;W~15jxBfgcJL>X({N`_`$pmo6A)WJGn{Lo
zI>X?GUQm?OVGBLk&{F6A=-lbkON*yH3<uvYM+x!Z7Kd{p|3Daz&_lvp{at%M9k9MB
zAiTQ%g_L*aFf)K&5kLiaIu#ZR<n-j^B)NO29FuL<akIM0iRkF>pCr1`53MVTU=!}f
z;dETf$^dE=fa7MUk5)x5ZV6w;Pyk?<bDhnq$;(Ux`*@Z}yrRY-T37BkQsVmZ1mIs?
zL&J|d-P>J`)!!Ve3C+G%Bbyq*H5LO6xaKL!;4qftxTgTa>*|YLr!MWK6}Uc)NfOLN
zzUq~oTH``xh(So>R~5tA0XjOqu&=WlnV_Di$sz7G(NND7{P4BHj+alWOV8HrZF~rT
zS`&Wecl&Ivj(5*croQksJjGYKPoK$EC4?@-Eu_AUj4-(ORnM$c8vyd5nfdC|l^aU|
ztNBtAp!P1nF8c@iBfx#K<`s@wh;?wSnBB`0Cgt}DX@?_7Q5H8@OQE|}r`}ouRP5^N
z>Y6}Cf@EVuo&D#ge#3m*E07isOx^N&bm4j2{n)tqr*d1kM~SNfrP=1s_b4_{7*?jD
z;?PqS@3BMwZP#w2dn4`$Zv_{FvK|PKae%Oz%HuyST6K*acNp3^Lp?Buo`H_E_gbLk
z$~8KC0@f;+_|#}8xkf^w-%3O!ZmbzTm>PE+&&ydgH&cW%qsp@&oDs?NxF2j>E6aX`
z0bZoM`yd--d_tqJKOF<)wK%;EE1Ev2q@H@;arT#zBgpoB;e^#Kj^pz(`0EGuUn~H)
zMvF8Sc;|Qv6j8qpf3V&lsxVEZMnv<et!QVIwJGji2LN6QX-XN?iZs|Akn!*peh;wO
z<o<TSfaUG323Afd>??p^3;mPHVKIAF;!Xx6-C&B*u4NHPxzc*~1!crZSUs++?Q0Q0
zVBx3JKy-LdL$@=x8j9Vz(-!W(I9n_>ULP2pMBj2kh`dga`RG(C<crH6Xs9+Se(WzT
zEsfuL6F>gJAK4D{zhj0vFbyyzr?T%e-zBv;kE2%PeHQLtkS@T{x4K8OHu|0%hCq{N
zBBXJSBPQ$UQU`$UbOh<Sjw44CbR2|LR8*W+=pp7P_Xve;^6?C5Uxi+x$4|S&bKP)@
zJ>Uc2+Ha357T56x!<AF=wN1-a(Q#PMJ)}~5F9YE)b0mdOWwEe97%tBEa`%N%!P{s6
z5BB<nYNa~$Dh7~xi;G*HIBqO>i-BP>a}VkGRy&mf6r@=&x4cHuKoL_ILN7!YQ)H#Z
z#iim+|Dpoo);dTmJy%D8cG&<Lb8#4zyu3VWmBUkQ^sOqdFH^pdB)hRVRg8A?7jzZg
zb9$Ylgf7c&yeg0Fr*yoQ>mEtqmA~bjJ?&@n!oAPL6NO$B>7Ri3t_>L1*VluqIJ8^N
z5l1gt>`XZWP>5;RN$$Y`8aEoiX88Ez@gL@+`HlggY8-iifWkCy>drKvPfbL2aDwD2
zFYMGVxOEwnNgix;8)M;6+?~{Dm!cyL5!v3zq;J5&juW>bcxeUjIb6a4D<f>vRb0O(
zy0Cw!O1Q=L;|##+!0FVG)hD0N=rqUtK<)71f5a+F`2V~OaBBEBg}<#YkSoz7tp<_=
zV|gJBL1u|g;-XQ_GVbYI>Z_!1>kgeF<z#yMS*3G3-HxrPS&_6Y0x^_h_p4_+jjaM+
zRbk&(&}#u;8h6^-+Y0@;K@i+(u2O+5uPQ#i@50ohrDT?)8WdF@{1;(>86Se*40Xd5
z8<PSH92W|?TSV#hc|rYHdd0nJ{h-_#0Q47sI(nu3g<NT>)L^ZrqF6B7e2+!8YSsl|
zwPPm{IjCUhlS$mC92TdsHO03zjz^Bz&#fKy@brxDwKcGx@sSCdHBG|(_DnvJ?D~3G
zF!k0J){3{bP69Tw0zf%*vREN|c{Kb7#tU`!ni`w-l4K3Hzq4h-p|w49tTmTLfXroJ
zx7u943JXN}_6w!bKU<_A{6EF$wKK4pau-~86d4Ou^VjQq1SK5Lr_OtW%#47brS;VH
z-c1Lta*M{K7KTs36q}M;4XneJLQuR5gh5qcGq77mO4T_QUIXv}xZ9CDQRy~EnoF^j
z1wa?$<iH~nTJafc@;#k9p&F6TY=;kR;uF=>tS_-gI*=P{8>iuRl~ZTUq$a8ZvzGBv
zmWA3GB3A1gH}l;Vf)N7&-b2koAY<sr3D~HsPiTU*9lNy8&dV3XT9J(_8?J_{MB@3p
zrv8K%j>gzcT#tB5QA!d(u*h%sFsgiUdaj1PoE_Y1jpIM3BW2sC+S?@`ej;-PEDGkl
z;~Kig^OEgobF%K;(?|JU9yoaV58mOw12h)fpSftdcO1q-+~TJdM}{1YUBp!kHfYiv
z9p-ADD~Yx~)w2DQv_?~S@UM!Jj`UHJww)D<UG><n96WYV7h2AJ!PAtwsvIq&#t6n&
zH%+Y6tZxL6KQ|6RaT^ngj_ZF}SEHjQ)Z(TC8COU({Xfhmyouu~aQN2p3mUP}2<hG9
zZnxO$JFSJYvw_>RM8|neswoaqOrYs4=WCiDugv7&a3-~kdB?UJH`X^$kLP@4W?!@8
z*9%BSMn?ECe(vGC-j2B-xfD&uAMg1%#Gjr~YtK?TTA<4s(z2e(MDFnv&POS1EGm0{
zY6(o8rax1TM!$BSuwRo5Jl|r*k(TN`<X~5b;*$5MYI4z>c$DP@yrxb0UnYVU(;J^R
z2Ybw3*@U+21hg#IuY4wB4MYp(cd0L`&^)dDRSHtzoRP@#GvuVKcGnXpTk)B#+=!NT
z9Q}t?<oVjjBa!bOA7$sor>_T>wijGg6TSJ@@br>2)PBggk)7~&546ryxOvT%N>od$
zg%w$Cb!QdAf0)*~Hv8Z<Uwd`N1YERmL)D(PF%?>T5mBa&%e?)_GN4^e9V?Vk-8*8y
zr}pOF-Q;<J@8ohjtKrY8eGfpK0r(wm_z~G<Z8+?g60N|EL9ZbW)w-c(T$RDRvU)R-
z$A#;S^@(raY?!G3c5A*A!%i*s+x2Tf57URmgp10`6n01Pg<LBHQ&Cza;p<Ga<jWHz
z#z=Y5YkU%Cxo(z~d{vG7()V5R&^lb~<q2kHX7dKG6b{j{FPXQ3-%bZp9NLbRq~VGU
zN~irv?5%Hz8`k)dY9v?Sujp4a{RPu>A0l%yG0LL6>lix+2geCm)I~A<as?dg-=u0<
zUn=DX(u}_}EiF>a!qE{y8OU1JmCN02ze*H4a7-EiA<5$rI!{7RXt6H@<c$Ozt)2D@
z4Ni8~=4C_D5QYos@Hdan#p3Amgg^R|Tv7F;3qw?jH<fZu>a3p+^7A37!3FMS+fk^N
zR<C)DbLdE^MOI6>>ZU7oVFo^8%ibL)TY*|`B(f@Z>VBj7p}ms{eYokEbD|${<;?*b
z1Mtj1O;zq-U1LtbeW?_Bw;7MJfq^GA-J18bTG)xBVY)|{<GhysvOBMjYh13=3(>gk
zw~q1dJi*nl+1cEqBbw6Ve~$X%aKun8&Tl58qyq}CD!sOvt#k-oTRQ>L>wdbh^M4TQ
z1*~yHD$0N0lIJ=6dUJcyy}Q6q(+a$hsHbrm-J_$>Ev-W6hx?1e8sWGW{Dds&BZTTx
zHqKn!a^|m1{;{Cjo=Giz@80|4RTkK}6cuxWzi5;<Jvw??RDSCh&SM%r#ax>YSL!S&
zj#VGv!+#^X_12SiS>)nc<Q*P&2sQjZBD~n9#(%-(_I6M=$(NlAzEf<6t~F4}nOf_&
zqnE;1WQ@Zu!YY$&dRX7dFC4$<L+*M7FGp?TUbx7U7ZpF!6vB|$PoT(-a~wURVpv0*
z15+vmaqtUns=SM;r>~K5vlI%a*W_DnB;$h`M^)QNf}+>^V2=$(zRm~Vl@TMX)g#Nc
z_syWRjD(~FK9$oI{Z-Icul)IpIKb_h*V(&MrD3#<5fRmof;m+)%S`wWxjG{^%9|5g
z%5!pfh!m(lMe8uFPu#WV!Novw4!-=%o0mcjWOE9)q}pznmVW<1Ys$K(@X&Z<w=je7
zvu3lP^8IDl&)WKWl}$RHhncfEk$QrwTp^^LxXPcYrdW$WsADasH!_#%S7K$B7UR9!
zBv2x6?b;pe*sZ!*v~Q!yPQ|a=yt<i_IURMTJ#ir%(!my#i=s-quQUf7?C4*fdQe|0
zZ%A31rbQ&ej1cVwwvbGBB?nwfvv+$JkYUSj6y=7Vx)W5At(+X|vlXXc76H}KPehB;
zTz5mLCsVTZ&J;TR>MS1jj}EDJoY9|&eQ=Lu3TMnTQoL(32TQ-@>J^Z9MnGbH@v@7k
z*ZaLU9_7{!xrrTnse1Vo1WqYu{+z@Mfo&gtmHlhNE!k=OB+Xe)QWE=8K-Q^m(*JNr
z^!LAvB423=zInMZy7{!3HouN2DbcmD3C(0IKqZ2|X(t_98W}cpT3@vm4;Vhm7q6yr
z`IO3){5f$avD4ikC)-w@PFkD8PptY`INpBJnN23ix;D4#B6*U_I18&25tmufMX{|C
z!ISoF$e(zcY@(^(e1<R1%}H#AsrQ){wa^Wfo_oim9^y?Bq)xe%RxzC%hYM${&Oq~`
zBdwzxY2Q)be}3um5#r?F#Eg!<qw9`2qj}8ho~luu)Xc?KLf(^3a7yMadj1w|pMBel
z`SaYQ#3gM7eZ45vC=pBPpuzIKk-?6v<#E4hzedXA&IW4D81oI3h0#;3ElnU6sGr~1
z5ysf8)N$B>fo$by1+%JYxLF!`g<s7~<HnTVlnws)MqF3k#^lQDk~zpSqdPbJ{(C$h
zBAW3d_OR21GSlr0pRx6az0gsgI118@)jkZuGCXPKmXH0cxRnh<Ye@H|Q|fK|sFqAz
z1IE@B_4RFJV*lJSt~T^^*AxB5WpDeDO0iA)c6q~QKOD%J#2*M+VWz*53B(uqiiNu%
zLb!3{sk@7(Muhfliru(lH^ct>vyljA->z$xP4->-g65UtM8t-P6|CwZEb?wyBlWR2
z!7z>9uzMO3snr{>Rl!dlkzFCc-Q<$X-2D49P=k4;zTFdLi7=Zs7gVFF;`X2#9!VE&
z_<nQBd*#rpM5)JvMMBMsZ20nIAxJ?ZgRDDPvpEi1@X|V`My1SQiAgvPJC;4E<1<OR
z1KYx}oqKan{Bf05^$gh|V2)CIaSUpV>!2+=HeRa%8*ERn0i7C5ZNWH=5MF4M4br%K
zhci$v8Dn||2Bn<kjhc4!r69FZF@q@iwHUIbMzRq4Ww9(L;oD8irh67EAEK?c7Fttf
zY~qTse=?4f-X1BYTxS@Fjzkl&<<ZM1nvcPR53n<^mOjsIK|Xq^>1~aOd04hxR?xK@
zrGjBX?4Ok`$6lkl8Qou<y9;L5cYDsSnf~((bt5gsyyp9vW_lJsC2XQxxbDb%BS@o{
z8ZMK9ckY-F#<WJu$7YtXmX{3U3qKZMX{6>rsyyTIv<cN2+)7F+?=CtnVoQF&-2blk
zQp!X!)Mn?_?+E5gbkV6+W|i!$K>A$C!k+S9Z`rxJ3r?$+v%^hGZq8KwTn=OagF$qc
zw8GHDEf0<PRm^T~;$&g8u?1*f<EtGQ%Z|jZ6il3>w~-@+_oC0R+N(2V0=QDE+<pZ&
zS{mHGJv39BI8_yP->&Db|8}C(TA7P**WaRfmVq-Q8B&iYGmmmXVV1uLOcpo3qb<Gj
zeHUE|Ry3*hWG8l=jqs*$+}7d*yPU2v6HCvwWpNXY(4mOB1Z(^)`ut;mtZL9#E?B>-
zT)h_{Qry5F_tAMfyd;LlhW@4P6}yrw>GqT%&DPYPn?@nVm!(}-V+2tTD|g1=2T=@z
zh~$rud$6bXFKy1Cbu^hY;>g{{%R4Qa==mnN9)HCb0w2XV^ts?`>?HbkYnl0?5nfVY
zAn84O$3>&3X%OGkvM|ODQ>&E9<yc(^D7sr_k*qz{Z9^LO##8X^t`*A0u~%+@i?#Bl
zp!7l>-3M2Jo13FV94R$fnU=rEVtD!uYyQdlz6{xXY$|yuV^c0Wi?MZ9Z78KMqi7=7
zH#*pVIT{@e^(P4?O_UY8T8QF_VCyckK?_h;s21&z`<fM#l6z9+lAKV>_nWQQ<OQ>+
zg-ze7LZ`AiU47zdvBGpe=g;p4tkkcrmtS4QFL(~s-njlaTqW00jo0v0M81=u`cSGj
z(Q8RBY}WB|_r`=v>6m}gV}XzN)^`p^h`TObQ`2W*6Kc>@!#vll|25=vamBii&7~aG
z(17?PMtY-?`)b##f0u<Vhz>M_T@kb%7=fNb(n5*8P<h%HjZ_ML$tz7!j;agsrvU5b
zaejjjzQjPA`iNRzrH}#n@X)K^kup=E8+>yL@uK5tt*Z;$oOb5y<l30=bO(OI*~V|W
zE%}_n{gsv#9>~*a9lq*5$D-G5!;?erfrTm<jREqoBP-}C^vuze0VZJQ%$u><r#Tn^
zXW$VC+?F@pT2Ui|Z~<|UX+>R;P9VAwlO|R~H6tx5o*D;)>q+-OKU}*g?p)hzT!T`w
z9xR#;T;KM(E(`yB8RCm}qjcu#*tfR7S6^vaP3LLz`T~j;Vrt!pOjDhwTGtES&w2GS
z*AhDl`*l@RG<T_#K_%Ks>FUgV4M%1_`bIR|%vH8Zvb8X)7uZNSuU;JilC#*LaGWfx
zzqf49qHeH8Iz~_VXv3SI4*qQ7@A*AVI&mFceL-7x?l$fSb7+a1iL;FNN!xEvtaD~s
zS*CTuxSO(yB|F^Y+|3cpoa449>*`;$B?z2hhAyNP>xHMLI!1EKnp=0g9ex*^=0GDA
z=5u?lS8Jx<8u>*5W}4vE4p54D$vnw<f`ytxKy>JNpj?-b?1dSCPlMI<i9PQcgMD*P
z$}Ra#d9<E;l`6oW<z9oA6w{fG=BQ6`ZC*WQFu^Qo=7}i_TA3L!sC|IzGl5H@Rk=Cs
zW}QVGUeGtE!#G+TECwn?bzr714Z@Cc@H&+5Mh)|?ph^%3#0#F!?1h;z^s9}G=c?p*
zPobOGzt=(HR62RwRguvpP!sa1d2^EQqG%6ojZ<sNRcFFl+`6k4hj7D9$K_o)DSxMb
zS2pmvy|-MM{l_2;0|{~Q#d<b+E^K2O5=ZX9O}z_V%A|39oLt89Gj72yU@(}%L!oZT
zr4QgwcL+^c_)4T}&%|#8!KEE-h1K(|fAu~;Bso~Qoiz&!o+lg+VPYP5r+4M1@HSDZ
zHOxj>+WG$F*kL$scOa5S+P0@C7C#ZGrIj>+pD0Z3+Z|(<*`m=JDwnF+4X$!3$M@U8
z^}N!0WWe2Q^U!(3q(Yj!iEz_axDU=-Rc$D0!Ywz$cT$^a3F}j~G-rYvF6p12b-JuE
zziBU;Vknvd_faa?ROn&ApeJ)xU6NW{=Fhu8d;Gt#mMSS{DKw)u1ub0RMy!9T7CDJO
zF<+g!e$joYSOrzD8tF)Tl#Kk;FQOWRDyd@68+oBq?5>l3t50`F04-^uHK>J!AY37h
zvq5q;-)3tr-yoq?)i}f)Umjr||JwfAlV;Lx{+zbbm`tS*t^JyulKTQyNDJL`I-T$y
zIaF%^<3Ifu#DCXCr8dJoXam%x2=KygFVJ~+DWH~wDs_WdiXjA}brfb5iLevJY-Kiz
zl!ws$dwhQ2hc{KA!*0q%?^HLfyg4G+hOX{}0!1WxUzFD3ESir*-Jq8De_su_Hsj`|
zXx<X!PxY}0ttJMSH_RqecXF}bLvK2s2!>9L4kuKVg>bTdw4kAU%QIDK-?WWetsmpQ
znV*6GC<f1&pReKgW6zH#x8=UM_eGb1dD|0DmfD&3Er|MIb*KYBe46GyJ~Zb-<6{-H
zV&t1N?zY(LIrY9OXs^LS&qd3M%lxSn_7?{)ehxc5q*Xg@_DfpKuKJun%MKQ0xDu(s
z>LTOyfy@6pO9N>hx#mJh-9FAnY+>S3gTrWUWg};zrweDI<t=5kvkJttrLEkWcM>v#
ze+tXcM_Vb;s>gNGg4RoG?uyZZ+@!RoZ(F<vL~i)`bDd0uXX-Xp4y|I{TYG(r9?cAC
zCMKSv{>p$8E06bM9Qb$dY))-+!l<8-Hsx@hYSydNx+!rKn^jQTFcY~?Rtw9pg5NL9
zARlr;k&LNrW{N`{D=i5^R{_QH)`goycXw!9TTTsrCcti<_QR`9`K%ks0LS$sO-Od}
zJv1YKj2l&E;ns9_VQ0zf%kQmm^nbAT)_+lMYuLC67z2Wc!Vpp-t;8T8AQBP+0@4yA
z(nEI)C@}~~cZY=Z&`1g>-OZ2+g2WKg{jR~i&)Mg5&inlXzMuC8_eXH{GtaZueP8!=
zUH4k+0S!fznUo}a0^k<AR(aa5`p)pQZ~jlKKYIra7$RXUR_}}ttMEj3z=1nimVnJ~
zKeV<H9?0i=RWQKyH2W57{lMhziNyG7X|fC9om_V@*a-iE?$V&uHJ9Z?M~H4PdEy~m
zdxVpL4=uyt483LHgr(&-$6UL$Wa{?)QLo^mk8_&Yv7+tsvn^y!ne}da@bQP5ip0wH
zp&@!JF`=kJ<(6+@mi2PeBPGv>@ShRXFF%lF%6R246o_&5H80L|&X{m-p|Kx?<Fk<X
z8Ly|DkK1gEN7>Jj_<6$+#t%qqnSE_Noc+MN95V9D5!#&QzKa8;O<N`!J+k-0U1l0u
zu9k1Nn^~G}$MG%!ui!^yq|3%w%k@G<(?rZ*mLumgT`@p+IgYk@tLFVrl^IABRUQ{`
z_r$=Rx^HjRDMfcD4#=`ac7VE=RWIV^c(8npqYkrG9uJ|(%;l)QyL^(FX?Q&2%{^ex
zsYEC;56)5w#vjU3-~{r8%J%E7eJAmB52h|PRrJ*5z=uTVO#j}M!rXo*y!W2mWfpsS
zYjV|d(>=%5-JvRdLL!y>w3#M>_{}9zZEd8>=Y=LBp%+Atj~s)a&3)h-$BxXpTX`4M
z?-MGIH>W95A?F$v3r~-e)$D)uF$oIPDdp*ur~;+2$XHJ}VaYjpxKKZjJn4HziP$^9
zp4Kfa?d3f>O=Gp+3dM(Z@8Z<&%BH)vjTZ0<?jmWiuz}1+yy7FZ+vN|R0G=ea)pDW3
zpQiM5Y7rb-z^+;MTTr?mI1D`2jgO@Bw^@Ef-ZDj)I>5iK$A9TDHnw0selochLbEh(
zsg;#irYmDIY-DTKtl*w~Z~$36qzioyw2koIubXm{4hoY+8%=`Dwq|)h`+Iw1>~*yz
zAEq};&T1NWv9n`rPwBVAOHLJlc8cU(1p{2W-Cd2bSU9#{5F#R7sV>UaIHYv?K*nJj
zzZ7+F`OQXHhQQXRaJ#vptn#wSR~XlcFlz$|SI4Q%w}e7V4EdV1%~q#Nyk=YL`U<8U
zi>}MMJ!Kq4gZ)3Ar_Rk^n3eW3^k%c2?;e<N){Qj<e5at#(<cCO_z~!dk_ETa{LHn;
z62fn{b=^M#oxFU4Pu&NcAC2HbUEM5S8ds%{OcsT^$f)0Eo^k?lfMnUBg<wYgiN%nq
zGOZWGq}zBRs$NV1FoCAoSPwJ#X@}*S<F%@REhSXm($Z2`lI1s7no@0*+S#3P<HpLq
zf?X5Uf{fhGI3dTRI4=3}la=S2q78)Omip?32Xh0qoY6zIS|ef25t@Mw{?5AYk#)7e
z2+dHt)W&G*ya<L1x&Hlm$8lB0=M0H@AcmTde3QRjWjhpwHU>);$0w^ChB&(qLa`gt
zJ3G<jG+jr7=#>FyqvY7#&q7u9LmcEHB6TN*?gu;IuCUYo{xR-5v&xaOh18SVP5Oi-
z+;8@t&v>D%!yT1^<(faW+|z$<sjOQs`jN@JkUIW@;%Vv_H<a3Ci-zKX+cop*0e6A#
z5y>XW7lZr0blo$Ht|jbKn`Y|;H8T(Q>3Z6DX!)|>8&4Mmm!uH>ToRf647??)C64ua
z4FB@x)~uHNG^-JG_w=WtIm`mOP5D3-=-Bs!{5Gh23gg;H-{-x%gpZr;&VSNK?&|Z-
zt~Tx@6a0nGl#neJl#r@;vwWbkO>l9Vvlf)&gjnj1PL1TO3c=GKxdXdBt(y(yKdMz0
z7p~L93oZZn7Ogvysb8*o3J<qy4dv!>>l~(lxtJw7%zq9`Pfm6X#oZzjFPLvz6Jus!
zBE37UAO0{?n6#i~>u3wxQCQVxr>hGNqlmZs9B^=*qOf*HL<xtRIJ3t@a5cAZfs?Hg
ztI+-V1>pRB_r#c%z5vU(4xcI)cbh51%66F81priKnJs6{NP;Nx78(Qf^1Z^~n8Jr>
zcVyxea_!^RNOoE;b3ink+;mbMRuyA`i9%srcUMx0ruHlDS;8L|h87k^SnEH_u-wHC
z$llaeCo^o$7U3g(=f2bCTRN~a{zj<KGFj)~P|Rb{-=}12{kXovWr8^uBwL*}@C4ku
zHrlUZWAropo?7h5jXx5!&ly_g6b?<Q4Rt=n)y7-bj25F8N|SzRPZgxB#`HBanlUV*
zy><r}ZzpM?Pc5U_`P_tNE6c0GaTU}lW8X(1NMzq=5zR{C_bXrRGy^V%N1mii9I)8d
za`HyK>_@Yf`@(qc_*%`vd2O3-5Y3u5*%mcFiK;N-*zQ-Wm75BvwT8{^6UA;lW*v>x
zT+ZXjDEG}GVdQC~UC|0D({405@RbVcR)@DnkOy1+whF=#W#0W?<PMgxYRRy?4_vc@
z<zpHZ)7BNVF9jEjvW$G<fDRq3wiH^}Gi6y<_0<x{CIt?**}>P^+X<Bz<YK>p%M!U|
z)Pjkzac=-;{i^hIY;z!ab|2J(R;$)9FlldOld+;NOzKzSDN--{6cQMS^CH;Iui<zS
zK_*S2!|MYFuGm3dz6b}UO`OF@?_rWF=KLKDL(I+Y5C(0xG5doKWPZnQaXRAT%?*)d
za8OboI0cW#db4P0y0CB&1JUg~6rg(Wm6dgSXkpEGb%K-EIiL&JAElGshk`DvZ^ry1
zt7dn1m!4%+)QOap@wyy^x^8zJ`NRR&l#%3$Im}HN{4sWk7jm4|2*3AXz!&Q;E%?3G
zL2X*(bW3-;?^y{C@XLk<UoNM~77pb*P9z$ceKfPEl*{UT1k-MHo)}d;cs;BY$G@rE
zb^IG@F7PHK^LbKC62J9oPfzdA$aH3GiLe@7s8o-s(@Lty63}HsYP!gev|@OR_|Ir^
z6zTa`F{eN`J#<4hn=lzKBxdFU!nXvBlqt7E56nV}zFciok73VH_^BI?OS_~Z3X_Dk
zR^xjX1Dtgi<M*!tq*Du|;%-Ni_W4InYY02*a_~(%WLebZTOrlBL0DzE?6eJ65%n3r
zysc|h-u-CXsVj+FVLD$kBUKE~WaXFQB670cL-%-^(>?7PXEnzpD*Uh`59fQzCvIHa
zULJWCRyq`=^(%MmbSNviXXy7&RvxP__bB*ZSHc~7Y&mP*>`jgLj(+l`aemc8jr^28
z{Bx2Txz5q0i<Zh&EgTMM@RCVFdg&1yeZc!tuv}R82zglGdh+AD6fP9bQArpQ{|Xk_
ze>q*I^|~_V_Q_@rt}}4r0`%hZ+dl3GpHF{H?h5lf_6YEsEgPX0Gz&jDCiN4KkYcb~
zjN~K3F0`9@=&QS3>3#n9T7b-Kt&swpL6z3`2^7_Wc6Hh>%%_fvWd}{#yU+tFE~gZn
zNWp$S>_&x%nhNnRNrDE=snc)rrb9|#E=4IbWoKsElV_K>yJ$*dv7gtzgEouC!E%n%
zD`lW1iG5cJ^DE*Kgx^(LOuAs>tx5KQ&m})ykexjYGCcS2#0fB;y&AjL_5O}RsG(Qs
zNSM?eQwb2rfi!#qNG0cS6D_h=7qV+_Dja`4IjG3$*M0U;5v<>ORgEq7%9M|NLqI;?
znV3c8DA;N@F1p)&D%{&<l#q}5P?d;u+3nvlujqH59v6!brZIb@aoX)MJ;I2sqe-07
zHN>LF-{IVdtr4KXF|U6(Ve6KIC<G1D;S&mvxATJdg<VZP*}B`urUpteq|tieoBr^&
zUJOYsDA0L!l2W=xvj-KuC{XHtd|(`(pCw}oj*mYMtlxGL$IaE-AcjyWTtlq56dPD^
zB#h*$D=vPDPt~iMV84qD?oISKvQ?dI1P!;Y1H1CfHJi5<Rog_GMMZDTgmL{ZTX$za
zICI2cC5^`qa;oj70b7d-*fY6CH_S+CMEWL2%~QcOYjj=AZX|qiF9OvpS$l9Wjxjx$
zlDHUdzdRC4E$a$!j8Nd{QhulUQ|6!H8p&o0LUqZu)vpSrP4mYe83s^oeQEOO$r+D%
zey_{{D<E`uBunuSE?66>$g`iPtCMy}<HTSTvW~6j;GHck**c~-`c=Ct!ZCXKuq81y
z*v6ZyBdV~M7Buv3Z<!YsaJYJuGmr>uKU?^Pt3)HyY^`9=1Lz2;x@YAURIA|JP%;BH
zrikD~q=96?2s}IS;75m@$ic3M>DK(fHpqAAQgJ2&$(638O`o7gJ1?>JUldI(+6o?;
z+Ix&S(?sX1XD?P$rvP7B9(;4Fz<gX>94~NXa7`V7)w$$(N=Gp<ugo=<w<kxv)5TFd
zy44PeI_^IqauYVUan_TB2OjMsy2-=fa-F_A1eG^EoYHZ2vCO^jgJYVt5x^o|*~R;=
zooZLb0Pj7qyZ9MyCeP_YVQ)gp$6Ruz4rlbck_3B{ptp)*?#bWD74^cyd2gnw)dt!V
z!&zzy=7Q!RB?|`<K5z1PeE(6r!zmqaE+DS|EVw^sD0ds!**_mQXad871zUOy(=2l-
z167#5j5H?nZdt*yi1p?M1-FZL6x+TkO;<t&@F(t9%5flFwg)5HZVvVLr}0fY^RaHB
zS;~?Pdye}@IznAjf$2GJSsnRfLk77&bQCs4Q?V1R@lo>nNK7C7*3Rh^UuWw>R{K{q
z8^fo+QS=1D|5#;DF3a?10X}%hj(?m9VDOJK0l5D8`G2p&M}u>A&jttlNBtjX0<it#
zOn|6=969j+E)NFk{|ycpg#Q;gU=Y6i|39r%zi*$biQIAlPn+`T{olJcF588qynAx~
z+}oM<U4Hp<XBhI9#`}@+eM%1TR&dlI!G|~9&uKTC5_<pOOQH7z<5u|_1h>FHmA^{<
z*}P7>ed)rV&35hV;-X#~*Tw6sXcbYR;ENo^xh;&`hbw#tFa6md8lffSi7MxYU@xK?
z8!jk=4WR4w<-IA#3oa~9QpgkNMf^X`*12}tOQK?{A+&;ecV7Z-6k~%#RiFs6dk#Cl
zyhH!F%imY6di6N;-hVSArK$9JecXJ1*!DeL;^BRgLiU~;;F0vh0_|lAv@)Y2r#~4i
z8kxS@d#6dU%t(F_e|80>$DRSYE7|4cxj%Tz{MA&LH5Ie{)l2tK=g#ek+sZ!mo4>~k
z<M~unCvR_W26`Dkw$Xq@bl|EL;jfI7{HE^PTrcft(w82(ezN&W_>+q4+`0SlnV$<y
zn~ZvLorgTPkg-`m#|`=R1dZRf<PMd&a@wzAhL%&$otvq&HybwY$^iz;#LV^!a9P<4
zR6KKp<Y769F5WrKtJsDZ@XOm2!bnN`HQ~IMDL2y5scLKPOZ~N32RRa23{W1rBGLH!
zsRc6k;~vhXUu;q!154KG5~Z@e+KN79T;y!^(|sK-!Q!G3b^myqk#48u#~|kpV?}u9
z6y4&N-30E#QF0CJoKqKL1>As=@c6#1A&uYzLj1bR>~7URBeq>grjD{##)PAacS?pF
z@6wvorfHI8_wp4{AXOD}BSWv|YnLgpMsb#nf*suJC13C$p&xYLD%HoUf)SA)?|M<X
z@WK)g*kO;u)%VMW>o;1qR`BY5AsbF*F1yeaQI%T<IySZC&&lfBxkuq%gThwpvZKA2
zplk2Mo?U~cQ!+6hmj-JafBfhJ3DajvgP1?s!Y+u<JQ=;~xKos_@Vd+;zc@aMr`&kI
zU!v0j#K)TpG(73<O!+I^GKmiR(%lEwZsn3?Zx(Y7Wfv)K7{4k~e?>fA|M|1swidPY
zHIJ`O*++noCx8APwaj~Kt>t7~D`=#D*w@w9OArEW(VE(A?;oz?ckkMUuQ}a6UA9^~
zy3kU%uTRU&oc$(EBT(j3QD!&{!KK+Hgl{BLQY628Y8wz2)fF{J2D>A&Q%eNRF%!sk
zJQc+}#H7%Zm_fL2`&+Nfg<q_1zX6MxQ5?PN{0RCMoys;FLV1;j-CTV11xG5T1$ru^
zJf?gaFlf9Vb{X@ce(GHm2xFQ{0>-TgZN1Jtx`sa2anCjKqi2YHn9&Hjqu@>gBmL3k
z)M4M)VeSo4J+LYrI+vIiDWEy3S4Wd|a2IhO^RYIc9lZOtO)`Jn&PH`61d%sTwNTI<
zH#QTkft!&7LdqQE>urp#eZHgSqt+v?>IP1@*W94rgD54Nbja;SybgV4HR$=I$(iVz
zePP@p(XXyR)1UNMtPcrCZP`fh)skTIEN{DabpliRDV^pK^GSq8c<O)yckxqH_vT41
ze43*Z$|a@5(0|ZV^}7xU)}Ii&UgTi4Y&NY`*lc2NS!S8?J+7#zDQv23YDh!{&Th8|
zb5@pRchQ$0TIU3(P}OI=GPfurdZq=zZkWBi>6hE1#;vlspWAHIY&K+4O)is2B7NN5
zt2*8`K2zsde;)I2c$ADwDvGf9{Y6gtA72W&h-KSSi)N)5vcWG}{XPo)7+!Pi>(|xg
zG4WvQu3=Jzaar6_R3gT&+kNaRWQakpf1htvPuSDYGx@l4IGQ>#`=uhq$FgF@dJZuf
zU;piCMKB|Futrns-ttiO^f`P@u=CRW#%Ky{hQkuE1}}M4kF(gtIDLN>!<@joAc)nN
z*7G;+Q5M~XsSADo`Pi1p3|m|44Y{n<C7`h!9KPjTagWXRJY4LG5M~_nyJzZsRiSQS
zcXEwhB_GE2lW7(;-0Zo<uc7K>(4PF&I#;!F^BL7+M2Prkh;8_~HzXgsXFwx3AgL+{
zev6)vKZLoF!rs&-5mLj{EtsA`UHS4~o;p3Rb=kE|kpKWx_5>etYZ5=(bY%*4DA03Q
zcyKS5d)2SKv!j#-7UAI_7IKLh5#o6ZCe?5aI>AplapgjB%X0E@lC5kb-t8N(h~AI+
z?kk<0i~YR`yd|mNGC9A5rNTrEdB4sM;ZSNvx<JiN{}g@=DnmqB?BPp?Xf5;eXhemL
zw{0}gWTI(}1kV#e6UJHyKYU9?H$;v>z>i18!5_oQEj9BwCS6&m3pozJ!5lM|=Lspo
za;QsuzbE;t1Ps>mPZvJ6@P*7DSdqZR`lzwyliwRrzjg9yj>aGs`i4Q_$Wf!~;GXMe
zbkye^X!u>q>M{b+d4~t~IqLk=R=Ue;S5H1!4+1#eRtYG7>Gj=R#0TOYJ2{gDZsSWs
z6S{%31bRdYtNfkhbO*Ngv)!@Y8=|z=h<bpXy~1w46pK(DS*@is2B&&CF{4Gr*mQE+
zi3RVhE|)o#r(M=1fqRWKLSYfR49F>?%PUJ(ji@v*rvgvlUZfFd+L#ik=OgYG%m!3(
zfpeN~LYe<H{x{gLwN3WdLS`Uh1RSwBZKj?3mAZ|1%x-WmOCvrfQkc~DYtX;alC<Dv
zpS({B{3<lv3OoC-%YJF1ESKf=e3URqz7tXqfx=eTnnrLap_P~G$KK@w5zQHYGWw$Q
znX|op{w4u5Z|l2p?s)+X)_rz_)!`od>Ck~FxLT0)(XjXrjS>pXY4^;x-_m7e`Sl+^
zJV&%1CM3Yc{P1J-)v8eU5g~5Wun4Ce?zj&Jrpy`rd^W-e^y4U-QuueGYb}l8Hxl1R
zflpj=JNq{W8X}YI=)oP0E9cI6;sz^k`cBhGVl+~vad=+Gp|=rr_c9@=U%3~$L53!%
ze5tKXv!bc^cXE2q;fJ?WVB95KODoEJl52+oMEKk$4+Om`I+(thX&R|)so6Fx{Jehk
zf=)%M-5A^}89<f9mt|N)oub3&Ojbrjf^idW9_{Eb*<%m~MFxRq&?uOV1<kH>xjQUV
znDzX*Cl4<38UNz{x^AD<JRwUwr&fS|HwN)J3;f%#OZv=lffb10iWfB9d=sI=wT{$q
zuSj7^bKX+8*z(QU?PW-C>1krawT&DWX(hFAe8<s7Jb&@{8|&!QIfwfs=J^oTSptpo
z@ITRmSGZ%H6&L{h`<r3L@9kFg_XMZ|wT!>Ly76QZ&yg6WZt(j}Bo^I(9eKS%FI55+
z=&steAkbAOJ3^<{OfNH9YClycv-I#3n03S}T;dUDWzjn2{4Q=9(}*Wsry<jpji!BW
z4}B$AWMN8wih>k)lbt7oGAtChRR|IKf&d;eC-^NakL?~bVg%$Za|RD$JzLtY-YElK
zt28>p+lZIjc}z}On%m?BLayN|l%bxg{$A3p_vq9zn%yW92TMcwkRaWX@5&6Oj}`k)
z9Pv0`e$6|k#$}FzEb|z(Z^AW7$_4o7%oyUFzj(9}rTmapQE8|k+)EeGAZ7&k_VNQ<
zEF97DB+n_1bNZkg%)YacXb0tbD<6|O<H5yLK^Rb^gqMX)H{w+UPyhCy!SitN8lMn$
zm!njkibCAKB9X=jhI!1Jt}iGsgVOv31Lkuqk2@js!sF@&g~L1N&Rr5S_QW%axdy#Y
zf=#+h=I2mN^mo*!3TnhJHPI9@8n<x%0S|MN%~wV`o}rKC9-ENPWJG|8Q+gY%WW$13
zA5fAhC?y8JOAsK&4zA!;gQ~{>#t0mc@%9U?aqH7iV-W()(V4>Brhvyy4(gJlFVI7I
z;bj)}x<6xL!<SnAuE&JLuuE#)8dq?Doe(?uWHh7;e7l*T`&dhNX{fD(*KPfc;<r{o
z4v64y&){O+V-RYB@w0T6><zgok#>An3V=r*TJ)+6;7Gy8R_RV)l;U`GPFHplwD2CV
z*;W%B5<q2s^{I-SKQy*onA7{xgzCTO3tkljfXqAJ!t18Fx`4EF=&$~9G#6pvRf2^H
z0K8sweHxAB!GK|S5c80V|04qI*Stik8_eMX?g5YK^|)<4wHd08Z~;i37hK-^2QH&Q
zR3uvc{r84!2k=#UCb3lGvsS;xIT3KNn4O1!8!~yK(g>h6WK-w{8m3iG2m42V2A(Pf
zJkL{g!xgVFT$a~mVAr#2UR{H-k@`721*w!}$oHuGb*M3uH#=f|Wt-Hj>FkF^@ls{l
z`x0rkrEn8^oKz6F;EAW)sKFp0RdWT}Zf&10B0oV4d$apD#xb+8wsa=E6tSR3+)sVx
zs)he+wkr}XT8z6{fKiGJReJ*;>ojGuw*rfs@aj7)tnwk(;9h1T$};9n{gPu$X~$gE
z@96sYF=!CUxcJ(`7xgmv$wHzn94f`|;++@YEPKmP*~ug8+oj=UXOJ~S1doNDO~}-6
z!@jYt<yiRJ5%c?05@}uLBuQZ0sOnerjWDhJ)eQkfdvoHYKOHa?-#?;h7gq3yyv=Dq
ztI-3TOCrq=0)4qj8lW>np&{SssDK_^EM&Nr$RYHXjdqK~=*%0M9b!<6^<xh<l9UU%
zz@U%%i&xXlz{T3Ido@y}Hyg=dk4l26?gS|ODJQyTb3!fZ#W-lbP678)nLi-FRPA<J
z0G7DTe(@1ElN3C*S|Ux`n0I+}yTzU8V%C)0zv?3xhR@^7$TMuIVIuY0Q5k&_`il~)
zj`^hTR(J7SZ|DskkOnhl>nO-iA?f5@jq}w43FuVg;GJ^97o&GCGa{^99mMzz=hF|Y
zwa~)JD+J1;cYQb!>(~{%;J@w=AO#~L<j58P_n%Ts0+Tu!YXKa8lz;+3i&&?SNW<Pm
zp!<D4=Hsor$*=zd6uS96N-`3zY+^JgGn(MGj1Mn{_A~)R7JNXG><a-=<z3i>ddr#d
z@<5VmVUz0ITQt2fy6YA0qq~=iq)Nw;G0#TzG62Wio_mu&-eS40(7%9`{1T*#tKd<o
zL>^YyuX?x=!y)(w90;5yQT=@FgwUhXh%i?3OEnf^i%<h!h<uj?I^a*lD7Ngo;h($P
zNkBmfUo}scDy{Y;gY7LZt<&|OsiGo95Coc`#ubOHeYxB0S2|vSGW|5z;8zn(g22OH
z(HRjn>?D%~RE;Rg_&p}X{m+RZxBa^JlP*0*SmERvS@IuZ60~Uo$cPg74t)*+J!VG7
z%YSh<(JN3-{%Ts|<*A!dpJ|`Ny~fwnTKIjwk49G0f|z10ffjoxY$}i5$gG0MBaH-j
zs~f_>k@`)My>wrI0GL?88=p;)vLjR21({61=84xr408%ZH?Y`x;NhE39s**kgl@!Z
zvur8!GrCNNFvhmj8pKV;$KEWR<&y%j2U3i2d=@?VGzW(iNnLpBCZjVi1>LU#s@Dky
z_Ke~foq;xqs23{^C%WnSeu{w5Ausn8#R2Nu#5}AM{9+08YB>cOTophBz-SLj8w&@o
zS%C2BpxP`m593LsQ2~xr9HG>Wru~8|olLx-KLZu@G6NstwQOE;7}YEMS0OkrsIi=k
z&ZFeERXVN=M5lUFcl7#-R64wV@I{tckpYu_jx%HK<>*ZG7^I-=tOkHv2D%6!2OR?V
z8g-JrGdVW5{5T3z0Kd|d@v~o>ypf56xW!EiIraGqjVKbAvsfJT6BS|4cvB4l#zx!c
zG04vNU4&J7Af?E!CNkJu!sN_1bvF_~(zB3I;j2)aZj1GEaFGA^Q7H}fKf#k05HaDV
zv*wQF=K?~<_|L+g#IVvGeGy9LDUbk$fg>V^LJLvnuXjwWHVL17tFp+H?MnM(hz|&Q
z80{Gr%<bv@Rvw*^F(zI|H^d@WzNp_PN&HrV1jh(pc$boj_%wc2{o8NB9#p65<(>z0
zP>-r!6inm_n2u8&qH6TtK>t5L-@w7^&s2h0I(O~~$0djXz$P3BSk!aaA}?Y8g9Lk{
zJ4f+LpdlogpaAHO&Vb6=;{1o=0_F7$vko|B<L$H1(f>GwOd<iRXWxQ%ZM1VFNThjv
zjYl`QB<H!V;o+VYki)`8)H;qSN?Efb?r+?+U6C2N0rXZ+6N;qAT{2uz7uY-plHI<L
zs1~Il7~2v2ySmelk7vjNLg_+X1USHh0N)c&!MjkZlusf$|D#kX)ptP+SsY{5I^Huf
zl+Q_~>meB3kR5$Xnk9ez06cDTBVIjQhIpv4FQ%0kwr9Z1n1xyI01k&YBx>Ab8U?Tn
zRFb>6NMXJNNn%zT{j!33>WO1j*Px!It4MT!_~8Oj2<)-3vlkli-q<cpUe_AEQBK!a
zK;Sg`!bVV-lLYGx2EBVlAHVrWI2bB5aCG=N&)}2><$2F@OR&lSTpl7XnNPYJ@{wZu
z4x-K{#NJFtcTUpvag@f{ui!10H1#C7@HK&N?FNV>L^#e~ih{s%#%C~o_R7$GK7<ux
zDS_4KUH&pqA$-L^#a@Elz^zsG#M8ZtSl4uFLj6txR6OskHkCYXI6(CTljBJOs}!nE
zJ<FXh%s}Dc;16rv+EN02d>#5Y9s+8@?+;Dc6dZtXGa+!}0xAg3|Fe5_2~sBtc!t0D
zxac3OWkjGqQNlGo7YsWJA|C93s_hLa08^PFReJocbpd`6<n<lDKS16%g2Mq2VdTU-
zd;Xu%pd77U0j!|n@Imlj0z!IpW@kg|1nB8xV)Se@`aE+%;+^a3N-`i7m_cgu-#QB{
zH4FjxoxIN(RCoNH)COX`GlHP1d4ZfhsS>DZ<wp1#{3L=-u##Y(g3V=S$3@ed7Sg!v
z1~X<3in=dk*k8QD%ok1Da_{5{RK|j-h3Ejx8b45N56L(K#21WPcGQ6s$0hptGrB?s
z1~*Nrl;&@J4KR8F7%TEOX1c0&y$$4d;JPu5C_SXZ9uQosIKh?IY0-Kj)TIE5`x5L?
zL%*Lf;MP;9NNXn*27v`(2R%wszwW0XI-azM_Rg4jLv-j7==O=^22riuq>Kpv9b-!~
z-7_MO#toU&6|FOYga~eOxR&kEcnjtPgMP_^dnsc9MaQw;@|N$t6}o_f;auHD5OKTz
z1DI7B@d5x|R32-7Kwk22xR~$*I8Ld5Q4UZ@tjPkz1!)m*FQdXNbtovmY-iVQmej63
zNV$(2ipIbc+8h51oKqptcGocBwUP@CM<lSj-^y-!k^P-;;cVUz_cN)3lj*O_=>M8j
z0|yW(K-0ar!E;ISGZ-K>oVaAq_=;0d0Q&xIv0N<Xw}0J>(<>HD@6e*SI&us<0-$Q~
z-_(rZUtY?;Ca}>jh4w`|C=st{<gY3LAMfFmjW*RP45T71YVG=T@-4}~pgXa`EA)sb
zu&k*r5D#z=LH;0G7%OHs>H6dezzlSPiDMH!Qxw4Dp!P&PNwe@8A%O04Mymj>b52@Z
z^kp84+USd^-0d?mPPMQH!E`2^37X)b_H4%ig}-$b_}Wzmnd#PgxEJdh5J<>duon#A
zn6tfGqGEcWWV6@6#hh_$M)gYpAs`YsNAMzmg+KhDAwHI$>KV|G|J!e<`xguI1}ww-
zvZz>!Pl=RWh|^7&`dT=sduOC&ryP($T<#Ts+a-rdc|$C0{yU3NBq9^9;@J%{AhJ+?
z8km$Y5r7Qvve_qSVxCJnd;a3C%64M{|3-&x285L$8|$g`LCt?7Fes~Y{y1KZ{J3%^
zK>7Pne{`mmse_j`7;|vHo*>9b|J1b*99>xlxy2??vJr*dAX{qMN7ZWVCdKlDtfPU0
zz;O6!(fZ#i9t>|3`j#IE*#?Q;8x;S9-#rgz3Vj;UxJg|0QkemL+*my03u!o5S?6vk
zn1BGIm!Ge?VdoK|qL%{Zoo(S|#xyKvJ~s`#rvD&W;P@hfE1sxc9KXfU@{{X?n4#~0
z`KRlFYBn9Dd$Z@NI8Ob!cJNg5aWm=B+<r$={<rSNk||-mSrO|9*jt4rye!NHh<M<E
zAcBF!1Hp8Ofa0m&UsAgu*ZayJ3&<Nn7D*2VcNdN};`<_9fa440B80g6wf>W@IN1fR
z(Cs4%^fdu)o`^3&QVlq8=<MpL&Va!RcLJ=zF>w?OvEE{K1#?y<N93>LIWgm8I!;n2
z{Gm=|unRR2Vafn!N}ww?fZ`M2pj;GOQ1X8YX<&ow=Kf94fIUQjHxebZIP-^>9-7~P
zJ?fVXqS*rV2S=J-<8q0uVxSH}a|XYlip@Rgz2Sm`bKJZGn#z11h;EV9eEK!{8-Vl+
z;+(K|dRBjMJOiI_tUhZWcobTbcuW|;wJB+y1D^Wo3i}1>KN{-V8NhtG!DDylUl{8K
zFjjc41Uf;MIa|@neF4VJWGs>Py#VAq&QkoJ8u<@h^20T;BJf4Ue1Y|X<4Py|@MVWT
zdhYM^B<T2nd{BL!84ki={j6A7C4Bn}KX9ZM_4f~8u0I4;Ic$SV65RDf5&F{g>1^IZ
zpeslN_uVHX|CCyYIRFz}WxVxQW%PkCQojk(?ppanhmMpgX#aNgaH0m#-7*+}+k&I#
zMg6FZzvOX>6bMzTo8Z1*765K|s}xNOoGSI*DTp_OamzTDrjd*92JCLUSx3^DAOaND
z;-3yRa5r>5d}D%p{X_GfJJ*{^%wwniPre&Bsi(jE7Dujkg-0dQIv&#B9SZ)&egz6d
z(py9UyDP~$nic_+DxkE$aC6gPz+3^b@W)XGmlwy;r4IxY0*{ye(k%bYl|F!KXbtB7
zoG&Dd`^@z9&Ic7Nq4M`6z*g4O%m0SbM}8^i=@9EW|94IVCTa{Pc?_5{2!X3GCzo&q
zM}~Td1H@e)5aO^EfYTYh0+%uY5riX}e>yg2wUjt2(o7O?|KiVN0KG9MPv$mp<(lxr
z*FP-i`!f377vR+p`lOsE?*s$GLV}g+Gg$u5Jahr%40#lFigTYYtpFwc#NUhw@8X}#
zJ2OfD!`)i1f@D}mP{AI7ip`<ch=+^Hw}jp)=dm$@44^g_r2Hop@>Inoz0H;>Qnrx`
z^a1Y1D>LC8<M<zp?Y5uA2q9c7Nbcw+EMh|bpSh_+=GWa9ge}^;j{v3zh*EEA(Tg?@
zZeK!2gjJu>Vi4ge-jIfb$q=fbJ)`=Ci7<5MWp7C9Jf@flXJY<atCj<;ingPRqwCAS
z^)9>fUi|F+LxKQ6Q_~qgIsdQh#4#Y@zr3^G;~Qo_G~N+FH4m*VW9My<G>y{#;;y3>
zv_tZhjd(qV7x#D&RykBS%R^J9ZRZi?!45r+#%F*F6N3w1GXmuHk3Y>WA@+w9J67V1
z<8_o7j;&&Y#Q@v3qCC^1XMzTRrT&>g%>`S+3;{~@1-!iY0hn5yO~X9U$=Esgo4!(D
zaNe&{P%M8oE^9%U{}*`$;9+Kd34m+XnZ!8D#s>i@=kG=4O4&JIW=9b8E6D(Pgn9rb
z?vZq|quF2c1oF{t{cpNM0Hrhm!2T18^MyLFrIt;9d`D0#cnBz7c-jEEJmMRUn;D%C
z(HX`Gt4&GeA_FVF^xqCagE4R805?TkZ{e}y$kAuuM&+?Z{~t7m6jwV9p7fr(_J0+c
zvlgMom;CfQyg`Wkr5FIKos?fZ(<wiN0JF6G6Q1Yhp7ov!_}fyHUHV`0a^d#B<mEVU
zQvv?(oedXgGN0K^faHQl1t*H@i9HGs$M@rdd(~zbcka%@8u3_>k1(djO?Zu5tVj^x
z-^$RbU%fhua%087XaK?@^Z1ZlPEzhNA-goQq8^PmEka7hRQg_IsX&wiP?R!9R<`El
z5s@%9^EtQCyTmv><@nM`=-egkmr7~BO6Z8&`lnkNx4uUVwjHK#pO22@n+=pAJB^V$
zu6^lNIed5@&LeS%c3g>DZmKI6UJ0(inZ2e!{!g)LthO8-c5Iks1RIOXT$+8x`D*@a
zXtcn?n9j%H2H)=nFpQVM4cHW!O*YkHrMR-+G)uSK0;g<D_P=s#ayZV6doP*p#FG<e
z{Bo!$CMWITrhe$f!)J<&e1xmxD9L<Fi?;om)UqM}C>tC8xCoLAEZUeWN1P!wJ-tkh
zU2}3UPlY`&$5Q$eGu-WBuKvSs9~JEbz75uL6?ETHl%Nj{n+}JxrAG}~wo(VsQM^#j
zj~R>ZUBySTAf)E`ea6F{o7&r!sPgfeh|#4s2cE`p)p5S=d!Li0s3K06;|DHOtTf5O
zLRw-KHhp5<-`*SKL&TTmo;iA=p=Us;aab7%_Q!nbVZ1hNF*b{?;0N9^u_xZ6yY|x0
zzfZr!`a(cxDuKm{&vBew$JL`aR*?G0wpg{;_9#jO5i&tQnQ$;ruAPh8s2X?{q{F@o
zgecyb^lt4C;J*WMBP=ZR{V-33v7*?H-%<_c_-^Yqp<Q;~i{$o7mloDr!DJ`g4cX{a
z{;@RBNi%KR^vba{@HzO(Dr+{{IM!1o{?v9Pe*`n%_`M4iMP_bn(iaETl1}#?oDk&{
z^u3KURgvthXOio>!j1`XJ>AX@VpVNtT;LbpqnF8SLWy%_TgFqA6&ESyQUv%av-_nl
zk>oe@#AO<?PxjuGUQ*RaJsBEW(lBxNc(j9@s7nNLg2kSVf7jXxC#G%?UV>P?*oej7
zQE-X`{o7~Pp<s{DHKb)vSIMew&6_fg&%gaTsTmpVvA2A)&7vuqY@zXS+rM*@my24a
z*&pbb!JEnlP|G1+<u9YVd2uT+-MUF8H?u}cP3^UdnxF5|N;mOgKk5f36}&sH&RCO`
zIdIz{5!&AJ6*$at)mZ7_mkaDV*mow%$<CI*p4u5WfaWawF7ek`ekH5M;=!wYmk6zZ
zEp@{OlCNL19yC|UQiWtSi;pWS&(_#nN_SULp-@%+*nWYVDq*h;U0lR$3Dz|S@FDIC
z8HYSiK1L`$y|x79@$ed&rcJ*LT`JQPt3|yWF@0ek`O|@m-}+}Y1G~9#FW>eyiu{^t
zzJ=-VQl|aVE8>A(jHZ45gWarj{pl9$IPg34oZ0Tx1<P9Wrvfw23M_{DNN@bM2>{Cc
zS0_Fi5h;4ua=iViVN=OkI331LU3dGJPWX0f<-?0FwY9VHsa;qtb?2M#q-9KVv*VY3
z2M|4cEMOxpBA3J?F7kM>;58(6Ni59NZ1w=#CGyh1VCPCys+a5H<ZgX`YuCZpuO9v~
zUh8~|oSsVGj0jxI2B?Qv`Y|Eu_WIIWz!v+_-X==agx3ZtiYl2D=XZvm{a|aK8Dj7k
zMt(^p@^tR=WO!=;l;WyzUHNAXdp~c}k7Q(#oFuS31=#XH*>Y)WhWXe%!4?c3bgA@S
zU%FzVKr~M^EsY>kni?;!nT~cMj3F%Ol)Ad$vqW;9M(&h~wYjR6nTrW)R+Q3jfRFn|
z%#2I`YR7<j`a<n5+H`py^b{t2!|#)5kB+Z(b{&p3;LEdDA(<u86cUS+yPx3^{z@h0
z_X<%eBb<MWWLmgR&R{a1=R>$PTVBo=N!NGQ#Le#N*cR~L)n9XZFyf0eM*@M$EKhkA
zs5J9@{n=&qt)-h_|Cn~Yd<XQJ@A+?-HX~%(=U++^VWp*YPN&X4nMo$oyoD`qbES{&
zOIPF+Nz)W+gj=+5u$r@Bdeb$Qht0(3?EBscibzHC@hp8TGgC=^;NgIY+y#xo)IU-X
z@Gg#rw_&4))mcZNk#fP;CTO>>WxC@~y`q43X{<!K57v2|m%6YQor?S|>^=t{@aKCi
zBVN7A16%v3AawjLfN3oetkiiLTz>G72DV54sL12-4cHebDAT1@A^ZG@J1?{ocXdyl
zB3-`D=Hwe+8wfbIJ3ved48`Anti4pdXCCyr^)s6};zi@C%09N+y}PhbO*<%rR=J{G
zX1lOpIJ2w_Q(CTioSQo&q@z)K-)7+hqfa|IjDfUo0-Q#aBkW54$*umj>bJBdO^sAA
zb>M$eO3taQQc?YM&v11n&(fl=#ccS~XK%A5ZC3?0w@M$-<Dc6;qn!cj0#`V=D!vj+
zq)n;>ZMbi5+YAly<&@t`+T6IflL$zIN4~M(x8YC`t9tgUClG$~-0u>H59q<h%+cN{
zei}0q>0gl}hGs3;XZ-!qhaWobOIrX3yoF1~CL`IQR&y0F3Jc?9FN27XA2`-lI3A(|
z4KQ&s-*{WE@)W8`qWN+<MFO&Yd3v04X^AIQb|j5GZc>E3jf~v{!Nc1g^+t&`E-rt_
zw6)Y)J9^0P9($|udkxckg@@^xk}9FY5AG2^Tuq5eFD)%n3|Lwo3Yj%MY2Y0~6>4j6
z-S_2R9yXECSN`rmM{J+{KHE{{)ujHdoS>hD4Snh9s(dgL3FVKfJad*6wrrXHBnsAo
z+ex30g69jy^%nUODGNukGa}R_L2Ej~pB!SP@scfLuGZ$mt`|{#+u^7@V^Ty9-vn}}
zo#RDfb~&s-k$z=FZqy>ai?qX*ak_>xni(7;wv&)yYHX~;70b4vd*Uu@X*OG*R@mwk
z7%vDGm8mTo^|<|R`S7+zD=sPfXYdHz!;qXCIs*Zs_R3f%>PK2mkczR>0)_c_ZI;Wo
zS?B2y6*;*~Ltd%*oi6{(c~6OyajjQ(@7$N>$>to+?>Sue=FsLXF1HnUV?6n_((5&`
z$rF`V%GHhoAxoM~`o}prFT+13c`K`JESMR6N1@Va#j@02&I;Q1&ua_hder3T0d$S@
z|K#|%pf6FtEMQf8D3?X>m!AYZMc)_#Z7?^wYduWWkT`Z%<Bn_)k*!D<LeBy8C8+SZ
zDPG(Isyc3b7J1Z0R5}Txw-JUJ>k&zOBxaPUR4P5*c%iJE-QeW{w!W@6WiI~CO?oh?
zz;U?3%e<!FbL^VQV6qXWf>}7^Bd6xx+*z$(BRklSb)9!xS=ppvxdUGOo-hd<WKSW?
z5(p@H?rua#%;a0uf>(Z&>vVm?;<o}Ad2-52rYtq`A?)n@XXBLP7kjvwI$GCuoAP>L
z{!mTTN`?pGmQVMKXsJ&e3Ucq@Wo1h`p{~Q?Jmg(*V>d#1D$8Y%rav?_r&B%wsxqtd
zeWlZZYg`?0oWkX$YZlyjnW`6a#&xvBr5R-(QE5X1P3*F|H5JD`eFl|(Y)^<QO_}MN
zc~Yo@K{GxOiQFZkug^y3G8i4nPQ-d#{48?Kt8i!{!8LzYD&4Bf%Z<y|b;dnhj*4cW
ze4=#D9TQ)<pOUc46yC3_;1T0kos#dWF!|R~A#NxGli?q06(|1-x)5lf2(QS$lAtV#
zpp?87AgwP@rjweyJX8o%tQ>m~^cYLZa$z!yrC@4fLiQns<!WtTPIKUKdG*yAWeFcV
zl_AoJ^5afa#FCV_m{~3_c>0GoeFMYQHYymj%#2C7GG&b*pZpdomuk0W)72gquvgm;
zjB+IMW}B&P=j3hW{j%?av4NEop2<tFQR-)dppOOk^8}CzhPY6O*H7GDOsfgTmbEy^
znrEU8YlW_H#z!b=-2{6c;?<XA!%&2akrl&V)4ok-7Zt5blQp7N{#r`&moJHH2Bue*
zulRu_A)K<z8W5;}TKO$Oi_`FreLpg~u+!h%BvM>os^)N!C?~s#dR>%Ag<@{Mo!Zl^
zR*8wvCYF=j#3TGk7Ft@FD$0I&Dr^HpxsgG$SqJEkQ#|?#Hokw#dzs~M`5V^etiP`d
z)(ibv;{hI|=4eBUOW=;JuXYHqiPV9ebM@KD_DYL04V2ID?N0|mdw;W;x73-*9$#s-
zG**{Wj_)lXSH4AygpY-n;S7pBxR;20|H33@EAxavo&b8|r94n>%9D5<aIxy})ojO<
zw&pm4MFTIAwi=0)LzOZP!9ngRGKV)Zw|vS!GLLwQhQ2oq7-Ti>A%ct9Drvq<_Gn9Q
z0CZ0^mi|fG#*}94WXL26DPQ*2Y7yyCz0Zj|zykxVu?sb)5OS)Q|5z)q&~o^rBl&0k
zMMZFu330pz>)_Gx#mu?KWE2!&+sy<x9Pej%d16#`w>N{($yZmXWuzH1MFlyoS$-Qk
zbP$y}t?N-k*ob#25@+H(M%?GM`sCMaqjSrA*Oi^lM8j6Uo36J=O1zfk2Q>Ni(7lbN
z1ameMv<9h*{xnusroWL$7_{0MArK&oY`bNCDG?8(U@pjt{$#sLne^AnKN;$Po&fQS
z=iaW<8ozD9$wH=<cqxYMpK2YO!cziTDO)Ey6Xs9557#O;GZJ=32EX!JAQrjr17fu_
zkR{vQqUx@erIO1Xpd7`DxW6`Z(2zViQ*Hw+;qvva&LVWW@YD7(0|n5KY6rb4+A?va
zYMKj)&&fPF-k2n%q<B0okZN|Fs1VrwEo~MTr!pP(;_Ht!$6Msz(z$gf9lPYBy4_vK
zVWpg(63I!gXXo?Yrrdjk>zA!R_*<Uh8d~1hL@&C%1<tB`(C##6cl+V!@Z!_1`NQS@
z&zcwU?Ru)fiem|dlVve>-O%cDKSF)wS+i-ft*GAfO~r-J>fqYw|JfX^L4N=}E1ci=
z8wD}ry2fjCbmLQ?<gKC&&*2IlGdX43?&Rx8vk%;NO!aRqg=JYZ_6IVJ=6gdT`zDyQ
z)nGiP2FkX2ji{=5?>Le%UT!*>99fCylPogoSKBlGW#oUq2922nx|EBU=L^%>+L;83
zweTLdbhm|vE;}pf9Er+IB%Q}sT-HUEZKp(Rho4IKd+6-5EzBx25q14)NdP0Hi$1VC
zb*lIh^=}KSkvxj{Ofb`al}H;Y<uTwik6?+RES%WOD7(Fh#nU%O4OWkSPJ5b|HkSJI
zG>{jH(dr-l^oFkNl9Gv~%mQTzm(pxZnL~aQ507TmVAX^~ni}7Nj<8Y~p6Y^*L(bjX
zji_M<Hw?;0gzcYQ1YBPt1p;P*!3|IwmZ}vpre-a*kxv=Z1>J{xb<^>qbt9fw?8fQJ
zq@x>j`?zIew=K$XWkr;Pfc8y@_YH@4#qC!G5$!Cwd1SwWpT6bl;OLDie}dmz+&<+R
zQA;94aD%}6d00r|sCA9`;;t|KSh0Nnq8-y@Tj9cN!$q@+-NVRy_20GI$8I}Q?OO*%
zNy)TLAxSRt+ympXGM*HC4(JSiIuy~ekqZ)uEFn8a-}~0L?^qm#rv3SWyh~pQu`X%#
zqhf*c#&?XLX!5T4g8?#&fr_$u!OO0<Z)Fz`5MFE|$h!5&`zf5=EQmAy&3)^XUL$=p
zaeX&hwZg%hY|$IyC%j0rZ_=HgJ5Y0g$Lq5)WN%G}K>zO4jAk(YbQO<EfS79fuwfWY
z9z65oj_}%e$cg9%+)GV{8JKaWv+U;|-_wF$tcHeNF{+$!6xrkWZtjYGh?&#eypqcz
z%WL&SWnw!&-~3>G7HpOuGJ_d+VFU)iDJnKC5w_wh=*f8&HXaY1&X~{l7mHLE&<;eq
z&!mh9J^1`~x}^`ipJ@sYLW8}~=iPsT<q(AtN;V&*?X)W8rY$}xmq_zdOH-(--YeNv
zP;EjD<#%0WBzSbdNI-fu(DQ3GMO@Vm6M9GP${iFcDk64@%y~$Cc=VG(ZZ2<Dfliru
ze&(*6z%x)!mJByjQftsJd?Z`$n23mN)<~Bw?gH!7i(5n=f4DIg>_w;&nj-w-m3R64
zmic;tQF3zZdO19PM|!>Xef?@{+jx8sF>^fWM)%=-L$kw8J~{qpUmNhv!`I8fe1@)<
zJ58N3)F$$ePKMY>9zN3~w5{2AbTrIB@!l$bMY^C7&sQd})Mvc(Q>qS4VeW7h*=G32
zM^=`XWbFK;r@~!e<sR>y_jg{r%6t0p?)RQdk5K2{7X$q{2OP9-Q{QHMfe#eFR$=&c
z+AAzy9VsVwkmgXEIWqjqw;6B9H_w;Q0tGRbuA3C{+DHvlu7+~`)O?|5n=s0H1O?4~
ztVOF6Rf0B10<GEnbB{lu8wyqP3smgwy%x<cUp|j5-Xyyc^x^nqrDWvJfUCXG#_3n(
zf#+*#uP6t-H^jobiHqbWjxlAWr6%*yA~91@F}ottmPUk)s0eODhf=VXp^XTBQIDgr
z5$~HwQn{77nWh%WNk#EzX%QZnu{<)dE>F8Kctpj_TFi3<(bT&Kv<$D%n57WnJ<mJX
z0Ke3OLk?9uFBawpoQ|X>S0^JQ(eRfN68+<Xg&C>&a=42~$^{zc6%Ge?1)7HLcL#Ta
zmQj_vu4Y)m7Uz|io>*YUE6+NC=Cl%X#)pvxa^QDVu}|TBnI(W8nPQAKZ%#SPoXmz(
zj-4>s7bY2i4fb5C!`%kqbgG48DP>pMnW${j#|qw$ij3n!R<iwVHWi+`3%O=5ZVx*x
zq@$H>Z@|(M9+rF*0_|*V8D_0_ls9_H(6nlDX@bZ}(yNQ{7>xHRQcW#O0+?xigXwX@
zUz2;+bYG^Mv#_eD80!pwN(3gM+09??!#ppj*zaGe8?!`-lEpoBjAQ`|R_{<~^@%lH
zVw$Hn^Q&!qfxMr-Z*L!0Wsz71UVV-!|5{7Jun;His3R+D_9KKoX6|-LbR!;Tq>_Iv
z-LbiA0XC|b8<p=hapkN7_siXB-<L@J8q}Bs%dWu0%m?=PheWi{Am<1(M;zHf{K|XQ
z-MGnQ$DTZ>aoD5x8$N!orbV{UJ$BBCwZ_9naFU+@s?;4b))&=;XZe`SW6S*9kI!J;
zlW#RNp;#rDnnI&bEaS3Y$2I%+L{I^ILch2tvVQSTWQ&5cbQMDvkyS9CAR7Ap!|Egn
zA53{p|8D_-0z|!oigI|JdcDpj#gfvhl@%AlSk9)n{(-brzw?K!dqG6dnqtsRdg%5F
zw@CTjB#u35*K9R0fv4cJUC4ha=Cz-7)GiaiV<)wi-m+HfTUIPh4EB73Ir{dkAp+i1
zAQ<?dmXVTh8S7XtS0!)87M0f4NEzD(mL6l*)C_HV87Nu_N7|G29wYWL%T))=a>_s^
zvVR|B^bF(mlOMiR<>7g+x9=hBr2hVk6yYn4DDhevfo7?bse;}Ir4r7u%_^$*5}LO7
zT(WfCIw+vLwV9G;VcyhXws5iHEdR&_@N)XJ@s_qibc1Y01Q&JFu&ANPY$wj%?M1E^
z6Vaqfmx3eDr#S006V}V=2@_-1%j=LVgB1#H*f%BMVRBVR?lC97sS|t}=I`%C@gSvr
ztK9jTDs#fjoYVmu3PK*8X06qd{3CXaK}N{;<HzRw5h$|xz!Z$s*;)Xm#hcV7`-jVc
zEuy36>TQ-{qb=cLVp{QJd_2aI_GQE63?lEQx@)BE((a}>Du()B$aZ`#PTlkNQZ->`
z+|!oe&?;#=75F<zwFoocB%v~AjaV7EgQpCF#FG?PO&rYgO`m4VG8?eO%w<g&Zp_u^
zt7(SczQ^eUDTq{Rx4SO5Y?bXRyX4jB-b|S1Q-WK|bFF5s$(I0X)3xN1?7Fe(U4bo~
zUH7h_vVG|SGH>d*x5lj>rWMcU5|w^&hdh3L|9A6goxFhVLEdrOLU7gYekoXCJjRkS
z2Q%x@Uh_40^0-A_$>lDBfC42M8Ey8``LpD`J<E>YHs-3DIqxLCE#11F^GN!0Vw9Eo
z^x&|mPOWncO`(2X)i7-6p78~t-qMCrelev&z0|8DN1oDyqyp{<gKKO47f>)}=HYUc
zND!<t@sW|)X=wTz()M&N4p=<i>Q|E4=(`)6IlNs&Qjb(*n3aPryIXt^4L8Pls(OBr
zjk#~}FQ=1wd?iOkjQRE{_k3q)dO&%!Rdbk^w>z+SZ3u(OY;4?9xV*EhmEGT;V&a@3
z<Onqom>TGjQxKS*RdCN~^ZmN3b)SW0kZ>F_kTr0-d9r-1r#UX@7NKBYazkBba(%Wx
z>!Vctpw5wa7s6-H0yQih>eb4F%D0ZUyJuTh_HXbfeovnEZKaVvV&!U7s@&B0{Fau{
zSRLW~f#=f2^N{<CkNhmNe}|?om6NgOSoR)Vf}}<B!g6X-o?Hx&W&1FELT&o3`ChMf
zec}107loG${7HiE^v?8?9KV>p;W++#-VnkH=|JCDxpVbCV&hobMD&T+Re#>}boD@U
zT6RmsAoxU?Pg7A(xP1MVrWkEk_IQf*&&als&<5#|Mh5V{yr+xxj%C|5Yrg}gUZ}%;
z{ht^fS@s4#MAV@9w{sHO*1SFplk9Rk%p6v2I9qP-f)#h`w}sWt(Et`uprNtsXdA`!
zNHwl>darUBpYYSmwW*)hBNgT4iysx{S;vfWKrtJ_*l%Z6Q1Lpu4lFdb5+BR0)w@ZQ
zQBdSX_*(^w$n>F0XamW)1u?(7@hWI!VGi@+^XH3u$`T<as}@!(1D#~k?OSXFrcZ-q
z%!fWcYdmE8RH$Zq-#Iqz{fp6Fe|fnSL6HMFe_3;6@*#e}^I+K_(kfO~L1+~VGl8+X
zbF9NJjf}32_D+%Qx{ceq_O=10<6+S+Om%&07qsAEUa-=#u{(W&f>1;uBUFEMuc@(Y
zQpuqiZU5q^8_$6ch%|90Ki?jMTxmN8u<1ssd@5S^kOfezHS+28{ZV>Ho?1)9So+t^
z+QWCw`{`F^$2*wpPoUQE`Fy;S=Csn5^+v+-<@>X5%!Pd*Q=qH2ZrtJPLjP!^W%Ks?
z1<kSWSKH=Nv-!`H8&k^fvvPy&ew4#$cxDFvs(gIe%gk%7mR}&|?3#n>$vYmbS^^GI
zc9A*Ec4`h_+X%}8j4W$l{;$x|ck6NUcAmjom#)*pKj)U2bjB|VV2JzybSnYSepvHT
zhI#fOf{N6G6t_P0K~sm|?<cT0ajp0!X|PTr{p&JvGjZ&SEL-3m>iT%S3hifcQ@e``
zh7O5+Tke05yg~1s!>Gk(&_~E(uh+epDYdX9q`PDze{mO${hEFgUYvMV!q7>mH{^-x
zqwUU3{ZX{EwVw;VS7t@NrS!2hQd)Cru+;j;-ff?_C^Gf}OZ2wx)`nedkBsuKf)x}b
zY_R0hi<>ztawBw2FSO$Xuk|BUw`A5gO|JQ>Oq<qo1OiM8<^#J6>cFzfqYqT-*No`T
zooi*SDWwnYWe^zY93CI0=ue{=j+v@QKS;q=P?6O>Hr9)D*=7r@)^#0AU+XgbP;K}#
zXZuPA6BY97&co=6Nki^|!~9%}-ng>R%;>3oa;JJ}yA{flX&^>B8^IG@T(!+#@gr(P
z314x!&*S}+*_CIgqO5t>#cGzpAi9GU`hVDa@2IA>Zw)jyumBcRdQ*z16zN3>3JL)M
z0RibCBE9!O0)l{u6ahhc2k9uigeWMe^xlNfdkDP*NZty1?)klU-+lkQ@&0-@W8jf-
z+}V52HP`&USyvBH2%YAO{gRfRD&w!H_-LTpCPPhG0uz;Y5*&V3XlbYDweqOH+cCnu
zkxcvkITlc=ph04^U+F-wa-EEC>4)GeN|n>kU5*P821PN+Nvi~MrV`i9B`|-VFJZH9
zKq<0~*1au=rR@%CZugUHy3x+kh^!R+gJ@Zzgl*AJ#xYQLvdtKG-A2K*sWogHR4iQ-
z`GQ{Ou_<wSR-FE&t}K<kFKGBVyZAfi(Y6bs)siN%&lAnsLeJ(5dDNORdf{*qxZCpw
z9=Z)C+~bCWk9D2`=wnHU@5VxtyL6wOCzXKyS|I~aV#u9!RF!ef118V>tAn#^s5eK|
zTX5E`pOC&#Ge%=b5STzz#_<c`w~A_QEa55U$;4}YZx;{D+f8A=xDKD^OhjfjQVnrV
zSg1-1O8vYGdOAu30ajiT8GMd?60zex3z-Ee*t^5*5+9x$@Ytq>S_c~`++YMnn)m#t
zf5CqJ5L-B+FNZts0RldEPrYlVQ-C_~H>k5Fdh<LuCVK_&f{IY6e_~Q%4y-Ke4vDqg
zBB}c-`Ws8YF>fALZdZhEV}#AJjjA<Oj-1L^&Q0y{R{-cA728{v5<Db}D~pQMZfO+_
z_!8bb?kuUPr4tTsYU=BM%=_i?i!-kMCU?QiEvvGkny+OPJr{#)bHa1l2UOkf;7+Mw
zItxyPXyqg}8syIXSgy9V4Qq96eYXb(pfmsR&Qe?dj$*~!r|rWwn=m1*C?_hPyFM>H
zRPJuPExEh`*Wxw)@h&_yr#8m-vdU`rSoAcDrAf|(hSNb;R$RIrm6b||FEL7fuG7y7
zU~pIbaCfW<r*z3#q&GKBiRGj$Ryl3|$`w79kLP5M1@w6M3|OpF3b9{twe4p-t(3N@
z(oEKHEa2@oYdU@PbexC{KMETZNVdg&Q{9nuqvxO^dB*_RC9id{T}Z#OG{z>>Wa@ic
zIfi>7%*33@5jy2oCjojx5T7!RdA1JsBye`E-BecDRZ@3Wf`?LOg>8XTA16!3OJq6c
zfhpui@pulg_t0^`SiE<W77C}DsnqV7$RtoKn!)$yjCd>V2GtfI1b**lSv+$W*)4>X
zjW~a3wIV72i#X-DYidpf$opq55k+oswyyR-eE+xNJp*@1+6f02_r}jn4|_}%&z<c>
zSIJ48^}`ZRh4fy3O1oiXW@6He<t8vZv0>&cu(#BdjaN>qRWvu3HSn7q{Qd$xZ4(XZ
zVoTFh)gFI0I1w5;++ae2!IH%N%Ra+XAH2`k^;Uij{%a(sdpkgzkc;+7${)`Ceh|FK
zx0^h7?D+==jS0;zHv>)PhvuNF9{VaI=Lf)~Sv$Di;%8X4Am{CrCr_WIMulNGCOQrR
zXrMb!x#`dCtb<Z|(Aly!@!B1^lKqe0c`@eLn*J@X$#<XziWb(wa)oa8kb%B6UdH}8
zGsQQws^IP9JJ{G%opSa<8%2F-?t%!b5#8QPDujtM`O4`7oE~-WgX4uIX+>xw17qTS
z#N@2b8(i%bmBTHalvTHW3Jh&Q{MB<W!+!F?|APbm(2TO^Nddhe^I@myJC!epJT3pe
zN;uPOSYq)W>!@9zU%XX5o8rVMP*n-v3B#RxXE>Dkv_-pMpk|S*XCy4SE@|N?ieS@p
zA7%(TFt&3VONo{UP;3*4241Fhhtav6Yc{^BGoTdy3?tIUMuC=gljo-5ZkYK4=Shcj
zBQ-y2T;wvS6Ows}=RD1Tv=OjB%cP}X)Yrcl62BE+Q>1%tX;DKYT;;0BZ9AK{w=kEx
z1YxBwxEceI5AMC^inG=+&8Q!Joby<0`A0rN**f9H6K!jx0jj=eG?j(n_V%|`3($}t
zW_XriegwqFoIt77=xG!GD`=E4`c<Ve@gV4J6JfLTRQ3SP)p#FFH($bKFxhSPgQ1bW
z4f3<;wtLGnUOlMJQYdu=;RYxVifDQp$25v<AXBkq6$O^b>9SaFS-AxgfoK?^PWpWw
zAesfU5O_s({)jwbeY}Y*@g$1&{zOTCnMm{Di``G3U`vvSvpz5l{}=uJnYYWIUlr-C
zC|d}EZ=4r;a`|drCTpKp!)B#RTma><#?Fs#cF$Xb*;Um#rB<RJi-a%7iQAgMlo;Z-
zw(wh4=YlfseQgMY7g|+RP4$6jAaG=!6)O<Um!Eo&%Euv2zTkD=0?&7&o^r^PHqi8C
z<7*x=i*HvCsmBOoL9<*dg>d{H-NGob`rAxQfyXjzV;vS;cd!`iIG}b^0BG3?9LwZ0
zEuTLLatWM|Koq@~`gBob@X)=tb2!i5N_0MdtNaX$s?I&Id}7t;nk=2dGxQVNs-3EA
zhTek_w;kp+pJW>QF`sIQmvB>~kBq->t808IwYR+760RIN+h_Y&<A$SnmcrnLvq9xm
zpVW-{i&Q-@%2CmRZ&<_*fe$|ZnEtfIa}ZpZveMHNc1DEO7w2muZam);XNXLD4-RQ4
zsCgJdzxd29<m4%g{YQ<Az8ABcAP(jxS|t()I-71Cm8*KVl0j0v6t=pqv7SHGOQ^1$
zrjS)!-T7?lEcTP1A^^+x^udFB2ChS2&)6G%azbepC>+R_UvaKCN^5Gm`ksCMSeK5q
zb%J!V1YgEpOz}rG5Q%|rKRP7$5o7Epj>Xx+^`>!Iy%<ATr}6NaM{_0hhWpOXi+~3}
zDAY-4>{2uBXV~i*Y9slzPl*Kh++M=a1{*{8iPv-A1o@nv@&Dc{(Ek!qko-+^KX|n!
z=4wDx;_x{otFuA9y;s#u^`26uX%#MY_YN+vz5RG2Tm-RlQ;m8))#Rf#zauojV-1%^
zalODnjIc&)g*#l8l|5+pQ_z_2_S=TKYjG}!v%y;8<I4(iVJF^%XsSI<jg)!$>+HEF
znZERmwpOPDdOQ2GvqD3ys5p?}+M1W26dT9;JR92mPIH?4vVcT?SMiOH_(*jgOCgNe
z#ZRAeVYd?EpQr<u`|I{+rLQtFUqd@$wF3ICQsvhRXU12&(99VuG`>-Q{QjLGK|SZ9
zh>K@kU;`|rG$ydT{`f%i;{ivTgSSceq-X1@&4;cZ2yZ>X;;>>a3Z*8z@xFB1lQzP0
zFal1+HAKnK6wZ{sR4lG<mKCgeGP72a^<8njVIETjLku2SDsT(LM!q&<md0UvIdzzZ
z2iBJrHFJi#H@-4(S!X>;K@Y(hBQLwLGQ$3P-;z-Gp6dwO7&B%O$k1FbI<+dwACzrU
z+OoAhHCp;|^BGG=%*;%l;$y-`>E4)<oJLL#j<c^C&*p69uI%nS4sHk}obe-rfq+qg
ziCF-{fLg&;;o3{ZgFDK)@0t`P&ygLc*Nmxqt0t$PKt|pW*!D~D^6k?WU@&lG#;|Zj
zxh0s<erbUg)Qq*YC~^e!c&#MV@y}=s8cT$MZkVjvtH2PGn8_ZP`!%Y+m_#0z0%+Ds
zV3A3q8+DN7dKz^(65;;>v5_&$_cZH$zO^uX8WPGN`PB3wWp`B}85dJ&MTHt)-9f<h
zB`-o&T#R2J7?4<CqyEiQRi*T@5ExH35Yx1wHJBQ`@tj#CGx@qR@YvaQxE7+AvAJ`_
zBa+U(za17u&B6AGqJZf|zqd5@i-f7Kb9Nqvj6lB`XEKQ>7+_?9W#V{we2aoi)AkbU
z!C>!4WhKQcr)h5rofWE(&zkMG?OeZH%dmWdpCYtyIn9`UrYKSD;;69AU}lv9$4lQA
z0}|9C9Ho}9xWH)FyL^ee)3qQvCN2~PidBCy)PgQsK;ex}QpzL;Q4Scme(?Kx9M)YA
z9l449)L;T~&nb>JwkeMiiu?N?H;{Ek3WCr?43DaTG&f@m7|acicy{=_aQZ!U#Tefo
zb4}MakprqEH})V^E$>yYnTy-p;Je-VasBLjnhJFI>4duXFc3@9=KpvpgB3nhSYl%A
z_{p;K0tjo`n<_k082(&$U-N6~)!qRvo|n;K>kaoqb3Z=*l$1;_Abv3^yU0WqXPj1n
z8`6LZ31!}<Gm|&t|7c=nmd9`Dfz2wp=hpvBK&Ac_Wu&_zHz~9fkzzqcsqkxnv+Kcw
zuNFUy2O7hb`zoDd#LM#BFdfQ<(O+^wXo&@}j_4lIE+|k#Ae?ngyV-{+nLt2HVg`VZ
z?SjMgDbK|CM%3JiabB+E8b?Zl6M==CT?_M9D6AfZpH*H~yFy9F{*&MHRw*Zp+M?9p
zLNNR;I}L`trgSVIIN^Q*)^OhFNdePMFRN0Qc##CKQnrR#*@a$%=jg6YhEdRRmcNf&
z8fLE%Gqz}17qHdP$ufM9>t(8=26nyLl`HfE84W_uUzcnp@mpTPo|Gq0*4zmUh2Bnt
zYi_GYS%8-`8tj6|%@{?^D+g`=n%_lZHj0wrZZ)#`3#*F^r9v+@Q(sj|YKm}Ae#(*V
zdr8jDo3c3;gc+i*^y)_eiq@d!{JHdA#oPi?IsN5t5RDH$aYnzB{|W8s8y2*S7jHia
zmr1+nf9fW$!U5Z<>lbQE)3U{-Kk^AtQ1WuCVXkeAsj6UYA~GEYAF~=;xOfK4iuUFf
z30L4`l$Ap6r<EKx@bi`V(wUuQMz5})=gQNj+cTWr*VblLx*C!V6hZpIgGKGjPrf!W
zF-!<yFs?kGdiO-(tWMk)V(u>>QfgN0Ztzi9<i9y99Mq6!XW2CzbG7i!UK~evM#*Eu
z8<6y+ePZdy-~3iXl7Zbb8#EHneDEFvWHO2Jvml7Gt+M-(u|7l!2ai2BR@G}RG|<b@
zBkbnAXw{!yeKU+A^o!Q4YVXG<U$?Zh?BVK}m6X7Av*c@**5A{7KbxZOJzE_|7mCYK
z7m6D|bsz^>s~!D@lAyMx14~KkI%mS!Z6Kc;LO*jgwzLS<)wODY0J|!`+gXN((b^WT
z$_dS%Ol=ODm!Cw<=NUhy_Fq8b&YYy!;^x)DO+E{~aXy#(vX--+0?$MQ@csfCOs>!e
z`aP8SdR%tqVH!o$=()h-mSFpX6vXgI1NnW%(+upnH;g~}IKIQv&~RVo)hNxJ?T;7+
z-*F?e;>Q%l$tSF`4+4%|`Sti7S;rN<Vn3na_F>&RkYoY9Of2_K7~h2AMSA;0^V8CF
zva)7VZY<wsq_Y0m?Fz?Ncl0c38_QcOC0ymx$p?xQR%_cYiZzR>5h-u)m1pVb%RFpu
zHZTHm0g>37J<y@<r4i#I1XJASZLvBGyM!B+n`mZY*ES>acii=hVqbg`@ofuo7&3Vk
zez&0^V=u;7yhtW0EOaX7<S@gd5rzz@(=c~;Sw*S<%B~R#S&m4>+tC9qGv8{m{3qQ-
zJwShp?9{Z<ps^Q^H<-BQTW7k-DE2G1ctuLJN_2Mphq$0q*`?{qUY{E;2!z4IB+BpK
z1BUG;`6)*V!tt9o!5IL#$B)VO^=;{X%F_x#KFzR9;d%TcE&H{KlYmW$nCT07J?Xm)
z;kULJ<9xhI_r-pDNmL0sEW=T2f~xSctVYy^SY)C5+AEYPZ?V^WZ>SMnSBIQ?qP`=s
zG`jKO+js1vbcQo{{Z(l$!j<nyjICeW1Lwu4>JSQ`RJNu*=$8-}Rk2Sw=P}5d#UxV3
zGTAD@=-ECjabx@AqeilkB?rsIDiGi6a$H^$Tis`kN?Fr<;Lia&H`m_o%?3i&TwqJH
zzh{wTh>zFZ>f&-H{cy}oPNNViIGYmwsV1Vvo2FcG0eMWI(2G_JD*N}xG=6#R^0OcO
z0#;Z4*IwpDu@BqGlG3Z>ZlWI6=Kj<vPgRSfBRSrYby=RI0)NJlQHkG@n(l5V8`25+
zDOR*>6VVNKbhfRGPP(&P;7<ci@>&nv3Nw_ce2-5FHgP#H81H9P5ulI_JfX~9$|1T`
z4o%t0dNFk;EBX3{y{#KdkeBKycd{@8`-*yPJE)IfLSu~$@UVY7Oy*jDNJ<b~U@^8%
zbZK@NFMMmV^xSm$Tj0eokvHuYJaplmp2X<J;|tJwh4F|p=Ji}|RBxnyJr*0jA+cor
zv!7PP@VEYcQsfG41=ZwtMu@LBsDyv|44a}jYa+XSf*iW0H)wqLs&J$rsi19nB;l~+
zYf_GEMFW}r!Eb8jA#8&Ht0<TUK<n;Qk^rJVrx_ld|Cs_x6d8*FF`~O}m$-5jKm`N?
z27TTxy?XLFvLU2|jqV?(iVt-C*D`?lO_PlmaR<MZ!<XGm=pq<Y4x4^fmarXuVIv^o
z0itRjCkIm!EW=Gf3|EQN`w{?Hh9Q_fHg9;E-nZ<c$TVn6Gw3Hwx7@W!jaKhgLy&p{
zya>8gv1nw{F}1y`A|7V${@M+J+m7p?6AeUsia}f|bSmp_x`*i`r7zDb%IX-<z>QTG
z8spBD#RTq(Gcvs|`O4WqHeKlrf`|toc%!GtEpOr<?PKB}tH}M`@ExH-s=0ysC?0<i
zm;eUlbY~t>Ygb8|A2w7=rx})8L3G5E0aQypz0u@*FsnNl@nU>@Fegsx^3fAno5;q$
zlx1aHeZrl!c@)k(%0$_KUXGhtU})Dm7#SS#&PF)6ofi$7K5l099xjeii?A~Z^V+O#
z!{F!uGhd@>t?h4f2!?L?C=2VLY1P3_=`d|%Q~TSAEOkY?@OOI`K&fmakkebU3|LvY
zc;YnR5Wh6JvnY<@X?q+t7AeiB>@O=Pj{%GJ3XN1fwm`xu(4_8deF=N^Nb*x_oLwqE
zDob8!+k>Z~zIS4r7XL@;LuVO4*4gC=3-FVP$!K2|(&IFPMmT*^I`rMzX{?E?^p-6c
zPXUZi9T3GOU62j~<EbdXm)vLw)NcXph7268^CK6af1+j6#TX5l8W7`KRpjP~mrG!p
zd^9-zUR`lC9p*yS&qksiz8+w~rq)YgWhv8~HuKW1xHAlsa}F*~8psm<3R)&=zLn-$
zco3yfu$wUl^Ldby1c|-7z>9QvKmY<&?lIf9xRi9JflSg_Ou|Y94C-k7yd2wcd_5HO
zBq5G+fg~qXe`4yW85=Cf^e<9z0?_7zaPTe4U=z5BvQGhNu7gPd;hbFz=wBYFpR*3g
z@xd)P$j4*cW+6vK1t4Gg%Y$M>IlcC+?4YsJYxjo0vgSLUCci3=oI1u~TCmpMVc<*O
zm$UlTQ?7vOh?Zf-G5bqQlH|1@BWgiZP{p<$TaUFiQ}t#PQE+n;1#y%O^}z^x1Vf_n
zEt^!B3*K~4hnz&ZM?w2i#1){;ptUZx9O}=Vb(thtJm}U2rv;o^*8?GD@HWwF5(3O@
z0xHNqzeTxL359{ZMry0B;RCR44bo>k&;&WJoJ`O-b-)-FrZ@=s@(T13DW?k>1>MzG
z4Cd?#JG%I?*8{xpb%PNeQXRu7aBY4;07>rQED3V8QbDe-DBWfqTzcy$84fliPp)1A
zEtvSK=u67!JnN1}%|gY?b`G`_q<RnE+iVt)&taThhT}juk||V`S499@bR*@Sz_2$0
z(#+Ic<vBCN4X9Zr$>JQ5Q86Jh<@D0ZtE7!sa|JvADR+AcME==*fLem;y-Ih{D(aKp
zg07G4RVOen<d#tUFbeB?+fiD=hKZM}ZJ0BW9iH+4Wf{~*jh_`@7P0t)!3fZ=?xwR}
zDh-<5)D>a!Tcpv53w!6L`39^Cdf10GNU~^ah7nnDV4#(^>XC}+%XLDg8BJu1y4WSC
zK?ha;><{o8J*ZX?G6Czd2Tao*jfjVvyKES!=OZ?dftO!Z{L_pRfdg}uRl#Bw&Acew
zQ{PE0`PvQyA75$W?}H427*78&AiX(p8({3lUEul9iJfdXrV4fkk#!DWpY_isS`k8t
zgKgzy;Ce8CU1I+HZ(?UvgPX&?4+Z48n_=JBRP4<H%+lenruM`icOlD8q#eI6lF27c
zDrDf$-mSBj#gl&zB5BI>H(J9X&`AwCVv*M@Aa^-{nJa9YU<X!Qy-1PU%;BgE!-pgc
zjdl?1Y#?L3MT-9csd08)1xarOFUEMe5r)Qgi6f6l5<C`HS0x*0C|~}iH5f6fy0q`(
z?mx0_W=<7>CS5rN_LK@qGXlLAk0wGWk$ZxP5QWj|+5c#{CkTJ7-u`d)gQVrB8GLO3
zejMe(4TJ91)v^U0*=zAnR3ure56X;_UWFCB3Q58DVRqm?+`z>$HV10PVFNL4C?`F7
z9G~2g-N1fP1frh)2m{Tft583(FB|K{Fc-Uc-jTUx&MvzS6DAY?Bmfq|Tma5Gj8v>4
zaU^kuD{*(R4_{;XGq8&!)TSR@D?mfX?STOJp5L-Dc9#`Eo@1!nSa3MnR@a@ypbp-H
z<Dn^D4cDcv#2nje0ny@7(qt|W``H7Xy<u-n)*GVj|Eo9(EQfca?gbePnLB6?jyM1_
z5s_yY4ytR}q#4)RJ4QDZR0GUp2u=krypsbc7s#pBa6NTk;)5QBjH?MO%YUZPL9u}C
z1tCa1hz$PGdqJ`PtKL_7gQq=8JIL;f?SbJ8N2p4cqxnAm$v?FKO>Cr=L^rU5>cId=
z>%AfNVafk6?-2e8FpB{o5jDxe+i-IvD5obyfH(RBsK_=2!}kE#kzgZWK9lzTuvE2<
zb$u_2>rXmm)^>0_1;ge`Qw>Hh0TT>tt0D_fJdD(MuDap^%Vm~7$Z9%xn!!U8gv$28
zI(vt5b^&mAU^iME(*rX>x++bkwClm}jDPJ37{1|=8?D}C3hqb`%G?x)sk<5A5mQMs
zSW4aiWs{1R^Lm*AJbNR6ZlHM@k=)w&u9pNJzu~A2XHlu{avYy;J7Ydwin)nwy>PG_
zpeex6uX#jSa2+){+yW?EckdtZmL`K_1Gqd76fuF;)*oceR!v@@!SGK$N+?)_h3oJL
zG1sMzL}~yQ$1|XWZD3v0X0<8U9E9#k$rn&y_-GnTs+s{HG&D*n{)ef6RXUnP%q|P8
zQPP3UB`jC<8HV+&6{$bE`o83t@0kHo641Q<f+wI&u(A`k);tDfNKP*+u%N1>gz)xs
z_QGcbpam!YOT%SF8U!G54#0)*##FK)K%E{~xatNH0fFB5Ydo5a-T%R%%FkdA3^S^L
z2|uhe&fFZ8IwbM4!>6?AibaPQ+s`xB8sefm6g@K0NMT6*3>a$!7PQ*-(x@3@16h=8
z9kocNluEK_u*hLDNrs(;K(Rc->;Iyg_<wjugm*;&;t&aEpzF-Q>L-m-uCWY)-5#L|
zFcNMF*hE%h0N0tOV3Z%Jk$45H>HJj^$oVt|E+=QIdhh{C*9Igi4R8b4Fg=oj9u;)~
z7W3|iID+323mUT=6G?W=mk1tZl<cpi|ATQ)QUWL;pBw*}k78M7-YmH&i{`%-Q+~FA
zAoC&$;z5<qfMUVQybcCI$Fg|A-%Q~wyUl6`+CH_GG=RX{fP}AC_o|M@68wn)g9C6t
zQF1HLgVC^ZpKXA!v6u!j=$0)&3=%-o16-M!qhhTDC2D_C;v}yY7p;EH#=(Ljisle(
z-y48e%IpA)a!~^5AFy;Ssz9BKfx%S*BQjRV-2Hra9lnA1BBXliY1{5yQZbk9%Ogd;
zvlsmmFa$h_&`SbUwhINy2yFQ0ZF7fNlM`9dktB+cdX7{o^GA;X%f?PkYlAf%r8GRl
zkVqeNBza)E=ePfZULgJ<ZxGIPV8zzK%rzVCEJgq?gundaRPhv;nQ+UG3<5~t3IIm{
ztZ{As7~a3i94K^xyl3pZTYn_r=+kQ@Y;9lIE>L;oMXTe<!9b5eLnV<WhvIu+Huw)V
z@J$T=lsu4-5s&~ju(vDGMnl8GCs?V$_#J?G;~)_MEH5AvowTG#JP=p^{#SWi4;bcR
zb&?Vy@$(@d-5~G|WEh<f=r$uZ<4BU7(&1h#yUug$Qp)MaJ~;j{zkB`c!&g9)ZZ~uD
z6fk;6fJy)s+}Q7rI&1%7l)&jYCPPDFC#3KC?=YBZ4>p$qXoHtIPI6h$CjO#|i=CBh
z$iLuq4d}!X<78T2T?u3i`~%?<B#WSJ3)uVldnbI^|KZL*3he#2JV{d+{zvSqqrSYF
zM+pEEFtdpJ|M%RPc(6}ab4wc-#{rVKY~KO!`(sffX_|n#i~+Cmi=RyZ<+7bZ6G`FF
zU>uopx+wDf8a%3P;^51tC63dO&UP?W4{&Z!!R8h<&pQRCQ8P{^m9SwQ9~o|*A#J$<
zp!+31{s11x-I&=@;Y5SOlKer@-a-4P_%+h3uKz}ke{67qK_g!<08%o8|4U{0v!egH
z3_$Dthn@c25!@3Bwt2}*lHDzZxl~A>2ZQ+jLsnmb25?P-nK?u1iXsVMst}O=FIHe*
z9+4jPCz$pZWwEpSiIfR``kz;l#ykSZ$vUFJpTQg)uzkS%5wOu$^QivpP}UPd!Q02t
zpsEJ2^+{&BAhRI=S->Z2_~>Zjk0xM`IRt@Afc-VQ8+ZZ;HA!6&?6Tp1J#e6=?f?K-
zWl3KI=-N>xlkY#AZlA-E6XR3>c;<9~FQJ@nFtKsOh=G||@lQSGD+_ih$UGI<01QA9
z&j5zLD)~Ra)St&Dt@AyS?-4cssI&5jy^`DpIq5%}IeBz60%-Lw^dHCj%UQ4wsYsPp
z|HGF4KjYI84CaF6aJW|ifa}Qky;o0%l`#Ob0ZgY9WX19S37AMRYoG*G?EezjO9+PL
zQjs9AXrLTsRWb+A@o3UF4gs?D!ZcHg3hZBq4C!nV2Rg)GSp-npL1PBR574#8WZdUS
zMiKx9u(F_M=SNOGr3wn}d9<uR3FyH4>42H4)_dSo7%+9Y!3*$SyZ^RP>B2A2aiRZg
z+n*BpjKBw*240-+?Vq3!1sRz@VxubU@5CF(AbSCvT`#QHRE`u5Ai(WE4COUoIS~)`
z2G}J;m1D6$q96l(6n!Ak13+nPn1q5WzBOk>uNVG9V<9>*g`{Qp2_|br9MF*5EP)_N
z<@C|y6TZZwOXB|ZuL6IDNRymPhvVR}7)!361dD3`Fb~+!vXO%kb_u{Y2S^J5U~NdE
zLF9PQ?v5o$Rj(J?`%?oshW*T;IC8DB&pM-kkE$c1eq%w3LiY34%Q~T1he#9Jv*s1!
z1-}SzN^XDX^Fk>WfrQ3MMG*pY?{1uwPhs1;>M)%4EOAWzZ^21Zhm^B?@w5=dxa#N{
z#_nDbO~fm0X}-A`+&lCpOT-ee^1hEeXP5v?g(LwpnF1U{P4%GqBUki^8wtaJIyifl
zW|;I>hR?x4!P1xOZ<=uLmcaO7@aeQI$vAfOH}J>cf1Fuk^B-r{ko?4dJ|jT0{(gLI
z0XF>od=UXE@b_a3!a4u^y(BdCf4~0!6X66@8<K?VyOO4gOO}{@4Lf6hKA<5_$0(mp
z5Z#|xeXg{UpP~KW`yC1FbjA}SOlk-(T1OC_n6$(}S`l$zFu{lQ7H{<`MUuyFlb96-
zs-UgWopUZj!alua9rX^LW(z}hlTQtt_lh%OQ;@s%^wI=#as7+nvIsrk+hulx`qjx-
zKS2h*v_jXY9j}6EGx+FmV|w@CA!{lW<6Z4GWSKt8r<-2dfmU3~vt~@;N@4Wb{JN;q
zCmXqWc)+qbtH+`%VV6+YY%#}F@y?{o2uYZ!EZc0pV#m{?IaM*N4jnb~f_3A!7&cd@
z_!J_^>;+_kn5!z;EoBY-nSJnP!otFO^rb#%X^G|Wl-#UpP1U;_Zx$CBx+RKAQe`5`
zthRKwmPRB;gD%hY(3Nfuy)71CCWnke15GS8e@wt<(LO!R8qfhXuB4PDjt7S};VIwr
zd3kx&!<lFD3JY7h-hh|&{SDX)`_@vAlD586QP#eQu<+8%0H!bcmVG&x8~Q#!Cow03
z3S$&m_A`}$$02-rGq0<-KVSBCZPY}oIXb>$U)c8yxqXT<)^Jnl5ML0L9=pUqzcr}A
zS6lJ0a&#@|mJoc}0jBQktR!S1238V}-DB!V@uwQpXijoU%esR>%&=){X(>d8CEtaS
zGr4AGO^qS<j%^j>MY9LoXDigx&X7jHb&$7%y~VAmh*u%3;Rq4a82b45^w@m(=3|Vs
z6lfnZI(3{0JB|F@BWEB!qi^8eVo?3`MPel;CHq{v6bHPzx;h|&q#2|1ZK*GXuF%j}
zuCwhgCUh9~i<>jzeteL`iQSo9FHshCe6BC*y}nJY%fG}k>eBY0+E7tfMS`&UAtJ53
zTr-L@C9QmE-G1)J;dv;vv*#SPvclzeyQCd8NO4*=?5cI~bH%;89{50(42ECXKXq15
z{}!n9klY~_bvfqf(;nJ)U(B%%k_zkn5xl>&mSYrLjnm0t;<`Q_3N?~WB4i<bHj;Gf
zT&nAn1dZeqSM&AxfKh||;C2&&aK;or&BDzQS#uF1NMb#zuh^b%Yf<M4O4Y<9t*B~R
zA3>P0K?vBsc(|dQKnQ3G9~FS_1#z?p(s%Gk-TWo&vMK}X{-~xm?IGNcMeVE9EW{H-
z45@+|B?x60tCfQX;`;Bs`it_r*01CXImkd^>io35;MJnmJ>e@0pT5SK&`Rv>Hf|LY
z?<Q|n86`T%wa##*Ae2oX+NLGBe=vp<35WQPA8*j2>fmh>!XhGZV>=<m^)Lxh2rCpE
z&%P)cJNEHnqi9dXhz&>Xp{wP{8B?Ldjbi7z8aHAUPVI22Ufvl6CdNX(Py;(m&4=19
zDykubRV~Sf(PsM`%t(MU0B^%b4~bO|rraf-f-{9H=4$ax=sa`HEVofluo<5g7$y6>
z$A0=P<d)B)f%$3L^mh0@k<iQ|a7~$x{cyHBVY7>?$GPg}4vK(2@4DV`KHN}xW-cg)
zg5GV&bEIl1OmZ<b`d(wb7mof=0yKksl}}dI)mlyz3=8Mh+)m&YoiE(U=1c<BhEh_5
z)>~bv_afc)e{LtAIl>JW0N~yH<}3HHuH!KLL8Eye+K2_F4w^r<e<Qe1gjw>6X3C)Z
z62!@+MBQv_P)-uJ#F3c=HaL7@4K2@bS*aWAgHi>%Tro0Zy%9~=@OT7L|MW>e>}qX_
zySpQSC~T{%--Lu*5{csFyVb|(kC*4;GpzajX$&A<flev!tW!FZLu6S;GPDaE<DOgC
z9NOK<=KtivX^WvZn(=ow7z~hYSeQ`?8Rc>g#t2#eFqFRN*x`O&VYzZhY*FVx>D+u+
z?aDy<cW4un^L}WoRqw}bLs+;pA)Oh%y!UDf9OukD?2a=KM%wHTgVXrRjVCU(9avSY
z;0July}#!@!JH*6U{9Ue^ySsK5Z+qu*>zsYM~@sj4g}yW6V--(W?5MrcudGnbK+f}
z^`U{yW;8)EDF0V7I7B@^J6i-^t=*Al!ObB!m*}RyxwII+)m2Q{*qO`49JgAP!s4vZ
zIumQ;)!bxt48mUt4!msECyY<+G6kdHS_|KE2)X;jJ#r?m>6hS4`*WJnvAJbsa*aWh
zeQH6tVm@i4VJ*k$Q9dGe2){X+<1&8C%POQzR1+*vULM@yx7Kx+<#*(ZjiM}luG)sQ
z11yuNC$@XPt(gir9?)W=Q}vC*-#DSxH&OUGqvC<CC@xE2W^eM{(!?2Rg52uUB;>kU
zJieV;VuPl6@PLYBZ^piak$nj~FCBN$+4EqxtE>3@Z~OB}Uj1hT8UpPOH=tYX<SBXX
z#WxQZvRleVE2f^P8D`hu$x!&F{hImp1P&Mg8*`#p4yYwfsYCCs>j~}GdeTdHq^=NJ
za2&9<wnF@<aHaLO`$lAuZR<xKm#K2JCjZk^kQPmH(6#BAHI&MCS%k@3?Atb5_r5k+
z9L>+^AF%7J3s7>wolu?6(jE(AC<PCoOe=abdzO%T4B^_n7S#M3m!*vnu`R0Gs!}82
z@9>KTEqW0bYP!HQ4khiy{9<&UawSpLx?hV6@n}Kd_%RgWHv)WlMov@jg3*GXQc<Og
zx5N??ScOse)Mc2uo>D^5exm{2rb!#t%p(5mgI)c~r7Ksi<fRqeYd)A1JsWgigxS&w
zhuF=f5_iDO&uAc#Rd#zl=tsDbYMbuHa8#;k_}#~d{msZ;L+J(Fj`TD5?~6ezEY5q$
z`zb$MhJZgESwSbN3r>4~yt(cdptQNQj5A#+C2a*M_pwxCep+XQwVqyUSQCJDsnu{j
zA*V@#m91^4q0jtFXpblQF5B!NkXyhNElsoYbb)M*{4T>V`NfIm<bg`(Sv^By=hqWk
z+b!ptu(UR|)*51$-xO5?93IdoSQi>-7v>~;jjr#4HTR7LZlj1x(GDMMqM~AcfVwHX
zA1Dz!Y%aw;ub$wRoQ>Le{%B()S@Rx~)A(3dYFa_&(-C_~Uikj_*Av2EfptIIWHp5{
zUp$oET!9+pOK~NAaItkiT!^<gAFP=_(Dd7_;ZD$elQls#Am9^mbANjws~!Qj%)vG-
zC0);1d?kovK-rQ2&c3pF=k1`&57tp{TbtLPY`)(_?ez!U85ngM{VuUKC_5E~)6vXz
z)C=wGiaOtkv#;0KkzRe?-TXeRnYh74$s!^I_nb)QkXV0Zq$43Ry49|?>fdB9EC3gn
zGV(#GP`gXrUD<74A#9Y>OMOPTE4a47weOR`YIeTnJo5|m=faxN3mw>mCz&RvkW9R$
zrq=woDXJ*;P}=%jMJ1))&Q4nQWvvWJw`y?oJUHW11Ah!+Y~ZP5xhd!Ug<r^~l#L$h
zmKk=}1qzDugS&S0w<tp;)>=cR!uW3Aep|0<WozAYJsh3NV7FguWxe#|@rBN$N+Tu&
z&uw1b?k#P@RHfp2DfmG-8noZIf`?;r>DAG#vIx%HCiO$7WKV@jC=}Nb40YN3dkJui
z`122vKJVHO`mV$ax~FAsvrd9h1qCQ%O-2l%%I}CkfWhpL!4gnW|EBsbBHL4=K^k>)
zt2>JLRy>$tZR+!T?zuBT_u(_4J1#(}qS$S#zrUatOEqecs6X7_3buT5hzm*%LmnQO
z`V6>HH#dc`P~Bpry49I``Ac#wE>npQpJi8nm=c*;L$<%Q4fUS7NI7Do(CRI`G}5vs
zC(ZHn>C=xGBgdEQ;+I4Y*0NikNhhI;Y98)0xy5Hi?YZ@j{QjLjfblRQXD-Rf+)nwr
zJrbr`m2Wcci|mSE6A08JaSUL#LBjw$Y}mV$?IsZ89(xXZlH=m1uHsli)qSv~mx_E2
zMd^j)q<?zOL0Q7Y?Qo;+Z_X5s!FQ-Dna@I4RZ)lQ{@gf0SG=~wMqP`tyG%WPcE1M8
zw_~-@7PyFq{s#4c{c`r!*5?+M&lUHB7k#jQ2HQ0wrH`&hr5hPJ_1Shs+>4~Ar*|FY
zabKv>TT$G1#FmWq$BU(91aFxOzE~)kY7egNn9OQ%om`;F{dnW!>}*Wg9N1lux>wAU
zGVyO^WGct_Ic96zp$Dy-_16RKv%e-#MD!AV?vS&1YMqzbuFLizl+PF*6CK0vd}xW)
z_juT_Z;1CnzeSD?_h;AQ_Ut#;Q(rP|?a}b+rc<k;6=WY`i_$W7IwzV_a_}lCTF|-8
zsSK_hBcF{E%7ndQmu@<A=n&i5Vci3Xg}0cd15wxE)_E*AHyYjw+jp1#kgZ0&Gcd?R
z)lK^OfaUrg4XtweRlTUDX1CzgtqES;rHNa9DVThv^OHO?Evh~@S7)EmDKBgGTU^0T
z9s}``V85nDyOLN3j#pX|?`mzGPjGTyq`n>Zp`Uw|pF%e3{E+C1G<4y~rKKSnOf)->
z?m>o@yVaMWy?uJeh9=f)exG3wh$sbvgn~R{g;B!@akG**e-Kg}a)wUA3+scEM~6k9
z5-OdulN>gBP7`}D+d4lm;qcVlh!!m=^hdw<Kz3cBan(e2YvtDYre1=Pwn0XC4gxSf
zC}xiZTTeVwv$;4TJo8J>b^eq2(q1gl+_L?<Qmi!~kX<cFN)s-w7C9r*yQ`%ip!(rb
zGxtdbhXiHiOZCl5*qxjQ_WLgQSP5LZbw=#DbLYw%-Sp)7RQH$9p|-}J2n&fkDAv<M
z8QP;ng=f*jl&+DPd3ntEJ{=~G<ZKn9B3GiDTI(6&@UR5deb7=@dvvUajh15Z4fmWb
zKG~(OG*5kiuyXJri2}S9*c7@Aqbx~gHDhKi+6(!`lJ{TRRt_nm;BI&2uK@)jXDQL%
zT(>6f^V_+<>|yratp3o_{79O0b{)CDd{tur&$1&$e~9lBl~ie^U=evTW0rNNdF8XI
zJoRP`KCr3=U{0n0FxT-Srdpfmg%qE{Q|DqW4)K&-`xNsS?E(F5YZSf};Yb-*_(9ai
zadRm$lqK`^>t+4u%oG+xiJ|u-%dn%@MpOF&ZT-;r`~U`l_U-lqD*nR@c%Z>jZX@?9
zNBJL+ethZ{1f<r!FvV}TN5OIBLFM0P6CUDdsDfNKVKnSKEu{`!mqy{uD7wNqK6mJa
z!<vFJIdbLUTPxB*%)6x@B)$w_;O?#14I18lZgZnN`4sP;E@1<h1DV1kxU$WNWvx$*
zia24_0+!?;R-p07>Zbhfu7yvwf@6e41AzJ5FgG8U*>CXT>ReN8e-ql8x}Nrc*HK}T
zLfLQo%S8|Sy72;Q>(;oY1O3VbG2Yp2K~-r9ylW<?_8r}E5%LwGkj+W)ezLj#LRM7G
z%<RGDI+sRN5Qt=d5T7aFj`#j8-bJL6+P1+~VAkkM580W#H+Al?(9%NPltvw90=S!R
z^YC<iJEOO-n{mEhGd4K~7;Z7R-hi~84}Qew8Lw($$@}Cz9A@*7#(q9o(*8BK`-iYG
z6#OANxzgA%((5=7>fTFcAXJhA@_HhH1EmVK7t$S@LLyXWaMVDOzxj|+Yw%?FitFh5
zen`f>hJd-mf>=XO$ysTdL@%e!C2%11qnaYQ#U=W5uJ9mR39;`e>V%T55Ay?|p~?~#
zro`idC-!$jky6hceDpT@M1`yt&5f)&ee3UVous;J-0=ZPZCA7tWhq$h)JMOC182v(
zOsDNHOkzeaIWK#fCto<kC)m$fErj2Sgz}TWl4U~(dL>sdi>j-8U2nB*3hi&z!6-($
z{jN8iQzVJD;ek?_n}M<mc}JK0qi!R@nBn3=FLn6aYMc)<QWpXdTiD>M?@EpWlY>~K
z84%|;H%zJeX9fs&R_YJ&+x@5Jk_#Hok2Sk!n_S!ZO?(C4D(KytOJwXR%>&vKwLNM;
z`bqIw3soV^aOl<+HLX`AL7$d*{0xr?Ck4R{K>AHV<HqG~fU+4FeYYrji7jFNp8o!9
zU=Sn)aHV|pxl`eGM7gmKYI+~ti}U7L>cEY|#J`SJA1DjRlArJWaOb*^Q;5m%vkhfU
zU0p_0;Sv|2`_s%-CN^bD%V0b7nz~Z6=HPNy2?(1=tZjy{!)OliLWh`Q)zGo+rBan{
z(b72%9?h9vIMHdxzlM;vt*U#KhGrpi>imFz_}yDDdMT%>Knh@Oamtn7x5pfMqB`m?
zQPQ(7L{o=%wkp~8-iz9PV>xTHUFW&gwzIVn+ELpk%8<@{WhM{w@f_|PT5d}7@bJKw
zP`SL)$3ZM!vo=iyhXgEjFz3*fi<Tl!KHRCVzyATwxy=mSAD6>S?QSE+s0Fm^ewsts
zPIR0eu1Xt-Hxs#$Z!}-xkGwk2Y%=+(aC5kH$Fdm}rcx79Ui$dPWlCNNoE;D<Wc^B3
z6oi_zQ>RqXmkx0&Ud&zMG=>>icj$dtd0bj4U!8>6kMS}+!X{rpqX`Vl_T@W`OZ2Ju
z?%WAuC8dxR#42~s9bn$(4%bhj_7`P!*GIkZ(^#%eT&-QV8BJ1_Y1oI$8u_3L5tQ&s
zJ>w0!&!$8?tg^{Ego)N17Vj)n7jk||0^zfxxd5@xWCJ9L9`BpNhPt=52>WR{y}iAR
zsDpeXw`Jq1^~f*+we>*X^Q~_Ovf)xJh!utIWaua?(ghv~D#zUk8x!*bpd+m;DqI}|
zivr!wDoYa=B}HQ>A-?REnz5W6{$!gWNW=)G#<Tl@<x5sB#KsPb;uEUf5o)#8gM%nQ
zE?mk1!_hYI3F17Mer${0zX+d<(|)FS-cH~nno69t-o@-%k{6VML8Nyb<a!{!MxYUp
ze{I`K!?kbAeHu=8N2|~<-@ZPHLCQpWuM^=qBwVQ!NhRr#GJk03vvj>jb%b*4x$l_A
z3MMaa@uIuljmzq$8l{R#Zv=<InW%;DR8N3WhC33*>y~ukabeCr&Y>a<5>H2Lq;w-M
zpFX*{oZ)WSEEV=f#M#Xn6%IZ848lbYu<i&z<?Zr$gh}CmilyzY{evZF_y{w)G&u<w
z)5gPd1~<^#TM!TuW3^!-%MJtVP%C9js(kcSSfpA<-D=>%Cj-z0EVu_L%r6S|OuoCm
zyFn)f>a`>3pl&XkOOJ14iaXONS`i`NkH`czX(yXR{1eu^TVjg412pV<jaHD4arOAe
zF6Ir)wb%%kpy%dFKKfU9CWP!-U%wpy^=c3gCP{h-OEtE5=K*>}O|1y!j)4K#P%=x3
zm%*$C)lP;n0AF*=2a5*u5yV3>RA0=ex7hd3PHp#hc6nK}oY}WB*uu}>Ns@-7RN&@#
z-Xf(usJ#$00<MFObKis_Zr|eRTIv|h@$=g?@=__<2^=9XmwJsaD*0p?rMO0(J$IJ9
zd}q6ABjvoAki6Vn5^cU#p)wp(#PyJ{-JGuxqx{AL+qRQoWM8ph%;fd$URO)nV+B>H
zJ+nH9)8+zZZo27zBC-sw+`Lk2;65gjUEEMjV_+@ua3Co}tIep2)EyXRSd?#H;=SCg
zVJ?T}1rJo*F45J06tO{*3QMN9M4^wdfno9AXp-IYc*XWJ=VwSj-Zi-!=#Q4z&$O_e
z?C;lNa%vrtz)zpsoR8wmtrlP7n!w_nwB)&y45e<F{#t&n1h)LP`1BLokNM$-l^|LQ
zUxxaG)fPuB6&4oukf*pL>JNH0+ir$Xhrc#N?rpjE^}i^rcNR#XqPuMSmKzqLE)-w4
z^ODPy7gw*;OclbR6w77n;5mRMFdPo^zx_Zh?L5o-1l(lC^#sKDd$uguf_<e?7CEk(
zXBO`R9bAJ~ylAWWF!C^L@UC6r&!FY}TfE|26L+-@;K|7z<5Z;R*-8Zo|GpeUWW-_+
z82C`*l08aqE9sYw%3fQX#Nz7V)QWp&Ch7=A^K<#~g4zthVIkn8=*JRgR^ysekPiTi
zM;}Ex@1#uc>-nkv!qqQPbrt6zwzH&(lMFqe&G(dYv8aZwJ{VIHYlx6X*X}a@ai(`t
ziu=CGr<i%#<P_u=b!GlEpU1|syhg%_T$0MYxZ*0-Y@wK*CDdXKbP4>A=w8DLZgn?>
z$RgB&%E**kf4RxlW`{WkiWpzsr(10mir-nHb{_#C6Sp}CqDR&SuF7R6<;;T>d4Uu8
zoxB)&sg$~tpW>8%Kz0^mPTPkp^ugiR`I#Y1TZm=N!4E{`(l&Z5=K=KKV;YbpiCM(x
z*~B=koY>yWZI{4`!MgSMq*5(`GZIQf6$@MElep^Aho9tf&4y^C|Ja^!{7f?#(2-|t
zw;MumIOK>N#+?5RBHo)L=h{Ii4XrH`SiuZcJR!QBa095_6^-_zu=-t)8ib5<ECbb>
z?U!5$CfqZ8`jqzYL>2G{!lm~j7w&8&Rp8Gv4)U#R0~~@MR_}wb&{b4>fu`)7W7FHk
z-CkqhOqj;=5KErN8G6hV&d&r>S9GIsH9yO2y6yljFpyH8d8%{_^kH2RwW+WsG<+uo
zd7Bcyi5*U7xU^o3($~X*EQ+wt#AMZyIYLl0J28q0^c+fgci0Y_&DmxQfZW3phy<#7
zE-%?5EZ~UGz?v7M_FgV*?GSh3qMMIHA{5j>v-0-`UBowU{2bY2LGR%$`??%cRcYwT
zZV)qep8AQdZaUCGZ6bbTt7fr#Bb}|WmIav?0VC%1KUPpyZi^f~5tdZJP)zzqJ~ewz
zhX?ci87%6j1MW)@XwWb(`N>A$+)EPo99q31()`I6eG$mK!|fp+dI1G22NfR*zg^Zu
zl4jj2CQ9Fq-u`~erdIp1(Qlvb3~*Vih;6hCk?^10a<?Q6J`MHhHdU?9jHwX8qIc{h
zHou@QQ)G{|@!Nl$oEQ6Q{J0eA^<d-bLF$<)`4)Z(ETZ#g7g;EcO10WPaXF_eQh6U+
znoysx7GIyT<Bxn=_r#xU8;qaS`?eXoyTOC*kq$bzmSi8q!GaJl&?u@C#^>J8MaX~I
z*|_?^-CYbdmO$L(JKPAvH0!&MvUFqG__0Y`<-knj*;_=L(B9dQ{|#@JicvxS_99Y~
zVl$>iN~E4768t;LGhKEbjm&D%)YFR{KMjE_p9yLN*Y$#(fZrbRtXUq0a#Aev)y}$I
zAv@>#`yF}H@_KY8aKb^hh>$*KL`X68IA9reODKG%f=2_7j6|{zvHiEo=RgP*)fCuh
zqMUF?$vnj;ORGpX%B3x-h27O{%GPI~r5K%GOY|-jq3eYXm%^+tTP4qC=nWhXQ?}rK
zGAuy$tLH#DWsn`A2fg|2#3vM)T^*L?49@3}Wu+g)=V*9B%l3IkntSJCGh<?|A_#r%
z!;T}4XPT?AVO}od$Xa=*<x?G<G@!t5#*l5e_JI!7LnsWJ@)>Hpz5rh)NcN(Q?7{Cs
zzu~_XY^Cg;{~iQ<V?I-mPi4DAa2;gMEOuvQUAGsSm8|$oR(oZA`r5r%GQhiw)sF%8
zuE$_k5WaFr2lXOJdUw9GY(UCb#t67H>z~zoMp8UxuZ$u(uE#Wy0zOuvz2AF%Re;o=
z0dLlECdv@oOR96fm96iZ0DklqC9@|0TTgE(syCQw4(t8MBRcTweg0OTD8{;PvAhd-
z^KU(2-?Fn`BzY3vM-IDdFW2<QX=-X(HMJIRHAb4j=9o~}V=?`rKr`__$C?$aaQpmD
z-}sdem(LaI=p{`m0D*pi-bgyBU}a(BWTs!M>?3NUK;T{rmyToJ;NG;KYgNU=YF+z;
zB_>}PEi{|mnzFM7K`=d>cfpz@OL~4W(Rnip$x~?SxRV54iMMt(+_B9^HZ8)?V~^)>
zvVhxhC#7o11U`=LumYayos?_Q!%*%j;E;@Zj9`S3IsWA~)mxwM7uv2ZDb0Y$%$uP-
zHGTce9A-lPttFnDXY-y<t(=D8_fh=~zD4&rJJJ9X0m7bt)k9DPo8?a7+Soq7$a0A~
z(A_QK_ZY*PIcRu}u)CZ=&Lw@|laSJAB%gvAvCaWp{@xD}U-M>Xuc8hKLQ?ya3EZ+|
zwX^L;nXyJbu}1+n&*ph?hbLlNqjfoRXLg$O?U01-lRGCnb%;nrStE#;KY5aQDkNq;
zL<hrdqh2W%=jZ3!6ix>Q1e05g`F+Q`wR<Zy)4lYqpo8irP%P(UDQR15?`&k0zeC-K
z+A<WM`8~f93^ddB)0T9Fe-4NZhq6d2Hj0eOfqXI(kLoGbPwBGuVbygjX&RzPGdZZ)
z#ju!{qLzwNB_`LK6e6{Xo?`Lf#dej6#}I!yl-9uE555M`D#vT$NRr7K7;Ce5TTv15
zq8+a#XpTtecbs^vK$3wp@mj`0DQDDH^7_Wlu3{sP8QT#ye|C^815@XWEQZac_nJsq
z1k&WaG?z;dvE{cKVOk4Kfsr7*fkulTavtTmNt_pioP8U4#df0S2f!_?^Hu&<HH_1M
zI)?Go6FVcaC@;+id`3Pk2IBgEOB=?e;ovg=U%wPd$!f(&>39(h(99Y)b>+`pAuAv`
z3?Y}=TegOST#eIFb`CrZt2NNjqvryD{J$-x7$*+Z;&wTIL8-=5t}FL+OQn@%xyb09
zJ$2R$SGde3oBet@^!7cui*l>veyP`9Uz3&FjtFH{I{ExZ;Ah?Wv0Aq29r<CUZgwV1
zrE}h6#o9*2`gYUREe7x%Z*<4Tg^PbbbfGWFuKoKFpg%z=_wVPq5E=dJe?LDgD1`p&
z%8M7@b<tX|{(J4Uj60n&|6VKi&@}bszt_Hg+az=1pSyzp{_l<dSJeOiQ?96PUI=Lu
zyhprvAwa>@sgX!P%pLpI#1Z{0xc8=*<g+%>loOEj^k@9u2Z`#uYHQY*3c4{wj-a|m
z&+2!g*7apeIZGODBkG6eA0DPc?!qsHsnQg_(kIlFg=}_TY2NA2P?D?@Eun#o5B_w1
zO2Fc;#kO>Pr9#!ZpM=~!7yd078b)J*V#96wR#($Oj5qpG3W_S+PCBHGI=}Vh&la7@
z_ra;m_oiiu*{Y2(68B$>D(x-5xx#4jg0nHBS#_(uvV=c~6%el6&AwVxdHJWn!on-p
zu9-%>dzUL{bW`|i)p;_R3n#?}hn}@>cF_v2MXBG&)kT`w^|GGE>Ixr&^yXQHoDbao
zT4^nUUVavn=ZCc4OTtiXS4{5N-h6*mY3S~6{clTqd(NIOPf$wLxcai!-j-KQH2Y&v
z<ci0l2CbJ-FQwR`en!N-51>qNpQyh74ky7hEEHgV#U1j+$eee47Q4@3&??%H|3Uca
zB@x2zl>#1~V-Q5(qh7stGR4`EKf-Qv*D(kG3althuuvAYddjeyJq;be3^0Vusggrn
zu%h(8X!sNfvPPd%&_*YN<^1diY#Lr(_gQG=voE5`g!l$j@3q`cHr#t(t^R<k&{B_K
zDOR&gAcGY%lHh=(2Fu))@X}N$noX*vOg@K-r>j)StEx(j#v&=%Ky%4uvGbBLLm$t?
zrFuH2&mD}*HflqKmu4Ta7z{r+o(h*Ko}4%<C^)3F|A?BJ`m`V9-UY*-6lxG()-R2y
zOZrZl9(Da^OFG1d-uba!)^mFfyOBR|y(@vUB(Rv)qn$14S7(J;#wDVSj}h(?@oo2W
zTeCC4a*=Za!LXlIH0uh9W7Rl|GqE@APjPRgW#mL8CsRQ{xNWdz<4em8-8l6K9M%<z
z4kl?u+uECc#!K%LKYtKDJ)I)1fDfhbKc6H~Ca11=mW(1nclf&}w_y%~_vrpFj4^hT
zORrwZ4Gs@OAaGaQ>kO{;_w(l3ZtmP&*jN!3`|#sDqGtUxAD@1`$jxo308_p-p*~Z{
zYNi5HmQ6{Enpn}jI5DAi$|`qX;up@#YqZ0j1Tk>uk_RW$c+GgMFWh)K%epYPFrhpA
zz+-`Q;}Ft|H?=+@Lt7b6Zsvq&-Oqh;9P<07=Bua-L@=^GUn$_yDAICctw4X=?D{oR
zMX4W<%jvC(9QPX=FoUeJVRiMD1BVBk;5O-^<a$CE7Sv)slfCpamyG1)3W_X*+zK(Q
zMDSXZZj)_aT=_lb!JRvws)*xfn5C)wwYO>2{PFIM-S)`tTDuIgd-H=8+z{jaBH1dp
zsjzkdm9TAEQ72Z&IP!<7&ERJS$m6l!6w-#w4qYE#+m04U8$RDLNr`zEyg^e$f7{&`
zEvhSG{Tf2d;};bE9#!JND1juKYbPem5i0D)Ag)%YQuDOUKE(fA-PB<x)FR3C+?h^(
zK5;ufJB)?Q+FI!Vzc2l}ejn1VLS-@X`J$f{`IoLPW}t~x9(xiMSc#A2$v}~BG8cVh
zcp~fFQ5nxAARzE<p_Hh9@5PI&kW}a9nA1fJry;w9W}}PD7i~)pz>zLN;j!ect<OEK
zG6zVyvl#CXOyT4!t|gTZYWtPPaZ8l$qBII8kA*ijIPUJ!B}#jJQZQrQ{|XV4lw=hY
zJa-O_H?;Ru&Qf<-9K6(b=sm78bj1&H_bg>|p(NYxROgw@Ec5vS4Ze?@HFbSwI~p=d
z;G<U|GEon=I;)VjyILE-yfL0<378zP-M>hGwP?rLxvI9>csIfw0?{VchBA3kEg9H3
z5LZ?UXM@c<(o3w`I8iNieMRE*{l%0s=Qs$JPE3(e8k9);2U2J~;rwtgmFeq1Gj*Jk
z=gXbS%%PDX<JH<xwXDw!%eI9VV<TRXhu?Qx{b5w)MSS;l>#XxA>0eBKV0(P?{q9<<
z?P<z$@{h3)iWLlH*tXk`Uy)P2)gil<Q&f;9ql{`{s|&B-uE)oxW{#0dGJNA;pD_IK
ze~|W;QB_858{h#XB&9n<LAqNyL@DX+?v!qjE~Og;>FzEmX^?KD`+#)M=6%0!t(jSC
zW_}Dy`NL73*!$kseZ}5yO7BdF6(|2VCyqTdiPXW3w>x7im+Xg0#&lO2jbUncxT|Tm
zdoP;0mDsS)&CgRXGLpuSg%~_+>x4#zv#RHVoj`ZT>j^EDD-gy8%fHd%xZQ8kKJs}g
z?A%g;K}%-=U>V^nOpELMM-zIP`ZpFewe`ckKW2vy8pllbJl=Xt*4j-fd$nDyy@Yf^
zThI;requntt~4{O1m@;5jZ6WSAl^zQ;9kr<zP79Xj%h=)2$suw9*v$J#rn~qXtX-6
zuf2d%;L8*$SgFk03UFQwr}AM%5x=l#gKlp6H9K3bfk&X;Y8^FNpFwhTx>Z2_YhXa+
z&KuEls(de|JY&)DF(;wX3HoE^o;vD4gzkH1og)0<iYqEP>QV0WR$5>NBkX-ij?Mvf
zGS7pPv9U2Mgsb9?eAvkuaW-GVsMcaa{b63q#oz#adJe%xi!->PfbO)jqPRdVy9=yt
z5khJC4fl1H*FPj1(AC>q*wIPfGmak2*9jnC?7j^9;11KdvV!gmTav3&(sym#g?#$(
zE3rvs2;ti&v=~N}f_x!UIpUyyrly+E_wV2T@L3i<_uR2zxVe?gK)zbwe0Zfy4-u(@
zwcoh(M%|x9OQ5rivD;QHq9o!j4&gkg*MItfjWF~IKZzpK7kuob|8Ly7Ykc=i9})E2
z4F&RwU@b(f|MLcz|3_#qVLzZBAcl#<<|&2^qpDO&tX`?cpDpIJ@~T!O+nqlqzV+UT
z%gA7C6`%(fOMQL!3zq>n$2b4&ta}-izt_^TI(;AU`Qxv+aWew0!iJe!8!c{3IJ7?9
zToBVdJh@2^vv;08-X84hBg!PRHJ@N0$YRvaJG;xjX}UTV5}o{TQG3bEL-PtTI=yEh
z%eOzgx2CQhs&9tks)o;DtBgUf`tWtbH)ED}#o0=wzZ64KgnF{Qk51*whumA|@fIz_
z;Rmm#704T~xG8+n&;HA4M)_S|c(uIn7#bKZhyL;NSZDXU&!<;HYWDwz;R6q*3w6;(
zh-Sq&v*_$AYebB{FdPT*_a)lgp?KF=Qhv`iYB5DRsX!j1v#n&X3qJX+uHEbir&WK%
zeB$D02G2XUm}67YhlE}n7Csss8XDeJci>w2w?RPO)GTo8_kh>X@83N+CRW*Ar?73!
z&cZE;QTi4(VVj%E);Hc+ZZhX4Sr@(q?Dxg)B0uDx!44?eVO`Y-*Pa_0$97^g@ARSm
zLJp^^Pmz3NK_eu?r`6SI41;M#Q+E#r89G&M`ysNS;n9p=cr`)QNE{)Cg*-O7F^(Y`
zgP9RY&WpsBLVLX8`&G8%Xrd*(Ed#B!jbGo?5*hMMD$jhnw4FzYpADe_Dmbn&22jOF
z+Kb%c2E=sIBTV9~(7V?$4*N?I+AZZ;B8geQjKg6&TcBTp?OgDw^q3w*?5GP&gHOH-
zjfF3=x@0*K#F1LaP+J<XW1^V^-nx0}%XirFEza)z**cgz>vt%-3irssnRT}sW@V5{
z<bj;;-Qa-<wcgb&U%J|g4KDKo+CfMvr<Z}LW%%!1_0sEOe13HAM5sgdtd_o?$1C$7
zQGbEE7#N6LR$J(&TtqSII1%cEAF>g_JTCvBhIdQDkqp1LG-%8yr;BTqcP$jYfjL`7
zVEk>U=2g<S7oJ*HAM=V=`%I(u|4z+IYcdj(9NJWEr;YX6B5(a;;CI6bjvQuCKD7^w
zN}#eXWvJSnEZP;aE|!yc3sJUr><PWP4d054i3%KEB2mTLf+?hX>Wd-yN;NbK3t7j)
zQkWQ)v3iP^qT+z+bI==~Etz?0-B&uo{3Kdtpr(HJMo<vb#ihQos`{%kW!EkyoWo%c
zFTWZMi`|UdR9S9&$H%c@aW5~*(ozO}69X7wmD80nCE~-;$CZehVOio?>_8R2{p8->
zUO49X%DRRiWlDb;y6$ufqm$)@k?W0<Pi>16OCKyf`2HyV(T4)F8HF$<(zU+2P&)rZ
zOc$O*k;PtUczAG44K^fOEG>WiaeH^BDQf0R%;-@MlvNT;oSw6t`5GkSfh~lqHkzG=
zZP&!q%;@tejyYZ&FJI|!JC)DRy+CPaOw?y#b9El;QbvWQYT~y6erq0e`nIMBP1+X>
z3M8``zAB$<Eq=VG@&1|lBIuWHu3vHQ5Vy1--cX@3-S=<bkeam75#LFIwV164m0XrQ
z%14ZPPk;+IokXE)02A^pJvDqs!x5}7un@j_8+42-DZ_8CS$PRH2sJc!POcRK?QfSl
zG<TE_w$WJJmslM5Sb5=Nvc7gH(*-pYy#J}F<mRc`mvmNOaQ^f2d13?rhlP!-<0nLC
zR~LQvyx7jw+S)og<FyI`=g{SsPWV2#Dy-I^JdB>RYGSbZ(Gd?+q;m7s+xgcCJ(!*t
zFgJ7(wI{RN)XH6^fsO4vj}|$4HwjU`C&#Bl>p5xyeC|!&o5~RWxUe@hGD2G|)_n#v
z)FaxVjo0E1x^mmZkQdYEVq?dopuiUB&JH4%X>nn}p?TDdF);SnD7#dA{cB`K%y3Xj
z`$pd=*Tav;O*w;CeQrZxZdhb(%Y=KtIA6WZE3+}nV2tt=F1DF6FIFtrhE3~TC7)bI
zn|Y<zh9tTuczF<rhQ=-Vy5|>*g1C88rZ|Ja>#N?q^I@5DLJpC1uJ0dNj0TZ7P|M5e
zGC|??YULlV(s9ym^C3R#(9Xl2WBpl~lH*rA-zs+5T~Jd4M<(D?T%$8`#>*s#Sum!{
zVF_k;8mWc#|IF@F)l+-yhB)%~T2^JkVh-BxdL34XJW-=Yu*N1@Ke6yH=_r5;<a%ny
z7xM1-SgQV_+V`_}8=*M`>h7$Hm-oYrKw10c*n<;1V;Uz=04Cdvst|~(HyzJOSjZri
z&fUn#X23dm8#D2VdR&re?ALwo>fe9UX%OX(Q~IRQpb}{bNau-&KpiYvO@1^EJ(d`m
zU{_?5bgj=pL8K=}St|F}urM6<g2>L+pw-<6ZLo|*bsWvycJTXb3ImjZ>bI{;U4Z2@
zC9blyx_&eH7r;Zvwe6893C};Z_PeCT+OY0k3NcetYQfttMc`OcXG@iSPdHD5tM)hR
zu5LFAvQuSBa2AAw*T*4IJPw)}erzs1kT2GYB#`k2SF@`1w#Gq*c>0i+^ZxP>w-Xwi
zNg-VZGAHb?7brWjxI#vA-*kEY?GOfvMDEV<$Yj+JuvVQyl>KL*iDQ8>bb;cpP9E1*
z)E}3b5r)oY=cRX-+ulI3B_?nA{DbkL0_*Y*rpn7}qSDuxA#L+Jso@?z_|Cr4qR?Z~
z9*S;IjrD{2cG6M?SSkldiBJF63t*>q?|N1~^E9yDc<e~Go12s4u(oTF{@#~RP&dH=
zfQGg$hG9-*$dAu&z9oKtNgwgA(dz=CU9(DV32|h@*1$HJ$*!(%1#aOJ8ZX;cO0uBm
zOEP|B_-thJC}Liu0E+BpJrzi?ad`S&8EC?*9QU+;|71%}{y6cJF{<9-{thyI!M+~|
zvtI8C6$-CA@SWvb8NweE$qOH~FHy!kTIA~fn_KWd^OeVeWp_5dNICp7X8`J6N($&v
zxNKL^MDn#0&^Gt?11wbp>Spd7reRrsXDid4?tUV8Z1aHo{=GO{ph!GmqI*?BA8plZ
zXnd<|MxDhqTwQ@ljph|8X~dkHGq(LZL{FJ4{#N-rRZwooWl3LxO8GrQB|fwK7=L<n
z6i<&a-NOFi(Yx6kp3re=;LRj4gv)N39^FR+e4Yt6<D5xtq##`VCNndWN!6IZi67K{
z=jugJ_;HAQQ!$py(zrWY=l7ukth^HUD_f4!fm(7dN(#vz->TQ0V><}t8f~x`EO=F6
zEdNT}0E7CYj4~;r$SamF`k&jf=)tJ*m`^!^)RGl*NQn1}{*d1#c|Wp|n2<-xpnf*u
zRYoD^;lcMSQ-VU{&6`S9G@<+JqhDUp(SxlT8>cIsx}a7Huw#!==72g%#}pSwt4R_$
zzeD1DF!d@BwP<fIG%O6aAr36mDH%sexfUB9*M}RQ4B?wZi^RWJljP(Yy&fy?85|Jz
zZt+G5+`6pT54%FR{Nt{tM{Q_3FhKiJ_A~c&!CvMEeEeSL44jKr#&RQdoB)co2zRBr
z094-c2iFpD!8lz~z#Ltxo#7QYHBc-TvL5a4!%8ByB&pW78V|CwdM%N#{)RxtaFMMS
zi;jJlM@K(+9c>)JfbzNCJh{U#^OA;H=O*s@PKQ3mGn@A;$wEaRwlk)~8e32L1<bK6
zQ<EA!7U<_*T&v+06pZQQOyWOom2k6y$6BU8e*DmXa(t&W?s_6#Mga#Y)vO^L%PI-T
zQEl>his)W@T<*F1aen?qCjGH#hSj%RUjMc~;(M~r5Bj)47DIErwnb!bqG$snK`i=Z
z7z#dWbhU~ixJuodFCtA=s|u&i35QjZjzIPbUB2DCx2vtL94G9VUmZjA+ZVK1?Gie>
zZ_S~Jeqel=x^q#aT?Wg}##ZI>0M!&ZTW>uE&-e7Pk$0~CfFd(ka(y!eMYCU0=|_b^
z9v0k6R=AJYJA>l@TuuMj-DDmT{?hW!isOREwqcv$pPzfdt&s4!5QT+(TL1F9`<><|
zQq1qHnu{|e6*jwmWQO+pe>Ye%?*2wb$_(FFr(7@nX%ZV)5_@LCxBBqVDvJ8hEF-wH
zzXLv8@UKys{}gD5;8Kc;RIex=JX{0X+KOW-csbFO%owNkpBhXi^<^@$i(h03y1zhZ
z7vdaa)4qWw&ZYZ+3V7{4DaR^ZqAM@!#pXl;QPFFt=bHIA-Z;+`iq^z-b9e5A5_s#3
zm|a|1p;f}iWTDKq`P;p)$q5Q`Ny-!bP14}xq9_2n;BnyWOi^*te&<o_+N46L(bv_h
zs32yi>!Bs0f|GqAl9w!KfW*sUUN*q50)GrI&F>vGwZZVFyJ2VdoTK%slk%{o-AZky
zDz$d>amGR@VOoq>77+;vbm_)-qV0)bZb99sJCzFJ_cI;`l_38q{b;%jj)ZhN0STCb
zb5--C?U#jzZ|!k@V!gC3Ej?N3%rvZTd);RojwfMo#oO@9SQ5|dKdT*QMu+{hJ~w=7
zKMz15^uBX%6We$yu#LtR*GIP*k%94u=`WLRdvt~;2EgyXMn@Aj48P4#jE4=-Hafo(
zxAHMoj#N!z4_rO6wJ!}$qUGe3Em1Lw1`nX?>x38uQovjk7Gw&en6|y$@uI$q$<B85
zrHH*eg^bKk7WTNkFB>_^bQdmFNr{>Mjg4-nWJCRvZR&`JHp+UWZ!tXa{1Gw4&eS!v
z936`v38kp8;*@&vTx`p6F)ulCK5k9n5M-BgtoZ)6r=J(Ni#C+M^j2~9C2t$z_rl3{
z{dU~l|2fyk<=br6DBak<x71V-tKXF=Cz?YJZ|nJ9>p%1zt=surjoS2z{AlA}?!7xM
zEF@^tS;0+OpIeQ6MTkpZPms!G!Gp)38${e7ipr#yKD&H)GlZ=C!KgxED+1pG(G$Us
zxIt{ZOi2skCtaTSBQ>jJK7e0RS%$>gx)es(3Y52}<yLyz#rX+cuMX1-%k={t&kGD)
zGE(di@aE>!HM$gxbe>7C*d8#7X?=y9O&5K+q5J&b4p)3pwOlRD&d!f+60dJ3gXq5?
z5b`_R!j>DGH7=-YY^Qz4C&G&s6r;|$YB4&U3_jA7?P7ksBPR<fZu$ChywQLu6nC|3
zcHqN8^9DqethirxceNm*>mnwDKLW$dHw?RgnSz6XM6%|NesnBY&o!)qcnW1Ig*hQL
z`vaPa)yrpCL8Oxqzj+GL)peOn%JN3Sa8-j8A6~I42~K<Lve%Qmzaqu088A^K<a0JJ
zI-3{ZYrxg3SZ$RyYp+5$-z!}??mOa3$-rmQ>28=$cnML)@NQ}r8!Y2smq010od4dN
z5{8V!gk43k4?m3)h>Dzt#lGW1rEAygok8Haf_KHrP|TcI-nSFc(Ho`py3zZ}Up0yC
zeA{wXGnYOYd*_^~X2*}usl}n2k4iT`$E{qRLM+!LNnXyGxHN@!DO;EEaJg9%s%QW0
z_Q^-?Rb@71?z9d{>efD8Sz#*&+X-~bazI{Pw8`<rzT#`5Y@mT*&Zs0?T*`Kp>R**{
zg6pg5%%9&#@GG?O^>)rJ^yFQSixDyK-rnq}X7KuIcrE|XaXNKAqb|0M`@_y&<pjm7
zGO_Po(_ClEcwdjDm&KFex-RvJ_V5vpd*tU!dK46f+b?`vWq0KH0L0<a^XxO|Y0v6-
zc?FEJN3bG$Mrmqk<jBeTPL-DXY{yEWxGr(RDK;TKAo%r&JI_`tMjcGdYj{7%kZ}*M
zRn=4}!lw@=F+X_9J`=O-l@i@nbmF-dwk6wWnEy^*UXt<~*xw+JMzgSfhm|)eTy46N
zhdTOZJR;Uv-NMP6<ZdN>FR&Z0C;9yAS1+;^l+KpNsa!u0hdx1y<mRk&#eLC*919VC
z$}4m_K0Y>}qJy)1b-`*DN&!}V&cd8296)(=O>CI;+<=z<Rm)(L=hKf-VJ|8Ne#iJP
zE^!bTC$ne?XFZh<1^{LD$=)azeD=s4`k}nuvxj0nTl^A|t#*a3Df_$RMj4ZyFji5~
z{_meU(S+4kX73PLYg7Ox9&M96XL3EiCX95eU>-JM`}h{?+O2tqmx4#$BPAyYIB$Qi
z4~sL(P#cQOscZesEqc?lNA7d4axjN?=WMv?u9e<jS;(Z<_JbYag@V2xGw67G_o9!|
za%~Q%`Gykc3(%Vrd$Pxw19Jl}oim|+t<1U<nnp4?fAUi#9vCQ#?defqo7<L&o|&$a
zl871oKU77ndCe{Lt$hI#tz!&&D@$vRy#_lgZ+8EwT0w-PAk$CbfF!gp%C@X>x=5v?
zaNOATeld;gS5}60cx3$wKPyx}s%nIzAC7Lwkb|yXR_15%i*T<|Z>6HkwdqqL#*oK0
zN4Ntn>+Wx^o}n8|>ROsPDrdp-W0Wzc^EoPpR=H|N%}%aPU4Wwapf4+=uAv@U)+QAg
z)Wr8n@f%E!k|OF-3>H`qaoG`w1`8eG+uS)Tm*$<4SUlAA08)Jonj}YcUsN#3XYH2z
z>va&FQ_&C+3h7rtsj6~4*!L1z=pSl))T8HlpA#NZqKd7r!D=#SVfrscYj^BJv*U$o
zJBFe=uh%)w%H9vlhlv&~PtYB`i}IP`wwceZDHrT@=65vXmL=n67~4WgTRuO-i0DN|
zY7+Gio5bH8;bWHK^;u{nwb9}Vra-cHtPF{1Ks+|PDibmm#&BrzMhvfj8jZ-*?y4_a
zv&kwbuo|-bUY&inDlBFTrfA`zCT1pCIaMmHrZ%dHBpx+3XF=?eJhi2R3FWprzi%o5
zPxF_p=F!dzDu)aLrxm;%P&^(&&=C1{NAh@)II@Yf$=KjftZ0r!e&_`Q{Nd)&2m|q1
zsfAl~C8yiM!j%i}n-iKL>iTj2ytHop`CJPtHF$XH#m4r>z{W<&FrjEHO9&rITUy2l
zy5mw;Uiv7%uZjxyI{g;m(P3hShOpMw)&_vu03*28T2qf7;r(SH7Ut!H11jJnA%)G9
z%T+r_);20eKH~j-dvEpQRltfa0=j^^9hF|jRojMpueP39<RH;^D867+@i^Y2-ky6A
zGo~R}J*@t_Jnsyz5bVpw$QMf?<#1CeZ}InT$+4@D(}WJ-BD4DMnl#AC%8vO(CD4gj
z?}qLL9s49ca|1tF#^r-)aK?I7;g63K{tcfD8dwyySIK^qUp3DEnQt(9Z*pzC?N;T9
zUNnXC%+AW`JHMr-UW>>R3iU2%Zc?3Ml7^vM7eh(**8%E)hl@psrJzbrmzuQH&ks)p
z`P5WO?stpPLgO`_&zwg&6Yk$#{gC82w`(`gP>j@1w6u-Z`V`Z#d}LG^%Rf`L)Y1L!
zn;sD#bK>9d^5V|gtw@X<T0^f8FZxQ|p8``-P+_K3p6}>Bvt+R}=j2k6dwC2h!pJ13
zfC}!~VaRtQFP>KO&!8bS9VGHWA3|q>F`AN`9tjlKKN|UO%dw3{7ppx`!ywBd*><a*
ze&_tR=}8|4U$Y2L+vtyGkKe*hm{NIR=$8V0p?5~Bk6Ix<zyEV)SpRC7VvtwjC^eG$
z!-$sy%kA#2y7fvs`Mb{<`27JIZH9t$gu71dh3gyG2AOR(%oyB(jK*!8kF(TN310Az
zO(?TH<yU;J)<J8{#SSmPdeF-%#iZTtzcaQ4N^s7n+~(ioyO+m@s}-sZPP7&lmDTbO
zLi_W1q@V?58ryQx^nwUi`};{rSrX0I%mq6W*FTf$Z$d64y7g5WEV)!w3-ubPNA((S
z2en<jJzA*{2$jo<$MnY@jn<!ziKa{bM!3ThW0W+COZJB?Q^G4(sP3wcKRZFFg8YNo
z-U_l3%FU02J`{UcqD@(c1_d=&?{{bihAuba2DC$EMG7uQPF+G0L9?nbtXW-E)f?bG
z$>OtL0ECuVkIokN9YIsC)}OoY-y&WAtHJ0kcX0$%<j0}k0YObNsHHggT2{_iOyO9A
zUPHsfzoODydqQpj)HT{0%wpNpao+w1x?g8ChQAvMf97SaX6+=Pwxs%2R&YQE%R@0U
z+$~JuGt$DTBeC+mAsy;Shl4y5(h>i*cPGyntBM|jBGgbgGCzn|Ang7tdBM)DH1?V0
zn|Des020!g8pGmc_{!L%i+kirB1)fh-USKR4Xv}j9sI$I^aU(G`6G{PtIk~I8kFdk
z#k@3MWFq<2<XiHyR-C2p8swe69jtk98c=@6Ie1Emb=f(FtAcGb6|RF#=n!cWX8nD_
zK#Bb3otO6d*3|jA##e%#-FsE~bbcohsN*tU1Gb(Jecy~-@Zo}|GAaj0AwG?ZwDVEN
zqUO+YD|SF9L<lgeIQ{kz{mQ%E>iy%kkU}l3=_92x>WeCaAu{m~y}LRy%Omh;`$heE
z*U*_ZuLg2#;uv`8_Wq?5quwe!z?%QP4=Sk`cAl+j^Jt9*&Eg)Z%&mzh$t{lHd>9+_
z3-rH!fdoPl)MixoTLwk1<wgVf_Mryb72%SssYQ=I75R2Ie{aOk`k=em6|m>8KfV?l
zUQa*@035Y*R0ur2*)q&x<PVLa%#@TcS*<JmwG)g9r%pFiFJHQ7A_DblnpXa4ILiE=
zKewukCrVdqmB6nMA^n&~U6>+(R4ZE4lX!IJJVU#;fmy~Hn!y_QX=mqJ&(~-v<g8cZ
zm5p`j>3n)vuWmFz@|c80#WJs6zyPgQvW07;=cWk}%2=F6gwcFiKjY4HkUat4dDMb|
z%AA}*n~H558XevH59%vY;lDBNIsO9mULWDto3jcQT031X_BqZw<I8_6OVt}DCOO+=
zNd^}SBMAMiG(`tLD|c)h$hxajspKk{Mntm5EK$Fu;g3|saUcfyTz_2dO_!E1OWw4c
z-#Xm%i^-1~^xPm45qq-Kb!RY7_pMkOCvx-di^n);+R?X*sCt87j@GVCqHBJbWhSCI
zwB>l2HMIU@ij7T69Z6W)@{L0Ow;vhO=qSb2#VL+i5dYK>!Z>)PqtPx@s@o$SP;9+B
zm9q~Sho>DJH!5eM`e@Gf`)X0nQiGExAK&H`js{6F;r39>jkYZ;-yXg%Ja!x{i!D~M
z7ZuG}f$=_5`L*M!o9NYs_wR7fTjbTr!|d63t%E?u)<Ug$=oX-zV?wkugSJ-7XEi_2
zar%dNQnh8pB~an(g&4bzDKE_Gh|Fu29B;)-<*iVN0sq676?%&_pG6dt%d_+bGZUcd
z0bKalzC!Tc5W+A=84K17U95U@8ZjV3(4f~IZtBO#k!o6^(G`E9QA5vNfilbW_r2R4
zS(%QfN;2wBTn+`MGSKKjAjh`FhykI$397PG-@n(oc2i;c@^qFe^A@XW5%4emuiuza
za566M9^ooi*dF!HVj{3rhj%aE#k?ZVf`EVU+n7xzjYk{xcB$1JKZR&y*FVXLU-yHH
zlA$6Sa9#RKWceV8ypm_{#D}|e>CIoA+EBoe<mGy-Csulg3Y;R=tD^k%7~~;%cfx+I
z$3<`m_4Ql`h^8)IDg)y_blh^=t#UVx<QRujzbgoZiBcUQ+I>j>V~eCP!=~UAGi1N^
zTMr?Lap2%5%Z`mg%-@o4VC>|BvT9M+vruW`>OXS_JVNLDGcW-Z!a$U9K11MnoOMs{
za6>~5g2f7Z0XU+Nge;?tik58oR^eO(XL+GUm-gjBs=S}!%fdc9J_J6Cr-+)Ic1T)Q
z(vhkBW4qqdwbs2c$=q7F{B{J|h*oNho#Y{M>p-DYws#SZ$iKi;@5TVcqe=t<n6-xA
z`#k^PkP${fe5c(+00}4VCeA_E(nQgy%P5m^5!8ixM&fwmRJz)T@@C}#1p=h6*Wkzc
zt3Tq9P*5cOd{xd5XUJv}6Xji0412!vHu@Z7@~kN5f_BAQ&)tdr{9u_-=Y7Mplqu~o
z+bV{8q;yh6uI(koVAg0#sFE4;`ce?RJe_~G<|BabVb||n&PKhpTTUI>2AFl)qg6+y
za2rxmQVi8{c}Fvz@EwCh50(U6|As4MU9pYYi2>cc%HT{6U{7K{I(bf`KZwaJjubgH
zEkaITYVn~Kj-|R+X`^k&)e_`g-OIQWRSxQHwkVHH=j1YPx5j~;io-TrDqE2z;ri;I
z^95g?+cK`Qs3=={Itc|5tf?$%n8eVG@Xb0rESwjsX-|v2b5Zishj5KAG9*BSrmAmG
z;kXp2wVg+LH>NEv?uNr(()hzWEx$1RAzf{H5iZV@!E0~p?X&X)Lkn1iLZUPJYC>ro
zJT@zR*2Qx3fm36y(zNPY9u^XjR5qb8Iy9+c7iHYs7bw!$xAWk+6?}cWv1g=jnx95x
z1+*4mgD{`xP&doW568{u3F-d%(>O!QS*b|btC4|0<kk4a(F`B-?#?6E)WvrfQu%i_
zKqZ>MDyFZqJZitBh8uvQq8e+37)cQ}L_JlP$&tmY(@8*8d|A!3%atqJ@6`nC3NwX(
zj&mdjJ)h6YPfzQ!9Je2~0d@u;!|CyDDC^DUUn2*PzD*2@_{j&0bY6)JR`N>**nxrI
zyJKdld~@-i&5rp#F013IL@#DVwW6#ymXNE*BvcaF6j0ch0`p^A<&Xh{z97JpPUQJc
z2C6k!=ORMs?CrT31>mkk$-*YRtLdvI|FBo?#B8kJ$)R5+^V<>#rt^@<63qbZuB*G>
zz}@!laCKi5S56KccyC?-DfHL$G`zQGn@;w>t(`y9X>(0iq1SivfOdwW9R|T?$vhKA
z@+J8l*S`0EI=I8@s?SbXon0f?Qc$}QE<P-(%IX`Lgjry(GLLgzlJP`K6X7<lWRfNG
zSh6H~3BrjXo`0>&qjUSRwIB;D5^D>-4d2s?EpIFgDSN9WYN~b`pr?zsTe}l^q(Ic`
z;crf)k7i>Ax;~kJg7+1eXzp?P!^!6`rgD#vBQ0*+m@6;_7}W1|{OdJHT#f{aIlZTa
z)p)Otts360RP9v$XJ|uP50^Y&06-HYn!8Bp<m9C6Qu1}sHla2E)iDTmwS4}oSbuE`
zQi7E1TKY2O!ax_9Q+`xeCgZ9>f4&OAR7K0RPWfshsRhwSTl}`On!G1QG4zU<8|l~c
zN5<?{jk?|`t?esf4is4!-st7q%|3=Nx=zDX0%Q?M&iV>PFeTux*lnl?0w8PN^p6oO
zpgx-dsthB7*|yJmR}H711pO(Hz>2H0Vi^@}lSawM1q0@3WkbW{Ajb>k6t$+B%n%HB
z#AUuZ2>_LVq=j*Zks%ChNML0A`Z=*reerIru*MzVw+(@KmhoAZZEGV1SSp|m@v#RG
zRlk;&NV-H|%vTySlX>qMD2agn@u!8{;PaavJS=pVdUN2NL?;)3M}p<6wGFsJyqZCd
z$C*JCyQ3^rg~+Af5`Ut#Fvrm*CSBmdCjTIs6`bU@y;$BR$x>;j_K}0`8Vd`{LGm-c
zs)PU;Jm5=H=4Ibsk%>49kpr<04af?veFUvSE?n#D*b!wU;L^o`Ow_yAvuRwWuP*ZT
zT|s!i4(0c?$(X(ksBd|;+U#YcJGc0um{(UU^mL;*2s{}Tx|Y95P<(@D7Xq})NV(`R
zT#i&LCm?PgMzcuS@UPnH&P|iV0FHqDCO9~!91Q{<UiXgEJ0qz7hP}%d;qKeIo+^>>
z<}nEcRW^k{OT^F(Hc00wwr_6S2fe{mCY>h#lh9qP4mo6x|4b=KFr@_B=gXk+QYQXd
z?3>T7C5C%r<QF1-B_$}vY)ZzarUuKwHXmiA`uu#BYe$Es&cEEd|FbLAZGbOH@(l)f
z;pD#QSpDq*m#w6V9mdr7?y*df^7_BJw7C+@9-2^m_u5D81_R<pzB3F{Swa{@M9;D(
zs8k--7$qgBB&0mPe=UCqVna5^wh(rfo3R6ITF}E8MIHGgLVx{(`p}-34d1O3*IG>z
zK+%pF(N9nctA8uS#-5(#lWHz=jHb4{$nxUQB_U_nso7XxuUc=>`<5IVZldS)0>bCL
zgD;r^3Ioey_suRa|9D*OA`Si9>b0Rwkox&EZ)5Fm-1XM14!j^jDhC`i=yXki=FjA$
zfvqh%7{O)lAIDpk>Pda|k4s-d{CYNV%EbMD(UhMp&ON~U0j%)%yh%El*ZD0!UCS?i
zwInZ~QM#S;prRysRk+H$Zo21PA>|{)?nf2L4X%3~XIYU2Izts9>%OM5=0KCAO=mTN
z;PQzK&zS6hnp{<B36WP6YBVQTLP@6=gIQI(H5dxhEmD~s%r_H<x^$8sO!Gh7)cO)9
zFzf0sr1zRHHh*$qnGikDjHkzGbcMpGK2{E_=^s4zSiQ29WxIF(lvu+3kNn8%@@p=K
z8S-LrIv~Dw!<mBUz)o?dbGaK<Q;gWGox&mAksMUKqViAsY9VSd`C*T(?23pJ>DPH!
z_dn8j9zH(24Z(XEdV1Q1pez}Y5r{KNVEW(~39k+YOee4o8;p!;o!t+UcKB#zhu8G<
zyp_qk2vWr}m0N>{Jn}igNGDc|I1%gl-e9&0s4SN-JZwweyYB-|+?(HsVc+b^6%|5U
zfB0*L6!Dx%D}Dor!%@9w1qaK=fZ;zexD?I+Y>WE+e8|aAISrdQm;o2fj3D?jSY`4s
zTU_b}fwl`typPa(Rq3*|V+il1t<4`CnF&vm(5r~9RD`4DtHC5_zwK;&_HRUuJXgx(
zp-lM0=ST5F>LOsvAP~6MDMMUZ!jYnyv0KW7>c>!Hz4XzzOPJwIzq^x@k-<Wg%iwqN
zS5-4{Pau@9i#@q4MWwjorce_afS=z9(8dN@%v|LMP8P5K8ei!~>FsQTnRh-9)uj6s
z|FKv&Wd0ssN~YHdmS_?lUM40ou@74hcQ(5o_b&7NjV;ZaO}5bhl;di>z`1hHDSAeG
z(XS!TzyuhC*(>o*P8<mMYx;ddBcr=cs%m=O>7Tgq$&Sk*eq%{qTI;wxd0n*!lx2I@
zQBac(te)+3snb}78{7Qi>q5;kap2;(X|{K9^fSZd*6wg<7}r74)X?ah>_$sT(P(sf
zQV28SR<m~zH<?8a4G-&&E5N*QQP5CUEPClx;sLmzwUvi=zhjBf<u?1pDW9uc&pYZZ
ztpRg8v%q3Om2U}D{edAr5D*KP_t?Z<t!=0fQe%Z#E>$W1#$uLbzPlfdC{jiS2HfAV
zL(e4ersFb1Ul*803-_RbwUMYxZBLEz2OWn8<=Ft1yLqYv=jOuwdP8|i;aM71-P2#f
z2HZKP4E%Jf$3ugZJIKXm;gVN&367sYQ}A2;kgo`}*@6DWvyvBAF!qL*Q>B2n95f#V
ze=(CEPYqSzb2AaY)7G?iE?j8!nw~bzKH1#)WKh6m?>o7SBThO1#0WS8zB6p>IDmO{
z2)JxrGDQ#|$qgsOOMeK=xeH=B8Q;Jia6^06zO#Qz$ta3@uf)U*%2q^T8D<O3z<1iQ
zo(?rTeLxoUuEcb_7P4D--L4A!(p8K0H5EeQ(Es%U+~knNqz`v3?T8)^ccmZZZ>>HB
zfLgNbB>AHgfGHN2{Q~%6ewEFOHkyQFwlkEs1;qgvmzOTdY%b=fiEmm^-hh5()s>X3
zRhw+v_lD7MqYlvwO!~R{yX+Zt)Mt2jXCx#FR7$r@`V!f4`L$1T?2)M~?^eOh-aeX+
z=mhMlU$_^h(DK=JISy;pDq6YAV&^k=-bAR?MW-niiHnL-K7w7^1t0INsv;c)68PYk
zckVY6NK@j%ZUNNe>reu>4c7c?&~!wmpH#`gyE_cf)5IsOx66IOIca6wXMHa4fW8zX
z`OPi~Y*Ck__t@C^BmFfeA0gvuRC3BhIXOlSkH1uM`)H-)<a&W;Pni)>Pn62qSQ+)1
znCkyArYmJq0BpSgZ$8T_5+#)(`%i;)#IDHk10;a024?7WAm9ffvq5^bOlcAt$^Q`m
zBc0nu0BYxuP{&y;Rno>n)O#Syi2Mjdg@E8e7)p}eT3^{W(Tb<)ik1Km@MK2YLU^2x
z4O39Tn)rbD+5TpKM2+qDb3~~EvEJMb7YVl5-LrFQ3I~{NUrT&Gp%|MUN(l7jWL8fe
zvOhTP7A><gG4Ti0@>_g*KxF~u@87?Nee<*j)6%*cQt@SEWL^<n4)5k~@iGzti$e3I
z%7p+^TuP1yryal7Kb)8D=TzE>I9qN6alGoP)oI9D(IE05GTQ*o*#Z6{zh1qaWn?NL
zVAQsEDhoXcrTL1luWty9h016DIv+$$UAI-^WfX*+mrBdZ>~9vzM1}0}U9uuJamU0N
z%MX5j+_AxoHc+VU(NnXY0QYphuO9)DTsdmwaA@a)<M`&;v+)%Ai+x*$<Q-y?Bf{3&
zqJs3832d1SCdmKEcvYbPCw`;reaIIUI+#wDu^66E_ZlOsvN}=sCBNOX^&fog%Jzax
zNCI!0=NB9xuQk4jp$Z#B&un;JdBE3sJ{#>3>?>SlM?<XP!89lN$=USWKvJOm{$XRY
z7uv*Rdg|YvRK7fIeKsnCuN-c|=j$V23*WGBeQ9X8F=6)m=N~2ng&!yXr;oJA{rA)V
z{r>+eSC;z80^jdHx1wtU)c9XO!GHm3zXx*3jP;;v1|S%IEssd-cmoIknB%2(PjY}F
zgF&EXZb({U<9Itj<>~GP<b;DCEBBqZ;^2R7Bj?ZmX4!DVGRn|ih=3h?KB8QPP83K=
z&Mhu(wJde_|4^^Km;4$WgkKb??8U%17_r(=>$l1cATnm#%A7M6W<n}xJNhzL+xx*^
zNg$b*xdXdUmB)>l`qeVN`9h;EZ9=8}LW50kmYQ#vinNe_npN)~CUoHCx9XbgCS7I9
z2oV%mp*za?PbBX<jEvCh97Q9A746~R8V0+3PP@^_D&V<=hj;-708lE|e})PMhGl|*
zhX{BDBfs{%&A0*8zt5Wm5<t<}HHznyAJbPDcK882u0jfQvImq!7gAV=x_WYVOZfYM
z1B4s{dz({T1N{zL9@oFfT3rA6y$K?~e6EmUY+H`b4|Fo&SCG8wslgiS3CU;kQBuW9
z=Mp^qm+d5OHAGoR=dY!E6TBEOtP=3ZvqFCt5;)ufk1CM;80b{(d#?0+5r8!sKx^lF
z7MawlY#eE+{|vL+%7eF*ba9V7UqrpUZx%)r(byn<ZEZH0XV`JE4$Pb1dD@&-C$N~n
z!<{%_res3^;xJ|by~-E5-ar3+I<KE6iOHW^+4ogeP=(}FDNIsqwS`{)CYeMio06%w
z|MOFcjSY^Us!fuo1G1*l|GSYti_eDu$T6n}&^!CPV>q7oyxBHGACQVkA(E1w;F>qq
zfit)MKtD6<&gBlTP^$pJi+}m_{>JGmKXSLf*gI)UZWzeUsNM%aM#Dh1x3~GqNW5DG
z#;Yy7l`o25XTzgE%7Q3FzrnThq9DJ=y)u+b_AM6b?jr8=gSY&|0L<PVq1!b`0X*&?
z%VjoYyJmnCQ?~nthke=Zi#!U7LyH&XtF0kNp6FtLn^;=bX7T#{9^zN>wA>dh5OQH_
z_Wzxi=ylImq~&wA4%_z;JSjay7J-lj1#iq`yt;STeevfH`<HsP|H*6+5~irvTBF4?
z>t?GppqtNDV=@4xDm^`%u>(3ef0exeV?JLh2w+B+wrTh~gTFkUk8B`1GpS|!Ji$Gj
zo^zuns)mY=7WiO~3OlphX+}j|kSF`62PW?CkJ0EZ*IuLIjm^#GZFay4`Wb_})*LT#
z46pnbSTSn1xh=FY6vJMWC(!9%wHsaQo0FG4*?|5J@c7{_Woi2B=VRYNGOeyXPr}`+
zZTF3GVfJ!P=luN3sQp<Hk7ir@+{SqN0^6@;Q%EepOO_057ew4he>7M65DJwi2*Ibi
z`WRcPoOfW#ZU9}GEM!J$+!TxSfAzWs7VfG;gaMmXdT+@D$f4TAinYzq<~plv*O+J!
zjX*nI^7hNt1Uu)0Z_lRUj16-uqbS#E#5#1;lkOiI1r9=+RhQ@}|L1@}B!h!$M(SfS
zuMN&%nnjGw*5TpTTW7clXhuWT<^lQh8e4V)RP~}E)kzG27FS_?zpUG2uy26#&<9Qb
z;1s0~*`K<bH5aRDY9z{1A3sj9>*D^W0?mWuuEz)tS4qX^v4&S`dbm5x+P&l<pGB$J
zB_d4G#(#>Cy16$3Z!o;;v0!J#;^iA^E?ukT^utE8zY5R%7=)tHmO_)GC<G!zP7^P+
z1X#N^#OS}z3-FO70FUQK7hI6F-&tm8=m<Kw9-JH&1Yd!8x3;MtQkcxM<a_cWBqpOT
zQ1S=gP};}0yL07)&m>JvI5ERe+G~C`yrlA_PLL9CPIPrH^5bG84x2<rclnQ}-urA6
zuIlsND5(}DxCF@B9l5WBn|SRCTZ1`PBye7Jg8u|0{XoS=c0CsA0Y-sS4t_;5chC34
zG9>IT02sbDy+8o%`LBlJcYqWP1ukS3b`=u>vi~NntaiU)VNTGG0v>&p;YOX)1yecU
z_~py6Z$n%5_Ksi0Us1#jo=lui>~b5&uGsvKdmR=6+KP3f4GMPdkOT>LNHOy5=^I3Y
zfq!-De9t}2-H~Y7X$Tf}9B|7cAtJs90(-G0QT(@U*?`_zAjuh81!wuHqY~3gJEz1d
zeM?P6c!#L<F)tr*1aNoG-9=9Ly-x#RItorBvHdhNU0-<!VM&nsySImsqKu%Xh7Zz2
zv<O6kS?@Ja*`8lV$J4764ULn+Lu6uldiCVAT<-(w>#IRDaS4g;c@5miz43fn7pPEv
z9WxM;CQ^?lnlfgp5d1z|9E7f()|g=e6b}Od*7)woPvoIPwDD3s|4;7t%Ev_Nhr2KS
zb}GynSI{MIiuOmt73HZyUD<TG&z~j5l^Lwd7!82jMoetgw)o$S9X<dc6)%lyZd18m
z28XoJ@4ry(e@54PIrD}la1an3>;z0~nHEQnnO^CyttZ>CGso%;kWyM(1y;oD&-lQH
zKC|Eh|4x#_LLHyjcQI<U{z+l&;bpOk&T#9{VC=yQBG6?FrwAedcjmaqD)64RtF(<5
ziAj?P`Vg&_uF$A{d@*y<n{JWoOeY4!^S^2%#Q)<z?@h#MBCm$YuGXTGA$)4*@xEJu
zlSzA^f@Fgv%E{$9*waAeV(KLa58s?Y*U~`YrlQD!x2Na(Dby2*igMCQ@3Gg<I+ay>
zSy`PM!=FEs2GntT#sqx4yxF!HL_E&Nlz7Zqxla6Hp}W)gw;Zq*gejHPG%-VJc55ZL
z2LNiqLhK!D`(1~2Kmw!d*AmGyeFo;%!E&@>QBU8hi_ro4g+SN!cesgmS$0VA3`T0g
zs@Uog69OR)GJLywvnIV!`*Xkh-ca9P>j^hF%}SzmxhjE&6c6upyU+bwRDT$s(8$QX
zUwI{`Yd`3^I>jlwxS!Hc8l-SvBf<7X6NK_+F~UJOY~{5M(OKEph`Qf-l}@86HOSde
zuyf)<K@b32`Jx;a;`XQ=ebqnuLE9^*(F-Kv07Dg2C-j64xjs0gIzKMo-!A&UJFCY?
z7rAit$e#}QAu5$-zkd6#-(ipi89v)YQ&Omo&wjZp{l_s*!1WV9`raJ@$O;)pJ1+>2
zmpuKv5u@L1DiC;i7q9gc`9dJmUd86iPlt1!1VT1*Omdzo4*kGz{zdca^NK%_78NLh
z-A3*6Xi%m49CCmM#$Ae}5;9?@>RWA8)EpWl*!HJecGlnD;$w5B8CH74!#{7!h=T&&
zb}*JH_yLveXF<UmR#q6~D8wt^claS<UzT(9Gnib}rySS#<LA%)8{-9`(JC=JAkC*V
zg?0{fAomhZyx|N=1j0>Zc;H6`F&_#hC{VHX;zA-O|9+p4r%3=L7Ni*US9-^i4kdvh
zSOCaXnSgy5v|M2W10Y}-HY_vE^+H4#zyem+ZS}xKi^-g-|K@CPaT$I3A>*YA0vv<5
z)&NS+epL*Efqs_g_z}nA+J*e=`<-BQ;BmW-=h0anTU;~U9@fjpHHP?+`_5ChCnCWv
zEl=sNJA1d(U3)xiXYeimdv?7_KJqJFKd@%EHW7lfsQ&)7!L`dC|Ho=L0-!GGm0c@n
z+g=t7J==akCjEcS#bv^uOlHH^t$aI**AJd-SEfOu)(PCfwXtj<0MRq+;P6rt^w-ZN
z$E(G(W^P}9wmo;fl}=@;F0rn<dfbu_2BM0GXFrnQw+7vT6Lzksgsx>l{D5vBcEz%{
zxA&X_1n;J14EXyadk&pMsS^x(#@kso=LTx7?JtvffEf|QcOB0Elk|Z=Ha?(ZCAByl
zWU79Hk%#9MymL(GviWZWJB*PiR2RF?_+pFt`$y0OqA^_Wd!GK~tPEz}9?3*15{C_=
z(7zrRR6kv2ZazSU1+*`##kOcqUlASD#-_CDU&(xBRTVrWlHgyo+}2lCk1rO8!08St
z4mlzBSqK2?cIa6~1__JB@GE|AyfA4sJ6K5hy(<cMr_2x#a(n^Ef|tOt2~pM&_GWWR
zxAcX(*9UJN0PyD=*7M)<;}uM?l_MC)b1-0=NnK%=ZS2<m?a%pTinj&%27UbzAo$8O
zO3s!Y!ZU6H9IOCKt%LT~qk$^P%;0eyYR~Jr3MyWyHXnXDQ*n6w-$0LQ6e=)8;{Wxc
zv;_*lbw(||-km98gmmWR)I44!NNKnDNbWq;o}+@w-VM@`khP7y=<!N>5UuU(5l0rj
zcrq*aAkmz^Glm<qf-n29x)<;W{W9Q`GJQ}Vx=gq=PV!bG&UCHokK(c-yLhfvuj&Xf
z<>p`PGSAQ@4nzSL7nff>6M?4>&5W7}_o-NMvAr8K2_NMfRGm+Ce;zFE+r|MFF4`c_
z0}j&cYD<rfe6+R4RNn}KRG5e^01@HNE@$<xEqY#(_GUjW!$1J+J!gvhj~{TlEotbl
z>L>4G0-{n)J?WSK0g*LT5^xh%zmiMammb^g;hpeH$35KIT^`U~j(8d5xb3t*Lz}Bk
zU%L4oT0c*emtmih&zhPQR{#veO(#WZF!Dg%%`FcFm_1t#UPSo|!*f1mrrQC;v2IaQ
zLRX;Cy`PEeBfy|;yoUO^krb14P*SM5ev;S%RM@olG{#+=8N>MVGypw@!`?q<2amzV
zt8-g=rOdFu8{0r85xyX`TXdICudk`0EziLQ7^8Dx5X;%}HrLeIxxQUl^V%!tx4CnP
zaLr*?u(x+{D73eiYQGlZMo1>`vOAgf>{%$jVWN*q`BjmMzff<RWBXlQj&fAU^B5~r
zNUcur+sC&Ayrn`e*0%^*BPq|ghHvpXAUSF8>?&)c^^nze7j0MUvBC3*W<iq|pZG@<
zC0;?5R{e5CIx(9v95$d)*gm_k(c#BB<SV%x4!#_YaUsnh)^{rD%axYActug-e|K+2
zZ2tVDx6$xfsYqg;++0eFOIwn5%sk^S$ZNl`&Y_O<*3{vvk8O>Q&}{aKa%hp>;p(&5
z(Zr@zEioN_l$}wQ{9weM6ghUFJt)q2?-b<FQaU6$RlW+trd7wa(IQ@?_*!?dRHuP=
z=xSojI<Z$#Irhx~<=GWD^avbWW6S|j``$XbKV<#*tD|-0Y5JUZ-$_g@MJAu&;M8`h
zcA18F&2nrdQ0gO($^BfJZdrAeTQ##(NHBr-$GZ9Rt%e$>HX9d{XyBGFl~UNE`lLdy
zHvY$C1wZRD$jRS)K*5%xWcKM;QqN-W32b8Ys|M-!+jkikG>a6UP?Ac=1Fz6x2aMSe
zkU;Rfpb+`{zU!HDcnkFh5r6-nYOVmK+MxyM(*ilONjBf;tjO8S^Fx0W{6jvs-OzgI
zLcxfZOQWpeZ-z=YzuT*$JX6_yT8`Ry1yfpjv)Hlyl%zhZb8HNPyikV3oMLkPl3Rx=
zDH;AewSMnx;AtXS<bNC{_ITLpj~o`M8TeVOLbw0;y20vqhWEulEn(_~QlAF_yXjMY
z<}%4v{{EDUj4lnCyv%nK(k=SgGS?T#T(%285S*>(-@aA<kr#lQ^{udv$>g=pl}4+0
zwu2}1QB0#<aJEzUblqJK9Miak+;?=g(`E+tA_k{5yfTNB8$LctsN^Zas}#PXZCO4h
z2(?d{PSPqWvf#^d(S5}0hxi(cH};G6&+}qtVVW0`sL1(lHz5+HJ4aCMDc{rPW>!`V
zCcaeKlG;+CW|(RmTkX(C+%J(ZL;Z6&*Ys}4MKUHszIcQ>VxA#lzH}X?H!}7m@28si
zFUR-pxk~{>A2AzB(IB1E2Ewbl`<_Y|4R?w*TyK((wXKS>)17H2H>DHBZAYGrirVjO
z<udDw^te@Xvl{hGo%&pf)0WH6c1CHbw$c?4=xV^jEQYR0PHil3?XTozDCjE21_X+6
zY~S>scmBqY6uF!HWX5s+W5QCMTb29jxIA^5o_Omgcqz?0(e2gqOy<X}L9rwUCU2=T
z747Xq17P7)s9S3n>MRZU`!Q;K;@*zj?74CRuT`uO=03UUL;kl{lB(;cai_Lc_CNFT
z2&o996B&N=On%bU)A}YY{L6O8(>-@{v!?Hea<d)mA54LP^uMD#!fA&M77aIdaEo@_
ze$Yf=FSPoGK0|rh#Gv<DDU<!q=}%!7=l*g{jiqu)x{1pN5vQ^^Z<>$|m*XW~4Or5^
z7n~(36RBuvD0OxaKl*+~ZWs0dRF@W=4o3B24JTi2)5h7bvL9+$<QmyyP5ma9UiR`~
zu*<GK$`R#-_?aH#1g&}<4iW87r)m#1F1Zt?+uTr-8=c=ie*?DftL2@1GzxR@B5qfv
zbhwx2WKH8ffj{1!u9IolLN1G@7tOML9w-3sO@ebKiaXCsL(^<`4POwwwU{5g*k2e>
z;M!|0Kbmg*%Na{z631odY%E=>U87)OQS|SurqJXpm~Th1`CmoH@~o!R$B)Xww^w1i
zQn=L&7Ru99Z~mU|vFk1x_g~!UC<w8=1^aS+^L#<%SMs%@=GL*qd?J!O&7IL(nUclG
zW%(1ciSNH(oaWyPVj<LECxh$4Ma`G7Mg~JQJEQb0ovX<i>f_pGh>5=q@{6+c`b=)b
zMQ8FTA&@5lor;mdtEXY<jW(uz?eWV-hF}sRykf)N`?f?%1~U25@w@f?-~&EFkzhSv
zy_`=_-@j+=qXqf<XBECv-*fvf*1QAXep0|4G-(-uMm)}}($DT4e5U>wD+Q0(Bp~Q?
z>GftDq-E1t_w*lv8EucaY?g}}7g*_t$xKWCQt%EkH$9h*!93_jv+Yrx`JPn8L-S+v
zXx~vfHMcPp=S3?Rlx!(7mJ5yLi51#A6Zv1Ix1aYPqo^X_uvf7k-FHGD1dD9WM1{;0
zns>;4qR1N#^Ih!fEvM5yLni-VfxGH*v_n~S^FG6`i>}8bYC>GL^9D=kqvyGT@5@CH
zN~Vh~R!9H%wUDboA2G~3b>4uTF{`~U=-+!@nlNzav}?~>FY?9IWWW=^KvKTOe=)|H
zJ94QI2`1B7z`J%L<8c#LEqPO^&y~V)c<e)F<Kc3U4fq)FBeMe0n~xip#dVnxZ(J>B
z`G>57cj**#@g3wG255M^Hj^FRvr%gM>r!*iF=?~lrH{7C&2)83I^RaV$<5X_)_6n1
zW^~El-~xtV{AubS?~EUhGu?!d4l>9puyPg`KXTUb-(oAh(R6S&jO^$bG@_*|SoUOZ
zZ&-5bXC&({)|{5|u-t4DJOU?gLe!Yqz{n968Qnk22g!iGN2O9#S`3khlS=uZkR-0h
zm1<`*t}>_kNfU#ESSqPP(+j$VW^dQ}#p{%jVwK$Dx00j>B4QtC=kvC|7%bL%H?Wpe
z=`PPPEb7eGWjLgdWehDZpn@}Xqm>F`amaKvspCF<jwZ>O?enF%3qlDm(NXF?J~Cra
z)gCu}suuPxhth%lB=b`S6VWF1e4lb-MX07KeMnWDHCS#9=WC#Tr>$40hq+N{^?Ts#
z1&MgH$?^AgN@7V82|CLHyQVs;xpAecC7=vOZ;xuxlw7o?a+Q~0UZHU;FlshSDSqIk
z1NBe{?=g?L{ZZlcWmtIetD>DO0^9qRHiJo*m>tcwZM{0X<>Bi^%erPpHpWjwiBCqQ
zW5!Djj%EGrE{97c(^ik1y0a)_{6DFD%l=d+SeZ0PqwUWq?p!iPJz6g`iyd&^CZ7H~
zj%Vh4tSg}UWYXPzKHyogSD=TtAFx~wj&LY)u^xeC90P}V`IW%=BdpPV%hK>J2f%vg
zI~h3+PN9#tC!sI1_I<;w&B07jIhKE~b6=j!x3>bPANwL30z+bUdj`Ie+<hkn4{)K)
zwWC<sv2^<6TFlkrw^*(KUeNJUdr&~2wB_xv9u6j^?fr?MH{ZaU-||z21CGL?vDQp?
zOiKA*5|65@^-mqqn$A>j?(XP2SM{!z93lkoH?<nLL`3|F>=)7cR(%<CGk11iAll2%
zZ^w0IMKX3O#{zET_Eu;9$Yo=-@#kg@odSR7bxXF)okt>YnpnmgM3!lcl;QkXww?V&
zH8kBWTT}Xfu=n0kO>XbjD0W4ZZAH3DlaBO`ihy+K9h45CNv}aHSZES@jY{uQ0|W>*
zI)oNNk4h)>79b?KEAHR9=idAGH@-3MIA6vd+d#rw*1OhI<}>HB{Pli0_8e-1230AY
z_WFT=F51LJL4@7Y>IpycQP3%S^Eh6~wgJ!Z@bC+4UJ0k^>pSgmcqxy8s<~K+%S<By
z0wZpcX~PX+ntmR*!JIIC@2WP6XK_18%n2QEUc9vX^Dt(Q6*(2V09?@S_}cC{cGnfn
zxFYYLv{VZ*R8?uwz*V5E7VFZ3Uk{#A^H>?J)$KMe)dOr`F7-Uk*Ngrs>vv!^Pdag~
z*kYH6@DZ>uyyiapUiP{+S}mLd-BLI~EVMtgjk)CTedj2Fe(}@OfLT|i-5J~6=?URN
zC&b0#D;CO#y`@h@>rJi#zNyK{%XjasU1eeU9ES@6n>B=HE&mwl_p_Q<%AquuGGU5u
zxO2A<8{#VZr}#ZvoD%u&7;sy{Lq&|6L##?tnFf}J%Nw}kn9I(rGw0qXc^JkCt@{4@
zbtxxoN&i-3odKjhR*TzjX;i~TD@gfwo^o|)OPEkzT$f5BX6mJfF)pJK9~C!k*j^_?
zUz|JU7VNn!)rM<s3>ap%Q!TPskaT@qQRji$4Mxml!eE~XR^umVZptk0p|cSEWh|e;
zBP#CA=jt|IiVb1M##+T*e$60c*|AMF7}9T^hC5a-#Xi+_>1~Yh_!^MWn@^pP?*=@V
zzw4rm%n$d9ilzxOmAD%5nY!K3wYq2HNXiFpt!&psKNw5<HxC4)y}X%et5qyrfe_G6
z+KaZ^>`16^?JB_W@echstA;}3Gu9WDml)cZ31PDCk=f9vnIN1b+);L^p4cUH)i#EV
z8n9hq<8;AhlQh(yX?c8^SUuc(18-_cUJ@ekaAys~=S*Y2$!2)#(90jf@}Zl}Fjzv&
zx?~@ThYOAg5QC0<I0MHl<u(bQTwP9*!VQ_=dXpt2X7<Nd{kb?Z2NQKsn0j@Cm@WPC
zbq+8Q$VjbQmn61L>PeT+Em7hpa0^Zf&)x+ew+v4D+~qQufo|yK>vlD^0b@3exF9x8
zS}$8L<Sh=3MaR2VFJVB_;kopfwy?gf6AhbF(eT|d6S1ka43RxvqcVMUn7GHFn)w&|
z*PElyTbhRn`E0OUlu0=zRcg{{e#$qD;lgr&U7gsHPNsB`UJh=sa)xKOYf;Ttdo{hy
zuDo3hcKNbSks)up`Q>Wp;gsM<+sgf=4BfVF+fLJhZ=J5S#pqS~`Tbx{mmeGVmq+VV
zl1WJ{c}1W<v^!#ucEITK&fcgKr~2mRIVSO8;_li6nukeDDr71czM@Dcddwv1bF;M%
zQSNut*Cm8jo4|SGvvYTj7#osGWR{EAyKQMMb(~kKHZ#iM=MyNcxyXJ_G8wd``ge~2
znPMv;hf~6lAXA{dGhg8@w`V!L(5qqi`jJsIU&X6e2ICDO@KPa&pnbbx?ps&PTjM9s
zQIeh$tMN%`7$2iM>_x0{gvI@L`$zr?;ac2AQRR2QsVwT&`wU#Vo6ZU`=7NBz=IM}R
z#j$H2Zzl3GbE}V6+ii2L0lT_!jqyUOQ7hIgEG_Klz&A_!*`Rx5X0PKA`Q;mlov%()
zFX++)Eh<%+r91;NR-F(Ne#?fRty$#8I66Mq;3(3%9N9N=X4-XwdqlK!)CYvO86X>9
z3Vc`g)zt^LE3^h3Q+97<-j4(!)Y6c!lk=|+dTpECM;x*e654h=TF){t3!&MY>!Hbb
zMcve+qHO2@vGfs$CxGj~JeN}o9`@`Lv~jEeK#9DIWJa9_t}L(H*lOqIOU_j#ul=fX
zqK{(90#<bz8Feciejo08C)!QcIJ_|~A4@H{`Et7<S&*_Yc!rU)(*p~{!L<$(<qyt_
zKGOfQ#921>B@M{AX=ticR8M#%b>d4EvC)w!xWM*G)t8;Qsmn%*p^_>@dX_$K3-G~D
zuxnckqTmsXFEQ?M=f}(AHGWQ?$Qypwthh8(1h2bKRq{-v9sNA<zQ{4g`QYHdg%Y7`
zmdvx!Wv}m>N6UAOC3h9MH-`j`SjR+ElFwoD-Q~8$MULNe0+}kXpEtoqyU+RAqwb$D
zNh6)P=)}y@aSb_jSFTU(%tf|N+&1whLQEE&pE;E7mwn!G;r&#(RS2!e{9=3#&(`%t
za2M2<kTU3*`|n#C8byx(^tJ`R2vuF;{H3%ux|u*rFD$68Arm5`JCPl&lvlmLGLiXK
z_s&Mke;U@-A6;^$A<tNcx>unm`cg?5AQvyA389V?c>U5)UgG@sE%-s~_<!&4>vZz(
zegM?Zo})op@?S5I;r-X!|IZbD{LdKyN*;ahKgS2Nkul=`-YWS2oZ$Zq(Z7@Df8Z=i
z!{x2DVuTvK6Fra(Z#b85+7r7olQ>~@CGM8Z(qhBnk3VubFVy1)GzZ@tIb%M@M_ybj
z8FGT{&MqPn17(-=1Jq&meEJV7nnm>Ix>cM<CJ(5dU)V2&Q@z&J7;L$j1%h!OsP)HP
zX2iS;@jl7Z@U^#tpDeFg!ZfkzL-5k$9CL@}-L3>!Za_h35gck|Scp!^;!UtN9;^B-
z8@T^AQc?U6w#!jHn(EqE>BJL9EF0M#uU`KEI<=Go?BuYC(!G1c_o%$x>#!$?ng}Jk
zpV?W>)40~H4pSs~=U-%z_tra1O&G5&rY6UlFvSDg$ct=>#na8@MrG*(8Zu58B70cb
zY&EZ$2d?Ism7gotvV?qKvJIt(b^BkBg0CTw@E00av3*uVqdf0Z*LZEa3~T~cWj<E4
zWF!>)g`{X&lcMe^-$Ftjv;V}z#&b%z{ZnA3B>aK&?e+2S?2flyyDKC2AtU6HB#30N
zyho+<^zv<$o>Sz>Q@0Ap^vD7@fNid^Sn8i3PCZ_Hi7Th3rf;jB9&RLfDzM?F8)9rB
z#tC5m=Ma*^73a4xMfr{~cum+cCdLSNpTnEffFG<(I<&+Y!4h4ouXR-Rt=+iJ3yU{(
zkhB>`7i`O)qdQxlOX?^EiitL2n%Tq-g@=m=4|Z)BdBMfM)kM(@f~t>&E7HEl-#rQ#
z+7mc&!A@1l&9WM_=nEV>$;eq`RpQtNNkw_3Q3tMGRs!?InpHivb!e78-=TqYg&xPD
zq!g7dSzPcsy!-<ucp8Gt@LVkJTeZ-DY31K`9WV6ACYnn$UjC2SB`cp5zxo+~HLmR=
z;^ey2-o{UAYQ3o>iwGqXR7Oa#6+WMqo`25oBiTE}fMQU#kk<-!MNSjzWT^F|=0sZD
z3E2DnS2oYJxg!NvZT<PN$B#&U>#T@HQXHzUp|Ud<d3uj`L(x8fE?(-Ly1IsjMsg=-
z(j99{E{&62Zj$_WL>|Y<d!-1F$%lSqnEdLtezwiv-1b4>MoWb1hu_0R4;7An@Tb%$
zHQWuDz71fJ`lp$k>k*Oj+RPnj^lf#J#4JPICj=;hu3%9-BNo_@AD5*Tv$-EXe%xN2
zo(>2E?_eB#LXP@>+XX=d>uZEk=z7@mwP652F2RyZ7Hrad)ek?gr$8caFs2@;o#xJL
zw3#s8#gA;&Q@))-{<(6w)}1IsIv^-%XgAlRF08Rmnt(n71IcB`ox#yghTR5WwK<Pp
zc)dJ7J!LQ1kdm=D)~x*LB-3q<Z|6hd3<f%+@IMC#U&2QV-<{EO+F6n_w|6yY>CY#1
zCi-=L03htrc7<cHznfp!HVFuZZGtdmnsQ+WQ*K;b4oYw37wed>K5nf(@R5z|$N(E@
zjk(kGquoZD1NMv%eX)~~PXng%l~T%w#}a)SrWf*LQMug<+t0dVrlQS`oX}ZA8}Y){
zJI9XOlv*}h7fEIaI96+<(CR(eq^X!o2=;eh*b7*=DA-K4pc;?4E|o_xfDw?*P%5N#
zmZgEUrS?dsv1{m-BmcU*LNAAUQ^wR7Jl2>L>?e*d!1>KCo{MYGN=t!4Qx;4NMMchE
zXH0EruoM%a@PjghZKkfZpL@lb$f-}SqbMUk0+f(<!e|B9K4wqJK7yr-M;lmXrJGYc
zr;mfknC9T8ZU1Y)hZ=$94i9geR|aQs@;3Pve&%}!aG}>JLPo!cO{w0?l;0ffyI|lC
zpDatkrl9e`Tt+44GVPMMzJ0TtcCF!jK{;BKvZ82)R`AYOWR<%?X)3CGeXOAsE+^Ig
zPm5;t*iPRY8`mM@_64+?WC`?;jxgD1xRBx-6skC0=T<u5iM$W9`{FvAP_gVgn5H>d
zGC5HTsQ?9wLzG<F&mZ;lZw>D-d;(aX!g#IwK>yhfHhoy}tEHvj?!Si-E<Q$kuwFH2
z*7&r7`m&2`D4-e;NVPOp-%0~!^`5TBda4=aX`+AHvHYs-X-DJse>Ud(<LzX<7T;cE
zk^Q{Cf6~mL490>T084iH)6<ti8cF~->{{DmU2~I!NP@X`HM!fTan$H$zG@9XGBjYu
zWn+aED0m6?1y;ZE^+ntSL>5AVxE6&W9W}JIw`KWDTxJ?w$4VpmGG*{L{z<g+y4k3a
zsF5siOPyBm+UNWjR<vEURey1~WZ<gJ%ivl}W010nNl~F)yRP%VpwZ!Wg^~5dVOsC<
zXnDh*<sWwd{szFI@h{IxphrvearZlK0TlPP%KOC}UDVL)^9;j{D#{WNeH(}FS1#z5
z6Y1OA$5%&d(a!J*vQ#N^Nu7IoSF+>Kgtg=8gS1{(Y+c&&NO{qFy*b}M_Ah`dDT0Sv
z&E7>~ai~JsTF9sIN{mtEgIpahZWjQB9{NWTS6W1W=V7W`6c97(HJ+4Ptcu>2F!7!8
z3B#tqyC8D`+u~AY1`r^(a>X?kxsDWm{;U$^ifegkUhAKLty4hyJ>D%&+5r_J+0fbg
zWg7#{GIMc5%%X-Y^pAbrx`8pM0p-5G)>U+WYP|TWkxmGKeQSK}>n8+r-ec+`qFt&^
zZ$5WUs3>+dy~MxFl@_F1AkTMQ!cm+Ly8Jv=y+i1%PNmT4gLP$u@({cxXl^(WurgpW
zv|yhWqbFMUO19SX6L6w@tW2N3tHnWP@>dUc<CLm1<JrvlOs!;Vji+Sq@)`Ho0O)m~
z6i)8g+O<A+ozgIvYGqPjEFlQ8pIv-gG0+Mg25es>$%elJbu6%5AjC+xJXt4Gt6z>C
zT9nhS6PRi9`{}1fQXQTPDZY?$YP`-a4!huHiK;V4xPBfgKsy6ufsw$lBQt*(8pDh+
zO6t;+4JS9%c}$cs`arwy8t}+f-o@;A1^?6MfdE^V;`;opA{V>#T&F(A+qyn1dE4-I
zZ$+UH9&VAV5JIm3>rzWL!YNLHv#k?;nh6a~eYAG3g-ksJJ<J;TA;~c|3`cqCm>e#3
zcXP=R07v<SG#N#ywl$EtJ)<zSKFn!a+yEJE&PN~pEORfoSQb5@ghmH{b+)t;ay;$W
zc{$=#3p(l@UC%d_)7<6aIoV;#1($V^Q`kH^{wbwde|7x=e?hRghiDZvMM1hL+)R!Q
z_J>rUOiKNT&7hI7SLHv>cQ_F^|K?{zDiTjV@g^xXP~+>@Tg5gNby_O#19Kx0E>jPI
z&@O?qA|g^!kf}twyA5W4lBwmuw@EL+0tV_SpPks49gn8AlW%ztMKYomd++8%-{<YT
z>orpPEUXrSc_@q`$663w2d?e@sphzPbx~0SVEI;4lgNzhpl3~YTe;N%wJLth&Hp5$
zxumhz<8w2WplDaDoH2j6SiK%SDBQ3bKE%BnZMWT*C_L3ts%G+Tup6zgGSW^R`#}*M
zlE>O71nxj9D!Dvyw$MOvi!3+04!@g#&`&f(=tP&}$90s|qDO#7V3Plc2qrB5*-N(~
z*4mHpH7k;p)%CGDWe$=VMtq#39Dy6HAC5KF<q%8TQ<n!C>+B$`@}UoPQ6knnGrEj%
ze(QtA*Sb^+E$tcAy+h!|#zm=f#KbHFH?;Je9Xz?yey~t&4fEv<oZx)LxG~XOB4F4-
zDRAS9|GL5lhmW5$+l?F7*PtE_C#d7LSC-*I>{AF{e*H`~pfA0^ZqX1-*wgeYc69GG
zVrMY52K)+l4+Z0ntpnS)*b;K4zP94Jl{%0W4}OG7EzV(ayM+YMK*?P}%(Z?((x}AH
za3QuV@4=lb-j(&qzFvLKknzIuafC;Hehi-X)-64B43kGqk?E(*&n1S#19m*}eE?f|
zSPObaJ64<RmcJWly_M6XxKOC}rUUn<0$>_U5s}}d+ci#J$Aa-L1rMdMHm-y<hdIQ5
zFqfc+Wsgc(I7n4deFf?9;fOvqaxS63(SrTx6Y+GhL2wXP!Du>WxXcH%^F=*OP|C~)
zQIYFVaZwL<0+U3v0qQG#$Q0Iq1Dp$I13;yNi{b*NHChDRkPX27llYSfflW?`Js8WF
zUjm4~V_D6+Y$Zz!i1Ta_rxyf#GJ5AFZoDr^fSjIB-_5|}KDFXF;X{e|e(KOtCF;6h
zKgr6ip|`bZ)H@@hh%rU2Gq+S)Ohhd%E!BZpRODGh27w3%7gMPhD<o7GX<RX3xQIr2
z?*^AyHn;S{!Ioe*`A;&@MnKNJ03K*Y?XU?)85C?rc7sbWLF}EX>i?sJm*f@w9R0aV
zuIp}Iel|AVj)$uglC}2dCxAe9ow*8fohRz70N&tEcSp+I&;*1DlCBruB-4&$R48&)
zcXEQ_f<t)4NF8g4A*dGDx=a~<y?;OWpg~Rimk|1J3hU?Y*+d4Q32%PzwNqzO62av9
zbxdjrp_IJr*3}?SP^$g~yU#=zA8NbzyXC~28V9`2sgqX?aw4D6ZV*60#oT3JFo{~T
zC{UF>&LEkg&5Up}(RgnJ3J}y_FHhsO^N$U=ovw^^swZ)s6w!J5=~i2G1L=&|X$x}a
z&$!p^YLjInf-DiY03HRhq~)Hp>i1=4Mh@MPC874OxZ}dD5!0Jr)EwW6wSLGT@bUnL
z+DKQpWTE<ZX_cfn!=W}m1yOpokVPT8>p1)sC4D#^890#y3czkX{Z-~==^$#4g}*f+
zHC7f|@Tg)+j7LDc4kFO3*`d2`U|oX(EcK9;c05J}I(`QhM-G)&G1RZfy-{+gaUW}n
zXKO;o$9hyx)CO()v&wpF0hE<G_@_>uT%22A8wul3#sB)917oS~g@<n)o2m5}YtaP0
zM-OCr*BBT=Iw3*}YM?cL^aNzY(?3K26gG5YnoM9EXP<#;`nBEdp~!GV;FL*vZ+<Oa
zs^lq2md}Xq;XqPO4FnBENCLYUkNSB@YyWAT-RZEWS$6Bu%w_s{4>;8`5NpH563i@V
z!mAc{Zr;4d5lKIS$_Q8l2vmcjb^N8@!67R{svmvE5!F=}jOAs#-<pfN-&B`<_9yqc
zfZ3;-8u40p%)`0c-Nldv$?-}^#XN~zKsKwsAH)2E_s*Ak>~@*mgrn-sd8F0}QVZA$
zZzw`p?W&QYK3K>x%xw;I;;CB2X1$l>_kl+Q*dM5PT(hW72cW;v=5yP&U^dKWekRg*
zLq^&M$~6Z56JmGnJihS9HU{sx>uQt;vv$05_pUl<F1|GyCuULU@*Q%O&3GK*m|HUG
zIH8^*bV7`?K3BHJJs+g5{H4CU0E&DBdSVTDo+ocPTl_8ZdwiyP^efipZ!WSAfn2V}
zcZ@I2|5SX$*cT7C;1SbPW5T1ge(fH>dyhkmnHf`q(5*e1ktIWz)QAI{XN&!JIr{%$
zVVT_w^gw$S_?I!2s8mP3zr&orzyHu3JjLpH@>(4?c2_~R*wt5sRXXqoUREHefeZrY
z{TCqN^%A@<0urPd^137WbB5;%cS2__z5;J}Ga@pjP1dmveK@ZG{A-ytQqOKWP<X<f
zY+0vaXXOZ!^0?vD<Gbc#CuK)Ne5V$9qhh9kp&i+~leIgv&O{j>qP@uX$--l0Uhncx
z5Cyy}vVrsopN}D`DtZ-+*Lv_(kClQp{)=zSP=~|eCUG(K6N@uEL(qPLQlA)`*fm~Y
z_L(4^RTx+<z&RnEHvA5irs7YxcswGaJrzSNenwq0m^mFgzE^^EA6$L|mpT;agmB+8
z2C%D$=t+R!GgjAUvE2wpmaq0}L>xQT=+xh9&A{5TN=#&)p-35lDvtq}1oU*Qg>(F3
zFO(&Ujf~y2{L}|g8Fen$HIg;qDM)MxQ*!rUIk90BBzuxX*oQ?T`$ADT&bo0opUu@2
z6$?_eFxg1s5+mJakv{jwGcy4;MuAJzBCoMm=S{9`9herkg1C5&FxYOgc;a3lSn0bx
zcHiwq({_gKlqHVh893F!lovhS0IE5~I0lltn}J~CXKVKDR~Gr-lUf0YA2}74;hIa&
zU67aOYL$QQWv4w14p+hT?wi@@!b`S`ie%OTmKks*Ps7>|L^kS}caBODCfQI80Rb}y
z^SL$)v@<MtKxpFV*yuj`nSS(De5O*jptqla9hFBD9<H$0Zxy_fhV==xg8j`j2_Hc}
zAr!ggAvk)51CbgGPyeViUHZh)E<XF!DW;uT25v*`B^Ilg3|a+DehxxWis+RNjKP9a
z_hv!%oG?e^vdck=F{?~z!0(kCQY?biVU7N-4kww$5w310`yJ6)!s>@hDX)Qz?A22&
zvIwyg`K*@W-$sVo)R*2neBF)v+0j}GB4|noq{bq{dP<I|c0-ptbC5MnwBW&umph$j
zDi%^1ml7x3<O(#wN@)l?e*qQn+=4xaU#-Z!B)^d~g5TZIyb|5X`|=Q1m=WyvjDPM5
zSoL6c9L(}w@9q(QEX4c1{gdRg0_6<wphp<7-o*;5lEz>{lQF1a4wTF&dJ$PZM5H0;
zdYT;THB3BD&xfn5jxM*Y`lVfW=vzGylxbOL7W1f?SZLD7yCYF*qekVafJ~LThB?)z
z%H4Ce;xB1v=<J;ppPf4dxb-jo>o0{)_FX<HiL?@%w;z^L4CpI%m-E-;Yf|~-1IvW{
zkqi`+8FVvnmsCT2(_|*J4|^RsN5|=I+~KLR!z$YCJ)5e(5w|e*#igX3W_$%M=J>>@
z$nYzH;rH!wf7SW7kPr7^D-1%5aX-7KptC5&r|;XEHp|uOevIs-B|@Rsuhp6++JLK+
zg33oza6BIOPphZzkQv%+pMi$X+oOuY>joZ~>WU=|+t)Q<msq@+4qCHdEMGrK@jw&j
z6qzs;IlyJB!^qa;xJ&k4>3h8bIpHzPmI(!9nXo;KRvi06c!eosvOL~;B=6ZvNVM6;
z`Rjt)sqU!IIaxbZ|DUvTv+Fj)cdO;XZq6<a%z*QEZl>vU8QKxNeU;;4gGqVqyKSj@
zhl}CD_&37b#gGEYwi!>I!yk~FPf2Zphbtv%4YZ<<27yw+S6)H+rcimZmQY?Am5XQg
zC>+pLlH(2f7fcC4?p!kE1qMo#>D5ZGKGG@e`s(_Ih7FeMV%7QD%QA`_X7yYO_XO18
zfkh2uz$xI85mh@Lb!KrRer6nr)6*}veeKO>!QJD`%y_BXJKljyJ?eVJMguxc2JNX{
z%xdwyekuo|I>zbb<vn0iVy~%WB3I|`QRAM-W?BX6rtV({kK>tzY{nd(Xo!l6Y~%Oe
z1+I<-+}jj7f0<fJ1@$skvjA(2FvItJ6~8`SejlgXzh#6^OofK|JE~r%zvEZ~+NP%U
zI+~Rk_hum;!?lR_@q^WMnPdLbme|^`^6Uk;U&drrxxN9KnS`sF5@Y75t`lU&e<hyo
zbd&4`<=~;@)pR+}Pa~x`YV-s=?eIsBQckMnTJ{M8<VNni+}y?WBuK4GxBu8+MePMV
zMh|Hmd#~^Cf<+DG*VDXQdrO}z(s=lWSGlMN4{A5_lKrDc(s`h`<vR9WLPJB5U)^;&
zx1~*9?i;>NqC|~3tqL;YJ{+OU2$=-&qfd8Q1aD_YYma~rfGW1O(l+L9NV?qMLEToN
z9=^<a+q3O>>k?yXIUD;k#3lPL=4Ivw=wLz9BSb8lpS`-YnB|=4;z~~|XcAlJhRYjM
zqI{CTvtT#*Wln6nG5|h@liCHT7M?QG=4rvVi7DF_Fg7;Dj<cd}6O|V5a0vsS1wlhw
zeb~{F04;s@fz*BLawRHKbYE5Zn2+H7FD^rpaj#J=X^LuSg@ccrOR;1rCb2`|WWcSo
zUe}dotPpkh7W1_ZSid&<hSraN4g<IN*(P2^$~rQtsU~g)_N>jh)UA$kWK0QFciJbi
zb;MOUe2Z2TLaQn0gMun3#p#ix+Zk41T$+D*C3RidVs8Pk>(U$9n|)!$e|6mN9u-{Q
z{PR<Rtq-^)1_Q;6av(tB1(6k?Jd~&T%$GdNX>9wr@F$O7-f^hmeN2(-WGs@q4e#{r
z;HC6-X~*Q&UV~YKYcs%!ZmNTD%M@l<qT1HeNrgcg;&YW!$|PM6+uIC>-X)xCTX0ah
z9+hiz?%OvF{+{l*uH0Gs=I!4pX8DtGtb|WkVzroEU+9!veT7;B;uylQ=lP!GMz$HW
zuTo!V?lhS&@52_C@(7hI{qjizD9Zjcuk<csYozF$I+OI+>+uKR4-AtTrIPp@Pu^W)
z9908sqM7NBkJ^4cb}L&pZwPKyOp{cmk|$xl*jB~hIc>H4kt_s`v-55$r8DIe;<1~)
zeii6Nc$LYV>Z;#IpQUCAMuLs7+?^_Q5Z;2Z&H)>y@PRx6EYw1PA3S)#vVi@>p>{rO
zK*N$v$oTX;$XbJc4WvwpZs%)}%+FIS)8-@_dZT+FbyoA2r9tfG(=kQjlzEY_t4N5H
z^z1dg(_;Vl+)t}3c8N^sckw2exRSh>3<PAELFvZox9<;jH{~icV8J#x73#6p>3Tpm
zXY5>PH}&pX2^N{uRb_f4zSQevq$v6TJ6v7_qPTHTP;OW3X!YGlj#z?3;z5KKR2%I1
zC#sFGM-v_ue_)T8sP*dfjv?X<5qm*0D6XRWhXDo300WvesBn;9SF_=*G5i9MW1khf
z|C+HMKRs_qzFBA~qhY|^ocAjW6f6Ga0%ST&9PTa$3aWeY<~lHqmK$?*)vtPPnwX{%
zBHWQv*$#r^-{viA4E4)f?Byf?fQARxk6C<Ad-m*|M0VGwPh;6v7y7cgt9m!DY!(|;
z7lV8g*iw7Bj`hTYu&(of2$g;~=6eBIfTB`W*R!Fnll}2QAHXagB-+>`n|&OUIg<qR
z9&BCa_ZE7P87SMi0CjZS_J$gkCszJiZ6Qq$HCZ`j8&{aC=MBBQ3Y%#kPvX1vJ25uv
zZOUwi;aD@_Ie4xaGvAs=wil|yCNsuR0{vMCLNbVNumS7Nbdq3yvd1vrjg3pJ3jW{h
zkT2xhGnGbrxf8y9d(d20Ik74WPbOjm0Eedx&^!rBTQBmD0G$*NuZlx+v!QN<*og1_
zAEMDZ{$ceudAY)9Trf(^iK&UXzdqiSaJ|6;Rx0qt7lt(X+@~9JS}U@`%S<7qaYNM>
zXI7`HaXD_VA>Hlkg~q+b)MCL{^Gl)nOsA-7#-pDYt^&FqfJmKp*IUfAPhwnRISWkp
zJom&}K64{A{RaL|etBYHFK8?0e)Bjjt*;i}K4gp!abHngHp{oo{lmIjmyE*Uj%gf;
zMd?xnSdOPooo4zPakM-(b*Td}=Efwqb^_53_GsK0ucsGZx}f%fFruiiGuiEltnCy!
zF=Q)A%#0W-2~msN$~=`8kv8RYTdJz7)mJCFP_OyDak(|TgbrI*#@r16iaqxXnd284
zdRhev(KK5;A`0In#XywLgy9b<m4Yp7%PHj47&^aIdvZ$(6}}Zr0$6be{qYN@I%-cw
zaGpAKU8-d?$lycN1BM!q^6KMol>L(9B^=ftE?ag@&Pu*MnsZVsT$8AcMkN^NCw}l%
z1-OEQ<M#DefFiAV9|pG>DKM?HCAY0cT`N5}K>P&3^BV01!91N+^BV+;G*K#!{ZCrM
z#XGp*_Oo&9-3&u%Voos=TpCvihsxc%lX8Hgsb9*-^-|!}V>Z100d%B-VLkmR0>7Sw
zA1)5!Xn!#~$6;9OZP@mp&H6f%z@kr&jA^aMcSnWo!IL<fC<cJ_;WwRd{q-jB#4$JH
z>b6}BA%E>~o(P{D=i<)N^YT*X;({9ioMj=H0@!a@02)!BAv(q?DLvisq?O{KTW~g!
z`Le!f&U%4-cPL3ZpyiUY^WdGnJK+oFlASKU2aTBShJNXBtR6?W<ZlZ_6n1Y0$Gr$>
zaC$N?DJF^<^Jm~VG300a5ZYG(@PEH8`xjJ_cd7H&Bf0A^@*yb6E!WmeXE&covaRI<
zE?|!1n*tlp39*+5IxQPf%bYGX%WI6Olxr0+l*j7ovF9YAQ0RL;_D|d~e|)vww3FhZ
z`*Wq>Lnq=|Qs@56>zHNXEb7(_hgAKp{aUYx!!ef#TKGHnHN9@Qc=77+E)}(r0_D4p
zic-FJHU24`_+nOq4c5Je*gsg>oACHBTZmX=5wAfWxpunqxjh~G4U1)CHdw7XvTbyL
zsA|swG;yrPH}J{gY8%aB)iub@w3-cL`+hPrl5t)AzO?U7{kQL$C8h(Pfr)HNzV%G#
zV`_S^BGzyF{5Ok)eAk{uwP=)qzW&aViI~r%$9A1n+qW#g8C##s`!=a{>yssW?ko_C
z;Zi*e#HP4`j?HblO4-GQas563BhEL+nMCR4_lk5WPD1g!d~oOrC_A+abOZPeme6+x
zXc6@0nuYh$Y>;~^*piuP>`>e^518!7!YZ)YVP~eUdntNtyyY{#Q*im`i7I(`Gj%>K
zhj;q{iufWRMf=_AtrYqOxb<vePklH(yS16qr(wC`b2-#>Z&csvu1_5G=Fgb5M?e4|
z`MyZcDBj_FOmt+zxdLC=C9P~?BtJSSJtA!^udA**s!Pc1Qpg@#$F4uXs0wseEs8B4
z*1x~b?-<%Ha3}w^ihZT@@nd6Q3tAxP2D#X&Qz<=F+K%>5WcOje&8y8FW-6)S4$5{W
z-(7Z2^k4~I%S<ipV}R&XLEQHvD50{ognv<uW}2z9@<6Xw&M5WoW3%=13b#NJs~Ds+
zfOuJc>HC>w{5o`SCk<skp=47*je}Zl_CJ2!XoJ6V{|RD3!vEWwu|9oITwNMpV$@?(
zQ<oghuV0lJmAC<Wwg8PH54dMM5*F(e<^S^Y_lkeJ!1Tw<t^+j@z!3)uteM}~8l-?I
zyG;NYx$D}ELpj$~Z)M~PKMp<GSI@C-OyFV=J3;Dk%*zx0n4Yjp@z4V`3Sdq_ipIRN
zxv*B9(w%%x?7F{C^4A7aKrJt3MeZ@xPADC^H4=(~(%kj~N>==l;8xd|0uyv2BAZyg
zuN=)>{(%qhp|1#A>TlEA`{r29$fcA?@*K}?X}_m3Ci?W0sL!se4=9>aG3hxDj^QuX
z?$-pDZzP)kap1OknrSB&ux|4G@GI2{we3O{ibeuF1Z^60*u(a+*4TWbIF~xrA{Qgt
ztwj~3__0SN*FnwLUesk&fwa3P2cLIE?VV?+0ql7{w}}T|?=wQQL$i48ZcBB&N-@s6
zqt+<`DVFGd(mw8&0ZLkSAljCx$QN7aA&l=81f9QT@Lf-_GicTC!k1smei9B(taZlx
z&D3QRHp9NycV3p+y9*$u^(Kk&j^ow9!-dU9_hqUZn>zDyln9_edUt~&biJE<yVdR4
zk>#W2w+Xk)lmFU?ie$PTO5;Je0Hz;#*afV<w-D<0Rxq?6KYxiFFU(i2qdhf<M7p*c
zCISCSz8(%pkU3yzTPV-0lSv);zg9u%z2)*nOF<T{vn){@>tg{T?fTL<^dY7`OpU_K
zB~x`Xv(e9`0F=-ldFNW`25*nK4Iu%yT}{c=*Z`P#Y7}9fkAAR+K^nBcW^WvYQ&t(K
zs!oHN4}KL3AL#L%HYmA%5W?0;AcvEtSaRann@FF(X%t|^CDMjbp2EFH%d86I4F#Be
zk25_TZDP@*HZ_#No8(3SXH*bztD@TlCULP_Vi|rDz1SlA$9pFRLHSliy)$-8QOXjl
zF15GfCU4xJAJj~06Klg=;a>3QuezylaAaZrW!95QTkIv0(3b8AfwJo1`NHCslJZ)f
z(TsVQg-#eybtMe!v6vk+k7E=47U_oL0)Rx#fn0@?N_q}n9{5z1OaJQRb^87vQrUX<
zf_o>~!@F+Wn5Yjza`H+SzRG5mumlW0GXdywe|`}_efv!5Y1T5iU`HfUjQ2%2bSdqW
z!HtE{{Z4pCGTYgZt<B$nJ(@P42!KHafNVNKx3k$AJ)c0WKSMK#NN5_$6gCsQHIk}F
zE3mdtN0lP|nPH7G0rG|i%Il52fnnfm7n)X2Yr`e=)={L-?a%@!`K3i&I>r@Kv7ItI
z3J0v`_az1fa~$2p#9H^=zWRZ-N{SzOPyo?w36TeS4~r*#m={VWUCF#(#PFglk5s>Q
zXGR=sE(|r32@RTc6BiU@nGj-5PpmaE5DxZIBic6NyWZ6pu9roCh$2(RPU%XZJ$Ej-
z*8^MQ=~RS%en$LPxtavfI(cAwUU+ebT~<$q@TO|<#aj<9{CM~3c-UHIlSF6OrKu)h
z=B$>{KR)He{%p@;ET6XT^O~v+sn`T$3X{6q-j+^7mQ_}v3MecEX@qW)wwBsM+OUT!
zPSsx|)YrM!h5grz?Qp(xvz+T}X4Hs-6Zr*7{Ag`rcERbc#^n{jM<-rn(FeH0)vKnK
zx-l%a!)KFOP8gc?+FAhd5!e*B@MG(r!@VIy%&{WC-|VX7b~a8HvdF`%W|TZ_mZiNY
zRD`ezZ@ZD`-7A0REsVQmj{?xjVgurJ;CqYu`}NZg*B~0&3Kh4Z*JtWqC;IkqTGu+}
zH2Ql`k&-2(F3;kRcY&`XBLTAAy4l!dZ_oqM`GB2uLEw<Sp70R$kSa8>hzm07=zW5~
z_aX`w8}z<|0-N8$YM6Lnt9GN;?-vu58K@0m_h$$9Ln|}ooG|rTO22&UzRl`hGeI^2
zmDyDT1#=s1){2@M!?a##TZm)zgi)PVp-!eR-J|_bIv)}L$u}Sc(WIpnD4*9}#=mh%
zhzTa^yoqHQ8Wx6%kfBapDd{^S&S~1*5-v9i)(c4Jz#b0-KktECU3D;}1ZuN`SVJP<
zM}o0<^jh<o$*z;q*V<%~!2*J76Yo=R2B_<RlfeV}eutx`&w08e;S>tKAMlEbK=luB
zsr2sMd(PcLu2~EIWd<O2e$VC#to03EKsTZ~7@+Lo6%@pj(ckBKX$UA6eOc8^1c00l
z&b!M|p?J=vxS!!6@)c6TigFK*S(g(48R&3hXuWFEqZ_zAit!QBC1ga`7I@_H=J)D0
zzT&(Gr5E+{XOw<>cYugDZTwWc`$80$Z{-&7yYaJiiVEUDb0k1zCh%E|JUhBBY*t=T
zfc6WQ&q&)WCw92+{rU=O1Ylf&h@numwu{YS%A=_~VbffAkC0Sy>%>qB9rn9gY(hlP
zwZ*ZrmwM?vLA?TR0R%ynqk@(XMoAiaeCf(<&i_f_Q~>Bu#5$9D3znLgi2T{G;!ldV
z#!cEv;>Y)5Yc|@m*-BRB2se5`{sm$g=%HUcTlm@qgxRa|{4hBSry)E__Drah`_!j>
zgV=OrA5Fy6T60TPwIX6_p1e<GPUq6MJobKX*OoEnmJI#_8j(u7_T4S!^~I8%(&Osh
z9$~ji*qxTpGv>ldQY2l??!)$JP<qAcqJ;Eai#d{}ZF%{sJ985guTm|f!tOU|^}$(Q
zn`J;H<dkuAOc7=;vi<qq1%OIS;`WJ^q*EzoYR32=Ql<3F`37DR$tx>9)9B}N_=v}_
z)pz(Hm?ierW6@ijdplKzAY$#$IT=;4Zs3>}=V|TW*Mu&}cWrIfbtb>atIC%>Z9qB_
z0P#T8nA><&Sjt-XY>@k8)6gh4sPZ-{zD7WiiXJ`<VX{lnr>9AUWOK4^TL@h72F$kB
zwQU7Qg`}rWbM3K9m%d>O(|h-hG3pUe9Iz@eRuov@C`c1ZQ%y-QOqqdA>>d-Xb}|r_
zLvDAwbPi(LR)G#}Ydrr;UnLM!7OTOb+U>e+%rAxej**9)`WB-+p~EximTY&5PY4|x
z`s~FXtJg`X?!<H0!b<^~Fe<$~LRr-Xzh~7Jw7l|C0#mFKE`*)>p6z>HR9eRA*u<(o
z5L&3#k$m}JOEwFJ8QT2D6+^6q*se+)a()@(0<MQe^eQwP(O=)}LCUw>6%?~kN~jkX
zayUKjky5K7n-{*m1SChccExj~*SXsg6MZHv_D|Rp{2yf0Nxy(PbiKmAE@1cV{ubgt
zEYf>4uK-j$4*>Cf(+Vy4#7=YxV1Z08*U}Es6{LTM!*8GoK;U4=Qx~~u+FsWy?%b*k
zYJICpUECdJrsX>zfDp6nY;E#3jEmK;Elx5lbLGMmn;8MR!9X`Uw!ir$k;%P<>|e)u
z;0smSYJJiy<Cxf`=4g*dJSXg~wF7X%M|Gs`?!PevimL1gvngA>O#A;(cIZnV^*9=p
zn(BZp(PSCJ`4%n=8olQ$xXg9D#&06~c-p(92Hm;tq@<#^>Sr#p@NSSa57xs$4TY*k
ztIG<hW{Ktp;^QQ~WGr9`)r6oUECqkCn9ARiC^jA;1JXj;VbC?U>&3rdTrB6^7i?9h
zlWqc4G*G-5XmrT{rjLAk-GM@+%qq&(P-b<qR@h{{2o<iEbWXVJ#G6>_<nx)<owP(2
zehY3bpwp7|U0mcUkzfJL1dY>4{Y5{9#)Lk*QdJ;mZjc#5zPFXB{t}bQ#8zM7xw5sh
zPQ&tkFSvJg{gv?P0-PvgwZKZ-c*ZGYN4XRbbzIj_^51!QQSdxAb%36~+&`MrW#tvU
zPd3X_QJ1zFb&z)ep5c%-X+4GX?G)H<#{3$8qFA~^Qp6aQDS{-fkSh6%x-KnxoxTV{
zttoHfOIU82O*03mpZQTd2E>G835$IovPu}U9|W~_*PYaNFcz*JMd*S9$Mf5rkh-ZM
zH0tTeZ(%`f>cM~FLoiil$_TRNAc@1KA3*8iE7{QHkukll+yKgN)tf>9fKp7|hgmol
zOJH2>->VM-CC^9-u6Kawi7ND7dinm{y8^%Y6|*GXD?&h8ozcr(JthF^-ik}@THZ$)
zds9wVV#w0OItQW<M@aucI@V*f)X66OiJM#@C5DPV&v-gD$X0i^P%B<a*M+6Vo8*3<
zG6KvvAbVSu+J721Lm>Z1F%<e7tpk_IAqT|n1WqpH<B^N8<Yt9f6AuN&KOVIn1EzqJ
z7>twbsmG<DAL_J=09M;{U{E6G(#s;8^B#IFZ~2cab~tq)?h%YTY~%GM5l^7civPVl
zS%IK4!FKZKUArAa*V6+c;J!?4y~j_UWyvNLPOOK?>$cM!NbTjdM{E7e)Pf&GDUw9(
zVE3*2)(1b`I-G5eUcvqNF$ByNfLwpv?QHkJZd}TVar;4-hTaFMMq*-SDfA`#-8!%u
z7WDZHB(-2QPVMt7=ErHCcLN1YN|AVmHqw6`z5R<?$fyB*L?4_x4)kPHNf#hRncg9$
zY~d(BhSdKmLQk|i8T7eqk7QAQDnEUX3;5;tBW|Oa700$_c>dJdVOvVLJ8sIvc9%~P
zedt7`C*}z^=4&Xu76J2z3bp2F2%vhLWTd_S6mAFf@clsBBE0k>l1GQz8JkTSI}M1z
zxL$=AtqflHoV(<g?O@dp$4)KjJ3WDtcjMab)%kpMi|?kX6Hbe7v7fM7q3hXy_3%Oy
z;TZtThC1GFA@)JFfgfOc**8dycRL6x-JZ<&Zzs>B7#=)o@0qii7al2GnD)Y>44|SS
zN?DT1x+rO#0v)cdY&H?m0+bXr4Eds#9RQ>@_D|-y{<>Cv36S&NMxx7lJxqWo5lEOn
zeWF)bxNiSp%O45{T9o!|#uC7}=>lh#uFrj-tO*(@$S9uA!TItB1>TBU!8BQdUOqHi
zFQb7%gtij_*EM{OLdCKveL}ub3M)cx!yl-A|M^?<bUu8nbQuG5W(pNnLUW0<8rD^-
zp-DKp9@;q$P@=7&wEh;DNW6GK@1UbfLq01JzgtIpJLHRZ-d2@4nqj;Wc~uC&fS^7I
ziwN@DnmdXuzsyDXtWq1MMi#~T_>dZ|b^uY!uda4mps>06LWtFZ@w{yKCZ<PolKG<-
zD3feA_By82KBP?-n<y8V^M4}3f5yA8L`cR_Y(XNYGmSNw9l!@Y*u9jTrciF$KOiFk
zr6g8en|&FnOvcpu#(i%n!?2&A6qX&_uMOy_K=bh*0nh@23ZmqSbp|mR{;Tq-AN=>T
ztHx$Gz&C;Pruza=5dD1%{`WsnHSxb%J+wjDTa(wQZfx1!Unp`aDlaZy_Gn~gT0H&G
z-|*4ndsqLloDq7LdTIA9w}%*$oxCHr<DXQmHfL|qch2IBDy%=kqSRO&qq!fx(^P$_
zdaUww#PfdfW+Oi%Ka7Dc=4fDe$f~)2KL?o|3<!rl(hCg)vwg`FpEU)-6v3K?<_`CN
zgj7FY{VR(4nED@0*VQZk%B`N;KKS=>Ki2w>&g%WSe??jM?tTJzFL?d`_aGOqB)zG>
z2yS6t<t*sv@zhDx2K?~+Wj;jtd(Z4>=A6d*lQ-PQXs*K);?C{KJ1)K|8u5kY7JT*s
z9i|)!G1Wv3nvZgRp3b8!&-%O_77H(GAEy!E3}L&n0`2K9IssoQa)jlYm-st_-leJk
z{Ri&O&h9NfYwwNXR(fuNPNY@scfVS<)3J)k+>Pff!s1!8PtsgZ9t)dUX}L_Zs58aP
zBsnSS)KE9y^WP@`SF<7*#oZn--BL8oFaH0!Ab01~CSqFy|LHg_ztyoU#?v&W{}e;e
zI;Z0@t3A+mkyi9CvQhgYl9HL6OYY)>GkfYZA2^qajD{whImc=%PSP|QU?U?(W=+%a
zsJl*9yR%^D5zz4epOqkieoIPB4O`$1Ump74eDg9l_UWMGc_>uH%LH&Acagf2it?F7
z#wFi}XlUrwz(I0htcXy*wc@WF1`7D9zUUJ)zJ|M{-FuDcPZug5IC*A>Ljv*noa*5?
z*f75KqV5TrETanSAP&LVSsuno)8E`EEzW6RvEKEg7u#!QqClS9$t3Sw)ILe$`vAS9
ztGm1Jvrw8*f6%Dq-V9kF(wE|YxF<Mj>#TKjjP$C*zJATyCa<4){@UK(M!L$+hnpwB
zH;{?u*YD-!{tujXIHG;N6b{_t>a3>a7!A#vcgtoedH!2mJ|o(mEgaO(-*Atkv<aRa
zvp*iX?wThHGOz4N)AV2JPQH+DT;bqtdplzd*T3`(%$kpl_DjW-!KGUoJDh3iFvG#|
z{c3R?Y2hT-Ff6e<PJ1`Cozq|@jj;uxY;c_BjRtr$MeyxEJ1jw6nY&^Mc8sJqC8EuC
zoSon5)1L-hk!u@5_?j`r1iRL{a&vRb$<ovG6gYIB9zy0y8I&!#H7%6am>XoVouiRH
z%h!#~lpO+RHgxolRUox`hwbt**3Vuj5<eu6H#)-78VT*4B&F`2jmRFY=pNihn%4Vz
zU<WNQW$iH>1{OZ^)@Zv&Y;WnpDQn_V)9Lm$@wb+Iogcxt!cLggI=Z`Jvb7`%L`AC<
zdh@Rc(g;}Z1`ED?scBGx6~(0YkqFaCtTQ=TZ0BjDA2lk9b0Te(-4Dj;EH}D#Se}JC
zMINV-bqwBSWh52QukBh!+W)rf{eo1rQ#WSy(_(6FR)<w?vNAF=qjwBTz9$@O{W@d-
zwm(5tkbW(6zI!)``n{0dO+yo<1*VfdchVF$eA+#XA|tG^zJy+E)uOq_qcs^ibpmZa
z%6R#Du>I&%myw!-*TJRLInc*WoF^S5H!j+>q6$NKZ(M0ul7sn@3?Z0d{O)iF9?bsn
z^%%FQl{7k<FOU5EoF7%eN55<@M{*S?NbDvEW#TGno(BzqIlodrSF&1i1Ge^_u9_)^
zi_yGARP#-wtO6|!i|@pnH)2hG2_-jZo?OBo_J3GWk^~aCft0pNr-I;Nmm;=jmVBBf
z>qME0G_5Zr#blDxR+)#!L!Hc-JvwKnr1B+X6c@yZv2>je=r2^eVq6c2Zw43fx;Y3b
zh1y^+^e4hE(OiEEOizA6dRk^`$LzjoTU(?U#@pf^jp+(lAU(m(U!M}t$7rTJJfs)*
zT7eOxnJOJwI>y$b;mGk#%fZAgRpGaY!h%o8Wp<h;zbC>4Mz_}wqv*i*L@3wqJ3rcs
zzR)@S_36kYKWpZ5n&%!>sEo6{E47-4I8gI>eo*!3fpQi8)wjuCA9|YeU`Un|t$)4*
zSUx&Q^%|++QFp|9(wSLcVeq$w^^nUnzA<5HucyvY58uxlB_iH4PI~oy+UR#Hj{wc{
z*S&o#;DhTgR9Kk&5vVJdgdpITx{tx{p1)oZId_3L^8--l!AqVcJBE4;5Ci>B@J7@d
z{omnS{T^qr(a`+kr~dH1Avop#ESLYkYmon!4XkO|&<PgWm|(%Mu&||7_gw3e0&|Q(
z<NXqeta(GRD_0U2+1b(dKE*>Ef1@!knxr|1PS(=SKW8*^th@VvJvk&2ftfn<b#yc^
zQcd+FSkGXgopKwn91s!dhXWY^B1KKDU9`?lEj^)EtJa(~Gx|-jaasO!VL^B&jE-)n
z0EH4Jk;2AmKn+)|T~+~19`GW5xl`_JDk+}op!`zZ|8%7LcaA>~Qc8?U%)sv=BFLPb
zb-&}?nAw&#sFRF_W~B(vZVk?ei>0%u^XSeOv`~puc~Xq&0`ICF@O7MNS6Kgk(Nwxo
zR$P3!c5f9{=Qfobzna6E{r081J<(ZCvedFtKIZUq!vq8MtF52=F`u3~dtp~$4<mm<
zz&D7D7pf<y)&-c7PY`A09Ba++a2r^C0Ojcue`W%K&`|t$l%5=08t?DNBE&?aV`GE3
zzdr>R;%b8tL4v-Q;I-IPe&IrMa|~zaXe=vh_NxO?WSJ8}f%*|m7Pj`&C+iX(bud~N
zb-#tCO^sAf{2h|#efaVI$7O3QQ|<{D*{dgl{U`p0&iz4sqyMH;|J$Q%jI2Vd?dCWx
z)J#Wq^Ho?2;@Qyr<l)eS_fRilz5ws32?-8{zL|*IRU#Y5npVoISFO$Zh|0>2{C@ZM
zW)~$Ne80anQ4#KETwxv5iq@9QXxO^~?+%9&<>a8YD7}gT{UT2FWN{`|s-y!9``XNi
z`gW;a#X?s~%N?ctHSAy^Xs}Ct`ARu8(npji9aUQHwv;4rVqA4&l{~E2{N`PPF#I+!
zyEqwH^{TD6*BbV|hbJ*uZx-vs(*FHR`lx=dvqwkM#4XBNQ%Unt^~8D)wgPo)om@gc
zkEh^=4)Utmvp5@m9ku(pKK%P9(sw3hU9y|!$|$v@MlgSy!FFAl|E4%>Y$oD8)f1j5
zyFPDST?aTkWK9g7UZ8mJC(~~v&CF*wzG1zExGgM2hCnH+>pfr^lgQ-$UxQ66?-}M_
zY@>S_3*ebx_pnLdZC#)5N?|<Vq_2>{^lWHHwGcB?4|005u2j}G2sW$j8Dz1xk3h0-
z5&ljq)1z0BLH=Xga12yIv4vx1MsB_-d}RQ#b)ajNm7pv8tnUy=H0FE6bb8N+@5(eB
zy*HU-_uTKZMujc?)a_7H+L_+j6-=upzna0$rJ?J^J%eW;-Um_PVmQjzxQo(GHaOVP
zwp2y;GKN2a6Cds$vern<esi=y?Zig&YvUJqG>en%*;z_ZVz{d?icp~>zCaq%k>Qns
z5+JJ`B4T0*7nmjIW98Pnc21bw-r3um&tVT<w+1Cbn=lVW;yd~}j_*4=zH1Eu%203o
zp?{BQ(2w_)B&qOctuoBJ<}G2Ql!^G?Yj9k`dEu~WVPA>AXQp{`#zdUuc#6V$n#|s4
z4iK}uO5jJ>60YdV-va**k$apJ33*4Gaun}A0<@7_7abepIM)9dD72Zkim}Zy1kY(0
zrx{Q*9xO1IYkGQmo<5T@FM-+|Y@(dNa;g_AC>&HP1z8XSJdmV5`8gA)phevU1h$!6
zThVb11vRtY>ynaRT)|{#AAP4BgvMF~xWVjaNEzPKD(J4*&dxWRHh(Yl`A-dJ>63lZ
zq{Pf;hrGlvN;*U-3vo2fzFONNp^%l(7Z`f_^dTYm;&;?kn6BbZeB6RWMKE~MM?UNm
z7cY2{SFsLDgAtsaKYl#yLvEOeVqAL<$VTf(S(E1V<r976IpI+80=U07%--HUM5um$
zjFFX9?ib<TDJ$RLH+V}#K_RQtv6_S)9-d4f3pf9HeK6LG>r8;}{Ag~G!?>;zo}zJw
zYlMjk_RY6`t61HJ*>8Jzh!T0M`Sy2Zy&}V{PRKNTn~l(|?ysoyXOlq*8K&}YIJNS3
z86g6i<<wXSi+f5X*sQdi*bqbOgLEl}nKo^}&?dKpE{~%+??Pf_f326v+Nxyx4x9@5
zb`S@tz=Ke^A^^oTL?I*bQI0K3ZJx6(x<UG|+_B6q72P1{TFb)pXWU;y_iN)fm}>S_
zGD&FCs>#+Iz9kucw80EKLt-{~21|0&$^7M^Q<>;&|1R}|I8SJpP~*mtfQ=;BpLOda
zsyXy$)gC^>v!T|xB{&RAp-s}@>UFGMq-wTlXr!C!KR?aZ*3z2YwrMJF4sBcFK?hOF
zP(+J^kzJdv?d<KHQqz`|hy=31n52BB`}gl5WJ{R6w=MQ%dYrts-+-kj>1Dud3vo>s
zHtdQ4Jp|zzIpxZKSLnvCSCJP-@7CdecOh-mH{?*e%S{I{722?#o}SqpcA{3cSErBn
z?6bJ8a|PKMDNRSX^=$%mH4t~r;uLe7^L3%~p4&e(;TiAVz2od$HsaqN(`DKJJ@EI+
zS*F3!1D8*rA3TDw<8~7E@ccG=fZrfof7I1P4uC32O>GUGAWxU!Js~LQT(^y-Jhn|c
zWBWz74QNT8#@TsASXv52NS3-v`PT<W!TUwxn0C#l12A&i9anUnD~MfwHl8T!T2}{H
zmWh}prPp(PmxQa|;vybRq3V~zYi!_PW(TcRXV+n!VlA6RDI{HrNL=WTXY{f&h!$e=
z(O32sU}EQ`S|n4fk6xW2QQ;Ag7z<1NRys+ZnnR;yP`<_?L7gzwkunADc2<OBOmK5E
z`HfN|FMGqD!Rj1w4XH$3-5Pl?%0WcQ)_W7wU4t@Xq2O;p2ipP7VLBg2rwHV^HwW#W
zP&o#L%_GiEHN}m!(BDzmxoS8?U$xE??E~MfY1(<;ZBT*TYI0Ii;K_zgzwD!A6T<Jr
zDXl*Xnimt&&eQK~uLuff+pgEFe)_!)tl_`Y{Q1wqs?gpdu`IUFKb}G2)M1lBShSpc
zrw)R=5m{>8ymc#_%!4RLC%}V(RMi3$D*mrMwBPgW)SrvD>&nkPPfJS+S{X7)<#t=U
zv5CbDpcm%f*=6@U{?D6l&%@S5%zOR+-Dk^hGZugU{T^5YoZS8I&)%Pt?W_GKJvkTs
zA5<!-dHPvB{sWwm-1_%smcReL|8Lhn+fjO4?dDIJ4)^)Ro>7-C^Zz_wp`o+oEjVBc
zb`-x}(wwr&^y`E7{#!Ryp1$_ygS+`tR{bj1bNheXELL*f^x3NkRB8IWFEiR7v=Wrt
z#P?Oi`qiFk-T9H--fPm9sAB&g`L{Ni_FFxl6jS_mxv|~8<a5<$pM`)+!<Q?kZ&f~g
zZf5lFx!Zwdn7aMr>zhh%7fgEc!qok#ZT-(a_P@s9Ok41y(Dg9Wl@-@N&2XPTbL(;7
zElm0QjqQJ2^xgj<Uk6yRCD;F4^XGMc{<&IdbJ-?M>tw@xaE@%qQ!%*^nge0C9$h;b
zoMLD_aJUiJL|Y3QjSE{_Rw4B4^qXz-?tTN?ToMNyC;+yNJ%jSESle)ZPA!W*pH~f*
zvRV%u**kJ1WzrI0(-uqX&A`rXo{FTzi}K$~4m+%kI(xvOeo`z_>&^fe`ZsQz6Fzsk
zjm_GIxBb=|GdbY61+e)I8t?)FgVn%R=Omu~9+jJwp@$z_YUJ}jywGSz$%0zb!*9&M
zO{9dx7q2dW3<5TMC#z^r(-)Q&TX=9ObL7UF$Vn-er>$L=1~w`pA#1MOgNIVGvcTg4
z&Td+G5Ll||^j6v4ZgU6LE2UK?a&0$rt*TWI0~;v7R%~g77FgT2kjQ<{uFUk~FEjwQ
z-P50TJ$?K1;>C?UZ*NR|mJ(d@LTGE2=~p+~zuwcfFoO~o+eAo<I5Em(p`s_SFll3B
zzkL7x^_PJb9LJ6wGqy2$ROSgbnft~fF5b;R6~BJ{x^(-t$KEjit+%fBFS5wl5_LJ#
z&(zq^aOTI4g^ghI7I2sRHJ1983akT8KJ!?99Be{^>-l)lR4)+FqoWJ7X0&rVn1<)S
a{b!tUw(`ru*+m|pG~ns#=d#Wzp$PzXy)XR$

literal 0
HcmV?d00001

diff --git a/docs/static/img/go/api-service_user_panel.png b/docs/static/img/go/api-service_user_panel.png
new file mode 100644
index 0000000000000000000000000000000000000000..d4e9b5beff9e54da0ada41d1209afb064e637af3
GIT binary patch
literal 116026
zcmdqJbySpF+%SsAW1)ftA_yo9As|RMsC4HrG}6-2IbhQ@l(aO=5Yi1Q(j5Z=0!j@%
z)KEiw8$2F8?|0W->)v($_}1M^7BbJ?``P=~IsVFuQkMzI2?+=YF3U)Zs}c|p8W9kj
z4m*Dqd~&B^{|xwb;hD6SBLTt1>&HK*2;vgRz#{?~@ki=z2}@(HPB%<%Hm^<4$Ftmp
zT=BqCrn@SiI^|A6AyIXQG4<tN0jYP+`}I9~^eEu@b4JF1RGL0dZ0$Dborl-@Tqi_H
z>9vY;Aj4Pck{unoIIFumzTFcn=J&*iWLmqofBhT0{g3e+;^^r7$KNOaC1$?He(Jv;
zBK*bW|NF^v6Pl~w_<xQ&vC?1u$Ntjv|Nq*mBcBM|SV+5rKd@ccT&5CFf{0h5iY?k{
z9it62*$OjpaCT!gi=d&sL2?zMqx?Mg1&oB`nZC-9665;bJ=nQ(f50o@foZ!=)9k_>
z0)mH4vs&*F9dE2!(w>mS3f1aSc8Rr;Qsw$x^t|D2>-(8)#nGAXkEP$Kj=}m6`HVAm
zS|u|_NRAs(ZD$MfjYtt6tIS-TLXp^S8fe*gMV<b==ws9gcJ6hlB2ze^mUq?YMPa^(
zl;OvxZ&cakd=4qFcV_%On?R`O=k%r}m}c~X%}jV!E=tTjU0hc<^+TfQJ&x}QD6v0?
z<a@Xn4Lt#Y^wnt9;Ato-0@dJ_{>C~!>%$aEkMfxEe~r)^ys%>^P<iX4N5fyo61kxl
zAO#D{y8mNVG3xm2#JmL_W2W~sy3vN;spN(;5sf-`<ISoBZv5JgfWXZ}lZDh2*GW?#
zA3OcSFxo_RhI{13)vGySJ<4Ns*V8|I_@J&&J^Ax^JctMVS@`DHCVx<~G`!MrCafS-
ziM#*}AtokvcXMkQYL;^S>$G#{ktBKZb39qxZ2|&FAPnaMG0ZfMHo}o*f)9QTRjtDs
zciphpx8e&zL)S5#QwtBMv>--*5j=+!M_QUt|3xt$mtn1@CClyL4EX%l2)jGe6(ttS
z=~*doNo=-5zb%p37eEaX?stKJ0PzKYUB6TSJcA%$d5Ro(5|{rhPSIqEc2c>pQSSx!
zGAY#5rEH@0J!a7`2tbw|<zEOt<3FH&j~Qi03iG{^wRu}dQsM+rTyi;Y*IU#E(S~>Y
zh1MgZGStOjzJDO})>~Mnd_K`##d-d+pn#LD8Exq!0OkBxcn~HZ%TyW`-#WeU;MaA4
z025nXeNZj%nlA(Mm4oSoKvUf!EtpOS?S%=4>3W1zY-T>uA2i9~x2b!cLAW`Z{p8ly
z8jICwVZP7LePRDYj@+3McH)+v@H!xgV$oMeY@&HNowxQI|Hj-?zmvST>7j>kns0*!
z<JU(AE?s4fWR`LfM$g%!3k-Bf+GBd7m=8y4oU1kRhTos|4XF|kiisEUejUecku4?_
zlB1W!dxM;6Wg%>GW-&tIB1TEAkmgP4PI<=O(-vu%?`8|5YWDMScT{!%_T$HoOOL)^
zwHYqsR2lkSvic!$l$f^ruc+yjctLcuL4mpkw-1Xi!~z{okjH-`?7L8<moU0o=8;U_
za&<U)`I0WOF-D~VKO1fSLYA<;q8pt8nS14J$E?JP=Pxvw7u7DeM+MRbxXjM+?C$L_
zGPNOf-!N4OB=89bZTBLhn4a!MuC+zBs=e|J?wzFbsT6=fUX;6<U8dNqV;5d&w{r$S
zxGDLC|5(4AjOQhWZPDdHo#;o9#zHtn)Z%#PdRmjhU`t`d^#qJhC;7ZDzZyj5$JMKC
zYCDDM!B;J?jhHyA_1E1q%ZdD5A{r>@#hXVd`dIIDMilquG&$-dpR(B5j-9r5Ne2g^
z3-}*d`4^>C0l=n@=R=0ICKLw(yLovtli`ICJT_zD8b5^lw7Kk3D~qqy)xCY=yND_<
ze>(8Bl@+g>(d;-nDp(vqaxdNLa0oEkTRCHyd$Efy5$0=qIc59oHgY-63ZAK$AAzp8
zj@M%sy3~r_6_D21)MrUa4y!LTDCCeDNM7@{Ok1%%>_QuUK{+(8Yj0qUjQ1up+L4;V
zHc0nbz+Zs12j+`0B)7eWERwA-L@f;sEb*P0OS|nEGP<qd<11<Yl{{4AwTkW=BL!!|
z!&T-5dPxc|AEnoOG`fWu|Cr41m|EVRik<rOOz~gtfK?gDuRh}PN=?$P+sSn>>86(v
zaNf(!R7^$%#;}U67AYkNY<z5gILXe%Pi09OC=uwBkfYU4-xUA)o{X)nt>w_(8A`zq
zGH524eA@Z`(8<OCK6y+{OwSUNv!zCV{{17%gEl&j>T1E|2)1NnTrFNSmG<C+n+MWo
zqTFfeBfS<2Y0Q_f@h%$~?Tv0W?Rp3QOhxkL1!dJBsZUJ#M5pde8}dcJI=AKcjx|g)
zxh<MCmVQyB!YXmFKsU84FG(o^myx;YLaoqI+S|+!*vk_?HnY-H&rBQ<La8k%U%zVI
zudYXp`B%ugY0k7oiPawoNg3CX<yMuVP)<45nDmgZ<9Mxd4Q_g8*%p*II{Qh}c)$59
z*1oioFIGK-?2YIp8Tm|0Q{sU0fb%${CRq(@VQYA$MGw|}S)0kOu~!@L<n4HdlZ(cB
zM2+>O@jLpcDl310cyhnLVBo#j=Vpn{jeC;ZJ5?8r(~oMT;61&GDT>OWBuzLU>Zgnz
zQBW^+xei73tJ?_HrgTdx4wPCA1&a(H6j}7{Td?}G)h3Q2BH8SyV7_6g$Le}|ei;a^
z$MQ+z92l0Bg$I+<^M-@hFE2EC9P~fRfkCl#3Bv~_Jc2%a-wh*w(nVJS_r%izt?IS#
zT%*Ge9z~BRcTL+DR^u9tRGQ1!GDZaWvwkt##|C7l-2F(l<b(1MPV??XtdE8jK18@^
z*qS3&eqlH*Fo5L#(j;T}4KtwqAVaTv#iGX8;@NAlAMciWRmR)?{f$F^^n-i#?BQxL
zWIiHvFUJl$WXch1!V$~0F?xYXtFDW7!`S-cvLKUoW~OWuOTJoGH=__uU&dPGJvF9J
zBB()I^}|UhG*|jACBF;J<<ys)JSeDnm)?U+rDWlP8Rj9&Z!v1zK7+g-neN6ieN#9q
zl=VEq!aKKbwDP{pi5_}=V<w5yhUqHJas`GZr)4oqm-4Ne-S(0hL~PHXK1G**8EQ+x
zYkjA<x|${}Rn=w;%Awh~^plY6Tm0<fgq))}OpE6B8_!YOp0dD95s!0^4CU*=R=)Am
z$-q6fd-jvP6{4IS{$-`-zUYBl6U<T}OMCca=t!Ye!J0>292AH9!Uk?WFga`%w~4!S
zQ_?^EJq<mTY=#^uta&RhXx_AaXs$K$J|*J8k=4%4DV$M!ev?yKZXLO>k+S96*cEZD
zJOPI#@hWL`W@ydR)V()v-ed$$U*#K`DIF)gNX(lV&*lA%&OSZMQBWyK7oaGgh*knv
za}Lhur48qI-)+qewmwyg=T|yB<b}vkQJLZ9#`&Q`dX=iX>Uwp|=`r}Hs`<f(ytar3
z+hJ>4UAb}GNV5KAf%?1go%AwHTB+{{Nm^ni7pD{c`b8ncoG5hW4+HsU(w`&KZAM+0
zC-qmvdOx4hyGoAm4|vB8teDzE%X8>FJ++zkC`7ACUw9fri8G$HGvVOX%HL-j<1q8|
zm(gjS42c5H8VBcyU|mbz3x}3c!u>UcHJqMSy_2F`rX$wI<1}vwpSFD5hE}Scad+2p
zTG-@2z-<%4IpK;mh1}UXYWEG?B%vq`)jFX{=aqel<zdf<Y0W-)i@c{*O?}eMIWt2z
zz1=Q{`t?}Z;p7Iq7I|#Z(Kdq6EDdLwK9t^w)vCEMkf$)!&9zHJL@MRHdyE`RvT%>u
zd?FhI)vYCO!t)gwDpT}}7=t6OXp2HkF6$mVQa=wtNZL~1*CMS~<D|uD*6BKjkuPl{
zL1&s?gyw0>GzOBYJW>8YL?wXionl!0n37hwSHEqmghr`}`P|pZiFG7x8Da<=Df52R
z8PBa+S(GvDbMV$>c_iymgCxc1jsBfpF=)E-sj<r!R4}%+!9&$fURvGdPouNpd_Pcj
zrG^_@CU(9BN~F*n^+$BFH@NjZE76Vt0YxzS%S3gkjCKuaL`@Bc#Y%?^Acv9K?dKvC
z{Jj?P5`-kmSwwkIlq58YQD6MiC)ZNDBg4G04_X_f`;$&d=f+|_1O^544HsjeRq7XH
zRP)HukWK^yj>l=vbR;QUBt1kX`y8mz1&|C@geN1HYAv%px2Xr13u;jxK0NR>E%Tn&
z5=QS_fFhL@y}h-Z*9WwgM@nIiH}_MoXLa!f)8;!0(i<eREcDHrq6>870C8xDi>DJ&
z@*@pm_VXI$4g*{TDF*U#ZfbMEN|B*C4-dVno~<FaRs^&8H%KieJ~c?zBN_vd@X_cd
zr$aCIfim<))8^oE^=)L}Y-@zvD^YJHU@2)N=~g<SCk*i0)PuQ|q86AH_*zqB^fxc6
z@svTU8#wgh<&7LSTRYRjipBj-Wy*>x>2?}=J-CnOvo>~29AMP~?$Gjz0$I$4hDoG?
zRQ}%<^D7kERofo9hrw<59IJzULZU!bth*G6X=#pm+Dl6)XSsu0yz_=_dfgtT#(QGw
z=%IZ^`lg3GGmNF6#@$g4k*k5CSJ+hqvI$5-DnvT3r&BL)znNfSxpc~3<f0zg5Q`Zk
z&fdE`4!116yJx2I?3tgwd#88p>gEH~<4O+8y@3eH`UNzKPxr{@$f^>UaEYwNn&FQZ
z22z5Ptd(`ntYi9tb+CzTbB=ppp<OeolV!$T>anH;%~Mr5b8&iT1~pXTi9L0H_rMOI
zym4M=8*2ct*Y}~jxxJk^LefV>Q)!^!K3jpjfX`v7$2P^WRoU!GO?fbU$Jf(dmxh)W
zJ+*vT1!w4S>+EmH%}*Rf>L+R=HB*9s;qElM<esNls}H!3((0B>CC^|UR1doiS3__e
zH8<MpCr1=xS0-X4gX42;1h=xmr7b76=(sI5-BLq!FhqIi_1&W!%|aSLumawbkvz8J
z`7#q7@@UJv`LT2Gajv>}g9<mT>TSw_7h+PInr|Es=`W~pYTfz=*L4;BjozSFW@6N<
z&A6jjRMbzMDlf%;H$2$I)HiL5`8yuRFHVMuE`U;mudi?h_KSZ%Ysgud|C*J|F>t>&
z!0uMlUt2G9ZPc3uZ#E>{LoCU7x)X|$qLdmK7A(eHBY;ggJkRm@^XE<N?(N&&1d-`%
zZ;6z<sr2Y%k}pwaJUYGCVpPbtc>(D5971RGq>lpEuKxU2%~9w5^aWlIk-<=#Br3Dc
z<b&WiF7MA4x>v7;@6APAjpH|eu@T(;K0jgDY6)X+pcu^gs5@53-C=%p#kt9Tu4hK!
zpw_Dt(mXX>bztRDKD6jj<89-+3j_Xu#<D>Kq}1!jErnPv*(53|#UbbVYd!GY0H}(l
z<~t$bjyQJHmr0&w76}`{WZWuKb^C)qa0;j+WgvV^iiZbsB?J!+H*UMTn+9+njaA?E
z$Tu}#9`XG61NRQ!$!4H6g_GFGYIF}d7=lG)Spofsh@4(-`4OYQK*WD^S1^+hnmmxf
z41=a>8ZLh=(M3#SeZ(@D(V^(=TGxr5X6hPdUS7-@Z#IKUBu3k1u(cm^Ti>S#9@|^`
zbX?rge7K;%(9p0=r^F!vUT(LeLnn750&;(MirRVEkUDO2r1JFo>Vw5^yMYV)mTY<Y
zhjO`7k@apQw1qhj>uR*uH*N!Y_GR9~nkSwfF5JL(WE8OYtqz;>_A=LYb*o}%A!J$b
znRMQWOK8;Bq#kZf#O%Rp@!lqNE}dw%%0U(P)DnY?pvwxhpVWp<23v#H6FXaX6H|#F
zDuON?N>aaR%H~^O61m^pGREwQ%r}-FRkhUXPkQdUGpQ%cY3TZLV}NBA^~P=#J0GsX
z6Sem&q5(hQ%$y}Tlh{mYT52)5z7bb5S<|qn6xo@Xqu18j-mq)W?{-(SKwdOE{!?!&
z;#Cq`=8DpE48%FsURjueRDBGgMLDbEx*1(1FZyn&LRDM6Md1vqBHulxyn~`AZ^?n>
zA~RBClXbZLSZa6Aq&GHgG#KwP#-PKOx4N@m+{tC$1Vf~Y`G)3rPhpI4;gF+^bEZ7i
z?PkUIJiR>;Uw5Yjqv!%%YYLCe*(NwYRCN>AX;y5}6BfQ_Jx7o=fmKWt$zq7BBV$gP
z0L-q{U)RUkNzq(c=S)$SJ;p3-Oy|>7<1@pit>wFIqYTUyBKY1Gb?)#6X_F_lu=~@%
zBD`s!YdkivvOC#YS!%-!PKi0Ja+@zA=eD9dqTr>Ik-OQg&{t~z-50xXAhMNSSs$IJ
z+6<d;n8V+}v(CaT+DeA^yuLR3i`dqQXq6bEu}ta@>ieC~o;{m0N&zo5!tJ@0bEgS7
zyP@`rh6_B!-iG$VCOXvHZzlD2<V?}g?dv^8jAJ)4MGn6w@}YEB#)}PX1Zwj6IT`GK
z+iXrLCNxs76j<!A9ebvq<Y!ubFaVc|^uFNYNa@$cm)Dr{jbPH0mlRk%ImQY^;pPxS
z?L3WRt&d^T<&dq_W+ClN<klLiE(vwyZ}9bE3~Z!9p^+OmS?>vbPD=kV|04zPjaA?4
zZeai3xOFR|7{fZZl_=O$lOY$?bF)Dtq_jhLRD=A&L!NjAUn1&$BsYcAY_9O5hK7dR
zLR#Os*0av4X68bF19i?1sXnZ6vp~$&d!P-<ZKbgIJ?Dg@Fucmqcp>5eodv#27_mg+
zS(hl(B>g$a&u;*z#bbks_Ef(K$1NYA?Md9R34ArKuf*0TJD=+SH!p$xOEECcJ`&@z
z#S1?x8gs_VYu9Z`(dKka9KCIL!|Q0q))`M(O#{{KO00hW@#CE=pQAjD3fn1-w8Vks
z^Hmh7A6B1f<!Shu0;u@be~A-t4?25!&I(fW26)H=^N#D=^@g`!dAV;q9er!cr153<
zLCw8dHfruzAz>(=<h`Zf`0~bushIny=tBWsjn9TaR)zP33Brh$$E!X|e=ZreuCnKR
z$e@(Sz4uO@zP5kS`GCvS5@BQwyv~D~CvWY8?9P7c+Y8nyg*Q`8>E@{y)*K!l_-byf
zjI0-kT{8nt7!fspeqc<hFYod|N-4RBijsL(LIm0}IO;j&#y27&qG$*@TSF_E$YbIw
z11w*+f5bW7>HGJqQ=C0DS`B|+Z|DoCmICpnFcT~f^HSK7+hm)bjgYq-#%`pW!Id{c
z0NuX$pj!^T@wCf|BnZ;+ygGcuYqHEG`LeoO`ay*{<6PdGS|iaOdxHtHH^y{^vVHl*
zFIq#Gxzn4C7k+we<o&eG@(9S-g-d-a!ua4J-%DPijYDu;oKG%3wA0LSXa8{9n{l{6
zj`l4a6443)1a|Qzo1j-cvwrS}I&wjwK`%kxqs6dIk{dU2uQMnKcHqTd35?VmJ14Nm
z%hTUKaJJ2b$jfL~dpqt^u*?G~YCn!QUI}bzVNB#V_Ia0ru}Z{^rVcli-lL&W1%%xf
z#XJ;rcx+H~*fEgx17%JxDZ5nt`3>P*;E&T0PT#zB_}Zo46>H~>R9Y1b+I>S(Y+u`f
zdlh9n`VRV!hXhUg@0A8aI=~AQYGJ`HYl!+F&kEpa`o<UpIo{&T3hMtzJmH+}<^v4G
zL?P!UK5CSPyS$j_eE08=4@bHxUEqAT0p^|*k*G}Hw4IrV@-_OtaWP>oci*!6&|J;l
zzwsnYS6m;z8XnU#XxdS+KKj()u~)g(6#5pZ*MqfoT{Kb)ir_MuBj_|(l}jLL^VVB0
z*Y{Zzme9&u2ab+jd^EG`N<z~<z`NS3rtU?_kN3fw{0*{=M`Iu|iGrmnM=yE{y?U@V
zGwoK?0-JzyJ&^8JzDREy?XsSdf@WDnT|AEpU7IL*>pS-A3^qLR{YcFVm2PWAYp?7x
zWJwaXa`Zd(OU*I)wR<kJy33-^#L*~`Oo_mwFbI70P>>^jjBc2Dlk3oc!gxHlPDH@|
zS>T%Yd;l(}O&Q^|+M^<@UtiXhAY70SOzhfoL^4Imb`-Fq6a-yBs|kn2{+yvliUKTa
zEmodBPqS1pu?ok75R2pT&<*r{$J(0o{OeBZo_48=@k{(vZRp#1@WT(c!(`4dd9#H(
z%q-xvE6v1;%4u0x<lO_+5fDA0N*!RK${^Nnc(b&Mu|?n4Q)Mf+Hk9u^Je0y6tg0DT
z0mDtZa>;zAWrcy4m$&o4wuoE^_p;wKW4g|3pd)!BSWM#U4D;ZZg{diHr5!>-!ogGn
z@1dY!(d;KL_N%TNzZ=DxD{{zMP1HF`btW%<Umd0rSQS3zY#G&J`peKXZPVqirM#bZ
zI#yQ5c^A}-Jr;l-01-^%5fEb=Jix~X++@xL_s_A)isAMge=MVl<*hz;6c9^8ai?C1
z^p{{~DK<#&sXvTh@J^XxP_mkdyA1C6$^%D{U03V*bhY^aB7+*TRd070Gj2qeZ!by~
zweFv(&xX~%AY#9~_np$_TMezo8^suQ!GgW`BxfWA9P48<XqYEN2EWW2*PqHuakFm#
z-P`b`x;l1K3uV-_+2I_sIgIT!9p}{fhJ#HoF(Ei3WT)3v@dECpPuin27xPrVN+C)x
zy6?>j>T_Skyo6RhBfUR7lbl<jsvsbgX;-_3w4bPfV?r8~KN>SAvLoX~(b+Em4DJb-
z*ah!((#ag{*L~dS+B$rmvbTb#zMe3of3Pc;rkx3abGuXsxR&^^xvc>c8Xu3ng~iR|
zst8Fx80Y}6!(;34VW5$a`Z};?xy;`l#J!`fPJZjtXOMh}ddg`Gje=^Jm_#1xRVqeg
zb*P)Dr?1bp=JlIj&(9v2o7Ye@=#HYTCR);G?)LPbJbe~!=7rTOwk-yh7WkLxC8(1e
zLS}y3H!GfNAawiM3^fQ<gE(am_YuVc+U`keLGT5cR(MS0RCH^<8Wi>Q`iBNu8uc7A
zW4+o1yN;ps-YJi=T{ZFtJAn{8HObXAUo82uf=(Ip{`f0v#AfpZa}d_*IM_mb(I=4G
zXCBdr>$})Z*3XWzlG}oGt)=-Qf#O=|_xS*VIDG#`upYiu&3@ty7j;B*m=&j{rgAN9
ztnFD1%ffu$Ks>UUjYyf^834Kt|86ig!ab?m#Bh3#3<`hw@+D3@BIfqngo~km1O46Q
zL!F-f5g_E5?8DPDUsPs2nqw=BXIjulM}PlbO)g-RE0!EH;=&1(@BEne>EO0lQY9r{
zL&u55{{E-swnrYhDN#4?>my4Sml{5pZMSC@Wym#ECf<@+)<y?y0VBIryXj3}Z!71U
zizI%<6X1$!5$2<oy^|Rr-t&6)XcM(I<$z=ACFzw6+Uql{8+HAw)S}(Rc(0XVL7?Wy
zYmpU%(n64f7M2h;*{zM`(xl#2a#PtTKh83&+0lC*N>4uZIqgD^S``T?1UX;MT<neO
zO_#uN?Y>=7uI>`199QyRmd>A_2;#mr3>>bNFc8u;?>11ceS1I1Qih~0ruVx2QfSH7
zm|HT#eRSwrIZw*r;&HOanutT~vd3VilYkO%-;sm1sotmGF7$*?Y1cXAm03^F$so0J
zURnYrqRVSN!lCgJ7j|{3#0V__xH-MoKLFSN0(<L1{W)SvXAnVJ8k)a3>crj^v7#qP
zhJ_CtQKktS_Br`N<XgQ%gohSLaQG+EsYd=e@<EF@kS=Hpm`}S)Tk13%0Aah?yI-^H
zU#k&cve%>FyWOQr-0yo)X|BX)^WgB6IU#d#mhgqumW(H0Gnpz1(u^%N;yLeAWnIo2
zjg>0~F1r142Fv}3u|olST)y|Pw?eo|nMos#(LK%6Jnf*}2dQ@iJTCk0?bQb;si3<2
zt-kgG0f@d#-}{ubptAV*_y*UKQwN?D%Xb@^`5<taEgQJq$E+qN;0w;IkZ!}a@(b$I
zi1a1~GV=sWY?`SK4l(P~wgC`}VQNwG3tP;vf}sxni$U8Vw*^xkXCRpkdS%JEtV_f=
zmPDBc=T^g~nw)C+m_kJTBEPxH@Y_O}U|jn3Ub{%K&j}_+T|L_kN{Jc@opUv{oG6W8
zWYgx&w0Z}(qd=AG!7e$7M(7=brE}AnUfg{<isc|Wdkj(iNBCvebJ@Eal&V~(bS8ht
z^ybAdL^dWo@ut8VtkhvcJfK!3cBaWhTSCRfO<wwhhua@Lxye~+xtF_ZzlEP2)sn2%
zUtUne>sH;U<`~SpFBs$kCgx73GNPcoM(VP;+KG|wjlXIES`X87L4Yur`qM$dgkSOc
zXm|aAMM>i2w8X1tz6B|o;8x}JCD;P#JnC9nq_g0E*^Uhg!i|Y<QVScr?j0|2mdf4U
z#)c}&*Bnhb$g^K}Fb;_AdDqFdwOY2Fr(fMVzqlRYNS7m@GtGbz8B0&8a`DhY929SL
zT%=4q+&OqZ8m>zhaFcrkOH8&<(hY>uNFnE5@kU3#6900{2!7qryioJTvt7Tna`$D`
zU`l>*_w{LxJ>5zN1wDOF-Y!$G%~n4?lpv4QNXt{KsGFvF7k|OoucDIZ!JTW_#z+{i
zz}2Vgk=TSSexJ3XaBG9r@hd628?)@!rf6wsxGk4piWr6bV)ioo+4Ae^Y)R+N_Prq+
zs`iz5l6~MYV}|hdDGyjTE&eiEuefF{={Yje4&YixlBwgmjHmH&!L(O9^QuzsJAIq?
zZ1rbGrxzP*=RD@0>5SJw)FQv#+<r?JYO#j(p;!h{C7I%{lg7ovx0zhWT^Sxo#}w#t
zXEKXw=p$+o`HlT*h#RC-`K@Z^jd3u<aezMD&61}YrP}DAhzEdF@yYxyYIs5T`Q71&
zMq>@3p!vDN2uXZlz>FFT>pjzLJ=M_BLoun;DMnr82zsxT)zyKtrB@<$<P(m-5a*yO
zs=#(sUL@MCQ94_fb;P8T8QHr+E%jz=;Nx$@uJ7VT?NxE5BmvYEgCau@#XMRp(U0Hk
zGjE$-h0#l&0w*j9hJ&zCdRFUt_lE{%jeOpb?dxZ*O(Bn*(<osQ5kU4z;=O0e-d#wo
zbeMf6{W4&e*JA&Cnt`sEwK>-!kK|Fy{QQr*fpqgSEE0q_IYxX#1(e=t)tbFh85@X=
zLZx>5t29ue(yOW~bH-}#V(8|ReTE=p5iu}&G*U$(QLuyuxltL5IJ_$SZ0>20DLvaK
z23W{a94Dv1+S02~-^H)~YW{J&8D+F0z|5R#wnU-Hv8$VcuFLErAh)F0=b>t3VCDpJ
zk>s2|D56k%;t5bBP?lm6rAJ8BdsR#WNy6tQmt1GRossw^ceu9tpnZEh46}Amx8i+o
z5{HF)!cgDs;R8skrdcA{g>6{Aejw*OV`Zj%ym3jfDGr@n-`Stjpu=t2$4J7g%9zBj
zN6SRRs4!&CF?<c(-Fe>yfrra&i%<A4-`E_?e8gRHI7RMJ;C^-2#32-2uN*Shy|c4L
z=j>q(&+_pe-xBvWZx2hq+-%!QuCyZ)%v_p|V^?VT{^B5L>j!OfBE4;BkcvgYlNVm|
zb=P)wH)4XyK&Dnk^?<DP$4#~-@8=Ae?^><cQ7@V|$CfGz@?@gEo_mmRPrKrMlFeZx
zAxTjFjm5;zGN$)xv6GWa6=%*(paJy-4GET7<y>TNu~@DTL}yI3uW7J!&IycBxac6f
z_vc|*@XXG4RwV}3y&XS<U3qz@j;MiK4g!aadB1a)&o?LcYH7S<3cei0pXuWTRTj@m
zt+mpaagDbX*Xl!>q&L@F5zp4UUooi_RWy`vC%yiN51|%~eUcpX9mM28K1&jpIKqv5
zI@XjYqb)g37PVhyGm)6fXV!7}NLb%f!mPMjz|}gfEsA+=B5H9u1`WG!V3}gA1*aSK
z?X0^_CisI6RS+t&aukvT&-7oP>7*@p+I+P*QP1{(>F)zq&AuatMi+G!gTbf1ufK@C
z#`>$72fKum$+$}kf!p}N^0_nZ#;fuU@I)5PE43rV+aFIe+#_WpO>}cx=%{qVpPi_+
z@+w0@^U}E&6JVUR-3*dNW=8pG<+c;y5NPfdc!*y0EH!M~L<cDOv&0m6pQ!5@iieZD
zFu<c8DfND|tX==U7EhdGgW)y03|(L<dr#1M9Ko70dsflA)sCpJY;JUPzqP!|*gS=A
zos4K(w$dmL;13=mG%L@BMZEOD=e*P|8a2S)=QD#Sn6=(Gh+?c0Z^PUALa;STmby8O
zq|-Hz^O)T{-r=UFa6$9HWn1j%wYkv6Yw{g$IYH;r*tD6uZrn@UxnodIrKB{!fVN_S
z4eH<f@c0adgk4QmmHMMwm5dn9qc|Q3%ZoIF?(5cK<3xw_+YdFLs872%I;v#^%y8Q;
zJqX_O3VZ9#qoJ1RlT5Sdp(&(NUsi;dfL&kNlNEGc>S5BTe@8qGGEdHKyAlT<R(WN%
zy7BOo6br#iyuZ`G(rk6H0&){y*gbAiQH6TZn2C$O7FvmN?F^@_-Z#E<ol0$xOpKYK
zOrYnLpVkk%#VtL{LoZ)-15Cs8R^mh2TPUCU@`y;k-F;4l;5I=-$z6Y$gzZETPkp8G
zrzjF1HjwL51qX)Ci#9x?5_Wl<H|iY9Z3mJ-i&^gdL4UKfCP7@bZT<dw^%CTBlS~>T
zuQi2IA+I$CN(Xpq_ThC)DQ_BIT63!xa?~v{-QXU1p?J+G{KM+%v(jLUkehP3-8pg_
z1A}BYyoZN4!<=5F!~IXD=gywJg=TGsy6X<@+d-Hz7uolAA*t(T4)Ss9iN}%7<0zPR
z?Z9Wl?CrMDsG%lkJ<2-ctc63jj34(ZG7=>YVw$7#4{=YQ+F@1|b!p5pKKC}yE-bHV
zV(Z!Q*|O6jS#?S`H5!V%*UP>ZK<OhkjY@Ub+pRT*ZuvrF9;Jj!mbQ;Hl+AlQS-3ow
z7+Ikj$h~U$IkB%r$F64K88wh_%qU+wA;+)6KYg0{Nlt|3kP*bQai4WEsJy(qx6WPI
zekgxhcIh<PimmP5M!7puufLGyiKbh{%U4(?IZ`{{MJHJYTwS#{=R@uV-XXQi6mzvA
z!q8f6Q)8X`NlC|%!hoQlzD=zSH4`}Tt58v|A;S@G-APd%#6XrSG40ij1@xR}<#0mT
zQQYsGEx{eSjO1%xtPXUNrG)_`ZC{299D@F?rm%-tWu`0WxR5QUzUiNMP@2C55`g5(
zXK|J}ik)AGukM%z{rF}#QJFS|C!!Y&x!NEC5RX7xqCo)1d9BYB1T`evVYw<<unCPs
z1|3GOZ|wZpmKlV5?w>Bv&YK)G<yrRsaGqgQ)_)@lh3z7h=#dTvmdBh>J5rgK{@Rz$
zdB#N-xJWFclk>N*tHE@}>e>QZe(J&SueXI9I-bTbX|asgZ8H}PTbH@{rq^Tl-^~4Z
zxQNcVrKBXKQ?|@CQt2=gl!bY9p#m-iiiK2%nL<%UrEh^3L^xFo)XSz*|J$6hm2^Ks
zzT}0)uOMXA%TpackZTn3H^xGhwMrIKi29_6PpBbH)pra<PJX;^$?0AnVsM##+%q*O
zc_q}=`-hnmU72=c(V;8*J=Q||jOY@+O#kDgZW{c@q-ma3HT!sdi!>hI3Sya5V*>no
znT?aN^o0!QL7VCz7m%WxoWBQbn9-*Iki2Lk*|yVU>=6&d9zVu4zLR0nD@<A^%}KvD
zvpDC=_cl}U!o2B3o^J7@?wYSMARCieK0*0?HLSV1R$s2yIm3K>JoY%RY3$M5RlDYG
zJJjs9nxo!2$rQ#`0Kvl_OzNB35EB=(kjll`oc==`C=pI~V-~KgKBw9h@3_v8=Bu~V
zo9CEtFz%6t>J@PoI81R=`wY@*z$$L0>x^KCL24kwKHd(E7CAV_%*ZG(KkJLlI?iUT
zbxp0zX6_c#Q$%sm<=`m}5R_uCs<?k<nwPLX>QhIhDvb-l>S^ANrOV&cd{}kno$AWR
z-OywjaFDt7sB^vv@@FE$_UVyFL~<iXX@+Y=atjN~=PO7OOVC-{i@@qOD3+A;+#Wxj
zLw+3rVoGzb-!>`n_!S$3+ENBPvhwZNrbff(TI|!twiBuRLo6m<G)RuJ>1coeCx7n-
z{ZL~&Y+wzouU%&pyr!ME09A$8`d@Vx{*gX(&Y71*_LOUyFP;kL(CQX()su%QJ3*v3
zYTJ7v>e-tjO7oTM;dgq3=gVN#T(Rksm7H>j5WQfLtZ_@-2RT1P!*(WR?_1c*Ur$qg
z<3NOtFtF~IU@Kju!cGK0d$;3wjlDz#9q9!sOQZ$hex_1Ef9HRzbVND@`JOR4#t<P%
zhn+l7g$)+<=b|FdJplPC$w@unTDAe9cAQZ(=iZHs9^XoY91C_~4ca|VNlW^bEMDqO
z_x=h7-`B5^7J+2|?a6jy5{K+eGTt1k!fBLOp0z(Ers`qnEPL@g2bg}&)|NhR$125J
zhf9w6NFP$}77%_H?l~R$ExRxx*rk&kI<V^RQMfk%j6o%?Y-9OQDqen#<be+ylB%Qo
z{1Yvsf-b6WvwXFZy#|y(98fyqU0+~JHY3gr4>ukG;9dr?XAhhg+Tv*4RBnDX2?wfF
zu1}TXD9SBCD5^Ci<yp{|?)-w1{t3BRtNpo@z4sHN9tY?U52WGgnHpY*gM5aZ)KSYK
zi+v%8L+U!H1oN}Z2S67$$F@bAMvoqq)0&lb#I;KE#FNn0d1E)7$Od=oi1%vqa_hFf
zjIR2f?~KE%A%<QJl&@mw2rpcSGNC4Sn*I=KjB5o6yH{s7o!>FAONJcwNm~|xfVn`;
zermt>ak18G_J&B@c+Xt8ii*IqRll{vpnFr(^H)7v1{9Zda_sDy|L$&SnKSwP*&gC&
zzP_oxTa=Mdcaxl4FV@~J=(RE|pvGIa>=}lHK}~hyOfOoc*p$a=@w+xtEW=hUwpfF1
z^GC5n(7bWX<ISPEMIv~Sr)TyP7Yy`jLz=ZDzNEhP+DwHh#tEyg^5*5ZC6u<jSPPn#
zT_9P)dN)~qMR7t&T6IeHa@pz=3H?yPUXlBksmKl<e%ZYk<HT{5xH^c8`_t2#EMZEf
zaxsw*$^aF;A!`>{AlbH8>tW)2^2ANPORo+MR0iiDUz(XB72HlE7`cRWJ-4NZ1x2k!
z#AC;dn>o#!VkGfjTKlW6(yH9gfZ$FArAiP|_`CAjej8X8d_jcOVIk$V*>_9WV3-{t
zqlRItuQd`<Z2P?f(WfB1{Kw8nQN?*^R)|f|7DDt$W<UtkRT!OEu}_aG9#kO~ti}X$
zp8ojSx>{<f-n$bn7TL<Vx7YgHH{y5+awSZQwW$tubs|kqUEFrQbTPSqSsL+t$gGj4
z7SW_6jUYYZQ>$m)l>-vw9!Ldbk@F}Y*AY=C0kbf}nf>jcoWhvrR=@u%9Z*87QCH*c
z<aI=^khoUMV>6!5qE&+~kr4xR0k>$~S3rhlq|(zM?n^Y)K8SP7b{V91ZF`>wR#*S(
zU202Ec;h_Pq@Y)CuNKRprT*bzoo2&reUSXptJ?N{k2~6H=796tzV0w{t*orfQOsMA
zeADsn*ma+?kKlH0(v|6ZA=a!uKd!u;3>SD9&to@)i$BGrksc=LbLel+nwhai>q~ai
z0bBxV#gi>n9-@fviaja@iFGPBLEE$6RHIqO5$SgIRB86tvye9Nm?%yu7qrKI?BB*z
z><e<W!0-cc=&X*|+7dfFlR`2(Y?0SSEnk;^Aall%=)!<O&>>SV^hS6YDBZ*Tc;CH=
zuIPry*wq{cAYrK7GZ%f(l^ZvqSuW1C=rj~Ni#x~`iQML*QE3+eUi@r_L3)0oel!Gr
zFe6>+xl4Eda9Jr)0Ios89NEuIse|gM70*XTF(VC&qY>$_s_nt9&UTRHQ%`^Ph;pP@
z-vBNw1{AS+&b7t?eBMfv*P}<D;zX?KAoD#x=1e|-I?1`fl+#YM-^)De4g<~-Q)W<;
z9%e$1_EQ~z)BuH_<PV;`jy|Z?Hgk2YJuu@H-p&=~Z?r76Y(zQ}S9z+*e|aOk&Y~|0
z9V*;<_Pi{iCQpEFN$eG7bFF868?~Szou2>qYv$rch1~;|^=F~1Q5K~#W9EVy)t%P%
zL$gYjE&WTGiCNgW{t3nTkBv`u0k5i$BHE^`>h1I^Df1ao!oxG`c@OS?^^l-k`0CqE
zIhr4-jc&;k-O?QzUcAc`GoiC=Iiu2Av-PD%_6&UU+ZSP(k-F(GQRFnNkozkGlOVYj
z5h^80z<E&Z?jMH*9#@qIdP4dm_5PaYLJv+sLQ-OWsq!L|1Dn59(||oWz$m4lx2zJc
zReDU)QL-4++FUV_zo4qrN*Xaz=B|>}m7q4?M~Ca^55}o)3<@}|Ja*tgKf=H!2FI6C
zpu|qSPS=9+Td78WT|8>clPKG(vd^PdhXG_W&5Cmz%g^EKuEo^*9DUj$a_9UW4X8G2
z`|!C=dFj(NRZ2m7S&)IHkC1WSnAI3kWV70;dE?;fsFt;rha1kKCf{~8zvgHo?}ysb
z16m!|JXu+!ou|FpUqCKmnVPSUgMk1kZt7c3)6oSAUOTyPT!!oAg+X<fdh4c53@rn_
zWu1RSW{y(9NgZUN=0HB~;@%pDj-10Np{k}&LkkX{0l8uuifD_GAZ)4Ej5es7&US1b
zJTChIB{59eB_FiQ7FqwSWw`_^*ky)rsq4pb+ylR|jD!C6^KGY1_PaNHo$5$`{Z(5G
z^Zkg{^k_B_6!@V)P2}`r267fhEl7tFKi;X`G80uu=1>I1BJ1mI=^!)m1zATwjFP4d
z%?ePF#C745=P(8_mWNArLDWZ`X09`>5$zUl#DV8}Z=!1upp(jNtkQ8d><G8m6o%A5
zp)Jlx*IR4h8dqNs64s&IFM9V5shJ_+@i&ig1LE<Nq7}o^))n;$Jv|RhyOwYt+37X1
zh<c&H-@bj@tc(bFy?wBOB~KLgS$k1#JfGZ-8>}VFd_y=p^rf&NX#3cSX;Mr;Jo#ob
zQlDvXvy;QS!Ux}J>j8cW_YO*}qv#crlD@Bh7jX31(Q>vNdcdSHn60nHjcleO+Fu#F
zQo6h;nIMJ{==b@k3}w{O=C=CETp$ASYg7dWf*PXWUc2l_=VM>4L4>;C6ZLik@a005
zyvg@ujx;y)D%^$*`PPEt%kHrV>4HE%NV(ybdeLrnOD#&E%Dz5GyzsBx4T}{P3^dyJ
z5_Ov3i%0(BT?3@<wo*t2BU#lfJ7P;C-#$x~Mv>d7RtVs?b~eYQ0+#X>N#tVCtEy+5
z-+thb5?&@Q<p!asn;U3qxG`+3bT}QBN$uojvpT896w|E(4gAU+iM}5Tb(S-87Qm)1
z!y;;IT7#K0B$DK64V@z<^LX{Sk!q5XlJldtCKx=%wH$r=o^OMc9w;@^1)>CST@EZc
zbhFtA|B4voHX6?Qe1Bl@<Vl!3y;{PBR~xfzs-PZN=D2>4zeCixjgQ;C%x04J0TG5x
zUt{7>jLT*EN^Iv!TcTi=SmOj9B$(cU%hEQhdXw!gK$&yI*HW9D0NImsPhQW017rS}
zy=3~DI!Dp(^+9$O*ce>io61vlY^`@6ZPj0^;-ROv=z`+&=WBiC03i$%!kL||Czv#n
zb;_}GovtGC$Gr4PBw!qqrI_5m8yIt)djgQ}GAQRjBQ+2ZoagrC1Gj?D&c3kmzR6^>
zHlspN7{9bBs0WG(G8IGX6#s}A1>ND`Q0+{zL9NfoE`I!!MwIsQ$B*@%%L-JtqShHk
z!M<p_{hH$&fwz;1eUjPwk}&GJ@^l~8uU@OqsaJn1Yzg-zith#$m0^jPm>A_a{-Aq?
z39kva8LN{s{PE)`5qdaeH&+~f9h7uOI7NMkh#s{0hP*aoWd)3U0r!Pmpxthdmuu%$
zxhz)=+I&s*xST8(4v`0S$YnOVnLzzBGBRo^@wm(I6Gp}u)D<y7Q}W|PMm3Uy6W&v>
zcg3($E|ctnipl))@mo(WHL}P6p#?;j=N6?puBwyEbnmtdLP4g$kCc==`dQY|Ggqa(
zjPH-ijaOIMM=IQ_8?3-&)Sz`wNvz{_l7<!dIcSxU@Il=s^;qp9Ul8_SYJ47Dj$T8T
zBdXjHh;la0fa<%wcuo$EHJMQ2Nsv33Yvj>8_Hlhv7U?``dVpc7UgJe+GZI$<DFS9N
zw`YFhxVv2#(BBRfO>(Nhia*YrfopOiwa0nw*PXa62W3H(K>&#wAUm^eo$O{yuD;=o
zo54e34Grjn;JU(mi5D*(c`S~dBD_otD=gwJeYV!835U!#brLwwkLyHab;<U*WR|T4
z;%_)(w2=i2ZI)`F8WU~5a4NBu3h4*JS-@et{=jG0UIFcEjUIO_#KI{;$5aox%dD`&
zcO)bm>kbnt9AKSID}!syAy9|3T%OW|5~b6mNy;C`qz^FaDxmOFP-#M?xUd>`(Da3l
zDnnfN-o1q`?l%VV)aYWtX1DX-vkbgpZsL>mQwj+}W7!T%KMV)k^O7PUHeYM>*h*GX
z0p;**5?{R74+>PEnGUB9_D7Qu>Di3U-6as4;X1kN^a_E_iF}|A#{)<CZf*y{e=zPc
zk+6FaT4`o{T(JgX$V6BPaq)$@!s|#C?7Vt4ksHH?Vdx;G{!rO+b?`i1<{hZ(;RfkV
zCY>4kDbG(nM~~#^M&4=W)M67T%kR=Q&A%DcOBhcEd<t@QvQbt%ihcb14^UcTN#eG}
z!(2w{lSspHUXvZNsSPO7#6E2V2U1n)nX0F4CJLpl9u0?ry1e5;vo>|h_n`2eyuk5y
z@l+5E7ngjs3l`=kRL@RxzzKQ)>2XbUUec8yw7zaUW4iUg3X=~HC~7)P8HYOTn5v<f
zLg!~Y2`Gi_15%==!q7ufrB)jKt!i1$>zkD~47|5lm$`v}k?F&qerq|Ka7Gaiw2qwA
zR&EUBIHUq1Kdx@|pwu5^7Se&%9ZEVlM~NV(rYA0<<lisKF?v%(SVxfx%wN$S%>9V0
zEXyHeW;-l@{wuBKU7oai!1N5baW6e@)RoRnQIEg6o6Km4&0zTN7`;-}GrPN{{W<;S
z5nKb$W&&nRTc>mMs<#<5qx#1>6-e5mRDfMs;yUq(@A_^nNVj<>#vK<o<d5NR#D&yr
zYPIo1z;NdZ&c9P1t`%12F)%yxR>I<FH(k^ztbIt0J78yS6Q@jBeJwXVXzxJt6HD8y
z&ETyg<;42fqM^BS{>+t+T@KSf(6+1jNX$Ps&@e!wbksn8RAD`A^0-(k&BIhHk7xN?
z@q|U6lWZIC<3KKOpzgqT+GolPna@nOvuC0bY#C)*=(f<(dtCs|v(`Wh*#eZ1|J4<E
zMCu@Q4yu1&h{Ilq_uXI$Qvzk<as#deUH5*~#(rm_GY)zjLj~xu34K>c6|_tuexM2)
z(3NSmh@qCk2yV-Sjg&W{hu<l2SgV32KG#E<+KsvmL(x+ZgBM=z&QFHOWww}9f!K1j
zd3ftxd@Ce5+SsIR8nd7rcB!m~;0)^u+oF#g{NFAD&>EO)vPOeAZdf4V0q-3|KN3=<
zs!C~nvH9fF=ZT;#pt$CTsLdC4&Es>NKrqLkEb=(4&3w4uD*gG=MdG1sdxL5w-8*7T
zD!Cs7%HT3`-bpq!E{j`<73LpL7mrvIj+GC9uE5yG+xO`%{L$j8Dh<REO3Y8qBjkP>
zN3{UKcf%6*QAIc}{+#pT$RotSYU`fmjtM*q4$2iajTZB(+;(NP-<~&diyu6^r$kKb
zJJh7O(<IR=BmlZi!z-l~+^1#S&by^kUxkG-F71&2xBpO5`f0Y%VMKYD{_EFos{~$4
z5s|RJF!8{qf$|;an?RL`YLHffOzX$I(Kr#uB*Lg{<o!|CN=Df`Qyh(qSjubHkRZYQ
zv~3fsN7kE0YmHF?jZrdR*nhVlK96+9D~A1hBfyDo*_mG4cv7gT4!UUc>b=E=?9NsQ
z+`iMmSzV1%{<L4^&}ne@u25_EAWH^$D@ua_=KDhY{4kG_VKXRyzx0bL2nbr9IbhoE
z8c<Wie1CjbeDXejcjB2dS?KMPrpO{Us2v07Wd)s(Yv%>m3jh(%{ilzzp)Hv=l*4=r
zw2LCrt6jy8+Z$oNYtlwf9YBL8%UwYq^{?{^V7dKy!CHUFpRKH>G5Naa#E%bQzA1t)
zUO)`1u8@F6;g6@+kVAT)ZxuAz8i6%3Cq1-(ocI4p53SpiOKM5p4{r1SzAk}9U`p%p
zYc3A&radm}bOd*;3A5Rd{`_YfXRyj~!+1Jbv4No$vOG#EsVJXlCj6Q`&hIl|<Cf=+
z`9%NrE)oztmm>0i2QuM}pl?<^Q}+H(rr_YxdHNg>CiLqX_y3qqdNLha5i7sW*sq=h
z5H!YHj%sLCPF>Me+gU>g@a+}k^3=8c+r>vf@Ll$#O;;WB|EBpm4z!W6ZYR*qtiYsg
zMchr=CK+5qSrEfwh*tEE%6AF@LCWglVb+gM6`j?Gs(*Bs&=XBLX{q|7b(rAU%j3@4
zKgV+uhhH7}gh>;i+x+ME0{ouxe?)hF$D50@uFii@(8>9T>6k#<^M3{;;-1bp2M_Gr
zA7DS8u=*hNxDENw@sQ)B3HZ;C!sL$;^q&E_evIe;j8^ggleT((RO~uo=%6uk^gMYu
z$@*F!^WW!R6TEnMo>B~(vQ4d^e04wIrJr;RO>OpbzdH&ReG*q5rNid$pFN)#c17Aw
z$K2cJ3k!>2#FDL<IY;sKa#VZbMje*FyQW&OT6bd@b8_`%$Z?nWKch$S<sTsV|LW00
z6`i~k)<Ns+PS;!iyy#*0HSh%w0V5S7{Ds(;!@I1%WGSO6IKe}e(F`-&B|Xk&HsN0j
ze8Xf22m%JbH@(#?sH4|-nj3m~k#xHH7Yn>Ue*xfE!U{7|sX&d@G4=!k?quA-|IL2t
zc`A3lnPPvl=Rk-5y7WvT`9BZelbx)}F)w1T+X!B6@noPdZXelo&prRo1V+h|<BZg~
z=tsg)r)Rw{S}PrYZ^Q90iMc~hpd9IvlQ?Q*t-JhfE>3nf<=>q(Pj=2?iVCo?!jzI>
z5wcB+7JtS4TuMN&Ob5VzBQbAbRwCw7BAd<cT_cWnb!tMJtawy9FYnJqSa%q5|Fi5N
z`}Je6$!evORv)-&r5lyU@$>&atl7z7hqG-TZR$U6Ziid_aaiBuZPi`0I?AR4tyRnK
z00?$J`gh;LlYJ#=XqxVu>8#t0jBZW;dL`-kW560O?~Q1<R(&&nu?*z%$#|Z@aD0bg
z`_eqD1AkEp&*0PS<&T#Ctb5+|@XB=pM)E03?ehD(G<enz!oTGF2d5L1d{8xp2U#2Y
zw!<yWq*7lk{NihYbC2W+-ZPezQkaQ<Aq>V9K00_wl>O^F2<BLRE|#;wm))AM`?SOY
z`^DEz^vC!Av>0O@6udApH0%%>$FD+_!vg!IJDf;QCXD8|*g{6!ZIVrltyKg?QMiAO
zOptg2q}3*LiJi{6#8zJ6zeny7IbQi_F<Q1M+F5R>*C8gZvX?umLsjCRwGYi{j)74E
zkS!s>RI2Xiq(EofJmRi}{6$K0^2Y~%Sti%{Ew`f>``2j1FPgVGfn#ofI#XFer{WdI
z(GmAv!QppNmH&cL>==}q#*4F3+v*(5j!_a!E(Ng>|J#JAqJhhf;c&~}XfFvqMthhn
zjS(hp=`1^Mp3W69a*84WhJUtJ{&sSx68(dhWMLiNPgP;Rl*s%0KcC1&R~xbxb^ir$
z@^ie$oji!}3%O{Nk5;BY@ea7OeEa9&!?mk`Knc56-&Sd66y`U~PPl$bAd08>=P@Je
z2?B;Q%8Xwj@B<wo;=cL+JR-Pp@fhvjgBIW0wBEcmqDj3t#5ULSi$b4I-Z_SE<fq`v
zh5B#>--6#9{+|2fKt+x=%`OePCf#wv0O<+2zbt?otjGJlUs8>TSB!#31Q)t5@Bh!I
zPd4Rwnp_tgZiaj-H*@J4{6$fOC(QW3B|GtE2EVS|G1BRxI(`KFx^2qIZJR1aD*5#a
z1fqfxEip4r3jaKP|KXT(&ZHcRfQ>5w|6!eulOunCj@8syU$3)Su9=In?%1vRwXflo
zV<>)R<*poy_6lE@Zd~DZTrcAJ=kbRn=5|-WEpn=)IbRET1Rr%&`Xio7LsCU($Z4<Q
z{KdJ%#l>i@UJmzrE6%cibOhI>_9sJFx3rD?+W!Pg(e9=>ehnT(A$vz}XyeZ?(yrBC
zF%^f?Tn#Q<o!ZV)wC>##B)Q6bnT(2u{M<h)izEOgYR;k|*Vfb}hIsVU;u-x}b4-d0
z#l_Xr5rucwmi>O|;)i(Yy95LhIXvOgg8H$tGZokV+2j4YpF)?1<8St3!u~m0s7|<k
z9$@+Bn0|R8UICzf{{39{7$^aVynp4-&ks};-iEw`3jC|xwT>0qjf|>Gk2(ndCE7cI
z#{f@NkB~mHQiL+aPRaiBmgh$FKc~0!T;+5EFZel%q>edGw)9pReL)fTFToWiaZJ7{
zZ8yH;9-rl(snY*9Q~Un?W}}ufC-*ZYG}6dG@aO+p&G=JhBRf~E6yN;58q0}#RGkfZ
z2j2K|Jlr}F#P`&$6hHnAHJblxs9DmANp<{j#-G>u4Wvrt=+4$I!Hq9ue9xW)u3_}u
z*z@aFX02J#9TJ!XQaFCgf?dS!(@Va+uMq;)dIV2~p#XH-^ieq`A<Vx7b%563%Xd0<
zg<7|94Gn!%6g<{Xeb2HJ^Se!C=Vm`;Pm;|5Kz|>BZ2!RRp7F=s+C~PaO-;3I@-Gm4
zP`Bi;R?xSw`d3{C7LfwbYDNzn6UooPf5Q57l>dVgRP{{G8@&ZY@^gd<pCIRdgE-ps
zyphH+=zflW$RqAj{j9nKM|0Fa9}_gnpP=zSAj1CjzF5=wt8C$fNOfaR3iB6GmzU;R
zkffrfcHKb!fJ5YHKhSM<_vRFqSm<`JOyUSZQ3}1-m15cd;AigP0UqZs$I3@rcDvfb
zX;Gv0tE10q?JJsC`KH&d^i5}Cbgym;uRaSw{>`Z99G*gJ_WQKM##Rn<1bS8KjZm2G
zjU)JS&R5f{<!G|cy6NfZkU?GJ(uy^un8x;Qk=qpc^|t3=gvvDw*Zif2j4Onq)-PW9
z=XPP-0!FNoF|5$S-m{C1Zx=&DoCo!3t6b)<sbzKg<*3#9xzc-I+5Wcuq$8eJba7Dw
zs{Vy_sw@!tHt#m`rCT?~s$B#9{P;I!o2OgVCMz)p0aD3sW;uh5%=d$f`u-PN-yPOe
zw!Q6KM;$9-p_h>&A_7D2pd&@3D$)rk2neA_2`vzGQ0X8b(u*QB6p<d<C=jGZq=X(J
zK!5--K!A|;ZSItN=Xbw65B_mH$=PSGwby#zwbowyYf(4l^y%1{bMV49ecg(-@$o~%
z@{7pR4x)EU?}hI5xRQ6KSn*mjj}5L_nGP3GwqV|V4@N#K%zvbLMOQ+auZ^mASP1a2
zF&OoY^Sw}fZH;vAUD%-<1BlR&qr~QcX}QbYAoZ6GdK9aTc`E$jgBD?D%7Z<;btTa)
zv6VcwH}2Tn`k~s;#!M3-d{yGAO<eKa(q)aHc*TLyhQO-5VL_?rcqMzS^=!$pTv-KX
z(7MBXgQeYY5v;AE_MHe~XIL2jBrGuTfkYKowCJ;&JUl#3^k;$dX<{tZ+;DQLV%6@a
z6t+(H4of%1oiFVIiHFZ<lueAsNSun+Vlv;3KZ>Bp4yGDj#-p=HQF!CMQAcb)wsoMe
zH2|kl*|a%-Mci!y>N%L*MBc8EM(6C(H7>Vo*@y0ti-*AQxav1!s%OTsx*KyEVlPHY
z<?Z;f7KSn1_Ox*C>Ic?`Z1x|ob}nalc*wN*vdo=a^xZNg{uJ&BtZ&c55iz0F^U)=2
z18zTC{wTvL25&T|vGs26<L;T;yl-ujO|)q0J8H|3GIKN0o^3ndSPg;M;XC4YATxCX
zSY7QF4Q9?b>zlCC*9Gy4w#$&Sa;dj<+86Z{pED4M{v@AX=|qU*6?vigoIo)&+IB5@
z$4ZmrDYafl8}wN>Ppjw3lkv0Q3!l&M*~KxdJ5^qs;^D&5=jO*B7Eo;Y;M7#C)07X*
zwb0_p;CxOgNssmLW-OVVVHsU2$`kP?4(eJQmY$9EDt$hY_b`<Ivt29es*Lo|&h(it
zs%_0eZ&4_yAs;K0{{2{Ft;7{B_UccY5%`I2mOvV7Y1+jWA#JP^Y^}cY1>!?3B-E-s
z<7Suf9bhN-o@B)gC{2~j_-Sj4oQvjC&JWktrmu-<#hIDVt&zW`v$Nw_H2X<%=**Oz
ztsiC1XCRfcfvcT5*6cXW!&`Ut;D_8cUyTPRMmS+x&qPn6P%ho*@&;r2(%YI3ccrhp
zCb`kb-rkmf@&eOSy?Em8uLeSIWm99kN*~HECmiR$eO69rqn#!_<kuu%pkX4E6cxcX
zF5%?*#oMM*Z#QU>8s3E}(3PT~*x4^GF8Yx8l{#N%d86)amA|KdQ=b1GF~6OX2pxt=
zx6$3fP^YKtkXNK*Bbf->ntV3^FwPrmswHS{yb2hgZu?22)8iWw-G*J|d9~KQF&uHN
zUjqe><QGl?mw5Xxmze*P`MY3g`HSqZ3J>(rT9aa2%2p>n(cXjW!<#oUvsrsLLidJ>
zWx|&Fxlr_PR*28vtbz+K$_B*JJ4ThHd}dq)nx$Wy5_m-p0*|jMGD<Yj%DKSG`EEa=
zq=;69R<KJ{wK$^hJAqf7V)~kwx6ZyMFV?OYlwZn8f+j@y4XT$8U^U1iev;@-U=P-R
zbI9YFL76M@s!=Qn-3nM-_6}VNQZ}D-%*%Tfl)^%GyP7!d$L3q~Q;Iv$PJszZ_953$
z{-y3b?F)3d`GjT?W?t^l6?+&rvkVE4#UD=U$^2b`(pu6>MeR>&@4kFgg`KS_dn;tD
zywS~_h(qi$$g$@!Q4@Yk^~x5I8HEHYnQdNAFSNn>ClYvAjGh48y_(2m1`?zdpHZ2|
z1iQf>J1Klme-dAy7a!N`-LC2RbIpghLK{pXOeSDTgTwabWkPna<Eyk{)`yY`WNe0<
zi;ljV{<Q|X#F8u0iBVB2axUn-;{y$sF~B&~Er$3fMzBpcOpNCQ;sh=2Q&fII&7bJ&
z&V-haZ3k_uLY>ujkt=eJ(*no3gxO|?Mto}EyIwx?WW8=Gr$hCt(Zd(o4Q*41f1#!e
zS(~Rw5o5#`$N4MGyp7sMUuQY5wFEJ{EIX65G&Ma<e-Uz=ZK3*XJWuPoEvy(dJlOK{
zY!EcmF0ezgnrI&>6)<3=$antOMw+Hb#_huSS~=+`iqh02r=R46=0}xg6WF2NJc$})
z!$~|e-cCce!LM(tx3`x=fq~CUM8_a21P@#CT|`!?DO%XVYq);#U+1dde?guhu|&rB
zT6JQBH+{Uf=HiAC?9R@GMu`NB!&yDX!n5*9@+z-)cSU$>@x=I$UYIlzdgubuaGi4G
zFF87<c-d}7McIJ-%HtfA@Y2qdXKDa_7^9hZQpyd|@Dcq`wz6?`zj3~dXbWTN5OQ+K
z<EftM#g%QBc2vL7WajFM9e;m<kW6q08M3Y(Jp*rWuQcSiRuWwiI4yR$MNMX%%w6Ns
z9md+ToOGf#Hc;OWH{=pB2zGq&JrA>%(ly|N=P)YFPB|xBSO9eOR~w)%V|HOdvBvKX
z$y=t(c^h9X@T?mB(<JwyVoveC#1_xI=lfh_Jj3o+K+!Aa4~Ns6`9I9AA}e@=v3yB8
z<E|-}yGvam<4Y=u`zzAJ35hn)_$!ibtl|c+1nY6mthh`4qCJ$>fk^v4$|H{7DyqDr
zkX4|b18Wo%=(x>O8#3HZVl5L4T8fG)r36Cu$SzKLp{$pR*i&C7mjBWTe~t`QN0$)X
zh0nRh{GH{M8<_#20}3w!KZl6rJvKx;!8ZbfnwLW9J+An6H<ZxpSFbuPY(2&*RfL7w
z!WXK6XAPVT3#%k~YOZ~+@Jg?0CkI4U2F~Ppd+r1c$D{q1Lk@N2>;46KmPKS?o#n&q
z=T+^B&o~+fi81O2Z(4Glvz69~l1YhIvXfrls|6Z8e@w6rK1;|Ams#JNg|C0Dq#oED
zv}Cuf1a?<Z(89*;xl5v8$O72{Vrgy7O<Pj|TjgxHQST5_coR+D9&Zo$EYcNYfj#lX
z`ft+U&#}lod$c00<JlQ(X+*k-#@4UERLlf;W`~dUSlc2$e30Fz5L0%>{iIuJ@A<WF
zPG-4vTiW|Puf-c|hIePz$}ehbdyzcbPI1dNPT&(YneWW86)p28fKy15XV6B)4Q4Y#
zlO`uoMTyNYq!$IC6mz2&?Q3QI-_!2@Dg5WXV+${}oT*Yj=Lv)^<9v3i5E<mXBt1T!
zNP!lI=`dV`&jz(U9#b4Tv{45jp+4HFHDo7l*jTl4#*d9#_DV-fUtKWRCDay`W*^)-
zQ+F-751u8>*x&Zr3Htg@oWE`9x6I7tuZ35IgnIk>)Iv3${8}vhCk*~#J)X(8S!{Mp
z2FLoI5(KBK$@t3H-V9v1d-2$MyDMKUD_3S^tH+0Rm=)8<dJHkloUZ>e6LT~2p?dwq
zW!_GgERQcmR2!!z0gcH}BM2nSVr+1+bs!Ba4h492Dc()d+}uJjY<hhB%N+5C3n-qy
z{YlCd%y-R4tqJL0=6pXW1Y5gxFKL`NAUjrfc(J6H2C{HvevzjHF6asPJZhoz;>k+}
ziCq}PW=Ba`$)nM_!^h4%3XESjx5&k1dsc3Ewi#y1H%;JECz~#Y+TJq{;|G-hz3`J?
zGDe;E%!_6J!=Un=fb^*;bw4lld&7>=i#BGOouL`Ey?tMgo#Ew8<NJ`V<c(NEVJ}sj
zIVJUh{_=*;eouGTJ2r<{oZVyHSE;Y1cIXJke!UyhBV8@feh^D9vYVL-rS7F*GBsx1
zw~W;MTZamCb@h9&xDRr!gBxEchhm;4{K?9$yS@>=ykG)&kYE_y4ec~K3aP0xJn39m
z$gSo$Hac48o?wX!QhQNR{b1Uc)|%w*^h*H%?q}4tpX@#U6z({kF!fNq>dmDs#jjfg
z>CgM^((TzC1W1r|R<42G=PoeudV+A&1pc&=Rn<)_ZFcUM0-TP{!mIgfJaIHVh#UR;
z<9|-o@mJ<UPtt0sgK=L_x!&%^giX<Nm~MQ3P`P9d7jcz$zPme{ixc9jlfB*N<b=(s
zj|bk>CM>MMYm}Tutc+R@RQcIHWRb$r-A>;`#$nIc`r%6|Dm*DR&x;DciZIMn7cIi1
zbGO1Npt}V??VShcn~g<_K4a~j2nl$!vuA?EO<y7&x^Vt4ruJm;txyLoKZ9rd&_qgI
z0)SelPsh7;_x0X(>R-MyVOQ3p317=5kFTltO{(Mc@<KWEn0tF%>K-%7-<!2!#BxI_
zM=ybxJp1lUu+#SX46>_Q+^oo@#jAjV_4LbmUQ)2(si{F;@EZ_t2<WL&dzh1AvUk9+
zX0{vaE2VP7<_gbPpUh7maoOvu>^&8J{OBLkWm?iJ*TQB~C4AYxvHYk^acGi?N6;50
z+{Lf-vaPp*BECA!0S+x)LVTa=c1&cPNqj0%alUy2c1xYQy_IBmnG<dVxRei>>RQW{
zw@rN&hxK^RTrMoDIqSSNyEF{E#<WKt<%h%jT|;{OxuXh4+4#<a-KQNcPJz?G4i?x$
zS1juOCYm|V64GC4S)X>)WRCc8C-VD$(*&qoA*-+JGH*ik=!>dk@}7ftyBHLz!I+M%
zrnN<OeS1)VFGG4i;%KAQQ*^6l9M?v%xc(rfD%5q>zE#d@5}suu7_KTVutyLcKo6=i
zo{jq#P~_~*0B=3X5y~Lt1YUMgZ+P2sO(1-4<BGI2lm`j6QaNP%kA3B2`*Qqm{+aXq
zXQ15{5$O%H0fA^I08Pn}ILOO^#raGvyKJ(RY(^X)f|rp*9qo~^F|>ZWs@Bf<?)wsC
zl?i+>|LI|yI3tFyO@EG>^g6WwFixZbN7>HoRHzyVD-^V~y;<=A@DQLVDc!`|g6|p2
zDHzA^?_pWYoRG2SZWv@)NtBpilM*o5!yfcc29;5nDAbz94^M<FvgRyvdaXh^UH%a0
zlV1T({+tJ7nFnMJ)OH{!G%cqg-aNA6Rcc*=GCiM5Hpmo>_m0ndnF^B)-pt^fkI}Nr
z+p)5?b}N_nr*h!E+Zec7LY1;Vb=;+o^suh&*RfnMjWsTq=m<8JPmOVI>cxxX&k=#0
zH)y1ZN)<~k*(<XllxVK%$+7`-UdYn(#)ZIeyRwiURR5{}Q~4RQN=H73A#e0YMG?JQ
z6!6tRqm^*qX@&L$fYf9MPfByZjiu_n+E!P2Wd&$1k)1jl&8#<Z1P5yKR?VHeLyw59
z0}YWZhIV$?taoO7D)7)3+cl&G!oDY19D6Cz+c%%QWt?c48!ocHy)n8r{thE{KpdrQ
zMGyO*_$z?)m#K<Kcg^*4Lwgnq3t8~C-EN_5I#qARNYp}^l1e!F*)V*@fos95oX4?#
zVQzheu4lGO-i<x(0}Mc6*SG?9CcE0{5sMjyFA?NRuA4jou_dj4_@<QRz~A0PU**6T
zU?FPEt?dZ%np1cpK9O<f6xWxk336FX%(&<Djt{mXJjUd5+c})t+V58+Bs>EK#qx|}
zs%=REr{m-K_xTRR7<s;6<(Kq-7yS7T;U0QkCUkSQ$oLF^6k`$T3NRSC80u}argHNr
zTTEJR*cF6-=Nr#VS`03ibC*s*El<|<IbvuN(#GDyEeBo`l&#U*PfZz1TbZT=w8&({
zY2p0!(9}V7ur5Mt;wR1f4pv$u3t`(rTaqJhIVHGb`S>qc?gm)<j5Vd9cN0~mzy_ll
zGLRdzTvOecx+wE+K)Fv~#h2!_TpYd}pV%YV&aT8<`7j>RN78oI(TP<NgwJPKdE?g|
z(d83OAv}k4ZtDFRL(i}Iysh~tr=sUghqFc$H@i=724^Syyp|RHlc=cAhP7CCO5*f+
z8mZM5_@^R`Dxf8F96K&P&^}!COz+u2S`jZZ)K(psgNic0#fz3v`lNOqQX9p?kh&M&
z_-)P11_sgYe0k$AzBVPn0KV3hCKrgOkE(FGu5sDiu@?w$-a<F7&DYpMx^Lf1OFVdU
zI^J8U`zW!Bm$APSZDyjbn4r1(-2yYj4gh=F#X#1&VD->=4nDpC?W!)8bW0nwgM9Vs
zA(JCpEBr?G<IRa`><_p^wD%FUA0F}l4GC)AE2u1(ye0h3&Y!HkTxXXUL>m?3Y<|9{
zB%0EbuIQ=TpRFKKR#x`5t?g3C&Ki4bh!khEMbQUb7>P0dXv?RflDz0DnD9V?%~Me^
z4Bf9xn>N6|$nwGj%?LDaaHTnf7z1OUv$JR1%+G~s-@A<_22KSxH<Bm&IBlmE#2q>>
zTH13aYLX2N0bZ_g>Z2?Rz&Gm6_!tGG?yDUZhVU>zUMuQxYWA43M?>d&jycxNA#1r<
z!1+7Q#MeVSJS&o_;LYXKK>&?JIkVY2EcwS)tMD0sDi|r@*j=;zq7PmE{Vva#6{mDK
z^+7C|?Y4xYVSDP9Df=JFd%asZd}l=2ml?-_7u#7D3}2g+V7qvOF!bQS98kurC73=q
zNw)^u!Fu4@Kxic{*1CpJyGj>Ckn$V9We>{=<bf$}0Vq6OncT5QQafLum*`c!^Lf;1
zWK!6PdMQHIK5*uALnp>W6&g)s0kYctl(s%pW@A=*56rLHxoGX}<yp^a$c6TmmmP@-
zB8I~NHT+QvKx0vFO*-*&clPhLLO9G{rF9`_YXZ${wUARhBU&N5s}}(!*MoRM4g^(%
zP?59`XH+yU?PuZfCSr@tc2C~QysN%6yT8fcz^B~qbF4r}hM)N}(t4rHz%`sb5|cOK
zNN*H4JilM50cOQtz?ol#DpA#bk?2_qQD;^)7dYTF`RfN`rCT}FNIs_W@{0BQnWxcl
z_G{z=lz|3IGhT^rcvVG<xlm(q>_~WMfAml*N;QDLVdfmhNaWlQlHglWDGZ{iNqQ_H
zr=MyH7HP9mvA~$l7uk|xvb<U)aD|8buhw7wGlHlZ`)`um;LB;5&#=MT_=tyUF2-^x
zxFCa8GdMqJ1_HMRt!x#q$5EarKL15nC}EFG_E|K?>RmOs5qBW_MvXIG!wQkiZ(=@x
zT0eAV=qv#yi{DXJ-e@5_EgziX==;=q<jGHeuY|3VsBOT@fjjlDJ;Uaxt35I@+T}$H
zRYH5!z~fk?W&;fepo)3|VY0gAt=8F(SF5HpFygNEXQwu5Nq0x@IpEHw(KpJhf+?pD
zVsxHu%-?`Nte#pE@J<Xbo>9=gcItj^;LxIs|6ck5-GA*~>0!mOA$bU3AGVm@Q>-8U
z6pLwzf9Es0{x+Yo5JCT$Oo3h(J5Ecael~P?8CwOjeGP)9dke$*WK5($JdQ=)-}C>v
zP(D^Ws|xK}5fkJjCR!_%A)BShbkzR--fn?O_Z=;&PJgbPl7xZ>YG@x=&%~J1SV4ZE
zIMQT#lOLfA34|Spqg|hVJiP8{LwqhK7zI$xS4a9Nb~dgeaI(S3PqOF3WA7i9TZ)W=
zi@O|h-wC}X{m!1$uXp2555WJeC?mzu&Zw_^;G;%l=V9}i%>z{mKJJJx!_BrjW>uik
zCqN+f(#@k?`9Cl~`S5DG0@NauN#!K3yu;uN5;dbE1%rj$S66-S4!a}I#8xy+UwbX6
ze&y(Cp0lkXlsGWZZcB%-iz$~)qK^sC0}l*F<k)-Q7(4f!#-iUyTob(c;#ADW=%|e6
z<o4b|4F+F>x!l!P)n@$?B9!(Ve)2j&b}=?^*h@$A(eLhe@Y3ynjQxp_4=oPk*gP35
ziQXmFh0>9}Jw|g+cKYCeG3N`1$x~Xbq%z{}UGr#i;EXOY5^?lze;^}9UboNq^W~qf
z<gVm_wDXp29BBgnJgCL7r+NHe>z1!cK%}Z)OAttHh{#*1r1uy9%u|`xUKI+{YD2v@
z``KR}s9=7{z!>Gv?A!8>S7p~??ZhIF^Bc?l5hDYS$^SjobverV01zwxrL&-L>R*;g
zw*@=Pjec_cRqvoc;Lp#M$AH|NaQrp$AJ;&TVQeCkPc{4RjLf0yPm%o>I!8b(;2#(J
z8WoxjXyRW%I`Fe6?9dfGu+C>^{-!jC4w-&C(A0wr>)+2^bW?RK`c=>H-^sK;uRi&g
z1qkuoc>m(o!{wCY4-Yc7e}1n2V1PX>C-l}{$?)^>|9&ltq)Sn5w!WWF|MTL5!<(qH
zozMQAR{ZOc_ZL_E((gz|9#^^a7uf<M`~6^K2PwM$+*Z1MqksPyfXfGI%RfKYe*kfi
zO@qHeBVeANm_G#bj0Bt!-1?u}YJi_Ss3!UQd;fExul8WhUh@8h=D?jt48cT5|Mx4r
zE){mk0e7AM@4L#?K`JnWU*?k7f6sS1xXt0eZv*MCe~uK$@}C#X-(eo;=J5TWq5tn2
zzWaJihIsC`^p_|9`}fO*z%W$*?=Y-_LGqRY$gA<+oa4};3%}T=+(i5*|99xZdl2Kq
zPG<7?{wMPZ=JJ0==)4+b4I&}`oLl4<AcOy8<iPh10tN@=H-COifB!RL_0L~VodOf^
zkMI4@^Zx%cB7ynBUSkhr^M7=%7o<VK_<e8uw?6#OSpG+|z(oE-Q2ijf^p6YwqXrfS
zImCbK0SH3<^_GX8JVzBLSL@#Nl-CvF5qf(GR0rJBb{g(xk57t1gMtB(gG-z8{4!?j
zcYq;S&_2LzEBG&e|G>fs$TPJl!5m+?F8fY!Y@HV!=*VWB^p-jSQ$%AQ4C?%Vp_QS!
zNl3UPW%5hL-|@#ohu+7fo8LWWVi6GU=}wTO*g?#Co(tAq8V-KYplQ%5<*z9E-{Y*(
zFrAQ;CL+x5@_?@l^i7(6R(&Vzf-NfpiIBrt0yq#zIY=e&SKqs1?K%3uXY+WswvLXq
zUD(V386dZ%=679_fmINE6p0_4-omD}sclD}(pqQ|`kVu2hCuFF2F5>hk`0(<{4VP7
z{q!gR8C4i{@uO^Of*`W(VMi&}3N%e^l6!QWb$}#=gdBTcN#nl=(nT;Af9TrCYLBE7
zaVBV;_NEUjR+riaIUEQ6m?Qt}V`Zo=(VF%s?F4LVLm7O85NduUl>aOH*0;mE2@v%9
zmu(U)vO)44=(`Bpmv#hwUWTf?amr+Z9-%o~balAdQiQqN9uu<}ns!*l+}xZy`j)o7
z+mwTDBBLj%dW=W-ZD5ss^{xQkaXkqcc>VdrXfwgLy0`ac0o2@l5<i22d4_0Qk;X8H
zACp%P$C$t<*ebOdWEM+j_QQ^<ZSt+oUWv-HH;<m~4;uVnA@|3ysS0)PuGwEBC2zq<
z<*P|s3U9dlZ=Ln)UT*;L#x)mSSf{K`F%(;M^T)!%!aK<?r6L_i8oWs^iL~vNoVkAI
zZb>EPrAie2?YIlEnkpq);oPeEbHnR8>_i?PEXa;Qi^Xr^vQx;}&J`|yJaLo6ESvT+
zVY;~mw^$|7zKdOmC_g5nS5;%-Pa31^<iBkZ3K$QF^^i9AKOn+Ii4MV(_*+GHgUgRD
zUs1yOx{8?fL`9`5zys82^w{9aN92&5WdSfcs+4fS!P9pSo({0TPc-2gRN;^O;>++|
zOBiM)B+wj|_|Vw$+5DZ?>&MwNg4&A`i!tf!Ag&b?6~)+@krN16i1v`SyvOwKko4)+
z*wr)F(Fr9lT2iHsE&nXty05#2+I=Gv^zF$Wh*xYv2G5-qY`fiNU{(J2lM!LGYyWuN
zj<1_s4i?-{#gV0lt!mBVulXh=ko+>u7Uo@_6)d13p_3V$x>q>@V0@|%O;0Ujm9qLS
z7FyT1oP6-Bn5m_u!!I|o=8)ytq;nil>ngU-iOwsqde_7;M&bO2dw)u??}eSGiRPPf
zS#+BD(nHBBy4LGa!QXy>>j<4=XP2S$xsf+I+2$kIG-J$PNS^B93t0Za=cA})t=r%M
z+e5+DdCb}~InwNRx@!r1A>TBsmsU?6&QD{_q0;4pZ`a_V6)HkI6HqM32EGIV0t3Sg
zS<zWItD|v!2kx}rZ|z1X-<T8)nDv?Bs@vhI{u*;rcw(GOFl<|2eP_h)U|rTLhvQF=
z#cBl1$Sh$;I#mcPMV^!%<@<RvPBhPkH~|e*SGmg8{F3cP)Im@Q?+1YojN<bT?*O@k
zYi<Tj!U84{$Z_AbBAG|uf4?Onq)FS}3Sv}{eYzpxiRg#Ktiy?1n%C+l=hb8!JIiDq
zetBZ`KL7G8>pQ-YI;MtauxYtb)N%Fe7EVt1cywpfs6{+#|Ha<72sZqZE$KGzRjW*l
zCuz2I{+Uzwg}S;rpA~1z?&;tyN3axPDim?oj<N}ym2TY(nGOIJi2ACOo&63-P2e;h
z<&EEupuE*<Slx5q@82VZ<D!vOt>UYzL^;j8>MSoV-f}Hf3tQOY@^EpWVU~=<Y*?Tp
zojlpz*%G{En;j0)d3qQDjd|&YX>M<mAf=<HmO0ftYMecOamfLw+{7@KuG8}UE7E6*
zKODN%T2XQ(ai)9yEHu$h1LR4%qO?1^^Fnz55fEcCfA5g-X8y*3eTXOeCLzK?x)Y|n
zFA8J1*l$LjiPnBAuSs1P4*KqpSjez3a<yi(NZy^PGgxcsP?T}6P;l%@eWCkKNOOM~
zAH*0S`(VP@bY)X}gVsUei&HUweKbrj-fo_N0(q1{WoqLsPzE*#Cv{W8sZcar9y*w9
z<<wbL%>ZQ#C3l1i-hPk;BC6TzzL|(N!!TW|cj3(y-RN}6SoEj`M6|5z>O8>E-B9lq
zK;?W$j(L4Ti;IN^!6@`m-Z(EF+px~>K!QapWbkb<cjz!{abQx|GSRc1hZnqi>nJQO
zEe+ksUmssLW+QB29b8yaxp6MfB!fq~oo+*49BckygKMa$*~yd%sEK#11M>cXvEMmT
z>d@60E!cUOO@rsW*50F1_xR5n1jQUX#7qM%Q;}{5c~_y;F|{S9CFFQe&~ishSzbs;
zGjCJJE?}{a8xtR;yrhSVy%BK~Jx$%hV+pK!ozu2nZEkT~ZMU~cIHe+^EOt`MF5)0s
zOkO2=*QG;2>XBR{D9Fyv4l?*Q)0BqrcaW`D4g$P0$YwM>GgFy3ZIFfDqS~}STE}SS
z@mboz!nCzLKFp<$`^FkMRVZMi9+t_>hLIu~ciWEP2O7j`8<|sDN;Jv}|CD!wvq#Iv
z5ShpKS?RLQ?kzj$DW47p=427hk7HMrW(4eg+<N_t(3p*rHb`tKFZE}f2TANZ>Wno|
zu|fFieR}pascyCv-W6pYspCBQiFIF6S|Zl7foIA;baO#^e*HM9zI3S`5vKEyu$!`j
z@cx51y!YRzS`!fK&l#H|PFs&^yv`OmB>Qh>3B}zE#07Zzlj?tY9yUNx>RJzEXw*-K
z4l6G{a}pAITiGUsUJt&NwM54<PU4<bdOwQF*;T%>u7YKe8>&H)hMnDKbA^D8t!kO|
zUt4p?Im_$)%jI=ge0)4P&6X6G<=xyov3HbMalSZjbE~AxFmDq<ieQ^xFvG-W)DYz3
z`6&@Mok$vJh0*sc&E{^^0$s)CjYUiQ#PcRvN_anwwU-QhK7$j)i{Z>JWd@d0i605f
zS0!rxE!TLv!z7e|$rEgE`xZ!^@2hgo)^dFCc=??J-+3pcnJeq$d++97Xt5N$ni#oV
zgXf3nD(%~wNSUDT`CRIc?#FH=mp-(kcJt1A?`n;Bgt}=qbXZ!8SJG#Wu(Ol*%rIT6
z!WPj_8MKB*=DXp+=!4pcK4}dx5C^m2%WJ=XgKulg%=Ske+RplUPUilI)dT8BH)0vG
zD%K1ELmUWq04+$L8n|O&!(mor9N$c0=+T!Wah@l{!iNc<I3f|T*_ZBMHau^o>NEyX
zL%>$aL!twIR`)Om1r$Q^$?;Wv2cB+Lp)Gv;>7C?TIPC@nKkaMHc?}>UrI#4vkP{M$
zCef^GT)V~FRi$TxNfA+d`+hkw_vqwIt!|LXoLt3F4#JBspa@QOb~%^9IK~;x4=dwJ
zq@fNLLI|vEr>y}+W7}c8i3TUZ?)wx6{_s8}K2};;7*Fg1>7Mx!xxqwMn;b~H>o5bl
zPY=}@q;=)`bvSs%X0bv{YEZ>Sc>;K`mNYW#ve`@l)>>jvnX(rLMNmgA$pucvF~B)C
zG_`e!OH0Ss7&COrwOstsegdFmWp91aQt8O4DI2JEfM&zW!X~k;6<bRnxNA>^zi1%1
zGKDT)T=c>5E9ttqxoK<LZ8jt4^H?F*)|+tjnWZdT2QWcClhWZFSspDnCW%5q_Tl&e
z<;DKk%p=dbz3T5|Bfk0oInL?jb+RQgbta)KYJ=_D+FJR$NiiUYmhYyXS4F|u0lOy^
zck|4w*b6q^*E{>XUi;8k8fzdg%hCaEmK`!*?S{?Mbke0Sr>8jXZ*v<t#nM{ce5z_<
z`TT#kC(lIe8qg;B*=6Qhck!SXZmhK*2Le)0fqUXK0;2^H;pFz+v5}F^N?K@xxdP~+
zEaA8ku4SD`lKcZ;y*38prfo)WO{O<JFjtJ*P`ajhRg&~YAwS*O6S@hkxW|bHii(P8
zja|vLrETDxbq83prz)>hMXfhX2-zA)4ZS(GF|}p{Qs9hh_F?M->GZBoUT^@hs;3&)
zvmiAyV@~+#8e^{$u^{#%2Igoz2>z-04y*l4Xh-DfSOY0lwJp@K^(mo40DT}n!PgN|
zggieRvy!VBw?Wn8Y%CU}MO_B$xi(iO>!53m3=4y7LcJEN+FIFtCtHO~T@W|INU}#O
zuYF-S-O9YaIDa5wv!DE!bm{?`NivjNvolY=63tTEe7`(ffim)|AA9Yjbg;1WuHKai
zL&v3Sv4~#x#F+D9K66dQ3eTx+nTo<im_60b18q}gEaWL=c^?>fBdq=Gg<30l(t>o6
zqDFDdW{mRI2wrYX{(U%WuU$}p1E6r()Hsk@jcwXmQs5T^tDKKEELgum^=xy?W)aP@
zeogPWC)-9}MW)MA`W`*<cvMD+GfPN>1kOs~)z=v)byEL%d{hUU*9r6pklVpB&2I9`
z8sx5-RjuCLP-|GF%4<|PFK->76MRdJiQ9ggNl`L+w3eGZRGg>Kijc$>=w<uPV{GiQ
zqO|#7oq;u*P0V^At+(POmJSYrDedW#+pRp+-vtt8{5xE*+r(itFZ!^vQ57eJLSeyM
zgXCOT(uN}i@ZH9R-{cCQFYc3shKn&CsKD5FLKl1PeOPgTK>8fEK?-SRTh$Ewq*;+v
z(}qUil(>{Sp|<G0(@m$Fh8g?LhFO{nB4Mn-JA0?kDGk-;-AvBx%Y6O|LE7r<K^8m|
ztWhH;HP3cf9JfZ<OdY}&ey|YtiESF#+FgRX?H}t<X>@e7JKR3BaE1JoMKsMByu|V*
z6(y2d2+X2H@5cR2mrG65lN_C5DVLStMpmvPlRjG%PvV(b4r*wH7QPk_CVh+ZS`@cj
zR(PU7z;|Z##O0Nn&koae6NgPyrEZ@SO)?baWZGGMhZPfMTSK}orZGdRF>fS|HRp<b
z#y`@Op0g8qc^tnI%;szKQ?lIc!}hL{BS@0;n@KyNRYp`tcX>s{`k<WsCFng*2m}co
zL}M-C2rcW$|17hsstEXIT5t1D4?f*JC~L-PJY*Fm;zHn|BUmLx4a8Ctt5eZdYWfBF
zN!V`GK?<+_HKZI8Fk8QZAI6}5$)#cXj1nV3wdAq22EAzn0c-oq>({S3O<1I3Mu{ZU
z?$gFqlW?z)>AJG3%*WItGC^N{=K>rdZptSs=vyAkt9oNq_=TQ!=fRSKvzYf=SRcD(
z9P7;Ihs1Kduv-T;XQPo-=h#n1{OedaY1xJUjUrc#mj{ZxPmY9o+0EMtBKGvl<=h_{
zf|}StO;U0YiIFJe_#mwiS=lJ^;tcnN=v$qjOd~>>xln&Z;6TOqR>;L5Rx0Tcsh;nE
zYus4HY3l^*yrPGLbD~tsRKxLmavE|gFVEhNI*a<b<Oxit`U&L5g?py#?;Wu)SojX;
z0f36hhw6F!#4*xkf9IWnUWiGap^L0syVk#yj+e@1B>zr>ogws3H{sw~{hlgfCYlZ@
z)@ccX1(AZ`n(sUnLAzsH7}Y#nsfd91Rv8X>dc>>DWT8@_E3kpn4Q>-LF=ssW_<f?-
z7l`RI_Bp%6lF{&r6p;!@!;M0L#N>15DYR*=?cZ;j@Iofbn0a<mX)kgR$+LM({R)L6
z7r}X2ZIB9H9L3V%ZORKiF@4qjk`5Rv!eorb`j9?=+9>P2-q~x8gbf%4a^+NdD8>r3
zu+C6GAKhgCiDxIbCkPIss-A(3gvIQplk)kj8&@eo+nvMG%Y9W>i|bnh=6}rbb?kyE
z?zgbRjEim4mL5;{Urwn+IcDD(MjK@*kWseg_w2Y0Rp5JWJieb~P=q!;cSgAOycM>K
zu(h(&EI5+gv?XfJx5b%@=v=;__Fy{Qeb@?zAX0So+82=)E2ylE@-go9CEm&ra>TJ7
zm%7z@+sa|dKy_0>TerOpyGZETo91}GwNh7yuX=*v0%R0{S$+M+k&CB}QZ{IEl&^i>
zT*GGt6~Et~@#`K)euoHyBh78f0+u-COWS4!1rV9Ca<U@keBG{jd2iXu{7D17y(74)
zRy!!xTV8eZg&9<&tzfcqvxUvo&@31EMziB4q+JoyvKPbd4^0~_n$&P<C@(i$^zVOt
zk8B94Ff)?h-4Px%&FUXZzWQ4Lo93o}9c^(gavQtOYO%M7H7^wxM=i{6Q9dnTi4|ge
z<Q8m}k;{62-*6|?d$gYa;>QIGx6%;i%CXek*O&EC{`4a-W2)rnnj@U~`2p&Yq0TO*
zKkn3N^+t!fLBibU9<M5=qx=tASo_U_NF!<QhAIDn)bk^4VYV8~k(0@vn#bB0bDTLr
z=wSEM*JTY3$Z_L4KGiQ0d5TSSHt8oQ85g6WC;xD?;9n!Tj-+yl+nYT0GKRz1J$I%Q
z-&aN5(lfOD^*4|}^J)pF)&-V@F?*3_@mT(vDGA{Mm`K1>{;P$UEbX7UzF^Ezpi|ci
zqb$nj^BCyN3nTOgAI=<C|8KTUE}nJoqePlC1Q?7l_=S62BefJ5D}%C#MXkPI4W~JT
zRVhHR#2V?gN)F@GI=fz}W}#lV>KdD$%#sm|bv6xh|2th6qM1C_tS~=KM%|~I>w^CZ
z)of={?mPeV24DG7-w7-VaA=sZ{IBWBwa!xk3}*Mg@L||#<4c}3)zgKAJZf`1!u?|U
zyG+_~yt4k+5x3#^U-H0_bRE(*W}<e(yH6PL*r)eRg$Mbo<n$6o2O2a?J<Fygr|O9X
z8L5}5W@)=6HI-ScVDEVGB$nKYIlgY<p+#}_emkL>Gfoz@(PUr%n;2!4aFlIP>8OpO
zsd(eafGkLwgYSc!sgs13(A|g(9-ob%9L@Pp?r+%iLpC$?H&ZSB7Y%Qps=&MXsdyD&
zH2U@uS~aVr+O|>dA7%AJ2(5|obDO-i0SvSaOFBt;td6|j!lSWqRk%b9ESrYe(rHUw
zq(2^(=+&hAQy+0_b&}V+N=9S7T`(BE{1{v1koOWAqdSva>#`n_qcSg)qZ(RkpH9zY
z_jvU#55Z`i^wG*Usfrp6`ABu;t->J)9qyM5!GTcDSze8cUI+6YHO4a-crVK;cXuw%
zt=CUs#5Jgdh;`|E?P*gN5>IAs9#<e0pGW6{ZfHx*g7J6<ie08WmBO>zCm2pOGO<ue
ze39o9(_b`M-04*oG(!wrn=X~XSIQoUNv{2R!*oC%xea2$Ti54qM%>fO4QfNTZc`d?
z*iG|P%+oTQU!zwG^LD}crA>2W+4EltV>U|IG<M1>n^ywxd%CNx5s&|Wn!FV|Q@ZYA
zaIc>K<u(HB_{%R9I@hW0J@OdOIr&^i$EGpJtq!B)IpJ>Ta77<4rLJ_Y+4IYWxa7d)
znq0&@!r9qnq?!4H`L7UCn^Nl-3^bmp`~+za#gse2b-KDhEhpiVc#{Rvg5lial{TuY
zWDn2aYc2{pt#{+jor*r>QMo`9Ih>V*C9ClIFIG;};u;s;Dq97idl$|$OqogkB&sjE
z@zs5pj@a$MD4;8t&<ZkY7{QMWTVnh1-rf0GzbFy6q2%7J<}g~h4fgoelBO+=F)RCd
zsnH$&)EkqP5LK)yqM^;aC@rT=?|OOJ4F7~ksR{qbs-o;PSdJV}V{o`9nwAYQt5?(o
zn#G_AK5EHTfCj{8@|-Jmf@FRAl+5!Hs=trJ;<!I5WL11n*n4AMl)zx@QeiJ@(ym!s
z$c(vrJ`UM@{LE(8%PX;X@cnpZ9Wfp|7n)Yr<1y2lF4a8kP|0eOse8(vnrQ=V#NF|9
zgw00E6^Ua;P4nj7R63+_BK_IduvLL|&`uB8l_&_mT*Qgh=a9KNU^4MR)KJY<GiTIh
znP!H9tw5sQ-7f#ZB-J!z451al{3Kd88)#8!kIV^9CBPE}Akgyj_e}E;n$2im{Y=$$
zVLU8LagHBbrfPYdTXSpe)!y?3up{}8S^(Wd=ql#uT+9OX;-H+wT`b4n7VZ-vZM#}n
zbvPy5(`3ZLuk*6`(H(2{rWj+MkaBX!7-yY{8gp*j#DAi4@NNV%poGczJe)KRYi-+K
zI+hdQs}oq^)zlQ?*((Q*&qgwpXlh1bfgyFqp~)js62n1^U82}332RawNQ;iHv`NEI
z!|W^GbUp@luLAeJC%rOYnH&N8<f8{&Tvf<a**X~}OAI%f%<Gsl#SYTM#fl?-JJBnW
zVz~6#e`S(?FIfbsP_N`!g%xWakkX%Qakh=e7{tWHV*{F7Kdu)RiXaWV#3&W#{A(w8
z1R9D5Y#Xi?z;v#Ru9R#2Xi3SYSKKDFXfXDt?BZMV9aqOtsAZkamfG}z-j(qiO*wvL
z&%4eEon4Kk_&{w%N4AEm{5r~-q~7omP4_|(slmN*q$x+mKEa<#^insPBKcLX=V5}H
zKYFg?knp<7xS@NNGZZ(V`Uk(nFBU1hO{`RGh40GSd*hNg1F-WmLU*9bKq=n({8K4Z
z{0I`#S`I62Zn9bZJbuiHeT>1yr+p8K^F*d9T_^JTEO>?ocZp`)$}<*)a{iu*-V-j*
zKEp}40vjyu)}zYZeb9BM%sixv@fdS9?B;7J$b%N++b1e$o4Ejd+zB_mA-V5oeOP#v
zvo!DY>UrcAveMP!UFDy25@>?_K-{y35L278<n^|`+J)=d@+#bc_i?l6SI?9ESM|Gz
zotGk@<(9Az?dE~XOWphx)(&F=lX0)a^1}2hYzm2=Au~vkQqL?!RqutzIcmP?%-zwz
zknc&Zalil8XU=`-_>a72+Afe}M4|GKz+umjwKwp%Uy6XQXqdKxz(++<n;)t(<riVC
zN{kd;PYIc!!dTtB0%116lCcWg9*>w?P9v?x#n~S5n%>XOXnsE=Dk{nYad0Yi|Mn1;
zx{|QFjh#G=hNks#lU2bBzsT|V@IoLwPBp+o8d*qXifWg1SGezD6)2(Ik~fGNs8<U9
zf+vsuHi`0t%Nv}ScyO3)Y@)-&e0Kv9@0B|AwQvi8CemBzFT1-xjJ@cb{|D01^ft+=
z>_a>JtglM##K---6g5}OOKjP@yLfMK24xYzHqAd+-Zz*NtZQ0nuz{dd@<NANu$&fD
z`^mbBF!xQA$Ak@cueV3>IBLOv?S6}t#MTRSO#v<5P8vOCq3*AJ&4-?R4|57E9e-$X
zR~WH7Y2|!5Mbpv7_h+F@I`7WO?zr-uwrWVSZcdoXNJM(FKcSUPLaezJogJQVhWl~8
z-C)eiO#RFJf&F)G8ySxQaQL&nZ}ZG;BmE?i9JQqnN5d!h4XDp`c;G8_JVB4Oa+G}2
zL$;S){1-vveiS`9c7g53?FSmemIhy+MC`B5s<AG`b~#=<`Qzcupx%W5c%1Pq8Y&hY
zH$oMTw6wL@kWTA1yR3ivwug;gCHm@aD({W-?U4)M$h0w({as(@>%FAJ>BE-EHid<&
zT?Bzrj>a=rOFqa}-8L{tef^pz?WMctClxQvJj_o!?~04v4CGE;e&IM(@45O_TrYVW
z0M_LSH$imMTeMu3VaUSA=8<B{MEAZh&Ai(h0xCJi_*_nLs`&=_&5!B$JJ7H{Ol~PK
zxw&(5<qm1PT68Pm&MZN1HmPE>?o+D2g1xNrxk+kUo3;0c^3eOi!Ko~1*TWD~esk5+
zO9U*!Br)<4jtDVlzQ3=RD*m2VSW=-Y2x325J6NX{V6idfUN=(XVnp7b$XCgBNJ7>B
zZA;I#$)@Pn@I~`%h{ud8Y6Xgvy*%m#R+G5+{Owz&B>S28U2yPwT5;~maY>HYeagC|
z{wg3b+}ss)txv@{0!>mObp<XZW0klP8k5l|Qi@?}_|KT9T`6{|7by*AA!M@*Py84$
ziGnq=bE)K;NQW_IOdgQrY!HmF+=D+6x6eL$#9jkwS=EGiKA(`*8~qy)KNw4+f#*g{
z@D}IFdSEdTi(~#WMqMjVavHlNcdlEJXHd;GoxS#_t0g9`17kEngoppTwZPw*A$w2N
z9PjoGwuIJsV=a<jO$BR##^Y^c6x3pXtUc!i?Tx2U#f<IEcVdgv7vImez_Mn8h>$Q9
znp$v}rv6t6Y0U>CTqbh@4eM$FS6#6RBNb3rMw5q5Jj^BroPxLf{wYILAA<BZg&r?E
z%B$h*44l|aBi5duaA@dy=W*4=PP{M*^E_4}!hdDOZ2&cf`h#_d<Rat4UPLw{Jpc7E
zzb&0nVa(%OF5=ctB|IYR^j5~1;TR>8`?0UDDcCFdOVxRqQ;)G3yq2mW2b-yBz7Xcv
z-H#iqh{L`y?w&0)SY(u!l(=CU-_D;)rAaV9e{`?z^=jxLQWTV>a<zE1H|g#%x9n{H
z7V)FZjN?7*ryY$AZn*`C9*Y0^?&qc8f)~7RG)=5CDx2n5JbYV&MCmJ%3gC3SjZc0Q
zl3s3QAY;?F-NOQTjU)EV@=T4*v9ib4>{{;OrP^-{&j#HA3`n-;U3LQh0VD;;CkF)^
zNEL}!C&amMcb2=4r8y93d5F<t-X=*Rg@vQ6K5EU297nz?6PK`3P*;CxRbfo*Yq#QE
zV~r-+>#!{?(&%*XNxVhhK7}{_Ti;4?P6;cF5mrHr=L+~h4jC>oVxMBoMeZp5royY_
zIrjW~W%PKxu;etp9>LHRzU4dFb8~yBJ5R5$&C06wVFr2s`%M}+-1IX6YO~vD^?u@-
zZb>@;I(InjijvO-j_fu&F7n`EzIT&DD9dG{21GVaH1aQ5y~{&VG&+Q<5$4iH!8gUu
zaNEfg-2_KUnEFWXP(wpl9f`<_<^@de@3zQo|HX$5*hva6)I(0Vpl-6hr@Y+zL6@KR
zaFHbXgK6=4!ZWZcYh>lhSnZtB6|U=<y1C{mqVyuksa5M5pA#ozN3OOCy;lzCzv8q?
z-S6CTjVQ`>82a++zv$c?Z93^nRgVb#N1lflvikS?lSaPB9O5a|uV6Ddz&n65BD_Y@
z!8%a1XWO58bGp*O&d#GnbN$sN1<iKAQd4K%Kq{Pu?<S|Frdkt04<2V_x0y-@7uIfF
z>4~y=-BC#;%bN*msIls>9nu@9n6atjTja-m;li8E^>rK4%WPZ<N+Y6WPTf0bqC<F=
zC4TEow;+FwSNh%I1W)<(GbfH+ELV60TIvjK;*@4(?7>zK2!l;MAFbL753p=U9J|LY
zC+P@k)C;o6Armp93Yw%>DHZ+waZ&44;-56UyxYuF!U74#DyplWGj|ICb4G!f1nkk#
z94+D&(L224F*fXXuNq>Wl7l5NB%{K1WitBwNZoC*(U2ooi<>d)Ee>XV<!>Msui4K@
zU%67w?om7CsrvBur|eZ2!Ji(Dt}38uwoF94M}4N*#k`<T_v2M*ai2$c9#pH7I=F{l
z5!_2K-%YXJw{F}?;<#qz(Si$`X6;gT6;MoI6eMk}gA?iP;dWxNO-ozb3AR_Odg^!;
zOYdVTsE`4$FR9CMC@GSyTyfB)X1O|Y<8{}$$$OLW7fa!cr(tjjmC~i{X;%3r%f9`A
zS;fp3BU!h-6|qsPSyz_8>QrDjp3%n&Lw;1{*`%i7xT-M9>)LgFW!#AMnVROxHplF>
zX4O}Ui>`;;+cyOkeN}I6{5U(Zg)IHGwH~z;@D<O7E9hp16|17>2+Du0_b08^Nj>FN
z>q$Kl1GjD^7iSDOo~(WNAh7emK;G6jR-A38;~IDsHYx%&zkII2ywtxu;Te$gc<s(U
zJsdaI#FX}1at9DsRR6&7bajb>&cwKpX3Ic+*a&-XDW0>X^4X8A<X%7Ecx~SAnP}|h
ziGzdQ;_s%Uz&aGtcyeCWlRl?}TSmF|)vxdG4NJ$1JA0!xPMlWRcr?IVf_siPT0?x*
zRyyBwmkn1Y+y_M>L#bGL!5tQ<Xk25)8N?vUrQ60{fkw^%ldJ+=X(lx``IeEdK24e|
zw{JC`@s&_bfyjEr0cn-fKMB=&Pw84h5Y<PwwXUqP(#k$*)DP7QOFMW@Jp?%1tDO=u
zvs=}@$o8W@z=x=%-s3W-Bc&j1xBU=VP`<2V8;s%uV!-%5%y;DQ4-~D&yrF8NWDY6o
zGOZ=)m~kfPP5SnZYo55i>gM;StFsE0eHP_+-}aRb5fZ+9morIl3u@2=9z!dw;!6wl
z<VcmbPC8}Bwi0WJW0q94QSH3~OOJx!pRqbw*;>-#^#0TX&?MUK8q4+)4SUmMh1u+#
zD#9N;e!W$dDjp{9_xiP@Lt(wOr~kB!UWr5d;fKlkVth)sich!ae=L0n&d+<R*$Vpi
zCTIn`RP>sB%kWiQ{(ke=qxrf9_u<zSMrFb4`|&5PUP&=@pD9Z<Rv{}7(6<dTj4tQM
zFIYij5pj0LuJ=}(iEVlZUeGyNfBnPc@_=P7b|kPEI`p=%chIYt-8IK+ddt8-WB)PQ
z)u>G2t79-g|Cgu#y;2_MQsc?fv8+))6XsNq;5}1m<6yw8No~6iT2&X_G9KOqOF0Ce
z>Pi7ADYuEu)YWNmz2ZE@d!AFZGWC8SgU{>4c=|*Uu=XGS<qftlhEPXKZ5q5H&S)&$
z=MNj1yKNjZ>+n`*)jluxbrH5my&w>m_a^ux2XYI+uMj$3I{I4zsGtwc0TrzaLZ{bo
zCJy~fi|0C`s`KxEP+fe7k9VD(gb{@|<Fd9lc@Hk6zDmE6HComqtzHCxm3Di72C`E-
z%~-&<{OB3=TbDCN-avR~LZ=QJ0d$mK^10C)oEkI}j+NYJ7CXRpz7N+u>iK%Kxx>In
ztvypH8%q30^OhULMzUa$x(Q9!gzElUc!%;o0Zx)*YVmbp{TE4<v(^ue$w;H_zaod=
ziv~c`RCob8wb6h=_>j6f+KLoenf7~u<?RgJoJf=3TNZY1m;ll!&QaGc&as<-T{(N|
zQQz3Q0*afmI$^{C)ghD|-XWE`=Iu4?fY^1zEW)AA*+heutP1PBL(08qhS?!b*@Ddy
zm9VvPj4Rek;PhddrN5<IR=+Cw*~f!Fg)#A~Qe!t0HOxo>MXkF@#>!qV4P^lbGHl&K
ziwJZ5Y#y36D_eCgz{rHhb53CDQ5JKk81-<POaJQ~J-#xN;&$tG_*E(KJC1Mrf&@Je
zLU0;8-)0WvdpScs=t~lh`toNUqUUt2b>PgFsrD|Tn|=h`FZ1atMxA-Rj`VBt=E)Or
z#t+CNukZnw!zRm3#mvI~xR?a*Za!FJg39W5cjAv1M~)3^#c#6St{kAlqE@Y&uBX+U
zv30Y$=g|q3u$jE@oT>XDY^a$-(K@Zc<kG+UTgMv%smkfuitu(D%bD-tMwRf7zjdv`
zuXnZXOh%_IXGWhd;|C##VBK$G$rNy!t9gn8!i>|wztT`vTtT#Oj07dt^Y5=<aanfI
zcU}7j<VpG8;g31ZE#41~qnYkM^oSZ*mgMKZAA>c3AQIRJc*hbVV+<N*S9~2-sPDzx
zZa(tc4@Q~vka+QI!C<<I2K{&b<g2Qa78;47J?jAmm(A||)|S+QZO%51S0Q=CmoC;c
z%u=tP<iKh{cAhYgjqXQYq8>SdqU;>wnGScFLF`8CV_R9TW?a%n9Y+Dx8wP*K`UEUt
z6fS6y-Dkv@xId5yJDB_A5!N@vYWQO<{flNp?bIE3ow0(wxf!PF@pC^<m7G*9Jzcr$
zfA=$dU$x(v^salP*6n3OmgN2<dvnH<r(rk7u?tKMiK6OLS4+gJ6f1d`ya4!_NiVB)
z3V^HdC8%O4Az?gn8}1+iQab6|j;o^ZDz1E$@cs(6Nw|Ap@Zu>VjGgX(<!A-GeSOXL
zjc<5x{CcHzgMFHvPk{xiu5v%%@DC6;-ZNyohhW}_jJRXI$n=%8q8Cdw&Fh9K<7-|r
zadVkq!J<~in(I7i0Y`otRSO1l%Gd)<_5H}&)KI2sz3Bsr19AIH0p_!rh08U$o_G1b
zfzxYJrFg>QXKCM^^zRCPu#UeAQytWJ4)^FND`;5?G_zT%xNERT44ln-!!4%;8un*B
zyxY`n=MY9K0L%BDL0VPvJsE}2&vkq5xrr2UpS0EFXr+}d@v732M$iqA`<`i+sAvc=
zhs}TP8T6F{SBBfIz=O~*lN9)9YNt1!vhlKKhd&rdjz$R&WcKa#JM`6!U8q*|I-;Wk
zTCz(}ddj7d5W%}$3hh3_E)XAzR+-U7T*>}T^|3cUjSP>Hw7?Yl|5mQ*S$@xFupIYZ
zKX8`za-)qkq`MBCn=d?gw)-@jlGkLp-s*}M=k1w>Y4Q``pWFdb$xRJW4_Qf7lK1U*
zMpujD@GXzr!@P}Xrk3_wY@XmWIkd*udH{5(*kPGoZTSeqdyOjVWLDMc;W3n8!NK&$
z|4xT=ge@uQjvCXY+qT_XiG%btgZQSPx38;gL_wjWYA<8arpBukZQQ6!YSAh{j{{>&
z1Up$QeDo>pc3b-`nM&bFgWP@@F5!$;5%II=nqti)6c&`ZN!v6&(y!Z+Daj95TKspW
z$e^ml+V%8}BQR3CKuU9M?WAuN28l!D6>mwQT86^6hq+F2FiQP&9m;gVrI0>@L1Ffi
zR(516#&7Ai`#$Dq!^~EGz}mF6r!|nFw+Ze2$FoabMk?(*1@*2L%Gj~DI;p$e4hWiX
zxy|2Z*|fpaB^FVyRPnU$*zumLiFXdm-gkI#`~Ok)6<|%a|G&Jpq=|}xqJ*S0(k%_b
zXc$O0C@?0CqM)RX7&V&F9ivf^Zbrk#OUHmojM1D2fB*Nz-#OPg*L8M@gYCJWyT1K=
zzn|NF;)(Rv+NH8F_LT{*6EK)x_XA(0cAgtyeN6S#$ynjX(F|R5LIK`rG%PWL;=Z7u
z2Psxz2{1^)$JQzw_Hv75t|DAYD@@cX-PgNDN~3|Zlc{~%xNpR}IHWgQm1WyISy!}o
z^#KpjfFm5@-vVcd1J3Zua79@@bzTfRm~NnY@)i(_%F~S~WZjCg-OJ^NxPJ^mDLg;{
z`e_H>uga!d(BE_TzU|IEb3jc4F7;(cOeNTU#PN!)-9qlFK!PV>6)E{BC9_kv14odn
z(q!qM*D9jJSd@(c@g>N3RrLmOQekMMK$#gZ@lGAt`YCOYU0C^B1aaD!Emd4s#wSp4
zKF&lNpM)XoHW3wauP`Kenc9HZvzVCkyii6QhSkCuURExeY5P0Nnc8_HEr*NYFYyF;
zSfivh!UH(Ec1LgucYHZHiUDwibnTRasX6ow@Whk$prTH@64vaLz(j-o>Hg{0+3H2>
z2K82sUF+ZV<L-5=_o<P=+4G3jX-H#xef_wO_Vtvo`-1jO$ZpkKp~<a078)-{!dPQa
zN9R%Zg0=8JyXjxweVfsvrs(P66eFc0BHhH{YjPOXD7+&3v|K?lU-V%2{K_!DE^NDN
zE0Q1;Dr|~kfL!FhpI3QS&OqY7Kfmh}k8;%3GaoT<5a#05z0l&{M(Sk;pnmz+YadiP
zhF(LCEHZxhHz%JYWlYb$#P(hH_2E(C4cJxFa~h{`k|eLFbWOOiZ;$3z@iTg7SCb6#
zHGO?BTm?;Jxn6j|U-tCUl)#;}iJZaN{>rrpLNeSq3@X$;9FFh+9>;2}Y}g#^Am}4{
zd!K3Mw5HF@z@BRT1208FvRZG&!0=IYK|N0<q+l8{aN(r{$Y6rbE#cqL+v)1~Q~zLC
zMmgpUj^XXMW4&O!+csvnrP~)*oBqgr|GkVH3NHsjKlCA){RH3Hw!gFaqmtx5->W=D
zNA{Ko5#Y_#&367i_s?oNet&Ocx-gnJZdWN_hk+)hLV7P;qxqw<;`EZf9~T(99b|R8
z{4=Pe6I&ig+Wb*Yae9Fy86Ud;^|dW~FSB$J>vLDA{`W54HB{7U+2l%`69@x_nEm9e
zJmR!D3CEWai-CO48nc)<mH6*K{CDt=x}4Js{Hg6;NMoeB^useQiCCSp5iaC8{rKOP
zO=`nyhTJZTTtb<xThj%zKdNMYUsL{)k*UmT;-)?OGl4i9qVj>{+!=h`?<@SN^DCFz
zC6p9mvclEkNFIm$L13pBl)p+AhTR%9zlVmMFFC^%{N0wspqLhrNyW9H#EC9ypV`+#
zyyqkt{*NgXu58aeWXQ-iQc<S-`5QdYpeoegWF&gEFX}LCgY%F5zsAf9JX7j|CZ1jj
z<HrJD`TyD`dhlTpS*A&kh2BeDWF%~P@b$)A!w>vt48Q;9uEd%FnL`&UNO$>L7eb*z
z-^78UKwyDCJ-Iu`rT&$vYRj#-7qrG3nQ?X9TUEvJe)7y8&EN1hea-j@4)Z4Y8O~DR
zNL468LK0u?(5OB;xkm#wND1|C>>-FUMS5Dh_p6mL1`hpO;ssn6us(0Be|yj@?+G@O
z<lxpR0zqFW?Ha`Xy@<Mu7-OlxjC0J5_flb;9DR|W3(Q{9o^_leq;FNxT6^JD@+oim
zTQRZR?W@kbNQ3XuCAv5(0BD~3`yFYZyJsy(NbF8w`y_e$>nHQBu8W4Ta%gFCT^ktH
zjMPWpfbq9S7w!odbp3;YdfM<mOFq-~c$q=Hq@{L?uMHQ&@^izUT|m`6bD7^dce5+T
zCh8wN)zcRKo~K0eh?3`=Zx~DWNb~wR%L5<!FbakEHHAU4LN}jj1udI;-ai(B<eK7X
z8PuoLWATX7F1kPr@?3WZM$eV$7m0xQ$D)zZ)Lv1n|5kPZok%`CWu|ME;jdmciOR+Q
z-GlxvuHH6#N1rx+P6@4L9X!e8dh5SiRQ+zjIOdz&QoY4rQ!aV$FFyryA0FEm(lDm#
z0YU)gUMA_Eqw3T8J*r~!I;Sw`qHT7Ttj<S)qg|ac?Ps-`{LRtGZYw(U>5Tt*b<<v@
zA|ZMF=>OOU-x3i*8k;KmCTu>EMOf~Csy=@=do*)8tiB7F&id0?WDiI)UOZ19#=#%Q
z&q1#rX|x>g>?)fh{ZALC@3J>f1%<T5S2tLe-Ymw0W)2cG+2|71jBGFDt6xyjP8z!r
zcH_^PTzhgl6PpZxZ_JgpASJbuW4<N|=I3EnA~y){*}x{xZ`?M({{trbyDvTfu?}b=
z>6a{j+QkA3?8#knTZeaJ`6Gy&_*EseQizz+?f;sI@##!nlF4&r1I(uSdU5$xGV|O<
zNIs>iOQvluubfk)5b1xlNcjySDS7+<V@ncGX-jf|+Zc69D1)HKdD02K-XUYTx<)zi
zGfHSH-UyvP*2>@Ks_k`>Z{lqKKU<Qbe=2D|k>$Ow$zU+)Wkd#z`jsx%z`gjtBeFCy
zKPr)4lBO}V<FPl8E(HjOe`?{A=EpxeC9z>ST?w<Ed*n-*hpNIk`Ff2LH?|`&_Xs`)
z42U_F;kVGFOCA_{Vv&(~iESyHYLO5q+PYFUUG~qrluMrO0QV5<-y?<|_xbvCSru!#
z5O;<iS-tpH#GScUGYU>|XndAY@|R*6?Pt&L(S^?*d?qb`{#&tldb6F2zi)!>$D?aK
za6<)?_Us}<pbS7b;W#Qkt>-oNrUP;Sv3$C{<8zA_t;&p{NIPIiY#ckEhX0VQfK70U
z1uUtu&GHOgj=)9Vep*yH`PjBj#01J@E#UF+|HX-sxId}!8@4xUxKiH6@dpXXm3|Fl
zlyUDw%G|59NUy~Njuk}QefM4N2|W5awBZGu`stIusciGrnSe0f0E2Fg@28nt%YUxY
zs7OBm=Xy=MNlebO@Kxk0L4_)b`j@?hZ7Q;AKze-VPf9tcea~T)XZ$A9E|^U<p<9&l
z&rw~YJC(g@3p~&yx~G%l*$}wFny_fPYrvb1j8~G2G1NA|Q~@rfAG#T}4di6p0o%qW
zePK^lp$|K=QchP~mW+!;@@E_)Mx$I+7ryGS9ZNTFOgqcb@8D%tkPLlBv;#zYx)NEm
zR_m=r2+N<0{(<l80Y6EfW`DBTI?Jzrasen0SZP4br`S%CvSR^KV&E!$YdCeF=uRoD
z&Q3}tBqLI^8Ib+xM@1rY4{r|ZIh=B-eUH|B90&c#A0pkxc7@U;zRl9?+3o!6+1Z|@
zH#<Tv0=A3)Cq>dr+f#L6G^-p}?GL|{-hga)X}>D9QL$~{biea-0#9ap|Nl;FDVDiO
zr4A}fuqo#BOdkA3L*-UIPh$0f%(=LJ3&7C`$QL9@X&=AP!O!m;u)im&I^M&R2R_*I
zak(JlC3-uy+Y=L)3ka}+^3epXKZcu<nSF@aOfuzrA2X`Ec5g5r%N;3c#Rn9SlJr@C
z4~<nPs*MrStH$~X>+{$z!zLCG8yK4^2*Ki#uyd$!CZImi)^@XIp;>~OI1`4LLOxEJ
zm`=?QFVC?NbMm|L1_m@eeC9Q<=5m{*b|k!y+T+J{h7<oPtz4$J_pIy+x45|H!?WXp
zd?op=^l|iJf$rXLCaZ~v{QSiPOPzUs&FgLC!CY2zr?l9|aO6W*k3bn0oIj3TLo-JL
zhN~@%4J<K=;GTH)FYUg(U)!A<HD^(6bhu8M-Lb~0ZK|OWbuMm5Cbsr`>{TB%c)^yb
z#^}So&0U=nhTb2`FCKw%$7v(EtbW@_AJ%qDZyX8wr6+zL<#U@dt6aIQn+uS9`IrjG
z`rl4|nwX_27ogFhL`Fs@AbDf2PCWX+e5C7w4P`!ch=Y5A(bcO;DsJ~Wp>y+j89!;i
ziw%*RGP#Ku6w0*p?cEp+V7dF{0IoZ)f6Q;%_4E`?{Ys}t=0(raS7q!PSoN0!&)l<&
z-7;-GrAxgJ{{glIOaQCL{EYfJEbTDXbFmjc%6)kD4h;0C34(=5T1lCHB_$1cTs&_e
z9eX*E)w*%|`lvuLkrhEq5+$>`))IPS{PSNV(q=F>a62VNr(7)e;A&gO2!aLB>?7U@
zPjU~=HdQ)0b_vM8^4Pn`$_ktWC?~n4xlXi~H*TmCPaZ&PM#sbQT^budBe?DH9~7_L
zw23X7dfg7PaBJba2o2&6cpN(Bwmox^gfCuhK<1-i8r_d5hO+mboL{e<3DNk6wcU0q
z@@iLZW}9fd`MkMF#-IqSs0E6@z}aZ%8j`=Fz$hrx*6icAh9*ecU4765Yca0=b9MQX
zQyAnFjR)UTkaNz1&!N6uJ03YA&#e9!J`EdVwTrNebgX1kaIkWyT5N4ma-TL+i+fPp
zjs3*Jl+U|2`}CwD^-rlm%Y$}ppMh?ERlDluUnDe9)W2}`br9ih&@J>)IAF)+`AZ-V
z&P=2gbCmwPix8vY#g8RNNB8<*YYoOmoYtdY?mTyV8PckKc&}I?>e4F60YMeX&)@l0
zUAL?4)Hux6_42D0AFEcAf2(ZX;0$PUG9@yz29tkjDuq+cTJB0&#?Jy52~|0NAaURz
ztPmJ^dQ09I1$ubnOWUnWs{!sN5^l|*iN9v%C2#5Tx>&X^u_}AY$3>P|C@I04V;J-u
zVJaJ(R0riLTI-Qhy7{l(B%PBpoa;4YKH0g=I@Q36ZI+Yk-Q=lHKpC$c&A-VrtrJmK
zXGZ2F;vW7xly3hfQ#g=}ne<%uT)C)Ig#72voU_8DCXzAv>(_Ixj^5EPtx+aBpB7;b
zI4-hfukd}kr%Y}6@M)wNH+G%`!lkHF%Ra0FD~paAYu;s8;`r)(^zf9gu@qagdggNv
z);Wd}_HfZOSNQ5&Zb5#*aa!sn;tC4k_GfmuKf_qQfFi6H7vjn&*;#f_Gv-74F>PhL
z9hqXG+8eH=|4qC#K8XYLl5~CLvo?YM2jB<2F&Bulz`c3Din-JY8(;#4qH0#k+>zv!
zv05$Pp;4ucoiCd=+^;_OJ!Y(Ok5B!pG5aWkJa5hk5A+n0{ht>f8MU$;kqgOqSsL}b
zU;dsXH0<(iE=4POo|`P^O?gCMz#mK(Z-2>AGU-Z*EqN|_f&2QMaHrO%srVco#*Eh5
zTaRYgSsdq9B{Z+r2et9~1$M;v-NwVDd3q2<L8K_Yyw;UetS0T!))JMWbe-}aD)Xnd
z+#!#RnUdurqv#Q;@0|+M;U8j4k&90^b`$1AEy(Fr0BwAA*@ceh#pl*3276Dnx=!0K
ziUW>v6NJ~iWTxxxaU##KjQ>mqc%R8P3wH4|J*RqS5+X)_<BHj1s|T1%Y|C>Z7M&~i
z@S6UyrIrM(fp%zHzvJsV<(x=WDKYJ0{So-;CnyVq#@HZ3;N9k1_#a~=A<+Vsn|pdy
zLa9gQMQbhjqr$|X(3rB5?6+`@0Jgh*IFI{ozP3`p&ETq1;MJape~&`}#^ZlCZ*^S$
zK>X1rYav^Wxj-1;Q@+A4ikc-pKtz0k-jgi*d&%SdoPyRe)wAZ>TZ)>1Wro@u2CS-^
zcukslGiU>yvO@t6$Td;)j9y66TBlz><!4mv`EX&(K}WIwxZd`qxJfmT6?6L*bzXix
zd&j}~ctJQOO$)BAc$Hd+-AYcR<{G(@<*|RTnD6bX&iS4F^jaA{0Lno2HoZy;5;G!O
z*A$C56hGC4;6rTHaQ_#;cbe$ZapW~D?{?5GoXTU=k+17K6P#x2Y5j{!z|)uJic3HS
zL=O$W+B}e5S~AE~R-p-tG_TW*bPz}Y{sDhz>uCY!!@2*gx|HH!17CRg0>*(n0FFGr
zkf(oD(aMrxth|0SOLgx;S_0eq*iSUpCmJ8P-U&Y!en=l3oxP1h&6J+_ibo(99A73#
zdUO%NoRO6Y9OG6cHhE(P8{=0D401nmLSs4H8qcJc`#s+U7GaCOr8YQa!Y>4MC{J#1
znkV-+IK}`ntgiE=l1nKNKNN7n-WU-+cSw4Vdzj^kRQuJ9h%sO|bH(xHR$g;fVid7y
zQ-)BJ>nFSyycp$C-*1Ds&SyuaFJ2|R<)ksTImV5_zjFR;+&z)~^VK7>33h=vHkoMc
zb1~6UogE_=twJ87&NL~>sMl$>D7$oQZMBga@GC96C-yMu-bNp1cmL_9jLdpNoB+0U
zPwZcc3!j|cOrgDdZmja>FAD(-AdIyn;dsCGrGL}eBxkd(f_rRgEc2sh<*TxM(&1WT
z$pQB#Dz^RZW!i=ux52DLay=(r!}(PEKX^kns%iRDliM7HvZ9)flqrBO5c~L^7eFO9
zwwBxOKY7xQJO{0wH1?}gmbwkF_?z(KC$r#leQD44BeeGJP|5j7m}B;8YAmvji-kg$
z8}lx)L)9r7Fb+d%H9BWx(cRP1ZD`N_`_U-y)cS>`pPKdin8S@QO^{}&<vU49@ghOi
z0~tsTi{b`nsv7V%UK94nD!b?TQ_$jrc+0wHgnfSBP1tjt5BnK4@y_L(Lzax6#=7{X
z$}V!i(kHk9{tX5ACd90Bg+(4^u2p%Mm%VNcnByQLTMf*aA??3Zy<cPKwwm%JDsF6C
z&;6ia1P3=+TnS2El=b#YR`W|g&8T;(+EW9}w(C=O>|B@_e%5{v=3g9-FEc&jg~*N!
zzJ<Sgp`=v&KOgUCtE`28;!aReTJo~1>m)JA_|TBm(Y1{|lRqodglJq<<cl_4#w)fw
zaogC5XDnrqyie=6em_iVgU?P;rNfFB@AjrW=t<4P!EP)2hNGc)S4YW==j`2r1|x~~
z6S{9?uW?t>F}Fp1p~Lg|Q@2Nb;WUi6IRn1*Z#Vu{PC!Kgjo40yUFQSJpkv}#ZE5V2
zo9FNOwzSiDO;-=a6zEkO04THOvXv1nc0JwRr(Ia^E&3XCS6BMn2Dm=7e&X-9aFTKx
zBbk41OG0CQnsL<6Y?58cUMnL~f4o_yighOzR`2(ssk9AsG-rl4n3K_Sj^{~=QFd>9
z-s7v+m;hRij`4IOo{#7-%*42ZIYmz%5Z2Hj7~k4a-2Mi9Dh<3K-il2v0(68~X_3xn
z0fgtPK+5%~e9kydM>cje-acfzY4hCCv95-S-KUJX3n5GqQzk+MH@EvI*J_~qD{tXi
zO&&og?Ou0I#es|>L7TPk(o3xm#u>G<w(U6-4XPSsL4IR5hG>YFVxj~}p-XJ|z`Z}i
zdXl`*-t!SFeeW(Ww>4d+=?qMI9SR^@n28Z4=ZY(rUq9a-3q@H}82qNsEQ*Ke?|=09
zK9tzrHRqeFlA;guSgCF|D08o8SYDRLqrc2X^v_7ZZ3mZ>=QljV2uO7=IX{sZ;C#)!
zJK$7xt8PkL2@+P!8>_;)d0(FfE_K)8TLN|}F7M?85p~H7w%8i8`UBjsP0W?@D;%7k
zJm%-`be89#R_vYYvw-vmo7Y|1x}hNWWN=7h-K6?8UebJ_^Jb;VY!RKq5E)ksZr!z_
zgzWDJr~wLQB^)%yc2zl~!Yo9Di6Hyqyft*lUyTKp@g`s#S9Vck8@JLTHflD%`F*Uz
zY5ogCbW}8Mig!fd`9k@5Ubo|EM@Gd?RMd^14h;4^B!32<X)Jf!N(^=<MmoA2906vo
zOyFBYd6-&05kFW`&CEn<8M-%hL+yamcj=vR@3-Wa=59t%*><5M4%1GHSGGZcONXw#
zFa}zLM-^Swq7E3kg=q0)VQGKi&cG;C-Qvz}Rp#l2PXiDK3XCwn@Thk_V{(4>%!)LA
zZk2)Jq9~2HgkeRUFrhTF$<+JG0BDezor~-zj)QO6_}PZ*V7FPtgSG2F@;PgxWy+jH
z73AI3Lp;U4!lLbpj>VgeTjNLX{G2g3lS;+VU;7=9NyR5~c{~Z(?G^(EAZE67ZBK;>
z&!vWmLA?J_9!J7Hmc0IOeDKrY_}%&1<A>D<VqT?ax>8>`H(ee6Wcz3}VtcO@FPmQ(
z(_&Qy<O=fdQjK;yz>un|YzfiN^+9?nOk?a2>jXQ)5i`5VeH*NSk-Q3@#Biul-0Eiy
zOzU5?k#6g$j$uS#%~y`&@(2^T(hvppKK=7NkndmDEKu>cuUz6sT~yULo?FCiZ|-7w
z5;E#;Bsb`l^I{q4!&P=<0XtZ`!AJW~BdYIQ{zS2&IcHKf%Gd|1w*XLcV=s0{Dv0ix
z-=n_21%Qf^(iRhM-wI1Mox<TvUF_YjG`fWb>3Kybjh-V{FPuAlWY4HrRJUL0RJFhZ
zWLW3cO%}B#?W!vrO!%G9nU2(;V#U`QJKAi9{`Q1oh@Y&y4?W0PrIo*|lrMEFd)fcw
zC7S^&g+ON850=}Uayr;pMw%n3J0Fq{SFayEsmay743BYk!3Cn=t;I^R=cQEm;uzEI
z2Z?Xm`)SKX4(lDva{|TpYd6M{6O`Ph<QYA;(G~lP%Lqbehjex4p+*slW&=3B2#Y$*
zULC&5VW$L<jbKb?`@@PQ3ELUFW3miLu0Ei?&y4-FK(I*7_r)UE&7<DD7Rd4POY+Sg
zFNNJeg-h%uej3u%)6011n}l8>Y>|=<<+MsdaPfJ-bGbId%vo!5H=8NW!5c(<>JUaO
zV@llel#tv=VxNY(cLOIjv)pF+vku0?${MpHz8B#Goc{w%r`~*!*w0*BI=etNm0tuw
zXqrf#5Z61hM{ZCgZIaNd+%<cndS+9O)=qAHOBZ(gTk13!s--kCkaGBEXUod+V%8v#
zg!bBIxC>=jp%b`q?w!Bdeeo9;KW-pC4?MiG)N9H1gJwebr|lTgDgotywry(tSxa8d
zHA3FrPh=zIvxb<~Dckn%ufg+q53E-LrYZrO@+XOuilTdh_DR*U9qpS@l6gQU&dl84
zFfKLX6_3lb#rNjBPG(=Xw)ypUy4%aCBf#gYFl)90iotq44|DF=JFXoiThr;h$m6RQ
zBKW9!`5|lEditN7)PTgi+#(se4T}}-gf_mgw6s*sWgG5l*VmW|>NXQFwniyk@e*m;
zx3+y5p+#s{(@ewUYfmT<W`oa(5gQ4lg9BH0OSWqAw9{1a$2HpMlToDFJxYw1jxMCz
zMG;2r__Y7PwQ^-uhP5GJ*%h^n5i-P0`r#N7)*pV&yO5yWn9thBYf=bDTMfJ3*@*&}
z`VazCBcU7ZXeU^jQp+w`<oIRXg7moM7XK`gO9<XxevgQ+cr7nxK5i$uXaRh|S~Qv^
zcVBtCgP2hM3jF5Nl(B_A2NPJLJpIxFl2t@Zs@c+)V?ryfmwI(@TVlnRg!WYD>~y|t
z3|F*^v>R!u<LNfh&1aS{$wDwT(BRZX#SPDkWZCrxJ{H^EFc5OI!tmFHP~u^%S(to+
zNQWC*q_e`?)$*GA9KF6U;T!oH{OhAg6@%)bf@Iy>D<6vl+Ds-s-!LtyLY^t*RiD6!
z2YDYGeSl=o;g-@`=abrnLxJAdo!VS=@wckWwmCyFnAcl~co9F1L3_uxbSiA-k+A!h
z+Hx&(&W2nKb3n#IUN?%n2(!6dq^t!$=@rK8dJ|0S37v@&cA*Co)93jQLn9%5Qa(eR
zd11qa6Dbl49D@N7;^}K5TXy+=KsMs?r>09b*!Rsf2gmaBZcIx+?$$`k6RK!*TnYpy
zu#}5C$!YfE8R9Ys7ll?kSe3zUbn(PxoEQ%n24M*y!J^Z>N)w}#9mU7`!drinUks2^
zJ$6cO*yC+%sm!O2Ork@BS*{9nCpLnMPKv9CeX#uOx(J@calMyFLuBBch473L`HGSE
z5JrRQ=u3`XwLapXJVw6-5U>-GVL`u~Ff|J+q3A%M+Q=lQtT!R0aoCYd95<SZu=4#?
zBW#5#5<tovxC?vsU9XuLD4`MB*X#z0kt%wF5bkLX0(roBN%@wYI<`CcP)h;bOXNWo
zv`@;$Zn=Xu%#?zUO<?(>Gde+TK@7_S-)Xlu4%dd>yHeP~7y3kW>0UXcuWUZ4&9t5D
zr{!}RFzW^z9zF9^TZ7Z*HD^q!Wa&6T?Drv;?MCQf43?Rrgqe~1eA)8x49m_KG~ZFg
z+Gg|!`Ha%Q(GwT`4D~>UoZ|8{h^J1jsys1&my+n5tY?4Cb!LMWa@6<0+|ymrE`b%|
zj2|pMcI5MOEa8kVSMXTxa9=%@O(Wzv;!JGKg-L5SA;bOxp3okhqocL?ic2rk9VN4F
z9T5kxF5_K8F;K_Z!S*8_x1lfLG$OXC!}x8QWPs*XX(l>%3*9@FN^mJhFbH57Ko*1Y
z>_lzU@$ej{H6!6%uXwtI3S$YZ?<Y+}v|sm-a69rZgl4&SnPK}?Y9E&-DgK_wRUJxN
z3@=#s!Gy+5lM|51vz)yEcZTMf_&*deapOOVczYruxzj4|(}!3UCZAtDw~p3EdA0Pk
z_Cz-PCb={&)4r9g*g#_wQsE{EH0XGo3s%UwWBN5;-3;f=XZQ2G)~l+=dElKni^;xy
zZ}IN%Tp4&kC=rlyMU98~Kvw6=iZ?(y1kLlmCBbgrpJH4ld`|Ow@_c-U<Fc}Kd!1;!
zx4(M+n$D_tyDq4ttjaCk+htQAbLoNXHP?r)TcqNI7yDWS4TZDKHNz~6Oop@iXO-)H
z!;<SV`f))&@Kh`BPr637?Wv;L82~P?7c41Kd;8W&Z-R^wWmeYKhTU#g8}JwL%PFbn
zmM=&5f#VY1AwYH%W|XUmX=LFJ%!=chO9dMq>>hQ039VYiF^F-cg>b%o^HsEAd`osz
zWECx?64aCmo$_qIB2t6N+;?2}W_<ntNXC06^nmhIR~=s_@}7%Wo3L6YCO2@6yTCo_
z4XR#$R+`KN;O4RnGP82DJ>voTk9YB+&4t0@O}}rKYjwXp89FU#Wo2Un+2%0k*UYq=
z<?Vg>R35S5D0uFzT7rHu=Jl5b!=$1E34?SA!RSGeO2=IA6n5Ms27Fb?*+Vi!Fs5yd
zB3t)BHnTQg393)niN3t_ZNe|6Hs1;+(QSz~)ZH$i{xMl!kgRjd#_Oy4y>@{()q%{`
z@)5MjV4^t20T#Zdy{9XGa{LyOevDTSTTca1b#Y-24y7F1ww~UN+Ub1V;V^J|MDDc4
zknR0eJa43;x`MPqCJ`I*{>szG_U4f9*a-tDM{SXz8x&JfSZE2+9ia@S^>X&Vq7cc+
zDEa8ZIfiSR%#kdMN9I2m=x@SQIvA!8syXYChdn~QDhp8`ypoaw-NS|-_N)}vvceAK
zpOqcFjB{Uz&H<IH9%-gq+#M)-!JJb*S<qOAN;ih^MgO`MVr3%HcjpH?2h`qCr{sqt
zHHA`yrp+h0`pCz8b;|jrRP%c=hTB>FO3T++6?s%yp0pPF$WcPn$#qA<r%6j_YVdW&
z9bFaniZ7(X)@TB^cT@xNK5|9qB~DZ5G`JtVGP!~_SHij9X*XWiI2lxEmLI!C>(qbI
z9F`#VY3#<qt$+1_|Bfv&=>gcCz~Q+yWbG3H)VA6-&pZpSo~&Gpt65)|;)i;4GqJH5
za>5O%Lo_%drgM1GbL#W+$9e2y{PG5GIe+TmQ*|6qO!YaS%C?ShTEP~CI8<H}+wU`}
zaP&e_AOA8BbEFAORmb{O7+l%<^f4qxU`Sbp&3!#vjb^G=26H|lwWL!plfvuNSc|K%
zenF+EiH}k^nyoXgS*%~9Fi@9qW!uuB>kBCJ>@<6O-;S|mG)h;?M`ut!o$Y)Py^aj}
z5;UJXVD&b0=Dw3(HTGn+lw-aali3TOU(Wq(OG;I-l&W73nZOwa7~G5>c|-eCbg>J4
z>)t(j#qnx;)Qbp-`thh4K``{=<Ht<|Y*6wZUBcE(qYr%-<i79lwku~0#@HjxcOfST
zGTn8Lv|^0!V2_!9YX)cMAjs5mzm%1evtMLOe1NQ|uCQm>mX)2Iw5l+Lw1oeFX`$eG
zin6*&|F1%BSY2w(XP?>aJw%iCD=03KzuI#(guM|2l5mytGr8hw?*7^8$QrS#ePba4
zJSe{yt_170TWW+8(9zEhjm&BLr?DaBH-ZfDMIA$lj6zE4S3qxa1j~iIHjFVs^$CDF
z*~sw?h=qr%YkwLtY~3;Ps&I;^SdPAx${VDe6f16+kd<J9nW=q9XV&k->y=|@R&~5x
zNX!_K;O~I)@TxA?=n5=PgavtbZmWe4W}&D+06D^wVsjU%Ek^QUkS_aQ!h^{P>oWS6
zJNf2QwTEh4jK#QBucuP`lveV5*qcDt>`KRebVpf<RvU<HJ!n|84qeJ%=3Hh|^xQ8!
zrrCpA`l7_@>_aE%KwE;e1FmE{9c$dt5ANsY2T+blv(t<Z)jA7fkW7<}n$_A3wA{9m
zb!zuxQx3%QP5di03|=LlN&P-wpS|vLVmtUnw^rxEqLJMJ&01vA8{e`abPgzu3E?JP
z(2F0dRiAKQbr=*7-(R(dtner(B82TaYnovhhfNn(gkB|1ZJa<`yBn?n&wo<Y5aOT-
z-ZJmrUST{tP&*;dsQ65b_`#E6+vFtsYtx)dH36ub$1PhMM|G}gD!IUTpleQpxWC@d
zXUci;=lInX$;@ZYg0_!_y?yGZU(zajUW_*!t3zp>M?YaygeS)4GB@T<K9tE1+|QKL
zndq^c1=(HTX5Rk1h4J+@?Os(=_VUv%eBmB3RLt4G5_c<=jTyNTEhqGyldOBLiqb6U
zxqB3The}yji%djmz%Mx&yas?)1n}F<aVcWgqtQJz3Y0<V<FWUh>y^>!329Z7CGl@V
zL#||@Gq2AgS@B;`WyVA9gA@h0x7=IH1kdds;_=*Rpo+?7+Q<1db3bo^y`_V(`XwfQ
zp3vIK+wBeX;547<ZWp*bZ?bV#X*!akaW;$`!Bd<rEUU*49BRL3!->j?e5f~1=B0z6
zIr1ahS*f%ITUOjv3a1!KDSzrXX;=?hghUSbpiZ__kA&lnaqk-%MrycgGfv}V9Y%CV
z>)k5_UCDLX$@rZuva&ox7XzLTPxPw;5tAlBf%IS(vtYVoK4lI|w}=ksa~u;IdggZ9
zaO$;!lCEx0?XHu_-eJqB`q_UCDYObx9rz&rCOCpz13#zWIDz+D*}uQ&u;cZHE8o@f
zPKVFM@Y72Ts#qGwL`=^pNfNZz8W6F(%8SfZ$0tF;5!^T>Am%+J#Q73|1`)oC6b<fs
zD=Ov)6Y0hrCWwnY6HdP{Ngn->Apm1xyT>be2}ag~&WLPfqZd~@I@lRrD3~}b#C70&
z)72YyEA?>{T0oX&!_f@5u@`fgAThWf|Ju8Dzd4yOD`p;bch-@CkleYCo4c%IXCj3O
zYdF_kP*-M_d>p?nW{ePGFEP00Ivi^;#a>B=7GYZ(O&SvEcUQZjZImHM3N0QTOH*wR
zpT`oROVPMXECN4rw_Y&X0{TP;Z`Ux(@xE1)_+{r5ETm!LPETSguBc%yb~XzkFa|xS
zy{K&W0nir>Gt7#b+1<$OY=uVi<F~y>06UoDNQHH~IitG2uW>^TaEAQr583#j%i{C!
znp`pGy90aXk%V;)8SjYrx=qJ_asd!LkG?|>4mkGsrDNsu$Mv5omg-Z;1r8<F7{HEq
zrYRd~1sU6yH<yA6f_#X6elJjVy~L$kg*{iXEJbT-5m=Lo#!9%pYVzQfskO#B695PX
z6Zyj%mApG}BItnC)2Tk9N0_fvV3C`y(f%tQ>B7sKS94nLazGTXzzfnMm%f{2=~(Yc
z-18}~DGji4bgaGOC}xBc<nt}$Y4(ACczv|>Uc6x$ZD>Tc2Kra|k&L5!4qWpvCRH{$
z4SVZe(NS8?4rR8=giDef-Pz+|ITzjV<NB!r&fnMt@hLjT<-_<YsKo9d)NAI#34$M}
zL7KFaiG>mC!@@rA9GGZn$zs^Pann}TuFwsBP$^sIRy|!pEC}Zv*5{xjgU1LD-U$?q
zk#uEqKCYS~?t3!I?OHWPXN0tP)Q;3lBC*EPU;)0LY24cJ@4(#j-OvMEGH#^4jIl}-
z>3gCRh_A0ZNTgf2=3zusb3l!6s}E@=*Be$O7fT%Ok^#jHVt{hGb;E3^i8z(sctYUh
z0M|&XiyqaTD&dNaCxH|@nB(SUP*ieRb&q4jeKF}N4kM#AZZscZW>wG*j7)`GOqkGT
zw^xwHoKH}2GOb=uLV=;Z6NQDeP1`}dUQ65bv_6*)rorZJ{a0B$XIp(}#xqMhrw65I
zqxY6R2#-kQdWBLu3Z33FYJqbM+BHwN?*?ZgM8M}9Ar2LH8v>TV);gDXC5#a`=w7-$
z`5y9@fa-FVXU4Q6J@v;xt-#BEzQ2A7!<Wao>x>Cn!`f3vJtwotMcwH7#hs{byEZ#+
zH+;1iVX>^%elJ{Fj90=?nTIqtOrk_7yVShAz*wT`yLOGC4q=?zH!zbD#pAlR(%<ft
zDrBz$^W_&-OxTH9s>l@b^x8Y7!H6V;Oz2PY+&>csuZ^nbauc*QHFG1d2(W!|vC!NC
z?cl*fZyns$0p%cmsz0GaQQO!n>t{Hj!;hR+xD7x1tX|XWIGz6~M+NS?{4sd;4VtgQ
zbFJl()?mY=05s1jp|%1$Yf|l=^32dhHe!mS(9-Sonz$BHWU8(2CVV@ZA+zP<@-iR<
zkU|ysXJPFHQPra3?%xW<+pm}29f*^;N$8I^(&q@gq&+7&yv8}~x>W|5)^q0CidW1r
z_`2-a;0|c!21rA3iZAa_WmIAlr5HiA(kWqBP9QH;o^vT3XM)utzPAC58(l*$yX-YY
z_cfX%+kresn8X`++8~dLO6`q(rBZtkkZ7#unqP2uIE>-r$3VNyjH~gYw(nhBsa61a
zmdDtsqXZj3=R()F-X21A^S!ZJJ4uQA^~J0-2D-&@&3l@%ofo<DI)s<{R9yw~bTvPS
zH~3T)1x&{^39p1bB(fC9*i>vlE-tH}2eIBK2sK=(P?oG0l}Hrz9ptsVR5o>`p^zzj
zbn_RrdwnHlM*~li@wp@Wo=n>Apn`(P#r_&*9V+c%=I61H;`|=&W=l>*tTVftV)m4v
znQ*J_@C+D>1FSyfBuomth&DSrcs)Ipo*FSIsK!hP0~vn>33iXIifHU8+3nhQWLp|+
z)^vG$)?@1}KRpYz<<5{oq;LP7kF6n2CV4KQ!JcEigUhPj>{g_1XX0W_-hIay1L-~b
z&e@bTrGc&(i9Y#~5gNMRZ8kQ3i~2S$q-fzX5J1y-SlBa^ar{OYss&?Mz9S>D^1h_q
zpmMf&Y9kB~@Tg7yqOq~PS=ctPvqvr#%qFgtLLshEafZmIOwMMxz@-dv>`VI(-7}pz
zw?;AJzTdDZBV#uj4)(shfQ0n_^nC-k1-T+>c$!sM-%ns$c?AV~?|gc|>ynK<DBf{a
zdC*T^>9R84tgNHu<<t&Tw)Okv7dFgDgI(vFPyM-~0IMuDTEd2xE1zkH5P-LmP)eM$
z>HFpj%kaXVz?0tY?;$<)`S~&mUv1r5g9{T#?I<RwM){$N;f07OPQ?}N>t<a-t1nOZ
zoMQ>o>d@t}y|HeCRx&c;$}?V11z2HxEb>m{RGxBc);@9=TaME5kRv3x3l|knLML>3
z*Nft+qnU5iHWj?{bBbTjNgzh=V_UI^l{-K4JzX$WSsCN5Y&>NAt4Wr>O%q{pZNM+`
zrscb7?%=tFq!&Kw9~!T0)G{RMHXx%#$oO%~gfMUZ3K6ZDK^Cf$jL3u5<rq+{&D)W?
zQ@xykJZ<b+qDQq3CN@)0=?Q+w%Jv2QnSMr7Xg6#&7M#p?lo%4AN6}Y<*?1B70un)h
z6nekXaRwi3_WHI82%vbZ6~mA5p-w#Hwz7iGSRCvoh`}RE`Q&XF%4_{lHOOr}n?dfQ
z{*VN}67zO2VP0*)*-i`%d${(s7n<X2mjN@E;rEcNQ+lxe3jTq~BF9SsSL$ep#P5t*
zBa9b!$*g<6G;8kh=pL6>w%mnJ6f7FY=e=Q0&Kaa@A`~$v6MQDVo0Tl}Okp1>8lX})
zAMtoE{Y`_jwIdX;jZW^>27uo)Xe*c9nW(3|E2wpqgmU@8&?<k|v1w7FlXIekn7E3V
z@JHOZqHV)s@@|bUhKtd8Q9-x4Mmj(6hs+8V40Zy|-^TDh`H`P%?OUdnm!}ef<rR|N
z_}bd@8X8QYz4)Qy(LyloNB))vSNYVu=9noCXEnu+R4efb*QjM`EbSJ9E!nbI@vy#P
z+rjgMqlG5n6A9c9v5;{elW>ofGw*N*O#vE6@Hr^3{KJ;_-?3?ri01v`jvr_I6iwpT
z<e^@$HLt-QxV<`mbQEsy;FLKyy#r|rC9kl1?HLv5o|71Js8BdpeKEQ$&e+u@-dE^x
zJM^UaV}ZTFX8O@_0l5j?QkzPt%|n1OwvHkieqq$qm4_g@U`^cUwLI+z(cL>!M?MFX
zZS&&pu+iz)OASFuea?Q+2z-g}Q5}X3UZl6?<*;AgPFhi6B-3v`blYLQZUNun(eq0!
zUZ850yH(|(CSZC#a3*op*0J<|y^?a_qh7+(I6blm7N4>b9{rP%dtyG*-vMXM#Mwq~
z<@lwoC9w+#r#8m?td^rNL2{ZnK7U#^V_{Ws*K?)RxAnovROi8-8j=pQ@7r0DHO}ek
zv0e1ceK`WJ<r}ll;1N)!f0?$yk-0U{PGNEBo3X6_LV;+?29bk^Q4hT;*0O}`|I?)>
zc~As+Co%dPRQ>Jk2tKo=6yUJ$a;M87h?@0i)rN!ARvV^aAbfftF~9F5@jNdg|Mp)|
zx^S%?&KjYtpCelKE+=m(@@;x_W?t*sj}Oz(a=ux9r|y2KmYgp@;LguPF{0yITh}JW
zZ}+&C(0j06$nEs&o9}qt`eiwJU3aOv{Snm2T|tLmlKLF{Q-K2m9qYkyw<iv)jvv!@
zNU$rCl98c1d&Q<vE#*-bV#jS${BC{zo(;M2G@81_)tl~Z?9L4Vqp@@)o|^*=`%}?J
z{P>turO=Y0yIXnOit&RISm;T>5H?`*hw5I(GlF|7IYr5m1e`#q4U3{ot?{#ZMxkWy
zJ<=5<Ua&fDP=SQ%Jh1syg9Q)+ZdA`?@HNuX%e#m4OZ4Cv4Vx9$mz`N_S&Sue$~>9n
z_rXNKwuLNi?<0Qg+>XMn%|}<LEZxlVK#^<DX|x~4zRnY`g2cXnMi9hy28dp6RcSKI
z*8|Y$hrYPfa;46B@MSg$oOVEBFPJ~2#huZ4q;D#@Uz_)ZTkeScW|o&(tl1Cy!U@NY
zJD0??G#hi~&s)a8+oDnF`lz#qIV5Y*6WV+D9`62r-?BTf?X^R>h6z{e6I~4r{u4*B
zLFzQG<F`Rp2&fMF4rw{}l(TsLsfR99SW+D=B%$SA`@raWv748Q&o27dZkF0%M?gk7
zw4`09KXxrB)Lf9%o<qlqdL@$I<2&bh)%<w_VS!ZT!a7A|YH#)?E{nT?g|!QsVBfL5
z@iOb=|KRGReb}wC>-65j5DjX)wJTcb>WEY|)B9|eDEM-!eDc87v)*WoF|rJ)K7@{t
z`1`&fK0w_ERn)i)^(2PfVNkSINzSe4Y#ah$x(oU31+(o(dg49S^@aB`ZUX&r#`DW8
zi^;dGZDiA*%V8T$9J9YQ?kZiDe~|k*8srtRN|!$GcP}sWK`oDqvIRFe#oCR6?Om>^
zSU~Vs{Jq$59_Lu(+`npHKV=*z@LVJ0_*S}*vP(I4tsdg$4@l1^*)TjUbJG{Aa3F#z
z!AYp#p_Cn#3UXf<8xrIGL5#Ikity1mv2BldyNhNAoZxt~C;5Qq;sYH~s4usPpmq|^
zU;1?o%*Ck>+HdXT%5eHTU2|9+=IJ^HNYKo(8pc4jpLR=mQ(=8|(U;3#yEX)OU}#33
zyjYA-)o5Mnki<1MWQz<QEP6~p7K+t^DT&4z;lPv#L`2H@kMqKMb6RHkst7abyo>Bx
z%84~6vxuQ#SE7)ZTX(x{sfd{8VJCZi<#T!WEO{WxH7N0Hb@o1SW2M9S`Q-jM^^qI?
z`A0p9Ot&jT9gSf_Y#}=~`c_}l9CQ#oT*lT^>f1iEW{Xm_!&bKim+I+8@&d4RZ;C~c
z+v~wcp4%bp^VBhUP?rqj8Y}<M;E{Rfcmi^+%NU)H`y=aRXZ6*wX&jQJiR;v{m~c%-
zXC?ck8#>p#=+r6fr$8MV!`!+lfTG)$hn8g@fh02hdpP*g*qsHSJpVReN)Fh9m~py|
zqB5qbSpAz&3oF~9707pQTMDy|1nrGMZddlcYgE3a$~Qe*?O!gA-$(EZpkO8|1K1|Y
z%w}z?cf;0qM%p&(ejU*v_(e<h&B<J8_DJvdf_nS<fe2EziA%<Q#)}R|fydb&bkbEX
zaSJ+QkYzpfDn-3}MZ!NlMeu+nn`=#Vf;n1fAT;=TwI<t(iaV`7Rn(M~ty-^NB-Rj<
zrbh0T*=+FmY%l9J987WUN}c%ZSYmc@Y?gNeYupuywTTQqgl-}QrRgQW(ycDl5iq>A
zg%nC4!0(B<%`4jSkhgPXG}vBWNubs+cjz$<D)f2-s%UMP^45FCKACQ>rUo}v0H|?0
ztE}b#GmMg06lDG2@e@5|h3h9{mHB928my&7J=)w|@$4vn#8*rKuv>v`1xr+y6(&zs
zkH-RGm}lC1FTO=TbLbNhqym|RcHifsjm(HMhuP)VPR{oOkaV1wHE#a->F9Vb%(W>m
zXYM+TEJ%1TvCs<$EOPq!nuoQvYPofW7VG~W#gRTcMkl3r<l#2v8LKN!u*k7L6224J
zZTIwtRexBPTYs4E%48(IFZ{f_MDK%%xno-IqUFPqc40pUmoV;&?kFcebNhf1%(cS&
z=<XWdGZVQLRgxZLzuji~oiknkG%Wn?d>yY<63-q30{BtXBszh&M{oAp0JZ(B?5x8T
zg4oo><UP2wqkx?32i%Tf(a0Lg*u>nYwv5PXZa5J?_AB%r{8H_Oa?qkgnQ`X{&kGG-
zD_*fQK-#Gf&*^lw)K$8fgmK%K1zSR^Zfj@+VV3(lx)vM@wI4=!Hz-GV8#h`xLK~v{
zyM|I2E2?waBlJogGCiq8H2`dk&y;s=b%?UwTYdU$WQSIS5aP-?%z--UcYd@PWzsc}
ze6s(Al+=FxL-?kP*#1vmVe5t4{7DB}^;EdQW!{R@ptvsKHNrN2yumz+vwp=2?7LR*
zSAC@<jug2mhMVJb*d3f85QtQ~{IgT`6~53Cr3d`y!x$-1NxQ7dvv@;&a~cQ5Q=X6C
zm@@!;LMEbyqB1%Pa9V4Qqg88cdlr~-pxEH^tWa&=1-gR8zlM`<$9<$ZLd_f0=P7VP
z3FDn$x`N!d4R&|>5FV6a)zE6JL8Xbi1Rjo=9uCTL;oo=etPrm~Mm*UHP82>WN#6d(
zECNZ%u6toKw8mZ0SZw6y;}_K9X%;qRTW5XfRj_{W6!dW?9ui$E>bakQso5Q)0A}oc
zBo%fv;ZiWEueVk&HuI_k6ye*T%q&sNlhTK4O14^tSqna0EKYC1ZN?6a+^4deIbyRr
zB#(#H{_^i2mLr^Bp6NFm!{gVj-TO1?g21Uu*wqP_=XS?lZ<MQdgYQ>3n-ItY(8~jj
z$-c&hc^6nE_P5yx4|$|Ibq*QiJv_n)r{1^^l~^GV)66Z-HZ9{h=O`zWz#StzS+g`o
z;i5CgoaoD=f9hlX@=>cOd6?f(!2JTYpzYzkxAQ)*{#wfCdv92d#^szrdCh6lO_$gn
zi>loB!=@d+4`fV~$=3<H$8W^V-EUCh0ttx0V=Kx|>#JAAyejz3gN#&1hpV|E73Iap
z=v&+?@2SUPIDV#W_y}ib4`x=>hS+~#!woRf8`Wz*E?@kD@-mZwQy~YdxCko2ed=)^
zOGR)aZ-%JN`eWC*U20U<+A46b-k`z1+||iJp3)ymH#^D?Ug`(LR2YzlEm5a0UCA4^
zpx&eCA7&Egk(H@!UV2#q0(>y-mBpW!yY-PzhL~BT?cMLN0n4s90=|Eci<%pq^c2RN
z1v9d9>=*eIHFb8d!Y?jO$>V#5e_ovp7qU7CN6-jvg!)?@I;_<|6m^raV$s#E@Jef|
zA)y9y@5C4657T6VHY+SAD1kGCD<z{VaF{Z$mnajsqlo*Za-$|9Jt#0IxP4d^INT>r
zsmje=a)Jt}TS%L&cr=?QHarUr3D8pQwC$Nxa-|s%5*}rI0FsF>+H+m1U}Lz)W1+xf
z@zsI`X2I7`HTyClF@EwPsx@6Z?>wGi(WSP+Z7<h91``)ufY2ZN%lSZ$2BfR(>a=Gt
z9e`}V5>e#!+8i~%X)}#HthqdFMobM1x?~uV*c5*0@_7VjM2v%d(%eapD4^djQfs++
zb@@+7FT!hR2=}r(D~~b(r*WP$x4YC^2<442n>efK@z-6b%bCFM8y0uk2-Ldc`wKB%
zD`Llh>ht0C)8N$^e2Fx0ew4e$S10|8-`XitC=O{+J^(IGMX2;2j;{{R+4zVeb4nq}
z7i!5<R9Ov)pG6ZH&uG4!MBbyCvkE|}7XC0s_Z&e;)-KJgSQs}bOSdLvWa_ICnk+zp
zUfUP0y&ZBAHcNxNwqSp$fZ{G?BvQGvNG42AHtL6mUIZ+*e+BKgH?M$wjQ8D<>kt|A
z=Dn6?JKEU+APl?*2b%1ZRtk~X7GwSsec~UrOi2pvoFt8KLikXIbWVQf{7c>zk$kJ%
zHeB2JV(o<#Rnz3NvG(0Cj@v@MP>)r+QWo~~DLbY6)e5`rioaAdQ_2bMzK-1$v_)6U
z(%P#x%PdTe4T?KS#xERfj?8uRlDgmfcX%Y@+{nky2|zX}X-M#U@Cyn67}(|c17HR=
z?wRvW^S4C;fDb*Ifm~1Y^|A_6I~P7O`4(?|v&h@SC*`l;=gJMjyG=U3a!ZU_p54?Y
zYjcy5`?kk@=p$l^bUuA>Xy_GpAUzRy{6jfMNA3=!@wNkD3B6CLvA>3|m$9+BvMh2*
zEe&Twyrug%$8_siKFYD=x9*<aUpTyr5$ki7;7t<WJ|s9vw|b-R!p{0cQHC1r?fW-x
z4hjR~zhXL5RnA+alJmw?DYWupMR=VVGkup%=p&~1XrJ~FnC#t~*+0Hk|3o>T4VC02
z{CxFg?U#D_lqLPaSE%6K)Q{V377F5Bgu$io=$w?|*yXl2MxDTLrE-*MAIkvGXSHL8
z9;e4arO;6ioFaf7V|@zYruATxzjm{`r(sU6UE>Geynh|~EBYz`T=37U?<HlB%w?CW
zGUvW)8mu#se>Tv64<-qx+R=9IXgI8R1^??pw9lUX2d=X%Cb>dF&z!PX?8i?>%iVAG
z;NI4J&qQId#+|m9Nr};U5{{N?zp@8;SQwiG+i2!L9sPc{F}uLspJueD@8Yxd>Bqi`
z&Te0s#fR3*wG1g^v6g$Ml>gu!*?TbQpRN3@fCCMsrrY!$EmnRkC5Wh|`XJkA5^k-+
z{Fwki&6Lg1Jr{t(>Coiv|8q9!@7Coafy-ZQxl(zqU1{3BQ2W6>=n>QV7IOf{<5&qG
z4i-M2Z0VZtn1Zd>_fj>!b5huFmDS1itn#~97HI7yLB4aInX!_*Z)(L#4LC?k4CY;c
zNC{;h@`GLhtnNTVCN|LG!O-RQ*{87U*wh@Q^WkiC@)}{SDo?I_EC-5|`&py#`io>m
z9~pL{_)Adv8(@piiZRz|pXG5Fkd`Q#MaXl-!8%z`WqMX`8bsv|=6j|%pjZLGkG)X)
zFZdf!xc_b0rNfRQl4Fnwj(Eh>cdhbe0t4Rn*3%Fc5AyctWDY}CDV0ap3J)C=u}7at
ztk91>eb#A>Mg_dQf3}h-+AhyKZqrdC+kU+sTeAcvXajoO)WqmPOmA^nn_xFwNqJFp
z`8i$njw8UeYvGKe7tb04&<D5OYr(Kvw{I^eSlyGvNayRw$;m0@PDY%Yb(~u4GQeKY
z{;M^s<0!~IR`oa9z`u<p#iB*PtQ>^EHsPNw7piGe)}EI(M#YS4ue<TTYVSyi&FpZ5
zN`)uJNeF0re0$Rrx0gP7QK;b{#?DmbecZd#D!sE;9|<4}V0B<_^R)E$MihPf&9d@)
zHKuf9el#81kyK?xUM7Ldwko#Y-ZXQGl@@t5w#**yJmVw(Ge48W|I$-vjT_fVF$0Tu
z;dxV)zwer*rQdouA_W6Je0{#wba;*;^d5}7n#@J3)WJR7{zCX2#!f3;x2ElNnG0MA
z;ryb)8_wT3&$J}~1;X)07y--pRm>&#Aqep5qS4Dyt$YDS_xgkZVhN7GrHlr%w3CsB
zXlWVU_<Nju>V!fO37Gztu`t{#<lIJEjBv5y%B69(gB7TD<uVzd>I}#gsr4BZUo>;R
zU@hYgt%~wB`hyKgNG?2LW!0peo%JRvD=BFk=rCDVgE&zlpQ8Wbcm@oBWAJpVr?lo^
zsGC-bindQi*2A9PLt4ZmMFUxyW;ev`JZ}vXZ^<RU&QuAw`u<%mIXZpjp~+Ws9291{
z5g5lot*;^zs8PYjB-Pb&T1t2J>bsI!d9AtS=Tjb@#{iEPDB0$Kfqe-}3a^8q$dDEt
zK64GNPe4eO2o`&X;KxBHN~vP%4ryzDIU4STXR?BM)z^Rc@UXv-6I2OdXd0nFXWX}n
z{NK8`AniyGoXYo7PcPenUO>OVZJ}wSd2Oc+V1?<YaEz1l50ZuJ(O_;%Agjo^?N=<%
z{MTjfd2TV%&x)Y8y*F>cgeB<#e!Ciy3St@;YuauDn3T;AWh9iKRXHnP9lX<FrpGEB
z8w2bLg}$mx8Zd(YCN+|ju;({g_!vPh_py(VTK8I_mcO?0)tk?KRTL&|z1sAJAw;F=
zOEXs;=&SArE=C#TyuuX_PuP=bW$9Q|dWQdI9}>x<yD*iwKzbP@JCZ)4`Jih0s|7Ij
zKz2G1kBW!IgLWrR_zs2%@wu|+ehOdS+*4JV(zeGkffn2rceS&gz}Y`=CH!%g@bA5F
zRQO-)y=7Ee;kGrLmX@|?ixw{h+T!kBS||?1o#O7nwY0btcX#*T?i$=7#a#oz;oY2b
z?tRZa@9%Gn@5kN0GGLEn=gG5d&iSl$&XhaFw$34yfESDw4wTtcMbzP@1K-(AL=jjA
ze^zdEHYo5q^PNZY<HIx^IxLJHPtX6`Rn5%a8K0|I!kgQDETg7v`6hjd7pv`Txhmd|
zu~__N)zyFWM;S#{@?$pq=BGx`7yV;kZ4c!ou?}6X!6mw`GN1PcAk_TZdxM0Cz?6#0
zz@1VAx#Z?CM)CJXR2P55M2HMe;64Ioj&=!t20<Vr$^U3olO9@xW+34=WH!vyT)@7T
zf1Frjh=P>3ET14@y*&=at`YFd75$G-;+1E2Fj96Kq73(2LncGS{y+c!@)liau>4u$
zzds-F+8Yw|A01vmLf((f4*tjWEZ~1{`u}zb%ttrA|Cbiv|5^P{l%vlZ9c9c1{<~q+
zKYtw|)V_gbqJ6A++{aD_|Kobr7a+M~jNJI|eO!PWydeQ$@&DsS5a`K&7(EE|`rW@D
zKKaM(|9jK_uG9Z+6~Gk!*AV`HumtIUa@8ZI^v2esWGDX$BTZHrJ8_e20COZ7r%Pbj
zO6Jo8I}V&vx#~j+6S7l=_)tZ8@q&BXht}wrX3kkEC04yz-4s60V#=Lf+@czbja{BN
z@oxb$hWN>};xwNa#(>#mQ^o9=_W(--DQ&#Q5+7HA(M@K_@?ozBB`&A5HVd!ygp8JI
zsa?Zi_XT!&tg}=Zfi;LVBR70pf{dHPyR7l=k!)ToSo}8~$?4My=XHoj^<zZu1JR^w
zB35sego>7<k6u>R`l<8TfVp*1cDCZ0X!z(WebH}`9F|L^z-%<tEmz=8&Iav0Gl24Z
zvxU8E#JqP@E{UP#FCRD{>^q=1dF-@aBI(*zw$>@zIzCct(F*<gRdoBVRwtGc7e8*h
z3AOB%Gw;h(Cmk>CiVEh)Y@Ly&?>UBs!ln6FH4yk`N$1;$R`XHsmdNbJd-pWuvZdG2
zJc+A(wtTmqqpy?Qn&$^AELJapBN`SqZG&Z+RocOErMiNqYdm17(Z#uC*c-&b;MB&<
zGU0lVH)Lh(#eHUm$P0<c`|As_Y5<3Nr}Ar)WvzGu3`bWHkBlw36u(%!fdXXeKO#z4
zj`+`beNl{wC9gW^h=_<OQZf#QKfscQ4GavNZ37th3Z@`O_on(6Kwk%2wo5@H*p2^_
z?sjw~sCB-#@KZ~fJx?Yfe<DvNmJ*$KwoF@i=xov;1-!WvNg22B^>x*6RWy;M21jL=
zdIdK-#1+W|Gr6`On)tGfxJFcLWOhJ+jU{yG^yU^o_1NyJ0T|@6j%&&J4%hWmkg?hz
zkbP2#l`xkoEGc4TMM7HoyQilQ1_^`7IJnmFoI7mMaj%TsSx8WPyv)-j7mrb^^qh#Z
z)*xZ(%h#{hVdl*85#SIjUiGyTy7-Yam$1*p%aQ|tbla>Gsxet3*>L2#R?M1nz{|47
zH+{di(n?#Q-$Yp;;y=p+n}97klpOKo1A~YdYBk2><)5^Mku*Ba5Ozhc-_U84OncY*
z%uj8-ol%ASc@2Y(8C8i}vNcV<E;(o##ah+V_YmCr^X{PRoLiO{vz3f3XWI2pI$$sT
z@)Bd9pL<l#rw?IA#|sF!+1zJGz2jshC8t(%XlG^T>qbZAU{FRrKDNFokfqp{7+6i#
z{MgaFrM$fkDp0_+q=6kM1<n8Q+o?B-%1R4ZoxS8gz7U*x`9m3(l(e+*!KTsEW7sfs
zNi#SwAmsQiLL~A%MJFH$nQzdru9JY?ZOQYWUjpKv95po3S=lNbX9=jlc|bAVgMZA~
zWVG1@_9{>H7t@+T*<q9TSS~Ap^K}tdM1h#YObRFaRf9(3HL(~LHg@6C(JXUDY=lY3
zv?HH+sKDJVQ38v{g>f?fUHn=UFV!_5Ep<2*|2SD6YKsfVCQX;F(~$BjdBS@qw!!ag
z4(`;cRk;|SiFu4*yKfTZ)}*@Wq}_$2dhEVQaUJN=jk8;1maaM!2Bz__mi`j}5K;==
z4InV9+BpOWVqRJX>M>MC=+yXzV80RS*rjb2c%_&?BH-e_^IEoOhP`wiPf<=Tf0$rl
zs#TUze7p%$0Nw7Z$za3zHr_r~;#6DE4q5od1Y^tCSN!CnzJQnYOIFSIh#Pu2wS!%S
zf9|=I!e=#MoWMRC^0?Dldbkh-N;O3})qE<!QWKwnFu{@o=V`*2*cemTy=KmbkK&O%
zVWhT0C-@_LdGmL(@o&Kg$+^Y*&7Qp<yTEdq{sXT^deb~gE(EU^IhD+nD8$gtf%A6t
zTCVFA57Tegn5F5p8}{SbGhJ#f%yV>CnqCtF+vhmJI)2*uFf=$cL(-1o_NcplcivDq
zv=^9|a@YXJgWUlQqh%ZgNqVNOXD5?4o`B>&{%gJ3#t3n{h&hdZb#yk9KnGGb8qNv<
zRiN1g|HHjl+TLBbz|2)Ej|M=|tDj8F_b4rNST*0tN=S--2m0{<eRF<lVa%7y1d{k_
zeXasJ%Sxu`1AlZlyizGJk8?Qa?~j<+vGN%(Q%Or4vl;eSM8m`crtLy-f#oXJY?d*8
z*tG*DP?6aO8M4Wk^QP7)!x+^IQH@6aP=ckt$tfykOGrrEg{3h4&<yQ;G)_{FRkhYN
zDEFQN%rb5vhfL*G(VRqHKBDEFQGJ%?qs9{!=Z!bHTo&{5H~h2B<Q8AMamx?&wfb7w
z?zr&R@c^uEwh)%WPFhQf+m+mEV;d}eg8>o}vH90vr?Bb#D`&B=x4VtauIJZg<U@ta
zsTUR6$#<gq9Jp+57bNd~1&Rj4Co+oo#bsqnX1Kyl&5V^Di!S{quBSu%%uCmdK7V$v
zDS(D^p7V!A$ML>esP>+A;4?1~xV;QEyMQKp7Q$>zsl|iBgQF<xmtu~#F0p$i8x8}N
zekN(KII`tRRbxGF`}oIgueJ3`0FFL0Kho^sdj8T805#qP)cvbVnV9+F<a$O%%L2*j
z+EZ<4IXM!$>1yCEthScNF+^qLUenNEe{_*^d1|F2lW>i({;wuF0h<uP0_&py76%V6
zSHrqVqSFuKyR&M%9b#*Ds@{4}g>@vF((rJ;<e~X;m)ZRCV0eaxom<==74>{HOI9+{
z(`9;x=Lf(jk1If%viZ4h%;+AYD65R1lE@28IiOQ9mBKv0uS}Ods2zEo)$`@<cqQy8
zusigDz(><cq_rBnPDZBpnK|mmcag}gUeX8n6S*d*T_+OKk`X_?%{5+_9r&f4k2HmE
zAe?U*qEZtx0Z!c%klaYf$^u_R&k~ke5H4`lVJ)=!i<#nluqv;px>)K$@a)$jX*feN
zx5z}UjIxDAHA;{K+r_z4A-IH)uRP5t)d|wzD5LV_%P*h<ZeGYif-C$0(_!02xLHRh
zFYHyKfMpOe`gUHa)`a0(WkbV*=`9`T#m&8r=LsFq-yfK#6z)%YLBy5H<ykzEET9y5
z*3F6Pz6azXDy_@>xXNSQP&};60)-FPv4j0{WuZy6)9QPZ)Y#yTI{Dq1+S-8>hJ)FN
zf_m#A-c7+=&NFz-pVws%jR&H@iL}R)9g1>_*-!3V&F85<ns1K^qoAWIAPy}&5F1YF
z)dnu1mghT53R;D~2xU`P<Wqy7fz8EI!EwqmJ}w4=_FTl*dv_0o&G*QM3U}9lYZm`l
zpwqf6AuA0W<;gurXk@zxb*kZKEs|#^8yj7V77TSM3wIpIenrUYS_cfDDUFYRd$81~
zk_52;253TO4*9u<8xHijr)}YV6>cZtv}Y&AI<zz_pA}@e)jo!i<N#+zX<FauXh1Ax
z;EXNGS$ooPXNuBA+a@2yUj+tEA#y?mt>s7Vk=S>+526DJ+3n)55r;X)$8v_oTPDK|
zp|0>0%v;ac`{PCp9DJf8AbrX|!edZ&H4E}|gV*d%msC-jE<mJ~ZvN`iFgjhwCIE}x
z6GEEN((IP6-}{VYh;ekfWZ|q8U#FzzCQb1H>M9aO@#Dvj>xHz#KR@2iM^<PtwqD0Z
zM)B?-lFFiRF0YOQa%VAfWfHcFymn5Nu8*S_%}Ex>KZrWrZn{360fSFlx^C3e-h~xi
z6RH%eXStAhZaOWd9W_V;sR0c=?F5X>xwr?8&J88rb9P*}Kil0qGF#g$k&rpeo{&u`
zX3p{}P{<1#0DgKyT9v(FCxPPg8lZjk&MqzE_gaP&Tzq`m#%8IxIXCvLbEl^$q#S39
zGdOmbq~j|;pTclfqdtbtEWiaynGbJ+N)sZ_=Hg&x*QN>p!-a!QQgW!pJHxf5Mvn(R
zOx|pK*ieD7OWuLG?KBCw?c%XkSEFNUBqd|-9EPCPIG3K2f9z8fTlY44)7+I48XY+c
zTZC%uzogGd_`X0)tVi`0>7;1`E_Jfq_v&$_U=PPxKrSh_cjHV4c+rOQo+4a)BH$R)
ztsvC=;a(F4_t8EwIvO6EfVR+yCpwJ3N@VgZMm{^rvde4Ko^iaNyl`EDxvZFEWN>IX
zO;J6%pU6n84LcWycZ{-RUZ;j7BnC;VTpype2s#7=j&U1HPxP&bM5m?}{`~pgvVXQz
z1?F6vdX#=axH8#~ZJ3w~w9#j6t>T=uP+q$8s->o(kwEoQEesdDnLlc<s$Zc2%ScZ7
zH2J#j!ycj(Z(QELZ6&*$P~7^RC5W2B^TA}^Gz#1iA0Z(wKHlQ-qS|OlwE1*bgWWUE
zV*BXV{qn>hV`>2~5Pbk>Nsm}`ss?KuZ1s`*Uhl2Ky{J3Ow|&D~^QWcj$&dVpjg-Qz
zme`DjUc&V6Zq6fsb8&YKCjEB6ECRDZ_OrKG`MEr?T3+W=yK~J+QWIIgfH0vwPODOI
z(&I`~0p$tsb`y-PQ<>d^iTmfzGP%9Nt-{Rb2*GS?N1fl-JQ<55?KSO@PdN+M*JZA|
zs}<Osg~)($@&i_k6A%*K8rNZDkCXFTS8KP`U$#7OhoiW_W%mn_61CcjO$ZOwE}$QY
zqio$$PZ};9WE9Zx1^lnX_sD(6MxZ-=4lpc&xJtoI;r39e#*bAtt+3tqMZQY-VNg)e
z=rXV_W>bXC*F8<HWn0@&8CBKzTp4b0?A~w%U_z#ns%o*c2E=S+4;~%oRNk+x@opxG
z{=D9_@U9@^##aB?HD?Ggs4j&A9Eps%op*M|hKq}9>b5C!S8h-bYt0g;zj1>5-7nQK
zdl_S#sizl&NsA@%7-q_(xJROOjzW`I*#Ijj<R{yP^$@z106lv_pth5IdEp_T!M*8x
zK@_FSgRaB%<b&~1OJ`!ky`Xoi$jkRZXisd(GwW>1cy<fjW}5dPhh|Gz^9?2HMJ13L
zGm<GYE%20CN(}^JWh;w=`|SCf1fTT_vA>jYlz&2DIxt4Ew5`a+q(#cD)T{a}wvLso
zJShR~j6eD#L*n^rS&8em){Kn5qG^2{Efas7I}x2BHxY6chqqyM%Qw3kS}ZqU3tDQT
zU))}G!&6B~k1ya~V`#{2VtKPf&uQwMcM8XH#*#Qn!yQYKkU-i^A-LgyX!@BU%b^9m
z4udM=>nfv~fp~uV_nPo;aRc=GNB#|9vkaARnRsTm3<IVt<#U>NcKx5r%wJJ%vb2}x
zx0h@9bD^5Lj(LUj>-K}e)~(u4y##go*X}(%fv2T$1-p^K@ygojQRAqf7kg9B@2(x9
zh7?ss7l?A6B8_I6QV?@Hq71g&ijG$()JS}t%-4Pnl4~}jI@_LqqeSB$u*HvpBNUt)
z`X%pdaV|<ePZ_=c<{IbhbN8Rq?NJC7$3r!?2IOGmgw^qAoYeQlnO~F?4?(f4Fr#9b
zGC@fqd(WgADkZeW^qdsM)y=#m_;U*~uTYUv38eruI9@gRc8$?tZxW*u`66n6Yj>AM
z&4`|xo8X`kG2_O6;chj1d53~Sz0c^vmu~Wd&Ak>w*{inwuXi}rPEmTCKi36kptucq
z*w^oT?_1afu++nZQ#Pk(u=v(XNl>D2PKsd36tBPdnwZ4>;gZ+0Or0JONS)368UF9!
zW#)vT=3E>U?p*2Xm*~6Van<LilkS^Nds97r(hC*mTl{!wRXJDD<guPJ4estJdOJVW
zKB<36<ZwrE&9KXP4IF`bB6zguUqb|$zipO|&}u12a)LEJyiQ|`r@AWfKyfAK`t))*
zk*%%EG%XNz75ueIzCiDJ|IITz#t-$eR*Nmc;U9)@yzo!Y+sC`pb~lV$1O)PxYp@y|
z%z_ir7&?X*E-0a#W^(u=cE&jL%5TFv)AXi-en;MBI?^-tvD_n0r~{x|!(VJuyqSa)
zkYiBLgeE>5>GkY?MSig-CA}9ztIR}8c5;IFJWQzc1SBj>b=<jm;QZ!peD`!TcBZ{Z
z#diL-)zvWhdW|v5aJg6CKLglLAn(aZ#jG;5T!%l-($?0DSw8XTyHkFe4E}`INa&lf
ztaBU24Lc?mjIDZI<@c_J2EaZrSz6@}dCU6MTIewAjqfPL61AT>;Y$5LeTr&}4F7^~
z=^Bj{F$F3w-mi-B8qxYPXe12+2~$bDUEEr7t?5P}v~J{zzx_}wQhx;+Es=adr`Dog
z>9ytu?lzVe3C;R=U*20_Tx47u_I9#0Zk==7Jxyt>QcXW3i4C<tB4_=rWEqA1V1rcd
zWE^cYBL#Btfg0nC2bosvWDM~03M8<Qf~$t&cMmpx{~Z@LnQ7oI)kN<OfyQp5yBmF!
zP35~>Y246robHvScujKtna^6<qxR8M9oIOJ5qm!zml$a6_xAh-o@<2?O?R$`iwUpL
zS>jz^;eF{oHDm^lzwKW;;JFYnD;(c-A4#;!(M%Xut&~&uKR!MCq8qqsGM(+y&bR#9
zMYR4UC`U4mEj|unz4SR+gq++EJyka6kKOicDK6;U2W1UMLYj|uSsuCp^n=frs>_X*
z!sEHY$?IT#em=QU3npOW{(3_uEg}_y;AN?mHreI{J2~N(y^+g&dyO8MtEQDEMZ{Qo
z;@e76b9pmc4<=bW-Hh2^08D(0^C{@}E#$|bqh*VQIH}$%jZMP_n5B&kwZj4b<o1mx
zizQ!Ea}x+8CYub|WmWBbb70~&X~;U)$e-Ll?x-eXp|w?A9bV{kA+rrDYg~4DhQsK0
zLD(F8@8PDqIw_03Y>}eW>9iLFyAht%_qF8Jf&J7=%j`yx9GDNn9nf1@BvA8IV8mfm
zeijOxgKueW(3{_X9;s`p0ci%MtH%UgI&6Mvb{`y^z$V`qNCyvIFs){p1_ZmMteNlR
zrl8`N=}rZG?Mq`!TPH@6#1X3kQh+E~{FROkx&D)|d}|(_B~>?mHCGaijzobF0e;>r
zFW8~$L0Y8G6JYttt(Ka@6RPmuGiWD~@l?VV7ZFW0cSEt0&n*%-cXk&u*hSHZKtdA&
z(<N)Onbt#*4FYfeagBK;C`m>=z>mH%k5c)fVfTi1T@=M;dTOmnito->JH~9gD~N>p
z{|L8TS;hVG#mtD^K9*O1zmGg$IVZDy&G65Uxy-r9ky<Hy2CZ(vEr!6>8^n&$8J{a+
zn-1c1#BVZQ&uKm`G@elSz36z=kglU6?H#xN=uDQ-lc9JXZQ_aBW@J?+;|8uxusdI=
zW^>qH?V(Ttvnm-e&M!mB%|r(b2*l+6W2U}nj`GU%L1UfWInS!LIgkF*;^JuGSL}Xf
z)?D{rnAaw}tM60AfayGgbz}(D>`**uq8~%YKBBM-Ux6h`B&!6g#fBo67AH>eEmhS^
zY|RE@8l%>z!41H_e+^5sUNKf+cF@%sTZu_d4l#Zc5#R+E-B-wR#dX-3{m?tZ@^u~l
z379J@k`udZTK2uD>j8(tmzmvM5!)AN^BNcs<VmgFE57+Ff(*mk?cP07-y)(#oz0T+
zCp=n$3V5zS{U_<Rz6~aS-Y`W)N229?PdL~byw-H2tIvg4UdxQD-SG&JLf^md<{o_4
z>5b`{Zqnmq+Rv?#Buk(_;*`?AFoBdbQ-UKLZ<hb&;+j2GAQ%T0fyVL}zu?BQ6+3PV
zk!UQ%svNSn(-mdf;!p84wX{xlhWb~J^4>r*z89T6rKOyS94SU>dEQ)Mdms^!MjbN{
za!ZF(#)|wLrLIwbZWa1>bJy&c7<C;QZWwH|2mX^sqYx1p`LoSi@6vWjMGqu`&aS7Y
z|K@~GBAXolH>yAqxBOAfu=w8eIz_^`5>3&dh=%ryEk>=c`$Z}sHq#%+Z2~~R<K@n9
zJlI`5vTlJzubFEMC~rt917Z6uw*|=Hk8qAMIn6cIG9_ieRxl2tx2|HmEp3`UF<omR
zHd9ktN}^+fR^^07hL^%$Y718N?JhwV%-yg*XcjIbSFFh(wlqK9Ub^}fwUa`>r*u}O
z?D*D&&2f)d;eur6-g}dG0EhH`az%2oVPiPB{mxAUnP7Z;;x#rAZK)RMB?HN?=V{Ut
zyd&d#eT$V0Mf<yhaSq76fM0EmHhe7*Mdh;S$F3v(lL<R2^7zv9*ZO?n_j)YI?YopQ
zPF|GX#OAGPG*9C)b(-1&#-hFmMbqy#vVQQQELiv|`gKdSmbEMLx`FvC>W%*Hud(+p
zS?T%FXRMZcssg@=6EVVdzJF&Kk2Z~*DW^<BqLa05&v{yL8tf9u!Uily2kCDLZmQ>Y
z^~57~6Nl`#ceB(dM9!|xZ3`13)@iZBM8THE^;PYTR{kOHq(IywPq()bKI8}*{M)-*
zCiD4Tn@H}*h5f*R7brd-^9*o$$LIL)5YjY-q|tb34NttCDHs%LqODpgWojGx@dH&L
z!C(3-0X;qKojX6Xe5%&0!~GpdpNQ0ty(Wu;Yx-5&@Tbq^s?-gAkBGjPhP>>Ml9Cvh
z5|R?D&N@(v1AlSjqP1TzoU0I9))P<QH0&@zyG_sI!p!*|_-IHT=Mve*X+O19TaCDb
zE^iXt8Ded0<#jV;<|Slg@Jwly3i|hg@o9ga8v0W8&Q%^v6^NL-3p`-IVTz4S_3O(w
zX$lE^b8~rp`8SGsZRpy9rLX+Hk@4$mquV6TNJLP_90BU4jF<qYX?h~XZc=@W6<u>`
zadViop)^^~S-(DWx;3V}=ckGB<1;nNRKC#Hy|JhazsY^8uQDiZhKDVo3z>J;R$6V^
zE(%p2(7yn^w%sdMdF6X6zQW>jz#i}aab-TR6d84exZwH^YdHP|97?yo4^`0G1Oax2
zB8}~i-KS~m>;AuJKkr<@KC;5n#&=1-o`sNdYT5M~PxPEKgI85SZ9@fXqd7CLeYYON
z-1x+V?cpueZIhdz;tq{7{#i#=->2f6AE>*=Xp^yw8iZD*rLImU*LY{5y0*iSRi-<p
zvv-msKJhXv1U(_dboZWkZvw~G@+j^@ArzS!TL_b}Cgx2ex`Yo-b{(@3^U(6WINwXh
z5(vfe@Dwi0z2+^DN>c#oWwqrL&I>Qz*tPoEpy1CwcI`PJ6Q0Ry3_|*Zl5FMB!hDsy
z4=q=oS<c0Z{UA0gIZW@|DpN!<)#VKgb@dAH1*$cA<eE4PCJT_~kb`B$`awa3`Vg5d
zjoPEtxI2HF2-@V3|Iz|Hv{OXWE1>ks-n{~u%;YA_I!z}-sgC5U%LQE>y~qTQhFqwl
z;c=hkt3=r;sXpp=&zRfnXFI;ix6Seo%IUsA9GW?Bu-hl!@99+U&Jr!BlFr_*5rPs&
zc1HMLY}sUso(1E-<+Y7f9Vz%zhB;lPh5@*xWCNK?n{R@2cc&U4h_sGG4p!Bsdl)>f
z^yw(tcFC11L69Nc2ET)i;N#n7=hBSjD(HaP?o)_X630wua`nlw2Kfl|``Mp^Fv$c&
zV+P0r0zx_#e-GMRc*b*W0hNcJcP6lX(AIj<+Pik(LjuMc8wx$~*ILHc20hQ-XdZtc
zf3o&*IFhc6(?H1jtWR~d*0E&wlMbYMS?eISrM9I1UFQ{Q9FyBU%NVy-k*Ly}rgeo;
zRQ4jJo-0X}3XASqRmiHw+5Yq!-<u0$kY<wufr5aV$#IRb^ut@gC4g)$+L1!i&I$~a
ztEsU?Gt{E|<hXd(qD<GAEg|=Nb@la6M$tZy@!AsJV3PWzm0@CGu@5@%V|WE+uN$mG
z<1q0VwR$?Jbb<*89Lkh9IXNA6M+w~!Bu{lc)xB=l6O^vLeJ~#oanpRk>v(|A`m=ea
zP5_|4l&#Z7j%smt`1j@O+H<xnyOlRW$j$OAY~hamQg6w^N&Kei*(8ZMfK(n;K!-YY
zZ>F(m78vK9XCPkTWTxENB%Aki^cGLc4ZWYa73?q<H+AP99uXf+iR`riF{8Qi1jkW5
zuu?#|-45SJo0<Y&sgvK!Gn!6blO;)SuF|jzaT4V<f14}~1haCRewE0alU%8{^szK0
zn)OfJQC)-QVoK`6hUoXu`b%3Z4z3d50%{2wD!X$v6u0iEz(*seG2W<0=I%|G`lzuA
z_*E?ukUmGzolO@|t?~?RpBY%EjQVjN7rb(mM{w+pi|<d~`7wY%+ENMje5h!FKu_F*
zpBJbqaW^(f8ZVfQZXHfETY$=~23+FYVxE>EYCOQgn^yI{S^BM@#Iq+&Vd1^owi8qv
zoz>#{$J$v=($}{;G`OS!?!UeZCnhv4)R>a@+vB2eKSe^K>~%1i_-wrcRCP3g2PAG7
z1~;i;7G!VrkL-SQ8tv@Mdbm1tczg0cG5P6Xrc|b9V|182|Es5~RlE(Tp5(~aE`9FY
z^p@Y>B`m$TI3kCHlg*4|Tl8NrAB#x0jh|B4%T>6mf!b7xW(bl~Mq*vQIqt{AX*D`3
z3`q%^=rWEuj<Or*T32{%AKO+zm!^rw!XRL+Y59X6B15KehP~4+!BmFYx<brsmYMWO
z7{u2kw92L`U7r;D@QY#@y~TW<0^#Pz^pN;l0oU(gTY3e^=VrkI{sDcT(BASWv+P;M
zg<1ajC`&5tF+OcsCK)G^;YVmzL)eHQ?rK2S_<EBeQ?eVMWQ$}BnA$Potk0I)NDJ8J
zkGr(kMJE8^SVMzbp*zCHHJGwOY2R_2ao2sm5^!x~l}995`cXr(H@CbRlOkR94V#s!
zY|}`A;6rS56$1l`JDb_3Ae@ulI33enj<7>c&RTx!U_>i7_=($wG}uh3cl}jX7YtUq
zM5(sCi07g2ef58xJrCgQpLq`p9&~V;bG)P1;^7VYoFN31dM5`elE+h(F2~28-nq2I
zjTCE47}JkxIIhk1v#wfgK0Q2qiT26pjChmb_G#LX*3Z$sTARCR5@u}i%ZZnKgU(t6
z2Egd{s^yBi8`BpCBWbM`-$80HZLKdt!i6ljz5>LIJ5o=*Ng6NofeCTWx9bET-DB_N
zOeBQotiHH07Krl0NBz^Y`c(#1Nu%XT(S*P6D(+SdL$b55KqFdpA-F};M)gT5jr$8D
zOE**`DxlYh%U9FIH*dT*Z>-ZQ7E8#*!cscoU$NTmuM_;@_x#x@CL2gl3gmxCqiA&x
z_J^74b$M?h9v#px!O*@F*2C+KcMS-_pBP#<lE}|Nx*LTxa=E7C<%g9L^&7UA*k>eM
z>S&}-+Th#xb@{AWiaY5-6_!P3F@;iJVeR^qDIF4qJdlG?N63}4o7#PQNcno=Q}4iu
zt#tD;@=M*mw_|E4E+fGLGmdEZj8=RPePQ%)VE)Nn>0mSlR!Sp?$!=d!9EixpOXav*
zj3&kclg*+fF4k^bHpfi4!`hVn3c$CfGb#Y-+9+oyN26n4Azc*=D260)Nm`rEcMmED
zCa4t}um*oqcO|^WB=wCcnps)NvbnXt$0}W_LkGzfOl{Abzg#|Iehv88PilC3E@!Cw
zg82vTm<8!~OLWqE)0Me=)xF@yXsRcQ3WOIPh<QP+?2L?MH{v=}aN{y@x?G7{zb~2q
zPKksEI$oL|)>{zYq`VqI!8^m-s<iB7j9k0t_7Wcwh!E5f;OaN*>tB#VXicfjmwxX)
zjoflDj#~g6$ZU(}o!{&<`ZS#a&$mjcr50Z?3)j+IIg!vn1;Hq^M5MM=L!DqgDP)4{
zi;3lYgJG~iQRRrL$J{)eb<3mp+-D@D#eBwkOmf2O!R-kx7@3{d$pZDG8e*ou5-KPH
zl;|L~syuWOW?`&+tD@`DdN8jDT|t>~o+iNonr2cZom%RjKLO@EGe1HLV{}96uaa|i
zN-S(%OYA%oHA3%r=KWi;1*^&|VfA=SL9bEXmnU)yC~xSD=m(Nd^7XpyB0W%WPjRd4
znuCI?K6#HQLcWQ3dkp?Iq-~j!MAd*CwJ*JxrxFwFGcr2dpZ_&CS8kd#TY4cQ-MpoR
zgQ8ekTmUb~=y6RsvpTXHkG0&~pQUA-Kvzb=K>6tu%kf#Dw&~@oF-?4$8i`6udn+47
z-uY?p+@b~MLZOz?o_T*Hi}idq^Ltgnvw3v!bZiix7is7ZijP6CDn(sTq59}1o6@)E
zmI=1!^Wewrv_F4Sv}`v4v2yzj*uX_2hEU^(M}^T{c%%TdYK!5$)Rs|R@%dTutp|cQ
z*S%71e7VJ8gV6DCdO13ssBP=NosZjvxnX5Brv7U0e3I^=fOEQ26@ZXnNye7-T#8qH
zxwdm?t*<|Daf3Xd1G%wc!DnuF4)aLoCHe&?{kV~JEXY0)Yi+6Qmw#MmI>ul?sJg%G
z^pd0zqpcxS1ATcz2S^n;O0)v`2#~gZqh1A49cy=Y6QooeTvA(Zl~jbmg5wz0hUVa+
z(1Wd%dEvWhdf0?pi@a}x-pvhJWg7EGg-}AJZbSsdM=6x$V#R`=v&%JZY3&}VVy$g^
zAz@59I%H8J-O8kV&Xf>T{L{`Z+s^JIL#eUMc|%(ct2t8}vLyoMfoKetI$0pwRz+-Z
zio!nHi}QX=z;4m50R1k$v|3$VLl-FhUUZ_Kr_c6IzaVwd?qP+ZS;iG~c@TgYF<KI4
z(#R>BDZ@VFDSYzxvOw^wfBNSPrWNe?-bizrs0x^3Ez-hhr4o0Ap@3mPJq%2eVt8;U
z=xpL38UxsC@WJQb7I5Cdl;rZgyqei6kLLD=8V657g%r+8sglEYrh%(phdq~^9Ae`d
zoKFhJbfc3vk3gez2}TyLa;IRHf6!zMVoJZ0lar7AwV$zG##{IrgoCv(oeefu`%XH)
z#{>8Pu3XlrAK|4Wl+ZX@1$8=Gf``pe?Q-vuxyt0R96!RiQq2iBK62()jM`>p?c+HT
zL6%CQiQm3`!>Ll;2@3NpxKNd`Yuukek9DxO#~$2$j*NqSWxrXup5S<NCvCB}=|wVc
z`eG5N6i10h?SExw8~oC4H9W3|g_|0y4HDDUbb}2n)#9`~<|5AR%yDSeX$L;!d^dI2
zY!?xedB;t0`Hdk?vXoJag@DNmfnysbVh7B83s26EJ6b4gF}GS8c`doSHz&Wl_|0ib
zD6z$!QObfS*qEI&t?EN_b5WIru_HL+>?|4Sf`#PvAV2>GhgSKS-A79}mpuYfea1$7
ze@6+DZd1y6ZK*qa!!sE9a2M_|NTZRRA%*yaKPe|^^ke)SK60nG0EOBRBq<~@@d7J?
zEoni6gHk<Gxo!ch+!wingN2K;0Svd;D9C_FNQINOBaknzs}pg2Yd~{qU0(X~x-UmE
z!&R6xY%|}nx@51ievTAk*f<nB6A7dj5$}I@BL=4S&<?TTG#H##OSoP$MOkD`mb4dS
zzXA`8qzP9&ke)O)>`x&iq+~b<CrjPz^D20vnEk_3SS~L&OL)J|?e6~d{JSW_8LKUe
z*qs>|h!hBk<ay#)r2L>ee#6!94@9ha{-I}<#~OtJHvo$7`F@w<#*6<ax|-FmawS+i
zl?UNJP4UYESeahB6sSzQAS7-Tmc81Kq{AcP=8=TAYNcG;<Z?0>@+zLk+$WoLc%l=j
zm8{QY`q$raKccf6PyWOM+ZUK*o%t(B8FHWG+LlOSXre{7(T9cB+(LJQW!eL_<Uc?K
zHp^I@9T1B-7Klk2%{~<i*?VWU4_<sc3wQ7hd)6H=Yk^^I_aqND!7?K=H-T)bXn<j$
z28a32O=+T)`%WfeK4%>NFyc5gle$khHu7}=t(g1s*%ygwSNIGD$0u<7vbV%^{SK$$
zt)nfWACBJxFumY?IZA}QJeTLH>}``d85UNQox8REx{S=rPue)bR7jLQ#-*Z9tL!w4
zUJ!t|c+DAg-0~Q6SV*Y*saM@1c)91;yoVyq2jcl$PSYLwv0lFXgu*`gM;JLlVWg_Z
z&~VUwfVii{d`WnY_k#2-FYy~_)}Po^WaE0)<c*QOt=O4$^R8Jp-hM;99*_th%3H4y
zO-xdO&ryEoPe3lG@nmNj%ErhcJV%pkJ5EJ%Eg{R_-OTdQ8K`5hp-&G#;o<}g@KgnU
zayXUH$OYR!+Af?&wb2t*ox>W9z~K1&M0oD+yTz6w@dXiNleoHDDt&P_w@PDfeJKOQ
zXw^hUYi-K}Y|?u)DkP-8se*!LQ~5#m_zb~YDEOx$fmn$?<(Hh+Qi)VUuf^g#wivYE
zNQNS{-H@pNm~tW-%}Tlltoi=_;wRS!uNL=DBsc+Xm>rZpFtxZBo<!RibvMrDMw~Uh
zU<0fFwqwPDe3Il)&j=48yLGq;Gppve-<8ON!)Y8|w6P)5lCqtB6$+HB`A;AvM}+#t
zR>lE9m&xR0K`#Oyf+w9>0{h{N%B63h-2Db7W5p4dH~X#l=V8#m3;=yU!+Wc$$>+GW
zEK&vS{WGaZ)zO*uKHZs_t3P=(Us#J+5R7d1@nbX%?n_V|cuT->f8HOc%{ZAIJX%X$
z_LS<BL7Yoc8ZY*mTPWhA`~X|6x6%0c_k)*bXVuEa<cFdDvQ`oisMQe?sKIF`K!nG~
z>0sW(IAMq|UpJtn1ygLDJgjdJ7(L3GD>YipNYtW%pT?*`<w?7gK2uy3*DSpcR1k(*
z2ull0jRgjz;>Oq^dN>YBy$LjblBRiz!eOZaj1M5-Aka^T0X&VHHE7jacK6pfBO`wX
zHy&U4p&$B>nsZiIZfQ6F{UC-A#$j0ZPmg>OSsnK=T#`d9o<XVL*Y^UPE19v5`^Y(t
z12vet#zbiSOjJp!zJkGw{|aSP;GPmXdnv3z|Cqh<Utw4b@?e?LL*p0STZkLnCH?y2
zJ(oUH-Gs7-{v7jkp74K1;VL01tyh8KKv{^&aeK+ya$^>_4Wd=Z#R0ubuRA-u7|L0$
zgmc{%bZ^=3LaPAi{Rv1{sP!<O$r1yUu5uxxmqyZv2D3B|IMnKE7`!y-9hP1YHW=9Q
z(C<K#ZD2)lc8SM(8FQrp5=#8ukbHY7o~C;hS+7S1#MGa@KbfqCm_i5zUYmQ({#+vP
zefc%`QZkHvgOxu#WXP6GM7dP^1wdF$mSt(ROv0d;&2A2&Wuz%Kx9e$<?dkhm{RZ2U
z73k_5<{_)y!2!ZW4`9SMoiKxb_84j%0Zz2-1(Nf<>Cf#ymsi7V%(;2e2E>1)w2vA?
zQ;i#~zkjd1lo^bn4n-9;GGqdJKBI)Ei3*X&5xL*HMBl}(u&K1uu@bDGH5MqDefip2
zetGv4DJaAGs5D=@2J3VS`jMwIwBkd_!q57R4E{3Tx=ZI@e#=4|5{XZGF<)GC_9_Va
zCKb`rD2<~%&B@7I$s=*AbR$SAH{{kY;lJ_h2DmvS(54p$?n828K%)~`y2)6F$)y!Z
zMDN`hoN=x><X7{cz><UYJ|VEHNofq}psHIbgsSID$dd&nDLML$KCZLCymI-RN+a%d
zKqR6&#VHstmjluTXuSFLTTANi#?$4uSL}vW^raMTF<=Ofpx7u$NVp4b+(8R7bH)4D
zRf=-2d~de3U$FH3NsP^{4X4;^%w@@INsYRDftjV?KMib9lch{*i8x@o-xfob(7n6K
zWPZ!1s?TLh<#XQE>^mg^tuk7lIvio}qu%?rzai-b%EL)O(!**ppY2mOf<ep|a-8=D
z;1-Y%ui#l`JuC+<r|UjmqN74Udi4P|dBI`hko2v#)FgcF{K?;5%f>N&{mnr=0O0P;
zd#Byx99Y>d9GUP6eJc3i+=J^qrtKGP$FnZe5CZPERxa?*EBhe~N44Ey{4eBMt?0)v
zJWko(FZ_+HjbT49(U>-b^&rZrEIjBF6gHnfHygZ(j-Is8x!7Sni0t(IJ%sAXA$FVe
zOe%pHA1;tW6Kksc2`68>gr!iWC<K7knVeSa-Yi-}dDK$Wr^ZU`d84Tn)SvyHQvkNj
z%PurJ`Js&S;fHRAwZ6UCWPuP+${er#wWkC3KLant!UN))ek7tc!gP;hiBt4nfmYp-
z#8zBdN$-A@@nm?Q8&qAT!#BQ@-s%YF=#fn{giZi?uwY<YR1of9XZKg1+bekR6Llar
znjSKi$oY=;&c(%Lwf+?eE<nK?f06^HoEO24iC_GYe&c$8*8rZT^HFN+BG?&-rKX2~
z<6b}URw-L!KJK*5S87Iaz1aR$Y3SR%uY~gZDbOBMs6pa)^9zi%e%1pa{qJ@xJPrre
z2fh8%dGOfx0J?CtH$hTku8f;9%hESmZHwd#a3=Hnzvo)~YV%&SJQyVy7zwgZeiIk}
z`u#f=A3whxTBfVU9EAsWB-IQKXtG$D09aI%dKvF@iIUHDb|_fbQQawXu{I6@F;UJb
z8(DUVV~QE9gM*Stl7EsUbCmUu{nv^;NyGxe!bA(&07VD@mOOgI#^xCS3mVN6Gw#<1
zK;dsP({%muf@$|5vaz{f4dz<D>I?Ak!MwC;vt9*Pn)}rvaO+2AVD7jeK3(ehm?q?t
zvBk=01h$P6G&}?8<})(E?qs1456@uGleP%`yz<Vjgc)La#Li|rqrM*6A$(zF4KR#9
zX^fu-V&2Srn>Ga2XYL~DWtV%N5j&q*7D-pI7rbY?va7xzeZ(#=VNhSgjbyH>xT^b#
zTf(9kVim>dPmpxFJ=Ax)J7w;B<9>4|`lu>c*475B>GC@GYMWp87bVoz!D9wzb8^Q1
zl#T_3OgcHR3;>tVSf0IjPR{kMfzA$~?4<4te1=D0iD$9JRoR*JzTXfeTp_|puENL!
z197OxplZ_+wOC;3Nj}QlJqKNGEq-M)AAb$lMJ51cE0*HCKZSZhc^zZT&DTYf`X;ix
zXJsU-Wb0D_j%#!@Nl&yMposKNDwW<Y>hQ9zw2NF<<<G%yY`&1L<~Lcud^+`d#!6Eb
ze)OgyZO`O2I(x3grj=ac)c4K<`Rs0`wZ7Y|CZaBOh#H;=zOGFUT@;EJ=ln)TJ$B48
z48d}}!{fPl`wL;2nB}p6_er}c|B|$ckH5lU%)*_^46B1wutG9rNc=<RW4R7+?o{El
zF%keMPGK$TT~o4QJ2pM_K21#ANCe{K0r#R`;yUHwsKpei73`nmzBv+8u{ujiT1a(L
zyn#)d?(bB6OKx>0AX%t+`VS0WMZ|hL)SRo*IwatqSN6UDN%|ql(9TXG#x@XZyY;``
z-tBv!IG?OiJrcA``u+8!T0Ct~*~az$oz{EiqjT+^ckk9@mi~@Y+3t-r6NiB^GqnRS
zawKpE*Cx}9hh1ew0P>arlCm+9uT!fWHs~;2prvIY=xK3Tx^9nO_II(H7Uca%%1-(t
zb*1$4H#oK}Bl%}2=29pnpa8(iX+uMY_=l<+sUP8Ke4V%5I!{3~%AbNy^!>=+>2r4z
zvKJb-VF2t0N3m956M^LJ7tyc!dk`%y$5q*E8g}0XqE;QB_rLGZNz?l2%UmQ~d4u@J
z<0#bZq+_T7qR&1rSU7}MrA+^()FaZ+9rNg+e>LG5af<8)CEb37YUZbO)d-7=;kCk7
zGIAn!g50d3?1wN+Y+>^p%W}mg=H^BxETp$)`6mkz*t1m^Dttrn2N@DMD5?!MkY(H0
zY_JB)KP(R*3EsYcpCva7!({1WTK7#gS-jLbxpjgiwRYvOvs$VtjLb>^XvX_da%SpR
zK!&`c_D)c{+0*y<_~UGop?`l>>0IIdV3<_{fczLo`1w+Vr*MV7TJ!4^-+V@35YOXM
z?0h&x(0N|YY77nD=zrwEIVhM=yeZ4PlA>RZGLYjF<Pg|YZ}L<+sTm(!agU!T)pkST
z;*23TyU1P3O&&9U1;oPBdd8x>^!EIefWn~-s9%CNhhDQjN9v2YE-jEMC`(%H%(w$6
z4w@Pir$hcP!i<>N*`H4K)t-6syQ3M8q}J}ZXhbci3Wk49_?}qV{Ac7eW*R8VM89;|
z<52Hos;H<ui$nQRuRAP(QG3Myy7dY`BgcxxML<G%VU}-R%Sko$l=8o@a1=nS2iUd$
z`JPh^uDrZ-PHKUa0z#wJBF0T5&~nKIMr@g;FO3qLPXh2Df>sOkbFgKYKgH>5u?@o{
zulYc$lm!unxXy(^R6uV*@stlZUSSK=I~LdV#NGebCW#R(u~O7<Jv}{uIrvLy|MPQ3
zA4dxQOhU>@1VI%;LxZ{__M`9D!65Eoe1Y*8W(4?ovWzb-0J!;Q)X=MD0DcGflDQn2
zT%unI$&o+PoDRENbiBkglQ%_U0IDj}vdCzz`PbLeZFd#S&W?!aXu5kxMGv^8IOm-0
zI@m&-OcaQ#**SUbYKLe*Ii#tH^KGi0xhH;c_Ysvo3P7}$OsHB|(6!tnUi2BVRGTkg
zftXyo-YqtG;5!}p2i_4+{ddH?F5c~@CL;dDK(f%*-^cP6G+G@9!RFyW;DUztY0XS{
zNC3K54iGlA>sy)*$~Ja67U4;c9WU{$9-R|;vh3BQZa)*Mww~z7)+gPi>mJW?6RTQ=
z#&@k7G))uqB_59*TX+ShYVmdqD)8EP+)gGC!`6UGWt-n7`f@>G>+)?%LLjo|=)^i4
z^4px#O8+?ERluNXsupsBL4R`bZi|8l8VX-<z?W9xEZgnASInROq|B7T0uC-5#;X|g
zCEL0F%Phe=lgbXtWIT3g*m=+jQ(YOWb%nWlu*QO|R<pWc)=e|4H0M&=;RWwKZ7HmY
z0<zblfQ0gUr-~y!ON;10cM3pUkGltsC}%R5AMKAdkI$hCTz=APsn;l-w5f*|_5!n0
zDi!_H`_=kc28%2oe)~ZJ4FZ<(@c35%gw74H6<DsGOiuv>yyLc;c1ZntI<XR}xYTGi
zm>eCFpok`}QgFN-!NIhs^AY5%!BOS5T$h2~0zV&PD1#W6nMyM9s>6*!yAWAo;ZIbZ
zNah-gs}Q%uJDc>DLOHc@abrnXfSyibe5S^{Hl)Q!bJ1KXg;~e_ejw&EQ@XWNzd*ej
zj9tm`{Cr=rKv8%|@n)~ARe$Jm2Z)9^$evsntO6Pq@OM&e4QGh60>}EELV~Id!pM)|
zS5K~bWp1e<y`dxwMman-azvx94=ehVMnf`+jYdk*7%0!uUnS0vTzV#PXKFHKi^XB+
z@piPK^+D|RM)<qB%#2d)hNE7veh9~Hr=2NX`XUijoov^2u@b=7^~OaFfG>@qS~y;^
zX{Qmh9LC^?+EDuWF-ZPkOX$H5doC91{?eh~@EOFC!SbxZx0Lz$xy_?xk3R=D&CVy^
zEmX?P>PW0cq|yosByP)HcmV^ZAf=5M>nR7PNM-z?$Zpy+8UY}uvs+y*KvOCC?8m(1
z7Dh?8Q)F^7T8w(i-nq0`9+3j~DG#I?bM4&RvK8LunHxi9E%IML>On-0vU?S&(~&8{
z7NDH~)yf|zeVOyJyodh3Qp#-Ts?ZPsQRrT6*)zGDcv&pm(huy=xug^r1g^ei)hoZe
zS>2GU@DR?^->H)Q&<W7vYScJ(XooOVX`-3hGq&GRUbj@S0cUXfPqD-<#P?nMIX}GS
zGqgss40J(+lU`!hWY)5nAw>K*Us(??VP|X5%n4=yUZGFq80SSEUG(9#IvXX9BOL*z
zyUpk=04(O?BRmBg8TX%!<&(eV6KbSe=q&Gbb;8G|-?u*YnA)MSJ#1i&w^(Qqvv4|C
z9Qk|mRH$fEnkiieGfE(wJoWiv=!k0+_aF`Emoawo_fm`U*%tewjAgjblkUHJds!D;
zpf93kNbb9nr3Dx6cRcK4fG#TQC?&NNYXL}qjELyWsoioI6?T?~waE3SMeSAXq<5C7
zJr6r@o9_TjDf*!JNp5mg7QA4enD^>MBr9^bmX;Q?UHpCIPtwD~NS~>--iPu%Ztldx
zn)NM}zP|!n44QaPb{SCchvHe5|9S$VB4(>Ixi?>aFvwzJf)W!b8MNwiFYfazH2zBq
z;C=(~dqG4ezUOTTe`7x=;->SWS0+_h?>iRgTj^Yl(IVvu(|*Nl?BE8FKEy6x(d)2?
zRW2qmXhgFDY}BZR1*6s(_2x)wh&&mF5Y&of3}UFDSS*L<BBdEQ16VH3qoz*D-tx-n
zpy9-u6U60tD%;!(=#|hJBvVbHo_F4Z>(My=&<{nl*4ipf3RQ{AYxGI%SWmnG5__eW
zWR)8bSeg&=C~P>o7)y}G6)LWdcv$kJa)bE*HF}x{g3Yq!;nMWks$IMX<5>^Ad+VXt
ziPKSPioC*>-wUxRCuu_~fFl0w@KkvLXs*R5@PI}ZO8C>WxglM@G4`?G;6tr5hNHw*
zur-tL+NxXJ0P<q3l=fXIxRG@1Gs`5iqkCAF<7RQv&dyFGNE&p>xwhEM$KTD87YClN
z%eDJ*)Arge78R&I>P5_(duf5(Xds3*pq0~N9;j6559addId`W@=pi#!vxT)~Q!syt
z8(!oXx*s<9VjGW$&7-Pgc7)DN(F_+jrb|9o_H{y3wb_o`NQT7NE`_RgHj~6MxWU4z
z+TXHY+a<W(aM?#htlP2d@ThY^!%KV%_$mRqYKH2B7`w#!eRnT@=rw+e`0Uy)^&90%
z4>9ygG#rxw*MuotcKQ{XSE0Q^0{x!BZ&X|?VNYAzvWP$Lw038K*gDT%WOPF~x1;;6
zZKQLF<PQ9_J$yHMDXh@C1%0PSF{~+!{-E>nE*_#&pns$MN%Px7PwyW)Lng;{-8zF}
znU!r%d;0}Ahvh?(9Dcb9ArYqw-YU%GCm+0_VRg_D-en)QOT@bFRX{5APk&&5iN`3t
zT<&REahn&H_p#+#PvCu4=4-?!;#aQ%0kYQbyYPGtBUV&ox!%;p>XA#Zitd)I`3jwr
zAE55GfK?*5?(_aCnz8DjFQYY^DGd97z884me7#>k<$DMSNkto{hpECX`z!epsI8Xj
z{b^N1<f-&O#HvjQ^z=`7t*w(8|A~+P<#%odbh*oY6v(eMf=BDObos(PeRRBdKg8Z9
zuz6AfT-q;eujKX#<A_J3Q<)wnqT7S@sl7diX*a8YJ9Q9Hw%f9w@zAJ@)75Wo>;$qG
z#l07}M+YE*S3tUTd3_z=^I3>h^|XHxN>vtB|14CZq$46L?@<gL5E%Fspzntg_`fzv
z$!w$B4z+jojy9XWc+Ay+bY!|%JBUI|b_Ixn0H^U~BWUB%eT>b$01<ImbM7@d+Jn2N
zLt#Q0a_=7ZJ$wnX&P@;v@C)(BWB$j8aR=>YXM$jdl##OHQtd|SL!MHdT0DR=>PT_J
z1e`PDHDWgikd83V*VjLc%1@SLz1lsY-u|6~YNQ9f?>vT|3*Yh7$mQ65gQSr&2#}iP
z1DPiv008uben66&p|OQg=LzS)W4z&6Sd;!yc4k;Ob8_-N-u$#{Y!>2ynb<r7A|)k#
z%eH7^oW>woTHue_`Gz<<;p>mtzn(AAn|*+qU%m^5sV|BKXvD9DSvFJcfmEaCQ_PO)
z-4f=d^S%v`mtt7TK`fZUNO^zvZH?utX3+7p!thE7Qj!D3#V@ZL(H*(t7O`@%EmW%W
z1^qCuKquDA=>Q<4T6HM)c(ediZqly;s91SG>7FU-vrYH3`-0BToDK!Ny~qXGEHyEe
z3Kf5%v9MXszdqpg(nZ)QFzV~H!=U&;m0*6|8{fJunO&rqug?7pa2i1X-b2JU5?PHg
zD?rBl&%EZS?MMI6YuhrNBzEj?K(-2S2zqiR*XtFt<yXeP`~|ytYl^ZSdB52HVhg2_
z*?|m--V+&7n+Wq%K0WS=Vqni#=$^#Yxhz~dSxV2v#TY+vqKjuGv9+~zKEFnP`ZS2V
zPBA^7EPt|)cw*&VC;Xcg$`kL_`)kex{gGP_89Le29aoGeX^0QLX!e3BKOZ;DQPmc3
zo+L{=>)J$4mbdM4W)2SQHC!(ZR}wXi=>(eEL0$!T9XC8y500q=XfGv@k#+Zare+%-
zm<|`4!vWp$_Gk;$?H${dH=)^3O6z3y1*~EVMDsgZWQnKd9q>U$vcfRotT))$dw+n+
z<dLu50&2~ZlUYpixIrL2|D1!e(S?@KunKEx2RI<ACsxztY|W3PE|C1aR%Ce%I-V;Q
ze=HFfTRiZoByhx1=Gj*i<h*njaBNRb0M+g*LD<jLibjC-GM=y5dPm5a|Ix)_E7cdT
zIjwo&h2LzYCX+!|`ICI5ER?WRuF#p2SC0a@d5G1A@y)g4k9F?n4blR^%#EJh-cLN-
zzFD;d1ctJ!YOCLP@P#^u1(5?Mi-(uZ1B~B5<=>}&0@7pbtX^rcF8C+^O>)G@AW%c~
z0N5hc9p4sICzeiO?_kFVILPtT`%~*C{q=YzbnPX?OiV)~Za5TCPCrLsU6DPs03=rP
zHCD)gCiCy^ZV=gwR|&PwXY00!38dk~NqiV{`m0+BsS!`yz}5%u@Ut_Az74y+cbz>)
zDy#m|3x85eKi|35$d}1Ta}A<9m0*yaK51xz;q_Bf&o+TyAV|4>Mn~gJmT9133lK6O
zc&~bO^cG^lmA$g5ft9)GwVd-1vmiiy?;9lrD8Bv=d+!<5)Yi6*#s=F4o2qn`0MeyP
z7f~Qo=^d2bL3+oAiu548sq`+rgNpPfy@T`;LZpNMA>^Cc>htdXocA5$J7=8l{5a#u
zPy)%y%38DB<+`qW&e@ia*KzmKU$YQELZ&7xIhKU6?fI+72eoEC0Oe8NgAs(6y|j*y
zYM{+@R;uHRWiByS!rmHn8h=w&lzbhqDM0FFj!RkwY4x8cl0oMWcWU3Ogkl~P=m>RO
zlO6aHn6T4%_ticD-Kh4!&b_UB(m1FG!c-=egb<W2?{lC6ez<K0rtzx-vt=&`{g6o9
z2;M;Q$xoo8gOQ8m>oM-Y7F-A4;i9^k%k*5o+NHn^MOE16LeX^Dyy02xq^JZS1uppt
zv|8_7JYRw-vo?VYc&_9QFb3x1PE92>?eQ9)dW&l}MMWnvmuoL4*1Mc*I<$*Uc$`HL
zbx*%5wqOz(KCn#p^o%XhDUp5n5OSB_YOX*-^y|Yv(`oJK4{<L#SNVO~B$N|x)2h(g
zZC#C*c?r})H@_E4KUV?RZ-SKl``Jy+N;{jaXI^m8_u9LxaGGNGNaHg9*rn3-a%!_f
zc>nk1_470qHWP(>0N^k5asZN{AY4G-QvcgL|JsKgsY1_f0M*#CK^2PL2Q?+@<tx@$
zvG|gg3o3V?t=%?4FW()wp1Q7Wlw$FneF%6I5OMK=NeO}EYZXJ+ubp{PPs;e3gjM#-
zmoKf`LixHf;Tzfzo49W{TdY%g9H??KS?{I{N&{Pyi&vg`r|;xBo$zR(7Vx6Uls_D{
zgeu)IfdmW3-|-!_8p>cerWmLhYY;sAR;z|K!SeI4TVJ?8hxn_AlsllD#?0!;1<U8^
zGS>Ui%AK8^35V-9UY!jW9gO`(_kbhz!A;62nU?^|rs@x;5!E|umR9e5P8>u3XSe?$
z_VCf#rzRrP-E_Bjt__>nYP`rLx@l6#w|BGR2aa=U@I4HWV1i*pW0c(o-#PQqQOZo!
zXYDoO;jWrE0IvPW1WT<^C05OCWxUOw2ZPH`*;x5s6;?P(W@BYN&7U~?Fr%o8#t^{L
zZ$7p3(8yfMVg|Kl{<ZErM<iE+*W&qzOuLiHcngw*@^6fHkUs<QqbH8K!8aAh<qvqH
z*I{qsc$AvlOe0VMi*1fDpDO%=EuN=IqF0>@`zS!%aWUSX#is{|&L_+Iw47xL(I!UX
z=$wu}S`sLGFVz~6fYQ6?N}Kt^9EHZs=Kvg*aD0;9XZkW6q4Na{UbjXr)7MgG<nCnY
zOf@#yb0{GYZQj1rcQy;gZg{I_>Cjwy`?x=yiTTy#J3wR}ST4gbn6y`AaVVm9*y?{X
zB^9_=P_T6eh@HRgf|jqrUh8>y$5vG}_2lA=SoM`4rdv^C({*m7u+C1i^Rpmmelh!z
z>-IDm@_C_yKF?K6Al7~Ul(}SK;a0%t-B8mpEuiu0Gj8CjjeZ0`QX)*{KK20F@i_WQ
z%}OV8o}Y5M1hqM9&#;5|Em9y0*vB1l>j^q%A7G~{lcD|C1Io9@#)Yq?XFaQI<flIH
zAl7~vy6i~1?c>A+qdE^K-p(lj9MIxaA*Ty4-a4R>$IDSsYvO?P{R~Q#l=f?x_OE8~
z@3<LXzn)aqA*9B5iD7)~Ve%eO6x<G2Vd}(Al&MnF`pQn%NILD^@)z{YUGfSE38#8$
z9d}cw;+7l<-8+mo(1=MTS8J6?H2%$0*&p4q>OG_nUFm%i`sG}oYs;J(n025mAA5^_
z#M#NoZ*~+J<hF4dkQ?)A%s`l`*prf9`@X>=6yqYaM+AHZGODSx@Z<{O)UW)s%4+0@
zl?{JzvGM3~I}ieca*oPBu6Df5S8kmM>dR0n`AlSOB?_*3Z%zCXs2F&uk>kcQR8VvK
z_@gZyLB#grE7V?9d)K#Q@v)k9Vx~D!T!)~xk-vm5>D6Fa`3P7X<!M2N2vAGH2h?+&
z{Ki0c+NN@R*0k`Lx<tTArqkDGE!^;`u<MO|S{g2XsBzYpXZ^ZngL|Uh)MV!^4U(38
zgoX(W6_5(v9W#-=G^^g^*`lMIBt<;HYjP(mj>tK0n1djVI=W2DeLnl#6QCGeo5je|
z11JYZv^A=tsM<C_ku%VUdR60wdfJ)JJ`~*jeoeqd&}p{z70CV@S6jZMKOFA}@jkdI
zF*T;nF|@tCH1Rs{y|JfAx!ZPYx1Mr(B}72l7@DTkzhlDOrurGQj8dQgxUP`!)(=^n
ze2#6Ww;SmcyVHAc^t|SoPx%S@_$Id!{pW>s-B&jxt#kHbVX-O?<}iq$duu}LLd7p>
zuke_B=4I_mv)B?s|4_dj=U=K=R&t3y_kG)pAL*@!9rEL;d=RT#-hp8^Pj{(v7I<S`
z{U+KN>mDKRBG#PD@5jMPYlD7&+~rQ;<Eh7Zp0&(B@k(I_8WDh1-_TCv@R8u-BU6em
ziIdo$sp~b{KQ)t;1?fc{FWH`zO07QYM(zJ-z-MdR4MI%97<WtrI7U$35R-$KiwtC1
z*f&;5%jt8SG0+HvRCUWkcDrTejfnZ#RMJwwQI6t0Ow)DbzGq^x`#*!yg3d*tax|*-
zWthQUZVw52s2SVmY*ygfX0)z|!{meLmAWU9B)D7v6q00UM#|U>6tfw4tOc8#ku%%q
z@j0->JAY^Z@X7o80xe2ar$*xg>ULH<MmTjrY6t>F!noNScl(stkIU)1<EHGu1>|BK
zR?gv##1+roKug~?zaRA`>(qv=nC;3pXZcc#L%YU`xP-SaKwQxJO`RedzC209RUc8v
zjp&J{TTbNxVIT+!-p{=osKI`JYLY4fieVnjtKD*0lP4Oo@N8~YENV-5Jk+`qD0Qy!
z*1CDG1J8aT%1XDoyKC^M?mAF29RHY!{{gawubI%WtK#Rlr!aSSJte;tVg3wDy>&*~
zVe)0oSV=2ik)e<f?)hgIsrb&pJx`R(Rl<Y;MJR9ycJ0JBpt9^8xQ6lFZkcT(*RqpJ
zo1Q+?3IRh_7PiH;?I9wJxUW(Dz12$l>|QCm*UXc|`V(bF9g3HQR=5p#;%xc|b2K<q
z_nY6RKVo+L4fQb3J!y78fOXt3<?^k$a<09St{SL?czu@_L75Mi;dar%)Tobw(~2d3
zDob2Tx`ZrH0e9{aBuyBiC%9&Vpxt{(9IF!CY!NnuAkV|y?>5^+W%u5GrR=PkZKBue
z>=}2IIAu_ZXy_8xy3x;?p7cJ$XZpL!$wGABD!9iS$MeT@6qJ>}&Yo$0bg%~VKH?&W
zL}j~4nYXF6SKEuMkI<Y_X&#6}*7H3+qHkPv&}T~)_Pbs@)4+YwcWexY$CNrP>g=tF
z7-hb%5Zo=U6ha6ya~x$YC4uE!+ChkW^_BxY5U_R@r}suxv(K#YdrFFy6+5di$*rLc
z3G?2l*+U*Brl6gDWAEjP&&=GkI&Nj9YSnS(M5L1Ep$e^%kW0~;7<yITVeI^D%HFm@
zjpbR?WVv(C1LHYHG~{=IjS#;YzHD@EE0;Obh^A)Qt!2bs<TA-!>vn(=Sa!Yrf*30y
zV?61xQfj<?7bx#@9|&Is4S9V<JEgOoK=GX3I@|^oKA_faV$&aBEzGxWL0~Z02j*US
z0Fymv&?B3!#eOP0C2%G9G*wspfP0ga&&!&cF;ON9BA}>v@%AF2HcR5t#p*RDWAMUT
zP=o`NPXzb4=>}A}e=sthbJ-r$E<Ym%q^|exlz#Bu=OR~QzR@c-O1`gX+6EY5=9{@^
z;W06fv3&srTiL>^Nf!XXKz^$APl{c@q(}>LqWCZ=b5;KNubY`JV6S|sO!n&ObHnQb
zmCqj>`ln6O7;F4cG7;rJPTiTm8%U64sSoh}09un?tBcw<mu@m>kq0(O0XrR1k7?-%
zyzJIZD!<D7a{Nf_s%W9Kn1{_7$Zek^-X7D2FZp9`{pqB!oN?`7=Jobr9n|~u?6#+A
z2#h}DogwPF+|d3fKqS}8TSJm)rgRDol0kKz;l3ru0_v4Umf{VG<2?QH%O^q0D;sYv
zEO&ojLDpN5QYZT{=xdJZ->B{qciX*9>gDzJJV^Ahq>d&i!M0hnv8KL(De)7)auO;;
zAy0sSla>LB-rxVSuaYFQ#HPl43()VQsTE{#nIde7mq16zC@XWN-Jfhuv*)eVE}qIa
zx?SOQF=aVPKgF<OsOLd4C>_w^G9@ByVN4zo?o%1{XX3eV4)DD%6|=q|>oF`!9&}T9
z#|~L8(MVLYK5JZXYWYJNRXn=n^H`CF=vh$u?503B%-G{7KUK$b@piGKgMC$(VOd#r
zBuD05{RV#;^O(e!7eS8#?YdEuF9U#uSee+oT<-?ET7F-Ny8^_BGRJhd@5<&5>TKPs
zaaWeRiDchD_&%`c658F1(&fHS5LZ7@Tjgy{Z0`RIW0gHD`>dd#ELb1#5OuUN1$R=O
z&qa(=2V4#I4|q^$^Qipj{jbnL2N|TaaXLcP{0Z);%^eq%OZ?~0nq2*sm8S`Wcp=*r
z-uW>I!&-CG2m)!uM&7C$-p70Wq&kI^ye>0{eqOt?vcY@hjpY|MmGtM`x+UV9^dW2b
zSCQ=`vIy!V8XghnnWrj-UbNHBcjmU%hRQEOzJH502e}gMt5jy3^DWBPFuZgumpZ+@
zj;+;(Z%ot^RY{`d9hyc4z4$CVx$Msi`73zITuzx{Bj9RyV`H&OiZf$gOcDobq(<rW
zE<d?u|J@NYdQf@929Vu*OK#rYl!Q=!ZTLNve}F#(0{G6WFJSkm4{>WuKvZCga{7ba
zl$tnD{Ed9%7m(4b*J)i7t8ff)wS0ccChoyZg@>+F8b8@`St&DdC^BGzYXE23QpfeP
zjR-$2&91S6r{yG*nYk-dh*9U>R)Nldg663w9NHW=J_1QxcPc2Nr>Jlk{rbI$ue9_k
zpH<oO{;1a{&3`mLz6cz#TzwVyDac5HwjA0n_VQMNvQo<ujobD@tCD=$4YJ1j4ULU|
zl53DaqSDeLxTic<LAyxm#k2f0THxmg<x5|o;K^uyQS(oLT7jUs#%)!K$B3jCsoAB?
zQAsN+uY3n9+&j={FMn`I{UW9ZCXo(Yx^BtB_TnhRZSMm;o-}qcT+qjbWb|#16(+E{
z9C6lj#ZUUhj<g^JfI^`Q;~~;Ooz4mnt6J~uJz+mI2jk(+@_hpX1E=&06Y2o)k4{NB
zU1<<*y3cSoUn6lUXHVy$aomahhYugrbE9}6*REgZi|>E=i~N7RhGgE|<1Oez##|%Z
zNC3d{e(dbr`MPV9nVGq?zy9X{-W*iWP;T?S0GIh=!^7Vxo#ek-os4V%Pf27({`XgY
z{jT4^zH0pYYySS+@#p{Wf!BW<Uw;j<pFgO7_UylZMRf4h*Ra1G_WM_h>;E}D*?$^`
zFdY6fa=@g~|If6#cklm@QP>OG1mz}_BiQ!seka=Vf0FxNWO(*ukc|D=8>+03XL~#h
zu@R>C?mJM%vOas)LHhAQ<^{zoXV2aHGb-Zkx2&_LGm$4JfIIJSDofP*g7xTQWE1e(
zlJHvYNlgq`G5KqWQb>%#*T3yfLwN00$UWts@BQoNe-47gNC=2MDa^H*ziaoPx$0SW
zTwJReY|MNL>B%7BuSFL$lRaeJmyIa>$F>QOnmN7G7l@_=#9kL>f{$(tWI5KcJ)G@z
zs<uBWtc9BYb2<8`mkCJ{u|m0~;w>?^SUSy0b7gRoGz<VX{rf|oHY6dBtHxnHjO24v
zqS-&c@EYe%&l;pGsb0Q?Uewp2jxlJj<1>%>KM#WBg_8Yqe+LLe`3BiPHe~=hP$>ET
zvx5j%0D;`u`0>$Td3n9TzL|k+-cxd-p)qEfEvQK%U+aB?Ck|a*Y;;kjBCQ6%0F;j9
zwS{9--I_X~+QRiJWYOwQ?fw|Pj1L)9R1C-pC$FZ^nz^j<ozkfoJGJSutqS(igT*(F
zq2ldc9$_`eoxLAXIj`j5*d$R#$aKNC?4Ib~S^%^Dcvvddtp9yT>T1k}2nC{L@r~al
zYiz>0v_PF&DDDK#u^Lw1G}GgC9<turVyBI^BVAwVHJq%+zw37G+sc}*jeJ~{E)X&j
zJ1&`6zp7{5{-#Jow6xYv&2Bb6Q`_&<wZ<C1nbb)vsOM5V++7}sNUf(x!A>J1%~(85
zyjDfC1UhTIqBD(7M70|?WG5S~(@*MMg*tbNk1Ch^Ba6)h{nQpWeBLLn2IdV&K`>0Z
z0kU?+x;Z12ey(XMEF-)=zTUZt%ZhKpUJq|IVq>UCA=m7$fv$SO^<n*Dzs*X;dDZF(
z2Vvt{UzPTV)Nf0+<rVI&{i@w)<b-~P{N-4vq}C!|>IG3cXKaGH>`0NlxR0L?4dTWP
z=1Tw8{*93!n}+1Ma<={3l5ItX)gBw}uZc*5z><{5jLuVONQCygJ5s3<R3Ex3(-i6k
z9t-*wHU%b#$im$hmTa|sYSbH$Y^12Sk&%(brp@p9sqE|h|1hk1cnXJZHvo$1jW5AU
z7mAH|WfI3xV*LDyXh!D`0644-D=<YB)1p`IfC3G}U?punh9INTIZX?Tx6hag7lHC}
zJ`h2vRq+ulsponn@ROdj+vHgxpObYc#uV30RJrwSsL1@(r^Z5~M2#cdSS&pAsqEZn
zp>vamz9%+Ln?qef;ktESz6QE|!O^XHPPvdY64BhPtChXL4A0ax5E{!oZ%+QUbP8GL
zvl~}+(j;4Q*;nbhbw7)NwH(IwG4`EjD%PeozcQqa4zUYk%Jb;XKEE%pYkc~S!G)gX
zl9KG8d=T|_N?WVyb5X-0cF`dD+zWCG`j*SLxQJZbFyWApFnSe9KNdxnQHhRBJzrHn
z$t$BA+$C;|T3pN!X!q>2tK{I|Fp$YAXv03;MxT^y^u9kcEhbke(=s~%sw~6(5;FG!
z9BWnrtMxP%khP#>S2abVXj!^wKz@;pjWb)%cESXrz+1Z7<uixRl{)j1#eQzds9Fgg
z)JLBrU|+T|lE+ejR)w4BjjJ@`x9_Q>o>cCvc4s{ItAcVyT&Ane^+6P?0>LI~jv_~^
zazDmtBwobp-98>&(9j@}I-Ap)Z(N?l8o)0nbN^y@dwaVc6C>ICs3<pD{srSAP=m1E
z6oR&&pPv_Fa8(7%Hw=7wpFv6OIb>VQa?z?_i&=<b+BC5?r!$_dngoecf$x1DhaGu;
zq0C76J<^H2j$RJe6svaIV}?M3v`-m=H5}D1Ucp5}RcP^Pla;oK-!W9M{0B{iE4?R1
zt)WyxqZ3F^;~E#(jBn%nUc+iOPGQKW#?ZXZQ;-@`y&|3EPKI1SmDudZQ&c+4i|q6#
zGRxFDOqA6Yny){b*Z|e=(aPjh%iaRtrn;55lY~aW_)gujuAZ_ipRlN&Vu3X^O=uN6
z*mCRNGBj1Di66|Sd3kxmp6d#)j#icub!auN$V)m7y4;f}OVJkLso%fJ%huK1y<Mz0
zmR7>%tIW%*hO2N-YiQIsaZ=LQt`|EA>u+b%SB2NP+Z4U~5UkS92IFg{Iddm&HCZ9Z
zTZH#Yz>|qU0Y2d?8DGEdSHdky_1;R>r_)NF<etpdnnaEUj2G1bGZm8=qDromdY(f=
zp~%F+jH61gxJe13pn{yL7=GGZo%=b%<8AlcoWhs4^s9*Jr>DS5p!NHx$=n5*`{bKJ
zm`1|%<k03SiB(#$1KuEeap$905LDuwn#f|irkWZldVQpIkI&4<&yU6UCP@JuvnMP9
zTL<LU_T%rGCY$XuINtImZ;tcJ0&7?Kb)Tv;ItAhB%&Uf+ZBmUKEpSW`H!sO6x5f-5
zc)eUltfzN&3mmS>kc!CN;si61VXA3UCtxTi!p$e0RrKg{XL{hf^te9F#6gxtmPd;4
z$m(jvSg!1IyUoKQrmBkjl5lXjit!x9I=oHqGO$(omb-1LKyL$^?Rf7M3an*nkGewY
zV@z#&J@QNxx^_w=As<_e*r;gm^s-(Ggzb24H+;N%ST@<<lo$QN7W6LoSE{E43>mkf
zpuD4@klN!0$P>RaAz+6W3z?!RjMl^VJ8d~96e{S^dM3m|79I*iZwwEb1{Hc7o|&FW
zv(ZySo0E%rp41v<b&Y8>y?et!W~8~>gjW|%R%v#ens=W|H0{+)yFvA~{>K>(lj4^|
zBmstC8A>>`aeBc=60f}AJXOyeAEc^XaP*+TBV#rU-?Fr)?}kQ&Xu>mvc||lsZacHK
z`8LQHkK~%@!z;GOikup=62x!ax!9a)DeMm0YDINXM2_elx>}NRFFvZ=n5ljV)d!nf
zMPg7ZTWSUSVK2`^wiIB^K3+_W7|pHEb*dPjjl<C{&CF+~FUIO-*<D5l?NTeaLJxcJ
zR!LKjt=-e(!0FErHzZlqCJsr3#P=+{NkoxDG?Wl=DngHs{p9YR9EBSW1A38)TT|s}
za2KLB+YxQwa|sZhD;`PL7%?XK_gqxMX(e^YqNCxNO^x++4WtK7^JVu+5XLI_$s)~U
z?;y<DAkXYvx@uDK2h03c?B1r|s#J!3zX-WQI-k8$gP7{86cxcLQN92@Gi07t(fcFP
z<8(rB0L^>w`81&myJFdwD~yXX<-y=9SKRWz9+1xI+~Em=4PFswQlABFo}+M1(g-h#
zJa(%F{vxheuPCZ~l{|$mG%n9-xZGl5<Ls1))6h&&LVJS%SEqI2a(C>2`DOCv(R3_Y
zi}^Y$@Jke|s$+|4&AAQtIdWw(R*oKSLWA4G%J%OrvH?p%AMY_UQxf|}abCpC5u!b-
z02qs9V8>}R+Y59tBu<svPI*3R<}0<P2GyjW8hdA&t_u|x2<%p3r%Q6W%t~(pOAm-2
zt*tMlH@)VGhwB2=Ql*2`qodUgaNRGpM5!Uyc9{t-9s6k(M=Z3ytMB{HHGo^c$^cGz
zHA*Qx+)a|-!iYObnzxfrsDFsJ!Av<gfP1g*=+f2fW0}}tmXHBv7WTcP%e_Y{hLYQx
zN^QwUjeef|10N1vl5Vhtw%(|pDOO3YhQZSU^B+BXRqiN`7M{JABEUJn=P|@8F4r3t
z7N*hegqx8HY!s{9^KE9dWo+g&?LQD4K%$PFqspu?0t`%$Yd#tUbArrEo1$pC18HWO
zq5l4{^={%~3-@&4gK(+ya+x6oa+O{A`Yq^+HAocA!I9Na&f;wB(p9o-<5elUfx3dY
z5(9JPxmw^8?FP#-(i{in`h^`cG_PAz6zv+Ud8nj_37C{Amb3O}8uW}5NM-sT?kK=@
ziVc`yUFp&#`BGW~Hz}wXiavf!-j=F%niH;?YvktI%>M8pLzBBr54dpKzJ_zY#}n~_
zE^AY8dR``fX|K8|k7*_3xhEA-(};bd$kAvhaw_OS%dGF5!iKc_QUa}zQ`U4a)3*;S
zoGhZ!(rtANWYG@|r}Hc+Vt_SnYe+rVL%>wljq9z1Bykq9u))LKE82O!XTnb&KJx@(
zNSkC8zkOUrB%AWU8PX8}leJ>)@_bt9-4}*@CKnrvvp55FR&`B>V!{pCL0ACa>+86F
zAq=Kd7jKE)Kc&Fvg?;(fMAv%X9y1<&D@O%yaFM#?)@X@Ixy*9Gu<nUjto!;-?B558
zLPc*j08Xzmn^)P+d|9XT_TtpYeFE*Ic61Z-eN#ZDZ6xZl_L|421`6XaF1uH@?~(0M
zU<J<%BB37@M~P;OWA=A6a`uZBVyA+>f23}gpe)uZZAg;9WR^MtxkFd{*kb|wNqhRb
z!5SJGX<t3%fjhbk8|;`bA@r^-Eq+EdRf-vQfk(G(`OG7His*1g@?z265bU_-B1C~9
zZ^k*P)O%g6ZD)pg=61|Lz+_N-$!$5U?R{Z*d`cqUi25p6X-`F^`47nY{BFM#KfFsi
z^*9UA0*JEBDrAsddpa1dev2!PZEJ~CUBo$D-)_s1cr{%6lZ*yTKycsAO+pLdTH<mB
z3FzMHBU`jDEQ0BdpSvw$G!SD)@KI1q-OQZyD=1Bf*E;t;jow(FqcQ8T<iN)?4v7b<
zaD?^4^6a1+osaQDo6CK5F5A*M%ODvU+3lU8!_db_<E~Bcp{6V4LA5svY-eX@SXZD&
zr9WB!ul_RdMPE)loRswQlr|rYqvI3!d<wGV3<VpDxiHaES`SBEp_PucIGm}+D7uDi
z^4m|cIYrvVUiHeR^k}EJj9`y%UOct=mEClsf5tET-cVp;J?qUm>rXB-b<5rqt_y7D
zOOGl!fUCGn|2-j)ZK+2;K+NZ*VSCjS()ay+V)M7XEYkkmpwR~fPilmnj#Pk}>n$`u
z_(U?tk~M;f8N?tU8wfwVwH+;R3X;dnebl>@54yLsVHJgg#r3aAA&<~>26e~QFpYvM
z$+-&epPlcjusKRmq$Gty&Cd!#I>H!zYU-ftZQ-}VPp)l8*MiLun<UEG_Bg>J04lL!
z<vxA|fitgIVD_UY`MGO0MaI?oaIF$2N6X!P)!4<%*fbmwU1y$3nwsz1Z+?x9kSGnS
z;wiOMSLj`xqMdhjp8hNWr^6SKn6^%<^3I{5mV|*7CrvXrOMhzpyIw=Q!p9kqhkZVM
z$O20ib{+!CU~);TjtMt|ra`_PgF8HUi#aB+TL>y>c*1R!MO4nc+pf$P3xV=T9=+@d
zL^6UPRN+!UqbbHa!~Ha5OYLXZ7@)g-&1-eS?O<`~VAQmc8ulhj6+|rttrzf0X)h~M
zDKp^TzahP<34@})39z>iV`7#PPSEwiN-Qw974EmdhGn^Tnr(N@MZEs@?vb++-1QKP
zn2CNa6wsvyG95+uq}Nt*;Ua3b-qbn5RbmajyF1dww3=;u?1h*J%7wD4ZGAec*-1^x
z@qx8poZNA>&osANx0n^Ix9|y)!vu`K#-Q^NcGbm~aX(@`XPQhaGfM8#Ixnn_nl_)g
z{lvq*Ic#g_s6omI_>D3>t|W9T+xe<U>^Hv2uF^#|^kSJdtSyFijs=nsE$;OW+J4hK
zk3G4%I*vDqxik8XwAabqoMr!jhSW5?e?Yk?_gu5H7jvzE@Z-HkQU*MFZ|_06iLpk}
zWkyDwoYLi;e%rdfZwL|h<qaX2#>5~?3|D#@u%SI2Js#NAq2{<H?^56CR~haWb2<S(
z`fe>pf;Fl}Pq3&mtA3med`~OmC5LITas$#>yy?T~b2~8jQG@WbErT|PF2Bhoyhk_6
ziNUKSo4ai%!^56U+zB?hi;;$B(u<aL54E&tG32pur(rF#fqgVx9}t<oIJRX!>hu<R
zcyM4dvk^SmbjXI@8engUxpxXe^PB)zZOH=E;6mi<DCoI(PB8x{a_$Z{Vy-RrN-;S*
z3)%042_Kg!5PLa~ma9pwj6Rku)T#8TP1NB|c9u9e?&%$1OYK}vA4+gS=V&9s&>$WV
z$R_c%|N7}HwikOM&kzQKASW_1()>R>h1xFX3r$v9o0cse__v7|)Su|WG+HlwKC;<M
zwxta+q7%ktOZqV|r(R|l7MbnEh2<@R@RJf`PuH2{*k~eK%?6@zQz?NLu5f+VNrph!
z5h6KiG^=|O(<NRa@z_1ojEZ@C*zgt2Hrtl|&<a1S7`W>WtMWW~)aTAOlFZl&;Qf+r
zqro;XMM>J)^((3I_lZcnwV$4<g~CeqJxWxp2-!j2yBonv>+1@4$FcpNDMz%MXIp5+
ztuk4|gVegO^bUkDi)&YfEuJ7lY05p0zq03GL4IwUv)Y^`-Q#H><++yx%FeIyb|Ix*
z#;*o6`&nbMv7YkppPfr-s|p&+rW~PjZR0!V_>Qg<x(+hY4hM}LF2|#Iw=jMmSK@r@
zNL8^K>(D^sU2{0Ean{R6&Jn`d&8ecuzSl#HIt8;d>oxM@`2OofQ#GyYCmu|Bwp^(3
z!+68?WAk<%^TYWh?HGn~C=$CGRca)f$eh)Cv_Qci{X_m)|1+P?ptK~New@Z2KufCj
z*66l^?J>YD*sP}4hc|b><;mkiUDE8>ZWhE8bna|#cYXq3)Ot8!jC_x~ucVXj&?+zJ
zv!M*~$WFa<=^&HdWL)i0eL`KXQjV_s)>p<<>BDNC;LWkO{ZfK*W`{?~&c;&o9_=5W
z286xn8?U~`B7dX3xcMXwD!IG2sG9R4AWN1P<fZyWI?Vc|O8s9c?vW3H2+z1-Euk$>
zzIxx6gSA$mXd$vdDRS(uz!6!rZ9W$Z9m!X}4_5V!hK8r!(ylfqca9;aqCy^1Ff5Or
zKp@2Bxa=7xFJDHIix=H|3V~C}b26UXSf=hT*m+JxFa420vRJOaDKp)Cwo5G{Y;y=~
z-k@pR94HGH4A{60iy-?>)I1;$uP|SALcZR05$F4BP_WyRuhuU8!J{iTQ&*u~FU+lt
ziB8(t-x+LG!sp>X;cX9cNhxN=CJs>>mG<Ymv`dbnz-kMeuq08xzy?Rt-a}P5$fKIH
zQqB7H9YmZm`)fs+Coe)0VT#35z&m6ld8CgnumFj;vu?hgNsxnyrSA&8*Zq5P>oa^2
z37o+Bs)^X$g!!%pJtt(k&^(X{Oy_sQ-{3q9c6N8QfptHd4rh6joFBOw2+=S!*uRYF
zs`S%xuOI|zR=ggAaYa*9H0!r>42pClG0Myg<2cUF1mJpWMYaS1=9mv|=B-*!M+h-V
zowShm8k&w))VJ^%=a?qQfGQnYdE2Vgok`q}qDJj1y8z?>YQy1~9UV6r!~-={3_XVt
zvU95H;wH8;cj4}6gIs@qf35fa`itd2cLaljT05~y=h%mHi)^a4C!|VY&2x;BquvFx
zVZaSaqWw9+M%PO46@MYoPWIax<UvND{B;;?btSgppO*)w`#WCNNTCfz{Dffj<iqNz
zSl-+ZL;b-CFX$mPOkbNid114&CLwX?kG@|wV_cFG19xLd8dK6<<phYfTVApsbsT(l
zzuRMXg&PL%wbJYllvN4e;j(l{XN5g~C2qp;2Zw<kNN&f*NoNT;HAsc((5|Rg+MUw?
z+hq4x(0c74oD9t~J9K5wN34|w38An|9%4&{rA`}HOzlC~9I}O(`C_TsAH-XUjDEKX
z;yt=<#3-H?b=+t*lYKiQqc-S7rDr{=T-E#{!1V5;so9Mb;O>VzvG=;Oya?$TY~2Gp
zu*f!&wTigFVQAbhY@31O%eW5usy9uPuXizB%)DxQa6D73twY+H1idyY1Fv|rNNrvr
zXf52H7}4O{llu;qr@h#BGhwO<Z_8?-?f<<G{mHZ*!)iZQvf`h^7(m2w;JzhwZQ^m}
zh+Fg93er2HQ91##zQ*-a%en0>EzAS1vuSA|PIEOr$!X35CWoQg8gpYW5nbBtp)RLt
zkA=2c)Y;#VL0nJ@4b=do)*lp5lXT*8_HyG$s}D|*%psXMvIQ8)##DVlp-zFFP6_<`
z`=t*|x;C3^=}K_b;1qQLsO>&&-@e!4+qI11?R?B!Z;9iNx5Vymz`uvXU`M<CGj_YK
z0<b}6L$A!+*+FV)IwdEvg613E0C=_S?P3z_?tHAtc>;C-V#;R5R&{oFYf6_Kj2>Kf
z{qe&~xrzv~Wl9`LFA&EGjlM^5buEDhdwh5?Bn|+Xf{Pj3niY%vGr+foRTY|Y6pZ9E
zHRBa6IY#(!a2dIMTd)gP{=Do_fp_VLqlbIRZEM0H#uy0Eyq-OI2C}}sQTbq*<kABd
zmvzdK^1v4A%Ykkc5|R?`KTzCV3|HS(%Qd_YPYx7FbzssJc6J^q!G7GvOllWXNFYXv
ziX3KVogypJ(~jL%9z1-KAuZ*)X&S#=rs#L-Q{ixv(_9r!Z6u%}M7YHG!yBq+;nwQ5
zMVKd#jvmckTJBDkHyq`SiI2|#W6*bxCS@(K9zV-lKf@E+`hf_|^cc~)+)g_x6c-d8
z(~(FY%j6zL<h3Z5@WI?<)MacVeas%6bU8aB*@R&A_0{aqm)Cuef#3jFVxnA|=r190
zoa#5gSj2h`_D>Qp)6lq+%tib$4-*rUq((tf-Z%t;VUz<**LNvO?0)Ku(^wgmbWUzD
z*#1Z;&TXk9?ICu#Ti4_JH!_CX?$8nVEf(8@?}2c7$3H~fM%PyjY;vJ__qMOa^5}Do
zM5HF13)NklIu{Ww{QM2Ij`S7H{%p_V_hZg$z?rhl&|F^m+BszK(ffXW#YM;#8vse=
zPMfF7+tqRDW^0`{w|g&%C8^Q&(!g0M(%*K!mmvqNg2`=sH|0pYdO#A?10nPP{#L-6
z1h^DnQ3_Cq7R_Ns0@$lrzp{fF`*f-#yQT@493jVv0R=|=;}+d6YJnCR#jj0QufeSQ
zQ@wmor2MuTpdh%G4e<3)-R2wmvd6v{=E<dB)n!>*IA{X7#aWb=<v3n*AHFmnEhQ~l
ztdB3)M@rv>aTt8vzT_~Ak=|Gcil><2owORNO}MhQF&3Z)a1&UC|AXkecE`%hu!wlB
zyCri9o`t~X=ze|%qIGfnbm}HfpuTWc3bK+_;jGYakD*{wg}F*#U4?>cUXA3tS}MZe
zeJPSCoyKaXnb84rHYjX1&jn8esS$|+`^J9?_}XGOGF`&TX=>8G_W>{B{M3+HsnWMJ
zWU_JR!;oXYG{{jKET{H|&kLTfJ$B1C=%Ks|k_64HjYv`4u<eg$rTvD?MA=FX@Zo~F
z2RJ&n-8AuA*FNu8yul;+7Cpd#+4kyhlGT``gw!}A53x)zjdcx{;ScL>s@**}-#4WV
z59d<{EcnajQY4U^j&t)@k#zve9;x?h|EqH*Bc#0$nA;h_eaCjic}!BLt}*Xzir-UL
zAAo0qB~J4CT7-<^kTV%Ez8<J3i&Q@h({MthRLqjXk7K8;J<9fpMmIy)VCA<5+PRaT
z)(`9Nju6!`x}6|rYmMJTCQkag+ZN=cJKThcc^+q4`3sF%P85D4bXL|FvV{n(T|}#$
zGHNVh^|frAU2jNsGt>}H36kQ^vU8sH&8m;H_e^$L#yE^VJ{fZLaU-^CjdTN%Cp6Ko
zO$T5X;rI?RUBIx2VZ6B~JS?pA8v`KlxHw=uP3lYZDs|vX%gcGZtO1)9J;bPpsPyy_
zs4ebgZ<{YjHunbBL}H~))6QbO{e1E*&bKRFenrA01TdlRvv+T>0y~-lx_3jHY4Fo2
zNe>&8voFtz$`&v^8|dp9@ag7zz#RDx$|ngv3L}_@4L(vw5P^db9`@W6#of7`F$TCN
zO*Sjif}IuMoww1w*^ka(uae%K!ygF5qf<n^Oyte8v;9`q+m|1yG%KaErTgj6^JITf
zC^*P)6s|-L8|KLN*)1&5<nhmNL#9i_JeaN-_Egvj<fwdGjgiu*?227V7kHH<7^vvy
zRjgZE7Qt>^4Tzs+92gC4d&yq*N3Lu$4L(Y6!6W4RHae`8<vrk78S3_jnsCIGw!6YO
zRB9xg={DF&00^(w%Gm{=qJcez+lzSHmDR<OcP5U2sOtcucPO0JuDdRacDL_VBYx`-
zA^!?hI64CFkaY4U5q>=2TN%#8)|;zS3;!#yI(qaJk!Q<d`}s!uK1h@DHe{((m;@@{
zaxrFZrB2x`@`mmWBt*lZ$-UV+NZ*?2RTC#(NDXs+NlCZ0?W{=}dz}+%a+~Th!?<oi
zd_aM7Q;G$Y_Xyx_6`khVEGtH}g2ClmQ29*<2(SyfV~i#Bk_<>D@sq(WZ3Gl{xVt*C
zg+%Oq7H`p7ou}<uK^7SR{$%NgNCm1y<pRe>!UxYOCh?gxMhWMwJCzQzdTv%KgKA2v
zG|UA!6xhaZ*}!IpE~(Q309h`kAXr-uKuVpI+t#_v!=ZWW7uD=%)TGx!UZR%}$tq~Z
zygYzifKAmHLefN>Uf3QOqUf-FY1@gu?)D{(;vxhJ>}OQy{eaBTU^fHgsW7-yy3~}G
z1HkJet>uV;$JUsucFSg|3m95)v>VE+{$Nh7Ozs9Ib_Bg-ahauJo>}n2BK^ZgJ{FV0
z+*}*LaUQy7Sy6&W<rT)!qYk+$M5k3?B?ODG7?d`X!?{}Std{R}j(aU5m$M>}CIk{u
zrSdj~+xiYw<@z@z0KX?bG(_ldL$g5bRMl}YvAu*9hZXQzoYux_MfJxyro&B2(wZJ;
zJ~giN)b7&qn^i~!24#ZS!Jyh9f0R3!^`_U!@%>8F^w@!T7S75n;2`*7Jf%^s3A}U;
zke@}9=x=5B-7G2%D*d<VwR3lJ0hSpvJ(d`@F~nnZtcFfgI7qGM6ap#TEkq-!bS$)S
z0Iv;b$4Z+~J-}gk8tfN{&e^tP&rRo7+jd8Yee^2_?Y7>6nH>i3y*rfk5vxwY71Iac
zzl+J!%ujch(W9?LprYA1IGf|8dy$8LnA@1%rUC#TnRD)a`&~@n{ZLB9y|fHJ)Kh{J
zYw&<ouDW;VHx6g}JwshD4zuHhWX4;mq^Sd#_V&yuDqKX<eWuA7FEdj^mJKp^L~xth
z2Ke7)RZgSXrWk=h$T&qPCK|A+rsjocQp{#Rvm94vlWsdz0FIBHz&~vcz$E?LT@5_9
z;pxK}{nz3>SVl?+)Nmv5rJ=}f9TxGvVXKwexyE5B$T}xC_GMU&r}NB-Hn-_<5Fu?C
z;UKm9e9TMn_I%{)2VjBS1xZt^4^mFj0Dpfo0ql)*4FbC-qeTW_8oO`yje={HCg+=8
z#TJa(IHsrzo`UGpF$4H6>i)eK^?|!nR^{t}wVo{VsGoG-%*y8V(9j$2y@v>m@Pyi$
z)cN19+>p*GO;;WPDO0NwYw3i;Bn}g(oj>rP-8`FH<$SW_`qytMqHY}5;+vtiAhc%D
z4+Oz=oBK?Or#-4{8u`OTBt!YQKEi&cjhhyq$b9~*Q?-(-@>I;=!OUSAoSB28tH?F5
zsVUFb2-2}>)t6R6>yb7J7HFlUp}`x`P<v{YH>Kt5Xm22zId#L)R!1scSSns;UUO0Y
z8~g)h$<<C{fFka8s^&DEl}O?rID8GKnaQc0B4%NgP^IhfkB3C*5R%0azlIRt@)I6X
zE*VxkA$~-g+l_2#H_o>ypDP8P{Xw#7BNZdrbwY?4RO5CME-B4M5J=33MdY0Z3+c<o
z^O(Xaj$83O2u#AjKB9GVRoNmF(bPHPmq0&JPS;&LX%3)ckVJXn8%<FG2O*4w+X*D}
zVsM+r^%(+py_JFm;S+4Y0}D`JLRwzoIwEEs;P4D~&myzQutu4xK*$9Vj9N+)pFvI;
zl}@Cf=7PQ{NKVwm?&IA$5>&2@5)=z-Kh!}Wq;Blnw6zyp_4TMSS;Tq$+k8fnc+h)A
z-NIB0_`-~1n4g+?c1cJRr-=Z74$1={W!V**bo>jG0b^+a9NO=z0s-DW?}gJL;55C>
zxcA?Q5n!K5$L*>BsYN>Npe1(XME%@2@4nw37whxLoEuB39-Dk8f>;E^J$d$-y*^Y%
zB14`8Y?;<EV2&zSJOkMx9RU^eKo_9Fa!3xW*Zt_b=YR)g#JPR{IHfrU+XKkYtIY|V
zR;|W4<ZQik=aoeWq@%D5fU9<~#Neg|ym_-`x(NyB;b-CsRJ!cm0Oa9a9RwXA{GQ;?
za^D<pu5;xcM&fqP66G3A3?8{*X3w5a1wbNTHuJbLD6R_}9sFH41c6MeB_z@R^QHey
zkxzdZ$+ZF?m;k_I+Z?#lzHfT}JkOoUNB4TPJb(Nc`0rIoH^>BH9gjT>v#*8>0`b#g
z$rQiXrGK8HOi=00=kH<tv^{2TsChDp(Ds}_<m5f{HisAx0-(0Q4t&b}sAs}mQuv>r
z#L)d;l}cuIuKzsfKT0>q|L090(YvKrXfr<?cIKabk@-9(r{BW;5B&=S%lnT<f`#wB
zo^Rji@@NR&{%?;@lCS<xiq`($lfV7{=}chW|LTH{FbRpmBdbx1!vk+N11GRUTM~X|
z!TrsJU++gv5Hh&G9=GQgW5B)_V+v(P_wGRnGK;?+E==bCx8~%h%Z5R7dGODbTBUX^
zVI)8In1?{3LjLtdzfKH!NdB)c`TY`W^zW<r{mOrLkdKx7@3&LzXZJ+4Z<^|~pGf8%
z&T)I%r$0So5*u`fhvBx%I5J>MBt|O06s*fRG#PFv=<szdjO5n<{UjOjTQGYqhW6N(
zmx@E{4%~fyfu+b8V-Lsft&iNN4!s}GW8CK&lE9)wsp;-sp_+Dq&sZL-YcjmsFARrP
z`fi_d9RH|a5NMKaaQ)Yms3GMO68(97QLyC;KSbi%o22<Wcg|g0iElNFh8iECT$5U3
z$&y3@R1rG7-(H$hXXU27dv{~|geQvE`OU`fS@+vIK2h!xF%&izy>;sj&<Chi_ygLa
zZD&17z?NE9&ih2P{bpQrbToUu_2}l|1=7eUC?TS|uN0*C*x^?*{bV}-`XlkdiN8<y
z0JnMLXmzr`e}nOsrc_N>ssHgor(h^IvsU284^RSyOgZAVb$nmD@F+LUZdx(cUg|w!
z%sEre`}Y~m2?X7*GfsokfhcYLIbU(kO<v9X%u;{gQ3OLcnZ5n|IMvebzy?9|tYKv8
zUZDc?b@9DcN{@|yo#=bwz;BhS!p+-#YjFTE)yQaPiiHaKov?=|-@0$zm!kAh?ZJab
z=7;HLUZsv2Rw=`ToOcR0Mhc4jeRkIln%OD?7pZ#_4ud))2BxMA!5&-c=#5xyuH28s
zCYML%u%v4(k*sZWwS#t*8_9_jAU=AJkxt6ZXg`UCdTe|%P)QF`Ja>`$TdmtF`fzXJ
z$fvi>yZxq#go2}qlhtu5fV`80e01QHjEu$UIwdjCMghCmit#tIorCl~EOQ1$zj~z&
z^8BF|Qr)rO-7CYO`t$z1dutOpOuC4KBdb6mH2`)9%oOXjK6{hvT*8yDcU=$AKJI|O
zal{3@lEN?8-<OZs{51_NJpR_Qi5jip%i7W<@#*R5VDYZ&AcJ8~Zz@^g^@4p=17vI1
zvh1r!mhlsi3XK$Y3Y_2fS(@M27~f*4^v|mAORfK|<DV*4G5Y#C4!{JKg`65SQ5-sd
z=yY3!qcxHlkL)of1Sq9dyIPeSHrR?Uw%K{hTj@UUaE^%RYv^JqySb3}LA}98n_8&t
zeou&Rg$dHTog1jb(!&DU53telbcpH0P&>341u!oK79nPY_<OX-<lPga6FAf__#pto
zU~m(siLbeC*uG|Rs2OXHF<fvde0F0Z!@R+E=^_=!JF!apT>BhhyQ$J@LV#F=qWn2D
zJ~f6AG=hZ36Xjg*?Q7;fb0^O?Fh|L4T9bg0)Bqd0l5bJ~sSTWxipmnos2D-UsLPwq
z#Cx6~N(oL8<pfA&XSBm@>rsnpGsIMVs9fXW%jiPy{Y@Vb)D+z9ONoX0`1;x%4VTIt
zes}ef!|d(vk4|b!Uxg(Aq$@%f0~#)T`NxkRXNO)*IS4OO(9q<$t@0|u!Ng&KRkyTM
znr+iFpBJbqDn(OrB+TgrtvxtipNg3(woVT;YBWJYfr<x!0FFVM!@Tw)8(;3X@2vwo
z8w^baGgFqI_xXhD$!`w{?(^YO@$(>PqSpj-WiAk(F<Ies9d_g}Z8KtfaJM1AKOlew
zHs<`I)et{BC94f&k1!1ji_E0P;fbqRr9g3Pa4YDggoK1vw)=U>kzAQ)>z^0%)f?Xs
zk*u+IMpKIJ^<u)vxLDRPy__JfHCgVBnbNyL@8$rrJNYsM&jbsgu4n1i5r_t~P2*&e
zq}vB5`!&`?Ex7L<BNyz*v4#IHGda9A5$|z47qe}~VUP*fz6L#YA8+rQ5)yYQSOec{
z=G<MHpMT`gpUf6nO7E4aD1h|!Te=2|_&U~}=Bo}cAKIz3pe@+)`AgsO)5pYdjK55P
z1;gLQ{?;e)3`042aXB}7A>R~&wIm2Vb03_l49E&z=`)4GE?l~FE4#hPeZ5RwZMLBn
zZMNG6hk~H<ilIk%{F8&Rtww`d-&7OtEwH!wZg{$)Aemd2HHxmANiBhvSAU?r-B7d)
zOY^v$12FRqV#UEGy2zt&Dl)R`u*nLaWKbIim{@i&<vx9a7}vUv++-3F-31u&c{AU4
z{-Wlh!smAf*pg_NHQSa^=`DH@$+vB@jSqLk;9|0O``QYW;Bh6#ET4au7Feh#tNilH
z7I(pZWie2|`?cs@p`ywH8YI3GMn3l^5)$;02OQd$gh$gw{rdDyY<ln(m114TO*l1N
zBkImG^P;(rt$I9$b(!4>`Pu;wfO0){Nn!uktW5+C1t}i@E^NAwEO&O@pj;=7n7+r)
z7Q*y^mU1LpmKO|D9gv}w(las!8CE$+Mevi6ozLco&vac@Y{mNZ5U1Z(`BGs})K;<h
zIPy`Iap@Z>&U{q{12(<CHXH{$?8&Fszk-4%botso4=y(0G}0bt*Q#<peR@i6XDJI`
z{B>#{Ei#v<8yV4+&RcTqAAlak6WI=nGZpx|=x6k7FM4Hf6(2vmZ+?g)m3H%O=#EFx
z6BL&5k3A66ZF)^0sbmeKD<bARTX1jt!_HpAZtnK*x_~brYZp=DP<hx9SfAIM*|lva
z941luml8a?wCUmJ<2Hr#_wPl>H`!p8iZd|A#>dRcZY#X*2F31q3vI4zXau{{7~sGz
z0JaS{^^946*%CCO7zGUY<8)P}D4SpL&^3hF@1Wq*WhtrId=vC_?Z8~K!C=kYFK4{6
zCnLn`EDJ?mHaK!s+t1tu_szjz4FyXvM9_4fIt6TAa_@?}pfYTGztQgvvW7$3|C1gG
z_|9HaZv#uk_*-zQ{?z8&^AtG+^D*2DEH_r(gvh{W1D%bY`7Wv!1S0m4-cyWWZaty#
zCvLR5fBC$4bh2?9lTk77(eqzY$pm_<3XF54E?lgS5lrfq&Z+Zq%n7I$Uh8C|t@$0V
z-x>Y#yQl83?%wfP%`j}6+?isUtVe;mS1w*KQeYIbF|Srrqs8!|E_!gSk9VYezJ`7G
zL5w2LqOZ1JY>IhT1E8V!<%NhipY6dQv7nO=0CjjbSA`sIQ)vbPf=3RvHNukyjNUWE
zkx<`bdtKQ@$BQI9j$E%&9;ZPKt_4Y%AL3U6QT!+0%lZ)fQ^hekceQF)7B^-q8^yeA
zEW?h$I)-_?+5UwamFa|(+o<hV;PbOm;xFUqazjiE;40M%${DE!U2oYfx!M_K_=|yX
z-oAx56ezE?faeNsgHa!^J~7`w0RZPJp+>@(5!ET@CFe}gCB!dFG;T?#7HVTA?iskq
zZ%sdKvx$Es;w;Lo$+M*pdxf`kN{6GbVzCdd!NPv)T0B8=6=c+=k*{?=$0N~Jw{XoS
zIa?*Y$acsYF>f#;hzLCoz^j;6Gj*`Ks}KU=)0zKkf_!Rx^{>Gb^5e%Jv6qTtueb9s
zTIVBiczRcZm8HBtaTUIeX?`n@Vep`y+=zjJfeWNw%IN_I9ghiO1TO03p6D4{Ni`w6
zhhcvZK%;`7iSPWy-SH(|C9g}Mc@BwiG5;lRxMQB)e4ijfx5UW9AlqS`ylp41K3k60
zWUtR_o`Zd44Ab{ISzW!D!X}iO-G+-v%9qVk0O`7dkv<vDiD@1NZjA-N$ScCyzb^fW
zU#L*V@3`|%)A_qz<V2+O5}Rey-{(=R3K9)u)Il%$lKC<o`1<<hBRRPj9662iU$6!p
zHEm<2P~kDXR&G8GLHI_2H%qx9#H{0K%<`Vx#(Uurn{)YBl11X6=h|tIJ0Mt4MR1!G
zuBDn!3vF1YO`mEjE4OWOJ6wG`vf<t1<28kflkTHjDIKa-TA8HMs&Hu_lQ*a0_Fu)%
zw3$}3(*C~O!l%DoCWP(3OK`L#J-6=2?>qvLX=<&{ZZ@F<fzp{4!DHG)UecpmzDhSW
z7hwOIfLJip@2_>rT^>0O&RJewW+AXRFQ~Z;(rk>FB9aT2J(%L4BSo4@yQ}`iqHb5#
zz|faOf6cJNxeECBi8qx1Y3jh2R!*&Kt;gngupXg!Q8mFHxlTuOun?Hr*3nxBXcG>j
zYt6pysCTiT6olBEEzke3jAtsadOTX11)yHy8TPEz#(<j{f}b<(wko#;w6*<;Zp3<f
zy@zeVzN0A|Y78`~pg<sPh2dw^aA#D8z~B%b-(N(k36JC%Gk3a@kwxdFy<T5kO<)zz
zBV%N-J+?N@m938t&+F_@5siQ77itx*UE?AHI7$HD^2snvos8#srXE3k3InjDcFXx5
zZSHH8_S(8&D?^I6hBe-`M3?<^;aY`yQKcv2&1@;7$v~x6dffl?K(n+T?^((rt)&h(
zcklI@W8{F@ja6kyT@{CseuaIN@Y}lkVcWWUg_(Vxa;4L8?4wKoptV3;@cz;BBRf!{
zu-yeDj~<(o(gOqc|K<Px%SYZwOG|6hnu3M@xM~j=c2Ew$0>h`>PJQTyV@tA~cw<V*
zz~ER|K7|zXI{6@#C@5P}fy!F5!N7^IKwwSUrs^uDvD(b0ny2#0M2<Wgx=hkz$;Bjj
zR5B!n^A8ALHg8{Kvp@OhT?_1*O@*3knDF7`r)ntd{(|yi;KEn-_{Xaq(Z;}8z}<0j
zdT%Dt^EI8c+oQyFJ_3Os3IP=ju-)Nz>Tbx{@_tLMpFII7qXuBuL%+dR@(VvOYRF$`
z+Y{xM{(d#Ar=vpI^yr*dKDZ)VrUxACAar{6hI*7q+_N^-e_fFWp8__JhV$UO^yMQM
z)!b>(Z+8HtcI3e{8X=9TNquLh<2t##x|$<zr#n{bcBR4@|5-5n;?J*E;MSFu6%c#D
z75rZ|sGfq)oPx)==vT)3#P1w{82>7~`E|KJpOk-A{t^Co;wMu{K;^4VyM|hrGh~0K
zW)?U86_`2w*xuGb=aX8xU;TBKC(18>2kO6G`FmaBZxik`tGuZ2`~5^3&6r>2M)k!j
z`CJQ^qA-%*_9v>7@AuIDef$&HzrO$XO9}V>&mMFl?T2B|u{>;leC$R-A9wl&$A{Nv
zT;^x}N?eysVl!Nqg@?+F4U)36vJx}+D<8#KSw;-^3@W<Ke`+LtLt(LtUF=|HBY92S
zv4;sX)*bVZ?sqF$O?i&nt!)zdeGfmMpFIELcP{<=joYumPJjP+{BIsaPhtiZE3#ab
z`p1VMcSxAA@i@YptgKf5^P6AUEdIwg+uGVSKm1C~ex3XY_MV0-+-z|Xg%)PKO+w7a
z!Y<4zT)+Q&)ciWk_0PoSl<3N9R{jlU3kzlTy#KtmYs6o_wyIwicxA!<njOZ+$M@pj
z>Q@gU--Lu}Dl7Li&bFQD78Pd&o4KgFntd>uF|ri46rK8&IR8Ft*-ds)SSeqr)|Z|~
z6Xajt7Ph}_Z)@)!F^ev5)mK$jeZl|F>pQr@!otSR$ESXN`~2Bkc$Nw3ugcNn9sgEd
z?fp%?jQsak{Cxf-bN1h^6heRR&wnq+{m()FX(z~kngBFGAIA5$iT^o)p5TS0oBcVc
zw3JT;A1@<Qu_n&Mi7x1k%c){+I>aCv0wp^rv?rrYw!}FlmN^9Ag#Z3HNv0jn%l^iH
z9pg*a@$6#&F}mA1Xa?aZ@iF(`P~?vVD&2A%<llK=lcna>V3V!F*P-!S+r?2dhr5UQ
zS_)C1F1Q4oXlJLVC|26BW^Bs$n)<&L)<?-Hvh)<_me`MMc$~e3(j<IRJ2ZP|e?ODo
ziiB?tary7p27#Oy9v|<}v`15XX=uK0)R3uNFb0F)?S9eG&-=gHd(Vd^v#xu1W*l{F
zpdz9oFpdEP1Voy21u2mxU22pTI?{V^R762QLJ1w|5SsK7AS%+El+cSx6G8|rfg~jP
z9p)~N-XGq-;QinyLvpTjowLi@Yp*@0Fgy4x{C_O`d$pps*2t27{(yP#2V8Q#nvL|C
zzi6lbN9tkxk82B}P}#>D8w#_>DmA<PlDEL8Zo!vr@3bAlQL~nurr$<SD@@l=cCkCH
z=$c9LZkg7A*w@7hPcJVYf7XHMP!*tB%@Q*JRXIu;E*6cBg$Pre8Zx*Q*Q0Gxq|gQ7
z=2B2EB>@4`F}J&pyBW<?*PhJA)0+=-`?)Bue|k(?QFr1r@~&j>QH_7E!&dY3@I)6>
z6V+?fO098SA1kp^&3Qo@TM>uj>Q(twEh2g!a|228Q{3aynn3~Ud9O^5Tc7VF7XL=s
zUirQm7ZDNBKV-!?;8*g+L6Pwr{+9t2{9jyvjvgTcn?PUu+vu3;78`6_LH~CO2R{f~
zYfLBSn-h}<3jGKF>P`T|1IXNa(sf6ETI%gfriv-@Fe@Iyo{ekDX?v%z6BOs&S`ykg
z&)OJ;$pOkn*P~dc7?Dz?=4Ec_lXk<=3@+8*jyryRnw&!Ee;(AFaM`Fhkll5zQZ02<
z7*!QF+&ufAI?KO)=?l{$QOLSKUD7DbJ^f;4T3Sh6e(%UyjG~^F*6T_6Y2_+=EhK;h
z!Q+RtJg$AJGR*42_o)M4^dX0!$SLXa7O0}f+Lki*CO;K9Qo;OqqhqgLv0yb@niM^K
z8N?SrJXtooteL8b1e2kRDs7KRx*5XK<*F0GcS2WjIdR72Q-$nv<t-@lJ~5!r+cIYU
z(-!>l{!QMW`I#_;q=wP4?M;M=YjnF+?fy{$Xq&>i?pukRj||?X7Md6MQorHZeU~-0
z?hOsOx75)};C0bzr?<y9<5tK$5unG|j+Qn7dW`@B+oQXFmc3S26HBoYZIaLns&$VK
z563_p7vBBK>H;R_6}<^+{!bC;--|hEDx0#OUT2liWs8J_@yNTdebn;U`+iKA@r`qy
zisR_8wd=ZURG~Zp{xTd$u4%jL(%#pLSe0}tOl$Wa7tmX?a{t+f|Duv8Xf5UR7;|YU
zw}@CU<^C~scm!j@k*vi>p)8t!{cF4sAS0v+@5JGZbV-CFFlC_FCHXY?f6ywSVa}W`
z3*ZqQt-(vXP%#hE*v<0eQ>0xTri;yLkN^ja!m}%tjP|99NzJ1TuNQ#PI)$E##|8CD
z3d`nR>W|MJO4;w%B1{DR*)cniK?o(@oaA2TULl_l<Syi%kwx2+1dog8X`%iSbzaU0
zNs(rXyUsQ6&v?X;)=HuY-1?i}RPAmidvAO`<I14x_U%2)==0c^&$yVqY9s_&aL7Ed
zOI3-vzO2$F#EwQN@_a~(R!<`HamVg9uvhokmD$f3_STQp7?|_&@j(yPJN*0K&PL_g
zS<h$!koxDI%l&ya9lB0qWzB)`_VC8j9xKt#Ki6*`^Mgy+h`~UC++&>h$zjXaO(g*6
z?!>+YY=6*|O%0e|D!HCsrgm!edlf}IK?vn~p~B(e6EIsfw<0HVH13f4)N?WmaRxoz
z;5D&BoFJVctx;ckaBUc0(GKyeg*ZR<S}$>Qnrdw5OWLP|7-jpv1@}RVjZb@Q#80Vr
zeN59NY^$y~zzX23Zkcd(g;I}!lVa$kd-@-q9zJJQ8z1N!ayJsYZ``V;SPnEk=NnLP
zH#&9uIQy|{w&EraV?R1g*0-p!5XupU)SL)ZZDj6jb0hlUhu_qAg8m)>>n?=m1R`^*
zmanc~__Ran%25fb%WYsXFzyo;;l^%-;>-P-NJXZ1EqEl`?P>7fPGcqc{8aK#Zjrd8
z9kt}-*w3f<i_T@ml<5Ic?3wS8uU<9VFe6caMfo~R=tqmBW<?WtMx|lB(#lCdVNy0^
zsYEA3HfL||cj%~7@(GUK5w_-_3-kT3m-qG28(FreP<*_+7nyDCvxtrmxzL(pkJPMM
zvVnsBH7OAtr0q>G0AlTr!|bfRvAg^HaDM)%%Tn*_XSr%cwKFMI1uG3=DpAC>y;lZi
zSdXfYWbXT(o|O>iJ@2jO94_r4w8h`9K2MI1&vl*ha~fVMZS*eAE-HY#DU4QmMK_s5
za1Khdb8?`T<nGbwxd^HC<SSBFdJlaKuiiw>9h9h`$f~NijJ08L_1&MDAA8I%k5zjk
z7Tru9HhElKji!rQ)L#oTo8r|xBG>5Bn3kTlvmQSdg`asu8>w_<oxkP55n0tj3(Rsd
zEWZv-*;u_LY_?ScG6KU=HzDYdu2ABIfy|4$=%r9<!%WS=bI=<leb)A%qyW!)-}MRS
zl8OMj-*FZ}k+`m0KR#?e*^+8Y!{i$Sn;atHjNYOy#M++XXSpObny=eXnKzO}S3#Ei
zI&2kk1mA(fM=j@R9&v76Eni$+MYl8ueQ#!6TG{Iw_Vn`5Tf7HwAE5V-zTf<+KQrb=
zyQH%P3`oV|>QS@3gMP20qKrOdvqPW-tW056RzD~b_AnsTX3$_KXy3Q97EZh)MZ9Dv
zfB$MY%jcbBp2hDOKU*gz&*ie0ri~+n8;c3W<d}~-!had5_I_j_z)>mV=!m)z&4Kl}
zdhb+<&kf}y<T;Maw~2(nYg=3F(9!NBwz&($&t?SKUE{|SW@wAzhBF_vOy|4)&WXb7
zU%A85mznYT^U!34PpPkqW$}h(st@Cn8@=AT;<w{8&B_-yj<RwVoH&C52jSMXYYv@J
zLXrA#7dpv<&=75rHAU8>z_A?|O(cMY;X5)x<R<Mu43MK`bGflLu!^GdRM?j|!T82N
zf?6s(JSOAw8@+j-@0}Gv@5F!dEAOARfBn;bRWRv%<YNDc<n-6R+3A8WOpVIjv~%c#
zPgPgQv@flP)i64JXqIxn72~(tnfgb?xA*+z<gp6C=|mg>{QwW2Y%T95^pp-L$jF#t
zTFFI^wpk9`kYoGdglkUK{5r{x{MN%FTW(IW3q8<8t<PfS>P;kW+!oK*j>llkYnwE6
z8WHm^AYCp}_~pz*bZ6;X!Jk(7%S7MTKbOiBXs>-U<o#GKpBH@a-hoFkxOdQQ*eF-y
zQBL!t`6X`}=#1@h;LxfmDDm|3Gl+6Z*m*F}e@{mz5t6LU658b3*1>;m|H~sTC6De0
zDo8+J%{tO2>o72T$g#b?p&mFGT)m=~ZMaD0Oy&}{s>APMNCf+dcnBzk;vb{CV`F@Y
zg$CiZ&hsgDt24#LX}uFP#Khv%qS6Jz@x^YZF&MsPJH{vQ(exhy0ZT36azBU6@(!1E
zh6pSeOX0!RR(dr31a(n*@)50-%TmfRpvgV_&Mx2vx?#cneO(K8>re>*Y~z$2sy|_(
z)(WLV#3f&q+Zp!D#5WhYciP^Rk#|=kKPMRU9Vs;`vKLnvb${uhRCrgfFGZ|tJ?U%_
z`q917`9|W-9B5UIVw6sj-yO3_>9aSwW@0>C(3C%{?&t8?AO=p<w11{IZ-rwm9-W*%
zab5pGPB`mG#i7vE*4=`AxJvF%Z{Z0ovMT40jg3vhn>W|saQ=n|*AK#OXTUC)QVK=D
za+>*#B>UFR^6-d8wozqUS_0TT1cuy{h=v_u{I~q?2FAVcA+^E17S@7k^`zWfh^qSB
z2#HgA0rq(yD}dO(TRiFrOcxqHrVfG5$kmN?6HV|mBfJZhOE!4KL0wf<=+F9Y%Th0~
ztx7b`H7`GE)p6(L-)OVEY!66dabzT43%Tj+*|XyEEDWpfIKP+oj-Wn!*}Nz+jiYv_
z%b_4$wl|BMJEXQqo5sr-x-;{ZKfBU(KU2XI{**2D9QuCJqZM+o2@u$5Zh`>e&#vQB
zDDoeK5?MdRj}E94!U=BJh{f(p1kIJ_lH&Re%7uv{$<EJjNW0FWMHDiT?q4ef&*~f5
z2}v93>knBD;9nMm#|(q^=_owKD<3pl@T4kwY#xh<ib{Yib}xQ?%-iY1iNLkS$O~fM
zZv_VK-LlkWZ{$*3fMRSa^*toyp7Y3Nw;WO{)X*?e7%40G$jU91A?ausgZ_6}@89p~
z$@L!nv##wW0csfdZuAN{C}3Y)EeN=dh)CVe?n+;<kDnZNiMtOP=|@<<+f>I~R`3|Z
zpXB~Lb}KOWYj*ianU{O1C3dB3xl4q#24D32cV|0Yj!0FdvIlAT17R;U)o7H8tCdYl
z-$b!S6sM>tJQ&-1k<e-Qby_5SYJw}%K)nub+mktERCUMMGNQ?4?Fyv+6Sn2w;Qzl?
zIc?q`KaH!HQAyd@deDa;3OCCls?F-0oYKyw4tJx3ORpTFIZ@-sByCnXSLcX&VZXD}
zOhy@^LJP3_^uXPbUO#?3jUDDN8%}iWe9LdxXxM2vU{tFm5XC93+=CJxRj<k~_9`HQ
z5n3iJYnR@2Tc7r7$<A@Vhm=?Fa&8;a9oh*1chsoZY_Ohtvp3Sz^rmH8ey_wNkc!pM
zIpQ<4Q>0glyfjj5XQ7)RJG>NNJw(Xq?g>w<#prY)>so`zza=#{`n;jQN~-;V1bkG$
zy3xGst-|`*Kte#OqCvrc)FjBx3|5dIe3t{O)%l}%<ffOb?r+`({b>0ssc(`B7Zz-x
zLyMhLUwc4wcadP+$C-C=tkKATv^psBOuGBQs#6ZG*tl|vADk3+Vg2#-s^^ARzKnF#
z{%BIZeBd~1sFfKiYyOP7s|V(JoHNX>2UL@+Gb&W)u7ausqRF4?V?4XPr<=toMm6rk
z_p<Ud(cVR;eOAVed79*)becj+jx*EbfTq0(_o{K<HP#MY7FJ+5_~FXU%`Ih>vR}D3
zl_(+13u=m6^sX?U`lTIgY@<K<UG09O+CU6vUi&G0k@;A3iW2-qf5v#hoOCJQn^%`(
z7e9T8U#WWS3*vwpA`vFxIwX`LwZiUdMk`fg<#CW_E{+My2JYJ$qpF>0{R(EZZP9j8
z<-oGzY)R4TIOCDRP;G*}R)|Wm@pUn@m>b;-gP3T-*+*aPa3hwQqtqq5?<@5sN$G{}
zy6IKC{{=df(fm~{Q`+hx{PJO|CWkX2H4f4CI-%m~v!YjdLdkhRxM8NAdt+oC4eqoD
zy(?QZYBlqGWEEm+BOQFsfNM&r#6Aj-&s$a(2;Q~t^M^mpxG2{7hs|iQrDZ6+)=Zu3
zitF{`0}ucfQsmwB(3KGowrT3dptIVP9?ldIn`9iOSML|c;PQ>cPX%v@l|G=pQZ(Oa
zxqcoVJ}2qZ*2g**YTg{=gJYdT<SR+h|Lh9fr)FTKojQ2%JM&wr?Rq;vw7lBk!_juR
zGzC8^kUctb{AhjO9|GfBANHj&@~5Y#A<$)!yAB=w2Ukqt5w2(0V0&4sr{czvTpY}3
zSdGLB-8^<|GU&_OkE}dK-%3wvqM}_T6*+Y<&6x{5%f-)vnEI*VX14y_Zs6F|z&qTJ
zHzj<ngm0ymJ2KKPdU`;ym5vS*L&sTZ!&!o<x79A|eww-I+I~5?&mJ6R3y|Fd($)RU
z4otyHofGMZ!ld70V^q&)wnOTmUnmmXMJPzme1dapWEF>GwXq-`{ywOvThPFq05+!B
z{3sNO!K7LRt(eYFOq&|uN_?c7m7Fs`H<l;}5dZo$%=^ZgA1^;YC-XFfmsfy~&zPHg
zU1led>=Ww!giK@@{nJG(s+gLCWM4gybwiHSjKxtsC}$T3h(h2itY%~{5L3)tTuKmo
z9;J|?fVd+_NYzA%m4Yl_IOsT1VL-j_*^4O2vM~@aHPb#GEE%f*EU?A}{pQ|KnL?1!
zSL54TZl(K(nj@@hLQui8_ceguw3iRE|MVxlCZync|7fNUXb-D-)K@9t1>xr}_KM->
zGUNI2mF*V9svPZfsT?g$-R-gtVc<OHC*J%Wf@{$hl97{f9(h+FVZZ;}#S#O~Q-Y|o
zLe}n9f>5B-XYs~BdLyK3uKbDpK-zU6#4cF^)AU+i9;UpEoM>c(#!k45w$}(Pt|R2&
z>|9)>JjSKCuQ?s;XALb%d7Q48m~b3K{#C}M7U)WLr@Un6)rBz<NL-@u!0xzCfhH^l
zIUEF;#b7#{;2Wh(2)=6oOW%rn+GA*ByRdi}p}CLkOcbv!Xpu8d50WneV9oetu5^Hj
zynLw{NFmkXa&~X?<_9LSZ*Fe-5@8sGicf0wa8Eh56tIvks>2J`7C}3E;BvDJ+N>Z<
zWRh}qa%<UFJ5{X1KF#)&8_Pu*D`d4F^Uf)5DIIC|_6q~rd~qOqt+6plLXWy-nev#%
zIOrx4<fC6kzmlBvSZS(*w0&wTQbDz-wP}DTUN}v<)gJ+1hlG;*CMP&T?4FAoL`Fo6
za==0h^x0Qeh?b9#xhQ@uBU*p654G1cm1tCXL?`qCsY=k;J-gnpBScfbb%|?dUKc+c
z%-|5QFk}{F>UEUSU;Dj^iNekJuaN2h1gGS>4h|uH`4rZvzbR~TqsJY6zw}itvsrVK
zIgWyG{h^dA8#M`rJ3jNP5&7}Oufsm@Milv10QO`?$Wa%N8Ay1Me@j>N0^R%-)&YyV
zeW|5*R?e;GgWQT#)vM11KocqKvu3$A2vlu{I<x3iJ_IKEj0&w-BlcrEi5i7P-yf`8
z-5oitowQd=l^1*PYg^Ci=dV}QGM{`58)+~IN)4E{u*5BITDAKqD?go77*f$Ts~*!V
z*Se1_cyX=Xo1NaoAUpQ-_xGpBQlc&g%k5*u76l#%;vGMP7M?a!v$AR+(MDY-&bN3!
zkDDloSnTPZ_*Me)PP;%+HxUuEaZNT7iL7z$aBItFJAd8s=7T)V!@&9fK^W(<XY1cD
z_X4?C)M^5V3=5xyM_>D<zrfWIFLJR2`Js)p+pi!SKy}F<EwZ>`2%^H8uc*07(zVC1
zOnE^LGc&zGX%Y~WSV7bw5EP>-CtfZYUu7DZr>Ov|{^PDrbBZb`-6P>g;vrFiWV?eV
z4(&`Zb=;{}1OEy;hp4+p46Xmud{in`i@Jgt;Dr|GWE#!=N{-=SIt^Z4+$0+-TR-J?
zn(J}P3>|*UAE<$}?@vKp-FBz=M0F<$@InE+qW2-Mc${DYC@@^pb$z!g_Nv-oP8*-$
zua^z@n)4aDWU(@H`Ds1#T85opnKnMuu<dvjvLx(#MEtb^z_PXNz)wrRI9d7PDZJ0z
zGsbW0Vb|8+0(lKYk8H!UH30np@X>Nv2RO|uW1)tY)$q{0D+E@hh0f9ShNSvi^vVFd
zWt7K4hymK!z7F&~I?R`wua6VKMwjkA(vDvHDLdT_e|mUZ6Zwtp?Ai;^KTT?k3bbGN
zGuc-E;q5FJbGf(gu!D>cXKFIwNqihBL~sG4)6>?LU0=VWJJ38QBO_A;f`R$K_FmRu
zLeQ0O*?(OX?b$U>80t<Cyf6S9SE^GIm<X;Z4bG=%%TA+lu=A-lkV7;}ezj9jaCzNI
z{57{T_J6SOeK4?cPXlRfeN%B$>WbnWP=%))Ul^#ZdG;)VlMp{YK#=iUe>%t_pl1Pc
zpDI^YreuG=PKx-hL4vTk{_=q3XUxUl52}$OBDnFX*t*2Nl+Ly`YYVIrKIi1}#Jd$~
zRW&Q)*{0Ds6@0kacSk$-(^VchRHx~}JGH$vh*nWE>?4EP-mo;)pUZjg5A})rxj`G}
z#YUuUtO5OKVV;oe>dbNK<c-PXQ`U*s^mhJcv2Jf~Uzu38>h=zuYYK?+-TN@bPnB}C
z=JelxNZyz0uW=&DlGbKTkqh&2>h@Kp03k}A?Mcu5oxkc*JLGvl=#`(V7hnFimrCU|
zJ@n)vR7)$~*4$?^le&xNjch|MF;JQ&;Fj2?(5$TLRMMs0?&it4YpoHS(%0ABF0OAg
zq020;0PnE2aGz~zb1*5n-+zz*U7UldG4`EP&wP?d)<WM`G?epQ?{DXVE4+sOvCUBV
z-)9yEC={3gu(j2l{zwTx*HC?LZ|}wsSw9z{I4#HZOxY0Q9utP`F5-A-s1lc~XYYDb
zfPqnnd@5RYiHUi|W+gQVR22_kaH+E9rl!|q(6fJ2a&BFL=2}Ll(<>ET3dnH(^W=a1
z@00tIR(%5MF+D&cq7_jlGTI$^1|?E3wLDGvqoFak^ku-;kE$3tNI=}GPtZ8D{AQII
z2sPU0tek^~Z#ycUU-%aG>wMs9b+S~)%jIq#8m;LfTTbuG*VS~l?d2X+n`J)Htu^WS
z4I=D+YPs^CMXZ{xF`ph@SXvU~;E4S8?c4B9SL&ELs30SAy)GK&2JgSh@~a_dwbrR5
z+_}>>Ofac-IFl1XmS-2^A>y=S$ZJj(#7VCFE(7@Z4m9L$Q!{ZS<N2rGr#QR1qTO$@
z-Q@h|nZ^INa&%i~vckC>(gleFl@5ox0fUgBO9Ws<?WZQk-0upAC<6OmU~Gg5v9PoR
zKy@wzu#B81YRPmop;cINex|FPgex8!sq|Tvpj*4mmOWirT1qKuP?(-^Ewh;y=lIea
zLE@AGP2#Yd{yKkbBh>%*eY<v<^qk9lSo(ZC%T=hMaq<Nj47nJ2hv0$^MHOBvHLFrI
zAA?nR)<C-2zGZ_+@VNnuohP$5Q%m&9R5L|;Mr(-D!YR^&@XY?$1At#uUA@@2c?r~Y
z?hWs%p@aNneHB&z4sMYe;}Es#{^%wy+I)lWO7GD_ceH*q)W5J+@9o_UVa}UDN8it8
z9~L*N2sV{T?n4_jN1X3Zy%Jef1#$FX`TYt<Fty>#?*y8^->LOE^MEG#ggNQ*3{G)F
z)*1&vXhchZ!Cc9n*wh#nCgD7(0Tan^e}2QpX5O&iju3FBqi+8Ix3%DcB%9?p;Uc8Q
z0Q*|I08XaCFT|Z*de%y@a{p;vzj#ijQ8ERu6()f+Qy7fm(+=2Pln6o4=&T{6zHS$o
zoQR@Txpop71-l>&=ZE_^?7ow&4jRwb)p99mZ{AR=Ef2vuj8?}cA{Z6D_Rg*!>g)Y+
z?)z^5l$5xhBpm7@E|}a{{~%s8lgK4xF<NBV<G>Grd>^l1Go9PF)Zl7@Jg0nleCwr5
z;NI<kz@^b51GvQQeA`7b0ayC$>C*^2-cE?UR!M#a@%OJ`I}ggsDj%eghF3{cdW>td
zo2aEyNZnogI8&uEs{+5-)HuR6lM|#V8erJ9zO{9>Sq(9uybdTgE`BXb?7LLtw0L}r
zL>i=QpP|}Jv6Pzbf~zp^N=;-HF4f_hv<+ORA7xqHE>DCvVvCE55B43%7j?LWV73ah
zViIzJYenl2R*|{8_K4h0ArqoguuhRVrZGhVT>uc!d-|0+8S*&^N+pBq@8}n!orm6)
z0eraR{ris*Eobrwav!Um2uFam?kAI8DA99+gST>N!NitB)Ga*mCSp)4unEo)mUwKG
zv2oSx-9{wlk~v7+NQjbD$Vyxo>^mqZ`bjF9h_I5@ajGDm>YAF;M2W&iK}1!vw{7Q$
zAj&lSh%3Aa*xY<|iL}<UI#-S|QyQ@VhOfN}NE|zKam+1f{2|_!s8m-BW5%ZJO>S?A
zKDhmlIRLksO9`PrZ<X{`Xsm2`oXWJ*PL-%W_NcvszfiAAYBKc8!x!_$rDi!5IpLSa
z%A0N(tGrN3bqfXA1kftJI0hfc82HxDrSi-6hxx~+t8_}8wzhWSAqP2v@7nRIDN#sa
z5><ZG5_t|>_(lb(8#6K;ueq~_uG~T9f_YrBjWs9p;!8;_HM_LfNI+S89r~JB^X9E}
zAbhA86n(|l0fbt1&}ac8asw&ofOLh>5B|nLBMDb(q%geAA$<0+$sH|eX%ibpV-4Eb
zZ(NZ}F{NQ4uqC+VU(o<P{kmD@PR3EOW(5V(`iQh){rx+sv@5*#3ZbomKpwqZEh<Q|
zuO4hyiVQ*f@Hui_1FS+hKw-4FYS!N?MarEbG&SmVGZnX#wREvXGwUhBl*Kwlo3EKf
z^*1Urv_dYx3O`#O7PGv5UORm!Lf&gR5#mZE?P8AK_9cuM)47R{ws$!mKyI@O#hZXU
zRKjBj<Eu2bHv40{;p5&kN~8pw@mD~7g8;anEYEpbia%<adXV=IlelguBhLYl-os;4
zHeixbF~t;3k#Kukj@|pj_k5z-E{Je!%CDnhs+RaU>}BLX8BLL90r}z)v7;oSvn`O-
zSUS23zoN9io5aPnw_MAmhVeP_wYV&Oij&Z!sMw7fke+D)C+uEjev>qlQIKQaiY@$i
zvVG>Gyx$dN;AQm}?3`;<MRj%iGR3tSh{LbNzJ3k&xhi-MFo9PX9BgbhJ4${c&RyG^
zHtP0`#O(nVapfc?JAk+)lw(22QSD`tMCQ3wn7aUh>H}3_N&AI|sbT;@KOegP_nD7P
z0RQ$~KR#S!&Ybu4^&AxveXUo#6jf!X02MTl{p2u3(-DO=WQ$_0V)F(*w)San+v|cK
zh)&vD^-|m0bi<V!sOXYHM*euj4V1N}m@V`mzl!?rVasZQ?%c%7Ge2&2XXE#z3j~%a
zW_j2R=E}w(+w&Wo(w{3ul_ZsujvYJZG|?F6yEdJ^B4ZUm(#|2Qua|MO$5c!WfVw^q
z%DYkKK3$(>>UI8Bz1RE1R(3J0WyL*hP8<qiRAeYJgOEfU)i$h;7NyTJZxC4P19A5}
zeJkC9Ou`rc!v$CdUOw9G1hevA=`lm)7BQ|(DnTgx<QibinsrTdndZDu$P=6A*FZ9+
zTMW1wNj;BeO*&$X!H8!Fl&9Z3DNo`2v1_?hA18-l_fXsMazl+{38Ln*n$C80;2XNJ
zZzVr9dX2d$$RVDBx+pI+V4M2ADnJ~>eIredhqTibd;CY2E8Mm=Hr_x8;|)D~YrI8>
znUn+UK3UuTls^D)fV1qu9|#R*A#>~ZZq*PcrKglmVD~8!&h5F^!#FVB4mNAUXTU7h
zHxN+0b^4Tqs#e;6v+45bO~FW`kvNF9i<xmTE2RSBUM@f50vNti_=)E?;*bEhfGdHa
zO7|Z=yxln8pNV}tK7MPSTEz=<{D>Fr?%<CBVt;xni}QrM!GRWsonwDoE13(W9O#y{
zHwzG(P&4JvnKmpYpQb@o2+Y7jmKd>a)0VV{3jm}5qOYlG=lkXPGZbJBdmYOAvuwIz
zo1cPy$W80Nk-0z=DOW}@cxml0D08L(p|Z9u-_Wb%g+6@FWKF4hBvI+{{SKY9?ky|z
zlZ4O?MKG>6W6`J5yej_`uW9k8d=}Mv`nC&pAy}vMgOH~?zS1~XB2~+2t~L+itlBej
zMeCp$rx;N$DdJaV;WUGGOdQn&bHLs~R)+F~OoQ>&_fRKCpUMnJon9JMs$H2R;r%4l
zAHT8=Tz#d^3k~{67BKDdyYQ%3<58#$orrkg%JwlncST%DALMZm0SM$)$4`94$5<f_
zGqs*Xg#B|c%fm&=c><N`G%$y?+nb{peC^(j8NR0;jnL^T@)Xfk7&J%qa}7pg5rcyp
zT$7k>ztq!9uh<H9`Y}~r4Asrh)~^wuo_D?$W>jn#52<k;*56h%wcc*hET}~Sx(S57
z+2M;rn`#Gy1TUbJGW*pns#nZGm;=?XM3RP6PDz0TioeETNP}JIMfV)`ZP{I`(P+y@
zRQt9VsXG-T%1<MTRIA#LpAs$_ANLOnBaD3;Kur+LOFa)ux(?mOy3J<ynKSeOv?=Lo
z0ZR~kF37i(4>amcKp~xPW+2NRs6GSH<9qSf^7qDX5#%1<*F=?$7|Goc<F7KE!6;@Q
z&&rDj<Mq;S`4|J^CH0#dGnfdtK?XHwcB6N<e+A@^d(Pr#^iK&}>ighF?yn480e9i^
zU`|KP+Ejw9|6URVzu661ithtB;r#V|<=9vhp?|oD-g=xxBx~bYIH@m!XIP#%(VR1w
zfqhspBXd5qLd!;tB@xQ!Lztd*lN<@XBp&?4Lw;}MI>1NP76jOZ&i)C^Cuwz7FLH=-
z3XCBiz7<VdC=v(Q+O-)OOG`@}I^b%;3E>>;zkh8EBt_H`|EQuwz2;WD4`7Rf2ACGw
zqo|pHefsf2fZ=(1dJd_dI6pz>j^>iPQa;_VLr2&6hT;o!GsPyuj#C6&LhCP$lnZl2
zMnW731K4p(8W0@6j}K1)XH~W~bbOC4Q)v~Ets0?$jLwvI^y@3RcIm-EixF~%VlwA6
z%dfdZLN+9G6TevxPPw;0;<OF|QX5#>+k~E>^6FLVicbERx<0IdRYr!a|H8{&d${o4
zf){4q+S)on4pr6U8D!h@6PcI$uBbfowe}y|Zb^Oi2?Cb-Sa-^BeVq$sSJo##$5@1E
z;Z|0L1dWHLyb&Cl;s`?HsnzM`7!~J3D_#1hw=q1%oOgNyeVp=-SsRy|L6P1&-#vsG
zTbu{y5IIt+8PvS{K|TitG(+R%OhlkVUBk=gIC$LUg)UksyEls|_IZ4&aWXcDapRKk
z-N(xY?>z6TQjGC2D0ky>T~7exRKR=#iQf=KAhOWzyEJApGl?U$qJ36(G@MhH69kR#
zPmK!W3Yd@EX3@V1LNgk?9EUz}oYT*KuFZ^KSH=~oaB2s+*N*Ntb=AYhv2X1Mk|5I3
z((_iYzO@1P!IczHlG-l6o1#Y-gDJv7ZiHk9Z!L&X&kLE|janU(5{zZUfiTo6)Z?|F
ziJ-feQsINQDN<zx6duvRWlfZjqT-#tOXe{NySqIF@Ql!_eHI`_me?o)qW_>4iMiAJ
zA26gkh={-hnKirRWL%Wd;7dN2bf;cS6~sg6K)hd-=>Gl0;ztN3-HAk)Q2{aHDy})M
z#f+T(PnyUnwjcl<^`p3S=_^RvC(Te+$BMGx>a1dn54D0oWv{z9WGZo0`eAN%wmVwC
z%~SBfpV$=1vT|YbI)Q_1z9A#jH|ZYgxE^3vAD~N14c^OtI%#OU8DyCXx(%Y3ra})Q
zhG;Uy<wv6WST=gAQi4NXSN2Aip+1g{$qs;ozzEm?3VUaHt9p#k{+F-bhlZ0$patI3
z!(%Y)1V;_297_z`H+OG(JKf+34CJNVkDR`thXf+dk;l||v=ZXt;(Q4#!{3*!;viuJ
z*0C>-2J+<kyIc~(!)tzfeD_n{b>dG&q&s$^tqDe<`wiN5-D4x)bd?T*lXy9!+3NxT
zmh8_Mo(|wKIL0RPm*$<`1Cs=7FW`s#(}{9jCn82S9+Dtres8_*xA3`gvx1PLEGza}
zucv3G4a;>-rT%G;kt%&nZjZuVA~XerNZ3sN4%{msZ99URr0i+L1Kx<EXu$3{P()pL
zC0b+<!yhG<&h6;>{018vTa7DC2ZXzK04=3ht7|9bL?XmbTG}Ttw+297-WwZwyu7?c
zE-R<OS1xXo20!1SOW0Ab=P*G@Az`dT9Z7On$1<qqz*#y?G*!q?&q&&j3{SGx!j=cr
zHIRI|!B96hw|mBw2s(i^ES$&q{(UiU^ew^XJv|%Kw=#A=oD1-OP`rAuhAHMO7)|6=
z1O(aJm#MnLe9hT!9y(v!QU1hBm<hcNqDLWsw`tuhawo2vHTyoR-EXioDYuLR5~kfK
z)`alX)NC7Tm!*SxW{v{9j2;ovQa7ux#ACx0_&=2FT_!|9&ic(JD*+>}*kr?$gC<Hi
z_w!#;2!4CLzyFe?%ahrZo5T6KV>+&2&XWKXWK!%AF?BrALgz2MMP={^cTuM%*=k_`
zvoXX8vV*3bc(4xx(U(gA7>>*4g*oqR0LNdD;cv*skA;h)>Iw?(&B%5Kjg=`x0P8kJ
zw3kXADZJwf9VLG0Z8(9nW%JjTxip(mY*Knhi`8%UdMUrD%6kE$TXKF5IsIId<F98p
z{-L8lP0Fo$M$E{$CZ;<&jed^hTXveDi#B*Oip+H@{t=Vv;|z-EP~^ElXA67z+2Y7v
zKK$H<Xlk8pz)ztOE84A@y4cx-5>Z9l;Q?G@(clTn_b+4--*OLP(yRDi1uD;diqBOE
zk3J}60<d%b2&tMnIyhk|H>;Q!j7!Png@SH2P2juUfB~^vyFzcPmP_w|6snkWTbQ}d
zpF{uVbv5eY@c5>?Lr2+-`3dQs&=K13Ts*3vAkdfawhe~3TGf@S7~`7&;f3%yeEwV^
z#m+ue=U8;*kT~P2q8B;s#p_@z0O&v~kMtT}r#}E0`KeXh&8JB-m}<Zq1NWd9L@76y
zl4zUOA<h0}pkTK%o%HAus5N_nzQ;eY<u%M0XVN;YF2>0BW@^Hec-<L&{6x*OGasj$
z7ImAq+Rx><msxP9DABlV2qR!f{oQ9r$fILD#!fRpACSIoIf;KYt6(RUjN6PIO##0m
zOt;VTC?A-g+4+#B`<ih+G7de1z8A33c?N^K%zM%3UO5aK`xPE2&Zh<(oZ@W8Me_D`
zPx-xsZYUCz2(=AXM)ZnDOH9hS(?LTi0x%17y_Br7BRNXhPY9pqC$*4LUjgUGBf75)
z@b`Ce0~Krq)sKeVJ!>9FI8Gh~0FhM2LB;dn-Zuxb+w>J2-HA<2O$9@d1VBInD9dV0
z#TY;F-wJqoDI;0CffS0K+MXCG7EhsXK`R-Awmde$gj~=pc@LSEmbUQCy1~Y$eP=W-
z7i7XxW1!4*Gg%v?5eznieA{=4!8bJ(cz6my!VdpNs8sLza&~nL6AoF~s9-xl66B&O
z^X1qm;_}|BUaqQjqRH(U**cUhy*aeOTQza_Ck(v<kb4{{eoE7L*DuWHlzz*biD#SQ
z53r9*1VA9rK(g>C*c*231I*&}vZY*I9HgQCf#K%?Gl9)-c|D*|=c^%9tp%M&te(yX
zgjm^ZHvZBpJ%V-7-^$DjUU;nSrublUWkv%j-I?(vuVXa0CA>?{fG~D^{6V^`j~a4e
z$(MF()wk4Kqw>X!VhS_4?=nbp&1&qQL5lnzf*}*OEp$DUfWbYTqB6EPq>JF;T4$Sd
zIneV0Zm_espP^y3@A|B>9}%;=eqifCTEV;0VWb4GcAH`>l`7Z9579uH)i_uWV>QEl
z)l}cdED2X)K%vRKS;fW0qA^5&Rt1@sF5XYiFMA;)oT~YYZi~_3VMv_S1?i9VO7)?z
zs}{F}j4ntju<<n)qh^z=52El8+DBgKc{m(w2E<h8L;f^=<O8{$7N7HV0BHK=bcl11
zHA^)+YS9K$mo6v-FBB@m8mIl2)}2ZpCnqJ@`ng1m8(z_l@kW=}+bcjPt9G9RlDTtD
z__Xx!(J`xESz=bR$jv~R?je^<pcazk<xg6yNDlho^5q~HV}r#*`P$k#9DC~l8odri
z9<L4+W7QOBl}AoCZzB|@rzO0ocR_svxW~Xv98^lZLay;gs0e7&hF>@NwC~t=<P_Kb
zb6~Z#l21eR^NweEdeyu*ZxH@VD>+<<k8jC1;r*q+U3!DlL`m$K7Fq~CQ*91Jr|lu4
z<rZeQ=E%1kq20t(&}CWp2C!{GH^SyxxcQZOOhQtcRAB?Ca2`HivEJcwQ$Rq*GynuU
z83P#<-xRTcrV<>_j6z9PJvatnkepFKQ!~5a_4`6CjJsI(nfyF((?jbCXWFa|)Uv^t
z!`X^^kMfgBf4u>sS-=Ul3mE{Fr0Jd16iK%~flHKhd|;yFUVY>ik0V?`kO8X5)S%@I
z?}DhP$hdF}rm4vjUf+Z-om2h?{Rh*@4a2rT*~;h^E0;{-%2?0qnV?-~;@{5%%?0ls
za6~L7^ksckUvs<R43XzNHnWXOO^KhUfmP8-lPwjj``7{2)#$&8JV*?<CY2ynT_rj(
z)lyG80SqAdTk8o9(Plh}+i7t8mMo(iR}4ToA*q3@SFf_)ABQE%{SIqZD4jE}M2eT_
z2NaO>?^;9{ej?W53`DJ(a(`9na9a5mvjEf~hj^c@MfV+x<8QGwObl5h2}u2lmum<l
zrTD_XUGM?G{!)L2(`8rY*Xc0Fr$eR_KSCV8JYlw6KPoo=ZQf^f#1t@%Az<e~x@nAJ
zafM89Yi3waMbDtkiyOE6gNni6Bd0`k#M0PYuzU4Eoyrw_c>nl96$Vj>^dT6(EO8k8
zWu6gh(@{lrsvFbLF*m)zy8v9J__TR28vShE%3sA`Hc+*}YZ0^vsGh>(j9UY1d??-Q
z&Gi1GR4<wi0KeO(V`IrNzYl1Lu=*Y3Kt9f6_h&(KfRB&ZZ>3BL&~tl`>G354%AyG1
zY}+41Rf=`W`I=bM<gaGHy`sRIJabbsrZ}?Zo9(B(o)vO{{m8={1$uML5CO%`HkVQs
zcEY|J64$OMewRNw6FFg9x=JBen<i%z1SUkRPG?0aE8pv!nd!TQpk-Ry*pS9xa)vp9
z?2DvLJqjSAa@E3sC}gay!pA_s!uBJvl%`0J7Ct(}3zg2!-dT7*7!m!dV#SNP7I1ZB
zl|ZmFaFwiyzu^&lqyq)FZ|>a-!AsRR%^r9|0FQZ-_row5^KR84^$p6J=0dCOpFR~@
z;?JwGPn{D8<*<~kHOis-cmpQiY)GhE{@7!W3WwP>$L`Dl>Mr*2rhW*Wuqze9hzj`$
zz^|{XybPQ_i8B;8-`ogBfYiEW9XPQ{g+%$bA-lOEw^D#tuUqoyb(X$g1k^%r>Y7Z>
z+^e{PC^D^T89$YvG~>Zj6w~SJ=hKtngj@l`+}~8iRe{jr0B*8%>iwF-KT<?vbE4lD
zuR+v@MR1&YGhv$u0*RE3Nv{K99vD8_`<=Mv(on1b5GS*^x!}P+j)30G)vZOLMqk2<
z-wvJN%xXOcUYNmn%j1Kr>enzj`-S@&x;q43XoRlDyJPK>U<$b^h2#340Ja4dbPX{J
z@Tm(OX_<0xrC^imH*PO>$0H#JrtfQb^fWFAJ_?v02mAxj9#nSx{I$1F4<Fa4<gQ8A
zTO1gf&A4F&lCv9SIXOA(9t!$pBIm&yg$^^H$z&F)kpz*s3_3UNQx{R--8*b9rhIa;
z(o`ji+wGL9+FVl+|B=@tIJ~2fX@(Z5&LGR;qU&T6ZauiAWt47(MO@Xy+qL(lN=MZK
zCb^2&bX0sq6L48%EO}j_8%=HE+}rKF@#Nac8;5=q6n%LucG5v&@L@B~c@82eW%Mc}
zE@J5~Cw=#odvPO4A_m$LM?^np-rYQ+cP{GTOEK-#rdMV;gXh{#=$*O0@Rw|B+nuCj
zhDXx;Yw>5TXSjGX2h2)p;F)u?v<Wz|6*fnbZ?2kap?Np@j`Uv@cUq1Ou%UBWvfL(@
z2)?)xev&&Lk}S5pK7GrzJ;>_6rr<NZR^#;c`ULjcVKG+4jrkQ*qqQgFf!6~fJC+qJ
zFX<x2uN+NmR8rjfJ}rf3?5u6)5h`ptyair1?6vXc5n``~FIO-Fthe3sBUkYzc3+<S
zI^ofgE`_hpUs~#=PJ|?rs%S%?wJgo6T|j2<iHAV$8(k)W*{7<MW^w7N;^T+3hcGxA
zE$B6Pcsaka^5&^irzi|o{<>pd`WopkhHkBmmN7P?8upRaZ+40cGU6+E1bvCLK6f4s
z8v~lo+foIx(spGBY%N3ixXjl*Y|luln`_-tB%97PSEa3RC13xH#CI^{{>GMH0jGT=
zk42yl!)dz3wcVFV+ZDwRRlq|?J$a{>=&bVbn&nL*LMG=i!5NRI#gaEDn}p~9kFFlm
zjgQ%{_mt%9>SlbqE*4~_<&F!JsVpt!{g(sA@5s<zzk)`jOJE;&o0?M0EW@2cnVmM2
zp)R1!|5|B1iRD=mZN18*c4ALaeoAoPyr0x)z4QH>##a7P{&gpkTu9xt_%dq34i&qC
z6a0f>Ed2LISmb&5V5DZ{moQaJS-$}^TC0JI)c<3<%+$-X&!?_w+2_Akp2%trd1+eb
zWMtg5<>cgiBwjg*D~i{B^Sh1L_9k611&x-LQ)GCLrb#)cq@)^Pos6g?Lh7M*LaJ*W
zAx;uZu&Ioul*$TlGn28d9G~RBmy_|{TDwbu>kWr5*6%(U89mwALR(8<BK8LR6gwJy
z@LMxP%M`j2qr#B%J$AJP2p6p4$8u});V)QbT4o$p(CF@9hu-hL%ahD`TB59OM(EdE
zUy`ArakU&DG$U|HHy~hQ>*PiGYdnk|1>`w(G|Y>j?QYK8xhO8qsMjq(tH)g4F3Pz{
zuf<fl%`^@z<8XA(&%e$i&vlqF_gk1Qe$jeY!{NPdZL|QyhmZ24-b|^0zRAgyk+Ct<
z48a>{^fnO4nM*wFp?uJ-jjJ(sU%#Omz1LcJW`w}xtja|S*)R0-QdNe69MLL}K&o5V
z-);eihtg>k#0TXL@pelkIvGUYs=g3$J@?HE@W5@a;BbmidQ2(o-D8go*t;87)lUw5
z*SmVtX<<X2w*PTxnLSKdhrR`l!2q?gxGYG0%vsOeJdRz+%CRnVr1NXu6Jq6}t5W&;
zlysQ#mRU$Zx|Cd1ZPpbI3vUYF*uFJcS6}1Guv>aEbFX}^hEf7IGCHzT-aoV`G)cgc
z(VF*W4B-O}qDqZ{s~F?|Ufd1Fn1^inNmj+Z`>9yDOPaIR?Y$GO3<S9I0l~Awgi*^{
z4|#VxJG*=<aRJPleD==7xEN*$-6PW5T$R84<xu1!?3}^|tz_obZvn(+rL@fs?(_)d
zD|8yE@A&{%raOZEx{^pN6=|~dOi794x;j7`^YZ+Zbu>Y-xU{sZVeXdDZhuOKSN}EN
zpb|8?ccDk5v#tf9My+1e3fTC2{@%<*<}E)fr0tSr8?oSxa#_>P)060nNsx(c(T=6Y
zVo~9+_h!!i%~{n7Xxy&hOr3jK<F{=6+qGAvv39vz1_Sa_dF$c$G3liY8LSp^XJweb
z&LUJ*v8iLdsHCtH!9&+@OYsa?na!u$+J`USqV>MYBk))uNPOjf>(c$*J4JEg_-IaX
z-`+BJa~M2-HrU*a(#4g$9SK{U-p0-?&P%ymQzWh;LJUkdmvooiqi;bn6&Oi6F*IU0
zkG5q<NNR|QWsnW3EMO1D^Tw+`?ZNTW1C7fZG7Dem;*9Z}DF%&}Q$>F}Ipl%T%|Pbv
zvCtic!emxAREDb1f;s9@oiY5dv_~r85GZ%(e%E!&#(gdrky^}eM;+-(_FQE3d|w}v
z2VOS1m}a+Mp}rge<%sX!ZH}Bf$;%BaOG5~?CRvOynfBOXd2TMqwSeoz()yHpXWtm}
zno|9j=^;kq>7~zvNGz5E7AT{M5^-nFTn_SPQSfK33;q`~@Q-ngjZT7k(kzvF_?0|t
zSBTN=$hsssV$qQQ79?4kSi~|$r`EA96{>UhC<YOe88}?SRwXg7qT<53%L*e2(&~5F
zcrqh!xKxIu$)Ep5S%=ZV<~gK<s6F?a^Mg7OBZa_fnOX}UA5!v7AG4MlUwMXdD%D$j
zmx^STdtXhw%c|%b$8-5!8zsNG%G&ci-LL=P->)=cYJw1cC`VnDYGT3<T{S7~?#*Oe
zhu)m;pST!0T`*kkK6esb+E>k4rsb8Qxm&S?GZBA$d#YkFbZ>sz#bNplcY?yruiNup
zBe9|B%2y^38*k6)YZ!PL2p;EJb|cak%e^KA_!HEOnEu^UeyuJZeLm9mBZX%sY<9(p
z*2hFSU>gKq=k?GpS-tgMz8E@YU4LH@Y5O6&EnsU!+pl#xsQlZ5jR<AcX!&nn<Tppe
zEz7n`!6}-u=h^<;8rsRvT-tCM#`vwLh)MRKu*j5@UstO7q}p~p*~)PQarp8ATcph-
z2euw^;=BlA3Qr=ANyFsu)l!xgF?5WsPa|TwK4!5P9wH9ilqSbr^aE!gQwQAFenx@8
z<m)H8NM23UqTF2b0vF7E%9WOzpTDQbGUwQlMvJPFvk1i#lw8^BXLoIaP_?W|J8!ix
zgnpg!1V};V%`2JIPiOM5=CjLLQ>^{qwxh^Aejic#b?AMT)T3)y*b4Jy1tvy-z#J>j
z)I0u&uZyMiMSO;%`jUc-l4hca5az$Fzh9m`iuCyueBcIa0)3F$F~GTugZ35IfsAdQ
z^fDUC9rgxlVi8y49BI=fBqU^DYMQ(x0q+{JlOgU$dd^o*Y2t}ZK{_HC5;CVaI}|ze
zJ72V)N@h-bQ9}9CGXiu6=4>tdI58HrqxA@taA$Xnjd4rhXkBG+TZI1oO5W!UPNY?>
zX3A(9rN&yl8Dl?}+QSD+#W|1WX5WvU1bYs%Oka{%-sI2h=g_5@T}qv8A}{l$Wl#nb
zP)ic1bsO9&?w^C{GaHsi7oPRE3F*f^)?aA}cT>8ha)h-X?+hEr?J4hiEoaY8%xfTc
z2#=Ns_@1?-tQIHJ?sj|_k1m1DB~>vfQwPzLzVy)fV&n3DNdq@0>2^$;315bxe8&qA
zv$Umh&!s`OmpPuL^f~ssGnmiP%bcCo>e-x4e5A<xTU`b>cQ>uahGv@s?FzWU?NVI>
z;p<HWp8LzXT~t!rd`ikBRz<Y>xYg`q%`xS-&!k^CV1P5MRazF1)*1+yYra*E!_@@9
zE{&G<l!wx8D~4{FO#Xhpr+GF-5=i9p2VYUb5|xHOfBtN*?Uk~<RcS}*Hl6FOF({~^
zxb!z;1$`1i=)y!D_1YQVDZ_Ju_n2nR&DhT*a}8wEX5!qg3agSCwZ-Z|ePMNI=esMZ
zKC|2kQlcC5QQ7}Q8&6nYC^N5MeA0S@c+kM&N4LJn%g%li771JP-U*2On_djALwVEA
zR?u*Q+jsJ_;qp0O)BSJA64R-Gcfdv5wDILi2lTB43deb$MiHps@vxI~j^Wo~o85c^
z6O%8$%H=mU!mO-noBGCA`q#vKwL~bhejrA$pYs?~ux!*(r|zt$>*c5|tiUt+IPr2U
z5-n^t9cw9eJtnpkA)&gx28`2`;*{;e%dd_uF1=L)*w2oSt7-&Hbh|gWUf2^RYh<YP
z$B1_lT#bwk7gTK2;G5r2z#&s+{=!(_?|VNo%F>H3mu_-h9>`%)g20)>0?C2fr44y;
zo1~d6u(lV(8`r($R!0A=OZ3aTnpFQScpSvULMAU&=#i#u$TtAt3KeLDrY5*V3rnT!
zH@`!K%ugNRFgK@|&0rpA2Z8H_AG-F9gy+Oe`&1S+G-%qCm`_cU3PLEKqI^mR(m6YF
zP{OCK-u&g4-|rsG2yk{)X|?wmnYJL>UZx~g+7s}uYA)FH!5lT)Jr<QX$nO3=ifC+_
zIx;>|Z7PXn>w%e0<h^y7Bh>ae7HDa-Hu~g6ml8P+?6bMa+>G6S-sUenznHs7$na>%
z5pGE2_;M#hD7f-aRKAWH%AjRfD!(%|CG{q0sVs_@>9vt;qnK>f9Jn;cpd<bAg8tik
z_&(_CA>5fbVd98rdQ$F%v-_K*I&XI|^DG9PYQHO%69)nD$zxP|60@OxCGlbd^Y6Lk
zWF>{MnY{llBVPOT_P}%)YX90Zrz7^1EfakZ&ibLMZ~>(VBR&KefjB;1J#lru&NoV1
zTlv4;T<?!&{JE6b(AY>F!QuS;E}DZ(2sS>$``_=~5Gne;{zLnkV&M-gNQay<Hy@<!
zeOGO1laGl*Ti4Aqgw3OWVCuSFM>s-}wsnI!jSXjO;}hW%TP_oxKYqjf3Y-H1B~N>?
zT8h>E_RPt-aycUi60ki{x%h+R(dTwh$=~`Ew;cyj=kh4Lv2=9&?PSVjpHEp(B!5O)
zW}c>rx0kAUX7}tAE@Ny)_5YU7*!q}_x@r5^^$2TO7wk1xT!xWRKy%g==dqUAnY_Wn
z;1{=IS&6Z&EDG0}gLb>K+cZ7rLTA7mc1<`=4__Od{^{Gizto4^B&+0LFehjKKKSLi
zY35@;R0Zzr|0!@hjH{h%k-|h>iscGFrR_uVov~!Gyl+w`8woQ*7GzpJyiCDp{lKVv
ztHnO^AFX4s@b^a(e%Qg=$v^DYFWrzI=&$$rexO4>xq0jdg{XMwPv8Iazwi5(U+jKZ
o=`Yvf{{Nr)_gVS>+(70DP0AlpI+_KG2cL$j>f9|;e)#nN0rilzWB>pF

literal 0
HcmV?d00001


From 6929c680c4d99ab4a0700ea8a33e13fc49ca817d Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Tue, 20 May 2025 16:14:30 +0200
Subject: [PATCH 059/123] docs: specify deprecations (#9915)

# Which Problems Are Solved

We have no standard way of deprecating API methods.

# How the Problems Are Solved

The API_DESIGN.md contains a section that describes how to deprecate
APIs.
Most importantly, deprecated APIs should link to replacement APIs for
good UX.

# Additional Context

- [x] Discussed with @stebenz during review of
https://github.com/zitadel/zitadel/pull/9743#discussion_r2081736144
- [ ] Inform backend engineers when this is merged.

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 API_DESIGN.md | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/API_DESIGN.md b/API_DESIGN.md
index ac7c4a01e0..9e77657ab0 100644
--- a/API_DESIGN.md
+++ b/API_DESIGN.md
@@ -48,6 +48,52 @@ When creating a new service, start with version `2`, as version `1` is reserved
 
 Please check out the structure Buf style guide for more information about the folder and package structure: https://buf.build/docs/best-practices/style-guide/
 
+### Deprecations
+
+As a rule of thumb, redundant API methods are deprecated.
+
+- The proto option `grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation.deprecated` MUST be set to true.
+- One or more links to recommended replacement methods MUST be added to the deprecation message as a proto comment above the rpc spec.
+- Guidance for switching to the recommended methods for common use cases SHOULD be added as a proto comment above the rpc spec.
+
+#### Example
+
+```protobuf
+// Delete the user phone
+//
+// Deprecated: [Update the user's phone field](apis/resources/user_service_v2/user-service-update-user.api.mdx) to remove the phone number.
+//
+// Delete the phone number of a user.
+rpc RemovePhone(RemovePhoneRequest) returns (RemovePhoneResponse) {
+  option (google.api.http) = {
+    delete: "/v2/users/{user_id}/phone"
+    body: "*"
+  };
+
+  option (zitadel.protoc_gen_zitadel.v2.options) = {
+    auth_option: {
+      permission: "authenticated"
+    }
+  };
+
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+    deprecated: true;
+    responses: {
+      key: "200"
+      value: {
+        description: "OK";
+      }
+    };
+    responses: {
+      key: "404";
+      value: {
+        description: "User ID does not exist.";
+      }
+    }
+  };
+}
+```
+
 ### Explicitness
 
 Make the handling of the API as explicit as possible. Do not make assumptions about the client's knowledge of the system or the API. 

From a73acbcfc304b49642b3cf35cda0acb020cbc4f4 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Tue, 20 May 2025 19:18:32 +0200
Subject: [PATCH 060/123] fix(login): render error properly when auto creation
 fails (#9871)

# Which Problems Are Solved

If an IdP has the `automatic creation` option enabled without the
`account creation allowed (manually)` and does not provide all the
information required (given name, family name, ...) the wrong error
message was presented to the user.

# How the Problems Are Solved

Prevent overwrite of the error when rendering the error in the
`renderExternalNotFoundOption` function.

# Additional Changes

none

# Additional Context

- closes #9766
- requires backport to 2.x and 3.x

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
---
 .../api/ui/login/external_provider_handler.go | 24 +++++++++++--------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/internal/api/ui/login/external_provider_handler.go b/internal/api/ui/login/external_provider_handler.go
index d198978f1a..bd7ba7cd58 100644
--- a/internal/api/ui/login/external_provider_handler.go
+++ b/internal/api/ui/login/external_provider_handler.go
@@ -639,9 +639,10 @@ func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Requ
 	}
 	resourceOwner := determineResourceOwner(r.Context(), authReq)
 	if orgIAMPolicy == nil {
-		orgIAMPolicy, err = l.getOrgDomainPolicy(r, resourceOwner)
-		if err != nil {
-			l.renderError(w, r, authReq, err)
+		var policyErr error
+		orgIAMPolicy, policyErr = l.getOrgDomainPolicy(r, resourceOwner)
+		if policyErr != nil {
+			l.renderError(w, r, authReq, policyErr)
 			return
 		}
 	}
@@ -652,19 +653,22 @@ func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Requ
 		human, idpLink, _ = mapExternalUserToLoginUser(linkingUser, orgIAMPolicy.UserLoginMustBeDomain)
 	}
 
-	labelPolicy, err := l.getLabelPolicy(r, resourceOwner)
-	if err != nil {
-		l.renderError(w, r, authReq, err)
+	labelPolicy, policyErr := l.getLabelPolicy(r, resourceOwner)
+	if policyErr != nil {
+		l.renderError(w, r, authReq, policyErr)
 		return
 	}
 
-	idpTemplate, err := l.getIDPByID(r, idpLink.IDPConfigID)
-	if err != nil {
-		l.renderError(w, r, authReq, err)
+	idpTemplate, idpErr := l.getIDPByID(r, idpLink.IDPConfigID)
+	if idpErr != nil {
+		l.renderError(w, r, authReq, idpErr)
 		return
 	}
 	if !idpTemplate.IsCreationAllowed && !idpTemplate.IsLinkingAllowed {
-		l.renderError(w, r, authReq, zerrors.ThrowPreconditionFailed(nil, "LOGIN-3kl44", "Errors.User.ExternalIDP.NoOptionAllowed"))
+		if err == nil {
+			err = zerrors.ThrowPreconditionFailed(nil, "LOGIN-3kl44", "Errors.User.ExternalIDP.NoOptionAllowed")
+		}
+		l.renderError(w, r, authReq, err)
 		return
 	}
 

From 490e4bd623c4c87cb8dd683d500a0bcb795f7da6 Mon Sep 17 00:00:00 2001
From: "Marco A." <kwbmm1990@gmail.com>
Date: Wed, 21 May 2025 10:50:44 +0200
Subject: [PATCH 061/123] feat: instance requests implementation for resource
 API (#9830)

<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->

# Which Problems Are Solved

These changes introduce resource-based API endpoints for managing
instances and custom domains.

There are 4 types of changes:

- Endpoint implementation: consisting of the protobuf interface and the
implementation of the endpoint. E.g:
606439a17227b629c1d018842dc3f1c569e4627a
- (Integration) Tests: testing the implemented endpoint. E.g:
cdfe1f0372b30cb74e34f0f23c6ada776e4477e9
- Fixes: Bugs found during development that are being fixed. E.g:
acbbeedd3259b785948c1d702eb98f5810b3e60a
- Miscellaneous: code needed to put everything together or that doesn't
fit any of the above categories. E.g:
529df92abce1ffd69c0b3214bd835be404fd0de0 or
6802cb5468fbe24664ae6639fd3a40679222a2fd

# How the Problems Are Solved

_Ticked checkboxes indicate that the functionality is complete_

- [x] Instance
  - [x] Create endpoint
  - [x] Create endpoint tests
  - [x] Update endpoint
  - [x] Update endpoint tests
  - [x] Get endpoint
  - [x] Get endpoint tests
  - [x] Delete endpoint
  - [x] Delete endpoint tests
- [x] Custom Domains
  - [x] Add custom domain
  - [x] Add custom domain tests
  - [x] Remove custom domain
  - [x] Remove custom domain tests
  - [x] List custom domains
  - [x] List custom domains tests
- [x] Trusted Domains
  - [x] Add trusted domain
  - [x] Add trusted domain tests
  - [x] Remove trusted domain
  - [x] Remove trusted domain tests
  - [x] List trusted domains
  - [x] List trusted domains tests

# Additional Changes

When looking for instances (through the `ListInstances` endpoint)
matching a given query, if you ask for the results to be order by a
specific column, the query will fail due to a syntax error. This is
fixed in acbbeedd3259b785948c1d702eb98f5810b3e60a . Further explanation
can be found in the commit message

# Additional Context

- Relates to #9452
- CreateInstance has been excluded:
https://github.com/zitadel/zitadel/issues/9930
- Permission checks / instance retrieval (middleware) needs to be
changed to allow context based permission checks
(https://github.com/zitadel/zitadel/issues/9929), required for
ListInstances

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 cmd/start/start.go                            |   4 +
 docs/README.md                                |   2 +
 docs/docusaurus.config.js                     |   8 +
 docs/sidebars.js                              |  19 +
 .../api/grpc/instance/v2beta/converter.go     | 246 +++++++
 .../grpc/instance/v2beta/converter_test.go    | 390 +++++++++++
 internal/api/grpc/instance/v2beta/domain.go   |  50 ++
 internal/api/grpc/instance/v2beta/instance.go |  32 +
 .../v2beta/integration_test/domain_test.go    | 350 ++++++++++
 .../v2beta/integration_test/instance_test.go  | 162 +++++
 .../v2beta/integration_test/query_test.go     | 369 ++++++++++
 internal/api/grpc/instance/v2beta/query.go    |  70 ++
 internal/api/grpc/instance/v2beta/server.go   |  60 ++
 internal/command/instance.go                  |  10 +-
 internal/command/instance_test.go             |  28 +-
 internal/command/instance_trusted_domain.go   |   8 +
 .../command/instance_trusted_domain_test.go   |  39 ++
 internal/integration/client.go                |   7 +
 internal/query/instance.go                    |  27 +-
 internal/query/instance_test.go               |  11 +-
 proto/zitadel/admin.proto                     |  16 +-
 proto/zitadel/instance/v2beta/instance.proto  | 192 ++++++
 .../instance/v2beta/instance_service.proto    | 648 ++++++++++++++++++
 proto/zitadel/system.proto                    |  54 +-
 24 files changed, 2781 insertions(+), 21 deletions(-)
 create mode 100644 internal/api/grpc/instance/v2beta/converter.go
 create mode 100644 internal/api/grpc/instance/v2beta/converter_test.go
 create mode 100644 internal/api/grpc/instance/v2beta/domain.go
 create mode 100644 internal/api/grpc/instance/v2beta/instance.go
 create mode 100644 internal/api/grpc/instance/v2beta/integration_test/domain_test.go
 create mode 100644 internal/api/grpc/instance/v2beta/integration_test/instance_test.go
 create mode 100644 internal/api/grpc/instance/v2beta/integration_test/query_test.go
 create mode 100644 internal/api/grpc/instance/v2beta/query.go
 create mode 100644 internal/api/grpc/instance/v2beta/server.go
 create mode 100644 proto/zitadel/instance/v2beta/instance.proto
 create mode 100644 proto/zitadel/instance/v2beta/instance_service.proto

diff --git a/cmd/start/start.go b/cmd/start/start.go
index 52d9c6fba8..6f04e8ee82 100644
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -40,6 +40,7 @@ import (
 	feature_v2 "github.com/zitadel/zitadel/internal/api/grpc/feature/v2"
 	feature_v2beta "github.com/zitadel/zitadel/internal/api/grpc/feature/v2beta"
 	idp_v2 "github.com/zitadel/zitadel/internal/api/grpc/idp/v2"
+	instance "github.com/zitadel/zitadel/internal/api/grpc/instance/v2beta"
 	"github.com/zitadel/zitadel/internal/api/grpc/management"
 	oidc_v2 "github.com/zitadel/zitadel/internal/api/grpc/oidc/v2"
 	oidc_v2beta "github.com/zitadel/zitadel/internal/api/grpc/oidc/v2beta"
@@ -442,6 +443,9 @@ func startAPIs(
 	if err := apis.RegisterServer(ctx, system.CreateServer(commands, queries, config.Database.DatabaseName(), config.DefaultInstance, config.ExternalDomain), tlsConfig); err != nil {
 		return nil, err
 	}
+	if err := apis.RegisterService(ctx, instance.CreateServer(commands, queries, config.Database.DatabaseName(), config.DefaultInstance, config.ExternalDomain)); err != nil {
+		return nil, err
+	}
 	if err := apis.RegisterServer(ctx, admin.CreateServer(config.Database.DatabaseName(), commands, queries, keys.User, config.AuditLogRetention), tlsConfig); err != nil {
 		return nil, err
 	}
diff --git a/docs/README.md b/docs/README.md
index 92d3f8f279..34803a3629 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -6,6 +6,8 @@ This website is built using [Docusaurus 2](https://v2.docusaurus.io/), a modern
 
 To add a new site to the already existing structure simply save the `md` file into the corresponding folder and append the sites id int the file `sidebars.js`.
 
+If you are introducing new APIs (gRPC), you need to add a new entry to `docusaurus.config.js` under the `plugins` section.
+
 ## Installation
 
 Install dependencies with
diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
index 1f45a017ac..6a4429cffe 100644
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -364,6 +364,14 @@ module.exports = {
               categoryLinkSource: "auto",
             },
           },
+          instance_v2: {
+            specPath: ".artifacts/openapi/zitadel/instance/v2beta/instance_service.swagger.json",
+            outputDir: "docs/apis/resources/instance_service_v2",
+            sidebarOptions: {
+              groupPathsBy: "tag",
+              categoryLinkSource: "auto",
+            },
+          },
         },
       },
     ],
diff --git a/docs/sidebars.js b/docs/sidebars.js
index 92c7a00b2d..b7dc3fd8b8 100644
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -13,6 +13,7 @@ const sidebar_api_org_service_v2 = require("./docs/apis/resources/org_service_v2
 const sidebar_api_idp_service_v2 = require("./docs/apis/resources/idp_service_v2/sidebar.ts").default
 const sidebar_api_actions_v2 = require("./docs/apis/resources/action_service_v2/sidebar.ts").default
 const sidebar_api_webkey_service_v2 = require("./docs/apis/resources/webkey_service_v2/sidebar.ts").default
+const sidebar_api_instance_service_v2 = require("./docs/apis/resources/instance_service_v2/sidebar.ts").default
 
 module.exports = {
   guides: [
@@ -840,6 +841,24 @@ module.exports = {
               },
               items: sidebar_api_actions_v2,
             },
+            {
+              type: "category",
+              label: "Instance (Beta)",
+              link: {
+                type: "generated-index",
+                title: "Instance Service API (Beta)",
+                slug: "/apis/resources/instance_service_v2",
+                description:
+                    "This API is intended to manage instances, custom domains and trusted domains in ZITADEL.\n" +
+                    "\n" +
+                    "This service is in beta state. It can AND will continue breaking until a stable version is released.\n"+
+                    "\n" +
+                    "This v2 of the API provides the same functionalities as the v1, but organised on a per resource basis.\n" +
+                    "The whole functionality related to domains (custom and trusted) has been moved under this instance API."
+                    ,
+              },
+              items: sidebar_api_instance_service_v2,
+            },
           ],
         },
         {
diff --git a/internal/api/grpc/instance/v2beta/converter.go b/internal/api/grpc/instance/v2beta/converter.go
new file mode 100644
index 0000000000..8bff682606
--- /dev/null
+++ b/internal/api/grpc/instance/v2beta/converter.go
@@ -0,0 +1,246 @@
+package instance
+
+import (
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/cmd/build"
+	filter "github.com/zitadel/zitadel/internal/api/grpc/filter/v2beta"
+	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
+	"github.com/zitadel/zitadel/internal/config/systemdefaults"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
+)
+
+func InstancesToPb(instances []*query.Instance) []*instance.Instance {
+	list := []*instance.Instance{}
+	for _, instance := range instances {
+		list = append(list, ToProtoObject(instance))
+	}
+	return list
+}
+
+func ToProtoObject(inst *query.Instance) *instance.Instance {
+	return &instance.Instance{
+		Id:           inst.ID,
+		Name:         inst.Name,
+		Domains:      DomainsToPb(inst.Domains),
+		Version:      build.Version(),
+		ChangeDate:   timestamppb.New(inst.ChangeDate),
+		CreationDate: timestamppb.New(inst.CreationDate),
+	}
+}
+
+func DomainsToPb(domains []*query.InstanceDomain) []*instance.Domain {
+	d := []*instance.Domain{}
+	for _, dm := range domains {
+		pbDomain := DomainToPb(dm)
+		d = append(d, pbDomain)
+	}
+	return d
+}
+
+func DomainToPb(d *query.InstanceDomain) *instance.Domain {
+	return &instance.Domain{
+		Domain:       d.Domain,
+		Primary:      d.IsPrimary,
+		Generated:    d.IsGenerated,
+		InstanceId:   d.InstanceID,
+		CreationDate: timestamppb.New(d.CreationDate),
+	}
+}
+
+func ListInstancesRequestToModel(req *instance.ListInstancesRequest, sysDefaults systemdefaults.SystemDefaults) (*query.InstanceSearchQueries, error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(sysDefaults, req.GetPagination())
+	if err != nil {
+		return nil, err
+	}
+
+	queries, err := instanceQueriesToModel(req.GetQueries())
+	if err != nil {
+		return nil, err
+	}
+
+	return &query.InstanceSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset:        offset,
+			Limit:         limit,
+			Asc:           asc,
+			SortingColumn: fieldNameToInstanceColumn(req.GetSortingColumn()),
+		},
+		Queries: queries,
+	}, nil
+
+}
+
+func fieldNameToInstanceColumn(fieldName instance.FieldName) query.Column {
+	switch fieldName {
+	case instance.FieldName_FIELD_NAME_ID:
+		return query.InstanceColumnID
+	case instance.FieldName_FIELD_NAME_NAME:
+		return query.InstanceColumnName
+	case instance.FieldName_FIELD_NAME_CREATION_DATE:
+		return query.InstanceColumnCreationDate
+	case instance.FieldName_FIELD_NAME_UNSPECIFIED:
+		fallthrough
+	default:
+		return query.Column{}
+	}
+}
+
+func instanceQueriesToModel(queries []*instance.Query) (_ []query.SearchQuery, err error) {
+	q := []query.SearchQuery{}
+	for _, query := range queries {
+		model, err := instanceQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+		q = append(q, model)
+	}
+	return q, nil
+}
+
+func instanceQueryToModel(searchQuery *instance.Query) (query.SearchQuery, error) {
+	switch q := searchQuery.GetQuery().(type) {
+	case *instance.Query_IdQuery:
+		return query.NewInstanceIDsListSearchQuery(q.IdQuery.GetIds()...)
+	case *instance.Query_DomainQuery:
+		return query.NewInstanceDomainsListSearchQuery(q.DomainQuery.GetDomains()...)
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "INST-3m0se", "List.Query.Invalid")
+	}
+}
+
+func ListCustomDomainsRequestToModel(req *instance.ListCustomDomainsRequest, defaults systemdefaults.SystemDefaults) (*query.InstanceDomainSearchQueries, error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(defaults, req.GetPagination())
+	if err != nil {
+		return nil, err
+	}
+
+	queries, err := domainQueriesToModel(req.GetQueries())
+	if err != nil {
+		return nil, err
+	}
+
+	return &query.InstanceDomainSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset:        offset,
+			Limit:         limit,
+			Asc:           asc,
+			SortingColumn: fieldNameToInstanceDomainColumn(req.GetSortingColumn()),
+		},
+		Queries: queries,
+	}, nil
+}
+
+func fieldNameToInstanceDomainColumn(fieldName instance.DomainFieldName) query.Column {
+	switch fieldName {
+	case instance.DomainFieldName_DOMAIN_FIELD_NAME_DOMAIN:
+		return query.InstanceDomainDomainCol
+	case instance.DomainFieldName_DOMAIN_FIELD_NAME_GENERATED:
+		return query.InstanceDomainIsGeneratedCol
+	case instance.DomainFieldName_DOMAIN_FIELD_NAME_PRIMARY:
+		return query.InstanceDomainIsPrimaryCol
+	case instance.DomainFieldName_DOMAIN_FIELD_NAME_CREATION_DATE:
+		return query.InstanceDomainCreationDateCol
+	case instance.DomainFieldName_DOMAIN_FIELD_NAME_UNSPECIFIED:
+		fallthrough
+	default:
+		return query.Column{}
+	}
+}
+
+func domainQueriesToModel(queries []*instance.DomainSearchQuery) (_ []query.SearchQuery, err error) {
+	q := make([]query.SearchQuery, len(queries))
+	for i, query := range queries {
+		q[i], err = domainQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func domainQueryToModel(searchQuery *instance.DomainSearchQuery) (query.SearchQuery, error) {
+	switch q := searchQuery.GetQuery().(type) {
+	case *instance.DomainSearchQuery_DomainQuery:
+		return query.NewInstanceDomainDomainSearchQuery(object.TextMethodToQuery(q.DomainQuery.GetMethod()), q.DomainQuery.GetDomain())
+	case *instance.DomainSearchQuery_GeneratedQuery:
+		return query.NewInstanceDomainGeneratedSearchQuery(q.GeneratedQuery.GetGenerated())
+	case *instance.DomainSearchQuery_PrimaryQuery:
+		return query.NewInstanceDomainPrimarySearchQuery(q.PrimaryQuery.GetPrimary())
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "INST-Ags42", "List.Query.Invalid")
+	}
+}
+
+func ListTrustedDomainsRequestToModel(req *instance.ListTrustedDomainsRequest, defaults systemdefaults.SystemDefaults) (*query.InstanceTrustedDomainSearchQueries, error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(defaults, req.GetPagination())
+	if err != nil {
+		return nil, err
+	}
+
+	queries, err := trustedDomainQueriesToModel(req.GetQueries())
+	if err != nil {
+		return nil, err
+	}
+
+	return &query.InstanceTrustedDomainSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset:        offset,
+			Limit:         limit,
+			Asc:           asc,
+			SortingColumn: fieldNameToInstanceTrustedDomainColumn(req.GetSortingColumn()),
+		},
+		Queries: queries,
+	}, nil
+}
+
+func trustedDomainQueriesToModel(queries []*instance.TrustedDomainSearchQuery) (_ []query.SearchQuery, err error) {
+	q := make([]query.SearchQuery, len(queries))
+	for i, query := range queries {
+		q[i], err = trustedDomainQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func trustedDomainQueryToModel(searchQuery *instance.TrustedDomainSearchQuery) (query.SearchQuery, error) {
+	switch q := searchQuery.GetQuery().(type) {
+	case *instance.TrustedDomainSearchQuery_DomainQuery:
+		return query.NewInstanceTrustedDomainDomainSearchQuery(object.TextMethodToQuery(q.DomainQuery.GetMethod()), q.DomainQuery.GetDomain())
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "INST-Ags42", "List.Query.Invalid")
+	}
+}
+
+func trustedDomainsToPb(domains []*query.InstanceTrustedDomain) []*instance.TrustedDomain {
+	d := make([]*instance.TrustedDomain, len(domains))
+	for i, domain := range domains {
+		d[i] = trustedDomainToPb(domain)
+	}
+	return d
+}
+
+func trustedDomainToPb(d *query.InstanceTrustedDomain) *instance.TrustedDomain {
+	return &instance.TrustedDomain{
+		Domain:       d.Domain,
+		InstanceId:   d.InstanceID,
+		CreationDate: timestamppb.New(d.CreationDate),
+	}
+}
+
+func fieldNameToInstanceTrustedDomainColumn(fieldName instance.TrustedDomainFieldName) query.Column {
+	switch fieldName {
+	case instance.TrustedDomainFieldName_TRUSTED_DOMAIN_FIELD_NAME_DOMAIN:
+		return query.InstanceTrustedDomainDomainCol
+	case instance.TrustedDomainFieldName_TRUSTED_DOMAIN_FIELD_NAME_CREATION_DATE:
+		return query.InstanceTrustedDomainCreationDateCol
+	case instance.TrustedDomainFieldName_TRUSTED_DOMAIN_FIELD_NAME_UNSPECIFIED:
+		fallthrough
+	default:
+		return query.Column{}
+	}
+}
diff --git a/internal/api/grpc/instance/v2beta/converter_test.go b/internal/api/grpc/instance/v2beta/converter_test.go
new file mode 100644
index 0000000000..150678010c
--- /dev/null
+++ b/internal/api/grpc/instance/v2beta/converter_test.go
@@ -0,0 +1,390 @@
+package instance
+
+import (
+	"errors"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/cmd/build"
+	"github.com/zitadel/zitadel/internal/config/systemdefaults"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	filter "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta"
+	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+)
+
+func Test_InstancesToPb(t *testing.T) {
+	instances := []*query.Instance{
+		{
+			ID:   "instance1",
+			Name: "Instance One",
+			Domains: []*query.InstanceDomain{
+				{
+					Domain:       "example.com",
+					IsPrimary:    true,
+					IsGenerated:  false,
+					Sequence:     1,
+					CreationDate: time.Unix(123, 0),
+					ChangeDate:   time.Unix(124, 0),
+					InstanceID:   "instance1",
+				},
+			},
+			Sequence:     1,
+			CreationDate: time.Unix(123, 0),
+			ChangeDate:   time.Unix(124, 0),
+		},
+	}
+
+	want := []*instance.Instance{
+		{
+			Id:   "instance1",
+			Name: "Instance One",
+			Domains: []*instance.Domain{
+				{
+					Domain:       "example.com",
+					Primary:      true,
+					Generated:    false,
+					InstanceId:   "instance1",
+					CreationDate: &timestamppb.Timestamp{Seconds: 123},
+				},
+			},
+			Version:      build.Version(),
+			ChangeDate:   &timestamppb.Timestamp{Seconds: 124},
+			CreationDate: &timestamppb.Timestamp{Seconds: 123},
+		},
+	}
+
+	got := InstancesToPb(instances)
+	assert.Equal(t, want, got)
+}
+
+func Test_ListInstancesRequestToModel(t *testing.T) {
+	t.Parallel()
+
+	searchInstanceByID, err := query.NewInstanceIDsListSearchQuery("instance1", "instance2")
+	require.Nil(t, err)
+
+	tt := []struct {
+		testName       string
+		inputRequest   *instance.ListInstancesRequest
+		maxQueryLimit  uint64
+		expectedResult *query.InstanceSearchQueries
+		expectedError  error
+	}{
+		{
+			testName:      "when query limit exceeds max query limit should return invalid argument error",
+			maxQueryLimit: 1,
+			inputRequest: &instance.ListInstancesRequest{
+				Pagination:    &filter.PaginationRequest{Limit: 10, Offset: 0, Asc: true},
+				SortingColumn: instance.FieldName_FIELD_NAME_ID.Enum(),
+				Queries:       []*instance.Query{{Query: &instance.Query_IdQuery{IdQuery: &instance.IdsQuery{Ids: []string{"instance1", "instance2"}}}}},
+			},
+			expectedError: zerrors.ThrowInvalidArgumentf(errors.New("given: 10, allowed: 1"), "QUERY-4M0fs", "Errors.Query.LimitExceeded"),
+		},
+		{
+			testName: "when valid request should return instance search query model",
+			inputRequest: &instance.ListInstancesRequest{
+				Pagination:    &filter.PaginationRequest{Limit: 10, Offset: 0, Asc: true},
+				SortingColumn: instance.FieldName_FIELD_NAME_ID.Enum(),
+				Queries:       []*instance.Query{{Query: &instance.Query_IdQuery{IdQuery: &instance.IdsQuery{Ids: []string{"instance1", "instance2"}}}}},
+			},
+			expectedResult: &query.InstanceSearchQueries{
+				SearchRequest: query.SearchRequest{
+					Offset:        0,
+					Limit:         10,
+					Asc:           true,
+					SortingColumn: query.InstanceColumnID,
+				},
+				Queries: []query.SearchQuery{searchInstanceByID},
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+			sysDefaults := systemdefaults.SystemDefaults{MaxQueryLimit: tc.maxQueryLimit}
+
+			got, err := ListInstancesRequestToModel(tc.inputRequest, sysDefaults)
+			assert.Equal(t, tc.expectedError, err)
+			assert.Equal(t, tc.expectedResult, got)
+
+		})
+	}
+}
+
+func Test_fieldNameToInstanceColumn(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name      string
+		fieldName instance.FieldName
+		want      query.Column
+	}{
+		{
+			name:      "ID field",
+			fieldName: instance.FieldName_FIELD_NAME_ID,
+			want:      query.InstanceColumnID,
+		},
+		{
+			name:      "Name field",
+			fieldName: instance.FieldName_FIELD_NAME_NAME,
+			want:      query.InstanceColumnName,
+		},
+		{
+			name:      "Creation Date field",
+			fieldName: instance.FieldName_FIELD_NAME_CREATION_DATE,
+			want:      query.InstanceColumnCreationDate,
+		},
+		{
+			name:      "Unknown field",
+			fieldName: instance.FieldName(99),
+			want:      query.Column{},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got := fieldNameToInstanceColumn(tt.fieldName)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_instanceQueryToModel(t *testing.T) {
+	t.Parallel()
+
+	searchInstanceByID, err := query.NewInstanceIDsListSearchQuery("instance1")
+	require.Nil(t, err)
+
+	searchInstanceByDomain, err := query.NewInstanceDomainsListSearchQuery("example.com")
+	require.Nil(t, err)
+
+	tests := []struct {
+		name        string
+		searchQuery *instance.Query
+		want        query.SearchQuery
+		wantErr     bool
+	}{
+		{
+			name: "ID Query",
+			searchQuery: &instance.Query{
+				Query: &instance.Query_IdQuery{
+					IdQuery: &instance.IdsQuery{
+						Ids: []string{"instance1"},
+					},
+				},
+			},
+			want:    searchInstanceByID,
+			wantErr: false,
+		},
+		{
+			name: "Domain Query",
+			searchQuery: &instance.Query{
+				Query: &instance.Query_DomainQuery{
+					DomainQuery: &instance.DomainsQuery{
+						Domains: []string{"example.com"},
+					},
+				},
+			},
+			want:    searchInstanceByDomain,
+			wantErr: false,
+		},
+		{
+			name: "Invalid Query",
+			searchQuery: &instance.Query{
+				Query: nil,
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got, err := instanceQueryToModel(tt.searchQuery)
+			if tt.wantErr {
+				assert.Error(t, err)
+			} else {
+				assert.NoError(t, err)
+				assert.Equal(t, tt.want, got)
+			}
+		})
+	}
+}
+
+func Test_ListCustomDomainsRequestToModel(t *testing.T) {
+	t.Parallel()
+
+	querySearchRes, err := query.NewInstanceDomainDomainSearchQuery(query.TextEquals, "example.com")
+	require.Nil(t, err)
+
+	queryGeneratedRes, err := query.NewInstanceDomainGeneratedSearchQuery(false)
+	require.Nil(t, err)
+
+	tests := []struct {
+		name           string
+		inputRequest   *instance.ListCustomDomainsRequest
+		maxQueryLimit  uint64
+		expectedResult *query.InstanceDomainSearchQueries
+		expectedError  error
+	}{
+		{
+			name: "when query limit exceeds max query limit should return invalid argument error",
+			inputRequest: &instance.ListCustomDomainsRequest{
+				Pagination:    &filter.PaginationRequest{Limit: 10, Offset: 0, Asc: true},
+				SortingColumn: instance.DomainFieldName_DOMAIN_FIELD_NAME_DOMAIN,
+				Queries: []*instance.DomainSearchQuery{
+					{
+						Query: &instance.DomainSearchQuery_DomainQuery{
+							DomainQuery: &instance.DomainQuery{
+								Method: object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS,
+								Domain: "example.com",
+							},
+						},
+					},
+				},
+			},
+			maxQueryLimit: 1,
+			expectedError: zerrors.ThrowInvalidArgumentf(errors.New("given: 10, allowed: 1"), "QUERY-4M0fs", "Errors.Query.LimitExceeded"),
+		},
+		{
+			name: "when valid request should return domain search query model",
+			inputRequest: &instance.ListCustomDomainsRequest{
+				Pagination:    &filter.PaginationRequest{Limit: 10, Offset: 0, Asc: true},
+				SortingColumn: instance.DomainFieldName_DOMAIN_FIELD_NAME_PRIMARY,
+				Queries: []*instance.DomainSearchQuery{
+					{
+						Query: &instance.DomainSearchQuery_DomainQuery{
+							DomainQuery: &instance.DomainQuery{Method: object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS, Domain: "example.com"}},
+					},
+					{
+						Query: &instance.DomainSearchQuery_GeneratedQuery{
+							GeneratedQuery: &instance.DomainGeneratedQuery{Generated: false}},
+					},
+				},
+			},
+			maxQueryLimit: 100,
+			expectedResult: &query.InstanceDomainSearchQueries{
+				SearchRequest: query.SearchRequest{Offset: 0, Limit: 10, Asc: true, SortingColumn: query.InstanceDomainIsPrimaryCol},
+				Queries: []query.SearchQuery{
+					querySearchRes,
+					queryGeneratedRes,
+				},
+			},
+			expectedError: nil,
+		},
+		{
+			name: "when invalid query should return error",
+			inputRequest: &instance.ListCustomDomainsRequest{
+				Pagination:    &filter.PaginationRequest{Limit: 10, Offset: 0, Asc: true},
+				SortingColumn: instance.DomainFieldName_DOMAIN_FIELD_NAME_GENERATED,
+				Queries: []*instance.DomainSearchQuery{
+					{
+						Query: nil,
+					},
+				},
+			},
+			maxQueryLimit:  100,
+			expectedResult: nil,
+			expectedError:  zerrors.ThrowInvalidArgument(nil, "INST-Ags42", "List.Query.Invalid"),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			sysDefaults := systemdefaults.SystemDefaults{MaxQueryLimit: tt.maxQueryLimit}
+
+			got, err := ListCustomDomainsRequestToModel(tt.inputRequest, sysDefaults)
+			assert.Equal(t, tt.expectedError, err)
+			assert.Equal(t, tt.expectedResult, got)
+		})
+	}
+}
+
+func Test_ListTrustedDomainsRequestToModel(t *testing.T) {
+	t.Parallel()
+
+	querySearchRes, err := query.NewInstanceTrustedDomainDomainSearchQuery(query.TextEquals, "example.com")
+	require.Nil(t, err)
+
+	tests := []struct {
+		name           string
+		inputRequest   *instance.ListTrustedDomainsRequest
+		maxQueryLimit  uint64
+		expectedResult *query.InstanceTrustedDomainSearchQueries
+		expectedError  error
+	}{
+		{
+			name: "when query limit exceeds max query limit should return invalid argument error",
+			inputRequest: &instance.ListTrustedDomainsRequest{
+				Pagination:    &filter.PaginationRequest{Limit: 10, Offset: 0, Asc: true},
+				SortingColumn: instance.TrustedDomainFieldName_TRUSTED_DOMAIN_FIELD_NAME_DOMAIN,
+				Queries: []*instance.TrustedDomainSearchQuery{
+					{
+						Query: &instance.TrustedDomainSearchQuery_DomainQuery{
+							DomainQuery: &instance.DomainQuery{
+								Method: object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS,
+								Domain: "example.com",
+							},
+						},
+					},
+				},
+			},
+			maxQueryLimit: 1,
+			expectedError: zerrors.ThrowInvalidArgumentf(errors.New("given: 10, allowed: 1"), "QUERY-4M0fs", "Errors.Query.LimitExceeded"),
+		},
+		{
+			name: "when valid request should return domain search query model",
+			inputRequest: &instance.ListTrustedDomainsRequest{
+				Pagination:    &filter.PaginationRequest{Limit: 10, Offset: 0, Asc: true},
+				SortingColumn: instance.TrustedDomainFieldName_TRUSTED_DOMAIN_FIELD_NAME_CREATION_DATE,
+				Queries: []*instance.TrustedDomainSearchQuery{
+					{
+						Query: &instance.TrustedDomainSearchQuery_DomainQuery{
+							DomainQuery: &instance.DomainQuery{Method: object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS, Domain: "example.com"}},
+					},
+				},
+			},
+			maxQueryLimit: 100,
+			expectedResult: &query.InstanceTrustedDomainSearchQueries{
+				SearchRequest: query.SearchRequest{Offset: 0, Limit: 10, Asc: true, SortingColumn: query.InstanceTrustedDomainCreationDateCol},
+				Queries:       []query.SearchQuery{querySearchRes},
+			},
+			expectedError: nil,
+		},
+		{
+			name: "when invalid query should return error",
+			inputRequest: &instance.ListTrustedDomainsRequest{
+				Pagination: &filter.PaginationRequest{Limit: 10, Offset: 0, Asc: true},
+				Queries: []*instance.TrustedDomainSearchQuery{
+					{
+						Query: nil,
+					},
+				},
+			},
+			maxQueryLimit:  100,
+			expectedResult: nil,
+			expectedError:  zerrors.ThrowInvalidArgument(nil, "INST-Ags42", "List.Query.Invalid"),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			sysDefaults := systemdefaults.SystemDefaults{MaxQueryLimit: tt.maxQueryLimit}
+
+			got, err := ListTrustedDomainsRequestToModel(tt.inputRequest, sysDefaults)
+			assert.Equal(t, tt.expectedError, err)
+			assert.Equal(t, tt.expectedResult, got)
+		})
+	}
+}
diff --git a/internal/api/grpc/instance/v2beta/domain.go b/internal/api/grpc/instance/v2beta/domain.go
new file mode 100644
index 0000000000..439c6e5d8d
--- /dev/null
+++ b/internal/api/grpc/instance/v2beta/domain.go
@@ -0,0 +1,50 @@
+package instance
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
+)
+
+func (s *Server) AddCustomDomain(ctx context.Context, req *instance.AddCustomDomainRequest) (*instance.AddCustomDomainResponse, error) {
+	details, err := s.command.AddInstanceDomain(ctx, req.GetDomain())
+	if err != nil {
+		return nil, err
+	}
+	return &instance.AddCustomDomainResponse{
+		CreationDate: timestamppb.New(details.CreationDate),
+	}, nil
+}
+
+func (s *Server) RemoveCustomDomain(ctx context.Context, req *instance.RemoveCustomDomainRequest) (*instance.RemoveCustomDomainResponse, error) {
+	details, err := s.command.RemoveInstanceDomain(ctx, req.GetDomain())
+	if err != nil {
+		return nil, err
+	}
+	return &instance.RemoveCustomDomainResponse{
+		DeletionDate: timestamppb.New(details.EventDate),
+	}, nil
+}
+
+func (s *Server) AddTrustedDomain(ctx context.Context, req *instance.AddTrustedDomainRequest) (*instance.AddTrustedDomainResponse, error) {
+	details, err := s.command.AddTrustedDomain(ctx, req.GetDomain())
+	if err != nil {
+		return nil, err
+	}
+	return &instance.AddTrustedDomainResponse{
+		CreationDate: timestamppb.New(details.CreationDate),
+	}, nil
+}
+
+func (s *Server) RemoveTrustedDomain(ctx context.Context, req *instance.RemoveTrustedDomainRequest) (*instance.RemoveTrustedDomainResponse, error) {
+	details, err := s.command.RemoveTrustedDomain(ctx, req.GetDomain())
+	if err != nil {
+		return nil, err
+	}
+
+	return &instance.RemoveTrustedDomainResponse{
+		DeletionDate: timestamppb.New(details.EventDate),
+	}, nil
+}
diff --git a/internal/api/grpc/instance/v2beta/instance.go b/internal/api/grpc/instance/v2beta/instance.go
new file mode 100644
index 0000000000..b1c36e74bb
--- /dev/null
+++ b/internal/api/grpc/instance/v2beta/instance.go
@@ -0,0 +1,32 @@
+package instance
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
+)
+
+func (s *Server) DeleteInstance(ctx context.Context, request *instance.DeleteInstanceRequest) (*instance.DeleteInstanceResponse, error) {
+	obj, err := s.command.RemoveInstance(ctx, request.GetInstanceId())
+	if err != nil {
+		return nil, err
+	}
+
+	return &instance.DeleteInstanceResponse{
+		DeletionDate: timestamppb.New(obj.EventDate),
+	}, nil
+
+}
+
+func (s *Server) UpdateInstance(ctx context.Context, request *instance.UpdateInstanceRequest) (*instance.UpdateInstanceResponse, error) {
+	obj, err := s.command.UpdateInstance(ctx, request.GetInstanceName())
+	if err != nil {
+		return nil, err
+	}
+
+	return &instance.UpdateInstanceResponse{
+		ChangeDate: timestamppb.New(obj.EventDate),
+	}, nil
+}
diff --git a/internal/api/grpc/instance/v2beta/integration_test/domain_test.go b/internal/api/grpc/instance/v2beta/integration_test/domain_test.go
new file mode 100644
index 0000000000..a0e2011cfc
--- /dev/null
+++ b/internal/api/grpc/instance/v2beta/integration_test/domain_test.go
@@ -0,0 +1,350 @@
+//go:build integration
+
+package instance_test
+
+import (
+	"context"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
+)
+
+func TestAddCustomDomain(t *testing.T) {
+	t.Parallel()
+
+	// Given
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+	defer cancel()
+
+	ctxWithSysAuthZ := integration.WithSystemAuthorization(ctx)
+
+	inst := integration.NewInstance(ctxWithSysAuthZ)
+	iamOwnerCtx := inst.WithAuthorization(context.Background(), integration.UserTypeIAMOwner)
+
+	t.Cleanup(func() {
+		inst.Client.InstanceV2Beta.DeleteInstance(ctxWithSysAuthZ, &instance.DeleteInstanceRequest{InstanceId: inst.ID()})
+	})
+
+	tt := []struct {
+		testName          string
+		inputContext      context.Context
+		inputRequest      *instance.AddCustomDomainRequest
+		expectedErrorMsg  string
+		expectedErrorCode codes.Code
+	}{
+		{
+			testName: "when invalid context should return unauthN error",
+			inputRequest: &instance.AddCustomDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     gofakeit.DomainName(),
+			},
+			inputContext:      context.Background(),
+			expectedErrorCode: codes.Unauthenticated,
+			expectedErrorMsg:  "auth header missing",
+		},
+		{
+			testName: "when unauthZ context should return unauthZ error",
+			inputRequest: &instance.AddCustomDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     gofakeit.DomainName(),
+			},
+			inputContext:      iamOwnerCtx,
+			expectedErrorCode: codes.PermissionDenied,
+			expectedErrorMsg:  "No matching permissions found (AUTH-5mWD2)",
+		},
+		{
+			testName: "when invalid domain should return invalid argument error",
+			inputRequest: &instance.AddCustomDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     " ",
+			},
+			inputContext:      ctxWithSysAuthZ,
+			expectedErrorCode: codes.InvalidArgument,
+			expectedErrorMsg:  "Errors.Invalid.Argument (INST-28nlD)",
+		},
+		{
+			testName: "when valid request should return successful response",
+			inputRequest: &instance.AddCustomDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     " " + gofakeit.DomainName(),
+			},
+			inputContext: ctxWithSysAuthZ,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Cleanup(func() {
+				if tc.expectedErrorMsg == "" {
+					inst.Client.InstanceV2Beta.RemoveCustomDomain(ctxWithSysAuthZ, &instance.RemoveCustomDomainRequest{Domain: strings.TrimSpace(tc.inputRequest.Domain)})
+				}
+			})
+
+			// Test
+			res, err := inst.Client.InstanceV2Beta.AddCustomDomain(tc.inputContext, tc.inputRequest)
+
+			// Verify
+			assert.Equal(t, tc.expectedErrorCode, status.Code(err))
+			assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
+
+			if tc.expectedErrorMsg == "" {
+				assert.NotNil(t, res)
+				assert.NotEmpty(t, res.GetCreationDate())
+			}
+		})
+	}
+}
+
+func TestRemoveCustomDomain(t *testing.T) {
+	t.Parallel()
+
+	// Given
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+	defer cancel()
+
+	ctxWithSysAuthZ := integration.WithSystemAuthorization(ctx)
+	inst := integration.NewInstance(ctxWithSysAuthZ)
+	iamOwnerCtx := inst.WithAuthorization(context.Background(), integration.UserTypeIAMOwner)
+
+	customDomain := gofakeit.DomainName()
+
+	_, err := inst.Client.InstanceV2Beta.AddCustomDomain(ctxWithSysAuthZ, &instance.AddCustomDomainRequest{InstanceId: inst.ID(), Domain: customDomain})
+	require.Nil(t, err)
+
+	t.Cleanup(func() {
+		inst.Client.InstanceV2Beta.RemoveCustomDomain(ctxWithSysAuthZ, &instance.RemoveCustomDomainRequest{InstanceId: inst.ID(), Domain: customDomain})
+		inst.Client.InstanceV2Beta.DeleteInstance(ctxWithSysAuthZ, &instance.DeleteInstanceRequest{InstanceId: inst.ID()})
+	})
+
+	tt := []struct {
+		testName          string
+		inputContext      context.Context
+		inputRequest      *instance.RemoveCustomDomainRequest
+		expectedErrorMsg  string
+		expectedErrorCode codes.Code
+	}{
+		{
+			testName: "when invalid context should return unauthN error",
+			inputRequest: &instance.RemoveCustomDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     "custom1",
+			},
+			inputContext:      context.Background(),
+			expectedErrorCode: codes.Unauthenticated,
+			expectedErrorMsg:  "auth header missing",
+		},
+		{
+			testName: "when unauthZ context should return unauthZ error",
+			inputRequest: &instance.RemoveCustomDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     "custom1",
+			},
+			inputContext:      iamOwnerCtx,
+			expectedErrorCode: codes.PermissionDenied,
+			expectedErrorMsg:  "No matching permissions found (AUTH-5mWD2)",
+		},
+		{
+			testName: "when invalid domain should return invalid argument error",
+			inputRequest: &instance.RemoveCustomDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     " ",
+			},
+			inputContext:      ctxWithSysAuthZ,
+			expectedErrorCode: codes.InvalidArgument,
+			expectedErrorMsg:  "Errors.Invalid.Argument (INST-39nls)",
+		},
+		{
+			testName: "when valid request should return successful response",
+			inputRequest: &instance.RemoveCustomDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     " " + customDomain,
+			},
+			inputContext: ctxWithSysAuthZ,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// Test
+			res, err := inst.Client.InstanceV2Beta.RemoveCustomDomain(tc.inputContext, tc.inputRequest)
+
+			// Verify
+			assert.Equal(t, tc.expectedErrorCode, status.Code(err))
+			assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
+
+			if tc.expectedErrorMsg == "" {
+				assert.NotNil(t, res)
+				assert.NotEmpty(t, res.GetDeletionDate())
+			}
+		})
+	}
+}
+
+func TestAddTrustedDomain(t *testing.T) {
+	t.Parallel()
+
+	// Given
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+	defer cancel()
+
+	ctxWithSysAuthZ := integration.WithSystemAuthorization(ctx)
+	inst := integration.NewInstance(ctxWithSysAuthZ)
+	orgOwnerCtx := inst.WithAuthorization(context.Background(), integration.UserTypeOrgOwner)
+
+	t.Cleanup(func() {
+		inst.Client.InstanceV2Beta.DeleteInstance(ctxWithSysAuthZ, &instance.DeleteInstanceRequest{InstanceId: inst.ID()})
+	})
+
+	tt := []struct {
+		testName          string
+		inputContext      context.Context
+		inputRequest      *instance.AddTrustedDomainRequest
+		expectedErrorMsg  string
+		expectedErrorCode codes.Code
+	}{
+		{
+			testName: "when invalid context should return unauthN error",
+			inputRequest: &instance.AddTrustedDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     "trusted1",
+			},
+			inputContext:      context.Background(),
+			expectedErrorCode: codes.Unauthenticated,
+			expectedErrorMsg:  "auth header missing",
+		},
+		{
+			testName: "when unauthZ context should return unauthZ error",
+			inputRequest: &instance.AddTrustedDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     "trusted1",
+			},
+			inputContext:      orgOwnerCtx,
+			expectedErrorCode: codes.PermissionDenied,
+			expectedErrorMsg:  "No matching permissions found (AUTH-5mWD2)",
+		},
+		{
+			testName: "when invalid domain should return invalid argument error",
+			inputRequest: &instance.AddTrustedDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     " ",
+			},
+			inputContext:      ctxWithSysAuthZ,
+			expectedErrorCode: codes.InvalidArgument,
+			expectedErrorMsg:  "Errors.Invalid.Argument (COMMA-Stk21)",
+		},
+		{
+			testName: "when valid request should return successful response",
+			inputRequest: &instance.AddTrustedDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     " " + gofakeit.DomainName(),
+			},
+			inputContext: ctxWithSysAuthZ,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Cleanup(func() {
+				if tc.expectedErrorMsg == "" {
+					inst.Client.InstanceV2Beta.RemoveTrustedDomain(ctxWithSysAuthZ, &instance.RemoveTrustedDomainRequest{Domain: strings.TrimSpace(tc.inputRequest.Domain)})
+				}
+			})
+
+			// Test
+			res, err := inst.Client.InstanceV2Beta.AddTrustedDomain(tc.inputContext, tc.inputRequest)
+
+			// Verify
+			assert.Equal(t, tc.expectedErrorCode, status.Code(err))
+			assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
+
+			if tc.expectedErrorMsg == "" {
+				assert.NotNil(t, res)
+				assert.NotEmpty(t, res.GetCreationDate())
+			}
+		})
+	}
+}
+
+func TestRemoveTrustedDomain(t *testing.T) {
+	t.Parallel()
+
+	// Given
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+	defer cancel()
+
+	ctxWithSysAuthZ := integration.WithSystemAuthorization(ctx)
+	inst := integration.NewInstance(ctxWithSysAuthZ)
+	orgOwnerCtx := inst.WithAuthorization(context.Background(), integration.UserTypeOrgOwner)
+
+	trustedDomain := gofakeit.DomainName()
+
+	_, err := inst.Client.InstanceV2Beta.AddTrustedDomain(ctxWithSysAuthZ, &instance.AddTrustedDomainRequest{InstanceId: inst.ID(), Domain: trustedDomain})
+	require.Nil(t, err)
+
+	t.Cleanup(func() {
+		inst.Client.InstanceV2Beta.RemoveTrustedDomain(ctxWithSysAuthZ, &instance.RemoveTrustedDomainRequest{InstanceId: inst.ID(), Domain: trustedDomain})
+		inst.Client.InstanceV2Beta.DeleteInstance(ctxWithSysAuthZ, &instance.DeleteInstanceRequest{InstanceId: inst.ID()})
+	})
+
+	tt := []struct {
+		testName          string
+		inputContext      context.Context
+		inputRequest      *instance.RemoveTrustedDomainRequest
+		expectedErrorMsg  string
+		expectedErrorCode codes.Code
+	}{
+		{
+			testName: "when invalid context should return unauthN error",
+			inputRequest: &instance.RemoveTrustedDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     "trusted1",
+			},
+			inputContext:      context.Background(),
+			expectedErrorCode: codes.Unauthenticated,
+			expectedErrorMsg:  "auth header missing",
+		},
+		{
+			testName: "when unauthZ context should return unauthZ error",
+			inputRequest: &instance.RemoveTrustedDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     "trusted1",
+			},
+			inputContext:      orgOwnerCtx,
+			expectedErrorCode: codes.PermissionDenied,
+			expectedErrorMsg:  "No matching permissions found (AUTH-5mWD2)",
+		},
+		{
+			testName: "when valid request should return successful response",
+			inputRequest: &instance.RemoveTrustedDomainRequest{
+				InstanceId: inst.ID(),
+				Domain:     " " + trustedDomain,
+			},
+			inputContext: ctxWithSysAuthZ,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// Test
+			res, err := inst.Client.InstanceV2Beta.RemoveTrustedDomain(tc.inputContext, tc.inputRequest)
+
+			// Verify
+			assert.Equal(t, tc.expectedErrorCode, status.Code(err))
+			assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
+
+			if tc.expectedErrorMsg == "" {
+				require.NotNil(t, res)
+				require.NotEmpty(t, res.GetDeletionDate())
+			}
+		})
+	}
+}
diff --git a/internal/api/grpc/instance/v2beta/integration_test/instance_test.go b/internal/api/grpc/instance/v2beta/integration_test/instance_test.go
new file mode 100644
index 0000000000..5187bbc78d
--- /dev/null
+++ b/internal/api/grpc/instance/v2beta/integration_test/instance_test.go
@@ -0,0 +1,162 @@
+//go:build integration
+
+package instance_test
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/zitadel/zitadel/internal/integration"
+	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+func TestDeleteInstace(t *testing.T) {
+	t.Parallel()
+
+	// Given
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+	defer cancel()
+
+	ctxWithSysAuthZ := integration.WithSystemAuthorization(ctx)
+
+	inst := integration.NewInstance(ctxWithSysAuthZ)
+
+	t.Cleanup(func() {
+		inst.Client.InstanceV2Beta.DeleteInstance(ctxWithSysAuthZ, &instance.DeleteInstanceRequest{InstanceId: inst.ID()})
+	})
+
+	tt := []struct {
+		testName           string
+		inputRequest       *instance.DeleteInstanceRequest
+		inputContext       context.Context
+		expectedErrorMsg   string
+		expectedErrorCode  codes.Code
+		expectedInstanceID string
+	}{
+		{
+			testName: "when invalid context should return unauthN error",
+			inputRequest: &instance.DeleteInstanceRequest{
+				InstanceId: " ",
+			},
+			inputContext:      context.Background(),
+			expectedErrorCode: codes.Unauthenticated,
+			expectedErrorMsg:  "auth header missing",
+		},
+		{
+			testName: "when invalid input should return invalid argument error",
+			inputRequest: &instance.DeleteInstanceRequest{
+				InstanceId: inst.ID() + "invalid",
+			},
+			inputContext:      ctxWithSysAuthZ,
+			expectedErrorCode: codes.NotFound,
+			expectedErrorMsg:  "Instance not found (COMMA-AE3GS)",
+		},
+		{
+			testName: "when delete succeeds should return deletion date",
+			inputRequest: &instance.DeleteInstanceRequest{
+				InstanceId: inst.ID(),
+			},
+			inputContext:       ctxWithSysAuthZ,
+			expectedInstanceID: inst.ID(),
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// Test
+			res, err := inst.Client.InstanceV2Beta.DeleteInstance(tc.inputContext, tc.inputRequest)
+
+			// Verify
+			assert.Equal(t, tc.expectedErrorCode, status.Code(err))
+			assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
+			if tc.expectedErrorMsg == "" {
+				require.NotNil(t, res)
+				require.NotEmpty(t, res.GetDeletionDate())
+			}
+		})
+	}
+}
+
+func TestUpdateInstace(t *testing.T) {
+	t.Parallel()
+
+	// Given
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+	defer cancel()
+
+	ctxWithSysAuthZ := integration.WithSystemAuthorization(ctx)
+
+	inst := integration.NewInstance(ctxWithSysAuthZ)
+	orgOwnerCtx := inst.WithAuthorization(context.Background(), integration.UserTypeOrgOwner)
+
+	t.Cleanup(func() {
+		inst.Client.InstanceV2Beta.DeleteInstance(ctxWithSysAuthZ, &instance.DeleteInstanceRequest{InstanceId: inst.ID()})
+	})
+
+	tt := []struct {
+		testName          string
+		inputRequest      *instance.UpdateInstanceRequest
+		inputContext      context.Context
+		expectedErrorMsg  string
+		expectedErrorCode codes.Code
+		expectedNewName   string
+	}{
+		{
+			testName: "when invalid context should return unauthN error",
+			inputRequest: &instance.UpdateInstanceRequest{
+				InstanceId:   inst.ID(),
+				InstanceName: " ",
+			},
+			inputContext:      context.Background(),
+			expectedErrorCode: codes.Unauthenticated,
+			expectedErrorMsg:  "auth header missing",
+		},
+		{
+			testName: "when unauthZ context should return unauthZ error",
+			inputRequest: &instance.UpdateInstanceRequest{
+				InstanceId:   inst.ID(),
+				InstanceName: " ",
+			},
+			inputContext:      orgOwnerCtx,
+			expectedErrorCode: codes.PermissionDenied,
+			expectedErrorMsg:  "No matching permissions found (AUTH-5mWD2)",
+		},
+		{
+			testName: "when update succeeds should change instance name",
+			inputRequest: &instance.UpdateInstanceRequest{
+				InstanceId:   inst.ID(),
+				InstanceName: "an-updated-name",
+			},
+			inputContext:    ctxWithSysAuthZ,
+			expectedNewName: "an-updated-name",
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// Test
+			res, err := inst.Client.InstanceV2Beta.UpdateInstance(tc.inputContext, tc.inputRequest)
+
+			// Verify
+			assert.Equal(t, tc.expectedErrorCode, status.Code(err))
+			assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
+			if tc.expectedErrorMsg == "" {
+
+				require.NotNil(t, res)
+				assert.NotEmpty(t, res.GetChangeDate())
+
+				retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tc.inputContext, 20*time.Second)
+				require.EventuallyWithT(t, func(tt *assert.CollectT) {
+					retrievedInstance, err := inst.Client.InstanceV2Beta.GetInstance(tc.inputContext, &instance.GetInstanceRequest{InstanceId: inst.ID()})
+					require.Nil(tt, err)
+					assert.Equal(tt, tc.expectedNewName, retrievedInstance.GetInstance().GetName())
+				}, retryDuration, tick, "timeout waiting for expected execution result")
+			}
+		})
+	}
+}
diff --git a/internal/api/grpc/instance/v2beta/integration_test/query_test.go b/internal/api/grpc/instance/v2beta/integration_test/query_test.go
new file mode 100644
index 0000000000..0828b006e3
--- /dev/null
+++ b/internal/api/grpc/instance/v2beta/integration_test/query_test.go
@@ -0,0 +1,369 @@
+//go:build integration
+
+package instance_test
+
+import (
+	"context"
+	"slices"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/zitadel/zitadel/internal/integration"
+	filter "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta"
+	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+func TestGetInstance(t *testing.T) {
+	t.Parallel()
+
+	// Given
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+	defer cancel()
+
+	ctxWithSysAuthZ := integration.WithSystemAuthorization(ctx)
+	inst := integration.NewInstance(ctxWithSysAuthZ)
+	orgOwnerCtx := inst.WithAuthorization(context.Background(), integration.UserTypeOrgOwner)
+
+	t.Cleanup(func() {
+		inst.Client.InstanceV2Beta.DeleteInstance(ctxWithSysAuthZ, &instance.DeleteInstanceRequest{InstanceId: inst.ID()})
+	})
+
+	tt := []struct {
+		testName           string
+		inputContext       context.Context
+		expectedInstanceID string
+		expectedErrorMsg   string
+		expectedErrorCode  codes.Code
+	}{
+		{
+			testName:          "when unauthN context should return unauthN error",
+			inputContext:      context.Background(),
+			expectedErrorCode: codes.Unauthenticated,
+			expectedErrorMsg:  "auth header missing",
+		},
+		{
+			testName:          "when unauthZ context should return unauthZ error",
+			inputContext:      orgOwnerCtx,
+			expectedErrorCode: codes.PermissionDenied,
+			expectedErrorMsg:  "No matching permissions found (AUTH-5mWD2)",
+		},
+		{
+			testName:           "when request succeeds should return matching instance",
+			inputContext:       ctxWithSysAuthZ,
+			expectedInstanceID: inst.ID(),
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// Test
+			res, err := inst.Client.InstanceV2Beta.GetInstance(tc.inputContext, &instance.GetInstanceRequest{InstanceId: inst.ID()})
+
+			// Verify
+			assert.Equal(t, tc.expectedErrorCode, status.Code(err))
+			assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
+
+			if tc.expectedErrorMsg == "" {
+				require.NoError(t, err)
+				assert.Equal(t, tc.expectedInstanceID, res.GetInstance().GetId())
+			}
+		})
+	}
+}
+
+func TestListInstances(t *testing.T) {
+	t.Parallel()
+
+	// Given
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+	defer cancel()
+
+	ctxWithSysAuthZ := integration.WithSystemAuthorization(ctx)
+
+	instances := make([]*integration.Instance, 2)
+	inst := integration.NewInstance(ctxWithSysAuthZ)
+	inst2 := integration.NewInstance(ctxWithSysAuthZ)
+	instances[0], instances[1] = inst, inst2
+
+	t.Cleanup(func() {
+		inst.Client.InstanceV2Beta.DeleteInstance(ctxWithSysAuthZ, &instance.DeleteInstanceRequest{InstanceId: inst.ID()})
+		inst.Client.InstanceV2Beta.DeleteInstance(ctxWithSysAuthZ, &instance.DeleteInstanceRequest{InstanceId: inst2.ID()})
+	})
+
+	// Sort in descending order
+	slices.SortFunc(instances, func(i1, i2 *integration.Instance) int {
+		res := i1.Instance.Details.CreationDate.AsTime().Compare(i2.Instance.Details.CreationDate.AsTime())
+		if res == 0 {
+			return res
+		}
+		return -res
+	})
+
+	orgOwnerCtx := inst.WithAuthorization(context.Background(), integration.UserTypeOrgOwner)
+
+	tt := []struct {
+		testName          string
+		inputRequest      *instance.ListInstancesRequest
+		inputContext      context.Context
+		expectedErrorMsg  string
+		expectedErrorCode codes.Code
+		expectedInstances []string
+	}{
+		{
+			testName: "when invalid context should return unauthN error",
+			inputRequest: &instance.ListInstancesRequest{
+				Pagination: &filter.PaginationRequest{Offset: 0, Limit: 10},
+			},
+			inputContext:      context.Background(),
+			expectedErrorCode: codes.Unauthenticated,
+			expectedErrorMsg:  "auth header missing",
+		},
+		{
+			testName: "when unauthZ context should return unauthZ error",
+			inputRequest: &instance.ListInstancesRequest{
+				Pagination: &filter.PaginationRequest{Offset: 0, Limit: 10},
+			},
+			inputContext:      orgOwnerCtx,
+			expectedErrorCode: codes.PermissionDenied,
+			expectedErrorMsg:  "No matching permissions found (AUTH-5mWD2)",
+		},
+		{
+			testName: "when valid request with filter should return paginated response",
+			inputRequest: &instance.ListInstancesRequest{
+				Pagination:    &filter.PaginationRequest{Offset: 0, Limit: 10},
+				SortingColumn: instance.FieldName_FIELD_NAME_CREATION_DATE.Enum(),
+				Queries: []*instance.Query{
+					{
+						Query: &instance.Query_IdQuery{
+							IdQuery: &instance.IdsQuery{
+								Ids: []string{inst.ID(), inst2.ID()},
+							},
+						},
+					},
+				},
+			},
+			inputContext:      ctxWithSysAuthZ,
+			expectedInstances: []string{inst2.ID(), inst.ID()},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// Test
+			res, err := inst.Client.InstanceV2Beta.ListInstances(tc.inputContext, tc.inputRequest)
+
+			// Verify
+			assert.Equal(t, tc.expectedErrorCode, status.Code(err))
+			assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
+
+			if tc.expectedErrorMsg == "" {
+				require.NotNil(t, res)
+
+				require.Len(t, res.GetInstances(), len(tc.expectedInstances))
+
+				for i, ins := range res.GetInstances() {
+					assert.Equal(t, tc.expectedInstances[i], ins.GetId())
+				}
+			}
+		})
+	}
+}
+
+func TestListCustomDomains(t *testing.T) {
+	t.Parallel()
+
+	// Given
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+	defer cancel()
+
+	ctxWithSysAuthZ := integration.WithSystemAuthorization(ctx)
+	inst := integration.NewInstance(ctxWithSysAuthZ)
+
+	orgOwnerCtx := inst.WithAuthorization(context.Background(), integration.UserTypeOrgOwner)
+	d1, d2 := "custom."+gofakeit.DomainName(), "custom."+gofakeit.DomainName()
+
+	_, err := inst.Client.InstanceV2Beta.AddCustomDomain(ctxWithSysAuthZ, &instance.AddCustomDomainRequest{InstanceId: inst.ID(), Domain: d1})
+	require.Nil(t, err)
+	_, err = inst.Client.InstanceV2Beta.AddCustomDomain(ctxWithSysAuthZ, &instance.AddCustomDomainRequest{InstanceId: inst.ID(), Domain: d2})
+	require.Nil(t, err)
+
+	t.Cleanup(func() {
+		inst.Client.InstanceV2Beta.RemoveCustomDomain(ctxWithSysAuthZ, &instance.RemoveCustomDomainRequest{InstanceId: inst.ID(), Domain: d1})
+		inst.Client.InstanceV2Beta.RemoveCustomDomain(ctxWithSysAuthZ, &instance.RemoveCustomDomainRequest{InstanceId: inst.ID(), Domain: d2})
+		inst.Client.InstanceV2Beta.DeleteInstance(ctxWithSysAuthZ, &instance.DeleteInstanceRequest{InstanceId: inst.ID()})
+	})
+
+	tt := []struct {
+		testName          string
+		inputRequest      *instance.ListCustomDomainsRequest
+		inputContext      context.Context
+		expectedErrorMsg  string
+		expectedErrorCode codes.Code
+		expectedDomains   []string
+	}{
+		{
+			testName: "when invalid context should return unauthN error",
+			inputRequest: &instance.ListCustomDomainsRequest{
+				InstanceId: inst.ID(),
+				Pagination: &filter.PaginationRequest{Offset: 0, Limit: 10},
+			},
+			inputContext:      context.Background(),
+			expectedErrorCode: codes.Unauthenticated,
+			expectedErrorMsg:  "auth header missing"},
+		{
+			testName: "when unauthZ context should return unauthZ error",
+			inputRequest: &instance.ListCustomDomainsRequest{
+				InstanceId:    inst.ID(),
+				Pagination:    &filter.PaginationRequest{Offset: 0, Limit: 10},
+				SortingColumn: instance.DomainFieldName_DOMAIN_FIELD_NAME_CREATION_DATE,
+				Queries: []*instance.DomainSearchQuery{
+					{
+						Query: &instance.DomainSearchQuery_DomainQuery{
+							DomainQuery: &instance.DomainQuery{Domain: "custom", Method: object.TextQueryMethod_TEXT_QUERY_METHOD_CONTAINS},
+						},
+					},
+				},
+			},
+			inputContext:      orgOwnerCtx,
+			expectedErrorCode: codes.PermissionDenied,
+			expectedErrorMsg:  "No matching permissions found (AUTH-5mWD2)",
+		},
+		{
+			testName: "when valid request with filter should return paginated response",
+			inputRequest: &instance.ListCustomDomainsRequest{
+				InstanceId:    inst.ID(),
+				Pagination:    &filter.PaginationRequest{Offset: 0, Limit: 10},
+				SortingColumn: instance.DomainFieldName_DOMAIN_FIELD_NAME_CREATION_DATE,
+				Queries: []*instance.DomainSearchQuery{
+					{
+						Query: &instance.DomainSearchQuery_DomainQuery{
+							DomainQuery: &instance.DomainQuery{Domain: "custom", Method: object.TextQueryMethod_TEXT_QUERY_METHOD_CONTAINS},
+						},
+					},
+				},
+			},
+			inputContext:    ctxWithSysAuthZ,
+			expectedDomains: []string{d1, d2},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// Test
+			res, err := inst.Client.InstanceV2Beta.ListCustomDomains(tc.inputContext, tc.inputRequest)
+
+			// Verify
+			assert.Equal(t, tc.expectedErrorCode, status.Code(err))
+			assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
+
+			if tc.expectedErrorMsg == "" {
+				domains := []string{}
+				for _, d := range res.GetDomains() {
+					domains = append(domains, d.GetDomain())
+				}
+
+				assert.Subset(t, domains, tc.expectedDomains)
+			}
+		})
+	}
+}
+
+func TestListTrustedDomains(t *testing.T) {
+	t.Parallel()
+
+	// Given
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+	defer cancel()
+
+	ctxWithSysAuthZ := integration.WithSystemAuthorization(ctx)
+	inst := integration.NewInstance(ctxWithSysAuthZ)
+
+	orgOwnerCtx := inst.WithAuthorization(context.Background(), integration.UserTypeOrgOwner)
+	d1, d2 := "trusted."+gofakeit.DomainName(), "trusted."+gofakeit.DomainName()
+
+	_, err := inst.Client.InstanceV2Beta.AddTrustedDomain(ctxWithSysAuthZ, &instance.AddTrustedDomainRequest{InstanceId: inst.ID(), Domain: d1})
+	require.Nil(t, err)
+	_, err = inst.Client.InstanceV2Beta.AddTrustedDomain(ctxWithSysAuthZ, &instance.AddTrustedDomainRequest{InstanceId: inst.ID(), Domain: d2})
+	require.Nil(t, err)
+
+	t.Cleanup(func() {
+		inst.Client.InstanceV2Beta.RemoveTrustedDomain(ctxWithSysAuthZ, &instance.RemoveTrustedDomainRequest{InstanceId: inst.ID(), Domain: d1})
+		inst.Client.InstanceV2Beta.RemoveTrustedDomain(ctxWithSysAuthZ, &instance.RemoveTrustedDomainRequest{InstanceId: inst.ID(), Domain: d2})
+		inst.Client.InstanceV2Beta.DeleteInstance(ctxWithSysAuthZ, &instance.DeleteInstanceRequest{InstanceId: inst.ID()})
+	})
+
+	tt := []struct {
+		testName          string
+		inputRequest      *instance.ListTrustedDomainsRequest
+		inputContext      context.Context
+		expectedErrorMsg  string
+		expectedErrorCode codes.Code
+		expectedDomains   []string
+	}{
+		{
+			testName: "when invalid context should return unauthN error",
+			inputRequest: &instance.ListTrustedDomainsRequest{
+				InstanceId: inst.ID(),
+				Pagination: &filter.PaginationRequest{Offset: 0, Limit: 10},
+			},
+			inputContext:      context.Background(),
+			expectedErrorCode: codes.Unauthenticated,
+			expectedErrorMsg:  "auth header missing",
+		},
+		{
+			testName: "when unauthZ context should return unauthZ error",
+			inputRequest: &instance.ListTrustedDomainsRequest{
+				InstanceId: inst.ID(),
+				Pagination: &filter.PaginationRequest{Offset: 0, Limit: 10},
+			},
+			inputContext:      orgOwnerCtx,
+			expectedErrorCode: codes.PermissionDenied,
+			expectedErrorMsg:  "No matching permissions found (AUTH-5mWD2)",
+		},
+		{
+			testName: "when valid request with filter should return paginated response",
+			inputRequest: &instance.ListTrustedDomainsRequest{
+				InstanceId:    inst.ID(),
+				Pagination:    &filter.PaginationRequest{Offset: 0, Limit: 10},
+				SortingColumn: instance.TrustedDomainFieldName_TRUSTED_DOMAIN_FIELD_NAME_CREATION_DATE,
+				Queries: []*instance.TrustedDomainSearchQuery{
+					{
+						Query: &instance.TrustedDomainSearchQuery_DomainQuery{
+							DomainQuery: &instance.DomainQuery{Domain: "trusted", Method: object.TextQueryMethod_TEXT_QUERY_METHOD_CONTAINS},
+						},
+					},
+				},
+			},
+			inputContext:    ctxWithSysAuthZ,
+			expectedDomains: []string{d1, d2},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// Test
+			res, err := inst.Client.InstanceV2Beta.ListTrustedDomains(tc.inputContext, tc.inputRequest)
+
+			// Verify
+			assert.Equal(t, tc.expectedErrorCode, status.Code(err))
+			assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
+
+			if tc.expectedErrorMsg == "" {
+				require.NotNil(t, res)
+
+				domains := []string{}
+				for _, d := range res.GetTrustedDomain() {
+					domains = append(domains, d.GetDomain())
+				}
+
+				assert.Subset(t, domains, tc.expectedDomains)
+			}
+		})
+	}
+}
diff --git a/internal/api/grpc/instance/v2beta/query.go b/internal/api/grpc/instance/v2beta/query.go
new file mode 100644
index 0000000000..74f79313ea
--- /dev/null
+++ b/internal/api/grpc/instance/v2beta/query.go
@@ -0,0 +1,70 @@
+package instance
+
+import (
+	"context"
+
+	filter "github.com/zitadel/zitadel/internal/api/grpc/filter/v2beta"
+	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
+)
+
+func (s *Server) GetInstance(ctx context.Context, _ *instance.GetInstanceRequest) (*instance.GetInstanceResponse, error) {
+	inst, err := s.query.Instance(ctx, true)
+	if err != nil {
+		return nil, err
+	}
+
+	return &instance.GetInstanceResponse{
+		Instance: ToProtoObject(inst),
+	}, nil
+}
+
+func (s *Server) ListInstances(ctx context.Context, req *instance.ListInstancesRequest) (*instance.ListInstancesResponse, error) {
+	queries, err := ListInstancesRequestToModel(req, s.systemDefaults)
+	if err != nil {
+		return nil, err
+	}
+
+	instances, err := s.query.SearchInstances(ctx, queries)
+	if err != nil {
+		return nil, err
+	}
+
+	return &instance.ListInstancesResponse{
+		Instances:  InstancesToPb(instances.Instances),
+		Pagination: filter.QueryToPaginationPb(queries.SearchRequest, instances.SearchResponse),
+	}, nil
+}
+
+func (s *Server) ListCustomDomains(ctx context.Context, req *instance.ListCustomDomainsRequest) (*instance.ListCustomDomainsResponse, error) {
+	queries, err := ListCustomDomainsRequestToModel(req, s.systemDefaults)
+	if err != nil {
+		return nil, err
+	}
+
+	domains, err := s.query.SearchInstanceDomains(ctx, queries)
+	if err != nil {
+		return nil, err
+	}
+
+	return &instance.ListCustomDomainsResponse{
+		Domains:    DomainsToPb(domains.Domains),
+		Pagination: filter.QueryToPaginationPb(queries.SearchRequest, domains.SearchResponse),
+	}, nil
+}
+
+func (s *Server) ListTrustedDomains(ctx context.Context, req *instance.ListTrustedDomainsRequest) (*instance.ListTrustedDomainsResponse, error) {
+	queries, err := ListTrustedDomainsRequestToModel(req, s.systemDefaults)
+	if err != nil {
+		return nil, err
+	}
+
+	domains, err := s.query.SearchInstanceTrustedDomains(ctx, queries)
+	if err != nil {
+		return nil, err
+	}
+
+	return &instance.ListTrustedDomainsResponse{
+		TrustedDomain: trustedDomainsToPb(domains.Domains),
+		Pagination:    filter.QueryToPaginationPb(queries.SearchRequest, domains.SearchResponse),
+	}, nil
+}
diff --git a/internal/api/grpc/instance/v2beta/server.go b/internal/api/grpc/instance/v2beta/server.go
new file mode 100644
index 0000000000..aaeaa4cc8f
--- /dev/null
+++ b/internal/api/grpc/instance/v2beta/server.go
@@ -0,0 +1,60 @@
+package instance
+
+import (
+	"google.golang.org/grpc"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/api/grpc/server"
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/config/systemdefaults"
+	"github.com/zitadel/zitadel/internal/query"
+	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
+)
+
+var _ instance.InstanceServiceServer = (*Server)(nil)
+
+type Server struct {
+	instance.UnimplementedInstanceServiceServer
+	command         *command.Commands
+	query           *query.Queries
+	systemDefaults  systemdefaults.SystemDefaults
+	defaultInstance command.InstanceSetup
+	externalDomain  string
+}
+
+type Config struct{}
+
+func CreateServer(
+	command *command.Commands,
+	query *query.Queries,
+	database string,
+	defaultInstance command.InstanceSetup,
+	externalDomain string,
+) *Server {
+	return &Server{
+		command:         command,
+		query:           query,
+		defaultInstance: defaultInstance,
+		externalDomain:  externalDomain,
+	}
+}
+
+func (s *Server) RegisterServer(grpcServer *grpc.Server) {
+	instance.RegisterInstanceServiceServer(grpcServer, s)
+}
+
+func (s *Server) AppName() string {
+	return instance.InstanceService_ServiceDesc.ServiceName
+}
+
+func (s *Server) MethodPrefix() string {
+	return instance.InstanceService_ServiceDesc.ServiceName
+}
+
+func (s *Server) AuthMethods() authz.MethodMapping {
+	return instance.InstanceService_AuthMethods
+}
+
+func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
+	return instance.RegisterInstanceServiceHandler
+}
diff --git a/internal/command/instance.go b/internal/command/instance.go
index 1080168842..d71be53468 100644
--- a/internal/command/instance.go
+++ b/internal/command/instance.go
@@ -2,6 +2,7 @@ package command
 
 import (
 	"context"
+	"strings"
 	"time"
 
 	"github.com/zitadel/logging"
@@ -666,7 +667,7 @@ func setupMessageTexts(validations *[]preparation.Validation, setupMessageTexts
 
 func (c *Commands) UpdateInstance(ctx context.Context, name string) (*domain.ObjectDetails, error) {
 	instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
-	validation := c.prepareUpdateInstance(instanceAgg, name)
+	validation := c.prepareUpdateInstance(instanceAgg, strings.TrimSpace(name))
 	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation)
 	if err != nil {
 		return nil, err
@@ -885,7 +886,12 @@ func getSystemConfigWriteModel(ctx context.Context, filter preparation.FilterToQ
 }
 
 func (c *Commands) RemoveInstance(ctx context.Context, id string) (*domain.ObjectDetails, error) {
-	instanceAgg := instance.NewAggregate(id)
+	instID := strings.TrimSpace(id)
+	if instID == "" || len(instID) > 200 {
+		return nil, zerrors.ThrowInvalidArgument(nil, "COMMA-VeS2zI", "Errors.Invalid.Argument")
+	}
+
+	instanceAgg := instance.NewAggregate(instID)
 	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareRemoveInstance(instanceAgg))
 	if err != nil {
 		return nil, err
diff --git a/internal/command/instance_test.go b/internal/command/instance_test.go
index 2ea248dfb1..16e51d844d 100644
--- a/internal/command/instance_test.go
+++ b/internal/command/instance_test.go
@@ -1257,7 +1257,7 @@ func TestCommandSide_UpdateInstance(t *testing.T) {
 			},
 			args: args{
 				ctx:  authz.WithInstanceID(context.Background(), "INSTANCE"),
-				name: "",
+				name: " ",
 			},
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
@@ -1404,6 +1404,32 @@ func TestCommandSide_RemoveInstance(t *testing.T) {
 		args   args
 		res    res
 	}{
+		{
+			name: "instance empty, invalid argument error",
+			fields: fields{
+				eventstore: func(t *testing.T) *eventstore.Eventstore { return &eventstore.Eventstore{} },
+			},
+			args: args{
+				ctx:        authz.WithInstanceID(context.Background(), " "),
+				instanceID: " ",
+			},
+			res: res{
+				err: zerrors.IsErrorInvalidArgument,
+			},
+		},
+		{
+			name: "instance too long, invalid argument error",
+			fields: fields{
+				eventstore: func(t *testing.T) *eventstore.Eventstore { return &eventstore.Eventstore{} },
+			},
+			args: args{
+				ctx:        authz.WithInstanceID(context.Background(), "averylonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonginstance"),
+				instanceID: "averylonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonginstance",
+			},
+			res: res{
+				err: zerrors.IsErrorInvalidArgument,
+			},
+		},
 		{
 			name: "instance not existing, not found error",
 			fields: fields{
diff --git a/internal/command/instance_trusted_domain.go b/internal/command/instance_trusted_domain.go
index f404e6665a..7d3e6abeb1 100644
--- a/internal/command/instance_trusted_domain.go
+++ b/internal/command/instance_trusted_domain.go
@@ -34,6 +34,14 @@ func (c *Commands) AddTrustedDomain(ctx context.Context, trustedDomain string) (
 }
 
 func (c *Commands) RemoveTrustedDomain(ctx context.Context, trustedDomain string) (*domain.ObjectDetails, error) {
+	trustedDomain = strings.TrimSpace(trustedDomain)
+	if trustedDomain == "" || len(trustedDomain) > 253 {
+		return nil, zerrors.ThrowInvalidArgument(nil, "COMMA-ajAzwu", "Errors.Invalid.Argument")
+	}
+	if !allowDomainRunes.MatchString(trustedDomain) {
+		return nil, zerrors.ThrowInvalidArgument(nil, "COMMA-lfs3Te", "Errors.Instance.Domain.InvalidCharacter")
+	}
+
 	model := NewInstanceTrustedDomainsWriteModel(ctx)
 	err := c.eventstore.FilterToQueryReducer(ctx, model)
 	if err != nil {
diff --git a/internal/command/instance_trusted_domain_test.go b/internal/command/instance_trusted_domain_test.go
index 3caef90f01..4ba9f773ed 100644
--- a/internal/command/instance_trusted_domain_test.go
+++ b/internal/command/instance_trusted_domain_test.go
@@ -142,6 +142,45 @@ func TestCommands_RemoveTrustedDomain(t *testing.T) {
 		args   args
 		want   want
 	}{
+		{
+			name: "domain empty string, error",
+			fields: fields{
+				eventstore: func(t *testing.T) *eventstore.Eventstore { return &eventstore.Eventstore{} },
+			},
+			args: args{
+				ctx:           authz.WithInstanceID(context.Background(), "instanceID"),
+				trustedDomain: " ",
+			},
+			want: want{
+				err: zerrors.ThrowInvalidArgument(nil, "COMMA-ajAzwu", "Errors.Invalid.Argument"),
+			},
+		},
+		{
+			name: "domain invalid character, error",
+			fields: fields{
+				eventstore: func(t *testing.T) *eventstore.Eventstore { return &eventstore.Eventstore{} },
+			},
+			args: args{
+				ctx:           authz.WithInstanceID(context.Background(), "instanceID"),
+				trustedDomain: "? ",
+			},
+			want: want{
+				err: zerrors.ThrowInvalidArgument(nil, "COMMA-lfs3Te", "Errors.Instance.Domain.InvalidCharacter"),
+			},
+		},
+		{
+			name: "domain length exceeded, error",
+			fields: fields{
+				eventstore: func(t *testing.T) *eventstore.Eventstore { return &eventstore.Eventstore{} },
+			},
+			args: args{
+				ctx:           authz.WithInstanceID(context.Background(), "instanceID"),
+				trustedDomain: "averylonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglongdomain",
+			},
+			want: want{
+				err: zerrors.ThrowInvalidArgument(nil, "COMMA-ajAzwu", "Errors.Invalid.Argument"),
+			},
+		},
 		{
 			name: "domain does not exists, error",
 			fields: fields{
diff --git a/internal/integration/client.go b/internal/integration/client.go
index f1bcfb41bd..bd9775a28a 100644
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -26,6 +26,7 @@ import (
 	feature_v2beta "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta"
 	"github.com/zitadel/zitadel/pkg/grpc/idp"
 	idp_pb "github.com/zitadel/zitadel/pkg/grpc/idp/v2"
+	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
 	mgmt "github.com/zitadel/zitadel/pkg/grpc/management"
 	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
 	object_v3alpha "github.com/zitadel/zitadel/pkg/grpc/object/v3alpha"
@@ -70,6 +71,11 @@ type Client struct {
 	UserV3Alpha    user_v3alpha.ZITADELUsersClient
 	SAMLv2         saml_pb.SAMLServiceClient
 	SCIM           *scim.Client
+	InstanceV2Beta instance.InstanceServiceClient
+}
+
+func NewDefaultClient(ctx context.Context) (*Client, error) {
+	return newClient(ctx, loadedConfig.Host())
 }
 
 func newClient(ctx context.Context, target string) (*Client, error) {
@@ -103,6 +109,7 @@ func newClient(ctx context.Context, target string) (*Client, error) {
 		UserV3Alpha:    user_v3alpha.NewZITADELUsersClient(cc),
 		SAMLv2:         saml_pb.NewSAMLServiceClient(cc),
 		SCIM:           scim.NewScimClient(target),
+		InstanceV2Beta: instance.NewInstanceServiceClient(cc),
 	}
 	return client, client.pollHealth(ctx)
 }
diff --git a/internal/query/instance.go b/internal/query/instance.go
index 1b3bb055cb..bb311cbb85 100644
--- a/internal/query/instance.go
+++ b/internal/query/instance.go
@@ -150,7 +150,7 @@ func (q *Queries) SearchInstances(ctx context.Context, queries *InstanceSearchQu
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	filter, query, scan := prepareInstancesQuery()
+	filter, query, scan := prepareInstancesQuery(queries.SortingColumn, queries.Asc)
 	stmt, args, err := query(queries.toQuery(filter)).ToSql()
 	if err != nil {
 		return nil, zerrors.ThrowInvalidArgument(err, "QUERY-M9fow", "Errors.Query.SQLStatement")
@@ -260,17 +260,20 @@ func (q *Queries) GetDefaultLanguage(ctx context.Context) language.Tag {
 	return instance.DefaultLang
 }
 
-func prepareInstancesQuery() (sq.SelectBuilder, func(sq.SelectBuilder) sq.SelectBuilder, func(*sql.Rows) (*Instances, error)) {
+func prepareInstancesQuery(sortBy Column, isAscedingSort bool) (sq.SelectBuilder, func(sq.SelectBuilder) sq.SelectBuilder, func(*sql.Rows) (*Instances, error)) {
 	instanceFilterTable := instanceTable.setAlias(InstancesFilterTableAlias)
 	instanceFilterIDColumn := InstanceColumnID.setTable(instanceFilterTable)
 	instanceFilterCountColumn := InstancesFilterTableAlias + ".count"
-	return sq.Select(
-			InstanceColumnID.identifier(),
-			countColumn.identifier(),
-		).Distinct().From(instanceTable.identifier()).
+
+	selector := sq.Select(InstanceColumnID.identifier(), countColumn.identifier())
+	if !sortBy.isZero() {
+		selector = sq.Select(InstanceColumnID.identifier(), countColumn.identifier(), sortBy.identifier())
+	}
+
+	return selector.Distinct().From(instanceTable.identifier()).
 			LeftJoin(join(InstanceDomainInstanceIDCol, InstanceColumnID)),
 		func(builder sq.SelectBuilder) sq.SelectBuilder {
-			return sq.Select(
+			outerQuery := sq.Select(
 				instanceFilterCountColumn,
 				instanceFilterIDColumn.identifier(),
 				InstanceColumnCreationDate.identifier(),
@@ -292,6 +295,16 @@ func prepareInstancesQuery() (sq.SelectBuilder, func(sq.SelectBuilder) sq.Select
 				LeftJoin(join(InstanceColumnID, instanceFilterIDColumn)).
 				LeftJoin(join(InstanceDomainInstanceIDCol, instanceFilterIDColumn)).
 				PlaceholderFormat(sq.Dollar)
+
+			if !sortBy.isZero() {
+				sorting := sortBy.identifier()
+				if !isAscedingSort {
+					sorting += " DESC"
+				}
+				return outerQuery.OrderBy(sorting)
+			}
+
+			return outerQuery
 		},
 		func(rows *sql.Rows) (*Instances, error) {
 			instances := make([]*Instance, 0)
diff --git a/internal/query/instance_test.go b/internal/query/instance_test.go
index 55b1c8314b..37adfc8605 100644
--- a/internal/query/instance_test.go
+++ b/internal/query/instance_test.go
@@ -70,7 +70,7 @@ func Test_InstancePrepares(t *testing.T) {
 		{
 			name: "prepareInstancesQuery no result",
 			prepare: func() (sq.SelectBuilder, func(*sql.Rows) (*Instances, error)) {
-				filter, query, scan := prepareInstancesQuery()
+				filter, query, scan := prepareInstancesQuery(Column{}, true)
 				return query(filter), scan
 			},
 			want: want{
@@ -85,7 +85,7 @@ func Test_InstancePrepares(t *testing.T) {
 		{
 			name: "prepareInstancesQuery one result",
 			prepare: func() (sq.SelectBuilder, func(*sql.Rows) (*Instances, error)) {
-				filter, query, scan := prepareInstancesQuery()
+				filter, query, scan := prepareInstancesQuery(Column{}, true)
 				return query(filter), scan
 			},
 			want: want{
@@ -149,7 +149,7 @@ func Test_InstancePrepares(t *testing.T) {
 		{
 			name: "prepareInstancesQuery multiple results",
 			prepare: func() (sq.SelectBuilder, func(*sql.Rows) (*Instances, error)) {
-				filter, query, scan := prepareInstancesQuery()
+				filter, query, scan := prepareInstancesQuery(Column{}, true)
 				return query(filter), scan
 			},
 			want: want{
@@ -253,7 +253,8 @@ func Test_InstancePrepares(t *testing.T) {
 								IsPrimary:    true,
 							},
 						},
-					}, {
+					},
+					{
 						ID:           "id2",
 						CreationDate: testNow,
 						ChangeDate:   testNow,
@@ -282,7 +283,7 @@ func Test_InstancePrepares(t *testing.T) {
 		{
 			name: "prepareInstancesQuery sql err",
 			prepare: func() (sq.SelectBuilder, func(*sql.Rows) (*Instances, error)) {
-				filter, query, scan := prepareInstancesQuery()
+				filter, query, scan := prepareInstancesQuery(Column{}, true)
 				return query(filter), scan
 			},
 			want: want{
diff --git a/proto/zitadel/admin.proto b/proto/zitadel/admin.proto
index d9f8bee2c7..9033fd8668 100644
--- a/proto/zitadel/admin.proto
+++ b/proto/zitadel/admin.proto
@@ -307,6 +307,7 @@ service AdminService {
         };
     }
 
+    // Deprecated: Use [ListCustomDomains](apis/resources/instance_service_v2/instance-service-list-custom-domains.api.mdx) instead to list custom domains
     rpc ListInstanceDomains(ListInstanceDomainsRequest) returns (ListInstanceDomainsResponse) {
         option (google.api.http) = {
             post: "/domains/_search";
@@ -319,10 +320,12 @@ service AdminService {
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Instance";
             summary: "List Instance Domains";
-            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are the URLs where ZITADEL is running."
+            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are the URLs where ZITADEL is running.";
+            deprecated: true;
         };
     }
 
+    // Deprecated: Use [ListTrustedDomains](apis/resources/instance_service_v2/instance-service-list-trusted-domains.api.mdx) instead to list trusted domains
     rpc ListInstanceTrustedDomains(ListInstanceTrustedDomainsRequest) returns (ListInstanceTrustedDomainsResponse) {
         option (google.api.http) = {
             post: "/trusted_domains/_search";
@@ -335,10 +338,12 @@ service AdminService {
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Instance";
             summary: "List Instance Trusted Domains";
-            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts."
+            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts.";
+            deprecated: true;
         };
     }
 
+    // Deprecated: Use [AddTrustedDomain](apis/resources/instance_service_v2/instance-service-add-trusted-domain.api.mdx) instead to add a trusted domain
     rpc AddInstanceTrustedDomain(AddInstanceTrustedDomainRequest) returns (AddInstanceTrustedDomainResponse) {
         option (google.api.http) = {
             post: "/trusted_domains";
@@ -352,10 +357,12 @@ service AdminService {
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Instance";
             summary: "Add an Instance Trusted Domain";
-            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts."
+            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts.";
+            deprecated: true;
         };
     }
 
+    // Deprecated: Use [RemoveTrustedDomain](apis/resources/instance_service_v2/instance-service-remove-trusted-domain.api.mdx) instead to remove a trusted domain
     rpc RemoveInstanceTrustedDomain(RemoveInstanceTrustedDomainRequest) returns (RemoveInstanceTrustedDomainResponse) {
         option (google.api.http) = {
             delete: "/trusted_domains/{domain}";
@@ -368,7 +375,8 @@ service AdminService {
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Instance";
             summary: "Remove an Instance Trusted Domain";
-            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts."
+            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts.";
+            deprecated: true;
         };
     }
 
diff --git a/proto/zitadel/instance/v2beta/instance.proto b/proto/zitadel/instance/v2beta/instance.proto
new file mode 100644
index 0000000000..21f6148490
--- /dev/null
+++ b/proto/zitadel/instance/v2beta/instance.proto
@@ -0,0 +1,192 @@
+syntax = "proto3";
+
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "zitadel/object/v2/object.proto";
+import "validate/validate.proto";
+import "google/protobuf/timestamp.proto";
+
+package zitadel.instance.v2beta;
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta;instance";
+
+message Instance {
+    string id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"69629023906488334\""
+        }
+    ];
+
+    // change_date is the timestamp when the object was changed
+    //
+    // on read: the timestamp of the last event reduced by the projection
+    //
+    // on manipulation: the timestamp of the event(s) added by the manipulation
+    google.protobuf.Timestamp change_date = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"2025-01-23T10:34:18.051Z\"";
+        }
+    ];
+
+    google.protobuf.Timestamp creation_date = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"2025-01-23T10:34:18.051Z\"";
+        }
+    ];
+    State state = 4 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "current state of the instance";
+        }
+    ];
+    string name = 5 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"ZITADEL\"";
+        }
+    ];
+    string version = 6 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"1.0.0\"";
+        }
+    ];
+    repeated Domain domains = 7;
+}
+
+enum State {
+    STATE_UNSPECIFIED = 0;
+    STATE_CREATING = 1;
+    STATE_RUNNING = 2;
+    STATE_STOPPING = 3;
+    STATE_STOPPED = 4;
+}
+
+message Domain {
+    string instance_id = 1;
+
+    google.protobuf.Timestamp creation_date = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"2025-01-23T10:34:18.051Z\"";
+        }
+    ];
+
+    string domain = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"zitadel.com\""
+        }
+    ];
+    bool primary = 4;
+    bool generated = 5;
+}
+
+enum FieldName {
+    FIELD_NAME_UNSPECIFIED = 0;
+    FIELD_NAME_ID = 1;
+    FIELD_NAME_NAME = 2;
+    FIELD_NAME_CREATION_DATE = 3;
+}
+
+message Query {
+    oneof query {
+        option (validate.required) = true;
+
+        IdsQuery id_query = 1;
+        DomainsQuery domain_query = 2;
+    }
+}
+
+message IdsQuery {
+    repeated string ids = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Instance ID";
+            example: "[\"4820840938402429\",\"4820840938402422\"]"
+        }
+    ];
+}
+
+message DomainsQuery {
+    repeated string domains = 1  [
+        (validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            max_items: 20;
+            example: "[\"my-instace.zitadel.cloud\", \"auth.custom.com\"]";
+            description: "Return the instances that have the requested domains";
+        }
+    ];
+}
+message DomainSearchQuery {
+    oneof query {
+        option (validate.required) = true;
+
+        DomainQuery domain_query = 1;
+        DomainGeneratedQuery generated_query = 2;
+        DomainPrimaryQuery primary_query = 3;
+    }
+}
+
+message DomainQuery {
+    string domain = 1 [
+        (validate.rules).string = {max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            max_length: 200;
+            example: "\"zitadel.com\"";
+        }
+    ];
+    zitadel.object.v2.TextQueryMethod method = 2 [
+        (validate.rules).enum.defined_only = true,
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Defines which text equality method is used";
+        }
+    ];
+}
+
+message DomainGeneratedQuery {
+    bool generated = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Generated domains";
+        }
+    ];
+}
+
+message DomainPrimaryQuery {
+    bool primary = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Primary domains";
+        }
+    ];
+}
+
+enum DomainFieldName {
+    DOMAIN_FIELD_NAME_UNSPECIFIED = 0;
+    DOMAIN_FIELD_NAME_DOMAIN = 1;
+    DOMAIN_FIELD_NAME_PRIMARY = 2;
+    DOMAIN_FIELD_NAME_GENERATED = 3;
+    DOMAIN_FIELD_NAME_CREATION_DATE = 4;
+}
+
+message TrustedDomain {
+    string instance_id = 1;
+
+    google.protobuf.Timestamp creation_date = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"2025-01-23T10:34:18.051Z\"";
+        }
+    ];
+
+    string domain = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"zitadel.com\""
+        }
+    ];
+}
+
+message TrustedDomainSearchQuery {
+    oneof query {
+        option (validate.required) = true;
+
+        DomainQuery domain_query = 1;
+    }
+}
+
+enum TrustedDomainFieldName {
+    TRUSTED_DOMAIN_FIELD_NAME_UNSPECIFIED = 0;
+    TRUSTED_DOMAIN_FIELD_NAME_DOMAIN = 1;
+    TRUSTED_DOMAIN_FIELD_NAME_CREATION_DATE = 2;
+}
diff --git a/proto/zitadel/instance/v2beta/instance_service.proto b/proto/zitadel/instance/v2beta/instance_service.proto
new file mode 100644
index 0000000000..0a5de00286
--- /dev/null
+++ b/proto/zitadel/instance/v2beta/instance_service.proto
@@ -0,0 +1,648 @@
+syntax = "proto3";
+
+package zitadel.instance.v2beta;
+
+import "validate/validate.proto";
+import "zitadel/object/v2/object.proto";
+import "zitadel/instance/v2beta/instance.proto";
+import "zitadel/filter/v2beta/filter.proto";
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "google/protobuf/empty.proto";
+import "google/api/annotations.proto";
+import "google/api/field_behavior.proto";
+import "google/protobuf/timestamp.proto";
+import "zitadel/protoc_gen_zitadel/v2/options.proto";
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta;instance";
+
+option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
+  info: {
+    title: "Instance Service";
+    version: "2.0-beta";
+    description: "This API is intended to manage instances in ZITADEL.";
+    contact:{
+      name: "ZITADEL"
+      url: "https://zitadel.com"
+      email: "hi@zitadel.com"
+    }
+    license: {
+      name: "AGPL-3.0-only",
+      url: "https://github.com/zitadel/zitadel/blob/main/LICENSING.md";
+    };
+  };
+  schemes: HTTPS;
+  schemes: HTTP;
+
+  consumes: "application/json";
+  consumes: "application/grpc";
+
+  produces: "application/json";
+  produces: "application/grpc";
+
+  consumes: "application/grpc-web+proto";
+  produces: "application/grpc-web+proto";
+
+  host: "$CUSTOM-DOMAIN";
+  base_path: "/";
+
+  external_docs: {
+    description: "Detailed information about ZITADEL",
+    url: "https://zitadel.com/docs"
+  }
+  security_definitions: {
+    security: {
+      key: "OAuth2";
+      value: {
+        type: TYPE_OAUTH2;
+        flow: FLOW_ACCESS_CODE;
+        authorization_url: "$CUSTOM-DOMAIN/oauth/v2/authorize";
+        token_url: "$CUSTOM-DOMAIN/oauth/v2/token";
+        scopes: {
+          scope: {
+            key: "openid";
+            value: "openid";
+          }
+          scope: {
+            key: "urn:zitadel:iam:org:project:id:zitadel:aud";
+            value: "urn:zitadel:iam:org:project:id:zitadel:aud";
+          }
+        }
+      }
+    }
+  }
+  security: {
+    security_requirement: {
+      key: "OAuth2";
+      value: {
+        scope: "openid";
+        scope: "urn:zitadel:iam:org:project:id:zitadel:aud";
+      }
+    }
+  }
+  responses: {
+    key: "403";
+    value: {
+      description: "Returned when the user does not have permission to access the resource.";
+      schema: {
+        json_schema: {
+          ref: "#/definitions/rpcStatus";
+        }
+      }
+    }
+  }
+  responses: {
+    key: "404";
+    value: {
+      description: "Returned when the resource does not exist.";
+      schema: {
+        json_schema: {
+          ref: "#/definitions/rpcStatus";
+        }
+      }
+    }
+  }
+};
+
+// Service to manage instances and their domains.
+// The service provides methods to create, update, delete and list instances and their domains.
+service InstanceService {
+
+  // Delete Instance
+  //
+  // Deletes an instance with the given ID.
+  //
+  // Required permissions:
+  //   - `system.instance.delete`
+  rpc DeleteInstance(DeleteInstanceRequest) returns (DeleteInstanceResponse) {
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "The deleted instance.";
+        }
+      };
+    };
+
+    option (google.api.http) = {
+      delete: "/v2beta/instances/{instance_id}"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "system.instance.delete"
+      }
+    };
+  }
+
+  // Get Instance
+  //
+  // Returns the instance in the current context.
+  //
+  // The instace_id in the input message will be used in the future.
+  //
+  // Required permissions:
+  //   - `iam.read`
+  rpc GetInstance(GetInstanceRequest) returns (GetInstanceResponse) {
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "The instance of the context.";
+        }
+      };
+    };
+
+    option (google.api.http) = {
+      get: "/v2beta/instances/{instance_id}"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.read"
+      }
+    };
+  }
+
+  // Update Instance
+  //
+  // Updates instance in context with the given name.
+  //
+  // The instance_id in the input message will be used in the future.
+  //
+  // Required permissions:
+  //   - `iam.write`
+  rpc UpdateInstance(UpdateInstanceRequest) returns (UpdateInstanceResponse) {
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "The instance was successfully updated.";
+        }
+      };
+    };
+
+    option (google.api.http) = {
+      put: "/v2beta/instances/{instance_id}"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.write"
+      }
+    };
+  }
+
+  // List Instances
+  //
+  // Lists instances matching the given query.
+  // The query can be used to filter either by instance ID or domain.
+  // The request is paginated and returns 100 results by default.
+  //
+  // Required permissions:
+  //  - `system.instance.read`
+  rpc ListInstances(ListInstancesRequest) returns (ListInstancesResponse) {
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "The list of instances.";
+        }
+      };
+    };
+
+    option (google.api.http) = {
+      post: "/v2beta/instances/search"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "system.instance.read"
+      }
+    };
+  }
+  
+  // Add Custom Domain
+  //
+  // Adds a custom domain to the instance in context.
+  //
+  // The instance_id in the input message will be used in the future
+  //
+  // Required permissions:
+  //   - `system.domain.write`
+  rpc AddCustomDomain(AddCustomDomainRequest) returns (AddCustomDomainResponse) {
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "The added custom domain.";
+        }
+      };
+    };
+
+    option (google.api.http) = {
+      post: "/v2beta/instances/{instance_id}/custom-domains"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "system.domain.write"
+      }
+    };
+  }
+
+  // Remove Custom Domain
+  //
+  // Removes a custom domain from the instance.
+  //
+  // The instance_id in the input message will be used in the future.
+  //
+  // Required permissions:
+  //  - `system.domain.write`
+  rpc RemoveCustomDomain(RemoveCustomDomainRequest) returns (RemoveCustomDomainResponse) {
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "The removed custom domain.";
+        }
+      };
+    };
+
+    option (google.api.http) = {
+      delete: "/v2beta/instances/{instance_id}/custom-domains/{domain}"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "system.domain.write"
+      }
+    };
+  }
+
+  // List Custom Domains
+  //
+  // Lists custom domains of the instance.
+  //
+  // The instance_id in the input message will be used in the future.
+  //
+  // Required permissions:
+  //  - `iam.read`
+  rpc ListCustomDomains(ListCustomDomainsRequest) returns (ListCustomDomainsResponse) {
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "The list of custom domains.";
+        }
+      };
+    };
+
+    option (google.api.http) = {
+      post: "/v2beta/instances/{instance_id}/custom-domains/search"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.read"
+      }
+    };
+  }
+
+  // Add Trusted Domain
+  //
+  // Adds a trusted domain to the instance.
+  //
+  // The instance_id in the input message will be used in the future.
+  //
+  // Required permissions:
+  //  - `iam.write`
+  rpc AddTrustedDomain(AddTrustedDomainRequest) returns (AddTrustedDomainResponse) {
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "The added trusted domain.";
+        }
+      };
+    };
+
+    option (google.api.http) = {
+      post: "/v2beta/instances/{instance_id}/trusted-domains"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.write"
+      }
+    };
+  }
+
+  // Remove Trusted Domain
+  //
+  // Removes a trusted domain from the instance.
+  //
+  // The instance_id in the input message will be used in the future.
+  //
+  // Required permissions:
+  //  - `iam.write`
+  rpc RemoveTrustedDomain(RemoveTrustedDomainRequest) returns (RemoveTrustedDomainResponse) {
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "The removed trusted domain.";
+        }
+      };
+    };
+
+    option (google.api.http) = {
+      delete: "/v2beta/instances/{instance_id}/trusted-domains/{domain}"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.write"
+      }
+    };
+  }
+
+  
+  // List Trusted Domains
+  //
+  // Lists trusted domains of the instance.
+  //
+  // The instance_id in the input message will be used in the future.
+  //
+  // Required permissions:
+  //   - `iam.read`
+  rpc ListTrustedDomains(ListTrustedDomainsRequest) returns (ListTrustedDomainsResponse) {
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "The list of trusted domains.";
+        }
+      };
+    };
+
+    option (google.api.http) = {
+      post: "/v2beta/instances/{instance_id}/trusted-domains/search"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.read"
+      }
+    };
+  }
+}
+
+message DeleteInstanceRequest {
+  string instance_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"222430354126975533\"";
+    }
+  ];
+}
+
+message DeleteInstanceResponse {
+  google.protobuf.Timestamp deletion_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message GetInstanceRequest {
+  string instance_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"222430354126975533\"";
+    }
+  ];
+}
+
+message GetInstanceResponse {
+  zitadel.instance.v2beta.Instance instance = 1;
+}
+
+message UpdateInstanceRequest {
+  // used only to identify the instance to change.
+  string instance_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"222430354126975533\"";
+    }
+  ];
+  string instance_name = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      description: "\"name of the instance to update\"";
+      example: "\"my instance\"";
+    }
+  ];
+}
+
+message UpdateInstanceResponse {
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message ListInstancesRequest {
+  // Criterias the client is looking for.
+  repeated Query queries = 1;
+
+  // Pagination and sorting.
+  zitadel.filter.v2beta.PaginationRequest pagination = 2;
+  
+  // The field the result is sorted by.
+  optional FieldName sorting_column = 3;
+}
+
+message ListInstancesResponse {
+  // The list of instances.
+  repeated Instance instances = 1;
+
+  // Contains the total number of instances matching the query and the applied limit.
+  zitadel.filter.v2beta.PaginationResponse pagination = 2;
+}
+
+message AddCustomDomainRequest {
+  string instance_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"222430354126975533\"";
+    }
+  ];
+  string domain = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 253},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 253;
+    }
+  ];
+}
+
+message AddCustomDomainResponse {
+  google.protobuf.Timestamp creation_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message RemoveCustomDomainRequest {
+  string instance_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"222430354126975533\"";
+    }
+  ];
+  string domain = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 253},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 253;
+    }
+  ];
+}
+
+message RemoveCustomDomainResponse {
+  google.protobuf.Timestamp deletion_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message ListCustomDomainsRequest {
+  string instance_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"222430354126975533\"";
+    }
+  ];
+
+  // Pagination and sorting.
+  zitadel.filter.v2beta.PaginationRequest pagination = 2;
+
+  // The field the result is sorted by.
+  DomainFieldName sorting_column = 3;
+
+  // Criterias the client is looking for.
+  repeated DomainSearchQuery queries = 4;
+}
+
+message ListCustomDomainsResponse {
+  repeated Domain domains = 1;
+
+  // Contains the total number of domains matching the query and the applied limit.
+  zitadel.filter.v2beta.PaginationResponse pagination = 2;
+}
+
+message AddTrustedDomainRequest {
+  string instance_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"222430354126975533\"";
+    }
+  ];
+  string domain = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 253},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"login.example.com\"";
+        min_length: 1;
+        max_length: 253;
+    }
+  ];
+}
+
+message AddTrustedDomainResponse {
+  google.protobuf.Timestamp creation_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message RemoveTrustedDomainRequest {
+  string instance_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"222430354126975533\"";
+    }
+  ];
+  string domain = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 253},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"login.example.com\"";
+        min_length: 1;
+        max_length: 253;
+    }
+  ];
+}
+
+message RemoveTrustedDomainResponse {
+  google.protobuf.Timestamp deletion_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message ListTrustedDomainsRequest {
+  string instance_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"222430354126975533\"";
+    }
+  ];
+
+  // Pagination and sorting.
+  zitadel.filter.v2beta.PaginationRequest pagination = 2;
+
+  // The field the result is sorted by.
+  TrustedDomainFieldName sorting_column = 3;
+  
+  // Criterias the client is looking for.
+  repeated TrustedDomainSearchQuery queries = 4;
+}
+
+message ListTrustedDomainsResponse {
+  repeated TrustedDomain trusted_domain = 1;
+
+  // Contains the total number of domains matching the query and the applied limit.
+  zitadel.filter.v2beta.PaginationResponse pagination = 2;
+}
diff --git a/proto/zitadel/system.proto b/proto/zitadel/system.proto
index f124c37a79..09b5559fb9 100644
--- a/proto/zitadel/system.proto
+++ b/proto/zitadel/system.proto
@@ -117,6 +117,8 @@ service SystemService {
   }
 
   // Returns a list of ZITADEL instances
+  //
+  // Deprecated: Use [ListInstances](apis/resources/instance_service_v2/instance-service-list-instances.api.mdx) instead to list instances
   rpc ListInstances(ListInstancesRequest) returns (ListInstancesResponse) {
     option (google.api.http) = {
       post: "/instances/_search"
@@ -126,9 +128,15 @@ service SystemService {
     option (zitadel.v1.auth_option) = {
       permission: "system.instance.read";
     };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        deprecated: true;
+    };
   }
 
   // Returns the detail of an instance
+  //
+  // Deprecated: Use [GetInstance](apis/resources/instance_service_v2/instance-service-get-instance.api.mdx) instead to get the details of the instance in context
   rpc GetInstance(GetInstanceRequest) returns (GetInstanceResponse) {
     option (google.api.http) = {
       get: "/instances/{instance_id}";
@@ -137,6 +145,10 @@ service SystemService {
     option (zitadel.v1.auth_option) = {
       permission: "system.instance.read";
     };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        deprecated: true;
+    };
   }
 
   // Deprecated: Use CreateInstance instead
@@ -151,9 +163,15 @@ service SystemService {
     option (zitadel.v1.auth_option) = {
       permission: "system.instance.write";
     };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        deprecated: true;
+    };
   }
 
   // Updates name of an existing instance
+  //
+  // Deprecated: Use [UpdateInstance](apis/resources/instance_service_v2/instance-service-update-instance.api.mdx) instead to update the name of the instance in context
   rpc UpdateInstance(UpdateInstanceRequest) returns (UpdateInstanceResponse) {
     option (google.api.http) = {
       put: "/instances/{instance_id}"
@@ -163,6 +181,10 @@ service SystemService {
     option (zitadel.v1.auth_option) = {
       permission: "system.instance.write";
     };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        deprecated: true;
+    };
   }
 
   // Creates a new instance with all needed setup data
@@ -180,6 +202,8 @@ service SystemService {
 
   // Removes an instance
   // This might take some time
+  //
+  // Deprecated: Use [DeleteInstance](apis/resources/instance_service_v2/instance-service-delete-instance.api.mdx) instead to delete an instance
   rpc RemoveInstance(RemoveInstanceRequest) returns (RemoveInstanceResponse) {
     option (google.api.http) = {
       delete: "/instances/{instance_id}"
@@ -188,6 +212,10 @@ service SystemService {
     option (zitadel.v1.auth_option) = {
       permission: "system.instance.delete";
     };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        deprecated: true;
+    };
   }
 
   //Returns all instance members matching the request
@@ -204,7 +232,9 @@ service SystemService {
     };
   }
 
-  //Checks if a domain exists
+  // Checks if a domain exists
+  //
+  // Deprecated: Use [ListCustomDomains](apis/resources/instance_service_v2/instance-service-list-custom-domains.api.mdx) instead to check existence of an instance
   rpc ExistsDomain(ExistsDomainRequest) returns (ExistsDomainResponse) {
     option (google.api.http) = {
       post: "/domains/{domain}/_exists";
@@ -214,10 +244,14 @@ service SystemService {
     option (zitadel.v1.auth_option) = {
       permission: "system.domain.read";
     };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        deprecated: true;
+    };
   }
 
   // Returns the custom domains of an instance
-  //Checks if a domain exists
+  // Checks if a domain exists
   // Deprecated: Use the Admin APIs ListInstanceDomains on the admin API instead
   rpc ListDomains(ListDomainsRequest) returns (ListDomainsResponse) {
     option (google.api.http) = {
@@ -228,9 +262,15 @@ service SystemService {
     option (zitadel.v1.auth_option) = {
       permission: "system.domain.read";
     };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        deprecated: true;
+    };
   }
 
   // Adds a domain to an instance
+  //
+  // Deprecated: Use [AddCustomDomain](apis/resources/instance_service_v2/instance-service-add-custom-domain.api.mdx) instead to add a custom domain to the instance in context
   rpc AddDomain(AddDomainRequest) returns (AddDomainResponse) {
     option (google.api.http) = {
       post: "/instances/{instance_id}/domains";
@@ -240,9 +280,15 @@ service SystemService {
     option (zitadel.v1.auth_option) = {
       permission: "system.domain.write";
     };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        deprecated: true;
+    };
   }
 
   // Removes the domain of an instance
+  //
+  // Deprecated: Use [RemoveDomain](apis/resources/instance_service_v2/instance-service-remove-custom-domain.api.mdx) instead to remove a custom domain from the instance in context
   rpc RemoveDomain(RemoveDomainRequest) returns (RemoveDomainResponse) {
     option (google.api.http) = {
       delete: "/instances/{instance_id}/domains/{domain}";
@@ -251,6 +297,10 @@ service SystemService {
     option (zitadel.v1.auth_option) = {
       permission: "system.domain.delete";
     };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        deprecated: true;
+    };
   }
 
   // Sets the primary domain of an instance

From 6889d6a1daba1ce6e9696f43a6d4c0fe1b3cb400 Mon Sep 17 00:00:00 2001
From: alfa-alex <76205862+alfa-alex@users.noreply.github.com>
Date: Wed, 21 May 2025 12:55:40 +0200
Subject: [PATCH 062/123] feat: add custom org ID to AddOrganizationRequest
 (#9720)

# Which Problems Are Solved

- It is not possible to specify a custom organization ID when creating
an organization. According to
https://github.com/zitadel/zitadel/discussions/9202#discussioncomment-11929464
this is "an inconsistency in the V2 API".

# How the Problems Are Solved

- Adds the `org_id` as an optional parameter to the
`AddOrganizationRequest` in the `v2beta` API.

# Additional Changes

None.

# Additional Context

- Discussion
[#9202](https://github.com/zitadel/zitadel/discussions/9202)
- I was mostly interested in how much work it'd be to add this field.
Then after completing this, I thought I'd submit this PR. I won't be
angry if you just close this PR with the reasoning "we didn't ask for
it". :smile:
- Even though I don't think this is a breaking change, I didn't add this
to the `v2` API yet (don't know what the process for this is TBH). The
changes should be analogous, so if you want me to, just request it.

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
---
 .../grpc/org/v2/integration_test/org_test.go  | 12 ++++
 .../org/v2/integration_test/query_test.go     | 39 +++++++++++++
 internal/api/grpc/org/v2/org.go               |  1 +
 internal/api/grpc/org/v2/org_test.go          | 15 +++++
 .../org/v2beta/integration_test/org_test.go   | 12 ++++
 internal/api/grpc/org/v2beta/org.go           |  1 +
 internal/api/grpc/org/v2beta/org_test.go      | 15 +++++
 internal/command/org.go                       | 21 ++++++-
 internal/command/org_test.go                  | 55 +++++++++++++++++++
 internal/integration/client.go                |  9 +++
 proto/zitadel/org/v2/org_service.proto        |  8 +++
 proto/zitadel/org/v2beta/org_service.proto    |  8 +++
 12 files changed, 193 insertions(+), 3 deletions(-)

diff --git a/internal/api/grpc/org/v2/integration_test/org_test.go b/internal/api/grpc/org/v2/integration_test/org_test.go
index aa8a718e68..b28bbf5ef2 100644
--- a/internal/api/grpc/org/v2/integration_test/org_test.go
+++ b/internal/api/grpc/org/v2/integration_test/org_test.go
@@ -81,6 +81,18 @@ func TestServer_AddOrganization(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "no admin, custom org ID",
+			ctx:  CTX,
+			req: &org.AddOrganizationRequest{
+				Name:  gofakeit.AppName(),
+				OrgId: gu.Ptr("custom-org-ID"),
+			},
+			want: &org.AddOrganizationResponse{
+				OrganizationId: "custom-org-ID",
+				CreatedAdmins:  []*org.AddOrganizationResponse_CreatedAdmin{},
+			},
+		},
 		{
 			name: "admin with init with userID passed for Human admin",
 			ctx:  CTX,
diff --git a/internal/api/grpc/org/v2/integration_test/query_test.go b/internal/api/grpc/org/v2/integration_test/query_test.go
index cb7576455c..b2f27dbe62 100644
--- a/internal/api/grpc/org/v2/integration_test/query_test.go
+++ b/internal/api/grpc/org/v2/integration_test/query_test.go
@@ -38,6 +38,16 @@ func createOrganization(ctx context.Context, name string) orgAttr {
 	}
 }
 
+func createOrganizationWithCustomOrgID(ctx context.Context, name string, orgID string) orgAttr {
+	orgResp := Instance.CreateOrganizationWithCustomOrgID(ctx, name, orgID)
+	orgResp.Details.CreationDate = orgResp.Details.ChangeDate
+	return orgAttr{
+		ID:      orgResp.GetOrganizationId(),
+		Name:    name,
+		Details: orgResp.GetDetails(),
+	}
+}
+
 func TestServer_ListOrganizations(t *testing.T) {
 	type args struct {
 		ctx context.Context
@@ -163,6 +173,35 @@ func TestServer_ListOrganizations(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "list org by custom id, ok",
+			args: args{
+				CTX,
+				&org.ListOrganizationsRequest{},
+				func(ctx context.Context, request *org.ListOrganizationsRequest) ([]orgAttr, error) {
+					orgs := make([]orgAttr, 1)
+					name := fmt.Sprintf("ListOrgs-%s", gofakeit.AppName())
+					orgID := gofakeit.Company()
+					orgs[0] = createOrganizationWithCustomOrgID(ctx, name, orgID)
+					request.Queries = []*org.SearchQuery{
+						OrganizationIdQuery(orgID),
+					}
+					return orgs, nil
+				},
+			},
+			want: &org.ListOrganizationsResponse{
+				Details: &object.ListDetails{
+					TotalResult: 1,
+					Timestamp:   timestamppb.Now(),
+				},
+				SortingColumn: 0,
+				Result: []*org.Organization{
+					{
+						State: org.OrganizationState_ORGANIZATION_STATE_ACTIVE,
+					},
+				},
+			},
+		},
 		{
 			name: "list org by name, ok",
 			args: args{
diff --git a/internal/api/grpc/org/v2/org.go b/internal/api/grpc/org/v2/org.go
index 5f21f7403e..bbc3caca85 100644
--- a/internal/api/grpc/org/v2/org.go
+++ b/internal/api/grpc/org/v2/org.go
@@ -31,6 +31,7 @@ func addOrganizationRequestToCommand(request *org.AddOrganizationRequest) (*comm
 		Name:         request.GetName(),
 		CustomDomain: "",
 		Admins:       admins,
+		OrgID:        request.GetOrgId(),
 	}, nil
 }
 
diff --git a/internal/api/grpc/org/v2/org_test.go b/internal/api/grpc/org/v2/org_test.go
index b384f858de..7ae252a209 100644
--- a/internal/api/grpc/org/v2/org_test.go
+++ b/internal/api/grpc/org/v2/org_test.go
@@ -38,6 +38,21 @@ func Test_addOrganizationRequestToCommand(t *testing.T) {
 			},
 			wantErr: zerrors.ThrowUnimplementedf(nil, "ORGv2-SD2r1", "userType oneOf %T in method AddOrganization not implemented", nil),
 		},
+		{
+			name: "custom org ID",
+			args: args{
+				request: &org.AddOrganizationRequest{
+					Name:  "custom org ID",
+					OrgId: gu.Ptr("org-ID"),
+				},
+			},
+			want: &command.OrgSetup{
+				Name:         "custom org ID",
+				CustomDomain: "",
+				Admins:       []*command.OrgSetupAdmin{},
+				OrgID:        "org-ID",
+			},
+		},
 		{
 			name: "user ID",
 			args: args{
diff --git a/internal/api/grpc/org/v2beta/integration_test/org_test.go b/internal/api/grpc/org/v2beta/integration_test/org_test.go
index 5998b17a71..a2b2bf6047 100644
--- a/internal/api/grpc/org/v2beta/integration_test/org_test.go
+++ b/internal/api/grpc/org/v2beta/integration_test/org_test.go
@@ -79,6 +79,18 @@ func TestServer_AddOrganization(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "no admin, custom org ID",
+			ctx:  CTX,
+			req: &org.AddOrganizationRequest{
+				Name:  gofakeit.AppName(),
+				OrgId: gu.Ptr("custom-org-ID"),
+			},
+			want: &org.AddOrganizationResponse{
+				OrganizationId: "custom-org-ID",
+				CreatedAdmins:  []*org.AddOrganizationResponse_CreatedAdmin{},
+			},
+		},
 		{
 			name: "admin with init",
 			ctx:  CTX,
diff --git a/internal/api/grpc/org/v2beta/org.go b/internal/api/grpc/org/v2beta/org.go
index ab2da2b766..39730f827e 100644
--- a/internal/api/grpc/org/v2beta/org.go
+++ b/internal/api/grpc/org/v2beta/org.go
@@ -31,6 +31,7 @@ func addOrganizationRequestToCommand(request *org.AddOrganizationRequest) (*comm
 		Name:         request.GetName(),
 		CustomDomain: "",
 		Admins:       admins,
+		OrgID:        request.GetOrgId(),
 	}, nil
 }
 
diff --git a/internal/api/grpc/org/v2beta/org_test.go b/internal/api/grpc/org/v2beta/org_test.go
index 5024b59c1d..57ed05dfb2 100644
--- a/internal/api/grpc/org/v2beta/org_test.go
+++ b/internal/api/grpc/org/v2beta/org_test.go
@@ -39,6 +39,21 @@ func Test_addOrganizationRequestToCommand(t *testing.T) {
 			},
 			wantErr: zerrors.ThrowUnimplementedf(nil, "ORGv2-SD2r1", "userType oneOf %T in method AddOrganization not implemented", nil),
 		},
+		{
+			name: "custom org ID",
+			args: args{
+				request: &org.AddOrganizationRequest{
+					Name:  "custom org ID",
+					OrgId: gu.Ptr("org-ID"),
+				},
+			},
+			want: &command.OrgSetup{
+				Name:         "custom org ID",
+				CustomDomain: "",
+				Admins:       []*command.OrgSetupAdmin{},
+				OrgID:        "org-ID",
+			},
+		},
 		{
 			name: "user ID",
 			args: args{
diff --git a/internal/command/org.go b/internal/command/org.go
index a018a90c82..9874410a5f 100644
--- a/internal/command/org.go
+++ b/internal/command/org.go
@@ -31,6 +31,7 @@ type OrgSetup struct {
 	Name         string
 	CustomDomain string
 	Admins       []*OrgSetupAdmin
+	OrgID        string
 }
 
 // OrgSetupAdmin describes a user to be created (Human / Machine) or an existing (ID) to be used for an org setup.
@@ -64,6 +65,13 @@ type CreatedOrgAdmin struct {
 	MachineKey *MachineKey
 }
 
+func (o *OrgSetup) Validate() (err error) {
+	if o.OrgID != "" && strings.TrimSpace(o.OrgID) == "" {
+		return zerrors.ThrowInvalidArgument(nil, "ORG-4ABd3", "Errors.Invalid.Argument")
+	}
+	return nil
+}
+
 func (c *Commands) setUpOrgWithIDs(ctx context.Context, o *OrgSetup, orgID string, allowInitialMail bool, userIDs ...string) (_ *CreatedOrg, err error) {
 	cmds := c.newOrgSetupCommands(ctx, orgID, o)
 	for _, admin := range o.Admins {
@@ -233,12 +241,19 @@ func (c *orgSetupCommands) createdMachineAdmin(admin *OrgSetupAdmin) *CreatedOrg
 }
 
 func (c *Commands) SetUpOrg(ctx context.Context, o *OrgSetup, allowInitialMail bool, userIDs ...string) (*CreatedOrg, error) {
-	orgID, err := c.idGenerator.Next()
-	if err != nil {
+	if err := o.Validate(); err != nil {
 		return nil, err
 	}
 
-	return c.setUpOrgWithIDs(ctx, o, orgID, allowInitialMail, userIDs...)
+	if o.OrgID == "" {
+		var err error
+		o.OrgID, err = c.idGenerator.Next()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return c.setUpOrgWithIDs(ctx, o, o.OrgID, allowInitialMail, userIDs...)
 }
 
 // AddOrgCommand defines the commands to create a new org,
diff --git a/internal/command/org_test.go b/internal/command/org_test.go
index 4ec85d61e1..4b6fd7afe5 100644
--- a/internal/command/org_test.go
+++ b/internal/command/org_test.go
@@ -1344,6 +1344,22 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 				err: zerrors.ThrowInvalidArgument(nil, "ORG-mruNY", "Errors.Invalid.Argument"),
 			},
 		},
+		{
+			name: "org id empty, error",
+			fields: fields{
+				eventstore: expectEventstore(),
+			},
+			args: args{
+				ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
+				setupOrg: &OrgSetup{
+					Name:  "Org",
+					OrgID: " ",
+				},
+			},
+			res: res{
+				err: zerrors.ThrowInvalidArgument(nil, "ORG-4ABd3", "Errors.Invalid.Argument"),
+			},
+		},
 		{
 			name: "userID not existing, error",
 			fields: fields{
@@ -1523,6 +1539,45 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "no human added, custom org ID",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectPush(
+						eventFromEventPusher(org.NewOrgAddedEvent(context.Background(),
+							&org.NewAggregate("custom-org-ID").Aggregate,
+							"Org",
+						)),
+						eventFromEventPusher(org.NewDomainAddedEvent(context.Background(),
+							&org.NewAggregate("custom-org-ID").Aggregate, "org.iam-domain",
+						)),
+						eventFromEventPusher(org.NewDomainVerifiedEvent(context.Background(),
+							&org.NewAggregate("custom-org-ID").Aggregate,
+							"org.iam-domain",
+						)),
+						eventFromEventPusher(org.NewDomainPrimarySetEvent(context.Background(),
+							&org.NewAggregate("custom-org-ID").Aggregate,
+							"org.iam-domain",
+						)),
+					),
+				),
+			},
+			args: args{
+				ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
+				setupOrg: &OrgSetup{
+					Name:  "Org",
+					OrgID: "custom-org-ID",
+				},
+			},
+			res: res{
+				createdOrg: &CreatedOrg{
+					ObjectDetails: &domain.ObjectDetails{
+						ResourceOwner: "custom-org-ID",
+					},
+					CreatedAdmins: []*CreatedOrgAdmin{},
+				},
+			},
+		},
 		{
 			name: "existing human added",
 			fields: fields{
diff --git a/internal/integration/client.go b/internal/integration/client.go
index bd9775a28a..61645cc067 100644
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -293,6 +293,15 @@ func SetOrgID(ctx context.Context, orgID string) context.Context {
 	return metadata.NewOutgoingContext(ctx, md)
 }
 
+func (i *Instance) CreateOrganizationWithCustomOrgID(ctx context.Context, name, orgID string) *org.AddOrganizationResponse {
+	resp, err := i.Client.OrgV2.AddOrganization(ctx, &org.AddOrganizationRequest{
+		Name:  name,
+		OrgId: gu.Ptr(orgID),
+	})
+	logging.OnError(err).Fatal("create org")
+	return resp
+}
+
 func (i *Instance) CreateOrganizationWithUserID(ctx context.Context, name, userID string) *org.AddOrganizationResponse {
 	resp, err := i.Client.OrgV2.AddOrganization(ctx, &org.AddOrganizationRequest{
 		Name: name,
diff --git a/proto/zitadel/org/v2/org_service.proto b/proto/zitadel/org/v2/org_service.proto
index 94ced55146..729350e1f9 100644
--- a/proto/zitadel/org/v2/org_service.proto
+++ b/proto/zitadel/org/v2/org_service.proto
@@ -197,6 +197,14 @@ message AddOrganizationRequest{
     }
   ];
   repeated Admin admins = 2;
+  // optionally set your own id unique for the organization.
+  optional string org_id = 3 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      max_length: 200;
+      example: "\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\"";
+    }
+  ];
 }
 
 message AddOrganizationResponse{
diff --git a/proto/zitadel/org/v2beta/org_service.proto b/proto/zitadel/org/v2beta/org_service.proto
index 90c29ca354..e303b676d7 100644
--- a/proto/zitadel/org/v2beta/org_service.proto
+++ b/proto/zitadel/org/v2beta/org_service.proto
@@ -160,6 +160,14 @@ message AddOrganizationRequest{
     }
   ];
   repeated Admin admins = 2;
+  // optionally set your own id unique for the organization.
+  optional string org_id = 3 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      max_length: 200;
+      example: "\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\"";
+    }
+  ];
 }
 
 message AddOrganizationResponse{

From 7eb45c6cfd8092d99bd90a318e50a1fbcb017257 Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Wed, 21 May 2025 14:40:47 +0200
Subject: [PATCH 063/123] feat: project v2beta resource API (#9742)

# Which Problems Are Solved

Resource management of projects and sub-resources was before limited by
the context provided by the management API, which would mean you could
only manage resources belonging to a specific organization.

# How the Problems Are Solved

With the addition of a resource-based API, it is now possible to manage
projects and sub-resources on the basis of the resources themselves,
which means that as long as you have the permission for the resource,
you can create, read, update and delete it.

- CreateProject to create a project under an organization
- UpdateProject to update an existing project
- DeleteProject to delete an existing project
- DeactivateProject and ActivateProject to change the status of a
project
- GetProject to query for a specific project with an identifier
- ListProject to query for projects and granted projects
- CreateProjectGrant to create a project grant with project and granted
organization
- UpdateProjectGrant to update the roles of a project grant
- DeactivateProjectGrant and ActivateProjectGrant to change the status
of a project grant
- DeleteProjectGrant to delete an existing project grant
- ListProjectGrants to query for project grants
- AddProjectRole to add a role to an existing project
- UpdateProjectRole to change texts of an existing role
- RemoveProjectRole to remove an existing role
- ListProjectRoles to query for project roles

# Additional Changes

- Changes to ListProjects, which now contains granted projects as well
- Changes to messages as defined in the
[API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md)
- Permission checks for project functionality on query and command side
- Added testing to unit tests on command side
- Change update endpoints to no error returns if nothing changes in the
resource
- Changed all integration test utility to the new service
- ListProjects now also correctly lists `granted projects`
- Permission checks for project grant and project role functionality on
query and command side
- Change existing pre checks so that they also work resource specific
without resourceowner
- Added the resourceowner to the grant and role if no resourceowner is
provided
- Corrected import tests with project grants and roles
- Added testing to unit tests on command side
- Change update endpoints to no error returns if nothing changes in the
resource
- Changed all integration test utility to the new service
- Corrected some naming in the proto files to adhere to the API_DESIGN

# Additional Context

Closes #9177

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 cmd/start/start.go                            |    4 +
 docs/docusaurus.config.js                     |    8 +
 docs/sidebars.js                              |   12 +
 .../integration_test/execution_target_test.go |    9 +-
 internal/api/grpc/admin/export.go             |    6 +-
 internal/api/grpc/admin/import.go             |    6 +-
 .../admin/integration_test/import_test.go     |   24 +
 internal/api/grpc/management/project.go       |   27 +-
 .../api/grpc/management/project_converter.go  |   51 +-
 internal/api/grpc/management/project_grant.go |   17 +-
 .../management/project_grant_converter.go     |   16 +-
 .../oidc/v2/integration_test/oidc_test.go     |   35 +-
 .../oidc/v2beta/integration_test/oidc_test.go |   29 +-
 .../v2beta/integration/project_grant_test.go  | 1292 ++++++++++++
 .../v2beta/integration/project_role_test.go   |  698 +++++++
 .../v2beta/integration/project_test.go        | 1013 ++++++++++
 .../project/v2beta/integration/query_test.go  | 1738 +++++++++++++++++
 .../project/v2beta/integration/server_test.go |   63 +
 internal/api/grpc/project/v2beta/project.go   |  161 ++
 .../api/grpc/project/v2beta/project_grant.go  |  126 ++
 .../api/grpc/project/v2beta/project_role.go   |  132 ++
 internal/api/grpc/project/v2beta/query.go     |  427 ++++
 internal/api/grpc/project/v2beta/server.go    |   60 +
 .../api/grpc/saml/v2/integration/saml_test.go |   21 +-
 .../user/v2/integration_test/user_test.go     |    4 +-
 .../user/v2beta/integration_test/user_test.go |   21 +-
 internal/api/oidc/access_token.go             |    2 +-
 internal/api/oidc/auth_request.go             |    6 +-
 .../api/oidc/integration_test/client_test.go  |   10 +-
 .../api/oidc/integration_test/oidc_test.go    |    7 +-
 .../integration_test/token_device_test.go     |    4 +-
 .../integration_test/token_exchange_test.go   |    6 +-
 .../oidc/integration_test/userinfo_test.go    |    4 +-
 .../integration_test/users_delete_test.go     |    6 +-
 .../eventsourcing/eventstore/auth_request.go  |    4 +-
 .../eventstore/auth_request_test.go           |    2 +-
 internal/command/org.go                       |    2 +-
 internal/command/permission_checks.go         |   13 +
 internal/command/project.go                   |  238 ++-
 internal/command/project_application_api.go   |    4 +-
 internal/command/project_application_oidc.go  |    4 +-
 internal/command/project_application_saml.go  |    2 +-
 internal/command/project_grant.go             |  276 ++-
 internal/command/project_grant_model.go       |    8 +-
 internal/command/project_grant_test.go        |  505 +++--
 internal/command/project_model.go             |   41 +-
 internal/command/project_old.go               |   30 +-
 internal/command/project_role.go              |  138 +-
 internal/command/project_role_model.go        |    4 +
 internal/command/project_role_test.go         |  247 ++-
 internal/command/project_test.go              |  845 ++++++--
 internal/domain/permission.go                 |    9 +
 internal/domain/project_grant.go              |   13 +-
 internal/domain/project_role.go               |   13 +-
 internal/integration/client.go                |  105 +-
 internal/integration/oidc.go                  |   34 +-
 internal/query/project.go                     |  372 +++-
 internal/query/project_grant.go               |   88 +-
 internal/query/project_role.go                |   43 +-
 internal/repository/project/aggregate.go      |    6 +
 internal/repository/project/project.go        |    7 +-
 proto/zitadel/management.proto                |  176 +-
 .../project/v2beta/project_service.proto      | 1237 ++++++++++++
 proto/zitadel/project/v2beta/query.proto      |  347 ++++
 64 files changed, 9821 insertions(+), 1037 deletions(-)
 create mode 100644 internal/api/grpc/project/v2beta/integration/project_grant_test.go
 create mode 100644 internal/api/grpc/project/v2beta/integration/project_role_test.go
 create mode 100644 internal/api/grpc/project/v2beta/integration/project_test.go
 create mode 100644 internal/api/grpc/project/v2beta/integration/query_test.go
 create mode 100644 internal/api/grpc/project/v2beta/integration/server_test.go
 create mode 100644 internal/api/grpc/project/v2beta/project.go
 create mode 100644 internal/api/grpc/project/v2beta/project_grant.go
 create mode 100644 internal/api/grpc/project/v2beta/project_role.go
 create mode 100644 internal/api/grpc/project/v2beta/query.go
 create mode 100644 internal/api/grpc/project/v2beta/server.go
 create mode 100644 proto/zitadel/project/v2beta/project_service.proto
 create mode 100644 proto/zitadel/project/v2beta/query.proto

diff --git a/cmd/start/start.go b/cmd/start/start.go
index 6f04e8ee82..1d83197062 100644
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -46,6 +46,7 @@ import (
 	oidc_v2beta "github.com/zitadel/zitadel/internal/api/grpc/oidc/v2beta"
 	org_v2 "github.com/zitadel/zitadel/internal/api/grpc/org/v2"
 	org_v2beta "github.com/zitadel/zitadel/internal/api/grpc/org/v2beta"
+	project_v2beta "github.com/zitadel/zitadel/internal/api/grpc/project/v2beta"
 	"github.com/zitadel/zitadel/internal/api/grpc/resources/debug_events/debug_events"
 	user_v3_alpha "github.com/zitadel/zitadel/internal/api/grpc/resources/user/v3alpha"
 	userschema_v3_alpha "github.com/zitadel/zitadel/internal/api/grpc/resources/userschema/v3alpha"
@@ -491,6 +492,9 @@ func startAPIs(
 	if err := apis.RegisterService(ctx, action_v2_beta.CreateServer(config.SystemDefaults, commands, queries, domain.AllActionFunctions, apis.ListGrpcMethods, apis.ListGrpcServices)); err != nil {
 		return nil, err
 	}
+	if err := apis.RegisterService(ctx, project_v2beta.CreateServer(config.SystemDefaults, commands, queries, permissionCheck)); err != nil {
+		return nil, err
+	}
 	if err := apis.RegisterService(ctx, userschema_v3_alpha.CreateServer(config.SystemDefaults, commands, queries)); err != nil {
 		return nil, err
 	}
diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
index 6a4429cffe..22df468475 100644
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -364,6 +364,14 @@ module.exports = {
               categoryLinkSource: "auto",
             },
           },
+          project_v2beta: {
+            specPath: ".artifacts/openapi/zitadel/project/v2beta/project_service.swagger.json",
+            outputDir: "docs/apis/resources/project_service_v2",
+            sidebarOptions: {
+              groupPathsBy: "tag",
+              categoryLinkSource: "auto",
+            },
+          },
           instance_v2: {
             specPath: ".artifacts/openapi/zitadel/instance/v2beta/instance_service.swagger.json",
             outputDir: "docs/apis/resources/instance_service_v2",
diff --git a/docs/sidebars.js b/docs/sidebars.js
index b7dc3fd8b8..b7a399ecf1 100644
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -12,6 +12,7 @@ const sidebar_api_feature_service_v2 = require("./docs/apis/resources/feature_se
 const sidebar_api_org_service_v2 = require("./docs/apis/resources/org_service_v2/sidebar.ts").default
 const sidebar_api_idp_service_v2 = require("./docs/apis/resources/idp_service_v2/sidebar.ts").default
 const sidebar_api_actions_v2 = require("./docs/apis/resources/action_service_v2/sidebar.ts").default
+const sidebar_api_project_service_v2 = require("./docs/apis/resources/project_service_v2/sidebar.ts").default
 const sidebar_api_webkey_service_v2 = require("./docs/apis/resources/webkey_service_v2/sidebar.ts").default
 const sidebar_api_instance_service_v2 = require("./docs/apis/resources/instance_service_v2/sidebar.ts").default
 
@@ -843,6 +844,17 @@ module.exports = {
             },
             {
               type: "category",
+              label: "Project (Beta)",
+              link: {
+                type: "generated-index",
+                title: "Project Service API (Beta)",
+                slug: "/apis/resources/project_service_v2",
+                description:
+                  "This API is intended to manage projects and subresources for ZITADEL. \n"+
+                  "\n" +
+                  "This service is in beta state. It can AND will continue breaking until a stable version is released.",
+              },
+              items: sidebar_api_project_service_v2,
               label: "Instance (Beta)",
               link: {
                 type: "generated-index",
diff --git a/internal/api/grpc/action/v2beta/integration_test/execution_target_test.go b/internal/api/grpc/action/v2beta/integration_test/execution_target_test.go
index 0c5018dbb6..9fa568fb8b 100644
--- a/internal/api/grpc/action/v2beta/integration_test/execution_target_test.go
+++ b/internal/api/grpc/action/v2beta/integration_test/execution_target_test.go
@@ -580,7 +580,7 @@ func TestServer_ExecutionTargetPreUserinfo(t *testing.T) {
 	isolatedIAMCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	ctxLoginClient := instance.WithAuthorization(CTX, integration.UserTypeLogin)
 
-	client, err := instance.CreateOIDCImplicitFlowClient(isolatedIAMCtx, redirectURIImplicit, loginV2)
+	client, err := instance.CreateOIDCImplicitFlowClient(isolatedIAMCtx, t, redirectURIImplicit, loginV2)
 	require.NoError(t, err)
 
 	type want struct {
@@ -893,7 +893,7 @@ func TestServer_ExecutionTargetPreAccessToken(t *testing.T) {
 	isolatedIAMCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	ctxLoginClient := instance.WithAuthorization(CTX, integration.UserTypeLogin)
 
-	client, err := instance.CreateOIDCImplicitFlowClient(isolatedIAMCtx, redirectURIImplicit, loginV2)
+	client, err := instance.CreateOIDCImplicitFlowClient(isolatedIAMCtx, t, redirectURIImplicit, loginV2)
 	require.NoError(t, err)
 
 	type want struct {
@@ -1255,10 +1255,9 @@ func createSAMLSP(t *testing.T, idpMetadata *saml.EntityDescriptor, binding stri
 }
 
 func createSAMLApplication(ctx context.Context, t *testing.T, instance *integration.Instance, idpMetadata *saml.EntityDescriptor, binding string, projectRoleCheck, hasProjectCheck bool) (string, string, *samlsp.Middleware) {
-	project, err := instance.CreateProjectWithPermissionCheck(ctx, projectRoleCheck, hasProjectCheck)
-	require.NoError(t, err)
+	project := instance.CreateProject(ctx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), projectRoleCheck, hasProjectCheck)
 	rootURL, sp := createSAMLSP(t, idpMetadata, binding)
-	_, err = instance.CreateSAMLClient(ctx, project.GetId(), sp)
+	_, err := instance.CreateSAMLClient(ctx, project.GetId(), sp)
 	require.NoError(t, err)
 	return project.GetId(), rootURL, sp
 }
diff --git a/internal/api/grpc/admin/export.go b/internal/api/grpc/admin/export.go
index 68b6053c2c..2558e5b5fc 100644
--- a/internal/api/grpc/admin/export.go
+++ b/internal/api/grpc/admin/export.go
@@ -736,7 +736,7 @@ func (s *Server) getProjectsAndApps(ctx context.Context, org string) ([]*v1_pb.D
 	if err != nil {
 		return nil, nil, nil, nil, nil, err
 	}
-	queriedProjects, err := s.query.SearchProjects(ctx, &query.ProjectSearchQueries{Queries: []query.SearchQuery{projectSearch}})
+	queriedProjects, err := s.query.SearchProjects(ctx, &query.ProjectSearchQueries{Queries: []query.SearchQuery{projectSearch}}, nil)
 	if err != nil {
 		return nil, nil, nil, nil, nil, err
 	}
@@ -763,7 +763,7 @@ func (s *Server) getProjectsAndApps(ctx context.Context, org string) ([]*v1_pb.D
 			return nil, nil, nil, nil, nil, err
 		}
 
-		queriedProjectRoles, err := s.query.SearchProjectRoles(ctx, false, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectRoleSearch}})
+		queriedProjectRoles, err := s.query.SearchProjectRoles(ctx, false, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectRoleSearch}}, nil)
 		if err != nil {
 			return nil, nil, nil, nil, nil, err
 		}
@@ -945,7 +945,7 @@ func (s *Server) getNecessaryProjectGrantsForOrg(ctx context.Context, org string
 	if err != nil {
 		return nil, err
 	}
-	queriedProjectGrants, err := s.query.SearchProjectGrants(ctx, &query.ProjectGrantSearchQueries{Queries: []query.SearchQuery{projectGrantSearchOrg}})
+	queriedProjectGrants, err := s.query.SearchProjectGrants(ctx, &query.ProjectGrantSearchQueries{Queries: []query.SearchQuery{projectGrantSearchOrg}}, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/api/grpc/admin/import.go b/internal/api/grpc/admin/import.go
index 5bbcab27cf..119afe9fc0 100644
--- a/internal/api/grpc/admin/import.go
+++ b/internal/api/grpc/admin/import.go
@@ -621,7 +621,7 @@ func importProjects(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDa
 	}
 	for _, project := range org.GetProjects() {
 		logging.Debugf("import project: %s", project.GetProjectId())
-		_, err := s.command.AddProjectWithID(ctx, management.ProjectCreateToDomain(project.GetProject()), org.GetOrgId(), project.GetProjectId())
+		_, err := s.command.AddProject(ctx, management.ProjectCreateToCommand(project.GetProject(), project.GetProjectId(), org.GetOrgId()))
 		if err != nil {
 			*errors = append(*errors, &admin_pb.ImportDataError{Type: "project", Id: project.GetProjectId(), Message: err.Error()})
 			if isCtxTimeout(ctx) {
@@ -761,7 +761,7 @@ func importProjectRoles(ctx context.Context, s *Server, errors *[]*admin_pb.Impo
 		logging.Debugf("import projectroles: %s", role.ProjectId+"_"+role.RoleKey)
 
 		// TBD: why not command.BulkAddProjectRole?
-		_, err := s.command.AddProjectRole(ctx, management.AddProjectRoleRequestToDomain(role), org.GetOrgId())
+		_, err := s.command.AddProjectRole(ctx, management.AddProjectRoleRequestToCommand(role, org.GetOrgId()))
 		if err != nil {
 			*errors = append(*errors, &admin_pb.ImportDataError{Type: "project_role", Id: role.ProjectId + "_" + role.RoleKey, Message: err.Error()})
 			if isCtxTimeout(ctx) {
@@ -1023,7 +1023,7 @@ func importOrg2(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataEr
 	if org.ProjectGrants != nil {
 		for _, grant := range org.GetProjectGrants() {
 			logging.Debugf("import projectgrant: %s", grant.GetGrantId()+"_"+grant.GetProjectGrant().GetProjectId()+"_"+grant.GetProjectGrant().GetGrantedOrgId())
-			_, err := s.command.AddProjectGrantWithID(ctx, management.AddProjectGrantRequestToDomain(grant.GetProjectGrant()), grant.GetGrantId(), org.GetOrgId())
+			_, err := s.command.AddProjectGrant(ctx, management.AddProjectGrantRequestToCommand(grant.GetProjectGrant(), grant.GetGrantId(), org.GetOrgId()))
 			if err != nil {
 				*errors = append(*errors, &admin_pb.ImportDataError{Type: "project_grant", Id: org.GetOrgId() + "_" + grant.GetProjectGrant().GetProjectId() + "_" + grant.GetProjectGrant().GetGrantedOrgId(), Message: err.Error()})
 				if isCtxTimeout(ctx) {
diff --git a/internal/api/grpc/admin/integration_test/import_test.go b/internal/api/grpc/admin/integration_test/import_test.go
index 7d323e5ab8..4a546bbcf1 100644
--- a/internal/api/grpc/admin/integration_test/import_test.go
+++ b/internal/api/grpc/admin/integration_test/import_test.go
@@ -259,6 +259,12 @@ func TestServer_ImportData(t *testing.T) {
 				Data: &admin.ImportDataRequest_DataOrgs{
 					DataOrgs: &admin.ImportDataOrg{
 						Orgs: []*admin.DataOrg{
+							{
+								OrgId: orgIDs[4],
+								Org: &management.AddOrgRequest{
+									Name: gofakeit.ProductName(),
+								},
+							},
 							{
 								OrgId: orgIDs[3],
 								Org: &management.AddOrgRequest{
@@ -336,6 +342,9 @@ func TestServer_ImportData(t *testing.T) {
 				},
 				Success: &admin.ImportDataSuccess{
 					Orgs: []*admin.ImportDataSuccessOrg{
+						{
+							OrgId: orgIDs[4],
+						},
 						{
 							OrgId:      orgIDs[3],
 							ProjectIds: projectIDs[2:4],
@@ -363,6 +372,12 @@ func TestServer_ImportData(t *testing.T) {
 				Data: &admin.ImportDataRequest_DataOrgs{
 					DataOrgs: &admin.ImportDataOrg{
 						Orgs: []*admin.DataOrg{
+							{
+								OrgId: orgIDs[6],
+								Org: &management.AddOrgRequest{
+									Name: gofakeit.ProductName(),
+								},
+							},
 							{
 								OrgId: orgIDs[5],
 								Org: &management.AddOrgRequest{
@@ -383,6 +398,11 @@ func TestServer_ImportData(t *testing.T) {
 										RoleKey:     "role1",
 										DisplayName: "role1",
 									},
+									{
+										ProjectId:   projectIDs[4],
+										RoleKey:     "role2",
+										DisplayName: "role2",
+									},
 								},
 								HumanUsers: []*v1.DataHumanUser{
 									{
@@ -442,11 +462,15 @@ func TestServer_ImportData(t *testing.T) {
 				},
 				Success: &admin.ImportDataSuccess{
 					Orgs: []*admin.ImportDataSuccessOrg{
+						{
+							OrgId: orgIDs[6],
+						},
 						{
 							OrgId:      orgIDs[5],
 							ProjectIds: projectIDs[4:5],
 							ProjectRoles: []string{
 								projectIDs[4] + "_role1",
+								projectIDs[4] + "_role2",
 							},
 							HumanUserIds: userIDs[2:3],
 							ProjectGrants: []*admin.ImportDataSuccessProjectGrant{
diff --git a/internal/api/grpc/management/project.go b/internal/api/grpc/management/project.go
index 52b6b10e9a..f3af8dbf86 100644
--- a/internal/api/grpc/management/project.go
+++ b/internal/api/grpc/management/project.go
@@ -47,7 +47,7 @@ func (s *Server) ListProjects(ctx context.Context, req *mgmt_pb.ListProjectsRequ
 	if err != nil {
 		return nil, err
 	}
-	projects, err := s.query.SearchProjects(ctx, queries)
+	projects, err := s.query.SearchProjects(ctx, queries, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -109,7 +109,7 @@ func (s *Server) ListGrantedProjects(ctx context.Context, req *mgmt_pb.ListGrant
 	if err != nil {
 		return nil, err
 	}
-	projects, err := s.query.SearchProjectGrants(ctx, queries)
+	projects, err := s.query.SearchProjectGrants(ctx, queries, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -175,25 +175,26 @@ func (s *Server) ListProjectChanges(ctx context.Context, req *mgmt_pb.ListProjec
 }
 
 func (s *Server) AddProject(ctx context.Context, req *mgmt_pb.AddProjectRequest) (*mgmt_pb.AddProjectResponse, error) {
-	project, err := s.command.AddProject(ctx, ProjectCreateToDomain(req), authz.GetCtxData(ctx).OrgID)
+	add := ProjectCreateToCommand(req, "", authz.GetCtxData(ctx).OrgID)
+	project, err := s.command.AddProject(ctx, add)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.AddProjectResponse{
-		Id:      project.AggregateID,
-		Details: object_grpc.AddToDetailsPb(project.Sequence, project.ChangeDate, project.ResourceOwner),
+		Id:      add.AggregateID,
+		Details: object_grpc.AddToDetailsPb(project.Sequence, project.EventDate, project.ResourceOwner),
 	}, nil
 }
 
 func (s *Server) UpdateProject(ctx context.Context, req *mgmt_pb.UpdateProjectRequest) (*mgmt_pb.UpdateProjectResponse, error) {
-	project, err := s.command.ChangeProject(ctx, ProjectUpdateToDomain(req), authz.GetCtxData(ctx).OrgID)
+	project, err := s.command.ChangeProject(ctx, ProjectUpdateToCommand(req, authz.GetCtxData(ctx).OrgID))
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.UpdateProjectResponse{
 		Details: object_grpc.ChangeToDetailsPb(
 			project.Sequence,
-			project.ChangeDate,
+			project.EventDate,
 			project.ResourceOwner,
 		),
 	}, nil
@@ -252,7 +253,7 @@ func (s *Server) ListProjectRoles(ctx context.Context, req *mgmt_pb.ListProjectR
 	if err != nil {
 		return nil, err
 	}
-	roles, err := s.query.SearchProjectRoles(ctx, true, queries)
+	roles, err := s.query.SearchProjectRoles(ctx, true, queries, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -263,21 +264,21 @@ func (s *Server) ListProjectRoles(ctx context.Context, req *mgmt_pb.ListProjectR
 }
 
 func (s *Server) AddProjectRole(ctx context.Context, req *mgmt_pb.AddProjectRoleRequest) (*mgmt_pb.AddProjectRoleResponse, error) {
-	role, err := s.command.AddProjectRole(ctx, AddProjectRoleRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
+	role, err := s.command.AddProjectRole(ctx, AddProjectRoleRequestToCommand(req, authz.GetCtxData(ctx).OrgID))
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.AddProjectRoleResponse{
 		Details: object_grpc.AddToDetailsPb(
 			role.Sequence,
-			role.ChangeDate,
+			role.EventDate,
 			role.ResourceOwner,
 		),
 	}, nil
 }
 
 func (s *Server) BulkAddProjectRoles(ctx context.Context, req *mgmt_pb.BulkAddProjectRolesRequest) (*mgmt_pb.BulkAddProjectRolesResponse, error) {
-	details, err := s.command.BulkAddProjectRole(ctx, req.ProjectId, authz.GetCtxData(ctx).OrgID, BulkAddProjectRolesRequestToDomain(req))
+	details, err := s.command.BulkAddProjectRole(ctx, req.ProjectId, authz.GetCtxData(ctx).OrgID, BulkAddProjectRolesRequestToCommand(req, authz.GetCtxData(ctx).OrgID))
 	if err != nil {
 		return nil, err
 	}
@@ -287,14 +288,14 @@ func (s *Server) BulkAddProjectRoles(ctx context.Context, req *mgmt_pb.BulkAddPr
 }
 
 func (s *Server) UpdateProjectRole(ctx context.Context, req *mgmt_pb.UpdateProjectRoleRequest) (*mgmt_pb.UpdateProjectRoleResponse, error) {
-	role, err := s.command.ChangeProjectRole(ctx, UpdateProjectRoleRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
+	role, err := s.command.ChangeProjectRole(ctx, UpdateProjectRoleRequestToCommand(req, authz.GetCtxData(ctx).OrgID))
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.UpdateProjectRoleResponse{
 		Details: object_grpc.ChangeToDetailsPb(
 			role.Sequence,
-			role.ChangeDate,
+			role.EventDate,
 			role.ResourceOwner,
 		),
 	}, nil
diff --git a/internal/api/grpc/management/project_converter.go b/internal/api/grpc/management/project_converter.go
index 64243ba258..83a8246feb 100644
--- a/internal/api/grpc/management/project_converter.go
+++ b/internal/api/grpc/management/project_converter.go
@@ -3,10 +3,13 @@ package management
 import (
 	"context"
 
+	"github.com/muhlemmer/gu"
+
 	"github.com/zitadel/zitadel/internal/api/authz"
 	member_grpc "github.com/zitadel/zitadel/internal/api/grpc/member"
 	"github.com/zitadel/zitadel/internal/api/grpc/object"
 	proj_grpc "github.com/zitadel/zitadel/internal/api/grpc/project"
+	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
 	"github.com/zitadel/zitadel/internal/query"
@@ -14,8 +17,12 @@ import (
 	proj_pb "github.com/zitadel/zitadel/pkg/grpc/project"
 )
 
-func ProjectCreateToDomain(req *mgmt_pb.AddProjectRequest) *domain.Project {
-	return &domain.Project{
+func ProjectCreateToCommand(req *mgmt_pb.AddProjectRequest, projectID string, resourceOwner string) *command.AddProject {
+	return &command.AddProject{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID:   projectID,
+			ResourceOwner: resourceOwner,
+		},
 		Name:                   req.Name,
 		ProjectRoleAssertion:   req.ProjectRoleAssertion,
 		ProjectRoleCheck:       req.ProjectRoleCheck,
@@ -24,16 +31,17 @@ func ProjectCreateToDomain(req *mgmt_pb.AddProjectRequest) *domain.Project {
 	}
 }
 
-func ProjectUpdateToDomain(req *mgmt_pb.UpdateProjectRequest) *domain.Project {
-	return &domain.Project{
+func ProjectUpdateToCommand(req *mgmt_pb.UpdateProjectRequest, resourceOwner string) *command.ChangeProject {
+	return &command.ChangeProject{
 		ObjectRoot: models.ObjectRoot{
-			AggregateID: req.Id,
+			AggregateID:   req.Id,
+			ResourceOwner: resourceOwner,
 		},
-		Name:                   req.Name,
-		ProjectRoleAssertion:   req.ProjectRoleAssertion,
-		ProjectRoleCheck:       req.ProjectRoleCheck,
-		HasProjectCheck:        req.HasProjectCheck,
-		PrivateLabelingSetting: privateLabelingSettingToDomain(req.PrivateLabelingSetting),
+		Name:                   gu.Ptr(req.Name),
+		ProjectRoleAssertion:   gu.Ptr(req.ProjectRoleAssertion),
+		ProjectRoleCheck:       gu.Ptr(req.ProjectRoleCheck),
+		HasProjectCheck:        gu.Ptr(req.HasProjectCheck),
+		PrivateLabelingSetting: gu.Ptr(privateLabelingSettingToDomain(req.PrivateLabelingSetting)),
 	}
 }
 
@@ -48,10 +56,11 @@ func privateLabelingSettingToDomain(setting proj_pb.PrivateLabelingSetting) doma
 	}
 }
 
-func AddProjectRoleRequestToDomain(req *mgmt_pb.AddProjectRoleRequest) *domain.ProjectRole {
-	return &domain.ProjectRole{
+func AddProjectRoleRequestToCommand(req *mgmt_pb.AddProjectRoleRequest, resourceOwner string) *command.AddProjectRole {
+	return &command.AddProjectRole{
 		ObjectRoot: models.ObjectRoot{
-			AggregateID: req.ProjectId,
+			AggregateID:   req.ProjectId,
+			ResourceOwner: resourceOwner,
 		},
 		Key:         req.RoleKey,
 		DisplayName: req.DisplayName,
@@ -59,12 +68,13 @@ func AddProjectRoleRequestToDomain(req *mgmt_pb.AddProjectRoleRequest) *domain.P
 	}
 }
 
-func BulkAddProjectRolesRequestToDomain(req *mgmt_pb.BulkAddProjectRolesRequest) []*domain.ProjectRole {
-	roles := make([]*domain.ProjectRole, len(req.Roles))
+func BulkAddProjectRolesRequestToCommand(req *mgmt_pb.BulkAddProjectRolesRequest, resourceOwner string) []*command.AddProjectRole {
+	roles := make([]*command.AddProjectRole, len(req.Roles))
 	for i, role := range req.Roles {
-		roles[i] = &domain.ProjectRole{
+		roles[i] = &command.AddProjectRole{
 			ObjectRoot: models.ObjectRoot{
-				AggregateID: req.ProjectId,
+				AggregateID:   req.ProjectId,
+				ResourceOwner: resourceOwner,
 			},
 			Key:         role.Key,
 			DisplayName: role.DisplayName,
@@ -74,10 +84,11 @@ func BulkAddProjectRolesRequestToDomain(req *mgmt_pb.BulkAddProjectRolesRequest)
 	return roles
 }
 
-func UpdateProjectRoleRequestToDomain(req *mgmt_pb.UpdateProjectRoleRequest) *domain.ProjectRole {
-	return &domain.ProjectRole{
+func UpdateProjectRoleRequestToCommand(req *mgmt_pb.UpdateProjectRoleRequest, resourceOwner string) *command.ChangeProjectRole {
+	return &command.ChangeProjectRole{
 		ObjectRoot: models.ObjectRoot{
-			AggregateID: req.ProjectId,
+			AggregateID:   req.ProjectId,
+			ResourceOwner: resourceOwner,
 		},
 		Key:         req.RoleKey,
 		DisplayName: req.DisplayName,
diff --git a/internal/api/grpc/management/project_grant.go b/internal/api/grpc/management/project_grant.go
index cea8e929a4..e9313c1327 100644
--- a/internal/api/grpc/management/project_grant.go
+++ b/internal/api/grpc/management/project_grant.go
@@ -31,7 +31,7 @@ func (s *Server) ListProjectGrants(ctx context.Context, req *mgmt_pb.ListProject
 	if err != nil {
 		return nil, err
 	}
-	grants, err := s.query.SearchProjectGrants(ctx, queries)
+	grants, err := s.query.SearchProjectGrants(ctx, queries, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -54,7 +54,7 @@ func (s *Server) ListAllProjectGrants(ctx context.Context, req *mgmt_pb.ListAllP
 	if err != nil {
 		return nil, err
 	}
-	grants, err := s.query.SearchProjectGrants(ctx, queries)
+	grants, err := s.query.SearchProjectGrants(ctx, queries, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -65,16 +65,17 @@ func (s *Server) ListAllProjectGrants(ctx context.Context, req *mgmt_pb.ListAllP
 }
 
 func (s *Server) AddProjectGrant(ctx context.Context, req *mgmt_pb.AddProjectGrantRequest) (*mgmt_pb.AddProjectGrantResponse, error) {
-	grant, err := s.command.AddProjectGrant(ctx, AddProjectGrantRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
+	grant := AddProjectGrantRequestToCommand(req, "", authz.GetCtxData(ctx).OrgID)
+	details, err := s.command.AddProjectGrant(ctx, grant)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.AddProjectGrantResponse{
 		GrantId: grant.GrantID,
 		Details: object_grpc.AddToDetailsPb(
-			grant.Sequence,
-			grant.ChangeDate,
-			grant.ResourceOwner,
+			details.Sequence,
+			details.EventDate,
+			details.ResourceOwner,
 		),
 	}, nil
 }
@@ -94,14 +95,14 @@ func (s *Server) UpdateProjectGrant(ctx context.Context, req *mgmt_pb.UpdateProj
 	if err != nil {
 		return nil, err
 	}
-	grant, err := s.command.ChangeProjectGrant(ctx, UpdateProjectGrantRequestToDomain(req), authz.GetCtxData(ctx).OrgID, userGrantsToIDs(grants.UserGrants)...)
+	grant, err := s.command.ChangeProjectGrant(ctx, UpdateProjectGrantRequestToCommand(req, authz.GetCtxData(ctx).OrgID), userGrantsToIDs(grants.UserGrants)...)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.UpdateProjectGrantResponse{
 		Details: object_grpc.ChangeToDetailsPb(
 			grant.Sequence,
-			grant.ChangeDate,
+			grant.EventDate,
 			grant.ResourceOwner,
 		),
 	}, nil
diff --git a/internal/api/grpc/management/project_grant_converter.go b/internal/api/grpc/management/project_grant_converter.go
index de7d1de041..04bc35301f 100644
--- a/internal/api/grpc/management/project_grant_converter.go
+++ b/internal/api/grpc/management/project_grant_converter.go
@@ -6,6 +6,7 @@ import (
 	"github.com/zitadel/zitadel/internal/api/authz"
 	member_grpc "github.com/zitadel/zitadel/internal/api/grpc/member"
 	"github.com/zitadel/zitadel/internal/api/grpc/object"
+	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
 	"github.com/zitadel/zitadel/internal/query"
@@ -100,20 +101,23 @@ func AllProjectGrantQueryToModel(apiQuery *proj_pb.AllProjectGrantQuery) (query.
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid")
 	}
 }
-func AddProjectGrantRequestToDomain(req *mgmt_pb.AddProjectGrantRequest) *domain.ProjectGrant {
-	return &domain.ProjectGrant{
+func AddProjectGrantRequestToCommand(req *mgmt_pb.AddProjectGrantRequest, grantID string, resourceOwner string) *command.AddProjectGrant {
+	return &command.AddProjectGrant{
 		ObjectRoot: models.ObjectRoot{
-			AggregateID: req.ProjectId,
+			AggregateID:   req.ProjectId,
+			ResourceOwner: resourceOwner,
 		},
+		GrantID:      grantID,
 		GrantedOrgID: req.GrantedOrgId,
 		RoleKeys:     req.RoleKeys,
 	}
 }
 
-func UpdateProjectGrantRequestToDomain(req *mgmt_pb.UpdateProjectGrantRequest) *domain.ProjectGrant {
-	return &domain.ProjectGrant{
+func UpdateProjectGrantRequestToCommand(req *mgmt_pb.UpdateProjectGrantRequest, resourceOwner string) *command.ChangeProjectGrant {
+	return &command.ChangeProjectGrant{
 		ObjectRoot: models.ObjectRoot{
-			AggregateID: req.ProjectId,
+			AggregateID:   req.ProjectId,
+			ResourceOwner: resourceOwner,
 		},
 		GrantID:  req.GrantId,
 		RoleKeys: req.RoleKeys,
diff --git a/internal/api/grpc/oidc/v2/integration_test/oidc_test.go b/internal/api/grpc/oidc/v2/integration_test/oidc_test.go
index 64334bd8b1..187dc922fc 100644
--- a/internal/api/grpc/oidc/v2/integration_test/oidc_test.go
+++ b/internal/api/grpc/oidc/v2/integration_test/oidc_test.go
@@ -24,8 +24,7 @@ import (
 )
 
 func TestServer_GetAuthRequest(t *testing.T) {
-	project, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
+	project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
 	client, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
 	require.NoError(t, err)
 
@@ -98,8 +97,7 @@ func TestServer_GetAuthRequest(t *testing.T) {
 }
 
 func TestServer_CreateCallback(t *testing.T) {
-	project, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
+	project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
 	client, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
 	require.NoError(t, err)
 	clientV2, err := Instance.CreateOIDCClientLoginVersion(CTX, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, loginV2)
@@ -288,7 +286,7 @@ func TestServer_CreateCallback(t *testing.T) {
 			ctx:  CTX,
 			req: &oidc_pb.CreateCallbackRequest{
 				AuthRequestId: func() string {
-					client, err := Instance.CreateOIDCImplicitFlowClient(CTX, redirectURIImplicit, nil)
+					client, err := Instance.CreateOIDCImplicitFlowClient(CTX, t, redirectURIImplicit, nil)
 					require.NoError(t, err)
 					authRequestID, err := Instance.CreateOIDCAuthRequestImplicit(CTX, client.GetClientId(), Instance.Users.Get(integration.UserTypeOrgOwner).ID, redirectURIImplicit)
 					require.NoError(t, err)
@@ -315,7 +313,7 @@ func TestServer_CreateCallback(t *testing.T) {
 			ctx:  CTXLoginClient,
 			req: &oidc_pb.CreateCallbackRequest{
 				AuthRequestId: func() string {
-					clientV2, err := Instance.CreateOIDCImplicitFlowClient(CTX, redirectURIImplicit, loginV2)
+					clientV2, err := Instance.CreateOIDCImplicitFlowClient(CTX, t, redirectURIImplicit, loginV2)
 					require.NoError(t, err)
 					authRequestID, err := Instance.CreateOIDCAuthRequestImplicitWithoutLoginClientHeader(CTX, clientV2.GetClientId(), redirectURIImplicit)
 					require.NoError(t, err)
@@ -371,7 +369,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 				projectID2, _ := createOIDCApplication(ctx, t, true, true)
 
 				orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
-				Instance.CreateProjectGrant(ctx, projectID2, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID2, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
 				Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
 
@@ -386,7 +384,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 				projectID, clientID := createOIDCApplication(ctx, t, true, true)
 
 				orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
-				Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
 				Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
 
@@ -407,9 +405,9 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 				projectID, clientID := createOIDCApplication(ctx, t, true, true)
 
 				orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
-				projectGrantResp := Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
-				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, projectGrantResp.GetGrantId(), user.GetUserId())
+				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
 
 				return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
 			},
@@ -544,9 +542,9 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 				projectID, clientID := createOIDCApplication(ctx, t, true, false)
 
 				orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
-				projectGrantResp := Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
-				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, projectGrantResp.GetGrantId(), user.GetUserId())
+				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
 				return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
 			},
 			want: &oidc_pb.CreateCallbackResponse{
@@ -564,7 +562,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 				projectID, clientID := createOIDCApplication(ctx, t, true, false)
 
 				orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
-				Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
 				return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
 			},
@@ -606,7 +604,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 				projectID, clientID := createOIDCApplication(ctx, t, false, true)
 
 				orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
-				Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
 
 				return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
@@ -639,8 +637,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 }
 
 func TestServer_GetDeviceAuthorizationRequest(t *testing.T) {
-	project, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
+	project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
 	client, err := Instance.CreateOIDCClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, app.OIDCGrantType_OIDC_GRANT_TYPE_DEVICE_CODE)
 	require.NoError(t, err)
 
@@ -697,8 +694,7 @@ func TestServer_GetDeviceAuthorizationRequest(t *testing.T) {
 }
 
 func TestServer_AuthorizeOrDenyDeviceAuthorization(t *testing.T) {
-	project, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
+	project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
 	client, err := Instance.CreateOIDCClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, app.OIDCGrantType_OIDC_GRANT_TYPE_DEVICE_CODE)
 	require.NoError(t, err)
 	sessionResp := createSession(t, CTX, Instance.Users[integration.UserTypeOrgOwner].ID)
@@ -895,8 +891,7 @@ func createSessionAndAuthRequestForCallback(ctx context.Context, t *testing.T, c
 }
 
 func createOIDCApplication(ctx context.Context, t *testing.T, projectRoleCheck, hasProjectCheck bool) (string, string) {
-	project, err := Instance.CreateProjectWithPermissionCheck(ctx, projectRoleCheck, hasProjectCheck)
-	require.NoError(t, err)
+	project := Instance.CreateProject(ctx, t, "", gofakeit.AppName(), projectRoleCheck, hasProjectCheck)
 	clientV2, err := Instance.CreateOIDCClientLoginVersion(ctx, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, loginV2)
 	require.NoError(t, err)
 	return project.GetId(), clientV2.GetClientId()
diff --git a/internal/api/grpc/oidc/v2beta/integration_test/oidc_test.go b/internal/api/grpc/oidc/v2beta/integration_test/oidc_test.go
index d7d746e2d0..bd02f9e068 100644
--- a/internal/api/grpc/oidc/v2beta/integration_test/oidc_test.go
+++ b/internal/api/grpc/oidc/v2beta/integration_test/oidc_test.go
@@ -23,8 +23,7 @@ import (
 )
 
 func TestServer_GetAuthRequest(t *testing.T) {
-	project, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
+	project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
 	client, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
 	require.NoError(t, err)
 
@@ -97,8 +96,7 @@ func TestServer_GetAuthRequest(t *testing.T) {
 }
 
 func TestServer_CreateCallback(t *testing.T) {
-	project, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
+	project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
 	client, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
 	require.NoError(t, err)
 	clientV2, err := Instance.CreateOIDCClientLoginVersion(CTX, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, loginV2)
@@ -289,7 +287,7 @@ func TestServer_CreateCallback(t *testing.T) {
 			ctx:  CTX,
 			req: &oidc_pb.CreateCallbackRequest{
 				AuthRequestId: func() string {
-					client, err := Instance.CreateOIDCImplicitFlowClient(CTX, redirectURIImplicit, nil)
+					client, err := Instance.CreateOIDCImplicitFlowClient(CTX, t, redirectURIImplicit, nil)
 					require.NoError(t, err)
 					authRequestID, err := Instance.CreateOIDCAuthRequestImplicit(CTX, client.GetClientId(), Instance.Users.Get(integration.UserTypeOrgOwner).ID, redirectURIImplicit)
 					require.NoError(t, err)
@@ -316,7 +314,7 @@ func TestServer_CreateCallback(t *testing.T) {
 			ctx:  CTXLoginClient,
 			req: &oidc_pb.CreateCallbackRequest{
 				AuthRequestId: func() string {
-					clientV2, err := Instance.CreateOIDCImplicitFlowClient(CTX, redirectURIImplicit, loginV2)
+					clientV2, err := Instance.CreateOIDCImplicitFlowClient(CTX, t, redirectURIImplicit, loginV2)
 					require.NoError(t, err)
 					authRequestID, err := Instance.CreateOIDCAuthRequestImplicitWithoutLoginClientHeader(CTX, clientV2.GetClientId(), redirectURIImplicit)
 					require.NoError(t, err)
@@ -372,7 +370,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 				projectID2, _ := createOIDCApplication(ctx, t, true, true)
 
 				orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
-				Instance.CreateProjectGrant(ctx, projectID2, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID2, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
 				Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
 
@@ -387,7 +385,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 				projectID, clientID := createOIDCApplication(ctx, t, true, true)
 
 				orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
-				Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
 				Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
 
@@ -408,9 +406,9 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 				projectID, clientID := createOIDCApplication(ctx, t, true, true)
 
 				orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
-				projectGrantResp := Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
-				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, projectGrantResp.GetGrantId(), user.GetUserId())
+				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
 
 				return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
 			},
@@ -545,9 +543,9 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 				projectID, clientID := createOIDCApplication(ctx, t, true, false)
 
 				orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
-				projectGrantResp := Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
-				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, projectGrantResp.GetGrantId(), user.GetUserId())
+				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
 				return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
 			},
 			want: &oidc_pb.CreateCallbackResponse{
@@ -565,7 +563,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 				projectID, clientID := createOIDCApplication(ctx, t, true, false)
 
 				orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
-				Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
 				return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
 			},
@@ -607,7 +605,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
 				projectID, clientID := createOIDCApplication(ctx, t, false, true)
 
 				orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
-				Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
 
 				return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
@@ -669,8 +667,7 @@ func createSessionAndAuthRequestForCallback(ctx context.Context, t *testing.T, c
 }
 
 func createOIDCApplication(ctx context.Context, t *testing.T, projectRoleCheck, hasProjectCheck bool) (string, string) {
-	project, err := Instance.CreateProjectWithPermissionCheck(ctx, projectRoleCheck, hasProjectCheck)
-	require.NoError(t, err)
+	project := Instance.CreateProject(ctx, t, "", gofakeit.AppName(), projectRoleCheck, hasProjectCheck)
 	clientV2, err := Instance.CreateOIDCClientLoginVersion(ctx, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, loginV2)
 	require.NoError(t, err)
 	return project.GetId(), clientV2.GetClientId()
diff --git a/internal/api/grpc/project/v2beta/integration/project_grant_test.go b/internal/api/grpc/project/v2beta/integration/project_grant_test.go
new file mode 100644
index 0000000000..8500f24d56
--- /dev/null
+++ b/internal/api/grpc/project/v2beta/integration/project_grant_test.go
@@ -0,0 +1,1292 @@
+//go:build integration
+
+package project_test
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	project "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
+)
+
+func TestServer_CreateProjectGrant(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type want struct {
+		creationDate bool
+	}
+	tests := []struct {
+		name    string
+		ctx     context.Context
+		prepare func(request *project.CreateProjectGrantRequest)
+		req     *project.CreateProjectGrantRequest
+		want
+		wantErr bool
+	}{
+		{
+			name:    "empty projectID",
+			ctx:     iamOwnerCtx,
+			req:     &project.CreateProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "empty granted organization",
+			ctx:  iamOwnerCtx,
+			req: &project.CreateProjectGrantRequest{
+				ProjectId:             "something",
+				GrantedOrganizationId: "",
+			},
+			wantErr: true,
+		},
+		{
+			name: "project not existing",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				request.ProjectId = "something"
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+			},
+			req:     &project.CreateProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "org not existing",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				request.GrantedOrganizationId = "something"
+			},
+			req:     &project.CreateProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "already existing, error",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			req:     &project.CreateProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "same organization, error",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				request.GrantedOrganizationId = orgResp.GetOrganizationId()
+			},
+			req:     &project.CreateProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "empty, ok",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+			},
+			req: &project.CreateProjectGrantRequest{},
+			want: want{
+				creationDate: true,
+			},
+		},
+		{
+			name: "with roles, not existing",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				roles := []string{gofakeit.Name(), gofakeit.Name(), gofakeit.Name()}
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+				request.RoleKeys = roles
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+			},
+			req:     &project.CreateProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "with roles, ok",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				roles := []string{gofakeit.Name(), gofakeit.Name(), gofakeit.Name()}
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+				for _, role := range roles {
+					instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), role, role, "")
+				}
+
+				request.RoleKeys = roles
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+			},
+			req: &project.CreateProjectGrantRequest{},
+			want: want{
+				creationDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.prepare != nil {
+				tt.prepare(tt.req)
+			}
+
+			creationDate := time.Now().UTC()
+			got, err := instance.Client.Projectv2Beta.CreateProjectGrant(tt.ctx, tt.req)
+			changeDate := time.Now().UTC()
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assertCreateProjectGrantResponse(t, creationDate, changeDate, tt.want.creationDate, got)
+		})
+	}
+}
+
+func TestServer_CreateProjectGrant_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type want struct {
+		creationDate bool
+	}
+	tests := []struct {
+		name    string
+		ctx     context.Context
+		prepare func(request *project.CreateProjectGrantRequest)
+		req     *project.CreateProjectGrantRequest
+		want
+		wantErr bool
+	}{
+		{
+			name: "unauthenticated",
+			ctx:  CTX,
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				grantedOrgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+				request.ProjectId = projectResp.GetId()
+				request.GrantedOrganizationId = grantedOrgResp.GetOrganizationId()
+			},
+			req:     &project.CreateProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "no permission",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				grantedOrgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+				request.ProjectId = projectResp.GetId()
+				request.GrantedOrganizationId = grantedOrgResp.GetOrganizationId()
+			},
+			req:     &project.CreateProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, other org",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				grantedOrgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+				request.ProjectId = projectResp.GetId()
+				request.GrantedOrganizationId = grantedOrgResp.GetOrganizationId()
+			},
+			req:     &project.CreateProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, ok",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+			},
+			req: &project.CreateProjectGrantRequest{},
+			want: want{
+				creationDate: true,
+			},
+		},
+		{
+			name: "instance owner",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				grantedOrgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+				request.ProjectId = projectResp.GetId()
+				request.GrantedOrganizationId = grantedOrgResp.GetOrganizationId()
+			},
+			req: &project.CreateProjectGrantRequest{},
+			want: want{
+				creationDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.prepare != nil {
+				tt.prepare(tt.req)
+			}
+
+			creationDate := time.Now().UTC()
+			got, err := instance.Client.Projectv2Beta.CreateProjectGrant(tt.ctx, tt.req)
+			changeDate := time.Now().UTC()
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assertCreateProjectGrantResponse(t, creationDate, changeDate, tt.want.creationDate, got)
+		})
+	}
+}
+
+func assertCreateProjectGrantResponse(t *testing.T, creationDate, changeDate time.Time, expectedCreationDate bool, actualResp *project.CreateProjectGrantResponse) {
+	if expectedCreationDate {
+		if !changeDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetCreationDate().AsTime(), creationDate, changeDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetCreationDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.CreationDate)
+	}
+}
+
+func TestServer_UpdateProjectGrant(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.UpdateProjectGrantRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.UpdateProjectGrantRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "not existing",
+			prepare: func(request *project.UpdateProjectGrantRequest) {
+				request.ProjectId = "notexisting"
+				request.GrantedOrganizationId = "notexisting"
+				return
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectGrantRequest{
+					RoleKeys: []string{"notexisting"},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "no change, ok",
+			prepare: func(request *project.UpdateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectGrantRequest{},
+			},
+			want: want{
+				change:     false,
+				changeDate: true,
+			},
+		},
+		{
+			name: "change roles, ok",
+			prepare: func(request *project.UpdateProjectGrantRequest) {
+				roles := []string{gofakeit.Animal(), gofakeit.Animal(), gofakeit.Animal()}
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+				for _, role := range roles {
+					instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), role, role, "")
+				}
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId(), roles...)
+				request.RoleKeys = roles
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectGrantRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+		{
+			name: "change roles, not existing",
+			prepare: func(request *project.UpdateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				request.RoleKeys = []string{gofakeit.Animal(), gofakeit.Animal(), gofakeit.Animal()}
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectGrantRequest{},
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			if tt.prepare != nil {
+				tt.prepare(tt.args.req)
+			}
+
+			got, err := instance.Client.Projectv2Beta.UpdateProjectGrant(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertUpdateProjectGrantResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func TestServer_UpdateProjectGrant_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.UpdateProjectGrantRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.UpdateProjectGrantRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "unauthenticated",
+			prepare: func(request *project.UpdateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: CTX,
+				req: &project.UpdateProjectGrantRequest{
+					RoleKeys: []string{"nopermission"},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "no permission",
+			prepare: func(request *project.UpdateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				req: &project.UpdateProjectGrantRequest{
+					RoleKeys: []string{"nopermission"},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, other org",
+			prepare: func(request *project.UpdateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.UpdateProjectGrantRequest{
+					RoleKeys: []string{"nopermission"},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, ok",
+			prepare: func(request *project.UpdateProjectGrantRequest) {
+				roles := []string{gofakeit.Animal(), gofakeit.Animal(), gofakeit.Animal()}
+				projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+				for _, role := range roles {
+					instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), role, role, "")
+				}
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId(), roles...)
+				request.RoleKeys = roles
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.UpdateProjectGrantRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+		{
+			name: "instance owner, ok",
+			prepare: func(request *project.UpdateProjectGrantRequest) {
+				roles := []string{gofakeit.Animal(), gofakeit.Animal(), gofakeit.Animal()}
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+				for _, role := range roles {
+					instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), role, role, "")
+				}
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId(), roles...)
+				request.RoleKeys = roles
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectGrantRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			if tt.prepare != nil {
+				tt.prepare(tt.args.req)
+			}
+
+			got, err := instance.Client.Projectv2Beta.UpdateProjectGrant(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertUpdateProjectGrantResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func assertUpdateProjectGrantResponse(t *testing.T, creationDate, changeDate time.Time, expectedChangeDate bool, actualResp *project.UpdateProjectGrantResponse) {
+	if expectedChangeDate {
+		if !changeDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, changeDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.ChangeDate)
+	}
+}
+
+func TestServer_DeleteProjectGrant(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	tests := []struct {
+		name             string
+		ctx              context.Context
+		prepare          func(request *project.DeleteProjectGrantRequest) (time.Time, time.Time)
+		req              *project.DeleteProjectGrantRequest
+		wantDeletionDate bool
+		wantErr          bool
+	}{
+		{
+			name: "empty project id",
+			ctx:  iamOwnerCtx,
+			req: &project.DeleteProjectGrantRequest{
+				ProjectId: "",
+			},
+			wantErr: true,
+		},
+		{
+			name: "empty grantedorg id",
+			ctx:  iamOwnerCtx,
+			req: &project.DeleteProjectGrantRequest{
+				ProjectId:             "notempty",
+				GrantedOrganizationId: "",
+			},
+			wantErr: true,
+		},
+		{
+			name: "delete, not existing",
+			ctx:  iamOwnerCtx,
+			req: &project.DeleteProjectGrantRequest{
+				ProjectId:             "notexisting",
+				GrantedOrganizationId: "notexisting",
+			},
+			wantErr: true,
+		},
+		{
+			name: "delete",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.DeleteProjectGrantRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				return creationDate, time.Time{}
+			},
+			req:              &project.DeleteProjectGrantRequest{},
+			wantDeletionDate: true,
+		},
+		{
+			name: "delete deactivated",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.DeleteProjectGrantRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				instance.DeactivateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				return creationDate, time.Time{}
+			},
+			req:              &project.DeleteProjectGrantRequest{},
+			wantDeletionDate: true,
+		},
+		{
+			name: "delete, already removed",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.DeleteProjectGrantRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				instance.DeleteProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				return creationDate, time.Now().UTC()
+			},
+			req:     &project.DeleteProjectGrantRequest{},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var creationDate, deletionDate time.Time
+			if tt.prepare != nil {
+				creationDate, deletionDate = tt.prepare(tt.req)
+			}
+			got, err := instance.Client.Projectv2Beta.DeleteProjectGrant(tt.ctx, tt.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assertDeleteProjectGrantResponse(t, creationDate, deletionDate, tt.wantDeletionDate, got)
+		})
+	}
+}
+
+func TestServer_DeleteProjectGrant_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	tests := []struct {
+		name             string
+		ctx              context.Context
+		prepare          func(request *project.DeleteProjectGrantRequest) (time.Time, time.Time)
+		req              *project.DeleteProjectGrantRequest
+		wantDeletionDate bool
+		wantErr          bool
+	}{
+		{
+			name: "unauthenticated",
+			ctx:  CTX,
+			prepare: func(request *project.DeleteProjectGrantRequest) (time.Time, time.Time) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				return time.Time{}, time.Time{}
+			},
+			req:     &project.DeleteProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "no permission",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+			prepare: func(request *project.DeleteProjectGrantRequest) (time.Time, time.Time) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				return time.Time{}, time.Time{}
+			},
+			req:     &project.DeleteProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, other org",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			prepare: func(request *project.DeleteProjectGrantRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				return creationDate, time.Time{}
+			},
+			req:     &project.DeleteProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, ok",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			prepare: func(request *project.DeleteProjectGrantRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				return creationDate, time.Time{}
+			},
+			req:              &project.DeleteProjectGrantRequest{},
+			wantDeletionDate: true,
+		},
+		{
+			name: "organization owner, ok",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.DeleteProjectGrantRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				return creationDate, time.Time{}
+			},
+			req:              &project.DeleteProjectGrantRequest{},
+			wantDeletionDate: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var creationDate, deletionDate time.Time
+			if tt.prepare != nil {
+				creationDate, deletionDate = tt.prepare(tt.req)
+			}
+			got, err := instance.Client.Projectv2Beta.DeleteProjectGrant(tt.ctx, tt.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assertDeleteProjectGrantResponse(t, creationDate, deletionDate, tt.wantDeletionDate, got)
+		})
+	}
+}
+
+func assertDeleteProjectGrantResponse(t *testing.T, creationDate, deletionDate time.Time, expectedDeletionDate bool, actualResp *project.DeleteProjectGrantResponse) {
+	if expectedDeletionDate {
+		if !deletionDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetDeletionDate().AsTime(), creationDate, deletionDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetDeletionDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.DeletionDate)
+	}
+}
+
+func TestServer_DeactivateProjectGrant(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.DeactivateProjectGrantRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.DeactivateProjectGrantRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "missing permission",
+			prepare: func(request *project.DeactivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				req: &project.DeactivateProjectGrantRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "not existing",
+			prepare: func(request *project.DeactivateProjectGrantRequest) {
+				request.ProjectId = "notexisting"
+				request.GrantedOrganizationId = "notexisting"
+				return
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.DeactivateProjectGrantRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "no change, ok",
+			prepare: func(request *project.DeactivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				instance.DeactivateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.DeactivateProjectGrantRequest{},
+			},
+			want: want{
+				change:     false,
+				changeDate: true,
+			},
+		},
+		{
+			name: "change, ok",
+			prepare: func(request *project.DeactivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.DeactivateProjectGrantRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			tt.prepare(tt.args.req)
+
+			got, err := instance.Client.Projectv2Beta.DeactivateProjectGrant(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertDeactivateProjectGrantResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func TestServer_DeactivateProjectGrant_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.DeactivateProjectGrantRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.DeactivateProjectGrantRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "unauthenticated",
+			prepare: func(request *project.DeactivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: CTX,
+				req: &project.DeactivateProjectGrantRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "no permission",
+			prepare: func(request *project.DeactivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				req: &project.DeactivateProjectGrantRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, other org",
+			prepare: func(request *project.DeactivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.DeactivateProjectGrantRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, ok",
+			prepare: func(request *project.DeactivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.DeactivateProjectGrantRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+		{
+			name: "instance owner, ok",
+			prepare: func(request *project.DeactivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.DeactivateProjectGrantRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			tt.prepare(tt.args.req)
+
+			got, err := instance.Client.Projectv2Beta.DeactivateProjectGrant(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertDeactivateProjectGrantResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func assertDeactivateProjectGrantResponse(t *testing.T, creationDate, changeDate time.Time, expectedChangeDate bool, actualResp *project.DeactivateProjectGrantResponse) {
+	if expectedChangeDate {
+		if !changeDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, changeDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.ChangeDate)
+	}
+}
+
+func TestServer_ActivateProjectGrant(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.ActivateProjectGrantRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.ActivateProjectGrantRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "not existing",
+			prepare: func(request *project.ActivateProjectGrantRequest) {
+				request.ProjectId = "notexisting"
+				request.GrantedOrganizationId = "notexisting"
+				return
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ActivateProjectGrantRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "no change, ok",
+			prepare: func(request *project.ActivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ActivateProjectGrantRequest{},
+			},
+			want: want{
+				change:     false,
+				changeDate: true,
+			},
+		},
+		{
+			name: "change, ok",
+			prepare: func(request *project.ActivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				instance.DeactivateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ActivateProjectGrantRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			tt.prepare(tt.args.req)
+
+			got, err := instance.Client.Projectv2Beta.ActivateProjectGrant(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertActivateProjectGrantResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func TestServer_ActivateProjectGrant_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.ActivateProjectGrantRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.ActivateProjectGrantRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "unauthenticated",
+			prepare: func(request *project.ActivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: CTX,
+				req: &project.ActivateProjectGrantRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "no permission",
+			prepare: func(request *project.ActivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				instance.DeactivateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				req: &project.ActivateProjectGrantRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, other org",
+			prepare: func(request *project.ActivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				instance.DeactivateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.ActivateProjectGrantRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, ok",
+			prepare: func(request *project.ActivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				instance.DeactivateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.ActivateProjectGrantRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+		{
+			name: "instance owner, ok",
+			prepare: func(request *project.ActivateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				instance.DeactivateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ActivateProjectGrantRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			tt.prepare(tt.args.req)
+
+			got, err := instance.Client.Projectv2Beta.ActivateProjectGrant(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertActivateProjectGrantResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func assertActivateProjectGrantResponse(t *testing.T, creationDate, changeDate time.Time, expectedChangeDate bool, actualResp *project.ActivateProjectGrantResponse) {
+	if expectedChangeDate {
+		if !changeDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, changeDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.ChangeDate)
+	}
+}
diff --git a/internal/api/grpc/project/v2beta/integration/project_role_test.go b/internal/api/grpc/project/v2beta/integration/project_role_test.go
new file mode 100644
index 0000000000..5e2f0e447e
--- /dev/null
+++ b/internal/api/grpc/project/v2beta/integration/project_role_test.go
@@ -0,0 +1,698 @@
+//go:build integration
+
+package project_test
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	project "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
+)
+
+func TestServer_AddProjectRole(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+	alreadyExistingProject := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+	alreadyExistingProjectRoleName := gofakeit.AppName()
+	instance.AddProjectRole(iamOwnerCtx, t, alreadyExistingProject.GetId(), alreadyExistingProjectRoleName, alreadyExistingProjectRoleName, "")
+
+	type want struct {
+		creationDate bool
+	}
+	tests := []struct {
+		name    string
+		ctx     context.Context
+		prepare func(request *project.AddProjectRoleRequest)
+		req     *project.AddProjectRoleRequest
+		want
+		wantErr bool
+	}{
+		{
+			name: "empty key",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.AddProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+			},
+			req: &project.AddProjectRoleRequest{
+				RoleKey:     "",
+				DisplayName: gofakeit.AppName(),
+			},
+			wantErr: true,
+		},
+		{
+			name: "empty displayname",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.AddProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+			},
+			req: &project.AddProjectRoleRequest{
+				RoleKey:     gofakeit.AppName(),
+				DisplayName: "",
+			},
+			wantErr: true,
+		},
+		{
+			name: "already existing, error",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.AddProjectRoleRequest) {
+				request.ProjectId = alreadyExistingProject.GetId()
+			},
+			req: &project.AddProjectRoleRequest{
+				RoleKey:     alreadyExistingProjectRoleName,
+				DisplayName: alreadyExistingProjectRoleName,
+			},
+			wantErr: true,
+		},
+		{
+			name: "empty, ok",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.AddProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+			},
+			req: &project.AddProjectRoleRequest{
+				RoleKey:     gofakeit.Name(),
+				DisplayName: gofakeit.Name(),
+			},
+			want: want{
+				creationDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.prepare != nil {
+				tt.prepare(tt.req)
+			}
+
+			creationDate := time.Now().UTC()
+			got, err := instance.Client.Projectv2Beta.AddProjectRole(tt.ctx, tt.req)
+			changeDate := time.Now().UTC()
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assertAddProjectRoleResponse(t, creationDate, changeDate, tt.want.creationDate, got)
+		})
+	}
+}
+
+func TestServer_AddProjectRole_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+	alreadyExistingProject := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+	alreadyExistingProjectRoleName := gofakeit.AppName()
+	instance.AddProjectRole(iamOwnerCtx, t, alreadyExistingProject.GetId(), alreadyExistingProjectRoleName, alreadyExistingProjectRoleName, "")
+
+	type want struct {
+		creationDate bool
+	}
+	tests := []struct {
+		name    string
+		ctx     context.Context
+		prepare func(request *project.AddProjectRoleRequest)
+		req     *project.AddProjectRoleRequest
+		want
+		wantErr bool
+	}{
+		{
+			name: "unauthenticated",
+			ctx:  CTX,
+			prepare: func(request *project.AddProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+			},
+			req: &project.AddProjectRoleRequest{
+				RoleKey:     gofakeit.AppName(),
+				DisplayName: gofakeit.AppName(),
+			},
+			wantErr: true,
+		},
+		{
+			name: "no permission",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+			prepare: func(request *project.AddProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+			},
+			req: &project.AddProjectRoleRequest{
+				RoleKey:     gofakeit.AppName(),
+				DisplayName: gofakeit.AppName(),
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, other org",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			prepare: func(request *project.AddProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+			},
+			req: &project.AddProjectRoleRequest{
+				RoleKey:     gofakeit.AppName(),
+				DisplayName: gofakeit.AppName(),
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, ok",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			prepare: func(request *project.AddProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+			},
+			req: &project.AddProjectRoleRequest{
+				RoleKey:     gofakeit.AppName(),
+				DisplayName: gofakeit.AppName(),
+			},
+			want: want{
+				creationDate: true,
+			},
+		},
+		{
+			name: "instance owner, ok",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.AddProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.ProjectId = projectResp.GetId()
+			},
+			req: &project.AddProjectRoleRequest{
+				RoleKey:     gofakeit.AppName(),
+				DisplayName: gofakeit.AppName(),
+			},
+			want: want{
+				creationDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.prepare != nil {
+				tt.prepare(tt.req)
+			}
+
+			creationDate := time.Now().UTC()
+			got, err := instance.Client.Projectv2Beta.AddProjectRole(tt.ctx, tt.req)
+			changeDate := time.Now().UTC()
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assertAddProjectRoleResponse(t, creationDate, changeDate, tt.want.creationDate, got)
+		})
+	}
+}
+
+func assertAddProjectRoleResponse(t *testing.T, creationDate, changeDate time.Time, expectedCreationDate bool, actualResp *project.AddProjectRoleResponse) {
+	if expectedCreationDate {
+		if !changeDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetCreationDate().AsTime(), creationDate, changeDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetCreationDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.CreationDate)
+	}
+}
+
+func TestServer_UpdateProjectRole(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.UpdateProjectRoleRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.UpdateProjectRoleRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "missing permission",
+			prepare: func(request *project.UpdateProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				req: &project.UpdateProjectRoleRequest{
+					DisplayName: gu.Ptr("changed"),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "not existing",
+			prepare: func(request *project.UpdateProjectRoleRequest) {
+				request.RoleKey = "notexisting"
+				return
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectRoleRequest{
+					DisplayName: gu.Ptr("changed"),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "no change, ok",
+			prepare: func(request *project.UpdateProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+				request.DisplayName = gu.Ptr(roleName)
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectRoleRequest{},
+			},
+			want: want{
+				change:     false,
+				changeDate: true,
+			},
+		},
+		{
+			name: "change display name, ok",
+			prepare: func(request *project.UpdateProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectRoleRequest{
+					DisplayName: gu.Ptr(gofakeit.AppName()),
+				},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+		{
+			name: "change full, ok",
+			prepare: func(request *project.UpdateProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectRoleRequest{
+					DisplayName: gu.Ptr(gofakeit.AppName()),
+					Group:       gu.Ptr(gofakeit.AppName()),
+				},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			tt.prepare(tt.args.req)
+
+			got, err := instance.Client.Projectv2Beta.UpdateProjectRole(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertUpdateProjectRoleResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func TestServer_UpdateProjectRole_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.UpdateProjectRoleRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.UpdateProjectRoleRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "unauthenicated",
+			prepare: func(request *project.UpdateProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+			},
+			args: args{
+				ctx: CTX,
+				req: &project.UpdateProjectRoleRequest{
+					DisplayName: gu.Ptr("changed"),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "no permission",
+			prepare: func(request *project.UpdateProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				req: &project.UpdateProjectRoleRequest{
+					DisplayName: gu.Ptr("changed"),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, other org",
+			prepare: func(request *project.UpdateProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.UpdateProjectRoleRequest{
+					DisplayName: gu.Ptr("changed"),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, ok",
+			prepare: func(request *project.UpdateProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.UpdateProjectRoleRequest{
+					DisplayName: gu.Ptr(gofakeit.AppName()),
+				},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+		{
+			name: "instance owner, ok",
+			prepare: func(request *project.UpdateProjectRoleRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectRoleRequest{
+					DisplayName: gu.Ptr(gofakeit.AppName()),
+				},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			tt.prepare(tt.args.req)
+
+			got, err := instance.Client.Projectv2Beta.UpdateProjectRole(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertUpdateProjectRoleResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func assertUpdateProjectRoleResponse(t *testing.T, creationDate, changeDate time.Time, expectedChangeDate bool, actualResp *project.UpdateProjectRoleResponse) {
+	if expectedChangeDate {
+		if !changeDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, changeDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.ChangeDate)
+	}
+}
+
+func TestServer_DeleteProjectRole(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	tests := []struct {
+		name             string
+		ctx              context.Context
+		prepare          func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time)
+		req              *project.RemoveProjectRoleRequest
+		wantDeletionDate bool
+		wantErr          bool
+	}{
+		{
+			name: "empty id",
+			ctx:  iamOwnerCtx,
+			req: &project.RemoveProjectRoleRequest{
+				ProjectId: "",
+				RoleKey:   "notexisting",
+			},
+			wantErr: true,
+		},
+		{
+			name: "delete, not existing",
+			ctx:  iamOwnerCtx,
+			req: &project.RemoveProjectRoleRequest{
+				ProjectId: "notexisting",
+				RoleKey:   "notexisting",
+			},
+			wantDeletionDate: false,
+		},
+		{
+			name: "delete",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+				return creationDate, time.Time{}
+			},
+			req:              &project.RemoveProjectRoleRequest{},
+			wantDeletionDate: true,
+		},
+		{
+			name: "delete, already removed",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+				instance.RemoveProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName)
+				return creationDate, time.Now().UTC()
+			},
+			req:              &project.RemoveProjectRoleRequest{},
+			wantDeletionDate: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var creationDate, deletionDate time.Time
+			if tt.prepare != nil {
+				creationDate, deletionDate = tt.prepare(tt.req)
+			}
+			got, err := instance.Client.Projectv2Beta.RemoveProjectRole(tt.ctx, tt.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assertRemoveProjectRoleResponse(t, creationDate, deletionDate, tt.wantDeletionDate, got)
+		})
+	}
+}
+
+func TestServer_DeleteProjectRole_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	tests := []struct {
+		name             string
+		ctx              context.Context
+		prepare          func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time)
+		req              *project.RemoveProjectRoleRequest
+		wantDeletionDate bool
+		wantErr          bool
+	}{
+		{
+			name: "unauthenticated",
+			ctx:  CTX,
+			prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+				return creationDate, time.Time{}
+			},
+			req:     &project.RemoveProjectRoleRequest{},
+			wantErr: true,
+		},
+		{
+			name: "no permission",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+			prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+				return creationDate, time.Time{}
+			},
+			req:     &project.RemoveProjectRoleRequest{},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, other org",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+				return creationDate, time.Time{}
+			},
+			req:     &project.RemoveProjectRoleRequest{},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, ok",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+				return creationDate, time.Time{}
+			},
+			req:              &project.RemoveProjectRoleRequest{},
+			wantDeletionDate: true,
+		},
+		{
+			name: "instance owner, ok",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				roleName := gofakeit.AppName()
+				instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
+				request.ProjectId = projectResp.GetId()
+				request.RoleKey = roleName
+				return creationDate, time.Time{}
+			},
+			req:              &project.RemoveProjectRoleRequest{},
+			wantDeletionDate: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var creationDate, deletionDate time.Time
+			if tt.prepare != nil {
+				creationDate, deletionDate = tt.prepare(tt.req)
+			}
+			got, err := instance.Client.Projectv2Beta.RemoveProjectRole(tt.ctx, tt.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assertRemoveProjectRoleResponse(t, creationDate, deletionDate, tt.wantDeletionDate, got)
+		})
+	}
+}
+
+func assertRemoveProjectRoleResponse(t *testing.T, creationDate, deletionDate time.Time, expectedDeletionDate bool, actualResp *project.RemoveProjectRoleResponse) {
+	if expectedDeletionDate {
+		if !deletionDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetRemovalDate().AsTime(), creationDate, deletionDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetRemovalDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.RemovalDate)
+	}
+}
diff --git a/internal/api/grpc/project/v2beta/integration/project_test.go b/internal/api/grpc/project/v2beta/integration/project_test.go
new file mode 100644
index 0000000000..6c0a5c96f6
--- /dev/null
+++ b/internal/api/grpc/project/v2beta/integration/project_test.go
@@ -0,0 +1,1013 @@
+//go:build integration
+
+package project_test
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	project "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
+)
+
+func TestServer_CreateProject(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+	alreadyExistingProjectName := gofakeit.AppName()
+	instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), alreadyExistingProjectName, false, false)
+
+	type want struct {
+		id           bool
+		creationDate bool
+	}
+	tests := []struct {
+		name string
+		ctx  context.Context
+		req  *project.CreateProjectRequest
+		want
+		wantErr bool
+	}{
+		{
+			name: "empty name",
+			ctx:  iamOwnerCtx,
+			req: &project.CreateProjectRequest{
+				Name: "",
+			},
+			wantErr: true,
+		},
+		{
+			name: "empty organization",
+			ctx:  iamOwnerCtx,
+			req: &project.CreateProjectRequest{
+				Name:           gofakeit.Name(),
+				OrganizationId: "",
+			},
+			wantErr: true,
+		},
+		{
+			name: "already existing, error",
+			ctx:  iamOwnerCtx,
+			req: &project.CreateProjectRequest{
+				Name:           alreadyExistingProjectName,
+				OrganizationId: orgResp.GetOrganizationId(),
+			},
+			wantErr: true,
+		},
+		{
+			name: "empty, ok",
+			ctx:  iamOwnerCtx,
+			req: &project.CreateProjectRequest{
+				Name:           gofakeit.Name(),
+				OrganizationId: orgResp.GetOrganizationId(),
+			},
+			want: want{
+				id:           true,
+				creationDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			got, err := instance.Client.Projectv2Beta.CreateProject(tt.ctx, tt.req)
+			changeDate := time.Now().UTC()
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assertCreateProjectResponse(t, creationDate, changeDate, tt.want.creationDate, tt.want.id, got)
+		})
+	}
+}
+
+func TestServer_CreateProject_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type want struct {
+		id           bool
+		creationDate bool
+	}
+	tests := []struct {
+		name string
+		ctx  context.Context
+		req  *project.CreateProjectRequest
+		want
+		wantErr bool
+	}{
+		{
+			name: "unauthenticated",
+			ctx:  CTX,
+			req: &project.CreateProjectRequest{
+				Name:           gofakeit.Name(),
+				OrganizationId: orgResp.GetOrganizationId(),
+			},
+			wantErr: true,
+		},
+		{
+			name: "missing permission",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+			req: &project.CreateProjectRequest{
+				Name:           gofakeit.Name(),
+				OrganizationId: orgResp.GetOrganizationId(),
+			},
+			wantErr: true,
+		},
+		{
+			name: "missing permission, other organization",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			req: &project.CreateProjectRequest{
+				Name:           gofakeit.Name(),
+				OrganizationId: orgResp.GetOrganizationId(),
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, ok",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			req: &project.CreateProjectRequest{
+				Name:           gofakeit.Name(),
+				OrganizationId: instance.DefaultOrg.GetId(),
+			},
+			want: want{
+				id:           true,
+				creationDate: true,
+			},
+		},
+		{
+			name: "instance owner, ok",
+			ctx:  iamOwnerCtx,
+			req: &project.CreateProjectRequest{
+				Name:           gofakeit.Name(),
+				OrganizationId: orgResp.GetOrganizationId(),
+			},
+			want: want{
+				id:           true,
+				creationDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			got, err := instance.Client.Projectv2Beta.CreateProject(tt.ctx, tt.req)
+			changeDate := time.Now().UTC()
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assertCreateProjectResponse(t, creationDate, changeDate, tt.want.creationDate, tt.want.id, got)
+		})
+	}
+}
+
+func assertCreateProjectResponse(t *testing.T, creationDate, changeDate time.Time, expectedCreationDate, expectedID bool, actualResp *project.CreateProjectResponse) {
+	if expectedCreationDate {
+		if !changeDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetCreationDate().AsTime(), creationDate, changeDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetCreationDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.CreationDate)
+	}
+
+	if expectedID {
+		assert.NotEmpty(t, actualResp.GetId())
+	} else {
+		assert.Nil(t, actualResp.Id)
+	}
+}
+
+func TestServer_UpdateProject(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.UpdateProjectRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.UpdateProjectRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "not existing",
+			prepare: func(request *project.UpdateProjectRequest) {
+				request.Id = "notexisting"
+				return
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectRequest{
+					Name: gu.Ptr(gofakeit.Name()),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "no change, ok",
+			prepare: func(request *project.UpdateProjectRequest) {
+				name := gofakeit.AppName()
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name, false, false).GetId()
+				request.Id = projectID
+				request.Name = gu.Ptr(name)
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectRequest{},
+			},
+			want: want{
+				change:     false,
+				changeDate: true,
+			},
+		},
+		{
+			name: "change name, ok",
+			prepare: func(request *project.UpdateProjectRequest) {
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectRequest{
+					Name: gu.Ptr(gofakeit.AppName()),
+				},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+		{
+			name: "change full, ok",
+			prepare: func(request *project.UpdateProjectRequest) {
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectRequest{
+					Name:                   gu.Ptr(gofakeit.AppName()),
+					ProjectRoleAssertion:   gu.Ptr(true),
+					ProjectRoleCheck:       gu.Ptr(true),
+					HasProjectCheck:        gu.Ptr(true),
+					PrivateLabelingSetting: gu.Ptr(project.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY),
+				},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			tt.prepare(tt.args.req)
+
+			got, err := instance.Client.Projectv2Beta.UpdateProject(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertUpdateProjectResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func TestServer_UpdateProject_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.UpdateProjectRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.UpdateProjectRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "unauthenticated",
+			prepare: func(request *project.UpdateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+			},
+			args: args{
+				ctx: CTX,
+				req: &project.UpdateProjectRequest{
+					Name: gu.Ptr(gofakeit.Name()),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "missing permission",
+			prepare: func(request *project.UpdateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				req: &project.UpdateProjectRequest{
+					Name: gu.Ptr(gofakeit.Name()),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "missing permission, other organization",
+			prepare: func(request *project.UpdateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.UpdateProjectRequest{
+					Name: gu.Ptr(gofakeit.Name()),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, ok",
+			prepare: func(request *project.UpdateProjectRequest) {
+				projectID := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.UpdateProjectRequest{
+					Name: gu.Ptr(gofakeit.AppName()),
+				},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+		{
+			name: "instance owner, ok",
+			prepare: func(request *project.UpdateProjectRequest) {
+				projectID := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.UpdateProjectRequest{
+					Name: gu.Ptr(gofakeit.AppName()),
+				},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			tt.prepare(tt.args.req)
+
+			got, err := instance.Client.Projectv2Beta.UpdateProject(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertUpdateProjectResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func assertUpdateProjectResponse(t *testing.T, creationDate, changeDate time.Time, expectedChangeDate bool, actualResp *project.UpdateProjectResponse) {
+	if expectedChangeDate {
+		if !changeDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, changeDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.ChangeDate)
+	}
+}
+
+func TestServer_DeleteProject(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	tests := []struct {
+		name             string
+		ctx              context.Context
+		prepare          func(request *project.DeleteProjectRequest) (time.Time, time.Time)
+		req              *project.DeleteProjectRequest
+		wantDeletionDate bool
+		wantErr          bool
+	}{
+		{
+			name: "empty id",
+			ctx:  iamOwnerCtx,
+			req: &project.DeleteProjectRequest{
+				Id: "",
+			},
+			wantErr: true,
+		},
+		{
+			name: "delete, not existing",
+			ctx:  iamOwnerCtx,
+			req: &project.DeleteProjectRequest{
+				Id: "notexisting",
+			},
+			wantDeletionDate: false,
+		},
+		{
+			name: "delete",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.DeleteProjectRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+				return creationDate, time.Time{}
+			},
+			req:              &project.DeleteProjectRequest{},
+			wantDeletionDate: true,
+		},
+		{
+			name: "delete, already removed",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.DeleteProjectRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+				instance.DeleteProject(iamOwnerCtx, t, projectID)
+				return creationDate, time.Now().UTC()
+			},
+			req:              &project.DeleteProjectRequest{},
+			wantDeletionDate: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var creationDate, deletionDate time.Time
+			if tt.prepare != nil {
+				creationDate, deletionDate = tt.prepare(tt.req)
+			}
+			got, err := instance.Client.Projectv2Beta.DeleteProject(tt.ctx, tt.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assertDeleteProjectResponse(t, creationDate, deletionDate, tt.wantDeletionDate, got)
+		})
+	}
+}
+
+func TestServer_DeleteProject_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	tests := []struct {
+		name             string
+		ctx              context.Context
+		prepare          func(request *project.DeleteProjectRequest) (time.Time, time.Time)
+		req              *project.DeleteProjectRequest
+		wantDeletionDate bool
+		wantErr          bool
+	}{
+		{
+			name: "unauthenticated",
+			ctx:  CTX,
+			prepare: func(request *project.DeleteProjectRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+				return creationDate, time.Time{}
+			},
+			req:     &project.DeleteProjectRequest{},
+			wantErr: true,
+		},
+		{
+			name: "missing permission",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+			prepare: func(request *project.DeleteProjectRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+				return creationDate, time.Time{}
+			},
+			req:     &project.DeleteProjectRequest{},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, other org",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			prepare: func(request *project.DeleteProjectRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+				return creationDate, time.Time{}
+			},
+			req:     &project.DeleteProjectRequest{},
+			wantErr: true,
+		},
+		{
+			name: "organization owner",
+			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			prepare: func(request *project.DeleteProjectRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectID := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+				return creationDate, time.Time{}
+			},
+			req:              &project.DeleteProjectRequest{},
+			wantDeletionDate: true,
+		},
+		{
+			name: "instance owner",
+			ctx:  iamOwnerCtx,
+			prepare: func(request *project.DeleteProjectRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectID := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+				return creationDate, time.Time{}
+			},
+			req:              &project.DeleteProjectRequest{},
+			wantDeletionDate: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var creationDate, deletionDate time.Time
+			if tt.prepare != nil {
+				creationDate, deletionDate = tt.prepare(tt.req)
+			}
+			got, err := instance.Client.Projectv2Beta.DeleteProject(tt.ctx, tt.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assertDeleteProjectResponse(t, creationDate, deletionDate, tt.wantDeletionDate, got)
+		})
+	}
+}
+
+func assertDeleteProjectResponse(t *testing.T, creationDate, deletionDate time.Time, expectedDeletionDate bool, actualResp *project.DeleteProjectResponse) {
+	if expectedDeletionDate {
+		if !deletionDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetDeletionDate().AsTime(), creationDate, deletionDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetDeletionDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.DeletionDate)
+	}
+}
+
+func TestServer_DeactivateProject(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.DeactivateProjectRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.DeactivateProjectRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "not existing",
+			prepare: func(request *project.DeactivateProjectRequest) {
+				request.Id = "notexisting"
+				return
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.DeactivateProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "no change, ok",
+			prepare: func(request *project.DeactivateProjectRequest) {
+				name := gofakeit.AppName()
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name, false, false).GetId()
+				request.Id = projectID
+				instance.DeactivateProject(iamOwnerCtx, t, projectID)
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.DeactivateProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "change, ok",
+			prepare: func(request *project.DeactivateProjectRequest) {
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.DeactivateProjectRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			tt.prepare(tt.args.req)
+
+			got, err := instance.Client.Projectv2Beta.DeactivateProject(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertDeactivateProjectResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func TestServer_DeactivateProject_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.DeactivateProjectRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.DeactivateProjectRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "unauthenticated",
+			prepare: func(request *project.DeactivateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+			},
+			args: args{
+				ctx: CTX,
+				req: &project.DeactivateProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "missing permission",
+			prepare: func(request *project.DeactivateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				req: &project.DeactivateProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, other org",
+			prepare: func(request *project.DeactivateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.DeactivateProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner",
+			prepare: func(request *project.DeactivateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.DeactivateProjectRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+		{
+			name: "instance owner",
+			prepare: func(request *project.DeactivateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.DeactivateProjectRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			tt.prepare(tt.args.req)
+
+			got, err := instance.Client.Projectv2Beta.DeactivateProject(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertDeactivateProjectResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func assertDeactivateProjectResponse(t *testing.T, creationDate, changeDate time.Time, expectedChangeDate bool, actualResp *project.DeactivateProjectResponse) {
+	if expectedChangeDate {
+		if !changeDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, changeDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.ChangeDate)
+	}
+}
+
+func TestServer_ActivateProject(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.ActivateProjectRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.ActivateProjectRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "missing permission",
+			prepare: func(request *project.ActivateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				req: &project.ActivateProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "not existing",
+			prepare: func(request *project.ActivateProjectRequest) {
+				request.Id = "notexisting"
+				return
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ActivateProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "no change, ok",
+			prepare: func(request *project.ActivateProjectRequest) {
+				name := gofakeit.AppName()
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name, false, false).GetId()
+				request.Id = projectID
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ActivateProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "change, ok",
+			prepare: func(request *project.ActivateProjectRequest) {
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+				instance.DeactivateProject(iamOwnerCtx, t, projectID)
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ActivateProjectRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			tt.prepare(tt.args.req)
+
+			got, err := instance.Client.Projectv2Beta.ActivateProject(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertActivateProjectResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func TestServer_ActivateProject_Permission(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+	type args struct {
+		ctx context.Context
+		req *project.ActivateProjectRequest
+	}
+	type want struct {
+		change     bool
+		changeDate bool
+	}
+	tests := []struct {
+		name    string
+		prepare func(request *project.ActivateProjectRequest)
+		args    args
+		want    want
+		wantErr bool
+	}{
+		{
+			name: "unauthenticated",
+			prepare: func(request *project.ActivateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+				instance.DeactivateProject(iamOwnerCtx, t, projectResp.GetId())
+			},
+			args: args{
+				ctx: CTX,
+				req: &project.ActivateProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "missing permission",
+			prepare: func(request *project.ActivateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+				instance.DeactivateProject(iamOwnerCtx, t, projectResp.GetId())
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				req: &project.ActivateProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner, other org",
+			prepare: func(request *project.ActivateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+				instance.DeactivateProject(iamOwnerCtx, t, projectResp.GetId())
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.ActivateProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "organization owner",
+			prepare: func(request *project.ActivateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+				instance.DeactivateProject(iamOwnerCtx, t, projectResp.GetId())
+			},
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				req: &project.ActivateProjectRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+		{
+			name: "instance owner",
+			prepare: func(request *project.ActivateProjectRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				request.Id = projectResp.GetId()
+				instance.DeactivateProject(iamOwnerCtx, t, projectResp.GetId())
+			},
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ActivateProjectRequest{},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			creationDate := time.Now().UTC()
+			tt.prepare(tt.args.req)
+
+			got, err := instance.Client.Projectv2Beta.ActivateProject(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			changeDate := time.Time{}
+			if tt.want.change {
+				changeDate = time.Now().UTC()
+			}
+			assert.NoError(t, err)
+			assertActivateProjectResponse(t, creationDate, changeDate, tt.want.changeDate, got)
+		})
+	}
+}
+
+func assertActivateProjectResponse(t *testing.T, creationDate, changeDate time.Time, expectedChangeDate bool, actualResp *project.ActivateProjectResponse) {
+	if expectedChangeDate {
+		if !changeDate.IsZero() {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, changeDate)
+		} else {
+			assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, time.Now().UTC())
+		}
+	} else {
+		assert.Nil(t, actualResp.ChangeDate)
+	}
+}
diff --git a/internal/api/grpc/project/v2beta/integration/query_test.go b/internal/api/grpc/project/v2beta/integration/query_test.go
new file mode 100644
index 0000000000..f959bfe2f8
--- /dev/null
+++ b/internal/api/grpc/project/v2beta/integration/query_test.go
@@ -0,0 +1,1738 @@
+//go:build integration
+
+package project_test
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	filter "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta"
+	project "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
+)
+
+func TestServer_GetProject(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+
+	type args struct {
+		ctx context.Context
+		dep func(*project.GetProjectRequest, *project.GetProjectResponse)
+		req *project.GetProjectRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *project.GetProjectResponse
+		wantErr bool
+	}{
+		{
+			name: "missing permission",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				dep: func(request *project.GetProjectRequest, response *project.GetProjectResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					resp := createProject(iamOwnerCtx, instance, t, orgID, false, false)
+
+					request.Id = resp.GetId()
+				},
+				req: &project.GetProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "missing permission, other org owner",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.GetProjectRequest, response *project.GetProjectResponse) {
+					name := gofakeit.AppName()
+					orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name, false, false)
+
+					request.Id = resp.GetId()
+				},
+				req: &project.GetProjectRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "not found",
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.GetProjectRequest{Id: "notexisting"},
+			},
+			wantErr: true,
+		},
+		{
+			name: "get, ok",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.GetProjectRequest, response *project.GetProjectResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					resp := createProject(iamOwnerCtx, instance, t, orgID, false, false)
+
+					request.Id = resp.GetId()
+					response.Project = resp
+				},
+				req: &project.GetProjectRequest{},
+			},
+			want: &project.GetProjectResponse{
+				Project: &project.Project{
+					State:                  1,
+					ProjectRoleAssertion:   false,
+					ProjectAccessRequired:  false,
+					AuthorizationRequired:  false,
+					PrivateLabelingSetting: project.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED,
+				},
+			},
+		},
+		{
+			name: "get, ok, org owner",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.GetProjectRequest, response *project.GetProjectResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					resp := createProject(iamOwnerCtx, instance, t, orgID, false, false)
+
+					request.Id = resp.GetId()
+					response.Project = resp
+				},
+				req: &project.GetProjectRequest{},
+			},
+			want: &project.GetProjectResponse{
+				Project: &project.Project{},
+			},
+		},
+		{
+			name: "get, full, ok",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.GetProjectRequest, response *project.GetProjectResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					resp := createProject(iamOwnerCtx, instance, t, orgID, true, true)
+
+					request.Id = resp.GetId()
+					response.Project = resp
+				},
+				req: &project.GetProjectRequest{},
+			},
+			want: &project.GetProjectResponse{
+				Project: &project.Project{},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.args.dep != nil {
+				tt.args.dep(tt.args.req, tt.want)
+			}
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(iamOwnerCtx, 2*time.Minute)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				got, err := instance.Client.Projectv2Beta.GetProject(tt.args.ctx, tt.args.req)
+				if tt.wantErr {
+					assert.Error(ttt, err)
+					return
+				}
+				assert.NoError(ttt, err)
+				assert.EqualExportedValues(ttt, tt.want, got)
+			}, retryDuration, tick, "timeout waiting for expected project result")
+		})
+	}
+}
+
+func TestServer_ListProjects(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	type args struct {
+		ctx context.Context
+		dep func(*project.ListProjectsRequest, *project.ListProjectsResponse)
+		req *project.ListProjectsRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *project.ListProjectsResponse
+		wantErr bool
+	}{
+		{
+			name: "list by id, unauthenticated",
+			args: args{
+				ctx: CTX,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					name := gofakeit.AppName()
+					orgID := instance.DefaultOrg.GetId()
+					resp := instance.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{resp.GetId()},
+						},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "list by id, no permission",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					name := gofakeit.AppName()
+					orgID := instance.DefaultOrg.GetId()
+					resp := instance.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{resp.GetId()},
+						},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "list by id, missing permission",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					name := gofakeit.AppName()
+					orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name, false, false)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{resp.GetId()},
+						},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{},
+			},
+		},
+		{
+			name: "list, not found",
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{
+						{Filter: &project.ProjectSearchFilter_InProjectIdsFilter{
+							InProjectIdsFilter: &project.InProjectIDsFilter{
+								ProjectIds: []string{"notfound"},
+							},
+						},
+						},
+					},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  0,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list single id",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					response.Projects[0] = createProject(iamOwnerCtx, instance, t, orgID, false, false)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{response.Projects[0].GetId()},
+						},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+				},
+			},
+		},
+		{
+			name: "list single name",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					response.Projects[0] = createProject(iamOwnerCtx, instance, t, orgID, false, false)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_ProjectNameFilter{
+						ProjectNameFilter: &project.ProjectNameFilter{
+							ProjectName: response.Projects[0].Name,
+						},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{
+						State:                  1,
+						ProjectRoleAssertion:   false,
+						ProjectAccessRequired:  false,
+						AuthorizationRequired:  false,
+						PrivateLabelingSetting: project.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED,
+					},
+				},
+			},
+		},
+		{
+			name: "list multiple id",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					response.Projects[2] = createProject(iamOwnerCtx, instance, t, orgID, false, false)
+					response.Projects[1] = createProject(iamOwnerCtx, instance, t, orgID, true, false)
+					response.Projects[0] = createProject(iamOwnerCtx, instance, t, orgID, false, true)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{response.Projects[0].GetId(), response.Projects[1].GetId(), response.Projects[2].GetId()},
+						},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  3,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+					{},
+					{},
+				},
+			},
+		},
+		{
+			name: "list multiple id, limited permissions",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					resp1 := createProject(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), false, false)
+					resp2 := createProject(iamOwnerCtx, instance, t, orgID, true, false)
+					resp3 := createProject(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), false, true)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{resp1.GetId(), resp2.GetId(), resp3.GetId()},
+						},
+					}
+
+					response.Projects[0] = resp2
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  3,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+				},
+			},
+		},
+		{
+			name: "list project and granted projects",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					projectResp := createProject(iamOwnerCtx, instance, t, orgID, true, true)
+					response.Projects[3] = projectResp
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+					response.Projects[2] = createGrantedProject(iamOwnerCtx, instance, t, projectResp)
+					response.Projects[1] = createGrantedProject(iamOwnerCtx, instance, t, projectResp)
+					response.Projects[0] = createGrantedProject(iamOwnerCtx, instance, t, projectResp)
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  4,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+					{},
+					{},
+					{},
+				},
+			},
+		},
+		{
+			name: "list project and granted projects, organization",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					projectResp := createProject(iamOwnerCtx, instance, t, orgID, true, true)
+
+					grantedProjectResp := createGrantedProject(iamOwnerCtx, instance, t, projectResp)
+					response.Projects[1] = grantedProjectResp
+					response.Projects[0] = createProject(iamOwnerCtx, instance, t, *grantedProjectResp.GrantedOrganizationId, true, true)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_ProjectOrganizationIdFilter{
+						ProjectOrganizationIdFilter: &project.ProjectOrganizationIDFilter{ProjectOrganizationId: *grantedProjectResp.GrantedOrganizationId},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  2,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+					{},
+				},
+			},
+		},
+		{
+			name: "list project and granted projects, project resourceowner",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					projectResp := createProject(iamOwnerCtx, instance, t, orgID, true, true)
+
+					grantedProjectResp := createGrantedProject(iamOwnerCtx, instance, t, projectResp)
+					response.Projects[0] = createProject(iamOwnerCtx, instance, t, *grantedProjectResp.GrantedOrganizationId, true, true)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_ProjectResourceOwnerFilter{
+						ProjectResourceOwnerFilter: &project.ProjectResourceOwnerFilter{ProjectResourceOwner: *grantedProjectResp.GrantedOrganizationId},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.args.dep != nil {
+				tt.args.dep(tt.args.req, tt.want)
+			}
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(iamOwnerCtx, time.Minute)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				got, listErr := instance.Client.Projectv2Beta.ListProjects(tt.args.ctx, tt.args.req)
+				if tt.wantErr {
+					require.Error(ttt, listErr)
+					return
+				}
+				require.NoError(ttt, listErr)
+
+				// always first check length, otherwise its failed anyway
+				if assert.Len(ttt, got.Projects, len(tt.want.Projects)) {
+					for i := range tt.want.Projects {
+						assert.EqualExportedValues(ttt, tt.want.Projects[i], got.Projects[i])
+					}
+				}
+				assertPaginationResponse(ttt, tt.want.Pagination, got.Pagination)
+			}, retryDuration, tick, "timeout waiting for expected execution result")
+		})
+	}
+}
+
+func TestServer_ListProjects_PermissionV2(t *testing.T) {
+	ensureFeaturePermissionV2Enabled(t, instancePermissionV2)
+	iamOwnerCtx := instancePermissionV2.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	orgID := instancePermissionV2.DefaultOrg.GetId()
+
+	type args struct {
+		ctx context.Context
+		dep func(*project.ListProjectsRequest, *project.ListProjectsResponse)
+		req *project.ListProjectsRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *project.ListProjectsResponse
+		wantErr bool
+	}{
+		{
+			name: "list by id, unauthenticated",
+			args: args{
+				ctx: CTX,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					resp := createProject(iamOwnerCtx, instancePermissionV2, t, orgID, false, false)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{resp.GetId()},
+						},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "list by id, no permission",
+			args: args{
+				ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					resp := createProject(iamOwnerCtx, instancePermissionV2, t, orgID, false, false)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{resp.GetId()},
+						},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "list by id, missing permission",
+			args: args{
+				ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					resp := createProject(iamOwnerCtx, instancePermissionV2, t, orgResp.GetOrganizationId(), false, false)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{resp.GetId()},
+						},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  0,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{},
+			},
+		},
+		{
+			name: "list, not found",
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{
+						{Filter: &project.ProjectSearchFilter_InProjectIdsFilter{
+							InProjectIdsFilter: &project.InProjectIDsFilter{
+								ProjectIds: []string{"notfound"},
+							},
+						},
+						},
+					},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  0,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list single id",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					response.Projects[0] = createProject(iamOwnerCtx, instancePermissionV2, t, orgID, false, false)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{response.Projects[0].GetId()},
+						},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+				},
+			},
+		},
+		{
+			name: "list single name",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					response.Projects[0] = createProject(iamOwnerCtx, instancePermissionV2, t, orgID, false, false)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_ProjectNameFilter{
+						ProjectNameFilter: &project.ProjectNameFilter{
+							ProjectName: response.Projects[0].Name,
+						},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+				},
+			},
+		},
+		{
+			name: "list multiple id",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					response.Projects[2] = createProject(iamOwnerCtx, instancePermissionV2, t, orgID, false, false)
+					response.Projects[1] = createProject(iamOwnerCtx, instancePermissionV2, t, orgID, true, false)
+					response.Projects[0] = createProject(iamOwnerCtx, instancePermissionV2, t, orgID, false, true)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{response.Projects[0].GetId(), response.Projects[1].GetId(), response.Projects[2].GetId()},
+						},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  3,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+					{},
+					{},
+				},
+			},
+		},
+		{
+			name: "list project and granted projects",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					projectResp := createProject(iamOwnerCtx, instancePermissionV2, t, orgID, true, true)
+					response.Projects[3] = projectResp
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+					response.Projects[2] = createGrantedProject(iamOwnerCtx, instancePermissionV2, t, projectResp)
+					response.Projects[1] = createGrantedProject(iamOwnerCtx, instancePermissionV2, t, projectResp)
+					response.Projects[0] = createGrantedProject(iamOwnerCtx, instancePermissionV2, t, projectResp)
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  4,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+					{},
+					{},
+					{},
+				},
+			},
+		},
+		{
+			name: "list project and granted projects, organization",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					projectResp := createProject(iamOwnerCtx, instancePermissionV2, t, orgID, true, true)
+
+					grantedProjectResp := createGrantedProject(iamOwnerCtx, instancePermissionV2, t, projectResp)
+					response.Projects[1] = grantedProjectResp
+					response.Projects[0] = createProject(iamOwnerCtx, instancePermissionV2, t, *grantedProjectResp.GrantedOrganizationId, true, true)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_ProjectOrganizationIdFilter{
+						ProjectOrganizationIdFilter: &project.ProjectOrganizationIDFilter{ProjectOrganizationId: *grantedProjectResp.GrantedOrganizationId},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  2,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+					{},
+				},
+			},
+		},
+		{
+			name: "list project and granted projects, project resourceowner",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					projectResp := createProject(iamOwnerCtx, instancePermissionV2, t, orgID, true, true)
+
+					grantedProjectResp := createGrantedProject(iamOwnerCtx, instancePermissionV2, t, projectResp)
+					response.Projects[0] = createProject(iamOwnerCtx, instancePermissionV2, t, *grantedProjectResp.GrantedOrganizationId, true, true)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_ProjectResourceOwnerFilter{
+						ProjectResourceOwnerFilter: &project.ProjectResourceOwnerFilter{ProjectResourceOwner: *grantedProjectResp.GrantedOrganizationId},
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+				},
+			},
+		},
+		{
+			name: "list multiple id, limited permissions",
+			args: args{
+				ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					resp1 := createProject(iamOwnerCtx, instancePermissionV2, t, orgResp.GetOrganizationId(), false, false)
+					resp2 := createProject(iamOwnerCtx, instancePermissionV2, t, orgID, true, false)
+					resp3 := createProject(iamOwnerCtx, instancePermissionV2, t, orgResp.GetOrganizationId(), false, true)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{resp1.GetId(), resp2.GetId(), resp3.GetId()},
+						},
+					}
+
+					response.Projects[0] = resp2
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.args.dep != nil {
+				tt.args.dep(tt.args.req, tt.want)
+			}
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(iamOwnerCtx, time.Minute)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				got, listErr := instancePermissionV2.Client.Projectv2Beta.ListProjects(tt.args.ctx, tt.args.req)
+				if tt.wantErr {
+					require.Error(ttt, listErr)
+					return
+				}
+				require.NoError(ttt, listErr)
+
+				// always first check length, otherwise its failed anyway
+				if assert.Len(ttt, got.Projects, len(tt.want.Projects)) {
+					for i := range tt.want.Projects {
+						assert.EqualExportedValues(ttt, tt.want.Projects[i], got.Projects[i])
+					}
+				}
+				assertPaginationResponse(ttt, tt.want.Pagination, got.Pagination)
+			}, retryDuration, tick, "timeout waiting for expected execution result")
+		})
+	}
+}
+
+func createProject(ctx context.Context, instance *integration.Instance, t *testing.T, orgID string, projectRoleCheck, hasProjectCheck bool) *project.Project {
+	name := gofakeit.AppName()
+	resp := instance.CreateProject(ctx, t, orgID, name, projectRoleCheck, hasProjectCheck)
+	return &project.Project{
+		Id:                     resp.GetId(),
+		Name:                   name,
+		OrganizationId:         orgID,
+		CreationDate:           resp.GetCreationDate(),
+		ChangeDate:             resp.GetCreationDate(),
+		State:                  1,
+		ProjectRoleAssertion:   false,
+		ProjectAccessRequired:  hasProjectCheck,
+		AuthorizationRequired:  projectRoleCheck,
+		PrivateLabelingSetting: project.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED,
+	}
+}
+
+func createGrantedProject(ctx context.Context, instance *integration.Instance, t *testing.T, projectToGrant *project.Project) *project.Project {
+	grantedOrgName := gofakeit.AppName()
+	grantedOrg := instance.CreateOrganization(ctx, grantedOrgName, gofakeit.Email())
+	projectGrantResp := instance.CreateProjectGrant(ctx, t, projectToGrant.GetId(), grantedOrg.GetOrganizationId())
+
+	return &project.Project{
+		Id:                      projectToGrant.GetId(),
+		Name:                    projectToGrant.GetName(),
+		OrganizationId:          projectToGrant.GetOrganizationId(),
+		CreationDate:            projectGrantResp.GetCreationDate(),
+		ChangeDate:              projectGrantResp.GetCreationDate(),
+		State:                   1,
+		ProjectRoleAssertion:    false,
+		ProjectAccessRequired:   projectToGrant.GetProjectAccessRequired(),
+		AuthorizationRequired:   projectToGrant.GetAuthorizationRequired(),
+		PrivateLabelingSetting:  project.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED,
+		GrantedOrganizationId:   gu.Ptr(grantedOrg.GetOrganizationId()),
+		GrantedOrganizationName: gu.Ptr(grantedOrgName),
+		GrantedState:            1,
+	}
+}
+
+func assertPaginationResponse(t *assert.CollectT, expected *filter.PaginationResponse, actual *filter.PaginationResponse) {
+	assert.Equal(t, expected.AppliedLimit, actual.AppliedLimit)
+	assert.Equal(t, expected.TotalResult, actual.TotalResult)
+}
+
+func TestServer_ListProjectGrants(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	type args struct {
+		ctx context.Context
+		dep func(*project.ListProjectGrantsRequest, *project.ListProjectGrantsResponse)
+		req *project.ListProjectGrantsRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *project.ListProjectGrantsResponse
+		wantErr bool
+	}{{
+		name: "list by id, unauthenticated",
+		args: args{
+			ctx: CTX,
+			dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+				request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+					InProjectIdsFilter: &project.InProjectIDsFilter{
+						ProjectIds: []string{projectResp.GetId()},
+					},
+				}
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.Filters[1].Filter = &project.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter{
+					ProjectGrantResourceOwnerFilter: &project.ProjectGrantResourceOwnerFilter{
+						ProjectGrantResourceOwner: grantedOrg.GetOrganizationId(),
+					},
+				}
+
+				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+			},
+			req: &project.ListProjectGrantsRequest{
+				Filters: []*project.ProjectGrantSearchFilter{{}, {}},
+			},
+		},
+		wantErr: true,
+	},
+		{
+			name: "list by id, no permission",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+					grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					request.Filters[1].Filter = &project.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter{
+						ProjectGrantResourceOwnerFilter: &project.ProjectGrantResourceOwnerFilter{
+							ProjectGrantResourceOwner: grantedOrg.GetOrganizationId(),
+						},
+					}
+
+					instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}, {}},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "list, not found",
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{
+						{Filter: &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+							InProjectIdsFilter: &project.InProjectIDsFilter{
+								ProjectIds: []string{"notfound"},
+							},
+						},
+						},
+					},
+				},
+			},
+			want: &project.ListProjectGrantsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  0,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list by id",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					name := gofakeit.AppName()
+					orgID := instance.DefaultOrg.GetId()
+					projectResp := instance.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+
+					response.ProjectGrants[0] = createProjectGrant(iamOwnerCtx, instance, t, orgID, projectResp.GetId(), name)
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectGrantsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				ProjectGrants: []*project.ProjectGrant{
+					{},
+				},
+			},
+		},
+		{
+			name: "list by id, missing permission",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					name := gofakeit.AppName()
+					orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name, false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+
+					createProjectGrant(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), projectResp.GetId(), name)
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectGrantsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				ProjectGrants: []*project.ProjectGrant{},
+			},
+		},
+		{
+			name: "list multiple id",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					name := gofakeit.AppName()
+					orgID := instance.DefaultOrg.GetId()
+					projectResp := instance.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+
+					response.ProjectGrants[2] = createProjectGrant(iamOwnerCtx, instance, t, orgID, projectResp.GetId(), name)
+					response.ProjectGrants[1] = createProjectGrant(iamOwnerCtx, instance, t, orgID, projectResp.GetId(), name)
+					response.ProjectGrants[0] = createProjectGrant(iamOwnerCtx, instance, t, orgID, projectResp.GetId(), name)
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectGrantsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  3,
+					AppliedLimit: 100,
+				},
+				ProjectGrants: []*project.ProjectGrant{
+					{}, {}, {},
+				},
+			},
+		},
+		{
+			name: "list multiple id, limited permissions",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					name1 := gofakeit.AppName()
+					name2 := gofakeit.AppName()
+					name3 := gofakeit.AppName()
+					orgID := instance.DefaultOrg.GetId()
+					orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					project1Resp := instance.CreateProject(iamOwnerCtx, t, orgID, name1, false, false)
+					project2Resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name2, false, false)
+					project3Resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name3, false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{project1Resp.GetId(), project2Resp.GetId(), project3Resp.GetId()},
+						},
+					}
+
+					response.ProjectGrants[0] = createProjectGrant(iamOwnerCtx, instance, t, orgID, project1Resp.GetId(), name1)
+					createProjectGrant(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), project2Resp.GetId(), name2)
+					createProjectGrant(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), project3Resp.GetId(), name3)
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectGrantsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  3,
+					AppliedLimit: 100,
+				},
+				ProjectGrants: []*project.ProjectGrant{
+					{},
+				},
+			},
+		}, {
+			name: "list single id with role",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					name := gofakeit.AppName()
+					orgID := instance.DefaultOrg.GetId()
+					projectResp := instance.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+					projectRoleResp := addProjectRole(iamOwnerCtx, instance, t, projectResp.GetId())
+					response.ProjectGrants[0] = createProjectGrant(iamOwnerCtx, instance, t, orgID, projectResp.GetId(), name, projectRoleResp.Key)
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectGrantsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				ProjectGrants: []*project.ProjectGrant{
+					{},
+				},
+			},
+		},
+		{
+			name: "list single id with removed role",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					name := gofakeit.AppName()
+					orgID := instance.DefaultOrg.GetId()
+					projectResp := instance.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+					projectRoleResp := addProjectRole(iamOwnerCtx, instance, t, projectResp.GetId())
+					response.ProjectGrants[0] = createProjectGrant(iamOwnerCtx, instance, t, orgID, projectResp.GetId(), name, projectRoleResp.Key)
+
+					removeRoleResp := instance.RemoveProjectRole(iamOwnerCtx, t, projectResp.GetId(), projectRoleResp.Key)
+					response.ProjectGrants[0].GrantedRoleKeys = nil
+					response.ProjectGrants[0].ChangeDate = removeRoleResp.GetRemovalDate()
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectGrantsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				ProjectGrants: []*project.ProjectGrant{
+					{},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.args.dep != nil {
+				tt.args.dep(tt.args.req, tt.want)
+			}
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(iamOwnerCtx, time.Minute)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				got, listErr := instance.Client.Projectv2Beta.ListProjectGrants(tt.args.ctx, tt.args.req)
+				if tt.wantErr {
+					require.Error(ttt, listErr, "Error: "+listErr.Error())
+					return
+				}
+				require.NoError(ttt, listErr)
+
+				// always first check length, otherwise its failed anyway
+				if assert.Len(ttt, got.ProjectGrants, len(tt.want.ProjectGrants)) {
+					for i := range tt.want.ProjectGrants {
+						assert.EqualExportedValues(ttt, tt.want.ProjectGrants[i], got.ProjectGrants[i])
+					}
+				}
+				assertPaginationResponse(ttt, tt.want.Pagination, got.Pagination)
+			}, retryDuration, tick, "timeout waiting for expected execution result")
+		})
+	}
+}
+
+func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
+	ensureFeaturePermissionV2Enabled(t, instancePermissionV2)
+	iamOwnerCtx := instancePermissionV2.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+
+	type args struct {
+		ctx context.Context
+		dep func(*project.ListProjectGrantsRequest, *project.ListProjectGrantsResponse)
+		req *project.ListProjectGrantsRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *project.ListProjectGrantsResponse
+		wantErr bool
+	}{
+		{
+			name: "list by id, unauthenticated",
+			args: args{
+				ctx: CTX,
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, instancePermissionV2.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+					grantedOrg := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					request.Filters[1].Filter = &project.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter{
+						ProjectGrantResourceOwnerFilter: &project.ProjectGrantResourceOwnerFilter{
+							ProjectGrantResourceOwner: grantedOrg.GetOrganizationId(),
+						},
+					}
+
+					instancePermissionV2.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}, {}},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "list by id, no permission",
+			args: args{
+				ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, instancePermissionV2.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+					grantedOrg := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					request.Filters[1].Filter = &project.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter{
+						ProjectGrantResourceOwnerFilter: &project.ProjectGrantResourceOwnerFilter{
+							ProjectGrantResourceOwner: grantedOrg.GetOrganizationId(),
+						},
+					}
+
+					instancePermissionV2.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}, {}},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "list by id",
+			args: args{
+				ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					name := gofakeit.AppName()
+					orgID := instancePermissionV2.DefaultOrg.GetId()
+					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+
+					response.ProjectGrants[0] = createProjectGrant(iamOwnerCtx, instancePermissionV2, t, orgID, projectResp.GetId(), name)
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectGrantsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				ProjectGrants: []*project.ProjectGrant{
+					{},
+				},
+			},
+		},
+		{
+			name: "list by id, missing permission",
+			args: args{
+				ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					name := gofakeit.AppName()
+					orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name, false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+
+					createProjectGrant(iamOwnerCtx, instancePermissionV2, t, orgResp.GetOrganizationId(), projectResp.GetId(), name)
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectGrantsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  0,
+					AppliedLimit: 100,
+				},
+				ProjectGrants: []*project.ProjectGrant{},
+			},
+		},
+		{
+			name: "list multiple id",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					name := gofakeit.AppName()
+					orgID := instancePermissionV2.DefaultOrg.GetId()
+					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{projectResp.GetId()},
+						},
+					}
+
+					response.ProjectGrants[2] = createProjectGrant(iamOwnerCtx, instancePermissionV2, t, orgID, projectResp.GetId(), name)
+					response.ProjectGrants[1] = createProjectGrant(iamOwnerCtx, instancePermissionV2, t, orgID, projectResp.GetId(), name)
+					response.ProjectGrants[0] = createProjectGrant(iamOwnerCtx, instancePermissionV2, t, orgID, projectResp.GetId(), name)
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectGrantsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  3,
+					AppliedLimit: 100,
+				},
+				ProjectGrants: []*project.ProjectGrant{
+					{}, {}, {},
+				},
+			},
+		},
+		{
+			name: "list multiple id, limited permissions",
+			args: args{
+				ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					name1 := gofakeit.AppName()
+					name2 := gofakeit.AppName()
+					name3 := gofakeit.AppName()
+					orgID := instancePermissionV2.DefaultOrg.GetId()
+					orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					project1Resp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgID, name1, false, false)
+					project2Resp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name2, false, false)
+					project3Resp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name3, false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{project1Resp.GetId(), project2Resp.GetId(), project3Resp.GetId()},
+						},
+					}
+
+					response.ProjectGrants[0] = createProjectGrant(iamOwnerCtx, instancePermissionV2, t, orgID, project1Resp.GetId(), name1)
+					createProjectGrant(iamOwnerCtx, instancePermissionV2, t, orgResp.GetOrganizationId(), project2Resp.GetId(), name2)
+					createProjectGrant(iamOwnerCtx, instancePermissionV2, t, orgResp.GetOrganizationId(), project3Resp.GetId(), name3)
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectGrantsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				ProjectGrants: []*project.ProjectGrant{
+					{},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.args.dep != nil {
+				tt.args.dep(tt.args.req, tt.want)
+			}
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(iamOwnerCtx, time.Minute)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				got, listErr := instancePermissionV2.Client.Projectv2Beta.ListProjectGrants(tt.args.ctx, tt.args.req)
+				if tt.wantErr {
+					require.Error(ttt, listErr, "Error: "+listErr.Error())
+					return
+				}
+				require.NoError(ttt, listErr)
+
+				// always first check length, otherwise its failed anyway
+				if assert.Len(ttt, got.ProjectGrants, len(tt.want.ProjectGrants)) {
+					for i := range tt.want.ProjectGrants {
+						assert.EqualExportedValues(ttt, tt.want.ProjectGrants[i], got.ProjectGrants[i])
+					}
+				}
+				assertPaginationResponse(ttt, tt.want.Pagination, got.Pagination)
+			}, retryDuration, tick, "timeout waiting for expected execution result")
+		})
+	}
+}
+
+func createProjectGrant(ctx context.Context, instance *integration.Instance, t *testing.T, orgID, projectID, projectName string, roles ...string) *project.ProjectGrant {
+	grantedOrgName := gofakeit.AppName()
+	grantedOrg := instance.CreateOrganization(ctx, grantedOrgName, gofakeit.Email())
+	projectGrantResp := instance.CreateProjectGrant(ctx, t, projectID, grantedOrg.GetOrganizationId(), roles...)
+
+	return &project.ProjectGrant{
+		OrganizationId:          orgID,
+		CreationDate:            projectGrantResp.GetCreationDate(),
+		ChangeDate:              projectGrantResp.GetCreationDate(),
+		GrantedOrganizationId:   grantedOrg.GetOrganizationId(),
+		GrantedOrganizationName: grantedOrgName,
+		ProjectId:               projectID,
+		ProjectName:             projectName,
+		State:                   1,
+		GrantedRoleKeys:         roles,
+	}
+}
+
+func TestServer_ListProjectRoles(t *testing.T) {
+	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	type args struct {
+		ctx context.Context
+		dep func(*project.ListProjectRolesRequest, *project.ListProjectRolesResponse)
+		req *project.ListProjectRolesRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *project.ListProjectRolesResponse
+		wantErr bool
+	}{
+		{
+			name: "list by id, unauthenticated",
+			args: args{
+				ctx: CTX,
+				dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
+					projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+
+					request.ProjectId = projectResp.GetId()
+					addProjectRole(iamOwnerCtx, instance, t, projectResp.GetId())
+				},
+				req: &project.ListProjectRolesRequest{
+					Filters: []*project.ProjectRoleSearchFilter{{}},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "list by id, no permission",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
+					projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+
+					request.ProjectId = projectResp.GetId()
+					addProjectRole(iamOwnerCtx, instance, t, projectResp.GetId())
+				},
+				req: &project.ListProjectRolesRequest{
+					Filters: []*project.ProjectRoleSearchFilter{{}},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "list, not found",
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ListProjectRolesRequest{
+					ProjectId: "notfound",
+				},
+			},
+			want: &project.ListProjectRolesResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  0,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list single id, missing permission",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
+					orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+
+					request.ProjectId = projectResp.GetId()
+					addProjectRole(iamOwnerCtx, instance, t, projectResp.GetId())
+				},
+				req: &project.ListProjectRolesRequest{},
+			},
+			want: &project.ListProjectRolesResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				ProjectRoles: []*project.ProjectRole{},
+			},
+		},
+		{
+			name: "list single id",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					projectResp := instance.CreateProject(iamOwnerCtx, t, orgID, gofakeit.AppName(), false, false)
+
+					request.ProjectId = projectResp.GetId()
+					response.ProjectRoles[0] = addProjectRole(iamOwnerCtx, instance, t, projectResp.GetId())
+				},
+				req: &project.ListProjectRolesRequest{},
+			},
+			want: &project.ListProjectRolesResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				ProjectRoles: []*project.ProjectRole{
+					{},
+				},
+			},
+		},
+		{
+			name: "list multiple id",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					projectResp := instance.CreateProject(iamOwnerCtx, t, orgID, gofakeit.AppName(), false, false)
+
+					request.ProjectId = projectResp.GetId()
+					response.ProjectRoles[2] = addProjectRole(iamOwnerCtx, instance, t, projectResp.GetId())
+					response.ProjectRoles[1] = addProjectRole(iamOwnerCtx, instance, t, projectResp.GetId())
+					response.ProjectRoles[0] = addProjectRole(iamOwnerCtx, instance, t, projectResp.GetId())
+				},
+				req: &project.ListProjectRolesRequest{},
+			},
+			want: &project.ListProjectRolesResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  3,
+					AppliedLimit: 100,
+				},
+				ProjectRoles: []*project.ProjectRole{
+					{}, {}, {},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.args.dep != nil {
+				tt.args.dep(tt.args.req, tt.want)
+			}
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(iamOwnerCtx, time.Minute)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				got, listErr := instance.Client.Projectv2Beta.ListProjectRoles(tt.args.ctx, tt.args.req)
+				if tt.wantErr {
+					require.Error(ttt, listErr, "Error: "+listErr.Error())
+					return
+				}
+				require.NoError(ttt, listErr)
+
+				// always first check length, otherwise its failed anyway
+				if assert.Len(ttt, got.ProjectRoles, len(tt.want.ProjectRoles)) {
+					for i := range tt.want.ProjectRoles {
+						assert.EqualExportedValues(ttt, tt.want.ProjectRoles[i], got.ProjectRoles[i])
+					}
+				}
+				assertPaginationResponse(ttt, tt.want.Pagination, got.Pagination)
+			}, retryDuration, tick, "timeout waiting for expected execution result")
+		})
+	}
+}
+
+func TestServer_ListProjectRoles_PermissionV2(t *testing.T) {
+	ensureFeaturePermissionV2Enabled(t, instancePermissionV2)
+	iamOwnerCtx := instancePermissionV2.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+
+	type args struct {
+		ctx context.Context
+		dep func(*project.ListProjectRolesRequest, *project.ListProjectRolesResponse)
+		req *project.ListProjectRolesRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *project.ListProjectRolesResponse
+		wantErr bool
+	}{
+		{
+			name: "list by id, unauthenticated",
+			args: args{
+				ctx: CTX,
+				dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
+					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, instancePermissionV2.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+
+					request.ProjectId = projectResp.GetId()
+					addProjectRole(iamOwnerCtx, instancePermissionV2, t, projectResp.GetId())
+				},
+				req: &project.ListProjectRolesRequest{
+					Filters: []*project.ProjectRoleSearchFilter{{}},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "list by id, no permission",
+			args: args{
+				ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
+					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, instancePermissionV2.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
+
+					request.ProjectId = projectResp.GetId()
+					addProjectRole(iamOwnerCtx, instancePermissionV2, t, projectResp.GetId())
+				},
+				req: &project.ListProjectRolesRequest{
+					Filters: []*project.ProjectRoleSearchFilter{{}},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "list, not found",
+			args: args{
+				ctx: iamOwnerCtx,
+				req: &project.ListProjectRolesRequest{
+					ProjectId: "notfound",
+				},
+			},
+			want: &project.ListProjectRolesResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  0,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list single id, missing permission",
+			args: args{
+				ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
+					orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+
+					request.ProjectId = projectResp.GetId()
+					addProjectRole(iamOwnerCtx, instancePermissionV2, t, projectResp.GetId())
+				},
+				req: &project.ListProjectRolesRequest{},
+			},
+			want: &project.ListProjectRolesResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  0,
+					AppliedLimit: 100,
+				},
+				ProjectRoles: []*project.ProjectRole{},
+			},
+		},
+		{
+			name: "list single id",
+			args: args{
+				ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
+					orgID := instancePermissionV2.DefaultOrg.GetId()
+					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgID, gofakeit.AppName(), false, false)
+
+					request.ProjectId = projectResp.GetId()
+					response.ProjectRoles[0] = addProjectRole(iamOwnerCtx, instancePermissionV2, t, projectResp.GetId())
+				},
+				req: &project.ListProjectRolesRequest{},
+			},
+			want: &project.ListProjectRolesResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+				ProjectRoles: []*project.ProjectRole{
+					{},
+				},
+			},
+		},
+		{
+			name: "list multiple id",
+			args: args{
+				ctx: iamOwnerCtx,
+				dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
+					orgID := instancePermissionV2.DefaultOrg.GetId()
+					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgID, gofakeit.AppName(), false, false)
+
+					request.ProjectId = projectResp.GetId()
+					response.ProjectRoles[2] = addProjectRole(iamOwnerCtx, instancePermissionV2, t, projectResp.GetId())
+					response.ProjectRoles[1] = addProjectRole(iamOwnerCtx, instancePermissionV2, t, projectResp.GetId())
+					response.ProjectRoles[0] = addProjectRole(iamOwnerCtx, instancePermissionV2, t, projectResp.GetId())
+				},
+				req: &project.ListProjectRolesRequest{},
+			},
+			want: &project.ListProjectRolesResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  3,
+					AppliedLimit: 100,
+				},
+				ProjectRoles: []*project.ProjectRole{
+					{}, {}, {},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.args.dep != nil {
+				tt.args.dep(tt.args.req, tt.want)
+			}
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(iamOwnerCtx, time.Minute)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				got, listErr := instancePermissionV2.Client.Projectv2Beta.ListProjectRoles(tt.args.ctx, tt.args.req)
+				if tt.wantErr {
+					require.Error(ttt, listErr, "Error: "+listErr.Error())
+					return
+				}
+				require.NoError(ttt, listErr)
+
+				// always first check length, otherwise its failed anyway
+				if assert.Len(ttt, got.ProjectRoles, len(tt.want.ProjectRoles)) {
+					for i := range tt.want.ProjectRoles {
+						assert.EqualExportedValues(ttt, tt.want.ProjectRoles[i], got.ProjectRoles[i])
+					}
+				}
+				assertPaginationResponse(ttt, tt.want.Pagination, got.Pagination)
+			}, retryDuration, tick, "timeout waiting for expected execution result")
+		})
+	}
+}
+
+func addProjectRole(ctx context.Context, instance *integration.Instance, t *testing.T, projectID string) *project.ProjectRole {
+	name := gofakeit.Animal()
+	projectRoleResp := instance.AddProjectRole(ctx, t, projectID, name, name, name)
+
+	return &project.ProjectRole{
+		ProjectId:    projectID,
+		CreationDate: projectRoleResp.GetCreationDate(),
+		ChangeDate:   projectRoleResp.GetCreationDate(),
+		Key:          name,
+		DisplayName:  name,
+		Group:        name,
+	}
+}
diff --git a/internal/api/grpc/project/v2beta/integration/server_test.go b/internal/api/grpc/project/v2beta/integration/server_test.go
new file mode 100644
index 0000000000..59d9745222
--- /dev/null
+++ b/internal/api/grpc/project/v2beta/integration/server_test.go
@@ -0,0 +1,63 @@
+//go:build integration
+
+package project_test
+
+import (
+	"context"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
+)
+
+var (
+	CTX                  context.Context
+	instance             *integration.Instance
+	instancePermissionV2 *integration.Instance
+)
+
+func TestMain(m *testing.M) {
+	os.Exit(func() int {
+		ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+		defer cancel()
+		CTX = ctx
+		instance = integration.NewInstance(ctx)
+		instancePermissionV2 = integration.NewInstance(CTX)
+		return m.Run()
+	}())
+}
+
+func ensureFeaturePermissionV2Enabled(t *testing.T, instance *integration.Instance) {
+	ctx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	f, err := instance.Client.FeatureV2.GetInstanceFeatures(ctx, &feature.GetInstanceFeaturesRequest{
+		Inheritance: true,
+	})
+	require.NoError(t, err)
+	if f.PermissionCheckV2.GetEnabled() {
+		return
+	}
+	_, err = instance.Client.FeatureV2.SetInstanceFeatures(ctx, &feature.SetInstanceFeaturesRequest{
+		PermissionCheckV2: gu.Ptr(true),
+	})
+	require.NoError(t, err)
+	retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, 5*time.Minute)
+	require.EventuallyWithT(t,
+		func(ttt *assert.CollectT) {
+			f, err := instance.Client.FeatureV2.GetInstanceFeatures(ctx, &feature.GetInstanceFeaturesRequest{
+				Inheritance: true,
+			})
+			assert.NoError(ttt, err)
+			if f.PermissionCheckV2.GetEnabled() {
+				return
+			}
+		},
+		retryDuration,
+		tick,
+		"timed out waiting for ensuring instance feature")
+}
diff --git a/internal/api/grpc/project/v2beta/project.go b/internal/api/grpc/project/v2beta/project.go
new file mode 100644
index 0000000000..01b478f5be
--- /dev/null
+++ b/internal/api/grpc/project/v2beta/project.go
@@ -0,0 +1,161 @@
+package project
+
+import (
+	"context"
+
+	"github.com/muhlemmer/gu"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/query"
+	project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
+)
+
+func (s *Server) CreateProject(ctx context.Context, req *project_pb.CreateProjectRequest) (*project_pb.CreateProjectResponse, error) {
+	add := projectCreateToCommand(req)
+	project, err := s.command.AddProject(ctx, add)
+	if err != nil {
+		return nil, err
+	}
+	var creationDate *timestamppb.Timestamp
+	if !project.EventDate.IsZero() {
+		creationDate = timestamppb.New(project.EventDate)
+	}
+	return &project_pb.CreateProjectResponse{
+		Id:           add.AggregateID,
+		CreationDate: creationDate,
+	}, nil
+}
+
+func projectCreateToCommand(req *project_pb.CreateProjectRequest) *command.AddProject {
+	var aggregateID string
+	if req.Id != nil {
+		aggregateID = *req.Id
+	}
+	return &command.AddProject{
+		ObjectRoot: models.ObjectRoot{
+			ResourceOwner: req.OrganizationId,
+			AggregateID:   aggregateID,
+		},
+		Name:                   req.Name,
+		ProjectRoleAssertion:   req.ProjectRoleAssertion,
+		ProjectRoleCheck:       req.AuthorizationRequired,
+		HasProjectCheck:        req.ProjectAccessRequired,
+		PrivateLabelingSetting: privateLabelingSettingToDomain(req.PrivateLabelingSetting),
+	}
+}
+
+func privateLabelingSettingToDomain(setting project_pb.PrivateLabelingSetting) domain.PrivateLabelingSetting {
+	switch setting {
+	case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY:
+		return domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy
+	case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY:
+		return domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy
+	case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED:
+		return domain.PrivateLabelingSettingUnspecified
+	default:
+		return domain.PrivateLabelingSettingUnspecified
+	}
+}
+
+func (s *Server) UpdateProject(ctx context.Context, req *project_pb.UpdateProjectRequest) (*project_pb.UpdateProjectResponse, error) {
+	project, err := s.command.ChangeProject(ctx, projectUpdateToCommand(req))
+	if err != nil {
+		return nil, err
+	}
+	var changeDate *timestamppb.Timestamp
+	if !project.EventDate.IsZero() {
+		changeDate = timestamppb.New(project.EventDate)
+	}
+	return &project_pb.UpdateProjectResponse{
+		ChangeDate: changeDate,
+	}, nil
+}
+
+func projectUpdateToCommand(req *project_pb.UpdateProjectRequest) *command.ChangeProject {
+	var labeling *domain.PrivateLabelingSetting
+	if req.PrivateLabelingSetting != nil {
+		labeling = gu.Ptr(privateLabelingSettingToDomain(*req.PrivateLabelingSetting))
+	}
+	return &command.ChangeProject{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.Id,
+		},
+		Name:                   req.Name,
+		ProjectRoleAssertion:   req.ProjectRoleAssertion,
+		ProjectRoleCheck:       req.ProjectRoleCheck,
+		HasProjectCheck:        req.HasProjectCheck,
+		PrivateLabelingSetting: labeling,
+	}
+}
+
+func (s *Server) DeleteProject(ctx context.Context, req *project_pb.DeleteProjectRequest) (*project_pb.DeleteProjectResponse, error) {
+	userGrantIDs, err := s.userGrantsFromProject(ctx, req.Id)
+	if err != nil {
+		return nil, err
+	}
+
+	deletedAt, err := s.command.DeleteProject(ctx, req.Id, "", userGrantIDs...)
+	if err != nil {
+		return nil, err
+	}
+	var deletionDate *timestamppb.Timestamp
+	if !deletedAt.IsZero() {
+		deletionDate = timestamppb.New(deletedAt)
+	}
+	return &project_pb.DeleteProjectResponse{
+		DeletionDate: deletionDate,
+	}, nil
+}
+
+func (s *Server) userGrantsFromProject(ctx context.Context, projectID string) ([]string, error) {
+	projectQuery, err := query.NewUserGrantProjectIDSearchQuery(projectID)
+	if err != nil {
+		return nil, err
+	}
+	userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
+		Queries: []query.SearchQuery{projectQuery},
+	}, false)
+	if err != nil {
+		return nil, err
+	}
+	return userGrantsToIDs(userGrants.UserGrants), nil
+}
+
+func (s *Server) DeactivateProject(ctx context.Context, req *project_pb.DeactivateProjectRequest) (*project_pb.DeactivateProjectResponse, error) {
+	details, err := s.command.DeactivateProject(ctx, req.Id, "")
+	if err != nil {
+		return nil, err
+	}
+	var changeDate *timestamppb.Timestamp
+	if !details.EventDate.IsZero() {
+		changeDate = timestamppb.New(details.EventDate)
+	}
+	return &project_pb.DeactivateProjectResponse{
+		ChangeDate: changeDate,
+	}, nil
+}
+
+func (s *Server) ActivateProject(ctx context.Context, req *project_pb.ActivateProjectRequest) (*project_pb.ActivateProjectResponse, error) {
+	details, err := s.command.ReactivateProject(ctx, req.Id, "")
+	if err != nil {
+		return nil, err
+	}
+	var changeDate *timestamppb.Timestamp
+	if !details.EventDate.IsZero() {
+		changeDate = timestamppb.New(details.EventDate)
+	}
+	return &project_pb.ActivateProjectResponse{
+		ChangeDate: changeDate,
+	}, nil
+}
+
+func userGrantsToIDs(userGrants []*query.UserGrant) []string {
+	converted := make([]string, len(userGrants))
+	for i, grant := range userGrants {
+		converted[i] = grant.ID
+	}
+	return converted
+}
diff --git a/internal/api/grpc/project/v2beta/project_grant.go b/internal/api/grpc/project/v2beta/project_grant.go
new file mode 100644
index 0000000000..c1c20d9cbc
--- /dev/null
+++ b/internal/api/grpc/project/v2beta/project_grant.go
@@ -0,0 +1,126 @@
+package project
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/query"
+	project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
+)
+
+func (s *Server) CreateProjectGrant(ctx context.Context, req *project_pb.CreateProjectGrantRequest) (*project_pb.CreateProjectGrantResponse, error) {
+	add := projectGrantCreateToCommand(req)
+	project, err := s.command.AddProjectGrant(ctx, add)
+	if err != nil {
+		return nil, err
+	}
+	var creationDate *timestamppb.Timestamp
+	if !project.EventDate.IsZero() {
+		creationDate = timestamppb.New(project.EventDate)
+	}
+	return &project_pb.CreateProjectGrantResponse{
+		CreationDate: creationDate,
+	}, nil
+}
+
+func projectGrantCreateToCommand(req *project_pb.CreateProjectGrantRequest) *command.AddProjectGrant {
+	return &command.AddProjectGrant{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.ProjectId,
+		},
+		GrantID:      req.GrantedOrganizationId,
+		GrantedOrgID: req.GrantedOrganizationId,
+		RoleKeys:     req.RoleKeys,
+	}
+}
+
+func (s *Server) UpdateProjectGrant(ctx context.Context, req *project_pb.UpdateProjectGrantRequest) (*project_pb.UpdateProjectGrantResponse, error) {
+	project, err := s.command.ChangeProjectGrant(ctx, projectGrantUpdateToCommand(req))
+	if err != nil {
+		return nil, err
+	}
+	var changeDate *timestamppb.Timestamp
+	if !project.EventDate.IsZero() {
+		changeDate = timestamppb.New(project.EventDate)
+	}
+	return &project_pb.UpdateProjectGrantResponse{
+		ChangeDate: changeDate,
+	}, nil
+}
+
+func projectGrantUpdateToCommand(req *project_pb.UpdateProjectGrantRequest) *command.ChangeProjectGrant {
+	return &command.ChangeProjectGrant{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.ProjectId,
+		},
+		GrantID:  req.GrantedOrganizationId,
+		RoleKeys: req.RoleKeys,
+	}
+}
+
+func (s *Server) DeactivateProjectGrant(ctx context.Context, req *project_pb.DeactivateProjectGrantRequest) (*project_pb.DeactivateProjectGrantResponse, error) {
+	details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "")
+	if err != nil {
+		return nil, err
+	}
+	var changeDate *timestamppb.Timestamp
+	if !details.EventDate.IsZero() {
+		changeDate = timestamppb.New(details.EventDate)
+	}
+	return &project_pb.DeactivateProjectGrantResponse{
+		ChangeDate: changeDate,
+	}, nil
+}
+
+func (s *Server) ActivateProjectGrant(ctx context.Context, req *project_pb.ActivateProjectGrantRequest) (*project_pb.ActivateProjectGrantResponse, error) {
+	details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "")
+	if err != nil {
+		return nil, err
+	}
+	var changeDate *timestamppb.Timestamp
+	if !details.EventDate.IsZero() {
+		changeDate = timestamppb.New(details.EventDate)
+	}
+	return &project_pb.ActivateProjectGrantResponse{
+		ChangeDate: changeDate,
+	}, nil
+}
+
+func (s *Server) DeleteProjectGrant(ctx context.Context, req *project_pb.DeleteProjectGrantRequest) (*project_pb.DeleteProjectGrantResponse, error) {
+	userGrantIDs, err := s.userGrantsFromProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId)
+	if err != nil {
+		return nil, err
+	}
+	details, err := s.command.RemoveProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "", userGrantIDs...)
+	if err != nil {
+		return nil, err
+	}
+	var deletionDate *timestamppb.Timestamp
+	if !details.EventDate.IsZero() {
+		deletionDate = timestamppb.New(details.EventDate)
+	}
+	return &project_pb.DeleteProjectGrantResponse{
+		DeletionDate: deletionDate,
+	}, nil
+}
+
+func (s *Server) userGrantsFromProjectGrant(ctx context.Context, projectID, grantedOrganizationID string) ([]string, error) {
+	projectQuery, err := query.NewUserGrantProjectIDSearchQuery(projectID)
+	if err != nil {
+		return nil, err
+	}
+	grantQuery, err := query.NewUserGrantGrantIDSearchQuery(grantedOrganizationID)
+	if err != nil {
+		return nil, err
+	}
+	userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
+		Queries: []query.SearchQuery{projectQuery, grantQuery},
+	}, false)
+	if err != nil {
+		return nil, err
+	}
+	return userGrantsToIDs(userGrants.UserGrants), nil
+}
diff --git a/internal/api/grpc/project/v2beta/project_role.go b/internal/api/grpc/project/v2beta/project_role.go
new file mode 100644
index 0000000000..07fc4e9eac
--- /dev/null
+++ b/internal/api/grpc/project/v2beta/project_role.go
@@ -0,0 +1,132 @@
+package project
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/query"
+	project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
+)
+
+func (s *Server) AddProjectRole(ctx context.Context, req *project_pb.AddProjectRoleRequest) (*project_pb.AddProjectRoleResponse, error) {
+	role, err := s.command.AddProjectRole(ctx, addProjectRoleRequestToCommand(req))
+	if err != nil {
+		return nil, err
+	}
+	var creationDate *timestamppb.Timestamp
+	if !role.EventDate.IsZero() {
+		creationDate = timestamppb.New(role.EventDate)
+	}
+	return &project_pb.AddProjectRoleResponse{
+		CreationDate: creationDate,
+	}, nil
+}
+
+func addProjectRoleRequestToCommand(req *project_pb.AddProjectRoleRequest) *command.AddProjectRole {
+	group := ""
+	if req.Group != nil {
+		group = *req.Group
+	}
+
+	return &command.AddProjectRole{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.ProjectId,
+		},
+		Key:         req.RoleKey,
+		DisplayName: req.DisplayName,
+		Group:       group,
+	}
+}
+
+func (s *Server) UpdateProjectRole(ctx context.Context, req *project_pb.UpdateProjectRoleRequest) (*project_pb.UpdateProjectRoleResponse, error) {
+	role, err := s.command.ChangeProjectRole(ctx, updateProjectRoleRequestToCommand(req))
+	if err != nil {
+		return nil, err
+	}
+	var changeDate *timestamppb.Timestamp
+	if !role.EventDate.IsZero() {
+		changeDate = timestamppb.New(role.EventDate)
+	}
+	return &project_pb.UpdateProjectRoleResponse{
+		ChangeDate: changeDate,
+	}, nil
+}
+
+func updateProjectRoleRequestToCommand(req *project_pb.UpdateProjectRoleRequest) *command.ChangeProjectRole {
+	displayName := ""
+	if req.DisplayName != nil {
+		displayName = *req.DisplayName
+	}
+	group := ""
+	if req.Group != nil {
+		group = *req.Group
+	}
+
+	return &command.ChangeProjectRole{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.ProjectId,
+		},
+		Key:         req.RoleKey,
+		DisplayName: displayName,
+		Group:       group,
+	}
+}
+
+func (s *Server) RemoveProjectRole(ctx context.Context, req *project_pb.RemoveProjectRoleRequest) (*project_pb.RemoveProjectRoleResponse, error) {
+	userGrantIDs, err := s.userGrantsFromProjectAndRole(ctx, req.ProjectId, req.RoleKey)
+	if err != nil {
+		return nil, err
+	}
+	projectGrantIDs, err := s.projectGrantsFromProjectAndRole(ctx, req.ProjectId, req.RoleKey)
+	if err != nil {
+		return nil, err
+	}
+	details, err := s.command.RemoveProjectRole(ctx, req.ProjectId, req.RoleKey, "", projectGrantIDs, userGrantIDs...)
+	if err != nil {
+		return nil, err
+	}
+	var deletionDate *timestamppb.Timestamp
+	if !details.EventDate.IsZero() {
+		deletionDate = timestamppb.New(details.EventDate)
+	}
+	return &project_pb.RemoveProjectRoleResponse{
+		RemovalDate: deletionDate,
+	}, nil
+}
+
+func (s *Server) userGrantsFromProjectAndRole(ctx context.Context, projectID, roleKey string) ([]string, error) {
+	projectQuery, err := query.NewUserGrantProjectIDSearchQuery(projectID)
+	if err != nil {
+		return nil, err
+	}
+	rolesQuery, err := query.NewUserGrantRoleQuery(roleKey)
+	if err != nil {
+		return nil, err
+	}
+	userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
+		Queries: []query.SearchQuery{projectQuery, rolesQuery},
+	}, false)
+	if err != nil {
+		return nil, err
+	}
+	return userGrantsToIDs(userGrants.UserGrants), nil
+}
+
+func (s *Server) projectGrantsFromProjectAndRole(ctx context.Context, projectID, roleKey string) ([]string, error) {
+	projectGrants, err := s.query.SearchProjectGrantsByProjectIDAndRoleKey(ctx, projectID, roleKey)
+	if err != nil {
+		return nil, err
+	}
+	return projectGrantsToIDs(projectGrants), nil
+}
+
+func projectGrantsToIDs(projectGrants *query.ProjectGrants) []string {
+	converted := make([]string, len(projectGrants.ProjectGrants))
+	for i, grant := range projectGrants.ProjectGrants {
+		converted[i] = grant.GrantID
+	}
+	return converted
+}
diff --git a/internal/api/grpc/project/v2beta/query.go b/internal/api/grpc/project/v2beta/query.go
new file mode 100644
index 0000000000..1cdf9eefbd
--- /dev/null
+++ b/internal/api/grpc/project/v2beta/query.go
@@ -0,0 +1,427 @@
+package project
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	filter "github.com/zitadel/zitadel/internal/api/grpc/filter/v2beta"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
+)
+
+func (s *Server) GetProject(ctx context.Context, req *project_pb.GetProjectRequest) (*project_pb.GetProjectResponse, error) {
+	project, err := s.query.GetProjectByIDWithPermission(ctx, true, req.Id, s.checkPermission)
+	if err != nil {
+		return nil, err
+	}
+	return &project_pb.GetProjectResponse{
+		Project: projectToPb(project),
+	}, nil
+}
+
+func (s *Server) ListProjects(ctx context.Context, req *project_pb.ListProjectsRequest) (*project_pb.ListProjectsResponse, error) {
+	queries, err := s.listProjectRequestToModel(req)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := s.query.SearchGrantedProjects(ctx, queries, s.checkPermission)
+	if err != nil {
+		return nil, err
+	}
+	return &project_pb.ListProjectsResponse{
+		Projects:   grantedProjectsToPb(resp.GrantedProjects),
+		Pagination: filter.QueryToPaginationPb(queries.SearchRequest, resp.SearchResponse),
+	}, nil
+}
+
+func (s *Server) listProjectRequestToModel(req *project_pb.ListProjectsRequest) (*query.ProjectAndGrantedProjectSearchQueries, error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
+	if err != nil {
+		return nil, err
+	}
+	queries, err := projectFiltersToQuery(req.Filters)
+	if err != nil {
+		return nil, err
+	}
+	return &query.ProjectAndGrantedProjectSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset:        offset,
+			Limit:         limit,
+			Asc:           asc,
+			SortingColumn: grantedProjectFieldNameToSortingColumn(req.SortingColumn),
+		},
+		Queries: queries,
+	}, nil
+}
+
+func grantedProjectFieldNameToSortingColumn(field *project_pb.ProjectFieldName) query.Column {
+	if field == nil {
+		return query.GrantedProjectColumnCreationDate
+	}
+	switch *field {
+	case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_CREATION_DATE:
+		return query.GrantedProjectColumnCreationDate
+	case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_ID:
+		return query.GrantedProjectColumnID
+	case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_NAME:
+		return query.GrantedProjectColumnName
+	case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_CHANGE_DATE:
+		return query.GrantedProjectColumnChangeDate
+	case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_UNSPECIFIED:
+		return query.GrantedProjectColumnCreationDate
+	default:
+		return query.GrantedProjectColumnCreationDate
+	}
+}
+
+func projectFiltersToQuery(queries []*project_pb.ProjectSearchFilter) (_ []query.SearchQuery, err error) {
+	q := make([]query.SearchQuery, len(queries))
+	for i, qry := range queries {
+		q[i], err = projectFilterToModel(qry)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func projectFilterToModel(filter *project_pb.ProjectSearchFilter) (query.SearchQuery, error) {
+	switch q := filter.Filter.(type) {
+	case *project_pb.ProjectSearchFilter_ProjectNameFilter:
+		return projectNameFilterToQuery(q.ProjectNameFilter)
+	case *project_pb.ProjectSearchFilter_InProjectIdsFilter:
+		return projectInIDsFilterToQuery(q.InProjectIdsFilter)
+	case *project_pb.ProjectSearchFilter_ProjectResourceOwnerFilter:
+		return projectResourceOwnerFilterToQuery(q.ProjectResourceOwnerFilter)
+	case *project_pb.ProjectSearchFilter_ProjectOrganizationIdFilter:
+		return projectOrganizationIDFilterToQuery(q.ProjectOrganizationIdFilter)
+	case *project_pb.ProjectSearchFilter_ProjectGrantResourceOwnerFilter:
+		return projectGrantResourceOwnerFilterToQuery(q.ProjectGrantResourceOwnerFilter)
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "ORG-vR9nC", "List.Query.Invalid")
+	}
+}
+
+func projectNameFilterToQuery(q *project_pb.ProjectNameFilter) (query.SearchQuery, error) {
+	return query.NewGrantedProjectNameSearchQuery(filter.TextMethodPbToQuery(q.Method), q.GetProjectName())
+}
+
+func projectInIDsFilterToQuery(q *project_pb.InProjectIDsFilter) (query.SearchQuery, error) {
+	return query.NewGrantedProjectIDSearchQuery(q.ProjectIds)
+}
+
+func projectResourceOwnerFilterToQuery(q *project_pb.ProjectResourceOwnerFilter) (query.SearchQuery, error) {
+	return query.NewGrantedProjectResourceOwnerSearchQuery(q.ProjectResourceOwner)
+}
+
+func projectOrganizationIDFilterToQuery(q *project_pb.ProjectOrganizationIDFilter) (query.SearchQuery, error) {
+	return query.NewGrantedProjectOrganizationIDSearchQuery(q.ProjectOrganizationId)
+}
+
+func projectGrantResourceOwnerFilterToQuery(q *project_pb.ProjectGrantResourceOwnerFilter) (query.SearchQuery, error) {
+	return query.NewGrantedProjectGrantResourceOwnerSearchQuery(q.ProjectGrantResourceOwner)
+}
+
+func grantedProjectsToPb(projects []*query.GrantedProject) []*project_pb.Project {
+	o := make([]*project_pb.Project, len(projects))
+	for i, org := range projects {
+		o[i] = grantedProjectToPb(org)
+	}
+	return o
+}
+
+func projectToPb(project *query.Project) *project_pb.Project {
+	return &project_pb.Project{
+		Id:                     project.ID,
+		OrganizationId:         project.ResourceOwner,
+		CreationDate:           timestamppb.New(project.CreationDate),
+		ChangeDate:             timestamppb.New(project.ChangeDate),
+		State:                  projectStateToPb(project.State),
+		Name:                   project.Name,
+		PrivateLabelingSetting: privateLabelingSettingToPb(project.PrivateLabelingSetting),
+		ProjectAccessRequired:  project.HasProjectCheck,
+		ProjectRoleAssertion:   project.ProjectRoleAssertion,
+		AuthorizationRequired:  project.ProjectRoleCheck,
+	}
+}
+
+func grantedProjectToPb(project *query.GrantedProject) *project_pb.Project {
+	var grantedOrganizationID, grantedOrganizationName *string
+	if project.GrantedOrgID != "" {
+		grantedOrganizationID = &project.GrantedOrgID
+	}
+	if project.OrgName != "" {
+		grantedOrganizationName = &project.OrgName
+	}
+
+	return &project_pb.Project{
+		Id:                      project.ProjectID,
+		OrganizationId:          project.ResourceOwner,
+		CreationDate:            timestamppb.New(project.CreationDate),
+		ChangeDate:              timestamppb.New(project.ChangeDate),
+		State:                   projectStateToPb(project.ProjectState),
+		Name:                    project.ProjectName,
+		PrivateLabelingSetting:  privateLabelingSettingToPb(project.PrivateLabelingSetting),
+		ProjectAccessRequired:   project.HasProjectCheck,
+		ProjectRoleAssertion:    project.ProjectRoleAssertion,
+		AuthorizationRequired:   project.ProjectRoleCheck,
+		GrantedOrganizationId:   grantedOrganizationID,
+		GrantedOrganizationName: grantedOrganizationName,
+		GrantedState:            grantedProjectStateToPb(project.ProjectGrantState),
+	}
+}
+
+func projectStateToPb(state domain.ProjectState) project_pb.ProjectState {
+	switch state {
+	case domain.ProjectStateActive:
+		return project_pb.ProjectState_PROJECT_STATE_ACTIVE
+	case domain.ProjectStateInactive:
+		return project_pb.ProjectState_PROJECT_STATE_INACTIVE
+	case domain.ProjectStateUnspecified, domain.ProjectStateRemoved:
+		return project_pb.ProjectState_PROJECT_STATE_UNSPECIFIED
+	default:
+		return project_pb.ProjectState_PROJECT_STATE_UNSPECIFIED
+	}
+}
+func grantedProjectStateToPb(state domain.ProjectGrantState) project_pb.GrantedProjectState {
+	switch state {
+	case domain.ProjectGrantStateActive:
+		return project_pb.GrantedProjectState_GRANTED_PROJECT_STATE_ACTIVE
+	case domain.ProjectGrantStateInactive:
+		return project_pb.GrantedProjectState_GRANTED_PROJECT_STATE_INACTIVE
+	case domain.ProjectGrantStateUnspecified, domain.ProjectGrantStateRemoved:
+		return project_pb.GrantedProjectState_GRANTED_PROJECT_STATE_UNSPECIFIED
+	default:
+		return project_pb.GrantedProjectState_GRANTED_PROJECT_STATE_UNSPECIFIED
+	}
+}
+
+func privateLabelingSettingToPb(setting domain.PrivateLabelingSetting) project_pb.PrivateLabelingSetting {
+	switch setting {
+	case domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy:
+		return project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY
+	case domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy:
+		return project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY
+	case domain.PrivateLabelingSettingUnspecified:
+		return project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED
+	default:
+		return project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED
+	}
+}
+
+func (s *Server) ListProjectGrants(ctx context.Context, req *project_pb.ListProjectGrantsRequest) (*project_pb.ListProjectGrantsResponse, error) {
+	queries, err := s.listProjectGrantsRequestToModel(req)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := s.query.SearchProjectGrants(ctx, queries, s.checkPermission)
+	if err != nil {
+		return nil, err
+	}
+	return &project_pb.ListProjectGrantsResponse{
+		ProjectGrants: projectGrantsToPb(resp.ProjectGrants),
+		Pagination:    filter.QueryToPaginationPb(queries.SearchRequest, resp.SearchResponse),
+	}, nil
+}
+
+func (s *Server) listProjectGrantsRequestToModel(req *project_pb.ListProjectGrantsRequest) (*query.ProjectGrantSearchQueries, error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
+	if err != nil {
+		return nil, err
+	}
+	queries, err := projectGrantFiltersToModel(req.Filters)
+	if err != nil {
+		return nil, err
+	}
+	return &query.ProjectGrantSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset:        offset,
+			Limit:         limit,
+			Asc:           asc,
+			SortingColumn: projectGrantFieldNameToSortingColumn(req.SortingColumn),
+		},
+		Queries: queries,
+	}, nil
+}
+
+func projectGrantFieldNameToSortingColumn(field *project_pb.ProjectGrantFieldName) query.Column {
+	if field == nil {
+		return query.ProjectGrantColumnCreationDate
+	}
+	switch *field {
+	case project_pb.ProjectGrantFieldName_PROJECT_GRANT_FIELD_NAME_PROJECT_ID:
+		return query.ProjectGrantColumnProjectID
+	case project_pb.ProjectGrantFieldName_PROJECT_GRANT_FIELD_NAME_CREATION_DATE:
+		return query.ProjectGrantColumnCreationDate
+	case project_pb.ProjectGrantFieldName_PROJECT_GRANT_FIELD_NAME_CHANGE_DATE:
+		return query.ProjectGrantColumnChangeDate
+	case project_pb.ProjectGrantFieldName_PROJECT_GRANT_FIELD_NAME_UNSPECIFIED:
+		return query.ProjectGrantColumnCreationDate
+	default:
+		return query.ProjectGrantColumnCreationDate
+	}
+}
+
+func projectGrantFiltersToModel(queries []*project_pb.ProjectGrantSearchFilter) (_ []query.SearchQuery, err error) {
+	q := make([]query.SearchQuery, len(queries))
+	for i, qry := range queries {
+		q[i], err = projectGrantFilterToModel(qry)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func projectGrantFilterToModel(filter *project_pb.ProjectGrantSearchFilter) (query.SearchQuery, error) {
+	switch q := filter.Filter.(type) {
+	case *project_pb.ProjectGrantSearchFilter_ProjectNameFilter:
+		return projectNameFilterToQuery(q.ProjectNameFilter)
+	case *project_pb.ProjectGrantSearchFilter_RoleKeyFilter:
+		return query.NewProjectGrantRoleKeySearchQuery(q.RoleKeyFilter.Key)
+	case *project_pb.ProjectGrantSearchFilter_InProjectIdsFilter:
+		return query.NewProjectGrantProjectIDsSearchQuery(q.InProjectIdsFilter.ProjectIds)
+	case *project_pb.ProjectGrantSearchFilter_ProjectResourceOwnerFilter:
+		return query.NewProjectGrantResourceOwnerSearchQuery(q.ProjectResourceOwnerFilter.ProjectResourceOwner)
+	case *project_pb.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter:
+		return query.NewProjectGrantGrantedOrgIDSearchQuery(q.ProjectGrantResourceOwnerFilter.ProjectGrantResourceOwner)
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid")
+	}
+}
+
+func projectGrantsToPb(projects []*query.ProjectGrant) []*project_pb.ProjectGrant {
+	p := make([]*project_pb.ProjectGrant, len(projects))
+	for i, project := range projects {
+		p[i] = projectGrantToPb(project)
+	}
+	return p
+}
+
+func projectGrantToPb(project *query.ProjectGrant) *project_pb.ProjectGrant {
+	return &project_pb.ProjectGrant{
+		OrganizationId:          project.ResourceOwner,
+		CreationDate:            timestamppb.New(project.CreationDate),
+		ChangeDate:              timestamppb.New(project.ChangeDate),
+		GrantedOrganizationId:   project.GrantedOrgID,
+		GrantedOrganizationName: project.OrgName,
+		GrantedRoleKeys:         project.GrantedRoleKeys,
+		ProjectId:               project.ProjectID,
+		ProjectName:             project.ProjectName,
+		State:                   projectGrantStateToPb(project.State),
+	}
+}
+
+func projectGrantStateToPb(state domain.ProjectGrantState) project_pb.ProjectGrantState {
+	switch state {
+	case domain.ProjectGrantStateActive:
+		return project_pb.ProjectGrantState_PROJECT_GRANT_STATE_ACTIVE
+	case domain.ProjectGrantStateInactive:
+		return project_pb.ProjectGrantState_PROJECT_GRANT_STATE_INACTIVE
+	case domain.ProjectGrantStateUnspecified, domain.ProjectGrantStateRemoved:
+		return project_pb.ProjectGrantState_PROJECT_GRANT_STATE_UNSPECIFIED
+	default:
+		return project_pb.ProjectGrantState_PROJECT_GRANT_STATE_UNSPECIFIED
+	}
+}
+
+func (s *Server) ListProjectRoles(ctx context.Context, req *project_pb.ListProjectRolesRequest) (*project_pb.ListProjectRolesResponse, error) {
+	queries, err := s.listProjectRolesRequestToModel(req)
+	if err != nil {
+		return nil, err
+	}
+	err = queries.AppendProjectIDQuery(req.ProjectId)
+	if err != nil {
+		return nil, err
+	}
+	roles, err := s.query.SearchProjectRoles(ctx, true, queries, s.checkPermission)
+	if err != nil {
+		return nil, err
+	}
+	return &project_pb.ListProjectRolesResponse{
+		ProjectRoles: roleViewsToPb(roles.ProjectRoles),
+		Pagination:   filter.QueryToPaginationPb(queries.SearchRequest, roles.SearchResponse),
+	}, nil
+}
+
+func (s *Server) listProjectRolesRequestToModel(req *project_pb.ListProjectRolesRequest) (*query.ProjectRoleSearchQueries, error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
+	if err != nil {
+		return nil, err
+	}
+	queries, err := roleQueriesToModel(req.Filters)
+	if err != nil {
+		return nil, err
+	}
+	return &query.ProjectRoleSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset:        offset,
+			Limit:         limit,
+			Asc:           asc,
+			SortingColumn: projectRoleFieldNameToSortingColumn(req.SortingColumn),
+		},
+		Queries: queries,
+	}, nil
+}
+
+func projectRoleFieldNameToSortingColumn(field *project_pb.ProjectRoleFieldName) query.Column {
+	if field == nil {
+		return query.ProjectRoleColumnCreationDate
+	}
+	switch *field {
+	case project_pb.ProjectRoleFieldName_PROJECT_ROLE_FIELD_NAME_KEY:
+		return query.ProjectRoleColumnKey
+	case project_pb.ProjectRoleFieldName_PROJECT_ROLE_FIELD_NAME_CREATION_DATE:
+		return query.ProjectRoleColumnCreationDate
+	case project_pb.ProjectRoleFieldName_PROJECT_ROLE_FIELD_NAME_CHANGE_DATE:
+		return query.ProjectRoleColumnChangeDate
+	case project_pb.ProjectRoleFieldName_PROJECT_ROLE_FIELD_NAME_UNSPECIFIED:
+		return query.ProjectRoleColumnCreationDate
+	default:
+		return query.ProjectRoleColumnCreationDate
+	}
+}
+
+func roleQueriesToModel(queries []*project_pb.ProjectRoleSearchFilter) (_ []query.SearchQuery, err error) {
+	q := make([]query.SearchQuery, len(queries))
+	for i, query := range queries {
+		q[i], err = roleQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func roleQueryToModel(apiQuery *project_pb.ProjectRoleSearchFilter) (query.SearchQuery, error) {
+	switch q := apiQuery.Filter.(type) {
+	case *project_pb.ProjectRoleSearchFilter_RoleKeyFilter:
+		return query.NewProjectRoleKeySearchQuery(filter.TextMethodPbToQuery(q.RoleKeyFilter.Method), q.RoleKeyFilter.Key)
+	case *project_pb.ProjectRoleSearchFilter_DisplayNameFilter:
+		return query.NewProjectRoleDisplayNameSearchQuery(filter.TextMethodPbToQuery(q.DisplayNameFilter.Method), q.DisplayNameFilter.DisplayName)
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-fms0e", "List.Query.Invalid")
+	}
+}
+
+func roleViewsToPb(roles []*query.ProjectRole) []*project_pb.ProjectRole {
+	o := make([]*project_pb.ProjectRole, len(roles))
+	for i, org := range roles {
+		o[i] = roleViewToPb(org)
+	}
+	return o
+}
+
+func roleViewToPb(role *query.ProjectRole) *project_pb.ProjectRole {
+	return &project_pb.ProjectRole{
+		ProjectId:    role.ProjectID,
+		Key:          role.Key,
+		CreationDate: timestamppb.New(role.CreationDate),
+		ChangeDate:   timestamppb.New(role.ChangeDate),
+		DisplayName:  role.DisplayName,
+		Group:        role.Group,
+	}
+}
diff --git a/internal/api/grpc/project/v2beta/server.go b/internal/api/grpc/project/v2beta/server.go
new file mode 100644
index 0000000000..fe197f9688
--- /dev/null
+++ b/internal/api/grpc/project/v2beta/server.go
@@ -0,0 +1,60 @@
+package project
+
+import (
+	"google.golang.org/grpc"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/api/grpc/server"
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/config/systemdefaults"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+	project "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
+)
+
+var _ project.ProjectServiceServer = (*Server)(nil)
+
+type Server struct {
+	project.UnimplementedProjectServiceServer
+	systemDefaults systemdefaults.SystemDefaults
+	command        *command.Commands
+	query          *query.Queries
+
+	checkPermission domain.PermissionCheck
+}
+
+type Config struct{}
+
+func CreateServer(
+	systemDefaults systemdefaults.SystemDefaults,
+	command *command.Commands,
+	query *query.Queries,
+	checkPermission domain.PermissionCheck,
+) *Server {
+	return &Server{
+		systemDefaults:  systemDefaults,
+		command:         command,
+		query:           query,
+		checkPermission: checkPermission,
+	}
+}
+
+func (s *Server) RegisterServer(grpcServer *grpc.Server) {
+	project.RegisterProjectServiceServer(grpcServer, s)
+}
+
+func (s *Server) AppName() string {
+	return project.ProjectService_ServiceDesc.ServiceName
+}
+
+func (s *Server) MethodPrefix() string {
+	return project.ProjectService_ServiceDesc.ServiceName
+}
+
+func (s *Server) AuthMethods() authz.MethodMapping {
+	return project.ProjectService_AuthMethods
+}
+
+func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
+	return project.RegisterProjectServiceHandler
+}
diff --git a/internal/api/grpc/saml/v2/integration/saml_test.go b/internal/api/grpc/saml/v2/integration/saml_test.go
index 1f227ab149..1974c5236a 100644
--- a/internal/api/grpc/saml/v2/integration/saml_test.go
+++ b/internal/api/grpc/saml/v2/integration/saml_test.go
@@ -332,7 +332,7 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 				projectID2, _, _ := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, true)
 
 				orgResp := Instance.CreateOrganization(ctx, "saml-permission-"+gofakeit.AppName(), gofakeit.Email())
-				Instance.CreateProjectGrant(ctx, projectID2, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID2, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
 				Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
 
@@ -346,7 +346,7 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, true)
 
 				orgResp := Instance.CreateOrganization(ctx, "saml-permission-"+gofakeit.AppName(), gofakeit.Email())
-				Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
 				Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
 
@@ -368,9 +368,9 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, true)
 
 				orgResp := Instance.CreateOrganization(ctx, "saml-permission-"+gofakeit.AppName(), gofakeit.Email())
-				projectGrantResp := Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
-				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, projectGrantResp.GetGrantId(), user.GetUserId())
+				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
 
 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeOrgOwner].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -502,9 +502,9 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, false)
 
 				orgResp := Instance.CreateOrganization(ctx, "saml-permissison-"+gofakeit.AppName(), gofakeit.Email())
-				projectGrantResp := Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
-				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, projectGrantResp.GetGrantId(), user.GetUserId())
+				Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
 
 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeOrgOwner].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
 			},
@@ -523,7 +523,7 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, true, false)
 
 				orgResp := Instance.CreateOrganization(ctx, "saml-permissison-"+gofakeit.AppName(), gofakeit.Email())
-				Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
 
 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeOrgOwner].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
@@ -563,7 +563,7 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
 			dep: func(ctx context.Context, t *testing.T) *saml_pb.CreateResponseRequest {
 				projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, false, true)
 				orgResp := Instance.CreateOrganization(ctx, "saml-permissison-"+gofakeit.AppName(), gofakeit.Email())
-				Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
+				Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
 				user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
 
 				return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeOrgOwner].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
@@ -640,10 +640,9 @@ func createSAMLSP(t *testing.T, idpMetadata *saml.EntityDescriptor, binding stri
 }
 
 func createSAMLApplication(ctx context.Context, t *testing.T, idpMetadata *saml.EntityDescriptor, binding string, projectRoleCheck, hasProjectCheck bool) (string, string, *samlsp.Middleware) {
-	project, err := Instance.CreateProjectWithPermissionCheck(ctx, projectRoleCheck, hasProjectCheck)
-	require.NoError(t, err)
+	project := Instance.CreateProject(ctx, t, "", gofakeit.AppName(), projectRoleCheck, hasProjectCheck)
 	rootURL, sp := createSAMLSP(t, idpMetadata, binding)
-	_, err = Instance.CreateSAMLClient(ctx, project.GetId(), sp)
+	_, err := Instance.CreateSAMLClient(ctx, project.GetId(), sp)
 	require.NoError(t, err)
 	return project.GetId(), rootURL, sp
 }
diff --git a/internal/api/grpc/user/v2/integration_test/user_test.go b/internal/api/grpc/user/v2/integration_test/user_test.go
index eaf352c094..832268dc8c 100644
--- a/internal/api/grpc/user/v2/integration_test/user_test.go
+++ b/internal/api/grpc/user/v2/integration_test/user_test.go
@@ -1753,8 +1753,8 @@ func TestServer_ReactivateUser(t *testing.T) {
 }
 
 func TestServer_DeleteUser(t *testing.T) {
-	projectResp, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
+	projectResp := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
+
 	type args struct {
 		req     *user.DeleteUserRequest
 		prepare func(*testing.T, *user.DeleteUserRequest) context.Context
diff --git a/internal/api/grpc/user/v2beta/integration_test/user_test.go b/internal/api/grpc/user/v2beta/integration_test/user_test.go
index a5a1309d1a..250322d66f 100644
--- a/internal/api/grpc/user/v2beta/integration_test/user_test.go
+++ b/internal/api/grpc/user/v2beta/integration_test/user_test.go
@@ -1706,12 +1706,11 @@ func TestServer_ReactivateUser(t *testing.T) {
 }
 
 func TestServer_DeleteUser(t *testing.T) {
-	projectResp, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
+	projectResp := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
 	type args struct {
 		ctx     context.Context
 		req     *user.DeleteUserRequest
-		prepare func(request *user.DeleteUserRequest) error
+		prepare func(request *user.DeleteUserRequest)
 	}
 	tests := []struct {
 		name    string
@@ -1726,7 +1725,7 @@ func TestServer_DeleteUser(t *testing.T) {
 				&user.DeleteUserRequest{
 					UserId: "notexisting",
 				},
-				func(request *user.DeleteUserRequest) error { return nil },
+				nil,
 			},
 			wantErr: true,
 		},
@@ -1735,10 +1734,9 @@ func TestServer_DeleteUser(t *testing.T) {
 			args: args{
 				ctx: CTX,
 				req: &user.DeleteUserRequest{},
-				prepare: func(request *user.DeleteUserRequest) error {
+				prepare: func(request *user.DeleteUserRequest) {
 					resp := Instance.CreateHumanUser(CTX)
 					request.UserId = resp.GetUserId()
-					return err
 				},
 			},
 			want: &user.DeleteUserResponse{
@@ -1753,10 +1751,9 @@ func TestServer_DeleteUser(t *testing.T) {
 			args: args{
 				ctx: CTX,
 				req: &user.DeleteUserRequest{},
-				prepare: func(request *user.DeleteUserRequest) error {
+				prepare: func(request *user.DeleteUserRequest) {
 					resp := Instance.CreateMachineUser(CTX)
 					request.UserId = resp.GetUserId()
-					return err
 				},
 			},
 			want: &user.DeleteUserResponse{
@@ -1771,13 +1768,12 @@ func TestServer_DeleteUser(t *testing.T) {
 			args: args{
 				ctx: CTX,
 				req: &user.DeleteUserRequest{},
-				prepare: func(request *user.DeleteUserRequest) error {
+				prepare: func(request *user.DeleteUserRequest) {
 					resp := Instance.CreateHumanUser(CTX)
 					request.UserId = resp.GetUserId()
 					Instance.CreateProjectUserGrant(t, CTX, projectResp.GetId(), request.UserId)
 					Instance.CreateProjectMembership(t, CTX, projectResp.GetId(), request.UserId)
 					Instance.CreateOrgMembership(t, CTX, request.UserId)
-					return err
 				},
 			},
 			want: &user.DeleteUserResponse{
@@ -1790,8 +1786,9 @@ func TestServer_DeleteUser(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err := tt.args.prepare(tt.args.req)
-			require.NoError(t, err)
+			if tt.args.prepare != nil {
+				tt.args.prepare(tt.args.req)
+			}
 
 			got, err := Client.DeleteUser(tt.args.ctx, tt.args.req)
 			if tt.wantErr {
diff --git a/internal/api/oidc/access_token.go b/internal/api/oidc/access_token.go
index 66da6e3ccf..2f2880efc2 100644
--- a/internal/api/oidc/access_token.go
+++ b/internal/api/oidc/access_token.go
@@ -122,7 +122,7 @@ func (s *Server) assertClientScopesForPAT(ctx context.Context, token *accessToke
 	if err != nil {
 		return zerrors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal")
 	}
-	roles, err := s.query.SearchProjectRoles(ctx, authz.GetFeatures(ctx).TriggerIntrospectionProjections, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}})
+	roles, err := s.query.SearchProjectRoles(ctx, authz.GetFeatures(ctx).TriggerIntrospectionProjections, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, nil)
 	if err != nil {
 		return err
 	}
diff --git a/internal/api/oidc/auth_request.go b/internal/api/oidc/auth_request.go
index f750b2a3ea..953ebe799c 100644
--- a/internal/api/oidc/auth_request.go
+++ b/internal/api/oidc/auth_request.go
@@ -459,7 +459,7 @@ func (o *OPStorage) assertProjectRoleScopes(ctx context.Context, clientID string
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal")
 	}
-	roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}})
+	roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -482,7 +482,7 @@ func (o *OPStorage) assertProjectRoleScopesByProject(ctx context.Context, projec
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal")
 	}
-	roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}})
+	roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -498,7 +498,7 @@ func (o *OPStorage) assertClientScopesForPAT(ctx context.Context, token *model.T
 	if err != nil {
 		return zerrors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal")
 	}
-	roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}})
+	roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, nil)
 	if err != nil {
 		return err
 	}
diff --git a/internal/api/oidc/integration_test/client_test.go b/internal/api/oidc/integration_test/client_test.go
index 43b000108c..08c17f69cb 100644
--- a/internal/api/oidc/integration_test/client_test.go
+++ b/internal/api/oidc/integration_test/client_test.go
@@ -7,6 +7,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/brianvoe/gofakeit/v6"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/zitadel/oidc/v3/pkg/client"
@@ -24,8 +25,7 @@ import (
 )
 
 func TestServer_Introspect(t *testing.T) {
-	project, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
+	project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
 	app, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
 	require.NoError(t, err)
 
@@ -188,10 +188,8 @@ func assertIntrospection(
 // with clients that have different authentication methods.
 func TestServer_VerifyClient(t *testing.T) {
 	sessionID, sessionToken, startTime, changeTime := Instance.CreateVerifiedWebAuthNSession(t, CTXLOGIN, User.GetUserId())
-	project, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
-	projectInactive, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
+	project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
+	projectInactive := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
 
 	inactiveClient, err := Instance.CreateOIDCInactivateClient(CTX, redirectURI, logoutRedirectURI, project.GetId())
 	require.NoError(t, err)
diff --git a/internal/api/oidc/integration_test/oidc_test.go b/internal/api/oidc/integration_test/oidc_test.go
index 2ab78b972e..8bb103d0eb 100644
--- a/internal/api/oidc/integration_test/oidc_test.go
+++ b/internal/api/oidc/integration_test/oidc_test.go
@@ -421,21 +421,20 @@ type clientOpts struct {
 func createClientWithOpts(t testing.TB, instance *integration.Instance, opts clientOpts) (clientID, projectID string) {
 	ctx := instance.WithAuthorization(CTX, integration.UserTypeOrgOwner)
 
-	project, err := instance.CreateProject(ctx)
-	require.NoError(t, err)
+	project := instance.CreateProject(ctx, t.(*testing.T), "", gofakeit.AppName(), false, false)
 	app, err := instance.CreateOIDCClientLoginVersion(ctx, opts.redirectURI, opts.logoutURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, opts.devMode, opts.LoginVersion)
 	require.NoError(t, err)
 	return app.GetClientId(), project.GetId()
 }
 
 func createImplicitClient(t testing.TB) string {
-	app, err := Instance.CreateOIDCImplicitFlowClient(CTX, redirectURIImplicit, nil)
+	app, err := Instance.CreateOIDCImplicitFlowClient(CTX, t.(*testing.T), redirectURIImplicit, nil)
 	require.NoError(t, err)
 	return app.GetClientId()
 }
 
 func createImplicitClientNoLoginClientHeader(t testing.TB) string {
-	app, err := Instance.CreateOIDCImplicitFlowClient(CTX, redirectURIImplicit, &app.LoginVersion{Version: &app.LoginVersion_LoginV2{LoginV2: &app.LoginV2{BaseUri: nil}}})
+	app, err := Instance.CreateOIDCImplicitFlowClient(CTX, t.(*testing.T), redirectURIImplicit, &app.LoginVersion{Version: &app.LoginVersion_LoginV2{LoginV2: &app.LoginV2{BaseUri: nil}}})
 	require.NoError(t, err)
 	return app.GetClientId()
 }
diff --git a/internal/api/oidc/integration_test/token_device_test.go b/internal/api/oidc/integration_test/token_device_test.go
index 0c6a65e8a2..9692909205 100644
--- a/internal/api/oidc/integration_test/token_device_test.go
+++ b/internal/api/oidc/integration_test/token_device_test.go
@@ -8,6 +8,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/brianvoe/gofakeit/v6"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/zitadel/oidc/v3/pkg/client/rp"
@@ -21,8 +22,7 @@ import (
 )
 
 func TestServer_DeviceAuth(t *testing.T) {
-	project, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
+	project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
 	client, err := Instance.CreateOIDCClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, app.OIDCGrantType_OIDC_GRANT_TYPE_DEVICE_CODE)
 	require.NoError(t, err)
 
diff --git a/internal/api/oidc/integration_test/token_exchange_test.go b/internal/api/oidc/integration_test/token_exchange_test.go
index 0844898a2f..dcd2d61669 100644
--- a/internal/api/oidc/integration_test/token_exchange_test.go
+++ b/internal/api/oidc/integration_test/token_exchange_test.go
@@ -147,7 +147,7 @@ func TestServer_TokenExchange(t *testing.T) {
 	ctx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	userResp := instance.CreateHumanUser(ctx)
 
-	client, keyData, err := instance.CreateOIDCTokenExchangeClient(ctx)
+	client, keyData, err := instance.CreateOIDCTokenExchangeClient(ctx, t)
 	require.NoError(t, err)
 	signer, err := rp.SignerFromKeyFile(keyData)()
 	require.NoError(t, err)
@@ -371,7 +371,7 @@ func TestServer_TokenExchangeImpersonation(t *testing.T) {
 	setTokenExchangeFeature(t, instance, true)
 	setImpersonationPolicy(t, instance, true)
 
-	client, keyData, err := instance.CreateOIDCTokenExchangeClient(ctx)
+	client, keyData, err := instance.CreateOIDCTokenExchangeClient(ctx, t)
 	require.NoError(t, err)
 	signer, err := rp.SignerFromKeyFile(keyData)()
 	require.NoError(t, err)
@@ -591,7 +591,7 @@ func TestImpersonation_API_Call(t *testing.T) {
 	instance := integration.NewInstance(CTX)
 	ctx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 
-	client, keyData, err := instance.CreateOIDCTokenExchangeClient(ctx)
+	client, keyData, err := instance.CreateOIDCTokenExchangeClient(ctx, t)
 	require.NoError(t, err)
 	signer, err := rp.SignerFromKeyFile(keyData)()
 	require.NoError(t, err)
diff --git a/internal/api/oidc/integration_test/userinfo_test.go b/internal/api/oidc/integration_test/userinfo_test.go
index da1dc6b1e3..d4aded0b48 100644
--- a/internal/api/oidc/integration_test/userinfo_test.go
+++ b/internal/api/oidc/integration_test/userinfo_test.go
@@ -309,9 +309,7 @@ func TestServer_UserInfo_Issue6662(t *testing.T) {
 		roleBar = "bar"
 	)
 
-	project, err := Instance.CreateProject(CTX)
-	projectID := project.GetId()
-	require.NoError(t, err)
+	projectID := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false).GetId()
 	user, _, clientID, clientSecret, err := Instance.CreateOIDCCredentialsClient(CTX)
 	require.NoError(t, err)
 	addProjectRolesGrants(t, user.GetUserId(), projectID, roleFoo, roleBar)
diff --git a/internal/api/scim/integration_test/users_delete_test.go b/internal/api/scim/integration_test/users_delete_test.go
index 86e88f46c4..23c335f93c 100644
--- a/internal/api/scim/integration_test/users_delete_test.go
+++ b/internal/api/scim/integration_test/users_delete_test.go
@@ -8,6 +8,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/brianvoe/gofakeit/v6"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
@@ -76,13 +77,12 @@ func TestDeleteUser_errors(t *testing.T) {
 func TestDeleteUser_ensureReallyDeleted(t *testing.T) {
 	// create user and dependencies
 	createUserResp := Instance.CreateHumanUser(CTX)
-	proj, err := Instance.CreateProject(CTX)
-	require.NoError(t, err)
+	proj := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
 
 	Instance.CreateProjectUserGrant(t, CTX, proj.Id, createUserResp.UserId)
 
 	// delete user via scim
-	err = Instance.Client.SCIM.Users.Delete(CTX, Instance.DefaultOrg.Id, createUserResp.UserId)
+	err := Instance.Client.SCIM.Users.Delete(CTX, Instance.DefaultOrg.Id, createUserResp.UserId)
 	assert.NoError(t, err)
 
 	// ensure it is really deleted => try to delete again => should 404
diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go
index 0ede13ae68..7c335a752f 100644
--- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go
+++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go
@@ -125,7 +125,7 @@ type userGrantProvider interface {
 
 type projectProvider interface {
 	ProjectByClientID(context.Context, string) (*query.Project, error)
-	SearchProjectGrants(ctx context.Context, queries *query.ProjectGrantSearchQueries) (projects *query.ProjectGrants, err error)
+	SearchProjectGrants(ctx context.Context, queries *query.ProjectGrantSearchQueries, permissionCheck domain.PermissionCheck) (projects *query.ProjectGrants, err error)
 }
 
 type applicationProvider interface {
@@ -1841,7 +1841,7 @@ func projectRequired(ctx context.Context, request *domain.AuthRequest, projectPr
 	if err != nil {
 		return false, err
 	}
-	grants, err := projectProvider.SearchProjectGrants(ctx, &query.ProjectGrantSearchQueries{Queries: []query.SearchQuery{projectID, grantedOrg}})
+	grants, err := projectProvider.SearchProjectGrants(ctx, &query.ProjectGrantSearchQueries{Queries: []query.SearchQuery{projectID, grantedOrg}}, nil)
 	if err != nil {
 		return false, err
 	}
diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
index 7d71ddecd9..78edd2a7e4 100644
--- a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
+++ b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
@@ -286,7 +286,7 @@ func (m *mockProject) ProjectByClientID(ctx context.Context, s string) (*query.P
 	return &query.Project{ResourceOwner: m.resourceOwner, HasProjectCheck: m.projectCheck}, nil
 }
 
-func (m *mockProject) SearchProjectGrants(ctx context.Context, queries *query.ProjectGrantSearchQueries) (*query.ProjectGrants, error) {
+func (m *mockProject) SearchProjectGrants(ctx context.Context, queries *query.ProjectGrantSearchQueries, permissionCheck domain.PermissionCheck) (*query.ProjectGrants, error) {
 	if m.hasProject {
 		mockProjectGrant := new(query.ProjectGrant)
 		return &query.ProjectGrants{ProjectGrants: []*query.ProjectGrant{mockProjectGrant}}, nil
diff --git a/internal/command/org.go b/internal/command/org.go
index 9874410a5f..b6650ef7f2 100644
--- a/internal/command/org.go
+++ b/internal/command/org.go
@@ -468,7 +468,7 @@ func (c *Commands) prepareRemoveOrg(a *org.Aggregate) preparation.Validation {
 				return nil, zerrors.ThrowPreconditionFailed(nil, "COMMA-wG9p1", "Errors.Org.DefaultOrgNotDeletable")
 			}
 
-			err := c.checkProjectExists(ctx, instance.ProjectID(), a.ID)
+			_, err := c.checkProjectExists(ctx, instance.ProjectID(), a.ID)
 			// if there is no error, the ZITADEL project was found on the org to be deleted
 			if err == nil {
 				return nil, zerrors.ThrowPreconditionFailed(err, "COMMA-AF3JW", "Errors.Org.ZitadelOrgNotDeletable")
diff --git a/internal/command/permission_checks.go b/internal/command/permission_checks.go
index bec2e9b7d4..253b6ee72a 100644
--- a/internal/command/permission_checks.go
+++ b/internal/command/permission_checks.go
@@ -6,6 +6,7 @@ import (
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/project"
 	"github.com/zitadel/zitadel/internal/v2/user"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
@@ -58,3 +59,15 @@ func (c *Commands) checkPermissionUpdateUser(ctx context.Context, resourceOwner,
 func (c *Commands) checkPermissionUpdateUserCredentials(ctx context.Context, resourceOwner, userID string) error {
 	return c.checkPermissionOnUser(ctx, domain.PermissionUserCredentialWrite)(resourceOwner, userID)
 }
+
+func (c *Commands) checkPermissionDeleteProject(ctx context.Context, resourceOwner, projectID string) error {
+	return c.newPermissionCheck(ctx, domain.PermissionProjectDelete, project.AggregateType)(resourceOwner, projectID)
+}
+
+func (c *Commands) checkPermissionUpdateProject(ctx context.Context, resourceOwner, projectID string) error {
+	return c.newPermissionCheck(ctx, domain.PermissionProjectWrite, project.AggregateType)(resourceOwner, projectID)
+}
+
+func (c *Commands) checkPermissionWriteProjectGrant(ctx context.Context, resourceOwner, projectGrantID string) error {
+	return c.newPermissionCheck(ctx, domain.PermissionProjectGrantWrite, project.AggregateType)(resourceOwner, projectGrantID)
+}
diff --git a/internal/command/project.go b/internal/command/project.go
index df4f8ab545..bf72306417 100644
--- a/internal/command/project.go
+++ b/internal/command/project.go
@@ -3,6 +3,7 @@ package command
 import (
 	"context"
 	"strings"
+	"time"
 
 	"github.com/zitadel/logging"
 
@@ -10,6 +11,7 @@ import (
 	"github.com/zitadel/zitadel/internal/command/preparation"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
 	"github.com/zitadel/zitadel/internal/feature"
 	"github.com/zitadel/zitadel/internal/query/projection"
 	"github.com/zitadel/zitadel/internal/repository/project"
@@ -17,67 +19,60 @@ import (
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
-func (c *Commands) AddProjectWithID(ctx context.Context, project *domain.Project, resourceOwner, projectID string) (_ *domain.Project, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-	if resourceOwner == "" {
-		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-w8tnSoJxtn", "Errors.ResourceOwnerMissing")
-	}
-	if projectID == "" {
-		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-nDXf5vXoUj", "Errors.IDMissing")
-	}
-	if !project.IsValid() {
-		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-IOVCC", "Errors.Project.Invalid")
-	}
-	project, err = c.addProjectWithID(ctx, project, resourceOwner, projectID)
-	if err != nil {
-		return nil, err
-	}
-	return project, nil
+type AddProject struct {
+	models.ObjectRoot
+
+	Name                   string
+	ProjectRoleAssertion   bool
+	ProjectRoleCheck       bool
+	HasProjectCheck        bool
+	PrivateLabelingSetting domain.PrivateLabelingSetting
 }
 
-func (c *Commands) AddProject(ctx context.Context, project *domain.Project, resourceOwner string) (_ *domain.Project, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-	if !project.IsValid() {
-		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-IOVCC", "Errors.Project.Invalid")
+func (p *AddProject) IsValid() error {
+	if p.ResourceOwner == "" {
+		return zerrors.ThrowInvalidArgument(nil, "COMMAND-fmq7bqQX1s", "Errors.ResourceOwnerMissing")
 	}
-	if resourceOwner == "" {
-		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-fmq7bqQX1s", "Errors.ResourceOwnerMissing")
+	if p.Name == "" {
+		return zerrors.ThrowInvalidArgument(nil, "PROJECT-IOVCC", "Errors.Project.Invalid")
 	}
-
-	projectID, err := c.idGenerator.Next()
-	if err != nil {
-		return nil, err
-	}
-
-	project, err = c.addProjectWithID(ctx, project, resourceOwner, projectID)
-	if err != nil {
-		return nil, err
-	}
-	return project, nil
+	return nil
 }
 
-func (c *Commands) addProjectWithID(ctx context.Context, projectAdd *domain.Project, resourceOwner, projectID string) (_ *domain.Project, err error) {
-	projectAdd.AggregateID = projectID
-	projectWriteModel, err := c.getProjectWriteModelByID(ctx, projectAdd.AggregateID, resourceOwner)
+func (c *Commands) AddProject(ctx context.Context, add *AddProject) (_ *domain.ObjectDetails, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	if err := add.IsValid(); err != nil {
+		return nil, err
+	}
+
+	if add.AggregateID == "" {
+		add.AggregateID, err = c.idGenerator.Next()
+		if err != nil {
+			return nil, err
+		}
+	}
+	wm, err := c.getProjectWriteModelByID(ctx, add.AggregateID, add.ResourceOwner)
 	if err != nil {
 		return nil, err
 	}
-	if isProjectStateExists(projectWriteModel.State) {
+	if isProjectStateExists(wm.State) {
 		return nil, zerrors.ThrowAlreadyExists(nil, "COMMAND-opamwu", "Errors.Project.AlreadyExisting")
 	}
+	if err := c.checkPermissionUpdateProject(ctx, wm.ResourceOwner, wm.AggregateID); err != nil {
+		return nil, err
+	}
 
 	events := []eventstore.Command{
 		project.NewProjectAddedEvent(
 			ctx,
-			//nolint: contextcheck
-			ProjectAggregateFromWriteModel(&projectWriteModel.WriteModel),
-			projectAdd.Name,
-			projectAdd.ProjectRoleAssertion,
-			projectAdd.ProjectRoleCheck,
-			projectAdd.HasProjectCheck,
-			projectAdd.PrivateLabelingSetting),
+			ProjectAggregateFromWriteModelWithCTX(ctx, &wm.WriteModel),
+			add.Name,
+			add.ProjectRoleAssertion,
+			add.ProjectRoleCheck,
+			add.HasProjectCheck,
+			add.PrivateLabelingSetting),
 	}
 	postCommit, err := c.projectCreatedMilestone(ctx, &events)
 	if err != nil {
@@ -88,11 +83,11 @@ func (c *Commands) addProjectWithID(ctx context.Context, projectAdd *domain.Proj
 		return nil, err
 	}
 	postCommit(ctx)
-	err = AppendAndReduce(projectWriteModel, pushedEvents...)
+	err = AppendAndReduce(wm, pushedEvents...)
 	if err != nil {
 		return nil, err
 	}
-	return projectWriteModelToProject(projectWriteModel), nil
+	return writeModelToObjectDetails(&wm.WriteModel), nil
 }
 
 func AddProjectCommand(
@@ -143,14 +138,14 @@ func projectWriteModel(ctx context.Context, filter preparation.FilterToQueryRedu
 	return project, nil
 }
 
-func (c *Commands) projectAggregateByID(ctx context.Context, projectID, resourceOwner string) (*eventstore.Aggregate, domain.ProjectState, error) {
-	result, err := c.projectState(ctx, projectID, resourceOwner)
+func (c *Commands) projectAggregateByID(ctx context.Context, projectID string) (*eventstore.Aggregate, domain.ProjectState, error) {
+	result, err := c.projectState(ctx, projectID)
 	if err != nil {
 		return nil, domain.ProjectStateUnspecified, zerrors.ThrowNotFound(err, "COMMA-NDQoF", "Errors.Project.NotFound")
 	}
 	if len(result) == 0 {
 		_ = projection.ProjectGrantFields.Trigger(ctx)
-		result, err = c.projectState(ctx, projectID, resourceOwner)
+		result, err = c.projectState(ctx, projectID)
 		if err != nil || len(result) == 0 {
 			return nil, domain.ProjectStateUnspecified, zerrors.ThrowNotFound(err, "COMMA-U1nza", "Errors.Project.NotFound")
 		}
@@ -164,7 +159,7 @@ func (c *Commands) projectAggregateByID(ctx context.Context, projectID, resource
 	return &result[0].Aggregate, state, nil
 }
 
-func (c *Commands) projectState(ctx context.Context, projectID, resourceOwner string) ([]*eventstore.SearchResult, error) {
+func (c *Commands) projectState(ctx context.Context, projectID string) ([]*eventstore.SearchResult, error) {
 	return c.eventstore.Search(
 		ctx,
 		map[eventstore.FieldType]any{
@@ -172,12 +167,11 @@ func (c *Commands) projectState(ctx context.Context, projectID, resourceOwner st
 			eventstore.FieldTypeObjectID:       projectID,
 			eventstore.FieldTypeObjectRevision: project.ProjectObjectRevision,
 			eventstore.FieldTypeFieldName:      project.ProjectStateSearchField,
-			eventstore.FieldTypeResourceOwner:  resourceOwner,
 		},
 	)
 }
 
-func (c *Commands) checkProjectExists(ctx context.Context, projectID, resourceOwner string) (err error) {
+func (c *Commands) checkProjectExists(ctx context.Context, projectID, resourceOwner string) (_ string, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
@@ -185,50 +179,69 @@ func (c *Commands) checkProjectExists(ctx context.Context, projectID, resourceOw
 		return c.checkProjectExistsOld(ctx, projectID, resourceOwner)
 	}
 
-	_, state, err := c.projectAggregateByID(ctx, projectID, resourceOwner)
+	agg, state, err := c.projectAggregateByID(ctx, projectID)
 	if err != nil || !state.Valid() {
-		return zerrors.ThrowPreconditionFailed(err, "COMMA-VCnwD", "Errors.Project.NotFound")
+		return "", zerrors.ThrowPreconditionFailed(err, "COMMA-VCnwD", "Errors.Project.NotFound")
+	}
+	return agg.ResourceOwner, nil
+}
+
+type ChangeProject struct {
+	models.ObjectRoot
+
+	Name                   *string
+	ProjectRoleAssertion   *bool
+	ProjectRoleCheck       *bool
+	HasProjectCheck        *bool
+	PrivateLabelingSetting *domain.PrivateLabelingSetting
+}
+
+func (p *ChangeProject) IsValid() error {
+	if p.AggregateID == "" {
+		return zerrors.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.Invalid")
+	}
+	if p.Name != nil && *p.Name == "" {
+		return zerrors.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.Invalid")
 	}
 	return nil
 }
 
-func (c *Commands) ChangeProject(ctx context.Context, projectChange *domain.Project, resourceOwner string) (*domain.Project, error) {
-	if !projectChange.IsValid() || projectChange.AggregateID == "" {
-		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.Invalid")
+func (c *Commands) ChangeProject(ctx context.Context, change *ChangeProject) (_ *domain.ObjectDetails, err error) {
+	if err := change.IsValid(); err != nil {
+		return nil, err
 	}
 
-	existingProject, err := c.getProjectWriteModelByID(ctx, projectChange.AggregateID, resourceOwner)
+	existing, err := c.getProjectWriteModelByID(ctx, change.AggregateID, change.ResourceOwner)
 	if err != nil {
 		return nil, err
 	}
-	if !isProjectStateExists(existingProject.State) {
+	if !isProjectStateExists(existing.State) {
 		return nil, zerrors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound")
 	}
+	if err := c.checkPermissionUpdateProject(ctx, existing.ResourceOwner, existing.AggregateID); err != nil {
+		return nil, err
+	}
 
-	projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
-	changedEvent, hasChanged, err := existingProject.NewChangedEvent(
+	changedEvent := existing.NewChangedEvent(
 		ctx,
-		projectAgg,
-		projectChange.Name,
-		projectChange.ProjectRoleAssertion,
-		projectChange.ProjectRoleCheck,
-		projectChange.HasProjectCheck,
-		projectChange.PrivateLabelingSetting)
+		ProjectAggregateFromWriteModelWithCTX(ctx, &existing.WriteModel),
+		change.Name,
+		change.ProjectRoleAssertion,
+		change.ProjectRoleCheck,
+		change.HasProjectCheck,
+		change.PrivateLabelingSetting)
+	if changedEvent == nil {
+		return writeModelToObjectDetails(&existing.WriteModel), nil
+	}
+	err = c.pushAppendAndReduce(ctx, existing, changedEvent)
 	if err != nil {
 		return nil, err
 	}
-	if !hasChanged {
-		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.NoChangesFound")
-	}
-	err = c.pushAppendAndReduce(ctx, existingProject, changedEvent)
-	if err != nil {
-		return nil, err
-	}
-	return projectWriteModelToProject(existingProject), nil
+	return writeModelToObjectDetails(&existing.WriteModel), nil
 }
 
 func (c *Commands) DeactivateProject(ctx context.Context, projectID string, resourceOwner string) (*domain.ObjectDetails, error) {
-	if projectID == "" || resourceOwner == "" {
+	if projectID == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-88iF0", "Errors.Project.ProjectIDMissing")
 	}
 
@@ -236,7 +249,7 @@ func (c *Commands) DeactivateProject(ctx context.Context, projectID string, reso
 		return c.deactivateProjectOld(ctx, projectID, resourceOwner)
 	}
 
-	projectAgg, state, err := c.projectAggregateByID(ctx, projectID, resourceOwner)
+	projectAgg, state, err := c.projectAggregateByID(ctx, projectID)
 	if err != nil {
 		return nil, err
 	}
@@ -247,6 +260,9 @@ func (c *Commands) DeactivateProject(ctx context.Context, projectID string, reso
 	if state != domain.ProjectStateActive {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-mki55", "Errors.Project.NotActive")
 	}
+	if err := c.checkPermissionUpdateProject(ctx, projectAgg.ResourceOwner, projectAgg.ID); err != nil {
+		return nil, err
+	}
 
 	pushedEvents, err := c.eventstore.Push(ctx, project.NewProjectDeactivatedEvent(ctx, projectAgg))
 	if err != nil {
@@ -261,7 +277,7 @@ func (c *Commands) DeactivateProject(ctx context.Context, projectID string, reso
 }
 
 func (c *Commands) ReactivateProject(ctx context.Context, projectID string, resourceOwner string) (*domain.ObjectDetails, error) {
-	if projectID == "" || resourceOwner == "" {
+	if projectID == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-3ihsF", "Errors.Project.ProjectIDMissing")
 	}
 
@@ -269,7 +285,7 @@ func (c *Commands) ReactivateProject(ctx context.Context, projectID string, reso
 		return c.reactivateProjectOld(ctx, projectID, resourceOwner)
 	}
 
-	projectAgg, state, err := c.projectAggregateByID(ctx, projectID, resourceOwner)
+	projectAgg, state, err := c.projectAggregateByID(ctx, projectID)
 	if err != nil {
 		return nil, err
 	}
@@ -280,6 +296,9 @@ func (c *Commands) ReactivateProject(ctx context.Context, projectID string, reso
 	if state != domain.ProjectStateInactive {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5M9bs", "Errors.Project.NotInactive")
 	}
+	if err := c.checkPermissionUpdateProject(ctx, projectAgg.ResourceOwner, projectAgg.ID); err != nil {
+		return nil, err
+	}
 
 	pushedEvents, err := c.eventstore.Push(ctx, project.NewProjectReactivatedEvent(ctx, projectAgg))
 	if err != nil {
@@ -293,6 +312,7 @@ func (c *Commands) ReactivateProject(ctx context.Context, projectID string, reso
 	}, nil
 }
 
+// Deprecated: use commands.DeleteProject
 func (c *Commands) RemoveProject(ctx context.Context, projectID, resourceOwner string, cascadingUserGrantIDs ...string) (*domain.ObjectDetails, error) {
 	if projectID == "" || resourceOwner == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-66hM9", "Errors.Project.ProjectIDMissing")
@@ -316,15 +336,18 @@ func (c *Commands) RemoveProject(ctx context.Context, projectID, resourceOwner s
 		uniqueConstraints[i] = project.NewRemoveSAMLConfigEntityIDUniqueConstraint(entityID.EntityID)
 	}
 
-	projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
 	events := []eventstore.Command{
-		project.NewProjectRemovedEvent(ctx, projectAgg, existingProject.Name, uniqueConstraints),
+		project.NewProjectRemovedEvent(ctx,
+			ProjectAggregateFromWriteModelWithCTX(ctx, &existingProject.WriteModel),
+			existingProject.Name,
+			uniqueConstraints,
+		),
 	}
 
 	for _, grantID := range cascadingUserGrantIDs {
 		event, _, err := c.removeUserGrant(ctx, grantID, "", true)
 		if err != nil {
-			logging.LogWithFields("COMMAND-b8Djf", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant")
+			logging.WithFields("id", "COMMAND-b8Djf", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant")
 			continue
 		}
 		events = append(events, event)
@@ -341,6 +364,53 @@ func (c *Commands) RemoveProject(ctx context.Context, projectID, resourceOwner s
 	return writeModelToObjectDetails(&existingProject.WriteModel), nil
 }
 
+func (c *Commands) DeleteProject(ctx context.Context, id, resourceOwner string, cascadingUserGrantIDs ...string) (time.Time, error) {
+	if id == "" {
+		return time.Time{}, zerrors.ThrowInvalidArgument(nil, "COMMAND-obqos2l3no", "Errors.IDMissing")
+	}
+
+	existing, err := c.getProjectWriteModelByID(ctx, id, resourceOwner)
+	if err != nil {
+		return time.Time{}, err
+	}
+	if !isProjectStateExists(existing.State) {
+		return existing.WriteModel.ChangeDate, nil
+	}
+	if err := c.checkPermissionDeleteProject(ctx, existing.ResourceOwner, existing.AggregateID); err != nil {
+		return time.Time{}, err
+	}
+
+	samlEntityIDsAgg, err := c.getSAMLEntityIdsWriteModelByProjectID(ctx, id, resourceOwner)
+	if err != nil {
+		return time.Time{}, err
+	}
+
+	uniqueConstraints := make([]*eventstore.UniqueConstraint, len(samlEntityIDsAgg.EntityIDs))
+	for i, entityID := range samlEntityIDsAgg.EntityIDs {
+		uniqueConstraints[i] = project.NewRemoveSAMLConfigEntityIDUniqueConstraint(entityID.EntityID)
+	}
+	events := []eventstore.Command{
+		project.NewProjectRemovedEvent(ctx,
+			ProjectAggregateFromWriteModelWithCTX(ctx, &existing.WriteModel),
+			existing.Name,
+			uniqueConstraints,
+		),
+	}
+	for _, grantID := range cascadingUserGrantIDs {
+		event, _, err := c.removeUserGrant(ctx, grantID, "", true)
+		if err != nil {
+			logging.WithFields("id", "COMMAND-b8Djf", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant")
+			continue
+		}
+		events = append(events, event)
+	}
+
+	if err := c.pushAppendAndReduce(ctx, existing, events...); err != nil {
+		return time.Time{}, err
+	}
+	return existing.WriteModel.ChangeDate, nil
+}
+
 func (c *Commands) getProjectWriteModelByID(ctx context.Context, projectID, resourceOwner string) (_ *ProjectWriteModel, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
diff --git a/internal/command/project_application_api.go b/internal/command/project_application_api.go
index 21c3bc5ee7..5b8bbafcdf 100644
--- a/internal/command/project_application_api.go
+++ b/internal/command/project_application_api.go
@@ -79,7 +79,7 @@ func (c *Commands) AddAPIApplicationWithID(ctx context.Context, apiApp *domain.A
 		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-mabu12", "Errors.Project.App.AlreadyExisting")
 	}
 
-	if err := c.checkProjectExists(ctx, apiApp.AggregateID, resourceOwner); err != nil {
+	if _, err := c.checkProjectExists(ctx, apiApp.AggregateID, resourceOwner); err != nil {
 		return nil, err
 	}
 	return c.addAPIApplicationWithID(ctx, apiApp, resourceOwner, appID)
@@ -90,7 +90,7 @@ func (c *Commands) AddAPIApplication(ctx context.Context, apiApp *domain.APIApp,
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-5m9E", "Errors.Project.App.Invalid")
 	}
 
-	if err := c.checkProjectExists(ctx, apiApp.AggregateID, resourceOwner); err != nil {
+	if _, err := c.checkProjectExists(ctx, apiApp.AggregateID, resourceOwner); err != nil {
 		return nil, err
 	}
 	if !apiApp.IsValid() {
diff --git a/internal/command/project_application_oidc.go b/internal/command/project_application_oidc.go
index fccb0efe06..491bd38fca 100644
--- a/internal/command/project_application_oidc.go
+++ b/internal/command/project_application_oidc.go
@@ -132,7 +132,7 @@ func (c *Commands) AddOIDCApplicationWithID(ctx context.Context, oidcApp *domain
 		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-lxowmp", "Errors.Project.App.AlreadyExisting")
 	}
 
-	if err := c.checkProjectExists(ctx, oidcApp.AggregateID, resourceOwner); err != nil {
+	if _, err := c.checkProjectExists(ctx, oidcApp.AggregateID, resourceOwner); err != nil {
 		return nil, err
 	}
 	return c.addOIDCApplicationWithID(ctx, oidcApp, resourceOwner, appID)
@@ -142,7 +142,7 @@ func (c *Commands) AddOIDCApplication(ctx context.Context, oidcApp *domain.OIDCA
 	if oidcApp == nil || oidcApp.AggregateID == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-34Fm0", "Errors.Project.App.Invalid")
 	}
-	if err := c.checkProjectExists(ctx, oidcApp.AggregateID, resourceOwner); err != nil {
+	if _, err := c.checkProjectExists(ctx, oidcApp.AggregateID, resourceOwner); err != nil {
 		return nil, err
 	}
 	if oidcApp.AppName == "" || !oidcApp.IsValid() {
diff --git a/internal/command/project_application_saml.go b/internal/command/project_application_saml.go
index b14bed0758..1a5cefa221 100644
--- a/internal/command/project_application_saml.go
+++ b/internal/command/project_application_saml.go
@@ -16,7 +16,7 @@ func (c *Commands) AddSAMLApplication(ctx context.Context, application *domain.S
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-35Fn0", "Errors.Project.App.Invalid")
 	}
 
-	if err := c.checkProjectExists(ctx, application.AggregateID, resourceOwner); err != nil {
+	if _, err := c.checkProjectExists(ctx, application.AggregateID, resourceOwner); err != nil {
 		return nil, err
 	}
 	addedApplication := NewSAMLApplicationWriteModel(application.AggregateID, resourceOwner)
diff --git a/internal/command/project_grant.go b/internal/command/project_grant.go
index 82d5dcab38..763ea7ab67 100644
--- a/internal/command/project_grant.go
+++ b/internal/command/project_grant.go
@@ -9,6 +9,7 @@ import (
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
 	"github.com/zitadel/zitadel/internal/feature"
 	"github.com/zitadel/zitadel/internal/repository/org"
 	"github.com/zitadel/zitadel/internal/repository/project"
@@ -16,69 +17,107 @@ import (
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
-func (c *Commands) AddProjectGrantWithID(ctx context.Context, grant *domain.ProjectGrant, grantID string, resourceOwner string) (_ *domain.ProjectGrant, err error) {
+type AddProjectGrant struct {
+	es_models.ObjectRoot
+
+	GrantID      string
+	GrantedOrgID string
+	RoleKeys     []string
+}
+
+func (p *AddProjectGrant) IsValid() error {
+	if p.AggregateID == "" {
+		return zerrors.ThrowInvalidArgument(nil, "COMMAND-FYRnWEzBzV", "Errors.Project.Grant.Invalid")
+	}
+	if p.GrantedOrgID == "" {
+		return zerrors.ThrowInvalidArgument(nil, "COMMAND-PPhHpWGRAE", "Errors.Project.Grant.Invalid")
+	}
+	return nil
+}
+
+func (c *Commands) AddProjectGrant(ctx context.Context, grant *AddProjectGrant) (_ *domain.ObjectDetails, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	return c.addProjectGrantWithID(ctx, grant, grantID, resourceOwner)
+	if err := grant.IsValid(); err != nil {
+		return nil, err
+	}
+
+	if grant.GrantID == "" {
+		grant.GrantID, err = c.idGenerator.Next()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	projectResourceOwner, err := c.checkProjectGrantPreCondition(ctx, grant.AggregateID, grant.GrantedOrgID, grant.ResourceOwner, grant.RoleKeys)
+	if err != nil {
+		return nil, err
+	}
+	// if there is no resourceowner provided then use the resourceowner of the project
+	if grant.ResourceOwner == "" {
+		grant.ResourceOwner = projectResourceOwner
+	}
+	if err := c.checkPermissionWriteProjectGrant(ctx, grant.ResourceOwner, grant.GrantID); err != nil {
+		return nil, err
+	}
+
+	wm := NewProjectGrantWriteModel(grant.GrantID, grant.AggregateID, grant.ResourceOwner)
+	// error if provided resourceowner is not equal to the resourceowner of the project or the project grant is for the same organization
+	if projectResourceOwner != wm.ResourceOwner || wm.ResourceOwner == grant.GrantedOrgID {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-ckUpbvboAH", "Errors.Project.Grant.Invalid")
+	}
+	if err := c.pushAppendAndReduce(ctx,
+		wm,
+		project.NewGrantAddedEvent(ctx,
+			ProjectAggregateFromWriteModelWithCTX(ctx, &wm.WriteModel),
+			grant.GrantID,
+			grant.GrantedOrgID,
+			grant.RoleKeys),
+	); err != nil {
+		return nil, err
+	}
+	return writeModelToObjectDetails(&wm.WriteModel), nil
 }
 
-func (c *Commands) AddProjectGrant(ctx context.Context, grant *domain.ProjectGrant, resourceOwner string) (_ *domain.ProjectGrant, err error) {
-	if !grant.IsValid() {
-		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-3b8fs", "Errors.Project.Grant.Invalid")
-	}
-	err = c.checkProjectGrantPreCondition(ctx, grant, resourceOwner)
-	if err != nil {
-		return nil, err
-	}
+type ChangeProjectGrant struct {
+	es_models.ObjectRoot
 
-	grantID, err := c.idGenerator.Next()
-	if err != nil {
-		return nil, err
-	}
-
-	return c.addProjectGrantWithID(ctx, grant, grantID, resourceOwner)
+	GrantID  string
+	RoleKeys []string
 }
 
-func (c *Commands) addProjectGrantWithID(ctx context.Context, grant *domain.ProjectGrant, grantID string, resourceOwner string) (_ *domain.ProjectGrant, err error) {
-	grant.GrantID = grantID
-
-	addedGrant := NewProjectGrantWriteModel(grant.GrantID, grant.AggregateID, resourceOwner)
-	projectAgg := ProjectAggregateFromWriteModel(&addedGrant.WriteModel)
-	pushedEvents, err := c.eventstore.Push(
-		ctx,
-		project.NewGrantAddedEvent(ctx, projectAgg, grant.GrantID, grant.GrantedOrgID, grant.RoleKeys))
-	if err != nil {
-		return nil, err
-	}
-	err = AppendAndReduce(addedGrant, pushedEvents...)
-	if err != nil {
-		return nil, err
-	}
-	return projectGrantWriteModelToProjectGrant(addedGrant), nil
-}
-
-func (c *Commands) ChangeProjectGrant(ctx context.Context, grant *domain.ProjectGrant, resourceOwner string, cascadeUserGrantIDs ...string) (_ *domain.ProjectGrant, err error) {
+func (c *Commands) ChangeProjectGrant(ctx context.Context, grant *ChangeProjectGrant, cascadeUserGrantIDs ...string) (_ *domain.ObjectDetails, err error) {
 	if grant.GrantID == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-1j83s", "Errors.IDMissing")
 	}
-	existingGrant, err := c.projectGrantWriteModelByID(ctx, grant.GrantID, grant.AggregateID, resourceOwner)
+	existingGrant, err := c.projectGrantWriteModelByID(ctx, grant.GrantID, grant.AggregateID, grant.ResourceOwner)
 	if err != nil {
 		return nil, err
 	}
-	grant.GrantedOrgID = existingGrant.GrantedOrgID
-	err = c.checkProjectGrantPreCondition(ctx, grant, resourceOwner)
+	if err := c.checkPermissionWriteProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.GrantID); err != nil {
+		return nil, err
+	}
+	projectResourceOwner, err := c.checkProjectGrantPreCondition(ctx, existingGrant.AggregateID, existingGrant.GrantedOrgID, existingGrant.ResourceOwner, grant.RoleKeys)
 	if err != nil {
 		return nil, err
 	}
-	projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
+	// error if provided resourceowner is not equal to the resourceowner of the project
+	if existingGrant.ResourceOwner != projectResourceOwner {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-q1BhA68RBC", "Errors.Project.Grant.Invalid")
+	}
 
+	// return if there are no changes to the project grant roles
 	if reflect.DeepEqual(existingGrant.RoleKeys, grant.RoleKeys) {
-		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-0o0pL", "Errors.NoChangesFoundc")
+		return writeModelToObjectDetails(&existingGrant.WriteModel), nil
 	}
 
 	events := []eventstore.Command{
-		project.NewGrantChangedEvent(ctx, projectAgg, grant.GrantID, grant.RoleKeys),
+		project.NewGrantChangedEvent(ctx,
+			ProjectAggregateFromWriteModelWithCTX(ctx, &existingGrant.WriteModel),
+			existingGrant.GrantID,
+			grant.RoleKeys,
+		),
 	}
 
 	removedRoles := domain.GetRemovedRoles(existingGrant.RoleKeys, grant.RoleKeys)
@@ -91,7 +130,7 @@ func (c *Commands) ChangeProjectGrant(ctx context.Context, grant *domain.Project
 		if err != nil {
 			return nil, err
 		}
-		return projectGrantWriteModelToProjectGrant(existingGrant), nil
+		return writeModelToObjectDetails(&existingGrant.WriteModel), nil
 	}
 
 	for _, userGrantID := range cascadeUserGrantIDs {
@@ -109,7 +148,7 @@ func (c *Commands) ChangeProjectGrant(ctx context.Context, grant *domain.Project
 	if err != nil {
 		return nil, err
 	}
-	return projectGrantWriteModelToProjectGrant(existingGrant), nil
+	return writeModelToObjectDetails(&existingGrant.WriteModel), nil
 }
 
 func (c *Commands) removeRoleFromProjectGrant(ctx context.Context, projectAgg *eventstore.Aggregate, projectID, projectGrantID, roleKey string, cascade bool) (_ eventstore.Command, _ *ProjectGrantWriteModel, err error) {
@@ -147,7 +186,7 @@ func (c *Commands) DeactivateProjectGrant(ctx context.Context, projectID, grantI
 		return details, zerrors.ThrowInvalidArgument(nil, "PROJECT-p0s4V", "Errors.IDMissing")
 	}
 
-	err = c.checkProjectExists(ctx, projectID, resourceOwner)
+	projectResourceOwner, err := c.checkProjectExists(ctx, projectID, resourceOwner)
 	if err != nil {
 		return nil, err
 	}
@@ -156,12 +195,27 @@ func (c *Commands) DeactivateProjectGrant(ctx context.Context, projectID, grantI
 	if err != nil {
 		return details, err
 	}
+	// error if provided resourceowner is not equal to the resourceowner of the project
+	if projectResourceOwner != existingGrant.ResourceOwner {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-0l10S9OmZV", "Errors.Project.Grant.Invalid")
+	}
+	// return if project grant is already inactive
+	if existingGrant.State == domain.ProjectGrantStateInactive {
+		return writeModelToObjectDetails(&existingGrant.WriteModel), nil
+	}
+	// error if project grant is neither active nor inactive
 	if existingGrant.State != domain.ProjectGrantStateActive {
 		return details, zerrors.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotActive")
 	}
-	projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
-
-	pushedEvents, err := c.eventstore.Push(ctx, project.NewGrantDeactivateEvent(ctx, projectAgg, grantID))
+	if err := c.checkPermissionWriteProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.GrantID); err != nil {
+		return nil, err
+	}
+	pushedEvents, err := c.eventstore.Push(ctx,
+		project.NewGrantDeactivateEvent(ctx,
+			ProjectAggregateFromWriteModelWithCTX(ctx, &existingGrant.WriteModel),
+			grantID,
+		),
+	)
 	if err != nil {
 		return nil, err
 	}
@@ -177,7 +231,7 @@ func (c *Commands) ReactivateProjectGrant(ctx context.Context, projectID, grantI
 		return details, zerrors.ThrowInvalidArgument(nil, "PROJECT-p0s4V", "Errors.IDMissing")
 	}
 
-	err = c.checkProjectExists(ctx, projectID, resourceOwner)
+	projectResourceOwner, err := c.checkProjectExists(ctx, projectID, resourceOwner)
 	if err != nil {
 		return nil, err
 	}
@@ -186,11 +240,27 @@ func (c *Commands) ReactivateProjectGrant(ctx context.Context, projectID, grantI
 	if err != nil {
 		return details, err
 	}
+	// error if provided resourceowner is not equal to the resourceowner of the project
+	if projectResourceOwner != existingGrant.ResourceOwner {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-byscAarAST", "Errors.Project.Grant.Invalid")
+	}
+	// return if project grant is already active
+	if existingGrant.State == domain.ProjectGrantStateActive {
+		return writeModelToObjectDetails(&existingGrant.WriteModel), nil
+	}
+	// error if project grant is neither active nor inactive
 	if existingGrant.State != domain.ProjectGrantStateInactive {
 		return details, zerrors.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotInactive")
 	}
-	projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
-	pushedEvents, err := c.eventstore.Push(ctx, project.NewGrantReactivatedEvent(ctx, projectAgg, grantID))
+	if err := c.checkPermissionWriteProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.GrantID); err != nil {
+		return nil, err
+	}
+	pushedEvents, err := c.eventstore.Push(ctx,
+		project.NewGrantReactivatedEvent(ctx,
+			ProjectAggregateFromWriteModelWithCTX(ctx, &existingGrant.WriteModel),
+			grantID,
+		),
+	)
 	if err != nil {
 		return nil, err
 	}
@@ -209,9 +279,20 @@ func (c *Commands) RemoveProjectGrant(ctx context.Context, projectID, grantID, r
 	if err != nil {
 		return details, err
 	}
+	// return if project grant does not exist, or was removed already
+	if !existingGrant.State.Exists() {
+		return writeModelToObjectDetails(&existingGrant.WriteModel), nil
+	}
+	if err := c.checkPermissionDeleteProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.GrantID); err != nil {
+		return nil, err
+	}
 	events := make([]eventstore.Command, 0)
-	projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
-	events = append(events, project.NewGrantRemovedEvent(ctx, projectAgg, grantID, existingGrant.GrantedOrgID))
+	events = append(events, project.NewGrantRemovedEvent(ctx,
+		ProjectAggregateFromWriteModelWithCTX(ctx, &existingGrant.WriteModel),
+		grantID,
+		existingGrant.GrantedOrgID,
+	),
+	)
 
 	for _, userGrantID := range cascadeUserGrantIDs {
 		event, _, err := c.removeUserGrant(ctx, userGrantID, "", true)
@@ -232,6 +313,10 @@ func (c *Commands) RemoveProjectGrant(ctx context.Context, projectID, grantID, r
 	return writeModelToObjectDetails(&existingGrant.WriteModel), nil
 }
 
+func (c *Commands) checkPermissionDeleteProjectGrant(ctx context.Context, resourceOwner, projectGrantID string) error {
+	return c.checkPermission(ctx, domain.PermissionProjectGrantDelete, resourceOwner, projectGrantID)
+}
+
 func (c *Commands) projectGrantWriteModelByID(ctx context.Context, grantID, projectID, resourceOwner string) (member *ProjectGrantWriteModel, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
@@ -249,55 +334,61 @@ func (c *Commands) projectGrantWriteModelByID(ctx context.Context, grantID, proj
 	return writeModel, nil
 }
 
-func (c *Commands) checkProjectGrantPreCondition(ctx context.Context, projectGrant *domain.ProjectGrant, resourceOwner string) error {
+func (c *Commands) checkProjectGrantPreCondition(ctx context.Context, projectID, grantedOrgID, resourceOwner string, roles []string) (string, error) {
 	if !authz.GetFeatures(ctx).ShouldUseImprovedPerformance(feature.ImprovedPerformanceTypeProjectGrant) {
-		return c.checkProjectGrantPreConditionOld(ctx, projectGrant, resourceOwner)
+		return c.checkProjectGrantPreConditionOld(ctx, projectID, grantedOrgID, resourceOwner, roles)
 	}
-	existingRoleKeys, err := c.searchProjectGrantState(ctx, projectGrant.AggregateID, projectGrant.GrantedOrgID, resourceOwner)
+	projectResourceOwner, existingRoleKeys, err := c.searchProjectGrantState(ctx, projectID, grantedOrgID, resourceOwner)
 	if err != nil {
-		return err
+		return "", err
 	}
 
-	if projectGrant.HasInvalidRoles(existingRoleKeys) {
-		return zerrors.ThrowPreconditionFailed(err, "COMMAND-6m9gd", "Errors.Project.Role.NotFound")
+	if domain.HasInvalidRoles(existingRoleKeys, roles) {
+		return "", zerrors.ThrowPreconditionFailed(err, "COMMAND-6m9gd", "Errors.Project.Role.NotFound")
 	}
-	return nil
+	return projectResourceOwner, nil
 }
 
-func (c *Commands) searchProjectGrantState(ctx context.Context, projectID, grantedOrgID, resourceOwner string) (existingRoleKeys []string, err error) {
+func (c *Commands) searchProjectGrantState(ctx context.Context, projectID, grantedOrgID, resourceOwner string) (_ string, existingRoleKeys []string, err error) {
+	projectStateQuery := map[eventstore.FieldType]any{
+		eventstore.FieldTypeAggregateType: project.AggregateType,
+		eventstore.FieldTypeAggregateID:   projectID,
+		eventstore.FieldTypeFieldName:     project.ProjectStateSearchField,
+		eventstore.FieldTypeObjectType:    project.ProjectSearchType,
+	}
+	grantedOrgQuery := map[eventstore.FieldType]any{
+		eventstore.FieldTypeAggregateType: org.AggregateType,
+		eventstore.FieldTypeAggregateID:   grantedOrgID,
+		eventstore.FieldTypeFieldName:     org.OrgStateSearchField,
+		eventstore.FieldTypeObjectType:    org.OrgSearchType,
+	}
+	roleQuery := map[eventstore.FieldType]any{
+		eventstore.FieldTypeAggregateType: project.AggregateType,
+		eventstore.FieldTypeAggregateID:   projectID,
+		eventstore.FieldTypeFieldName:     project.ProjectRoleKeySearchField,
+		eventstore.FieldTypeObjectType:    project.ProjectRoleSearchType,
+	}
+
+	// as resourceowner is not always provided, it has to be separately
+	if resourceOwner != "" {
+		projectStateQuery[eventstore.FieldTypeResourceOwner] = resourceOwner
+		roleQuery[eventstore.FieldTypeResourceOwner] = resourceOwner
+	}
+
 	results, err := c.eventstore.Search(
 		ctx,
-		// project state query
-		map[eventstore.FieldType]any{
-			eventstore.FieldTypeResourceOwner: resourceOwner,
-			eventstore.FieldTypeAggregateType: project.AggregateType,
-			eventstore.FieldTypeAggregateID:   projectID,
-			eventstore.FieldTypeFieldName:     project.ProjectStateSearchField,
-			eventstore.FieldTypeObjectType:    project.ProjectSearchType,
-		},
-		// granted org query
-		map[eventstore.FieldType]any{
-			eventstore.FieldTypeAggregateType: org.AggregateType,
-			eventstore.FieldTypeAggregateID:   grantedOrgID,
-			eventstore.FieldTypeFieldName:     org.OrgStateSearchField,
-			eventstore.FieldTypeObjectType:    org.OrgSearchType,
-		},
-		// role query
-		map[eventstore.FieldType]any{
-			eventstore.FieldTypeResourceOwner: resourceOwner,
-			eventstore.FieldTypeAggregateType: project.AggregateType,
-			eventstore.FieldTypeAggregateID:   projectID,
-			eventstore.FieldTypeFieldName:     project.ProjectRoleKeySearchField,
-			eventstore.FieldTypeObjectType:    project.ProjectRoleSearchType,
-		},
+		projectStateQuery,
+		grantedOrgQuery,
+		roleQuery,
 	)
 	if err != nil {
-		return nil, err
+		return "", nil, err
 	}
 
 	var (
-		existsProject    bool
-		existsGrantedOrg bool
+		existsProject                bool
+		existingProjectResourceOwner string
+		existsGrantedOrg             bool
 	)
 
 	for _, result := range results {
@@ -306,31 +397,32 @@ func (c *Commands) searchProjectGrantState(ctx context.Context, projectID, grant
 			var role string
 			err := result.Value.Unmarshal(&role)
 			if err != nil {
-				return nil, err
+				return "", nil, err
 			}
 			existingRoleKeys = append(existingRoleKeys, role)
 		case org.OrgSearchType:
 			var state domain.OrgState
 			err := result.Value.Unmarshal(&state)
 			if err != nil {
-				return nil, err
+				return "", nil, err
 			}
 			existsGrantedOrg = state.Valid() && state != domain.OrgStateRemoved
 		case project.ProjectSearchType:
 			var state domain.ProjectState
 			err := result.Value.Unmarshal(&state)
 			if err != nil {
-				return nil, err
+				return "", nil, err
 			}
 			existsProject = state.Valid() && state != domain.ProjectStateRemoved
+			existingProjectResourceOwner = result.Aggregate.ResourceOwner
 		}
 	}
 
 	if !existsProject {
-		return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-m9gsd", "Errors.Project.NotFound")
+		return "", nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-m9gsd", "Errors.Project.NotFound")
 	}
 	if !existsGrantedOrg {
-		return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-3m9gg", "Errors.Org.NotFound")
+		return "", nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-3m9gg", "Errors.Org.NotFound")
 	}
-	return existingRoleKeys, nil
+	return existingProjectResourceOwner, existingRoleKeys, nil
 }
diff --git a/internal/command/project_grant_model.go b/internal/command/project_grant_model.go
index c658b00b69..a8c1fe2850 100644
--- a/internal/command/project_grant_model.go
+++ b/internal/command/project_grant_model.go
@@ -133,14 +133,18 @@ func (wm *ProjectGrantPreConditionReadModel) Reduce() error {
 	for _, event := range wm.Events {
 		switch e := event.(type) {
 		case *project.ProjectAddedEvent:
-			if e.Aggregate().ResourceOwner != wm.ResourceOwner {
+			if wm.ResourceOwner == "" {
+				wm.ResourceOwner = e.Aggregate().ResourceOwner
+			}
+			if wm.ResourceOwner != e.Aggregate().ResourceOwner {
 				continue
 			}
 			wm.ProjectExists = true
 		case *project.ProjectRemovedEvent:
-			if e.Aggregate().ResourceOwner != wm.ResourceOwner {
+			if wm.ResourceOwner != e.Aggregate().ResourceOwner {
 				continue
 			}
+			wm.ResourceOwner = ""
 			wm.ProjectExists = false
 		case *project.RoleAddedEvent:
 			if e.Aggregate().ResourceOwner != wm.ResourceOwner {
diff --git a/internal/command/project_grant_test.go b/internal/command/project_grant_test.go
index e39835e2f4..f1befa0de2 100644
--- a/internal/command/project_grant_test.go
+++ b/internal/command/project_grant_test.go
@@ -19,16 +19,16 @@ import (
 
 func TestCommandSide_AddProjectGrant(t *testing.T) {
 	type fields struct {
-		eventstore  *eventstore.Eventstore
-		idGenerator id.Generator
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		idGenerator     id.Generator
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
-		ctx           context.Context
-		projectGrant  *domain.ProjectGrant
-		resourceOwner string
+		ctx          context.Context
+		projectGrant *AddProjectGrant
 	}
 	type res struct {
-		want *domain.ProjectGrant
+		want *domain.ObjectDetails
 		err  func(error) bool
 	}
 	tests := []struct {
@@ -40,18 +40,18 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 		{
 			name: "invalid usergrant, error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &AddProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
+					GrantID: "grant1",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
@@ -60,20 +60,21 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 		{
 			name: "project not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &AddProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
+					GrantID:      "grant1",
 					GrantedOrgID: "grantedorg1",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
@@ -82,8 +83,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 		{
 			name: "project not existing in org, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -108,16 +108,18 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &AddProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
+					GrantID:      "grant1",
 					GrantedOrgID: "grantedorg1",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
@@ -126,8 +128,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 		{
 			name: "granted org not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -138,16 +139,18 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &AddProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
+					GrantID:      "grant1",
 					GrantedOrgID: "grantedorg1",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
@@ -156,8 +159,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 		{
 			name: "project roles not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -174,27 +176,74 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &AddProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
+					GrantID:      "grant1",
 					GrantedOrgID: "grantedorg1",
 					RoleKeys:     []string{"key1"},
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
 			},
 		},
 		{
-			name: "usergrant for project, ok",
+			name: "grant for project, same resourceowner",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"projectname1", true, true, true,
+								domain.PrivateLabelingSettingUnspecified,
+							),
+						),
+						eventFromEventPusher(
+							org.NewOrgAddedEvent(context.Background(),
+								&org.NewAggregate("org1").Aggregate,
+								"granted org",
+							),
+						),
+						eventFromEventPusher(
+							project.NewRoleAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"key1",
+								"key",
+								"",
+							),
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+				idGenerator:     id_mock.NewIDGeneratorExpectIDs(t, "projectgrant1"),
+			},
+			args: args{
+				ctx: context.Background(),
+				projectGrant: &AddProjectGrant{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
+					},
+					GrantedOrgID: "org1",
+					RoleKeys:     []string{"key1"},
+				},
+			},
+			res: res{
+				err: zerrors.IsPreconditionFailed,
+			},
+		},
+		{
+			name: "grant for project, ok",
+			fields: fields{
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -227,21 +276,67 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 						),
 					),
 				),
-				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "projectgrant1"),
+				checkPermission: newMockPermissionCheckAllowed(),
+				idGenerator:     id_mock.NewIDGeneratorExpectIDs(t, "projectgrant1"),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &AddProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
 					GrantedOrgID: "grantedorg1",
 					RoleKeys:     []string{"key1"},
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
-				want: &domain.ProjectGrant{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "grant for project, id, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"projectname1", true, true, true,
+								domain.PrivateLabelingSettingUnspecified,
+							),
+						),
+						eventFromEventPusher(
+							org.NewOrgAddedEvent(context.Background(),
+								&org.NewAggregate("grantedorg1").Aggregate,
+								"granted org",
+							),
+						),
+						eventFromEventPusher(
+							project.NewRoleAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"key1",
+								"key",
+								"",
+							),
+						),
+					),
+					expectPush(
+						project.NewGrantAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+							[]string{"key1"},
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx: context.Background(),
+				projectGrant: &AddProjectGrant{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID:   "project1",
 						ResourceOwner: "org1",
@@ -249,7 +344,11 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 					GrantID:      "projectgrant1",
 					GrantedOrgID: "grantedorg1",
 					RoleKeys:     []string{"key1"},
-					State:        domain.ProjectGrantStateActive,
+				},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
 				},
 			},
 		},
@@ -257,10 +356,11 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore:  tt.fields.eventstore,
-				idGenerator: tt.fields.idGenerator,
+				eventstore:      tt.fields.eventstore(t),
+				idGenerator:     tt.fields.idGenerator,
+				checkPermission: tt.fields.checkPermission,
 			}
-			got, err := r.AddProjectGrant(tt.args.ctx, tt.args.projectGrant, tt.args.resourceOwner)
+			got, err := r.AddProjectGrant(tt.args.ctx, tt.args.projectGrant)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -268,7 +368,8 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 				t.Errorf("got wrong err: %v ", err)
 			}
 			if tt.res.err == nil {
-				assert.Equal(t, tt.res.want, got)
+				assert.NotEmpty(t, got.ID)
+				assertObjectDetails(t, tt.res.want, got)
 			}
 		})
 	}
@@ -276,16 +377,16 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
 
 func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
 		ctx                 context.Context
-		projectGrant        *domain.ProjectGrant
-		resourceOwner       string
+		projectGrant        *ChangeProjectGrant
 		cascadeUserGrantIDs []string
 	}
 	type res struct {
-		want *domain.ProjectGrant
+		want *domain.ObjectDetails
 		err  func(error) bool
 	}
 	tests := []struct {
@@ -297,18 +398,17 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 		{
 			name: "invalid projectgrant, error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &ChangeProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
@@ -317,22 +417,21 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 		{
 			name: "projectgrant not existing, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &ChangeProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
-					GrantID:      "projectgrant1",
-					GrantedOrgID: "grantedorg1",
-					RoleKeys:     []string{"key1"},
+					GrantID:  "projectgrant1",
+					RoleKeys: []string{"key1"},
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsNotFound,
@@ -341,8 +440,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 		{
 			name: "project not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -353,17 +451,17 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 					),
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &ChangeProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
-					GrantID:      "projectgrant1",
-					GrantedOrgID: "grantedorg1",
+					GrantID: "projectgrant1",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
@@ -372,8 +470,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 		{
 			name: "project not existing in org, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -398,18 +495,18 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &ChangeProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
-					GrantID:      "projectgrant1",
-					GrantedOrgID: "grantedorg1",
-					RoleKeys:     []string{"key1"},
+					GrantID:  "projectgrant1",
+					RoleKeys: []string{"key1"},
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
@@ -418,8 +515,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 		{
 			name: "granted org not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -438,17 +534,17 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &ChangeProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
-					GrantID:      "projectgrant1",
-					GrantedOrgID: "grantedorg1",
+					GrantID: "projectgrant1",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
@@ -457,8 +553,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 		{
 			name: "project roles not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -483,18 +578,18 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &ChangeProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
-					GrantID:      "projectgrant1",
-					GrantedOrgID: "grantedorg1",
-					RoleKeys:     []string{"key1"},
+					GrantID:  "projectgrant1",
+					RoleKeys: []string{"key1"},
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
@@ -503,8 +598,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 		{
 			name: "projectgrant not changed, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -537,28 +631,29 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
+				projectGrant: &ChangeProjectGrant{
 					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
 					},
-					GrantID:      "projectgrant1",
-					GrantedOrgID: "grantedorg1",
-					RoleKeys:     []string{"key1"},
+					GrantID:  "projectgrant1",
+					RoleKeys: []string{"key1"},
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
-				err: zerrors.IsPreconditionFailed,
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
 			},
 		},
 		{
 			name: "projectgrant only added roles, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -606,37 +701,29 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
-					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
-					},
-					GrantID:      "projectgrant1",
-					GrantedOrgID: "grantedorg1",
-					RoleKeys:     []string{"key1", "key2"},
-				},
-				resourceOwner: "org1",
-			},
-			res: res{
-				want: &domain.ProjectGrant{
+				projectGrant: &ChangeProjectGrant{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID:   "project1",
 						ResourceOwner: "org1",
 					},
-					GrantID:      "projectgrant1",
-					GrantedOrgID: "grantedorg1",
-					RoleKeys:     []string{"key1", "key2"},
-					State:        domain.ProjectGrantStateActive,
+					GrantID:  "projectgrant1",
+					RoleKeys: []string{"key1", "key2"},
+				},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
 				},
 			},
 		},
 		{
 			name: "projectgrant remove roles, usergrant not found, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -685,38 +772,30 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
-					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
-					},
-					GrantID:      "projectgrant1",
-					GrantedOrgID: "grantedorg1",
-					RoleKeys:     []string{"key1"},
-				},
-				resourceOwner:       "org1",
-				cascadeUserGrantIDs: []string{"usergrant1"},
-			},
-			res: res{
-				want: &domain.ProjectGrant{
+				projectGrant: &ChangeProjectGrant{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID:   "project1",
 						ResourceOwner: "org1",
 					},
-					GrantID:      "projectgrant1",
-					GrantedOrgID: "grantedorg1",
-					RoleKeys:     []string{"key1"},
-					State:        domain.ProjectGrantStateActive,
+					GrantID:  "projectgrant1",
+					RoleKeys: []string{"key1"},
+				},
+				cascadeUserGrantIDs: []string{"usergrant1"},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
 				},
 			},
 		},
 		{
 			name: "projectgrant remove roles, usergrant not found, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -778,30 +857,23 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				projectGrant: &domain.ProjectGrant{
-					ObjectRoot: models.ObjectRoot{
-						AggregateID: "project1",
-					},
-					GrantID:      "projectgrant1",
-					GrantedOrgID: "grantedorg1",
-					RoleKeys:     []string{"key1"},
-				},
-				resourceOwner:       "org1",
-				cascadeUserGrantIDs: []string{"usergrant1"},
-			},
-			res: res{
-				want: &domain.ProjectGrant{
+				projectGrant: &ChangeProjectGrant{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID:   "project1",
 						ResourceOwner: "org1",
 					},
-					GrantID:      "projectgrant1",
-					GrantedOrgID: "grantedorg1",
-					RoleKeys:     []string{"key1"},
-					State:        domain.ProjectGrantStateActive,
+					GrantID:  "projectgrant1",
+					RoleKeys: []string{"key1"},
+				},
+				cascadeUserGrantIDs: []string{"usergrant1"},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
 				},
 			},
 		},
@@ -809,9 +881,10 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
 			}
-			got, err := r.ChangeProjectGrant(tt.args.ctx, tt.args.projectGrant, tt.args.resourceOwner, tt.args.cascadeUserGrantIDs...)
+			got, err := r.ChangeProjectGrant(tt.args.ctx, tt.args.projectGrant, tt.args.cascadeUserGrantIDs...)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -819,7 +892,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 				t.Errorf("got wrong err: %v ", err)
 			}
 			if tt.res.err == nil {
-				assert.Equal(t, tt.res.want, got)
+				assertObjectDetails(t, tt.res.want, got)
 			}
 		})
 	}
@@ -827,7 +900,8 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 
 func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
 		ctx           context.Context
@@ -848,9 +922,8 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 		{
 			name: "missing projectid, invalid error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -864,9 +937,8 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 		{
 			name: "missing grantid, invalid error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -880,10 +952,10 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 		{
 			name: "project not existing, precondition failed error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -898,8 +970,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 		{
 			name: "projectgrant not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -911,6 +982,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 					),
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -923,10 +995,9 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 			},
 		},
 		{
-			name: "projectgrant already deactivated, precondition error",
+			name: "projectgrant already deactivated, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -949,6 +1020,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 						)),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -957,14 +1029,15 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 				resourceOwner: "org1",
 			},
 			res: res{
-				err: zerrors.IsPreconditionFailed,
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
 			},
 		},
 		{
 			name: "projectgrant deactivate, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -989,6 +1062,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1006,7 +1080,8 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
 			}
 			got, err := r.DeactivateProjectGrant(tt.args.ctx, tt.args.projectID, tt.args.grantID, tt.args.resourceOwner)
 			if tt.res.err == nil {
@@ -1024,7 +1099,8 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 
 func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
 		ctx           context.Context
@@ -1045,9 +1121,8 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 		{
 			name: "missing projectid, invalid error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1061,9 +1136,8 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 		{
 			name: "missing grantid, invalid error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1077,10 +1151,10 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 		{
 			name: "project not existing, precondition failed error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1095,8 +1169,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 		{
 			name: "projectgrant not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -1108,6 +1181,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 					),
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1122,8 +1196,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 		{
 			name: "projectgrant not inactive, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -1142,6 +1215,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 						)),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1150,14 +1224,15 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 				resourceOwner: "org1",
 			},
 			res: res{
-				err: zerrors.IsPreconditionFailed,
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
 			},
 		},
 		{
 			name: "projectgrant reactivate, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -1186,6 +1261,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1203,7 +1279,8 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
 			}
 			got, err := r.ReactivateProjectGrant(tt.args.ctx, tt.args.projectID, tt.args.grantID, tt.args.resourceOwner)
 			if tt.res.err == nil {
@@ -1221,7 +1298,8 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 
 func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
 		ctx                 context.Context
@@ -1243,9 +1321,8 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 		{
 			name: "missing projectid, invalid error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1259,9 +1336,8 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 		{
 			name: "missing grantid, invalid error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1275,8 +1351,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 		{
 			name: "project already removed, precondition failed error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -1293,6 +1368,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1307,10 +1383,10 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 		{
 			name: "projectgrant not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1325,8 +1401,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 		{
 			name: "projectgrant remove, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -1343,6 +1418,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1359,8 +1435,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 		{
 			name: "projectgrant remove, cascading usergrant not found, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -1378,6 +1453,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:                 context.Background(),
@@ -1395,8 +1471,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 		{
 			name: "projectgrant remove with cascading usergrants, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -1426,6 +1501,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:                 context.Background(),
@@ -1444,7 +1520,8 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
 			}
 			got, err := r.RemoveProjectGrant(tt.args.ctx, tt.args.projectID, tt.args.grantID, tt.args.resourceOwner, tt.args.cascadeUserGrantIDs...)
 			if tt.res.err == nil {
diff --git a/internal/command/project_model.go b/internal/command/project_model.go
index a46b07a8fe..cabceb8500 100644
--- a/internal/command/project_model.go
+++ b/internal/command/project_model.go
@@ -88,40 +88,35 @@ func (wm *ProjectWriteModel) Query() *eventstore.SearchQueryBuilder {
 func (wm *ProjectWriteModel) NewChangedEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
-	name string,
+	name *string,
 	projectRoleAssertion,
 	projectRoleCheck,
-	hasProjectCheck bool,
-	privateLabelingSetting domain.PrivateLabelingSetting,
-) (*project.ProjectChangeEvent, bool, error) {
+	hasProjectCheck *bool,
+	privateLabelingSetting *domain.PrivateLabelingSetting,
+) *project.ProjectChangeEvent {
 	changes := make([]project.ProjectChanges, 0)
-	var err error
 
 	oldName := ""
-	if wm.Name != name {
+	if name != nil && wm.Name != *name {
 		oldName = wm.Name
-		changes = append(changes, project.ChangeName(name))
+		changes = append(changes, project.ChangeName(*name))
 	}
-	if wm.ProjectRoleAssertion != projectRoleAssertion {
-		changes = append(changes, project.ChangeProjectRoleAssertion(projectRoleAssertion))
+	if projectRoleAssertion != nil && wm.ProjectRoleAssertion != *projectRoleAssertion {
+		changes = append(changes, project.ChangeProjectRoleAssertion(*projectRoleAssertion))
 	}
-	if wm.ProjectRoleCheck != projectRoleCheck {
-		changes = append(changes, project.ChangeProjectRoleCheck(projectRoleCheck))
+	if projectRoleCheck != nil && wm.ProjectRoleCheck != *projectRoleCheck {
+		changes = append(changes, project.ChangeProjectRoleCheck(*projectRoleCheck))
 	}
-	if wm.HasProjectCheck != hasProjectCheck {
-		changes = append(changes, project.ChangeHasProjectCheck(hasProjectCheck))
+	if hasProjectCheck != nil && wm.HasProjectCheck != *hasProjectCheck {
+		changes = append(changes, project.ChangeHasProjectCheck(*hasProjectCheck))
 	}
-	if wm.PrivateLabelingSetting != privateLabelingSetting {
-		changes = append(changes, project.ChangePrivateLabelingSetting(privateLabelingSetting))
+	if privateLabelingSetting != nil && wm.PrivateLabelingSetting != *privateLabelingSetting {
+		changes = append(changes, project.ChangePrivateLabelingSetting(*privateLabelingSetting))
 	}
 	if len(changes) == 0 {
-		return nil, false, nil
+		return nil
 	}
-	changeEvent, err := project.NewProjectChangeEvent(ctx, aggregate, oldName, changes)
-	if err != nil {
-		return nil, false, err
-	}
-	return changeEvent, true, nil
+	return project.NewProjectChangeEvent(ctx, aggregate, oldName, changes)
 }
 
 func isProjectStateExists(state domain.ProjectState) bool {
@@ -132,6 +127,10 @@ func ProjectAggregateFromWriteModel(wm *eventstore.WriteModel) *eventstore.Aggre
 	return eventstore.AggregateFromWriteModel(wm, project.AggregateType, project.AggregateVersion)
 }
 
+func ProjectAggregateFromWriteModelWithCTX(ctx context.Context, wm *eventstore.WriteModel) *eventstore.Aggregate {
+	return project.AggregateFromWriteModel(ctx, wm)
+}
+
 func hasProjectState(check domain.ProjectState, states ...domain.ProjectState) bool {
 	for _, state := range states {
 		if check == state {
diff --git a/internal/command/project_old.go b/internal/command/project_old.go
index 35ea9b3ebb..e1b6f02721 100644
--- a/internal/command/project_old.go
+++ b/internal/command/project_old.go
@@ -9,18 +9,18 @@ import (
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
-func (c *Commands) checkProjectExistsOld(ctx context.Context, projectID, resourceOwner string) (err error) {
+func (c *Commands) checkProjectExistsOld(ctx context.Context, projectID, resourceOwner string) (_ string, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
 	projectWriteModel, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner)
 	if err != nil {
-		return err
+		return "", err
 	}
 	if !isProjectStateExists(projectWriteModel.State) {
-		return zerrors.ThrowPreconditionFailed(nil, "COMMAND-EbFMN", "Errors.Project.NotFound")
+		return "", zerrors.ThrowPreconditionFailed(nil, "COMMAND-EbFMN", "Errors.Project.NotFound")
 	}
-	return nil
+	return projectWriteModel.ResourceOwner, nil
 }
 
 func (c *Commands) deactivateProjectOld(ctx context.Context, projectID string, resourceOwner string) (*domain.ObjectDetails, error) {
@@ -34,6 +34,9 @@ func (c *Commands) deactivateProjectOld(ctx context.Context, projectID string, r
 	if existingProject.State != domain.ProjectStateActive {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-mki55", "Errors.Project.NotActive")
 	}
+	if err := c.checkPermissionUpdateProject(ctx, existingProject.ResourceOwner, existingProject.AggregateID); err != nil {
+		return nil, err
+	}
 
 	//nolint: contextcheck
 	projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
@@ -59,6 +62,9 @@ func (c *Commands) reactivateProjectOld(ctx context.Context, projectID string, r
 	if existingProject.State != domain.ProjectStateInactive {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5M9bs", "Errors.Project.NotInactive")
 	}
+	if err := c.checkPermissionUpdateProject(ctx, existingProject.ResourceOwner, existingProject.AggregateID); err != nil {
+		return nil, err
+	}
 
 	//nolint: contextcheck
 	projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
@@ -73,20 +79,20 @@ func (c *Commands) reactivateProjectOld(ctx context.Context, projectID string, r
 	return writeModelToObjectDetails(&existingProject.WriteModel), nil
 }
 
-func (c *Commands) checkProjectGrantPreConditionOld(ctx context.Context, projectGrant *domain.ProjectGrant, resourceOwner string) error {
-	preConditions := NewProjectGrantPreConditionReadModel(projectGrant.AggregateID, projectGrant.GrantedOrgID, resourceOwner)
+func (c *Commands) checkProjectGrantPreConditionOld(ctx context.Context, projectID, grantedOrgID, resourceOwner string, roles []string) (string, error) {
+	preConditions := NewProjectGrantPreConditionReadModel(projectID, grantedOrgID, resourceOwner)
 	err := c.eventstore.FilterToQueryReducer(ctx, preConditions)
 	if err != nil {
-		return err
+		return "", err
 	}
 	if !preConditions.ProjectExists {
-		return zerrors.ThrowPreconditionFailed(err, "COMMAND-m9gsd", "Errors.Project.NotFound")
+		return "", zerrors.ThrowPreconditionFailed(err, "COMMAND-m9gsd", "Errors.Project.NotFound")
 	}
 	if !preConditions.GrantedOrgExists {
-		return zerrors.ThrowPreconditionFailed(err, "COMMAND-3m9gg", "Errors.Org.NotFound")
+		return "", zerrors.ThrowPreconditionFailed(err, "COMMAND-3m9gg", "Errors.Org.NotFound")
 	}
-	if projectGrant.HasInvalidRoles(preConditions.ExistingRoleKeys) {
-		return zerrors.ThrowPreconditionFailed(err, "COMMAND-6m9gd", "Errors.Project.Role.NotFound")
+	if domain.HasInvalidRoles(preConditions.ExistingRoleKeys, roles) {
+		return "", zerrors.ThrowPreconditionFailed(err, "COMMAND-6m9gd", "Errors.Project.Role.NotFound")
 	}
-	return nil
+	return preConditions.ResourceOwner, nil
 }
diff --git a/internal/command/project_role.go b/internal/command/project_role.go
index 3c8f9c725c..60d002b967 100644
--- a/internal/command/project_role.go
+++ b/internal/command/project_role.go
@@ -7,22 +7,45 @@ import (
 
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
 	"github.com/zitadel/zitadel/internal/repository/project"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
-func (c *Commands) AddProjectRole(ctx context.Context, projectRole *domain.ProjectRole, resourceOwner string) (_ *domain.ProjectRole, err error) {
+type AddProjectRole struct {
+	models.ObjectRoot
+
+	Key         string
+	DisplayName string
+	Group       string
+}
+
+func (p *AddProjectRole) IsValid() bool {
+	return p.AggregateID != "" && p.Key != ""
+}
+
+func (c *Commands) AddProjectRole(ctx context.Context, projectRole *AddProjectRole) (_ *domain.ObjectDetails, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	err = c.checkProjectExists(ctx, projectRole.AggregateID, resourceOwner)
+	projectResourceOwner, err := c.checkProjectExists(ctx, projectRole.AggregateID, projectRole.ResourceOwner)
 	if err != nil {
 		return nil, err
 	}
+	if projectRole.ResourceOwner == "" {
+		projectRole.ResourceOwner = projectResourceOwner
+	}
+	if err := c.checkPermissionWriteProjectRole(ctx, projectRole.ResourceOwner, projectRole.Key); err != nil {
+		return nil, err
+	}
 
-	roleWriteModel := NewProjectRoleWriteModelWithKey(projectRole.Key, projectRole.AggregateID, resourceOwner)
-	projectAgg := ProjectAggregateFromWriteModel(&roleWriteModel.WriteModel)
+	roleWriteModel := NewProjectRoleWriteModelWithKey(projectRole.Key, projectRole.AggregateID, projectRole.ResourceOwner)
+	if roleWriteModel.ResourceOwner != projectResourceOwner {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-RLB4UpqQSd", "Errors.Project.Role.Invalid")
+	}
+
+	projectAgg := ProjectAggregateFromWriteModelWithCTX(ctx, &roleWriteModel.WriteModel)
 	events, err := c.addProjectRoles(ctx, projectAgg, projectRole)
 	if err != nil {
 		return nil, err
@@ -35,37 +58,45 @@ func (c *Commands) AddProjectRole(ctx context.Context, projectRole *domain.Proje
 	if err != nil {
 		return nil, err
 	}
-	return roleWriteModelToRole(roleWriteModel), nil
+	return writeModelToObjectDetails(&roleWriteModel.WriteModel), nil
 }
 
-func (c *Commands) BulkAddProjectRole(ctx context.Context, projectID, resourceOwner string, projectRoles []*domain.ProjectRole) (details *domain.ObjectDetails, err error) {
-	err = c.checkProjectExists(ctx, projectID, resourceOwner)
+func (c *Commands) checkPermissionWriteProjectRole(ctx context.Context, resourceOwner, roleKey string) error {
+	return c.checkPermission(ctx, domain.PermissionProjectRoleWrite, resourceOwner, roleKey)
+}
+
+func (c *Commands) BulkAddProjectRole(ctx context.Context, projectID, resourceOwner string, projectRoles []*AddProjectRole) (details *domain.ObjectDetails, err error) {
+	projectResourceOwner, err := c.checkProjectExists(ctx, projectID, resourceOwner)
 	if err != nil {
 		return nil, err
 	}
+	for _, projectRole := range projectRoles {
+		if projectRole.ResourceOwner == "" {
+			projectRole.ResourceOwner = projectResourceOwner
+		}
+		if err := c.checkPermissionWriteProjectRole(ctx, projectRole.ResourceOwner, projectRole.Key); err != nil {
+			return nil, err
+		}
+		if projectRole.ResourceOwner != projectResourceOwner {
+			return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-9ZXtdaJKJJ", "Errors.Project.Role.Invalid")
+		}
+	}
 
 	roleWriteModel := NewProjectRoleWriteModel(projectID, resourceOwner)
-	projectAgg := ProjectAggregateFromWriteModel(&roleWriteModel.WriteModel)
+	projectAgg := ProjectAggregateFromWriteModelWithCTX(ctx, &roleWriteModel.WriteModel)
 	events, err := c.addProjectRoles(ctx, projectAgg, projectRoles...)
 	if err != nil {
 		return details, err
 	}
-
-	pushedEvents, err := c.eventstore.Push(ctx, events...)
-	if err != nil {
-		return nil, err
-	}
-	err = AppendAndReduce(roleWriteModel, pushedEvents...)
-	if err != nil {
-		return nil, err
-	}
-	return writeModelToObjectDetails(&roleWriteModel.WriteModel), nil
+	return c.pushAppendAndReduceDetails(ctx, roleWriteModel, events...)
 }
 
-func (c *Commands) addProjectRoles(ctx context.Context, projectAgg *eventstore.Aggregate, projectRoles ...*domain.ProjectRole) ([]eventstore.Command, error) {
+func (c *Commands) addProjectRoles(ctx context.Context, projectAgg *eventstore.Aggregate, projectRoles ...*AddProjectRole) ([]eventstore.Command, error) {
 	var events []eventstore.Command
 	for _, projectRole := range projectRoles {
-		projectRole.AggregateID = projectAgg.ID
+		if projectRole.ResourceOwner != projectAgg.ResourceOwner {
+			return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-4Q2WjlbHvc", "Errors.Project.Role.Invalid")
+		}
 		if !projectRole.IsValid() {
 			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.Role.Invalid")
 		}
@@ -81,42 +112,55 @@ func (c *Commands) addProjectRoles(ctx context.Context, projectAgg *eventstore.A
 	return events, nil
 }
 
-func (c *Commands) ChangeProjectRole(ctx context.Context, projectRole *domain.ProjectRole, resourceOwner string) (_ *domain.ProjectRole, err error) {
+type ChangeProjectRole struct {
+	models.ObjectRoot
+
+	Key         string
+	DisplayName string
+	Group       string
+}
+
+func (p *ChangeProjectRole) IsValid() bool {
+	return p.AggregateID != "" && p.Key != ""
+}
+
+func (c *Commands) ChangeProjectRole(ctx context.Context, projectRole *ChangeProjectRole) (_ *domain.ObjectDetails, err error) {
 	if !projectRole.IsValid() {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-2ilfW", "Errors.Project.Invalid")
 	}
-	err = c.checkProjectExists(ctx, projectRole.AggregateID, resourceOwner)
+	projectResourceOwner, err := c.checkProjectExists(ctx, projectRole.AggregateID, projectRole.ResourceOwner)
 	if err != nil {
 		return nil, err
 	}
+	if projectRole.ResourceOwner == "" {
+		projectRole.ResourceOwner = projectResourceOwner
+	}
+	if err := c.checkPermissionWriteProjectRole(ctx, projectRole.ResourceOwner, projectRole.Key); err != nil {
+		return nil, err
+	}
 
-	existingRole, err := c.getProjectRoleWriteModelByID(ctx, projectRole.Key, projectRole.AggregateID, resourceOwner)
+	existingRole, err := c.getProjectRoleWriteModelByID(ctx, projectRole.Key, projectRole.AggregateID, projectRole.ResourceOwner)
 	if err != nil {
 		return nil, err
 	}
-	if existingRole.State == domain.ProjectRoleStateUnspecified || existingRole.State == domain.ProjectRoleStateRemoved {
+	if !existingRole.State.Exists() {
 		return nil, zerrors.ThrowNotFound(nil, "COMMAND-vv8M9", "Errors.Project.Role.NotExisting")
 	}
+	if existingRole.ResourceOwner != projectResourceOwner {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-3MizLWveMf", "Errors.Project.Role.Invalid")
+	}
 
-	projectAgg := ProjectAggregateFromWriteModel(&existingRole.WriteModel)
+	projectAgg := ProjectAggregateFromWriteModelWithCTX(ctx, &existingRole.WriteModel)
 
 	changeEvent, changed, err := existingRole.NewProjectRoleChangedEvent(ctx, projectAgg, projectRole.Key, projectRole.DisplayName, projectRole.Group)
 	if err != nil {
 		return nil, err
 	}
 	if !changed {
-		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5M0cs", "Errors.NoChangesFound")
+		return writeModelToObjectDetails(&existingRole.WriteModel), nil
 	}
 
-	pushedEvents, err := c.eventstore.Push(ctx, changeEvent)
-	if err != nil {
-		return nil, err
-	}
-	err = AppendAndReduce(existingRole, pushedEvents...)
-	if err != nil {
-		return nil, err
-	}
-	return roleWriteModelToRole(existingRole), nil
+	return c.pushAppendAndReduceDetails(ctx, existingRole, changeEvent)
 }
 
 func (c *Commands) RemoveProjectRole(ctx context.Context, projectID, key, resourceOwner string, cascadingProjectGrantIds []string, cascadeUserGrantIDs ...string) (details *domain.ObjectDetails, err error) {
@@ -127,10 +171,14 @@ func (c *Commands) RemoveProjectRole(ctx context.Context, projectID, key, resour
 	if err != nil {
 		return details, err
 	}
-	if existingRole.State == domain.ProjectRoleStateUnspecified || existingRole.State == domain.ProjectRoleStateRemoved {
-		return details, zerrors.ThrowNotFound(nil, "COMMAND-m9vMf", "Errors.Project.Role.NotExisting")
+	// return if project role is not existing
+	if !existingRole.State.Exists() {
+		return writeModelToObjectDetails(&existingRole.WriteModel), nil
 	}
-	projectAgg := ProjectAggregateFromWriteModel(&existingRole.WriteModel)
+	if err := c.checkPermissionDeleteProjectRole(ctx, existingRole.ResourceOwner, existingRole.Key); err != nil {
+		return nil, err
+	}
+	projectAgg := ProjectAggregateFromWriteModelWithCTX(ctx, &existingRole.WriteModel)
 	events := []eventstore.Command{
 		project.NewRoleRemovedEvent(ctx, projectAgg, key),
 	}
@@ -153,15 +201,11 @@ func (c *Commands) RemoveProjectRole(ctx context.Context, projectID, key, resour
 		events = append(events, event)
 	}
 
-	pushedEvents, err := c.eventstore.Push(ctx, events...)
-	if err != nil {
-		return nil, err
-	}
-	err = AppendAndReduce(existingRole, pushedEvents...)
-	if err != nil {
-		return nil, err
-	}
-	return writeModelToObjectDetails(&existingRole.WriteModel), nil
+	return c.pushAppendAndReduceDetails(ctx, existingRole, events...)
+}
+
+func (c *Commands) checkPermissionDeleteProjectRole(ctx context.Context, resourceOwner, roleKey string) error {
+	return c.checkPermission(ctx, domain.PermissionProjectRoleDelete, resourceOwner, roleKey)
 }
 
 func (c *Commands) getProjectRoleWriteModelByID(ctx context.Context, key, projectID, resourceOwner string) (*ProjectRoleWriteModel, error) {
diff --git a/internal/command/project_role_model.go b/internal/command/project_role_model.go
index 641879f238..3fc9a6c814 100644
--- a/internal/command/project_role_model.go
+++ b/internal/command/project_role_model.go
@@ -17,6 +17,10 @@ type ProjectRoleWriteModel struct {
 	State       domain.ProjectRoleState
 }
 
+func (wm *ProjectRoleWriteModel) GetWriteModel() *eventstore.WriteModel {
+	return &wm.WriteModel
+}
+
 func NewProjectRoleWriteModelWithKey(key, projectID, resourceOwner string) *ProjectRoleWriteModel {
 	return &ProjectRoleWriteModel{
 		WriteModel: eventstore.WriteModel{
diff --git a/internal/command/project_role_test.go b/internal/command/project_role_test.go
index 2dc7ee35a6..14db198270 100644
--- a/internal/command/project_role_test.go
+++ b/internal/command/project_role_test.go
@@ -16,15 +16,15 @@ import (
 
 func TestCommandSide_AddProjectRole(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
-		ctx           context.Context
-		role          *domain.ProjectRole
-		resourceOwner string
+		ctx  context.Context
+		role *AddProjectRole
 	}
 	type res struct {
-		want *domain.ProjectRole
+		want *domain.ObjectDetails
 		err  func(error) bool
 	}
 	tests := []struct {
@@ -36,8 +36,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 		{
 			name: "project not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -55,16 +54,16 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				role: &domain.ProjectRole{
+				role: &AddProjectRole{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
 					Key: "key1",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
@@ -73,8 +72,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 		{
 			name: "invalid role, error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -85,15 +83,15 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				role: &domain.ProjectRole{
+				role: &AddProjectRole{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
@@ -102,8 +100,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 		{
 			name: "role key already exists, already exists error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -123,10 +120,11 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				role: &domain.ProjectRole{
+				role: &AddProjectRole{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
@@ -134,7 +132,6 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 					DisplayName: "key",
 					Group:       "group",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsErrorAlreadyExists,
@@ -143,8 +140,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 		{
 			name: "add role,ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -164,10 +160,11 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				role: &domain.ProjectRole{
+				role: &AddProjectRole{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
@@ -175,10 +172,41 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 					DisplayName: "key",
 					Group:       "group",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
-				want: &domain.ProjectRole{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "add role, resourceowner, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"projectname1", true, true, true,
+								domain.PrivateLabelingSettingUnspecified,
+							),
+						),
+					),
+					expectPush(
+						project.NewRoleAddedEvent(
+							context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"key1",
+							"key",
+							"group",
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx: context.Background(),
+				role: &AddProjectRole{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID:   "project1",
 						ResourceOwner: "org1",
@@ -188,14 +216,20 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 					Group:       "group",
 				},
 			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
 			}
-			got, err := r.AddProjectRole(tt.args.ctx, tt.args.role, tt.args.resourceOwner)
+			got, err := r.AddProjectRole(tt.args.ctx, tt.args.role)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -203,7 +237,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 				t.Errorf("got wrong err: %v ", err)
 			}
 			if tt.res.err == nil {
-				assert.Equal(t, tt.res.want, got)
+				assertObjectDetails(t, tt.res.want, got)
 			}
 		})
 	}
@@ -211,11 +245,12 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
 
 func TestCommandSide_BulkAddProjectRole(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
 		ctx           context.Context
-		roles         []*domain.ProjectRole
+		roles         []*AddProjectRole
 		projectID     string
 		resourceOwner string
 	}
@@ -232,8 +267,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
 		{
 			name: "project not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -251,10 +285,11 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				roles: []*domain.ProjectRole{
+				roles: []*AddProjectRole{
 					{
 						ObjectRoot: models.ObjectRoot{
 							AggregateID: "project1",
@@ -271,8 +306,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
 		{
 			name: "invalid role, error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -283,10 +317,11 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				roles: []*domain.ProjectRole{
+				roles: []*AddProjectRole{
 					{
 						ObjectRoot: models.ObjectRoot{},
 					},
@@ -304,8 +339,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
 		{
 			name: "role key already exists, already exists error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -332,16 +366,23 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				roles: []*domain.ProjectRole{
+				roles: []*AddProjectRole{
 					{
+						ObjectRoot: models.ObjectRoot{
+							AggregateID: "project1",
+						},
 						Key:         "key1",
 						DisplayName: "key",
 						Group:       "group",
 					},
 					{
+						ObjectRoot: models.ObjectRoot{
+							AggregateID: "project1",
+						},
 						Key:         "key2",
 						DisplayName: "key2",
 						Group:       "group",
@@ -357,8 +398,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
 		{
 			name: "add roles,ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -385,16 +425,23 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				roles: []*domain.ProjectRole{
+				roles: []*AddProjectRole{
 					{
+						ObjectRoot: models.ObjectRoot{
+							AggregateID: "project1",
+						},
 						Key:         "key1",
 						DisplayName: "key",
 						Group:       "group",
 					},
 					{
+						ObjectRoot: models.ObjectRoot{
+							AggregateID: "project1",
+						},
 						Key:         "key2",
 						DisplayName: "key2",
 						Group:       "group",
@@ -413,7 +460,8 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
 			}
 			got, err := r.BulkAddProjectRole(tt.args.ctx, tt.args.projectID, tt.args.resourceOwner, tt.args.roles)
 			if tt.res.err == nil {
@@ -431,15 +479,15 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
 
 func TestCommandSide_ChangeProjectRole(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
-		ctx           context.Context
-		role          *domain.ProjectRole
-		resourceOwner string
+		ctx  context.Context
+		role *ChangeProjectRole
 	}
 	type res struct {
-		want *domain.ProjectRole
+		want *domain.ObjectDetails
 		err  func(error) bool
 	}
 	tests := []struct {
@@ -451,18 +499,16 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 		{
 			name: "invalid role, error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				role: &domain.ProjectRole{
+				role: &ChangeProjectRole{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
@@ -471,8 +517,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 		{
 			name: "project not existing, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -490,16 +535,16 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				role: &domain.ProjectRole{
+				role: &ChangeProjectRole{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
 					Key: "key1",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
@@ -508,8 +553,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 		{
 			name: "role removed, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -536,10 +580,11 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				role: &domain.ProjectRole{
+				role: &ChangeProjectRole{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
@@ -547,7 +592,6 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 					DisplayName: "key",
 					Group:       "group",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsNotFound,
@@ -556,8 +600,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 		{
 			name: "role not changed, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -578,10 +621,11 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				role: &domain.ProjectRole{
+				role: &ChangeProjectRole{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
@@ -589,17 +633,17 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 					DisplayName: "key",
 					Group:       "group",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
-				err: zerrors.IsPreconditionFailed,
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
 			},
 		},
 		{
 			name: "role changed, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -623,10 +667,11 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 						newRoleChangedEvent(context.Background(), "project1", "org1", "key1", "keychanged", "groupchanged"),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				role: &domain.ProjectRole{
+				role: &ChangeProjectRole{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
@@ -634,17 +679,10 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 					DisplayName: "keychanged",
 					Group:       "groupchanged",
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
-				want: &domain.ProjectRole{
-					ObjectRoot: models.ObjectRoot{
-						AggregateID:   "project1",
-						ResourceOwner: "org1",
-					},
-					Key:         "key1",
-					DisplayName: "keychanged",
-					Group:       "groupchanged",
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
 				},
 			},
 		},
@@ -652,9 +690,10 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
 			}
-			got, err := r.ChangeProjectRole(tt.args.ctx, tt.args.role, tt.args.resourceOwner)
+			got, err := r.ChangeProjectRole(tt.args.ctx, tt.args.role)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -662,7 +701,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 				t.Errorf("got wrong err: %v ", err)
 			}
 			if tt.res.err == nil {
-				assert.Equal(t, tt.res.want, got)
+				assertObjectDetails(t, tt.res.want, got)
 			}
 		})
 	}
@@ -670,7 +709,8 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
 
 func TestCommandSide_RemoveProjectRole(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
 		ctx                      context.Context
@@ -693,9 +733,8 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 		{
 			name: "invalid projectid, error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -709,9 +748,8 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 		{
 			name: "invalid key, error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -726,10 +764,10 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 		{
 			name: "role not existing, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -738,14 +776,15 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 				resourceOwner: "org1",
 			},
 			res: res{
-				err: zerrors.IsNotFound,
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
 			},
 		},
 		{
 			name: "role removed, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewRoleAddedEvent(context.Background(),
@@ -763,6 +802,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -771,14 +811,15 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 				resourceOwner: "org1",
 			},
 			res: res{
-				err: zerrors.IsNotFound,
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
 			},
 		},
 		{
 			name: "role removed, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewRoleAddedEvent(context.Background(),
@@ -796,6 +837,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -812,8 +854,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 		{
 			name: "role removed with cascadingProjectGrantids, grant not found, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewRoleAddedEvent(context.Background(),
@@ -832,6 +873,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:                      context.Background(),
@@ -849,8 +891,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 		{
 			name: "role removed with cascadingProjectGrantids, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewRoleAddedEvent(context.Background(),
@@ -883,6 +924,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:                      context.Background(),
@@ -900,8 +942,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 		{
 			name: "role removed with cascadingUserGrantIDs, grant not found, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewRoleAddedEvent(context.Background(),
@@ -920,6 +961,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:                   context.Background(),
@@ -937,8 +979,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 		{
 			name: "role removed with cascadingUserGrantIDs, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewRoleAddedEvent(context.Background(),
@@ -969,6 +1010,7 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:                   context.Background(),
@@ -987,7 +1029,8 @@ func TestCommandSide_RemoveProjectRole(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
 			}
 			got, err := r.RemoveProjectRole(tt.args.ctx, tt.args.projectID, tt.args.key, tt.args.resourceOwner, tt.args.cascadingProjectGrantIDs, tt.args.cascadingUserGrantIDs...)
 			if tt.res.err == nil {
diff --git a/internal/command/project_test.go b/internal/command/project_test.go
index 842e1aa640..6c03420f6b 100644
--- a/internal/command/project_test.go
+++ b/internal/command/project_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"testing"
 
+	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -18,16 +19,16 @@ import (
 
 func TestCommandSide_AddProject(t *testing.T) {
 	type fields struct {
-		eventstore  *eventstore.Eventstore
-		idGenerator id.Generator
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		idGenerator     id.Generator
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
-		ctx           context.Context
-		project       *domain.Project
-		resourceOwner string
+		ctx     context.Context
+		project *AddProject
 	}
 	type res struct {
-		want *domain.Project
+		want *domain.ObjectDetails
 		err  func(error) bool
 	}
 	tests := []struct {
@@ -39,14 +40,14 @@ func TestCommandSide_AddProject(t *testing.T) {
 		{
 			name: "invalid project, error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
-				ctx:           authz.WithInstanceID(context.Background(), "instanceID"),
-				project:       &domain.Project{},
-				resourceOwner: "org1",
+				ctx: authz.WithInstanceID(context.Background(), "instanceID"),
+				project: &AddProject{
+					ObjectRoot: models.ObjectRoot{ResourceOwner: "org1"},
+				},
 			},
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
@@ -55,62 +56,51 @@ func TestCommandSide_AddProject(t *testing.T) {
 		{
 			name: "project, resourceowner empty",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "instanceID"),
-				project: &domain.Project{
+				project: &AddProject{
+					ObjectRoot:             models.ObjectRoot{ResourceOwner: ""},
 					Name:                   "project",
 					ProjectRoleAssertion:   true,
 					ProjectRoleCheck:       true,
 					HasProjectCheck:        true,
 					PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
 				},
-				resourceOwner: "",
 			},
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
 			},
 		},
 		{
-			name: "project, error already exists",
+			name: "project, no permission",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
-					expectPushFailed(zerrors.ThrowAlreadyExists(nil, "ERROR", "internl"),
-						project.NewProjectAddedEvent(
-							context.Background(),
-							&project.NewAggregate("project1", "org1").Aggregate,
-							"project", true, true, true,
-							domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
-						),
-					),
 				),
-				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "project1"),
+				checkPermission: newMockPermissionCheckNotAllowed(),
 			},
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "instanceID"),
-				project: &domain.Project{
+				project: &AddProject{
+					ObjectRoot:             models.ObjectRoot{AggregateID: "project1", ResourceOwner: "org1"},
 					Name:                   "project",
 					ProjectRoleAssertion:   true,
 					ProjectRoleCheck:       true,
 					HasProjectCheck:        true,
 					PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
-				err: zerrors.IsErrorAlreadyExists,
+				err: zerrors.IsPermissionDenied,
 			},
 		},
 		{
 			name: "project, already exists",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -120,18 +110,19 @@ func TestCommandSide_AddProject(t *testing.T) {
 						),
 					),
 				),
-				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "project1"),
+				checkPermission: newMockPermissionCheckAllowed(),
+				idGenerator:     id_mock.NewIDGeneratorExpectIDs(t, "project1"),
 			},
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "instanceID"),
-				project: &domain.Project{
+				project: &AddProject{
+					ObjectRoot:             models.ObjectRoot{ResourceOwner: "org1"},
 					Name:                   "project",
 					ProjectRoleAssertion:   true,
 					ProjectRoleCheck:       true,
 					HasProjectCheck:        true,
 					PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
 				err: zerrors.IsErrorAlreadyExists,
@@ -140,8 +131,7 @@ func TestCommandSide_AddProject(t *testing.T) {
 		{
 			name: "project, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
 					expectPush(
 						project.NewProjectAddedEvent(
@@ -152,25 +142,46 @@ func TestCommandSide_AddProject(t *testing.T) {
 						),
 					),
 				),
-				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "project1"),
+				checkPermission: newMockPermissionCheckAllowed(),
+				idGenerator:     id_mock.NewIDGeneratorExpectIDs(t, "project1"),
 			},
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "instanceID"),
-				project: &domain.Project{
+				project: &AddProject{
+					ObjectRoot:             models.ObjectRoot{ResourceOwner: "org1"},
 					Name:                   "project",
 					ProjectRoleAssertion:   true,
 					ProjectRoleCheck:       true,
 					HasProjectCheck:        true,
 					PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
 				},
-				resourceOwner: "org1",
 			},
 			res: res{
-				want: &domain.Project{
-					ObjectRoot: models.ObjectRoot{
-						ResourceOwner: "org1",
-						AggregateID:   "project1",
-					},
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "project, with id, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(),
+					expectPush(
+						project.NewProjectAddedEvent(
+							context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"project", true, true, true,
+							domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx: authz.WithInstanceID(context.Background(), "instanceID"),
+				project: &AddProject{
+					ObjectRoot:             models.ObjectRoot{AggregateID: "project1", ResourceOwner: "org1"},
 					Name:                   "project",
 					ProjectRoleAssertion:   true,
 					ProjectRoleCheck:       true,
@@ -178,16 +189,22 @@ func TestCommandSide_AddProject(t *testing.T) {
 					PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
 				},
 			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			c := &Commands{
-				eventstore:  tt.fields.eventstore,
-				idGenerator: tt.fields.idGenerator,
+				eventstore:      tt.fields.eventstore(t),
+				idGenerator:     tt.fields.idGenerator,
+				checkPermission: tt.fields.checkPermission,
 			}
 			c.setMilestonesCompletedForTest("instanceID")
-			got, err := c.AddProject(tt.args.ctx, tt.args.project, tt.args.resourceOwner)
+			got, err := c.AddProject(tt.args.ctx, tt.args.project)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -195,7 +212,8 @@ func TestCommandSide_AddProject(t *testing.T) {
 				t.Errorf("got wrong err: %v ", err)
 			}
 			if tt.res.err == nil {
-				assert.Equal(t, tt.res.want, got)
+				assert.NotEmpty(t, got.ID)
+				assertObjectDetails(t, tt.res.want, got)
 			}
 		})
 	}
@@ -203,15 +221,16 @@ func TestCommandSide_AddProject(t *testing.T) {
 
 func TestCommandSide_ChangeProject(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
 		ctx           context.Context
-		project       *domain.Project
+		project       *ChangeProject
 		resourceOwner string
 	}
 	type res struct {
-		want *domain.Project
+		want *domain.ObjectDetails
 		err  func(error) bool
 	}
 	tests := []struct {
@@ -223,16 +242,16 @@ func TestCommandSide_ChangeProject(t *testing.T) {
 		{
 			name: "invalid project, invalid error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				project: &domain.Project{
+				project: &ChangeProject{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
+					Name: gu.Ptr(""),
 				},
 				resourceOwner: "org1",
 			},
@@ -243,14 +262,13 @@ func TestCommandSide_ChangeProject(t *testing.T) {
 		{
 			name: "invalid project empty aggregateid, invalid error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				project: &domain.Project{
-					Name: "project",
+				project: &ChangeProject{
+					Name: gu.Ptr("project"),
 				},
 				resourceOwner: "org1",
 			},
@@ -261,18 +279,18 @@ func TestCommandSide_ChangeProject(t *testing.T) {
 		{
 			name: "project not existing, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				project: &domain.Project{
+				project: &ChangeProject{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
-					Name: "project change",
+					Name: gu.Ptr("project change"),
 				},
 				resourceOwner: "org1",
 			},
@@ -283,8 +301,7 @@ func TestCommandSide_ChangeProject(t *testing.T) {
 		{
 			name: "project removed, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -300,14 +317,15 @@ func TestCommandSide_ChangeProject(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				project: &domain.Project{
+				project: &ChangeProject{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
-					Name: "project change",
+					Name: gu.Ptr("project change"),
 				},
 				resourceOwner: "org1",
 			},
@@ -316,10 +334,9 @@ func TestCommandSide_ChangeProject(t *testing.T) {
 			},
 		},
 		{
-			name: "no changes, precondition error",
+			name: "no changes, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -329,30 +346,65 @@ func TestCommandSide_ChangeProject(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				project: &domain.Project{
+				project: &ChangeProject{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
-					Name:                   "project",
-					ProjectRoleAssertion:   true,
-					ProjectRoleCheck:       true,
-					HasProjectCheck:        true,
-					PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
+					Name:                   gu.Ptr("project"),
+					ProjectRoleAssertion:   gu.Ptr(true),
+					ProjectRoleCheck:       gu.Ptr(true),
+					HasProjectCheck:        gu.Ptr(true),
+					PrivateLabelingSetting: gu.Ptr(domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
 				},
 				resourceOwner: "org1",
 			},
 			res: res{
-				err: zerrors.IsPreconditionFailed,
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "no changes, no permission",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckNotAllowed(),
+			},
+			args: args{
+				ctx: context.Background(),
+				project: &ChangeProject{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID: "project1",
+					},
+					Name:                   gu.Ptr("project"),
+					ProjectRoleAssertion:   gu.Ptr(true),
+					ProjectRoleCheck:       gu.Ptr(true),
+					HasProjectCheck:        gu.Ptr(true),
+					PrivateLabelingSetting: gu.Ptr(domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
+				},
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: zerrors.IsPermissionDenied,
 			},
 		},
 		{
 			name: "project change with name and unique constraints, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -374,40 +426,32 @@ func TestCommandSide_ChangeProject(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				project: &domain.Project{
+				project: &ChangeProject{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
-					Name:                   "project-new",
-					ProjectRoleAssertion:   false,
-					ProjectRoleCheck:       false,
-					HasProjectCheck:        false,
-					PrivateLabelingSetting: domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy,
+					Name:                   gu.Ptr("project-new"),
+					ProjectRoleAssertion:   gu.Ptr(false),
+					ProjectRoleCheck:       gu.Ptr(false),
+					HasProjectCheck:        gu.Ptr(false),
+					PrivateLabelingSetting: gu.Ptr(domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy),
 				},
 				resourceOwner: "org1",
 			},
 			res: res{
-				want: &domain.Project{
-					ObjectRoot: models.ObjectRoot{
-						AggregateID:   "project1",
-						ResourceOwner: "org1",
-					},
-					Name:                   "project-new",
-					ProjectRoleAssertion:   false,
-					ProjectRoleCheck:       false,
-					HasProjectCheck:        false,
-					PrivateLabelingSetting: domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy,
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
 				},
 			},
 		},
 		{
 			name: "project change without name and unique constraints, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -429,32 +473,25 @@ func TestCommandSide_ChangeProject(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx: context.Background(),
-				project: &domain.Project{
+				project: &ChangeProject{
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
-					Name:                   "project",
-					ProjectRoleAssertion:   false,
-					ProjectRoleCheck:       false,
-					HasProjectCheck:        false,
-					PrivateLabelingSetting: domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy,
+					Name:                   gu.Ptr("project"),
+					ProjectRoleAssertion:   gu.Ptr(false),
+					ProjectRoleCheck:       gu.Ptr(false),
+					HasProjectCheck:        gu.Ptr(false),
+					PrivateLabelingSetting: gu.Ptr(domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy),
 				},
 				resourceOwner: "org1",
 			},
 			res: res{
-				want: &domain.Project{
-					ObjectRoot: models.ObjectRoot{
-						AggregateID:   "project1",
-						ResourceOwner: "org1",
-					},
-					Name:                   "project",
-					ProjectRoleAssertion:   false,
-					ProjectRoleCheck:       false,
-					HasProjectCheck:        false,
-					PrivateLabelingSetting: domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy,
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
 				},
 			},
 		},
@@ -462,9 +499,10 @@ func TestCommandSide_ChangeProject(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
 			}
-			got, err := r.ChangeProject(tt.args.ctx, tt.args.project, tt.args.resourceOwner)
+			got, err := r.ChangeProject(tt.args.ctx, tt.args.project)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -472,7 +510,7 @@ func TestCommandSide_ChangeProject(t *testing.T) {
 				t.Errorf("got wrong err: %v ", err)
 			}
 			if tt.res.err == nil {
-				assert.Equal(t, tt.res.want, got)
+				assertObjectDetails(t, tt.res.want, got)
 			}
 		})
 	}
@@ -480,7 +518,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
 
 func TestCommandSide_DeactivateProject(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
 		ctx           context.Context
@@ -500,9 +539,8 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
 		{
 			name: "invalid project id, invalid error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -513,29 +551,13 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
 				err: zerrors.IsErrorInvalidArgument,
 			},
 		},
-		{
-			name: "invalid resourceowner, invalid error",
-			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
-			},
-			args: args{
-				ctx:           context.Background(),
-				projectID:     "project1",
-				resourceOwner: "",
-			},
-			res: res{
-				err: zerrors.IsErrorInvalidArgument,
-			},
-		},
 		{
 			name: "project not existing, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -549,8 +571,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
 		{
 			name: "project removed, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -566,6 +587,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -579,8 +601,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
 		{
 			name: "project already inactive, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -594,6 +615,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -605,10 +627,9 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
 			},
 		},
 		{
-			name: "project deactivate, ok",
+			name: "project deactivate,no resourceOwner, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -622,6 +643,61 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
 							&project.NewAggregate("project1", "org1").Aggregate),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				resourceOwner: "",
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "project deactivate, no permission",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckNotAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: zerrors.IsPermissionDenied,
+			},
+		},
+		{
+			name: "project deactivate, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
+						),
+					),
+					expectPush(
+						project.NewProjectDeactivatedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -638,7 +714,8 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
 			}
 			got, err := r.DeactivateProject(tt.args.ctx, tt.args.projectID, tt.args.resourceOwner)
 			if tt.res.err == nil {
@@ -656,7 +733,8 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
 
 func TestCommandSide_ReactivateProject(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
 		ctx           context.Context
@@ -676,9 +754,8 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
 		{
 			name: "invalid project id, invalid error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -689,29 +766,13 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
 				err: zerrors.IsErrorInvalidArgument,
 			},
 		},
-		{
-			name: "invalid resourceowner, invalid error",
-			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
-			},
-			args: args{
-				ctx:           context.Background(),
-				projectID:     "project1",
-				resourceOwner: "",
-			},
-			res: res{
-				err: zerrors.IsErrorInvalidArgument,
-			},
-		},
 		{
 			name: "project not existing, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -725,8 +786,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
 		{
 			name: "project removed, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -742,6 +802,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -755,8 +816,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
 		{
 			name: "project not inactive, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -766,6 +826,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -777,10 +838,9 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
 			},
 		},
 		{
-			name: "project reactivate, ok",
+			name: "project reactivate, no resourceOwner, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -798,6 +858,69 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
 							&project.NewAggregate("project1", "org1").Aggregate),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				resourceOwner: "",
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "project reactivate, no permission",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
+						),
+						eventFromEventPusher(
+							project.NewProjectDeactivatedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate),
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckNotAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: zerrors.IsPermissionDenied,
+			},
+		},
+		{
+			name: "project reactivate, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
+						),
+						eventFromEventPusher(
+							project.NewProjectDeactivatedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate),
+						),
+					),
+					expectPush(
+						project.NewProjectReactivatedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -814,7 +937,8 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
 			}
 			got, err := r.ReactivateProject(tt.args.ctx, tt.args.projectID, tt.args.resourceOwner)
 			if tt.res.err == nil {
@@ -832,7 +956,8 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
 
 func TestCommandSide_RemoveProject(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
 	}
 	type args struct {
 		ctx           context.Context
@@ -852,9 +977,8 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 		{
 			name: "invalid project id, invalid error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -868,9 +992,8 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 		{
 			name: "invalid resourceowner, invalid error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -884,10 +1007,10 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 		{
 			name: "project not existing, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -901,8 +1024,7 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 		{
 			name: "project removed, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -918,6 +1040,7 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -931,8 +1054,7 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 		{
 			name: "project remove, without entityConstraints, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -950,6 +1072,7 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 							nil),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -965,8 +1088,7 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 		{
 			name: "project remove, with entityConstraints, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -1003,6 +1125,7 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1018,8 +1141,7 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 		{
 			name: "project remove, with multiple entityConstraints, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewProjectAddedEvent(context.Background(),
@@ -1090,6 +1212,7 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 						),
 					),
 				),
+				checkPermission: newMockPermissionCheckAllowed(),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -1106,7 +1229,8 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
 			}
 			got, err := r.RemoveProject(tt.args.ctx, tt.args.projectID, tt.args.resourceOwner)
 			if tt.res.err == nil {
@@ -1122,6 +1246,328 @@ func TestCommandSide_RemoveProject(t *testing.T) {
 	}
 }
 
+func TestCommandSide_DeleteProject(t *testing.T) {
+	type fields struct {
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
+	}
+	type args struct {
+		ctx           context.Context
+		projectID     string
+		resourceOwner string
+	}
+	type res struct {
+		err func(error) bool
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		res    res
+	}{
+		{
+			name: "invalid project id, invalid error",
+			fields: fields{
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "",
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: zerrors.IsErrorInvalidArgument,
+			},
+		},
+		{
+			name: "project not existing, not found error",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: nil,
+			},
+		},
+		{
+			name: "project removed, not found error",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
+						),
+						eventFromEventPusher(
+							project.NewProjectRemovedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project",
+								nil),
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: nil,
+			},
+		}, {
+			name: "project remove, no resourceOwner, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
+						),
+					),
+					// no saml application events
+					expectFilter(),
+					expectPush(
+						project.NewProjectRemovedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"project",
+							nil),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				resourceOwner: "",
+			},
+			res: res{
+				err: nil,
+			},
+		},
+		{
+			name: "project remove, no permission",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckNotAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				resourceOwner: "",
+			},
+			res: res{
+				err: zerrors.IsPermissionDenied,
+			},
+		},
+		{
+			name: "project remove, without entityConstraints, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
+						),
+					),
+					// no saml application events
+					expectFilter(),
+					expectPush(
+						project.NewProjectRemovedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"project",
+							nil),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: nil,
+			},
+		},
+		{
+			name: "project remove, with entityConstraints, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
+						),
+					),
+					expectFilter(
+						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"app1",
+							"app",
+						)),
+						eventFromEventPusher(
+							project.NewSAMLConfigAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"app1",
+								"https://test.com/saml/metadata",
+								[]byte("<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n                     validUntil=\"2022-08-26T14:08:16Z\"\n                     cacheDuration=\"PT604800S\"\n                     entityID=\"https://test.com/saml/metadata\">\n    <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>\n        <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                                     Location=\"https://test.com/saml/acs\"\n                                     index=\"1\" />\n        \n    </md:SPSSODescriptor>\n</md:EntityDescriptor>"),
+								"http://localhost:8080/saml/metadata",
+								domain.LoginVersionUnspecified,
+								"",
+							),
+						),
+					),
+					expectPush(
+						project.NewProjectRemovedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"project",
+							[]*eventstore.UniqueConstraint{
+								project.NewRemoveSAMLConfigEntityIDUniqueConstraint("https://test.com/saml/metadata"),
+							},
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: nil,
+			},
+		},
+		{
+			name: "project remove, with multiple entityConstraints, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
+						),
+					),
+					expectFilter(
+						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"app1",
+							"app",
+						)),
+						eventFromEventPusher(
+							project.NewSAMLConfigAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"app1",
+								"https://test1.com/saml/metadata",
+								[]byte("<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n                     validUntil=\"2022-08-26T14:08:16Z\"\n                     cacheDuration=\"PT604800S\"\n                     entityID=\"https://test.com/saml/metadata\">\n    <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>\n        <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                                     Location=\"https://test.com/saml/acs\"\n                                     index=\"1\" />\n        \n    </md:SPSSODescriptor>\n</md:EntityDescriptor>"),
+								"",
+								domain.LoginVersionUnspecified,
+								"",
+							),
+						),
+						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"app2",
+							"app",
+						)),
+						eventFromEventPusher(
+							project.NewSAMLConfigAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"app2",
+								"https://test2.com/saml/metadata",
+								[]byte("<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n                     validUntil=\"2022-08-26T14:08:16Z\"\n                     cacheDuration=\"PT604800S\"\n                     entityID=\"https://test.com/saml/metadata\">\n    <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>\n        <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                                     Location=\"https://test.com/saml/acs\"\n                                     index=\"1\" />\n        \n    </md:SPSSODescriptor>\n</md:EntityDescriptor>"),
+								"",
+								domain.LoginVersionUnspecified,
+								"",
+							),
+						),
+						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"app3",
+							"app",
+						)),
+						eventFromEventPusher(
+							project.NewSAMLConfigAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"app3",
+								"https://test3.com/saml/metadata",
+								[]byte("<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n                     validUntil=\"2022-08-26T14:08:16Z\"\n                     cacheDuration=\"PT604800S\"\n                     entityID=\"https://test.com/saml/metadata\">\n    <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>\n        <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                                     Location=\"https://test.com/saml/acs\"\n                                     index=\"1\" />\n        \n    </md:SPSSODescriptor>\n</md:EntityDescriptor>"),
+								"",
+								domain.LoginVersionUnspecified,
+								"",
+							),
+						),
+					),
+					expectPush(
+						project.NewProjectRemovedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"project",
+							[]*eventstore.UniqueConstraint{
+								project.NewRemoveSAMLConfigEntityIDUniqueConstraint("https://test1.com/saml/metadata"),
+								project.NewRemoveSAMLConfigEntityIDUniqueConstraint("https://test2.com/saml/metadata"),
+								project.NewRemoveSAMLConfigEntityIDUniqueConstraint("https://test3.com/saml/metadata"),
+							},
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: nil,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := &Commands{
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
+			}
+			_, err := r.DeleteProject(tt.args.ctx, tt.args.projectID, tt.args.resourceOwner)
+			if tt.res.err == nil {
+				assert.NoError(t, err)
+			}
+			if tt.res.err != nil && !tt.res.err(err) {
+				t.Errorf("got wrong err: %v ", err)
+			}
+		})
+	}
+}
+
 func newProjectChangedEvent(ctx context.Context, projectID, resourceOwner, oldName, newName string, roleAssertion, roleCheck, hasProjectCheck bool, privateLabelingSetting domain.PrivateLabelingSetting) *project.ProjectChangeEvent {
 	changes := []project.ProjectChanges{
 		project.ChangeProjectRoleAssertion(roleAssertion),
@@ -1132,12 +1578,11 @@ func newProjectChangedEvent(ctx context.Context, projectID, resourceOwner, oldNa
 	if newName != "" {
 		changes = append(changes, project.ChangeName(newName))
 	}
-	event, _ := project.NewProjectChangeEvent(ctx,
+	return project.NewProjectChangeEvent(ctx,
 		&project.NewAggregate(projectID, resourceOwner).Aggregate,
 		oldName,
 		changes,
 	)
-	return event
 }
 
 func TestAddProject(t *testing.T) {
diff --git a/internal/domain/permission.go b/internal/domain/permission.go
index 0ddf08a664..fd300f63b9 100644
--- a/internal/domain/permission.go
+++ b/internal/domain/permission.go
@@ -38,6 +38,15 @@ const (
 	PermissionOrgRead             = "org.read"
 	PermissionIDPRead             = "iam.idp.read"
 	PermissionOrgIDPRead          = "org.idp.read"
+	PermissionProjectWrite        = "project.write"
+	PermissionProjectRead         = "project.read"
+	PermissionProjectDelete       = "project.delete"
+	PermissionProjectGrantWrite   = "project.grant.write"
+	PermissionProjectGrantRead    = "project.grant.read"
+	PermissionProjectGrantDelete  = "project.grant.delete"
+	PermissionProjectRoleWrite    = "project.role.write"
+	PermissionProjectRoleRead     = "project.role.read"
+	PermissionProjectRoleDelete   = "project.role.delete"
 )
 
 // ProjectPermissionCheck is used as a check for preconditions dependent on application, project, user resourceowner and usergrants.
diff --git a/internal/domain/project_grant.go b/internal/domain/project_grant.go
index 31c6d9edbc..6376c9ed74 100644
--- a/internal/domain/project_grant.go
+++ b/internal/domain/project_grant.go
@@ -26,17 +26,12 @@ func (s ProjectGrantState) Valid() bool {
 	return s > ProjectGrantStateUnspecified && s < projectGrantStateMax
 }
 
-func (p *ProjectGrant) IsValid() bool {
-	return p.GrantedOrgID != ""
+func (s ProjectGrantState) Exists() bool {
+	return s != ProjectGrantStateUnspecified && s != ProjectGrantStateRemoved
 }
 
-func (g *ProjectGrant) HasInvalidRoles(validRoles []string) bool {
-	for _, roleKey := range g.RoleKeys {
-		if !containsRoleKey(roleKey, validRoles) {
-			return true
-		}
-	}
-	return false
+func (p *ProjectGrant) IsValid() bool {
+	return p.GrantedOrgID != ""
 }
 
 func GetRemovedRoles(existingRoles, newRoles []string) []string {
diff --git a/internal/domain/project_role.go b/internal/domain/project_role.go
index e6c782bad1..c3593a1517 100644
--- a/internal/domain/project_role.go
+++ b/internal/domain/project_role.go
@@ -20,14 +20,23 @@ const (
 	ProjectRoleStateRemoved
 )
 
-func NewProjectRole(projectID, key string) *ProjectRole {
-	return &ProjectRole{ObjectRoot: models.ObjectRoot{AggregateID: projectID}, Key: key}
+func (s ProjectRoleState) Exists() bool {
+	return s != ProjectRoleStateUnspecified && s != ProjectRoleStateRemoved
 }
 
 func (p *ProjectRole) IsValid() bool {
 	return p.AggregateID != "" && p.Key != ""
 }
 
+func HasInvalidRoles(validRoles, roles []string) bool {
+	for _, roleKey := range roles {
+		if !containsRoleKey(roleKey, validRoles) {
+			return true
+		}
+	}
+	return false
+}
+
 func containsRoleKey(roleKey string, validRoles []string) bool {
 	for _, validRole := range validRoles {
 		if roleKey == validRole {
diff --git a/internal/integration/client.go b/internal/integration/client.go
index 61645cc067..3efd682ee1 100644
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -34,6 +34,7 @@ import (
 	oidc_pb_v2beta "github.com/zitadel/zitadel/pkg/grpc/oidc/v2beta"
 	"github.com/zitadel/zitadel/pkg/grpc/org/v2"
 	org_v2beta "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
+	project_v2beta "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
 	user_v3alpha "github.com/zitadel/zitadel/pkg/grpc/resources/user/v3alpha"
 	userschema_v3alpha "github.com/zitadel/zitadel/pkg/grpc/resources/userschema/v3alpha"
 	saml_pb "github.com/zitadel/zitadel/pkg/grpc/saml/v2"
@@ -71,6 +72,7 @@ type Client struct {
 	UserV3Alpha    user_v3alpha.ZITADELUsersClient
 	SAMLv2         saml_pb.SAMLServiceClient
 	SCIM           *scim.Client
+	Projectv2Beta  project_v2beta.ProjectServiceClient
 	InstanceV2Beta instance.InstanceServiceClient
 }
 
@@ -109,6 +111,7 @@ func newClient(ctx context.Context, target string) (*Client, error) {
 		UserV3Alpha:    user_v3alpha.NewZITADELUsersClient(cc),
 		SAMLv2:         saml_pb.NewSAMLServiceClient(cc),
 		SCIM:           scim.NewScimClient(target),
+		Projectv2Beta:  project_v2beta.NewProjectServiceClient(cc),
 		InstanceV2Beta: instance.NewInstanceServiceClient(cc),
 	}
 	return client, client.pollHealth(ctx)
@@ -446,6 +449,70 @@ func (i *Instance) SetUserPassword(ctx context.Context, userID, password string,
 	return resp.GetDetails()
 }
 
+func (i *Instance) CreateProject(ctx context.Context, t *testing.T, orgID, name string, projectRoleCheck, hasProjectCheck bool) *project_v2beta.CreateProjectResponse {
+	if orgID == "" {
+		orgID = i.DefaultOrg.GetId()
+	}
+
+	resp, err := i.Client.Projectv2Beta.CreateProject(ctx, &project_v2beta.CreateProjectRequest{
+		OrganizationId:        orgID,
+		Name:                  name,
+		AuthorizationRequired: projectRoleCheck,
+		ProjectAccessRequired: hasProjectCheck,
+	})
+	require.NoError(t, err)
+	return resp
+}
+
+func (i *Instance) DeleteProject(ctx context.Context, t *testing.T, projectID string) *project_v2beta.DeleteProjectResponse {
+	resp, err := i.Client.Projectv2Beta.DeleteProject(ctx, &project_v2beta.DeleteProjectRequest{
+		Id: projectID,
+	})
+	require.NoError(t, err)
+	return resp
+}
+
+func (i *Instance) DeactivateProject(ctx context.Context, t *testing.T, projectID string) *project_v2beta.DeactivateProjectResponse {
+	resp, err := i.Client.Projectv2Beta.DeactivateProject(ctx, &project_v2beta.DeactivateProjectRequest{
+		Id: projectID,
+	})
+	require.NoError(t, err)
+	return resp
+}
+
+func (i *Instance) ActivateProject(ctx context.Context, t *testing.T, projectID string) *project_v2beta.ActivateProjectResponse {
+	resp, err := i.Client.Projectv2Beta.ActivateProject(ctx, &project_v2beta.ActivateProjectRequest{
+		Id: projectID,
+	})
+	require.NoError(t, err)
+	return resp
+}
+
+func (i *Instance) AddProjectRole(ctx context.Context, t *testing.T, projectID, roleKey, displayName, group string) *project_v2beta.AddProjectRoleResponse {
+	var groupP *string
+	if group != "" {
+		groupP = &group
+	}
+
+	resp, err := i.Client.Projectv2Beta.AddProjectRole(ctx, &project_v2beta.AddProjectRoleRequest{
+		ProjectId:   projectID,
+		RoleKey:     roleKey,
+		DisplayName: displayName,
+		Group:       groupP,
+	})
+	require.NoError(t, err)
+	return resp
+}
+
+func (i *Instance) RemoveProjectRole(ctx context.Context, t *testing.T, projectID, roleKey string) *project_v2beta.RemoveProjectRoleResponse {
+	resp, err := i.Client.Projectv2Beta.RemoveProjectRole(ctx, &project_v2beta.RemoveProjectRoleRequest{
+		ProjectId: projectID,
+		RoleKey:   roleKey,
+	})
+	require.NoError(t, err)
+	return resp
+}
+
 func (i *Instance) AddProviderToDefaultLoginPolicy(ctx context.Context, id string) {
 	_, err := i.Client.Admin.AddIDPToLoginPolicy(ctx, &admin.AddIDPToLoginPolicyRequest{
 		IdpId: id,
@@ -705,12 +772,40 @@ func (i *Instance) CreateIntentSession(t *testing.T, ctx context.Context, userID
 		createResp.GetDetails().GetChangeDate().AsTime(), createResp.GetDetails().GetChangeDate().AsTime()
 }
 
-func (i *Instance) CreateProjectGrant(ctx context.Context, projectID, grantedOrgID string) *mgmt.AddProjectGrantResponse {
-	resp, err := i.Client.Mgmt.AddProjectGrant(ctx, &mgmt.AddProjectGrantRequest{
-		GrantedOrgId: grantedOrgID,
-		ProjectId:    projectID,
+func (i *Instance) CreateProjectGrant(ctx context.Context, t *testing.T, projectID, grantedOrgID string, roles ...string) *project_v2beta.CreateProjectGrantResponse {
+	resp, err := i.Client.Projectv2Beta.CreateProjectGrant(ctx, &project_v2beta.CreateProjectGrantRequest{
+		GrantedOrganizationId: grantedOrgID,
+		ProjectId:             projectID,
+		RoleKeys:              roles,
 	})
-	logging.OnError(err).Panic("create project grant")
+	require.NoError(t, err)
+	return resp
+}
+
+func (i *Instance) DeleteProjectGrant(ctx context.Context, t *testing.T, projectID, grantedOrgID string) *project_v2beta.DeleteProjectGrantResponse {
+	resp, err := i.Client.Projectv2Beta.DeleteProjectGrant(ctx, &project_v2beta.DeleteProjectGrantRequest{
+		GrantedOrganizationId: grantedOrgID,
+		ProjectId:             projectID,
+	})
+	require.NoError(t, err)
+	return resp
+}
+
+func (i *Instance) DeactivateProjectGrant(ctx context.Context, t *testing.T, projectID, grantedOrgID string) *project_v2beta.DeactivateProjectGrantResponse {
+	resp, err := i.Client.Projectv2Beta.DeactivateProjectGrant(ctx, &project_v2beta.DeactivateProjectGrantRequest{
+		ProjectId:             projectID,
+		GrantedOrganizationId: grantedOrgID,
+	})
+	require.NoError(t, err)
+	return resp
+}
+
+func (i *Instance) ActivateProjectGrant(ctx context.Context, t *testing.T, projectID, grantedOrgID string) *project_v2beta.ActivateProjectGrantResponse {
+	resp, err := i.Client.Projectv2Beta.ActivateProjectGrant(ctx, &project_v2beta.ActivateProjectGrantRequest{
+		ProjectId:             projectID,
+		GrantedOrganizationId: grantedOrgID,
+	})
+	require.NoError(t, err)
 	return resp
 }
 
diff --git a/internal/integration/oidc.go b/internal/integration/oidc.go
index 159fcb0119..3323be3f97 100644
--- a/internal/integration/oidc.go
+++ b/internal/integration/oidc.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
+	"testing"
 	"time"
 
 	"github.com/brianvoe/gofakeit/v6"
@@ -133,13 +134,9 @@ func (i *Instance) CreateOIDCInactivateProjectClient(ctx context.Context, redire
 	return client, err
 }
 
-func (i *Instance) CreateOIDCImplicitFlowClient(ctx context.Context, redirectURI string, loginVersion *app.LoginVersion) (*management.AddOIDCAppResponse, error) {
-	project, err := i.Client.Mgmt.AddProject(ctx, &management.AddProjectRequest{
-		Name: fmt.Sprintf("project-%d", time.Now().UnixNano()),
-	})
-	if err != nil {
-		return nil, err
-	}
+func (i *Instance) CreateOIDCImplicitFlowClient(ctx context.Context, t *testing.T, redirectURI string, loginVersion *app.LoginVersion) (*management.AddOIDCAppResponse, error) {
+	project := i.CreateProject(ctx, t, "", gofakeit.AppName(), false, false)
+
 	resp, err := i.Client.Mgmt.AddOIDCApp(ctx, &management.AddOIDCAppRequest{
 		ProjectId:                project.GetId(),
 		Name:                     fmt.Sprintf("app-%d", time.Now().UnixNano()),
@@ -178,30 +175,11 @@ func (i *Instance) CreateOIDCImplicitFlowClient(ctx context.Context, redirectURI
 	})
 }
 
-func (i *Instance) CreateOIDCTokenExchangeClient(ctx context.Context) (client *management.AddOIDCAppResponse, keyData []byte, err error) {
-	project, err := i.Client.Mgmt.AddProject(ctx, &management.AddProjectRequest{
-		Name: fmt.Sprintf("project-%d", time.Now().UnixNano()),
-	})
-	if err != nil {
-		return nil, nil, err
-	}
+func (i *Instance) CreateOIDCTokenExchangeClient(ctx context.Context, t *testing.T) (client *management.AddOIDCAppResponse, keyData []byte, err error) {
+	project := i.CreateProject(ctx, t, "", gofakeit.AppName(), false, false)
 	return i.CreateOIDCWebClientJWT(ctx, "", "", project.GetId(), app.OIDCGrantType_OIDC_GRANT_TYPE_TOKEN_EXCHANGE, app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE, app.OIDCGrantType_OIDC_GRANT_TYPE_REFRESH_TOKEN)
 }
 
-func (i *Instance) CreateProject(ctx context.Context) (*management.AddProjectResponse, error) {
-	return i.Client.Mgmt.AddProject(ctx, &management.AddProjectRequest{
-		Name: fmt.Sprintf("project-%d", time.Now().UnixNano()),
-	})
-}
-
-func (i *Instance) CreateProjectWithPermissionCheck(ctx context.Context, projectRoleCheck, hasProjectCheck bool) (*management.AddProjectResponse, error) {
-	return i.Client.Mgmt.AddProject(ctx, &management.AddProjectRequest{
-		Name:             fmt.Sprintf("project-%d", time.Now().UnixNano()),
-		HasProjectCheck:  hasProjectCheck,
-		ProjectRoleCheck: projectRoleCheck,
-	})
-}
-
 func (i *Instance) CreateAPIClientJWT(ctx context.Context, projectID string) (*management.AddAPIAppResponse, error) {
 	return i.Client.Mgmt.AddAPIApp(ctx, &management.AddAPIAppRequest{
 		ProjectId:      projectID,
diff --git a/internal/query/project.go b/internal/query/project.go
index 7501047182..ab58bd11a8 100644
--- a/internal/query/project.go
+++ b/internal/query/project.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"database/sql"
 	"errors"
+	"slices"
 	"time"
 
 	sq "github.com/Masterminds/squirrel"
@@ -72,11 +73,104 @@ var (
 	}
 )
 
+var (
+	grantedProjectsAlias = table{
+		name:          "granted_projects",
+		instanceIDCol: projection.ProjectColumnInstanceID,
+	}
+	GrantedProjectColumnID = Column{
+		name:  projection.ProjectColumnID,
+		table: grantedProjectsAlias,
+	}
+	GrantedProjectColumnCreationDate = Column{
+		name:  projection.ProjectColumnCreationDate,
+		table: grantedProjectsAlias,
+	}
+	GrantedProjectColumnChangeDate = Column{
+		name:  projection.ProjectColumnChangeDate,
+		table: grantedProjectsAlias,
+	}
+	grantedProjectColumnResourceOwner = Column{
+		name:  projection.ProjectColumnResourceOwner,
+		table: grantedProjectsAlias,
+	}
+	grantedProjectColumnInstanceID = Column{
+		name:  projection.ProjectGrantColumnInstanceID,
+		table: grantedProjectsAlias,
+	}
+	grantedProjectColumnState = Column{
+		name:  "project_state",
+		table: grantedProjectsAlias,
+	}
+	GrantedProjectColumnName = Column{
+		name:  "project_name",
+		table: grantedProjectsAlias,
+	}
+	grantedProjectColumnProjectRoleAssertion = Column{
+		name:  projection.ProjectColumnProjectRoleAssertion,
+		table: grantedProjectsAlias,
+	}
+	grantedProjectColumnProjectRoleCheck = Column{
+		name:  projection.ProjectColumnProjectRoleCheck,
+		table: grantedProjectsAlias,
+	}
+	grantedProjectColumnHasProjectCheck = Column{
+		name:  projection.ProjectColumnHasProjectCheck,
+		table: grantedProjectsAlias,
+	}
+	grantedProjectColumnPrivateLabelingSetting = Column{
+		name:  projection.ProjectColumnPrivateLabelingSetting,
+		table: grantedProjectsAlias,
+	}
+	grantedProjectColumnGrantResourceOwner = Column{
+		name:  "project_grant_resource_owner",
+		table: grantedProjectsAlias,
+	}
+	grantedProjectColumnGrantedOrganization = Column{
+		name:  projection.ProjectGrantColumnGrantedOrgID,
+		table: grantedProjectsAlias,
+	}
+	grantedProjectColumnGrantedOrganizationName = Column{
+		name:  "granted_org_name",
+		table: grantedProjectsAlias,
+	}
+	grantedProjectColumnGrantState = Column{
+		name:  "project_grant_state",
+		table: grantedProjectsAlias,
+	}
+)
+
 type Projects struct {
 	SearchResponse
 	Projects []*Project
 }
 
+func projectsCheckPermission(ctx context.Context, projects *Projects, permissionCheck domain.PermissionCheck) {
+	projects.Projects = slices.DeleteFunc(projects.Projects,
+		func(project *Project) bool {
+			return projectCheckPermission(ctx, project.ResourceOwner, project.ID, permissionCheck) != nil
+		},
+	)
+}
+
+func projectCheckPermission(ctx context.Context, resourceOwner string, projectID string, permissionCheck domain.PermissionCheck) error {
+	return permissionCheck(ctx, domain.PermissionProjectRead, resourceOwner, projectID)
+}
+
+func projectPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, queries *ProjectAndGrantedProjectSearchQueries) sq.SelectBuilder {
+	if !enabled {
+		return query
+	}
+	join, args := PermissionClause(
+		ctx,
+		grantedProjectColumnResourceOwner,
+		domain.PermissionProjectRead,
+		SingleOrgPermissionOption(queries.Queries),
+		OwnedRowsPermissionOption(GrantedProjectColumnID),
+	)
+	return query.JoinClause(join, args...)
+}
+
 type Project struct {
 	ID            string
 	CreationDate  time.Time
@@ -94,7 +188,19 @@ type Project struct {
 
 type ProjectSearchQueries struct {
 	SearchRequest
-	Queries []SearchQuery
+	Queries      []SearchQuery
+	GrantQueries []SearchQuery
+}
+
+func (q *Queries) GetProjectByIDWithPermission(ctx context.Context, shouldTriggerBulk bool, id string, permissionCheck domain.PermissionCheck) (*Project, error) {
+	project, err := q.ProjectByID(ctx, shouldTriggerBulk, id)
+	if err != nil {
+		return nil, err
+	}
+	if err := projectCheckPermission(ctx, project.ResourceOwner, project.ID, permissionCheck); err != nil {
+		return nil, err
+	}
+	return project, nil
 }
 
 func (q *Queries) ProjectByID(ctx context.Context, shouldTriggerBulk bool, id string) (project *Project, err error) {
@@ -125,7 +231,18 @@ func (q *Queries) ProjectByID(ctx context.Context, shouldTriggerBulk bool, id st
 	return project, err
 }
 
-func (q *Queries) SearchProjects(ctx context.Context, queries *ProjectSearchQueries) (projects *Projects, err error) {
+func (q *Queries) SearchProjects(ctx context.Context, queries *ProjectSearchQueries, permissionCheck domain.PermissionCheck) (*Projects, error) {
+	projects, err := q.searchProjects(ctx, queries)
+	if err != nil {
+		return nil, err
+	}
+	if permissionCheck != nil {
+		projectsCheckPermission(ctx, projects, permissionCheck)
+	}
+	return projects, nil
+}
+
+func (q *Queries) searchProjects(ctx context.Context, queries *ProjectSearchQueries) (projects *Projects, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
@@ -147,6 +264,89 @@ func (q *Queries) SearchProjects(ctx context.Context, queries *ProjectSearchQuer
 	return projects, err
 }
 
+type ProjectAndGrantedProjectSearchQueries struct {
+	SearchRequest
+	Queries []SearchQuery
+}
+
+func (q *ProjectAndGrantedProjectSearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
+	query = q.SearchRequest.toQuery(query)
+	for _, q := range q.Queries {
+		query = q.toQuery(query)
+	}
+	return query
+}
+
+func (q *Queries) SearchGrantedProjects(ctx context.Context, queries *ProjectAndGrantedProjectSearchQueries, permissionCheck domain.PermissionCheck) (*GrantedProjects, error) {
+	permissionCheckV2 := PermissionV2(ctx, permissionCheck)
+	projects, err := q.searchGrantedProjects(ctx, queries, permissionCheckV2)
+	if err != nil {
+		return nil, err
+	}
+	if permissionCheck != nil && !authz.GetFeatures(ctx).PermissionCheckV2 {
+		grantedProjectsCheckPermission(ctx, projects, permissionCheck)
+	}
+	return projects, nil
+}
+
+func (q *Queries) searchGrantedProjects(ctx context.Context, queries *ProjectAndGrantedProjectSearchQueries, permissionCheckV2 bool) (grantedProjects *GrantedProjects, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	query, scan := prepareGrantedProjectsQuery()
+	query = projectPermissionCheckV2(ctx, query, permissionCheckV2, queries)
+	eq := sq.Eq{grantedProjectColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()}
+	stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
+	if err != nil {
+		return nil, zerrors.ThrowInvalidArgument(err, "QUERY-T84X9", "Errors.Query.InvalidRequest")
+	}
+
+	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
+		grantedProjects, err = scan(rows)
+		return err
+	}, stmt, args...)
+	if err != nil {
+		return nil, err
+	}
+	return grantedProjects, nil
+}
+
+func NewGrantedProjectNameSearchQuery(method TextComparison, value string) (SearchQuery, error) {
+	return NewTextQuery(GrantedProjectColumnName, value, method)
+}
+
+func NewGrantedProjectResourceOwnerSearchQuery(value string) (SearchQuery, error) {
+	return NewTextQuery(grantedProjectColumnResourceOwner, value, TextEquals)
+}
+
+func NewGrantedProjectIDSearchQuery(ids []string) (SearchQuery, error) {
+	list := make([]interface{}, len(ids))
+	for i, value := range ids {
+		list[i] = value
+	}
+	return NewListQuery(GrantedProjectColumnID, list, ListIn)
+}
+
+func NewGrantedProjectOrganizationIDSearchQuery(value string) (SearchQuery, error) {
+	project, err := NewTextQuery(grantedProjectColumnResourceOwner, value, TextEquals)
+	if err != nil {
+		return nil, err
+	}
+	grant, err := NewTextQuery(grantedProjectColumnGrantedOrganization, value, TextEquals)
+	if err != nil {
+		return nil, err
+	}
+	return NewOrQuery(project, grant)
+}
+
+func NewGrantedProjectGrantResourceOwnerSearchQuery(value string) (SearchQuery, error) {
+	return NewTextQuery(grantedProjectColumnGrantResourceOwner, value, TextEquals)
+}
+
+func NewGrantedProjectGrantedOrganizationIDSearchQuery(value string) (SearchQuery, error) {
+	return NewTextQuery(grantedProjectColumnGrantedOrganization, value, TextEquals)
+}
+
 func NewProjectNameSearchQuery(method TextComparison, value string) (SearchQuery, error) {
 	return NewTextQuery(ProjectColumnName, value, method)
 }
@@ -285,3 +485,171 @@ func prepareProjectsQuery() (sq.SelectBuilder, func(*sql.Rows) (*Projects, error
 			}, nil
 		}
 }
+
+type GrantedProjects struct {
+	SearchResponse
+	GrantedProjects []*GrantedProject
+}
+
+func grantedProjectsCheckPermission(ctx context.Context, grantedProjects *GrantedProjects, permissionCheck domain.PermissionCheck) {
+	grantedProjects.GrantedProjects = slices.DeleteFunc(grantedProjects.GrantedProjects,
+		func(grantedProject *GrantedProject) bool {
+			return projectCheckPermission(ctx, grantedProject.ResourceOwner, grantedProject.ProjectID, permissionCheck) != nil
+		},
+	)
+}
+
+type GrantedProject struct {
+	ProjectID     string
+	CreationDate  time.Time
+	ChangeDate    time.Time
+	ResourceOwner string
+	InstanceID    string
+	ProjectState  domain.ProjectState
+	ProjectName   string
+
+	ProjectRoleAssertion   bool
+	ProjectRoleCheck       bool
+	HasProjectCheck        bool
+	PrivateLabelingSetting domain.PrivateLabelingSetting
+
+	GrantedOrgID      string
+	OrgName           string
+	ProjectGrantState domain.ProjectGrantState
+}
+
+func prepareGrantedProjectsQuery() (sq.SelectBuilder, func(*sql.Rows) (*GrantedProjects, error)) {
+	return sq.Select(
+			GrantedProjectColumnID.identifier(),
+			GrantedProjectColumnCreationDate.identifier(),
+			GrantedProjectColumnChangeDate.identifier(),
+			grantedProjectColumnResourceOwner.identifier(),
+			grantedProjectColumnInstanceID.identifier(),
+			grantedProjectColumnState.identifier(),
+			GrantedProjectColumnName.identifier(),
+			grantedProjectColumnProjectRoleAssertion.identifier(),
+			grantedProjectColumnProjectRoleCheck.identifier(),
+			grantedProjectColumnHasProjectCheck.identifier(),
+			grantedProjectColumnPrivateLabelingSetting.identifier(),
+			grantedProjectColumnGrantedOrganization.identifier(),
+			grantedProjectColumnGrantedOrganizationName.identifier(),
+			grantedProjectColumnGrantState.identifier(),
+			countColumn.identifier(),
+		).From(getProjectsAndGrantedProjectsFromQuery()).
+			PlaceholderFormat(sq.Dollar),
+		func(rows *sql.Rows) (*GrantedProjects, error) {
+			projects := make([]*GrantedProject, 0)
+			var (
+				count             uint64
+				orgID             = sql.NullString{}
+				orgName           = sql.NullString{}
+				projectGrantState = sql.NullInt16{}
+			)
+			for rows.Next() {
+				grantedProject := new(GrantedProject)
+				err := rows.Scan(
+					&grantedProject.ProjectID,
+					&grantedProject.CreationDate,
+					&grantedProject.ChangeDate,
+					&grantedProject.ResourceOwner,
+					&grantedProject.InstanceID,
+					&grantedProject.ProjectState,
+					&grantedProject.ProjectName,
+					&grantedProject.ProjectRoleAssertion,
+					&grantedProject.ProjectRoleCheck,
+					&grantedProject.HasProjectCheck,
+					&grantedProject.PrivateLabelingSetting,
+					&orgID,
+					&orgName,
+					&projectGrantState,
+					&count,
+				)
+				if err != nil {
+					return nil, err
+				}
+				if orgID.Valid {
+					grantedProject.GrantedOrgID = orgID.String
+				}
+				if orgName.Valid {
+					grantedProject.OrgName = orgName.String
+				}
+				if projectGrantState.Valid {
+					grantedProject.ProjectGrantState = domain.ProjectGrantState(projectGrantState.Int16)
+				}
+				projects = append(projects, grantedProject)
+			}
+
+			if err := rows.Close(); err != nil {
+				return nil, zerrors.ThrowInternal(err, "QUERY-K9gEE", "Errors.Query.CloseRows")
+			}
+
+			return &GrantedProjects{
+				GrantedProjects: projects,
+				SearchResponse: SearchResponse{
+					Count: count,
+				},
+			}, nil
+		}
+}
+
+func getProjectsAndGrantedProjectsFromQuery() string {
+	return "(" +
+		prepareProjects() +
+		" UNION ALL " +
+		prepareGrantedProjects() +
+		") AS " + grantedProjectsAlias.identifier()
+}
+
+func prepareProjects() string {
+	builder := sq.Select(
+		ProjectColumnID.identifier()+" AS "+GrantedProjectColumnID.name,
+		ProjectColumnCreationDate.identifier()+" AS "+GrantedProjectColumnCreationDate.name,
+		ProjectColumnChangeDate.identifier()+" AS "+GrantedProjectColumnChangeDate.name,
+		ProjectColumnResourceOwner.identifier()+" AS "+grantedProjectColumnResourceOwner.name,
+		ProjectColumnInstanceID.identifier()+" AS "+grantedProjectColumnInstanceID.name,
+		ProjectColumnState.identifier()+" AS "+grantedProjectColumnState.name,
+		ProjectColumnName.identifier()+" AS "+GrantedProjectColumnName.name,
+		ProjectColumnProjectRoleAssertion.identifier()+" AS "+grantedProjectColumnProjectRoleAssertion.name,
+		ProjectColumnProjectRoleCheck.identifier()+" AS "+grantedProjectColumnProjectRoleCheck.name,
+		ProjectColumnHasProjectCheck.identifier()+" AS "+grantedProjectColumnHasProjectCheck.name,
+		ProjectColumnPrivateLabelingSetting.identifier()+" AS "+grantedProjectColumnPrivateLabelingSetting.name,
+		"NULL::TEXT AS "+grantedProjectColumnGrantResourceOwner.name,
+		"NULL::TEXT AS "+grantedProjectColumnGrantedOrganization.name,
+		"NULL::TEXT AS "+grantedProjectColumnGrantedOrganizationName.name,
+		"NULL::SMALLINT AS "+grantedProjectColumnGrantState.name,
+		countColumn.identifier()).
+		From(projectsTable.identifier()).
+		PlaceholderFormat(sq.Dollar)
+
+	stmt, _ := builder.MustSql()
+	return stmt
+}
+
+func prepareGrantedProjects() string {
+	grantedOrgTable := orgsTable.setAlias(ProjectGrantGrantedOrgTableAlias)
+	grantedOrgIDColumn := OrgColumnID.setTable(grantedOrgTable)
+	builder := sq.Select(
+		ProjectGrantColumnProjectID.identifier()+" AS "+GrantedProjectColumnID.name,
+		ProjectGrantColumnCreationDate.identifier()+" AS "+GrantedProjectColumnCreationDate.name,
+		ProjectGrantColumnChangeDate.identifier()+" AS "+GrantedProjectColumnChangeDate.name,
+		ProjectColumnResourceOwner.identifier()+" AS "+grantedProjectColumnResourceOwner.name,
+		ProjectGrantColumnInstanceID.identifier()+" AS "+grantedProjectColumnInstanceID.name,
+		ProjectColumnState.identifier()+" AS "+grantedProjectColumnState.name,
+		ProjectColumnName.identifier()+" AS "+GrantedProjectColumnName.name,
+		ProjectColumnProjectRoleAssertion.identifier()+" AS "+grantedProjectColumnProjectRoleAssertion.name,
+		ProjectColumnProjectRoleCheck.identifier()+" AS "+grantedProjectColumnProjectRoleCheck.name,
+		ProjectColumnHasProjectCheck.identifier()+" AS "+grantedProjectColumnHasProjectCheck.name,
+		ProjectColumnPrivateLabelingSetting.identifier()+" AS "+grantedProjectColumnPrivateLabelingSetting.name,
+		ProjectGrantColumnResourceOwner.identifier()+" AS "+grantedProjectColumnGrantResourceOwner.name,
+		ProjectGrantColumnGrantedOrgID.identifier()+" AS "+grantedProjectColumnGrantedOrganization.name,
+		ProjectGrantColumnGrantedOrgName.identifier()+" AS "+grantedProjectColumnGrantedOrganizationName.name,
+		ProjectGrantColumnState.identifier()+" AS "+grantedProjectColumnGrantState.name,
+		countColumn.identifier()).
+		From(projectGrantsTable.identifier()).
+		PlaceholderFormat(sq.Dollar).
+		LeftJoin(join(ProjectColumnID, ProjectGrantColumnProjectID)).
+		LeftJoin(join(grantedOrgIDColumn, ProjectGrantColumnGrantedOrgID))
+
+	stmt, _ := builder.MustSql()
+	return stmt
+}
diff --git a/internal/query/project_grant.go b/internal/query/project_grant.go
index b971593c77..a0dbd7c121 100644
--- a/internal/query/project_grant.go
+++ b/internal/query/project_grant.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"database/sql"
 	"errors"
+	"slices"
 	"time"
 
 	sq "github.com/Masterminds/squirrel"
@@ -104,6 +105,43 @@ type ProjectGrantSearchQueries struct {
 	Queries []SearchQuery
 }
 
+func projectGrantsCheckPermission(ctx context.Context, projectGrants *ProjectGrants, permissionCheck domain.PermissionCheck) {
+	projectGrants.ProjectGrants = slices.DeleteFunc(projectGrants.ProjectGrants,
+		func(projectGrant *ProjectGrant) bool {
+			return projectGrantCheckPermission(ctx, projectGrant.ResourceOwner, projectGrant.GrantID, permissionCheck) != nil
+		},
+	)
+}
+
+func projectGrantCheckPermission(ctx context.Context, resourceOwner string, grantID string, permissionCheck domain.PermissionCheck) error {
+	return permissionCheck(ctx, domain.PermissionProjectGrantRead, resourceOwner, grantID)
+}
+
+func projectGrantPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, queries *ProjectGrantSearchQueries) sq.SelectBuilder {
+	if !enabled {
+		return query
+	}
+	join, args := PermissionClause(
+		ctx,
+		ProjectGrantColumnResourceOwner,
+		domain.PermissionProjectGrantRead,
+		SingleOrgPermissionOption(queries.Queries),
+		OwnedRowsPermissionOption(ProjectGrantColumnGrantID),
+	)
+	return query.JoinClause(join, args...)
+}
+
+func (q *Queries) GetProjectGrantByIDWithPermission(ctx context.Context, shouldTriggerBulk bool, id string, permissionCheck domain.PermissionCheck) (*ProjectGrant, error) {
+	projectGrant, err := q.ProjectGrantByID(ctx, shouldTriggerBulk, id)
+	if err != nil {
+		return nil, err
+	}
+	if err := projectCheckPermission(ctx, projectGrant.ResourceOwner, projectGrant.GrantID, permissionCheck); err != nil {
+		return nil, err
+	}
+	return projectGrant, nil
+}
+
 func (q *Queries) ProjectGrantByID(ctx context.Context, shouldTriggerBulk bool, id string) (grant *ProjectGrant, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
@@ -154,11 +192,24 @@ func (q *Queries) ProjectGrantByIDAndGrantedOrg(ctx context.Context, id, granted
 	return grant, err
 }
 
-func (q *Queries) SearchProjectGrants(ctx context.Context, queries *ProjectGrantSearchQueries) (grants *ProjectGrants, err error) {
+func (q *Queries) SearchProjectGrants(ctx context.Context, queries *ProjectGrantSearchQueries, permissionCheck domain.PermissionCheck) (grants *ProjectGrants, err error) {
+	permissionCheckV2 := PermissionV2(ctx, permissionCheck)
+	projectsGrants, err := q.searchProjectGrants(ctx, queries, permissionCheckV2)
+	if err != nil {
+		return nil, err
+	}
+	if permissionCheck != nil && !authz.GetFeatures(ctx).PermissionCheckV2 {
+		projectGrantsCheckPermission(ctx, projectsGrants, permissionCheck)
+	}
+	return projectsGrants, nil
+}
+
+func (q *Queries) searchProjectGrants(ctx context.Context, queries *ProjectGrantSearchQueries, permissionCheckV2 bool) (grants *ProjectGrants, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
 	query, scan := prepareProjectGrantsQuery()
+	query = projectGrantPermissionCheckV2(ctx, query, permissionCheckV2, queries)
 	eq := sq.Eq{
 		ProjectGrantColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}
@@ -179,6 +230,7 @@ func (q *Queries) SearchProjectGrants(ctx context.Context, queries *ProjectGrant
 	return grants, err
 }
 
+// SearchProjectGrantsByProjectIDAndRoleKey is used internally to remove the roles of a project grant, so no permission check necessary
 func (q *Queries) SearchProjectGrantsByProjectIDAndRoleKey(ctx context.Context, projectID, roleKey string) (projects *ProjectGrants, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
@@ -195,13 +247,33 @@ func (q *Queries) SearchProjectGrantsByProjectIDAndRoleKey(ctx context.Context,
 	if err != nil {
 		return nil, err
 	}
-	return q.SearchProjectGrants(ctx, searchQuery)
+	return q.SearchProjectGrants(ctx, searchQuery, nil)
 }
 
 func NewProjectGrantProjectIDSearchQuery(value string) (SearchQuery, error) {
 	return NewTextQuery(ProjectGrantColumnProjectID, value, TextEquals)
 }
 
+func (q *ProjectGrantSearchQueries) AppendPermissionQueries(permissions []string) error {
+	if !authz.HasGlobalPermission(permissions) {
+		ids := authz.GetAllPermissionCtxIDs(permissions)
+		query, err := NewProjectGrantIDsSearchQuery(ids)
+		if err != nil {
+			return err
+		}
+		q.Queries = append(q.Queries, query)
+	}
+	return nil
+}
+
+func NewProjectGrantProjectIDsSearchQuery(ids []string) (SearchQuery, error) {
+	list := make([]interface{}, len(ids))
+	for i, value := range ids {
+		list[i] = value
+	}
+	return NewListQuery(ProjectGrantColumnProjectID, list, ListIn)
+}
+
 func NewProjectGrantIDsSearchQuery(values []string) (SearchQuery, error) {
 	list := make([]interface{}, len(values))
 	for i, value := range values {
@@ -243,18 +315,6 @@ func (q *ProjectGrantSearchQueries) AppendGrantedOrgQuery(orgID string) error {
 	return nil
 }
 
-func (q *ProjectGrantSearchQueries) AppendPermissionQueries(permissions []string) error {
-	if !authz.HasGlobalPermission(permissions) {
-		ids := authz.GetAllPermissionCtxIDs(permissions)
-		query, err := NewProjectGrantIDsSearchQuery(ids)
-		if err != nil {
-			return err
-		}
-		q.Queries = append(q.Queries, query)
-	}
-	return nil
-}
-
 func (q *ProjectGrantSearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
 	query = q.SearchRequest.toQuery(query)
 	for _, q := range q.Queries {
diff --git a/internal/query/project_role.go b/internal/query/project_role.go
index ab4f40ca38..15ae806cd4 100644
--- a/internal/query/project_role.go
+++ b/internal/query/project_role.go
@@ -3,12 +3,14 @@ package query
 import (
 	"context"
 	"database/sql"
+	"slices"
 	"time"
 
 	sq "github.com/Masterminds/squirrel"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
 	"github.com/zitadel/zitadel/internal/query/projection"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
@@ -80,7 +82,45 @@ type ProjectRoleSearchQueries struct {
 	Queries []SearchQuery
 }
 
-func (q *Queries) SearchProjectRoles(ctx context.Context, shouldTriggerBulk bool, queries *ProjectRoleSearchQueries) (roles *ProjectRoles, err error) {
+func projectRolesCheckPermission(ctx context.Context, projectRoles *ProjectRoles, permissionCheck domain.PermissionCheck) {
+	projectRoles.ProjectRoles = slices.DeleteFunc(projectRoles.ProjectRoles,
+		func(projectRole *ProjectRole) bool {
+			return projectRoleCheckPermission(ctx, projectRole.ResourceOwner, projectRole.Key, permissionCheck) != nil
+		},
+	)
+}
+
+func projectRoleCheckPermission(ctx context.Context, resourceOwner string, grantID string, permissionCheck domain.PermissionCheck) error {
+	return permissionCheck(ctx, domain.PermissionProjectGrantRead, resourceOwner, grantID)
+}
+
+func projectRolePermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, queries *ProjectRoleSearchQueries) sq.SelectBuilder {
+	if !enabled {
+		return query
+	}
+	join, args := PermissionClause(
+		ctx,
+		ProjectRoleColumnResourceOwner,
+		domain.PermissionProjectRoleRead,
+		SingleOrgPermissionOption(queries.Queries),
+		OwnedRowsPermissionOption(ProjectRoleColumnKey),
+	)
+	return query.JoinClause(join, args...)
+}
+
+func (q *Queries) SearchProjectRoles(ctx context.Context, shouldTriggerBulk bool, queries *ProjectRoleSearchQueries, permissionCheck domain.PermissionCheck) (roles *ProjectRoles, err error) {
+	permissionCheckV2 := PermissionV2(ctx, permissionCheck)
+	projectRoles, err := q.searchProjectRoles(ctx, shouldTriggerBulk, queries, permissionCheckV2)
+	if err != nil {
+		return nil, err
+	}
+	if permissionCheck != nil && !authz.GetFeatures(ctx).PermissionCheckV2 {
+		projectRolesCheckPermission(ctx, projectRoles, permissionCheck)
+	}
+	return projectRoles, nil
+}
+
+func (q *Queries) searchProjectRoles(ctx context.Context, shouldTriggerBulk bool, queries *ProjectRoleSearchQueries, permissionCheckV2 bool) (roles *ProjectRoles, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
@@ -94,6 +134,7 @@ func (q *Queries) SearchProjectRoles(ctx context.Context, shouldTriggerBulk bool
 	eq := sq.Eq{ProjectRoleColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()}
 
 	query, scan := prepareProjectRolesQuery()
+	query = projectRolePermissionCheckV2(ctx, query, permissionCheckV2, queries)
 	stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
 	if err != nil {
 		return nil, zerrors.ThrowInvalidArgument(err, "QUERY-3N9ff", "Errors.Query.InvalidRequest")
diff --git a/internal/repository/project/aggregate.go b/internal/repository/project/aggregate.go
index 5391718812..15cb24278d 100644
--- a/internal/repository/project/aggregate.go
+++ b/internal/repository/project/aggregate.go
@@ -1,6 +1,8 @@
 package project
 
 import (
+	"context"
+
 	"github.com/zitadel/zitadel/internal/eventstore"
 )
 
@@ -23,3 +25,7 @@ func NewAggregate(id, resourceOwner string) *Aggregate {
 		},
 	}
 }
+
+func AggregateFromWriteModel(ctx context.Context, wm *eventstore.WriteModel) *eventstore.Aggregate {
+	return eventstore.AggregateFromWriteModelCtx(ctx, wm, AggregateType, AggregateVersion)
+}
diff --git a/internal/repository/project/project.go b/internal/repository/project/project.go
index 44f882b3e1..c86fed5272 100644
--- a/internal/repository/project/project.go
+++ b/internal/repository/project/project.go
@@ -184,10 +184,7 @@ func NewProjectChangeEvent(
 	aggregate *eventstore.Aggregate,
 	oldName string,
 	changes []ProjectChanges,
-) (*ProjectChangeEvent, error) {
-	if len(changes) == 0 {
-		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-mV9xc", "Errors.NoChangesFound")
-	}
+) *ProjectChangeEvent {
 	changeEvent := &ProjectChangeEvent{
 		BaseEvent: *eventstore.NewBaseEventForPush(
 			ctx,
@@ -199,7 +196,7 @@ func NewProjectChangeEvent(
 	for _, change := range changes {
 		change(changeEvent)
 	}
-	return changeEvent, nil
+	return changeEvent
 }
 
 type ProjectChanges func(event *ProjectChangeEvent)
diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto
index 84c7823009..c90c44667c 100644
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -2678,6 +2678,11 @@ service ManagementService {
         };
     }
 
+    // Get Project By ID
+    //
+    // Deprecated: [Get Project](apis/resources/project_service_v2/project-service-get-project.api.mdx) to get project by ID.
+    //
+    // Returns a project owned by the organization (no granted projects). A Project is a vessel for different applications sharing the same role context.
    rpc GetProjectByID(GetProjectByIDRequest) returns (GetProjectByIDResponse) {
         option (google.api.http) = {
             get: "/projects/{id}"
@@ -2690,8 +2695,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            summary: "Get Project By ID";
-            description: "Returns a project owned by the organization (no granted projects). A Project is a vessel for different applications sharing the same role context."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2703,6 +2707,11 @@ service ManagementService {
         };
     }
 
+    // Get Granted Project By ID
+    //
+    // Deprecated: [List Projects](apis/resources/project_service_v2/project-service-list-projects.api.mdx) to get granted projects.
+    //
+    // Returns a project owned by another organization and granted to my organization. A Project is a vessel for different applications sharing the same role context.
     rpc GetGrantedProjectByID(GetGrantedProjectByIDRequest) returns (GetGrantedProjectByIDResponse) {
         option (google.api.http) = {
             get: "/granted_projects/{project_id}/grants/{grant_id}"
@@ -2715,8 +2724,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            summary: "Get Granted Project By ID";
-            description: "Returns a project owned by another organization and granted to my organization. A Project is a vessel for different applications sharing the same role context."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2728,6 +2736,11 @@ service ManagementService {
         };
     }
 
+    // List Projects
+    //
+    // Deprecated: [List Projects](apis/resources/project_service_v2/project-service-list-projects.api.mdx) to list all projects and granted projects.
+    //
+    // Lists projects my organization is the owner of (no granted projects). A Project is a vessel for different applications sharing the same role context.
     rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse) {
         option (google.api.http) = {
             post: "/projects/_search"
@@ -2740,8 +2753,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            summary: "Search Project";
-            description: "Lists projects my organization is the owner of (no granted projects). A Project is a vessel for different applications sharing the same role context."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2753,6 +2765,11 @@ service ManagementService {
         };
     }
 
+    // List Granted Projects
+    //
+    // Deprecated: [List Projects](apis/resources/project_service_v2/project-service-list-projects.api.mdx) to list all projects and granted projects.
+    //
+    // Lists projects my organization got granted from another organization. A Project is a vessel for different applications sharing the same role context.
     rpc ListGrantedProjects(ListGrantedProjectsRequest) returns (ListGrantedProjectsResponse) {
         option (google.api.http) = {
             post: "/granted_projects/_search"
@@ -2765,8 +2782,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            summary: "Search Granted Project";
-            description: "Lists projects my organization got granted from another organization. A Project is a vessel for different applications sharing the same role context."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2828,6 +2844,11 @@ service ManagementService {
         };
     }
 
+    // Create Project
+    //
+    // Deprecated: [Create Project](apis/resources/project_service_v2/project-service-create-project.api.mdx) to create a project.
+    //
+    // Create a new project. A Project is a vessel for different applications sharing the same role context.
     rpc AddProject(AddProjectRequest) returns (AddProjectResponse) {
         option (google.api.http) = {
             post: "/projects"
@@ -2840,8 +2861,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            summary: "Create Project";
-            description: "Create a new project. A Project is a vessel for different applications sharing the same role context."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2853,6 +2873,11 @@ service ManagementService {
         };
     }
 
+    // Update Project
+    //
+    // Deprecated: [Update Project](apis/resources/project_service_v2/project-service-update-project.api.mdx) to update a project.
+    //
+    // Update a project and its settings. A Project is a vessel for different applications sharing the same role context.
     rpc UpdateProject(UpdateProjectRequest) returns (UpdateProjectResponse) {
         option (google.api.http) = {
             put: "/projects/{id}"
@@ -2866,8 +2891,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            summary: "Update Project";
-            description: "Update a project and its settings. A Project is a vessel for different applications sharing the same role context."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2879,6 +2903,11 @@ service ManagementService {
         };
     }
 
+    // Deactivate Project
+    //
+    // Deprecated: [Deactivate Project](apis/resources/project_service_v2/project-service-deactivate-project.api.mdx) to deactivate a project.
+    //
+    // Set the state of a project to deactivated. Request returns an error if the project is already deactivated.
     rpc DeactivateProject(DeactivateProjectRequest) returns (DeactivateProjectResponse) {
         option (google.api.http) = {
             post: "/projects/{id}/_deactivate"
@@ -2892,8 +2921,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            summary: "Deactivate Project";
-            description: "Set the state of a project to deactivated. Request returns an error if the project is already deactivated."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2905,6 +2933,11 @@ service ManagementService {
         };
     }
 
+    // Activate Project
+    //
+    // Deprecated: [Activate Project](apis/resources/project_service_v2/project-service-activate-project.api.mdx) to activate a project.
+    //
+    // Set the state of a project to active. Request returns an error if the project is not deactivated.
     rpc ReactivateProject(ReactivateProjectRequest) returns (ReactivateProjectResponse) {
         option (google.api.http) = {
             post: "/projects/{id}/_reactivate"
@@ -2918,8 +2951,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            summary: "Reactivate Project";
-            description: "Set the state of a project to active. Request returns an error if the project is not deactivated."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2931,6 +2963,11 @@ service ManagementService {
         };
     }
 
+    // Remove Project
+    //
+    // Deprecated: [Delete Project](apis/resources/project_service_v2/project-service-delete-project.api.mdx) to remove a project.
+    //
+    // Project and all its sub-resources like project grants, applications, roles and user grants will be removed.
     rpc RemoveProject(RemoveProjectRequest) returns (RemoveProjectResponse) {
         option (google.api.http) = {
             delete: "/projects/{id}"
@@ -2943,8 +2980,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            summary: "Remove Project";
-            description: "Project and all its sub-resources like project grants, applications, roles and user grants will be removed."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2956,6 +2992,11 @@ service ManagementService {
         };
     }
 
+    // Search Project Roles
+    //
+    // Deprecated: [List Project Roles](apis/resources/project_service_v2/project-service-list-project-roles.api.mdx) to get project roles.
+    //
+    // Returns all roles of a project matching the search query.
     rpc ListProjectRoles(ListProjectRolesRequest) returns (ListProjectRolesResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/roles/_search"
@@ -2969,8 +3010,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Roles";
-            summary: "Search Project Roles";
-            description: "Returns all roles of a project matching the search query."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2982,6 +3022,11 @@ service ManagementService {
         };
     }
 
+    // Add Project Role
+    //
+    // Deprecated: [Add Project Role](apis/resources/project_service_v2/project-service-add-project-role.api.mdx) to add a project role.
+    //
+    // Add a new project role to a project. The key must be unique within the project.\n\nDeprecated: please use user service v2 AddProjectRole.
     rpc AddProjectRole(AddProjectRoleRequest) returns (AddProjectRoleResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/roles"
@@ -2995,8 +3040,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Roles";
-            summary: "Add Project Role";
-            description: "Add a new project role to a project. The key must be unique within the project."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3008,6 +3052,11 @@ service ManagementService {
         };
     }
 
+    // Bulk add Project Role
+    //
+    // Deprecated: [Add Project Role](apis/resources/project_service_v2/project-service-add-project-role.api.mdx) to add a project role.
+    //
+    // Add a list of roles to a project. The keys must be unique within the project.
     rpc BulkAddProjectRoles(BulkAddProjectRolesRequest) returns (BulkAddProjectRolesResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/roles/_bulk"
@@ -3021,8 +3070,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Roles";
-            summary: "Bulk Add Project Role";
-            description: "Add a list of roles to a project. The keys must be unique within the project."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3034,6 +3082,11 @@ service ManagementService {
         };
     }
 
+    // Update Project Role
+    //
+    // Deprecated: [Update Project Role](apis/resources/project_service_v2/project-service-update-project-role.api.mdx) to update a project role.
+    //
+    // Change a project role. The key is not editable. If a key should change, remove the role and create a new one.
     rpc UpdateProjectRole(UpdateProjectRoleRequest) returns (UpdateProjectRoleResponse) {
         option (google.api.http) = {
             put: "/projects/{project_id}/roles/{role_key}"
@@ -3047,8 +3100,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Roles";
-            summary: "Change Project Role";
-            description: "Change a project role. The key is not editable. If a key should change, remove the role and create a new one."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3060,6 +3112,11 @@ service ManagementService {
         };
     }
 
+    // Remove Project Role
+    //
+    // Deprecated: [Delete Project Role](apis/resources/project_service_v2/project-service-update-project-role.api.mdx) to remove a project role.
+    //
+    // Removes the role from the project and on every resource it has a dependency. This includes project grants and user grants.
     rpc RemoveProjectRole(RemoveProjectRoleRequest) returns (RemoveProjectRoleResponse) {
         option (google.api.http) = {
             delete: "/projects/{project_id}/roles/{role_key}"
@@ -3072,8 +3129,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Roles";
-            summary: "Remove Project Role";
-            description: "Removes the role from the project and on every resource it has a dependency. This includes project grants and user grants."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3737,6 +3793,11 @@ service ManagementService {
         };
     }
 
+    // Get Project Grant By ID
+    //
+    // Deprecated: [List Project Grants](apis/resources/project_service_v2/project-service-list-project-grants.api.mdx) to get a project grant.
+    //
+    // Returns a project grant. A project grant is when the organization grants its project to another organization.
     rpc GetProjectGrantByID(GetProjectGrantByIDRequest) returns (GetProjectGrantByIDResponse) {
         option (google.api.http) = {
             get: "/projects/{project_id}/grants/{grant_id}"
@@ -3748,8 +3809,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            summary: "Project Grant By ID";
-            description: "Returns a project grant. A project grant is when the organization grants its project to another organization."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3761,6 +3821,11 @@ service ManagementService {
         };
     }
 
+    // List Project Grants
+    //
+    // Deprecated: [List Project Grants](apis/resources/project_service_v2/project-service-list-project-grants.api.mdx) to list project grants.
+    //
+    // Returns a list of project grants for a specific project. A project grant is when the organization grants its project to another organization.
     rpc ListProjectGrants(ListProjectGrantsRequest) returns (ListProjectGrantsResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/grants/_search"
@@ -3774,8 +3839,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            summary: "Search Project Grants from Project";
-            description: "Returns a list of project grants for a specific project. A project grant is when the organization grants its project to another organization."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3787,6 +3851,11 @@ service ManagementService {
         };
     }
 
+    // Search Project Grants
+    //
+    // Deprecated: [List Project Grants](apis/resources/project_service_v2/project-service-list-project-grants.api.mdx) to list project grants.
+    //
+    // Returns a list of project grants. A project grant is when the organization grants its project to another organization.
     rpc ListAllProjectGrants(ListAllProjectGrantsRequest) returns (ListAllProjectGrantsResponse) {
         option (google.api.http) = {
             post: "/projectgrants/_search"
@@ -3799,8 +3868,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            summary: "Search Project Grants";
-            description: "Returns a list of project grants. A project grant is when the organization grants its project to another organization."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3812,6 +3880,11 @@ service ManagementService {
         };
     }
 
+    // Add Project Grant
+    //
+    // Deprecated: [Create Project Grant](apis/resources/project_service_v2/project-service-create-project-grant.api.mdx) to add a project grant.
+    //
+    // Grant a project to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization.
     rpc AddProjectGrant(AddProjectGrantRequest) returns (AddProjectGrantResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/grants"
@@ -3824,8 +3897,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            summary: "Add Project Grant";
-            description: "Grant a project to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization"
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3837,6 +3909,11 @@ service ManagementService {
         };
     }
 
+    // Update Project Grant
+    //
+    // Deprecated: [Update Project Grant](apis/resources/project_service_v2/project-service-update-project-grant.api.mdx) to update a project grant.
+    //
+    // Change the roles of the project that is granted to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization.
     rpc UpdateProjectGrant(UpdateProjectGrantRequest) returns (UpdateProjectGrantResponse) {
         option (google.api.http) = {
             put: "/projects/{project_id}/grants/{grant_id}"
@@ -3849,8 +3926,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            summary: "Change Project Grant";
-            description: "Change the roles of the project that is granted to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization"
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3862,6 +3938,11 @@ service ManagementService {
         };
     }
 
+    // Deactivate Project Grant
+    //
+    // Deprecated: [Deactivate Project Grant](apis/resources/project_service_v2/project-service-deactivate-project-grant.api.mdx) to deactivate a project grant.
+    //
+    // Set the state of the project grant to deactivated. The grant has to be active to be able to deactivate.
     rpc DeactivateProjectGrant(DeactivateProjectGrantRequest) returns (DeactivateProjectGrantResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/grants/{grant_id}/_deactivate"
@@ -3874,8 +3955,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            summary: "Deactivate Project Grant";
-            description: "Set the state of the project grant to deactivated. The grant has to be active to be able to deactivate."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3887,6 +3967,11 @@ service ManagementService {
         };
     }
 
+    // Reactivate Project Grant
+    //
+    // Deprecated: [Activate Project Grant](apis/resources/project_service_v2/project-service-activate-project-grant.api.mdx) to activate a project grant.
+    //
+    // Set the state of the project grant to active. The grant has to be deactivated to be able to reactivate.
     rpc ReactivateProjectGrant(ReactivateProjectGrantRequest) returns (ReactivateProjectGrantResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/grants/{grant_id}/_reactivate"
@@ -3899,8 +3984,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            summary: "Reactivate Project Grant";
-            description: "Set the state of the project grant to active. The grant has to be deactivated to be able to reactivate."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3912,6 +3996,11 @@ service ManagementService {
         };
     }
 
+    // Remove Project Grant
+    //
+    // Deprecated: [Delete Project Grant](apis/resources/project_service_v2/project-service-delete-project-grant.api.mdx) to remove a project grant.
+    //
+    // Remove a project grant. All user grants for this project grant will also be removed. A user will not have access to the project afterward (if permissions are checked).
     rpc RemoveProjectGrant(RemoveProjectGrantRequest) returns (RemoveProjectGrantResponse) {
         option (google.api.http) = {
             delete: "/projects/{project_id}/grants/{grant_id}"
@@ -3923,8 +4012,7 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            summary: "Remove Project Grant";
-            description: "Remove a project grant. All user grants for this project grant will also be removed. A user will not have access to the project afterward (if permissions are checked)."
+            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
diff --git a/proto/zitadel/project/v2beta/project_service.proto b/proto/zitadel/project/v2beta/project_service.proto
new file mode 100644
index 0000000000..cb7110bc91
--- /dev/null
+++ b/proto/zitadel/project/v2beta/project_service.proto
@@ -0,0 +1,1237 @@
+syntax = "proto3";
+
+package zitadel.project.v2beta;
+
+import "google/api/annotations.proto";
+import "google/api/field_behavior.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/struct.proto";
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "validate/validate.proto";
+
+import "zitadel/protoc_gen_zitadel/v2/options.proto";
+
+import "zitadel/project/v2beta/query.proto";
+import "google/protobuf/timestamp.proto";
+import "zitadel/filter/v2beta/filter.proto";
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/project/v2beta;project";
+
+option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
+  info: {
+    title: "Project Service";
+    version: "2.0-beta";
+    description: "This API is intended to manage Projects in a ZITADEL Organization. This service is in beta state. It can AND will continue breaking until a stable version is released.";
+    contact:{
+      name: "ZITADEL"
+      url: "https://zitadel.com"
+      email: "hi@zitadel.com"
+    }
+    license: {
+      name: "Apache 2.0",
+      url: "https://github.com/zitadel/zitadel/blob/main/LICENSING.md";
+    };
+  };
+  schemes: HTTPS;
+  schemes: HTTP;
+
+  consumes: "application/json";
+  consumes: "application/grpc";
+
+  produces: "application/json";
+  produces: "application/grpc";
+
+  consumes: "application/grpc-web+proto";
+  produces: "application/grpc-web+proto";
+
+  host: "$CUSTOM-DOMAIN";
+  base_path: "/";
+
+  external_docs: {
+    description: "Detailed information about ZITADEL",
+    url: "https://zitadel.com/docs"
+  }
+  security_definitions: {
+    security: {
+      key: "OAuth2";
+      value: {
+        type: TYPE_OAUTH2;
+        flow: FLOW_ACCESS_CODE;
+        authorization_url: "$CUSTOM-DOMAIN/oauth/v2/authorize";
+        token_url: "$CUSTOM-DOMAIN/oauth/v2/token";
+        scopes: {
+          scope: {
+            key: "openid";
+            value: "openid";
+          }
+          scope: {
+            key: "urn:zitadel:iam:org:project:id:zitadel:aud";
+            value: "urn:zitadel:iam:org:project:id:zitadel:aud";
+          }
+        }
+      }
+    }
+  }
+  security: {
+    security_requirement: {
+      key: "OAuth2";
+      value: {
+        scope: "openid";
+        scope: "urn:zitadel:iam:org:project:id:zitadel:aud";
+      }
+    }
+  }
+  responses: {
+    key: "403";
+    value: {
+      description: "Returned when the user does not have permission to access the resource.";
+      schema: {
+        json_schema: {
+          ref: "#/definitions/rpcStatus";
+        }
+      }
+    }
+  }
+  responses: {
+    key: "404";
+    value: {
+      description: "Returned when the resource does not exist.";
+      schema: {
+        json_schema: {
+          ref: "#/definitions/rpcStatus";
+        }
+      }
+    }
+  }
+};
+
+// Service to manage projects.
+service ProjectService {
+
+  // Create Project
+  //
+  // Create a new Project.
+  //
+  // Required permission:
+  //   - `project.create`
+  rpc CreateProject (CreateProjectRequest) returns (CreateProjectResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/projects"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project created successfully";
+        };
+      };
+      responses: {
+        key: "409"
+        value: {
+          description: "The project to create already exists.";
+        }
+      };
+    };
+  }
+
+  // Update Project
+  //
+  // Update an existing project.
+  //
+  // Required permission:
+  //   - `project.write`
+  rpc UpdateProject (UpdateProjectRequest) returns (UpdateProjectResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/projects/{id}"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project successfully updated or left unchanged";
+        };
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The project to update does not exist.";
+        }
+      };
+    };
+  }
+
+  // Delete Project
+  //
+  // Delete an existing project.
+  // In case the project is not found, the request will return a successful response as
+  // the desired state is already achieved.
+  //
+  // Required permission:
+  //   - `project.delete`
+  rpc DeleteProject (DeleteProjectRequest) returns (DeleteProjectResponse) {
+    option (google.api.http) = {
+      delete: "/v2beta/projects/{id}"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project deleted successfully";
+        };
+      };
+    };
+  }
+
+  // Get Project
+  //
+  // Returns the project identified by the requested ID.
+  //
+  // Required permission:
+  //   - `project.read`
+  rpc GetProject (GetProjectRequest) returns (GetProjectResponse) {
+    option (google.api.http) = {
+      get: "/v2beta/projects/{id}"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "project.read"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "Project retrieved successfully";
+        }
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The project to get does not exist.";
+        }
+      };
+    };
+  }
+
+  // List Projects
+  //
+  // List all matching projects. By default all projects of the instance that the caller has permission to read are returned.
+  // Make sure to include a limit and sorting for pagination.
+  //
+  // Required permission:
+  //   - `project.read`
+  rpc ListProjects (ListProjectsRequest) returns (ListProjectsResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/projects/search",
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "project.read"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "A list of all projects matching the query";
+        };
+      };
+      responses: {
+        key: "400";
+        value: {
+          description: "invalid list query";
+        };
+      };
+    };
+  }
+
+  // Deactivate Project
+  //
+  // Set the state of a project to deactivated. Request returns no error if the project is already deactivated.
+  // Applications under deactivated projects are not able to login anymore.
+  //
+  // Required permission:
+  //   - `project.write`
+  rpc DeactivateProject (DeactivateProjectRequest) returns (DeactivateProjectResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/projects/{id}/deactivate"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project deactivated successfully";
+        };
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The project to deactivate does not exist.";
+        }
+      };
+    };
+  }
+
+  // Activate Project
+  //
+  // Set the state of a project to active. Request returns no error if the project is already activated.
+  //
+  // Required permission:
+  //   - `project.write`
+  rpc ActivateProject (ActivateProjectRequest) returns (ActivateProjectResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/projects/{id}/activate"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project activated successfully";
+        };
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The project to activate does not exist.";
+        }
+      };
+    };
+  }
+
+  // Add Project Role
+  //
+  // Add a new project role to a project. The key must be unique within the project.
+  //
+  // Required permission:
+  //   - `project.role.write`
+  rpc AddProjectRole (AddProjectRoleRequest) returns (AddProjectRoleResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/projects/{project_id}/roles"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project role added successfully";
+        };
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The project to add the project role does not exist.";
+        }
+      };
+    };
+  }
+
+  // Update Project Role
+  //
+  // Change a project role. The key is not editable. If a key should change, remove the role and create a new one.
+  //
+  // Required permission:
+  //   - `project.role.write`
+  rpc UpdateProjectRole (UpdateProjectRoleRequest) returns (UpdateProjectRoleResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/projects/{project_id}/roles/{role_key}"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project role updated successfully";
+        };
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The project role to update does not exist.";
+        }
+      };
+    };
+  }
+
+  // Remove Project Role
+  //
+  // Removes the role from the project and on every resource it has a dependency. This includes project grants and user grants.
+  //
+  // Required permission:
+  //   - `project.role.write`
+  rpc RemoveProjectRole (RemoveProjectRoleRequest) returns (RemoveProjectRoleResponse) {
+    option (google.api.http) = {
+      delete: "/v2beta/projects/{project_id}/roles/{role_key}"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project role removed successfully";
+        };
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The project role to remove does not exist.";
+        }
+      };
+    };
+  }
+
+  // List Project Roles
+  //
+  // Returns all roles of a project matching the search query.
+  //
+  // Required permission:
+  //   - `project.role.read`
+  rpc ListProjectRoles (ListProjectRolesRequest) returns (ListProjectRolesResponse) {
+    option (google.api.http) = {
+      delete: "/v2beta/projects/{project_id}/roles/search"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "project.role.read"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "A list of all project roles matching the query";
+        };
+      };
+      responses: {
+        key: "400";
+        value: {
+          description: "invalid list query";
+        };
+      };
+    };
+  }
+
+  // Create Project Grant
+  //
+  // Grant a project to another organization.
+  // The project grant will allow the granted organization to access the project and manage the authorizations for its users.
+  //
+  // Required permission:
+  //   - `project.grant.create`
+  rpc CreateProjectGrant (CreateProjectGrantRequest) returns (CreateProjectGrantResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/projects/{project_id}/grants"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project grant created successfully";
+        };
+      };
+      responses: {
+        key: "409"
+        value: {
+          description: "The project grant to create already exists.";
+        }
+      };
+    };
+  }
+
+  // Update Project Grant
+  //
+  // Change the roles of the project that is granted to another organization.
+  // The project grant will allow the granted organization to access the project and manage the authorizations for its users.
+  //
+  // Required permission:
+  //   - `project.grant.write`
+  rpc UpdateProjectGrant (UpdateProjectGrantRequest) returns (UpdateProjectGrantResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/projects/{project_id}/grants/{granted_organization_id}"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project grant successfully updated or left unchanged";
+        };
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The project grant to update does not exist.";
+        }
+      };
+    };
+  }
+
+  // Delete Project Grant
+  //
+  // Delete a project grant. All user grants for this project grant will also be removed.
+  // A user will not have access to the project afterward (if permissions are checked).
+  // In case the project grant is not found, the request will return a successful response as
+  // the desired state is already achieved.
+  //
+  // Required permission:
+  //   - `project.grant.delete`
+  rpc DeleteProjectGrant (DeleteProjectGrantRequest) returns (DeleteProjectGrantResponse) {
+    option (google.api.http) = {
+      delete: "/v2beta/projects/{project_id}/grants/{granted_organization_id}"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project grant deleted successfully";
+        };
+      };
+    };
+  }
+
+  // Deactivate Project Grant
+  //
+  // Set the state of the project grant to deactivated.
+  // Applications under deactivated projects grants are not able to login anymore.
+  //
+  // Required permission:
+  //   - `project.grant.write`
+  rpc DeactivateProjectGrant(DeactivateProjectGrantRequest) returns (DeactivateProjectGrantResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/projects/{project_id}/grants/{granted_organization_id}/deactivate"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project grant deactivated successfully";
+        };
+      };
+    };
+  }
+
+  // Activate Project Grant
+  //
+  // Set the state of the project grant to activated.
+  //
+  // Required permission:
+  //   - `project.grant.write`
+  rpc ActivateProjectGrant(ActivateProjectGrantRequest) returns (ActivateProjectGrantResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/projects/{project_id}/grants/{granted_organization_id}/activate"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Project grant activated successfully";
+        };
+      };
+    };
+  }
+
+  // List Project Grants
+  //
+  // Returns a list of project grants. A project grant is when the organization grants its project to another organization.
+  //
+  // Required permission:
+  //   - `project.grant.write`
+  rpc ListProjectGrants(ListProjectGrantsRequest) returns (ListProjectGrantsResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/projects/grants/search"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "project.grant.read"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "A list of all project grants matching the query";
+        };
+      };
+      responses: {
+        key: "400";
+        value: {
+          description: "invalid list query";
+        };
+      };
+    };
+  }
+}
+
+message CreateProjectRequest {
+  // The unique identifier of the organization the project belongs to.
+  string organization_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // The unique identifier of the project.
+  optional string id = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // Name of the project.
+  string name = 3 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"MyProject\"";
+    }
+  ];
+  // Enable this setting to have role information included in the user info endpoint. It is also dependent on your application settings to include it in tokens and other types.
+  bool project_role_assertion = 4;
+  // When enabled ZITADEL will check if a user has an authorization to use this project assigned when login into an application of this project.
+  bool authorization_required = 5;
+  // When enabled ZITADEL will check if the organization of the user, that is trying to log in, has access to this project (either owns the project or is granted).
+  bool project_access_required = 6;
+  // Define which private labeling/branding should trigger when getting to a login of this project.
+  PrivateLabelingSetting private_labeling_setting = 7 [
+    (validate.rules).enum = {defined_only: true}
+  ];
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
+    example: "{\"organizationId\":\"69629026806489455\",\"name\":\"MyProject\",\"projectRoleAssertion\":true,\"projectRoleCheck\":true,\"hasProjectCheck\":true,\"privateLabelingSetting\":\"PRIVATE_LABELING_SETTING_UNSPECIFIED\"}";
+  };
+}
+
+message CreateProjectResponse {
+  // The unique identifier of the newly created project.
+  string id = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The timestamp of the project creation.
+  google.protobuf.Timestamp creation_date = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+}
+
+message UpdateProjectRequest {
+  string id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // Name of the project.
+  optional string name = 2  [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"MyProject-Updated\"";
+    }
+  ];
+  // Enable this setting to have role information included in the user info endpoint. It is also dependent on your application settings to include it in tokens and other types.
+  optional bool project_role_assertion = 3;
+  // When enabled ZITADEL will check if a user has a role of this project assigned when login into an application of this project.
+  optional bool project_role_check = 4;
+  // When enabled ZITADEL will check if the organization of the user, that is trying to log in, has a grant to this project.
+  optional bool has_project_check = 5;
+  // Define which private labeling/branding should trigger when getting to a login of this project.
+  optional PrivateLabelingSetting private_labeling_setting = 6 [
+    (validate.rules).enum = {defined_only: true}
+  ];
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
+    example: "{\"name\":\"MyProject-Updated\",\"projectRoleAssertion\":true,\"projectRoleCheck\":true,\"hasProjectCheck\":true,\"privateLabelingSetting\":\"PRIVATE_LABELING_SETTING_UNSPECIFIED\"}";
+  };
+}
+
+message UpdateProjectResponse {
+  // The timestamp of the change of the project.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message DeleteProjectRequest {
+  // The unique identifier of the project.
+  string id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"69629026806489455\"";
+    }
+  ];
+}
+
+message DeleteProjectResponse {
+  // The timestamp of the deletion of the project.
+  // Note that the deletion date is only guaranteed to be set if the deletion was successful during the request.
+  // In case the deletion occurred in a previous request, the deletion date might be empty.
+  google.protobuf.Timestamp deletion_date = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message GetProjectRequest {
+  // The unique identifier of the project.
+  string id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"69629026806489455\"";
+    }
+  ];
+}
+
+message GetProjectResponse {
+  Project project = 1;
+}
+
+message ListProjectsRequest {
+  // List limitations and ordering.
+  optional zitadel.filter.v2beta.PaginationRequest pagination = 1;
+  // The field the result is sorted by. The default is the creation date. Beware that if you change this, your result pagination might be inconsistent.
+  optional ProjectFieldName sorting_column = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      default: "\"PROJECT_FIELD_NAME_CREATION_DATE\""
+    }
+  ];
+  // Define the criteria to query for.
+  repeated ProjectSearchFilter filters = 3;
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
+    example: "{\"pagination\":{\"offset\":0,\"limit\":0,\"asc\":true},\"sortingColumn\":\"PROJECT_FIELD_NAME_CREATION_DATE\",\"filters\":[{\"projectNameFilter\":{\"projectName\":\"MyProject\",\"method\":\"TEXT_FILTER_METHOD_EQUALS\"}},{\"inProjectIdsFilter\":{\"projectIds\":[\"69629023906488334\",\"69622366012355662\"]}}]}";
+  };
+}
+
+message ListProjectsResponse {
+  zitadel.filter.v2beta.PaginationResponse pagination = 1;
+  repeated Project projects = 2;
+}
+
+message DeactivateProjectRequest {
+  // The unique identifier of the project.
+  string id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"69629026806489455\"";
+    }
+  ];
+}
+
+message DeactivateProjectResponse {
+  // The timestamp of the change of the project.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message ActivateProjectRequest {
+  // The unique identifier of the project.
+  string id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"69629026806489455\"";
+    }
+  ];
+}
+
+message ActivateProjectResponse {
+  // The timestamp of the change of the project.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message AddProjectRoleRequest {
+  // ID of the project.
+  string project_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // The key is the only relevant attribute for ZITADEL regarding the authorization checks.
+  string role_key = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"ADMIN\"";
+    }
+  ];
+  // Name displayed for the role.
+  string display_name = 3 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"Administrator\"";
+    }
+  ];
+  // The group is only used for display purposes. That you have better handling, like giving all the roles from a group to a user.
+  optional string group = 4 [
+    (validate.rules).string = {max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      max_length: 200;
+      example: "\"Admins\"";
+    }
+  ];
+}
+
+message AddProjectRoleResponse {
+  // The timestamp of the project role creation.
+  google.protobuf.Timestamp creation_date = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+}
+
+message UpdateProjectRoleRequest {
+  // ID of the project.
+  string project_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // The key is the only relevant attribute for ZITADEL regarding the authorization checks.
+  string role_key = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"ADMIN\"";
+    }
+  ];
+  // Name displayed for the role.
+  optional string display_name = 3 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"Administrator\"";
+    }
+  ];
+  // The group is only used for display purposes. That you have better handling, like giving all the roles from a group to a user.
+  optional string group = 4 [
+    (validate.rules).string = {max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      max_length: 200;
+      example: "\"Admins\"";
+    }
+  ];
+}
+
+message UpdateProjectRoleResponse {
+  // The timestamp of the change of the project role.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message RemoveProjectRoleRequest {
+  // ID of the project.
+  string project_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // The key is the only relevant attribute for ZITADEL regarding the authorization checks.
+  string role_key = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"ADMIN\"";
+    }
+  ];
+}
+
+message RemoveProjectRoleResponse {
+  // The timestamp of the removal of the project role.
+  // Note that the removal date is only guaranteed to be set if the removal was successful during the request.
+  // In case the removal occurred in a previous request, the removal date might be empty.
+  google.protobuf.Timestamp removal_date = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message ListProjectRolesRequest {
+  // ID of the project.
+  string project_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // List limitations and ordering.
+  optional zitadel.filter.v2beta.PaginationRequest pagination = 2;
+  // The field the result is sorted by. The default is the creation date. Beware that if you change this, your result pagination might be inconsistent.
+  optional ProjectRoleFieldName sorting_column = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      default: "\"PROJECT_ROLE_FIELD_NAME_CREATION_DATE\""
+    }
+  ];
+  // Define the criteria to query for.
+  repeated ProjectRoleSearchFilter filters = 4;
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
+    example: "{\"pagination\":{\"offset\":0,\"limit\":0,\"asc\":true},\"sortingColumn\":\"PROJECT_ROLE_FIELD_NAME_CREATION_DATE\",\"filters\":[{\"keyFilter\":{\"key\":\"role.super.man\",\"method\":\"TEXT_FILTER_METHOD_EQUALS\"}},{\"displayNameFilter\":{\"displayName\":\"SUPER\"}}]}";
+  };
+}
+
+message ListProjectRolesResponse {
+  zitadel.filter.v2beta.PaginationResponse pagination = 1;
+  repeated ProjectRole project_roles = 2;
+}
+
+
+message CreateProjectGrantRequest {
+  // ID of the project.
+  string project_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // Organization the project is granted to.
+  string granted_organization_id = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"28746028909593987\""
+    }
+  ];
+  // Keys of the role available for the project grant.
+  repeated string role_keys = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "[\"RoleKey1\", \"RoleKey2\"]";
+    }
+  ];
+}
+
+message CreateProjectGrantResponse {
+  // The timestamp of the project grant creation.
+  google.protobuf.Timestamp creation_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+}
+
+message UpdateProjectGrantRequest {
+  // ID of the project.
+  string project_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // Organization the project is granted to.
+  string granted_organization_id = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"28746028909593987\""
+    }
+  ];
+  // Keys of the role available for the project grant.
+  repeated string role_keys = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "[\"RoleKey1\", \"RoleKey2\"]";
+    }
+  ];
+}
+
+message UpdateProjectGrantResponse {
+  // The timestamp of the change of the project grant.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message DeleteProjectGrantRequest {
+  // ID of the project.
+  string project_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // Organization the project is granted to.
+  string granted_organization_id = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"28746028909593987\""
+    }
+  ];
+}
+
+message DeleteProjectGrantResponse {
+  // The timestamp of the deletion of the project grant.
+  // Note that the deletion date is only guaranteed to be set if the deletion was successful during the request.
+  // In case the deletion occurred in a previous request, the deletion date might be empty.
+  google.protobuf.Timestamp deletion_date = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message DeactivateProjectGrantRequest {
+  // ID of the project.
+  string project_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // Organization the project is granted to.
+  string granted_organization_id = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"28746028909593987\""
+    }
+  ];
+}
+
+message DeactivateProjectGrantResponse {
+  // The timestamp of the change of the project grant.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message ActivateProjectGrantRequest {
+  // ID of the project.
+  string project_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // Organization the project is granted to.
+  string granted_organization_id = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"28746028909593987\""
+    }
+  ];
+}
+
+message ActivateProjectGrantResponse {
+  // The timestamp of the change of the project grant.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message ListProjectGrantsRequest {
+  // List limitations and ordering.
+  optional zitadel.filter.v2beta.PaginationRequest pagination = 1;
+  // The field the result is sorted by. The default is the creation date. Beware that if you change this, your result pagination might be inconsistent.
+  optional ProjectGrantFieldName sorting_column = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      default: "\"PROJECT_GRANT_FIELD_NAME_CREATION_DATE\""
+    }
+  ];
+  // Define the criteria to query for.
+  repeated ProjectGrantSearchFilter filters = 3;
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
+    example: "{\"pagination\":{\"offset\":0,\"limit\":0,\"asc\":true},\"filters\":[{\"projectNameFilter\":{\"projectName\":\"MyProject\",\"method\":\"TEXT_FILTER_METHOD_EQUALS\"}},{\"inProjectIdsFilter\":{\"projectIds\":[\"69629023906488334\",\"69622366012355662\"]}}]}";
+  };
+}
+
+message ListProjectGrantsResponse {
+  zitadel.filter.v2beta.PaginationResponse pagination = 1;
+  repeated ProjectGrant project_grants = 2;
+}
\ No newline at end of file
diff --git a/proto/zitadel/project/v2beta/query.proto b/proto/zitadel/project/v2beta/query.proto
new file mode 100644
index 0000000000..f328b65189
--- /dev/null
+++ b/proto/zitadel/project/v2beta/query.proto
@@ -0,0 +1,347 @@
+syntax = "proto3";
+
+package zitadel.project.v2beta;
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/project/v2beta;project";
+
+import "google/api/field_behavior.proto";
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "validate/validate.proto";
+import "google/protobuf/timestamp.proto";
+
+import "zitadel/filter/v2beta/filter.proto";
+
+message ProjectGrant {
+  // The unique identifier of the organization which granted the project to the granted_organization_id.
+  string organization_id = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The timestamp of the granted project creation.
+  google.protobuf.Timestamp creation_date = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // The timestamp of the last change to the granted project (e.g. creation, activation, deactivation).
+  google.protobuf.Timestamp change_date = 4 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+  // The ID of the organization the project is granted to.
+  string granted_organization_id = 5 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629023906488334\""
+    }
+  ];
+  // The name of the organization the project is granted to.
+  string granted_organization_name = 6 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"Some Organization\""
+    }
+  ];
+  // The roles of the granted project.
+  repeated string granted_role_keys = 7 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "[\"role.super.man\"]"
+    }
+  ];
+  // The ID of the granted project.
+  string project_id = 8 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629023906488334\""
+    }
+  ];
+  // The name of the granted project.
+  string project_name = 9 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"ZITADEL\""
+    }
+  ];
+  // Describes the current state of the granted project.
+  ProjectGrantState state = 10 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "current state of the project";
+    }
+  ];
+}
+
+enum ProjectGrantState {
+  PROJECT_GRANT_STATE_UNSPECIFIED = 0;
+  PROJECT_GRANT_STATE_ACTIVE = 1;
+  PROJECT_GRANT_STATE_INACTIVE = 2;
+}
+
+message Project {
+  // The unique identifier of the project.
+  string id = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The unique identifier of the organization the project belongs to.
+  string organization_id = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The timestamp of the project creation.
+  google.protobuf.Timestamp creation_date = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // The timestamp of the last change to the project (e.g. creation, activation, deactivation).
+  google.protobuf.Timestamp change_date = 4 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+  // The name of the project.
+  string name = 5 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"ip_allow_list\"";
+    }
+  ];
+  // Describes the current state of the project.
+  ProjectState state = 6 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "current state of the project";
+    }
+  ];
+  // Describes if the roles of the user should be added to the token.
+  bool project_role_assertion = 7;
+  // When enabled ZITADEL will check if a user has an authorization to use this project assigned when login into an application of this project.
+  bool authorization_required = 8;
+  // When enabled ZITADEL will check if the organization of the user, that is trying to log in, has access to this project (either owns the project or is granted).
+  bool project_access_required = 9;
+  // Defines from where the private labeling should be triggered.
+  PrivateLabelingSetting private_labeling_setting = 10;
+
+  // The ID of the organization the project is granted to.
+  optional string granted_organization_id = 12 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629023906488334\""
+    }
+  ];
+  // The name of the organization the project is granted to.
+  optional string granted_organization_name = 13 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"Some Organization\""
+    }
+  ];
+  // Describes the current state of the granted project.
+  GrantedProjectState granted_state = 14 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "current state of the granted project";
+    }
+  ];
+}
+
+enum ProjectState {
+  PROJECT_STATE_UNSPECIFIED = 0;
+  PROJECT_STATE_ACTIVE = 1;
+  PROJECT_STATE_INACTIVE = 2;
+}
+
+enum GrantedProjectState {
+  GRANTED_PROJECT_STATE_UNSPECIFIED = 0;
+  GRANTED_PROJECT_STATE_ACTIVE = 1;
+  GRANTED_PROJECT_STATE_INACTIVE = 2;
+}
+
+enum PrivateLabelingSetting {
+  PRIVATE_LABELING_SETTING_UNSPECIFIED = 0;
+  PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY = 1;
+  PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY = 2;
+}
+
+enum ProjectFieldName {
+  PROJECT_FIELD_NAME_UNSPECIFIED = 0;
+  PROJECT_FIELD_NAME_ID = 1;
+  PROJECT_FIELD_NAME_CREATION_DATE = 2;
+  PROJECT_FIELD_NAME_CHANGE_DATE = 3;
+  PROJECT_FIELD_NAME_NAME = 4;
+}
+
+enum ProjectGrantFieldName {
+  PROJECT_GRANT_FIELD_NAME_UNSPECIFIED = 0;
+  PROJECT_GRANT_FIELD_NAME_PROJECT_ID = 1;
+  PROJECT_GRANT_FIELD_NAME_CREATION_DATE = 2;
+  PROJECT_GRANT_FIELD_NAME_CHANGE_DATE = 3;
+}
+
+enum ProjectRoleFieldName {
+  PROJECT_ROLE_FIELD_NAME_UNSPECIFIED = 0;
+  PROJECT_ROLE_FIELD_NAME_KEY = 1;
+  PROJECT_ROLE_FIELD_NAME_CREATION_DATE = 2;
+  PROJECT_ROLE_FIELD_NAME_CHANGE_DATE = 3;
+}
+
+message ProjectSearchFilter {
+  oneof filter {
+    option (validate.required) = true;
+
+    ProjectNameFilter project_name_filter = 1;
+    InProjectIDsFilter in_project_ids_filter = 2;
+    ProjectResourceOwnerFilter project_resource_owner_filter = 3;
+    ProjectGrantResourceOwnerFilter project_grant_resource_owner_filter = 4;
+    ProjectOrganizationIDFilter project_organization_id_filter = 5;
+  }
+}
+
+message ProjectNameFilter {
+  // Defines the name of the project to query for.
+  string project_name = 1 [
+    (validate.rules).string = {max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      max_length: 200;
+      example: "\"ip_allow_list\"";
+    }
+  ];
+  // Defines which text comparison method used for the name query.
+  zitadel.filter.v2beta.TextFilterMethod method = 2 [
+    (validate.rules).enum.defined_only = true,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "defines which text equality method is used";
+    }
+  ];
+}
+
+message InProjectIDsFilter {
+  // Defines the ids to query for.
+  repeated string project_ids = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "the ids of the projects to include"
+      example: "[\"69629023906488334\",\"69622366012355662\"]";
+    }
+  ];
+}
+
+message ProjectResourceOwnerFilter {
+  // Defines the ID of organization the project belongs to query for.
+  string project_resource_owner = 1 [
+    (validate.rules).string = {max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629023906488334\""
+    }
+  ];
+}
+
+message ProjectGrantResourceOwnerFilter {
+  // Defines the ID of organization the project grant belongs to query for.
+  string project_grant_resource_owner = 1 [
+    (validate.rules).string = {max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629023906488334\""
+    }
+  ];
+}
+
+message ProjectOrganizationIDFilter {
+  // Defines the ID of organization the project and granted project belong to query for.
+  string project_organization_id = 1 [
+    (validate.rules).string = {max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629023906488334\""
+    }
+  ];
+}
+
+message ProjectGrantSearchFilter {
+  oneof filter {
+    option (validate.required) = true;
+
+    ProjectNameFilter project_name_filter = 1;
+    ProjectRoleKeyFilter role_key_filter = 2;
+    InProjectIDsFilter in_project_ids_filter = 3;
+    ProjectResourceOwnerFilter project_resource_owner_filter = 4;
+    ProjectGrantResourceOwnerFilter project_grant_resource_owner_filter = 5;
+  }
+}
+
+message GrantedOrganizationIDFilter {
+  // Defines the ID of organization the project is granted to query for.
+  string granted_organization_id = 1 [
+    (validate.rules).string = {max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629023906488334\""
+    }
+  ];
+}
+
+message ProjectRole {
+  // ID of the project.
+  string project_id = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // Key of the project role.
+  string key = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"role.super.man\""
+    }
+  ];
+  // The timestamp of the project role creation.
+  google.protobuf.Timestamp creation_date = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // The timestamp of the last change to the project role.
+  google.protobuf.Timestamp change_date = 4 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+  // Display name of the project role.
+  string display_name = 5 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"Super man\""
+    }
+  ];
+  // Group of the project role.
+  string group = 6 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"people\""
+    }
+  ];
+}
+
+message ProjectRoleSearchFilter {
+  oneof filter {
+    option (validate.required) = true;
+
+    ProjectRoleKeyFilter role_key_filter = 1;
+    ProjectRoleDisplayNameFilter display_name_filter = 2;
+  }
+}
+
+message ProjectRoleKeyFilter {
+  string key = 1 [
+    (validate.rules).string = {max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"role.super.man\""
+    }
+  ];
+  // Defines which text comparison method used for the name query.
+  zitadel.filter.v2beta.TextFilterMethod method = 2 [
+    (validate.rules).enum.defined_only = true
+  ];
+}
+
+message ProjectRoleDisplayNameFilter {
+  string display_name = 1 [
+    (validate.rules).string = {max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"SUPER\""
+    }
+  ];
+  // Defines which text comparison method used for the name query.
+  zitadel.filter.v2beta.TextFilterMethod method = 2 [
+    (validate.rules).enum.defined_only = true
+  ];
+}
\ No newline at end of file

From 2cf3ef4de4ef993367daec6ff3974bdbdf70d2f3 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Fri, 23 May 2025 13:52:25 +0200
Subject: [PATCH 064/123] feat: federated logout for SAML IdPs (#9931)

# Which Problems Are Solved

Currently if a user signs in using an IdP, once they sign out of
Zitadel, the corresponding IdP session is not terminated. This can be
the desired behavior. In some cases, e.g. when using a shared computer
it results in a potential security risk, since a follower user might be
able to sign in as the previous using the still open IdP session.

# How the Problems Are Solved

- Admins can enabled a federated logout option on SAML IdPs through the
Admin and Management APIs.
- During the termination of a login V1 session using OIDC end_session
endpoint, Zitadel will check if an IdP was used to authenticate that
session.
- In case there was a SAML IdP used with Federated Logout enabled, it
will intercept the logout process, store the information into the shared
cache and redirect to the federated logout endpoint in the V1 login.
- The V1 login federated logout endpoint checks every request on an
existing cache entry. On success it will create a SAML logout request
for the used IdP and either redirect or POST to the configured SLO
endpoint. The cache entry is updated with a `redirected` state.
- A SLO endpoint is added to the `/idp` handlers, which will handle the
SAML logout responses. At the moment it will check again for an existing
federated logout entry (with state `redirected`) in the cache. On
success, the user is redirected to the initially provided
`post_logout_redirect_uri` from the end_session request.

# Additional Changes

None

# Additional Context

- This PR merges the https://github.com/zitadel/zitadel/pull/9841 and
https://github.com/zitadel/zitadel/pull/9854 to main, additionally
updating the docs on Entra ID SAML.
- closes #9228
- backport to 3.x

---------

Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
Co-authored-by: Zach Hirschtritt <zachary.hirschtritt@klaviyo.com>
---
 cmd/defaults.yaml                             |  10 ++
 cmd/setup/56.go                               |  27 ++++
 cmd/setup/56.sql                              |   1 +
 cmd/setup/config.go                           |   1 +
 cmd/setup/setup.go                            |   2 +
 cmd/start/start.go                            |  30 ++++-
 .../provider-oidc.component.html              |  13 +-
 .../provider-saml-sp.component.html           |  11 +-
 .../provider-saml-sp.component.scss           |  10 +-
 .../provider-saml-sp.component.ts             |   7 +
 console/src/assets/i18n/bg.json               |   3 +-
 console/src/assets/i18n/cs.json               |   2 +
 console/src/assets/i18n/de.json               |   2 +
 console/src/assets/i18n/en.json               |   2 +
 console/src/assets/i18n/es.json               |   2 +
 console/src/assets/i18n/fr.json               |   2 +
 console/src/assets/i18n/hu.json               |   2 +
 console/src/assets/i18n/id.json               |   2 +
 console/src/assets/i18n/it.json               |   2 +
 console/src/assets/i18n/ja.json               |   2 +
 console/src/assets/i18n/ko.json               |   2 +
 console/src/assets/i18n/mk.json               |   2 +
 console/src/assets/i18n/nl.json               |   2 +
 console/src/assets/i18n/pl.json               |   2 +
 console/src/assets/i18n/pt.json               |   2 +
 console/src/assets/i18n/ro.json               |   2 +
 console/src/assets/i18n/ru.json               |   2 +
 console/src/assets/i18n/sv.json               |   2 +
 console/src/assets/i18n/zh.json               |   2 +
 .../identity-providers/azure-ad-saml.mdx      |   5 +-
 internal/api/grpc/admin/idp_converter.go      |   2 +
 internal/api/grpc/idp/converter.go            |   1 +
 internal/api/grpc/idp/v2/query.go             |   1 +
 internal/api/grpc/management/idp_converter.go |   2 +
 internal/api/idp/idp.go                       |  44 +++++++
 internal/api/oidc/auth_request.go             |  63 ++++++++-
 internal/api/oidc/op.go                       |  19 ++-
 .../api/ui/login/external_provider_handler.go | 121 ++++++++++++++++++
 internal/api/ui/login/login.go                |  30 +++--
 internal/api/ui/login/router.go               |   2 +
 .../eventsourcing/eventstore/user.go          |   5 +
 .../eventsourcing/view/user_session.go        |   4 +
 internal/auth/repository/user.go              |   2 +
 internal/cache/cache.go                       |   1 +
 internal/cache/connector/connector.go         |   1 +
 internal/cache/purpose_enumer.go              |  12 +-
 internal/command/idp.go                       |   1 +
 internal/command/idp_intent_test.go           |   2 +
 internal/command/idp_model.go                 |  10 ++
 internal/command/instance_idp.go              |   3 +
 internal/command/instance_idp_model.go        |   2 +
 internal/command/instance_idp_test.go         |   8 ++
 internal/command/org_idp.go                   |   3 +
 internal/command/org_idp_model.go             |   2 +
 internal/command/org_idp_test.go              |   8 ++
 internal/domain/federatedlogout/logout.go     |  37 ++++++
 internal/query/idp_template.go                |  13 ++
 internal/query/idp_template_test.go           |  25 ++++
 internal/query/projection/idp_template.go     |   6 +
 .../query/projection/idp_template_test.go     |  18 ++-
 internal/repository/idp/saml.go               |  10 ++
 internal/repository/instance/idp.go           |   2 +
 internal/repository/org/idp.go                |   2 +
 .../user/repository/view/user_session.sql     |  29 +++++
 .../user/repository/view/user_session_view.go |  19 ++-
 proto/zitadel/admin.proto                     |   6 +
 proto/zitadel/idp.proto                       |   3 +
 proto/zitadel/idp/v2/idp.proto                |   3 +
 proto/zitadel/management.proto                |   6 +
 69 files changed, 633 insertions(+), 51 deletions(-)
 create mode 100644 cmd/setup/56.go
 create mode 100644 cmd/setup/56.sql
 create mode 100644 internal/domain/federatedlogout/logout.go
 create mode 100644 internal/user/repository/view/user_session.sql

diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index 397e9af376..7bb44b743f 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -312,6 +312,16 @@ Caches:
       AddSource: true
       Formatter:
         Format: text
+  # Federated logouts store the information needed to handle federated logout and their state transfer
+  FederatedLogouts:
+    Connector: "postgres"
+    MaxAge: 1h
+    LastUseAge: 10m
+    Log:
+      Level: error
+      AddSource: true
+      Formatter:
+        Format: text
 
 Machine:
   # Cloud-hosted VMs need to specify their metadata endpoint so that the machine can be uniquely identified.
diff --git a/cmd/setup/56.go b/cmd/setup/56.go
new file mode 100644
index 0000000000..72ccb5e6ff
--- /dev/null
+++ b/cmd/setup/56.go
@@ -0,0 +1,27 @@
+package setup
+
+import (
+	"context"
+	_ "embed"
+
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/eventstore"
+)
+
+var (
+	//go:embed 56.sql
+	addSAMLFederatedLogout string
+)
+
+type IDPTemplate6SAMLFederatedLogout struct {
+	dbClient *database.DB
+}
+
+func (mig *IDPTemplate6SAMLFederatedLogout) Execute(ctx context.Context, _ eventstore.Event) error {
+	_, err := mig.dbClient.ExecContext(ctx, addSAMLFederatedLogout)
+	return err
+}
+
+func (mig *IDPTemplate6SAMLFederatedLogout) String() string {
+	return "56_idp_templates6_add_saml_federated_logout"
+}
diff --git a/cmd/setup/56.sql b/cmd/setup/56.sql
new file mode 100644
index 0000000000..f5544eddf5
--- /dev/null
+++ b/cmd/setup/56.sql
@@ -0,0 +1 @@
+ALTER TABLE IF EXISTS projections.idp_templates6_saml ADD COLUMN IF NOT EXISTS federated_logout_enabled BOOLEAN DEFAULT FALSE;
diff --git a/cmd/setup/config.go b/cmd/setup/config.go
index 5e5c842b14..bd2abde9ea 100644
--- a/cmd/setup/config.go
+++ b/cmd/setup/config.go
@@ -152,6 +152,7 @@ type Steps struct {
 	s53InitPermittedOrgsFunction            *InitPermittedOrgsFunction53
 	s54InstancePositionIndex                *InstancePositionIndex
 	s55ExecutionHandlerStart                *ExecutionHandlerStart
+	s56IDPTemplate6SAMLFederatedLogout      *IDPTemplate6SAMLFederatedLogout
 }
 
 func MustNewSteps(v *viper.Viper) *Steps {
diff --git a/cmd/setup/setup.go b/cmd/setup/setup.go
index 58bc89d2e4..c84976f282 100644
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -214,6 +214,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 	steps.s53InitPermittedOrgsFunction = &InitPermittedOrgsFunction53{dbClient: dbClient}
 	steps.s54InstancePositionIndex = &InstancePositionIndex{dbClient: dbClient}
 	steps.s55ExecutionHandlerStart = &ExecutionHandlerStart{dbClient: dbClient}
+	steps.s56IDPTemplate6SAMLFederatedLogout = &IDPTemplate6SAMLFederatedLogout{dbClient: dbClient}
 
 	err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil, nil)
 	logging.OnError(err).Fatal("unable to start projections")
@@ -258,6 +259,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 		steps.s53InitPermittedOrgsFunction,
 		steps.s54InstancePositionIndex,
 		steps.s55ExecutionHandlerStart,
+		steps.s56IDPTemplate6SAMLFederatedLogout,
 	} {
 		setupErr = executeMigration(ctx, eventstoreClient, step, "migration failed")
 		if setupErr != nil {
diff --git a/cmd/start/start.go b/cmd/start/start.go
index 1d83197062..af76b29e99 100644
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -74,12 +74,14 @@ import (
 	"github.com/zitadel/zitadel/internal/authz"
 	authz_repo "github.com/zitadel/zitadel/internal/authz/repository"
 	authz_es "github.com/zitadel/zitadel/internal/authz/repository/eventsourcing/eventstore"
+	"github.com/zitadel/zitadel/internal/cache"
 	"github.com/zitadel/zitadel/internal/cache/connector"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/crypto"
 	cryptoDB "github.com/zitadel/zitadel/internal/crypto/database"
 	"github.com/zitadel/zitadel/internal/database"
 	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/domain/federatedlogout"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	old_es "github.com/zitadel/zitadel/internal/eventstore/repository/sql"
 	new_es "github.com/zitadel/zitadel/internal/eventstore/v3"
@@ -511,7 +513,12 @@ func startAPIs(
 	assetsCache := middleware.AssetsCacheInterceptor(config.AssetStorage.Cache.MaxAge, config.AssetStorage.Cache.SharedMaxAge)
 	apis.RegisterHandlerOnPrefix(assets.HandlerPrefix, assets.NewHandler(commands, verifier, config.SystemAuthZ, config.InternalAuthZ, id.SonyFlakeGenerator(), store, queries, middleware.CallDurationHandler, instanceInterceptor.Handler, assetsCache.Handler, limitingAccessInterceptor.Handle))
 
-	apis.RegisterHandlerOnPrefix(idp.HandlerPrefix, idp.NewHandler(commands, queries, keys.IDPConfig, instanceInterceptor.Handler))
+	federatedLogoutsCache, err := connector.StartCache[federatedlogout.Index, string, *federatedlogout.FederatedLogout](ctx, []federatedlogout.Index{federatedlogout.IndexRequestID}, cache.PurposeFederatedLogout, cacheConnectors.Config.FederatedLogouts, cacheConnectors)
+	if err != nil {
+		return nil, err
+	}
+
+	apis.RegisterHandlerOnPrefix(idp.HandlerPrefix, idp.NewHandler(commands, queries, keys.IDPConfig, instanceInterceptor.Handler, federatedLogoutsCache))
 
 	userAgentInterceptor, err := middleware.NewUserAgentHandler(config.UserAgentCookie, keys.UserAgentCookieKey, id.SonyFlakeGenerator(), config.ExternalSecure, login.EndpointResources, login.EndpointExternalLoginCallbackFormPost, login.EndpointSAMLACS)
 	if err != nil {
@@ -532,7 +539,25 @@ func startAPIs(
 	}
 	apis.RegisterHandlerOnPrefix(openapi.HandlerPrefix, openAPIHandler)
 
-	oidcServer, err := oidc.NewServer(ctx, config.OIDC, login.DefaultLoggedOutPath, config.ExternalSecure, commands, queries, authRepo, keys.OIDC, keys.OIDCKey, eventstore, dbClient, userAgentInterceptor, instanceInterceptor.Handler, limitingAccessInterceptor, config.Log.Slog(), config.SystemDefaults.SecretHasher)
+	oidcServer, err := oidc.NewServer(
+		ctx,
+		config.OIDC,
+		login.DefaultLoggedOutPath,
+		config.ExternalSecure,
+		commands,
+		queries,
+		authRepo,
+		keys.OIDC,
+		keys.OIDCKey,
+		eventstore,
+		dbClient,
+		userAgentInterceptor,
+		instanceInterceptor.Handler,
+		limitingAccessInterceptor,
+		config.Log.Slog(),
+		config.SystemDefaults.SecretHasher,
+		federatedLogoutsCache,
+	)
 	if err != nil {
 		return nil, fmt.Errorf("unable to start oidc provider: %w", err)
 	}
@@ -581,6 +606,7 @@ func startAPIs(
 		keys.IDPConfig,
 		keys.CSRFCookieKey,
 		cacheConnectors,
+		federatedLogoutsCache,
 	)
 	if err != nil {
 		return nil, fmt.Errorf("unable to start login: %w", err)
diff --git a/console/src/app/modules/providers/provider-oidc/provider-oidc.component.html b/console/src/app/modules/providers/provider-oidc/provider-oidc.component.html
index e326d3be26..c7bb48ea71 100644
--- a/console/src/app/modules/providers/provider-oidc/provider-oidc.component.html
+++ b/console/src/app/modules/providers/provider-oidc/provider-oidc.component.html
@@ -98,13 +98,12 @@
                 <p class="checkbox-desc">{{ 'IDP.ISIDTOKENMAPPING_DESC' | translate }}</p>
                 <mat-checkbox formControlName="isIdTokenMapping">{{ 'IDP.ISIDTOKENMAPPING' | translate }}</mat-checkbox>
               </div>
-            </cnsl-info-section>
-
-            <cnsl-info-section>
-              <div>
-                <p class="checkbox-desc">{{ 'IDP.USEPKCE_DESC' | translate }}</p>
-                <mat-checkbox formControlName="usePkce">{{ 'IDP.USEPKCE' | translate }}</mat-checkbox>
-              </div>
+              <cnsl-info-section>
+                <div>
+                  <p class="checkbox-desc">{{ 'IDP.USEPKCE_DESC' | translate }}</p>
+                  <mat-checkbox formControlName="usePkce">{{ 'IDP.USEPKCE' | translate }}</mat-checkbox>
+                </div>
+              </cnsl-info-section>
             </cnsl-info-section>
           </div>
 
diff --git a/console/src/app/modules/providers/provider-saml-sp/provider-saml-sp.component.html b/console/src/app/modules/providers/provider-saml-sp/provider-saml-sp.component.html
index d738b3fec9..245a963fa8 100644
--- a/console/src/app/modules/providers/provider-saml-sp/provider-saml-sp.component.html
+++ b/console/src/app/modules/providers/provider-saml-sp/provider-saml-sp.component.html
@@ -82,7 +82,7 @@
 
           <cnsl-info-section>
             <div>
-              <p class="transient-info-desc">{{ 'IDP.SAML.TRANSIENTMAPPINGATTRIBUTENAME_DESC' | translate }}</p>
+              <p class="option-desc">{{ 'IDP.SAML.TRANSIENTMAPPINGATTRIBUTENAME_DESC' | translate }}</p>
             </div>
 
             <cnsl-form-field class="formfield">
@@ -90,6 +90,15 @@
               <input cnslInput formControlName="transientMappingAttributeName" />
             </cnsl-form-field>
           </cnsl-info-section>
+
+          <cnsl-info-section>
+            <div>
+              <p class="option-desc">{{ 'IDP.FEDERATEDLOGOUTENABLED_DESC' | translate }}</p>
+              <mat-checkbox formControlName="federatedLogoutEnabled">{{
+                'IDP.FEDERATEDLOGOUTENABLED' | translate
+              }}</mat-checkbox>
+            </div>
+          </cnsl-info-section>
         </div>
 
         <cnsl-provider-options
diff --git a/console/src/app/modules/providers/provider-saml-sp/provider-saml-sp.component.scss b/console/src/app/modules/providers/provider-saml-sp/provider-saml-sp.component.scss
index 8cdf798c36..81f3bc53cf 100644
--- a/console/src/app/modules/providers/provider-saml-sp/provider-saml-sp.component.scss
+++ b/console/src/app/modules/providers/provider-saml-sp/provider-saml-sp.component.scss
@@ -4,9 +4,9 @@
 
 .transient-info {
   max-width: 500px;
-
-  .transient-info-desc {
-    margin-top: 0;
-    margin-bottom: 0.5rem;
-  }
+}
+
+.option-desc {
+  margin-top: 0;
+  margin-bottom: 0.5rem;
 }
diff --git a/console/src/app/modules/providers/provider-saml-sp/provider-saml-sp.component.ts b/console/src/app/modules/providers/provider-saml-sp/provider-saml-sp.component.ts
index 6ebd993716..be2ce6e5a9 100644
--- a/console/src/app/modules/providers/provider-saml-sp/provider-saml-sp.component.ts
+++ b/console/src/app/modules/providers/provider-saml-sp/provider-saml-sp.component.ts
@@ -127,6 +127,7 @@ export class ProviderSamlSpComponent {
         withSignedRequest: new UntypedFormControl(true, [requiredValidator]),
         nameIdFormat: new UntypedFormControl(SAMLNameIDFormat.SAML_NAME_ID_FORMAT_PERSISTENT, []),
         transientMappingAttributeName: new UntypedFormControl('', []),
+        federatedLogoutEnabled: new UntypedFormControl(false, []),
       },
       atLeastOneIsFilled('metadataXml', 'metadataUrl'),
     );
@@ -210,6 +211,7 @@ export class ProviderSamlSpComponent {
       // @ts-ignore
       req.setNameIdFormat(SAMLNameIDFormat[this.nameIDFormat?.value]);
       req.setTransientMappingAttributeName(this.transientMapping?.value);
+      req.setFederatedLogoutEnabled(this.federatedLogoutEnabled?.value);
       req.setProviderOptions(this.options);
 
       this.loading = true;
@@ -250,6 +252,7 @@ export class ProviderSamlSpComponent {
       req.setNameIdFormat(SAMLNameIDFormat[this.nameIDFormat.value]);
     }
     req.setTransientMappingAttributeName(this.transientMapping?.value);
+    req.setFederatedLogoutEnabled(this.federatedLogoutEnabled?.value);
     this.loading = true;
     this.service
       .addSAMLProvider(req)
@@ -335,4 +338,8 @@ export class ProviderSamlSpComponent {
   private get transientMapping(): AbstractControl | null {
     return this.form.get('transientMappingAttributeName');
   }
+
+  private get federatedLogoutEnabled(): AbstractControl | null {
+    return this.form.get('federatedLogoutEnabled');
+  }
 }
diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json
index b56f5797ec..dc3dc04193 100644
--- a/console/src/assets/i18n/bg.json
+++ b/console/src/assets/i18n/bg.json
@@ -2340,7 +2340,8 @@
     "REMOVE_WARN_DESCRIPTION": "На път сте да премахнете доставчик на самоличност. Това ще премахне избора на наличен IDP за вашите потребители и вече регистрираните потребители няма да могат да влязат отново. Сигурни ли сте, че ще продължите?",
     "DELETE_SELECTION_TITLE": "Изтриване на IDP",
     "DELETE_SELECTION_DESCRIPTION": "На път сте да изтриете доставчик на самоличност. ",
-    "EMPTY": "Няма наличен IDP",
+    "FEDERATEDLOGOUTENABLED": "Федерирано изписване разрешено",
+    "FEDERATEDLOGOUTENABLED_DESC": "Ако е разрешено, потребителят ще бъде изписан и от IdP, ако прекрати сесията си в ZITADEL.",
     "OIDC": {
       "GENERAL": "Главна информация",
       "TITLE": "Конфигурация на OIDC",
diff --git a/console/src/assets/i18n/cs.json b/console/src/assets/i18n/cs.json
index bf977aab43..6c85389c60 100644
--- a/console/src/assets/i18n/cs.json
+++ b/console/src/assets/i18n/cs.json
@@ -2345,6 +2345,8 @@
     "REMOVE_WARN_DESCRIPTION": "Chystáte se odebrat poskytovatele identity. To odstraní výběr dostupného IDP pro vaše uživatele a již registrovaní uživatelé se nebudou moci znovu přihlásit. Jste si jisti, že chcete pokračovat?",
     "DELETE_SELECTION_TITLE": "Odstranit IDP",
     "DELETE_SELECTION_DESCRIPTION": "Chystáte se odstranit poskytovatele identity. Výsledné změny jsou nevratné. Opravdu to chcete udělat?",
+    "FEDERATEDLOGOUTENABLED": "Federované odhlášení povoleno",
+    "FEDERATEDLOGOUTENABLED_DESC": "Je-li povoleno, uživatel bude odhlášen i z IdP, pokud ukončí relaci v ZITADEL.",
     "EMPTY": "Žádný IDP není dostupný",
     "OIDC": {
       "GENERAL": "Obecné informace",
diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json
index 12a2f56792..a1f449c1c2 100644
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@@ -2341,6 +2341,8 @@
     "REMOVE_WARN_DESCRIPTION": "Sie sind dabei, einen Identitätsanbieter zu entfernen. Dadurch wird die Auswahl des verfügbaren IDP für Ihre Benutzer entfernt und bereits registrierte Benutzer können sich nicht erneut anmelden. Wollen Sie wirklich fortfahren?",
     "DELETE_SELECTION_TITLE": "Identitätsanbieter löschen",
     "DELETE_SELECTION_DESCRIPTION": "Sie sind im Begriff mehrere Identitätsanbieter zu löschen. Die dadurch hervorgerufenen Änderungen sind unwiderruflich. Wollen Sie dies wirklich tun?",
+    "FEDERATEDLOGOUTENABLED": "Federated Logout aktiviert",
+    "FEDERATEDLOGOUTENABLED_DESC": "Wenn aktiviert, wird der Benutzer auch vom IdP abgemeldet, wenn der Benutzer die Sitzung in ZITADEL beendet.",
     "EMPTY": "Kein IDP vorhanden",
     "OIDC": {
       "TITLE": "OIDC Konfiguration",
diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json
index 571a2bd577..9e8dadd416 100644
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@@ -2351,6 +2351,8 @@
     "REMOVE_WARN_DESCRIPTION": "You are about to remove an identity provider. This will remove the selection of the available IdP for your users and already registered users won't be able to login again. Are you sure to continue?",
     "DELETE_SELECTION_TITLE": "Delete IdP",
     "DELETE_SELECTION_DESCRIPTION": "You are about to delete an identity provider. The resulting changes are irrevocable. Do you really want to do this?",
+    "FEDERATEDLOGOUTENABLED": "Federated Logout Enabled",
+    "FEDERATEDLOGOUTENABLED_DESC": "If enabled, the user will be logged out from the IdP as well if the user terminates the session in ZITADEL.",
     "EMPTY": "No IdP available",
     "OIDC": {
       "GENERAL": "General Information",
diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json
index 19bf21238f..d5493f5d70 100644
--- a/console/src/assets/i18n/es.json
+++ b/console/src/assets/i18n/es.json
@@ -2341,6 +2341,8 @@
     "REMOVE_WARN_DESCRIPTION": "Está a punto de eliminar un proveedor de identidad. Esto eliminará la selección del IDP disponible para sus usuarios y los usuarios ya registrados no podrán volver a iniciar sesión. ¿Estás seguro de continuar?",
     "DELETE_SELECTION_TITLE": "Borrar IDP",
     "DELETE_SELECTION_DESCRIPTION": "Estás a punto de borrar un proveedor de identidad. Los cambios resultantes son irrevocables. ¿Estás seguro de que quieres hacer esto?",
+    "FEDERATEDLOGOUTENABLED": "Cierre de sesión federado habilitado",
+    "FEDERATEDLOGOUTENABLED_DESC": "Si está habilitado, el usuario también será desconectado del IdP si finaliza la sesión en ZITADEL.",
     "EMPTY": "No hay IDP disponible",
     "OIDC": {
       "GENERAL": "Información general",
diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json
index 1203a09262..c0a17ac19d 100644
--- a/console/src/assets/i18n/fr.json
+++ b/console/src/assets/i18n/fr.json
@@ -2345,6 +2345,8 @@
     "REMOVE_WARN_DESCRIPTION": "Vous êtes sur le point de supprimer un fournisseur d'identité. Cela supprimera la sélection de l'IDP disponible pour vos utilisateurs et les utilisateurs déjà enregistrés ne pourront plus se reconnecter. Êtes-vous sûr de continuer ?",
     "DELETE_SELECTION_TITLE": "Supprimer Idp",
     "DELETE_SELECTION_DESCRIPTION": "Vous êtes sur le point de supprimer un fournisseur d'identité. Les changements qui en résultent sont irrévocables. Voulez-vous vraiment le faire ?",
+    "FEDERATEDLOGOUTENABLED": "Déconnexion fédérée activée",
+    "FEDERATEDLOGOUTENABLED_DESC": "Si activé, l'utilisateur sera également déconnecté de l'IdP s'il termine la session dans ZITADEL.",
     "EMPTY": "Aucun IDP disponible",
     "OIDC": {
       "GENERAL": "Informations générales",
diff --git a/console/src/assets/i18n/hu.json b/console/src/assets/i18n/hu.json
index eaf8b5f503..2f208b82b9 100644
--- a/console/src/assets/i18n/hu.json
+++ b/console/src/assets/i18n/hu.json
@@ -2346,6 +2346,8 @@
     "REMOVE_WARN_DESCRIPTION": "Egy identity providert készülsz eltávolítani. Ez eltávolítja a felhasználóid számára elérhető IDP kiválasztását, és a már regisztrált felhasználók nem tudnak újra bejelentkezni. Biztosan folytatod?",
     "DELETE_SELECTION_TITLE": "IDP törlése",
     "DELETE_SELECTION_DESCRIPTION": "Egy identity providert készülsz törölni. A változások visszafordíthatatlanok. Biztosan folytatni akarod?",
+    "FEDERATEDLOGOUTENABLED": "Szövetséges kijelentkezés engedélyezve",
+    "FEDERATEDLOGOUTENABLED_DESC": "Ha engedélyezve van, a felhasználó ki lesz jelentkezve az IdP-ből is, ha a felhasználó megszakítja a munkamenetet a ZITADEL-ben.",
     "EMPTY": "Nincs elérhető IDP",
     "OIDC": {
       "GENERAL": "Általános információk",
diff --git a/console/src/assets/i18n/id.json b/console/src/assets/i18n/id.json
index e6c8e8ca3d..d1d4001813 100644
--- a/console/src/assets/i18n/id.json
+++ b/console/src/assets/i18n/id.json
@@ -2128,6 +2128,8 @@
     "REMOVE_WARN_DESCRIPTION": "Anda akan menghapus penyedia identitas. Ini akan menghapus pilihan IDP yang tersedia untuk pengguna Anda dan pengguna yang sudah terdaftar tidak akan bisa masuk lagi. Apakah Anda yakin untuk melanjutkan?",
     "DELETE_SELECTION_TITLE": "Hapus IDP",
     "DELETE_SELECTION_DESCRIPTION": "Anda akan menghapus penyedia identitas. Perubahan yang dihasilkan tidak dapat dibatalkan. Apakah Anda benar-benar ingin melakukan ini?",
+    "FEDERATEDLOGOUTENABLED": "Logout Federasi Diaktifkan",
+    "FEDERATEDLOGOUTENABLED_DESC": "Jika diaktifkan, pengguna juga akan keluar dari IdP jika pengguna mengakhiri sesi di ZITADEL.",
     "EMPTY": "Tidak ada pengungsi yang tersedia",
     "OIDC": {
       "GENERAL": "Informasi Umum",
diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json
index 3609c2b8f2..2645afb801 100644
--- a/console/src/assets/i18n/it.json
+++ b/console/src/assets/i18n/it.json
@@ -2345,6 +2345,8 @@
     "REMOVE_WARN_DESCRIPTION": "Stai per rimuovere un provider di identità. Questo rimuoverà la selezione dell'IDP disponibile per i tuoi utenti e gli utenti già registrati non potranno accedere nuovamente. Sei sicuro di continuare?",
     "DELETE_SELECTION_TITLE": "Rimuovere IDP",
     "DELETE_SELECTION_DESCRIPTION": "Stai per rimuovere un fornitore di identità. I cambiamenti risultanti sono irrevocabili. Vuoi davvero farlo?",
+    "FEDERATEDLOGOUTENABLED": "Logout Federato Abilitato",
+    "FEDERATEDLOGOUTENABLED_DESC": "Se abilitato, l'utente verrà disconnesso anche dall'IdP se termina la sessione in ZITADEL.",
     "EMPTY": "Nessun IDP disponible",
     "OIDC": {
       "GENERAL": "Informazioni generali",
diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json
index 2d91632ad1..95855ca5fe 100644
--- a/console/src/assets/i18n/ja.json
+++ b/console/src/assets/i18n/ja.json
@@ -2348,6 +2348,8 @@
     "REMOVE_WARN_DESCRIPTION": "ID プロバイダーを削除しようとしています。これにより、ユーザーが使用できる IDP の選択が削除され、すでに登録されているユーザーは再度ログインできなくなります。続けてもよろしいですか?",
     "DELETE_SELECTION_TITLE": "IDPの削除",
     "DELETE_SELECTION_DESCRIPTION": "IDプロバイダーを削除しようとしています。変更は取消できません。本当によろしいですか？",
+    "FEDERATEDLOGOUTENABLED": "フェデレーションログアウト有効",
+    "FEDERATEDLOGOUTENABLED_DESC": "有効にすると、ユーザーがZITADELでセッションを終了した場合、IdPからもログアウトされます。",
     "EMPTY": "IDPは利用できません",
     "OIDC": {
       "GENERAL": "一般",
diff --git a/console/src/assets/i18n/ko.json b/console/src/assets/i18n/ko.json
index 8137ed98df..b51f14ff20 100644
--- a/console/src/assets/i18n/ko.json
+++ b/console/src/assets/i18n/ko.json
@@ -2348,6 +2348,8 @@
     "REMOVE_WARN_DESCRIPTION": "ID 제공자를 제거하려고 합니다. 사용자가 선택할 수 있는 ID 제공자가 제거되며, 이미 등록된 사용자는 다시 로그인할 수 없습니다. 계속하시겠습니까?",
     "DELETE_SELECTION_TITLE": "ID 제공자 삭제",
     "DELETE_SELECTION_DESCRIPTION": "ID 제공자를 삭제하려고 합니다. 이 변경 사항은 되돌릴 수 없습니다. 정말로 삭제하시겠습니까?",
+    "FEDERATEDLOGOUTENABLED": "연합 로그아웃 활성화됨",
+    "FEDERATEDLOGOUTENABLED_DESC": "활성화되면 사용자가 ZITADEL에서 세션을 종료할 경우 IdP에서도 로그아웃됩니다.",
     "EMPTY": "사용 가능한 ID 제공자가 없습니다.",
     "OIDC": {
       "GENERAL": "일반 정보",
diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json
index f11bcc5d63..c89a78238d 100644
--- a/console/src/assets/i18n/mk.json
+++ b/console/src/assets/i18n/mk.json
@@ -2341,6 +2341,8 @@
     "DELETE_DESCRIPTION": "Дали сте сигурни дека сакате да го избришете IDP? Промените се неповратни.",
     "DELETE_SELECTION_TITLE": "Избриши IDP",
     "DELETE_SELECTION_DESCRIPTION": "Дали сте сигурни дека сакате да го избришете IDP? Промените се неповратни.",
+    "FEDERATEDLOGOUTENABLED": "Овозможено федеративно одјавување",
+    "FEDERATEDLOGOUTENABLED_DESC": "Ако е овозможено, корисникот ќе биде одјавен и од IdP доколку ја прекине сесијата во ZITADEL.",
     "EMPTY": "Нема достапни провајдери на идентитети",
     "OIDC": {
       "GENERAL": "Општи информации",
diff --git a/console/src/assets/i18n/nl.json b/console/src/assets/i18n/nl.json
index 54fb6dfb26..17eb2241f7 100644
--- a/console/src/assets/i18n/nl.json
+++ b/console/src/assets/i18n/nl.json
@@ -2348,6 +2348,8 @@
     "REMOVE_WARN_DESCRIPTION": "U staat op het punt om een identiteitsprovider te verwijderen. Dit zal de selectie van de beschikbare IDP voor uw gebruikers verwijderen en reeds geregistreerde gebruikers zullen niet opnieuw kunnen inloggen. Weet u zeker dat u wilt doorgaan?",
     "DELETE_SELECTION_TITLE": "Verwijder IDP",
     "DELETE_SELECTION_DESCRIPTION": "U staat op het punt om een identiteitsprovider te verwijderen. De resulterende wijzigingen zijn onomkeerbaar. Weet u zeker dat u dit wilt doen?",
+    "FEDERATEDLOGOUTENABLED": "Federatieve afmelding ingeschakeld",
+    "FEDERATEDLOGOUTENABLED_DESC": "Indien ingeschakeld, wordt de gebruiker ook afgemeld bij de IdP als de gebruiker de sessie in ZITADEL beëindigt.",
     "EMPTY": "Geen IDP beschikbaar",
     "OIDC": {
       "GENERAL": "Algemene Informatie",
diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json
index ae23c79427..33e5f5291d 100644
--- a/console/src/assets/i18n/pl.json
+++ b/console/src/assets/i18n/pl.json
@@ -2344,6 +2344,8 @@
     "REMOVE_WARN_DESCRIPTION": "Zamierzasz usunąć dostawcę tożsamości. Spowoduje to usunięcie wyboru dostępnego dostawcy tożsamości dla Twoich użytkowników, a już zarejestrowani użytkownicy nie będą mogli zalogować się ponownie. Czy na pewno chcesz kontynuować?",
     "DELETE_SELECTION_TITLE": "Usuń dostawcę tożsamości",
     "DELETE_SELECTION_DESCRIPTION": "Zamierzasz usunąć dostawcę tożsamości. Spowoduje to nieodwracalne zmiany. Czy na pewno chcesz to zrobić?",
+    "FEDERATEDLOGOUTENABLED": "Włączono federacyjne wylogowanie",
+    "FEDERATEDLOGOUTENABLED_DESC": "Po włączeniu, użytkownik zostanie również wylogowany z IdP, jeśli zakończy sesję w ZITADEL.",
     "EMPTY": "Brak dostawcy tożsamości dostępnego",
     "OIDC": {
       "GENERAL": "Informacje ogólne",
diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json
index 71abb8d51f..ccd17170e4 100644
--- a/console/src/assets/i18n/pt.json
+++ b/console/src/assets/i18n/pt.json
@@ -2340,6 +2340,8 @@
     "DELETE_DESCRIPTION": "Você está prestes a excluir um provedor de identidade. As alterações resultantes são irreversíveis. Você realmente deseja fazer isso?",
     "DELETE_SELECTION_TITLE": "Excluir Provedor de Identidade",
     "DELETE_SELECTION_DESCRIPTION": "Você está prestes a excluir um provedor de identidade. As alterações resultantes são irreversíveis. Você realmente deseja fazer isso?",
+    "FEDERATEDLOGOUTENABLED": "Logout Federado Ativado",
+    "FEDERATEDLOGOUTENABLED_DESC": "Se ativado, o usuário também será desconectado do IdP se encerrar a sessão no ZITADEL.",
     "EMPTY": "Nenhum provedor de identidade disponível",
     "OIDC": {
       "GENERAL": "Informações Gerais",
diff --git a/console/src/assets/i18n/ro.json b/console/src/assets/i18n/ro.json
index f6a183bede..e0f2e93045 100644
--- a/console/src/assets/i18n/ro.json
+++ b/console/src/assets/i18n/ro.json
@@ -2346,6 +2346,8 @@
     "REMOVE_WARN_DESCRIPTION": "Sunteți pe cale să eliminați un furnizor de identitate. Aceasta va elimina selecția IdP-ului disponibil pentru utilizatorii dvs. și utilizatorii deja înregistrați nu se vor mai putea conecta. Sigur doriți să continuați?",
     "DELETE_SELECTION_TITLE": "Ștergeți IdP",
     "DELETE_SELECTION_DESCRIPTION": "Sunteți pe cale să ștergeți un furnizor de identitate. Modificările rezultate sunt irevocabile. Doriți cu adevărat să faceți acest lucru?",
+    "FEDERATEDLOGOUTENABLED": "Deconectare federată activată",
+    "FEDERATEDLOGOUTENABLED_DESC": "Dacă este activat, utilizatorul va fi deconectat și de la IdP dacă încheie sesiunea în ZITADEL.",
     "EMPTY": "Niciun IdP disponibil",
     "OIDC": {
       "GENERAL": "Informații generale",
diff --git a/console/src/assets/i18n/ru.json b/console/src/assets/i18n/ru.json
index c4955f83fd..175e18688b 100644
--- a/console/src/assets/i18n/ru.json
+++ b/console/src/assets/i18n/ru.json
@@ -2447,6 +2447,8 @@
     "DELETE_DESCRIPTION": "Вы собираетесь удалить поставщика идентификационных данных. Изменения необратимы. Вы действительно хотите продолжить?",
     "DELETE_SELECTION_TITLE": "Удалить поставщика идентификационных данных",
     "DELETE_SELECTION_DESCRIPTION": "Вы собираетесь удалить поставщика идентификационных данных. Изменения необратимы. Вы действительно хотите продолжить?",
+    "FEDERATEDLOGOUTENABLED": "Федеративный выход включен",
+    "FEDERATEDLOGOUTENABLED_DESC": "Если включено, пользователь также выйдет из IdP, если завершит сеанс в ZITADEL.",
     "EMPTY": "Нет доступных поставщиков идентификационных данных",
     "REMOVE_WARN_TITLE": "Удалить ВПЛ",
     "REMOVE_WARN_DESCRIPTION": "Вы собираетесь удалить поставщика удостоверений. Это приведет к удалению выбора доступного IDP для ваших пользователей, и уже зарегистрированные пользователи не смогут снова войти в систему. Вы уверены, что продолжите?",
diff --git a/console/src/assets/i18n/sv.json b/console/src/assets/i18n/sv.json
index 1144fd4585..9de5093353 100644
--- a/console/src/assets/i18n/sv.json
+++ b/console/src/assets/i18n/sv.json
@@ -2352,6 +2352,8 @@
     "REMOVE_WARN_DESCRIPTION": "Du håller på att ta bort en identitetsleverantör. Detta kommer att ta bort valet av den tillgängliga IDP för dina användare och redan registrerade användare kommer inte att kunna logga in igen. Är du säker på att fortsätta?",
     "DELETE_SELECTION_TITLE": "Radera IDP",
     "DELETE_SELECTION_DESCRIPTION": "Du håller på att radera en identitetsleverantör. De resulterande ändringarna är oåterkalleliga. Vill du verkligen göra detta?",
+    "FEDERATEDLOGOUTENABLED": "Federerad utloggning aktiverad",
+    "FEDERATEDLOGOUTENABLED_DESC": "Om aktiverat kommer användaren också att loggas ut från IdP om användaren avslutar sessionen i ZITADEL.",
     "EMPTY": "Ingen IDP tillgänglig",
     "OIDC": {
       "GENERAL": "Allmän information",
diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json
index 943a9aef16..4aa5ad0ef2 100644
--- a/console/src/assets/i18n/zh.json
+++ b/console/src/assets/i18n/zh.json
@@ -2344,6 +2344,8 @@
     "REMOVE_WARN_DESCRIPTION": "您即将删除身份提供者。这将为您的用户删除可用 IDP 的选择，并且已经注册的用户将无法再次登录。您确定要继续吗？",
     "DELETE_SELECTION_TITLE": "删除 IDP",
     "DELETE_SELECTION_DESCRIPTION": "您即将删除身份提供者。由此产生的变化是不可撤销的。你真的想这样做吗？",
+    "FEDERATEDLOGOUTENABLED": "已启用联合注销",
+    "FEDERATEDLOGOUTENABLED_DESC": "如果启用，用户在 ZITADEL 中终止会话时，也会从 IdP 注销。",
     "EMPTY": "没有可用的 IDP",
     "OIDC": {
       "GENERAL": "通用信息",
diff --git a/docs/docs/guides/integrate/identity-providers/azure-ad-saml.mdx b/docs/docs/guides/integrate/identity-providers/azure-ad-saml.mdx
index 236488431f..8eeff3f844 100644
--- a/docs/docs/guides/integrate/identity-providers/azure-ad-saml.mdx
+++ b/docs/docs/guides/integrate/identity-providers/azure-ad-saml.mdx
@@ -79,8 +79,9 @@ After you created the SAML provider in ZITADEL, you can copy the URLs you need t
 3. **Identifier (Entity ID)**: Paste the *ZITADEL Metadata URL*.
 4. **Reply URL (Assertion Consumer Service URL)**: Paste the *ZITADEL ACS Login Form URL*
 5. **Sign on URL**: Paste the *ZITADEL ACS Login Form URL*
-5. **Logout URL**: Optionally paste the *ZITADEL Single Logout URL*
-6. Click Save
+6. **Logout URL**: Paste the *ZITADEL Single Logout URL*
+7. Optionally, you can enable the "Federated Logout", which will log out the user from Entra ID once they terminate their session in ZITADEL using the OIDC End Session Endpoint.
+8. Click Save
 
 :::info
 You can ignore the ZITADEL ACS Intent API URL for now.
diff --git a/internal/api/grpc/admin/idp_converter.go b/internal/api/grpc/admin/idp_converter.go
index 3084031a73..fd7749d664 100644
--- a/internal/api/grpc/admin/idp_converter.go
+++ b/internal/api/grpc/admin/idp_converter.go
@@ -488,6 +488,7 @@ func addSAMLProviderToCommand(req *admin_pb.AddSAMLProviderRequest) *command.SAM
 		WithSignedRequest:             req.WithSignedRequest,
 		NameIDFormat:                  nameIDFormat,
 		TransientMappingAttributeName: req.GetTransientMappingAttributeName(),
+		FederatedLogoutEnabled:        req.GetFederatedLogoutEnabled(),
 		IDPOptions:                    idp_grpc.OptionsToCommand(req.ProviderOptions),
 	}
 }
@@ -505,6 +506,7 @@ func updateSAMLProviderToCommand(req *admin_pb.UpdateSAMLProviderRequest) *comma
 		WithSignedRequest:             req.WithSignedRequest,
 		NameIDFormat:                  nameIDFormat,
 		TransientMappingAttributeName: req.GetTransientMappingAttributeName(),
+		FederatedLogoutEnabled:        req.GetFederatedLogoutEnabled(),
 		IDPOptions:                    idp_grpc.OptionsToCommand(req.ProviderOptions),
 	}
 }
diff --git a/internal/api/grpc/idp/converter.go b/internal/api/grpc/idp/converter.go
index 6269f122c0..caab5121b8 100644
--- a/internal/api/grpc/idp/converter.go
+++ b/internal/api/grpc/idp/converter.go
@@ -669,6 +669,7 @@ func samlConfigToPb(providerConfig *idp_pb.ProviderConfig, template *query.SAMLI
 			WithSignedRequest:             template.WithSignedRequest,
 			NameIdFormat:                  nameIDFormat,
 			TransientMappingAttributeName: gu.Ptr(template.TransientMappingAttributeName),
+			FederatedLogoutEnabled:        gu.Ptr(template.FederatedLogoutEnabled),
 		},
 	}
 }
diff --git a/internal/api/grpc/idp/v2/query.go b/internal/api/grpc/idp/v2/query.go
index de78775804..082a94d18f 100644
--- a/internal/api/grpc/idp/v2/query.go
+++ b/internal/api/grpc/idp/v2/query.go
@@ -336,6 +336,7 @@ func samlConfigToPb(idpConfig *idp_pb.IDPConfig, template *query.SAMLIDPTemplate
 			WithSignedRequest:             template.WithSignedRequest,
 			NameIdFormat:                  nameIDFormat,
 			TransientMappingAttributeName: gu.Ptr(template.TransientMappingAttributeName),
+			FederatedLogoutEnabled:        gu.Ptr(template.FederatedLogoutEnabled),
 		},
 	}
 }
diff --git a/internal/api/grpc/management/idp_converter.go b/internal/api/grpc/management/idp_converter.go
index 4f68c5f919..37169dfc6d 100644
--- a/internal/api/grpc/management/idp_converter.go
+++ b/internal/api/grpc/management/idp_converter.go
@@ -481,6 +481,7 @@ func addSAMLProviderToCommand(req *mgmt_pb.AddSAMLProviderRequest) *command.SAML
 		WithSignedRequest:             req.WithSignedRequest,
 		NameIDFormat:                  nameIDFormat,
 		TransientMappingAttributeName: req.GetTransientMappingAttributeName(),
+		FederatedLogoutEnabled:        req.GetFederatedLogoutEnabled(),
 		IDPOptions:                    idp_grpc.OptionsToCommand(req.ProviderOptions),
 	}
 }
@@ -498,6 +499,7 @@ func updateSAMLProviderToCommand(req *mgmt_pb.UpdateSAMLProviderRequest) *comman
 		WithSignedRequest:             req.WithSignedRequest,
 		NameIDFormat:                  nameIDFormat,
 		TransientMappingAttributeName: req.GetTransientMappingAttributeName(),
+		FederatedLogoutEnabled:        req.GetFederatedLogoutEnabled(),
 		IDPOptions:                    idp_grpc.OptionsToCommand(req.ProviderOptions),
 	}
 }
diff --git a/internal/api/idp/idp.go b/internal/api/idp/idp.go
index ebf904a395..f688ba2352 100644
--- a/internal/api/idp/idp.go
+++ b/internal/api/idp/idp.go
@@ -15,10 +15,13 @@ import (
 	"github.com/muhlemmer/gu"
 	"github.com/zitadel/logging"
 
+	"github.com/zitadel/zitadel/internal/api/authz"
 	http_utils "github.com/zitadel/zitadel/internal/api/http"
 	"github.com/zitadel/zitadel/internal/api/ui/login"
+	"github.com/zitadel/zitadel/internal/cache"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain/federatedlogout"
 	"github.com/zitadel/zitadel/internal/form"
 	"github.com/zitadel/zitadel/internal/idp"
 	"github.com/zitadel/zitadel/internal/idp/providers/apple"
@@ -44,6 +47,7 @@ const (
 	metadataPath    = idpPrefix + "/saml/metadata"
 	acsPath         = idpPrefix + "/saml/acs"
 	certificatePath = idpPrefix + "/saml/certificate"
+	sloPath         = idpPrefix + "/saml/slo"
 
 	paramIntentID         = "id"
 	paramToken            = "token"
@@ -62,6 +66,7 @@ type Handler struct {
 	callbackURL         func(ctx context.Context) string
 	samlRootURL         func(ctx context.Context, idpID string) string
 	loginSAMLRootURL    func(ctx context.Context) string
+	caches              *Caches
 }
 
 type externalIDPCallbackData struct {
@@ -104,6 +109,7 @@ func NewHandler(
 	queries *query.Queries,
 	encryptionAlgorithm crypto.EncryptionAlgorithm,
 	instanceInterceptor func(next http.Handler) http.Handler,
+	federatedLogoutCache cache.Cache[federatedlogout.Index, string, *federatedlogout.FederatedLogout],
 ) http.Handler {
 	h := &Handler{
 		commands:            commands,
@@ -113,6 +119,7 @@ func NewHandler(
 		callbackURL:         CallbackURL(),
 		samlRootURL:         SAMLRootURL(),
 		loginSAMLRootURL:    LoginSAMLRootURL(),
+		caches:              &Caches{federatedLogouts: federatedLogoutCache},
 	}
 
 	router := mux.NewRouter()
@@ -121,9 +128,14 @@ func NewHandler(
 	router.HandleFunc(metadataPath, h.handleMetadata)
 	router.HandleFunc(certificatePath, h.handleCertificate)
 	router.HandleFunc(acsPath, h.handleACS)
+	router.HandleFunc(sloPath, h.handleSLO)
 	return router
 }
 
+type Caches struct {
+	federatedLogouts cache.Cache[federatedlogout.Index, string, *federatedlogout.FederatedLogout]
+}
+
 func parseSAMLRequest(r *http.Request) *externalSAMLIDPCallbackData {
 	vars := mux.Vars(r)
 	return &externalSAMLIDPCallbackData{
@@ -351,6 +363,38 @@ func (h *Handler) handleCallback(w http.ResponseWriter, r *http.Request) {
 	redirectToSuccessURL(w, r, intent, token, userID)
 }
 
+func (h *Handler) handleSLO(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	data := parseSAMLRequest(r)
+
+	logoutState, ok := h.caches.federatedLogouts.Get(ctx, federatedlogout.IndexRequestID, federatedlogout.Key(authz.GetInstance(ctx).InstanceID(), data.RelayState))
+	if !ok || logoutState.State != federatedlogout.StateRedirected {
+		err := zerrors.ThrowNotFound(nil, "SAML-3uor2", "Errors.Intent.NotFound")
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	// For the moment we just make sure the callback matches the IDP it was started on / intended for.
+
+	provider, err := h.getProvider(ctx, data.IDPID)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+	if _, ok = provider.(*saml2.Provider); !ok {
+		err := zerrors.ThrowInvalidArgument(nil, "SAML-ui9wyux0hp", "Errors.Intent.IDPInvalid")
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	// We could also parse and validate the response here, but for example Azure does not sign it and thus would already fail.
+	// Also we can't really act on it if it fails.
+
+	err = h.caches.federatedLogouts.Delete(ctx, federatedlogout.IndexRequestID, federatedlogout.Key(logoutState.InstanceID, logoutState.SessionID))
+	logging.WithFields("instanceID", logoutState.InstanceID, "sessionID", logoutState.SessionID).OnError(err).Error("could not delete federated logout")
+	http.Redirect(w, r, logoutState.PostLogoutRedirectURI, http.StatusFound)
+}
+
 func (h *Handler) tryMigrateExternalUser(ctx context.Context, idpID string, idpUser idp.User, idpSession idp.Session) (userID string, err error) {
 	migration, ok := idpSession.(idp.SessionSupportsMigration)
 	if !ok {
diff --git a/internal/api/oidc/auth_request.go b/internal/api/oidc/auth_request.go
index 953ebe799c..da0e084877 100644
--- a/internal/api/oidc/auth_request.go
+++ b/internal/api/oidc/auth_request.go
@@ -21,6 +21,7 @@ import (
 	"github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/handler"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/domain/federatedlogout"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 	"github.com/zitadel/zitadel/internal/user/model"
@@ -236,6 +237,11 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken
 }
 
 func (o *OPStorage) TerminateSession(ctx context.Context, userID, clientID string) (err error) {
+	_, err = o.terminateSession(ctx, userID)
+	return err
+}
+
+func (o *OPStorage) terminateSession(ctx context.Context, userID string) (sessions []command.HumanSignOutSession, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() {
 		err = oidcError(err)
@@ -244,22 +250,22 @@ func (o *OPStorage) TerminateSession(ctx context.Context, userID, clientID strin
 	userAgentID, ok := middleware.UserAgentIDFromCtx(ctx)
 	if !ok {
 		logging.Error("no user agent id")
-		return zerrors.ThrowPreconditionFailed(nil, "OIDC-fso7F", "no user agent id")
+		return nil, zerrors.ThrowPreconditionFailed(nil, "OIDC-fso7F", "no user agent id")
 	}
-	sessions, err := o.repo.UserSessionsByAgentID(ctx, userAgentID)
+	sessions, err = o.repo.UserSessionsByAgentID(ctx, userAgentID)
 	if err != nil {
 		logging.WithError(err).Error("error retrieving user sessions")
-		return err
+		return nil, err
 	}
 	if len(sessions) == 0 {
-		return nil
+		return nil, nil
 	}
 	data := authz.CtxData{
 		UserID: userID,
 	}
 	err = o.command.HumansSignOut(authz.SetCtxData(ctx, data), userAgentID, sessions)
 	logging.OnError(err).Error("error signing out")
-	return err
+	return sessions, err
 }
 
 func (o *OPStorage) TerminateSessionFromRequest(ctx context.Context, endSessionRequest *op.EndSessionRequest) (redirectURI string, err error) {
@@ -294,7 +300,16 @@ func (o *OPStorage) TerminateSessionFromRequest(ctx context.Context, endSessionR
 	// So if any condition is not met, we handle the request as a V1 request and do a (v1) TerminateSession,
 	// which terminates all sessions of the user agent, identified by cookie.
 	if endSessionRequest.IDTokenHintClaims == nil || endSessionRequest.IDTokenHintClaims.SessionID == "" {
-		return endSessionRequest.RedirectURI, o.TerminateSession(ctx, endSessionRequest.UserID, endSessionRequest.ClientID)
+		sessions, err := o.terminateSession(ctx, endSessionRequest.UserID)
+		if err != nil {
+			return "", err
+		}
+		if len(sessions) == 1 {
+			if path := o.federatedLogout(ctx, sessions[0].ID, endSessionRequest.RedirectURI); path != "" {
+				return path, nil
+			}
+		}
+		return endSessionRequest.RedirectURI, nil
 	}
 
 	// V1:
@@ -305,6 +320,9 @@ func (o *OPStorage) TerminateSessionFromRequest(ctx context.Context, endSessionR
 		if err != nil {
 			return "", err
 		}
+		if path := o.federatedLogout(ctx, endSessionRequest.IDTokenHintClaims.SessionID, endSessionRequest.RedirectURI); path != "" {
+			return path, nil
+		}
 		return endSessionRequest.RedirectURI, nil
 	}
 
@@ -317,6 +335,39 @@ func (o *OPStorage) TerminateSessionFromRequest(ctx context.Context, endSessionR
 	return v2PostLogoutRedirectURI(endSessionRequest.RedirectURI), nil
 }
 
+// federatedLogout checks whether the session has an idp session linked and the IDP template is configured for federated logout.
+// If so, it creates a federated logout request and stores it in the cache and returns the logout path.
+func (o *OPStorage) federatedLogout(ctx context.Context, sessionID string, postLogoutRedirectURI string) string {
+	session, err := o.repo.UserSessionByID(ctx, sessionID)
+	if err != nil {
+		logging.WithFields("instanceID", authz.GetInstance(ctx).InstanceID(), "sessionID", sessionID).
+			WithError(err).Error("error retrieving user session")
+		return ""
+	}
+	if session.SelectedIDPConfigID.String == "" {
+		return ""
+	}
+	identityProvider, err := o.query.IDPTemplateByID(ctx, false, session.SelectedIDPConfigID.String, false, nil)
+	if err != nil {
+		logging.WithFields("instanceID", authz.GetInstance(ctx).InstanceID(), "idpID", session.SelectedIDPConfigID.String, "sessionID", sessionID).
+			WithError(err).Error("error retrieving idp template")
+		return ""
+	}
+	if identityProvider.SAMLIDPTemplate == nil || !identityProvider.FederatedLogoutEnabled {
+		return ""
+	}
+	o.federateLogoutCache.Set(ctx, &federatedlogout.FederatedLogout{
+		InstanceID:            authz.GetInstance(ctx).InstanceID(),
+		FingerPrintID:         authz.GetCtxData(ctx).AgentID,
+		SessionID:             sessionID,
+		IDPID:                 session.SelectedIDPConfigID.String,
+		UserID:                session.UserID,
+		PostLogoutRedirectURI: postLogoutRedirectURI,
+		State:                 federatedlogout.StateCreated,
+	})
+	return login.ExternalLogoutPath(sessionID)
+}
+
 func buildLoginV2LogoutURL(baseURI *url.URL, redirectURI string) string {
 	baseURI.JoinPath(LogoutPath)
 	q := baseURI.Query()
diff --git a/internal/api/oidc/op.go b/internal/api/oidc/op.go
index 37a9ba2bce..d7171b957b 100644
--- a/internal/api/oidc/op.go
+++ b/internal/api/oidc/op.go
@@ -15,9 +15,11 @@ import (
 	"github.com/zitadel/zitadel/internal/api/http/middleware"
 	"github.com/zitadel/zitadel/internal/api/ui/login"
 	"github.com/zitadel/zitadel/internal/auth/repository"
+	"github.com/zitadel/zitadel/internal/cache"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/domain/federatedlogout"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/handler/crdb"
 	"github.com/zitadel/zitadel/internal/query"
@@ -76,6 +78,7 @@ type OPStorage struct {
 	locker                            crdb.Locker
 	assetAPIPrefix                    func(ctx context.Context) string
 	contextToIssuer                   func(context.Context) string
+	federateLogoutCache               cache.Cache[federatedlogout.Index, string, *federatedlogout.FederatedLogout]
 }
 
 // Provider is used to overload certain [op.Provider] methods
@@ -115,12 +118,13 @@ func NewServer(
 	accessHandler *middleware.AccessInterceptor,
 	fallbackLogger *slog.Logger,
 	hashConfig crypto.HashConfig,
+	federatedLogoutCache cache.Cache[federatedlogout.Index, string, *federatedlogout.FederatedLogout],
 ) (*Server, error) {
 	opConfig, err := createOPConfig(config, defaultLogoutRedirectURI, cryptoKey)
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "OIDC-EGrqd", "cannot create op config: %w")
 	}
-	storage := newStorage(config, command, query, repo, encryptionAlg, es, projections, ContextToIssuer)
+	storage := newStorage(config, command, query, repo, encryptionAlg, es, projections, ContextToIssuer, federatedLogoutCache)
 	keyCache := newPublicKeyCache(ctx, config.PublicKeyCacheMaxAge, queryKeyFunc(query))
 	accessTokenKeySet := newOidcKeySet(keyCache, withKeyExpiryCheck(true))
 	idTokenHintKeySet := newOidcKeySet(keyCache)
@@ -225,7 +229,17 @@ func createOPConfig(config Config, defaultLogoutRedirectURI string, cryptoKey []
 	return opConfig, nil
 }
 
-func newStorage(config Config, command *command.Commands, query *query.Queries, repo repository.Repository, encAlg crypto.EncryptionAlgorithm, es *eventstore.Eventstore, db *database.DB, contextToIssuer func(context.Context) string) *OPStorage {
+func newStorage(
+	config Config,
+	command *command.Commands,
+	query *query.Queries,
+	repo repository.Repository,
+	encAlg crypto.EncryptionAlgorithm,
+	es *eventstore.Eventstore,
+	db *database.DB,
+	contextToIssuer func(context.Context) string,
+	federateLogoutCache cache.Cache[federatedlogout.Index, string, *federatedlogout.FederatedLogout],
+) *OPStorage {
 	return &OPStorage{
 		repo:                              repo,
 		command:                           command,
@@ -242,6 +256,7 @@ func newStorage(config Config, command *command.Commands, query *query.Queries,
 		locker:                            crdb.NewLocker(db.DB, locksTable, signingKey),
 		assetAPIPrefix:                    assets.AssetAPI(),
 		contextToIssuer:                   contextToIssuer,
+		federateLogoutCache:               federateLogoutCache,
 	}
 }
 
diff --git a/internal/api/ui/login/external_provider_handler.go b/internal/api/ui/login/external_provider_handler.go
index bd7ba7cd58..6202c38c8b 100644
--- a/internal/api/ui/login/external_provider_handler.go
+++ b/internal/api/ui/login/external_provider_handler.go
@@ -3,11 +3,13 @@ package login
 import (
 	"context"
 	"errors"
+	"html/template"
 	"net/http"
 	"net/url"
 	"slices"
 	"strings"
 
+	crewjam_saml "github.com/crewjam/saml"
 	"github.com/crewjam/saml/samlsp"
 	"github.com/zitadel/logging"
 	"github.com/zitadel/oidc/v3/pkg/client/rp"
@@ -20,6 +22,7 @@ import (
 	http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/domain/federatedlogout"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
 	"github.com/zitadel/zitadel/internal/idp"
 	"github.com/zitadel/zitadel/internal/idp/providers/apple"
@@ -1422,6 +1425,124 @@ func (l *Login) getUserLinks(ctx context.Context, userID, idpID string) (*query.
 	)
 }
 
+type federatedLogoutData struct {
+	SessionID string `schema:"sessionID"`
+}
+
+const (
+	federatedLogoutDataSessionID = "sessionID"
+)
+
+func ExternalLogoutPath(sessionID string) string {
+	v := url.Values{}
+	v.Set(federatedLogoutDataSessionID, sessionID)
+	return HandlerPrefix + EndpointExternalLogout + "?" + v.Encode()
+}
+
+// handleExternalLogout is called when a user signed out of ZITADEL with a federated logout
+func (l *Login) handleExternalLogout(w http.ResponseWriter, r *http.Request) {
+	data := new(federatedLogoutData)
+	err := l.parser.Parse(r, data)
+	if err != nil {
+		l.renderError(w, r, nil, err)
+		return
+	}
+
+	logoutRequest, ok := l.caches.federatedLogouts.Get(r.Context(), federatedlogout.IndexRequestID, federatedlogout.Key(authz.GetInstance(r.Context()).InstanceID(), data.SessionID))
+	if !ok || logoutRequest.State != federatedlogout.StateCreated || logoutRequest.FingerPrintID != authz.GetCtxData(r.Context()).AgentID {
+		l.renderError(w, r, nil, zerrors.ThrowNotFound(nil, "LOGIN-ADK21", "Errors.ExternalIDP.LogoutRequestNotFound"))
+		return
+	}
+
+	provider, err := l.externalLogoutProvider(r, logoutRequest.IDPID)
+	if err != nil {
+		l.renderError(w, r, nil, err)
+		return
+	}
+
+	nameID, err := l.externalUserID(r.Context(), logoutRequest.UserID, logoutRequest.IDPID)
+	if err != nil {
+		l.renderError(w, r, nil, err)
+		return
+	}
+
+	err = samlLogoutRequest(w, r, provider, nameID, logoutRequest.SessionID)
+	if err != nil {
+		l.renderError(w, r, nil, err)
+		return
+	}
+	logoutRequest.State = federatedlogout.StateRedirected
+	l.caches.federatedLogouts.Set(r.Context(), logoutRequest)
+}
+
+func (l *Login) externalLogoutProvider(r *http.Request, providerID string) (*saml.Provider, error) {
+	identityProvider, err := l.getIDPByID(r, providerID)
+	if err != nil {
+		return nil, err
+	}
+	if identityProvider.Type != domain.IDPTypeSAML {
+		return nil, zerrors.ThrowInvalidArgument(nil, "LOGIN-ADK21", "Errors.ExternalIDP.IDPTypeNotImplemented")
+	}
+	return l.samlProvider(r.Context(), identityProvider)
+}
+
+func samlLogoutRequest(w http.ResponseWriter, r *http.Request, provider *saml.Provider, nameID, sessionID string) error {
+	mw, err := provider.GetSP()
+	if err != nil {
+		return err
+	}
+	// We ignore the configured binding and only check the available SLO endpoints from the metadata.
+	// For example, Azure documents that only redirect binding is possible and also only provides a redirect SLO in the metadata.
+	slo := mw.ServiceProvider.GetSLOBindingLocation(crewjam_saml.HTTPRedirectBinding)
+	if slo != "" {
+		return samlRedirectLogoutRequest(w, r, mw.ServiceProvider, slo, nameID, sessionID)
+	}
+	slo = mw.ServiceProvider.GetSLOBindingLocation(crewjam_saml.HTTPPostBinding)
+	return samlPostLogoutRequest(w, mw.ServiceProvider, slo, nameID, sessionID)
+}
+
+func samlRedirectLogoutRequest(w http.ResponseWriter, r *http.Request, sp crewjam_saml.ServiceProvider, slo, nameID, sessionID string) error {
+	lr, err := sp.MakeLogoutRequest(slo, nameID)
+	if err != nil {
+		return err
+	}
+	http.Redirect(w, r, lr.Redirect(sessionID).String(), http.StatusFound)
+	return nil
+}
+
+var (
+	samlSLOPostTemplate = template.Must(template.New("samlSLOPost").Parse(`<!DOCTYPE html><html><body>{{.Form}}</body></html>`))
+)
+
+type samlSLOPostData struct {
+	Form template.HTML
+}
+
+func samlPostLogoutRequest(w http.ResponseWriter, sp crewjam_saml.ServiceProvider, slo, nameID, sessionID string) error {
+	lr, err := sp.MakeLogoutRequest(slo, nameID)
+	if err != nil {
+		return err
+	}
+
+	return samlSLOPostTemplate.Execute(w, &samlSLOPostData{Form: template.HTML(lr.Post(sessionID))})
+}
+
+func (l *Login) externalUserID(ctx context.Context, userID, idpID string) (string, error) {
+	userIDQuery, err := query.NewIDPUserLinksUserIDSearchQuery(userID)
+	if err != nil {
+		return "", err
+	}
+	idpIDQuery, err := query.NewIDPUserLinkIDPIDSearchQuery(idpID)
+	if err != nil {
+		return "", err
+	}
+	links, err := l.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{Queries: []query.SearchQuery{userIDQuery, idpIDQuery}}, nil)
+	if err != nil || len(links.Links) != 1 {
+		return "", zerrors.ThrowPreconditionFailed(err, "LOGIN-ADK21", "Errors.User.ExternalIDP.NotFound")
+	}
+	return links.Links[0].ProvidedUserID, nil
+}
+
 // IdPError wraps an error from an external IDP to be able to distinguish it from other errors and to display it
 // more prominent (popup style) .
 // It's used if an error occurs during the login process with an external IDP and local authentication is allowed,
diff --git a/internal/api/ui/login/login.go b/internal/api/ui/login/login.go
index 444c5aaa85..f1ce9bfa2a 100644
--- a/internal/api/ui/login/login.go
+++ b/internal/api/ui/login/login.go
@@ -21,6 +21,7 @@ import (
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/domain/federatedlogout"
 	"github.com/zitadel/zitadel/internal/form"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/static"
@@ -60,25 +61,20 @@ const (
 	DefaultLoggedOutPath = HandlerPrefix + EndpointLogoutDone
 )
 
-func CreateLogin(config Config,
+func CreateLogin(
+	config Config,
 	command *command.Commands,
 	query *query.Queries,
 	authRepo *eventsourcing.EsRepository,
 	staticStorage static.Storage,
 	consolePath string,
-	oidcAuthCallbackURL func(context.Context, string) string,
-	samlAuthCallbackURL func(context.Context, string) string,
+	oidcAuthCallbackURL, samlAuthCallbackURL func(context.Context, string) string,
 	externalSecure bool,
-	userAgentCookie,
-	issuerInterceptor,
-	oidcInstanceHandler,
-	samlInstanceHandler,
-	assetCache,
-	accessHandler mux.MiddlewareFunc,
-	userCodeAlg crypto.EncryptionAlgorithm,
-	idpConfigAlg crypto.EncryptionAlgorithm,
+	userAgentCookie, issuerInterceptor, oidcInstanceHandler, samlInstanceHandler, assetCache, accessHandler mux.MiddlewareFunc,
+	userCodeAlg, idpConfigAlg crypto.EncryptionAlgorithm,
 	csrfCookieKey []byte,
 	cacheConnectors connector.Connectors,
+	federateLogoutCache cache.Cache[federatedlogout.Index, string, *federatedlogout.FederatedLogout],
 ) (*Login, error) {
 	login := &Login{
 		oidcAuthCallbackURL: oidcAuthCallbackURL,
@@ -101,7 +97,7 @@ func CreateLogin(config Config,
 	login.parser = form.NewParser()
 
 	var err error
-	login.caches, err = startCaches(context.Background(), cacheConnectors)
+	login.caches, err = startCaches(context.Background(), cacheConnectors, federateLogoutCache)
 	if err != nil {
 		return nil, err
 	}
@@ -112,7 +108,11 @@ func csp() *middleware.CSP {
 	csp := middleware.DefaultSCP
 	csp.ObjectSrc = middleware.CSPSourceOptsSelf()
 	csp.StyleSrc = csp.StyleSrc.AddNonce()
-	csp.ScriptSrc = csp.ScriptSrc.AddNonce().AddHash("sha256", "AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=")
+	csp.ScriptSrc = csp.ScriptSrc.AddNonce().
+		// SAML POST ACS
+		AddHash("sha256", "AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=").
+		// SAML POST SLO
+		AddHash("sha256", "4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=")
 	return &csp
 }
 
@@ -215,14 +215,16 @@ func (l *Login) baseURL(ctx context.Context) string {
 
 type Caches struct {
 	idpFormCallbacks cache.Cache[idpFormCallbackIndex, string, *idpFormCallback]
+	federatedLogouts cache.Cache[federatedlogout.Index, string, *federatedlogout.FederatedLogout]
 }
 
-func startCaches(background context.Context, connectors connector.Connectors) (_ *Caches, err error) {
+func startCaches(background context.Context, connectors connector.Connectors, federateLogoutCache cache.Cache[federatedlogout.Index, string, *federatedlogout.FederatedLogout]) (_ *Caches, err error) {
 	caches := new(Caches)
 	caches.idpFormCallbacks, err = connector.StartCache[idpFormCallbackIndex, string, *idpFormCallback](background, []idpFormCallbackIndex{idpFormCallbackIndexRequestID}, cache.PurposeIdPFormCallback, connectors.Config.IdPFormCallbacks, connectors)
 	if err != nil {
 		return nil, err
 	}
+	caches.federatedLogouts = federateLogoutCache
 	return caches, nil
 }
 
diff --git a/internal/api/ui/login/router.go b/internal/api/ui/login/router.go
index 6e346c9da0..459a0aab5d 100644
--- a/internal/api/ui/login/router.go
+++ b/internal/api/ui/login/router.go
@@ -14,6 +14,7 @@ const (
 	EndpointExternalLogin                 = "/login/externalidp"
 	EndpointExternalLoginCallback         = "/login/externalidp/callback"
 	EndpointExternalLoginCallbackFormPost = "/login/externalidp/callback/form"
+	EndpointExternalLogout                = "/logout/externalidp"
 	EndpointSAMLACS                       = "/login/externalidp/saml/acs"
 	EndpointJWTAuthorize                  = "/login/jwt/authorize"
 	EndpointJWTCallback                   = "/login/jwt/callback"
@@ -77,6 +78,7 @@ func CreateRouter(login *Login, interceptors ...mux.MiddlewareFunc) *mux.Router
 	router.HandleFunc(EndpointExternalLogin, login.handleExternalLogin).Methods(http.MethodGet)
 	router.HandleFunc(EndpointExternalLoginCallback, login.handleExternalLoginCallback).Methods(http.MethodGet)
 	router.HandleFunc(EndpointExternalLoginCallbackFormPost, login.handleExternalLoginCallbackForm).Methods(http.MethodPost)
+	router.HandleFunc(EndpointExternalLogout, login.handleExternalLogout).Methods(http.MethodGet)
 	router.HandleFunc(EndpointSAMLACS, login.handleExternalLoginCallback).Methods(http.MethodGet)
 	router.HandleFunc(EndpointSAMLACS, login.handleExternalLoginCallbackForm).Methods(http.MethodPost)
 	router.HandleFunc(EndpointJWTAuthorize, login.handleJWTRequest).Methods(http.MethodGet)
diff --git a/internal/auth/repository/eventsourcing/eventstore/user.go b/internal/auth/repository/eventsourcing/eventstore/user.go
index 61895c263d..6c5375a6b9 100644
--- a/internal/auth/repository/eventsourcing/eventstore/user.go
+++ b/internal/auth/repository/eventsourcing/eventstore/user.go
@@ -13,6 +13,7 @@ import (
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/repository/user"
 	usr_view "github.com/zitadel/zitadel/internal/user/repository/view"
+	"github.com/zitadel/zitadel/internal/user/repository/view/model"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
@@ -49,6 +50,10 @@ func (repo *UserRepo) UserAgentIDBySessionID(ctx context.Context, sessionID stri
 	return repo.View.UserAgentIDBySessionID(ctx, sessionID, authz.GetInstance(ctx).InstanceID())
 }
 
+func (repo *UserRepo) UserSessionByID(ctx context.Context, sessionID string) (*model.UserSessionView, error) {
+	return repo.View.UserSessionByID(ctx, sessionID, authz.GetInstance(ctx).InstanceID())
+}
+
 func (repo *UserRepo) ActiveUserSessionsBySessionID(ctx context.Context, sessionID string) (userAgentID string, signoutSessions []command.HumanSignOutSession, err error) {
 	userAgentID, sessions, err := repo.View.ActiveUserSessionsBySessionID(ctx, sessionID, authz.GetInstance(ctx).InstanceID())
 	if err != nil {
diff --git a/internal/auth/repository/eventsourcing/view/user_session.go b/internal/auth/repository/eventsourcing/view/user_session.go
index a4618e11fb..777bc3213f 100644
--- a/internal/auth/repository/eventsourcing/view/user_session.go
+++ b/internal/auth/repository/eventsourcing/view/user_session.go
@@ -16,6 +16,10 @@ func (v *View) UserSessionByIDs(ctx context.Context, agentID, userID, instanceID
 	return view.UserSessionByIDs(ctx, v.client, agentID, userID, instanceID)
 }
 
+func (v *View) UserSessionByID(ctx context.Context, userSessionID, instanceID string) (*model.UserSessionView, error) {
+	return view.UserSessionByID(ctx, v.client, userSessionID, instanceID)
+}
+
 func (v *View) UserSessionsByAgentID(ctx context.Context, agentID, instanceID string) ([]*model.UserSessionView, error) {
 	return view.UserSessionsByAgentID(ctx, v.client, agentID, instanceID)
 }
diff --git a/internal/auth/repository/user.go b/internal/auth/repository/user.go
index f09581b32e..b51ca27f24 100644
--- a/internal/auth/repository/user.go
+++ b/internal/auth/repository/user.go
@@ -4,10 +4,12 @@ import (
 	"context"
 
 	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/user/repository/view/model"
 )
 
 type UserRepository interface {
 	UserSessionsByAgentID(ctx context.Context, agentID string) (sessions []command.HumanSignOutSession, err error)
 	UserAgentIDBySessionID(ctx context.Context, sessionID string) (string, error)
+	UserSessionByID(ctx context.Context, sessionID string) (*model.UserSessionView, error)
 	ActiveUserSessionsBySessionID(ctx context.Context, sessionID string) (userAgentID string, sessions []command.HumanSignOutSession, err error)
 }
diff --git a/internal/cache/cache.go b/internal/cache/cache.go
index dc05208caa..233308a3cb 100644
--- a/internal/cache/cache.go
+++ b/internal/cache/cache.go
@@ -18,6 +18,7 @@ const (
 	PurposeMilestones
 	PurposeOrganization
 	PurposeIdPFormCallback
+	PurposeFederatedLogout
 )
 
 // Cache stores objects with a value of type `V`.
diff --git a/internal/cache/connector/connector.go b/internal/cache/connector/connector.go
index 1a0534759a..532e795a81 100644
--- a/internal/cache/connector/connector.go
+++ b/internal/cache/connector/connector.go
@@ -23,6 +23,7 @@ type CachesConfig struct {
 	Milestones       *cache.Config
 	Organization     *cache.Config
 	IdPFormCallbacks *cache.Config
+	FederatedLogouts *cache.Config
 }
 
 type Connectors struct {
diff --git a/internal/cache/purpose_enumer.go b/internal/cache/purpose_enumer.go
index a93a978efb..f721435593 100644
--- a/internal/cache/purpose_enumer.go
+++ b/internal/cache/purpose_enumer.go
@@ -7,11 +7,11 @@ import (
 	"strings"
 )
 
-const _PurposeName = "unspecifiedauthz_instancemilestonesorganizationid_p_form_callback"
+const _PurposeName = "unspecifiedauthz_instancemilestonesorganizationid_p_form_callbackfederated_logout"
 
-var _PurposeIndex = [...]uint8{0, 11, 25, 35, 47, 65}
+var _PurposeIndex = [...]uint8{0, 11, 25, 35, 47, 65, 81}
 
-const _PurposeLowerName = "unspecifiedauthz_instancemilestonesorganizationid_p_form_callback"
+const _PurposeLowerName = "unspecifiedauthz_instancemilestonesorganizationid_p_form_callbackfederated_logout"
 
 func (i Purpose) String() string {
 	if i < 0 || i >= Purpose(len(_PurposeIndex)-1) {
@@ -29,9 +29,10 @@ func _PurposeNoOp() {
 	_ = x[PurposeMilestones-(2)]
 	_ = x[PurposeOrganization-(3)]
 	_ = x[PurposeIdPFormCallback-(4)]
+	_ = x[PurposeFederatedLogout-(5)]
 }
 
-var _PurposeValues = []Purpose{PurposeUnspecified, PurposeAuthzInstance, PurposeMilestones, PurposeOrganization, PurposeIdPFormCallback}
+var _PurposeValues = []Purpose{PurposeUnspecified, PurposeAuthzInstance, PurposeMilestones, PurposeOrganization, PurposeIdPFormCallback, PurposeFederatedLogout}
 
 var _PurposeNameToValueMap = map[string]Purpose{
 	_PurposeName[0:11]:       PurposeUnspecified,
@@ -44,6 +45,8 @@ var _PurposeNameToValueMap = map[string]Purpose{
 	_PurposeLowerName[35:47]: PurposeOrganization,
 	_PurposeName[47:65]:      PurposeIdPFormCallback,
 	_PurposeLowerName[47:65]: PurposeIdPFormCallback,
+	_PurposeName[65:81]:      PurposeFederatedLogout,
+	_PurposeLowerName[65:81]: PurposeFederatedLogout,
 }
 
 var _PurposeNames = []string{
@@ -52,6 +55,7 @@ var _PurposeNames = []string{
 	_PurposeName[25:35],
 	_PurposeName[35:47],
 	_PurposeName[47:65],
+	_PurposeName[65:81],
 }
 
 // PurposeString retrieves an enum value from the enum constants string name.
diff --git a/internal/command/idp.go b/internal/command/idp.go
index 821a577900..06d8f473c0 100644
--- a/internal/command/idp.go
+++ b/internal/command/idp.go
@@ -122,6 +122,7 @@ type SAMLProvider struct {
 	WithSignedRequest             bool
 	NameIDFormat                  *domain.SAMLNameIDFormat
 	TransientMappingAttributeName string
+	FederatedLogoutEnabled        bool
 	IDPOptions                    idp.Options
 }
 
diff --git a/internal/command/idp_intent_test.go b/internal/command/idp_intent_test.go
index 1be3971e87..6cf835f521 100644
--- a/internal/command/idp_intent_test.go
+++ b/internal/command/idp_intent_test.go
@@ -743,6 +743,7 @@ func TestCommands_AuthFromProvider_SAML(t *testing.T) {
 								false,
 								gu.Ptr(domain.SAMLNameIDFormatUnspecified),
 								"",
+								false,
 								rep_idp.Options{},
 							)),
 					),
@@ -763,6 +764,7 @@ func TestCommands_AuthFromProvider_SAML(t *testing.T) {
 								false,
 								gu.Ptr(domain.SAMLNameIDFormatUnspecified),
 								"",
+								false,
 								rep_idp.Options{},
 							)),
 					),
diff --git a/internal/command/idp_model.go b/internal/command/idp_model.go
index 5257d38bf4..188d45e6ec 100644
--- a/internal/command/idp_model.go
+++ b/internal/command/idp_model.go
@@ -1760,6 +1760,7 @@ type SAMLIDPWriteModel struct {
 	WithSignedRequest             bool
 	NameIDFormat                  *domain.SAMLNameIDFormat
 	TransientMappingAttributeName string
+	FederatedLogoutEnabled        bool
 	idp.Options
 
 	State domain.IDPState
@@ -1788,6 +1789,7 @@ func (wm *SAMLIDPWriteModel) reduceAddedEvent(e *idp.SAMLIDPAddedEvent) {
 	wm.WithSignedRequest = e.WithSignedRequest
 	wm.NameIDFormat = e.NameIDFormat
 	wm.TransientMappingAttributeName = e.TransientMappingAttributeName
+	wm.FederatedLogoutEnabled = e.FederatedLogoutEnabled
 	wm.Options = e.Options
 	wm.State = domain.IDPStateActive
 }
@@ -1817,6 +1819,9 @@ func (wm *SAMLIDPWriteModel) reduceChangedEvent(e *idp.SAMLIDPChangedEvent) {
 	if e.TransientMappingAttributeName != nil {
 		wm.TransientMappingAttributeName = *e.TransientMappingAttributeName
 	}
+	if e.FederatedLogoutEnabled != nil {
+		wm.FederatedLogoutEnabled = *e.FederatedLogoutEnabled
+	}
 	wm.Options.ReduceChanges(e.OptionChanges)
 }
 
@@ -1830,6 +1835,7 @@ func (wm *SAMLIDPWriteModel) NewChanges(
 	withSignedRequest bool,
 	nameIDFormat *domain.SAMLNameIDFormat,
 	transientMappingAttributeName string,
+	federatedLogoutEnabled bool,
 	options idp.Options,
 ) ([]idp.SAMLIDPChanges, error) {
 	changes := make([]idp.SAMLIDPChanges, 0)
@@ -1861,6 +1867,9 @@ func (wm *SAMLIDPWriteModel) NewChanges(
 	if wm.TransientMappingAttributeName != transientMappingAttributeName {
 		changes = append(changes, idp.ChangeSAMLTransientMappingAttributeName(transientMappingAttributeName))
 	}
+	if wm.FederatedLogoutEnabled != federatedLogoutEnabled {
+		changes = append(changes, idp.ChangeSAMLFederatedLogoutEnabled(federatedLogoutEnabled))
+	}
 	opts := wm.Options.Changes(options)
 	if !opts.IsZero() {
 		changes = append(changes, idp.ChangeSAMLOptions(opts))
@@ -1899,6 +1908,7 @@ func (wm *SAMLIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.Encryp
 	if wm.TransientMappingAttributeName != "" {
 		opts = append(opts, saml2.WithTransientMappingAttributeName(wm.TransientMappingAttributeName))
 	}
+	// TODO: ? if wm.FederatedLogoutEnabled
 	opts = append(opts, saml2.WithCustomRequestTracker(
 		requesttracker.New(
 			addRequest,
diff --git a/internal/command/instance_idp.go b/internal/command/instance_idp.go
index 348f55cd9c..90efb3edd4 100644
--- a/internal/command/instance_idp.go
+++ b/internal/command/instance_idp.go
@@ -1795,6 +1795,7 @@ func (c *Commands) prepareAddInstanceSAMLProvider(a *instance.Aggregate, writeMo
 					provider.WithSignedRequest,
 					provider.NameIDFormat,
 					provider.TransientMappingAttributeName,
+					provider.FederatedLogoutEnabled,
 					provider.IDPOptions,
 				),
 			}, nil
@@ -1848,6 +1849,7 @@ func (c *Commands) prepareUpdateInstanceSAMLProvider(a *instance.Aggregate, writ
 				provider.WithSignedRequest,
 				provider.NameIDFormat,
 				provider.TransientMappingAttributeName,
+				provider.FederatedLogoutEnabled,
 				provider.IDPOptions,
 			)
 			if err != nil || event == nil {
@@ -1893,6 +1895,7 @@ func (c *Commands) prepareRegenerateInstanceSAMLProviderCertificate(a *instance.
 				writeModel.WithSignedRequest,
 				writeModel.NameIDFormat,
 				writeModel.TransientMappingAttributeName,
+				writeModel.FederatedLogoutEnabled,
 				writeModel.Options,
 			)
 			if err != nil || event == nil {
diff --git a/internal/command/instance_idp_model.go b/internal/command/instance_idp_model.go
index d94c19d318..03d9cd9c36 100644
--- a/internal/command/instance_idp_model.go
+++ b/internal/command/instance_idp_model.go
@@ -923,6 +923,7 @@ func (wm *InstanceSAMLIDPWriteModel) NewChangedEvent(
 	withSignedRequest bool,
 	nameIDFormat *domain.SAMLNameIDFormat,
 	transientMappingAttributeName string,
+	federatedLogoutEnabled bool,
 	options idp.Options,
 ) (*instance.SAMLIDPChangedEvent, error) {
 	changes, err := wm.SAMLIDPWriteModel.NewChanges(
@@ -935,6 +936,7 @@ func (wm *InstanceSAMLIDPWriteModel) NewChangedEvent(
 		withSignedRequest,
 		nameIDFormat,
 		transientMappingAttributeName,
+		federatedLogoutEnabled,
 		options,
 	)
 	if err != nil || len(changes) == 0 {
diff --git a/internal/command/instance_idp_test.go b/internal/command/instance_idp_test.go
index 7002598af5..4805d075dd 100644
--- a/internal/command/instance_idp_test.go
+++ b/internal/command/instance_idp_test.go
@@ -5437,6 +5437,7 @@ func TestCommandSide_AddInstanceSAMLIDP(t *testing.T) {
 							false,
 							nil,
 							"",
+							false,
 							idp.Options{},
 						),
 					),
@@ -5478,6 +5479,7 @@ func TestCommandSide_AddInstanceSAMLIDP(t *testing.T) {
 							true,
 							gu.Ptr(domain.SAMLNameIDFormatTransient),
 							"customAttribute",
+							true,
 							idp.Options{
 								IsCreationAllowed: true,
 								IsLinkingAllowed:  true,
@@ -5500,6 +5502,7 @@ func TestCommandSide_AddInstanceSAMLIDP(t *testing.T) {
 					WithSignedRequest:             true,
 					NameIDFormat:                  gu.Ptr(domain.SAMLNameIDFormatTransient),
 					TransientMappingAttributeName: "customAttribute",
+					FederatedLogoutEnabled:        true,
 					IDPOptions: idp.Options{
 						IsCreationAllowed: true,
 						IsLinkingAllowed:  true,
@@ -5665,6 +5668,7 @@ func TestCommandSide_UpdateInstanceGenericSAMLIDP(t *testing.T) {
 								false,
 								nil,
 								"",
+								false,
 								idp.Options{},
 							)),
 					),
@@ -5703,6 +5707,7 @@ func TestCommandSide_UpdateInstanceGenericSAMLIDP(t *testing.T) {
 								false,
 								gu.Ptr(domain.SAMLNameIDFormatUnspecified),
 								"",
+								false,
 								idp.Options{},
 							)),
 					),
@@ -5718,6 +5723,7 @@ func TestCommandSide_UpdateInstanceGenericSAMLIDP(t *testing.T) {
 									idp.ChangeSAMLWithSignedRequest(true),
 									idp.ChangeSAMLNameIDFormat(gu.Ptr(domain.SAMLNameIDFormatTransient)),
 									idp.ChangeSAMLTransientMappingAttributeName("customAttribute"),
+									idp.ChangeSAMLFederatedLogoutEnabled(true),
 									idp.ChangeSAMLOptions(idp.OptionChanges{
 										IsCreationAllowed: &t,
 										IsLinkingAllowed:  &t,
@@ -5742,6 +5748,7 @@ func TestCommandSide_UpdateInstanceGenericSAMLIDP(t *testing.T) {
 					WithSignedRequest:             true,
 					NameIDFormat:                  gu.Ptr(domain.SAMLNameIDFormatTransient),
 					TransientMappingAttributeName: "customAttribute",
+					FederatedLogoutEnabled:        true,
 					IDPOptions: idp.Options{
 						IsCreationAllowed: true,
 						IsLinkingAllowed:  true,
@@ -5845,6 +5852,7 @@ func TestCommandSide_RegenerateInstanceSAMLProviderCertificate(t *testing.T) {
 								false,
 								gu.Ptr(domain.SAMLNameIDFormatUnspecified),
 								"",
+								false,
 								idp.Options{},
 							)),
 					),
diff --git a/internal/command/org_idp.go b/internal/command/org_idp.go
index b72fc1fd77..6cae78acc7 100644
--- a/internal/command/org_idp.go
+++ b/internal/command/org_idp.go
@@ -1768,6 +1768,7 @@ func (c *Commands) prepareAddOrgSAMLProvider(a *org.Aggregate, writeModel *OrgSA
 					provider.WithSignedRequest,
 					provider.NameIDFormat,
 					provider.TransientMappingAttributeName,
+					provider.FederatedLogoutEnabled,
 					provider.IDPOptions,
 				),
 			}, nil
@@ -1821,6 +1822,7 @@ func (c *Commands) prepareUpdateOrgSAMLProvider(a *org.Aggregate, writeModel *Or
 				provider.WithSignedRequest,
 				provider.NameIDFormat,
 				provider.TransientMappingAttributeName,
+				provider.FederatedLogoutEnabled,
 				provider.IDPOptions,
 			)
 			if err != nil || event == nil {
@@ -1866,6 +1868,7 @@ func (c *Commands) prepareRegenerateOrgSAMLProviderCertificate(a *org.Aggregate,
 				writeModel.WithSignedRequest,
 				writeModel.NameIDFormat,
 				writeModel.TransientMappingAttributeName,
+				writeModel.FederatedLogoutEnabled,
 				writeModel.Options,
 			)
 			if err != nil || event == nil {
diff --git a/internal/command/org_idp_model.go b/internal/command/org_idp_model.go
index 3baea11495..fdafb7f087 100644
--- a/internal/command/org_idp_model.go
+++ b/internal/command/org_idp_model.go
@@ -935,6 +935,7 @@ func (wm *OrgSAMLIDPWriteModel) NewChangedEvent(
 	withSignedRequest bool,
 	nameIDFormat *domain.SAMLNameIDFormat,
 	transientMappingAttributeName string,
+	federatedLogoutEnabled bool,
 	options idp.Options,
 ) (*org.SAMLIDPChangedEvent, error) {
 	changes, err := wm.SAMLIDPWriteModel.NewChanges(
@@ -947,6 +948,7 @@ func (wm *OrgSAMLIDPWriteModel) NewChangedEvent(
 		withSignedRequest,
 		nameIDFormat,
 		transientMappingAttributeName,
+		federatedLogoutEnabled,
 		options,
 	)
 	if err != nil || len(changes) == 0 {
diff --git a/internal/command/org_idp_test.go b/internal/command/org_idp_test.go
index 9959ced97d..54f508da30 100644
--- a/internal/command/org_idp_test.go
+++ b/internal/command/org_idp_test.go
@@ -5519,6 +5519,7 @@ func TestCommandSide_AddOrgSAMLIDP(t *testing.T) {
 							false,
 							nil,
 							"",
+							false,
 							idp.Options{},
 						),
 					),
@@ -5560,6 +5561,7 @@ func TestCommandSide_AddOrgSAMLIDP(t *testing.T) {
 							true,
 							gu.Ptr(domain.SAMLNameIDFormatTransient),
 							"customAttribute",
+							true,
 							idp.Options{
 								IsCreationAllowed: true,
 								IsLinkingAllowed:  true,
@@ -5583,6 +5585,7 @@ func TestCommandSide_AddOrgSAMLIDP(t *testing.T) {
 					WithSignedRequest:             true,
 					NameIDFormat:                  gu.Ptr(domain.SAMLNameIDFormatTransient),
 					TransientMappingAttributeName: "customAttribute",
+					FederatedLogoutEnabled:        true,
 					IDPOptions: idp.Options{
 						IsCreationAllowed: true,
 						IsLinkingAllowed:  true,
@@ -5756,6 +5759,7 @@ func TestCommandSide_UpdateOrgSAMLIDP(t *testing.T) {
 								false,
 								nil,
 								"",
+								false,
 								idp.Options{},
 							)),
 					),
@@ -5795,6 +5799,7 @@ func TestCommandSide_UpdateOrgSAMLIDP(t *testing.T) {
 								false,
 								gu.Ptr(domain.SAMLNameIDFormatUnspecified),
 								"",
+								false,
 								idp.Options{},
 							)),
 					),
@@ -5810,6 +5815,7 @@ func TestCommandSide_UpdateOrgSAMLIDP(t *testing.T) {
 									idp.ChangeSAMLWithSignedRequest(true),
 									idp.ChangeSAMLNameIDFormat(gu.Ptr(domain.SAMLNameIDFormatTransient)),
 									idp.ChangeSAMLTransientMappingAttributeName("customAttribute"),
+									idp.ChangeSAMLFederatedLogoutEnabled(true),
 									idp.ChangeSAMLOptions(idp.OptionChanges{
 										IsCreationAllowed: &t,
 										IsLinkingAllowed:  &t,
@@ -5835,6 +5841,7 @@ func TestCommandSide_UpdateOrgSAMLIDP(t *testing.T) {
 					WithSignedRequest:             true,
 					NameIDFormat:                  gu.Ptr(domain.SAMLNameIDFormatTransient),
 					TransientMappingAttributeName: "customAttribute",
+					FederatedLogoutEnabled:        true,
 					IDPOptions: idp.Options{
 						IsCreationAllowed: true,
 						IsLinkingAllowed:  true,
@@ -5943,6 +5950,7 @@ func TestCommandSide_RegenerateOrgSAMLProviderCertificate(t *testing.T) {
 								false,
 								gu.Ptr(domain.SAMLNameIDFormatUnspecified),
 								"",
+								false,
 								idp.Options{},
 							)),
 					),
diff --git a/internal/domain/federatedlogout/logout.go b/internal/domain/federatedlogout/logout.go
new file mode 100644
index 0000000000..ca208a129a
--- /dev/null
+++ b/internal/domain/federatedlogout/logout.go
@@ -0,0 +1,37 @@
+package federatedlogout
+
+type Index int
+
+const (
+	IndexUnspecified Index = iota
+	IndexRequestID
+)
+
+type FederatedLogout struct {
+	InstanceID            string
+	FingerPrintID         string
+	SessionID             string
+	IDPID                 string
+	UserID                string
+	PostLogoutRedirectURI string
+	State                 State
+}
+
+// Keys implements cache.Entry
+func (c *FederatedLogout) Keys(i Index) []string {
+	if i == IndexRequestID {
+		return []string{Key(c.InstanceID, c.SessionID)}
+	}
+	return nil
+}
+
+func Key(instanceID, sessionID string) string {
+	return instanceID + "-" + sessionID
+}
+
+type State int
+
+const (
+	StateCreated State = iota
+	StateRedirected
+)
diff --git a/internal/query/idp_template.go b/internal/query/idp_template.go
index f51e9a11a7..c1c47e73bc 100644
--- a/internal/query/idp_template.go
+++ b/internal/query/idp_template.go
@@ -165,6 +165,7 @@ type SAMLIDPTemplate struct {
 	WithSignedRequest             bool
 	NameIDFormat                  sql.Null[domain.SAMLNameIDFormat]
 	TransientMappingAttributeName string
+	FederatedLogoutEnabled        bool
 }
 
 var (
@@ -724,6 +725,10 @@ var (
 		name:  projection.SAMLTransientMappingAttributeName,
 		table: samlIdpTemplateTable,
 	}
+	SAMLFederatedLogoutEnabledCol = Column{
+		name:  projection.SAMLFederatedLogoutEnabled,
+		table: samlIdpTemplateTable,
+	}
 )
 
 // IDPTemplateByID searches for the requested id with permission check if necessary
@@ -948,6 +953,7 @@ func prepareIDPTemplateByIDQuery() (sq.SelectBuilder, func(*sql.Row) (*IDPTempla
 			SAMLWithSignedRequestCol.identifier(),
 			SAMLNameIDFormatCol.identifier(),
 			SAMLTransientMappingAttributeNameCol.identifier(),
+			SAMLFederatedLogoutEnabledCol.identifier(),
 			// ldap
 			LDAPIDCol.identifier(),
 			LDAPServersCol.identifier(),
@@ -1067,6 +1073,7 @@ func prepareIDPTemplateByIDQuery() (sq.SelectBuilder, func(*sql.Row) (*IDPTempla
 			samlWithSignedRequest := sql.NullBool{}
 			samlNameIDFormat := sql.Null[domain.SAMLNameIDFormat]{}
 			samlTransientMappingAttributeName := sql.NullString{}
+			samlFederatedLogoutEnabled := sql.NullBool{}
 
 			ldapID := sql.NullString{}
 			ldapServers := database.TextArray[string]{}
@@ -1184,6 +1191,7 @@ func prepareIDPTemplateByIDQuery() (sq.SelectBuilder, func(*sql.Row) (*IDPTempla
 				&samlWithSignedRequest,
 				&samlNameIDFormat,
 				&samlTransientMappingAttributeName,
+				&samlFederatedLogoutEnabled,
 				// ldap
 				&ldapID,
 				&ldapServers,
@@ -1323,6 +1331,7 @@ func prepareIDPTemplateByIDQuery() (sq.SelectBuilder, func(*sql.Row) (*IDPTempla
 					WithSignedRequest:             samlWithSignedRequest.Bool,
 					NameIDFormat:                  samlNameIDFormat,
 					TransientMappingAttributeName: samlTransientMappingAttributeName.String,
+					FederatedLogoutEnabled:        samlFederatedLogoutEnabled.Bool,
 				}
 			}
 			if ldapID.Valid {
@@ -1456,6 +1465,7 @@ func prepareIDPTemplatesQuery() (sq.SelectBuilder, func(*sql.Rows) (*IDPTemplate
 			SAMLWithSignedRequestCol.identifier(),
 			SAMLNameIDFormatCol.identifier(),
 			SAMLTransientMappingAttributeNameCol.identifier(),
+			SAMLFederatedLogoutEnabledCol.identifier(),
 			// ldap
 			LDAPIDCol.identifier(),
 			LDAPServersCol.identifier(),
@@ -1580,6 +1590,7 @@ func prepareIDPTemplatesQuery() (sq.SelectBuilder, func(*sql.Rows) (*IDPTemplate
 				samlWithSignedRequest := sql.NullBool{}
 				samlNameIDFormat := sql.Null[domain.SAMLNameIDFormat]{}
 				samlTransientMappingAttributeName := sql.NullString{}
+				samlFederatedLogoutEnabled := sql.NullBool{}
 
 				ldapID := sql.NullString{}
 				ldapServers := database.TextArray[string]{}
@@ -1697,6 +1708,7 @@ func prepareIDPTemplatesQuery() (sq.SelectBuilder, func(*sql.Rows) (*IDPTemplate
 					&samlWithSignedRequest,
 					&samlNameIDFormat,
 					&samlTransientMappingAttributeName,
+					&samlFederatedLogoutEnabled,
 					// ldap
 					&ldapID,
 					&ldapServers,
@@ -1835,6 +1847,7 @@ func prepareIDPTemplatesQuery() (sq.SelectBuilder, func(*sql.Rows) (*IDPTemplate
 						WithSignedRequest:             samlWithSignedRequest.Bool,
 						NameIDFormat:                  samlNameIDFormat,
 						TransientMappingAttributeName: samlTransientMappingAttributeName.String,
+						FederatedLogoutEnabled:        samlFederatedLogoutEnabled.Bool,
 					}
 				}
 				if ldapID.Valid {
diff --git a/internal/query/idp_template_test.go b/internal/query/idp_template_test.go
index 702e5d0ced..aed243c61e 100644
--- a/internal/query/idp_template_test.go
+++ b/internal/query/idp_template_test.go
@@ -99,6 +99,7 @@ var (
 		` projections.idp_templates6_saml.with_signed_request,` +
 		` projections.idp_templates6_saml.name_id_format,` +
 		` projections.idp_templates6_saml.transient_mapping_attribute_name,` +
+		` projections.idp_templates6_saml.federated_logout_enabled,` +
 		// ldap
 		` projections.idp_templates6_ldap2.idp_id,` +
 		` projections.idp_templates6_ldap2.servers,` +
@@ -228,6 +229,7 @@ var (
 		"with_signed_request",
 		"name_id_format",
 		"transient_mapping_attribute_name",
+		"federated_logout_enabled",
 		// ldap config
 		"idp_id",
 		"servers",
@@ -344,6 +346,7 @@ var (
 		` projections.idp_templates6_saml.with_signed_request,` +
 		` projections.idp_templates6_saml.name_id_format,` +
 		` projections.idp_templates6_saml.transient_mapping_attribute_name,` +
+		` projections.idp_templates6_saml.federated_logout_enabled,` +
 		// ldap
 		` projections.idp_templates6_ldap2.idp_id,` +
 		` projections.idp_templates6_ldap2.servers,` +
@@ -474,6 +477,7 @@ var (
 		"with_signed_request",
 		"name_id_format",
 		"transient_mapping_attribute_name",
+		"federated_logout_enabled",
 		// ldap config
 		"idp_id",
 		"servers",
@@ -630,6 +634,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 						nil,
 						nil,
 						nil,
+						nil,
 						// ldap config
 						nil,
 						nil,
@@ -784,6 +789,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 						nil,
 						nil,
 						nil,
+						nil,
 						// ldap config
 						nil,
 						nil,
@@ -936,6 +942,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 						nil,
 						nil,
 						nil,
+						nil,
 						// ldap config
 						nil,
 						nil,
@@ -1086,6 +1093,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 						nil,
 						nil,
 						nil,
+						nil,
 						// ldap config
 						nil,
 						nil,
@@ -1235,6 +1243,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 						nil,
 						nil,
 						nil,
+						nil,
 						// ldap config
 						nil,
 						nil,
@@ -1384,6 +1393,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 						nil,
 						nil,
 						nil,
+						nil,
 						// ldap config
 						nil,
 						nil,
@@ -1534,6 +1544,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 						nil,
 						nil,
 						nil,
+						nil,
 						// ldap config
 						nil,
 						nil,
@@ -1683,6 +1694,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 						false,
 						domain.SAMLNameIDFormatTransient,
 						"customAttribute",
+						true,
 						// ldap config
 						nil,
 						nil,
@@ -1742,6 +1754,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 					WithSignedRequest:             false,
 					NameIDFormat:                  sql.Null[domain.SAMLNameIDFormat]{V: domain.SAMLNameIDFormatTransient, Valid: true},
 					TransientMappingAttributeName: "customAttribute",
+					FederatedLogoutEnabled:        true,
 				},
 			},
 		},
@@ -1836,6 +1849,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 						nil,
 						nil,
 						nil,
+						nil,
 						// ldap config
 						"idp-id",
 						database.TextArray[string]{"server"},
@@ -2006,6 +2020,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 						nil,
 						nil,
 						nil,
+						nil,
 						// ldap config
 						nil,
 						nil,
@@ -2157,6 +2172,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 						nil,
 						nil,
 						nil,
+						nil,
 						// ldap config
 						nil,
 						nil,
@@ -2336,6 +2352,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 							nil,
 							nil,
 							nil,
+							nil,
 							// ldap config
 							"idp-id",
 							database.TextArray[string]{"server"},
@@ -2515,6 +2532,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 							nil,
 							nil,
 							nil,
+							nil,
 							// ldap config
 							nil,
 							nil,
@@ -2667,6 +2685,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 							nil,
 							nil,
 							nil,
+							nil,
 							// ldap config
 							"idp-id-ldap",
 							database.TextArray[string]{"server"},
@@ -2784,6 +2803,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 							false,
 							domain.SAMLNameIDFormatTransient,
 							"customAttribute",
+							true,
 							// ldap config
 							nil,
 							nil,
@@ -2901,6 +2921,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 							nil,
 							nil,
 							nil,
+							nil,
 							// ldap config
 							nil,
 							nil,
@@ -3018,6 +3039,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 							nil,
 							nil,
 							nil,
+							nil,
 							// ldap config
 							nil,
 							nil,
@@ -3135,6 +3157,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 							nil,
 							nil,
 							nil,
+							nil,
 							// ldap config
 							nil,
 							nil,
@@ -3252,6 +3275,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 							nil,
 							nil,
 							nil,
+							nil,
 							// ldap config
 							nil,
 							nil,
@@ -3360,6 +3384,7 @@ func Test_IDPTemplateTemplatesPrepares(t *testing.T) {
 							WithSignedRequest:             false,
 							NameIDFormat:                  sql.Null[domain.SAMLNameIDFormat]{V: domain.SAMLNameIDFormatTransient, Valid: true},
 							TransientMappingAttributeName: "customAttribute",
+							FederatedLogoutEnabled:        true,
 						},
 					},
 					{
diff --git a/internal/query/projection/idp_template.go b/internal/query/projection/idp_template.go
index 55c74b851c..11eeb8c613 100644
--- a/internal/query/projection/idp_template.go
+++ b/internal/query/projection/idp_template.go
@@ -173,6 +173,7 @@ const (
 	SAMLWithSignedRequestCol          = "with_signed_request"
 	SAMLNameIDFormatCol               = "name_id_format"
 	SAMLTransientMappingAttributeName = "transient_mapping_attribute_name"
+	SAMLFederatedLogoutEnabled        = "federated_logout_enabled"
 )
 
 type idpTemplateProjection struct{}
@@ -377,6 +378,7 @@ func (*idpTemplateProjection) Init() *old_handler.Check {
 			handler.NewColumn(SAMLWithSignedRequestCol, handler.ColumnTypeBool, handler.Nullable()),
 			handler.NewColumn(SAMLNameIDFormatCol, handler.ColumnTypeEnum, handler.Nullable()),
 			handler.NewColumn(SAMLTransientMappingAttributeName, handler.ColumnTypeText, handler.Nullable()),
+			handler.NewColumn(SAMLFederatedLogoutEnabled, handler.ColumnTypeBool, handler.Default(false)),
 		},
 			handler.NewPrimaryKey(SAMLInstanceIDCol, SAMLIDCol),
 			IDPTemplateSAMLSuffix,
@@ -1990,6 +1992,7 @@ func (p *idpTemplateProjection) reduceSAMLIDPAdded(event eventstore.Event) (*han
 		handler.NewCol(SAMLBindingCol, idpEvent.Binding),
 		handler.NewCol(SAMLWithSignedRequestCol, idpEvent.WithSignedRequest),
 		handler.NewCol(SAMLTransientMappingAttributeName, idpEvent.TransientMappingAttributeName),
+		handler.NewCol(SAMLFederatedLogoutEnabled, idpEvent.FederatedLogoutEnabled),
 	}
 	if idpEvent.NameIDFormat != nil {
 		columns = append(columns, handler.NewCol(SAMLNameIDFormatCol, *idpEvent.NameIDFormat))
@@ -2525,5 +2528,8 @@ func reduceSAMLIDPChangedColumns(idpEvent idp.SAMLIDPChangedEvent) []handler.Col
 	if idpEvent.TransientMappingAttributeName != nil {
 		SAMLCols = append(SAMLCols, handler.NewCol(SAMLTransientMappingAttributeName, *idpEvent.TransientMappingAttributeName))
 	}
+	if idpEvent.FederatedLogoutEnabled != nil {
+		SAMLCols = append(SAMLCols, handler.NewCol(SAMLFederatedLogoutEnabled, *idpEvent.FederatedLogoutEnabled))
+	}
 	return SAMLCols
 }
diff --git a/internal/query/projection/idp_template_test.go b/internal/query/projection/idp_template_test.go
index cebf3f8791..6ba6dabd47 100644
--- a/internal/query/projection/idp_template_test.go
+++ b/internal/query/projection/idp_template_test.go
@@ -2793,7 +2793,8 @@ func TestIDPTemplateProjection_reducesSAML(t *testing.T) {
 	"isLinkingAllowed": true,
 	"isAutoCreation": true,
 	"isAutoUpdate": true,
-	"autoLinkingOption": 1
+	"autoLinkingOption": 1,
+	"federatedLogoutEnabled": true
 }`),
 				), instance.SAMLIDPAddedEventMapper),
 			},
@@ -2824,7 +2825,7 @@ func TestIDPTemplateProjection_reducesSAML(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "INSERT INTO projections.idp_templates6_saml (idp_id, instance_id, metadata, key, certificate, binding, with_signed_request, transient_mapping_attribute_name, name_id_format) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+							expectedStmt: "INSERT INTO projections.idp_templates6_saml (idp_id, instance_id, metadata, key, certificate, binding, with_signed_request, transient_mapping_attribute_name, federated_logout_enabled, name_id_format) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
 							expectedArgs: []interface{}{
 								"idp-id",
 								"instance-id",
@@ -2834,6 +2835,7 @@ func TestIDPTemplateProjection_reducesSAML(t *testing.T) {
 								"binding",
 								true,
 								"customAttribute",
+								true,
 								domain.SAMLNameIDFormatTransient,
 							},
 						},
@@ -2865,7 +2867,8 @@ func TestIDPTemplateProjection_reducesSAML(t *testing.T) {
 	"isLinkingAllowed": true,
 	"isAutoCreation": true,
 	"isAutoUpdate": true,
-	"autoLinkingOption": 1
+	"autoLinkingOption": 1,
+	"federatedLogoutEnabled": true
 }`),
 				), org.SAMLIDPAddedEventMapper),
 			},
@@ -2896,7 +2899,7 @@ func TestIDPTemplateProjection_reducesSAML(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "INSERT INTO projections.idp_templates6_saml (idp_id, instance_id, metadata, key, certificate, binding, with_signed_request, transient_mapping_attribute_name, name_id_format) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+							expectedStmt: "INSERT INTO projections.idp_templates6_saml (idp_id, instance_id, metadata, key, certificate, binding, with_signed_request, transient_mapping_attribute_name, federated_logout_enabled, name_id_format) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
 							expectedArgs: []interface{}{
 								"idp-id",
 								"instance-id",
@@ -2906,6 +2909,7 @@ func TestIDPTemplateProjection_reducesSAML(t *testing.T) {
 								"binding",
 								true,
 								"customAttribute",
+								true,
 								domain.SAMLNameIDFormatTransient,
 							},
 						},
@@ -2976,7 +2980,8 @@ func TestIDPTemplateProjection_reducesSAML(t *testing.T) {
 	"isLinkingAllowed": true,
 	"isAutoCreation": true,
 	"isAutoUpdate": true,
-	"autoLinkingOption": 1
+	"autoLinkingOption": 1,
+	"federatedLogoutEnabled": true
 }`),
 				), instance.SAMLIDPChangedEventMapper),
 			},
@@ -3002,13 +3007,14 @@ func TestIDPTemplateProjection_reducesSAML(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "UPDATE projections.idp_templates6_saml SET (metadata, key, certificate, binding, with_signed_request) = ($1, $2, $3, $4, $5) WHERE (idp_id = $6) AND (instance_id = $7)",
+							expectedStmt: "UPDATE projections.idp_templates6_saml SET (metadata, key, certificate, binding, with_signed_request, federated_logout_enabled) = ($1, $2, $3, $4, $5, $6) WHERE (idp_id = $7) AND (instance_id = $8)",
 							expectedArgs: []interface{}{
 								[]byte("metadata"),
 								anyArg{},
 								anyArg{},
 								"binding",
 								true,
+								true,
 								"idp-id",
 								"instance-id",
 							},
diff --git a/internal/repository/idp/saml.go b/internal/repository/idp/saml.go
index da6a52b1be..209d8371b3 100644
--- a/internal/repository/idp/saml.go
+++ b/internal/repository/idp/saml.go
@@ -19,6 +19,7 @@ type SAMLIDPAddedEvent struct {
 	WithSignedRequest             bool                     `json:"withSignedRequest,omitempty"`
 	NameIDFormat                  *domain.SAMLNameIDFormat `json:"nameIDFormat,omitempty"`
 	TransientMappingAttributeName string                   `json:"transientMappingAttributeName,omitempty"`
+	FederatedLogoutEnabled        bool                     `json:"federatedLogoutEnabled,omitempty"`
 	Options
 }
 
@@ -33,6 +34,7 @@ func NewSAMLIDPAddedEvent(
 	withSignedRequest bool,
 	nameIDFormat *domain.SAMLNameIDFormat,
 	transientMappingAttributeName string,
+	federatedLogoutEnabled bool,
 	options Options,
 ) *SAMLIDPAddedEvent {
 	return &SAMLIDPAddedEvent{
@@ -46,6 +48,7 @@ func NewSAMLIDPAddedEvent(
 		WithSignedRequest:             withSignedRequest,
 		NameIDFormat:                  nameIDFormat,
 		TransientMappingAttributeName: transientMappingAttributeName,
+		FederatedLogoutEnabled:        federatedLogoutEnabled,
 		Options:                       options,
 	}
 }
@@ -83,6 +86,7 @@ type SAMLIDPChangedEvent struct {
 	WithSignedRequest             *bool                    `json:"withSignedRequest,omitempty"`
 	NameIDFormat                  *domain.SAMLNameIDFormat `json:"nameIDFormat,omitempty"`
 	TransientMappingAttributeName *string                  `json:"transientMappingAttributeName,omitempty"`
+	FederatedLogoutEnabled        *bool                    `json:"federatedLogoutEnabled,omitempty"`
 	OptionChanges
 }
 
@@ -154,6 +158,12 @@ func ChangeSAMLTransientMappingAttributeName(name string) func(*SAMLIDPChangedEv
 	}
 }
 
+func ChangeSAMLFederatedLogoutEnabled(federatedLogoutEnabled bool) func(*SAMLIDPChangedEvent) {
+	return func(e *SAMLIDPChangedEvent) {
+		e.FederatedLogoutEnabled = &federatedLogoutEnabled
+	}
+}
+
 func ChangeSAMLOptions(options OptionChanges) func(*SAMLIDPChangedEvent) {
 	return func(e *SAMLIDPChangedEvent) {
 		e.OptionChanges = options
diff --git a/internal/repository/instance/idp.go b/internal/repository/instance/idp.go
index 6ab60c0dd5..f0f324cb7d 100644
--- a/internal/repository/instance/idp.go
+++ b/internal/repository/instance/idp.go
@@ -1024,6 +1024,7 @@ func NewSAMLIDPAddedEvent(
 	withSignedRequest bool,
 	nameIDFormat *domain.SAMLNameIDFormat,
 	transientMappingAttributeName string,
+	federatedLogoutEnabled bool,
 	options idp.Options,
 ) *SAMLIDPAddedEvent {
 	return &SAMLIDPAddedEvent{
@@ -1042,6 +1043,7 @@ func NewSAMLIDPAddedEvent(
 			withSignedRequest,
 			nameIDFormat,
 			transientMappingAttributeName,
+			federatedLogoutEnabled,
 			options,
 		),
 	}
diff --git a/internal/repository/org/idp.go b/internal/repository/org/idp.go
index 0070f71a95..5f061370f1 100644
--- a/internal/repository/org/idp.go
+++ b/internal/repository/org/idp.go
@@ -1025,6 +1025,7 @@ func NewSAMLIDPAddedEvent(
 	withSignedRequest bool,
 	nameIDFormat *domain.SAMLNameIDFormat,
 	transientMappingAttributeName string,
+	federatedLogoutEnabled bool,
 	options idp.Options,
 ) *SAMLIDPAddedEvent {
 
@@ -1044,6 +1045,7 @@ func NewSAMLIDPAddedEvent(
 			withSignedRequest,
 			nameIDFormat,
 			transientMappingAttributeName,
+			federatedLogoutEnabled,
 			options,
 		),
 	}
diff --git a/internal/user/repository/view/user_session.sql b/internal/user/repository/view/user_session.sql
new file mode 100644
index 0000000000..3e2a97206b
--- /dev/null
+++ b/internal/user/repository/view/user_session.sql
@@ -0,0 +1,29 @@
+SELECT s.creation_date,
+       s.change_date,
+       s.resource_owner,
+       s.state,
+       s.user_agent_id,
+       s.user_id,
+       u.username,
+       l.login_name,
+       h.display_name,
+       h.avatar_key,
+       s.selected_idp_config_id,
+       s.password_verification,
+       s.passwordless_verification,
+       s.external_login_verification,
+       s.second_factor_verification,
+       s.second_factor_verification_type,
+       s.multi_factor_verification,
+       s.multi_factor_verification_type,
+       s.sequence,
+       s.instance_id,
+       s.id
+FROM auth.user_sessions s
+         LEFT JOIN projections.users14 u ON s.user_id = u.id AND s.instance_id = u.instance_id
+         LEFT JOIN projections.users14_humans h ON s.user_id = h.user_id AND s.instance_id = h.instance_id
+         LEFT JOIN projections.login_names3 l ON s.user_id = l.user_id AND s.instance_id = l.instance_id AND l.is_primary = true
+WHERE (s.id = $1)
+  AND (s.instance_id = $2)
+LIMIT 1
+;
\ No newline at end of file
diff --git a/internal/user/repository/view/user_session_view.go b/internal/user/repository/view/user_session_view.go
index b3d155f1ec..dec22a181d 100644
--- a/internal/user/repository/view/user_session_view.go
+++ b/internal/user/repository/view/user_session_view.go
@@ -12,6 +12,9 @@ import (
 )
 
 //go:embed user_session_by_id.sql
+var userSessionByIDsQuery string
+
+//go:embed user_session.sql
 var userSessionByIDQuery string
 
 //go:embed user_sessions_by_user_agent.sql
@@ -30,7 +33,7 @@ func UserSessionByIDs(ctx context.Context, db *database.DB, agentID, userID, ins
 			userSession, err = scanUserSession(row)
 			return err
 		},
-		userSessionByIDQuery,
+		userSessionByIDsQuery,
 		agentID,
 		userID,
 		instanceID,
@@ -38,6 +41,20 @@ func UserSessionByIDs(ctx context.Context, db *database.DB, agentID, userID, ins
 	return userSession, err
 }
 
+func UserSessionByID(ctx context.Context, db *database.DB, userSessionID, instanceID string) (userSession *model.UserSessionView, err error) {
+	err = db.QueryRowContext(
+		ctx,
+		func(row *sql.Row) error {
+			userSession, err = scanUserSession(row)
+			return err
+		},
+		userSessionByIDQuery,
+		userSessionID,
+		instanceID,
+	)
+	return userSession, err
+}
+
 func UserSessionsByAgentID(ctx context.Context, db *database.DB, agentID, instanceID string) (userSessions []*model.UserSessionView, err error) {
 	err = db.QueryContext(
 		ctx,
diff --git a/proto/zitadel/admin.proto b/proto/zitadel/admin.proto
index 9033fd8668..1e7f3b7407 100644
--- a/proto/zitadel/admin.proto
+++ b/proto/zitadel/admin.proto
@@ -7035,6 +7035,9 @@ message AddSAMLProviderRequest {
     // Optionally specify the name of the attribute, which will be used to map the user
     // in case the nameid-format returned is `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`.
     optional string transient_mapping_attribute_name = 8;
+    // Optionally enable federated logout. If enabled, ZITADEL will send a logout request to the identity provider,
+    // if the user terminates the session in ZITADEL. Be sure to provide a SLO endpoint as part of the metadata.
+    optional bool federated_logout_enabled = 9;
 }
 
 message AddSAMLProviderResponse {
@@ -7069,6 +7072,9 @@ message UpdateSAMLProviderRequest {
     // Optionally specify the name of the attribute, which will be used to map the user
     // in case the nameid-format returned is `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`.
     optional string transient_mapping_attribute_name = 9;
+    // Optionally enable federated logout. If enabled, ZITADEL will send a logout request to the identity provider,
+    // if the user terminates the session in ZITADEL. Be sure to provide a SLO endpoint as part of the metadata.
+    optional bool federated_logout_enabled = 10;
 }
 
 message UpdateSAMLProviderResponse {
diff --git a/proto/zitadel/idp.proto b/proto/zitadel/idp.proto
index 82e32aa873..de497d8c93 100644
--- a/proto/zitadel/idp.proto
+++ b/proto/zitadel/idp.proto
@@ -479,6 +479,9 @@ message SAMLConfig {
     // Optional name of the attribute, which will be used to map the user
     // in case the nameid-format returned is `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`.
     optional string transient_mapping_attribute_name = 5;
+    // Boolean weather federated logout is enabled. If enabled, ZITADEL will send a logout request to the identity provider,
+    // if the user terminates the session in ZITADEL. Be sure to provide a SLO endpoint as part of the metadata.
+    optional bool federated_logout_enabled = 6;
 }
 
 message AzureADConfig {
diff --git a/proto/zitadel/idp/v2/idp.proto b/proto/zitadel/idp/v2/idp.proto
index 0c95b742f1..663581a659 100644
--- a/proto/zitadel/idp/v2/idp.proto
+++ b/proto/zitadel/idp/v2/idp.proto
@@ -303,6 +303,9 @@ message SAMLConfig {
   // in case the nameid-format returned is
   // `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`.
   optional string transient_mapping_attribute_name = 5;
+  // Boolean weather federated logout is enabled. If enabled, ZITADEL will send a logout request to the identity provider,
+  // if the user terminates the session in ZITADEL. Be sure to provide a SLO endpoint as part of the metadata.
+  optional bool federated_logout_enabled = 6;
 }
 
 message AzureADConfig {
diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto
index c90c44667c..3018ebe600 100644
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -13408,6 +13408,9 @@ message AddSAMLProviderRequest {
     // Optionally specify the name of the attribute, which will be used to map the user
     // in case the nameid-format returned is `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`.
     optional string transient_mapping_attribute_name = 8;
+    // Optionally enable federated logout. If enabled, ZITADEL will send a logout request to the identity provider,
+    // if the user terminates the session in ZITADEL. Be sure to provide a SLO endpoint as part of the metadata.
+    optional bool federated_logout_enabled = 9;
 }
 
 message AddSAMLProviderResponse {
@@ -13442,6 +13445,9 @@ message UpdateSAMLProviderRequest {
     // Optionally specify the name of the attribute, which will be used to map the user
     // in case the nameid-format returned is `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`.
     optional string transient_mapping_attribute_name = 9;
+    // Optionally enable federated logout. If enabled, ZITADEL will send a logout request to the identity provider,
+    // if the user terminates the session in ZITADEL. Be sure to provide a SLO endpoint as part of the metadata.
+    optional bool federated_logout_enabled = 10;
 }
 
 message UpdateSAMLProviderResponse {

From eb0eed21fa682774e476d0c720c501b37f0f7793 Mon Sep 17 00:00:00 2001
From: Silvan <27845747+adlerhurst@users.noreply.github.com>
Date: Mon, 26 May 2025 13:23:38 +0200
Subject: [PATCH 065/123] fix(api): correct mapping of user state queries
 (#9956)

# Which Problems Are Solved

the mapping of `ListUsers` was wrong for user states.

# How the Problems Are Solved

mapping of user state introduced to correctly map it

# Additional Changes

mapping of user type introduced to prevent same issue

# Additional Context

Requires backport to 2.x and 3.x

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 internal/api/grpc/user/query.go               |  4 +--
 internal/api/grpc/user/v2/query.go            |  4 +--
 internal/api/grpc/user/v2beta/query.go        |  4 +--
 .../api/scim/resources/user_query_builder.go  |  2 +-
 internal/query/user.go                        |  4 +--
 pkg/grpc/user/user.go                         | 36 +++++++++++++++++++
 pkg/grpc/user/v2/user.go                      | 34 ++++++++++++++++++
 pkg/grpc/user/v2beta/user.go                  | 34 ++++++++++++++++++
 8 files changed, 113 insertions(+), 9 deletions(-)

diff --git a/internal/api/grpc/user/query.go b/internal/api/grpc/user/query.go
index 41cce01a8c..66edbac90e 100644
--- a/internal/api/grpc/user/query.go
+++ b/internal/api/grpc/user/query.go
@@ -84,11 +84,11 @@ func EmailQueryToQuery(q *user_pb.EmailQuery) (query.SearchQuery, error) {
 }
 
 func StateQueryToQuery(q *user_pb.StateQuery) (query.SearchQuery, error) {
-	return query.NewUserStateSearchQuery(int32(q.State))
+	return query.NewUserStateSearchQuery(q.State.ToDomain())
 }
 
 func TypeQueryToQuery(q *user_pb.TypeQuery) (query.SearchQuery, error) {
-	return query.NewUserTypeSearchQuery(int32(q.Type))
+	return query.NewUserTypeSearchQuery(q.Type.ToDomain())
 }
 
 func LoginNameQueryToQuery(q *user_pb.LoginNameQuery) (query.SearchQuery, error) {
diff --git a/internal/api/grpc/user/v2/query.go b/internal/api/grpc/user/v2/query.go
index 136a4a0932..dc886462be 100644
--- a/internal/api/grpc/user/v2/query.go
+++ b/internal/api/grpc/user/v2/query.go
@@ -298,11 +298,11 @@ func phoneQueryToQuery(q *user.PhoneQuery) (query.SearchQuery, error) {
 }
 
 func stateQueryToQuery(q *user.StateQuery) (query.SearchQuery, error) {
-	return query.NewUserStateSearchQuery(int32(q.State))
+	return query.NewUserStateSearchQuery(q.State.ToDomain())
 }
 
 func typeQueryToQuery(q *user.TypeQuery) (query.SearchQuery, error) {
-	return query.NewUserTypeSearchQuery(int32(q.Type))
+	return query.NewUserTypeSearchQuery(q.Type.ToDomain())
 }
 
 func loginNameQueryToQuery(q *user.LoginNameQuery) (query.SearchQuery, error) {
diff --git a/internal/api/grpc/user/v2beta/query.go b/internal/api/grpc/user/v2beta/query.go
index e3602abc33..46b009a72e 100644
--- a/internal/api/grpc/user/v2beta/query.go
+++ b/internal/api/grpc/user/v2beta/query.go
@@ -292,11 +292,11 @@ func phoneQueryToQuery(q *user.PhoneQuery) (query.SearchQuery, error) {
 }
 
 func stateQueryToQuery(q *user.StateQuery) (query.SearchQuery, error) {
-	return query.NewUserStateSearchQuery(int32(q.State))
+	return query.NewUserStateSearchQuery(q.State.ToDomain())
 }
 
 func typeQueryToQuery(q *user.TypeQuery) (query.SearchQuery, error) {
-	return query.NewUserTypeSearchQuery(int32(q.Type))
+	return query.NewUserTypeSearchQuery(q.Type.ToDomain())
 }
 
 func loginNameQueryToQuery(q *user.LoginNameQuery) (query.SearchQuery, error) {
diff --git a/internal/api/scim/resources/user_query_builder.go b/internal/api/scim/resources/user_query_builder.go
index b86b171fb5..7a06e4b3fd 100644
--- a/internal/api/scim/resources/user_query_builder.go
+++ b/internal/api/scim/resources/user_query_builder.go
@@ -70,7 +70,7 @@ func (h *UsersHandler) buildListQuery(ctx context.Context, request *ListRequest)
 	}
 
 	// the zitadel scim implementation only supports humans for now
-	userTypeQuery, err := query.NewUserTypeSearchQuery(int32(domain.UserTypeHuman))
+	userTypeQuery, err := query.NewUserTypeSearchQuery(domain.UserTypeHuman)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/query/user.go b/internal/query/user.go
index a97e3bbd14..3d47847cac 100644
--- a/internal/query/user.go
+++ b/internal/query/user.go
@@ -776,11 +776,11 @@ func NewUserVerifiedPhoneSearchQuery(value string, comparison TextComparison) (S
 	return NewTextQuery(NotifyVerifiedPhoneCol, value, comparison)
 }
 
-func NewUserStateSearchQuery(value int32) (SearchQuery, error) {
+func NewUserStateSearchQuery(value domain.UserState) (SearchQuery, error) {
 	return NewNumberQuery(UserStateCol, value, NumberEquals)
 }
 
-func NewUserTypeSearchQuery(value int32) (SearchQuery, error) {
+func NewUserTypeSearchQuery(value domain.UserType) (SearchQuery, error) {
 	return NewNumberQuery(UserTypeCol, value, NumberEquals)
 }
 
diff --git a/pkg/grpc/user/user.go b/pkg/grpc/user/user.go
index 450370e704..a86c957fd8 100644
--- a/pkg/grpc/user/user.go
+++ b/pkg/grpc/user/user.go
@@ -1,5 +1,7 @@
 package user
 
+import "github.com/zitadel/zitadel/internal/domain"
+
 type SearchQuery_ResourceOwner struct {
 	ResourceOwner *ResourceOwnerQuery
 }
@@ -13,3 +15,37 @@ type ResourceOwnerQuery struct {
 type UserType = isUser_Type
 
 type MembershipType = isMembership_Type
+
+func (s UserState) ToDomain() domain.UserState {
+	switch s {
+	case UserState_USER_STATE_UNSPECIFIED:
+		return domain.UserStateUnspecified
+	case UserState_USER_STATE_ACTIVE:
+		return domain.UserStateActive
+	case UserState_USER_STATE_INACTIVE:
+		return domain.UserStateInactive
+	case UserState_USER_STATE_DELETED:
+		return domain.UserStateDeleted
+	case UserState_USER_STATE_LOCKED:
+		return domain.UserStateLocked
+	case UserState_USER_STATE_SUSPEND:
+		return domain.UserStateSuspend
+	case UserState_USER_STATE_INITIAL:
+		return domain.UserStateInitial
+	default:
+		return domain.UserStateUnspecified
+	}
+}
+
+func (t Type) ToDomain() domain.UserType {
+	switch t {
+	case Type_TYPE_UNSPECIFIED:
+		return domain.UserTypeUnspecified
+	case Type_TYPE_HUMAN:
+		return domain.UserTypeHuman
+	case Type_TYPE_MACHINE:
+		return domain.UserTypeMachine
+	default:
+		return domain.UserTypeUnspecified
+	}
+}
diff --git a/pkg/grpc/user/v2/user.go b/pkg/grpc/user/v2/user.go
index ec9245c8eb..20c3c6fe9b 100644
--- a/pkg/grpc/user/v2/user.go
+++ b/pkg/grpc/user/v2/user.go
@@ -1,3 +1,37 @@
 package user
 
+import "github.com/zitadel/zitadel/internal/domain"
+
 type UserType = isUser_Type
+
+func (s UserState) ToDomain() domain.UserState {
+	switch s {
+	case UserState_USER_STATE_UNSPECIFIED:
+		return domain.UserStateUnspecified
+	case UserState_USER_STATE_ACTIVE:
+		return domain.UserStateActive
+	case UserState_USER_STATE_INACTIVE:
+		return domain.UserStateInactive
+	case UserState_USER_STATE_DELETED:
+		return domain.UserStateDeleted
+	case UserState_USER_STATE_LOCKED:
+		return domain.UserStateLocked
+	case UserState_USER_STATE_INITIAL:
+		return domain.UserStateInitial
+	default:
+		return domain.UserStateUnspecified
+	}
+}
+
+func (t Type) ToDomain() domain.UserType {
+	switch t {
+	case Type_TYPE_UNSPECIFIED:
+		return domain.UserTypeUnspecified
+	case Type_TYPE_HUMAN:
+		return domain.UserTypeHuman
+	case Type_TYPE_MACHINE:
+		return domain.UserTypeMachine
+	default:
+		return domain.UserTypeUnspecified
+	}
+}
diff --git a/pkg/grpc/user/v2beta/user.go b/pkg/grpc/user/v2beta/user.go
index ec9245c8eb..20c3c6fe9b 100644
--- a/pkg/grpc/user/v2beta/user.go
+++ b/pkg/grpc/user/v2beta/user.go
@@ -1,3 +1,37 @@
 package user
 
+import "github.com/zitadel/zitadel/internal/domain"
+
 type UserType = isUser_Type
+
+func (s UserState) ToDomain() domain.UserState {
+	switch s {
+	case UserState_USER_STATE_UNSPECIFIED:
+		return domain.UserStateUnspecified
+	case UserState_USER_STATE_ACTIVE:
+		return domain.UserStateActive
+	case UserState_USER_STATE_INACTIVE:
+		return domain.UserStateInactive
+	case UserState_USER_STATE_DELETED:
+		return domain.UserStateDeleted
+	case UserState_USER_STATE_LOCKED:
+		return domain.UserStateLocked
+	case UserState_USER_STATE_INITIAL:
+		return domain.UserStateInitial
+	default:
+		return domain.UserStateUnspecified
+	}
+}
+
+func (t Type) ToDomain() domain.UserType {
+	switch t {
+	case Type_TYPE_UNSPECIFIED:
+		return domain.UserTypeUnspecified
+	case Type_TYPE_HUMAN:
+		return domain.UserTypeHuman
+	case Type_TYPE_MACHINE:
+		return domain.UserTypeMachine
+	default:
+		return domain.UserTypeUnspecified
+	}
+}

From 833f6279e11c43652a579f2211311e2fc6c0e2a7 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Mon, 26 May 2025 13:59:20 +0200
Subject: [PATCH 066/123] fix: allow invite codes for users with verified mails
 (#9962)

# Which Problems Are Solved

Users who started the invitation code verification, but haven't set up
any authentication method, need to be able to do so. This might require
a new invitation code, which was currently not possible since creation
was prevented for users with verified emails.

# How the Problems Are Solved

- Allow creation of invitation emails for users with verified emails.
- Merged the creation and resend into a single method, defaulting the
urlTemplate, applicatioName and authRequestID from the previous code (if
one exists). On the user service API, the `ResendInviteCode` endpoint
has been deprecated in favor of the `CreateInviteCode`

# Additional Changes

None

# Additional Context

- Noticed while investigating something internally.
- requires backport to 2.x and 3.x
---
 .../user/v2/integration_test/user_test.go     | 27 ++++++
 internal/command/user_v2_invite.go            | 83 ++++++++-----------
 internal/command/user_v2_invite_model.go      |  2 +-
 internal/command/user_v2_invite_test.go       | 75 +----------------
 proto/zitadel/user/v2/user.proto              |  4 +-
 proto/zitadel/user/v2/user_service.proto      |  5 ++
 6 files changed, 71 insertions(+), 125 deletions(-)

diff --git a/internal/api/grpc/user/v2/integration_test/user_test.go b/internal/api/grpc/user/v2/integration_test/user_test.go
index 832268dc8c..7f211afd6f 100644
--- a/internal/api/grpc/user/v2/integration_test/user_test.go
+++ b/internal/api/grpc/user/v2/integration_test/user_test.go
@@ -3190,6 +3190,33 @@ func TestServer_CreateInviteCode(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "recreate",
+			args: args{
+				ctx: CTX,
+				req: &user.CreateInviteCodeRequest{},
+				prepare: func(request *user.CreateInviteCodeRequest) error {
+					resp := Instance.CreateHumanUser(CTX)
+					request.UserId = resp.GetUserId()
+					_, err := Instance.Client.UserV2.CreateInviteCode(CTX, &user.CreateInviteCodeRequest{
+						UserId: resp.GetUserId(),
+						Verification: &user.CreateInviteCodeRequest_SendCode{
+							SendCode: &user.SendInviteCode{
+								UrlTemplate:     gu.Ptr("https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}"),
+								ApplicationName: gu.Ptr("TestApp"),
+							},
+						},
+					})
+					return err
+				},
+			},
+			want: &user.CreateInviteCodeResponse{
+				Details: &object.Details{
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Instance.DefaultOrg.Id,
+				},
+			},
+		},
 		{
 			name: "create, return code, ok",
 			args: args{
diff --git a/internal/command/user_v2_invite.go b/internal/command/user_v2_invite.go
index 7760107146..430ba8c7d1 100644
--- a/internal/command/user_v2_invite.go
+++ b/internal/command/user_v2_invite.go
@@ -19,14 +19,34 @@ type CreateUserInvite struct {
 	URLTemplate     string
 	ReturnCode      bool
 	ApplicationName string
+	AuthRequestID   string
 }
 
 func (c *Commands) CreateInviteCode(ctx context.Context, invite *CreateUserInvite) (details *domain.ObjectDetails, returnCode *string, err error) {
+	return c.sendInviteCode(ctx, invite, "", false)
+}
+
+// ResendInviteCode resends the invite mail with a new code and an optional authRequestID.
+// It will reuse the applicationName from the previous code.
+func (c *Commands) ResendInviteCode(ctx context.Context, userID, resourceOwner, authRequestID string) (objectDetails *domain.ObjectDetails, err error) {
+	details, _, err := c.sendInviteCode(
+		ctx,
+		&CreateUserInvite{
+			UserID:        userID,
+			AuthRequestID: authRequestID,
+		},
+		resourceOwner,
+		true,
+	)
+	return details, err
+}
+
+func (c *Commands) sendInviteCode(ctx context.Context, invite *CreateUserInvite, resourceOwner string, requireExisting bool) (details *domain.ObjectDetails, returnCode *string, err error) {
 	invite.UserID = strings.TrimSpace(invite.UserID)
 	if invite.UserID == "" {
 		return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-4jio3", "Errors.User.UserIDMissing")
 	}
-	wm, err := c.userInviteCodeWriteModel(ctx, invite.UserID, "")
+	wm, err := c.userInviteCodeWriteModel(ctx, invite.UserID, resourceOwner)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -39,10 +59,22 @@ func (c *Commands) CreateInviteCode(ctx context.Context, invite *CreateUserInvit
 	if !wm.CreationAllowed() {
 		return nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-EF34g", "Errors.User.AlreadyInitialised")
 	}
+	if requireExisting && wm.InviteCode == nil || wm.CodeReturned {
+		return nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Wr3gq", "Errors.User.Code.NotFound")
+	}
 	code, err := c.newUserInviteCode(ctx, c.eventstore.Filter, c.userEncryption) //nolint
 	if err != nil {
 		return nil, nil, err
 	}
+	if invite.URLTemplate == "" {
+		invite.URLTemplate = wm.URLTemplate
+	}
+	if invite.ApplicationName == "" {
+		invite.ApplicationName = wm.ApplicationName
+	}
+	if invite.AuthRequestID == "" {
+		invite.AuthRequestID = wm.AuthRequestID
+	}
 	err = c.pushAppendAndReduce(ctx, wm, user.NewHumanInviteCodeAddedEvent(
 		ctx,
 		UserAggregateFromWriteModelCtx(ctx, &wm.WriteModel),
@@ -51,7 +83,7 @@ func (c *Commands) CreateInviteCode(ctx context.Context, invite *CreateUserInvit
 		invite.URLTemplate,
 		invite.ReturnCode,
 		invite.ApplicationName,
-		"",
+		invite.AuthRequestID,
 	))
 	if err != nil {
 		return nil, nil, err
@@ -62,53 +94,6 @@ func (c *Commands) CreateInviteCode(ctx context.Context, invite *CreateUserInvit
 	return writeModelToObjectDetails(&wm.WriteModel), returnCode, nil
 }
 
-// ResendInviteCode resends the invite mail with a new code and an optional authRequestID.
-// It will reuse the applicationName from the previous code.
-func (c *Commands) ResendInviteCode(ctx context.Context, userID, resourceOwner, authRequestID string) (objectDetails *domain.ObjectDetails, err error) {
-	if userID == "" {
-		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-2n8vs", "Errors.User.UserIDMissing")
-	}
-
-	existingCode, err := c.userInviteCodeWriteModel(ctx, userID, resourceOwner)
-	if err != nil {
-		return nil, err
-	}
-	if !existingCode.UserState.Exists() {
-		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-H3b2a", "Errors.User.NotFound")
-	}
-	if err := c.checkPermissionUpdateUser(ctx, existingCode.ResourceOwner, userID); err != nil {
-		return nil, err
-	}
-	if !existingCode.CreationAllowed() {
-		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Gg42s", "Errors.User.AlreadyInitialised")
-	}
-	if existingCode.InviteCode == nil || existingCode.CodeReturned {
-		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Wr3gq", "Errors.User.Code.NotFound")
-	}
-	code, err := c.newUserInviteCode(ctx, c.eventstore.Filter, c.userEncryption) //nolint
-	if err != nil {
-		return nil, err
-	}
-	if authRequestID == "" {
-		authRequestID = existingCode.AuthRequestID
-	}
-	err = c.pushAppendAndReduce(ctx, existingCode,
-		user.NewHumanInviteCodeAddedEvent(
-			ctx,
-			UserAggregateFromWriteModelCtx(ctx, &existingCode.WriteModel),
-			code.Crypted,
-			code.Expiry,
-			existingCode.URLTemplate,
-			false,
-			existingCode.ApplicationName,
-			authRequestID,
-		))
-	if err != nil {
-		return nil, err
-	}
-	return writeModelToObjectDetails(&existingCode.WriteModel), nil
-}
-
 func (c *Commands) InviteCodeSent(ctx context.Context, userID, orgID string) (err error) {
 	if userID == "" {
 		return zerrors.ThrowInvalidArgument(nil, "COMMAND-Sgf31", "Errors.User.UserIDMissing")
diff --git a/internal/command/user_v2_invite_model.go b/internal/command/user_v2_invite_model.go
index 23f6322a19..6b2ab62e0d 100644
--- a/internal/command/user_v2_invite_model.go
+++ b/internal/command/user_v2_invite_model.go
@@ -28,7 +28,7 @@ type UserV2InviteWriteModel struct {
 }
 
 func (wm *UserV2InviteWriteModel) CreationAllowed() bool {
-	return !wm.EmailVerified && !wm.AuthMethodSet
+	return !wm.AuthMethodSet
 }
 
 func newUserV2InviteWriteModel(userID, orgID string) *UserV2InviteWriteModel {
diff --git a/internal/command/user_v2_invite_test.go b/internal/command/user_v2_invite_test.go
index 817987e7e4..04c00d876e 100644
--- a/internal/command/user_v2_invite_test.go
+++ b/internal/command/user_v2_invite_test.go
@@ -11,7 +11,6 @@ import (
 	"go.uber.org/mock/gomock"
 	"golang.org/x/text/language"
 
-	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -316,7 +315,7 @@ func TestCommands_ResendInviteCode(t *testing.T) {
 				userID: "",
 			},
 			want{
-				err: zerrors.ThrowInvalidArgument(nil, "COMMAND-2n8vs", "Errors.User.UserIDMissing"),
+				err: zerrors.ThrowInvalidArgument(nil, "COMMAND-4jio3", "Errors.User.UserIDMissing"),
 			},
 		},
 		{
@@ -362,7 +361,7 @@ func TestCommands_ResendInviteCode(t *testing.T) {
 				userID: "unknown",
 			},
 			want{
-				err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-H3b2a", "Errors.User.NotFound"),
+				err: zerrors.ThrowPreconditionFailed(nil, "COMMAND-Wgvn4", "Errors.User.NotFound"),
 			},
 		},
 		{
@@ -580,76 +579,6 @@ func TestCommands_ResendInviteCode(t *testing.T) {
 				},
 			},
 		},
-		{
-			"resend with own user ok",
-			fields{
-				eventstore: expectEventstore(
-					expectFilter(
-						eventFromEventPusher(
-							user.NewHumanAddedEvent(context.Background(),
-								&user.NewAggregate("userID", "org1").Aggregate,
-								"username", "firstName",
-								"lastName",
-								"nickName",
-								"displayName",
-								language.Afrikaans,
-								domain.GenderUnspecified,
-								"email",
-								false,
-							),
-						),
-						eventFromEventPusher(
-							user.NewHumanInviteCodeAddedEvent(context.Background(),
-								&user.NewAggregate("userID", "org1").Aggregate,
-								&crypto.CryptoValue{
-									CryptoType: crypto.TypeEncryption,
-									Algorithm:  "enc",
-									KeyID:      "id",
-									Crypted:    []byte("code"),
-								},
-								time.Hour,
-								"",
-								false,
-								"",
-								"authRequestID",
-							),
-						),
-					),
-					expectPush(
-						eventFromEventPusher(
-							user.NewHumanInviteCodeAddedEvent(authz.NewMockContext("instanceID", "org1", "userID"),
-								&user.NewAggregate("userID", "org1").Aggregate,
-								&crypto.CryptoValue{
-									CryptoType: crypto.TypeEncryption,
-									Algorithm:  "enc",
-									KeyID:      "id",
-									Crypted:    []byte("code"),
-								},
-								time.Hour,
-								"",
-								false,
-								"",
-								"authRequestID2",
-							),
-						),
-					),
-				),
-				checkPermission:             newMockPermissionCheckNotAllowed(), // user does not have permission, is allowed in the own context
-				newEncryptedCodeWithDefault: mockEncryptedCodeWithDefault("code", time.Hour),
-				defaultSecretGenerators:     &SecretGenerators{},
-			},
-			args{
-				ctx:           authz.NewMockContext("instanceID", "org1", "userID"),
-				userID:        "userID",
-				authRequestID: "authRequestID2",
-			},
-			want{
-				details: &domain.ObjectDetails{
-					ResourceOwner: "org1",
-					ID:            "userID",
-				},
-			},
-		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/proto/zitadel/user/v2/user.proto b/proto/zitadel/user/v2/user.proto
index e2a140ea27..9ea2b8906e 100644
--- a/proto/zitadel/user/v2/user.proto
+++ b/proto/zitadel/user/v2/user.proto
@@ -334,7 +334,7 @@ message AuthFactorU2F {
 
 message SendInviteCode {
   // Optionally set a url_template, which will be used in the invite mail sent by ZITADEL to guide the user to your invitation page.
-  // If no template is set, the default ZITADEL url will be used.
+  // If no template is set and no previous code was created, the default ZITADEL url will be used.
   //
   // The following placeholders can be used: UserID, OrgID, Code
   optional string url_template = 1 [
@@ -346,7 +346,7 @@ message SendInviteCode {
     }
   ];
   // Optionally set an application name, which will be used in the invite mail sent by ZITADEL.
-  // If no application name is set, ZITADEL will be used as default.
+  // If no application name is set and no previous code was created, ZITADEL will be used as default.
   optional string application_name = 2 [
     (validate.rules).string = {min_len: 1, max_len: 200},
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
diff --git a/proto/zitadel/user/v2/user_service.proto b/proto/zitadel/user/v2/user_service.proto
index 15bc2d7775..44d25c07b3 100644
--- a/proto/zitadel/user/v2/user_service.proto
+++ b/proto/zitadel/user/v2/user_service.proto
@@ -1135,6 +1135,8 @@ service UserService {
   // Create an invite code for a user
   //
   // Create an invite code for a user to initialize their first authentication method (password, passkeys, IdP) depending on the organization's available methods.
+  // If an invite code has been created previously, it's url template and application name will be used as defaults for the new code.
+  // The new code will overwrite the previous one and make it invalid.
   rpc CreateInviteCode (CreateInviteCodeRequest) returns (CreateInviteCodeResponse) {
     option (google.api.http) = {
       post: "/v2/users/{user_id}/invite_code"
@@ -1158,6 +1160,8 @@ service UserService {
 
   // Resend an invite code for a user
   //
+  // Deprecated: Use [CreateInviteCode](apis/resources/user_service_v2/user-service-create-invite-code.api.mdx) instead.
+  //
   // Resend an invite code for a user to initialize their first authentication method (password, passkeys, IdP) depending on the organization's available methods.
   // A resend is only possible if a code has been created previously and sent to the user. If there is no code or it was directly returned, an error will be returned.
   rpc ResendInviteCode (ResendInviteCodeRequest) returns (ResendInviteCodeResponse) {
@@ -1172,6 +1176,7 @@ service UserService {
     };
 
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      deprecated: true;
       responses: {
         key: "200"
         value: {

From 4d66a786c88ba624bb8ca7bd67a128b920e0cb7f Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Tue, 27 May 2025 16:26:46 +0200
Subject: [PATCH 067/123] feat: JWT IdP intent (#9966)

# Which Problems Are Solved

The login v1 allowed to use JWTs as IdP using the JWT IDP. The login V2
uses idp intents for such cases, which were not yet able to handle JWT
IdPs.

# How the Problems Are Solved

- Added handling of JWT IdPs in `StartIdPIntent` and `RetrieveIdPIntent`
- The redirect returned by the start, uses the existing `authRequestID`
and `userAgentID` parameter names for compatibility reasons.
- Added `/idps/jwt` endpoint to handle the proxied (callback) endpoint ,
which extracts and validates the JWT against the configured endpoint.

# Additional Changes

None

# Additional Context

- closes #9758
---
 .../integrate/identity-providers/jwt_idp.md   |   2 +-
 docs/static/img/guides/jwt_idp.png            | Bin 275050 -> 38738 bytes
 .../user/v2/integration_test/user_test.go     | 112 ++++++++++++++++++
 internal/api/grpc/user/v2/intent.go           |   2 +-
 internal/api/idp/idp.go                       |  86 ++++++++++++++
 internal/idp/providers/jwt/jwt.go             |  22 ++--
 internal/idp/providers/jwt/jwt_test.go        |  28 ++++-
 internal/idp/providers/jwt/session.go         |  13 ++
 internal/integration/client.go                |  18 +++
 internal/integration/sink/server.go           |  52 ++++++++
 10 files changed, 319 insertions(+), 16 deletions(-)

diff --git a/docs/docs/guides/integrate/identity-providers/jwt_idp.md b/docs/docs/guides/integrate/identity-providers/jwt_idp.md
index 2a0e8b8e7a..52324ad5c2 100644
--- a/docs/docs/guides/integrate/identity-providers/jwt_idp.md
+++ b/docs/docs/guides/integrate/identity-providers/jwt_idp.md
@@ -49,7 +49,7 @@ The **JWT IdP Configuration** might then be:
 
 Therefore, if the user is redirected from ZITADEL to the JWT Endpoint on the WAF (`https://apps.test.com/existing/auth-new`), 
 the session cookies previously issued by the WAF, will be sent along by the browser due to the path being on the same domain as the exiting application.
-The WAF will reuse the session and send the JWT in the HTTP header `x-custom-tkn` to its upstream, the ZITADEL JWT Endpoint (`https://accounts.test.com/ui/login/login/jwt/authorize`).
+The WAF will reuse the session and send the JWT in the HTTP header `x-custom-tkn` to its upstream, the ZITADEL JWT Endpoint (`https://accounts.test.com/ipds/jwt`).
 
 For the signature validation, ZITADEL must be able to connect to Keys Endpoint (`https://issuer.test.internal/keys`) 
 and it will check if the token was signed (claim `iss`) by the defined Issuer (`https://issuer.test.internal`).
diff --git a/docs/static/img/guides/jwt_idp.png b/docs/static/img/guides/jwt_idp.png
index 73d5353521a9eb844c801ad9fe3bfc6291181dc9..218996aef756b0033575c54ff604034108a7f46a 100644
GIT binary patch
literal 38738
zcmeFZcTkj1*ETo|83f5lPAUijl94!qfFKBxa}GlskenGoK%$b9Fyt&5BqJah8FJ1!
z3^~Ug{5|jU`PTF9R&DKW)&BAE$JAXn9ZsLqea`9b>$*QHy_3Pip~L|I0C=)*UMm9t
zs4V~hkQxh!d{Zs1^c(>21IWI9rRt`?(}?XvB9pYYZBDso>#tdvj!tl8-2N0BTb3S0
z`_)e9Bv-xdi_o8b;duOoD5%w1c#lwx=Ux5r_%Rv`8>VMPy&(gM*%otsGcS+k>d(G;
z{{A-1$=KAFmlqZ#2h30Tda-_upQ{>6`c*6Oz`Oa9mHP-9I5>+G<Ni-=1?A@1KaU_O
z5DewdV;%+p_@8$LC}@;_p8Tu;P>erMFv|a345^6!dkQi6ys6J{*@~=Zg@wfn06Yq|
z>th(4#{vKrnxG(5fS=_X@d$-N0zu^eMkw#K{{m+=b@?My5)}YqN4;0Qqx}RAg=0hD
z2>4GS;GaU6mIKP)lCy&RsFQdpfp`D_AKtye9{haoS-tZz^Hnr$m`r?04rW;30R`Uj
z@Hc00<13^PXJ~&)y<!)C>-lcur);0sf`PBmoxmFsUv2zw#(N=f{<IGb*-4ajBnrZ<
zbZcP<igSFq00#h+GVf<V3mPwUt%5Isg-7q*Z!35uGx<i2=*u0&MR;Fnt)wKf1T5#z
z(6IA>?7ai>F^OCP+mkSNe)5gA$rSU}bYh;^&(uH2Fp-@-{?i#sxkV6&=RMi!4E>WJ
zTqimFAZnp!q2%e=AQeJw2pIqXI{BwT!8HhcXFaDiRcD1C%z#!Wh3_km-yaG;l?T5J
zmHfNp22kNhAc2DiVwc#9UiU=6vNwJ5?Pp%%e{}WWUJLT{^zaYB%7o^h=t4EG3iWki
zIw$4SNoZ3-u}Zq3sDG4-`KKU^5o&%q!!1yt26+nKx$~1evV=>(EGc>K|7(SRZ`TAr
zNf_}jiU3}eI!5R__1{bZNaKR~QSJ>$oc9{pbcofrPV_owTGx%Z#vh<z_kjDM=b_Uh
z^=kOXruKOMDC54l9~gfc1>AR_i~2_hz`a1<QSN`A{#laae}0Mm?q`wppI_`h=HdIt
zNcRmdQ2y`c|1Xu38o2rva2+Pb()R=dSe(A+0J!!SV+5f=L7s%pe!oK6H|g;K1L<_@
zw7tB%Da-WmMTrz28-StErNeI7xj8)n7?RFR>WtQbx`29Iv>eWh3XK?(pkAWdr_v9H
zU;v?~IHdVJR1k$BTkc>C1rNXi*UBP|;DTBCfppSAEhtFUqFrF&VFTU#12iB4`*=jc
zKut=yOxo}xJr^-x&zNo<8pAa7z>IR(F)R&T8_yva(o*9l*hGPaHsz)295*SILng;6
zn<x^?opg%UQt|j~1=C$woqjUUvg3WhU{F-=K{2S10sjE+oI>b#bi<?jeryG;i~`F;
z<=LM%E9)C&e%De=Rrnl34G;+yX-$5gvuT-FDbJHLZh8F-ZWUayGpT+rBU=i?y96it
zrtD;zf7*!HkvM&>f=gx2yRR8y%Ww-x?2Tpv%=y!;@H<VYBr$}a`bl0X!Pv^zU+aA9
zPH?x6KEPwZcO#;hZ%=<Gra;NwgJ!?cg$m`T;HwW#<123E$>$j;dZ{jCbWx?Ymp9hv
z?qgO-c!#=xHw9-<ka2^!RO&nn%BCn7dwlj_CE@AMm(q0V-+$Eri#0G+oyo4IA|Q<I
z3{5DJMl?f9SP-+IA7n0CN%7cyk@t4srx2}w<5{ip_Qvi>WK(tdZnlcE&uz-820%pd
zn?X~a=k1CKZX7>24KiwD8iB19G$s=#e2@$(JP5ZMC=d<xa8$h#i|qH!-mN8e_NgnT
z!v?rLq?n)h35m^Kgf|lrfKBor*JlN{IwsFWa_C$ni+kU|ch7tTZfiYW`e#n9VuF(~
z{bZCL?zmi>c;H{ou1q>B(&Qf@!kI%mG2{l1b(mejJj6&NPhGkz^v#s|=xm>uZVFb1
zZl{V}o{zlzeI7`FDI&RgP)r(|@kw%c&t}U_z`83L18qu^dh*E+e&W&Z1OA;4#~Z!s
z^!L(tJXtX((cK=MOyr<8d8c(+^pzZSa;80}VE!QgJ)!p}&6HNa7-qciK{}`q9awHr
zP5kRrOiL&gG1HmbA6rj#faeysf6!06=MfH~(}D&1fv7@x>L;QFUc0!1&paQ}3O^bx
zE8(e!gDcm<fD70gZgGi$_~-c73+pe}rWGemZj<HZBDlXw>YjHOp)D&yb1H;C`s$kq
z#~{>uQ-4KN|5+roY9SEgE|qW){)M0_%$gjlvMg^hTUN=%-FRX|Xx>-7+1ep^N5VZj
z)|(LsSd;9mh_y70Fp_B!Jl{?g>RHDvN7Z+hBMyZ(5rJi(^snq}@TXfk^}VupH#4{N
zrM*z~pLluc{D?^t>F4Y>Qd|KM3NeCU{aHghhYL{eNDeKsM<&n_35&e~jW(1P)ZpdG
zIud`u5wi%(`SpW*$E{TH?$n1Q>39k+Zb`r|ue9RQbk;{jeHrtvZ3=mii=2^UzQ~A{
zu}M#mVpRIEYf@gE=}w*i9#&=IM!sq{hjUZ27AGV@&24S+$-EppFaBn$K!5uzCSV`X
zzxvDXlXMOKWpRc67);3bI?9aZ$xjeWFOn6GO)-O=q;)hr@xAD%m;9t0Q|BNYvB6(C
zTFsj~A&?Acq0(e{r|X`hw&y3=dp@R4(xp9N@s>(xO92&V`!wS40WpxjLwlcRcv4^x
z^Y$V)FZa^&^!cG2k2@xl12Gdo1XTV(Sg41qK+<*Rs-^k5{cgm<0ogUKZP5{VwXP4%
zOtrgL&=59lfoSiLAL&x%G8%xX45BjMR|m5Fg6uNquB!w1Nh@=XmmY3Tq?$U2mbCg_
z#x@XVAVy<jtpj^0P#=)+?jynTlQAb=0+OILrjKYzL}4W0Bn(@*kH}Tk`^@T9b1617
zhd?HJxQl9|2K{jDHPXp2u(UsU=1N}OEQ|3=K#ZWhW!xfva~XF8jR4H^bv4nAQv3Mo
zsW%rXaQ1i88U|hgiGvTv?69W3H4OklpjhLoUa|rvw|pJ(o+vC+0u}1Q76)P@hQ;nl
zsRt9Qq){nB{rJg{Gn+VDzQwUIp>V9@1DLG|UBN#G3V?psLk?z%0Nj&#y2HX(kJcY5
zw_;#%0b_(96}~T&{eu0%`ay-M&|(JzJjRe7zAHlt-X`b2dd#W@GlRnNU2<gsBB(bc
zOwIDjbv24CF+kgX<xFD=w7OF$C|OntI4h(H%jVK#VwE%{_f$ezpji4LiCbI=QO`}W
zMTMRQfH0d#v>4v~R;<89Q%6uB<$ORf&oav<E+|vwj8*vvpI{>x0OgM^1<tCE%pK1c
ztp;<m!~&IGeh@@UBci`Ip(qP{>>3XtV7**T;@2~{oGg}!4ZN|wuT_9mX>uEw?oQ%Y
zV0fXP#BIiZPVS3UsfF6i3M~FT|H2^%s3di6zhS4a0)s-nsq_+yqFs&ykrPUd2>gI~
zfr=jPL$+bsB#By)hBqY-DEOFquqtKw<-k`Iske-W%vikpJOp4YWKQHpD!MEQ(*vMQ
z$saGGK{0$VfOybA5Nb(=g%?&Ot{*7*vsel}yk!6cV}KKY7u1f!9ztDEkTxC+B1WS;
zr?_tfh}RI3dcXkZ03b!UwEqY~6-PxjA_;?P4DyJfO`#*#@oTzw$m$mK$VQO8vwCy{
zf$9PGi?0nEh<A-l@{s*v=t~Wp6M)H)Iw1BId<BE1L6MCxz*`D8DCmF);Qto>|HqoA
z(SoK@8I15g)$?uYK&H6#|7m(ck`40Zkh>(2Micp*Tjg+M#tr(<dB(&DFE;krQG9e+
zA{)&B2fW7rk10w+2=x*B{sr5qW+D}th%*NL$Lxy;1`+q0a3fRd|DpQ-=QCUdEvZ;v
z^Vk(dT+#$Nagk!&uevm>%2Z2M3E#cO^ct^$#tq2$;Jh04<#gfnM~h%6Nah`kO2$<&
zygO_xwM4dvW{Ux;j%ismLBlX8<K!%`E;hdlf*^df$8_NTu1DAo{%d6n;8s%7ofN6~
zZ^{r=cNRD;Y7#dRHs;Gwj*u5-eUh6xpyeXi=)!h-T<Vgifu<cHLs{%lN#~!=yxh)x
z3Htu(cy!pI;fYPxkWQY53IkP9o`QFooOWIoO$Dq!0960r&vNZ<10t|u9O76%1vazh
zJucYN3)qS9sH7YbE;lI1BcGHotdgwC6i|C_eK-oT&UlsRT3C)C@@@-%+Hq-f??c9I
zbEuuhx=1rqrA#p9`S_0?_$uRKslCPnGN4M>WOKb@hMQ+Iy!Fk@{0bW#2EyhHrECkR
z7;AnHN~ldS9E+}MgQqXzBw%`If1K8eJ9Le3IHKBP7dtVasD+ZXpkM<!y7fEa1j^60
z(M4GA|3#KjmB~saLU&2C8<rC@=0uIyP*5vJTn0gKxW?A+T~)mu&*&GTU}g%hVWN+g
zt=NRb1;Mm<)Zwb8i9%NA<x~0erunuQjT)g)s2UC_U{tMG?t!XKbfjc;ra-pw>jzoO
zK@bwODdgeIy`$47-2m;D`9FOaZ(PXsF^XUyhZIwt)Z)iDx6G5-_c9UsDc=rBzZVfs
zM#wW?%3*}n4vkSGG}&M^(p29~pPl7?>G@pdLV<LNh`Rntmy}8i&;4@$FH+{x<>zU(
zPd%RwQg+43YS3_hc(!`1iHGGyAp;&V{un}I546P~X6(RdeD6J{FIxN+Ha3F6rcF1f
z`lR^f^dba%l+sA<L6&523D3VpO(h4j`LWhAYdxlYDoG^zkkE?b{qW~h)s$GhLA{JO
zi!tk_kt5`LEIce93txtr)U-rr4+V#0(#ZUd#`f3F%sC!oAr>CXjVjK;b2TL#UyCf&
zY(l?Rs11)9TIe!i9}YfA(}cr>{7(wakr&G7;GLr`Sir}SsrO8h8w-Y11*G+rU!?Q`
ztdv5bJzKLn0M&73xatIe#n}8wvgI!?Vq=*6M*^?_%Ab(nt_&NUksJaI@_b%T%`oCI
znO-{*9Fq9L7?$qta!{J+V0)M%$DST0At=#+m~_b^i(tH5+AMZ=ap`WSMPCMbcUO{=
zv{!Yd+6dQx0|wcBM*=JiEWbqcZwR<)n>Uw1U5cm|x<spe3l-j5XAqvk9C~Lg9pgG*
zq}kj2h<#nfkFKtq{#>FnP@ds(*PbU1@(LN9IHu*TOWt2hMi_Q$DNLOtUM$IB-lV0P
zp_B0yOpxFurhdJvylvoHG1DxS-P9FvnOXvY=-=>42DTG$b=n!cPCiZamy;HgdG#Fp
zga(i3l5*-jTb)`-c44*B&Q=PK*TTl65s=;+9C3n;?-!Pv``l)<*tZG@D;}?wRe9i)
zF1h`e3xMGA4v225KQg20m9UWe{Z%F2byxT&518%M+gG78hs)&J77tWoh5V8XC00nE
zOv&kxdLKlVN$tieiZ$Dx@SNsPMMP2AyM`>gusnS2g8xj6J*C%0<)CYQe#!+@WWSqw
zI9w=zSQ~izOoP~u>1N-&IA`kk5%0l;Mscy-Wa!O>>)n3*yV^E?e%*O}=fY<i@5vZC
zKiJ-4g|6yUF~V()xz{?$6(Tv|1|ckQA+KQlgkXxFOFM@ZG(Uw*@h)z2#eeITT6IX^
zd$w#0s453ga)o^RYI-+#)H^>zOJenrQ6AsZb6^QuUCHXJ3jf-tw7dOze_#ydgC`N^
z^pY82FV+2Pr{}~^m-p`4d&!{i+^VMz7$6D^N0aHZMxP^m^p?rc`3AR>iY>I3mdoe5
zO|lrE)AiXsUkWaFBSX*C9JMEaC~0A1Sd*kL`(L?^isK#*FDV54Hab8Q7f<xVW!oWf
zd`G`WEadrMU|Xt9?8^jik^(hMlV1*m7O~W@j!97Ins=EZcfCyyrpy4Hkazam#fdzZ
zi}$ui`NFq}(LZ~4v94r^?56m<ax1&pC`GN?B0gML7^<Pxs=W7QL;bw26UBPqy80lc
z+-<bJr#h4)MF;UlFXkv_r?oo9;wuid_B_+~Y%;W@h70MXjXSy2YEC2Y@&-Iq3LmSo
zNm79jtPjKrF{CLE(!V|@qr0`0dXc_AnzSTq4>HWu$9qn+`UHo&!a!f+`uKSW>d3o=
zX&?HhEX7(VGT0<mB9-mqAukW|KM6FQpJvDIiSW4AlG>W~LS14`+3@|!zTteIznluu
zwo>_^K#c;&F~~3z25{r2Hc*pXujZ0#7Am29sVPBgF(m{PcMsb+gZ~QQBQwLmeqUqa
z4){m`W`%;V*P2{!(a&*+?`*BTu4+&d8R9A?tzm}MB4PChV`+}*1DnK`UHD^+T~pZ7
z!wS;{W_?wTr{5(lJR;qy-L6ymJtJN_@33u1ib_{4^D1y!|7@R?3%WRdJjivonJ^+@
zjVFA{PAOo~=83tAb7c0W^H&`oLVKubo!|-8fipNtdqm6?%^=WL!*dRDCwoL*GHX>L
zYp-(Z`We5rjkrEWkf>l{WyV}jPTOgFAQEphT`yU@RoM|(>~Uleoy((ZG%$$FhS7!8
zy$&D4olJ2~jM^@is&shcVwJv>U~sURa%DZ8l1wIy*PeLhtJ-#IY;@3}F^*uNz4|!%
z2KKDX?__QcTQ5Y%;vt@0h(-8mZJUWOS+L=weM3Tlc5cLBn&(CTMG3?%j&GwUoD<c$
z@OAQ!kqnpGwhI$B0EV$);f~Q~%NsL57(%;mshYIPRK*1l=378tH6AR@tBL?Tnr(vQ
zUguI(ksl~{fw4DHBU0~J2mrz%E=5)4{MBk}3uF|ik{B)L_%~B0kNVD}cs_vjL#nB#
zKA|Z6m5sZr!MY!TZv*=>pO@Dx0>7njl{yZdZ`bT~II(~BC;-7ru18kY8>Nx9=#;SX
znB)oitvgwIv=B(MimB*3A?8aGT8h-|TA=M`h?up-VS_-?{%pb7F}a4w-H_GXr=q0F
zUPXC2`{mxf3?b6j*<^FqmsbguC?|;oJVK;);`Xer=Y6iHv?h%^Vjp&QMhB9(!*?f2
z-dimW9?>bLG#mFe5f|2Y*`HLDm^Yu28MM9oBt^VtJK-EGYUs<M+h}$@Gyd$d2Elhd
zQ5)&9BYdz{e-)8Zt9^WYWD}ck>1%&{J@zo7;#9ouLQS|DTai@W%i-6_z@E=d+up;J
zy6d^ciiZ4m=rv8Z(CQ>E=f#5IcyX<p-8mY}ceEnTwNhh-a(S5VbbDA5f5a9es!{jo
zgdC5LgSd)4-v+rrZn1j3aVvNGcgxqo$b%CgyBwe=aDVR(;mHMUVwbiSC#w=XU6}Pg
z-)ZT_&C+Q;nM+R}CM&}%DVi4Bs?9!LDG#s5Pid&!nr*y_FrXH&pzs{Gh9ItQ<Hfzt
zH_3M{vbSAJEtJcHQtmdMvNtaw&fazm%>LLWu(sW9T8<aHNXdWUtRZ;%X_@?cv4_Q8
zj$TkiN@JbfcGJ&jGR--8+P<+YlX)rwpX3n}0$je;T=Bj~f>K2<e6K3w)fE%YE~jj-
zG<%cJsEy21_zj~b;(VAn^!9|!Pa_Uh3ah>BcUt+#u&MUns6Co)6vs6n0pNE0p8T=>
z0#YD3Kf&><9zWG+(Qb6@tXEMt>0-#Lnv#p=s;MgT`i5zJ%;sWYs<;GM!F;dB(_`!)
zbo}o6p|26jmq8&2iFLU1VAH^GrTUHZfY8xmIG%8?079sb(a3y~hXk<BInV1gm4P>X
zTERa*=X{>2*laUxqSTUZMhI;>{lSc}^;c+oh+8=$e>JZ7z1sE&KdmvT57p!65BCxX
zySP@fBLj16=b8EiQ{rq#ZoIeG_I7(8bY-l+BB&gzm$uIX!M<D0*xu>PW`=lCvt}tB
z!|~4GGRyta4|Ge=Z8ArdY{5CL+3fiKhT|9R{0u)L*7>A94lAUFM&xGqHafg6er&H*
zpPiD|vHPl%vlJ7rKK6RK`P#aB1^rs@TPURydz1Z*OJw@+<Z|ohBY_<;`2kMd3g_!<
zfeCfq4b_$*$y^^3QwG*_>t|QZZacWPo{=kBi}@d$O!Oz5SE!3S65LBTwQKxEOE+|#
zws#+{9N#c=PB<Qm%v+U(@94Du+Kwr>Du<9m?55{~MF-xBHO7CRyqsxObD^2~b;0!f
zj1_LX#IxQ>zCE`i<QWkNN@jzfqJgb_S4;UI^PVfrY4Zrx7u70*Ki)|#Q?O5t`<#+C
zs=SImE=M|m!@WgC(gz6*hDWKHBtP}FnoUNEG$#Ek%e%e&9FNupI-S@^4bpK18eH?-
zmb^Ur-gHy=+%6|q_Jz2fau0?nQnlRes0zC5Zg0E9$YhgoiCtV%nO8n;@B6j>eEQ8n
zC%0Srd84#g&DpsWj+S@lz@*PUFS-tyeGa?6=W0bslG#JE{&EW;lJLfhlQWVB;&-RH
zi6!52UAfdD;xGKAe*c!@+C=^C?GvB6BVhEqLsaHXjw{_u0dS851%SBz#Ny7Coi<I_
z38NTe`;)r}ddsQQa)f?E4n~U!c}W%LqqZcgX^UeSfxZ23B9s@kouJe2?O`ZIUoRjH
z{p~`ZrQ8S+Z#$b>nu5``;Hm*RnO$oC&2L`3fjOR=SNE<1`#;FD9<5~{f_}e9Hx=p?
zv`5B0F~y26mwg$0oDF4K0hWtn-*8>2g@(C(O^@{35_`+VCp|m+w0?i+o?9j-@{B3l
zPx`{YFf%$(bZr!`uW4#wH}%;1g}|C!w!)FLuEi^n;+P4SbNSy1T8D}q<Knl_oB0<e
zE#boR<9om7CBoc{CJPXlTdr)+Qm&T*MP(*XtE=TZI~#v|d_o&{F*oTc&;Gi5N9tu{
ziT(IevcX-8&bB`H+Ajez+limk%yqFdbyrMJqJ}lZtu<aqk9FmPW5n!ndi!@?#V;MG
zFCz{sF2yVAuX)Aa=%ykgqyp6LTLKSf`myv-!k4)RKJ4lO6a)>DqL1OPph6|yb6vjY
zy?0XRBR3x}*yfE);x_oUUh=CZui~40WlfSIC2Z24D|H;fEh*D*los>cm{Fs>#F|zb
z-xE^hwQRbsaNpf`q?^w$Q*WquT{xC9Hfr+n8e52j`1S*}<s+f%-)A#^{G{Abdf~F3
z&ZB-^_EAxsOh8P~p=^9ZOQgkRIel$ymTt)tKOLuaBz``nzqKg1k%S>qw_(hApM(q*
z;(e4!^UV!lGwFJqO=VDC(`ky|aQaJt5fFErEC^Y?lF{1xtmU83Gi`7si4H2uexAoK
zPt`JIV<2?9k-cpN5OLY`sBd+!NgU@#m_zmO{B|n7HLWOAGaP9&@NE7fMJnuy7o6<7
zUAR~L{8_U`@9WLfy_CO>#k%K#G|}%n7!Or$n9E;yEbPR_-AGqp7P`iiOgn=+3aQK+
z>QXhUynT~fxt_z*ntg<yxjuSJ<r$$DEXzst@@n*1sCvZ<QHMFIfyVL(pW~Rtdc&C%
z;&^fQ0w+f6yZmxl#aL0t-AlwyS;e-+14A2OFMf*|+~b5FAGY5qr+vla!JIQJPZopu
zX!|nSo`-o`h?$nn5rGMhYeAfv-D9S^A+9;>T5PSNX~B#Ot1NQS?1$2E3I^@ft49#u
zjIoaAnzb9nXFDCWKaQN9WL@{}`KaUagh_2zD;hQiA9}?{VUG=zAg;1b-97Hga9yf~
z?mf{c;YL`_#r)&QaRlD=*0~()Vo!p%#dZ}Bo_$``?>V7yVCSDRWv6|8sIwRDVMGzW
zjc#47dv(1Vbs{`nTGFG}4%7=lP7>YYzR(Xl0((!;w0VCl%|68Vt!d0Y8BVpH>)Mq0
z<7XCs{+a#m5515yozpQ>GHf#vBGQAERLQ1`3rI0Q(67SW;-ZK&c@v=$|2?_!(6-(S
zo+j16w@1V3xl2lhjhr3C5B;EzG%r`rnoI9Y$^$^5fC<Qu7YAG~)H5=*>Sn<*y<yB$
zgaTD-L9UB(2GZJ)&slP{3Av+=<_oSG^J&S-j2Hhp7|Z9mb9mzNYdJB7PQ<n9?Ie#C
z;CYImFY)%1*yQ6ZbT)Pc3&JMb+wg(r#o?lSEOy^djyiymzYbMt$-s#|BO;UutqfMI
zdLhE`3b*H{vmF#>x-eYnijC`zv4=h8&vT+a`&-0AQW{KcZN^|{5h*5nX19%Z$7W+A
z=@lBtxSl~`_ya^I<Y~5?%2Zg5(5bp<DWFMV$5h-Cb13tP<nE|uvT*De$WPOH`l##2
z>1fS?I}_z8bvt?zdo+Xcn@hjG_X7x{Jvlb^lydqvF!JxFuY7lVTyvVse}7NHawhAp
zTHjBsk4!aaFtXUJjMv<{46AxpK9cZB0)~3g{r${|?cyVLC0|=sKzUb&vv3CwbXV8O
z58G+;^&EFEojmL+3RK?&AdcI@;<dHB3lJkGl1T?5SiM-_>eyO7%TMa!c3%1{t^}n;
zxGnNgRO!#1&*i=BUHxH~!teL;V3o>1>}pD9DcQ06ayBURDd!iHX7@cpb?4f*2O;cq
z4^nDhs|HIo@)sWu3(p_HzjDFO+TC{!IvP9qz3s!Cf5ykZe<Pw<>e0J+L{~gj?K|p{
zOoNGxr7O7{dg7j|!Xv6Tv?+LW)NI}^*r7o+6WpThM~w1P*$)@eKjR+LzlGJ~Lg#wX
z>ayYqz!rcVRXD5fO7-C|q~Yr4!n*#ZkSQy!AD5QDmNlX`0L1puXXlU^A=goXC*ro7
z$$`pT$o0j$WC1u^+eHM%@mtamWPls@5Mw)i{6HJ*355N1_<2|WIufx;`<R*1#_^8P
z6v)0NFuWI~7lL&1OW(Yi&q?s#L(OX~CWZI5Py4`Ap6y>l$2&MQxopM?RkIDFrZUF&
zqvOTPd_a|K@Mn{f;x|iF>6=m_WJfb?Hz%QczOp+!Ay2S5;KXYq1C(8P@qBqkzm-mj
zJZD~b?uXY)z$h5od92gwFZDR!A8>+{p&UuPci$dHsB}b~_Wd}$m<5kze!Fm+VuI%2
zRN4+eahz(RR5a`=$zvZqgJTZpA^7cau3}!Jdt|V*fJwn=*u4GFUD~up9-}Vg2DhMh
zW<YkCIAfMqGb`K(zw$FsfvWW^o)0q#xAK93%VOdqp1qS%;U22oc)i*SQmKkdd}wu$
zOPgJGn$HQ1=yDN=2O3AZ!JYv`5P-iom|YF%g?H03GGeDub;KJ%(m{{Um!{K}crdjK
zJ9QR95yD4Cx9#q_FaxBGM}<d7MhU;q+}61tXp*7Uf-FJ+EYx+KdF$tj_T|9-b?2Dl
zWENJqUI=kHhJl4*j}HRiwzE{_^2x+(Tmv$@2xMo2%K=tM!3^-X0ti}R-%ppX*flGh
zw|XIg1mMQ|+YdF2Ki4OR{-9oVGm1C59UL#i6?Lnhc4r^f{+@oAdV3^(%hM0F8)*~|
z?LvfhbcYSOw$88!AEaFG4?ldTZ<WFidYsU@IKV0DblOu<QWQPB9IP>Bn^tC8EQ(wE
z<{HrBe-a9@ORjNYOKWvl*~tj6FFJG_Ytg9L`G$-i<Qu8}w-@ubGRZ^OBJNoyiofX`
zmVciqct)BYH0~#oU&sa+^O1d@lyihpIdRk-tk&fJTJBEGtdCoX@QPb~C`Q-zPEXQ;
zeN{#9^(_^*^=1#^syKyNnJ^8N-KX13)@eS!S6yybH|C{{kiw_1C>6n-t+!T9dQki%
zR7BG?VVox^_^_C4aI<&$?Ohaa_ab~1Tk;#tO$Z2fLSvNz(#d^whNJsQvYjkSDrtMB
zZf}@e{Gx%7YUEq!P>{T^_X$r3sWDEc^-i~WZCj$<P;2pJn2^tAomuzZF3sgk@39Eg
zUcX~d+TA%BpItvR=M7_XNND-NE-`rxt(dUMWJejU`kG<_)v$?@Hy2$JW=1ZK9P{sa
z_kCVI<IhdOQtr#^w1S@5Vri{qxBI`W@w%csV`4?`dc;l}UTg}B-=@#Upqmch@nEFX
zd1Q_!kZbO7i6R3-_?CdtE;8-h3guBgr4|-9?I6<f+~qMR+dj)ob|vz}&+*|2>_3P2
z-YNDqYc=;@Mbsg;bXI^BN0?Nl#lhY3v_a<y!O(#CcO!wO%Ls4G;EZR~Uig)KLE+hN
zIpDh`^nc%uA$K`-*|MquYeV+u$FVEB*FvOY`92bvCiU??C$pTzhteUz1|#1M`v!68
z_Jkcai}ixe(&|KPyR~oq^9|RAPEOGm+zNs>wGSiju1oqo@vC>VQZi>@dbjJYzQNnd
z#{EG)a@TWHpRApf_ZE+t)~eeq$RRUT+vlGYt|HQEUAFO_RxP>q1t#9-P{Rc@nALP*
z^~+saWZM-oqMeQyX<wK*OyafM>(=7SlF#b8)NZEEyf4pxS?|$_HoFgeZS3SYrsfVm
z5nMm%#~jers&b~wbn20Kdcz1MWnO!5vs9l}6PGsSd)d}ud9xi_Xb;aRGiUBIaJcLV
z@86>{oBj=s6Ah?i5x;ltg4U?h$M5>7s_r)2X+x8hPd=ediG7BP-tT#s;UjNs<j*z_
z(C42-sL)(a{xG=02q3yYJPRiPhZs&d!|raxZ;v|2=SxfaqegYk_};LKIBa^XM;*9;
zS-mX#)pNXeezI-5MkJk3Qg!WE^IugrTMm3Z5$@IU@+`2YMlVa1%=JA$DC(T0EyO4K
z78uB#D)~?dJ1{PUxX#h>+7gxk_pv%qvHGF!e$&;iHA-GYuf@MJI6l4}CvU1n43{)*
zi-B<<N}5l%S)y+&(-ht~#5$c;lr%%)1gy4(oT<)e%^2*CnwDia^yWRcKIoPhIq_rR
z`VBOexsR9OLiWTRE;`~f*V%IcV7*V0uM0jpIP&j`$qzpJ?zy?kw2uF+w%kYNqKTON
zg6}GIOXIRH)S|>k8pZx_sY>`^T6i~0rtG4HSX1rx#zot@_&bDnzF0F(r}Os8=DSag
zGNJ>(h0{Zo=UsI5ZtTT2+|FFSzow(tnqRG=`h3e)Z-jXH2q?XRy>+j90r-0-4#BNt
zS=@i{Sn-KGp@2~O+nX9f0m@R&WUKB<iMDs>WwUbrsSkAB)Lt%6pPJ9X2nZu=nrZY#
zJ{QcEQ|gr?;FfhbGG4ncl0sy}pJ{6>Zm4TFTgx`EkbmXUS?|o#>!o1&m@v}XVMAf&
zNa@VFLXMrj^W;lL3cWd0hc6ix_Y!+kHC=-ru52;=bQKaW;?6QkUb7lmIuZbSi_w1C
z^yNiVj?CS_%Ckf+(QmUitbg2397qKlRy#q)MXZe$cipldpQ(mxj57v2n0=dUK2(*0
zIw0UyK<6n&pbYLRgnsobEgqbe)A#mNylt;_p^3i}68JDy=x8wC7azmGwGrhq5_~T8
zPL;T*(B6sd^8kf}%CpCZMPY8N454477<IHB*vvCGS${UEN;W?Tz3c|OAzv^-LkC&(
z-Wb=%y>{im-(n<KvCIngtWvs|>?cM0>wNY8LX4s-wd<Ah#@cDW`9*QTMub-Nj`rEl
za!KEX9KW9Ev7;r$Izsw!Id_PJ`@F`sPwnxf_MTbU#Ba&z9>w)AkJJz$UbV00vwS=1
z9?QR7s|BXV&2cn~%DG?F;8fInH25?%_XVb#k^Y#L`8OU(e|3(|YzSV=DfJuLpW+5}
zk9`BOrO}f%Xp^gWjP{X%dn>LRdGF^PRA&HN)sJTWu-|AdT=_tk8~8=J(1`U#Tr7-`
zsESYyg=q4F{dv;)PywHCPcg2y6GzBfD*N-9(TE%AP}++~Rj-p^n6ypwuIdZhgQ>}0
zfk_o%k~)$jS+k*J_L5jKss?rj4IRDpQ-)>}G|Uz_m(u3Pq}VEdGM9^%>UDx60o@PJ
zH~%^iQp9m`%Es@nPC{=oZ_Sc*sonfAx!Uyh#H2^@&|#sw<(u9`?(3nM*0?ni6l?XR
z7tXX}#Zi5&qkD(LhdXov#oUg$9|OPP*6a!sc2SJo)FA@0io%L_-T}Aij%VpjBOYIk
zf7ScKJIp_|^?aM-^Us>HZ2tf;_xP3jOER@+paT4O15csnIG$0#kRAlXBLQm#JPpFX
z4$Jve1WNdTzrvak@D=o?vJUn_f|C8g`DFI?!*9q#JDH1WRA#L%xovUTf{IZI`nn!z
zAeTLS<P+~WW1hrwAFFAf1=UjC>FoIhz@vuN(FcC&53+_NKcT>PCA=uPyHo&`y_l`3
zv4<6fKzbS}0&x7lZr9XcnTT*T>ZEmsU0FubGKIHfPtdq6qx5>@$;#t&xs>CRKf5I1
zOypXnS3*`r_(EAomp}}UU$-t0&S)p%sOM+!)s(~J0}d5?Fi9(O#7cagC<!R#Rm8rW
zz_bQmysRTbPYMp-yxpFUA^;Ze!Q*zxHoz8yQy;)dA!8%>&t7FVJ%#bpz~3^4!8^gD
zQD$24yc#~GD@ojTg6eAF(CZ-Xf^+4KXcQ$?yrM^M43^n&)O(V)71e10ZPl_}kMb};
z`eFq2{xYbDORC+MUyj4lfY4hc9Qhu@lH{okqrvY-Zyf{c4}RrV5VK{2jLPO1vMxRQ
zq#9BXFy*EaBpYhe-upO$HCS1Fk&(@ZEoM<idcP<A$tt;j$d}N~yyC%llv-$|rSi90
z(dlgRM3I?j@mAvtbzAI8wlB08P<~a|=-%B-y3{ivt=FW^4ZUBfKF|lfHt4uKECCG^
zmW6KBmzQtn38~nm=Nzl8V(Qalgyf{Kh<i=qc;2BXkzST^DcSbp_&x5=u%{;o!i#;V
zOAXj0`1oH}@A<W^=tA0#;QT?;p_zxT-!W#LW6TJhD>|cKW}q*|5Y73(%&K<Snd&R7
zj5X}2vD-oxl3;~hq}B8e@hn6|OJ4CG=cEi#H-{^Df~=!u)JnZ@k$I=fym`+)sXbUK
zQ!?yQX#-VDIo50?Dyx;G9;oKGpls)8X6HXwWD`Iw;Pjv}T&n{#Y1qY2gD4a<)^kRM
z&BZ@Bj1x#E0BoK^|4Yv9hd}nDFIGcw^3iJGeF96&o&u0EEyy~>bSmVKq{$zbM?q>A
zyTCp8V^G+#)y`NtX*ISN8`e|JgTmmZ#2yP4aW(R%kx1+l+5H`OQ@^T-2EA$bLEgjB
zFRErn?5Su!<FNxcXZ>h$*p^}|v<P99kHA-z{+?KVryg?08|$5bH<%C6rp*4ijh`a}
zO9b-sF}yU@egbQrdaL$||GNtVPg>HO;1C?z7#`EsFZ#P19HrF-Kga1~?Y>>+Z>2R{
zeZGet&9cG=f8rN+6c$9Dv9cEh5IUC@?o~bEBdDT|)eAA)awoL19*H3B`G{)xBo9Ri
z!UO-HR(+6)z5BZe@J0sz&Ym95aSzM7v_~fO#8z33S=p3X864D$`Z)nT4q3d7!lZmX
z8UeT8w=y8~>Anln1b@H?ny^fN)OeE@W9J*+v8)VY4P{8_H?pvFge3WwY?!IB{LWBm
zkoc{CE!ztjm}Exh&nd}3L(w7)2{q%I%o{oQytDX5TCPL;J#K3ksR26gN*!y6Q(+ee
z3(F?P4$D}eE}gU52}pxbZ64&@9rC9_eYfp@1C*rUI+?<mN@yq9GPW3W_Evr1(`S#l
zkO;0yY+!Ll<d_xSv{hqoSytHFy3K;}Lf7~2g^e5<-W#-qsGo=pP78c}#QrzBEaHVn
z7Jld)R^BsXdiWU|96P++Q~agB=%fAfx8WZ-Jw!JS;;GQ*L(9%xk1DnlD6h}i!WJVN
z#SRC@HywUQ4<E<vp<4%eXv2I-sb9$o%(C`;H%Tmj2>=V;gvI@L{24JSw8;Q!H&!~Z
zA)`@&$wcR!DLF!a;dK;vLw0ux9>2_7;rSfyq2RH?eqmwW_}N`iq)@=kKvS3ms3*MP
zQkdC{d#w$hK!Vi%LA~6A)WTME2sS7QHb(LYC24h7)9CikCDw*b+TWrLuNHYkucRTN
zNLJ*3MdE+(bb5}!Sr#GNG5`A2qh&g+&fB!}uE32AClB+UHb^J`?-*Pp2_R4Jugm6t
zfOSs&*iMoR{m<}lC;Z3o<m7y7{6sfSR*sK7mM8oZIz*p}UsqpBBe@4vp?{qK`~$xG
zj@;&d*S)U4*!j88X<#{5%IQfkE@*wt1S!W9-BRfCG|u@ytJ(yCnrA#`7LpP8op1rK
z4m4g1)HNJpg8btB{phSK89V&Lh=9cZDDbg2u2W~;PqRqQINx_ZZjLpVisZL;-@Tq*
zbw3kLOX22oyOox_mpA-B<ZTj%+L6q9BfF`xQ({c(cK@&yHBbB2E`~Ghvu#Rk=`Mp>
zKKB1S)Fut+uKL|3c4Sf7aaRXYIiu^#RA<yj8<d@`ZL~VlDj90ZnSr^ZblYx+K1gcH
z|A0$FUVm_)1M&P`|8?K_|0?=Wfox-<BT;l)lz3c_ZT~TnBl7t_RKTwVqtM%m)KyvE
z`dEi~CB_w+e9u|=&w^uU9`+;U3J+(vzY6#|77s)ZAbC8c@W0Lk{{dPifs!?$sRn1D
z+vtIGARdU|ufyekFqc!N&<<)afK~E8#-02e&hS5D`2IJ1^Zz+;Rs{>1gBCqaFSRn*
zPV4e<GXf1&<P$Z%!qA0%sds2Lu^0|L9El<0uatB=$2aT!!u6;o8=x9NeXh`MUy6e!
z52I;A0n%6^QH4b6u<2DyR$d0;2dj?&B7WcW0@Teh0#UJ@>XGnWcWnydcQCDBYbO3U
z(E<HfKHxLFO9!Ce=e*2Ra;)-?LH;!J^l(B<WQ5|)YsIPL%h*9{i?cBncA^H*evD7!
zc|K|ElS1@`9jnp;eX4*E%jC<I>bn&{3lDt2y5V|9{tSBl6g>%#49n^DJyKW_hA7EW
z{ouKf<{Pp#5%06Kf*ly17Xu=kasj6g0^9%vqRhc`0=Bs^M*<l_$L<RTJ~&-uY23-^
zP#56>&~~#{1<h3Y!%u=`WfGL&nhy{HXYh?6O3Uk!bLrYtMZaoXH14LVO<Pi|AE0S*
zK}nc3F%pva28y40+<gR2p8E&G|KquY&M;d3o3=PpcY#+UTY&usyf{&t$)?{~1~gaK
zJtqCPuMg3E`}&8-z(YlDSd}_uXxi7ME!87L;P=kf$(=4N)5R`?Q**^DaF;{?V2{2K
z_4p|1IYHh*e^Ocgbt?w+yBSjVj4Jt(Fr5!jpHi>+Ois>7t9fR(r<FI7%&Q5n0S&->
z9^vZZDS7((()au4m9@?TX{Bh|qjFE-F?#ZYa?RM4YD}f*LQ>bI^k_*4rD~mG0*n5D
zY8px;@8$tt)4>64!VNXa{0gTH^qJLWV7SNdy@pfeHbe7S8brB_wZGBXjqRytymZ1h
z2n+|w@c`UVd)P8wESFkH&klFe>XeQ&8T;Q{<!GmJJ^8tjId=rK9mV3_VXrdJFQe&k
zVMEOON%DBohf4>e>Pv(}P7Rqo@!JJ1p9S`qu0{OQ8&ho05f%dN2%f6<kXD>zG@t&9
zVNqXFFArO|B%lEm8Ar3pk}mrquJOI;(!@%B*Q7~{jtabX#{eSCRiSo7*GyE?9l4j~
zvpp^x)4#lALc8H!<Q02wupC<ayUxwirhX39g+abuqAU9GyNuk^W8{JPyd%%?;|zsP
zJ@;1@>*5DSdg*BMB&R9+Ri0DX0Nj8=S*Tm`RTgo2=Ko^JBpcrK(24l^KLt_67$Rv<
zm(TIvGa1&$B6O=m*@KXyqeb#ca9{ei{QyFtAXvCmJ{-+L<?5D@=2GPHvS9vtb35pC
z=W@1P>*NE*k&*Pvz@Z0#IX`?$p@!+z@m`wNb@Ws*_4RrxhVsyqW}{M-OAst`)Dmt?
z7L+LsR~I~X6_|)HuTMre^`;Xp`E_DZ&5s;b2(35_S85{<be}VXz)zpm9pZeoJ=#8d
zw7+qv=FIu+`_a+*^Jd_J`_{Er{q99{B)gZ|b$K_Bl9J2&y$hQ-l}i<vRPb_zAkiux
z4k9{l;x}R>5&^ERpL{nSi3VtpQSu@lML9T1^8O0wMBnM7Jj_Av;o=hH_TInFRj$JK
zvUQdiKwUs#6>6|t!>B<Xbezx$;K{uZBLUZTs|LKws$ZGFXXiZ8>*fOZZK^ui^ltfG
z9wnJHB=fD@GgF?w0@8RTGu9=<e^dAO0RUT$x(xPLV<}8+r5jbgIbe4T02O%BSG#FN
znx2^f0|Xc7J}xDDJFvfWmuyaM6e|beA;n3Ap%HuW@NdGMwm7mWoF!tfi2=h7)I*18
z+;Z%%nr)I&^sb-62jzl^`98L&4}WUZ*8J0!8EXi{>1X2FQbzdoI-gH(EUZE}jB4+G
zgcOtvucRp72gMzwXG@1#;dS!@Qa|B;IAqmw!|$7cTMd{$c{GnxIb-jxXi``8n!bsl
z9ffWo7*f8k``)?b$AKM^w%eB9o}N!qtRMKT^bij)CqcWY8pYsDmj4U)lp68&4=3;?
zuY!i-O!_?sj^b+nUAG-vm-^_qElJHSQ1lK5xvh{fC;ydROf5;NU>V4bY$OohIaPzi
zIVX+pS$)FQa*jB<5ON^{K7oQwI(-9Omy(e)PZXN@hL|qJgr#382c=~ip3Z@P1+wC5
zJe5CJhh-8j0q8fB)`J?6SMSKejUST?Svt|=_|Ux7s*e5<6Kaxr7?SzI#LnfQ0wlxK
zj?!#Gvv}YVtTH-@de9G|htDyZMtn`gm|-g<?!~&vPFk%EV7!r45*=xqdz=4j9jHLx
zj<V4GhYHEb7!)nf!)n!oqPASpJ&b*mP5GEdY@M@vpuIiR@fFB<@S(Fa{YG26AU&K2
zX<vck<r$Mdouo?B7%qrmVO5?g<CPc5`i}jY_|bIvc7b*f^HVKyyTNxXitpzOmq80g
zGA;qF!~|eOHsy*-D|qZzZ2SAmw}5>w?0crIE0PjRFG5JL5ywSwC*yQr&^@edQhto?
zH~)t}e9w|4NX5cB4m$@<_ST(qd!sD4{+lNozzhU>vl<2Lta8dm8!rg8{Gq_#vv2+O
zN2)=c9Zq)xS<lMjn-5j6uQoza4F0gQ?^(F?B30~g|K&qf&s(;4Ptb(!dAxtvysawJ
zz{cWk`XJD<s>A}?e=&GLZdN+5yA<9*2DtC9{DA+~Q31%J<9GydQ6d;iAoz#X`;XMx
zq#I@j*>$4C$oFXf?LD{-#psPaD+AWQS;0tonBj*Q0jyU<fkUV%a#+BB6N9l75!jUt
zC`PsH{b3!0v)PhJ!3_Vfl>aplX1Eh-Yg%*%^XuIF#y3G7Nb!Jw$t?@p#0a?KahEff
z9|+Xu97=a!Wmx#Db#`ptS-<_sAHYkMy-(DXxkNzx|Kc$F?QdA=Fxgmh=ZP5QUGtc7
z_NAZkQ+!mx{-fuaKY9*OoxWN(ZtV)#;JvVrYJ3s&E_BsV#INKp^M#C@`n(D6&dMK%
zn%Y2j!$fBA|Inou^YN-|vqV*>8UcHMsp9MV>8@j-JUWowh>9pmvn&zdMtYOLe9Q&3
zqC?hQ{2VqVokMQO`ZyTLZ~F3`dR*_7mly!KM!_Xr1t(BctNR}QT}q4`toE%tb{Sn^
z2xXti={j0XSYDe>3`X{6YIWt=ntGt*Ea^b;^MC8obDyunvoM)a0Q2+_?k@YG4D|Ap
zl=pNj<c#^3SijPMG^PV6&ed6o-dLX#Qyv4nP-%`n$H_ZJtK$yYZ@fX;=6@9q0wO9c
z)V?Lkn(~3CqK6*<(q74kQ7zce3-W3^gT3XUNl4l{$c-_x`s*foLI?z1dn`3kG+Kxm
z*V&vZA*!t=#v6F;3-J0VxS-Ph2to!23pxcLbxV-?Uy=(z@ht~bopXxKrzg1MAvSFI
z)Arb+sD1)Uk+$3W=0T#u=NBwpt8GxckjGpT-RTT)LL?>q?=FQ52NHEj^0sD_HPNT%
z_)qU_4}p~!Es}Yi{J8=&r+7N+RaQdJ)3pfcNcu^F)I;HyT|hqMX9@iFUrXCE4dcEb
zrNiO1g+x1v?Y(?I!81RXG7^9tN+(oy08LJ&{ekWWF_K(}#T+QQOlHIG4=EPnrF!Zm
zR+-QRWpuj#V8Z{>mIhGav-o#U_zK?CL|kK>h!ZQ*;^aMC8gYg8GnHX#4P}951zJqE
zZ+jFc=9XhNoc>C3j#VNw*a&`4;{40%KE&Y0>*qU(w#$L@GvEnztk*$JDfDT6qNtIK
zG)efLR|^(x>F*1hyo`CN==)<BdCeV0xc_)6imGsV&KA|{=WyA?nFrb{`|bm_NBpAp
zy+gqf)u5W~wowXV7&OSz#JbXB-*uxm2-UO68L}N9k%Vo#^hb()n()ke#o+Clx^6$D
z2beXfI7W9uT3Br}`+4<Qg#&uj(?QEi?v~_pCD`gU-qcWBtrw~+OqN~<$MdOkj_o=*
zOBZ^JHM~mjO{PCh(nHKs`E8LVO}YK&_!ZKPmLM2(PcZex^_eWOemLjstZCO>G;h_5
z>iDKG|AIWkjY_P(&l~DH@1-A9pEExrFH-+>r2?~jySYSV%#+Bb2~?<L@~o~&@}_k1
z*0qOZ1>-&llJaHB6II@^79aj)F?FoI{y`HsEA8cJ+S{dqtpy8ilMSfCLNfhAj}ubw
zVnvE2<sV);%0&NMCzjp_eVG?BH79Q5`8o96)qMA`P^W6X6@EkDJeszRB^(W0ohU&A
z1k&tdq?7k=HW4k25iQKYbY?!?cd3@76%Q-pO`;Zh1N$}c@Fku$odN7Aa%uVwG72@m
ze)bXqRz7{-I(%u2-&$ZBPEZ{`$5nfmDpIQ;-{Chgr<URcZ19JmPbC40v3b)PjNVFy
z{J^&>|3ShrJM(CUYG=3*=aTAGanxhGmdU<4e4%d-KvElqP<2i$yg&TWmgdUP&4WGJ
z=(JF_5rYo|>bBMarH!R(H@?w1*S1RmoWz~Cdn=ZE{1jQ7s3M{B=-Tp&Uw{hZGvMe>
zfw6K6op0_4cGMZFYt)B9w;W2-`>4W$F5oJx*`~+};OvZ8Bmq#b7ilrYO@iU&_$+M9
z<OjnBL)eAYd=eA-fxlLpDGbP%c=Hr(I2<<^9NaIBTarOAHRzf~(K0jsln$#;b&g~1
z1_u$XzpX0i;Jl6$FkBG9p1^vXU7|KovoSN^*(mMtMKZLO`hBq!p*B7ymQy>@J%~q9
zB_Aou4(x!re>gbB#xNF5jbV)<R@Ijhst!<(*P#MXkT9C|t@*5K?dP%>jN#9?9hR!3
z3vL?DUlC}Pe40sxbMZ}fM)Mht;(JeyACA4A2z(Rtj_7Da1uVECRrLvUXLUahS;7z}
zX|gJD?eSZjYOkF~Pv@|vdyz9dbNRAMy!j1veWfg4H824WE$MsftN1eOx8n$+BY`A!
zdrXteLDCRkdQv5(F_wD!sfs0d1TCA@<CQ6O2fWc=1rc-j>As~;CFnvYn8sQxf*PIG
zWEkMKN9V3@v7AhiBlI2Q7FwQ<N}U`rHMEj{I{3SZQRYd2+B7AD4d?b!?`@1Amy~Xu
z-D{iMyLb^&jg@^u?nntFcs&agdO@Xo*fsQEsxJh-`q`I~ALS<=$Ah4%Zn-ad6LU8G
zZaF*?A9KVoU2_E(HTYKK0=-PSqzgi)f-h0F=t>;mMlIr^SLGXVptA@olZXFOxNjN#
zcTEr01G6PfZ!S!u(Q0X|>9-P2Q<DK-?_7ss(ug|mtcO;(9K27={4AiLD;Zd(ZBX^8
z8%vdQ>Ja(!{2`UXk6xi0t%v4yQ_@i&eRs)m@D@uRIwM#O;cB^^Um~f*q}DbV)0TcR
zFow*=z9Ul;klX!|Q2M2>-C>&5VcOxr#N}6j<RwRfgm)6Hjaf?6M#r?6tJSIsCYsnv
z5~RmH?Vf%i_sOB9d5Qq1N1YVyH$usP;i`$Sv5iMcG}?D=;iy1_95THM$PKabOnZGF
zWC_3q*p+RmY9&wdW39GJbvB2ql{K)H^(Unqui^rBHmuTTX1-ny2{UGK6>d-J&df^d
zjfTu|P`&T3{~+O33kQ#;pG1!TTjGBOIynWbV-s8hZ{x}%z}4)Jby~f$jssKVmmVHA
z*Gt`Y@2u1ah!@3+PLxfUgvN`yowu|JyXK83*6%s$+&qU{U1&`?ayJ9)w<}RhaySW<
z*>>MB@9^_kxGlmd;&O%Ti1Vm&+r&o2rO4xiYPu}v9lQF_*(^9TpJ={3l6r@vfx&6M
zaz*p%u<yt2h}v^|mef_pg$CKYvVHvmyn}lqBMPalkJw#R&NQQ$qLM-$bhG^(a+QgJ
zH>N*_A0j;G2M_%*Pe&WwqH2mnx>c_ZD2`Usnv;3A7uj`aeXjI6J?XR>ce|m))QV#O
z0&w9qb*V*l_GC6O5&>^opWuscY>>MaUgvZ4ZkrbMTa?_!&}OM3sZg9Y7LWC)=R{0A
zep-{VkR86oPRbA$=P})pMDEO@I;YiDx$qTYEY&Jnz<%jEHu-Fyt*DBS&4woJ7@git
z4VAsC1oNf!yu0r&oxOuqNn^-i#%gkMHklUXw>;fQDWS?+hGcZKsaRwdh^1&c!q43Z
zP|3%Jn%~{^YmC=gPxY6t(oHpP4{GSUy4la-GHco4U%PLySXUrF($H5q@{1nM7pd%{
z&Y#9+a_ZN;%FHo%v;K(YP+Gs<Jy)+}F)p=w3Fp^CKlR4vPMc0sxf!#^*wNo=`l<MB
z2QLwrc}&~Yd~%$x!l!4u&$O*4()U`P;i@+s`KWd_QP*90bmfeYt&F1%?aGzvOkCa$
zlFiCpe1*$9+%whd;{KZ<n1D31h(*``gRSe1YpQA1bWo%S3L;ey5D`#%Cy0QEfJ&3z
zA=D_n7eNp~5RhIHq<5uC7g2f%y%Xty&>@tBkb8K`_rBk~_urgf_U!J=&dxmZ%$z#e
z2jI_6M|*3GvJZTHaogN95Cjj@dh32jQqXws&BNURR{sS)H#R6bzCn)`nWj1&e@~&x
zgijEYF8AumX?O1rRcy_=+&)l%Aalg*9LZO2-*}d9PwY#TnUygP4SM8!kXDc^W+_Bk
zV)vv26h9g^z<sJ@SN)j%23*f5D5C#mQ=qC8>M?C@D^L?<3B7AhDWS#R%PJ}+U-J&L
zSmF7*d{)@Yd;4AL>viIud;!Dyl~7F4+vi1Z)eJ&&CYc)(SFdEw-}U-tY~c&>U;8|J
zYh?PEjjxsMOFrE&nWzOb=b21unOj85P?54hXnt)kb6y&*Eg@NZxTh3Cx(vT$DST0X
zZvtE${}Sk}kU+~_5gJIKkvR5uoNLQd_qqnVnC>1?`jt+GCeCDw-U*b<8#(hV!{cE-
zkFpD)-i1e|`r8t1E!O%>Ddi_Z8~Q}6ZRWdTApvvs)<k|R=ua@KR^-4hqhnS?HFh_e
z+Yu3nNA7Dhrh3Wa&W6!4)UPUP)KCich`p#jc{@Q<zva!bH8ayXpu|KM(ke8TdfR)l
zj~nHcbZ}HeSv16oIRa`uD(mKra08|tO)Kdsoyl@l!PWBe0ie@$8pNEJf5$L-2dLB8
z4oTpz+p;nn1c>WW0qClQDzllU<H^mHbb!sh_r0i>O6GYLj-hPI6}g!Rlyew1uY^|V
zE1+~FV~!__%#SMTfI<Ov)T`B=57{C~O;yK}vl9|Kvfdb6&e{|+v&Y?+RW=9&ex#K}
z&JX>4FG_o@Wu8MhV?6~t7#4#LQv?c)Fa68oO}t45KALZ>4@hJaVe$p9X*%G)Dp$xo
z@V_h<xcmDYW1^0HFmhEljors_B;joiaZtJGG2BmvJ-|6H*AyDJKjzoDMkKHXxovnL
z;r;fTN#GIOUS9!Q>@@wE2I4>E@p~DQ86{ctR%g+q${F9amTcHFQ)J%Vuti+ZGWx}B
zK_7vmOCC3qZ_PQ=8Ti6PrA=9ZXkiwu|Dk6mSfh3Qe#pEJ@@c{19)t2yya;*1&JnW+
z3dJ6X5VpG`Fe~b~+Yb<2JG3v#47A0qE{&{U?DNngnAU2GwH}~0pn%5QA2-6TGGL-9
z+#geJlYT6V-5{%7<;pU{9L?v9Z{#u53f*wqI%xFIk!I{SY_Xs2g$&yUqH#i6g9bcx
zUV~o`NSD@j>)bcJ&U4cF3_?>C4OQi_KjSx3;q!MM0<9+gYctd6kVqGrtvM4RuRDIb
zlTFFc8{(;1)-U$q+a^@Xsi$@N1Kok_K`w1eRSZ1}sN*|1zbJU%u>!^z>+YAA67HUE
zG!p~#L4wS7iKYPPX7&gKf!q5vX5=z^+M?7QhB0|Bl{=If<>HTK?dG1cL$&18B|>d!
z7)q!1&niDuKeZgZ1#k#61mH0Bp=1OuBVOd*Gn3liM}0rtC#!@IKna?z(XrYS-u?my
zuhs`u5?k_|$=2i8smvW_PXYT3@!v-h3UShI_S?_(!~wozCi#Y4(gT+OEWKa2!l0=J
zzq9WBRU)H=a&Dj=!Lr1``R(Lq6V<`vn<D8xN2L<tT1E{qVc79G_9;Be*S=4`9M{Ud
zBZAz3iXYO3HQGQgFPD#tU3O%bfP(6Y|B6u@G-0P6sH8G$8aCP2FXghoY^PfFJxYC{
z(BPlwzhB3m=?6w&H*_~P&b*^M9#vRgR_)i014UhS2hLV1*ppc_@sbVd&DSI)FTR+;
zn`fO0cwDhFme@(*{=pbkpJci<P25raZohNRTC*l(UCwuWMXPl(Xn*)SpU{+B=39CI
zDsfp;G+2(|e3bbOk-{jxCB?aw+U$#7%}j}|9IdpYHaknfz6Ov-o_?FE<nl=aQz1v%
zP)hf4kl+YY6GuM_CTb_J9MK$xM`(P?b2c?@^w{rpoKmmSYm(a<LpOovOejPJI9PlS
zXICgEobs;A;P?7JZQk-fS9AQu0kjc70^sUDvFwxnOQLR-2vfP<pO58Uf83iq(+`xe
zU2Qk28%K$K$|{=h3iA~MFM1`Ic{>d`9^N1_Ie0n4CQ6>BwE&ZXKZPlWNChAdwOTRd
z%JYva7gXk+RLr&T2Tb1`_pJGJxE0XZYkMzd!_*f&o=Ik(H?IC8dWJFD063tL>Jy<X
zhL@}56dp}i6@nt@kZi;<R4ML<!{}g;9o4;b+{XLk9u%78CxDn0DoJcS*ahlN9$r5D
zjF#cKX9$!h=)iuJ#)3%GNPJ@i-~c0<4Y22|Y8S2;udoAis%dc1Xa-1xO*U|MK_h*v
z_x1f0SvhxeAved<J|!8iVQZS}<ExMg6WGryA>}@~0^KFAa^C?VIp90pRfyc>Q#TTc
z&}{X@qVlDb)ZSJE?P)lvq-IcLJGgfaM*`G7sl(H}K8?IkL)&{9Cx;Qxea>>>sCMbd
z`!6%?TO#D&E^YKzSPqkmY6@ZZv1X-wEI+a%`b_kmlQtkk4(eEBe=UDIn;qL$$|qg^
z=GYxaIU!AxVQi+kK&#~%lBBKof>L$Rpo1iByeErTfI3i|<vuyEysQ7Uyh4zI{J}42
zh55xn^5YlBn|rGB(~n{e!dE3;4o!sl95hgAT?q_V2nJ0^x~ldXu=ood^bZQAzX;rq
zmjvoS9pgltIwB-mp7ybH>9}sruFUjmiG9(kQWwZf5%bSKTnFkOEy6QDiA1xA@;HN5
zKic2^`PC#!p~a_wF!RY{Mig>#q9Hm{pg&}UO6G7&!goA>E@DiCx+3sM_g=#4fHGDy
zK+<(U*i=Llg{XYBnH@Euw=MZyeL$|K1=}9PpI-B6#?26aGMf$Xyw`u+t9Mizj2p~q
zam{({b?&LM@bk1&(6pd4B!NPk5;BKVtT`R3GBf(-OIbD<=ceDt5Mv|Ggve$u|3MfM
zbK~DYgo6%jib#w4#?B^ZgHf}oQmXloRX!iuH5}Qyn>>A7lsqWp)R|<*nJ4tB6$E3g
zl6-N(swMosqqP}zAK~fKTu&X~M+H4SA3FGOg1&>%%s9pX>PnN*)Rc2J8h%X8eRu<`
zX6LX_Xiy>CoD|gI$!}7J`woyn6(l_uei!vhh34<ta&PUc^Y%3YWN&g!(@M!UCiG_S
z=GbhTcCzziQF%w(2z!S+pDp>*hpRALfr6~ZN=LcX8e$To*wK|rIpNG`M|ISS?vG7K
zDxC^E={pzE*9<x|KwNTL+1wabdzx0UCFf~@?^fU0lw*L(2jBDA|Dn5SM5uOF)C(<S
zQ}EtU7h$Z(Q&&7@S2)I$$@ukX4VqSu%WwYjfYr3m>--%K{T*C<xLiF0wCXcTueg?-
zK3zA>;B~$PRdU33+^O9s`#6!Cpu8A^J7STVsImSmH)PN#1PfqPqMZ8XJEOq49A8Z|
znwi0@@eAT-87@YylokKj?cs8d&YLE?_W={v9Wz%9_pGv9u4t~<LHZHzfF>8${tZ0+
z5ic2rY0@%=+4@zbmJJDfQ!uEm+zA%=py!54l8eY_I8^)oNDZ_O&Q5o&d$zObEKxpd
zJ>%Q)^@af7&X2A8_EKtwC!)~Mg^#xN!Y|$_fsCx3Gu;A8b$eDK6x}R<nEsYmZfIL+
zdkg3PTKHv>X<j1MvQ3nvY1nFGx=V5VZP7G)&Q#G*XL;z{t&NJ?<82uAc`1u=$AEA-
z=E4cG+|<i;i{R(kwl=-{TD~=@F9{!-klP<P7)+PHg&=~2i$fiDo8K}xKHLlzzx(CG
zQQE7`8k>?Ko!PdTN;~XhnAN;UC-EN~tA89%Ai8}53w;mwk2SifF$Rve-?x9^@bHPV
zvP;<$5rL;0MO-sF*~x{D0i<uFYu=C4Y8}@)bQiZAaEmc}T0%ZqvFgPCB>y4LB=6Rq
zg}d^9E<FzT`Bfy+Jc8$gXNqW?xssm1FX=ENJA=nmdA}aZd02<u-Pi5B+*NK<P$^l)
z@TH8dvh3G&wfZM8FJ~%&lLAHdsJsDczoYMa1R<W>|2}9J1B2}Yt4H!w$WuiX7jFy{
zdtAGu$9!qX@NE=nS@1}KN2tDf*KoA%^>N?QZ;k<C*E~EYt0ZE`DXOvm29t?GsOgYr
z!5|4Lj|I|^Tacv3AxYE%m%6G)iaqGZN<}B-`5mj?aEB(**bIjmYU;U5RbP&Hw4<XM
z_$Wq83-8_khMHjSk`Xb24lK^He+%Bq@b76_v!Sa%BI;n?=xh^t1&t5Pp|s%M8^R|M
zIoO2A!Vcp|Ir;{d%Tt$C?<jeQ)4jjXZ(hUx5&g_&^|C(KZQs~LSP&S~>BwMtZ#P!7
zttH>$y@%Tqbr|slmq6;@1{ts=L>g6+%SrEt^SP}XbbQE61ViBhQ$V9dM)=L5FMQ6a
zJ@bpmy2~ZmIbP364{7?nhs(N|BP}hju%o3!gOsrHmqKD#{ylXLcrj>X3_d+sC7BkP
zT0<Cd#MO}NI=WGzM^^sW4o!O3u<}P8GIIm`0fl5er9XciCnrI_vX*3duX;uQQWywt
z`0oH`uMrg0|A|PWZUOA59_kL3AJU^2!*i^$=qDG~<#-t;dg)$m)&K!8uJxdR>!gK{
zP}Nq((CE_v@Eg#C;J@eP&kv8Z94-)qU)iQwZ1^GY6Frm`<>&C~!x6vJOoE>teZ%{V
zc}-GerZghY>$#M!<Luz=8Hwy`M^1^*t@Kezet3Vin*(}})Pd;VrXY|W`SJlap;jkL
zY-~E~P>o1~y39pPHzyr+yhQN*Wmmdd=6Z){j{uu<NIoRKN7?@5Qq3YK8|H*a3`np9
z(>{$A0<*BblSwQrYnTjpp(aFdq61rb3z=GdIkD9<vzyLLHFF#VP%PScUEl39J2!eH
z%Mi$h1;)BpuEhjQfy~=OT2%Ibz1Vz?`1$=g<f2#c!}|&?V6z|3_&RTmiQkfTR!XRx
zOrzAg<wyAaM+6aTr;v0TL@fDs;E&pZKtUg*j>_V}ZQ5~baNu)lqa3Mb!d=?MLLQH#
z8oSrKcDLnPmlw1b-;1`{(WXgWv@)auQB41|K7%f=4`+MS^hd9sx(%O9EMZYQ&31>T
z1QfrGLi7q0>z0ku(q!%T+Ihw0U%8DC*AeUrI8l5F`IvTgMMz;Jl>kEm4*dh?CZy;u
zh|Iw|$W$viLqG7JK)bbX2z(wvOUwhj$7f6c#;;<0{QX|cZ9l8GO5{&o-`!;TT=tTH
z0K!4zgbRl7mxpUsL03K&oHGCAD1w2uGjRjL5lIf|w3&J?_*2s#<~WmMAd#gLUO^(=
z@P@OxvUySZ+YbTv1%mH0cifUnr`?`-!sWJBK1w)_GLr&gfy3`n^VR$WYS7l(g1EKR
zqqd4#QGvmr(4O6F&<Ib7GPr?-d@Q@nt#}hZ^G@w^m>B)dQNgYFPNdeGG*!9U_1*mT
ztbw$Zqf*mzrj<1cAYBA|2xd@yEXWf*n%t_z0fz|#3hA1Vr!=BBqtE+A=$ZM*<wtKc
zBk3o`>ltP~KMT4vD%-Q5(dqx&L8M=K%V4@n8aq{b>kk3neKfELXQG`kGCP+KxtLQr
zNLBwgJaRF~DR)Tc1KHIAizw6HjjWl&?`5VBgpd_)9)l)ik|lnBIx0<qeqi2L`C~p0
z2Nuo!lO;9HPR{=rr3N%I6}Ij#s7n9Z&MF@m$X1j%F8^DbI&<IwA3f5JeJ-!{vIDF1
z{uDt07JA?__+{-eklBF=0|TX8HG>KH;6X4&8zAA4;}NmCc5S~u`KAWaOM$GW`y+3%
zR}5P(NtztojI<_7c9V5u^NSsQXXA6=uoqqlVCXc9=NbFmuMJ%DFkyh&G4x(ZMl{Wt
zF;%o%^qu5W7@AkHj4Q_HbtNo+;L92X(Zy>I4Oqnd4z69N5G}ldxGcH=2cJuIy%9a}
zFefTgxWpNDXj^ztagoBhUsxsSaJI?^;GEBx<Qb9RnQYyJT5Cf~EXg|xV^|HZqJS0q
zmMcZ!(vQOjF4r!s25exla4)@}@M1wA7&o;QyzJ&95<&QM0*qlO)+bW_=^t&tIj*=e
zs5;NeDg&ItyP+gkiKvW;8Npj>1pY)9Kmz<;%=9;(_m=_HBO|%_?aH6c7zutT0rOe<
zYd!#j4`>>9(RC5HUDH#d8*AMDS`&rnE2cmBeQX8KpL#vxvhJ`&X^r1=OuNEynEbst
zJC-68K*|7a@I^1jEe-dCS8z!Nf*lz90`=hoOSXSTmV3KR^}%XHXYgH&I`Q`z9m_Gy
z#|Hq(^6&BIvpGHV<~Vr-=Q!nw0TvX^<~Mhfe7Vm+yPLl!C-<g&Kylc~hs^II+stiZ
zf{KUa^*S5xMGe^%$$-qMAYd4P){fJZVWrY;AHIyHs=FCKq~VkY+9g+T#=05h*Q=?2
z5T5}Oliz{;yy*7GtVR0Pu4M9FUcDL}?=7jQ$4=Aq1VW1B;;d^|;_ZuuOkV+5;NKIp
z&6yDyA+;UM9a!$q?N#fqOqj&KS+<=b@V?^X%{wK}S~{f1H*FpPw6pwcJDl&|+BE2!
zGH;;G9e9zJzDDp{E-inV4A*_mC@&x;{p|fXiy^z-HXt`+Kr}#e%j&i}L;_o>6ItC^
zYMDm01AZ3Us5K$~!(O4FGn%t@g$g|O0D;4;na$3f&bM9F8jQawpg!cw`oBgg3cI5a
zH7!y_Vn4{GI(WX<iGWJ_*zb=f3s;7VI>u23*Qss2c=1yB^-z3Goy%Ok2UgQ%{?0nw
zRWPCm0HOc0;{4CaP+dPwmn1o_^Y;k+f|gRm;3zjS0nJF0jgaqszk&T$+zfvE6*z!1
zLjIdEpkjZkmv$VH059ZS6`9}d+jb93ZixAcSFM$9S}fCtiALx1NrlO0UL#mCSFKcn
zaaWnX^h6zH=JVC7S;|*ubOEaL8!!eJO+Cf0*PJ~~o-=p-K6vx#fWwsZPA4=_tHut<
zHRl;Lej+4T%}y1S`K@h;w*5j5tc2;o#;NrK_UTPd0H*wBE-Q8o?wQg)OK<Bdpt3%E
zpX8#Vu1_+aJ-Jp(6}&E4E|McHipA&sazxAoypt0G(#}u80si$@|JewY&q+}GBauXC
zy_#sRJODLyYn#2;GSIc_#PI+fdk<%#Y=%Ag(qi!O=Y#&|zf8_&)T^9qcz{U+V*%-2
zDCOgamqkr{LZ{l<&vy$B``Q#o#GO1`EX@X^%poM--I3<CqSI`omDHKjd51ga+dKCA
z@m37vB-3CpBE;+}4;+)gVTlYSdIS^<#=(C-uP|kVPKK^RL^Zl`bwSv=B<KB6wZWs<
zi6qgebY}WRYG;C!4<2-78C|*3?os2-cpL&x?#Ds?Mw)6mSC%A%0eN#Fm{f(9DFsx8
zUjm3Q$)Ntv>}%AAaYPQxz$?0B73umiQv8%$lW36{_>)*XhsPHl$emVWN<W6<_;)J_
z1%$g~7?ZG3x6AgA3W@s3f$H#V`Jc1zc1R7A$%+^;w+J0#GYY%=E%&F0dEj$5V|rrJ
zN`;6WVxN>6vWvlvfVR<*T`c|_-IS9L>_1j1<blYOp=E9bllvPKB;Sb(twILKVQ!ZJ
z-_VQ)eL#V}wW@L^0B?{kdD3>=^7E9Kw9sN&CAqxZ&1RZwM>xb(d(Gj6u}}chv#Lik
z5p{-VpONGd=QS5^xeFI1|1`jH<rX~Y!LC^yy2Oj{H&w3E$g5|qS`T4Bk6KI%wYSIw
zCF+=*_5o(X=*wP+5i|R@(^)Q=Lw!YotD?9U)^7I08#jhjX$z@1;3}Mzk8gz33ZBm1
zGfINyi202hk$sm0BpCe!s|axLszEZN2B$S4y(G#CZ?^PkAEezrGCun~<k4C`U)Oek
zDS;iqa!h(ewNMYqSjNBscS3FgoY>pPJaEs`Q#@ox9=2S#{pdq$ogLy}dcLN)_GdKD
zUAs?iX+z*oRbj44&mO*%y7iglJ;ya#MY?y<U60M_mBo{2c~Utj@6XRw?MyY=#v%-&
z+x<FGUM1(cb&v^XDiJwF4@dcdomVPyb8;gl9;iUKf`(4Ng--#{;KtnYv*4p~`+b~5
z-jLmETKFXju+@UpOGpw}9MSV^KAhAe$Exj{NzlQIgT=O^f@jRuG|65g@r+{Y@kwJ3
z7`irY5N_o@A#?w_H!)$IQV&!Z<Xwe}(ZO-8Uau3vR|J@&k@)7ft1BDvga{LB)8VGJ
z`ySnIAlo%HxVD$rtSb5<I|Fa=5rg;jFY(;0qh(pABb$`Z{jBx%-=D=NC5YGr)&;e1
z_QmxZkW?pBQh-lAV%6&jbZ!!wa1qL_&rDR~+EOwoeJf6&UTMi%XGglp{!1Tyx+hx^
zlPl~68$l}aM%sPBM<^+en8xG*SNK6)r5Y>d4WgBBySGUJo8T9x(8>&XhQei~DkG(p
zKr)fRWKT)lsmQ7^<_ic`@a(IPE&kgQkQ)cb%>8*bx_wk`zG?XCowBq(U-7!qCXMXe
z1LRlAouJ>7sUpy`82m}a{Mqq>YU{H`+-ALFGjZD2YniWEr`Ze&`G6HrfWKSYF%X($
z2D9zXDJ!*9JrvyB#YHN$R#p0hW+${Z8wm2byv&cEZnD@St(Nyus*qEclW>&U%}?La
zTW<<niaF2IPQwIwRN9}MAA{Z`Qm3`pZjDRKd!v?%>Uzog;p#(e(xOptkGH{|bc9qX
z6v#9xWD_Mu0N3H{y08p^@Ht6-38}jmkYFr)BBQX0Yp!3Va+HIGdYw>HyKi)P{$6b~
z^IoW-&QvXQ8Q&Zwh`(J~CuCNCS~VD``$D`-5?3LY0(@Gd>!HRiSmq-TF%MCLEwSNq
z!ZP6o3(Z&`MALIYrc)Y}bRhmS+4&_lDaJ!_$jc?dOufPL=Yo<xO038<>Kh_13&3tY
zk&}Sv=BJ=DPBWf=*QiuTr*hstU>2G=om|rDHHJEX*UtNj(<#8bSK+~t!R2wmS!Y}Q
z&Vlz0<=M_MS1vScZAXjsFjIXco`<TpAi&WvhY}-r(uj*=9(Mq(ov2FrEWlV+*d%@Z
z+ihgFd^J(FDAp?kjA9R-OuHb<<vIc}Q)`v&sNk54OU|)EqZCBbY9ylOoG{1Ru(g1L
z4o<w&2eSFd0b)jfx1B?XGyga9;FceYtunCUhQmg6PKnay;H0{8%7MV6WawDj*5=e8
zhAPEr+$~|X?Fg;8`#5OC_`ChQ8vZ;+fLyd2Y!3#Gc;EqKKPTtjL-LX4*F4p7Ezh|A
zv%o-*gv-m8L*}})<a>a)+=k8WNuIHfJDsu9q^b!xNWq%vVdz_$&OJgcC!cN76){hr
zRb;iBSumaiS#csTSm)rz<q4tveFKO_gU|FSeB*@SY?~XmlYbRn^Wjf*uw;g_x?%;p
znWY~<p1Gh~pOldvp0u`FuGV?>VOKwB+)PSOP7d%gfF3eZGDzIho~Yij7_O`MDpX3H
zda^=WKyB=hkV;r4Ug$HelJIIvV_0f1NQj8z!I?fhUw9gVG-ov=GQ{5~A~qaY<bXL|
zC)~PCbo2f%5!l)?)p@1&9{pQwO~!uTR&URdS<@qrV%Rv5boe1zB0Y?s0*p&{l!CwQ
zl*Y$CA-Ht)>7g*~Vg1u#xNiqdEM!O`thSTUf#k0N@56+;*7qR47|qfoj00xx7hq?U
zt11L3OrgnnzD)2+#T62;TWA_D<XS4^4GM}|PnP&dyZ?lsDjOZif;r(434DH%a9bph
zmE#X3&c8wCuBmxkIXiro@q0k)ng${fict@o;((1v6lNUr^$xnOhS%va3N{f&F3^O*
zvR90$<>pk0(wJHWufjDsVT9UOhz--n3(w}?s6np{I;PKbo;zKqh3kPN?DgVn&zx|q
zRvd(HzS6e9#9IqvuaFyr*>)(H0ir+UdLK+iR3ya{NZ4FpK0ESOJ4jbHNGInv>tf}n
z*<crUMZ`IxQF7-^ASS+xtp5hwH<aO8uaTDzvuFgP<}HK1@NuC_6lPBzgP>Y}8klQq
z!3;B(I|{>Vg(}`GlT{C+*$cKX>5R!iOEHx@f(PeBmU+a6ty`d+hB+80)1o7m7f}2w
zyx*_22fJjAIBJ}~Q(4H2b=EnW=uj^~+j{C=K}I4FmH5_7_aQ1gF7Xz^L=!~(hDjj{
znE!(e0$}Y8l64b1QH%mT%slv}=2we;zuY!UbQP}?Pyf1(<Uc>!vp+}3Ta(^|r|d07
z0;<@4>He?#u*AI6_7;aG<jaLo?YAO9CQY#1=Z7>Wx*D#;4bp2MdiY~m+cR%YSmw`H
zL{Imwfb*<e5Wjqs?AE9RyVmW4Y8~R4;o?O9HK;huk&ZCaK9ugi{!1cCr~%?C`sd|W
z;lNKHaxMR}_D8_mNJQh`|7TJ3z(0Tq-2G<)|IZ*_sgS@D##ds&2{SY2I;0d}kk!A2
z>=eIH)7NGTxviq6`w5>@6NT*mYr0qAzzAd(O8A<+7kTmA8X)4EB7w4iMp;S{@(@W6
z5YBNlXY*?hlZe6|EOpWY${$V-*e5GCIF+!NJL!M_A-|N^SAXH9%=#<S6yV8(IQpLb
zk=<4PzLUL2z`eFW0$c{SeJZ>)5h}zK$eR}7t{Pu~fLd3{_Uz?fdwl+m12%V*+@YSu
zmmyyJJhfTz64;{7$#b;onuXb#;}pV_6j2;Ns$=?J|LNj^ncTcu?*b(*yS92Lt1UaB
zxuzg$>hHJklkEd$-BCsS4&mJQCoi-~S)KGMeFH1a=R*VVQ$@o$C3mp{CKDf-6q5eb
zqyz;{3gkEP!{;dFuvS6SSI*~12B~JwiD;*1MAF0Wrbxf02@Nm%<#6~~NMkkcrViP9
z>hJT2^#)SUjs34tUXmZ?`Ly@BpZg4D05ZCnxn%U-365cb+g?*?sDHtC4|>`AKv_jt
z(VA|4e8avfx?fMcf<C*#O8yR((6+6mB>d7e)tOy5lY-}8b9>r64{VPW6Fk5T8#Lzq
zeEHGZ<wwBM%AmAYlfHWC)HzB%WW|f2jcu$=dAWkRPRvH{uD`po6&RC_JgZSieCzhB
z8uv*$;%^mmc(g3Z>~?faQ+A7xbtyPW8@ffG$xk~4BdO+0EgUgu(A(FSQ%KCt;#a03
zOfUwUP32O`^dWWB3W~n0hZ@;ztY7Ij;a>N;VGqXgdBiBNr0iKmT%4^UOdpq1VxgV<
zj~30cN_NVdbnpk%NIB9a;Vh(aNEewvVFh8CYQV0OcO(<bK|hCJx#*76Q@g<ND~<<r
zCX=>msFd-@d(g@%`O2;`$PEibEWo{QN;{V<Jh-3JA6^U9T|1E>5DDC*y--x$1o_(V
z1nrH9AT#v}H}H{1bW<&`*ef4g6bdnYh<7CJEX0^M8Ek9PL-j;)RE7$~(~_WdUuw^t
z#eCcZWVVQUXGO_Y16tqXclRu`^|L&9ywYjCvSj(;$VQD(!Ju)y7e3SPIB)Y36_fnL
z6%;9@(19Sr?@{CHoj6Ss)pQM~;rdd>`mwsY(`g(|J%94L%Te{09o72%4Y|xlQnNkd
zK0gr=!=o^376Dv9@Za(*R$|w+v5oImn~dVrrMrZB*JFHYtp9Om<ZNInhG**2IsIc$
zCqJx;ehNlPQvDTDVwdC7TX{T>eJMvQhkbgo+pd*XcUPp}=*xlv{@~ceFWPzB6*m60
zw+kAy8wGf2wta?qg_|uqAxq>g^<L9`iCIki4QLi#oWQNX!|VdVR@b@)<5cN631^>l
z&rll!Lxxrle$;ixDV1rtW4Q-T%V)o#3l4SL_S(yV%jKG_=<~_FC^WZtedJxgNPB~X
zr0g=UaFR`$bNSy|w0$S9A6}gCPhxVs>-KzI<JBU&?!QztYt{M9u?|v4Y9Y6FwAYVq
z&7@p2S?Yf_-beeX2}^Uy2vdNGragS4QSCZeL95}?#dTnl^LZ?L$vu~Ohu<@hpqGZ?
z%{C~-vguDzs_X%_6KL{^rVSO3?BUP4sg;&vN$J$HIr8viC&X(MAT8ZjCD`YK1!^Yy
zzm*iyUJbp7gw#LVH_SQ`wGb@f?{a?Iu!h}M5O?VNmAZ4=Rlnoyi{1R{^hctsyFcj%
zuSf9Dwpk~)P&g~px$H#{|E*v)s#=eIeUsLnEl#F~4!$OvuNSPV&}MdbhVtiZsTv}X
zR8Ig)J>UeduwpA(epbO|pN*HTcFG~bM33$cplDp`xAVuh$oQS7Y1Sugmeqxzo5KNp
z{1q)z#m+u3jZ<x{X34-GbbL;iP^>Z#qb1U6{RLZe4>!#zp+M1=S^S0*nmgA~om_)m
z$~VME$-~A2&!sBxY&7{BK4dAUQ&5M!+Fl}8so?6yWk3sbz5FZ+u1b$9*JUjUrd5`z
z*F9K$;aee3Z&b~eEB`FEE}(N^qr`n%+;FZ*X{|cFq_f16%;4kr0V`pDwAsubwx%)%
zXy7!s&w^PS_Mw!$9(A_*964C*_t9<tUcf!3@`ONzHjmr^9N(>)N=xx-++$SwW5^0{
ze^q1qLKA)2_J6F{p}*_Wx8l#4D#B-yXjmT{7w{tN{T68ROd_%sj9>TH7||5QLVb?L
z;w$a%7U{k$!JM7++1YB56E?e~Z!djhY}=@!kvm(8Oc0D4O;UCYs0odT9Y}56E^lPl
zHUm#kMQCRE*4gb`sw9!Oo&B6_CRJlK;jC{`wbnu&Q&P<;6ZjQFHY(wBazqZ9b?a=w
zd6{^iv-HgZ+;HKnFV>2~*@G7AWnyHTES3hy*}V7Xv031mz(W7$9yJ3dswFgJR9QaD
zU0f50SIAYP?dG$dIiXg6*I&f~8(1cB*X_Au*`po&IeV<^Q6E>Vd`@}(QG|KR0Zn4J
z<U`@VE=p}r_tzWBtOnjd@aL`T7gzC8^9v=usC(rhet)P5-e~A;Ybt&?v5zl8&GsR?
zAiN0=lynlNn1E~E8Ic`j4MuS#QiDC5^bIyi-Dh0UAr3azJMUV|c-_dCMdvW8lW977
zEx>h4DrQ;^^w0(#ne~+8h=84?yVf~`&7O{=gaKn?es=u^T($$Ib6*c0*Y9VytI{C$
zKDwaPlg-?IC;5%dnNHfD7%5<V2Ic8<S7*FfJU9BiI?bvd1;|>Co(;-l*M=+C_vH%J
zM+-2?PoE>Y+hb+r0y>_YT7aHwwBqv{mzVU-{HoNCA8dr~->Q<w=6SgpDC);<htdr6
z<bcO);p-ziSZt`*oulK3(Ns7_(q5sN`oE4=Ozy(Z3`4*1^-bkhm?`ghw;RKZ;`XK+
zB7?&T>St<lCL61345y!6`Aybd3|Ddll!w={J2lg-3lOCRYZ5R`+kzM|T5o(efx|UU
zI9J{dH-a<<&0)3}Jz2(^*CvzA<cs8=anIFYQ=nP?ssVaq8_j@mvzs?$h10bxNWpF8
z3P`J6M?xBF<^y<pUL0n((`csF8Yg9pHKR9V_I^f6jCxhNPhH<|D0bmq0h&SnR?^bQ
zsMZOPbv=C3$sVNF!sMZ`k|ux^H+ikpDafVOif)m||HS*47y5$t_Z%yr+v9Gf81r5D
zRA-C=`)KRV)SBs*jCm!7%&<;CpKz{p1(dq~{)OE`dN?|uqrw^Rp>JqT#c|o+e-NQH
zH!|4tIX^X_r^xG9k@n8{=^)-~vdc#UN546cg)_c;`n3}(w-R(Tn!Xc=9%CQHzm@Jm
ziBJH#fd#<6$>s^~fXLbI1EHq#fkyUjoWk)LY9ngi<Jbzgr$qP6JV!=@Rz9SW4xTM0
z&j(=4l*<9R6N%Y)Zp!X|keE-(1G5H+Rx|vu*`Aqf6BzSE_ACNt^26Nj-qBmiq^Jh;
zj5uV9m$2;Nk*Y$V{Vv>KLz>;+TMsu<y7pT+%&|5tf=?>Zfc#K7At^6yOwtFlyJZSO
zi7gGxskCCI(~F}kS{L9OViQFb<!Yc38kG+QyC?L6-Co>G&CBupM|18I@17rwt;F|M
zrj=*NqBWDZbH>Ow;M2{?jBus!eksp0(sifP&sr>gE$(o4bO<9H(p=GC=6T7ghYN<n
z{>PwksSZE3?}jLkRo@mU$^SU!ST`5Ae9MRXLz?D5;C}t-T_(uee2*zWpm%w9Q%6T#
zXWGcOTd-eI5Xp?AqH&wMF!i2%RI#28taWds&Tha|z^ky_bEXZ;Xxyae!f9s6Q_It@
zF5|&kR&IRFMFX9Q-5FZgBKG}U!w$h&K=c4@^-N|PjcYa}caIq0LSUu_xnV1#c4)U2
z%mZxwnkh=cymEUKIGD}Yj+su4m!+J#oG*tBsD)-~5tR=89`OTdL9hdc>=B~r!nMbs
zlFws=&2AHIz(O{Bx8e5RE+eCOOg_th3?8?sXsNqiQfu6bg~PA9W%+M}xmU^3u9VdU
z&KIE`quVCP-M<l)u~A=``_8}2{n~9G@%=MxsEuZPqyg*OUa~>&gG0X!+KLH#9iSHb
zUX%WE806+yWk1JI%hH!R#Oap+)tyJ*#kZP?n;V{$AN+`fUSSdCDl0Zh^w^f(0FJ-s
zj+AD3&Z1x2j}I801)Vh;cRK}GRH&QO5301%I)`Fv8L^A2-$eNHR<mKu!N#Qg>;1|I
zb{|7l&f6Bcmh*0irMqfo{_6!VK3Bp}nH;Y%xB%=<gY}fIt+YBnWG=9`XKVr}eSOSu
z)jAK<`VRiou0ElQk0rAq<^^F{%WNgPX~2QNaT-57Ru)rT4}31>Fw;v;+Hd=&N4LyQ
zpmjN@#9gmb%ZCDJ-su|*IDkc#;*Rr_$lv|gH*PSSo~3Klwr79faSNX^N5ih2KM_qy
z!5J8MIG}1nwX*!}PP%-GBwgf?30i?R1MIH#O}Qp|kE#KA%zwdtkv=RjupWx<wR!SU
z%ZJcJUI|g=30UKDM8L~(w_W(q+bD^3T?RgTp&FxPp8}EM;3J7b!SLJtv}4u<WQ3Vt
zf?W_6Cka}aCv`#iMZmahn1CWWeNH_LN@_#R0#`=EqLPaH#;(ga0$OpNjIVh;BIuT?
zr{^%3g=<pkT);>ewrNk4TBB;y^-E`8IJMlBc0$@NU_mG_!#=;{b$CL7X))t9o&47Q
zjr5JEV(5Xw$!{mMDIK9WAr@)KIfh2z?9p6g1~Kk*4KECHFV1Lv;PPW}B4}T4hBBg<
zYk6DF%W1ySti>5UIJ4so2JEftvOl_J1fv|b5t7nrfgX$>F4{l%?zaQoV^2PI>N<x_
zFvh=jvi>VLE!dnSWGzRMw0_fBD0#2PbGv!kf~=a_j1}&?@W^MWKmnz{h&y+O|4!vK
z^;gQjZ16<t_2LIbCENUMaZzvN=7gz&!0{{O?vS#&cz14m8Y%AG&UCw<+{a^1Wd%a*
znNP}KcEZe)U_FI5fu}3Ut$3V%D{d=j6dLRTZhH5nushf;D?pc(T*p_?)c0-fm%u4A
zzy}^vEHXO&iZSQzma&_kj$jWkET4UJ&Kap7bO%5M^8zh}E+dHUbb(vT#u6dTTjyT$
zr%1r^ratM(FVWg+Sb!s6Q=+@sfUD;mX*JkIsFAn_ID7sZszUR}-}f%gWZl;H!mo@a
zTnm6zi&gM>$Z8%de=_=YNvIHYyeXo{PUf}Qv<297UB+T)+&E-5o2F{xM@*(_aVH>!
z9#&PhB;zC~$*6+gapPmQiI((jUregL&K?buxGFodTeQgRrro5#-|_Y*R+*~hGb*%k
z5!e3cdN0)P91V*vVS`(B2%HVYn#CtW`R~Fau4D@EKiH_+fC6VAm0!vA0Puf;4)+R%
zr|!Z4bvip-KTebgSmF`1Uui`a7{z{dSo{ROBhHw82@Gwv=?^|%V#lB8pSx|f;xQF?
zOcWl0Kfq%*N)*mc2ZPQ>py#=@wgHsjW~*M#>YwGG%J1Ef5IaAIex$VFq-c<Oy2iPL
zdmvVSdr3~Ui#5$mpHto=Of&|9p^)-lK2v26689hw)ubG9oQd;r>0XJZQH_!<f3s^d
zzE2nTljTP0UuX^=rR(jn)WkI?fk0|rR>{Tfa<Hu`=lek`o%l?z+!}=N!he-I81G4!
z;7h*Oxc@slhi+s``buK(xO%VQP9S45?ugtOr$5NjfNT4uE|i=+gsi%;GJ~9V%eaiR
zJvS128wJOm^=~LESuz+_>b(Y45oLy5M=~N#_InXQXx(O@wl*tbH*<3zM?bh6%wEcb
z#roJTSXOP@n)ID^Kwk-qNPiprlFj`or_JFbe;7Aw6RGL+(6B-hHS2>3qde+HsnX>u
zLCUhjJ*!p^*kjZbs?T=Ox1`R`9)ozTB!4noKrh-1hfd21*NbXcE+KiLzRy=6x$!H|
zyD;?dyDa86j90@;?iIHN9i$`JWX{jNT7@iWWt~g};XDcibC$1*tX)R>P>Qnz>=r!+
zq39Lf1iPR}54#g~kosx8hU#Aoe6+wNbri^DQg<wMI}|e%)ry_N*SnxXd~d+_b(Ztb
zceUMDCT)d8)Xk>*q6Ld3dq(*6&iSD6@zjjDBYK|_=L2|5YuA07%S-8{Tn7z19@Vlx
zU(P;Vk`9S@6eMBZ5zBf3^A+4fPCd@LECQP-M+BZ6MHp6VqQ9E**e|qFM#vv)@(}ni
z%eY0Z?DKm;W&)$+nGE&fXlDHf(>!LD=>jgRZX~C)6hH%PrlYT)Q$?^zpZ)&Kom_|3
zJbjl%7Em61#1s9qpTPj0sR-f~gQ3<MUm<gnShjHCM>mHC%#3p5n+v))1O!JSW+Oj=
z9j;1SDH+)_8;i*0jHpYSXGLGFm#B&r;c@Lyz2@UyDa_f~9>z-dub{mWR=|nteRc^6
zm^VmPpjMuP8y+Y4qJ*a`G_<9Orkdp#Jqsf;6#7~iFOM4^Y(%pZFy`9qeam&4*3xR>
z;wv?KREWsaoNBVcE79O58-KQDp9-?X54f%*0lui~Wz~fHur1oB9Zqp?b*yQDfJ%m@
zipW<IRq)U|LMSJfU$H#(d2zM}C}`_)^|r0Snr1KZOSXrKYHm_SdsUK$pgz2_;iPr-
z>f3b|DK;MSpxt9a+p|d^QS$Ru&zr3GeZhKKLw-8}{=H?#6(+3#bK$J{KpLV)5rJ0^
zTZmVaRPt}u+4LqLV5Cxeq^JW}ffvI)Cz0yxerE=J_N<+i-_On{D`IbmnFZ_uSAMBs
zz+9=6BM@IS|6Zh;aGE;q;V(GaYOT^`hGZJKc<=ruR^9fuZntTCA-=sia?I)R7I>Tg
z(Ud|F#I?U+%W>SrsM)im0VrD`qk}(GRS^U*&&GrM{Q0WY@}BFU=p%QYqr?%H>*Cdq
ziglbEPNyDQScF4V%$VUA&1FpdKtuWnzmz}}|G_&^^gZs<Eav-5ofnY*#Ywq+n;hI-
zn&jN08(n-`*P?iTbTn@UyuSK2N?bXg3Oz_lDS;WRJ(i_m7i$e#zZSXvd%5)$cccGq
z=~b?^5*pin)8@eT7&Nn&Hy-iD3V=_xWT+F;kqD2N^e>Z*Z;W}HY=NM9?7Cqc^F73v
zL(!U;BFHcHt+r(8JSXfDk_65*eLLjNroU+FL^XtyN?;_ym*^q{j}b?W@1)3imGyDG
zXihe(Z`8u8#SzttOwWjFkQ@7qWz{lL`yGC@yGwx-oa?OJx&IUov`dnDw^~tRja``J
z)Jn#cHgqAj+w=gWm*%e%wce?~Kt7mm>b{pB_KNfumP5xW6RKZmR!Kj9pSHBcd$1`>
z#GR8;F3#F|z9+-OUs15@n9EJ;{vMDafB;yuyCw3qNkDuGT}~jVfI3vc_-nm(^7H<)
zrD&F@<&Pe}bR~}XFX@pVUghfo<4-44TlJjDAq|#w7^hzG6^x|q{4?>XJ}JkZ9=jAm
z0knVllUjD=l_{<KoSQ&2O!ucmmOtL?>*?5t60P<THhZ4Z72kUvBESEHbw^-#IlL%~
zIzie>7sb~(b4LX><KBrvp|q~&wLp<Sl`fF+YAfdIyNAefo;f%jyz;CxYrdp>s)X7&
zG`w$P$gj!Qg*<6+vdIR4p^|Ztex-$v=QC;ez$Own)Ic>;xAV<oF;{)`y0jN-z|@L_
z(>Evm(~ncGxrQySZpWreqXqf>##3c$->&8`bP0`*m(K7o$-&$=0L9;KS=$3Jne?DN
zmDCjL+tVckW7Y~GnvPx3?CO66Y6kF5J-73Zc3Szg&EJh_n+mz#t;#N4lhY9VG?Qi_
zP^UqO`cm91DB)lfR9{U}@ey%(Ucc0P@hiLEVxBnvpX!bZ_j&b>g<ypOz@>hCrB5p4
zbz4}}$muYiEpPt<U=*{(AC5I2)d7+FWyEmE2%99vI^9z#t?s5bstw!d&g|B{-7YZm
zsl-6V#2`?;7C<32a5k%ex9l)w3kQ6J7y8??9-~!*&4%LM`InK-GY|lYfhU$!jPL^y
zdD2n^(dZi2%U@?@9ntJEf3E6XAN#_!_{)}aZJrN$4IvG`NjJqy%0i398_qIzWD_;Z
zQ$2C7dY;c^Nc*&30b@fZ$cyfAz%GHk*laV0IwQL1)7S8qHItxY2le1cM)-(bd77Mr
zxAs{{`Mi<vD?|IKL;i|}=YpxyR;RP4DE-ogqYcNS9@iRS-`OAC+Cg{t`{M`vj@X`G
zY5^d=7GfR~A2gfC={7S&e<GTs+6$~PZbnr~b$)RK{<>5qwI9RbDk_dI`sj)lJnpU9
zDa~vA_)*SLInw$puiV~PVXIlQXpQU-Z5MrdG^7>t+`-}7myvhu<&#cihd+L$3#K*Q
z6M&KX5DGwwq};}fQ>*mFAiCo~46WON65o6_bK!{RWsR-SU92ZV-0JOnC-hztin`G6
zoBOGlG;D=2fW)2q)ab+C5O1Z`Ag7{=U8w~mQR3Sho;C+Fmtl?49q~@O(}zs0A$@iG
z6;6R7tD%+bu5uQ(gn%~8c)c8)ijbE|DJ-(sYS<Dmq`AAVC6b^miAj7q)qu0Tgyd3X
z<Ksi?!Msd@9t+l=Ci%&DG0%PW*qtB&BI#EJ<vADXi@%}|>ou(9YdjtI(=Tt)Bdu<j
z0r0b0)P0@)C%yVkg6zV*)L?4M>$`Pn3iW`|y!6Kr9p|K1BULO_K%w}4Fq7dAr|@TK
ze&zD@ZU<k#7_3b300OoX2eZCsId0+=zk<}z-xQ=kL?b_U_W~ZU1bRHOV$OBz+=JP(
z)Y!urFpf{iH5-pxc*UJ&>wS7#)<yJ-o@52>g#$Jf@DnhKp?2j)t<5G87Ig5Qd7Kvj
zzKn0xxv$Hs1k4sYpJoN9rky|#LnX&y&Diax<>8V8Ny3KVv$9n=^}ds@f1u4etgFU!
z19zBQr&<gdg!O7pb%noHFf}LQ-fl)1RGesu0b43lqlkKjQB)&$hlr_GgXMr8wAX7S
zBEz&Q>CUfjhY&w0Fb-UCIqfao=PR-ps-L-m``TbkS{<|Al^BKd*d{s%2pb+mn9tZO
zL&W~RON)8jq}2$pgyRxaC|Q`y%F$Nh45Fop;VL{8$j6v4#c_q-!#q*yy~0VgB{#UQ
zl3_umPUy8R?hAM=_H(nNL4*B=3I)TpIJm&Xyr}gg%iKsDf3G8XURM8#9Z`ej`K$kU
zOE<5j8a_QrtTIP9cL-So6<Z!L77yMW*9EPu9;IYToIDyj^rPf4`KbMtd7OYqdW4J{
z#?R$?_;F27!o3_Fo)tedpRuU0))4B!&!~H1ni2OU$?*xSU_8r*ap1{;1k>LjH(~x`
z$e0Sqt7pp(;M<rn3Y|DE<sDxi_mNuz{1Eq=l(=H(JV(xlx>ZsA9PWG#jH{YO!f6pj
z{X^4}BbcomJv^~3n*AaJd_yysZ`eo-NECOU3Vlc}beD&qGcJtyn2l$#Y`b($a~|?=
z4BTI8ec-wyC6NMs|B=6o#X4UEZLIcp=t7dh*{sV&=qxDZxK@_s1|S6uWGOXw-IW|I
z)KJSc-FB@>uls+ONokvL#}7EwTs}#U{QJ-mBy0!II*?a4FSA7X4%`B+;+yn*`aZSF
z;VGJaZkXypTg8_5II2m+ZP6fNpF!Y`DE%XiM99NO0C}Xt1rrgJ>dgD|ojg;Q9HsTO
zP(<Z-vFhNX<8X?gDB!eEUz`?t^LRdm#$cDx!nOLOjMr>icUjay6NHUmR5Y%iBPSft
z(Z8~uXIJAiKox!L=cvV~E#Gz@RS;Cjb6qb1$Nh|(Ds|85uYB|=7iW5~UfsqF_<PN1
zjuu0|CGe$1AfXGq@UO&cu_g$0bx642xbn<G>zd|irT5o4x1OONYHy|Fwkk|jU8TsS
z+W`fL^ZsWa9d5&FRO;n;L~pu(G5?`(eK1z^Fm<s$0Cghd?MULD59BVm_WsFBk2!(T
zG0R7>8Nc^*mz0xNsj4arP!!0g%%6f)7XL{B7dHowbMks;M2txNKMzBL#}6;D4PMu*
z82Nvn_Xdl5^lTY<1)01J9;gOVyte@<{FQaiKe!I}c>jNX<^cdS9$1{tKMMnNA}v_u
z#XoZbye=@&O|@VD(Za}Jc{4(}yyvHfO|IB|2Y@62SmwVd1N4LerbG>@If1Q0rtbP}
z%0~so0P#xnU&(g&IdXRwmssfaevHkKKhe!X-G99s*+7FdIkk#q(3Cg69~VsKaQ#0E
z0Qg8T#J(?chRv=ILgHtlfQQWgekk|{SHVvCphNVoHaqk<Sa6^EHSSC)qfYU<hml<^
z->!#sP}0K3rNNWcy$?)ySs*q3C(TKa81t;{r&rXfahk+apS)KcTJLQKdYK)}%B1ho
z!#8Lrat$Kc;q$i!X7YWS55-C8xL7FXZ<l+b&pyk$`a2Fcjj~Ypop?kCd&Vn#rT}x8
z_dOtSFC#x}d9!yn?H69K<z(U)W!9YxOJG1w=0jt`vhyP9*RBi^_a2tyWH{+@Jow>D
zP3<Dg^1eA(lliZq{^WQyTmg@qO25r9=nXl4UM?yd#bq2eKr@~l^7C0^^%at!)B1|6
z?J?SC#34+0|G#-#(nW;MS%*bA3sFKX;3?aW7?5~LJ;fHpph7&D<Pwi>(c11A735xF
z2rN9b?_^=GpP5vuWBuvT$-@tSvSxUQF#e?O0`^EKhN-+6{l2szQx0p;N|?Y6LvvO)
zypbMXk0zs28aCLPSCR9RY5h$0<|g$j=svMwN8G=OPny=Ck}|;Buq}?}1K%Ltqe|X#
z8h16Hj%4|ORZ~(|A&z|hY;$YURF0Wfxcj`~ViezNT@{v1OU#5OSO7x(gCC~p4)TkT
z^k5l@`1W;)F;nWm9=MHx6s@{gb!$KrPDIXH@#bSPsi5u|e0z;u%}hzA85N-z?dYrB
z0R+XM&E<S-lX-*J>d7j{-!!m<n{eNB-wLiPwd({mVvv@VEJn>H7x8MA!=|!(qhcY}
zyI%GI)8XZIVkDy=iX;D}vFg>f{?w)P(ErTI6%<jy^(iN#$xlCO+=kqx1>2XZC1G4!
zmFtw|0+u?=OBDSrJOxE>mw9^Bw3p18Zk;($06V^h`Eht4L4llB`J0jWgQ!8#{pz#~
zl_5hmIz-cX1X!fptHYGLk%&EZ{8&1El)A#xujYW<aqzsG+4t0dD9yK=7`P7r%Hbmr
zuPm%x8NBo;#{Bhwaq0*=apbjA4fQ44a}b5ry!mN;%%3bKdcw@n;MzJT2i9psOPtv&
z;z(X>Q{C>S)}B3jv(>)3+|G{L#pSOPAyY*Go*-^e^i}G`PIWJobNH(ZWe)LVGJ=S#
zXQ5FzMn*$)#?dPC0LxT{GDwCmDmZCq<%J+Yq6&yt9=7s|cSb@8xAWv0iqxKC-5QeY
zE_jGIF&^BBOOVKrs+5Wf_I$xjZ20~bx@Xp($z(pgWajwNx85sYgX~eq1d{4TfK%cC
zHgn)J6gIpTzLP?EJ8^T_7dl9T-_AewBFEi^Wubu3C-)w48oO4Uq_164!!Tq57C}sy
z86BJyE}s0^LnX=|wNpnJnR|TN^`lCvUdHXE8x!!C9ujxo2i~CqOBLS1Bybb%_K;xB
zryxo{BXR|yx7-2`s7A>v+x`4n6tZXB8sy$QV+Q1XTJ<hV;j_Anng5<LAZp*M4U_&s
z9zm5u3S~syv`m!B9jD9=_X@9O6Hl{Hl2j`RpLc!I8&323L`?Tf#*Oc`o#T!53~}kr
zuc3y3Z>6SnYu^gYbt+T$0V{TdSDE02o>kgGFU0{u%p)seHww88zBcNXv+F$2w_+#8
zF#7J}R}O`z)2$!AM!aMh+X;3t7prC=Mr%C-$yt=MK2iyjb9m+lOmn@Pix*u>9AG_G
zrgkt~01dPsir1inuSdZ<47B$tIllW;iugGW9_?3s?s#+asxL>ERy-Zt7xTxk*kA@v
z71b0U!rP(EP}NB;(hFK)d=_t0Fg0F9|M`ik%S7p%@8*dcMvK8`{deo}hbCW%eL9lw
z_Q38RTTsk1OP1Oxe;^g(JiJ3eEbVa~F5*T*m^t7=0c-i%NxE?bxY(Jb;)0VVt};ll
z!T~Q-l^vQXiheN$j~~)VBVTiUtdhPHO8iaG8(;YfKfwzr%ryHzB*t(70stI6LG7GF
zdRS&^7zLQ%9TjklEkJ$+O6v$S#v83oSyFyu7rPkLeQgdN7ky;;148}X9$0P3fQq!b
zTnX-vk^1OU-&CaxBVsz(EMEh5ALK*}FBfLac8gX93-O&L)0LaFYK(=}Q<rH)YJNTM
zx%&HtRggH!VC&QYub%_6KiOBry)Xp6SobUM!uuiQP@w?p=LtNFfc)kb;{N0Y(tX;O
z(Y%opI|zV;v!A)sF^ACH!OOZ(I{ODyl8<-#Dj_8}<E<?RsJ>szG(MF5W_uNMOX3R`
zjF7;917^bQ)@mA-B$Ca=>ssgzo^#nvt1*HGuCAD!E&k6gg9-xGzxG?_uihK`_H)+x
z>06&4I~Kk0^>qGMz-Fx!!vt2QTcK_a)!CW9{=O-3c8?2Sy`p_kKjM)1xwfx!9`+aB
zYSvx`4Z6f{N?U$zS7`!H7)^FL8(+-qIkhZr(#Lnb2ea8P``;^A32LD+bO<utN|Y2^
z_}4ypwe+oO-^5?lA`B;mZD+^tKi^Y-Z*$$l1$LFq4Qvb{z$Vl-9^SWm4?7gtZJB#<
z<qWn-s$1LJ>vzXpx@l8<_#r&7p5Nqs%kB4kLc@ef*XoO$CP{hl0LQND*8RV;tp1jp
z(ksjM2DSzX#RZcUfGa~aqt3lB@QzB7@=)13nf>k@`9B9mJkz(ohA9$un%=loM0SpZ
zE-2TkOnUS1;61rz#VHSOUWHls;)#K<;wGuNVwaUXvJ?al$=<$mTY2@lyz9k$jJynn
zP7dl`OGMA~Y)h8%kSosL-rj7R65|9(7bjDeJF|xJ?l^bvr0+L|LSR+Qun{=!IY(9)
znCbZ0w+mii5RhguVc5|Cbn*>_1&jw+fxIJZKy`XRo`M-L1Pd4;x|kcdAt5it5aR$b
zp5Xx#Fw&Ah!6z<2AEQ<%EQp@AD(@Rp)YanEjj!g%Iheoo2f9WVn34~$PHfP7^SSv^
zU7TvTz=fl=oEZ!&ctPHK5W{$P4{%Rl0OQ<M>7|LlF;wm<px*<4^#enJqt=4zRchau
zcdZXU8Rsy41<3GMkzcp4lmtp#s03=i0$d@?5R<@OGEx3QkyJ^ykp6;F+tb<{-M{`U
z00rDEcL!kLs4Q5zko(YP3#s4fg)3t6-m#Yy|9`^!)&D(9#$(Zz%73{a*C>Kq<M4ES
zT+1~^-SomAynoley<YuN=j$6?`|n?;%`bI0efI5cR)!E+P!s^$A?F@xybw0oaw>J|
z#aX}7KYTiPFY|dmFsuWdK~8TJy>L*eBrslox-u6q7w!dTqAUrZ-ad<PV7r9<PyI5#
zdkf|<E_ep??gI|l3lrP)K6KrDa=p0X6DXEVdx3FR4qPt3vTfUmTgIo)GXz+J3~s-&
zVJDxiq^w|Mwb}y41#TeSQ#_ns_gwq(^olXV6+TdiB%5#Ptzv74at3<8xkNtv%sxei
x1-C%jr^TLG0#s!ORK>us0+dLGGu8B;U+j{9cItrw6`(&EJYD@<);T3K0RW4Mro;dM

literal 275050
zcmeEuby$?&)+i!K38)|-Eh-qm(4B&Wl!}CONC`s?T_b{o2&hQMs36@9LrINvcegNv
z<iHFA_vI(3=bZ0*?w|MmaeN-+WoGZS*Is+|Uh55hq$*EJOiPS|gF~vQAo~Od=K?7X
z&iP%!3&1B&T=NETaEPa^WMm#G%E&N3a<ntIvN6NKQ3#HVCU_drLiKX#xKHLjiT=YM
z49j@$u6W>l)p|^%$o$zq=F+9c0QTIMq?hm9CC+_wySx&&kV=-4<jbcZZ)qz0-3skX
zS0hp9!}H-ARj5w*QoH0-#c`r2YLXYy$$<0SN7<M8Y7{<mDD3*h-Q7=eh{h)l4KH!}
zefgNrsjw>D{6s)NfGfMWSlf#5#EDDVh*86!QOCy`^CR?^NpNnH&ES;=MF!Z@@fZ~1
z)nCMUgt$~~s~KPvXLlo;Sr%7zA7!N)x1iRSz|~;c`&Pv*ovr>U&d-~y>M?jYEf;&#
zd7mi;G4(o;MR^H?hud@3=dyD~g#LWy-_hIKo92#Ze526-2j^M_*{55FEf&3ohinRm
zys?T`k~*yAej13qXO4`;LZcR;N;;Wtw&drZzbn6A+r1pevI~cOU}QG-ssHdvc(K3&
zDbb-<VAx1sB%4$KX*c)4R~Ss?Bubc*O(K_>W%Ii%fuMiyI!sT}Cv(g57P0s;q@A*J
z<DP2pyB`(w0gX^HL9rKMyzcLn7PUWKq2jWeyVFC`^!dZSu$N)@fw%X~inQRPkD&1D
z&*Hz4q9W!y6T)E)X<Zn~2TCTUkgBRBFw4!oR~N}!3|{pc1&gx{XnmnJ3s4+1XAXq;
zfb&xVT9l8cg)jKlQ9tr!`icAbyA8p+RbHVio>YoWW$Nc7?uz3V?=n<?>F@e=6>=r(
z=<4X6<MMX32yei=ixnlh<J^JlMcqKS(N}=RmYj*;=PW1jUbgzVCmQhM@EqXq>6-+<
zjx7?|*&#R|Bz567j>ab<C*R9l1cP;qLg!tlNe`tj5fX442^*c`R5*YC9lqnY3y*N#
z)Vbu7Jbm@z5lPs~x#^ph7c9O#u*V<ADU)V$!@E$&<%Zu}C(lJBeTj@khEm~b@2j2b
z>fdR<Nawy2q$GTOpZk&6N4(AJ+#gB6{%<~ANxve3GaxM~WAQ1Zn?Iev1Bdi}a<}LY
zlDDrE^KrA!(bbU{(<%p^pSE|qmVlS%51ICIyQfDsREL;m-DmMSzwSpct@Trg_*2TG
zhqu8Wh2I2h$>M)Dc^rKE`U{TCOBw;0()^!v9w(-Yrl0G#?ziBhQju2gS+uk$W)i{e
zxSuDR_kcS2UXOgY$`7&~h8<>)i&zGk=5$kKZdIBKth5pSE%lT}tz3azY24A=-Z94Q
z^6XSu{``$1M%aAr;peL_Y`9%OrI*J7*1nM$BOHVh?sifxy&|dScDPoKtB1c%vyPif
zE%+AWA6;)fld~zYuPw#|3j{SVHNg<5S;J{IqC!0HR}|NS>R6vslwKygqC-?h*x;}D
zg}&$AkNX$dSSbWAwFQ$lwlyLeQBR&c5qT2!<oXk_jNK;-PuNm&ACf-wW^IX3R!B+_
z`Vdnb=@ip1=ON{x#u`ETeSKcr@q+ukiZHL>!;goGaV+5L9q-JQ@*;9S*nU`#^tmDP
zt|$6)8+&xi`#TZBw;)Q3CG66JQiJMIci@_(5BJ{M)UKA(Kj?hOslcg{tG%8+&R=oa
zJ)z3Cs!U8*!mvj3=)>V9{0BW>-JWQF4E^Z$vF)QVe)g-+xH8wDeO8z$zh71#^QG!b
zj!DYw-KM)ukT>Ta-oADIR=|_YUV*O>4^ba$Zd>2(ixh5+kEHwP8OipPD!n|*{wc8r
ztp@sOP5Kj!Y7O<LuIU0<5|3rFV$)xzn`Nx2!?X81eCu(S@U!t>lc;jKrITgFrw3-{
zY36BcJYgE@?*BP($?~bCUawnDM#^$-Z1%HEcLT`NkS`0FO?`I<DnIRh$W-{MuAZ^b
zPqq?MT3HG!)yBMZDceg4`>g7(nxvZCNumFRQ$_G`+0!z8S7kLNy8?q;gX&2c?^hBk
zu&i3$T6JiBT{m;9QG|5Sx1i5&t~YQY@+W^5Tpsz}VfpoOXpg>WHg|_mlUv><m}0oG
z)8G1unPVHJK#AZ&>^lD%cSDSD+-Ap%c65j0qSLnWw#T+K$*mBn5U~*R5J8e%s%Fmd
zf_%t~tCDEj(>A}T@a*}V!<?;bot(*M@!Cb%S=k$-@4#L*gCoVmRVDl-3&ZP0)pqg)
zx;AAkxfAR0)qd68HQ#*trMs?A8i&hBs`yeV-%HhZZWQtm%7us__eWYL?=&o@^f7fV
zcHZffPn4&+#yQI_Qf~SE0pj(tW1U%D<O=OZ<&<-s%2?>K=G<Pp{!rqY&vz{TL`;&h
zq#Sh4c=`H{&>Hv5@_a>eQ3uJw0#f70z#7K}!;JniwqG8>){-`9(LU7aT4EQ^)C{V#
z3pA9J@%v`d&)s~;a5%K@iuVq;9{29~B>Xr$;`6%H4Ix<S4ZTCR;G-)?9~PM}H4=_q
z+qpT+<!1IX@A~k&>35m$mOg8KuK1j2{4xKkv3!F>fTzD536#>9@_LwM_{ZS4A=x1b
zL0fO`2Ga%^&{VUc<=*OC1f|}hqNcm%dE3P+1J$dq6gam!OFX;I!K+vLVx(l@MVopw
zO!s=xtBTpDVyqH(k1P+h%r6xM2q)Dk3`cM^Z#`c#uQq`fDUBr4Q>zj!J@}$zqByJY
zL8-Sh<#8@u*;`E9QcKo+waT7Su4<A3(L><`o=Dor(U<_W5H-<;=%uuuqP_fmT3=Cw
z%J}%Nd?Quwx#rMQTp%P5X71s6tQ3ITd($~Mv{5pMfLEV4i$~JzfqA0Nt+F?@nfJzS
zdP4R>=wS&k&19`2&9bEzOSaz`^kfVnMjXWg#$b%dg!2J1U<i{dS?F7S-K?QQtgY%p
z6**n9K<T3Od|nq5`Wq?`jk}C%EPc$nq%t7+1v-x%t{yRmG%aqtUadzyh<af5z%b-l
z(@>c<_|6nh3BQ9iN&o}Kl$w@pmrae$l+Gyx>nW<Xbayt1#y`yX`uZ!AOU|%!PJ3y#
zhoD258%oOE$X)5RLDSxwyvXs^n!Dkd&EhMb0voZzZIfg0E^kAb5;^C`yV2MxEQ)-e
z(K3@e{Z3ZXp!uMLB#nFiHruG0b6`K&RR*+64AgB};m7+hk-*Bz<Q4g{fri~#bdRY6
z!j=goGTCc1Y5(bQM!^p}q3aTxTTA<}jl_#WBR+3jGH0l<hI<LA37j^s;tJ!N<0?AN
zb8vHrTO4*3mx+`m9SzJ5HCU8%X(p<Rm92?wdL12PkO)&ZkKuvyK&<-oFARH*emvRv
z3TL>^FcE#8)3ACL0w~q$?Rt&qEQ>s0eNjlFOZ7njHZ+wJp4%t5W}CELx?x+nV4t;6
zI=42M^gw*cbHW2OxmgKW;GA0zt-0kbj$&D#*a$~5m3P%hZZYqE8w-pjXJg8NzIE5z
zm)%nwQQuADuf29WC}bpQZ`*C1k9;;<BrlWwS*te0=U61+IN`8r_4Qy#<z?jiqGXBW
zGDA*p;lqbNUu-#llbk;)SPJclH$1XGPPS(Eu-VV~xz-P#MP+V~L-VoS5{zO;JEo(E
zmf(7|Ojwv#s`vWgmEDD==Yv|~LtA#uQ#!Q-UQn?}0sdP?#Id|NIK<cNO;~U?$Zk|S
zT*RSF0kLr=uH{(Z#d(vrU)om_8-sQQiQ|-Das2ZxF#lx5xf-b;8nPcPJ&E`2x$Fj^
z5glF2ess_kaJGf_`*$_u+fFZ5#Cy-rx#0c;WBU7_cl7s{>D(Mf;1q9Kc%rRF0;@oU
z#plZ53qHyR9zO+R*HFhF=cX*U7<@VQF^6h91$58ff9_-fTwYBxZAEhx6`Z@kGa=5o
zKr0+P;OQLjLks)>p7DnO90K6?72rqq6Ykl!7f3&yKYKpEdooa3T}Dw6_^od0Xl7;$
zv9xpA-fu_(Kn+_x)ppWWQ5G?^19KWbw=*&0bOYO;Ou-Rz69FE<W=_V;ZeSZ*h=`jw
z%ReJTfajBsK`hMw3~{m+XVF%9#4KayXvQqS$;HXVB0<c|%q-^k++5^|tla5z;4g6&
zOD89L5fI4L)s@qgm($MC0>mvWEDYk}0rBu~03$dc?zT?GZXC9d8^3^@!I3qCm^xb7
zJ6YM;GM~UTHnDSd5@%sKS?Kq_UwE3iS^Zhb7IL~RV1uBOZ$R9fT%g~ufvI9ApNc%P
zax=4eCTj%-$OEh)!Og|ZEB4QX|M=?9l7CIr{%a~fpYY#P|N83Rr)ogV9A)glz@knP
zf6nG~^50*cP80*3?ENoV{37%}p8}MYAQl7tJ~atqxi`nNI5<)`in7vA-OjB}5S4T2
z>eK9txO$+(e^w(dvK0M{k(GKYl%mm3C?t5_gauFK%eA<$&_!O_J}{fh7QQI$m5B6E
z87_t!e8DnL`)L9#r`0JRJ^$c-AvO&)nW&m~oQWQK23K8!?8UB&H{{iLc4qPq>eTAH
z4rNyFNqDa1qV`vJJLO*DoWsQ<yu>W^Zx0D>zUpj1@bW)@dx`lGK0B?@<^N&gKcIZ?
z8uio#|2xdzt2{jyazPdEe_R(B^NCoS&z|M?;D3M6sQcne;rqWKmX1qBnn3tJ?dSxK
z)YW{;Y1#kS?Aa2TFCUy|!~O4;e;?d`Px;?C{J)I-n>S7${%^9JF!R@pI_|65x?{Dz
zIe8m~x;iX>zM1YO-cR}V+1t|T?QhAhW5nBod}FRGm|9yiw#>ZpM{Mow0VyZz)NK1B
z=eePE($#g)M{5Rjx8!gA0c<2!2V;wqelPo5zfCI;tu8hlW*7BIic;>n=qxE1udx4?
zdEW?*>4*z#m`y>CGyUY7%=r#<wDFuCoah1_5O7hq7$}Xr@n?zYxD(v@7hLVnW}L(I
zyfnPtgjw6#?#}uc?^DUVqTE*~e*O0<=WyjU>)1%cR%O!We(!-z#|Tc1E^C{*GpXkZ
zu@VJqx&Hx(M;7@~jg~$$P{!g9OJ+0YPlW734i@~*-2)@<MULL4L~I57k&=7<28tI}
z{_=s}jU${DiL=$~h$v$8FKHLDa7BwnQ~6hDb9Hp>+>SsbabD3DB4nUD8;9d-dVRW!
zf*~ZZhxzxKs{T?nmQ!RdoE%$epd)#&xYF)UfddjV3tFAQ@X{pjzcH>p!5AH=KtOb+
zU<oOGE2tO7iera1EvSh`ML2AHJU)ThB+R;-lf8Vlm`7VgMmqI$7K#4MxFmE1SHjBv
zCL?R&%`=({_25E4J7rdV)O+W%R6+_5iZ1eOyN<3GSC<~~sU`g8ARJ#A5OA7-N7s9$
z{~#tx`5oVH6aP?IyC9LB5q6UXrInpU^Ly98+33`L`S#vt-zn(~(zG_oTM&A~=;Hwk
zG$;Q3e%5_DjBZJ(=J8SYBY~{>S?MFIFFCY9Rja6-E^4rr+HYC|0EYAcX#7w@r{5g-
z65#Bu*H}vyR6M@lNYg9!=s+;l`NG50CO?-M<`qHb!fXG+Duw`n9_Yo;-vFjlh~`BP
zAmbH;T&XCc3LGv@R@sBk?QFHX)-TqOu;W?VwZSn#?~F~f$CO;H8&|(IHQ9?bR`I#}
zf2e>LR(!%3*q_T{XIrlerl6s|(E5GO8LL5cG1d8D$yn0Cye)P-b{!4#*zA@Qc*+ys
z<g4xW12T&tZ8cboG?_~y<q_|-`NM96^j3gzmq*X^{bpWYihJEv%`h0__pAP|)oA8l
zNk?_L)jz08ErHtICW$UagQ&?Ke*OODwcqfHPc2gL3>|=W2$|{rO`3qmzxn5qkT34R
zs1Jh&)3Zt=E>5zK^=tLg>!5l0*w5qkZwn?ovad^`UjK~_-8mSakO28t-`_A26nxQN
zj)_Sw`0{dI;(JmdbV+enjeOy*^Z}prM5rN_jSQ`G%OD~^jczB{hvF}-qm1X(I~^nT
zE<pP1B<$Pqw(yT!v}372qX@O4P#9jiyNvm|d^KAA?sJ{N#ME#E%_vP<Q}4IMV(vRg
zvjf7V-cc{i-}s4~;O9ghOm_KfB>=x110%cb(V;bKkBCd~X9B3`CJNy#wMf*JfsH%g
z)yVn4gLa~vn}>{kI(d!B3aJCw#o<^+v+ex?Cf)d<w0)H`{G?viUB8lVX&=ORQUCgx
z^f2es`J#zly3I(G4Tn=BkzMbEn#W$LRAlQmm~VdaeqZ}k-!L5Xp!4wcLzcfWJr5i#
zVp^K-FUL*82%USR&|a*^r!5z`z#~ab^1_4tO8-^A_N#xZYh}P$r0*jb%>ScC(xtrK
zF;f$6$>47;1!|6@k`NrE1;3amw4XkIA?x;Cncq8@Rv^iCL)oVw(zpL06P7E5x$nb?
zJ6|t#ZD2nwc+`=5l$|$TVqU&txNt&ZkX=NX=S$9(-QoTD>opmn%iKl!e@j%L0U%MI
zp+QdXehYXbu?=Pxv-1GUqG9-*sh4{1hTR9IeACf<Cablm1F+5nQ&_<rZ-wE~jkdcF
z*?yB!YFY>IR?DN%VSi|Dl!n`8kOfOE1C1_`9Lwl<Jz+lX?Ve4$@bH^WS`L%<Ten3O
zOclGgj_SW^Dx;q1Zb?}Yh2LBML|6=JAEMrwdwo3f`q0a_wkBUP1z#tX{3X^zdR{Oz
z63gv<TkyijWXvO%7dl75U#xV&(*MF-4^Cup^KqZWncVwE+yZ2=cA+kidIv+j7ys~m
zk}g~_Itnan5EZ&o0dtOe-SIi<>U-7SNW83@0i0%gHzqpqKQ=Evu1*uQLJpcm!5-4E
ztdU?U45{#6#EO|jBq<);@#D4)JR|H&z>2T|I~x{Hx$wsZe<GY`JMYMC^tS5<9|;~w
z2+1=(q`BUooxiLrI9b$&N$32ZMY%51P!q)MSm|)`@I6?ujfzhV`CB@(@c<^v3hXob
z&17LEb(x^?CARa6t$7Iol<lRsr4z9GT_vI%H~!w=XKG-nA51I^zwHZiH=)gLy*Fii
z8%)VMPOmba<lNZ66eo1~-1FaB<Px*}@X3m$^0Lt1D-y2CG8^WHa~aOtt%Mue(!0mP
zoWJO;mmR2JM<%j)<L|uxi!RCR09|fNdZ2$JV}Boiu=0o`ByeV9{=s2IA;hZfd6CVt
z=Rc@#I^HsQhQItr0to4Eot*7*Pp{V5*`C9NU)5eH!RAPS--Y1A#cMqN9!_*JeAc*E
z@y~G4OW&#YdB>#(bc*}wj<b7Ik$2VpI`{Wf09{g;BohCydpBVti!>)?F^t_36+b(+
z9tI{QT`f%nlc)UI*E!t42Y`4PyWiaL`~7L1G>J0xxmh=e6~P4g+TX`!d7>Le1LY8Z
z5z$YIllZxMpIb`TS2Op&1()q106EyBoHXhT@^m9{b|Kd#vqPdU6rOKrgnk<j-%CKK
zCw8V&|2no`visjq?>D7>J^VM+`@?|$aLa!~y+2m&msa?{g?j%@+x#oV{+p>f)6%C_
z<-f_fzbx{JlKFp_kM!lG&n>7M9pztt*>Gx)wKR;pv6+mW-vCW$pMp2e#E=oFWbscZ
zUYCS7PPZ1k!F&&s@=bc>Mf|^=?3taVzYc^m<vQep22<QcLuf7Qgs@+(ylPyX>J&rK
zYFtg9i)via<`rgpF}x^of^{b+%s{7Vc-CnYnqOU)i4thbUCJ7qs$qM$`UEieoHMyP
zC1%I&xjF>&LBAFreq!X2Bk*nFgAyxXzV>c%d3R2zo8CR$2m#BxA#0QzLA@tGZHZ<6
zRO<oE1n#26LA|y=>bJ(X@Xs*chU=FMwenZ^eMEed2ICi*!Y;4i1HfEZxx8(4H9ZF$
zA5UR>cpm(6x~6{;mJ5oAg*S0}nDiJ?TYBd52wtCDZgfpsK#g0Gp86LWMp+x&NpK0!
zJ*Mq*B<EG{0?t-DsI*fYmTOWn=8;vLbMcq8&A*+$YQXjo?5vVB2(c^v;X!CZMY@NS
zj?pCyDveI<qIb(WR_1MrE*00(q&=PD>g)C%$~J_Ixd^&vxE<HNj9c$S#@#W6u`CAk
zj;|j@j6~qV`>0e4UsjtWmiYcP*JuV)Ox(j$+_H#QcP4L-CBo(7Ch0=WZY10ES;IY(
zCl_#_x_m-X<0@=U^jV4fr5Jv@xP1L37abq?-ux*+b%|H^dqtHU$K-hLjM2{B`Ziw{
zS*Z51&VeFk@+V?{tHQq0a1LyKGrMxFbTV`8p8PL?XV+_RZG0~%_4Ud6;#bkR5rcMy
z@f%;8HAp#VS0g<|HYX@y!cs@_F;V)P&@uFz1@kcW;M4Pskb+(|q_Zd+<BJ+PWEb!j
zR8@Xcq&(53pa@e9gG_R%bd{cj`Q=f#2lV`F4Sdz^adaW(qs6QHc*0TRjtKAGC^4R2
ztSdpXL;W*yBXsMB`^41B<n1<2xO}UypJ(#NQB?PrZ#5ADq>Ip33Od7G3IX1UBZ})L
z?^7M%za+J;<VsAnx!TlKb<r}-R2-G&R3!SH7F$DuWucq0zsjq;0h!fuJi^sLsmX2&
z-8IN`y^kEv>b-V}Ax^56sMAD59X|lXz`}5Al6CGDJ!ru>shi4j4<bms<kJ^0;Rl2t
z`Ra4aje<zEzHO*fz++qXJ~qz7v=?n0*1UaZFlH!%tPk2l4tG5ym7N6j*Af1orSM`k
zQM|pyiQB=krVJ94;w)0r!zA;NUZ+p7lVYI*EMT#=i)vo$;i*Bh|7>SEh@{aO>NwRq
z$<)-*wa=QBa6|UMp|(E{e34Ap^}7IXl5%X4!%QyVlCQ?)W(bK(Z#ObFIHa+Mkz!1r
ztY2JH`9eoR+OfHM8r%n}eNweequ%Q6&?CHk5JE8@T4AqB-dxu6)|qUIYxhJ}$B5^#
zJv(=}=lE;G%OyuO)qgRwy%T;aO2Gj}q1#DBwf;T;-=Eb^k1MD+TNfGaZ#m{-1SEJh
zzjg#~6nmvE5iuN8z}#i-Cti{_NVU5w$d_~=<8=MI2uU!@=_zSY$8<g(L%NFkhFZI-
zMkT8@TRTFHnLrz{S`F;F^}~f&8&BE|r2`;H_szQTu1mTv*~~+tz>H>rCr|8h7)lO|
zwizikpiHs>Cn`qWKE*K-zZ5S22I(@{B|Btd+dY0GCl68oEk9JWPfp1vhr-!ntFXpi
z4Zw7-K00DjEEr)wzRcF(@RmDcwed*X_51h3RkcM6u?Dl{SkP%~nHyGDNc1A5YzXOc
zpKb`#p0_>b^MNj6Zg^#*K=~uX6^zN_M&M4)x8dHqE^n;*=+6|*%J}7lXSOpD`0pj6
z7+eZ%QkN`w#pkYZDs_3ChDP?gcmSfAD8Y^gHIsCa>jNI|Yc`ix3;N4>$0<ut3f$z{
zF6~)@E2i!@LoUF*wIPmiZ0j^(qF8^SFW`}3yE%u$w`CZxPRiIX7udJqR{pAvcw(`+
znBhJX72(RfK<^6=m~c%IYZ`^Ox#W5_4AJ3|w%PDCMG%iLfzsEDvvnzt`)#5Gk5A<%
z4mwPqo3+5AnIAayG#xzsh-lu~b2OvMwS{ZTRI(M}txDRax{6RcDEZl(snE{DeJhB^
zlm^`Y&^uPgI|xw&)&i*N(hzlgZg&1H_#z_FaXktfBsan>ycf7X-25(fbJVEMyg6;A
z_>j-=G>bCK<jbHYwOubsFOfGgqU!G~*%s;cF=Kl)fnMz>$pR+)aRg>;^%~$w4C}it
z$U(6{KmqS|TF?u}gR8qHlBETq*Q?bg_7fKbo-CpY6A$z<PMOPxcwW4-6ii0FRi!Fl
zJ)CEpAyzG!N#XC|_q1?JjY<Xi(WA$PvaPf=7Yqe50yaxAY>=onH&q=3mkauPD!yO3
zI`oUeI?AkQL?vS3y6NHmx^_3&DUWI3Z;iqT5}N~e+@59Ix(843`7-i+@tGfhJuzL6
zAh>1MH!n2CM5ew(=};%8x_57`gx3ei6dJ+sw<=iUJKQ8tp~kCxBo`j%vOXAIl^5k_
zjO~c(v4MVfg!a>n{JIDk(lK&OOmeX}5bw4B+=bqqyuJSZA&CR@>0AL5M=46~7OlpO
z+JI}}_UT$Kf)n>1#DV2c$X_4H=9uuY-~>L!Y@Ajv%RzsJM0@4st{lw}LkBc!#_fqk
zEMZ`_K+9>m+dc?y<<Q0BTQ2YTXp2vwSmTW#cWKoZkXK>`KdpVAq$kox7mGw&jta>(
z3|+;=Q%#qeoSW~PqG?uzK%c_4S*+aFvqmbI-hW5>9aY$dV3OGdDXCAbSK!l6<CSmo
zT;-^dBv|ZgFEGc3^^4D;!u65&9_Js<<4dBpDMn;epWBt$KYBCl0y63`iq%(r$tyYM
z-Wg`Rn$2}R=^1<avBN_&nsf=iyKMnqZ(l|i`BeI+J%oGrjhsJ|B}zOK1JAFAm0n+U
z;Z7My&ZwXDO}1+hWzG{{+ZJ~7KWI@CKdkUN#{p#2Cup9pHp&_m+FyEBu=@;KGX*eA
zIW4Zc<VQrSn;28m34=kP{WY<7VVFXL;Be601o6I{sTs5_)&^=viBdp1!1}9DcQZ#$
z<?aUar8544NKA5xBdA}W9VH*#itPbY1OMgRN<Livymxeakz}p9XGfjjYhny<zm@zU
zuy`dw;WNHrQltyTYy#d8^^wwy%YAX>prJg`v7D*Rfb~}Kjd6XCc0afhd8KQa&rp2j
zJ=dB7xMOtu%KiKLLc=P@{inI%+>E->HM95AGE7L->J6ER405j&QEVy7#o~C{c_O2%
zHcuDR2sZoR<yl6x@x_XoybvMW6{9PZ?q2ZY5i!CC5b9!6AYlhs&F@P&9#gzUMvpea
zA1=MnCLVIUywNwi2*rk(eg1T)cT@~_rLLXk1yF%kz#WIS)YroY=Z=0P=nh%${uJT-
zM>>YH>PFe@HdL|CDg@uaP|#vgY^tk^1r((*F)A<lY(3m|ZR&Ys2m$s(o&EQ!&0x!s
z@Cq3s0S@|$U-2<)`7T4AUZwDM;jV=5<_68k#?qVSVyxu_hR}eWVLR%JFA|Nn^duhS
zAKejjqGrNOuh+wl+t+*NZ0~HORD4F-a)221s<bu7TSYIKF68*ovypS2D)F$7Qn4ic
zuFcJG(>A!-P?w>Wq?P^RfZcNE(WG@HZ{A_wdcWw@)IihgnB8VJ3KP014c?T6FZGvl
zog41UaOhh1D?%pXIq8+>WE{R-rwS6DcWNtcr(KM6Ku`)Q?KWp5dUke54+Tg@Uvn=Y
z1^fKeg61c{EGk9Cm&cIs>gJ|2A=eeQ2BcC2-I4{TQ_}%0z~#^OkQ2Ho12_1LSuZYM
z780a;d!smh$;3r?w&4zcQlOc|Ox4@N3N;#8j|{`MsHK*Bt`!CFpH1P*oIdLo00FSm
zN3Z?1$Qq9(f*P>zw^<i{IUdtLh(5aiK*w%fcv&v^=4XH-bmu7C$-;1N^yuhE_*8%5
zUAxLRLo!2yb4eC7CW&@Y3Z3G-?26nG>G*-dRyjR`){*TubV4Kds`X8;rY0~CwSaYv
zV}8i>a&6`a8bbuFAAcJEs9)1H0UxVHZ^KCp_kY-8(OXO@RbxL_vkdhO#N13>(Q6wV
z8w!W^`pzL5rJMNvqdxSXY*e=<zuEnh%(M@}UtuF|3o(k`a9CPzooGuVW^$=r@4dk|
ztnbzDS4jfHd|zL^cT_BT%zK<8s$P$7_T4X{<386ZEdLf<zJuajypjQVc}31+b%=|2
z^d$O;#82(gfNZ*jz1iV@iw$+t{~!X*g?qJm!*yW?DeJu!V(G}%``?yPUY|s_w<Om(
z4_o3fYSsg;w|vSu3kM%pGF7&cmp1%!r{k+nI6rPwZksnX<5dBwRCoP4$uyBs6^o8q
z@8v)(bBfIrRgTrJkW?alj$8p*hpwsC&SCYlukF}H-31KoiYs%Y7>g#piDS><wV|M9
z+<G}p!>)wuMnK_T$~T_M&6I2l1E_@DND!Gjax;*hH;DxQnq2JlJk_AKsfDV;Zj4iz
z#9Z*gYd?%@+LX?b^0zjFzC`a9m{Z!+;W`fy=SIp%%VOhHa8%(hFL4^*aXo)tA$r3z
zTtqm`wa>ukyEih#c<Fe`aIF(Nc(1Y~JTiQtnO%^I%p?Tq<*kLvH=Mhbb2zpW7WesK
zPPFrweS1FS2mWH`XXOxgGaF%4wncrj7v%6Ga$K*UjnqT5)|KtulF?x2zUI<%PsUPA
z!vWl&vt>7aLtD}t8*FzRkSpq)DY~60=xkw#URfVkGSHZm-JLmd=L)}!Fxb<hcJE<B
z$zM1AbvZDk$-G1~w);h|3=}E&RNre{24JQ`$O`P%TfvLtGX&67QEY(g-W2)JBvT2@
zE!5hlog|<;t)Q%7QolxxcC|4lv3O9l^oj5huPpk0`TMAiPZdA?5iVuk4bg+gc$+=(
z+aPq#db{;xFLYi2{SK_g*6?0%LOCdn<<zh4CTT>`Hg?4h)s(>3tkiyR`V4YRupO7x
zYS$osRIXPVdMOSyxiS>PgwiS2V`wf$_|vvmC9}%av>wiMlPog>ch0KJNzp5ifuBUH
z+!84kRTWy9Bo`JY0?K^mqFu|x7f9eGTNXNbn1yJUrQ^9g6f}x?!+8ZV`G)10Mbqq?
z)5}AGo0o>>MFfXau}>D24<ckYDMIkdjs~_e8n%`j!jHO(;B>XS7<iwZyV^mc^nv<=
zT~D%yx+9B1k~HfPEA*dk%2giJ3H%Uklkjd}*uYkcW;wPi4H2!mUD#tYle>}4X2pA_
z)3x)h@%UPFPNV6!Pxqi{_iD;MangJQ?TTQg3`g{j)oXhb-6zIcTl6ID`e4J}IiXX!
zi9d7~z{N)4zk<7R9bDmHaCo$p^U))ofP==2{jtQ_<58WhE$sS;zRyqZ6&S0Se$Ct`
zI6cMO2aTmVnb$gw3U7A`ON6(H9;bh7mFT|@Tmk!5Anx^TNr&gB4kR8u587YtdQ`e-
zRvr3tFio<crU8TA3XVnt<;vFMqY&^glU*ZAl9ibtTwt&SQiZp2FnIA!SDHecC=&wn
zWv0rerjMEGV&&HBX6husK`XTo%kWAY`?`Ke;!_QuIjDV7i&tQ0XIUmZ?^dI-;g`Bu
z8g}N~{v@=CQ~Q`Z;4T{*7FFBqsDH4tyFf6W1$W$lJ4Z7fz1$Kf$m5(Ma`jw;9xEb^
zn}z$I(GQPuF>z4ze;zie8MXzyM&*Ig2qDxMMPX{BKjEB($erBf1&K_bi(WYiKT+Ax
z4?ngVHl`8}8it&QqFuWa+)WQ+REjHX;#GapHq!;8OS8pKFNf;B5%pJm>pmR!@$6vQ
zn|obY1l<X+#a3=DzUuO_cU|ZdbV-}S`mXmANa|3LwT_W}(W|;0zcxT^WqqG99rmyo
zOfLND2K&2kS5bfEHiSrhoTe*U*sRe48c@g&LW2FNNZ-5$d-{6RkTy9&g|J(C*>+K_
zkfLhIH~4<Tv!oikN9p&v+{srYHc>|pRp9GQptW4+Q3!JO+bZ_4*xCXWN>X>?JUB8M
zO!%wH!`JWX_lo=UUngMArjze<mCf2vwEC#2qfhXi?*w~O5T|t~S9FOT-BE%kJ8?1U
z{xgRg*&QmQ<KIil=*~ftEMrG^8p9lAbP_3t_8$qWwtml&q{D393Zkyraah=(no1MJ
zrfvMlg-RdPH|+aMdtM<|>1Xadu4wr=j#r*2RR$hDz2M3%tZRQDyol$3&7DaR?GT$j
zgt{xbE~sw|LeCA$OHAf?@0%_pmv1m+MxlG0iXR)g-mBg6Bx6;11H{AAb@;Otw@Vj=
zv(;#NStPecxrjd&>pcyUM7SUY#Ve4VNt_$ZUMjBG<L&Kjk_!jLqmu*+J^?*0aI-{#
zjx!HB5?`~N8KL)ia*0nrL|9faWP@-2ha^<fb!^Dn*mb3vX{EFFr(i40rB;t8S@q5%
zq}*_H7uO;!w*G#f`KtMWV&RWHz;`d@eG_4COm}5AC4{3vLUT^|P7PoNTu!X~mP6cF
z<+dbdY+~6A&@g&=x(SB|5o=}!jbm6^80+&}XO6H2-pb8ldaDEwdxe175{b;xpagmo
zP-S;X2vAi@t_5C~hey<oi*t`+za-Es*@zh43~^a0@GASJ;qJxYkK+r*r<!~e+4Y#;
zW<5G!sV)R|oW9=M!1(CcWplUd9?1o2POz;cOm5pfj}%eWG4SGHl>P^f*k2k#NXoZ-
z5>et2gWEqOG-rR!j$E8W^kc~DS9CtBwN9|xQ&<-ag=Cs2%DQ%{3FfMA2nxYnL(w(z
z*OvD9JACrU{s4rF-KF<{JI@vY<>$PWW;AR@*lViI>AKL_1o}NS*j=a}@@V(L%l+9o
zZ7yv%w%(-3eRgqPpdQUj8NWExU~Uo>+ejVGd|Dv8S|%lGaeHXZV=cVRA!R6k6|q|-
zi{Ww!$l>6<ndsi3TgeN8db=JR9jm);Zie3mrB){&>38{<=n)T;n)o~(r623MU{Swn
z*k5!Ky_Mk}=<#Sly>#eY3RhFPl1c-3EL5GTYo;Ghpkw<cDvtLG*LOT6h9zrD)|UD-
z#h?q2VVbB{?<E^8rc`3g#sto;Pzmn68#<m5p+|AgQMm(rtLXlj$&q@CC&vrhV^>?n
zP9s(W-yaTiqOO@Qsywk`xgmnI{aar{3Fp{o8T-&bx*saq%|2u0v9A6ezjJHLh6Laq
zDxoOZS=lT$4P})ZJT~v6Bx9+J6>A)$>5x;m4QiLkCQj^}*SDF#u`5_;j6!e(pIUz<
zla)-*mAr_VcBT)A!?z@-qMgOoZ4hmGw_91$g8EV_^?HnGV@VC3GrZ8CW@<WgqN&Tr
z65E^ChJtIkq8Xr?t$HIdH!eO9WNqq^Q>Ec4^6yzxc2uuF2?zG%KTR@4rfyZ(ytTML
zABjb)*W@lppwdZ_t;-BoJF9opR;X)1PB&rj*$VLCwTH3>igeV(TL&N{JKxRwzw(iK
z8opJW<ODe|!XRwS`HxjcCH>|;-IMwKJda({>7^?qMNmi(l2d&4+{9~;kDlv9-jPAs
z-na0f<!`BKbg~EObbWz^>hT#45&oY>+RS^5?p5#kgWLEcrsC)~hk2@3n+3fMYlieI
z`|>~=R9<bKt@3uDK^BtQS;>KY-uXsh{odxLR}~PkmEtkJ$;FXVy|X9JoQERGA%(o0
z(a~co_&VPFRhW$;!rHZX;AWx^b_@t9pq{Rn2*xRWkN)%U{he<aDDQIEely!e6SQu)
z;hyybp^{@?^Zl|>g&b-#tvlnI#lS_rZ?KfaSJD=22+pk!%a@xWs@UMP^y|rZ)HOf3
zv1u25mclDb$Rk1CcCd)8<vYF2uwKm+@&(OG$roen8sO99$2pSuYB_pV)EE-Y#gQKU
zL!pajEmS#WpenQ`2{R$NZi_*KRydnrKG6O&*QM6O&+w;{Pp?8kEZJB3VIMwjR=7*u
z8DxAhN4Qr?0pvLoA0_DR`iEJ)NO-4o_v4Ps6M7hzwj?xHRQ;$?$}3~0p6dAWtSlpx
zWiqWpHDEgh7BFJjUvlQ%uw5EDt|BXw&w%)UcsIiptgk0#$wuDsz%yGtbIRqjSLL+#
zNo3fQGv$T=q6i2!;l>;J3L%#Ohr>}=j0E3CYH*8epBLpnGB|}ldypmpE$ITs4$^bL
z<^r~~)_ov3)UbL3IK3dYA*xGvQ%vyaW0eAElVO6%On0R8v|LC?$k#)ySI-M!eat1F
zjsh+GbPx|0ydUYNw}Od}C1i8H5vL*PVC}84yM^5t(62xw!q=a|9&bRmx=Q6J3I^t6
zF%Gv;^5U(NK<0fo)Hor{;r^mp@nsDEs^2}q$<N5#+FW)TuPR;m?w&*ewz}2djh*+9
z?ZpvjAQgRV1<u+#Gn|)V4E(k$nTBQoMVY_)e7H*+UZU>(B$3=A(YTdsZE;jy;@RRw
z>Pi6Wqoqsyk}LDvUpj*1v0|$J0zl}rnkFToWftG(mfH1tSNLvHN&p9}=;2Q51b}XX
zYKKp>v^!_WQW0967@@8^GF5EE6?H8M6Yz<VW9zi!uWo?iyOLe!)h!)8$vgU$@3&tO
zT90Up{Q#k`Dk@I=bk|x1d(<~D3LIVwxq`09uO|Hr8(Fj3@86LS#!{<{?wwSMs9r-}
zt4w*a7-^49-QxVVrRb-=pnicQ<buQ267);u6awjAe%O&)`QT{3FN$dk^W>~3Z|EU&
z-hu<5ks(0hAu(G{+eJ0<s-Gj+&`nDvs?A5<Yj{wix3<Tqx@yx1d+02q+XK+lyoLS~
zBS`nQu|Qdhn|kl5YH??zqibLK!hM~Jw3Ust6^^G?yL3JR^Lfj^#C}8lZsfiW)*$+`
zFSlgt-T^-wEF{nb_n**HYMPc%IS(N$7<5qglgQ5lN-22HA+$?Svty#_`NWgmeox6q
znR(H|jVk)Cl~3PrY%PURTS45tIci<611YLEg9!<J*_(Q{ZH+z&d9ly-Om%DLb|=uz
zOD8dwE9s<wS1&VLxdY1*kwN_?17FGPJFPZZnQP(g=51(|5BjG#+$Ek*;mgH3=;v-0
z8ZHst^7(pr5UMS78@`zZl2E2(amb!ZOQe-ZbOXG<DB;GD^ruTS-dG78<b0zj&q}TF
z<LhH|Z}zaaFGB(-FJEEKr}p(izZm;ojIJ6o@3*Kv61GtQ)W2hcVQZqtaUk;5iplbo
zkfm0%dJ?Eimn$8m5J4q2q#`Bz>%K*U(sBtGNHT^qM7%DqBiH>HBB;4gFRcrDGrudg
zcyR;!hy!l09^UL3UywL_2mAo*QFSpnl)c~IJs}kv7r&XBK5<f?SIGN0!CG{3RHOix
z3TlV!UGRA#ru-5aOwaZ_lw6)>?!AG}ECm5SM}4ZY%k4g%v*b)}jg(&2+$ht~f(Q`<
zXZL%?5d8O#+dkgszvt7W7Chu(Cdrm}s{~FD2`KEo1PM|IhowuFfm^dkJ0m}yWZutT
z4l0uv02A_vc;>rxig;FbRoZ8eBh^g~t^!G8J+1m9QVp4Vn+e+6N@8sbeI|p!Ut$HG
zQk<qKwVpBOwh6PP2XelTqgpnT+}i3;+YQx_LA#MMxqMm8&(W{aMh$jdgaox;GPnx3
zCmk*2H#R*A?GnB#A)AFIj|eOu4(zm~xFrxqw^uSb2e!)OA9PV%yr$CUawhbYmbu3c
zExEkYl||gwbB8vbaOTZ5c-_dIEAi5+DT-w;(uhv>iLypT4+NL0T#i~+VEf16sN&Co
zp`P|}wVLS+1}~*nETt*8EmaaC)jq;j<#lBaLNUoU%sgj$f8equD}h7BWO>UqvZ=|K
zi<n&<rm4q|)<aho;3<L~>}#%?pw|c_w4K+4+a$}X?vb4poW~rvIBGAXmzovonGkx9
zB$_<l7zVCaBB}?MF+4{WF-M^9Xo7AtmDB4ZUfc*GaH3zXg^6BW{4*<615+MR^T<S6
zCZ04<x(fM7RN`VVZ~-~}f~0>b+pBY|;afDIha=oUd{OtV#cBe%YNiKCp{FrrC2qtW
zX}KX_L{s$>y`n(R1ls=MAA7_od54!^&VvH`0&cbPN_xbyC2+Ik#V4rQYJRsrcv~5*
zsVJNgN>Q!q)7DuIv*L}IvE)S#V)xBX3lDRXq<EEbATNEQ9zln)_xan+k<Tj{<AWU}
zr5WF_Bb_=qG-D`1*7rpKA0;<K3b-ML3}=p|dVZOyC`yf%3$UMi@DlAmR>tUFz^~~2
z>Lf=DT$a~;Bj%%?nwh*E7Ono$XOp>=Pf*};&d|DXZuh$U!f*i6hbi`e0nv&)R^E&0
zr*}~<D*6DFYv;twHfFMUtzOhEidPgR+dfuL8sC+?uV~ZoS}w3kfMd+EZ}s%bmH_l_
zXj<eP$9rSP1a<${!4B1f(Fs+H(JhWx8e8Q!Yf%}~l2E^m${PSW({*@zTVhmdUpG^P
z#BPOwDCZ#-)oQe@&p)@foim&G?ald7e@EI)(k)y@c09&L-tpGXTXq0Fz1uu~z2SQf
zPztziZg4rU?Whr}85&N6-NYI^1LU~%=~ttq{L71KgI!f`K_uJbQ$it_5AI}w#>bp-
zAKp>Swzrk00dI;pWeUKfrRYrv8g!S^i@}7~55D#j$V<E^-<7%v_Ry6yp@U}en%9)r
zu0~;n<l67F69L(<mvsYFF_Y&>yOeZ&9(s-<mbbMgG0!WmL#qVe?64PQ*lJ!m1+Jy?
zX%fXJpS9`up3zo|YVxVZhGATxnPBebZm&e57CY5g(1VHulKu*W+ovPOJKF*;hR0q5
zbl3mHk#mLZXq<?V&H6}oLCoFsgJ?9PS?U;&bGL!$oV6SPS5SMjfaWP*4>umkIEcOE
zE;HI|Z<&lovh5pGrpw6IH!Bo@^wEDBba>nP^7TuA5v4cxbt7wo{jh*b(%D^z=z?xK
zjoHS}_W76QpXL{g)Nmmvxe+71S4eL~R^@t+36RxpoB^@<$lA&RHcIIbZ^!5h&<@k=
zjM0P?#^2(VI7D2VQsiy4E?9=X$&UCFW>Z+^!FOL{9MfZ_fk<a7FxUpB=M(NOGxFJW
zcY<$j)lGr&gc)uVH*On<ErZJzs+BQ%w9Y)@$g+d?g3U@dQAMf&5NBSM(?Z?VS}B8w
z<b^81*5n;QnOmBi{SAD^ZGfY!yDO2ISJ+#{5`IgJ%U7LXurNT2BIuY#c%;KVcabj-
z+a;`Ja9Y*?^zyhfbRxHD7F8iX3T#@e^DruxPj26ZT5xws)i-y9B@6{H>M>q%9bDT*
zw#{ev;RBZe-zRP8hZSfmDLrGT*1hu1@H~HpOWqft>qPIts<-IVBSee+6z$-pUsrAU
zU!`i!vl2Hs3r%ShwZd(dXmcr6J||XqS)GVvzMheXBwr{f@6KuI@-PT+^7^wWi&4sO
zVYx|*wbWb@3@gx0f|08*k?A=8eASwrsx8<)Af&?NRHmhgmGf%*+&ovS4YtQhPXuvV
zh&X#+tYUd05JIIZ&eRndeHKrK*ZJ!EX(ilV?Ydpeb2;CV>zr`+56vZyBZ7NoXhnyS
z;No-&$pW)jiN(`?2zw5^#au*u?odOMXq&kk2O1f3LZo)wz9obJBWA6-yWH?Xf0StZ
zT%X`SZh?I--WHkx2wAHQHVl#Ua}@73(Mh5aUOm<<K;1EIKIpKc6U}6`uU0V7=$ch!
z&2=I0*Zl_2hcx2sZkrTub=ka{5OORlLwi!3^F~U7snl4)Rn<4@t6JNMVm=9~0@ax}
zLPkBmIFQ*3!M(0{n)OWIlvrt2KCSpVs|z|ck9g)ls;m8z!e5<V|1yy6F`zIMz4}8>
z^8o)oov@uyn=j_?Zmxfsj;Hzs5Y~wObUNN&Xa2ACcmTa(PDt&?a$05bAK(*Y0h7$O
z`B>2WmuK~_&;d5#x&e4?7am;sU%(3m1L3pkY_e_pFP8XaoBmqHNDkQG#Wy$q7x4C1
z01KMXC_fSN%h><NGIei(4PK*E{9nLN-vqi5go48>xlfPh-^cl012)Ke`@=s*=s&P~
zS*J(|)O=rIayDiC57PbG1uw8c^G7#NBeMShA8{Mtt^YE>e;MGv8sOh$<5ZUaQv(!E
zGuoWJ3*cWS{Z||Ozc2?V1JNPxg=JA^*Jq+6e|4|~1E#~?gz?4szq^YyeEYsmhr>J{
zp(qxXE?W=f>8J?*(e3glaqN32A?aUs#1~7ceJ>O{U4d~87k3WC+Gy(jIrK39y4V{%
zN`E?C0i|1~aVbdh!4B49W6WFQph)&4adT=;|0i?ltAeX0?7g%O`-tx+npdGR>VM<+
z%Mzv=3HP^U*%m(wJo*C!FN)}}ZEGpWXMg-W^3^x^AjoOTaYm)>&0lS9_SyJVuNSo?
zt1g^YcAg+mcNaI@0R9=?o8t<q-1)Z7r01pU>e7M9(sWP{II}I&`$T|6@(Itl{Flkd
zm+^&FZ+%{0YD*)T%=gjFaYuE2`9?-`^>?R{5G!D3!dlK-(fr;lkghVACg7~`L`4q#
z>D01+i&y2nNFyE-aGK*i^EA$AgtrH{J4PUnmD3R5FL?h9^)<Z-n5_Tb0oa>^A_r~(
z*(Q?goVDunNTjFT-0k9gimZm`g%Lh>C?Wb(hX;mQ*T#&I+b+#pzrBYjl5C!1T?0>U
zgqTCmTz+Gz$J_8$)6xN&C}F0^0uE%Y6Tk>3eXT~gEDxu@6Rw)G@Cue=Us&X>HGFV+
ziYTALPHyb&ZS6Cr)~uS*{~=;FYyQ-BE!Nhq<niqiYTx9aF>9sa@SHMgHD_RP`<Ev@
z+b_%GSo7_03B=EhC}IM!43whR+6oCQpV1Kr@0lU=1`!jfT?`hr&HO`qwwTymO)#Xk
z`5od<=jf`w(LjYB<DJ%x=LThcd)q?t{NuqL(%}wed%6Q~ow>10a!-e`%n3i5F-^o+
zn^4q%cn~+cXcVxg+=`PZU^`HXfY9cKeF+=xn3Kg<$vZ{*bOe#m;cQKYrIK}&4?R?J
zRC_?_x5WB3fb#nejH9}K{tSOaj?$feA-1PAM+4y;S}BKkzduP2T|J={{>=x3dc3}7
z6d`8In4TVuN%8#FO)V=6Ni<yFu(S<^Y$&YRNX@C((^3=-GUcGt+F4=_6J%I22rJN-
zA}>51V{jFbb2t$}ApzVC-P+-awZUkH_)Qu@-z=8=2`{^`!``<2){?c>CZn(wF|e&o
zR+w3?tu}oCn9Y0aMU|+PMJ=M52_bRUbSx9rriW?(&TC@FESCX@WmdC*t*_ooYbIPx
zt}7(jD%`<}?D&+_8m`&!=dOhn=pSi<4cn^xR#4I<@HYb`VtaS7x|)mWd!8e1DQ9jY
z*+V0^dtc$<7IkptVQ|fYkH0RsZFDTNv!qk>jkg40QNxdXL+{Z%m%TpkTs4Rl#=SkU
z*f|CbFylR?=@=5=g$Ufxm!um(MC@>F)xNTLsSUH?tePUW@PYw2ZYs7@gy5QLc!heF
zMsw{zOc~u+F|@69qj;)q)T$5o%NF6>Z91AeMPmB49#aM8ubGHjgHZFIDWCFG+_puf
zz8y251%5|_VBF-XXzUH!o_39{xG-nXTsak_XW4WVR~0e1Sc1t4bFXbK(}0cn<cuDd
zb~-`f1^R2;X2<3Tf%q8yQgW0vyF*G2V=`8(b1(VHD;!^G;LQvP#CT*Ob%i1GeBR+h
zyWl{&wI!h7Jb6{x)iP4`qFJi<h{}-WHO!7smW#uHM;kiPTlZE1vaiskXf+etwskpI
z#{zCz23AEus`_>+_A{}uS@8JcEbpp`oyQEPy0=c6m_43cr7vy!Tf&@5Ur`<ysKhex
zZ(AubBWv^7gXVU{mc`eohPw7O`}B`2(=5_2q6?VjbW1`tFnmK@0${j{=9=1=Ih<+N
zb+oxq;sLs_YA<HU1DZBhJ&1Mo!bQlQykp`-i6WjFc{sF_cmxm#ucFC<uaf0Yh~A0f
zFBozqQ3h`bsmEK1wXNM6UyGTG$=b8X9WUhW3cDpDJW}eZ>?)dDQKL$xpPUsHp9R;S
zN>(Lvmsf=l#4C=ic!9&qG%8}vZ=LD(u&+{`;i=oT0!e0?_(ATPy3ojjnM|-@s3UkP
z4KcQ+{h~UDHi^*^HVX+%P#Qzd>{)wd?STgzbwjP;2uI20;&`9+)Xvhm@eR4a^FT{S
zNf$NbKzCPz5om4&8rk#j2}Ba=;rs4=p$Tk5Zqh7vO6+~D-Y@MyG@6f4EtIwz>f}AO
z2`|eY*F*QSwiSDa6~6`DgYB9(7(arTjxEO&F%==KuB0sp?0V{a$`GAMq#{KMfF+x+
zB5cNNFkI0!R$}1SvDm%C7;8I`0Crv#n3V@Yu?JNu*+#2fGG2)8JyWgn`pipS!h&sF
zh{yvawhzzpNliJ&_=;P{OLKfm_To9$f4qb2YR2}-Rco}arSpza+G0l6<xBRsM^j@}
z7+`b=pSO0Sh}EIq9kXlC9760Pw;e$M%Uh2vfRJdt>Iy`14$Qgq-q7GPXUWdwob~F`
zHp5+^*2~QKUx5&i!~OY{@`t#6EgH?+_vt6TW83Mj3?kkpqMX4Z4fJD41_x=Ii`wra
zy{$i#P2}vls5@A?KN}G6rdNZNCl0(q40pB<yYem;RC7FM#dds%M^|g;nz~}{&&3D~
zTq9XDM!RED9qC4tP>U;XO<QyzuX*eg%QYgG{l(&kJ4_>-%ZRPvybN*i?ajkWy=5;9
zf%EytumZ^=<t49cT~>WSKIdZL6w^{Uc(C6np>XfD`BG`y;_JTBTsbjBEeJtNP+L{v
z7l+}LG=cR=n3I^=@|IdX*WsJ(6W;L&we!gSF?zq&`u^c)ap;m&1aDHHiq6D@Q$j4l
z9w1Y{PoJ;KoYj^~iD)0nO4RdOTXBwn!5H|0s5t10jp$^>VW~LK2)}yLE}T33lqEkL
zcddytuEWjX22iA*LBPZYimeLa%*pH0n*3OK$5?2%kO)n@9rF5hfJSTCobDh@S*^kG
zU82xHp^RZ+#%murrl`=0wW&gEfuRyf|J#DDXEv+t@AAz=Lt+kS)Z%Fn1FHF>_d`0K
zt8Fpb-AM8z@qR(~rX;AzO>=}(&mhamcE(Lc$<y8DOR$+~SXC)6xZ;PrHI136Zq(!w
z`s~#KLTKE+1MOzWBwxUsD#NyrAbkYHA}l4*t*JN*1b=KA;yzPcu{y=)JvB>LJsQng
zW^G#rnR?Kh=**8PZYk`dVH%6n(Z8p@s%QZqdUO-2Jk`|sLBc{w2~(4yMz>@<*kP~U
zqinfB&BJjQ%wJWi$H-i-GWWgR>?#j5aHeoED%5OXv5Xc{dKqEc))X@~XI^o!tgXut
zcx{La;3XN!>k(57Tlg;H1NEl9CygO`qJdb#)CJek>b?63&TUO@Vsa@1Jnn}z-9i;@
zb0EDQrC9cwf!Eb`nRb$G7Nd7(^b!jsc|-7H1+_ro)TW__d^F7xVS=p#E{oGFkV>#~
zJ`Gyght&*P)S?`|&j)Ig9d-eWB(Xwm027!qO!;<Vyty#8JHR_+E~fcBpIK@4)W?ts
zuZukHpFMd6X&&3I$2@~Zav|-UCsVCTwdS4`+$?oAtpbZ7Piu{ULOXpUkvyO}KcpGx
z)>x`BbsCOs){TylH-pdV<xjOV`6b|RwhtwT+PK=-sn^H!t-pngTz621%b<((#^nAF
zP46Ag=KF<@zgsO@v(*|kQdLxKTANfA9Y&{3Xv|u%XA+~TW~jZX7Da7QGxn~%i6As)
zVh54r>+}14zkfXcKCjnv?)yIH+}F9T>p_EdAQ{EtgKHV;gU9)E(NY=nCduER^M6$y
z0}utS`I<=OWaFveZ)!Y^Q|6rQ*4e0e=_w7naCVaPv3vq9QnyD+ym|zemnTzDxx)`H
zl|#z^R*11He5o+yFt&-G*-Vw@lYb}2(U*A&L2@Vb+;hZlNQ=Zg!yuK3-+?=vpPF8z
zmH^1<uZCe46pNY4i&Vgy@asYjaHSw2C>mD_xzI}dW!vfP_n-akpfZk=$es1f;5eFp
zp^@lt;P^<?7CRtxD-Cr&+PhF!T%^HfU*TV>9t)FJ+=gFtw4|e0|D;+{R%TJ6uXFWd
zk)G77Kl*dLB$*e0{MmAyUW&MGj;(c<(4gEsk?yhBLiR1XD!2T}Y4pT?!RH6^8Gq~-
z<?F0aO(w~iEMT7BemqLuGENzQ1e@l8JIeI9a7CkJZ@Gq1fG0m6+2!V@Li!1FL*D-t
z+dNr%eZA)3@498T2lL~L?GFS++b8lSglClkd7XYB4vI7NZPucRNyzkh7iHmLtnE0L
z<nltM$2R<(%Q(JD+WDcvi?3?Y;KkmI9qqpsJ1y4vKW$xYn{@Ht&@E&3>CUUZg?kR7
zibyd43wWaMa3<z+Sh$Z5n1`gWqj4-fUM&e$@%aKt2lUNqjT8J`5M;a$Qc2QrYjy}y
z)McsWG5)8Z>)%=9%<ey<n$cLB2bHIly~T|II#u4(OzDp?eO|(6qp>29la$9@AERZ-
zJAhEZ9l6P!i)m{5#Uf2+Cf<WMU+HF`?0)n$6BBS|1PhOy<zid~bp3CoH&$rHZ{&!i
zCudmr$aiJ<d|2goOzUcK^3Q|vV4nVr-oBeD#{TT@)UO!V=}$(h&whTnfjCZ&6oigj
z|L)`Sk&kg5-0+!`6A&D*OYN#QE3ivFz2V|N__8qHObr<il+VsvRLDO2qZ#TqGLtj=
zuL|qy?0+oVk!G7LG}$6oKTFh^+W~(&DqL2;_s(#3wks+N$%j<~bl(yd?@#pPMd%~M
z|DQ*Ng2ZJ-&>b9HbfG8O#*Wqf`s9#9{!FUcL<E-kU`|b0S!UI)VzTo4V2ufnUAmm1
z#Mqp3Beuq7p1hGMe~^5Xp9sM18GAQM?FiABrV=F_z$ymmoeJ~hq7?A(A@X-1kE}SL
zx>8>-pLZ(`$S1$``;IMWZhsu6JKz*qmn2Nu@!bR)?mHSWf5Y}lYZ-iu!De~ej={7F
zyO3MhN5FYwcH5l7Q^ha38_Ft#?mZ-vGvlY_h56@vVz06sfS;OfIXU$tgSS04z?YP-
z(3f5q6<U4}S^Hl*FD^9arvCR@+oQ}aLRA#5;IJ>u+ePNqj$N~gw=&n)78}Y)iqeZu
z1B@G7&yvtiwdku+V=oUyNJ)NNn9aMRxOMRPv(pQ5g}2yaXq49X^9AJgNm}-iOt!PN
zO2;?Ky7uB2bQA|HBaPxvMWof=b<WX`x2)kk71o_t1z!CcE--IhSZ`{BL*d4&A*g&)
zc(54va6z}wwOT|1Y!W61jY4`jy@8G^2syiOWFh4fU596Rh7=Y@Wnw|FbbJg>kI!e0
zdND{-u)TbNU5sZD^t=FOs0s9(xuR{pEYJTcw9yO8OyM#JfX$|7U-maH(3SC3TB=8k
zM~UragK^ur-XCr<Dc3aqOzx#jragL-Z(1vB2$OK;nZ92=^f;r^_ShRd<j%0HqbvwN
zD?15$$n^rj<JbvC#c0n;XW#xpyYI&H9eb`wkncG?8tHMeYZ;jB4^&V*oGBE`az^Y~
z*?ptbwQM+`w=gGD_-QJMVAB^vic`_r@rif_%!et*-oX^j5q2z}Bv7J>_cF$+WfQ>S
zFZg!yedi5GoSJC4Y~A5l5m~!-n;k|?J3{^U&?AK#$syv#-Li21UYm_^_mwO3P9hg;
z`id{@3iI>35+8Sx_jF<_3jXTU=x1$8rpJR|ly)|?a#AenAR2FqB9j{AQ9D`AB^ks6
zg|v4PO)P#R<OV<ho;pfK6JUD8aQNZe;6{gch!j2r`wymvuQDh=>@9G${~5t?3LB5w
zW{K5o>~!Yp4wI3;H{Zz6rub*_xE3%SwU7xa&7?VDxEqlSJR~&a!1r8rh3@X0yripQ
z*)alV?o?I-x&FEJ_~IFt9|6D3*LVX<{_TBf8unYT^TZtNz?(@MIpidKLLDai=O*~z
zk2bK0!~)#cZ>($DF-K3UTrk5-UBypFaTlD$zk4;{UnIX=G5OC4tLf=vo(?hPTYTfV
zhb%U@kag`@*dZOoiugm4e2$;R91J&dB)ds)YQ{SOuh(I}p6J!pS88)##F80j7lFv<
z@_D&pRHg_ybme@do7J81-TNAkO)z)=y*2?o^oS~Dg16DI95dIv-!I${g-yV{;Y(}z
z-_5aADA=2FJB<tB_lDeeZEO&#lc@Ruc25k5IrTx+lloD+IFg2Str~Jq`JYk3PM<zW
z8Qr6Hyw{SIIj)uV;a})1Chu>L>c1OkxbGrR^x&V5H|W5S;*utxB9Gnn&ZuerB<qFe
zgZesdbjT;ylZ0Kf%I9Kh#Ycza=MU@2pK7iIbo-Y@xXGxf#MbIOO51B&mhfr#MbaOp
z2IFY}=MZ9|9ZcKLxBpUsR=mM@xPT3y030Kuj4tR&XI4It9XuA^Blu2%c3}7vcs1z=
zb4nJIj>T%jmje39{Tzv;Bx+;8@-TU>djZ&(fwd=rdX#qtwZ^LhoO9e!&iBTv_8(<$
zI4c}({L4`LNeauM7^1UWTPg!KWl_xmM_Y>%$q&JwSRPqVN?(kcWsvC94pHWJ{mx={
z8R3^5R06+i)r$eFM5LmBc3zBzxAQLw2efnIR&dgl0*>8iT$fabli11|+jpD}j%Z!^
z#ma!~e7-rduir9tfI4;|B9Sy3OrQVa=(vSG-74SWJC39ClwVjrgWUwwc1OAJc+OPi
z-1vLWSgqqJGq&%a?Nwzam$FxBG0Qc8jF^3$F|}=%WiNlcrQeuC7hR)9Uhtasf*+*m
z@3@>LDo^d=U~8!9ra!-bnI4MIMc6ZC96pG<5O972y(vc{qv~wHz!H|D?ykgwtfN8E
z<ueoG=XdIk@DZT>Q?D@&HdHufzZK77v6l`Ldn3Hl11VDAbse|x;>6krlcYCrTK=|-
zNirszS!&Q?l00?0v4L=|O|2sBY6GV@dRwA<jJAfdl;@#nL$$m|^;1ytbf7V@Jx4NO
zcVQD87k_igm+!}mVe~Tp;JQ;P_>=6xh5xp5p^kNU#DQ;T!#kN0D~DWFiyH1DkBn|v
z^XE%nuXQ?5<7&6Ip0;82F_n$=%Hw2w62i;1#od&+d^CXm8Aheoc7im#`X6|EaM78+
z?e2N;#$X=ScK2Tlv7yI&3)+iF)E}~F@bo+GAJwl;uYa%D*(JJ`;IyYzJma2SD+SuB
z?#5)C$*(4=sq78(H=XLqPvu<1A@?E<r<;{?V_7^zvtS`f_Gfti6lE{q={OK*=&lp6
zk^*h(ULfcFWGOcq3+Hj18uaxT95kUfZK<yUD{K6YmV6}htP1vdxq%gs8-D0|awhD>
z60l3tuTeV%UB<x;h#6EYi<}7$;>Hf+(LMQb*}*$IoHEXh70&YgE*!(hRm#q%&!euE
zFTA8~lKTxAiJ~B0qA1l1%Q;Jx=6Tqy@Exr)eEhHd_#{3jeE85o!2vrCfaKuIf#j_Q
z6bRpFTbD-xs~uP!QLPeB$0R9D_(}L#a@Wdui<SxkoxHFqoi2`f|FzPlak2=}12tq0
zSopPe4|P7_e<S&#48N+1`7gNn0vVpk$eH_}<AP6Rrej_*x6ph%fTQF2fX~0x`-<bQ
zjs*b68)zbQ8iS`S62;SQJyT8)muTP8FugHFZaUGL{nyUj{A<3wOGQa)HeCr!&fC=L
z%UgWZjBI}MkY)CV)1vM;{dhi}rH50<=O~Q$jZ&*m`Ht6HL*D|P5vU$Sam<MqT7d63
z7q8#nDAMio=vnO;!szucG6MNM=SKHbY`OmINtTV=Te;&eo8a~z+kd23ugaAFP9Tjp
zjSC9EK9)dDw<u@^_%G6+w#tvd{Z(@`pk?#u$n7@*69*d5QoaG`$b%t444QKz$E?v_
zvcP`*t!K0R&Prt&1WylQV)^+uJU|Vn-Ef3}es>k@moKw|FOU7i2cW3h4Z=zKW9O}?
z(_fX%CV8qBv3afzL{tVA5z~pyMnF}ESj#uaE9zA0J;v__eMM{G?(x<F7nX$hYVWcD
zv(sm7xa_k;eDXV7qrT|gyER}dg9JR6)HMLuTtve1GT^hgRCUh(36b^EpD0t)xdXBo
z9&_D5C~*xf_8hKJ%W)KIVuY^`xhAHU@1HpX@m_p3xlan`ejzSfsM6_{726o5rh&HA
z4&qsM7R?sdsQW-aboa++$+HeK(fk$<fY8mu^FQg{ITy0KpMz-EUpaT+rzQQusJeC6
zcg|oRmqG6Or~nU}4uv|U6ldD_4d>L^(c$xm^9#mpDz!W*V8D*jRlW&3k_U~cei!>3
zI1Zwu<K->R_9=U%&P;SMLYtvxH}hRb7au~4oVWK44`u5V7AtfKrZTGSy{5kT2EV*7
zK6eearrjvqP3~u*k|-9?L*BXH*giK+1-?>e*ePrrwbx`n{@oU7Oq9Qe2s|nD0i9pX
zY5p@Kt@?I@K%gv&HsnzBCGjf>{8YEI4g8A?@R3_4xPMC7V-4#zBn~)uz@bsJwxw5#
z@c0fe-cD?;G!vQUn14PjS8et`w#v5A1qcz__x^6htKf|;Xol_P4?&3_W6AcDzN?`!
zd-#E8d1a*KoHKni#=rYr1IBL_-~}X>pv=b&&K@@vE!LsyYWFU?bdw_9nw9oM`SzKl
zF0HkFN4$|hZj%=7^Y0gK7)y4P0uANHWPlA^q|<i?XEjRoC8yBy4C<JnPq|-*X#;$}
zoN7*t(f4~x)Wz&hqJ7S>RU_Y^5mM~$R=W0!3|Fw1pVpYNZ4Lbcy-`DM8v?cfg;prq
zg!9Ti!K0qzDvLz!;n01Fk_ANfD>&vDPxJ;+e`9K;3*MGzi|#42YkX{c+g{l`W*M!#
zasz34EHeIGXNr6LOV+nVKw)RK&V=jSpVNQ(8w@=e9be?X9$ou60$C3frm~Pv7#dH0
z;f%8j-zbnc*A5h*0*zGFX+0ic_&xZKUv#mtiQCKIYUy63p&~YN@oXajk$#0azSVqs
z$Q!{&IUli0+--53_98xvy1Hi<L2)8~B%Tkzr^tgpSv+0qEHA7tAOFw#vQ_Q+;NOIQ
z>41LcLAqCY&od-Ab@1TLOsNY<3cH$F{sVU|C1m2|lFC+{nPY=y#GT3Oikb(^H!hB=
z9+i`uV=_}abm#5QD&Ih0t~>#KEgRk3jR@!pTa={S@cV$R#>HtU8AKi87q)=ph)i5S
z7~M7NhmrH1PH)8Lqbi&qj?WiV!#-nSBCn6PW*q$uElMe+cnXm`fe(Q1`k@6t)B^lG
zrCZ*U*nmSf_@D@6sN?CMqzb5$qwOPAwHD)wola(Ab&f{uo^<*T1lX17yIv>OZX8=R
zMIO;lCME5^YcvJ?X}OS&f}b5I+$eA;uxYx*T{k%JS$B^g{2U~go#E0@$!=z}ePQ$=
zX5K&^OTxoX@r2<-cS@IKhO;riXMaSehxKpWPB-lQS$*Y2w@oy!U3o3BpP#ia`{fPX
z$ui&U{RMZv0(?OtQ5Jd^+<NJHXIGiUYp~tSa1En?s_>lGWxi|XM9FL-piw*7$4!L@
zP;DgTPdDcU9L!_P--dgCiV#HYU&Yy%oNuHyJf5Bni*m6D3O{!XkrxN0o20Jm3STpZ
zy*r!P{b=WLxiVGBD5=w4cs`Oph3qyqw-6Mlb^53q+utLJI>@1H;lVjgzXRT!&L`@V
zBPBOlh#-}6(ur_?W5&v^Td7-SC1~ywJ1bJqnG{csQL8mg?yHf@CNX%W_of1Wbge!D
zbZp*=NpAYxeRHiJYYxcgaby;oA8rw6!0u|yhDChR#q^d;R{y=Z7<ixyjVc^yEL#yq
z0FRrk5e{U|o&&K@Q|?fIPd}C6GXq0P7Ig7F5Mgc_Nt2lKyrf4w0!wV5g&Yb9S7@kw
zy9^fy$dBob6rbM)!`KuOFZ-<Pr4U5csplhLeRN(x>)dJ8YY4K@ZO60km#{yvrOI+Q
z!KQ8L>czv$&d9umEqeFAagkJTCdOIm2|T9PZ>6B38PV4uof4DdkfBHy<*ukbQ16%J
zq?wfJ$#n6lzMseCs@Ean+))xDh6myNF*Z1F+x|{WBy~m@Sikpc328CDBd2)0rQ#KJ
z9#)3q@tW)XcGA8e-~4gg3qQyB9Xa1w-8>~y^(wH5P`szMlQF<uy-2bHY{O3FL37RL
zkKuEwBvZ;u;$fj$eZUY(oY0F9M`T&)mMGRrV$b0P3>v>CL+j;aeqUT}Q}-AT9^60#
zq|C6NEvUSX=Of0{KL4yKG(23X$M=VQUSW|ni|Kp+NKR9D--)k;b+s<4N8WL*aBRN2
zhw|*>ugs3G{LwMYx4-X%?dzWX$zWo<HV}f$T6Z)kA-V1Dze5<_p&u|&yM7emX3=T!
zJJsvcg5>2Z%ug?JuX@p^gjN{+p<xFsgq5RnPgo*eFq?rk-U4~z!HU^8r<Rg-IL<Th
zJ=q5=4Z>;%v*@s>6eQtA4V$Un6c{MEc=Vn3G)*e;uf4?~NBi4?)oC@YdJ|RAXISaP
zu9NQj*7k7Dcc6yzq2r#<w!#BilT{!Dx5HzLv3=SfomhdYx<&5*VhHFwW|PQ9#YlST
zQ*&~R*qK{uND&;AkK@y0sP&IL@(A;evFAS|=T}lIW1#(?)%*mYUlDC`YgNs8fjdtP
zB6=hN9do$B2k|q!LS<N^&D57#eR$!|wY4!l);xrndYEtq?^)FnkKjF21IyLwVdHZ4
z^@cxwn|0r$lM!l(zE|ANpO-JcuGx8q%rG`~{aVh$NWL>XUdp-AvDfWG-z8n8UrArP
z*4{Sq+PQH1g1_45_AK7X^?}4)2<MfR!xkH(2Pc{P!e9B`b6g+t^0BzU7k&#LXi0+G
zmW03Pb2bfxw9!VZUSJHFSAzQjoyOz96gJc3s0vEr#%nWuA)@qS3tY9a^g~=G<aw0e
z`>a=*{?^0|Y}7z}N>9{gr7jlwiQ1_8z7dl=+eaC!bZOa$MbBdnS|~8<vfth=e=^QZ
z3O!pGp_9&T_{KMG;6+oD$knvH=pOp=Zzu>*>WAi8;o_DH8g$a$<1<XI%-N7gBINk?
z1T136bA)pXVsxQOJt-KMRI_jQoOHYuEO(Z}$JKplo?J;IiWlS7xIoSR#^BoiBq%~t
z*BljQ)|w3xzqZ)Iw_wtD4oLf0C?wfbrTwFm!s0ql{iNT6Wb&^Kjhu{{jFlGAZ&;Xb
zgDwKoeepI62Yb%_)QN4eY(w2{Px-TPBxuD==*Zzl1a>v}Ui9_KHCT(4==i4s&;|Q9
z?&69^6EZ1wamCyJo;}^3_qKVx8&;sLkSrcQgQy8qZ%S63Y$k*P@GWbNIpfXi7)k=3
z8hDIZr%*g#3hr{7$CX`})6?lOTWS{VS_qGGium-Nyu^aJPr<qQkSU)h2H&l`@EUc0
zLjVvZSuK9M+c5y;VSajVe#QkwZr8H7pSbN7sBzxSO&BqM$iS1+bc7sxD|gGr1HS(H
zg%X_7fOkLrUK1rfJ1Ab2PaQ>!+Rgx6p5T3ZxEl)9PNNz*nor~#5uM7gm-U8C$4qEZ
zi-RxtjO^pvXas6K<-0d#TB%;Nr|jC=^hiwg8d`8q)51%qqY@kC4=`)7-c%#D*!ju-
zrE8dO-q?X+KA|5x!cTy;P7iRylU-4H5qB0y***k5BenK`<&`cx0z~~sAv8>FYLGb%
z8=3ab%x|S}SV>2H^Z7$LQ{qRFkN3M~mN_G&%Vvgi>|IlP7jf?hlW3|MadYu7*~gRM
zOC((%mRf)C4!I}Ijref$m4|$?WFl-rfX@v0YcE~?LfCl2$FIp_(0SJWM<?NZi+!2P
z-k(l=)xnYSn-e|dLS<fd`Z*gbDv>C+Mm~@)$Em5)bczS|##&U4B&cPqxgaoj+PMzX
zqPd~A)vz@*=|R|E8vxJB77lstby*Rc=FJ;?nzowJri;h1{zEamGw#c|kJ!kJVD4an
zdl1w<?#oKR^%aH~R}qG*d#YD`By%4AaXG;4ZhigOw$yV$&>=M%NpVh(#`gMpCH#+N
zbNnWE2=g+)Yf*l%C;v3FZt|S}rp=~)AIO(qb}XDjE`Qw<#(C{cdDcL(y^f&k1CPb|
z{)~{7s6-B=y<Jt7>brl*HZ3Q6`iTL-3ojde{#d2TgB~3G6Et0*Ss=b6%%Tb7_{rwN
z!Bfop7MkUcvhaoXzj>&79Xa8@c+u~3?=v3k_RbZvkOPlCW?^k*?fRj8g}|lpv(ry$
zji}Qdf=TbNdq%retp9K$x_+T!p|0_5_wK*C=Ei{O07@x*@Fk@k`b4=frYF~lfp~SV
zVzQ@Zm1$Wvd;j*@vLuFMF9&1>?Bip>>9?$>H0Hqm*LqSk5d_$tJVo2#{@Yhs{6%|n
zupCIo>A}%r#jQJaCl(EV2o1|;2k4T1pRs1t0?DN|%ye*1@-gDw5A=R3$;(F)^qSmV
z*ODJFpo}qP=I!A@!oG5C_1q#42Bb(A5=gVvZYcMHh4KZ1IT6|Kfjaqr&m)vH&Q7<6
zrcunS48ljSpP7xX>e`f<0dScIczv}U3m-{hhU?bi(c->ccCpWti;~*J)-Y;4z%Oo2
zS}Uo*_t|icGKk=Tg*Ca1??X3FNNPU;EDwlfu42SkLbQinhB!0F@gBUEFYqpEE6Wwn
z=ZOkP0s2CU19bg#famdu<5TG`>lzC*u~{)MN8eUMUiaLX0vm|POo+d@poAR@U4Wjh
zuup6=&8-k=KzZ;{2*+P0<%?zmu?1Sye!FUyR%)<vVg69Q-9q&PqM^9D^EJE=b@u~W
z^1S=iJ)cu{w%nPIGL=$(h%HYu=zu}Ha3CJsNT6h3W>i=BSsqA6g32UU7qMkN5(&S3
zyfGixg<)hLkioza^kI(w1CY!)OZL$q-UD^)Iw86G*PFflX2i92>PZ-&Bq2tU`o-=D
z%gxN4A0sYYMjgij#+#RVvd5u2vf1e7nm`|oSh)Af9q=zb=m`gE^VOF1xp04qN-g$0
zLM9lBC#sZ?JP@#F#DMZZFI5YDvxhw=jvQw&m7Nk)DG7tx$!IifS$B9${sr3mj8~>k
zjc-Nm)FpMr`;MMHt)D%KNjbM7qF@9TZvu5!`^&LE)_x6U<F?EKU+!rf4w%E>Ele$}
z;X0@7EAVq?_-|5Ek6M*pH27xV&p=FT3FagjZ%kdUM~i|;-7p^LD{j<5C89@?Qu-d#
zHHY(Epqz98C&}C8WN+d&fn*4^$SO*HI+`>iX@dv3_){EC_qTz>^>80~%!vqEdw_$D
zO5HZ6v*hg><?G`G`xBZq)&(u^?$YEXyng!Nl1|WTT|(-|r-Y@Efb}anggiF?a#|f}
zS{+$Su-JSRg^)2nTSu@MO%Ss(O%DrbR92Q%CZUbx1Ln^xA#1o%RBtm2P@o5UcO@R^
z_L`pGF{B&4%mb(-NK~DEfl7}^%c~99IlF#-=Yw4eUn`Q8j0dTMbB)J!=S`6`2A+r0
zMph0#0kL)>N<aH&?&B_8cLISj3Xv7%nB$BAk#MR;vI(`kp~?8_PB@V^IJ|VHzQdqO
zG+9})s<lb!_0z%zzC#uumyqFtXNnnA)FA#nJuVAU@kq}pksPaRO1eyUNQ&CbxXl~k
zhV6MV%%?h0-^?oebEsXBGiK)C9nD?IK#`x~Tm{B?RHe)B)Gk+ld~JE!;9y-V0kt;n
zJec%B;BL(TiSECbg4&YUTH;M1yL*PuNkQt0iJAZC6)wj<5mwI~W9T@4-@W%8)T>hQ
z!ag$bA5GSk{gG(_b91%sK~v*oLWp`$W0~43+e|AZW4o<p>xuQ1w*QK&q!^g}p!>(K
zR>P(-@vv~pcyIB+Z*AAOHkLM5K3`Zc-&-F08Em;}KmWR^E~c=KnNtVxLKZDuxmIas
z@hx8u^-PVM;+1F`P`hSRFUbA|<r6z=JN5ew9bbc?nB9u5j!DB#3)Ob#nxL!dKEaY^
z$YdbwAQt$V?#eMYggtOUNzqdNq@+URz_6zS)YW5jvdHn#l`QLaR}#Aa(rPPaI^hzT
z)Mr*b{ICPUY=Uq>fA((q3>!g>N}hEgox(y8%df_#zOfQGUZ(1unVUCyx4p#2tXASI
zl83S3J4$}5@N&zpwz@Hvgj#&pa_?;OU%ZHGNk|?=mGHawz{i{)m+uM@WRCb3ZgYGM
zIb$i_6`T;Ma3cyQkm<Ylfh)N<|0Mj+o`x5yL+=K26;CBmuLv%ihV+r#ajn$vfDL=C
z1DKn3)5p~BBE`R0hh&YuUT`J-UA?t{`6)LeeQ0<X{1@-M?lC$A&vk8*9U8|zVWN{(
zNFB`&@Zpj<lvO-kC|M1re!MHlRC;GRazH$Sg2Pv-oJGr3blM>jnvPYE#r*yy)ye#_
ze0Wq&B_&nCIL=a37JQfT0&J<U5E$}w@Rh5MW5R$w@Fp7#F6BerO!IS4e`gC;M0;Dj
zBoCv~;W@rZ{BQ2C0|6X3IKe|!9jL_$7lJ$_j?nTHhH$0fftY?8y}EW1>YZ{lWu_^d
zwZ|o-=eq1SPuzXCX3luG(@qo!VZE#8JV3Dxddg!o6u@y7r5Tv*c7-RHoqs8mRy<@N
zjW^g^E4Nqr#iooBxcRkhWhFo6R{wC*zAc#^+U7=H)8$b);^Jwq3O;um`HyD<7T)H7
zbs}JoPcyb7enTZXtp>;y->f(@Zw;Ln95nOV5<qagoBQcsV(%W#oXcX!%Y9m4xc3?z
z*&MlG=}hJ<J*sZm7U%nG>{xr-+EyXNV@NGZ>`$u-rzNL_Z`)S5i>-)o721Hi&j&+&
zAlY=xJl9{2q%TgWG=F|SR&-t)Wi{<AH_EbGKDt*c7fQ*|&iR(GT(SLSp9A9$oN}fS
zO7mZ5<V{K&75NoDJ_`V(Oq+rQ6%P~D_f@tXTIv2>mAX5^!5fw^g70x{d5$E&Lz>9T
z!VxheG{#?yZL`&<vY@t#^;EpOw3-vaccyQjO>J)Y`q}kY62*sf(ofu5fs)_m`TU>S
zM8Zm$J_kE^L{2DbT4?wR#l?<@ChJyRRXfRnx2vb}%9tIi{?qXzXYubJ$zw{u&G$0L
zpx(1u6d&qj)uLPgSm;%%>Se)mDfnrcwj*wp(eq_C^i=%xIw{Hh^hgMP(ws>f4vWzI
zmjXOiW)!;Q*E?bLI#kbIb<9(Y%l~LIk0>~&%N-F@8%BFD7FWP<Ukx6rr>1jOcBZW8
zHR83udQiR`w>A9U>4n1gt@8S+O#fB2Dhd2MIOEDWec-Fh@5du{B4%|`vR`KGmGa2E
zwt$mpczH5d21=;NzXk5=YRU}5oih#uaPGaCpC!^yl~e$3Il6)xTolBRV~aa-7;oA#
zco6$U`L2}skbqG^Sqfw;@3xzGF5MlDoOiE(n=o^lEuO?IL|zIlhlZ&?E@~RQ0lC<D
zLs3s4F%$gYxpT#Xo#=}$l#7yc41PP&3NQ}QPg6wv80)#kg@^zwWFJMC()KxM6AA%u
z@*{KS_Em^607n+3Yk;-CLZa5C$6*xBr>NBl0c+kvL%nCfaMR4Wms6S}uCtEe;%gD6
zbbX&rSkL|v1wKRq_Bm2r^>hztl<0W<t=_)A(}1OMm;*%E)U*YjKYw<4br7^8n3DbN
zbf)p+686X^+?uj!Rt?_DiCKHi=p@#7(q4sC7cLkxz7xl!V$CvpHL#Gf<)8IFq4wts
z+o#ljQkjYn388UF7=e3afThiF(bGpWK&Htubw!Iin74|XYQ<zuhDZ&?jjM4v(q(mU
zPGgQLc&>4Cm{_`SMNTr^fw=z0B;D9$fLT=kH{gd$(<oCWDbxdKm_(gh8X2`wpUDw6
zQt`j3W%K=lg*+0X;&sog!l3V;@_H#PjqtKHmZ|JK=Q=%jF#B;>U=(z6tDq7tljGDp
z+Th+QVLA{wASR*wou!px#ORc9we}iNM3;OLt(^nf>3I@FLCJl;Mq>iC9%<Fsa|^Ul
z-1^478ea%XB#r=aa_we2m6L$!Bo8`1F;Pj>4@PT{iKgPE>!BKru9D&S+Wdt;V!q5$
z=D->a;|fHRDW@6EhfG=UJKd=22o|>7Dom+*cp=)SxhH0~6m;zf^3n8;XPC}e<}6B5
z#+ZA85;7sjO;sOK@&@{Ck@KqLNwL0KEvGI&7Pr<?Ox`muf&=`nhq}}8z+)Fu0RQFP
zS?Y!}cq~h8pF;HYf$pIC>oiX@{~Yc30M}L5R28=V(5%MKOHREAk<3H<_N{hxrJ)<0
zTKGiM%yBg!>TQ$VWPenuD)yrGid<H+kNdvtpl$i-*<A&R*}<&A__VJnD}1RD`x7Y1
zI8lAYr*gAf^js;RD#zF$MYYX!!Pu%Zpf02v*%s7hTeSg<O*Gu)|3EXa%YULg_>{_#
z*@wgU>hm>i>i99rZs!E<c|k?sU&zX!j_~!r6jxnELb@rN_34;|^~M9${X>ST^S4ob
z$=qR=Xp;}RTqJ!uGkN!Wj;7*Fmmh5`q)m+GsZPbp(9mWwRZiSv=vCir5^9R$3N==&
zQ#<**9sS`-Po_`(d28B{32=u|Pi*Hu$t?AuAO+G4&5{{09!SPM*a?iwvU-55;_}C7
z>~A{~`c+f1@7XPd9tj2TU79U5b7rKGg?IIbW7>XU8mRwq1qZV-wH}%(th0cHhNz2y
z`Yx@rx9q@jJp!#qJ#X?uZ$^c@ZFEIuu{y7H#Vy?gE`=g5SG1g!g4eVZ@Zs5kmu!6?
z3<A3}$^}$9x*d3`c-73)gT9p1wtVk=G^22C^&X=^b*3j}a@L9Go13Iodt1wLw)R?h
zj`jc(jz>6yiZO8~f`^NlfL7N|tn4gG_euB@VPl(F!PU=EWl1+6tk`N+=b_C}j98jt
zc^>S;cc7Ph-!JX{Z=AU^*3%lxe_*M%FDQEzN4LuDKz{Gal<k5tqtdh*d0{Wr7v7Ex
zq#1;kE9mmUHZ`}a{XJSGJ9eujQSrezP}pr&VBZtQuZLZc8HG6kkJ~=`YH)4+eWv5V
zZup&>W8TJDKD{UQ3HQBLji{8?WQ~%Kak&sZ^|~tDt@kC#G_)yht(NURoKl>iW4Cf4
zf=z6Yz|zGg;{^n_Z(^=H{{%h5Xp@y}t8yh0$D+TDYzXJ+)St5LLk5!~O0p5%#dbpv
zQ2^0WEZx8}fG~@5#qp=AE`0caK58i+GKZ*m_)9_?6G(n+Q^GWz{Fe&*qe6!<(pWmB
zXUk&l7~Eu&_+tXBna}OnVNn%n;zZ6{tDa1{4)7P6{W$%eV+oqNo_sfqs;eKIo%A>C
znn9=}@B<(0Oi+=It@Go50>WRJn%3`}@|9%LeT<rGDUp!WZv*LTU_K-#G)vDzi30i^
zt7V1N_ncqxo&oc{)_iG@FV=Jd%Q|xjB}NItM;{z~nu@yj({>s^R{e#PO8KtV8wS}`
z+^sn}3*d|IptLk^pW$L`TEh(KnkR-CnjBO|25!&7DOja3_|nxm;2Y<W$9GKEE2yXK
zZ8U55OVek3aKHhweoNeuhDK6!Q8M74EBB+<e4lfu<=pt_pJp+8azfnA<k8ywv3bJ4
zksV*Yzh2vqBF?*@TVuG;<A=<_G#kEz2OQbsaPk4fxhL88_)ou}((5Ja9ROOg?MG8a
z#oLVeX)QDUmd)z}y*Yb%uqZT3f+2?QZ4rYzAW%sMiKZ&}9iAQ7v|ehoF`|>T=y-TE
zy*PYkE}zFz(|hjG$6qJ_`YfL6psZ1m@OSiye;K;OvbN)AA)kcdqJKG0OwxJ-nr$tp
zXBtDj%ko{4iot>6s}ZxHvbO(*mF5Zg^PCwkV>+rUxU<UzM<p@rY?W%-7~@OofJ2Uj
z@xnb`E7j6&_y)z%=093ZIm})Vqh#$ht*fRq(gPeH-U@2)`Y{$)1jJwLF>Csn9Jij1
zi^5u9eP#Qni`-n)yR1h7Us5Ig%v3Oz<=ElmHEHFu6SDWf*M0>2_$-f0X97Hg_?gBs
z?KA@`q7Io3Y@EcM^*3hbu^2Z;(|uC+KWb)KyCb%x!VCCNJ-fn%$$~srJg_WNv@;Zr
zj7_vqhZ~ArLpzZ%Tg9In0Z`g%%=FN9G|~uqRK<=IT47i6Q9XZOGrS$m%<dfOAUCd=
z1z2B^nHf!e>_O_#w>^Fbl<rMkyQA<4UHQl-TwLx-giYS_9Y(naSy%7LT7f8Ngc414
zhLG)$Ri_}9Y(E33U+-?KQbLlAJ$~BI*w(}t7Jw&hlH;72m0oC_2krQ-gu}7FQr^sP
zc>I@1b&yW5m1LajM9z`>CallKj_-SaQg(N~D<o_gA)58b#e704n}mAGb+pm-NTSAp
z{<tWbXy)Km#b#U0<8!<gc8O+$$*x~DXjWEZsn-Ru^R*`bNmfnpev_D#v1izRtDRn5
zRf6pf^B!Qz>;)x=<-`o#UM=!b(HHCS<&p9&YUjhx;!<BLZ}KeGM0+2kvs72Rv=F5g
z>0adu(CS<<<plW+sP2o~#_cqa*|}Jlz<z49BHpRhW9{X891pVHugo!BD!Vt+025OD
zz18GyQg>=iE%WHLHMfmh+bWEot$h53Vu}6q1=6}Sc1>WF9UxUin~<V-`Tt8eKj`nn
zZlR0U0V1kWw1%H-bRHNV`Mg>&DLxDV{{8*PP+ie3oa0<}Jy#{LV~Y;>BlK$KeHl@;
zn|3XB2Hnsl{qAEiJ98M@`BNv&$g`+(^`l`KjeXBDsS|qABCw<+^VM4KFw0EzWSLpc
zU0GHeE%}!FNF~{4A$*D4=HOe!s7Udcp)V+t_sP2!Zu4ZLz1{q6<W51Dk_I}13Ib*Q
zQsab{H8q`%+F1^yTNptbZ>vr89FG`O=eX5mv1c^@LFIb5o_SSVJ~?aT`=*5_xK=%U
zhhP~5_J^k4Ms?Uy3r!D-EW|?}7Rf0;(n=;5g;o@k;JdgeC;H=xp#<pwsxl*lC!~!Y
zU6nMCoV!Y5?=~oA0g`SCH84p`l|v&-7fE}gBrB)dMx1xXD}a;w?HwsnTXJofQN`c1
z%<feyDJNF$7RR!tOs5&252wOHubNxs9#|OPa=QW)HrlvfRYU{jWRxmx-dPl+p`C-P
zXR+mNwQo`L*|5nPaFnI2^EJZ@)^v)uuwf~~VEPxvklE~RGfgW0S(vsZgUJpxdD*e`
zN>^yb(`>dOJ%wGuPyY$}Hdz^jQ~h-Oz9I{~;kG^7E!uenU&y8Gy~hR?2J9fu;8Mme
z<NB^!mUEP{*L3C4+o+4R9`UC4bXNXQ)^~C6=dK2y4@l<di`J&t_-?30K&itGX9kKq
zrW?C~p`;u?=`{&hWqN)xgeS;&Inx-po?P)LY5eh{5p(tDwsja^40zv1p~z!ck>S{A
z5LsQ%9d4HOnPnoQj2KYQ2rwTXg??HxP;0KRJ16Tm-_5a<d_4p+wrr_i9k((o>u)IK
zi~lRPUP3Zx+4cXoonOH^V?nERc1g{{cU=Xtl`k&+>TC59yfQT9E$nMkX!TW#?&7cJ
zmE_S}ZbC>J#9fh1-A*=0-46A{FHU*%xamh|7i+O(r<c2U3I<;py8Su$tKH-a#z6I+
zFnN~ba(Jr_Dfj8oD$D|~U#Y?n?j~INQlZ(tmexzqxqvzB`lD_Gt<XVa+&Tl!OWcfZ
zsp*P&dhwci?9sfcO~ZpLniGHTuav(0mmo8<KNOzR|7|Ar`G$e*7bCTG`Y*zduR@jB
z?vD@n*OYzUdXOn7eT%LI9Za^1>eoT--Gj4b|Lv%}b@m`Lzv2kiWBj6mg~o}KacP!)
ziupr)NusFKV(X_bVf730GWU_+3?2o9A%&BTk)O*gV+(nLUuXt}UP2{U7=4h65ffG@
z{EvptBS?;kGO~NaNq6bp0vp^=e&ka4;>J7l9WROTJ68@}_4K3`M^bw^Pg>eVbu=E@
zZSau(fceH)n9y2(?|CUaQ==svd^q%B`YFvqyBT>F64a-u`Ag^J;bG#})-Fz-K);VL
z8*HNeulYxl_gJa6xmS;UuJtKPQtWhf)5{5Rd#vE&H)A6J+zl0vE!1itBhU5-^$HZ^
zrkpq+rE%t^15si~$UWh&x&Q1=|3@Y4%H6BOl0`k*_SuRCk5{deQYJTUZwl(4E1RgB
zURCvjKXw(ZeY^xg%L7l0fQycPMaeb;5-qQh&JTe_rtd<;k*Xu9mEg5;$(9M0#x$5z
z@!yHKE0a+Ga*)M38>G>2XbHtfmLRh_OGf<A%`B~*RVo=U;OzXf7ThCCo}%_zb*QaW
zmxIH!lPGUHKD)WE!SN{q6pEp$9e#W@@R|Yjv4Nb2Ov+sPBlUy`^H8axicyo2UiPg#
zjIZSOFy~XJ+5d_@K6U!`u^=McDr!4^y?nQcK~JyWH^JS}<NNoxD><`T&Cg3r##RK4
z1owVL4kC77izg6!b(NgAjUmku&@N(f1Hb(dEw2h7n8u%EInPfPwmiaZJ;|oI&S6Fb
zDAKT9Gi-Z;dF9HEq&#jmT=XtycG^IJrnCbNxoM!RH=kV~w*V`Crzp}TgHUUzd*Ux=
z*4*g6hlSMtVSxevLu7WsO1HeO6wqJUT-D)OYM`~4<5;f1czLTDeVL^k)=2tocpU3z
zUb^K3VxGsTAe`O1t*FC;5l@0!e(WVraRgdEJJ!h7461lwfd}o5h$=uc)psA(J!nTh
zO+iPh(@bgCv;J8iS`ErAv#XZ}A?yU5g4==_AYTnVnOldOcjdcar#@<j)<R{>p$_Ug
zh3Ygnbxa#s316MV|3ofrD!ctB!=NkIZ*862e#sN^|GWTL+L0QWya$~OGavg7iw^EY
z%W-Yy9(2WxJ<`8y$NRXKbx<cAj-L&cV855j(}eMr&@gy=O#G19RzYiP?xk56PWRgM
zt5k9g-BBTPT{5>%R%x^<kn4{Z>o4Q*SMOfx6ZEy{Q4XrlOSH!B@j56S_QFqhh*kWV
z_|j<K#B0Aw*){Uh^7_>uy}>f=tSrwCh*wsaMgFe5^Fo%ps8A=})I;?%&PlXX?!m)p
ze+|J19%a4AsO9JE?`0WFWDPprT2Yj*(OaLbACCWPE&Oz<kyRjYQ+1iXM*Q;l3l8Hu
zp)@5^N6AT$+`W)7bGqx#aZ}F{?i5*>*smOG@fF;>azgytwjyRoA@(6;&pI9YQw;Ny
z1Dg6ri#K+wL})KL^*#vYmQHI66_Da$H98s&=;O><2<>Of(b0VoC^Ga^j{1-)9BUel
zk0Fl|TL0_RgP-M>sVUsSRs97{^Hd!(lTyy2r}Rn?aFiHte|9H3u<`s9;m&xN8SU}k
zHnt%G`EY3R&5!(OCS$)7Y<j=JNdQR^`Ot(3;P+Qjo-9xi!^rZV!E{j7X5&38X~Wl{
zg9n#eI=p|)(m|3#P0A$ZLZW1%11#@x)`5NwlW*7E{TVl#(F>%EZS9K$ZlWnQ@eBJS
zY|G|XX@3h_y>C9Ld|@(ZNMG(YDSer6R5)W&!y2Nd_s~(O>CEC-EfXLbH+g&$w)t|q
z+ImhaKNtaxNJ=)=DQh6ZoY+*<4=!!%R9`lH`$8*MZ}WNs6ZmhBOdm4->U@*O5W8R0
zqhi&zqFmAcvMb-XJ&@?s>NWD6;_X1soDFREz3ith#vCvz*gvUHS!|!`F0ET%yvLG$
zTo?I1E}QGnkMm?%k?)TEH+I2>Zzu-MPpQ(Bz~I?$g#n8fHS*!Ti?ek*Z||~pF8FRM
zqBvlMb*8XP)v!!u<Mpg3CSSTkB}3Op=5;HF(@plSo8vj!)O#sR3J>yRBI@Ko3-zst
zIfh~7I+Y<0ruJ8-Lp|B?Y{&DrWhsTj$K8xxkblFrTV?!Y{dy_vRjQ?vU5y|u(-1EA
z(tdv=0H3cgFDCoZ@!mG-MYCWM-A}QOp9OFD^!}AW4i)dl|Lv4gE24kl*q(&|ic&kX
zQ^_NJzAKveOV??=AeXiKhifc?i{#=Z`vm%ELQ=Ydn>-u5p3v4PbVQUkrC;-GP_&o9
zmCD);D0rNwSv=G#$ya-IHx_9l@5C=Qy2fwWR33SI^*RmRdzY&E$Y@6B7uQuwUaQt1
zrBfcyjyBg~(J9x3H*X%uD}n6`+-;Wimmc%-XLAgx<N$^iL~0QG^zrfoa|9_y%fC|S
zni-Q~eQ%er+eS|A$?__)Gl^%SO4SXR2Og`!h^qspPM(MhF!@Q4DTDab#5;qI;*d#c
zqY4P;gVYxdNc;Ib6J5ua67v!vT*eBkz01GtTXq%P6BhJEz)_2S^KyX^#>*h9_6TPB
zI7vc6nv)`Gpg)8MxX*G%%yRGN59lvXO{}3}kjXIZoNQhD;ve#VGKwGShDvdgQ(Jt*
zgz1)B&Go+4uOLaQ7NtKZ*?>vYo9_N4kp@`ZfichTknKNiV{Cxk1HgPvTk(O0H(Jl%
zl9c!53+)nP-ULPy<v>xiOPZ}z-EmYA)!7RvFKKap8!X6Qo-H-tMt10Ekr6<CYqo{R
zycuw+N&T>b+Jao*K+WFYepc3zl>zW{k%y)%SJ|velsVu>&ffG#3krp$>!;FhHeG}u
zBb&HU@Q-J7YlDpA`NJPa9Ey{|fyUGze}7K`A4$~h?b`?Cb7i@rU54{N4@X#MWG>OD
zGNLQiT>YT8EZ=;sHam7Cs{NGC0-M_})_anK%bxb7tZAlEy;l(mtA0%v#J6f#b?})+
z11H-p`_K$)vEg}*^$42GQ<v+_`agd;oz>mVXNUa)HeS7IlKv4rx%$pRU-@$EfBq?a
zJeRaB`?W6q`#gYqw{?1XbziMTOgu>La=6%z-%9;{jt3&;5_QHnmfQ1pQgZjQ;9`lk
zPa3Z&N#zobl!vpB_&4q!`6BSt{n`eD*_R^PR`&Ik($B$khY2xmCo?Dl?EdxNQL0ZH
zS2|>fh(`hSJwjOl5|!spC-g;w4HX$y0eO;@{>z%B{=HA<o(QbXG3^5&%<Y#whWWRj
zI0gMoGS&<(kB*$K%p@Y#SqBy82WPHt1k{4En6WX^UZ118rs)3}e~uckl7H6B(`0G-
zUT8l-c>PJ$+mkz{IH^IV3{OJO%jk(NC9%~Hj^?_Y6K%)(tp;1n=ZTTBTOuh%Z@dab
z?Ih=G$Eu>X44$c2J0a8TCStp<zY_aq9FHCT`ukjWu8tL1@$rO5^j&1gB*%_;qWegY
zm3j>|JV$ElXBw;Y8<qW_M*`bj7eKf`E8?UY5*B=z_*mLL$g0M>Y;^J>%>O?Y<Q(+G
z(fr|on|Ogpglo~p6XjFT^adSeKu_&G{wXG;#8H&?fJ;>7D^EyAEI|`qK$V#9oz>nJ
zu;Z<)b0PVYLiPKdS=9KMu-$FRnITh1*}{VR8Rb2kgLG4Y{qLUxgKqy9zSGjo*jgL`
zh6tr9o!{sX%8K(C8YO`VWS^ra%j*nm9>tY%Y5m`oG|!xyBeMCYYhR^2MTzdG=Y3Tt
zvD*=(4=<1&jS79(HJDg*Rr1}+z$L3DMvr0XSLzZrx*v>`$M)lFG0rYL3g{}<MBJ`r
zPLw*y{MXZt%#R<OUTCIf`+eE)jGC<<5ngQ_+D?5fPbZXQ!|!Z)_c2EruU|`Mao8wf
zOwBMho1<EVF0AF`%#`uY=MR?+q(s~_O|9Oa$y>eMgcxhL-gpod#BwJwtSch6)%xj^
ztST8->wN7(CO$14oYT*PHW}Irfj2h%pt`(Sml<ti>PH*ym&ADG0X)xTXlOY)%GIr6
zA}jSx{-sY|KQM>kpT2j1J#7lggqC|uh7K`-Xv_er9%Vzn@bKRy9;L~kH2QzH+#N)S
zc?&lK%q$=~JN<nR73?7_b>pLQ8m@0tEqfIm@~(SX)R+G=*ed^-GRC0$2>CrV7LTd;
zIl5uEsB<8Tp3;*|Ji0xZw)zWHu9U?q&90#LsPSF>qb!p+M^k;qMX64~c@fv=DMPKj
z(v@YoDZY?^oT|1HdsJ<j18p*YTodE*Gc*?t=oG686ka(GFNAn^LwNj;mhC#$6t~qC
zVdqz7J+megQM&LDrWh+*Ck}kyC;r4)@kqA^)1e1(vBZ1f)xY*;ZlvB}<wU?ET&H7_
z2pK}X?{xER1T#%4iVu?oxBOS+Pkp2xKk9b&ymE2wTW_qV(vM7k$M(*gKSI8TN_j{*
z+Bcj!u@~O^wHRl?T9RF_y8b#dzB|;j-XsloN#~{SdD!%44&h#>%YYQp9w_KHh^1$_
zk;J5;4_&@T{v~PteuSB;qjkkdGeo-o3;5{-yTbfd8H4^<(um;_PY{b5myoK|E2u-J
z<`jUf&ex^GTj8R2q(;lO9r0;(brIQCZ8%Jy8+1RrSH@nydJ-zz{p0MJjF6wj43fK4
zyaya-cbE#I$zsuwc$6Q$fV_E<a_;1tP@B3bo>iiCl#BVW6@4bNqIv(go^uRlSei}j
zm#P&i^v=s%b(#6-W9Njexq4Pr@-fQz_!ovp=9VlKKJhyke&?~tRGYEaoqZx|9m9}h
zs>v0QD6;aZ|7q0?<y+RGTrUS6zER*3-|`5~*QtFIyYr0fwr?U<#NT%OPr6in(D)*h
zxi<7Cx#|PE?k?I(@=t<X4FaweENT>`OKO)1JqL^5<4tLK@*<b-O7VzwR%Y7)Qw5NM
zidB3vwYXz>8dAM6Zn^)1U-dAm-1-uFI^M6ioyCvy>HDuSakn`*A%D1%kC|K5Uqk)%
z1@d8Bp|Z3M{RNKY5&>Bdq;!w(uE4P6h~;ku`_|?yTqsj0!0+My#J44}=$Nyz?{rcC
z4>j9yR*sN7x8(OuI>u7e;3)khlofEOy1YeKXjhERv3xJ7bAtQnxBE6Nina-PR{C0C
z2L~NqMos^lMSl7#Q0ay)1LHATKE6Sk787nHdX>e!Er{aI#(cPv*G^y}n^}Djix8JU
ze~Y+%|A>9_RgA`*FQ;jIm)1zt^TfR6^XSumtJ(SWPvjQqqBQoJJS^*FF3*FcjZ|&f
zxW+vn8bxI9`_A347rrvXM7Fr&rW?nv3tsCg09jX@e^n3VtCIP`WYDo0dK!;^bEsXG
z74260e=}<A6A${;^Qyrv(G%}Y*AEB3O9xj1p@-^krkVrf>v=>O7XeB-<O!+;Jlo9E
z3_go*W!t|wc@W_sB0vWytH-K0C$~>28D_cvS%6HrRjCcdaPMzaTz0fj%aMd67ZmTA
z7|-GE3gul;G!s7A7}IAC9txhpJEYhGaew9Gx;QemyO*(KR-N<u?Wuq@lgzztMCY$;
z6Sd9bj!V5*DF^$m-xLW9<@4{18oh~unPP-n@=_08d015)*~R5!$O0>B8g`bM3UZhB
zEkzynam+N-{N%UnN07FGi^SCfW8l5=@W7;Ol#1j&AY3gx+m)jq?D1(tcKmR>uhx!N
zfWZ<(1y{;g7k21%r}<eyG~K!sZ*so>npZqD(yOAc21vSn)2XN1vE1bDqlA_J{;RX~
zU!P66uJC0uzi2YbNV+m`ju<tV{lA%PU&KYi)zLd_cG1qgeEFQdwEVS)o>;eIEi>Jf
z$6e~7?c542kfWcD5-%RuvA<9X4&Z_7dAGD(qZ_a#0SrH>2Rd}jw&k|nGc&n1dt#M-
z)4(}e+-fuOK!w#|iPE_7c2XJQ(grXvzvOH`#-%J|wYQ|5lT71-)}p)aOFw42MYgCD
z@_$jMDpU4Q`f$wnlzT`h_rPZ-D}wC~<TV{~rn6}G({_hnUl5H~#`l1n)?ob)8m(!u
zrfC&-Z55k8bMc#i()NpgKmhEWLH~!nw+e_WTiQT_y9c-6uEB#7AUMG-xO>px8YDCp
z+#Q0uySuw<<L=IFX6Brk$@%ZweY{UiH{EO3F8Qift*Y8^C}jBG`8Xy~Ey&ZfGo}`D
zzET@}2A!3p`0hPi&OAMNJ(?*MRLoy$*d8<S-7(L@jE)W8JaKN8j$IqaoRP3D_G=k(
zUWidovk?TkRQkOqMtP#erZ&IfiMIFlc^G}Zyx8^q2&DZ%I7jOaWdusuQlfxwo`&zx
z;WFv4hsL2Kdd8R>hz$~8G!EFQd6eNHGi`(QSI#;nWnaOp>WOxO9y2uPHkL*h#pSZF
zz-=DtwTv)4{E|WuQn8oBy-60XO^;v}OI`X*z9%Toc7IC9f>aT5$$uc0-wBg;TN@9T
zLXP|VW?>%YzLq<h!mCr=4?c=7h+3lG#TVV6oGO<9QadT=B8-;{{K((?+Gc_u@x|6(
z0Og+3-%IiKrtl|<TCl8}-(mTjYv5vjQKf+wU#EH6=4ebK6SwGd%TcZ?k&uiG-3`?s
zq<ZXAdz7=ly;9BG1CGm0i-nPtbRTzAVf3WDjNHKN&#LLPeH8*B>Oev>#GpFYyAcH0
zshAy3-Scq0v~?sGeKn*_yZem9sE(Su%?3N-dl{_^?QbWh!|HtI2F8KQg?ZX8QdGaL
z7Wc#L*rDlYp`#djQ4@QQOmVr^i$zJ=BQXGV8}6p{K7szF>8n8`9FM}+7Rgq<7h~Hf
zHKO(AIO3F%2P6C{xqH)!_s^i7#IJ8hGZDUHQ8lqsTwHBm<aQ-uo~P-Kd7CIpFBYm+
zkaopOZE}}6qEo>lKk-UWv3jWJ@Y~Sp*R!aB>C;JlN(DJZpH*luVzyf=+iML19|g$U
zbHyD5(QU*W**B|kqAr^zV2t(+GVggV3j(A_^5d|P*M@nk(-HK^*4hrgUm#ic-a+?*
zl9nal=|3#xz4PgrUk)v724lI3zI9Vzk05vHPa~QOC-(QLCyXOhF<FLWI?hCVAo7%a
z_K$(QX)E6fT*Xn!>q{a=RHpJPL}Kj164eTG;k+iZf|ue&kQGsoldfn64=mMoYF8N9
zv0a-*9r0&s_W@s<rjGh7^tg02XKyF@vi$YkxtIbDTM#CWW{?cZ#-(<qgB5*Xs#}fv
zmb7){+Y?79zI-x6vocu$E1P-4Vr56V{H;m(T&DFw{=;;IEVIs`E_o_4t<nqK_x=p!
zz{%=(n(lPikLswtL0GIZ(9svEr<TE*bK}(T0U2=Ho21+Ho%fgUMsHd0^(~EjI1Q;d
zIQj=|yxwWHrD8BOLBlX@il|C3Csj}kdUYk>xl)QzOlI=+1F(Tej#M>RPny9s(A}|2
z<-KrWf)8ZO&|ZlA7Upg2DgvhhEN3POc_ocS@_`Uh2M_O3#f*Ph)E~??mS|%YpU|L4
z<Ivbh6GT~Qjy(_WC9|J?`H3P{N!la1sY7NMJ)(wC5pUMax<a`m0-U_b=nnyCd7&M8
zjVT+~*#f56^>nNs@O$F-QB6+LPC3I)^no<bi#RT7SZWC6Xz8QA`(=P$MR;)FO0MD$
zE9>4VpEoa9yQ>t>m9woRL3bx9Uf~<7VG+hUJ>UaufptSVfFe-uYx!AeXg|Zl@g)`a
z)|AlsxQPz+tbJ(<MI5NYFxmfNI@NVg2G{rKTLCn!;)g=pNb#4IAMSqkn=22um4}^W
zxcZq>S@-5+xJI;R&_Hud-=uys#8h2Xv;^F@R<{o^jvd2a;)im4%zYOCW4<~IJ`KP0
zKNJZc^U287ZwsKjy;S#7;%@79y~Nc8Ae_s@!#WRtK^c^II3_J*Z1iusoq3?9#weKo
z<tpklXUO-3Pp|S}(3EB_b~Z2m$0H_BT@G^XCBqA%JToi|ZgKCW`d7n*Ur#$SGwNT$
z1a9D$TiEy66Q<-Rf{;3jxKwRJF=JyP<XQwBe#Wh+zNK~AVumuaG>Z*Pck&(Ks!r&3
zaT?SlP-?=VJhp0H=V?Hvh@cbmTCufan1u71GP=?j`VomN16(Qh3H+MBFx2{KH<zkM
zB7uq!6iyAJ38HlPfzCIjIUp0==F7E8b@e_S3`Q|2w-`=_?-6jlL1BuSJoiU=7`?E1
z>_R9V<i3q>enHmkcjbyugZQ{FZ;cHsZ9X7LDgU|zD(UFE-@rtlGI3<735TO$$Uf<U
z_kHQiXq%M#5Nf&PtXv<ph$QNfiw}9a8axgADA>FUelehrFhb|YG8S>B;7!s+Y4bz)
z3%)_RAI!%u9uH3iOr3E00deO>YPxKsn{XApLx+?@nK~vhtNp@U5%uz_Mbg_H8LbP}
ziRe}|HG69*wUMJOcqE)FFFL><k3}#f`>=Q5VbqWaCuiD=mH<##yalkZ9^NNoS`@@=
z!tq^RKt?a-Q`hrRHA>tv<LVgIH6G2F^Q-=VoT(Bh<0!9MM{VKCo-$rPrG&yLHArgH
zBjORV-eShg-{a0<%Wg+WCtQ2a`2F73O2gzH@w=FU$urMgriCHV5bXV6?g6Hy%t0la
zp>sE4ZbEt2O|;bWmtRq05xw4skKNx+=V9Fkq(~s8db!Aw3Wn;xr^f{9hl8LI-6yTw
zV>}Rtcdf0xI&`%^7^5XZq{oZWkJ6oiNsfS_m5qJIQkJPmQ4PZn`N1hgB(~!XBt?Bk
zducwgUx4)&|G3q`{1@$-ZobQykL)k%4n5|uW6t`_0zu{430|6qno!1K`<qzztTTDR
zPl>;JFO4cLmyMIHHST650{cLkhRUyv{S6wqL6*OBA2<k2M7qoz#ao#puU+<jPOBu9
zm*KYh(rPcf<zYR~=*q5evgEXOa3*0kc%OZ1FVQ9!AirxA>@Pqr(2k38b$jc6YrWWC
zHF*g?B@twbEi6#9al1RoR28mw!@ZDM)0sxueos9U2X@!<K-5_yw)wpfi8TSBJo#ya
zJB08uMEZMKkDb)sb)$*4N1=558<g&MuwQM4X3|=mPo#O?<MLKfX;G69xn&a83S4Hp
zUvk4F`!X9WSoyG;=}?SkMAaz)SmzyS?};w-jo3zg74fbj0^1E4RPgppIcp>~2JUQF
zsFjDrDIxd0m(a^cV}K#w^h~ZF9g%o^36e0ZC3308hM6m=x(+|^`&{tWVF;?GhQ!gy
zT`V!0c_A(>KdqVoLvQ$LfuhQY<*k^{!+xJ%<Q!?p4)kFoV=Y#8RnoPdU(2A5yx%-e
zyS;{hG(<j^Kxu=>o!+Nga3nTI^V{=o<v6a&`CdC_Gh86$z+T+4w}{1RB$@LIUC#TR
z_T(VcaN=2Ns*Z7OY~nGw1ruzpg>T&!&AReW>R+ZB&q2ja^MNO1d=2_G-N{7TC!Uw;
z3ArXH+~^Rfytn&%*sDW_JB`{*kN!?8aDi6cIoOla;GN|=+k-YuaWVNKLi`JwYolB9
zuvl#Q7X!tn$DQi%xs|#$5$yC+XMR32j9s%!!3nIejfsAFycybKOuRJ$*CSm-cTPG(
zZ?+oS+8?ND^fx5^CQIsYM-Kd%gCK+|ar+@^RuyJ+9Pgw9C)NeeT7<DrjySk<Lm^N&
zmtX35HlU>SVD74A#oDjGwHEW1MNBW?9Re-m>dWBu$AV#`n24&1_D>Ctd`5`)8v4DT
zpDyL!XSLov_g0W2OC}KpwqYjo&5ZI;N!l!}4$AQ;VI_GHDVbkY02(5D*&h#1s!YG~
z)Ei?P9(<0kZe<os2RsHleU@`-_U>#t>0Y0s>gaJ~IaQv>K)kWcVpokNyIBBRq~W7H
zLA?8TG?e;Xmvd^Ix$r|}uwxm4s8D#WI;Tj`P%I#pPEr3nYJl8OjtBfG^bIi|QT*db
zmkzMKhZr~kx7s(p8QA~1t|aX=1u=n31#d&-%Y35QX{p1}{oYnviTwclRdbHTwQ72W
zcO2*(>NQ*C;0`&|+F#3dFTG7nQGRcSS{7fi@9aZ$hWmas#7LPDX!FxPY@YZ-@${e%
zRf_5c2FIH1k{5w9hx;7V)~?s#+x_nf#R6SbKA57dOj$M!$NTe6@iaC+SFT3!4Hna^
z&&MX2-X0*h*5z!YBMhr*LEl-TIj98Qr%&aRTu6jiN)1HIE<2UeFC?>*v`hrkyx(fS
znh8wn6XisXZLVDv=C9i^ce!7%2X0q}#SD%Sb3L3k1A|&$l%E4y<dPqwaFuS^KbV@=
zspxpp9N}xZ^+Mnt8^_(>t|8py>1NIQ<6J*6pPQ@?1QwSO9!bxE_g-o=;UT~9!8@t*
z6EijT`P%KB!3^}y!S5JfCY%G=QZ*m7g28gMm*;o-%Rb?nBzkJpuLH7jR7a2PwlO&|
z%c^U-oJ3|)<v2PS_1gvc8?i||kAa-Pj6Cg#ta7WFg@qFY_kt+j`D$8Q-o3Tf-skBD
z9RCf;eMePs;$DZOqxJwt6>Xxxuf*wojOAariLM*BQ$4T}YN()t)s*Xq_b#y0D2f9q
zeOR24+7jR|Hj<mAWGh+>Xhy5r?tUmDN8z%3KFCHWp&8FO^1c^NW0(@{G}Zi^(nr=+
z^B!X`K`33iUOremY}V|xc7Prn$LaF5JWUZ1{QhSr%1VU0gs}<s7|)mk9Fqa78I9+j
zZ8?DuA--WnZQ=QWq*w~7AWuvHf^aAXzESw*NOWFFtDtehS65nZ#O5^e^b$8BFO}=>
z5T2m3$cSmL+H5VPya?iO0epVp?Jj^DPsgH7O^apS46WU|<4fdME?v4xmT|wW)6$m6
zxYc_>r|ud7&XtRJPidz0$(rD%Kt5rCE<OFHnnmf7o(wG+W9&t9WRddwh{CAvXYCCq
z1+7s+WjPsoO&s%TE@8r85b~JsdX%(ai49g?^47MF%I07C1(=>Wp}EI$$&+o@r|mAd
zdk2@p1*n*s&PtjB65eWw4fr54T74l5lp*%c8L#EN{YYt4MwS<bzA;(uy4FVcOrB&g
z-Mty#-hSj%NA8qEfgOW1qbBiO(+zEhS%bo}zclzBX4KlD?NbWB`3}Q-m{=FOS+>D%
zI+fQ(;bKuuVfI+ho?T{kD`!u@^#fZ$0+p1e>k*i9sAII7XC0(Ly_-cN{HZx|)n!+d
z7=<J)w+D}j6Q(4+@Zn8Efn<v|w~vVRu7)8<_X8_x^>*_NH+_EbKu0u!ThlB_6M<2K
z!NPF^&ln7pIhmFo74bCv?O8nAXgPjExi1Y5r;1Eibw{9wvNTP2yWR-FoC310BNw5O
zqNQwb=;fMk8%E6Yd+Fm>8R~-`^+GX?ZjLy5IiykgSWI+c^}q;!h>T%Qb_FS$4mr3+
z5<$}c015>-OcZ?I9w_X0O&}YChP9<USDo_>n0+`e<mLPtJ>+wN99z6|2jg*x=x@G5
zyxS%ew|BWZ2BlVhN_#DkCVw8Dg@ovc`B&0L5e0nwNywL<iM}`QWXO4d)#p>smV3=9
zSQOH-)22Y5nzg3nGhPQF3U3L_iGr>h!R{afUG4IY+TC-YrQFjm%G-OJmYa-Z$GcFw
zF6|Hf23+Y^>O~C<aBKo+(_E7ea`+_-afrN1wbIRJ$KuR)KuydfObk;eaRK0)p%(t*
zWI97?<Aq)xjP7v$3-oU_F;C9Vm0BT3ZpLjtg7}^rz8AGTvR16GuF+}ABc65QaBMjm
z6{>|CO?o1Jd;j^dqPQtKV(;^n5H2UiJ*o$Rb*uf&=F6m&yoo4rgbDf(n+Gu>))1K#
zBU@|kYP<Nsau^pTMqGeV4Gtssa-(%~@O6}R%ftAP^;GE-!+8=Po39yOPv89)pPmcE
znq^bMd9cDjriOJ{J2FGDRgA-?rzJ2us+vL%+@~0{c#qbl4TOI4K?WL_<EH8+Zo^-X
zN53X3TZ|~RZbf6XC_L!y4N<;0C6-Wn?H%2GmA~Fm8|O!<S^J`Ny?7?)ntqz=MwsJ=
zg4XIAOW$3S_Y@ffhoBaFRS&-O1E&80iAx+>FJ|xv`$dtl<r(?z#GYvoe~z&R2AajR
z^LqEf%C9CZAlP+g2Z+_;SJEhwMwp7!R-D%Jl@#xip>-;gM<~qi!{V`5(~{TS-aMa4
z8Z%Pa31|lt%Qx=);U)fQD;_kSy4VLaaSdPm*+6{nA<hH%Ayvpn-a)hIOK^#Ena8OU
z7eZvA3sL<wLH%V<<0;=7S+_;x-Oh~XEWesw8(5;i%O>^R*2VfdGBicO`?a@UKl+-*
zc89oVq3!U>b%YyUf67PShW8;yd4)O3*OY8h+pZ*m4<72;pnOUe-Zw?8D1)Kd(jLRL
z146dJ3!tP)Hvt<~WfK~s{#>V83fE7F(OELj2)-~rsge(y)Tfc0Csq;aTa@lwUh7xR
zK&~NBVm12CmaFu;O$#v%N+*f7$-~p7fxw<dH4FKfuH}cSj){-~8QTUk3%ImusN5xQ
z2!I^d?g{H{MqU*zlnMCvJ6$`|*^;>llc7=rARZ!zVP!11EVV%;ySIQjOJ=tZP~Y9Z
zWj%S5`NBx1zPkno9(hO;hi%^V1<dZ;r*SY0M{Nxe8Jg&usEJdhN7#(e8&O|Z^#ty|
z_8CygH~k`kyD#FLg$Z}Xs*ZySN*rSNy%C`4hft6QOlr6?^vid8|6&hgHUp^x4>^}2
zZ>*fkn0OShduRjp-h;BMk3;6TV_uvI1~VP!I>-xJ;V4IssH4gxSS=mm&quaviwU;8
zX{{Hmj%;T3OrS#Fwf-HW9T8}F7%i+`bN}(y=S046N`j4()235{7Z(WRh&&tI?5Q-d
z&{%|$78xQBJW$cx%owyqEeD4cc9;D1AX95!%QsKr&WqYXj-)=Fb%)U)S(Hu`HM4UL
zf~7AgeCo%WE5&t4t`GL+q&2QKpZn})EU;fB-dUxv?}r(QHfbo_ix8oNwY?2`6V5g=
zB49dpfs$(ZsJ>m$dk3Q?S_X|QuZ;#n9rxkI8v@3I#kS2$9y@Fl8o8%e;FF@R$TB(T
z4CFQTtr7S3R2Xq)EbxCuA!Isd0S(>oWO<^s4p5%ETss7Ndf$TQMeJ|GX}tug{zfx6
z)pLvAZk@fhfAbcn5H!ekDrZC|_p*u3I#QshCDZfvu<?lh{9^ZV%?5USX6-=HxA{9C
zvVby2JN+%hgB8_Nc`?d^!e-g@wgZ>*Arj(8%gUSbbFF%?pdv}`hw~)E&(fwmXdZal
z(Ozg6Vb^@eMVSrYZox=UuAeBb)fX>0)~K#85G}h&EL4f-+!kG^cJH(oi5&Dh@GmQl
z>h_r>LZe(5yPoPUHlmE`L!J9A6~3%d=!^+mAWrtj#<Mwet_7Cqzk9fqPI`Op?N-&F
z8k33B(AEnln#|jcx#IWiAwHI>JQsA762|+WAkFiTbyxumu$$3y+v{~&@vAMj(;t)Z
z0~Qrp!$Ew?U=aPByQ6ZM&&9ouy42a}^b#^OW}?x(Ms}&0+Vhb`79IcW=q4e%ru>sc
zpCI<b0*OB*Y1}lLD!_2w8}pu=%qyC3%w`EAs_@x2*a_ew&)mrr|LF>c|Io(YuhH=X
zan1(JQ;#B3g9>HlQ?G&Yl?2QQ$*SI|0hYAFW_y?FvJ<h&baHsf!^b;fC*-k*pL4n9
zV`1WHE}uub-hV?))j{@Vu`Mj|gVy#2t0As*GrBgX@dO#4X%Mm3HRfL9@QNJ)rRPzI
zP}z4DwJ|7+>N+U&+B{cilYnGE<+kUeivua<&n`CMK(>oLQI3TS)rk}MyFUCWvyXRd
zTNh^Pi6t>iF=tg|W5H;@l8mmE?OqmmaPh7;DvUK#ZNQo<AYUBzc!Z75dOuGBa8HF)
zP~r_Z`d;j&MkdO}%_knJyrjYdJM2WC!FpaAiUGNi>%=$l$iQoC#g_<Ss=oU`^v{UT
zy^O*v(-eoe?>iYrO+rX|q)+FCi?Ay{*}r)=5kInf4-ji<!@rB5%8IeTY7iOvW&SCZ
zQ>9m(b!jC40(!Mm!m?mZOKCa*i}L=x-L(w~|INLPP%+XAk-|E;%q9*v<%0Hb<&jF;
zd7G&_y`=Cjnhe8!!u2BUAl%EsN3(ECO3AVJ_{R8--9-616Z1+bLQ|)sph7C_Ht)g0
zS{+iD)N7{tFh8n{qsfgoEY=Sf{n$Diqu`4+IFMfgKqHz8ge~tYk`OY_#C`WFxhxnK
z+fa@j;s<%$as{efke6Ouc2Z?r0zK}E0am7cTnd&lJsXg7M9Yo+9T&qnvd_I-MY10-
zRfw!O+G)$DvDLN{EI8IUKciTdkSc3+xvJ+)7n)75x{j;p_Vm{6@_$aP)%ot*B9A12
zm@6=d=}9+^K#-cKfL6A{)YCq8S}Q6LG`EWTus9t543RnHEJ%9FHX;xRn76S=;Chf|
z9Tt6wv}S72{1$uK)NS%Pt#wU+d{nRhBF^hN(PhT82f#(`B3s0-_NyeXC<x4dn#H?}
ze1v89OCVoDRGUa#TDuDzb|^7P=^6mCME?{NEX`F$7qH^lpo)Ccu4v`zQ{(sOq0Yj-
z+mkXJO}<Ah@Dsj`KRc~=MLh@L6O%d`M8){t1AM^B`BmLVaCU3WanGky`OX)}J|EZ9
ziDv-<X&}JdwukTr4=SNEx9<$S)4e8zrCslDWG;M&_abjnX=Iw+1^`J!l#T{HSbS1v
zCz{nJ06MulEoIl5$NGv7GuP!S7p&%?BPM=6ET*C-0uvqfk=^e;^5=@IY~gZZ7in)+
zHg!i@2jdyI)eMx)ZmR2;w$zsses&(3djY3Q3{fSGLklKPt?sF8uak71+GUC4mw?j;
zorR(v%~GNUehVgOycy|$aG6~&dnroO%fz}^MTY8Jy<(WrQ7mbX<+HH9Kyi7=8m;gu
zG?WLfNxc-ubn{NhJ$*8VbuZ|!G!W9(HY2ssL!j_PU5$dECviAfzzmcfW$a{r6CrC^
zaqjMZ1_yJ%?I>l{AXSw@_X#WB4OyD`UcwXayAPR#RM7C!ufc&(U7Rj=I1)M*JK5A7
zb9#T2V*+LzA2^fEuel;!ZDm2_x`T7ayYGjK{U~&NUMvo5G@gdL%l!Pb9{XM>R0aUI
z$APTq#+C`0@Y$(+u6^!x*aZHj*Q>tyob)&cn9-F4E*`ESyFI;Jo56NlRHe|HbcXLM
zV(|ImPz=KtP{G`sWGF5k#dB0+<yYI!#{<*T;7OlH-BrjtZl>V|8R)Y{=2RQpxuow2
zIDV~_c2ESZs;H-VXetZ%-knPCtupeHrO%V0rV+xEZe8F`d--^mvYqy}q1_gvtr2Hm
zhUWwCU;tjc3>=M@C`o8&iyWdVC0^=hFrQ5-HkAkMp8OEBC)i~09N){e)2C4gNr|j*
z&`HgCc0ETmRYbhSv60$T`u@}|YY>YcJ}v}rT|Se`M7&vktr!$q#es_zAVM_QW`df(
zu|+il<HAG3;kJ#Rl%Ria;87%iBbrDll8S4ImIKxxW>7O}%2R@9m=THy5YaedO~k6;
zB?stKiWMozx`O7*)d(#{1{Kgg1jm^8mzIkk%&r>lV7xsQRi8@22nsMhM>4?Q`jX0`
z`$(?2umPyPFV!QgYiX-dXMk71Hn8|$uw`Md^?rqVF>}DrQpzZK_4S1KcK5~m0_7W0
zWcfKdG{kWUK23<hm@X#bJ6nV-sC~CjD31qgKm4j~dwd*<Ljvg@+JrtV<ES2hwz^?$
zTVk(1ey6|~-Glll>X+X~;&>aJuE+Q+jFVleikFVQZ~el;NbQdn2G#D|cXn)1QU=v5
z6mRp)?#1V3C<Cx|34Nv;nikm9p5Sp$r}=fkgpcwfU}hyjt(7*Or{&VgZKamnbl)s+
za4;aW1OoYkk!`6Nv#|&IiA0Dvi!pMtD;WpW!HqOLcC*YQv33BN$k6*`LKcR-22hvc
zY3>=K)ldF-mJvy`Up;(<hy&CLt4Z*(yVaja5=32~<u9^-(Y*y#spE#nJQ3?Y<YfvH
z;Tbf|cy=MR2JmA*4e2UdC6LM(u{Nb;ZB^H<FeyU+oK|nCB6Xx!xkg#{R<Lis)RgvI
zD2?NQ92T|&;?fL8<znAmn9=Gp`_QYN&0eY+o`Szt-UPl@-iUOYf$EXT+TvolA&Lgi
z-FNak(?7~saCk0>g%QyisiP8<NMpl}W%<Dr1eUHwhx4E*#X8XH@`u0&KZbC|)fP2>
zW8h$q!b@sVLwQ^AWgAtkej4MpD%nb}u`S9`NjSA)VFVQ)Iyb7pSF5XYKOFM(jVls>
z+m5gt!Qtb$5LG`88?xgfmb`=Zv=36n3}X*TN&*2QTx5(74J>Iz_MWap;>b>@&fcSh
zuy&Z}51F-c*@Owd%uFZf7Sm`T+Kyw~7KDwt4yiW38HXCpxzTY*3|6;_9H7(Q*onfS
zI>ljvO?EP2<`9=6MVj4T<IY?jNFOGsN!G>?*kX-W8kge5Y_fb)0Z8>?W>9%|iI(bB
zrV_``gJz04!nO8Jgdvc&wz{}v^fh(_doB2QccnRWL#N7cw-z!^7y@cJWd~;`<bvg?
z?3YtgNy5N>axWBEz@Vj7z@Xzi=J<ipEP5s6p`fH_RDHU0z?_zBH5<Y%^chqmOoDT$
z_HsjKG0V~%I?jRK*==64VoHd6-p|YzHL^S2s@y`Yp7`lVKYs;(*F;)f#XAUY<Q@e@
zQpH+yYqI9u#>K=!`qdf?k6JPGbZB%eOIWacs^}SKEQ}<-4Zy`!wzwQ~KP0;7s7KDO
ziy0MDWWs<hLIR3fi6VM#27I2@oDK^(t;t_5@*opiYe!4Ypq&xGR%#}gafITVt&A`n
zqZ)O^DxMxi2CAk_c?3J%mP3Nw&GTydFx*)YUlYit<G=5~GKv6Jl{pQQO@pFSutf!y
z(RW83rAqlYH#nm|k>nzfWI9~Fhu~;9^5#IuCq`LOELDl4Ez3#?Gh-Z(`979fx;)4X
zHrK4;;QSj`nX8<_U7I96wO>4?88aaPweGucq<0^aDl_L+1Yzt|bO!*|pv5+Ntkpv=
zDl(Y$wYriA{ar65*!T>~Im(5<&uk>~R_1HXyZdBNCfO+~9rJGEFeK?>ACML6iaCW(
zsZ59@^qBD|#_z$p(_+wqONc1w%)9Ge^r6M0qpjV+q;azEURh6;X6_JAImQ7&?j9N%
zCAQ>*;=wsZM3tb)yE77h1NI<#4zKpL73Z}QXc#r!D~q3rZ2~)cHH%-b1o|p)hz49F
z8S;Bozasfn+_@|I*=}RE`Huvt$Bw?)Fu045NscMCFJ^9%P*MwqSLJe9s%;7xZy0cS
z*IevA=p{{GgfHtLKktY(pm=;nDofB`dfo|Yc8VzGIHXIu`oMPEI%R|%9|6cv(46LA
zPGoqi%d;?qIEY3kN0MgTuLw%jNNQjq&NfuNU@H3uFjqLKS@Kf2(Dii-DWkFXB_fF$
z-AR|Eek&!@Rsqw8qApFBT=^JEk;dt&*;9Z05mCX_JaBw69ylbP2(%B#1=6!Ni;b4M
z&46xKBLD;zRftSGPLQ6Okhc{GvT+Rx9JXz7ByijBCJKJ?!urVROci*$53ykQQZRs?
zAaRDT^BvpP0UThXVBprS>5)6S8*?reK7xs-%j0WF1oPt~J@^P39=_72tHjR!Fl2$-
zJVzR0S^xyxrz|bK&^h0?#)EH>2jRuA<`c(?mH`GlI7Y0-Sutcf*Dd5g<C5SRbZlcE
zT;~bqMC|s;^NqS98N-B+jlVLxYIr#e2LkPQtGW+^Ss+7pV@KZ_A4vj*MRQj#A?>DY
zTtKzU`LI5pWkOjcZFj#+s<{-J0eE@NsMJw+h)<XNLK}yIVyF5;)V?y$z#!*lHty&0
zye7+;;b6x`GvuUO14}aQ1+u>vUFj5!-S%5};9lepBTkyQ^ibyAPx{KoMo2z(WEYuN
zBp)kzbEv`(_vhL%tRvZthlg<(26w<1GtY>yluw5E_CdUGt`L!aAa?kvWjC;1(Vj>*
z80ySNYJ-GZVB&qoyzH_QuN<pxNwR)tMdn3B;nm&VY}0a~7f@f|LnM2P!f#d8J;1h&
z0zRz&(7{K)Ph2KFoSX9L{YN*UF*ig!ATCZ|OVqaJJ;s%7g(@nt)fmBKY&fu9vWPb#
zWFgfcv_YX^PsVIG8)4Mu4b3if$4{Q1FL-t}8lRPu`jv!6wxsrhp-9G)-H9MJnS$-_
z)nw=U;$lpW^wi}EGAnMleqHvxYR0P@sY2$A12r@ffwf%v+AG`E$cK)fVP$Kg5{h`x
zQI23TY#>a!!#wO-g~i7jJ&u2s{~k?}0$&lqLmn9?daaM_o)3szps#75=je`=JFF%R
zopj2B8qbG+1I4${LV#TU^f};1q9G2lYr{=s9uS*Iw+GDM&M^Vd)803yj!xjpu5#>g
zsD5WTH~T#X8k&6GOw}^0-{OjmG!}C?&fmHqy0)IUFprzxLXnxOVrPpiHj*T+Z*b>_
z0Y@I^1RaH`PH}@G;hih}=-egHjAhizJd$Q5E;?ETXeORcM#_wCLVUV$2g5WQ8e3m>
zuM7T+X1kbaQ&x?pO8xB*Bmk9H4#8$W#jWY&@UwnkyevNFufEfC*`*y19d)0XBdPGk
z+uXjaRk3NgH$Lb`$iCCk=_$)HSqNg~<Bg6dEmoy`xCN!)?C_7t7cDDNAHOb78#S+%
zl3xsQCt-P>-^H<BUaZ?q;bIRiqX>kGPCxdIJYXK<lIBj|urEqT`HdrGMT9?BB!&_z
z=O+yDqjSx*>)xQ8WsNqGFR9S*O};ZIc)F>s73f3WtDatd8|uVLSmIA~Bx5SwgDM?*
zw~cP*F?^=+P#l(QsmI*@7K(r&X;Zagk2Q6s3wT-cF}z<>T3ss1gM}EDhA$i82HL-m
z7*XO*Q$OhfWEg_VknUsYw7lB8u#Y{kr$BKNA11#0H!R2ws6*^ypgwQ8ThkKmux*E5
zZ-DB?6C}m=LX~lhKs0!!Eqa|Z&KRl5d_fHp$yx^r?ySikwvVnY@0is+BowR3!$bDS
zy^vw71c0GL-#}B=FkSZRRb^O1s`;5UJnmeJl9xVtg+K&4w@VWv-PLrts}x=NVV#J#
z@RoJ=4TMIF;xBJ(4}{7s>L!pgN^!nJ=cgQ;R;FXfD<IdL2}3VY@SRTciYDcItH!-|
zE3ksnEF_PACxY3dqmiXZ;Da3e1_oYCH^N($$-Q{j*NcJ|1Ju~_dX@s3<s|0)9C>e=
z@#1S4yYb-j%sH4~%yAozxzq>9573#6+b<H5Rv$_$?6GlD+04%=iftI!(|e-Cw}MOe
z83`Yd!QeLc7PPx(A$oibjRQUqN8>{a{Gz|duoj9H3%D;1D{Bz+(8<B>A`L&&kd8Ig
zOk|u(J+au+4ID_fwvvq^aDU{MFe;YPc6uT-m5QjIQ)*w?oy@D*xdWtqMblyL`A8ij
z(PtDzV{O>Cqi!TwDC*3eYFAYOT@A)kOox&X)6F#%H`x1N$oXE?dMoo`5<0gL9uyLy
zo(VyC!Gmf9zrWFO+LKy6WNzSrde<{|D*^lbHe~Y1RxSOpohEBCX5S!V+Dx_@NTVrL
z7Uz)4`JPTr)FTES+#+YgozJZ0C!(^sn+QR{Sl>c^n5ly9b+?@X>{kt@uFNQWWgOxR
z6tih4GIo3blIZ6l^qE*36S(3)M|{3>7~v5{hLOqhirlQ6uiB;66mmA@EAZgMd)016
z8^a)v!ap*Y<I*`|N}^LaY3`Wdp3^kW=LE?E3*OR@?zi;GCg2YNO@sV$)V)D$Uh78z
zmY$wCv|Vu{5A1E+OvMDFVH-(D6N>65vFb642J@(*&_X_kifxTc^r+}?kN9Yn@OJQ@
z->wro;H&D-y?F=l+w%R3_b4@WjXVlQ&yDF^6g?*<b&axt4;qqLKIYl`<G7baB8#2-
zBDgM#)NkFtQL{ZvIH~iM)4$bN8DL<fvM?$REoQW60bbnGE_d?kP`GSbgmc6nvyCi9
zZVv~rR(0^br=(`*CsR+JiOUTY$Z=T!fvUM!8w`?pzyR(aT{cYRc1#{w7ZjiJNP7A;
zS-3Eu(mE8j^0cEwNIlfI32Q$hqECwyP>re=7ir<kwEWbXP%;|601nEeRWF`nX?`ev
ziX?(R2f8GMocAD71b^9|D+{WLB>oyanY0gAF;2qz#cc6Y$fbNltmX$m?>S&_eByj2
zcaoz@1qMhvuUg_^#&_oyA6reHQc7hbM;(46Zeyw7bCyID652gL2Mj$f|I;r1?0!(h
z2fwseNE<u949pY&RE@uf!4(BX3eYe+G$$eyB^>n{1PcSImS4Mz-}coCl!~1Vv7kMW
zCU?Yo>z#VnnJmt~`I=;y%gW8C5*O*xiaPaT#FJyepAk83DjkP#4alxJfBwh=uLg5r
zwoK#2-OP}oj<1j)A2*#Z8X3!s$3TL4w!LQ+$!STuSAdx$S(CH^!T=kEP2T4_S9>6Z
zN2%l^cRl+13p)x#+1G^dHtMO6-!|&Gop^dP+S*`IvVksWr0X6|Hk0TujIb@<d5eex
zva;L+>@<wETd-__V#-2{l45jK!;c_kR+ncjLMZV}0P<<9`!A}bb=?NUi%%#}Vxth|
zT;;qr#8*klE+;;DeJcA^_cWdIKT#kDH2HcATw>m5n$tYzD<}=k4J6M;_Wn|FoIZTN
zJnitAf8$GNxukl%tDO_(@fU@NxJuHH;sM^YS3L*CoPQ*-L7`{XJ3%k1tA2X9)?a-m
zNMQ=6gu~wfPci7c=V8ilB96W@Hq}ZdDTg`Lw*Y8yxS0UDg#i`_j(KEcSs0YLb$PC}
z<%KuGCF|oS>~2M}+nbpF^fo+z*>f|?`y!@p)*6u`Jsw!iMfxzr{0f!qVo!`}cR=x*
z^6^iSlW-xFh1Hy+i-}FsRyaUMHJ4Ovi<agixg%;5i<0NtL(%#+c^QtptS!%&sL*>*
zb0rse^=nIBH7U>?w9_PQi_>t3`1u2n+VXafH~TIgt}8w7^!&SEM=9~t5rsx3U4G+?
zVP>NW+7(z*B;8!v>;mB3T!;~d4ILUgtfVE2lf7=SYomaQwL?hg>g}h|yr_HSApmu-
z-vn>UmQr90%r#C9Z{%E0u!M(`hHlpKXl8r5q?L`(dl{SjPa}2iU+On9-Gq%?o+sdw
zH(t^FPpu6T1kFeCl-s}1;6Gt9vw&c^orKb%-_ebWDJCq*e3m`ZS0pe2BX$Dw{=9FH
z$RvA+d0|UT8m$Ke8;pS&hDh57@MiP_Pjg4U;p(KbNa4n6e)=i)gXN&|d`g>@x%4Ym
z3?eC{U18Rg7%j^O&{jq{f{D`=4_{8w;=tjDy5>P{%W5W4`|%|=qqXEnkmOCK+OMf=
z^!ntLrly_OGCAW{Cu{sGc^u8u1QdV2&!Z`(mD~Bi?07lhoXLYtL(-cx>RY`lVyR&h
z;{e3=!px|mHqqCJ&M9QxO7T@#CxB`gSWB!1^9HiWH)V84GtYmj^_7>QuXRU{tDL^=
zHwNaiZbP*13K?yws*@R?k*`MSI}Yz;2JdyMsasAQ4$_9)6xp#e(Dy?SbRF?$FVL3t
z>~wt_?5`+7U*6*VT{&Cx`gTM+tJ3tpj+7S+rxf9)aHy!-H%E<p(o#4;;L1^&QB-5m
z<=qloC_^!TzDMJ4#!eiuQ2ef>d8(e@t7O5ml~9BFbNK$whY8soQt=A+vs;ww@C+-Z
zMm56^MK_xG?Wo*eBeX`tHRYmW(`|^08k2IR*>{|^t$h)^V;RidjX}f-@T3%%O=0f*
zrLz~Wr-Y=hEEKint|S{9fjy-#2~*HePSrl9FdtE+&D-O(?+bLLEQN@~(L6xlUrqif
z3N(buSOXa2kf+kjWkne~DR*$94f2R|-^R{GpC?&|^jqfQ4WA2rK6@I#j8&R>_Sbi#
zEa$hdS7tX_&^lg~W+xn;R?LN0R*lroe}^-!<uPpu+EV{z!LKj5VvxHp+5C9RIg-x~
z4&I9e8N;{6Q5rG}B{RDP`}isqd}9X0j7kK31rztUfO`1ECVEaDQNV};-cWA3oInYF
zsC)K%;(?HdH<WL`_1TcL(_YsrAz6v|)=+GWt7vvxxl&TdUMb48d<j0@aH6qS(4fe-
zlJFkcDGXAfrLE3E-+3!0cUEky@!YcILKmYtp%a`sd*A{h@fR+rHu@JXt%(DqCmAFy
zH%`p1F_un2aGL%WDb-NWezLMF0{)~SU~!?!?p~7ljUsp6jIQ8Uf=|qN2F*-95i^R%
z+7S$n-k|~~Yd9%~XV8=%_xlGUX4E^gbtC<%N&RDP6AK&b&wpUL`uxjxz=2;nqYLn8
zq~uMe(e9ANT~rR7C2Yi=CuwPRM@_a?HrU^qV$~TwVamKMt9cf$7lQ2Uy3~+vSeMrL
zWa5EA2iuVk0G&PPU>$~S7w*Ro-g6CY7ce_U5$s%I-D~7>_eRvN&JA?Cthl!%ON-|L
z*NW=vW437ZG=jD5zmM#K@BsMg5A1$%4Wq>`!DcfxPl3tpx!@1O4NYF$T|0D~J63b(
z^h=l)w=`*qBHCe6J<}<_{SYIeM~Vf5HLzT0cLhDKziez<z$H=16~_)2uIVFKtQOmt
z2P`OzDNQb#{2RpEKpk9Y=`T^&nng(YI#aPvF;iZ2I|iChgdDP9f@C7IAIaXDrF}es
z8|W*TBg;?&8X}RA<=xPa{eVW8up3BB-pj`m{~k#<Nr)$C9&#zl&LF)-+h5yX1)KvM
zenmhvWeA8lmT1}6xI4E?bq2XQV>HmM8I#ySi|ew2GJd+;FuXP@!|uVl8%Y#X{c)DX
zBI61n#i{NOp|T#+1m?x1j~+B%T@@D<o@kaYbE@n{<dnfl8PonV3*b&^ZgQA(Oo1L$
zabp)VHJ~ax^ICNDM~M9TB0UVtHcM<)vb3<GFE9)_*yZBYia4kwA;}{7z>v{AbNKDr
zM?X9^*DeN+=o@@gA~?yFy~VhqtXFhMFkldok!q5ts)`|3z~pBnUn(S|Mu=JcgW?E4
z<8GjzXBcEYiK3t&De-$BE~ujM4Ok1J1tHh3=_ODV>{LN1!>#8<oF~*t^j0E4vZOTo
z3g~GhT8)LjI9S4|(0uIbYQ>B+_snFL8DA?S|3h?Jw7=j!cFaL*Ht@*mCVFnw?0_Tg
zQd5|U)WQA-C0hn{$&V6U@qR(DyTerA1J#{7R7!Q^qLTWBvPwY-db3OD$Y(e(H&5D_
z+US*;dku}&ix1!_upmp?{m8kP#1jMJxdC@?WA(7Pg-3C9=N4t}U@JPb0~Q^CD!v{s
z&Yo7Lg#CynFC0@j6B~Ck0gGfT@j<b~w`M|7w)Wq8lZf_f%i=}FDsk!R1?y<&Mw4D=
zE6W$>KJvSe4<10uaqEHX&K+t0hnh71b;=LPkoP@`(pLN?j%=d|U#p^9Rhm;0m^=a&
zzyoV$X0bTxk;T&?UK4$Ux7)6hJnz7(o5(d;%j82^kYNozM-AwWEvQR4m{Lv87m@3X
zjARCU%UwpbJzPZ6P(A#ceS`!)Q{m<k0y)LH5(hSPDT+T+-CJ|?y|NXkvLp@8Nh$7l
zGk%oViMlKfo=MXd=TJIb?ieYYJu+-P5j|p2yAg&7%DmQb$S`w9kuhVEw8b56+4kj;
z1|_mrSK}lqE=<fbQ>ykeJ15hUOg=mGwmh+1<Na+->Gto&G>9AR(<d8Lwpol?GqrTc
zk8GmpOpa*eRubLSHE;V|7B3t%_;qT>7kR8hII62<Qe@Ir{YIR6o0}E6KtlqVzpuXI
z97Qw51b?ou!nFiKt5d>tN~V6ptfb86-?b`sudh*Mshk!qt}dO%Y)JoG(_arA-UfO<
z_!l=)OuJvdRXkUI=o_(?%sH2IsN^c{H8oq(a;fKFql(&3OWvy~tJHe%I^d`l{orYl
z)XWdU+jvXZDY=@&X8k|hL+)G1g#{P${Fd1Bov%qscTN1G|LraQTUY%Ai=RF1-3f4h
zIVf9LRk|kOfBlu~4$ov!a#WqTs^V&1%rwebe=xeZ`HJZA8)&C7(29=?b`YR&VvSQM
zJsE?Yrc!8N&q79IK~gTKVNug7$2H~nZ-M@GscJI$5gVpi9hzQMH->8anyOS@FYZN)
z(q=2}i<;`<Yu}pHf>hy9P<Pa8PIUTJgoPRQLZEBzp2CjhCnb**eTX4^M!SIiBa5~M
zI~69FGIgM`jA5kzwg84<xYw69n8(ztpiV$M|J}hm0iXs(g+wz{l4e$?(I4`q4r$xk
zFLlWFloU6Ynh)#>{)4hAWRPW<5?V6?K_sU@fjN_Y7)-f#`s*Un>##+9u4L+-hx>NV
z^u6LzH+RQ4cU2F8b|(&;;u_Um90FHS{GlFO`w1hZJy?S?#LeI7`J6=SQSO}y>gBR)
z$<Ml~ZU*uBbRyCk0G7e=uc;1iGI@M(;60rc_gQ}O^8$V0$h5X=;p~3SU#wz(4RqPT
zftG*0|NDj6h~!i#oYN>rXZ9z|{SsrSBSrz<ti=Xf#kWpYg;gb{_v|CI0uFaIv;qj+
zx@|oCCmc%9!*+J+&()su^4mlLtxK$(K%>FlsnFPf`*Nef<X2x6CfN9{4dvX5#deMO
zdJ%YCr|_r#K!YM3UGq9A>#Tq2=qo5kzdO|)<unRqIT!@r#EuMaY}HXnMaQyHlWjRU
z4+WIsGf9Ph5lY>AvenS~nQGOc#VWEXea;V!)H55ZIFC+=+A|XxDTb?4-jodZ6O&Ax
zAs_v`8buB<|3K2QNVH!keW4dMe@!a;8(sx_MRmW`jv6{VjaJ;w0YQ(yWmRK8bsAL#
zE~l0bvKpwG$9lmbvOa1EXaqRE)TwKm{FPk$?+Xt)$V$f|k8^9gLHPf-?SoY9BP`oG
z&K8Pm6Gcd<X0Camn_RLA7EUb}G@^Etvs)8wrEI*2aT2qMazb}m%s33+iWm~_z}#O6
zo&P$mF_%~GKVo0n{2!72M}&fbB5NL&pV_`_BC_t>y3o~xE~16*UVl$DXoCn2bbe48
zrTaxbX0mZv5Uz>g@^9j7A$jm$37<c%tDXIwa6wr2g(DHOU-%&+VR6NC1v&UC(avQZ
zZQ!*u8zj9k;3(3m-u8$A9QLxp6fSwc<ACD(SKMM><*Qx(ec>%wwi%fS6t^bDuVdbY
zsGvMSy0wg<{F#;?F1|@g9gmL*x%<=;A0mM?Gg>$Z6aEpH68OmafwH;|iJC`9j{o8_
z=vFAfm&8o3;p_(yL*K`++2#jemJyEcoEyXu>(B4rr)^yvi+p`&w`cBmEW>B`d=}CN
z!?*h5@wNB#U)SKlcx6e#aZT;?@05GPx=(F>DT2pg3enfha91-vlsreSAsc|1i0!Bm
zb-ZOlLg1vQaFn@Xg$#W6+R^aug~?tQ#yx4Mo&SAdL0CYcMTA@fN+bndES>o@Ahc2!
zA=BkY4JB&;NJ$ty${fdeH?i4%_JnZKGo(4beCnBb()f4-_|1&Q)c;TuyS(O<|LDhG
zDkKOa=B@d5nA2KsZ+?od=4T)w%E5Cmpu_3o9doW{mHQ8$fJ?zG*CHM@hb7i?Fo*xu
z6uMXH)lZsg7k{HZ{s-zBhp^0TsRGW#Cd0b;izr?!fS$K<ErlpY69c#N1D_74FBhIx
ze8GJaD>4<st^a|~W2}w&eC}ThrC+=bpGrANbqo1j==sP#{1|z?KYSuFkDj6EVCo8V
z&jO5MOlsil2k7foj_x!>aZ6-(xxeBicr9fPRN{<$yhRVBjMGez{~V0{x1s;Z3qr)#
z$OqKOko3<O>-B#QA0cyXk|jKM@4rmvens_$!F6u;lG1|$t0msh70x-ec*42M?tSR!
z{D~Xe=Iv)AqXftBo8~)Uy>8|zm&|PPev=Jz3@P()m)Td{Gw^exSv_UVbUGN@+;(s^
z?lvE9XIGV##J;!9elf68Y>%?r@yy{v-hNT}o&N&_39qs8i2F_R(QguNQ}S-(X|<#`
zIPi*@b$u!=s1|U#(-w0eWGn=zYu2%@KM~m|0Zm9?;2PK+qa4L;Xjh$|#99t`GSzYa
z7tmN=r5$-vQu`Xv{!@=Z(%zkz!rVa}3flx6d^a0;UcK)1tmr7U==1Zij)HUCOaeV^
z5DcpuOLWO8Xc2`S8*jg7pm%vyG2zA>$Iw(ZE$)A?;sf}Xyld#Xr{C@fv^8cyjmPkV
zY<wKk!SD3(3w8|Uiobndub=xKm{g)OJ=J&P)<UC|&}J2Aj<nQcdKLh*O>Nh#{=t>@
z8}rBXUfG81X3?zo+eO-@zPDj7^T$k@e2^Z+GW{9MT5(W&Yi0hKtd4J7qLO%wG@+Ko
zw5^bRJ%iu5N^Iy)&;K`1d}y#h>J+bU6N>-G^A!FI*&ub|hoqd6X{!g<ac&9tU#+Hr
z1QVFlg|A1m{xduL8)5%g=noBMu7ACSeh-)?&woMUzcA)+N$J81wbfE33S0Xpy{5W;
zTf8lsM4rk~p4nitXo4E!)$>gR9i@UAw*UP-1|iT+M#DGu&luys8>m0&=>|<A&N|4E
z+jQWPb~VP;;gt0}W>xUqJx>7?6Z?teP|23ZHvYzLMP!g(F$0$nYP){ZD-cJ0B!tu9
zARsy$yh!=*T>C2wRAa4WmJL77uAe*BuAh6vp|MsB-tfdTOT^Tb{Y$`tfv<UKp39@F
zp8xgkCL+3|98~vp4{j4sFU35@R_X>ru5$&Z(TFG43GU-Z7<V-XsyMv2vSQOO<QVP`
znIqTVzPbGqgG^sVY>GwtKV|}Ax9+~Mw+SxDVG-ur6wF$Tz+DVX7^p^oa6HDQd;=6$
z$N>kf(+u9MTil@)qV!CKUmu0!mS`T%{1p%W!OJo0*XXoS=-|gcFZ-90#k<44hCjsD
z-!xSTidb_?hxqk~_7<j;K`2qHEyYeBUL4ZWwbpKOt~{%E{$<u?tG7hplgJkc!1f*N
z>u{xiI8dJdS0D5X%m=q;l$wv~a)^s+1NDoixOK<qM=b!_{^2I;1uji+XnN6l9svWx
zje{oHsp1m~E8-&hRVr7C^eh)dm}JQ;t*gu-0|G!(sWh$OF&zR%$Kgd92HmskT2#RC
zZoHPs{2*!l{-4yu!@oMK{58t@KjY@Vm9K3}P`9MqelRmDE+RElZ%wfEW|QjfSO<rV
z+CUFSjaqRddld()gn2D=(+k*f8TuZsRJ4~N6e6m1x;Uin`*`iLnC?R+@m3sTR(5$w
zdGfD+ZBjv@0?sSCwOjw<?EOs(P3a)_%fix~4Q%$_>+$@eC!#O28T~qzu9X99m5bYS
z&;Sisnuc0Va^0vcF_&@Vg2*sYWJ<{YiuJ1gcnA1KmQSUuVxB(9D0oUxqX_?$=I*;!
z8N<{^t|0zXA|Q^W7o*|KTV*%#EKALs7%zJULBQ12@uB&NJ+@<hg5v3?`7Fh%E#>-{
z^lq#=KWT{1(^EZLk7h6UWdI2ukpBX;h~^P)kJQr5A)2<CzBLL=veuCl;Tz=?q^63F
zxh?&-rND^1TFM;K)%M@~{u64fzPH8kwMH;C2BN&U=7LQSFqgeYiWpMCdzaw{pJ8ms
z9*xgNEsk(VRLuvz6l=P2hOjr_vqyQ(3+fm9`IYPR)+AYz8GQ%)^xf7v7wX;Mai^j5
zlPLgfUgmP#7dD>ipR(U2e`N+${rHOXZ_EIN%v!Jx?Qg(TasJTtaES0mcE`BjTN|ag
zG>7yx5bhg8K&dI8k|9f37bSUren(8ct0fm)`&te1pG$z|CV;%~Ta3Kl?-2xV%*teK
zm{9g%X>uxej#lcnOB<k3XW*+&Pk4a@;bX;tbp>l5w(1w!e)qf)uX`vOywrbYl>f3U
zU0QMPK%!9=Polf!(n5)}9^9?TW8#6?<(3Gh1`kr5jV526gI;MMgTuu?H3Bp@7vmLJ
z<Q%@#{!2)I%A=J8+>y&je;clHFd1VzW_&JS_dOyG2(T3S8g(<-o&#dPDgPU;6<=dC
z=IRyh|B2CF(Ukz4fNghv3PBUq<418&OXQj3rX4}*?_qSoYrbXr?Cj4S+kY7PCy0P1
zP3~W&Z|W@v$WmN4B>Z-9Qt&Iq%+J=K%B=tOH-b`VrsnzHpuE$+e?;-B25{uB2VVce
zssHmG57n#La-THTz8*#XpI`asht#jmOY+@U-~WrC-@WS?_aAYU%WCuVzbX8`-wDEj
zNRbB*#vt%{F*)ITV<k}_e6&Ed%FHcp91lB$$lMuWj}A!`<O{p6=>CJ>3xnGC2lc&y
ze#99rD&)sB-=9#Q1v5#1+6VaffF-nT)$jQ~&1fhWHZ(Y&*xJqMtTs9;7gw7rPtSTZ
z&>bEJyn%f81`Jm44LGXzZ-4rnk%OMv`R&+Q1L^<%!k?e+lC)(Cp`b(l&+q^7qyK-Y
z|DRX?Rk8oimBIM<MwSZl#gvb21o|(fYa1b5i*rV*pE)V=kg|C9#;2NOZKsFz(tc+l
z+8g^n>Rtm6MvT4Z*xGb$6LbF=g$$(b#)PoLvbN7;^F{EV8UJG%g_LWAYh!g|4~{Dc
zrnz5aVL?~XU4msB4IHkzkgo>~t`vOz=+%bW!rsXvrwrVNnJ!&hL54u%*Pl%ItXj#E
zv+a)+*f^yo?FFFx{Ew*=k%6@$@07`@m)IzxOjOU4`GHKZY!VhR2?xg^)p9>^FQw<l
z^<Rvuq4n8juS;M&Xr^B-3lrXpztzBq*RTk@#TOO~zd1(5R}9H`vLZJ?8W1QdfgQM{
zW-Ryl%c6CUU~e7g9x8}RzQBF+{o_NvT8>^h#*2$G1%3Cfa_~Q?pW_7wva4HU%$h%R
z1w9FBWLYi-ym7{}ye^p#pnb_Yv#mV%c=uo8Q@wR&n<1=b-LWZe5*?oQrMe*gAI82q
zs;a$tUugvCknV1zq`O0;8ziK=8$l3|66x;l?vn0q>Fzi*_}h5J``-I~-?e`K!CL3+
z{h66(W}b<&H=r<|1DV$0fDk+Vy`-7>hO7zvzXA(mGlaROqLt@?`VyOEenRBjGca0g
z^JnW*#EnAxl5#nGiC5jkO&i~a;NUFf{wQ;bL>HK2-chpAA!N2jYLv83z&z@h8g`rE
zF2M;5-gaj#Ia`KT$5j}fCH{bHML)wxd+h0e<{n^!d(O>Wm`V)w&p&<JCPxBZ%}A0u
zPav|pZt60~_d?E%Loz8^pDT#Z{3!;$O7hkTXj0hI+aa1KHI&`EQz!A=)zrBexq^wb
zsh4hh#Fy?ol5yghe=;gg&OmMKh_OYBopHw((kHN(NvFEJoZ54=IjG)qj|k-hqlC=k
zrAucmraFuk@OHwc1y}Zz&Hfp0L^eD)!RKwOS>mO-NztoiwJLjuqo76?IUg?=W&TG9
zmgg<-TW?8r=zZg*JLxH@XNjpRtBft=Q}+X$7Yh3kMCpLXI|C3&kV{>9Be&st)3-*9
zyj?d~lQ|6wZKtP`PixLS>sai-=l68ULINLmk7#0+<dWV`>7Ug_7P>m3CWg9%#wd=P
zeFJDtM3S+eW4tuw5EWMqs18d4X>3R#ItB-8&HI$>7TddWz0Y(sI=T)jRg*poE6AgG
zN)D}E$j5uO%~K78N^OyEq>*c;GrJOYChhHu#v5&5C}9D^@ssOrrLaWzwiB;zvGHx?
zNv=^3r}dCx4TofD%Ec~n_<vPp`O4q<xA43^Q)ad&zSJ!bX1UdGlJXCC%E{=*n|&-h
zx;QN{i>|fFfRif2j+ARab2ykTF5L;j1WOSOz^vx=BC%*$IxhF?NX)uiAXHp@1M#yv
zoMEya`n5n%2>b@v3>w&vK$!~V>l5rM*-~-?yZLVeJGmiCuU`{MOQz`QF?lMgYag;6
z-uuV;TK!V86k(W7kZDhyq!(_~aG=EG8%Bcq2B+Q+Z1xuiB|}!O+TXZOWIvu}QrPl1
zsbh_bYJq;(q`q6kcF73;b%944uzmCnbFx(nf%JX8ma3kTcAVh>bpU6NfS<3kS!LB)
zOBtzM0uv17+oRs1(7fMzk>U2%Uy|MC%p$Ggr>-jJY3ax!8J>R9vz`R}g&V#_i*RzB
zk3U>eZI0Y?_`DaGhORTz;z$vm;*luoXAj?nUQqEzM|)OnxX5<~Mn}~mQ8A%kd427_
z6d~I1b9Vhwcs22JoC4!cby<VKo9va4Ad2ETqHPz;9lwl@?@m_H`={VEiwh~U`NQ8N
zhSN4`#m8-s(7Wa1YZgRvWldyp|8jF6(2~AwLE2(^r}o{iQC(%wJdqSRtRSQlc){J-
zM$HTbo>?{O^x~^q2nil_!uvp$63%!YWf>qAumqk<>>;%{wwmcoah1`zaMl|Wf<GKa
zxEX@!(%W0ks??0}K^?tnAUJ|?GxlOK%@i^5H!aAae#7(>&Ds3<4>7-C8ty%ly2c1<
z7b^Nny7p0^Pj~uOQ6-Q8udLhCnDHcOFALFzkxKoeJZDSU?Z{Uw<j0t$gj9MWCFMyl
z{Ea#$YXs_UD;XnNmXq9%K@&?*{dMV?LHP--OX3D!K68sU$65x;Yn$KEUYRhwTU0xa
zWj%0>2zjoS@>9KYYC@0cS_Wmv5+^U`$@WOnwqKx`)z>ApORVMG#;`uzmt#>I$Vb0O
z(^n;!bN+LeXBsTwTrWf4aNA!Fkk$R{{H#@^pNL?64?ZUI)6qVn715ombx+L24!Q00
z1oFwQfVcJ6>$I>Yt$htgu-wNrQ{81r&d<BJL7um)ALsWnPUYh+_4JOfatL=b0C@_Y
z%0ALO-9?yn0;Qdu?qQRA$w<5CA10|=6`cy9Qd?rI(O+D7`>#6-$UVyVDbN*D4H<cN
z#W3Ie71wmnVAsuD@`FO`NDtTWCfzh;D&bOfW{cBec)jVdb3Iq*W&%FnKOf|F9_M{A
zzYAMxoSO7@@tly39i3g+aUhTO!XTq+BP<N7+?Qt~p;lJ8&2o_dLynJ$7SByM_U^{3
z+g)4qq6pb8UXY!VhVZ1^v-q^$4MXs6<9h4F+`A@^OT49jWgH@$!qrK~s>$hYrOLgQ
zIg%9FjjH9A!F_bgUpZ#hZ0R|8Ibx6<p)Jfz?O>Q}+{ONA<VoaXCUHK7{OPmsWJDfX
zbBY$55bg+LDq2l@<?UuiYWuq+E6;}sySST?qR9a2`^<zsCjDz$r8Dkr*FWc&3iH<K
zzh^!m%Uj?j?y-rAG6{(>k?DCENP&xvF~rMik1!YzXr)B~c0`(6_q`x<R%I<Kw$Ov!
zLP;Ve%|Dl}EnNU7N}xO%!J5q}$xk8WHl7yEodVZ=d$BzocOCfOb$fxF;jRx)YY-jL
zHc9ximyRpi9zmG<M2yD-Z5C^=<;~@qVO;9T<VE)gBN6Nq9AF^M<L9k{F^`;qmrK@I
z>>zDHf>)J=xx08G(`h>2mJ)^?#5V5EG2Zu<_zi{B^i^pm<-4r4Ym@iaVw=@dDZIgX
zRM8+|>Q;umWuoU&x6qbYGsVEtbz-UW?up)R|B^K7v)<M&c6Et2dlJo|iyle1l_6mh
ziZ2}$Fu#PsL+bpMUVI!#!s%y=9)in4b}Xbxnc&DW_9g?qTexTXQzd~U9FK{d;H0|o
zu#9-G>KH+@H0zMiJ6dI)2PzHBKcbbf=7Rv_j0kT*ClU<EG-X#=<vZqunL<}*vxfDZ
zTdh=s>+PcIynu7!d`-J>@`VvJ%HW?@BHryh`Z|wf_B>3enY#f9$=OIzH)uY6eTDSX
z`-60b7C{n1zw4V)QHaKr<>`e)`r;*QbeAPa-)~|%o{iR96&n%$Vt%t;_a%%c2WD$k
zItBS2&)|Y<v#PA#I>HYGF+2jXfMR(IgRg{j+z{3kd(19rF1N|wXbE_N1+D*3<CgwP
z>)Ig!!s5?jy;B^OfT4%gdphOhlxe6hVTE@FF?+cn@r{J$lPm{=N1FG`8$DpIKr>CZ
z4k{ZD@=1MUS~vtQ_~YGQ7CSD*byn!pDr(V;9u7#-Dwg4(dS`CQe;k#T+E1Wda??=@
zA3&(G7;n9kDB`2maZL<nDe+UnXkr>9=~B?S6OFCi#lGHH-qBlGwL8GlL}gz<iF%{5
zdo1a{t<em^N_J%I=8Il<Zi&B~%z8`woBesW`Xe2O+Ppq*2ci7fN1}++n&w$r7mjVY
z#p?jxVGoPC)I=rib#-=9x3rscz`3*!r|OcoG-6~0Y_9{-6cRn>n(m27={|4Fv_b4o
z*Nh(0dVTcMp5v-isw3@o@r|_CKAhgonoe}X%kz*PlLdX3djkwigb61L_jN;;H_D=t
z&dSrsf=`xufM}FkCUfBoNDp^TR#2)72}xhLLAK;##X{h|c+fj>q?o~*8UG1VyMA7M
zjxO5RWkzLGc<+mR=3E842Ph}^EH~$TnfkUQ-ysgqeTT3{*7}AuWJiRa*@Js@0Gbcy
zBE{xC$8qeff2cInz}+pyTK`M4P_oGA3>Pw#Mf4>7%N;L%)9eJSF3P1R>SRs`aPZk%
zI0@c&0jj68$)187SGjJzuerhy?5x~V?oX%G^*q4#&=sfMnhpyZYahC0PoSz3(gD{x
zA=h2|iUC1?Y4<G|ZbK6tJTS*@eS)GH*XTh36X6j5g6F_S@90b$pB(h2(<OYPc{0M1
zDI@t}b*G9xjJ&swJm@TA=jt!=4#e?$*i5Fkasr-#7)>Ez3$hy*5e!kY6r0I0-PQQc
zV?ynI+--&zbVo4_@EG}f4HtBk!>NnUTQ=F(1|^-R)2JwTzC8<u5<(92!P7n6fOd+@
z*=_3rSGJhYM)Vw&X*r72TPalNAacQ&_MzbYjsc&&;i7p%9A>O&hk@EFmS{aPRLybD
z2gP2)T#3Z?Cq^goyTHoc`#LX1$2)tqS+FR^c~zF%2DFVuxB+j=<nB2XPjs0U>lkS1
z$p|d2ORL|!t<ovE9xRf{X1iY>yvrndgi$;{cG33j^f~u5E@s}yhH0ei+lGgu`HuGM
z4}P8VDYzH+cc|^j{n|-~rRC3M<!L0`*xq<KMj|HATDN?1!1c}h`0|O1yrdXugveov
z0AZNpeluNn<Ylu>3JqHiP`pikAl*~gciqtN{gL+Sh9_Qp(PW7vEH20=yq^uXeTX_-
z1bivQlRwLMt`o%QU@)nC;3|mjl+}_Cv`l??LyZqZe&W}Q9Yl2_E>PiKJwW>p-3i8y
z#o*#|kk+hCN%i2F-IJ8BX>s-JN<rH6;~8SI2w6!f$YMX8Yy+9HxW%xmk$+jR=B(cV
zK|vVQo84eWPMhSeIrDQpAmG|<u^0aX$89xYUx~$r7F4qu0Y8eT%yj9Of~0w8e8k0K
zow<!)lzuA6JK5<R_rq5H`ouU!5N#3yMYD(2%>9QFxEh`_D!qr*v-ai`XT_QOpqjo6
zO)F_s@J^TUJINpJ+T#&#sVR~as#v<jBz=Bst#k+?$jnMZ0=!$?)#dWeFgFI&)X=^f
zM-iZra@|pGZLJvVu_e|%pz)IiB93p+18xUy2K1ww|HsxbqY5QftyXl7_@M#|dS=37
zfI>0J1`$f#D=Y0h$L7k9N6GqWDvHPnyv;Nj;d?JlGrEz(imoa3V+NkNTnl>vydcfV
zC3Fi@NK6}M>J6b2UL}6z4vbTawt*T^R8&HYR^R78k=zz+!=ZL3YnvptZ#+2%rs4H?
zT7#Ijt9#8^#{+@8u_`CX`P$(Cq<2X011p>NwrYZCs#%2AKsSfu5@&*UL*hDKiS)5{
z(H(@HxfX3+Pt3__;^qwsq?{0(6!ucgy5P0^dbWDr-HhgVe=xr;yAK^8gxE-Gk2sIx
zc)vKm?qNOcAE<HJODf>Hl6KRhK|4GY;c2Oq^x2J^$`*f8gG>_kH%oj5p)8r&2vu`^
zd=kFLU3ATD^`fESgOJmuCdXBeoBuuE9nb0NS|=lD((2Qq*B#;xEZyq&8>G3a5x8b@
zMdj~yoU^gdb<6}(?e<|~$XCr)ETONC!BrDhZFpJ_P)Vk!K<9qK6S5tFf#%Z(nYDcm
zs5ni7o2`gEEV%VYNgG66rvb;GXnc9|jdz1p{D)qaJEw-xex0{Gm-V~)8nzln<QllN
zU-lL1iPUZ)iN{=N)?VT$rh0(61gbcxd!`Vj94>s}_TR2#^xC=Bd%$-p*BO`g*bFM&
zvwEm<YU3|C8$&*{ABSr>Crg`S(*7!kP}Q&JpEq9UQmH#Tk-ZSV^G?j&44E>Fs3flc
z&Ut*qz!gHgecUib5p)q)ZE^q3!Rvnh=S=8u2LAOIXXru#8pp&yA3w*$ow6Ja7uuT>
z%KT(~d5e2S`xNT4BAHFj_9C&?FoB}D?t|JhdrpjlS7>ozfwYC8qjNT~p`)Fz<zCeA
ztOcwa22k|j&9MhiUCU1nK=a~|m)yy2?{iV=lVD-?f_)4LJFh*_?-nYGwDfH3MEg6?
zLp?tr_@;5l{#oz_(#D*HYK;_&pf@aUlOduk;x2V}q=^9@?|Rg``O^3@SQ~Xq?7qHa
z+Ih!mvn-;&iD5Tw26Qgb<n{Ifr_WhUWtHdA6^Kv3=QgI&WMKDj=T%t6X`qcox;Y$!
zI+X{5KY=%GY>xOcz(Tid;p?4Lt{IA0ut|H~HV9B4khj=W-K`#r*0EkfUF**hKpQDn
z5^QKw{b8il<j<Rq`|l<b7nH0Ako8WkG7c~_ygX|zU^#CQX3pMxxbN)#aWdK8<bj>^
zJ|P!9Dd7E5*--H-4Q)Dkwj=sj`k?d$^iN;5r$|Tk15D|(Fc6DoYFO0bbCv3{`+4)S
z4^SPddgt0Hf}vjcT2Mac`tgE>uUhe2Xp3d8C->x$>cAQaQ%Ls*ZrOu-dO4TcyV70a
zx;0&=?Zf!U&IuZG0f*IH9CP!`F#28GZ(<Fb<7%O3=p-+mc<U5#D&D8s9rx|A6S3JD
zV~H+t;9-C`zlyK>00Z|*zJaF0rVB+3w*a3In|1Y)7`N-0k3RGW+sY50MGnkI`5Q=k
zYv1s`H%F^0T2AOj4FQu0YuM!|*(%jnZa#OMcPH%g^Iq~Vzydv+@=4rwVA8!9JVJcr
z*&O!6T(b-apt`O(353Y{Ir0|C#IMPf^!%j)PZWd));NX#2!8_8DXRg7qU9usk?x2k
z{^1z2eO;yaMbi8_G??iJ0+VdvqLO8&R}=Q8m>`T$L6NhH$1A8Jg1Nd<b%}Aly~IS{
zvip|u(LO?8)x~{1j7kzT=G1xsJZm{%2hoFfVCgLMqCm*QeZK9rY>+;Q3sZV%gn61C
z&)i43r_?%?;yn=Jc#a@QK+rp`oXz_{hJ!PEwVj|cubTUYH^}K#rmV>PRj$rp6Tz5V
zm^&rV7V#&hhTr!d$G6%i*$ORl@DnL!V7;jG4BSHvT6NZ9MuUUim8XDn?6s@k{Bcfj
zn(R9t0O_(4@IY*{v)$1##uPCBy2(5(jWU_?FS7a!Y~GiDYq^oz^%%pgYzycKyog+C
zB$xKsrO{ihPiVAzYaf&)GuIt1>w7QQb%VpC<q$7ooMdp|8*3wLg-ASs0){kG264Wy
zzD5!<^G14D4Q1MIXU(~%ON`A(vL3AOJb;%16*{G+Y~-$qK3s<cpGrT2gLlm4os)l>
znNRTVW9VuiZ!b8$?GilMp+=ov!X+=ca*TcG!CWQ&So6J$Yt9MD$KxGeI$g2LD}pz5
z4zN2etYy2;a}t*P_mVWx&6e1#I7_GXRh#Lg`eMNPOA3q!Kl#QZ+PL&v=-u$~>8I?w
ze)~Laho<qTC8+8K_Cw{>X5B%25%aCM(E*n@H~lMTuk;BscX6U(D;hI#<%vgr2!(Qd
zCOQ8`ZkT7|s%uC@!uZ<0@SE)0_@!>Kdh1k^IxeoQ>B^bi)!luK2Rq#;^(bxG0u-Vr
z-R?=I7Nv|R>&}Db46#jX1R9_nFC8Qc2*yq3_(okG1eBz^teDCM?@iOch|w(x!IT;^
zLWJjmTFYe%adIlj5BMh-cGgYPml#Y3WGyD7QK+yX-T$OY3)nAX&*?0<i#@<^(cqw{
z@VGkiF$JPcF56I|G}H3L*)MSvetmj|1I+ay;v^*G^Qki>`q37p%x-KSCW7>#Z~B<=
zchi_i)Wn~ne*Rd$%a<hBFSauD7Tkwg&tcs#;O}^#OfxPFw+C%p;x0H=f`CJo5}SXO
zK<qN=R)usdHT$5NB1f9moWRf3bwh(aI!_Yf{yhE8a8PnjfcFXMY{}kQ{h+yIwuT3{
zbTa#<52J4lt`9%b#(bWWTxt^xneTQ*j?X)6j9|%{`^(Q5z+6Ln*RZIB<=!yw@67Hi
zlIl3B_{?Rx-*<`iW8u(U;w~t>`7@p>#PZqDj`3)G?*W-7f`GF|f&(2mCRkR{30|e5
z#>8vuHAi@vWmBz$3^a?$uFjuLgqGodL+Q%(z=ZxFx%a#XPoK-!;e>E=oDaO;q*<D3
zhcXB`q~PUa`TQ%UX@v66GSSgYlVA3`Bj_7cLW0}SZ(bvS(@FKe#T*ThoO%45Iqh>C
z=w4NkVIj8W(N!`c8>yQ`sHk#g+B3;y?qS{La^G$7#pr~vu(_eCEWAH7f-RK4WzRNY
zp_}o|mxyM45>Og>2L}AYQdgC0cg**6fflWOXvbNmD*PgY<IpmHlX2hqL*fw~sC-Q?
zs*GSrSA$zE=zMX{vm|J8h1+#$#M6Bh)W4gpIADWPH97Y;CHG)Q`rkOCX2sNZZ5rlN
zM{S2Sg60jfk~shweX0nTx8k`iBhHlV+%va0u==;HyShZ<L-Q2DN3Ujj?!?va=4N`_
zvzVgP-QMidTJ47Yq2m?;sV=h@m6ueR$UMQ2bBr2<NcvSO8n@2e8zy)vCPuR_epWe8
zobnI@(MuG<(8zTJwDW3@C;=0p(XJ4>jsZ6peE5i$RLe1ZP?&4-Mr?(R`tMTu7KxH8
z@15BmjM;%!@wCgLZT&3rRON1PV|>p=bi%LlJwc9tSc=zjwAX{jsWUPr)O5XaLl99(
zr;C-!WH4sPhG&iBOnye<+usKkZ0%;utM}*@%~zSfqZ-G*JdrQ2;JzVC012?1f0npb
zhkOjQZD+nRTov^ub6nMREd|U<7it`DZ@=;I^^f1@5yzw%d0M+cfix^m%0!joUp?U@
zK`OQ0k$rb%+Nq_oL489l$40)Ew!29#^<!qu$U7!EDyyzYtmls!e@T*>Q!s}_9;#`+
z!ar=2UlG<t_O7eyD>-V~&52!RTpmCB;9H9?!PFSvpD_5THK<Ee{W|&NZT*8=3xE5z
z2JsI$adH>x$&Ev+0{+=-&?CCJWDx}qCU)EMJXE;El`xXxa<2=phu5%dIh9)PvkV@<
zkL}qi+OgmLnOB)(`{>0O9W`F~y<2;i?a4y-(=I?2C(43_C?RI+lyU<HC~sOfQIF3e
zQ*sS-(S|>qF5(iXS#<Ib8=ByvuTe1>xT6tV)?dqHLp@d0Xb`qKso|^{Y@1Z@9-0}%
z(=M84lH6folJlA4t*2^!B~`@0RL)dlSD^4-{iRuwK96=}yE$nwbanF{;m;uQEY^a)
zz9JoUkFq~m8wBGFJ!Q7JgG(+Vn-g3QMJ?64K%{(TzURUt-9;tw=%%_IFjp?U-84Kq
z<>c4jF#@EkP9kQmXT%5HIWn0S7g_@3)!p6v1%=U`>a`+))>~-p1Wyx!soWpDU)wB1
z(7Hu;Np}<!!3p>b-B3@flmU*X3is93+bo4Oz)`W=vjl$}dmQ}7O;zv681;0cgw9ka
zS3kAccue*8$2#|MsyBlT(db)HHEPyqML(?f4sB<u6O7f4@6GvVE(*WLQD7&`wh8r1
zxA&A_5(VPJCOd5+qvFH9Mg?iYq`4tpeKrxB(;+AF>#dLd%}23lP>;((r{qhH1_wcJ
z(7;0|=BG{~ZhO<j;)f(kqJfG(1LYiCl`FU2MSZQ#uE18tj55L?9t=5-cvgJDBEFfl
z;iu0Ck@BnGLBYpDIJL3ZtcvI0epb|Vx#UCR>|i53!+i|%>ZARp61-FT<JU40qhDmM
z$N}`@q8J=U=p`0`i<|lW289SF%AaNq87$BcpqY-8eG$`7*38EH&LQo!*%4GNcim@B
zm1x0L8lWHECYj56wk<HH$-$UlpKAI+jSWs%vEeM0J30YRch4XOY83Hrer^Lc*k9vh
z9NCydQaETbvyM^EF#Q1%`BAMJiQdUA=F)3=ys+7@&*g(YpNwKGg()KbWy?}*Fy3Sv
zf<YUZL;PC37mGuk@k?vPb}4>lvfd)T8^j>rF)x9&Yo$XtXzH_}vYm0{BIen5Zymxj
zRL6EZP*H9OJ_f~apc@JQF(Md5W7tTcqzw;2t!nD^!j#bE<Yt4+=Ebk-oGr*ZCD^@j
z)r1b<0UI+tt2?AIUA!(Zq`>3&(-mDnQBlM+!y($*%w$jN7rJoBl(*o9Reff4J<y?m
zBd9k@lWyJj(e#ry(*lDMTDWN>{k@57?IMDf`14w^piry3HA;y08hey(5x94<ACZ0w
zY5}8|q+4RUi^fv2S64#lXsB7iYO#p^NI86pWLvw%T(!@L<PLCSP>NqyjHyC=1?cvq
z6AS2fcM_hWb;g(@qsX8Qu*{`D;&MWZwN2d(NM}k_v)LB<jhLc>L#lqhsv(W*u!Pue
zM0>Y75{}ePxkdGR3XW$=$2eNJXo>zBmlq%%pD6<v!Nqj(aLA1uc6)<T6{7c+wRhxg
zEyLf%45Lq%!w<7v4`>;7nLc}yEf*f#Ogo%*^v858G9x;W30>?If3I8O5V{yf!;>U<
z^Zg|uDN!ji80y!eNUtBtmt~|X*}Psp4npr9AsQ`|s<Tyf;5Ysa)ZdVJTK4JDtD<1O
ztr3^Rq}&1w5&8G6TZc$TtlZZ;e99+f)LI%1@mKc*0X$5;x4>^~7GL(1x*yS*aVCc?
zI$OAtqB;kx?-K#L&|s&^QTKYh!u)vUuxO?4Fs+m$yC2G}!yq>5Y^-Rp)7n}Z>x(;*
z9*j>E(zX+pRb<TlCnGgqdl`*iQ);#Z{<Fl5wTx`dz1}P1ic5@*-;@m)WzD}5m$Hnk
z0bw;p``TLy)sjEP7t}8#oTK3LT!YD32VohYX|`k^z}l+xJ~=Y@1o*r*!XsP=eFr%h
z%^1byBEIi9c~8!`>{h-pqVl3x!Y!d70Dj%diDcX`#2%csHcu)D^rK#3f^~F>Z6r-+
zB+7Mv!Z~=1JAg6G#lSK&0rq4O$J3wQrhXK(*|u0A&bZ9*-2ytc(81vZ+NX?yvCGRU
zMtUFC>1hAu&&8w<qq_S)k)D+vLd4(u3P93#JBAb3KU$$0%xCk>U^lmRP4<rsQ}(WV
zmhPv8i5Yo_8?DP*R@*wDuSclE=Cg@t6?5PXZzk@|=f~<7NCQMQB%h3S#agKkPPIqh
ze^?hU*pwD*@qQ7g8wEmsKXEI_L#>waagRwCC@y-hBYmI$j@p0}FP<N=s9NpcbJh<6
z=Ht1UZAgAp7#G;h9_wuaPD@JJqTzcL4lxY4&_n4@Qe1BBUj7>G=!@WH-57F!vaG>0
z&jMbzg8{MH1tNZ{*>jE9%4Ph=U!Au{J?-OyX&%)qG_TA0($z@iB0V}6h>Ve_#IHGF
zLC-p<5m&vYp;tdh*33oz{ALR5=qd3%#{Vam2Vz#l<DSKow%X2%xl)}~b7eP5OyHhu
z5VHHy0bFwX)eZ2KV>L$u{#-pt&;&a5bPKo`H8Nbeln~YMK2h4^HPYa@Fpu|^AuS!V
zqg+duSujESJ(=GY(#@I%@g5>s;RD*3;lB6=|ClQjV78MWYa+Se?!XwyobVTf@a5N?
z@XaN&D4(+4UrFlekh)Sx%Ycw&IMMR3%KOpJ;S^v<!R{X{6)o#eTyok9Y0<a2;ALgQ
z$WQgxi_62UvwNBwEBR>sPF7Y9er2;?87cvJd%9)bXfU<@kMz1UD8~fxmYwzT6u+{f
zsy^5UX+YB6j6ej$NY-K3m^Klh@0i*6D(;Dy{p)1zz|e@X`8GKka36hfegYYL(=~eV
zZtK8p*@#QLKlS`mjQR`VUl;)H*5$M`ZVM=50A~L{+CO+>RG8vi?Nx1R1y|x?9Ng>E
zQ1Cz9?cdz$uVepXhv^HE&zYgX@?D^oo|7k}Ena)ssWGufO`DAe2Kw$)=0Cpp=j4u$
zEZ1>WJ4@#Ais~?$%w;P0d@SSXdBRROZQ14IPpeFSo%RVXz;+N&RgGUz9y~7hj0i4M
z)&(!qlPri>|M;%Sp>ilbGr48yhcW&6f7})6@vb97nN*K=y+N+6Xe?PyME;>t$}a6M
zwPEQS>Aw&$Qi8kw$2$Lj>3jmfA?DqF%DX*UN(gq_EQBEm_raLh$)3H8M+xJlGhR6=
z(eDuQbmYI(z9s~O)05fhN&sE26u>BYz*<FYbJ|8vKc~xA&pR1);H`h^b>oW6h}8%G
zqon^7qSW_Ma$iSsnO~BNF28e$X~ROTAZf|cl{{psg=P@86bgj@Pp^6sV&56aoBLN<
z(%?YYwjpPvfqPbOY<<eSByU}|{zl=DBX*rgWX=6*#PJsZpAi3-=w0D}%=)$CCd?3o
zjJy!CF@Znf$Q=VZ3~zv+gi@9FSf_E1ZBydQSK^w_Jn^0XM4FF<93Z(x3!KTLC4C+s
z&LMkp`r6wht2Y|CUC17K|A)AsM{z+Hu&j?WpHgy&iyjSl`kj4P3j1u8^&_yl@#VrH
z&Da%W5t>yo^8a#f!csiIElTk&u^k?RBO{p48M!0m{XYIRdXGa+w_|p@*2W@Kcd_+o
z+F=M9aJ2ucbs(7ow9IivY62NhYwHUbP0qA1@_03YA?kkhtK3H9r$OdFK!P;03*@Sq
zUANCSzxrU$eMmOweHwb;!oxH+w7|Ax20q!XSD1ZrqA5(>HF(-l``0CeAJ@Z(-Gd&F
zUaAdoNDBw`p``5==EA=>)d?rDwy!e)WJ=-rM8f`QvZ+U^Yu1ly^#}mABz`edBmx?i
zdG(lLanS2s$C~q45>WsD@UMzTrBz%q6alhzg}0vAs<etEEv^{52+P~uO8P2bB0oI~
z;F7;Kn`^1w__*q@&05GQEsiX4GVY~QI41Q`L<7RFI{%+8@OT<WwnqoNc*t@96#5Ef
zqyc^?Jn&%?RvQyuyV_dj%G}9|CaQ-12hxMfPS^2bS9_b{wx63cZuM>qbqz+)Z*KQ5
zTj>HT&_h%fd42L&e??GyAFR0LX%XK@3L{f2kGAEI;OT%pAVpOl6xinY&{H?6VIaoC
zL1W78!vdkUuL+7fGdBc}`M;t_;Sq-l7o@<ulpqKR0sM2p(}#<};>mMMZWjQ<y?#R`
zLi$(dyq>ubmm68&D_OxR^X+Y*PCV!wN27Mg)1C|xF7EW)b&;nPp?~0PpXJdtD|sZ{
z0N*GhN7C`uTr{-)w7|o-`_aeu_A4#!-K5}Ad)wlMCAb#1?*9N>-6P=YZlj|C!0C(X
zhBbCBqr}bdG0E)Ter&^8w-K7gaC-UW<3_NpQ@akGHtG-JBaUM(1bVb3Ag4llK%o3-
z-#mqkUzP(%A%Op(g_6n_K+qBb+v?E|9EusXRO7yiU(h?AJ{3=A@8N<kJ~%`0)%)CB
zTDf${;k>sRvI3=M&r$sv{g4<Ay4yZGz)%G7A3{IDqEzM)Y%)%`laDYTA+>gLd45V|
z8`Cyz(Y8Ey%&Ep$YxD^Y>hSig-1_*Pi{hxpMku%zN9{K;v^Us)IP-scZYjy*6-k_E
zLV&2z71A0Za0E7kckwCfxDQf`@#-)i6FzZetG?bEfEuP6$A}m~5=j_kd}IUG|H3Q2
zPhQeAsX7E8fbJcPCM6uy_-V0^3WFx5HVGV*O35jLFL~QA{XxYiU)Va+L>?wgS<U!r
zF6?;6%>VA3)$Gqbsq33A3914Bp>-i-lVcH%)EZs1FyL`dK8&@u$(+WfcW_10lmFK|
zf;1xlQ9G^+eIOkV>@9qu@L5~${Jx~giB`Og53{7U#swcQ%tr<XEpTYO-FJ!aB0Oqw
z%0c=+vUrk^H`hzYq2^37z#C&xW@sWWQ(`U=3NJtUtldwHS*%PQzK`9phP5I8Rm}aT
zrXO8UH|LQOC6!Z{Km!4`8lriMr*_3+=?gP^V+7jM5-T9&-|h+|6FyYDjwIR0|E`?h
zAGHARY@G4&zb3OM@G$xVAA0rwaVh5<0UUILe*haeQ|Sc+XHwN=pxBesJ7V})I(?}6
zfK%-cq^sKTTp-{5eei$$=`%=P8lM7Q%2GP(R^oL{i+%pV7wX@MS6NWE$_cHI?Wg3f
zH2%{~M1e1Mehfb(rSzD<K)L~e*MjS<-&d#$0c)I6;dlS%kZce)GAM;1PK{4em%@W>
zWIiyLzhnpPd6dD7C@WhK>D8*xPCaI6GZ<8re_f(0-dhgr+?P?h<a*BN<;}IwpT)>{
zWYsA$XSFUmr3v)sN0{eoc-v^fFE$1C&9Y@Yq?kS{ivnpo%7z5<-)i_G*-8N!f6+mX
z>%WumApWPz{s5uu>OueEPKp3qMJsPw+4!f=r{`p4D>%RwcxWQnzYM;Q1m=MW-WTUR
zF@+Ifa?^_^-@>f<_vUjD415E`ha3`|P248rq&tGmoV;lf2n~+hg}6Wl($B@!L(8Xq
zi8C)A-CfZ7PaE_pi~3-I4N5%Nf~9_Oo62tLx0{Kkq6z$?LqV`A*h@A763vg3z>75M
z20@q)v<H2H+F|uEq;yFviW_(^hSv^WnaYoxZE}Q!;h!q-u>or3^rel#Kp*A<wm6Nv
z0l_$L;~14c{YNBKSRWsi8J|8?_3=!eqA`v$f+J|_g3TBFralFBzF(7|P$jn2SSKEY
z>nmC-9Gk-0@Sx*XB}r(p3%}uB{{w1(m!%RfgF6t^6=Y*v`UP-Cz3m*7CsBJt@sz(?
z>rq}=zf_JI9G|8hp)ZPC-*ew-{5((WT>??tqNvPf=doy482$<!4k9YRpRU&s73d_)
z_VoM<+Pc!PSMB^2*Yuaqn*&U@>RD{UF<(d~#A}VeF?j;7vJ}w2J~(0jp88Iu>}t=O
zH}ZxDvJ$2;Y-E6br`#`bq|@hJ+6mcpY*=4lTxPRajp|!tD!kFhO?P;2Um%72lcfOL
zRwB;{dbSwF^0{7=Q;KjOh}1I3p+0fQQd6MCWihBnU|3T7?YqPcCDpn}rLsRoe%(E#
z1l)7A1$1Z^Wd7BS%$D1WPVm9ZFuL-Aml_OV)}26HP-Ws|e!9?aNnfFY-IJeb9fDuu
znv#<54}nRM8@@QjgE`C)-eJr7^4Q$}m8AN~M=rn4iOFNe<hhrmP6(`LnbuYH6+nzi
zh>g22@uLuj?m=Rod>o)Gq7qKH`kby<%fOZ!7tBqpM?{|~d<!&cQVFpBPyH~G;w^V^
ztI8XIJ*t8)soE!<2*KmB$cVmm^N^MC!~u1m`E*59mG5Wd2J=j+Qody<&gZTUd|@F~
zS?k+Menv+ZN=LNvH5w=9x&b3!7EU>DoAXqYxL2Q;RUzsVzJv*^yF!T7XhjapJiu8-
zL?M6Ash*tTIm|i5a^wv!*l?O?5U?KkI>H~D$pP6(?L`LUpUz?-v=490Jn#EFf%tl>
zS1e!IbW#fD73&3!b`L_qWZY8tGonMsudeYRsDZGd#r-zQeRWmfo6|;}FrK`9eYrEC
zQS)XvCW2xrZzXPjiOytpetqT`axh?%W$}O7A0RxVuvh##Vhi;fZ%M#0;HBww;+H&P
zecJ<ac+BVO5}(MPj}L?^c_)Z-VMY_pqTpNiDJ$<rzwM<0Oi-?wn^3}H*s3O<N1P3H
zuD;&H3~`&EYt-=AS6U=-W9m`y+)HA6&eM0`65C)O>y+)PMjw1*vY40B&7?rc4I487
zwAf$niJm=sg7|L?c)+kw9Pk{F9N?N}8n)>QLY-xQWf<JMuHuNn6xoA#_J=OfP>i^e
zSs+h|FrgpOggd9vrq{jO*x-iac_%&4kozLCM$_+=oM_PxL*28xat_^}=NRDVxth1A
z*fCs)mA2|~3MP^?B=5C2M&3?i(3;v-v1hz8&5o8an=CeA!be303a|1E6Y?i${^dYE
z4n(@Iq5D-CM<VLhd*L9W`6i_u{*19`6Zn^;jDyorTn0+|zB)!sq<&WS=##334T`%k
zPayG4&{cEr=X+D$>y>m6Q&bQPZgRq}@{F@umylSE>vI8Qxpla?FcM9?d*>%ayYbtN
z&OCCAC=00E@<9#}Am8RR$!Pp5k{6=;*xDEIvKCdqV&C9FVUTxZE>&1N&s0=W4A2jL
ziaV6Xt)xJ8==c+`PGKvxB{e=Ba#5d=y6I^M57x#xBHnixg?7Pvyw-nrlrlqrAd3rA
zBfW%%AcOw}4nnFo=0~G(81q=Mufd2IW>zOe6=U3mkoid~roejvAxW#Lu6pMF!SOYN
z1UP^QZ*qn2K4qof&Od_$_HfqD;#k8hqx^%F@SP4vDI=B{;m#UjG8%pDM!I#Mk3t7i
zK<LYWVFG&av#}NbN<YD;Ks@siqByC6Q<Lv(@pzI)2SI1)KFWG+A7ty~Q-}ua5fC-s
zs+tlI$Qw8@^uf0{NEjfuk>6ICMPMLS#zjwv*ReJbgeZL^+8rAY{ZjFVojzUt(J4y(
zA<RkXAKW2|(t5`}`s64ndse<6-t7y1A@{~w-TBx75$?kw*K5t!ZZfqtH~!WK`&IA5
zMR&CQH%E(x?E*5s{`qmm4a&%#t$u+pw%I^9ySbQDeRp4s6x2pZp;SSvoskK7V&%_o
z)`x>mFe#k7`YTP{_Zqc^rx<kwx}z8f1Cl>{Mxrt;%l1;?AoBy02Sw9QhJ4TI{o+3v
zYF(%(wU<{|_QL~pY5$^V*1tet&ifoEbB}Tk<3)TL<$4SKE8J#hVdsI#FgOZa4kCAp
zVe}P`?iO}Ub|;Toi(Tc>8aaZ@GA}ohen?2V2I-nD{@)uhj~f#2H0QBDQe){4ilHdE
zHrP*VPNG_>X*I~KPQO>_p1pIOBBE;gM&PpDV|^jB^$E_hkx|ort#idcZm**|^zJPO
zqfG(`vvMhI(SOL#y*CNs=G365tm%xO3s1SZk2_xqdX&5`U3N`LTA|!!k@ZK0qTV8@
z<f;?F*_gq6CkTZ6$CsW6!!w^CZ#uAV8C#M{FY_aRn2YGZNoi3moJ7O5mqCZUoF33Z
z)%Ivm`BZY$#Js@iA*Igvc78L5h&t#fuv~Y<7vgb@32=2pAN$TC>;)3*C~EsT9vK^o
zhOx#kZpAmO>StX`pn{^=`IsJ3do{V-`c1JViMQ^GUgP^AD;eD$jCXrfRtPoHi@1jl
zi}xM9&~h;%J`%kI1jfc$1!d6;*L2vCb$7VPE(4f*bXY7317=Ge%@aEFAL2F-)8(q^
z=!`~nrH=5ap?@W~KWSJO4n^G80p~67)O0ORMRM?Kj#9)61m8eL<R2dG4ejlj+zR|+
zqb@APCx+&<D74@h*}uM88VNhIVJ{AzA#+WK^{$KA3#&x4zOq?$ImWu-T;-59VY9U1
z`PYT9uSEVoAU}Ib#nC^DjTlhYX}UGN_Gv@cb2Z^itUsDyWFi_S{o4CbjFxLi&VXH(
z+q>S6iI#qud+{-YmM)ewt?w?f5EkV*zTEe;-(LK8{)phm4Xhc@4Qai1@_)Z;i{sEA
za})lP*LwOY5L)&dte<SHy0-Nz0x?p-#m2_!PtORZ#iVRvA@J+}PAcO33?)0ZamAH!
z(gz6OWmF)~H&czHpWNrY9HMcJ<kG2yN9FE{6Y~Ye#E}S)zu}7ORdM&WY>Wi;I5gA1
zK`+hODb;3hXK&B=b_X~0fLiEjKc_X1>$aQIVL8n4AyuiUWW*0GLIrlann`GrRFvDJ
zkALxCW2c_nwd|RSwh+g#>SC;L7zYA^rLoOpNBZwH&957PJR)B*NSnD*(y66f$=aWB
zczjJ_u<!%+Hv2-!SGR_$yfb$Q3QdsUfW4#rd%9tAb|}kVSwc4lbwtW;uj(zjl+qqq
zT=6P-MSt05q?~<P%Vvz<b$QCO?~Nhu4tl^GUtYl@M+A&vg8Win!gb3#D!y+@@W2wR
ztj=<}>O#nu2hQz)N|Y(UHL9FcN99l#K1oCa=9vEDwIqGVJ9A%hhl+e9*>@UByIAQ;
zgW4kc^<~D4*<8s+{|ddYBvX&Rdq#{~uvE&8MV+)Sq$lTKZv@ZypD|HxU|-rZo7A5b
z^4LQBPHuQWbx|W`qFp^H<zPcs)nAsqk-^3ZA~5WH@6%I})U~0%v@4bIRmGCLk`7X0
z8?vqvzKUNi*d<8)I=<+wNH_7wPul>W&58z$EUS^Ya50RXkDt4$@bkp&=q{pJyi8UE
z;R}mR2~V%U3|sd2rBLcDlx`#YNv&YHrGlyJc5|>O2{x<g&PM914R=ZOM^h1BegESy
zzb(W_?9<g#jcqFRVEc{`u`9vTFm{hb3-9DMmoMPG&ThhNRjm0)y6|Jm0Qkl$60k`_
zHH!XmEhy@9vpnI0(?XN$T1l@qE7W61nwntVjrj+u>~$%r&yh#Fm3_ue@T$yMbAC<O
z#+=ydyflQ`oifxqb77@o$V!LrG2FQ2cMVmwV$vxB_ulgtixq3o_I=HgHbXAZoy<$u
zW{>&~A5~m9z`Pn&U}!Msu7L59&5PhI_&?AEj9U`C!(#i@*$mmXF@13{PMCG%G@&*)
z>4)JU;zPkfEZW02jf~5#4E^Ig&B(uj>4@*MNj76NG@eyqTBJUS32)0AGE>Dq)HzSu
z)H_Dn$Qe;N8=Um%REwv&$54W5dd)ZkYdre_#95>_cj~|mr<e})&ewb|YeQPyc17n@
zS{&aZe&Eh5$-IsKtRFSFp18)=bR(!pIg6;mfL693ywCWD3)1U4wfv~bxiz5<qfJk&
zpc~L@EK-81SC>q=92hSXAJ@l#X`Af+fFIC7KlpwVb@*Uy;iR|NpZOn*&ZmkZ+;eR!
zV{ZkrGUUC*I(>%{UYY5F*eQmJnk~%^$CVsdOu^h4sRGzvT57FDrDUjkLq9!)tHK}O
z!<^(iZQop<@Pk0#;QD)Odm@FXboN8go=qht<|cp1a&O-YdHqFFuR8|y(SpFM&qo|R
zZwAJi&k=k>n>+aJMbtcNybV<X)Z?Qwf?>7&gC_aGl}x@jmvfM3pib7;^#l)OOJJF?
zWveEXq$8NES(nBLbON3fi>D4WSfU`v*A;JlBfI@R$fcmj?n+NLdQ`YE-fi9~t<VLt
zPpp$VLisQZEt274kVCU=@+>BFL?U{+q`s7VvUoMjb3C<biz*3kgVb`*3)6S-S9Af{
zTG?whx7(QlU(M<l793*>Cr}@oQ9zj87X~YO-9k-!$V@qB5p!T)6rwi%(Oc8*U`*@E
zE<|o(-a+l$D5iLjO`_zXi7z#6do|uicD1`bqt02})#3evG@ib;Y$XV{jN3s!7^2)+
zm!4~kmyV*h2v=fW*o&pK_|p;|a+8SLpur9)i```jD6coc2|w4za<u16G){`A>SO7S
zH5z7Kb4Dzi#SMCQx<DivP=M;nz}|HZV6B{#8>h}sE?ytU9X2ykeYg$=CK2Q7#l9*7
ziRcfeEAhws*H(olbsY1WU^)HGJoT^dP+rH~FeYedNd6X(U)KPPjo1oH`{oOOLPj$u
z*2*s7H0Cq+RvJCA6gpiv*xt0x#nkYq4c3XQpx;HIE(Owd9auqX?Ss-y<+Icf487=v
zCT%kX<rGCHoECEpb+6eHUV~s0*x=K0)X7^AH&-~WX#%dj{nsUX>f<nB!`H7_Rc!JT
zL_NmIAms|+N(7?=(>9{s8s<+|{zx2&`aCtbE+X1bqeCufTM^M%#~2bkWKO5f(esY=
zv?%`r*~tv2zjm8^@UanmDFJWBYr@ymkLLA-;dVKlY1BRbcx@GcN&ny!D~B1ecnWvE
zHJpf%Ow9JvZ1?K;Fe{;b9@7eY9bu7;*m~tVeZc|IwP8mX?oGa?{(On}G{ec~e2Yqr
zJnFylN2)B)-O<c9xz@p<XSV>hIdtGl-}<rT#(4VX09A>?Ca88k%48ME8muE!s7B-H
zZP-RpsRcT|1+A!IC9=h<Dte0p>siOVoaq?rTV&%TT4g=XB{X@9M7*!*L9+(Ti|3P3
z4cRe%3`jE`&)#cf0dKC1bk9Ajbl9-!zE>44cn{W32wUX+y#duRaQYG{x2t81BuF~E
z<-OyHnODraY-95XeicZA3P{+=Ui~liQl=l?UyoG>RsnC5BD1;PO7h6!E~8iOH@1LM
zQq%{%K^RWM4%>QR5NO(8R8E<tK{1rxHZ_Ym0RhGp>P-)|eNo+s(?LM%-Z0hdp~u9%
zHZt8IQqj=y$#%L;p)*><7dzb|2^fdY@BXX<diz?mP!@Y05*xqCFF5QBrDv)LK^A<J
zM`a<2Q;3vtB#KDAI^$<oJLS-GrMEXs;LTm}{PRqC-Cu^+%rS8JWD_>n!?v<L>Bfh;
z`WMW}2dhE)6P4rVu7~5EAZtqtkWJj{i^?rEhN=7A-Hj55?E^KlmMe`nKC3f9^7pdS
z3LxrUa}=eWdMXvoIJIFX=v<SrgeFqW57S1-H^T1R14<>3Juw@oI@tMID7Wig(gjJ;
zRM+<JmrhOaM|W+=QgX+|5IddiGly2QJ<Zej&$ThDPCCZU-$x!anyN?lRk;UCdP?Nv
z8jjfS(2%iyb~MtJK%Iyj^_r;f>iCv}k$E#=;EQSq>q{p#fsn6l3oOTcrey-g647GI
zFfJ^ENn<60OQp^pW}6}r%|hhg97dPhS$Y>tKU>cuk9g$IQ^Z)#J38dFKjl=~$W|Ee
zVHR!7Zq9u=|7PAX%m`VO?}5IG&Aa;<YC*O6JUYyDTJ@i;rD3<rMjfStock?sv~tK3
zLg>AUoLWVvye7)yzcdYIY&zW*y*l(`GZ!h|dzVvLajvPl&(6gvIVTq}__p9ZbJEN(
z{d*{x23ZeR?I!$rkcQWBiS6}FHm|U*gx0H(L338cB&hVspZU{2$tSp(j{I&>G@R1N
zt0lBw$N2f@U%HPHdIT@*86;22_Nh$Qc{1r?4amtCznJur$pl;cIua?bSb-*=rv$es
zsW#55&e9T-lCh(AZG!PKdiV=2&|Zguz}P5bk&EgcOPq*<B~Y!evI>>pJG-pnFT;b?
z499rMJ8C$p%XP@N`<o1^I)QPDPW7@bau@HAGAHHGp?%`EB(xGyG_<)&sS@r=^2Q~w
z;WXL%I8&&vOwm6REvNhD){KH#TlO|aE(X_3jQ?jdXn(p^`~r;-gKbAUiK-wkjzh0R
zZQneCd`o}fUM#?o;v?1fY8T7VIM-_e9km6wE&f8iyJ|9s*D(wyAF^^=a%HP93s^Er
z-d8Yb$cP9jh{@a(?@xR`6(_A$dL@oE)Ym|2x=ve88<m3|NM<5kz0KG)UK7+uN0&e<
zuTZecrnb|zrqtU%yuureS#Dg)t*r{MLlTr)C2j4?;ZxOgy?I}9#MhBwXTj%sxz!;L
zlrB1*ROPCf^Enuo0b<hlSon-K&K!2{*)*%{d$j%U{X22mWwd^LD7A2;Mt@vp0#a7t
zH~u%Pjs%mnDxynYfg-?|9W_$K#o~lNippw`*Qng8nQ$4xH4J$g{)JdlkjafWw2?w1
z<akG2;kUNjkVSE2-??&6(5oS5MdcZR)ENGQ++wo)ovqVX_NXZ^PGR!+KM`o@<>5g6
zYbb$^$pw@`C6nprIwx+MnzGu$pPdkL6+jp|_2x|d^HE~xJK3yEI$tYmJ<Mn=O|uBx
z{33SOTe6hsA}U2AEYf*5!>(EEBE(QmY(%OJh_1)Zn~g@{vBiz?(-SBwj!4-vNJmmj
z?M!S9dvCx#Y8b1kN1ZYsveA9|W+bv;muq~k83m5<^4FrP&r9;-`$(~XU{1HfiJBf#
z=J_GQWhX3Svj_W4#}$N~VsJApcQJYAn~B~P%*_^zA5G3@L&hvcPc@V-u+IYr9zQQu
zsYU@7Tp+u~SvVvLI#nEo@|i@T{Gb}WW=4VMMPtbLq9kOKC6^9ID@OiG7u<&k0t#;|
zie3v*X{3=wlJlWjo8kb3%ASN9cCs6D>DV-ATZT%~0(FZAmCWZ7=t?CNOoxg1zB%8Z
zsx-ehIQ-zovbl;eqJJs-rb-M$r29nUr;&ok1o5pC&bV4Hc^PZ4J%vDYP)O&7l+e90
z---P)=yjQioy+@3X5l*b0`Zz{imnQP3xkp=)G%Glv^A63jf#!x^|YmwJypI20|8qa
z1#mXe$IXt8<?@|*HJhV|z%>;HPp6Ea>_i9h<)hal?}rZeU;M1LS8)EhN~f2y;9(on
zySM@y+1;aGklj)6VF)(t%~j`d+Vijy^{xEX-;Zzswgv@TDUNL^(Z_2;ofKYC;Eg?-
zIcR*4*q0E5Dg4s<0x=WaNJ9;8nroVq-6(1C11G1@6t|o~)@~n!4Gi!!7M{pv$1j&t
z4VC>T24*emF|=$e$q!KZwXf=u>L)X2a>ZY-H{Li!+2=DSLDa*i(obsVES)W-yjX?z
z9Q&NK$u9L%;k=PJ1i|$|SgAM|UE4p3G-}MXjurzI6EBnT^=NzL&s4U07l%fk{4y>C
z;h1<MN23&6GyK6BM@gonjpOP};k>u<MPQ@ZCSPqg35`y^s3j72*cQaivv}k-Qb}0`
zYtmvXN`D51$T-5wjYFDO0kd}P$wLOUytIBgi9c_kqNJH{1eR%MTk7$`FV*j28>d&3
z%8kR>U2Z{A6veP5DLf3gRAEf@?wenZTftLaLPKko+G-O&1^azkFpCT;i?lwi4>oug
zyUW$zj%d*;je?Q3`2xyCsB523Zg;nCB}Z#~@_dNi`%rh0pmb=v7svy_=Iwodo!tWa
zl4bFNLaR3@@N!JKr1!nz?Da%TPdarm;`)h4R*jLmXD?kfTL^<m!uhlaEbH64>zK+<
z(f#(0PQDAVBN3N4E(a`OJjFf4Wx%chq3mGE_N1J<lg~|1Ff>yNnG$7!>$hb8SKZ`Y
zD4Cr3L7}W~b*RVb#NNManJlrS%a_EG5xsHrI_Ltu+oc*_!RNNG^S3Ck$HaIksr?;T
ztZ|^QJ__t;UjnFT=(hCi$F{YNn9ZeKeDzCPD%~|0ZvBV8<9RrhPg<va83hezJdj?l
zCOTJ(*9Glx>#~s*hCVAlPPO6i6()RP|7sZV>vF?PbmuUS(L;z#_%9dR)dj2x1SuC|
z`c%6_PJXLO3hNi3t<>^8A2Oe~2s7RC4EU5WVG$cvRXkpLIwGVS0`t8?r)69~Q~2OW
zxwC4m!SaK`1y$H}ekYlH?4E)9!s_?tJ!%t9CDm%;3}xZ_-E8@g{_Z1$&tS+V7*QWc
z29ekY-v_^_w+_F7Ab&ltsw^F>r_M2wXtUD#{yi2Z0*jKtYZFb5aOO;;s{ZD8N$)WF
zvG*)SlNkn8ECU6}OtEvbDKnV&QTJ?&WlWgp=hVlmmH1!o+5!*P84(Bg>z>5&$*F2Q
zUzAR?Tz{ZA=8I(e<Ng)6#rr)q(q{I+)<Ix_)GmDf#f`a@dhHL4mx>-@E?duop*;AB
z9`^<Qs#Z8hE+L<pq#z7fl<qU*!MioidJ<5&ZQpoa6jLnBLYQBee3F^a&*POV7Zm$i
z<f2);Fuu8t+x0%y)6TSsEz9!KqlOJFdh65K;i<EQca@f$!W&QZ{xrNb&QXSl$|KDj
zwS4D9+Azyi;7M|<a)xMISN$ys_W1PD>A}&c`tAd7-BSd_mdpr$f*|6hqRSN(>*a<D
zUsPMC_8FuanzA&{)W+`1;SUakqz9ZA#ZmL^W~p<0&M&M6`_5)TJ}eni9bl?#nKze}
z+f`j`EKw&^qEOHgJ1n!O{oem!_B}nu%iRfaz#;d9moc+t;ahk;@{_{&YAX4-cSd5`
zy=v}Wcq9dNA7GIDKf2z!ukG&J7JUk|SPLy~B@``1ix+JRl;Z9Z+}$ORwpb}v++B;i
zTM6#&7TgIg3CYcK&fVwS{o9}W0`kYo`mVLc9COSuob%Y<uF#?LfnP}%d095-oD>uM
zZ$OX!?U(HL2OGrXM_RN|{ed4-|FLs8wk0Fcdrk22P*fhJoBV`QUn6j7#?*+o+#+q+
zD&4ksmZ;!SuezA@qp2ir*{;ya#IGn_lb!X&w~ET(a4PFLo>rw;xMg)b`<7=p*(Z&I
z?!dj`&;(Jk{Tq)`zQ0`EcOrKh9|n&d;~0zhJ2`QZKgQcy;bRjW3>jh<HlA7U4HKR_
zertM}ZQCi*bs@hbIjebI=S)X*8|R@H&pc)6s_a)__<`<<-LWR3EVBTQ+GFTfVOzm(
zOEFQW6|Of`)*Dhd|DHGo7&dQFXps`F6LP)YTm3HVzA{9Ar=ZDRB>J0?dsJK!4S*r*
zXxlN?t`)yLGChXv1X^R9y{suOnpr|h^k33vC6*1$g*S0(J6tSY!bD4r1Xx#hC6+aF
zIp0F$PhP^SS5+d@X)Xlc*JO<f7~qqot%kU8f{SQEML>YQu=P6!MULDPMP-)a?h0Y)
zM3zchqRuI8+SwXs)pW}|!r6qil61|HOBs>J#AuSj9h;#wGnEv1pDBha5vG!w(FPr%
zD$t~QS(YZF97k%$X6(nSX#<4``q4^DJ4d6Bv1uZac2bQEqN>xk%e9Hm7@BQ{_mxsx
zEPX#daU9D14q-&AMCO9K&Xlqe$)6)Vp-ZrlV5gv`!hoZ0UpAqP#55cU9<QAC@eL+?
z?NDGA%F?cW?Ce-c{@EK)vtRb?Gc<+rzu8r@ui3{ewkz26_1>FmOC`lAw2~mRMe~eB
z-N897eTn-j9)yl&s{o)NAh|N3!6teA(}QJ(SbJ*A{(3%qvPS+{!OD^5q2U}^!;WTa
zz=Z&S^O6U?<I%oc$$YHcXA7zjIMZuTKI-=IuJ<!1y)VsJ6rDL1dvbw21-GWJFT1cY
zU}`Y<&AjJ##`Dte9+)_p@;m+nzCV15r$S9ElVUMYduicVO-!u*$1JkA#WA*dq5D%w
zZECR>Asa(=>_dL+Xjj^_*>d7~yBy}#DsE~~;yAwI(>eEgsfx)OhQq@3#O2v>W0L!9
z47C71+nKi=RsXhKs|+v*Q$<BZ9S*UEZ)$q&x~F%ZHnUT(CvD!;NRT9UW0N^m%Sl*X
z>^tkQtSL^|_tsh|3B+_PZ?3xD;{KmD;LCwHMd9-aC#hrCwDh;h{L{g|_6b<3V*S^h
zYVxx{Btejil7QsVw>xE_inT_Wr@Gv*FVFG9@dPeg*Sqt{UKeU_1)wb;>M`_)AQvyD
z8=LG&%M-G+_DWw?ShQ<hG&cPziFTM1hnFeZgMS>f93+iTRRG(}^_QAf{B4%58qV_S
z<XSzPD9GRU7+n@@6}FUS!`8H#5*Agy@;n@iNoyo3b~f;-X>w9(-JHrZsp=i3KE|h3
zBo_bDDNSwxT<Mm&qBTY3UpKKaUKYPfjzK^6e`gMu;ZX|DJI$blu#dV@6m{*&%xOuf
zR%@RqCmdukz}4O!-V@uepp0mV5l|tEGT?M#{`m2!o~{^YfYt5{Y$A-I?6k8HR_^@U
zzk}(PA>qHgJJ5r)A>WjQ`B{qLnjIff)C*;<C&zEA0?Nm96LzjI)khrAEZ;joLHd;J
zw0LbX$@y)AMd6yaMTWcBk0+7T3ChvRtZeg*jY^nIp2yFtDC(6k4a_z5+iP9p=tpl7
zT4hoSaaTL)sSD52UiG@-l&$8dpKj;`9xBTqyTgC{vKDt}?wGMCXeu2{n(i_$y*GQ2
zhHbgSZdb;0UKX!!(Qjt(eE-)PIsJ+gZ&_PIudA#Ui&GlhdRTROmdIi5h~=^+k;(i^
zf%DgN>A*MNRL}(t8v{&Iy+4STWtaUj>>_trdpwhOX7UeQ;vMmT{c=W^ADI&YS2D`;
zF5w^!a*M8N#Osc7VKD{z<+@%8{X_?F0(Y1Fd(%ro{Poq-(E{Xu;U)ANssH_(BC<g-
zfh57Mg#V=0c(KeTo>Y>ahe`dxHci1}9%AV<<Cr{}z2yBN&|WTMIq6!^Ut_x$qmk`W
zU~}~@B8I)(ik0GeYr1mPLuL^i*(?jE)Y2`{QO%Om$$G2p^?0bUdq56U@_4w{QTD0z
z7qfX)cfwY#E^+TWN50O1l`2x+D^++oJJfhrWF%)0$BZ;AfG=#Z=7I@0FH}%p51BNO
zw(m#LRMsESoWnbod1UC`qSzJauyH7@K(i-4SXth#e9J6isI9(<@qzY`DMCXn#mhOk
zq{Kl=;fUX!Z9kbc{2AnD4w|0RlG+&K`7k2TfrWI2E<^L=8wU-a76rQryWNldkp6TL
zT<{2O#@Bx8&nobLPae9SnM?Sl90ZS$C2(UT&tmB}++@zYsrpb$e?hCx*4R4%x{52p
z&{*B#KKSw?F>albG}w~twBJE=RV%t?%_gzD<L673eReybg#Uu~z1YqdndXj)v%SvU
zj^gOO=_(c{4t1LkdTmatGQ%B6EonHPUc>qn{l17@3$i{h2#J;^99n26v?{ypx<_3-
zl$Mrgkd|J|nAb~L#F+&g+gYE-|D9U2-FfA~(r=At8=z3QlW#WfAX-N0mn)<D_(`Ms
z=3*r{gkP{;%BKE$Q*YK4-E_$RgcghH@M1h5F&?WTxxRaGu9B?zY!o`%Tgj0Tcm^{y
zWBB{J02j#J55E1knSdjOF6KY^&$G}h<`+|XWr5bQ(rq6x!w}o$WT|rHs8*Nd{JJq`
zetf$-JJr_yE8>-88uKLHIw{|w=qO*Eri`Sm1F|G$HIcpC2H|0?(yEeL-bGAHW8E!n
zfIx8YnIQS~%p&RIq28RTJqI|C%1F{HAv%j)M>fCzNG`ohGLzX&Hc2!hiNp?Gt5GJY
z>D+9J;UJTQHtR7g{Js?LNj8pAJ#ena7v`79B6s<veKjV?$Qfc<FY8sxWFzYIPNzh+
zW{6%o<egscVc+OXvFH2si?TEehe*EgXZmImD)|4>o+61|9;?C5hJqb5KK%l*A^(c3
z|KF<Cp7Z-IV|9_o?w3XyTdAVbxa@ep6`o>U_1`4I?~M*Y&xSAWdz$mzK9tlpmkn7t
zOtoEUXFYSPWVMf9orp>-JIuamj^ey&u@>%+n?lpi+u;~}*~O*xhL1Mi-%pB|NR0Tr
ztFuWw($N^Q2p-5C^)LEdnbv!)$|U`yuym^4-;%(u)ArtPHs(_rD9_x&ub^BrP0C~i
z4>QvCk|X}Bi+!3y%3AS*`WPNA37p@jIO@15ZMg2_NKK{Bj-SG{2mW4TxHd7&x0i2r
zd8(!jNlKOJ)g-Mu<r$4`6RzIUUH=z}{ePDn!TWs|tGdXalQon|7XMj68QE>mKiQ{1
zMSG%_s%zPU23<A}Lxq|frPS6eSNeGi*1E$;mHsacJd3=&d#7!N7J3#Idas)eM{R7Y
zmThaAzir&4uHP5?|LswH2(ef+N~CICfdml9wI>|~EZrF91w7vBzMJrmR11(uyG|5b
zj=xc_@cq;1t@>tXZ$)E8fxJ*^{`<!@*~4Yx$j<ge(_x5spP17QlV$04LYiD5ljffx
zQ|l4bn!Kdg>Cmr)7SbMV4X)7{twz##prtN$QUUx$IC`-r#jO8Yo&Il_kKXhxX=4=1
zS3&45I~-y%?(33_*qt4=MR0K4ElxCBfEVD)TtKakVEl2sM&z72q#~)4X#{zR{cN}W
z9)(cT5xu^1?in{CWA5-@{kU9su}h9})e(gz7kV4}UL39ChN7l+FdbCTk}*4lE~{93
z*Ag9W*x<WayS5bC0xI#r;|77eL_BsDty-h!Z8Qlf?QG#H7jw)vcDyQU+1*BY{yi^B
z*YfB4FZbMu6!KMeDvqwz=0A{IWnbSu#TvDH*zR#qceS1<3oJ^z_L9j3A2R?bqJ%c9
zV1ktaZtTk*1RV3cAI|HR>Srq(Bx-6Y&VBiM>htHDnOC}`7MUfUN$*BS)i8UD$dMUI
zmxEcI3Rk0?(aC8Q*1|_Dg01-xe?JZvE`vCAEi1aC0UE*9#&tm1$8F4v`nR*=*%C{M
z?DTrN6`sIl%^~zW!>ZfNzmv-U=fBlY@7hl4pd<@`;zBoWSGkUnar03I%fW6+_}Bm!
z<+S*P$4$YIu+mDvhqLefs}k(#UcSi>Go+Z8>;}$o=dWaZ-BW5pupsQ<)uc|#Y=8A;
z?^fb}?R}CTi*5xq{iliN*A}!x(L-c9G8h7~%V^~i<(q_MmZ1KDo(s3E`#M-Bc;~h|
zRQx98EkL7y@BE>sUrZD+5-srtF(_|Dx&}-1()s|38j_sV5sMAmsT}cRF~QFmHA;xW
z%lIPS`C_&!|6z9Ya*z8LL)yT8lUX!gC3wd|_C1}o#$`R~D$4mDi1g<lOmEuxAj+j~
zm`FTn@v0zlc=>S6lI2F(7s1d?S(HVC+y$(u)z3a!@9*q#v(|GID9`&X4%+8uUri@|
z0(ERlcT&>cPryTpP<{B_c58Px0;Mfw=3;UgD;;Iw4TDPs1i9ZiX{Eek1(xIAKh?rb
z5FsSxo3`wk|3W+v`l-5-ujHca(wmH=uOd#R(Vi$y?10e`Yt-OHJ<~8xdq@CQ!{WR}
zJ5zD~m2TsD-3(dTl&cO}+)AVOA5%39#L38wz0X#tzs~zl$hqt$Hzsb^cojgmg;k85
z&&BS3`UM$QB9bPD;$_1n30v%vV|#y@cnQ#;UC}=873xDqz#w57Zv<xdsRY;`=Q2Dm
zA+C(MqT|hR^RedeP~dwsCho(sSF42`9IWXU@VPPL&Hl;oHwB$#uJTla<QD4fDww%M
zZxv$2@6V&3CrO~RyLY(m;joa#4w0a+u%Whe6^<>($#jLoTX|6ZJYtP=eEoUoLE4SQ
z(ud-a$7J?T@y5QE!Yj~pUI>f$WiJc>crZ_CB}2PclyVuKNA{@mS%{=6$Qh2B$$7UM
z?AZ`%X5!C#Cpga-E=t_rKh|HwmG7~7)HjiL{Fv~+9TesjA?`SvbTuSu1$ZArAa=-u
z^#`4b&*@7S`)AEyp__dM2oUv{)|28U*Ps0Nm)C2l$Z7dPX;)JIH%D^lGi1B%K)ejK
zgqLXA(aJ?G!PQhD{?QI;M&TuhS#^gShnj~RO&_~j58VWrv$1za8)R&RZ0qgfH5CP^
zy7Orc%d%+6nP+PR-v3wkVC?sDpGK6Va2<8vyr1KRA6`U5&fMv7@|AQx_(zHth>?8_
zx$O*#xux-$G=@f51r_}3{#6M+>vC-gJ$v6-Tj}TYzkJ62%B-@{fCdUoZh$B|WAS)2
zw@Jn@k^b|#PI=qfnx}L4BNnH6v$(H}B+B|ysxWT2L3fQJa(&i)f|&O5H!K&0-X0+0
z+75DtJRi<opQ=m#9PUxfdYSK=_^@3UV$rN;o-#%`$F0Vr+Gu1Hdz2T8aFIPj4HR{|
zarwzQL8F*M-<!r=9TqJTa6y(&4vfY%{q;QP<J*in?KhFG%Tjr8t=sTf>8U@*N-Ua7
zM^jGg7XF+TS3l>Al%pgs@u7`K7#D;A;Ccq@mOw54bvWHJD;AoCKDlkyPo6O|nC@_L
zpB!3Bf_~*uWGIdNT&f`%-firFL-9bS{kYv;7?~kp+XpI(j{W3Nm+pG$YB)Ee9iXXh
zqnYXM5iBwknuA*sp~`ho_}0q6BEQ7Nb%wz@zTJpa*Fq#Qu3hIDP)Wf4Ka^_ES+e6U
zS{C!Zg`{Eo+fQuTuq<G8C~fNNt%-0C?OKfFqpQ{rumyN<1){`l-foSwP~z&I+h=DM
z+C?bdl=b1?aY;6!eL>tK;t#ZPs}8w3(`fU-QGI>xufmO*tNBYmvk}D#;tvrB33#AY
za8l=?BJ=~#<noEaz-Ng0bACsg!Qz0SXhyTwGnI_?Qv$)lVWnAvgA~3kBb|=t8V&O@
zC3|J`tr{{3rS$V0JGFH~*9^=zVK!!OM0v1ZSv@05;^Jz2KHQM#gV)S?I)f;BjJwS^
zk-W}26iYc&U6K`rpZgaFOc!aL<sQqe6(L6(;vKB};?^bndL=?+P%y3#!hp?M(#i%N
z?RWA!w5(p|y`4{>F-L#ky~~^DSB-gh?$d}C9}0Dl6W;epuOFvc>%WS_Qf(UbWfw$b
zDu_@Tw1%4|9v=&qe$rR!YAmuB`m~KDD7FpLr6s-?Yp(G$mU<*yd(fZZtM4(6*4Hg9
za{bTglcUeZyZ#px;lTwl<S(wqeuUXM;!FeJYRNwEP>#x>FN*|XcSL?U=QDeiG}Zwd
zVT1(J0F+uX;zCn^C&O=41cE5=`Yl4OM43#;gubq%ajq2b_z!n#<t$ln7423egbxl~
z!gj-~Jo0K8D;fu#GpsAbqd^1y5P2h*9rVlyRSDJYMC}cV?_A0r^8GmqaNCcYf{>B5
zfy&KPZ&G{QTJhK4O)FwPe!Vx^6Z$}Faq+sj;ASVxO<p^~RBX00z|`n={`rx(sIq3j
zw0Kcu_yQc`V=Y0)T`vC9HSzlD;6M#+wE1kl!@8_t8eC<lnkNnJI3Zrw($ld06t~eS
z<PjloGRIxc6+8xCiheJ`IfX3ml`iZXQ^~d05Br#!F=rTGVv+Nc|F{`b#@um!=~sT8
zadyr_14e9`by<x`R`REl9W$>cjTHAcU5GDvnNF2zrHTxdi+nFQPK?x=#R}qobPI%~
zamw3;6Y}p5R$DyveX#tG*|924EMdWQvO)<&GdK9$C&%yZ^smK0evo*o_08)V9XhVJ
znN8=3*=N#1eBHT!HwXJeg58wyYtJ6`yLfib0{W}GcV*G$g6jz<yK8r6ISkPu8;*ey
zK{!|q65sg-Q&>jbPm2U7-(lQW5_juXl+U?m7Lx~>@;sOjHpzJ3TXeoMf{&l!DWftZ
zV%l<V2W>|44otg+l&$x|9L~?q`97@j{yB~t5N9=dAifpYYAjLVp~m)5yPI~EawOi?
z`&lo2)%+OTuHC(GP^VUNd!xT^AZ;Z+lLU9ueMsn38W9vvF&i9C4vX%o==g_j%*{}J
zu|c^`WwGudb8bSyNZU{W=5OPoSejwZK78^=86{wy<|<O=_-D0%@O_v8Bm0gW<+w%9
zMYJe_J58a%40u$KRvpvCoDdc;rS<qilSiFYz)`;G6&4jdN7r0y@8`)}p{`Pzu0`5T
z-WO2p%Gz*lz%vk9t8kUdvNOD>Kjdbp6_(uw`MATM_N3o@lv9L;_RkQTJ#|yf84as_
zql<>}>;Kf9&P8?|w~CW>&qxWmceXxfH$!f^L8fqJLKngJ9~)|ANCr*2HgyBfFp6mv
z`Mf9TI{&$M01R2UJI0gK%Rh9Xnw0m)M$JE<O+k!XiNErS>`2A-p<PxpC|y$e6<Kig
zrS^lcSB^GeL*(KtZTIU)2E>XRkb<SeHQ-!VNe3R}{z^$vIaDMA?AbJ5KpxBxB_yge
z^&nNF^wO^RVzJ$db7Vv@t+N9kPmLvQMcG7#x%KvVmCc7L`YTcUp(6{IcSomaKhnS_
zrn+OINg#&90T%oN@s_?++jNt7eN2WBH?lMm(HPwbvDe6SXHNP;O2fB)T(QXgp&;6X
zsP!r(H4|?y%g@p~d*<?ZIm>9D`hGaf|JG?oF=#o%*VTKYoeQ`BHP}59c2=Ue<Q~&M
zCEZ+mv1!NAT9!9=mMfA$OzVqk4dopd>ZRCy8my<E@7PhLayKLJ+W+bmwBxo(Ug-9C
znbaYsCD}huad7WyL}9^iAydaFk7o8@ICj|A)&RKX-|1&Wa|-(F)2(T=xjLY&EVCx_
zI^~q_x9^hpe9KXxkN>(41^-2cz37Q-z1cD!MrjdO?Mi9#{+O;<uE}MdyMdMzevICB
zd3@4I>3VRsmh>zWCDWuLX{9Mze%WXnTlFXW+FFhcXaUEwvD0X0znwm`#tdr1@xi21
z$NDdB_Fu5xm(mr1d_c_yFw*$KdQH&gwrAnpw2D_JN8K|lov992890sNd;Q0~y{)J#
z58bth{k$+?!PR%s{12w;3DffZw66%n_hYM$&emy#Lw9Qp7~C!b0t2Hv8spt6xo<;m
z=iC|5BN+}Kv)8u^#)a=0i<iShm15<W74|}ebJ8{kZ^V-fD3GVp<1d{2)<e5d$kE~M
z*iC2Z$Ym~jCU^2)Wpx01+`>3=5%9t*7We%AzSnuV;}IIP6-5ASzbJtnOWcLS#%_oG
zfFMq}i}rn=aU8<-^#W+D48pnzTBtwMy1)97*yv~9*3EnpN=xXrY#P!|dr7=Fe>J0V
zH&`UfDY{jZMHD4u?{qiDzy3morbBRKAos6G!Rzq=WL7X+<wI2K&zu&|+a=F5DXoMa
ze8)A<$^@(GHgW1g-10_N{+YU#!yxj<xoODel<6HR(=CN$5?2B>19&cREgAiy|FxTj
z5T68K*W4A+^;Z&#LgS`xK>Ho)S2@vmffVqMp3E@D$eF~ERX66T%e?cks!Wi+<1+cp
z=^AOp!&p6(v=W{Kqd$Lj#CcyYR%64TegKfz+k>QY-=6~?+qpULDLWtPih_#7&nHdJ
zG7ViJ`sfAx=pJocBSU@xJ&x^E;^2per|Jt_66O7IY_*s|`Y59YVKDeQL%Qpxi^)0?
z(`0_7tbS)2cxUUqw!?)FxLdGN%jEg#;CC2DOPq-s$s+Iq4a7la=M8~WK`i3CInbo6
zn{DTL8KiQY#Npptg3bqC3Df?B#5@bOqQ;IR2?&?i*~Q_4s+|iM40W6Iu?o)HM!P`J
zg6*4@GtOQH>}i9A1sGlfvmTC<y6x7lqI4<%ZVl@N<)gca2g!kF{LCse=hqN$zN_i!
zo#AO2BUd^+tD%LX$0chXt33D4io<7EZ6#?a)pa&OUp*_FBp48q;J>44c0=G+uZ}rt
z9rKQlTA4YokNPEJxD^p(DbX&rz#*~SV`P`iW>~$EBGdL^zkJadz*haQXV=WYf42*W
zQ24m6%6*-})|~@4ATifs#_}Oi8E5Y75WRx6hAs*|$~eRqM+>IjcUf&$OW!_!Bzu7d
z*tnNT>406NE*T@4gK%YkJ05{3@`)PKJlXH0)$eK=@MxNhIBfi}7WQwn6D`)ug(WP|
zoV=CVF)_oenWkPzrO$Dm4_~IeIngq$NWN^$x*@YR&;zZ)y9L3Bp)BCX=<YTp<5K@>
z{#XH*g1DQ`b2kagI4JmGXg(zCx9ouv@|K?mckV?$dOp{CGY>$7)FPuddMFVL-RpoA
zOr{C>p0BsR0ikZi-y-&jX-PT3_YztKS1BpNmse;8S$ta@s-1-@s$ToU!-a%cg<=nI
zO@QISU{d7y=-G2@0vc|hRhEmM_Yxr(=skXf;#t{Jm7uMd9JFzY5|omJTPKo?hciAL
zxs&=8@+l`B&Yy!)=e+r%_B@7jFX+6U4w!A4e}3cwpQQ-AzccGZv_gq_Y{WXND3m1b
zgJ5|Quy$w?I6K(&#eaDL91cQ1r|bs|aUmOaCQaK7JpBGPHxh#V7TxS?Q1hIAHg~Wh
zaX<x0pUlwa0Mo@VoJH*L6LdTaop|`Rx~=&|>^m~wsD$2Mi_Oijnmq~L73WJ1C>SwQ
z+r8I$;nB=$OrOr;B_@h|MTjGTk^s{gfS~u#&;m}uRo7B2#`;mw(C|}d&%4rfa3Y5{
zVl1nT9(2VE!~?>28zClso}uAm5^RVGGXUAzRgDB5m-pa$=&;d6N!?4L%Ny9dZ=#1L
zukM-9N&XfjXr=zvO)aTk{5Sv_-80`R4pY_tDg18{2{}bCLrmA*`%D7q(=<+qsN=}i
z!JX1F{QW^PigdNm+(jyS+|bwR$7xZMe0SMeuqj;OV8{|Kba?F~Yilv;m@=sOVwsAF
zd#)V0#II<>TV8<#_?<m59#l<_zFlrFR^K4`t%4=}(zxrH*^hz0pMSFBjt~a^6Zn@g
z%{-zya!|ndZWzn#$9v{MjG*`QLv&B@zT!M({Nef$8vnttWAzaX)YMj19v{K?YxQgO
zn)PyOX;sq(^TOBCO6J8J_^5LM<L2AK2QMSE6^JbIBDIKrzJC8FN!Pda_ZPD=`Zj>a
zw(w}hvh7OA?4d&6=|$tUgWzQ;w`!V^gwX{{Z9=?TuYfp~TTH$-pRfl0AEco&)m49g
z^Z!V3<Hp2s4$tMkm3V89fWU*8B$|s&T&5)n3FBH%4VF^}f|{f!4{s4Z3!p5&5b4gg
zp@BbZ-dM4(aPryj#RICBHD4lh!Ov;GA*O*L=WI^a37c*Nb8S0MO)mY<NXZOA7Nrry
z=&V2E?{Db7E8mR>w^O*ANK7$(EPX?U+b5N=F0*mpseIS(yn9a`y0w0>_Rhpu0QYIG
zT>U>v&l5X$@65V~GvRg4GxBRc|8Z@=z-tj)zi)-TV#FS6*@%UekGDyr`}Q?Mud*_g
z?VxSpTrVV^qAi49zeZly0{{FN=CO2Oi~+L-<ctHm!ROTL%HMbMvS0(S2o?!p8h-?J
zH>Csw&f&jVd8`TyAti7E&ErA=$elQo7Xb-b^kD)la~HYyC5F_C<~@PlbdfsF>?E?Z
zUx)cffz-}tVz)RfC^)>^3w$*V`>Pxv%XkgK!a_RXoe4pCp>raq&(FHJZlk*dB#N@!
zKE<nwh?rgXpg^1L&<nc&>P%FKSFmQ|Y6VE)GOG0yuPD<$v(4!8hgI;N_>K!yZKU<p
z&!S40U*)Ryrf8=ah`IxGb;-hJRMiJO1-c(3TnO)V1K)f)Z-gd*AIe~-(E*(I@=nPV
zcW2QZ>Q(;ej`2=|2ocK5ZaxH%<rUL5*1oR|^#?!7jU0JF)mf00LmSpOi_O0s;(uCc
zF<KKY$*iCERZT~U1WAY^BTXQEk?)>7j5e-Qc6_tjNJ;{}?m#sY26uimg^B^->8U|~
zDnanji%sKx+G`=*b6AL1Cfzt8o{s8YZ3S#x<_BWOw|$o>&6}g;As-)8ziKOe8B29F
z-0^Si7<r@`|LGHXGHU<aC=YYTZPjGyygNz$d7qhJ<R50dcdh6eH;y)mN`rnWKH$0|
zy*kcXx>PT0@zBqrGQsdAZ>fjU-~b#;=xm-}=JbV`?Zk)c{J#TLt^YIMFyhxgm=AVF
zehM44*h{g`R#L4IscGH0@)fqpyEk7}l&m4@$YL>@f705osUe%ZOAY=iZq$J5Z`?l7
ztKGi{dp0!8NbFUwBC~?(!5-;l0t@F3S@to-am)mZf-3<-@S~onHKoc&XC3#0`qu_5
z=upS5GP()US0*2|j3^TLAttIfe{cKOU<<T+M(|aJww)amSGxaSE(reG)oGOruh!SF
zw*)?XArC&rq>rsz+N+iRlhsgv6fziAE6+Lm&3_mR90Hs}VK=m!(A}HdSu|m-n4E3_
z?|kpB;A=!tzTFJns0~WIKMR#x3?@$-p!acBqPY5dAd#|Ozih=HY|lAc4_lm{HFgjB
zkAVyWIULwy=ytKNQ@>$&cvm&de13kr;O14<A!Oi_oBSFJ`)TO%8$-88MeZD5{)vy9
zwip#%cO$avGv~4COL+;(nRkka5@fQosFq>+*fzF&ydRU6JhwN}3Ve&KI`m|Gew=ha
z7!?IaJ<bn82N-CnJbN2NFF<(pKN!CJtigsh|C9Cj;02NCyz*FhGYqO&DoPLVygQ8^
zkCB?d&4TMakV-s)PQs%TII@k9jb}+4?Tb%KwZtRc9;?<n!QKp7Dj;0K=?;8-&Dme~
zV_1YhpRhJrV?@zcg#iIs=B&X-L{d_)Q--If5G@=3T3~s`wmq!vqn2fYB8MUM^R}r(
z!+!fDe?20zMdP)V5}fTKo)4c*12Vne5!bGb4KN6Pka83h{7slOJ<7GE4Yst5{O)5{
zS~w_2n1P^VI`Dm}zU}<`<X0KME^k&eD#VOw_e5ptVXT&9tWUtNH=d|@(z?2UI6T%c
zYCB}4kGp1q_k0Cwx$smrkcjf^KLbCbx*{0317=@b;DddP&qXBk8>2bG1w@g5P41JF
z%cspM8!i2HKo3t%AaMXHEf8$DX?W1lExYwRh7czl>~6AeLU>%!?GW1M2shl|C2GNI
z{H*tIQoGaqj174o{{1l^m{7&&p}h7XjB$-3vvH&Ml`~cY561JL+!-xOsZ^hvIc?-0
z{_0NTuJe?aGCs8cw7oa?ZCDyVW0&4F@Umz;G5JX5uJpP)fGL>F8{u&$Umc1RU+@iq
z!!93Bs27qlPm;D$uz(Wvz61(3ht0}<pN%&+;#dMC19w4oJ$BEZSc!KUKVR-pTuOA<
zlz1x4Y}yx`G59UBeJjLD>_GLRWHhhfauW5Rcc*XPYTlxG@vXbP>TqruHu7DaNSv9a
zFqez^cX2apJ}EemV1Z?D@-f59;FZyNTTyUj!0nYYDG~9H>U*b4`Nx;1ZFU^7&qTBZ
z+<)KcPT>ohh8KdRbD0+hCCthqanR8~&aU1UufP<UAqg~DsI0TFganZ@5~FjLaU7P+
zi$G_NaiBm24oN6sz-|w$j78!df-(~b<I4JbNmlmLs3+rOO6j;0r4GbP({C8y;VlFI
za!Ad*NS27T+Zdaj-J^(8I~Ymzr^b(&WgV%$8Fs*nbE4P|tWpd(=}Ev?%d)|mx~E=(
zakE%smGWVqBWBVXBF+8XVv?d^a?grOFhd5D)l}6v9jKGerGUw#lV!}ARVBCYbF??7
zY^PkUcpa5E?dv=hXAiY<-h|~XWFHrISUN7KWbzGsJTLqonXV(W81gTxfVWe5kX=ai
zs7gbw@fO1=;LhL&Q;|FN2Ia{5T@ZGtBB78FyEve8CDLMA^7M6~rvYsu@*hI|)3?O%
z<5vRW2&Boq6<YD-m-)G{@mT8k@$rhG`ymhTDiMrqr7T*cX}yoCg5a|7Q!2TjBX#dX
zzdcnc6Chk{>|#wF2koqfOjnVPt={TTiX#Lo2>@_-=kxHGbcARlO1Ag&yD$~}3B;N|
zL2P-bfReGt=kvgG1xXBxBqO-~o7b+DkKG=EtMnZTbVD~`Twn&omK~6W*7@!Y6a(R#
z&J;Pc!37FnZQvH(3AGBbtBUR<nGhm%^tkG_0#L3!l#mB|A&<a8td0_p?vjVa^53yr
zxJe5y6*iOY`*CKhI&V&3<5{0C8cLm?-+3k3`^QK8h;LKAEPgu?^FEb-??y#;@g;W9
zARL-AwL-LSXAo@SOZKL=<AnqN?4{cqoo_avG=|4`&#Neh9FwDB;DL{jah6zIxgVen
zO`vR0O9)}|@sjy-uq7jQNau~^3yvUxr+(JzYcsm~%l0~1$e-Z8fy1|E^N=U-<KX;Z
z(v*LSi1wH?-fcgoTIWIH1E0Ua-hWZKRJ9ZI>gCTp5APS6)+Gt?lS*_2y`Syl=hOg*
z71#RQk5<`#*c8>mJ`KrO$UYz7AN%`NK}-6>qO|1N5dHTs3^@Whik~qJk~}MY_BkE{
z^8@ut;gO5Xi+3J4GE}p1&lvvhbpKB<Xo!`V`M@hn<y`+MlW)O!8`6D8I)A&`VKrzY
zk;L&+KzzrfKL78th3;`qNGt%^HeG(*FG}_|rJ6fn+QDS&72$C_?=x-2GKtf3%(!RF
zXZ7gM)7}rKtmXO!*4@~~g4pvzF@x?nDhZCNV-MKwEL!6$vK@k;6PP!>mCN%%%7`uM
z5R4E)lo$@-pU1z8H{x^nSrE?;PJIFbAkJ=J+oR;q5M3-B=J&`v6zn@xg^>zLG|uw%
zllg$kq1`%M)q7i#_N7s%gIlI|k7Rez?{9bOXDF$gsY>a~1snXgi-@u@%fB2R6~N%_
zFWNbn&6S3(A6ENpX1u?NIRhKqZFX49n><MH0lw)Jvf4Vn)@f<g@<xaKUw))fusWPP
zyzma_S*jX0@?%{3F66`xB9LTD6reqko}OQ8dPh?SxSC34Cb64p^(J}4buWV<$J{9{
ze)Q3qm^RsPFUU6?z);0A{&v_iiNL{kaR^6){2yf#qaksh4;)T=zLB1uqf}fmCD6#(
zCdPyuDzYi<9P6i1IELsD`{8SCo9YBYh9m~u7;D@gQrue1kQ8lK)ta2~7(KaoJLq#6
z`ia*9!UL~8Pa<aPBbIVBVvcM{+wJQquJS+O#@_z-xNUSgw6WI94M=c5MH6@h5cFF7
zLX*-A&o9&obR1ZPx1sOfe_X!&GFfN=mM`&~Z4C~5fPJy%eo}q60`zoZ>M4)TeB7Ua
z;05wm26(Q&CvpRcD$q80EnNME2lehDcw*Y2=;-TZa*UPCpJ9RHsA+wR-Y1v~>!Rg;
z(j=3*9rk}jr#G<g>QP=**d6ig6wHtG6n;YoR)e*~7X!3$1S>83!Q&v;J8V&sWWttF
zOcgH3jVL+d&{Z`5K31=4^tcnbilRc2cLso0!=rG|`hSIik!jk&ykqTe)33?_L8!if
z2WoEeXEU~6q(9K=VSN42>a>h8rgcj!U{B?d6Ms&)qK$cd5&j?*eNnK!O+9MvHXW8k
zyciWhztLA7anlSx#k~x?fy~LionM=&;a3gFbf6icUp%kEUL$|6hQ-Hf7EnO-*?#YV
zCaCvVr+nt%b!%U8CjWfu8?2BI^|H+Tn+2~bwY4ZqPjy-HI77JfTyf_b$&Nt%Zxbfx
zo!cuMQ=}vuU-cY~8PSt!LfzdZhz?21rNg@iir)B&GGY!Dv<)()v@Ggz{h2T3cun=1
zai!ZScBD1&Jym{-{WKYA>P(9k#9G?A<e4&+2F!aH{ks2uBfp)oEQz0BeY{iIx*qp4
zO<wW4<@S8!FxkojP!xLVgjnHT5%x@S48fY8t;AZNFD3<z-hQA{IIY)TfU0}{wv<_f
z^@IiuCWwS)059KAwn~<L$y~AtbzUY^>aq>&_nFELiSVNN{xss-Qz@N2Rg#>o-xzhO
z+*5)ZZ;nxCqh|y_5Nf%*Xzjibh7fG$P50gP$@o|XshphOd;@8u8vtMYk<j|^Y~Uic
zZz#-K|E1tBFvj>hZ&q3ikZ1$dLlL@^dJF;H_B8M+`=XC=>H0ae<$FFMCdC#uEUr@Q
z+}QHe1r@;}{tk3^24o@J^q*Zv+b-aQMUD~eWnnCnMbI01XQYxQ3MiMtizB-A>Z}cV
zSehD93go8a_XT>@btZ{#CPzuJJzu2|n(cfj{H!$0y}`@E3~lX79$uh(Jp8n9JI&#f
zqRcc5zr=cC6so2M!5Lku(A~<;s{3^`vagjkq%cENm^H=teE~vevz)UZW6&ow&>(dT
zBh7ea<SrG5g|1q3*WKe{saUUrGR%bxW+`{avt!5lXsdM>lV8k?rWBso8VqT)7v?V(
zAA)2We;snjbp6k5eDcImwWkL9o^XmvpP1v}n&12D#r4#gmkwy@>32fuHRo+WShA=F
zrI(+AlsoA&WWUxbZIhhI!jyiy0K3?Zf@nG=Zs;luroe^1?W-K<Ugk+&_-XekEjWc!
z?C{miGkis`IC;wm?U8rlp>JC0XwbytJHy(T0|S@U7tn9*)n||Ha%3y5h@~To`tI{_
zVIFo}BJgF{*Kzr1v3D!3{TUZ@8+yj6TPYp0bS|X@D4~ORSVR)aLufNu`|AY!5`cs|
z?|+9k`X!GR7-kdBx(~NR4;8cf81u#7teG{cYQEyxS_Hi0<n=6>{3mluC%EBu)eB#H
z6QS3<spoJeu@AD^GXsiVrOppTkTxgs+G!f7gn4rE#LOswv9ndi%*&O2tR>@P9mm>H
zmu@DoG%2RmwHOp+4L7R0DT>qiEzsA*a!*XAunz!?6<S?wEHJshak>AwB->{WO+CqH
zGu<V(Gwh|??q19%K8UZ5J*NI-TQC2CI;W3zW)Pc#QGYA#mREDy`yj%!!27^2r=7*N
zoT_j~HgE~|BI<vlFJ_E}gqN5|b+*J{#pr-8mD1<?>V%zl7C*j~Vs~%4ET#@Lh}vHI
zY;O2>7fLjF>D(j$Lb%^Aaj7Nw-)m5sJ=W4rTQ1rByH_t?Rt?A;luBnY3NVDeYcS;#
z7fp7ej%g>*&lkJpTIbZq@IMa(lhe9(`mq@O8kTC+rdt44`g^SVQwm37o1LhZOhIN)
zcS#+zH!J@0u&aIvHER)eAXz5(iWp+maZ%o-`7&~9Ts)+6d#bd18u-9$pI65&dV*_P
z>ljG<<yBUFVwbL?wzmr>=91=5IZWrdy_bWIr7xls|LE9*W;!FsHJbWqTeZB^8bGR=
z_A=DP><Y{zwKm5FS$xz$dxhY~n<X*!&zp3FcR-g6=C<4Qqf^TQBbil1+u3;jlZsc@
zF9PFvHf3lGmQrMo_Ufx6Eu;24&Gfkied6RFk&z^cr23B*86ti-`EJQnvpVOhv(xyV
z+Ll!16+PdvQe!kW$fVxov7y1y(+4Z_q+CN+-#@l3AD4twLO`V+l%K_A;YUmyhLNVR
zB|c$=Gg{^p97)5=1uu5$)!o{^q@5~CmYZ0G<L+V|A!f&`OzqC%Gx_#I6E6SzJ^Jrc
zY5D3WA;;R)20ZA6ck%g5Y_G{+;~1^)b4OLa`r#;(M|D8hN!Tf6Vow6T!?U^9aBo>M
zcKDEu!*K^6Gs9h#rQc6ipox_*njJt$f23D&9?#WM>;E0sqv~w@gYJtD1<#+sSn@@?
zs;Ps8d8Fjs?2dLQvBVW2^hxMzb6eSv8VTg0G_(VIomX^U9DCkj7L>gjMehG|=gN)i
zIXTc%)BD~<nRv)WMqDd14Q5kDV@<MDOSC)-qQ|__Y+RuYz)ibd@v2N+e}#c#=~?{j
zbv5yFMu6MMT`q{<Q<}VEG1^mPr-uw%I!FFE&mdsbsUYAk@RY4S@(=&lcZrAR=M)dW
zI+%QBqXaIL93c_Gu(l#m+N2>3p_6p{+%AnKta%Io!Q(NDnB1cswIoP80h`v-S?DEh
zK`mF;r7Mr`MT+D0Rol3L{D&{-*;LcFTLo^`0%c?=$4>O>N!4Y*IZ{5Rez;rEw+!`C
z8QKPoI=9sFh{<DCE)iyI(+%;4%OlTU;~%q)X6og~&97=2q`p_sXDjq-FZ(jts&(zg
zg;BE3_Qg?!n#W<0Y}t*!Rjr_((^nPj2%q&y2xInt#=3j!e&ndV#J-dtQM82K<S&yS
z{wMUs$6?>`{H()Tb$XZAoeMO0)mN#{fAv;=>`r>W+=zIt-2l_NVO7<}*!F&^3c4?Y
zrb=7rB38Za25C#iXP<#?y8C31YbqC<+i2*ckNYHy$izO}tEX5MPb9{OY-j-gc`0ik
z<0nG@j;iyv3!VOXThZ*h#mWbf#oXO|V&wZ3xDh-|iQf|^>+#SFCVxTQy^KUC^JWQ+
zT^RvToAZz}K)}y3NAE=!<phT?$G$|#L$7q2M~j$d>)*g#y2oFRO2>ZDV&=2o2es>U
za(*n;<cBe8(Q`$q9u${tJd5G0IGC!xkXFwRQ|O^t&9^iAsS+P~(b=(?3fsEm#N+ZG
zQ#E0w^#t-d`nnwNiQiX4tHF042WEO*!CJ=GeVlAsGb6>K*ybsCBAbgMT#!p9rH3&a
zXiaG)Ca!3kR%HhpXup;v*h(Dwla5fjP!8E$5O)hiZEkg6>#+V!p#LCN@6q&&{5<A7
zh`e%;Z~Snn&aN(26F^CxxWMgU>~z^9rK7OYqdYVrL;Dc_<XAj)jEd+xPXN&3@M6Lv
zi};mpffU5?RGBsX{2iHOf7|aZw)agX-@-5$|EV#5QdxB2YFhG*Jk_vaDgn2TQA)sZ
zZR8}mLg$wmP8JqfshRqAPz*rhZKJ$nL5a2Iqk*8^?Nk1^G)uRQJIRHDNW?6#fJT*H
z%w__>zlT1l-~QXp-u0ZJ>aL$WWGy7p#1thKx|aI3xyr`PIM>*8y*2c_)baV2_CA*q
zv4ns*DJHFT+i?$yO;_^v-XL(z@TmJ?Pu#@%HMu*wPA(7nNcogUke!VF70XLS0(aSW
zU+uB5^LR&yY$EVw>1f(WM!sBZcy;Q(&b<EBi95gUE-!R%cJ{f7LjRRTSg>N6KyYIg
zECrSvD$b4ADvc%#?}u%yQS^{4+xH^_(Wv0AD-9U7al7doBm>Ise3O24GL7z7u2QaD
zh9m_;PV2#Uf{d^72h!<&&tBaZ_lvVT<EQf_j&M*(UDIPNCvoT!bzDk{eiNTobhy;~
zUTp3@LB*^H+9$;7eYSk_xhuvmqyKTt4!P{DDzoV#tIRm76pIhV%zAKLFx%mTwu7&y
zs(wC^j}y#Nl{g#d4@wd}iiR|TuhjWJcMg$%UAZ_=KlAq2i3+7*5vfBL>Z?BeuzRpC
zo0c~_E(*aa`g^JG7ZP-Z&k{=Q)XWds6>}oMUcnr%p<6XlO?2~xgh#(n_PLUTw2D7`
z@KO3wV|HUMieot+J5a@ioG3^(uBOU&Cs;@%_h&KmnH8e@eAXzqMnkZ5$!@J~G?RvB
zhS4^}Nc%#yZ@7%!c%qR|&81Z9jV{jwm+Xvn-cF*e6%|-}ssCD=Es=eLE~WR-mB{As
zmv{xBb!J8(;jIdMu^@TzEtg2`e5a*vH{*!SkqkkrE^7;=6@D5eA4HEwIWz$vJ!Vg+
zo@Q8R-Y)c?pV2o4ZY!LtIj860VAmMYIOBsxGj6M($t2KGSrw8px_eG)&(pRXT|1i~
zYSu%TzN#oRUR8yD(55aEL9*6t8XrIC7upS7|NA7B(sjXb=mjIhb)AQEwaKh4zuEAh
zPY#s#>+nzILK%78m-}NP+M!kqF3uM$Yt%}}yH<!g@S@Q9`dV=E$HHCTEtm$mc_u-D
zJQ%IS0bg}NAXZfw6TzJw^ahX1)DSTk_o^R*HGHK={Eg_r&(I)Z<RzO41JNITiP=~h
z!Ed(*aUGOvh#Co8s|>J96S_aZD)?nKR)7C?W1BbYt{8Ui)%GSG24D&10zHaA8wFR`
zFZ_;u8)30~w6Bfa5Y<oz6v7F5!B#o=#l{8?^a>ld=jomQw>!gdakUDqcim2$oy_UC
z;lTN(NsV+T^Fagd#0cGfy`Rt1YkT6HmlpRzZ~Zs%p^D&}Hs=MgTS63a9YxKFnB9ST
z+06w>o;Cx$|4wI-+^jfQc=wee1rXO+kFrAB-~5e31c>xZqqbH-%deq5PAF~=_TEMK
zI-=8gthY0fqnMz1uLF8p-8)m7iDH*Mq`AIm3>vQdlG~C>yX37RAkG#Qu&CeN*$G#K
zqL7!sZfpsEQz1eD&b~{An+1;~*f&1_O_a!?3-o8GC|%omJKzNnk#%;kuroQvGHzxc
zjsq8X+i&?fw>&wjda-gaHyX8$n*0Fe|7zTJ7(9-fC3X&mta`4zZ##a9mRvkO!b4dA
zmvSj_FRVPMIvos(Mny3WcoZYQo6Rtt&}Zvq@J_tcRD23{G99eocyBdgjf+7~JUGRS
zFZ?0niw_h2Fv05<TL{rVxv{V9gW4KAnL{RXvE}Sv{fQgG-EK&Akek0I708iRZ`Mi!
zjb$l2q$RPuK*wIX0RIC9eLunajxGjsY{uPji3nQP&z|~UpLrfHKU{=bRNN(TVRsDG
zTnq@tGycnTcY!{C`^1UWMo}31ku;Bv=<f4A^V6<@y-Le!+(2pBWAaVLuius^W-4WV
zIQCYevcindla##u?w0!3UPt*3QbQsIwU=}JasNVV!2vGb%cVe)HN?eU=;Li)<%F4T
z@JVpT?Uq}&Sth*188?&bx7-DXYQD>%@>oLt-+pm$&0Uu0`}_S}k{?Ilo88->BGFS5
zsK)}{UOf)M<(mTPYB{^T*V;k&ocD^}W5Y<{bQdL=&j~k-Eu?!~{x3~oXsNWf^M>8R
zMc6o)Bi-xG%~>VsLSd%@RuALH?xj9~vMq$|C--7kr8D>)I5_LgoAddun>;Y8rHZ7K
zMMvumE(`#C^z>eBRr(z&joKZugT&DiWL=(1#bOH+b%(7#d}=xk(S%-qEp9t!>JM%`
zsmqISp^U|n=yqdTyRJsz2`)BAiign??gPX2*lF%_=R-TO*2aCOUO~$%L7#N`67b*7
zcb`5@GN7VGA?CmG&}WE1EwMeMtH%N#X}ES3wneu~`FXBq_)t3fX(J2Bu1<g2umpd|
za<ywPm+8H_K~bgerJrV>yP8Ad=%*t;F>;(bBQ83sRolygWA&;}yigN6xX9>^kI#;O
zUHQ1(yGIAJt1mU*e4T$?6vp|+3~)rhqiueOX0zU&if|>d&2zzFWwv^ZF!&uSM6Dm8
z8}70+BlRWCW2d3mfnUw(Rt)g@uI+zahgGBWux2LgP?pH`$VQC%i<(I7ASb02T7e67
zOObZ~UDrxj`uQrAH)57qbi(1X+(h!>OUvu;o9Z6_@*BqDbQ7MEmVB*^#vFCtn3n#h
ztRGuu?Pb<92(!M~FLz*0?mDbLl8b5^tLpe{A7O&;o&I9|p-k_3ow8D)yYb^M*;;|_
z$4CdnyuNTlJ(o)EpL%}NEYh8}5g^v)bqq~ihk<gooP-g$t?*d-A=${zceEO?^Ve^f
z$?1hWOH#-!4YH!j#9s15?{F}Y>Gz3OWJ-jg_>PCh%`{e9^(ejZyruZ3DHu?$#HZcz
zERY^@6jyWe<Jr=|W9+kHWpR03Hcg8%4v+ZC$%!y@BTPWh@2uHR$K&WVbZ+^qXF11k
zLN!OD(d93)OCR`}76p^Q0mEj{DhEWldEn0s>tTg2%jvt{;b-9|KgmMnUy1IO1m`${
zU4dl|NS%!432!H^J<EU{;R3@8*Jb;(2>uACs|5f6KzO_4bXMg%y5vku#B-f(VL5-5
z3jn}FJMp6X@V-H!eNDQ9OZiWm$Bm#3=%%&TCZ({Aql;2-*e`$s(Yi|;V9gHI4&nG}
zyz*U>H7^09EH@27X<jFa9nTVZ16y*tP53_E&_q)DNo!ejaBmM}l&23bBNwp^9Nku4
z_NLzm{e&}9@h4Z^!)#xSC?az{{<nDUzMKpo(jesZiOj)FWgAHco~BfTGlzMCr!z?n
zf`gus)&ipgEO$!i$!sA-)q{`Pp~OK%eG`1!A)!17f4>N-4Eg8X&~fYTH&`1RkiyX*
z!2fQlU7T7V(qT$d=t7JXyICuz`wZveF@9asB-FviILiGeO4d~N#mTSa2~7qyhA&Ig
zA0?L3KWoXU_toU&1CJIcf^&+K``%0HH{T>Y)4#{MgZ&2#{6C<On;s)#?(6T83A1k@
z=M<#{!yn0h61Bx(=INv^d}hL{nx}@8V8Vk%9EJ;F#(Ob24eyCLmX!S8XI`B(ZFzmK
z<bjbC&}n1EntFL1ucF%W0D!g2nDOASQDRHJKZ9)}{kfLM$2_7!O?VN1qN%Vd6t+2V
z1^fQstnNyR>Xgl8(z^MmQ9Z`~Ls=^i<-0CZ>=@hzRReIVQ<GQ9F3kbLpP!N0%$T#h
zn+S=2`{u8V!{tB%rsrDRm+m=@I1h#%Vf5sO>@|yOh;_0*F$X+9sc!1&v_q+)z>-dI
z0&yu!WfzO+;J$S9nT=&p_}Nv=%dhj=l59r(F>9<cA?a~SVIezI-&=x9e(R07;j<bN
z_z-EVNp8{|#P(8@L^GiJZ?_Q+m80ULZ!?r`{Puof5@_xaM<J!!)74Yx>kkY?>ZfA0
z-sBrDnU)%P_tkop3)hy;yO+w>q^-G2o1-E4ixjv2czvGy7d2+wLEmK^|1|I*@0x>_
z;V;RMwfC1mZK|3W*7q)SVNdWjf&;jo_PlDVw$>7VhAG1rlax;!#(!_%{7+{cb)W{9
z_|03~&*0P2qJ0`0X6a4S<p&<CskcEy2lXoYtfjFBIwt=R?Gfz|)5f#!SqtPPEP2Pw
z74u}II^a!pY*3vyoU1v^+2>Ys?L`RV71H=@=;Y^A*nGvtE?ZN1QA=E)AarkwwG>gK
z#gx(=a*jRw;_<V|gm<vFzF-D<l*LW{Xh1$`{h>LCN?^6&Q@X$r`drK=PCh$V3@(bP
z(W1_{&Q?#qvmO8@AVv$=M%Dz(|4AVIRG;=C`FMi(9&VvXST-*3Rf9#WePB-xBaQ*{
z#039DRf`}nUN}g|0KYWQ;Q8m?!cIvR0=+(tXA~XFCc|;hAd>sB|Gyt{)=OiOL5#tx
z;RlCv3fu?^Nnw?@5RvykA;u(mpZY2y{|c$TIv%|DA^G!Cec%3AsEz38lJ12-k|_{D
z4)Ain<H?M6?ti_o8**t@t+#Ys`<>{3)!oXqPy5fIHR9I~tzGy3hpxAbigR1KMsbJW
zL4&&l_u%e<;MTaiyIXLV#x=NmfX3b3-61$ZLUNn^9@*zR=l){Apc(Y)s#&w<tX0oo
z4HcF}4VU>H`^vu3gq=H$p#sKgXjQUwydz6qtEp=;yXPX~A)l|z#XS1jBG&b>vr;oV
z2J(skk4&;=@zcRAb{ArV3l&L68GS!yr%m!hkJ8bciH=G1LJPBRUiMwkA&Z+Fp)b74
zp)^8K6gy{u7fdIq&XN_zB%hWuCHFJpQK`Yl_k~|H%BJ_WM<;&g7_M{N#bJ9%2E=Mx
zdMSD(mFIlrd-sH_HyUMIsHz*X@-2;djg#&ajS6pw%ha)-F9lJ-kPFpnH{gbNQoY2i
z2`v3-g)YVXm!ba;bO5PK1bn9GH>I>Q?iM#!I^LHksp89Ppd(deO2%H8t%hkPmwV!&
zCQf1Xa{tCKnxStz(EEkw$G0I^JEc4O+?VoS1cC$cH=39}bHaq@8M(Yd&NSCD>?>LJ
zF1L}s)@fWFch25@!^?PPLZ?NPuqStruDvQgP$H9o3mG+s!6Peph{9MAO`mkrjqB34
z)R!#C^Wl@Gq-D5E^Rp*Ei-7+M>xd0uVLk^`;DarSrE@fo^d`KF@8tfNp?pn|w?8S=
z)0z~};eEGATxoUv4C$9j$*B6;Vb$nzL;fTsbz?E;O=|QSyVXd_iWS?&y;F!bpV`*r
z-6;L^ds)>sYUl)u6bcQ09cp{mKfE)te~kR@(!h_AmM3okFGo9O$ha@qm8>~bP0QTK
zp+Pl!Z_x4sESLPx@YF$uj2dF$3w?}&F;dwLP_(p=TxZuJ8zPN?9hV5$#qAf-*}wIh
zXI;_MfMhyNlSgN~Lb}Jsjx&Pa4*Y)kJYCvXoVL>jqb0+|z7egr!eNxi;KSHXu1KPg
z6XG*z>pSb@`EWZMC&jxuWjgDDubJ@i7Wa?*yK=blV^b_l*SiV%dL7=Mw^4po@4^S!
z5mZ<W#*-JQ<6l&!D;ZqNG>p+!SPkUApA-7dubxj!H52;wQjha}BpGsX%4{i(3(zZN
z!sXL4F<H_o)s0f1_^fy5fiDhiM#G*x_&L*YmOtStCezAtJD~ehaSt0oYTh=FY>m}*
z6pA-u{&CX#s1u#7Q~7@BZ*;Z<$-^($>`W=FGEVJZwKCAUXAh*g+)T@MH5%tn$K+LX
z=C6u+aC?qM|K}-!f5=jU4q!=wG>Ymg%5*`UD5|ojHSt00RUUNFO3FwXw1S|=DW>Al
zlfk|TeFdK%(&aBuw_L@vN-jg;Dw~dalD74GB;JqaE6KJW+K7lpUfT3Gxd?fyD)d&_
zqiucW<X$5r=jGBJ$0>uko?}8pA@^xo!AqeJz3sM4oD38u!Mh;FQon!SQmT&OwgB%h
z?dGxt`mT<z66`WPHkuj(ZG>JXfn+e`#{*3|_!@A<1mvheR%MJCR{SSc+*I#opQ>fb
zQDdohd8CPlzEV5z=BLcX)3NY6%lQw1i;Z2(a9sgL1uyy9EX~KR8zJ|ZDO=$P3UzB(
z`jX~d(kIXi#}HvV2yd%?TpRdd2+Pmviwe#NW4sE^0oe5;?^dbCer`m%5KJ7sDe4i9
z(EV=<<{za97aJ;?nYEywHWF67h+0o3ONrf6m^ftyL5=lHJDGl!S=>Z9c0pa%cXXfQ
zwoQS%ROXJ6LQ`lV!Q2<i_AX{dMdxZ$v+vpL=0H=D<O|^ks<6Yj>xtMWDo!O2HA;CI
zekbCq^&5Z7*7%m{Cj;&>-MzZB7CF5$_XXQ#=M}ECefOESNjV~+me8&+w;7i9r*tc8
z6!w5Ilu+S|#QoR@wUITPCae2{+b=0lsF|2nCT>P$nTsmHvwc0^uxl(V2D(*?Pt;7S
z5n}wOs3~CZSOR$-^1h~hgE=oFS=$u{5_jaNaj<`y=wU~`)A==QDFI|2kuLj;IKRQ^
zkFxg5OZh++ic9-kEw!Z*41r92Q%(P6D*xl~0D=@CgedSa!3DZfHYkojM~Ws0n_(9O
z;OrgwHp^*6opKxx<|%R*^)QZVcT7-Q@(Nv=n<dGMr6NhtnL4>eLYht-=~h=|zswC@
zN;NnZO~P^bJLQfvcNyBc5>Tv0I1zNokN2Q97%Uba=J5jk%9a){Y4|O&xV&u}eWER#
z0lj$>v2&85q#Xs}({ePDCeC`6Yks0;bnjWT)#oxJEr6ez8;6WL_puk`u{kPjIT0Vm
z{PHvWm8%9}rTAJ`X-%S^K}I?@;(Tk1m&!7~$`dj!Rq7pYyWtD#J`|bPC$q!HsLzjl
zu~Gh>oB36Qesy6q5h2Wl!^l`d>#W|6?BIN|nFf_F-!bezWW;~*NAOSt76OZv(F}f>
zF`h&r+kGp#=8g58Km_&yOq2kWG32Q(7yP&%aqir5DvXF^vY%Z#n?&v|)yQDes(hyI
z`;C3Lh55_O7gD`F;K#+w@-atQ`QfRfIS>m0vtuDq)WYhS|M*Z{^F-fsaVWDFvpJWO
zwuU#hH?N!CgOk^eREjiY-ykP`g|n~y6cJRDvpJ+8r-5+_MIzl1ebR2*XnV1&w*iWT
z`r3$kFee({VoN3rvN3YZ8ir{XIC_ANt+TFtq-+<8i{FZMx#SgMiSfgcK9{LBC(W>|
z$V8}~?WduPu2r0UPjObj!U*HF9hM3v`c@`=Dn0Q3GkCHME&>hUVNGuo#>S1So8Rd!
zh`44@rvB>0E_=5~fqsDi$tb5TUH+?0D@Ac~*>6k_q6B<u=xPWBbL~|z(HN$y^!OEK
zy2Y}c`%=_8r<u_)Nk8d;@Apz%hB*#X&zc(N=%aBrYl{pAZKC^lO&p54eF+<T;*y%2
z?V1b?M_>wp#1#t6_r?^ZN481E8$r&Kscva@Vl0?&%aw*mD~o3heQpXG*{U+Pj-cf#
zv&f2*79<|W67+As8Os-?n?3zJ+Z%fw8Ox7o^lgu@!J|Co6AZH6UPMVbo-_g{!m&_9
zu}jGM=jDorqA|+T3S>zmnN2Ox-?S=j<i6+@)bna5WvwV?`I&O?*^1G0BlUd1lL=cr
z{&Ks3>&m%dVxCVxU5=1HTXEar1-36l2T%Sd)H{QRux`#LwVqoC4)pA*V*Cmue(uMv
z*i{@&nvz&Tk}B&HI$eP57u7vZl9#ft>$UrIn3nKu)C{xbdos;{uezUpig*B0>pgSX
ziqR|?sWq+^%yG&{kbC$V7RU6eStU<VKGe7peOstK5OD69W!z#wL6*auR?3$OcYbw3
zE0Oc6%0@iAi(dD%bIM3{`^jsCp;+X!8$wlj52TFQuRk|?t;`4`Y$m&0=tHtMaLP8P
zWIe4wxg(OGE~hlBHPzH8MX8Er)>fwME~^QX*LcblV97)^O_MV|fPf{flnL~Jbqa+X
z-h~@VeP1QzcW6LB!zqpef6q&EWQ)N<R#7NSS9&W;&?K1{6O(CErK)=NL%38G)p%J4
zb88Me>~tgMRhHW`HKOQCcj<J0b9S7}HG+Adu{eY30${{ob&8S3OQSCdPH&iJ<G+0P
zH}T;Cy|%-6lkNzz!brTW?ZXLI3(NM#1z{kg@B(6pxH0)s^?+ihz`oIYR%lM%PG3sI
zcTJHQ_=NmrgcKO<f7IDJHo8niGe&w8PMaRtG%+v>qgSXadg@k{(JMr4ITd{c9M^tL
z+HgBC+xB;rCErNee?A-RlJKxl$%W*%jm}G&vd3$Jyj;m<<}Hj2(9792QAl8TK|L^>
zR1=f=L%wFyk{Q*XXzttT(nupEhu81OlmTji+!+c~gBG<}_GYq5VZ8*)L2x5AKMDQq
zIRGEkJ_8FBME{WQiHS?rp{d;%z5u^D7owI&U0NJ7PA75MTBjR?MFjd;O39@VPK$@X
z(s584lD>YxwabH~+S!rjT?Gg|F=t0BZU*ei1VcjbuKmwrOGV$-Ymg*1vxMO8&?5((
zS<PcY(-%<Bq-ISU+VmT?_Y<z&EIT~3Brv$OE+FJswhl9@HLX<A2I~Zw4}pRkOWF19
z*mJ!lFG=?<iuT33<$k{CQ4~*w+F_lIvs&UJQF+h%olJdu?i-EUb&K87ed0bBILz1e
zRQnpmX;h_}+Y`@-aYg|oJSb}>DLA^T*VD)JG*IeL*<a3N36Nm1_ToZ_yh>Y0)>S&b
zvjI|K5$IZz2V&Jo%CJN@nyTqGWteD(Squ~8=O(U1*3%PgF+p%azhs%cgTL|0Q{%*c
ze5W^i2Y~w=JPCv1n5g|sCXeZyg@9JJxGb8FVOj2zomv+<<9k&k!p$`a9+mu8C;Km=
zk<I|)!976>WA9d_7i-Jit4`Q0xA~}VFNAQVeXIdj`%=c`;nW#x6#qG^<a?NF<{gKA
zG<31wOrBq7^6T&dt%06P`sVQMdhfMUF5l1xOu68K5O+;Rd7<a|em?iq3(<U&xK)zH
zsm~Y9BUpu8KRb@i`nLR0BNyAh->rsZvfX1P+}^qYtC$Ix4%@jz6$`6p<oF|F!<ui6
zuTh|*{8YIJg*h$o#eXfCi0~$^)Ev(z0ovl{WzCu~quJ+KynMSXjlLW$f3Db2G{c;r
z1QNLVodz1Lh{+|wep~Jj{LV^^Tp8DW$%?5ZEjHQTE?XHZk2JgnIY?S!qtu%^Pbyy^
z@^ksUpxR1)&P2eVjOa+FtOc*vY#uB&4e$Tz4920LzN^|Xxc!vvTHhBPwjhs-y>o1_
zc3D*4@8Y4s>$8@EKo~zPHe9ksb6Ij_W&>|T80+il={e36l`EaFqh35TAN;VquJRfP
zeTOkTRBgD%b>zkfWI%t8)~L-qDzRM`wM@4YtTEg_5*^$$7^}PK&Tl?hnv^R$e^rOU
zEGbLqw@TI?64#C#@Xpq63szKEJ8Ar^x%7B!ff+FWm<AbiS0IO(XGZuD(WOCTWmrn;
z>uQX+Biky4#xQ;UtXri8F2cugNs;36#@}#TjM91;GPl+(s&nNg3PKvaFuc&QgD162
zoM_l{CXg+dP;oxr2aOVi)rsSU^-gC5JL+n!#cphaKUTBhi3LxwqrXZU-w1=(OmO7+
z_C;Yc5J9a^g0oT4BI|7g@4xB<%O1jTOr2H?_wti%#kxZ96rn*vX!Lq?aH?Iw%f?}*
zZ4GgtC24$ho#nAgv74{bTv$aDMJ-P4L~r_qpl#H=NJ2l;E8z+*E1|0*ewdbOW%AOx
zbeb<)D#6N830wsGq;QROZsW1Vwn3Q_Odv;HWbpJZgy%PXPM$0_)6l?QmHPJ#g4$+`
zxjeA+`I%b;C^hMhkMdy=4?9V)R7n=6<|Rh#<zJ#7i6yY$G8w1$A+QkIGXs37(H`-8
z+GWXURkEt1V<bIM9Y{xDYY&lw<Z<N-*u$3gDb)!A`cmMr7EAJQV#k~%Y|#>L<x7em
zibRlU6`lTP+CjsdAEvmErBVWH2Of{dCOi~dn&&eVV}1}z0g%zRU3n`^sV~g^8Eplp
zo^@B@vgKCgjmrF5V1GojyUbUSz}#MBC0};F`nYc@gVpntH>_z{=~Yq5{`_($$Ec!O
zy2!|L&uUy_hQ-mwf#)&#gd%D#W<f4orK&HsQ&&Qy6_KT(e&bez_6!_OnaI%AD~4xV
zBK>?%`}w}0eg&4odXdrHEiZ4!Ljm0Z$vDqpEuU5Vu8k={a4Jt07vUY8)>yLETn&$Z
z3F?iJAeHV6pf})7=2(7v{VtyIIB-&T9L85v-4Mzrhl?7oXeN=THo>BTF^7W|<GSmA
zu~N`F83<^yiFiAi;$C%r%gj9!Bf{FO_JzPrx&HpU8%#4Ml+KGNk=d{2>1kRARCc%v
z+Y_E*rM_65(+PEdu3s6J<C0nYTh5*1cu-XqixEwVL}^RHMJ;tn?xW*1c$PHT^U?&K
z6oga>&N`71VXIXfMN?C|HVCtKd-(bG7<sT^J;f>%tzGD|a9Re>0?;8>2klWV38jYL
z6SFP)s+I7ggI<wTp{)WIPpO`Z!PC@VB9XX!RE5gL;TR^z)UjE%r%Xg-Q3A$nBV1e|
zv5@4cm65cSKlBB*Gh&cgBIfhRi^M)+vX|FRq`=)7vQZ%mlS-tLeu;$UEEedIB>pJ*
z&Ha<5@=%}mf91>@Idu*d{%)B<Xtyq0+RJZwQ`AogkYfxm8wsXWjwI-@mI5%4k&4t+
zaXjQ1a(+quT?-f4auc4hB_BP<^~hq}azeFAt2(qci5r&&_hCJqX&f%@9J3)*_#sjq
z)lj?*7oX?QRXs(-H)S4KD=ww$-Z{ghZ4%o_&@Qn-(!^?@kRaYqev^<BHjhk|3S~Pj
zhAwEkjznn9RZW!5y3ootjBf36F5AhcZr`@Jzpw;tJcS_YH&Xti95?WD+3})6fXqcQ
zOTbhn(Q&Aw_<fsG0A~`+UVI}=U=<7crwj_)WgA{{{qrba!o<gNbgFM-f*M51c9^KK
z+#-6ImZWk-@r+_4GP~;{0TI&_$ZGW1KZ`_y`UwB$L9xd|T!!3|Z%E5ULOeXxcWAqL
ziXju&C(_il>aUtbIH}PkA>a(@#Da(@Kw};`srXO)_(p#0Y>I?oV$mBVsTK#`pN$$h
zPcK<*G1+B+oa1J*GA*1OP}yl#F`v&sZoi+F?7ykhC^RQxRAiiRorp)J`Bn;7V{?)L
z0^MHw)j!4JaPHR5HcZ+4g3?cd0R)u@EZ9`Ck!E;NyjGPn@y>d<6c<?S3cqB2EAy~f
z$$|rqkKQGE8=-EgaUkX)20K3HV8SD;#)(Dxc#pVAOy^h2r+m12iN($z<f0e-e9v(m
zge7wFp^H!k4YJ*bwq8C9h1nD^f(ftsh{Q>kN{(BL!RZ1)sLy#I-9>}SCj9;6f5I?1
zl+(}Ed}Hq4PkQ#u^gf+Brql8Rg(7nY7pzMUa=WDTG#{S1x+FQA&Nkg(4sip2wXe@6
zbo@5En=<uUq>^ofg$v8x0zcc4tHW@}ZjMv?eaYaIb!-c)@<B<M)fAkW80xvGbC~eO
zv#~>~zKRg1_TzQ?IeM8?I=kyjx_rX!Y=GWbp7k6;-A6daR((_o70j#ZL`WG`mprB1
zJvs2XN#~+T>e~!{ggoW--DgNOSweU{<#AIjk|i}MDa1R<E1dTrZr*L&n=cOutY)01
zgv5fAC%@u_)-@#^fsy|j2_0L);=nOGALDmB&srv@yTcTcA%M<5E?XoHIYpR$%>D_K
z74$%6zo%J1HrZ8mQzSx2uju^0fEq74V7+dTf4XNjCFGll*Nh_D5F8e4WpTgYT4V`P
zr#IZzj}VF#1}Q)f`80TGtq}0$60kh-(D11;#&G}8D$CF(f86C4+2Y)Qr)IZP+sR}4
znYVWZ1;9UtQ!0$qYWNe<VnrrhTkM5#-Q<iu0Rv|u_Cm<2iHx!q>_jV)j1u;O*l2qD
z72bg4mDbweXE}jG#Naz_yqeqoLQ*xEA-NMuQG*JX@s}@ke$M;RmZG6J6icp6rTGs<
zdC&(z%4RG%?|2r&KR8PS+Da5fLQ%gP#27wmEI-1p&80zhS-mUXAi3}Hfa_}Q&GWyD
z>_C^%!G!-DZmUUbP7bN?%s*0>#A-YISwfAK-)oi>x(^6WyIL0X<*F9i%AV))`)8C#
zUPmwMXkHquTamxh%XDTal#*+^<*zVHcVX$=r7E)c`7P_&)a(d&5n4nZG;%LKjwyi~
zDr@QcI%Eoi+(ApRASf|V^_k%YmuL5n4h;6_b}BgMU!A5blFTzCfp<@4MvqyICG$6i
zrOAAS)Wx!|Fa;i%GBGAJf0pI@wS)QSsiYijg?j_&ukEYM42~UZh_2@7p<`*PM?}`<
zOHn)val7DGquOmRBYjZ_8N9HhN<W?e<tHdI=%F6yFi3UKO%b7C&Ype+Icn*FwuCH<
z0=?wfj_ILW@!|I$S2>id`ebN+#^^^<UgV4Lw;f{p+XssG@I>|}`<Ni{aIJaWkF*E3
zlY4NA9ed3RZ~qJimpMjCn1^#FG{Wl=_l^BQUKt`5!&-lP%T{_DgtIpMtoQ%)mEPER
zvj&U@`y}C*M-&i%-p+za$GK{^UG`DPea!W|IgPvj@#4eNJXKrsDa7l(6hX0L1JDti
z-Ha$Olmwgw6%Xd@1*>ipg2eK24n%vH7?*KD!oOMHi#4}-_28<<z<qt7Xfin*Tvq%w
zPfPWD=UF$D*C?5;O0-frk_*jGU*3$D#Z^(4F9U@zx<wi>BV3RqOz>3l(UzUVCp(Tf
zd`4@3ONiEFJkxTHIpbXFL*{v;w^4YHzYk}RND}<xVi2ISk}DvV5+z=s_9Ei3&|k|C
zf?>WQ&Z09@HJeyWI}yH-;kN~pNU}7DR8aIu{GYo3KAB*bP;b9Cp+2EWPZW;Wst}Hq
z&|!@Mh?jw@VQ?S#xjS!@$gNIJVvl>*9iiDngMCy<XJ(v^ppc%uK{v$r3RS2TrPR1k
z0zV4>PAeLMg}<|I80|R?5yh-**s;m-A=^bsgm5ogSV(F0R@=E_vA#p2EZ`;zv?YT4
z{mC;!4~A%OWx!phCFi&JJ@@AQ$>5YIW|FR60l5a)q8z76Q72YwpB*u+aNEFyo+-m#
z@}(OAxk!xNGtw$%{%-gE3VfD>jFD|rXr8Y%Hcm)=0oiGN`xtm>b*C#no(6Lk#mvVR
zi_z4a=eedOn`pF-3H!}7MI=RFnkn*;Kim)#?&5c89UMo5Uj`3p%oGoxK1hK2BMki=
zRIgSd2gD*)Z%io^l-H)GB57J1SpS5i=~)4v4a*;N&2ZaDx09G~^SBG#)UdU_DVn8m
z+1&ud;G^hETr?1UFfvySD)82Q>Ipu|`)xS%pLG+IMF!xm=tFC*Yr)uBOAV7yjjDBX
zHZH-nSGnc)*c>0zV<vF=Lm$HE8DFN8#NCGL!jif4uNM=Mf|SY@XGd5p{W1qJP4BU$
zA}08_E!%Ob*vLtu6z+pmEHjy$ho7kpeV<w-?|APGKd)j(i=&Db#+isL#QGe*qb0<G
z(=PltAUU^LA9*mlyuMZm<HwCxu8AZZZuKoa<Jp0{gzPRlklOnhN6dd1gafxHj~9@$
zihinVh~Ay+pxI=DHXJ`Ec<jy!LVJn+>3l|^Fm?QtU>hl18kdBZE+9jcmjfemcY^L(
z+?x<)bX^okw)1u)jFA>*GQE|7sKKPA*4|#`@$nF7Cg2D_3{GQi_kO%PRNE=3wG`Re
zoBaDACQBj0)rUm)WZO{g>+fWf)|-JhlN_h(-_H+gjV8X<o(-lLUhKN|Vya?7<mnQD
z&S_QeM|P{KBE*AbG3a=|?0-G{*Zm3r8hU(OnN!y4QQ~jEPib?tc3-~MbEaf=+9@iG
z7d(8{734aDiqXH3AyDr3FI@Sy*kVv{ySE{`TbJO%=|W6#ktanrw`cC_qt+a4nJTvI
zf8n>>;?KC=e8=Tu9}vT#NrmMvTeBr1ZI?2#e`^M`*=0!5kE}R$8p~~@!Z^|VOgaLM
zz?8TEi!wb17xk?$#}}jE`|=O|Z_?3Dc?#P5au?PUYMFN_kE75)N7+_SxFmSp7?885
zbkmozL~$svMimzK76`R@=#LZg?N<yo3U}uc9ixPML-9O3?-<ay#zB1v87v-L>UiIM
zW^#;Pj*_hVvQ=3dI`fpB%>ORir<=l@GcTO_@XS)qlJwq>`4ggPIt#Z>Wrv3oy0y|3
z8K6>ob_OmmuQp-Y8+tC;!4}<}Nfdfs{4<Ql$)HwBRea~+3MsKkGO75rD~8o71eI5!
za?>cKQleFmthZox&23I4EzhDp`IKmg{4U{5iGeOGKl$2vtvnRatQ~nbzK^D9TDz6`
z3NWT$uRVWev7AZ^`7F~q?eQx%VSZFlg1muO)I>S2CwhxTdMK*LwYN_^z(%B>i!W;T
zLEI-b@G9d=z*lM%i{Mc{MJAb|B7FYY<|?jfvK@FuY%C^SUzS*|B-kVeJCwK+%Ivuu
zi0l#Az<?w5tm3{Rk6B^itG^0`Jd7V(8=ruaRjC7Ijy<TQG0v`wH7gF{Pbwvvn?&!n
z)?SBfFF>f$h{y4^YNw>k2l2JHf3(x>Z<Ga~jj)W$a~U>9?w&!a66Ui=PGT=QV(tR@
zr$*P&)MNYN9n!n*r=6Wu;%d~T>Q-hOye)Jt!?l8P2b5KE2{c&n1EeDh7VlU8DWj#!
z!F*LJd!FVj35m7-MF1p1CuqzJb89zwJXs#FW>uvz&Aoh}TdS3T65M)9$a$ZX77%?^
zAk1v;;yC;GElFN7_?ikUs*jn_9WlI0kmJ0;E!SZKZ7I|`)gXqfl}-p|);;Dp@;-^Z
zEnLl8wky{{2vx66mEn3CK<Ei!$$~-pktiLnb{|abp3zO@@Q&R{dCz8+ZKzS^<+8tv
zfa(U^AE}Q}A|dUH`}-kZG{2LrVU0Ar%M;gX5LQt5Apax_y}kQ(?;MvFN+|m~gKkuS
zU@q?!HYFPM_2M87{CjzJ$68FpU~_WAt0PUrS|LohGsA0nN@{h5r$uq(J50xxe}^id
z1S7s<)FXUkO@1>(r<W92fRb-0eEfi4AD3CzQ>1l^_~*MJeP5f$kqv)LJ1sA3&4y!U
zpWr#2h0%p&`*=Cg;+=oze>FNFzRA7}ah^|kF5afhKvwOwT<x^+r_@s=(PH!JIMb2s
zbN=gWjtq{A3*pUmNB;)brUE7$e3c;2de?rl!)eYIatm`OtN~S?;i1hg69?+FYO}=V
z-Dsv;Qk2@Vt~8HDeZUkWpcewt17_m@Hus6eWTydDOHoYpp<vwY#D(`!{%+yu*$O&3
zCZCE`cx(DYxDvR^aLLjXl{4rIhi#UhY09u-Rkxx3MNpdIpq9uC9mp_Yx|i0-ShoMn
zU#Hx_4fR8w6jt)I0x40{!!)FO0cG+>U&~N;Fl~Yx&ET2^RtX*-)Bjm7-n^&iXbAgy
zEsrIg)Kf(jp6?i`(_mVmn%k}tXfGrO^V;F<N3-5!q0st=_$Tta)>lZwlm6LS6DJwo
zuYbEg3gDLjY&`O5MGoV@nP0l8KQc9QCzHJIzr@1~X}KhP$fjCg%KO|*D;lKuq!7O2
zyt)Ju>Yil5Ku?0Phzq8vKuYHbsHa8|meO${l|%m3&H2^mV<AO4sowTi1R2V_K2H`$
zP(PgIXd!KcW)SIAbb!yhRy;QFZDa!TnW48CdVH|}9qdnzK54aVhr)4^yAV2!h66n@
zJLHsTTsNo=!fiVC0s_!pHJXiSmD()V?9}SU*5n4J01uCUp%%CX3yTJDA72lC`5}Kx
z_|U)ilcmceynJh9a`|HD#wWOQ>4Mm8t=4<lb8d3`X3=ffXb*+%htWR|6I{8KUwEuv
zT;`^FcV5fziS(=NiA=r#`yO>$$_Pp{j!-lE%S|hKtK{rZ!H?y%eB3DDzrKgW$dOrQ
zbAI?lS~Joh2tT|=488bWH2gK0CBBOag@X=s5s}Wa4IOtI5?I9yP|h*WavN7$1!jm=
z1j`CK-Q&bWLV<a)IOMM*c2sI(C=m_fyIvUIxavf+NN6Pjl-~6x@c+kBgTX`cPN>Vu
zNsPzBM@y5@eu_*$Po3ykU7}lfH_u=NmI38aKBQZ?cROeKaCp?}JZ<PA&h8$bl#o*Y
z-!m<shme2`2X<Cv+)Yg+UM}%e_l&%xem{BIVd#etvvKt5)tym?g|8I_sKf8*=RZb0
zNwr5WP=BHK-1;YYEwjPw@70Wn589NVoc~<QVB2R;>HlV-#=v^in4eqqL}Oz$6sGPf
z6lzvf1TjRxM6*z0jPep~Zi@)r=q*pG9OmLVz!eivB;ti+VL&*L;N{6GBqIhip!4`)
z5(>%pa2}-H3xVP0nF?u=!66NP(ZusO6^fHNd<!qL1}4IXZ#;x{W&KBZ@{n>X1qg~X
zj|EdnSpq3{-Ho3tg@3(Gqk@7Y0z_V&6L>tPm%rAU+dF0sv0vFhb!j<Q6b#f~(buUM
z(^Rr-kHXl=B-5bKUPX<#?#!0m-{=MxZU0|h{<GZ*B!F^qrq@9q=#WR=zO_rXUC(>i
zm&CF9-jHf<F$2?GS*OhWagoz+(zxUM&c~PH?{E18(5GODwOAC7I~xFB6<9-pdJr+Y
z%`oc?$PF&0W9L0<@<VX<#db$ENUCwoGkkSYluVOucBPHu>iG6TgCak4%6ys3+$Tjc
zj^l@upazXDg9z>8KcfbFj{`?%h;Eu;l1EJFYfXi6XT<vPe0Ih<4!qPS@z>}eB~%ir
zD%PrbZ$JfdNJc6VU~>9;_pP3Tf+V+5!0T=r%Tk((AZhx;32rNn{ERQW4+Pz8(yqLX
z$F8UMtU?1JMSxwL3Hg6fxqq-(o1X|*W{K|e-`^i(o9mFpIbo;wx3Fv`sL&`8)lLzr
zc)H>hMEXe#9@A_KfDuho8iB}TDRAeMxEhUch>MxBWn<|AB`{X05(yTmf2yYBJnvoe
zsC?mqVZ(%x^ZMv2=~F*9#bc#HqXqT7u~>!8E>~7UVi21OH>Z3L97Lbs9v#I;xK5dm
zCbTpki%W$&Pm;3E#9e_OIu;K#uoUnb?PdDmNtaqEMW=~ZeM&@R@jzj#4I&d>L_EC4
zuPYUip`Wm|nhATAA0;K}yHb1X(RsII(1%)|1FG|cL`W{eNsql}13(^ct1e(;Kvc^?
z$4-?<JdBLUa#3oqQ<A#?s0N0uYTlhvBb|a~Cqng)zle0OHh$<}HTCRq{JY0o*2mb6
z;km5T+RsV%ea$I;CvZ4XQXjgS%7fmuqWp?Y%CctGYYqPWWoC39kNf<aMaPA&41I^2
zhZjbZf+MylfsEUE-MmvrrQLUvbPp?9h54!(W!lMQKV_@Rr{b2mR_<nWBb!I5+&*|H
z^*2lUauCBy5l)|SEhL&5t4QgWGmb#OG#4vN>L(lWSEz}`eb(hOd!N0}M6j4@5_s2v
z1s4T6I)(nNVvu7CaRKJ4=dxLP@JWRqoM_l?D!F;tiGfl;ni{!DHJ<@p7(q5xn$aDt
z;d&^tswb$KBshq{s5f?R1G5PD1gQZh;9)aVYf#fxE?i$iA%9IoiBg@lj>k2`y^8Tg
zZ~mV+0lv5%XiF0Ki#gdnyLD#Yx0Dji!+0vUK?br(p2#5-vWRm8M9rzShhr<V_3n-I
z>XFvY9cK6TxD#XIDlsE1ee7Vi`LNZfH@-&GhDt`7Yw&v5H`Uq3&=-v><e8)@6OIx|
z@UCN&G-H@xMw>0OZZ(rS%}Pg0d3on2Vx&u-^k?g3!kZ$Ukxa=%0_S~>gOt@&mg$R#
z^ZX%QLjWRlGrmh24%{PipTYTD7!}HV_^Px{lbHXFIbrQo4Iq=Jwr$#9ffRw5Ju#fr
zSjC4rg$A|xl<uzQEyGLDd9VV18<%i}`6h5|6aI7=quiAChtjDC^4H2{4y!);CyfT@
zKO)q3vNV1(4rObsq2_+bB<T7;W)}z5Dd1-ryne!8l9-14fzzcY2sW1pMBks|YkiD7
zdG@Qt`c67tSt>88Ha5wwpQglM9-kJq_k*W+2*jIn7EuD;!@~H%q!uSeF}*}H!M5ZX
z#C*oLY@aQnJPE9nC$(1TKBi8>JysHNNB#wbdO490yYD)c(9R7s`N1>1^ltdt8qxCR
z9;V;%*LL6(eQih&x%iB!9Qlr#h#Od6;60tR=?%a&FOP8NoR%@{4VHn*U_TlYKsg+#
zvE2iu2(VF^hKzX50!k*s*WPlc>MN)?>8!7&WHIz5?7%Se$1oR@e|7FEHZv$V<?^m7
zvLrN@;oqhoh${@jeo_le`g#S|D2KdN%0e@UJ>X^izC)_vuV<?)-3_Fk76C*IE2-8K
zQFj&IkmVSGMGMSX5TVq^`tse0aVNK)1pJ$OM1{)M(*OLTB`o1M&=%}@#K03$53d`U
zS}obg=O7fdb<3=#EiNkcv$2qfid1bp+t4k4{vOA?`V+;?S!8xDO5jWfxV(>)(Up*|
zIzedr1lwsuA4T5N2v0mF3$>iIA4rLQ*Mb%k{$Y<ldR&0O?h%5!UG6}kWnA8|Ra@Aw
zPy!$S{T3b;Y*Fyw0;~@$+mRxoK!J!yKb%nx2LzlxxR3w{g@x4-<SWtQh}P(cmI+<O
z3XmY|oL!*R8JErF2d-29uCBxekb(%opV_UTY8OvJ33svOLI6u*z-C|xCDaL{y0uae
zR2|)VLIFcY0ry)VZc@}Pg?Wc`E?r{bDx6$uz3btUNIUm1T%Okvy7YC2Z}A0p8l{j}
zlY(ajCKT!G*fL-(>KTE`(l&jPr4BiXNxsqLfcuc?PP!aby+s>nuTagh6el&4OcW7R
zi8-<Q>j4m^jGQ}48<_?6C(6O}P7K&{{egThI)&Xbj{(U@2NMn<Pt3v$3+{ANmxT4x
zD_2;UudlI6fO+QH`xuH~5M?iAmwgNtKa{u&**OC$MCh9|x6Fmk^L`CUFDl><WM{Fa
zHHf=?X4Gq6WhyKNc+CO*w$k9uocYHWF;Y_Q^!Oy8%Vy}9|L6IA5o&;Yg_96H()A(s
zu2a$~*XHro$!aCf1Q>b_Nuc13O?%jE6ig04P4M9<gzl(ksZ|5n`2I(y0~qN;2v>WN
z-MaR!tjL;#214Xj+~%$w{@2DGhoOGVX*Umab_J_7MPKCN$dfn~O4V;WgmqZ?tg#Z@
z&S?a@%_$*=4{v5zEOrfDlFZANfXS4QY8fo?ArM&5$~zw~z$TvU=l&2#60gecekmtN
z-#SPwxMeMRl18DeIPq~7L#R;aq_#Y>`T#_jhoJys>xWO4EL&6MFK>7uM&W>p3HM&H
z8uhIgs63DP{opn*A9jU&yv51MdY8_8{O=Qq1-ZoqY(&<lb~sAF{LE@iODl}$WF-|<
z+X{lPWk5=oX6eejdz0;K#1M$;;dHPRm}J-qhQ31EX}F9P5cWN@8ra4MWE8_~Wt&&@
zyFah6b>CkM#x>)G**?x8(Efzf(W0IfpX7-VArJheVjYim0A!mpFjc<Ib19j)Zk}?R
zWB+iL73LOdZ8C4NE1Wm7?f|H=rGzZ1Vn9eo$4g6r(X|CNSFuGzLeV<jLw1Lyf2bPM
zAgD8rP2jV^PzuBOpl^qu5dkdvbPToMMwReO$^a8KoiYjbc~3_=Ddy6&P--E}eU0j`
zHZk29rnPe#Ysejuq4fH}4X&BH9dU}|>Mv^ZuQ*XA1@TMcZi+N;Jm(DnKeu5Oqdb!{
z{VW+2SI|3=1d=l(+F0)JaD~l)9Zzswf(wLRBF0p=TSX0|58E$y8ea7dcXsDvsC;)u
zU(f>HdleGk<5wo8hTh>+`^X`e8-waq9Hjo>sag1LX+(E+YD3VfFgn@9nBu;$TTMuj
z%$@RCIcemTUTCi>mmwba<*Vy?a=i>S8ibIGDTLU8N8m?92rY%YNXV7c;Y3(b4SY{@
zwh%RarCj+a_~d5i>Z~UpN&>ar0EdL${T}Q@8r7r)E(v+uD|iwg;d=1Jy<1+_tv4(&
zfnf&823AmWhXfC%g${UN5j9t$VFj)cZk)ao{(#Gt_IIZxFE(H^^c1yg-SC!KPogo3
z!v3x}sVo%{3TG1LFZ*hZ04lt?O-Yllt&z3r6ZZ`-{7-~5raofrsg@X92o43PEp=dV
zw)V)iLTAO@lA4`rx6Da>_x<s!Ib3(5uob1b4)iFxwQM;Objz!(znz{l_DVaoH}s@@
zj9x5u24}`0LRGTLP$Fc8+*eC#3pUBGO&&OU6xE+#x~Z<>vL}lUYfgHW%<%vRU?qYy
z+W3dAB}>=?p37jK9PjCLmXAc_WJ}K0V&sGrxw)#ZgfX>5GaWf9V^^yhRuXK8i`A?K
z0R-G%>ra@-9N5*7viRGm1uSeNmK$0;j>{Z%3JjF0hCXWhT#o09IE(y^t^G!?1-foZ
zyv0hw0KZ~cMTci6Dl7)&?}v{#tHbRD*7Afy&u>i=C`bzMw2!v4eILHiOkFSIc+it?
zeMwlY=cJ~|e<%apXDWC4>!PWCPO<9I29-i}Y5CAQL|kxjwfFV<mKh%MCSoF1omNP0
zx}~FFJ~8dNtjF?8EN7#Y6W;+Y=9P7^q^?@chpf1pwww%MrVj&`82y>PGI+yjs97}N
zXhDReMxoRS&~By-VtmPD5k|G8M)P|7LFU%el7A{#mOD{s$;o>gD0<05@?=G&dD6m4
zEyMCOEmk1hoFcxJYso?~nf~&IqwKMujOBvk6IBK&S%R!cHMj~N>jHeC_jc3&CTq=N
zF#ECCx79xyXPVJ2RXo}4L@`KQtRrE9nNIM*M)+SP*a5lV0E-_$Z~@sYwz$Ec)iw7M
zWY92O+P?6shC=63&3@APQvZWTlTv8g&jRm$%(Ac|gk^KhY~YjvPx1x3460lULOjQG
z!t-+9ownpxtBtJnKW=5wnVjL*G-;LqbLg}!$Q#ya_4Gy&0Zy$vmm8A<h%V>(T!VlV
zSios;Y}+UV*l0tuD3QiHhN#+7bo%-J3$XP#+JO@7E~m9%LL9Pg2Uo(UE6`p^+~KcQ
zkSi1fwl#VWG&vnCG;vc;bpTsW8(~b5ez6OPEia4WzK%}+v1$(yvLoS$m?r9eg*t{i
zkI_Vj|DJ-ZJaJqF78NP1{`C!m*ASq>tN4j3P%?F}R_@%gmU)R9f5%@%5&M1My5}NT
zIkO~F?m`46{EAtza8^58M*flARnvFj@t|fI3^bEew_^WN+T<;Tf8YXMfN|Q{qa9p2
zYe?}&@$*-37jOCq`~(N8YeLWb)g++t9^67(JRw1kN*6$IuH6JF=orQyBIw_DQhuI+
zFs_!1?2(V2dYY*o$BM)P(5_)ab~p;`1-K{?jKfUZ^}Urt94PmlCm3_U0VsIL4dvw_
z73J=NXjq@OiOi;aV+QSu^MB5*1#-c7G~^~Ceum)ARk7mkYEr}&Hm%1Q(0L>1F{HIG
zhaKUa+!rLc3YI*llh^#cib?#ToW|~<I9U8-4g;v7UOTm}KT*52{8$s=2%8f!rhago
z+5<gn_I%ykHt>7A4h$9uM0~>}ocFCtu!1$rPw1eRBqBrLK7Dna0fr%U%$+yKmELaG
z?YGQ)q0jZ+wBuXMB|Ny@7q%-<;GON)_>ec&@Yz5Qqy{bj!D8amvn@Zlok((y0fcV?
zmahU)1XE@VfMd$}$9Ausvz^z%X#!%f44|h!GRvH~12nmj!=br+w9@Ggt^sH;lfB?a
zpUYnmJc!Jab{)0ID(+4sfV;bWaCf)6C;o4|aDaIx2XOyNrDQQIY{;z<VCh=F(xIsc
z-Na=YHu(!kk#PgXYDWPp`%c$?N(Pp~qf-Ac3jC@b3SHQ9mwgej{zH3}0S|8r-lXPu
zs|dC;7BDxpYq4@9hJZiYBr^uRzm=K&ZjQ%nVHFLI7Z117jCX^RNBvZS_yDYc!RE`h
zlED)%^tFB9wz4a3@2;X;v~X#U=`IhX!WzlU(3YIY%m6t|FmD7g<6U*Y5@4={-8Z%i
z56j~oTR|^2!+vh!OrVA*cqdSj{kZx86K+9<%tAh;7J~a}vt)Zz4HX4!2<9KWiKxqA
zVBcZ?`KqGKb?2&9pfcVZ)S~nQjuLrtXi?n#c~SfVf_LHHkU<p4Bq3~fbKlI7F&YfX
z%TP*VX#XZRGzWnU&wjj5m1jm>`q;&l)qeX2pxw!`0tCfrm-c${XJPyx>i#5PcAt>Q
z!(;NgvlDx*(-*e+Y-{@5z!Uc?#wElMkD}-?;<D4WFftP3B6|B|5#vC7E{hSQ-8LHr
z4cV0EMy1u1sZPHs-<-IHT8L9>r6wAQOQ^kIo@w$;{p^dIq@C+>nPeD5-GLB<JfD9O
zsH=*gwn(IlIHCE8!HXKz$d*fGnrIGPhgdOMAj6V&{Cc`SPV9zisR%H-4>{}pJ%DUm
zCfG7dO5?4)d5QzUY(D$3)$s`!*_1i};-Y3($G{hh9A4)K@n5p6Ne0UP&RA{s5cV06
zdDJ#Xj*9mQ<D8s*3T?!^-$Y91D9~@hcPI=rZts>pwo&`|m)es$Iw-UbmH6H>L0m!u
zuP%Qbn3Dyv;D2a&rrX&(`$592`7l>&xSj;}ltI6#*JGvP^rX%Il{zMW%fD=fs`9%D
zI~wh*9zADiWg+gN(}2iHgXgR|x2X=bR6ec~uv0zrgbUsp=aM`#gIVyz*YueUxuS3w
zw>-w~T2BNJp;?>wK6uUIuGSZ=24^EyS_9+QO*~T^P!DRRNeqE(VG4q?Woerp0}oc~
z`->A)+abeDW}Lj2N#6#Upwys%$M;Muln88)%~y`z3QZM4Rum4*5*e9;uzi`pQzy1|
z+{Z$5L+b)y-(li`@8463D6mZ!1O@Xn@uC}jX8aa5SriV(&o7}s+*huwu08j@n5Y_L
zp!dW}twN{5PSAmn#Ih9>16nMSx6LL)<-jc(buB@UTr7lGF3MHihiZ;3vkAES2}KQ<
z)+jqK^|{nhBv^QFAdPve=tT8(SOW`%3Kt|^lG((!-?N>PUquzPWE0wP4*SX0hznGq
z<=m)~Dre0MnO8!|nWefXd}Xln3Wb8qjR0)bM1Wo4T#a}z#<V%o)=n+J*2iE30B!;v
z(pdl#%RF-IhUoaCn<a5{j-)(*&BrNoqN{GORsi0JlH?52Y!6dC*cbCLOPBD+)*G$o
z-1_l&wPz6Ezm)6`xzSaFo!j~EUT2&KYGuNIg6r~mO*YL3SULB``FhA|J*;Fj*_t?h
z0ftn2%O#d5r~<rM28o|qKKlQeO?Wu0Wz}sx*ZtLRO@7{S9pKPcVBOnZ*Mw|0$$sMS
znw|7%cfhFWVKw%|wndf0=-t6HkL}_q$8W_peJA8m_R(+lw*=#rI=Kxw!i?dmWMjN7
z5iarAQG(Bd^?X6*dYLgrix^J47^HzUnJQxRE0~Jh{3DSwXl-atC2Je<c7t$YFUuhL
z^)!;6LQ@^|6E`vNVCPb6C1d<PWYDHGZhT4obUtx4bG-J>u_B(!3%7L^6Qr$VRuD8y
zv|1yL4(~*SE%*QFlmZgl@-{+^<$Gj9=0-0C%$ow)u^k8CxcYl`y@g7U*!DK+Pek*o
z$8JzK$-4$C0J}QTFQXODokIz3G^*}x2>c#H<lQpa&ZQ|7D%D<6L?q4!6Jtz7%)@y~
zKJmW0%0&cDiaehLZJg)XyV6~59h7UkP!$wy7c70wsRCuX3N~5WqlL<G#Zps1PWDL}
z(;V|qvG<KE>VvCV02PAA28&EBLf{{XW5(S@-eb7}2yb*I$wUB#LGs=ycoK-TZvn1e
zBH@_bF|W|RDJ1aKGT9Yzl;|f8E>9@jT03T63r*(U+;$&W5&`K_I0&j^>W1RL!iSj}
z)_s31gRiJ--zKs#aH$Z2@T^vfjQhKs#12*Xdw#yQp5OQEFGxW~3LH!O&1Z9Zt>v^F
z;WONO5yh<M<+yBp+qENUW8E*_`|!ochaKpYl*rnIFOiujX}O|aYDh_wuCHj^@yQ`e
zPNM=nx}494pX7I8z|P*N%E^Gs%i+xN^Tq9ljmdZdqG|^>+IRBbrVqXi63hl?F5_lL
zo);~xe<jwD$zy=J<HI3%Y%kB#HU*hLLa)iA#G6ksZ#OM8wUa8qu&JNd<hOmA`9^Ch
zIq?Wp!3#Z^iHI{mJdy#+1@FG}R!RaB(6?ow1lP7jj2U`2yrYtS45(W7)s!xVx>ER9
zDvWOazY8$IDFMR3LxK$R<$fsn$zn{6W~b@Gq)v#EYlAmh21~=?qg>BimJc#hZiLCJ
zUWlvMnOEt;H{nD?<!I3Od?>b?mu1{p)0H_i$nYW>*RP&KhgJ@}QX|+`81kr4{3%Q&
z^-?8Cza?q0z&H@Ao{6_h<e7c5dOV^6Ay@%ni=K`ED1g|Q?h{$9oKc!$jBuJQ&04Nd
zf1g)@nB-I-O4Cx9T#4&z<@CL)SgfXIGK>9$auVvWw?7cv#r=YL3;>5R%MwCXDAU&*
zuBQ4_j&108`_tuSi|W_g>%ZRGzuqq#Y5c3GV?a^Eo6wU(#&TDa^yI#I(;|p*1=@$j
zZ~*ddpIu8mJVT&|7Gtu`nGN~LZ5#qe5|)&ztAW;KW|Q{MWjAg(>293*V{}ufC0x*>
z3TKg@zVu06VwVUL716DI@={Huz-!91HrCDLsEd|Sv2E0rf_)j~NH_aFpe(4)ualgT
zf@q@9FxhU(CmS7|RTJoo2le?RQy8xg2}%xkcocFuWdTkayC?-#835!m`QzJsKw{ai
zi!joJ=8o0fFjIgqR)*K{!nepv73#UZ{he`S=&zHw9&uWF!!|SYRy+oz>U3=qv;kZR
zxddPru?}W-_yT<8|Jt(jR$^`;1L^U~b~*wDMJi|W8}FZC%9G@&z;P@H#YHZWS*R_o
zHdG%_bpNd{&)yxBf~j7<ZEd>X!LB?e?!xtyHSgqXCK?V<ZT=w_taL<Cw^cJo=;hil
z@c{=8f;~WQnP^*N$%DyC_Uq9*;*%lm=3dBwW~y>^G(a(=KzSl;JI)Lqbs5`s;7Hex
zo*Fkx8p!ApM(x@RSBPm5T&DXC6brr4mXYPQ15Sf98nkAoa)k!LMctpr39s2+vw-TE
zpKqTrU=m~d7J0INGzdQK0`K933Gqm=3Q=R17asVv<p;0(I6T-6{ZC&0f8SXlXp+vH
z5~%VgsHFjFC|a4c>GhT@S3mTZN`6AnUSZkr^Ffxj0%%Z$D-nG$j#*{f(!PIY>tMZ5
zHwLtJYO?Six$UHk)#|M>zQjOy(kT-VwJ8N>v@ks|B#z3Gz^{<YSv3xXP-C=iptBk(
z<x1swjL}0?GlC*giME4dsM;Vr^-P7eei!;N*0(4g9#Ha{ZVT=KH_=@Q#7tauxt!0)
zgM+Dhorv2eCE6upD2BR2m)Eq_euRRn;iA@+<69gnVr=6|Ol7Qco<|-LWbxLmwoqrP
z-ubfp2Q~P|dj~foH&=$Z&o)>JjqS0CRJ1_Kn=sjy6Xo&(jVj%as*U9Fz7kiUS_JPq
zsZ0ST3BF8R3tK|xYKw_B*XVURP1q#xHAQZL$|;2QrmD$%aeXwLC7bjt$4Xp2K3gZM
znEH7+G4Vhve%dDOm1=D^MK|fCyolrPlrm62vrsnAf&du^YGf0B@@v=;Xgj5lW-4S3
zM`3CW5(op9f!N`_0HfQ)RX))rMLtP=s)C%zgvnspH6q#)27)hSS`m^8v97nW+>925
zyM$^A`+FyN4ZdIc&k8+e^J2q)zC{6{#P-sgXkM!@!>qcu<71=XQfjZz7?Wd}`~PUd
ze-Q*^=s;{6Z1=OyYJ6$*W`LVDeQAurOu4$DTSztRD3iE$*{l~1RLp0!>Eua2>OiwU
z{UTI4F}0ygnaPO+lENFfvat9CwzEalUReY$HmmXnX*b6W5iV<pYHrCGJrT%NUyQBa
zg|zmQ-WNtcB_88dq(NpKXDBFwjw5E~c-~!5p#k<H(D}~6SNyXItI)Q;RDFzuI$0@)
zyaLr=BFLj#u!-E4m9Zse1=Q-<o*Le<$Bre~lqXQ|WH4H<%H7I|ip~ckaUeuShc#7E
z2RdtzP#8SZ_fWhp@{ve}2$M>gE>L}<mpCxL(bV7Zn#92YH?fqnbF~BVnQw}5x-Seh
z3rq{`ZeLu@(V+O_+M52K=XSGdl1-<qSFBwMa9hp_rTTE;%0CDy{rl<x&_lHFt$w47
z%%e$VB_fx%>F`wJmwIOV{NeWK`<wRpF;5$7yoREBdv_r2q#FMHm#4PoSxcrQ;f6m;
zrm+d(s?HZyv4<2)?{vaaE)vI1JX>p0X#?W(D4V=Wyk?Bu#-BJ;r-joRh&?OC-^G;S
zov86=v=0;D+-Mox-6A-0+006#vfM&>8TG_BaZVO2QEFh-qQmPEL+}kI;lR%4V|sej
zm93$kv=x^NlnVb+B_3TCW)sbd5+H`K%@+}`A!c(#JsiPK$WJ(5rBpyk+Ef9(=bFe*
zhysgDs`;(_iNjx`ukyy)rgQH1K*@EKL0$m%o%H=1s`8U>*ktxIWHI911+J4pA3q3K
z3X}e&iMR!Vcr^{L#%h_@zh~F5J))}X{_?nSe^mbFKffMr^7TK4Xa5OAfo<Y>eg=zN
zPQVb@N#M;vc8=^9uJY6qF1kU(jr~Joxd7JpY0Yr{D;$DV79CcR--w3Gj-yi^z(|xi
zpXr8S+N9i~>bY90_Z|ia6K3#POkwwXNk1tsmGHcFF@7gEpTtUYp?ns`o#s523q(X?
zPa*+)9eKfZwD^u@4<+;wpSoquP@XG_u4;~1e=<TQtV*Q<++d`rc26@E{IDs2h;838
zDBu${DrtC_gL0gRlqv0d5;I1&WRTD^>Zh4J(yw=p%6zBiP%<NsJHYBu6~Rb?Ftd;N
zW)w+cI$<%!Ni-g6`VxVfhUnQO1Rh~Q<9bZu?F919vCc)jGsd<zTw+LLZ4~g%1%Tv0
zo(!jP-Q?f3;Vx?5@asx=@cll4=QNNHQ%A4kKyOy5jUG&OZ(m$zh{H|)#ZEX@x3#b%
zRw5kM|HsukhDX{pUBj`ROggrmOl(eU+qT(pCdtIMJ+ZBcZF6GVnlCq=cdq;Ub@tKc
zKKe)1u2pMQ)!zL8y0FdN`$>Du-~y^HA)WzSX*gr&|I2U386mz$BZ>7EcR-<L)GLiB
zb)BfwpDcPK2qh;Tz<eo+KbIpajfCJW$hSP!P@VodNME3?T8&fPY5K6*^6o*x2)3c5
zn@N#XuSg@}cc&LLSkVg_r87Irc(hW2o||UJYKZ4V&!A&H+Xdksry(Js$;2Bi|J|q}
zNZrW@j#q)KhwxQW@bx%#B&>U0L~-l5RjK?rKIL0-tFkDW>BlxKMJ^K&!J+-5_?foi
zSf;fYX$&k_o<vkyZeJ26-hyZdMO}YDl*@3&Dus0zNx`?0dGK45TWOc30b)7rqq9+7
z@-+XZX~~ABh17syVZmilM8pm<#UM%SO(J1Q=%V0JSl0&dBxB-97OnmiTYXD|qyLQe
z^tc7~EJ$SQbY_h&e0EF!*Jl6H1U^E7eLlQe4RX|oe@I%R)(D6yLeK|vinJStYqGrz
zI!A*jigxztGeAYs=<dc`qDpRX-YVu)M4o?^5KC)q!?UVjLa4RAm9o53b2VEi^Lb`8
zOH?29>gmyO+ORUCpIc<ColU#*5hgbCXP?tLqv3MKPUZ(VTT1F9@0E$crzeo$P+QpT
z{J`@b6~|Ynk<iCdq~Nx6vP5v+lo{lXn@}%+58|xN^KjG?{ub0YA$=4_=`yPPJ(7wN
z5$`BPDJkD~aJm(;k$3?0d^NQY<$<cs_D88C+B1%gxjr2^eu7~o9lmPO34fTN3(YSg
ztDP@LEZS6X@-GG%ycuy6Z2N^V*hJyE+ALy@v(JH%nfx+>r(q?NQo+QSlqJT;*hFJy
zf&srH3?LmTOehS4)Ff^Td#|vf$t(eXB&6_vby)lh8vff(>3I|P*RLwp9=$|z3u4ms
z{%1e?b4|@XYH6rT#lIS7vJBv%y85harK#FV?`>aBRn=AtY3%H(E3;yxDtR3w$6TdP
zx@XdT!b5~Z(GD!vO1Ua6O*JNbBJ*5`R7OYMBtyqo7+I;lekUT>^`O=yVwE5Qt6;6-
z%tg@uS<#fo2r5`qB-qSCn(g&vnJ;vMarg<V<mF4(@4`$P4?CCJ)|2KYCby4m6G!C0
z6STCq>RTe&15uGtqY!{&9)fpbp8UCaI@&WHmDsVQmSG(PI=~i>2Em2FjBUnJngw>R
z&uJb~6K=o!+sXT%vrf+%vmsZ)#oNuZuOMMj5U~DaRPnhmC}dQ#6qZWK{j!M#8_Bk<
zqtw(92~wttZ|X{Ag**Mvq;fiLN^Yu{Yt#cuNm6w-5ycoQXqL8#qLO5wsIMrm!YDjU
zujAf~-CJD1Hu=ZSN9|3PTQdi*gLdGH4e-VN^3iT<ZmV;tr7=0Tp^Ws3mGgyACNeIo
zK1wT8I=iNaLI}@+N+Dwieo$rY=THb(1?4p2Nk<EW^36S}WTK;JEAop!!y|Jm-E4|N
zge`>m4!kRpq3%(X2CD`_7ktS;kf~ZN;|g6?EF@TfAQ1`-1Xw^%h)55`>6zmh?_{`o
z;(x#V?_&uWY_}}S(N2gwB2-HTE?Sm~O;h7c2t!*=s$TN9P*ugK;?GCj{ev}Um5enj
z^EfJXZA|C#B1!$1BKf3yjMmWvLltP&HLti{3qoOb0{Zh+CTK)#;z;MoZaNeuJ^pTe
zw2m4YcxVMOc}xt^N#Cm&&^=^Y`a%{tyE8QG)n9=Edd5tO<M~$Dj&sENkeUoXw->VO
zG$1#cEQlp!@5;fR(VD9z$Ha#QzDG}a)!<0wuk7dm;Mh+XH}cHkA#YCI2N5~q=b;P<
z_T|85ic;BW;^-}GQE^30{E6V|p}pNk;E`2+{=A|zhEV2F!uDLLJu<_e?U%6{KCZhO
zKD-7E{Rz%3Fd8-#Lr*j;T|86lH-O1D*cTU`cZG`d7B@!1l2^<D1v?Ju%`gqKdBl0a
znmTApJyJK~^BNfCT31ocOxO$mY2*Kz6F#V?;+CDVQu)v)BUe^z<+Ty^D$(}}{Qutn
zdl>^iSb9}G=duyEom_yHwfTz-a`Z~VR`M!Tl5Av&tSxpmRXFZpHBAG44W#&HM3Kov
zirCo4d_gf|ksl5VGaMyO%!`s%@R`tCh7J}_12)o}Qe_`fXVr|%X5G;*5bL5=rd-Ak
zu_$viYC@LC)eGU+Q}82n#Fui(XScmsFtZT&UlvJ{Fx$NmBNArB=)-FBRrjWKLg#0A
zWw4G+!{}WzvkHvojWOtZa#*;=d7=Qw<waxRODYgVNCqec`MaoZ+E3qMgY!ka(XgSF
z7BRF!M!#Z1(&d-#<!cL}x|xkK!%racJ0%8{!1@}R;PBq$saYX}4Z#4QsixaeoDdh`
z)Uf&m00>0tJj-FocVrj0wX{EWiZyu+6kO~>43oE`Bq8s}mogPJpv`J647PQ0(_g1j
z_=&eol^Z@J)8e57{=KdLV@nJ$ZrQ90+cRGK5x)%dJ+8BcgxJ6S_}3a8G?)fz!mS$@
zjzq<{Li{|cV?OiT(N4*!dnajtTK4l<owRE2{ZgDBwB1kWj4$;ZvNG0;i#H;9=n;9h
z`ss;``Ad*0XOu9C)r#Kqmm|02k>d(kR*W&Jy@g$LSc3Md@$GE}HB#7vZD5f3zn;4p
z@K7k%zPe-sUx+{ga>+U(8CeECR`cG3a~Na@gO??ZIv<D=VM-BPw^HiTD*>l$QD47L
z?<pA@EKVx+r8u!-?ytI{@aPBm$DIg+S~R4UVwz}}r+1H*RQMF?4pHej9Ukbv>{(bu
z=G)SI3Eze1a#kKHwpt(*AJOP_m%2d&kzd~XdMyt*t8n0G5JN$d^FsUUu=>q2vao@I
z4S<26?M?X|U*JsnZQCPZNVgVI;7l0eEK>{{4W2Z<Sn7nG5P>yLp5M)ACRezD+KLXF
z=^%_}c9a*F4^O7Oyt6<KW8%M?{qxaM12fE}Z5F=!esF9<dUp#VXLCN!-xsx<ktO>b
zw`AsD@bh=|vKUMY*|bNxoN-9{5^FITK6C;06lNLl-Y8KXnP#dk%q0_;=Cq_f^^lxp
zW%pAc>$UFl5^rlyLK=0X*Awb3=)=+5gAqNy_{pG?q2d?*wv*n2<7nlF6ka7LIMZH`
z=(Oqm4ajndi`$fKnz?jm&sJKY>43VAP|Rv*pFfc(wkjdC5YO9|<iZ7zkK-J;oo1!4
zLXiVPc|ZNclZ=C`7E@wZQDTIVVwi5}(9T#ZUGXAABk<ao{0G4DsFl-sRxTK>;2{Um
zy^X{LOe-3`rD@<X(Xlc#XnhaiX(nJBd#xB2#L^iZ6X(K3fw7whop7fQvpYx_8bDv%
zTdNJpJJ}5%9twqrrfs?Rk6}S;Hef>7A!fe|U@tm>)~2b8B}Q8WqS}uZ3Mjnw=L^Nm
zu{XCWS1u29HC7%Ns{G(Up>R)N1g?z*BK@^0e6&ALl=W5;@uA1$gVV^ImbH;nNn0kw
z8b(hUpp)pI)`x*`BLs6@Y!<ayu^3gG3+U{oa3&LOtk$C$2-at8d@jA+MZjBeKYRH}
za&7kQpv@w_7e+;Bz-B*<X~p2+C%0?js6`pZ;fQt)>D-b>TCxf-TCm_ZiQoq$Cl;+~
zfB`Zle2YP@JHX+0Pkgs&EeLpAu-!$?9qrp{O0>4YtgIs0cN;49`&HpDyx)>F9`(e!
zpYr>0)VytrLeU2Dmge8bhYbP*HNFyPk{QHju(sTc`&2*-8-aL?R=fT#0N18MA$Ke%
zEk-0(pu>_BBY_{bfs<`&GzldjG>j7h8w$H0X@^Vv)=xruLv)oh^guvI0;3&Gn{MP7
z;?wf`7rJW;j94}up2;SSo%r_s-r#Hmw8H`Xn<U+lB4!O1f)pJN6_T|5If>tBEYG}D
zHP4gR7t@QR4s*e>EN2s>f`8atHwuKZrD(WJXX=neGB{U`Sas|GE`pB0V`Ekv<saMq
zbMphRK_?$Mp)=!#M)Ikn96yL661_`TlZ+r%XDcTpL-`Tt?8`fdhg>Szw{|w>XNbz)
zm4C%p#_tG>2M&Z~t9bK^MTtq@TLL4Bz7z93WYcBwY@6fWAo6{$x?}=@cIqqufrlAB
zyQvkmsSadx$8xy#moy*&Gkqv<eMo)B#ZyyWO=LjQlZP4H*4EjJEjbpWnJ(?#$yGm;
zVI8)XE*DA@GefghhRW_2(PH!DQzqo<9{?rmX_fHbE-dEf*OA#q1T&5E=Y0Xu9~38V
zOJV=AAV5VOn}4)OGlY5^vb+alrJiQE1jI>TW;0p~-GB9WTy<=@z(i>gXw?t|@+Ete
zd?(OP93cUN>JA(L-`uYQ6(caNFs%h$7LoNy$d4NOA&bf7CK1NF<{vEv9#}Ua<_6}o
zD%RPmzAR=yH_z+fQsQ)Z$1cY_{1-)9L{Y8|o#k9K3zO5Z%^`>)FU{=C#C0br>qg00
zPGG+NO%7lIW4NGcqln*+TC)kL;EZLABTE)53oRXgz<$3@eKM|Pca~kP!lS%1F(&`!
zX`FmAA}yhvOiNi(h9K4$=Tgd4D(3AwPAEaW(x3kI^jouKYTDz4WdgEwl+ExX9xl0O
zlR-}~9RN0UItenULxbq@^CBUr)Zqw*Z*(Kt6wb#WxG~~pwZhmUt<il<D&kg(%^mH;
z0J0yZ6M|kWW|ct31@9zpsr?^lmW>l?77kO+COEhNn4Vn{PzIxhMf2MP#u10b*cBsC
z0EWkgNVdNSPYY!Xp50MsaKlJ_JT`dO2%{4pCIAVXS}CtrYZ`*s#f&N+1+4V8)PrsW
z3^cK9%J@fwA}&$n)C0{KH9A5WJdY<d7}g%RjEw_C{5Qi0G11oINVkqxVoXGc>;Vop
zW&u;f9`DW@=)qvm=29egwN336%dH2X>rXulm;aE-fB8WN0>b2iZKj&y&pq$dEzcUA
z5<KoLNX?67&GAi#!2Z?&{DCt`umSY{pwAf$SmwB+-B8TrqnR6c5_2VU_6zk2nPrpL
z$+*XPV8A4YrOAyHXSTVQ?s4S?hCrIGH&Kw|!3y1%`Wh!bemNnZ1-By6SPrv@Hua;m
zfyh9e!4bOgfb^>J*Y%7RLy|9GlFL#on6O%`dvT%)7MKV%4n*B3&{%h3bS8Q+{5GPH
zR7;n!70hjUE>@}}tBotimh}t_kw45?j<sHTzI$iF0-K(fiM7eL8%J=^CU2-nhL>uL
zdQQ{aYW;1Wa{c-JDJ@@&^4Fuy_Z33H=%ZN|$(1>33ly)$Un8A>iKr;CP_8a<A?4tw
z&n={GPIzGDZ5}-#kPHOJJH1dA6n{V&UBbysN6{%>oraHvL0wH!hHD8TppbGa<KMu0
zi~!fd&VW=R!u>>Ve0$@cotfN<f6Zs`NNjL;!OtS+<H>)hlRB_km=rUD8<Gid=psVj
zuQ+o#+VYuZm-_3W&jiskNgAuni;kZ*e}c+J>10yCIgt}P+^?XU`kh>(vC>(xsQ#Pw
z{s(RpMX?ypis_`&OklmH?6s5DDa6jCM&zW$46}H?DegjP{f-pk!N5S;%E9Wjc)R~9
z*%s^#oo;6Q1TuQf3rzl-1PN0HBshgzUYR>i50sEI1p9-cLt!Xa2AoKV1|-8>zVT2f
z^N)wrI_i5@=0FhEj5-M-wo8nj9gynJ5yR*}wn%+U*cJ~EQxz@c?EAe{Xy&WZ-;L3F
zm&=O%1PZHCo+&fz$nt}h?LqKVbnD5G5VP0_J7Zr$>Ks5sI&d`;-iM!@4Flkzba=O4
zkrzD=Bht4gAx?Hmzat9Rj`+-|zG|>qpr+f%l3();cOw01IntZPmup>`X>vP$#_Y$c
z9*zv-{)-t5aA00;gqLl)L<;y>FsH%Gd%Q~t3=z;P)Ra?n6o)>2XA9aJt3E<LDsBq@
zi}lhZOv43VUM(dRne&y;)2B&F<oDHf^SZQ#*{8n94s}@YOc4(FT~M^M0dGa!_Dzd~
z*oxwUhWUNQl)5~_<bt#gVpdov*c(OE4vc@OO?0qv4Bma)OIx>^b8aLzz%M5yFQDWd
z9E1enKPXz%pfX^=lw9r&6k05RPU|zD!jU65j$CdNY+BD0SZsoinubgjNtUY8j(rLZ
z-;k{7)$b7*Mkc7NW;;TpQnZ&f2?J}I|2>(^11}Mu4BlJiJM8bzQmMzGjcc#>HP&$r
zEYM(Z7uNqeRSBPNUQjTyl~dt@*FQ6cE`G@TTBFd|VB9$6^#}icH2CV(SRi|olEy7*
z8<EkBpySHyBE#Z@<n!DwzHoerf7#gzcgxDjlC9d~-Ls7t`7d|D7xb@R4>vkIc0|m=
zJtEVzY?}!ISIR_jg34RG6T>d~^0lqd@c*Y*Wl3rz7|e=KCxw>Ai}#H5I8I7U5`HwC
zAX0mkt@GNmj?p-9kGhb|edC*Sg^On0SS?YKBTtxTO)Jr!*e5GkHHl7SelS79AN`r*
zD7GEHxcd>`K@eXyJU;ph)US3z9Gw|-Yyf=tG%)Z2JFWdNHJyJb5GNd{UUM^PT(rc{
zW{?XH;<e<zVM-JMr9<U^a|KTE2b}R5k}p3|o233)>BEb`_pO7%Bu)yagJI8c)EJEr
z?n)DUhK^wSX-^mwfZSqH6M$&FN!-VV<EvIGB5>CWmaXfsdi@Cnf#Y|B3@;^YTH$Y&
zGu<>O4wQijYfx>CmX@rKQH+Br_y>?ee=)VEN-#IGoIahQfHB-Rp;ko~<p1shsAaeX
zH?1p6u(x(b3oEN1hhX;GhKQ*b#CRb8sEg8S(2n?5F|Xk-y!;C{`~`Eo(-41HYOC3P
zZz?lOsyar9qjaj2IuLa=<>YI;a=TMn^X!sX^X<}nLj+>P-Kqf9sLLE7N_Ah^f56J-
zm2>itrp%f?im<yc^fV^KWhPrEX0@?e?nVfWX!#CAjd0yocnyJ~)nJ9+)EW>;YU*-s
zXXnY{n_tvl_Hbt)jj%E}WPwjOuH3^V%-(N6N=O_+f^A9?5q|u@AI(oOy$K_E8S%Kf
z04HdFH|nhl+6E)#U&tCN(!qsG<{Ts<i|1W5i2?OvAejE<ki47p3SsNhA|XhvpFI90
z*l7tAZ#w%!Lm~n$OoJ6gg1tEozfYC{tiIukrC!GxB(HUquoh|>n?gqRne7neaoZ8u
z48q@iy5SE(Y4i@;p1CFl<5@LQ(#8O`+z^S*E%)M5MHKEg&F;AiA%7-X(z1#u5`*<m
zv$n{f#=;T|syTBNfS>p4)-z+LSk6w;s__+BWx(=P=iJI0oi%<}Y*xZ)$ZXm#P?S9{
z+xLb&w`RR<@D><rrq|m_xIUVgI{-#fw#gZgy{~S7XLdT*`YXHM>}5d>UndPfyt#NI
zqt&i|ozJU$8JS5_hVQo`?6_tys*Hh~1;N5$)ZYWw0)P}>GE5Jltms1dV4y;0B`oiR
zQvFbelqg&l)r0{h8T$NZ3PGjlG9N@q{u**?dVxR*y&nkQ*LD4~B&cnle)FIVr+}w6
z?d2Ur6R%YX8P5m`YWj)@0)G=i38jIESODIol=nPV6kK`)T#gLd4${kKX9_~+dcj}k
z0)n6m^)}k!svB<kAo2go!FE(oxl+x=>-vnZ=99(BC6k47=97iWl=3A2Js++tPDi-z
zqiuV8h1_vZ!L+yEI*jN}#$j+cnGmVQSN-2?aM}63!T$BoCn<4&p-Yj<W2ZEN*NQ5Q
zs*z%yV=)7+lGxg@(rWB+%ig^V=J6q97D#ykw_=vA-Yi$?8kQ{iq)M&5A_Wr$=GZIw
zZTZYsqvHp5>%xlP7WfxR_8(&vk|4o=p#if;fHYOPh5hHN!e?aL2cw7C1omR?jW0d}
z?caYfUx~{+)ENWUQ65M=tXnc`+u;}Eau1Az+YJPbKbAU?Y7?Ch!el&abqN9xO2{4{
zl?n8*mE+%<9Q|OChl)Bdu)#JBdw{(Hv_1f6!Y_@Z??dU(41ab>$(L#^Vy`udSy0H2
zkwu=->11Am@{g3{nilhmmTAA@b2)K#UPmnzuGxF5d;NLcO0e@8%a~PF*NxlspZa{H
zAsJowY-QERMCRfCH9P=1p#E^ONL`;VThHq{>27wcy7(~1k9q_6_<p?k+Le~=d$4w#
zq^>7@IF*$m**uQL#8~Q%?eIOt+%oqKADVrpDI_T3Yugdq-<$~+AdL??*~ocVXXMOS
z9wngYZl&vNz$(2tCe^OZq)@_EZF2p!bMG+PcI>nqdc%sbh>=mtzc@?W9yGx+$?b&a
zXS0Q0{m@*=fVKJ$;x(>o#>5Yp43^e45Z=jNPjjJL4U&d3<L7Sf%t#cI_D(F8Vf-=Q
zq<)qv@l=lksul@_O~oEa@L^tgOoUQ!TOeKZV?l#K?EASJFGJE(i@k<T_Xv66+s3vq
z=+inO(Nmqth4BS$=cypsvo5rbOwSf9e-#XO$C_ZY`88e)<tP&Zt?%!lAGNrxOrVTb
zyI)uA8?JuKtWIm{>JEVQ;?9Ng-*w%^3A}!|9A;e(&`e2rVTXq#JgM%?P4T7>`0j<f
z$f3a*D?%{-wU8SvSozcOAm}=m2Ta5tdyl@P<8%9VX5bwup+pS-i^|Kc!1K44glb<A
zOcXuua|pAUOukdRUlhLFja9d?wIM;8#?8;6%M(fnn*StuDNJClO%3Bj9Z4mJPfQEk
zhUnnN@|yBvp|HT2{cmV~GB1`h44qw$R2=jRmGsrsb$WfyjJ)*V^uOI}?5sIu;uw^8
zjl2K>6pCX!2(eiUL#RUNzfX<80BEUpmBXhx1bjHwwHE+b$2C{1R*e2(CQr-!2*|g_
zHhv?C3$ks-+0UbH2rYtw*lWV(xQ9U_R>gTm4M{f)*Olk1Z3(ZS$GNxD-oKlgRzmy1
z15<COh6tW<1A$~i#TS&Guxv;=o*kG`WSk3(@NiC%w@-`4+!w6N{Z(}lj_Ip}P?}iV
z`iM6Q8PU^eL)|noB<n91+OsilS0%GU0w20{3E3VyX?F|N8yN&XM>BU|zEMv*($$3k
zeGhDSn3Ah7@Rf)i4)(tkt>zVVx!W)2(*x&h_7Y1vuist9*6gJSd+<XpTlNp`5(J)u
zoId^>{@K|oWPD!}kYU{RnQ9Ij$%4Yu%9b8ZL{<jLkiUb69vvcMEQW3W;~xg|x2$Ub
zAjy5s2m!nO8SS>$GeL))<n3wc4i9y*%pz}dyeEG*)=~R-c)t+zY^eKklMgS)$PsQj
zKBl?sUtEdjqoAgOfV-GzeUr$RQ2B()l)qhFXL{|AEkvenDXm-N)O|q3;cm=!{{hAT
zb(96EK_ytg`y&h<vQ@T~KVHH!IA(VV!%UBf2%KDfwI#T@O*)h(`88XtYD{9x-`lqM
z*1c-lJsbg%0VURWDV6qUW6QM%e_#l+(#Wqa89*u$>W*)-?FP>86yc8FpWlo5koJb1
zTmbIJ`hX($E@A{N({13epCmpP+I8A=w=3}Qew^IAl}g~bH*%L$y`J@PMeAN9P5@-d
z;s<{FKzWW$Hwgeh{1fZJKzY=)nL3nXW5{+w_s8@<tX^hQK8Q9PhboWJ3ID{d8$Qhm
z+ymwi?b{fDzn6SzuZO@7C$ni2xYKqFS$dy?W$teJg)xyT5_HPth9b@WCj_v;$cdZE
z9BpU4`fY;Q!Ys0*_u?~EXDEBa4H%@nY<C5Tr;y9E&gwTRtgtsUec5T9`>b_bMC?s$
zg9tG3#h&qjr$*DGSmsMQFtP3MHDBMxVodY=VO0$n-2p@h7f@+2fE;B~IygWQ)y)0?
zHB_Go$8$xifdT<XKYQx_1sDUC-~|B5!lLQ(^GG%=;Yo_mOhF}qv+%yz{)uBxFHHkY
zToD*pu<@ef@bUx6Mo;-&-+Md&sU_$x8r+9aLV8MPc?L*!$qhmu!|>~RA_T%0`iW%!
zlc&^Rt{oAAZ%ov+kARFP)5VH`)if-E3!6;0znqlMKKf4OND4fw`%#^5b#uIDY(25?
zcc*kcU+o^#p+TC}YmnuA`3w8)kf1rsgc0F~Pv%|snH^Kx7wv=+Id5Gt#Z$fy=&9&$
z243(4>Q8^(&III<`R+8d^!v~$nMaDd7Vpd&7EzK@^gKIxIS5brJ^n`2XCYt~#sbr<
zUSzrOK5PZX8fBgrUm8C>?<iyDNEfPj1Vf*p*#5lu!kg(g#@1enGM`_qAhAtAKdUxe
z9EmMFw2x&)CrsL{{fCvdi&W)^x@?~r-p0kM?y!+TSd>UoAv1eNv;m1G|MGA_=oKdk
z1In;;OhyX+tuC|#)h*!oM*cipLN>Pia)a$+LTtC2&C4fNWKW|*g=@6&`qYuCdykUa
z$c#Nujcpb7$2;*eqvG%uCet3);aCMT+-M8hV7fbjzutZ&$#X<c&frkKP_yw9v_VB=
zJt!Z<y@-u7u3SH0RXiF`D(7Qfd``bFus1xRWLDt4)i2HW)%`<4FWBM*m}A^cfwz0_
zHuH}H;YNV}IJgd#jq~;Pp8;NfM$wO2!gquV-X{lc-?u_KJl^~HdQSp%N^7P#{oAJj
z2pJ|9x6LPl8W#evtW*Kc+`#`wKHadvcCo|Gk>j5WHgv**fb4)n%-BprZV^@(=j^H?
z_=%dCOH2e8zcjH8?@TBfrIVuT83~mx^fesB&Ly=X-sU3g>ZLUupS$Up%<TEwR1-CU
zd}QSdu+AWVPd?cvr;o{wpPg^1Pq^|2FBbA*U(2T=i04qLogy_c;W_Q5$G@D0!kTuj
z8AL^Z>+t%^5Q_DmqLHPPjfs9eadHRkJo*#C++cf&-u{K$zG%lC6&#}q$cRfXp)y%1
z6)8fC@q9yLH$OZ^N3%9qd8seF(}ngY><15`*k|ql%>lrg7=n|O?nw7UeFH>5iCXuP
z_@U&|hKg^lgg{qFj)ii+q>!DjHFE&57<oV92tQo7KiTEW>z~)D;;onSYK)EAs`H)A
z6XvY!=14nx-1EOB!qgc5tlJ^hbKW!8;al5!(#r@Botaz4jzr&+t@rCY;MQy0-Td4X
zMc3hWl6tgpcEB%K{JVK*>|f-0`MhxjjHlYcwf~@(x)FkW8TwBsjAmQ)-`aI_#w_I@
zc!nnMYMsaSaLg@l=_y<-(g6tlE0KtEGU*U_>gi|TC%2?{kF8u)J4&{d6QX-^NdtWF
zm|$jukj1MFgiwd=2(d!CagU$Ha{uS9j#47;Olpsqlb!cV46ypQWJvJf5ed&S;s}V`
z^GQ(evuT{@AvPH5X7Mj8`Jm_h1n}^8)W;Sq3Qk2)(jMjBZ1##PdIukie%x;Rr=^mB
zNJv<t0{0>qJpyDZbaAgq7_Z}G%ZO%9BmFdLW~;+hjt92QsuH*+{~ln3agO`)XR|@b
z(eoD?Xa&5j-5sNx*AS0gGGq`(=XKj%weP+3aW6C>bzAZ1s{WO?msH9AtJ?Hm6sSRm
znTPn8Zl3@zp8VawgkOJ9@Z)2@`mLDv*Ohb5yPYRBi+=Pt53-5g5Ug&te1orPvZY=A
zKcYn%BtVGd5G~BpJ){K@X3~*a{A|0_nYsA=Ac+~j_C%(#Y;)r01Nr-2E3xIA`f9VN
zvpBmgtF86)?_dwQS=fcaqSa?s+REX|MdPkc^f(>_>iXinhv|b2C?8h%wHpHPymLP2
z(E`+S*1%N(6?fek(c14JJ~d<&o@qi_m{3opI1Q}|HBh{sB>{9qf()#|51b^c4%2wo
zr>4FBTcQLU>u|}-H!TLt;j_Qc7;1l4KZGY(T1I@|J}?f2|Naq%d5^y;A;S*UI%y(~
z5Fe9oRLD&gg)NH*sI?G`Jiz!Mu7L+~5e+-|r+dzzdP<4M5Xj{`-wn;#UINYAUgZfT
zx<9J@D1oOdhq6G0W?0a>o~*F=@_-Nj+M1mn7OcOPW`Ym!vCH9KNIq6g`#Oz3wa+eq
z<@{%V>yK62b209${zo{Wgut6fj!cZehf5oL1T4_-@hqdu#MfVoGXG@j0HIU2;V)&`
z{zaNwmQwl9j<0v}W>P+*gXJCV$$5c0)yc=#{#fSXJJmYSht-DNsH;#}uUbB_;#L(~
zqg{BU;=;Tk_GbI7gg`clMIec^%tS^<HD23d{70wO+)vxGoa4%3M?h@?42FawrL7y3
zFo8Hk8XcCz1fXwcX)*R#7b?}eU?MZOIJ$M?U2Iw?7w^=d7X+a_$UlZ8o(Ca!OdKU{
zs;P6!A3&gEP-9ITTUSuH`OZX#k%xyIh!GRomgAaJ4zDdklCRf&>CfWZH~=q5DtF%n
zZbj>Kb3bIpgNejS@IpY1BN*N1#leS19u_bJvSqFCK)w2@r<l`Sh3uIYar|#UMhUx6
z#E_}@YNk;Z9@o93U#6k$rOhWZWxKC4x>E?e&yG(>l-=U&*;Wd#yXo=!PMd$s!2Q*n
zw&J-w$a8*aJlh?Y1H9sgW&TGN8Qfk@jBZzs4`*DwKaU>gDx14Vfmf4{#qM3Vw#Na`
zgt8^_IlqGiDGFGI61YMqQ7ss|mcuVS)}Zl`{>L*+U+?QpIPVrH0m&}4vL}~Z&f;Dk
zf54B=2*w?gshTr^>Rx7B2^vhC-Kh&`SM+(@N8XCs#o(_bnbEcryxQYxbFY(k-dj8i
zRdFh#FF!NeL=9N<8Gn|rtG3@8-WpeS+F(*B*RhyG?>MQ0V(g0zp&UiTavfH?W5*s$
z##wT5yHl$XjzZ=SeN%PZeTC9!IR_w&;zRhDgYMbne6}#b->$@3b(pq`pdL@4Ohk1a
z94<)I&vxP&A*oT`CY=hklz$<wE+4<d^pUGZG-9CJWw9po&)&_~S!ok4?6ND9<3%7M
zT<8y(+vqUGGlI2;(qSSVoI$^WE6oSzK}-MkB*Dew_hAA)^|==|uRj&vLHk|ZyZix1
z9@_~}XIqVjX`DnOP^221T30G-U=8}qa{}OlK@QdT-y&~aHDQKt{e9p{l80rQk6Jl%
z`r%`{Z^Ye;9(@np3z30K=f|h|-HgE7-;_VH=+R0~S?Uucc`4m9JIeJHn7JH=p|Jn&
zXLU3nPBgt{d;v8Yf<<@iT*w-OlGjZj%nQG3x`!V5GWmUX>W`6;{HU{ZxVro=6I%=%
z=33ng?SC_Xw+_@bpR}jJl&GI>jN8vS-Yb=@B-;i$h`N((qE67)n{*uw)|B>X63dO&
z`2!zJQ%wlx^1mn&tSYli7MXMme~dc2%+&xT^e4t*^2Aj;cR|>EwI&JS)bYQu<ApqT
zwz!I!+4KrxLZA>4@)f$H803N2din*>p<P{ob-ig=gCQzaF&=3?s9fYfK=hL9-D#Ar
z`S$v|1FmvQ|G4y=6BmU!$cBe}xyPm1s?76A09mLoTW!!Uw%GehM}a~1&Blx#?^6>X
z=y=DSYqW2h+d{)W23%XZe@dr#eT4Ww|I%OCzz4`W>Ds-3>I`@wtIW3opY`z0LqMp|
z-(cy16zQ29+h4b*yw-syOn|Wc$?o}qr)PtDuj{^%6Aiqry}NMVh_~x{o;aQv%9gTz
z8i^Ud=A`tOv)`ITDh{=Kf9fh}6hZqxk9>Akp+LFDnsuXUv_iNl6<^02M#k^}+JG3S
zIJwG9nOBa7l1rYCpyLQ}0Ri{l{_s#a-uINVfa)jp<Mr%%Ta8^^Ch4Wbs+D0(dn^YQ
z+|zcAb=k$lR4D_g#DidtF&^2l<|Nw!e0Of?pSKH+?d&7`W73U;OC)NaL+Imgk;kye
zav19G*NB#_^@0~PH6dUNaXiS=#<CRJ2)oQ$TY#pj+T}pd*XBaMZi5~k*gI5F4~#fE
zv?Jlb&4An`y1QX(Y@*;86qdr(1Xjjl*@@c|CJ&p~5+8mAi5O7pa-GEa+^x}GF+wUg
zMDbZ(;hKOo_VJjT^LCL7_5#`fCamP*JUY8p>#Q*2eOJ<gNU<QeIWkkg+Rq+*jTsx$
zpS=R?_P|r^S+=DP;tlsdeaCsm&&=Su$Zpq@>H4D7!qx?Kkt|7c_A4twDt{A9jWUdk
zZo>+7>o~lJ(NL(Z98}|;+rcYVtAxW;=g=(vrMJ8n?g5IQ%atIv<Bp0Vs=!^E^j4M6
z@nX8-KMK=Gqz2~C$985G<0xs}kSa2+Zf%y?1>6%<9|!2SnQF)~5%_C<elGz_A4;o_
zs~>l#>TmTUA>i6f%ggoIT?69im2?jl`2z)Ij#0|=Sm{i7OY3q~_ie!4(wV5J-j{MM
z<M|e~eHztOVGXpz4^F_MQrUQF#ki4<p{36^imSn$%=C}FNw9gF+lxR|(aIRw(HQDL
zG*deMUYf{=ChVO(00PziexJi<7@%!4fWzEZfzc5e{1&`p;=JIi-*=5{7|s=_WQeE)
zQnqNjP92DWSqh~;&)>G)LRW8kxF>FS8f<|-BlR#pMp&7O&M<A}V;$-pgzmCx;Wn*q
zx=elLH$uH+b(lsRd3(%-3(f<)C29U~@YqaJCy<49?ESOu%viizokc~`tsr<%0U4BM
z=Sb?-_(kQftkr>m;7l{71|S+N`vmavxF=B0F^w*Ou%L0rP<ff`-^@x^7bj547oAph
zQ|LMlpz5;bI-g>At*WoZq-0c={yUYlsG!tzm!wE_pqdkHqsBUSm?Ip)A`X3)C%iNV
z>$=iiW=IC3dh2G2?v4VW=gQD2XDiJ&DQ^q(yKhnywS|$`D7c$5{oG&hFfpq%+xg#r
z$8AZOtI5Ioso6&a^N)3n+W4Q$*q2WlB~C(wwy~tpZbUv#ubsTbbe%}h76I?r`?5nb
zH-{90GJl#Hsxv4@(xlLT5!{o)`DXmE+Hf3{-cZfwp}nv?s`jRK)t_`JO(@ha2HJ6j
zMGNV3e0>6E*#+TAE|3lr0Ub6?AaByU>d}O@<+jE$W8Fu-8l1@n;JV9#@JYM=u?{3+
z><sbmrZ_YLeeCD<Q%9yd5<mN@(G)s-`&1ioPG`I%zIMFjbBuL^nbf#n1!hSdz2|(!
z?%TKcHm}83W1F}=q^8HVtXy^Y^E>|QPibqB7N_A2m)a^Pl_E{NruV1Kvi9g*q6=0k
zgD7<N@W!D2hG9ZHrZk}yRSj0oV6mVS{cm8~^Oj!|R=Z#-#vDmmyNfwxSmyQ??J`@w
zk5szl6a7u@2JkS6o`UYPkB2(hO=aSG1>d14b$*#6<ckD)73-JSS9jcKafbki^xe-F
zj*sH{cE)_1e@)As9*M(y=gs@z2%P+tIm=uSC)hp}F><SHmdw9!oEr){%CL$L@U#)V
z5E;MnyKQH?+&`bzI5>z)RTsHj_Evvk+Kd)Q1HL_(&$1m>i>rIjia>YAO;#Nhgcloa
z5cm&%>v$$`h2kV-X(Kpw`aa@=if_k%;Q6uU(5UJWvRzZb963Ptxy#a*{?s`gcc!J9
zyG&Qsxn9U<>3dYz&Xyll0H14_k`aFgo*;h?Lx6z-AY<Pq+)=OML=TyLTg&}p$bMbt
zyJKCUih+Q^+Gz^L>J}^k*0W|iatl^kC+|x4H1@lFjGutyTV2h(6oVdPqGEn@oIevC
zFglHwK<wU|N}(*!KzP(w>^hV(9Mc?lLaJbsa8{<_A6v9O(-cZp2p4&rAm@Fx+{bRh
zziZ)0_}r;_W?;G6tXM8R;N*mK$-%Mg-I?3<8n#V9ZTF)qCZ_lQ1kAs4i-9M^9c#tm
z@n&20t1GC#(+REq)K(_e)!F!MQ)bbvPp=QGz^$I|{({TN-m%O3{pSYoT2_&=eP6-z
zKj)RD;{H$4tI<ZS={9U<>k6Yq(ZC3JR^O28i#zZOHYHI%^b|dyGn&)lROfo$<+?qp
zyysYZ4T8RuycD>Pa~W9ebvZrenT>0toej7TI^NC}Ii9Qju;6ZpCY0OWN_ZudWUS<m
zna5PlSkp8kZtUc<HJ=CcEuoZ+QYVtar9GxLruh=k@~N-!Eoo22tMaWxY-Fw#4jyoY
zdqv7xHJqc0-Q4W1FYYnB=8{J*48EQFWbxp;sMKOHU>#NW-#d!DEE6*z%|n8}tI0BA
zZLfyBR=6=A0V%PRZz0+rR-|%%7;PrM4+G2oj5iYi>YBxbyYRmjf2}|)Edz>CK82;D
zEt<#&HmYO0O*@#~<$Fa1Mi)8y6X1S<!_F{fq0k!47m8S4Uz`_O$0g`xgm}E%%84cv
zh?C1%OmZYRa;u@ORLd5h<nCI@Hg`D>@}9kvz0l>6C|CPOv%N+ZCUP8;&9M5=Ce6SM
zpU?i5H*0EQTRH+BI(MQfN4ews5Oy}dGlgyh58_iF_(BNsi)uk!Z^NPA{YdIJm7sr=
z#dsq9+vVKJc+S%qqP=Fb7adQ~_Zn>P<>#8jCL73$lue!0sQKD2%kI`U&1Zk#7g$~n
zZhp?8yB97*skXj?AO}-#@CEarO;$C?+fx0)CmK|;=9!*oYTfg_dlh^vCkO8|d1eS5
z`qZ{vnP_I&a=Ad<l48-UQ5de-zOdw|u?}R_n+k8DtK^4LVo!5Wb|1Q#AH2z7@X*}%
znD|8FJV>0~#eClT9!=dEE@R#V`b>g)s8uF2{_Yq=duF{Lw%)KeFOfV5SQB!QZqJH#
zo5FFGPd9a=TI=O)=B*3w<Kl|7VWI@|CaV$sf(^xYBh8m3FC?L_lHQLJ<yBUVYt)xw
z<%-iYU(!%)5yTdkzu3{?+yTy@5RnTFu?av1y1r@*h)k<pEtw%oyUP&Vh5vD4&Vl9O
z?Wigl3!r>?OR&N0qY6U*%gWXw1-Tqg`>Q;r4*ht{$HX8#yf%kK5pQAhgoft>ed}be
z<6tMTpZWqiSwc$z6P?*Fg&FHH%w7W)|K<-4sHjv+l4~e^{W%l1S9lCy0RyO5vZ!I6
zlxZ8|_=~5{a=>eU_Og{n4xZ*|Yx_E7^T91n!oCeCd;Z5o7mM8*IxK}V0K()sR|Wy^
zU6hO6{<sO;WGfyqZ5OGqVN}svu}jMSl(6haHZyO@-thVtbnhgddyX2b2Gqs=hs1B?
z_Vgl^s~P=h2d!DV&Bi4UO7tVf<+wC0W($HuZ)ZSh)$m-XA_)?dfjCCa!5xs|)f*&m
zvhQi_+5_SjtROkI*?kHlzPYrXF5}50YjVaL%KY!rNCI^lJvfNIi-NZz=}Tm%SSiCT
zgiNJ;8gzykVpa4#%{p8wNZ)2wP6l<A=+A!U$RD{b`Z!1N#ejUFem`n1w`pZk`IuqU
zg8KDlhq+{MNB}ZO_6o`NApLF@*<Sd(BPPCda)`gd@&)6{>(6{N529C1)AS&JGCtq_
zFC?3C&zjhS=vb{)E8FwBwVMF8OQQ4>o~M71K0cTy=h|_~<KzU8G@sK}Af!5p7sFC3
zsO5|heZsHxLTb}@lhij&F`xrfUdWs<VaoM?h9S3&h-%KZSP2W>xb7pPH-B7Cs<MIy
z6rmiU(^#FgL>E?AA9UTV^CeG?z_sEu+qq)e)=q8a<cN$vDmM<fcyAeV(_dylf98Fz
zj}aFtM8Y8n*)FE%@e@f{Z+^APOEGPp{gn5q8+r@JKKV&e+`wP?;28IcT=~izKgqm8
z@KAtw^^c^ltcb^@4M#2Gp3Xt(m41!IMb9%Tbcj}p?W+_6TsEiWNyyq~1H6{wILyl%
zlA=!vz1~qpS9re$Kw1-e=#eUZ5$gNWx#Jtul!w98duA1g<oKSzEG#|Pl8-`e9Je4c
zYdPilJ6t&hDV6mm4uCR^8iz6Ew;A|v&5s2JJkT#;;xWcZzLgLrO+PRG(1A7uY+Rr+
z>~2iPix)Dua+=cdPTuKbMyz|RC?UBOHGi$z1b7d`%T5v4PDK?{?J*;CT!mp%r*YAU
zxYSxO1+Gv@N1u6-#o!+mxWO}>!;|UT*et6NxM_bpM3RGz+XXNPlmBfhHo=1C)X)I9
zc=c080<wopZ|IdneR>Vw&2_VfCYI*8vKUl#VcV3uUFD4I{^K$O4k81;CCu=mx0SQR
zl<S$aZ(mWC-5>@NsLuu^2S*r^!wY3+oaD4F#f(vnI7KYpf5tFpHy3s^nOm!OitQ9k
z(t7Jl$>VV*+wtA|^5$D?^_&r}hda1UrGah@v6A4KA{rAqeM4;SX?R0S2rMWvMn-LD
zXs^Gp$ux<d=j_P49C^y-2y~zwRGeXkGRCt?UD}KfppE%Fi(c~GtZkvqA{~aoHkfR<
zsZhW=+x+R5F$2M8BSC{KwjIIY5R`R4<zQNqy$)^2pK1nytR5Su_2g*#j1ks(ZSP7e
zfUtE;5EI@(06G58iv&qwQLphDfn;F}>nsm~Mal4V_@&tK`SK)p$?3hqTEyV|jZgWb
z`I6!fhe7NwW$QZx6Sga_u}93g+?q7(5WN)*OHHZ<O20EJSIjK3*vUnzsK=Aj7d>o&
z(bD+tpaUAL4j%V~_+efaW%C}L7c91~U{^g&BBDohHQ<{*YV^C?(=3!}`x(gwrK>{!
zIErJ2dX%8$hSbCrkX5oTPJIReRa^ixq6m=0_H3y2s=uZ)DtV{R$L9WbeCl{WJaLTv
zc&BfCAZhI8*A^9U0Sh=6?;-48Xx~+%NKl@|Nzn?lk~+bo7iHKPx<RSz+pM#1R_koI
zXS4CN{%Cu^x?peFzw?HQfU2(QN+cKx1S3=|4B<<=uj_npv{~qS<f!I5iy^i28?N9k
zwj|wmG~_*o418&>j|=k{#*VO+iIAMv`tjXdxG$ZJW}(8T=**&;V1!YR7B_K)hOKH2
z3jv2Mo#bR=?;<>lHyP%h2IqwUe7a@L;0uo^0Ko$QcF8mxLzS<5G*^@_YW3B$-fa<Z
zjvxJu^aYkKNMaER6M9)k{IlonaNY|U=t?DpI~#=<iL_f3eSpfvqA?@Hki;^1aO$-e
z`FeB+;+0j{#y`bnSE&=lAs!_~O%VPPqm?x3p2itH+&^rX$uq9!Y|TUaFfhfA0jorc
zALIU1*?(0OdAgMPd6>bdmT4c^3hZnRp658)*Lsl*oHyvW+d#FrGgWr$5Tko3!tJjB
z8y7b?>llTP;eVcTW~a<z0WS%pE#}Gm!CmwpD&G=}n(8h)|E`(oiAe4z&4<}poANo{
zaz+GpzOv5kwC*^Ip?KIDuuG+hNXw>Bcb2m6{tZKG(E`pYm}}uM?B}V$=xEuvMBx2m
zjKR$I-KhDs@E)myLQxFCUO~8=yC3P#buU~e85UJWd**#h#SfL3UyQ<8_*w~#=g|9}
zNVoE5y0$NzD&2=jYX@6oQM#CRiTZt|Y73SC>?asP+P+d1Gn@r+0Wd~pd*#MUQ->z1
z(0GsFpZv)ZTgHNCS0_yChPju_%hEWz>z_CH0H=gH#{?%Wxhg8@u^jNmBC84AtxxB=
zJHGuk0=a#6?IqfB1j(brGMM%ui!%Y#8W_Zop;gC@+{5Fy*o9rWCG`@VFjOpeGqR^l
zTT?RjVrBmPo)L5qO->E>z>&hYODI-H^a~TuUr04B-1~%c$Tnqdd6wTtUP{^@8xmV|
zj*{zZ1Xbx`OO=38U5VqsjGfVp0Y>r!^ZE8grDx6US2eSd4qtnL-;){tY%B8wgG}{h
z2H(7$P5oiHPA;=Zy647>f39(x|4;B#!CYMyefh&te|57ZYw2xjc*Sk?rZsx@359N8
zpzh1j?e1{VE^VYEIB^GiNps_8zpx+G`xE+0vy7ANm58;}<r-0CN;$Z9qo~LDj>kuj
z@0c)=qO)6Q&bK%f#$)h5>xqvBGd;k|<B;04<}%I*^gkR$OcQNP3?R&uN*q+U#)zX+
zH28oYFXpp@%CAgv3wp6M-+^#TXN@uW$tz7UUR~#9#QKOOUbUNMO9u-9=1|yhBK>ld
z6=_(>0Q`bpcbtl<im?sIj#K~8v24CKK7RD!(t+uhJZE`rb3ohTZa}zWa5+3EOhnwV
zaj2j%q>!Eu0=_36s;LIEhPXE{D@doggZr%Iv1M;M8K00kC<WD`yI&`0wh15Cx60sI
z;eta?z|%WDLYfVbb|HRMtC9PXD<<zn%WZWkuEQ616TjojAXI)5dSdJw96FIY-e%E>
zwX~3*tF_yvd`NW9Y-jwTiW33#eF&^kz(Vr%0qh{(2->^a-lwwG*}-HjrD)Wv{6EC*
z-$|=yK-fP)K~B&!`@tD3ZPpp;$fQ`?2%qVPN#=BPAz=nUA@2R<p~cbR-)ec;7vgQJ
zQ*-nAFv3)3i(!jcg}l|LDrMTrxUK?CmB;}UB^5X?bb^6*Ok!MTCNt|;KbmSbC;6_`
z!cQ^mXr5m|B4;q39BfL!VqaLDZ)Z05Gixxh=qI1g(Z^j@34iKC^>Kc0{cDcY7XOut
zmcFL-)mKKfc2Ji%l_-YTh{dyqmVU*2I*1k31e-O)(R(~cVic8IDbwS?FJ6Y?OiLeD
z2q%K?iyFg~;SvRVp{w~?Z1vi%yG_bIC9`n{bIU%vg0O3;`?1qujgrz7>0{6kTgEj%
z03g*no}xaYsD7UIm#neuli~+KldgvS&cnJ*HVc~y#ywT`HPpXDO%ZvFz$3sr`UIay
zpkqE&Gv^p-*bSGujw17`OX1Vnh^+HF$-6bmLxJCGxoFh{<Xw9C#v_*ttShn|?eFOp
z52IX%Eoc87N@Ujh>7B4jm?a$T3U4xJ0bBCUuTXURx!rU+4d%EIcSEGj_9f0o82HB+
z-%aRn5SUwu@CeS_B$(`bW_>IZRhx>HvHn@d6%+4q`okTb#rIx!+aaGhQLn5k_i%`i
z1mK+heHO^RxP(`Z@^30%V+^yG8T|C<_bA0(Om&5v`Eec(|N3jIcKVki5fdQb_^VfP
zL(;8zIL@tsYszw3!&Kl!NB8(r{#V!90E|aAiZ83p@yV$o8jF+Ka-3}P=th@@iM}`6
zeaA(eQ$->kqBC%488LW1L|M9A5v>UEnHe;gGsTha{lnAeSt+_g!XWd@L*H`wWoGmF
zfHtXJ_h)A;)Z*4^<*P|7@D%K{DfIMCr3wlms%9GpTDIdcUytsJGZu<Zm1KM9aLy2-
z4kp2@Nh3N)BA|8X{G;gzj*P=S=EGw)XIvEIlp^u$c}9H53~iirdqP0ZKqO;HB^hFf
zz+&9-namm70S2sr?Sv})2BKi^aI0>E+*>I*fMwSRJ-|$|@jy_uOYR9m-VLhK-iki-
zkMmdZzF!_EIgEJLEWFr03mFKqvGHA$s>x{cnbm2U$W8+k#$)<GWh&PNIy(8`SQ{NZ
zg9hMKMU>V;$Zv@fK_{wku^^;;=`u_G3Tf(tu>Uug*Mf&)LD`mSgm|c-jdQ^3mw4EE
zko*F>`|tWu6E5hV$FV<^CIU{5jBp)92atS!JOWRnhOrxZBhg@V1R)0HPt(@aWK~3X
zq%FDFs1WZ`JI2IHS6LsL77C6_i|3kd4Nqu8SxzKOzlu(9KH;tnAqk{b2|QwYiq4RV
zUr1YfPmxeB4^CrE*w_q4&)5yxnGr=f>`|e#-dX9wTdZ1WXwG@yoaV#4GW~?cwcDp!
z@HRElB(LmPo#_@3{!Yr4lip=V4|KUbUTm`5|E_X0y_lJ5LNTGAG3JdhUGs=_B?k_C
zW=@!X3bpw<#U~@Nwp4p;Z0A2_IpwO35te%aOVN*=p#vU^iHg-~-O1kbVW2Iz{V{e^
zAsu(dOjG+CPSvdqp-R7p>d>d(##3(5yJgo&!Rw94<U;ukohwxE%epS{^4_*(F_>wM
zrI>*M_y<RS3ag9^DF5cKa7>~@Ly5C{!mKj(=5^)0DSEW@K@I|PKGy+eJg&+;vRaGn
zo)(n7ZTPwox$}qy$y=s>oD!xd%0*u|woGZurrZ(+F~s?oe(qrq^#@$ik%Q*S>huU3
z2<ze83U@ZBj;szgxw)Z!;++smD!(&NIR2roX!^X9m)Bl-vavc^;(i!S{cU>2?Vie4
z{ape$_o{L^p|0+M^o_k}8T-O5Y?4FC5pg7e*v&sDL$mdv1oG7v-mu}k6rJOJf<UB#
z=JH<EpYAhjcTP>^az%r8#h%8-X!=oo#lOAoearf$?!r1AI5!@QxkvAPwL6=Nyp+Ai
zIyCB*j4j>~t?O^lP8Uv4<x#>D51!4BY;Ju%rvrUrdI>(MLIB8(Dp^V6w+z;EVgO-7
z0&*5MbYWtb?ORsGhCZg-C9&{Mjx2w&1%5N&GqifZ6WnoNu*QoIf1%#I(lSDIVTl-u
zR_Vi{wrKk*lN`v2pb~s392s`if$*nkYZgpJs@XoO<Ko?`odw_@&~IF)Cgp<)s@f){
ziIvtRo5S0_{rLabdI!czz$|Gvw!1r4Cmq{X$F^<TR>!uJjytxUj&0oN#<u<4nRj+~
zX7~FI56-DNRdvn;iwz|>fC~Ejs|ssFll?>W))K>jj=>qL<b<ZPb=;PG2buoXtDMnh
zMO`qcvna+6nloB_MK_X?7y^Ta^Pm4bmH)@JVj+U_sXG^xC(&ob8y5`Ta(b$1`}nRs
z{lB3{?HY*dbN0=4%ikQ|@7MeFz=4rnIpH-o1*I!)oYtHp1wzHLq>O$(Tz2FH6pzL5
zsen5CXMoFC3RH?Lwfy2JJsF~R4#}fPDJxCfOqmx0hMHkCC18ZsT=7O$7I@M(AuduJ
zh4tW1!{>c9dbg4fJJ03GnxOeDg-ZlRsj;)_Fs^j)fHN2Em7iRNd?hpo3(NlIi@Ov;
zslqpbF&mvt?ZvBZ8eQK+j*`i*6_|@nsaKWSmVXB3lB&$_1!GQ3WrXj|?0riY#fzmV
zpecB4Yt5W8-BDRD>3bpi^lnVI!I*v~xHo}-7#HryH$=2x<{>;vTN)4|+FJsb{MOF_
z3DpmkF&xd?qaQSN9?d^AlqTT(J@5qII#p&!{CNs%P@y^mt*5zF^ztq5)8YC9HKOh9
z`#h=K=CpzbH$4INu#|Tz1}Ep?%xt<mg35#~9R$TShUNZrfflN;ESAwjxjz#QqHSB%
zr^(Uk=r41eC=^Q6iqnPe1Ogt8F!sILntT!2WTGe-oL)q&{X%gROhU$LzOKLY7Qbfy
zO)YB!0iHY0)ptMW!MmZ%YVCD!{{MWmKqaBxkF$IK&mYBPKi}6ZoR&<qvvyhA-x0Y*
zdhbFLflv@UA%gtW6sU6K)}1p=Lo&_~Gu<4~T5}?D%ii;f5kuMF&1#DR&sKTLsE`7i
zb4NmP<ReS$Qsmu53wC1fsBflpo0?Z3B*y8sm+RtpuM@W4n_@g;jFp_E#J*TsK3Q*z
z-xm7#=V9D~X(IbCHw5<%1rgB#(^fyZaAXy|hkc19chdtp-g2Y%ua{KIhEOc*GKMC0
zqLTgBvRp5^dA-IG-_t_Nd_&u%XrW77;09Dt8!;Hcx?wFAB20f$2XeCf4^{oTA9uJs
zT`?(CAL$qD*Q|ebCiI+Wt)V+R1V8GQMw*tK>8}k2e30Z<1%_w|Y3f)CgVkUECh^2e
zeF*LwD8P$?KO`MU+%rgXjRgif3=n*?%n!MRIQ_}FN@Qu3A@lN$@H&6t?ROf6;5`j(
zd7DykY=&fvws)DA)TkeXC7qJ0`BBAovIg6Z7<&!4cFYJ3?ywbu^)bkrbsetuKe+2(
z6XP=_D39wA|I?d!Zsf!sjJ=R$j5Ph)UeU5!Ci~VU*w;-RLwiJhLc8iHg62%ArPB}&
zda0NZM>w_q`90|U7faWWL!-<0JsR&)bQ9uQXSitpzkRL{;v{G#N4(;et7gq<%-`32
zRreSmJ!5j6HU!u7vVX@neD?o&6xt#c!wg$I`>l8jF+$5MeIzLu6X;;#Lu!N0@3q(G
zVs`H`RB|df*+Ivbk-JzGxoknUgxkV$>|x8k>Ftjct&O{URnKmHZB?zwqL>|}s74dI
z#9Va@u=diT(_zLzO2|qy)#^Kh)0FvvY{QCa8{@&;6ag@n_|}{;WX?2g8z)P{p>fPG
z*ak-2BfsqaO|X}RPv5H(3-*H=6VYXsSRgap&8TwMDV`-DB9SL2-i{~hmDu0X)!jh>
zxQ+8cD>8}+3O274@Og`m%WB+~X7H8v9JljDjkI_G6XH9#?<g2`-A9aJ0`Nwu-3_MY
zE0ces*{uoy(J^AP5}bdqBSKLX;}FC~Amw+n;^G>?djp;yaV=a{BPwwHW9{FUfoIyk
zF`G@RjO)_b>>9AT+AY1}4P57Mq@}&{4@*pj0tDvOcfpZqo9`?Ct@HoykyR}oy2sk8
zdr8m7oPXv=%jw7K-OULi#*V(neN9nI?rZEFYR!9|gXiC^%}IJ9{^y9h(OrS$j}O;R
zUG63)r)K7&OI~N~mkNf@uwx><$Ci2jn>T+Jb$^-dgm=_p{kEIKIhqQF*a!xm+#hgz
z)HztE7AdG-z`fvUcsZQ5%`=SCqI{<jxzSeOp+ZN$Ek}J(OQb4kPIe=g;xX@h`%Yg*
zNU4#T44<iGm05LTrd(Wu&UV=r`MgnyAuHu|9A6EHcO}poNJXhwN-2=sC5@6h^M-!=
zp1U}wEQ~4~8?p?2ykQe@@h(@47nXCETCyD%lL*c6-KwDh5b=u@sbo)Y%VqS7uiZ%U
z8Bd!9w|K0I=H`QsVVunX+mqHQdO<Tk2CiI_YR6p~e3?ZM1NtSl!A=HeVyZh%fJTT6
z7E*jVIh~{lpO)n`YSf(XCv^u<8(z2v9YY^Q`hs4N5g-!e1uY=15e$R#lx&ZtVRQ)5
z(tH3|9g`Evh(1XfU#j)kpmx=XuZGSfj0wh-<=aZCc#Cm8U;My##P1JGZ^ygohbgw~
zgW`R>ZAXH^j*mcnzw;k9QTz$<O*;RNby&L-o7iz45>|s)iP@OCR_&BN246wUG`F*X
zOl12GCc)8;&?5S$EyYQ=Hd|tIyy~2Sa{YJz5lehFWMpbgWL$*;^#7R^{ELE4!+>}s
zYUSDRJSjXbakiJ0Kl666JGvBjH=pm0@dagdTuA8i+`&5E+w<H8-ko>J7h|dCNq+*{
zKOI#*QyVVj1g=ixi#|^?dy=NAvvH2HrOoHB7nfn)#uL7$4JE$si1KOeCow#&PC+gY
z1UAPK@@3n#Ux&JY6zv$th2n8V@2`)#v1o(oZr>r?WMac$EY&RTUu5L@n#26GGBnG3
z09Nm)T{c+5Uii1m<3mO#u37>O#S1w#vtE@|rnJK(HMz}kH%xR(=H9HdSffUKjr_j9
zs!Xoc?iI@htGW*AAGmkQ9P#w!cq|Nb1u@2SIEic4eFa5-*qR!CKTZDgM>|%ET1%5%
zt>KnGnxl~LTr6qQY|w;r(PTS-mEXF}OfKim^&>w>FzI-qBxY%@R=}iRU5?ZaPcy%!
zy)J*%X+?iOS~2>1uWbJKsbYBk`b+5?B130(uIJ0DOD?2QLLYOVoV70lbkey`TZ2Ua
z9U^jNSwsG#Q>2Q=4q4n#+}4{gyy*jIcAp{8RA?MmF>9n~!dqZs2|n~}H&6S8ZyON$
z5hIN&+CKJ9Rl1gW89PZn5t=GI6>e&_r~zVXaEt#};L1O{S#jX@J8Dsb_f(O4j_208
zXmG`HwKPX|2i1n_5zTS){1%)0Y`|!U`>tGY4gLo~+mpB9{aT@gPK#6Ul|JCrhr8==
z;m_3mNb(P481hm7C8y#s#Q8xiq|LjM)455GjrdLfVeh%~mL3{iZ_uPXv!X^yeb@Qv
zs&5><8C&_kD#}&67*LfKoA>ig`nWhvPg0)m-sT0MekmCza4qA7k*BW5pSx6tVH8)8
z{FS{FQwPToTzCngwKX6joWEeyVo5=?*wcgcu7~w_2tn1QZp2yE%2iJ;sGbf*;b-Q9
zk`0q^rzNv~@%@MTJUd>fp7eaY$E}!3=&UR)w#i`rN4)aug9;X`2nY>a!~dJf_+K7D
zdMc=;hiv&_l=Ubc*v+(VkGoqI<DT<7*!e;al^G(UmyNr5hL1@XllMp$Bhwd@fUK!*
zQUWc3%nKfeWtpC|h8aw#7p4b97!oYA4ujr9$%YXE*q?z1EF=n>&r>ZWM9=y1hIPOV
zr?kH7U5a_@VfmtALVxNFSCG}~4rjfIsWWs^uK)px9t|QXBE9+ZxN#!+7wluQjPG=6
z^ZR2})azo#g|F6J9Pq|&`Xl9bkf7tD(DX4`Kr5{&hfnX)QzpqN*H0#{aorO5Bzkc-
z<YS8(mtgY^^8UMCEt9<y7C7#kZP$<ShG-{gkqY{jJ44a7UAkR*{bfSxrtq}CVJIau
z)x41%h;b!60#}=NvvHdlAX`a<%kuK2e9!YBL#a5CFGQT4R>B};tlm&+hk_Q~O)Jrv
zj`sliunb|b=>Rbl@==5;<{#L7cwG)F8n4ugG|FuG{RWE6GU<+8A@o0~<kPMfJx&Bh
z^e|4v#{-QxH|0NRZt2`k))q^YlGA{{2%=!V<^2A4)8;>aC?JLike|2UsH^l+X1P+A
zAr3tgxBpy&_37{5o|N3pN6t-#D+n9@_zyUDbeR<G>2>-`xu=KC(oz+@WuKnk2JnoU
z_`r}hpRc)f(7~4<17UNhJ{Qxa@_t*xbA@qyDSrF6Jybo+KHDK_b1iw^Onk3rh{ppF
zU&!F+ASa6ilLZYr(9-3K1rtM5OXUG8vvC&XUQ=BvG`EFJ+U1r$P*YYqhF{i2yP1->
zlY;O^BznmVmsZ^-p~VU?g*y`Du&&&`t6)Y<5U>?~NA^L&E;LJ71z%#T&?_nLRDvX9
zG?N~tE%A7N{Ifg{o@N+K>7r(u6$LpNc1hQ3&hQ+biny#(dZ5H6Cq20n#I<KXD$Qya
zaCez0<sCXGB$`}agY+EZWm>M(GubRFK9k_#kZbJzApOGD3Fa9SM*@)~f3q!4_-G$T
zVT4EY#&97aO(kL{-Seys7_T2QF&%YRK05Q9y3{D4V(aKWDK9*3Kdm0x2w5&Vt?A)@
zUybu2_Pq*jDSqs_TynY9wwLI+Le!UdTz{1{Xoofa#o-ALPJ8Vid<hfZfntK@THB_6
zVeXxrU}cb{iUTHT3)tGG72$Y}keC@+F_9XEBy=^9MciL~M>Bw{u_#D+Ppq*i-(xl~
zxwld-vtrp3O3kRMwEafr+++Z{3y2Wkto~;<`mb4AEe|>;NK7-pgJL(h0n_9E6jdnH
zef^d--*mW@d@=2gyzYEe5fKH~fQ5V!@Uc<&p*Jm~7yn9<Hr+o^d`DPf=HQ8tQy)NV
zYZ!hupZB8i68AYIU((WbKJ*U*RSN%S2t&!%dzXMDg?ua@pzKtJcYqvi#S#jzTWu?Q
z$ESeHSf5{<ttFrgSjZ%^?$RKsI8-AdEh{gW@G~2YGLoOM$RPH973vUEq^fCbni}%;
z`V{uE=0kaBBIB~&HUKL_1;Flp>q2Qi%M2#|#|0>cev4kUp+Vif7cQ}H&KiVZyb~Sv
zfv+EX1c~B&nic0m^OSCCIVdMs_d`Q@cZQnS3Uw+G^Iw(D8;N8&#|a6|qM~xpmNItd
zrXtgY!?<n&X|B4ssyOvd5~k&GP@gS0pmChW(&!<@t6()3DA3v{i^bNNyVLYNW%-A@
zpIa?_&rcsqF5frfil%)pyywjMZ#QoA3VU83KP0{0uFXw`?HrnZtW_K2_N57e{D|*D
zsgL<24CVdxzC+k|#*T((I^hnYHUv?&mLvujU*3ljleQFzRoE2HPyB0pifYO)+X>?j
z1`&rm^z@Dg*(#9B3~lNxW=OtP{dXt&Ut`qP0W{8rLl-ZXEnyZcWDkmdQrHXmQZ>1;
zqwYY_U;+1?`Q!4Y3diL>>0osIFld;~Hnb=hNQ+;6(1FcBC+=IDx`3O46jLIPPwzSZ
zXZ<&ooerdb9O!5bd<LtAzP|Owq{W~v3`;Nk>;s7c3ed8pAn`u3{Y__aRRuh~Sn+FU
zHd9prf6`TVDAn&1cNwwa#=OMIvlV#f@=3?k@79+o%-#aryL5V}?{wxJO`Bo9mefvw
zQ<YBLYUgwrLN`^;6X!8!#nafp!8io3TtdZr0fw0qjQ`34$WlT*7`B2(KyLPw+7`z`
zVFmAuWEbfFE7eCGpcR<-vCAc8YkK$FHhy3pEn%UtiDllzO-DP6Uc<%TBWx+|+^|96
zU9|bG#L{UX74MFO$VTcXcSq``GaP>D>!{Bvk!Dl$BGi!nkLnEWO+}RWIuG{qVqKWu
zgn1q}8Fvkzclskap?NQRdD29$D>=tCzONy7ai60C(pxV}xAn>#4%*O<=eV}xQwwe4
z0u1rbaCb!vJKw*?C1HTUp)0HmNYDVvKnw}KZl@#WjsOp^puhHOO#TSxpiIOZYuf^;
zU-k~|_|T+@@qmB^Xn+o{0r!7@awQ>Pcd&aYkq1ZsynRo4yf+phw9>LWINalWw~Uw<
zhwo*0*)s1vz0T$34sof)+2+K{SNEA<^yQacsW*OlbX|pmHf?;A6Xmlg6ky%quj{eE
z)8i*Ip{N5LA&&#?JHzMcXO3J>zc*s$xT}>`nfd@Is?Ksg8iX>CAl!b%6iG+&oT#*w
zgjjW?V3JaP-6Cc!)2N~@1~EkX*+%NwwlS2x-wIyFshY;Hi(R5qcN?B$TnB9B+Dv2Q
z@~tzo0-Y+%yPDUhS}p0TSJNkLW=chwt6J05tb4L2&4$!$sTYTSS5Ys%Z#oa#j1=ay
zq|dQ*^J9!?`A%MH`VGjsQAhaB*woji^1z8GCyml5B#J`JDicjq-(u|>g%OWGAtWT-
zl8>_u-XyS74Un=*sQ*BD8GcN={z@!yC}-K_k&oV;(Z<4`87@C|sEc|tLQwgGa&q_q
zjO?f`M;xxddvR!#GZielCZAakzF~xAt7%wLfcm~So<+2!Ex$EF{WP5IE2|RuO#_NY
z&%@`tTl;6A_|@Ma>-o5kk<u?jnorIGpESpd%U8juv&xkbsGlZMc^UGd_!NK+C_w^D
zLirn159VeknQ)bYZ`}$(`M6fme&emOFve`(7y!R34b4_NrF>7CmzxN^yPJn?hg`#S
zhPZdYZKOcGX}E^N|Gf|x!oWUA5d8f45^-0}(o)=k;#(Z?F?nbwr(WG-=&;<&2iu+b
z<g`~Oj_WuJ420b36-|0ys&T|Y78a}?xhLtacd(p_atG}K4`9X3dwL3+136>eI%|N>
zcX1!r3?&Wb(?Z54JMDS{0FuDPC3*enq{kPKKhTV%SJ=V9qZz42$>I<8h84@TF~)gD
zRd*wMmrK<7RGZj5lQR|_mSjV!A_R`HbtE!%POUX2k(7#MF;f26aWu^2ARBDS+7R%G
z?&evJ&S)u0d-BoxD(iC<Q&l<+q2WPIRlE&E7O_L*vYE#fJ(>_|thGRKJM{lxj3eC}
zz9j+o*i%-<7=A_<ky*c`c>eQj?Q*h$UBs~(UpnY9WM)ew+i6XbHQa?i&6RN01B(gU
zu^$xTf-2CSp3h`ukDqj3lwC&Ggx$`Ul&5jCJ~Rj^C;o&I?CSMb3OsM@@5&FcaOt-;
zhV!}yX&<YKA&!~bK2OLYC6lv^5KgKC8zz}DDyY0&gM>CP%MGSyF*xNCtf8S<a?kHK
z3~xI%B|Xn9pL#D*0v~O6O*LC-A5ZchtT_VH35A>jF2f(L+uvW!v#g#Z+)c&>_D$jW
zB=ZRc*5_PHR;U|qipt(9%~Pq-QE^GJRYpl!uWP3~6d0>{u3LW4sAowb^JEND1uKfO
z#(ar_xvfR?{4aR$Uqt}!%nK^ErZY1a@Mz)1k@)^z&}VDTpB{VOBXG?m)(tA}*2mL%
zPwPPFG4Z9i5|BrV?tLo3|9nwjy-^1!AH8Cd2~aHVKV>kvg}(l#jxP!N@`m@ipnLAd
zdvZU}E}1p7=fyEB>wD=HkL7b#NCFo5vvbX{Ui2uA1Pz?wuAX+UIT_%0QQZ8W5UP+Q
zNrEbOq%;{)MT{X_N~7*(T#X~@x-ZqL$mhlG#|%`oY!GL!y(u7n9T@5pxag_`mSQS7
z!9=-VMzf1EHv%^51Dk#AhP*6Tf_FvX0339QOu3_&Wf37yV6zO^Gr3NF=|zWa!dP(e
zjYDZMH49Ym-rVT0Y>M=L&H<HYG!!m&NiFml_Jp@G;SI<e7}#H{dIerhkxtL>*ofi=
z7C3g}e|9JqshqV$2e+Rozoe9GO7<Q;g5*%NUmKlfv7|Tt5aDXq*|#Nqoy!}Q-4dns
zGOO{iMkne*g@{8cpqhTvnHaJAk&tJZ+c27@o2aTP;+NW&rG$6P;kP?}?A>!ndR*us
zbVI@9{`8{zXgCY3eCPu|?5AH%?q=Q+8*tZA_#=+sawXqf@7!vCEbg125*bT}P?e&r
z!Y7o_kYr{#Uah|L<W}7uqQQ9d)7l}N2btTY;J?j0|DqV7AkwHId_-m+@jpKr-Hq+J
z<FH5@u1FHxzq}32>f<1tK6h<N`N*JexnFhI1p;-=?c@(1vZYZk{S6GhL=%GREF6S@
zFNrCSTSRWTzjn-@w{-DrcyHC+h3LPxv_2i`!nmO`m~5_u@X`-BL-ZCcU96Co2o(n-
zKw%0RJfP1@vjxsOXW0?&ZQ-9ZdSy0Sc`6vqN!WP34^^<5?We)`g&l;DwommYh=z$w
z6TN!fb6cgg$sLW9pxXXvJTXxaW96$j@xFlTs@(}c$J97;TjIa1_6@I+UAti~vX*K{
zo3OL?-)xEd4ZyVfUS5e$yczRlntT`^;10|DWa5-D40_I~0p{v&m4dyu<6{W^+uaFj
z8J#e6PId#(@R-~QpSa8}5qKJj>uDzJo&}KIvjzbmRj`-isDoFrc<vfDo_=R%P~|fW
zo(7l3w@+L+%`@w|L}Rlp)}LTHweg@Z$Re>)9bOG%2Tk(!C2$Ww1Cz#WP2x9#jwUIW
zGgK`l)BKs}!KT$YP_`x%DIW(5;UcTA<)MKMzk&Og5q%Me710WR0gky*<<dEZkGY!B
zjR>OGk(}d0`&NFwho^b$jtlP>Gl4s4j%cA5u%zzsNac&ZAvJLc>sZnIkT_$>wd8~v
zqVEXe;bU_L2IC2nwExsCFh@#afskL)SQG+Olp5E?|3Ck%Qvk>70KB+6UiRbcdOxc=
zUJ3Lz`O1;&-O+gn6ymkAsJsdp@!1O0X9X5U#1gbJRPBd^F?B4H%2!{$_l6`eEc9`-
zk-<jyJ><A=raqjnfifzt5?tP%9NQRM_5@u=2ap*6_dz*6g#=L(Ry!`ZW~>l_&}i85
zEx@OpzKQbdd`W6!MKf`u{EU%toy5c^kq&{S2Jb%)7`N4IU78s=Kbh$s>=adVOGQpp
zO73zZU+$vM6f|5%fZX<STM7JMXYFxf8q`<|x;p!Njj|2FUkMnixst5y%&1*|+80`Q
z$dz`Ml^{p<gw>eNj0Y&X;*H%+*kUGb)MXEJlO2q*8bZ%uBK?}8UI2z6!q7-eoW3Fo
z29HBSjxH;!?-(Lz3{%MZOnaClrqaR9$@C+l@_T9>6TuHaHJJ=riW7W5N*4@<Udn5j
z7vMB@{=ymHW`23|Q?`VDaS`HHw}{4i_iGUNFc;8aG^lE9I+ph_@^JF|I_!1vb=u}|
zN5VLzJtg7`=ib^E?9N|(DA=(+t;I6aqrbVxBV-qZzSy53BI)@YqCg=^aAMAx`US8@
zHLp^<n-jkF_1Lf98hAaYEYD?a`S`Y<H@g>?=K5jAu??X9Jd${`<ZYu$h=P3(-l`X!
z3>HR#Jr!>cMm!Ju8Oin|svm%sJR&j8aAs=8r0|=y+S=Q201;`yY~5+VC@94}UUK$~
zlO#eE5|Z-Y92oy%GglVjR-l1T#j;Wi)%;;Ru(^_#eK`=#7FYbVaJ()+y>+f$tP7O!
zE|6;Bk>JyP4sW_g)8^6cOnS@lf$#WM{o_r6i*rAy=K>MB_y+`c^cmo3sHGDf>%x0a
zb1+c_M~C`!u!sDIM_nwUyFWCI?ergl80U(0%3IrWkaxk;GEI#?aU?%T08B`l<yLh8
z5J5?!Ic8-eud-aE@#D035BQq2+E#8^lRBL`r1EUs-W981dZ56*Gfu_DOp~ZAUh0Im
ztB@tOyRHeLWh-2#kV6x-P)9y$>N1=ieV)bCMYYLkN7rJ>7DH9@#RuR9d6BtV`_509
z#Os4+0K`IS-R(m4{Dn0|`nIWHkJ^Kw!59xY@YOlV@7$i>5lVZCsvd=yTjuDt^RGQ7
zPG-@vNY_nQ&WuYU;<PQCC?<_ZSfCHkCI#MVC~>!7s&i+(AANUW5C+8_8E>e_9V=i6
z%mqnJ7~c0QQHVol1enSq664PcFb`&a>%W3-C}d|*zsnL;|J({vjqBvsCOm_KePOW)
zC-7|cf9nqn8S8pG0kNWW#&IR5H67#|F1yG^!rI6EU!5m6*<dz(f0DsB(PE=XpGa)`
zO@De2OX|!`8NtvG*493}wcjxnkF7YBB|B<h{oreuv0|~)Oim?Z++^OHN)2=VU(s~`
zgqCi65aP=<10j=MUdWdW>C_-<TYA&F7g6p5;+jX^pLoOhO1@;lG=Dq8SAK*v`p*D#
zFkkD-;m^OPbyqvO48Sy^uGJf-B_9pnTUq;5#Ai^hic%usevoea>|P)lng)j?xaBDs
zUCTp)h*WAB@_C8CcpN1yL||kui6t)ALqo(|CKz+~Q#=fN?y<!|@{bx756+#8?@cB}
zSEIt>S?>#mla75oMU-!I`5NwkvFLT6yOvb71dozwNFm0C6sqQ?S~9Ay$-$rBO<So;
zAt&bAL8=t%ShxKpowJs>YuGZoR=nS-#c@!Aohk$4fAPk8md)ygB)elXQZW#nT%kbD
zhUhOeIh6dyzS4ZP=44=ej(t2Ddk(t;00_6?V;;CDaW8pmIZ^RW#>D|Mr3|mc*PWqf
zd~5r<ki4J3n8{xlKdg$s9mxo@YYvF*R`VZ8Pbb_dKmE`E1THgBU8i5K#;am+j<$~G
zg3ES)6gn#$WtAuDz?PpnaX|QI)L=_bIwr-T?hoM2SXNd-V>!S@Hl~!a+KwBjT#&Rr
zZW{Nx({(`$@M`o)BiP7&zeS!sU@Ex9+%`nwws~DEZaqvLC`#ySjm{xevx65k8X=(7
zFm;~?*y+cd#`+6P<g;)rkz4=8J0RAz1~Oc*VhdtK{~tzSB?eBX$xYVF^nO1h4%rLX
zn^$tlfBk+;cet7PV2>X^E&O_~D5`ASe%Px%4=e9W>wA2Jg+U~HxAGA-cg$B>vJiZU
zR*UE{j7zrV^4Ha=@AGbcD|O(f>YPb988Yi}Ua<_TMj|+E;iTINyW~P(uMu1{g`EM7
zW__YEhIv<YQ9<ty{X}}1>is*!k?c4ljPUi$)Y*Z!l3HqavCdQ~TuSqyfN2l0^ftr<
z&g*o$Z>Nt*C8pWGMK5srAzN_05)XovRB858#M%mF?3*SVV-j5HL20KJwk3uA1V+tQ
zjdZ6<t-B=3t3Dfn^K66m(_gZ$e0SC5KGuW#?wLX<PfaW?x3R3C<KDsL`9}oCm-~^$
zrU>SO?T(_1mL?f)`{tp|7k(;7uugN7PhW~OO>d!%{T?G>A~pymdnZxY8&eHr;P{Oa
zTuMG%0%H<jtXD*ZC;QDB_Kw0`P*5I|v{!HV=P&Xd*ZjXbd#y*E9<(C&d}90PWpM0g
z`kpINJl63C*w1mh!gcg7w>1F;)QKyPPJj`e@33-OFCtlpLM0Wq@Ij_sMR!2qIHNbb
z<CoJKMWQy;idF-K^9Y7Da#QWDeRRvLR}}7{La!z!yZbu0K|eE0E;utQ37aI`;^3b$
z<x`lP4p70XphN*iyu5gr|BW$w>4ktB9%nNw-g)Ub$d|Ytp7)}XA4GZrnXTal45GQr
zd!&*4u5V%UF^8L}PZ)b!{X0U*qG-Uu!vSbo`uKOYoBUwd!EI3QvoYwo2Fvg^9?~)6
z<v3nN2HhEZt;GP!ApmV%9k`~YzxPnNB=ypq_>nd4$<}wpqZoTFrqq?HcZR5feZO{~
zQRvHdQ%#h>1uY(FW_v35;vu>j%|x+UzCCi4gVtpcB^O$}IB}zRFyki9Dg9_m1-!nt
zb&nqZMbVCkqhLAulx1vWlN>6Y5&=K`?MN<`h4II7u6L=<mSF&{lni51OBhVXLEnHy
z)eP!d;$Mmw)TGmwsHeAFupir+Cf8tup7eF%->xk%iEczo7_fzNcrmr?t~w%6_SB!F
z^*s!>V@A%R<jHrUB5};?3i-ZuByQA`eoXsDy)wf@CAo`Q*l1ZBOc^?sbY~aEGZR`%
z=3xtb?tfTPMWHVUbv{5?G!@cIZBS}@FoF|)tjqjCn6CY44k5Zk=j0{{DVnS|PvcPv
z{!YN_AP87j2qAoGEkA=F7K>5!iE@i=(fCPm`31-M!1+weC3y)D(LS`~MI@HF&-jNu
z#j1*9mfD!Gh0T!`H+uKW`u~08qHvv9aX9Vh?x=4>%OBIug*%7|TY<w!x=n8PKQGCF
zB!81$31#zo2@t}T;|%f*--<__dAg&&?Qw6$$z!+bOa}$7A7{oIn<^zCrW#OUUC2O5
zFoR(|Wl-7b3~H^t;_iBS&II;iL&)@K7@5dy-e^rKu2uF+?N`a3+Fz&2fANe9p%=O5
zqPZtKSrw~T60*Ja{=;wEscPoimRs*2Q)-20N?65L#}GPIE+kA>2}cuWv1`(vuz^}g
z$dZ3!lxe&ab(4xycSLVYEHo34N62tFG8&zu$p;}5nTfCwg-?MZ`F3FU76g9$jeJvR
zBnaHrLGZ>=M9Cu-xC73+>Nw^FqCVr0Nb-6#4xjs7(xXdZ$w&9ExqqLxec<z$Dp7La
zvh4yrW85JeLIUEbcDUm6T%lUYqcA*VP+`Hz^}}sK^lahwRN-Hj1`#!Z0rK>`SM-n(
zS?x!0b#rj#*gf$syWycK8EdJEeHyygbw3+N6L+v|W96U9X(El-I#8E$(y`f3V&WMc
z2J>zD8l2mvaKbT2@foQ1)f`Kyn;ZuW#^1r$IT^Q)#fB)oxYZI4Vyq%x=I~;SLUD$9
z3Qb(hEfiSShVgf4rwVN<a7w(DXmKY3C`A4b{qL}i-g@zdd|bSEIM2Q5<Z%yZ0&N{2
zk|Pqh&bZqr)gKs-%*(|?yQF_&q3Ges(c?<$Zu<;udr@gU1gg)Q>%Gq2Ep!iGP5n~G
ztoQ7qIu3brSje3o*V-bqYQdMr(3li~u+*E!l?NC!p8G6nuiFkoyE<Zu5ZCfTa0x9E
zWn_*8@eme}m}p7IIc`a!C$0Wi>{Kh376`ejM<*ZXcP-$Lq;`Vm1&IuxweDCH0c6Qz
zidJvlT21xa0gCwD7ZIkvsoF!*LE(}cD1?8!#Ytb8vmOXvc6IkShsX}&_>WX?PTMeX
zw<vTOXTnEz!$Kb37_H^B{qFaYEXkMHu44z7JY+6z-}+$jj|rfq);b_u^1-_I)Q|4|
z{6i4h{NvOU7OL>~C7%wZpr8*E%j<3jrU=qEE`P~hVet@1)44|UcNyo9-vh`1Oe78I
zdcHNGoM<KdV~-STMA9?W7ZX{mbz(JoOo=RB!<iVsY3g}h!8HKC*D6*Be;)6lqw(B6
zyYYJp0pRs3(2JaOuJtAr0T3+J$iVg`)<$fInwr~fQO{3$nI#HuCB2%kkCgDY&OHrV
zK^rm6Wm_}uiW$=rz#OD)CPonZ58|hHKd2X6#;eD8-=N)Zy4&Ru5OJ5-S%2Y#v$4;G
z(%tz~s{fYZ0(MCXEa*eflX~mlJe*_b+9oP~t;4RB@bvj)qQ%Zm=79mtaP<d%T%(KX
zumW`v6wOF~_v~d=vFK-hfmKNU0biq%0hX{AbbTZ0H>|w1A?mV}v1M-o1raGI8|xu5
zavn>E?rl3ZJCzc7d#T-55k@j^%SN`hIA~_YQhxMme%U7QLP;>EAYEar6Txk-(WKQ>
z3_eqZD!Lc4UD;sRRP(NBPE9kUmmg!a9x<O+0d#3e!;kB}G&bMSUZA;$ailjnOX0QM
z&DyDJX-0a%a%{rl!YF%d;zw+ms7Rc)M~t)4WCi<s!5Gh;qG=$A$8)BsoyCfUxQF#(
zabzT<C-|GNe*2{x>`IWuv-<j|=6sMNXSPReMX3<;S*(GmmMS5A)*yOs6jsvRQg|!`
zm8Zti{!X<k3X9!T@GAAoL$vM%vw{9IDf3K$90z5Q^k_^dEb>-rNaBRz*^LoY_DBKz
zOR@R|d|gtj6lz06HgU^!{Q*fJ-Pf6vvs0upT56M$<IJj&_RRq-PX`jS&T}Xr<5VZb
zcdc39EKeQ60v&;JX)Wof7)PwCTgH+_7D5&5`AInWwJ4Jbr&vkS>cT|=00B!(HJeo)
zXqim9$iD>>f?m4ADzU?0?&2Mb_g41D&?ZO8`*VwBHoHKpBlr8+^Wog5=f~=}S!LRq
zpoiz9`{t8=F$b`C_?7*k6r@7=%L6|}$0l>_`0n48j0}4JM4NYc45r3oIu=jb_Ak?w
z&+TQy^e6AY(*66Og;PA+v{o4e4T!*|xz*I4>Y)7bOMK|(b|Hfs%84MgO+tHP;s_WH
zMwRm^vCKQb^`gnIQ*RtVJn8yHhv0=m$EE8ZWn000vHfQa9n>VRMWwRs)(Wu)K9Cwb
z^|#l9T+;?Pa0I7olAsr9&2qM05AVH%X>pjhSnp!ifqB|Z_j%yYAI6AmR7S!On*;_T
zn=?iJ3D`9wa8soj0`ErQO^fF9wojSb+v2`{;e#B$aN4bu-oc>E{y~zU=R%gbdOAML
z*xF*zxN-`%*U*#=$6j&xs$Drqdbttf=$XJ=#C(ZE#`3N1Gx$Dcy9gZWb_3#PhlrdA
zzZ*&hqH9P~eJ8AxL6p@zOkGA`IGfqFv#`DcZMSH-Z3F8oZD!@!6uROFyfcrxbiaP$
zJK*~upogBe*50Y)5V?6d9ET|c{IigXVQi}TMBKGaf1qkXDl2=4`ir}?J!>S6ndjRA
z_HxcF&+w1xVLJ0WK!grahD)|s%gq|U@$BzFD%}74)YG^jIy-=Ak6W4iwN4tLH~05R
z$Ja3|$2<@CGA&j3QvTjslgDQ3o>yDB-k>ExNNL=19bA4o{NuY3ZqCu@+EKlgi0^93
z+Nlx-<McbOiUGFd3@2nZw!22`w=HgM0+@<d5P?<SdsU(cno`~BGIMoNEaOFPyvS8@
zJ@JRcB#k*#aGVBm{JcAD?+5j-tn$d0Q!i<q0b}>7w9JGDlB(sbSxDFiR!Rm4JnAjq
z85ZM8defM3D3=qGG6`fBC+%RO17A(QmEx;>n1t&xK4B=RF4S%3gy`S{-GdqG_esFl
zDr`upIw1l_tmS`3sN<K)Ot7p@v9``8OYRVMhYW>U`VrnQ%x>QE2)0p5ifU?$pe!js
zkcVgze`9|u<~L6GSYZ&@D`Y1KcSc7^5zW(%zj-g@i^_f#jFNx(&fs5Ze-eXbWtGoC
zkA3B-P&D4~kza6KXa6xi&Sg}7ZGwfU8UqbO=dJy5wWu+n_{<~R1~$;c2d9`>F2Gi!
zkOs&iR6L^DGE{hT=EbMYp3CxCsA@#8gppow;c1WvC}%3kQY3T-hit-Wz~{&qpA60s
zIB1qX87}ApC3k-RZ`S@FR4!2IC(!=9M-vliYKQr>ChytoW%B;T=cT9d5pak4u#xyt
z*u_y4RvX{jfl}}fWzqw&0{ztn^eyjnDrdY6c=CBc>S!>@7mC(&GG!MT>C7>ZMgg80
zZG|6-b^p&tx>_A+?M#ND&!UYsrfeP4&~G!`i8=dSehZ}^PG?!_4c0l4b{i_%m*O%8
zs9h&?ujrw-IXu&<YUOmr76Ws)DQgkT4JX`Hh|&Nc)`jaS)AR!)J%Iykv>%u-w37{k
z=Q&mPiHx-N5vvd#U=E&r<VyMi_lG90>J=#>w8DC@{!vX(U*;CXGaJ|4kLU4Ba3GlJ
zP2O<XTVggFF3647eU<LSr*^;mIx~inK39r*pL7}&;IJ_}HdPXN!kjT3g0l3s&9h}0
zKtX-5GE;)@!(SiXrP$*3oB!7!lTg;|bpuSo=C|Kl;&llrkX8*2Z;N`KE9|tkN2xE|
zZhu4DL0NbOq65%PXDyDZ-09?F&s$~T>fHVOO&(?9fV*O%tqY68*w{Uf@7Z3z6r@l^
zmP9KNishwlYDK0k3%Ya?bh*ZV!McEKoG7O_U4I2_hv>S}o?R|VtHdT%iqGc@K*>dl
zBSHU3&O1<%IG|yn_?zBq!M|VT`j==j65nD?_r&uzIhnpN9r?KJBOjY9)8gtxzH%9L
zzo8jmY=4?x%J$kymNU<C9<FQOj_{5|6QfL!1k)wW$N*&Cwaz|7ghanWf4eUWfT()-
ztEL!e9tCJ@Jhv87RQU=nDq1UQhEs$<SsqysKpj~y<bAs7y!l!4jmAjS%;chL+M!g-
z@p4L|?%;{#k)KEXY+_Hc{O<ltkGy;khA&^WirYWsIY=-C`WqZR6I3PR-@hsrG;KB%
z!TUB*sj4c@fBN0?@9By$7#>*{%gmK2nGKI5nl%;nFiK;S=N>DH6^b)hjM5JjFKln<
zV^GE=-Q}tgMAdu7b+Yj$pKiRZxzwkqAs2QA673%7pg6eAJkv<KC2j-zX^9(_#%NHB
zhMDNpu{D_6%)jR}IeP|Dv|J16KV20gLU%%d`_t`p<qux%jQL2yIHYEc+S>5lW+y84
z8wrqBUbn%dqh0z9yh$Xj)Jv0fe&KF{;oow{{DnyLa0by98T3&fdoQ!m@kM=sDKDd*
z={@OSOZs4_&!SH-In3WM>aS+d>%<49@+>CQL3H|;b16K=BY8~h^~!Y4x`SELl63<j
z>66uj$zG4MW34Pn+fJ>^`E#vy_<NT%8CXJt-|T$jffx0Ec`upYV{^s;>3Vr#j*b5d
zYXN@=0%@*icIE8}L3R$L?Kl+u*_`=T_L?sr!b{U5`ZFC?eMnHT(ok|+yrenxuH`vO
zAiUdpyO*-NnDo4~fPe<r{e>C%;ga`OJ`Wh8L|f5?@_{#X=c~Dh86;5m%JhQd8qVz6
z;?5`Ss4hy~vtjw#HooLqwBQ0RRqn02v6{q%(R!w0rKRj^T#Fd&Mt+OpIz4fkzHn&Y
zDcZFfeMgDSHqQ<^-q_TJW%kVx)3{ma@DN?wx3%7z>SvR89sSON09HR=)X<qfa@D)$
z&$LQ6qIlL5anR2E6#+f{0?}g}`Z}zfNJ4R?JqzX=dY?{LPpMcwi%2wtnB$N9u+v1d
zZ4Pvo--iN&I!9pVKVlP>Sx*p@x8}>On<sc~4OMK^--0VR8DVdu2wP7%htUp;T9yZ}
z-pyejS~4~VD&TlA*<z2Ey2m7*eScdVp_4HpVWes>8ptPfM#kP~U5>~35bDyj=)bg+
zC3Lqryr${~i%#I%(U*e`MEJdR&H#Pp-?w&vj)&6@?FlVc|4J5?Kk;FAoCgcV>pb?9
z0zL~>^uqeCG6)L}p9n6y(N&7u^ETOKZfW%RrOEo*CVYGz*%~&kY_ExNXVdq&i<=f#
zrK?Yp?v7$}b9jN5Gy@L@;+fGlZfOwv>-$gIW^`mvM9;#Af^_c+&*@y-ON!eAU92vd
z<ZB?qpPR{GvGR6o4#+WaBsOlb=5v`?J0;zscA4>{)vTcV6l1Nm%k3?2lOjylMH=fr
zphZn1KK$UGI+QEDKLcrz0_yq(A#U=O@A{T2?;CO(*V|!5JwRat(lz8))6BrFXwy7x
z1x3woA$7%$E4R89h?qYS<?C7sT0~e$>l7kZ9d9~G1UJ)8R0!f>)CN`XkvXUr>D~b=
zl=l^FLi9V-cwXABGXCq+>sZd}_(xmrC)_Iab*ufznRaY(?FPLSOq}%-#pXKr_}Ph_
zCU%XiboccqOXf38`@ftkk{wrGO{u5VwI*LvjnBDID3Ao&m7#;FY(q+7G=a>dPyZM~
zkiPuqGx-7&SOy*3v1>RYKib0J73ICu2hVbyJ`zJ1NW)Gq&B5h!>rxu*E`5mKE%`z+
zq`&g0d0eB_!%U#Z<D$Yec34kyXi)k_OD=*470UtIPBy{3I^Q3AFS=B24%qDI)-Bnm
zWnA?hF9>f&${v<clZ#_UWxGw3R-LXyFZ`33p2l8IgJk8WOG@EpqOO{uteLp=s6ZEe
za{BzcMAL&*EP=CtT6HXfg)5nEDm1i8jlk62AYL5{%%xAT<{vpxm<W_DgAkOUwKFS@
ze+w}#juP^ooqGJW8G+wmfT!nSHsFC?jbC<s-fD?+oePN4-1q0qU}Iugiw?37fhK8h
z$Ar-sUtWAZgv=2Ai=x^hb<QMCI~t$REISl6D-20@hzULRgLO=M(XSII6NOK0%}HNO
zzh^t1V+u2y?-UA|V|~TeMF%RXWZ^3t%%ss{|B*Qu^5A6TB=dA6l`Ue|XnVZw7|OP=
zOJR<EQ1+2JG^t866}v0>!Z3fCes4mmw<!;jmw_{C{AZg<fdbK@&%@<AKa}B-+Q)Tl
zcxqlU@7Vq_9M+TW_Z})OpDj5g0|6e^i^b6$KgDzW_ZWPcpOx<^Q@q4_sYVVf@2<>c
zv>S2W^p$>a5jL&(bg4#kJES;m_xFC%@-Feb#I;yt?**ox#=|w)6s8K*MKVGhhUt+C
z-}JmnnX$r?{WIbgOi5abv$;<Ds9(0wcErlpo8I=5QO@qXG_OhBqK&WkZBgJ}3be7T
z{YC?|U#S@VlcY*IgZYOoc%H_GX`W2$0&ol`M1$%L1o?25L!jCVvSVHz9H%SbpZIHO
z-~kngDsldOf8;aR$P6<)0sCMJ9D}-NQSMMFUIIakv7Hj;(6N&B<_!?s88?WYnD<P;
z&hv7}>--ah_}QI7uGBh&$)36a*ra%9$RTqib}>Mf*jt;xAs{(6(@~qHnCK;G5H_q}
z0?fy^w_$4d;a%>q)N^8@SGKlh{H-)AbJ|j7?STx;w+}_t5zpB~2|Stx`9%<x<3Bq@
z5h36r#Rk`g`}-Ypjz6H2`+cSlaqfOty06iM@SikG+WD)F*Q2F>*q5aympI5rxyPOd
zygCI3*>;yL^EvYe{eTZ6T4Eo5U-%XV?p8Mg&tdOM%}C1dLRNXZ`{X5)3!moEp*>_4
zn84mSxCP@XHk=d{EhcfzVk<SN<WikDzHcae8kVK056q>l>IFzqu5wg8nxRg3uaAk>
z3!<^<8LI3>fCyEpPF6@S0w&gl%A!AK0e>jna$2c4>nqA9+z6dFPyKE$4rt5u@Sxw&
z|GLN;blt2a98Wzq)}0My(s8rb-!x!r4QBiO79{XKUWDo_2MbXdQ+Q{~AP76lfb{Ol
z1mpAPLxIUN7ev(Moe6<BsjFiM@iZ=%upyo#mH)OBDRLU+3|wdBc^eE#Z>uqEh>)gc
z=M;0w=J>2@wQV`y?le*S<#Xa34G+M-4;*O>^0z61t%@mJCw3{U4C8}@#R#@ih(F{B
zr#G#NX#?2VJKsD^WCVt(<9XzKm*w?bIJy>w%?Pfh#}3Ef6-MF5(phO$9TPii0Tr|8
zDz!KBue7(_V?RHA8&J|fF*zr1!{yHP1ywv%NV`(O5Ta=R>t&HZsM`|A`A3G4Y&qHb
zw_{<V5(dB$`yVBHmt68ZmEA41iq1x~jvLG21Tp~2A?Wcdcem6DTFtp#Z(Z7K(d~8b
zienf`q#yLt={G;i?mXAKkEB~)faBs%52CbMwa8Ie%!Jvk2UJ4Kf0{Y;={Up!d#T}M
z@O3I$(`SkgwU#VXA}i6Vd{}Wi;k`7yb4!oMhn6@zM~Sh%Gz1;1N*Cge@2KBYiE+K7
zlitQT9hLw`_++dclj)Uo$>+1bo^9YWLT820VOs>INiSIZIjasPso@1;+q40|7G00a
zQuU9djL*}=^Lp9?^3JtHrV(Lg4zznWVMKnn82ld5C?Ok&jmQ-rN(^ETnUFOTCn5du
z!#tI#AoD1~D<f*f%sWZCe{Y-2E<^~{6A64&aa<;8F^p(U4^Q(fyzhNMoAZc^;G}u?
zIw<fdK0@WrbO}2a6G_A#B1sQa5Mt)g5h@lf#8qZU4d%3vhSZc_Zhc;G&dy>3t)h+1
zq?_V{E7@X2gE8Z<|0meyAJr(^0FL(_I6NNhQBknPdn|YCr@`rQKI$&J6&*(I?{V8s
zf@%~k$TvukXQR+DP4EgoH7nGMiSooV+(GojO^csR9&zOf>$CCRyIeBP&Yy;bMlX@J
zix5Kd;LD^NrHyM_@>iVVI2;!)+XAkZxnUw~Ur-*AySj3o3S_6J2ILqOj1~<KDJ9k+
z0gSSa(+a)@QBBjbdCk)Nnl2yz8e$pIqA%03>hW$VnZdhY-k9CMzQ&b>DcYVsU;P~b
zm$7B4hF6%X!g7CppB_3nAT?bG4axX+9?s5qpb8B*t+`nYrJBhq7!=OxnOTO0ykfr%
zj?E|S=`{z><#y8f8~bI7fO3QyLQ1nF*{TAUU`S(QLPy|6fxuWvCZFEmXhMVk0BKNZ
zPj0kWsI5x^+qSE+zf}f``~IXYW7kMY%AZ-l%lS83s<`{_tJ9!Bu!t}{8M>cvnb|OE
zNk~Kw+|SYX?4^aC6F9<uskrK~?>)$~lQO2<yxgDSCZMy>IsTfy!NY<WE-+D||L|Bj
z^piSlF9qI32j|ILaz0znWmw}Kd%oJ`bi?ji_(Dx}ZId4_EpL$LI6ZyM*4>*&d8Q&h
z;@vANV@-07*BlgMGxGk5-fDPmuyeXl6a|wyHni03GA`Vbf>i_Z*1&c`Y&X0zNTt~W
zA4Fg2<zbhq!`jbP8lw5pIMLBpDiWs<G_I@6EIrzHjc#<01>zcVPSnEqMU(?3<h;96
z%u`QVkG}O|5HQKqR^*Y}vXeoDTSj0_T5y@4>m1l<$^P?ja68NtT(!!nRm&GOTv>Cd
ze!S@G0JeOoKAeN0S{Z*&Ghjb-wu2$Up8^Y=WbXkAz!176SWs(WHw)=LQ-KKQQlpM@
zWSB!>p+U_toMbc$mEb@c9f}k?Y{s?-t>Oyn5&%6skp@zK{Ot)r<Hr^i<I-<5rk#p{
zVJ7~Yq^Y=CXv>6dgI)Hbs5xb6;<<<2Jo1<8_DR9y4D02s4dF8;%Vg>p2v+AQl?OY7
zr%iuwx1(A?>nasHVU_CNbd!A4Vh_f!Nhk|u4l+<=a2Mhbf&4%Y2+aRkr3S=-iB-YJ
zm+UoCaa)`e8^e63z=6Ey6PC`&`xaT$uD68a16cdIc1I0-cetwuQFl%cbx+;)PnKhS
z`45Aa5y0zwpD(PV6QMc*zB>;q2EQNr(PAJ>XP?5siD#}F@yIMm@wyarVR@knL4{}&
z%Z8SZl}i?Qm00wSgO-v?D!CQAaFS(2jmVS*GC}IK75lg)M>=aThMS;Du@th3n{7DP
zk^l7(DAfs%<icu6=sa*3uXRE&Pro*m{mf0oXp0`3(SC`#jk6b`b~6Z$uZA%|`PDb*
zZpILm!^vb;4LAHJUd?=*i&(Uc2!F7Pb`5cMinF-$l%+~A*>obThFU$AFF=Bq?t%pY
z@#M^s<VoTCFq-Ylm#hd`xd84&HY}zA7&$X!insIc+NGw$FiA;;Qdnt>chayyc%{To
zM=B>SBJJlgh@HBqnkUKlnzUY>B<qO%=ZC86>JtVjzA~#I`sgcj-@h#&{0Ee|K;z`F
zE$XPw%be;po%DBp8c%xGj|_oqZdlqmz4{@6rc?JBc{j`QL8j|-L>ujp*~fy+(?@Ae
zkippPuHnMVa#R@DyBanv+rsbC;pAPQhvGwglg82gW16S+t2(Yu`{#~}!8`Za!%6~Q
zCkPqYz=C&Yg$|N=hkf(={(>&EC5>2ft65pEb3qrm$~}zXmTIZ~EhST;yxcU5u8`n4
z+FeZEgyr1DfDv16rD=6~wK3C$qqJ&UjGZ*J*c9T06`%}ql62=;9u%-}#Szn^InWNS
zJGp{mA>W0Vf0Fw^(-><CqP=J0nG+8>JYXOFjg<s_UfaS$e>D-dh%<>c5sC1YT})QX
ze=maB4>+LUuX;HK!Oz`wd5`iTa>9-hAq>puiwfe!o>$Qr-_T;--;TJ*?7bGqukivQ
zzSrz2*#GFnd={^f)Z$Il@#C%bSVWjlHl8Sj?V1e=lo_769vh#}98UI2<t7uyEPOlG
z8WJurXIap+j3(%`kT36ySzlQZVn$DIcT8mkm#h7spxl3qYGMVTKIXf#O0mvABVEu+
z3*CD@-jA(5e5&TVod{aigkG->ng}dwkpiXV+BkKc=0v$G&F{TZr<0K1mcNkAabuds
z1Mm`t&oHx#I46nS;R73L4IH*k36t&Io>B|fzS!<`IV}#QXi&ED`r2)o?=_2b@}Uoh
zEuo|!0p_RrQAp4@>(EAEUlav4d5Cgg?xIIjN}?ngo7*CYaQ1eT-PRxN)o$wacNzm<
zQdOT<@=t71r!CpC78}W;B%eBa=f@Ab+s&qka+H*sK_y&k%+xULF}o%TTI;OontT6g
zxQ@+?LH`?Z5)DFcJPrJcF!?lnJpXCk*i>+|7;)XASn4dxyM*}wHuj;8?iggqekjte
zzG*xGP3FvYHe-t!c%Rb*%GVlR{iMkvLr2T}Pi&F%$@Lc;4sUuTN{@+^N6?U}`Tt|<
zEyL<ibFSgyZpGc*-MzR|+}+(>i^Il>ySuwP8@J-_R-ky%_S-$*b7s!WJ3mS<;1}7s
zla-Z~1dvD)&p6F)X{*I+r%oCeV9#!P%o-PAk+B2$k<>NQD%E<(4WeN_1r4|bHXdps
z`Z<nkW4V%0p(92jl-4Zdzmmx&={0wjp(3-`GWFi=ahd%lL(j|HiIi*m&ll@6((i9a
zezHHdyL~87BuSjeNS&7VTo-!keuuj;cT4MbdA#Fk<J3ox7&iX?7KNf9)E>~URtS2J
zU?g*?`X2Cb2%O)DPD;Kt$UR3ujRj}AfYvoHmajjSCz=AwUq%UB<r|v<@C09S68Kul
zEk9Z}<uzGzTDstTvc1R**1SM?(Q|AQ5X{v*&L=mQ0$_QnFAMa2r~>cK42psLegqFO
zS3i|YfqOiqQ>JH}K<wg|-dF3{M&1YoN&D53z9N1waf(;T&+n`5-ij0kjC-;@y{X7_
zIx+`!L?%7>cp#sdvP8nyDFiza_3g4oqXbR~n2)pcBz*YgX<R9-FAGLV*o2ARh#b?}
z*oYhz9s~U><Swa=MiHCt1{qGbm-4po{0}K5isOk)+2*HOfQt>DF#9A|74>CFqO*7$
zPBi9diO^`df2_IvlOBM);N32}btr}zL=DcZdd^P2mLI0=qkD;FS)SsOuR^jw6C+?m
z(Qmd9LcZCvJPRn0rD!~^cXkX|0wh~7nz+}GpSs`YQt&m4|F8ggTb?Q}Q!?1avlm?~
z`Vml&w)Ppo_Ic30rhWo&hQ?;f%!WrcKGUj+o3QK&{Q_iInAD;tlcSFct+Ezv?)hJ}
zJG9g(HwcFG75b)rTUl=OuOI^KERZt^aI&Y&sE@9u_IIH7jGF*qAxMu}GB`T`={lDD
zT295pzVe+f5kCB63p!Y-8y{7WB^Z&}HJEUQ5=Fi`SDKsMIRH!It-7m|?W;yAzv|=9
zt+$}5k1As+I`AHjTIe5TKu9*YHs3@d=w5wkT|G=>Y7{dorO8Z9Ct8X-j;nd2t_=m@
zu?$A+!Z)>a4&Y!Feq-AbM?CGfKS|h4^8H{CBYK+2(41v>WWPaEJBpz&QE10Zu2qXe
z>tng{KNj=+NeGW<yDPhv#BXXoleC684t*Y~FQLg-soU{kUl8iOoTxXGPHk5dlhHSs
z9SCJ-`JTqdH?Rp`+2asFLQKe+{*VE|I$x2_6?YVj5v82_oBL<~JcYcq_%Lui_3NVt
z`h~p~ul5^(Xi_9d4UwS0AmyrgfJ9cspu9%5lf8z<W5dlCAM+wqjzx9ki8^u77CLKW
zbvHY03{I)^<mE=fjG39&%<->vfN)b@mkF>Z`^RQ$-X*uG9my{Z$$0tb-Wprl4p~#5
zjZUx;wU&=&4=#;?TI~Ivv>5U#h$-}l#c4x^UTbkvBG_Q<BnjAvEO57OV4}|gitiy{
zm|owBxH4RGy{^>e>=;dk76+PDq`WaT@RMDW)>#fjhZV&p!(Eqo8>ZytlGB9H3js*)
zaFY*37rSGADpW5WC+UrkR5>qEB5U)u>B8}p;~D^l0meGx5IMgm8oQ}*bX39V)Vptc
zGsmP3OXimRsQ}(g>AX6om<t{q7F0i&NYDoF4+%K`siq>>f%Ri0lttmc-n%~lq1N0E
z=gHv>v@QM|s^m^EOXIqYH<Oo)P;AO`2?R*RPmnXK0_<B4{elZM$Xi_c&A*eQW@*}S
zVxZFY9>uw<&&2zchP{E=;K2t_U|5#2D%NCY24I%ud}ZIhE}>Rq9pUIP0v~g~jnBnU
zW}um-@1x;)y0|k))qX{>Y}4N`$cL`6U|Gz?L{9OvjNLDtQ4bWH)+qzHCSoJ%lC1XM
ze9pD(-#~Ycr3-ASfO700R54)TiM3wZK-+`G>?Nx3kRz%{wVZ<rLk#oq-n9@oZfA2<
zI<-q9$BaL6%kV;`a~*S~mr7KO#Y@G*hOyg~HlELnq3;Yb!b*j^rlL1B*E=)L|4s4*
z@N?soa3HwU8VJkY2n8`ce{8Ioey!CQL6pW}O~p>1El7d`IlyWB9oqRgKFSWBI1F#q
z(Uj)ZZCx=R*Q`pwk{l)rpILOYaNr|J*ngc3zX|JC*Nymw;MmU7b003ZpzjnmaJl?g
zhQN(ds#N?P9UHk23Y?k_yv#8-*b+ONUK6eR$6}y-+U}$HN*xfQPigU;@D3ibnr`*?
zBvl`F8z(p|5tn<39Y?c1hsL6AjYqTZt9kDQ7pc3Q)C|SaY_BE%@`ZJrIH$+7Q8_;r
zfLA<gX|yO-WmAm^8=~2Ou7?3~6%$(5IurpCmQs@-XcrU4Z+`u}D2blSOD&kd@xkNM
z?$Kb`b$$^FSSiuhd7hbKqN;uQ_sBt`B9j(Q6|RQ8{IcdHVj6~o%+@{ggVwZXL@{R?
zW;;mw`$zZYv2uv1nq8%i?lIE1K+47%oVnG~Pk0LaY%=ClP*N4vK0dLBN)&=Ku#n%H
z-b7_v%}fUmE>haItlL@GnetOGUtc_$AN4WteZ}vWG!85nN@Lwn(#HHbiA2!tb&^1m
zBKaV!i~r<m4~T<9pW>FKoP7)9iGF{M!i5BvBXwF>raha)*DRI$X&777*TXuXiY!J8
z$^or$A11kyp>SZ8QKlZsOW)dRyzn9vfyZ|xEhfAy_W(X98s;k~LN9(B@w85I%LQvH
zjr-Il#`C66=mof5O}+WE4<1$XMcxJNGPxM8q6y18K}CjbP!P9Ha%8ZVHW167#*2gu
z?WWYDH;nA|XO;8`J|Hm?+NxwXpN23K;8{wsS+31hwWJo1$5ivhjUEPtEYFbHwQ<K^
zP%?1&)w$+-9g4As?SAie<v5SD!7^H8ATX+qVeE%f?7$&^l@*d-ET|?n^ITRjY52-A
zo_Gldad79A*nM<55koA!u(E8<1r6b=H6bu8C1<(J<e79BJ4=a$`1Zv@fRS-<V4oFd
zy#mo2MaOgq!Xb+h3#k=OFa1Ahhrb4ToT^FtBM7Aa#Bx)J;Q56Qw%oP7>^Mw0&8a~)
zq~)r;^`(@2RXkCOwM>r>oZV@O>;%j}Z6CViXyj73oWG*!V8E1t**B90Y29~juIYZ@
zkG}u~p5O!yl;W*dv6V_12M>?pAt})4d<oLwCP;vZD&I;0)X7O{k@@STgA!h(3)YCb
zrYx}djN<j94i~8RHPNr(&E%D6R%p3+sywj9->72S5?;783Omjh7$?8zU+Dcw&<l&9
zVJ{^37~XrFedE|)nRBr<PYb`MuBl5;!L!{cXzjXRbYbWqqHDO8#fU0f69NtByNs%b
z-s*rs8zbe%_KB-(u0^MRxEC9dYO&M|$q<kS2P0Q+I&TD*@Xv+O|1DD$0%!QP7@Y{<
zahTwS_`GDp2t${%H+SG95UbsU$7755p09&(m5yo|Cg{}j&3HQh#9Hip6>z~j)_v4O
zY|8{-X~bn^XaRW`2=czFjFzt^X<{MrB#<>TqAqTrHH>v7I!YCzG}ItKCsA{~Z=hK_
zZx}j@_`g#Mn&_%<P+RtnHldHFU-C#4p;8gBk~mrMEHK#YG}WjUjWR6)HeOV_#}oDg
zv7Gjbw@b(GTePNXezgi>$6F5>F+iTYm*EYsWvZ(2XRhGUQF&xr?H`Vd1(!O)*`gF|
z=T1zQC{`}%I~RA*wEBOxN>|ks{VApiS(?5){dN8JP46@>t9N2lhMP-{0f*xy2N9$a
zfsn2LZv*}PZg+=28R^-qO?o#nd?p7-=}f7{RdP?2GhUrqX`xS)NJLTNtx0zRzF(Al
znK(E1+eCG60Bm}^-0|3v4;Bx}479rbz~#a<%|Eim5DQx_O73<C9k*SA@+bi_%jee0
z53k(@NY~&-tli-pI=4lsL-g^~M@{eqQr4l|9x)%Qw{>HaB=37GY9%DZu@Pi&3iM^D
zFs8@HN+R-D+xOfRnDJ<A@dY}5x7LO&*H%Yc*vmc(PM7i645H=<!9pCM^D@sa&R0}-
z?~f7PmE$robfJvNZ8AU#IHZ}Dh{v@EC6E3*%sLz;+ewLwc(jUVVBB93<uboX56)}N
z0+-*>*5K1EDUN|<!%3A4K?G~nd1<Qvy6Mh;?yXaeHp_9kht>VJq5eZ(_XkaZp{<rI
z%q)!6vwRySU|meXa-#Y|nQ7ykZYw9D8ucQ#MdiRG9u;w3nhB@QI7(+a)9(cw!s|J)
z`P<We352&2#B)aIytBmVvtPgXi{^d5)F{e|Wi=Ym0iYIipo)aVKt4`^3$^tdJXAu|
z7oSe%DnxId9(jDCQ6`2CMS$s!4r(JwdcC&PabsmojkgvS@HjaUU^Zu3khCEWx4!b3
zl@3wjHR*TWb4Lqikm#>BB{RPvu^iF)jU_TI2e0}Hik9E7sW{vm@ic$NBFIrM;N><x
z+Er;kK|yStfQ|&-iMyT4%(8+FgourQh79kYQC;#Y^%Jp)I?UElxT<>|bw_n)t80sH
z-es}on5k?TC^wH4U_`|RHCOXR&_4aQ(f+3IHlI*&u#H<|zyulT#t!k;qDd=PWHVx*
zptyd@=``Uyn&xSns<PZWVT?Mo@wyy+3U3{{p+m-R&kX*_Mtd#GUz+8epCRP3_4h7-
z&T&?`CI&aU>3s)%94(;D0JM94ejE9Oi$-G;Qu6){eH*#SY#IYrLaAp@rHB=cD)w(&
z^*}-;m@BVhc^%Ty9pTEsDO*>I6k4<`C%DE3+0fpTuv)9soW#So82TC(O>EvTo3*s2
z68cS(Ci88#Eo4*v={FRq{W-7mZ61e|zEa<tGZ0M2h*l0_5h*@#-O&lIK}Nb3z-3X)
z6qP%D?fb6#<Vi}PP4?g=0V{?jCSY2|5g&|8{JAkTUS$%;TaU!y{*RiA9Qr?-0ss7t
zK_n;zTT?xWO_Qm1L3Kne{}Y1Mp)P(pKK{F(j8t@jqOMGw_<D6sxRoh$RdZVBxN?ED
zLEWg8ng>gI%x2JqDG#}nPaN3R%)l4HjRp&)NrA=Q23u%#%V-@H{|SY?*VvkNkk*Lg
z(B8ppAP519N9%9^SZ^>1D%`7(F4{|k%%&27#IMtD^`<>>$XM`Wp>tTshaT*OljX5#
z@%a2KX9#uA8k}Emn_N=Wr&)i7TmXN#;_fKpABTK#omsbTNO$vAc5B5X*n)`*ND>j=
zU=RO9YZ_C<ivI}me*${wZwSzcBYIvj^pA~zewkBv2p%gkWrk8#^`(xQwS_G+c1jwa
z#`5nfy5Zzv%55J6VaQ|P!k?6-jvd6<n?Q$L6$ELh^f_LVb<{z7EHGpK-_1Aw=Z(9g
zks`Gt&6FA5Bw9ge{toR%^|GN284RYhBe_x0@u_P#dV(FD3|{Dx>>XG!VpBB4NQn?r
ziS(9@=o`lM(3KV}RlFEiUYk>J5LnzLAL!hA3DE#>z5xT!PYj3Wj8PYr5Q0gED;K=v
z%jCR_J%lQQmyvFJ`P%?km)m^GPBjl;5n@xF%E^}$0@dlMVTmOi?@iL8pZq_a-#SP*
zxh-KzYv@&(m~W*|a?@|#rx+VrB?(*4kq8joek@DKtUoqte(zbcQ5^dOI~`Wcpuwtu
zm@e$ih63O<26a&Kw54b~iC0|29PL3}^GdtL^PV75{1NlfP#d&?^{;8bVOJC#&>CQ{
z^1c6LY5(z56^$U*Uy!IK3X!UeTck^y$_i6%p(Q(JK2HcjG_1#XlSV)a+Ty2meoFO^
z)<B=V;J7Q;;j8sYY2#m9bX$7;ve-b#o2)GSyWrC0Pi(Vi$2pG=Go6{Ucy?x|Mzk9U
z;#8e5i#=zkqf3Y&?AkzEBMZ59HP7OjQi5N{xi)xpkpSa5TvLZ~i6M)Xi0@ft&E(tF
zf}v=Jn}yyujqxX)8jmy%(Lc3y?)@Q;@JlemB8;(~5!XV@DHJW@@q^idM@n#cMs1Ld
zFLZrU{5vh-*g~bO@g)@L+4b1R!agG-XV*%$y7>?=Dz?l}+}b(j>{co|BF>-79UJ^L
zB=NT@HAT6hwdxV$<HzKpV}R%ewQXo!Gt<`Px=Ke6P#Z$}(|<BYf05n&Xp%+{)El>x
zQ{)8PgCH2!e?{Iu7|VPa3;f01Z@_-iXkrdz##yzy$L{JNSb{6?84^)%kcKzTjSucE
zUEA%pv6zWVzcQ=*V=fC$dIGvS0f*x+!3?PRG~;*`i!v(JM4(h!%VOmq_4Trm-NFv)
z^3mgyo<RQ&6YN@=F4{nl6whVmfs+Fla;mIGrKL`B7)uS>5aheiEW4+KB@Y$ddNp&U
ze~2}MY8diTyHF7%-`<j^`%1^poCo(h#`^Dk8@NsKDzI1H-ql>7X_y4vL|vRlN=s7_
zspFwdsdaU0nP{R@hek#%7A>PVM124tJC>U=U7?Xvb%{&MR8iz-{Yc>eQ3!tRe-fR4
z0grU?pt2B8Eq-mq7UnI!^xBji=NauU41ah~8OSG#-0B@QQuSs?wTjEBvQ*frwu+}@
zYkTTzrd6v^R{$R#;Ao7OIw8(dsF~1q?nt?cxU|6@+Mtj5)U{{p)@_^%{i0ojM6i|N
zU?T<6gP&|!=~5fIn=^5JF@s%rnfz!1{Lyb56I$=IltH+U<h#|Si^)LHOo=G2LR+p=
zH=TRuNbq%bJ^;o;agLgwNxi|0yD^Ic*GkbBhsFigyhA-ciOquGS9*T4Skf3yXp$<w
zM={p6wK@iZ;Gr1ks*};cQ{*J0cff#1)3mlI&E1#Y01xf$P9x<vdv^Zy*R?hW5_kA_
zt-DDqzOIXwANfeUoOCjDD&d6wDJ=uX_xwy2EN9m7-k^c2Q3{@aM*P3vKPoH%8YJ@G
z*Q<*b|1<g(#eu<rv$KU7{DrbMWa&T>EL6alP$WrkzYT1?-8U?k%AORr=HX$LrP8>G
zDvcJs)XEsBrNSSx?dtK1bG>y->reBQFWag27%r9Ef9h0Z{jM9H$)k%?lZNB5*GS`v
zdno_fHHIDT3=<<MLTpGcOfVpbbI0k~K(nvkjfuW{S-gzg6|Z9vDOkaRbAmj(jQk4h
zU}!U95v+@rDk-livPjL~zF%5LDskU@Aq$+USoalumY4Y+6Xs^`7w8i(J-{I!@4K=+
z{dIgBi}YmCrfS;39>GE&05!_g`=(#qC>b>1KQ<~_n7RH+k0>9=|D17o?^hsNQf>5N
zUyX@{s57)A8A<^&G@3TCZYTBfGHQGAW>owmOm3mUs-8l*0PAm%@qgw6{nu|maveNv
zd#IVe)8KsP27E~V_MEj+_A}ITd-<U;$mw~xV0a|V3S|3wDcI%~Tx_$qUUFbnJdmc?
zoa#YZgYdu#mj1ay_=oyYfNf_=*~|U(hix6N4C7lH?&8XlQ;Wb#bsjc5DRE(6j@mO$
z*Uc;|rqxC;D$xuKhVR}Qb>nK$Z358BZ(o9#w|`nxY@kKuhMOQIX*Yf8j7kCP<6-%e
zL8Qxs1)zcB^hBM6a<ADIsYzL<oQj#EJJax+TqgW@9T})f^~MI2-8!LhYiZb##)R$s
z{A^Y91()m*LL&uf2(F%7BQ*rBI(92C7UCh@G>!}8_{n7Py4!=&R8e1e>3(@o_XJ~m
zVH<tjiZ5}+!AUhvHr^4P&!L13;-H+ETdmd9#<wdL7EsO>98dfu(tE*zg_J5mcmF>s
zhgEXO?Fb3*Trwfs%ha=Rd~O+~O&)H4v+tev2G_#P-u8UN2(Z}u@L!l62?5_x9<7MK
zY>0sF&uJxD$MDrK9u65gVk0zFnG=?rw?8c5SD-ZXj|!-M_NrAruF;Izz4Qou<ORGd
zNE2=(n%)hb&DQ@#q+kNYV(lamzx}CRo3v|*&3W}$`se#cLLc1ycN?|<ksv5sg;cJD
zx3`)ltovbZ1MLV3qJt34F=dFaZVLb__<6)k%i$<HJYs|HE_;FSHsZjqm_51Z8)CcS
zy>qQ8<rSq6y4Z)WiU{8&Tyd$@N)2X4<jt%?89c;w?5k2}Ct1rV18<A#0Urc%ae((v
zXypiy0*W-+X{0S4ppk&uJ?BnQQ!gXHSN8!Uc>IjCwbf#~ZdqYi796fzwN{c<G#wTr
z6OfqdA{Xc1uKBO>!pRMF7kt2x=tXaED|&%^WmXZzK=`vk-UwriP_sJ{7HX{m@xb?F
zErE8cI}y-8@##e=NG~8yPLjevA6fABO`9jbA@z%&u~ls>2V$9r#a>T&sZ4Vack|;x
z<yi+1_LAy&EG2m(>e8-W=9&ts=_(bC%XL5`CX>c5<O+mM{Dj(q`XJjZ@y6~D63FbQ
zay2oom0KbR<rwk16<Ew0K8)i|uUSvKL_tA3ElO62;y2KVSD0+#X|$yFP0(}^NzUPB
z6ltsj<jZ!L7gKmoKiS#38v(M8Ak>|L$Li&AWq@1hR9N3FcHbDKuzvG6;pBjxyNDQk
zF(>*1@E{5ZfNlH~&O_9*?J}>qB<3VXlZ70<drnX)@Z(nqm}L!)!iXA@#X8rKWiBC2
z%|vb-Xa&-2J`(VM#LMdNe&5@{0lt|<B0yMZ(=yjW&C26}yQ0ti3-8%yEtcK=L0_&q
z#oy5zI3sr`8bjR8j@_`aa;*IQAz^GQqY^B-JVB~hFNG<X!IjuW^84AgOEoOf(6CKx
z1!Lh;3~F5__Ef&xO2x?sihn$mz2os@sfp0`v3axr)Xq2R)GviCqqOL1cWfLEl2D-C
zPAWxJ*Xbfe3z*H}s^{wu`{E7@x;w+nz=GRwQV<o0lWdLv-5B&i66C7b$frcnrE)Nb
zXW^ghlVk}kqV>2MR2$b6Z`3QK5$17z%m)o{I8Fwnh}f9I#S6lw8sXR8D-dx`PrOVt
zAd(oXZ+EmP5j5N=PC>pyZdl)se}o3Af~Hb#py9wX4T&7F438<Vw6Y!RSWcz10k$2|
z*|g|#G?OsmPVx64!BlK%O%rw=?j~^x?B#rtjHp@bvi=Ns)sUJre;vN~3+VjIVe8vq
z-`KIBer*)Y9z=(7G7w~^%nT0(xA52GWM4HqyZF3~@}3DW;5mT>&k8?z_4=db1v-h-
z@}{fbgFZBtI1$E0kn~uWLUk)^j*H7pD>I3-ikBpsrmKw%<yqG9o#AKB8Q!eln%0px
zqclH5Qw1(>OQB(8WdH>YH>*@Ffj4#QkP*_y>3)tbdGxDt;u&%HmTN80ZjaHB4|J`K
zA|D`rja;{pCsiRd<`RCHN{?vR21IIpJhin&Z<`(v9V)ET(<kwHhYB@zP|mUT6Fy9h
zV&f9>IdT{H`88+DgzeRi-;xV)ZhWBG@>5}96%TkzrAyZPD@*asM2>gbb`>W${=G}S
zO1vW%2$b?`vnc<3`-;be^A$Iw9tz?W^3b`oiDA1naXg8tF+pV>UrNt-z-T-{za<lV
z_-geBO_dGv=Q2GOw{CI~5Lu1(fmiH*1ciEd@E@Zokl!PmLICWo5%xxVA`>D@L$psv
z+bcDBRCR%EC9}f2u4qD$8`%Efn&j8;kp90!U5|ALA^)6$?27)dV|~zwB5oGtOE0Uy
zDkmQ*nDzPds1ZFYv@GB7GUcwifc=$^K=P&J57o2wtUujH{>Rbt*}}g9ZpO|!x5sq9
zTc<plqTG~6uOr*ANOX&Un8;5@sb&pFDM&&C`+n27Hjk4*Fnm`NG))I$2pueh+a`q8
z{=<-9&@X+jJ{xkG0Q;L~A<i0gU49nJbSIt&c@}Hn_~w|y9qxprz*VM!Sr)LX&^8d=
z$`?70f?-UKKywr#-1qRPad*tgIYier8s$&s2MqLgrTX}1gi?)|#%cCzMazX>Ri^k+
zmBgxUXaxog<m*`2To@HEm~&X4Zg%;E@gj3LflY^hW{{DW!)vie0)-3R`Y@G$R5^d=
zHQ$*2-yl$hhlQ*~;6qc(!!xAsyi1-Jni2+6_k2REm(?D0Z7lTr!>mv{ECTGx#1EMs
z^|?PD{MjT6DncUDIm6OO3`%XPTE66H*)E09i#P^eSi&>ET-+`ugr1DEbJ{53f|bSX
zncwAT*u#V$ahYTpF+8)2pJ*BkQI{n_;sag22}2t>cqoeCwh_uBp9TyF%`(S!fF>5X
z6h*NRMeJ{*!CBmbKM0at4|FfipJ10Wk#kcT(lJ;iZHttpn-|7X7Sho(Q-8m#Vr!r7
zx4n$K`lP=`%>Mm(T#j)hPe7|PmLv=<Fo!t~StGkJU;>f+E^=P53_0R9NhFPCoySZ1
zTN*(q0ZAX(3Moz`l+fq4gD_Klmg{xp)raFG6L71HB8ath>IPFx)jQipJ7@`K*2IIV
z!aZU8<w=`e@KGeo^)(`CkcCl1kkbA~K)!$m|4oAc!{a-Wv9UQAJhE^?oE-=H#|ZM>
zeXzX1Yu3$)Q!xgj>w*aw6R?5ZXd%#y61WD?d4#fYlSQ*uZ9ZCD;wnWHJAf3rq9QBY
zI=AYE?x>_fL?JQ-CZ@-OgJ3cd!6Y8+Y>lam6M1Qs6XM$?n*<Ld>&97c1_ZQDqeOfm
zgSl$E#11G5yPMsJTv&<w+iT3FgmBi;h$Q&|z@A%;ltF~9pN<Zg*6GafSR>A&@%M5@
z)N-$O!dG0^aIOt}ly_vy=1$FDc!u3h>`qc}&gN=S*>HOp7Q$2`=ZY148it|D+F3f2
zZTm%CM)`NQ&h`UAQENAY2bF--_#Ti}B2_=Pl)Q=G|Ho88LQi=ByB2AYXwZPu;n*)K
zFHuwS(C`Cw`%WasHjvV-ej_rx?_YuT-(lASE!flEAmw8%kCw+?zu3kd3Q-!!e7!Zc
zPEdm_URZ<fATX;f@Vh@h`WK{>Q7beDeKth+NOr?bq^=st{O>hdNF3~ju)@#`jgbsI
z-cwx7D($mwo!RC+#uQo8;9z!_L*>ahpp4=gW1aR^JP2%^dt~gJ>8P5@t4s^9%t3*B
zK~B@dEWa&5X_4%*BXW&N)oEg%s>3WEq{lsj2I)sZVHdiNt=<yL2~D(?B`EIH++XKh
zuaVq>T<9x8%fc9I&7fUmLtHeyVa0ig?9_a^X_ERYo_WKOwC6C+D-9h9{8l-bE;k_=
zqd2hY{5~HXy$QQdtX$9A-S%;5o#(FSsbpd*Bsj7ui_tSI__zX?NGLpFxNKOWYsa6v
zl`bxSoXNC@5jP?lV<V0@xY|`VKMtWz2xFu71W|lYJbyXn8G{)E-4$l`1ow|{yNe@g
zB&<m3(9+u10mIj~D8;{whLa~UhRgSj3(YsTC6v@x?THVIGW*`PN^k=H*^m9s#q;Pn
ztpK)%ImaDVDz;B!TOElaI;UNFw){CIp4Q#+jiA>p$s89B4QLVrOe$hFUD_oCVYlgZ
znX{@DMLFuUP?Ltx+qY0Rofi!On!O_3mGPlu;UK6lcg_!Bbt3I9-&q3e*VhbVwjw}!
z6M1r@yzngw%P{?z!NV>IVe&n*T`6;kmX8L^fvv4S_|&g$Ec70}>NHi>)8;$wABzr6
zc21Z&$1mC_Tv=|jt^t_ibscANSon?X$;Gg9nOtGK<B*A2?pHPidY`Bbe_d>ZfIYrK
zKe^zOeM%Vtf6GYAeJLzEbNb1q+v}ws3?d$W^4BpXgh5Ogo3_ywmS73IdaeDci<mk0
zx@WZMmfS{6-$K?w+RH`^{Gp#hm$D><cmnMe&GWrJOLnV1xmN{GE2>)M8qD<zffEUB
zuE^?2Ew2&>bMD)XR4vc9=lO`Uagg&I-lPwxsv96?&}WEyYi3fUxPFevIOtyS=jZ%6
zI!bjcz#xH~Jv(in4h+V__6U-PbabP3^N0cMHvS(UXwb+owZkUG7Jk@>6-aBMN{cf^
znrFM13_bfnL6nym%=o^4Wnjm<ZF6V0*mic=CM2vOIpre>`hvNRUx>#QW$knQw%;1h
z3n6(u*c?h5zc*!`->-qt>$gytn!F6Ak(y|sFJYlS53nSEH>TtTCLoW3u%sBrR|qga
zESG_0AzOBm=Wi}!wN6O)5(&cW)2(#;(FM?XCtnpe<mFB+^)B*OEE(jsIPB%u-0-bB
z3dqZ*sV!EUTDmKnay3$t@YZ5+^lSEus|<?2eM-iCjELLVKyywELV)mr8i3v$Cj+Y-
zm?$EIFP_Pb_~=R(1A#L(_<;*Ve)wOr-Zwf-FEo~CM=L8GKa6tRrQ60Fy0+dmF1hCX
z<W6lxYnGn&AMlJCuRi&~UVT3k9}BuUl6?h>fbc0k*8`2B8XsSK@s5=Oh~9)5>cNym
z4iMybXqKLt{pgcLpP}14;y+$im1&vCU&+I!%OKV`BZGJhVUd?p3&$?(`RB3ea}=rc
zd!I@B17o!~R$0I7{YTa{MG1bb&B^tWOS0l-gS@aCeCasrdr#Kxj2kJr;hjB%JJ*9J
z<?n>OjxN@<&(0wNot|i44~l{L9lO%!umnoT@wckYBD<qOB0o&+d43o)^sdUd+gr^8
zVjL!Gi^Aa5mp&K8zYWrSQqfdITFm;aLWFASsBXNi6h|F{;m)JJQ4O%9Ik5oh#D!jc
z>Y5t0%K&rbQlk9rcj3eUWr^xn&N`W?2bv=YHqOIFyGAwpm6RO=YqyV&zZpzpe{&A*
z6b=HF^oYtWrL~v=a;p304&-PPgP7PvI4OE1RCY^t7*xLWlG+MDbLGgwHnzl@@vSe<
z-EM=@t4kj-JYhdmMa?v>u(iZtumj%Yvh6L!sX5^uSoWXoY!XabjRu0S+{T}mvN>Vn
z$%(4S%4U#t#>>8w%WbI<WH6p%LYrdS<n@%d<Hj;l@lKniWxVpt^^cg97g0t^gcgPQ
z4I}*{to_Y*<B0A8Y^lrm9kR2DLPtjL8mz7Z^n&{%X!2lQzG*496SPU~n__~r55fJA
z;MKokZN=gmF(a|cIk{XR?p98DO3Cptg|#Gs_YvMGz|xgR2u5x<GuwsO7u-iXV5VTr
zXb0l|U-(#<+9vvB8c24;jSPVP5^>`K97hCbe45eJ4K!nSkvg_91cbse?{)AGrmNxr
z6j$dD;ND}bkb2M-1%0O;A1wk1TcK%nZDKir*(15pa!MFYVqRxN^IT;|o36DBjkv&<
z{oYBo+o>A)uo%v#2!CbIkn@F4YO;<+6PnYVoGW1v;qm%U=$~ZJC5tl%D_juy_{YPo
zL(72ilGF-UdKKFp8I*ED`ZWz-3E&LxH&l%I3vbvwb~!XjPY4-@sZ4n=oo}j389Ybh
zB|>xdu$TV_mdR!TDU_v7cB3XeN67|*AEw<P9L#Sh1%B+xwbL#X3{*VBv7e<&lO&*>
zzU%bTvbZOhu$G<H`?P)<aj5*D_U5+lwfwawFox-_OY?`T<LN*w%i@CBh@GEr@kj<@
zHvsWGAbYvF9VvC%=+J}I6!(s*NUz*{E!mHVPqiMZ2SmQ5quEg~ab1*w@Ha0&Npc~C
z8R$0WD5O-01hi=>4t0QSs>zKjLO;j5WOLP;sOeC%$w*M#NY?Q-JQX?Cr|MJoFU~K`
zjzP$68KbSu3f?Gt=D7gfMzt5m5<ErWh$j&YI8~3QJmL#n+>$i)k!ul%&+WaL$c_<D
zN$;+2lWYGFBV?On6Q$v0T6ju;@QDGB0Ku2k<^Lt!M0RP&oN#j;K@$CeduKiEYf*un
zpf<Xf)#HaV8wRX;ZPxEJr8or;!6~R(dIUPv4R#{S{#s7SqtTfd2x%>~J|zKa+H#+T
zic`aZrLGeD4UdYv5Pn;8iR_{;R`+&2rA#>Y&FjjG8}~t8)DkU|7!@)MNpUf>kp)wu
zg`rObas^ml7Itqc!N-<e`$TbpM;Xuw>^Mj+$z)8U7rfM66G0&8k^*(u)GSB&EZk(Y
zOJMo?XqCzIVSv=N2`Zhzfv;3&8!xW79!5_X!*+HRO)z&2{t9|DKsqx6Ji41WYl~d;
z6O&K=ZS(3`ql87I1=@*9Us2exk=l3h8U}WN{OpBVsLW@%_@VBLpaV%iQ&R-!qXM8)
zk%Y^Y=fg%!cF&Ih>ZpfJrWq46K9l=553d+;Omg)cShY8d!c{{0KbEEUCA<BnWsR`W
zo*0NMCiV@R(NTlvJ0eVZR4sFH$pd5~90TRDkqS|r_fDKtd3cPi!>9XmrWJ3LM5f{k
zXmfJ778I^o4&FQT>XR31heP^DvS6HE3qsFAwJ5w$42b(f!0PBCv0yiGQ0Kt!@*`WP
zqwdff?o_%I98KA=D5&v6<T4x;VMag4!0mftQ|JHe@LcQcCZL6HMUnTd{h+W>(7RT%
zKIw+EIJ0?ji!)mIT>tFtf|k!U_d-l4JDQ-<Ju1fNqt7C39oj}3lDHWyjfHr78QES&
zD{_$M5QW6Q(8$uC7amHlNdPPS!+nn7gJr|;M{0Shwlm%;rEeSF%-Y-zquG+(O`<u4
zcST1&=FRYzuz2L*`%D+v?H7}Yh439EwbO|`3rh{-Bw|&5gtK<m=}Sv6Cnbmu>Qfi%
zu=|O?-1MqAtqv%N%t%aRf=8e3M7~Z0=*%W#8urAv={A?xeSt36^ug9w-ntO|ZET^S
zYjs!;(r#IC=4GozPj^sLu?yak=bxI&-BWTW2-T;iA;Tn?%v3wTG51W;C)6g`v9)!P
zP)x|3LwOnRBexYVRrjFA)gW5GTtI$jg0*vszrkHjyp*~LdCsrK9l0~;&6;gyg0Ut?
zTre2GT>T+B=GtL3+MAzzl;U2D<d#?7Xq@SMf>uZ0<jeS3;&;n3&@^^ykChXn$0?;2
zMLTK?)bB=jeII5lcrW#V6Q>d|N8x5&sE!nBY|zwRqGV8BOxNZF5MSsu)pcinqIwV5
zSE93BM2SN&6K9zf_h6%&@+x66angM~EB_$6Q$vh#+Nkvll1E)iM;85^Ct%itx5hbg
zv=%p=Nf_Z_HpjV|+kFx^O2r+3i;rU#q|xz0t$^&?lO%!-#}(AaNOXFK09xl_B{7BD
z)kBE(q{XXDWIiW~mi{Vw+iXBK=rtGK@tMJ+P|BJRj^5ErV3l=l<$7JV%7A(w97fz3
z2m#JhOAgew%lo`VXKqSD`r6?WJ{(YMczwXID0U*Q^Yg?hU}@GyEiS)+A&il?-Zpwl
z6Cf%h8ZW`bFb<9`PE-H|Az{h`6!I*WxS)7%2trR!bVn-92+d)~;qsuvKM`)tn8`*4
zz9^&%5`%P^x#9$1e{%tU0zOY8EJ45ZzObFa5@btqM>uY%DFT?GR{d10<q6?MSXr63
z3)Qf~v5b<AL1ouS9>oG61%_*0;VdS;S6BA+XNhaz170>d(Qt;05T~({`n}7oZ5e|{
z9|WKTd?2@S6@v&OKXJrD$h~-jXm&F6ip*)H<@3V(vXWBUP!qIb;!d8&Qs)$Yy?8rK
zKMY==+Z~@ah1c(8&a-b>Fy9`Yx<QW=G$eMY)HQA`GtVE0rAQ~b`_51x1k#n1jxb@q
zSjBDuVjy1q7!fJE%Yw&{bPtSg`smm^s&vgwD_?LA?NVgZBY|N|tO(93?`oBC{2rVo
z+Lxf23ut%xrWrYZ<v|+1j8ush15SQjd3k$xfNUsCY-byJNC;>O#-Js!{fWO5j`w%=
z`eo!j9Ryac_XcH3VkxrkyRU$^n)P64X!Z_a26fhO%6!89YV)U-E|sd<ayI-D3lct4
zMNa(`o$Q-tU_lMWS^<-vosM@_3o#s$`4zdus<wqhop8?lm*Ea}B;#?(pN#RaYnNB>
zq2wJ#{c3#H9v%MrIa0*bGqvPrFdUID@BMMeFjICFo6ZS^`mlH$p;V8}#VQ-$L_y7M
z+U`Ape^<@_`fzhd`=LTDuev0B_D2;Krk!jH%{Q=b#Rj~+xWF9w?}hYK`ZrSb<6!VX
zVmpUT*jNNUQ-NkP_VOaYlE+v@7^!M^+I!)q4llxn4jotT%UMauh|ISl$++!rdB@(w
z$Cmv=^<T?5>oKU=c`to*lSD7f{oKm7&7--Ks|jd-D6KE;_xV&HK)be)e-vM}anA4_
zL#TpoG$H|!l9*6>;8eYSsbDRKbP&p&S)5c68`kHEsVO=W@nGDlwa>BYse7>mGi){-
zm2vM`&Q+G1QQPpB7~hm*mxi*5pIiEBR@hUnvP}4-!cB`tX=W1kzTPJnu7mbkAKla!
zbbMk0ZP6gA$4biM^4;2`Am9b?<&9ULt*&ucqDn?UShQ+f@wm)0K_X>}q6g|MlwUp@
zJv(Om=E_3;GyVJv$6v#4nvXz12*vm3e!d1{_;}3=MLety1)44bN3osbR)q}jBcMj?
z?PjlD`Mlh;Cii3`qsUGl_LIOZ9mP?ysHvXLOqd_5V6k<kUAKzico9FXHvFbyTVP0J
zQ<ERp!ssaNJ7;%QiiSVJkHuKZ_v~Y*-x&pK7<p!gq9gsyQ<aZY1yS=<j6!jHz7)kS
zZ+Li+XYLM@OHg_ggCStuE)7;g`Z&`1-p-+;0=Qk9KCp;P$YYn0t1<FF!)9c>i@uyO
za69XBd%IkJBH};%)K@al0B90JLxjDN!H#p+ICq61@?e=7@Z2q6C2Yq>Y@!RitbOfd
zb`+S%kC^H<x)|cQr*w`R>lrmN$ZuzE_{|`ErQ3uC4*@t@rA2_o3)b+FzufLMWr(UH
z-CTAC9iV2baGmExF0oimLvFDILSRP+Jv%b0yED);!HafT%<*KVa@a_jfijE~<T32W
z|JUT8?(QZo0`#obK0JiCBA5f`@CFJ}-e)JT<6*ZJJ28G#9u<(F%AJROaZXQMbRyaY
zP-RxclXQh;s+GM`-jZDmrH?hE)@Y#wyrfWeR7vl#f>J)#TBNPKLg=C_XVI`R8B+52
z5glS<>e}cR*>TqDoJx4+x9;E8?~%}Z%wojk)SwmHeJ{*MB&S1i)LW^EeHaElk>3vm
z!9)_7Jt{5ZV#+c%rCdkRZvqxM^rp?ze?S&;TVXn)kLLdEOA6nWjC%RUg==PgrIkC#
zUTXz3U;mqRmh?9!jtr59<Oql>k{4y2X_#om4<DZwlDfdU92R+UtY_(t8fM8jr1*V_
zV+XOr3B{8TU^?K!4)HsRkM2nAfnRT@0~}v6cM!c`1wHi^fZ2Yp8R$gzDK@-JzY8o(
z7Z9hy?!P5TUPgl0-`z-2!r*^Jf`4;sTFAlt2WwEXtDblF#c{4(Z4~>i@J!Qf#4k9x
zpZj%DdQdbm^dd(fgjOhYK<=*wS*@kdE2|v^Tv{j&+Bnb9XuX-J*=LGhzeSVcieH%3
zT$U9obu^a;)Hpfz(Af6WtTsGp;3LHL+?Lx!<{@If`!3pus=aFq>FUyW`$`}j4_V~S
z>{y6c*jfoqhdr3A5PFr)+biiFJ0$Y7S_t5C3x4@pcYwW-owqA0oPQJzZeSgR2@bk7
zzzA9_K#1Uy@GW?FXf)TbU+?fdgdn!9gLZX+cY5_G*9OO?$VimFH=4-a25k9}-Z7?G
zO;^l5apJ4rja?~Q_AO6|@W={cJxsn4uxnqPQB4Dwk%SRhl^0efg@u62S5=@S7>*P1
zW7Y-MsUe7{ffhGpl};096+D>Gkjo%_R4nXFn@=Whs`vZNDs)j|p>l;rQLrz`Ir36Y
zBmu8#jf$?yPU&pPQFHNwFNIWtl@rB0;J=ng{8e5ti0mqAu{<g28DCQf4DBA<zT(^a
zDuU%HTn|j!e)E0K1{Y}B#oJ7!`D6ZevNH^vS`vvARcZ8fgcKs|qSq3_b55wIiYN3p
z=j@87sgC2bF}PU<j<$9y6>a|~OB%$xJY5PLXkGD#jf=B2t8?w%mgQ<3jerrg#))t2
z?-jh6?=09^_74+Zx;5CHo?HBMr0wc~AAc}^Q(j)|pvl(;1r8&|7)Vr?L?ejvfcYTS
z_8<}61y!tRFd1~YEAbxAd8%5D4=A0tVqjXnEG|vioVY$UHH7LywCk*j)@sK}XOv=l
zfGA3}#W8+Q2RsjUCt3QWDL6(?KAbpRYkoSauxpovFX6BD7{#_K>B+-0vUf=;2OGDT
zpBh~4?I52AA)G0&5Hk-mMaQcL7Mz<}nQ%Bt+44(?xKr?KYlc-kO$v)mV+kJE++|Jp
zEFIVQvx=l&)<D2UWfKkU&t*O=a+Y@qr-n-d+b8BhUrby6J44F4+~4XKKW(=6{<Tn|
zy@AY0N}HwK+Xo&C(E&8|@su4B!-Z0e;QU&EVpOo3$6Yt-3SX<B3Hs_#9U(L23l3&@
zk*;jLs;W1g{piaIZ&xy=5hGYx)HtfLBBf;NE0C9Ubm1M--KbonfG~G&yz^YcqV!Cb
zhsDodmGku37eT_1Gu*`LSDYhqtYhopXQ^9?xU@44bqPAI8lQ4sB>3qd=tXvm62@?u
zViLq@h0{#S?`I{}(y45z*BRW{ria9Jbp4okK1*N@;*hupb8Vn4C=II})d?S5=On;;
z2ov>;`$r(2Od2v@<FvJFW3_cXbZ|coAxRZqqVsE<Y66g6Bt#@D8(dguaN^gR?RhjR
zPJB9B1aFI=d)Kb#rlPWteD@81O1kf!ST$d917bfv$UJn^D6$s@Qzk?4sVS*1TG05F
z6GTCUW{M|!XSIKJIh-?Msm&~=YRJO0NFzKzt{Tou;`GDi$To2t?p|#6sH=;de!?he
z!H9uo#|fhWeK-In@W+zNQw!(&LPyVE%}vby8{+|Gj~h|AT>oYt5<X%h<^ps-3Ys63
zp2fDrxe3*hw37&z?fPrccoAbE3dQSw9C3x;w}ON800d!b19v)9NK!(gQeEU7dL)Pd
zal$JoG2*Tx_>;45NCyqE^!77RxF`J=Qz*W<?Df(Do>xXM$2L3`c+F{kAb!2U2F0Bb
zaH9}k(!0kY58QwBZNWQl{Hp&pUi`Y;vcM-0IDsAnI*V-(Z8%}Jy=!!P*hDd@M?s9U
ze1d&S7Q%ob5`zGX-;M!x6xdS4de2CQ4K+bFfYqWl3K9|RtA5y*oQx*MD4tK`8XtnL
z<wn}TrrIZq7#>%YK*@4OY$|_e<5S;Y8zaba%kW>?<l=-?dH-r;q(G<cE>*$R>Li-^
zDvd_}WBB45&<T00v;#f4x!_@@a7@4vGt+z7`&Qrh2f}nV7+^SLz-=beIJtDv%j%@L
zDUv{<R#lun)-p`HuL**#O4am-y+)h`JC5!ZW!ZEkx(tSzZM7|MT!R76Eg#{}<z@m=
z$Z*4JfYB*o1Rtn$vUb>LAP%_MWbOYqq1lc`>I4J2!fC%Vy#TQ?D}A!JEKbZ{JxjZL
z8NoC-I1ub-;zu4rQHlq9ffIbp&lp{}EWNC<2VcO|y&@FTRg?P6-WoR@`tZ4>a5>9*
zB|y<YHW{MC7?}VCbOTdsY*hD1YhD#Ta;}8GhdW?~@0Iyx*ropLkffR*>q!eacI7y7
zj2CWb#ibFPq$rNn><gFE!}n%$MeX>D<za6J=cMc=Hey<%xa07hxh1?GqF*G1ChPA>
z`O;BON}0C-G|V4G$~CdCCm_!EiIGs_C9G_RLupS_p!4t21)}oDD{F3wSCI6h3?Gvc
zb@(t7pBi?kOBD=|OW?dAUY348r<<rXEoN6-@x(oN&8@e!nqIO-Ja(;0Ug<zf-MZM#
zEFn?i;%cJWgdCdpV$)ypE}3!Cy&8dwttaM7vB%$#w-~Vue>&M~_jhSIdu-0x$<^{2
zrV>AL|GI?6ac&<ZsSAw+?85dj;8Xp<wvGr*CsF>|o8n@eKP@86Zl(4BTAzZ|@@G>=
zKia4KfN}m1QS!xH(m8(7wI-uIp1%tKo?z5=K`g|pzJSi`_TFFD*x!8Xm7R!)9Q=@E
zCFenqz=##RgsV}jWxo7`oF+*t1v3m|fvZ+fmR3S)YjHtV*R%3jtrBjNa1k7!rI4<J
zyo{p1G^mu)JmQTN)66hz(#(a*?#f;h9NjQ^Xipjfeq0u2#q=?u2+B&5iIH0Qq>!zW
zzh=H1a!P_ZN`f(OcNLC9r*!3H$RGE!i$jPj^Q)je-{?1QXHm&t<Cl?6_+-`ar{JJ1
zvGptT{AR(T79%1!!AdmgU<U}(>X5h1a=P7vA6#tRD*={bXBlzF$Men4n7(334{K*a
z5MXWh43WV`imq`D#Y=9I=LmYS_ns3trECOBFT^ydq*NlE2IegH`Rsbux#Z?iAo;<1
zJ4JT9O04^DYnB{{c<S4hlPNWugC()YX56yk1sYH-j-Rp?j2qXV)q)2{Jw?50Vql&c
z>QmzvYd+^BSuma-k(>HczJvH%tu>iiTtlwE$s)~>KT4fJ--2X?Jp&$x74T2l@c0qz
zcZnVI!IvLJ5kWh^BZQNAIcl<h$x46%;P^cDU1#e;dJ0Y~J??iCUWx;(eL%8-141zR
z%%>kU?urbJh3O%kaK6u+?YJTpv`t#}P;WX(tV)Vj)nS76i|B0{r`%1(y{XFyO8&_i
zj0pP-c;}ndEDGUoY2KVD{g+QHhT<ogEyr6uNnqpB#;WRHu8su!uaupQk!|F1TML*o
z_{&CfB0OSrH#y#4%Y>MEp6h-w<plnM8a$AUDZgluwh358am59Ahk^CTWnjL1gikTk
z$Cx|8wyQP`{=nDh^g+z$G@6jhZ>)L5!h0syP=sDg!a!d>pPXk;v5+ym)t;8{r~;dC
z;7g&M_DRt%vw<&)xarPYH)6=Z5T()RZUgkY-25T@?*LxHCb(3x{V-F&&mGx~#GfXS
zao#4MgE3FXOfl|G$gwOumd03EbkVp6?ds(S<LRkrV^mi2*3VfTv-ROuoDVE)MBJM(
z#-q*ED<mb|T|JB|Yl=E0v6jwwRTUU2(Y;i^Qf2%0$TMG;MkuJ*`~o*exs_276mKgJ
zrQ=X-97@5ONGlRWl%I8zC&xmfYZe8)u|JUcf(*Qed9&+ONbmoC00~YF2`->=FckNk
zKmC_}5(ZX_bGV}wyrEH<C{Y#;o@Q<d+q-yW!QRog>Yl&vz45*;;J4Dkk6%~BQE<<~
zPoYXmD1ob?3wHsBC1-;O%;Veq1A2PoftN?jvYPtt3NL5azmgjCgnu#QYaYAK`fiiI
zZw3Yg_&hki2Xw9o_VEc`i~g*TAU!db#)=Os$NPOHGb_7d7%1|l=}?M;5qIam?b=5#
zcs&1`3L*7J?%SeeSyf%Hq@Ps-o=}Ze#=9<}oKg|Ir!mR;9Fo16aELJiG)M14jbmcK
zKCq8l-))}q3_b6OLwkY2t#&Bwt8DP*{c0AQbd(fU`A6)c2c#}aG)JjnJYg?CR_^Zh
zAQIk*RMf?_q+ck%Z)DD-0^fMgkOH4d?~}0KRbRP-k-heCedv#kzX~Rr6b<{G;|(c`
zKd5P1TMTbrW5e=}ZGH(u0vfS2dr2svd3P;G*NH`b_gIuPMQ*YeD`=$W{BB9}NwxW2
z6W2}9d@iz-iP2mtd$B)=QdhzsRURD4%T@ez@+KXE1tY%ASs*L)O1DxP8TWcKv8RYD
zz4Y#g0#FPdG4uq1d148+=6b9U9^6=MJ{#BF<h;#zT|?aPHOiPA82z(^eYxhumAOIP
z(9h7uH4hdQKP!`Nyp@MU-lEll*3WKLlTg{|V+=IzF(^)n7&)RPFgwwIsYhwVlm~R4
zJNO0jX`J+Ibv(Zt^x+Uc=wtr7)eb}ikJyyiWldJ2_y|jI0{iqMpAVBh3{i?EYYf{7
zLt`%aUa&<;=(*Uft!s;R>!S3e5SF2Y$N6?XJ^(!I-f~y-B3_~IjlQo2khZ%0?%=5y
zANV$;!n`h9=e6{sRF3(5uwVA>T7L3Zg_5`3OJ!ZB+{-SEaH=Bz!(wxT%H7RNG4WIX
zYjM}+5%Ss3z~6Ca*QHot>Ji&E^9d-+4_-@+Urh?QXt&N&xzPy>?u37_5c0W=t(Fky
zFq@6;iAR)pjqH~jPsaBY{Cd(Gu+SHS-J4B2Rf;wp{VF=0MTAIN`BcSimy1=>J_del
z$p)SJmj5Zxub&mcK^3EQ15JgBm7{mQ(JJ9CUw9~Zy8}6&r@9O%ytgya@K{VO%++&f
z86aUYiAg3ViXV*I#KF4QaKwZ+$QEEqS}I@>uxBouVeqnVsGu2eHn~P<LDnX{o&>{K
zC2SOf69R$L8c6dkn-N{m0C(OEQTN+!b&ItDSLJPv>V0|dD@c1Xqy6BgVrc)iY#YLS
zcG_@8DT&h5(D2aA+>Gn)Gu?k1434X{RDUpV*x7eDRwVXVb3peUa#cOm9HI<h7U@yW
zPE6dPp8VqH&YFoaM^t0WVb&&lDZTY%kDe4-sxDd57;;HNQPRkzie_1HDl+m`&XqXv
zc#B)m3nfg02QVQ&uwl-7T_fK4UCM~zo+tuJ4g8?Bav;q$Htbl$JUrlg!~wh{eR*vr
ziv9+6eg})tkH?tBZ1oiH*9k!`nn`>9yGC5ppXN>+@2CGgV!#VojLKHVl5oRs&qz>|
zO=jp)lRnLgK&f8F>xinKlKgwdvxi#WbL-(OG2Tzw=ee%e0@d2*iE-z4%x%qFv)FZ3
zP!0>_*K1(ldox>%Xyk}@W8g43QMS;p8>NyMC-Wf*Y=4hYrvHztui%QaU6#dyYal>y
z3y|RM9yB<?f?IHRw-DTd2Pe2&aCdiicNk=t0fu2N-#+`^yZ2eW*82<k?Wek{y1FPA
z)=HTq9hwV!)Gj1dZLx&^t<)WV4t9Y!0FFm>x(=-|SPx)h<ADsXm)qS9i)MiKqPjol
zIgW##b=Q6o)b3{KQ+0~OO=)BcnA{kmji+5*EN__ZPBM!hp~dL{KOWNxs0mRJWRrvr
zzBDD~yP7CIGQ66rIF(SoE-u#UkME}QkrbpHjKi%m$Q$nV5b&xUSis7)JLpBuA>Fi{
zH!52+TFK+nYqRg9R7P2Tl@=-)9K#vQ>*Ke*Tr^B8s5~sm78^aYbthJT@^Ugd72R!1
zXQi7(x!DWBx0;ZpuHeXCXFcT++0@+PZJ1iU-fUtb0d3seB5-?%OITf5^2SXJ99eZT
z0(lFJwaRN}zVDRi&?f%EcjIRBVIncLCNn4<!$8)px3S|mw_A%a?3E{zkL^{B@eu~t
z|0>?yFsC<XX(#7MJ=FM681p4|SI)alvqDQ~ytmS?$UJj1NlX3XYI8Zg2S{LqHb|*y
zrB)l;hom?1+T0|lk%EJu3<oNt;TM4{>s%CEfV=+sAgypAU4+`H!9n+nzm2ak-?nDn
zYP#$Zsfp!k-s*gq`V`<P<vH5{{Bqz&H&x@OmaC0r{SOxTk1<d!7gC`MP39`#7)0Jd
zs8*RCvd30YY6a|DpG3tP3`KF23xvgamdJ{oZ5OWl4_3_$5*dA}m(Cm(0hye#I6gw$
zj)k^GMRuLz<!Ul?xobO4?rgh`98Oao{=z7svqpQ`$G_+8n1!fK;@QraO>G|)eirF0
zK(LLJ+`B}vU2nZJ6sO;n)~KB<pQpG+>IboS%z%ByD2I9cnG!e@SS~7FR&e|>-+py7
zTy0kR6_?1|Ix$O#_hV9tH4n`PsOB{@7_b8Ohnd*8*=a(!bh_%`hxwx)0==;|5j%`!
z96mI#rw)kSVICMXEmA3M6U`WWhb&BRS2c^3o7hvlMt@_LlI1$Jsu}<BhLZi4^auJd
znZT$w)xtqpjkioJm=2$lvGl&bw<eS#XV|iEAql-iQg=LRATJXO6*n(NRil<aI33@`
z`7LE3kl&`)QWek&t|z)^<PkCEc2Fx2Iy>+`e)R5U#ca_-7i}`<cB=$rP%p=$u$D(4
zgcaO2Nh=A>tq=}8ol^NxE*6LOg|yBB2Si5EP}u@IlC;RL8@N`tH<qQ5$<_8=7^=M0
zq@W>|FHtze(IS|K-TaJ%f^QT3u**E`{#6ZDEM9ZLK5_kd^#kRPf09Aq!*Ter$BWYA
z`HevMWtY!O+`F7y4K{}Lc#(|b%X?8!T?qDnrowAtU<TiSRkdSGZU&-0wZ5*#)=j%G
ztu)l$E;V;aecpba+-3~(^A=}CAJq`am3M-yZ_{_4vcY&?KQFxgo6DObn=jbSEKf1V
zM$Aa-o=%1qJ)l&w`3H?oMl)L1JwF|)fpOqR?cdPrqGPUD9Idp0@1?e8LMU?_L^=yK
zw|o)N>?eg?BS}VwU#7!R?+(3FK%jbJIFWd~pKmpC8S<iqXN=c;u;u)Z!qU!WC^%!}
zAE3o%Nr-#|TXcLUSN&r>FaGDJbf6u8Y<Hc?BWYppdJu)RqMqHd_&N=|XPAKrm9+PO
z4APH{5jLLsRy>?d?VnilMUEndyi0uO-);W*jh$!lcmH(*30R_2gm4Tw(GF_G3DiQV
zb@2I2XvM0eqwE{<J9$({RTR>+x|kIsPh}+4Z9h$@diw4=gcxW`DH)v4T_82YX-;;k
ze;s$%&(P18W>0stU5bP=8anJMaO{%nZ#pXFEdTxGG=Jg^6@@KUZj_K!s_gcgqJ7>Y
z&I%J-fy<FoW%Mj;`LjoDLf_Obe7(Ok3{zY+v&V!XyX1_p6{f1_>}UO+brnO%PEziB
z$U{ajk*LCtBOSwsiv$WE$h8EW%h^nI2N0d%aRW~bxa;?e0ra$5*pwG6;V;2(Y@I9M
zgvau)GO#Jz(`BycJ#?)3g3xCu=GR#r(1_i1TlAjtuh5CXOk_9G2tw;(8ogi?TG*DD
zSor0fNVjYzUsm)b*S5wmU^zdQl1)&w!{Hw}@PF2o9!}I1PmS3_&nJmHW{9ZZ+2Lon
zK{74(nFpwrZvgG`JW`^>HK-Y;A?Wwu<n#K_e2tpXilG28uiWY)=fa*3PdfpSG+=6T
zr<5HftR<Xi{cR6|d_0z^$ZaBya+>~aE3hu!UlIrfU$ItMr)`XXem&UCdaCc+Kk0+V
z%_%RjTFL8S$fJ4x#o|8Pki~*I%x)m{VRIl~q}MTO2iO~^`sx>>0kyT8Pty+)8-CHe
z|2Q9FfTrZ1<yn8-jpG4PO+Pjbo?{#e{vPZ=z9`yYp;k?Ra*C>{zXb|EoS9@HQ<41h
zIeZYln$Au#Ty=~GG4JpbQplU%M}E{uK5>sB9u!>FECC6!7K>`_6Y6+_kM1B{%b-2D
zrw7Yu6vY8T?5~O#`7YCOtL1^zwY#Pv)+B5dDZ9e2ET(&ETAWLU{P)6jvzEs)uhIdU
zju%={Uee8m{SGD8C^BwLKC(=$EQ@VCPcmH@J+a2nz@Nn54fe6IJX|jdK%-=pLA5?k
z$7w@kQ=KH_j0jD)>QcUx?mka4<-qA~Y|t+-Udt2PU4v0q;Eft}G(r=5PlyNx>{Yk=
zhUIFR24-afmqSWfyF3_dNBeRT?lZ-APmI#KMC5gSOvLYnxk>{sHyG+V$dqFZhx;$Z
z)D=w+PIl|}y&MWLtD+2b=K(P~p$9YdXU6=x<GaFQgD3&^WtBNR{EJOFXKt`^9__?0
z=w5)KdN=ms=ZLc5=y@l4O%4qyXrd(hf4oco$|h`t=<dP!(#5mb3%}3Z0e8{DUH6i+
z56sAE$Q*%xS&YE>12p4{%lb(#r@5jD6xTt%MGdMkooD5?QEhl0KH|_};iLT1nyp*x
z$GGPY!aqQiuxZHrJ_WcInAv>~!>Z@8y>#?l*P{~^fBXx(!|J#G8-*cr33g=Re*yru
zvf3VMVv|Pj)w<Bi-vIno$dks|emisac)Pj?%HY{hj;Zc!I`v~YOxd1#G`G7yp>G^T
z66bhsy*cd(4qa?jJ5vDT+>KhZAC;BlFgH83y|kTQZ-irv_5W@_|0+P~@RuVO3IR8G
z<T~_J6_+<8U-^}+m#l9c5uReC8RUpQMyixZ@m-rtwa~+X&iQxOgYYnZ5}Q`CJ@IUp
zWVyJsoo`;z;N*$II#i0%v?nM3uNT01jTn{0VL3vuJkJMG!F(37Y@ajhg7Gj$!J2P+
z3E4E$Gsf5j@srji*}t#6O4di~JbM|~6mlUO7A^?%pS%N83I{%oHgGRcKqxs5b&*#*
zg_p*q>No_hl!x{nvwkkPiX3L#T@Y+0Xbji7&W)AW3zcsTB~STGuw|izja7fG%lMEN
z543tce&R}K_dX!M6_1rq<4VZy-kjC0w|5BI)gpmVn1SPpM}qAiH-SEPQ5vh&sd7^>
z#F;Gp{`?<Gg??h;BY~_4#g8Eww!%#0VFw*yv?PR%i4OGMKZ;H~wu^6@v?s7X|0d5U
z?n*1OgM@P<ws9m|eCFknFkZX+z?dMO1RcY&Uadzdf^msKzW-|FX*;l>l>DCETHW$C
zgp^r);{CstZxMnwWqL%LFUI2@m*drA6oV;iTgzCvqbBHlx51{${&j?1{^|h6zq=cr
z2X?YUllm48g1x(Y5&n2Uui4c07$fcylKV_zji~=+J^5<w6DbbkmW-xxlNabtyVc$k
zJZcS3xE*)fk9>m!%1(po!Je{DC2-mteO9C>(_b#8VI<{Ghs#|EmVBoHVCZi*CgG$V
zwykH-9)xZCx%sq+?IqD|xqVC2e-EF?IyjpG*(i_l#_5%OS>FQT{3d8hMSL#>EjR#{
zvTaY784<|cSm+W;e4t9z(G7EpH4w?biKf0e5t)|0RQI_}qR8%op>)xTT<mVsb5KA_
z9TmiYQrj6_XIGx71^m(b;e34adUY+g^K8#WZigw_k%pvbqt{}FDqhdDbDm;%VukJ7
zP~~4l7(h}|(o;mr2P>ami~xD`eYcsTs(l908@1C%vD?klUL5c80k6JhVH)TTj<A6P
z^`JBcA?)!Y%JZdPtc0lZq`R2S{|5bWkQL)1CRW*3$JO~@I}nmIkDvSW!!2BB!;p{#
zs1S7T)?31=2!nuM_&cuxyYU7M4Be^Tqun-D0OF*7E_d(p&8a-Euodz_AGeKtoTgH9
z4X%gypvpdnHJ$XGH}TuQy#Dsw<-kNvomISkOr*3raU9)_*T}&Ri@I~RK-&Du>G}?q
zS>A0YIsTxGQ&BMF+pZ`iJSV5RvsiTI_pxiuOCU_U?KxW8RK25(vI2Rc_bma_6VO*O
zee%2ETIp3^-c%jHPB1gE$c(?f<sC&Z1usUhAqLnmxGxT?B{|*tgOy$jnH&=ZZmydF
zdykwXL9AV{L*uqjPQ{Z)sq(_bko=SRQj+>3RU=7y#(ft5ZZn6kL{y&T$Uz2n;o%@w
z;;*>%xry-if|F$8mF6ZhF-VUcut~#QO4Y5h-=shKf-yk%?-65$IE15=bJ}M}!e~Cp
zvDxe)*<uXgX{ZshDCrMvd>!v2!4u>fM((!}Ff0bXj`{gZLoi<vpok1r;Lx6HZNLdf
zp<m0poB-jBxcl~$H4o@&n!#xE!P<A}ZNr+BYSA@^>I&K4O~g}W6DqKRcT#$vYsL5p
z(ph$Gx*7<WJ}5f&#F_jT4tVWtMUd9!u|D=K0G9Y634lAsHO%hi{wc4Euqh*R@6-Zq
ziuBI2m&xr8rp}#`04kBaT^xnL7kX9_t9+XTNuLcf${g0mi{trl(TAGS<J+jPDj+X2
zf5*uiF}ix~j$2Rn>WC6+O&q@*_!`9>`&hb~%Y609lU1UKGdZ)f4NZA=IP2A!>c6i>
zYCyLiRTKS{{9l<I9DOtO3RXJfOkwkLW|WYbfmRrFyIbg=p7petPehi`*zkIOT0ZcJ
zp+-3#mTI{d6=%!Sg`o&JhMj;5Ek*ZX3W3)sfjI$J$3}^w&xv<x2VxP@=|Y8&O~CnF
zh2i}#V4K)8h7wv?ZN&8V*4mlCt5(Z#mY-c<-<(v6+XP5SS_g1>4ia?NdyZ3F)3RAL
z7fRuk3w%BfH1gRz52O_V3y7sm!5$cjC{(oTt>6NWvwW3(cE1GBY=X}L*@n>a<w8%`
zyzks&%eRozt;cFlc^sc>=zKhM!F3Li!mk^+M+D_0l&sdm%+DMCIv9UE<l>I(Bk;?M
z=}*k&rGqDFE6Kig0Mv3`tn04xbUo)5dRm|oh%CxGmkn@%0JDz$wVwvlx*4Ij;{jaI
zEkKt9hZMH())j(cOT3pm!g`qw?&{nk#zDyEbPPvtI^083CZLs6#|YnsRgIZ?G>Mw(
zMl`*ykON}wHQ&(%zuX<hOMYN~e=%3`v^1Z=-w#_y(p8FvesE5=rDY;b?1@l~6cVw8
zJHyPITcKJnFp~d$W|H}wbA4o{lykwi*lJSL(b2ph<!|w-c2&3%V$x#MzlZIIq949p
zc9u#gtUYW=&%&Fyoko)Xes>4$3$mJ*`AVFN_*lbhDp$>DJf0l^V?|2|O4~0jKaI{@
zjop47tC0!U%s7>CH^3Fa7C#HTnh!*~p}sa!#ui9pDC<4-ep~Mo51**VaC)Ad-?V~f
z=MYQQiG2bq(vJbwgXa9KAqMnKnE;2Pd?Vb;X)S2KW*60aT<`9+Z97QA!1E#ssP<~l
z!KQfm9WvK{BI8$_Jc7F5SnQhcwMyad6G$Y}$V@(s2K&^GPSAVD+h&}tS??6X=+(6L
zp`S7><W9b2bF!Bd+d6hQY+ovf^0ibeIzG=gr}Q!H8{8k-&IxVb=Kxm%Av3@+?Jg}A
zWVBr8q0`eB#vs^fF4Vo#e`15kmMG2qt~1+%m$F2=yZFz@2N#$0h}YW%$ONQ><$pLP
zLfYOYDMVN{5r&#|1>9JOWl!<%Hv$_S1FH$1PP5+tnW|ejJ9n`hQ}qZsU)*bwrGt$i
z_b}?-Ng|Z#fTci%?MGlqAyEM;%twzHw<>u`3^sqeS1<wS1ZhWAt$xAQO#?;;g1k>(
z8*PQ@=PODnYH00q3uQaAKZq-hCXKHMrvql>gi!|j9dKKclbLfrL5a-SaryRpF2g++
z?2)04->C%XKka4sbRs*I^r-OzgMLod+0O5w|G3Dr8xne&X7sWL?8}8F0{@6TtM>-s
zejJEG)1aBYrR(}?!VUrtEq>}~+aWT1iUL*#df|L1Xpa=n<%fj;`==i>2Hu1Lpf9lW
zm*-eVC8H^AYkk-I#ZwD0u)-|N!`NfmcbgV^#s>3f!<=5;X@hq?ye#tarD4?}qfd&&
zjN>}vz&WyP{`0nkVdJOka_d@FNwHk3P5rXkUpmK?h`duQ3w*O3mX`i%vUVqGNN>i2
zKKEFZb5@POuP(@>Jm)Dty9wSVUmQPQHf5Ob#Y*8Z*=VCoF_wi5zu~TiWoww_j~TJ;
zY`?_ueFD8LhiEBHB);a0DQwqW%bd@=&}SL22QaVoOf-?hTLv|@XO0W)8NiG=6WOc=
zZTqljE5H*$rYS#Mg!~4(ta5nTnz~AszK^3-=e_`i?O$1GPo>(u(Kz&EGKRBw%fW<x
zd&4LU&07rDD#LbvESl{e5z;agWt+=FHj?U!ZBA+i+rAu|>Qru?`7`H=dFI5Pi|!i{
zcDNKgs^nf--p;r%xH(GY{=+H$*E7&5OQkK{XkM?*51slwZRABt^z6I7zLlXY23-K&
z<Ft4_=Gbkgtp@h<Z3t~1&>t6eKaY36^IuDUo^*Wi-IzLRI;8-&*iK0m7RV0q`OhOB
z5OTjPeU5(HM6;4?*pL8MWYHByY6^bkL+1Ripgfc3UEs$xw{1vJni04YusoK6<bu#+
zeqH~Fj>Dnr7JwbKf%15PAUIqxL6+`JeN^N8Zg{@yQg1O;ms71{O7wUFXfW+n&fK>W
z68zYFhaczNo<r1qplyQ0wQ?gYPhqI2?PoIKfv<0WjW2eCF%qmo-qRnicAgZTy!WvH
zlK+r_!KT~|TU##jHOT>Y!#c+hWtXV~dqS_+YP7qa`R+pCkAEVNqyJ#G-m`{3S$4Yb
zlbvG<fbyKG#lP^K8Zxe>(MOsTmdTm^A{}Dh8E1(b5pRcRZ+__9fd#y;=JbkZ{>FVA
zy*e1^yJ%ZS?CRr#nUi9Y{$Mzsj)@rcvisYG_uL|ZFJ~BPHXIDHIld2XJWT?e=5NIf
zZE{Blk~UXK3cW3=-zBT!*yh}iQA<3OWcs5zJv}L0%h$G|*33xMH?W@rLDiQ@gvw#1
zbC7>aBYyOkIkpuDI@0<sK2F}e>$gDNqR7awFBf4;Xfyt}LwRiR{d*Kxk)^UCZfdT;
z+-T-lFAad>d*e@oLxU18LJ2n!CiV)}nQ$m%*y=0WalEhddy-e9&AipLFK#gL&mcti
z97{x^Y`F0_T!j8>890SiI8<7>?1}nxeEE;oq2Aapr*`h+G+odAqKDl|K);(;3YS@V
zPrOG%b&be-M&QS?$xQh5>d;`1l+Fkp0QaOn?@*dNF~eaAUM$CY2Q2f?kiuyIcL(Lq
zb4m|N?n`eE@nl!>j_dO5C;V0`^2gXii^NA1pOm4;3oX*4`pRuX^zo_C$Mw;$0MeP#
zgVh(VRv`OMh%l_SPEFSRRMy^%^uI=_uk@fGLMU5jKVbLC;9Gb9?Rxp>>N?mC23_)c
z#%2!FqGNW+nLZdYY7_&vZl_SZ)H=!m`ce@4K{~>4kA2as@|4gM?+-suJD`^U1r(<*
z*~1dYukhptWQqlE_b&L>X~VPYyz~1U5JbL_4l-B|JR~GXzx8xE!@eA|yMS~GOmvP0
z9yh<_1{aETz?K7T+mM^zee%Y9>$_O-!Vs`pjYCw7(%*U#IxGpHb+#>Tm>Q5OuBpb!
z2zc@o7RU}*vp#KpfU}+$wOfqmr~P<YUQsidoE402|HQmf*ZF+dosCVo_m1XymIT9>
zRDEN=Ki=DxGSy)F;b*tpHq?JRvFk80UY^o#8>Q9N>!A=30P-x3u5;XeO6^W*<qR}s
z!V#g5O`<UnmpfH?IjEUy$brHdJm0~!6KF!5La(~y^l@?3#M`9Q6F9|j?GlaZq~!<2
zCE+<F;NQJNe5aQ1tHUiq!86pYr1|C8dn#*n)qk7q>M&|x0(?0&Aut^&&<?n|m>5!i
zD()Zl+(hwu!p2p97${$(qnV88`<=tu0<!7Yic&5n@TyU^<l8=>G&Cf@SIg(B9c$>M
zgAezf9P-aJGz)X7XWHJ(y?U9O)73H+N^3Mpe%~Cd?&3`a!gaHukdzvr<K{qSyc@bs
zh!LjB;e&kL4_rA{aANzU$|zHnX-T@#td?Ksi2oJt$fGD`iBXP1{E#{;V3>u(g0aGW
z;hqg?{jsNXK!Pxx-m&smu~x*WM8NWN9m3V%3n@|v)@O`|a>~?)UT68JIGVQ%sQltM
zs&@+1Ul+-G7=l?@3YGR0U~{J=G!9=01KP=tQIzOE@70PX(UoN#0tdv)6-HQ+KFXOJ
z?tXKtv|=qORrPft6fRTg{v)nR2cnEuRewXqftGXI)RmAzcH<@$CG}@HJK3uAdPS1~
zi@5W*4U!Gg%Q+sS5OcuXj#?5!7{A00e|i0}8>6|KpArQ!i)M*%Xl$8+GXeIlvVTj!
zsW_QnF?+7UbVEvjs11|b+FOJH@ExC|jt8#}>wWa_Wd_0Z0<C}Fp!_H1#SWRg{}sk0
zpY!HT;%w$su%gy&PF@WK$TymDgl-HU*B!g{0DEFPJ(PcwV<|+&9+X1%0|Q+o9NmON
z<7W-Mdfzpzem`IJ?1FF&7rqEsEbCfow(o?DUxpDGG9DnN3a&@uZ~6dAz&%_hi~-06
zGqJO&dI2jr{#TE0e~s7YX6=B{(%WvGStNW$qf-+o4}Af?;(~;R=9u*Q4x>*Gogt(S
z9gA1u8wT+@x<(^OBzj|jTWJ<l^Wr*BWy}YBRAA&XOF%e#FDoCyP2kp5+rERIRX#`F
zo*<e`aevj|7q*5%a#*I=>I0fr6`ssKy~&M4YdXJGb=gpSuGRij`vmV`Q!!qK3ad1;
zRc7cP#Yw?$2d!(&KWgOMD{&q+1Ght)X3hyGzG9ZpbBlP=q5WnghNp1U%o%(2MUkNf
z1nMqd1F>;ZQkpQz1e7X9hIl7Ri$ANkFU9YK06#YA+mRmEW>Z+290+S!XTJHaBQQW`
z7<5Vrru=3pLs|NbC&Rf0DPI^}H{4@vfGEhvN28We`*noSSjxnphHyynSsDL4K_h3c
zcRT(pA(me~bnUYt3Hy%dwAkSj*4{FF1`t05TNI03f^)?ppO|kN;)Qta#!`!kNCCQm
za$HC%@8*xomD&s%nULZ16M4!<#L%vMq|S0vRpG;v3m^NOi(asTHec{1m7rNBH{(Yl
zc2nqQhvUz<V)>1CK}lJ${yfgqm;xgVf1~6<%x@wxE@*3#kYn_fco29HV1H2yU8R?d
z$ZXu_R!%$h)@5&Q%CqKrtAvp()scDLY-QIEYEe$2Jnd9Iq*`3&A$D1X2Lg^gK2adX
zH4eOuUcnQ4@cCLI2<xX*Y4{WOxEXYNUe#WH*|5xTk@d>@hj!hYQLKi=HVs6U<%UfA
zgZe?d8`cX-Ma+P&d)ac!+fJFA5%JEO&ch-;C>GkqM*dsg$9>^-*yqD%UtFgrm4$CG
zA+w3YXi~66-7t;e*X451L6XY4L+(>~law3sg3J}%Kyea@cj({F8pISGTGjuG>)-L>
zz_4)a0jI=^!-BM^7wZjY3aH*%gy^LzXrcQ}M9ti;tasX=?a%5jh#MCuHGhv3cp(=J
zXN#Y!nS7QLRV+)gMV0X}n3%g`pm#>gmPr+r^&OLf;}afB0z|<>9wxQ2{<a=<QihxM
zqsfh`G$eIplv{(fq8m->$A~zhl{kdqFAfwAv+dUjImad33)pGsqP87&s*==EY{CHi
z56@OLj-<!TO(&8bJXb9^8P~Z_jF%vN15CO$hmtqBh`$wSZ?N$Kkh}_ij`^|YIs$g#
zigA1-xn3xTz)Y$7HfSVxF1>GvYSsS8tomnd^vt6*PJ3}8`?07ojV`%85%Yq>1#T1y
z8E#&msB3|=KPF`?b(25vYu*EG%{w{tyMwevClgGM>UX~=Qk0@`mmE}^V0FK<R2N7T
z*Rvzg7|TFo+jG*=_(}0?zj5i9(12;lj#rM%ZIXLI+E(BgqHBkSz3b!B+kvLXS&77Y
zi@d|D&-UssC{i%P_LWhZ%#-tJ#OH#N&h}V}o|&C`Uzqdj?Yr^O*k8=wXM-j*f|o%`
zHpb6YblCnWHjZBs1Q;oam9Te)i^#g)b=8OSzg#hni=<kJ==N|Dn##ZvaO@1gh4x4U
z4AMYB!i<FyRDV@CMM)DJ><VR0KG1!fNc7a2R}PWH3$tP_F{fJ8-2apqO8Ux<-yB60
zf~etsj0%+5+5Vb%&#0#CaFU*M*^Xd}6fJD4;MaO`IrrPRhCVu=vNQ?#V=YewUMXHW
z2ydqDosD;aO_AG-#qiCP5TL<zs(k@xB<K*4=a6wBMJdV<_9SiJ-&}2N`F!ao*6QZu
zS8_7<h0VcrH&n}S*{tx`Nqgc$8kDPi>`P{{@39bXgY7l8k|=g2&KwI`|NdY{MUfP9
zIb|P8ajL#cB}@H?q{l#fd;>#{SKAIKQr^kg&B$rO4}|;>a1bA8zkfsh*I^IxM5qUJ
z|E=>dFzmS`q+HW>h78%uK{*XI2?j*^nktGxtp<<IY#kcEu-XsPWK&B@Gj-oDwY#Yw
z%YPK4WM->-paC(8>KxtlM6%p`oTw)*+*K(Nh0jbf7?-PBK>gpL7>Zh3A*veapBLa_
z-9#+)anygjv0t0OdCnNILzz*91a2}j*r8tom2cZm)=2m5aBRC`4HZpO7WYm?B)xK$
z)$y)Rq`d#R7OP9KFU#%<j->+BdF*Eg*V@xh{G<d@hiY5oH5Q}-GH<&-EnTRLHRSaw
zZ~_kXll=R@rXGa5wNuL&+Xq~loJfAQvfrKvXM6W0IdoLYUue00yXg4gHoV_Bco*Xq
z3cl`-Un8-t`S}R1h`VF4gR%cR=5))Kat6}>-iGo7U!Zy2-&4;IJ;-`CY<Ptyo!iM~
z-<69ZgI`s!FI@FaL11G)Iv$>^`Un%gEuQu^h+MSXPq3h>Xo1};qv?I_M+FU3N8gP)
zZny?&z7Gmbw&Vt7pD?v%tCi*MNloz=FdZVOQ{J+Fh&`e>kcTiwb0gCHjX-H9p<@{L
z{AovRj!2rSscoi8Bj>`nBgRgRQLR1@l;S|v2>zgX@Fj3ZzpC^}#98>K4x>q8TT5w7
za9|u1asU_TS=#ea8JGQ#&lwNrd$pOO9!H)D%T<+!Wvu5PWkGy%-I!(cGN>{=k;(@;
zGx4y9lRbrvcZEKrDLS}rtBu79v--{E2>1e*&U*CWCpFQDS3?UF<qAl@2K&qiU)Ey<
zU0;fRgrvPEYTj|#DLE4S#`eKApN`ChZb=>yN6BFMH5)ocP_L2LpMQjE^%+IP^Bee$
zrnFL!li%R~)ZMW*liA?8ImQo&QC>F#9YVY2_rh@AZzuX+_sU+7LSR(JA5~;!7YIqX
zy6Lf4TdvWCfVF0V{A6DHCs@i&iK=Qw#PK23&0A-nihboqa5sQ_&hvsz`D9jFvP|Wk
zKjhCXqTj$Lit`UOiYC$ca1}c@8#RHKt{%6!@l62Oj*ieRL-#C10<tR~?P+Z2@u&%^
za)f=Zy{5fQi1l&c<^5@w6!hVlYHK{^gUSq+ieL*~!>^gG%(SOI54Ljke*oHl#~R*F
zEYC%_hsJ8RTMk&ey`|oeMkbzuWhwB5tLw)BXB}B~>s4FkWiSfG5FhGNBV|72G<QEH
z*GY=>@XKC&IZoqVtkSW`p7FfW(%;Z-_rmQ1EOrJe*6zJe!ix~aE(cXH(vFjFY5qt0
z*z{Nhl*&Fw@>+&TOd?yFj^J%thvevbq@Um1+n~uTn`q8!2YqxgM4c4t9B>@ZAKrIU
zWQ?$R6%W8GHZjISEs)=INRmFQessm6AoLWu3oZ5&!OL%(e^1=CoBQXN@*;iHsb#vM
z=Z(rhnl!^MujP><?L%pZ-_Cg?v29|~^6DGBJ1qO2hretrbns^d(kmr#2R>>}ojx|9
z9vz>^EJ%U}PRxS=2_*)9&GIy|O@&&aQgWc-`x5L*^oIlX2KC>E9(uL0;t}wh>XzEo
z2htgO*xjG1^rEOMGj}r(nGI_DmA?30FvPMM($vT+Cv_Z@mh|MGK+w^xWm$^K%FE`9
zg?>5ArO}u4eUgP_SN#>8U{RQZH+i8y6?<1V0nMyJ6LgQval7%9>*f~_r>jt$cu4O3
z@fpl#llVITg>k4^%CG%%=EsSeq=B1|?n~v6&WWP*3MDmHjA|_5pDdBb49IhFR4O5q
z0^H$71ZE@ish%PUu~5di*@fva<2_B_r{&eIhrPC;gC>lIkb{$A|HyRCkhiJ?MD7eG
z#4wRMg_hro|Eh+VLI{GVn21$L(No024v^lDE>W_&-h1Z*8pfmRzSHrfx!fzR0LRro
z@lWJeKir6xSHHwdnI+9P9I3bfOSaWlZZaG;z`<N3X|>(^*m@>20W>)T{8QB}dp7IV
z!&O|xy?qo&ZPB?_)~oxohq59Mes6d8zPy;|**8Q(kD3|Y8`--}sG)o}I!XEtF00X@
zGg{~e2S496%^AfrV9b|Ij%uILC`G4P(9XIIndllKrA7qfyDxtIFDUd6Fk=6T<kx2`
zm;6*N%KS^ll#26fyz4~B-ItqA@K!FSanR3D0qYZbWFLAHg6JCh!}%#QC)&63Pv=$N
zxu%7avg4L<?o}MJ5v59Ud8ZyoW;JgVXo@XTb^8eQokWGsnY(_EXsnDO%9l|E>ckbD
z$XZf-{VedR7&C3eecD`GsKK~XS6>?E%(%GY(+gdvH864uQah~hq!=cD!k7??KUaPr
z)+b10!YvhYP@vtei5BmdBL>)EXFuiiMvT4~AV$Rfkjm0YP;Lti3w>2dG8=>Uc<Qp4
zj4Q7?&J9)Njd0y_*>NQ}9ky%Yy{b;`IWSnLP;>RuOcz@URFljz0~${%KcL^kSBGJ#
zn}z%WCLF<H_pCKP@vX7Df%<$u_N#JXjwGL3EQ}@pDNW}kvvDA7=1TrseI=vUPQW`)
zKd(iI^}|J7yjz$3KsMf)VZ@%mtUyALx<8WrGMs&~GrT)|31LlcZcwT9zz@79DiGC8
z&ivadv}0N1m=7gn7(QUhY`2jl(DlGIPDy~^yXg2zeApM>2v4I%(sMBJOQh^}&>=$F
zU`c$PxV{*MOoC4f`%SYx1tJf8evlxJW6zRfmYZMM08wh)wFqvZQV_zFo-!_>J8GS9
zF!3DK1;#k5P$H+!4{BwMLq?;Sq{?-tobw&?qHcj0(LKr>cJLh@bg%Hk`IzofpR3k4
zT*QFFO$%z2fL2EK8TrA5$(g19$(U=g=pf1w=P}9PaHk`|`acuFHpM5#9NSj?JoY7E
z2ea;n!(1S7jXBl(z~_i}M9av!&u>_6)s4FAW7L0%x~I;}9xPCfqh^{sonCGN*2v-+
zjO^ltZ(E?Cha`^Py7a2LHS`&|z_}2FftewfIqHiKID$=IjQoDlT+g5OTWvoafiHVP
z<7(Y+>KZ-m8gv~zwd1<D{+<XpK%ulvEPu-R`gFINE*j2NO8@<X{tsm7K&D~GK$aEI
z5j?Nts>r<|v2wBB8~=n*rh%UOdu|82csy1@0)uS=XY4m}gqc$q;n$^Fbd)^5ox_O+
zR$PzJ`{kLH@$X)nxZPqN>-L@%*g6bg33BYmnD!mcec8lqP!pDFrXA@{<eRg@=C_h!
zDec(J$M=QF?|_2>GxI}9Z@JTm@*8aYY_HplPj?LMQeN9ZiK;BsLV#kTrJ-62EI8aQ
zprfGFac}6DCz2EU7cV2>;~G8-arQybhopIL^2o^0gb$%FRP%78=op<2F`KdSh)TFY
zF8~N7r)Y3JRh%!`#C$-ne}7elvJIWjUtD@D{?nTUjp>LBJ!XMlL6u5BCDrQCS?`E3
zf8bB;@XEI8|N8yejPzHvabX9he>jhorqZM#7JBy3L<G`8v8hC2m4m-3ih>h*$@cwb
zV*+kXUC-O50!yq;GrIBQC;Z~sEYu$U7+=|^Q2c6IesaX}?=?Y(pg~Ckea0#%|K@Cb
z8}g*YzNm6cd_(gg{{t(<gSQJD(hI%LH2#~NSM*{vGpX%6xFdG{<d3F8#(>TU5TpyQ
z3r}P}vUrdrwZcF2Qal<6N;Q|Al+NgKrk1f_S6%1>0l&PgAO4^S6cR5Cb6XO?%Ok^7
z!c9QVN%J?QLcYk9@Vm~>%OIw5XyX=`$ss1j@yEaZM6HY-6Rw!UE}ngB=tz$o(ccY`
zrc4^=;7DLV+HoYq_=b-df!tiKf_c5tv)Sb8hdcW&l$`o>w70y5!4%h~{1xs$0HmpK
zc<)rFXoYZ0#@2a9)f76ee!w3d<vKd}Z9IJO*pF>qr4FZ9)K)2d&kR^&+l*{amivQq
zMub^h*}rZ#e{YxLebl%Oy)u9F9D0AezV8e8F0^MII)1Yt;TF(Ix`X0Wt}4rl(wj0j
zU0pL3DdpRD%6+<GL=LuGzuMGW$??62lFecpY$nJF!5(&2lJCu+mCovv30(P}^If0u
z*&-#r_ec<_boty=;Z2cMXaEZDTAtuKQc&~qtOkkM`|=8s;Qt?KN=QqFwibGpmnrtn
ze#cfzx|SRP9l#vO)iQosnjwhoUe=IzN=w$z8P7Q0d4{ehp)@t>B)2J|w6rEhxUnv`
zZ7*uP+{kyB9E@rRau(3(7j*_^KPKNKsffnH!+0(Ry0c8qtJ}-Ty$_tvARhMa=N+Lh
zWQw?U9kbttGK06G0L`x?@T7+ra&bRB)Fk62QU*ce%ok-UvWxzQibQhR02V>?Td@t7
z^|2lG0pzW90yPzTbK^h$0|<(5=M5fMx4zj{nLkr(HcSfxNSV`TNGSC`SRbHb%NF;J
z5ECffugs8jEQlBWRCg{ykicHMyQd}d`*Yb`+4!owIcgY>8>%p-o|cd@oYxNp4A^(v
z2zoqt20Gwh6Yv|*W!rzbDmbu4?%1+|Vrex8LhpR8Lo#nm5zg?DsR+1jA};AU{lEIH
z7@~OWIDE}%QE7b7!I0#&^tVt)qXhVCb=6T^4ZXFro7)?<^w(bY{AcjHLL%9yRD$^#
zfZl@H;Ve@4k&mWaA@v=2ZNU$*CAVJc9V7d5@NHx?XesJ<?I;5HPL7o{H6e63*zJlm
zU;9nO394jfB)*?xJ%ouwYwT1npTX-uo&I@eM=Z(8@OIfhu{bP=$Z*vCOggMv>}88z
zqPMV3p<i#-b|?XF)?wVm(C^%OyVz%U16x2iPAImi1y(VpP!O6|ux@Pj+<eUM{1^+*
zA=&hY;naf8YQ9PXhd{%qzUS?D`JH&uuRE!+$XLuXb%K+vjk-=?KI599RPd+ne~lP-
zy7Az%z1)6XhZ<d75DZI}?B=0w^rBpva7}Xm@ize@y2;9(YLqdJ9muw3Cv7nc2c>>_
zJ*k`0rPy1KXsG0NYydtr8_x<N7BdNfo(^zb2h6$KQ3yLIlAxTezc>wT=O$d2z|p`J
zX)9%vKp$vD-DUyuUdr|`!~m;TEq#gq?j2<!U<=!^Hb-^mJ#nOq1yuy?$7hTfAQS2a
zHY>yGj0BZ>8lledl6$Q9|BIdq4g{gA+9Lm5SIQ>xt%jnT$Qhnxujs1o7n`QbrOXuu
zPv36)_{{f&>48B)Ax5$AW%fSSv^$$?sgqQ7Y=SybUA9E{W^7~xKG0v$YwOJ`Gs=Re
z%!&abo0tT_CBgK-#K_zq@U*Oc?kBAeRyUt2m@PB+BjH8E{LZY8<&_b&;5=QiPavG~
zD+0$^n@wvjw7&bV*KN3_+t~Mcu2swydObDR^Aj)n!<A>%J3q>n5y>i#aDsipQ~d}v
z9vHE*7&PDGx;y;p&^_Qs{fGmhK5z$@<+nO^zib+DOT5Yy99Ri!Vu^`lLem8G`Evvz
zb`2{OMo(hHbb=+gKjZ~6?xy)_tgbLof3q7S$1?8gEr4EdE{(w^oIo}PsFEkDtMRYQ
zUEgg;YYz8{%{UhI2)r02uHD|5Xv53vhQs7hmMb=77AG*jMXGg}lJnW|ZI)7Gk%!&J
zPb+hD1(TT~wo6h>!PM(e@l=MLr)2Ac5w&uBjbe|g15EX)tJFCQfl&}OR)M>*R(;we
zy?L|Yr<3VB`@xkYK<K^O+$_ucghA_-qNk2Wg^YS;cJole<-42`e?moy=0=z)3h3Or
z#5tTk^(ccsy`lu=v(j392Ts@BDE#I5hyceBym$Bc_W27CE|*FU!!54wK~k6pSLHBS
z1x*eo8Cgk%PP`^ZGLPb6M+K{g@UmAd&?cy97bk6DXk=BnXW?xV8zF&EBt-OaBaM7`
z+oXdv#<xpMAZVLe)yFi*FSQlWfSKU(to8g?T-jEPXU9jMJ_lJ&1yg+5i}(^e5R^l<
za}&Z_JHR1X^ESl(Nn4ad9D4KGtY_W~1jPvngYvRjLz^T;1I81Nse*<F?DC|8%5+Rz
z|BcAmFKK%aVdCUByWd>B#RLLQLIFeMb`?AQ#$ru+4xJipqsM!p8v&f|?X^AlDhd+O
z9llgpB8lzk=h$n;-W{e^Wko}K<b~s_0GLzM*B=u%rSSvNkOw5Vx&ROglIR?mxR4>|
zqXmD)lWnRx5u6juH3q@}Kl+2B;R_q21PUFq1ycXLX7NMwJCLxX=;9Cs<^#VxAK<7+
zQ_G47Ea1L1xGl>{$I4k-|G2hZy!7q={ZitwJ>wz>>kbWN{yYAF#=|rtWJHsOif*Y~
z@2z9<o*E-lJl|=M<M8HEMXBSBi=)atV37#^Dq6`@i~t<V@NE<g6U8h&oh@j2o9tnd
z&4k9d!~gg?w|trukuP``ONb+=zt^I;fqh2IW`PkhgVNk@aKg9i&I<$8k=Gh@Wrwrg
zPId3N_}-S4*e}OlG8$OscuULy{I6;UDGA1lpfWfpQLAR)LXY}6&yOf6N#cpKKLa`@
zq8G{t$sG0MQSG|DFo**3X?%58{9ljc;(TB>2zb==I25b?8}H}k>wA}(iV(KGXmHq!
zYGpemU|9zU3=C}FdHzxq0&tzK5rYpxOdsIzcLq$aAe^qh+lWhI7ayOL-=?<6eY#+6
z8Y^d7iI0Cy>AcQG%aC0SeBLLqznc!YqHTI2VJgR({eIg&^mJb1K)G#iDfAv+wRyu$
zNLS$ig+B4?@--uYGiQ`ND3uH4TdWe@V}|KF2|4zUW8CnU!4OLNWy0Z`jE|<uI-CcW
zKkW@8!C!7!I5wJ*7pwTPcGIl>b{`g+snUijV4r<n(PVz2(z`i%=;>5W70}bX{<bv|
zL~GVCpuxcrv~|!Tijspd$nQ0-jbZU^uP(<31*zyM6|Sd1LLDD2Ar>uYgr@~(btDt*
z&BaY}_}=V7ct;koYBq1aYcdd&N#?ZOX%EcUN1+gj04Ws?@9j#(=EvyJfP3ArZ(ZL8
zxhrFOW!$5EDrrN$;%JFCbK~mCHKzt_lkXhBF~CL1!<|~w6VNgFjfjg~GC&#6yz(O9
z8}o%Y^5o$kq>bDsWTreyS*$qz^p#{VqNKjwp+yK9?rkUqO~Pj!MXt9L{|~%L<3?!x
zlQTv9@oox7*!tl>v5BwCS$-XQ*M8!>X#_iB+rx3Ap)92qUP}FFm&~2YMPBUMigBh<
zA|}*j$s_{rycbzw+aqG^2RO7ygJF2C**gqB1Do44!rK0X7H5IzcFq%6{89bnY2)rA
zP}WDECi%8am}-FEMVzl!%;LWojJyh$(L_0LeY}6U7+jH_=BI6Wlh^l@VXU$nP%am$
zVGmvp%2yU8v#V8k|L5Ps#D-v7*@ck9x`MFn@QquA5NJCXf-z+)WY>L|mmc7fqD9Nj
zgD2OyVG=2`?GY#Ny`idkZJ@gS<$I@s?Zryir4n((QJ$FN^Qvo2sB`!uqO@4Xrh!M+
z7p^m^Xwj?Z@ry?y!&+$~gOM)x5f!q`ykAU%f)=7>PDdF;YeL&~88_~7&09Wcw8knb
zytNfr3ITIL7EcBGx(zP%55d;yokcy@K0TVZ-|||K<<9KJn;j#9?_hb4Rd6FUGbB1o
zDv#%@J_w-}Ya>!SjORSU9lUwvecP44I|d3Wf9gquYBy~Mgs+0TAexZJX`H`*;vZw7
z&?sBn8X>!@*6+=WT1I%oB~_Orl;p3+wwUbG3_MdY!;ko_K8e&GuT91Y?j1M5n!ycs
z)2%brZD)e*FKwB2aji!K!=-6Wlg%3gT3+Ls7o<jF`iL(9e6<@c+dIpm5HeF=02EDV
zF9Le0-7PrF+78V1fZjJ#1<+o^j<Z_ZR<-`>L{TZs4aywF7C2z!NwL4C|6}l}kVJ-B
zKn-`w<l!&JkWP=`TSeS7TE?b)xF61R_@#vzxRB$N<-HW;=~c_FYc=2N-tfzuc0lvH
zYxL?(@Uxf@0pCfs@6?ArXK9TbKHjXkb_z@m;u>uYF$KGi*E$y!wQOo*=%<q2YoXNi
zqFPa3*N!EBerqivxhx|Hs+_F}mS1A6dYAD`{vm<BQJvg|Ke0&L1nnL1!2s98*skUX
zgPi%zH>&zY5`q@C8y<<bYFD7Q(sGt<sp{^uNnW!HNMnMk)Ak6-v%7|`4qLr9^76cA
z?%2s1GCY<14^y8t>;&WS=@N5vKAo2#+``SliDc*i8wu+^wZEmD3745Gine8|C}eQO
z-5!YFR>_kqk)7ycdsj#spm)WPh;S71RtY^j?&e#+y#k^u$;21k@+4$7i^hs7lHg@I
zq^BI_&j)DZI5~;3as?FiYPsG+?=OYIul~eKUv>hhbwv--aomlu0!}bj9Yjw0C%+gy
zt`)v!vRpi_SR4SA{V?g%*f8v+#^a<J+?(xDaf&z<AZcUTD@b$}Gymn)nAd=pN<5=J
zc3{&3vT43P=k*kfPY6|CjsuS1JoKQeXYqHA;oGeJWFMI~+lg@ZPQ%h45fXE&j}?Aw
z^NXae{&$)9cd-aWdZ-3jIGYUv=i@2nRzIZaPvrPswNg93dmV|%P(77@sM4f(J0l6M
z%Coio!dzE+`FDBvo@4>;rrlV3Z*;RJa3A6^-3cxcW%H>a4pWC|lN-r;Lh7eQz##@+
zyW93sen~s8P530#y1=@|@e^^0_|GKdEa5zdQ%k+N(yZF4*CP>>g(IUZUz^8b&Gl92
z^o*1JpJTp6bv-Rkf1h(gx6F0NbEv#M|D$!c%KQBBUCf+EV<=+2s9X307p|P=rg!{h
z<9vxdcvI}Bm%T&o!vn<N9njEcGzB#2NcMes*B6mY$NwQ;)=h&5P_D%&;hNOd^;oQD
zH$8o2+a6#;w0?1!d9wcID+u?Xy7LGbvLf4U1$$n;kIJQYH2<hIzuGV@Y6-dWEj4iJ
zeFt(7Ht3q<%_L^{lm0Mk7LWwM$lczal3+f0y$(5AF{i2%#XBc2UG^96O#*gTT&beP
zg+g1JHw)h=h4%x;x+6f!Zo9^RC;(hSJLrSHy~}@8y1n}7^*7a2nSnd%T#X?j@z$zN
z2Ci9Jp0+bH;(@J@sH`a_X)P$Fd4ZPg-jus5ddQ~j<o?`j0gvEpJ{veDBDf%H|B?or
z!RCFBa=-8Up0+hs0&Jz;ZFcurg7*TbkJX+pNIX*|1Sv!3UIPc}j3^|jCdvz+UNet=
zAj#h#TG!C2&I_(R2z{)tApglNTl+~+t#oI-SCl$r`wu<tO7V}y94yu6Eyjuxgt^b@
zDyVQOA_EdZ_~?q2Ujp}L+t?4xoOJ||%}MJ}S{z4X7f8|)voPi{y(+!dJEq(f+=40*
za&^_b-W<5k?Yyf^ERW_vs98dN82u|S0<t|e^!4w1Q0t7ps!tPnI>A5vv4JDNUv)u@
z8Fw*#h}N8`kgaFe6}(m9{R~j)ZG{gce_pjTGJPGGrC&9Y@?CNMrJbS@%%uxHAr5C*
zJDF23OwLGq*~p>CO7(-9de2cQ_asiogE49%+P|mIeViY6W6a*Lf=IZf0$Rg~zL>X*
z)ql`&C7kGbiz?7Js-%ftvM_>Fbo3ATPZ6y9J!ADK+ta~!xG8hje`H)pt(%A7rhTr4
z;ZTq_Lbe=sr61JYiHjZuqsaWm(rHSwgR(tjKpw5D^u|JmgQ2MsV<<XrC#i=nL4@zz
z&+ld9``TfrS8=9ez#_#_M%3wBLP*wIS3+9HOUqzqE5mR*`h`9w0R-o2N)ekv`w*PK
zDN#sezs(fm&OOP1Nj_7lj4?6Zb-xbAO8CN_?;xc9rdN56U!Zp5){)E5^_oWyyjK>2
zLgDrK+Dmd7vhN^qtb<j0Tl<A1KE?jL{Sx$U6vtB&1fCXyx#;<1#Ol*7oSlsI*Tj{4
zI$<Yklj3!mJDsHPB`YifvuDLEtM43+k|`=G<x#+@@Mny{(A#`sVzD2wsfEp*pXu6K
zb{&(#o5Y@Xzd~Ns4JiWJiz_qM(jbG;)?-7v@h)q#=5U_<tc_O<iOAgq7bv!dyc!K&
z)P#L`!*vA_7SJ=aFON#!Wg3Q~+wEJConqV0@MfZqli^jJevJn?>q0qor+1y^;oIuu
zRHw{8vX$dT9aU4zww%A$MU{#+MV{uDcRTxdJU0Gjcmn5X;8`$l&b8^sk~{_v-=<S$
zRsAy|H*!v<OICT);Shj9(+fMf*f5`KUJw+V-3<AfN%7bG;-cHY>NwZ8jHT_NZwSX}
z+ZiJAQqE+96|Ruoh=L3|Y3=6x_=eN1d%%0W4Wc;|ePyorsj&%u?Q=cgsf%Uq$bS4I
zMT`)JK2=HpVrd?#F1Al-Wv>t803v<JwLHR$a^qsUMwYmP*}**Za*x1iVw4NPspWn$
z;$zk4Ct5?(VMk88xtz7ncmjix`RIOYjK66ED*dAS7e7-q)ve&lTe=weQNF9vwFv6?
z9-~U7$03;=`cj@0=WmZ>+AkRBp}4^YU1zJ#b(@Q@;J-JQOqNE$p}HmZ>hy@Q*e1DR
zavqIe>H3jCzyE_)o>^A#jKHA<!9xoONXa=X>}B%D(1O__8Jgf(DVviI&u4skIB=-H
zS$itonhpT@w(s;Y2_p2@qzZ<!EmE~J%vOtfAU>>!0Is@k$0{H>ZVbv<#tbiyjy@BQ
z?q-CwzOxzjz#W1xe1(Pmjkg~1@z};*?{rKf9M6RN-?MsLX?Km#m?h84((g$DjvVzU
zDXsL3fW2B`VxV}BndWEKWLDO5CCta9HT9>Bd1ScN$lcLZe=xDz{jyJNk1Y$rAKCc6
zZ0m;gA=0XB%ES0->-QKhS1B&ks62s_(mgl;|KA4eQKo2F+!!c+9C`Jd>vfs;s~J9W
zB0mD!Ev*Yujo#ofP9NK0pOaOl+b`(?&r(?f^XO$^W>f)1%czP5NXYy>f0GC6#_RNL
z#aKPY&>rS4S(-Oaq2?eBfu5fO5}*3Uy6jdRmnCq|IP5+=FVq}p65_-Q%)E;f9S3}l
z@VOrE@RxIRL)|w?I2T6oGNoN{08ObK0LZYwO+MND_v=ZwGiUzZ%Y8f+<HDJ6YE{Yb
zJ7k*mZ+5gdh2bT{u1k1OOgDvQ8x2&!%UDWH43vR=IX-)6xr})%jTT4;kJ<czM8Z5_
z24%`jlsZ6gA=l9SYG}OZ_avuvPJljrwvwrkfKD}Oc2fAn#`>PmB<Xk9&;kCR_f^&=
z8bati1&V3w7;(TB&ZmQ|c8PdrPC9k#umY@U+en<_Q4_tFP;HY<xBjYf*~~&B)hkas
zE)6@Cnj-fyQDUf7FX{I!2WixM_4Q<rn2#xsWjpVeMrD_H*kd~0uUP6cGO;ce>Xb!j
zI+6H(wh7KtA-n$5{Tru8^w{hFko8tkaR%MiF76J&-QC?G5Zv8e0yG|6f?IHR*WgZY
zcPCim?(TXz-+%Twd+&erMR#Ak7d=Mxs;ar>eAY>+>Gwe!DBrDM@X_T`sUCFUAENc9
zipIH=&U2V&Pv_5<5HD*<%U;j1C}vN{KUFU<SD+9WQ>9oQ7nme;eE7rnbPAasFxe7K
zC8c{PCHSzOlR}VG5p{Z$RL{_0ucUXxSzA!Yo#4!MHgOz-V<s15x~O3(4=~}_#6*Sn
zadEblsY5uK&EfjLB-E%;I13?6Q8BBsQ1RB}bSUC?cr{x9WI%UzVF)Kxf|$bFX^~i>
z+RqCwoISEIqIHaIHlo9ntVmP-8LJco3#rn(fV=vQ6nsBG8&9{`rUCC0P=r`L+<n34
z=__yr)Df}YeBY?M;>u2004aI1xpOr29i5U=u3!wsguBD8pYN#K`e*3$X5Wb4pRbkt
zCJXFnm4w;28^`Y^=BMec{{CoXY1A6h%$uV3!ADp^|NR$qmb8O<((}ZK4L9-|{Od&&
z2+_Mqfyif7%KiQ=h}zGPO7K)cR^&KTS+3?6ToMhRSEUzP{GloRaIf&;nh}4;!p))k
zDwfuF3cDf9kCYrvX{0l)E=(0)wZ#ZBkBRi8V&{k-_KTQ*GrH?3&<_1JI$xV77dg7z
ztXs<;phF4DBQxvauAVSE*9~PZ+?{yO_IJ>V&G23~1@*;JVXXLi22fAEy7j|4RZ)-X
zMCAO1(H<LE1$9rkI70fPiB7J~0AFwaFk(rzj3j<Vt>d#oTY!}DMH~`$0;g=^a*hb`
z?`dRG&cUL$uP;J?y2^+&hS%v^2dvE0mOA?Juq)}TE#g91pqQZ4yUhJ8&%z}op5_7X
zKPPzw^ZlA`?}|T71JBFX6EFzB{6H9-749nr8Qm8&ErsGt{|HWV(CpaAL8W_E5(;z-
z4njqWooa{pB7Fm)sH_H=gOSdVw6w~}Huq3O)|?&zurTl^mC?FVWhT^;B>#O?yCv`G
zWGn;?J6Hfi(e-6L!=+I%PoD10jyoE)$c1K(q$i_tr%Uz7BDmE$SH??@#Z=EpIme6F
zBrgK&hzhx#4vyB$WGCbLUd%^Yl+PDI;H^unn^GV`43C~ZzL6=A{gBfw9Ebcn7%abd
z4wGfNO`B>=(_xuZfE|21SS*In@?1L1M>$mtv|YkpkJ@bl%1V(D9L)Ij>5c=xP9DCm
zBd*;nXGAK}NlV0+^V*4lO-3S2)E_oCB1!12X@r>CJ}H8KWI`I$zpG^BEJC{I)@n%>
zgH}5|w;4bJwAxu9&a~N|;pI!A{z@=v#?Zq_h&{wPoLg{A@CNx_AZ{+KH|NLFKwma;
zvyUdhnUrrg%aM^RfG#R(2@c)w*j|;lMTt{M+E1&0ome))ysihePMRo0_;+}lqG;*@
zR2`RvIR%;o${=OXt(pgxC81i+xj&o5@CxI64$`fzkM8>`R7KRD`diI)u?X3ZR$HR8
zew1Q*@dDr`@?hv2zHMm`2UuO1@cVVVf!dBU1K^ni-BRoK$tNdh4TTdT@88}<d%fri
zWp(+gixzIinIYa$7R7eqV<OtDJ4R$A7CkL8Zi7dcT_sC?FU9eA+W|Euu3X2nhI8%a
zJ6XH<>|Ju_{t`UWr1*B<{H|4B`jS3>yN|t((Ks3erV(GV)qz3I<$p{*1B{gc@}0Zi
z1w*>I>}Zgh4NX}2RINIy3c(=L$bRXEE204Q^x|S{6$ma^w-9NofuPBEzMHW9v|1Mp
z8^a1=ye4!f{Q#$n$+40G<<$hs7sDf`uH0KWFX2T5f?+*!egtU~Q3#Ab@TV{lX?<{m
z3z}Q9B6KuqkXUD`T0@pyq$WE2>k1-K%IO!4rK-uv7WhU^2bVThYtMKZNJBSwFpNqL
z{K(>Du;#u6#u(PdMew94D_9}m44u1z*_)guKW{gnuC8Yy6x}}%h<EVZS>twGk0{P(
zq9wXg)&Gjt8d?R@Ptwq{)0zk!J9|+uXyVG&3jSQBwJ9GtF-Tuzx{qMS*UZYIe`XI$
zUX^D2QV>rSy65<N$xz%4n)a>$vyv*Pc)hWO^87oAU7lle{wxz}w!nyQ5Y#8ALMZep
z*VM{vSQsb<ZICMm&^*$)w%MJ9QLu>$CAgIt@wGI_)k<jmVmDG4xI`L3&>ZU*jSs6-
zmsU`w-S&c1?6grMkNeG3;T96I7i4Ec1+=kBhyoB}P}&B{eDJV0vLI>Mp*ktf`t{?Q
zclJ=a_WdDN4BlH}LYFsK)m|n_WLCb*yx)yfI#P-FQ`k3Cp;v++Om(15KW~rB+-aNO
zV$6&WtW`(w3wz6`Sd<A`S~#eVuKH(Zq!kG5|67ehJxvT*6zjJq)V!F%u#)=t8nf;N
z%;s%usS_+qb@Tki^0#T0pTt5=@G6xC`h@NjPaEsc3u4N~e)}_!duF&wQ~M*@G`TBT
zd$sMpx!ta+NptA8)MCAw5`k7dEaSYe+A+;|arTy{_r%ancBMSerdQZa?`qursX4<_
zly14%%puZgSKFqE3+-1j4y@`M&?$`xJ&n~Q&}kbMmt-jHB<<<-z`@elt7z@CLvKi+
z|KoKyKDPBv041HBIfj9*>8(CW)RP_YFc6!D=b+%a9x=Jhwh=0MBtoWR)QJGcQ(oq<
zFp*U-P%Pn7@TFDZQE=mv5Z3A-i&L~ZO29Cl?HZfudgM@XG{mxYC*h<oVL(Ec=f3a<
zThoU~6xej<dxBf}fZ68R+ATBZrGUzRu>cx0v~;F6YVR=Kx0vv|qd9?g9KbTK`;|z!
zD)}fl*BY!p{O^Qg@4CbE#0knVF676ATU4p-?pab?S0i3d9g&6Uk4o!`qnEllH(r+x
zEO*}3g?{X7)~LDO#R4BV0Qm2cA?H@RKNzi&1c^=Bzt`*rPOa@HaG!+Xf2X%oX|jbS
zDfDE##lmo1{o6x-v@O-aK9tLt*CCipX3E7I_1K}DN{z2PXB%ma=)+_aMv$QJkog2l
zB05Mn*&>uYmkWR8Np2()%)jo==)@=x?PaQ$cO+rS7&Qu!0GWM(Wh7UF13yb{;vgsb
zZtv_ki@ib-YFw1^o}zMySXh9?Q>-4Xu=^^s+Y8N#G*_|CXg2El-CEPWyIe^n0wC?T
z2csfpqjzMZ1*}8Q5<pE@oWbF$SPYJDWqkek7R;*6#xj1w?bIzXBa>VC2ur1Z^Y@;*
zI9>+caYX0t0w<T%S_yZ+9YuU1TCUJgV?bal-5i(>f0Cw-M=GcI^HdkE-;d}hls2-<
z0K)tXNT|QWt>lr51!u6v^45~@_q$XCz6GYp8t4|PTfHK&0u!TrBdvBew+CiK^^L#V
zqGw=}Yqp#oKbE9=m@P|r=6AMo^!s0z!&m++mv;7@)mk@+>WAW_wI#zgH=v<6u%o&4
zn{kF@kHC+4`E0DtV+FaDi`-9;z&L?;*3vCN$8gx&-KgcJDSesM{X+Cv{F~2$w@6Eg
z-^q1~WMMi{mj}>rPtDzrG!NW)3SSU|^`onM1silK#&miedw7EBbEHA0)qP3-wfAe0
z|6=ttRU3)~##^z5hCFV)$PW<S`b@W~F{e3`y<@v_j86~lJGPzaP^gM)0i{j^=dn5N
zkc2#BtK9V8{ash8-?rxDJ|nb<a_mVwJ_YQymza3Vjxj%6|D1QsF9w-{b{^v~iXP$%
z<MK1_hv8(nhk%t!bJa~;NcGuIme(EnM3t>qTN2@>1s1x8VZ`gTslerLP-(s&FzP9g
zDhCVOOYnByy<)%>6;#j5*jFx@Er~=Qx<d<-EtnrJj{F!MiA3um3e1zW#kG=^O9qM;
zqMAX~1H~4UFnC;BW#^E5zZO-c)@GxvpnFQ0zYmo8uja&Ac^^$uUOiLx`hNP&O!2)!
zc;nZYWrweT3wMjU-xq<oL~D;>0xs9EUmz3~1}UNFi)LV$+!JdPP8~%H6^cjb6ph-X
zQ<KJ(%lVp>5~g&@;31lhj9%7^c*F=qM`2r}@KzL%EE7rtlLl0EboEX8QE;8L3}4o0
zIGKEKfD3Bs`RqE9F&K|T0XrzKlwz85gs)$I7k%H%BR-d&m`}LkLxfHTBOD)yf<aX;
zp|Lj-obhpv>Z0mSMA>Qk{7ys7yGntv3oV?|oHU}#*SD0UP#l^HPb*pq);LVQ`um-3
z)G6U-67Cxg&vmfUA5&9`W^Zyi&B)@gI!DDTaAltbdARYY0dqoY0~gMlM05$$j_{Ca
z9n@p##3K>FRkyYejT=&xattCSu&9I5vRZq}A+kwbB2N(?tG8_MpSbx6fU?Z_{!QSm
zmIX-By6aTqixR-W?|mdXooMMA>9ND4HuE|=a*LYQWC5X9VZ$%Ace8g)lUAErv4bx5
z;(c{J@-LUO(fMwF6-OiM45O60b`JSaXW&*l$X4r5kRymoi~KctDz;I^?x}r2)eI2*
zS8IUiXR762r~12<XL(J#%#2g()s>?&(=jime_rALdUZUIUp?(At>k{Vh6+WZhIV~|
z`h`49?M1@B^uO(_+B!6MXZbW|I}JTI&wHO1iQ#4HUXTQky>{cpA-;d1qJM2V|KNLl
z+K7$q;&{DN_-r};Z1`kk^j<Y^5nhEE;FOJq)G>*bc_BJK(RTB4>69>TWMRlEfcRDC
z6q3_QU4S23Znjf6dlx`XJi#dnCo3o^YT>sop44p^{<13*fa_>p-QEl`V}Ol_4On32
zV8U*>^oc4_Df8HUuNQT#H2!KbIPW%Lp^*r^R-JgS@>lNqWI2kZL$!u#=M9VoIxSHN
zPgezx>R`j31va)U>quR8AXVm?jLxh>JoC=5oC#y0vgG$XWX?+4Oxbk;W8RUl<Mcyw
zLQe*@R2ChPNti-7yYC(-b6dMc&8O1h%D1l5rC@C`BH_!V94S2~huwtMA4Zd|3e(O^
zN33Zm=eba~?)zy%87CbZqOsjb?%p%t%b2j5D-kyuJM%TyrykL5C6qF?ay;ytnt*s6
z&y!}LDVUzNMo-A>j8yK}x<dT`x;pj3=)7Ao4lP`0vJ$QGx6cG;p#dJRa3%TCgGie-
z`Va`KgNGOMoYT^8zEa|UD8yw548{f0^weL=`1#@lQ-u<65lg9v3I@l%BbS!9+o{zQ
zQ$xIc0i7?XiT_iIu0&#bK!IF3J)g5akkjD8K33$TNU=k3@CHjc2Tb`mv!H(_7B4%S
zIhH0n?l#dU=x7XzSyBCWRdYvlNVn1E=PO1+Ebp<(v}i>A8yK5W?*M!lC_)24BP?CQ
z?b-I-c;@w(B1IToZFS9iT50Q^8uNV1;a&R=U8XOK>5BID=#s5TO}T)99{6CMnw5^F
zkm^ym*QD)#b9ftOqkCNCOP$@#Pf2y3)9C^J?gQZ0(AXZ=Tuy>6+&AAH{;5J|V+=J-
zrPoBopa5TJWDlu<H4YI5Yf=bv?)%Zgl7g>|p?i{yFJLZGjKkD<(_7cwM~$GcJo;s*
zX7LAl7N8a$QoQlE-T2J@%mB7CTy^=^e564x$$@_Ky*2>Kjkis81ScWfA4499W@`9g
zm-OSO46+%%wUI0jn}~Y<JZv9f6|jQa@aqta4C^?Pxt}vts}emhKBZJ$meNXSKSjWy
z{DzHp_Ru|;1A-3T!s#8Cr(RM5^ci4A%L#1Eyj^z*e(c8;qpFJ;jW1NU8wruZIqn2%
zx5Y0m?B3V!U6U5`fD@qvjhcRx1Oy_Iu)%K$hgp_>87fY3#7E6dGRx#J6mt=_@vKcP
z*!zY+prWKtuk>e>OjcDrc_7_FcWxB0QPN&}Nim8I7EO3nzOlFW;)fNFwV`3MPFYF=
zP0G_n6+7D3_pZ@ZyxdB7?;&#=%@{bntd;@PgXg2Ga1H_=u5ZC=!&TfB&WVc&=o)Y`
zsH7sYPk*K46bo}T9n6gw%QD`D#a7J@m5xoag|4H8__jVPzVuaR6#-buVZq0$T>^}>
zSamQ*{H3W!g;%fhb?(c<pSwA2)fsJ6@yW1o(QHm!a?xZ1kl*=gPGSp?S!H#(@^Su<
zSm<wyvmF!5zCZPy{2);iUOb&<kauO6E~rg01s?cU()r5MG%_(Uw|5R6X<!EPX2QLP
zAru6$;S)ICYgps9mart6A^I4JX~ZQC@&&`0O$9FM0nEdQ{C){Nt|6Msg|&!j9K&yd
zT7mXYXIW{0=FvYMV_QrQ*_R&+7rkMr6fzF{xt4fME$1xPd$6J8c1n%i3p92%YBRQm
z|IMm>wHn!@mWI}PRKRfla%x|<atH$BWPFDqh;?WXykFpWs(np-0Ktv(Vli;;YpRwP
z7Q0;0ue$6%-{sZatZ)6&Ub-t@dx*T-*OW5-1iicI;FlH({ns{i;S?k{RF*-GcXRjJ
zE_bp^z;_?wk<2GR$`WHp#vKq@Xe)0d0$lYbkLlzkk#whQ3EH#OH}K~YW>Klzk>%bU
zC%8Fn3Jw;h4C#9ejhYg%b=-1GBI-m!EFeN8nr95Pg(3Efs1qM$WPpx5gmIE9#5cfm
zR=<P-mb_|CE^8h)oUIsNg8Hcb*ISzkH5jOKda@$TeOcyKDLW?tE^g6F3!Ya?62o#j
zZ`^9Jx=81lODHSv^t9(6xeOX@Ti4?)U7h9q7J|FjQbNdgs=E9#bGZohvy}<a65$!n
zH69HrmdRdkBtRbXIc{tsU_(AE82PG_K5V%si4sAWU%THhuSgS3dBm@vllZxd%!*%<
z^*Q%2Asy^|n(CFj(uTs51p(f3*Te4#GC)aa76G2I%H9-nxEn7!lA9zbXMK;MwH6*4
zB+_`-r_+dzg#8F)13D$9sh9RQl(j=_x+JIwhtF>X7D-TWKO5!ZXUw{bS^@O--to3=
zq#BUBfd;pP0SBoT_cB3*$+~6#?54Sr#vt$gO2FpYdUe+UwZPs?VFQVi_;|2-IHrH<
zl-G0{coJ_wWG=rLV=C;|zn(BriWqQ>(>BZV@G+cMAgzHJXx-m*1|^s>?EuS)Zj=K>
zr?rZLbh}C9UtiU7VbeT#;Ls$J<EUHz7ZmljYnkvWx{7XY8BRp>_BsAMOVPWiHS>G%
zc8#1pmqr;)#UgB`Q%#~+j6c0YB+M5pluycZLqF#IVmL77d!N<~$EDHu-vY;5R53lb
zX}GPQptd-;pl44`uPcR*M~FMjk~#&*-?a6r;eKf<!u8TstnlEzLS=v3IjyrJ=QpCP
zB*StlnaV#jAltxFLFjvD!XO5Thx&qFZl^c%vX3XFLT551UR}1=KY8}}I&&aB0fAN`
zroC##H>kU#`jx2XRvT<Hcsq|7)`x05t4jdYI7#3~Mc&4Y0%O4F=D~5OYX}6tj=YyM
z7?;nccAd$T*eX13(|%7CHHtDEA#`~*WV?I^gT7~^EqMc-bcfs~-M%iw1=(IcX<)qd
zl*3}a8Ww$ty=6o%V^b?Sewq3c9hW{CU4inz`&WPX(syXrp_HW<zWj^VkVa|dx2?Pm
z3^rOga9{ot*jO<3D0NL2={>v-%!cn4XNi=<AEFvMC`c((DMtz`a;v4ZMMuz+z4?i3
zZZRzp`wRRC{ITa}?DhMUU|oBy5NXZXsvh7N=T6=8m@H-1^$5~)tujx*xsNbs%2IEp
zk+Be^SHa~v7MM_sIzD4Mu0YZE_Aup(mle?yWtd8v@;UQfY#iKFo2N+_42a*Ntwl95
zww!Fbk{V+p05tL@&G$RBI16X80WY}TvS&2(G9`Q@^t`d^{}`VoNclHA$^_45d;wlQ
z@=qMOuc6T-BA^M!1r5q>e#Z(UC<i(tN0i!G6yl|KjaXN~qf=(CDIJPF<x%8CfXC`d
zz(Sb{{#z_c%4rN{;p+;!iux3Rd-^*8$;Qt7m+sGgx}Bptcq2r20w7ZbgQ`0eDEs^=
z=+^Vm4)g+rOZ<iQ315dkL~20;u3Zme+hu6^(mOE@>>N%AEo&05v4xMV|4=5mMT8^M
z$+zWLWEn2~>t6oP7o;TVqvR|23+rnfe}YA9hOhd=c4y71KI+p?ot4efge`A(Zg^R5
zJu6(o)l^ZGq(>V^BkyZr!j=0VWJqkCC&ke<mP?KKzWwoEjugc3abu+QeE}w2zljWg
z3X0c!5f=&x=Vbc%k_dhg1aluD(_$05b;T~lk>1P8RBOP7t3X6(@FknUG|6oLvs{rF
zgC~iawpU`MM&}JbX7!y8vi9mFIpU{M&pxrF=~apnsWc2H^70(^xOUnYZ)6f~ue<tX
zhVw>bsFY`g)tElIT+Hphgm~&&31J3AEMdT$ZJzePP95oHmD5Z{eksb!utEX1K!~Un
zJ*=$klX|#P{ga?$WU50_rCfd659Sljq<#7-?z?5JL5%EK*|bnv-GO+oENIz2<&pr{
zRD>vYw0vN%y;M7;Nre}gR(YSvs@7T<b%F8W-sT+Gv;uiEtwbJX<mJ&Ls-rg}-vui=
zuL5BY$|H?E`ndyI>UXqs5bNb>4swju^Ban6MJt8EuPveD6_LKH)LNOjXY~Lov10$c
z<blzNEqOW#>G7X|G2}W#ZX(FVaku3)(GyMjaOK3}QtXagmo3RBMPlnL|3M{`qHn<l
zEa|&Q3cQ|0*%g0D{fmJzC}ZD~i1gD(Xy$uqEMk1t;S|vndK;3x4vM3zwsx!<f{RG}
z!G(U$b$mB^^SYbfGM5K?pd7_CCQI>Z`8Ll3pQgVcHKOosIqIsjgRZWU&WL5!bG|7k
zp2xP)c393Ad|TZqiK8>JaTQ8shsPMT-Hs5uvpbvnw5N48!ND@|5nM6X<w^ycs_)DO
zbjwsQ@co(C<mdDUngq~wQbC|E*#~R?&-G8V*`P7+c13}auUi*zp6SrF&fK*}GO9ZH
zKl6qE`JJ!m#<@vLI49lQIQSK>!#<sf@_tI6o?wp|#4lh!%Spqgh6WcrOPQPVt-xY1
zps7~~?FsOI*r&TSpz7cZ@AH|=$iqowyGfV+qQ(;cHr1yWqe<PRO|MpRonCK~>H$ss
zXZ!&}iq6ogaTSL^%g|9dg*KOUMwFrA%?&)4(KvgP<qBLM4+=e~j#hO{i;*=VA*%kA
ztMXVuU~p20`OxPvm{%I-M1QU=z$7z+9eu;A`#`qq59wll<u0sia6V;rTt{^XDic?p
z@s;jthaDO7Lau#LqGcs618A3@tYsk8N<i1-s#K+#C*1)?340V|#&=|Sl*N6qOQo1R
z=a03J8t_B&n1f_^H+F1KF7FM@&}Kriri@A+htKzAilSm!BghSoPwKex%~~||H@n!J
z-cn<EtA_c@c2LCelHsU~#~@o#Np8EU+4#-Au|IwQD#W6Qay&M~wjFT<kh4lIWLQE3
z&-&Flo5*+SL>Im`v(y;dg-OP4q>^eCRwzzsMV2|(5tXco;fc#ZiqxT1zB&<x53A{4
zLhedcl9XTQjPUGj17Pm<wc{jgJc)Xv${%Fuz7HS#9@hpu4cLpZ9F1jn5pfc)b~)2`
zU)KQiLLW4IMd2G$Y6YtZ(#lFKxE24M-*DP{J)CPw^3u}|fJJIH`f*QYn(BrsY#m!I
zJ#@7j$g}1_ki*EkWZ!Y@)(#bPr6l-_^|WDlX><RDM*P>0C7r*mNIXQZQJ81BpB>e(
zihw9)!J&uGp+j$vcew74Nuw7<{3O67jn?=7SqcAr3zGc#K6(`9{^v^Pm+ulci;Zv^
zHs~5w(>8-AyYZ(N-)++ubyb09-I8&d?eNTPC&CKK8{xKDs(xh_jX0)fQqH!fv);gM
zrTeNg?sL!0I<Jmm{@30;t0-Lb6c7yX#M9O8hFQ&kt>;SSlWG2~9eoMELx|7tYY{wT
zB_|sgKdiK55Pga#VAwX!GNA_$J|vCNqy0z5M2Aus^~R>hgWr3-01>!MHMA;uXt)I=
zg_pD|tN1G{JQSD4n$O;SS`na)=98y+Fb~FbdG+9BoxrQP_OZ$Dq4YXO40}QVxA&-&
z<TzYVL`eCvMJS3f?`cp1q~NXI^axtc0EI^UyLW6}QJdKczvdRP&>=Jao@}zTR4vbv
zP9Oh9u}9b;rYMvkTks2>=z#km``QMM*7G$u2CjJmEf-HGca^~W>R1jkXuV*H{gM2z
zp9MRw=akM}xkM$9yY+IP5?nPq^;lA<e5&${2BC}Qg%|8Nk_k$>lx;2zw@;cq0>Mm_
z|9u-wh~YXKqM5Y%2MyVX&rS%Yc9)U!r+KiiNQm*G5{GI?hrE-JQkVX0g@lLBE3!u-
zUi(?2oOfo=1PqMw+;2^8y2Zq@0+zxcBsFMmX(IDdT{ud`l<^R>V=|9Q&}q^{5+np6
zG01=UrvhGWhJz_(+19iO@k7s^J26x;ND6-$V(GY&)$<uehDo;L*G4I9^S<=$NzoqL
z?~7%=sBB<qF5Ya7e?x(cxyHoQn@@(<PZtS({HX3&U8I8FKeoH{MXl?6cy2!GpT$Jz
zGdkF(OK^`(iXbsHv`I(CEce|(_Kr_=W^_M3^R}zq_9noE3&=-p0}V-+mKReiuKwS3
z&#(dA`cXo_<Y?T^h{u&u`M%5gF3S6vB_Z&F(MaWGaNWHQ(7diOmZIzBw60tv6I9;j
zcRb?Q!=3QBo5}4ENE09XH2cx~$>VP<@_Kv?K3?-N3iU-+2)R_5g&f!*uzEY?epYea
zMG>>SiLGlbrf0Fw<k-p4_sx_uiJcIO2p%5grlC^u2McEZZ?x&r8IcoOV`bNM<i)z%
zX(1zAyn_&sNL@UDQG+Y|Qf_dTD)rt6YcyDBILtNcNJf%(&%Ts&7#M}}VJ7MZb-B3+
z##AG<Q+=VK<r`(--(S^w4Wa@kqUi^w1DZFMAC_<PLTSM~ja9$zv`R(56YSCO%yM>9
zyZjnQJH{<_R#2ocYu+BRU2*rj(h%6oqd3<R`J|9cBHY#OuNEIUPh`E&t%ojniqNtg
za8ZS}MRImQTd|Nf734GN;e#}4BUY#VnRNGiA%~Szs|*Sm9;0*OM?10(j8|cF5f^&}
zmFlv6BbR<sV0I*Ndf;-XbdvtisEY&y^3ptApDDo!ehRucU%9M~4W@oFk{|4wN_cus
zQ9PJ$v0^UemIQ=`b9$K;R^6EoKc!QuvBr<tKr)*xL6nGvvDU}qKbd01PS7od!GJOB
z#M~M7T1_4{QV|Y)t?~RaR|Bx@A`l35-?s<a-}s^@OS}U+3XW4MJ}}%g8#KA8aPi-w
zC{cm(2s8}~ry;v^yrMjXb(qD>J=ihFriuKODQ+ZgPs_G?nYxTlt9C>HmIG89lgN}I
z7*UK+A{#Bb0P|<<OD%K14W~PPuZ4VOPwK4pH)yY*QU0E)$A2>MH8yorvNC8{>pRur
z|0hNMmn4}4T7Q4#rX0sl{3-}emgvcbg>728v%D(d1M%UdK|6L=w(ry+w@DuqO|6mK
zlH=^m-*~VfD@X%7X$x=KFeMxkzbB=0kk1ofNA-N<{m8)`4iB_zxIfcxwAvYnNP|m5
z*~}DJJxDX-mdD;Yg|x%RMqzw?L}GRNsaMWr0``p~V9R3Fk`{|$tbXED49o4~Xv%Gy
zR}sI+yC3fs>dQng_vYJe-v^=FD^tr@j7L&_LKhtXcX>1wr^lue=gGrL(0A@9Q)NQ4
zP|m~0#iO5Ptl1nXXVOU<)A%{wHNg5VH(`{8?$`!G=`&_qH_C`K%zWzmXT98~iOAbV
zo!e0PVF0s9LcI2E8Z@6cIU$-C|IackxM$f^b@$T@tUThjljU%NTL{?@&a><5f|Com
z0O%%B1hqar3!W@0SwmG6Z{lHQ7W)tv{-u~gedao38T5MzzIZ_jwg}q<QMTI$2_$j$
zVHomA+hMvPKPXYmHn!GzCk)v84)@Xrn|cI((?C+{8d~zqIOW%b{+y<0Dr}+NzRG;w
z0NWAiiANlhRu;sbA0l{c9DTOTvyL!@ZYq$=q-}-GsC0BLM3B}ty0ef+WYR|dHcOXF
zmO>9PepMij(R+dFfA&8X8K^hHuz5N~Q$GlMMGIF_egU<eiCRS%U!`jHW%e&beMm~3
z^#O0>?Rz0Ua>roFsxfhPE?_>XYsoYsZ4A~Te&uGO-jM980AvI7&)VTE`U2wCkwOma
z`;7lCZ2!MW<7GJ4q2eOumvTbDjh{0}Ho2Ke*=*lkY~}a_gT*Gg2zdE`F6zE9=ih73
zsU`M3F3t5D@_V9K3#j4#sYZ+Hi4X7NAEbyZ2y7T8hBc|2XUcWopc1D0$wHVoREn5p
zh62uKq&3i9rn1N@T#7+h8rvH<l|NmCkTB`EVAn8Ratv|*`5hszLqRoSuf?IgINNz=
z)VOpMdPb1zD32Cr#nUdaT4=y}%t@hO@>jf$7Z-?WWZBdR^fnOB_NzKM2^TK_FAB$L
z@|4xCUGZBrzo@$7g_9}32q+K##e3p&aBOvcL=l6@BCfnTW_E#<{4oRW{fpuUdDJDt
z2u}Qnd-t-YD24{~2p<z~0kzqHrIw4BWr8EfzHi}7u@t9{AaD`JVdfAa=n+pNMxxK6
z7Y8Ohyp4`(C$~8HgpYK6H3IFs%@EiMkeL_W(-@9B$fDe%$3@`66VKAlObVPF<?L%)
zZzLf_ScMI6phmQwKg283<5p{2!;Xev<%&4iCVY?jp%s0bwQ5_u=SBrv_K2BpI_Hgy
zlt(#2hI{WOTzpc3wb}e|Qhg7!vxxfFV2IZJchyZRfb)<ldt~i*$(%~1E!z!k2!0_r
zE|Q_x$d5`C1CiC@`}(CDMYzftz7QP{8yLK2dub`2^*xr~EBU$F-9K?71-c`Kfm0Tl
zImr63?COlw$v27J^3Qexd06}Jn*08*T~7`D>ch-|rQRQHx#jHP?<>Wt+W1G+pT~%+
z(BjnE(p)c?%TIr09Kl8v*H1kQ8{#=wuCnhMY6Y(InU^Qqc|y_2zDM-}n}ce4-Hmsu
zX3?1Fj}1c7!stD{iXAC|O8AucrxZ<jof(W<w-AJTp#-2TdF}6=pMT^6n4_(s5jZAT
zgA_#G?`}YSMC!>jsHS)dsa4(68bI#b%&-`Ji}(>@6&ZS)11w5ksNa}ckS$p<)t=1Y
znMX$8XbTB&>lbd`QZusSkOkB64P6nKC@VhG0&p2i_Jn9!Y#(Mk!Qs>{GX^~#=KOo|
z4!YU5T&OYla>l==Qavz<uoZ>DYf(KWg->em<lcovlV;Rnv?&@#)Xf4RU#s;}5zoIM
zA1>sz`lfZ9Bh#Xd9hdeuUZe<Nz=K&Xgaie|Y3f1So_VxWLd6Wrc_h?cB`Zu6Ll?f%
zddYHXB=9?YwRR%U<;_F#-SMm0q~XrEi&qqy8(cfS8~t9c2t8mbQ{rq8BBn_tY}|P6
z9jFFDq2zmrN_(?~T~xqJ%EO^8jhv^i&e5%$64%L?%F@^v%$^;hPgbNc%Kl!SZh-jp
zU!U#21QJ|92*@8JAm9fdtjrh1P;>G+ihYae2nXvxq&5VDuMnjWGeW%{!!;@kO;wnN
zHhMuXBq=3xsrK!K(CZH{otc<8C10s;ej$reFNpuQIMBbWYL6`yL?@)A<T$J`iYN$S
zBBcEw(*FL~H+B`Jj=Z~Y-}MNv?dHFb(DZU0Zjz_X`LU>T)=#oJrK!Cg&HcFMu|9R~
z4&*!3H>LT!w-c*(ka=td+L=0RzEyG0PjIXTUt^wObp(c!P+NMP%?_Vew_naT&AX#+
zPCu-k8hc+n<J9MX*dLQ!5toFFZF{E8`zZt~6~7r{QL7Z|Z-)&mLAfY*k9)LB2YZ?!
zm(uL!rp=E77B8IkSBK`&q0?o3mq~m7=UqDPPl(%P``nLkqT0<C-A(STt%od+keS2B
z_YR`k%MWhi4^<Kz1q|cBt$A;sMU>YAvgWnO@s(3-on^~3Cm5i4ltMkGmZ4j*(90D?
z+f?5wL8Wb~k!!jFp$Ph)vPrwyx~LW4W?M1Sb7(Q=v*ToUb+ggip0@YJiWQf<^uo}L
zfK#7@!0BCs?-80}+2EB+m*-)<fygsD5Op(};zxRMYNI5!Z+5hfqaV;?x9NNv6ytv|
zuXO0)LBWNkwv;2w(c686VW|1#0doBw=K8n2-&qX<DTg?~=PyibYnmzmU4t;IFw?@X
zS)jpRlWw391IDN#Z)vV7B$C4KE2uygkfoSF$fgkhy-u)uuYC8O=ioDK--Qk&NDD#*
zE_F3elRYip-`<$F6E)X!U4ft37bvcZTrq^LV#bQVtDp!H)c#%$&8&)TjjhAU`HX#k
zulHYeh<Wd9#{6-0&*!5MLqjrmPy|L-pvoqTuWeZ;O-3a}WZ)P@{xgx6uaBr8(R%g1
zk%@N_C>no*pCIVYM=3+vT<#JxXq)sP;rEa?2o-i?tjf~u-KzwSk?`&k#FVXrQ(h?@
zrWa4hUGHjKwe5wL`R8;xM@EFm5#g3LK{W-lz+v%eA$6Tx)oQC)1pQ^Onu=GM%8zx&
zU648Y$KGqhpM|T15P?+zeA^!<<TEi&T2k4ZN8gGT|MlETzC#r>RI8OtfeX@ZOJpea
zoH0tZDUhs1QwsB1r>zZjAvR8V_b-Soi_+Bjh_O=rDFID}>$yl0A74&pZaH3lNsl<s
z9oz6V{Y#NbrgkDR_`i4Ijz|jDr@U`1+x=f(xkemcjswyy4${w<9CQ{RUQgU#<#9O^
z;Ral;KEgIX@u_h?>|Tv)U*e^R8<x8L*k12Sg^dXSjVb3JgAVvZcS89L9jGwxR-iV^
z3~DXSb<DetRraXcXW#HyL+*3!`%Nm%GAKCo-F^K>4a_U|vN7^nlgMh$a1l5_0W?{m
zWyK5gA21WJ8@*VUsK`I>_tbA>T<c>Gw8~Xl4S+q17d`<>M6zYzoo@#Zec)D>n9lJ!
z3c8*3HG_3AutK<3h&&t>Hj~3lY_^`wxt%KTl+vL4@cO?;FExG9)a}*ObKz>=dyC?H
zl0{r-ILY|EOz1Kd!>!opdDzc`aFFq}OEH!PMX+s?P?AP?F6DAr784o$R$-&798kXx
zJkydQvK@ZAvL@j2N&<X#5uIg*kyz($-Zv!dCl3@vv6Mul%t&SXRLx1ST4i`z>iI?|
z_wJxwz{zh-RLjKUS>ggXOvuej(k&BmW(&Vn`1*JSe*ee3JFV#s&Gxy`@uFJjxSg;7
z#qeYVwla+xg&qa9ar_-g>gQK*uE@S$5Wtf71h0ojgy~qN4}v%pUtafXP?pRGll{9_
zuV>nC#>Q9DpA36Tg&$4YFETO#pYL5}F4G)gLN`~1;ccjnH4PspX{2}|+@3yDg6D+o
zM;%f7I6!HOU$dZ)leL4+@#L}<t4R;cZs18`E^rWA*W(wF=aY)tWA@|fFY8@wpuPR3
z$N}2xgp~Wz0C*K;D{2M<_sqEQ!7$eofm7ntl{11;jw@+VK9@y=sc81e&YxI(eJa;d
z)n(H4@fc+x_*zB+THaK?cLm)9$b5zfw(+iV!k7Ya#^U6LUm=*V$0T^Y#Qw@E<f{N@
z%(xN_db!x;i+S^((uw${@!GHhfXE$Pco#Z!qc?<a=CB!QspTyf(oLmM*!$J;y(d@(
zT4Bp-=fPCh>p@qAzUD_|aLUw=Xg;szeoXQJC{UDP;am0CKN6L^6O?Pl{<S_4QI3RI
zZ^2ZxV#Q>yA<Z&fGb;cJrk<%K%%mVHO6<DY+BLM@brCk<I4payF<@0BE<3=7s&l)z
z`kU&;IhI2CWPnfk-T#jY`9GhQ?4e$e?YXpY(Nq1(ww$i2-SeVBkYqEC*YVuxi6xez
zx=o{p<J~_8r$+Bt!u8%DNesQjmE*$v^RBepQi`~)yVERl@=S^5Lm~7a*Pj?@9Q4;I
z^(E{r0*u!8CH)Y@gY%!()boWFbaISY_kHYU<NJvNv9H*G)Xp+9^>|y;xRVL!en&}U
zYTn*_6fu9@Jq~J^eu;kH3LBP%O}{~Z<_6kTfIH1SWd}a>uod>ZMfV{=(4bEV-3kK1
zFrix3ojG7g?@b9SX@Fh?0OR4eEm}SI!uzuwL}rZWKWR?`J<nFTG(uLnekIYK>$t!Z
z1K@JG|Hp60pO%r!bp}x}1`9dE+4rbxpQ0s3{^!VUQ+S7av5K)IA{%}`?pW+H=ap)C
zy7wpD&bzDgQ;Npl9}pIOaDT30HK3;<Z{gs6_ziZS-Hd-)kN|&J3A{JDoGT(#a?HXG
z1pusc{hlq(e&f!>-u1krn)PjkJ+yGdHjr$$V?3_;cGv!{ZVse|+h|y)xf=kB77h`6
zn^)u`Nb?49kRF@e0k`PB*7)D{=IwKz^L#G_q$o<<^MqF}TBCEWDdrn5Q5<gqH{*=G
zuxsMHP!Q{&RL2XVI;WbKz0^9!j$N2x*XV7l&BvKre)-}jLfWAM-*P_%9cYL@X)=9d
zbk2k>{Zok^=Qlx2-b`4w0Lje6+Q|1`IY~=^i|FCVYR8SJG{H}3e6}Q~O2G%`t41M&
zE=V%TPF?TxDhq@2FEV2U9&=)7mk&yDet5n`IarEf;i=YpWmjKU2FC2?((Yy9ZN*7r
zp+q7}k)<cu;dhv++X7dx+WEgeZnf##h^=DPG<^rZ%n$5&;uPkqhs8lia&HT9RbiBb
zAx%X~YWG5Piwz_eS0X?-*3Bw_d%E_El%Q|@Pb<>675yraN$JmIfPU$N{$nEebK;De
ziJ@s&J?7Krw~grs$8-6<bF3gHJK@xAV~AH%msR>7NcO;%en+6*5WTsn_Y1s8_T4d9
z!b1S1gwKC~xc^g24U#mDBP;41C`r?LkmqwFfE*zl@qKLPY1#bTP7*9TeH-FH9tvum
ziyU7Syqy3|ff82y8b=tqV5I6c5I?*!EZl5HjHBmsEqO-WkrMiDwItInZ0xm*+_GYd
zOBjO%IR+KlInw<ZlzZ6A?lrg%E>F1Tb9>&**)@pPdX<()>d(LJ>YMs=ll@A}#)0E~
zE4Y_d5a76>vuoFhyfpapC0wwMb-LqrOY!OW{8x95y@StfJ$L`n?5u33n^o~&t-7dT
z11$T)j_*d)<)WL-UXR>vH}Ev0N*EEHkJat>x_PQGN-S@?Hw=Kf!C{O=*;(!`VVOiI
zYbe;A^fVW1VxHSmW^dK|Y#38z6FojB_Jl7*BqjxtKaRnOp8HXS%v;u++nH`dsR&U8
zNM4t{&ksGIlN55`@M-ksppdSXj9e1ey{EeYi3&>!PNDX1F70ccK%$tio%pw-Mq$Cp
z)>lJmf4&GY-&Nt6;ZoVw3D#Zf*D-MKRTEer984^w@+zN%olcT9(Eo3uCf_W9n$V}+
z`I1B6oTU`VPf$r^5J__<aTBYEqxIcUY$*n8hJZ=?xE%Z-jcQAcaNtTo0aIlL;tXmI
z!xsXI8ccp7xbZ5eAM^Se%m@S9BNdW(|GMHU4WpVOH?2}<9aQ#<XrV)|86Wlwob{_N
zE@u<V?y}oJkZU!s*VI)}aRiq2Ug<!>9V<%&qm?+TV5)p3XS7X7Dig3uw*E^rWUS->
ztE!r_<_yqtq@}z9d9KGVrxoV#>Casr<`6NoP_QtH#+)en6-B?Oe(4eoGEA(}{y&-O
zA77JlOc5S7Yz5DJj*c(pGJ=}Ecdt}G*`#KbCe<YB9=fl;{EBRKNo#-n=Q2R8<-=6}
ztcC%QxLgf+pJn)Kn_lm~*+>4<#fXgP$rF0$n#d33+9@#A4JCE$Bg2lbYCgGf!-Uz)
z_1K|Xzus&DHP#K5<eQ6Abk{&}dzjQ>kFE`;a@(5rLG0f41FJMAuQh04;-DG#EuvS%
zAC7)f{Fl_-i0*yvKZ1Sdf^a-Nl#sr9fui=yf-ckL&LdTUT6;4WYDy+Oc%;l7TABRn
zuyH|0jGJD!Olfeq7G}fDrjKi$JOt*p-9HQn+#h(6CKTtuK4fhxO;ZgWBNkY?Z}iSe
zP8}Mpa{RFQ+2*RS_=IktxcDY{=YKtv>~ES&`5lI-i<tj;toFWg9Xtb_)IQp7v}Y0u
zq=c+ReOf)SP7-_ez??n$p97BT94C_8qc}p|d!oWM2JVLl?CU()=&%ye<(S%94ZJ6j
zUmQ8jM&xprvF|SV1)1tV_QvZ@=vbDjUjl~^Bpo;@*b5jWZ%QeRL~~Hzv~ds+grA=c
z&I_DyfEu5zV>B2?B!osjqjk-91gU*$1W|G1My&;xNd_LXA;poxp}E3&Qv^?75D7u&
zI}P+i!U4tjxC4h`9vJb|W*9#;&EcKoE0TW8%j*V*<;W{Jp+>%nC5;bcK#=XOX}`Kf
z;or`Dxt=4sgO>NIopVQ0ml1~4UX6o;r*+JA{zBE~>-^oQrL9=&+<9ec3rVZlS{CD6
zng8$1CJSmN)@%uwiQ~0cYkp;Het^zi@YIMwZx8$4<KaW;pRPal<Y?Y5UyqrtwY6!G
zy>?aU{?$7*TyPXzso}C*TBUHot)y07qFbmOwYwR1lQigTCppRfBmy|@WWPHS-b*fw
z)?U*^hWi~_gG?2FCtbPY2YAD*1<Xi*L4ghm2}b4k)P0YIIMaWruK)E8V)M<E`tyZU
z*&C4|RZrLHKkm3~c<Kop9PNf#_-=>bG`^B}v_8Jj8korsWZ%T@7B(R=^OAI_IpzvI
zEMvNzH}R}|p1&Brj;eIeV#0Q)eL#|Uq^<|V(rmiabi<T#3eW5#)Ub?oap?7XJ^nEZ
zBWh_jyEf5BmM?5ukV3k&iDf^fa6A;eoFZ{w^z_)D;eTj1dehw2aqquB0~!e_$MchP
zC^WAjCBmeRN&0imJ{PxtP2pLyqY!v>IBfJm%?BwbJ7#0!KziFso7*Xo+~^@SWV2LU
zTmRQnJa8Glu->&#XVaf`dtem9n_T%n_4V-hKuApjnJq5FV+!8!p99*;sF*ccMIn6H
zro3s~LS0d;sKSkJBSENgB5cH>C~O=GL-X*l%aIIBhlx;SiHeAvzt5pF7z6W{8<6*k
z0RiN;1uC0=91I9*sCAdSKF>*bnGBR;@!1e+NHf-}KZdz7Ch}1f!B`az3c*D$KO#EK
zqhFzb16d>z5A5gzHv&-1Bc%`nyT*UMCHa2R(_n|oJ0^9=m+eVx8~+(^*94WKZk$$Z
z6=Gfz&P821Gx6r_6m7*kk8B7kn$Zxz{ubimlO(!Kz!adbs>JK2(yrzyKlXyR*6G)u
zbaEE@U`uv{sy~jMzpGyigF4wERSGorUUSkr@kEQ3ykOXAk-p_})@nMp`a7<t5NU_P
zc(oPXsYX<NKOx@&7AoS)8{Ac>|I<cjAl~^4sVJw&4D|WA1hDchMhg~ZYt|AjVbkz+
zR}g9UN*7wh8y&8Th034By1(l>soID8z7rDHwQ#*RBe(dc^Z!jKcE;I+EDQeM2V5-x
zR3z~!R!e;6)b<!^Xf_TBmZ5b%^jXF4>$@J-xx!ds6S=MAuT@Df^Ssg%7ND63gHoZn
zasHM5kKQ5;g?`SY!tx!JFdkA{$y{0=@A$7bS}0$HUj{6^%j(bM)KD>Rds=*?zxd6#
zPozCxqi<w##!W6gIf`c2Y~~{%*K<f^W5N*591QeWJ-l?hU!-;qN_ii`Sg;GPy~5ob
zpH=u9TI9aXS>46&L}1eFbiVvvRq}UjWY}fR$-1)z^E#r!ifp74c6&=^Ia5>aXobkp
zUEWt~Uv0C>0$AnT@N`rk5odxCki2!H&b!vDga=@=&29;6-{nTs5RofAaDk!V;|pe7
z7ce`H$hp9zarT_rn-6%JN1|5lgs6N*U=9I6kXKumX}(NhH-%E%uLe92@=Y#NY?(qI
zN4wkzkvfmKyMMHJNh+waN1q#acu5pBzWg5Lw#<hHq$>Fh2tWE8-MOj4^I0zkM_`^g
z$&0Q>T^d~#jum|U1{jLO6~ryze##Rekoe<YnZ`kxr3=c;x<EX~_>Y1Y>YH!f+Cl9_
z1Q4Jl+7GLVsXej-A{Ytf?u6sB;%&sD1lbJo;;t4GGs&UB=Qv|`elv~*-kA)p0fU$Z
z`89XYp`hmwA^J}#u%<MGAmK}hD}&XVtiCwztI#R?N<+68BpETOvJ7TB1VkcK{jiY5
z_k{FZNM`tpLb<!@MFn{YROn7sH6UR@bYtp*LJtRM(jXfK8f#&KFb>IZR|5pufBgUl
z@PCyWA$KF^e~5hfR9kI)P<T)K{2t|j5sUfYzlnZ9VsWA_mojGHgPMo&f2qK1=;31F
zT_}$x4`g2o&i(ecmc{K5BAoyYAR6$hgTJ?G3X&JKD}wu)Q!JoyTbIbDqHi_?JA(vr
za(ZR{trmcPC$y*M4ICD^wrKzSfb|Z&dtt!O;@=to?|Zm7Z>|;jh~Kol0{?*mM4#^c
zvHl*T-yuQqxtQtDpktXmcwl7gr{}WHbrrwsv;yv@oVtmt?b($4w*=_WMpQ%XHT1kH
zzsBDcvZ^;pHqQJ=-A+&=<aHB4)1ZiLnG0gT?f7}G+Ft^jCJSBS^WvI7K!GXjf#H<&
zk%s_d^`1wWpt}OfD_*z>f!XxCJ8<w2v;3S6+Id+~*5Lvg&Zigh67P#YOHZJ)8nN#L
zytXYGmX~K$)ADl2H6Vx}KPrWS%0I&<!3NE|Em)73%ck+X;nVQp{cB9E6mdZn%=jsN
z!O{5gQtaS7avCR?p4qGMkyudhEG4)VG_TIjUxF9&FY{0ktMrVtv`_Oe3yObsIgi0)
zXTnv|b>SqP8Rdutst4ulF%M=M6`hl;Rp-CWtv1EM{{3vgU7vMZf_Cq}%%D9L-QP2f
z-ZXbKx@s<`TERJ?wP;8XhBj^bEKYe0K$1Rbnw5i>TFqLB5hMJ20BHm$Vy&xMSX?%}
zH`ZGdV|dp;QQ?6KI3pg((`0awCC}TOO@dRm`;XMyV~lQmXk3eB_k&!S?zVRiW;dDt
zgJ8ect{XJnw(X<k6leF-(R}<|Ot8hDF=$lnf5L12l`t(SC>T6vFFdZ=mQOy27NA4j
zGmP8Zs1+)3I*O%h?kTc>XUnYZeNIup-i+q$xDnfy5hmp@)4?8T)ugozuiV~5oz7$Z
z;^wpAk=b$4Lc@2f`lZW{XMJW}5GtcYEKh|vniQQYAowZmmm({5AR1L*?1<7Xg$dzd
zsVQ}rWw;Y3H9j)`ub;8MBB7wZDC41jyQ*65fGYOn<b1y<c|EPEIQTTOt$F8v&GNSY
zTUDW_Ve7vs<b8g>@!8;@vEFpaXEn7sU3z{0%<@vujk9s}vKbFSwq8d&Al^DN+P%Rp
zH5MH|91R){@^ZMtE$PqmW?1*Vr(@%0XcNA}V)jtz{dT_sYP3n(kwB^bFAyrCh~H;4
z^;2oPsrxM>a=6z_csJwf<FTV=gEbGVG-8^AmLY_s?SsNOBuIEBmCBnAIG#o9f4*Ck
zLVp{~_o~Kv5LCLqJv;y=e^C0w5q>=q%W^dG7dHtH^}S{nyx-^}%RlQHDt2@B@U(uM
z8QC9J%kT|_n0hir6W3L`6bCLxM3|z_c$X<ex?yDcBV_Z5r7!nwJ2$MQ`<}>)>*vuh
zELzZk22}UMrXfMs&GRRcmNY5<xv1T(CuCmBQ{NNg6m$)BUW}k<+8<GAV)<XZ<UuU)
z`G*?NYn01<0a}J}&8fm3X@ZkM1Zc7@_V`P}=i-#N#aT6PeDN;oc>J?sI0Src>1$re
z#_GS>>ch>6z-;-bR*;L{mK+EMn5sQr$msg5Mde-+vwCfPA3O1RZ0FatQA&h1tVCo=
z`(^7TB&b}SBC9B4Ch@!r6K%fUS=Cwl*);Wh_T2xR-P`HcASD$M+WmewE$0yPlVS_5
z5-UK`zxD>lu4Z3^@Gcf^{`>R!^4-I4hutdE4v-n4c@sO6J-6=G@FcDT_5VD=3-O;P
zc_C=v0#2s8p+k!BYSk}_j<^h;R1F%8^D#NYJcMr3b8-AGtNd{<x?Xeix1#)iN3Q<d
zfOFq;QF_WJc^SRBG<wP2MvrY}w?wp(-p+lW_s7b){xuCR@;>ju4fa*y_3|@-1od-i
zx`VUhp}U*0<3vLwRPW0>n$H`{HZ;pq<W&!>A-eA#bB4t?v6anTA*|ewU!@@}-S4se
zczYwJabLoUco9l(03OfZ1glgUv6r!awRAkY_i=PTA@+gVA_Vq>9C)g1=x+YcR{rS3
z&qqqAx%ckE3?1i84*LU?6iibW!34q&Y`t;Ql*a8O_D-(PUsA*5oVa>}9LKZWyKOyA
zOS_*>QA4GK4raH7TRUTuJ(P9>CZ>IRZ~MLyKcHQkg?(ODIiwbR9*TUexia1;y*>+K
zd5vU2)EfI5a4Iem_2C~A_W!W;jp1={UAv9b*j8iPo!GW*8;xzJv27cTF|lnsX=61>
zPuk~szti`8=hs{_*EK)(;(f2Z*4of~&*@@DU<M?aUnWm3#R0;pEu_1^54bg?L|M96
zd);`;Yrx)`?q`=)(7m@EtFE_-prPRYfOGWJt%uHA&;F^`^Qk>m<(6R&$yQ3h?Yp+r
zhxx`PKyPWE8}z3p{7QH)%61&&UdAuyew`fH3-IoH_4?t031kZ)_1V1wwc@r+ACob=
zq1|(4`}n3HTt&L}$GRv14^~}*uMvnCKif2ryyHV^8r+xy@z0@$4?mb@{WRV4YrdR9
z@-l!Hl>h2P-trpGJQJTLLb;uC@Wqp=y>SANI-7?_frx{WjHBDJO<LNrs@Ty)AJ4)8
z`xtvtk(DjhP#m825kCvo22{!R8CqhWUf$L^)QPCX0)i%iOZJe>73;K;CC3PaA5o*0
zd319E7Vq%(TLkQY4z3x()B~~f%e`<Ul4IMu0iVNwyw!2v(P6*M)V7w*0yYLW7exYn
zg;$}1Tt+NZ+|Tc{@zu0dgKK^|fa8I@FY&Pd{jsf1JgwZ6zSAYs_9Cw6<HPh^k^NA4
z$+Pv71V!&nHab{5;l@sHN2uS!2hyY8?#;Fp1aauK%lDzCzwIdd-E^wH&<`~rzn#`>
zVrIW)+V$CZeV24<KTH=3DdD*o*@^r$b92zljQPGgKil0Nxf;+4@S=aL@i>SLsqy;W
zl6(2~5shvvY9V;gWGcmgV;*j2W$JDA@^$Nhu<7}uh%JixRmPWf4lT~zAm>d^M_EF*
zsh|D9m^xTK7b!kuBi1M{i*KK|-eNANE2;;oQg*AtrLlhgx{uI<`}IAvo6xBP*@qs6
z?^%csh4<(t2V?UxeMzfybT=e+6G``~J|&d!sf-ZT*Iy?5X7V$G{oHoSrFQT`_fPLu
z_^E~ICA=SPKfhmo#q|C1xU}`UdnuRmfbQth*Eap@POY2$WtE|u8*uT%yLvo&m3?UG
z_4KTdqx&(VpYMh6O`vtl<b7S$^NLz<xBD-sLbq{Yw@92e8F(n+cL2^n8QYMKXlJHi
z@=Hzc!Di=7_qOj+Pwxr!TK^1|q5VUvZAi+mTbe$tt!s95E9JnXu4ZHYtwk&_f+qvy
z3tH+sFNepAUuPWQ=iM*sv1yK{d@(Lp_*>7N0pK;VkBfFM)t3RjPwSWUdM|Q4JFbOo
zsPsS&k29?|qL*>G*A8ox>C`K#J-l;lh_5K>`!IUu#}4A&$6t%nE{8GV6W0U`qP#>@
zkHbD__X`X;#SHWjN1qJ2jJe6Dz!gy>Th2Y?3v!9_h|bc%ep2M`C95wjz&`QHx0uZ$
z9*~VLnI|{SGKZ)jVnS^Gny_)-7RS<}V9-3J?91#;Uu6x?D2`uRufZLg8LvdcPn4C8
z@4o#L2G9=s$0Su_KlpMH4yjI#y~S~jyC*+I9WYT$arppW5~ldFJGuT7a{okLJO*&Z
z*F27@nA(0z+MBJYNEh5W&i$OMm!GOIz1N}i-sv0{Pqo{z8<*ji{)pNP?W*JGnD#^%
zwXam#Z2XvsDZW#0S2-OtfTOlwk}w<Z?|zc`BZ|N8;+eI|w0kQ)3Qf^B+6Bs8_V#^R
zcUdagcj<@c2<h(Wyd?BE2<%hJz6RG0z7*9Ap7OX(3CkWd?0rZd;#I0I5fd8P-+IdW
z_3hYqHSjwjZ%lMl_h5gJd$*5`rhU>bCjv7fv@>rMq%Y_8=cD})OrOD<g-WNF8ooCr
z^p@ATx2Epvt^PCLi=_h%2o7IG!ug*sHNP--LUpgf&~1xQG46eDT)MHVTYtUw<F{;t
zOeBAv1>bt}w4+h!_uRbuehIJl)U@+eilLX|u;tnbJ@>9@%159`Dz5rxLpL15bGa`z
z{m|jKj9V#7H<R2Of_3+H*)PV^vHf0EYsz1H&(;tB*#*G&b|DqdFsR8-G5J0{X!m&a
z>oUR6iK#lO^{3L8P!_ZA(H{Cjq2%+gAvI5`Gg9w!BWSV!{ma{uQ?6t-s0=gjD>WuC
zYvBP@HD4E<-BLttI=@!Fs{)3hvtI}g?-%jQHhZISYc4+OH1-r`2|P8LL_+3=6bv*O
zXXuF3b8U+LEO`XDNBteCNtbB!*r_p;5i;XC*etQPvn?#u{Ge>Xq6#LWkSgOHdt%<W
ziMJFi979Y(Sx`Ku9VTz1!f<!UDn(Y~Qpm^VlmgMV%DeW*X2Vo@C*nV2VCijGVR>T7
zN4@rLpHqEFPMyjUmn4mdxe8x~@WWO>9nMyVbih$obu311Y2YPUGhM;){F8|FeM?n+
z^=nxBX1)OV`eFpvegJH$@E~XbV*iP!f5NIiIuT>Htpd2#%g~J>ybFczmL$STfNz54
z)h`mlwofk^n7{O+szk(}GSC;q+2)AzPnGD_L`l}EM7zU%_M$l=^{AeSGezh3`m0}9
z*Llb{Q7Ld%w>EFR?-meYYaZLwGNkC{MIjD*F?mMD;1XO(iC!qX;@>v5?i8tt>vP*b
zW@9Luu+JcOCHY(pwtCNC57aqY(ZY%~&EA=}#`qnsQ4Vhfz=Jv6b$bs<4P-@2Z54)d
zI6V#D5vuZ#Plf}525YNO)JnRO!nd#-90m=d>~KU#OPqyBVRoz~q&1~O>tCZfI9m@6
z*C3>Hz4OS<t;N6^kR>76KVF=KCY}zm1vAw^&oJ{AIg$|FT7nVlviT7pG!As)+xFTN
z9*4Ft6U*6>3FAV}d~gQ?fzv##v@eV}9>7`&+R1Ml&8OKB^Pjy^AE6n!C7P;UWZ~T+
zj7kB@lT0lJW8C%PN%Sm2bY?_P7fH}w&INbC=na%K7SLrJ6p-*xCtvm^!V(rua&BCy
z*TOKjr(*ksWCmtFTpbHZZ29I$S$Wnl>cin=&5|GJ!Iv_AXG-^MF$8bLsEjZ7Wl0<G
z{4Xv3PmcVp(|cHd0iH0j2<_TsndQ|3fNwoAQSZFw5G6%^eToU~t%-Yt(y=`4LoS8?
zG;P92YL|&7UctFkTSpJn(;UOk!Alap7o8o2*mlj^iJ?GylODvkp2+^sTUTZ~?Pr@5
zuBLXBz1pz7mu63za(pKcZ8MD1kI-EpZ;-YPfsXZPMeZ2{yyuS$S9D$@@gE~RnmPE+
z=~S~5p4s<ZR!3QMc+bB~j(IhAjU)bKPT^_<Xs5cbMLt}_x`}tNQtU=xl6Mbc8fFcq
z^5~gVHeBYlpup_tV#Rl<xjj!C#2a}r5D@f)BDK_b*2OD!P3{UnXayi&MO(q#YkBo@
z5K?!-r%$oOg`ygDh!D86%>-gPeUNf%OmGs1$h7E<b_!$Y6-+i<SMF&!iWU>nyfUGi
z2@gZbE=^7mMiq1d9G^(5%9An0SYrvpW9+tp=;K1p?}Yf@HnNk<TF)Ov8cS4!;mn5d
zA?uT0g9=%QR^WQqF{PmS?W<ei3-gSW)iX^&H0YxnE6VG-OXoX)p7Q7k1^VoIf1hsO
zS7u-E(*zR@Rq}B1xP!KSya-oCEcbMNcUBCLC$LKWRfflagZ+;}xjLv6*3Y~;|D|Am
z+2HbiYWwm?@ws+OQ(vchUf=1p+S`(K;?lU=e$ae$tPwOBMs>FoPPF<wvl$g5MOc}n
zq?jUxQ~Aq^?&}cy*HB&@-P>qAboy`Sign)}HXC;CKYxd-@j9qD=pBU9o$T$xCd8NY
zI^<YnZO~RWahaaKL!iOk5%byI3Wef52HBCZb2D;V`>|^PoK<(r3T%9y`)bJ$IV&dd
z;7rH-Gt5SLuitV^)ll);v$2N`G^5Ru$!rke2tFSl?Y!(0!$5-5RNZiEJd#DBAz&ez
z{Zthas0O{jH@F|k<jD^B<tLqybx6I)`NL}!94FvPJ2eK2i0|!v^P--2Zre;qaYVsk
zzYL-++CiH_`19<v849;Cju6}PP%t;wO;_O8Z~7a94>(KoDFfsvq*A)}1-Ou0x|t%#
ze#}^ANrD(9Qd|2#tY(CIg<A#902BI9CaJ-;Mt7Q9SXBX0h!HGj8jGP7Lb66l90z{d
zx%BsiM5Fnx!I#w)j3P))y5rV*5-e+FU}8OXa?aavp8W5s*=ATbdFyc+h`|H}{M!7D
zPWOrJM}TGaIrh}+9Zu})WQ3h^^ccKOf7B>T3+nP}Zh>`g&KsuY%R58N%vY1>+j7WM
zaCU?p-_RZcoB&hZG-mM=(YK1%Ly%ZI`lQ*thwqECc?IQbNR39W>9p4Z)Id}1I#7Aj
zumP|%GSTe^2YLl&f~jgMz)O;uE0=X&;CAWQiqwVw+(z4(*ci_i@bEpenrU~ORiZ(I
z%Nf{x5(gtw-_EftpZZwfFe$>~Rhav65MMc0qw=WAYq&sLxA7Ap)HQaz*W8{Lmq}gt
zTLQkz4%+TKiq3w4ZdpFpwW=`SBLI<G>|hKhlDjY5O0a0Y2tOfSLm=U1dx1`Whp;A2
z-*$hjDuR+9sep_uK)%^jJt8?T%}BJ5nc!wR1vjPB25Y$dL!c81FZk>n+s8Cd(&6b}
z+qeQEHUq%)+@LG=`FFtx)GD!Pdg78XDPc8!igg9zKO;dwd?TXSiVz$;MHt^CwzS^s
zBZbZ9!4B@&7OkH<!M1ZM2dIFxV}XBvbXj~O^1E5fG~8lcCM?{jcxM~5{6xQYb#mPT
z1_SvLDQfKj6g>{{@4w@5gJR~wU2R7@^{ZqY8GIuO()!YD+`nB7L3oeI;~@7h?a*I>
zW^D>xoywJ0j(p%vk9vRp#IL*%!%TskRDq3-05{U{ZA0dBdGe`Z;CgRM--)2}d``%)
z&wPv#om+|;yt>z>Xo>ZGOV@!_{dg=Ylfb!@_n69_P!4%r&!}YlaXm^Tb=mk}*N!gQ
z6|F9+>3!{ZiT&qVvzS2jB&IsMDHYcOb73yX!qyXFuSbKad`2Tmov2=-lpSMK0cSSC
z&uWP$EQG>J&I^#dgCqy(a^<~4b*4fZhD4|t?~kYj;c^`E7iuG32@GFlmKCplRGq<>
zGf2nu<`)6xuCOHApxD=~W~M4gwv(%n0<vltBLerw9f+yxr`LI?SOx_=CKb%bp`5lc
z@KXYH42ZZLhp&t~p^FuezCmj#?yJwck;4)SS1-tj!hYnQP5SgkaTl3O;^F<?u}wmb
z-+Y)jwUYlN^4d4YO7K3<+PqL(zmuCTJyGf$*(&=T5p<y}ZsB_i#p=I`;smAP=YK2B
zcr;oTl%L9YR}m-ZSxAqC7mV9BkZWfL_b7PCS{JE$qk~dAEY`(txt*-T=}5M1R)53s
z-s{~5e`^c@+P|IKKi9_M#P1plJ}^M-1$8ZA?w;cd&te}71MN1PI(Y%UMOHqyfkCpX
zmx3)WWWJKVf$uM^%FICW^e3ja)b5iy#ucl5N5TL?I(45#yLuWs*fyyd73#v_*rzaD
zf{-^y+OTgn=5s0;`io33e$*KTcn8AXoONZxDxeCTwD+j6z^{G0?C9rQA39F?Z;1+N
zS3cm~KuGLYAi6Nne9%41bO|b;R2afp3R+dB2{|gi%qRR<fX;naVil2Xydhi-DDan7
z2w?tYM9}Vf3LogmGvXfm8E=4;?U`ywq88B0b$ULLH(7W$?`RSgcq^^^=Je)p;fTkf
z#4qYDoxyAv_sGQl5{Ke_d!P}HLyUR;HJQ?s<oTSHM-OSbjVrR>5y0AHjU&-ZKP(t-
z)yY7Wc+ZcK;Fsbt?__1Z$TdUnP%bbPdb0=u(mkt>KN)cJTM;om(4hCB>tV|)|J0!H
zLDj4?5!4I{wiR%XLMikMwi_-z;EvDw(=HRt?4a#dyB0X$7Qa`z3;x4@kU+}}=YbjJ
zL<?l)*^!zBcRYBpCpW6h%~bkDOf<R45WXuP_zyNDjXKQzf(2<X>dm5zaVtWftG+Xb
zobIRM9i2xdYY{l$F!8I7w4-J4p3J{Lo!F{C6l?&Ogx;MelgB8jmx)WRQvbDoP?#fj
z*7{?2h=qkLw^1%ivP_Wxf5fL&Dt?h!#YeF_^=^}zBUujcdCaCqq8+;PYG^_uU@nI}
zu??W%lPFG0_E(_s<9dDwRsIs7%B|{5@JNd6k||CaInc}2vb1?s(iLsHTV#E^eLwTU
z5?wYx6@|mHSM&(z9!6Az{Qy7frXhGFTp^vr>nsYaTb^G?E;EEHz6@u3yTOKBrJ=Xz
z_fyY3QSc1sXCX0<1V(>4Jqbbj_{3lo&@UfAk~A|QDdVCqK*`E|D3;7R_ala^UBb`~
z@~{@;p)FHPZ}upew=9n-c(h+I{F=5F4mLPMnx<}7&GpbxIB-|8d-kSRfOtCt5-PlT
z$no#$2^O(ERkqTlyfqpCuZ3t=v^U|(V;2~_)3wa6|IPMDsovo7taa3Hiuv;Jx4M59
z8WW+T&^smZXK8gVn&_xSHIUgbubcW*u8UIDtr;&3niPWu{kd$df>DBXG1xQ?2l-k@
zZsuueF>iRdIh3p=EsC;cqKsrDy|EgSM?D*EF#KBszoH2ryxrF)<hIqRj|Vu}1{aJ=
zCk{$Qg;3s@3rnehYar2U@iG+Q?(2Y`+hXK~O@h|h;*`=IjnhE2YUuO4T3=zvTxG_~
zExrGFk#~<YgNCV>IGEXFT0@UY=VK+)9GBSmimk-J4Oy@~C1ZA}LL@F|ewBME7wZ64
z#B6Q~3bGiL-CXW6d+l*1lN*&}n*kAkMLwGK6gAyMPu0mYeZNV@jkEShs5V^fSKiQo
zRHKO6i#_N}ve9Zph<^ExImehnbar|9ab_MU2oi3^U$+yYTf2Iq6CjiIe50H=bGDBT
z%l1Yebl@ErXQMSVArq}!i>XKq5E}?Se)XEqR{nOa2tSUShOyzcSpx>zWl@V@*6Z}A
zzV&au*$(^EqXj?W1XHVVnb!J>R72^8qT4|>Q?`rfyT!<9NU=EQ@>{R^vCy=7&l;PC
zD`-_cHo=37ybJ0^0+DxOtH!U|C(IGSx_4tfTFxfqjO@Or1(zf+nnCntGJ2iGMLU8h
z746A^gH){4Up<=4?1vLiD-I<HPoa!fxWee=D@#r@Rfpsw3G8BO{AJ^V3Uy_06olzf
z;_$3C>jiqa?4zC>EekdDFw=QxAA`L#FD;R6?@I|_k9)wlEvG6u4=aVWj6I0N4rbvI
z8VwPs^(l;=`-rO89GQmCBwsCso8tFRq`ZvV+(f%>MXE#ceSr({l0jtLhIEskVyQ7A
z+oLE!BTmHJU=ft5Gtu^Y;+Rzk!UlrF%P4*zBDweTbEej0BYWmV$c+hrIcN1(ro~P&
z<mjc2WDaGPYDp$QW?2?fpW~JFrZjz3)xB1Q$F*f$vYuFSt8rJzF3W6rDy~d4^PSH%
zc2J_bS)Ta;IXv#J!0nUOWC#6N+}kB^7K8s6o#NDm&J08pT1VTy2qhRhLbE;=?R`fJ
zAvc!_)izxQ)5N<*{{VG=91yy<g^tb`@(5L_cGJ3fn6E3!Qd*jkCVA|@$l!(95av^j
zoy9ITJMxhu@ln%~y2fdWjz0gB)EY<WmPT|JIQ7cp$d8XmkcSZ2lOdfLvV)MW^I2=9
z8bBR$j;*FvNi3EaN7f*a{`F6BT(!$nyL_T+9flu3yIQg1*kP^VLUc^{J#8t)8M<0C
z_|YC2LX0Sw^Aj^hWoT}+=(H~8S+V!7Uc_U;oaA|`c}6eoFOFxOxr|5D8(8$X#pa^P
z%L?eUxaE|=m7b`hsPl)QO;NG4WHX%~ftsWoo$Fd}^`;QG2mA1#S#|_sZEZc%UWqrK
zrhsKFH?WXLk^mR@RMEx}p-9C$j2gr5E{rG2Q*X*)*4br+Q%?aKlB;!=w5c7O3lCvc
zKhU7Ss|M|sWWFYo%hn+Ob^%d}ex<)Fz54jbt=&8&A8;W$F5c~byFZ%Y)EZ6wt;;}P
z-0jCd(TTBCb|Rp#ni(Eevo2Td>D0mmf{MsU9V4$H5fonnglQ&S%=?U>VYaWlR5EGq
zd?DnDHW@uc1Z>yQHMopRwW-)L!}{^g4SWIAURs&fGW|K61RRmFq~FeQLVLi0KF$h{
zCt|IxA1;Y$&g79>&Je>a;j0>4YRGy<b_PTyE<5ZkyD+!h3Zox_yCa0axq~+}&~nVM
zZk2RkA5TL1bYS_iv}{Ng%5}VXzm{>VScgQ)3u!kJYK^|ud|U>sEb+!ard5$QYGA!%
zZgx?LwMg<BHQ`g>FH}BHC11nFF`>3au7aQyP+xYa)v<*S%*f+mM$6Zog`K-bMh;Q}
zTpyWjq_H*242kdWQHm&s&G=hc5C%3n0@#_kCg6H`$T%*zi*+gKCM)a9AcHeRjAhkW
zGYkxPd|WL^cD?~6+IxJFM@QZn4F@~|o+IM%e<J?xJpW8$zh%!2KvP4~4n9HyAZLJk
z$@Ze!oAi2Ly#$C%aKK@F+IRe8^f45mV+$pXAKc=^ovqYJKGxP!u#Hi+>{i)=?x)q0
zj*7n4ubBF;XfPxf?ah`7Wn|qc&j{khav@&3XB5s$qutC37WriOGz>3v#F>zf3}G4E
zFUFo!h1D3u;X@w|8v>+~xG4}G;T@tPCqP#y{km)+kA;F<0{vpy4owBRAQV<<k<@Mn
zh+d}5acG#00X|4lVGFW&B461PF@)-;nM0j+zX^8c4t1!9saBUue&n^qOI*#&@F1q2
zQGFQ-4EE2iB0G~}dv3(0$+>!H(XfP*(PTtQzd5oA?}@~PtOQ2JMAJ2~`Wj7#I8E#Y
zph<JFXb9Ek@+;}Rl|>(?h_0ZQYW8Fne(VK1SgbI=XX1|3F(@|c(1#mdg(Q&*OpmA6
z*!2@N#*hg;s6!(EYOYa1LctrZ2`-vq5!0bZ0`4`ZA1xbFvirC64TyVapa`O(144K1
zg<|{BA>M`Gl!1wmt;CpAV2350x5xaC>={4<+ouD{=qtK=HUu504F!}Ui)h7TjFDH0
zqE&~a^~jhdd8seT)yt?&t*)F#HSq{i%w!e};@8T(Rw6V_5DHbOS4*?UgyQl@2AwwB
zp%&Ds*oAt#P~<&whjgU|54lEpprkHY!4Huux|xCgJR0>HL_9|U#N>x<Dp3dbLfdu<
zqFo)k=pT23u`J4#@3qy_7aS=QueLM=aA@xC+{LZy%$V9KO8BC)4={xGgai^fXYFd%
zCL%a7H{^5aI6m&0hCV7Yc!>&HvQnmJ^`}b(kJmkfr;$kzOB>$Qt{C%DZ9t!3g-g4T
zsgy2zI<nXxlzMmJ$Gb-XXKa|1T+D|=d$__sB7la&m(Ld{+}c#{jtmRQSHaL_#N|)j
zaLi-G6W|n>QZ@_e8X(puFOiHTbV@R-c$SI14@a&k@Tpc5?d1)*r`>jPeep%UlnHzt
zT<ZM%SJA$95jrz67GdE%6DwSjYAamU#vh?c%K$mxil-gY{;(4YH2?N&G=XDgSU*Pt
zi}+%kiMdgb`d{N2Vj34J+3+7wX}UD)SUe5jq6^q*vv8n-zt!i`_|z9A-9;HO)w@jc
zDHZEz3RyZ}WipV*{CX+o=}sf;Hjb87O4G!%NaOwqfRlu&8U&Y+oWYbBbAs)ul>spv
zhX+|<?CE)=EgB;aUsi--*(=;ziF5Bq_*G<)gAI(`or&?dZ7+qtOH6pG=OKDpj$rCO
z=OVPVV8l6+&d#LCG&@Ma=J%JBVNs<igIOcCX2TJaf?JCQ%Rr^z_Yj(-!Y78^lRz9Z
z1oK~=PXU`nP2VfRiQnZ5FSde-i4s$bG|k>?Zp|2YK8`$_{Hhyg)yyi=l$ma0lOUGH
ztf$0dhEKOl_d#ILC1|wJzC-~E?xTWd>gbdSRJ5NR4j$_+!PGz3d4J%JzmTY(Z>HWS
zL{?r7fCtzVRnG$Wl3|1Xj1x@p?A!EY+9iz^M=;-N7fWU=B3=&UugzrP9+=NXX;<f{
z=$<=QV0MF1s`>n6_%}kWJf4CPq{bEJ0dniueOx7dMQbIO2Ka=qis&GOr;lw2Ms)o4
zJ-`eA79Gqk^;xQP;+_G0O{2pzBeFSc+W5g?R+W8h=CA(oaU()PaKjlpXTi=K+=5Y0
z6m_PqmhYi47iQIOXibD^8a0#O?#lRRU@tUzVB6;bCK-rL3T91&54-U~J_))Wom;Tx
zFQ|}@_di7&Bf$=23O0N=!u`M$DCjaEj@z*L5eOYCaX)xu<k4N{4$FW|T1a)dBhCxJ
z5>ENYt=*S4P5QN8ao|&#6eFaMvAKnH8?cZO9OGCVp(nnwrx(+=x4&aBBB|`@-Mr!U
z?0FKoEL{uzA9NlI<VQ=8sGV;zd9G{Vw9V4kX1Y`3np$I%q|N(<=Lmr^nzcib_g;t&
z*+tpHCGsjJoJT}$AK>l>gzXiI!N)jfxRM$(cn`5fD*QcM`#E%cjs~bmUzt2t_bDYh
zi7nSWl&KNO#%+h`Y=Guj5;hq}Fcp^k4E^dtlj^KTgc$F6++KayQ~Mt@^e-330^yC_
z&TGA!?!Vd<1+n8}ec*zKRP1y=vTjA0;(HubN?}lRdBOs{FLRTY?egNCL$tUC;q%sw
z1n2W#IrKY8*PDyp`{uhNx1aFzl+%t_PE$#Wo^v_y{&X=fu$Xud7HB9LFOfZxcBU@%
z21LvBErnk82$%4(Kgzz;(rO7o3}p#TPlnR713w=c6ENXA5}UAe8eth%#_#oMT+tGT
zeM~P~P9;ja@WyDCh|`WiN^TIDCtT9J-*aWun>U!6Eq-B)9dyU0_pId~TNUwsWh>U0
zOR~i}CimCj>gi**S{u;efU}1seo}$td12lS0X=Xv0r53+1l|q>#>^4D!k}@jc-r0?
z4=+uois(SAZdfCi^=U7q*pLjP8H-+PVV#Cx<Sg|lJa1@+5=8CWecb5_e<M6LhP;_w
zPBUv0Mo@|9km{5s;iDHEQEFRf+}0A--51*2V9ZS_j^CIl9H*@Y)dBmUx|HD%dQ-9S
zg&b>ZZNnmAgk#ar{*2LK{%&P~)Twl1M72r`Vy4X>J=CN`e4(y*13pXUEM+E>SNc5%
zZ8Oe1EdSwq|I)s57SQWVP_&zxfr}7=*mnqEfjLE$ny`yn`|&Eseg{uwX@vp&@uT%)
zn>Ao{%4m*%m28jO2<2y``D<$SO)LPkJBlXEhhg1k|7ZtwnGc-Y7Y;564ERRIe(L@h
z=vev4+o7pHZ-HX&zyS}NAG7vMj|R1`?z30t_$fu<;`1aenbarz4tO-?mQS36f}h74
z+O>!VoqXoB>JLuJ=Lq(j8Q@eMjI<}?pX$C-x3Sn=p0`10VOb00cswl%&nsjnXB!D{
zJ`0ADgB29&4f=O|tH|6TlGmupV?T&r`Q(I^xCWj{5_yt|%9Ds8$-+rBx+*@3X^@y!
zTvg-2BQieEZzxiKLW^p2<WMYK+_|{S6q?#-i)3%h{f^XOvm_c9Y!_!tX?YON?<`Tr
zWq_PLZ4-PV`Mc(Gct3X?G*0RZfBGbj$s{Dsh2<M65wqqm8_0S7Fe|Ibk5RKw1%u3r
znUxsR2o3UkF&^P7B!%5#<t$9tG5DKxEWgV)GXQG)p5H6?%ItT|Ymfz|dN8EdHe0Dy
zkE>npU(R6^!>^;3&a~3L+SvFM1wB@=Ps_|UB*lZNsV>0oL)Av9Jb6{ZeQ4Ar(rm<)
za7RR!tSNv$=u*18t}dUH-?;D;GWQP43?`xlJjVwCAF=o9jXsTK%f;F86yk!fGseM#
zpAJlbZ)p3O(6(mqZ2<JWMp<K*PqzJH6?3JAtt9C($74Gxah-nH;>jbf$}8}3fAd-^
zoAtaOw}>n*cM4O5Ph|5LZ%?;Uu7q4!u0OWHI(8DYR~jreZa3YCiRN3KBPteyTPcL1
zBDvp9JaA8l)O3>9=%=->W@%7B$SK1rc45P+vFz`0tox7|ZZbD2E#?8emctRDV6z|w
z1i%*o%Q{oL9?k;&vOjIHs^_rmru}Qfe?Dqaz-9OLdQ5hl-A)e&chWLahJn2zAP-e~
z;a|S|59&H6@GrRe78dM6=fGq}<LYoYrcE|I*+MsPK`=6y95pEO0gu%;uHJ!2#0&!>
zNsh-|0M<A?$EP4GGoJkuPF-p*J(7^({e=CdYv|D)t)b(MUkkCM8lJxNsxDk#+HvOY
zIv2}}TH5_jU*jG}UU3ki1GE=%<huM+)UZ`i4LQ_;m4<^f(=FWFPhF*U>GP^y;tN%a
z`O;ORMm9`XBcyEfDTH)NqC`QVy0#L+X*vcUWY&}uew+_=BwP?pa|+cbfw?4ZYkqYf
zLuN&d2l{X*%&*c;;2O;@;SD_IS96t;#j>+A?9)z`+~;)C72+&$9Rcf+kIRR-6u&8!
zK}ItW5+H-0-i#G`&uxcga?8#Aou1pE*Mon+znx6#>>O5AU2bN5>sM-KfLXH6CamsD
zf<o-AikOW3LYsXyb@y-m70;glv>!!CZp`f)y;EACY_~S#X^*vs3Vp(XypU`%eA()e
zW3!N5#V#YwH<5U>on9ij?+;U?OxrC_SD8Aj$+QZ$;|n&-h=oiP611*(EbyMkb(=nv
zwpjY1`ml~WgYe)hq?GK!M9FQ5yd!HrfE_n&HDV^#y=}9!5fh*xeR(CrFFi1Y){txm
zCUfFMqVDOww;G3W7U<2?V73);_)&@<VY9^7IsHkZo|OEp+sG7@(PZbND;2gP!N1ZY
zBsW(ge~hkB(jTvD3SeFA+q_PQM#PQM5XjzBaL01k4Cz((`;>!hY*!dY*HO5-Kb;n6
zi$x0d38zAHIZX|}LE&KsgjnCK+9^Lxr2k$f5DdUZF#5Md1BJKku0G6lZ?sdqn6{E>
zN5cnF?68Y?Jzf>m`S)mHUSWuKB+clqX?StA8kv2reQ1`0rgcfrcRUA9j!t?r9G2YH
zI*j2Tlq_3<?h<o}3m47d)8?%<eK}kuvX4zvStQ4o+b<=mou8`QDSW?ga&DEHR3~tS
z5PW|WWxK&ncIi40yQz(d27~xX=2b>96^#Ry{VEnh`pNbErKB;e_Vv$k#MSEcK^aG;
z4d#1Tz6_nh;d!(zbjH~=)ICX%rMHgOYPi+{OnT9NT(u~)*ny0Co)VTR&2T*JKGYi0
z_2DG<&OJ}Ps3V&<@Xpm-$?kK@ccmW%j?gOznr0=@1M5~qcvhSP#L|S6V}&f^=os*v
ztKy{yuphU`3wEExxG@Ra_GKhD3`Ly$6~x>GOMmbHRpf%ZGee$_>cRzVCZd#Wr0(j=
zoHa}4?JSy%L6vw%!7)$zRLXP_S1);Wt-x2EI``CYD({}I_y1#(ztM;~2&ma5)Qihn
z4$M-pT=0_379K&TgHNj}L710<8=AQ-(YoE<e6^i^Bg8MlKFGnf<{!{G%WYpEuyf=w
zU1faio)65vl@1XHu)6MR$Q3`KB#DxXep<gfpXyhW<LHNA@bzA9eX!oo--9~21*y#q
zCL9Wur6!Lzt0Ia{dRAm$%2LM#x4sw%dfe=i>6-e+j_pBw7UTD_Zjo@#{Ju7sVK(#m
zYSx7_QbVjt%n5H^W1_Bx4r3_wz^Qji4MVc2CkE;~pZZ%ksr4McMWQvbxU(@Ph`U3S
z(6dH2=K_!Uz6J`R`%aIp9Zyh)KwPp6*r<G_DN~k`S@t|SEcTdwCxSGioYFO2NM?90
zokT{pEOos!0R`oPOV*bQ3b{4;k<4`Jbqaw)bY*f8IoOR6<4k?S+UTroGPu?@AkgS}
z!AO#LWkX=r+UbBiBzM9ne*C*&DZ0@BRG6BrBPFaxcxa&e4~BM?#t?#HPH80@87VQZ
zDbjVB#@v#ca+N4cB1<7zlZ!wXAwLRQdW^3=MZN7=L{me5yN0*$c5_zM<z&|9{?9Ex
z;2wsOAamOMp~#HDcCIooL&OZhcFHH5`s=6oI1zJFzX!@dVPN{YpOJ5IE?+#Ic{{RX
zd#@TX0Fpm2BJp}6o6BkHmVfL2DI=emO*<?A&Eb8QAjEm(+`7f^3OYZv9cc4nK9s#R
zFU$}OscN?Tm?+^hT@2_vPIuf>K#rzmKW(ZSvU2hAGKW@2E|K9+Rv){)3K!w`jiBXt
zwaA#9ia1#RA?TSp6UQ=SGr4iTX18M&y{h->!*ZrMB)ayD?tyz6`-?T52n(;8F4X3Q
zc5C|w*o%0}<F%DwS1KZ1@u$zwiF+!`4Ai`G#xuxF@+(NgU(wi|1cWg>uRH^Z+p<ug
zH~6QsMXzZjd~gNCMH-h+^x<R2YeafxS<`Nrktg-K0tt_bZ~|b&J5`X6Dhaf@cl$D@
zjvIUgOdR9fv16T!M%~E3VCH95_Sb_^qgO7<MEKw;tb{s0!jlg^W6H?VDvgO1^LgeZ
zE++6&Rg!DMOL7QSIBS~eD>FwJv)&ScEZ8mwYn;%XA+&|hwMu$XARzkx-m-#&x7l_*
z{5N96qXzAu-v08q+C`@wUIAY{2<%O$^S7TkgxJ}^Vz_w$JMF%_1vBRDa<DHgSqS{Y
zvTIGD)!pqUW-Vt|gt)4&8lUrQ1sVIb`?QK53))==IBpbp4m5TaAZcB%wSKk>@MmN2
zQ>Dm&LYI>0&Fikr180hZAaqofZ8pa<aUmR4K+v3T{IqpV_?1(s(D(T`&t_Qr2ixH8
zn8hdq`XV?EsS4$9D@Y>T-kk3p7des2kXR6-a_N-tq>d>y%B8lx$69>^el>M5{?5(t
ztoo#=Kz%@dL%R2zTbb<CF&0*&QP?#1AO(XL&i<X*fQ7qi>B$IqgcI)+4k9Nb{mqg2
zj<@De9{yO6Sh>rqHXB+xi>ga%^l0V1qU@0^H1%H@08GSB?V}g;6rbDcBHd2B+aXAf
zZx4KsNw)7cE)<l<C?NHpo6qnbWf8+T2OalQ^g2lLZ^o6I54-DD@KOLXMNFfgtENSr
zE9LaDz_Pn^1?9v5Bw8#E8-yMZ4v76^K3c3inC@sAWOlbE5a+A?Kr|89O1!Bkn)J@V
zXRIXtalEpk7Uc+MuI2#e`2yy<r79*0x;;!Y$uyO6y0J->GGp%B!~+N6PwBcYxpl-+
z5LfEPOaW@m<x3@POj{aLq_3OAI53teZ7UIH_GDF8Bx)4{E6mklxLGE9v#}EftL!3`
zn3TIx$iAy?dW9yNL3wzw5S82Ikd39-cjn^-H%qAg9&CSPL-yaY5fbo2Wbxt1_Pw;_
z{iT0)c!_0Aw0wieo7KXgdHDji#mSjCcPQ`&DytKMpQiVpceq-xul@3&Ch+<mRa(SF
za5P{B()!HKjpfD34BNC$xJ(@VZN&ze^3+ky9~AA#orC1tDu4Ig_}9CRR%Z_D&Zv{R
zEn$=|$l^;3&p0g?o&Y#{r^+Lq{o9+bP89haDm?}SO;}h2E`TOvv5DSWmJFs)nb(sQ
zLdobkQ=^x_bGq00z*??&vl?m&rEEj?IQIV0uYt2B5*fQ_s?WMC6P*uH418du@u_W$
zLtbBk47E-Xv5KZoNTPc}_~y37bNJ*o|DPD>nuzdt4%SuObAw0_x`v?>NrSZi1eI|#
z0x9_8398GXHkM*g=Z_27he1nY47c~Gq;y(eZ|IY+mvrgjotexo8Ef)fY!plB;gm&j
zpbJD47yC_o*jx?G0MXjDENPcP?#86Yg+PIjEM<43g?~OIcf2nV>S&&}Qc;&!$yb~@
zE|_K6fgn1R@#myUb3U9EA)q1-!K6FafSU18Ra;$xOh3<u4_qzg8-$n(iQHV#wkE4X
zhx}wiKd!-ZO^qwR8-aJX5=o8#>8_4Y6#N#|Km(8#x@brt=$>EkU3HvvYR;5qP8Rw~
z(Z^~f%EOHRBNhV`5ZTQ9A}}m=w(j2iU!esBl;e5@O3N*Htxt$!GN}UbT^Me0*9*)1
z<~hGTCe%3}Q2EDWtOEJz0hQE6E;N#K9Q_B4M+TxfV+Dr6ruS>hfLzSB8o+mj0UG$i
z4-pjz?5^y=&1>J50~4A`8@<-uofPRjTA(X$VDLS0GrX|7&x*&mmPaX1*yZBUQQ39w
zHBpY-E0+S%C+=Vp7L5oZ*ZRIB$JL+H%F^NEE~L$CCVNik%ur4Ug<mIY2F$4&j@UX7
zM1)yasEqch84MB<-X_f4aN0I?kjlp33rdFeBe;T)C5Ig_e)k|EU<BIeI2t2guA$<u
zC>@3WU4yjegx2nMBG>MAA@2Zrj~L*#YPTA0_aJ()z$EAn?-?+AmA<w|tlf7pIQam|
z{|OucJ#Md+^qkRW2Wj&dY2Ck+`5YOJ@=WEd7O=J8qHVdbTB6DI8bjhdyta$1@oJsJ
z;K5cn{ruDjhS8zrlk<sfm4Yt7o))_|HjP8o2*Og>1EPnR8QnLuHusaA%h-SnE{hq>
z*ilA8(TbxtBuDzjhQ(I6P%Ep3AXCyYZWb$tDo>~17DnPjP!1AxpQ(hSU1u3N)~uHl
zaA38s4ajfA<Z_<3&nx3z&2)>+nW_cK4yf1{h&;KpscYa4dsmh{)f)(Nw%j(GqN5ib
zpZ5~%N8o;!$|1$8|A({vp?8eJe(xfgn%vmo(fSg)WV?kz5N$?af3qF_juzyG(4p5^
zTT#@=I^I*yz+*~_Elf@iI_&RWt>2}`7(P%ZSaGMj#gBCbsZQZJXbK0qLhI1eE0@DG
zaF0aBvszwQ^#C+%fHH&z);>o96*}xSKQ#RJH&zd^nFRcbP81nt1x2_0nlDQ8_t{3*
zBox9e){-w(tu<z)$>Wi_tI*ds<F0u{P8Kk$`jP^lvyQxgY{G)Mxbce3?Muk9?cY`U
zojKEOL&7zeOB)q*<rFQGoXf@<OgIx?6n$Hqv&pEgWRcK}9nv2ggp6|<WVEluKlLmO
z!<*1!y;lqrOC}TkTm%1mYpl<M{7x5WUS=k<c49AI0>?OHL#GCSARI^pp%Z~(hAcZP
zCG;tX4&Cpja^?=oL-R)n<VdNsCN9A`heUmVD*qJ_<`9T_-N~EA!y=wr^hj^m3A%>t
z(7Za!la^%-G2_>)Ci6wqA}FOAPJV@iQBLts;Sgjr+>!<oJOTz-#<6%e9bz0-2J}eH
zX~L#zs>hPZ47)V#fMGoq_r0F!5^<^N`EXo-RCb279HC1CC)<}VBpH#`FulQa6^pn=
zqlqF!s#TIKK)8I6&ty9y81-fJpA$6o#JEy4Etw1v*(UOKO7gNw2Gl|FkjGjJ>Fm00
zRzz=#b6GJi(iLKbdl82q{975{>shUt@;RY@T;bn9VinLs@ntfk#d?FBf%oj)&;cel
zyFE0B*<J1uj~f?jFA;%kTx!`NfBxesN~D&bUopcxpDl!+8EC*|ZLNC47P^9H6Ux1x
zx~Y!9L$fM<Dh5F#ZbuSf3p0&N`^hX?g&oyxI|)kPI=_#mc!sM+c{;Rb))p~ZmLfg8
zietgm`lVpqNjBjqCZRwu)2mFcw#<aO;LY;o6!`-4P@u>p-G)`;`!ZD=x=BJ<C;WuV
zXNEns*C54J=x_&`Z=G=9xgIyBFbyi9KT4_<fQIpWNk&^{6ZkheR!_&JB=6lGVy|!>
zZ-0l)N+wW3;CteXIwE`lE>>N?1P&R2`KuAH2So>0-72_7Q*4+0JE1@u-Qz59%9)Z;
zY^Dp^hKqKH{xh{7@WZtP<toy!dgDTj9f~n7l-Q}kFI)(FN;Fvu!UDuqXoxxj7wYCn
zF2yN*pL9;ZpgD83gKF}lLn}9ES9V?7@yV0m>iPn*yrt(&0?dJCvfUvULhcF&Bn`f$
zvyPUdiXVhXO(FX3(2aItoKMCkF_mahi!g;@{7_zI+v*rIp(T1I&j59YbR3R8E!>l1
zF9bpauLHqci~&X%#aD+J1rdIXh^_47(rn(TwZ9W6N$>{_=*`HZ_l*%#e699-iD)?L
zQU7UasojJ&2eBg^k}M63U}Jp0yR_)^-vMEA^ue&Foq9??q<Uzw;n7rfE4){i<pO1M
zq_UUPgKa)lF@GMKCJ5<(FWx9N*ZNLaphhYlw66{ut9m%$PAf!aW@ub`{4i}(_;xzO
z%oI~yJ<%o@J{}(pHmN)rFTGM3O*4Kf|5QcliJKU|kWhslU3w-rRX<<dn{07GSNXUt
zs)oH~ewKou5CBf$@tKTK%I9o8AdjP7MPoyqWIU!n6QgkJP;^Ua&gRa$qxyZWH{myZ
z%I2FI`}^cZ5j{F?Z~h#AJR8sdPE5a^la(qndyPQ41fMY7`7H_q^A-cs>3tj(D(J9q
z3t)=;1(#vcJW_0S-=G7e7qS|#45?)*ord(@gX4W(EN*7+F^f}T%?WI4Sg+aw=U}uf
zVnqQBokWLfv|bMo3OvxXV!Cb1<dXoAb?*PrES-}!3K>>S1vJiVrOx<3ZnHcnZ!_pW
zFyb_<oYw`ul8wn?BHT#cRA&y9b1%Omh&i2kxyM&1*Yc!Za?oozFr7-XeCJ!rNW(Or
zs@KRJem?DGK*BTfzPCvK)sXRjTV?zqpw$mb^_<M3WZDb}pY6G8Hs?byc&c^=>UD~#
ztG-U`Qe|9`4s>u@w(iF}Z1cKO)_>Pe_&{d0Ul+asYKvt(xQ1rK4~z!o9pf)=x1<J{
z(1rZz!YF+|_KWv<;?dX=p#9713mvYs_3{HF!3?RX-Ci@pff17=ep5-Y11wEF<Gv`m
zoiCXcOk-soEA4FpA~j-$j+TD>SJ9|~y;;3kb@Ay@S`(om$lK_Bn^e3(Qph%8J|3TX
zod|ikn->MxG@z{0;Y{UB<Ty}@Y<E-)#=kcL-<aXY2*?ul-@g2JNpl-o`qT70Uiwbr
z!Rpw(8NC$RE=DOm(o|o|ZC+!tc1zu-9%6dE4t9A9Yf}A6HR6FI!s##uD>9poq}#z2
z%HgC|UVVxJBmqWhDX!6nt4IZ60l2CWY)7dK>5T8%-VK>0b`%pH`{?jww)t0dZqsa2
z#2RvhE3pm*u(*;8K0!FA6oc6YD6&X1WZf-#rmV<ij^qaJsaEnDDPUPWx2%s{%@>KY
z7>!xb1}P(n&PIFvMgcvy<vXOWl7U8!<=!~||AY0Ezh@$B_@KLJWuPNgYBZJWqp4QP
zaMT(TmPs_GWN`<4RdJ)!rF9BbJbS-2NI4COldklgh|W7-Bd^LU{L(tJRx`W+sXr}R
z&Fz=jLbeM8fsNj`+dkXAmznPXrNu#0oiFcD`{5&^QQZT7q$=HvE$Nr67HuIVIwzUj
z#^4_9L6BbWV2YjQxH4DkTpW(0ww`X+86~nHlUGO2^Ke{_Ko4WD9P$I3Za3*ZH!Z#D
zRirp^?e_4PzNA21cE#K}<Aa#j%Ce|C;9$&T2+H3B{r0G79Os9pef8g&=<m~K%7bH|
zXEYi&5p3gG({pJSgNK^7YFVr96kq#;3_WKV`<!Xj&@V%Z5rjoC)d04u!dq>K+AWDx
zGofIcjp^p7Uyr9$(VfHzBn0*AO$_nSH((-dXO(c`R;sGnn<MrUp_oW|c;Y-e;yKy0
z;Gqshh)GQ@{NkF(c+$AcPNSOrZz|KyQQ}R;l#KlIose(jPenY)uFj&wYKX!t?{(Q}
zq<YV-t*^O%jJuo~6K|{GWRBl_Z+M?B`u}-jvQTbiAf1^;(sVLwmVC?CC1t~67H1X{
zlU1QJE>+EAWy0uCQ*#G$&jtyI9d|D2XWAg=8~_mHvn@j0R0XV?3P}HZ<GA|bU?2kf
zC7bef84VO=7$NglA(&8^dr(O0tHd^}>x}C4Qhh%!wm?SN9)BYCRA<wyZF-fXG*i2U
zCu)2XbgnY|ZYrO$)#;?4hO*jF9j$&c`Nh-mBWw@^H36SOcPaBm6zSUNtHw3du+WXH
zBV|!p5*|cUX?QRjDwl)rm8Y{O907N>Y3X!BBHD0I2$MhPhc!`I?%oDIz2{hp?}<Ny
z{=TL8D-`j9ek;SItJfg?VK#d-tEO-rAt@xg<<aJ`Jbl)YX8cWBf_K86c1VHu;;4x6
z)KFT!eUbGF$ryZ31rm21!0++}6_gjv9XIJk=EbP@i&jK?97zpxQ#}?StPBLw`c5AD
zB(5f4!NB<i4^#Cgk3$yb4rLv|B)es!Bv}kO3xV8nA0+<j71`;baHzX+jCA}cIX;kT
zDMGw}`$;>n-71%UyuiId+=ee|)-o!J0&gi_+q8rt>54N70J|FR3|ww!1{QYG*4qYg
zump{+ztI+Zvrl@tNhAH{BnhY|bN~0K|E2tUc>i`ojDFhZ?+>+p&2~>0-}dM~1eUr3
z(@=^`IT<s@)RS^#0qqzMOd;!i;JA>EE+B4R%>q8+^_%r!5DMjEG_$IL7eV5*`5Ikc
zd!QdB!vYysJ&X$LR<gpf&6jM3%MO@{)$j8Km?edWN)6IZX}49}XXHMLQo^1!*4I_@
zcwrJqdxrD6L}0rATo^5bnHVD|984Rj-BGZmRnc8>;J}3pNg~e+KdI{O$zx<oQYljl
zEIc0g$p7B>B-<l#PsROL!^fXC=ihy=oS@%C_2pTKje4xt)sjj@n_G4=k1=|kt2o}2
z^)Q!9+svy^Wg^{+TpHK-D2t2h<W;B22_*d4J*Fq#x6J#cWjlRvac>6UK+hHPZk~<2
zQf7XDM%)d8x+@lIFe9>8+*y1aDyd14;_=KdsWMv6PeFyQQjBlBGD}<+$s!M4lP0e5
zvD7fB6U?h9!|qo+P*)6LxUjKKKgQgTAAC&<qo6h!WJ<nV3rrRH2^6W&j7?Ego!hX*
zn)g48&olJ?`klDj_-r6v%<rt113u=(;`ZZzr;z{ob{51>&xiloKG%W0kDYP^vfh=e
zyo%bX`EaLwq7{+o+5`gZSk;d-I!9Xu``Q+t+s=(XQFh<-O#-+gA?EAQ@!4!>GvXKy
z8MI`TQXNicO71`nGF~b3P_hI%;VF%J0DVNcD!!5f#(M7q%4<!zsZl3a*emq6nex!V
zMi_?CgZL$^)R>LZuqjA$tzAFy#^sju$f1g5##+2p-6KQoiJ~E`%pxm1T=2`o8#5fd
zjD{1`zxxFLX(0&|+^);O4EnjdH}A6cB{*Zxh#Qf*dB_3$9t?!Wk8baqT>`9}_Y*U6
zv5VRTpP8-0kq8#uAv}KiUguq9;p&{x!(o}x#4N>FuK74&kTe*Ry9o#f%;SZUH_>&-
zx|1%<xB0;Q)XR~kx<X0aHILG-X6=TXOw6C}1tS$ITHlOBhWzR@20K1mFXV940M`Ho
zf@6J{mBQ(j5uYfkc1d41P@FBsv<$C%kY)qJ_6E}NhiQx9OBb3OMdaH*Y|Po%jMa@p
z!JX^@B%iQsT<5M=cY1(WU!A$)XDg_Z07XNzA?cG`^w5t<kV6O3&w&3Gez*CN9^tI9
zI<7i~LY6WgQZMI~9=PIC2?mfkS;0li4N1-u4~g9s0lNd{;Wo;(&mVt?QQnN`a)>+v
z0y{M1dDcE~JDw5GZ1lfGhzKc$YF4ww-+6{PT1#KxC83^P)dLFB-P6*WCp-idR$Se2
z6nt9~AN;LCX5-q6R6;0*_FtDrvl?6vj~iK57;rNpfmQ|SthW5ajAqQ!^jHudX`<>i
zTydx($Opi@&EChL-wB#qmRwHs|4NJJB%nvTo=v|FGR45}H}U+9VtaBmodHts(P1ID
z(fvj_V^wicIMjvH%48G3%0X@uj_DddC<eW36E@obUmMwTgni7pnF;Z%D24G&`;sH}
z9Ftus#IUT}K#wnWT(NojC|-pqZft@zyM8i?3S08$dW^fV3F3G~j#kd+?+q03(SCTe
zReTzu>T&HF@|4bpi#Jw)v95C&)d#K+9fw@@ZL#>M22FO3>?$4cD6;7y0d{P~JxOZp
zl*k&@^_a5xJ+|<1c?()Ew|V5tZs*u%?Aw?Bl`gh>kRG$02vDkflOW&Em=N^=*7&v9
zq{zX2>y*;br8tXOGt>p`XeiT$`dp*b#6MLH_wrC=jWXc+39?y0A40b-9*oDBkX!RG
zHLG^h(rWaWHdqdoe$QvZrQ)f|rkZIC^w;aK)}s0V|01^e2IF)zb<$FNWFq%i!J-bh
zU7LdZS+W8p(}ZRP4jrcEp~ebk;CcBZ$xWU%ym=)Y!2$X~T|q!INI&>y4(V@Ik!IQC
z{2rqEpOEnf!JOmxm*ljQdcB@NJ+r{MM(5&IlYr84ERdDxCTmz}e-TX@S-*YOT?RYS
zFr4#$Kh=|~x>0uNs%P{`O@Q6i;m=Vu#CNF1&cEnd1j2!Go-A@eXUK{WYduE;bY#Am
z6{X$#q+^2gYEomFHgvl4NN6?S`gv=^W5hM>^hn<f_^cVJ?YZ#P!#D$CA11msYW&FB
zJm;y%BqDt_Q(+ks$};U-Dw`DV;Fwq?r0N*WW4BWtdjRA&fugM8T=2`*3^BFU#!o`F
z`af)aQ<P?HvUJ((t}ffQZQHhO+qP|Vmu=g&ZJU36^Us|5&Y8K|cYD3-&HZFV<`Wqy
z%|-r@$zA!E^4pH9j+^HH*G_-KI8`*DC+L#in4CM?m*FoglTYLCwZ(A+wyEEpS3lw)
zt3`F^e6b}<McHS%tjYj>n}Nb#<A<$EAJIx73$KOY9qMUOCe3sUz^4y^qMN0Q;&I5p
zExQ1q8Y_&v-v;!+ClRxTnUTx<%1;N7EbKC3`Ma`Wv#EjH<!QGG)A)%LS*PC5=R~Z|
z(dynDlbxhJ5f~tJC!2$OizEv-i+T&pMOvPyu79RMD;y=&hm!xal(GQM%PnES3_jlr
zrM;5xF*5^$69GH2m4n0RDafwIkRStoH;-ycHc2l3Pe@sT91x#(9IBw;S6Nx!#}|kC
zG8%2NEDqhHyI1jLQ!>&SMFPE?mAuR`^_E%CPm?k?mJ=TtPT21T_>{UD<7KgwGkRf?
z77eWi<2~pA<6G6br9jqrLsf9AGa<FfQ^T=ptaP$Y!mLAb$_s!rPo4%YGS#-4xL(&G
zb%lwW+6O`lAf3MxrYFB$G3iUje2hvL@6aOJ#q2Ne!hz05Wlnhj`N|ae$(oA1lL^u}
zdT6vESW3vXXCtJ#k$g_@hO)r&1-gHE0mQW8$sVR0j8?RVSI<_0A;F`r<jIkZ2(LXa
zW_)75c^*t-W3{|={xv4^235u3@_#9<UqN)YgR~Z6=l#6V&c~Wd$Q75vhg?qd(G`Rw
z0WB#UnL#&oyX<0;OIpwl65FZcsA*?8bpe&M;)4Z6*rHy8+IJd|GLC#2vf!!SEkJxo
z7A%~r2$StN0FHae*d`6-&$6fTmY-()l`elNB?YV}HQ;kSME@r`ky+_6VoJNr%l;T*
zPq)|L-EWsZl1mBYD2H!^Ycrm-2%Pw3opqRM_Smw|7jte}iewJi0xfl&aB=B%&}d7&
z-k?;}JCaWxjQ<I);0mp#2=rr~Zl1x&bRl;Pp&?bQ@NBYOLr22PF&<%gZtay2@WA2k
zJ;eVHrwJk5O5c-qIGjg%JCxjEUB{d7fih-h=lg&)F${++aAUiHkrktJ{aAVhq>ApQ
zk)F-qAV^Ext>x0N<cjDKU|t1W`}VHI>|>Lf9OVHMx7$BrMOjt*Z#6c*)me4|e(nPm
zhSx%tO!eBqlrfK=Oc1@x`ttf)Gtv_0s1<d_hjqb3%nmS;Td!=)Z+{rRKvrP`2%nnm
zx{u6{RqH5O;AYYNhAqch>f_ez$|P3z%VGpMtS{8d=U5TV<*M!%p@$f&P06b?6@lke
zxHuZgF`GC~r3L9!l)A>Rbmtnj9u8FXQ+gy?!;b?3c(?EQKyFa~UX=Ya&tWowNaO9~
zus)sI-V7SMo^;?q`qX<J$z}A$jin3#Bl|6jw_-Z@;QkKH#wx$oHMkl=OfByt%==-+
zx@(P#Ln{n(R4d`rak{9<BR8d4x;E>!g$V7YrNyqUt37o3ma{9}D${H2tYD2&n1#v0
z-P{s_#+TXn!n=l9q#99GH2RhxUZ{lT9Ut_JB)Mi25rI4qiciPuw_Hdu=(jf^r5Ybn
zx+WL06}VxXNw8=?n1(KiH#zg{HG!@%XXR06WOG!$urjgye%rocR_bb-KGX+c^jOR?
zK1Ep1lCGX>Btl-xRv3;|K;9;Gz5fKZL?lTitcdvMCct>4VPc>K5Ih6*+67K+--O*=
z5MU>R^T9koZ(-MxT$^n=M?mwUMd^E%ot-IwfO$kkOe}Wg+KcK%AdD>~IdZs0Q_Rqr
z!J{wel-`1#{E7jqWi<~^wyIe`q7V4*7aRXXlxl4V&oQ<fWNweU-Rq%c%4c{D9IdMT
zXg=n;h<ABYR<NJk{tBT7Rnmv*{^-Ntk<lmGs&5xvBT^<Sv}~Ba937W38(<3QtuR%)
z4HH7}3NVNBx!BI#7W|M*gy6^dbJ**PGKEB~hlZ7)>gAN;jv#dN=|nvEl%O-Mb}v*Z
zW9D{9rDIK;S|1pbGt4wOZ2O%S?n==5d!HTIvCO)LZNd#&qz~{KX&JFDtPHaqs^Zz@
zi?m=(O(ItZInx=-!h$;fNd38Z>r}5$iZ=O*svga~{KNlUTadGQ{$I@e{<3%>WLDcr
z+n?_P4x9yP*zf#om4E9-k82|?TYYSeGHVMiuc7I#nAF}A^a`n~+oM0D(Vl8fSgb6e
zGl)R%M!M-OmZ=hpJ76v#>wjk%x{w<6s0Z{ZK7NMDbjr=U-?>)phMla#75clX%%Ho*
z09HZ~^rw2iMuP#JvCg-csj*5~u<R+<=wfXI`cQ~o8T_<G83I5pG#I5X`6g%3rFn7=
zBw^>~?=oJTH(L&el{C@_;EJs}D&xjuPFFTy#PL)6noq?UGy;gK3eC(9`_j@2>r=(x
zB_)E}&*azBu-nX&>mIa-Ot3lrVh+n$@;R~p$s9oa?raGHayX9=cNn37zmVa%y|*Se
zJnW7dVS(hIDO}+3tuTO!O6jEf*x1EZ!UiC!f6OZer0d=1ftLAMb`Rr`r6ZUO02d*f
z6dp7Zm(^k~g~E9*@6W<KQDF_nrC7o(H?{jA53ci0gX0T;i`UlhewZd&_Wab!45lKz
z8CZiI`CfEgtzW94%;7e;AEeP|8dLL*yB#{=j#cp{cbF1iE)uqZa9965I?xP-Q#3ZJ
zgNbVM!VphIuO!UCE+ICeUN8()phAC^R<y1S5fDvS)}KVIUV)vGd96RiM7`JB`rTzo
z&}#{+#!PfHD<f`QWyo0_!AB&<p_QbarJ2r2Uk(*9kokzV_E{>Sof+Og9DC~%=*}^-
zbzSx_{7?QN0K)Ba$GwC2eg6x7N5kXg_Ix{+qNJ8hE)GJ&c9gfHA<aX&UhlyCe#db2
z=U#f$S17Iws0RtIUP35Icm@jmn`DrldX>uY14?P5IgE?!-3r1h=oJg)5gb?RE+kiV
zpHf8EtPLk^`rj&9S=gDN!YYk7JF7)Ix9QPFD!FffrvswMm<;$K%5L7DChs$EMy^xp
zl4}x$1;-j}0%w<vep8a%`$b_#A!^H+n+_?h*PT0<@{v^F<69`;H)WUIfax4~V>?Fo
z$@Rn9l*olCZB9&BjqEFI<Ncpv;&WHfJ4W0C7@8LEABZb`Oa<BF<SnH4Q~~8?tEX-C
zajf>iMidoDWf-=KCCCSHlVmZ_=DMm3r*e8MLW5#OEmS9k?^)xtj~tm-s=Jdb#M%X!
zFA9*Y=ed6kbOZ>m@BMEVrtdS@txjM|?wxudvOYCv6<)krz&tq=vV&m#E%g$gFoH&i
z_2;8JmQ5<@4iDo}prAEeiC>7abj2sFJg~-qC~TjTTi~}QLR}u!$dgwymTg_@s#6n2
zGd8gUS4V<LZTNsmTGbsi<r967CH=Ku_+-{Gz>vqaRd7m@4;CENqCT9|%9C14gWGX4
z6F|mJr?3Gx?KBv&2*!EO%5rQlu3;3Lg&iyjc3M+2b}AAoKQ8<un0D+}3}>a);B&*`
zXXNi?JJ}okW$c)Ix=+Q%il|&*Vii603^_5M9NmrXJWEqOJt!Idvq5Bo2JVr%Vs13v
zrBX|4zcP5i;AHaD*5~}L_>EVaA!ADu^)0GVCGGLJ06K$E<j?^<dYL=9l&~tjGlHOG
zQL4C^>nD1z-ca0r<<nT|q2j*HXMG*0Ol>qEhw2BZfTW&_=>M!kS#hr`FWP#WHr{$>
z$}(eqEWl^q(Z+S1pAYrvoUi}lZkT%^-YE^)Bhy8c<vvCk_!43$^0smCWdd_57yz5m
z^TR`?tY1&<(D1`^$RtM`Cd%;V(2Y()sL#|;HFql0cT|fSe8*GBD3zLUQ8a@i))c$T
zC2L{oD^DpyBUf{SG*=$<tV626{^jqVS-{{Wd;(a9EJC_cKmz7@(*ja5J(dKt&V*oF
zpYp_nw$B%HW#={`>gGtM|DGwOg2kJH0o?in&q(xnbDsfGw>zh^)(*i(xRmRo!e`IZ
z;g3jv!w$?~@yw}F&YO(cc`Dxqp6eu~0$WK<4!c@G;W%)`X&vPcH=5WOlqDdkIX_No
zc1Qu1`u>Mqn0bF{z8fAd6XX4wu}*!|r~toX3-upL@Z$@Zzs?1n4GW0p7q%j?{_M|$
z78-!K$Gd^CA9`48P>;|G-BmZE=s=b}KLHvbJrh;QRlRFz&nnEg`v^#$v`J1~U}An>
zjKhgn?)?XwCjs+2bD0cO$?ULm>`bxD6wd(b>hRKdj;hcQc9IFlwL%@wto{W&FCF1m
zjx7#|_Y1z8geJO(R+k=GI(*R@A1VK*RI$HgL@%#wa=7?`tF*YX!5WOj1lP>{TIONV
zhtb;!Wu100p(?{U5v@Rx33G%=XGvYo-nV>dh>iKqsZp+BYkhw0$Bj6^W@TvHbEn}A
zV@F6Hi6>^WTCBAkl7Q7H98gz>6d04)xHiVtr)F9EL}Yal{TS1ztDKH|9qVhygt-y}
zUOn23k{j0R$-wbVaB}(%{zhe{WcuASxo*X<d!aA%NUO3<s_Z_}8d9~G@k|UYp>tvy
z(Bf}O3s*b|pZwp`ilebb>(62|h{R-XVtQqyj12~@akDPdymWNPZ#eJBVO>>5i@6s^
z09x^lc9#m(MUXFVx@Lb8tYxeGvC%utrUeGv{tG{31xkQO1pUa?C*yHA+_aq$LJ7Q^
z<RV#jJJOP!I)JJ(+R1(2u6h7FP?N(OQ8Fzy(xSV`MCH>3_{g3A3EP00(az{RL0eW4
zuNyf~^xM1Nl7(fi*f$>Q9$4^F^D065k#PN63-KD1U8-J{Ftcm&{cE2OHu*DHO8{7U
zC!QE1ep{|v=F+IejbK%=PE$aZ3RrCZI7D)WZM1Xify>Svp8&5h&`Wim!Fh<07TATx
za9SOis8JZYV?rUO&yOWQH9G4aEXuom{gHgUmNqID41C~_G>?uMNAZ5l{PDXxRRwL>
zJ%Ld4&(NwwnqJ`vbmRFxXh|dSOWTNPrG$lMNIOVyIqbRr$Q=@@XhOYMYU@2)Os`B4
z9W!l7`c~>9E6z<kbXLg;x`u;+wzIHQ!EwY31&g|$O;;Z*&FG2Lb5z!e{82Bo9kggY
z!xMEUXyJ!fuGgR}=Chv4U&VN(t^>h;V4*FDG%*n6!Mst>0PDKzp485)#MMvi>+Z2W
zs-{ik=Ltg#N`&DMPh{lbMDb|vZ4)ZLJ}X7gF@FDF;Nu~R#<SgFGxj6Aw9dpFN6pn#
z!wn#7P+Ae<rs}i#%8jv*OnsY#6OAMqOg2BR8n+t-uf@7vtuwE|EEJDg{QG52A{`S)
zJQ9>V(I^(zIar~wI-9}@K3JzU5d2as^K_nzGN(9}1A)1he4F@I0Tn785qQ+nykq#s
z&`f@hVw}s<KSonIk-zEdvM*La5j>!DENX>Y)BOY%j8Pdqnl6IRv!lgcl5X)H-U1Zx
zF44vHP@NAutBw@eST8Lk_{7ea(S{|k;0Yhz8$%b{sX-yWaJ{SSCk=ZfiB-LRCrnx3
z?Z1fyElf5$)HnnYm}u(iz3(XFAsgD8|1m&5i9I>M1OJ0USjJ$mDU$x%n@wf+qZ7@#
z^+Y+7<-w+d)f}#<yy;@T^vxFVuX$_$T$KO9)wdyXm;K?-4?^7g3iroEUZXd+ypIe1
z;RmbvaZS<pw)w<DdaITu+fl8I`v8C-&%6y#{~|n*yUI#>M;ZZ=JSTSLa8ksp-+hh}
zVoPkFH#!cz=FfPN{^-C^0j;%hx`8)kYfoJ6ifm#j-;_2)-x^g0Gq4Huz8~B3M8)ns
zrw&zLh&TPjYV=GJ9L^E(g=ycP1662X_A7A$MiXk8FAM{Gt@OF}xNU?kbw*>=7h#XU
zcDtTfBeV5Xw$01ucSw-8E}Mu6eF~yp5+6*wL6ZEed-3?fvJ74l`~zFWI8oLI5fs$?
zPI`h04Dp$C;(gv~Ej3x+70M|}B`bNls8OcpEX(IeK&+aaNr5c7zpd6<EPgf%ZQ(N<
z_ZB#@@~ZHNK)i%@gKCoC^i0gGP*!ulUq?GsI&B<_sUdN$2H6p3J${U3!U$@yo91j$
zOxAVtl&2!AlR1OuegV#ql8}?`=VcX}6*v217vgL4_|9u_4`!m~-!;<z>`eKEc3W|1
z?0n|9ABFW2EMDJb2KlW5y1#Ab1ThI^#dz+6k-h48JqXAd>a7@3tQg^t0*Dp?Er7lj
zW#j|&L;=T%JSjt{BJuprNwrq3#f$DZDPU#L{rTj-Mgp!(RX{6|&o+=%*d9u2lEqsa
zILa3JEYHP7oMfE(49fSbQQGv^d7mA9GDMwlF)|5##ac@8T}g1K5MNm9LpcSMzzd<2
zcHzJi!$pgl?sS52T`&GcKO^=Ftj&6yXhhZb5ZmFm{cH9xILR25sd3T|rb#^<Cu{mW
zZ*o~vr(4#wh4#EZ+3T*((jm%stfwUIe>hl63zPcnAQ$dQW@wvGaozH@D~LeN-F?X$
zoTA7lqJXUx?Jib``D+h%$$dsdVccakPUw)jW(k~O_$%JqNRRrroY!Y}1KOzI2aC8d
z3>4ZdM<X)Lr<c%`$QDFQ!y@~a&lK@D7M3{O49CliRYRv(Z|<{$^LCLxl5RyAfNZ4h
zOGUUeD;b}!LwJIpnm-&<!!eB}+$@6`Ffm<z4S3H`dd=w~@>BmuBk8Yj9plFGINk!g
zy_U;J(H6dADs4WfT)}H-Xza-4d|umrf*uXL{S+WTZ@>V@SjJoKS%4tpCnq;WSJUBl
zvgb%E4^(0MpiT(-t@kHfC5WF7E~;DXR?v4vF-da1y6y8ZV+4~CXN>$%1Llb%#OPh7
zcmX0q?`LuHVu7%ep=bsa4{baS(uJFoAFXJBC_S=NkiqNxTogaD+(`n>3$b(LM2(_z
zo=FrB1G60G{ve=$Tuy_w)hn&BFfN5gn&-!B;;X9pcU)HKq&(VZ5AfZ}+F&ZYp|9d7
zS$8Y35?1!8q9^KBvvu5e&F7MnaZ&f}ETagymL-^TX}47`75cdwEKL)i2fN)@Rq5Iz
z3*zMViw)4{z_MW3L><GIuHB);QZ^qq`=Q|k6%RpD1g1bs)^CmjY3QoAt`r#}Ba?M|
zNlL6TU1PgYu%7|eXRnjjdObGpdK`oDEddzY03Kpre#6`ChiLsJf@%w%g#C|(`(I71
zL)_~SpL>*@0GxMQSH@1J=lUr(dDpoNZ=TEnVj!Mn4Lv*?5L3K34Db_;obP3CF-E@S
zC2<v^e4k?0LTV&^(?;fgq!e+Zpe#EgZHRY<>HA@#`Pv6!T0?X7I3^L?Oi9}O=^3Yv
z`59s&f)WN9>Fyk<dxqnLiukZ?Wh<15tQ8zG<X7Ty19)k^x}?hYYLWA{{0`k*0JniO
z7(ltZZz{}KxO+*!8OyM;ER6DAm5SOL-?tf-L;e+<>SzyY;`1bdjGRDHw@I7~N<~;l
zS#Ctx`^IgOMpgyIhQ)Om+8@Z91Zix*QAoy`@rs7deF|wEPmBsT80Pt89d2^ODOu%o
ztlPiEGL-artL9|_1jB6Dx}mtlHmM`hPsY0ym++h4r|5nOh77H;umv#x=J#VR$hR<{
zS%|101h*Mi`fQ*c6&3yy{qbo{Wl4!T;CGCUupP(fF;mBh%W<{t(3kQa<HM85?M2?c
zm*s=~`3j5^|L504)x)>pFxC|);@vsdcRdEI1O8u`l)tYRKok7!SodrlQB3DELLW=#
z%TwQy&qiIJ%GaGq&{@@&YV&1l7o5i0I_tDB*PMx*ka?)QV61xZXs&t7LJ{<xJ^h<?
zSm799a)mEZoj=NmKLdc1IJ2xZTF{qLw!o|W(%wp$^rEE##-9TzRT#~4a05?av)QoJ
zd8_!0#jNDnUrhT!z)P{6CIy60`{Y1z3GiILWGaxc$#l`QiEZNogZh80FcDlTC#~Kw
zmkaY4wJPclKK5T20+t9zD#H2+yuwmSyEd_o@~9LB<FGB0u1itp)7=uwMg{6ww9Aq{
z&{~U`npA9NOitL@OT8NzrO_P3D^DF)$0|+Kj*(kr6Dat7Lo0vNj7O-QRoTiO!ZH)J
z%H=Y@a*#pgQ#<V|6>I-V)D9{pw=!(yhv2{-kAsT0E~|xJ?X`vbo@f&AWA~i;wpu?A
z@jHL26&trfkGLCO$ctub1VL~*yiO$Hq2~PdcE|X(b(eI#v+3f><oe@7vAl(LP6fNC
zR^IYqeR2581Lyud!HqeYKh^U$QQ5!n2AJ0ur}hO<XUtx`I>BzA0rUme#vQeqmA9>_
z{Qzqx&F9N(hc2dto%8F@m)LW5%6pF9S+-{b-z}EagtS*}E?)F4Wu6LiTuS6mev6f&
zG|Ln=N{Evc@<akPTk@e^oS%y&1+{bHsuR24civ=mgZlQRW>G{Y3`X^cS%@<b9`q?n
z&?5AUv|^=#=+tTb)7HauDbADeVBZ`1vQWTpyoQI8uP;V{JvO;T2X$|(#!@%~d{w{&
z)6OBMgSTFyIgy>sC@o2E*S0COv;BS9GW}<Q&v~cum{EoUH80iR<D<&I5r{>MRzay#
z_m80<w}d&i1`hKfb3~)jwLC^$J?bjP66acT$wG?J#7(Aq^8U>el3fHB*na$wu+OU|
zFcs%mdSJOHX%i`Oh$%UDv)TYt1&!9#y5M%I)M6vTbWi>PaGTY}SbFqN`W!_fiNP@3
zCH0ANk>a|xP5aob98aDeDbFFIkbS7+?b6`G3?z2Jhc{Lro97hz7dJehNpTDtvHSL;
zk3HL&Ae6wR&dVm?D#i6xb_)L8Ws3_iUn{cu_w0(h!N1xbc9xp|TPOX`P9y^2c8Js4
zG!3O*HEM4!3=4vywSmEMY7>g<%hZSYbI#YqQjiJfN7;_r)GLrB;XB{+@ep^MC+hMe
z9}fzOERb$Zt|;z^pl<S}#6pQ5AGClnHho^QzolTCa-U(ZO_0)!@p!YW`9*<4Ei@H$
zi(<~j8=vB&flfAsb6+(9vcN#!ZXw7|I*x?w0es4kNdvwa@?yu)r?UG(H*d8|8cva#
zW7`-2{NHCDnpXR#KsEV+_A|0F*ECIpKoLT!WXt*VV@HL*kzq;aYgkp^fElh>CTl47
z7t`5)yRFDfREcm=A&1<hjiOUAVKwx7)f}oSvk@~5)}Csd{QxmXps3*T3TMG|cCHTJ
zPG%@}`4lwNsZv&7_N<QIk%Zb%#K$?y{yZ23W+#^6B*T%A-wneZEx)#IXJq&>6Efns
z$yA4JG@+%ii|{hb$Cq+~N}TS&5r9wMbIiyF9yIRlV^IY`8$hD<hPHz?<!avi7#0KT
za~;hCU*&pWaV;6J_Q1Jv^}4*a1(}8w$0$5rfaYAw!B+mcf|k=|gC1$H_v62mJD7fA
zAkAvNKtSPu=Px_!;ecr}*wBm|J5jF5J$+T~qR%8ck3l<YT@Mz#Jgn_IET3D~DoY(a
z>kd<BVTO;$i|?uMdvzw9cG~nZ5E~!YTY7`?vH?&L+(Goi`idt%o_-IsMxrTtlMBI_
zt|Q@1<b;DEkI@@KhQ_f~a+PvgEXYS9hl0I^bRSPq62}LIRV&od&RNbVd?(Ca#=<6G
zcYbo%K+n4LE#2r*%6xf0f!jo^Ao3q?j_S`2ph0St_@9=tP|mjfK$pzS(9I{+VHB{k
zz|nw08kWZ<SsK}H#b7V|g|oM+7Ex+3Hx_61g{TP(K^uu%+2uoZr3&<?rR$UJYHB&k
z;)bS+jg5s(0LM{CMwJqjvf6spR9)?kl4uX3FBw|5C|+uqH%pj~9o7*ztAAwP!phuA
z&VS0Wm!)A=w2rhJQm3a(4%u5?^V=p!9`NHBQTUW#Sasxiz8F2h#`wG&^g86+743w{
zv=g_#ap6FGy^v_5aX+)*RO0x;483P`qnlw^RFP(^zjgd21N&azQ1M?_2CFl~a>(_2
z54TJl{cQtf$%0>hpNShX%yXPJp?s*GoUqmLff3K!S6~~rlgl&s)N|&w(bQ}2b#(|A
zVf!a+7Y6t1Oiaj{br-|B^V!8tvc^?+N95HAA72u;ByJ7rULd28hhZ&N-Y-{i=<JsH
ze5oNt#oxOzseB1R%v^0F6O4JQnlxo<ypOs=)L|r$t#of<LK-1L>&ia;DQe>|bM9I%
zuFBX!@_f>V^eQ%^kY2;kA<qYAuHN0DKqtq7j<UH?7JdWXqs#XsP_O;dNuv%uzf#aI
zy$J1WbI*}n@OW+SbQPQlX@grgeuvVPHdR)nu9${HCX~vp9hV*&siftUQDPO0AEDaM
zb()vGoDQVN!#=zu6uz>_mrbMGMRCtS4hR%p=%c2`Nm-@g0Z2C?_;*_?2y$7>tME7m
zOD;oFM2jW#Xmi+2W(LJ<DYT>e!Cx&FpJ_NctQv=H-X|_7k=46Ms8^bC>&BW?Ez)dx
zI2ktxU)g|}qi(%I+nwb}P`A)(+UG>fY>{|ADq!Pu9z%awH}8hO1@U~;o%K>^Kcru0
zKY3R#(}v3JU3rZ4cz@ho0b4W*i)W84$J|I@mHhg?9KTNbFBdny1l1fM&wN-5!L_+L
z+_7~~fGw7^rRuNMpLbo?tJj-P-ng7cD?0cp*q$Ft+#H_oKUsn@xZR*%Wr8udKSykb
zuw0ZD!i0i+H>9?YRck^SR@wQDlKeFl$vzU%iFAGo4<aZecReniV}_$R2yYd>okZ1S
z2#%{6|7k-kQC!O+1!v_oXKj<VEt4eo(e%-u1x~qZFHKH*Xy7$}axsZp)NXZ0)q(D!
zJXN8|M);r+QhrVH7^)K~ik~y+snrZx_soUgOb&em)hN7S5cwKV!1Us8PnNndFi$i8
zNhNJX@%wy`%W?cMuE@<)ZoPMZ-IiZ|Y`tGyH1Tn6bQcT!v0rvDD$KR7=P{%FQIh+i
zf`#GXSB@Dk*6V=8lCh@4_S_cpQc?L3Y`Iie;v(?}q{s>;a)t3?0l$?{;Y1i(+~Ih`
z5&-&^xBJ<Zhxp;XQ3l97O^3Go$v`ci?bn+Q@}<v!(M}J%H}5l{_gB}+Hxj9Qt=j1A
zZEv_n_b9(+@NE+$`;+L4q<gR2U%?qtg^%9tZ6a*9eoxqU=p8Tq7hai(3i9lhi9_fi
z#Z#}~KkMu19D@N?nrWGP+7xxVNo>RLgJ-_$4*rXN-Eq!przXbB(Dl@Whg&mf4Vh~<
zP9>Oxb0^*QW&kDFVT!8+W$<rJK-)mX=CjJSzKf>sEo04h)bCif7OoQ(TbPw?msNdj
zn-87WH5k^36foyDpr04r#(V4VEb!{0-x~{s4EN!im8qh?t3?o0lmFUcx&H=f=N5n8
zEy?{OxAPx_*oN=9mG;(nxnu>atht|WU#~X6II-`IO&@m6-<wMU$7s52n$Nvcg5P$W
zdO(jv_PpWhIuBX(-7S~1roOP0U0NL;S_i?0=j~_g0ZFWggT@BbC@u~InfsDT%xRPD
zB8_R_BZa151>NEX$IhP#_$q$@$ap09B4Tu<jZ^$GWjO_}okj7fOeJ|t#CjNPiD{x7
zpKpE?i%)co&F+mm>rW1U;3^+CQBP6LYV4HCc|4U_%CB%3y*t&cYX}QlSubyTQMG9n
zwE_Ow_>r1W>Vjd-=ekE?1I4lz0gUrG4C@-)1Kzh%XX1zP<vl!U)z`f_OicEmhy!Sb
zF{OV}AT=>`_ZO*oQEe&ykITgGbw=2L-q|=5o!0@a8_}T$h-Qk!Il$ADK%#M=;BUHL
zBN^6^T`^GsMj0zK7A}hSB4^YD{<n|t>_ee#Qmm^DhZn3VG2^yL9Z6on+#d1aDlmzd
z#@R~rN%&5xiBZ)FE3F89E68a#QcCsiiV%VGXitv8s`vHg<E4Hsb)8jwHM#ESRSLr=
zNSAB&=rk=}5$#7Wd%7f+J%^MwTmC3E6pqO4%*<B(*v|K2uSo7{N5?M?K}~)u;oSW(
z)2Crg!97mW`Ae_CE9y+rA{xa%O7s>4uol|sWDf1%I{;UpQ`e;-CjgU%98gpaiy6h}
zf&(jX>H5;+m_|r-V@ZO%XYWP8-0fi1q2BB)g}mcN09!4m6PO@FYT@XTnI`QL>-Jjf
zn51+xSaUI>bzeE*TalXVbA{F{iK%>i1_S*a3}nh#MX(?d;a|1)?ywo3ZZO9*ek5TR
zo4#pjKl;jHK-{t=Y7Y|A7nN!_j&yFbwZH&jczfg<ZQK8Ed-{I~ri6TPHa%1@3_b5L
zQsqH(iTq!Y{1@TxX1Kj;S$tML4Hf*Ap!rhD#0BK~Gj{n^WA&G#DU6&tb_;|sX&xz|
znkmK*3lJakkrrhq(@+~jGO^|Ptmv5fR6Q`v8uOL8DpVr^)Nc=BV7WP!wMP2P`6O24
zfp{gn;rQU19Q*u9Sbk7KNkxI3MCl50ngo2i1J-MmR<l}q%&y*qf>)wxK~(rx6bHjQ
zX}H&)r;X7^+@WCE#R1A`W2Zz+7$%C>=`vqF?hQOwzKW-fFK_x7L`SqlmkwXOBdW!0
zoH}5BQS!1EGLg&`NIEGJlSn%vna!OI*l*hZCCwb$IavMgS?Ija<!yq`+w_Rrm&v=(
zgiDYG<klFVODHqj0D%Qg6=Zq>%o;mZnWneEz(%<(Jt!~>3>VU?uL@Pjd2!78AaObN
zX#RLPgJq|Qe}*n<79kvTZFo`hxz^O4c8;opNE?5giwk+2@weOVpFVt_Kq}&)H(KsH
zJF%!?Ss6A?3d&mvzZ^!e{hJ1~DVD9n`9&3KsQ8``3=IV+i*J@gbz^l75qsEL)KzOo
zfOmJCFuUsVsHu)EldhT=I!p=a3zeMX2;Lsq)RJ(4i6N?U=9tO*XDaK5BA#PxW+Eb=
z1BBWS6hWjD{|czr3b`HNh^a*ymeTR8ces627;E(#DBvIGg5W@TMKP>l08nLR(&*S=
zJ&?Aqrok}}nUDjP^7ShAL?Uk*eeVpiy92H;{S?25oZ|^NX2b1AiC)AoCt6UmN$Im^
zi;m7Sz$63?!T!si%nBs<{oPp!_~EP`Sz?L;`a3%!K+~?EsI`5#O3;XOIhkx3sausG
zF&p)gk~6{NfjCeCl|^G$BqyB*(pI{mp5>9evI^SI$NQremdx#$&6_F~=C(!&F;LFO
zkc~jX*Pvyb+pjjD2%q#=a33%e$A{Y~Zq?3h8Vbm~yVZuZ$o76~AMu&58*IGqGC+Ik
zz4HX9R?@rSabGtIvsHgbrq&A$xHF$I?neH~N-|z(#u7%ge>G`N`E{c;|2>R#TOHZX
zk}<ov|LrFQWG##*^1g%}&q~d}(l)D-W38fD2PRRno4au3vB5%pm&VhQRFsDS5XI5n
z<I<+5>l`J5bNS<&w=5IcTK|u6^S{-a-D1MI)aztFC_PNGgv9A;0lVRE+IPFdJ>@gD
zec`U-rTj@1la&=DePH(Xnp>tTRvgomx5$FjX{B6+<jVAF1F3SU55hfre&*RtsJ~@v
zRq!26haaAcXQ;dMl#1rzCdkE@*d@gOd<*x@0?syIn;IBNeqy5Ls{YYQl;3JDw(6PK
z@y_W-#e!Gb0~-jd>D>K;GG;e`6QNcOz}-V2+b|bSVhGvQ>TQ8gf+oNvgC07J4#o<R
z349K(Z9ze8j0wExV0y8>zRC$2Eh`2Jnk#<Z;(kJr8Ib&e-D2go8)%ok2&a;bOHtSj
zeK%Fy{mEzH2Mwq=x<JfI{S9hJNShw++yx2qHu^YHqT`?DQdb()6k**&=JAoi^RlXr
z6Fl}8(A~r6)=lMrZ+pUWFp;N!)Xv>sQ=1uI>x+g5dPke^?!Lv~ra+Bp!2JletAp`1
zQNLotus9km5rw301rom~#SI5ON20;mz=))AYw`D3dza}Ha3!T!HX>oUo?L7e>#`pd
zD}HOeNnSZ_zEyZ#tu&ZVJe;rgsXb&nK>6|KB9Mao^RXERu^r_}y}c*(Zob1y1a|CB
z*R4*&UX8xJ%)~>!jmbCfg&D_#f=D~vSmt!DXf!;@k0h(0N6rpBwGZ~kMq9B)S8LKA
z<>_$fLAEH5`%!NdRm?Gw1ZR4RTfK%P^$)*H#0*3sNI*ZTdsxnJvM#=KXu{z|ELxY8
za)Rxt^r_c<opy>OaYUu#fxv(oPowg(4~7njp>s3#HiZTwu<j9!24FY7uMUu8509Mg
zkBOiq<4_q4-WQ4IPJ)81ULZr#ZHkEQJJ(wRkF!1Sc)ULNxn6V*8@{b&Vi*;)({`m%
zEfmaX(|y3CZQjg4+&8wwAU{M+X$^W8NCJDFvPN00)iODk@qQyH!k_iKQG;(C)k$d8
z9!7T%UelXkKy^PqhiUAt+0t%x$&I600tX{M&T6Myv9sE;#BQdJ>ge9VTckwjc~I8D
z&}gwsOV)j%yWPxQ95Y#^hhr;ap!OipL5}~h0O)IUrnFscOB^<@z`4&iMDoha)Zw^j
zwsGKJw|YaoL_;LI;mJZE0R{2?{b9oi<j$}e{z|9co+jc4c&i5XYgnhNvFkNR{=NgZ
z$J%3zrUgTEhN{`(w%<cRG+7F{08khjZ$)ic!uN7OkaSjm?2uD>U%)p%f1k9IF-BT+
z*Qqe7>biE#(L(lc8eMkAq0Oqt#1VX>QOIOF$acR-8$Tn*M0$NI_L1vCqH$X+<qmvk
zg*3;Lxykl+%>~NMZvh#ewXYR^`IQ3V`5F|&LNA;Oz2rs%tm=IZDzlBIm!$a56kWel
zK<bLHfnAT<C9S>v$J&}(cD8cK<XAj};fANRNeYH{E12P1S|?+Hb(hIXbUF>Ol?Vd%
z<G6<}(YGtV<0B4^`pWXFC8WU0^=3$R2W}l0mx=-c?JO8Gx7JbP;?2oX#e`j*V_m02
zvW$p3`>2&TFny=1b@(AK@d1IBev6Xsc{fG>G^lm09!@$dT(_(;<FPyRmp4G;`))bn
z_8vNklh>?n)J&iKo|zPU=lLyO+u>~=zs@G~zs^R8An(&7rT{0m?@g3&GK$t;q3L!I
z0l3n;^+1mVw>eg74wkh!wv*b=@L4@xC52H0n{H6>M1tI`xBATx)fZq(w_gF9<cZU(
z%pryC=GiLKq5|>okqfF&Q<$)xMaaTDnCd1lV?q`~Ten01TFB^BH-adq+$N?zw0}9`
zgv9QIQg!cd5KaSDTi5=9Ku@R&lX_I7vFvu?=@>a^28YABVO1}@UDbbsvQ1O1s|yYO
z&SyCLZYYqe-ztrl{6*GurN7%^FxWgsi!<Gbqv31k$x(s$C<`-W>RW+2<Vl*6^ljX$
zH%AM$94Q*K5<UbaLTVxBvRW0Ns%Y<Wy~KXlZ#vFo9fi=Rz8{!&wx60x<(Yu^L^HQ{
zWwrdnS4VS#U0?6=wbvK1dFh28)zo3eXMZgbKb9r*r5|H<DA@CQRHuFZ1@))<a^$v;
z^VBlS-1LHjpX7oF%uKAG@m4L!1={HEv&Z$;^DOZb*T)+hHZ5UuZ*1TuWLV=w?CL7;
z{XM+%^J;<tjNe-I@1+Mn@0y*&{wF;A+c${a7wjm_*TujYuI5QA>nL5T|43`rSb!aI
zIaLO(b<q}h`|&4H9Vq6Kq#BWk?8j$P+?FFI99KvBeUv;4D$*tQ*20~rw7B|ZQfkH6
zLDZ>IZkp??m(uqHTr5uSQ3hXGg{?qZ3!_~aa}V1`iS1-01C07DR^~@PMmAcArv$D>
z{Z3phVpE#)s2}hBxu!hc6am5um5-N}pleJ=&jOd;C0DxOz)%3+Lonhyq6)WBbeIBz
z0#vFt2)fV*?{yx<tJhlz-c9M5yC!34-KM64zCCL#Jq<oF(NMGEp_oc9JboHxSB{Ah
zxZ$aE)<z#2(4TzU$0!?c7c6MGuY4Qw84V!;ff}LD%^v9wp)m|+@{Sy0tv9e?0GgRV
zJzvpe)G@nwc`Iy8^f8uO7xpxJ2Bs1nKSOY_p@6!e7D!aBouuXJ5#X=ipz*l@xEw6(
zO>nn@oQ|{KZGyDoB)KuZ#TOmsRz_de_E&yKWgokF3w!wzRRn&;#Zlq#-<ir56zJ$z
z&V8(hkS{&iU%0Z3hVT1y<k@9l!`=X;yVt$;-f8RWhc=X0l(4ln4UU2oAHk6q_pvoH
z!-c+g@lu<a_jEy)tXjamwah_-R7f%h$b*Ri8F_2q?`<&aamKt6LKs{a%sXzZOLcSV
z&gV2}YS}@MA9Y!0sOfkuU0|m!kZLS7DNzVi=~L1sMeiv!eVsB!U!$zE#E<-#nsp1?
z`?_<TglMy808;ELgSGq$*xzV(O;Zt&x-Pms2hsd_T-DxzK$etYxd!m<L|d~l3SLv5
zYYa5noI};NK^d1&i8raWTCf=nB_k9>cNE1qA~$7-p5M?8B%Z86Zik$3h1mqzVf(#g
zrPg9PXlPFpIv6qz&wbozoTZ(|YAza3Bt$caKw~}QLb4X{xzzIL0#vPO4}tkQiREFz
z9SqxMJ|N1G7-eOnV-7ao<Eh==Rj)qi)&G|t?ns^MU`ld>X*E0bRA5QSxk<crk=nmt
zqCE}*Mkq}LeaC<slV>)TT=E+_+VLQ^UjxtbH^<MoB2rK#OJ(%=!j|Y0d~s0bG`CAU
zVI%LCX5;>73SZ7WJS%%4`rs|szGis(MBqTxVaNClgtGG{@2R@-(DCVKjDc+r<N>l-
z=e5_y;Tts``Ix}h$iuD36kz17vll3Y8(+kWy&%fj+pZN>YZ$KtdKE@BFycDMlz5!X
zpBGE8mTX7dfgaU+L3M|}el7?O`mAvi`A(o9R6Kx!8tlB^^Yd`0>4JPOB>;skkb8FN
zJ->Jh+s5FjJ;!08mC{mK?FA^Wne_!Sc~4^bm_4hpfbQiSINZCNAz-h)(BJ{j`=#2P
zs=Tg{qsr<FhWt54?2*VlBU?3err3D8t}vfHl(6{-Q{t<^WQ)8Rb<xV~V;MDKHqJwd
zUe0nGbS*!Ix#P+^)D=EPoN&K0chq3l9tG4kWioEF*H`k^urd3^UITvggG3(~y#(IY
ze)ZKnE_5<y(Z6MRvg1iyhN?hK5FTJ$xUf}w3Unv#TbI5-@<jI(F$}#}6G^S8(>z*d
ze-M=_UmO2(N}W-a_f3@&6B(1ZYa2BVC-w-lkm2r+&cEV_1SAvUyV;+m(C$B3&hn%}
zFa!J|zUW$92yV_r%A$t&kCVnp57caZ@>*&UU+L1SoQK-2pG;&j+P;{E<cW5*58Lv7
zS<1=NxQSUj&LLrQ>;X8mz@K+EgL=)DT@G2VA0rMy9YW4$W3L_p&xn|8K4WLcT1?KS
zu~=&Mt5mIM3bd0(`m)s;wPu8E*!Y&+X~&^wG;b4A9hl4R)3#fF6UTcA)ouz|OGMM2
zaf#N&HuHr^(2kO^DjpK5Wj<<={Tk3lR;1>kXd+KVHL!Y@q7rcX?Fv&hVvFs1f+EY-
zc#F-3`+5Y#vRQi@=L=)%jk>i4>vo}ZsZ7j(3bs-+SBf&WfXjWa@gVZn!JX`!?Nr1`
z`Ni>T&y<zD`3&8AJ!<aVab~6&0d8{wt|WO%JV(VANxPzk>>xvZs>gLxM8a--z);t7
zg#RE6BT@{_&hu1n+53tKY)XbC{gK>m<IhQ%Md%hAYl)MMh@g-aDMO>!KJ;?<rFUiF
zWV7|AMtQP6j)4K1omwW>#baQSW=!iCo`?8+Uner`56==&Npr4lbN@d+qt3}w@U5qR
z1{Q{GGFg8`8Cz!N)|H&1{10vGR=~{#r&=$$JB%@%Jez_|2<L*0W?sRrzkG7vL@0RZ
z^YwcE4Ib!QnEnk`u7n`ZpN3!R#b>CqJw!G|Tj6Z2fddV3jr!K$j5^S020SShAtig1
zRm;%ECSm+x#99{x40rAD$3WbpYM!79L;MghkGkjuH~HJ*8y$Om-rSqFQOWXmrciYu
z<7pRKENFzY8+AN(CDt)l#0?k-s=iFaPUqc$)W!qOYwjl^3p^0MIMj_YsLwY{2g(*n
z6xZ)WSdFYhI~X40o|FLH$k1TVfq=&M5}y9uq?ClHGYs`SXJBU%RA5|uB1>>DDWg^m
z!!8Xc<Le1W4k?e?fen6R{MfZmFT>(XPR4r7<M+CWpu!ZTo)fLReU|Yfj942ZEii}4
z=BXsliQ;z@4Z5U`2H;&!F1=}Z)dNe`d?++8yN2L%&8}%kQ9i2x>5~rB&SO>~9rGO&
z3U2UpunaxKolT8>p?r6m_JM1xj@}ja=+-2>6dfq}T7vw#TZw7<Xmgf8oqR<W@m@_G
zyDl_OXFA?HPG@doai94ca*t2>&<}2%h^I3noUh-f63~qZ{-+l;W_Ob7pP$F6lqG;%
zuOu$4a<%$1|3<g#ZHQwwl_xvUad@-%vZQGB7ukPOjcg1ck1L-;yX_9>N;h{NMjaG2
zf7+~<jZ;t*@lKv}tnoBXD;%2%7BuQq4P^0x5$3;YrV1RsWfM7YMx<3b-mS*um=Vn(
z)cw4r!pgR;g3VJd^E+J-Q?~^=mmIu=FH2zTx7tEvHz@^i`yH!zxc5^4zq#YgMcjBb
z_@RZEM7obBFa*f@2GVr?#q1<W0B+|hHMxhElUKZgU@!e{DxH@Y@;!=3?G+Jd%ZcuY
zMjFe7?!8_%W*2cFAuW?Oh1*&mTWcE&;AJr>dy&;4l4ycRz+x#bbC(`4>d<~9yglni
z0W7(|Ql&@%nNtV(5st&K`B^?G^rKkp^<PZ&dWd+M`>cgEDWFNKN%NNysVbc-QqXR%
z9Tun&Ud)4vv@{>-&`vA5iqdmDTy{BNl3y{^F~i)NpRTOjO9K5&g@BMS%t(e~i}kZy
z9@S!d(_E!>yO>sy)?`}tz6Y*~t;P&+{Am;KXRln+CF^tZ9fNNhnyC+Qd6#d8ElE;Z
zOU```sSg%2+u;S_VSm82z}X%SE|aMI1g<KYv{ywA&WGG-+pGezWIQt^dkAtih=<}>
zu(D$|7PFqC+xPP$!pZ+t1Vj0GhyXNQwx6i+a<-dYPyDjWxdfZNz*Kv9q<Y)kN_ixH
zzG%`}(V5+;u(kTfr?Jir<gQR9>C~a1Q?c1}ZH2Hk#+&>gr;Emn23n_O0$y}9mnJ;4
z*5BXn<xjamrz&e^o;Ur#>b)y&p#GTeJC=*=I@#E)RR$+$b95euNYK*gq!B&RenZ?6
zL+&pf(((qmcS!JF+eIMxZ5C)hsLv&AR<u_qw?6J472IwK^3$LQ92?u{)dqb#0g##G
zf&k!m$ab?p%n;5U6I8`EJiS7#V@>6D#>+MdTsLE!SG-?Ak9Nk*ddtHG^(k#}*t2y{
zH@)kvav#Pdh2cOC8ekNsFa(N5X&wNKyt1haiwnlUl~$2~Kf_)69Z&o`;!KU8rtq*Z
z{HYvsYpx`Ew<Q<$iau<AgOPp$tWM8CDEK8dp#6!jW2>83EgiO0{7$O%X_T{AHJ*&Q
zJ1a&A+3oB)m7@(9wWg}9_2R0Jd3X~f7R+ed5*OF@yi=WuPejuAzQpS&A&&~-L!Iag
zr^HKYJc&1pO>Hp6%n*O2A(ohETS-wDwRNTWOfFvy5$z4_imL=(;jUGK$fODPT}vNI
z=k-9JiuZsA{FVDt8(hxE`BAz*_OU0v1`H4NAR&+bpcoK=w!3TTLI2(Ddw*Huzgr;K
z(0(s^NKfWnaUMYJDFPuh#zYw{K}hXYo?G8<^IrOX+iL(1r{|?ZPRUHt+dZmXQ3yT7
zKZvd#!t?{=l~?rx%Ue5geB0(9+nVG}YL~l1%*dOIjl^~&*?ch#N3iU$j+}R**(mVH
zsJVS((zU_0V2Mmai77m23kzc&k+*ahfxsvU1KhE5vN;Na+sV1rrY@r}oF)&kYe3mv
zy9SUQv>@-V4+D!D-R&SBl(iKY&^20~mkjW%C6$`ezz!ATaT@QEZL7P_-prjQm`&yp
zXipqOWCRdNRu_x48=Ah8h$6@R5TB+xvWJhzT)RP>q`(5sMo9|kqZftpmrg3qM>|#(
zeS&+wTlUo<2`E<I^q1>Rw_`JgO0*Y!#p=?bbUf8hmRH?YT;tTa_j1W9YGLW?qtoJj
z_iKJ^_1fH;CZd9K+%lXxYjZJ3LX*HlVEZH>VbOGt2pTyDXSA6snT@zj3O&&*kF>2K
z=U|I6TKcI7uk6L+m)gw@{AqTbCtvem{p%|rF`ao5*hy|hyFCt-uP2``c+b3TU>wh{
zosKK7scKW&w{A$kpFu3m-p%j(VQtyelI&JH1zDnXeSZhx0=#Yb*$=JXLknE!mNQg%
z2Fy+d;-7i&Ufb8dbZ)Zys@_j+Fh8&7a?DQg@1GZODvAF2Ijr&dURk_)q<4(x7cccU
zQ)9Pvo~W<DWOLN`n)aL)!0eRIU6ME_#FqbZ%FJsMN$E4IJ45u(M|nvf*q$SJ^iZ$+
z6=gVcZX_LyL1e!JQbQ7zJ)O&A23va?2?0TY6)orP1wSQXm7V6`O*PI81@);4;QJ{-
z;rZO#OH3Kf$;jBYGu4?tyxu{ZvDAp~XE)q7)Y$oz?Ju_dv&-+gv0-?mil@4P`#gKB
z_@?4^AoVUddyqIx{ZuXHt4{5f-W*;$0}kKlV<N4!##J=fL?3+h2%6n}!Yn%rB<{Ye
zSEkPpb2rk70>pk|ny+u`{upNch&F-_TyL)ffdT5>mf+2vvM*~rbE6f@woWh>da{DE
z3Ug*ShYm?B?N1k6OY2bE6vJY#GWLh&qs5STIN-8G*+nTUMs)p7_kQQIL&irohRLHH
zA5Tce#No9WV|v^~VC~A<_yzW90vK#-+fO&^kI$0N>ua?)iXQlt{2rC%{GO{+56<IL
zyj2<GoE^J4i-cKf2yT(R+`Is)eO9*`E$@|Ft&6|a{oV+s@H5^qhp^~R?!OwD>w}Uk
zlX}26zm!6rmKpkNJ{GUAKd<4NBEVLRAEvVog#N+Jt`i}Sxu%HNj;&-G&1~W#Uy5~}
zt}khl1T?0usFAEsak_`>7>Z;eaSlg}ZVqSK#jFj7d97HE_0E#dr#w1wf|PG9H!NAE
z%k~O?%ZD<J<xdg6gj^!@pfzGN?OP+Y@455xi#Xa`znNZ02<yzA&AiI>x<$BMus8OV
zz)tUI!gEOikmmYvo1VpP7@>|*&>D!+luw6N@wi7-an(lC;07WLXg&MFy$gd0w>hBl
zoqlY0Zy&Pcugvw+hP=<v5ogPNRBd)}sI?#_!T`>tbYxpBT*YHwu`W<GxhG=HEw8Qz
z1&H#8)J=4_0eQ4wjz!bE5>ofW^R!qoOhtU9`T*2<fOqPWa^E<^Gk+y!9hu!BIj5G?
zha_9U3>zbmN-N}j)_B2-R(J-0f|scWWZJD>XX**Zfz|8Rtr(G{oq>m(*wIw1P(L}5
z^Sek3J(j5ZP!CJ1fYo_Q#vzLuOXHtNi5OuJomdAAra7pRYYk=!d=Fapv^sH=PX3lb
zUlt@`y~}uB$Q%)ICx8cg?^(j>SAq6??!#ekzw*-A;T-5y?Di}S%QD5)H}C_be+A6A
zoem2-N4Ym7c{Bf8^bx<KpWMuImz|YE<j5mJEKN~lOaiu+@>u!Qr*qfS=W$K}%X1U9
zWgP+5x^QFys#fV5ucYyh=A8lotxmx$)9w1YBP^%N7xKgPV@KDThDq~6&0F}nzv+i<
z-cy1tHCn~JcAZEPX7L2|d+7=?4AF|sFB$Z^8*?;NKy^39&YNWByx0c>gG(DUXe`uD
z0~TEGkH#Ld=RT8vc>#C~Er`nqi69jjWcd!QMigXPaXyxY=whp?!9|}3$$+w=RYc#(
zzBc+3ap(DNF?Z_-bXjdF+$T@aK6hgd4L@w0NoxqD5J~s%LigRI!bDs$tPUEi34?Fz
z14B|}l@#I;es(9Fo|7n$HdsZ@FH4`VM5-T0X-gyPHNjPGn>wPGw6HSlRH%zok;D%n
zp{@qnui4`AaMM&2bVj2b7G5S9fJ_>p?vsXc8Ia^~RY}gQKGp56!!u;JA(Q;L4Yu|K
zU=;Aq-39-4(G$E16h%*o>ou>g#Z?)aX<pZJwacCfuncWJ(Zu}X4^TKQ@XW?DXx*zG
z)Sk11(^*>j$s{{TNGo;+e6^mE@hx>q0QVG{Y4RRp!R*|@=={8v_}Z$%>U<ucX=z^D
z);;yN5*fI(j@=PKu={*rGer&s=Vor$yxD7Wh}Ft-{x=D?{esxeE<XZni`m;STb%}v
zuv$NoqUIXW#or9+Iur=`KKC}9o}YI*tnaTPJeN8a%a<?ixS^;DOE{?at`Hefoaev)
z(VEIdXa)os)ELCaOL~?>YOND%yV#~Obp5u$^t^(I+m}9)UVdm(q@A=THsShzbbVz|
zn_agyP^`EVcW9Af#XW&ipg0tYyHg~%yE~<Lai_)I-QC^YA$YLx@xG6qZ_fFdnR_y`
z_g-?XYuWa;{-phj{co_C*q&<KJG5dBzx<30iRrTqV;IL&HxOr0u;r3jZ$TpB@y8bu
zIf*}L>(&))VwzFyq}Z+V?vZ-@`Xqhit~h-UO`Ta0qm^Iag-d~F=b0iA>-570$wix(
zx^OL$MhLkbU&vV*Ammtl0_WE6IOs<g(ap0ofd&hDI~nZG_(}@{W7ODeIMv=9Wk%^#
zxv_R?GU*gD!%jKtVz=eNrWsjjhw?l902&COWAfE-DiIHIRm^Uu``0*i>0y=OAO}`m
z5|Xm;$L0iQ)CdK$UBz@XhQgevq_S?_x^^RLmr0PmtnR>dG-AoOiJeICoTyjdczh1j
zg~WG_L6=#{p!eQ4qQStsm@~j5@cEPggW?$iDly#eB<sEC=^8+I)uV_i;T0==vgm62
zFI8>DTKAkMZ@Vg|h?*g2x~|gdWFXpyh62wiNL#m-+7_Ps*K;VIWFLn3n)AqbR&FI&
z$d6SpJ#tj8|C^a|`365b_o3ODcr6p)m>x~m7M-qqgfwv<qvnr#Cg9)K<g=P`<L<Yu
zVBw^{)x1lUv_N^lx3Dt$W9R|954A;L7Htl9lF)fNyu}~J=7|23ekBI|dFfz+#{WW$
zSzuj<S4_|_J1Owu#&YdJv&{ONC8Xo=Jn?Cgy?GrMh4oQ2al<!-mCy(D3@$=~;)w&!
z3EfGw6Y6H2l%q^$gHP)})>Rx+kDKl7rC+HulTNf>SxwVKsmnv<;#FNqEAyz0Rz=4j
zY<nw4DpKBbAH!3WB)jJ48<T1Ud*1VnnH_b(ll+Waeut$1+Rz}LB~NUOt*Xg1Q+Ky>
zilChn{Ot*l-CUt35z?!lzey*+|4ow6HxIv9xDs07*v9dlF~{<Wl~lwWmz(h9BV*G#
z=Dld&8%O-;35y9~!qe)cVwdkbR)zlW0mF+GoeP-S7SHRLKu<{G^F@JY$GUslo&e^W
zK?X0RL>_v&Aq{FfiD_(cbwaZ3tZ|X~On^Q|HT2{^{i=2mOI7I~jw;&6=d`U})lf;d
zI-NL`Ldq<+;HIeckP(yOF1qyyoQ2u)49)@Gc#{I4DUUR-RvylWGnuD0|FFKoR5tF&
z`{W;tYK=@H>sQbA54>V6L>ooH>DlQk7TdES;z(tQZp5OC56r0!x0)@I>0d<{gIjR2
zk4$r{0!G#Mnbox03X8CkFb=)~eqv)Nq_js4h3Z#wdoTHt<}@`Vn?p0tSeNdiNkt8y
zOSi=-4M2PK^I^>*x6Pw4$S?m7K~W1`V}v7w(aluQycEmnPMxdekJRMXZlJgisLJi1
z5U@v^w3XNbOEIku$NihD=*mV4a0d!BkLaT{3f#dMy44gd>9v4THsh$$PGeElSt(@L
z6Sb&!X)}RYZ{4<4*J2_udb`+UA*n*+Hq&YD@0EBa!?#SfCOSpNmY6(JJsm74s^|OL
z6-IHgS&5CZ4|bZLW@UUwtJbC#?^mW|9<_6{Mc4tcq*^6?{Dn;X)_6@Uv<Obj#H4)q
zNrhdWBScB<72iJ$(dj;)ntDwDY{5gpZQxhl_h8euXPRK$yZC5wz)gkxPkC~gyN-no
zy1;WPTY!hUF8>Eu+1le4&8B~nzAi@an<}fP2PkFkf@jn9@g#VIZy8`I%A8w{hA`Kj
zO#yb0*0YE7uCvF}g5%iG=Q8h>tkXLW;r3WK9zm4Py(%$rA~pZD&4R4(4zlh#>TB|~
z^?rQ<f&~gLQ`h9!jUI<dIL1sf8_<hIFEu62Dvpn06D%p&oW|cWQ|eO3zNa!M&T?&@
z{7!LZv5W2F1Z;8DdLa1A%11nj&<B^Gn;#L_vcMI@2$ZmqOJC~+tKUujzArmLLT;`H
z$?WxP^hB&zMKbXF(o$<2^{9XjW}Y_}Xa&7I@MmJ{vh)##Rc|_ndmDTby^YaEaqifY
z-OCZP)-V90B+(`UAX%rTC7mF`7{vBVf%np$^jUC-G1+A@O5&|srx9;BVzAIjj6!^^
z+EeG~QMC5A*;LhU1%=3)$jxgz1r0PlPwYuz;waZ0D67CFQZ|+mG6o&uRCAwuoDxT>
zBLMD8Uo|{+VY=dKUSPwL?i=heZ^B0=%cWOP(<)bVl!3nGxLa45_I}_^v~)_s*=#P?
zeWU6^ArBuq?9LJ?565ko3T9_FeOL9R+Qua}S({ApBpXr3bOpz8CJF5TyQZR!2hg2u
zQovq-kACxgX$R!n7uX&Sr{5KOxDGUeYyr<>gFz3qApXa3??+P%NTaX!eGbqTGF<>z
zxoWb~;<Pc?WZ5&Nema#UESypKN4Z}J=+oy*=7l@koY|+wgD`#b=W`(Ri~_p52GM_x
z>j2)-0lgqKx)1Z}{^vaJ#;f-Nq3z^jIHs=jd4CF)gqU8dqNQJ7Q|oxjjONRhlLt)?
z$4=cN;)#9Q6y9Gc{Zt&_+tp}{FzLKwM`c2H|AIq7dw3g5F3`LN+gBynk5BCEz2=^w
z<2|&RH%>Pudw_|>qj*ndY<x@|jriCe%}d;<6FM5%zQM9tYEG28RdJ?I(^b=Q)kww?
zKaU6{=Lh7tXu9;^anP*Ph}UNs3d2!}P@?vi7%Olkkp$dHQTN@HiSA(GfH~4sx5;gG
z5fO3+pN2!wpK9O9e30Oz_>!+b!{qdOyGVaTN=PQmN^1XZ$mtsyx`UR9p+)rpq0TFo
zSzkeAVz#SzWy8taRj(3Sy5T{q4wUhFn{_k-^Zfn(4}GVikJ}?B_0mK>$JVi<Q$HBG
z3S_s#_6O4>L}7F{=#y<=x!J-5BYjp2bF8Y9LxYeeo;T@Ulz0qU_k0PyD5=8$Uhq6m
zZpbg`;%t_oRAjk)M@6m=sX<lm*FtK%aWijz{PCm{PFREY59NG~e7s`l2<&}Y&}{^@
zRcFjsC0g&-mkl9RVnyDhv>il~Lub9uRWa6#QIVb>GoIIiy}_8ziCrL%W88Em^7hMw
z3_gB}7<rJz(v(x4;vYg`^RfeqWiCzZ_bmb2yJ~k)YR4kBSF4<F{lDaNtt=<PK}Z(j
zKF0DGeBqtEZdB?o(A2E5gHj&*_LB#U$aUNPs{Y+V0+*Q8JVR@`zNCLcQ^FlK?E3L0
zdAv$O5y$K5qHWcwuLC3kmPk^*+GC?pgxRSgGHfC(jeoUIvd9a?Ls9yX4wT-VR9WH@
zkk~Qr*UR(j8n~+rAmglku0%BZR%w-Hf)wdwqt#>zzp$fuD~{rR{warWt(GzmH<{aZ
zk4J?Lk>}Sd^fNg@c^|<YKlvq}-c-j$yUWM+D+Japl7stN`$Y{ciSul9GjcAFm?jSI
zk0Js9ozEP7IB)OC^EQtW{&eThclY!5`95>H<rM%2p$U;BJc-5WWvml}BdA1G@Gk2Y
zSBa{Z(AJdHOU9$Qq3^&i1#L9Gx5}$&qMbnQM>piE0BHZx=5ioU+IqV70N!AI&ZFRc
zoO!-N!pyiE-opSsfxK21#~O8ivLTwK;@HptLu7+cJ@?Mtoh2JqzI++}$7t6x!kqw8
zP9H8_tHhEhacVrCx7T?c@sL7`+OFp?yidoVzq(kVn`PwC2_V!oShu!}t$P=9`E6=1
zjflfST`>G1cp;$D#VPaKU(s|r9-M8SgluoEnTF|pY)Z9RiX%I^;|(rPf48|#**k|a
zKhJy~C{tnE+zN6(@3$r_7BzwNa8GA=pBug^T8zr5YeigS*Eb>?JV+PtKcmY`*P9B*
z)ByVia#{3YYa-&2^ItvsA`VErL(EzC-6DI?td8WBj@Nd{{SQcb{YRwh+2rhYTg(IO
z>JIp~dvs7(Ol<2dN`J-UADYZ>WAynmnTv{k0UK?YOj+v!D6^xM2c`9BY;*C)b|M*1
zI2QSYNm3W=NWo!u`y~^QLne>31QaNAMhqkDwPC9}t$q%vfOx*?QpgWYg%4-ZAtp0c
zYuWSPA3twA1x?xX+ww?tSyvEeUDcI_+jk*@A*DFQV*bKnpz-T`F9emnNT0#kvR)^H
z^T*H@?JVypuW|6%vpmoVa>43-1opq-5<7ctf57lQJA0nr(0wZMK3da#bh@`S>K4ZE
z!t9Fg<pw$AIb%5bp#{z|X8((8MDacFD*llC62E>bdis6qxwGNkb}NASeC>TVhe2`I
z?@Zyf#RIT~EIn@ltJl~e2o2wQ-U#UyTA@&H@`<ec6%3~%!9A_K{k6KbyJmDVtH9an
z709{98isk~0la8!LW|5z`aI|ITbq@O!9QKSnIs`|(H<Md27@MaR%i}7>V{uI(W@fp
z*a<o6BbXOX^3!zI5H<Tq5qq{Dtt(_CCRb#)*>F(fxsS{FTp@0lfl$)}H-0nb@F)>;
zBHwVZ>vGVD(5eV$*xCEUEjjSAvBlRuDZ)(?xM#ENAN*sU#^=@(2|Zhm>_##Jm&!xL
zQ7F07eYOkPcG&7Hb`ZHOY7=zFy0k7yaxnZlwBqq@1u@X2%*ro2TAmQgYD)y~V%7;5
z*9bqUK<zpTP*2YR>|>F;5Jsa`E?ryrX)mm|@Q<PUYH;$}cH7831oj{|Z}bfu6+~qm
zvvbR7z0s0r9Jtv#L5g_}ZhOMS$bep%Vgj%H*SsO1=M)M)kEJ@Vt&Qi(K!4rm>u3tV
zoo1Umq?4d^9pfvhg0Dy`o~)HLEXuzPY!20jH8;nx(bpljldYxuPiNk18y3JvDouJw
zY1bO$$om}J*Sc|p34E|`bASkV-%?OOd*q=O?ud}=ltUt6klz&yhL_g?x<r(!!yn~c
z?Nc;1cLG)QlffH$Wl`3M1wnLA<0Os0V*8cI$6{G8tLS@8i|N0gAm}V+5Hwa>zkmsM
zvPa&1-d_6j`v^ihxI;#r_FK4MRZW9cQW6qR+cCf5=LFdI+^sg5gfU3OhFO&NlMdj}
zSC2b&mrN1g7|YpjMy!Y<jhj<QE)d-aVQYLCr<>4sLJhO?QD^jHjr3Rqcrh+%Eu@lg
zp>``gblJ7LXymsgiQ{eAROGgn%q$<b)EAZ7wHy%k(oa^bs%qJ~4F#z;6q$UUIbe-a
z4I$I8j_nba%QOy!3nZpiO$I=%a3lCgM2OAA;3YbZLimf3Bu!lwwWTEV>R^Li>lQ@{
zN3oqy+kZSPgZ6H;J)AwSZsfF`rv$g%t9pUK8PEN?fXDWXXTZbn><od&={D#>SKqOF
z1n_cUj0|8=Hs*PH8O-W+E`9o-78atd`A^xLAUT`{nwnU^@k<tneD&$nnQZlCPz34f
zL%Q=)G^zJGm~8EwIr!`;{Y=o~*4ewMjiMby_?XuA5RC!6tZH-U&)~gUYCL&d=!63k
zy?P=YNng#{k|#^n{p;;6MSS9u46l=za9bW2UMYRY_^^K!)`*kmz)GD=h?@BQW<SfO
z`)&AV(^2kr+XIznvL0Ao5-<e@YyiKbV5LV2xzKjptw*C3Z~G<o=jqG}WS=rJzqHnT
z<ZyWU-OMjr9!uxA$g@0vh>l>=z1gdF;~#yC-+PQx@L|M@bb@+q$_J{hG-n3k<0L<N
z+8A%8K4Seu@MSi1fSt!Eu8Zg>uEzA0fQ=@SRGN&n8kHVI8`WX@GSF1SC_5(fvczmq
z>07MQLdx{OZl7CBw8atz%`54#i^mc;z!dK5{d(>Y{gg)k<1B%Yw4ebSz0}W#Xz{^v
zEsvPUmQkCOUnS;VU+>kvR0DmAy0Wdb*Kc3sjU^tF&*Tl?H0g?^z3KHoJ$qU$I1a{m
zp6j9moG%4aK*POHU+x^re4~lvy#da61ZUiqvE6UedH1ze?%zHI_V}yTU)C^BMXG=L
z*DLbDJ$0b9se?N(J!UqF+V1^>%kB;_Nn7tyo|8PqHWKd&P`o<;t|7oTkO_*X(5|ut
zI`nhPOxawQmJ<+f|51e=qtM-7X`b~UEJD_WJ-XUzlH`)PkYlfbVHD@wsV7F)!{u%n
zqXYpmG;RsI(V$(>VLtL18qOBbZx(^_WzI{cWSQby?XUSV`XIDDqX566rKM4z_Bu0D
z$;~E$VMGLiO@IV?pS#EwE)t|Md+r>atJjP2EekKHWc>G?Vqy8DI~xKIYTTSN71=4|
z3Cmwo=0{r{%5JR359!CC?ckAkR}Yf4ABZUuhy%7mf;?4e(l7tSM?yMR#m!Hq+?1zy
zLy@6pOYT%kAwH`IxRM75JKNM8^otR+hq|eUCEZ{`Wsl1!=eya1$RBs89h7dJK9AL)
zC-@I8hy--ZIME>I8annxe4EgNQvfwbKjG=~93XuJZQ5qRo`j>81d8o>{+Bd6143hi
zy)QxDtIvmE`KN(rFxYDCCK5V>pnH2w0q~gOd7kKUe^I6`P2C%nHpJ^pv40^@bQ<vC
zOi|a~$x#sCxq+1waC<jK;dP$qbqyYBdz|Q!f0`bHv^;N7Ja2D=>k<QH3->U+gY^xk
z?0F!v`E34koc)}$CQI{HoMC^$Pw+f4n9RtVB6*9o!O4?=V$LgJyAsd*AT!b25mASI
z?6Ifht+~#}3sy_x4KI7j*HN{%i6avq-g#)jgWK7^nsRZC-w%bq|9sR<`k|ur2eOk*
zq&)HZk*<y!7bI^2Ed0!CuMpc&fORZW8OA2HJ}!E#c0<{mWLeoakEKeaLo#OX%$i-x
zLR283usr&*4Rg~L9O!pkWHF`Wavp?=;&x*s#2mI|OPYoMIXZM+B)hmOT9G#&!1K9q
zkJ(u}^I(_sSP(0xC#&GK+B`M3BS)+te~gE_>}iF5IJq5|+oNeLH{mnE${>cTd1@2i
z4%^B5_;ogHUe{q3som==d~_B#G&(_R&U(m(ohfrEOs#p055YSf(x=CY&JNTE7Q^3x
zR`ZWHpyzZ}ay{6M=*O5cp_e{D&y$T;H;JJXkC`n1F!aA<xJyNk*scoeI|4Yh!@ua%
zc9I}ruav+n&+~9y!N(2?k9%;_&A~^HPOJ=;M_Km`+<?WaM;~r-)JN^WTiMV@7Nxe9
zl-CmeEvc&irP76|z%p3#-qFsFk<ZCa8%ASu<j)%5-C}O2X&{xtZ2FsmQ$3Y5Tx6K$
zh?CdX?)ZEC{h!L%BBTb!cROfj9&!LRZ+q<DptPSZna>(N-l0gDixQwBeW0|e5Xx0`
z9u7v0?U{=0H(T8`l^;wNisG@VPDDbRHd>9xVB$chfGGQNBhfvE7I3TnGJCbwN{WkF
z=Xsv_fZh9<#y+NRfdpN<B{pr)>w8#Vn2#3Ic+xx0@b3~^o}-b+R?+!*t@Ht+rX%GR
zN>OO%lL_YM)&(bh1Pg{rjQ6#dw{dHVO&%Vn7V9-;HncyyvXY~PKb!}Vkq}@AS46jz
zSsQM&6A;(;`=By7Hm&plZX_RM{pCCBYyW}iE<woPNbFT6FtnBUV*)yYchz|-ktC9J
zp=dJjw<yS^sUqx4^PitDiNoB6UhT5Sq~9*j>EX1+h;wSVg;vEYn)e`qo-t-qF>kZ-
zybKYsJBZ!GV(&uOZ{3Z)6l_;{U5|+h*O%`0x{|vbHwp<>?zOgPG=bsql=RqAu0Ej3
zv_8*04->n4TeE8e<QM2LhLQ6&2x!|mh@WGEDLw|Jdmlti4G;ClUPk|PUZa`4BdI|m
zp}6;>kn%4@=!Be8XeRO{%FKNa$a^X#k`kS&aU~_}QQ+#Z@HoT8kkTvLQ=K1gvP4Ww
zk(;$62Job~44NsMIiZc}`<gefi5(Hba(<AlxJ%{GKt(E*o9J<mW-ZF1*)6Gsvm6F(
zqa>ShmD>u>EQw{}qdR3SplrIC&fzpAt#A5Cr)5xRq3z=f1{UJZ(X_!Ni)+Q%BzN!f
z+ceKp7M1)1qF=zT3t;@^@usC_rz2r7XSK!2E&HoX;pX^QgAD#=94(NqZe7y&(`ZVe
z4b9Gzn>c#|M8o%KL4FMx({+P|`1vR7OGfpg<kxkEO2>VodV=>6M}26RLOP;s<b;ep
zdeQ;-WlDX`1exlI6~Kk79+-dt=I6>~<fY|;o%2qVMfy4y;O}ne(``%&L4^6mTlWM%
zxoC1XnT4U1bjD&6AH^0pP~0zh&%w+&t`?4yOo<Yf?{t6>KM?7I8;vfnS%tc2j<V|z
zL5_2@`!r#)(D?<j$_?$Us~J0wer+|1rT`ck|MdgX(A9i5@<hS!%S%&sJ-Y*ZDi$tx
zho^`S`#!>0LT&&&@HtkYm_J$Zb-pLda$ifS`Ubnb<pxZc*O$AQWqSMe9{6;VkSP{^
z>dq!RvyQO8J3ml-O+$T74_u;N0zcxlq|7^NbfJM1S*%S=DD8r!($k+(swqsFsO1KD
z-{~`Drex)yB+K(dvj4Q((kYF%WWup5YnJ9XeG=Jkfn#y7QCo42a=fCY_r8?dMNU82
z-`L_F)r8b?TFEUT^W(T*nai{Ra}aIe6HR)Z9^VNb$)%ZNVu+uNLhQLbCE-~fpX&~$
z@^~g~OC3CU$bQZ$s*Q$dLT3bi<y4Yyd6YkA?iRcA6x)xv(pPe4J2|f<qvgml`;#hc
z#$`ktPUN~!>x!w!HR^u+y7w=e&_pGY(+k7C?}h;(PqRBkN5zl4&cMz`no+s+KM7pI
z`n^!vAnU;h?<4yA67f4}4)(2j$$eco4Cc|{`c10EM5duF_s%V@mbJ?a*Pt0N=6F(4
z9|8xNwr@QUppz@E|5j&#@6c&HB*sRZ6Y`J#*PFxln)*UlbKhCrJ``_(4E#)GV?~19
zZmwV!q584R4i^6{9C<1JD@9%&6Z5!p0wzf>ysmeuTEt7WA(XT{Ro?&|ISuh)XLa)g
zz(kQ_G(=_ZX5MlUd}K*}|3hb(M+|)a1Cu7&`sA*^`cVndB&3Yi&0Och*``1I=^Jmc
zQ(GB=8vIB4%4f<-glW>2w>J~rr*A*uZ_!4n#>2?HiSDMTnaF|P!fTnSAdWlwbwXT;
zh(z9d68A=tXbxyA97i*`Z+^O?mOSdVEj@@WwR-N;d|R2IX<*<&72QW}V}Q}$iQOS+
zCuBgGY!JzuJNSBbX@sltr}^t&B{#VC;*gi^FlYybCa*y#zB6yr{u5Qd{%+A!Pg#nO
z@tAFh^f4UPYxUrpQD-eZ7D}Tc1Lhk<BSxJ+=;Z&lzu2T858s|sN#oY~c_VAA8M{<{
zBs+g9L3KH&{p4Zz4{50t(OyB^!B>aB5{<=s6g#?Fwd-nb;%&{wmVfFhCtW0x96g%T
zVIcC9{LYU@10Ld~SCE4W_<cvmt+vCD=2Zk^LVxw~W-*KbIsULqXIPAk)>|y*O40q?
zl-Xi~06=c-?~HcUh@OyxL=xMSGj_UAxGvp^A9w<R-HHo#_&)RNTxrx8$;{L<q07+H
zFuOyrAWLHHAvM|lP#Shv;6W>KD~oPrj!hmsqs-?jPayTZsnYqQ*z7m#SXaMAOKX(k
zUwPa|B`)gF`ReHB3V)SmcVQTggXWWZlZ>$!_d}j8&Acq5F|o#J6FSVpL?|-K18GL9
zep&i!@&<`!@p#O?u|=uoPht9xPVc?sXHH^@P@bg7oW0K7q{;8MdvZwc&&A&!4XXZi
zzhk7nTW8A|9yTowHahR?5p=k7hpNYhva8ckd^gMtF5pGS04Z+4w1kH=kPR)%@|cpE
z!$wQf#OW3MK%HlJU)j&k6NZ=6WN)fYr0tKVki{DWy*L-lx(%A`vrpgJbCa;urbvmw
z!(P<r)D9CTCqxb2ALh*Xb@b=JtHq#fetxBGFk}q3Fd6W}|EblNLYIP+owO#Z{>&PY
z@jgCL&_sym>@E&{yYeU;sh{c4ZNsN6##cTUi*4SJEsW$cB#P%p<}0o;Y!d{6c@{eM
zAy7rM?@lU5q=#WK#{+)w7rt|sG=EWM;#6Tt(D+_T3J`5U64o`L1~o#PjB?0sq53Gi
zXZH1shcE+Z0(8N|*!Yi6u||Xy;uwB?Fq*#OA)c8J*%n!%_@KqxcAiXuYsYjq(475u
zZc~6JlVo8bO5DG~RL-wrL)ykE^^0I6jDmR0***H~lA+_EZY}Xv7s1fw3KFM+U9YZ3
zPX8iPWlCvl-ZAWJRD{9Hcx*@soTUzyQ}8~|7?kIxtoWf*g`iz*q{n*?Mo=k_OK|yl
zwrc*?Q%fS8ay(3CMOejhM)Zws^UD}&f_$5|;><2XsSQZF%=wDrf#@geCBT;7eY0^Y
zDWt_lO@dJr20M#6LD)E*v<NprEy_QCvUym$$)zemP#EVpbnFp?&fxn5x+`~J72#o~
zHE=KC{l<)bP!sV~^{E*IJn*ep-#_rR>En>+#7Z3gR-DW3_*y>kc}~4qa!kw<SYd-5
zG6UNZ8jOJo_a<=ODlf-E;%09GtN33is9qg@SD@zfL`uzbWpXB%l=I=H9ZBPiy)((q
z_4nVEcl8*s-YITr2ea?3JuaUx!$y_RX&BzxUGPZepXO?<gk!-Z@e>jdvBaJ2GE&Sc
zrH_u(Kj^pgpiZk?_Zh%K`AKWy6Y~QaOFgp1gb<klp+2k!=VN^3IF>>j9}t+R+n)`s
zeq;9#8R^Gl-I$e(O;fYtIcje<s;`+h?(0~}JSic{?zghd4*Pl<@Jhbyj7ry>c$IO}
zZ|q9~u)<O&saV)H#Q#8k8^<O!YcY|FXv)x2+$3SDlp89K3pwWj5>jn*D@RfO=t*^5
zz#vY(*s?9o;mq9aZ-342zlmYuJ^-NBHHSlu%0$`=ac?Uu_~g^K*UItYsyVP{NFExJ
z)<&IaD$xi^)aGwc{lZ|!JETESv8|uBmQ$f_G6hC|q4k&4sQ~i+LPtggGxK$P*8R70
z$|z@=lSui>7|ey;+9gx#zlxQ|;CzE!GrS%4=YocB3#?$8`>q8RRH}z2Qr5T9okyf?
zu;J#&Z>_#x3W-b=<)}oM3PD3kR4F}8x#=fw462*>DlF3Pc#U;|0X;BVn?RS-sUZ%P
zBK;VAV8SB`&a}BD9L;<7c2p7%z;He?<Jos@0zUT>&fdYu61+42i915qRT=h!&nP#U
z;RY&h3V}>AE1&Ma?d&NF=;FBzr!#s68DV(5Z;#Tlg_z?;!8hMrxTRmq2Hg3}vY&Nh
z;3O_$w3hoI$nN<X@Ki4_srf&e^B)z9vtSjT$bNdkil-Ze_gyh*Y;IFgBpBS<+r2%n
z_7`^Gc;2<mgSVyT=6%bqI`bN5@c&7SL{fb}+mVtTL$q(ZJRe@i#Gc(8$O1Y@o9?JW
ze>4A4`}^XC*Y7h*?`F4}`Z?1T-@!|pu=7WMGU_=}kEk7e8Mjd`fuwY1nG(3^$K_gf
ziU{kI@868Q3fxjF+<=e`paQN8g8G`}49k&dpEnGFWyR%|wjLEQ9yHCLQHfsnvfUQe
zG?$-oT;Ny#^6?tnV?}LSXudj|R~*cP`M|VRtqRg}4HlS9P-s3?+!sse#Z)Xa?oiRd
zDzmB*pF3;Z-tm%;s9h0FjELjp)<G2a$|gVABOgIDr0@np!99UtP))?$9-Q-EMkQlp
z7Ee>}m0(=*Q<HC>-b}IWWWzbqO2{vNl@pzv?I6uU!!Z}Kt;B=Mzz5|tRR0q5f5-G7
z)8aeV>BISefRM^-?7~&6bL9vnr0@d&eA*6#zjKPN9FfT}eUQ{z`4_-3g}-95Db+kE
z%F`Ci?RgcDj<>DUxOEwrYnjJkSETx9`se|9ePrc;=ZLV6VI)uR1>(%Cw=eB1t$H5g
zfD-q0()HB^IpI<d6kTfkiMSr{@$KS_f;l?*A)GK?UMeKp?)I=A3x=Z&rC&L8+q_&|
z0)fRmt6)4aWpF*jjc7aIth6th#=Zu|*tV(;>gg?p{jrQY;528SxC(Gj%=({RB_8VN
z8^S<`<{sfRN&*eiU(`ycUl6hw=PZq=GmF0P9K6-~-sgbD4qDaK`m}F28?^KIDXpc%
z+--y0i!9V8?ExTeNJ-WnLVyt<PgI9OQy+rfHnD*;bnoS%4NN7J2jq_BP;v^~4ltmh
zZ$(-iHX=7KzJw)-(=jjg=&(`0)^Z>D_2>l39?8WLS+#gPIMmyqF`;n6wXa8vU$wj^
zWXfVN`HSoVXCkLIK3ng&Ohy%0wcYi3>Ylx&e%W4~flcl}ztjAOk6Mqx+UFwpQjhDP
zBfn`0&3%F3$JRV=ILB7F8$0wkTFV?)zv&^@?(Hvsk}9L3q`%Fy4x@YR`n@j}u?YoC
z2~z&a7kAGwni&%Ho_0Y<dU4Mr-%Mw^W`&WlwfR#Yv`b*HqLqi7I-A=c-#yN{86@z?
zYj?SG(YI_~J!}cAys8Wmk97^jNL=9n?-Rb2Wy3A9pv_;Z!Ymt>{CTYS)7<9g4O8ZQ
zc>zka?%0Ylr5RfPS?z>2Z#>9?EwDT^-tWE=A3wLe8G+A%tu3vVOoneMiQ@jd{@B7v
zTFMfYL@FlP+7`n%t#8p5iC13OFo%hjdld5;ob~W?xkWtJ?g(C5Z*8X34-UTU(&=3s
zAkLb`z#yGNXxI8`q%{7?V@HR>kT2&4^Q<nPoOIkn)6WjF8dL0MSH8X%`IC4bp(=mi
z_Ea4Y_Guct$Cz|PeD9II;r2mkFI!EYbLDRP(8yi3I95)2BOeQFC@3R-^ob2f_nVG>
z^xd1UhO0c(7OZCOAs6yU-3y&%?<(c7)ObDYI=sW?JSN%}{1MkwULR}bmISikWp0fb
zmD+FI)qO^1f;3yBO20|ARKi{~Hw~3%s6_udhe+V!oNg~j0pvc$!JJ6pwo8H(TEMb@
zTtzlCa%2B-pKy|zFa=gv-g>y?jPt9x^*}e39P!Lpw7Ra_8gKToe$YmfMjYEus(}_`
z=y$^CEXSU=MC~^kd{kZHPJb)EI{NF5P)VgqFf^<g9e&rM{a5j~iS;)hoxg8=%zpJ_
zZQUYEzqQ;7AKT87Z}4B(=Ht2(7T6i<v#FOKqUn(Rh>0P;Mf?(xuJM;YE*Z>=yzb?*
zIdqEe&5Yh~ARakYW9~NDQMxAr!_&%TFo7D6D|;h+zYint!gwx9ooVPef~~R8o&iZJ
zf;Ril>TDVc%2}97QO2Wg7t~TkISMAYx)|#!UQMc?Vi7cZjAlZj%D$VIFt`B82k(=e
zBxwuSR|f4H`lyicCRTf47O*I&J`0&Msz!vREb>)yN&s_aEtjll_Y^qwIdfve-Jb@M
z&&%bLbFJsJkR(+s0^bq5Qdi5D9BLk(|7zILzCWipKjhj#w`3e$y|+BoeEe&DUNXl%
zBh^5P0X>4A4L3P1%!3mC!lN+*Yw49*IHL0>m2g-M<fN6Jmi!9am4&JSf_M|kPSDR=
z;JfYCKU$9eTd!76?wfN99w<qF)t#P!*PXGnV4a}a_NVUNV7F`9;roMEF<7^{mjnm%
z*^<z1U#qhDd5Z}h96NSxOrE7jo@aSG2>cR0;+TmFdcScgDtswhB2PcO#Th5#Kf=#w
z(jfUZf@LHKLtVgKFjjI2Xs+k!JzHsj2C(%(fbXx!60<x@A#Kz3k*8^9M+CU~ptI*~
zM+lq=E=CcEX&e>X6FIi<R9eEQq3M4PeVM?~=35z?JU_0Q5NV3W>cMI>X-gw*P-}IO
zO!(&EE62+i!Sptyss+=lr6lL=#B!nZlkwk>vrFdtY}4iY0(66o^&gqhg+-SP!NZWd
z`rQuWo$L%QxEeEXe{h-hhvVEq0)gC$I&kJ2Rf10ge|g*g#3@TJbs~E-N<z5H*0b^I
ze`;kKw(vU!RW%h10)Eule3xX$T8G{8Ovm@=xrmHwI1`@-OyYZ^or_U8Nk%=ZG|PY1
zQK!?v@jo)Vf3V54Ukads#cR>B8-Zs_*<cJCrol%oNA!`$-e(L~;Jif-M-XqW{t6e+
z<p<kZi7W$tB4WXRQ!3eKSWPB)YW03=?4msMH?T^K)(YNQn0bs>@@8{q)3a_k=9Z~y
z)N_I`vixg`r+sy3)n{wtL?*;9ji@|XrZ~uX`&#BjWLk|ZyJV$)t(L}^_w1@i32J$h
zDAL_FuH&(DDf>5%BG>1jFRLG{sh^}aF_5RTJILCH^6lByx8Zz78*TiKo{woBfIF;5
z`2QU+@W<?j=;-!}2j0pChnV%awmu4dF{VGDN<9!>&4Wn#!@xtSF#j)pdl{Yq90odq
zI<W06dV`_B$w@V$&<vCtdpvc@_7kI9Kko~aqDaHtG|6_+TW>(EQ5Tf2NJ1qBMlBz8
zfQJ&}T@~XxysNfABp;OeB|DA`EkpX7H7s7cjL<`-eUz5~1=9D~@GgW(noc(FY~3wg
zGnPt;aOyH@<ZdOj+@r^aTlQJxp_Zf-mDQTuve*-)xNi|-e>-k05k&oTtXr$gsvHxz
zop{JyH>{<V&&UDS1aK4fSfVw${t&uMt)fthxx&97<0x8<@Y$UmUc0fF&<h`kwQ*4-
z72V3uEI~o~nEkhQt>0j)t;~UdM}y^mDpV<Qq1KPp!8DrzgNQg~Cy};^e7^@2&hu-A
zJI1h|QP}jnB1j~6RAT<<UZ1&I_PJYc^EmDD_-j;7zum{uH_~<ID1MRKE>vpS^M}DO
zkdY!EgMMX#&b>@gVdLO(RusOzZy|DdsoV+8^kbLNP2NisZ?2qyd8RTFP_)4?e-#)A
zSIue_d^arrj_?(Rr9WD(2AE|<uc?hJ(QVy?R5A;+)t|rwkY;<!t%ITJl#|e8i#u2a
zj8cP656WLnkVWS1pX3Vl2b>WNi-`3R3{O1IABiUeX;BCI4^(msVbeIR61Yz^%xIG)
z`jt+;n|my_Z~dIgT17IEQf+uQo4USr^;$H1rZIss$p2)(-iWwnO~mI?mE)U)xxq`g
z2H)@L7#zErs&gsn>(tRumOCi_7uHZfUS@*3tm+z})d>AFgR=~TD}jsEDszz>{xav4
z9JKpGGfPhd<8(Ym4mtl+TsvZD5UX6nMW=kbZLx`((uNiIC4`C5wLy@?HG~FJ;y34D
z@-JT0cxKk1_8?Sbf;sVJV0bN*1Y!5!9X{&%#EK>x!THO&`Z-Es{GH|+va2?Da>Cx*
zz@Ttkwk2E=R96L!tnl@DyCZ)Z_nI?|6ugszwcsuCt^%zx53-E`c@(=(?r+#|Pf`jL
z8Qh3VfOHfi@z4Z0#C$=g-GnLQv}_f5Smm>Gh;5W_5Vze8kulj-jrr=YGy93XgyVN2
z;e-qPL*yCaw64?986sjHGVnG}#sA`x|7*Pe=0wS1eRZHzGxs9Ztvi!uMUx>n@+7%}
zJxGjGhCoT2g=L?*jp#fo0+7SDzA7aGXl#mD=C^$`vLFjI6&P}0YsJ&2>YZxt+0L|a
z3+0RRXteJBB!utb;kO=7V7D;V$SV6PgR>p3Q<^cn@`UL4Wygu!-h8QpiO#9B#yc~+
z^0Ufx?L?<lnMfx?ko%R%QAI`t**p6(3#Y?oGj;DByo;LAgr=Qga(nOY{G~-|-x3&z
z2gj~khmTizEsX$KN4Xk#JDb7i&W72Jv*5=unYhI*r+1z*@RJ&wV){q1hy)#uEf=f0
zm^zoQ1CFZbhyH=}FXh%Z>95oI%fkL_O9v|>XLeUArNg>^^%eO#SOhb`?O+<aiWE3v
z`RNDSNi>RfB5`=PU*Od@cT;K~(Y7Qa^T8AI_AoIwg_XX~X#zEny49bDk8DPdDzJi=
ztnDWtvo0>;H|`UyF8aD=M&BSQpi~2hwR>U;nr8k$Ll^nza*hYD;W`X2UJ_LvVu*Od
zIfUo%hx%#hoFWa}j}#JUauW{kq*Drwl*A`UmN`U^MTo}c%h<qlu-G9+BeRC;zA`TN
z*%opxpIy_8-=w26H=F7OBI7s|#cRmBlBCh=J0Cx|3JCG2L=WBmWNW84T5UCWmHz`I
z*=h?PEeybLCfamBi!Hj(6@km?|L11@mW>xlS=Yf<Yo<73`cgvi=}42hVf}6EobeA~
zkFP&9fQaljGfF8EORi~+**;uz?3GodrTfk>aJ&#VTfl=u(r!T56?``>)-w_y_Tu$)
zqc;oI`r8X{+II6TZ*&Yf`|wTvLomI?5*>PkmpR(w<%m6-F>8AUvKMGGL<nN>nz2Nr
zaR8*Cdxv@%xr(i=&n^yFBw5ZFA8yRlq>aq<FXd5E&}wTmk;}Fhh~Hrd)^mTaFp9{{
zbMJ9@b8kqcI&z<%eK1|gmCX!w!MY>jHvnh|<ek`Rifag)MMy{=k&*1PWtGYk3!ZaM
zA#8_E6@vd^ApSL(=r+J7jA^f}AvnJ{3Er&|RL!Q41gDEnl9n$6T=b8Oyg&SvC-d;m
zxdWcDFY$>puJ?2?^y_vP)pyMC7V!zA@d@CmmWGb<wUjwyWDpf+64Udn2J}te{g;^i
zh+6bDOYDdE8b}zm2Of3;lFkw}Y~t&Ea&O1z7f@4)PqbNfrQ5tqhq=vY>>!T#MdV`6
zx>8I)Vy+U=c=A)OIOF+xB)JT#H(&a7i}MCckD5kfvvIXD->6a4av7H`sXU1H_nx_l
zZWv>AiX|=%+Eg!TookL5{HHj~4>fASKt7s9rKOvVD7Vzu%oJ7>a^te3&*rN^oTmEM
zFWBZ<(%;k*^8W6B6^#@LVZ6jRGt-!FdBrUIi^-;V#EuVVB;|25fH%T*Ubodl!Gr0t
z?7H{E7ug^*UvnIp6$xo4qPgT8cn)>ew}}Tsv5`Hn99NwsfpADYTF+tBPw~|PwV$DD
zVO7x3R}PBnViaZMLNRHs2#yIE3WtsK<Yyr5Mf5x%wXCI8h^plUz0%RyeX?U0VxRD?
zk~H8%oa}}lbSfW}u%g@!x>%rr@2KJwj3pH3Z0gH&4QmJl?2^oy&{sj;3O0^07Zmyf
z>gs6<NtO%DzjTIb?b+eJE>mJW?fDO8>G>Z2XY}+xhEu(WhYb}RT{!dm_a#s1+@=-z
z2M81Qv6|q$x!lbap@-6@vI<r{!0c&L;a*UCrO`Ys+_Rg;icS>)QVtj9hS3$*joij2
zc~^;dm;cvqH45z%pTy6TP?3K|hWH@7dc?AOxdgF~e5<6j*`*L?(8}3%uSB>_Z?wKc
zB!@kvL5`!Y^8P8mSomsN)X$b}hds+T9d|k3v+?A`XTPM<_*J>Rqahy{=9RofPFp0d
z$y@UpX2MgW%z-E%73y!mcxApyoxjNm@LJPaY>Jj*!;PQ;jao^LP8O?Q+5d-cO5ai}
zO8uMj{r97%Q@|<7<~fUrUB7GGycaH+y3eOw1X_(l9pZ0(NdCGm6SLgX8|G+QDKyc~
z>1w?WugCYj1OxgWy2x;M3h^&1CzxX0L~4xJJ7)#x?zGeJ`<8vZ0()M~?fSvCWryt2
z&)j2DxW}giYC_-D<N0?@JQ?LVoDFG`<dOFI$U*ut<q9J(%8qJ=rh2vd3}^_6hDcQn
zb<Vd@Dw#48zg5a`8w%vJ-K=Yn_nwQBDrK};e|FPSrosmwvM$x2b$ni$mi>W5Yv@C4
z8nw%3Dn7yE53@JtSe1{DZoT_Kh5CQhdJqm=(WX=pQ;)D|+D+Z>BDl!&pRF@6pK?ek
zHNLjbVrE~n!no89c#fA8I{M0+{1nnQ(i%jCKgAq5LXi%St7Vd(bo!QpNI2>s_h4ZG
zK4l<FRSNT&CBTR%2c^}uLAa9xXhlCagO?ELld`VMA}YG?Rr|DlYM|%=9un?Ik3Vc@
zO_icqr;Eu|vGX>Lo;JNLJccc9Xk+^vu{}R94bm`WLFRlCM15(XD?<JjyAafUo~o<O
z;La;#Vz5-Qbf{?HJFN2#4n&A>;U`*M+TF0nxtnM^5d6Ktw{9Rya%I5()D6Ig*1$+q
zrE;^7zh59BEV1_}^Aa+96iZe80XqLRH1EHl!Nmq%gN-(1HiJeJUAPkZfT&<#E6mQ2
zwdPV)_G|6R&&=~6PpW8$rA(q<sRl$3mqhTB<R>taz|cgJQ=Z(M8-cD;{IeYQDZ}nB
zZ>|{ia?cH5$T2Eny8hrG+&K?=YB|U2a0K3*xL*gO2=}qcOqI^Fei@$EXQ07lMzaV5
zZvk3O%@KTipr&jeM|jluo+bk~^Q5skxOIr4CTMkDkyKmTJ>}Zzk{i~j|5Y#^#f9)%
z3*p9U2k3HmpWKe$3yTz(e|q2QBvb7!?doWfEjJMREhdp_JnLkd4bv5)<a*a%;M+`g
zM~K899a;Z&gn!&cu$Z1(#wg1TPNu^fO{|7Bvx86Wb{mv;i<hvfva=zi`^^SowS*p{
zeur%fFMjzg4hM4eJ%*1w<0x~+lek+4lzd!~w3qWtrQzLKjpt$eMY-DKc~bBC9L`HE
z7ZX57#{>19i7RGk+R5f%i0aR@*aR@Y1Oa~zbY9?e%VVV_5cclO4idN4<o{Matm<1;
z6f0@c7hT>=F&#u<6#zk`nX^CDS2t3%qW0VFp*xTkIi7WOxUDJt=}}<@z~&{%w&(v9
z<9`CczkhMTxoCRbm$=TxI5FZGQ~4)_RTpPZo5!9qlX5<Zk7KOd?TF9{A&x$zb&6FE
zEhdiNu5bRZ$!ii8wl|<^{J|xw4D5Hss4zMtEgI*Mq$x!`()Wmgi7MXXY|HK^K#Qom
z3!_#F<n}@%VkW>EuV|h;gf*J8?z6hhb$?_F4_KwIuS?I70wsLW^;3uc{9D`2l2qE?
z`e)%KSCgVH@8@PYeuTCvka4jJZPjWoR#=rHSPvB&(3Rcn;l}leiU<7}=q)=j$Uq8Q
ztsT(oa%t9jKiNh3Qih4?Z{hkU_x=Ar=neL~a*AD+RA&VWO{qYQ+);`~j%>XKuaE4M
zd4T(&0QmZF`4d})&}FWg5tSZt#3jM^%=Y2Csw6Q@$J>sN?~BiBvpyVUyaxxqVi`PO
z3~N6l!AD|p2U`a3=GEPYQC~Dc0bKPfs!jezBqGQeM-I0xsYmM}tDE!`6RkSA*$;f=
zjir^+sMTx&(GLp-tJkk&8-ggOviA9sNUE>$1O1cS2R@@B*>H-Jy9)&eXMKq1Q4mZr
zoeYRhnd^$EZH9ZP2`+T~7gqVVDO)CmD{immm%%ED_IR<_Dh1}%p&lEVU;7lg^{J5f
zOX;Xdk}X$ny5FNV2=X&8A8#vrv-UGI{m>18@$n)qAB!HOZZTmx;auVjXC-wa=E4^C
zO~`Yse(}w?h4ZHsCDAepoL#8K#?Rd%#Vl75H})@kzt--t-?sYMQP@UBUL{$Qr1ZHD
zdGkh5r^oKul4(D0v+XrkI(Q-v`*3@1_*6w-lD$s~zw&kEb;}pLB=-{!!gk>j4sc)#
za7R)2eZoie@_1thW?xJHeX73)MuITl!WRc?xBcvlEk&vU^RwojjEkI$p9(j&0n;_;
z9uA0zHR397A}H-T=pDmzKVnW=3DMyv<b1qdrH6ND*0cziGMG1Gb5u*38|O<7V&HPf
zb#63fVtSoPKa@G&#!k$v_H8HfPEAgn*D8QueEjw|Gm~<E{0w@{XMU@G{1lCw`}9X4
z^SM`!Qb(m1Y>S-V6<r)z^E>ps--Dj9{W?1N^&KW>O(!g6+>2NA;;uSgWCSf_YEMrz
z2OBj5bJ#$|v)c<F?G7ysX*7TNjH;clnocNMHym+qLs{d0J#k?B%u9qaIm9$D@`Irv
zz<fhEd->;2PDRge)d%~yNZVOSQ>gsw#w!EHr`&GxZ49LE<TNv8d5JRvFhkmT-C0m`
ziBiLByoxz!v}*ar3w}!y-&VFuYLb^Lw<Guy1gp~a4FO&C&Z`T3X5ikeC}8za`@YO1
z60EY~MZ3!rcBYL#I5vxph8=E9P7KW6vd1Hc7P-M51G=)E2PxxMB1qE;LsaUlOgIWg
zE~<jp73MLRo3V*6x8R>*30NZY_~x_x$Q?zGHhz9K>Hk%5qoyvn3|ZwJOB_R2&nyx1
z=du1c?en)W`XA^64=x-<#?-fy5#<XNR$b&2A=SmbV$KQ<OZMk|#P_J<8m)HHp*Q1a
zDN=@MxXLI$`>~<`+_gO}oba`MyAvM^gp)9jWSSK~Uq%V>56oTq_>4BNVp!jpY^8?a
z2Ws?}Q%#~C*=$hW(_WX+hYiaa)99XpvsW0#78bnXJbJq}<5b-iZ|5ck&N*5th48qR
zfGm+)Bk1rtM_K}^acDC^DJ{DJKfC*pu%{CRv_Vuy;qUL7GxIBBR}8D|OG6G^1;yB-
z+1BYI&d0xZK9lCWAT6+u>i)lv`1iS;@!{wzi&2;vcU3@Iyz`Wa=*KJGQ9C_8^e@|j
zzb0o&tAE@#hJT}eK7e4AhGV*tUQ}1ha(XGzZsPO2C({m)&EXbgovb4d0o?L)(WkB)
z#5Ab+z%SCF4TnFMc5KU<2IFHu4EvScQp@NKW~GX*Bh0E_OPWS8jsM<eYFYK`#1z@H
z8bfuUOxZE?zS{93DE3lQ{aAPS{+Q*a#RG#XYJzL&8+rPbVTB#9{)akn>~+-LHBpJ>
z+rMT32+B0<acE@E=|Dph!Q8*eP;G05`|>&lq`N%>z+q}7G&Z^+mp+{-IyCLuvoEez
z>i=@JND_Lb9mfdEhk1doa6hIyDmZ+5Dr7A@Glo$z^VVPS`)&E5PL>L<iht}EL+{&?
zQ<6v@li33isi|iG|1Mf_{?F_6&sDa1s}(td3JhJY;6Y?vL17kNp7v<MM`d46F{H3+
z#X{quwu_s`a)HW$x#G&cjO+Q}n+joVr$Nx1Ow2`QWTZU(dPZ#ntJfFv;)UmBP#CHK
z)8lOqM&V%eV&L5jlNLvxRhJE0eModqiS5z{t>t=C+7s6#md7cTAT!rb!Y}=F!pIJ5
zy@7F~Z4~dvLL>XQ=UIsCj~=sGB-Xtuj_1m(Xp=-!B|_B05j6wC{?&W@Zv!Cs(nQZc
z6x8vif3#EiW51=bWpi)P?-q>=ZNqYSc&~&3F>7_@6jWvPoPFn)CQ=jmkK(^4elKzH
zsw)a2I=Y!S4OKB@+%kPO6t{;RVV}5LHyVo|63d$PbIHO-MOHC86SKx&7#)QT6YB0f
zF0{$YP_MqOTKciqu(Tt&n6xd@P?73`sq;?UYi>*NaB{#GK6Y`Mt7M&NSi5q4=(?o_
z+mKaxtU-yHTg{r#j7SJV#6R*)Ho(fB!BU3A9%N%Il^VS;gJ;i{LXk&cm~lO(kSzP#
z`x*I|B1j)GuRV#!^K_qBD;)84Hue7+e4zODebT$c_v%tJ<tS7)-S0BmRmY<`$}IFL
zBfcmj`O*<*Qi`PQ?K)%Ir1#x3`LM<6p(n~6RWS<9_i1a7V++dm?J_!W><OY|mWw;+
zoJPV&i;wD&1!KR45A%o=)3F#}N_CQl&_{={sQSj0J!V-O_cAG>7_$0Px4P;<hyV1A
z7Ub7q>&2+xJfw1WKN`CM^R>XjYxDE0T|m>I-r54G&n@0p=J@%cC}XDddou}5soc6B
z#!FkAE&YiOd##YATJxLuTtfF)%Se3Ex!SCCHG@wpKexJ8b@78qc`J_W&jJu3w=K5#
z*Qw&qq9{3qZals)XIopgn_qlgk|Z)K=uuu)GFfl7f5rK?Sp4k?1BEHe3kSakwgk|_
z=a2A<Qe-EaI{HLL{i^s3v*R*Qa;?sf<!^Nfn^oKUCTH=Z5AwD_ZN6kWKM~!<19g02
z^-WyW212!6`!?d!AkG`m1D=?z*Qc)ucX}YcpV(iN+`f&;iz!B{1q@16U492<M~i7E
zlBBqKZooXPidueykoR;7Vtu&A@mBkg$=n=~5*OK2FbOX?H|=Y^lxhUDm9V|)?Q~V*
z%K!_iD$){U{n&GynkTcE;+3q|4fjn@y-US?1zE0wE$Tm#t6ChOcUA^--s=S$I!VkK
zdtoBW*msnv`fHL_cun(07gK~IC?J&Kqa%+0{=c+^1+L}l$L4<~&`C>;48Gy!=NLnQ
z9becd!gNIRR<9WZ29A?b(3$AkKNntqB;uQPB7*a=g?*Psil>9W_vJ)ZE>a)i)c8eU
zzjMHdF}@50-m)&~5sOLtRes$Aw?`61(wr3Iz1Uu?)4BL#>Zp{D`!fsCOnS`aJDHOH
z5MLJY)rCxh3D|Hrdh$(#{c99*V(aQr06TixDrW37Cr__EKZlllA3c#I&vwpst2+Y~
zjS?ur+P|CExsRVDJtjYcq@1JtrD3Z+8HOVkL6?POfJ>$fnemc_xn=jf_EBa!PeLnh
zKL)FPVqcXX;hGPZY?MsEn*WzAn!ZWVmn7F3Gs@|IXP^G<X3~*;Ra^$n31liO_1?cv
zrkCEaUazREnvR9)EIkHb&RGl(e2WJD`g&V|?ehE86dgK8c|(ywyvTT7XO2Dpy9Gxp
za#v0I@~?1E%1Te!7zSaw#3@bv5%%eiuqYs=ekxE^2>co2m=`_=Zu-u=J^VM{k9!{q
zM#F6hQ~n=a?-XEJw`2>aZJU+0ZQHhO+qNq0N>x_cwr$(C^=F;`bl=lo-}|&))_T}u
z#~d?a#F#NTH*`67<!LLqGjJmpb(=#?pI0h>Hyd+3=D>67wT|RA+2n+0c2IbsP1o%s
zwZ>_x-j;v1s<h;!?+pKO)Ly%E0=A>u1af;mr;{|X@&2;Yl($%$wpcHZxZ8$!dct`-
z{k5eL%8$E5KAGY`>R8il{A@=@4N)(L#tsjT!MgE1&KD+e^}n~-{{#gpphQ$(BT0jP
zWHhiQ*!b$@rpxYloSO>iyS(5cdkmUFZZ(Ta5ZiZbl%d!J20Fr>xT}vXs^e+ay_Svb
z0OM&n4tY%*`yFb#A@lRd1r@o$oGuAd$m8TJGMPxwvuDBx+XTq_w7X4V-1W768oFXe
z(?JKZKp(~%B4&r9&2Y=XT4#+yD#KfwN;JI^Z#y<|Qz{V8e0mGJZx}zi!%5OsQcT6(
z7|(U=lZi)^L>00|f%|^j<O1?>A`J0Vs4dm;L|WImGTut_GUKzQWWVNd^sHvLgK0NQ
zbRo_~o6Knk|M^+N5DKBIULs@wC|7Rsjw)|T{3!w8JLv)uP58f4O1BcxG?XYu1ZWcV
zIf?QK9ZXDi(Il*{Qw)@VGUTr)*9I2f+5p|Xs^~+ge#sK|D+mzT2|Dne!?CF6u~SwC
znQQtvh@!ho%ol^2?Gy(E?I-V=DA)}0_Ky1Zdi`!WT!N$PLRC?+)s|+yTp1qklK5|D
zkEMYaZ2j<nrcwA>DKRwo^b9IU=ly9iyLpQXr5Q<CL#2KjoD<Td^kV}^w{9%Il1AAD
zTv1z!b2gVex4Ltl{GyaG_2@oExwdM%ZC%1^0ZJU1F=uD}HezF+CBhn?lKEqdcst&q
zA!S@0Ea!lISkUYM;i!H<H_VOTfJWs}n=hWw_MM;;@SU+)js9bl5Tsm#IX&@z+rs~6
z%m{8nBC0RyqK!`?71iqfpmW8Gx=}{4u|~mGbOAEGD?izc5Er=IFNxj)0r6DeiVJo6
zC8Klod+4#UPJ9z#;kzU@<<iRH;|?oLVx}QSXU+--qG2?^O#O*7#LD+9(OJrRzBD^I
zz`>QhF`=tzB;`C{b;AY?UMMQ&e@VFEB>~L3AtiNYE$Hr1E~_0cfA74tJygOO8kHhu
zA$qRU?C!*=5G(savAUTSFo=byk%O-A`9ak_j^dPT?#$PVhvT;b$GvpDaiX4TPF~U=
z1EQ>LB~tki<pl>+LVtgPr!IwVqbuIqn}`of?2a47!AJtYl54`g^hYTQ44Hr7|4~op
zU<K?Ar03`?A)|`0mSJci)wJu}Xjm+(dOkke*E{nH|DMDS^)K#g=v$@MY$0}!nfR?A
zDG=#x`Ge;~Z^iKRF*Td*XWADNX;(pMu2fDO>a2X8m&M8s74LN!@D!NrWqZtCqLf`y
zxc9yY6o=E84F<bZ28Pw~b8o=RbGcD_KbzQe-p^FHIfroi#cnP=96xs(sQaZFt3WOU
z$iPFAJMky!ORo)rAxlW>a6EjXd(la2`y90=P_g1kCvaEtqk;p>UiO_Sth_1RC5D65
zO%xFO=)Dla8}+&e;!3MhIT*@QCGFV>dH#v1XLV}+s|Fo1%Nc?~<$oWP{9kG@F+?>&
za^eoxTR*|dgRl*>Ya-0xpf<X_%or8?44i03-EGS*ZqxB>!KO7xW1ZunI^aC%wD$b0
za=V<fcaCSzM!VP!E;lWjde3;I+3Rnj0TVoR_Uc=#NXO6GTFq(l`hZSjBl9WJamH*O
zLNfinMDL#j)D=I3qPWfXZ0_LFxo#IP40pO;Mi`9e;jqsbI-4WcV$#B}U5k}u7;l<3
z9$n-nXbmiFm!-Iu)*k7&QPza16TNIIMM^J7v9g;^oo^5=&#0VgsY+zRoqpWy;IMx7
zYLCxon(dlpN10D1;&g@Z!?idiY$<Mv=>sja?rwX7Z0P#FU#On}<j0+<9J|O&5|*|w
zqd~vFv-%vZf&Lxi5hp3}{~%&A5&o+WIg*(N;hhUVYl3ssnC1>x4YRD`?ea#!ZAFk!
z4<={Y2WP)m@xHNb)gMM4GCo!c{8ApZ07JiVp)B8hf@<u;#+B!Rv&UyPHjay;EQWwK
zx2JhLJ*HBGh<EStJ}CUIy+~!fiWr*7u{<pp26LRfMBj|^-JXZ2bi5c5R%ZCCQj`xv
z>&-eBL%1Yc4-s~0aospf6E-*k$Eu}FS$U#tb-f*is>6xwbLpnH9heh#`~?}}0*wUq
zCnH^QW)}^{YB-i1GfKnj5S9z9hvw7v&yI&QfOyd$K-!)VMLnS)L)ecdlKdW0YThjk
z2dfBR@y#t~_?!Rh49`Es9By!s=T5&Qi}oe9&Qj&}pvGlvsZrN;xYeLZ2EU+%WrG=`
zeU+;l#OB-U4F&~K+(QNT@jD=9J^0L`TmHAvDDw{c!w`GAVkQB)Wet3q&Vq1IO{!6k
z8rn#=%FzUSxizCg`GnYv@{T_=#Kb$PICKv!0iDI+-l(86ifad?_Y5N8qHFy1?7J=0
z=m^^$AA$I`XwZ$Pu0;DKSo@xvq7%^^=V%{yI<`Pf23drFlXbpuJY%f1a`YKK2wC9A
z1d-F<KE9!&a+8DEWraK8YNmnV{DXyBc~*PJ+?h$~)9>plErlzU^tauC92_~8J}`zJ
zhTui#3gOuxrS1Pb*S4G<eT&*p4eH%iKu`4LB0&IEe<w-*Q_1@dsBJXF;gEEt7aNxn
z!=Dt@%GK8>KqG1wy}#8%x-}rG2`XxrIwR0q9UGui7^Fql7&EiZo-SvT1Q91ZA9Dwo
zs4_J4wx00wc@TCBwNt<O8QO~0zrUV%#CnLjDT~7k^<^M6r0LcQxBrAuaR?obo;w;c
zCmYIZ#(p&QUVAAjD*UJ3_4J!Id39%cACGRQT4#^LqY9Th$f3bFfEahSGP_|LLOwaR
zb;IoK11kJbS~uL93Ff%&8j50CPYFIc(@f2{<c5;`;<dO$d7MaATf<obk>}KbE#juc
zBKA0tI4k>^`@22u^B5_Ctd{kQRYxs;_=idBt1%$EucZ*$V@BI`2<*8gvpu=xzdfn{
zjHPv2pqox#Y5S36s9;6@74x<V_sSHRCewZDX!JikXS?V?uz+;!jd&5IDIR2VNvj>s
zYwZJi>sp`}DJ1u!fv0S+^3qBMuqpCr1{LaN%#oI#62Nl;Im^qx#Wu@2pg!L`6N)H<
zE5pYzz)@IVB66B5#WpaasJbP8HfsvQ)7}9AJ%a(zZ$l4=%~bC}-()+kEfNbztg#&m
zL$ILoYY>qX=hU7lNqMbIr%?Zz*kcZ9Ddl<%vp6J|)z{ZKa(3-srI$VQC+9$ddA%u~
zjspgfNpdi!qSnqY7k-*G<*6JQ<Cc~(#_Kay*x=9G1DS@vai{wz-5YkIeHsX?ws!%j
zTIt~+kEQcnWr>jkbj91_1ixTcosW{;7nFMpx|*pf{=dc5-(a)F2)MEF`O&IRtG-v7
zC`crRdrz?LWz*1<RXEvnnjYjRo-EARcAP29pR}*;cs9~~tI{MSKy62f=Y>cEeVM)p
zAx|wNt1Hh`Jf~nQBtAJtzL{^wIa$~LFr~zF$c$o^TW8c$xkn;dVTS5(5|<EcqRX!T
zi39#LO`;a^MO)MquLym55t3J;d&}TOg71Y&#dV||+1&P6KPwEfZ+30~aMzxANJ8Ty
z-3bf#_U)=8DXHP-Jsl0XlyjJX`5B$R&W^l~=;4$<hN1(?^gx>#IJTwZol+5toNyg<
zFcdZfBZhXD>a^^_@{|u1itj@<tIce6yfOmDH+@4(E{kUWj(@QehEm0MzEl9{Q0nu4
z%r*Z}g%aA|LG-_UFie5g)d|-)Ps0qbiV|f$8$h73{_Knk|M@!L?F*3?YNBzpM3PiR
zL$JO#>~rab3M;~Twlantbu$X#eF{*-VtmmmYVf<@{B%Hl?Pe%GCSoG^MY_#cvwT@j
zY?-Q{bhsy*QO*>cmzYAzm(l+*<|wwTT(KZ-Y#sxf(Si#4W;kqUj?Q9Q>?%Oh#_Ro$
z6z;hOc~NxXW&t&GD>z=&CZ9}8T*cX3Xk~&~z+lOvG<trc3}9!B)#WxK-SIS6gVPpA
zBXs$-WaeUvU7*E!(-PaHUKk{}I5aRfmq*OWQYyMDO)nqHmj~Q+_?@^TT0hA+De$Z7
zWJYDzH1tEfb@i`iGmsEX=H+hX=zlQPHmorJ6<RFp#Fh<?68T>%;5rb{&8DBUNzXa8
zLQA~Kp<&$q@e_lWQO7O=aTi04z4)9#M_;o&{pFQE49CES`30^CgXm*dC9G$4S6}I)
zbfzD4?Cmp^QQmT>q*faXD~Yd3_!kBvl+W`~h2)c9Eb)HMP)N~J2X(hu{AJmh<StFt
zu9fH?p|9(83JnXwK!+h7XZ4(5vFBdsANTiim<pLZr&n{+7qgp8c+x&r!5Ctiu~Bb6
z4GO%E#sh}so^KUr=}`^ntB9bM=FHq+rxow`Nfq}`9(ZHxJ;e67P9~)LH(3Q_dt6G1
zK3`sm9f<L{Mi(CBywgXB00C#<Z<@<J55iFi9yI{NEN#LMa;W@$heG5Ay2n|4H$56L
zAMFWqJW{$*VE^HT`#0HdXZ!na^6b}Cx@+kEO}D<=8*5D;KX(ILOlZ*H1R*C>zuNQZ
zzNd#V{3Ke&_Ba|Kuizr8<`#Fm_XuqX)9E+W;KbQ~n^uyB8-q7dEsj|H<bbE~O!SDE
zO2k8llGonr1$=ptUWM}+LyQg%xNT3(qPdN*X|eBqFWQ9$HwD1faK%Eoe<=VPv`+5&
zB_Z{=f978PJYT?fyA8U|g=elJdg5GH;x<?ikApVBcFF~V(i3+S0WmHAqdxX023O9K
zwfpMenxnBzqPV{kxVHrp;Jvpk7NG<gk{s=nImci{!JC~x<E<Mf_%yTo_koH!DYM*$
z7_&&$t{Q!R3%s!Ao~3KM;Bqz{J~tmUL(*IP4rX*&=ewUOitakO%;M%K|9wl!zn5gY
z2gJQw!lN&s9lW(t=E=BI(dxJVt-FF4!R$WW!qg_2qL_vOiGyOJ=#5_YDshHu_HhIr
zI7%re)KMW5J{)z5u`RWJ_~OIb8CNE*rpYV+bN4f)#mj_*r@j3e?x}K+k&)5c!o#r#
zV1VB=q(iBO7=19+HXOj}5bR8vg_8!SJJ4J4)MEwV$>ZyaM-HrY9&sS;m?1;LV2^IP
zLa10Q=yBJiwHL{BUA*2_UD8t)S}Ul-=Et2b5pDtw&3$4=eOx2nHBKSQ*nGr=!ju`b
z+6?N17CDB1?vm)1UnCII{Bnj0aJZQn;lQO{*1F<p0@E9=6mVQ<8ltxTyrIDT#ddQ}
zPv`)U^Rzi|hUd#oee6?ym>=iXvQxUX6BWLBOA&#gh*mCh8bF!tKM3vG8gV+)117Hv
z8{<R@ti<i5qNBgr`CFdcW<VG&X&qXlza=4nR^VLSBH$w3YHHUT@#Wa_-D_v+;JHNH
zjQaV)zDaHGIT0<wOt-8Ub+=<+8ge_W_xMVKY8HT~&VSvjEsc`=^xQxwzU-wC?;^6a
zI;QB*yHLDC(`1#9@kTF2a`Ju0i;W(wJu|VLhk(P3405jTFkHUW8&Ke%5WzV{pwFLG
z7sFY7A@MAn(M(vbGU8rw#;0+nGe(4H9#ffe<>?&vZ4+hWn#!kWL4{?&6?e>JeI`ph
zE0Z0X1;Z(u5)Zz4N1WVHy~vzuHZc3eb@2DuW^Ed-Du2w(=jr(`n`MtR4a9~`V$2Nt
zW~+V-jzxiDHJ-f*H11htt3BRYC1!i~#O~2X)uc=g^K5>nWqZ%b_5avCn|(mqf#PSg
z-Xxr9TPVmzOIDq5Q*^(P{uZ>!!C=-x^NEn^YwbDb&{aY}tsovSa8aZzy_gWp?<}0?
zR=7s@jkcJv9Q@LrH4L~?6df}15TdtO-A!=6sC38pJ;etty%a$9;X_Z6!71ThTU<>l
zgNF)Vh9%0T>eSl@MHXh9P*tf(4|D$Jz|%IQ2B5LPqn%z*InNkfy7CtpN7J<r1T{+1
zu9#$Fa<c}4X?LG#B=>@;F;rxZ7SiQ+j@$=UnA;#ue2%%P(>?0~-ls{1mk@a(DAV~6
zvyE1ckM7J*9Ye<3XE>yKQ|agKYvi}R{*wes+dzR0>@bZ`{-4oicShg~Uj_~cbU4OG
zC+u<NBXYK4F?XJNt~r_(|7V)WzpKV>8RG3Lq>?7@^e{KLBzLBq$4emLzjrTO7ZXm?
z0cUf%MSGz=`8G_uoNnUga?Q?WB2MQ|=cgYm-R~$>6+Sk{@vMfbt2PTUOoBzpp>Gex
zs+>Ox;@bYw%_75E-UF9%X*(!^*I%(~x#vWCk_R}))Ap$=l+z%FH=X4f13|K%DCBD3
z#n{g4KDMMpE8OCct-}@>J8ow2i6_Q(J5-F}&yvzSh_~@H-h<1o4A~I~PBoWU$!&=@
zJjY_&-wPeUAF@Kqr&5&z?-Z>Z+~sUMYt6<Y{te#Z9Z{nCehHklnWSsCk$Lf6HDB@I
zkgopHy1p=hd`OSc*zvOf!<g=A103e!zyfRr$+~}bD09@AoVocJ!fTw*+P@VS(Wpks
z#FC#@-N;nHnl5MVqPiu=_3g;;k@Dhh?e$mBi+aj`pDy}$+H21Q@r)gBwF!N!BZfB;
znR-CAx^=Fd)IF+k^S4^qL|o?J;nG4G!#wrC6Dl!l?7M_AQ=(3^_iI$3-~|ABa+98t
zvUM8o=xw15_V8GQQMTtQEcVbv607$Y^V2Xsb8lIJ_=*7@6HD{(UA*bdQvp^88vp`&
z@%WX_i{wp+Wj7@#h<UGV@VmCT?IwOuz&B^_YiqO3hNH4iQr}EYxAyic&SM;ZpW@4P
z@jOqS9OxIhhHINwtC<iJO(OqJ@9Y3gwT;r)F40|ruz^oaFtRIR!H-Y|3aOXhsZ}~$
zZ(4}=U6S~*3@Pkkl#j#B_$2<&FyurU;|IeDaL^n4sB_1!H<+|yW<Y|iOVZU^LF4Wr
zOiPGEp}yx*)&zMa-vy$Jy{G{Wb7{bS4=a%j`zy2CrL*Ek1Msazv02iT-}aJkcf-DD
zwqBC$uoY(<w2NkQf7wOqFF^mEhrtfd<kVxki$^ZlO-VB@E3k|J(>zS`|9W%=0`lmp
zQ~Oc&Ck^@b?TK?E-Hrgs`;Ef3zuJ4aCB^LJGPGmoIZW^~T~h-eR9^on+xZx@AG=(j
z%0bkfy7dihDxS$>qxUxoytv_D!0$lqign<fW&1MBRhSifEcIC0oRaM*em%p{6Y$eI
zxJ1{LQs}As>K9Sfg{Y?!W+nVId}~_CXAh5K?xlX;fMnfF*!MlYaD=)BL~obXFy7a#
z9Uke}x8k*lZ=#@fivcvUcC++}ZuXeOfJcl2E!GWo@Fqx#(}<hthzSsFrq>**qwCj3
zOkVh~4oWZu*E-}ea`iRqH$Wj(VrA`iPsD|}f=WK}vGZ-8=)kv28yQ%4smYzSrO#D(
zD#Se^)CxTiuO)sxl7y=0VW>jI@i=kbcwH91W=(DvI==3Afy(}1*K3s8bWRDqDVhDL
z@RkjhE9uN-_g`rK8{5rs{~Rzk+Z(S>S$GXz;B#sUtqYU7JB<$RSvBjY%mCBvIgDu%
zE+8C``Csf_rONX&+!%OU%LX@lRFVXC(ycl^X@Fc~@4|gAq4?P@mUZEwftizWt6%m|
z@Hhm>#o=z~^g`4S{GlQN2^K%XLI(uu)%E!|sc~8-2bY=AV^4kE|MZqkrLOdwXw;70
zE5d8+!_wsh$0W3s<(bfSZ|BzT-^8O7-y0z{iJTEV<&#Ii7p?KEj%ad#`!@3*MO*-=
z0lGa9daz8tBTM-@MsHF&!FLvd>3AOCv94skP5T&YIptSroW7(%%(B1}^@sp$^OG@T
zXJ3`qK^`EE%mo|33}(Uj?gQLmIQ7g&v%UBA7U(_EN^xwRAm76YJ<}&T>jXf~?Y!Q4
z!R+th$Ku1xEmsLGN81p2i}S6XxM6uG_cZ<!)6PghZsdKYJ`ZJXne83BfwOeO2f!9*
zyk0O*B84dPhB$|fNFP+UuJ6$Pqz7(hU9#E~rkLC;F^*hz@Y8=XZ8v<P@MxIh>jsFN
zRMoAc#ER0tYoU+31>uj=8vXH-yol7Jr%#Np&Fy~Dw+n~{T<^Zk)UEAL-+>NmaQF7~
z_1=iKWs`S@r|Yi{LTdtJJ_CH{Erho%%kChqwLIhd7*U#BM=D*h$)Z40x|5|J;<x&v
zX#H2dV2`p^K^@r!lT8eC8<k!7XFFcq%sb=P3i3hO#AX__u&cbN_m#dG)DrBzh}a_b
z7rN>ZCD<dib=VvN<f0yA3KlVCr`GdJ42J?6lOvwf%reL6QJ3CPbQgi|zI>MZE$cK3
zLuHr5pvT(*1Lokoi?uXcECB7bvR2%;QAPpt+Ls_oZB57Vq#PYKG3t^9_<JQ!!!ZBX
z!w(<W{kcyF5|8=bUJsA+6c|E)3`IE;Sv=}*luj{ir@oF^R422JLf|{O5<?3c23UGU
z<$FGBgbHnD<4^kIdZVy8c*kY_0s|WKUvoMze@+DH#O!%=|ETxt)Yq@M;fyroq9@)G
zhmWDdTRuDI1A8~Q_&Qw=&F@0UEm7XfDNGa6Vb^bL50#Fh4&@MC?#CEXIK3YLe@%k*
z6Ctqd&4^RPg3pZxj*Z23Ax@g%AR@`nEUe0isXn3sT6i1bto*rc@Lhms3>n8IUMtPg
z=<q>tqp{$<bzgjBTgB><2jpV84YUl|Ysm>LkNh+X3ee`KpS)lilD}XbE($__*Ds`s
zA%C;*ni#ul6wnq}9BkMA=@|Z@nE}IL#WzLRgs-{AfnmEmO)d;%L$UYJsuE)F-U6g^
z>N&HWn4`-2UpW37)h&O(kIgO*0FDV+xo|3gPF23!D@yERNYTbK_1gv-UsaX3zqrCP
z=2<zlJQ7YKiBKxp`deJ@;%sv|>Njx~{o<z$S|8Biv^ePJ=fO(aodAwA0-u%xUCU>W
z=!|pF9}5k{iFDe`fMc;8LLE1AMI2L#?E3lnaaHy8VzcEK?fs4mzDaC4I=4Ul=7udi
zn33U~GZEyOKWR3UYP=T)=~;XaIk~T+ki;gb{CQ-qNq%j~us7S#E{Nv-n<jFXUr49)
zPnoMx+UZP?&MW4w8J8olT0*4oQl&dLLn=MCeRHqFylBUT6wI+~9iPhZUZqZ!T>MA$
zrTAG@P;cQtF|&>>7qxppzo$2@dyQ6H*Be~e$b}OxU9V62=uy7;Ht8gijuGXm6x?xI
z+j#-3=0}cL0t52?+4)?J{Rgvp)&`dEa)4ObQg=l)tmQvgH6y@o5FiKk{=TMIH5WTL
z-PnL2`#hw~@ty>|a_xIhdv=A{X7u?`%$6j{WpBzLH1bv1m&=;>TX*3pUQ&kOh~)r5
zQk?^2N86A5t=V2;*HQ{Hg(kv_{yIjZbb#UU9H)Y~!UlczUYp=24J{QB&?;;9+!5Nc
zI9FCRgC@q2B<-0*6|LAi^W&~bGOZt7Qhh%7je)Fg(l1$%O0G=kYSJ~fK<>E|qo3Q>
ztIU2r$H;OdmGwy7k#K57GuE}6>1h7k(?yi)qXi~i$Hc8(`477bnLjrNu*2mn&!nEE
zomhX1kye^URW#Fd(n{MH-Ik0~V?bvezZ&}CF&`^-Hcyhwh<dwI0COb*vLbEVAlmV7
zzJZ~=OO5-XpPaHxNT1CQT(JGZP5*O+Pjt(fb?0(kkMZI!4$ftc-1r9>2J)rvE8&`*
zySk&WaNYN1$uaEE((`2(O#WrhNsR80+<`z3XVbgj_RWm(=%#d|WS~N)BH<u1AlCae
z2725}40WZ??hpI%yXqw-p;*PY$(C8K^PATZHL<C=Edl+i{7+lppyLDO10io`1T-jL
zjkmRw&(X80if7*7n^(^S`xrk!Y|1YT5|Uj-v}#1@j)&EsHTU5oG3YoO3ZtohI^h{k
z$LkQBDRO-=1G2e^`7(Seqo11vyO#5mTMvj4?vIY`1w|1Y%Lpv?e8uuFrrNr=UAJ6`
z?IVs$L{&SU;Lp|6b@J4XJ<W-b2P}TD)Qv_yowbyZ9=o8_D#IV^47}^JuEMtO!<X3g
zIi3@JAe@CRG1nOo9L0NSmi?dXsM23m$W}JexiaoJ$-#An<xP@sPB2$yYLxRG=GTit
z)06)*i^>R~(+7~lzp38UGYuE3JK3=%r-)0wPTM_z=IP+a^Wi~}SrJmJ>Gg77BfR{b
zi*x@s1M5TuZnjPx1r%O3We}ZBzJv)}F+3`;ln8hnusI2RBu_|h5{aR0Oe6&Dz=yGh
zdzj`~qUh%{a}PK~6prN%b+^&vh3G@!kHMD<GIu-Qi$buI-#M6o4pDs;+TT)#310y6
z^I#^~j|E%|reyY-S#jOWVAl1)^&?|>;+jr7e<;2}+tv%8!#d9g|G7|@dN1aaQVd$e
z(3KG7K~>Jp`}Et1_*rd4MR&T_Ek@l%&F9c-3TYWP@s^3^mdBcQmpjzenNjp{7TB1}
zgJ{yT8cRTyf4bz!qn^#7s&Otq33hcR3<>!8aqEJ<k!fh^EJp7)E*ukE1wG%_-8%U0
z%2{6PTl6P`nXyD!C1%cEhMqZms4TD&Gwv0JK%s<3eJ?S%kR&k#n{1i4h2PQ|Y9%_X
zZb4_vKY{1#?_O~lpnL-79Yd7k`t;xBLSvIWbq~H7!q|ZvBf~YwPnBhCFmpU<v-#$e
zt3H6rr8&x;qT5HD?a%v0`Q&pvBeda*G}!k|7@W9UmrmUbp@EI^EDzS5_2<^RAQD;8
zA*!N}I`8<zt{(*=yp4D5)<+eC#RF2;d|iOGv0T05%8KoW+o(3Qc<%HdkNC08PfPDR
zIG(n(-KB=csPvhVL}x%if-~3;<+$~jGMji!m={3MLjb!&<?Wa}7oe@zzzgI#&}Oce
zN=6})ewf4z=Muo@?E+58cqDZxqL|o78WdOxOoMwO(~xYDZ-->}^+zwUA>`R=$y0C4
z6hli>ZeC3>0v*uEfF;{?RaICKbaCjwrubdRnbH`kT9acG^okX8Gb!0!igQs$KX86B
zk+dJ8H2AY__|T5;=Y+*5Ay+hZm{%W_75$Sqa?JqXG2Y06hGF3$#;Tq@$rG}@A+S8v
zU-m#<YaIldRh1qRJ=%cL{k_o?-2U!sR+!T&t?MM6KO(S{JhH&S3N*6_hGL>THMk%B
zcB=;TCjDbmn#jU@IL3bxlZd?>73nF>>1h^bJ+CER3zmj_q9%0@!4a~ZD?Im&(K&bh
zxm&}%@j>a5aeE?;q-S!w@?8i*Nx-x7ggmSQsx7Gy4VOm;|9#ajo`IxpaOb1J?|<GL
z9`9N?ba{w_!+9~g#DiuIW39>Pi7Q8F4bc8xPGb5X+*QEOyO6UY@7tLAP&jP%SnfU9
z;+Yz{)n?$t3OI?4Z=?ukin)#s7bs#%DrdzVyU}!E@7p4W-iIE1+tKtPP4RuCl3{xR
zdnxcpn&%)b$R>&KAqB8j_%m;TMG%UL(VT|XjK)XrlC8zK-$`oX$e-Lv*X0{u#@W69
zth>I$c$<r1TTbgH*q;pA`31$$2aWtW9`Ad+KSWSVwIw}YSu>vGn&s9IDZlpn{Dg@(
z;XZ?_cu1w|g4n+*h$$xjGnJ>vIqUZII}BIL+(?JD#8QZ4(d1&7o=k~=;ooa=2HT4x
z*NejsX~eBvp%UyOyH+@SkKj<iJ~wAk%QtT5?v+0UQFwF?tNPNv+rIMj{kuT=@3BE?
zg;sffwnlJTfq0z1{Rk)BAe8w$S<FPSW-N9Wy+fopYC4C0HE5^}DB*A(M^LAA<B>Qf
z(%3k0KfuBH%NoQkk2!b-!0?^1j-8T!j2&tN$uy)4h-toXiDq{IsnIVEv_#2Z;VON(
z%p_~G0}!3Rw<>Wj4<xWO_zpN%T&$Dr4{*_fx%W1l+jxq`%WW|_K_75P270*H=FlJ+
zY{IP_hP<~p(DK6NPrAX`@a@-*uqxBavzBc<^*7Ylm*<q`dq18QQbN^vj*QZ2mU_+P
zG0uMc6M8#+0C=~D5kV2O5$O-VPrk1$hvMFtMS|nEDa6ghf4zOl=&uPHi4fNWJ`8?3
z^oh*?Crm@|p`e)tF$w?Z9v?Oz#_6R<HeyzE`LaB@C4taWt?z%u%0Gj8MbzB}iG$v9
zrvt9a89ZtH+=EV3H*D$k)K}wXM>=);qh~+lE%Ol0$XfKk4SzVJlQEb4mn6?<8OjgY
zp{T^`bAqSiHh!(bz*GCESOWm3<6q5u;Sf)-+*oxStEQxsc)4WY);x^gqsQd?r^1gO
zhq#~AP3xB=P8o>p2TO{s9By|(n!s?j*9Yu1tLqqq_lKMNyN9gvo!J<E(YaBKq}C^(
z84;3AVbPe{W{$P*=%43jHC5B^EEo#p9h$n<M;GIuXTuW@{a#&>7rhp+ducw8PsQJ0
z_vHua_QZH75HRU@`zKY%nRZhFJz8~sZN}-nAAtkpYI3i9=zTqXaZSymgWWSHz{48#
z_%DR66pMX-dX3JQ=QZ?J!n%<_-;LIUeTtGPiRwCv8^M}H9O?P>0&{%aPCUzAyyG0*
z*CGpF-#{NBxW8m8jbI{JRk#XQ!CN5iH<F95(66?s7uv%`ew`TARXG?j+0qT4tj86_
zl5y*5o3LDeG8%;7v1Dv^tsn$xmMQyEE+*2);*s`iz~`j6u!wDiww0?-2WCIVNi@!k
z;C;e93J=noIgYEv7ba+&N$P5a)|bRNMo$auj^k9Yk0DTaj|B30M=h;wVcHM`SI)&~
z`h6Sg*8Mn>uNmZ!sWCyu*%@TWfrUd^dFg`z`yl+i=4I0rXGWD%CcL$<iZY+%$BL5=
zjF|-w^ohxFMd3@!U?6-pWO9_3J*emEuMnBXq6-mVh8dgxtk3>}C4_k`#=yONLecGa
zwM6$tD%>O3TE`(91qP^z4z(Whp2K13@%_!aFqpl`l`XQF<G4eZAG6y^G#4ZYgZ>jn
z4gahUVnLM6^M3VH6DGT(uc;?~i{~)#;1vY_PP_>vUK8?^!C(PKLRGeh74Or~C``rI
zGMtE9yRhNSc4`H}F^+JQVX2fnMne;^K48yQHh|Ib1z9VvudA5WC2A_~;S6q<?m6{H
zbJ%)%l%}L`O^v?~DW=KdJmO(yOAKE4Z*1Q<ih|jS($u%`OkOdxq<O&N-kUz{6~-S&
zx)-vFJ?)IskmLjYo7Wj&VR(O-wz)a|!w6_lx-=a>+0${&hQOkLd7&^69BREjHT~n!
zX%PI`a*fD)_lEbfaf7dEICBai-<M%Eva4PV)Ua*}y+?x54p+8`0Vf)rqe{+W-$P4(
znAB=a-NngUdh<ya7zq@z?OGusfBQP0#DGe0$BWQmWlt<b{)u}C%pXus9v?!`6M{aw
z8&4qr^*2I)IDnn|=jvEMEw*PzFD3FEV=Q=VeNZr76cy5QSyG+9$@eu0%rVkJ#U3@e
zeZTP)%$owoE;$`M7Vs#l9wz+0$@0h%No@)hu%UN~-)nQ{;tOWJQLK}K#=*_gg9CQ)
z{v6Z&5*J;sh&&2n4aByHvJ^U<Q~V9FpL%hBy>B{@Yga{4EGYLEm0!}?-3A|HP<ogq
zLGaT4tu4$`YTK~ZB4x5+v^vWx&RMAhq*uS3YMTg1h_6zVd-}+EvdDD^3(oopPPR=k
zBF>&!hO!9xEk&L`9WH8C>)rU_4Bnn1bdc5W!x%zeb~}LSm|2c)jJBMkOsG5B-bsMz
zGwb<O@;Ena_Q6TKy9goMFTQ#Y+FJzR!(f=SKlDS|Cc}+~NKB@_#B$jWLi8Nl?MlCz
zDHNud^QEIPq{gRVn_bvRz$x^)=rV*%N>p<$8*hj9KQBar+WJ{4zZ2sBOzoZ(!Cc{g
zC!RFD-Y^H~U3C~E%IUcmYzGazvx8wek4f*tbJ{e(r)Q%23_ml2eiS%;h=O_8{cE{k
zbWiNwRqioeB@<WLs#1sIFs`sKhx<Y-eWftFXfF)5+myQD9hdGs?=?&eHDa?I&~Xp5
zNVSg^us^La-qLY5ssOj&zog==F^4zsIErlEa7L4Mjjt@kenb=N-l>S<M-;{}1i~*)
z3h*{+{uG|qyha%enA27Q&Rl`on>XTz*}nr*K5nN_wN)Cd%a4n6F-M-l%PL4EF?~c5
z>lhu~8N}9~ysd0*sS0=d#dPTHOokkX-Q(k`>%$rV>z##r_JT?edhfLMgPScckjd6I
z4tJwPls!jH8BEwTwc_nhIMMXXZo0-%UW>7oPF}9Y5ra$mMd{oNFGzV511$xt1|hk7
zk)$qkwIH(9kch8Cc>Rnnrzzz|wreB3-A!Bj?Wr5qx<L)YH(39n1Wk0inE-TczX5~b
zVO>`n0sBGudtaR0<Z(Ob>o#ojJqVF89d(1D?$vJoOG83{p>9g;8FR+RRP6F;fpP`y
zBLs0Q_0nGTw5tiSCf1Dhe3k{v*;$J-$5Fgj3B@5Xqto2QnAEjk9HS2_+|Oo`(&J>Y
zigH7^ZiBYQ>v|r!9EEJK+CS7w=H@LJ22r>%+RRPra5R1l(!eI#Jj2#|oyeu^^6lv*
z`(UJfWFg%(S<ldF0D@X;A$eFwr@It38klKb<z7lHDGP*d5;ACct%)Y8JHdF^t2vTR
z&8u_7By5S!?SRT;n1;~~rc`q7!&y_Y0Nx>4I@t~}g#f*dg?#rTe}9cFv~JF;o;_ut
zbF(+WzCt`DF8!d-g2qLI42u{G&>oWCcMNy{bi_>Hg~4P&_X2a}j|qafTfQY%$AIZT
zBu)vF5z!|v#nCoqE_1}X4+sf7_JHodN4N5t(J!b3|0m?|h5%hFso;<>wBIfz7C-+{
zu~3FJZ$T^~KTD|6&r@@9HrmiiuD?;ugpqbhI90@L%i}g-T;1XZgUTr~wUf0EWN=?`
zZEG0g1rF>64`{#qPCt~-^R{;#Kr>lae%H%0b7FRRgJn^bOJ4m^tG2qu3ap1fU(+Sj
zyHDOx1`&?d@_AR)K?ms52l&+$%b0l$-tzG^FY}o&#l`x;!sxwYWaW5=`4&G*Ejo!2
zt2(AJYE1?9ddBg`+_SyTt&9E%Se!3%z*Q}0V}PkX%B}TGT0cK+Y1m8idDX0DM%dos
zl;tEjIlc{NC=k#dC{50V5U&Ns1FQnnOFwRHoX?L8H&zrUE-X9p5=;Q)-CRkQ;=7GS
zU4uKRomv8_u$<XsPu^9Qlp4?OEE<#0^5`31QQ#w79a>|C#yDHaW)|h8CPLVRLY^Z9
z0HZ>Or99cX^?$U@e}Vmu0(K4Ek;7W>+`V;sBi^$M>UY9MfG4;MnCE<$4%ZR!V2oIM
zV-E&>(jKStFa99LEM0nUBSm=nv610wtCBVBrC6YU^qQDChU0y(00W6L8BAOG{jd1N
z2HZHZz^Qlk8lTX{=HPPQU;h?`j3tG3z^FPJHJgA^;K^AnEj6U=x_||HJ|@)Tr{}0O
zs;sU_==cPhq!Stp1m@ig|NL{qgnglAJwjJVF%|8T{L6N$ybI~ifC(c37hY4=4GuJp
zRpB9dfG=Ij!3P?{Z#oS@)=ehH5^{*O0e8&F<y5gzq|LYy9FnvoYYgQyu@{M}64uFe
z`edH907|Ar>)0^FD!Jo{)vvy&7?+(^rRadcLm*e5DkrcY08n9ZyBen4#FMPx5aVnA
ziTv|b-l}j*;_`%_*u_l?WbZh}q<PdVg=!^8f<DZdVYRqdkr)nRD-wwp$wvs8VFlM-
z2`8b$yT7m4@#Tp)v>yt32<rbv>;Iq?czuAbjk6K$u9Y}4#C>=|JUaFEZKVMJX*qp}
z=7kby@!nu~+67)`mHO3LqpQDVB%Qv#+tBiev(?He6#Q(tt+MiFi0?uR^`%WSheNyO
z>ht$?b&bc}0Jdj&*HlffinVb$;0t=Mi%EM?Ne69E)TKosyL_GJ7(UEjpGF6V1c(}Y
zQF=ZJ-C$qKVkm@uC?<qcGF3|yFTZtvy*Aq4aUtxhIvv=NP>48N&pHKnFehF=#p9Hb
zt<MA@EYX}d;yg!)RxNcFsgN$+<Sccbsxgg)yZs;#Dk(PoiDyaMfDgfxCnI``xBtmS
z)bReX;LF#*&t3^^WLq07mutYFh+%X#Z$(Zk@C0z(-9jRk`0`FKC%wojH{lg;fL#0d
z+q;e*pq$wWe~$hbt9C{}8ZHu|2QKrr$WXNHjYV{P@CFRtWl{|Ye0&oXCtjBs0ej=0
zvNK-@pr2p{KGwU0K6k^mnhz?`=p4{ts+=0f+R0A9uD3Yd=&LiyS+;bm?O%Mmdid94
zf40pYtmBriDYZ;=LvW(H?f0ALzUs$$SxB{!)Au(9=T$%DcKfHH-C+V{1StzPK+08X
zhx%Zu-lN~A|B$pM*DP2d0_udpgoYpoa*SQPooe)ncEi~oOA6>)84i79eK%Ue;S|dP
zo*ms}k~mcZcHrkbiAtzeTe;`{SzFK`8j<>=V{6KJIW6hE66`*Kp?>wsoAOqcY$cqa
zXY9f$C%AJIF|Ba3Xd5_vRK}RccOv>`oqC&IEO=)OTwS`(Y0K_*{=;f%bWzhon1F2v
z?ns7RrtMsy%86c@L#a!YLgS&{^@x$9{_fpEp^zxth<k>f4IuQyqt;&j6y-KNfYg=(
z2sIZ4w1{On0Gz;~gmX>tPL2*MD`EcjpT*)3z5mwrjdwm--fe&4z*klb-u#ahgVHE5
z@Rtz!TvFrBzbX4WI>z!6z57+oOKusy!d?^Y*2HjjR<%Rlo{b&rp81{~_}iL^;pyI;
zH+=qepbQ<c(%C{azqmj%zS(<2?fJnrkA_G*cucc$)G6+3SA}F)9C>db0F*1aFH+F?
zpKa?ci|s4c?qS_b2ATFlO1B31UcZ(Mr)PKdk5_s+ykR=ixI2L%G=&<4N#Dyjj)`ZF
zWY?+3$C(2YUc*R=i=+A_%!M>3*Xd!_sg}qRUb6r^IuY8)kymqIiPec$lYNPnBSrZs
zX-p^lh>?Bj=HQ^39W`X9dei>WM6)vQ0UFFVdtHL?G*k>((k#c?pO%on4IarZNXt~1
z(LiTIfEYF{5t>oVs#@i9SI2*ESrC}E{*~MQ6Uk0&;Fo%z98BN7p{plPxNBdS!K;tL
zJ>N-mNEFg@RD8o1y*I`(n}+h+OE%z%ZhRAf)EjTM=Y8i>A0t>5Bmp-Rp~wl@OU5q3
znxT)=^}#40A?pDiP`{T?pCNC;dztndcXbAMGXD>~y8{QN6BJ*pc8a7-TWZvfHUL!l
z{iwKu8&Ke-l`VN<9VtYOg60#S^8Q=mNcr{#zsD6(4ruY(JP)QMxiACUhe(0W^;)u#
z!bJ`Tgkgb_*WneV$YGVM&`z!;?l6h_)lA}f>e@Iw`&CQ5TDJzwhe|Px^IA=&5;;j0
zrxnOCkzk$sI`PClQgkZ!hBVrF?z5q4ZNTY%Rmxi-(v8_yn*Kzw&n(~%b6(WTPFdWa
z&-75>B&e;7Z_z3p<x>Dd^v>Z{y<R}2DJ>1cm4UF;{L?(kHb0_9&}O2*sHAvo{{gHo
zBe17pHxp=%c(qL~-H&9z{LWNdFl-kA*QW2J+7|=3`IpN>7u7>h7uOT4L9aTm_YHsR
z@In|saF!0tGSzPnNo-KzWl0Dq&#x1h<8Z?G*dTBhP^m~_NMQFG#_GcNCXV91!z8Y8
zJuj-z)saZWFS|Ed;I~mAEu3yK1cfT)_YKg;3-Dolz0mV3P5`jGzV$zGBH>rQf<#N}
z^kUZWlXosRBeJUW9G!Rmi1p5lxv)nwn3nF1`S0>fS~)*hBTN)N)bWM(CrGK86`^Ya
z;^BnlZ0XXpMN2hQwsrAlhFV653D289dlmA0elI1FAPue2!Pa4ryqxyG3h5@Pa2v3-
zN_y}hgM?7%sZ|m|Ot?a!2W4NaSegXlIBo{~iLKy!$pWi8(qM^0(#S4xj!;BZ!e6|n
z{`$BPMi$`tpM}S_E>8mdiO|Fib4(#T5Gr!f^&&+|P0IGEEC~<FuosC43Ee-CcySGo
zHF8k*ueOr_%yHmUvWu3)$Sf79+A^RLS+{w6H*izF6Xsx{QX2{yYJ5vJxop41Qpa~I
z=G!PnfM?6CxqLLGt?GNc8v~H_Glvx_fANS5R@x9*P~u+i?GKTm`mg@oUb?>BsHB;p
zv1&TB{s=g|+la>_>rvH}ttss;N^KfE_MuBf2SuQp7G?*pao#CT=q#P*eIFbPK3#gu
zE<Tz^sM>HBZS))0G)%h%I_LxRI*CF0a!yVMyE{i&810ra^Ow}~U?`;^F-wPzU)c|i
z1Z>y|-1t4dm?{kq0f7*F$71IAYxdS+cFH3g0Jfav6}vHcwG7)mdJu4qEA8`@oAEo8
zZLZu}?`vBY_A+W#-+Rk{I7`0Ub-nz&22+p%vEVBYE&87mxvaEW0RtPd4JkIkqgBmk
zwts2!0A`s7v?)cc(elU*<y<h_v||ir<rrXcml}4dR(*u>y;4@Lf1tW;q}x+iu~3(T
z87aHz!2NCL1E36nlioGh$3owM8Y3H-X>78uQ!2>)^EL{m!Cjw`8s_~KUGL7)>>v&N
z)f*jXQr+CIZFW*aZvEFM=jTFQ^$$B+D^nB8!~9t9L$(gx9(NbDDYIjv{=)t7#RE9A
zALnAyT;1%paja?ICohs9eR;OEc~6lZHGZ27CRfY|MM`qF`jSG|HN`(VoWaE?4T|xq
zb934Dt8i4_wpOUJFg@DXIaG^>RqRsa{~0a+T1D?1)n`-G13*l)2R>E#y?XT)MciMV
zTj*>ja}udL#IG~es(C+ztmClJ`afYb-7aCQ_L`k`67(VJe*d9&<VmXM@c**_08BrR
zQO5u`5x6_s0?!Z#EjE-VM&Ar%Rykq+bAhnX@bDb0r&|ypZW{J98KE2ZUiAWg4i1#_
zP*Am<Wib`<6#&2wJ_%s~WuFFrGc2fF3`4~3EeZNb{%q@?Z6|pTK=lR+VR(Ay);?}#
zWd@|xufR;685jqz^*e@nz2#6N#{79MJN)B6ngsFIFyACQ@eY2VyuW0N8o)t%cM+#!
zUU+f<%2;qc)TG5fudb~O>+Oc$ezcMUUr$P4dC@K6-ev^EtaviLF4la#OoEX&<2ofC
zV)*K(t``pgf*gH0*WVwLIjPSx1b2cJEa0_C;=iEjGBESndChERWiI}=i{alXCtpy2
z_i4_ZPA<zmcg?7Y3n~7q7y#hE`aY)m2HOJJhHhSt=@;*l$W6IBrq1&FGlBtH(HV0a
zTxb=HTWziuH#}Zv?VYSrHO*5%V%EHx?32|idpvHXe-w{~*4{$JW)!Ld^w@h6%2eoP
zp5n-F*KZhvA1i^pg%KSa?&E*^Q6~`krElxK0fBgT0d|5D@<l=C@iC!Cd3*I~$6}KP
zPMD2eCVAoZ?(Oz?y7W234DpLaAo-hqaJih+;@;g(Mn55LG}FbwX9X5xUyY=Gk$hm9
z*Koic9F(>s&u6jHx>{6Kzb?J>dL`tvja_pUy)VtXvZsQov!b${i<MY<JW8n0k#uT-
zEbUFdrvFB4pLeGns)Vv(r$gfJw%YOxi|IrM2cJ&|aLoj1ypHRS7cwnZu=y6qYiItK
zKu*Tw4^G5Qk!|zP!e33vRTt#VZLJfax%6FL`H=v(>S@c+UXoDF546(ZCR5^+81WBY
zkY3Z?;W`v@aZ+LsVg)bHKJBokA_#hY4PkWG+~l%5d;F3A-H-sH3o4v}aJ~Gq4}Kuk
zI$T!{-)}{vSXF+23-&o=*xb+Kv*A6OcgsPacN{S?y~~J}nt${zRr&xqFgoa=_Ub;K
zhoKV5rdF8&#v_>@PD-=rA_gTFXzTikXkQg8!#xIYWe|htwuWgJ6)ZXvY8QBG0ix;6
z(aFUA;G>4;PsFIMXdh4xYaadY<^{iiHcY)FRTLgm<=Co6Pn$WZ-RKFN6rGfD_2|k5
zvG?>}jD#>gPXz(b$BqA#ryyb6Lw0usb`o@**7@GVxtcsj(~CGff5{m?{cY{o8FbqU
zp}P^~7HyfL$>YXO)vDEyT}pMkqqou9ugI7FO7z5#rzr$6o0=QNMOo!009S#LP=Nf%
zwN}%0{Q==Lff<)z)UNe?tj%B3Q_La8?}d6C2lZxsiu$uY;c)23i`w-t3|-LXs@sw0
zmMW;Xb$WLwz5+-@3`~^AN+#kTt0-92{C*sNVj$u$k2f;c;e&^mm$^>~IYwMl!@~#b
z-v>QDDz>kjjKtZnhvYz5VvJ8><2)lK+Evz8qSs{33E9(PKc===kUh$7k=amhEj}1C
zPYT3aOsvtf2fv58Yn-Slhch=7;JIe-cM=OAH7=0y=okpHVNZgQ5$Cv(Nupbks->AZ
zd-;9$%VEM|{#P;x4D1fH`jw7UH-|i%ah3vGZRT2@%jr8%y!tN-moG1{0!o<)IQj}t
z$>?H)YBsvMOdj1}vhBKI9us(j?4c1y3?R0!7(CxHkpNum8~ACaZmh4CA<VJ*4@_Fb
zGK$WHJp~>#E<!(h47(RUkkJ);h3*mtGzjTXPypoJ_KzhsQ0wk5Z?^#0>lxwa@PaMV
zk~kX1gabQK_w3jR`A71?E~Q*<BVPe=?I}w5AbeXUtXi%_dR~jlE1jeSe5M0-3tb$0
zQ;sesHmh+L99JYe9K)Z=(8`AC!&gnDffhPo6s1}lGRFo@5$Bx4WNkpksY?X3tYz=5
z&{L;s_`qxhYwg<PGL(vnJiqWd`h#(Rdf+8>Hv_aYpbJ6M0pXy~hv$B8{Hha#+tX!c
zm!A#%=bivg?_ZK776ov|TxtD0U$3bhr&rVRxV-xP-ZM0Ye*Q^BL8gj^@^N<?eD%Tr
zFrBNu8KwD#pEAEU46rrx!!GqGN3cBmPWYtHGOWNe-rn&a`f$0t@{`m!w-#R$q)0j6
zN{v8Oz9F26B=n^j45(P#Ka(@NR3tg0;?U55H*i2!Uk!2Oh8oB%L@sY7Ez2IUETGgl
z`hxuKZqWos&K-Aqu32~G7J6DjQogf%gG;LQgojWU;W6a~9`rd*HwyaZOw>#pagT@b
zJ2pwq2NJB%FhXUbnp_6s7W$j>8nfx`vF)N^Ew89Xj1e=ZYKlHx;cuX%KoH-*xDE36
z<%|b&b)k}CWfH~5ERDWPeo@^J`--ubjT3%TrYs%S55J9nI$eFyfIS5j7v0bhRk2q#
zE%*$*hWw2Fu2n52dzCD8mos&dggeMtATJcUYWM5$UcmR*0x@<2;4*J`VMBvv+hFuC
zDuSWFV&hAbevMC!La`V3b>Q&8pl4W#-V%29SNI6Hga%D!#T@cqYFr;W%u3}Mm`|be
z_-)ti>4>eLMs0o<6(HV20l=a7?ZQU9uSmwRJ`@Hh+_=#eJ@;aE8QtE|m$Hyuwm5!8
z9{b3z(QI)j9&{<HG#%H=rF0t=taBLGG3Lk2Oc0g!w(>o<1htWHM6_a{!!C_NZ6H0;
zdsmMKH*fU}WUS+gB7UhWa5R&c^=Z(o-?Oww2UGIRy8M4>Yd&*YW7owT>x%}&=M+W#
z;K1T{8sEn8ySEpsy<7SoD4%8}{XfK;Z{ZOcW0}vSi|kI9-W@*fq6qVO3^OgVlXuCd
zW{*5Ym;|3H$$f$96Kc(y1Bk2K)*W-eP2!l*8Pwz?^O(9wB1u;gesGyqAUNy7jU(IO
zD_T2=J8E)-PcU0U$aezpJ=Y`Er2bFfq25{M0XQ72;@fuddPM_@gQ~#onl9Z3arn7h
z*3Bfa-g7sKwa{LXIr68`R@VENrguqzmX}cO@|PLgYyvp?o&~a)2X09QXUvg8N&$Xs
z*cX3X&Giut^=1nXj1S_p4LZ2Xa91;Ygl`FzfBW5PG`H-vK~T9K-OesiMd~r;XF*|&
zo)PP{L;WzUkqoHMyMC3$>omzRB*n?zqem1~E|bw;0q9NgQLRP$?A!a7k-PZ6M3|_6
za<Voxvszx4j?<EhzmZjCpr1_thm+}*q0Qxwgqp{N&=ir}MNM!>2=MWBCGg5K%?KE8
zWA<7o@NoN?BwX!T&bCbHy+z`j3>+oFuF8ytpP6rH2bJ1$s&`Z<()s9AN@cTqS-Hpd
zRoEQ_z78SyN3*KL3Ck6Hhit@XR#+<Ki`taKrK72I8Z=nfh4-Nw_OcqbJ>m~iQ0lhO
zFCiyGpsUp=Ox)_2t!$_{wqse9qNB8ECvar9nD5ISt?)d|nfb5){=d4eIxfn#OVc1J
zHPq13NQ1~wf&(ZeASE?O3Jl#fk|W&>QWA=ErvpPXq#%tT-QBgkyWj5q_TBe;{(Szs
z&+pvVxz2Us?(y`j4?ERCc9n;cn2Ms%s)a+H-N*3P%PP>|yK2$W%=*Y~f3;9i)drYF
ziS)Q4&(K5<wVyh+-!>$&w5>$8it9s1n<xKRYMjFQD<G+2U*joA<RJ<W17;Qf?p#^a
zBMB4f2@GVqjonu6V;-{)^x~ci=kwDy=1vMC1uKinfggG0UC_XHyF37r!Wf=-Tj5~n
zO=TVKS>^d$SMd|U(EcjmtLHK1Hz{@LJB*({6X(98Cs5}JarcFO%#2W(2j3`Ku0+tY
zg84|NCTTpEG-2~mzHvOpp$~#|_gT~RK(MC=Mp4*w2P@UUU2kxk--x2(kFDW{AjX5y
zqcppb&zf@j5-6l^H$y3$X<q>vwJ{MGZi?R&p~s^%TYg-$DnsJ$F_+3U{<Bo`h1ynr
z)Br0LarhV&fv;v$y)ZBHK5B1sGx){elFf&=cRa>IAmZuUDr0_HUz!Q};=hv$B;moP
zLpGLc>wlJ59N_`gTiE#5bUrDj@L3eTUiSqjm7SfdN#1W{N5IE5<owjoQ#+1&>0e9-
zz;6f<o^?_}wK{x5=GQ(+Kb(9i?}Sk1z3oq$MEs4s=#hBxtHVQ#Hz5^_Rs^fH{flI0
zcbKWB+M00MBmSJZJVR)509#=E!wNnS-UTW6qH6j6GW#A=?#UL>@p<{Hx>rZbk#`S&
z+-y<&YnT|29(oCwbwsCnzE6C_S?Aiz7V7H*L02k|_088fjJ8jrV-`w)J!#mG#j2EZ
zS&G?t#oODhjT7$1@yjm6QaUuSY&g-TNV-haJ~`Dn!TLZhWZ!9blO5_UXOXH>_{Gv=
zA^SiKF$H_rRwL?8>J9+b6LGpeQ^cB#nPa}(f<C4WkVzih+U2n_v(5f5YyBV185W8T
zJL(|+b#$D~oWn8m;8oc@Xc4R@Ke!U-zWQTXh8FTuG*VbVo>U<C=)!s5@2(M2xAvj4
zbquk-f;k#^Hd-pUv>ZP)>@7GHiMU%z0Lw}?W=shA-x3`C3{~=JsmY7{fSK|_dgvXU
zURm+Px0U{;Qa?jdp<`@P750Yv<>RIVG=Xgr_Tx&Z1W{cX12e;B`;k9gbzSs191>G>
zLg>oQ-&V$yU%}W&QEk<fTH<dGuehna1rrZx#ZpH39Jghos&7MhLZs`~Q00v0nSQ(o
zW@6Ww3Oy$M);c^dt|miRMQNp!{JCzyBsy7`adcVfLaFwSe^GmL8Wi?73I1P#JR-(&
zaYC~zY+k_-TmX3aOYW<Tb%F6Jlh(U9d~AKhiWNm-j#%Rz1|>0WA@N8IV!Y%eIF1)@
zY$KLqyjc|oG!NwfEpu2Dd3|B=DcO&BIUF_C7vdG@inmsf@l7#%9bLdNe9?LmEk0w5
z=UG8;Y8=_o&7>OQA?)ES)8i&H<mz!(xJ=?)D7)7D*jeeKVo_hO=nMGm;6aR7aOO#B
zragFF=XPYA+hO8^jsNPmyvg<Jr^5<Y;~hi00&($G&isu7Ov=N<yHr%TTc!qcpNTDy
z`ebV^ZUHrk*M`0+dyZw%u2flXCY~`_Wo+9isu+TB6bO48E-V)WKH>NgHf}C_)QF<p
zsuzj5;iju4yy~@4+kJjwcfFS;oMJ4Zr@!a)H+cFVmzsMIF<FBwb-EEiXuKn}#rpYj
zA)|U=7VFZMkdUBaAbKcceSUfYD><<~<a;h*mT7Q6INx3p1}@seqpVvCewr74=dZ6>
zkS=&u4HFI_B!PycmJ%k5G?YpgfdSau?sx=v5xdsA7ctx*J3GwcsfL|u56-ig<4*6-
zVgo}rQ_RYbTwGOFHi%x==<(**qj(+`vm^T7?41mfW9n|Z>(<TORtkzwvl)@ItPxke
zYu{%bM(oG*9}Dh-Glb`Q01DH`z<xt3o~YnLQH8Nylenqc2YDGouGdsXqMBf7jLwIl
z%iVf<y*7aW2Qm8fHwT76RhWt`<f?6fU|*v=m*0kRsq!*1Q!%FWcSLIbd0xBEH1w}x
z+5cGRe^YV9Z=~$_<26k=mGW_eHzU*U@yTOO0`Z^C$wPvy#VbhfnD@?%aF;rvV<Ymx
z;a!Cv5QLgv2$|yEN^RO)hM%QeyShAbu?Y2y^uvz}=@hPprW-7U!Nb8OE?h@r^B@}c
z{GcGC3V)o`ZO$_J<B<=7Fl7(o;++u|et!RVqb6o~&l&jwA;dR#m@Pc*amI-um;g&D
z)sOdMyO(KU7LW7plBgh_gk^6Oy|d-5_%>fnzc~6{|1iS3#a}RO7D@Zc&*+%;r-D`L
zO(CE)_G&O|y=ohZO9W_oPxVGi9IZ_?tWA_S$a<P7g~88grh%C09;({l$k>tYS>0}p
z^?QTuouC^bqt$E@AM{&&;=;a^t<3WJ=xs5FQik(Gb;0rHpT80Le<@~*Kl%`0^fgPP
z_aUXrpqBpb0a3vNxg?sBsji0;U}?Bv5Xx}Nnl2XBxyZDcxu!Ii3*?D^ti?(i#rpd0
z@|Dq=u7&!!NA&N-l^H0rbrkkQ?V(Ma*%ZAYBYphlbG(RcJfi1R_={6UGsNqi?V@P>
z4lXyXbYRJ$fJ+GbnRd?|DflotP*3te-*Z8X3Uhhqwuigmue?Yn=XTN}ojjs7yl!~)
z`DWI%)cRq`Xli?PBrrzHvUPL`Cod!&TAVd<6izqHhs+9b76-BGidBJ?uZ8*LbR4Q6
zB_Km^FVFW}+_BTPYEt!+!!pc8=09R1(!f6>TX%$w_fz&Yqi_UONI<~YGxu%*OTOJ@
zv8Rk?<)r3&w8#20&(9>il~FlgsfZRjEI}Xsrhfmc$Z!Y1G3Ju%Eu^q`a>ex2QMjd>
z$%6MAOEBzJm3B%FlB7<<PAFi&ZoMrO*(t#Qq9F-*De|W+5H0f=pn=E#7i@4Nby>q1
zwL-jR?IvI4W(V}jm5fd@eZzT@Z%*%;1*UMkzm*~$jOFNv<qCmMid{5Rv+?;P=c(h;
zm~kQQye6+=2TJK6_7b|g%CV|z`yz-y^a?=_y+(p+`m;Twp{9w6%hX57ZQF-UHG+$X
zXyT`iyjzE<xGBc<{e6=FC-xOlA=`aVavbtyFFeM09a!wrGQ#owkuNc{7qW6PWnWjc
zzeRBC{S>Xdvc3y_4#^Du+WT2CM0xhCviN%FS_1A6YZbqpc$U}xOq@MS?w_va1Dn^P
z_N+rWg_yY2T54QA9y+Dg<FJTTI3$D(LMJ#j$Mcxja{n@tZ%SNF#!F;-Bzm|wx@NYN
zH*4T^-#L(LP&(Hm$s#nP+T}8ADNNi*-(eZLk!#@h-3*t4qpUvbUbMOvyy~Aj%qk<-
zTDpA5-{Pd!*yD9E8|j~h=aq|>{_b=6!R5e^zMn`OtOxx?q`4n2AL35qCSv@Kg|fFV
zD)ViJX8k_2!cnL>tHHn1C*9J4@!D-u5S|~rkUePH?NI#bi<3#Miy(j)m;#cizdy|2
z73hba(c2WwlxvZrp*Oz6I`(%RDWAPOZDlE$*!CM-aU;=9u0Hp2wcwaP22{1oKA6a;
zkoGSn>mLy8W|Br0YFVnS7iUc=mA6S~vf3>4_=JyY1Sjzkw6U`T-5FxZEBe)XwJ|NO
zxgyJ;e+~+K@x1x@I%aerMYFCxr2~cbZY5f>ad;3_GYyxIZW*;thgwjL6e$OjH=<NH
zzI0~#Q`h0EI`KIAXrA!RsbACyx0XzdbQ1<IdwZzxc^@wbE;4GE>)#!<4UWDmFPVuZ
zz&|_$v!4$;Jp)lfoc>hSTqTd+z2}f1U|=+2;z(3cpGHpyXsj_P(bLsxO1g3_Mv1u$
zE)Z2yF`dNR+DkY6$>~Y)jj?kS0(}+S-c%S6;bwd*9N6}QX>Vk&yRxoC>_mvg`J(T-
zJnF13p>g?6$rD!8PQO6=^WRu#mk<SxSH)gRM1%aC@ex${K&xIQD9iC)fpsFi?+HnD
zq9E06ZApy#9p3SmxnJ(Y1iTbSVRw&}#j!@%#Uh{>nm=Y4NxAgr_EC)eW3#NB`Sb^`
z^Eh9h$7xOKw#=1=CI&UWln;&j@{UOftL2Mg@-K~FH#ivu7N@XblFMo(8=5PV4_2WY
zmy)GHF|eg`Iz3yt?D9ScX6)KIk>z<8*T>x3WR=&jL?x|R9tu~*R%Zbs5_oe$%~khd
zDDK77CXY_4SxdOY_CWJ@QEBAwxPhK7H>^+a8euXH_be>+D~PPPEfM?hN>6vZegp|U
zl7$9E&oQ4URQ_>(G!5cF`)T4?qfZ9i+UcX|=ZA5Y4L$k?+t9T7{C@`azwn)pI<=o(
z8lg6}VN30wymTPFlFzDM{ILQbBMCOyUcu6>O1Ac{_l6%qpfgVvm>0y<_4et|>W1ZZ
zBel-1sxVy2DnU|JQ2Y_8#En`i2d;CYsM*7u)Yc#L2%VboN(~;F6o2fi_~f(-fp95;
zk{_jT*hR^fBu}7+@KPXpaW{wr)epe;9VL($04X=HY$~%Ks|LpYG!iPWYR^B+Jndys
zYcq`^=3eBtKk^xt2Opv!Q`|pNKK<DnJ*t;q%KVjBO_G-Vdn8S(#SF*nzEav;&pg#}
zWSJ128HE|JyGuaRz|<o1d4nKE9{&G_w*J#BZ9JI8^gI18tuFC1+^Htu6Je3MjWMc^
zq_|Z$$MktFXia++Io3b^VG`qSN@u(u&|_>C_v`;~@kV2&Ym5@4*Q_VF$rlV%Dga{j
z?Pxj|alkw(&IL2)zV7F7&R_3k%L3AW;&<Rh$~5#aIZ1LjhHn6u&@XmW;(DfasxxHr
zHtI|LnS55R%TEtU!I^YJYN)O|(@MmO9%s8;kVACPs6OgG5ZL3Yj`qc?lZU;)ig0P>
z#3u+7r9&m%Eg@+t`KLJOmw%oU#noRmUn2sbkY6UW)_><V`bYS*&s+CeFhj*k<Bq=5
zhSBBMHhKam=cxGc-Y<8Yvu$x^Sw=BqF5JT+JQnS9so_<v4nKpUhlChPqRR2>pYND2
z3#PKDIn5sCZwx7c)@^yPq=SC9>7nO%wgOXwYv)FB4K|(#XMfekPKYl#7f~&@;j5*x
za2d}rF}o+S&F%QOqE-k$1^Ak}9V&nAS=AIi{ES?pcU9v}GGV|G<IeY-y^ss_-VM=|
z&lIZA*XGn#bok##y!!KH!vzbhYaJgS3!7zUpaq<|c<8muJ6u;=@k?2iJZ?oNDz%rT
zLsheUX7u>3Z~|H+Kn;;p7pFfjm%w;!raz_sjgAA*`gop6?$B5JwRrw+3o#qtqkS9R
zDX@WX!^hgKAi~9=@KP!wX(jWFha&$!5lET%0M1`6Z-Wwd;p{^lSm*1})ZA~Zzbmn2
zq=%L)7IMOQ`}KH3^$z<firp$ByQVM+ik6TW2r|)qOtEnDD&-e{LJGbl|Fl$n*V3#z
zO{<j|WT!d($uff^(new9ni_;Pj~)7*_PI3~^&-eFIbnS`?;HM?AEn0wE7IWK`ek*g
zA#&V5ej<jT*D6$y6a9Vvst)#{>-)8ifP@d`0X56)+*VN)Rav#bf>qflwJimQtyElI
zYwuAYzWsE9x&4xVjK<=(`94e7wi2M)mp>|@M)v$%$C8lo!qmTC6Wj6=Taf(eWN!n&
zkYBc4)1`Hou*_+HELntvZ?cgdO-2<${>^0z9F*;j2KxQah_YxzIF8@m>}z~Ub2vqV
zB%p&7b_{ZkPmlrVd$X63j`1NJ{H|#o%H}xig%l_Xfk;xajEI8#-t*icNs>T}XnQ#w
z_!tmsoMIlSwO<rInZHm8Ov}v&D##>zF)>ak+&^)J-vOjm;N_qI8T9;`BwPTdZ#%;M
zfeo6thvsze2o0x^BN&8FVPXg><R7!}6~*0cE~GrO?Y4E4=3&Wg_`HN+aLEtwE)tYl
zQ?ilRHkPse?0S&&jpyVinDh@u`lHzE&OF7-%waV#)-lEY;TE<(E%nD9p=#d&Z-q@x
zayW3jl{87b7UZqQ1zdt`v{KZGPFIpY4-uvHHQu=q<-tCmPab>sIjfkvUS;9%lTIuA
zqbm&}NX(fA(6h6BqqMKNt5H?kzQOctc^X~AEE6MXJd1vYgm9F6<($^IeV3qLQ)?#9
zh~LFf7SJ7iKyC(Gr(5w;AO>@c+>bFG7{?ihsahw8nlY7CD6jSvb#pvg(@pzA;wVak
zDqsJymQ@*h8nS=?#;%SO@KD9*RH$>8URI7hESSGI(#u?sT?P^RZ=0DIY7VKM`&sqy
zl6@6?c$8Pc9eqsiOt%h{wc{btw+9K%GO%#VoY<D8T-p#;m+3lv226d?mB-)e>t|_T
zHk{T%mb6eKE=!U$;N>oN?8|@XD6~Ac@VJtc64}_?BeWH1sOTY3LezcziAS?oH~;%x
z+s}sI9}cpj71qc84bZS*7JIf-&McKJY&aCim1!6EjT!BZ+H`b7d_UL8cSKOu<|t@H
zxIRXaIV46GJMv7<*z01Mt*}vf@C~+EbdEnvN%b<+@(4lCT5DjxocH(rG!NkWX(NDw
zQ|iJwY%|*Y<v-zpILkCk6(oBrH1;d43S~#M{T0O3!hP%!9#l7Cq5zD$T5{6W`z>t0
zwx5Uv3yAE!CkroiDxE(^;QQ>ZAVUTofU_NFI%zH{c|I)$`^@o^q^?Q7pXfs0hi31O
z1?JUBUu1!zv2U^7OnrLUJ{yg)tLs84wmKlprTcrtYhKjsn2I<w?^wPpOlhTY0&1^#
zVWB?GG)<z+;mLOu^>J7jKqUOh0moH-W0ejXHG{_H-s_a&YpJdj?Au9B9=YE0n(&iG
zjaZ(A-Eo6|Cf0xTf6-jrG$D&BB*qkq-X4dxyv#BeOf}bV45YisX&9&?)R@bVpRnnu
zhtv0yy}9CULTIO6tsk&GqOqH`sxZLK=9bK6MY8x%Olv$WG!2bn<bX>aE#^Gi{k%>F
zu(ts1n^hvJUy#yPzbA;Z#K6LLOV8(L=}cu}34!mzTre?D*F^!Il4o^&PG_H1DodUP
zPYg?xk?J^TQ(1+Fl}Vxi#~U-C3V-|QA*vm5N9JxbaZpIoJ!&D1b!arkq5MjgxZL^l
z@cZUc>UH+e2CFb~y0rA6kBj~P^>O`o!sU$fhFCmV+&EPv(;R9l?s)G&AT(zW(!wux
zH?4lZ^Q6cXHLXP~tJf(a^g(xa=$=fvCFIdMul%vp3aJ&8y>&-2jM593jdYN}OF43h
zJg{PW50nJONrYN`P&MC@TyUyP2n)$lLuWK~uLGss=-b+`=vjA9hh082Z50PG#1&y<
zkpH<RxycW+t6Zu-o!k*9bl4_*dgWHa=~e7~GQ2|Rfva`saTVh$JvK>=V5b`yAKiJB
zu1MyY`s`AR;3)uR!^C?<DD@VgpbQpWOMhzj&2GqkXc@_hJu4C3>kS`3&u0r1QqK_l
zB8hxX!gy_9jtXf0VpJQrEwL_N{P-<j@9rwr&|Hhg5bqeXkT2W7`ubrD*z)pq`NN&V
zw}t*2{w#vYFH`|AGIlkyv~BFZe=D{ED$lPGmY_`XdZqeEG2TKuw$8(5UbJ6*Gv?C&
zMMsd=c8*N<f?4}$MEQ#|!TS6ag0VKLj_@KwUWh&=0gkcl*{d}bCm}OH>eIr_-Hjj$
zYm;f?S|7Gw=QUis4&*Jvv68ErXaq}6k*h`mwtgC@RWh=gZk63{aX*if0qgD~2U%FZ
zd|Z)70-cRSb|kr8s)eZpxYV``n9Kp2p}a&9`w#Qq22GCmE&hO0M*20${&967??`b$
z-)!-p^wM5x=RM>^a!vpCxFpmUE41*}vdw4Q)nE6V-su&>AKB)4Ws;+2-t`YTEA7za
z^{#&eSMFoned${meU_+WIm);!xHRenIOrKL_WT}<EbcH)Umrp@*DgCui}W^O`UGrH
zff(~De(CGNAlxy+V$UV?0l(L$G)c_FHt3hMd6cCC-uS#y+HVW{cvnTd=6Ux3LzxMe
zf-q;AHTfn-OQxlkr^}{!YN|-{cTd7u`Nn(Q@mlgZt50lBTDp?z!EoC_e@}qUJohXw
z@WRdJj8WzBnj%$vacQHUg~>D*NsZT@(iLZZbHfQ{#8pCik&lu`g6xl<iyzo$|4$3l
z|3>hOYwD?SLOu?!POIFNu>&w$iwQW@RpaevbGEX9h$>ei(P6>@0Wd=Yji%&&Gt$2N
zE_sZj=%VuZ%Zin+FH;_~Y%60raTURs+As_o8-kwKuRm-l!B2(N-9(&vsfm?~!!B=e
zc)O4C?KOKM&Ak|!MUw*NoqPl3g-u4O%``sl2Y;>1i;2az6^H2ZYr?^ujyW$=b}MtT
z53I`KL}O0gOKCYX+bRs+)jG!RcYf0HQt?W$^+p*-Nhu4Ck-Vv{oAL8A=^=!!v299c
k+wR&N1HEhg?QiZewX8SS>VuW6&>p^5V6~TJa*)9P0Kz6-O8@`>

diff --git a/internal/api/grpc/user/v2/integration_test/user_test.go b/internal/api/grpc/user/v2/integration_test/user_test.go
index 7f211afd6f..4cf4ab21f8 100644
--- a/internal/api/grpc/user/v2/integration_test/user_test.go
+++ b/internal/api/grpc/user/v2/integration_test/user_test.go
@@ -1875,6 +1875,7 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) {
 	samlIdpID := Instance.AddSAMLProvider(IamCTX)
 	samlRedirectIdpID := Instance.AddSAMLRedirectProvider(IamCTX, "")
 	samlPostIdpID := Instance.AddSAMLPostProvider(IamCTX)
+	jwtIdPID := Instance.AddJWTProvider(IamCTX)
 	type args struct {
 		ctx context.Context
 		req *user.StartIdentityProviderIntentRequest
@@ -2097,6 +2098,30 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			name: "next step jwt idp",
+			args: args{
+				CTX,
+				&user.StartIdentityProviderIntentRequest{
+					IdpId: jwtIdPID,
+					Content: &user.StartIdentityProviderIntentRequest_Urls{
+						Urls: &user.RedirectURLs{
+							SuccessUrl: "https://example.com/success",
+							FailureUrl: "https://example.com/failure",
+						},
+					},
+				},
+			},
+			want: want{
+				details: &object.Details{
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Instance.ID(),
+				},
+				url:                "https://example.com/jwt",
+				parametersExisting: []string{"authRequestID", "userAgentID"},
+			},
+			wantErr: false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -2134,6 +2159,7 @@ func TestServer_RetrieveIdentityProviderIntent(t *testing.T) {
 	oidcIdpID := Instance.AddGenericOIDCProvider(IamCTX, gofakeit.AppName()).GetId()
 	samlIdpID := Instance.AddSAMLPostProvider(IamCTX)
 	ldapIdpID := Instance.AddLDAPProvider(IamCTX)
+	jwtIdPID := Instance.AddJWTProvider(IamCTX)
 	authURL, err := url.Parse(Instance.CreateIntent(CTX, oauthIdpID).GetAuthUrl())
 	require.NoError(t, err)
 	intentID := authURL.Query().Get("state")
@@ -2168,6 +2194,10 @@ func TestServer_RetrieveIdentityProviderIntent(t *testing.T) {
 	require.NoError(t, err)
 	samlSuccessfulWithUserID, samlWithUserToken, samlWithUserChangeDate, samlWithUserSequence, err := sink.SuccessfulSAMLIntent(Instance.ID(), samlIdpID, "id", "user", expiry)
 	require.NoError(t, err)
+	jwtSuccessfulID, jwtToken, jwtChangeDate, jwtSequence, err := sink.SuccessfulJWTIntent(Instance.ID(), jwtIdPID, "id", "", expiry)
+	require.NoError(t, err)
+	jwtSuccessfulWithUserID, jwtWithUserToken, jwtWithUserChangeDate, jwtWithUserSequence, err := sink.SuccessfulJWTIntent(Instance.ID(), jwtIdPID, "id", "user", expiry)
+	require.NoError(t, err)
 	type args struct {
 		ctx context.Context
 		req *user.RetrieveIdentityProviderIntentRequest
@@ -2591,6 +2621,88 @@ func TestServer_RetrieveIdentityProviderIntent(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			name: "retrieve successful jwt intent",
+			args: args{
+				CTX,
+				&user.RetrieveIdentityProviderIntentRequest{
+					IdpIntentId:    jwtSuccessfulID,
+					IdpIntentToken: jwtToken,
+				},
+			},
+			want: &user.RetrieveIdentityProviderIntentResponse{
+				Details: &object.Details{
+					ChangeDate:    timestamppb.New(jwtChangeDate),
+					ResourceOwner: Instance.ID(),
+					Sequence:      jwtSequence,
+				},
+				IdpInformation: &user.IDPInformation{
+					Access: &user.IDPInformation_Oauth{
+						Oauth: &user.IDPOAuthAccessInformation{
+							IdToken: gu.Ptr("idToken"),
+						},
+					},
+					IdpId:    jwtIdPID,
+					UserId:   "id",
+					UserName: "",
+					RawInformation: func() *structpb.Struct {
+						s, err := structpb.NewStruct(map[string]interface{}{
+							"sub": "id",
+						})
+						require.NoError(t, err)
+						return s
+					}(),
+				},
+				AddHumanUser: &user.AddHumanUserRequest{
+					Profile: &user.SetHumanProfile{
+						PreferredLanguage: gu.Ptr("und"),
+					},
+					IdpLinks: []*user.IDPLink{
+						{IdpId: jwtIdPID, UserId: "id"},
+					},
+					Email: &user.SetHumanEmail{
+						Verification: &user.SetHumanEmail_SendCode{SendCode: &user.SendEmailVerificationCode{}},
+					},
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "retrieve successful jwt intent with linked user",
+			args: args{
+				CTX,
+				&user.RetrieveIdentityProviderIntentRequest{
+					IdpIntentId:    jwtSuccessfulWithUserID,
+					IdpIntentToken: jwtWithUserToken,
+				},
+			},
+			want: &user.RetrieveIdentityProviderIntentResponse{
+				Details: &object.Details{
+					ChangeDate:    timestamppb.New(jwtWithUserChangeDate),
+					ResourceOwner: Instance.ID(),
+					Sequence:      jwtWithUserSequence,
+				},
+				IdpInformation: &user.IDPInformation{
+					Access: &user.IDPInformation_Oauth{
+						Oauth: &user.IDPOAuthAccessInformation{
+							IdToken: gu.Ptr("idToken"),
+						},
+					},
+					IdpId:    jwtIdPID,
+					UserId:   "id",
+					UserName: "",
+					RawInformation: func() *structpb.Struct {
+						s, err := structpb.NewStruct(map[string]interface{}{
+							"sub": "id",
+						})
+						require.NoError(t, err)
+						return s
+					}(),
+				},
+				UserId: "user",
+			},
+			wantErr: false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/internal/api/grpc/user/v2/intent.go b/internal/api/grpc/user/v2/intent.go
index afb34deb83..5514b6ef03 100644
--- a/internal/api/grpc/user/v2/intent.go
+++ b/internal/api/grpc/user/v2/intent.go
@@ -173,7 +173,7 @@ func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.R
 		case *oidc.Provider:
 			idpUser, err = unmarshalIdpUser(intent.IDPUser, oidc.InitUser())
 		case *jwt.Provider:
-			idpUser, err = unmarshalIdpUser(intent.IDPUser, &jwt.User{})
+			idpUser, err = unmarshalIdpUser(intent.IDPUser, jwt.InitUser())
 		case *azuread.Provider:
 			idpUser, err = unmarshalRawIdpUser(intent.IDPUser, p.User())
 		case *github.Provider:
diff --git a/internal/api/idp/idp.go b/internal/api/idp/idp.go
index f688ba2352..8b1c24134a 100644
--- a/internal/api/idp/idp.go
+++ b/internal/api/idp/idp.go
@@ -3,6 +3,7 @@ package idp
 import (
 	"bytes"
 	"context"
+	"encoding/base64"
 	"encoding/xml"
 	"errors"
 	"fmt"
@@ -48,6 +49,7 @@ const (
 	acsPath         = idpPrefix + "/saml/acs"
 	certificatePath = idpPrefix + "/saml/certificate"
 	sloPath         = idpPrefix + "/saml/slo"
+	jwtPath         = "/jwt"
 
 	paramIntentID         = "id"
 	paramToken            = "token"
@@ -129,6 +131,7 @@ func NewHandler(
 	router.HandleFunc(certificatePath, h.handleCertificate)
 	router.HandleFunc(acsPath, h.handleACS)
 	router.HandleFunc(sloPath, h.handleSLO)
+	router.HandleFunc(jwtPath, h.handleJWT)
 	return router
 }
 
@@ -307,6 +310,89 @@ func (h *Handler) handleACS(w http.ResponseWriter, r *http.Request) {
 	redirectToSuccessURL(w, r, intent, token, userID)
 }
 
+func (h *Handler) handleJWT(w http.ResponseWriter, r *http.Request) {
+	intentID, err := h.intentIDFromJWTRequest(r)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+	intent, err := h.commands.GetActiveIntent(r.Context(), intentID)
+	if err != nil {
+		if zerrors.IsNotFound(err) {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+		redirectToFailureURLErr(w, r, intent, err)
+		return
+	}
+	idpConfig, err := h.getProvider(r.Context(), intent.IDPID)
+	if err != nil {
+		cmdErr := h.commands.FailIDPIntent(r.Context(), intent, err.Error())
+		logging.WithFields("intent", intent.AggregateID).OnError(cmdErr).Error("failed to push failed event on idp intent")
+		redirectToFailureURLErr(w, r, intent, err)
+		return
+	}
+	jwtIDP, ok := idpConfig.(*jwt.Provider)
+	if !ok {
+		err := zerrors.ThrowInvalidArgument(nil, "IDP-JK23ed", "Errors.ExternalIDP.IDPTypeNotImplemented")
+		cmdErr := h.commands.FailIDPIntent(r.Context(), intent, err.Error())
+		logging.WithFields("intent", intent.AggregateID).OnError(cmdErr).Error("failed to push failed event on idp intent")
+		redirectToFailureURLErr(w, r, intent, err)
+		return
+	}
+	h.handleJWTExtraction(w, r, intent, jwtIDP)
+}
+
+func (h *Handler) intentIDFromJWTRequest(r *http.Request) (string, error) {
+	// for compatibility of the old JWT provider we use the auth request id parameter to pass the intent id
+	intentID := r.FormValue(jwt.QueryAuthRequestID)
+	// for compatibility of the old JWT provider we use the user agent id parameter to pass the encrypted intent id
+	encryptedIntentID := r.FormValue(jwt.QueryUserAgentID)
+	if err := h.checkIntentID(intentID, encryptedIntentID); err != nil {
+		return "", err
+	}
+	return intentID, nil
+}
+
+func (h *Handler) checkIntentID(intentID, encryptedIntentID string) error {
+	if intentID == "" || encryptedIntentID == "" {
+		return zerrors.ThrowInvalidArgument(nil, "LOGIN-adfzz", "Errors.AuthRequest.MissingParameters")
+	}
+	id, err := base64.RawURLEncoding.DecodeString(encryptedIntentID)
+	if err != nil {
+		return err
+	}
+	decryptedIntentID, err := h.encryptionAlgorithm.DecryptString(id, h.encryptionAlgorithm.EncryptionKeyID())
+	if err != nil {
+		return err
+	}
+	if intentID != decryptedIntentID {
+		return zerrors.ThrowInvalidArgument(nil, "LOGIN-adfzz", "Errors.AuthRequest.MissingParameters")
+	}
+	return nil
+}
+
+func (h *Handler) handleJWTExtraction(w http.ResponseWriter, r *http.Request, intent *command.IDPIntentWriteModel, identityProvider *jwt.Provider) {
+	session := jwt.NewSessionFromRequest(identityProvider, r)
+	user, err := session.FetchUser(r.Context())
+	if err != nil {
+		cmdErr := h.commands.FailIDPIntent(r.Context(), intent, err.Error())
+		logging.WithFields("intent", intent.AggregateID).OnError(cmdErr).Error("failed to push failed event on idp intent")
+		redirectToFailureURLErr(w, r, intent, err)
+		return
+	}
+
+	userID, err := h.checkExternalUser(r.Context(), intent.IDPID, user.GetID())
+	logging.WithFields("intent", intent.AggregateID).OnError(err).Error("could not check if idp user already exists")
+
+	token, err := h.commands.SucceedIDPIntent(r.Context(), intent, user, session, userID)
+	if err != nil {
+		redirectToFailureURLErr(w, r, intent, err)
+		return
+	}
+	redirectToSuccessURL(w, r, intent, token, userID)
+}
+
 func (h *Handler) handleCallback(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	data, err := h.parseCallbackRequest(r)
diff --git a/internal/idp/providers/jwt/jwt.go b/internal/idp/providers/jwt/jwt.go
index 99347f31a3..d972102b01 100644
--- a/internal/idp/providers/jwt/jwt.go
+++ b/internal/idp/providers/jwt/jwt.go
@@ -11,14 +11,14 @@ import (
 )
 
 const (
-	queryAuthRequestID = "authRequestID"
-	queryUserAgentID   = "userAgentID"
+	QueryAuthRequestID = "authRequestID"
+	QueryUserAgentID   = "userAgentID"
 )
 
 var _ idp.Provider = (*Provider)(nil)
 
 var (
-	ErrMissingUserAgentID = errors.New("userAgentID missing")
+	ErrMissingState = errors.New("state missing")
 )
 
 // Provider is the [idp.Provider] implementation for a JWT provider
@@ -92,32 +92,32 @@ func (p *Provider) Name() string {
 // It will create a [Session] with an AuthURL, pointing to the jwtEndpoint
 // with the authRequest and encrypted userAgent ids.
 func (p *Provider) BeginAuth(ctx context.Context, state string, params ...idp.Parameter) (idp.Session, error) {
-	userAgentID, err := userAgentIDFromParams(params...)
-	if err != nil {
-		return nil, err
+	if state == "" {
+		return nil, ErrMissingState
 	}
+	userAgentID := userAgentIDFromParams(state, params...)
 	redirect, err := url.Parse(p.jwtEndpoint)
 	if err != nil {
 		return nil, err
 	}
 	q := redirect.Query()
-	q.Set(queryAuthRequestID, state)
+	q.Set(QueryAuthRequestID, state)
 	nonce, err := p.encryptionAlg.Encrypt([]byte(userAgentID))
 	if err != nil {
 		return nil, err
 	}
-	q.Set(queryUserAgentID, base64.RawURLEncoding.EncodeToString(nonce))
+	q.Set(QueryUserAgentID, base64.RawURLEncoding.EncodeToString(nonce))
 	redirect.RawQuery = q.Encode()
 	return &Session{AuthURL: redirect.String()}, nil
 }
 
-func userAgentIDFromParams(params ...idp.Parameter) (string, error) {
+func userAgentIDFromParams(state string, params ...idp.Parameter) string {
 	for _, param := range params {
 		if id, ok := param.(idp.UserAgentID); ok {
-			return string(id), nil
+			return string(id)
 		}
 	}
-	return "", ErrMissingUserAgentID
+	return state
 }
 
 // IsLinkingAllowed implements the [idp.Provider] interface.
diff --git a/internal/idp/providers/jwt/jwt_test.go b/internal/idp/providers/jwt/jwt_test.go
index 59e32b4690..5756c58e07 100644
--- a/internal/idp/providers/jwt/jwt_test.go
+++ b/internal/idp/providers/jwt/jwt_test.go
@@ -23,6 +23,7 @@ func TestProvider_BeginAuth(t *testing.T) {
 		encryptionAlg func(t *testing.T) crypto.EncryptionAlgorithm
 	}
 	type args struct {
+		state  string
 		params []idp.Parameter
 	}
 	type want struct {
@@ -36,7 +37,7 @@ func TestProvider_BeginAuth(t *testing.T) {
 		want   want
 	}{
 		{
-			name: "missing userAgentID error",
+			name: "missing state, error",
 			fields: fields{
 				issuer:       "https://jwt.com",
 				jwtEndpoint:  "https://auth.com/jwt",
@@ -47,14 +48,34 @@ func TestProvider_BeginAuth(t *testing.T) {
 				},
 			},
 			args: args{
+				state:  "",
 				params: nil,
 			},
 			want: want{
 				err: func(err error) bool {
-					return errors.Is(err, ErrMissingUserAgentID)
+					return errors.Is(err, ErrMissingState)
 				},
 			},
 		},
+		{
+			name: "missing userAgentID, fallback to state",
+			fields: fields{
+				issuer:       "https://jwt.com",
+				jwtEndpoint:  "https://auth.com/jwt",
+				keysEndpoint: "https://jwt.com/keys",
+				headerName:   "jwt-header",
+				encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
+					return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
+				},
+			},
+			args: args{
+				state:  "testState",
+				params: nil,
+			},
+			want: want{
+				session: &Session{AuthURL: "https://auth.com/jwt?authRequestID=testState&userAgentID=dGVzdFN0YXRl"},
+			},
+		},
 		{
 			name: "successful auth",
 			fields: fields{
@@ -67,6 +88,7 @@ func TestProvider_BeginAuth(t *testing.T) {
 				},
 			},
 			args: args{
+				state: "testState",
 				params: []idp.Parameter{
 					idp.UserAgentID("agent"),
 				},
@@ -91,7 +113,7 @@ func TestProvider_BeginAuth(t *testing.T) {
 			require.NoError(t, err)
 
 			ctx := context.Background()
-			session, err := provider.BeginAuth(ctx, "testState", tt.args.params...)
+			session, err := provider.BeginAuth(ctx, tt.args.state, tt.args.params...)
 			if tt.want.err != nil && !tt.want.err(err) {
 				a.Fail("invalid error", err)
 			}
diff --git a/internal/idp/providers/jwt/session.go b/internal/idp/providers/jwt/session.go
index 5138812f3c..85b164a9c5 100644
--- a/internal/idp/providers/jwt/session.go
+++ b/internal/idp/providers/jwt/session.go
@@ -5,11 +5,13 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/zitadel/logging"
 	"github.com/zitadel/oidc/v3/pkg/client/rp"
 	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"golang.org/x/oauth2"
 	"golang.org/x/text/language"
 
 	"github.com/zitadel/zitadel/internal/domain"
@@ -34,6 +36,11 @@ func NewSession(provider *Provider, tokens *oidc.Tokens[*oidc.IDTokenClaims]) *S
 	return &Session{Provider: provider, Tokens: tokens}
 }
 
+func NewSessionFromRequest(provider *Provider, r *http.Request) *Session {
+	token := strings.TrimPrefix(r.Header.Get(provider.headerName), oidc.PrefixBearer)
+	return NewSession(provider, &oidc.Tokens[*oidc.IDTokenClaims]{IDToken: token, Token: &oauth2.Token{}})
+}
+
 // GetAuth implements the [idp.Session] interface.
 func (s *Session) GetAuth(ctx context.Context) (string, bool) {
 	return idp.Redirect(s.AuthURL)
@@ -99,6 +106,12 @@ func (s *Session) validateToken(ctx context.Context, token string) (*oidc.IDToke
 	return claims, nil
 }
 
+func InitUser() *User {
+	return &User{
+		IDTokenClaims: &oidc.IDTokenClaims{},
+	}
+}
+
 type User struct {
 	*oidc.IDTokenClaims
 }
diff --git a/internal/integration/client.go b/internal/integration/client.go
index 3efd682ee1..320809a7e8 100644
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -684,6 +684,24 @@ func (i *Instance) AddLDAPProvider(ctx context.Context) string {
 	return resp.GetId()
 }
 
+func (i *Instance) AddJWTProvider(ctx context.Context) string {
+	resp, err := i.Client.Admin.AddJWTProvider(ctx, &admin.AddJWTProviderRequest{
+		Name:         "jwt-idp",
+		Issuer:       "https://example.com",
+		JwtEndpoint:  "https://example.com/jwt",
+		KeysEndpoint: "https://example.com/keys",
+		HeaderName:   "Authorization",
+		ProviderOptions: &idp.Options{
+			IsLinkingAllowed:  true,
+			IsCreationAllowed: true,
+			IsAutoCreation:    true,
+			IsAutoUpdate:      true,
+		},
+	})
+	logging.OnError(err).Panic("create jwt idp")
+	return resp.GetId()
+}
+
 func (i *Instance) CreateIntent(ctx context.Context, idpID string) *user_v2.StartIdentityProviderIntentResponse {
 	resp, err := i.Client.UserV2.StartIdentityProviderIntent(ctx, &user_v2.StartIdentityProviderIntentRequest{
 		IdpId: idpID,
diff --git a/internal/integration/sink/server.go b/internal/integration/sink/server.go
index 8abb31a63e..653c5236d6 100644
--- a/internal/integration/sink/server.go
+++ b/internal/integration/sink/server.go
@@ -27,6 +27,7 @@ import (
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/idp/providers/jwt"
 	"github.com/zitadel/zitadel/internal/idp/providers/ldap"
 	"github.com/zitadel/zitadel/internal/idp/providers/oauth"
 	openid "github.com/zitadel/zitadel/internal/idp/providers/oidc"
@@ -124,6 +125,25 @@ func SuccessfulLDAPIntent(instanceID, idpID, idpUserID, userID string) (string,
 	return resp.IntentID, resp.Token, resp.ChangeDate, resp.Sequence, nil
 }
 
+func SuccessfulJWTIntent(instanceID, idpID, idpUserID, userID string, expiry time.Time) (string, string, time.Time, uint64, error) {
+	u := url.URL{
+		Scheme: "http",
+		Host:   host,
+		Path:   successfulIntentJWTPath(),
+	}
+	resp, err := callIntent(u.String(), &SuccessfulIntentRequest{
+		InstanceID: instanceID,
+		IDPID:      idpID,
+		IDPUserID:  idpUserID,
+		UserID:     userID,
+		Expiry:     expiry,
+	})
+	if err != nil {
+		return "", "", time.Time{}, uint64(0), err
+	}
+	return resp.IntentID, resp.Token, resp.ChangeDate, resp.Sequence, nil
+}
+
 // StartServer starts a simple HTTP server on localhost:8081
 // ZITADEL can use the server to send HTTP requests which can be
 // used to validate tests through [Subscribe]rs.
@@ -145,6 +165,7 @@ func StartServer(commands *command.Commands) (close func()) {
 		router.HandleFunc(successfulIntentOIDCPath(), successfulIntentHandler(commands, createSuccessfulOIDCIntent))
 		router.HandleFunc(successfulIntentSAMLPath(), successfulIntentHandler(commands, createSuccessfulSAMLIntent))
 		router.HandleFunc(successfulIntentLDAPPath(), successfulIntentHandler(commands, createSuccessfulLDAPIntent))
+		router.HandleFunc(successfulIntentJWTPath(), successfulIntentHandler(commands, createSuccessfulJWTIntent))
 	}
 	s := &http.Server{
 		Addr:    listenAddr,
@@ -195,6 +216,10 @@ func successfulIntentLDAPPath() string {
 	return path.Join(successfulIntentPath(), "/", "ldap")
 }
 
+func successfulIntentJWTPath() string {
+	return path.Join(successfulIntentPath(), "/", "jwt")
+}
+
 // forwarder handles incoming HTTP requests from ZITADEL and
 // forwards them to all subscribed web sockets.
 type forwarder struct {
@@ -497,3 +522,30 @@ func createSuccessfulLDAPIntent(ctx context.Context, cmd *command.Commands, req
 		writeModel.ProcessedSequence,
 	}, nil
 }
+
+func createSuccessfulJWTIntent(ctx context.Context, cmd *command.Commands, req *SuccessfulIntentRequest) (*SuccessfulIntentResponse, error) {
+	intentID, err := createIntent(ctx, cmd, req.InstanceID, req.IDPID)
+	writeModel, err := cmd.GetIntentWriteModel(ctx, intentID, req.InstanceID)
+	idpUser := &jwt.User{
+		IDTokenClaims: &oidc.IDTokenClaims{
+			TokenClaims: oidc.TokenClaims{
+				Subject: req.IDPUserID,
+			},
+		},
+	}
+	session := &jwt.Session{
+		Tokens: &oidc.Tokens[*oidc.IDTokenClaims]{
+			IDToken: "idToken",
+		},
+	}
+	token, err := cmd.SucceedIDPIntent(ctx, writeModel, idpUser, session, req.UserID)
+	if err != nil {
+		return nil, err
+	}
+	return &SuccessfulIntentResponse{
+		intentID,
+		token,
+		writeModel.ChangeDate,
+		writeModel.ProcessedSequence,
+	}, nil
+}

From 77b433367ef8ac643e5988d54d9a9ce30e127ddc Mon Sep 17 00:00:00 2001
From: Connor <80653133+connorHashDash@users.noreply.github.com>
Date: Wed, 28 May 2025 07:06:27 +0100
Subject: [PATCH 068/123] fix(login): Copy to clipboard button in MFA login
 step now compatible in non-chrome browser (#9880)

related to issue [#9379](https://github.com/zitadel/zitadel/issues/9379)

# Which Problems Are Solved

Copy to clipboard button was not compatible with Webkit/ Firefox
browsers.

# How the Problems Are Solved

The previous function used addEventListener without a callback function
as a second argument. I simply added the callback function and left
existing code intact to fix the bug.

# Additional Changes

Added `type=button` to prevent submitting the form when clicking the
button.

# Additional Context

none

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 .../api/ui/login/static/resources/scripts/copy_to_clipboard.js  | 2 +-
 internal/api/ui/login/static/templates/mfa_init_otp.html        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/api/ui/login/static/resources/scripts/copy_to_clipboard.js b/internal/api/ui/login/static/resources/scripts/copy_to_clipboard.js
index 97359cdde5..848aa0742b 100644
--- a/internal/api/ui/login/static/resources/scripts/copy_to_clipboard.js
+++ b/internal/api/ui/login/static/resources/scripts/copy_to_clipboard.js
@@ -3,4 +3,4 @@ const copyToClipboard = str => {
 };
 
 let copyButton = document.getElementById("copy");
-copyButton.addEventListener("click", copyToClipboard(copyButton.getAttribute("data-copy")));
+copyButton.addEventListener("click", () => copyToClipboard(copyButton.getAttribute("data-copy")));
diff --git a/internal/api/ui/login/static/templates/mfa_init_otp.html b/internal/api/ui/login/static/templates/mfa_init_otp.html
index b84a88a5b1..a9ae31dcdd 100644
--- a/internal/api/ui/login/static/templates/mfa_init_otp.html
+++ b/internal/api/ui/login/static/templates/mfa_init_otp.html
@@ -28,7 +28,7 @@
             <div class="lgn-row">
                 <span id="secret"> {{.Secret}} </span>
                 <span class="fill-space"></span>
-                <button id="copy" data-copy="{{ .Secret }}" class="lgn-icon-button">
+                <button id="copy" data-copy="{{ .Secret }}" class="lgn-icon-button" type="button">
                     <i class="lgn-icon-clipboard"></i>
                 </button>
             </div>

From c097887bc5f680e12c998580fb56d98a15758f53 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Wed, 28 May 2025 10:12:27 +0200
Subject: [PATCH 069/123] fix: validate proto header and provide https
 enforcement (#9975)

# Which Problems Are Solved

ZITADEL uses the notification triggering requests Forwarded or
X-Forwarded-Proto header to build the button link sent in emails for
confirming a password reset with the emailed code. If this header is
overwritten and a user clicks the link to a malicious site in the email,
the secret code can be retrieved and used to reset the users password
and take over his account.

Accounts with MFA or Passwordless enabled can not be taken over by this
attack.

# How the Problems Are Solved

- The `X-Forwarded-Proto` and `proto` of the Forwarded headers are
validated (http / https).
- Additionally, when exposing ZITADEL through https. An overwrite to
http is no longer possible.

# Additional Changes

None

# Additional Context

None
---
 .../api/http/middleware/origin_interceptor.go | 32 +++++++-------
 .../middleware/origin_interceptor_test.go     | 42 +++++++++----------
 2 files changed, 39 insertions(+), 35 deletions(-)

diff --git a/internal/api/http/middleware/origin_interceptor.go b/internal/api/http/middleware/origin_interceptor.go
index 35af8770b7..607855b80f 100644
--- a/internal/api/http/middleware/origin_interceptor.go
+++ b/internal/api/http/middleware/origin_interceptor.go
@@ -10,12 +10,12 @@ import (
 	http_util "github.com/zitadel/zitadel/internal/api/http"
 )
 
-func WithOrigin(fallBackToHttps bool, http1Header, http2Header string, instanceHostHeaders, publicDomainHeaders []string) mux.MiddlewareFunc {
+func WithOrigin(enforceHttps bool, http1Header, http2Header string, instanceHostHeaders, publicDomainHeaders []string) mux.MiddlewareFunc {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			origin := composeDomainContext(
 				r,
-				fallBackToHttps,
+				enforceHttps,
 				// to make sure we don't break existing configurations we append the existing checked headers as well
 				slices.Compact(append(instanceHostHeaders, http1Header, http2Header, http_util.Forwarded, http_util.ZitadelForwarded, http_util.ForwardedFor, http_util.ForwardedHost, http_util.ForwardedProto)),
 				publicDomainHeaders,
@@ -25,28 +25,32 @@ func WithOrigin(fallBackToHttps bool, http1Header, http2Header string, instanceH
 	}
 }
 
-func composeDomainContext(r *http.Request, fallBackToHttps bool, instanceDomainHeaders, publicDomainHeaders []string) *http_util.DomainCtx {
+func composeDomainContext(r *http.Request, enforceHttps bool, instanceDomainHeaders, publicDomainHeaders []string) *http_util.DomainCtx {
 	instanceHost, instanceProto := hostFromRequest(r, instanceDomainHeaders)
 	publicHost, publicProto := hostFromRequest(r, publicDomainHeaders)
-	if publicProto == "" {
-		publicProto = instanceProto
-	}
-	if publicProto == "" {
-		publicProto = "http"
-		if fallBackToHttps {
-			publicProto = "https"
-		}
-	}
 	if instanceHost == "" {
 		instanceHost = r.Host
 	}
 	return &http_util.DomainCtx{
 		InstanceHost: instanceHost,
-		Protocol:     publicProto,
+		Protocol:     protocolFromRequest(instanceProto, publicProto, enforceHttps),
 		PublicHost:   publicHost,
 	}
 }
 
+func protocolFromRequest(instanceProto, publicProto string, enforceHttps bool) string {
+	if enforceHttps {
+		return "https"
+	}
+	if publicProto != "" {
+		return publicProto
+	}
+	if instanceProto != "" {
+		return instanceProto
+	}
+	return "http"
+}
+
 func hostFromRequest(r *http.Request, headers []string) (host, proto string) {
 	var hostFromHeader, protoFromHeader string
 	for _, header := range headers {
@@ -65,7 +69,7 @@ func hostFromRequest(r *http.Request, headers []string) (host, proto string) {
 		if host == "" {
 			host = hostFromHeader
 		}
-		if proto == "" {
+		if proto == "" && (protoFromHeader == "http" || protoFromHeader == "https") {
 			proto = protoFromHeader
 		}
 	}
diff --git a/internal/api/http/middleware/origin_interceptor_test.go b/internal/api/http/middleware/origin_interceptor_test.go
index 989e4d48b3..7419c91aba 100644
--- a/internal/api/http/middleware/origin_interceptor_test.go
+++ b/internal/api/http/middleware/origin_interceptor_test.go
@@ -11,8 +11,8 @@ import (
 
 func Test_composeOrigin(t *testing.T) {
 	type args struct {
-		h               http.Header
-		fallBackToHttps bool
+		h            http.Header
+		enforceHttps bool
 	}
 	tests := []struct {
 		name string
@@ -30,7 +30,7 @@ func Test_composeOrigin(t *testing.T) {
 			h: http.Header{
 				"Forwarded": []string{"proto=https"},
 			},
-			fallBackToHttps: false,
+			enforceHttps: false,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "host.header",
@@ -42,7 +42,7 @@ func Test_composeOrigin(t *testing.T) {
 			h: http.Header{
 				"Forwarded": []string{"host=forwarded.host"},
 			},
-			fallBackToHttps: false,
+			enforceHttps: false,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "forwarded.host",
@@ -54,7 +54,7 @@ func Test_composeOrigin(t *testing.T) {
 			h: http.Header{
 				"Forwarded": []string{"proto=https;host=forwarded.host"},
 			},
-			fallBackToHttps: false,
+			enforceHttps: false,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "forwarded.host",
@@ -66,7 +66,7 @@ func Test_composeOrigin(t *testing.T) {
 			h: http.Header{
 				"Forwarded": []string{"proto=https;host=forwarded.host, proto=http;host=forwarded.host2"},
 			},
-			fallBackToHttps: false,
+			enforceHttps: false,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "forwarded.host",
@@ -78,7 +78,7 @@ func Test_composeOrigin(t *testing.T) {
 			h: http.Header{
 				"Forwarded": []string{"proto=https;host=forwarded.host, proto=http"},
 			},
-			fallBackToHttps: false,
+			enforceHttps: false,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "forwarded.host",
@@ -90,11 +90,11 @@ func Test_composeOrigin(t *testing.T) {
 			h: http.Header{
 				"Forwarded": []string{"proto=http", "proto=https;host=forwarded.host", "proto=http"},
 			},
-			fallBackToHttps: true,
+			enforceHttps: true,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "forwarded.host",
-			Protocol:     "http",
+			Protocol:     "https",
 		},
 	}, {
 		name: "x-forwarded-proto https",
@@ -102,7 +102,7 @@ func Test_composeOrigin(t *testing.T) {
 			h: http.Header{
 				"X-Forwarded-Proto": []string{"https"},
 			},
-			fallBackToHttps: false,
+			enforceHttps: false,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "host.header",
@@ -114,25 +114,25 @@ func Test_composeOrigin(t *testing.T) {
 			h: http.Header{
 				"X-Forwarded-Proto": []string{"http"},
 			},
-			fallBackToHttps: true,
+			enforceHttps: true,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "host.header",
-			Protocol:     "http",
+			Protocol:     "https",
 		},
 	}, {
 		name: "fallback to http",
 		args: args{
-			fallBackToHttps: false,
+			enforceHttps: false,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "host.header",
 			Protocol:     "http",
 		},
 	}, {
-		name: "fallback to https",
+		name: "enforce https",
 		args: args{
-			fallBackToHttps: true,
+			enforceHttps: true,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "host.header",
@@ -144,7 +144,7 @@ func Test_composeOrigin(t *testing.T) {
 			h: http.Header{
 				"X-Forwarded-Host": []string{"x-forwarded.host"},
 			},
-			fallBackToHttps: false,
+			enforceHttps: false,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "x-forwarded.host",
@@ -157,7 +157,7 @@ func Test_composeOrigin(t *testing.T) {
 				"X-Forwarded-Proto": []string{"https"},
 				"X-Forwarded-Host":  []string{"x-forwarded.host"},
 			},
-			fallBackToHttps: false,
+			enforceHttps: false,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "x-forwarded.host",
@@ -170,7 +170,7 @@ func Test_composeOrigin(t *testing.T) {
 				"Forwarded":        []string{"host=forwarded.host"},
 				"X-Forwarded-Host": []string{"x-forwarded.host"},
 			},
-			fallBackToHttps: false,
+			enforceHttps: false,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "forwarded.host",
@@ -183,7 +183,7 @@ func Test_composeOrigin(t *testing.T) {
 				"Forwarded":         []string{"host=forwarded.host"},
 				"X-Forwarded-Proto": []string{"https"},
 			},
-			fallBackToHttps: false,
+			enforceHttps: false,
 		},
 		want: &http_util.DomainCtx{
 			InstanceHost: "forwarded.host",
@@ -198,10 +198,10 @@ func Test_composeOrigin(t *testing.T) {
 					Host:   "host.header",
 					Header: tt.args.h,
 				},
-				tt.args.fallBackToHttps,
+				tt.args.enforceHttps,
 				[]string{http_util.Forwarded, http_util.ForwardedFor, http_util.ForwardedHost, http_util.ForwardedProto},
 				[]string{"x-zitadel-public-host"},
-			), "headers: %+v, fallBackToHttps: %t", tt.args.h, tt.args.fallBackToHttps)
+			), "headers: %+v, enforceHttps: %t", tt.args.h, tt.args.enforceHttps)
 		})
 	}
 }

From 046b165db85f397c4a437c4112be34695cfd5f58 Mon Sep 17 00:00:00 2001
From: Silvan <27845747+adlerhurst@users.noreply.github.com>
Date: Wed, 28 May 2025 10:47:42 +0200
Subject: [PATCH 070/123] docs(a10016): add versions for v2.66 - v3 (#9908)

# Which Problems Are Solved

versions were missing in https://github.com/zitadel/zitadel/pull/9882

# How the Problems Are Solved

added versions for 2.66.x, 2.67.x, 2.68.x, 2.69.x, 2.70.x, 2.71.x, 3.x

# Additional Context

can be merged after:

- https://github.com/zitadel/zitadel/pull/9901
- https://github.com/zitadel/zitadel/pull/9903
- https://github.com/zitadel/zitadel/pull/9904
- https://github.com/zitadel/zitadel/pull/9907
- https://github.com/zitadel/zitadel/pull/9905
- https://github.com/zitadel/zitadel/pull/9906
- https://github.com/zitadel/zitadel/pull/9916
---
 docs/docs/support/advisory/a10016.md | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/docs/docs/support/advisory/a10016.md b/docs/docs/support/advisory/a10016.md
index 794c354e42..84dd1cd34c 100644
--- a/docs/docs/support/advisory/a10016.md
+++ b/docs/docs/support/advisory/a10016.md
@@ -4,15 +4,19 @@ title: Technical Advisory 10016
 
 ## Date
 
-Versions:[^1]
-
 - v2.65.x: > v2.65.9
+- v2.66.x > v2.66.17
+- v2.67.x > v2.67.14
+- v2.68.x > v2.68.10
+- v2.69.x > v2.69.10
+- v2.70.x > v2.70.11
+- v2.71.x > v2.71.10
+- v3.x > v3.2.1
+
 
 Date: 2025-05-14
 
-Last updated: 2025-05-14
-
-[^1]: The mentioned fix is being rolled out gradually on multiple patch releases of Zitadel. This advisory will be updated as we release these versions.
+Last updated: 2025-05-19
 
 ## Description
 

From 131f70db3423b80da1b038a822da59c908e4ffa6 Mon Sep 17 00:00:00 2001
From: Silvan <27845747+adlerhurst@users.noreply.github.com>
Date: Wed, 28 May 2025 23:54:18 +0200
Subject: [PATCH 071/123] fix(eventstore): use decimal, correct mirror (#9914)

# Eventstore fixes

- `event.Position` used float64 before which can lead to [precision
loss](https://github.com/golang/go/issues/47300). The type got replaced
by [a type without precision
loss](https://github.com/jackc/pgx-shopspring-decimal)
- the handler reported the wrong error if the current state was updated
and therefore took longer to retry failed events.

# Mirror fixes

- max age of auth requests can be configured to speed up copying data
from `auth.auth_requests` table. Auth requests last updated before the
set age will be ignored. Default is 1 month
- notification projections are skipped because notifications should be
sent by the source system. The projections are set to the latest
position
- ensure that mirror can be executed multiple times

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 cmd/mirror/event.go                           |  4 +-
 cmd/mirror/event_store.go                     | 14 ++++--
 cmd/mirror/projections.go                     |  7 +++
 go.mod                                        |  2 +
 go.sum                                        |  4 ++
 .../eventsourcing/handler/handler.go          | 16 +++++--
 internal/api/oidc/key.go                      | 17 +++----
 internal/api/saml/certificate.go              | 17 +++----
 .../eventsourcing/handler/handler.go          | 16 +++++--
 internal/database/database.go                 |  4 ++
 internal/database/dialect/connections.go      |  8 +++-
 internal/eventstore/event.go                  |  4 +-
 internal/eventstore/event_base.go             |  5 +-
 internal/eventstore/eventstore.go             | 17 +++++--
 .../eventstore/eventstore_querier_test.go     | 16 ++++---
 internal/eventstore/eventstore_test.go        | 17 +++----
 .../eventstore/handler/v2/field_handler.go    | 18 ++++---
 internal/eventstore/handler/v2/handler.go     | 32 +++++++++----
 internal/eventstore/handler/v2/state.go       |  8 ++--
 internal/eventstore/handler/v2/state_test.go  | 13 ++---
 internal/eventstore/handler/v2/statement.go   |  5 +-
 internal/eventstore/local_postgres_test.go    | 19 ++++++--
 internal/eventstore/read_model.go             | 22 +++++----
 internal/eventstore/repository/event.go       |  5 +-
 .../repository/mock/repository.mock.go        | 15 +++---
 .../repository/mock/repository.mock.impl.go   |  5 +-
 .../eventstore/repository/search_query.go     | 10 ++--
 .../repository/sql/local_postgres_test.go     |  8 +++-
 .../eventstore/repository/sql/postgres.go     | 14 +++---
 .../repository/sql/postgres_test.go           |  4 +-
 internal/eventstore/repository/sql/query.go   | 25 +++++-----
 .../eventstore/repository/sql/query_test.go   | 44 +++++++++--------
 internal/eventstore/search_query.go           | 24 +++++-----
 internal/eventstore/search_query_test.go      |  4 +-
 internal/eventstore/v1/models/event.go        |  6 ++-
 internal/eventstore/v3/event.go               |  7 +--
 internal/notification/projections.go          | 20 ++++++++
 internal/query/access_token.go                |  5 +-
 internal/query/current_state.go               | 11 +++--
 internal/query/current_state_test.go          |  8 ++--
 internal/query/projection/projection.go       | 38 +++++++++++----
 internal/query/user_grant.go                  |  4 +-
 internal/query/user_membership.go             |  4 +-
 internal/v2/database/number_filter.go         |  3 +-
 internal/v2/eventstore/event_store.go         |  6 ++-
 internal/v2/eventstore/postgres/push_test.go  | 24 +++++-----
 internal/v2/eventstore/postgres/query_test.go | 48 ++++++++++---------
 internal/v2/eventstore/query.go               |  6 ++-
 internal/v2/eventstore/query_test.go          | 26 +++++-----
 .../v2/readmodel/last_successful_mirror.go    |  7 ++-
 internal/v2/system/mirror/succeeded.go        |  6 ++-
 51 files changed, 436 insertions(+), 236 deletions(-)

diff --git a/cmd/mirror/event.go b/cmd/mirror/event.go
index d513990e10..567fb659a2 100644
--- a/cmd/mirror/event.go
+++ b/cmd/mirror/event.go
@@ -3,6 +3,8 @@ package mirror
 import (
 	"context"
 
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/v2/eventstore"
 	"github.com/zitadel/zitadel/internal/v2/readmodel"
 	"github.com/zitadel/zitadel/internal/v2/system"
@@ -29,7 +31,7 @@ func queryLastSuccessfulMigration(ctx context.Context, destinationES *eventstore
 	return lastSuccess, nil
 }
 
-func writeMigrationSucceeded(ctx context.Context, destinationES *eventstore.EventStore, id, source string, position float64) error {
+func writeMigrationSucceeded(ctx context.Context, destinationES *eventstore.EventStore, id, source string, position decimal.Decimal) error {
 	return destinationES.Push(
 		ctx,
 		eventstore.NewPushIntent(
diff --git a/cmd/mirror/event_store.go b/cmd/mirror/event_store.go
index 41c529c025..be14abe340 100644
--- a/cmd/mirror/event_store.go
+++ b/cmd/mirror/event_store.go
@@ -8,7 +8,9 @@ import (
 	"io"
 	"time"
 
+	"github.com/jackc/pgx/v5/pgconn"
 	"github.com/jackc/pgx/v5/stdlib"
+	"github.com/shopspring/decimal"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/zitadel/logging"
@@ -89,7 +91,7 @@ func copyEvents(ctx context.Context, source, dest *db.DB, bulkSize uint32) {
 	previousMigration, err := queryLastSuccessfulMigration(ctx, destinationES, source.DatabaseName())
 	logging.OnError(err).Fatal("unable to query latest successful migration")
 
-	var maxPosition float64
+	var maxPosition decimal.Decimal
 	err = source.QueryRowContext(ctx,
 		func(row *sql.Row) error {
 			return row.Scan(&maxPosition)
@@ -101,7 +103,7 @@ func copyEvents(ctx context.Context, source, dest *db.DB, bulkSize uint32) {
 	logging.WithFields("from", previousMigration.Position, "to", maxPosition).Info("start event migration")
 
 	nextPos := make(chan bool, 1)
-	pos := make(chan float64, 1)
+	pos := make(chan decimal.Decimal, 1)
 	errs := make(chan error, 3)
 
 	go func() {
@@ -152,7 +154,7 @@ func copyEvents(ctx context.Context, source, dest *db.DB, bulkSize uint32) {
 	go func() {
 		defer close(pos)
 		for range nextPos {
-			var position float64
+			var position decimal.Decimal
 			err := dest.QueryRowContext(
 				ctx,
 				func(row *sql.Row) error {
@@ -175,6 +177,10 @@ func copyEvents(ctx context.Context, source, dest *db.DB, bulkSize uint32) {
 		tag, err := conn.PgConn().CopyFrom(ctx, reader, "COPY eventstore.events2 FROM STDIN")
 		eventCount = tag.RowsAffected()
 		if err != nil {
+			pgErr := new(pgconn.PgError)
+			errors.As(err, &pgErr)
+
+			logging.WithError(err).WithField("pg_err_details", pgErr.Detail).Error("unable to copy events into destination")
 			return zerrors.ThrowUnknown(err, "MIGRA-DTHi7", "unable to copy events into destination")
 		}
 
@@ -187,7 +193,7 @@ func copyEvents(ctx context.Context, source, dest *db.DB, bulkSize uint32) {
 	logging.WithFields("took", time.Since(start), "count", eventCount).Info("events migrated")
 }
 
-func writeCopyEventsDone(ctx context.Context, es *eventstore.EventStore, id, source string, position float64, errs <-chan error) {
+func writeCopyEventsDone(ctx context.Context, es *eventstore.EventStore, id, source string, position decimal.Decimal, errs <-chan error) {
 	joinedErrs := make([]error, 0, len(errs))
 	for err := range errs {
 		joinedErrs = append(joinedErrs, err)
diff --git a/cmd/mirror/projections.go b/cmd/mirror/projections.go
index 4e12b29748..0ff4356d6f 100644
--- a/cmd/mirror/projections.go
+++ b/cmd/mirror/projections.go
@@ -296,6 +296,13 @@ func execProjections(ctx context.Context, instances <-chan string, failedInstanc
 			continue
 		}
 
+		err = projection.ProjectInstanceFields(ctx)
+		if err != nil {
+			logging.WithFields("instance", instance).WithError(err).Info("trigger fields failed")
+			failedInstances <- instance
+			continue
+		}
+
 		err = auth_handler.ProjectInstance(ctx)
 		if err != nil {
 			logging.WithFields("instance", instance).WithError(err).Info("trigger auth handler failed")
diff --git a/go.mod b/go.mod
index ec86708942..c1cbf2dd77 100644
--- a/go.mod
+++ b/go.mod
@@ -45,6 +45,7 @@ require (
 	github.com/h2non/gock v1.2.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/improbable-eng/grpc-web v0.15.0
+	github.com/jackc/pgx-shopspring-decimal v0.0.0-20220624020537-1d36b5a1853e
 	github.com/jackc/pgx/v5 v5.7.5
 	github.com/jarcoal/jpath v0.0.0-20140328210829-f76b8b2dbf52
 	github.com/jinzhu/gorm v1.9.16
@@ -65,6 +66,7 @@ require (
 	github.com/riverqueue/river/rivertype v0.22.0
 	github.com/rs/cors v1.11.1
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
+	github.com/shopspring/decimal v1.3.1
 	github.com/sony/gobreaker/v2 v2.1.0
 	github.com/sony/sonyflake v1.2.1
 	github.com/spf13/cobra v1.9.1
diff --git a/go.sum b/go.sum
index 6d54730acd..cc3bc35841 100644
--- a/go.sum
+++ b/go.sum
@@ -442,6 +442,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
+github.com/jackc/pgx-shopspring-decimal v0.0.0-20220624020537-1d36b5a1853e h1:i3gQ/Zo7sk4LUVbsAjTNeC4gIjoPNIZVzs4EXstssV4=
+github.com/jackc/pgx-shopspring-decimal v0.0.0-20220624020537-1d36b5a1853e/go.mod h1:zUHglCZ4mpDUPgIwqEKoba6+tcUQzRdb1+DPTuYe9pI=
 github.com/jackc/pgx/v5 v5.7.5 h1:JHGfMnQY+IEtGM63d+NGMjoRpysB2JBwDr5fsngwmJs=
 github.com/jackc/pgx/v5 v5.7.5/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
@@ -705,6 +707,8 @@ github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0
 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4=
 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
+github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
+github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
diff --git a/internal/admin/repository/eventsourcing/handler/handler.go b/internal/admin/repository/eventsourcing/handler/handler.go
index 76584b55b0..b38e890e66 100644
--- a/internal/admin/repository/eventsourcing/handler/handler.go
+++ b/internal/admin/repository/eventsourcing/handler/handler.go
@@ -2,9 +2,11 @@ package handler
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"time"
 
+	"github.com/jackc/pgx/v5/pgconn"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/admin/repository/eventsourcing/view"
@@ -63,9 +65,17 @@ func Start(ctx context.Context) {
 func ProjectInstance(ctx context.Context) error {
 	for i, projection := range projections {
 		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("starting admin projection")
-		_, err := projection.Trigger(ctx)
-		if err != nil {
-			return err
+		for {
+			_, err := projection.Trigger(ctx)
+			if err == nil {
+				break
+			}
+			var pgErr *pgconn.PgError
+			errors.As(err, &pgErr)
+			if pgErr.Code != database.PgUniqueConstraintErrorCode {
+				return err
+			}
+			logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID()).WithError(err).Debug("admin projection failed because of unique constraint, retrying")
 		}
 		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("admin projection done")
 	}
diff --git a/internal/api/oidc/key.go b/internal/api/oidc/key.go
index 81f3b1c466..852bbc7db8 100644
--- a/internal/api/oidc/key.go
+++ b/internal/api/oidc/key.go
@@ -11,6 +11,7 @@ import (
 	"github.com/go-jose/go-jose/v4"
 	"github.com/jonboulle/clockwork"
 	"github.com/muhlemmer/gu"
+	"github.com/shopspring/decimal"
 	"github.com/zitadel/logging"
 	"github.com/zitadel/oidc/v3/pkg/op"
 
@@ -350,14 +351,14 @@ func (o *OPStorage) getSigningKey(ctx context.Context) (op.SigningKey, error) {
 	if len(keys.Keys) > 0 {
 		return PrivateKeyToSigningKey(SelectSigningKey(keys.Keys), o.encAlg)
 	}
-	var position float64
+	var position decimal.Decimal
 	if keys.State != nil {
 		position = keys.State.Position
 	}
 	return nil, o.refreshSigningKey(ctx, position)
 }
 
-func (o *OPStorage) refreshSigningKey(ctx context.Context, position float64) error {
+func (o *OPStorage) refreshSigningKey(ctx context.Context, position decimal.Decimal) error {
 	ok, err := o.ensureIsLatestKey(ctx, position)
 	if err != nil || !ok {
 		return zerrors.ThrowInternal(err, "OIDC-ASfh3", "cannot ensure that projection is up to date")
@@ -369,12 +370,12 @@ func (o *OPStorage) refreshSigningKey(ctx context.Context, position float64) err
 	return zerrors.ThrowInternal(nil, "OIDC-Df1bh", "")
 }
 
-func (o *OPStorage) ensureIsLatestKey(ctx context.Context, position float64) (bool, error) {
-	maxSequence, err := o.getMaxKeySequence(ctx)
+func (o *OPStorage) ensureIsLatestKey(ctx context.Context, position decimal.Decimal) (bool, error) {
+	maxSequence, err := o.getMaxKeyPosition(ctx)
 	if err != nil {
 		return false, fmt.Errorf("error retrieving new events: %w", err)
 	}
-	return position >= maxSequence, nil
+	return position.GreaterThanOrEqual(maxSequence), nil
 }
 
 func PrivateKeyToSigningKey(key query.PrivateKey, algorithm crypto.EncryptionAlgorithm) (_ op.SigningKey, err error) {
@@ -412,9 +413,9 @@ func (o *OPStorage) lockAndGenerateSigningKeyPair(ctx context.Context) error {
 	return o.command.GenerateSigningKeyPair(setOIDCCtx(ctx), "RS256")
 }
 
-func (o *OPStorage) getMaxKeySequence(ctx context.Context) (float64, error) {
-	return o.eventstore.LatestSequence(ctx,
-		eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxSequence).
+func (o *OPStorage) getMaxKeyPosition(ctx context.Context) (decimal.Decimal, error) {
+	return o.eventstore.LatestPosition(ctx,
+		eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxPosition).
 			ResourceOwner(authz.GetInstance(ctx).InstanceID()).
 			AwaitOpenTransactions().
 			AddQuery().
diff --git a/internal/api/saml/certificate.go b/internal/api/saml/certificate.go
index ff130f7709..14752cd5cd 100644
--- a/internal/api/saml/certificate.go
+++ b/internal/api/saml/certificate.go
@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/go-jose/go-jose/v4"
+	"github.com/shopspring/decimal"
 	"github.com/zitadel/logging"
 	"github.com/zitadel/saml/pkg/provider/key"
 
@@ -76,7 +77,7 @@ func (p *Storage) getCertificateAndKey(ctx context.Context, usage crypto.KeyUsag
 		return p.certificateToCertificateAndKey(selectCertificate(certs.Certificates))
 	}
 
-	var position float64
+	var position decimal.Decimal
 	if certs.State != nil {
 		position = certs.State.Position
 	}
@@ -87,7 +88,7 @@ func (p *Storage) getCertificateAndKey(ctx context.Context, usage crypto.KeyUsag
 func (p *Storage) refreshCertificate(
 	ctx context.Context,
 	usage crypto.KeyUsage,
-	position float64,
+	position decimal.Decimal,
 ) error {
 	ok, err := p.ensureIsLatestCertificate(ctx, position)
 	if err != nil {
@@ -103,12 +104,12 @@ func (p *Storage) refreshCertificate(
 	return nil
 }
 
-func (p *Storage) ensureIsLatestCertificate(ctx context.Context, position float64) (bool, error) {
-	maxSequence, err := p.getMaxKeySequence(ctx)
+func (p *Storage) ensureIsLatestCertificate(ctx context.Context, position decimal.Decimal) (bool, error) {
+	maxSequence, err := p.getMaxKeyPosition(ctx)
 	if err != nil {
 		return false, fmt.Errorf("error retrieving new events: %w", err)
 	}
-	return position >= maxSequence, nil
+	return position.GreaterThanOrEqual(maxSequence), nil
 }
 
 func (p *Storage) lockAndGenerateCertificateAndKey(ctx context.Context, usage crypto.KeyUsage) error {
@@ -151,9 +152,9 @@ func (p *Storage) lockAndGenerateCertificateAndKey(ctx context.Context, usage cr
 	}
 }
 
-func (p *Storage) getMaxKeySequence(ctx context.Context) (float64, error) {
-	return p.eventstore.LatestSequence(ctx,
-		eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxSequence).
+func (p *Storage) getMaxKeyPosition(ctx context.Context) (decimal.Decimal, error) {
+	return p.eventstore.LatestPosition(ctx,
+		eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxPosition).
 			ResourceOwner(authz.GetInstance(ctx).InstanceID()).
 			AwaitOpenTransactions().
 			AddQuery().
diff --git a/internal/auth/repository/eventsourcing/handler/handler.go b/internal/auth/repository/eventsourcing/handler/handler.go
index 74a27a8312..0c151bb412 100644
--- a/internal/auth/repository/eventsourcing/handler/handler.go
+++ b/internal/auth/repository/eventsourcing/handler/handler.go
@@ -2,9 +2,11 @@ package handler
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"time"
 
+	"github.com/jackc/pgx/v5/pgconn"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -78,9 +80,17 @@ func Projections() []*handler2.Handler {
 func ProjectInstance(ctx context.Context) error {
 	for i, projection := range projections {
 		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("starting auth projection")
-		_, err := projection.Trigger(ctx)
-		if err != nil {
-			return err
+		for {
+			_, err := projection.Trigger(ctx)
+			if err == nil {
+				break
+			}
+			var pgErr *pgconn.PgError
+			errors.As(err, &pgErr)
+			if pgErr.Code != database.PgUniqueConstraintErrorCode {
+				return err
+			}
+			logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID()).WithError(err).Debug("auth projection failed because of unique constraint, retrying")
 		}
 		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("auth projection done")
 	}
diff --git a/internal/database/database.go b/internal/database/database.go
index ddc26a7961..b40715d6b5 100644
--- a/internal/database/database.go
+++ b/internal/database/database.go
@@ -64,6 +64,10 @@ func CloseTransaction(tx Tx, err error) error {
 	return commitErr
 }
 
+const (
+	PgUniqueConstraintErrorCode = "23505"
+)
+
 type Config struct {
 	Dialects  map[string]interface{} `mapstructure:",remain"`
 	connector dialect.Connector
diff --git a/internal/database/dialect/connections.go b/internal/database/dialect/connections.go
index 11b2681fea..a5c90b4059 100644
--- a/internal/database/dialect/connections.go
+++ b/internal/database/dialect/connections.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"reflect"
 
+	pgxdecimal "github.com/jackc/pgx-shopspring-decimal"
 	"github.com/jackc/pgx/v5"
 	"github.com/jackc/pgx/v5/pgtype"
 )
@@ -23,7 +24,12 @@ type ConnectionConfig struct {
 	AfterRelease  []func(c *pgx.Conn) error
 }
 
-var afterConnectFuncs []func(ctx context.Context, c *pgx.Conn) error
+var afterConnectFuncs = []func(ctx context.Context, c *pgx.Conn) error{
+	func(ctx context.Context, c *pgx.Conn) error {
+		pgxdecimal.Register(c.TypeMap())
+		return nil
+	},
+}
 
 func RegisterAfterConnect(f func(ctx context.Context, c *pgx.Conn) error) {
 	afterConnectFuncs = append(afterConnectFuncs, f)
diff --git a/internal/eventstore/event.go b/internal/eventstore/event.go
index 3df096f069..656a02f33d 100644
--- a/internal/eventstore/event.go
+++ b/internal/eventstore/event.go
@@ -5,6 +5,8 @@ import (
 	"reflect"
 	"time"
 
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
@@ -44,7 +46,7 @@ type Event interface {
 	// CreatedAt is the time the event was created at
 	CreatedAt() time.Time
 	// Position is the global position of the event
-	Position() float64
+	Position() decimal.Decimal
 
 	// Unmarshal parses the payload and stores the result
 	// in the value pointed to by ptr. If ptr is nil or not a pointer,
diff --git a/internal/eventstore/event_base.go b/internal/eventstore/event_base.go
index ed81e95320..6a911bc0eb 100644
--- a/internal/eventstore/event_base.go
+++ b/internal/eventstore/event_base.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/shopspring/decimal"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -25,7 +26,7 @@ type BaseEvent struct {
 	Agg *Aggregate `json:"-"`
 
 	Seq                           uint64
-	Pos                           float64
+	Pos                           decimal.Decimal
 	Creation                      time.Time
 	previousAggregateSequence     uint64
 	previousAggregateTypeSequence uint64
@@ -38,7 +39,7 @@ type BaseEvent struct {
 }
 
 // Position implements Event.
-func (e *BaseEvent) Position() float64 {
+func (e *BaseEvent) Position() decimal.Decimal {
 	return e.Pos
 }
 
diff --git a/internal/eventstore/eventstore.go b/internal/eventstore/eventstore.go
index 4954df86c8..8a8d32bc43 100644
--- a/internal/eventstore/eventstore.go
+++ b/internal/eventstore/eventstore.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/jackc/pgx/v5/pgconn"
+	"github.com/shopspring/decimal"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -14,6 +15,12 @@ import (
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
+func init() {
+	// this is needed to ensure that position is marshaled as a number
+	// otherwise it will be marshaled as a string
+	decimal.MarshalJSONWithoutQuotes = true
+}
+
 // Eventstore abstracts all functions needed to store valid events
 // and filters the stored events
 type Eventstore struct {
@@ -229,11 +236,11 @@ func (es *Eventstore) FilterToReducer(ctx context.Context, searchQuery *SearchQu
 	})
 }
 
-// LatestSequence filters the latest sequence for the given search query
-func (es *Eventstore) LatestSequence(ctx context.Context, queryFactory *SearchQueryBuilder) (float64, error) {
+// LatestPosition filters the latest position for the given search query
+func (es *Eventstore) LatestPosition(ctx context.Context, queryFactory *SearchQueryBuilder) (decimal.Decimal, error) {
 	queryFactory.InstanceID(authz.GetInstance(ctx).InstanceID())
 
-	return es.querier.LatestSequence(ctx, queryFactory)
+	return es.querier.LatestPosition(ctx, queryFactory)
 }
 
 // InstanceIDs returns the distinct instance ids found by the search query
@@ -265,8 +272,8 @@ type Querier interface {
 	Health(ctx context.Context) error
 	// FilterToReducer calls r for every event returned from the storage
 	FilterToReducer(ctx context.Context, searchQuery *SearchQueryBuilder, r Reducer) error
-	// LatestSequence returns the latest sequence found by the search query
-	LatestSequence(ctx context.Context, queryFactory *SearchQueryBuilder) (float64, error)
+	// LatestPosition returns the latest position found by the search query
+	LatestPosition(ctx context.Context, queryFactory *SearchQueryBuilder) (decimal.Decimal, error)
 	// InstanceIDs returns the instance ids found by the search query
 	InstanceIDs(ctx context.Context, queryFactory *SearchQueryBuilder) ([]string, error)
 	// Client returns the underlying database connection
diff --git a/internal/eventstore/eventstore_querier_test.go b/internal/eventstore/eventstore_querier_test.go
index 3f23c5da75..88797a835e 100644
--- a/internal/eventstore/eventstore_querier_test.go
+++ b/internal/eventstore/eventstore_querier_test.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"testing"
 
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/eventstore"
 )
 
@@ -131,7 +133,7 @@ func TestEventstore_Filter(t *testing.T) {
 	}
 }
 
-func TestEventstore_LatestSequence(t *testing.T) {
+func TestEventstore_LatestPosition(t *testing.T) {
 	type args struct {
 		searchQuery *eventstore.SearchQueryBuilder
 	}
@@ -139,7 +141,7 @@ func TestEventstore_LatestSequence(t *testing.T) {
 		existingEvents []eventstore.Command
 	}
 	type res struct {
-		sequence float64
+		position decimal.Decimal
 	}
 	tests := []struct {
 		name    string
@@ -151,7 +153,7 @@ func TestEventstore_LatestSequence(t *testing.T) {
 		{
 			name: "aggregate type filter no sequence",
 			args: args{
-				searchQuery: eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxSequence).
+				searchQuery: eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxPosition).
 					AddQuery().
 					AggregateTypes("not found").
 					Builder(),
@@ -168,7 +170,7 @@ func TestEventstore_LatestSequence(t *testing.T) {
 		{
 			name: "aggregate type filter sequence",
 			args: args{
-				searchQuery: eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxSequence).
+				searchQuery: eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxPosition).
 					AddQuery().
 					AggregateTypes(eventstore.AggregateType(t.Name())).
 					Builder(),
@@ -202,12 +204,12 @@ func TestEventstore_LatestSequence(t *testing.T) {
 					return
 				}
 
-				sequence, err := db.LatestSequence(context.Background(), tt.args.searchQuery)
+				position, err := db.LatestPosition(context.Background(), tt.args.searchQuery)
 				if (err != nil) != tt.wantErr {
 					t.Errorf("eventstore.query() error = %v, wantErr %v", err, tt.wantErr)
 				}
-				if tt.res.sequence > sequence {
-					t.Errorf("eventstore.query() expected sequence: %v got %v", tt.res.sequence, sequence)
+				if tt.res.position.GreaterThan(position) {
+					t.Errorf("eventstore.query() expected position: %v got %v", tt.res.position, position)
 				}
 			})
 		}
diff --git a/internal/eventstore/eventstore_test.go b/internal/eventstore/eventstore_test.go
index 9e1aa77db1..5452572faa 100644
--- a/internal/eventstore/eventstore_test.go
+++ b/internal/eventstore/eventstore_test.go
@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"github.com/jackc/pgx/v5/pgconn"
+	"github.com/shopspring/decimal"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/service"
@@ -397,7 +398,7 @@ func (repo *testPusher) Push(_ context.Context, _ database.ContextQueryExecuter,
 
 type testQuerier struct {
 	events    []Event
-	sequence  float64
+	sequence  decimal.Decimal
 	instances []string
 	err       error
 	t         *testing.T
@@ -430,9 +431,9 @@ func (repo *testQuerier) FilterToReducer(ctx context.Context, searchQuery *Searc
 	return nil
 }
 
-func (repo *testQuerier) LatestSequence(ctx context.Context, queryFactory *SearchQueryBuilder) (float64, error) {
+func (repo *testQuerier) LatestPosition(ctx context.Context, queryFactory *SearchQueryBuilder) (decimal.Decimal, error) {
 	if repo.err != nil {
-		return 0, repo.err
+		return decimal.Decimal{}, repo.err
 	}
 	return repo.sequence, nil
 }
@@ -1076,7 +1077,7 @@ func TestEventstore_FilterEvents(t *testing.T) {
 	}
 }
 
-func TestEventstore_LatestSequence(t *testing.T) {
+func TestEventstore_LatestPosition(t *testing.T) {
 	type args struct {
 		query *SearchQueryBuilder
 	}
@@ -1096,7 +1097,7 @@ func TestEventstore_LatestSequence(t *testing.T) {
 			name: "no events",
 			args: args{
 				query: &SearchQueryBuilder{
-					columns: ColumnsMaxSequence,
+					columns: ColumnsMaxPosition,
 					queries: []*SearchQuery{
 						{
 							builder:        &SearchQueryBuilder{},
@@ -1119,7 +1120,7 @@ func TestEventstore_LatestSequence(t *testing.T) {
 			name: "repo error",
 			args: args{
 				query: &SearchQueryBuilder{
-					columns: ColumnsMaxSequence,
+					columns: ColumnsMaxPosition,
 					queries: []*SearchQuery{
 						{
 							builder:        &SearchQueryBuilder{},
@@ -1142,7 +1143,7 @@ func TestEventstore_LatestSequence(t *testing.T) {
 			name: "found events",
 			args: args{
 				query: &SearchQueryBuilder{
-					columns: ColumnsMaxSequence,
+					columns: ColumnsMaxPosition,
 					queries: []*SearchQuery{
 						{
 							builder:        &SearchQueryBuilder{},
@@ -1168,7 +1169,7 @@ func TestEventstore_LatestSequence(t *testing.T) {
 				querier: tt.fields.repo,
 			}
 
-			_, err := es.LatestSequence(context.Background(), tt.args.query)
+			_, err := es.LatestPosition(context.Background(), tt.args.query)
 			if (err != nil) != tt.res.wantErr {
 				t.Errorf("Eventstore.aggregatesToEvents() error = %v, wantErr %v", err, tt.res.wantErr)
 			}
diff --git a/internal/eventstore/handler/v2/field_handler.go b/internal/eventstore/handler/v2/field_handler.go
index ad309ac790..3c25731c83 100644
--- a/internal/eventstore/handler/v2/field_handler.go
+++ b/internal/eventstore/handler/v2/field_handler.go
@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/jackc/pgx/v5/pgconn"
+	"github.com/shopspring/decimal"
 
 	"github.com/zitadel/zitadel/internal/eventstore"
 )
@@ -126,10 +127,15 @@ func (h *FieldHandler) processEvents(ctx context.Context, config *triggerConfig)
 		return additionalIteration, err
 	}
 	// stop execution if currentState.eventTimestamp >= config.maxCreatedAt
-	if config.maxPosition != 0 && currentState.position >= config.maxPosition {
+	if !config.maxPosition.IsZero() && currentState.position.GreaterThanOrEqual(config.maxPosition) {
 		return false, nil
 	}
 
+	if config.minPosition.GreaterThan(decimal.NewFromInt(0)) {
+		currentState.position = config.minPosition
+		currentState.offset = 0
+	}
+
 	events, additionalIteration, err := h.fetchEvents(ctx, tx, currentState)
 	if err != nil {
 		return additionalIteration, err
@@ -159,7 +165,7 @@ func (h *FieldHandler) fetchEvents(ctx context.Context, tx *sql.Tx, currentState
 
 	idx, offset := skipPreviouslyReducedEvents(events, currentState)
 
-	if currentState.position == events[len(events)-1].Position() {
+	if currentState.position.Equal(events[len(events)-1].Position()) {
 		offset += currentState.offset
 	}
 	currentState.position = events[len(events)-1].Position()
@@ -179,7 +185,7 @@ func (h *FieldHandler) fetchEvents(ctx context.Context, tx *sql.Tx, currentState
 	fillFieldsEvents := make([]eventstore.FillFieldsEvent, len(events))
 	highestPosition := events[len(events)-1].Position()
 	for i, event := range events {
-		if event.Position() == highestPosition {
+		if event.Position().Equal(highestPosition) {
 			offset++
 		}
 		fillFieldsEvents[i] = event.(eventstore.FillFieldsEvent)
@@ -189,14 +195,14 @@ func (h *FieldHandler) fetchEvents(ctx context.Context, tx *sql.Tx, currentState
 }
 
 func skipPreviouslyReducedEvents(events []eventstore.Event, currentState *state) (index int, offset uint32) {
-	var position float64
+	var position decimal.Decimal
 	for i, event := range events {
-		if event.Position() != position {
+		if !event.Position().Equal(position) {
 			offset = 0
 			position = event.Position()
 		}
 		offset++
-		if event.Position() == currentState.position &&
+		if event.Position().Equal(currentState.position) &&
 			event.Aggregate().ID == currentState.aggregateID &&
 			event.Aggregate().Type == currentState.aggregateType &&
 			event.Sequence() == currentState.sequence {
diff --git a/internal/eventstore/handler/v2/handler.go b/internal/eventstore/handler/v2/handler.go
index fb696ad090..fd8b206b38 100644
--- a/internal/eventstore/handler/v2/handler.go
+++ b/internal/eventstore/handler/v2/handler.go
@@ -4,13 +4,13 @@ import (
 	"context"
 	"database/sql"
 	"errors"
-	"math"
 	"math/rand"
 	"slices"
 	"sync"
 	"time"
 
 	"github.com/jackc/pgx/v5/pgconn"
+	"github.com/shopspring/decimal"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -395,7 +395,8 @@ func (h *Handler) existingInstances(ctx context.Context) ([]string, error) {
 
 type triggerConfig struct {
 	awaitRunning bool
-	maxPosition  float64
+	maxPosition  decimal.Decimal
+	minPosition  decimal.Decimal
 }
 
 type TriggerOpt func(conf *triggerConfig)
@@ -406,12 +407,18 @@ func WithAwaitRunning() TriggerOpt {
 	}
 }
 
-func WithMaxPosition(position float64) TriggerOpt {
+func WithMaxPosition(position decimal.Decimal) TriggerOpt {
 	return func(conf *triggerConfig) {
 		conf.maxPosition = position
 	}
 }
 
+func WithMinPosition(position decimal.Decimal) TriggerOpt {
+	return func(conf *triggerConfig) {
+		conf.minPosition = position
+	}
+}
+
 func (h *Handler) Trigger(ctx context.Context, opts ...TriggerOpt) (_ context.Context, err error) {
 	config := new(triggerConfig)
 	for _, opt := range opts {
@@ -520,10 +527,15 @@ func (h *Handler) processEvents(ctx context.Context, config *triggerConfig) (add
 		return additionalIteration, err
 	}
 	// stop execution if currentState.position >= config.maxPosition
-	if config.maxPosition != 0 && currentState.position >= config.maxPosition {
+	if !config.maxPosition.Equal(decimal.Decimal{}) && currentState.position.GreaterThanOrEqual(config.maxPosition) {
 		return false, nil
 	}
 
+	if config.minPosition.GreaterThan(decimal.NewFromInt(0)) {
+		currentState.position = config.minPosition
+		currentState.offset = 0
+	}
+
 	var statements []*Statement
 	statements, additionalIteration, err = h.generateStatements(ctx, tx, currentState)
 	if err != nil {
@@ -565,7 +577,10 @@ func (h *Handler) processEvents(ctx context.Context, config *triggerConfig) (add
 	currentState.sequence = statements[lastProcessedIndex].Sequence
 	currentState.eventTimestamp = statements[lastProcessedIndex].CreationDate
 
-	err = h.setState(tx, currentState)
+	setStateErr := h.setState(tx, currentState)
+	if setStateErr != nil {
+		err = setStateErr
+	}
 
 	return additionalIteration, err
 }
@@ -615,7 +630,7 @@ func (h *Handler) generateStatements(ctx context.Context, tx *sql.Tx, currentSta
 
 func skipPreviouslyReducedStatements(statements []*Statement, currentState *state) int {
 	for i, statement := range statements {
-		if statement.Position == currentState.position &&
+		if statement.Position.Equal(currentState.position) &&
 			statement.Aggregate.ID == currentState.aggregateID &&
 			statement.Aggregate.Type == currentState.aggregateType &&
 			statement.Sequence == currentState.sequence {
@@ -678,9 +693,8 @@ func (h *Handler) eventQuery(currentState *state) *eventstore.SearchQueryBuilder
 		OrderAsc().
 		InstanceID(currentState.instanceID)
 
-	if currentState.position > 0 {
-		// decrease position by 10 because builder.PositionAfter filters for position > and we need position >=
-		builder = builder.PositionAfter(math.Float64frombits(math.Float64bits(currentState.position) - 10))
+	if currentState.position.GreaterThan(decimal.Decimal{}) {
+		builder = builder.PositionAtLeast(currentState.position)
 		if currentState.offset > 0 {
 			builder = builder.Offset(currentState.offset)
 		}
diff --git a/internal/eventstore/handler/v2/state.go b/internal/eventstore/handler/v2/state.go
index d3b6953488..c4afaed204 100644
--- a/internal/eventstore/handler/v2/state.go
+++ b/internal/eventstore/handler/v2/state.go
@@ -7,6 +7,8 @@ import (
 	"errors"
 	"time"
 
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/zerrors"
@@ -14,7 +16,7 @@ import (
 
 type state struct {
 	instanceID     string
-	position       float64
+	position       decimal.Decimal
 	eventTimestamp time.Time
 	aggregateType  eventstore.AggregateType
 	aggregateID    string
@@ -45,7 +47,7 @@ func (h *Handler) currentState(ctx context.Context, tx *sql.Tx, config *triggerC
 		aggregateType = new(sql.NullString)
 		sequence      = new(sql.NullInt64)
 		timestamp     = new(sql.NullTime)
-		position      = new(sql.NullFloat64)
+		position      = new(decimal.NullDecimal)
 		offset        = new(sql.NullInt64)
 	)
 
@@ -75,7 +77,7 @@ func (h *Handler) currentState(ctx context.Context, tx *sql.Tx, config *triggerC
 	currentState.aggregateType = eventstore.AggregateType(aggregateType.String)
 	currentState.sequence = uint64(sequence.Int64)
 	currentState.eventTimestamp = timestamp.Time
-	currentState.position = position.Float64
+	currentState.position = position.Decimal
 	// psql does not provide unsigned numbers so we work around it
 	currentState.offset = uint32(offset.Int64)
 	return currentState, nil
diff --git a/internal/eventstore/handler/v2/state_test.go b/internal/eventstore/handler/v2/state_test.go
index cc5fb1fbab..ef91d78e55 100644
--- a/internal/eventstore/handler/v2/state_test.go
+++ b/internal/eventstore/handler/v2/state_test.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"github.com/jackc/pgx/v5/pgconn"
+	"github.com/shopspring/decimal"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/database/mock"
@@ -166,7 +167,7 @@ func TestHandler_updateLastUpdated(t *testing.T) {
 				updatedState: &state{
 					instanceID:     "instance",
 					eventTimestamp: time.Now(),
-					position:       42,
+					position:       decimal.NewFromInt(42),
 				},
 			},
 			isErr: func(t *testing.T, err error) {
@@ -192,7 +193,7 @@ func TestHandler_updateLastUpdated(t *testing.T) {
 				updatedState: &state{
 					instanceID:     "instance",
 					eventTimestamp: time.Now(),
-					position:       42,
+					position:       decimal.NewFromInt(42),
 				},
 			},
 			isErr: func(t *testing.T, err error) {
@@ -217,7 +218,7 @@ func TestHandler_updateLastUpdated(t *testing.T) {
 							eventstore.AggregateType("aggregate type"),
 							uint64(42),
 							mock.AnyType[time.Time]{},
-							float64(42),
+							decimal.NewFromInt(42),
 							uint32(0),
 						),
 						mock.WithExecRowsAffected(1),
@@ -228,7 +229,7 @@ func TestHandler_updateLastUpdated(t *testing.T) {
 				updatedState: &state{
 					instanceID:     "instance",
 					eventTimestamp: time.Now(),
-					position:       42,
+					position:       decimal.NewFromInt(42),
 					aggregateType:  "aggregate type",
 					aggregateID:    "aggregate id",
 					sequence:       42,
@@ -397,7 +398,7 @@ func TestHandler_currentState(t *testing.T) {
 									"aggregate type",
 									int64(42),
 									testTime,
-									float64(42),
+									decimal.NewFromInt(42).String(),
 									uint16(10),
 								},
 							},
@@ -412,7 +413,7 @@ func TestHandler_currentState(t *testing.T) {
 				currentState: &state{
 					instanceID:     "instance",
 					eventTimestamp: testTime,
-					position:       42,
+					position:       decimal.NewFromInt(42),
 					aggregateType:  "aggregate type",
 					aggregateID:    "aggregate id",
 					sequence:       42,
diff --git a/internal/eventstore/handler/v2/statement.go b/internal/eventstore/handler/v2/statement.go
index a02e5d3580..5024c8c945 100644
--- a/internal/eventstore/handler/v2/statement.go
+++ b/internal/eventstore/handler/v2/statement.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/shopspring/decimal"
 	"github.com/zitadel/logging"
 	"golang.org/x/exp/constraints"
 
@@ -52,7 +53,7 @@ func (h *Handler) eventsToStatements(tx *sql.Tx, events []eventstore.Event, curr
 			return statements, err
 		}
 		offset++
-		if previousPosition != event.Position() {
+		if !previousPosition.Equal(event.Position()) {
 			// offset is 1 because we want to skip this event
 			offset = 1
 		}
@@ -82,7 +83,7 @@ func (h *Handler) reduce(event eventstore.Event) (*Statement, error) {
 type Statement struct {
 	Aggregate    *eventstore.Aggregate
 	Sequence     uint64
-	Position     float64
+	Position     decimal.Decimal
 	CreationDate time.Time
 
 	offset uint32
diff --git a/internal/eventstore/local_postgres_test.go b/internal/eventstore/local_postgres_test.go
index d75292b3ff..fdb8b4f516 100644
--- a/internal/eventstore/local_postgres_test.go
+++ b/internal/eventstore/local_postgres_test.go
@@ -2,12 +2,13 @@ package eventstore_test
 
 import (
 	"context"
-	"database/sql"
 	"encoding/json"
 	"os"
 	"testing"
 	"time"
 
+	pgxdecimal "github.com/jackc/pgx-shopspring-decimal"
+	"github.com/jackc/pgx/v5"
 	"github.com/jackc/pgx/v5/pgxpool"
 	"github.com/jackc/pgx/v5/stdlib"
 	"github.com/zitadel/logging"
@@ -40,7 +41,10 @@ func TestMain(m *testing.M) {
 		connConfig, err := pgxpool.ParseConfig(config.GetConnectionURL())
 		logging.OnError(err).Fatal("unable to parse db url")
 
-		connConfig.AfterConnect = new_es.RegisterEventstoreTypes
+		connConfig.AfterConnect = func(ctx context.Context, conn *pgx.Conn) error {
+			pgxdecimal.Register(conn.TypeMap())
+			return new_es.RegisterEventstoreTypes(ctx, conn)
+		}
 		pool, err := pgxpool.NewWithConfig(context.Background(), connConfig)
 		logging.OnError(err).Fatal("unable to create db pool")
 
@@ -101,10 +105,19 @@ func initDB(ctx context.Context, db *database.DB) error {
 }
 
 func connectLocalhost() (*database.DB, error) {
-	client, err := sql.Open("pgx", "postgresql://postgres@localhost:5432/postgres?sslmode=disable")
+	config, err := pgxpool.ParseConfig("postgresql://postgres@localhost:5432/postgres?sslmode=disable")
 	if err != nil {
 		return nil, err
 	}
+	config.AfterConnect = func(ctx context.Context, conn *pgx.Conn) error {
+		pgxdecimal.Register(conn.TypeMap())
+		return new_es.RegisterEventstoreTypes(ctx, conn)
+	}
+	pool, err := pgxpool.NewWithConfig(context.Background(), config)
+	if err != nil {
+		return nil, err
+	}
+	client := stdlib.OpenDBFromPool(pool)
 	if err = client.Ping(); err != nil {
 		return nil, err
 	}
diff --git a/internal/eventstore/read_model.go b/internal/eventstore/read_model.go
index d2c755cc3a..ae77275732 100644
--- a/internal/eventstore/read_model.go
+++ b/internal/eventstore/read_model.go
@@ -1,19 +1,23 @@
 package eventstore
 
-import "time"
+import (
+	"time"
+
+	"github.com/shopspring/decimal"
+)
 
 // ReadModel is the minimum representation of a read model.
 // It implements a basic reducer
 // it might be saved in a database or in memory
 type ReadModel struct {
-	AggregateID       string    `json:"-"`
-	ProcessedSequence uint64    `json:"-"`
-	CreationDate      time.Time `json:"-"`
-	ChangeDate        time.Time `json:"-"`
-	Events            []Event   `json:"-"`
-	ResourceOwner     string    `json:"-"`
-	InstanceID        string    `json:"-"`
-	Position          float64   `json:"-"`
+	AggregateID       string          `json:"-"`
+	ProcessedSequence uint64          `json:"-"`
+	CreationDate      time.Time       `json:"-"`
+	ChangeDate        time.Time       `json:"-"`
+	Events            []Event         `json:"-"`
+	ResourceOwner     string          `json:"-"`
+	InstanceID        string          `json:"-"`
+	Position          decimal.Decimal `json:"-"`
 }
 
 // AppendEvents adds all the events to the read model.
diff --git a/internal/eventstore/repository/event.go b/internal/eventstore/repository/event.go
index d0d2660d79..1107649934 100644
--- a/internal/eventstore/repository/event.go
+++ b/internal/eventstore/repository/event.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/shopspring/decimal"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -22,7 +23,7 @@ type Event struct {
 	// Seq is the sequence of the event
 	Seq uint64
 	// Pos is the global sequence of the event multiple events can have the same sequence
-	Pos float64
+	Pos decimal.Decimal
 
 	//CreationDate is the time the event is created
 	// it's used for human readability.
@@ -97,7 +98,7 @@ func (e *Event) Sequence() uint64 {
 }
 
 // Position implements [eventstore.Event]
-func (e *Event) Position() float64 {
+func (e *Event) Position() decimal.Decimal {
 	return e.Pos
 }
 
diff --git a/internal/eventstore/repository/mock/repository.mock.go b/internal/eventstore/repository/mock/repository.mock.go
index 8d5c0430ad..12925bc975 100644
--- a/internal/eventstore/repository/mock/repository.mock.go
+++ b/internal/eventstore/repository/mock/repository.mock.go
@@ -13,6 +13,7 @@ import (
 	context "context"
 	reflect "reflect"
 
+	decimal "github.com/shopspring/decimal"
 	database "github.com/zitadel/zitadel/internal/database"
 	eventstore "github.com/zitadel/zitadel/internal/eventstore"
 	gomock "go.uber.org/mock/gomock"
@@ -98,19 +99,19 @@ func (mr *MockQuerierMockRecorder) InstanceIDs(arg0, arg1 any) *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "InstanceIDs", reflect.TypeOf((*MockQuerier)(nil).InstanceIDs), arg0, arg1)
 }
 
-// LatestSequence mocks base method.
-func (m *MockQuerier) LatestSequence(arg0 context.Context, arg1 *eventstore.SearchQueryBuilder) (float64, error) {
+// LatestPosition mocks base method.
+func (m *MockQuerier) LatestPosition(arg0 context.Context, arg1 *eventstore.SearchQueryBuilder) (decimal.Decimal, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "LatestSequence", arg0, arg1)
-	ret0, _ := ret[0].(float64)
+	ret := m.ctrl.Call(m, "LatestPosition", arg0, arg1)
+	ret0, _ := ret[0].(decimal.Decimal)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
-// LatestSequence indicates an expected call of LatestSequence.
-func (mr *MockQuerierMockRecorder) LatestSequence(arg0, arg1 any) *gomock.Call {
+// LatestPosition indicates an expected call of LatestPosition.
+func (mr *MockQuerierMockRecorder) LatestPosition(arg0, arg1 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "LatestSequence", reflect.TypeOf((*MockQuerier)(nil).LatestSequence), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "LatestPosition", reflect.TypeOf((*MockQuerier)(nil).LatestPosition), arg0, arg1)
 }
 
 // MockPusher is a mock of Pusher interface.
diff --git a/internal/eventstore/repository/mock/repository.mock.impl.go b/internal/eventstore/repository/mock/repository.mock.impl.go
index ced76953cb..313f7ee5e8 100644
--- a/internal/eventstore/repository/mock/repository.mock.impl.go
+++ b/internal/eventstore/repository/mock/repository.mock.impl.go
@@ -7,6 +7,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/shopspring/decimal"
 	"github.com/stretchr/testify/assert"
 	"go.uber.org/mock/gomock"
 
@@ -197,8 +198,8 @@ func (e *mockEvent) Sequence() uint64 {
 	return e.sequence
 }
 
-func (e *mockEvent) Position() float64 {
-	return 0
+func (e *mockEvent) Position() decimal.Decimal {
+	return decimal.Decimal{}
 }
 
 func (e *mockEvent) CreatedAt() time.Time {
diff --git a/internal/eventstore/repository/search_query.go b/internal/eventstore/repository/search_query.go
index 6ffba31ca8..760f7f616c 100644
--- a/internal/eventstore/repository/search_query.go
+++ b/internal/eventstore/repository/search_query.go
@@ -3,6 +3,8 @@ package repository
 import (
 	"database/sql"
 
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/database"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/zerrors"
@@ -57,6 +59,8 @@ const (
 	// OperationNotIn checks if a stored value does not match one of the passed value list
 	OperationNotIn
 
+	OperationGreaterOrEquals
+
 	operationCount
 )
 
@@ -250,10 +254,10 @@ func instanceIDsFilter(builder *eventstore.SearchQueryBuilder, query *SearchQuer
 }
 
 func positionAfterFilter(builder *eventstore.SearchQueryBuilder, query *SearchQuery) *Filter {
-	if builder.GetPositionAfter() == 0 {
+	if builder.GetPositionAtLeast().IsZero() {
 		return nil
 	}
-	query.Position = NewFilter(FieldPosition, builder.GetPositionAfter(), OperationGreater)
+	query.Position = NewFilter(FieldPosition, builder.GetPositionAtLeast(), OperationGreaterOrEquals)
 	return query.Position
 }
 
@@ -295,7 +299,7 @@ func eventDataFilter(query *eventstore.SearchQuery) *Filter {
 }
 
 func eventPositionAfterFilter(query *eventstore.SearchQuery) *Filter {
-	if pos := query.GetPositionAfter(); pos != 0 {
+	if pos := query.GetPositionAfter(); !pos.Equal(decimal.Decimal{}) {
 		return NewFilter(FieldPosition, pos, OperationGreater)
 	}
 	return nil
diff --git a/internal/eventstore/repository/sql/local_postgres_test.go b/internal/eventstore/repository/sql/local_postgres_test.go
index 765da213e3..ae1f7b4831 100644
--- a/internal/eventstore/repository/sql/local_postgres_test.go
+++ b/internal/eventstore/repository/sql/local_postgres_test.go
@@ -7,6 +7,8 @@ import (
 	"testing"
 	"time"
 
+	pgxdecimal "github.com/jackc/pgx-shopspring-decimal"
+	"github.com/jackc/pgx/v5"
 	"github.com/jackc/pgx/v5/pgxpool"
 	"github.com/jackc/pgx/v5/stdlib"
 	"github.com/zitadel/logging"
@@ -30,7 +32,11 @@ func TestMain(m *testing.M) {
 		connConfig, err := pgxpool.ParseConfig(config.GetConnectionURL())
 		logging.OnError(err).Fatal("unable to parse db url")
 
-		connConfig.AfterConnect = new_es.RegisterEventstoreTypes
+		connConfig.AfterConnect = func(ctx context.Context, conn *pgx.Conn) error {
+			pgxdecimal.Register(conn.TypeMap())
+			return new_es.RegisterEventstoreTypes(ctx, conn)
+		}
+
 		pool, err := pgxpool.NewWithConfig(context.Background(), connConfig)
 		logging.OnError(err).Fatal("unable to create db pool")
 
diff --git a/internal/eventstore/repository/sql/postgres.go b/internal/eventstore/repository/sql/postgres.go
index bc9ad2e029..0dc2210f7b 100644
--- a/internal/eventstore/repository/sql/postgres.go
+++ b/internal/eventstore/repository/sql/postgres.go
@@ -2,12 +2,12 @@ package sql
 
 import (
 	"context"
-	"database/sql"
 	"errors"
 	"regexp"
 	"strconv"
 
 	"github.com/jackc/pgx/v5/pgconn"
+	"github.com/shopspring/decimal"
 
 	"github.com/zitadel/zitadel/internal/database"
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -55,11 +55,11 @@ func (psql *Postgres) FilterToReducer(ctx context.Context, searchQuery *eventsto
 	return err
 }
 
-// LatestSequence returns the latest sequence found by the search query
-func (db *Postgres) LatestSequence(ctx context.Context, searchQuery *eventstore.SearchQueryBuilder) (float64, error) {
-	var position sql.NullFloat64
+// LatestPosition returns the latest position found by the search query
+func (db *Postgres) LatestPosition(ctx context.Context, searchQuery *eventstore.SearchQueryBuilder) (decimal.Decimal, error) {
+	var position decimal.Decimal
 	err := query(ctx, db, searchQuery, &position, false)
-	return position.Float64, err
+	return position, err
 }
 
 // InstanceIDs returns the instance ids found by the search query
@@ -126,7 +126,7 @@ func (db *Postgres) eventQuery(useV1 bool) string {
 		" FROM eventstore.events2"
 }
 
-func (db *Postgres) maxSequenceQuery(useV1 bool) string {
+func (db *Postgres) maxPositionQuery(useV1 bool) string {
 	if useV1 {
 		return `SELECT event_sequence FROM eventstore.events`
 	}
@@ -207,6 +207,8 @@ func (db *Postgres) operation(operation repository.Operation) string {
 		return "="
 	case repository.OperationGreater:
 		return ">"
+	case repository.OperationGreaterOrEquals:
+		return ">="
 	case repository.OperationLess:
 		return "<"
 	case repository.OperationJSONContains:
diff --git a/internal/eventstore/repository/sql/postgres_test.go b/internal/eventstore/repository/sql/postgres_test.go
index 151fdd1b6a..8a9b7bc049 100644
--- a/internal/eventstore/repository/sql/postgres_test.go
+++ b/internal/eventstore/repository/sql/postgres_test.go
@@ -4,6 +4,8 @@ import (
 	"database/sql"
 	"testing"
 
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/repository"
 )
@@ -312,7 +314,7 @@ func generateEvent(t *testing.T, aggregateID string, opts ...func(*repository.Ev
 		ResourceOwner: sql.NullString{String: "ro", Valid: true},
 		Typ:           "test.created",
 		Version:       "v1",
-		Pos:           42,
+		Pos:           decimal.NewFromInt(42),
 	}
 
 	for _, opt := range opts {
diff --git a/internal/eventstore/repository/sql/query.go b/internal/eventstore/repository/sql/query.go
index a545225d9e..8584a82fa0 100644
--- a/internal/eventstore/repository/sql/query.go
+++ b/internal/eventstore/repository/sql/query.go
@@ -9,6 +9,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/shopspring/decimal"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/database"
@@ -24,7 +25,7 @@ type querier interface {
 	conditionFormat(repository.Operation) string
 	placeholder(query string) string
 	eventQuery(useV1 bool) string
-	maxSequenceQuery(useV1 bool) string
+	maxPositionQuery(useV1 bool) string
 	instanceIDsQuery(useV1 bool) string
 	Client() *database.DB
 	orderByEventSequence(desc, shouldOrderBySequence, useV1 bool) string
@@ -68,7 +69,7 @@ func query(ctx context.Context, criteria querier, searchQuery *eventstore.Search
 
 	// instead of using the max function of the database (which doesn't work for postgres)
 	// we select the most recent row
-	if q.Columns == eventstore.ColumnsMaxSequence {
+	if q.Columns == eventstore.ColumnsMaxPosition {
 		q.Limit = 1
 		q.Desc = true
 	}
@@ -85,7 +86,7 @@ func query(ctx context.Context, criteria querier, searchQuery *eventstore.Search
 
 	switch q.Columns {
 	case eventstore.ColumnsEvent,
-		eventstore.ColumnsMaxSequence:
+		eventstore.ColumnsMaxPosition:
 		query += criteria.orderByEventSequence(q.Desc, shouldOrderBySequence, useV1)
 	}
 
@@ -141,8 +142,8 @@ func query(ctx context.Context, criteria querier, searchQuery *eventstore.Search
 
 func prepareColumns(criteria querier, columns eventstore.Columns, useV1 bool) (string, func(s scan, dest interface{}) error) {
 	switch columns {
-	case eventstore.ColumnsMaxSequence:
-		return criteria.maxSequenceQuery(useV1), maxSequenceScanner
+	case eventstore.ColumnsMaxPosition:
+		return criteria.maxPositionQuery(useV1), maxPositionScanner
 	case eventstore.ColumnsInstanceIDs:
 		return criteria.instanceIDsQuery(useV1), instanceIDsScanner
 	case eventstore.ColumnsEvent:
@@ -152,13 +153,15 @@ func prepareColumns(criteria querier, columns eventstore.Columns, useV1 bool) (s
 	}
 }
 
-func maxSequenceScanner(row scan, dest any) (err error) {
-	position, ok := dest.(*sql.NullFloat64)
+func maxPositionScanner(row scan, dest interface{}) (err error) {
+	position, ok := dest.(*decimal.Decimal)
 	if !ok {
-		return zerrors.ThrowInvalidArgumentf(nil, "SQL-NBjA9", "type must be sql.NullInt64 got: %T", dest)
+		return zerrors.ThrowInvalidArgumentf(nil, "SQL-NBjA9", "type must be pointer to decimal.Decimal got: %T", dest)
 	}
-	err = row(position)
+	var res decimal.NullDecimal
+	err = row(&res)
 	if err == nil || errors.Is(err, sql.ErrNoRows) {
+		*position = res.Decimal
 		return nil
 	}
 	return zerrors.ThrowInternal(err, "SQL-bN5xg", "something went wrong")
@@ -187,7 +190,7 @@ func eventsScanner(useV1 bool) func(scanner scan, dest interface{}) (err error)
 			return zerrors.ThrowInvalidArgumentf(nil, "SQL-4GP6F", "events scanner: invalid type %T", dest)
 		}
 		event := new(repository.Event)
-		position := new(sql.NullFloat64)
+		position := new(decimal.NullDecimal)
 
 		if useV1 {
 			err = scanner(
@@ -224,7 +227,7 @@ func eventsScanner(useV1 bool) func(scanner scan, dest interface{}) (err error)
 			logging.New().WithError(err).Warn("unable to scan row")
 			return zerrors.ThrowInternal(err, "SQL-M0dsf", "unable to scan row")
 		}
-		event.Pos = position.Float64
+		event.Pos = position.Decimal
 		return reduce(event)
 	}
 }
diff --git a/internal/eventstore/repository/sql/query_test.go b/internal/eventstore/repository/sql/query_test.go
index 3df819be64..0e2425dd07 100644
--- a/internal/eventstore/repository/sql/query_test.go
+++ b/internal/eventstore/repository/sql/query_test.go
@@ -7,10 +7,12 @@ import (
 	"reflect"
 	"regexp"
 	"strconv"
+	"strings"
 	"testing"
 	"time"
 
 	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/shopspring/decimal"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/zitadel/zitadel/internal/database"
@@ -111,36 +113,36 @@ func Test_prepareColumns(t *testing.T) {
 		{
 			name: "max column",
 			args: args{
-				columns: eventstore.ColumnsMaxSequence,
-				dest:    new(sql.NullFloat64),
+				columns: eventstore.ColumnsMaxPosition,
+				dest:    new(decimal.Decimal),
 				useV1:   true,
 			},
 			res: res{
 				query:    `SELECT event_sequence FROM eventstore.events`,
-				expected: sql.NullFloat64{Float64: 43, Valid: true},
+				expected: decimal.NewFromInt(42),
 			},
 			fields: fields{
-				dbRow: []interface{}{sql.NullFloat64{Float64: 43, Valid: true}},
+				dbRow: []interface{}{decimal.NewNullDecimal(decimal.NewFromInt(42))},
 			},
 		},
 		{
 			name: "max column v2",
 			args: args{
-				columns: eventstore.ColumnsMaxSequence,
-				dest:    new(sql.NullFloat64),
+				columns: eventstore.ColumnsMaxPosition,
+				dest:    new(decimal.Decimal),
 			},
 			res: res{
 				query:    `SELECT "position" FROM eventstore.events2`,
-				expected: sql.NullFloat64{Float64: 43, Valid: true},
+				expected: decimal.NewFromInt(42),
 			},
 			fields: fields{
-				dbRow: []interface{}{sql.NullFloat64{Float64: 43, Valid: true}},
+				dbRow: []interface{}{decimal.NewNullDecimal(decimal.NewFromInt(42))},
 			},
 		},
 		{
 			name: "max sequence wrong dest type",
 			args: args{
-				columns: eventstore.ColumnsMaxSequence,
+				columns: eventstore.ColumnsMaxPosition,
 				dest:    new(uint64),
 			},
 			res: res{
@@ -180,11 +182,11 @@ func Test_prepareColumns(t *testing.T) {
 			res: res{
 				query: `SELECT created_at, event_type, "sequence", "position", payload, creator, "owner", instance_id, aggregate_type, aggregate_id, revision FROM eventstore.events2`,
 				expected: []eventstore.Event{
-					&repository.Event{AggregateID: "hodor", AggregateType: "user", Seq: 5, Pos: 42, Data: nil, Version: "v1"},
+					&repository.Event{AggregateID: "hodor", AggregateType: "user", Seq: 5, Pos: decimal.NewFromInt(42), Data: nil, Version: "v1"},
 				},
 			},
 			fields: fields{
-				dbRow: []interface{}{time.Time{}, eventstore.EventType(""), uint64(5), sql.NullFloat64{Float64: 42, Valid: true}, sql.RawBytes(nil), "", sql.NullString{}, "", eventstore.AggregateType("user"), "hodor", uint8(1)},
+				dbRow: []interface{}{time.Time{}, eventstore.EventType(""), uint64(5), decimal.NewNullDecimal(decimal.NewFromInt(42)), sql.RawBytes(nil), "", sql.NullString{}, "", eventstore.AggregateType("user"), "hodor", uint8(1)},
 			},
 		},
 		{
@@ -199,11 +201,11 @@ func Test_prepareColumns(t *testing.T) {
 			res: res{
 				query: `SELECT created_at, event_type, "sequence", "position", payload, creator, "owner", instance_id, aggregate_type, aggregate_id, revision FROM eventstore.events2`,
 				expected: []eventstore.Event{
-					&repository.Event{AggregateID: "hodor", AggregateType: "user", Seq: 5, Pos: 0, Data: nil, Version: "v1"},
+					&repository.Event{AggregateID: "hodor", AggregateType: "user", Seq: 5, Pos: decimal.Decimal{}, Data: nil, Version: "v1"},
 				},
 			},
 			fields: fields{
-				dbRow: []interface{}{time.Time{}, eventstore.EventType(""), uint64(5), sql.NullFloat64{Float64: 0, Valid: false}, sql.RawBytes(nil), "", sql.NullString{}, "", eventstore.AggregateType("user"), "hodor", uint8(1)},
+				dbRow: []interface{}{time.Time{}, eventstore.EventType(""), uint64(5), decimal.NullDecimal{}, sql.RawBytes(nil), "", sql.NullString{}, "", eventstore.AggregateType("user"), "hodor", uint8(1)},
 			},
 		},
 		{
@@ -901,7 +903,7 @@ func Test_query_events_mocked(t *testing.T) {
 					InstanceID("instanceID").
 					OrderDesc().
 					Limit(5).
-					PositionAfter(123.456).
+					PositionAtLeast(decimal.NewFromFloat(123.456)).
 					AddQuery().
 					AggregateTypes("notify").
 					EventTypes("notify.foo.bar").
@@ -914,8 +916,8 @@ func Test_query_events_mocked(t *testing.T) {
 			},
 			fields: fields{
 				mock: newMockClient(t).expectQuery(
-					regexp.QuoteMeta(`SELECT creation_date, event_type, event_sequence, event_data, editor_user, resource_owner, instance_id, aggregate_type, aggregate_id, aggregate_version FROM eventstore.events WHERE instance_id = $1 AND aggregate_type = $2 AND event_type = $3 AND "position" > $4 AND aggregate_id NOT IN (SELECT aggregate_id FROM eventstore.events WHERE aggregate_type = $5 AND event_type = ANY($6) AND instance_id = $7 AND "position" > $8) ORDER BY event_sequence DESC LIMIT $9`),
-					[]driver.Value{"instanceID", eventstore.AggregateType("notify"), eventstore.EventType("notify.foo.bar"), 123.456, eventstore.AggregateType("notify"), []eventstore.EventType{"notification.failed", "notification.success"}, "instanceID", 123.456, uint64(5)},
+					regexp.QuoteMeta(`SELECT creation_date, event_type, event_sequence, event_data, editor_user, resource_owner, instance_id, aggregate_type, aggregate_id, aggregate_version FROM eventstore.events WHERE instance_id = $1 AND aggregate_type = $2 AND event_type = $3 AND "position" >= $4 AND aggregate_id NOT IN (SELECT aggregate_id FROM eventstore.events WHERE aggregate_type = $5 AND event_type = ANY($6) AND instance_id = $7 AND "position" >= $8) ORDER BY event_sequence DESC LIMIT $9`),
+					[]driver.Value{"instanceID", eventstore.AggregateType("notify"), eventstore.EventType("notify.foo.bar"), decimal.NewFromFloat(123.456), eventstore.AggregateType("notify"), []eventstore.EventType{"notification.failed", "notification.success"}, "instanceID", decimal.NewFromFloat(123.456), uint64(5)},
 				),
 			},
 			res: res{
@@ -930,7 +932,7 @@ func Test_query_events_mocked(t *testing.T) {
 					InstanceID("instanceID").
 					OrderDesc().
 					Limit(5).
-					PositionAfter(123.456).
+					PositionAtLeast(decimal.NewFromFloat(123.456)).
 					AddQuery().
 					AggregateTypes("notify").
 					EventTypes("notify.foo.bar").
@@ -943,8 +945,8 @@ func Test_query_events_mocked(t *testing.T) {
 			},
 			fields: fields{
 				mock: newMockClient(t).expectQuery(
-					regexp.QuoteMeta(`SELECT created_at, event_type, "sequence", "position", payload, creator, "owner", instance_id, aggregate_type, aggregate_id, revision FROM eventstore.events2 WHERE instance_id = $1 AND aggregate_type = $2 AND event_type = $3 AND "position" > $4 AND aggregate_id NOT IN (SELECT aggregate_id FROM eventstore.events2 WHERE aggregate_type = $5 AND event_type = ANY($6) AND instance_id = $7 AND "position" > $8) ORDER BY "position" DESC, in_tx_order DESC LIMIT $9`),
-					[]driver.Value{"instanceID", eventstore.AggregateType("notify"), eventstore.EventType("notify.foo.bar"), 123.456, eventstore.AggregateType("notify"), []eventstore.EventType{"notification.failed", "notification.success"}, "instanceID", 123.456, uint64(5)},
+					regexp.QuoteMeta(`SELECT created_at, event_type, "sequence", "position", payload, creator, "owner", instance_id, aggregate_type, aggregate_id, revision FROM eventstore.events2 WHERE instance_id = $1 AND aggregate_type = $2 AND event_type = $3 AND "position" >= $4 AND aggregate_id NOT IN (SELECT aggregate_id FROM eventstore.events2 WHERE aggregate_type = $5 AND event_type = ANY($6) AND instance_id = $7 AND "position" >= $8) ORDER BY "position" DESC, in_tx_order DESC LIMIT $9`),
+					[]driver.Value{"instanceID", eventstore.AggregateType("notify"), eventstore.EventType("notify.foo.bar"), decimal.NewFromFloat(123.456), eventstore.AggregateType("notify"), []eventstore.EventType{"notification.failed", "notification.success"}, "instanceID", decimal.NewFromFloat(123.456), uint64(5)},
 				),
 			},
 			res: res{
@@ -988,6 +990,10 @@ func Test_query_events_mocked(t *testing.T) {
 				client.DB.DB = tt.fields.mock.client
 			}
 
+			if strings.HasPrefix(tt.name, "aggregate / event type, position and exclusion") {
+				t.Log("hodor")
+			}
+
 			err := query(context.Background(), client, tt.args.query, tt.args.dest, tt.args.useV1)
 			if (err != nil) != tt.res.wantErr {
 				t.Errorf("query() error = %v, wantErr %v", err, tt.res.wantErr)
diff --git a/internal/eventstore/search_query.go b/internal/eventstore/search_query.go
index 1596936a36..dc92f5a4de 100644
--- a/internal/eventstore/search_query.go
+++ b/internal/eventstore/search_query.go
@@ -5,6 +5,8 @@ import (
 	"database/sql"
 	"time"
 
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
@@ -25,7 +27,7 @@ type SearchQueryBuilder struct {
 	tx                    *sql.Tx
 	lockRows              bool
 	lockOption            LockOption
-	positionAfter         float64
+	positionAtLeast       decimal.Decimal
 	awaitOpenTransactions bool
 	creationDateAfter     time.Time
 	creationDateBefore    time.Time
@@ -76,8 +78,8 @@ func (b *SearchQueryBuilder) GetTx() *sql.Tx {
 	return b.tx
 }
 
-func (b SearchQueryBuilder) GetPositionAfter() float64 {
-	return b.positionAfter
+func (b SearchQueryBuilder) GetPositionAtLeast() decimal.Decimal {
+	return b.positionAtLeast
 }
 
 func (b SearchQueryBuilder) GetAwaitOpenTransactions() bool {
@@ -113,7 +115,7 @@ type SearchQuery struct {
 	aggregateIDs   []string
 	eventTypes     []EventType
 	eventData      map[string]interface{}
-	positionAfter  float64
+	positionAfter  decimal.Decimal
 }
 
 func (q SearchQuery) GetAggregateTypes() []AggregateType {
@@ -132,7 +134,7 @@ func (q SearchQuery) GetEventData() map[string]interface{} {
 	return q.eventData
 }
 
-func (q SearchQuery) GetPositionAfter() float64 {
+func (q SearchQuery) GetPositionAfter() decimal.Decimal {
 	return q.positionAfter
 }
 
@@ -156,8 +158,8 @@ type Columns int8
 const (
 	//ColumnsEvent represents all fields of an event
 	ColumnsEvent = iota + 1
-	// ColumnsMaxSequence represents the latest sequence of the filtered events
-	ColumnsMaxSequence
+	// ColumnsMaxPosition represents the latest sequence of the filtered events
+	ColumnsMaxPosition
 	// ColumnsInstanceIDs represents the instance ids of the filtered events
 	ColumnsInstanceIDs
 
@@ -284,9 +286,9 @@ func (builder *SearchQueryBuilder) EditorUser(id string) *SearchQueryBuilder {
 	return builder
 }
 
-// PositionAfter filters for events which happened after the specified time
-func (builder *SearchQueryBuilder) PositionAfter(position float64) *SearchQueryBuilder {
-	builder.positionAfter = position
+// PositionAtLeast filters for events which happened after the specified time
+func (builder *SearchQueryBuilder) PositionAtLeast(position decimal.Decimal) *SearchQueryBuilder {
+	builder.positionAtLeast = position
 	return builder
 }
 
@@ -393,7 +395,7 @@ func (query *SearchQuery) EventData(data map[string]interface{}) *SearchQuery {
 	return query
 }
 
-func (query *SearchQuery) PositionAfter(position float64) *SearchQuery {
+func (query *SearchQuery) PositionAfter(position decimal.Decimal) *SearchQuery {
 	query.positionAfter = position
 	return query
 }
diff --git a/internal/eventstore/search_query_test.go b/internal/eventstore/search_query_test.go
index b8f570dc0d..3325ee0c4b 100644
--- a/internal/eventstore/search_query_test.go
+++ b/internal/eventstore/search_query_test.go
@@ -106,10 +106,10 @@ func TestSearchQuerybuilderSetters(t *testing.T) {
 		{
 			name: "set columns",
 			args: args{
-				setters: []func(*SearchQueryBuilder) *SearchQueryBuilder{testSetColumns(ColumnsMaxSequence)},
+				setters: []func(*SearchQueryBuilder) *SearchQueryBuilder{testSetColumns(ColumnsMaxPosition)},
 			},
 			res: &SearchQueryBuilder{
-				columns: ColumnsMaxSequence,
+				columns: ColumnsMaxPosition,
 			},
 		},
 		{
diff --git a/internal/eventstore/v1/models/event.go b/internal/eventstore/v1/models/event.go
index 8c50d64da0..ab2b608872 100644
--- a/internal/eventstore/v1/models/event.go
+++ b/internal/eventstore/v1/models/event.go
@@ -5,6 +5,8 @@ import (
 	"reflect"
 	"time"
 
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
@@ -20,7 +22,7 @@ var _ eventstore.Event = (*Event)(nil)
 type Event struct {
 	ID               string
 	Seq              uint64
-	Pos              float64
+	Pos              decimal.Decimal
 	CreationDate     time.Time
 	Typ              eventstore.EventType
 	PreviousSequence uint64
@@ -80,7 +82,7 @@ func (e *Event) Sequence() uint64 {
 }
 
 // Position implements [eventstore.Event]
-func (e *Event) Position() float64 {
+func (e *Event) Position() decimal.Decimal {
 	return e.Pos
 }
 
diff --git a/internal/eventstore/v3/event.go b/internal/eventstore/v3/event.go
index 1141a9eacf..c9ea4d2c62 100644
--- a/internal/eventstore/v3/event.go
+++ b/internal/eventstore/v3/event.go
@@ -6,6 +6,7 @@ import (
 	"strconv"
 	"time"
 
+	"github.com/shopspring/decimal"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -42,7 +43,7 @@ type event struct {
 	command   *command
 	createdAt time.Time
 	sequence  uint64
-	position  float64
+	position  decimal.Decimal
 }
 
 // TODO: remove on v3
@@ -152,8 +153,8 @@ func (e *event) Sequence() uint64 {
 	return e.sequence
 }
 
-// Sequence implements [eventstore.Event]
-func (e *event) Position() float64 {
+// Position implements [eventstore.Event]
+func (e *event) Position() decimal.Decimal {
 	return e.position
 }
 
diff --git a/internal/notification/projections.go b/internal/notification/projections.go
index 9b6b975fa1..7fda08135c 100644
--- a/internal/notification/projections.go
+++ b/internal/notification/projections.go
@@ -71,6 +71,26 @@ func Start(ctx context.Context) {
 	}
 }
 
+func SetCurrentState(ctx context.Context, es *eventstore.Eventstore) error {
+	if len(projections) == 0 {
+		return nil
+	}
+	position, err := es.LatestPosition(ctx, eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxPosition).InstanceID(authz.GetInstance(ctx).InstanceID()).OrderDesc().Limit(1))
+	if err != nil {
+		return err
+	}
+
+	for i, projection := range projections {
+		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("set current state of notification projection")
+		_, err = projection.Trigger(ctx, handler.WithMinPosition(position))
+		if err != nil {
+			return err
+		}
+		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("current state of notification projection set")
+	}
+	return nil
+}
+
 func ProjectInstance(ctx context.Context) error {
 	for i, projection := range projections {
 		logging.WithFields("name", projection.ProjectionName(), "instance", authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("starting notification projection")
diff --git a/internal/query/access_token.go b/internal/query/access_token.go
index 0fc1bbb369..030ddda473 100644
--- a/internal/query/access_token.go
+++ b/internal/query/access_token.go
@@ -5,6 +5,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/shopspring/decimal"
 	"golang.org/x/text/language"
 
 	"github.com/zitadel/zitadel/internal/domain"
@@ -140,7 +141,7 @@ func (q *Queries) accessTokenByOIDCSessionAndTokenID(ctx context.Context, oidcSe
 
 // checkSessionNotTerminatedAfter checks if a [session.TerminateType] event (or user events leading to a session termination)
 // occurred after a certain time and will return an error if so.
-func (q *Queries) checkSessionNotTerminatedAfter(ctx context.Context, sessionID, userID string, position float64, fingerprintID string) (err error) {
+func (q *Queries) checkSessionNotTerminatedAfter(ctx context.Context, sessionID, userID string, position decimal.Decimal, fingerprintID string) (err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
@@ -165,7 +166,7 @@ func (q *Queries) checkSessionNotTerminatedAfter(ctx context.Context, sessionID,
 }
 
 type sessionTerminatedModel struct {
-	position      float64
+	position      decimal.Decimal
 	sessionID     string
 	userID        string
 	fingerPrintID string
diff --git a/internal/query/current_state.go b/internal/query/current_state.go
index 6fae52713f..d0a5b369bf 100644
--- a/internal/query/current_state.go
+++ b/internal/query/current_state.go
@@ -10,6 +10,7 @@ import (
 	"time"
 
 	sq "github.com/Masterminds/squirrel"
+	"github.com/shopspring/decimal"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -25,7 +26,7 @@ type Stateful interface {
 type State struct {
 	LastRun time.Time
 
-	Position       float64
+	Position       decimal.Decimal
 	EventCreatedAt time.Time
 	AggregateID    string
 	AggregateType  eventstore.AggregateType
@@ -220,7 +221,7 @@ func prepareLatestState() (sq.SelectBuilder, func(*sql.Row) (*State, error)) {
 			var (
 				creationDate sql.NullTime
 				lastUpdated  sql.NullTime
-				position     sql.NullFloat64
+				position     decimal.NullDecimal
 			)
 			err := row.Scan(
 				&creationDate,
@@ -233,7 +234,7 @@ func prepareLatestState() (sq.SelectBuilder, func(*sql.Row) (*State, error)) {
 			return &State{
 				EventCreatedAt: creationDate.Time,
 				LastRun:        lastUpdated.Time,
-				Position:       position.Float64,
+				Position:       position.Decimal,
 			}, nil
 		}
 }
@@ -258,7 +259,7 @@ func prepareCurrentStateQuery() (sq.SelectBuilder, func(*sql.Rows) (*CurrentStat
 				var (
 					lastRun         sql.NullTime
 					eventDate       sql.NullTime
-					currentPosition sql.NullFloat64
+					currentPosition decimal.NullDecimal
 					aggregateType   sql.NullString
 					aggregateID     sql.NullString
 					sequence        sql.NullInt64
@@ -279,7 +280,7 @@ func prepareCurrentStateQuery() (sq.SelectBuilder, func(*sql.Rows) (*CurrentStat
 				}
 				currentState.State.EventCreatedAt = eventDate.Time
 				currentState.State.LastRun = lastRun.Time
-				currentState.Position = currentPosition.Float64
+				currentState.Position = currentPosition.Decimal
 				currentState.AggregateType = eventstore.AggregateType(aggregateType.String)
 				currentState.AggregateID = aggregateID.String
 				currentState.Sequence = uint64(sequence.Int64)
diff --git a/internal/query/current_state_test.go b/internal/query/current_state_test.go
index c0895dc439..29761b8cb3 100644
--- a/internal/query/current_state_test.go
+++ b/internal/query/current_state_test.go
@@ -7,6 +7,8 @@ import (
 	"fmt"
 	"regexp"
 	"testing"
+
+	"github.com/shopspring/decimal"
 )
 
 var (
@@ -86,7 +88,7 @@ func Test_CurrentSequencesPrepares(t *testing.T) {
 						State: State{
 							EventCreatedAt: testNow,
 							LastRun:        testNow,
-							Position:       20211108,
+							Position:       decimal.NewFromInt(20211108),
 							AggregateID:    "agg-id",
 							AggregateType:  "agg-type",
 							Sequence:       20211108,
@@ -133,7 +135,7 @@ func Test_CurrentSequencesPrepares(t *testing.T) {
 						ProjectionName: "projection-name",
 						State: State{
 							EventCreatedAt: testNow,
-							Position:       20211108,
+							Position:       decimal.NewFromInt(20211108),
 							LastRun:        testNow,
 							AggregateID:    "agg-id",
 							AggregateType:  "agg-type",
@@ -144,7 +146,7 @@ func Test_CurrentSequencesPrepares(t *testing.T) {
 						ProjectionName: "projection-name2",
 						State: State{
 							EventCreatedAt: testNow,
-							Position:       20211108,
+							Position:       decimal.NewFromInt(20211108),
 							LastRun:        testNow,
 							AggregateID:    "agg-id",
 							AggregateType:  "agg-type",
diff --git a/internal/query/projection/projection.go b/internal/query/projection/projection.go
index 07953a27e8..77a28ac79a 100644
--- a/internal/query/projection/projection.go
+++ b/internal/query/projection/projection.go
@@ -2,8 +2,10 @@ package projection
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
+	"github.com/jackc/pgx/v5/pgconn"
 	"github.com/zitadel/logging"
 
 	internal_authz "github.com/zitadel/zitadel/internal/api/authz"
@@ -212,11 +214,19 @@ func Start(ctx context.Context) {
 func ProjectInstance(ctx context.Context) error {
 	for i, projection := range projections {
 		logging.WithFields("name", projection.ProjectionName(), "instance", internal_authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("starting projection")
-		_, err := projection.Trigger(ctx)
-		if err != nil {
-			return err
+		for {
+			_, err := projection.Trigger(ctx)
+			if err == nil {
+				break
+			}
+			var pgErr *pgconn.PgError
+			errors.As(err, &pgErr)
+			if pgErr.Code != database.PgUniqueConstraintErrorCode {
+				return err
+			}
+			logging.WithFields("name", projection.ProjectionName(), "instance", internal_authz.GetInstance(ctx).InstanceID()).WithError(err).Debug("projection failed because of unique constraint, retrying")
 		}
-		logging.WithFields("name", projection.ProjectionName(), "instance", internal_authz.GetInstance(ctx).InstanceID()).Info("projection done")
+		logging.WithFields("name", projection.ProjectionName(), "instance", internal_authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(projections))).Info("projection done")
 	}
 	return nil
 }
@@ -224,11 +234,19 @@ func ProjectInstance(ctx context.Context) error {
 func ProjectInstanceFields(ctx context.Context) error {
 	for i, fieldProjection := range fields {
 		logging.WithFields("name", fieldProjection.ProjectionName(), "instance", internal_authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(fields))).Info("starting fields projection")
-		err := fieldProjection.Trigger(ctx)
-		if err != nil {
-			return err
+		for {
+			err := fieldProjection.Trigger(ctx)
+			if err == nil {
+				break
+			}
+			var pgErr *pgconn.PgError
+			errors.As(err, &pgErr)
+			if pgErr.Code != database.PgUniqueConstraintErrorCode {
+				return err
+			}
+			logging.WithFields("name", fieldProjection.ProjectionName(), "instance", internal_authz.GetInstance(ctx).InstanceID()).WithError(err).Debug("fields projection failed because of unique constraint, retrying")
 		}
-		logging.WithFields("name", fieldProjection.ProjectionName(), "instance", internal_authz.GetInstance(ctx).InstanceID()).Info("fields projection done")
+		logging.WithFields("name", fieldProjection.ProjectionName(), "instance", internal_authz.GetInstance(ctx).InstanceID(), "index", fmt.Sprintf("%d/%d", i, len(fields))).Info("fields projection done")
 	}
 	return nil
 }
@@ -257,6 +275,10 @@ func applyCustomConfig(config handler.Config, customConfig CustomConfig) handler
 	return config
 }
 
+// we know this is ugly, but we need to have a singleton slice of all projections
+// and are only able to initialize it after all projections are created
+// as setup and start currently create them individually, we make sure we get the right one
+// will be refactored when changing to new id based projections
 func newFieldsList() {
 	fields = []*handler.FieldHandler{
 		ProjectGrantFields,
diff --git a/internal/query/user_grant.go b/internal/query/user_grant.go
index c3f24c066e..ebd4ab7c0c 100644
--- a/internal/query/user_grant.go
+++ b/internal/query/user_grant.go
@@ -280,7 +280,7 @@ func (q *Queries) UserGrants(ctx context.Context, queries *UserGrantsQueries, sh
 		return nil, zerrors.ThrowInternal(err, "QUERY-wXnQR", "Errors.Query.SQLStatement")
 	}
 
-	latestSequence, err := q.latestState(ctx, userGrantTable)
+	latestState, err := q.latestState(ctx, userGrantTable)
 	if err != nil {
 		return nil, err
 	}
@@ -293,7 +293,7 @@ func (q *Queries) UserGrants(ctx context.Context, queries *UserGrantsQueries, sh
 		return nil, err
 	}
 
-	grants.State = latestSequence
+	grants.State = latestState
 	return grants, nil
 }
 
diff --git a/internal/query/user_membership.go b/internal/query/user_membership.go
index cae2b4dae3..cb7588624f 100644
--- a/internal/query/user_membership.go
+++ b/internal/query/user_membership.go
@@ -143,7 +143,7 @@ func (q *Queries) Memberships(ctx context.Context, queries *MembershipSearchQuer
 	if err != nil {
 		return nil, zerrors.ThrowInvalidArgument(err, "QUERY-T84X9", "Errors.Query.InvalidRequest")
 	}
-	latestSequence, err := q.latestState(ctx, orgMemberTable, instanceMemberTable, projectMemberTable, projectGrantMemberTable)
+	latestState, err := q.latestState(ctx, orgMemberTable, instanceMemberTable, projectMemberTable, projectGrantMemberTable)
 	if err != nil {
 		return nil, err
 	}
@@ -156,7 +156,7 @@ func (q *Queries) Memberships(ctx context.Context, queries *MembershipSearchQuer
 	if err != nil {
 		return nil, err
 	}
-	memberships.State = latestSequence
+	memberships.State = latestState
 	return memberships, nil
 }
 
diff --git a/internal/v2/database/number_filter.go b/internal/v2/database/number_filter.go
index ce263ceeee..4853806457 100644
--- a/internal/v2/database/number_filter.go
+++ b/internal/v2/database/number_filter.go
@@ -3,6 +3,7 @@ package database
 import (
 	"time"
 
+	"github.com/shopspring/decimal"
 	"github.com/zitadel/logging"
 	"golang.org/x/exp/constraints"
 )
@@ -94,7 +95,7 @@ func (c numberCompare) String() string {
 }
 
 type number interface {
-	constraints.Integer | constraints.Float | time.Time
+	constraints.Integer | constraints.Float | time.Time | decimal.Decimal
 	// TODO: condition must know if it's args are named parameters or not
 	// constraints.Integer | constraints.Float | time.Time | placeholder
 }
diff --git a/internal/v2/eventstore/event_store.go b/internal/v2/eventstore/event_store.go
index cc447c5e15..e89786c657 100644
--- a/internal/v2/eventstore/event_store.go
+++ b/internal/v2/eventstore/event_store.go
@@ -2,6 +2,8 @@ package eventstore
 
 import (
 	"context"
+
+	"github.com/shopspring/decimal"
 )
 
 func NewEventstore(querier Querier, pusher Pusher) *EventStore {
@@ -30,12 +32,12 @@ type healthier interface {
 }
 
 type GlobalPosition struct {
-	Position        float64
+	Position        decimal.Decimal
 	InPositionOrder uint32
 }
 
 func (gp GlobalPosition) IsLess(other GlobalPosition) bool {
-	return gp.Position < other.Position || (gp.Position == other.Position && gp.InPositionOrder < other.InPositionOrder)
+	return gp.Position.LessThan(other.Position) || (gp.Position.Equal(other.Position) && gp.InPositionOrder < other.InPositionOrder)
 }
 
 type Reducer interface {
diff --git a/internal/v2/eventstore/postgres/push_test.go b/internal/v2/eventstore/postgres/push_test.go
index bb3254427c..afd5fe8b8e 100644
--- a/internal/v2/eventstore/postgres/push_test.go
+++ b/internal/v2/eventstore/postgres/push_test.go
@@ -8,6 +8,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/v2/database/mock"
 	"github.com/zitadel/zitadel/internal/v2/eventstore"
 	"github.com/zitadel/zitadel/internal/zerrors"
@@ -818,7 +820,7 @@ func Test_push(t *testing.T) {
 							[][]driver.Value{
 								{
 									time.Now(),
-									float64(123),
+									decimal.NewFromFloat(123).String(),
 								},
 							},
 						),
@@ -899,11 +901,11 @@ func Test_push(t *testing.T) {
 							[][]driver.Value{
 								{
 									time.Now(),
-									float64(123),
+									decimal.NewFromFloat(123).String(),
 								},
 								{
 									time.Now(),
-									float64(123.1),
+									decimal.NewFromFloat(123.1).String(),
 								},
 							},
 						),
@@ -984,11 +986,11 @@ func Test_push(t *testing.T) {
 							[][]driver.Value{
 								{
 									time.Now(),
-									float64(123),
+									decimal.NewFromFloat(123).String(),
 								},
 								{
 									time.Now(),
-									float64(123.1),
+									decimal.NewFromFloat(123.1).String(),
 								},
 							},
 						),
@@ -1044,7 +1046,7 @@ func Test_push(t *testing.T) {
 							[][]driver.Value{
 								{
 									time.Now(),
-									float64(123),
+									decimal.NewFromFloat(123).String(),
 								},
 							},
 						),
@@ -1099,7 +1101,7 @@ func Test_push(t *testing.T) {
 							[][]driver.Value{
 								{
 									time.Now(),
-									float64(123),
+									decimal.NewFromFloat(123).String(),
 								},
 							},
 						),
@@ -1181,11 +1183,11 @@ func Test_push(t *testing.T) {
 							[][]driver.Value{
 								{
 									time.Now(),
-									float64(123),
+									decimal.NewFromFloat(123).String(),
 								},
 								{
 									time.Now(),
-									float64(123.1),
+									decimal.NewFromFloat(123.1).String(),
 								},
 							},
 						),
@@ -1272,11 +1274,11 @@ func Test_push(t *testing.T) {
 							[][]driver.Value{
 								{
 									time.Now(),
-									float64(123),
+									decimal.NewFromFloat(123).String(),
 								},
 								{
 									time.Now(),
-									float64(123.1),
+									decimal.NewFromFloat(123.1).String(),
 								},
 							},
 						),
diff --git a/internal/v2/eventstore/postgres/query_test.go b/internal/v2/eventstore/postgres/query_test.go
index 56f506ac50..34b73bd820 100644
--- a/internal/v2/eventstore/postgres/query_test.go
+++ b/internal/v2/eventstore/postgres/query_test.go
@@ -8,6 +8,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/v2/database"
 	"github.com/zitadel/zitadel/internal/v2/database/mock"
 	"github.com/zitadel/zitadel/internal/v2/eventstore"
@@ -541,13 +543,13 @@ func Test_writeFilter(t *testing.T) {
 			args: args{
 				filter: eventstore.NewFilter(
 					eventstore.FilterPagination(
-						eventstore.PositionGreater(123.4, 0),
+						eventstore.PositionGreater(decimal.NewFromFloat(123.4), 0),
 					),
 				),
 			},
 			want: wantQuery{
 				query: " WHERE instance_id = $1 AND position > $2 ORDER BY position, in_tx_order",
-				args:  []any{"i1", 123.4},
+				args:  []any{"i1", decimal.NewFromFloat(123.4)},
 			},
 		},
 		{
@@ -555,18 +557,18 @@ func Test_writeFilter(t *testing.T) {
 			args: args{
 				filter: eventstore.NewFilter(
 					eventstore.FilterPagination(
-						// 	eventstore.PositionGreater(123.4, 0),
+						// 	eventstore.PositionGreater(decimal.NewFromFloat(123.4), 0),
 						// 	eventstore.PositionLess(125.4, 10),
 						eventstore.PositionBetween(
-							&eventstore.GlobalPosition{Position: 123.4},
-							&eventstore.GlobalPosition{Position: 125.4, InPositionOrder: 10},
+							&eventstore.GlobalPosition{Position: decimal.NewFromFloat(123.4)},
+							&eventstore.GlobalPosition{Position: decimal.NewFromFloat(125.4), InPositionOrder: 10},
 						),
 					),
 				),
 			},
 			want: wantQuery{
 				query: " WHERE instance_id = $1 AND ((position = $2 AND in_tx_order < $3) OR position < $4) AND position > $5 ORDER BY position, in_tx_order",
-				args:  []any{"i1", 125.4, uint32(10), 125.4, 123.4},
+				args:  []any{"i1", decimal.NewFromFloat(125.4), uint32(10), decimal.NewFromFloat(125.4), decimal.NewFromFloat(123.4)},
 				// TODO: (adlerhurst) would require some refactoring to reuse existing args
 				// query: " WHERE instance_id = $1 AND position > $2 AND ((position = $3 AND in_tx_order < $4) OR position < $3) ORDER BY position, in_tx_order",
 				// args:  []any{"i1", 123.4, 125.4, uint32(10)},
@@ -577,13 +579,13 @@ func Test_writeFilter(t *testing.T) {
 			args: args{
 				filter: eventstore.NewFilter(
 					eventstore.FilterPagination(
-						eventstore.PositionGreater(123.4, 12),
+						eventstore.PositionGreater(decimal.NewFromFloat(123.4), 12),
 					),
 				),
 			},
 			want: wantQuery{
 				query: " WHERE instance_id = $1 AND ((position = $2 AND in_tx_order > $3) OR position > $4) ORDER BY position, in_tx_order",
-				args:  []any{"i1", 123.4, uint32(12), 123.4},
+				args:  []any{"i1", decimal.NewFromFloat(123.4), uint32(12), decimal.NewFromFloat(123.4)},
 			},
 		},
 		{
@@ -593,13 +595,13 @@ func Test_writeFilter(t *testing.T) {
 					eventstore.FilterPagination(
 						eventstore.Limit(10),
 						eventstore.Offset(3),
-						eventstore.PositionGreater(123.4, 12),
+						eventstore.PositionGreater(decimal.NewFromFloat(123.4), 12),
 					),
 				),
 			},
 			want: wantQuery{
 				query: " WHERE instance_id = $1 AND ((position = $2 AND in_tx_order > $3) OR position > $4) ORDER BY position, in_tx_order LIMIT $5 OFFSET $6",
-				args:  []any{"i1", 123.4, uint32(12), 123.4, uint32(10), uint32(3)},
+				args:  []any{"i1", decimal.NewFromFloat(123.4), uint32(12), decimal.NewFromFloat(123.4), uint32(10), uint32(3)},
 			},
 		},
 		{
@@ -609,14 +611,14 @@ func Test_writeFilter(t *testing.T) {
 					eventstore.FilterPagination(
 						eventstore.Limit(10),
 						eventstore.Offset(3),
-						eventstore.PositionGreater(123.4, 12),
+						eventstore.PositionGreater(decimal.NewFromFloat(123.4), 12),
 					),
 					eventstore.AppendAggregateFilter("user"),
 				),
 			},
 			want: wantQuery{
 				query: " WHERE instance_id = $1 AND aggregate_type = $2 AND ((position = $3 AND in_tx_order > $4) OR position > $5) ORDER BY position, in_tx_order LIMIT $6 OFFSET $7",
-				args:  []any{"i1", "user", 123.4, uint32(12), 123.4, uint32(10), uint32(3)},
+				args:  []any{"i1", "user", decimal.NewFromFloat(123.4), uint32(12), decimal.NewFromFloat(123.4), uint32(10), uint32(3)},
 			},
 		},
 		{
@@ -626,7 +628,7 @@ func Test_writeFilter(t *testing.T) {
 					eventstore.FilterPagination(
 						eventstore.Limit(10),
 						eventstore.Offset(3),
-						eventstore.PositionGreater(123.4, 12),
+						eventstore.PositionGreater(decimal.NewFromFloat(123.4), 12),
 					),
 					eventstore.AppendAggregateFilter("user"),
 					eventstore.AppendAggregateFilter(
@@ -637,7 +639,7 @@ func Test_writeFilter(t *testing.T) {
 			},
 			want: wantQuery{
 				query: " WHERE instance_id = $1 AND (aggregate_type = $2 OR (aggregate_type = $3 AND aggregate_id = $4)) AND ((position = $5 AND in_tx_order > $6) OR position > $7) ORDER BY position, in_tx_order LIMIT $8 OFFSET $9",
-				args:  []any{"i1", "user", "org", "o1", 123.4, uint32(12), 123.4, uint32(10), uint32(3)},
+				args:  []any{"i1", "user", "org", "o1", decimal.NewFromFloat(123.4), uint32(12), decimal.NewFromFloat(123.4), uint32(10), uint32(3)},
 			},
 		},
 	}
@@ -956,7 +958,7 @@ func Test_writeQueryUse_examples(t *testing.T) {
 							),
 							eventstore.FilterPagination(
 								// used because we need to check for first login and an app which is not console
-								eventstore.PositionGreater(12, 4),
+								eventstore.PositionGreater(decimal.NewFromInt(12), 4),
 							),
 						),
 						eventstore.NewFilter(
@@ -1065,9 +1067,9 @@ func Test_writeQueryUse_examples(t *testing.T) {
 					"instance",
 					"user",
 					"user.token.added",
-					float64(12),
+					decimal.NewFromInt(12),
 					uint32(4),
-					float64(12),
+					decimal.NewFromInt(12),
 					"instance",
 					"instance",
 					[]string{"instance.idp.config.added", "instance.idp.oauth.added", "instance.idp.oidc.added", "instance.idp.jwt.added", "instance.idp.azure.added", "instance.idp.github.added", "instance.idp.github.enterprise.added", "instance.idp.gitlab.added", "instance.idp.gitlab.selfhosted.added", "instance.idp.google.added", "instance.idp.ldap.added", "instance.idp.config.apple.added", "instance.idp.saml.added"},
@@ -1201,7 +1203,7 @@ func Test_executeQuery(t *testing.T) {
 						time.Now(),
 						"event.type",
 						uint32(23),
-						float64(123),
+						decimal.NewFromInt(123).String(),
 						uint32(0),
 						nil,
 						"gigi",
@@ -1235,7 +1237,7 @@ func Test_executeQuery(t *testing.T) {
 						time.Now(),
 						"event.type",
 						uint32(23),
-						float64(123),
+						decimal.NewFromInt(123).String(),
 						uint32(0),
 						[]byte(`{"name": "gigi"}`),
 						"gigi",
@@ -1269,7 +1271,7 @@ func Test_executeQuery(t *testing.T) {
 						time.Now(),
 						"event.type",
 						uint32(23),
-						float64(123),
+						decimal.NewFromInt(123).String(),
 						uint32(0),
 						nil,
 						"gigi",
@@ -1283,7 +1285,7 @@ func Test_executeQuery(t *testing.T) {
 						time.Now(),
 						"event.type",
 						uint32(24),
-						float64(124),
+						decimal.NewFromInt(124).String(),
 						uint32(0),
 						[]byte(`{"name": "gigi"}`),
 						"gigi",
@@ -1317,7 +1319,7 @@ func Test_executeQuery(t *testing.T) {
 						time.Now(),
 						"event.type",
 						uint32(23),
-						float64(123),
+						decimal.NewFromInt(123).String(),
 						uint32(0),
 						nil,
 						"gigi",
@@ -1331,7 +1333,7 @@ func Test_executeQuery(t *testing.T) {
 						time.Now(),
 						"event.type",
 						uint32(24),
-						float64(124),
+						decimal.NewFromInt(124).String(),
 						uint32(0),
 						[]byte(`{"name": "gigi"}`),
 						"gigi",
diff --git a/internal/v2/eventstore/query.go b/internal/v2/eventstore/query.go
index c9b3cecd37..f7a30a2139 100644
--- a/internal/v2/eventstore/query.go
+++ b/internal/v2/eventstore/query.go
@@ -7,6 +7,8 @@ import (
 	"slices"
 	"time"
 
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/v2/database"
 )
 
@@ -723,7 +725,7 @@ func (pc *PositionCondition) Min() *GlobalPosition {
 // PositionGreater prepares the condition as follows
 // if inPositionOrder is set: position = AND in_tx_order > OR or position >
 // if inPositionOrder is NOT set: position >
-func PositionGreater(position float64, inPositionOrder uint32) paginationOpt {
+func PositionGreater(position decimal.Decimal, inPositionOrder uint32) paginationOpt {
 	return func(p *Pagination) {
 		p.ensurePosition()
 		p.position.min = &GlobalPosition{
@@ -743,7 +745,7 @@ func GlobalPositionGreater(position *GlobalPosition) paginationOpt {
 // PositionLess prepares the condition as follows
 // if inPositionOrder is set: position = AND in_tx_order > OR or position >
 // if inPositionOrder is NOT set: position >
-func PositionLess(position float64, inPositionOrder uint32) paginationOpt {
+func PositionLess(position decimal.Decimal, inPositionOrder uint32) paginationOpt {
 	return func(p *Pagination) {
 		p.ensurePosition()
 		p.position.max = &GlobalPosition{
diff --git a/internal/v2/eventstore/query_test.go b/internal/v2/eventstore/query_test.go
index 00c08914c1..0f313e9560 100644
--- a/internal/v2/eventstore/query_test.go
+++ b/internal/v2/eventstore/query_test.go
@@ -6,6 +6,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/v2/database"
 )
 
@@ -74,13 +76,13 @@ func TestPaginationOpt(t *testing.T) {
 			name: "global position greater",
 			args: args{
 				opts: []paginationOpt{
-					GlobalPositionGreater(&GlobalPosition{Position: 10}),
+					GlobalPositionGreater(&GlobalPosition{Position: decimal.NewFromInt(10)}),
 				},
 			},
 			want: &Pagination{
 				position: &PositionCondition{
 					min: &GlobalPosition{
-						Position:        10,
+						Position:        decimal.NewFromInt(10),
 						InPositionOrder: 0,
 					},
 				},
@@ -90,13 +92,13 @@ func TestPaginationOpt(t *testing.T) {
 			name: "position greater",
 			args: args{
 				opts: []paginationOpt{
-					PositionGreater(10, 0),
+					PositionGreater(decimal.NewFromInt(10), 0),
 				},
 			},
 			want: &Pagination{
 				position: &PositionCondition{
 					min: &GlobalPosition{
-						Position:        10,
+						Position:        decimal.NewFromInt(10),
 						InPositionOrder: 0,
 					},
 				},
@@ -107,13 +109,13 @@ func TestPaginationOpt(t *testing.T) {
 			name: "position less",
 			args: args{
 				opts: []paginationOpt{
-					PositionLess(10, 12),
+					PositionLess(decimal.NewFromInt(10), 12),
 				},
 			},
 			want: &Pagination{
 				position: &PositionCondition{
 					max: &GlobalPosition{
-						Position:        10,
+						Position:        decimal.NewFromInt(10),
 						InPositionOrder: 12,
 					},
 				},
@@ -123,13 +125,13 @@ func TestPaginationOpt(t *testing.T) {
 			name: "global position less",
 			args: args{
 				opts: []paginationOpt{
-					GlobalPositionLess(&GlobalPosition{Position: 12, InPositionOrder: 24}),
+					GlobalPositionLess(&GlobalPosition{Position: decimal.NewFromInt(12), InPositionOrder: 24}),
 				},
 			},
 			want: &Pagination{
 				position: &PositionCondition{
 					max: &GlobalPosition{
-						Position:        12,
+						Position:        decimal.NewFromInt(12),
 						InPositionOrder: 24,
 					},
 				},
@@ -140,19 +142,19 @@ func TestPaginationOpt(t *testing.T) {
 			args: args{
 				opts: []paginationOpt{
 					PositionBetween(
-						&GlobalPosition{10, 12},
-						&GlobalPosition{20, 0},
+						&GlobalPosition{decimal.NewFromInt(10), 12},
+						&GlobalPosition{decimal.NewFromInt(20), 0},
 					),
 				},
 			},
 			want: &Pagination{
 				position: &PositionCondition{
 					min: &GlobalPosition{
-						Position:        10,
+						Position:        decimal.NewFromInt(10),
 						InPositionOrder: 12,
 					},
 					max: &GlobalPosition{
-						Position:        20,
+						Position:        decimal.NewFromInt(20),
 						InPositionOrder: 0,
 					},
 				},
diff --git a/internal/v2/readmodel/last_successful_mirror.go b/internal/v2/readmodel/last_successful_mirror.go
index 80b436b896..ca7815b2a8 100644
--- a/internal/v2/readmodel/last_successful_mirror.go
+++ b/internal/v2/readmodel/last_successful_mirror.go
@@ -1,6 +1,8 @@
 package readmodel
 
 import (
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/v2/eventstore"
 	"github.com/zitadel/zitadel/internal/v2/system"
 	"github.com/zitadel/zitadel/internal/v2/system/mirror"
@@ -8,7 +10,7 @@ import (
 
 type LastSuccessfulMirror struct {
 	ID       string
-	Position float64
+	Position decimal.Decimal
 	source   string
 }
 
@@ -34,6 +36,7 @@ func (p *LastSuccessfulMirror) Filter() *eventstore.Filter {
 		),
 		eventstore.FilterPagination(
 			eventstore.Descending(),
+			eventstore.Limit(1),
 		),
 	)
 }
@@ -53,7 +56,7 @@ func (h *LastSuccessfulMirror) Reduce(events ...*eventstore.StorageEvent) (err e
 
 func (h *LastSuccessfulMirror) reduceSucceeded(event *eventstore.StorageEvent) error {
 	// if position is set we skip all older events
-	if h.Position > 0 {
+	if h.Position.GreaterThan(decimal.NewFromInt(0)) {
 		return nil
 
 	}
diff --git a/internal/v2/system/mirror/succeeded.go b/internal/v2/system/mirror/succeeded.go
index 6d0fba2c25..34d74f184f 100644
--- a/internal/v2/system/mirror/succeeded.go
+++ b/internal/v2/system/mirror/succeeded.go
@@ -1,6 +1,8 @@
 package mirror
 
 import (
+	"github.com/shopspring/decimal"
+
 	"github.com/zitadel/zitadel/internal/v2/eventstore"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
@@ -9,7 +11,7 @@ type succeededPayload struct {
 	// Source is the name of the database data are mirrored from
 	Source string `json:"source"`
 	// Position until data will be mirrored
-	Position float64 `json:"position"`
+	Position decimal.Decimal `json:"position"`
 }
 
 const SucceededType = eventTypePrefix + "succeeded"
@@ -38,7 +40,7 @@ func SucceededEventFromStorage(event *eventstore.StorageEvent) (e *SucceededEven
 	}, nil
 }
 
-func NewSucceededCommand(source string, position float64) *eventstore.Command {
+func NewSucceededCommand(source string, position decimal.Decimal) *eventstore.Command {
 	return &eventstore.Command{
 		Action: eventstore.Action[any]{
 			Creator:  Creator,

From 5e87fafadf1ecafdefc934e45eaa94055773fbb2 Mon Sep 17 00:00:00 2001
From: Maximilian <mpa@zitadel.com>
Date: Thu, 29 May 2025 20:23:43 +0200
Subject: [PATCH 072/123] docs: fix broken link (#9988)

<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->

# Which Problems Are Solved

Broken links on the default settings page.

# How the Problems Are Solved

Fixed the reference

# Additional Changes


# Additional Context
---
 docs/docs/guides/manage/console/default-settings.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs/guides/manage/console/default-settings.mdx b/docs/docs/guides/manage/console/default-settings.mdx
index e8e36956a1..f255d15d93 100644
--- a/docs/docs/guides/manage/console/default-settings.mdx
+++ b/docs/docs/guides/manage/console/default-settings.mdx
@@ -17,7 +17,7 @@ When you configure your default settings, you can set the following:
 
 - **Organizations**: A list of your organizations
 - [**Features**](#features): Feature Settings let you try out new features before they become generally available. You can also disable features you are not interested in.
-- [**Notification settings**](#notification-providers-and-smtp): Setup Notification and Email Server settings for initialization-, verification- and other mails. Setup Twilio as SMS notification provider.
+- [**Notification settings**](#notification-settings): Setup Notification and Email Server settings for initialization-, verification- and other mails. Setup Twilio as SMS notification provider.
 - [**Login Behavior and Access**](#login-behavior-and-access): Multifactor Authentication Options and Enforcement, Define whether Passwordless authentication methods are allowed or not, Set Login Lifetimes and advanced behavour for the login interface.
 - [**Identity Providers**](#identity-providers): Define IDPs which are available for all organizations
 - [**Password Complexity**](#password-complexity): Requirements for Passwords ex. Symbols, Numbers, min length and more.

From 93a92446bfa7e7a8b38aa32125e1020ae08c64f1 Mon Sep 17 00:00:00 2001
From: Florian Forster <florian@zitadel.com>
Date: Fri, 30 May 2025 01:15:28 -0700
Subject: [PATCH 073/123] chore: update docusaurus to 3.8.0 (#9974)

> [!IMPORTANT]
> We need to change the ENV `VERCEL_FORCE_NO_BUILD_CACHE` to `0` which
is currently `1` to enable the cache on all deployments

This pull request includes several updates to the documentation and
benchmarking components, focusing on improving performance, error
handling, and compatibility with newer versions of Docusaurus. The key
changes include the removal of outdated configurations, updates to
dependencies, and enhancements to the `BenchmarkChart` component for
better error handling and data validation.

### Documentation and Configuration Updates:

* **Removed outdated Babel and Webpack configurations**: The
`babel.config.js` file was deleted, and the Webpack configuration was
removed from `docusaurus.config.js` to align with the latest Docusaurus
setup.
[[1]](diffhunk://#diff-2ed4f5b03d34a87ef641e9e36af4a98a1c0ddaf74d07ce93665957be69b7b09aL1-L4)
[[2]](diffhunk://#diff-28742c737e523f302e6de471b7fc27284dc8cf720be639e6afe4c17a550cd654L204-L225)
* **Added experimental features in Docusaurus**: Introduced a `future`
section in `docusaurus.config.js` to enable experimental features like
`swcJsLoader`, `rspackBundler`, and `lightningCssMinimizer`, while
disabling problematic settings due to known issues.

### Dependency Updates:

* **Upgraded Docusaurus and related packages**: Updated dependencies in
`package.json` to use Docusaurus version `^3.8.0` and newer versions of
associated plugins and themes for improved performance and
compatibility.
[[1]](diffhunk://#diff-adfa337ce44dc2902621da20152a048dac41878cf3716dfc4cc56d03aa212a56L25-R39)
[[2]](diffhunk://#diff-adfa337ce44dc2902621da20152a048dac41878cf3716dfc4cc56d03aa212a56L66-R67)

### Component Enhancements:

* **Improved `BenchmarkChart` error handling**: Refactored the
`BenchmarkChart` component to validate input data, handle errors
gracefully, and provide meaningful fallback messages when data is
missing or invalid.
[[1]](diffhunk://#diff-ce9fccf51f6b863dd58a39f361a9cf980b10357bccc7381f928788483b30cb0eL4-R21)
[[2]](diffhunk://#diff-ce9fccf51f6b863dd58a39f361a9cf980b10357bccc7381f928788483b30cb0eR72-R76)
* **Fixed edge cases in chart rendering**: Addressed issues like invalid
timestamps, undefined `p99` values, and empty data sets to ensure robust
chart generation.
[[1]](diffhunk://#diff-ce9fccf51f6b863dd58a39f361a9cf980b10357bccc7381f928788483b30cb0eL19-L29)
[[2]](diffhunk://#diff-ce9fccf51f6b863dd58a39f361a9cf980b10357bccc7381f928788483b30cb0eL38-R61)

### Documentation Benchmark Updates:

* **Simplified imports in benchmark files**: Replaced the use of
`raw-loader` with direct imports for benchmark data in multiple `.mdx`
files to streamline the documentation setup.
[[1]](diffhunk://#diff-a9710709396e5ff6756aedf89dfcbd62aeea15368ba33bf3932ebf33046a29e8L66-R66)
[[2]](diffhunk://#diff-0a9b6103c97c58792450bfd2d337bbb8a6b72df2ae326cc56ebc96e01c0acd6bL35-R35)
[[3]](diffhunk://#diff-38f45388e065c57f1282a43bb319354da3c218e96d95ca20f4d11709f48491b8L36-R36)
[[4]](diffhunk://#diff-b8e792ebe42fcb16a493e35d23b58a91c2117d949953487e70f379c64e5cb7c0L36-R36)
[[5]](diffhunk://#diff-3778acfa893504004008b162fa95f21f1c7c40dcf1868bbbaaa504ac5d51901aL38-R38)
---
 docs/babel.config.js                          |    4 -
 docs/docs/apis/benchmarks/_template.mdx       |    2 +-
 .../machine_jwt_profile_grant/index.mdx       |    2 +-
 .../machine_jwt_profile_grant/index.mdx       |    2 +-
 .../machine_jwt_profile_grant/index.mdx       |    2 +-
 .../benchmarks/v2.70.0/oidc_session/index.mdx |    2 +-
 docs/docusaurus.config.js                     |   35 +-
 docs/package.json                             |   30 +-
 docs/src/components/benchmark_chart.jsx       |   32 +-
 docs/yarn.lock                                | 5297 ++++++++++++-----
 10 files changed, 3794 insertions(+), 1614 deletions(-)
 delete mode 100644 docs/babel.config.js

diff --git a/docs/babel.config.js b/docs/babel.config.js
deleted file mode 100644
index 279a0ff91c..0000000000
--- a/docs/babel.config.js
+++ /dev/null
@@ -1,4 +0,0 @@
-module.exports = {
-  presets: [require.resolve("@docusaurus/core/lib/babel/preset")],
-  compact: auto
-};
diff --git a/docs/docs/apis/benchmarks/_template.mdx b/docs/docs/apis/benchmarks/_template.mdx
index f015d20768..578ebcd842 100644
--- a/docs/docs/apis/benchmarks/_template.mdx
+++ b/docs/docs/apis/benchmarks/_template.mdx
@@ -63,7 +63,7 @@ TODO: describe the outcome of the test?
 
 ## Endpoint latencies
 
-import OutputSource from "!!raw-loader!./output.json";
+import OutputSource from "./output.json";
 
 import { BenchmarkChart } from '/src/components/benchmark_chart';
 
diff --git a/docs/docs/apis/benchmarks/v2.65.0/machine_jwt_profile_grant/index.mdx b/docs/docs/apis/benchmarks/v2.65.0/machine_jwt_profile_grant/index.mdx
index 4c2809feb4..a8c10780ad 100644
--- a/docs/docs/apis/benchmarks/v2.65.0/machine_jwt_profile_grant/index.mdx
+++ b/docs/docs/apis/benchmarks/v2.65.0/machine_jwt_profile_grant/index.mdx
@@ -32,7 +32,7 @@ Tests are halted after this test run because of too many [client read events](ht
 
 ## /token endpoint latencies
 
-import OutputSource from "!!raw-loader!./output.json";
+import OutputSource from "./output.json";
 
 import { BenchmarkChart } from '/src/components/benchmark_chart';
 
diff --git a/docs/docs/apis/benchmarks/v2.66.0/machine_jwt_profile_grant/index.mdx b/docs/docs/apis/benchmarks/v2.66.0/machine_jwt_profile_grant/index.mdx
index 881e7a38ee..6ab40eb4d4 100644
--- a/docs/docs/apis/benchmarks/v2.66.0/machine_jwt_profile_grant/index.mdx
+++ b/docs/docs/apis/benchmarks/v2.66.0/machine_jwt_profile_grant/index.mdx
@@ -33,7 +33,7 @@ The tests showed heavy database load by time by the first two database queries.
 
 ## Endpoint latencies
 
-import OutputSource from "!!raw-loader!./output.json";
+import OutputSource from "./output.json";
 
 import { BenchmarkChart } from '/src/components/benchmark_chart';
 
diff --git a/docs/docs/apis/benchmarks/v2.70.0/machine_jwt_profile_grant/index.mdx b/docs/docs/apis/benchmarks/v2.70.0/machine_jwt_profile_grant/index.mdx
index fa8c84bc7e..d4fd2708a8 100644
--- a/docs/docs/apis/benchmarks/v2.70.0/machine_jwt_profile_grant/index.mdx
+++ b/docs/docs/apis/benchmarks/v2.70.0/machine_jwt_profile_grant/index.mdx
@@ -33,7 +33,7 @@ The performance goals of [this issue](https://github.com/zitadel/zitadel/issues/
 
 ## Endpoint latencies
 
-import OutputSource from "!!raw-loader!./output.json";
+import OutputSource from "./output.json";
 
 import { BenchmarkChart } from '/src/components/benchmark_chart';
 
diff --git a/docs/docs/apis/benchmarks/v2.70.0/oidc_session/index.mdx b/docs/docs/apis/benchmarks/v2.70.0/oidc_session/index.mdx
index 4615413d2b..94fd83f119 100644
--- a/docs/docs/apis/benchmarks/v2.70.0/oidc_session/index.mdx
+++ b/docs/docs/apis/benchmarks/v2.70.0/oidc_session/index.mdx
@@ -35,7 +35,7 @@ The tests showed that querying the user takes too much time because Zitadel ensu
 
 ## Endpoint latencies
 
-import OutputSource from "!!raw-loader!./output.json";
+import OutputSource from "./output.json";
 
 import { BenchmarkChart } from '/src/components/benchmark_chart';
 
diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
index 22df468475..c161d38d9f 100644
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -201,28 +201,6 @@ module.exports = {
       runmeLinkLabel: 'Checkout via Runme'
     },
   },
-  webpack: {
-    jsLoader: (isServer) => ({
-      loader: require.resolve('swc-loader'),
-      options: {
-        jsc: {
-          parser: {
-            syntax: 'typescript',
-            tsx: true,
-          },
-          transform: {
-            react: {
-              runtime: 'automatic',
-            },
-          },
-          target: 'es2017',
-        },
-        module: {
-          type: isServer ? 'commonjs' : 'es6',
-        },
-      },
-    }),
-  },
   presets: [
     [
       "classic",
@@ -397,4 +375,17 @@ module.exports = {
     },
   ],
   themes: [ "docusaurus-theme-github-codeblock", "docusaurus-theme-openapi-docs"],
+  future: {
+    v4: false, // Disabled because of some problems related to https://github.com/facebook/docusaurus/issues/11040
+    experimental_faster: {
+      swcJsLoader: false, // Disabled because of memory usage > 8GB which is a problem on vercel default runners
+      swcJsMinimizer: true,
+      swcHtmlMinimizer : true,
+      lightningCssMinimizer: true,
+      mdxCrossCompilerCache: true,
+      ssgWorkerThreads: false, // Disabled because of some problems related to https://github.com/facebook/docusaurus/issues/11040
+      rspackBundler: true,
+      rspackPersistentCache: true,
+    },
+  },
 };
diff --git a/docs/package.json b/docs/package.json
index f9636418dd..014a8ec0ca 100644
--- a/docs/package.json
+++ b/docs/package.json
@@ -6,7 +6,7 @@
     "docusaurus": "docusaurus",
     "start": "docusaurus start",
     "start:api": "yarn run generate && docusaurus start",
-    "build": "yarn run generate && NODE_OPTIONS=--max-old-space-size=8192 docusaurus build",
+    "build": "yarn run generate && docusaurus build",
     "swizzle": "docusaurus swizzle",
     "deploy": "docusaurus deploy",
     "clear": "docusaurus clear",
@@ -22,33 +22,27 @@
   },
   "dependencies": {
     "@bufbuild/buf": "^1.14.0",
-    "@docusaurus/core": "3.4.0",
-    "@docusaurus/preset-classic": "3.4.0",
-    "@docusaurus/theme-mermaid": "3.4.0",
-    "@docusaurus/theme-search-algolia": "3.4.0",
+    "@docusaurus/core": "^3.8.0",
+    "@docusaurus/faster": "^3.8.0",
+    "@docusaurus/preset-classic": "^3.8.0",
+    "@docusaurus/theme-mermaid": "^3.8.0",
+    "@docusaurus/theme-search-algolia": "^3.8.0",
     "@headlessui/react": "^1.7.4",
     "@heroicons/react": "^2.0.13",
-    "@mdx-js/react": "^3.0.0",
-    "@swc/core": "^1.3.74",
     "autoprefixer": "^10.4.13",
     "clsx": "^1.2.1",
-    "docusaurus-plugin-image-zoom": "^1.0.1",
-    "docusaurus-plugin-openapi-docs": "3.0.1",
+    "docusaurus-plugin-image-zoom": "^3.0.1",
+    "docusaurus-plugin-openapi-docs": "4.4.0",
     "docusaurus-theme-github-codeblock": "^2.0.2",
-    "docusaurus-theme-openapi-docs": "3.0.1",
+    "docusaurus-theme-openapi-docs": "4.4.0",
     "mdx-mermaid": "^2.0.0",
-    "mermaid": "^10.9.1",
     "postcss": "^8.4.31",
-    "prism-react-renderer": "^2.1.0",
     "raw-loader": "^4.0.2",
     "react": "^18.2.0",
     "react-copy-to-clipboard": "^5.1.0",
     "react-dom": "^18.2.0",
     "react-google-charts": "^5.2.1",
-    "react-player": "^2.15.1",
-    "sitemap": "7.1.1",
-    "swc-loader": "^0.2.3",
-    "wait-on": "6.0.1"
+    "react-player": "^2.15.1"
   },
   "browserslist": {
     "production": [
@@ -63,8 +57,8 @@
     ]
   },
   "devDependencies": {
-    "@docusaurus/module-type-aliases": "3.4.0",
-    "@docusaurus/types": "3.4.0",
+    "@docusaurus/module-type-aliases": "^3.8.0",
+    "@docusaurus/types": "^3.8.0",
     "tailwindcss": "^3.2.4"
   },
   "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
diff --git a/docs/src/components/benchmark_chart.jsx b/docs/src/components/benchmark_chart.jsx
index 4f0d4bc61c..cf93a842ef 100644
--- a/docs/src/components/benchmark_chart.jsx
+++ b/docs/src/components/benchmark_chart.jsx
@@ -1,11 +1,24 @@
 import React from "react";
 import Chart from "react-google-charts";
 
-export function BenchmarkChart(testResults=[], height='500px') {
+export function BenchmarkChart({ testResults = [], height = '500px' } = {}) {
+    if (!Array.isArray(testResults)) {
+        console.error("BenchmarkChart: testResults is not an array. Received:", testResults);
+        return <p>Error: Benchmark data is not available or in the wrong format.</p>;
+    }
+
+    if (testResults.length === 0) {
+        return <p>No benchmark data to display.</p>;
+    }
+
     const dataPerMetric = new Map();
     let maxVValue = 0;
 
-    JSON.parse(testResults.testResults).forEach((result) => {
+    testResults.forEach((result) => {
+        if (!result || typeof result.metric_name === 'undefined') {
+            console.warn("BenchmarkChart: Skipping invalid result item:", result);
+            return;
+        }
         if (!dataPerMetric.has(result.metric_name)) {
             dataPerMetric.set(result.metric_name, [
                 [
@@ -16,17 +29,16 @@ export function BenchmarkChart(testResults=[], height='500px') {
                 ],
             ]);
         }
-        if (result.p99 > maxVValue) {
+        if (result.p99 !== undefined && result.p99 > maxVValue) {
             maxVValue = result.p99;
         }
         dataPerMetric.get(result.metric_name).push([
-            new Date(result.timestamp),
+            result.timestamp ? new Date(result.timestamp) : null,
             result.p50,
             result.p95,
             result.p99,
         ]);
     });
-
     const options = {
         legend: { position: 'bottom' },
         focusTarget: 'category',
@@ -35,17 +47,18 @@ export function BenchmarkChart(testResults=[], height='500px') {
         },
         vAxis: {
             title: 'latency (ms)',
-            maxValue: maxVValue,
+            maxValue: maxVValue > 0 ? maxVValue : undefined,
         },
         title: ''
     };
     const charts = [];
     
     dataPerMetric.forEach((data, metric) => {
-        const opt = Object.create(options);
+        const opt = { ...options };
         opt.title = metric;
         charts.push(
             <Chart
+                key={metric}
                 chartType="LineChart"
                 width="100%"
                 height={height}
@@ -56,6 +69,9 @@ export function BenchmarkChart(testResults=[], height='500px') {
         );
     });
 
+    if (charts.length === 0) {
+        return <p>No chart data could be generated.</p>;
+    }
 
-    return (charts);
+    return <>{charts}</>;
 }
\ No newline at end of file
diff --git a/docs/yarn.lock b/docs/yarn.lock
index ad31e03b5e..70f2de1f05 100644
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@@ -2,158 +2,153 @@
 # yarn lockfile v1
 
 
-"@algolia/autocomplete-core@1.9.3":
-  version "1.9.3"
-  resolved "https://registry.yarnpkg.com/@algolia/autocomplete-core/-/autocomplete-core-1.9.3.tgz#1d56482a768c33aae0868c8533049e02e8961be7"
-  integrity sha512-009HdfugtGCdC4JdXUbVJClA0q0zh24yyePn+KUGk3rP7j8FEe/m5Yo/z65gn6nP/cM39PxpzqKrL7A6fP6PPw==
+"@algolia/autocomplete-core@1.17.9":
+  version "1.17.9"
+  resolved "https://registry.yarnpkg.com/@algolia/autocomplete-core/-/autocomplete-core-1.17.9.tgz#83374c47dc72482aa45d6b953e89377047f0dcdc"
+  integrity sha512-O7BxrpLDPJWWHv/DLA9DRFWs+iY1uOJZkqUwjS5HSZAGcl0hIVCQ97LTLewiZmZ402JYUrun+8NqFP+hCknlbQ==
   dependencies:
-    "@algolia/autocomplete-plugin-algolia-insights" "1.9.3"
-    "@algolia/autocomplete-shared" "1.9.3"
+    "@algolia/autocomplete-plugin-algolia-insights" "1.17.9"
+    "@algolia/autocomplete-shared" "1.17.9"
 
-"@algolia/autocomplete-plugin-algolia-insights@1.9.3":
-  version "1.9.3"
-  resolved "https://registry.yarnpkg.com/@algolia/autocomplete-plugin-algolia-insights/-/autocomplete-plugin-algolia-insights-1.9.3.tgz#9b7f8641052c8ead6d66c1623d444cbe19dde587"
-  integrity sha512-a/yTUkcO/Vyy+JffmAnTWbr4/90cLzw+CC3bRbhnULr/EM0fGNvM13oQQ14f2moLMcVDyAx/leczLlAOovhSZg==
+"@algolia/autocomplete-plugin-algolia-insights@1.17.9":
+  version "1.17.9"
+  resolved "https://registry.yarnpkg.com/@algolia/autocomplete-plugin-algolia-insights/-/autocomplete-plugin-algolia-insights-1.17.9.tgz#74c86024d09d09e8bfa3dd90b844b77d9f9947b6"
+  integrity sha512-u1fEHkCbWF92DBeB/KHeMacsjsoI0wFhjZtlCq2ddZbAehshbZST6Hs0Avkc0s+4UyBGbMDnSuXHLuvRWK5iDQ==
   dependencies:
-    "@algolia/autocomplete-shared" "1.9.3"
+    "@algolia/autocomplete-shared" "1.17.9"
 
-"@algolia/autocomplete-preset-algolia@1.9.3":
-  version "1.9.3"
-  resolved "https://registry.yarnpkg.com/@algolia/autocomplete-preset-algolia/-/autocomplete-preset-algolia-1.9.3.tgz#64cca4a4304cfcad2cf730e83067e0c1b2f485da"
-  integrity sha512-d4qlt6YmrLMYy95n5TB52wtNDr6EgAIPH81dvvvW8UmuWRgxEtY0NJiPwl/h95JtG2vmRM804M0DSwMCNZlzRA==
+"@algolia/autocomplete-preset-algolia@1.17.9":
+  version "1.17.9"
+  resolved "https://registry.yarnpkg.com/@algolia/autocomplete-preset-algolia/-/autocomplete-preset-algolia-1.17.9.tgz#911f3250544eb8ea4096fcfb268f156b085321b5"
+  integrity sha512-Na1OuceSJeg8j7ZWn5ssMu/Ax3amtOwk76u4h5J4eK2Nx2KB5qt0Z4cOapCsxot9VcEN11ADV5aUSlQF4RhGjQ==
   dependencies:
-    "@algolia/autocomplete-shared" "1.9.3"
+    "@algolia/autocomplete-shared" "1.17.9"
 
-"@algolia/autocomplete-shared@1.9.3":
-  version "1.9.3"
-  resolved "https://registry.yarnpkg.com/@algolia/autocomplete-shared/-/autocomplete-shared-1.9.3.tgz#2e22e830d36f0a9cf2c0ccd3c7f6d59435b77dfa"
-  integrity sha512-Wnm9E4Ye6Rl6sTTqjoymD+l8DjSTHsHboVRYrKgEt8Q7UHm9nYbqhN/i0fhUYA3OAEH7WA8x3jfpnmJm3rKvaQ==
+"@algolia/autocomplete-shared@1.17.9":
+  version "1.17.9"
+  resolved "https://registry.yarnpkg.com/@algolia/autocomplete-shared/-/autocomplete-shared-1.17.9.tgz#5f38868f7cb1d54b014b17a10fc4f7e79d427fa8"
+  integrity sha512-iDf05JDQ7I0b7JEA/9IektxN/80a2MZ1ToohfmNS3rfeuQnIKI3IJlIafD0xu4StbtQTghx9T3Maa97ytkXenQ==
 
-"@algolia/cache-browser-local-storage@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/cache-browser-local-storage/-/cache-browser-local-storage-4.23.3.tgz#0cc26b96085e1115dac5fcb9d826651ba57faabc"
-  integrity sha512-vRHXYCpPlTDE7i6UOy2xE03zHF2C8MEFjPN2v7fRbqVpcOvAUQK81x3Kc21xyb5aSIpYCjWCZbYZuz8Glyzyyg==
+"@algolia/client-abtesting@5.25.0":
+  version "5.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-abtesting/-/client-abtesting-5.25.0.tgz#012204f1614e1a71366fb1e117c8f195186ff081"
+  integrity sha512-1pfQulNUYNf1Tk/svbfjfkLBS36zsuph6m+B6gDkPEivFmso/XnRgwDvjAx80WNtiHnmeNjIXdF7Gos8+OLHqQ==
   dependencies:
-    "@algolia/cache-common" "4.23.3"
+    "@algolia/client-common" "5.25.0"
+    "@algolia/requester-browser-xhr" "5.25.0"
+    "@algolia/requester-fetch" "5.25.0"
+    "@algolia/requester-node-http" "5.25.0"
 
-"@algolia/cache-common@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/cache-common/-/cache-common-4.23.3.tgz#3bec79092d512a96c9bfbdeec7cff4ad36367166"
-  integrity sha512-h9XcNI6lxYStaw32pHpB1TMm0RuxphF+Ik4o7tcQiodEdpKK+wKufY6QXtba7t3k8eseirEMVB83uFFF3Nu54A==
-
-"@algolia/cache-in-memory@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/cache-in-memory/-/cache-in-memory-4.23.3.tgz#3945f87cd21ffa2bec23890c85305b6b11192423"
-  integrity sha512-yvpbuUXg/+0rbcagxNT7un0eo3czx2Uf0y4eiR4z4SD7SiptwYTpbuS0IHxcLHG3lq22ukx1T6Kjtk/rT+mqNg==
+"@algolia/client-analytics@5.25.0":
+  version "5.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-analytics/-/client-analytics-5.25.0.tgz#eba015bfafb3dbb82712c9160a00717a5974ff71"
+  integrity sha512-AFbG6VDJX/o2vDd9hqncj1B6B4Tulk61mY0pzTtzKClyTDlNP0xaUiEKhl6E7KO9I/x0FJF5tDCm0Hn6v5x18A==
   dependencies:
-    "@algolia/cache-common" "4.23.3"
+    "@algolia/client-common" "5.25.0"
+    "@algolia/requester-browser-xhr" "5.25.0"
+    "@algolia/requester-fetch" "5.25.0"
+    "@algolia/requester-node-http" "5.25.0"
 
-"@algolia/client-account@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/client-account/-/client-account-4.23.3.tgz#8751bbf636e6741c95e7c778488dee3ee430ac6f"
-  integrity sha512-hpa6S5d7iQmretHHF40QGq6hz0anWEHGlULcTIT9tbUssWUriN9AUXIFQ8Ei4w9azD0hc1rUok9/DeQQobhQMA==
-  dependencies:
-    "@algolia/client-common" "4.23.3"
-    "@algolia/client-search" "4.23.3"
-    "@algolia/transporter" "4.23.3"
+"@algolia/client-common@5.25.0":
+  version "5.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-common/-/client-common-5.25.0.tgz#2def8947efe849266057d92f67d1b8d83de0c005"
+  integrity sha512-il1zS/+Rc6la6RaCdSZ2YbJnkQC6W1wiBO8+SH+DE6CPMWBU6iDVzH0sCKSAtMWl9WBxoN6MhNjGBnCv9Yy2bA==
 
-"@algolia/client-analytics@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/client-analytics/-/client-analytics-4.23.3.tgz#f88710885278fe6fb6964384af59004a5a6f161d"
-  integrity sha512-LBsEARGS9cj8VkTAVEZphjxTjMVCci+zIIiRhpFun9jGDUlS1XmhCW7CTrnaWeIuCQS/2iPyRqSy1nXPjcBLRA==
+"@algolia/client-insights@5.25.0":
+  version "5.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-insights/-/client-insights-5.25.0.tgz#b87df8614b96c4cc9c9aa7765cce07fa70864fa8"
+  integrity sha512-blbjrUH1siZNfyCGeq0iLQu00w3a4fBXm0WRIM0V8alcAPo7rWjLbMJMrfBtzL9X5ic6wgxVpDADXduGtdrnkw==
   dependencies:
-    "@algolia/client-common" "4.23.3"
-    "@algolia/client-search" "4.23.3"
-    "@algolia/requester-common" "4.23.3"
-    "@algolia/transporter" "4.23.3"
+    "@algolia/client-common" "5.25.0"
+    "@algolia/requester-browser-xhr" "5.25.0"
+    "@algolia/requester-fetch" "5.25.0"
+    "@algolia/requester-node-http" "5.25.0"
 
-"@algolia/client-common@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/client-common/-/client-common-4.23.3.tgz#891116aa0db75055a7ecc107649f7f0965774704"
-  integrity sha512-l6EiPxdAlg8CYhroqS5ybfIczsGUIAC47slLPOMDeKSVXYG1n0qGiz4RjAHLw2aD0xzh2EXZ7aRguPfz7UKDKw==
+"@algolia/client-personalization@5.25.0":
+  version "5.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-personalization/-/client-personalization-5.25.0.tgz#74b041f0e7d91e1009c131c8d716c34e4d45c30f"
+  integrity sha512-aywoEuu1NxChBcHZ1pWaat0Plw7A8jDMwjgRJ00Mcl7wGlwuPt5dJ/LTNcg3McsEUbs2MBNmw0ignXBw9Tbgow==
   dependencies:
-    "@algolia/requester-common" "4.23.3"
-    "@algolia/transporter" "4.23.3"
+    "@algolia/client-common" "5.25.0"
+    "@algolia/requester-browser-xhr" "5.25.0"
+    "@algolia/requester-fetch" "5.25.0"
+    "@algolia/requester-node-http" "5.25.0"
 
-"@algolia/client-personalization@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/client-personalization/-/client-personalization-4.23.3.tgz#35fa8e5699b0295fbc400a8eb211dc711e5909db"
-  integrity sha512-3E3yF3Ocr1tB/xOZiuC3doHQBQ2zu2MPTYZ0d4lpfWads2WTKG7ZzmGnsHmm63RflvDeLK/UVx7j2b3QuwKQ2g==
+"@algolia/client-query-suggestions@5.25.0":
+  version "5.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-query-suggestions/-/client-query-suggestions-5.25.0.tgz#e92d935d9e2994f790d43c64d3518d81070a3888"
+  integrity sha512-a/W2z6XWKjKjIW1QQQV8PTTj1TXtaKx79uR3NGBdBdGvVdt24KzGAaN7sCr5oP8DW4D3cJt44wp2OY/fZcPAVA==
   dependencies:
-    "@algolia/client-common" "4.23.3"
-    "@algolia/requester-common" "4.23.3"
-    "@algolia/transporter" "4.23.3"
+    "@algolia/client-common" "5.25.0"
+    "@algolia/requester-browser-xhr" "5.25.0"
+    "@algolia/requester-fetch" "5.25.0"
+    "@algolia/requester-node-http" "5.25.0"
 
-"@algolia/client-search@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/client-search/-/client-search-4.23.3.tgz#a3486e6af13a231ec4ab43a915a1f318787b937f"
-  integrity sha512-P4VAKFHqU0wx9O+q29Q8YVuaowaZ5EM77rxfmGnkHUJggh28useXQdopokgwMeYw2XUht49WX5RcTQ40rZIabw==
+"@algolia/client-search@5.25.0":
+  version "5.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-search/-/client-search-5.25.0.tgz#dc38ca1015f2f4c9f5053a4517f96fb28a2117f8"
+  integrity sha512-9rUYcMIBOrCtYiLX49djyzxqdK9Dya/6Z/8sebPn94BekT+KLOpaZCuc6s0Fpfq7nx5J6YY5LIVFQrtioK9u0g==
   dependencies:
-    "@algolia/client-common" "4.23.3"
-    "@algolia/requester-common" "4.23.3"
-    "@algolia/transporter" "4.23.3"
+    "@algolia/client-common" "5.25.0"
+    "@algolia/requester-browser-xhr" "5.25.0"
+    "@algolia/requester-fetch" "5.25.0"
+    "@algolia/requester-node-http" "5.25.0"
 
 "@algolia/events@^4.0.1":
   version "4.0.1"
   resolved "https://registry.yarnpkg.com/@algolia/events/-/events-4.0.1.tgz#fd39e7477e7bc703d7f893b556f676c032af3950"
   integrity sha512-FQzvOCgoFXAbf5Y6mYozw2aj5KCJoA3m4heImceldzPSMbdyS4atVjJzXKMsfX3wnZTFYwkkt8/z8UesLHlSBQ==
 
-"@algolia/logger-common@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/logger-common/-/logger-common-4.23.3.tgz#35c6d833cbf41e853a4f36ba37c6e5864920bfe9"
-  integrity sha512-y9kBtmJwiZ9ZZ+1Ek66P0M68mHQzKRxkW5kAAXYN/rdzgDN0d2COsViEFufxJ0pb45K4FRcfC7+33YB4BLrZ+g==
-
-"@algolia/logger-console@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/logger-console/-/logger-console-4.23.3.tgz#30f916781826c4db5f51fcd9a8a264a06e136985"
-  integrity sha512-8xoiseoWDKuCVnWP8jHthgaeobDLolh00KJAdMe9XPrWPuf1by732jSpgy2BlsLTaT9m32pHI8CRfrOqQzHv3A==
+"@algolia/ingestion@1.25.0":
+  version "1.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/ingestion/-/ingestion-1.25.0.tgz#4d13c56dda0a05c7bacb0e3ef5866292dfd86ed5"
+  integrity sha512-jJeH/Hk+k17Vkokf02lkfYE4A+EJX+UgnMhTLR/Mb+d1ya5WhE+po8p5a/Nxb6lo9OLCRl6w3Hmk1TX1e9gVbQ==
   dependencies:
-    "@algolia/logger-common" "4.23.3"
+    "@algolia/client-common" "5.25.0"
+    "@algolia/requester-browser-xhr" "5.25.0"
+    "@algolia/requester-fetch" "5.25.0"
+    "@algolia/requester-node-http" "5.25.0"
 
-"@algolia/recommend@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/recommend/-/recommend-4.23.3.tgz#53d4f194d22d9c72dc05f3f7514c5878f87c5890"
-  integrity sha512-9fK4nXZF0bFkdcLBRDexsnGzVmu4TSYZqxdpgBW2tEyfuSSY54D4qSRkLmNkrrz4YFvdh2GM1gA8vSsnZPR73w==
+"@algolia/monitoring@1.25.0":
+  version "1.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/monitoring/-/monitoring-1.25.0.tgz#d59360cfe556338519d05a9d8107147e9dbcb020"
+  integrity sha512-Ls3i1AehJ0C6xaHe7kK9vPmzImOn5zBg7Kzj8tRYIcmCWVyuuFwCIsbuIIz/qzUf1FPSWmw0TZrGeTumk2fqXg==
   dependencies:
-    "@algolia/cache-browser-local-storage" "4.23.3"
-    "@algolia/cache-common" "4.23.3"
-    "@algolia/cache-in-memory" "4.23.3"
-    "@algolia/client-common" "4.23.3"
-    "@algolia/client-search" "4.23.3"
-    "@algolia/logger-common" "4.23.3"
-    "@algolia/logger-console" "4.23.3"
-    "@algolia/requester-browser-xhr" "4.23.3"
-    "@algolia/requester-common" "4.23.3"
-    "@algolia/requester-node-http" "4.23.3"
-    "@algolia/transporter" "4.23.3"
+    "@algolia/client-common" "5.25.0"
+    "@algolia/requester-browser-xhr" "5.25.0"
+    "@algolia/requester-fetch" "5.25.0"
+    "@algolia/requester-node-http" "5.25.0"
 
-"@algolia/requester-browser-xhr@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/requester-browser-xhr/-/requester-browser-xhr-4.23.3.tgz#9e47e76f60d540acc8b27b4ebc7a80d1b41938b9"
-  integrity sha512-jDWGIQ96BhXbmONAQsasIpTYWslyjkiGu0Quydjlowe+ciqySpiDUrJHERIRfELE5+wFc7hc1Q5hqjGoV7yghw==
+"@algolia/recommend@5.25.0":
+  version "5.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/recommend/-/recommend-5.25.0.tgz#b96f12c85aa74a0326982c7801fcd4a610b420f4"
+  integrity sha512-79sMdHpiRLXVxSjgw7Pt4R1aNUHxFLHiaTDnN2MQjHwJ1+o3wSseb55T9VXU4kqy3m7TUme3pyRhLk5ip/S4Mw==
   dependencies:
-    "@algolia/requester-common" "4.23.3"
+    "@algolia/client-common" "5.25.0"
+    "@algolia/requester-browser-xhr" "5.25.0"
+    "@algolia/requester-fetch" "5.25.0"
+    "@algolia/requester-node-http" "5.25.0"
 
-"@algolia/requester-common@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/requester-common/-/requester-common-4.23.3.tgz#7dbae896e41adfaaf1d1fa5f317f83a99afb04b3"
-  integrity sha512-xloIdr/bedtYEGcXCiF2muajyvRhwop4cMZo+K2qzNht0CMzlRkm8YsDdj5IaBhshqfgmBb3rTg4sL4/PpvLYw==
-
-"@algolia/requester-node-http@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/requester-node-http/-/requester-node-http-4.23.3.tgz#c9f94a5cb96a15f48cea338ab6ef16bbd0ff989f"
-  integrity sha512-zgu++8Uj03IWDEJM3fuNl34s746JnZOWn1Uz5taV1dFyJhVM/kTNw9Ik7YJWiUNHJQXcaD8IXD1eCb0nq/aByA==
+"@algolia/requester-browser-xhr@5.25.0":
+  version "5.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.25.0.tgz#c194fa5f49206b9343e6646c41bfbca2a3f2ac54"
+  integrity sha512-JLaF23p1SOPBmfEqozUAgKHQrGl3z/Z5RHbggBu6s07QqXXcazEsub5VLonCxGVqTv6a61AAPr8J1G5HgGGjEw==
   dependencies:
-    "@algolia/requester-common" "4.23.3"
+    "@algolia/client-common" "5.25.0"
 
-"@algolia/transporter@4.23.3":
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/@algolia/transporter/-/transporter-4.23.3.tgz#545b045b67db3850ddf0bbecbc6c84ff1f3398b7"
-  integrity sha512-Wjl5gttqnf/gQKJA+dafnD0Y6Yw97yvfY8R9h0dQltX1GXTgNs1zWgvtWW0tHl1EgMdhAyw189uWiZMnL3QebQ==
+"@algolia/requester-fetch@5.25.0":
+  version "5.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/requester-fetch/-/requester-fetch-5.25.0.tgz#231a2d0da2397d141f80b8f28e2cb6e3d219d38d"
+  integrity sha512-rtzXwqzFi1edkOF6sXxq+HhmRKDy7tz84u0o5t1fXwz0cwx+cjpmxu/6OQKTdOJFS92JUYHsG51Iunie7xbqfQ==
   dependencies:
-    "@algolia/cache-common" "4.23.3"
-    "@algolia/logger-common" "4.23.3"
-    "@algolia/requester-common" "4.23.3"
+    "@algolia/client-common" "5.25.0"
+
+"@algolia/requester-node-http@5.25.0":
+  version "5.25.0"
+  resolved "https://registry.yarnpkg.com/@algolia/requester-node-http/-/requester-node-http-5.25.0.tgz#0ce13c550890de21c558b04381535d2d245a3725"
+  integrity sha512-ZO0UKvDyEFvyeJQX0gmZDQEvhLZ2X10K+ps6hViMo1HgE2V8em00SwNsQ+7E/52a+YiBkVWX61pJJJE44juDMQ==
+  dependencies:
+    "@algolia/client-common" "5.25.0"
 
 "@alloc/quick-lru@^5.2.0":
   version "5.2.0"
@@ -168,6 +163,19 @@
     "@jridgewell/gen-mapping" "^0.3.5"
     "@jridgewell/trace-mapping" "^0.3.24"
 
+"@antfu/install-pkg@^1.0.0":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@antfu/install-pkg/-/install-pkg-1.1.0.tgz#78fa036be1a6081b5a77a5cf59f50c7752b6ba26"
+  integrity sha512-MGQsmw10ZyI+EJo45CdSER4zEb+p31LpDAFp2Z3gkSd1yqVZGi0Ebx++YTEMonJy4oChEMLsxZ64j8FH6sSqtQ==
+  dependencies:
+    package-manager-detector "^1.3.0"
+    tinyexec "^1.0.1"
+
+"@antfu/utils@^8.1.0":
+  version "8.1.1"
+  resolved "https://registry.yarnpkg.com/@antfu/utils/-/utils-8.1.1.tgz#95b1947d292a9a2efffba2081796dcaa05ecedfb"
+  integrity sha512-Mex9nXf9vR6AhcXmMrlz/HVgYYZpVGJ6YlPgwl7UnaFpnshXs6EK/oa5Gpf3CzENMjkvEx2tQtntGnb7UtSTOQ==
+
 "@apidevtools/json-schema-ref-parser@^11.5.4":
   version "11.6.4"
   resolved "https://registry.yarnpkg.com/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-11.6.4.tgz#0f3e02302f646471d621a8850e6a346d63c8ebd4"
@@ -177,7 +185,7 @@
     "@types/json-schema" "^7.0.15"
     js-yaml "^4.1.0"
 
-"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.16.0", "@babel/code-frame@^7.24.7", "@babel/code-frame@^7.8.3":
+"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.24.7.tgz#882fd9e09e8ee324e496bd040401c6f046ef4465"
   integrity sha512-BcYH1CVJBO9tvyIZ2jVeXgSIMvGZ2FDRvDdOIVQyuklNKSsx+eppDEBq/g47Ayw+RqNFE+URvOShmf+f/qwAlA==
@@ -194,12 +202,26 @@
     js-tokens "^4.0.0"
     picocolors "^1.0.0"
 
+"@babel/code-frame@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.27.1.tgz#200f715e66d52a23b221a9435534a91cc13ad5be"
+  integrity sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==
+  dependencies:
+    "@babel/helper-validator-identifier" "^7.27.1"
+    js-tokens "^4.0.0"
+    picocolors "^1.1.1"
+
 "@babel/compat-data@^7.22.6", "@babel/compat-data@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.24.7.tgz#d23bbea508c3883ba8251fb4164982c36ea577ed"
   integrity sha512-qJzAIcv03PyaWqxRgO4mSU3lihncDT296vnyuE2O8uA4w3UHWI4S3hgeZd1L8W1Bft40w9JxJ2b412iDUFFRhw==
 
-"@babel/core@^7.21.3", "@babel/core@^7.23.3":
+"@babel/compat-data@^7.27.2":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.27.3.tgz#cc49c2ac222d69b889bf34c795f537c0c6311111"
+  integrity sha512-V42wFfx1ymFte+ecf6iXghnnP8kWTO+ZLXIyZq+1LAXHHvTZdVxicn4yiVYdYMGaCO3tmqub11AorKkv+iodqw==
+
+"@babel/core@^7.21.3":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.24.7.tgz#b676450141e0b52a3d43bc91da86aa608f950ac4"
   integrity sha512-nykK+LEK86ahTkX/3TgauT0ikKoNCfKHEaZYTUVupJdTLzGNvrblu4u6fa7DhZONAltdf8e662t/abY8idrd/g==
@@ -220,7 +242,28 @@
     json5 "^2.2.3"
     semver "^6.3.1"
 
-"@babel/generator@^7.23.3", "@babel/generator@^7.24.7":
+"@babel/core@^7.25.9":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.27.3.tgz#d7d05502bccede3cab36373ed142e6a1df554c2f"
+  integrity sha512-hyrN8ivxfvJ4i0fIJuV4EOlV0WDMz5Ui4StRTgVaAvWeiRCilXgwVvxJKtFQ3TKtHgJscB2YiXKGNJuVwhQMtA==
+  dependencies:
+    "@ampproject/remapping" "^2.2.0"
+    "@babel/code-frame" "^7.27.1"
+    "@babel/generator" "^7.27.3"
+    "@babel/helper-compilation-targets" "^7.27.2"
+    "@babel/helper-module-transforms" "^7.27.3"
+    "@babel/helpers" "^7.27.3"
+    "@babel/parser" "^7.27.3"
+    "@babel/template" "^7.27.2"
+    "@babel/traverse" "^7.27.3"
+    "@babel/types" "^7.27.3"
+    convert-source-map "^2.0.0"
+    debug "^4.1.0"
+    gensync "^1.0.0-beta.2"
+    json5 "^2.2.3"
+    semver "^6.3.1"
+
+"@babel/generator@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.24.7.tgz#1654d01de20ad66b4b4d99c135471bc654c55e6d"
   integrity sha512-oipXieGC3i45Y1A41t4tAqpnEZWgB/lC6Ehh6+rOviR5XWpTtMmLN+fGjz9vOiNRt0p6RtO6DtD0pdU3vpqdSA==
@@ -230,6 +273,17 @@
     "@jridgewell/trace-mapping" "^0.3.25"
     jsesc "^2.5.1"
 
+"@babel/generator@^7.25.9", "@babel/generator@^7.27.3":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.27.3.tgz#ef1c0f7cfe3b5fc8cbb9f6cc69f93441a68edefc"
+  integrity sha512-xnlJYj5zepml8NXtjkG0WquFUv8RskFqyFcVgTBp5k+NaA/8uw/K+OSVf8AMGw5e9HKP2ETd5xpK5MLZQD6b4Q==
+  dependencies:
+    "@babel/parser" "^7.27.3"
+    "@babel/types" "^7.27.3"
+    "@jridgewell/gen-mapping" "^0.3.5"
+    "@jridgewell/trace-mapping" "^0.3.25"
+    jsesc "^3.0.2"
+
 "@babel/helper-annotate-as-pure@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.24.7.tgz#5373c7bc8366b12a033b4be1ac13a206c6656aab"
@@ -237,6 +291,13 @@
   dependencies:
     "@babel/types" "^7.24.7"
 
+"@babel/helper-annotate-as-pure@^7.27.1":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.27.3.tgz#f31fd86b915fc4daf1f3ac6976c59be7084ed9c5"
+  integrity sha512-fXSwMQqitTGeHLBC08Eq5yXz2m37E4pJX1qAU1+2cNedz/ifv/bVXft90VeSav5nFO61EcNgwr0aJxbyPaWBPg==
+  dependencies:
+    "@babel/types" "^7.27.3"
+
 "@babel/helper-builder-binary-assignment-operator-visitor@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.24.7.tgz#37d66feb012024f2422b762b9b2a7cfe27c7fba3"
@@ -256,6 +317,17 @@
     lru-cache "^5.1.1"
     semver "^6.3.1"
 
+"@babel/helper-compilation-targets@^7.27.1", "@babel/helper-compilation-targets@^7.27.2":
+  version "7.27.2"
+  resolved "https://registry.yarnpkg.com/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.2.tgz#46a0f6efab808d51d29ce96858dd10ce8732733d"
+  integrity sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ==
+  dependencies:
+    "@babel/compat-data" "^7.27.2"
+    "@babel/helper-validator-option" "^7.27.1"
+    browserslist "^4.24.0"
+    lru-cache "^5.1.1"
+    semver "^6.3.1"
+
 "@babel/helper-create-class-features-plugin@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.24.7.tgz#2eaed36b3a1c11c53bdf80d53838b293c52f5b3b"
@@ -271,6 +343,19 @@
     "@babel/helper-split-export-declaration" "^7.24.7"
     semver "^6.3.1"
 
+"@babel/helper-create-class-features-plugin@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.27.1.tgz#5bee4262a6ea5ddc852d0806199eb17ca3de9281"
+  integrity sha512-QwGAmuvM17btKU5VqXfb+Giw4JcN0hjuufz3DYnpeVDvZLAObloM77bhMXiqry3Iio+Ai4phVRDwl6WU10+r5A==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.27.1"
+    "@babel/helper-member-expression-to-functions" "^7.27.1"
+    "@babel/helper-optimise-call-expression" "^7.27.1"
+    "@babel/helper-replace-supers" "^7.27.1"
+    "@babel/helper-skip-transparent-expression-wrappers" "^7.27.1"
+    "@babel/traverse" "^7.27.1"
+    semver "^6.3.1"
+
 "@babel/helper-create-regexp-features-plugin@^7.18.6", "@babel/helper-create-regexp-features-plugin@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.24.7.tgz#be4f435a80dc2b053c76eeb4b7d16dd22cfc89da"
@@ -280,6 +365,15 @@
     regexpu-core "^5.3.1"
     semver "^6.3.1"
 
+"@babel/helper-create-regexp-features-plugin@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.27.1.tgz#05b0882d97ba1d4d03519e4bce615d70afa18c53"
+  integrity sha512-uVDC72XVf8UbrH5qQTc18Agb8emwjTiZrQE11Nv3CuBEZmVvTwwE9CBUEvHku06gQCAyYf8Nv6ja1IN+6LMbxQ==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.27.1"
+    regexpu-core "^6.2.0"
+    semver "^6.3.1"
+
 "@babel/helper-define-polyfill-provider@^0.6.1", "@babel/helper-define-polyfill-provider@^0.6.2":
   version "0.6.2"
   resolved "https://registry.yarnpkg.com/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.6.2.tgz#18594f789c3594acb24cfdb4a7f7b7d2e8bd912d"
@@ -291,6 +385,17 @@
     lodash.debounce "^4.0.8"
     resolve "^1.14.2"
 
+"@babel/helper-define-polyfill-provider@^0.6.3":
+  version "0.6.4"
+  resolved "https://registry.yarnpkg.com/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.6.4.tgz#15e8746368bfa671785f5926ff74b3064c291fab"
+  integrity sha512-jljfR1rGnXXNWnmQg2K3+bvhkxB51Rl32QRaOTuwwjviGrHzIbSc8+x9CpraDtbT7mfyjXObULP4w/adunNwAw==
+  dependencies:
+    "@babel/helper-compilation-targets" "^7.22.6"
+    "@babel/helper-plugin-utils" "^7.22.5"
+    debug "^4.1.1"
+    lodash.debounce "^4.0.8"
+    resolve "^1.14.2"
+
 "@babel/helper-environment-visitor@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-environment-visitor/-/helper-environment-visitor-7.24.7.tgz#4b31ba9551d1f90781ba83491dd59cf9b269f7d9"
@@ -321,6 +426,14 @@
     "@babel/traverse" "^7.24.7"
     "@babel/types" "^7.24.7"
 
+"@babel/helper-member-expression-to-functions@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.27.1.tgz#ea1211276be93e798ce19037da6f06fbb994fa44"
+  integrity sha512-E5chM8eWjTp/aNoVpcbfM7mLxu9XGLWYise2eBKGQomAk/Mb4XoxyqXTZbuTohbsl8EKqdlMhnDI2CCLfcs9wA==
+  dependencies:
+    "@babel/traverse" "^7.27.1"
+    "@babel/types" "^7.27.1"
+
 "@babel/helper-module-imports@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-module-imports/-/helper-module-imports-7.24.7.tgz#f2f980392de5b84c3328fc71d38bd81bbb83042b"
@@ -329,6 +442,14 @@
     "@babel/traverse" "^7.24.7"
     "@babel/types" "^7.24.7"
 
+"@babel/helper-module-imports@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz#7ef769a323e2655e126673bb6d2d6913bbead204"
+  integrity sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w==
+  dependencies:
+    "@babel/traverse" "^7.27.1"
+    "@babel/types" "^7.27.1"
+
 "@babel/helper-module-transforms@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.24.7.tgz#31b6c9a2930679498db65b685b1698bfd6c7daf8"
@@ -340,6 +461,15 @@
     "@babel/helper-split-export-declaration" "^7.24.7"
     "@babel/helper-validator-identifier" "^7.24.7"
 
+"@babel/helper-module-transforms@^7.27.1", "@babel/helper-module-transforms@^7.27.3":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.27.3.tgz#db0bbcfba5802f9ef7870705a7ef8788508ede02"
+  integrity sha512-dSOvYwvyLsWBeIRyOeHXp5vPj5l1I011r52FM1+r1jCERv+aFXYk4whgQccYEGYxK2H3ZAIA8nuPkQ0HaUo3qg==
+  dependencies:
+    "@babel/helper-module-imports" "^7.27.1"
+    "@babel/helper-validator-identifier" "^7.27.1"
+    "@babel/traverse" "^7.27.3"
+
 "@babel/helper-optimise-call-expression@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.24.7.tgz#8b0a0456c92f6b323d27cfd00d1d664e76692a0f"
@@ -347,11 +477,23 @@
   dependencies:
     "@babel/types" "^7.24.7"
 
+"@babel/helper-optimise-call-expression@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.27.1.tgz#c65221b61a643f3e62705e5dd2b5f115e35f9200"
+  integrity sha512-URMGH08NzYFhubNSGJrpUEphGKQwMQYBySzat5cAByY1/YgIRkULnIy3tAMeszlL/so2HbeilYloUmSpd7GdVw==
+  dependencies:
+    "@babel/types" "^7.27.1"
+
 "@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.18.6", "@babel/helper-plugin-utils@^7.22.5", "@babel/helper-plugin-utils@^7.24.7", "@babel/helper-plugin-utils@^7.8.0", "@babel/helper-plugin-utils@^7.8.3":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.7.tgz#98c84fe6fe3d0d3ae7bfc3a5e166a46844feb2a0"
   integrity sha512-Rq76wjt7yz9AAc1KnlRKNAi/dMSVWgDRx43FHoJEbcYU6xOWaE2dVPwcdTukJrjxS65GITyfbvEYHvkirZ6uEg==
 
+"@babel/helper-plugin-utils@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.27.1.tgz#ddb2f876534ff8013e6c2b299bf4d39b3c51d44c"
+  integrity sha512-1gn1Up5YXka3YYAHGKpbideQ5Yjf1tDa9qYcgysz+cNCXukyLl6DjPXhD3VRwSb8c0J9tA4b2+rHEZtc6R0tlw==
+
 "@babel/helper-remap-async-to-generator@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.24.7.tgz#b3f0f203628522713849d49403f1a414468be4c7"
@@ -361,6 +503,15 @@
     "@babel/helper-environment-visitor" "^7.24.7"
     "@babel/helper-wrap-function" "^7.24.7"
 
+"@babel/helper-remap-async-to-generator@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.27.1.tgz#4601d5c7ce2eb2aea58328d43725523fcd362ce6"
+  integrity sha512-7fiA521aVw8lSPeI4ZOD3vRFkoqkJcS+z4hFo82bFSH/2tNd6eJ5qCVMS5OzDmZh/kaHQeBaeyxK6wljcPtveA==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.27.1"
+    "@babel/helper-wrap-function" "^7.27.1"
+    "@babel/traverse" "^7.27.1"
+
 "@babel/helper-replace-supers@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-replace-supers/-/helper-replace-supers-7.24.7.tgz#f933b7eed81a1c0265740edc91491ce51250f765"
@@ -370,6 +521,15 @@
     "@babel/helper-member-expression-to-functions" "^7.24.7"
     "@babel/helper-optimise-call-expression" "^7.24.7"
 
+"@babel/helper-replace-supers@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-replace-supers/-/helper-replace-supers-7.27.1.tgz#b1ed2d634ce3bdb730e4b52de30f8cccfd692bc0"
+  integrity sha512-7EHz6qDZc8RYS5ElPoShMheWvEgERonFCs7IAonWLLUTXW59DP14bCZt89/GKyreYn8g3S83m21FelHKbeDCKA==
+  dependencies:
+    "@babel/helper-member-expression-to-functions" "^7.27.1"
+    "@babel/helper-optimise-call-expression" "^7.27.1"
+    "@babel/traverse" "^7.27.1"
+
 "@babel/helper-simple-access@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-simple-access/-/helper-simple-access-7.24.7.tgz#bcade8da3aec8ed16b9c4953b74e506b51b5edb3"
@@ -386,6 +546,14 @@
     "@babel/traverse" "^7.24.7"
     "@babel/types" "^7.24.7"
 
+"@babel/helper-skip-transparent-expression-wrappers@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.27.1.tgz#62bb91b3abba8c7f1fec0252d9dbea11b3ee7a56"
+  integrity sha512-Tub4ZKEXqbPjXgWLl2+3JpQAYBJ8+ikpQ2Ocj/q/r0LwE3UhENh7EUabyHjz2kCEsrRY83ew2DQdHluuiDQFzg==
+  dependencies:
+    "@babel/traverse" "^7.27.1"
+    "@babel/types" "^7.27.1"
+
 "@babel/helper-split-export-declaration@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.24.7.tgz#83949436890e07fa3d6873c61a96e3bbf692d856"
@@ -403,6 +571,11 @@
   resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz#1aabb72ee72ed35789b4bbcad3ca2862ce614e8c"
   integrity sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==
 
+"@babel/helper-string-parser@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz#54da796097ab19ce67ed9f88b47bb2ec49367687"
+  integrity sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==
+
 "@babel/helper-validator-identifier@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.24.7.tgz#75b889cfaf9e35c2aaf42cf0d72c8e91719251db"
@@ -413,11 +586,21 @@
   resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz#24b64e2c3ec7cd3b3c547729b8d16871f22cbdc7"
   integrity sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==
 
+"@babel/helper-validator-identifier@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz#a7054dcc145a967dd4dc8fee845a57c1316c9df8"
+  integrity sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow==
+
 "@babel/helper-validator-option@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.24.7.tgz#24c3bb77c7a425d1742eec8fb433b5a1b38e62f6"
   integrity sha512-yy1/KvjhV/ZCL+SM7hBrvnZJ3ZuT9OuZgIJAGpPEToANvc3iM6iDvBnRjtElWibHU6n8/LPR/EjX9EtIEYO3pw==
 
+"@babel/helper-validator-option@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz#fa52f5b1e7db1ab049445b421c4471303897702f"
+  integrity sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==
+
 "@babel/helper-wrap-function@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/helper-wrap-function/-/helper-wrap-function-7.24.7.tgz#52d893af7e42edca7c6d2c6764549826336aae1f"
@@ -428,6 +611,15 @@
     "@babel/traverse" "^7.24.7"
     "@babel/types" "^7.24.7"
 
+"@babel/helper-wrap-function@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/helper-wrap-function/-/helper-wrap-function-7.27.1.tgz#b88285009c31427af318d4fe37651cd62a142409"
+  integrity sha512-NFJK2sHUvrjo8wAU/nQTWU890/zB2jj0qBcCbZbbf+005cAsv6tMjXz31fBign6M5ov1o0Bllu+9nbqkfsjjJQ==
+  dependencies:
+    "@babel/template" "^7.27.1"
+    "@babel/traverse" "^7.27.1"
+    "@babel/types" "^7.27.1"
+
 "@babel/helpers@^7.24.7":
   version "7.27.0"
   resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.27.0.tgz#53d156098defa8243eab0f32fa17589075a1b808"
@@ -436,6 +628,14 @@
     "@babel/template" "^7.27.0"
     "@babel/types" "^7.27.0"
 
+"@babel/helpers@^7.27.3":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.27.3.tgz#387d65d279290e22fe7a47a8ffcd2d0c0184edd0"
+  integrity sha512-h/eKy9agOya1IGuLaZ9tEUgz+uIRXcbtOhRtUyyMf8JFmn1iT13vnl/IGVWSkdOCG/pC57U4S1jnAabAavTMwg==
+  dependencies:
+    "@babel/template" "^7.27.2"
+    "@babel/types" "^7.27.3"
+
 "@babel/highlight@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.24.7.tgz#a05ab1df134b286558aae0ed41e6c5f731bf409d"
@@ -458,6 +658,13 @@
   dependencies:
     "@babel/types" "^7.27.0"
 
+"@babel/parser@^7.27.2", "@babel/parser@^7.27.3":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.27.3.tgz#1b7533f0d908ad2ac545c4d05cbe2fb6dc8cfaaf"
+  integrity sha512-xyYxRj6+tLNDTWi0KCBcZ9V7yg3/lwL9DWh9Uwh/RIVlIfFidggcgxKX3GCXwCiswwcGRawBKbEg2LG/Y8eJhw==
+  dependencies:
+    "@babel/types" "^7.27.3"
+
 "@babel/plugin-bugfix-firefox-class-in-computed-class-key@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.24.7.tgz#fd059fd27b184ea2b4c7e646868a9a381bbc3055"
@@ -466,6 +673,21 @@
     "@babel/helper-environment-visitor" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-bugfix-firefox-class-in-computed-class-key@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.27.1.tgz#61dd8a8e61f7eb568268d1b5f129da3eee364bf9"
+  integrity sha512-QPG3C9cCVRQLxAVwmefEmwdTanECuUBMQZ/ym5kiw3XKCGA7qkuQLcjWWHcrD/GKbn/WmJwaezfuuAOcyKlRPA==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/traverse" "^7.27.1"
+
+"@babel/plugin-bugfix-safari-class-field-initializer-scope@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-class-field-initializer-scope/-/plugin-bugfix-safari-class-field-initializer-scope-7.27.1.tgz#43f70a6d7efd52370eefbdf55ae03d91b293856d"
+  integrity sha512-qNeq3bCKnGgLkEXUuFry6dPlGfCdQNZbn7yUAPCInwAJHMU7THJfrBSozkcWq5sNM6RcF3S8XyQL2A52KNR9IA==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.24.7.tgz#468096ca44bbcbe8fcc570574e12eb1950e18107"
@@ -473,6 +695,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.27.1.tgz#beb623bd573b8b6f3047bd04c32506adc3e58a72"
+  integrity sha512-g4L7OYun04N1WyqMNjldFwlfPCLVkgB54A/YCXICZYBsvJJE3kByKv9c9+R/nAfmIfjl2rKYLNyMHboYbZaWaA==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.24.7.tgz#e4eabdd5109acc399b38d7999b2ef66fc2022f89"
@@ -482,6 +711,15 @@
     "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7"
     "@babel/plugin-transform-optional-chaining" "^7.24.7"
 
+"@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.27.1.tgz#e134a5479eb2ba9c02714e8c1ebf1ec9076124fd"
+  integrity sha512-oO02gcONcD5O1iTLi/6frMJBIwWEHceWGSGqrpCmEL8nogiS6J9PBlE48CaK20/Jx1LuRml9aDftLgdjXT8+Cw==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-skip-transparent-expression-wrappers" "^7.27.1"
+    "@babel/plugin-transform-optional-chaining" "^7.27.1"
+
 "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.24.7.tgz#71b21bb0286d5810e63a1538aa901c58e87375ec"
@@ -490,6 +728,14 @@
     "@babel/helper-environment-visitor" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.27.1.tgz#bb1c25af34d75115ce229a1de7fa44bf8f955670"
+  integrity sha512-6BpaYGDavZqkI6yT+KSPdpZFfpnd68UKXbcjI9pJ13pvHhPrCKWOOLp+ysvMeA+DxnhuPpgIaRpxRxo5A9t5jw==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/traverse" "^7.27.1"
+
 "@babel/plugin-proposal-private-property-in-object@7.21.0-placeholder-for-preset-env.2":
   version "7.21.0-placeholder-for-preset-env.2"
   resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0-placeholder-for-preset-env.2.tgz#7844f9289546efa9febac2de4cfe358a050bd703"
@@ -537,6 +783,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-syntax-import-assertions@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.27.1.tgz#88894aefd2b03b5ee6ad1562a7c8e1587496aecd"
+  integrity sha512-UT/Jrhw57xg4ILHLFnzFpPDlMbcdEicaAtjPQpbj9wa8T4r5KVWCimHcL/460g8Ht0DMxDyjsLgiWSkVjnwPFg==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-syntax-import-attributes@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.24.7.tgz#b4f9ea95a79e6912480c4b626739f86a076624ca"
@@ -544,6 +797,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-syntax-import-attributes@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.27.1.tgz#34c017d54496f9b11b61474e7ea3dfd5563ffe07"
+  integrity sha512-oFT0FrKHgF53f4vOsZGi2Hh3I35PfSmVs4IBFLFj4dnafP+hIWDLg3VyKmUHfLoLHlyxY4C7DGtmHuJgn+IGww==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-syntax-import-meta@^7.10.4":
   version "7.10.4"
   resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz#ee601348c370fa334d2207be158777496521fd51"
@@ -565,6 +825,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-syntax-jsx@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.27.1.tgz#2f9beb5eff30fa507c5532d107daac7b888fa34c"
+  integrity sha512-y8YTNIeKoyhGd9O0Jiyzyyqk8gdjnumGTQPsz0xOZOQ2RmkVJeZ1vmmfIvFEKqucBG6axJGBZDE/7iI5suUI/w==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-syntax-logical-assignment-operators@^7.10.4":
   version "7.10.4"
   resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz#ca91ef46303530448b906652bac2e9fe9941f699"
@@ -628,6 +895,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-syntax-typescript@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.27.1.tgz#5147d29066a793450f220c63fa3a9431b7e6dd18"
+  integrity sha512-xfYCBMxveHrRMnAWl1ZlPXOZjzkN82THFvLhQhFXFt81Z5HnN+EtUkZhv/zcKpmT3fzmWZB0ywiBrbC3vogbwQ==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-syntax-unicode-sets-regex@^7.18.6":
   version "7.18.6"
   resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-unicode-sets-regex/-/plugin-syntax-unicode-sets-regex-7.18.6.tgz#d49a3b3e6b52e5be6740022317580234a6a47357"
@@ -643,6 +917,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-arrow-functions@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.27.1.tgz#6e2061067ba3ab0266d834a9f94811196f2aba9a"
+  integrity sha512-8Z4TGic6xW70FKThA5HYEKKyBpOOsucTOD1DjU3fZxDg+K3zBJcXMFnt/4yQiZnf5+MiOMSXQ9PaEK/Ilh1DeA==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-async-generator-functions@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.24.7.tgz#7330a5c50e05181ca52351b8fd01642000c96cfd"
@@ -653,6 +934,15 @@
     "@babel/helper-remap-async-to-generator" "^7.24.7"
     "@babel/plugin-syntax-async-generators" "^7.8.4"
 
+"@babel/plugin-transform-async-generator-functions@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.27.1.tgz#ca433df983d68e1375398e7ca71bf2a4f6fd89d7"
+  integrity sha512-eST9RrwlpaoJBDHShc+DS2SG4ATTi2MYNb4OxYkf3n+7eb49LWpnS+HSpVfW4x927qQwgk8A2hGNVaajAEw0EA==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-remap-async-to-generator" "^7.27.1"
+    "@babel/traverse" "^7.27.1"
+
 "@babel/plugin-transform-async-to-generator@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.24.7.tgz#72a3af6c451d575842a7e9b5a02863414355bdcc"
@@ -662,6 +952,15 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/helper-remap-async-to-generator" "^7.24.7"
 
+"@babel/plugin-transform-async-to-generator@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.27.1.tgz#9a93893b9379b39466c74474f55af03de78c66e7"
+  integrity sha512-NREkZsZVJS4xmTr8qzE5y8AfIPqsdQfRuUiLRTEzb7Qii8iFWCyDKaUV2c0rCuh4ljDZ98ALHP/PetiBV2nddA==
+  dependencies:
+    "@babel/helper-module-imports" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-remap-async-to-generator" "^7.27.1"
+
 "@babel/plugin-transform-block-scoped-functions@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.24.7.tgz#a4251d98ea0c0f399dafe1a35801eaba455bbf1f"
@@ -669,6 +968,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-block-scoped-functions@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.27.1.tgz#558a9d6e24cf72802dd3b62a4b51e0d62c0f57f9"
+  integrity sha512-cnqkuOtZLapWYZUYM5rVIdv1nXYuFVIltZ6ZJ7nIj585QsjKM5dhL2Fu/lICXZ1OyIAFc7Qy+bvDAtTXqGrlhg==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-block-scoping@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.24.7.tgz#42063e4deb850c7bd7c55e626bf4e7ab48e6ce02"
@@ -676,6 +982,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-block-scoping@^7.27.1":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.27.3.tgz#a21f37e222dc0a7b91c3784fa3bd4edf8d7a6dc1"
+  integrity sha512-+F8CnfhuLhwUACIJMLWnjz6zvzYM2r0yeIHKlbgfw7ml8rOMJsXNXV/hyRcb3nb493gRs4WvYpQAndWj/qQmkQ==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-class-properties@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.24.7.tgz#256879467b57b0b68c7ddfc5b76584f398cd6834"
@@ -684,6 +997,14 @@
     "@babel/helper-create-class-features-plugin" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-class-properties@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.27.1.tgz#dd40a6a370dfd49d32362ae206ddaf2bb082a925"
+  integrity sha512-D0VcalChDMtuRvJIu3U/fwWjf8ZMykz5iZsg77Nuj821vCKI3zCyRLwRdWbsuJ/uRwZhZ002QtCqIkwC/ZkvbA==
+  dependencies:
+    "@babel/helper-create-class-features-plugin" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-class-static-block@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.24.7.tgz#c82027ebb7010bc33c116d4b5044fbbf8c05484d"
@@ -693,6 +1014,14 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-class-static-block" "^7.14.5"
 
+"@babel/plugin-transform-class-static-block@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.27.1.tgz#7e920d5625b25bbccd3061aefbcc05805ed56ce4"
+  integrity sha512-s734HmYU78MVzZ++joYM+NkJusItbdRcbm+AGRgJCt3iA+yux0QpD9cBVdz3tKyrjVYWRl7j0mHSmv4lhV0aoA==
+  dependencies:
+    "@babel/helper-create-class-features-plugin" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-classes@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.24.7.tgz#4ae6ef43a12492134138c1e45913f7c46c41b4bf"
@@ -707,6 +1036,18 @@
     "@babel/helper-split-export-declaration" "^7.24.7"
     globals "^11.1.0"
 
+"@babel/plugin-transform-classes@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.27.1.tgz#03bb04bea2c7b2f711f0db7304a8da46a85cced4"
+  integrity sha512-7iLhfFAubmpeJe/Wo2TVuDrykh/zlWXLzPNdL0Jqn/Xu8R3QQ8h9ff8FQoISZOsw74/HFqFI7NX63HN7QFIHKA==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.27.1"
+    "@babel/helper-compilation-targets" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-replace-supers" "^7.27.1"
+    "@babel/traverse" "^7.27.1"
+    globals "^11.1.0"
+
 "@babel/plugin-transform-computed-properties@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.24.7.tgz#4cab3214e80bc71fae3853238d13d097b004c707"
@@ -715,6 +1056,14 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/template" "^7.24.7"
 
+"@babel/plugin-transform-computed-properties@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.27.1.tgz#81662e78bf5e734a97982c2b7f0a793288ef3caa"
+  integrity sha512-lj9PGWvMTVksbWiDT2tW68zGS/cyo4AkZ/QTp0sQT0mjPopCmrSkzxeXkznjqBxzDI6TclZhOJbBmbBLjuOZUw==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/template" "^7.27.1"
+
 "@babel/plugin-transform-destructuring@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.24.7.tgz#a097f25292defb6e6cc16d6333a4cfc1e3c72d9e"
@@ -722,6 +1071,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-destructuring@^7.27.1", "@babel/plugin-transform-destructuring@^7.27.3":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.27.3.tgz#3cc8299ed798d9a909f8d66ddeb40849ec32e3b0"
+  integrity sha512-s4Jrok82JpiaIprtY2nHsYmrThKvvwgHwjgd7UMiYhZaN0asdXNLr0y+NjTfkA7SyQE5i2Fb7eawUOZmLvyqOA==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-dotall-regex@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.24.7.tgz#5f8bf8a680f2116a7207e16288a5f974ad47a7a0"
@@ -730,6 +1086,14 @@
     "@babel/helper-create-regexp-features-plugin" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-dotall-regex@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.27.1.tgz#aa6821de864c528b1fecf286f0a174e38e826f4d"
+  integrity sha512-gEbkDVGRvjj7+T1ivxrfgygpT7GUd4vmODtYpbs0gZATdkX8/iSnOtZSxiZnsgm1YjTgjI6VKBGSJJevkrclzw==
+  dependencies:
+    "@babel/helper-create-regexp-features-plugin" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-duplicate-keys@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.24.7.tgz#dd20102897c9a2324e5adfffb67ff3610359a8ee"
@@ -737,6 +1101,21 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-duplicate-keys@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.27.1.tgz#f1fbf628ece18e12e7b32b175940e68358f546d1"
+  integrity sha512-MTyJk98sHvSs+cvZ4nOauwTTG1JeonDjSGvGGUNHreGQns+Mpt6WX/dVzWBHgg+dYZhkC4X+zTDfkTU+Vy9y7Q==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
+"@babel/plugin-transform-duplicate-named-capturing-groups-regex@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-named-capturing-groups-regex/-/plugin-transform-duplicate-named-capturing-groups-regex-7.27.1.tgz#5043854ca620a94149372e69030ff8cb6a9eb0ec"
+  integrity sha512-hkGcueTEzuhB30B3eJCbCYeCaaEQOmQR0AdvzpD4LoN0GXMWzzGSuRrxR2xTnCrvNbVwK9N6/jQ92GSLfiZWoQ==
+  dependencies:
+    "@babel/helper-create-regexp-features-plugin" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-dynamic-import@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.24.7.tgz#4d8b95e3bae2b037673091aa09cd33fecd6419f4"
@@ -745,6 +1124,13 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-dynamic-import" "^7.8.3"
 
+"@babel/plugin-transform-dynamic-import@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.27.1.tgz#4c78f35552ac0e06aa1f6e3c573d67695e8af5a4"
+  integrity sha512-MHzkWQcEmjzzVW9j2q8LGjwGWpG2mjwaaB0BNQwst3FIjqsg8Ct/mIZlvSPJvfi9y2AC8mi/ktxbFVL9pZ1I4A==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-exponentiation-operator@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.24.7.tgz#b629ee22645f412024297d5245bce425c31f9b0d"
@@ -753,6 +1139,13 @@
     "@babel/helper-builder-binary-assignment-operator-visitor" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-exponentiation-operator@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.27.1.tgz#fc497b12d8277e559747f5a3ed868dd8064f83e1"
+  integrity sha512-uspvXnhHvGKf2r4VVtBpeFnuDWsJLQ6MF6lGJLC89jBR1uoVeqM416AZtTuhTezOfgHicpJQmoD5YUakO/YmXQ==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-export-namespace-from@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.24.7.tgz#176d52d8d8ed516aeae7013ee9556d540c53f197"
@@ -761,6 +1154,13 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-export-namespace-from" "^7.8.3"
 
+"@babel/plugin-transform-export-namespace-from@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.27.1.tgz#71ca69d3471edd6daa711cf4dfc3400415df9c23"
+  integrity sha512-tQvHWSZ3/jH2xuq/vZDy0jNn+ZdXJeM8gHvX4lnJmsc3+50yPlWdZXIc5ay+umX+2/tJIqHqiEqcJvxlmIvRvQ==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-for-of@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.24.7.tgz#f25b33f72df1d8be76399e1b8f3f9d366eb5bc70"
@@ -769,6 +1169,14 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7"
 
+"@babel/plugin-transform-for-of@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.27.1.tgz#bc24f7080e9ff721b63a70ac7b2564ca15b6c40a"
+  integrity sha512-BfbWFFEJFQzLCQ5N8VocnCtA8J1CLkNTe2Ms2wocj75dd6VpiqS5Z5quTYcUoo4Yq+DN0rtikODccuv7RU81sw==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-skip-transparent-expression-wrappers" "^7.27.1"
+
 "@babel/plugin-transform-function-name@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.24.7.tgz#6d8601fbffe665c894440ab4470bc721dd9131d6"
@@ -778,6 +1186,15 @@
     "@babel/helper-function-name" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-function-name@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.27.1.tgz#4d0bf307720e4dce6d7c30fcb1fd6ca77bdeb3a7"
+  integrity sha512-1bQeydJF9Nr1eBCMMbC+hdwmRlsv5XYOMu03YSWFwNs0HsAmtSxxF1fyuYPqemVldVyFmlCU7w8UE14LupUSZQ==
+  dependencies:
+    "@babel/helper-compilation-targets" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/traverse" "^7.27.1"
+
 "@babel/plugin-transform-json-strings@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.24.7.tgz#f3e9c37c0a373fee86e36880d45b3664cedaf73a"
@@ -786,6 +1203,13 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-json-strings" "^7.8.3"
 
+"@babel/plugin-transform-json-strings@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.27.1.tgz#a2e0ce6ef256376bd527f290da023983527a4f4c"
+  integrity sha512-6WVLVJiTjqcQauBhn1LkICsR2H+zm62I3h9faTDKt1qP4jn2o72tSvqMwtGFKGTpojce0gJs+76eZ2uCHRZh0Q==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-literals@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-literals/-/plugin-transform-literals-7.24.7.tgz#36b505c1e655151a9d7607799a9988fc5467d06c"
@@ -793,6 +1217,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-literals@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-literals/-/plugin-transform-literals-7.27.1.tgz#baaefa4d10a1d4206f9dcdda50d7d5827bb70b24"
+  integrity sha512-0HCFSepIpLTkLcsi86GG3mTUzxV5jpmbv97hTETW3yzrAij8aqlD36toB1D0daVFJM8NK6GvKO0gslVQmm+zZA==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-logical-assignment-operators@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.24.7.tgz#a58fb6eda16c9dc8f9ff1c7b1ba6deb7f4694cb0"
@@ -801,6 +1232,13 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-logical-assignment-operators" "^7.10.4"
 
+"@babel/plugin-transform-logical-assignment-operators@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.27.1.tgz#890cb20e0270e0e5bebe3f025b434841c32d5baa"
+  integrity sha512-SJvDs5dXxiae4FbSL1aBJlG4wvl594N6YEVVn9e3JGulwioy6z3oPjx/sQBO3Y4NwUu5HNix6KJ3wBZoewcdbw==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-member-expression-literals@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.24.7.tgz#3b4454fb0e302e18ba4945ba3246acb1248315df"
@@ -808,6 +1246,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-member-expression-literals@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.27.1.tgz#37b88ba594d852418e99536f5612f795f23aeaf9"
+  integrity sha512-hqoBX4dcZ1I33jCSWcXrP+1Ku7kdqXf1oeah7ooKOIiAdKQ+uqftgCFNOSzA5AMS2XIHEYeGFg4cKRCdpxzVOQ==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-modules-amd@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.24.7.tgz#65090ed493c4a834976a3ca1cde776e6ccff32d7"
@@ -816,6 +1261,14 @@
     "@babel/helper-module-transforms" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-modules-amd@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.27.1.tgz#a4145f9d87c2291fe2d05f994b65dba4e3e7196f"
+  integrity sha512-iCsytMg/N9/oFq6n+gFTvUYDZQOMK5kEdeYxmxt91fcJGycfxVP9CnrxoliM0oumFERba2i8ZtwRUCMhvP1LnA==
+  dependencies:
+    "@babel/helper-module-transforms" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-modules-commonjs@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.24.7.tgz#9fd5f7fdadee9085886b183f1ad13d1ab260f4ab"
@@ -825,6 +1278,14 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/helper-simple-access" "^7.24.7"
 
+"@babel/plugin-transform-modules-commonjs@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.27.1.tgz#8e44ed37c2787ecc23bdc367f49977476614e832"
+  integrity sha512-OJguuwlTYlN0gBZFRPqwOGNWssZjfIUdS7HMYtN8c1KmwpwHFBwTeFZrg9XZa+DFTitWOW5iTAG7tyCUPsCCyw==
+  dependencies:
+    "@babel/helper-module-transforms" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-modules-systemjs@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.24.7.tgz#f8012316c5098f6e8dee6ecd58e2bc6f003d0ce7"
@@ -835,6 +1296,16 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/helper-validator-identifier" "^7.24.7"
 
+"@babel/plugin-transform-modules-systemjs@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.27.1.tgz#00e05b61863070d0f3292a00126c16c0e024c4ed"
+  integrity sha512-w5N1XzsRbc0PQStASMksmUeqECuzKuTJer7kFagK8AXgpCMkeDMO5S+aaFb7A51ZYDF7XI34qsTX+fkHiIm5yA==
+  dependencies:
+    "@babel/helper-module-transforms" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-validator-identifier" "^7.27.1"
+    "@babel/traverse" "^7.27.1"
+
 "@babel/plugin-transform-modules-umd@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.24.7.tgz#edd9f43ec549099620df7df24e7ba13b5c76efc8"
@@ -843,6 +1314,14 @@
     "@babel/helper-module-transforms" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-modules-umd@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.27.1.tgz#63f2cf4f6dc15debc12f694e44714863d34cd334"
+  integrity sha512-iQBE/xC5BV1OxJbp6WG7jq9IWiD+xxlZhLrdwpPkTX3ydmXdvoCpyfJN7acaIBZaOqTfr76pgzqBJflNbeRK+w==
+  dependencies:
+    "@babel/helper-module-transforms" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-named-capturing-groups-regex@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.24.7.tgz#9042e9b856bc6b3688c0c2e4060e9e10b1460923"
@@ -851,6 +1330,14 @@
     "@babel/helper-create-regexp-features-plugin" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-named-capturing-groups-regex@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.27.1.tgz#f32b8f7818d8fc0cc46ee20a8ef75f071af976e1"
+  integrity sha512-SstR5JYy8ddZvD6MhV0tM/j16Qds4mIpJTOd1Yu9J9pJjH93bxHECF7pgtc28XvkzTD6Pxcm/0Z73Hvk7kb3Ng==
+  dependencies:
+    "@babel/helper-create-regexp-features-plugin" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-new-target@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.24.7.tgz#31ff54c4e0555cc549d5816e4ab39241dfb6ab00"
@@ -858,6 +1345,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-new-target@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.27.1.tgz#259c43939728cad1706ac17351b7e6a7bea1abeb"
+  integrity sha512-f6PiYeqXQ05lYq3TIfIDu/MtliKUbNwkGApPUvyo6+tc7uaR4cPjPe7DFPr15Uyycg2lZU6btZ575CuQoYh7MQ==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-nullish-coalescing-operator@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.24.7.tgz#1de4534c590af9596f53d67f52a92f12db984120"
@@ -866,6 +1360,13 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-nullish-coalescing-operator" "^7.8.3"
 
+"@babel/plugin-transform-nullish-coalescing-operator@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.27.1.tgz#4f9d3153bf6782d73dd42785a9d22d03197bc91d"
+  integrity sha512-aGZh6xMo6q9vq1JGcw58lZ1Z0+i0xB2x0XaauNIUXd6O1xXc3RwoWEBlsTQrY4KQ9Jf0s5rgD6SiNkaUdJegTA==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-numeric-separator@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.24.7.tgz#bea62b538c80605d8a0fac9b40f48e97efa7de63"
@@ -874,6 +1375,13 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-numeric-separator" "^7.10.4"
 
+"@babel/plugin-transform-numeric-separator@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.27.1.tgz#614e0b15cc800e5997dadd9bd6ea524ed6c819c6"
+  integrity sha512-fdPKAcujuvEChxDBJ5c+0BTaS6revLV7CJL08e4m3de8qJfNIuCc2nc7XJYOjBoTMJeqSmwXJ0ypE14RCjLwaw==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-object-rest-spread@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.24.7.tgz#d13a2b93435aeb8a197e115221cab266ba6e55d6"
@@ -884,6 +1392,16 @@
     "@babel/plugin-syntax-object-rest-spread" "^7.8.3"
     "@babel/plugin-transform-parameters" "^7.24.7"
 
+"@babel/plugin-transform-object-rest-spread@^7.27.2":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.27.3.tgz#ce130aa73fef828bc3e3e835f9bc6144be3eb1c0"
+  integrity sha512-7ZZtznF9g4l2JCImCo5LNKFHB5eXnN39lLtLY5Tg+VkR0jwOt7TBciMckuiQIOIW7L5tkQOCh3bVGYeXgMx52Q==
+  dependencies:
+    "@babel/helper-compilation-targets" "^7.27.2"
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/plugin-transform-destructuring" "^7.27.3"
+    "@babel/plugin-transform-parameters" "^7.27.1"
+
 "@babel/plugin-transform-object-super@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.24.7.tgz#66eeaff7830bba945dd8989b632a40c04ed625be"
@@ -892,6 +1410,14 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/helper-replace-supers" "^7.24.7"
 
+"@babel/plugin-transform-object-super@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.27.1.tgz#1c932cd27bf3874c43a5cac4f43ebf970c9871b5"
+  integrity sha512-SFy8S9plRPbIcxlJ8A6mT/CxFdJx/c04JEctz4jf8YZaVS2px34j7NXRrlGlHkN/M2gnpL37ZpGRGVFLd3l8Ng==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-replace-supers" "^7.27.1"
+
 "@babel/plugin-transform-optional-catch-binding@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.24.7.tgz#00eabd883d0dd6a60c1c557548785919b6e717b4"
@@ -900,6 +1426,13 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-optional-catch-binding" "^7.8.3"
 
+"@babel/plugin-transform-optional-catch-binding@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.27.1.tgz#84c7341ebde35ccd36b137e9e45866825072a30c"
+  integrity sha512-txEAEKzYrHEX4xSZN4kJ+OfKXFVSWKB2ZxM9dpcE3wT7smwkNmXo5ORRlVzMVdJbD+Q8ILTgSD7959uj+3Dm3Q==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-optional-chaining@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.24.7.tgz#b8f6848a80cf2da98a8a204429bec04756c6d454"
@@ -909,6 +1442,14 @@
     "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7"
     "@babel/plugin-syntax-optional-chaining" "^7.8.3"
 
+"@babel/plugin-transform-optional-chaining@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.27.1.tgz#874ce3c4f06b7780592e946026eb76a32830454f"
+  integrity sha512-BQmKPPIuc8EkZgNKsv0X4bPmOoayeu4F1YCwx2/CfmDSXDbp7GnzlUH+/ul5VGfRg1AoFPsrIThlEBj2xb4CAg==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-skip-transparent-expression-wrappers" "^7.27.1"
+
 "@babel/plugin-transform-parameters@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.24.7.tgz#5881f0ae21018400e320fc7eb817e529d1254b68"
@@ -916,6 +1457,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-parameters@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.27.1.tgz#80334b54b9b1ac5244155a0c8304a187a618d5a7"
+  integrity sha512-018KRk76HWKeZ5l4oTj2zPpSh+NbGdt0st5S6x0pga6HgrjBOJb24mMDHorFopOOd6YHkLgOZ+zaCjZGPO4aKg==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-private-methods@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.24.7.tgz#e6318746b2ae70a59d023d5cc1344a2ba7a75f5e"
@@ -924,6 +1472,14 @@
     "@babel/helper-create-class-features-plugin" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-private-methods@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.27.1.tgz#fdacbab1c5ed81ec70dfdbb8b213d65da148b6af"
+  integrity sha512-10FVt+X55AjRAYI9BrdISN9/AQWHqldOeZDUoLyif1Kn05a56xVBXb8ZouL8pZ9jem8QpXaOt8TS7RHUIS+GPA==
+  dependencies:
+    "@babel/helper-create-class-features-plugin" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-private-property-in-object@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.24.7.tgz#4eec6bc701288c1fab5f72e6a4bbc9d67faca061"
@@ -934,6 +1490,15 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-private-property-in-object" "^7.14.5"
 
+"@babel/plugin-transform-private-property-in-object@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.27.1.tgz#4dbbef283b5b2f01a21e81e299f76e35f900fb11"
+  integrity sha512-5J+IhqTi1XPa0DXF83jYOaARrX+41gOewWbkPyjMNRDqgOCqdffGh8L3f/Ek5utaEBZExjSAzcyjmV9SSAWObQ==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.27.1"
+    "@babel/helper-create-class-features-plugin" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-property-literals@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.24.7.tgz#f0d2ed8380dfbed949c42d4d790266525d63bbdc"
@@ -941,6 +1506,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-property-literals@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.27.1.tgz#07eafd618800591e88073a0af1b940d9a42c6424"
+  integrity sha512-oThy3BCuCha8kDZ8ZkgOg2exvPYUlprMukKQXI1r1pJ47NCvxfkEy8vK+r/hT9nF0Aa4H1WUPZZjHTFtAhGfmQ==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-react-constant-elements@^7.21.3":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-constant-elements/-/plugin-transform-react-constant-elements-7.24.7.tgz#b85e8f240b14400277f106c9c9b585d9acf608a1"
@@ -955,6 +1527,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-react-display-name@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.27.1.tgz#43af31362d71f7848cfac0cbc212882b1a16e80f"
+  integrity sha512-p9+Vl3yuHPmkirRrg021XiP+EETmPMQTLr6Ayjj85RLNEbb3Eya/4VI0vAdzQG9SEAl2Lnt7fy5lZyMzjYoZQQ==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-react-jsx-development@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.24.7.tgz#eaee12f15a93f6496d852509a850085e6361470b"
@@ -962,6 +1541,13 @@
   dependencies:
     "@babel/plugin-transform-react-jsx" "^7.24.7"
 
+"@babel/plugin-transform-react-jsx-development@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.27.1.tgz#47ff95940e20a3a70e68ad3d4fcb657b647f6c98"
+  integrity sha512-ykDdF5yI4f1WrAolLqeF3hmYU12j9ntLQl/AOG1HAS21jxyg1Q0/J/tpREuYLfatGdGmXp/3yS0ZA76kOlVq9Q==
+  dependencies:
+    "@babel/plugin-transform-react-jsx" "^7.27.1"
+
 "@babel/plugin-transform-react-jsx@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.24.7.tgz#17cd06b75a9f0e2bd076503400e7c4b99beedac4"
@@ -973,6 +1559,17 @@
     "@babel/plugin-syntax-jsx" "^7.24.7"
     "@babel/types" "^7.24.7"
 
+"@babel/plugin-transform-react-jsx@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.27.1.tgz#1023bc94b78b0a2d68c82b5e96aed573bcfb9db0"
+  integrity sha512-2KH4LWGSrJIkVf5tSiBFYuXDAoWRq2MMwgivCf+93dd0GQi8RXLjKA/0EvRnVV5G0hrHczsquXuD01L8s6dmBw==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.27.1"
+    "@babel/helper-module-imports" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/plugin-syntax-jsx" "^7.27.1"
+    "@babel/types" "^7.27.1"
+
 "@babel/plugin-transform-react-pure-annotations@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.24.7.tgz#bdd9d140d1c318b4f28b29a00fb94f97ecab1595"
@@ -981,6 +1578,14 @@
     "@babel/helper-annotate-as-pure" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-react-pure-annotations@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.27.1.tgz#339f1ce355eae242e0649f232b1c68907c02e879"
+  integrity sha512-JfuinvDOsD9FVMTHpzA/pBLisxpv1aSf+OIV8lgH3MuWrks19R27e6a6DipIg4aX1Zm9Wpb04p8wljfKrVSnPA==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-regenerator@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.24.7.tgz#021562de4534d8b4b1851759fd7af4e05d2c47f8"
@@ -989,6 +1594,21 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     regenerator-transform "^0.15.2"
 
+"@babel/plugin-transform-regenerator@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.27.1.tgz#0a471df9213416e44cd66bf67176b66f65768401"
+  integrity sha512-B19lbbL7PMrKr52BNPjCqg1IyNUIjTcxKj8uX9zHO+PmWN93s19NDr/f69mIkEp2x9nmDJ08a7lgHaTTzvW7mw==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
+"@babel/plugin-transform-regexp-modifiers@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regexp-modifiers/-/plugin-transform-regexp-modifiers-7.27.1.tgz#df9ba5577c974e3f1449888b70b76169998a6d09"
+  integrity sha512-TtEciroaiODtXvLZv4rmfMhkCv8jx3wgKpL68PuiPh2M4fvz5jhsA7697N1gMvkvr/JTF13DrFYyEbY9U7cVPA==
+  dependencies:
+    "@babel/helper-create-regexp-features-plugin" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-reserved-words@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.24.7.tgz#80037fe4fbf031fc1125022178ff3938bb3743a4"
@@ -996,15 +1616,22 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/plugin-transform-runtime@^7.22.9":
-  version "7.24.7"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.24.7.tgz#00a5bfaf8c43cf5c8703a8a6e82b59d9c58f38ca"
-  integrity sha512-YqXjrk4C+a1kZjewqt+Mmu2UuV1s07y8kqcUf4qYLnoqemhR4gRQikhdAhSVJioMjVTu6Mo6pAbaypEA3jY6fw==
+"@babel/plugin-transform-reserved-words@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.27.1.tgz#40fba4878ccbd1c56605a4479a3a891ac0274bb4"
+  integrity sha512-V2ABPHIJX4kC7HegLkYoDpfg9PVmuWy/i6vUM5eGK22bx4YVFD3M5F0QQnWQoDs6AGsUWTVOopBiMFQgHaSkVw==
   dependencies:
-    "@babel/helper-module-imports" "^7.24.7"
-    "@babel/helper-plugin-utils" "^7.24.7"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
+"@babel/plugin-transform-runtime@^7.25.9":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.27.3.tgz#ad35f1eff5ba18a5e23f7270e939fb5a59d3ec0b"
+  integrity sha512-bA9ZL5PW90YwNgGfjg6U+7Qh/k3zCEQJ06BFgAGRp/yMjw9hP9UGbGPtx3KSOkHGljEPCCxaE+PH4fUR2h1sDw==
+  dependencies:
+    "@babel/helper-module-imports" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
     babel-plugin-polyfill-corejs2 "^0.4.10"
-    babel-plugin-polyfill-corejs3 "^0.10.1"
+    babel-plugin-polyfill-corejs3 "^0.11.0"
     babel-plugin-polyfill-regenerator "^0.6.1"
     semver "^6.3.1"
 
@@ -1015,6 +1642,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-shorthand-properties@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.27.1.tgz#532abdacdec87bfee1e0ef8e2fcdee543fe32b90"
+  integrity sha512-N/wH1vcn4oYawbJ13Y/FxcQrWk63jhfNa7jef0ih7PHSIHX2LB7GWE1rkPrOnka9kwMxb6hMl19p7lidA+EHmQ==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-spread@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-spread/-/plugin-transform-spread-7.24.7.tgz#e8a38c0fde7882e0fb8f160378f74bd885cc7bb3"
@@ -1023,6 +1657,14 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7"
 
+"@babel/plugin-transform-spread@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-spread/-/plugin-transform-spread-7.27.1.tgz#1a264d5fc12750918f50e3fe3e24e437178abb08"
+  integrity sha512-kpb3HUqaILBJcRFVhFUs6Trdd4mkrzcGXss+6/mxUd273PfbWqSDHRzMT2234gIg2QYfAjvXLSquP1xECSg09Q==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-skip-transparent-expression-wrappers" "^7.27.1"
+
 "@babel/plugin-transform-sticky-regex@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.24.7.tgz#96ae80d7a7e5251f657b5cf18f1ea6bf926f5feb"
@@ -1030,6 +1672,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-sticky-regex@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.27.1.tgz#18984935d9d2296843a491d78a014939f7dcd280"
+  integrity sha512-lhInBO5bi/Kowe2/aLdBAawijx+q1pQzicSgnkB6dUPc1+RC8QmJHKf2OjvU+NZWitguJHEaEmbV6VWEouT58g==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-template-literals@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.24.7.tgz#a05debb4a9072ae8f985bcf77f3f215434c8f8c8"
@@ -1037,6 +1686,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-template-literals@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.27.1.tgz#1a0eb35d8bb3e6efc06c9fd40eb0bcef548328b8"
+  integrity sha512-fBJKiV7F2DxZUkg5EtHKXQdbsbURW3DZKQUWphDum0uRP6eHGGa/He9mc0mypL680pb+e/lDIthRohlv8NCHkg==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-typeof-symbol@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.24.7.tgz#f074be466580d47d6e6b27473a840c9f9ca08fb0"
@@ -1044,6 +1700,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-typeof-symbol@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.27.1.tgz#70e966bb492e03509cf37eafa6dcc3051f844369"
+  integrity sha512-RiSILC+nRJM7FY5srIyc4/fGIwUhyDuuBSdWn4y6yT6gm652DpCHZjIipgn6B7MQ1ITOUnAKWixEUjQRIBIcLw==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-typescript@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.24.7.tgz#b006b3e0094bf0813d505e0c5485679eeaf4a881"
@@ -1054,6 +1717,17 @@
     "@babel/helper-plugin-utils" "^7.24.7"
     "@babel/plugin-syntax-typescript" "^7.24.7"
 
+"@babel/plugin-transform-typescript@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.27.1.tgz#d3bb65598bece03f773111e88cc4e8e5070f1140"
+  integrity sha512-Q5sT5+O4QUebHdbwKedFBEwRLb02zJ7r4A5Gg2hUoLuU3FjdMcyqcywqUrLCaDsFCxzokf7u9kuy7qz51YUuAg==
+  dependencies:
+    "@babel/helper-annotate-as-pure" "^7.27.1"
+    "@babel/helper-create-class-features-plugin" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-skip-transparent-expression-wrappers" "^7.27.1"
+    "@babel/plugin-syntax-typescript" "^7.27.1"
+
 "@babel/plugin-transform-unicode-escapes@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.24.7.tgz#2023a82ced1fb4971630a2e079764502c4148e0e"
@@ -1061,6 +1735,13 @@
   dependencies:
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-unicode-escapes@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.27.1.tgz#3e3143f8438aef842de28816ece58780190cf806"
+  integrity sha512-Ysg4v6AmF26k9vpfFuTZg8HRfVWzsh1kVfowA23y9j/Gu6dOuahdUVhkLqpObp3JIv27MLSii6noRnuKN8H0Mg==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-unicode-property-regex@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.24.7.tgz#9073a4cd13b86ea71c3264659590ac086605bbcd"
@@ -1069,6 +1750,14 @@
     "@babel/helper-create-regexp-features-plugin" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-unicode-property-regex@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.27.1.tgz#bdfe2d3170c78c5691a3c3be934c8c0087525956"
+  integrity sha512-uW20S39PnaTImxp39O5qFlHLS9LJEmANjMG7SxIhap8rCHqu0Ik+tLEPX5DKmHn6CsWQ7j3lix2tFOa5YtL12Q==
+  dependencies:
+    "@babel/helper-create-regexp-features-plugin" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-unicode-regex@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.24.7.tgz#dfc3d4a51127108099b19817c0963be6a2adf19f"
@@ -1077,6 +1766,14 @@
     "@babel/helper-create-regexp-features-plugin" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
+"@babel/plugin-transform-unicode-regex@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.27.1.tgz#25948f5c395db15f609028e370667ed8bae9af97"
+  integrity sha512-xvINq24TRojDuyt6JGtHmkVkrfVV3FPT16uytxImLeBZqW3/H52yN+kM1MGuyPkIQxrzKwPHs5U/MP3qKyzkGw==
+  dependencies:
+    "@babel/helper-create-regexp-features-plugin" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
 "@babel/plugin-transform-unicode-sets-regex@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.24.7.tgz#d40705d67523803a576e29c63cef6e516b858ed9"
@@ -1085,7 +1782,15 @@
     "@babel/helper-create-regexp-features-plugin" "^7.24.7"
     "@babel/helper-plugin-utils" "^7.24.7"
 
-"@babel/preset-env@^7.20.2", "@babel/preset-env@^7.22.9":
+"@babel/plugin-transform-unicode-sets-regex@^7.27.1":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.27.1.tgz#6ab706d10f801b5c72da8bb2548561fa04193cd1"
+  integrity sha512-EtkOujbc4cgvb0mlpQefi4NTPBzhSIevblFevACNLUspmrALgmEBdL/XfnyyITfd8fKBZrZys92zOWcik7j9Tw==
+  dependencies:
+    "@babel/helper-create-regexp-features-plugin" "^7.27.1"
+    "@babel/helper-plugin-utils" "^7.27.1"
+
+"@babel/preset-env@^7.20.2":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.24.7.tgz#ff067b4e30ba4a72f225f12f123173e77b987f37"
   integrity sha512-1YZNsc+y6cTvWlDHidMBsQZrZfEFjRIo/BZCT906PMdzOyXtSLTgqGdrpcuTDCXyd11Am5uQULtDIcCfnTc8fQ==
@@ -1172,6 +1877,81 @@
     core-js-compat "^3.31.0"
     semver "^6.3.1"
 
+"@babel/preset-env@^7.25.9":
+  version "7.27.2"
+  resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.27.2.tgz#106e6bfad92b591b1f6f76fd4cf13b7725a7bf9a"
+  integrity sha512-Ma4zSuYSlGNRlCLO+EAzLnCmJK2vdstgv+n7aUP+/IKZrOfWHOJVdSJtuub8RzHTj3ahD37k5OKJWvzf16TQyQ==
+  dependencies:
+    "@babel/compat-data" "^7.27.2"
+    "@babel/helper-compilation-targets" "^7.27.2"
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-validator-option" "^7.27.1"
+    "@babel/plugin-bugfix-firefox-class-in-computed-class-key" "^7.27.1"
+    "@babel/plugin-bugfix-safari-class-field-initializer-scope" "^7.27.1"
+    "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression" "^7.27.1"
+    "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining" "^7.27.1"
+    "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly" "^7.27.1"
+    "@babel/plugin-proposal-private-property-in-object" "7.21.0-placeholder-for-preset-env.2"
+    "@babel/plugin-syntax-import-assertions" "^7.27.1"
+    "@babel/plugin-syntax-import-attributes" "^7.27.1"
+    "@babel/plugin-syntax-unicode-sets-regex" "^7.18.6"
+    "@babel/plugin-transform-arrow-functions" "^7.27.1"
+    "@babel/plugin-transform-async-generator-functions" "^7.27.1"
+    "@babel/plugin-transform-async-to-generator" "^7.27.1"
+    "@babel/plugin-transform-block-scoped-functions" "^7.27.1"
+    "@babel/plugin-transform-block-scoping" "^7.27.1"
+    "@babel/plugin-transform-class-properties" "^7.27.1"
+    "@babel/plugin-transform-class-static-block" "^7.27.1"
+    "@babel/plugin-transform-classes" "^7.27.1"
+    "@babel/plugin-transform-computed-properties" "^7.27.1"
+    "@babel/plugin-transform-destructuring" "^7.27.1"
+    "@babel/plugin-transform-dotall-regex" "^7.27.1"
+    "@babel/plugin-transform-duplicate-keys" "^7.27.1"
+    "@babel/plugin-transform-duplicate-named-capturing-groups-regex" "^7.27.1"
+    "@babel/plugin-transform-dynamic-import" "^7.27.1"
+    "@babel/plugin-transform-exponentiation-operator" "^7.27.1"
+    "@babel/plugin-transform-export-namespace-from" "^7.27.1"
+    "@babel/plugin-transform-for-of" "^7.27.1"
+    "@babel/plugin-transform-function-name" "^7.27.1"
+    "@babel/plugin-transform-json-strings" "^7.27.1"
+    "@babel/plugin-transform-literals" "^7.27.1"
+    "@babel/plugin-transform-logical-assignment-operators" "^7.27.1"
+    "@babel/plugin-transform-member-expression-literals" "^7.27.1"
+    "@babel/plugin-transform-modules-amd" "^7.27.1"
+    "@babel/plugin-transform-modules-commonjs" "^7.27.1"
+    "@babel/plugin-transform-modules-systemjs" "^7.27.1"
+    "@babel/plugin-transform-modules-umd" "^7.27.1"
+    "@babel/plugin-transform-named-capturing-groups-regex" "^7.27.1"
+    "@babel/plugin-transform-new-target" "^7.27.1"
+    "@babel/plugin-transform-nullish-coalescing-operator" "^7.27.1"
+    "@babel/plugin-transform-numeric-separator" "^7.27.1"
+    "@babel/plugin-transform-object-rest-spread" "^7.27.2"
+    "@babel/plugin-transform-object-super" "^7.27.1"
+    "@babel/plugin-transform-optional-catch-binding" "^7.27.1"
+    "@babel/plugin-transform-optional-chaining" "^7.27.1"
+    "@babel/plugin-transform-parameters" "^7.27.1"
+    "@babel/plugin-transform-private-methods" "^7.27.1"
+    "@babel/plugin-transform-private-property-in-object" "^7.27.1"
+    "@babel/plugin-transform-property-literals" "^7.27.1"
+    "@babel/plugin-transform-regenerator" "^7.27.1"
+    "@babel/plugin-transform-regexp-modifiers" "^7.27.1"
+    "@babel/plugin-transform-reserved-words" "^7.27.1"
+    "@babel/plugin-transform-shorthand-properties" "^7.27.1"
+    "@babel/plugin-transform-spread" "^7.27.1"
+    "@babel/plugin-transform-sticky-regex" "^7.27.1"
+    "@babel/plugin-transform-template-literals" "^7.27.1"
+    "@babel/plugin-transform-typeof-symbol" "^7.27.1"
+    "@babel/plugin-transform-unicode-escapes" "^7.27.1"
+    "@babel/plugin-transform-unicode-property-regex" "^7.27.1"
+    "@babel/plugin-transform-unicode-regex" "^7.27.1"
+    "@babel/plugin-transform-unicode-sets-regex" "^7.27.1"
+    "@babel/preset-modules" "0.1.6-no-external-plugins"
+    babel-plugin-polyfill-corejs2 "^0.4.10"
+    babel-plugin-polyfill-corejs3 "^0.11.0"
+    babel-plugin-polyfill-regenerator "^0.6.1"
+    core-js-compat "^3.40.0"
+    semver "^6.3.1"
+
 "@babel/preset-modules@0.1.6-no-external-plugins":
   version "0.1.6-no-external-plugins"
   resolved "https://registry.yarnpkg.com/@babel/preset-modules/-/preset-modules-0.1.6-no-external-plugins.tgz#ccb88a2c49c817236861fee7826080573b8a923a"
@@ -1181,7 +1961,7 @@
     "@babel/types" "^7.4.4"
     esutils "^2.0.2"
 
-"@babel/preset-react@^7.18.6", "@babel/preset-react@^7.22.5":
+"@babel/preset-react@^7.18.6":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/preset-react/-/preset-react-7.24.7.tgz#480aeb389b2a798880bf1f889199e3641cbb22dc"
   integrity sha512-AAH4lEkpmzFWrGVlHaxJB7RLH21uPQ9+He+eFLWHmF9IuFQVugz8eAsamaW0DXRrTfco5zj1wWtpdcXJUOfsag==
@@ -1193,7 +1973,19 @@
     "@babel/plugin-transform-react-jsx-development" "^7.24.7"
     "@babel/plugin-transform-react-pure-annotations" "^7.24.7"
 
-"@babel/preset-typescript@^7.21.0", "@babel/preset-typescript@^7.22.5":
+"@babel/preset-react@^7.25.9":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/preset-react/-/preset-react-7.27.1.tgz#86ea0a5ca3984663f744be2fd26cb6747c3fd0ec"
+  integrity sha512-oJHWh2gLhU9dW9HHr42q0cI0/iHHXTLGe39qvpAZZzagHy0MzYLCnCVV0symeRvzmjHyVU7mw2K06E6u/JwbhA==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-validator-option" "^7.27.1"
+    "@babel/plugin-transform-react-display-name" "^7.27.1"
+    "@babel/plugin-transform-react-jsx" "^7.27.1"
+    "@babel/plugin-transform-react-jsx-development" "^7.27.1"
+    "@babel/plugin-transform-react-pure-annotations" "^7.27.1"
+
+"@babel/preset-typescript@^7.21.0":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/preset-typescript/-/preset-typescript-7.24.7.tgz#66cd86ea8f8c014855671d5ea9a737139cbbfef1"
   integrity sha512-SyXRe3OdWwIwalxDg5UtJnJQO+YPcTfwiIY2B0Xlddh9o7jpWLvv8X1RthIeDOxQ+O1ML5BLPCONToObyVQVuQ==
@@ -1204,26 +1996,41 @@
     "@babel/plugin-transform-modules-commonjs" "^7.24.7"
     "@babel/plugin-transform-typescript" "^7.24.7"
 
+"@babel/preset-typescript@^7.25.9":
+  version "7.27.1"
+  resolved "https://registry.yarnpkg.com/@babel/preset-typescript/-/preset-typescript-7.27.1.tgz#190742a6428d282306648a55b0529b561484f912"
+  integrity sha512-l7WfQfX0WK4M0v2RudjuQK4u99BS6yLHYEmdtVPP7lKV013zr9DygFuWNlnbvQ9LR+LS0Egz/XAvGx5U9MX0fQ==
+  dependencies:
+    "@babel/helper-plugin-utils" "^7.27.1"
+    "@babel/helper-validator-option" "^7.27.1"
+    "@babel/plugin-syntax-jsx" "^7.27.1"
+    "@babel/plugin-transform-modules-commonjs" "^7.27.1"
+    "@babel/plugin-transform-typescript" "^7.27.1"
+
 "@babel/regjsgen@^0.8.0":
   version "0.8.0"
   resolved "https://registry.yarnpkg.com/@babel/regjsgen/-/regjsgen-0.8.0.tgz#f0ba69b075e1f05fb2825b7fad991e7adbb18310"
   integrity sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA==
 
-"@babel/runtime-corejs3@^7.22.6":
-  version "7.24.7"
-  resolved "https://registry.yarnpkg.com/@babel/runtime-corejs3/-/runtime-corejs3-7.24.7.tgz#65a99097e4c28e6c3a174825591700cc5abd710e"
-  integrity sha512-eytSX6JLBY6PVAeQa2bFlDx/7Mmln/gaEpsit5a3WEvjGfiIytEsgAwuIXCPM0xvw0v0cJn3ilq0/TvXrW0kgA==
+"@babel/runtime-corejs3@^7.25.9":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/runtime-corejs3/-/runtime-corejs3-7.27.3.tgz#b971a4a0a376171e266629152e74ef50e9931f79"
+  integrity sha512-ZYcgrwb+dkWNcDlsTe4fH1CMdqMDSJ5lWFd1by8Si2pI54XcQjte/+ViIPqAk7EAWisaUxvQ89grv+bNX2x8zg==
   dependencies:
     core-js-pure "^3.30.2"
-    regenerator-runtime "^0.14.0"
 
-"@babel/runtime@^7.1.2", "@babel/runtime@^7.10.3", "@babel/runtime@^7.12.13", "@babel/runtime@^7.12.5", "@babel/runtime@^7.15.4", "@babel/runtime@^7.22.6", "@babel/runtime@^7.8.4", "@babel/runtime@^7.9.2":
+"@babel/runtime@^7.1.2", "@babel/runtime@^7.10.3", "@babel/runtime@^7.12.13", "@babel/runtime@^7.12.5", "@babel/runtime@^7.15.4", "@babel/runtime@^7.8.4", "@babel/runtime@^7.9.2":
   version "7.27.0"
   resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.27.0.tgz#fbee7cf97c709518ecc1f590984481d5460d4762"
   integrity sha512-VtPOkrdPHZsKc/clNqyi9WUA8TINkZ4cGk63UUE3u4pmB2k+ZMQRDuIOagv8UVd6j7k0T3+RRIb7beKTebNbcw==
   dependencies:
     regenerator-runtime "^0.14.0"
 
+"@babel/runtime@^7.25.9":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.27.3.tgz#10491113799fb8d77e1d9273384d5d68deeea8f6"
+  integrity sha512-7EYtGezsdiDMyY80+65EzwiGmcJqpmcZCojSXaRgdrBaGtWTgDZKq69cPIVped6MkIM78cTQ2GOiEYjwOlG4xw==
+
 "@babel/template@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.24.7.tgz#02efcee317d0609d2c07117cb70ef8fb17ab7315"
@@ -1242,7 +2049,16 @@
     "@babel/parser" "^7.27.0"
     "@babel/types" "^7.27.0"
 
-"@babel/traverse@^7.22.8", "@babel/traverse@^7.24.7":
+"@babel/template@^7.27.1", "@babel/template@^7.27.2":
+  version "7.27.2"
+  resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.27.2.tgz#fa78ceed3c4e7b63ebf6cb39e5852fca45f6809d"
+  integrity sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==
+  dependencies:
+    "@babel/code-frame" "^7.27.1"
+    "@babel/parser" "^7.27.2"
+    "@babel/types" "^7.27.1"
+
+"@babel/traverse@^7.24.7":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.24.7.tgz#de2b900163fa741721ba382163fe46a936c40cf5"
   integrity sha512-yb65Ed5S/QAcewNPh0nZczy9JdYXkkAbIsEo+P7BE7yO3txAY30Y/oPa3QkQ5It3xVG2kpKMg9MsdxZaO31uKA==
@@ -1258,6 +2074,19 @@
     debug "^4.3.1"
     globals "^11.1.0"
 
+"@babel/traverse@^7.25.9", "@babel/traverse@^7.27.1", "@babel/traverse@^7.27.3":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.27.3.tgz#8b62a6c2d10f9d921ba7339c90074708509cffae"
+  integrity sha512-lId/IfN/Ye1CIu8xG7oKBHXd2iNb2aW1ilPszzGcJug6M8RCKfVNcYhpI5+bMvFYjK7lXIM0R+a+6r8xhHp2FQ==
+  dependencies:
+    "@babel/code-frame" "^7.27.1"
+    "@babel/generator" "^7.27.3"
+    "@babel/parser" "^7.27.3"
+    "@babel/template" "^7.27.2"
+    "@babel/types" "^7.27.3"
+    debug "^4.3.1"
+    globals "^11.1.0"
+
 "@babel/types@^7.21.3", "@babel/types@^7.24.7", "@babel/types@^7.4.4":
   version "7.24.7"
   resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.24.7.tgz#6027fe12bc1aa724cd32ab113fb7f1988f1f66f2"
@@ -1275,10 +2104,18 @@
     "@babel/helper-string-parser" "^7.25.9"
     "@babel/helper-validator-identifier" "^7.25.9"
 
-"@braintree/sanitize-url@^6.0.1":
-  version "6.0.4"
-  resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.4.tgz#923ca57e173c6b232bbbb07347b1be982f03e783"
-  integrity sha512-s3jaWicZd0pkP0jf5ysyHUI/RE7MHos6qlToFcGWXVp+ykHOy77OUMrfbgJ9it2C5bow7OIQwYYaHjk9XlBQ2A==
+"@babel/types@^7.27.1", "@babel/types@^7.27.3":
+  version "7.27.3"
+  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.27.3.tgz#c0257bedf33aad6aad1f406d35c44758321eb3ec"
+  integrity sha512-Y1GkI4ktrtvmawoSq+4FCVHNryea6uR+qUQy0AGxLSsjCX0nVmkYQMBLHDkXZuo5hGx7eYdnIaslsdBFm7zbUw==
+  dependencies:
+    "@babel/helper-string-parser" "^7.27.1"
+    "@babel/helper-validator-identifier" "^7.27.1"
+
+"@braintree/sanitize-url@^7.0.4":
+  version "7.1.1"
+  resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-7.1.1.tgz#15e19737d946559289b915e5dad3b4c28407735e"
+  integrity sha512-i1L7noDNxtFyL5DmZafWy1wRVhGehQmzZaz1HiN5e7iylJMSZR7ekOV7NsIqa5qBldlLrsKv4HbgFUVlQrz8Mw==
 
 "@bufbuild/buf-darwin-arm64@1.33.0":
   version "1.33.0"
@@ -1322,138 +2159,543 @@
     "@bufbuild/buf-win32-arm64" "1.33.0"
     "@bufbuild/buf-win32-x64" "1.33.0"
 
+"@chevrotain/cst-dts-gen@11.0.3":
+  version "11.0.3"
+  resolved "https://registry.yarnpkg.com/@chevrotain/cst-dts-gen/-/cst-dts-gen-11.0.3.tgz#5e0863cc57dc45e204ccfee6303225d15d9d4783"
+  integrity sha512-BvIKpRLeS/8UbfxXxgC33xOumsacaeCKAjAeLyOn7Pcp95HiRbrpl14S+9vaZLolnbssPIUuiUd8IvgkRyt6NQ==
+  dependencies:
+    "@chevrotain/gast" "11.0.3"
+    "@chevrotain/types" "11.0.3"
+    lodash-es "4.17.21"
+
+"@chevrotain/gast@11.0.3":
+  version "11.0.3"
+  resolved "https://registry.yarnpkg.com/@chevrotain/gast/-/gast-11.0.3.tgz#e84d8880323fe8cbe792ef69ce3ffd43a936e818"
+  integrity sha512-+qNfcoNk70PyS/uxmj3li5NiECO+2YKZZQMbmjTqRI3Qchu8Hig/Q9vgkHpI3alNjr7M+a2St5pw5w5F6NL5/Q==
+  dependencies:
+    "@chevrotain/types" "11.0.3"
+    lodash-es "4.17.21"
+
+"@chevrotain/regexp-to-ast@11.0.3":
+  version "11.0.3"
+  resolved "https://registry.yarnpkg.com/@chevrotain/regexp-to-ast/-/regexp-to-ast-11.0.3.tgz#11429a81c74a8e6a829271ce02fc66166d56dcdb"
+  integrity sha512-1fMHaBZxLFvWI067AVbGJav1eRY7N8DDvYCTwGBiE/ytKBgP8azTdgyrKyWZ9Mfh09eHWb5PgTSO8wi7U824RA==
+
+"@chevrotain/types@11.0.3":
+  version "11.0.3"
+  resolved "https://registry.yarnpkg.com/@chevrotain/types/-/types-11.0.3.tgz#f8a03914f7b937f594f56eb89312b3b8f1c91848"
+  integrity sha512-gsiM3G8b58kZC2HaWR50gu6Y1440cHiJ+i3JUvcp/35JchYejb2+5MVeJK0iKThYpAa/P2PYFV4hoi44HD+aHQ==
+
+"@chevrotain/utils@11.0.3":
+  version "11.0.3"
+  resolved "https://registry.yarnpkg.com/@chevrotain/utils/-/utils-11.0.3.tgz#e39999307b102cff3645ec4f5b3665f5297a2224"
+  integrity sha512-YslZMgtJUyuMbZ+aKvfF3x1f5liK4mWNxghFRv7jqRR9C3R3fAOGTTKvxXDa2Y1s9zSbcpuO0cAxDYsc9SrXoQ==
+
 "@colors/colors@1.5.0":
   version "1.5.0"
   resolved "https://registry.yarnpkg.com/@colors/colors/-/colors-1.5.0.tgz#bb504579c1cae923e6576a4f5da43d25f97bdbd9"
   integrity sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==
 
+"@csstools/cascade-layer-name-parser@^2.0.5":
+  version "2.0.5"
+  resolved "https://registry.yarnpkg.com/@csstools/cascade-layer-name-parser/-/cascade-layer-name-parser-2.0.5.tgz#43f962bebead0052a9fed1a2deeb11f85efcbc72"
+  integrity sha512-p1ko5eHgV+MgXFVa4STPKpvPxr6ReS8oS2jzTukjR74i5zJNyWO1ZM1m8YKBXnzDKWfBN1ztLYlHxbVemDD88A==
+
+"@csstools/color-helpers@^5.0.2":
+  version "5.0.2"
+  resolved "https://registry.yarnpkg.com/@csstools/color-helpers/-/color-helpers-5.0.2.tgz#82592c9a7c2b83c293d9161894e2a6471feb97b8"
+  integrity sha512-JqWH1vsgdGcw2RR6VliXXdA0/59LttzlU8UlRT/iUUsEeWfYq8I+K0yhihEUTTHLRm1EXvpsCx3083EU15ecsA==
+
+"@csstools/css-calc@^2.1.4":
+  version "2.1.4"
+  resolved "https://registry.yarnpkg.com/@csstools/css-calc/-/css-calc-2.1.4.tgz#8473f63e2fcd6e459838dd412401d5948f224c65"
+  integrity sha512-3N8oaj+0juUw/1H3YwmDDJXCgTB1gKU6Hc/bB502u9zR0q2vd786XJH9QfrKIEgFlZmhZiq6epXl4rHqhzsIgQ==
+
+"@csstools/css-color-parser@^3.0.10":
+  version "3.0.10"
+  resolved "https://registry.yarnpkg.com/@csstools/css-color-parser/-/css-color-parser-3.0.10.tgz#79fc68864dd43c3b6782d2b3828bc0fa9d085c10"
+  integrity sha512-TiJ5Ajr6WRd1r8HSiwJvZBiJOqtH86aHpUjq5aEKWHiII2Qfjqd/HCWKPOW8EP4vcspXbHnXrwIDlu5savQipg==
+  dependencies:
+    "@csstools/color-helpers" "^5.0.2"
+    "@csstools/css-calc" "^2.1.4"
+
+"@csstools/css-parser-algorithms@^3.0.5":
+  version "3.0.5"
+  resolved "https://registry.yarnpkg.com/@csstools/css-parser-algorithms/-/css-parser-algorithms-3.0.5.tgz#5755370a9a29abaec5515b43c8b3f2cf9c2e3076"
+  integrity sha512-DaDeUkXZKjdGhgYaHNJTV9pV7Y9B3b644jCLs9Upc3VeNGg6LWARAT6O+Q+/COo+2gg/bM5rhpMAtf70WqfBdQ==
+
+"@csstools/css-tokenizer@^3.0.4":
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/@csstools/css-tokenizer/-/css-tokenizer-3.0.4.tgz#333fedabc3fd1a8e5d0100013731cf19e6a8c5d3"
+  integrity sha512-Vd/9EVDiu6PPJt9yAh6roZP6El1xHrdvIVGjyBsHR0RYwNHgL7FJPyIIW4fANJNG6FtyZfvlRPpFI4ZM/lubvw==
+
+"@csstools/media-query-list-parser@^4.0.3":
+  version "4.0.3"
+  resolved "https://registry.yarnpkg.com/@csstools/media-query-list-parser/-/media-query-list-parser-4.0.3.tgz#7aec77bcb89c2da80ef207e73f474ef9e1b3cdf1"
+  integrity sha512-HAYH7d3TLRHDOUQK4mZKf9k9Ph/m8Akstg66ywKR4SFAigjs3yBiUeZtFxywiTm5moZMAp/5W/ZuFnNXXYLuuQ==
+
+"@csstools/postcss-cascade-layers@^5.0.1":
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-cascade-layers/-/postcss-cascade-layers-5.0.1.tgz#9640313e64b5e39133de7e38a5aa7f40dc259597"
+  integrity sha512-XOfhI7GShVcKiKwmPAnWSqd2tBR0uxt+runAxttbSp/LY2U16yAVPmAf7e9q4JJ0d+xMNmpwNDLBXnmRCl3HMQ==
+  dependencies:
+    "@csstools/selector-specificity" "^5.0.0"
+    postcss-selector-parser "^7.0.0"
+
+"@csstools/postcss-color-function@^4.0.10":
+  version "4.0.10"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-color-function/-/postcss-color-function-4.0.10.tgz#11ad43a66ef2cc794ab826a07df8b5fa9fb47a3a"
+  integrity sha512-4dY0NBu7NVIpzxZRgh/Q/0GPSz/jLSw0i/u3LTUor0BkQcz/fNhN10mSWBDsL0p9nDb0Ky1PD6/dcGbhACuFTQ==
+  dependencies:
+    "@csstools/css-color-parser" "^3.0.10"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+
+"@csstools/postcss-color-mix-function@^3.0.10":
+  version "3.0.10"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-color-mix-function/-/postcss-color-mix-function-3.0.10.tgz#8c9d0ccfae5c45a9870dd84807ea2995c7a3a514"
+  integrity sha512-P0lIbQW9I4ShE7uBgZRib/lMTf9XMjJkFl/d6w4EMNHu2qvQ6zljJGEcBkw/NsBtq/6q3WrmgxSS8kHtPMkK4Q==
+  dependencies:
+    "@csstools/css-color-parser" "^3.0.10"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+
+"@csstools/postcss-color-mix-variadic-function-arguments@^1.0.0":
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-color-mix-variadic-function-arguments/-/postcss-color-mix-variadic-function-arguments-1.0.0.tgz#0b29cb9b4630d7ed68549db265662d41554a17ed"
+  integrity sha512-Z5WhouTyD74dPFPrVE7KydgNS9VvnjB8qcdes9ARpCOItb4jTnm7cHp4FhxCRUoyhabD0WVv43wbkJ4p8hLAlQ==
+  dependencies:
+    "@csstools/css-color-parser" "^3.0.10"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+
+"@csstools/postcss-content-alt-text@^2.0.6":
+  version "2.0.6"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-content-alt-text/-/postcss-content-alt-text-2.0.6.tgz#548862226eac54bab0ee5f1bf3a9981393ab204b"
+  integrity sha512-eRjLbOjblXq+byyaedQRSrAejKGNAFued+LcbzT+LCL78fabxHkxYjBbxkroONxHHYu2qxhFK2dBStTLPG3jpQ==
+  dependencies:
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+
+"@csstools/postcss-exponential-functions@^2.0.9":
+  version "2.0.9"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-exponential-functions/-/postcss-exponential-functions-2.0.9.tgz#fc03d1272888cb77e64cc1a7d8a33016e4f05c69"
+  integrity sha512-abg2W/PI3HXwS/CZshSa79kNWNZHdJPMBXeZNyPQFbbj8sKO3jXxOt/wF7juJVjyDTc6JrvaUZYFcSBZBhaxjw==
+  dependencies:
+    "@csstools/css-calc" "^2.1.4"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+
+"@csstools/postcss-font-format-keywords@^4.0.0":
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-font-format-keywords/-/postcss-font-format-keywords-4.0.0.tgz#6730836eb0153ff4f3840416cc2322f129c086e6"
+  integrity sha512-usBzw9aCRDvchpok6C+4TXC57btc4bJtmKQWOHQxOVKen1ZfVqBUuCZ/wuqdX5GHsD0NRSr9XTP+5ID1ZZQBXw==
+  dependencies:
+    "@csstools/utilities" "^2.0.0"
+    postcss-value-parser "^4.2.0"
+
+"@csstools/postcss-gamut-mapping@^2.0.10":
+  version "2.0.10"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-gamut-mapping/-/postcss-gamut-mapping-2.0.10.tgz#f518d941231d721dbecf5b41e3c441885ff2f28b"
+  integrity sha512-QDGqhJlvFnDlaPAfCYPsnwVA6ze+8hhrwevYWlnUeSjkkZfBpcCO42SaUD8jiLlq7niouyLgvup5lh+f1qessg==
+  dependencies:
+    "@csstools/css-color-parser" "^3.0.10"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+
+"@csstools/postcss-gradients-interpolation-method@^5.0.10":
+  version "5.0.10"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-gradients-interpolation-method/-/postcss-gradients-interpolation-method-5.0.10.tgz#3146da352c31142a721fdba062ac3a6d11dbbec3"
+  integrity sha512-HHPauB2k7Oits02tKFUeVFEU2ox/H3OQVrP3fSOKDxvloOikSal+3dzlyTZmYsb9FlY9p5EUpBtz0//XBmy+aw==
+  dependencies:
+    "@csstools/css-color-parser" "^3.0.10"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+
+"@csstools/postcss-hwb-function@^4.0.10":
+  version "4.0.10"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-hwb-function/-/postcss-hwb-function-4.0.10.tgz#f93f3c457e6440ac37ef9b908feb5d901b417d50"
+  integrity sha512-nOKKfp14SWcdEQ++S9/4TgRKchooLZL0TUFdun3nI4KPwCjETmhjta1QT4ICQcGVWQTvrsgMM/aLB5We+kMHhQ==
+  dependencies:
+    "@csstools/css-color-parser" "^3.0.10"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+
+"@csstools/postcss-ic-unit@^4.0.2":
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-ic-unit/-/postcss-ic-unit-4.0.2.tgz#7561e09db65fac8304ceeab9dd3e5c6e43414587"
+  integrity sha512-lrK2jjyZwh7DbxaNnIUjkeDmU8Y6KyzRBk91ZkI5h8nb1ykEfZrtIVArdIjX4DHMIBGpdHrgP0n4qXDr7OHaKA==
+  dependencies:
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+    postcss-value-parser "^4.2.0"
+
+"@csstools/postcss-initial@^2.0.1":
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-initial/-/postcss-initial-2.0.1.tgz#c385bd9d8ad31ad159edd7992069e97ceea4d09a"
+  integrity sha512-L1wLVMSAZ4wovznquK0xmC7QSctzO4D0Is590bxpGqhqjboLXYA16dWZpfwImkdOgACdQ9PqXsuRroW6qPlEsg==
+
+"@csstools/postcss-is-pseudo-class@^5.0.1":
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-is-pseudo-class/-/postcss-is-pseudo-class-5.0.1.tgz#12041448fedf01090dd4626022c28b7f7623f58e"
+  integrity sha512-JLp3POui4S1auhDR0n8wHd/zTOWmMsmK3nQd3hhL6FhWPaox5W7j1se6zXOG/aP07wV2ww0lxbKYGwbBszOtfQ==
+  dependencies:
+    "@csstools/selector-specificity" "^5.0.0"
+    postcss-selector-parser "^7.0.0"
+
+"@csstools/postcss-light-dark-function@^2.0.9":
+  version "2.0.9"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-light-dark-function/-/postcss-light-dark-function-2.0.9.tgz#9fb080188907539734a9d5311d2a1cb82531ef38"
+  integrity sha512-1tCZH5bla0EAkFAI2r0H33CDnIBeLUaJh1p+hvvsylJ4svsv2wOmJjJn+OXwUZLXef37GYbRIVKX+X+g6m+3CQ==
+  dependencies:
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+
+"@csstools/postcss-logical-float-and-clear@^3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-logical-float-and-clear/-/postcss-logical-float-and-clear-3.0.0.tgz#62617564182cf86ab5d4e7485433ad91e4c58571"
+  integrity sha512-SEmaHMszwakI2rqKRJgE+8rpotFfne1ZS6bZqBoQIicFyV+xT1UF42eORPxJkVJVrH9C0ctUgwMSn3BLOIZldQ==
+
+"@csstools/postcss-logical-overflow@^2.0.0":
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-logical-overflow/-/postcss-logical-overflow-2.0.0.tgz#c6de7c5f04e3d4233731a847f6c62819bcbcfa1d"
+  integrity sha512-spzR1MInxPuXKEX2csMamshR4LRaSZ3UXVaRGjeQxl70ySxOhMpP2252RAFsg8QyyBXBzuVOOdx1+bVO5bPIzA==
+
+"@csstools/postcss-logical-overscroll-behavior@^2.0.0":
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-logical-overscroll-behavior/-/postcss-logical-overscroll-behavior-2.0.0.tgz#43c03eaecdf34055ef53bfab691db6dc97a53d37"
+  integrity sha512-e/webMjoGOSYfqLunyzByZj5KKe5oyVg/YSbie99VEaSDE2kimFm0q1f6t/6Jo+VVCQ/jbe2Xy+uX+C4xzWs4w==
+
+"@csstools/postcss-logical-resize@^3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-logical-resize/-/postcss-logical-resize-3.0.0.tgz#4df0eeb1a61d7bd85395e56a5cce350b5dbfdca6"
+  integrity sha512-DFbHQOFW/+I+MY4Ycd/QN6Dg4Hcbb50elIJCfnwkRTCX05G11SwViI5BbBlg9iHRl4ytB7pmY5ieAFk3ws7yyg==
+  dependencies:
+    postcss-value-parser "^4.2.0"
+
+"@csstools/postcss-logical-viewport-units@^3.0.4":
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-logical-viewport-units/-/postcss-logical-viewport-units-3.0.4.tgz#016d98a8b7b5f969e58eb8413447eb801add16fc"
+  integrity sha512-q+eHV1haXA4w9xBwZLKjVKAWn3W2CMqmpNpZUk5kRprvSiBEGMgrNH3/sJZ8UA3JgyHaOt3jwT9uFa4wLX4EqQ==
+  dependencies:
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/utilities" "^2.0.0"
+
+"@csstools/postcss-media-minmax@^2.0.9":
+  version "2.0.9"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-media-minmax/-/postcss-media-minmax-2.0.9.tgz#184252d5b93155ae526689328af6bdf3fc113987"
+  integrity sha512-af9Qw3uS3JhYLnCbqtZ9crTvvkR+0Se+bBqSr7ykAnl9yKhk6895z9rf+2F4dClIDJWxgn0iZZ1PSdkhrbs2ig==
+  dependencies:
+    "@csstools/css-calc" "^2.1.4"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/media-query-list-parser" "^4.0.3"
+
+"@csstools/postcss-media-queries-aspect-ratio-number-values@^3.0.5":
+  version "3.0.5"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-media-queries-aspect-ratio-number-values/-/postcss-media-queries-aspect-ratio-number-values-3.0.5.tgz#f485c31ec13d6b0fb5c528a3474334a40eff5f11"
+  integrity sha512-zhAe31xaaXOY2Px8IYfoVTB3wglbJUVigGphFLj6exb7cjZRH9A6adyE22XfFK3P2PzwRk0VDeTJmaxpluyrDg==
+  dependencies:
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/media-query-list-parser" "^4.0.3"
+
+"@csstools/postcss-nested-calc@^4.0.0":
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-nested-calc/-/postcss-nested-calc-4.0.0.tgz#754e10edc6958d664c11cde917f44ba144141c62"
+  integrity sha512-jMYDdqrQQxE7k9+KjstC3NbsmC063n1FTPLCgCRS2/qHUbHM0mNy9pIn4QIiQGs9I/Bg98vMqw7mJXBxa0N88A==
+  dependencies:
+    "@csstools/utilities" "^2.0.0"
+    postcss-value-parser "^4.2.0"
+
+"@csstools/postcss-normalize-display-values@^4.0.0":
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-normalize-display-values/-/postcss-normalize-display-values-4.0.0.tgz#ecdde2daf4e192e5da0c6fd933b6d8aff32f2a36"
+  integrity sha512-HlEoG0IDRoHXzXnkV4in47dzsxdsjdz6+j7MLjaACABX2NfvjFS6XVAnpaDyGesz9gK2SC7MbNwdCHusObKJ9Q==
+  dependencies:
+    postcss-value-parser "^4.2.0"
+
+"@csstools/postcss-oklab-function@^4.0.10":
+  version "4.0.10"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-oklab-function/-/postcss-oklab-function-4.0.10.tgz#d4c23c51dd0be45e6dedde22432d7d0003710780"
+  integrity sha512-ZzZUTDd0fgNdhv8UUjGCtObPD8LYxMH+MJsW9xlZaWTV8Ppr4PtxlHYNMmF4vVWGl0T6f8tyWAKjoI6vePSgAg==
+  dependencies:
+    "@csstools/css-color-parser" "^3.0.10"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+
+"@csstools/postcss-progressive-custom-properties@^4.1.0":
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-progressive-custom-properties/-/postcss-progressive-custom-properties-4.1.0.tgz#70c8d41b577f4023633b7e3791604e0b7f3775bc"
+  integrity sha512-YrkI9dx8U4R8Sz2EJaoeD9fI7s7kmeEBfmO+UURNeL6lQI7VxF6sBE+rSqdCBn4onwqmxFdBU3lTwyYb/lCmxA==
+  dependencies:
+    postcss-value-parser "^4.2.0"
+
+"@csstools/postcss-random-function@^2.0.1":
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-random-function/-/postcss-random-function-2.0.1.tgz#3191f32fe72936e361dadf7dbfb55a0209e2691e"
+  integrity sha512-q+FQaNiRBhnoSNo+GzqGOIBKoHQ43lYz0ICrV+UudfWnEF6ksS6DsBIJSISKQT2Bvu3g4k6r7t0zYrk5pDlo8w==
+  dependencies:
+    "@csstools/css-calc" "^2.1.4"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+
+"@csstools/postcss-relative-color-syntax@^3.0.10":
+  version "3.0.10"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-relative-color-syntax/-/postcss-relative-color-syntax-3.0.10.tgz#daa840583969461e1e06b12e9c591e52a790ec86"
+  integrity sha512-8+0kQbQGg9yYG8hv0dtEpOMLwB9M+P7PhacgIzVzJpixxV4Eq9AUQtQw8adMmAJU1RBBmIlpmtmm3XTRd/T00g==
+  dependencies:
+    "@csstools/css-color-parser" "^3.0.10"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+
+"@csstools/postcss-scope-pseudo-class@^4.0.1":
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-scope-pseudo-class/-/postcss-scope-pseudo-class-4.0.1.tgz#9fe60e9d6d91d58fb5fc6c768a40f6e47e89a235"
+  integrity sha512-IMi9FwtH6LMNuLea1bjVMQAsUhFxJnyLSgOp/cpv5hrzWmrUYU5fm0EguNDIIOHUqzXode8F/1qkC/tEo/qN8Q==
+  dependencies:
+    postcss-selector-parser "^7.0.0"
+
+"@csstools/postcss-sign-functions@^1.1.4":
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-sign-functions/-/postcss-sign-functions-1.1.4.tgz#a9ac56954014ae4c513475b3f1b3e3424a1e0c12"
+  integrity sha512-P97h1XqRPcfcJndFdG95Gv/6ZzxUBBISem0IDqPZ7WMvc/wlO+yU0c5D/OCpZ5TJoTt63Ok3knGk64N+o6L2Pg==
+  dependencies:
+    "@csstools/css-calc" "^2.1.4"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+
+"@csstools/postcss-stepped-value-functions@^4.0.9":
+  version "4.0.9"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-stepped-value-functions/-/postcss-stepped-value-functions-4.0.9.tgz#36036f1a0e5e5ee2308e72f3c9cb433567c387b9"
+  integrity sha512-h9btycWrsex4dNLeQfyU3y3w40LMQooJWFMm/SK9lrKguHDcFl4VMkncKKoXi2z5rM9YGWbUQABI8BT2UydIcA==
+  dependencies:
+    "@csstools/css-calc" "^2.1.4"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+
+"@csstools/postcss-text-decoration-shorthand@^4.0.2":
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-text-decoration-shorthand/-/postcss-text-decoration-shorthand-4.0.2.tgz#a3bcf80492e6dda36477538ab8e8943908c9f80a"
+  integrity sha512-8XvCRrFNseBSAGxeaVTaNijAu+FzUvjwFXtcrynmazGb/9WUdsPCpBX+mHEHShVRq47Gy4peYAoxYs8ltUnmzA==
+  dependencies:
+    "@csstools/color-helpers" "^5.0.2"
+    postcss-value-parser "^4.2.0"
+
+"@csstools/postcss-trigonometric-functions@^4.0.9":
+  version "4.0.9"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-trigonometric-functions/-/postcss-trigonometric-functions-4.0.9.tgz#3f94ed2e319b57f2c59720b64e4d0a8a6fb8c3b2"
+  integrity sha512-Hnh5zJUdpNrJqK9v1/E3BbrQhaDTj5YiX7P61TOvUhoDHnUmsNNxcDAgkQ32RrcWx9GVUvfUNPcUkn8R3vIX6A==
+  dependencies:
+    "@csstools/css-calc" "^2.1.4"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+
+"@csstools/postcss-unset-value@^4.0.0":
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-unset-value/-/postcss-unset-value-4.0.0.tgz#7caa981a34196d06a737754864baf77d64de4bba"
+  integrity sha512-cBz3tOCI5Fw6NIFEwU3RiwK6mn3nKegjpJuzCndoGq3BZPkUjnsq7uQmIeMNeMbMk7YD2MfKcgCpZwX5jyXqCA==
+
+"@csstools/selector-resolve-nested@^3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/selector-resolve-nested/-/selector-resolve-nested-3.0.0.tgz#704a9b637975680e025e069a4c58b3beb3e2752a"
+  integrity sha512-ZoK24Yku6VJU1gS79a5PFmC8yn3wIapiKmPgun0hZgEI5AOqgH2kiPRsPz1qkGv4HL+wuDLH83yQyk6inMYrJQ==
+
+"@csstools/selector-specificity@^5.0.0":
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz#037817b574262134cabd68fc4ec1a454f168407b"
+  integrity sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw==
+
+"@csstools/utilities@^2.0.0":
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/utilities/-/utilities-2.0.0.tgz#f7ff0fee38c9ffb5646d47b6906e0bc8868bde60"
+  integrity sha512-5VdOr0Z71u+Yp3ozOx8T11N703wIFGVRgOWbOZMKgglPJsWA54MRIoMNVMa7shUToIhx5J8vX4sOZgD2XiihiQ==
+
 "@discoveryjs/json-ext@0.5.7":
   version "0.5.7"
   resolved "https://registry.yarnpkg.com/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz#1d572bfbbe14b7704e0ba0f39b74815b84870d70"
   integrity sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw==
 
-"@docsearch/css@3.6.0":
-  version "3.6.0"
-  resolved "https://registry.yarnpkg.com/@docsearch/css/-/css-3.6.0.tgz#0e9f56f704b3a34d044d15fd9962ebc1536ba4fb"
-  integrity sha512-+sbxb71sWre+PwDK7X2T8+bhS6clcVMLwBPznX45Qu6opJcgRjAp7gYSDzVFp187J+feSj5dNBN1mJoi6ckkUQ==
+"@docsearch/css@3.9.0":
+  version "3.9.0"
+  resolved "https://registry.yarnpkg.com/@docsearch/css/-/css-3.9.0.tgz#3bc29c96bf024350d73b0cfb7c2a7b71bf251cd5"
+  integrity sha512-cQbnVbq0rrBwNAKegIac/t6a8nWoUAn8frnkLFW6YARaRmAQr5/Eoe6Ln2fqkUCZ40KpdrKbpSAmgrkviOxuWA==
 
-"@docsearch/react@^3.5.2":
-  version "3.6.0"
-  resolved "https://registry.yarnpkg.com/@docsearch/react/-/react-3.6.0.tgz#b4f25228ecb7fc473741aefac592121e86dd2958"
-  integrity sha512-HUFut4ztcVNmqy9gp/wxNbC7pTOHhgVVkHVGCACTuLhUKUhKAF9KYHJtMiLUJxEqiFLQiuri1fWF8zqwM/cu1w==
+"@docsearch/react@^3.9.0":
+  version "3.9.0"
+  resolved "https://registry.yarnpkg.com/@docsearch/react/-/react-3.9.0.tgz#d0842b700c3ee26696786f3c8ae9f10c1a3f0db3"
+  integrity sha512-mb5FOZYZIkRQ6s/NWnM98k879vu5pscWqTLubLFBO87igYYT4VzVazh4h5o/zCvTIZgEt3PvsCOMOswOUo9yHQ==
   dependencies:
-    "@algolia/autocomplete-core" "1.9.3"
-    "@algolia/autocomplete-preset-algolia" "1.9.3"
-    "@docsearch/css" "3.6.0"
-    algoliasearch "^4.19.1"
+    "@algolia/autocomplete-core" "1.17.9"
+    "@algolia/autocomplete-preset-algolia" "1.17.9"
+    "@docsearch/css" "3.9.0"
+    algoliasearch "^5.14.2"
 
-"@docusaurus/core@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/core/-/core-3.4.0.tgz#bdbf1af4b2f25d1bf4a5b62ec6137d84c821cb3c"
-  integrity sha512-g+0wwmN2UJsBqy2fQRQ6fhXruoEa62JDeEa5d8IdTJlMoaDaEDfHh7WjwGRn4opuTQWpjAwP/fbcgyHKlE+64w==
+"@docusaurus/babel@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/babel/-/babel-3.8.0.tgz#2f390cc4e588a96ec496d87921e44890899738a6"
+  integrity sha512-9EJwSgS6TgB8IzGk1L8XddJLhZod8fXT4ULYMx6SKqyCBqCFpVCEjR/hNXXhnmtVM2irDuzYoVLGWv7srG/VOA==
   dependencies:
-    "@babel/core" "^7.23.3"
-    "@babel/generator" "^7.23.3"
+    "@babel/core" "^7.25.9"
+    "@babel/generator" "^7.25.9"
     "@babel/plugin-syntax-dynamic-import" "^7.8.3"
-    "@babel/plugin-transform-runtime" "^7.22.9"
-    "@babel/preset-env" "^7.22.9"
-    "@babel/preset-react" "^7.22.5"
-    "@babel/preset-typescript" "^7.22.5"
-    "@babel/runtime" "^7.22.6"
-    "@babel/runtime-corejs3" "^7.22.6"
-    "@babel/traverse" "^7.22.8"
-    "@docusaurus/cssnano-preset" "3.4.0"
-    "@docusaurus/logger" "3.4.0"
-    "@docusaurus/mdx-loader" "3.4.0"
-    "@docusaurus/utils" "3.4.0"
-    "@docusaurus/utils-common" "3.4.0"
-    "@docusaurus/utils-validation" "3.4.0"
-    autoprefixer "^10.4.14"
-    babel-loader "^9.1.3"
+    "@babel/plugin-transform-runtime" "^7.25.9"
+    "@babel/preset-env" "^7.25.9"
+    "@babel/preset-react" "^7.25.9"
+    "@babel/preset-typescript" "^7.25.9"
+    "@babel/runtime" "^7.25.9"
+    "@babel/runtime-corejs3" "^7.25.9"
+    "@babel/traverse" "^7.25.9"
+    "@docusaurus/logger" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
     babel-plugin-dynamic-import-node "^2.3.3"
-    boxen "^6.2.1"
-    chalk "^4.1.2"
-    chokidar "^3.5.3"
+    fs-extra "^11.1.1"
+    tslib "^2.6.0"
+
+"@docusaurus/bundler@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/bundler/-/bundler-3.8.0.tgz#386f54dca594d81bac6b617c71822e0808d6e2f6"
+  integrity sha512-Rq4Z/MSeAHjVzBLirLeMcjLIAQy92pF1OI+2rmt18fSlMARfTGLWRE8Vb+ljQPTOSfJxwDYSzsK6i7XloD2rNA==
+  dependencies:
+    "@babel/core" "^7.25.9"
+    "@docusaurus/babel" "3.8.0"
+    "@docusaurus/cssnano-preset" "3.8.0"
+    "@docusaurus/logger" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
+    babel-loader "^9.2.1"
     clean-css "^5.3.2"
-    cli-table3 "^0.6.3"
-    combine-promises "^1.1.0"
-    commander "^5.1.0"
     copy-webpack-plugin "^11.0.0"
-    core-js "^3.31.1"
     css-loader "^6.8.1"
     css-minimizer-webpack-plugin "^5.0.1"
     cssnano "^6.1.2"
-    del "^6.1.1"
+    file-loader "^6.2.0"
+    html-minifier-terser "^7.2.0"
+    mini-css-extract-plugin "^2.9.1"
+    null-loader "^4.0.1"
+    postcss "^8.4.26"
+    postcss-loader "^7.3.3"
+    postcss-preset-env "^10.1.0"
+    terser-webpack-plugin "^5.3.9"
+    tslib "^2.6.0"
+    url-loader "^4.1.1"
+    webpack "^5.95.0"
+    webpackbar "^6.0.1"
+
+"@docusaurus/core@3.8.0", "@docusaurus/core@^3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/core/-/core-3.8.0.tgz#79d5e1084415c8834a8a5cb87162ca13f52fe147"
+  integrity sha512-c7u6zFELmSGPEP9WSubhVDjgnpiHgDqMh1qVdCB7rTflh4Jx0msTYmMiO91Ez0KtHj4sIsDsASnjwfJ2IZp3Vw==
+  dependencies:
+    "@docusaurus/babel" "3.8.0"
+    "@docusaurus/bundler" "3.8.0"
+    "@docusaurus/logger" "3.8.0"
+    "@docusaurus/mdx-loader" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/utils-common" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
+    boxen "^6.2.1"
+    chalk "^4.1.2"
+    chokidar "^3.5.3"
+    cli-table3 "^0.6.3"
+    combine-promises "^1.1.0"
+    commander "^5.1.0"
+    core-js "^3.31.1"
     detect-port "^1.5.1"
     escape-html "^1.0.3"
     eta "^2.2.0"
     eval "^0.1.8"
-    file-loader "^6.2.0"
+    execa "5.1.1"
     fs-extra "^11.1.1"
-    html-minifier-terser "^7.2.0"
     html-tags "^3.3.1"
-    html-webpack-plugin "^5.5.3"
+    html-webpack-plugin "^5.6.0"
     leven "^3.1.0"
     lodash "^4.17.21"
-    mini-css-extract-plugin "^2.7.6"
+    open "^8.4.0"
     p-map "^4.0.0"
-    postcss "^8.4.26"
-    postcss-loader "^7.3.3"
     prompts "^2.4.2"
-    react-dev-utils "^12.0.1"
-    react-helmet-async "^1.3.0"
+    react-helmet-async "npm:@slorber/react-helmet-async@1.3.0"
     react-loadable "npm:@docusaurus/react-loadable@6.0.0"
     react-loadable-ssr-addon-v5-slorber "^1.0.1"
     react-router "^5.3.4"
     react-router-config "^5.1.1"
     react-router-dom "^5.3.4"
-    rtl-detect "^1.0.4"
     semver "^7.5.4"
-    serve-handler "^6.1.5"
-    shelljs "^0.8.5"
-    terser-webpack-plugin "^5.3.9"
+    serve-handler "^6.1.6"
+    tinypool "^1.0.2"
     tslib "^2.6.0"
     update-notifier "^6.0.2"
-    url-loader "^4.1.1"
-    webpack "^5.88.1"
-    webpack-bundle-analyzer "^4.9.0"
-    webpack-dev-server "^4.15.1"
-    webpack-merge "^5.9.0"
-    webpackbar "^5.0.2"
+    webpack "^5.95.0"
+    webpack-bundle-analyzer "^4.10.2"
+    webpack-dev-server "^4.15.2"
+    webpack-merge "^6.0.1"
 
-"@docusaurus/cssnano-preset@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/cssnano-preset/-/cssnano-preset-3.4.0.tgz#dc7922b3bbeabcefc9b60d0161680d81cf72c368"
-  integrity sha512-qwLFSz6v/pZHy/UP32IrprmH5ORce86BGtN0eBtG75PpzQJAzp9gefspox+s8IEOr0oZKuQ/nhzZ3xwyc3jYJQ==
+"@docusaurus/cssnano-preset@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/cssnano-preset/-/cssnano-preset-3.8.0.tgz#a70f19e2995be2299f5ef9c3da3e5d4d5c14bff2"
+  integrity sha512-UJ4hAS2T0R4WNy+phwVff2Q0L5+RXW9cwlH6AEphHR5qw3m/yacfWcSK7ort2pMMbDn8uGrD38BTm4oLkuuNoQ==
   dependencies:
     cssnano-preset-advanced "^6.1.2"
     postcss "^8.4.38"
     postcss-sort-media-queries "^5.2.0"
     tslib "^2.6.0"
 
-"@docusaurus/logger@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/logger/-/logger-3.4.0.tgz#8b0ac05c7f3dac2009066e2f964dee8209a77403"
-  integrity sha512-bZwkX+9SJ8lB9kVRkXw+xvHYSMGG4bpYHKGXeXFvyVc79NMeeBSGgzd4TQLHH+DYeOJoCdl8flrFJVxlZ0wo/Q==
+"@docusaurus/faster@^3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/faster/-/faster-3.8.0.tgz#2814c5ea4f19e10a6cebf9296b6f15f8a621bf61"
+  integrity sha512-v9+8rT2gw/4zIRBwc4fIVhrTH/yFVDQgJgyYZjqr3fgojOypdQCOwkN6Z8dOwTei4/zo+b/zDPB4x1UvghJZRg==
+  dependencies:
+    "@docusaurus/types" "3.8.0"
+    "@rspack/core" "^1.3.10"
+    "@swc/core" "^1.7.39"
+    "@swc/html" "^1.7.39"
+    browserslist "^4.24.2"
+    lightningcss "^1.27.0"
+    swc-loader "^0.2.6"
+    tslib "^2.6.0"
+    webpack "^5.95.0"
+
+"@docusaurus/logger@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/logger/-/logger-3.8.0.tgz#c1abbb084a8058dc0047d57070fb9cd0241a679d"
+  integrity sha512-7eEMaFIam5Q+v8XwGqF/n0ZoCld4hV4eCCgQkfcN9Mq5inoZa6PHHW9Wu6lmgzoK5Kx3keEeABcO2SxwraoPDQ==
   dependencies:
     chalk "^4.1.2"
     tslib "^2.6.0"
 
-"@docusaurus/mdx-loader@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/mdx-loader/-/mdx-loader-3.4.0.tgz#483d7ab57928fdbb5c8bd1678098721a930fc5f6"
-  integrity sha512-kSSbrrk4nTjf4d+wtBA9H+FGauf2gCax89kV8SUSJu3qaTdSIKdWERlngsiHaCFgZ7laTJ8a67UFf+xlFPtuTw==
+"@docusaurus/mdx-loader@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/mdx-loader/-/mdx-loader-3.8.0.tgz#2b225cd2b1159cc49b10b1cac63a927a8368274b"
+  integrity sha512-mDPSzssRnpjSdCGuv7z2EIAnPS1MHuZGTaRLwPn4oQwszu4afjWZ/60sfKjTnjBjI8Vl4OgJl2vMmfmiNDX4Ng==
   dependencies:
-    "@docusaurus/logger" "3.4.0"
-    "@docusaurus/utils" "3.4.0"
-    "@docusaurus/utils-validation" "3.4.0"
+    "@docusaurus/logger" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
     "@mdx-js/mdx" "^3.0.0"
     "@slorber/remark-comment" "^1.0.0"
     escape-html "^1.0.3"
     estree-util-value-to-estree "^3.0.1"
     file-loader "^6.2.0"
     fs-extra "^11.1.1"
-    image-size "^1.0.2"
+    image-size "^2.0.2"
     mdast-util-mdx "^3.0.0"
     mdast-util-to-string "^4.0.0"
     rehype-raw "^7.0.0"
@@ -1469,176 +2711,206 @@
     vfile "^6.0.1"
     webpack "^5.88.1"
 
-"@docusaurus/module-type-aliases@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/module-type-aliases/-/module-type-aliases-3.4.0.tgz#2653bde58fc1aa3dbc626a6c08cfb63a37ae1bb8"
-  integrity sha512-A1AyS8WF5Bkjnb8s+guTDuYmUiwJzNrtchebBHpc0gz0PyHJNMaybUlSrmJjHVcGrya0LKI4YcR3lBDQfXRYLw==
+"@docusaurus/module-type-aliases@3.8.0", "@docusaurus/module-type-aliases@^3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/module-type-aliases/-/module-type-aliases-3.8.0.tgz#e487052c372538c5dcf2200999e13f328fa5ffaa"
+  integrity sha512-/uMb4Ipt5J/QnD13MpnoC/A4EYAe6DKNWqTWLlGrqsPJwJv73vSwkA25xnYunwfqWk0FlUQfGv/Swdh5eCCg7g==
   dependencies:
-    "@docusaurus/types" "3.4.0"
+    "@docusaurus/types" "3.8.0"
     "@types/history" "^4.7.11"
     "@types/react" "*"
     "@types/react-router-config" "*"
     "@types/react-router-dom" "*"
-    react-helmet-async "*"
+    react-helmet-async "npm:@slorber/react-helmet-async@1.3.0"
     react-loadable "npm:@docusaurus/react-loadable@6.0.0"
 
-"@docusaurus/plugin-content-blog@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.4.0.tgz#6373632fdbababbda73a13c4a08f907d7de8f007"
-  integrity sha512-vv6ZAj78ibR5Jh7XBUT4ndIjmlAxkijM3Sx5MAAzC1gyv0vupDQNhzuFg1USQmQVj3P5I6bquk12etPV3LJ+Xw==
+"@docusaurus/plugin-content-blog@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.8.0.tgz#0c200b1fb821e09e9e975c45255e5ddfab06c392"
+  integrity sha512-0SlOTd9R55WEr1GgIXu+hhTT0hzARYx3zIScA5IzpdekZQesI/hKEa5LPHBd415fLkWMjdD59TaW/3qQKpJ0Lg==
   dependencies:
-    "@docusaurus/core" "3.4.0"
-    "@docusaurus/logger" "3.4.0"
-    "@docusaurus/mdx-loader" "3.4.0"
-    "@docusaurus/types" "3.4.0"
-    "@docusaurus/utils" "3.4.0"
-    "@docusaurus/utils-common" "3.4.0"
-    "@docusaurus/utils-validation" "3.4.0"
-    cheerio "^1.0.0-rc.12"
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/logger" "3.8.0"
+    "@docusaurus/mdx-loader" "3.8.0"
+    "@docusaurus/theme-common" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/utils-common" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
+    cheerio "1.0.0-rc.12"
     feed "^4.2.2"
     fs-extra "^11.1.1"
     lodash "^4.17.21"
-    reading-time "^1.5.0"
+    schema-dts "^1.1.2"
     srcset "^4.0.0"
     tslib "^2.6.0"
     unist-util-visit "^5.0.0"
     utility-types "^3.10.0"
     webpack "^5.88.1"
 
-"@docusaurus/plugin-content-docs@3.4.0", "@docusaurus/plugin-content-docs@^3.0.1":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.4.0.tgz#3088973f72169a2a6d533afccec7153c8720d332"
-  integrity sha512-HkUCZffhBo7ocYheD9oZvMcDloRnGhBMOZRyVcAQRFmZPmNqSyISlXA1tQCIxW+r478fty97XXAGjNYzBjpCsg==
+"@docusaurus/plugin-content-docs@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.8.0.tgz#6aedb1261da1f0c8c2fa11cfaa6df4577a9b7826"
+  integrity sha512-fRDMFLbUN6eVRXcjP8s3Y7HpAt9pzPYh1F/7KKXOCxvJhjjCtbon4VJW0WndEPInVz4t8QUXn5QZkU2tGVCE2g==
   dependencies:
-    "@docusaurus/core" "3.4.0"
-    "@docusaurus/logger" "3.4.0"
-    "@docusaurus/mdx-loader" "3.4.0"
-    "@docusaurus/module-type-aliases" "3.4.0"
-    "@docusaurus/types" "3.4.0"
-    "@docusaurus/utils" "3.4.0"
-    "@docusaurus/utils-common" "3.4.0"
-    "@docusaurus/utils-validation" "3.4.0"
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/logger" "3.8.0"
+    "@docusaurus/mdx-loader" "3.8.0"
+    "@docusaurus/module-type-aliases" "3.8.0"
+    "@docusaurus/theme-common" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/utils-common" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
     "@types/react-router-config" "^5.0.7"
     combine-promises "^1.1.0"
     fs-extra "^11.1.1"
     js-yaml "^4.1.0"
     lodash "^4.17.21"
+    schema-dts "^1.1.2"
     tslib "^2.6.0"
     utility-types "^3.10.0"
     webpack "^5.88.1"
 
-"@docusaurus/plugin-content-pages@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.4.0.tgz#1846172ca0355c7d32a67ef8377750ce02bbb8ad"
-  integrity sha512-h2+VN/0JjpR8fIkDEAoadNjfR3oLzB+v1qSXbIAKjQ46JAHx3X22n9nqS+BWSQnTnp1AjkjSvZyJMekmcwxzxg==
+"@docusaurus/plugin-content-pages@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.8.0.tgz#2db5f990872684c621665d0d0d8d9b5831fd2999"
+  integrity sha512-39EDx2y1GA0Pxfion5tQZLNJxL4gq6susd1xzetVBjVIQtwpCdyloOfQBAgX0FylqQxfJrYqL0DIUuq7rd7uBw==
   dependencies:
-    "@docusaurus/core" "3.4.0"
-    "@docusaurus/mdx-loader" "3.4.0"
-    "@docusaurus/types" "3.4.0"
-    "@docusaurus/utils" "3.4.0"
-    "@docusaurus/utils-validation" "3.4.0"
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/mdx-loader" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
     fs-extra "^11.1.1"
     tslib "^2.6.0"
     webpack "^5.88.1"
 
-"@docusaurus/plugin-debug@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-debug/-/plugin-debug-3.4.0.tgz#74e4ec5686fa314c26f3ac150bacadbba7f06948"
-  integrity sha512-uV7FDUNXGyDSD3PwUaf5YijX91T5/H9SX4ErEcshzwgzWwBtK37nUWPU3ZLJfeTavX3fycTOqk9TglpOLaWkCg==
+"@docusaurus/plugin-css-cascade-layers@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-css-cascade-layers/-/plugin-css-cascade-layers-3.8.0.tgz#a0741ae32917a88ce7ce76b6f472495fa4bf576d"
+  integrity sha512-/VBTNymPIxQB8oA3ZQ4GFFRYdH4ZxDRRBECxyjRyv486mfUPXfcdk+im4S5mKWa6EK2JzBz95IH/Wu0qQgJ5yQ==
   dependencies:
-    "@docusaurus/core" "3.4.0"
-    "@docusaurus/types" "3.4.0"
-    "@docusaurus/utils" "3.4.0"
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
+    tslib "^2.6.0"
+
+"@docusaurus/plugin-debug@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-debug/-/plugin-debug-3.8.0.tgz#297c159ae99924e60042426d2ad6ee0d5e9126b3"
+  integrity sha512-teonJvJsDB9o2OnG6ifbhblg/PXzZvpUKHFgD8dOL1UJ58u0lk8o0ZOkvaYEBa9nDgqzoWrRk9w+e3qaG2mOhQ==
+  dependencies:
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
     fs-extra "^11.1.1"
-    react-json-view-lite "^1.2.0"
+    react-json-view-lite "^2.3.0"
     tslib "^2.6.0"
 
-"@docusaurus/plugin-google-analytics@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.4.0.tgz#5f59fc25329a59decc231936f6f9fb5663da3c55"
-  integrity sha512-mCArluxEGi3cmYHqsgpGGt3IyLCrFBxPsxNZ56Mpur0xSlInnIHoeLDH7FvVVcPJRPSQ9/MfRqLsainRw+BojA==
+"@docusaurus/plugin-google-analytics@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.8.0.tgz#fb97097af331beb13553a384081dc83607539b31"
+  integrity sha512-aKKa7Q8+3xRSRESipNvlFgNp3FNPELKhuo48Cg/svQbGNwidSHbZT03JqbW4cBaQnyyVchO1ttk+kJ5VC9Gx0w==
   dependencies:
-    "@docusaurus/core" "3.4.0"
-    "@docusaurus/types" "3.4.0"
-    "@docusaurus/utils-validation" "3.4.0"
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
     tslib "^2.6.0"
 
-"@docusaurus/plugin-google-gtag@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.4.0.tgz#42489ac5fe1c83b5523ceedd5ef74f9aa8bc251b"
-  integrity sha512-Dsgg6PLAqzZw5wZ4QjUYc8Z2KqJqXxHxq3vIoyoBWiLEEfigIs7wHR+oiWUQy3Zk9MIk6JTYj7tMoQU0Jm3nqA==
+"@docusaurus/plugin-google-gtag@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.8.0.tgz#b5a60006c28ac582859a469fb92e53d383b0a055"
+  integrity sha512-ugQYMGF4BjbAW/JIBtVcp+9eZEgT9HRdvdcDudl5rywNPBA0lct+lXMG3r17s02rrhInMpjMahN3Yc9Cb3H5/g==
   dependencies:
-    "@docusaurus/core" "3.4.0"
-    "@docusaurus/types" "3.4.0"
-    "@docusaurus/utils-validation" "3.4.0"
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
     "@types/gtag.js" "^0.0.12"
     tslib "^2.6.0"
 
-"@docusaurus/plugin-google-tag-manager@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.4.0.tgz#cebb03a5ffa1e70b37d95601442babea251329ff"
-  integrity sha512-O9tX1BTwxIhgXpOLpFDueYA9DWk69WCbDRrjYoMQtFHSkTyE7RhNgyjSPREUWJb9i+YUg3OrsvrBYRl64FCPCQ==
+"@docusaurus/plugin-google-tag-manager@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.8.0.tgz#612aa63e161fb273bf7db2591034c0142951727d"
+  integrity sha512-9juRWxbwZD3SV02Jd9QB6yeN7eu+7T4zB0bvJLcVQwi+am51wAxn2CwbdL0YCCX+9OfiXbADE8D8Q65Hbopu/w==
   dependencies:
-    "@docusaurus/core" "3.4.0"
-    "@docusaurus/types" "3.4.0"
-    "@docusaurus/utils-validation" "3.4.0"
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
     tslib "^2.6.0"
 
-"@docusaurus/plugin-sitemap@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.4.0.tgz#b091d64d1e3c6c872050189999580187537bcbc6"
-  integrity sha512-+0VDvx9SmNrFNgwPoeoCha+tRoAjopwT0+pYO1xAbyLcewXSemq+eLxEa46Q1/aoOaJQ0qqHELuQM7iS2gp33Q==
+"@docusaurus/plugin-sitemap@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.8.0.tgz#a39e3b5aa2f059aba0052ed11a6b4fbf78ac0dad"
+  integrity sha512-fGpOIyJvNiuAb90nSJ2Gfy/hUOaDu6826e5w5UxPmbpCIc7KlBHNAZ5g4L4ZuHhc4hdfq4mzVBsQSnne+8Ze1g==
   dependencies:
-    "@docusaurus/core" "3.4.0"
-    "@docusaurus/logger" "3.4.0"
-    "@docusaurus/types" "3.4.0"
-    "@docusaurus/utils" "3.4.0"
-    "@docusaurus/utils-common" "3.4.0"
-    "@docusaurus/utils-validation" "3.4.0"
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/logger" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/utils-common" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
     fs-extra "^11.1.1"
     sitemap "^7.1.1"
     tslib "^2.6.0"
 
-"@docusaurus/preset-classic@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/preset-classic/-/preset-classic-3.4.0.tgz#6082a32fbb465b0cb2c2a50ebfc277cff2c0f139"
-  integrity sha512-Ohj6KB7siKqZaQhNJVMBBUzT3Nnp6eTKqO+FXO3qu/n1hJl3YLwVKTWBg28LF7MWrKu46UuYavwMRxud0VyqHg==
+"@docusaurus/plugin-svgr@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-svgr/-/plugin-svgr-3.8.0.tgz#6d2d43f14b32b4bb2dd8dc87a70c6e78754c1e85"
+  integrity sha512-kEDyry+4OMz6BWLG/lEqrNsL/w818bywK70N1gytViw4m9iAmoxCUT7Ri9Dgs7xUdzCHJ3OujolEmD88Wy44OA==
   dependencies:
-    "@docusaurus/core" "3.4.0"
-    "@docusaurus/plugin-content-blog" "3.4.0"
-    "@docusaurus/plugin-content-docs" "3.4.0"
-    "@docusaurus/plugin-content-pages" "3.4.0"
-    "@docusaurus/plugin-debug" "3.4.0"
-    "@docusaurus/plugin-google-analytics" "3.4.0"
-    "@docusaurus/plugin-google-gtag" "3.4.0"
-    "@docusaurus/plugin-google-tag-manager" "3.4.0"
-    "@docusaurus/plugin-sitemap" "3.4.0"
-    "@docusaurus/theme-classic" "3.4.0"
-    "@docusaurus/theme-common" "3.4.0"
-    "@docusaurus/theme-search-algolia" "3.4.0"
-    "@docusaurus/types" "3.4.0"
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
+    "@svgr/core" "8.1.0"
+    "@svgr/webpack" "^8.1.0"
+    tslib "^2.6.0"
+    webpack "^5.88.1"
 
-"@docusaurus/theme-classic@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/theme-classic/-/theme-classic-3.4.0.tgz#1b0f48edec3e3ec8927843554b9f11e5927b0e52"
-  integrity sha512-0IPtmxsBYv2adr1GnZRdMkEQt1YW6tpzrUPj02YxNpvJ5+ju4E13J5tB4nfdaen/tfR1hmpSPlTFPvTf4kwy8Q==
+"@docusaurus/preset-classic@^3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/preset-classic/-/preset-classic-3.8.0.tgz#ac8bc17e3b7b443d8a24f2f1da0c0be396950fef"
+  integrity sha512-qOu6tQDOWv+rpTlKu+eJATCJVGnABpRCPuqf7LbEaQ1mNY//N/P8cHQwkpAU+aweQfarcZ0XfwCqRHJfjeSV/g==
   dependencies:
-    "@docusaurus/core" "3.4.0"
-    "@docusaurus/mdx-loader" "3.4.0"
-    "@docusaurus/module-type-aliases" "3.4.0"
-    "@docusaurus/plugin-content-blog" "3.4.0"
-    "@docusaurus/plugin-content-docs" "3.4.0"
-    "@docusaurus/plugin-content-pages" "3.4.0"
-    "@docusaurus/theme-common" "3.4.0"
-    "@docusaurus/theme-translations" "3.4.0"
-    "@docusaurus/types" "3.4.0"
-    "@docusaurus/utils" "3.4.0"
-    "@docusaurus/utils-common" "3.4.0"
-    "@docusaurus/utils-validation" "3.4.0"
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/plugin-content-blog" "3.8.0"
+    "@docusaurus/plugin-content-docs" "3.8.0"
+    "@docusaurus/plugin-content-pages" "3.8.0"
+    "@docusaurus/plugin-css-cascade-layers" "3.8.0"
+    "@docusaurus/plugin-debug" "3.8.0"
+    "@docusaurus/plugin-google-analytics" "3.8.0"
+    "@docusaurus/plugin-google-gtag" "3.8.0"
+    "@docusaurus/plugin-google-tag-manager" "3.8.0"
+    "@docusaurus/plugin-sitemap" "3.8.0"
+    "@docusaurus/plugin-svgr" "3.8.0"
+    "@docusaurus/theme-classic" "3.8.0"
+    "@docusaurus/theme-common" "3.8.0"
+    "@docusaurus/theme-search-algolia" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+
+"@docusaurus/theme-classic@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/theme-classic/-/theme-classic-3.8.0.tgz#6d44fb801b86a7c7af01cda0325af1a3300b3ac2"
+  integrity sha512-nQWFiD5ZjoT76OaELt2n33P3WVuuCz8Dt5KFRP2fCBo2r9JCLsp2GJjZpnaG24LZ5/arRjv4VqWKgpK0/YLt7g==
+  dependencies:
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/logger" "3.8.0"
+    "@docusaurus/mdx-loader" "3.8.0"
+    "@docusaurus/module-type-aliases" "3.8.0"
+    "@docusaurus/plugin-content-blog" "3.8.0"
+    "@docusaurus/plugin-content-docs" "3.8.0"
+    "@docusaurus/plugin-content-pages" "3.8.0"
+    "@docusaurus/theme-common" "3.8.0"
+    "@docusaurus/theme-translations" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/utils-common" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
     "@mdx-js/react" "^3.0.0"
     clsx "^2.0.0"
     copy-text-to-clipboard "^3.2.0"
-    infima "0.2.0-alpha.43"
+    infima "0.2.0-alpha.45"
     lodash "^4.17.21"
     nprogress "^0.2.0"
     postcss "^8.4.26"
@@ -1649,18 +2921,15 @@
     tslib "^2.6.0"
     utility-types "^3.10.0"
 
-"@docusaurus/theme-common@3.4.0", "@docusaurus/theme-common@^3.0.1":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/theme-common/-/theme-common-3.4.0.tgz#01f2b728de6cb57f6443f52fc30675cf12a5d49f"
-  integrity sha512-0A27alXuv7ZdCg28oPE8nH/Iz73/IUejVaCazqu9elS4ypjiLhK3KfzdSQBnL/g7YfHSlymZKdiOHEo8fJ0qMA==
+"@docusaurus/theme-common@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/theme-common/-/theme-common-3.8.0.tgz#102c385c3d1d3b7a6b52d1911c7e88c38d9a977e"
+  integrity sha512-YqV2vAWpXGLA+A3PMLrOMtqgTHJLDcT+1Caa6RF7N4/IWgrevy5diY8oIHFkXR/eybjcrFFjUPrHif8gSGs3Tw==
   dependencies:
-    "@docusaurus/mdx-loader" "3.4.0"
-    "@docusaurus/module-type-aliases" "3.4.0"
-    "@docusaurus/plugin-content-blog" "3.4.0"
-    "@docusaurus/plugin-content-docs" "3.4.0"
-    "@docusaurus/plugin-content-pages" "3.4.0"
-    "@docusaurus/utils" "3.4.0"
-    "@docusaurus/utils-common" "3.4.0"
+    "@docusaurus/mdx-loader" "3.8.0"
+    "@docusaurus/module-type-aliases" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/utils-common" "3.8.0"
     "@types/history" "^4.7.11"
     "@types/react" "*"
     "@types/react-router-config" "*"
@@ -1670,34 +2939,34 @@
     tslib "^2.6.0"
     utility-types "^3.10.0"
 
-"@docusaurus/theme-mermaid@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/theme-mermaid/-/theme-mermaid-3.4.0.tgz#ef1d2231d0858767f67538b4fafd7d0ce2a3e845"
-  integrity sha512-3w5QW0HEZ2O6x2w6lU3ZvOe1gNXP2HIoKDMJBil1VmLBc9PmpAG17VmfhI/p3L2etNmOiVs5GgniUqvn8AFEGQ==
+"@docusaurus/theme-mermaid@^3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/theme-mermaid/-/theme-mermaid-3.8.0.tgz#f0720ec89fd386870f30978ba984b1b126ca92a5"
+  integrity sha512-ou0NJM37p4xrVuFaZp8qFe5Z/qBq9LuyRTP4KKRa0u2J3zC4f3saBJDgc56FyvvN1OsmU0189KGEPUjTr6hFxg==
   dependencies:
-    "@docusaurus/core" "3.4.0"
-    "@docusaurus/module-type-aliases" "3.4.0"
-    "@docusaurus/theme-common" "3.4.0"
-    "@docusaurus/types" "3.4.0"
-    "@docusaurus/utils-validation" "3.4.0"
-    mermaid "^10.4.0"
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/module-type-aliases" "3.8.0"
+    "@docusaurus/theme-common" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
+    mermaid ">=11.6.0"
     tslib "^2.6.0"
 
-"@docusaurus/theme-search-algolia@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.4.0.tgz#c499bad71d668df0d0f15b0e5e33e2fc4e330fcc"
-  integrity sha512-aiHFx7OCw4Wck1z6IoShVdUWIjntC8FHCw9c5dR8r3q4Ynh+zkS8y2eFFunN/DL6RXPzpnvKCg3vhLQYJDmT9Q==
+"@docusaurus/theme-search-algolia@3.8.0", "@docusaurus/theme-search-algolia@^3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.8.0.tgz#21c2f18e07a73d13ca3b44fcf0ae9aac33bef60f"
+  integrity sha512-GBZ5UOcPgiu6nUw153+0+PNWvFKweSnvKIL6Rp04H9olKb475jfKjAwCCtju5D2xs5qXHvCMvzWOg5o9f6DtuQ==
   dependencies:
-    "@docsearch/react" "^3.5.2"
-    "@docusaurus/core" "3.4.0"
-    "@docusaurus/logger" "3.4.0"
-    "@docusaurus/plugin-content-docs" "3.4.0"
-    "@docusaurus/theme-common" "3.4.0"
-    "@docusaurus/theme-translations" "3.4.0"
-    "@docusaurus/utils" "3.4.0"
-    "@docusaurus/utils-validation" "3.4.0"
-    algoliasearch "^4.18.0"
-    algoliasearch-helper "^3.13.3"
+    "@docsearch/react" "^3.9.0"
+    "@docusaurus/core" "3.8.0"
+    "@docusaurus/logger" "3.8.0"
+    "@docusaurus/plugin-content-docs" "3.8.0"
+    "@docusaurus/theme-common" "3.8.0"
+    "@docusaurus/theme-translations" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/utils-validation" "3.8.0"
+    algoliasearch "^5.17.1"
+    algoliasearch-helper "^3.22.6"
     clsx "^2.0.0"
     eta "^2.2.0"
     fs-extra "^11.1.1"
@@ -1705,15 +2974,30 @@
     tslib "^2.6.0"
     utility-types "^3.10.0"
 
-"@docusaurus/theme-translations@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/theme-translations/-/theme-translations-3.4.0.tgz#e6355d01352886c67e38e848b2542582ea3070af"
-  integrity sha512-zSxCSpmQCCdQU5Q4CnX/ID8CSUUI3fvmq4hU/GNP/XoAWtXo9SAVnM3TzpU8Gb//H3WCsT8mJcTfyOk3d9ftNg==
+"@docusaurus/theme-translations@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/theme-translations/-/theme-translations-3.8.0.tgz#deb64dccab74361624c3cb352a4949a7ac868c74"
+  integrity sha512-1DTy/snHicgkCkryWq54fZvsAglTdjTx4qjOXgqnXJ+DIty1B+aPQrAVUu8LiM+6BiILfmNxYsxhKTj+BS3PZg==
   dependencies:
     fs-extra "^11.1.1"
     tslib "^2.6.0"
 
-"@docusaurus/types@3.4.0", "@docusaurus/types@^3.0.0":
+"@docusaurus/types@3.8.0", "@docusaurus/types@^3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/types/-/types-3.8.0.tgz#f6cd31c4e3e392e0270b8137d7fe4365ea7a022e"
+  integrity sha512-RDEClpwNxZq02c+JlaKLWoS13qwWhjcNsi2wG1UpzmEnuti/z1Wx4SGpqbUqRPNSd8QWWePR8Cb7DvG0VN/TtA==
+  dependencies:
+    "@mdx-js/mdx" "^3.0.0"
+    "@types/history" "^4.7.11"
+    "@types/react" "*"
+    commander "^5.1.0"
+    joi "^17.9.2"
+    react-helmet-async "npm:@slorber/react-helmet-async@1.3.0"
+    utility-types "^3.10.0"
+    webpack "^5.95.0"
+    webpack-merge "^5.9.0"
+
+"@docusaurus/types@^3.0.0":
   version "3.4.0"
   resolved "https://registry.yarnpkg.com/@docusaurus/types/-/types-3.4.0.tgz#237c3f737e9db3f7c1a5935a3ef48d6eadde8292"
   integrity sha512-4jcDO8kXi5Cf9TcyikB/yKmz14f2RZ2qTRerbHAsS+5InE9ZgSLBNLsewtFTcTOXSVcbU3FoGOzcNWAmU1TR0A==
@@ -1728,36 +3012,38 @@
     webpack "^5.88.1"
     webpack-merge "^5.9.0"
 
-"@docusaurus/utils-common@3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/utils-common/-/utils-common-3.4.0.tgz#2a43fefd35b85ab9fcc6833187e66c15f8bfbbc6"
-  integrity sha512-NVx54Wr4rCEKsjOH5QEVvxIqVvm+9kh7q8aYTU5WzUU9/Hctd6aTrcZ3G0Id4zYJ+AeaG5K5qHA4CY5Kcm2iyQ==
+"@docusaurus/utils-common@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/utils-common/-/utils-common-3.8.0.tgz#2b1a6b1ec4a7fac62f1898d523d42f8cc4a8258f"
+  integrity sha512-3TGF+wVTGgQ3pAc9+5jVchES4uXUAhAt9pwv7uws4mVOxL4alvU3ue/EZ+R4XuGk94pDy7CNXjRXpPjlfZXQfw==
   dependencies:
+    "@docusaurus/types" "3.8.0"
     tslib "^2.6.0"
 
-"@docusaurus/utils-validation@3.4.0", "@docusaurus/utils-validation@^3.0.1":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/utils-validation/-/utils-validation-3.4.0.tgz#0176f6e503ff45f4390ec2ecb69550f55e0b5eb7"
-  integrity sha512-hYQ9fM+AXYVTWxJOT1EuNaRnrR2WGpRdLDQG07O8UOpsvCPWUVOeo26Rbm0JWY2sGLfzAb+tvJ62yF+8F+TV0g==
+"@docusaurus/utils-validation@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/utils-validation/-/utils-validation-3.8.0.tgz#aa02e9d998e20998fbcaacd94873878bc3b9a4cd"
+  integrity sha512-MrnEbkigr54HkdFeg8e4FKc4EF+E9dlVwsY3XQZsNkbv3MKZnbHQ5LsNJDIKDROFe8PBf5C4qCAg5TPBpsjrjg==
   dependencies:
-    "@docusaurus/logger" "3.4.0"
-    "@docusaurus/utils" "3.4.0"
-    "@docusaurus/utils-common" "3.4.0"
+    "@docusaurus/logger" "3.8.0"
+    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/utils-common" "3.8.0"
     fs-extra "^11.2.0"
     joi "^17.9.2"
     js-yaml "^4.1.0"
     lodash "^4.17.21"
     tslib "^2.6.0"
 
-"@docusaurus/utils@3.4.0", "@docusaurus/utils@^3.0.1":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/utils/-/utils-3.4.0.tgz#c508e20627b7a55e2b541e4a28c95e0637d6a204"
-  integrity sha512-fRwnu3L3nnWaXOgs88BVBmG1yGjcQqZNHG+vInhEa2Sz2oQB+ZjbEMO5Rh9ePFpZ0YDiDUhpaVjwmS+AU2F14g==
+"@docusaurus/utils@3.8.0":
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/@docusaurus/utils/-/utils-3.8.0.tgz#92bad89d2a11f5f246196af153093b12cd79f9ac"
+  integrity sha512-2wvtG28ALCN/A1WCSLxPASFBFzXCnP0YKCAFIPcvEb6imNu1wg7ni/Svcp71b3Z2FaOFFIv4Hq+j4gD7gA0yfQ==
   dependencies:
-    "@docusaurus/logger" "3.4.0"
-    "@docusaurus/utils-common" "3.4.0"
-    "@svgr/webpack" "^8.1.0"
+    "@docusaurus/logger" "3.8.0"
+    "@docusaurus/types" "3.8.0"
+    "@docusaurus/utils-common" "3.8.0"
     escape-string-regexp "^4.0.0"
+    execa "5.1.1"
     file-loader "^6.2.0"
     fs-extra "^11.1.1"
     github-slugger "^1.5.0"
@@ -1767,9 +3053,9 @@
     js-yaml "^4.1.0"
     lodash "^4.17.21"
     micromatch "^4.0.5"
+    p-queue "^6.6.2"
     prompts "^2.4.2"
     resolve-pathname "^3.0.0"
-    shelljs "^0.8.5"
     tslib "^2.6.0"
     url-loader "^4.1.1"
     utility-types "^3.10.0"
@@ -1815,6 +3101,25 @@
   resolved "https://registry.yarnpkg.com/@hookform/error-message/-/error-message-2.0.1.tgz#6a37419106e13664ad6a29c9dae699ae6cd276b8"
   integrity sha512-U410sAr92xgxT1idlu9WWOVjndxLdgPUHEB8Schr27C9eh7/xUnITWpCMF93s+lGiG++D4JnbSnrb5A21AdSNg==
 
+"@iconify/types@^2.0.0":
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/@iconify/types/-/types-2.0.0.tgz#ab0e9ea681d6c8a1214f30cd741fe3a20cc57f57"
+  integrity sha512-+wluvCrRhXrhyOmRDJ3q8mux9JkKy5SJ/v8ol2tu4FVjyYvtEzkc/3pK15ET6RKg4b4w4BmTk1+gsCUhf21Ykg==
+
+"@iconify/utils@^2.1.33":
+  version "2.3.0"
+  resolved "https://registry.yarnpkg.com/@iconify/utils/-/utils-2.3.0.tgz#1bbbf8c477ebe9a7cacaea78b1b7e8937f9cbfba"
+  integrity sha512-GmQ78prtwYW6EtzXRU1rY+KwOKfz32PD7iJh6Iyqw68GiKuoZ2A6pRtzWONz5VQJbp50mEjXh/7NkumtrAgRKA==
+  dependencies:
+    "@antfu/install-pkg" "^1.0.0"
+    "@antfu/utils" "^8.1.0"
+    "@iconify/types" "^2.0.0"
+    debug "^4.4.0"
+    globals "^15.14.0"
+    kolorist "^1.8.0"
+    local-pkg "^1.0.0"
+    mlly "^1.7.4"
+
 "@isaacs/cliui@^8.0.2":
   version "8.0.2"
   resolved "https://registry.yarnpkg.com/@isaacs/cliui/-/cliui-8.0.2.tgz#b37667b7bc181c168782259bab42474fbf52b550"
@@ -1932,6 +3237,56 @@
   dependencies:
     "@types/mdx" "^2.0.0"
 
+"@mermaid-js/parser@^0.4.0":
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/@mermaid-js/parser/-/parser-0.4.0.tgz#c1de1f5669f8fcbd0d0c9d124927d36ddc00d8a6"
+  integrity sha512-wla8XOWvQAwuqy+gxiZqY+c7FokraOTHRWMsbB4AgRx9Sy7zKslNyejy7E+a77qHfey5GXw/ik3IXv/NHMJgaA==
+  dependencies:
+    langium "3.3.1"
+
+"@module-federation/error-codes@0.14.0":
+  version "0.14.0"
+  resolved "https://registry.yarnpkg.com/@module-federation/error-codes/-/error-codes-0.14.0.tgz#d54581bfb998ce9ace4cb33f8795c644e461bfeb"
+  integrity sha512-GGk+EoeSACJikZZyShnLshtq9E2eCrDWbRiB4QAFXCX4oYmGgFfzXlx59vMNwqTKPJWxkEGnPYacJMcr2YYjag==
+
+"@module-federation/runtime-core@0.14.0":
+  version "0.14.0"
+  resolved "https://registry.yarnpkg.com/@module-federation/runtime-core/-/runtime-core-0.14.0.tgz#a00a3666cc25a8bb822a36552c631e6e3f7326cc"
+  integrity sha512-fGE1Ro55zIFDp/CxQuRhKQ1pJvG7P0qvRm2N+4i8z++2bgDjcxnCKUqDJ8lLD+JfJQvUJf0tuSsJPgevzueD4g==
+  dependencies:
+    "@module-federation/error-codes" "0.14.0"
+    "@module-federation/sdk" "0.14.0"
+
+"@module-federation/runtime-tools@0.14.0":
+  version "0.14.0"
+  resolved "https://registry.yarnpkg.com/@module-federation/runtime-tools/-/runtime-tools-0.14.0.tgz#f5b5f3d19605b6d7c90ed278dc00a5400f1aa49d"
+  integrity sha512-y/YN0c2DKsLETE+4EEbmYWjqF9G6ZwgZoDIPkaQ9p0pQu0V4YxzWfQagFFxR0RigYGuhJKmSU/rtNoHq+qF8jg==
+  dependencies:
+    "@module-federation/runtime" "0.14.0"
+    "@module-federation/webpack-bundler-runtime" "0.14.0"
+
+"@module-federation/runtime@0.14.0":
+  version "0.14.0"
+  resolved "https://registry.yarnpkg.com/@module-federation/runtime/-/runtime-0.14.0.tgz#e04012d2d928275fd00525904c0b4f8be514dc70"
+  integrity sha512-kR3cyHw/Y64SEa7mh4CHXOEQYY32LKLK75kJOmBroLNLO7/W01hMNAvGBYTedS7hWpVuefPk1aFZioy3q2VLdQ==
+  dependencies:
+    "@module-federation/error-codes" "0.14.0"
+    "@module-federation/runtime-core" "0.14.0"
+    "@module-federation/sdk" "0.14.0"
+
+"@module-federation/sdk@0.14.0":
+  version "0.14.0"
+  resolved "https://registry.yarnpkg.com/@module-federation/sdk/-/sdk-0.14.0.tgz#efa38341b7601f58967397cc630068f69691b931"
+  integrity sha512-lg/OWRsh18hsyTCamOOhEX546vbDiA2O4OggTxxH2wTGr156N6DdELGQlYIKfRdU/0StgtQS81Goc0BgDZlx9A==
+
+"@module-federation/webpack-bundler-runtime@0.14.0":
+  version "0.14.0"
+  resolved "https://registry.yarnpkg.com/@module-federation/webpack-bundler-runtime/-/webpack-bundler-runtime-0.14.0.tgz#21a82505f95fdb3cb202786f8dc20611b4d7f93c"
+  integrity sha512-POWS6cKBicAAQ3DNY5X7XEUSfOfUsRaBNxbuwEfSGlrkTE9UcWheO06QP2ndHi8tHQuUKcIHi2navhPkJ+k5xg==
+  dependencies:
+    "@module-federation/runtime" "0.14.0"
+    "@module-federation/sdk" "0.14.0"
+
 "@nodelib/fs.scandir@2.1.5":
   version "2.1.5"
   resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5"
@@ -1953,6 +3308,95 @@
     "@nodelib/fs.scandir" "2.1.5"
     fastq "^1.6.0"
 
+"@parcel/watcher-android-arm64@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-android-arm64/-/watcher-android-arm64-2.5.1.tgz#507f836d7e2042f798c7d07ad19c3546f9848ac1"
+  integrity sha512-KF8+j9nNbUN8vzOFDpRMsaKBHZ/mcjEjMToVMJOhTozkDonQFFrRcfdLWn6yWKCmJKmdVxSgHiYvTCef4/qcBA==
+
+"@parcel/watcher-darwin-arm64@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-darwin-arm64/-/watcher-darwin-arm64-2.5.1.tgz#3d26dce38de6590ef79c47ec2c55793c06ad4f67"
+  integrity sha512-eAzPv5osDmZyBhou8PoF4i6RQXAfeKL9tjb3QzYuccXFMQU0ruIc/POh30ePnaOyD1UXdlKguHBmsTs53tVoPw==
+
+"@parcel/watcher-darwin-x64@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-darwin-x64/-/watcher-darwin-x64-2.5.1.tgz#99f3af3869069ccf774e4ddfccf7e64fd2311ef8"
+  integrity sha512-1ZXDthrnNmwv10A0/3AJNZ9JGlzrF82i3gNQcWOzd7nJ8aj+ILyW1MTxVk35Db0u91oD5Nlk9MBiujMlwmeXZg==
+
+"@parcel/watcher-freebsd-x64@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-freebsd-x64/-/watcher-freebsd-x64-2.5.1.tgz#14d6857741a9f51dfe51d5b08b7c8afdbc73ad9b"
+  integrity sha512-SI4eljM7Flp9yPuKi8W0ird8TI/JK6CSxju3NojVI6BjHsTyK7zxA9urjVjEKJ5MBYC+bLmMcbAWlZ+rFkLpJQ==
+
+"@parcel/watcher-linux-arm-glibc@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-linux-arm-glibc/-/watcher-linux-arm-glibc-2.5.1.tgz#43c3246d6892381db473bb4f663229ad20b609a1"
+  integrity sha512-RCdZlEyTs8geyBkkcnPWvtXLY44BCeZKmGYRtSgtwwnHR4dxfHRG3gR99XdMEdQ7KeiDdasJwwvNSF5jKtDwdA==
+
+"@parcel/watcher-linux-arm-musl@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-linux-arm-musl/-/watcher-linux-arm-musl-2.5.1.tgz#663750f7090bb6278d2210de643eb8a3f780d08e"
+  integrity sha512-6E+m/Mm1t1yhB8X412stiKFG3XykmgdIOqhjWj+VL8oHkKABfu/gjFj8DvLrYVHSBNC+/u5PeNrujiSQ1zwd1Q==
+
+"@parcel/watcher-linux-arm64-glibc@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-linux-arm64-glibc/-/watcher-linux-arm64-glibc-2.5.1.tgz#ba60e1f56977f7e47cd7e31ad65d15fdcbd07e30"
+  integrity sha512-LrGp+f02yU3BN9A+DGuY3v3bmnFUggAITBGriZHUREfNEzZh/GO06FF5u2kx8x+GBEUYfyTGamol4j3m9ANe8w==
+
+"@parcel/watcher-linux-arm64-musl@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-linux-arm64-musl/-/watcher-linux-arm64-musl-2.5.1.tgz#f7fbcdff2f04c526f96eac01f97419a6a99855d2"
+  integrity sha512-cFOjABi92pMYRXS7AcQv9/M1YuKRw8SZniCDw0ssQb/noPkRzA+HBDkwmyOJYp5wXcsTrhxO0zq1U11cK9jsFg==
+
+"@parcel/watcher-linux-x64-glibc@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-linux-x64-glibc/-/watcher-linux-x64-glibc-2.5.1.tgz#4d2ea0f633eb1917d83d483392ce6181b6a92e4e"
+  integrity sha512-GcESn8NZySmfwlTsIur+49yDqSny2IhPeZfXunQi48DMugKeZ7uy1FX83pO0X22sHntJ4Ub+9k34XQCX+oHt2A==
+
+"@parcel/watcher-linux-x64-musl@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-linux-x64-musl/-/watcher-linux-x64-musl-2.5.1.tgz#277b346b05db54f55657301dd77bdf99d63606ee"
+  integrity sha512-n0E2EQbatQ3bXhcH2D1XIAANAcTZkQICBPVaxMeaCVBtOpBZpWJuf7LwyWPSBDITb7In8mqQgJ7gH8CILCURXg==
+
+"@parcel/watcher-win32-arm64@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-win32-arm64/-/watcher-win32-arm64-2.5.1.tgz#7e9e02a26784d47503de1d10e8eab6cceb524243"
+  integrity sha512-RFzklRvmc3PkjKjry3hLF9wD7ppR4AKcWNzH7kXR7GUe0Igb3Nz8fyPwtZCSquGrhU5HhUNDr/mKBqj7tqA2Vw==
+
+"@parcel/watcher-win32-ia32@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-win32-ia32/-/watcher-win32-ia32-2.5.1.tgz#2d0f94fa59a873cdc584bf7f6b1dc628ddf976e6"
+  integrity sha512-c2KkcVN+NJmuA7CGlaGD1qJh1cLfDnQsHjE89E60vUEMlqduHGCdCLJCID5geFVM0dOtA3ZiIO8BoEQmzQVfpQ==
+
+"@parcel/watcher-win32-x64@2.5.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher-win32-x64/-/watcher-win32-x64-2.5.1.tgz#ae52693259664ba6f2228fa61d7ee44b64ea0947"
+  integrity sha512-9lHBdJITeNR++EvSQVUcaZoWupyHfXe1jZvGZ06O/5MflPcuPLtEphScIBL+AiCWBO46tDSHzWyD0uDmmZqsgA==
+
+"@parcel/watcher@^2.4.1":
+  version "2.5.1"
+  resolved "https://registry.yarnpkg.com/@parcel/watcher/-/watcher-2.5.1.tgz#342507a9cfaaf172479a882309def1e991fb1200"
+  integrity sha512-dfUnCxiN9H4ap84DvD2ubjw+3vUNpstxa0TneY/Paat8a3R4uQZDLSvWjmznAY/DoahqTHl9V46HF/Zs3F29pg==
+  dependencies:
+    detect-libc "^1.0.3"
+    is-glob "^4.0.3"
+    micromatch "^4.0.5"
+    node-addon-api "^7.0.0"
+  optionalDependencies:
+    "@parcel/watcher-android-arm64" "2.5.1"
+    "@parcel/watcher-darwin-arm64" "2.5.1"
+    "@parcel/watcher-darwin-x64" "2.5.1"
+    "@parcel/watcher-freebsd-x64" "2.5.1"
+    "@parcel/watcher-linux-arm-glibc" "2.5.1"
+    "@parcel/watcher-linux-arm-musl" "2.5.1"
+    "@parcel/watcher-linux-arm64-glibc" "2.5.1"
+    "@parcel/watcher-linux-arm64-musl" "2.5.1"
+    "@parcel/watcher-linux-x64-glibc" "2.5.1"
+    "@parcel/watcher-linux-x64-musl" "2.5.1"
+    "@parcel/watcher-win32-arm64" "2.5.1"
+    "@parcel/watcher-win32-ia32" "2.5.1"
+    "@parcel/watcher-win32-x64" "2.5.1"
+
 "@pkgjs/parseargs@^0.11.0":
   version "0.11.0"
   resolved "https://registry.yarnpkg.com/@pkgjs/parseargs/-/parseargs-0.11.0.tgz#a77ea742fab25775145434eb1d2328cf5013ac33"
@@ -2025,6 +3469,81 @@
     redux-thunk "^2.4.2"
     reselect "^4.1.8"
 
+"@rspack/binding-darwin-arm64@1.3.12":
+  version "1.3.12"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-darwin-arm64/-/binding-darwin-arm64-1.3.12.tgz#2e7cc00b813dcb155572908d956ab1d75d9747a5"
+  integrity sha512-8hKjVTBeWPqkMzFPNWIh72oU9O3vFy3e88wRjMPImDCXBiEYrKqGTTLd/J0SO+efdL3SBD1rX1IvdJpxCv6Yrw==
+
+"@rspack/binding-darwin-x64@1.3.12":
+  version "1.3.12"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-darwin-x64/-/binding-darwin-x64-1.3.12.tgz#cb148cc62658d74204621a695e1698cda82877f9"
+  integrity sha512-Sj4m+mCUxL7oCpdu7OmWT7fpBM7hywk5CM9RDc3D7StaBZbvNtNftafCrTZzTYKuZrKmemTh5SFzT5Tz7tf6GA==
+
+"@rspack/binding-linux-arm64-gnu@1.3.12":
+  version "1.3.12"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.3.12.tgz#79820857dfbd3819e0026da507c271531c013d0c"
+  integrity sha512-7MuOxf3/Mhv4mgFdLTvgnt/J+VouNR65DEhorth+RZm3LEWojgoFEphSAMAvpvAOpYSS68Sw4SqsOZi719ia2w==
+
+"@rspack/binding-linux-arm64-musl@1.3.12":
+  version "1.3.12"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.3.12.tgz#a794dfe8df6bf75af217597881592add6f6b046e"
+  integrity sha512-s6KKj20T9Z1bA8caIjU6EzJbwyDo1URNFgBAlafCT2UC6yX7flstDJJ38CxZacA9A2P24RuQK2/jPSZpWrTUFA==
+
+"@rspack/binding-linux-x64-gnu@1.3.12":
+  version "1.3.12"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.3.12.tgz#a0e23831a1374d9039a4b29e927cef58a485085c"
+  integrity sha512-0w/sRREYbRgHgWvs2uMEJSLfvzbZkPHUg6CMcYQGNVK6axYRot6jPyKetyFYA9pR5fB5rsXegpnFaZaVrRIK2g==
+
+"@rspack/binding-linux-x64-musl@1.3.12":
+  version "1.3.12"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-linux-x64-musl/-/binding-linux-x64-musl-1.3.12.tgz#61620efda6a6805689890c130e6b38c1725baaf4"
+  integrity sha512-jEdxkPymkRxbijDRsBGdhopcbGXiXDg59lXqIRkVklqbDmZ/O6DHm7gImmlx5q9FoWbz0gqJuOKBz4JqWxjWVA==
+
+"@rspack/binding-win32-arm64-msvc@1.3.12":
+  version "1.3.12"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.3.12.tgz#46d874df8bd5b84e82ea83480969f7e0293ccd82"
+  integrity sha512-ZRvUCb3TDLClAqcTsl/o9UdJf0B5CgzAxgdbnYJbldyuyMeTUB4jp20OfG55M3C2Nute2SNhu2bOOp9Se5Ongw==
+
+"@rspack/binding-win32-ia32-msvc@1.3.12":
+  version "1.3.12"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-win32-ia32-msvc/-/binding-win32-ia32-msvc-1.3.12.tgz#fec435e31e56f3d58b4fa52746643d1d593b2b89"
+  integrity sha512-1TKPjuXStPJr14f3ZHuv40Xc/87jUXx10pzVtrPnw+f3hckECHrbYU/fvbVzZyuXbsXtkXpYca6ygCDRJAoNeQ==
+
+"@rspack/binding-win32-x64-msvc@1.3.12":
+  version "1.3.12"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.3.12.tgz#33b73cbab75920cf8a92e7245a794970f8508b6c"
+  integrity sha512-lCR0JfnYKpV+a6r2A2FdxyUKUS4tajePgpPJN5uXDgMGwrDtRqvx+d0BHhwjFudQVJq9VVbRaL89s2MQ6u+xYw==
+
+"@rspack/binding@1.3.12":
+  version "1.3.12"
+  resolved "https://registry.yarnpkg.com/@rspack/binding/-/binding-1.3.12.tgz#0a8356fdbd89f08cda3e9bb8aff4ea781dfe972e"
+  integrity sha512-4Ic8lV0+LCBfTlH5aIOujIRWZOtgmG223zC4L3o8WY/+ESAgpdnK6lSSMfcYgRanYLAy3HOmFIp20jwskMpbAg==
+  optionalDependencies:
+    "@rspack/binding-darwin-arm64" "1.3.12"
+    "@rspack/binding-darwin-x64" "1.3.12"
+    "@rspack/binding-linux-arm64-gnu" "1.3.12"
+    "@rspack/binding-linux-arm64-musl" "1.3.12"
+    "@rspack/binding-linux-x64-gnu" "1.3.12"
+    "@rspack/binding-linux-x64-musl" "1.3.12"
+    "@rspack/binding-win32-arm64-msvc" "1.3.12"
+    "@rspack/binding-win32-ia32-msvc" "1.3.12"
+    "@rspack/binding-win32-x64-msvc" "1.3.12"
+
+"@rspack/core@^1.3.10":
+  version "1.3.12"
+  resolved "https://registry.yarnpkg.com/@rspack/core/-/core-1.3.12.tgz#68df0111cfac7e8f9dfa11a608ac8731181b5483"
+  integrity sha512-mAPmV4LPPRgxpouUrGmAE4kpF1NEWJGyM5coebsjK/zaCMSjw3mkdxiU2b5cO44oIi0Ifv5iGkvwbdrZOvMyFA==
+  dependencies:
+    "@module-federation/runtime-tools" "0.14.0"
+    "@rspack/binding" "1.3.12"
+    "@rspack/lite-tapable" "1.0.1"
+    caniuse-lite "^1.0.30001718"
+
+"@rspack/lite-tapable@1.0.1":
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/@rspack/lite-tapable/-/lite-tapable-1.0.1.tgz#d4540a5d28bd6177164bc0ba0bee4bdec0458591"
+  integrity sha512-VynGOEsVw2s8TAlLf/uESfrgfrq2+rcXB1muPJYBWbsm1Oa6r5qVQhjA5ggM6z/coYPrsVMgovl3Ff7Q7OCp1w==
+
 "@sideway/address@^4.1.5":
   version "4.1.5"
   resolved "https://registry.yarnpkg.com/@sideway/address/-/address-4.1.5.tgz#4bc149a0076623ced99ca8208ba780d65a99b9d5"
@@ -2172,84 +3691,152 @@
     "@svgr/plugin-jsx" "8.1.0"
     "@svgr/plugin-svgo" "8.1.0"
 
-"@swc/core-darwin-arm64@1.6.1":
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/@swc/core-darwin-arm64/-/core-darwin-arm64-1.6.1.tgz#72d861fb7094b7a0004f4f300e2c5d4ea1549d9e"
-  integrity sha512-u6GdwOXsOEdNAdSI6nWq6G2BQw5HiSNIZVcBaH1iSvBnxZvWbnIKyDiZKaYnDwTLHLzig2GuUjjE2NaCJPy4jg==
+"@swc/core-darwin-arm64@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/core-darwin-arm64/-/core-darwin-arm64-1.11.29.tgz#bf66e3f4f00e6fe9d95e8a33f780e6c40fca946d"
+  integrity sha512-whsCX7URzbuS5aET58c75Dloby3Gtj/ITk2vc4WW6pSDQKSPDuONsIcZ7B2ng8oz0K6ttbi4p3H/PNPQLJ4maQ==
 
-"@swc/core-darwin-x64@1.6.1":
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/@swc/core-darwin-x64/-/core-darwin-x64-1.6.1.tgz#8b7070fcee4a4570d0af245c4614ca4e492dfd5b"
-  integrity sha512-/tXwQibkDNLVbAtr7PUQI0iQjoB708fjhDDDfJ6WILSBVZ3+qs/LHjJ7jHwumEYxVq1XA7Fv2Q7SE/ZSQoWHcQ==
+"@swc/core-darwin-x64@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/core-darwin-x64/-/core-darwin-x64-1.11.29.tgz#0a77d2d79ef2c789f9d40a86784bbf52c5f9877f"
+  integrity sha512-S3eTo/KYFk+76cWJRgX30hylN5XkSmjYtCBnM4jPLYn7L6zWYEPajsFLmruQEiTEDUg0gBEWLMNyUeghtswouw==
 
-"@swc/core-linux-arm-gnueabihf@1.6.1":
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm-gnueabihf/-/core-linux-arm-gnueabihf-1.6.1.tgz#bea6d2e75127bbc65a664284f012ffa90c8325d5"
-  integrity sha512-aDgipxhJTms8iH78emHVutFR2c16LNhO+NTRCdYi+X4PyIn58/DyYTH6VDZ0AeEcS5f132ZFldU5AEgExwihXA==
+"@swc/core-linux-arm-gnueabihf@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm-gnueabihf/-/core-linux-arm-gnueabihf-1.11.29.tgz#80fa3a6a36034ffdbbba73e26c8f27cb13111a33"
+  integrity sha512-o9gdshbzkUMG6azldHdmKklcfrcMx+a23d/2qHQHPDLUPAN+Trd+sDQUYArK5Fcm7TlpG4sczz95ghN0DMkM7g==
 
-"@swc/core-linux-arm64-gnu@1.6.1":
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm64-gnu/-/core-linux-arm64-gnu-1.6.1.tgz#5c84d804ec23cf54b31c0bc0b4bdd30ec5d43ce8"
-  integrity sha512-XkJ+eO4zUKG5g458RyhmKPyBGxI0FwfWFgpfIj5eDybxYJ6s4HBT5MoxyBLorB5kMlZ0XoY/usUMobPVY3nL0g==
+"@swc/core-linux-arm64-gnu@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm64-gnu/-/core-linux-arm64-gnu-1.11.29.tgz#42da87f445bc3e26da01d494246884006d9b9a1a"
+  integrity sha512-sLoaciOgUKQF1KX9T6hPGzvhOQaJn+3DHy4LOHeXhQqvBgr+7QcZ+hl4uixPKTzxk6hy6Hb0QOvQEdBAAR1gXw==
 
-"@swc/core-linux-arm64-musl@1.6.1":
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm64-musl/-/core-linux-arm64-musl-1.6.1.tgz#e167a350bec12caebc97304068c3ffbad6c398ce"
-  integrity sha512-dr6YbLBg/SsNxs1hDqJhxdcrS8dGMlOXJwXIrUvACiA8jAd6S5BxYCaqsCefLYXtaOmu0bbx1FB/evfodqB70Q==
+"@swc/core-linux-arm64-musl@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm64-musl/-/core-linux-arm64-musl-1.11.29.tgz#c9cec610525dc9e9b11ef26319db3780812dfa54"
+  integrity sha512-PwjB10BC0N+Ce7RU/L23eYch6lXFHz7r3NFavIcwDNa/AAqywfxyxh13OeRy+P0cg7NDpWEETWspXeI4Ek8otw==
 
-"@swc/core-linux-x64-gnu@1.6.1":
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/@swc/core-linux-x64-gnu/-/core-linux-x64-gnu-1.6.1.tgz#fdd4e1d63b3e53d195e2ddcb9cb5ad9f31995796"
-  integrity sha512-A0b/3V+yFy4LXh3O9umIE7LXPC7NBWdjl6AQYqymSMcMu0EOb1/iygA6s6uWhz9y3e172Hpb9b/CGsuD8Px/bg==
+"@swc/core-linux-x64-gnu@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-x64-gnu/-/core-linux-x64-gnu-1.11.29.tgz#1cda2df38a4ab8905ba6ac3aa16e4ad710b6f2de"
+  integrity sha512-i62vBVoPaVe9A3mc6gJG07n0/e7FVeAvdD9uzZTtGLiuIfVfIBta8EMquzvf+POLycSk79Z6lRhGPZPJPYiQaA==
 
-"@swc/core-linux-x64-musl@1.6.1":
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/@swc/core-linux-x64-musl/-/core-linux-x64-musl-1.6.1.tgz#81a312dd9e62da5f4c48e3cd23b6c6d28a31ac42"
-  integrity sha512-5dJjlzZXhC87nZZZWbpiDP8kBIO0ibis893F/rtPIQBI5poH+iJuA32EU3wN4/WFHeK4et8z6SGSVghPtWyk4g==
+"@swc/core-linux-x64-musl@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-x64-musl/-/core-linux-x64-musl-1.11.29.tgz#5d634efff33f47c8d6addd84291ab606903d1cfd"
+  integrity sha512-YER0XU1xqFdK0hKkfSVX1YIyCvMDI7K07GIpefPvcfyNGs38AXKhb2byySDjbVxkdl4dycaxxhRyhQ2gKSlsFQ==
 
-"@swc/core-win32-arm64-msvc@1.6.1":
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/@swc/core-win32-arm64-msvc/-/core-win32-arm64-msvc-1.6.1.tgz#e131f579a69c5d807013e54ccb311e10caa27bcb"
-  integrity sha512-HBi1ZlwvfcUibLtT3g/lP57FaDPC799AD6InolB2KSgkqyBbZJ9wAXM8/CcH67GLIP0tZ7FqblrJTzGXxetTJQ==
+"@swc/core-win32-arm64-msvc@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/core-win32-arm64-msvc/-/core-win32-arm64-msvc-1.11.29.tgz#bc54f2e3f8f180113b7a092b1ee1eaaab24df62b"
+  integrity sha512-po+WHw+k9g6FAg5IJ+sMwtA/fIUL3zPQ4m/uJgONBATCVnDDkyW6dBA49uHNVtSEvjvhuD8DVWdFP847YTcITw==
 
-"@swc/core-win32-ia32-msvc@1.6.1":
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/@swc/core-win32-ia32-msvc/-/core-win32-ia32-msvc-1.6.1.tgz#9f3d88cf0e826aa8222a695177a065ed2899eb21"
-  integrity sha512-AKqHohlWERclexar5y6ux4sQ8yaMejEXNxeKXm7xPhXrp13/1p4/I3E5bPVX/jMnvpm4HpcKSP0ee2WsqmhhPw==
+"@swc/core-win32-ia32-msvc@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/core-win32-ia32-msvc/-/core-win32-ia32-msvc-1.11.29.tgz#f1df344c06283643d1fe66c6931b350347b73722"
+  integrity sha512-h+NjOrbqdRBYr5ItmStmQt6x3tnhqgwbj9YxdGPepbTDamFv7vFnhZR0YfB3jz3UKJ8H3uGJ65Zw1VsC+xpFkg==
 
-"@swc/core-win32-x64-msvc@1.6.1":
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/@swc/core-win32-x64-msvc/-/core-win32-x64-msvc-1.6.1.tgz#b2082710bc46c484a2c9f2e33a15973806e5031d"
-  integrity sha512-0dLdTLd+ONve8kgC5T6VQ2Y5G+OZ7y0ujjapnK66wpvCBM6BKYGdT/OKhZKZydrC5gUKaxFN6Y5oOt9JOFUrOQ==
+"@swc/core-win32-x64-msvc@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/core-win32-x64-msvc/-/core-win32-x64-msvc-1.11.29.tgz#a6f9dc1df66c8db96d70091abedd78cc52544724"
+  integrity sha512-Q8cs2BDV9wqDvqobkXOYdC+pLUSEpX/KvI0Dgfun1F+LzuLotRFuDhrvkU9ETJA6OnD2+Fn/ieHgloiKA/Mn/g==
 
-"@swc/core@^1.3.74":
-  version "1.6.1"
-  resolved "https://registry.yarnpkg.com/@swc/core/-/core-1.6.1.tgz#a899a205cfaa8e23f805451ef4787987e03b8920"
-  integrity sha512-Yz5uj5hNZpS5brLtBvKY0L4s2tBAbQ4TjmW8xF1EC3YLFxQRrUjMP49Zm1kp/KYyYvTkSaG48Ffj2YWLu9nChw==
+"@swc/core@^1.7.39":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/core/-/core-1.11.29.tgz#bce20113c47fcd6251d06262b8b8c063f8e86a20"
+  integrity sha512-g4mThMIpWbNhV8G2rWp5a5/Igv8/2UFRJx2yImrLGMgrDDYZIopqZ/z0jZxDgqNA1QDx93rpwNF7jGsxVWcMlA==
   dependencies:
     "@swc/counter" "^0.1.3"
-    "@swc/types" "^0.1.8"
+    "@swc/types" "^0.1.21"
   optionalDependencies:
-    "@swc/core-darwin-arm64" "1.6.1"
-    "@swc/core-darwin-x64" "1.6.1"
-    "@swc/core-linux-arm-gnueabihf" "1.6.1"
-    "@swc/core-linux-arm64-gnu" "1.6.1"
-    "@swc/core-linux-arm64-musl" "1.6.1"
-    "@swc/core-linux-x64-gnu" "1.6.1"
-    "@swc/core-linux-x64-musl" "1.6.1"
-    "@swc/core-win32-arm64-msvc" "1.6.1"
-    "@swc/core-win32-ia32-msvc" "1.6.1"
-    "@swc/core-win32-x64-msvc" "1.6.1"
+    "@swc/core-darwin-arm64" "1.11.29"
+    "@swc/core-darwin-x64" "1.11.29"
+    "@swc/core-linux-arm-gnueabihf" "1.11.29"
+    "@swc/core-linux-arm64-gnu" "1.11.29"
+    "@swc/core-linux-arm64-musl" "1.11.29"
+    "@swc/core-linux-x64-gnu" "1.11.29"
+    "@swc/core-linux-x64-musl" "1.11.29"
+    "@swc/core-win32-arm64-msvc" "1.11.29"
+    "@swc/core-win32-ia32-msvc" "1.11.29"
+    "@swc/core-win32-x64-msvc" "1.11.29"
 
 "@swc/counter@^0.1.3":
   version "0.1.3"
   resolved "https://registry.yarnpkg.com/@swc/counter/-/counter-0.1.3.tgz#cc7463bd02949611c6329596fccd2b0ec782b0e9"
   integrity sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==
 
-"@swc/types@^0.1.8":
-  version "0.1.8"
-  resolved "https://registry.yarnpkg.com/@swc/types/-/types-0.1.8.tgz#2c81d107c86cfbd0c3a05ecf7bb54c50dfa58a95"
-  integrity sha512-RNFA3+7OJFNYY78x0FYwi1Ow+iF1eF5WvmfY1nXPOEH4R2p/D4Cr1vzje7dNAI2aLFqpv8Wyz4oKSWqIZArpQA==
+"@swc/html-darwin-arm64@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/html-darwin-arm64/-/html-darwin-arm64-1.11.29.tgz#7bd6d10115ffe155ecd757387b5aff318b02b5a0"
+  integrity sha512-q53kn/HI0n/+pecsOB2gxqITbRAhtBG7VI520SIWuCGXHPsTQ/1VOrhLMNvyfw1xVhRyFal7BpAvfGUORCl0sw==
+
+"@swc/html-darwin-x64@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/html-darwin-x64/-/html-darwin-x64-1.11.29.tgz#ccafed56081932ffaa51be1788cef88eb9a144d1"
+  integrity sha512-YfQPjh5WoDqOxsA7vDOOSnxEPc1Ki4SuZ0ufR4t8jYdMOFsU3AhZQ/sgBZLpTzegBTutUn7/7yy8VSoFngeR7Q==
+
+"@swc/html-linux-arm-gnueabihf@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/html-linux-arm-gnueabihf/-/html-linux-arm-gnueabihf-1.11.29.tgz#e784a1a0f69034e9dd52a9019ff80f0d5eb91433"
+  integrity sha512-dC3aEv1mqAUkY9TiZWOE2IcYpvxJzw0LdvkDzGW5072JSlZZYQMqq2Llwg63LIp6qBlj1JLHMLnBqk7Ubatmjw==
+
+"@swc/html-linux-arm64-gnu@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/html-linux-arm64-gnu/-/html-linux-arm64-gnu-1.11.29.tgz#ef015d81d3a011d6c273a428eee130b3aac790b7"
+  integrity sha512-seo+lCiBUggTR9NsHE4qVC+7+XIfLHK7yxWiIsXb8nNAXDcqVZ0Rxv8O1Y1GTeJfUlcCt1koahCG2AeyWpYFBg==
+
+"@swc/html-linux-arm64-musl@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/html-linux-arm64-musl/-/html-linux-arm64-musl-1.11.29.tgz#b20e4b442287367c4c1d62db2b8065106542f432"
+  integrity sha512-bK8K6t3hHgaZZ1vMNaZ+8x42EWJPEX1Dx4zi6ulMhKa1uan+DjW5SiMlUg0an16fFSYfE+r9oFC4cFEbGP1o4Q==
+
+"@swc/html-linux-x64-gnu@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/html-linux-x64-gnu/-/html-linux-x64-gnu-1.11.29.tgz#c45505b3e22c02dc8bdef8b3da48ba855527a62c"
+  integrity sha512-34tSms5TkRUCr+J6uuSE/11ECcfIpp5R1ODuIgxZRUd/u88pQGKzLVNLWGPLw4b3cZSjnAn+PFJl7BtaYl0UyQ==
+
+"@swc/html-linux-x64-musl@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/html-linux-x64-musl/-/html-linux-x64-musl-1.11.29.tgz#86116e7db3cf02b1a627bc94c374d26ce6f9d68a"
+  integrity sha512-oJLLrX94ccaniWdQt8PH6K2u8aN/ehBo/YPg84LycFtaud/k73Fa1kh6Neq8vbWI4CugIWTl4LXWoHm+l+QYeA==
+
+"@swc/html-win32-arm64-msvc@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/html-win32-arm64-msvc/-/html-win32-arm64-msvc-1.11.29.tgz#cf7e57b8c0b52f7f93abc307b0cb78d8213b3c13"
+  integrity sha512-nw4TCFfA4YV6jicRdicJZPKW+ihOZPMKEG/4bj1/6HqXw1T2pXI070ASOLE0KOHYuoyV/jConEHfIjlU0olneA==
+
+"@swc/html-win32-ia32-msvc@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/html-win32-ia32-msvc/-/html-win32-ia32-msvc-1.11.29.tgz#61c91409c3fcdf942891c02aa2a2eac1892d1907"
+  integrity sha512-rO6X4qOofGpKV8pyZ7VblJn+J3PHEqeWHJkJfzwP7c04Flr1oLyuLbTU8lwf8enXrTAZqitHZs+OpofKcUwHEw==
+
+"@swc/html-win32-x64-msvc@1.11.29":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/html-win32-x64-msvc/-/html-win32-x64-msvc-1.11.29.tgz#0e78b507d2bf28315487655852008cdecfe84535"
+  integrity sha512-GSCihzBItEPJAeLzkAtw0ZGbxRGMsGt1Z1ugo0uHva1R3Eybkqu9qoax1tGAON+EJzeiHRqphhNgh8MVDpnKnQ==
+
+"@swc/html@^1.7.39":
+  version "1.11.29"
+  resolved "https://registry.yarnpkg.com/@swc/html/-/html-1.11.29.tgz#6e9e1b8ea65baa0d6f25cb883565a5e7d22d2858"
+  integrity sha512-Tsk/o6Eo3lDvHPGjLqVwXGEdC1bemGzByPWx/TrF5N7qEsanRblPeRcJzLl6LbWa80pRYIRB6T4VqdXXZqklaw==
+  dependencies:
+    "@swc/counter" "^0.1.3"
+  optionalDependencies:
+    "@swc/html-darwin-arm64" "1.11.29"
+    "@swc/html-darwin-x64" "1.11.29"
+    "@swc/html-linux-arm-gnueabihf" "1.11.29"
+    "@swc/html-linux-arm64-gnu" "1.11.29"
+    "@swc/html-linux-arm64-musl" "1.11.29"
+    "@swc/html-linux-x64-gnu" "1.11.29"
+    "@swc/html-linux-x64-musl" "1.11.29"
+    "@swc/html-win32-arm64-msvc" "1.11.29"
+    "@swc/html-win32-ia32-msvc" "1.11.29"
+    "@swc/html-win32-x64-msvc" "1.11.29"
+
+"@swc/types@^0.1.21":
+  version "0.1.21"
+  resolved "https://registry.yarnpkg.com/@swc/types/-/types-0.1.21.tgz#6fcadbeca1d8bc89e1ab3de4948cef12344a38c0"
+  integrity sha512-2YEtj5HJVbKivud9N4bpPBAyZhj4S2Ipe5LkUG94alTpr7in/GU/EARgPAd3BwU+YOmFVJC2+kjqhGRi3r0ZpQ==
   dependencies:
     "@swc/counter" "^0.1.3"
 
@@ -2314,23 +3901,216 @@
   dependencies:
     "@types/node" "*"
 
-"@types/d3-scale-chromatic@^3.0.0":
-  version "3.0.3"
-  resolved "https://registry.yarnpkg.com/@types/d3-scale-chromatic/-/d3-scale-chromatic-3.0.3.tgz#fc0db9c10e789c351f4c42d96f31f2e4df8f5644"
-  integrity sha512-laXM4+1o5ImZv3RpFAsTRn3TEkzqkytiOY0Dz0sq5cnd1dtNlk6sHLon4OvqaiJb28T0S/TdsBI3Sjsy+keJrw==
+"@types/d3-array@*":
+  version "3.2.1"
+  resolved "https://registry.yarnpkg.com/@types/d3-array/-/d3-array-3.2.1.tgz#1f6658e3d2006c4fceac53fde464166859f8b8c5"
+  integrity sha512-Y2Jn2idRrLzUfAKV2LyRImR+y4oa2AntrgID95SHJxuMUrkNXmanDSed71sRNZysveJVt1hLLemQZIady0FpEg==
 
-"@types/d3-scale@^4.0.3":
-  version "4.0.8"
-  resolved "https://registry.yarnpkg.com/@types/d3-scale/-/d3-scale-4.0.8.tgz#d409b5f9dcf63074464bf8ddfb8ee5a1f95945bb"
-  integrity sha512-gkK1VVTr5iNiYJ7vWDI+yUFFlszhNMtVeneJ6lUTKPjprsvLLI9/tgEGiXJOnlINJA8FyA88gfnQsHbybVZrYQ==
+"@types/d3-axis@*":
+  version "3.0.6"
+  resolved "https://registry.yarnpkg.com/@types/d3-axis/-/d3-axis-3.0.6.tgz#e760e5765b8188b1defa32bc8bb6062f81e4c795"
+  integrity sha512-pYeijfZuBd87T0hGn0FO1vQ/cgLk6E1ALJjfkC0oJ8cbwkZl3TpgS8bVBLZN+2jjGgg38epgxb2zmoGtSfvgMw==
+  dependencies:
+    "@types/d3-selection" "*"
+
+"@types/d3-brush@*":
+  version "3.0.6"
+  resolved "https://registry.yarnpkg.com/@types/d3-brush/-/d3-brush-3.0.6.tgz#c2f4362b045d472e1b186cdbec329ba52bdaee6c"
+  integrity sha512-nH60IZNNxEcrh6L1ZSMNA28rj27ut/2ZmI3r96Zd+1jrZD++zD3LsMIjWlvg4AYrHn/Pqz4CF3veCxGjtbqt7A==
+  dependencies:
+    "@types/d3-selection" "*"
+
+"@types/d3-chord@*":
+  version "3.0.6"
+  resolved "https://registry.yarnpkg.com/@types/d3-chord/-/d3-chord-3.0.6.tgz#1706ca40cf7ea59a0add8f4456efff8f8775793d"
+  integrity sha512-LFYWWd8nwfwEmTZG9PfQxd17HbNPksHBiJHaKuY1XeqscXacsS2tyoo6OdRsjf+NQYeB6XrNL3a25E3gH69lcg==
+
+"@types/d3-color@*":
+  version "3.1.3"
+  resolved "https://registry.yarnpkg.com/@types/d3-color/-/d3-color-3.1.3.tgz#368c961a18de721da8200e80bf3943fb53136af2"
+  integrity sha512-iO90scth9WAbmgv7ogoq57O9YpKmFBbmoEoCHDB2xMBY0+/KVrqAaCDyCE16dUspeOvIxFFRI+0sEtqDqy2b4A==
+
+"@types/d3-contour@*":
+  version "3.0.6"
+  resolved "https://registry.yarnpkg.com/@types/d3-contour/-/d3-contour-3.0.6.tgz#9ada3fa9c4d00e3a5093fed0356c7ab929604231"
+  integrity sha512-BjzLgXGnCWjUSYGfH1cpdo41/hgdWETu4YxpezoztawmqsvCeep+8QGfiY6YbDvfgHz/DkjeIkkZVJavB4a3rg==
+  dependencies:
+    "@types/d3-array" "*"
+    "@types/geojson" "*"
+
+"@types/d3-delaunay@*":
+  version "6.0.4"
+  resolved "https://registry.yarnpkg.com/@types/d3-delaunay/-/d3-delaunay-6.0.4.tgz#185c1a80cc807fdda2a3fe960f7c11c4a27952e1"
+  integrity sha512-ZMaSKu4THYCU6sV64Lhg6qjf1orxBthaC161plr5KuPHo3CNm8DTHiLw/5Eq2b6TsNP0W0iJrUOFscY6Q450Hw==
+
+"@types/d3-dispatch@*":
+  version "3.0.6"
+  resolved "https://registry.yarnpkg.com/@types/d3-dispatch/-/d3-dispatch-3.0.6.tgz#096efdf55eb97480e3f5621ff9a8da552f0961e7"
+  integrity sha512-4fvZhzMeeuBJYZXRXrRIQnvUYfyXwYmLsdiN7XXmVNQKKw1cM8a5WdID0g1hVFZDqT9ZqZEY5pD44p24VS7iZQ==
+
+"@types/d3-drag@*":
+  version "3.0.7"
+  resolved "https://registry.yarnpkg.com/@types/d3-drag/-/d3-drag-3.0.7.tgz#b13aba8b2442b4068c9a9e6d1d82f8bcea77fc02"
+  integrity sha512-HE3jVKlzU9AaMazNufooRJ5ZpWmLIoc90A37WU2JMmeq28w1FQqCZswHZ3xR+SuxYftzHq6WU6KJHvqxKzTxxQ==
+  dependencies:
+    "@types/d3-selection" "*"
+
+"@types/d3-dsv@*":
+  version "3.0.7"
+  resolved "https://registry.yarnpkg.com/@types/d3-dsv/-/d3-dsv-3.0.7.tgz#0a351f996dc99b37f4fa58b492c2d1c04e3dac17"
+  integrity sha512-n6QBF9/+XASqcKK6waudgL0pf/S5XHPPI8APyMLLUHd8NqouBGLsU8MgtO7NINGtPBtk9Kko/W4ea0oAspwh9g==
+
+"@types/d3-ease@*":
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/@types/d3-ease/-/d3-ease-3.0.2.tgz#e28db1bfbfa617076f7770dd1d9a48eaa3b6c51b"
+  integrity sha512-NcV1JjO5oDzoK26oMzbILE6HW7uVXOHLQvHshBUW4UMdZGfiY6v5BeQwh9a9tCzv+CeefZQHJt5SRgK154RtiA==
+
+"@types/d3-fetch@*":
+  version "3.0.7"
+  resolved "https://registry.yarnpkg.com/@types/d3-fetch/-/d3-fetch-3.0.7.tgz#c04a2b4f23181aa376f30af0283dbc7b3b569980"
+  integrity sha512-fTAfNmxSb9SOWNB9IoG5c8Hg6R+AzUHDRlsXsDZsNp6sxAEOP0tkP3gKkNSO/qmHPoBFTxNrjDprVHDQDvo5aA==
+  dependencies:
+    "@types/d3-dsv" "*"
+
+"@types/d3-force@*":
+  version "3.0.10"
+  resolved "https://registry.yarnpkg.com/@types/d3-force/-/d3-force-3.0.10.tgz#6dc8fc6e1f35704f3b057090beeeb7ac674bff1a"
+  integrity sha512-ZYeSaCF3p73RdOKcjj+swRlZfnYpK1EbaDiYICEEp5Q6sUiqFaFQ9qgoshp5CzIyyb/yD09kD9o2zEltCexlgw==
+
+"@types/d3-format@*":
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/@types/d3-format/-/d3-format-3.0.4.tgz#b1e4465644ddb3fdf3a263febb240a6cd616de90"
+  integrity sha512-fALi2aI6shfg7vM5KiR1wNJnZ7r6UuggVqtDA+xiEdPZQwy/trcQaHnwShLuLdta2rTymCNpxYTiMZX/e09F4g==
+
+"@types/d3-geo@*":
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/@types/d3-geo/-/d3-geo-3.1.0.tgz#b9e56a079449174f0a2c8684a9a4df3f60522440"
+  integrity sha512-856sckF0oP/diXtS4jNsiQw/UuK5fQG8l/a9VVLeSouf1/PPbBE1i1W852zVwKwYCBkFJJB7nCFTbk6UMEXBOQ==
+  dependencies:
+    "@types/geojson" "*"
+
+"@types/d3-hierarchy@*":
+  version "3.1.7"
+  resolved "https://registry.yarnpkg.com/@types/d3-hierarchy/-/d3-hierarchy-3.1.7.tgz#6023fb3b2d463229f2d680f9ac4b47466f71f17b"
+  integrity sha512-tJFtNoYBtRtkNysX1Xq4sxtjK8YgoWUNpIiUee0/jHGRwqvzYxkq0hGVbbOGSz+JgFxxRu4K8nb3YpG3CMARtg==
+
+"@types/d3-interpolate@*":
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/@types/d3-interpolate/-/d3-interpolate-3.0.4.tgz#412b90e84870285f2ff8a846c6eb60344f12a41c"
+  integrity sha512-mgLPETlrpVV1YRJIglr4Ez47g7Yxjl1lj7YKsiMCb27VJH9W8NVM6Bb9d8kkpG/uAQS5AmbA48q2IAolKKo1MA==
+  dependencies:
+    "@types/d3-color" "*"
+
+"@types/d3-path@*":
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/@types/d3-path/-/d3-path-3.1.1.tgz#f632b380c3aca1dba8e34aa049bcd6a4af23df8a"
+  integrity sha512-VMZBYyQvbGmWyWVea0EHs/BwLgxc+MKi1zLDCONksozI4YJMcTt8ZEuIR4Sb1MMTE8MMW49v0IwI5+b7RmfWlg==
+
+"@types/d3-polygon@*":
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/@types/d3-polygon/-/d3-polygon-3.0.2.tgz#dfae54a6d35d19e76ac9565bcb32a8e54693189c"
+  integrity sha512-ZuWOtMaHCkN9xoeEMr1ubW2nGWsp4nIql+OPQRstu4ypeZ+zk3YKqQT0CXVe/PYqrKpZAi+J9mTs05TKwjXSRA==
+
+"@types/d3-quadtree@*":
+  version "3.0.6"
+  resolved "https://registry.yarnpkg.com/@types/d3-quadtree/-/d3-quadtree-3.0.6.tgz#d4740b0fe35b1c58b66e1488f4e7ed02952f570f"
+  integrity sha512-oUzyO1/Zm6rsxKRHA1vH0NEDG58HrT5icx/azi9MF1TWdtttWl0UIUsjEQBBh+SIkrpd21ZjEv7ptxWys1ncsg==
+
+"@types/d3-random@*":
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/@types/d3-random/-/d3-random-3.0.3.tgz#ed995c71ecb15e0cd31e22d9d5d23942e3300cfb"
+  integrity sha512-Imagg1vJ3y76Y2ea0871wpabqp613+8/r0mCLEBfdtqC7xMSfj9idOnmBYyMoULfHePJyxMAw3nWhJxzc+LFwQ==
+
+"@types/d3-scale-chromatic@*":
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/@types/d3-scale-chromatic/-/d3-scale-chromatic-3.1.0.tgz#dc6d4f9a98376f18ea50bad6c39537f1b5463c39"
+  integrity sha512-iWMJgwkK7yTRmWqRB5plb1kadXyQ5Sj8V/zYlFGMUBbIPKQScw+Dku9cAAMgJG+z5GYDoMjWGLVOvjghDEFnKQ==
+
+"@types/d3-scale@*":
+  version "4.0.9"
+  resolved "https://registry.yarnpkg.com/@types/d3-scale/-/d3-scale-4.0.9.tgz#57a2f707242e6fe1de81ad7bfcccaaf606179afb"
+  integrity sha512-dLmtwB8zkAeO/juAMfnV+sItKjlsw2lKdZVVy6LRr0cBmegxSABiLEpGVmSJJ8O08i4+sGR6qQtb6WtuwJdvVw==
   dependencies:
     "@types/d3-time" "*"
 
+"@types/d3-selection@*":
+  version "3.0.11"
+  resolved "https://registry.yarnpkg.com/@types/d3-selection/-/d3-selection-3.0.11.tgz#bd7a45fc0a8c3167a631675e61bc2ca2b058d4a3"
+  integrity sha512-bhAXu23DJWsrI45xafYpkQ4NtcKMwWnAC/vKrd2l+nxMFuvOT3XMYTIj2opv8vq8AO5Yh7Qac/nSeP/3zjTK0w==
+
+"@types/d3-shape@*":
+  version "3.1.7"
+  resolved "https://registry.yarnpkg.com/@types/d3-shape/-/d3-shape-3.1.7.tgz#2b7b423dc2dfe69c8c93596e673e37443348c555"
+  integrity sha512-VLvUQ33C+3J+8p+Daf+nYSOsjB4GXp19/S/aGo60m9h1v6XaxjiT82lKVWJCfzhtuZ3yD7i/TPeC/fuKLLOSmg==
+  dependencies:
+    "@types/d3-path" "*"
+
+"@types/d3-time-format@*":
+  version "4.0.3"
+  resolved "https://registry.yarnpkg.com/@types/d3-time-format/-/d3-time-format-4.0.3.tgz#d6bc1e6b6a7db69cccfbbdd4c34b70632d9e9db2"
+  integrity sha512-5xg9rC+wWL8kdDj153qZcsJ0FWiFt0J5RB6LYUNZjwSnesfblqrI/bJ1wBdJ8OQfncgbJG5+2F+qfqnqyzYxyg==
+
 "@types/d3-time@*":
   version "3.0.3"
   resolved "https://registry.yarnpkg.com/@types/d3-time/-/d3-time-3.0.3.tgz#3c186bbd9d12b9d84253b6be6487ca56b54f88be"
   integrity sha512-2p6olUZ4w3s+07q3Tm2dbiMZy5pCDfYwtLXXHUnVzXgQlZ/OyPtUz6OL382BkOuGlLXqfT+wqv8Fw2v8/0geBw==
 
+"@types/d3-timer@*":
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/@types/d3-timer/-/d3-timer-3.0.2.tgz#70bbda77dc23aa727413e22e214afa3f0e852f70"
+  integrity sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw==
+
+"@types/d3-transition@*":
+  version "3.0.9"
+  resolved "https://registry.yarnpkg.com/@types/d3-transition/-/d3-transition-3.0.9.tgz#1136bc57e9ddb3c390dccc9b5ff3b7d2b8d94706"
+  integrity sha512-uZS5shfxzO3rGlu0cC3bjmMFKsXv+SmZZcgp0KD22ts4uGXp5EVYGzu/0YdwZeKmddhcAccYtREJKkPfXkZuCg==
+  dependencies:
+    "@types/d3-selection" "*"
+
+"@types/d3-zoom@*":
+  version "3.0.8"
+  resolved "https://registry.yarnpkg.com/@types/d3-zoom/-/d3-zoom-3.0.8.tgz#dccb32d1c56b1e1c6e0f1180d994896f038bc40b"
+  integrity sha512-iqMC4/YlFCSlO8+2Ii1GGGliCAY4XdeG748w5vQUbevlbDu0zSjH/+jojorQVBK/se0j6DUFNPBGSqD3YWYnDw==
+  dependencies:
+    "@types/d3-interpolate" "*"
+    "@types/d3-selection" "*"
+
+"@types/d3@^7.4.3":
+  version "7.4.3"
+  resolved "https://registry.yarnpkg.com/@types/d3/-/d3-7.4.3.tgz#d4550a85d08f4978faf0a4c36b848c61eaac07e2"
+  integrity sha512-lZXZ9ckh5R8uiFVt8ogUNf+pIrK4EsWrx2Np75WvF/eTpJ0FMHNhjXk8CKEx/+gpHbNQyJWehbFaTvqmHWB3ww==
+  dependencies:
+    "@types/d3-array" "*"
+    "@types/d3-axis" "*"
+    "@types/d3-brush" "*"
+    "@types/d3-chord" "*"
+    "@types/d3-color" "*"
+    "@types/d3-contour" "*"
+    "@types/d3-delaunay" "*"
+    "@types/d3-dispatch" "*"
+    "@types/d3-drag" "*"
+    "@types/d3-dsv" "*"
+    "@types/d3-ease" "*"
+    "@types/d3-fetch" "*"
+    "@types/d3-force" "*"
+    "@types/d3-format" "*"
+    "@types/d3-geo" "*"
+    "@types/d3-hierarchy" "*"
+    "@types/d3-interpolate" "*"
+    "@types/d3-path" "*"
+    "@types/d3-polygon" "*"
+    "@types/d3-quadtree" "*"
+    "@types/d3-random" "*"
+    "@types/d3-scale" "*"
+    "@types/d3-scale-chromatic" "*"
+    "@types/d3-selection" "*"
+    "@types/d3-shape" "*"
+    "@types/d3-time" "*"
+    "@types/d3-time-format" "*"
+    "@types/d3-timer" "*"
+    "@types/d3-transition" "*"
+    "@types/d3-zoom" "*"
+
 "@types/debug@^4.0.0":
   version "4.1.12"
   resolved "https://registry.yarnpkg.com/@types/debug/-/debug-4.1.12.tgz#a155f21690871953410df4b6b6f53187f0500917"
@@ -2338,7 +4118,7 @@
   dependencies:
     "@types/ms" "*"
 
-"@types/eslint-scope@^3.7.3":
+"@types/eslint-scope@^3.7.3", "@types/eslint-scope@^3.7.7":
   version "3.7.7"
   resolved "https://registry.yarnpkg.com/@types/eslint-scope/-/eslint-scope-3.7.7.tgz#3108bd5f18b0cdb277c867b3dd449c9ed7079ac5"
   integrity sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg==
@@ -2366,6 +4146,11 @@
   resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.5.tgz#a6ce3e556e00fd9895dd872dd172ad0d4bd687f4"
   integrity sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw==
 
+"@types/estree@^1.0.6":
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.7.tgz#4158d3105276773d5b7695cd4834b1722e4f37a8"
+  integrity sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ==
+
 "@types/express-serve-static-core@*", "@types/express-serve-static-core@^4.17.33":
   version "4.19.3"
   resolved "https://registry.yarnpkg.com/@types/express-serve-static-core/-/express-serve-static-core-4.19.3.tgz#e469a13e4186c9e1c0418fb17be8bc8ff1b19a7a"
@@ -2386,6 +4171,11 @@
     "@types/qs" "*"
     "@types/serve-static" "*"
 
+"@types/geojson@*":
+  version "7946.0.16"
+  resolved "https://registry.yarnpkg.com/@types/geojson/-/geojson-7946.0.16.tgz#8ebe53d69efada7044454e3305c19017d97ced2a"
+  integrity sha512-6C8nqWur3j98U6+lXDfTUWIfgvZU+EumvpHKcYjujKH7woYyLj2sUmff0tRhrqM7BohUw7Pz3ZB1jj2gW9Fvmg==
+
 "@types/gtag.js@^0.0.12":
   version "0.0.12"
   resolved "https://registry.yarnpkg.com/@types/gtag.js/-/gtag.js-0.0.12.tgz#095122edca896689bdfcdd73b057e23064d23572"
@@ -2459,7 +4249,7 @@
   dependencies:
     "@types/istanbul-lib-report" "*"
 
-"@types/json-schema@*", "@types/json-schema@^7.0.15", "@types/json-schema@^7.0.4", "@types/json-schema@^7.0.5", "@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9":
+"@types/json-schema@*", "@types/json-schema@^7.0.15", "@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9":
   version "7.0.15"
   resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.15.tgz#596a1747233694d50f6ad8a7869fcb6f56cf5841"
   integrity sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==
@@ -2512,11 +4302,6 @@
   resolved "https://registry.yarnpkg.com/@types/node/-/node-17.0.45.tgz#2c0fafd78705e7a18b7906b5201a522719dc5190"
   integrity sha512-w+tIMs3rq2afQdsPJlODhoUEKzFP1ayaoyl1CcnwtIlsVe7K7bA1NGm4s3PraqTLlXnbIN84zuBlxBWo1u9BLw==
 
-"@types/parse-json@^4.0.0":
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/@types/parse-json/-/parse-json-4.0.2.tgz#5950e50960793055845e956c427fc2b0d70c5239"
-  integrity sha512-dISoDXWWQwUquiKsyZ4Ng+HX2KsPL7LyHKHQwgGFEA3IaKac4Obd+h2a/a6waisAoepJlBcx9paWqjA8/HVjCw==
-
 "@types/parse5@^6.0.0":
   version "6.0.3"
   resolved "https://registry.yarnpkg.com/@types/parse5/-/parse5-6.0.3.tgz#705bb349e789efa06f43f128cef51240753424cb"
@@ -2629,6 +4414,11 @@
   dependencies:
     "@types/node" "*"
 
+"@types/trusted-types@^2.0.7":
+  version "2.0.7"
+  resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.7.tgz#baccb07a970b91707df3a3e8ba6896c57ead2d11"
+  integrity sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==
+
 "@types/unist@*", "@types/unist@^3.0.0":
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/@types/unist/-/unist-3.0.2.tgz#6dd61e43ef60b34086287f83683a5c1b2dc53d20"
@@ -2678,21 +4468,44 @@
     "@webassemblyjs/helper-numbers" "1.11.6"
     "@webassemblyjs/helper-wasm-bytecode" "1.11.6"
 
+"@webassemblyjs/ast@1.14.1", "@webassemblyjs/ast@^1.14.1":
+  version "1.14.1"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.14.1.tgz#a9f6a07f2b03c95c8d38c4536a1fdfb521ff55b6"
+  integrity sha512-nuBEDgQfm1ccRp/8bCQrx1frohyufl4JlbMMZ4P1wpeOfDhF6FQkxZJ1b/e+PLwr6X1Nhw6OLme5usuBWYBvuQ==
+  dependencies:
+    "@webassemblyjs/helper-numbers" "1.13.2"
+    "@webassemblyjs/helper-wasm-bytecode" "1.13.2"
+
 "@webassemblyjs/floating-point-hex-parser@1.11.6":
   version "1.11.6"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.6.tgz#dacbcb95aff135c8260f77fa3b4c5fea600a6431"
   integrity sha512-ejAj9hfRJ2XMsNHk/v6Fu2dGS+i4UaXBXGemOfQ/JfQ6mdQg/WXtwleQRLLS4OvfDhv8rYnVwH27YJLMyYsxhw==
 
+"@webassemblyjs/floating-point-hex-parser@1.13.2":
+  version "1.13.2"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.13.2.tgz#fcca1eeddb1cc4e7b6eed4fc7956d6813b21b9fb"
+  integrity sha512-6oXyTOzbKxGH4steLbLNOu71Oj+C8Lg34n6CqRvqfS2O71BxY6ByfMDRhBytzknj9yGUPVJ1qIKhRlAwO1AovA==
+
 "@webassemblyjs/helper-api-error@1.11.6":
   version "1.11.6"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.6.tgz#6132f68c4acd59dcd141c44b18cbebbd9f2fa768"
   integrity sha512-o0YkoP4pVu4rN8aTJgAyj9hC2Sv5UlkzCHhxqWj8butaLvnpdc2jOwh4ewE6CX0txSfLn/UYaV/pheS2Txg//Q==
 
+"@webassemblyjs/helper-api-error@1.13.2":
+  version "1.13.2"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.13.2.tgz#e0a16152248bc38daee76dd7e21f15c5ef3ab1e7"
+  integrity sha512-U56GMYxy4ZQCbDZd6JuvvNV/WFildOjsaWD3Tzzvmw/mas3cXzRJPMjP83JqEsgSbyrmaGjBfDtV7KDXV9UzFQ==
+
 "@webassemblyjs/helper-buffer@1.12.1":
   version "1.12.1"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.12.1.tgz#6df20d272ea5439bf20ab3492b7fb70e9bfcb3f6"
   integrity sha512-nzJwQw99DNDKr9BVCOZcLuJJUlqkJh+kVzVl6Fmq/tI5ZtEyWT1KZMyOXltXLZJmDtvLCDgwsyrkohEtopTXCw==
 
+"@webassemblyjs/helper-buffer@1.14.1":
+  version "1.14.1"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.14.1.tgz#822a9bc603166531f7d5df84e67b5bf99b72b96b"
+  integrity sha512-jyH7wtcHiKssDtFPRB+iQdxlDf96m0E39yb0k5uJVhFGleZFoNw1c4aeIcVUPPbXUVJ94wwnMOAqUHyzoEPVMA==
+
 "@webassemblyjs/helper-numbers@1.11.6":
   version "1.11.6"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.6.tgz#cbce5e7e0c1bd32cf4905ae444ef64cea919f1b5"
@@ -2702,11 +4515,25 @@
     "@webassemblyjs/helper-api-error" "1.11.6"
     "@xtuc/long" "4.2.2"
 
+"@webassemblyjs/helper-numbers@1.13.2":
+  version "1.13.2"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-numbers/-/helper-numbers-1.13.2.tgz#dbd932548e7119f4b8a7877fd5a8d20e63490b2d"
+  integrity sha512-FE8aCmS5Q6eQYcV3gI35O4J789wlQA+7JrqTTpJqn5emA4U2hvwJmvFRC0HODS+3Ye6WioDklgd6scJ3+PLnEA==
+  dependencies:
+    "@webassemblyjs/floating-point-hex-parser" "1.13.2"
+    "@webassemblyjs/helper-api-error" "1.13.2"
+    "@xtuc/long" "4.2.2"
+
 "@webassemblyjs/helper-wasm-bytecode@1.11.6":
   version "1.11.6"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.6.tgz#bb2ebdb3b83aa26d9baad4c46d4315283acd51e9"
   integrity sha512-sFFHKwcmBprO9e7Icf0+gddyWYDViL8bpPjJJl0WHxCdETktXdmtWLGVzoHbqUcY4Be1LkNfwTmXOJUFZYSJdA==
 
+"@webassemblyjs/helper-wasm-bytecode@1.13.2":
+  version "1.13.2"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.13.2.tgz#e556108758f448aae84c850e593ce18a0eb31e0b"
+  integrity sha512-3QbLKy93F0EAIXLh0ogEVR6rOubA9AoZ+WRYhNbFyuB70j3dRdwH9g+qXhLAO0kiYGlg3TxDV+I4rQTr/YNXkA==
+
 "@webassemblyjs/helper-wasm-section@1.12.1":
   version "1.12.1"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.12.1.tgz#3da623233ae1a60409b509a52ade9bc22a37f7bf"
@@ -2717,6 +4544,16 @@
     "@webassemblyjs/helper-wasm-bytecode" "1.11.6"
     "@webassemblyjs/wasm-gen" "1.12.1"
 
+"@webassemblyjs/helper-wasm-section@1.14.1":
+  version "1.14.1"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.14.1.tgz#9629dda9c4430eab54b591053d6dc6f3ba050348"
+  integrity sha512-ds5mXEqTJ6oxRoqjhWDU83OgzAYjwsCV8Lo/N+oRsNDmx/ZDpqalmrtgOMkHwxsG0iI//3BwWAErYRHtgn0dZw==
+  dependencies:
+    "@webassemblyjs/ast" "1.14.1"
+    "@webassemblyjs/helper-buffer" "1.14.1"
+    "@webassemblyjs/helper-wasm-bytecode" "1.13.2"
+    "@webassemblyjs/wasm-gen" "1.14.1"
+
 "@webassemblyjs/ieee754@1.11.6":
   version "1.11.6"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.11.6.tgz#bb665c91d0b14fffceb0e38298c329af043c6e3a"
@@ -2724,6 +4561,13 @@
   dependencies:
     "@xtuc/ieee754" "^1.2.0"
 
+"@webassemblyjs/ieee754@1.13.2":
+  version "1.13.2"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.13.2.tgz#1c5eaace1d606ada2c7fd7045ea9356c59ee0dba"
+  integrity sha512-4LtOzh58S/5lX4ITKxnAK2USuNEvpdVV9AlgGQb8rJDHaLeHciwG4zlGr0j/SNWlr7x3vO1lDEsuePvtcDNCkw==
+  dependencies:
+    "@xtuc/ieee754" "^1.2.0"
+
 "@webassemblyjs/leb128@1.11.6":
   version "1.11.6"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.11.6.tgz#70e60e5e82f9ac81118bc25381a0b283893240d7"
@@ -2731,11 +4575,23 @@
   dependencies:
     "@xtuc/long" "4.2.2"
 
+"@webassemblyjs/leb128@1.13.2":
+  version "1.13.2"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.13.2.tgz#57c5c3deb0105d02ce25fa3fd74f4ebc9fd0bbb0"
+  integrity sha512-Lde1oNoIdzVzdkNEAWZ1dZ5orIbff80YPdHx20mrHwHrVNNTjNr8E3xz9BdpcGqRQbAEa+fkrCb+fRFTl/6sQw==
+  dependencies:
+    "@xtuc/long" "4.2.2"
+
 "@webassemblyjs/utf8@1.11.6":
   version "1.11.6"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.11.6.tgz#90f8bc34c561595fe156603be7253cdbcd0fab5a"
   integrity sha512-vtXf2wTQ3+up9Zsg8sa2yWiQpzSsMyXj0qViVP6xKGCUT8p8YJ6HqI7l5eCnWx1T/FYdsv07HQs2wTFbbof/RA==
 
+"@webassemblyjs/utf8@1.13.2":
+  version "1.13.2"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.13.2.tgz#917a20e93f71ad5602966c2d685ae0c6c21f60f1"
+  integrity sha512-3NQWGjKTASY1xV5m7Hr0iPeXD9+RDobLll3T9d2AO+g3my8xy5peVyjSag4I50mR1bBSN/Ct12lo+R9tJk0NZQ==
+
 "@webassemblyjs/wasm-edit@^1.12.1":
   version "1.12.1"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.12.1.tgz#9f9f3ff52a14c980939be0ef9d5df9ebc678ae3b"
@@ -2750,6 +4606,20 @@
     "@webassemblyjs/wasm-parser" "1.12.1"
     "@webassemblyjs/wast-printer" "1.12.1"
 
+"@webassemblyjs/wasm-edit@^1.14.1":
+  version "1.14.1"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.14.1.tgz#ac6689f502219b59198ddec42dcd496b1004d597"
+  integrity sha512-RNJUIQH/J8iA/1NzlE4N7KtyZNHi3w7at7hDjvRNm5rcUXa00z1vRz3glZoULfJ5mpvYhLybmVcwcjGrC1pRrQ==
+  dependencies:
+    "@webassemblyjs/ast" "1.14.1"
+    "@webassemblyjs/helper-buffer" "1.14.1"
+    "@webassemblyjs/helper-wasm-bytecode" "1.13.2"
+    "@webassemblyjs/helper-wasm-section" "1.14.1"
+    "@webassemblyjs/wasm-gen" "1.14.1"
+    "@webassemblyjs/wasm-opt" "1.14.1"
+    "@webassemblyjs/wasm-parser" "1.14.1"
+    "@webassemblyjs/wast-printer" "1.14.1"
+
 "@webassemblyjs/wasm-gen@1.12.1":
   version "1.12.1"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.12.1.tgz#a6520601da1b5700448273666a71ad0a45d78547"
@@ -2761,6 +4631,17 @@
     "@webassemblyjs/leb128" "1.11.6"
     "@webassemblyjs/utf8" "1.11.6"
 
+"@webassemblyjs/wasm-gen@1.14.1":
+  version "1.14.1"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.14.1.tgz#991e7f0c090cb0bb62bbac882076e3d219da9570"
+  integrity sha512-AmomSIjP8ZbfGQhumkNvgC33AY7qtMCXnN6bL2u2Js4gVCg8fp735aEiMSBbDR7UQIj90n4wKAFUSEd0QN2Ukg==
+  dependencies:
+    "@webassemblyjs/ast" "1.14.1"
+    "@webassemblyjs/helper-wasm-bytecode" "1.13.2"
+    "@webassemblyjs/ieee754" "1.13.2"
+    "@webassemblyjs/leb128" "1.13.2"
+    "@webassemblyjs/utf8" "1.13.2"
+
 "@webassemblyjs/wasm-opt@1.12.1":
   version "1.12.1"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.12.1.tgz#9e6e81475dfcfb62dab574ac2dda38226c232bc5"
@@ -2771,6 +4652,16 @@
     "@webassemblyjs/wasm-gen" "1.12.1"
     "@webassemblyjs/wasm-parser" "1.12.1"
 
+"@webassemblyjs/wasm-opt@1.14.1":
+  version "1.14.1"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.14.1.tgz#e6f71ed7ccae46781c206017d3c14c50efa8106b"
+  integrity sha512-PTcKLUNvBqnY2U6E5bdOQcSM+oVP/PmrDY9NzowJjislEjwP/C4an2303MCVS2Mg9d3AJpIGdUFIQQWbPds0Sw==
+  dependencies:
+    "@webassemblyjs/ast" "1.14.1"
+    "@webassemblyjs/helper-buffer" "1.14.1"
+    "@webassemblyjs/wasm-gen" "1.14.1"
+    "@webassemblyjs/wasm-parser" "1.14.1"
+
 "@webassemblyjs/wasm-parser@1.12.1", "@webassemblyjs/wasm-parser@^1.12.1":
   version "1.12.1"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.12.1.tgz#c47acb90e6f083391e3fa61d113650eea1e95937"
@@ -2783,6 +4674,18 @@
     "@webassemblyjs/leb128" "1.11.6"
     "@webassemblyjs/utf8" "1.11.6"
 
+"@webassemblyjs/wasm-parser@1.14.1", "@webassemblyjs/wasm-parser@^1.14.1":
+  version "1.14.1"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.14.1.tgz#b3e13f1893605ca78b52c68e54cf6a865f90b9fb"
+  integrity sha512-JLBl+KZ0R5qB7mCnud/yyX08jWFw5MsoalJ1pQ4EdFlgj9VdXKGuENGsiCIjegI1W7p91rUlcB/LB5yRJKNTcQ==
+  dependencies:
+    "@webassemblyjs/ast" "1.14.1"
+    "@webassemblyjs/helper-api-error" "1.13.2"
+    "@webassemblyjs/helper-wasm-bytecode" "1.13.2"
+    "@webassemblyjs/ieee754" "1.13.2"
+    "@webassemblyjs/leb128" "1.13.2"
+    "@webassemblyjs/utf8" "1.13.2"
+
 "@webassemblyjs/wast-printer@1.12.1":
   version "1.12.1"
   resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.12.1.tgz#bcecf661d7d1abdaf989d8341a4833e33e2b31ac"
@@ -2791,6 +4694,14 @@
     "@webassemblyjs/ast" "1.12.1"
     "@xtuc/long" "4.2.2"
 
+"@webassemblyjs/wast-printer@1.14.1":
+  version "1.14.1"
+  resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.14.1.tgz#3bb3e9638a8ae5fdaf9610e7a06b4d9f9aa6fe07"
+  integrity sha512-kPSSXE6De1XOR820C90RIo2ogvZG+c3KiHzqUoO/F34Y2shGzesfqv7o57xrxovZJH/MetF5UjroJ/R/3isoiw==
+  dependencies:
+    "@webassemblyjs/ast" "1.14.1"
+    "@xtuc/long" "4.2.2"
+
 "@xtuc/ieee754@^1.2.0":
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/@xtuc/ieee754/-/ieee754-1.2.0.tgz#eef014a3145ae477a1cbc00cd1e552336dceb790"
@@ -2801,13 +4712,6 @@
   resolved "https://registry.yarnpkg.com/@xtuc/long/-/long-4.2.2.tgz#d291c6a4e97989b5c61d9acf396ae4fe133a718d"
   integrity sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ==
 
-abort-controller@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/abort-controller/-/abort-controller-3.0.0.tgz#eaf54d53b62bae4138e809ca225c8439a6efb392"
-  integrity sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==
-  dependencies:
-    event-target-shim "^5.0.0"
-
 accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.8:
   version "1.3.8"
   resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.8.tgz#0bf0be125b67014adcb0b0921e62db7bffe16b2e"
@@ -2838,7 +4742,12 @@ acorn@^8.0.0, acorn@^8.0.4, acorn@^8.11.0, acorn@^8.7.1, acorn@^8.8.2:
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.12.0.tgz#1627bfa2e058148036133b8d9b51a700663c294c"
   integrity sha512-RTvkC4w+KNXrM39/lWCUaG0IbRkWdCv7W/IOW9oU6SawyxulvkQy5HQPVTKxEjczcUvapcrw3cFx/60VN/NRNw==
 
-address@^1.0.1, address@^1.1.2:
+acorn@^8.14.0:
+  version "8.14.1"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.14.1.tgz#721d5dc10f7d5b5609a891773d47731796935dfb"
+  integrity sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg==
+
+address@^1.0.1:
   version "1.2.2"
   resolved "https://registry.yarnpkg.com/address/-/address-1.2.2.tgz#2b5248dac5485a6390532c6a517fda2e3faac89e"
   integrity sha512-4B/qKCfeE/ODUaAUpSwfzazo5x29WD4r3vXiWsB7I2mSDAihwEqKO+g8GELZUQSSAo5e1XTYh3ZVfLyxBc12nA==
@@ -2870,7 +4779,7 @@ ajv-formats@2.1.1, ajv-formats@^2.1.1:
   dependencies:
     ajv "^8.0.0"
 
-ajv-keywords@^3.4.1, ajv-keywords@^3.5.2:
+ajv-keywords@^3.5.2:
   version "3.5.2"
   resolved "https://registry.yarnpkg.com/ajv-keywords/-/ajv-keywords-3.5.2.tgz#31f29da5ab6e00d1c2d329acf7b5929614d5014d"
   integrity sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==
@@ -2892,7 +4801,7 @@ ajv@8.11.0:
     require-from-string "^2.0.2"
     uri-js "^4.2.2"
 
-ajv@^6.12.2, ajv@^6.12.5:
+ajv@^6.12.5:
   version "6.12.6"
   resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4"
   integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==
@@ -2912,33 +4821,38 @@ ajv@^8.0.0, ajv@^8.9.0:
     require-from-string "^2.0.2"
     uri-js "^4.4.1"
 
-algoliasearch-helper@^3.13.3:
-  version "3.21.0"
-  resolved "https://registry.yarnpkg.com/algoliasearch-helper/-/algoliasearch-helper-3.21.0.tgz#d28fdb61199b5c229714788bfb812376b18aaf28"
-  integrity sha512-hjVOrL15I3Y3K8xG0icwG1/tWE+MocqBrhW6uVBWpU+/kVEMK0BnM2xdssj6mZM61eJ4iRxHR0djEI3ENOpR8w==
+algoliasearch-helper@^3.22.6:
+  version "3.25.0"
+  resolved "https://registry.yarnpkg.com/algoliasearch-helper/-/algoliasearch-helper-3.25.0.tgz#15cc79ad7909db66b8bb5a5a9c38b40e3941fa2f"
+  integrity sha512-vQoK43U6HXA9/euCqLjvyNdM4G2Fiu/VFp4ae0Gau9sZeIKBPvUPnXfLYAe65Bg7PFuw03coeu5K6lTPSXRObw==
   dependencies:
     "@algolia/events" "^4.0.1"
 
-algoliasearch@^4.18.0, algoliasearch@^4.19.1:
-  version "4.23.3"
-  resolved "https://registry.yarnpkg.com/algoliasearch/-/algoliasearch-4.23.3.tgz#e09011d0a3b0651444916a3e6bbcba064ec44b60"
-  integrity sha512-Le/3YgNvjW9zxIQMRhUHuhiUjAlKY/zsdZpfq4dlLqg6mEm0nL6yk+7f2hDOtLpxsgE4jSzDmvHL7nXdBp5feg==
+algoliasearch@^5.14.2, algoliasearch@^5.17.1:
+  version "5.25.0"
+  resolved "https://registry.yarnpkg.com/algoliasearch/-/algoliasearch-5.25.0.tgz#7337b097deadeca0e6e985c0f8724abea189994f"
+  integrity sha512-n73BVorL4HIwKlfJKb4SEzAYkR3Buwfwbh+MYxg2mloFph2fFGV58E90QTzdbfzWrLn4HE5Czx/WTjI8fcHaMg==
   dependencies:
-    "@algolia/cache-browser-local-storage" "4.23.3"
-    "@algolia/cache-common" "4.23.3"
-    "@algolia/cache-in-memory" "4.23.3"
-    "@algolia/client-account" "4.23.3"
-    "@algolia/client-analytics" "4.23.3"
-    "@algolia/client-common" "4.23.3"
-    "@algolia/client-personalization" "4.23.3"
-    "@algolia/client-search" "4.23.3"
-    "@algolia/logger-common" "4.23.3"
-    "@algolia/logger-console" "4.23.3"
-    "@algolia/recommend" "4.23.3"
-    "@algolia/requester-browser-xhr" "4.23.3"
-    "@algolia/requester-common" "4.23.3"
-    "@algolia/requester-node-http" "4.23.3"
-    "@algolia/transporter" "4.23.3"
+    "@algolia/client-abtesting" "5.25.0"
+    "@algolia/client-analytics" "5.25.0"
+    "@algolia/client-common" "5.25.0"
+    "@algolia/client-insights" "5.25.0"
+    "@algolia/client-personalization" "5.25.0"
+    "@algolia/client-query-suggestions" "5.25.0"
+    "@algolia/client-search" "5.25.0"
+    "@algolia/ingestion" "1.25.0"
+    "@algolia/monitoring" "1.25.0"
+    "@algolia/recommend" "5.25.0"
+    "@algolia/requester-browser-xhr" "5.25.0"
+    "@algolia/requester-fetch" "5.25.0"
+    "@algolia/requester-node-http" "5.25.0"
+
+allof-merge@^0.6.6:
+  version "0.6.6"
+  resolved "https://registry.yarnpkg.com/allof-merge/-/allof-merge-0.6.6.tgz#1c675c7170e1b24bd3dc96db9c3459c0e7cfbea2"
+  integrity sha512-116eZBf2he0/J4Tl7EYMz96I5Anaeio+VL0j/H2yxW9CoYQAMMv8gYcwkVRoO7XfIOv/qzSTfVzDVGAYxKFi3g==
+  dependencies:
+    json-crawl "^0.5.3"
 
 ansi-align@^3.0.1:
   version "3.0.1"
@@ -2947,6 +4861,13 @@ ansi-align@^3.0.1:
   dependencies:
     string-width "^4.1.0"
 
+ansi-escapes@^4.3.2:
+  version "4.3.2"
+  resolved "https://registry.yarnpkg.com/ansi-escapes/-/ansi-escapes-4.3.2.tgz#6b2291d1db7d98b6521d5f1efa42d0f3a9feb65e"
+  integrity sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==
+  dependencies:
+    type-fest "^0.21.3"
+
 ansi-html-community@^0.0.8:
   version "0.0.8"
   resolved "https://registry.yarnpkg.com/ansi-html-community/-/ansi-html-community-0.0.8.tgz#69fbc4d6ccbe383f9736934ae34c3f8290f1bf41"
@@ -3021,26 +4942,6 @@ array-union@^2.1.0:
   resolved "https://registry.yarnpkg.com/array-union/-/array-union-2.1.0.tgz#b798420adbeb1de828d84acd8a2e23d3efe85e8d"
   integrity sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==
 
-asn1.js@^4.10.1:
-  version "4.10.1"
-  resolved "https://registry.yarnpkg.com/asn1.js/-/asn1.js-4.10.1.tgz#b9c2bf5805f1e64aadeed6df3a2bfafb5a73f5a0"
-  integrity sha512-p32cOF5q0Zqs9uBiONKYLm6BClCoBCM5O9JfeUSlnQLBTxYdTK+pW+nXflm8UkKd2UYlEbYz5qEi0JuZR9ckSw==
-  dependencies:
-    bn.js "^4.0.0"
-    inherits "^2.0.1"
-    minimalistic-assert "^1.0.0"
-
-assert@^2.0.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/assert/-/assert-2.1.0.tgz#6d92a238d05dc02e7427c881fb8be81c8448b2dd"
-  integrity sha512-eLHpSK/Y4nhMJ07gDaAzoX/XAKS8PSaojml3M0DM4JpV1LAi5JOJ/p6H/XWrl8L+DzVEvVCW1z3vWAaB9oTsQw==
-  dependencies:
-    call-bind "^1.0.2"
-    is-nan "^1.3.2"
-    object-is "^1.1.5"
-    object.assign "^4.1.4"
-    util "^0.12.5"
-
 astring@^1.8.0:
   version "1.8.6"
   resolved "https://registry.yarnpkg.com/astring/-/astring-1.8.6.tgz#2c9c157cf1739d67561c56ba896e6948f6b93731"
@@ -3061,7 +4962,7 @@ at-least-node@^1.0.0:
   resolved "https://registry.yarnpkg.com/at-least-node/-/at-least-node-1.0.0.tgz#602cd4b46e844ad4effc92a8011a3c46e0238dc2"
   integrity sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==
 
-autoprefixer@^10.4.13, autoprefixer@^10.4.14, autoprefixer@^10.4.19:
+autoprefixer@^10.4.13, autoprefixer@^10.4.19:
   version "10.4.19"
   resolved "https://registry.yarnpkg.com/autoprefixer/-/autoprefixer-10.4.19.tgz#ad25a856e82ee9d7898c59583c1afeb3fa65f89f"
   integrity sha512-BaENR2+zBZ8xXhM4pUaKUxlVdxZ0EZhjvbopwnXmxRUfqDmwSpC2lAi/QXvx7NRdPCo1WKEcEF6mV64si1z4Ew==
@@ -3073,24 +4974,22 @@ autoprefixer@^10.4.13, autoprefixer@^10.4.14, autoprefixer@^10.4.19:
     picocolors "^1.0.0"
     postcss-value-parser "^4.2.0"
 
-available-typed-arrays@^1.0.7:
-  version "1.0.7"
-  resolved "https://registry.yarnpkg.com/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz#a5cc375d6a03c2efc87a553f3e0b1522def14846"
-  integrity sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==
+autoprefixer@^10.4.21:
+  version "10.4.21"
+  resolved "https://registry.yarnpkg.com/autoprefixer/-/autoprefixer-10.4.21.tgz#77189468e7a8ad1d9a37fbc08efc9f480cf0a95d"
+  integrity sha512-O+A6LWV5LDHSJD3LjHYoNi4VLsj/Whi7k6zG12xTYaU4cQ8oxQGckXNX8cRHK5yOZ/ppVHe0ZBXGzSV9jXdVbQ==
   dependencies:
-    possible-typed-array-names "^1.0.0"
+    browserslist "^4.24.4"
+    caniuse-lite "^1.0.30001702"
+    fraction.js "^4.3.7"
+    normalize-range "^0.1.2"
+    picocolors "^1.1.1"
+    postcss-value-parser "^4.2.0"
 
-axios@^0.25.0:
-  version "0.25.0"
-  resolved "https://registry.yarnpkg.com/axios/-/axios-0.25.0.tgz#349cfbb31331a9b4453190791760a8d35b093e0a"
-  integrity sha512-cD8FOb0tRH3uuEe6+evtAbgJtfxr7ly3fQjYcMcuPlgkwVS9xboaVIpcDV+cYQe+yGykgwZCs1pzjntcGa6l5g==
-  dependencies:
-    follow-redirects "^1.14.7"
-
-babel-loader@^9.1.3:
-  version "9.1.3"
-  resolved "https://registry.yarnpkg.com/babel-loader/-/babel-loader-9.1.3.tgz#3d0e01b4e69760cc694ee306fe16d358aa1c6f9a"
-  integrity sha512-xG3ST4DglodGf8qSwv0MdeWLhrDsw/32QMdTO5T1ZIp9gQur0HkCyFs7Awskr10JKXFXwpAhiCuYX5oGXnRGbw==
+babel-loader@^9.2.1:
+  version "9.2.1"
+  resolved "https://registry.yarnpkg.com/babel-loader/-/babel-loader-9.2.1.tgz#04c7835db16c246dd19ba0914418f3937797587b"
+  integrity sha512-fqe8naHt46e0yIdkjUZYqddSXfej3AHajX+CSO5X7oy0EmPc6o5Xh+RClNoHjnieWz9AW4kZxW9yyFMhVB1QLA==
   dependencies:
     find-cache-dir "^4.0.0"
     schema-utils "^4.0.0"
@@ -3111,7 +5010,7 @@ babel-plugin-polyfill-corejs2@^0.4.10:
     "@babel/helper-define-polyfill-provider" "^0.6.2"
     semver "^6.3.1"
 
-babel-plugin-polyfill-corejs3@^0.10.1, babel-plugin-polyfill-corejs3@^0.10.4:
+babel-plugin-polyfill-corejs3@^0.10.4:
   version "0.10.4"
   resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.10.4.tgz#789ac82405ad664c20476d0233b485281deb9c77"
   integrity sha512-25J6I8NGfa5YkCDogHRID3fVCadIR8/pGl1/spvCkzb6lVn6SR3ojpx9nOn9iEBcUsjY24AmdKm5khcfKdylcg==
@@ -3119,6 +5018,14 @@ babel-plugin-polyfill-corejs3@^0.10.1, babel-plugin-polyfill-corejs3@^0.10.4:
     "@babel/helper-define-polyfill-provider" "^0.6.1"
     core-js-compat "^3.36.1"
 
+babel-plugin-polyfill-corejs3@^0.11.0:
+  version "0.11.1"
+  resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.11.1.tgz#4e4e182f1bb37c7ba62e2af81d8dd09df31344f6"
+  integrity sha512-yGCqvBT4rwMczo28xkH/noxJ6MZ4nJfkVYdoDaC/utLtWrXxv27HVrzAeSbqR8SxDsp46n0YF47EbHoixy6rXQ==
+  dependencies:
+    "@babel/helper-define-polyfill-provider" "^0.6.3"
+    core-js-compat "^3.40.0"
+
 babel-plugin-polyfill-regenerator@^0.6.1:
   version "0.6.2"
   resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.6.2.tgz#addc47e240edd1da1058ebda03021f382bba785e"
@@ -3165,16 +5072,6 @@ bl@^4.0.3:
     inherits "^2.0.4"
     readable-stream "^3.4.0"
 
-bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.11.9:
-  version "4.12.0"
-  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.12.0.tgz#775b3f278efbb9718eec7361f483fb36fbbfea88"
-  integrity sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==
-
-bn.js@^5.0.0, bn.js@^5.2.1:
-  version "5.2.1"
-  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-5.2.1.tgz#0bc527a6a0d18d0aa8d5b0538ce4a77dccfa7b70"
-  integrity sha512-eXRvHzWyYPBuB4NBy0cmYQjGitUrtqwbvlzP3G6VFnNRbsZQIxQ10PbKKHt8gZ/HW/D/747aDl+QkDqg3KQLMQ==
-
 body-parser@1.20.2:
   version "1.20.2"
   resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.20.2.tgz#6feb0e21c4724d06de7ff38da36dad4f57a747fd"
@@ -3256,74 +5153,7 @@ braces@^3.0.3, braces@~3.0.2:
   dependencies:
     fill-range "^7.1.1"
 
-brorand@^1.0.1, brorand@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/brorand/-/brorand-1.1.0.tgz#12c25efe40a45e3c323eb8675a0a0ce57b22371f"
-  integrity sha512-cKV8tMCEpQs4hK/ik71d6LrPOnpkpGBR0wzxqr68g2m/LB2GxVYQroAjMJZRVM1Y4BCjCKc3vAamxSzOY2RP+w==
-
-browserify-aes@^1.0.4, browserify-aes@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/browserify-aes/-/browserify-aes-1.2.0.tgz#326734642f403dabc3003209853bb70ad428ef48"
-  integrity sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA==
-  dependencies:
-    buffer-xor "^1.0.3"
-    cipher-base "^1.0.0"
-    create-hash "^1.1.0"
-    evp_bytestokey "^1.0.3"
-    inherits "^2.0.1"
-    safe-buffer "^5.0.1"
-
-browserify-cipher@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/browserify-cipher/-/browserify-cipher-1.0.1.tgz#8d6474c1b870bfdabcd3bcfcc1934a10e94f15f0"
-  integrity sha512-sPhkz0ARKbf4rRQt2hTpAHqn47X3llLkUGn+xEJzLjwY8LRs2p0v7ljvI5EyoRO/mexrNunNECisZs+gw2zz1w==
-  dependencies:
-    browserify-aes "^1.0.4"
-    browserify-des "^1.0.0"
-    evp_bytestokey "^1.0.0"
-
-browserify-des@^1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/browserify-des/-/browserify-des-1.0.2.tgz#3af4f1f59839403572f1c66204375f7a7f703e9c"
-  integrity sha512-BioO1xf3hFwz4kc6iBhI3ieDFompMhrMlnDFC4/0/vd5MokpuAc3R+LYbwTA9A5Yc9pq9UYPqffKpW2ObuwX5A==
-  dependencies:
-    cipher-base "^1.0.1"
-    des.js "^1.0.0"
-    inherits "^2.0.1"
-    safe-buffer "^5.1.2"
-
-browserify-rsa@^4.0.0, browserify-rsa@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/browserify-rsa/-/browserify-rsa-4.1.0.tgz#b2fd06b5b75ae297f7ce2dc651f918f5be158c8d"
-  integrity sha512-AdEER0Hkspgno2aR97SAf6vi0y0k8NuOpGnVH3O99rcA5Q6sh8QxcngtHuJ6uXwnfAXNM4Gn1Gb7/MV1+Ymbog==
-  dependencies:
-    bn.js "^5.0.0"
-    randombytes "^2.0.1"
-
-browserify-sign@^4.0.0:
-  version "4.2.3"
-  resolved "https://registry.yarnpkg.com/browserify-sign/-/browserify-sign-4.2.3.tgz#7afe4c01ec7ee59a89a558a4b75bd85ae62d4208"
-  integrity sha512-JWCZW6SKhfhjJxO8Tyiiy+XYB7cqd2S5/+WeYHsKdNKFlCBhKbblba1A/HN/90YwtxKc8tCErjffZl++UNmGiw==
-  dependencies:
-    bn.js "^5.2.1"
-    browserify-rsa "^4.1.0"
-    create-hash "^1.2.0"
-    create-hmac "^1.1.7"
-    elliptic "^6.5.5"
-    hash-base "~3.0"
-    inherits "^2.0.4"
-    parse-asn1 "^5.1.7"
-    readable-stream "^2.3.8"
-    safe-buffer "^5.2.1"
-
-browserify-zlib@^0.2.0:
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/browserify-zlib/-/browserify-zlib-0.2.0.tgz#2869459d9aa3be245fe8fe2ca1f46e2e7f54d73f"
-  integrity sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==
-  dependencies:
-    pako "~1.0.5"
-
-browserslist@^4.0.0, browserslist@^4.18.1, browserslist@^4.21.10, browserslist@^4.22.2, browserslist@^4.23.0:
+browserslist@^4.0.0, browserslist@^4.21.10, browserslist@^4.22.2, browserslist@^4.23.0:
   version "4.23.1"
   resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.23.1.tgz#ce4af0534b3d37db5c1a4ca98b9080f985041e96"
   integrity sha512-TUfofFo/KsK/bWZ9TWQ5O26tsWW4Uhmt8IYklbnUa70udB6P2wA7w7o4PY4muaEPBQaAX+CEnmmIA41NVHtPVw==
@@ -3333,6 +5163,16 @@ browserslist@^4.0.0, browserslist@^4.18.1, browserslist@^4.21.10, browserslist@^
     node-releases "^2.0.14"
     update-browserslist-db "^1.0.16"
 
+browserslist@^4.24.0, browserslist@^4.24.2, browserslist@^4.24.4, browserslist@^4.24.5:
+  version "4.24.5"
+  resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.24.5.tgz#aa0f5b8560fe81fde84c6dcb38f759bafba0e11b"
+  integrity sha512-FDToo4Wo82hIdgc1CQ+NQD0hEhmpPjrZ3hiUgwgOG6IuTdlpr8jdjyG24P6cNP1yJpTLzS5OcGgSw0xmDU1/Tw==
+  dependencies:
+    caniuse-lite "^1.0.30001716"
+    electron-to-chromium "^1.5.149"
+    node-releases "^2.0.19"
+    update-browserslist-db "^1.1.3"
+
 buffer-crc32@~0.2.3:
   version "0.2.13"
   resolved "https://registry.yarnpkg.com/buffer-crc32/-/buffer-crc32-0.2.13.tgz#0d333e3f00eac50aa1454abd30ef8c2a5d9a7242"
@@ -3343,11 +5183,6 @@ buffer-from@^1.0.0:
   resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.2.tgz#2b146a6fd72e80b4f55d255f35ed59a3a9a41bd5"
   integrity sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==
 
-buffer-xor@^1.0.3:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/buffer-xor/-/buffer-xor-1.0.3.tgz#26e61ed1422fb70dd42e6e36729ed51d855fe8d9"
-  integrity sha512-571s0T7nZWK6vB67HI5dyUF7wXiNcfaPPPTl6zYCNApANjIvYJTg7hlud/+cJpdAhS7dVzqMLmfhfHR3rAcOjQ==
-
 buffer@^5.2.1, buffer@^5.5.0:
   version "5.7.1"
   resolved "https://registry.yarnpkg.com/buffer/-/buffer-5.7.1.tgz#ba62e7c13133053582197160851a8f648e99eed0"
@@ -3364,11 +5199,6 @@ buffer@^6.0.3:
     base64-js "^1.3.1"
     ieee754 "^1.2.1"
 
-builtin-status-codes@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/builtin-status-codes/-/builtin-status-codes-3.0.0.tgz#85982878e21b98e1c66425e03d0174788f569ee8"
-  integrity sha512-HpGFw18DgFWlncDfjTa2rcQ4W88O1mC8e8yZ2AvQY5KDaktSTwo+KRf6nHK6FRI5FyRyb/5T6+TSxfP7QyGsmQ==
-
 bytes@3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.0.0.tgz#d32815404d689699f85a4ea4fa8755dd13a96048"
@@ -3397,7 +5227,15 @@ cacheable-request@^10.2.8:
     normalize-url "^8.0.0"
     responselike "^3.0.0"
 
-call-bind@^1.0.0, call-bind@^1.0.2, call-bind@^1.0.5, call-bind@^1.0.7:
+call-bind-apply-helpers@^1.0.1, call-bind-apply-helpers@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz#4b5428c222be985d79c3d82657479dbe0b59b2d6"
+  integrity sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==
+  dependencies:
+    es-errors "^1.3.0"
+    function-bind "^1.1.2"
+
+call-bind@^1.0.5, call-bind@^1.0.7:
   version "1.0.7"
   resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.7.tgz#06016599c40c56498c18769d2730be242b6fa3b9"
   integrity sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==
@@ -3408,6 +5246,14 @@ call-bind@^1.0.0, call-bind@^1.0.2, call-bind@^1.0.5, call-bind@^1.0.7:
     get-intrinsic "^1.2.4"
     set-function-length "^1.2.1"
 
+call-bound@^1.0.2:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/call-bound/-/call-bound-1.0.4.tgz#238de935d2a2a692928c538c7ccfa91067fd062a"
+  integrity sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==
+  dependencies:
+    call-bind-apply-helpers "^1.0.2"
+    get-intrinsic "^1.3.0"
+
 call-me-maybe@^1.0.1:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/call-me-maybe/-/call-me-maybe-1.0.2.tgz#03f964f19522ba643b1b0693acb9152fe2074baa"
@@ -3456,6 +5302,11 @@ caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001599, caniuse-lite@^1.0.30001629:
   resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001702.tgz"
   integrity sha512-LoPe/D7zioC0REI5W73PeR1e1MLCipRGq/VkovJnd6Df+QVqT+vT33OXCp8QUd7kA7RZrHWxb1B36OQKI/0gOA==
 
+caniuse-lite@^1.0.30001702, caniuse-lite@^1.0.30001716, caniuse-lite@^1.0.30001718:
+  version "1.0.30001718"
+  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001718.tgz#dae13a9c80d517c30c6197515a96131c194d8f82"
+  integrity sha512-AflseV1ahcSunK53NfEs9gFWgOEmzr0f+kaMFA4xiLZlr9Hzt7HxcSpIFcnNCUkz6R6dWKa54rUz3HUmI3nVcw==
+
 ccount@^2.0.0:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/ccount/-/ccount-2.0.1.tgz#17a3bf82302e0870d6da43a01311a8bc02a3ecf5"
@@ -3470,7 +5321,7 @@ chalk@^2.4.2:
     escape-string-regexp "^1.0.5"
     supports-color "^5.3.0"
 
-chalk@^4.0.0, chalk@^4.1.0, chalk@^4.1.2:
+chalk@^4.0.0, chalk@^4.1.2:
   version "4.1.2"
   resolved "https://registry.yarnpkg.com/chalk/-/chalk-4.1.2.tgz#aac4e2b7734a740867aeb16bf02aad556a1e7a01"
   integrity sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==
@@ -3525,7 +5376,7 @@ cheerio-select@^2.1.0:
     domhandler "^5.0.3"
     domutils "^3.0.1"
 
-cheerio@^1.0.0-rc.12:
+cheerio@1.0.0-rc.12:
   version "1.0.0-rc.12"
   resolved "https://registry.yarnpkg.com/cheerio/-/cheerio-1.0.0-rc.12.tgz#788bf7466506b1c6bf5fae51d24a2c4d62e47683"
   integrity sha512-VqR8m68vM46BNnuZ5NtnGBKIE/DfN0cRIzg9n40EIq9NOv90ayxLBXA8fXC5gquFRGJSTRqBq25Jt2ECLR431Q==
@@ -3538,7 +5389,26 @@ cheerio@^1.0.0-rc.12:
     parse5 "^7.0.0"
     parse5-htmlparser2-tree-adapter "^7.0.0"
 
-"chokidar@>=3.0.0 <4.0.0", chokidar@^3.4.2, chokidar@^3.5.3:
+chevrotain-allstar@~0.3.0:
+  version "0.3.1"
+  resolved "https://registry.yarnpkg.com/chevrotain-allstar/-/chevrotain-allstar-0.3.1.tgz#b7412755f5d83cc139ab65810cdb00d8db40e6ca"
+  integrity sha512-b7g+y9A0v4mxCW1qUhf3BSVPg+/NvGErk/dOkrDaHA0nQIQGAtrOjlX//9OQtRlSCy+x9rfB5N8yC71lH1nvMw==
+  dependencies:
+    lodash-es "^4.17.21"
+
+chevrotain@~11.0.3:
+  version "11.0.3"
+  resolved "https://registry.yarnpkg.com/chevrotain/-/chevrotain-11.0.3.tgz#88ffc1fb4b5739c715807eaeedbbf200e202fc1b"
+  integrity sha512-ci2iJH6LeIkvP9eJW6gpueU8cnZhv85ELY8w8WiFtNjMHA5ad6pQLaJo9mEly/9qUyCpvqX8/POVUTf18/HFdw==
+  dependencies:
+    "@chevrotain/cst-dts-gen" "11.0.3"
+    "@chevrotain/gast" "11.0.3"
+    "@chevrotain/regexp-to-ast" "11.0.3"
+    "@chevrotain/types" "11.0.3"
+    "@chevrotain/utils" "11.0.3"
+    lodash-es "4.17.21"
+
+chokidar@^3.5.3:
   version "3.6.0"
   resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.6.0.tgz#197c6cc669ef2a8dc5e7b4d97ee4e092c3eb0d5b"
   integrity sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==
@@ -3553,6 +5423,13 @@ cheerio@^1.0.0-rc.12:
   optionalDependencies:
     fsevents "~2.3.2"
 
+chokidar@^4.0.0:
+  version "4.0.3"
+  resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-4.0.3.tgz#7be37a4c03c9aee1ecfe862a4a23b2c70c205d30"
+  integrity sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==
+  dependencies:
+    readdirp "^4.0.1"
+
 chownr@^1.1.1:
   version "1.1.4"
   resolved "https://registry.yarnpkg.com/chownr/-/chownr-1.1.4.tgz#6fc9d7b42d32a583596337666e7d08084da2cc6b"
@@ -3568,14 +5445,6 @@ ci-info@^3.2.0:
   resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-3.9.0.tgz#4279a62028a7b1f262f3473fc9605f5e218c59b4"
   integrity sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==
 
-cipher-base@^1.0.0, cipher-base@^1.0.1, cipher-base@^1.0.3:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/cipher-base/-/cipher-base-1.0.4.tgz#8760e4ecc272f4c363532f926d874aae2c1397de"
-  integrity sha512-Kkht5ye6ZGmwv40uUDZztayT2ThLQGfnj/T71N/XzeZeo3nf8foyW7zGTsPYkEya3m5f3cAypH+qe7YOrM1U2Q==
-  dependencies:
-    inherits "^2.0.1"
-    safe-buffer "^5.0.1"
-
 clean-css@^5.2.2, clean-css@^5.3.2, clean-css@~5.3.2:
   version "5.3.3"
   resolved "https://registry.yarnpkg.com/clean-css/-/clean-css-5.3.3.tgz#b330653cd3bd6b75009cc25c714cae7b93351ccd"
@@ -3768,6 +5637,16 @@ concat-map@0.0.1:
   resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
   integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==
 
+confbox@^0.1.8:
+  version "0.1.8"
+  resolved "https://registry.yarnpkg.com/confbox/-/confbox-0.1.8.tgz#820d73d3b3c82d9bd910652c5d4d599ef8ff8b06"
+  integrity sha512-RMtmw0iFkeR4YV+fUOSucriAQNb9g8zFR52MWCtl+cCZOFRNL6zeB395vPzFhEjjn4fMxXudmELnl/KF/WrK6w==
+
+confbox@^0.2.1:
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/confbox/-/confbox-0.2.2.tgz#8652f53961c74d9e081784beed78555974a9c110"
+  integrity sha512-1NB+BKqhtNipMsov4xI/NnhCKp9XG9NamYp5PVm9klAT0fsrNPjaFICsCFhNhwZJKNh7zB/3q8qXz0E9oaMNtQ==
+
 config-chain@^1.1.11:
   version "1.1.13"
   resolved "https://registry.yarnpkg.com/config-chain/-/config-chain-1.1.13.tgz#fad0795aa6a6cdaff9ed1b68e9dff94372c232f4"
@@ -3792,20 +5671,10 @@ connect-history-api-fallback@^2.0.0:
   resolved "https://registry.yarnpkg.com/connect-history-api-fallback/-/connect-history-api-fallback-2.0.0.tgz#647264845251a0daf25b97ce87834cace0f5f1c8"
   integrity sha512-U73+6lQFmfiNPrYbXqr6kZ1i1wiRqXnp2nhMsINseWXO8lDau0LGEffJ8kQi4EjLZympVgRdvqjAgiZ1tgzDDA==
 
-consola@^2.15.3:
-  version "2.15.3"
-  resolved "https://registry.yarnpkg.com/consola/-/consola-2.15.3.tgz#2e11f98d6a4be71ff72e0bdf07bd23e12cb61550"
-  integrity sha512-9vAdYbHj6x2fLKC4+oPH0kFzY/orMZyG2Aj+kNylHxKGJ/Ed4dpNyAQYwJOdqO4zdM7XpVHmyejQDcQHrnuXbw==
-
-console-browserify@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/console-browserify/-/console-browserify-1.2.0.tgz#67063cef57ceb6cf4993a2ab3a55840ae8c49336"
-  integrity sha512-ZMkYO/LkF17QvCPqM0gxw8yUzigAOZOSWSHg91FH6orS7vcEj5dVZTidN2fQ14yBSdg97RqhSNwLUXInd52OTA==
-
-constants-browserify@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/constants-browserify/-/constants-browserify-1.0.0.tgz#c20b96d8c617748aaf1c16021760cd27fcb8cb75"
-  integrity sha512-xFxOwqIzR/e1k1gLiWEophSCMqXcwVHIH7akf7b/vxcUeGunlj3hvZaaqxwHsTgn+IndtkQJgSztIDWeumWJDQ==
+consola@^3.2.3:
+  version "3.4.2"
+  resolved "https://registry.yarnpkg.com/consola/-/consola-3.4.2.tgz#5af110145397bb67afdab77013fdc34cae590ea7"
+  integrity sha512-5IKcdX0nnYavi6G7TtOhwkYzyjfJlatbjMjuLSfE2kYT5pMDOilZ4OvMhi637CcDICTmz3wARPoyhqyX1Y+XvA==
 
 content-disposition@0.5.2:
   version "0.5.2"
@@ -3870,6 +5739,13 @@ core-js-compat@^3.31.0, core-js-compat@^3.36.1:
   dependencies:
     browserslist "^4.23.0"
 
+core-js-compat@^3.40.0:
+  version "3.42.0"
+  resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.42.0.tgz#ce19c29706ee5806e26d3cb3c542d4cfc0ed51bb"
+  integrity sha512-bQasjMfyDGyaeWKBIu33lHh9qlSR0MFE/Nmc6nMjf/iU9b3rSMdAYz1Baxrv4lPdGUsTqZudHA4jIGSJy0SWZQ==
+  dependencies:
+    browserslist "^4.24.4"
+
 core-js-pure@^3.30.2:
   version "3.37.1"
   resolved "https://registry.yarnpkg.com/core-js-pure/-/core-js-pure-3.37.1.tgz#2b4b34281f54db06c9a9a5bd60105046900553bd"
@@ -3892,16 +5768,12 @@ cose-base@^1.0.0:
   dependencies:
     layout-base "^1.0.0"
 
-cosmiconfig@^6.0.0:
-  version "6.0.0"
-  resolved "https://registry.yarnpkg.com/cosmiconfig/-/cosmiconfig-6.0.0.tgz#da4fee853c52f6b1e6935f41c1a2fc50bd4a9982"
-  integrity sha512-xb3ZL6+L8b9JLLCx3ZdoZy4+2ECphCMo2PwqgP1tlfVq6M6YReyzBJtvWWtbDSpNr9hn96pkCiZqUcFEc+54Qg==
+cose-base@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/cose-base/-/cose-base-2.2.0.tgz#1c395c35b6e10bb83f9769ca8b817d614add5c01"
+  integrity sha512-AzlgcsCbUMymkADOJtQm3wO9S3ltPfYOFD5033keQn9NJzIbtnZj+UdBJe7DYml/8TdbtHJW3j58SOnKhWY/5g==
   dependencies:
-    "@types/parse-json" "^4.0.0"
-    import-fresh "^3.1.0"
-    parse-json "^5.0.0"
-    path-type "^4.0.0"
-    yaml "^1.7.2"
+    layout-base "^2.0.0"
 
 cosmiconfig@^8.1.3, cosmiconfig@^8.3.5:
   version "8.3.6"
@@ -3913,37 +5785,6 @@ cosmiconfig@^8.1.3, cosmiconfig@^8.3.5:
     parse-json "^5.2.0"
     path-type "^4.0.0"
 
-create-ecdh@^4.0.0:
-  version "4.0.4"
-  resolved "https://registry.yarnpkg.com/create-ecdh/-/create-ecdh-4.0.4.tgz#d6e7f4bffa66736085a0762fd3a632684dabcc4e"
-  integrity sha512-mf+TCx8wWc9VpuxfP2ht0iSISLZnt0JgWlrOKZiNqyUZWnjIaCIVNQArMHnCZKfEYRg6IM7A+NeJoN8gf/Ws0A==
-  dependencies:
-    bn.js "^4.1.0"
-    elliptic "^6.5.3"
-
-create-hash@^1.1.0, create-hash@^1.1.2, create-hash@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/create-hash/-/create-hash-1.2.0.tgz#889078af11a63756bcfb59bd221996be3a9ef196"
-  integrity sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg==
-  dependencies:
-    cipher-base "^1.0.1"
-    inherits "^2.0.1"
-    md5.js "^1.3.4"
-    ripemd160 "^2.0.1"
-    sha.js "^2.4.0"
-
-create-hmac@^1.1.0, create-hmac@^1.1.4, create-hmac@^1.1.7:
-  version "1.1.7"
-  resolved "https://registry.yarnpkg.com/create-hmac/-/create-hmac-1.1.7.tgz#69170c78b3ab957147b2b8b04572e47ead2243ff"
-  integrity sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg==
-  dependencies:
-    cipher-base "^1.0.3"
-    create-hash "^1.1.0"
-    inherits "^2.0.1"
-    ripemd160 "^2.0.0"
-    safe-buffer "^5.0.1"
-    sha.js "^2.4.8"
-
 cross-fetch@3.1.5:
   version "3.1.5"
   resolved "https://registry.yarnpkg.com/cross-fetch/-/cross-fetch-3.1.5.tgz#e1389f44d9e7ba767907f7af8454787952ab534f"
@@ -3960,23 +5801,6 @@ cross-spawn@^7.0.0, cross-spawn@^7.0.3:
     shebang-command "^2.0.0"
     which "^2.0.1"
 
-crypto-browserify@^3.12.0:
-  version "3.12.0"
-  resolved "https://registry.yarnpkg.com/crypto-browserify/-/crypto-browserify-3.12.0.tgz#396cf9f3137f03e4b8e532c58f698254e00f80ec"
-  integrity sha512-fz4spIh+znjO2VjL+IdhEpRJ3YN6sMzITSBijk6FK2UvTqruSQW+/cCZTSNsMiZNvUeq0CqurF+dAbyiGOY6Wg==
-  dependencies:
-    browserify-cipher "^1.0.0"
-    browserify-sign "^4.0.0"
-    create-ecdh "^4.0.0"
-    create-hash "^1.1.0"
-    create-hmac "^1.1.0"
-    diffie-hellman "^5.0.0"
-    inherits "^2.0.1"
-    pbkdf2 "^3.0.3"
-    public-encrypt "^4.0.0"
-    randombytes "^2.0.0"
-    randomfill "^1.0.3"
-
 crypto-js@^4.1.1:
   version "4.2.0"
   resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-4.2.0.tgz#4d931639ecdfd12ff80e8186dba6af2c2e856631"
@@ -3989,11 +5813,27 @@ crypto-random-string@^4.0.0:
   dependencies:
     type-fest "^1.0.1"
 
+css-blank-pseudo@^7.0.1:
+  version "7.0.1"
+  resolved "https://registry.yarnpkg.com/css-blank-pseudo/-/css-blank-pseudo-7.0.1.tgz#32020bff20a209a53ad71b8675852b49e8d57e46"
+  integrity sha512-jf+twWGDf6LDoXDUode+nc7ZlrqfaNphrBIBrcmeP3D8yw1uPaix1gCC8LUQUGQ6CycuK2opkbFFWFuq/a94ag==
+  dependencies:
+    postcss-selector-parser "^7.0.0"
+
 css-declaration-sorter@^7.2.0:
   version "7.2.0"
   resolved "https://registry.yarnpkg.com/css-declaration-sorter/-/css-declaration-sorter-7.2.0.tgz#6dec1c9523bc4a643e088aab8f09e67a54961024"
   integrity sha512-h70rUM+3PNFuaBDTLe8wF/cdWu+dOZmb7pJt8Z2sedYbAcQVQV/tEchueg3GWxwqS0cxtbxmaHEdkNACqcvsow==
 
+css-has-pseudo@^7.0.2:
+  version "7.0.2"
+  resolved "https://registry.yarnpkg.com/css-has-pseudo/-/css-has-pseudo-7.0.2.tgz#fb42e8de7371f2896961e1f6308f13c2c7019b72"
+  integrity sha512-nzol/h+E0bId46Kn2dQH5VElaknX2Sr0hFuB/1EomdC7j+OISt2ZzK7EHX9DZDY53WbIVAR7FYKSO2XnSf07MQ==
+  dependencies:
+    "@csstools/selector-specificity" "^5.0.0"
+    postcss-selector-parser "^7.0.0"
+    postcss-value-parser "^4.2.0"
+
 css-loader@^6.8.1:
   version "6.11.0"
   resolved "https://registry.yarnpkg.com/css-loader/-/css-loader-6.11.0.tgz#33bae3bf6363d0a7c2cf9031c96c744ff54d85ba"
@@ -4020,6 +5860,11 @@ css-minimizer-webpack-plugin@^5.0.1:
     schema-utils "^4.0.1"
     serialize-javascript "^6.0.1"
 
+css-prefers-color-scheme@^10.0.0:
+  version "10.0.0"
+  resolved "https://registry.yarnpkg.com/css-prefers-color-scheme/-/css-prefers-color-scheme-10.0.0.tgz#ba001b99b8105b8896ca26fc38309ddb2278bd3c"
+  integrity sha512-VCtXZAWivRglTZditUfB4StnsWr6YVZ2PRtuxQLKTNRdtAf8tpzaVPE9zXIF3VaSc7O70iK/j1+NXxyQCqdPjQ==
+
 css-select@^4.1.3:
   version "4.3.0"
   resolved "https://registry.yarnpkg.com/css-select/-/css-select-4.3.0.tgz#db7129b2846662fd8628cfc496abb2b59e41529b"
@@ -4063,6 +5908,11 @@ css-what@^6.0.1, css-what@^6.1.0:
   resolved "https://registry.yarnpkg.com/css-what/-/css-what-6.1.0.tgz#fb5effcf76f1ddea2c81bdfaa4de44e79bac70f4"
   integrity sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw==
 
+cssdb@^8.3.0:
+  version "8.3.0"
+  resolved "https://registry.yarnpkg.com/cssdb/-/cssdb-8.3.0.tgz#940becad497b8509ad822a28fb0cfe54c969ccfe"
+  integrity sha512-c7bmItIg38DgGjSwDPZOYF/2o0QU/sSgkWOMyl8votOfgFuyiFKWPesmCGEsrGLxEA9uL540cp8LdaGEjUGsZQ==
+
 cssesc@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/cssesc/-/cssesc-3.0.0.tgz#37741919903b868565e1c09ea747445cd18983ee"
@@ -4149,10 +5999,17 @@ cytoscape-cose-bilkent@^4.1.0:
   dependencies:
     cose-base "^1.0.0"
 
-cytoscape@^3.28.1:
-  version "3.29.2"
-  resolved "https://registry.yarnpkg.com/cytoscape/-/cytoscape-3.29.2.tgz#c99f42513c80a75e2e94858add32896c860202ac"
-  integrity sha512-2G1ycU28Nh7OHT9rkXRLpCDP30MKH1dXJORZuBhtEhEW7pKwgPi77ImqlCWinouyE1PNepIOGZBOrE84DG7LyQ==
+cytoscape-fcose@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/cytoscape-fcose/-/cytoscape-fcose-2.2.0.tgz#e4d6f6490df4fab58ae9cea9e5c3ab8d7472f471"
+  integrity sha512-ki1/VuRIHFCzxWNrsshHYPs6L7TvLu3DL+TyIGEsRcvVERmxokbf5Gdk7mFxZnTdiGtnA4cfSmjZJMviqSuZrQ==
+  dependencies:
+    cose-base "^2.2.0"
+
+cytoscape@^3.29.3:
+  version "3.32.0"
+  resolved "https://registry.yarnpkg.com/cytoscape/-/cytoscape-3.32.0.tgz#34bc2402c9bc7457ab7d9492745f034b7bf47644"
+  integrity sha512-5JHBC9n75kz5851jeklCPmZWcg3hUe6sjqJvyk3+hVqFaKcHwHgxsjeN1yLmggoUc6STbtm9/NQyabQehfjvWQ==
 
 "d3-array@1 - 2":
   version "2.12.1"
@@ -4389,7 +6246,7 @@ d3-zoom@3:
     d3-selection "2 - 3"
     d3-transition "2 - 3"
 
-d3@^7.4.0, d3@^7.8.2:
+d3@^7.9.0:
   version "7.9.0"
   resolved "https://registry.yarnpkg.com/d3/-/d3-7.9.0.tgz#579e7acb3d749caf8860bd1741ae8d371070cd5d"
   integrity sha512-e1U46jVP+w7Iut8Jt8ri1YsPOvFpg46k+K8TpCb0P+zjCkjkPnV7WzfDJzMHy1LnA+wj5pLT1wjO901gLXeEhA==
@@ -4425,25 +6282,25 @@ d3@^7.4.0, d3@^7.8.2:
     d3-transition "3"
     d3-zoom "3"
 
-dagre-d3-es@7.0.10:
-  version "7.0.10"
-  resolved "https://registry.yarnpkg.com/dagre-d3-es/-/dagre-d3-es-7.0.10.tgz#19800d4be674379a3cd8c86a8216a2ac6827cadc"
-  integrity sha512-qTCQmEhcynucuaZgY5/+ti3X/rnszKZhEQH/ZdWdtP1tA/y3VoHJzcVrO9pjjJCNpigfscAtoUB5ONcd2wNn0A==
+dagre-d3-es@7.0.11:
+  version "7.0.11"
+  resolved "https://registry.yarnpkg.com/dagre-d3-es/-/dagre-d3-es-7.0.11.tgz#2237e726c0577bfe67d1a7cfd2265b9ab2c15c40"
+  integrity sha512-tvlJLyQf834SylNKax8Wkzco/1ias1OPw8DcUMDE7oUIoSEW25riQVuiu/0OWEFqT0cxHT3Pa9/D82Jr47IONw==
   dependencies:
-    d3 "^7.8.2"
+    d3 "^7.9.0"
     lodash-es "^4.17.21"
 
-dayjs@^1.11.7:
-  version "1.11.11"
-  resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.11.11.tgz#dfe0e9d54c5f8b68ccf8ca5f72ac603e7e5ed59e"
-  integrity sha512-okzr3f11N6WuqYtZSvm+F776mB41wRZMhKP+hc34YdW+KmtYYK9iqvHSwo2k9FEH3fhGXvOPV6yz2IcSrfRUDg==
+dayjs@^1.11.13:
+  version "1.11.13"
+  resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.11.13.tgz#92430b0139055c3ebb60150aa13e860a4b5a366c"
+  integrity sha512-oaMBel6gjolK862uaPQOVTA7q3TZhuSvuMQAAglQDOWYO9A91IrAOUJEyKVlqJlHE0vq5p5UXxzdPfMH/x6xNg==
 
 debounce@^1.2.1:
   version "1.2.1"
   resolved "https://registry.yarnpkg.com/debounce/-/debounce-1.2.1.tgz#38881d8f4166a5c5848020c11827b834bcb3e0a5"
   integrity sha512-XRRe6Glud4rd/ZGQfiV1ruXSfbvfJedlV9Y6zOlP+2K04vBYiJEte6stfFkCP03aMnY5tsipamumUjL14fofug==
 
-debug@2.6.9, debug@^2.6.0:
+debug@2.6.9:
   version "2.6.9"
   resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f"
   integrity sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==
@@ -4464,6 +6321,13 @@ debug@4.3.4:
   dependencies:
     ms "2.1.2"
 
+debug@^4.4.0:
+  version "4.4.1"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-4.4.1.tgz#e5a8bc6cbc4c6cd3e64308b0693a3d4fa550189b"
+  integrity sha512-KcKCqiftBJcZr++7ykoDIEwSa3XWowTfNPo92BYxjXiyYEVrUQh2aLyhxBCwww+heortUFxEJYcRzosstTEBYQ==
+  dependencies:
+    ms "^2.1.3"
+
 decode-named-character-reference@^1.0.0:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/decode-named-character-reference/-/decode-named-character-reference-1.0.2.tgz#daabac9690874c394c81e4162a0304b35d824f0e"
@@ -4483,7 +6347,7 @@ deep-extend@^0.6.0:
   resolved "https://registry.yarnpkg.com/deep-extend/-/deep-extend-0.6.0.tgz#c4fa7c95404a17a9c3e8ca7e1537312b736330ac"
   integrity sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==
 
-deepmerge@^4.0.0, deepmerge@^4.2.2, deepmerge@^4.3.1:
+deepmerge@^4.0.0, deepmerge@^4.3.1:
   version "4.3.1"
   resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.3.1.tgz#44b5f2147cd3b00d4b56137685966f26fd25dd4a"
   integrity sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==
@@ -4514,7 +6378,7 @@ define-lazy-prop@^2.0.0:
   resolved "https://registry.yarnpkg.com/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz#3f7ae421129bcaaac9bc74905c98a0009ec9ee7f"
   integrity sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==
 
-define-properties@^1.1.3, define-properties@^1.2.1:
+define-properties@^1.2.1:
   version "1.2.1"
   resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.2.1.tgz#10781cc616eb951a80a034bafcaa7377f6af2b6c"
   integrity sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==
@@ -4523,20 +6387,6 @@ define-properties@^1.1.3, define-properties@^1.2.1:
     has-property-descriptors "^1.0.0"
     object-keys "^1.1.1"
 
-del@^6.1.1:
-  version "6.1.1"
-  resolved "https://registry.yarnpkg.com/del/-/del-6.1.1.tgz#3b70314f1ec0aa325c6b14eb36b95786671edb7a"
-  integrity sha512-ua8BhapfP0JUJKC/zV9yHHDW/rDoDxP4Zhn3AkA6/xT6gY7jYXJiaeyBZznYVujhZZET+UgcbZiQ7sN3WqcImg==
-  dependencies:
-    globby "^11.0.1"
-    graceful-fs "^4.2.4"
-    is-glob "^4.0.1"
-    is-path-cwd "^2.2.0"
-    is-path-inside "^3.0.2"
-    p-map "^4.0.0"
-    rimraf "^3.0.2"
-    slash "^3.0.0"
-
 delaunator@5:
   version "5.0.1"
   resolved "https://registry.yarnpkg.com/delaunator/-/delaunator-5.0.1.tgz#39032b08053923e924d6094fe2cde1a99cc51278"
@@ -4559,32 +6409,26 @@ dequal@^2.0.0:
   resolved "https://registry.yarnpkg.com/dequal/-/dequal-2.0.3.tgz#2644214f1997d39ed0ee0ece72335490a7ac67be"
   integrity sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==
 
-des.js@^1.0.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/des.js/-/des.js-1.1.0.tgz#1d37f5766f3bbff4ee9638e871a8768c173b81da"
-  integrity sha512-r17GxjhUCjSRy8aiJpr8/UadFIzMzJGexI3Nmz4ADi9LYSFx4gTBp80+NaX/YsXWWLhpZ7v/v/ubEc/bCNfKwg==
-  dependencies:
-    inherits "^2.0.1"
-    minimalistic-assert "^1.0.0"
-
 destroy@1.2.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/destroy/-/destroy-1.2.0.tgz#4803735509ad8be552934c67df614f94e66fa015"
   integrity sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==
 
+detect-libc@^1.0.3:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-1.0.3.tgz#fa137c4bd698edf55cd5cd02ac559f91a4c4ba9b"
+  integrity sha512-pGjwhsmsp4kL2RTz08wcOlGN83otlqHeD/Z5T8GXZB+/YcpQ/dgo+lbU8ZsGxV0HIvqqxo9l7mqYwyYMD9bKDg==
+
+detect-libc@^2.0.3:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-2.0.4.tgz#f04715b8ba815e53b4d8109655b6508a6865a7e8"
+  integrity sha512-3UDv+G9CsCKO1WKMGw9fwq/SWJYbI0c5Y7LU1AXYoDdbhE2AHQ6N6Nb34sG8Fj7T5APy8qXDCKuuIHd1BR0tVA==
+
 detect-node@^2.0.4:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/detect-node/-/detect-node-2.1.0.tgz#c9c70775a49c3d03bc2c06d9a73be550f978f8b1"
   integrity sha512-T0NIuQpnTvFDATNuHN5roPwSBG83rFsuO+MXXH9/3N1eFbn4wcPjttvjMLEPWJ0RGUYgQE7cGgS3tNxbqCGM7g==
 
-detect-port-alt@^1.1.6:
-  version "1.1.6"
-  resolved "https://registry.yarnpkg.com/detect-port-alt/-/detect-port-alt-1.1.6.tgz#24707deabe932d4a3cf621302027c2b266568275"
-  integrity sha512-5tQykt+LqfJFBEYaDITx7S7cR7mJ/zQmLXZ2qt5w04ainYZw6tBf9dBunMjVeVOdYVRUzUOE4HkY5J7+uttb5Q==
-  dependencies:
-    address "^1.0.1"
-    debug "^2.6.0"
-
 detect-port@^1.5.1:
   version "1.6.1"
   resolved "https://registry.yarnpkg.com/detect-port/-/detect-port-1.6.1.tgz#45e4073997c5f292b957cb678fb0bb8ed4250a67"
@@ -4615,15 +6459,6 @@ diff@^5.0.0:
   resolved "https://registry.yarnpkg.com/diff/-/diff-5.2.0.tgz#26ded047cd1179b78b9537d5ef725503ce1ae531"
   integrity sha512-uIFDxqpRZGZ6ThOk84hEfqWoHx2devRFvpTZcTHur85vImfaxUbTW9Ryh4CpCuDnToOP1CEtXKIgytHBPVff5A==
 
-diffie-hellman@^5.0.0:
-  version "5.0.3"
-  resolved "https://registry.yarnpkg.com/diffie-hellman/-/diffie-hellman-5.0.3.tgz#40e8ee98f55a2149607146921c63e1ae5f3d2875"
-  integrity sha512-kqag/Nl+f3GwyK25fhUMYj81BUOrZ9IuJsjIcDE5icNM9FJHAVm3VcUDxdLPoQtTuUylWm6ZIknYJwwaPxsUzg==
-  dependencies:
-    bn.js "^4.1.0"
-    miller-rabin "^4.0.0"
-    randombytes "^2.0.0"
-
 dir-glob@^3.0.1:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/dir-glob/-/dir-glob-3.0.1.tgz#56dbf73d992a4a93ba1584f4534063fd2e41717f"
@@ -4643,29 +6478,26 @@ dns-packet@^5.2.2:
   dependencies:
     "@leichtgewicht/ip-codec" "^2.0.1"
 
-docusaurus-plugin-image-zoom@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/docusaurus-plugin-image-zoom/-/docusaurus-plugin-image-zoom-1.0.1.tgz#17afec39f2e630cac50a4ed3a8bbdad8d0aa8b9d"
-  integrity sha512-96IpSKUx2RWy3db9aZ0s673OQo5DWgV9UVWouS+CPOSIVEdCWh6HKmWf6tB9rsoaiIF3oNn9keiyv6neEyKb1Q==
+docusaurus-plugin-image-zoom@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/docusaurus-plugin-image-zoom/-/docusaurus-plugin-image-zoom-3.0.1.tgz#76095fdc288b58d351d19bf902bd3c0a3113ec09"
+  integrity sha512-mQrqA99VpoMQJNbi02qkWAMVNC4+kwc6zLLMNzraHAJlwn+HrlUmZSEDcTwgn+H4herYNxHKxveE2WsYy73eGw==
   dependencies:
-    medium-zoom "^1.0.6"
+    medium-zoom "^1.1.0"
     validate-peer-dependencies "^2.2.0"
 
-docusaurus-plugin-openapi-docs@3.0.1, docusaurus-plugin-openapi-docs@^3.0.1:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/docusaurus-plugin-openapi-docs/-/docusaurus-plugin-openapi-docs-3.0.1.tgz#954fdc4103d7e47133aede210a98353b3e0f0f99"
-  integrity sha512-6SRqwey/TXMNu2G02mbWgxrifhpjGOjDr30N+58AR0Ytgc+HXMqlPAUIvTe+e7sOBfAtBbiNlmOWv5KSYIjf3w==
+docusaurus-plugin-openapi-docs@4.4.0:
+  version "4.4.0"
+  resolved "https://registry.yarnpkg.com/docusaurus-plugin-openapi-docs/-/docusaurus-plugin-openapi-docs-4.4.0.tgz#010b2bfc57aeac1b62c41bf1ef386dcc52c5e91f"
+  integrity sha512-VFW0euAyM6i6U6Q2WrNXkp1LnxQFGszZbmloMFYrs1qwBjPLkuHfQ4OJMXGDsGcGl4zNDJ9cwODmJlmdwl1hwg==
   dependencies:
     "@apidevtools/json-schema-ref-parser" "^11.5.4"
-    "@docusaurus/plugin-content-docs" "^3.0.1"
-    "@docusaurus/utils" "^3.0.1"
-    "@docusaurus/utils-validation" "^3.0.1"
     "@redocly/openapi-core" "^1.10.5"
+    allof-merge "^0.6.6"
     chalk "^4.1.2"
     clsx "^1.1.1"
     fs-extra "^9.0.1"
     json-pointer "^0.6.2"
-    json-schema-merge-allof "^0.8.1"
     json5 "^2.2.3"
     lodash "^4.17.20"
     mustache "^4.2.0"
@@ -4675,13 +6507,6 @@ docusaurus-plugin-openapi-docs@3.0.1, docusaurus-plugin-openapi-docs@^3.0.1:
     swagger2openapi "^7.0.8"
     xml-formatter "^2.6.1"
 
-docusaurus-plugin-sass@^0.2.3:
-  version "0.2.5"
-  resolved "https://registry.yarnpkg.com/docusaurus-plugin-sass/-/docusaurus-plugin-sass-0.2.5.tgz#6bfb8a227ac6265be685dcbc24ba1989e27b8005"
-  integrity sha512-Z+D0fLFUKcFpM+bqSUmqKIU+vO+YF1xoEQh5hoFreg2eMf722+siwXDD+sqtwU8E4MvVpuvsQfaHwODNlxJAEg==
-  dependencies:
-    sass-loader "^10.1.1"
-
 docusaurus-theme-github-codeblock@^2.0.2:
   version "2.0.2"
   resolved "https://registry.yarnpkg.com/docusaurus-theme-github-codeblock/-/docusaurus-theme-github-codeblock-2.0.2.tgz#88b7044b81f9091330e8e4a07a1bdc9114a9fb93"
@@ -4689,25 +6514,25 @@ docusaurus-theme-github-codeblock@^2.0.2:
   dependencies:
     "@docusaurus/types" "^3.0.0"
 
-docusaurus-theme-openapi-docs@3.0.1:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/docusaurus-theme-openapi-docs/-/docusaurus-theme-openapi-docs-3.0.1.tgz#49789c63377f294e624a9632eddb8265a421020f"
-  integrity sha512-tqypV91tC3wuWj9O+4n0M/e5AgHOeMT2nvPj1tjlPkC7/dLinZvpwQStT4YDUPYSoHRseqxd7lhivFQHcmlryg==
+docusaurus-theme-openapi-docs@4.4.0:
+  version "4.4.0"
+  resolved "https://registry.yarnpkg.com/docusaurus-theme-openapi-docs/-/docusaurus-theme-openapi-docs-4.4.0.tgz#601eb34d43fa49c6fe1418f3fed06e3044ce377f"
+  integrity sha512-wmc2b946rqBcdjgEHi6Up7e8orasYk5RnIUerTfmZ/Hi006I8FIjMnJEmHAF6t5PbFiiYnlkB6vYK0CC5xBnCQ==
   dependencies:
-    "@docusaurus/theme-common" "^3.0.1"
     "@hookform/error-message" "^2.0.1"
     "@reduxjs/toolkit" "^1.7.1"
+    allof-merge "^0.6.6"
+    buffer "^6.0.3"
     clsx "^1.1.1"
     copy-text-to-clipboard "^3.1.0"
     crypto-js "^4.1.1"
-    docusaurus-plugin-openapi-docs "^3.0.1"
-    docusaurus-plugin-sass "^0.2.3"
     file-saver "^2.0.5"
     lodash "^4.17.20"
-    node-polyfill-webpack-plugin "^2.0.1"
+    pako "^2.1.0"
     postman-code-generators "^1.10.1"
     postman-collection "^4.4.0"
     prism-react-renderer "^2.3.0"
+    process "^0.11.10"
     react-hook-form "^7.43.8"
     react-live "^4.0.0"
     react-magic-dropzone "^1.0.1"
@@ -4715,9 +6540,11 @@ docusaurus-theme-openapi-docs@3.0.1:
     react-modal "^3.15.1"
     react-redux "^7.2.0"
     rehype-raw "^6.1.1"
-    sass "^1.58.1"
-    sass-loader "^13.3.2"
-    webpack "^5.61.0"
+    remark-gfm "3.0.1"
+    sass "^1.80.4"
+    sass-loader "^16.0.2"
+    unist-util-visit "^5.0.0"
+    url "^0.11.1"
     xml-formatter "^2.6.1"
 
 dom-converter@^0.2.0:
@@ -4745,11 +6572,6 @@ dom-serializer@^2.0.0:
     domhandler "^5.0.2"
     entities "^4.2.0"
 
-domain-browser@^4.22.0:
-  version "4.23.0"
-  resolved "https://registry.yarnpkg.com/domain-browser/-/domain-browser-4.23.0.tgz#427ebb91efcb070f05cffdfb8a4e9a6c25f8c94b"
-  integrity sha512-ArzcM/II1wCCujdCNyQjXrAFwS4mrLh4C7DZWlaI8mdh7h3BfKdNd3bKXITfl2PT9FtfQqaGvhi1vPRQPimjGA==
-
 domelementtype@^2.0.1, domelementtype@^2.2.0, domelementtype@^2.3.0:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-2.3.0.tgz#5c45e8e869952626331d7aab326d01daf65d589d"
@@ -4769,10 +6591,12 @@ domhandler@^5.0.2, domhandler@^5.0.3:
   dependencies:
     domelementtype "^2.3.0"
 
-dompurify@^3.0.5:
-  version "3.1.5"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.1.5.tgz#2c6a113fc728682a0f55684b1388c58ddb79dc38"
-  integrity sha512-lwG+n5h8QNpxtyrJW/gJWckL+1/DQiYMX8f7t8Z2AZTPw1esVrqjI63i7Zc2Gz0aKzLVMYC1V1PL/ky+aY/NgA==
+dompurify@^3.2.4:
+  version "3.2.6"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.6.tgz#ca040a6ad2b88e2a92dc45f38c79f84a714a1cad"
+  integrity sha512-/2GogDQlohXPZe6D6NOgQvXLPSYBqIWMnZ8zzOhn09REE4eyAzb+Hed3jhoM9OkuaJ8P6ZGTTVWQKAi8ieIzfQ==
+  optionalDependencies:
+    "@types/trusted-types" "^2.0.7"
 
 domutils@^2.5.2, domutils@^2.8.0:
   version "2.8.0"
@@ -4807,6 +6631,15 @@ dot-prop@^6.0.1:
   dependencies:
     is-obj "^2.0.0"
 
+dunder-proto@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/dunder-proto/-/dunder-proto-1.0.1.tgz#d7ae667e1dc83482f8b70fd0f6eefc50da30f58a"
+  integrity sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==
+  dependencies:
+    call-bind-apply-helpers "^1.0.1"
+    es-errors "^1.3.0"
+    gopd "^1.2.0"
+
 duplexer@^0.1.2:
   version "0.1.2"
   resolved "https://registry.yarnpkg.com/duplexer/-/duplexer-0.1.2.tgz#3abe43aef3835f8ae077d136ddce0f276b0400e6"
@@ -4827,23 +6660,10 @@ electron-to-chromium@^1.4.796:
   resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.803.tgz#cf55808a5ee12e2a2778bbe8cdc941ef87c2093b"
   integrity sha512-61H9mLzGOCLLVsnLiRzCbc63uldP0AniRYPV3hbGVtONA1pI7qSGILdbofR7A8TMbOypDocEAjH/e+9k1QIe3g==
 
-elkjs@^0.9.0:
-  version "0.9.3"
-  resolved "https://registry.yarnpkg.com/elkjs/-/elkjs-0.9.3.tgz#16711f8ceb09f1b12b99e971b138a8384a529161"
-  integrity sha512-f/ZeWvW/BCXbhGEf1Ujp29EASo/lk1FDnETgNKwJrsVvGZhUWCZyg3xLJjAsxfOmt8KjswHmI5EwCQcPMpOYhQ==
-
-elliptic@^6.5.3, elliptic@^6.5.5:
-  version "6.5.7"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.7.tgz#8ec4da2cb2939926a1b9a73619d768207e647c8b"
-  integrity sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q==
-  dependencies:
-    bn.js "^4.11.9"
-    brorand "^1.1.0"
-    hash.js "^1.0.0"
-    hmac-drbg "^1.0.1"
-    inherits "^2.0.4"
-    minimalistic-assert "^1.0.1"
-    minimalistic-crypto-utils "^1.0.1"
+electron-to-chromium@^1.5.149:
+  version "1.5.158"
+  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.158.tgz#e5f01fc7fdf810d9d223e30593e0839c306276d4"
+  integrity sha512-9vcp2xHhkvraY6AHw2WMi+GDSLPX42qe2xjYaVoZqFRJiOcilVQFq9mZmpuHEQpzlgGDelKlV7ZiGcmMsc8WxQ==
 
 emoji-regex@^8.0.0:
   version "8.0.0"
@@ -4890,6 +6710,14 @@ enhanced-resolve@^5.17.0:
     graceful-fs "^4.2.4"
     tapable "^2.2.0"
 
+enhanced-resolve@^5.17.1:
+  version "5.18.1"
+  resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.18.1.tgz#728ab082f8b7b6836de51f1637aab5d3b9568faf"
+  integrity sha512-ZSW3ma5GkcQBIpwZTSRAI8N71Uuwgs93IezB7mf7R60tC8ZbJideoDNKjHn2O9KIlx6rkGTTEk1xUCK2E1Y2Yg==
+  dependencies:
+    graceful-fs "^4.2.4"
+    tapable "^2.2.0"
+
 entities@^2.0.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/entities/-/entities-2.2.0.tgz#098dc90ebb83d8dffa089d55256b351d34c4da55"
@@ -4914,6 +6742,11 @@ es-define-property@^1.0.0:
   dependencies:
     get-intrinsic "^1.2.4"
 
+es-define-property@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/es-define-property/-/es-define-property-1.0.1.tgz#983eb2f9a6724e9303f61addf011c72e09e0b0fa"
+  integrity sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==
+
 es-errors@^1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/es-errors/-/es-errors-1.3.0.tgz#05f75a25dab98e4fb1dcd5e1472c0546d5057c8f"
@@ -4924,6 +6757,13 @@ es-module-lexer@^1.2.1:
   resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-1.5.3.tgz#25969419de9c0b1fbe54279789023e8a9a788412"
   integrity sha512-i1gCgmR9dCl6Vil6UKPI/trA69s08g/syhiDK9TG0Nf1RJjjFI+AzoWW7sPufzkgYAn861skuCwJa0pIIHYxvg==
 
+es-object-atoms@^1.0.0, es-object-atoms@^1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz#1c4f2c4837327597ce69d2ca190a7fdd172338c1"
+  integrity sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==
+  dependencies:
+    es-errors "^1.3.0"
+
 es6-promise@^3.2.1:
   version "3.3.1"
   resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-3.3.1.tgz#a08cdde84ccdbf34d027a1451bc91d4bcd28a613"
@@ -4934,6 +6774,11 @@ escalade@^3.1.1, escalade@^3.1.2:
   resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.2.tgz#54076e9ab29ea5bf3d8f1ed62acffbb88272df27"
   integrity sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==
 
+escalade@^3.2.0:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.2.0.tgz#011a3f69856ba189dffa7dc8fcce99d2a87903e5"
+  integrity sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==
+
 escape-goat@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/escape-goat/-/escape-goat-4.0.0.tgz#9424820331b510b0666b98f7873fe11ac4aa8081"
@@ -5095,30 +6940,17 @@ eval@^0.1.8:
     "@types/node" "*"
     require-like ">= 0.1.1"
 
-event-target-shim@^5.0.0:
-  version "5.0.1"
-  resolved "https://registry.yarnpkg.com/event-target-shim/-/event-target-shim-5.0.1.tgz#5d4d3ebdf9583d63a5333ce2deb7480ab2b05789"
-  integrity sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==
-
-eventemitter3@^4.0.0:
+eventemitter3@^4.0.0, eventemitter3@^4.0.4:
   version "4.0.7"
   resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-4.0.7.tgz#2de9b68f6528d5644ef5c59526a1b4a07306169f"
   integrity sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==
 
-events@^3.2.0, events@^3.3.0:
+events@^3.2.0:
   version "3.3.0"
   resolved "https://registry.yarnpkg.com/events/-/events-3.3.0.tgz#31a95ad0a924e2d2c419a813aeb2c4e878ea7400"
   integrity sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==
 
-evp_bytestokey@^1.0.0, evp_bytestokey@^1.0.3:
-  version "1.0.3"
-  resolved "https://registry.yarnpkg.com/evp_bytestokey/-/evp_bytestokey-1.0.3.tgz#7fcbdb198dc71959432efe13842684e0525acb02"
-  integrity sha512-/f2Go4TognH/KvCISP7OUsHn85hT9nUkxxA9BEWxFn+Oj9o8ZNLm/40hdlgSLyuOimsrTKLUMEorQexp/aPQeA==
-  dependencies:
-    md5.js "^1.3.4"
-    safe-buffer "^5.1.1"
-
-execa@^5.0.0:
+execa@5.1.1, execa@^5.0.0:
   version "5.1.1"
   resolved "https://registry.yarnpkg.com/execa/-/execa-5.1.1.tgz#f80ad9cbf4298f7bd1d4c9555c21e93741c411dd"
   integrity sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==
@@ -5175,6 +7007,11 @@ express@^4.17.3:
     utils-merge "1.0.1"
     vary "~1.1.2"
 
+exsolve@^1.0.1:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/exsolve/-/exsolve-1.0.5.tgz#1f5b6b4fe82ad6b28a173ccb955a635d77859dcf"
+  integrity sha512-pz5dvkYYKQ1AHVrgOzBKWeP4u4FRb3a6DNK2ucr0OoNwYIU4QWsJ+NM36LLzORT+z845MzKHHhpXiUF5nvQoJg==
+
 extend-shallow@^2.0.1:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-2.0.1.tgz#51af7d614ad9a9f610ea1bafbb989d6b1c56890f"
@@ -5229,13 +7066,6 @@ fast-safe-stringify@^2.0.7:
   resolved "https://registry.yarnpkg.com/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz#c406a83b6e70d9e35ce3b30a81141df30aeba884"
   integrity sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==
 
-fast-url-parser@1.1.3:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/fast-url-parser/-/fast-url-parser-1.1.3.tgz#f4af3ea9f34d8a271cf58ad2b3759f431f0b318d"
-  integrity sha512-5jOCVXADYNuRkKFzNJ0dCCewsZiYo0dz8QNYljkOpFC6r2U4OBmKtvm/Tsuh4w1YYdDqDb31a8TVhBJ2OJKdqQ==
-  dependencies:
-    punycode "^1.3.2"
-
 fastq@^1.6.0:
   version "1.17.1"
   resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.17.1.tgz#2a523f07a4e7b1e81a42b91b8bf2254107753b47"
@@ -5271,6 +7101,13 @@ feed@^4.2.2:
   dependencies:
     xml-js "^1.6.11"
 
+figures@^3.2.0:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/figures/-/figures-3.2.0.tgz#625c18bd293c604dc4a8ddb2febf0c88341746af"
+  integrity sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg==
+  dependencies:
+    escape-string-regexp "^1.0.5"
+
 file-loader@^6.2.0:
   version "6.2.0"
   resolved "https://registry.yarnpkg.com/file-loader/-/file-loader-6.2.0.tgz#baef7cf8e1840df325e4390b4484879480eebe4d"
@@ -5289,11 +7126,6 @@ file-type@3.9.0:
   resolved "https://registry.yarnpkg.com/file-type/-/file-type-3.9.0.tgz#257a078384d1db8087bc449d107d52a52672b9e9"
   integrity sha512-RLoqTXE8/vPmMuTI88DAzhMYC99I8BWv7zYP4A1puo5HIjEJ5EX48ighy4ZyKMG9EDXxBgW6e++cn7d1xuFghA==
 
-filesize@^8.0.6:
-  version "8.0.7"
-  resolved "https://registry.yarnpkg.com/filesize/-/filesize-8.0.7.tgz#695e70d80f4e47012c132d57a059e80c6b580bd8"
-  integrity sha512-pjmC+bkIF8XI7fWaH8KxHcZL3DPybs1roSKP4rKDvy20tAWwIObE4+JIseG2byfGKhud5ZnM4YSGKBz7Sh0ndQ==
-
 fill-range@^7.1.1:
   version "7.1.1"
   resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292"
@@ -5301,11 +7133,6 @@ fill-range@^7.1.1:
   dependencies:
     to-regex-range "^5.0.1"
 
-filter-obj@^2.0.2:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/filter-obj/-/filter-obj-2.0.2.tgz#fff662368e505d69826abb113f0f6a98f56e9d5f"
-  integrity sha512-lO3ttPjHZRfjMcxWKb1j1eDhTFsu4meeR3lnMcnBFhk6RuLhvEiuALu2TlfL310ph4lCYYwgF/ElIjdP739tdg==
-
 finalhandler@1.2.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/finalhandler/-/finalhandler-1.2.0.tgz#7d23fe5731b207b4640e4fcd00aec1f9207a7b32"
@@ -5327,21 +7154,6 @@ find-cache-dir@^4.0.0:
     common-path-prefix "^3.0.0"
     pkg-dir "^7.0.0"
 
-find-up@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/find-up/-/find-up-3.0.0.tgz#49169f1d7993430646da61ecc5ae355c21c97b73"
-  integrity sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg==
-  dependencies:
-    locate-path "^3.0.0"
-
-find-up@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/find-up/-/find-up-5.0.0.tgz#4c92819ecb7083561e4f4a240a86be5198f536fc"
-  integrity sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==
-  dependencies:
-    locate-path "^6.0.0"
-    path-exists "^4.0.0"
-
 find-up@^6.3.0:
   version "6.3.0"
   resolved "https://registry.yarnpkg.com/find-up/-/find-up-6.3.0.tgz#2abab3d3280b2dc7ac10199ef324c4e002c8c790"
@@ -5355,18 +7167,11 @@ flat@^5.0.2:
   resolved "https://registry.yarnpkg.com/flat/-/flat-5.0.2.tgz#8ca6fe332069ffa9d324c327198c598259ceb241"
   integrity sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==
 
-follow-redirects@^1.0.0, follow-redirects@^1.14.7:
+follow-redirects@^1.0.0:
   version "1.15.6"
   resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.6.tgz#7f815c0cda4249c74ff09e95ef97c23b5fd0399b"
   integrity sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==
 
-for-each@^0.3.3:
-  version "0.3.3"
-  resolved "https://registry.yarnpkg.com/for-each/-/for-each-0.3.3.tgz#69b447e88a0a5d32c3e7084f3f1710034b21376e"
-  integrity sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==
-  dependencies:
-    is-callable "^1.1.3"
-
 foreach@^2.0.4:
   version "2.0.6"
   resolved "https://registry.yarnpkg.com/foreach/-/foreach-2.0.6.tgz#87bcc8a1a0e74000ff2bf9802110708cfb02eb6e"
@@ -5380,25 +7185,6 @@ foreground-child@^3.1.0:
     cross-spawn "^7.0.0"
     signal-exit "^4.0.1"
 
-fork-ts-checker-webpack-plugin@^6.5.0:
-  version "6.5.3"
-  resolved "https://registry.yarnpkg.com/fork-ts-checker-webpack-plugin/-/fork-ts-checker-webpack-plugin-6.5.3.tgz#eda2eff6e22476a2688d10661688c47f611b37f3"
-  integrity sha512-SbH/l9ikmMWycd5puHJKTkZJKddF4iRLyW3DeZ08HTI7NGyLS38MXd/KGgeWumQO7YNQbW2u/NtPT2YowbPaGQ==
-  dependencies:
-    "@babel/code-frame" "^7.8.3"
-    "@types/json-schema" "^7.0.5"
-    chalk "^4.1.0"
-    chokidar "^3.4.2"
-    cosmiconfig "^6.0.0"
-    deepmerge "^4.2.2"
-    fs-extra "^9.0.0"
-    glob "^7.1.6"
-    memfs "^3.1.2"
-    minimatch "^3.0.4"
-    schema-utils "2.7.0"
-    semver "^7.3.2"
-    tapable "^1.0.0"
-
 form-data-encoder@^2.1.2:
   version "2.1.4"
   resolved "https://registry.yarnpkg.com/form-data-encoder/-/form-data-encoder-2.1.4.tgz#261ea35d2a70d48d30ec7a9603130fa5515e9cd5"
@@ -5438,7 +7224,7 @@ fs-extra@^11.1.1, fs-extra@^11.2.0:
     jsonfile "^6.0.1"
     universalify "^2.0.0"
 
-fs-extra@^9.0.0, fs-extra@^9.0.1:
+fs-extra@^9.0.1:
   version "9.1.0"
   resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-9.1.0.tgz#5954460c764a8da2094ba3554bf839e6b9a7c86d"
   integrity sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==
@@ -5489,11 +7275,35 @@ get-intrinsic@^1.1.3, get-intrinsic@^1.2.4:
     has-symbols "^1.0.3"
     hasown "^2.0.0"
 
+get-intrinsic@^1.2.5, get-intrinsic@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz#743f0e3b6964a93a5491ed1bffaae054d7f98d01"
+  integrity sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==
+  dependencies:
+    call-bind-apply-helpers "^1.0.2"
+    es-define-property "^1.0.1"
+    es-errors "^1.3.0"
+    es-object-atoms "^1.1.1"
+    function-bind "^1.1.2"
+    get-proto "^1.0.1"
+    gopd "^1.2.0"
+    has-symbols "^1.1.0"
+    hasown "^2.0.2"
+    math-intrinsics "^1.1.0"
+
 get-own-enumerable-property-symbols@^3.0.0:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.2.tgz#b5fde77f22cbe35f390b4e089922c50bce6ef664"
   integrity sha512-I0UBV/XOz1XkIJHEUDMZAbzCThU/H8DxmSfmdGcKPnVhu2VfFqr34jr9777IyaTYvxjedWhqVIilEDsCdP5G6g==
 
+get-proto@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/get-proto/-/get-proto-1.0.1.tgz#150b3f2743869ef3e851ec0c49d15b1d14d00ee1"
+  integrity sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==
+  dependencies:
+    dunder-proto "^1.0.1"
+    es-object-atoms "^1.0.0"
+
 get-stream@^5.1.0:
   version "5.2.0"
   resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-5.2.0.tgz#4966a1795ee5ace65e706c4b7beb71257d6e22d3"
@@ -5541,7 +7351,7 @@ glob@^10.3.10:
     minipass "^7.1.2"
     path-scurry "^1.11.1"
 
-glob@^7.0.0, glob@^7.1.3, glob@^7.1.6:
+glob@^7.0.0, glob@^7.1.3:
   version "7.2.3"
   resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.3.tgz#b8df0fb802bbfa8e89bd1d938b4e16578ed44f2b"
   integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==
@@ -5560,28 +7370,17 @@ global-dirs@^3.0.0:
   dependencies:
     ini "2.0.0"
 
-global-modules@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/global-modules/-/global-modules-2.0.0.tgz#997605ad2345f27f51539bea26574421215c7780"
-  integrity sha512-NGbfmJBp9x8IxyJSd1P+otYK8vonoJactOogrVfFRIAEY1ukil8RSKDz2Yo7wh1oihl51l/r6W4epkeKJHqL8A==
-  dependencies:
-    global-prefix "^3.0.0"
-
-global-prefix@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/global-prefix/-/global-prefix-3.0.0.tgz#fc85f73064df69f50421f47f883fe5b913ba9b97"
-  integrity sha512-awConJSVCHVGND6x3tmMaKcQvwXLhjdkmomy2W+Goaui8YPgYgXJZewhg3fWC+DlfqqQuWg8AwqjGTD2nAPVWg==
-  dependencies:
-    ini "^1.3.5"
-    kind-of "^6.0.2"
-    which "^1.3.1"
-
 globals@^11.1.0:
   version "11.12.0"
   resolved "https://registry.yarnpkg.com/globals/-/globals-11.12.0.tgz#ab8795338868a0babd8525758018c2a7eb95c42e"
   integrity sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==
 
-globby@^11.0.1, globby@^11.0.4, globby@^11.1.0:
+globals@^15.14.0:
+  version "15.15.0"
+  resolved "https://registry.yarnpkg.com/globals/-/globals-15.15.0.tgz#7c4761299d41c32b075715a4ce1ede7897ff72a8"
+  integrity sha512-7ACyT3wmyp3I61S4fG682L0VA2RGD9otkqGJIwNUMF1SWUombIIk+af1unuDYgMm082aHYwD+mzJvv9Iu8dsgg==
+
+globby@^11.1.0:
   version "11.1.0"
   resolved "https://registry.yarnpkg.com/globby/-/globby-11.1.0.tgz#bd4be98bb042f83d796f7e3811991fbe82a0d34b"
   integrity sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==
@@ -5611,6 +7410,11 @@ gopd@^1.0.1:
   dependencies:
     get-intrinsic "^1.1.3"
 
+gopd@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.2.0.tgz#89f56b8217bdbc8802bd299df6d7f1081d7e51a1"
+  integrity sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==
+
 got@^12.1.0:
   version "12.6.1"
   resolved "https://registry.yarnpkg.com/got/-/got-12.6.1.tgz#8869560d1383353204b5a9435f782df9c091f549"
@@ -5662,6 +7466,11 @@ gzip-size@^6.0.0:
   dependencies:
     duplexer "^0.1.2"
 
+hachure-fill@^0.5.2:
+  version "0.5.2"
+  resolved "https://registry.yarnpkg.com/hachure-fill/-/hachure-fill-0.5.2.tgz#d19bc4cc8750a5962b47fb1300557a85fcf934cc"
+  integrity sha512-3GKBOn+m2LX9iq+JC1064cSFprJY4jL1jCXTcpnfER5HYE2l/4EfWSGzkPa/ZDBmYI0ZOEj5VHV/eKnPGkHuOg==
+
 handle-thing@^2.0.0:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/handle-thing/-/handle-thing-2.0.1.tgz#857f79ce359580c340d43081cc648970d0bb234e"
@@ -5694,44 +7503,17 @@ has-symbols@^1.0.3:
   resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.3.tgz#bb7b2c4349251dce87b125f7bdf874aa7c8b39f8"
   integrity sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==
 
-has-tostringtag@^1.0.0, has-tostringtag@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/has-tostringtag/-/has-tostringtag-1.0.2.tgz#2cdc42d40bef2e5b4eeab7c01a73c54ce7ab5abc"
-  integrity sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==
-  dependencies:
-    has-symbols "^1.0.3"
+has-symbols@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.1.0.tgz#fc9c6a783a084951d0b971fe1018de813707a338"
+  integrity sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==
 
 has-yarn@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/has-yarn/-/has-yarn-3.0.0.tgz#c3c21e559730d1d3b57e28af1f30d06fac38147d"
   integrity sha512-IrsVwUHhEULx3R8f/aA8AHuEzAorplsab/v8HBzEiIukwq5i/EC+xmOW+HfP1OaDP+2JkgT1yILHN2O3UFIbcA==
 
-hash-base@^3.0.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/hash-base/-/hash-base-3.1.0.tgz#55c381d9e06e1d2997a883b4a3fddfe7f0d3af33"
-  integrity sha512-1nmYp/rhMDiE7AYkDw+lLwlAzz0AntGIe51F3RfFfEqyQ3feY2eI/NcwC6umIQVOASPMsWJLJScWKSSvzL9IVA==
-  dependencies:
-    inherits "^2.0.4"
-    readable-stream "^3.6.0"
-    safe-buffer "^5.2.0"
-
-hash-base@~3.0:
-  version "3.0.4"
-  resolved "https://registry.yarnpkg.com/hash-base/-/hash-base-3.0.4.tgz#5fc8686847ecd73499403319a6b0a3f3f6ae4918"
-  integrity sha512-EeeoJKjTyt868liAlVmcv2ZsUfGHlE3Q+BICOXcZiwN3osr5Q/zFGYmTJpoIzuaSTAwndFy+GqhEwlU4L3j4Ow==
-  dependencies:
-    inherits "^2.0.1"
-    safe-buffer "^5.0.1"
-
-hash.js@^1.0.0, hash.js@^1.0.3:
-  version "1.1.7"
-  resolved "https://registry.yarnpkg.com/hash.js/-/hash.js-1.1.7.tgz#0babca538e8d4ee4a0f8988d68866537a003cf42"
-  integrity sha512-taOaskGt4z4SOANNseOviYDvjEJinIkRgmp7LbKP2YTTmVxWBl87s/uzK9r+44BclBSp2X7K1hqeNfz9JbBeXA==
-  dependencies:
-    inherits "^2.0.3"
-    minimalistic-assert "^1.0.1"
-
-hasown@^2.0.0:
+hasown@^2.0.0, hasown@^2.0.2:
   version "2.0.2"
   resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.2.tgz#003eaf91be7adc372e84ec59dc37252cedb80003"
   integrity sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==
@@ -5966,15 +7748,6 @@ history@^4.9.0:
     tiny-warning "^1.0.0"
     value-equal "^1.0.1"
 
-hmac-drbg@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/hmac-drbg/-/hmac-drbg-1.0.1.tgz#d2745701025a6c775a6c545793ed502fc0c649a1"
-  integrity sha512-Tti3gMqLdZfhOQY1Mzf/AanLiqh1WTiJgEj26ZuYQ9fbkLomzGchCws4FyrSd4VkpBfiNhaE1On+lOz894jvXg==
-  dependencies:
-    hash.js "^1.0.3"
-    minimalistic-assert "^1.0.0"
-    minimalistic-crypto-utils "^1.0.1"
-
 hoist-non-react-statics@^3.1.0, hoist-non-react-statics@^3.3.0, hoist-non-react-statics@^3.3.2:
   version "3.3.2"
   resolved "https://registry.yarnpkg.com/hoist-non-react-statics/-/hoist-non-react-statics-3.3.2.tgz#ece0acaf71d62c2969c2ec59feff42a4b1a85b45"
@@ -6043,10 +7816,10 @@ html-void-elements@^3.0.0:
   resolved "https://registry.yarnpkg.com/html-void-elements/-/html-void-elements-3.0.0.tgz#fc9dbd84af9e747249034d4d62602def6517f1d7"
   integrity sha512-bEqo66MRXsUGxWHV5IP0PUiAWwoEjba4VCzg0LjFJBpchPaTfyfCKTG6bc5F8ucKec3q5y6qOdGyYTSBEvhCrg==
 
-html-webpack-plugin@^5.5.3:
-  version "5.6.0"
-  resolved "https://registry.yarnpkg.com/html-webpack-plugin/-/html-webpack-plugin-5.6.0.tgz#50a8fa6709245608cb00e811eacecb8e0d7b7ea0"
-  integrity sha512-iwaY4wzbe48AfKLZ/Cc8k0L+FKG6oSNRaZ8x5A/T/IVDGyXcbHncM9TdDa93wn0FsSm82FhTKW7f3vS61thXAw==
+html-webpack-plugin@^5.6.0:
+  version "5.6.3"
+  resolved "https://registry.yarnpkg.com/html-webpack-plugin/-/html-webpack-plugin-5.6.3.tgz#a31145f0fee4184d53a794f9513147df1e653685"
+  integrity sha512-QSf1yjtSAsmf7rYBV7XX86uua4W/vkhIt0xNXKbsi2foEeW7vjJQz4bhnpL3xH+l1ryl1680uNv968Z+X6jSYg==
   dependencies:
     "@types/html-minifier-terser" "^6.0.0"
     html-minifier-terser "^6.0.2"
@@ -6148,11 +7921,6 @@ http2-wrapper@^2.1.10:
     quick-lru "^5.1.1"
     resolve-alpn "^1.2.0"
 
-https-browserify@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/https-browserify/-/https-browserify-1.0.0.tgz#ec06c10e0a34c0f2faf199f7fd7fc78fffd03c73"
-  integrity sha512-J+FkSdyD+0mA0N+81tMotaRMfSL9SGi+xpD3T6YApKsc3bGSXJlfXri3VyFOeYkfLRQisDk1W+jIFFKBeUBbBg==
-
 https-proxy-agent@5.0.1:
   version "5.0.1"
   resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz#c59ef224a04fe8b754f3db0063a25ea30d0005d6"
@@ -6195,24 +7963,22 @@ ignore@^5.2.0, ignore@^5.2.4:
   resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.1.tgz#5073e554cd42c5b33b394375f538b8593e34d4ef"
   integrity sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==
 
-image-size@^1.0.2:
-  version "1.2.1"
-  resolved "https://registry.yarnpkg.com/image-size/-/image-size-1.2.1.tgz#ee118aedfe666db1a6ee12bed5821cde3740276d"
-  integrity sha512-rH+46sQJ2dlwfjfhCyNx5thzrv+dtmBIhPHk0zgRUukHzZ/kRueTJXoYYsclBaKcSMBWuGbOFXtioLpzTb5euw==
-  dependencies:
-    queue "6.0.2"
+image-size@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/image-size/-/image-size-2.0.2.tgz#84a7b43704db5736f364bf0d1b029821299b4bdc"
+  integrity sha512-IRqXKlaXwgSMAMtpNzZa1ZAe8m+Sa1770Dhk8VkSsP9LS+iHD62Zd8FQKs8fbPiagBE7BzoFX23cxFnwshpV6w==
 
-immer@^9.0.21, immer@^9.0.7:
+immer@^9.0.21:
   version "9.0.21"
   resolved "https://registry.yarnpkg.com/immer/-/immer-9.0.21.tgz#1e025ea31a40f24fb064f1fef23e931496330176"
   integrity sha512-bc4NBHqOqSfRW7POMkHd51LvClaeMXpm8dx0e8oE2GORbq5aRK7Bxl4FyzVLdGtLmvLKL7BTDBG5ACQm4HWjTA==
 
-immutable@^4.0.0:
-  version "4.3.6"
-  resolved "https://registry.yarnpkg.com/immutable/-/immutable-4.3.6.tgz#6a05f7858213238e587fb83586ffa3b4b27f0447"
-  integrity sha512-Ju0+lEMyzMVZarkTn/gqRpdqd5dOPaz1mCZ0SH3JV6iFw81PldE/PEB1hWVEA288HPt4WXW8O7AWxB10M+03QQ==
+immutable@^5.0.2:
+  version "5.1.2"
+  resolved "https://registry.yarnpkg.com/immutable/-/immutable-5.1.2.tgz#e8169476414505e5a4fa650107b65e1227d16d4b"
+  integrity sha512-qHKXW1q6liAk1Oys6umoaZbDRqjcjgSrbnrifHsfsttza7zcvRAsL7mMV6xWcyhwQy7Xj5v4hhbr6b+iDYwlmQ==
 
-import-fresh@^3.1.0, import-fresh@^3.3.0:
+import-fresh@^3.3.0:
   version "3.3.0"
   resolved "https://registry.yarnpkg.com/import-fresh/-/import-fresh-3.3.0.tgz#37162c25fcb9ebaa2e6e53d5b4d88ce17d9e0c2b"
   integrity sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==
@@ -6235,10 +8001,10 @@ indent-string@^4.0.0:
   resolved "https://registry.yarnpkg.com/indent-string/-/indent-string-4.0.0.tgz#624f8f4497d619b2d9768531d58f4122854d7251"
   integrity sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==
 
-infima@0.2.0-alpha.43:
-  version "0.2.0-alpha.43"
-  resolved "https://registry.yarnpkg.com/infima/-/infima-0.2.0-alpha.43.tgz#f7aa1d7b30b6c08afef441c726bac6150228cbe0"
-  integrity sha512-2uw57LvUqW0rK/SWYnd/2rRfxNA5DDNOh33jxF7fy46VWoNhGxiUQyVZHbBMjQ33mQem0cjdDVwgWVAmlRfgyQ==
+infima@0.2.0-alpha.45:
+  version "0.2.0-alpha.45"
+  resolved "https://registry.yarnpkg.com/infima/-/infima-0.2.0-alpha.45.tgz#542aab5a249274d81679631b492973dd2c1e7466"
+  integrity sha512-uyH0zfr1erU1OohLk0fT4Rrb94AOhguWNOcD9uGrSpRvNB+6gZXUoJX5J0NtvzBO10YZ9PgvA4NFgt+fYg8ojw==
 
 inflight@^1.0.4:
   version "1.0.6"
@@ -6248,7 +8014,7 @@ inflight@^1.0.4:
     once "^1.3.0"
     wrappy "1"
 
-inherits@2, inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.3, inherits@~2.0.4:
+inherits@2, inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.3:
   version "2.0.4"
   resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
   integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
@@ -6263,7 +8029,7 @@ ini@2.0.0:
   resolved "https://registry.yarnpkg.com/ini/-/ini-2.0.0.tgz#e5fd556ecdd5726be978fa1001862eacb0a94bc5"
   integrity sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==
 
-ini@^1.3.4, ini@^1.3.5, ini@~1.3.0:
+ini@^1.3.4, ini@~1.3.0:
   version "1.3.8"
   resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
   integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
@@ -6323,14 +8089,6 @@ is-alphanumerical@^2.0.0:
     is-alphabetical "^2.0.0"
     is-decimal "^2.0.0"
 
-is-arguments@^1.0.4:
-  version "1.1.1"
-  resolved "https://registry.yarnpkg.com/is-arguments/-/is-arguments-1.1.1.tgz#15b3f88fda01f2a97fec84ca761a560f123efa9b"
-  integrity sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA==
-  dependencies:
-    call-bind "^1.0.2"
-    has-tostringtag "^1.0.0"
-
 is-arrayish@^0.2.1:
   version "0.2.1"
   resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d"
@@ -6348,11 +8106,6 @@ is-buffer@^2.0.0:
   resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-2.0.5.tgz#ebc252e400d22ff8d77fa09888821a24a658c191"
   integrity sha512-i2R6zNFDwgEHJyQUtJEk0XFi1i0dPFn/oqjK3/vPCcDeJvW5NQ83V8QbicfF1SupOaB0h8ntgBC2YiE7dfyctQ==
 
-is-callable@^1.1.3:
-  version "1.2.7"
-  resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.2.7.tgz#3bc2a85ea742d9e36205dcacdd72ca1fdc51b055"
-  integrity sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==
-
 is-ci@^3.0.1:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/is-ci/-/is-ci-3.0.1.tgz#db6ecbed1bd659c43dac0f45661e7674103d1867"
@@ -6392,13 +8145,6 @@ is-fullwidth-code-point@^3.0.0:
   resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz#f116f8064fe90b3f7844a38997c0b75051269f1d"
   integrity sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==
 
-is-generator-function@^1.0.7:
-  version "1.0.10"
-  resolved "https://registry.yarnpkg.com/is-generator-function/-/is-generator-function-1.0.10.tgz#f1558baf1ac17e0deea7c0415c438351ff2b3c72"
-  integrity sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A==
-  dependencies:
-    has-tostringtag "^1.0.0"
-
 is-glob@^4.0.1, is-glob@^4.0.3, is-glob@~4.0.1:
   version "4.0.3"
   resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-4.0.3.tgz#64f61e42cbbb2eec2071a9dac0b28ba1e65d5084"
@@ -6419,14 +8165,6 @@ is-installed-globally@^0.4.0:
     global-dirs "^3.0.0"
     is-path-inside "^3.0.2"
 
-is-nan@^1.3.2:
-  version "1.3.2"
-  resolved "https://registry.yarnpkg.com/is-nan/-/is-nan-1.3.2.tgz#043a54adea31748b55b6cd4e09aadafa69bd9e1d"
-  integrity sha512-E+zBKpQ2t6MEo1VsonYmluk9NxGrbzpeeLC2xIViuO2EjU2xsXsBPwTr3Ykv9l08UYEVEdWeRZNouaZqF6RN0w==
-  dependencies:
-    call-bind "^1.0.0"
-    define-properties "^1.1.3"
-
 is-npm@^6.0.0:
   version "6.0.0"
   resolved "https://registry.yarnpkg.com/is-npm/-/is-npm-6.0.0.tgz#b59e75e8915543ca5d881ecff864077cba095261"
@@ -6447,11 +8185,6 @@ is-obj@^2.0.0:
   resolved "https://registry.yarnpkg.com/is-obj/-/is-obj-2.0.0.tgz#473fb05d973705e3fd9620545018ca8e22ef4982"
   integrity sha512-drqDG3cbczxxEJRoOXcOjtdp1J/lyp1mNn0xaznRs8+muBhgQcrnbspox5X5fOw0HnMnbfDzvnEMEtqDEJEo8w==
 
-is-path-cwd@^2.2.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/is-path-cwd/-/is-path-cwd-2.2.0.tgz#67d43b82664a7b5191fd9119127eb300048a9fdb"
-  integrity sha512-w942bTcih8fdJPJmQHFzkS76NEP8Kzzvmw92cXsazb8intwLqPibPPdXf4ANdKV3rYMuuQYGIWtvz9JilB3NFQ==
-
 is-path-inside@^3.0.2:
   version "3.0.3"
   resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-3.0.3.tgz#d231362e53a07ff2b0e0ea7fed049161ffd16283"
@@ -6486,23 +8219,11 @@ is-regexp@^1.0.0:
   resolved "https://registry.yarnpkg.com/is-regexp/-/is-regexp-1.0.0.tgz#fd2d883545c46bac5a633e7b9a09e87fa2cb5069"
   integrity sha512-7zjFAPO4/gwyQAAgRRmqeEeyIICSdmCqa3tsVHMdBzaXXRiqopZL4Cyghg/XulGWrtABTpbnYYzzIRffLkP4oA==
 
-is-root@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/is-root/-/is-root-2.1.0.tgz#809e18129cf1129644302a4f8544035d51984a9c"
-  integrity sha512-AGOriNp96vNBd3HtU+RzFEc75FfR5ymiYv8E553I71SCeXBiMsVDUtdio1OEFvrPyLIQ9tVR5RxXIFe5PUFjMg==
-
 is-stream@^2.0.0:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/is-stream/-/is-stream-2.0.1.tgz#fac1e3d53b97ad5a9d0ae9cef2389f5810a5c077"
   integrity sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==
 
-is-typed-array@^1.1.3:
-  version "1.1.13"
-  resolved "https://registry.yarnpkg.com/is-typed-array/-/is-typed-array-1.1.13.tgz#d6c5ca56df62334959322d7d7dd1cca50debe229"
-  integrity sha512-uZ25/bUAlUY5fR4OKT4rZQEBrzQWYV9ZJYGGsUmEJ6thodVJ1HX64ePQ6Z0qPWP+m+Uq6e9UugrE38jeYsDSMw==
-  dependencies:
-    which-typed-array "^1.1.14"
-
 is-typedarray@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/is-typedarray/-/is-typedarray-1.0.0.tgz#e479c80858df0c1b11ddda6940f96011fcda4a9a"
@@ -6585,7 +8306,7 @@ jiti@^1.20.0, jiti@^1.21.0:
   resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.21.6.tgz#6c7f7398dd4b3142767f9a168af2f317a428d268"
   integrity sha512-2yTgeWTWzMWkHu6Jp9NKgePDaYHbntiwvYuuJLbbN9vl7DC9DvXKOB2BC3ZZ92D3cvV/aflH0osDfwpHepQ53w==
 
-joi@^17.6.0, joi@^17.9.2:
+joi@^17.9.2:
   version "17.13.1"
   resolved "https://registry.yarnpkg.com/joi/-/joi-17.13.1.tgz#9c7b53dc3b44dd9ae200255cc3b398874918a6ca"
   integrity sha512-vaBlIKCyo4FCUtCm7Eu4QZd/q02bWcxfUO6YSXAZOWF6gzcLBeba8kwotUdYJjDLW8Cz8RywsSOqiNJZW0mNvg==
@@ -6626,16 +8347,31 @@ jsesc@^2.5.1:
   resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-2.5.2.tgz#80564d2e483dacf6e8ef209650a67df3f0c283a4"
   integrity sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==
 
+jsesc@^3.0.2:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-3.1.0.tgz#74d335a234f67ed19907fdadfac7ccf9d409825d"
+  integrity sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==
+
 jsesc@~0.5.0:
   version "0.5.0"
   resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-0.5.0.tgz#e7dee66e35d6fc16f710fe91d5cf69f70f08911d"
   integrity sha512-uZz5UnB7u4T9LvwmFqXii7pZSouaRPorGs5who1Ip7VO0wxanFvBL7GkM6dTHlgX+jhBApRetaWpnDabOeTcnA==
 
+jsesc@~3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-3.0.2.tgz#bb8b09a6597ba426425f2e4a07245c3d00b9343e"
+  integrity sha512-xKqzzWXDttJuOcawBt4KnKHHIf5oQ/Cxax+0PWFG+DFDgHNAdi+TXECADI+RYiFUMmx8792xsMbbgXj4CwnP4g==
+
 json-buffer@3.0.1:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/json-buffer/-/json-buffer-3.0.1.tgz#9338802a30d3b6605fbe0613e094008ca8c05a13"
   integrity sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==
 
+json-crawl@^0.5.3:
+  version "0.5.3"
+  resolved "https://registry.yarnpkg.com/json-crawl/-/json-crawl-0.5.3.tgz#3a2e1d308d4fc5a444902f1f94f4a9e03d584c6b"
+  integrity sha512-BEjjCw8c7SxzNK4orhlWD5cXQh8vCk2LqDr4WgQq4CV+5dvopeYwt1Tskg67SuSLKvoFH5g0yuYtg7rcfKV6YA==
+
 json-parse-even-better-errors@^2.3.0, json-parse-even-better-errors@^2.3.1:
   version "2.3.1"
   resolved "https://registry.yarnpkg.com/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz#7c47805a94319928e05777405dc12e1f7a4ee02d"
@@ -6655,7 +8391,7 @@ json-schema-compare@^0.2.2:
   dependencies:
     lodash "^4.17.4"
 
-json-schema-merge-allof@0.8.1, json-schema-merge-allof@^0.8.1:
+json-schema-merge-allof@0.8.1:
   version "0.8.1"
   resolved "https://registry.yarnpkg.com/json-schema-merge-allof/-/json-schema-merge-allof-0.8.1.tgz#ed2828cdd958616ff74f932830a26291789eaaf2"
   integrity sha512-CTUKmIlPJbsWfzRRnOXz+0MjIqvnleIXwFTzz+t9T86HnYX/Rozria6ZVGLktAU9e+NygNljveP+yxqtQp/Q4w==
@@ -6702,7 +8438,7 @@ keyv@^4.5.3:
   dependencies:
     json-buffer "3.0.1"
 
-khroma@^2.0.0:
+khroma@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/khroma/-/khroma-2.1.0.tgz#45f2ce94ce231a437cf5b63c2e886e6eb42bbbb1"
   integrity sha512-Ls993zuzfayK269Svk9hzpeGUKob/sIgZzyHYdjQoAdQetRKpOLj+k/QQQ/6Qi0Yz65mlROrfd+Ev+1+7dz9Kw==
@@ -6722,10 +8458,21 @@ kleur@^4.0.3:
   resolved "https://registry.yarnpkg.com/kleur/-/kleur-4.1.5.tgz#95106101795f7050c6c650f350c683febddb1780"
   integrity sha512-o+NO+8WrRiQEE4/7nwRJhN1HWpVmJm511pBHUxPLtp0BUISzlBplORYSmTclCnJvQq2tKu/sgl3xVpkc7ZWuQQ==
 
-klona@^2.0.4:
-  version "2.0.6"
-  resolved "https://registry.yarnpkg.com/klona/-/klona-2.0.6.tgz#85bffbf819c03b2f53270412420a4555ef882e22"
-  integrity sha512-dhG34DXATL5hSxJbIexCft8FChFXtmskoZYnoPWjXQuebWYCNkVeV3KkGegCK9CP1oswI/vQibS2GY7Em/sJJA==
+kolorist@^1.8.0:
+  version "1.8.0"
+  resolved "https://registry.yarnpkg.com/kolorist/-/kolorist-1.8.0.tgz#edddbbbc7894bc13302cdf740af6374d4a04743c"
+  integrity sha512-Y+60/zizpJ3HRH8DCss+q95yr6145JXZo46OTpFvDZWLfRCE4qChOyk1b26nMaNpfHHgxagk9dXT5OP0Tfe+dQ==
+
+langium@3.3.1:
+  version "3.3.1"
+  resolved "https://registry.yarnpkg.com/langium/-/langium-3.3.1.tgz#da745a40d5ad8ee565090fed52eaee643be4e591"
+  integrity sha512-QJv/h939gDpvT+9SiLVlY7tZC3xB2qK57v0J04Sh9wpMb6MP1q8gB21L3WIo8T5P1MSMg3Ep14L7KkDCFG3y4w==
+  dependencies:
+    chevrotain "~11.0.3"
+    chevrotain-allstar "~0.3.0"
+    vscode-languageserver "~9.0.1"
+    vscode-languageserver-textdocument "~1.0.11"
+    vscode-uri "~3.0.8"
 
 latest-version@^7.0.0:
   version "7.0.0"
@@ -6747,11 +8494,84 @@ layout-base@^1.0.0:
   resolved "https://registry.yarnpkg.com/layout-base/-/layout-base-1.0.2.tgz#1291e296883c322a9dd4c5dd82063721b53e26e2"
   integrity sha512-8h2oVEZNktL4BH2JCOI90iD1yXwL6iNW7KcCKT2QZgQJR2vbqDsldCTPRU9NifTCqHZci57XvQQ15YTu+sTYPg==
 
+layout-base@^2.0.0:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/layout-base/-/layout-base-2.0.1.tgz#d0337913586c90f9c2c075292069f5c2da5dd285"
+  integrity sha512-dp3s92+uNI1hWIpPGH3jK2kxE2lMjdXdr+DH8ynZHpd6PUlH6x6cbuXnoMmiNumznqaNO31xu9e79F0uuZ0JFg==
+
 leven@^3.1.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/leven/-/leven-3.1.0.tgz#77891de834064cccba82ae7842bb6b14a13ed7f2"
   integrity sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==
 
+lightningcss-darwin-arm64@1.30.1:
+  version "1.30.1"
+  resolved "https://registry.yarnpkg.com/lightningcss-darwin-arm64/-/lightningcss-darwin-arm64-1.30.1.tgz#3d47ce5e221b9567c703950edf2529ca4a3700ae"
+  integrity sha512-c8JK7hyE65X1MHMN+Viq9n11RRC7hgin3HhYKhrMyaXflk5GVplZ60IxyoVtzILeKr+xAJwg6zK6sjTBJ0FKYQ==
+
+lightningcss-darwin-x64@1.30.1:
+  version "1.30.1"
+  resolved "https://registry.yarnpkg.com/lightningcss-darwin-x64/-/lightningcss-darwin-x64-1.30.1.tgz#e81105d3fd6330860c15fe860f64d39cff5fbd22"
+  integrity sha512-k1EvjakfumAQoTfcXUcHQZhSpLlkAuEkdMBsI/ivWw9hL+7FtilQc0Cy3hrx0AAQrVtQAbMI7YjCgYgvn37PzA==
+
+lightningcss-freebsd-x64@1.30.1:
+  version "1.30.1"
+  resolved "https://registry.yarnpkg.com/lightningcss-freebsd-x64/-/lightningcss-freebsd-x64-1.30.1.tgz#a0e732031083ff9d625c5db021d09eb085af8be4"
+  integrity sha512-kmW6UGCGg2PcyUE59K5r0kWfKPAVy4SltVeut+umLCFoJ53RdCUWxcRDzO1eTaxf/7Q2H7LTquFHPL5R+Gjyig==
+
+lightningcss-linux-arm-gnueabihf@1.30.1:
+  version "1.30.1"
+  resolved "https://registry.yarnpkg.com/lightningcss-linux-arm-gnueabihf/-/lightningcss-linux-arm-gnueabihf-1.30.1.tgz#1f5ecca6095528ddb649f9304ba2560c72474908"
+  integrity sha512-MjxUShl1v8pit+6D/zSPq9S9dQ2NPFSQwGvxBCYaBYLPlCWuPh9/t1MRS8iUaR8i+a6w7aps+B4N0S1TYP/R+Q==
+
+lightningcss-linux-arm64-gnu@1.30.1:
+  version "1.30.1"
+  resolved "https://registry.yarnpkg.com/lightningcss-linux-arm64-gnu/-/lightningcss-linux-arm64-gnu-1.30.1.tgz#eee7799726103bffff1e88993df726f6911ec009"
+  integrity sha512-gB72maP8rmrKsnKYy8XUuXi/4OctJiuQjcuqWNlJQ6jZiWqtPvqFziskH3hnajfvKB27ynbVCucKSm2rkQp4Bw==
+
+lightningcss-linux-arm64-musl@1.30.1:
+  version "1.30.1"
+  resolved "https://registry.yarnpkg.com/lightningcss-linux-arm64-musl/-/lightningcss-linux-arm64-musl-1.30.1.tgz#f2e4b53f42892feeef8f620cbb889f7c064a7dfe"
+  integrity sha512-jmUQVx4331m6LIX+0wUhBbmMX7TCfjF5FoOH6SD1CttzuYlGNVpA7QnrmLxrsub43ClTINfGSYyHe2HWeLl5CQ==
+
+lightningcss-linux-x64-gnu@1.30.1:
+  version "1.30.1"
+  resolved "https://registry.yarnpkg.com/lightningcss-linux-x64-gnu/-/lightningcss-linux-x64-gnu-1.30.1.tgz#2fc7096224bc000ebb97eea94aea248c5b0eb157"
+  integrity sha512-piWx3z4wN8J8z3+O5kO74+yr6ze/dKmPnI7vLqfSqI8bccaTGY5xiSGVIJBDd5K5BHlvVLpUB3S2YCfelyJ1bw==
+
+lightningcss-linux-x64-musl@1.30.1:
+  version "1.30.1"
+  resolved "https://registry.yarnpkg.com/lightningcss-linux-x64-musl/-/lightningcss-linux-x64-musl-1.30.1.tgz#66dca2b159fd819ea832c44895d07e5b31d75f26"
+  integrity sha512-rRomAK7eIkL+tHY0YPxbc5Dra2gXlI63HL+v1Pdi1a3sC+tJTcFrHX+E86sulgAXeI7rSzDYhPSeHHjqFhqfeQ==
+
+lightningcss-win32-arm64-msvc@1.30.1:
+  version "1.30.1"
+  resolved "https://registry.yarnpkg.com/lightningcss-win32-arm64-msvc/-/lightningcss-win32-arm64-msvc-1.30.1.tgz#7d8110a19d7c2d22bfdf2f2bb8be68e7d1b69039"
+  integrity sha512-mSL4rqPi4iXq5YVqzSsJgMVFENoa4nGTT/GjO2c0Yl9OuQfPsIfncvLrEW6RbbB24WtZ3xP/2CCmI3tNkNV4oA==
+
+lightningcss-win32-x64-msvc@1.30.1:
+  version "1.30.1"
+  resolved "https://registry.yarnpkg.com/lightningcss-win32-x64-msvc/-/lightningcss-win32-x64-msvc-1.30.1.tgz#fd7dd008ea98494b85d24b4bea016793f2e0e352"
+  integrity sha512-PVqXh48wh4T53F/1CCu8PIPCxLzWyCnn/9T5W1Jpmdy5h9Cwd+0YQS6/LwhHXSafuc61/xg9Lv5OrCby6a++jg==
+
+lightningcss@^1.27.0:
+  version "1.30.1"
+  resolved "https://registry.yarnpkg.com/lightningcss/-/lightningcss-1.30.1.tgz#78e979c2d595bfcb90d2a8c0eb632fe6c5bfed5d"
+  integrity sha512-xi6IyHML+c9+Q3W0S4fCQJOym42pyurFiJUHEcEyHS0CeKzia4yZDEsLlqOFykxOdHpNy0NmvVO31vcSqAxJCg==
+  dependencies:
+    detect-libc "^2.0.3"
+  optionalDependencies:
+    lightningcss-darwin-arm64 "1.30.1"
+    lightningcss-darwin-x64 "1.30.1"
+    lightningcss-freebsd-x64 "1.30.1"
+    lightningcss-linux-arm-gnueabihf "1.30.1"
+    lightningcss-linux-arm64-gnu "1.30.1"
+    lightningcss-linux-arm64-musl "1.30.1"
+    lightningcss-linux-x64-gnu "1.30.1"
+    lightningcss-linux-x64-musl "1.30.1"
+    lightningcss-win32-arm64-msvc "1.30.1"
+    lightningcss-win32-x64-msvc "1.30.1"
+
 lilconfig@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/lilconfig/-/lilconfig-2.1.0.tgz#78e23ac89ebb7e1bfbf25b18043de756548e7f52"
@@ -6791,25 +8611,14 @@ loader-utils@^2.0.0:
     emojis-list "^3.0.0"
     json5 "^2.1.2"
 
-loader-utils@^3.2.0:
-  version "3.3.1"
-  resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-3.3.1.tgz#735b9a19fd63648ca7adbd31c2327dfe281304e5"
-  integrity sha512-FMJTLMXfCLMLfJxcX9PFqX5qD88Z5MRGaZCVzfuqeZSPsyiBzs+pahDQjbIWz2QIzPZz0NX9Zy4FX3lmK6YHIg==
-
-locate-path@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/locate-path/-/locate-path-3.0.0.tgz#dbec3b3ab759758071b58fe59fc41871af21400e"
-  integrity sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A==
+local-pkg@^1.0.0:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/local-pkg/-/local-pkg-1.1.1.tgz#f5fe74a97a3bd3c165788ee08ca9fbe998dc58dd"
+  integrity sha512-WunYko2W1NcdfAFpuLUoucsgULmgDBRkdxHxWQ7mK0cQqwPiy8E1enjuRBrhLtZkB5iScJ1XIPdhVEFK8aOLSg==
   dependencies:
-    p-locate "^3.0.0"
-    path-exists "^3.0.0"
-
-locate-path@^6.0.0:
-  version "6.0.0"
-  resolved "https://registry.yarnpkg.com/locate-path/-/locate-path-6.0.0.tgz#55321eb309febbc59c4801d931a72452a681d286"
-  integrity sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==
-  dependencies:
-    p-locate "^5.0.0"
+    mlly "^1.7.4"
+    pkg-types "^2.0.1"
+    quansync "^0.2.8"
 
 locate-path@^7.1.0:
   version "7.2.0"
@@ -6818,7 +8627,7 @@ locate-path@^7.1.0:
   dependencies:
     p-locate "^6.0.0"
 
-lodash-es@^4.17.21:
+lodash-es@4.17.21, lodash-es@^4.17.21:
   version "4.17.21"
   resolved "https://registry.yarnpkg.com/lodash-es/-/lodash-es-4.17.21.tgz#43e626c46e6591b7750beb2b50117390c609e3ee"
   integrity sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==
@@ -6896,19 +8705,27 @@ markdown-extensions@^2.0.0:
   resolved "https://registry.yarnpkg.com/markdown-extensions/-/markdown-extensions-2.0.0.tgz#34bebc83e9938cae16e0e017e4a9814a8330d3c4"
   integrity sha512-o5vL7aDWatOTX8LzaS1WMoaoxIiLRQJuIKKe2wAw6IeULDHaqbiqiggmx+pKvZDb1Sj+pE46Sn1T7lCqfFtg1Q==
 
+markdown-table@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/markdown-table/-/markdown-table-2.0.0.tgz#194a90ced26d31fe753d8b9434430214c011865b"
+  integrity sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==
+  dependencies:
+    repeat-string "^1.0.0"
+
 markdown-table@^3.0.0:
   version "3.0.3"
   resolved "https://registry.yarnpkg.com/markdown-table/-/markdown-table-3.0.3.tgz#e6331d30e493127e031dd385488b5bd326e4a6bd"
   integrity sha512-Z1NL3Tb1M9wH4XESsCDEksWoKTdlUafKc4pt0GRwjUyXaCFZ+dc3g2erqB6zm3szA2IUSi7VnPI+o/9jnxh9hw==
 
-md5.js@^1.3.4:
-  version "1.3.5"
-  resolved "https://registry.yarnpkg.com/md5.js/-/md5.js-1.3.5.tgz#b5d07b8e3216e3e27cd728d72f70d1e6a342005f"
-  integrity sha512-xitP+WxNPcTTOgnTJcrhM0xvdPepipPSf3I8EIpGKeFLjt3PlJLIDG3u8EX53ZIubkb+5U2+3rELYpEhHhzdkg==
-  dependencies:
-    hash-base "^3.0.0"
-    inherits "^2.0.1"
-    safe-buffer "^5.1.2"
+marked@^15.0.7:
+  version "15.0.12"
+  resolved "https://registry.yarnpkg.com/marked/-/marked-15.0.12.tgz#30722c7346e12d0a2d0207ab9b0c4f0102d86c4e"
+  integrity sha512-8dD6FusOQSrpv9Z1rdNMdlSgQOIP880DHqnohobOmYLElGEqAL/JvxvuxZO16r4HtjTlfPRDC1hbvxC9dPN2nA==
+
+math-intrinsics@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/math-intrinsics/-/math-intrinsics-1.1.0.tgz#a0dd74be81e2aa5c2f27e65ce283605ee4e2b7f9"
+  integrity sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==
 
 mdast-util-definitions@^5.0.0:
   version "5.1.2"
@@ -6933,6 +8750,16 @@ mdast-util-directive@^3.0.0:
     stringify-entities "^4.0.0"
     unist-util-visit-parents "^6.0.0"
 
+mdast-util-find-and-replace@^2.0.0:
+  version "2.2.2"
+  resolved "https://registry.yarnpkg.com/mdast-util-find-and-replace/-/mdast-util-find-and-replace-2.2.2.tgz#cc2b774f7f3630da4bd592f61966fecade8b99b1"
+  integrity sha512-MTtdFRz/eMDHXzeK6W3dO7mXUlF82Gom4y0oOgvHhh/HXZAGvIQDUvQ0SuUx+j2tv44b8xTHOm8K/9OoRFnXKw==
+  dependencies:
+    "@types/mdast" "^3.0.0"
+    escape-string-regexp "^5.0.0"
+    unist-util-is "^5.0.0"
+    unist-util-visit-parents "^5.0.0"
+
 mdast-util-find-and-replace@^3.0.0, mdast-util-find-and-replace@^3.0.1:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/mdast-util-find-and-replace/-/mdast-util-find-and-replace-3.0.1.tgz#a6fc7b62f0994e973490e45262e4bc07607b04e0"
@@ -6943,7 +8770,7 @@ mdast-util-find-and-replace@^3.0.0, mdast-util-find-and-replace@^3.0.1:
     unist-util-is "^6.0.0"
     unist-util-visit-parents "^6.0.0"
 
-mdast-util-from-markdown@^1.0.0, mdast-util-from-markdown@^1.1.0, mdast-util-from-markdown@^1.2.0, mdast-util-from-markdown@^1.3.0:
+mdast-util-from-markdown@^1.0.0, mdast-util-from-markdown@^1.1.0, mdast-util-from-markdown@^1.2.0:
   version "1.3.1"
   resolved "https://registry.yarnpkg.com/mdast-util-from-markdown/-/mdast-util-from-markdown-1.3.1.tgz#9421a5a247f10d31d2faed2a30df5ec89ceafcf0"
   integrity sha512-4xTO/M8c82qBcnQc1tgpNtubGUW/Y1tBQ1B0i5CtSoelOLKFYlElIr3bvgREYYO5iRqbMY1YuqZng0GVOI8Qww==
@@ -6991,6 +8818,16 @@ mdast-util-frontmatter@^2.0.0:
     mdast-util-to-markdown "^2.0.0"
     micromark-extension-frontmatter "^2.0.0"
 
+mdast-util-gfm-autolink-literal@^1.0.0:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/mdast-util-gfm-autolink-literal/-/mdast-util-gfm-autolink-literal-1.0.3.tgz#67a13abe813d7eba350453a5333ae1bc0ec05c06"
+  integrity sha512-My8KJ57FYEy2W2LyNom4n3E7hKTuQk/0SES0u16tjA9Z3oFkF4RrC/hPAPgjlSpezsOvI8ObcXcElo92wn5IGA==
+  dependencies:
+    "@types/mdast" "^3.0.0"
+    ccount "^2.0.0"
+    mdast-util-find-and-replace "^2.0.0"
+    micromark-util-character "^1.0.0"
+
 mdast-util-gfm-autolink-literal@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/mdast-util-gfm-autolink-literal/-/mdast-util-gfm-autolink-literal-2.0.0.tgz#5baf35407421310a08e68c15e5d8821e8898ba2a"
@@ -7002,6 +8839,15 @@ mdast-util-gfm-autolink-literal@^2.0.0:
     mdast-util-find-and-replace "^3.0.0"
     micromark-util-character "^2.0.0"
 
+mdast-util-gfm-footnote@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/mdast-util-gfm-footnote/-/mdast-util-gfm-footnote-1.0.2.tgz#ce5e49b639c44de68d5bf5399877a14d5020424e"
+  integrity sha512-56D19KOGbE00uKVj3sgIykpwKL179QsVFwx/DCW0u/0+URsryacI4MAdNJl0dh+u2PSsD9FtxPFbHCzJ78qJFQ==
+  dependencies:
+    "@types/mdast" "^3.0.0"
+    mdast-util-to-markdown "^1.3.0"
+    micromark-util-normalize-identifier "^1.0.0"
+
 mdast-util-gfm-footnote@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/mdast-util-gfm-footnote/-/mdast-util-gfm-footnote-2.0.0.tgz#25a1753c7d16db8bfd53cd84fe50562bd1e6d6a9"
@@ -7013,6 +8859,14 @@ mdast-util-gfm-footnote@^2.0.0:
     mdast-util-to-markdown "^2.0.0"
     micromark-util-normalize-identifier "^2.0.0"
 
+mdast-util-gfm-strikethrough@^1.0.0:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/mdast-util-gfm-strikethrough/-/mdast-util-gfm-strikethrough-1.0.3.tgz#5470eb105b483f7746b8805b9b989342085795b7"
+  integrity sha512-DAPhYzTYrRcXdMjUtUjKvW9z/FNAMTdU0ORyMcbmkwYNbKocDpdk+PX1L1dQgOID/+vVs1uBQ7ElrBQfZ0cuiQ==
+  dependencies:
+    "@types/mdast" "^3.0.0"
+    mdast-util-to-markdown "^1.3.0"
+
 mdast-util-gfm-strikethrough@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/mdast-util-gfm-strikethrough/-/mdast-util-gfm-strikethrough-2.0.0.tgz#d44ef9e8ed283ac8c1165ab0d0dfd058c2764c16"
@@ -7022,6 +8876,16 @@ mdast-util-gfm-strikethrough@^2.0.0:
     mdast-util-from-markdown "^2.0.0"
     mdast-util-to-markdown "^2.0.0"
 
+mdast-util-gfm-table@^1.0.0:
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/mdast-util-gfm-table/-/mdast-util-gfm-table-1.0.7.tgz#3552153a146379f0f9c4c1101b071d70bbed1a46"
+  integrity sha512-jjcpmNnQvrmN5Vx7y7lEc2iIOEytYv7rTvu+MeyAsSHTASGCCRA79Igg2uKssgOs1i1po8s3plW0sTu1wkkLGg==
+  dependencies:
+    "@types/mdast" "^3.0.0"
+    markdown-table "^3.0.0"
+    mdast-util-from-markdown "^1.0.0"
+    mdast-util-to-markdown "^1.3.0"
+
 mdast-util-gfm-table@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/mdast-util-gfm-table/-/mdast-util-gfm-table-2.0.0.tgz#7a435fb6223a72b0862b33afbd712b6dae878d38"
@@ -7033,6 +8897,14 @@ mdast-util-gfm-table@^2.0.0:
     mdast-util-from-markdown "^2.0.0"
     mdast-util-to-markdown "^2.0.0"
 
+mdast-util-gfm-task-list-item@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/mdast-util-gfm-task-list-item/-/mdast-util-gfm-task-list-item-1.0.2.tgz#b280fcf3b7be6fd0cc012bbe67a59831eb34097b"
+  integrity sha512-PFTA1gzfp1B1UaiJVyhJZA1rm0+Tzn690frc/L8vNX1Jop4STZgOE6bxUhnzdVSB+vm2GU1tIsuQcA9bxTQpMQ==
+  dependencies:
+    "@types/mdast" "^3.0.0"
+    mdast-util-to-markdown "^1.3.0"
+
 mdast-util-gfm-task-list-item@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/mdast-util-gfm-task-list-item/-/mdast-util-gfm-task-list-item-2.0.0.tgz#e68095d2f8a4303ef24094ab642e1047b991a936"
@@ -7043,6 +8915,19 @@ mdast-util-gfm-task-list-item@^2.0.0:
     mdast-util-from-markdown "^2.0.0"
     mdast-util-to-markdown "^2.0.0"
 
+mdast-util-gfm@^2.0.0:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/mdast-util-gfm/-/mdast-util-gfm-2.0.2.tgz#e92f4d8717d74bdba6de57ed21cc8b9552e2d0b6"
+  integrity sha512-qvZ608nBppZ4icQlhQQIAdc6S3Ffj9RGmzwUKUWuEICFnd1LVkN3EktF7ZHAgfcEdvZB5owU9tQgt99e2TlLjg==
+  dependencies:
+    mdast-util-from-markdown "^1.0.0"
+    mdast-util-gfm-autolink-literal "^1.0.0"
+    mdast-util-gfm-footnote "^1.0.0"
+    mdast-util-gfm-strikethrough "^1.0.0"
+    mdast-util-gfm-table "^1.0.0"
+    mdast-util-gfm-task-list-item "^1.0.0"
+    mdast-util-to-markdown "^1.0.0"
+
 mdast-util-gfm@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/mdast-util-gfm/-/mdast-util-gfm-3.0.0.tgz#3f2aecc879785c3cb6a81ff3a243dc11eca61095"
@@ -7277,12 +9162,12 @@ media-typer@0.3.0:
   resolved "https://registry.yarnpkg.com/media-typer/-/media-typer-0.3.0.tgz#8710d7af0aa626f8fffa1ce00168545263255748"
   integrity sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==
 
-medium-zoom@^1.0.6:
+medium-zoom@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/medium-zoom/-/medium-zoom-1.1.0.tgz#6efb6bbda861a02064ee71a2617a8dc4381ecc71"
   integrity sha512-ewyDsp7k4InCUp3jRmwHBRFGyjBimKps/AJLjRSox+2q/2H4p/PNpQf+pwONWlJiOudkBXtbdmVbFjqyybfTmQ==
 
-memfs@^3.1.2, memfs@^3.4.3:
+memfs@^3.4.3:
   version "3.6.0"
   resolved "https://registry.yarnpkg.com/memfs/-/memfs-3.6.0.tgz#d7a2110f86f79dd950a8b6df6d57bc984aa185f6"
   integrity sha512-EGowvkkgbMcIChjMTMkESFDbZeSh8xZ7kNSF0hAiAN4Jh6jgHCRS0Ga/+C8y6Au+oqpezRHCfPsmJ2+DwAgiwQ==
@@ -7309,31 +9194,31 @@ merge2@^1.3.0, merge2@^1.4.1:
   resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae"
   integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==
 
-mermaid@^10.4.0, mermaid@^10.9.1:
-  version "10.9.1"
-  resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-10.9.1.tgz#5f582c23f3186c46c6aa673e59eeb46d741b2ea6"
-  integrity sha512-Mx45Obds5W1UkW1nv/7dHRsbfMM1aOKA2+Pxs/IGHNonygDHwmng8xTHyS9z4KWVi0rbko8gjiBmuwwXQ7tiNA==
+mermaid@>=11.6.0:
+  version "11.6.0"
+  resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-11.6.0.tgz#eee45cdc3087be561a19faf01745596d946bb575"
+  integrity sha512-PE8hGUy1LDlWIHWBP05SFdqUHGmRcCcK4IzpOKPE35eOw+G9zZgcnMpyunJVUEOgb//KBORPjysKndw8bFLuRg==
   dependencies:
-    "@braintree/sanitize-url" "^6.0.1"
-    "@types/d3-scale" "^4.0.3"
-    "@types/d3-scale-chromatic" "^3.0.0"
-    cytoscape "^3.28.1"
+    "@braintree/sanitize-url" "^7.0.4"
+    "@iconify/utils" "^2.1.33"
+    "@mermaid-js/parser" "^0.4.0"
+    "@types/d3" "^7.4.3"
+    cytoscape "^3.29.3"
     cytoscape-cose-bilkent "^4.1.0"
-    d3 "^7.4.0"
+    cytoscape-fcose "^2.2.0"
+    d3 "^7.9.0"
     d3-sankey "^0.12.3"
-    dagre-d3-es "7.0.10"
-    dayjs "^1.11.7"
-    dompurify "^3.0.5"
-    elkjs "^0.9.0"
+    dagre-d3-es "7.0.11"
+    dayjs "^1.11.13"
+    dompurify "^3.2.4"
     katex "^0.16.9"
-    khroma "^2.0.0"
+    khroma "^2.1.0"
     lodash-es "^4.17.21"
-    mdast-util-from-markdown "^1.3.0"
-    non-layered-tidy-tree-layout "^2.0.2"
-    stylis "^4.1.3"
+    marked "^15.0.7"
+    roughjs "^4.6.6"
+    stylis "^4.3.6"
     ts-dedent "^2.2.0"
-    uuid "^9.0.0"
-    web-worker "^1.2.0"
+    uuid "^11.1.0"
 
 methods@~1.1.2:
   version "1.1.2"
@@ -7407,6 +9292,16 @@ micromark-extension-frontmatter@^2.0.0:
     micromark-util-symbol "^2.0.0"
     micromark-util-types "^2.0.0"
 
+micromark-extension-gfm-autolink-literal@^1.0.0:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/micromark-extension-gfm-autolink-literal/-/micromark-extension-gfm-autolink-literal-1.0.5.tgz#5853f0e579bbd8ef9e39a7c0f0f27c5a063a66e7"
+  integrity sha512-z3wJSLrDf8kRDOh2qBtoTRD53vJ+CWIyo7uyZuxf/JAbNJjiHsOpG1y5wxk8drtv3ETAHutCu6N3thkOOgueWg==
+  dependencies:
+    micromark-util-character "^1.0.0"
+    micromark-util-sanitize-uri "^1.0.0"
+    micromark-util-symbol "^1.0.0"
+    micromark-util-types "^1.0.0"
+
 micromark-extension-gfm-autolink-literal@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/micromark-extension-gfm-autolink-literal/-/micromark-extension-gfm-autolink-literal-2.0.0.tgz#f1e50b42e67d441528f39a67133eddde2bbabfd9"
@@ -7417,6 +9312,20 @@ micromark-extension-gfm-autolink-literal@^2.0.0:
     micromark-util-symbol "^2.0.0"
     micromark-util-types "^2.0.0"
 
+micromark-extension-gfm-footnote@^1.0.0:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/micromark-extension-gfm-footnote/-/micromark-extension-gfm-footnote-1.1.2.tgz#05e13034d68f95ca53c99679040bc88a6f92fe2e"
+  integrity sha512-Yxn7z7SxgyGWRNa4wzf8AhYYWNrwl5q1Z8ii+CSTTIqVkmGZF1CElX2JI8g5yGoM3GAman9/PVCUFUSJ0kB/8Q==
+  dependencies:
+    micromark-core-commonmark "^1.0.0"
+    micromark-factory-space "^1.0.0"
+    micromark-util-character "^1.0.0"
+    micromark-util-normalize-identifier "^1.0.0"
+    micromark-util-sanitize-uri "^1.0.0"
+    micromark-util-symbol "^1.0.0"
+    micromark-util-types "^1.0.0"
+    uvu "^0.5.0"
+
 micromark-extension-gfm-footnote@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/micromark-extension-gfm-footnote/-/micromark-extension-gfm-footnote-2.0.0.tgz#91afad310065a94b636ab1e9dab2c60d1aab953c"
@@ -7431,6 +9340,18 @@ micromark-extension-gfm-footnote@^2.0.0:
     micromark-util-symbol "^2.0.0"
     micromark-util-types "^2.0.0"
 
+micromark-extension-gfm-strikethrough@^1.0.0:
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/micromark-extension-gfm-strikethrough/-/micromark-extension-gfm-strikethrough-1.0.7.tgz#c8212c9a616fa3bf47cb5c711da77f4fdc2f80af"
+  integrity sha512-sX0FawVE1o3abGk3vRjOH50L5TTLr3b5XMqnP9YDRb34M0v5OoZhG+OHFz1OffZ9dlwgpTBKaT4XW/AsUVnSDw==
+  dependencies:
+    micromark-util-chunked "^1.0.0"
+    micromark-util-classify-character "^1.0.0"
+    micromark-util-resolve-all "^1.0.0"
+    micromark-util-symbol "^1.0.0"
+    micromark-util-types "^1.0.0"
+    uvu "^0.5.0"
+
 micromark-extension-gfm-strikethrough@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/micromark-extension-gfm-strikethrough/-/micromark-extension-gfm-strikethrough-2.0.0.tgz#6917db8e320da70e39ffbf97abdbff83e6783e61"
@@ -7443,6 +9364,17 @@ micromark-extension-gfm-strikethrough@^2.0.0:
     micromark-util-symbol "^2.0.0"
     micromark-util-types "^2.0.0"
 
+micromark-extension-gfm-table@^1.0.0:
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/micromark-extension-gfm-table/-/micromark-extension-gfm-table-1.0.7.tgz#dcb46074b0c6254c3fc9cc1f6f5002c162968008"
+  integrity sha512-3ZORTHtcSnMQEKtAOsBQ9/oHp9096pI/UvdPtN7ehKvrmZZ2+bbWhi0ln+I9drmwXMt5boocn6OlwQzNXeVeqw==
+  dependencies:
+    micromark-factory-space "^1.0.0"
+    micromark-util-character "^1.0.0"
+    micromark-util-symbol "^1.0.0"
+    micromark-util-types "^1.0.0"
+    uvu "^0.5.0"
+
 micromark-extension-gfm-table@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/micromark-extension-gfm-table/-/micromark-extension-gfm-table-2.0.0.tgz#2cf3fe352d9e089b7ef5fff003bdfe0da29649b7"
@@ -7454,6 +9386,13 @@ micromark-extension-gfm-table@^2.0.0:
     micromark-util-symbol "^2.0.0"
     micromark-util-types "^2.0.0"
 
+micromark-extension-gfm-tagfilter@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/micromark-extension-gfm-tagfilter/-/micromark-extension-gfm-tagfilter-1.0.2.tgz#aa7c4dd92dabbcb80f313ebaaa8eb3dac05f13a7"
+  integrity sha512-5XWB9GbAUSHTn8VPU8/1DBXMuKYT5uOgEjJb8gN3mW0PNW5OPHpSdojoqf+iq1xo7vWzw/P8bAHY0n6ijpXF7g==
+  dependencies:
+    micromark-util-types "^1.0.0"
+
 micromark-extension-gfm-tagfilter@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/micromark-extension-gfm-tagfilter/-/micromark-extension-gfm-tagfilter-2.0.0.tgz#f26d8a7807b5985fba13cf61465b58ca5ff7dc57"
@@ -7461,6 +9400,17 @@ micromark-extension-gfm-tagfilter@^2.0.0:
   dependencies:
     micromark-util-types "^2.0.0"
 
+micromark-extension-gfm-task-list-item@^1.0.0:
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/micromark-extension-gfm-task-list-item/-/micromark-extension-gfm-task-list-item-1.0.5.tgz#b52ce498dc4c69b6a9975abafc18f275b9dde9f4"
+  integrity sha512-RMFXl2uQ0pNQy6Lun2YBYT9g9INXtWJULgbt01D/x8/6yJ2qpKyzdZD3pi6UIkzF++Da49xAelVKUeUMqd5eIQ==
+  dependencies:
+    micromark-factory-space "^1.0.0"
+    micromark-util-character "^1.0.0"
+    micromark-util-symbol "^1.0.0"
+    micromark-util-types "^1.0.0"
+    uvu "^0.5.0"
+
 micromark-extension-gfm-task-list-item@^2.0.0:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/micromark-extension-gfm-task-list-item/-/micromark-extension-gfm-task-list-item-2.0.1.tgz#ee8b208f1ced1eb9fb11c19a23666e59d86d4838"
@@ -7472,6 +9422,20 @@ micromark-extension-gfm-task-list-item@^2.0.0:
     micromark-util-symbol "^2.0.0"
     micromark-util-types "^2.0.0"
 
+micromark-extension-gfm@^2.0.0:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/micromark-extension-gfm/-/micromark-extension-gfm-2.0.3.tgz#e517e8579949a5024a493e49204e884aa74f5acf"
+  integrity sha512-vb9OoHqrhCmbRidQv/2+Bc6pkP0FrtlhurxZofvOEy5o8RtuuvTq+RQ1Vw5ZDNrVraQZu3HixESqbG+0iKk/MQ==
+  dependencies:
+    micromark-extension-gfm-autolink-literal "^1.0.0"
+    micromark-extension-gfm-footnote "^1.0.0"
+    micromark-extension-gfm-strikethrough "^1.0.0"
+    micromark-extension-gfm-table "^1.0.0"
+    micromark-extension-gfm-tagfilter "^1.0.0"
+    micromark-extension-gfm-task-list-item "^1.0.0"
+    micromark-util-combine-extensions "^1.0.0"
+    micromark-util-types "^1.0.0"
+
 micromark-extension-gfm@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/micromark-extension-gfm/-/micromark-extension-gfm-3.0.0.tgz#3e13376ab95dd7a5cfd0e29560dfe999657b3c5b"
@@ -8026,14 +9990,6 @@ micromatch@^4.0.2, micromatch@^4.0.4, micromatch@^4.0.5:
     braces "^3.0.3"
     picomatch "^2.3.1"
 
-miller-rabin@^4.0.0:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/miller-rabin/-/miller-rabin-4.0.1.tgz#f080351c865b0dc562a8462966daa53543c78a4d"
-  integrity sha512-115fLhvZVqWwHPbClyntxEVfVDfl9DLLTuJvq3g2O/Oxi8AiNouAHvDSzHS0viUJc+V5vm3eq91Xwqn9dp4jRA==
-  dependencies:
-    bn.js "^4.0.0"
-    brorand "^1.0.1"
-
 mime-db@1.48.0:
   version "1.48.0"
   resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.48.0.tgz#e35b31045dd7eada3aaad537ed88a33afbef2d1d"
@@ -8097,25 +10053,20 @@ mimic-response@^4.0.0:
   resolved "https://registry.yarnpkg.com/mimic-response/-/mimic-response-4.0.0.tgz#35468b19e7c75d10f5165ea25e75a5ceea7cf70f"
   integrity sha512-e5ISH9xMYU0DzrT+jl8q2ze9D6eWBto+I8CNpe+VI+K2J/F/k3PdkdTdz4wvGVH4NTpo+NRYTVIuMQEMMcsLqg==
 
-mini-css-extract-plugin@^2.7.6:
-  version "2.9.0"
-  resolved "https://registry.yarnpkg.com/mini-css-extract-plugin/-/mini-css-extract-plugin-2.9.0.tgz#c73a1327ccf466f69026ac22a8e8fd707b78a235"
-  integrity sha512-Zs1YsZVfemekSZG+44vBsYTLQORkPMwnlv+aehcxK/NLKC+EGhDB39/YePYYqx/sTk6NnYpuqikhSn7+JIevTA==
+mini-css-extract-plugin@^2.9.1:
+  version "2.9.2"
+  resolved "https://registry.yarnpkg.com/mini-css-extract-plugin/-/mini-css-extract-plugin-2.9.2.tgz#966031b468917a5446f4c24a80854b2947503c5b"
+  integrity sha512-GJuACcS//jtq4kCtd5ii/M0SZf7OZRH+BxdqXZHaJfb8TJiVl+NgQRPwiYt2EuqeSkNydn/7vP+bcE27C5mb9w==
   dependencies:
     schema-utils "^4.0.0"
     tapable "^2.2.1"
 
-minimalistic-assert@^1.0.0, minimalistic-assert@^1.0.1:
+minimalistic-assert@^1.0.0:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7"
   integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==
 
-minimalistic-crypto-utils@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz#f6c00c1c0b082246e5c4d99dfb8c7c083b2b582a"
-  integrity sha512-JIYlbt6g8i5jKfJ3xz7rF0LXmv2TkDxBLUkiBeZ7bAx4GnnNMr8xFpGnOxn6GhTEHx3SjRrZEoU+j04prX1ktg==
-
-minimatch@3.1.2, minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1:
+minimatch@3.1.2, minimatch@^3.1.1:
   version "3.1.2"
   resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b"
   integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==
@@ -8136,7 +10087,7 @@ minimatch@^9.0.4:
   dependencies:
     brace-expansion "^2.0.1"
 
-minimist@^1.2.0, minimist@^1.2.5:
+minimist@^1.2.0:
   version "1.2.8"
   resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c"
   integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==
@@ -8151,6 +10102,16 @@ mkdirp-classic@^0.5.2:
   resolved "https://registry.yarnpkg.com/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz#fa10c9115cc6d8865be221ba47ee9bed78601113"
   integrity sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==
 
+mlly@^1.7.4:
+  version "1.7.4"
+  resolved "https://registry.yarnpkg.com/mlly/-/mlly-1.7.4.tgz#3d7295ea2358ec7a271eaa5d000a0f84febe100f"
+  integrity sha512-qmdSIPC4bDJXgZTCR7XosJiNKySV7O215tsPtDN9iEO/7q/76b/ijtgRu/+epFXSJhijtTCCGp3DWS549P3xKw==
+  dependencies:
+    acorn "^8.14.0"
+    pathe "^2.0.1"
+    pkg-types "^1.3.0"
+    ufo "^1.5.4"
+
 mri@^1.1.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/mri/-/mri-1.2.0.tgz#6721480fec2a11a4889861115a48b6cbe7cc8f0b"
@@ -8171,7 +10132,7 @@ ms@2.1.2:
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
   integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==
 
-ms@2.1.3:
+ms@2.1.3, ms@^2.1.3:
   version "2.1.3"
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
   integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
@@ -8221,6 +10182,11 @@ no-case@^3.0.4:
     lower-case "^2.0.2"
     tslib "^2.0.3"
 
+node-addon-api@^7.0.0:
+  version "7.1.1"
+  resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-7.1.1.tgz#1aba6693b0f255258a049d621329329322aad558"
+  integrity sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==
+
 node-emoji@^2.1.0:
   version "2.1.3"
   resolved "https://registry.yarnpkg.com/node-emoji/-/node-emoji-2.1.3.tgz#93cfabb5cc7c3653aa52f29d6ffb7927d8047c06"
@@ -8257,37 +10223,6 @@ node-forge@^1:
   resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.1.tgz#be8da2af243b2417d5f646a770663a92b7e9ded3"
   integrity sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==
 
-node-polyfill-webpack-plugin@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/node-polyfill-webpack-plugin/-/node-polyfill-webpack-plugin-2.0.1.tgz#141d86f177103a8517c71d99b7c6a46edbb1bb58"
-  integrity sha512-ZUMiCnZkP1LF0Th2caY6J/eKKoA0TefpoVa68m/LQU1I/mE8rGt4fNYGgNuCcK+aG8P8P43nbeJ2RqJMOL/Y1A==
-  dependencies:
-    assert "^2.0.0"
-    browserify-zlib "^0.2.0"
-    buffer "^6.0.3"
-    console-browserify "^1.2.0"
-    constants-browserify "^1.0.0"
-    crypto-browserify "^3.12.0"
-    domain-browser "^4.22.0"
-    events "^3.3.0"
-    filter-obj "^2.0.2"
-    https-browserify "^1.0.0"
-    os-browserify "^0.3.0"
-    path-browserify "^1.0.1"
-    process "^0.11.10"
-    punycode "^2.1.1"
-    querystring-es3 "^0.2.1"
-    readable-stream "^4.0.0"
-    stream-browserify "^3.0.0"
-    stream-http "^3.2.0"
-    string_decoder "^1.3.0"
-    timers-browserify "^2.0.12"
-    tty-browserify "^0.0.1"
-    type-fest "^2.14.0"
-    url "^0.11.0"
-    util "^0.12.4"
-    vm-browserify "^1.1.2"
-
 node-readfiles@^0.2.0:
   version "0.2.0"
   resolved "https://registry.yarnpkg.com/node-readfiles/-/node-readfiles-0.2.0.tgz#dbbd4af12134e2e635c245ef93ffcf6f60673a5d"
@@ -8300,10 +10235,10 @@ node-releases@^2.0.14:
   resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.14.tgz#2ffb053bceb8b2be8495ece1ab6ce600c4461b0b"
   integrity sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw==
 
-non-layered-tidy-tree-layout@^2.0.2:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/non-layered-tidy-tree-layout/-/non-layered-tidy-tree-layout-2.0.2.tgz#57d35d13c356643fc296a55fb11ac15e74da7804"
-  integrity sha512-gkXMxRzUH+PB0ax9dUN0yYF0S25BqeAYqhgMaLUFmpXLEk7Fcu8f4emJuOAY0V8kjDICxROIKsTAKsV/v355xw==
+node-releases@^2.0.19:
+  version "2.0.19"
+  resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.19.tgz#9e445a52950951ec4d177d843af370b411caf314"
+  integrity sha512-xxOWJsBKtzAq7DY0J+DTzuz58K8e7sJbdgwkbMWQe8UYB6ekmsQ45q0M/tJDsGaZmbC+l7n57UV8Hl5tHxO9uw==
 
 normalize-path@^3.0.0, normalize-path@~3.0.0:
   version "3.0.0"
@@ -8339,6 +10274,14 @@ nth-check@^2.0.1:
   dependencies:
     boolbase "^1.0.0"
 
+null-loader@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/null-loader/-/null-loader-4.0.1.tgz#8e63bd3a2dd3c64236a4679428632edd0a6dbc6a"
+  integrity sha512-pxqVbi4U6N26lq+LmgIbB5XATP0VdZKOG25DhHi8btMmJJefGArFyDg1yc4U3hWCJbMqSrw0qyrz1UQX+qYXqg==
+  dependencies:
+    loader-utils "^2.0.0"
+    schema-utils "^3.0.0"
+
 oas-kit-common@^1.0.8:
   version "1.0.8"
   resolved "https://registry.yarnpkg.com/oas-kit-common/-/oas-kit-common-1.0.8.tgz#6d8cacf6e9097967a4c7ea8bcbcbd77018e1f535"
@@ -8412,20 +10355,17 @@ object-inspect@^1.13.1:
   resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.13.1.tgz#b96c6109324ccfef6b12216a956ca4dc2ff94bc2"
   integrity sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==
 
-object-is@^1.1.5:
-  version "1.1.6"
-  resolved "https://registry.yarnpkg.com/object-is/-/object-is-1.1.6.tgz#1a6a53aed2dd8f7e6775ff870bea58545956ab07"
-  integrity sha512-F8cZ+KfGlSGi09lJT7/Nd6KJZ9ygtvYC0/UYYLI9nmQKLMnydpB9yvbv9K1uSkEu7FU9vYPmVwLg328tX+ot3Q==
-  dependencies:
-    call-bind "^1.0.7"
-    define-properties "^1.2.1"
+object-inspect@^1.13.3:
+  version "1.13.4"
+  resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.13.4.tgz#8375265e21bc20d0fa582c22e1b13485d6e00213"
+  integrity sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==
 
 object-keys@^1.1.1:
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e"
   integrity sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==
 
-object.assign@^4.1.0, object.assign@^4.1.4:
+object.assign@^4.1.0:
   version "4.1.5"
   resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.5.tgz#3a833f9ab7fdb80fc9e8d2300c803d216d8fdbb0"
   integrity sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ==
@@ -8502,29 +10442,15 @@ opener@^1.5.2:
   resolved "https://registry.yarnpkg.com/opener/-/opener-1.5.2.tgz#5d37e1f35077b9dcac4301372271afdeb2a13598"
   integrity sha512-ur5UIdyw5Y7yEj9wLzhqXiy6GZ3Mwx0yGI+5sMn2r0N0v3cKJvUmFH5yPP+WXh9e0xfyzyJX95D8l088DNFj7A==
 
-os-browserify@^0.3.0:
-  version "0.3.0"
-  resolved "https://registry.yarnpkg.com/os-browserify/-/os-browserify-0.3.0.tgz#854373c7f5c2315914fc9bfc6bd8238fdda1ec27"
-  integrity sha512-gjcpUc3clBf9+210TRaDWbf+rZZZEshZ+DlXMRCeAjp0xhTrnQsKHypIy1J3d5hKdUzj69t708EHtU8P6bUn0A==
-
 p-cancelable@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/p-cancelable/-/p-cancelable-3.0.0.tgz#63826694b54d61ca1c20ebcb6d3ecf5e14cd8050"
   integrity sha512-mlVgR3PGuzlo0MmTdk4cXqXWlwQDLnONTAg6sm62XkMJEiRxN3GL3SffkYvqwonbkJBcrI7Uvv5Zh9yjvn2iUw==
 
-p-limit@^2.0.0:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-2.3.0.tgz#3dd33c647a214fdfffd835933eb086da0dc21db1"
-  integrity sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==
-  dependencies:
-    p-try "^2.0.0"
-
-p-limit@^3.0.2:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-3.1.0.tgz#e1daccbe78d0d1388ca18c64fea38e3e57e3706b"
-  integrity sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==
-  dependencies:
-    yocto-queue "^0.1.0"
+p-finally@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/p-finally/-/p-finally-1.0.0.tgz#3fbcfb15b899a44123b34b6dcc18b724336a2cae"
+  integrity sha512-LICb2p9CB7FS+0eR1oqWnHhp0FljGLZCWBE9aix0Uye9W8LTQPwMTYVGWQWIw9RdQiDg4+epXQODwIYJtSJaow==
 
 p-limit@^4.0.0:
   version "4.0.0"
@@ -8533,20 +10459,6 @@ p-limit@^4.0.0:
   dependencies:
     yocto-queue "^1.0.0"
 
-p-locate@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/p-locate/-/p-locate-3.0.0.tgz#322d69a05c0264b25997d9f40cd8a891ab0064a4"
-  integrity sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ==
-  dependencies:
-    p-limit "^2.0.0"
-
-p-locate@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/p-locate/-/p-locate-5.0.0.tgz#83c8315c6785005e3bd021839411c9e110e6d834"
-  integrity sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==
-  dependencies:
-    p-limit "^3.0.2"
-
 p-locate@^6.0.0:
   version "6.0.0"
   resolved "https://registry.yarnpkg.com/p-locate/-/p-locate-6.0.0.tgz#3da9a49d4934b901089dca3302fa65dc5a05c04f"
@@ -8561,6 +10473,14 @@ p-map@^4.0.0:
   dependencies:
     aggregate-error "^3.0.0"
 
+p-queue@^6.6.2:
+  version "6.6.2"
+  resolved "https://registry.yarnpkg.com/p-queue/-/p-queue-6.6.2.tgz#2068a9dcf8e67dd0ec3e7a2bcb76810faa85e426"
+  integrity sha512-RwFpb72c/BhQLEXIZ5K2e+AhgNVmIejGlTgiB9MzZ0e93GRvqZ7uSi0dvRF7/XIXDeNkra2fNHBxTyPDGySpjQ==
+  dependencies:
+    eventemitter3 "^4.0.4"
+    p-timeout "^3.2.0"
+
 p-retry@^4.5.0:
   version "4.6.2"
   resolved "https://registry.yarnpkg.com/p-retry/-/p-retry-4.6.2.tgz#9baae7184057edd4e17231cee04264106e092a16"
@@ -8569,10 +10489,12 @@ p-retry@^4.5.0:
     "@types/retry" "0.12.0"
     retry "^0.13.1"
 
-p-try@^2.0.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/p-try/-/p-try-2.2.0.tgz#cb2868540e313d61de58fafbe35ce9004d5540e6"
-  integrity sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==
+p-timeout@^3.2.0:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/p-timeout/-/p-timeout-3.2.0.tgz#c7e17abc971d2a7962ef83626b35d635acf23dfe"
+  integrity sha512-rhIwUycgwwKcP9yTOOFK/AKsAopjjCakVqLHePO3CC6Mir1Z99xT+R63jZxAT5lFZLa2inS5h+ZS2GvR99/FBg==
+  dependencies:
+    p-finally "^1.0.0"
 
 package-json@^8.1.0:
   version "8.1.1"
@@ -8584,10 +10506,15 @@ package-json@^8.1.0:
     registry-url "^6.0.0"
     semver "^7.3.7"
 
-pako@~1.0.5:
-  version "1.0.11"
-  resolved "https://registry.yarnpkg.com/pako/-/pako-1.0.11.tgz#6c9599d340d54dfd3946380252a35705a6b992bf"
-  integrity sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==
+package-manager-detector@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/package-manager-detector/-/package-manager-detector-1.3.0.tgz#b42d641c448826e03c2b354272456a771ce453c0"
+  integrity sha512-ZsEbbZORsyHuO00lY1kV3/t72yp6Ysay6Pd17ZAlNGuGwmWDLCJxFpRs0IzfXfj1o4icJOkUEioexFHzyPurSQ==
+
+pako@^2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/pako/-/pako-2.1.0.tgz#266cc37f98c7d883545d11335c00fbd4062c9a86"
+  integrity sha512-w+eufiZ1WuJYgPXbV/PO3NCMEc3xqylkKHzp8bxp1uW4qaSNQUkwmLLEc3kKsfz8lpV1F8Ht3U1Cm+9Srog2ug==
 
 param-case@^3.0.4:
   version "3.0.4"
@@ -8604,18 +10531,6 @@ parent-module@^1.0.0:
   dependencies:
     callsites "^3.0.0"
 
-parse-asn1@^5.0.0, parse-asn1@^5.1.7:
-  version "5.1.7"
-  resolved "https://registry.yarnpkg.com/parse-asn1/-/parse-asn1-5.1.7.tgz#73cdaaa822125f9647165625eb45f8a051d2df06"
-  integrity sha512-CTM5kuWR3sx9IFamcl5ErfPl6ea/N8IYwiJ+vpeB2g+1iknv7zBl5uPwbMbRVznRVbrNY6lGuDoE5b30grmbqg==
-  dependencies:
-    asn1.js "^4.10.1"
-    browserify-aes "^1.2.0"
-    evp_bytestokey "^1.0.3"
-    hash-base "~3.0"
-    pbkdf2 "^3.1.2"
-    safe-buffer "^5.2.1"
-
 parse-entities@^4.0.0:
   version "4.0.1"
   resolved "https://registry.yarnpkg.com/parse-entities/-/parse-entities-4.0.1.tgz#4e2a01111fb1c986549b944af39eeda258fc9e4e"
@@ -8630,7 +10545,7 @@ parse-entities@^4.0.0:
     is-decimal "^2.0.0"
     is-hexadecimal "^2.0.0"
 
-parse-json@^5.0.0, parse-json@^5.2.0:
+parse-json@^5.2.0:
   version "5.2.0"
   resolved "https://registry.yarnpkg.com/parse-json/-/parse-json-5.2.0.tgz#c76fc66dee54231c962b22bcc8a72cf2f99753cd"
   integrity sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==
@@ -8683,15 +10598,10 @@ path-browserify@1.0.1, path-browserify@^1.0.1:
   resolved "https://registry.yarnpkg.com/path-browserify/-/path-browserify-1.0.1.tgz#d98454a9c3753d5790860f16f68867b9e46be1fd"
   integrity sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g==
 
-path-exists@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-3.0.0.tgz#ce0ebeaa5f78cb18925ea7d810d7b59b010fd515"
-  integrity sha512-bpC7GYwiDYQ4wYLe+FA8lhRjhQCMcQGuSgGGqDkg/QerRWw9CmGRT0iSOVRSZJ29NMLZgIzqaljJ63oaL4NIJQ==
-
-path-exists@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-4.0.0.tgz#513bdbe2d3b95d7762e8c1137efa195c6c61b5b3"
-  integrity sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==
+path-data-parser@0.1.0, path-data-parser@^0.1.0:
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/path-data-parser/-/path-data-parser-0.1.0.tgz#8f5ba5cc70fc7becb3dcefaea08e2659aba60b8c"
+  integrity sha512-NOnmBpt5Y2RWbuv0LMzsayp3lVylAHLPUTut412ZA3l+C4uw4ZVkQbjShYCQ8TCpUMdPapr4YjUqLYD6v68j+w==
 
 path-exists@^5.0.0:
   version "5.0.0"
@@ -8743,10 +10653,10 @@ path-to-regexp@0.1.7:
   resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c"
   integrity sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==
 
-path-to-regexp@2.2.1:
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-2.2.1.tgz#90b617025a16381a879bc82a38d4e8bdeb2bcf45"
-  integrity sha512-gu9bD6Ta5bwGrrU8muHzVOBFFREpp2iRkVfhBJahwJ6p6Xw20SjT0MxLnwkjOibQmGSYhiUnf2FLe7k+jcFmGQ==
+path-to-regexp@3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-3.3.0.tgz#f7f31d32e8518c2660862b644414b6d5c63a611b"
+  integrity sha512-qyCH421YQPS2WFDxDjftfc1ZR5WKQzVzqsp4n9M2kQhVOo/ByahFoUNJfl58kOcEGfQ//7weFTDhm+ss8Ecxgw==
 
 path-to-regexp@^1.7.0:
   version "1.8.0"
@@ -8768,16 +10678,10 @@ path@0.12.7:
     process "^0.11.1"
     util "^0.10.3"
 
-pbkdf2@^3.0.3, pbkdf2@^3.1.2:
-  version "3.1.2"
-  resolved "https://registry.yarnpkg.com/pbkdf2/-/pbkdf2-3.1.2.tgz#dd822aa0887580e52f1a039dc3eda108efae3075"
-  integrity sha512-iuh7L6jA7JEGu2WxDwtQP1ddOpaJNC4KlDEFfdQajSGgGPNi4OyDc2R7QnbY2bR9QjBVGwgvTdNJZoE7RaxUMA==
-  dependencies:
-    create-hash "^1.1.2"
-    create-hmac "^1.1.4"
-    ripemd160 "^2.0.1"
-    safe-buffer "^5.0.1"
-    sha.js "^2.4.8"
+pathe@^2.0.1, pathe@^2.0.3:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/pathe/-/pathe-2.0.3.tgz#3ecbec55421685b70a9da872b2cff3e1cbed1716"
+  integrity sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==
 
 pend@~1.2.0:
   version "1.2.0"
@@ -8798,6 +10702,11 @@ picocolors@^1.0.0, picocolors@^1.0.1:
   resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.0.1.tgz#a8ad579b571952f0e5d25892de5445bcfe25aaa1"
   integrity sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew==
 
+picocolors@^1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.1.tgz#3d321af3eab939b083c8f929a1d12cda81c26b6b"
+  integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==
+
 picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3, picomatch@^2.3.1:
   version "2.3.1"
   resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42"
@@ -8820,22 +10729,48 @@ pkg-dir@^7.0.0:
   dependencies:
     find-up "^6.3.0"
 
-pkg-up@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/pkg-up/-/pkg-up-3.1.0.tgz#100ec235cc150e4fd42519412596a28512a0def5"
-  integrity sha512-nDywThFk1i4BQK4twPQ6TA4RT8bDY96yeuCVBWL3ePARCiEKDRSrNGbFIgUJpLp+XeIR65v8ra7WuJOFUBtkMA==
+pkg-types@^1.3.0:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/pkg-types/-/pkg-types-1.3.1.tgz#bd7cc70881192777eef5326c19deb46e890917df"
+  integrity sha512-/Jm5M4RvtBFVkKWRu2BLUTNP8/M2a+UwuAX+ae4770q1qVGtfjG+WTCupoZixokjmHiry8uI+dlY8KXYV5HVVQ==
   dependencies:
-    find-up "^3.0.0"
+    confbox "^0.1.8"
+    mlly "^1.7.4"
+    pathe "^2.0.1"
+
+pkg-types@^2.0.1:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/pkg-types/-/pkg-types-2.1.0.tgz#70c9e1b9c74b63fdde749876ee0aa007ea9edead"
+  integrity sha512-wmJwA+8ihJixSoHKxZJRBQG1oY8Yr9pGLzRmSsNms0iNWyHHAlZCa7mmKiFR10YPZuz/2k169JiS/inOjBCZ2A==
+  dependencies:
+    confbox "^0.2.1"
+    exsolve "^1.0.1"
+    pathe "^2.0.3"
 
 pluralize@^8.0.0:
   version "8.0.0"
   resolved "https://registry.yarnpkg.com/pluralize/-/pluralize-8.0.0.tgz#1a6fa16a38d12a1901e0320fa017051c539ce3b1"
   integrity sha512-Nc3IT5yHzflTfbjgqWcCPpo7DaKy4FnpB0l/zCAW0Tc7jxAiuqSxHasntB3D7887LSrA93kDJ9IXovxJYxyLCA==
 
-possible-typed-array-names@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/possible-typed-array-names/-/possible-typed-array-names-1.0.0.tgz#89bb63c6fada2c3e90adc4a647beeeb39cc7bf8f"
-  integrity sha512-d7Uw+eZoloe0EHDIYoe+bQ5WXnGMOpmiZFTuMWCwpjzzkL2nTjcKiAk4hh8TjnGye2TwWOk3UXucZ+3rbmBa8Q==
+points-on-curve@0.2.0, points-on-curve@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/points-on-curve/-/points-on-curve-0.2.0.tgz#7dbb98c43791859434284761330fa893cb81b4d1"
+  integrity sha512-0mYKnYYe9ZcqMCWhUjItv/oHjvgEsfKvnUTg8sAtnHr3GVy7rGkXCb6d5cSyqrWqL4k81b9CPg3urd+T7aop3A==
+
+points-on-path@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/points-on-path/-/points-on-path-0.2.1.tgz#553202b5424c53bed37135b318858eacff85dd52"
+  integrity sha512-25ClnWWuw7JbWZcgqY/gJ4FQWadKxGWk+3kR/7kD0tCaDtPPMj7oHu2ToLaVhfpnHrZzYby2w6tUA0eOIuUg8g==
+  dependencies:
+    path-data-parser "0.1.0"
+    points-on-curve "0.2.0"
+
+postcss-attribute-case-insensitive@^7.0.1:
+  version "7.0.1"
+  resolved "https://registry.yarnpkg.com/postcss-attribute-case-insensitive/-/postcss-attribute-case-insensitive-7.0.1.tgz#0c4500e3bcb2141848e89382c05b5a31c23033a3"
+  integrity sha512-Uai+SupNSqzlschRyNx3kbCTWgY/2hcwtHEI/ej2LJWc9JJ77qKgGptd8DHwY1mXtZ7Aoh4z4yxfwMBue9eNgw==
+  dependencies:
+    postcss-selector-parser "^7.0.0"
 
 postcss-calc@^9.0.1:
   version "9.0.1"
@@ -8845,6 +10780,40 @@ postcss-calc@^9.0.1:
     postcss-selector-parser "^6.0.11"
     postcss-value-parser "^4.2.0"
 
+postcss-clamp@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/postcss-clamp/-/postcss-clamp-4.1.0.tgz#7263e95abadd8c2ba1bd911b0b5a5c9c93e02363"
+  integrity sha512-ry4b1Llo/9zz+PKC+030KUnPITTJAHeOwjfAyyB60eT0AorGLdzp52s31OsPRHRf8NchkgFoG2y6fCfn1IV1Ow==
+  dependencies:
+    postcss-value-parser "^4.2.0"
+
+postcss-color-functional-notation@^7.0.10:
+  version "7.0.10"
+  resolved "https://registry.yarnpkg.com/postcss-color-functional-notation/-/postcss-color-functional-notation-7.0.10.tgz#f1e9c3e4371889dcdfeabfa8515464fd8338cedc"
+  integrity sha512-k9qX+aXHBiLTRrWoCJuUFI6F1iF6QJQUXNVWJVSbqZgj57jDhBlOvD8gNUGl35tgqDivbGLhZeW3Ongz4feuKA==
+  dependencies:
+    "@csstools/css-color-parser" "^3.0.10"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+
+postcss-color-hex-alpha@^10.0.0:
+  version "10.0.0"
+  resolved "https://registry.yarnpkg.com/postcss-color-hex-alpha/-/postcss-color-hex-alpha-10.0.0.tgz#5dd3eba1f8facb4ea306cba6e3f7712e876b0c76"
+  integrity sha512-1kervM2cnlgPs2a8Vt/Qbe5cQ++N7rkYo/2rz2BkqJZIHQwaVuJgQH38REHrAi4uM0b1fqxMkWYmese94iMp3w==
+  dependencies:
+    "@csstools/utilities" "^2.0.0"
+    postcss-value-parser "^4.2.0"
+
+postcss-color-rebeccapurple@^10.0.0:
+  version "10.0.0"
+  resolved "https://registry.yarnpkg.com/postcss-color-rebeccapurple/-/postcss-color-rebeccapurple-10.0.0.tgz#5ada28406ac47e0796dff4056b0a9d5a6ecead98"
+  integrity sha512-JFta737jSP+hdAIEhk1Vs0q0YF5P8fFcj+09pweS8ktuGuZ8pPlykHsk6mPxZ8awDl4TrcxUqJo9l1IhVr/OjQ==
+  dependencies:
+    "@csstools/utilities" "^2.0.0"
+    postcss-value-parser "^4.2.0"
+
 postcss-colormin@^6.1.0:
   version "6.1.0"
   resolved "https://registry.yarnpkg.com/postcss-colormin/-/postcss-colormin-6.1.0.tgz#076e8d3fb291fbff7b10e6b063be9da42ff6488d"
@@ -8863,6 +10832,44 @@ postcss-convert-values@^6.1.0:
     browserslist "^4.23.0"
     postcss-value-parser "^4.2.0"
 
+postcss-custom-media@^11.0.6:
+  version "11.0.6"
+  resolved "https://registry.yarnpkg.com/postcss-custom-media/-/postcss-custom-media-11.0.6.tgz#6b450e5bfa209efb736830066682e6567bd04967"
+  integrity sha512-C4lD4b7mUIw+RZhtY7qUbf4eADmb7Ey8BFA2px9jUbwg7pjTZDl4KY4bvlUV+/vXQvzQRfiGEVJyAbtOsCMInw==
+  dependencies:
+    "@csstools/cascade-layer-name-parser" "^2.0.5"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/media-query-list-parser" "^4.0.3"
+
+postcss-custom-properties@^14.0.5:
+  version "14.0.5"
+  resolved "https://registry.yarnpkg.com/postcss-custom-properties/-/postcss-custom-properties-14.0.5.tgz#a180444de695f6e11ee2390be93ff6537663e86c"
+  integrity sha512-UWf/vhMapZatv+zOuqlfLmYXeOhhHLh8U8HAKGI2VJ00xLRYoAJh4xv8iX6FB6+TLXeDnm0DBLMi00E0hodbQw==
+  dependencies:
+    "@csstools/cascade-layer-name-parser" "^2.0.5"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/utilities" "^2.0.0"
+    postcss-value-parser "^4.2.0"
+
+postcss-custom-selectors@^8.0.5:
+  version "8.0.5"
+  resolved "https://registry.yarnpkg.com/postcss-custom-selectors/-/postcss-custom-selectors-8.0.5.tgz#9448ed37a12271d7ab6cb364b6f76a46a4a323e8"
+  integrity sha512-9PGmckHQswiB2usSO6XMSswO2yFWVoCAuih1yl9FVcwkscLjRKjwsjM3t+NIWpSU2Jx3eOiK2+t4vVTQaoCHHg==
+  dependencies:
+    "@csstools/cascade-layer-name-parser" "^2.0.5"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    postcss-selector-parser "^7.0.0"
+
+postcss-dir-pseudo-class@^9.0.1:
+  version "9.0.1"
+  resolved "https://registry.yarnpkg.com/postcss-dir-pseudo-class/-/postcss-dir-pseudo-class-9.0.1.tgz#80d9e842c9ae9d29f6bf5fd3cf9972891d6cc0ca"
+  integrity sha512-tRBEK0MHYvcMUrAuYMEOa0zg9APqirBcgzi6P21OhxtJyJADo/SWBwY1CAwEohQ/6HDaa9jCjLRG7K3PVQYHEA==
+  dependencies:
+    postcss-selector-parser "^7.0.0"
+
 postcss-discard-comments@^6.0.2:
   version "6.0.2"
   resolved "https://registry.yarnpkg.com/postcss-discard-comments/-/postcss-discard-comments-6.0.2.tgz#e768dcfdc33e0216380623652b0a4f69f4678b6c"
@@ -8890,6 +10897,47 @@ postcss-discard-unused@^6.0.5:
   dependencies:
     postcss-selector-parser "^6.0.16"
 
+postcss-double-position-gradients@^6.0.2:
+  version "6.0.2"
+  resolved "https://registry.yarnpkg.com/postcss-double-position-gradients/-/postcss-double-position-gradients-6.0.2.tgz#185f8eab2db9cf4e34be69b5706c905895bb52ae"
+  integrity sha512-7qTqnL7nfLRyJK/AHSVrrXOuvDDzettC+wGoienURV8v2svNbu6zJC52ruZtHaO6mfcagFmuTGFdzRsJKB3k5Q==
+  dependencies:
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+    postcss-value-parser "^4.2.0"
+
+postcss-focus-visible@^10.0.1:
+  version "10.0.1"
+  resolved "https://registry.yarnpkg.com/postcss-focus-visible/-/postcss-focus-visible-10.0.1.tgz#1f7904904368a2d1180b220595d77b6f8a957868"
+  integrity sha512-U58wyjS/I1GZgjRok33aE8juW9qQgQUNwTSdxQGuShHzwuYdcklnvK/+qOWX1Q9kr7ysbraQ6ht6r+udansalA==
+  dependencies:
+    postcss-selector-parser "^7.0.0"
+
+postcss-focus-within@^9.0.1:
+  version "9.0.1"
+  resolved "https://registry.yarnpkg.com/postcss-focus-within/-/postcss-focus-within-9.0.1.tgz#ac01ce80d3f2e8b2b3eac4ff84f8e15cd0057bc7"
+  integrity sha512-fzNUyS1yOYa7mOjpci/bR+u+ESvdar6hk8XNK/TRR0fiGTp2QT5N+ducP0n3rfH/m9I7H/EQU6lsa2BrgxkEjw==
+  dependencies:
+    postcss-selector-parser "^7.0.0"
+
+postcss-font-variant@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/postcss-font-variant/-/postcss-font-variant-5.0.0.tgz#efd59b4b7ea8bb06127f2d031bfbb7f24d32fa66"
+  integrity sha512-1fmkBaCALD72CK2a9i468mA/+tr9/1cBxRRMXOUaZqO43oWPR5imcyPjXwuv7PXbCid4ndlP5zWhidQVVa3hmA==
+
+postcss-gap-properties@^6.0.0:
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/postcss-gap-properties/-/postcss-gap-properties-6.0.0.tgz#d5ff0bdf923c06686499ed2b12e125fe64054fed"
+  integrity sha512-Om0WPjEwiM9Ru+VhfEDPZJAKWUd0mV1HmNXqp2C29z80aQ2uP9UVhLc7e3aYMIor/S5cVhoPgYQ7RtfeZpYTRw==
+
+postcss-image-set-function@^7.0.0:
+  version "7.0.0"
+  resolved "https://registry.yarnpkg.com/postcss-image-set-function/-/postcss-image-set-function-7.0.0.tgz#538e94e16716be47f9df0573b56bbaca86e1da53"
+  integrity sha512-QL7W7QNlZuzOwBTeXEmbVckNt1FSmhQtbMRvGGqqU4Nf4xk6KUEQhAoWuMzwbSv5jxiRiSZ5Tv7eiDB9U87znA==
+  dependencies:
+    "@csstools/utilities" "^2.0.0"
+    postcss-value-parser "^4.2.0"
+
 postcss-import@^15.1.0:
   version "15.1.0"
   resolved "https://registry.yarnpkg.com/postcss-import/-/postcss-import-15.1.0.tgz#41c64ed8cc0e23735a9698b3249ffdbf704adc70"
@@ -8906,6 +10954,17 @@ postcss-js@^4.0.1:
   dependencies:
     camelcase-css "^2.0.1"
 
+postcss-lab-function@^7.0.10:
+  version "7.0.10"
+  resolved "https://registry.yarnpkg.com/postcss-lab-function/-/postcss-lab-function-7.0.10.tgz#0537bd7245b935fc133298c8896bcbd160540cae"
+  integrity sha512-tqs6TCEv9tC1Riq6fOzHuHcZyhg4k3gIAMB8GGY/zA1ssGdm6puHMVE7t75aOSoFg7UD2wyrFFhbldiCMyyFTQ==
+  dependencies:
+    "@csstools/css-color-parser" "^3.0.10"
+    "@csstools/css-parser-algorithms" "^3.0.5"
+    "@csstools/css-tokenizer" "^3.0.4"
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/utilities" "^2.0.0"
+
 postcss-load-config@^4.0.1:
   version "4.0.2"
   resolved "https://registry.yarnpkg.com/postcss-load-config/-/postcss-load-config-4.0.2.tgz#7159dcf626118d33e299f485d6afe4aff7c4a3e3"
@@ -8923,6 +10982,13 @@ postcss-loader@^7.3.3:
     jiti "^1.20.0"
     semver "^7.5.4"
 
+postcss-logical@^8.1.0:
+  version "8.1.0"
+  resolved "https://registry.yarnpkg.com/postcss-logical/-/postcss-logical-8.1.0.tgz#4092b16b49e3ecda70c4d8945257da403d167228"
+  integrity sha512-pL1hXFQ2fEXNKiNiAgtfA005T9FBxky5zkX6s4GZM2D8RkVgRqz3f4g1JUoq925zXv495qk8UNldDwh8uGEDoA==
+  dependencies:
+    postcss-value-parser "^4.2.0"
+
 postcss-merge-idents@^6.0.3:
   version "6.0.3"
   resolved "https://registry.yarnpkg.com/postcss-merge-idents/-/postcss-merge-idents-6.0.3.tgz#7b9c31c7bc823c94bec50f297f04e3c2b838ea65"
@@ -9016,6 +11082,15 @@ postcss-nested@^6.0.1:
   dependencies:
     postcss-selector-parser "^6.0.11"
 
+postcss-nesting@^13.0.1:
+  version "13.0.1"
+  resolved "https://registry.yarnpkg.com/postcss-nesting/-/postcss-nesting-13.0.1.tgz#c405796d7245a3e4c267a9956cacfe9670b5d43e"
+  integrity sha512-VbqqHkOBOt4Uu3G8Dm8n6lU5+9cJFxiuty9+4rcoyRPO9zZS1JIs6td49VIoix3qYqELHlJIn46Oih9SAKo+yQ==
+  dependencies:
+    "@csstools/selector-resolve-nested" "^3.0.0"
+    "@csstools/selector-specificity" "^5.0.0"
+    postcss-selector-parser "^7.0.0"
+
 postcss-normalize-charset@^6.0.2:
   version "6.0.2"
   resolved "https://registry.yarnpkg.com/postcss-normalize-charset/-/postcss-normalize-charset-6.0.2.tgz#1ec25c435057a8001dac942942a95ffe66f721e1"
@@ -9078,6 +11153,11 @@ postcss-normalize-whitespace@^6.0.2:
   dependencies:
     postcss-value-parser "^4.2.0"
 
+postcss-opacity-percentage@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/postcss-opacity-percentage/-/postcss-opacity-percentage-3.0.0.tgz#0b0db5ed5db5670e067044b8030b89c216e1eb0a"
+  integrity sha512-K6HGVzyxUxd/VgZdX04DCtdwWJ4NGLG212US4/LA1TLAbHgmAsTWVR86o+gGIbFtnTkfOpb9sCRBx8K7HO66qQ==
+
 postcss-ordered-values@^6.0.2:
   version "6.0.2"
   resolved "https://registry.yarnpkg.com/postcss-ordered-values/-/postcss-ordered-values-6.0.2.tgz#366bb663919707093451ab70c3f99c05672aaae5"
@@ -9086,6 +11166,102 @@ postcss-ordered-values@^6.0.2:
     cssnano-utils "^4.0.2"
     postcss-value-parser "^4.2.0"
 
+postcss-overflow-shorthand@^6.0.0:
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/postcss-overflow-shorthand/-/postcss-overflow-shorthand-6.0.0.tgz#f5252b4a2ee16c68cd8a9029edb5370c4a9808af"
+  integrity sha512-BdDl/AbVkDjoTofzDQnwDdm/Ym6oS9KgmO7Gr+LHYjNWJ6ExORe4+3pcLQsLA9gIROMkiGVjjwZNoL/mpXHd5Q==
+  dependencies:
+    postcss-value-parser "^4.2.0"
+
+postcss-page-break@^3.0.4:
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/postcss-page-break/-/postcss-page-break-3.0.4.tgz#7fbf741c233621622b68d435babfb70dd8c1ee5f"
+  integrity sha512-1JGu8oCjVXLa9q9rFTo4MbeeA5FMe00/9C7lN4va606Rdb+HkxXtXsmEDrIraQ11fGz/WvKWa8gMuCKkrXpTsQ==
+
+postcss-place@^10.0.0:
+  version "10.0.0"
+  resolved "https://registry.yarnpkg.com/postcss-place/-/postcss-place-10.0.0.tgz#ba36ee4786ca401377ced17a39d9050ed772e5a9"
+  integrity sha512-5EBrMzat2pPAxQNWYavwAfoKfYcTADJ8AXGVPcUZ2UkNloUTWzJQExgrzrDkh3EKzmAx1evfTAzF9I8NGcc+qw==
+  dependencies:
+    postcss-value-parser "^4.2.0"
+
+postcss-preset-env@^10.1.0:
+  version "10.2.0"
+  resolved "https://registry.yarnpkg.com/postcss-preset-env/-/postcss-preset-env-10.2.0.tgz#ea95a6fc70efb1a26f81e5cf0ccdb321a3439b6e"
+  integrity sha512-cl13sPBbSqo1Q7Ryb19oT5NZO5IHFolRbIMdgDq4f9w1MHYiL6uZS7uSsjXJ1KzRIcX5BMjEeyxmAevVXENa3Q==
+  dependencies:
+    "@csstools/postcss-cascade-layers" "^5.0.1"
+    "@csstools/postcss-color-function" "^4.0.10"
+    "@csstools/postcss-color-mix-function" "^3.0.10"
+    "@csstools/postcss-color-mix-variadic-function-arguments" "^1.0.0"
+    "@csstools/postcss-content-alt-text" "^2.0.6"
+    "@csstools/postcss-exponential-functions" "^2.0.9"
+    "@csstools/postcss-font-format-keywords" "^4.0.0"
+    "@csstools/postcss-gamut-mapping" "^2.0.10"
+    "@csstools/postcss-gradients-interpolation-method" "^5.0.10"
+    "@csstools/postcss-hwb-function" "^4.0.10"
+    "@csstools/postcss-ic-unit" "^4.0.2"
+    "@csstools/postcss-initial" "^2.0.1"
+    "@csstools/postcss-is-pseudo-class" "^5.0.1"
+    "@csstools/postcss-light-dark-function" "^2.0.9"
+    "@csstools/postcss-logical-float-and-clear" "^3.0.0"
+    "@csstools/postcss-logical-overflow" "^2.0.0"
+    "@csstools/postcss-logical-overscroll-behavior" "^2.0.0"
+    "@csstools/postcss-logical-resize" "^3.0.0"
+    "@csstools/postcss-logical-viewport-units" "^3.0.4"
+    "@csstools/postcss-media-minmax" "^2.0.9"
+    "@csstools/postcss-media-queries-aspect-ratio-number-values" "^3.0.5"
+    "@csstools/postcss-nested-calc" "^4.0.0"
+    "@csstools/postcss-normalize-display-values" "^4.0.0"
+    "@csstools/postcss-oklab-function" "^4.0.10"
+    "@csstools/postcss-progressive-custom-properties" "^4.1.0"
+    "@csstools/postcss-random-function" "^2.0.1"
+    "@csstools/postcss-relative-color-syntax" "^3.0.10"
+    "@csstools/postcss-scope-pseudo-class" "^4.0.1"
+    "@csstools/postcss-sign-functions" "^1.1.4"
+    "@csstools/postcss-stepped-value-functions" "^4.0.9"
+    "@csstools/postcss-text-decoration-shorthand" "^4.0.2"
+    "@csstools/postcss-trigonometric-functions" "^4.0.9"
+    "@csstools/postcss-unset-value" "^4.0.0"
+    autoprefixer "^10.4.21"
+    browserslist "^4.24.5"
+    css-blank-pseudo "^7.0.1"
+    css-has-pseudo "^7.0.2"
+    css-prefers-color-scheme "^10.0.0"
+    cssdb "^8.3.0"
+    postcss-attribute-case-insensitive "^7.0.1"
+    postcss-clamp "^4.1.0"
+    postcss-color-functional-notation "^7.0.10"
+    postcss-color-hex-alpha "^10.0.0"
+    postcss-color-rebeccapurple "^10.0.0"
+    postcss-custom-media "^11.0.6"
+    postcss-custom-properties "^14.0.5"
+    postcss-custom-selectors "^8.0.5"
+    postcss-dir-pseudo-class "^9.0.1"
+    postcss-double-position-gradients "^6.0.2"
+    postcss-focus-visible "^10.0.1"
+    postcss-focus-within "^9.0.1"
+    postcss-font-variant "^5.0.0"
+    postcss-gap-properties "^6.0.0"
+    postcss-image-set-function "^7.0.0"
+    postcss-lab-function "^7.0.10"
+    postcss-logical "^8.1.0"
+    postcss-nesting "^13.0.1"
+    postcss-opacity-percentage "^3.0.0"
+    postcss-overflow-shorthand "^6.0.0"
+    postcss-page-break "^3.0.4"
+    postcss-place "^10.0.0"
+    postcss-pseudo-class-any-link "^10.0.1"
+    postcss-replace-overflow-wrap "^4.0.0"
+    postcss-selector-not "^8.0.1"
+
+postcss-pseudo-class-any-link@^10.0.1:
+  version "10.0.1"
+  resolved "https://registry.yarnpkg.com/postcss-pseudo-class-any-link/-/postcss-pseudo-class-any-link-10.0.1.tgz#06455431171bf44b84d79ebaeee9fd1c05946544"
+  integrity sha512-3el9rXlBOqTFaMFkWDOkHUTQekFIYnaQY55Rsp8As8QQkpiSgIYEcF/6Ond93oHiDsGb4kad8zjt+NPlOC1H0Q==
+  dependencies:
+    postcss-selector-parser "^7.0.0"
+
 postcss-reduce-idents@^6.0.3:
   version "6.0.3"
   resolved "https://registry.yarnpkg.com/postcss-reduce-idents/-/postcss-reduce-idents-6.0.3.tgz#b0d9c84316d2a547714ebab523ec7d13704cd486"
@@ -9108,6 +11284,18 @@ postcss-reduce-transforms@^6.0.2:
   dependencies:
     postcss-value-parser "^4.2.0"
 
+postcss-replace-overflow-wrap@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/postcss-replace-overflow-wrap/-/postcss-replace-overflow-wrap-4.0.0.tgz#d2df6bed10b477bf9c52fab28c568b4b29ca4319"
+  integrity sha512-KmF7SBPphT4gPPcKZc7aDkweHiKEEO8cla/GjcBK+ckKxiZslIu3C4GCRW3DNfL0o7yW7kMQu9xlZ1kXRXLXtw==
+
+postcss-selector-not@^8.0.1:
+  version "8.0.1"
+  resolved "https://registry.yarnpkg.com/postcss-selector-not/-/postcss-selector-not-8.0.1.tgz#f2df9c6ac9f95e9fe4416ca41a957eda16130172"
+  integrity sha512-kmVy/5PYVb2UOhy0+LqUYAhKj7DUGDpSWa5LZqlkWJaaAV+dxxsOG3+St0yNLu6vsKD7Dmqx+nWQt0iil89+WA==
+  dependencies:
+    postcss-selector-parser "^7.0.0"
+
 postcss-selector-parser@^6.0.11, postcss-selector-parser@^6.0.16, postcss-selector-parser@^6.0.2, postcss-selector-parser@^6.0.4:
   version "6.1.0"
   resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-6.1.0.tgz#49694cb4e7c649299fea510a29fa6577104bcf53"
@@ -9116,6 +11304,14 @@ postcss-selector-parser@^6.0.11, postcss-selector-parser@^6.0.16, postcss-select
     cssesc "^3.0.0"
     util-deprecate "^1.0.2"
 
+postcss-selector-parser@^7.0.0:
+  version "7.1.0"
+  resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz#4d6af97eba65d73bc4d84bcb343e865d7dd16262"
+  integrity sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==
+  dependencies:
+    cssesc "^3.0.0"
+    util-deprecate "^1.0.2"
+
 postcss-sort-media-queries@^5.2.0:
   version "5.2.0"
   resolved "https://registry.yarnpkg.com/postcss-sort-media-queries/-/postcss-sort-media-queries-5.2.0.tgz#4556b3f982ef27d3bac526b99b6c0d3359a6cf97"
@@ -9246,7 +11442,7 @@ pretty-time@^1.1.0:
   resolved "https://registry.yarnpkg.com/pretty-time/-/pretty-time-1.1.0.tgz#ffb7429afabb8535c346a34e41873adf3d74dd0e"
   integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==
 
-prism-react-renderer@^2.0.6, prism-react-renderer@^2.1.0, prism-react-renderer@^2.3.0:
+prism-react-renderer@^2.0.6, prism-react-renderer@^2.3.0:
   version "2.3.1"
   resolved "https://registry.yarnpkg.com/prism-react-renderer/-/prism-react-renderer-2.3.1.tgz#e59e5450052ede17488f6bc85de1553f584ff8d5"
   integrity sha512-Rdf+HzBLR7KYjzpJ1rSoxT9ioO85nZngQEoFIhL07XhtJHlCU3SOz0GJ6+qvMyQe0Se+BV3qpe6Yd/NmQF5Juw==
@@ -9314,18 +11510,6 @@ proxy-from-env@1.1.0:
   resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2"
   integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==
 
-public-encrypt@^4.0.0:
-  version "4.0.3"
-  resolved "https://registry.yarnpkg.com/public-encrypt/-/public-encrypt-4.0.3.tgz#4fcc9d77a07e48ba7527e7cbe0de33d0701331e0"
-  integrity sha512-zVpa8oKZSz5bTMTFClc1fQOnyyEzpl5ozpi1B5YcvBrdohMjH2rfsBtyXcuNuwjsDIXmBYlF2N5FlJYhR29t8Q==
-  dependencies:
-    bn.js "^4.1.0"
-    browserify-rsa "^4.0.0"
-    create-hash "^1.1.0"
-    parse-asn1 "^5.0.0"
-    randombytes "^2.0.1"
-    safe-buffer "^5.1.2"
-
 pump@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/pump/-/pump-3.0.0.tgz#b4a2116815bde2f4e1ea602354e8c75565107a64"
@@ -9334,7 +11518,7 @@ pump@^3.0.0:
     end-of-stream "^1.1.0"
     once "^1.3.1"
 
-punycode@^1.3.2, punycode@^1.4.1:
+punycode@^1.4.1:
   version "1.4.1"
   resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.4.1.tgz#c0d5a63b2718800ad8e1eb0fa5269c84dd41845e"
   integrity sha512-jmYNElW7yvO7TV33CjSmvSiE2yco3bV2czu/OzDKdMNVZQWfxCblURLhf+47syQRBntjfLdd/H0egrzIG+oaFQ==
@@ -9384,50 +11568,35 @@ qs@6.11.0:
   dependencies:
     side-channel "^1.0.4"
 
-qs@^6.11.2:
-  version "6.12.1"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-6.12.1.tgz#39422111ca7cbdb70425541cba20c7d7b216599a"
-  integrity sha512-zWmv4RSuB9r2mYQw3zxQuHWeU+42aKi1wWig/j4ele4ygELZ7PEO6MM7rim9oAQH2A5MWfsAVf/jPvTPgCbvUQ==
+qs@^6.12.3:
+  version "6.14.0"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.14.0.tgz#c63fa40680d2c5c941412a0e899c89af60c0a930"
+  integrity sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==
   dependencies:
-    side-channel "^1.0.6"
+    side-channel "^1.1.0"
 
-querystring-es3@^0.2.1:
-  version "0.2.1"
-  resolved "https://registry.yarnpkg.com/querystring-es3/-/querystring-es3-0.2.1.tgz#9ec61f79049875707d69414596fd907a4d711e73"
-  integrity sha512-773xhDQnZBMFobEiztv8LIl70ch5MSF/jUQVlhwFyBILqq96anmoctVIYz+ZRp0qbCKATTn6ev02M3r7Ga5vqA==
+quansync@^0.2.8:
+  version "0.2.10"
+  resolved "https://registry.yarnpkg.com/quansync/-/quansync-0.2.10.tgz#32053cf166fa36511aae95fc49796116f2dc20e1"
+  integrity sha512-t41VRkMYbkHyCYmOvx/6URnN80H7k4X0lLdBMGsz+maAwrJQYB1djpV6vHrQIBE0WBSGqhtEHrK9U3DWWH8v7A==
 
 queue-microtask@^1.2.2:
   version "1.2.3"
   resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243"
   integrity sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==
 
-queue@6.0.2:
-  version "6.0.2"
-  resolved "https://registry.yarnpkg.com/queue/-/queue-6.0.2.tgz#b91525283e2315c7553d2efa18d83e76432fed65"
-  integrity sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==
-  dependencies:
-    inherits "~2.0.3"
-
 quick-lru@^5.1.1:
   version "5.1.1"
   resolved "https://registry.yarnpkg.com/quick-lru/-/quick-lru-5.1.1.tgz#366493e6b3e42a3a6885e2e99d18f80fb7a8c932"
   integrity sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==
 
-randombytes@^2.0.0, randombytes@^2.0.1, randombytes@^2.0.5, randombytes@^2.1.0:
+randombytes@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.1.0.tgz#df6f84372f0270dc65cdf6291349ab7a473d4f2a"
   integrity sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==
   dependencies:
     safe-buffer "^5.1.0"
 
-randomfill@^1.0.3:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/randomfill/-/randomfill-1.0.4.tgz#c92196fc86ab42be983f1bf31778224931d61458"
-  integrity sha512-87lcbR8+MhcWcUiQ+9e+Rwx8MyR2P7qnt15ynUlbm3TU/fjbgz4GsvfSUDTemtCCtVCqb4ZcEFlyPNTh9bBTLw==
-  dependencies:
-    randombytes "^2.0.5"
-    safe-buffer "^5.1.0"
-
 range-parser@1.2.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.0.tgz#f49be6b487894ddc40dcc94a322f611092e00d5e"
@@ -9474,36 +11643,6 @@ react-copy-to-clipboard@^5.1.0:
     copy-to-clipboard "^3.3.1"
     prop-types "^15.8.1"
 
-react-dev-utils@^12.0.1:
-  version "12.0.1"
-  resolved "https://registry.yarnpkg.com/react-dev-utils/-/react-dev-utils-12.0.1.tgz#ba92edb4a1f379bd46ccd6bcd4e7bc398df33e73"
-  integrity sha512-84Ivxmr17KjUupyqzFode6xKhjwuEJDROWKJy/BthkL7Wn6NJ8h4WE6k/exAv6ImS+0oZLRRW5j/aINMHyeGeQ==
-  dependencies:
-    "@babel/code-frame" "^7.16.0"
-    address "^1.1.2"
-    browserslist "^4.18.1"
-    chalk "^4.1.2"
-    cross-spawn "^7.0.3"
-    detect-port-alt "^1.1.6"
-    escape-string-regexp "^4.0.0"
-    filesize "^8.0.6"
-    find-up "^5.0.0"
-    fork-ts-checker-webpack-plugin "^6.5.0"
-    global-modules "^2.0.0"
-    globby "^11.0.4"
-    gzip-size "^6.0.0"
-    immer "^9.0.7"
-    is-root "^2.1.0"
-    loader-utils "^3.2.0"
-    open "^8.4.0"
-    pkg-up "^3.1.0"
-    prompts "^2.4.2"
-    react-error-overlay "^6.0.11"
-    recursive-readdir "^2.2.2"
-    shell-quote "^1.7.3"
-    strip-ansi "^6.0.1"
-    text-table "^0.2.0"
-
 react-dom@^18.2.0:
   version "18.3.1"
   resolved "https://registry.yarnpkg.com/react-dom/-/react-dom-18.3.1.tgz#c2265d79511b57d479b3dd3fdfa51536494c5cb4"
@@ -9512,12 +11651,7 @@ react-dom@^18.2.0:
     loose-envify "^1.1.0"
     scheduler "^0.23.2"
 
-react-error-overlay@^6.0.11:
-  version "6.0.11"
-  resolved "https://registry.yarnpkg.com/react-error-overlay/-/react-error-overlay-6.0.11.tgz#92835de5841c5cf08ba00ddd2d677b6d17ff9adb"
-  integrity sha512-/6UZ2qgEyH2aqzYZgQPxEnz33NJ2gNsnHA2o5+o4wW9bLM/JYQitNP9xPhsXwC08hMMovfGe/8retsdDsczPRg==
-
-react-fast-compare@^3.0.1, react-fast-compare@^3.2.0, react-fast-compare@^3.2.2:
+react-fast-compare@^3.0.1, react-fast-compare@^3.2.0:
   version "3.2.2"
   resolved "https://registry.yarnpkg.com/react-fast-compare/-/react-fast-compare-3.2.2.tgz#929a97a532304ce9fee4bcae44234f1ce2c21d49"
   integrity sha512-nsO+KSNgo1SbJqJEYRE9ERzo7YtYbou/OqjSQKxV7jcKox7+usiUVZOAC+XnDOABXggQTno0Y1CpVnuWEc1boQ==
@@ -9527,19 +11661,10 @@ react-google-charts@^5.2.1:
   resolved "https://registry.yarnpkg.com/react-google-charts/-/react-google-charts-5.2.1.tgz#d9cbe8ed45d7c0fafefea5c7c3361bee76648454"
   integrity sha512-mCbPiObP8yWM5A9ogej7Qp3/HX4EzOwuEzUYvcfHtL98Xt4V/brD14KgfDzSNNtyD48MNXCpq5oVaYKt0ykQUQ==
 
-react-helmet-async@*:
-  version "2.0.5"
-  resolved "https://registry.yarnpkg.com/react-helmet-async/-/react-helmet-async-2.0.5.tgz#cfc70cd7bb32df7883a8ed55502a1513747223ec"
-  integrity sha512-rYUYHeus+i27MvFE+Jaa4WsyBKGkL6qVgbJvSBoX8mbsWoABJXdEO0bZyi0F6i+4f0NuIb8AvqPMj3iXFHkMwg==
-  dependencies:
-    invariant "^2.2.4"
-    react-fast-compare "^3.2.2"
-    shallowequal "^1.1.0"
-
-react-helmet-async@^1.3.0:
+react-helmet-async@^1.3.0, "react-helmet-async@npm:@slorber/react-helmet-async@1.3.0":
   version "1.3.0"
-  resolved "https://registry.yarnpkg.com/react-helmet-async/-/react-helmet-async-1.3.0.tgz#7bd5bf8c5c69ea9f02f6083f14ce33ef545c222e"
-  integrity sha512-9jZ57/dAn9t3q6hneQS0wukqC2ENOBgMNVEhb/ZG9ZSxUetzVIw4iAmEU38IaVg3QGYauQPhSeUTuIUtFglWpg==
+  resolved "https://registry.yarnpkg.com/@slorber/react-helmet-async/-/react-helmet-async-1.3.0.tgz#11fbc6094605cf60aa04a28c17e0aab894b4ecff"
+  integrity sha512-e9/OK8VhwUSc67diWI8Rb3I0YgI9/SBQtnhe9aEuK6MhZm7ntZZimXgwXnd8W96YTmSOb9M4d8LwhRZyhWr/1A==
   dependencies:
     "@babel/runtime" "^7.12.5"
     invariant "^2.2.4"
@@ -9567,10 +11692,10 @@ react-is@^18.0.0:
   resolved "https://registry.yarnpkg.com/react-is/-/react-is-18.3.1.tgz#e83557dc12eae63a99e003a46388b1dcbb44db7e"
   integrity sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==
 
-react-json-view-lite@^1.2.0:
-  version "1.4.0"
-  resolved "https://registry.yarnpkg.com/react-json-view-lite/-/react-json-view-lite-1.4.0.tgz#0ff493245f4550abe5e1f1836f170fa70bb95914"
-  integrity sha512-wh6F6uJyYAmQ4fK0e8dSQMEWuvTs2Wr3el3sLD9bambX1+pSWUVXIz1RFaoy3TI1mZ0FqdpKq9YgbgTTgyrmXA==
+react-json-view-lite@^2.3.0:
+  version "2.4.1"
+  resolved "https://registry.yarnpkg.com/react-json-view-lite/-/react-json-view-lite-2.4.1.tgz#0d06696a06aaf4a74e890302b76cf8cddcc45d60"
+  integrity sha512-fwFYknRIBxjbFm0kBDrzgBy1xa5tDg2LyXXBepC5f1b+MY3BUClMCsvanMPn089JbV1Eg3nZcrp0VCuH43aXnA==
 
 react-lifecycles-compat@^3.0.0:
   version "3.0.4"
@@ -9708,7 +11833,7 @@ read-cache@^1.0.0:
   dependencies:
     pify "^2.3.0"
 
-readable-stream@^2.0.1, readable-stream@^2.3.8:
+readable-stream@^2.0.1:
   version "2.3.8"
   resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.8.tgz#91125e8042bba1b9887f49345f6277027ce8be9b"
   integrity sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==
@@ -9721,7 +11846,7 @@ readable-stream@^2.0.1, readable-stream@^2.3.8:
     string_decoder "~1.1.1"
     util-deprecate "~1.0.1"
 
-readable-stream@^3.0.6, readable-stream@^3.1.1, readable-stream@^3.4.0, readable-stream@^3.5.0, readable-stream@^3.6.0:
+readable-stream@^3.0.6, readable-stream@^3.1.1, readable-stream@^3.4.0:
   version "3.6.2"
   resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.2.tgz#56a9b36ea965c00c5a93ef31eb111a0f11056967"
   integrity sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==
@@ -9730,16 +11855,10 @@ readable-stream@^3.0.6, readable-stream@^3.1.1, readable-stream@^3.4.0, readable
     string_decoder "^1.1.1"
     util-deprecate "^1.0.1"
 
-readable-stream@^4.0.0:
-  version "4.5.2"
-  resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-4.5.2.tgz#9e7fc4c45099baeed934bff6eb97ba6cf2729e09"
-  integrity sha512-yjavECdqeZ3GLXNgRXgeQEdz9fvDDkNKyHnbHRFtOr7/LcfgBcmct7t/ET+HaCTqfh06OzoAxrkN/IfjJBVe+g==
-  dependencies:
-    abort-controller "^3.0.0"
-    buffer "^6.0.3"
-    events "^3.3.0"
-    process "^0.11.10"
-    string_decoder "^1.3.0"
+readdirp@^4.0.1:
+  version "4.1.2"
+  resolved "https://registry.yarnpkg.com/readdirp/-/readdirp-4.1.2.tgz#eb85801435fbf2a7ee58f19e0921b068fc69948d"
+  integrity sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==
 
 readdirp@~3.6.0:
   version "3.6.0"
@@ -9748,11 +11867,6 @@ readdirp@~3.6.0:
   dependencies:
     picomatch "^2.2.1"
 
-reading-time@^1.5.0:
-  version "1.5.0"
-  resolved "https://registry.yarnpkg.com/reading-time/-/reading-time-1.5.0.tgz#d2a7f1b6057cb2e169beaf87113cc3411b5bc5bb"
-  integrity sha512-onYyVhBNr4CmAxFsKS7bz+uTLRakypIe4R+5A824vBSkQy/hB3fZepoVEf8OVAxzLvK+H/jm9TzpI3ETSm64Kg==
-
 rechoir@^0.6.2:
   version "0.6.2"
   resolved "https://registry.yarnpkg.com/rechoir/-/rechoir-0.6.2.tgz#85204b54dba82d5742e28c96756ef43af50e3384"
@@ -9760,13 +11874,6 @@ rechoir@^0.6.2:
   dependencies:
     resolve "^1.1.6"
 
-recursive-readdir@^2.2.2:
-  version "2.2.3"
-  resolved "https://registry.yarnpkg.com/recursive-readdir/-/recursive-readdir-2.2.3.tgz#e726f328c0d69153bcabd5c322d3195252379372"
-  integrity sha512-8HrF5ZsXk5FAH9dgsx3BlUer73nIhuj+9OrQwEbLTPOBzGkL1lsFCR01am+v+0m2Cmbs1nP12hLDl5FA7EszKA==
-  dependencies:
-    minimatch "^3.0.5"
-
 redux-thunk@^2.4.2:
   version "2.4.2"
   resolved "https://registry.yarnpkg.com/redux-thunk/-/redux-thunk-2.4.2.tgz#b9d05d11994b99f7a91ea223e8b04cf0afa5ef3b"
@@ -9791,6 +11898,13 @@ regenerate-unicode-properties@^10.1.0:
   dependencies:
     regenerate "^1.4.2"
 
+regenerate-unicode-properties@^10.2.0:
+  version "10.2.0"
+  resolved "https://registry.yarnpkg.com/regenerate-unicode-properties/-/regenerate-unicode-properties-10.2.0.tgz#626e39df8c372338ea9b8028d1f99dc3fd9c3db0"
+  integrity sha512-DqHn3DwbmmPVzeKj9woBadqmXxLvQoQIwu7nopMc72ztvxVmVk2SBhSnx67zuye5TP+lJsb/TBQsjLKhnDf3MA==
+  dependencies:
+    regenerate "^1.4.2"
+
 regenerate@^1.4.2:
   version "1.4.2"
   resolved "https://registry.yarnpkg.com/regenerate/-/regenerate-1.4.2.tgz#b9346d8827e8f5a32f7ba29637d398b69014848a"
@@ -9820,6 +11934,18 @@ regexpu-core@^5.3.1:
     unicode-match-property-ecmascript "^2.0.0"
     unicode-match-property-value-ecmascript "^2.1.0"
 
+regexpu-core@^6.2.0:
+  version "6.2.0"
+  resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-6.2.0.tgz#0e5190d79e542bf294955dccabae04d3c7d53826"
+  integrity sha512-H66BPQMrv+V16t8xtmq+UC0CBpiTBA60V8ibS1QVReIp8T1z8hwFxqcGzm9K6lgsN7sB5edVH8a+ze6Fqm4weA==
+  dependencies:
+    regenerate "^1.4.2"
+    regenerate-unicode-properties "^10.2.0"
+    regjsgen "^0.8.0"
+    regjsparser "^0.12.0"
+    unicode-match-property-ecmascript "^2.0.0"
+    unicode-match-property-value-ecmascript "^2.1.0"
+
 registry-auth-token@^5.0.1:
   version "5.0.2"
   resolved "https://registry.yarnpkg.com/registry-auth-token/-/registry-auth-token-5.0.2.tgz#8b026cc507c8552ebbe06724136267e63302f756"
@@ -9834,6 +11960,18 @@ registry-url@^6.0.0:
   dependencies:
     rc "1.2.8"
 
+regjsgen@^0.8.0:
+  version "0.8.0"
+  resolved "https://registry.yarnpkg.com/regjsgen/-/regjsgen-0.8.0.tgz#df23ff26e0c5b300a6470cad160a9d090c3a37ab"
+  integrity sha512-RvwtGe3d7LvWiDQXeQw8p5asZUmfU1G/l6WbUXeHta7Y2PEIvBTwH6E2EfmYUK8pxcxEdEmaomqyp0vZZ7C+3Q==
+
+regjsparser@^0.12.0:
+  version "0.12.0"
+  resolved "https://registry.yarnpkg.com/regjsparser/-/regjsparser-0.12.0.tgz#0e846df6c6530586429377de56e0475583b088dc"
+  integrity sha512-cnE+y8bz4NhMjISKbgeVJtqNbtf5QpjZP+Bslo+UqkIt9QPnX9q095eiRRASJG1/tz6dlNr6Z5NsBiWYokp6EQ==
+  dependencies:
+    jsesc "~3.0.2"
+
 regjsparser@^0.9.1:
   version "0.9.1"
   resolved "https://registry.yarnpkg.com/regjsparser/-/regjsparser-0.9.1.tgz#272d05aa10c7c1f67095b1ff0addae8442fc5709"
@@ -9895,6 +12033,16 @@ remark-frontmatter@^5.0.0:
     micromark-extension-frontmatter "^2.0.0"
     unified "^11.0.0"
 
+remark-gfm@3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/remark-gfm/-/remark-gfm-3.0.1.tgz#0b180f095e3036545e9dddac0e8df3fa5cfee54f"
+  integrity sha512-lEFDoi2PICJyNrACFOfDD3JlLkuSbOa5Wd8EPt06HUdptv8Gn0bxYTdbU/XXQ3swAPkEaGxxPN9cbnMHvVu1Ig==
+  dependencies:
+    "@types/mdast" "^3.0.0"
+    mdast-util-gfm "^2.0.0"
+    micromark-extension-gfm "^2.0.0"
+    unified "^10.0.0"
+
 remark-gfm@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/remark-gfm/-/remark-gfm-4.0.0.tgz#aea777f0744701aa288b67d28c43565c7e8c35de"
@@ -9975,6 +12123,11 @@ renderkid@^3.0.0:
     lodash "^4.17.21"
     strip-ansi "^6.0.1"
 
+repeat-string@^1.0.0:
+  version "1.6.1"
+  resolved "https://registry.yarnpkg.com/repeat-string/-/repeat-string-1.6.1.tgz#8dcae470e1c88abc2d600fff4a776286da75e637"
+  integrity sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==
+
 require-directory@^2.1.1:
   version "2.1.1"
   resolved "https://registry.yarnpkg.com/require-directory/-/require-directory-2.1.1.tgz#8c64ad5fd30dab1c976e2344ffe7f792a6a6df42"
@@ -10055,23 +12208,20 @@ rimraf@3.0.2, rimraf@^3.0.2:
   dependencies:
     glob "^7.1.3"
 
-ripemd160@^2.0.0, ripemd160@^2.0.1:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/ripemd160/-/ripemd160-2.0.2.tgz#a1c1a6f624751577ba5d07914cbc92850585890c"
-  integrity sha512-ii4iagi25WusVoiC4B4lq7pbXfAp3D9v5CwfkY33vffw2+pkDjY1D8GaN7spsxvCSx8dkPqOZCEZyfxcmJG2IA==
-  dependencies:
-    hash-base "^3.0.0"
-    inherits "^2.0.1"
-
 robust-predicates@^3.0.2:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/robust-predicates/-/robust-predicates-3.0.2.tgz#d5b28528c4824d20fc48df1928d41d9efa1ad771"
   integrity sha512-IXgzBWvWQwE6PrDI05OvmXUIruQTcoMDzRsOd5CDvHCVLcLHMTSYvOK5Cm46kWqlV3yAbuSpBZdJ5oP5OUoStg==
 
-rtl-detect@^1.0.4:
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/rtl-detect/-/rtl-detect-1.1.2.tgz#ca7f0330af5c6bb626c15675c642ba85ad6273c6"
-  integrity sha512-PGMBq03+TTG/p/cRB7HCLKJ1MgDIi07+QU1faSjiYRfmY5UsAttV9Hs08jDAHVwcOwmVLcSJkpwyfXszVjWfIQ==
+roughjs@^4.6.6:
+  version "4.6.6"
+  resolved "https://registry.yarnpkg.com/roughjs/-/roughjs-4.6.6.tgz#1059f49a5e0c80dee541a005b20cc322b222158b"
+  integrity sha512-ZUz/69+SYpFN/g/lUlo2FXcIjRkSu3nDarreVdGGndHEBJ6cXPdKguS8JGxwj5HA5xIbVKSmLgr5b3AWxtRfvQ==
+  dependencies:
+    hachure-fill "^0.5.2"
+    path-data-parser "^0.1.0"
+    points-on-curve "^0.2.0"
+    points-on-path "^0.2.1"
 
 rtlcss@^4.1.0:
   version "4.1.1"
@@ -10095,13 +12245,6 @@ rw@1:
   resolved "https://registry.yarnpkg.com/rw/-/rw-1.3.3.tgz#3f862dfa91ab766b14885ef4d01124bfda074fb4"
   integrity sha512-PdhdWy89SiZogBLaw42zdeqtRJ//zFd2PgQavcICDUgJT5oW10QCRKbJ6bg4r0/UY2M6BWd5tkxuGFRvCkgfHQ==
 
-rxjs@^7.5.4:
-  version "7.8.1"
-  resolved "https://registry.yarnpkg.com/rxjs/-/rxjs-7.8.1.tgz#6f6f3d99ea8044291efd92e7c7fcf562c4057543"
-  integrity sha512-AA3TVj+0A2iuIoQkWEK/tqFjBq2j+6PO6Y0zJcvzLAFhEFIO3HL0vls9hWLncZbAAbK0mar7oZ4V079I/qPMxg==
-  dependencies:
-    tslib "^2.1.0"
-
 sade@^1.7.3:
   version "1.8.1"
   resolved "https://registry.yarnpkg.com/sade/-/sade-1.8.1.tgz#0a78e81d658d394887be57d2a409bf703a3b2701"
@@ -10114,7 +12257,7 @@ safe-buffer@5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1:
   resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
   integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
 
-safe-buffer@5.2.1, safe-buffer@>=5.1.0, safe-buffer@^5.0.1, safe-buffer@^5.1.0, safe-buffer@^5.1.1, safe-buffer@^5.1.2, safe-buffer@^5.2.0, safe-buffer@^5.2.1, safe-buffer@~5.2.0:
+safe-buffer@5.2.1, safe-buffer@>=5.1.0, safe-buffer@^5.1.0, safe-buffer@~5.2.0:
   version "5.2.1"
   resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
   integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
@@ -10124,32 +12267,23 @@ safe-buffer@5.2.1, safe-buffer@>=5.1.0, safe-buffer@^5.0.1, safe-buffer@^5.1.0,
   resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
   integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
 
-sass-loader@^10.1.1:
-  version "10.5.2"
-  resolved "https://registry.yarnpkg.com/sass-loader/-/sass-loader-10.5.2.tgz#1ca30534fff296417b853c7597ca3b0bbe8c37d0"
-  integrity sha512-vMUoSNOUKJILHpcNCCyD23X34gve1TS7Rjd9uXHeKqhvBG39x6XbswFDtpbTElj6XdMFezoWhkh5vtKudf2cgQ==
-  dependencies:
-    klona "^2.0.4"
-    loader-utils "^2.0.0"
-    neo-async "^2.6.2"
-    schema-utils "^3.0.0"
-    semver "^7.3.2"
-
-sass-loader@^13.3.2:
-  version "13.3.3"
-  resolved "https://registry.yarnpkg.com/sass-loader/-/sass-loader-13.3.3.tgz#60df5e858788cffb1a3215e5b92e9cba61e7e133"
-  integrity sha512-mt5YN2F1MOZr3d/wBRcZxeFgwgkH44wVc2zohO2YF6JiOMkiXe4BYRZpSu2sO1g71mo/j16txzUhsKZlqjVGzA==
+sass-loader@^16.0.2:
+  version "16.0.5"
+  resolved "https://registry.yarnpkg.com/sass-loader/-/sass-loader-16.0.5.tgz#257bc90119ade066851cafe7f2c3f3504c7cda98"
+  integrity sha512-oL+CMBXrj6BZ/zOq4os+UECPL+bWqt6OAC6DWS8Ln8GZRcMDjlJ4JC3FBDuHJdYaFWIdKNIBYmtZtK2MaMkNIw==
   dependencies:
     neo-async "^2.6.2"
 
-sass@^1.58.1:
-  version "1.77.5"
-  resolved "https://registry.yarnpkg.com/sass/-/sass-1.77.5.tgz#5f9009820297521356e962c0bed13ee36710edfe"
-  integrity sha512-oDfX1mukIlxacPdQqNb6mV2tVCrnE+P3nVYioy72V5tlk56CPNcO4TCuFcaCRKKfJ1M3lH95CleRS+dVKL2qMg==
+sass@^1.80.4:
+  version "1.89.0"
+  resolved "https://registry.yarnpkg.com/sass/-/sass-1.89.0.tgz#6df72360c5c3ec2a9833c49adafe57b28206752d"
+  integrity sha512-ld+kQU8YTdGNjOLfRWBzewJpU5cwEv/h5yyqlSeJcj6Yh8U4TDA9UA5FPicqDz/xgRPWRSYIQNiFks21TbA9KQ==
   dependencies:
-    chokidar ">=3.0.0 <4.0.0"
-    immutable "^4.0.0"
+    chokidar "^4.0.0"
+    immutable "^5.0.2"
     source-map-js ">=0.6.2 <2.0.0"
+  optionalDependencies:
+    "@parcel/watcher" "^2.4.1"
 
 sax@^1.2.4:
   version "1.4.1"
@@ -10163,14 +12297,10 @@ scheduler@^0.23.2:
   dependencies:
     loose-envify "^1.1.0"
 
-schema-utils@2.7.0:
-  version "2.7.0"
-  resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-2.7.0.tgz#17151f76d8eae67fbbf77960c33c676ad9f4efc7"
-  integrity sha512-0ilKFI6QQF5nxDZLFn2dMjvc4hjg/Wkg7rHd3jK6/A4a1Hl9VFdQWvgB1UMGoU94pad1P/8N7fMcEnLnSiju8A==
-  dependencies:
-    "@types/json-schema" "^7.0.4"
-    ajv "^6.12.2"
-    ajv-keywords "^3.4.1"
+schema-dts@^1.1.2:
+  version "1.1.5"
+  resolved "https://registry.yarnpkg.com/schema-dts/-/schema-dts-1.1.5.tgz#9237725d305bac3469f02b292a035107595dc324"
+  integrity sha512-RJr9EaCmsLzBX2NDiO5Z3ux2BVosNZN5jo0gWgsyKvxKIUL5R3swNvoorulAeL9kLB0iTSX7V6aokhla2m7xbg==
 
 schema-utils@^3.0.0, schema-utils@^3.1.1, schema-utils@^3.2.0:
   version "3.3.0"
@@ -10191,6 +12321,16 @@ schema-utils@^4.0.0, schema-utils@^4.0.1:
     ajv-formats "^2.1.1"
     ajv-keywords "^5.1.0"
 
+schema-utils@^4.3.0, schema-utils@^4.3.2:
+  version "4.3.2"
+  resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-4.3.2.tgz#0c10878bf4a73fd2b1dfd14b9462b26788c806ae"
+  integrity sha512-Gn/JaSk/Mt9gYubxTtSn/QCV4em9mpAPiR1rqy/Ocu19u/G9J5WWdNoUT4SiV6mFC3y6cxyFcFwdzPM3FgxGAQ==
+  dependencies:
+    "@types/json-schema" "^7.0.9"
+    ajv "^8.9.0"
+    ajv-formats "^2.1.1"
+    ajv-keywords "^5.1.0"
+
 section-matter@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/section-matter/-/section-matter-1.0.0.tgz#e9041953506780ec01d59f292a19c7b850b84167"
@@ -10238,7 +12378,7 @@ semver@^6.3.1:
   resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4"
   integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==
 
-semver@^7.3.2, semver@^7.3.5, semver@^7.3.7, semver@^7.3.8, semver@^7.5.4:
+semver@^7.3.5, semver@^7.3.7, semver@^7.3.8, semver@^7.5.4:
   version "7.6.2"
   resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.2.tgz#1e3b34759f896e8f14d6134732ce798aeb0c6e13"
   integrity sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==
@@ -10262,25 +12402,24 @@ send@0.18.0:
     range-parser "~1.2.1"
     statuses "2.0.1"
 
-serialize-javascript@^6.0.0, serialize-javascript@^6.0.1:
+serialize-javascript@^6.0.0, serialize-javascript@^6.0.1, serialize-javascript@^6.0.2:
   version "6.0.2"
   resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.2.tgz#defa1e055c83bf6d59ea805d8da862254eb6a6c2"
   integrity sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==
   dependencies:
     randombytes "^2.1.0"
 
-serve-handler@^6.1.5:
-  version "6.1.5"
-  resolved "https://registry.yarnpkg.com/serve-handler/-/serve-handler-6.1.5.tgz#a4a0964f5c55c7e37a02a633232b6f0d6f068375"
-  integrity sha512-ijPFle6Hwe8zfmBxJdE+5fta53fdIY0lHISJvuikXB3VYFafRjMRpOffSPvCYsbKyBA7pvy9oYr/BT1O3EArlg==
+serve-handler@^6.1.6:
+  version "6.1.6"
+  resolved "https://registry.yarnpkg.com/serve-handler/-/serve-handler-6.1.6.tgz#50803c1d3e947cd4a341d617f8209b22bd76cfa1"
+  integrity sha512-x5RL9Y2p5+Sh3D38Fh9i/iQ5ZK+e4xuXRd/pGbM4D13tgo/MGwbttUk8emytcr1YYzBYs+apnUngBDFYfpjPuQ==
   dependencies:
     bytes "3.0.0"
     content-disposition "0.5.2"
-    fast-url-parser "1.1.3"
     mime-types "2.1.18"
     minimatch "3.1.2"
     path-is-inside "1.0.2"
-    path-to-regexp "2.2.1"
+    path-to-regexp "3.3.0"
     range-parser "1.2.0"
 
 serve-index@^1.9.1:
@@ -10318,11 +12457,6 @@ set-function-length@^1.2.1:
     gopd "^1.0.1"
     has-property-descriptors "^1.0.2"
 
-setimmediate@^1.0.4:
-  version "1.0.5"
-  resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
-  integrity sha512-MATJdZp8sLqDl/68LfQmbP8zKPLQNV6BIZoIgrscFDQ+RsvK/BxeDQOgyxKKoh0y/8h3BqVFnCqQ/gd+reiIXA==
-
 setprototypeof@1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.0.tgz#d0bd85536887b6fe7c0d818cb962d9d91c54e656"
@@ -10333,14 +12467,6 @@ setprototypeof@1.2.0:
   resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.2.0.tgz#66c9a24a73f9fc28cbe66b09fed3d33dcaf1b424"
   integrity sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==
 
-sha.js@^2.4.0, sha.js@^2.4.8:
-  version "2.4.11"
-  resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.11.tgz#37a5cf0b81ecbc6943de109ba2960d1b26584ae7"
-  integrity sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==
-  dependencies:
-    inherits "^2.0.1"
-    safe-buffer "^5.0.1"
-
 shallow-clone@^3.0.0:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/shallow-clone/-/shallow-clone-3.0.1.tgz#8f2981ad92531f55035b01fb230769a40e02efa3"
@@ -10365,12 +12491,12 @@ shebang-regex@^3.0.0:
   resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-3.0.0.tgz#ae16f1644d873ecad843b0307b143362d4c42172"
   integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==
 
-shell-quote@^1.7.3, shell-quote@^1.8.1:
+shell-quote@^1.8.1:
   version "1.8.1"
   resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.8.1.tgz#6dbf4db75515ad5bac63b4f1894c3a154c766680"
   integrity sha512-6j1W9l1iAs/4xYBI1SYOVZyFcCis9b4KCLQ8fgAGG07QvzaRLVVRQvAy85yNmmZSjYjg4MWh4gNvlPujU/5LpA==
 
-shelljs@0.8.5, shelljs@^0.8.5:
+shelljs@0.8.5:
   version "0.8.5"
   resolved "https://registry.yarnpkg.com/shelljs/-/shelljs-0.8.5.tgz#de055408d8361bed66c669d2f000538ced8ee20c"
   integrity sha512-TiwcRcrkhHvbrZbnRcFYMLl30Dfov3HKqzp5tO5b4pt6G/SezKcYhmDg15zXVBswHmctSAQKznqNW2LO5tTDow==
@@ -10423,7 +12549,36 @@ should@^13.2.1:
     should-type-adaptors "^1.0.1"
     should-util "^1.0.0"
 
-side-channel@^1.0.4, side-channel@^1.0.6:
+side-channel-list@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/side-channel-list/-/side-channel-list-1.0.0.tgz#10cb5984263115d3b7a0e336591e290a830af8ad"
+  integrity sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==
+  dependencies:
+    es-errors "^1.3.0"
+    object-inspect "^1.13.3"
+
+side-channel-map@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/side-channel-map/-/side-channel-map-1.0.1.tgz#d6bb6b37902c6fef5174e5f533fab4c732a26f42"
+  integrity sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==
+  dependencies:
+    call-bound "^1.0.2"
+    es-errors "^1.3.0"
+    get-intrinsic "^1.2.5"
+    object-inspect "^1.13.3"
+
+side-channel-weakmap@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz#11dda19d5368e40ce9ec2bdc1fb0ecbc0790ecea"
+  integrity sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==
+  dependencies:
+    call-bound "^1.0.2"
+    es-errors "^1.3.0"
+    get-intrinsic "^1.2.5"
+    object-inspect "^1.13.3"
+    side-channel-map "^1.0.1"
+
+side-channel@^1.0.4:
   version "1.0.6"
   resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.0.6.tgz#abd25fb7cd24baf45466406b1096b7831c9215f2"
   integrity sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==
@@ -10433,6 +12588,17 @@ side-channel@^1.0.4, side-channel@^1.0.6:
     get-intrinsic "^1.2.4"
     object-inspect "^1.13.1"
 
+side-channel@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.1.0.tgz#c3fcff9c4da932784873335ec9765fa94ff66bc9"
+  integrity sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==
+  dependencies:
+    es-errors "^1.3.0"
+    object-inspect "^1.13.3"
+    side-channel-list "^1.0.0"
+    side-channel-map "^1.0.1"
+    side-channel-weakmap "^1.0.2"
+
 signal-exit@^3.0.2, signal-exit@^3.0.3:
   version "3.0.7"
   resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.7.tgz#a9a1767f8af84155114eaabd73f99273c8f59ad9"
@@ -10457,16 +12623,6 @@ sisteransi@^1.0.5:
   resolved "https://registry.yarnpkg.com/sisteransi/-/sisteransi-1.0.5.tgz#134d681297756437cc05ca01370d3a7a571075ed"
   integrity sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==
 
-sitemap@7.1.1:
-  version "7.1.1"
-  resolved "https://registry.yarnpkg.com/sitemap/-/sitemap-7.1.1.tgz#eeed9ad6d95499161a3eadc60f8c6dce4bea2bef"
-  integrity sha512-mK3aFtjz4VdJN0igpIJrinf3EO8U8mxOPsTBzSsy06UtjZQJ3YY3o3Xa7zSc5nMqcMrRwlChHZ18Kxg0caiPBg==
-  dependencies:
-    "@types/node" "^17.0.5"
-    "@types/sax" "^1.2.1"
-    arg "^5.0.0"
-    sax "^1.2.4"
-
 sitemap@^7.1.1:
   version "7.1.2"
   resolved "https://registry.yarnpkg.com/sitemap/-/sitemap-7.1.2.tgz#6ce1deb43f6f177c68bc59cf93632f54e3ae6b72"
@@ -10592,28 +12748,10 @@ statuses@2.0.1:
   resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c"
   integrity sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==
 
-std-env@^3.0.1:
-  version "3.7.0"
-  resolved "https://registry.yarnpkg.com/std-env/-/std-env-3.7.0.tgz#c9f7386ced6ecf13360b6c6c55b8aaa4ef7481d2"
-  integrity sha512-JPbdCEQLj1w5GilpiHAx3qJvFndqybBysA3qUOnznweH4QbNYUsW/ea8QzSrnh0vNsezMMw5bcVool8lM0gwzg==
-
-stream-browserify@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/stream-browserify/-/stream-browserify-3.0.0.tgz#22b0a2850cdf6503e73085da1fc7b7d0c2122f2f"
-  integrity sha512-H73RAHsVBapbim0tU2JwwOiXUj+fikfiaoYAKHF3VJfA0pe2BCzkhAHBlLG6REzE+2WNZcxOXjK7lkso+9euLA==
-  dependencies:
-    inherits "~2.0.4"
-    readable-stream "^3.5.0"
-
-stream-http@^3.2.0:
-  version "3.2.0"
-  resolved "https://registry.yarnpkg.com/stream-http/-/stream-http-3.2.0.tgz#1872dfcf24cb15752677e40e5c3f9cc1926028b5"
-  integrity sha512-Oq1bLqisTyK3TSCXpPbT4sdeYNdmyZJv1LxpEm2vu1ZhK89kSE5YXwZc3cWk0MagGaKriBh9mCFbVGtO+vY29A==
-  dependencies:
-    builtin-status-codes "^3.0.0"
-    inherits "^2.0.4"
-    readable-stream "^3.6.0"
-    xtend "^4.0.2"
+std-env@^3.7.0:
+  version "3.9.0"
+  resolved "https://registry.yarnpkg.com/std-env/-/std-env-3.9.0.tgz#1a6f7243b339dca4c9fd55e1c7504c77ef23e8f1"
+  integrity sha512-UGvjygr6F6tpH7o2qyqR6QYpwraIjKSdtzyBdyytFOHmPZY917kwdwLG0RbOjWOnKmnm3PeHjaoLLMie7kPLQw==
 
 "string-width-cjs@npm:string-width@^4.2.0":
   version "4.2.3"
@@ -10642,7 +12780,7 @@ string-width@^5.0.1, string-width@^5.1.2:
     emoji-regex "^9.2.2"
     strip-ansi "^7.0.1"
 
-string_decoder@^1.1.1, string_decoder@^1.3.0:
+string_decoder@^1.1.1:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.3.0.tgz#42f114594a46cf1a8e30b0a84f56c78c3edac21e"
   integrity sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==
@@ -10736,10 +12874,10 @@ stylehacks@^6.1.1:
     browserslist "^4.23.0"
     postcss-selector-parser "^6.0.16"
 
-stylis@^4.1.3:
-  version "4.3.2"
-  resolved "https://registry.yarnpkg.com/stylis/-/stylis-4.3.2.tgz#8f76b70777dd53eb669c6f58c997bf0a9972e444"
-  integrity sha512-bhtUjWd/z6ltJiQwg0dUfxEJ+W+jdqQd8TbWLWyeIJHlnsqmGLRFFd8e5mA0AZi/zx90smXRlN66YMTcaSFifg==
+stylis@^4.3.6:
+  version "4.3.6"
+  resolved "https://registry.yarnpkg.com/stylis/-/stylis-4.3.6.tgz#7c7b97191cb4f195f03ecab7d52f7902ed378320"
+  integrity sha512-yQ3rwFWRfwNUY7H5vpU0wfdkNSnvnJinhF9830Swlaxl03zsOjCfmX0ugac+3LtK0lYSgwL/KXc8oYL3mG4YFQ==
 
 sucrase@^3.31.0, sucrase@^3.32.0:
   version "3.35.0"
@@ -10815,7 +12953,7 @@ swagger2openapi@7.0.8, swagger2openapi@^7.0.8:
     yaml "^1.10.0"
     yargs "^17.0.1"
 
-swc-loader@^0.2.3:
+swc-loader@^0.2.6:
   version "0.2.6"
   resolved "https://registry.yarnpkg.com/swc-loader/-/swc-loader-0.2.6.tgz#bf0cba8eeff34bb19620ead81d1277fefaec6bc8"
   integrity sha512-9Zi9UP2YmDpgmQVbyOPJClY0dwf58JDyDMQ7uRc4krmc72twNI2fvlBWHLqVekBpPc7h5NJkGVT1zNDxFrqhvg==
@@ -10850,11 +12988,6 @@ tailwindcss@^3.2.4:
     resolve "^1.22.2"
     sucrase "^3.32.0"
 
-tapable@^1.0.0:
-  version "1.1.3"
-  resolved "https://registry.yarnpkg.com/tapable/-/tapable-1.1.3.tgz#a1fccc06b58db61fd7a45da2da44f5f3a3e67ba2"
-  integrity sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==
-
 tapable@^2.0.0, tapable@^2.1.1, tapable@^2.2.0, tapable@^2.2.1:
   version "2.2.1"
   resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.2.1.tgz#1967a73ef4060a82f12ab96af86d52fdb76eeca0"
@@ -10892,6 +13025,17 @@ terser-webpack-plugin@^5.3.10, terser-webpack-plugin@^5.3.9:
     serialize-javascript "^6.0.1"
     terser "^5.26.0"
 
+terser-webpack-plugin@^5.3.11:
+  version "5.3.14"
+  resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-5.3.14.tgz#9031d48e57ab27567f02ace85c7d690db66c3e06"
+  integrity sha512-vkZjpUjb6OMS7dhV+tILUW6BhpDR7P2L/aQSAv+Uwk+m8KATX9EccViHTJR2qDtACKPIYndLGCyl3FMo+r2LMw==
+  dependencies:
+    "@jridgewell/trace-mapping" "^0.3.25"
+    jest-worker "^27.4.5"
+    schema-utils "^4.3.0"
+    serialize-javascript "^6.0.2"
+    terser "^5.31.1"
+
 terser@^5.10.0, terser@^5.15.1, terser@^5.26.0:
   version "5.31.1"
   resolved "https://registry.yarnpkg.com/terser/-/terser-5.31.1.tgz#735de3c987dd671e95190e6b98cfe2f07f3cf0d4"
@@ -10902,10 +13046,15 @@ terser@^5.10.0, terser@^5.15.1, terser@^5.26.0:
     commander "^2.20.0"
     source-map-support "~0.5.20"
 
-text-table@^0.2.0:
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4"
-  integrity sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==
+terser@^5.31.1:
+  version "5.40.0"
+  resolved "https://registry.yarnpkg.com/terser/-/terser-5.40.0.tgz#839a80db42bfee8340085f44ea99b5cba36c55c8"
+  integrity sha512-cfeKl/jjwSR5ar7d0FGmave9hFGJT8obyo0z+CrQOylLDbk7X81nPU6vq9VORa5jU30SkDnT2FXjLbR8HLP+xA==
+  dependencies:
+    "@jridgewell/source-map" "^0.3.3"
+    acorn "^8.14.0"
+    commander "^2.20.0"
+    source-map-support "~0.5.20"
 
 thenify-all@^1.0.0:
   version "1.6.0"
@@ -10931,13 +13080,6 @@ thunky@^1.0.2:
   resolved "https://registry.yarnpkg.com/thunky/-/thunky-1.1.0.tgz#5abaf714a9405db0504732bbccd2cedd9ef9537d"
   integrity sha512-eHY7nBftgThBqOyHGVN+l8gF0BucP09fMo0oO/Lb0w1OF80dJv+lDVpXG60WMQvkcxAkNybKsrEIE3ZtKGmPrA==
 
-timers-browserify@^2.0.12:
-  version "2.0.12"
-  resolved "https://registry.yarnpkg.com/timers-browserify/-/timers-browserify-2.0.12.tgz#44a45c11fbf407f34f97bccd1577c652361b00ee"
-  integrity sha512-9phl76Cqm6FhSX9Xe1ZUAMLtm1BLkKj2Qd5ApyWkXzsMRaA7dgr81kf4wJmQf/hAvg8EEyJxDo3du/0KlhPiKQ==
-  dependencies:
-    setimmediate "^1.0.4"
-
 tiny-invariant@^1.0.2:
   version "1.3.3"
   resolved "https://registry.yarnpkg.com/tiny-invariant/-/tiny-invariant-1.3.3.tgz#46680b7a873a0d5d10005995eb90a70d74d60127"
@@ -10948,6 +13090,16 @@ tiny-warning@^1.0.0:
   resolved "https://registry.yarnpkg.com/tiny-warning/-/tiny-warning-1.0.3.tgz#94a30db453df4c643d0fd566060d60a875d84754"
   integrity sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA==
 
+tinyexec@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/tinyexec/-/tinyexec-1.0.1.tgz#70c31ab7abbb4aea0a24f55d120e5990bfa1e0b1"
+  integrity sha512-5uC6DDlmeqiOwCPmK9jMSdOuZTh8bU39Ys6yidB+UTt5hfZUPGAypSgFRiEp+jbi9qH40BLDvy85jIU88wKSqw==
+
+tinypool@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/tinypool/-/tinypool-1.0.2.tgz#706193cc532f4c100f66aa00b01c42173d9051b2"
+  integrity sha512-al6n+QEANGFOMf/dmUMsuS5/r9B06uwlyNjZZql/zv8J7ybHCgoihBNORZCY2mzUuAnomQa2JdhyHKzZxPCrFA==
+
 to-fast-properties@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/to-fast-properties/-/to-fast-properties-2.0.0.tgz#dc5e698cbd079265bc73e0377681a4e4e83f616e"
@@ -11005,22 +13157,22 @@ ts-interface-checker@^0.1.9:
   resolved "https://registry.yarnpkg.com/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz#784fd3d679722bc103b1b4b8030bcddb5db2a699"
   integrity sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==
 
-tslib@^2.0.3, tslib@^2.1.0, tslib@^2.6.0:
+tslib@^2.0.3, tslib@^2.6.0:
   version "2.6.3"
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.6.3.tgz#0438f810ad7a9edcde7a241c3d80db693c8cbfe0"
   integrity sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==
 
-tty-browserify@^0.0.1:
-  version "0.0.1"
-  resolved "https://registry.yarnpkg.com/tty-browserify/-/tty-browserify-0.0.1.tgz#3f05251ee17904dfd0677546670db9651682b811"
-  integrity sha512-C3TaO7K81YvjCgQH9Q1S3R3P3BtN3RIM8n+OvX4il1K1zgE8ZhI0op7kClgkxtutIE8hQrcrHBXvIheqKUUCxw==
+type-fest@^0.21.3:
+  version "0.21.3"
+  resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.21.3.tgz#d260a24b0198436e133fa26a524a6d65fa3b2e37"
+  integrity sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==
 
 type-fest@^1.0.1:
   version "1.4.0"
   resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-1.4.0.tgz#e9fb813fe3bf1744ec359d55d1affefa76f14be1"
   integrity sha512-yGSza74xk0UG8k+pLh5oeoYirvIiWo5t0/o3zHHAO2tRDiZcxWP7fywNlXhqb6/r6sWvwi+RsyQMWhVLe4BVuA==
 
-type-fest@^2.13.0, type-fest@^2.14.0, type-fest@^2.5.0:
+type-fest@^2.13.0, type-fest@^2.5.0:
   version "2.19.0"
   resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-2.19.0.tgz#88068015bb33036a598b952e55e9311a60fd3a9b"
   integrity sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA==
@@ -11040,6 +13192,11 @@ typedarray-to-buffer@^3.1.5:
   dependencies:
     is-typedarray "^1.0.0"
 
+ufo@^1.5.4:
+  version "1.6.1"
+  resolved "https://registry.yarnpkg.com/ufo/-/ufo-1.6.1.tgz#ac2db1d54614d1b22c1d603e3aef44a85d8f146b"
+  integrity sha512-9a4/uxlTWJ4+a5i0ooc1rU7C7YOw3wT+UGqdeNNHWnOF9qcMBgLRS+4IYUqbczewFx4mLEig6gawh7X6mFlEkA==
+
 unbzip2-stream@1.4.3:
   version "1.4.3"
   resolved "https://registry.yarnpkg.com/unbzip2-stream/-/unbzip2-stream-1.4.3.tgz#b0da04c4371311df771cdc215e87f2130991ace7"
@@ -11191,7 +13348,7 @@ unist-util-stringify-position@^4.0.0:
   dependencies:
     "@types/unist" "^3.0.0"
 
-unist-util-visit-parents@^5.1.1:
+unist-util-visit-parents@^5.0.0, unist-util-visit-parents@^5.1.1:
   version "5.1.3"
   resolved "https://registry.yarnpkg.com/unist-util-visit-parents/-/unist-util-visit-parents-5.1.3.tgz#b4520811b0ca34285633785045df7a8d6776cfeb"
   integrity sha512-x6+y8g7wWMyQhL1iZfhIPhDAs7Xwbn9nRosDXl7qoPTSCy0yNxnKc+hWokFifWQIDGi154rdUqKvbCa4+1kLhg==
@@ -11243,6 +13400,14 @@ update-browserslist-db@^1.0.16:
     escalade "^3.1.2"
     picocolors "^1.0.1"
 
+update-browserslist-db@^1.1.3:
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/update-browserslist-db/-/update-browserslist-db-1.1.3.tgz#348377dd245216f9e7060ff50b15a1b740b75420"
+  integrity sha512-UxhIZQ+QInVdunkDAaiazvvT/+fXL5Osr0JZlJulepYu6Jd7qJtDZjlur0emRlT71EN3ScPoE7gvsuIKKNavKw==
+  dependencies:
+    escalade "^3.2.0"
+    picocolors "^1.1.1"
+
 update-notifier@^6.0.2:
   version "6.0.2"
   resolved "https://registry.yarnpkg.com/update-notifier/-/update-notifier-6.0.2.tgz#a6990253dfe6d5a02bd04fbb6a61543f55026b60"
@@ -11279,13 +13444,13 @@ url-loader@^4.1.1:
     mime-types "^2.1.27"
     schema-utils "^3.0.0"
 
-url@^0.11.0:
-  version "0.11.3"
-  resolved "https://registry.yarnpkg.com/url/-/url-0.11.3.tgz#6f495f4b935de40ce4a0a52faee8954244f3d3ad"
-  integrity sha512-6hxOLGfZASQK/cijlZnZJTq8OXAkt/3YGfQX45vvMYXpZoo8NdWZcY73K108Jf759lS1Bv/8wXnHDTSz17dSRw==
+url@^0.11.1:
+  version "0.11.4"
+  resolved "https://registry.yarnpkg.com/url/-/url-0.11.4.tgz#adca77b3562d56b72746e76b330b7f27b6721f3c"
+  integrity sha512-oCwdVC7mTuWiPyjLUz/COz5TLk6wgp0RCsN+wHZ2Ekneac9w8uuV0njcbbie2ME+Vs+d6duwmYuR3HgQXs1fOg==
   dependencies:
     punycode "^1.4.1"
-    qs "^6.11.2"
+    qs "^6.12.3"
 
 use-editable@^2.3.3:
   version "2.3.3"
@@ -11304,17 +13469,6 @@ util@^0.10.3:
   dependencies:
     inherits "2.0.3"
 
-util@^0.12.4, util@^0.12.5:
-  version "0.12.5"
-  resolved "https://registry.yarnpkg.com/util/-/util-0.12.5.tgz#5f17a6059b73db61a875668781a1c2b136bd6fbc"
-  integrity sha512-kZf/K6hEIrWHI6XqOFUiiMa+79wE/D8Q+NCNAWclkyg3b4d2k7s0QGepNjiABc+aR3N1PAyHL7p6UcLY6LmrnA==
-  dependencies:
-    inherits "^2.0.3"
-    is-arguments "^1.0.4"
-    is-generator-function "^1.0.7"
-    is-typed-array "^1.1.3"
-    which-typed-array "^1.1.2"
-
 utila@~0.4:
   version "0.4.0"
   resolved "https://registry.yarnpkg.com/utila/-/utila-0.4.0.tgz#8a16a05d445657a3aea5eecc5b12a4fa5379772c"
@@ -11335,10 +13489,10 @@ uuid@8.3.2, uuid@^8.3.2:
   resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2"
   integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==
 
-uuid@^9.0.0:
-  version "9.0.1"
-  resolved "https://registry.yarnpkg.com/uuid/-/uuid-9.0.1.tgz#e188d4c8853cc722220392c424cd637f32293f30"
-  integrity sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==
+uuid@^11.1.0:
+  version "11.1.0"
+  resolved "https://registry.yarnpkg.com/uuid/-/uuid-11.1.0.tgz#9549028be1753bb934fc96e2bca09bb4105ae912"
+  integrity sha512-0/A9rDy9P7cJ+8w1c9WD9V//9Wj15Ce2MPz8Ri6032usz+NfePxx5AcN3bN+r6ZL6jEo066/yNYB3tn4pQEx+A==
 
 uvu@^0.5.0:
   version "0.5.6"
@@ -11449,21 +13603,40 @@ vfile@^6.0.0, vfile@^6.0.1:
     unist-util-stringify-position "^4.0.0"
     vfile-message "^4.0.0"
 
-vm-browserify@^1.1.2:
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/vm-browserify/-/vm-browserify-1.1.2.tgz#78641c488b8e6ca91a75f511e7a3b32a86e5dda0"
-  integrity sha512-2ham8XPWTONajOR0ohOKOHXkm3+gaBmGut3SRuu75xLd/RRaY6vqgh8NBYYk7+RW3u5AtzPQZG8F10LHkl0lAQ==
+vscode-jsonrpc@8.2.0:
+  version "8.2.0"
+  resolved "https://registry.yarnpkg.com/vscode-jsonrpc/-/vscode-jsonrpc-8.2.0.tgz#f43dfa35fb51e763d17cd94dcca0c9458f35abf9"
+  integrity sha512-C+r0eKJUIfiDIfwJhria30+TYWPtuHJXHtI7J0YlOmKAo7ogxP20T0zxB7HZQIFhIyvoBPwWskjxrvAtfjyZfA==
 
-wait-on@6.0.1:
-  version "6.0.1"
-  resolved "https://registry.yarnpkg.com/wait-on/-/wait-on-6.0.1.tgz#16bbc4d1e4ebdd41c5b4e63a2e16dbd1f4e5601e"
-  integrity sha512-zht+KASY3usTY5u2LgaNqn/Cd8MukxLGjdcZxT2ns5QzDmTFc4XoWBgC+C/na+sMRZTuVygQoMYwdcVjHnYIVw==
+vscode-languageserver-protocol@3.17.5:
+  version "3.17.5"
+  resolved "https://registry.yarnpkg.com/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.5.tgz#864a8b8f390835572f4e13bd9f8313d0e3ac4bea"
+  integrity sha512-mb1bvRJN8SVznADSGWM9u/b07H7Ecg0I3OgXDuLdn307rl/J3A9YD6/eYOssqhecL27hK1IPZAsaqh00i/Jljg==
   dependencies:
-    axios "^0.25.0"
-    joi "^17.6.0"
-    lodash "^4.17.21"
-    minimist "^1.2.5"
-    rxjs "^7.5.4"
+    vscode-jsonrpc "8.2.0"
+    vscode-languageserver-types "3.17.5"
+
+vscode-languageserver-textdocument@~1.0.11:
+  version "1.0.12"
+  resolved "https://registry.yarnpkg.com/vscode-languageserver-textdocument/-/vscode-languageserver-textdocument-1.0.12.tgz#457ee04271ab38998a093c68c2342f53f6e4a631"
+  integrity sha512-cxWNPesCnQCcMPeenjKKsOCKQZ/L6Tv19DTRIGuLWe32lyzWhihGVJ/rcckZXJxfdKCFvRLS3fpBIsV/ZGX4zA==
+
+vscode-languageserver-types@3.17.5:
+  version "3.17.5"
+  resolved "https://registry.yarnpkg.com/vscode-languageserver-types/-/vscode-languageserver-types-3.17.5.tgz#3273676f0cf2eab40b3f44d085acbb7f08a39d8a"
+  integrity sha512-Ld1VelNuX9pdF39h2Hgaeb5hEZM2Z3jUrrMgWQAu82jMtZp7p3vJT3BzToKtZI7NgQssZje5o0zryOrhQvzQAg==
+
+vscode-languageserver@~9.0.1:
+  version "9.0.1"
+  resolved "https://registry.yarnpkg.com/vscode-languageserver/-/vscode-languageserver-9.0.1.tgz#500aef82097eb94df90d008678b0b6b5f474015b"
+  integrity sha512-woByF3PDpkHFUreUa7Hos7+pUWdeWMXRd26+ZX2A8cFx6v/JPTtd4/uN0/jB6XQHYaOlHbio03NTHCqrgG5n7g==
+  dependencies:
+    vscode-languageserver-protocol "3.17.5"
+
+vscode-uri@~3.0.8:
+  version "3.0.8"
+  resolved "https://registry.yarnpkg.com/vscode-uri/-/vscode-uri-3.0.8.tgz#1770938d3e72588659a172d0fd4642780083ff9f"
+  integrity sha512-AyFQ0EVmsOZOlAnxoFOGOq1SQDWAB7C6aqMGS23svWAllfOaxbuFvcT8D1i8z3Gyn8fraVeZNNmN6e9bxxXkKw==
 
 warning@^4.0.3:
   version "4.0.3"
@@ -11492,17 +13665,12 @@ web-namespaces@^2.0.0:
   resolved "https://registry.yarnpkg.com/web-namespaces/-/web-namespaces-2.0.1.tgz#1010ff7c650eccb2592cebeeaf9a1b253fd40692"
   integrity sha512-bKr1DkiNa2krS7qxNtdrtHAmzuYGFQLiQ13TsorsdT6ULTkPLKuu5+GsFpDlg6JFjUTwX2DyhMPG2be8uPrqsQ==
 
-web-worker@^1.2.0:
-  version "1.3.0"
-  resolved "https://registry.yarnpkg.com/web-worker/-/web-worker-1.3.0.tgz#e5f2df5c7fe356755a5fb8f8410d4312627e6776"
-  integrity sha512-BSR9wyRsy/KOValMgd5kMyr3JzpdeoR9KVId8u5GVlTTAtNChlsE4yTxeY7zMdNSyOmoKBv8NH2qeRY9Tg+IaA==
-
 webidl-conversions@^3.0.0:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871"
   integrity sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==
 
-webpack-bundle-analyzer@^4.9.0:
+webpack-bundle-analyzer@^4.10.2:
   version "4.10.2"
   resolved "https://registry.yarnpkg.com/webpack-bundle-analyzer/-/webpack-bundle-analyzer-4.10.2.tgz#633af2862c213730be3dbdf40456db171b60d5bd"
   integrity sha512-vJptkMm9pk5si4Bv922ZbKLV8UTT4zib4FPgXMhgzUny0bfDDkLXAVQs3ly3fS4/TN9ROFtb0NFrm04UXFE/Vw==
@@ -11531,7 +13699,7 @@ webpack-dev-middleware@^5.3.4:
     range-parser "^1.2.1"
     schema-utils "^4.0.0"
 
-webpack-dev-server@^4.15.1:
+webpack-dev-server@^4.15.2:
   version "4.15.2"
   resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-4.15.2.tgz#9e0c70a42a012560860adb186986da1248333173"
   integrity sha512-0XavAZbNJ5sDrCbkpWL8mia0o5WPOd2YGtxrEiZkBK9FjLppIUK2TgxK6qGD2P3hUXTJNNPVibrerKcx5WkR1g==
@@ -11576,12 +13744,21 @@ webpack-merge@^5.9.0:
     flat "^5.0.2"
     wildcard "^2.0.0"
 
+webpack-merge@^6.0.1:
+  version "6.0.1"
+  resolved "https://registry.yarnpkg.com/webpack-merge/-/webpack-merge-6.0.1.tgz#50c776868e080574725abc5869bd6e4ef0a16c6a"
+  integrity sha512-hXXvrjtx2PLYx4qruKl+kyRSLc52V+cCvMxRjmKwoA+CBbbF5GfIBtR6kCvl0fYGqTUPKB+1ktVmTHqMOzgCBg==
+  dependencies:
+    clone-deep "^4.0.1"
+    flat "^5.0.2"
+    wildcard "^2.0.1"
+
 webpack-sources@^3.2.3:
   version "3.2.3"
   resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.2.3.tgz#2d4daab8451fd4b240cc27055ff6a0c2ccea0cde"
   integrity sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==
 
-webpack@^5.61.0, webpack@^5.88.1:
+webpack@^5.88.1:
   version "5.92.0"
   resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.92.0.tgz#cc114c71e6851d220b1feaae90159ed52c876bdf"
   integrity sha512-Bsw2X39MYIgxouNATyVpCNVWBCuUwDgWtN78g6lSdPJRLaQ/PUVm/oXcaRAyY/sMFoKFQrsPeqvTizWtq7QPCA==
@@ -11611,15 +13788,49 @@ webpack@^5.61.0, webpack@^5.88.1:
     watchpack "^2.4.1"
     webpack-sources "^3.2.3"
 
-webpackbar@^5.0.2:
-  version "5.0.2"
-  resolved "https://registry.yarnpkg.com/webpackbar/-/webpackbar-5.0.2.tgz#d3dd466211c73852741dfc842b7556dcbc2b0570"
-  integrity sha512-BmFJo7veBDgQzfWXl/wwYXr/VFus0614qZ8i9znqcl9fnEdiVkdbi0TedLQ6xAK92HZHDJ0QmyQ0fmuZPAgCYQ==
+webpack@^5.95.0:
+  version "5.99.9"
+  resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.99.9.tgz#d7de799ec17d0cce3c83b70744b4aedb537d8247"
+  integrity sha512-brOPwM3JnmOa+7kd3NsmOUOwbDAj8FT9xDsG3IW0MgbN9yZV7Oi/s/+MNQ/EcSMqw7qfoRyXPoeEWT8zLVdVGg==
   dependencies:
-    chalk "^4.1.0"
-    consola "^2.15.3"
+    "@types/eslint-scope" "^3.7.7"
+    "@types/estree" "^1.0.6"
+    "@types/json-schema" "^7.0.15"
+    "@webassemblyjs/ast" "^1.14.1"
+    "@webassemblyjs/wasm-edit" "^1.14.1"
+    "@webassemblyjs/wasm-parser" "^1.14.1"
+    acorn "^8.14.0"
+    browserslist "^4.24.0"
+    chrome-trace-event "^1.0.2"
+    enhanced-resolve "^5.17.1"
+    es-module-lexer "^1.2.1"
+    eslint-scope "5.1.1"
+    events "^3.2.0"
+    glob-to-regexp "^0.4.1"
+    graceful-fs "^4.2.11"
+    json-parse-even-better-errors "^2.3.1"
+    loader-runner "^4.2.0"
+    mime-types "^2.1.27"
+    neo-async "^2.6.2"
+    schema-utils "^4.3.2"
+    tapable "^2.1.1"
+    terser-webpack-plugin "^5.3.11"
+    watchpack "^2.4.1"
+    webpack-sources "^3.2.3"
+
+webpackbar@^6.0.1:
+  version "6.0.1"
+  resolved "https://registry.yarnpkg.com/webpackbar/-/webpackbar-6.0.1.tgz#5ef57d3bf7ced8b19025477bc7496ea9d502076b"
+  integrity sha512-TnErZpmuKdwWBdMoexjio3KKX6ZtoKHRVvLIU0A47R0VVBDtx3ZyOJDktgYixhoJokZTYTt1Z37OkO9pnGJa9Q==
+  dependencies:
+    ansi-escapes "^4.3.2"
+    chalk "^4.1.2"
+    consola "^3.2.3"
+    figures "^3.2.0"
+    markdown-table "^2.0.0"
     pretty-time "^1.1.0"
-    std-env "^3.0.1"
+    std-env "^3.7.0"
+    wrap-ansi "^7.0.0"
 
 websocket-driver@>=0.5.1, websocket-driver@^0.7.4:
   version "0.7.4"
@@ -11643,24 +13854,6 @@ whatwg-url@^5.0.0:
     tr46 "~0.0.3"
     webidl-conversions "^3.0.0"
 
-which-typed-array@^1.1.14, which-typed-array@^1.1.2:
-  version "1.1.15"
-  resolved "https://registry.yarnpkg.com/which-typed-array/-/which-typed-array-1.1.15.tgz#264859e9b11a649b388bfaaf4f767df1f779b38d"
-  integrity sha512-oV0jmFtUky6CXfkqehVvBP/LSWJ2sy4vWMioiENyJLePrBO/yKyV9OyJySfAKosh+RYkIl5zJCNZ8/4JncrpdA==
-  dependencies:
-    available-typed-arrays "^1.0.7"
-    call-bind "^1.0.7"
-    for-each "^0.3.3"
-    gopd "^1.0.1"
-    has-tostringtag "^1.0.2"
-
-which@^1.3.1:
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/which/-/which-1.3.1.tgz#a45043d54f5805316da8d62f9f50918d3da70b0a"
-  integrity sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==
-  dependencies:
-    isexe "^2.0.0"
-
 which@^2.0.1:
   version "2.0.2"
   resolved "https://registry.yarnpkg.com/which/-/which-2.0.2.tgz#7c6a8dd0a636a0327e10b59c9286eee93f3f51b1"
@@ -11675,7 +13868,7 @@ widest-line@^4.0.1:
   dependencies:
     string-width "^5.0.1"
 
-wildcard@^2.0.0:
+wildcard@^2.0.0, wildcard@^2.0.1:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/wildcard/-/wildcard-2.0.1.tgz#5ab10d02487198954836b6349f74fff961e10f67"
   integrity sha512-CC1bOL87PIWSBhDcTrdeLo6eGT7mCFtrg0uIJtqJUFyK+eJnzl8A1niH56uu7KMa5XFrtiV+AQuHO3n7DsHnLQ==
@@ -11761,11 +13954,6 @@ xml-parser-xo@^3.2.0:
   resolved "https://registry.yarnpkg.com/xml-parser-xo/-/xml-parser-xo-3.2.0.tgz#c633ab55cf1976d6b03ab4a6a85045093ac32b73"
   integrity sha512-8LRU6cq+d7mVsoDaMhnkkt3CTtAs4153p49fRo+HIB3I1FD1o5CeXRjRH29sQevIfVJIcPjKSsPU/+Ujhq09Rg==
 
-xtend@^4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/xtend/-/xtend-4.0.2.tgz#bb72779f5fa465186b1f438f674fa347fdb5db54"
-  integrity sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==
-
 y18n@^5.0.5:
   version "5.0.8"
   resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55"
@@ -11786,7 +13974,7 @@ yaml-ast-parser@0.0.43:
   resolved "https://registry.yarnpkg.com/yaml-ast-parser/-/yaml-ast-parser-0.0.43.tgz#e8a23e6fb4c38076ab92995c5dca33f3d3d7c9bb"
   integrity sha512-2PTINUwsRqSd+s8XxKaJWQlUuEMHJQyEuh2edBbW8KNJz0SJPwUSD2zRWqezFEdN7IzAgeuYHFUCF7o8zRdZ0A==
 
-yaml@1.10.2, yaml@^1.10.0, yaml@^1.7.2:
+yaml@1.10.2, yaml@^1.10.0:
   version "1.10.2"
   resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.10.2.tgz#2301c5ffbf12b467de8da2333a459e29e7920e4b"
   integrity sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==
@@ -11822,11 +14010,6 @@ yauzl@^2.10.0:
     buffer-crc32 "~0.2.3"
     fd-slicer "~1.1.0"
 
-yocto-queue@^0.1.0:
-  version "0.1.0"
-  resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-0.1.0.tgz#0294eb3dee05028d31ee1a5fa2c556a6aaf10a1b"
-  integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==
-
 yocto-queue@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-1.0.0.tgz#7f816433fb2cbc511ec8bf7d263c3b58a1a3c251"

From cdf1860083e02906d0399d5c210135ccb1fda242 Mon Sep 17 00:00:00 2001
From: Florian Forster <florian@zitadel.com>
Date: Mon, 2 Jun 2025 00:42:11 -0700
Subject: [PATCH 074/123] chore: remove unparsed md characters (#9983)

This pull request includes a minor change to the `README.md` file. It
removes a broken markdown link syntax for an image and replaces it with
the correct image syntax to properly display the "New Login Showcase"
image.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 285e50964c..3d33e20e57 100644
--- a/README.md
+++ b/README.md
@@ -193,7 +193,7 @@ Use [Console](https://zitadel.com/docs/guides/manage/console/overview) or our [A
 ### Login V2
 
 Check out our new Login V2 version in our [typescript repository](https://github.com/zitadel/typescript) or in our [documentation](https://zitadel.com/docs/guides/integrate/login/hosted-login#hosted-login-version-2-beta)
-[![New Login Showcase](https://github.com/user-attachments/assets/cb5c5212-128b-4dc9-b11d-cabfd3f73e26)]
+![New Login Showcase](https://github.com/user-attachments/assets/cb5c5212-128b-4dc9-b11d-cabfd3f73e26)
 
 ## Security
 

From b660d6ab9a2cd26c579693264d5d20a39ecc6c7d Mon Sep 17 00:00:00 2001
From: Silvan <27845747+adlerhurst@users.noreply.github.com>
Date: Mon, 2 Jun 2025 10:16:13 +0200
Subject: [PATCH 075/123] fix(queue): reset projection list before each
 `Register` call (#10001)

# Which Problems Are Solved

if Zitadel was started using `start-from-init` or `start-from-setup`
there were rare cases where a panic occured when
`Notifications.LegacyEnabled` was set to false. The cause was a list
which was not reset before refilling.

# How the Problems Are Solved

The list is now reset before each time it gets filled.

# Additional Changes

Ensure all contexts are canceled for the init and setup functions for
`start-from-init- or `start-from-setup` commands.

# Additional Context

none
---
 cmd/start/start_from_init.go         | 11 +++++++++--
 cmd/start/start_from_setup.go        |  7 ++++++-
 internal/notification/projections.go |  3 +++
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/cmd/start/start_from_init.go b/cmd/start/start_from_init.go
index 62d705b33c..41972e16ad 100644
--- a/cmd/start/start_from_init.go
+++ b/cmd/start/start_from_init.go
@@ -1,6 +1,8 @@
 package start
 
 import (
+	"context"
+
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/zitadel/logging"
@@ -29,14 +31,19 @@ Requirements:
 			masterKey, err := key.MasterKey(cmd)
 			logging.OnError(err).Panic("No master key provided")
 
-			initialise.InitAll(cmd.Context(), initialise.MustNewConfig(viper.GetViper()))
+			initCtx, cancel := context.WithCancel(cmd.Context())
+			initialise.InitAll(initCtx, initialise.MustNewConfig(viper.GetViper()))
+			cancel()
 
 			err = setup.BindInitProjections(cmd)
 			logging.OnError(err).Fatal("unable to bind \"init-projections\" flag")
 
 			setupConfig := setup.MustNewConfig(viper.GetViper())
 			setupSteps := setup.MustNewSteps(viper.New())
-			setup.Setup(cmd.Context(), setupConfig, setupSteps, masterKey)
+
+			setupCtx, cancel := context.WithCancel(cmd.Context())
+			setup.Setup(setupCtx, setupConfig, setupSteps, masterKey)
+			cancel()
 
 			startConfig := MustNewConfig(viper.GetViper())
 
diff --git a/cmd/start/start_from_setup.go b/cmd/start/start_from_setup.go
index a8b7295f2a..3e8a13705e 100644
--- a/cmd/start/start_from_setup.go
+++ b/cmd/start/start_from_setup.go
@@ -1,6 +1,8 @@
 package start
 
 import (
+	"context"
+
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/zitadel/logging"
@@ -34,7 +36,10 @@ Requirements:
 
 			setupConfig := setup.MustNewConfig(viper.GetViper())
 			setupSteps := setup.MustNewSteps(viper.New())
-			setup.Setup(cmd.Context(), setupConfig, setupSteps, masterKey)
+
+			setupCtx, cancel := context.WithCancel(cmd.Context())
+			setup.Setup(setupCtx, setupConfig, setupSteps, masterKey)
+			cancel()
 
 			startConfig := MustNewConfig(viper.GetViper())
 
diff --git a/internal/notification/projections.go b/internal/notification/projections.go
index 7fda08135c..7fedaaf301 100644
--- a/internal/notification/projections.go
+++ b/internal/notification/projections.go
@@ -43,6 +43,9 @@ func Register(
 		queue.ShouldStart()
 	}
 
+	// make sure the slice does not contain old values
+	projections = nil
+
 	q := handlers.NewNotificationQueries(queries, es, externalDomain, externalPort, externalSecure, fileSystemPath, userEncryption, smtpEncryption, smsEncryption)
 	c := newChannels(q)
 	projections = append(projections, handlers.NewUserNotifier(ctx, projection.ApplyCustomConfig(userHandlerCustomConfig), commands, q, c, otpEmailTmpl, notificationWorkerConfig, queue))

From b46c41e4bf50af7f3873c6d0deb62206d77ec6e9 Mon Sep 17 00:00:00 2001
From: Iraq <66622793+kkrime@users.noreply.github.com>
Date: Mon, 2 Jun 2025 10:40:19 +0200
Subject: [PATCH 076/123] fix(settings): fix for setting restricted languages
 (#9947)

# Which Problems Are Solved

Zitadel encounters a migration error when setting `restricted languages`
and fails to start.

# How the Problems Are Solved

The problem is that there is a check that checks that at least one of
the restricted languages is the same as the `default language`, however,
in the `authz instance` (where the default language is pulled form) is
never set.

I've added code to set the `default language` in the `authz instance`

# Additional Context

- Closes https://github.com/zitadel/zitadel/issues/9787

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 internal/api/authz/instance.go    | 30 +++++++++++++++++----------
 internal/command/instance.go      | 27 +++++++++++++-----------
 internal/command/instance_test.go | 34 ++++++++++++++++---------------
 3 files changed, 52 insertions(+), 39 deletions(-)

diff --git a/internal/api/authz/instance.go b/internal/api/authz/instance.go
index 7ee8d605ca..0fe6d6c8aa 100644
--- a/internal/api/authz/instance.go
+++ b/internal/api/authz/instance.go
@@ -9,9 +9,7 @@ import (
 	"github.com/zitadel/zitadel/internal/feature"
 )
 
-var (
-	emptyInstance = &instance{}
-)
+var emptyInstance = &instance{}
 
 type Instance interface {
 	InstanceID() string
@@ -33,13 +31,13 @@ type InstanceVerifier interface {
 }
 
 type instance struct {
-	id        string
-	domain    string
-	projectID string
-	appID     string
-	clientID  string
-	orgID     string
-	features  feature.Features
+	id              string
+	projectID       string
+	appID           string
+	clientID        string
+	orgID           string
+	defaultLanguage language.Tag
+	features        feature.Features
 }
 
 func (i *instance) Block() *bool {
@@ -67,7 +65,7 @@ func (i *instance) ConsoleApplicationID() string {
 }
 
 func (i *instance) DefaultLanguage() language.Tag {
-	return language.Und
+	return i.defaultLanguage
 }
 
 func (i *instance) DefaultOrganisationID() string {
@@ -106,6 +104,16 @@ func WithInstanceID(ctx context.Context, id string) context.Context {
 	return context.WithValue(ctx, instanceKey, &instance{id: id})
 }
 
+func WithDefaultLanguage(ctx context.Context, defaultLanguage language.Tag) context.Context {
+	i, ok := ctx.Value(instanceKey).(*instance)
+	if !ok {
+		i = new(instance)
+	}
+
+	i.defaultLanguage = defaultLanguage
+	return context.WithValue(ctx, instanceKey, i)
+}
+
 func WithConsole(ctx context.Context, projectID, appID string) context.Context {
 	i, ok := ctx.Value(instanceKey).(*instance)
 	if !ok {
diff --git a/internal/command/instance.go b/internal/command/instance.go
index d71be53468..cfafb1d298 100644
--- a/internal/command/instance.go
+++ b/internal/command/instance.go
@@ -221,7 +221,7 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup) (str
 	if err := setup.generateIDs(c.idGenerator); err != nil {
 		return "", "", nil, nil, err
 	}
-	ctx = contextWithInstanceSetupInfo(ctx, setup.zitadel.instanceID, setup.zitadel.projectID, setup.zitadel.consoleAppID, c.externalDomain)
+	ctx = contextWithInstanceSetupInfo(ctx, setup.zitadel.instanceID, setup.zitadel.projectID, setup.zitadel.consoleAppID, c.externalDomain, setup.DefaultLanguage)
 
 	validations, pat, machineKey, err := setUpInstance(ctx, c, setup)
 	if err != nil {
@@ -255,19 +255,22 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup) (str
 	return setup.zitadel.instanceID, token, machineKey, details, nil
 }
 
-func contextWithInstanceSetupInfo(ctx context.Context, instanceID, projectID, consoleAppID, externalDomain string) context.Context {
-	return authz.WithConsole(
-		authz.SetCtxData(
-			http.WithRequestedHost(
-				authz.WithInstanceID(
-					ctx,
-					instanceID),
-				externalDomain,
+func contextWithInstanceSetupInfo(ctx context.Context, instanceID, projectID, consoleAppID, externalDomain string, defaultLanguage language.Tag) context.Context {
+	return authz.WithDefaultLanguage(
+		authz.WithConsole(
+			authz.SetCtxData(
+				http.WithRequestedHost(
+					authz.WithInstanceID(
+						ctx,
+						instanceID),
+					externalDomain,
+				),
+				authz.CtxData{ResourceOwner: instanceID},
 			),
-			authz.CtxData{ResourceOwner: instanceID},
+			projectID,
+			consoleAppID,
 		),
-		projectID,
-		consoleAppID,
+		defaultLanguage,
 	)
 }
 
diff --git a/internal/command/instance_test.go b/internal/command/instance_test.go
index 16e51d844d..2b82818a7e 100644
--- a/internal/command/instance_test.go
+++ b/internal/command/instance_test.go
@@ -345,6 +345,7 @@ func instanceElementsEvents(ctx context.Context, instanceID, instanceName string
 		instance.NewSecretGeneratorAddedEvent(ctx, &instanceAgg.Aggregate, domain.SecretGeneratorTypeOTPEmail, 8, 5*time.Minute, false, false, true, false),
 	}
 }
+
 func instanceElementsConfig() *SecretGenerators {
 	return &SecretGenerators{
 		ClientSecret:             &crypto.GeneratorConfig{Length: 64, IncludeLowerLetters: true, IncludeUpperLetters: true, IncludeDigits: true},
@@ -668,22 +669,23 @@ func TestCommandSide_setupMinimalInterfaces(t *testing.T) {
 				eventstore: expectEventstore(
 					slices.Concat(
 						projectFilters(),
-						[]expect{expectPush(
-							projectAddedEvents(context.Background(),
-								"INSTANCE",
-								"ORG",
-								"PROJECT",
-								"owner",
-								false,
-							)...,
-						),
+						[]expect{
+							expectPush(
+								projectAddedEvents(context.Background(),
+									"INSTANCE",
+									"ORG",
+									"PROJECT",
+									"owner",
+									false,
+								)...,
+							),
 						},
 					)...,
 				),
 				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, projectClientIDs()...),
 			},
 			args: args{
-				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN"),
+				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN", language.Dutch),
 				instanceAgg: instance.NewAggregate("INSTANCE"),
 				orgAgg:      org.NewAggregate("ORG"),
 				owner:       "owner",
@@ -767,7 +769,7 @@ func TestCommandSide_setupAdmins(t *testing.T) {
 				},
 			},
 			args: args{
-				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN"),
+				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN", language.Dutch),
 				instanceAgg: instance.NewAggregate("INSTANCE"),
 				orgAgg:      org.NewAggregate("ORG"),
 				human:       instanceSetupHumanConfig(),
@@ -806,7 +808,7 @@ func TestCommandSide_setupAdmins(t *testing.T) {
 				keyAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
-				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN"),
+				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN", language.Dutch),
 				instanceAgg: instance.NewAggregate("INSTANCE"),
 				orgAgg:      org.NewAggregate("ORG"),
 				machine:     instanceSetupMachineConfig(),
@@ -855,7 +857,7 @@ func TestCommandSide_setupAdmins(t *testing.T) {
 				keyAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
-				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN"),
+				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN", language.Dutch),
 				instanceAgg: instance.NewAggregate("INSTANCE"),
 				orgAgg:      org.NewAggregate("ORG"),
 				machine:     instanceSetupMachineConfig(),
@@ -972,7 +974,7 @@ func TestCommandSide_setupDefaultOrg(t *testing.T) {
 				keyAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
-				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN"),
+				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN", language.Dutch),
 				instanceAgg: instance.NewAggregate("INSTANCE"),
 				orgName:     "ZITADEL",
 				machine: &AddMachine{
@@ -1097,7 +1099,7 @@ func TestCommandSide_setupInstanceElements(t *testing.T) {
 				),
 			},
 			args: args{
-				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN"),
+				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN", language.Dutch),
 				instanceAgg: instance.NewAggregate("INSTANCE"),
 				setup:       setupInstanceElementsConfig(),
 			},
@@ -1183,7 +1185,7 @@ func TestCommandSide_setUpInstance(t *testing.T) {
 				},
 			},
 			args: args{
-				ctx:   contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN"),
+				ctx:   contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN", language.Dutch),
 				setup: setupInstanceConfig(),
 			},
 			res: res{

From b3d22dba0535f3818b69d2f8f62216f5e0365695 Mon Sep 17 00:00:00 2001
From: Silvan <27845747+adlerhurst@users.noreply.github.com>
Date: Mon, 2 Jun 2025 17:29:56 +0200
Subject: [PATCH 077/123] docs(10016): cockroach compatibility (#10010)

# Which Problems Are Solved

If the sql statement of technical advisory 10016 gets executed on
cockroach the following error is raised:

```
ERROR: WITH clause "fixed" does not return any columns
SQLSTATE: 0A000
HINT: missing RETURNING clause?
```

# How the Problems Are Solved

Fixed the statement by adding `returning` to statement
---
 docs/docs/support/advisory/a10016.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/docs/support/advisory/a10016.md b/docs/docs/support/advisory/a10016.md
index 84dd1cd34c..38d73e6078 100644
--- a/docs/docs/support/advisory/a10016.md
+++ b/docs/docs/support/advisory/a10016.md
@@ -78,6 +78,7 @@ with
       and s.aggregate_id = b.aggregate_id
       and s.aggregate_type = b.aggregate_type
       and s.sequence = b.sequence
+    returning *
   )
 select
   b.projection_name,

From ae1a2e93c1e10a05d43762654ba8b4c8daed6a3d Mon Sep 17 00:00:00 2001
From: Iraq <66622793+kkrime@users.noreply.github.com>
Date: Mon, 2 Jun 2025 18:27:53 +0200
Subject: [PATCH 078/123] feat(api): moving organization API resourced based
 (#9943)

---
 cmd/start/start.go                            |    2 +-
 docs/docusaurus.config.js                     |    8 +
 docs/sidebars.js                              |   13 +
 internal/api/grpc/instance/converter.go       |    4 +-
 .../v2beta/integration_test/instance_test.go  |    5 +-
 .../v2beta/integration_test/query_test.go     |    5 +-
 internal/api/grpc/management/org_converter.go |    4 +-
 internal/api/grpc/management/user.go          |    4 +
 internal/api/grpc/metadata/v2beta/metadata.go |   49 +
 internal/api/grpc/object/v2beta/converter.go  |   55 +
 internal/api/grpc/org/v2beta/helper.go        |  256 +++
 .../org/v2beta/integration_test/org_test.go   | 1815 ++++++++++++++++-
 internal/api/grpc/org/v2beta/org.go           |  238 ++-
 internal/api/grpc/org/v2beta/org_test.go      |   45 +-
 internal/api/grpc/org/v2beta/server.go        |    4 +
 internal/query/org_metadata.go                |    1 -
 proto/zitadel/admin.proto                     |   28 +-
 proto/zitadel/management.proto                |  258 +--
 proto/zitadel/metadata/v2beta/metadata.proto  |   57 +
 proto/zitadel/org/v2beta/org.proto            |  169 ++
 proto/zitadel/org/v2beta/org_service.proto    |  825 +++++++-
 21 files changed, 3542 insertions(+), 303 deletions(-)
 create mode 100644 internal/api/grpc/metadata/v2beta/metadata.go
 create mode 100644 internal/api/grpc/org/v2beta/helper.go
 create mode 100644 proto/zitadel/metadata/v2beta/metadata.proto
 create mode 100644 proto/zitadel/org/v2beta/org.proto

diff --git a/cmd/start/start.go b/cmd/start/start.go
index af76b29e99..2fc1fb8413 100644
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -470,7 +470,7 @@ func startAPIs(
 	if err := apis.RegisterService(ctx, settings_v2beta.CreateServer(commands, queries)); err != nil {
 		return nil, err
 	}
-	if err := apis.RegisterService(ctx, org_v2beta.CreateServer(commands, queries, permissionCheck)); err != nil {
+	if err := apis.RegisterService(ctx, org_v2beta.CreateServer(config.SystemDefaults, commands, queries, permissionCheck)); err != nil {
 		return nil, err
 	}
 	if err := apis.RegisterService(ctx, feature_v2beta.CreateServer(commands, queries)); err != nil {
diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
index c161d38d9f..43830eafd0 100644
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -342,6 +342,14 @@ module.exports = {
               categoryLinkSource: "auto",
             },
           },
+          org_v2beta: {
+            specPath: ".artifacts/openapi/zitadel/org/v2beta/org_service.swagger.json",
+            outputDir: "docs/apis/resources/org_service_v2beta",
+            sidebarOptions: {
+              groupPathsBy: "tag",
+              categoryLinkSource: "auto",
+            },
+          },
           project_v2beta: {
             specPath: ".artifacts/openapi/zitadel/project/v2beta/project_service.swagger.json",
             outputDir: "docs/apis/resources/project_service_v2",
diff --git a/docs/sidebars.js b/docs/sidebars.js
index b7a399ecf1..f9b97703e5 100644
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -10,6 +10,7 @@ const sidebar_api_oidc_service_v2 = require("./docs/apis/resources/oidc_service_
 const sidebar_api_settings_service_v2 = require("./docs/apis/resources/settings_service_v2/sidebar.ts").default
 const sidebar_api_feature_service_v2 = require("./docs/apis/resources/feature_service_v2/sidebar.ts").default
 const sidebar_api_org_service_v2 = require("./docs/apis/resources/org_service_v2/sidebar.ts").default
+const sidebar_api_org_service_v2beta = require("./docs/apis/resources/org_service_v2beta/sidebar.ts").default
 const sidebar_api_idp_service_v2 = require("./docs/apis/resources/idp_service_v2/sidebar.ts").default
 const sidebar_api_actions_v2 = require("./docs/apis/resources/action_service_v2/sidebar.ts").default
 const sidebar_api_project_service_v2 = require("./docs/apis/resources/project_service_v2/sidebar.ts").default
@@ -791,6 +792,18 @@ module.exports = {
               },
               items: sidebar_api_org_service_v2,
             },
+            {
+              type: "category",
+              label: "Organization (Beta)",
+              link: {
+                type: "generated-index",
+                title: "Organization Service beta API",
+                slug: "/apis/resources/org_service/v2beta",
+                description:
+                  "This API is intended to manage organizations for ZITADEL. \n",
+              },
+              items: sidebar_api_org_service_v2beta,
+            },
             {
               type: "category",
               label: "Identity Provider",
diff --git a/internal/api/grpc/instance/converter.go b/internal/api/grpc/instance/converter.go
index 4094da4a77..b894a064ff 100644
--- a/internal/api/grpc/instance/converter.go
+++ b/internal/api/grpc/instance/converter.go
@@ -28,7 +28,7 @@ func InstanceToPb(instance *query.Instance) *instance_pb.Instance {
 		Name:    instance.Name,
 		Domains: DomainsToPb(instance.Domains),
 		Version: build.Version(),
-		State:   instance_pb.State_STATE_RUNNING, //TODO: change when delete is implemented
+		State:   instance_pb.State_STATE_RUNNING, // TODO: change when delete is implemented
 	}
 }
 
@@ -44,7 +44,7 @@ func InstanceDetailToPb(instance *query.Instance) *instance_pb.InstanceDetail {
 		Name:    instance.Name,
 		Domains: DomainsToPb(instance.Domains),
 		Version: build.Version(),
-		State:   instance_pb.State_STATE_RUNNING, //TODO: change when delete is implemented
+		State:   instance_pb.State_STATE_RUNNING, // TODO: change when delete is implemented
 	}
 }
 
diff --git a/internal/api/grpc/instance/v2beta/integration_test/instance_test.go b/internal/api/grpc/instance/v2beta/integration_test/instance_test.go
index 5187bbc78d..ae277c6d13 100644
--- a/internal/api/grpc/instance/v2beta/integration_test/instance_test.go
+++ b/internal/api/grpc/instance/v2beta/integration_test/instance_test.go
@@ -9,10 +9,11 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/zitadel/zitadel/internal/integration"
-	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
 )
 
 func TestDeleteInstace(t *testing.T) {
diff --git a/internal/api/grpc/instance/v2beta/integration_test/query_test.go b/internal/api/grpc/instance/v2beta/integration_test/query_test.go
index 0828b006e3..e59a16a932 100644
--- a/internal/api/grpc/instance/v2beta/integration_test/query_test.go
+++ b/internal/api/grpc/instance/v2beta/integration_test/query_test.go
@@ -11,12 +11,13 @@ import (
 	"github.com/brianvoe/gofakeit/v6"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
 	"github.com/zitadel/zitadel/internal/integration"
 	filter "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta"
 	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
 	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 )
 
 func TestGetInstance(t *testing.T) {
diff --git a/internal/api/grpc/management/org_converter.go b/internal/api/grpc/management/org_converter.go
index 879b5e0763..03de84cdf4 100644
--- a/internal/api/grpc/management/org_converter.go
+++ b/internal/api/grpc/management/org_converter.go
@@ -26,7 +26,7 @@ func ListOrgDomainsRequestToModel(req *mgmt_pb.ListOrgDomainsRequest) (*query.Or
 			Limit:  limit,
 			Asc:    asc,
 		},
-		//SortingColumn: //TODO: sorting
+		//  SortingColumn: //TODO: sorting
 		Queries: queries,
 	}, nil
 }
@@ -89,7 +89,7 @@ func ListOrgMembersRequestToModel(ctx context.Context, req *mgmt_pb.ListOrgMembe
 				Offset: offset,
 				Limit:  limit,
 				Asc:    asc,
-				//SortingColumn: //TODO: sorting
+				// SortingColumn: //TODO: sorting
 			},
 			Queries: queries,
 		},
diff --git a/internal/api/grpc/management/user.go b/internal/api/grpc/management/user.go
index 5b82eb5afe..f318051e63 100644
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -901,6 +901,7 @@ func (s *Server) ListHumanLinkedIDPs(ctx context.Context, req *mgmt_pb.ListHuman
 		Details: obj_grpc.ToListDetails(res.Count, res.Sequence, res.LastRun),
 	}, nil
 }
+
 func (s *Server) RemoveHumanLinkedIDP(ctx context.Context, req *mgmt_pb.RemoveHumanLinkedIDPRequest) (*mgmt_pb.RemoveHumanLinkedIDPResponse, error) {
 	objectDetails, err := s.command.RemoveUserIDPLink(ctx, RemoveHumanLinkedIDPRequestToDomain(ctx, req))
 	if err != nil {
@@ -947,18 +948,21 @@ func cascadingIAMMembership(membership *query.IAMMembership) *command.CascadingI
 	}
 	return &command.CascadingIAMMembership{IAMID: membership.IAMID}
 }
+
 func cascadingOrgMembership(membership *query.OrgMembership) *command.CascadingOrgMembership {
 	if membership == nil {
 		return nil
 	}
 	return &command.CascadingOrgMembership{OrgID: membership.OrgID}
 }
+
 func cascadingProjectMembership(membership *query.ProjectMembership) *command.CascadingProjectMembership {
 	if membership == nil {
 		return nil
 	}
 	return &command.CascadingProjectMembership{ProjectID: membership.ProjectID}
 }
+
 func cascadingProjectGrantMembership(membership *query.ProjectGrantMembership) *command.CascadingProjectGrantMembership {
 	if membership == nil {
 		return nil
diff --git a/internal/api/grpc/metadata/v2beta/metadata.go b/internal/api/grpc/metadata/v2beta/metadata.go
new file mode 100644
index 0000000000..57da21dfd2
--- /dev/null
+++ b/internal/api/grpc/metadata/v2beta/metadata.go
@@ -0,0 +1,49 @@
+package metadata
+
+import (
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	v2beta_object "github.com/zitadel/zitadel/internal/api/grpc/object/v2beta"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	meta_pb "github.com/zitadel/zitadel/pkg/grpc/metadata/v2beta"
+)
+
+// code in this file is copied from internal/api/grpc/metadata/metadata.go
+
+func OrgMetadataListToPb(dataList []*query.OrgMetadata) []*meta_pb.Metadata {
+	mds := make([]*meta_pb.Metadata, len(dataList))
+	for i, data := range dataList {
+		mds[i] = OrgMetadataToPb(data)
+	}
+	return mds
+}
+
+func OrgMetadataToPb(data *query.OrgMetadata) *meta_pb.Metadata {
+	return &meta_pb.Metadata{
+		Key:          data.Key,
+		Value:        data.Value,
+		CreationDate: timestamppb.New(data.CreationDate),
+		ChangeDate:   timestamppb.New(data.ChangeDate),
+	}
+}
+
+func OrgMetadataQueriesToQuery(queries []*meta_pb.MetadataQuery) (_ []query.SearchQuery, err error) {
+	q := make([]query.SearchQuery, len(queries))
+	for i, query := range queries {
+		q[i], err = OrgMetadataQueryToQuery(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func OrgMetadataQueryToQuery(metadataQuery *meta_pb.MetadataQuery) (query.SearchQuery, error) {
+	switch q := metadataQuery.Query.(type) {
+	case *meta_pb.MetadataQuery_KeyQuery:
+		return query.NewOrgMetadataKeySearchQuery(q.KeyQuery.Key, v2beta_object.TextMethodToQuery(q.KeyQuery.Method))
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "METAD-fdg23", "List.Query.Invalid")
+	}
+}
diff --git a/internal/api/grpc/object/v2beta/converter.go b/internal/api/grpc/object/v2beta/converter.go
index 9b14bb677a..73d5f18843 100644
--- a/internal/api/grpc/object/v2beta/converter.go
+++ b/internal/api/grpc/object/v2beta/converter.go
@@ -9,6 +9,7 @@ import (
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
+	org_pb "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
 )
 
 func DomainToDetailsPb(objectDetail *domain.ObjectDetails) *object.Details {
@@ -34,6 +35,7 @@ func ToListDetails(response query.SearchResponse) *object.ListDetails {
 
 	return details
 }
+
 func ListQueryToQuery(query *object.ListQuery) (offset, limit uint64, asc bool) {
 	if query == nil {
 		return 0, 0, false
@@ -73,3 +75,56 @@ func TextMethodToQuery(method object.TextQueryMethod) query.TextComparison {
 		return -1
 	}
 }
+
+func ListQueryToModel(query *object.ListQuery) (offset, limit uint64, asc bool) {
+	if query == nil {
+		return 0, 0, false
+	}
+	return query.Offset, uint64(query.Limit), query.Asc
+}
+
+func DomainsToPb(domains []*query.Domain) []*org_pb.Domain {
+	d := make([]*org_pb.Domain, len(domains))
+	for i, domain := range domains {
+		d[i] = DomainToPb(domain)
+	}
+	return d
+}
+
+func DomainToPb(d *query.Domain) *org_pb.Domain {
+	return &org_pb.Domain{
+		OrganizationId: d.OrgID,
+		DomainName:     d.Domain,
+		IsVerified:     d.IsVerified,
+		IsPrimary:      d.IsPrimary,
+		ValidationType: DomainValidationTypeFromModel(d.ValidationType),
+	}
+}
+
+func DomainValidationTypeFromModel(validationType domain.OrgDomainValidationType) org_pb.DomainValidationType {
+	switch validationType {
+	case domain.OrgDomainValidationTypeDNS:
+		return org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_DNS
+	case domain.OrgDomainValidationTypeHTTP:
+		return org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP
+	case domain.OrgDomainValidationTypeUnspecified:
+		// added to please golangci-lint
+		return org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_UNSPECIFIED
+	default:
+		return org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_UNSPECIFIED
+	}
+}
+
+func DomainValidationTypeToDomain(validationType org_pb.DomainValidationType) domain.OrgDomainValidationType {
+	switch validationType {
+	case org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP:
+		return domain.OrgDomainValidationTypeHTTP
+	case org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_DNS:
+		return domain.OrgDomainValidationTypeDNS
+	case org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_UNSPECIFIED:
+		// added to please golangci-lint
+		return domain.OrgDomainValidationTypeUnspecified
+	default:
+		return domain.OrgDomainValidationTypeUnspecified
+	}
+}
diff --git a/internal/api/grpc/org/v2beta/helper.go b/internal/api/grpc/org/v2beta/helper.go
new file mode 100644
index 0000000000..39bad0dae2
--- /dev/null
+++ b/internal/api/grpc/org/v2beta/helper.go
@@ -0,0 +1,256 @@
+package org
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	// TODO fix below
+	filter "github.com/zitadel/zitadel/internal/api/grpc/filter/v2beta"
+	metadata "github.com/zitadel/zitadel/internal/api/grpc/metadata/v2beta"
+	v2beta_object "github.com/zitadel/zitadel/internal/api/grpc/object/v2beta"
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/config/systemdefaults"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	v2beta "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
+	org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
+	v2beta_org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
+)
+
+// NOTE: most of this code is copied from `internal/api/grpc/admin/*`, as we will eventually axe the previous versons of the API,
+// we will have code duplication until then
+
+func listOrgRequestToModel(systemDefaults systemdefaults.SystemDefaults, request *v2beta_org.ListOrganizationsRequest) (*query.OrgSearchQueries, error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(systemDefaults, request.Pagination)
+	if err != nil {
+		return nil, err
+	}
+	queries, err := OrgQueriesToModel(request.Filter)
+	if err != nil {
+		return nil, err
+	}
+	return &query.OrgSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset:        offset,
+			Limit:         limit,
+			SortingColumn: FieldNameToOrgColumn(request.SortingColumn),
+			Asc:           asc,
+		},
+		Queries: queries,
+	}, nil
+}
+
+func OrganizationViewToPb(org *query.Org) *v2beta_org.Organization {
+	return &v2beta_org.Organization{
+		Id:            org.ID,
+		State:         OrgStateToPb(org.State),
+		Name:          org.Name,
+		PrimaryDomain: org.Domain,
+		CreationDate:  timestamppb.New(org.CreationDate),
+		ChangedDate:   timestamppb.New(org.ChangeDate),
+	}
+}
+
+func OrgStateToPb(state domain.OrgState) v2beta_org.OrgState {
+	switch state {
+	case domain.OrgStateActive:
+		return v2beta_org.OrgState_ORG_STATE_ACTIVE
+	case domain.OrgStateInactive:
+		return v2beta_org.OrgState_ORG_STATE_INACTIVE
+	case domain.OrgStateRemoved:
+		// added to please golangci-lint
+		return v2beta_org.OrgState_ORG_STATE_REMOVED
+	case domain.OrgStateUnspecified:
+		// added to please golangci-lint
+		return v2beta_org.OrgState_ORG_STATE_UNSPECIFIED
+	default:
+		return v2beta_org.OrgState_ORG_STATE_UNSPECIFIED
+	}
+}
+
+func createdOrganizationToPb(createdOrg *command.CreatedOrg) (_ *org.CreateOrganizationResponse, err error) {
+	admins := make([]*org.CreatedAdmin, len(createdOrg.CreatedAdmins))
+	for i, admin := range createdOrg.CreatedAdmins {
+		admins[i] = &org.CreatedAdmin{
+			UserId:    admin.ID,
+			EmailCode: admin.EmailCode,
+			PhoneCode: admin.PhoneCode,
+		}
+	}
+	return &org.CreateOrganizationResponse{
+		CreationDate:  timestamppb.New(createdOrg.ObjectDetails.EventDate),
+		Id:            createdOrg.ObjectDetails.ResourceOwner,
+		CreatedAdmins: admins,
+	}, nil
+}
+
+func OrgViewsToPb(orgs []*query.Org) []*v2beta_org.Organization {
+	o := make([]*v2beta_org.Organization, len(orgs))
+	for i, org := range orgs {
+		o[i] = OrganizationViewToPb(org)
+	}
+	return o
+}
+
+func OrgQueriesToModel(queries []*v2beta_org.OrganizationSearchFilter) (_ []query.SearchQuery, err error) {
+	q := make([]query.SearchQuery, len(queries))
+	for i, query := range queries {
+		q[i], err = OrgQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func OrgQueryToModel(apiQuery *v2beta_org.OrganizationSearchFilter) (query.SearchQuery, error) {
+	switch q := apiQuery.Filter.(type) {
+	case *v2beta_org.OrganizationSearchFilter_DomainFilter:
+		return query.NewOrgVerifiedDomainSearchQuery(v2beta_object.TextMethodToQuery(q.DomainFilter.Method), q.DomainFilter.Domain)
+	case *v2beta_org.OrganizationSearchFilter_NameFilter:
+		return query.NewOrgNameSearchQuery(v2beta_object.TextMethodToQuery(q.NameFilter.Method), q.NameFilter.Name)
+	case *v2beta_org.OrganizationSearchFilter_StateFilter:
+		return query.NewOrgStateSearchQuery(OrgStateToDomain(q.StateFilter.State))
+	case *v2beta_org.OrganizationSearchFilter_IdFilter:
+		return query.NewOrgIDSearchQuery(q.IdFilter.Id)
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "ORG-vR9nC", "List.Query.Invalid")
+	}
+}
+
+func OrgStateToDomain(state v2beta_org.OrgState) domain.OrgState {
+	switch state {
+	case v2beta_org.OrgState_ORG_STATE_ACTIVE:
+		return domain.OrgStateActive
+	case v2beta_org.OrgState_ORG_STATE_INACTIVE:
+		return domain.OrgStateInactive
+	case v2beta_org.OrgState_ORG_STATE_REMOVED:
+		// added to please golangci-lint
+		return domain.OrgStateRemoved
+	case v2beta_org.OrgState_ORG_STATE_UNSPECIFIED:
+		fallthrough
+	default:
+		return domain.OrgStateUnspecified
+	}
+}
+
+func FieldNameToOrgColumn(fieldName v2beta_org.OrgFieldName) query.Column {
+	switch fieldName {
+	case v2beta_org.OrgFieldName_ORG_FIELD_NAME_NAME:
+		return query.OrgColumnName
+	case v2beta_org.OrgFieldName_ORG_FIELD_NAME_CREATION_DATE:
+		return query.OrgColumnCreationDate
+	case v2beta_org.OrgFieldName_ORG_FIELD_NAME_UNSPECIFIED:
+		return query.Column{}
+	default:
+		return query.Column{}
+	}
+}
+
+func ListOrgDomainsRequestToModel(systemDefaults systemdefaults.SystemDefaults, request *org.ListOrganizationDomainsRequest) (*query.OrgDomainSearchQueries, error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(systemDefaults, request.Pagination)
+	if err != nil {
+		return nil, err
+	}
+	queries, err := DomainQueriesToModel(request.Filters)
+	if err != nil {
+		return nil, err
+	}
+	return &query.OrgDomainSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset: offset,
+			Limit:  limit,
+			Asc:    asc,
+		},
+		// SortingColumn: //TODO: sorting
+		Queries: queries,
+	}, nil
+}
+
+func ListQueryToModel(query *v2beta.ListQuery) (offset, limit uint64, asc bool) {
+	if query == nil {
+		return 0, 0, false
+	}
+	return query.Offset, uint64(query.Limit), query.Asc
+}
+
+func DomainQueriesToModel(queries []*v2beta_org.DomainSearchFilter) (_ []query.SearchQuery, err error) {
+	q := make([]query.SearchQuery, len(queries))
+	for i, query := range queries {
+		q[i], err = DomainQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func DomainQueryToModel(searchQuery *v2beta_org.DomainSearchFilter) (query.SearchQuery, error) {
+	switch q := searchQuery.Filter.(type) {
+	case *v2beta_org.DomainSearchFilter_DomainNameFilter:
+		return query.NewOrgDomainDomainSearchQuery(v2beta_object.TextMethodToQuery(q.DomainNameFilter.Method), q.DomainNameFilter.Name)
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Ags89", "List.Query.Invalid")
+	}
+}
+
+func RemoveOrgDomainRequestToDomain(ctx context.Context, req *v2beta_org.DeleteOrganizationDomainRequest) *domain.OrgDomain {
+	return &domain.OrgDomain{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.OrganizationId,
+		},
+		Domain: req.Domain,
+	}
+}
+
+func GenerateOrgDomainValidationRequestToDomain(ctx context.Context, req *v2beta_org.GenerateOrganizationDomainValidationRequest) *domain.OrgDomain {
+	return &domain.OrgDomain{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.OrganizationId,
+		},
+		Domain:         req.Domain,
+		ValidationType: v2beta_object.DomainValidationTypeToDomain(req.Type),
+	}
+}
+
+func ValidateOrgDomainRequestToDomain(ctx context.Context, req *v2beta_org.VerifyOrganizationDomainRequest) *domain.OrgDomain {
+	return &domain.OrgDomain{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.OrganizationId,
+		},
+		Domain: req.Domain,
+	}
+}
+
+func BulkSetOrgMetadataToDomain(req *v2beta_org.SetOrganizationMetadataRequest) []*domain.Metadata {
+	metadata := make([]*domain.Metadata, len(req.Metadata))
+	for i, data := range req.Metadata {
+		metadata[i] = &domain.Metadata{
+			Key:   data.Key,
+			Value: data.Value,
+		}
+	}
+	return metadata
+}
+
+func ListOrgMetadataToDomain(systemDefaults systemdefaults.SystemDefaults, request *v2beta_org.ListOrganizationMetadataRequest) (*query.OrgMetadataSearchQueries, error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(systemDefaults, request.Pagination)
+	if err != nil {
+		return nil, err
+	}
+	queries, err := metadata.OrgMetadataQueriesToQuery(request.Filter)
+	if err != nil {
+		return nil, err
+	}
+	return &query.OrgMetadataSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset: offset,
+			Limit:  limit,
+			Asc:    asc,
+		},
+		Queries: queries,
+	}, nil
+}
diff --git a/internal/api/grpc/org/v2beta/integration_test/org_test.go b/internal/api/grpc/org/v2beta/integration_test/org_test.go
index a2b2bf6047..4e0ec26121 100644
--- a/internal/api/grpc/org/v2beta/integration_test/org_test.go
+++ b/internal/api/grpc/org/v2beta/integration_test/org_test.go
@@ -4,7 +4,9 @@ package org_test
 
 import (
 	"context"
+	"errors"
 	"os"
+	"strings"
 	"testing"
 	"time"
 
@@ -14,7 +16,10 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/zitadel/zitadel/internal/integration"
+	"github.com/zitadel/zitadel/pkg/grpc/admin"
+	v2beta_object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
 	org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
+	v2beta_org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 	user_v2beta "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
@@ -22,7 +27,7 @@ import (
 var (
 	CTX      context.Context
 	Instance *integration.Instance
-	Client   org.OrganizationServiceClient
+	Client   v2beta_org.OrganizationServiceClient
 	User     *user.AddHumanUserResponse
 )
 
@@ -40,20 +45,21 @@ func TestMain(m *testing.M) {
 	}())
 }
 
-func TestServer_AddOrganization(t *testing.T) {
+func TestServer_CreateOrganization(t *testing.T) {
 	idpResp := Instance.AddGenericOAuthProvider(CTX, Instance.DefaultOrg.Id)
 
 	tests := []struct {
 		name    string
 		ctx     context.Context
-		req     *org.AddOrganizationRequest
-		want    *org.AddOrganizationResponse
+		req     *v2beta_org.CreateOrganizationRequest
+		id      string
+		want    *v2beta_org.CreateOrganizationResponse
 		wantErr bool
 	}{
 		{
 			name: "missing permission",
-			ctx:  Instance.WithAuthorization(context.Background(), integration.UserTypeOrgOwner),
-			req: &org.AddOrganizationRequest{
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			req: &v2beta_org.CreateOrganizationRequest{
 				Name:   "name",
 				Admins: nil,
 			},
@@ -62,7 +68,7 @@ func TestServer_AddOrganization(t *testing.T) {
 		{
 			name: "empty name",
 			ctx:  CTX,
-			req: &org.AddOrganizationRequest{
+			req: &v2beta_org.CreateOrganizationRequest{
 				Name:   "",
 				Admins: nil,
 			},
@@ -71,34 +77,22 @@ func TestServer_AddOrganization(t *testing.T) {
 		{
 			name: "invalid admin type",
 			ctx:  CTX,
-			req: &org.AddOrganizationRequest{
+			req: &v2beta_org.CreateOrganizationRequest{
 				Name: gofakeit.AppName(),
-				Admins: []*org.AddOrganizationRequest_Admin{
+				Admins: []*v2beta_org.CreateOrganizationRequest_Admin{
 					{},
 				},
 			},
 			wantErr: true,
 		},
-		{
-			name: "no admin, custom org ID",
-			ctx:  CTX,
-			req: &org.AddOrganizationRequest{
-				Name:  gofakeit.AppName(),
-				OrgId: gu.Ptr("custom-org-ID"),
-			},
-			want: &org.AddOrganizationResponse{
-				OrganizationId: "custom-org-ID",
-				CreatedAdmins:  []*org.AddOrganizationResponse_CreatedAdmin{},
-			},
-		},
 		{
 			name: "admin with init",
 			ctx:  CTX,
-			req: &org.AddOrganizationRequest{
+			req: &v2beta_org.CreateOrganizationRequest{
 				Name: gofakeit.AppName(),
-				Admins: []*org.AddOrganizationRequest_Admin{
+				Admins: []*v2beta_org.CreateOrganizationRequest_Admin{
 					{
-						UserType: &org.AddOrganizationRequest_Admin_Human{
+						UserType: &v2beta_org.CreateOrganizationRequest_Admin_Human{
 							Human: &user_v2beta.AddHumanUserRequest{
 								Profile: &user_v2beta.SetHumanProfile{
 									GivenName:  "firstname",
@@ -115,9 +109,9 @@ func TestServer_AddOrganization(t *testing.T) {
 					},
 				},
 			},
-			want: &org.AddOrganizationResponse{
-				OrganizationId: integration.NotEmpty,
-				CreatedAdmins: []*org.AddOrganizationResponse_CreatedAdmin{
+			want: &v2beta_org.CreateOrganizationResponse{
+				Id: integration.NotEmpty,
+				CreatedAdmins: []*v2beta_org.CreatedAdmin{
 					{
 						UserId:    integration.NotEmpty,
 						EmailCode: gu.Ptr(integration.NotEmpty),
@@ -129,14 +123,14 @@ func TestServer_AddOrganization(t *testing.T) {
 		{
 			name: "existing user and new human with idp",
 			ctx:  CTX,
-			req: &org.AddOrganizationRequest{
+			req: &v2beta_org.CreateOrganizationRequest{
 				Name: gofakeit.AppName(),
-				Admins: []*org.AddOrganizationRequest_Admin{
+				Admins: []*v2beta_org.CreateOrganizationRequest_Admin{
 					{
-						UserType: &org.AddOrganizationRequest_Admin_UserId{UserId: User.GetUserId()},
+						UserType: &v2beta_org.CreateOrganizationRequest_Admin_UserId{UserId: User.GetUserId()},
 					},
 					{
-						UserType: &org.AddOrganizationRequest_Admin_Human{
+						UserType: &v2beta_org.CreateOrganizationRequest_Admin_Human{
 							Human: &user_v2beta.AddHumanUserRequest{
 								Profile: &user_v2beta.SetHumanProfile{
 									GivenName:  "firstname",
@@ -160,8 +154,8 @@ func TestServer_AddOrganization(t *testing.T) {
 					},
 				},
 			},
-			want: &org.AddOrganizationResponse{
-				CreatedAdmins: []*org.AddOrganizationResponse_CreatedAdmin{
+			want: &v2beta_org.CreateOrganizationResponse{
+				CreatedAdmins: []*v2beta_org.CreatedAdmin{
 					// a single admin is expected, because the first provided already exists
 					{
 						UserId: integration.NotEmpty,
@@ -169,25 +163,36 @@ func TestServer_AddOrganization(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "create with ID",
+			ctx:  CTX,
+			id:   "custom_id",
+			req: &v2beta_org.CreateOrganizationRequest{
+				Name: gofakeit.AppName(),
+				Id:   gu.Ptr("custom_id"),
+			},
+			want: &v2beta_org.CreateOrganizationResponse{},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := Client.AddOrganization(tt.ctx, tt.req)
+			got, err := Client.CreateOrganization(tt.ctx, tt.req)
 			if tt.wantErr {
 				require.Error(t, err)
 				return
 			}
 			require.NoError(t, err)
 
+			if tt.id != "" {
+				require.Equal(t, tt.id, got.Id)
+			}
+
 			// check details
-			assert.NotZero(t, got.GetDetails().GetSequence())
-			gotCD := got.GetDetails().GetChangeDate().AsTime()
+			gotCD := got.GetCreationDate().AsTime()
 			now := time.Now()
 			assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
-			assert.NotEmpty(t, got.GetDetails().GetResourceOwner())
 
 			// organization id must be the same as the resourceOwner
-			assert.Equal(t, got.GetDetails().GetResourceOwner(), got.GetOrganizationId())
 
 			// check the admins
 			require.Len(t, got.GetCreatedAdmins(), len(tt.want.GetCreatedAdmins()))
@@ -199,7 +204,1739 @@ func TestServer_AddOrganization(t *testing.T) {
 	}
 }
 
-func assertCreatedAdmin(t *testing.T, expected, got *org.AddOrganizationResponse_CreatedAdmin) {
+func TestServer_UpdateOrganization(t *testing.T) {
+	orgs, orgsName, err := createOrgs(CTX, Client, 1)
+	if err != nil {
+		assert.Fail(t, "unable to create org")
+		return
+	}
+	orgId := orgs[0].Id
+	orgName := orgsName[0]
+
+	tests := []struct {
+		name    string
+		ctx     context.Context
+		req     *v2beta_org.UpdateOrganizationRequest
+		want    *v2beta_org.UpdateOrganizationResponse
+		wantErr bool
+	}{
+		{
+			name: "update org with new name",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			req: &v2beta_org.UpdateOrganizationRequest{
+				Id:   orgId,
+				Name: "new org name",
+			},
+		},
+		{
+			name: "update org with same name",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			req: &v2beta_org.UpdateOrganizationRequest{
+				Id:   orgId,
+				Name: orgName,
+			},
+		},
+		{
+			name: "update org with non existent org id",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			req: &v2beta_org.UpdateOrganizationRequest{
+				Id: "non existant org id",
+				// Name: "",
+			},
+			wantErr: true,
+		},
+		{
+			name: "update org with no id",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			req: &v2beta_org.UpdateOrganizationRequest{
+				Id:   "",
+				Name: orgName,
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := Client.UpdateOrganization(tt.ctx, tt.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+
+			// check details
+			gotCD := got.GetChangeDate().AsTime()
+			now := time.Now()
+			assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+		})
+	}
+}
+
+func TestServer_ListOrganizations(t *testing.T) {
+	testStartTimestamp := time.Now()
+	ListOrgIinstance := integration.NewInstance(CTX)
+	listOrgIAmOwnerCtx := ListOrgIinstance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	listOrgClient := ListOrgIinstance.Client.OrgV2beta
+
+	noOfOrgs := 3
+	orgs, orgsName, err := createOrgs(listOrgIAmOwnerCtx, listOrgClient, noOfOrgs)
+	if err != nil {
+		require.NoError(t, err)
+		return
+	}
+
+	// deactivat org[1]
+	_, err = listOrgClient.DeactivateOrganization(listOrgIAmOwnerCtx, &v2beta_org.DeactivateOrganizationRequest{
+		Id: orgs[1].Id,
+	})
+	require.NoError(t, err)
+
+	tests := []struct {
+		name  string
+		ctx   context.Context
+		query []*v2beta_org.OrganizationSearchFilter
+		want  []*v2beta_org.Organization
+		err   error
+	}{
+		{
+			name: "list organizations, without required permissions",
+			ctx:  ListOrgIinstance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+			err:  errors.New("membership not found"),
+		},
+		{
+			name: "list organizations happy path, no filter",
+			ctx:  listOrgIAmOwnerCtx,
+			want: []*v2beta_org.Organization{
+				{
+					// default org
+					Name: "testinstance",
+				},
+				{
+					Id:   orgs[0].Id,
+					Name: orgsName[0],
+				},
+				{
+					Id:   orgs[1].Id,
+					Name: orgsName[1],
+				},
+				{
+					Id:   orgs[2].Id,
+					Name: orgsName[2],
+				},
+			},
+		},
+		{
+			name: "list organizations by id happy path",
+			ctx:  listOrgIAmOwnerCtx,
+			query: []*v2beta_org.OrganizationSearchFilter{
+				{
+					Filter: &v2beta_org.OrganizationSearchFilter_IdFilter{
+						IdFilter: &v2beta_org.OrgIDFilter{
+							Id: orgs[1].Id,
+						},
+					},
+				},
+			},
+			want: []*v2beta_org.Organization{
+				{
+					Id:   orgs[1].Id,
+					Name: orgsName[1],
+				},
+			},
+		},
+		{
+			name: "list organizations by state active",
+			ctx:  listOrgIAmOwnerCtx,
+			query: []*v2beta_org.OrganizationSearchFilter{
+				{
+					Filter: &v2beta_org.OrganizationSearchFilter_StateFilter{
+						StateFilter: &v2beta_org.OrgStateFilter{
+							State: v2beta_org.OrgState_ORG_STATE_ACTIVE,
+						},
+					},
+				},
+			},
+			want: []*v2beta_org.Organization{
+				{
+					// default org
+					Name: "testinstance",
+				},
+				{
+					Id:   orgs[0].Id,
+					Name: orgsName[0],
+				},
+				{
+					Id:   orgs[2].Id,
+					Name: orgsName[2],
+				},
+			},
+		},
+		{
+			name: "list organizations by state inactive",
+			ctx:  listOrgIAmOwnerCtx,
+			query: []*v2beta_org.OrganizationSearchFilter{
+				{
+					Filter: &v2beta_org.OrganizationSearchFilter_StateFilter{
+						StateFilter: &v2beta_org.OrgStateFilter{
+							State: v2beta_org.OrgState_ORG_STATE_INACTIVE,
+						},
+					},
+				},
+			},
+			want: []*v2beta_org.Organization{
+				{
+					Id:   orgs[1].Id,
+					Name: orgsName[1],
+				},
+			},
+		},
+		{
+			name: "list organizations by id bad id",
+			ctx:  listOrgIAmOwnerCtx,
+			query: []*v2beta_org.OrganizationSearchFilter{
+				{
+					Filter: &v2beta_org.OrganizationSearchFilter_IdFilter{
+						IdFilter: &v2beta_org.OrgIDFilter{
+							Id: "bad id",
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "list organizations specify org name equals",
+			ctx:  listOrgIAmOwnerCtx,
+			query: []*v2beta_org.OrganizationSearchFilter{
+				{
+					Filter: &v2beta_org.OrganizationSearchFilter_NameFilter{
+						NameFilter: &v2beta_org.OrgNameFilter{
+							Name:   orgsName[1],
+							Method: v2beta_object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS,
+						},
+					},
+				},
+			},
+			want: []*v2beta_org.Organization{
+				{
+					Id:   orgs[1].Id,
+					Name: orgsName[1],
+				},
+			},
+		},
+		{
+			name: "list organizations specify org name contains",
+			ctx:  listOrgIAmOwnerCtx,
+			query: []*v2beta_org.OrganizationSearchFilter{
+				{
+					Filter: &v2beta_org.OrganizationSearchFilter_NameFilter{
+						NameFilter: &v2beta_org.OrgNameFilter{
+							Name: func() string {
+								return orgsName[1][1 : len(orgsName[1])-2]
+							}(),
+							Method: v2beta_object.TextQueryMethod_TEXT_QUERY_METHOD_CONTAINS,
+						},
+					},
+				},
+			},
+			want: []*v2beta_org.Organization{
+				{
+					Id:   orgs[1].Id,
+					Name: orgsName[1],
+				},
+			},
+		},
+		{
+			name: "list organizations specify org name contains IGNORE CASE",
+			ctx:  listOrgIAmOwnerCtx,
+			query: []*v2beta_org.OrganizationSearchFilter{
+				{
+					Filter: &v2beta_org.OrganizationSearchFilter_NameFilter{
+						NameFilter: &v2beta_org.OrgNameFilter{
+							Name: func() string {
+								return strings.ToUpper(orgsName[1][1 : len(orgsName[1])-2])
+							}(),
+							Method: v2beta_object.TextQueryMethod_TEXT_QUERY_METHOD_CONTAINS_IGNORE_CASE,
+						},
+					},
+				},
+			},
+			want: []*v2beta_org.Organization{
+				{
+					Id:   orgs[1].Id,
+					Name: orgsName[1],
+				},
+			},
+		},
+		{
+			name: "list organizations specify domain name equals",
+			ctx:  listOrgIAmOwnerCtx,
+			query: []*v2beta_org.OrganizationSearchFilter{
+				{
+					Filter: &org.OrganizationSearchFilter_DomainFilter{
+						DomainFilter: &org.OrgDomainFilter{
+							Domain: func() string {
+								listOrgRes, err := listOrgClient.ListOrganizations(listOrgIAmOwnerCtx, &v2beta_org.ListOrganizationsRequest{
+									Filter: []*v2beta_org.OrganizationSearchFilter{
+										{
+											Filter: &v2beta_org.OrganizationSearchFilter_IdFilter{
+												IdFilter: &v2beta_org.OrgIDFilter{
+													Id: orgs[1].Id,
+												},
+											},
+										},
+									},
+								})
+								require.NoError(t, err)
+								domain := listOrgRes.Organizations[0].PrimaryDomain
+								return domain
+							}(),
+							Method: v2beta_object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS,
+						},
+					},
+				},
+			},
+			want: []*v2beta_org.Organization{
+				{
+					Id:   orgs[1].Id,
+					Name: orgsName[1],
+				},
+			},
+		},
+		{
+			name: "list organizations specify domain name contains",
+			ctx:  listOrgIAmOwnerCtx,
+			query: []*v2beta_org.OrganizationSearchFilter{
+				{
+					Filter: &org.OrganizationSearchFilter_DomainFilter{
+						DomainFilter: &org.OrgDomainFilter{
+							Domain: func() string {
+								domain := strings.ToLower(strings.ReplaceAll(orgsName[1][1:len(orgsName[1])-2], " ", "-"))
+								return domain
+							}(),
+							Method: v2beta_object.TextQueryMethod_TEXT_QUERY_METHOD_CONTAINS,
+						},
+					},
+				},
+			},
+			want: []*v2beta_org.Organization{
+				{
+					Id:   orgs[1].Id,
+					Name: orgsName[1],
+				},
+			},
+		},
+		{
+			name: "list organizations specify org name contains IGNORE CASE",
+			ctx:  listOrgIAmOwnerCtx,
+			query: []*v2beta_org.OrganizationSearchFilter{
+				{
+					Filter: &org.OrganizationSearchFilter_DomainFilter{
+						DomainFilter: &org.OrgDomainFilter{
+							Domain: func() string {
+								domain := strings.ToUpper(strings.ReplaceAll(orgsName[1][1:len(orgsName[1])-2], " ", "-"))
+								return domain
+							}(),
+							Method: v2beta_object.TextQueryMethod_TEXT_QUERY_METHOD_CONTAINS_IGNORE_CASE,
+						},
+					},
+				},
+			},
+			want: []*v2beta_org.Organization{
+				{
+					Id:   orgs[1].Id,
+					Name: orgsName[1],
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, 10*time.Minute)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				got, err := listOrgClient.ListOrganizations(tt.ctx, &v2beta_org.ListOrganizationsRequest{
+					Filter: tt.query,
+				})
+				if tt.err != nil {
+					require.ErrorContains(t, err, tt.err.Error())
+					return
+				}
+				require.NoError(ttt, err)
+
+				require.Equal(ttt, uint64(len(tt.want)), got.Pagination.GetTotalResult())
+
+				foundOrgs := 0
+				for _, got := range got.Organizations {
+					for _, org := range tt.want {
+
+						// created/chagned date
+						gotCD := got.GetCreationDate().AsTime()
+						now := time.Now()
+						assert.WithinRange(ttt, gotCD, testStartTimestamp, now.Add(time.Minute))
+						gotCD = got.GetChangedDate().AsTime()
+						assert.WithinRange(ttt, gotCD, testStartTimestamp, now.Add(time.Minute))
+
+						// default org
+						if org.Name == got.Name && got.Name == "testinstance" {
+							foundOrgs += 1
+							continue
+						}
+
+						if org.Name == got.Name &&
+							org.Id == got.Id {
+							foundOrgs += 1
+						}
+					}
+				}
+				require.Equal(ttt, len(tt.want), foundOrgs)
+			}, retryDuration, tick, "timeout waiting for expected organizations being created")
+		})
+	}
+}
+
+func TestServer_DeleteOrganization(t *testing.T) {
+	tests := []struct {
+		name          string
+		ctx           context.Context
+		createOrgFunc func() string
+		req           *v2beta_org.DeleteOrganizationRequest
+		want          *v2beta_org.DeleteOrganizationResponse
+		dontCheckTime bool
+		err           error
+	}{
+		{
+			name: "delete org no permission",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+			createOrgFunc: func() string {
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create org")
+					return ""
+				}
+				return orgs[0].Id
+			},
+			req: &v2beta_org.DeleteOrganizationRequest{},
+			err: errors.New("membership not found"),
+		},
+		{
+			name: "delete org happy path",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			createOrgFunc: func() string {
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create org")
+					return ""
+				}
+				return orgs[0].Id
+			},
+			req: &v2beta_org.DeleteOrganizationRequest{},
+		},
+		{
+			name: "delete already deleted org",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			createOrgFunc: func() string {
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create org")
+					return ""
+				}
+				// delete org
+				_, err = Client.DeleteOrganization(CTX, &v2beta_org.DeleteOrganizationRequest{Id: orgs[0].Id})
+				require.NoError(t, err)
+
+				return orgs[0].Id
+			},
+			req:           &v2beta_org.DeleteOrganizationRequest{},
+			dontCheckTime: true,
+		},
+		{
+			name: "delete non existent org",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			req: &v2beta_org.DeleteOrganizationRequest{
+				Id: "non existent org id",
+			},
+			dontCheckTime: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.createOrgFunc != nil {
+				tt.req.Id = tt.createOrgFunc()
+			}
+
+			got, err := Client.DeleteOrganization(tt.ctx, tt.req)
+			if tt.err != nil {
+				require.Contains(t, err.Error(), tt.err.Error())
+				return
+			}
+			require.NoError(t, err)
+
+			// check details
+			gotCD := got.GetDeletionDate().AsTime()
+			if !tt.dontCheckTime {
+				now := time.Now()
+				assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+			}
+		})
+	}
+}
+
+func TestServer_DeactivateReactivateNonExistentOrganization(t *testing.T) {
+	ctx := Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+
+	// deactivate non existent organization
+	_, err := Client.DeactivateOrganization(ctx, &v2beta_org.DeactivateOrganizationRequest{
+		Id: "non existent organization",
+	})
+	require.Contains(t, err.Error(), "Organisation not found")
+
+	// reactivate non existent organization
+	_, err = Client.ActivateOrganization(ctx, &v2beta_org.ActivateOrganizationRequest{
+		Id: "non existent organization",
+	})
+	require.Contains(t, err.Error(), "Organisation not found")
+}
+
+func TestServer_ActivateOrganization(t *testing.T) {
+	tests := []struct {
+		name     string
+		ctx      context.Context
+		testFunc func() string
+		err      error
+	}{
+		{
+			name: "Activate, happy path",
+			ctx:  CTX,
+			testFunc: func() string {
+				// 1. create organization
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create orgs")
+					return ""
+				}
+				orgId := orgs[0].Id
+
+				// 2. deactivate organization once
+				deactivate_res, err := Client.DeactivateOrganization(CTX, &v2beta_org.DeactivateOrganizationRequest{
+					Id: orgId,
+				})
+				require.NoError(t, err)
+				gotCD := deactivate_res.GetChangeDate().AsTime()
+				now := time.Now()
+				assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+
+				// 3. check organization state is deactivated
+				retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, 10*time.Minute)
+				require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+					listOrgRes, err := Client.ListOrganizations(CTX, &v2beta_org.ListOrganizationsRequest{
+						Filter: []*v2beta_org.OrganizationSearchFilter{
+							{
+								Filter: &v2beta_org.OrganizationSearchFilter_IdFilter{
+									IdFilter: &v2beta_org.OrgIDFilter{
+										Id: orgId,
+									},
+								},
+							},
+						},
+					})
+					require.NoError(ttt, err)
+					require.Equal(ttt, v2beta_org.OrgState_ORG_STATE_INACTIVE, listOrgRes.Organizations[0].State)
+				}, retryDuration, tick, "timeout waiting for expected organizations being created")
+
+				return orgId
+			},
+		},
+		{
+			name: "Activate, no permission",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+			testFunc: func() string {
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create orgs")
+					return ""
+				}
+				orgId := orgs[0].Id
+				return orgId
+			},
+			// BUG: this needs changing
+			err: errors.New("membership not found"),
+		},
+		{
+			name: "Activate, not existing",
+			ctx:  CTX,
+			testFunc: func() string {
+				return "non-existing-org-id"
+			},
+			err: errors.New("Organisation not found"),
+		},
+		{
+			name: "Activate, already activated",
+			ctx:  CTX,
+			testFunc: func() string {
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create orgs")
+					return ""
+				}
+				orgId := orgs[0].Id
+				return orgId
+			},
+			err: errors.New("Organisation is already active"),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var orgId string
+			if tt.testFunc != nil {
+				orgId = tt.testFunc()
+			}
+			_, err := Client.ActivateOrganization(tt.ctx, &v2beta_org.ActivateOrganizationRequest{
+				Id: orgId,
+			})
+			if tt.err != nil {
+				require.Contains(t, err.Error(), tt.err.Error())
+			} else {
+				require.NoError(t, err)
+			}
+		})
+	}
+}
+
+func TestServer_DeactivateOrganization(t *testing.T) {
+	tests := []struct {
+		name     string
+		ctx      context.Context
+		testFunc func() string
+		err      error
+	}{
+		{
+			name: "Deactivate, happy path",
+			ctx:  CTX,
+			testFunc: func() string {
+				// 1. create organization
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create orgs")
+					return ""
+				}
+				orgId := orgs[0].Id
+
+				return orgId
+			},
+		},
+		{
+			name: "Deactivate, no permission",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+			testFunc: func() string {
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create orgs")
+					return ""
+				}
+				orgId := orgs[0].Id
+				return orgId
+			},
+			// BUG: this needs changing
+			err: errors.New("membership not found"),
+		},
+		{
+			name: "Deactivate, not existing",
+			ctx:  CTX,
+			testFunc: func() string {
+				return "non-existing-org-id"
+			},
+			err: errors.New("Organisation not found"),
+		},
+		{
+			name: "Deactivate, already deactivated",
+			ctx:  CTX,
+			testFunc: func() string {
+				// 1. create organization
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create orgs")
+					return ""
+				}
+				orgId := orgs[0].Id
+
+				// 2. deactivate organization once
+				deactivate_res, err := Client.DeactivateOrganization(CTX, &v2beta_org.DeactivateOrganizationRequest{
+					Id: orgId,
+				})
+				require.NoError(t, err)
+				gotCD := deactivate_res.GetChangeDate().AsTime()
+				now := time.Now()
+				assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+
+				// 3. check organization state is deactivated
+				retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, 10*time.Minute)
+				require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+					listOrgRes, err := Client.ListOrganizations(CTX, &v2beta_org.ListOrganizationsRequest{
+						Filter: []*v2beta_org.OrganizationSearchFilter{
+							{
+								Filter: &v2beta_org.OrganizationSearchFilter_IdFilter{
+									IdFilter: &v2beta_org.OrgIDFilter{
+										Id: orgId,
+									},
+								},
+							},
+						},
+					})
+					require.NoError(ttt, err)
+					require.Equal(ttt, v2beta_org.OrgState_ORG_STATE_INACTIVE, listOrgRes.Organizations[0].State)
+				}, retryDuration, tick, "timeout waiting for expected organizations being created")
+
+				return orgId
+			},
+			err: errors.New("Organisation is already deactivated"),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var orgId string
+			orgId = tt.testFunc()
+			_, err := Client.DeactivateOrganization(tt.ctx, &v2beta_org.DeactivateOrganizationRequest{
+				Id: orgId,
+			})
+			if tt.err != nil {
+				require.Contains(t, err.Error(), tt.err.Error())
+			} else {
+				require.NoError(t, err)
+			}
+		})
+	}
+}
+
+func TestServer_AddOrganizationDomain(t *testing.T) {
+	tests := []struct {
+		name     string
+		ctx      context.Context
+		domain   string
+		testFunc func() string
+		err      error
+	}{
+		{
+			name:   "add org domain, happy path",
+			domain: gofakeit.URL(),
+			testFunc: func() string {
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create org")
+					return ""
+				}
+				orgId := orgs[0].Id
+				return orgId
+			},
+		},
+		{
+			name:   "add org domain, twice",
+			domain: gofakeit.URL(),
+			testFunc: func() string {
+				// 1. create organization
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create org")
+					return ""
+				}
+				orgId := orgs[0].Id
+
+				domain := gofakeit.URL()
+				// 2. add domain
+				addOrgDomainRes, err := Client.AddOrganizationDomain(CTX, &v2beta_org.AddOrganizationDomainRequest{
+					OrganizationId: orgId,
+					Domain:         domain,
+				})
+				require.NoError(t, err)
+				// check details
+				gotCD := addOrgDomainRes.GetCreationDate().AsTime()
+				now := time.Now()
+				assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+
+				// check domain added
+				retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, 10*time.Minute)
+				require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+					queryRes, err := Client.ListOrganizationDomains(CTX, &v2beta_org.ListOrganizationDomainsRequest{
+						OrganizationId: orgId,
+					})
+					require.NoError(t, err)
+					found := false
+					for _, res := range queryRes.Domains {
+						if res.DomainName == domain {
+							found = true
+						}
+					}
+					require.True(t, found, "unable to find added domain")
+				}, retryDuration, tick, "timeout waiting for expected organizations being created")
+
+				return orgId
+			},
+		},
+		{
+			name:   "add org domain to non existent org",
+			domain: gofakeit.URL(),
+			testFunc: func() string {
+				return "non-existing-org-id"
+			},
+			// BUG: should return a error
+			err: nil,
+		},
+	}
+
+	for _, tt := range tests {
+		var orgId string
+		t.Run(tt.name, func(t *testing.T) {
+			orgId = tt.testFunc()
+		})
+		addOrgDomainRes, err := Client.AddOrganizationDomain(CTX, &v2beta_org.AddOrganizationDomainRequest{
+			OrganizationId: orgId,
+			Domain:         tt.domain,
+		})
+		if tt.err != nil {
+			require.Contains(t, err.Error(), tt.err.Error())
+		} else {
+			require.NoError(t, err)
+			// check details
+			gotCD := addOrgDomainRes.GetCreationDate().AsTime()
+			now := time.Now()
+			assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+		}
+	}
+}
+
+func TestServer_ListOrganizationDomains(t *testing.T) {
+	domain := gofakeit.URL()
+	tests := []struct {
+		name     string
+		ctx      context.Context
+		domain   string
+		testFunc func() string
+		err      error
+	}{
+		{
+			name:   "list org domain, happy path",
+			domain: domain,
+			testFunc: func() string {
+				// 1. create organization
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create org")
+					return ""
+				}
+				orgId := orgs[0].Id
+				// 2. add domain
+				addOrgDomainRes, err := Client.AddOrganizationDomain(CTX, &v2beta_org.AddOrganizationDomainRequest{
+					OrganizationId: orgId,
+					Domain:         domain,
+				})
+				require.NoError(t, err)
+				// check details
+				gotCD := addOrgDomainRes.GetCreationDate().AsTime()
+				now := time.Now()
+				assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+
+				return orgId
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		var orgId string
+		t.Run(tt.name, func(t *testing.T) {
+			orgId = tt.testFunc()
+		})
+
+		var err error
+		var queryRes *v2beta_org.ListOrganizationDomainsResponse
+
+		retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, 10*time.Minute)
+		require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+			queryRes, err = Client.ListOrganizationDomains(CTX, &v2beta_org.ListOrganizationDomainsRequest{
+				OrganizationId: orgId,
+			})
+			require.NoError(t, err)
+			found := false
+			for _, res := range queryRes.Domains {
+				if res.DomainName == tt.domain {
+					found = true
+				}
+			}
+			require.True(t, found, "unable to find added domain")
+		}, retryDuration, tick, "timeout waiting for adding domain")
+
+	}
+}
+
+func TestServer_DeleteOerganizationDomain(t *testing.T) {
+	domain := gofakeit.URL()
+	tests := []struct {
+		name     string
+		ctx      context.Context
+		domain   string
+		testFunc func() string
+		err      error
+	}{
+		{
+			name:   "delete org domain, happy path",
+			domain: domain,
+			testFunc: func() string {
+				// 1. create organization
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create org")
+					return ""
+				}
+				orgId := orgs[0].Id
+
+				// 2. add domain
+				addOrgDomainRes, err := Client.AddOrganizationDomain(CTX, &v2beta_org.AddOrganizationDomainRequest{
+					OrganizationId: orgId,
+					Domain:         domain,
+				})
+				require.NoError(t, err)
+				// check details
+				gotCD := addOrgDomainRes.GetCreationDate().AsTime()
+				now := time.Now()
+				assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+
+				// check domain added
+				retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, 10*time.Minute)
+				require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+					queryRes, err := Client.ListOrganizationDomains(CTX, &v2beta_org.ListOrganizationDomainsRequest{
+						OrganizationId: orgId,
+					})
+					require.NoError(t, err)
+					found := false
+					for _, res := range queryRes.Domains {
+						if res.DomainName == domain {
+							found = true
+						}
+					}
+					require.True(t, found, "unable to find added domain")
+				}, retryDuration, tick, "timeout waiting for expected organizations being created")
+
+				return orgId
+			},
+		},
+		{
+			name:   "delete org domain, twice",
+			domain: gofakeit.URL(),
+			testFunc: func() string {
+				// 1. create organization
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create org")
+					return ""
+				}
+				orgId := orgs[0].Id
+
+				domain := gofakeit.URL()
+				// 2. add domain
+				addOrgDomainRes, err := Client.AddOrganizationDomain(CTX, &v2beta_org.AddOrganizationDomainRequest{
+					OrganizationId: orgId,
+					Domain:         domain,
+				})
+				require.NoError(t, err)
+				// check details
+				gotCD := addOrgDomainRes.GetCreationDate().AsTime()
+				now := time.Now()
+				assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+
+				// check domain added
+				retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, 10*time.Minute)
+				require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+					queryRes, err := Client.ListOrganizationDomains(CTX, &v2beta_org.ListOrganizationDomainsRequest{
+						OrganizationId: orgId,
+					})
+					require.NoError(t, err)
+					found := false
+					for _, res := range queryRes.Domains {
+						if res.DomainName == domain {
+							found = true
+						}
+					}
+					require.True(t, found, "unable to find added domain")
+				}, retryDuration, tick, "timeout waiting for expected organizations being created")
+
+				_, err = Client.DeleteOrganizationDomain(CTX, &v2beta_org.DeleteOrganizationDomainRequest{
+					OrganizationId: orgId,
+					Domain:         domain,
+				})
+				require.NoError(t, err)
+
+				return orgId
+			},
+			err: errors.New("Domain doesn't exist on organization"),
+		},
+		{
+			name:   "delete org domain to non existent org",
+			domain: gofakeit.URL(),
+			testFunc: func() string {
+				return "non-existing-org-id"
+			},
+			// BUG:
+			err: errors.New("Domain doesn't exist on organization"),
+		},
+	}
+
+	for _, tt := range tests {
+		var orgId string
+		t.Run(tt.name, func(t *testing.T) {
+			orgId = tt.testFunc()
+		})
+
+		_, err := Client.DeleteOrganizationDomain(CTX, &v2beta_org.DeleteOrganizationDomainRequest{
+			OrganizationId: orgId,
+			Domain:         tt.domain,
+		})
+
+		if tt.err != nil {
+			require.Contains(t, err.Error(), tt.err.Error())
+		} else {
+			require.NoError(t, err)
+		}
+	}
+}
+
+func TestServer_AddListDeleteOrganizationDomain(t *testing.T) {
+	tests := []struct {
+		name     string
+		testFunc func()
+	}{
+		{
+			name: "add org domain, re-add org domain",
+			testFunc: func() {
+				// 1. create organization
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create org")
+					return
+				}
+				orgId := orgs[0].Id
+				// ctx := Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+
+				domain := gofakeit.URL()
+				// 2. add domain
+				addOrgDomainRes, err := Client.AddOrganizationDomain(CTX, &v2beta_org.AddOrganizationDomainRequest{
+					OrganizationId: orgId,
+					Domain:         domain,
+				})
+				require.NoError(t, err)
+				// check details
+				gotCD := addOrgDomainRes.GetCreationDate().AsTime()
+				now := time.Now()
+				assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+
+				// 3. re-add domain
+				_, err = Client.AddOrganizationDomain(CTX, &v2beta_org.AddOrganizationDomainRequest{
+					OrganizationId: orgId,
+					Domain:         domain,
+				})
+				// TODO remove error for adding already existing domain
+				// require.NoError(t, err)
+				require.Contains(t, err.Error(), "Errors.Already.Exists")
+				// check details
+				// gotCD = addOrgDomainRes.GetDetails().GetChangeDate().AsTime()
+				// now = time.Now()
+				// assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+
+				// 4. check domain is added
+				queryRes, err := Client.ListOrganizationDomains(CTX, &v2beta_org.ListOrganizationDomainsRequest{
+					OrganizationId: orgId,
+				})
+				require.NoError(t, err)
+				found := false
+				for _, res := range queryRes.Domains {
+					if res.DomainName == domain {
+						found = true
+					}
+				}
+				require.True(t, found, "unable to find added domain")
+			},
+		},
+		{
+			name: "add org domain, delete org domain, re-delete org domain",
+			testFunc: func() {
+				// 1. create organization
+				orgs, _, err := createOrgs(CTX, Client, 1)
+				if err != nil {
+					assert.Fail(t, "unable to create org")
+					return
+				}
+				orgId := orgs[0].Id
+
+				domain := gofakeit.URL()
+				// 2. add domain
+				addOrgDomainRes, err := Client.AddOrganizationDomain(CTX, &v2beta_org.AddOrganizationDomainRequest{
+					OrganizationId: orgId,
+					Domain:         domain,
+				})
+				require.NoError(t, err)
+				// check details
+				gotCD := addOrgDomainRes.GetCreationDate().AsTime()
+				now := time.Now()
+				assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+
+				// 2. delete organisation domain
+				deleteOrgDomainRes, err := Client.DeleteOrganizationDomain(CTX, &v2beta_org.DeleteOrganizationDomainRequest{
+					OrganizationId: orgId,
+					Domain:         domain,
+				})
+				require.NoError(t, err)
+				// check details
+				gotCD = deleteOrgDomainRes.GetDeletionDate().AsTime()
+				now = time.Now()
+				assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+
+				retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, 10*time.Minute)
+				require.EventuallyWithT(t, func(t *assert.CollectT) {
+					// 3. check organization domain deleted
+					queryRes, err := Client.ListOrganizationDomains(CTX, &v2beta_org.ListOrganizationDomainsRequest{
+						OrganizationId: orgId,
+					})
+					require.NoError(t, err)
+					found := false
+					for _, res := range queryRes.Domains {
+						if res.DomainName == domain {
+							found = true
+						}
+					}
+					require.False(t, found, "deleted domain found")
+				}, retryDuration, tick, "timeout waiting for expected organizations being created")
+
+				// 4. redelete organisation domain
+				_, err = Client.DeleteOrganizationDomain(CTX, &v2beta_org.DeleteOrganizationDomainRequest{
+					OrganizationId: orgId,
+					Domain:         domain,
+				})
+				// TODO remove error for deleting org domain already deleted
+				// require.NoError(t, err)
+				require.Contains(t, err.Error(), "Domain doesn't exist on organization")
+				// check details
+				// gotCD = deleteOrgDomainRes.GetDetails().GetChangeDate().AsTime()
+				// now = time.Now()
+				// assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+
+				// 5. check organization domain deleted
+				queryRes, err := Client.ListOrganizationDomains(CTX, &v2beta_org.ListOrganizationDomainsRequest{
+					OrganizationId: orgId,
+				})
+				require.NoError(t, err)
+				found := false
+				for _, res := range queryRes.Domains {
+					if res.DomainName == domain {
+						found = true
+					}
+				}
+				require.False(t, found, "deleted domain found")
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tt.testFunc()
+		})
+	}
+}
+
+func TestServer_ValidateOrganizationDomain(t *testing.T) {
+	orgs, _, err := createOrgs(CTX, Client, 1)
+	if err != nil {
+		assert.Fail(t, "unable to create org")
+		return
+	}
+	orgId := orgs[0].Id
+
+	_, err = Instance.Client.Admin.UpdateDomainPolicy(CTX, &admin.UpdateDomainPolicyRequest{
+		ValidateOrgDomains: true,
+	})
+	if err != nil && !strings.Contains(err.Error(), "Organisation is already deactivated") {
+		require.NoError(t, err)
+	}
+
+	domain := gofakeit.URL()
+	_, err = Client.AddOrganizationDomain(CTX, &v2beta_org.AddOrganizationDomainRequest{
+		OrganizationId: orgId,
+		Domain:         domain,
+	})
+	require.NoError(t, err)
+
+	tests := []struct {
+		name string
+		ctx  context.Context
+		req  *v2beta_org.GenerateOrganizationDomainValidationRequest
+		err  error
+	}{
+		{
+			name: "validate org http happy path",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			req: &v2beta_org.GenerateOrganizationDomainValidationRequest{
+				OrganizationId: orgId,
+				Domain:         domain,
+				Type:           org.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP,
+			},
+		},
+		{
+			name: "validate org http non existnetn org id",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			req: &v2beta_org.GenerateOrganizationDomainValidationRequest{
+				OrganizationId: "non existent org id",
+				Domain:         domain,
+				Type:           org.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP,
+			},
+			// BUG: this should be 'organization does not exist'
+			err: errors.New("Domain doesn't exist on organization"),
+		},
+		{
+			name: "validate org dns happy path",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			req: &v2beta_org.GenerateOrganizationDomainValidationRequest{
+				OrganizationId: orgId,
+				Domain:         domain,
+				Type:           org.DomainValidationType_DOMAIN_VALIDATION_TYPE_DNS,
+			},
+		},
+		{
+			name: "validate org dns non existnetn org id",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			req: &v2beta_org.GenerateOrganizationDomainValidationRequest{
+				OrganizationId: "non existent org id",
+				Domain:         domain,
+				Type:           org.DomainValidationType_DOMAIN_VALIDATION_TYPE_DNS,
+			},
+			// BUG: this should be 'organization does not exist'
+			err: errors.New("Domain doesn't exist on organization"),
+		},
+		{
+			name: "validate org non existnetn domain",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			req: &v2beta_org.GenerateOrganizationDomainValidationRequest{
+				OrganizationId: orgId,
+				Domain:         "non existent domain",
+				Type:           org.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP,
+			},
+			err: errors.New("Domain doesn't exist on organization"),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := Client.GenerateOrganizationDomainValidation(tt.ctx, tt.req)
+			if tt.err != nil {
+				require.Contains(t, err.Error(), tt.err.Error())
+				return
+			}
+			require.NoError(t, err)
+
+			require.NotEmpty(t, got.Token)
+			require.Contains(t, got.Url, domain)
+		})
+	}
+}
+
+func TestServer_SetOrganizationMetadata(t *testing.T) {
+	orgs, _, err := createOrgs(CTX, Client, 1)
+	if err != nil {
+		assert.Fail(t, "unable to create org")
+		return
+	}
+	orgId := orgs[0].Id
+
+	tests := []struct {
+		name      string
+		ctx       context.Context
+		setupFunc func()
+		orgId     string
+		key       string
+		value     string
+		err       error
+	}{
+		{
+			name:  "set org metadata",
+			ctx:   Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			orgId: orgId,
+			key:   "key1",
+			value: "value1",
+		},
+		{
+			name:  "set org metadata on non existant org",
+			ctx:   Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			orgId: "non existant orgid",
+			key:   "key2",
+			value: "value2",
+			err:   errors.New("Organisation not found"),
+		},
+		{
+			name: "update org metadata",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			setupFunc: func() {
+				_, err := Client.SetOrganizationMetadata(CTX, &v2beta_org.SetOrganizationMetadataRequest{
+					OrganizationId: orgId,
+					Metadata: []*v2beta_org.Metadata{
+						{
+							Key:   "key3",
+							Value: []byte("value3"),
+						},
+					},
+				})
+				require.NoError(t, err)
+			},
+			orgId: orgId,
+			key:   "key4",
+			value: "value4",
+		},
+		{
+			name: "update org metadata with same value",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			setupFunc: func() {
+				_, err := Client.SetOrganizationMetadata(CTX, &v2beta_org.SetOrganizationMetadataRequest{
+					OrganizationId: orgId,
+					Metadata: []*v2beta_org.Metadata{
+						{
+							Key:   "key5",
+							Value: []byte("value5"),
+						},
+					},
+				})
+				require.NoError(t, err)
+			},
+			orgId: orgId,
+			key:   "key5",
+			value: "value5",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.setupFunc != nil {
+				tt.setupFunc()
+			}
+			got, err := Client.SetOrganizationMetadata(tt.ctx, &v2beta_org.SetOrganizationMetadataRequest{
+				OrganizationId: tt.orgId,
+				Metadata: []*v2beta_org.Metadata{
+					{
+						Key:   tt.key,
+						Value: []byte(tt.value),
+					},
+				},
+			})
+			if tt.err != nil {
+				require.Contains(t, err.Error(), tt.err.Error())
+				return
+			}
+			require.NoError(t, err)
+
+			// check details
+			gotCD := got.GetSetDate().AsTime()
+			now := time.Now()
+			assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, 10*time.Minute)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				// check metadata
+				listMetadataRes, err := Client.ListOrganizationMetadata(tt.ctx, &v2beta_org.ListOrganizationMetadataRequest{
+					OrganizationId: orgId,
+				})
+				require.NoError(t, err)
+				foundMetadata := false
+				foundMetadataKeyCount := 0
+				for _, res := range listMetadataRes.Metadata {
+					if res.Key == tt.key {
+						foundMetadataKeyCount += 1
+					}
+					if res.Key == tt.key &&
+						string(res.Value) == tt.value {
+						foundMetadata = true
+					}
+				}
+				require.True(ttt, foundMetadata, "unable to find added metadata")
+				require.Equal(ttt, 1, foundMetadataKeyCount, "same metadata key found multiple times")
+			}, retryDuration, tick, "timeout waiting for expected organizations being created")
+		})
+	}
+}
+
+func TestServer_ListOrganizationMetadata(t *testing.T) {
+	orgs, _, err := createOrgs(CTX, Client, 1)
+	if err != nil {
+		assert.Fail(t, "unable to create org")
+		return
+	}
+	orgId := orgs[0].Id
+
+	tests := []struct {
+		name        string
+		ctx         context.Context
+		setupFunc   func()
+		orgId       string
+		keyValuPars []struct {
+			key   string
+			value string
+		}
+	}{
+		{
+			name: "list org metadata happy path",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			setupFunc: func() {
+				_, err := Client.SetOrganizationMetadata(CTX, &v2beta_org.SetOrganizationMetadataRequest{
+					OrganizationId: orgId,
+					Metadata: []*v2beta_org.Metadata{
+						{
+							Key:   "key1",
+							Value: []byte("value1"),
+						},
+					},
+				})
+				require.NoError(t, err)
+			},
+			orgId: orgId,
+			keyValuPars: []struct{ key, value string }{
+				{
+					key:   "key1",
+					value: "value1",
+				},
+			},
+		},
+		{
+			name: "list multiple org metadata happy path",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			setupFunc: func() {
+				_, err := Client.SetOrganizationMetadata(CTX, &v2beta_org.SetOrganizationMetadataRequest{
+					OrganizationId: orgId,
+					Metadata: []*v2beta_org.Metadata{
+						{
+							Key:   "key2",
+							Value: []byte("value2"),
+						},
+						{
+							Key:   "key3",
+							Value: []byte("value3"),
+						},
+						{
+							Key:   "key4",
+							Value: []byte("value4"),
+						},
+					},
+				})
+				require.NoError(t, err)
+			},
+			orgId: orgId,
+			keyValuPars: []struct{ key, value string }{
+				{
+					key:   "key2",
+					value: "value2",
+				},
+				{
+					key:   "key3",
+					value: "value3",
+				},
+				{
+					key:   "key4",
+					value: "value4",
+				},
+			},
+		},
+		{
+			name:        "list org metadata for non existent org",
+			ctx:         Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			orgId:       "non existent orgid",
+			keyValuPars: []struct{ key, value string }{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.setupFunc != nil {
+				tt.setupFunc()
+			}
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, 10*time.Minute)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				got, err := Client.ListOrganizationMetadata(tt.ctx, &v2beta_org.ListOrganizationMetadataRequest{
+					OrganizationId: tt.orgId,
+				})
+				require.NoError(t, err)
+
+				foundMetadataCount := 0
+				for _, kv := range tt.keyValuPars {
+					for _, res := range got.Metadata {
+						if res.Key == kv.key &&
+							string(res.Value) == kv.value {
+							foundMetadataCount += 1
+						}
+					}
+				}
+				require.Equal(t, len(tt.keyValuPars), foundMetadataCount)
+			}, retryDuration, tick, "timeout waiting for expected organizations being created")
+		})
+	}
+}
+
+func TestServer_DeleteOrganizationMetadata(t *testing.T) {
+	orgs, _, err := createOrgs(CTX, Client, 1)
+	if err != nil {
+		assert.Fail(t, "unable to create org")
+		return
+	}
+	orgId := orgs[0].Id
+
+	tests := []struct {
+		name             string
+		ctx              context.Context
+		setupFunc        func()
+		orgId            string
+		metadataToDelete []struct {
+			key   string
+			value string
+		}
+		metadataToRemain []struct {
+			key   string
+			value string
+		}
+		err error
+	}{
+		{
+			name: "delete org metadata happy path",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			setupFunc: func() {
+				_, err := Client.SetOrganizationMetadata(CTX, &v2beta_org.SetOrganizationMetadataRequest{
+					OrganizationId: orgId,
+					Metadata: []*v2beta_org.Metadata{
+						{
+							Key:   "key1",
+							Value: []byte("value1"),
+						},
+					},
+				})
+				require.NoError(t, err)
+			},
+			orgId: orgId,
+			metadataToDelete: []struct{ key, value string }{
+				{
+					key:   "key1",
+					value: "value1",
+				},
+			},
+		},
+		{
+			name: "delete multiple org metadata happy path",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			setupFunc: func() {
+				_, err := Client.SetOrganizationMetadata(CTX, &v2beta_org.SetOrganizationMetadataRequest{
+					OrganizationId: orgId,
+					Metadata: []*v2beta_org.Metadata{
+						{
+							Key:   "key2",
+							Value: []byte("value2"),
+						},
+						{
+							Key:   "key3",
+							Value: []byte("value3"),
+						},
+					},
+				})
+				require.NoError(t, err)
+			},
+			orgId: orgId,
+			metadataToDelete: []struct{ key, value string }{
+				{
+					key:   "key2",
+					value: "value2",
+				},
+				{
+					key:   "key3",
+					value: "value3",
+				},
+			},
+		},
+		{
+			name: "delete some org metadata but not all",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			setupFunc: func() {
+				_, err := Client.SetOrganizationMetadata(CTX, &v2beta_org.SetOrganizationMetadataRequest{
+					OrganizationId: orgId,
+					Metadata: []*v2beta_org.Metadata{
+						{
+							Key:   "key4",
+							Value: []byte("value4"),
+						},
+						// key5 should not be deleted
+						{
+							Key:   "key5",
+							Value: []byte("value5"),
+						},
+						{
+							Key:   "key6",
+							Value: []byte("value6"),
+						},
+					},
+				})
+				require.NoError(t, err)
+			},
+			orgId: orgId,
+			metadataToDelete: []struct{ key, value string }{
+				{
+					key:   "key4",
+					value: "value4",
+				},
+				{
+					key:   "key6",
+					value: "value6",
+				},
+			},
+			metadataToRemain: []struct{ key, value string }{
+				{
+					key:   "key5",
+					value: "value5",
+				},
+			},
+		},
+		{
+			name: "delete org metadata that does not exist",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			setupFunc: func() {
+				_, err := Client.SetOrganizationMetadata(CTX, &v2beta_org.SetOrganizationMetadataRequest{
+					OrganizationId: orgId,
+					Metadata: []*v2beta_org.Metadata{
+						{
+							Key:   "key88",
+							Value: []byte("value74"),
+						},
+						{
+							Key:   "key5888",
+							Value: []byte("value8885"),
+						},
+					},
+				})
+				require.NoError(t, err)
+			},
+			orgId: orgId,
+			// TODO: this error message needs to be either removed or changed
+			err: errors.New("Metadata list is empty"),
+		},
+		{
+			name: "delete org metadata for org that does not exist",
+			ctx:  Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner),
+			setupFunc: func() {
+				_, err := Client.SetOrganizationMetadata(CTX, &v2beta_org.SetOrganizationMetadataRequest{
+					OrganizationId: orgId,
+					Metadata: []*v2beta_org.Metadata{
+						{
+							Key:   "key88",
+							Value: []byte("value74"),
+						},
+						{
+							Key:   "key5888",
+							Value: []byte("value8885"),
+						},
+					},
+				})
+				require.NoError(t, err)
+			},
+			orgId: "non existant org id",
+			// TODO: this error message needs to be either removed or changed
+			err: errors.New("Metadata list is empty"),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.setupFunc != nil {
+				tt.setupFunc()
+			}
+
+			// check metadata exists
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, 10*time.Minute)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				listOrgMetadataRes, err := Client.ListOrganizationMetadata(tt.ctx, &v2beta_org.ListOrganizationMetadataRequest{
+					OrganizationId: tt.orgId,
+				})
+				require.NoError(ttt, err)
+				foundMetadataCount := 0
+				for _, kv := range tt.metadataToDelete {
+					for _, res := range listOrgMetadataRes.Metadata {
+						if res.Key == kv.key &&
+							string(res.Value) == kv.value {
+							foundMetadataCount += 1
+						}
+					}
+				}
+				require.Equal(ttt, len(tt.metadataToDelete), foundMetadataCount)
+			}, retryDuration, tick, "timeout waiting for expected organizations being created")
+
+			keys := make([]string, len(tt.metadataToDelete))
+			for i, kvp := range tt.metadataToDelete {
+				keys[i] = kvp.key
+			}
+
+			// run delete
+			_, err = Client.DeleteOrganizationMetadata(tt.ctx, &v2beta_org.DeleteOrganizationMetadataRequest{
+				OrganizationId: tt.orgId,
+				Keys:           keys,
+			})
+			if tt.err != nil {
+				require.Contains(t, err.Error(), tt.err.Error())
+				return
+			}
+			require.NoError(t, err)
+
+			retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, 10*time.Minute)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				// check metadata was definitely deleted
+				listOrgMetadataRes, err := Client.ListOrganizationMetadata(tt.ctx, &v2beta_org.ListOrganizationMetadataRequest{
+					OrganizationId: tt.orgId,
+				})
+				require.NoError(ttt, err)
+				foundMetadataCount := 0
+				for _, kv := range tt.metadataToDelete {
+					for _, res := range listOrgMetadataRes.Metadata {
+						if res.Key == kv.key &&
+							string(res.Value) == kv.value {
+							foundMetadataCount += 1
+						}
+					}
+				}
+				require.Equal(ttt, foundMetadataCount, 0)
+			}, retryDuration, tick, "timeout waiting for expected organizations being created")
+
+			// check metadata that should not be delted was not deleted
+			listOrgMetadataRes, err := Client.ListOrganizationMetadata(tt.ctx, &v2beta_org.ListOrganizationMetadataRequest{
+				OrganizationId: tt.orgId,
+			})
+			require.NoError(t, err)
+			foundMetadataCount := 0
+			for _, kv := range tt.metadataToRemain {
+				for _, res := range listOrgMetadataRes.Metadata {
+					if res.Key == kv.key &&
+						string(res.Value) == kv.value {
+						foundMetadataCount += 1
+					}
+				}
+			}
+			require.Equal(t, len(tt.metadataToRemain), foundMetadataCount)
+		})
+	}
+}
+
+func createOrgs(ctx context.Context, client v2beta_org.OrganizationServiceClient, noOfOrgs int) ([]*v2beta_org.CreateOrganizationResponse, []string, error) {
+	var err error
+	orgs := make([]*v2beta_org.CreateOrganizationResponse, noOfOrgs)
+	orgsName := make([]string, noOfOrgs)
+
+	for i := range noOfOrgs {
+		orgName := gofakeit.Name()
+		orgsName[i] = orgName
+		orgs[i], err = client.CreateOrganization(ctx,
+			&v2beta_org.CreateOrganizationRequest{
+				Name: orgName,
+			},
+		)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
+	return orgs, orgsName, nil
+}
+
+func assertCreatedAdmin(t *testing.T, expected, got *v2beta_org.CreatedAdmin) {
 	if expected.GetUserId() != "" {
 		assert.NotEmpty(t, got.GetUserId())
 	} else {
diff --git a/internal/api/grpc/org/v2beta/org.go b/internal/api/grpc/org/v2beta/org.go
index 39730f827e..66198757cb 100644
--- a/internal/api/grpc/org/v2beta/org.go
+++ b/internal/api/grpc/org/v2beta/org.go
@@ -2,16 +2,23 @@ package org
 
 import (
 	"context"
+	"errors"
 
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	metadata "github.com/zitadel/zitadel/internal/api/grpc/metadata/v2beta"
 	object "github.com/zitadel/zitadel/internal/api/grpc/object/v2beta"
 	user "github.com/zitadel/zitadel/internal/api/grpc/user/v2beta"
 	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/zerrors"
+	filter "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta"
 	org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
+	v2beta_org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
 )
 
-func (s *Server) AddOrganization(ctx context.Context, request *org.AddOrganizationRequest) (*org.AddOrganizationResponse, error) {
-	orgSetup, err := addOrganizationRequestToCommand(request)
+func (s *Server) CreateOrganization(ctx context.Context, request *v2beta_org.CreateOrganizationRequest) (*v2beta_org.CreateOrganizationResponse, error) {
+	orgSetup, err := createOrganizationRequestToCommand(request)
 	if err != nil {
 		return nil, err
 	}
@@ -22,8 +29,182 @@ func (s *Server) AddOrganization(ctx context.Context, request *org.AddOrganizati
 	return createdOrganizationToPb(createdOrg)
 }
 
-func addOrganizationRequestToCommand(request *org.AddOrganizationRequest) (*command.OrgSetup, error) {
-	admins, err := addOrganizationRequestAdminsToCommand(request.GetAdmins())
+func (s *Server) UpdateOrganization(ctx context.Context, request *v2beta_org.UpdateOrganizationRequest) (*v2beta_org.UpdateOrganizationResponse, error) {
+	org, err := s.command.ChangeOrg(ctx, request.Id, request.Name)
+	if err != nil {
+		return nil, err
+	}
+
+	return &v2beta_org.UpdateOrganizationResponse{
+		ChangeDate: timestamppb.New(org.EventDate),
+	}, nil
+}
+
+func (s *Server) ListOrganizations(ctx context.Context, request *v2beta_org.ListOrganizationsRequest) (*v2beta_org.ListOrganizationsResponse, error) {
+	queries, err := listOrgRequestToModel(s.systemDefaults, request)
+	if err != nil {
+		return nil, err
+	}
+	orgs, err := s.query.SearchOrgs(ctx, queries, s.checkPermission)
+	if err != nil {
+		return nil, err
+	}
+	return &v2beta_org.ListOrganizationsResponse{
+		Organizations: OrgViewsToPb(orgs.Orgs),
+		Pagination: &filter.PaginationResponse{
+			TotalResult:  orgs.Count,
+			AppliedLimit: uint64(request.GetPagination().GetLimit()),
+		},
+	}, nil
+}
+
+func (s *Server) DeleteOrganization(ctx context.Context, request *v2beta_org.DeleteOrganizationRequest) (*v2beta_org.DeleteOrganizationResponse, error) {
+	details, err := s.command.RemoveOrg(ctx, request.Id)
+	if err != nil {
+		var notFoundError *zerrors.NotFoundError
+		if errors.As(err, &notFoundError) {
+			return &v2beta_org.DeleteOrganizationResponse{}, nil
+		}
+		return nil, err
+	}
+	return &v2beta_org.DeleteOrganizationResponse{
+		DeletionDate: timestamppb.New(details.EventDate),
+	}, nil
+}
+
+func (s *Server) SetOrganizationMetadata(ctx context.Context, request *v2beta_org.SetOrganizationMetadataRequest) (*v2beta_org.SetOrganizationMetadataResponse, error) {
+	result, err := s.command.BulkSetOrgMetadata(ctx, request.OrganizationId, BulkSetOrgMetadataToDomain(request)...)
+	if err != nil {
+		return nil, err
+	}
+	return &org.SetOrganizationMetadataResponse{
+		SetDate: timestamppb.New(result.EventDate),
+	}, nil
+}
+
+func (s *Server) ListOrganizationMetadata(ctx context.Context, request *v2beta_org.ListOrganizationMetadataRequest) (*v2beta_org.ListOrganizationMetadataResponse, error) {
+	metadataQueries, err := ListOrgMetadataToDomain(s.systemDefaults, request)
+	if err != nil {
+		return nil, err
+	}
+	res, err := s.query.SearchOrgMetadata(ctx, true, request.OrganizationId, metadataQueries, false)
+	if err != nil {
+		return nil, err
+	}
+	return &v2beta_org.ListOrganizationMetadataResponse{
+		Metadata: metadata.OrgMetadataListToPb(res.Metadata),
+		Pagination: &filter.PaginationResponse{
+			TotalResult:  res.Count,
+			AppliedLimit: uint64(request.GetPagination().GetLimit()),
+		},
+	}, nil
+}
+
+func (s *Server) DeleteOrganizationMetadata(ctx context.Context, request *v2beta_org.DeleteOrganizationMetadataRequest) (*v2beta_org.DeleteOrganizationMetadataResponse, error) {
+	result, err := s.command.BulkRemoveOrgMetadata(ctx, request.OrganizationId, request.Keys...)
+	if err != nil {
+		return nil, err
+	}
+	return &v2beta_org.DeleteOrganizationMetadataResponse{
+		DeletionDate: timestamppb.New(result.EventDate),
+	}, nil
+}
+
+func (s *Server) DeactivateOrganization(ctx context.Context, request *org.DeactivateOrganizationRequest) (*org.DeactivateOrganizationResponse, error) {
+	objectDetails, err := s.command.DeactivateOrg(ctx, request.Id)
+	if err != nil {
+		return nil, err
+	}
+	return &org.DeactivateOrganizationResponse{
+		ChangeDate: timestamppb.New(objectDetails.EventDate),
+	}, nil
+}
+
+func (s *Server) ActivateOrganization(ctx context.Context, request *org.ActivateOrganizationRequest) (*org.ActivateOrganizationResponse, error) {
+	objectDetails, err := s.command.ReactivateOrg(ctx, request.Id)
+	if err != nil {
+		return nil, err
+	}
+	return &org.ActivateOrganizationResponse{
+		ChangeDate: timestamppb.New(objectDetails.EventDate),
+	}, err
+}
+
+func (s *Server) AddOrganizationDomain(ctx context.Context, request *org.AddOrganizationDomainRequest) (*org.AddOrganizationDomainResponse, error) {
+	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, request.Domain, request.OrganizationId)
+	if err != nil {
+		return nil, err
+	}
+	details, err := s.command.AddOrgDomain(ctx, request.OrganizationId, request.Domain, userIDs)
+	if err != nil {
+		return nil, err
+	}
+	return &org.AddOrganizationDomainResponse{
+		CreationDate: timestamppb.New(details.EventDate),
+	}, nil
+}
+
+func (s *Server) ListOrganizationDomains(ctx context.Context, req *org.ListOrganizationDomainsRequest) (*org.ListOrganizationDomainsResponse, error) {
+	queries, err := ListOrgDomainsRequestToModel(s.systemDefaults, req)
+	if err != nil {
+		return nil, err
+	}
+	orgIDQuery, err := query.NewOrgDomainOrgIDSearchQuery(req.OrganizationId)
+	if err != nil {
+		return nil, err
+	}
+	queries.Queries = append(queries.Queries, orgIDQuery)
+
+	domains, err := s.query.SearchOrgDomains(ctx, queries, false)
+	if err != nil {
+		return nil, err
+	}
+	return &org.ListOrganizationDomainsResponse{
+		Domains: object.DomainsToPb(domains.Domains),
+		Pagination: &filter.PaginationResponse{
+			TotalResult:  domains.Count,
+			AppliedLimit: uint64(req.GetPagination().GetLimit()),
+		},
+	}, nil
+}
+
+func (s *Server) DeleteOrganizationDomain(ctx context.Context, req *org.DeleteOrganizationDomainRequest) (*org.DeleteOrganizationDomainResponse, error) {
+	details, err := s.command.RemoveOrgDomain(ctx, RemoveOrgDomainRequestToDomain(ctx, req))
+	if err != nil {
+		return nil, err
+	}
+	return &org.DeleteOrganizationDomainResponse{
+		DeletionDate: timestamppb.New(details.EventDate),
+	}, err
+}
+
+func (s *Server) GenerateOrganizationDomainValidation(ctx context.Context, req *org.GenerateOrganizationDomainValidationRequest) (*org.GenerateOrganizationDomainValidationResponse, error) {
+	token, url, err := s.command.GenerateOrgDomainValidation(ctx, GenerateOrgDomainValidationRequestToDomain(ctx, req))
+	if err != nil {
+		return nil, err
+	}
+	return &org.GenerateOrganizationDomainValidationResponse{
+		Token: token,
+		Url:   url,
+	}, nil
+}
+
+func (s *Server) VerifyOrganizationDomain(ctx context.Context, request *org.VerifyOrganizationDomainRequest) (*org.VerifyOrganizationDomainResponse, error) {
+	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, request.Domain, request.OrganizationId)
+	if err != nil {
+		return nil, err
+	}
+	details, err := s.command.ValidateOrgDomain(ctx, ValidateOrgDomainRequestToDomain(ctx, request), userIDs)
+	if err != nil {
+		return nil, err
+	}
+	return &org.VerifyOrganizationDomainResponse{
+		ChangeDate: timestamppb.New(details.EventDate),
+	}, nil
+}
+
+func createOrganizationRequestToCommand(request *v2beta_org.CreateOrganizationRequest) (*command.OrgSetup, error) {
+	admins, err := createOrganizationRequestAdminsToCommand(request.GetAdmins())
 	if err != nil {
 		return nil, err
 	}
@@ -31,14 +212,14 @@ func addOrganizationRequestToCommand(request *org.AddOrganizationRequest) (*comm
 		Name:         request.GetName(),
 		CustomDomain: "",
 		Admins:       admins,
-		OrgID:        request.GetOrgId(),
+		OrgID:        request.GetId(),
 	}, nil
 }
 
-func addOrganizationRequestAdminsToCommand(requestAdmins []*org.AddOrganizationRequest_Admin) (admins []*command.OrgSetupAdmin, err error) {
+func createOrganizationRequestAdminsToCommand(requestAdmins []*v2beta_org.CreateOrganizationRequest_Admin) (admins []*command.OrgSetupAdmin, err error) {
 	admins = make([]*command.OrgSetupAdmin, len(requestAdmins))
 	for i, admin := range requestAdmins {
-		admins[i], err = addOrganizationRequestAdminToCommand(admin)
+		admins[i], err = createOrganizationRequestAdminToCommand(admin)
 		if err != nil {
 			return nil, err
 		}
@@ -46,14 +227,14 @@ func addOrganizationRequestAdminsToCommand(requestAdmins []*org.AddOrganizationR
 	return admins, nil
 }
 
-func addOrganizationRequestAdminToCommand(admin *org.AddOrganizationRequest_Admin) (*command.OrgSetupAdmin, error) {
+func createOrganizationRequestAdminToCommand(admin *v2beta_org.CreateOrganizationRequest_Admin) (*command.OrgSetupAdmin, error) {
 	switch a := admin.GetUserType().(type) {
-	case *org.AddOrganizationRequest_Admin_UserId:
+	case *v2beta_org.CreateOrganizationRequest_Admin_UserId:
 		return &command.OrgSetupAdmin{
 			ID:    a.UserId,
 			Roles: admin.GetRoles(),
 		}, nil
-	case *org.AddOrganizationRequest_Admin_Human:
+	case *v2beta_org.CreateOrganizationRequest_Admin_Human:
 		human, err := user.AddUserRequestToAddHuman(a.Human)
 		if err != nil {
 			return nil, err
@@ -63,22 +244,31 @@ func addOrganizationRequestAdminToCommand(admin *org.AddOrganizationRequest_Admi
 			Roles: admin.GetRoles(),
 		}, nil
 	default:
-		return nil, zerrors.ThrowUnimplementedf(nil, "ORGv2-SD2r1", "userType oneOf %T in method AddOrganization not implemented", a)
+		return nil, zerrors.ThrowUnimplementedf(nil, "ORGv2-SL2r8", "userType oneOf %T in method AddOrganization not implemented", a)
 	}
 }
 
-func createdOrganizationToPb(createdOrg *command.CreatedOrg) (_ *org.AddOrganizationResponse, err error) {
-	admins := make([]*org.AddOrganizationResponse_CreatedAdmin, len(createdOrg.CreatedAdmins))
-	for i, admin := range createdOrg.CreatedAdmins {
-		admins[i] = &org.AddOrganizationResponse_CreatedAdmin{
-			UserId:    admin.ID,
-			EmailCode: admin.EmailCode,
-			PhoneCode: admin.PhoneCode,
-		}
+func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain, orgID string) ([]string, error) {
+	queries := make([]query.SearchQuery, 0, 2)
+	loginName, err := query.NewUserPreferredLoginNameSearchQuery("@"+orgDomain, query.TextEndsWithIgnoreCase)
+	if err != nil {
+		return nil, err
 	}
-	return &org.AddOrganizationResponse{
-		Details:        object.DomainToDetailsPb(createdOrg.ObjectDetails),
-		OrganizationId: createdOrg.ObjectDetails.ResourceOwner,
-		CreatedAdmins:  admins,
-	}, nil
+	queries = append(queries, loginName)
+	if orgID != "" {
+		owner, err := query.NewUserResourceOwnerSearchQuery(orgID, query.TextNotEquals)
+		if err != nil {
+			return nil, err
+		}
+		queries = append(queries, owner)
+	}
+	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: queries}, nil)
+	if err != nil {
+		return nil, err
+	}
+	userIDs := make([]string, len(users.Users))
+	for i, user := range users.Users {
+		userIDs[i] = user.ID
+	}
+	return userIDs, nil
 }
diff --git a/internal/api/grpc/org/v2beta/org_test.go b/internal/api/grpc/org/v2beta/org_test.go
index 57ed05dfb2..2047f665a1 100644
--- a/internal/api/grpc/org/v2beta/org_test.go
+++ b/internal/api/grpc/org/v2beta/org_test.go
@@ -12,14 +12,13 @@ import (
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
 	org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
-func Test_addOrganizationRequestToCommand(t *testing.T) {
+func Test_createOrganizationRequestToCommand(t *testing.T) {
 	type args struct {
-		request *org.AddOrganizationRequest
+		request *org.CreateOrganizationRequest
 	}
 	tests := []struct {
 		name    string
@@ -30,21 +29,21 @@ func Test_addOrganizationRequestToCommand(t *testing.T) {
 		{
 			name: "nil user",
 			args: args{
-				request: &org.AddOrganizationRequest{
+				request: &org.CreateOrganizationRequest{
 					Name: "name",
-					Admins: []*org.AddOrganizationRequest_Admin{
+					Admins: []*org.CreateOrganizationRequest_Admin{
 						{},
 					},
 				},
 			},
-			wantErr: zerrors.ThrowUnimplementedf(nil, "ORGv2-SD2r1", "userType oneOf %T in method AddOrganization not implemented", nil),
+			wantErr: zerrors.ThrowUnimplementedf(nil, "ORGv2-SL2r8", "userType oneOf %T in method AddOrganization not implemented", nil),
 		},
 		{
 			name: "custom org ID",
 			args: args{
-				request: &org.AddOrganizationRequest{
-					Name:  "custom org ID",
-					OrgId: gu.Ptr("org-ID"),
+				request: &org.CreateOrganizationRequest{
+					Name: "custom org ID",
+					Id:   gu.Ptr("org-ID"),
 				},
 			},
 			want: &command.OrgSetup{
@@ -57,11 +56,11 @@ func Test_addOrganizationRequestToCommand(t *testing.T) {
 		{
 			name: "user ID",
 			args: args{
-				request: &org.AddOrganizationRequest{
+				request: &org.CreateOrganizationRequest{
 					Name: "name",
-					Admins: []*org.AddOrganizationRequest_Admin{
+					Admins: []*org.CreateOrganizationRequest_Admin{
 						{
-							UserType: &org.AddOrganizationRequest_Admin_UserId{
+							UserType: &org.CreateOrganizationRequest_Admin_UserId{
 								UserId: "userID",
 							},
 							Roles: nil,
@@ -82,11 +81,11 @@ func Test_addOrganizationRequestToCommand(t *testing.T) {
 		{
 			name: "human user",
 			args: args{
-				request: &org.AddOrganizationRequest{
+				request: &org.CreateOrganizationRequest{
 					Name: "name",
-					Admins: []*org.AddOrganizationRequest_Admin{
+					Admins: []*org.CreateOrganizationRequest_Admin{
 						{
-							UserType: &org.AddOrganizationRequest_Admin_Human{
+							UserType: &org.CreateOrganizationRequest_Admin_Human{
 								Human: &user.AddHumanUserRequest{
 									Profile: &user.SetHumanProfile{
 										GivenName:  "firstname",
@@ -124,7 +123,7 @@ func Test_addOrganizationRequestToCommand(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := addOrganizationRequestToCommand(tt.args.request)
+			got, err := createOrganizationRequestToCommand(tt.args.request)
 			require.ErrorIs(t, err, tt.wantErr)
 			assert.Equal(t, tt.want, got)
 		})
@@ -139,7 +138,7 @@ func Test_createdOrganizationToPb(t *testing.T) {
 	tests := []struct {
 		name    string
 		args    args
-		want    *org.AddOrganizationResponse
+		want    *org.CreateOrganizationResponse
 		wantErr error
 	}{
 		{
@@ -160,14 +159,10 @@ func Test_createdOrganizationToPb(t *testing.T) {
 					},
 				},
 			},
-			want: &org.AddOrganizationResponse{
-				Details: &object.Details{
-					Sequence:      1,
-					ChangeDate:    timestamppb.New(now),
-					ResourceOwner: "orgID",
-				},
-				OrganizationId: "orgID",
-				CreatedAdmins: []*org.AddOrganizationResponse_CreatedAdmin{
+			want: &org.CreateOrganizationResponse{
+				CreationDate: timestamppb.New(now),
+				Id:           "orgID",
+				CreatedAdmins: []*org.CreatedAdmin{
 					{
 						UserId:    "id",
 						EmailCode: gu.Ptr("emailCode"),
diff --git a/internal/api/grpc/org/v2beta/server.go b/internal/api/grpc/org/v2beta/server.go
index 89dba81702..b7e8d4994f 100644
--- a/internal/api/grpc/org/v2beta/server.go
+++ b/internal/api/grpc/org/v2beta/server.go
@@ -6,6 +6,7 @@ import (
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
 	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/config/systemdefaults"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
@@ -15,6 +16,7 @@ var _ org.OrganizationServiceServer = (*Server)(nil)
 
 type Server struct {
 	org.UnimplementedOrganizationServiceServer
+	systemDefaults  systemdefaults.SystemDefaults
 	command         *command.Commands
 	query           *query.Queries
 	checkPermission domain.PermissionCheck
@@ -23,11 +25,13 @@ type Server struct {
 type Config struct{}
 
 func CreateServer(
+	systemDefaults systemdefaults.SystemDefaults,
 	command *command.Commands,
 	query *query.Queries,
 	checkPermission domain.PermissionCheck,
 ) *Server {
 	return &Server{
+		systemDefaults:  systemDefaults,
 		command:         command,
 		query:           query,
 		checkPermission: checkPermission,
diff --git a/internal/query/org_metadata.go b/internal/query/org_metadata.go
index 84b204de2b..fe61ad51d9 100644
--- a/internal/query/org_metadata.go
+++ b/internal/query/org_metadata.go
@@ -194,7 +194,6 @@ func prepareOrgMetadataQuery() (sq.SelectBuilder, func(*sql.Row) (*OrgMetadata,
 				&m.Key,
 				&m.Value,
 			)
-
 			if err != nil {
 				if errors.Is(err, sql.ErrNoRows) {
 					return nil, zerrors.ThrowNotFound(err, "QUERY-Rph32", "Errors.Metadata.NotFound")
diff --git a/proto/zitadel/admin.proto b/proto/zitadel/admin.proto
index 1e7f3b7407..d8c88d540b 100644
--- a/proto/zitadel/admin.proto
+++ b/proto/zitadel/admin.proto
@@ -307,7 +307,6 @@ service AdminService {
         };
     }
 
-    // Deprecated: Use [ListCustomDomains](apis/resources/instance_service_v2/instance-service-list-custom-domains.api.mdx) instead to list custom domains
     rpc ListInstanceDomains(ListInstanceDomainsRequest) returns (ListInstanceDomainsResponse) {
         option (google.api.http) = {
             post: "/domains/_search";
@@ -320,12 +319,10 @@ service AdminService {
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Instance";
             summary: "List Instance Domains";
-            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are the URLs where ZITADEL is running.";
-            deprecated: true;
+            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are the URLs where ZITADEL is running."
         };
     }
 
-    // Deprecated: Use [ListTrustedDomains](apis/resources/instance_service_v2/instance-service-list-trusted-domains.api.mdx) instead to list trusted domains
     rpc ListInstanceTrustedDomains(ListInstanceTrustedDomainsRequest) returns (ListInstanceTrustedDomainsResponse) {
         option (google.api.http) = {
             post: "/trusted_domains/_search";
@@ -338,12 +335,10 @@ service AdminService {
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Instance";
             summary: "List Instance Trusted Domains";
-            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts.";
-            deprecated: true;
+            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts."
         };
     }
 
-    // Deprecated: Use [AddTrustedDomain](apis/resources/instance_service_v2/instance-service-add-trusted-domain.api.mdx) instead to add a trusted domain
     rpc AddInstanceTrustedDomain(AddInstanceTrustedDomainRequest) returns (AddInstanceTrustedDomainResponse) {
         option (google.api.http) = {
             post: "/trusted_domains";
@@ -357,12 +352,10 @@ service AdminService {
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Instance";
             summary: "Add an Instance Trusted Domain";
-            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts.";
-            deprecated: true;
+            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts."
         };
     }
 
-    // Deprecated: Use [RemoveTrustedDomain](apis/resources/instance_service_v2/instance-service-remove-trusted-domain.api.mdx) instead to remove a trusted domain
     rpc RemoveInstanceTrustedDomain(RemoveInstanceTrustedDomainRequest) returns (RemoveInstanceTrustedDomainResponse) {
         option (google.api.http) = {
             delete: "/trusted_domains/{domain}";
@@ -375,8 +368,7 @@ service AdminService {
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Instance";
             summary: "Remove an Instance Trusted Domain";
-            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts.";
-            deprecated: true;
+            description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts."
         };
     }
 
@@ -1245,6 +1237,7 @@ service AdminService {
         };
     }
 
+    // Deprecated: use ListOrganization [apis/resources/org_service_v2beta/organization-service-list-organizations.api.mdx] API instead
     rpc ListOrgs(ListOrgsRequest) returns (ListOrgsResponse) {
         option (google.api.http) = {
             post: "/orgs/_search";
@@ -1264,7 +1257,8 @@ service AdminService {
                 value: {
                     description: "list of organizations matching the query";
                 };
-            };
+            }
+            deprecated: true;
             responses: {
                 key: "400";
                 value: {
@@ -1279,6 +1273,7 @@ service AdminService {
         };
     }
 
+    // Deprecated: use CreateOrganization [apis/resources/org_service_v2beta/organization-service-create-organization.api.mdx] API instead
     rpc SetUpOrg(SetUpOrgRequest) returns (SetUpOrgResponse) {
         option (google.api.http) = {
             post: "/orgs/_setup";
@@ -1298,7 +1293,8 @@ service AdminService {
                 value: {
                     description: "org, user and user membership were created successfully";
                 };
-            };
+            }
+            deprecated: true;
             responses: {
                 key: "400";
                 value: {
@@ -1313,6 +1309,7 @@ service AdminService {
         };
     }
 
+    // Deprecated: use DeleteOrganization [apis/resources/org_service_v2beta/organization-service-delete-organization.api.mdx] API instead
     rpc RemoveOrg(RemoveOrgRequest) returns (RemoveOrgResponse) {
         option (google.api.http) = {
             delete: "/orgs/{org_id}"
@@ -1330,7 +1327,8 @@ service AdminService {
                 value: {
                     description: "org removed successfully";
                 };
-            };
+            }
+            deprecated: true;
             responses: {
                 key: "400";
                 value: {
diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto
index 3018ebe600..34a8384d39 100644
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -2119,6 +2119,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use CreateOrganization [apis/resources/org_service_v2beta/organization-service-create-organization.api.mdx] API instead
     rpc AddOrg(AddOrgRequest) returns (AddOrgResponse) {
         option (google.api.http) = {
             post: "/orgs"
@@ -2133,6 +2134,7 @@ service ManagementService {
             tags: "Organizations";
             summary: "Create Organization";
             description: "Create a new organization. Based on the given name a domain will be generated to be able to identify users within an organization."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2144,6 +2146,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use UpdateOrganization [apis/resources/org_service_v2beta/organization-service-update-organization.api.mdx] API instead
     rpc UpdateOrg(UpdateOrgRequest) returns (UpdateOrgResponse) {
         option (google.api.http) = {
             put: "/orgs/me"
@@ -2158,6 +2161,7 @@ service ManagementService {
             tags: "Organizations";
             summary: "Update Organization";
             description: "Change the name of the organization."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2169,6 +2173,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use DeactivateOrganization [apis/resources/org_service_v2beta/organization-service-deactivate-organization.api.mdx] API instead
     rpc DeactivateOrg(DeactivateOrgRequest) returns (DeactivateOrgResponse) {
         option (google.api.http) = {
             post: "/orgs/me/_deactivate"
@@ -2183,6 +2188,7 @@ service ManagementService {
             tags: "Organizations";
             summary: "Deactivate Organization";
             description: "Sets the state of my organization to deactivated. Users of this organization will not be able to log in."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2194,6 +2200,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use ActivateOrganization [apis/resources/org_service_v2beta/organization-service-activate-organization.api.mdx] API instead
     rpc ReactivateOrg(ReactivateOrgRequest) returns (ReactivateOrgResponse) {
         option (google.api.http) = {
             post: "/orgs/me/_reactivate"
@@ -2208,6 +2215,7 @@ service ManagementService {
             tags: "Organizations";
             summary: "Reactivate Organization";
             description: "Set the state of my organization to active. The state of the organization has to be deactivated to perform the request. Users of this organization will be able to log in again."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2219,6 +2227,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use DeleteOrganization [apis/resources/org_service_v2beta/organization-service-delete-organization.api.mdx] API instead
     rpc RemoveOrg(RemoveOrgRequest) returns (RemoveOrgResponse) {
         option (google.api.http) = {
             delete: "/orgs/me"
@@ -2232,6 +2241,7 @@ service ManagementService {
             tags: "Organizations";
             summary: "Delete Organization";
             description: "Deletes my organization and all its resources (Users, Projects, Grants to and from the org). Users of this organization will not be able to log in."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2243,6 +2253,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use SetOrganizationMetadata [apis/resources/org_service_v2beta/organization-service-set-organization-metadata.api.mdx] API instead
     rpc SetOrgMetadata(SetOrgMetadataRequest) returns (SetOrgMetadataResponse) {
         option (google.api.http) = {
             post: "/metadata/{key}"
@@ -2258,6 +2269,7 @@ service ManagementService {
             tags: "Organization Metadata";
             summary: "Set Organization Metadata";
             description: "This endpoint either adds or updates a metadata value for the requested key. Make sure the value is base64 encoded."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2269,6 +2281,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use SetOrganizationMetadata [apis/resources/org_service_v2beta/organization-service-set-organization-metadata.api.mdx] API instead
     rpc BulkSetOrgMetadata(BulkSetOrgMetadataRequest) returns (BulkSetOrgMetadataResponse) {
         option (google.api.http) = {
             post: "/metadata/_bulk"
@@ -2284,6 +2297,7 @@ service ManagementService {
             tags: "Organization Metadata";
             summary: "Bulk Set Organization Metadata";
             description: "This endpoint sets a list of metadata to the organization. Make sure the values are base64 encoded."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2295,6 +2309,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use ListOrganizationMetadata [apis/resources/org_service_v2beta/organization-service-list-organization-metadata.api.mdx] API instead
     rpc ListOrgMetadata(ListOrgMetadataRequest) returns (ListOrgMetadataResponse) {
         option (google.api.http) = {
             post: "/metadata/_search"
@@ -2310,6 +2325,7 @@ service ManagementService {
             tags: "Organization Metadata";
             summary: "Search Organization Metadata";
             description: "Get the metadata of an organization filtered by your query."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2321,6 +2337,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use ListOrganizationMetadata [apis/resources/org_service_v2beta/organization-service-list-organization-metadata.api.mdx] API instead
     rpc GetOrgMetadata(GetOrgMetadataRequest) returns (GetOrgMetadataResponse) {
         option (google.api.http) = {
             get: "/metadata/{key}"
@@ -2335,6 +2352,7 @@ service ManagementService {
             tags: "Organization Metadata";
             summary: "Get Organization Metadata By Key";
             description: "Get a metadata object from an organization by a specific key."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2346,6 +2364,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use DeleteOrganizationMetadata [apis/resources/org_service_v2beta/organization-service-delete-organization-metadata.api.mdx] API instead
     rpc RemoveOrgMetadata(RemoveOrgMetadataRequest) returns (RemoveOrgMetadataResponse) {
         option (google.api.http) = {
             delete: "/metadata/{key}"
@@ -2360,6 +2379,7 @@ service ManagementService {
             tags: "Organization Metadata";
             summary: "Delete Organization Metadata By Key";
             description: "Remove a metadata object from an organization with a specific key."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2371,6 +2391,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use DeleteOrganizationMetadata [apis/resources/org_service_v2beta/organization-service-delete-organization-metadata.api.mdx] API instead
     rpc BulkRemoveOrgMetadata(BulkRemoveOrgMetadataRequest) returns (BulkRemoveOrgMetadataResponse) {
         option (google.api.http) = {
             delete: "/metadata/_bulk"
@@ -2384,6 +2405,7 @@ service ManagementService {
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Organizations";
             tags: "Organization Metadata";
+            deprecated: true
             summary: "Bulk Delete Metadata";
             description: "Remove a list of metadata objects from an organization with a list of keys."
             parameters: {
@@ -2397,31 +2419,7 @@ service ManagementService {
         };
     }
 
-    rpc ListOrgDomains(ListOrgDomainsRequest) returns (ListOrgDomainsResponse) {
-        option (google.api.http) = {
-            post: "/orgs/me/domains/_search"
-            body: "*"
-        };
-
-        option (zitadel.v1.auth_option) = {
-            permission: "org.read"
-        };
-
-        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            tags: "Organizations";
-            summary: "Search Domains";
-            description: "Returns the list of registered domains of an organization. The domains are used to identify to which organization a user belongs."
-            parameters: {
-                headers: {
-                    name: "x-zitadel-orgid";
-                    description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
-                    type: STRING,
-                    required: false;
-                };
-            };
-        };
-    }
-
+    // Deprecated: use AddOrganizationDomain [apis/resources/org_service_v2beta/organization-service-add-organization-domain.api.mdx] API instead
     rpc AddOrgDomain(AddOrgDomainRequest) returns (AddOrgDomainResponse) {
         option (google.api.http) = {
             post: "/orgs/me/domains"
@@ -2436,6 +2434,7 @@ service ManagementService {
             tags: "Organizations";
             summary: "Add Domain";
             description: "Add a new domain to an organization. The domains are used to identify to which organization a user belongs."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2447,6 +2446,34 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use ListOrganizationDomains [apis/resources/org_service_v2beta/organization-service-list-organization-domains.api.mdx] API instead
+    rpc ListOrgDomains(ListOrgDomainsRequest) returns (ListOrgDomainsResponse) {
+        option (google.api.http) = {
+            post: "/orgs/me/domains/_search"
+            body: "*"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "org.read"
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            tags: "Organizations";
+            summary: "Search Domains";
+            description: "Returns the list of registered domains of an organization. The domains are used to identify to which organization a user belongs."
+            deprecated: true
+            parameters: {
+                headers: {
+                    name: "x-zitadel-orgid";
+                    description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
+                    type: STRING,
+                    required: false;
+                };
+            };
+        };
+    }
+
+    // Deprecated: use DeleteOrganizationDomain [apis/resources/org_service_v2beta/organization-service-delete-organization-domain.api.mdx] API instead
     rpc RemoveOrgDomain(RemoveOrgDomainRequest) returns (RemoveOrgDomainResponse) {
         option (google.api.http) = {
             delete: "/orgs/me/domains/{domain}"
@@ -2460,6 +2487,7 @@ service ManagementService {
             tags: "Organizations";
             summary: "Remove Domain";
             description: "Delete a new domain from an organization. The domains are used to identify to which organization a user belongs. If the uses use the domain for login, this will not be possible afterwards. They have to use another domain instead."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2471,6 +2499,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use GenerateOrganizationDomainValidation [apis/resources/org_service_v2beta/organization-service-generate-organization-domain-validation.api.mdx] API instead
     rpc GenerateOrgDomainValidation(GenerateOrgDomainValidationRequest) returns (GenerateOrgDomainValidationResponse) {
         option (google.api.http) = {
             post: "/orgs/me/domains/{domain}/validation/_generate"
@@ -2485,6 +2514,7 @@ service ManagementService {
             tags: "Organizations";
             summary: "Generate Domain Verification";
             description: "Generate a new file to be able to verify your domain with DNS or HTTP challenge."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2496,6 +2526,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: use VerifyOrganizationDomain [apis/resources/org_service_v2beta/organization-service-verify-organization-domain.api.mdx] API instead
     rpc ValidateOrgDomain(ValidateOrgDomainRequest) returns (ValidateOrgDomainResponse) {
         option (google.api.http) = {
             post: "/orgs/me/domains/{domain}/validation/_validate"
@@ -2510,6 +2541,7 @@ service ManagementService {
             tags: "Organizations";
             summary: "Verify Domain";
             description: "Make sure you have added the required verification to your domain, depending on the method you have chosen (HTTP or DNS challenge). ZITADEL will check it and set the domain as verified if it was successful. A verify domain has to be unique."
+            deprecated: true
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2678,11 +2710,6 @@ service ManagementService {
         };
     }
 
-    // Get Project By ID
-    //
-    // Deprecated: [Get Project](apis/resources/project_service_v2/project-service-get-project.api.mdx) to get project by ID.
-    //
-    // Returns a project owned by the organization (no granted projects). A Project is a vessel for different applications sharing the same role context.
    rpc GetProjectByID(GetProjectByIDRequest) returns (GetProjectByIDResponse) {
         option (google.api.http) = {
             get: "/projects/{id}"
@@ -2695,7 +2722,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            deprecated: true;
+            summary: "Get Project By ID";
+            description: "Returns a project owned by the organization (no granted projects). A Project is a vessel for different applications sharing the same role context."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2707,11 +2735,6 @@ service ManagementService {
         };
     }
 
-    // Get Granted Project By ID
-    //
-    // Deprecated: [List Projects](apis/resources/project_service_v2/project-service-list-projects.api.mdx) to get granted projects.
-    //
-    // Returns a project owned by another organization and granted to my organization. A Project is a vessel for different applications sharing the same role context.
     rpc GetGrantedProjectByID(GetGrantedProjectByIDRequest) returns (GetGrantedProjectByIDResponse) {
         option (google.api.http) = {
             get: "/granted_projects/{project_id}/grants/{grant_id}"
@@ -2724,7 +2747,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            deprecated: true;
+            summary: "Get Granted Project By ID";
+            description: "Returns a project owned by another organization and granted to my organization. A Project is a vessel for different applications sharing the same role context."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2736,11 +2760,6 @@ service ManagementService {
         };
     }
 
-    // List Projects
-    //
-    // Deprecated: [List Projects](apis/resources/project_service_v2/project-service-list-projects.api.mdx) to list all projects and granted projects.
-    //
-    // Lists projects my organization is the owner of (no granted projects). A Project is a vessel for different applications sharing the same role context.
     rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse) {
         option (google.api.http) = {
             post: "/projects/_search"
@@ -2753,7 +2772,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            deprecated: true;
+            summary: "Search Project";
+            description: "Lists projects my organization is the owner of (no granted projects). A Project is a vessel for different applications sharing the same role context."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2765,11 +2785,6 @@ service ManagementService {
         };
     }
 
-    // List Granted Projects
-    //
-    // Deprecated: [List Projects](apis/resources/project_service_v2/project-service-list-projects.api.mdx) to list all projects and granted projects.
-    //
-    // Lists projects my organization got granted from another organization. A Project is a vessel for different applications sharing the same role context.
     rpc ListGrantedProjects(ListGrantedProjectsRequest) returns (ListGrantedProjectsResponse) {
         option (google.api.http) = {
             post: "/granted_projects/_search"
@@ -2782,7 +2797,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            deprecated: true;
+            summary: "Search Granted Project";
+            description: "Lists projects my organization got granted from another organization. A Project is a vessel for different applications sharing the same role context."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2844,11 +2860,6 @@ service ManagementService {
         };
     }
 
-    // Create Project
-    //
-    // Deprecated: [Create Project](apis/resources/project_service_v2/project-service-create-project.api.mdx) to create a project.
-    //
-    // Create a new project. A Project is a vessel for different applications sharing the same role context.
     rpc AddProject(AddProjectRequest) returns (AddProjectResponse) {
         option (google.api.http) = {
             post: "/projects"
@@ -2861,7 +2872,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            deprecated: true;
+            summary: "Create Project";
+            description: "Create a new project. A Project is a vessel for different applications sharing the same role context."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2873,11 +2885,6 @@ service ManagementService {
         };
     }
 
-    // Update Project
-    //
-    // Deprecated: [Update Project](apis/resources/project_service_v2/project-service-update-project.api.mdx) to update a project.
-    //
-    // Update a project and its settings. A Project is a vessel for different applications sharing the same role context.
     rpc UpdateProject(UpdateProjectRequest) returns (UpdateProjectResponse) {
         option (google.api.http) = {
             put: "/projects/{id}"
@@ -2891,7 +2898,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            deprecated: true;
+            summary: "Update Project";
+            description: "Update a project and its settings. A Project is a vessel for different applications sharing the same role context."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2903,11 +2911,6 @@ service ManagementService {
         };
     }
 
-    // Deactivate Project
-    //
-    // Deprecated: [Deactivate Project](apis/resources/project_service_v2/project-service-deactivate-project.api.mdx) to deactivate a project.
-    //
-    // Set the state of a project to deactivated. Request returns an error if the project is already deactivated.
     rpc DeactivateProject(DeactivateProjectRequest) returns (DeactivateProjectResponse) {
         option (google.api.http) = {
             post: "/projects/{id}/_deactivate"
@@ -2921,7 +2924,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            deprecated: true;
+            summary: "Deactivate Project";
+            description: "Set the state of a project to deactivated. Request returns an error if the project is already deactivated."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2933,11 +2937,6 @@ service ManagementService {
         };
     }
 
-    // Activate Project
-    //
-    // Deprecated: [Activate Project](apis/resources/project_service_v2/project-service-activate-project.api.mdx) to activate a project.
-    //
-    // Set the state of a project to active. Request returns an error if the project is not deactivated.
     rpc ReactivateProject(ReactivateProjectRequest) returns (ReactivateProjectResponse) {
         option (google.api.http) = {
             post: "/projects/{id}/_reactivate"
@@ -2951,7 +2950,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            deprecated: true;
+            summary: "Reactivate Project";
+            description: "Set the state of a project to active. Request returns an error if the project is not deactivated."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2963,11 +2963,6 @@ service ManagementService {
         };
     }
 
-    // Remove Project
-    //
-    // Deprecated: [Delete Project](apis/resources/project_service_v2/project-service-delete-project.api.mdx) to remove a project.
-    //
-    // Project and all its sub-resources like project grants, applications, roles and user grants will be removed.
     rpc RemoveProject(RemoveProjectRequest) returns (RemoveProjectResponse) {
         option (google.api.http) = {
             delete: "/projects/{id}"
@@ -2980,7 +2975,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            deprecated: true;
+            summary: "Remove Project";
+            description: "Project and all its sub-resources like project grants, applications, roles and user grants will be removed."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -2992,11 +2988,6 @@ service ManagementService {
         };
     }
 
-    // Search Project Roles
-    //
-    // Deprecated: [List Project Roles](apis/resources/project_service_v2/project-service-list-project-roles.api.mdx) to get project roles.
-    //
-    // Returns all roles of a project matching the search query.
     rpc ListProjectRoles(ListProjectRolesRequest) returns (ListProjectRolesResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/roles/_search"
@@ -3010,7 +3001,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Roles";
-            deprecated: true;
+            summary: "Search Project Roles";
+            description: "Returns all roles of a project matching the search query."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3022,11 +3014,6 @@ service ManagementService {
         };
     }
 
-    // Add Project Role
-    //
-    // Deprecated: [Add Project Role](apis/resources/project_service_v2/project-service-add-project-role.api.mdx) to add a project role.
-    //
-    // Add a new project role to a project. The key must be unique within the project.\n\nDeprecated: please use user service v2 AddProjectRole.
     rpc AddProjectRole(AddProjectRoleRequest) returns (AddProjectRoleResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/roles"
@@ -3040,7 +3027,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Roles";
-            deprecated: true;
+            summary: "Add Project Role";
+            description: "Add a new project role to a project. The key must be unique within the project."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3052,11 +3040,6 @@ service ManagementService {
         };
     }
 
-    // Bulk add Project Role
-    //
-    // Deprecated: [Add Project Role](apis/resources/project_service_v2/project-service-add-project-role.api.mdx) to add a project role.
-    //
-    // Add a list of roles to a project. The keys must be unique within the project.
     rpc BulkAddProjectRoles(BulkAddProjectRolesRequest) returns (BulkAddProjectRolesResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/roles/_bulk"
@@ -3070,7 +3053,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Roles";
-            deprecated: true;
+            summary: "Bulk Add Project Role";
+            description: "Add a list of roles to a project. The keys must be unique within the project."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3082,11 +3066,6 @@ service ManagementService {
         };
     }
 
-    // Update Project Role
-    //
-    // Deprecated: [Update Project Role](apis/resources/project_service_v2/project-service-update-project-role.api.mdx) to update a project role.
-    //
-    // Change a project role. The key is not editable. If a key should change, remove the role and create a new one.
     rpc UpdateProjectRole(UpdateProjectRoleRequest) returns (UpdateProjectRoleResponse) {
         option (google.api.http) = {
             put: "/projects/{project_id}/roles/{role_key}"
@@ -3100,7 +3079,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Roles";
-            deprecated: true;
+            summary: "Change Project Role";
+            description: "Change a project role. The key is not editable. If a key should change, remove the role and create a new one."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3112,11 +3092,6 @@ service ManagementService {
         };
     }
 
-    // Remove Project Role
-    //
-    // Deprecated: [Delete Project Role](apis/resources/project_service_v2/project-service-update-project-role.api.mdx) to remove a project role.
-    //
-    // Removes the role from the project and on every resource it has a dependency. This includes project grants and user grants.
     rpc RemoveProjectRole(RemoveProjectRoleRequest) returns (RemoveProjectRoleResponse) {
         option (google.api.http) = {
             delete: "/projects/{project_id}/roles/{role_key}"
@@ -3129,7 +3104,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Roles";
-            deprecated: true;
+            summary: "Remove Project Role";
+            description: "Removes the role from the project and on every resource it has a dependency. This includes project grants and user grants."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3793,11 +3769,6 @@ service ManagementService {
         };
     }
 
-    // Get Project Grant By ID
-    //
-    // Deprecated: [List Project Grants](apis/resources/project_service_v2/project-service-list-project-grants.api.mdx) to get a project grant.
-    //
-    // Returns a project grant. A project grant is when the organization grants its project to another organization.
     rpc GetProjectGrantByID(GetProjectGrantByIDRequest) returns (GetProjectGrantByIDResponse) {
         option (google.api.http) = {
             get: "/projects/{project_id}/grants/{grant_id}"
@@ -3809,7 +3780,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Projects";
-            deprecated: true;
+            summary: "Project Grant By ID";
+            description: "Returns a project grant. A project grant is when the organization grants its project to another organization."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3821,11 +3793,6 @@ service ManagementService {
         };
     }
 
-    // List Project Grants
-    //
-    // Deprecated: [List Project Grants](apis/resources/project_service_v2/project-service-list-project-grants.api.mdx) to list project grants.
-    //
-    // Returns a list of project grants for a specific project. A project grant is when the organization grants its project to another organization.
     rpc ListProjectGrants(ListProjectGrantsRequest) returns (ListProjectGrantsResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/grants/_search"
@@ -3839,7 +3806,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            deprecated: true;
+            summary: "Search Project Grants from Project";
+            description: "Returns a list of project grants for a specific project. A project grant is when the organization grants its project to another organization."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3851,11 +3819,6 @@ service ManagementService {
         };
     }
 
-    // Search Project Grants
-    //
-    // Deprecated: [List Project Grants](apis/resources/project_service_v2/project-service-list-project-grants.api.mdx) to list project grants.
-    //
-    // Returns a list of project grants. A project grant is when the organization grants its project to another organization.
     rpc ListAllProjectGrants(ListAllProjectGrantsRequest) returns (ListAllProjectGrantsResponse) {
         option (google.api.http) = {
             post: "/projectgrants/_search"
@@ -3868,7 +3831,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            deprecated: true;
+            summary: "Search Project Grants";
+            description: "Returns a list of project grants. A project grant is when the organization grants its project to another organization."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3880,11 +3844,6 @@ service ManagementService {
         };
     }
 
-    // Add Project Grant
-    //
-    // Deprecated: [Create Project Grant](apis/resources/project_service_v2/project-service-create-project-grant.api.mdx) to add a project grant.
-    //
-    // Grant a project to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization.
     rpc AddProjectGrant(AddProjectGrantRequest) returns (AddProjectGrantResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/grants"
@@ -3897,7 +3856,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            deprecated: true;
+            summary: "Add Project Grant";
+            description: "Grant a project to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization"
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3909,11 +3869,6 @@ service ManagementService {
         };
     }
 
-    // Update Project Grant
-    //
-    // Deprecated: [Update Project Grant](apis/resources/project_service_v2/project-service-update-project-grant.api.mdx) to update a project grant.
-    //
-    // Change the roles of the project that is granted to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization.
     rpc UpdateProjectGrant(UpdateProjectGrantRequest) returns (UpdateProjectGrantResponse) {
         option (google.api.http) = {
             put: "/projects/{project_id}/grants/{grant_id}"
@@ -3926,7 +3881,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            deprecated: true;
+            summary: "Change Project Grant";
+            description: "Change the roles of the project that is granted to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization"
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3938,11 +3894,6 @@ service ManagementService {
         };
     }
 
-    // Deactivate Project Grant
-    //
-    // Deprecated: [Deactivate Project Grant](apis/resources/project_service_v2/project-service-deactivate-project-grant.api.mdx) to deactivate a project grant.
-    //
-    // Set the state of the project grant to deactivated. The grant has to be active to be able to deactivate.
     rpc DeactivateProjectGrant(DeactivateProjectGrantRequest) returns (DeactivateProjectGrantResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/grants/{grant_id}/_deactivate"
@@ -3955,7 +3906,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            deprecated: true;
+            summary: "Deactivate Project Grant";
+            description: "Set the state of the project grant to deactivated. The grant has to be active to be able to deactivate."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3967,11 +3919,6 @@ service ManagementService {
         };
     }
 
-    // Reactivate Project Grant
-    //
-    // Deprecated: [Activate Project Grant](apis/resources/project_service_v2/project-service-activate-project-grant.api.mdx) to activate a project grant.
-    //
-    // Set the state of the project grant to active. The grant has to be deactivated to be able to reactivate.
     rpc ReactivateProjectGrant(ReactivateProjectGrantRequest) returns (ReactivateProjectGrantResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/grants/{grant_id}/_reactivate"
@@ -3984,7 +3931,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            deprecated: true;
+            summary: "Reactivate Project Grant";
+            description: "Set the state of the project grant to active. The grant has to be deactivated to be able to reactivate."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -3996,11 +3944,6 @@ service ManagementService {
         };
     }
 
-    // Remove Project Grant
-    //
-    // Deprecated: [Delete Project Grant](apis/resources/project_service_v2/project-service-delete-project-grant.api.mdx) to remove a project grant.
-    //
-    // Remove a project grant. All user grants for this project grant will also be removed. A user will not have access to the project afterward (if permissions are checked).
     rpc RemoveProjectGrant(RemoveProjectGrantRequest) returns (RemoveProjectGrantResponse) {
         option (google.api.http) = {
             delete: "/projects/{project_id}/grants/{grant_id}"
@@ -4012,7 +3955,8 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Project Grants";
-            deprecated: true;
+            summary: "Remove Project Grant";
+            description: "Remove a project grant. All user grants for this project grant will also be removed. A user will not have access to the project afterward (if permissions are checked)."
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
diff --git a/proto/zitadel/metadata/v2beta/metadata.proto b/proto/zitadel/metadata/v2beta/metadata.proto
new file mode 100644
index 0000000000..87fcc51869
--- /dev/null
+++ b/proto/zitadel/metadata/v2beta/metadata.proto
@@ -0,0 +1,57 @@
+syntax = "proto3";
+
+import "zitadel/object/v2beta/object.proto";
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "validate/validate.proto";
+import "google/protobuf/timestamp.proto";
+
+package zitadel.metadata.v2beta;
+
+option go_package ="github.com/zitadel/zitadel/pkg/grpc/metadata/v2beta";
+
+message Metadata {
+  google.protobuf.Timestamp creation_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+  google.protobuf.Timestamp change_date = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+  string key = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        description: "metadata key",
+        example: "\"key1\"";
+    }
+  ];
+  bytes value = 4 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        description: "metadata value is base64 encoded, make sure to decode to get the value",
+        example: "\"VGhpcyBpcyBteSBmaXJzdCB2YWx1ZQ==\"";
+    }
+  ];
+}
+
+message MetadataQuery {
+  oneof query {
+    option (validate.required) = true;
+    MetadataKeyQuery key_query = 1;
+  }
+}
+
+message MetadataKeyQuery {
+  string key = 1 [
+    (validate.rules).string = {max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"key\""
+    }
+  ];
+  zitadel.object.v2beta.TextQueryMethod method = 2 [
+    (validate.rules).enum.defined_only = true,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "defines which text equality method is used";
+    }
+  ];
+}
diff --git a/proto/zitadel/org/v2beta/org.proto b/proto/zitadel/org/v2beta/org.proto
new file mode 100644
index 0000000000..08cf47e820
--- /dev/null
+++ b/proto/zitadel/org/v2beta/org.proto
@@ -0,0 +1,169 @@
+syntax = "proto3";
+
+package zitadel.org.v2beta;
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/org/v2beta;org";
+
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "validate/validate.proto";
+import "zitadel/object/v2beta/object.proto";
+import "google/protobuf/timestamp.proto";
+
+message Organization {
+  // Unique identifier of the organization.
+  string id = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629023906488334\""
+    }
+  ];
+
+  // The timestamp of the organization was created.
+  google.protobuf.Timestamp creation_date = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+
+  //  The timestamp of the verification of the organization domain.
+  google.protobuf.Timestamp changed_date = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+
+  // Current state of the organization, for example active, inactive and deleted.
+  OrgState state = 4;
+
+  // Name of the organization.
+  string name = 5 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"ZITADEL\"";
+    }
+  ];
+  // Primary domain used in the organization.
+  string primary_domain = 6 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"zitadel.cloud\"";
+    }
+  ];
+}
+
+enum OrgState {
+  ORG_STATE_UNSPECIFIED = 0;
+  ORG_STATE_ACTIVE = 1;
+  ORG_STATE_INACTIVE = 2;
+  ORG_STATE_REMOVED = 3;
+}
+
+enum OrgFieldName {
+    ORG_FIELD_NAME_UNSPECIFIED = 0;
+    ORG_FIELD_NAME_NAME = 1;
+    ORG_FIELD_NAME_CREATION_DATE = 2;
+}
+
+message OrganizationSearchFilter{
+    oneof filter {
+        option (validate.required) = true;
+
+        OrgNameFilter name_filter = 1;
+        OrgDomainFilter domain_filter = 2;
+        OrgStateFilter state_filter = 3;
+        OrgIDFilter id_filter = 4;
+    }
+}
+message OrgNameFilter {
+    // Organization name.
+    string name = 1 [
+        (validate.rules).string = {max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"ZITADEL\"";
+        }
+    ];
+  // Defines which text equality method is used.
+    zitadel.object.v2beta.TextQueryMethod method = 2 [
+        (validate.rules).enum.defined_only = true
+    ];
+}
+
+message OrgDomainFilter {
+    // The domain.
+    string domain = 1 [
+        (validate.rules).string = {max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"zitadel.cloud\"";
+        }
+    ];
+  // Defines which text equality method is used.
+    zitadel.object.v2beta.TextQueryMethod method = 2 [
+        (validate.rules).enum.defined_only = true
+    ];
+}
+
+message OrgStateFilter {
+    // Current state of the organization.
+    OrgState state = 1 [
+        (validate.rules).enum.defined_only = true
+    ];
+}
+
+message OrgIDFilter {
+    // The Organization id.
+    string id = 1 [
+        (validate.rules).string = {max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"69629023906488334\""
+        }
+    ];
+}
+
+// from proto/zitadel/org.proto
+message DomainSearchFilter {
+    oneof filter {
+        option (validate.required) = true;
+        DomainNameFilter domain_name_filter = 1;
+    }
+}
+
+// from proto/zitadel/org.proto
+message DomainNameFilter {
+    // The domain.
+    string name = 1 [
+        (validate.rules).string = {max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"zitadel.cloud\"";
+        }
+    ];
+  // Defines which text equality method is used.
+    zitadel.object.v2beta.TextQueryMethod method = 2 [
+        (validate.rules).enum.defined_only = true
+    ];
+}
+
+// from proto/zitadel/org.proto
+message Domain {
+    // The Organization id.
+    string organization_id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"69629023906488334\""
+        }
+    ];
+    // The domain name.
+    string domain_name = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"zitadel.com\"";
+        }
+    ];
+    // Defines if the domain is verified.
+    bool is_verified = 3;
+    // Defines if the domain is the primary domain.
+    bool is_primary = 4;
+    // Defines the protocol the domain was validated with.
+    DomainValidationType validation_type = 5;
+}
+
+// from proto/zitadel/org.proto
+enum DomainValidationType {
+    DOMAIN_VALIDATION_TYPE_UNSPECIFIED = 0;
+    DOMAIN_VALIDATION_TYPE_HTTP = 1;
+    DOMAIN_VALIDATION_TYPE_DNS = 2;
+}
diff --git a/proto/zitadel/org/v2beta/org_service.proto b/proto/zitadel/org/v2beta/org_service.proto
index e303b676d7..28c823a89b 100644
--- a/proto/zitadel/org/v2beta/org_service.proto
+++ b/proto/zitadel/org/v2beta/org_service.proto
@@ -6,24 +6,22 @@ package zitadel.org.v2beta;
 import "zitadel/object/v2beta/object.proto";
 import "zitadel/protoc_gen_zitadel/v2/options.proto";
 import "zitadel/user/v2beta/auth.proto";
-import "zitadel/user/v2beta/email.proto";
-import "zitadel/user/v2beta/phone.proto";
-import "zitadel/user/v2beta/idp.proto";
-import "zitadel/user/v2beta/password.proto";
-import "zitadel/user/v2beta/user.proto";
+import "zitadel/org/v2beta/org.proto";
+import "zitadel/metadata/v2beta/metadata.proto";
 import "zitadel/user/v2beta/user_service.proto";
 import "google/api/annotations.proto";
 import "google/api/field_behavior.proto";
-import "google/protobuf/duration.proto";
 import "google/protobuf/struct.proto";
 import "protoc-gen-openapiv2/options/annotations.proto";
 import "validate/validate.proto";
+import "google/protobuf/timestamp.proto";
+import "zitadel/filter/v2beta/filter.proto";
 
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/org/v2beta;org";
 
 option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
   info: {
-    title: "User Service";
+    title: "Organization Service (Beta)";
     version: "2.0-beta";
     description: "This API is intended to manage organizations in a ZITADEL instance. This project is in beta state. It can AND will continue breaking until the services provide the same functionality as the current login.";
     contact:{
@@ -111,8 +109,13 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
 
 service OrganizationService {
 
-  // Create a new organization and grant the user(s) permission to manage it
-  rpc AddOrganization(AddOrganizationRequest) returns (AddOrganizationResponse) {
+  // Create Organization
+  //
+  // Create a new organization with an administrative user. If no specific roles are sent for the users, they will be granted the role ORG_OWNER.
+  //
+  // Required permission:
+  //  - `org.create`
+  rpc CreateOrganization(CreateOrganizationRequest) returns (CreateOrganizationResponse) {
     option (google.api.http) = {
       post: "/v2beta/organizations"
       body: "*"
@@ -122,34 +125,411 @@ service OrganizationService {
       auth_option: {
         permission: "org.create"
       }
-      http_response: {
-        success_code: 201
-      }
     };
 
-    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      summary: "Create an Organization";
-      description: "Create a new organization with an administrative user. If no specific roles are sent for the users, they will be granted the role ORG_OWNER."
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
       responses: {
-        key: "200"
+        key: "200";
         value: {
-          description: "OK";
+          description: "Organization created successfully";
+        };
+      };
+      responses: {
+        key: "409"
+        value: {
+          description: "The organization to create already exists.";
         }
       };
     };
   }
+
+  // Update Organization
+  //
+  // Change the name of the organization.
+  //
+  // Required permission:
+  //  - `org.write`
+  rpc UpdateOrganization(UpdateOrganizationRequest) returns (UpdateOrganizationResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/organizations/{id}"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "org.write"
+      }
+    };
+
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Organization created successfully";
+        };
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "Organisation's not found";
+        }
+      };
+      responses: {
+        key: "409"
+        value: {
+          description: "Organisation's name already taken";
+        }
+      };
+    };
+
+  }
+
+  // List Organizations
+  //
+  // Returns a list of organizations that match the requesting filters. All filters are applied with an AND condition.
+  //
+  // Required permission:
+  //  - `iam.read`
+  rpc ListOrganizations(ListOrganizationsRequest) returns (ListOrganizationsResponse) {
+    option (google.api.http) = {
+        post: "/v2beta/organizations/search";
+        body: "*";
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.read";
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+      };
+    };
+  }
+
+  // Delete Organization
+  //
+  // Deletes the organization and all its resources (Users, Projects, Grants to and from the org). Users of this organization will not be able to log in.
+  //
+  // Required permission:
+  //  - `org.delete`
+  rpc DeleteOrganization(DeleteOrganizationRequest) returns (DeleteOrganizationResponse) {
+    option (google.api.http) = {
+        delete: "/v2beta/organizations/{id}"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "org.delete";
+      }
+    };
+
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "Organization created successfully";
+        };
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "Organisation's not found";
+        }
+      };
+    };
+  }
+
+  // Set Organization Metadata
+  //
+  // Adds or updates a metadata value for the requested key. Make sure the value is base64 encoded.
+  //
+  // Required permission:
+  //  - `org.write`
+  rpc SetOrganizationMetadata(SetOrganizationMetadataRequest) returns (SetOrganizationMetadataResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/organizations/{organization_id}/metadata"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "org.write"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        responses: {
+          key: "200";
+        };
+        responses: {
+          // TODO This needs to chagne to 404
+          key: "400"
+          value: {
+            description: "Organisation's not found";
+          }
+        };
+      };
+  }
+
+  // List Organization Metadata
+  //
+  // List metadata of an organization filtered by query.
+  //
+  // Required permission:
+  //  - `org.read`
+  rpc ListOrganizationMetadata(ListOrganizationMetadataRequest) returns (ListOrganizationMetadataResponse ) {
+    option (google.api.http) = {
+        post: "/v2beta/organizations/{organization_id}/metadata/search"
+        body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = { auth_option: {
+        permission: "org.read"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        responses: {
+          key: "200";
+        };
+      };
+
+  }
+
+  // Delete Organization Metadata
+  //
+  // Delete metadata objects from an organization with a specific key.
+  //
+  // Required permission:
+  //  - `org.write`
+  rpc DeleteOrganizationMetadata(DeleteOrganizationMetadataRequest) returns (DeleteOrganizationMetadataResponse) {
+      option (google.api.http) = {
+          delete: "/v2beta/organizations/{organization_id}/metadata"
+      };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "org.write"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        responses: {
+          key: "200";
+        };
+      };
+
+  }
+
+  // Add Organization Domain
+  //
+  // Add a new domain to an organization. The domains are used to identify to which organization a user belongs.
+  //
+  // Required permission:
+  //  - `org.write`
+  rpc AddOrganizationDomain(AddOrganizationDomainRequest) returns (AddOrganizationDomainResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/organizations/{organization_id}/domains"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "org.write"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        responses: {
+          key: "200";
+        };
+        responses: {
+          key: "409"
+          value: {
+            description: "Domain already exists";
+          }
+        };
+      };
+
+  }
+
+  // List Organization Domains
+  //
+  // Returns the list of registered domains of an organization. The domains are used to identify to which organization a user belongs. 
+  //
+  // Required permission:
+  //  - `org.read`
+  rpc ListOrganizationDomains(ListOrganizationDomainsRequest) returns (ListOrganizationDomainsResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/organizations/{organization_id}/domains/search"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "org.read"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        responses: {
+          key: "200";
+        };
+      };
+
+  }
+
+  // Delete Organization Domain
+  //
+  // Delete a new domain from an organization. The domains are used to identify to which organization a user belongs. If the uses use the domain for login, this will not be possible afterwards. They have to use another domain instead.
+  //
+  // Required permission:
+  //  - `org.write`
+  rpc DeleteOrganizationDomain(DeleteOrganizationDomainRequest) returns (DeleteOrganizationDomainResponse) {
+    option (google.api.http) = {
+      delete: "/v2beta/organizations/{organization_id}/domains"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "org.write"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        responses: {
+          key: "200";
+        };
+      };
+
+  }
+
+  // Generate Organization Domain Validation
+  //
+  // Generate a new file to be able to verify your domain with DNS or HTTP challenge.
+  //
+  // Required permission:
+  //  - `org.write`
+  rpc GenerateOrganizationDomainValidation(GenerateOrganizationDomainValidationRequest) returns (GenerateOrganizationDomainValidationResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/organizations/{organization_id}/domains/validation/generate"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "org.write"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        responses: {
+          key: "200";
+        };
+        responses: {
+          key: "404"
+          value: {
+            description: "Domain doesn't exist on organization";
+          }
+        };
+      };
+  }
+
+  // Verify Organization Domain
+  //
+  // Make sure you have added the required verification to your domain, depending on the method you have chosen (HTTP or DNS challenge). ZITADEL will check it and set the domain as verified if it was successful. A verify domain has to be unique.
+  //
+  // Required permission:
+  //  - `org.write`
+  rpc VerifyOrganizationDomain(VerifyOrganizationDomainRequest) returns (VerifyOrganizationDomainResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/organizations/{organization_id}/domains/validation/verify"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "org.write"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        responses: {
+          key: "200";
+        };
+      };
+  }
+
+  // Deactivate Organization
+  //
+  // Sets the state of my organization to deactivated. Users of this organization will not be able to log in.
+  //
+  // Required permission:
+  //  - `org.write`
+  rpc DeactivateOrganization(DeactivateOrganizationRequest) returns (DeactivateOrganizationResponse) {
+    option (google.api.http) = {
+      post: "/v2beta/organizations/{id}/deactivate"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "org.write"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+        responses: {
+          key: "200";
+        };
+      };
+
+  }
+
+  // Activate Organization
+  //
+  // Set the state of my organization to active. The state of the organization has to be deactivated to perform the request. Users of this organization will be able to log in again.
+  //
+  // Required permission:
+  //  - `org.write`
+  rpc ActivateOrganization(ActivateOrganizationRequest) returns (ActivateOrganizationResponse) {
+    option (google.api.http) = {
+        post: "/v2beta/organizations/{id}/activate"
+        body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "org.write"
+      }
+    };
+
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+      };
+    };
+
+  }
+
+
 }
 
-message AddOrganizationRequest{
+message CreateOrganizationRequest{
+  // The Admin for the newly created Organization.
   message Admin {
     oneof user_type{
       string user_id = 1;
       zitadel.user.v2beta.AddHumanUserRequest human = 2;
     }
-    // specify Org Member Roles for the provided user (default is ORG_OWNER if roles are empty)
+    // specify Organization Member Roles for the provided user (default is ORG_OWNER if roles are empty)
     repeated string roles = 3;
   }
 
+  // name of the Organization to be created.
   string name = 1 [
     (validate.rules).string = {min_len: 1, max_len: 200},
     (google.api.field_behavior) = REQUIRED,
@@ -159,24 +539,403 @@ message AddOrganizationRequest{
       example: "\"ZITADEL\"";
     }
   ];
-  repeated Admin admins = 2;
-  // optionally set your own id unique for the organization.
-  optional string org_id = 3 [
-    (validate.rules).string = {min_len: 1, max_len: 200},
+	// Optionally set your own id unique for the organization.
+  optional string id = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200 },
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
       max_length: 200;
-      example: "\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\"";
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // Additional Admins for the Organization.
+  repeated Admin admins = 3;
+}
+
+message CreatedAdmin {
+  string user_id = 1;
+  optional string email_code = 2;
+  optional string phone_code = 3;
+}
+
+message CreateOrganizationResponse{
+  // The timestamp of the organization was created.
+  google.protobuf.Timestamp creation_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+
+  // Organization ID of the newly created organization.
+  string id = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629012906488334\"";
+    }
+  ];
+
+  // The admins created for the Organization
+  repeated CreatedAdmin created_admins = 3;
+}
+
+message UpdateOrganizationRequest {
+  // Organization Id for the Organization to be updated
+  string id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629012906488334\"";
+    }
+  ];
+
+  // New Name for the Organization to be updated
+  string name = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"Customer 1\"";
     }
   ];
 }
 
-message AddOrganizationResponse{
-  message CreatedAdmin {
-    string user_id = 1;
-    optional string email_code = 2;
-    optional string phone_code = 3;
-  }
-  zitadel.object.v2beta.Details details = 1;
-  string organization_id = 2;
-  repeated CreatedAdmin created_admins = 3;
+message UpdateOrganizationResponse {
+  // The timestamp of the update to the organization.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message ListOrganizationsRequest {
+  // List limitations and ordering.
+  optional zitadel.filter.v2beta.PaginationRequest pagination = 1;
+  // the field the result is sorted
+  zitadel.org.v2beta.OrgFieldName sorting_column = 2;
+  // Define the criteria to query for.
+  // repeated ProjectRoleQuery filters = 4;
+  repeated zitadel.org.v2beta.OrganizationSearchFilter filter = 3;
+}
+
+message ListOrganizationsResponse {
+  // Pagination of the Organizations results
+  zitadel.filter.v2beta.PaginationResponse pagination = 1;
+  // The Organizations requested
+  repeated zitadel.org.v2beta.Organization organizations = 2;
+}
+
+message DeleteOrganizationRequest {
+
+  // Organization Id for the Organization to be deleted
+  string id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629023906488334\"";
+      min_length: 1;
+      max_length: 200;
+    }
+  ];
+}
+
+message DeleteOrganizationResponse {
+  // The timestamp of the deletion of the organization.
+  google.protobuf.Timestamp deletion_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message DeactivateOrganizationRequest {
+  // Organization Id for the Organization to be deactivated
+  string id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629023906488334\"";
+      min_length: 1;
+      max_length: 200;
+    }
+  ];
+}
+
+message DeactivateOrganizationResponse {
+  // The timestamp of the deactivation of the organization.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message ActivateOrganizationRequest {
+  // Organization Id for the Organization to be activated
+  string id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629023906488334\"";
+      min_length: 1;
+      max_length: 200;
+    }
+  ];
+}
+
+message ActivateOrganizationResponse {
+  // The timestamp of the activation of the organization.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message AddOrganizationDomainRequest {
+  // Organization Id for the Organization for which the domain is to be added to.
+  string organization_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The domain you want to add to the organization.
+    string domain = 2 [
+      (validate.rules).string = {min_len: 1, max_len: 200},
+      (google.api.field_behavior) = REQUIRED,
+      (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+          min_length: 1;
+          max_length: 200;
+          example: "\"testdomain.com\"";
+      }
+    ];
+}
+
+message AddOrganizationDomainResponse {
+  // The timestamp of the organization was created.
+  google.protobuf.Timestamp creation_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+}
+
+message ListOrganizationDomainsRequest {
+  // Organization Id for the Organization which domains are to be listed.
+  string organization_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629012906488334\"";
+    }
+  ];
+  
+  // List limitations and ordering.
+  optional zitadel.filter.v2beta.PaginationRequest pagination = 2;
+  // Define the criteria to query for.
+  repeated DomainSearchFilter filters = 3;
+}
+
+message ListOrganizationDomainsResponse {
+  // Pagination of the Organizations domain results.
+  zitadel.filter.v2beta.PaginationResponse pagination = 1;
+  // The domains requested.
+  repeated Domain domains = 2;
+}
+
+message DeleteOrganizationDomainRequest {
+  // Organization Id for the Organization which domain is to be deleted.
+  string organization_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629012906488334\"";
+    }
+  ];
+  string domain = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        min_length: 1;
+        max_length: 200;
+        example: "\"testdomain.com\"";
+    }
+  ];
+}
+
+message DeleteOrganizationDomainResponse {
+  // The timestamp of the deletion of the organization domain.
+  google.protobuf.Timestamp deletion_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message GenerateOrganizationDomainValidationRequest {
+  // Organization Id for the Organization which doman to be validated.
+  string organization_id = 1 [
+
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The domain which to be deleted.
+  string domain = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        min_length: 1;
+        max_length: 200;
+        example: "\"testdomain.com\"";
+    }
+  ];
+  DomainValidationType type = 3 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
+}
+
+message GenerateOrganizationDomainValidationResponse {
+  // The token verify domain.
+  string token = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"ofSBHsSAVHAoTIE4Iv2gwhaYhTjcY5QX\"";
+    }
+  ];
+  // URL used to verify the domain.
+  string url = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"https://testdomain.com/.well-known/zitadel-challenge/ofSBHsSAVHAoTIE4Iv2gwhaYhTjcY5QX\"";
+    }
+  ];
+}
+
+message VerifyOrganizationDomainRequest {
+  // Organization Id for the Organization doman to be verified.
+  string organization_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // Organization Id for the Organization doman to be verified.
+  string domain = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"testdomain.com\"";
+    }
+  ];
+}
+
+message VerifyOrganizationDomainResponse {
+  // The timestamp of the verification of the organization domain.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message Metadata {
+  // Key in the metadata key/value pair.
+  string key = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  // Value in the metadata key/value pair.
+  bytes value = 2 [(validate.rules).bytes = {min_len: 1, max_len: 500000}];
+}
+message SetOrganizationMetadataRequest{
+  // Organization Id for the Organization doman to be verified.
+  string organization_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // Metadata to set.
+  repeated Metadata metadata = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      title: "Medata (Key/Value)"
+      description: "The values have to be base64 encoded.";
+      example: "[{\"key\": \"test1\", \"value\": \"VGhpcyBpcyBteSBmaXJzdCB2YWx1ZQ==\"}, {\"key\": \"test2\", \"value\": \"VGhpcyBpcyBteSBzZWNvbmQgdmFsdWU=\"}]"
+    }
+  ];
+}
+
+message SetOrganizationMetadataResponse{
+  // The timestamp of the update of the organization metadata.
+  google.protobuf.Timestamp set_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message ListOrganizationMetadataRequest {
+  // Organization ID of Orgalization which metadata is to be listed.
+  string organization_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629012906488334\"";
+    }
+  ];
+
+  // List limitations and ordering.
+  optional zitadel.filter.v2beta.PaginationRequest pagination = 2;
+  // Define the criteria to query for.
+  repeated zitadel.metadata.v2beta.MetadataQuery filter = 3;
+}
+
+message ListOrganizationMetadataResponse {
+  // Pagination of the Organizations metadata results.
+  zitadel.filter.v2beta.PaginationResponse pagination = 1;
+  // The Organization metadata requested.
+  repeated zitadel.metadata.v2beta.Metadata metadata = 2;
+}
+
+message DeleteOrganizationMetadataRequest {
+  // Organization ID of Orgalization which metadata is to be deleted is stored on.
+  string organization_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The keys for the Organization metadata to be deleted.
+  repeated string keys = 2 [(validate.rules).repeated.items.string = {min_len: 1, max_len: 200}];
+}
+
+message DeleteOrganizationMetadataResponse{
+  // The timestamp of the deletiion of the organization metadata.
+  google.protobuf.Timestamp deletion_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
 }

From 15902f5bc79047dd1bf6083e60047a4acccad353 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Tue, 3 Jun 2025 14:48:15 +0200
Subject: [PATCH 079/123] fix(cache): prevent org cache overwrite by other
 instances (#10012)

# Which Problems Are Solved

A customer reported that randomly certain login flows, such as automatic
redirect to the only configured IdP would not work. During the
investigation it was discovered that they used that same primary domain
on two different instances. As they used the domain for preselecting the
organization, one would always overwrite the other in the cache. Since
The organization and especially it's policies could not be retrieved on
the other instance, it would fallback to the default organization
settings, where the external login and the corresponding IdP were not
configured.

# How the Problems Are Solved

Include the instance id in the cache key for organizations to prevent
overwrites.

# Additional Changes

None

# Additional Context

- found because of a support request
- requires backport to 2.70.x, 2.71.x and 3.x
---
 internal/query/org.go        | 22 +++++++++++++++++-----
 internal/query/org_test.go   |  4 ++++
 internal/v2/readmodel/org.go |  2 ++
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/internal/query/org.go b/internal/query/org.go
index dfe90ad9f8..e2d9e205da 100644
--- a/internal/query/org.go
+++ b/internal/query/org.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	domain_pkg "github.com/zitadel/zitadel/internal/domain"
+	es "github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
 	"github.com/zitadel/zitadel/internal/feature"
 	"github.com/zitadel/zitadel/internal/query/projection"
@@ -77,6 +78,8 @@ type Org struct {
 	ResourceOwner string
 	State         domain_pkg.OrgState
 	Sequence      uint64
+	// instanceID is used to create a unique cache key for the org
+	instanceID string
 
 	Name   string
 	Domain string
@@ -122,7 +125,7 @@ func (q *Queries) OrgByID(ctx context.Context, shouldTriggerBulk bool, id string
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	if org, ok := q.caches.org.Get(ctx, orgIndexByID, id); ok {
+	if org, ok := q.caches.org.Get(ctx, orgIndexByID, orgCacheKey(authz.GetInstance(ctx).InstanceID(), id)); ok {
 		return org, nil
 	}
 	defer func() {
@@ -159,6 +162,7 @@ func (q *Queries) OrgByID(ctx context.Context, shouldTriggerBulk bool, id string
 		ResourceOwner: foundOrg.Owner,
 		State:         domain_pkg.OrgState(foundOrg.State.State),
 		Sequence:      uint64(foundOrg.Sequence),
+		instanceID:    foundOrg.InstanceID,
 		Name:          foundOrg.Name,
 		Domain:        foundOrg.PrimaryDomain.Domain,
 	}, nil
@@ -195,7 +199,7 @@ func (q *Queries) OrgByPrimaryDomain(ctx context.Context, domain string) (org *O
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	org, ok := q.caches.org.Get(ctx, orgIndexByPrimaryDomain, domain)
+	org, ok := q.caches.org.Get(ctx, orgIndexByPrimaryDomain, orgCacheKey(authz.GetInstance(ctx).InstanceID(), domain))
 	if ok {
 		return org, nil
 	}
@@ -430,6 +434,7 @@ func prepareOrgQuery() (sq.SelectBuilder, func(*sql.Row) (*Org, error)) {
 			OrgColumnResourceOwner.identifier(),
 			OrgColumnState.identifier(),
 			OrgColumnSequence.identifier(),
+			OrgColumnInstanceID.identifier(),
 			OrgColumnName.identifier(),
 			OrgColumnDomain.identifier(),
 		).
@@ -444,6 +449,7 @@ func prepareOrgQuery() (sq.SelectBuilder, func(*sql.Row) (*Org, error)) {
 				&o.ResourceOwner,
 				&o.State,
 				&o.Sequence,
+				&o.instanceID,
 				&o.Name,
 				&o.Domain,
 			)
@@ -521,15 +527,21 @@ const (
 func (o *Org) Keys(index orgIndex) []string {
 	switch index {
 	case orgIndexByID:
-		return []string{o.ID}
+		return []string{orgCacheKey(o.instanceID, o.ID)}
 	case orgIndexByPrimaryDomain:
-		return []string{o.Domain}
+		return []string{orgCacheKey(o.instanceID, o.Domain)}
 	case orgIndexUnspecified:
 	}
 	return nil
 }
 
+func orgCacheKey(instanceID, key string) string {
+	return instanceID + "-" + key
+}
+
 func (c *Caches) registerOrgInvalidation() {
-	invalidate := cacheInvalidationFunc(c.org, orgIndexByID, getAggregateID)
+	invalidate := cacheInvalidationFunc(c.org, orgIndexByID, func(aggregate *es.Aggregate) string {
+		return orgCacheKey(aggregate.InstanceID, aggregate.ID)
+	})
 	projection.OrgProjection.RegisterCacheInvalidation(invalidate)
 }
diff --git a/internal/query/org_test.go b/internal/query/org_test.go
index d704d2901a..635594e7fd 100644
--- a/internal/query/org_test.go
+++ b/internal/query/org_test.go
@@ -50,6 +50,7 @@ var (
 		` projections.orgs1.resource_owner,` +
 		` projections.orgs1.org_state,` +
 		` projections.orgs1.sequence,` +
+		` projections.orgs1.instance_id,` +
 		` projections.orgs1.name,` +
 		` projections.orgs1.primary_domain` +
 		` FROM projections.orgs1`
@@ -60,6 +61,7 @@ var (
 		"resource_owner",
 		"org_state",
 		"sequence",
+		"instance_id",
 		"name",
 		"primary_domain",
 	}
@@ -242,6 +244,7 @@ func Test_OrgPrepares(t *testing.T) {
 						"ro",
 						domain.OrgStateActive,
 						uint64(20211108),
+						"instance-id",
 						"org-name",
 						"zitadel.ch",
 					},
@@ -254,6 +257,7 @@ func Test_OrgPrepares(t *testing.T) {
 				ResourceOwner: "ro",
 				State:         domain.OrgStateActive,
 				Sequence:      20211108,
+				instanceID:    "instance-id",
 				Name:          "org-name",
 				Domain:        "zitadel.ch",
 			},
diff --git a/internal/v2/readmodel/org.go b/internal/v2/readmodel/org.go
index 94bcb21537..ce61ef69b0 100644
--- a/internal/v2/readmodel/org.go
+++ b/internal/v2/readmodel/org.go
@@ -18,6 +18,7 @@ type Org struct {
 	CreationDate time.Time
 	ChangeDate   time.Time
 	Owner        string
+	InstanceID   string
 }
 
 func NewOrg(id string) *Org {
@@ -60,6 +61,7 @@ func (rm *Org) Reduce(events ...*eventstore.StorageEvent) error {
 		}
 		rm.Sequence = event.Sequence
 		rm.ChangeDate = event.CreatedAt
+		rm.InstanceID = event.Aggregate.Instance
 	}
 	if err := rm.State.Reduce(events...); err != nil {
 		return err

From b8ff83454e8cf08f8969db94266c44a0ee158b06 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabienne=20B=C3=BChler?= <fabienne@zitadel.com>
Date: Tue, 3 Jun 2025 15:44:04 +0200
Subject: [PATCH 080/123] docs: product roadmap and zitadel versions (#9838)

# Which Problems Are Solved

The current public roadmap can be hard to understand for customers and
it doesn't show the timelines for the different versions. which results
in a lot of requests.
It only outlines what is already fixed on the timeline, but doesn't give
any possibilities to outline future topics / features, which not yet
have a timeline

# How the Problems Are Solved

A new roadmap page is added
- Outline for each version when it will have which state
- Outline different zitadel versions with its features, deprecations,
breaking changes, etc.
- Show future topics, which are not yet on the roadmap
---
 docs/docs/apis/introduction.mdx               |   2 +-
 docs/docs/concepts/architecture/software.md   |   2 +-
 docs/docs/guides/integrate/actions/usage.md   |   2 +-
 .../guides/integrate/login-ui/device-auth.mdx |   4 +-
 .../integrate/login-ui/oidc-standard.mdx      |   2 +-
 .../integrate/login-ui/saml-standard.mdx      |   2 +-
 .../guides/integrate/login/login-users.mdx    |   4 +-
 .../guides/integrate/login/oidc/webkeys.md    |   2 +-
 docs/docs/guides/manage/customize/branding.md |   2 +-
 docs/docs/product/_beta-ga.mdx                |   1 +
 docs/docs/product/_breaking-changes.mdx       |   1 +
 docs/docs/product/_deprecated.mdx             |   1 +
 docs/docs/product/_new-feature.mdx            |   1 +
 docs/docs/product/_sdk_v3.mdx                 |  32 +
 docs/docs/product/release-cycle.mdx           |  63 ++
 docs/docs/product/roadmap.mdx                 | 714 ++++++++++++++++++
 docs/sidebars.js                              |  15 +-
 docs/src/css/custom.css                       |   4 +
 docs/static/img/product/release-cycle.png     | Bin 0 -> 102080 bytes
 19 files changed, 842 insertions(+), 12 deletions(-)
 create mode 100644 docs/docs/product/_beta-ga.mdx
 create mode 100644 docs/docs/product/_breaking-changes.mdx
 create mode 100644 docs/docs/product/_deprecated.mdx
 create mode 100644 docs/docs/product/_new-feature.mdx
 create mode 100644 docs/docs/product/_sdk_v3.mdx
 create mode 100644 docs/docs/product/release-cycle.mdx
 create mode 100644 docs/docs/product/roadmap.mdx
 create mode 100644 docs/static/img/product/release-cycle.png

diff --git a/docs/docs/apis/introduction.mdx b/docs/docs/apis/introduction.mdx
index e05a7e84b3..905adfc0fb 100644
--- a/docs/docs/apis/introduction.mdx
+++ b/docs/docs/apis/introduction.mdx
@@ -45,7 +45,7 @@ The [OIDC Playground](https://zitadel.com/playgrounds/oidc) is for testing OpenI
 
 ### Custom
 
-ZITADEL allows to authenticate users by creating a session with the [Session API](/docs/apis/resources/session_service_v2), get OIDC authentication request details with the [OIDC service API](/docs/apis/resources/oidc_service) or get SAML request details with the [SAML service API](/docs/apis/resources/saml_service).
+ZITADEL allows to authenticate users by creating a session with the [Session API](/docs/apis/resources/session_service_v2), get OIDC authentication request details with the [OIDC service API](/docs/apis/resources/oidc_service_v2) or get SAML request details with the [SAML service API](/docs/apis/resources/saml_service_v2).
 User authorizations can be [retrieved as roles from our APIs](/docs/guides/integrate/retrieve-user-roles).
 
 Refer to our guide to learn how to [build your own login UI](/docs/guides/integrate/login-ui)
diff --git a/docs/docs/concepts/architecture/software.md b/docs/docs/concepts/architecture/software.md
index dc6f2b56c7..01bacfe12d 100644
--- a/docs/docs/concepts/architecture/software.md
+++ b/docs/docs/concepts/architecture/software.md
@@ -147,5 +147,5 @@ Zitadel currently supports PostgreSQL.
 Make sure to read our [Production Guide](/docs/self-hosting/manage/production#prefer-postgresql) before you decide on using one of them.
 
 :::info
-Zitadel v2 supported CockroachDB and PostgreSQL. Zitadel v3 only supports PostgreSQL. Please refer to [the mirror guide](cli/mirror) to migrate to PostgreSQL.
+Zitadel v2 supported CockroachDB and PostgreSQL. Zitadel v3 only supports PostgreSQL. Please refer to [the mirror guide](/docs/self-hosting/manage/cli/mirror) to migrate to PostgreSQL.
 :::
\ No newline at end of file
diff --git a/docs/docs/guides/integrate/actions/usage.md b/docs/docs/guides/integrate/actions/usage.md
index ba512ae549..e21fb4935d 100644
--- a/docs/docs/guides/integrate/actions/usage.md
+++ b/docs/docs/guides/integrate/actions/usage.md
@@ -371,7 +371,7 @@ The API documentation to create a target can be found [here](/apis/resources/act
 To ensure the integrity of request content, each call includes a 'ZITADEL-Signature' in the headers. This header contains an HMAC value computed from the request content and a timestamp, which can be used to time out requests. The logic for this process is provided in 'pkg/actions/signing.go'. The goal is to verify that the HMAC value in the header matches the HMAC value computed by the Target, ensuring that the sent and received requests are identical.
 
 Each Target resource now contains also a Signing Key, which gets generated and returned when a Target is [created](/apis/resources/action_service_v2/action-service-create-target),
-and can also be newly generated when a Target is [patched](/apis/resources/action_service_v2/action-service-patch-target).
+and can also be newly generated when a Target is [patched](/apis/resources/action_service_v2/action-service-update-target).
 
 For an example on how to check the signature, [refer to the example](/guides/integrate/actions/testing-request-signature).
 
diff --git a/docs/docs/guides/integrate/login-ui/device-auth.mdx b/docs/docs/guides/integrate/login-ui/device-auth.mdx
index f60fad1310..32984a17ff 100644
--- a/docs/docs/guides/integrate/login-ui/device-auth.mdx
+++ b/docs/docs/guides/integrate/login-ui/device-auth.mdx
@@ -102,7 +102,7 @@ Present the user with the information of the device authorization request and al
 ### Perform Login
 
 After you have initialized the OIDC flow you can implement the login.
-Implement all the steps you like the user the go trough by [creating](/docs/apis/resources/session_service_v2/session-service-create-session) and [updating](/docs/apis/resources/session_service/session-service-set-session) the user-session.
+Implement all the steps you like the user the go trough by [creating](/docs/apis/resources/session_service_v2/session-service-create-session) and [updating](/docs/apis/resources/session_service_v2/session-service-set-session) the user-session.
 
 Read the following resources for more information about the different checks:
 - [Username and Password](./username-password)
@@ -117,7 +117,7 @@ On the create and update user session request you will always get a session toke
 
 The latest session token has to be sent to the following request:
 
-Read more about the [Authorize or Deny Device Authorization Request Documentation](/docs/apis/resources/oidc_service_v2/oidc-service-authorize-device-authorization)
+Read more about the [Authorize or Deny Device Authorization Request Documentation](/docs/apis/resources/oidc_service_v2/oidc-service-authorize-or-deny-device-authorization)
 
 Make sure that the authorization header is from an account which is permitted to finalize the Auth Request through the `IAM_LOGIN_CLIENT` role.
 ```bash
diff --git a/docs/docs/guides/integrate/login-ui/oidc-standard.mdx b/docs/docs/guides/integrate/login-ui/oidc-standard.mdx
index c96338fbf0..92068e5116 100644
--- a/docs/docs/guides/integrate/login-ui/oidc-standard.mdx
+++ b/docs/docs/guides/integrate/login-ui/oidc-standard.mdx
@@ -80,7 +80,7 @@ Response Example:
 ### Perform Login
 
 After you have initialized the OIDC flow you can implement the login.
-Implement all the steps you like the user the go trough by [creating](/docs/apis/resources/session_service_v2/session-service-create-session) and [updating](/docs/apis/resources/session_service/session-service-set-session) the user-session.
+Implement all the steps you like the user the go trough by [creating](/docs/apis/resources/session_service_v2/session-service-create-session) and [updating](/docs/apis/resources/session_service_v2/session-service-set-session) the user-session.
 
 Read the following resources for more information about the different checks:
 - [Username and Password](./username-password)
diff --git a/docs/docs/guides/integrate/login-ui/saml-standard.mdx b/docs/docs/guides/integrate/login-ui/saml-standard.mdx
index 8114350d5d..5196f6c81a 100644
--- a/docs/docs/guides/integrate/login-ui/saml-standard.mdx
+++ b/docs/docs/guides/integrate/login-ui/saml-standard.mdx
@@ -77,7 +77,7 @@ Response Example:
 ### Perform Login
 
 After you have initialized the SAML flow you can implement the login.
-Implement all the steps you like the user to go trough by [creating](/docs/apis/resources/session_service_v2/session-service-create-session) and [updating](/docs/apis/resources/session_service/session-service-set-session) the user-session.
+Implement all the steps you like the user to go trough by [creating](/docs/apis/resources/session_service_v2/session-service-create-session) and [updating](/docs/apis/resources/session_service_v2/session-service-set-session) the user-session.
 
 Read the following resources for more information about the different checks:
 - [Username and Password](./username-password)
diff --git a/docs/docs/guides/integrate/login/login-users.mdx b/docs/docs/guides/integrate/login/login-users.mdx
index de1dacfe24..13439ac1db 100644
--- a/docs/docs/guides/integrate/login/login-users.mdx
+++ b/docs/docs/guides/integrate/login/login-users.mdx
@@ -25,7 +25,7 @@ The identity provider is not part of the original application, but a standalone
 The user will authenticate using their credentials.
 After successful authentication, the user will be redirected back to the original application.
 
-If you want to read more about authenticating with OIDC, head over to our comprehensive [OpenID Connect Guide](/docs/integrate/login/oidc).
+If you want to read more about authenticating with OIDC, head over to our comprehensive [OpenID Connect Guide](/docs/guides/integrate/login/oidc).
 
 ### Authenticate users with SAML
 
@@ -54,7 +54,7 @@ Note that SAML might not be suitable for mobile applications.
 In case you want to integrate a mobile application, use OpenID Connect or our Session API.
 
 There are more [differences between SAML and OIDC](https://zitadel.com/blog/saml-vs-oidc) that you might want to consider.
-If you want to read more about authenticating with SAML, head over to our comprehensive [SAML Guide](/docs/integrate/login/saml).
+If you want to read more about authenticating with SAML, head over to our comprehensive [SAML Guide](/docs/guides/integrate/login/saml).
 
 ## ZITADEL's Session API
 
diff --git a/docs/docs/guides/integrate/login/oidc/webkeys.md b/docs/docs/guides/integrate/login/oidc/webkeys.md
index a66cae61a9..62f62a90e0 100644
--- a/docs/docs/guides/integrate/login/oidc/webkeys.md
+++ b/docs/docs/guides/integrate/login/oidc/webkeys.md
@@ -85,7 +85,7 @@ The same counts for [zitadel/oidc](https://github.com/zitadel/oidc) Go library.
 
 ## Web Key management
 
-ZITADEL provides a resource based [web keys API](/docs/apis/resources/webkey_service_v3).
+ZITADEL provides a resource based [web keys API](/docs/apis/resources/webkey_service_v2).
 The API allows the creation, activation, deletion and listing of web keys.
 All public keys that are stored for an instance are served on the [JWKS endpoint](#json-web-key-set).
 Applications need public keys for token verification and not all applications are capable of on-demand
diff --git a/docs/docs/guides/manage/customize/branding.md b/docs/docs/guides/manage/customize/branding.md
index 14c18705f6..c5ec0a8838 100644
--- a/docs/docs/guides/manage/customize/branding.md
+++ b/docs/docs/guides/manage/customize/branding.md
@@ -46,7 +46,7 @@ If you like to trigger your settings for your applications you have different po
 Send a [reserved scope](/apis/openidoauth/scopes) with your [authorization request](../../integrate/login/oidc/login-users#auth-request) to trigger your organization.
 The primary domain scope will restrict the login to your organization, so only users of your own organization will be able to login.
 
-You can use our [OpenID Authentication Request Playground](/oidc-playground) to learn more about how to trigger an [organization's policies and branding](/oidc-playground#organization-policies-and-branding).
+You can use our [OpenID Authentication Request Playground](https://zitadel.com/playgrounds/oidc) to learn more about how to trigger an [organization's policies and branding](https://zitadel.com/playgrounds/oidc#organization-policies-and-branding).
 
 ### 2. Setting on your Project
 
diff --git a/docs/docs/product/_beta-ga.mdx b/docs/docs/product/_beta-ga.mdx
new file mode 100644
index 0000000000..229f94cdf5
--- /dev/null
+++ b/docs/docs/product/_beta-ga.mdx
@@ -0,0 +1 @@
+This describes the progression of features from a limited, pre-release testing phase (Beta) to their official, stable, and publicly available version (General Availability), ready for widespread use, with the specific transitions listed below.
\ No newline at end of file
diff --git a/docs/docs/product/_breaking-changes.mdx b/docs/docs/product/_breaking-changes.mdx
new file mode 100644
index 0000000000..dd903a0f2e
--- /dev/null
+++ b/docs/docs/product/_breaking-changes.mdx
@@ -0,0 +1 @@
+These are modifications to existing functionalities that may require users to alter their current implementation or usage to ensure continued compatibility; see the list below for specifics.
\ No newline at end of file
diff --git a/docs/docs/product/_deprecated.mdx b/docs/docs/product/_deprecated.mdx
new file mode 100644
index 0000000000..e5848d68f0
--- /dev/null
+++ b/docs/docs/product/_deprecated.mdx
@@ -0,0 +1 @@
+This announces that specific existing features are being phased out and are scheduled for future removal, often because they have become outdated or are being replaced by an improved alternative; please see the deprecated items listed below.
\ No newline at end of file
diff --git a/docs/docs/product/_new-feature.mdx b/docs/docs/product/_new-feature.mdx
new file mode 100644
index 0000000000..1877a1d690
--- /dev/null
+++ b/docs/docs/product/_new-feature.mdx
@@ -0,0 +1 @@
+These introduce brand-new functionalities or capabilities, expanding the product's offerings and value to users, as detailed below.
\ No newline at end of file
diff --git a/docs/docs/product/_sdk_v3.mdx b/docs/docs/product/_sdk_v3.mdx
new file mode 100644
index 0000000000..76040640a2
--- /dev/null
+++ b/docs/docs/product/_sdk_v3.mdx
@@ -0,0 +1,32 @@
+import NewFeature from './_new-feature.mdx';
+
+An initial version of our Software Development Kit (SDK) will be published.
+To better align our versioning with the [ZITADEL core](#zitadel-core), the SDK will be released as version 3.x.
+This strategic versioning will ensure a more consistent and intuitive development experience across our entire ecosystem.
+
+<details>
+    <summary>New Features</summary>
+
+    <NewFeature/>
+
+    <details>
+        <summary>Machine User Authentication Methods</summary>
+
+        This feature introduces robust and standardized authentication methods for your machine users, enabling secure automated access to your resources.
+
+        Choose from the following authentication methods:
+        - **Private Key JWT Authentication**: Enhance security by using asymmetric cryptography. A client with a registered public key can generate and sign a JSON Web Token (JWT) with its private key to authenticate.
+        - **Client Credentials Grant**: A simple and direct method for machine-to-machine authentication where the client confidentially provides its credentials to the authorization server in exchange for an access token.
+        - **Personal Access Tokens (PATs)**: Ideal for individual developers or specific scripts, PATs offer a convenient way to create long-lived, revocable tokens with specific scopes, acting as a substitute for a password.
+
+    </details>
+
+    <details>
+        <summary>Zitadel APIs Wrapper</summary>
+
+        This SDK provides a convenient client for interacting with the ZITADEL APIs, simplifying how you manage resources within your instance.
+
+        Currently, the client is tailored for machine-to-machine communication, enabling machine users to authenticate and manage ZITADEL resources programmatically.
+        Please note that this initial version is focused on API calls for automated tasks and does not yet include support for human user authentication flows like OAuth or OIDC.
+    </details>
+</details>
diff --git a/docs/docs/product/release-cycle.mdx b/docs/docs/product/release-cycle.mdx
new file mode 100644
index 0000000000..f38c81a36d
--- /dev/null
+++ b/docs/docs/product/release-cycle.mdx
@@ -0,0 +1,63 @@
+---
+title: Release Cycle
+sidebar_label: Release Cycle
+---
+
+We release a new major version of our software every three months. This predictable schedule allows us to introduce significant features and enhancements in a structured way.
+
+This cadence provides enough time for thorough development and rigorous testing. Before each stable release, we engage with our community and customers to test and stabilize the new version. This ensures high quality and reliability. For our customers, this approach creates a clear and manageable upgrade path.
+
+While major changes are reserved for these three-month releases, we address urgent needs by backporting smaller updates, such as critical bug and security fixes, to earlier versions. This allows us to provide essential updates without altering the predictable rhythm of our major release cycle.
+
+
+![Release Cycle](/img/product/release-cycle.png)
+
+## Preparation
+
+The first quarter of our cycle is for Preparation and Planning, where we create the blueprint for the upcoming major release.
+During this time, we define the core architecture, map out the implementation strategy, and finalize the design for the new features.
+
+
+## Implementation
+
+The second month is the Implementation and Development Phase, where our engineers build the features defined in the planning stage.
+
+During this period, we focus on writing the code for the new enhancements.
+We also integrate accepted contributions from our community and create the necessary documentation alongside the development work.
+This phase concludes when the new version is feature-complete and ready to enter the testing phase.
+
+## Release Candidate (RC)
+
+The first month of the third quarter is for the Release Candidate (RC) and Stabilization Phase.
+At the beginning of this month, we publish a Release Candidate version.
+This is a feature-complete version that we believe is ready for public release, made available to our customers and community for widespread testing.
+
+This phase is critical for ensuring the quality of the final release. We have two main objectives:
+- **Community Feedback and Bug Fixing**: This is when we rely on your feedback. By testing the RC in your own environments, you help us find and fix bugs and other issues we may have missed. Your active participation is crucial for stabilizing the new version.
+- **Enhanced Internal Testing**: While the community provides feedback, our internal teams conduct enhanced quality assurance. This includes in-depth feature validation, rigorous testing of upgrade paths from previous versions, and comprehensive performance and benchmark testing.
+
+The goal of this phase is to use both community feedback and internal testing to ensure the new release is robust, bug-free, and performs well, so our customers can upgrade with confidence.
+
+## General Availability (GA) / Stable
+
+Following the month-long Release Candidate and Stabilization phase, we publish the official General Availability (GA) / Stable Release.
+This is the final, production-ready version of our software that has been thoroughly tested by both our internal teams and the community.
+
+This release is available to everyone, and we recommend that customers begin reviewing the official upgrade path for their production environments.
+The deployment of this new major version to our cloud services also happens at this time.
+
+**Ongoing Maintenance: Minor and Patch Releases**
+Once a major version becomes stable, we provide ongoing support through back-porting. This means we carefully select and apply critical updates from our main development track to the stable release, ensuring it remains secure and reliable. These updates are delivered in two ways:
+
+- Minor Releases: These include simple features and enhancements from the next release cycle that are safe to add, requiring no major refactoring or large database migrations.
+- Patch Releases: These are focused exclusively on high-priority bug and security fixes to address critical issues promptly.
+
+This process ensures that you can benefit from the stability of a major release while still receiving important updates and fixes in a timely manner.
+
+## Deprecated
+
+Each major version is actively supported for a full release cycle after its launch. This means that approximately six months after its initial stable release, a version enters its deprecation period.
+
+Once a version is deprecated, we strongly encourage all self-hosted customers to upgrade to a newer version as soon as possible to continue receiving the latest features, improvements, and bug fixes.
+
+For our enterprise customers, we may offer extended support by providing critical security fixes for a deprecated version beyond the standard six-month lifecycle. This extended support is evaluated on a case-by-case basis to ensure a secure and manageable transition for large-scale deployments.
\ No newline at end of file
diff --git a/docs/docs/product/roadmap.mdx b/docs/docs/product/roadmap.mdx
new file mode 100644
index 0000000000..b83efedb10
--- /dev/null
+++ b/docs/docs/product/roadmap.mdx
@@ -0,0 +1,714 @@
+---
+title: Zitadel Release Versions and Roadmap
+sidebar_label: Release Versions and Roadmap
+---
+
+
+import NewFeature from './_new-feature.mdx';
+import BreakingChanges from './_breaking-changes.mdx';
+import Deprecated from './_deprecated.mdx';
+import BetaToGA from './_beta-ga.mdx';
+import SDKv3 from './_sdk_v3.mdx';
+
+
+## Timeline and Overview
+
+<table id="zitadel-versions">
+    <thead>
+        <tr id="zitadel-versions-year">
+            <th scope="col"></th>
+            <th scope="col" colSpan={12}>2025</th>
+            <th scope="col" colSpan={12}>2026</th>
+        </tr>
+        <tr>
+            <th scope="col"></th>
+            <th scope="col" colSpan={3}>Q1</th>
+            <th scope="col" colSpan={3}>Q2</th>
+            <th scope="col" colSpan={3}>Q3</th>
+            <th scope="col" colSpan={3}>Q4</th>
+            <th scope="col" colSpan={3}>Q1</th>
+            <th scope="col" colSpan={3}>Q2</th>
+            <th scope="col" colSpan={3}>Q3</th>
+            <th scope="col" colSpan={3}>Q4</th>
+        </tr>
+        <tr>
+            <th scope="col"></th>
+            <th scope="col">Jan</th>
+            <th scope="col">Feb</th>
+            <th scope="col">Mar</th>
+            <th scope="col">Apr</th>
+            <th scope="col">May</th>
+            <th scope="col">Jun</th>
+            <th scope="col">Jul</th>
+            <th scope="col">Aug</th>
+            <th scope="col">Sep</th>
+            <th scope="col">Oct</th>
+            <th scope="col">Nov</th>
+            <th scope="col">Dec</th>
+            <th scope="col">Jan</th>
+            <th scope="col">Feb</th>
+            <th scope="col">Mar</th>
+            <th scope="col">Apr</th>
+            <th scope="col">May</th>
+            <th scope="col">Jun</th>
+            <th scope="col">Jul</th>
+            <th scope="col">Aug</th>
+            <th scope="col">Sep</th>
+            <th scope="col">Oct</th>
+            <th scope="col">Nov</th>
+            <th scope="col">Dec</th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td colspan={25}>Zitadel Versions</td>
+        </tr>
+        <tr>
+            <th scope="row">[v2.x](/docs/product/roadmap#v2x)</th>
+            <td colspan={6} class="release-stable">GA / Stable </td>
+            <td colSpan={3} class="release-deprecated">Deprecated</td>
+            <td colSpan={16}></td>
+        </tr>
+        <tr>
+            <th scope="row">[v3.x](/docs/product/roadmap#v3x)</th>
+            <td colspan={3} class="release-impl">Implementation</td>
+            <td class="release-rc">RC</td>
+            <td colspan={5} class="release-stable">GA / Stable </td>
+            <td colSpan={3} class="release-deprecated">Deprecated</td>
+            <td colSpan={12}></td>
+        </tr>
+        <tr>
+            <th scope="row">[v4.x](/docs/product/roadmap#v4x)</th>
+            <td colSpan={3}></td>
+            <td colSpan={3} class="release-impl">Implementation</td>
+            <td class="release-rc">RC</td>
+            <td colspan={5} class="release-stable">GA / Stable </td>
+            <td colSpan={3} class="release-deprecated">Deprecated</td>
+            <td colSpan={9}></td>
+        </tr>
+        <tr>
+            <th scope="row">[v5.x](/docs/product/roadmap#v5x)</th><td colSpan={3}></td>
+            <td colSpan={3}></td>
+            <td colSpan={3} class="release-impl">Implementation</td>
+            <td class="release-rc">RC</td>
+            <td colspan={5} class="release-stable">GA / Stable </td>
+            <td colSpan={3} class="release-deprecated">Deprecated</td>
+            <td colSpan={6}></td>
+        </tr>
+    </tbody>
+</table>
+
+For more detailed description about the different stages and the release cycle check out the following Page: [Release Cycle](/docs/product/release-cycle)
+
+
+
+
+<table id="zitadel-versions">
+    <thead>
+    <tr>
+        <th scope="col">25-Q1</th>
+        <th scope="col">25-Q2</th>
+        <th scope="col">25-Q3</th>
+        <th scope="col">25-Q4</th>
+    </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td colspan={4}>Zitadel Core</td>
+        </tr>
+        <tr>
+            <td scope="row">
+                [v2.x](/docs/product/roadmap#v2x)
+            </td>
+            <td scope="row">
+                [v3.x](/docs/product/roadmap#v3x)
+                <ul>
+                    <li>
+                        Actions V2
+                    </li>
+                    <li>
+                        Removed CockroachDB Support
+                    </li>
+                    <li>
+                        License Change
+                    </li>
+                    <li>
+                        Login v2
+                        <ul>
+                            <li>
+                                Initial Release
+                            </li>
+                            <li>
+                                All standard authentication methods
+                            </li>
+                            <li>
+                                OIDC & SAML
+                            </li>
+                        </ul>
+                    </li>
+                </ul>
+            </td>
+            <td scope="row">
+                [v4.x](/docs/product/roadmap#v4x)
+                <ul>
+                    <li>Resource API</li>
+                    <li>
+                        Login v2 as default
+
+                        <ul>
+                            <li>
+                                Device Authorization Flow
+                            </li>
+                            <li>
+                                LDAP IDP
+                            </li>
+                            <li>
+                                JWT IDP
+                            </li>
+                            <li>
+                                Custom Login UI Texts
+                            </li>
+                        </ul>
+                    </li>
+                </ul>
+
+            </td>
+            <td scope="row">
+                [v5.x](/docs/product/roadmap#v5x)
+                <ul>
+                    <li>Analytics</li>
+                    <li>User Groups</li>
+                    <li>User Uniqueness on Instance Level</li>
+                    <li>Remove Required Fields from User</li>
+                </ul>
+            </td>
+        </tr>
+        <tr>
+            <td colspan={4}>Zitadel SDKs</td>
+        </tr>
+        <tr>
+            <td scope="row">
+
+            </td>
+            <td scope="row">
+
+            </td>
+            <td scope="row">
+                <ul>
+                    <li>
+                        [Initial Version of PHP SDK](/docs/product/roadmap#v3x-1)
+                    </li>
+                    <li>
+                        [Initial Version of Java SDK](/docs/product/roadmap#v3x-2)
+                    </li>
+                    <li>
+                        [Initial Version of Ruby SDK](/docs/product/roadmap#v3x-3)
+                    </li>
+                    <li>
+                        [Initial Version of Python SDK](/docs/product/roadmap#v3x-4)
+                    </li>
+                </ul>
+            </td>
+            <td scope="row">
+            </td>
+        </tr>
+    </tbody>
+</table>
+
+## Zitadel Core
+
+Check out all [Zitadel Release Versions](https://github.com/zitadel/zitadel/releases)
+
+### v2.x
+
+**Current State**: General Availability / Stable
+
+**Release**: [v2.x](https://github.com/zitadel/zitadel/releases?q=v2.&expanded=true)
+
+In Zitadel versions 2.x and earlier, new releases were deployed with a minimum frequency of every two weeks.
+This practice resulted in a significant number of individual versions.
+To review the features and bug fixes for these releases, please consult the linked release information provided above.
+
+### v3.x
+
+ZITADEL v3 is here, bringing key changes designed to empower your identity management experience.
+This release transitions our licensing to AGPLv3, reinforcing our commitment to open and collaborative development.
+We've streamlined our database support by removing CockroachDB.
+Excitingly, v3 introduces the foundational elements for Actions V2, opening up a world of possibilities for tailoring and extending ZITADEL to perfectly fit your unique use cases.
+
+**Current State**: General Availability / Stable
+
+**Release**: [v3.x](https://github.com/zitadel/zitadel/releases?q=v3.&expanded=true)
+
+**Blog**: [Zitadel v3: AGPL License, Streamlined Releases, and Platform Updates](https://zitadel.com/blog/zitadel-v3-announcement)
+
+
+<details>
+    <summary>New Features</summary>
+
+    <NewFeature/>
+
+    <details>
+        <summary>Actions V2</summary>
+
+        Zitadel Actions V2 empowers you to customize Zitadel's workflows by executing your own logic at specific points. You define external Endpoints containing your code and configure Targets and Executions within Zitadel to trigger them based on various conditions and events.
+
+        Why we built it: To provide greater flexibility and control, allowing you to implement custom business rules, automate tasks, enrich user data, control access, and integrate with other systems seamlessly. Actions V2 enables you to tailor Zitadel precisely to your unique needs.
+
+        Read more in our [documentation](https://zitadel.com/docs/concepts/features/actions_v2)
+    </details>
+
+    <details>
+        <summary>License Change Apache 2.0 to AGPL3</summary>
+
+        Zitadel is switching to the AGPL 3.0 license to ensure the project's sustainability and encourage community contributions from commercial users, while keeping the core free and open source.
+
+        Read more about our [decision](https://zitadel.com/blog/apache-to-agpl)
+    </details>
+</details>
+
+<details>
+    <summary>Breaking Changes</summary>
+
+    <BreakingChanges/>
+
+    <details>
+        <summary>CockroachDB Support removed</summary>
+
+        After careful consideration, we have made the decision to discontinue support for CockroachDB in Zitadel v3 and beyond.
+        While CockroachDB is an excellent distributed SQL database, supporting multiple database backends has increased our maintenance burden and complicated our testing matrix.
+        Check out our [migration guide](https://zitadel.com/docs/self-hosting/manage/cli/mirror) to migrate from CockroachDB to PostgreSQL.
+
+        More details can be found [here](https://github.com/zitadel/zitadel/issues/9414)
+    </details>
+
+    <details>
+        <summary>Actions API v3 alpha removed</summary>
+
+        With the current release we have published the Actions V2 API as a beta version, and got rid of the previously published alpha API.
+        Check out the [new API](http://localhost:3000/docs/apis/resources/action_service_v2)
+
+    </details>
+</details>
+
+### v4.x
+
+**Current State**: Implementation
+
+
+<details>
+    <summary>New Features</summary>
+
+    <NewFeature/>
+
+    <details>
+        <summary>Resource API (v2)</summary>
+
+        We are revamping our APIs to improve the developer experience.
+        Currently, our use-case-based APIs are complex and inconsistent, causing confusion and slowing down integration.
+        To fix this, we're shifting to a resource-based approach.
+        This means developers will use consistent endpoints (e.g., /users) to manage resources, regardless of their own role.
+        This change, along with standardized naming and improved documentation, will simplify integration, accelerate development, and create a more intuitive experience for our customers and community.
+
+        Resources integrated in this release:
+        - Instances
+        - Organizations
+        - Projects
+        - Users
+
+        For more details read the [Github Issue](https://github.com/zitadel/zitadel/issues/6305)
+    </details>
+
+    <details>
+        <summary>Login V2</summary>
+
+        Our new login UI has been enhanced with additional features, bringing it to feature parity with Version 1.
+
+        <details>
+            <summary>Device Authorization Flow</summary>
+
+            The Device Authorization Grant is an OAuth 2.0 flow designed for devices that have limited input capabilities (like smart TVs, gaming consoles, or IoT devices) or lack a browser.
+
+            Read our docs about how to integrate your application using the [Device Authorization Flow](https://zitadel.com/docs/guides/integrate/login/oidc/device-authorization)
+        </details>
+
+        <details>
+            <summary>LDAP IDP</summary>
+
+            This feature enables users to log in using their existing LDAP (Lightweight Directory Access Protocol) credentials.
+            It integrates your system with an LDAP directory, allowing it to act as an Identity Provider (IdP) solely for authentication purposes.
+            This means users can securely access the service with their familiar LDAP username and password, streamlining the login process.
+        </details>
+
+        <details>
+            <summary>JWT IDP</summary>
+
+            This "JSON Web Token Identity Provider (JWT IdP)" feature allows you to use an existing JSON Web Token (JWT) from another system (like a Web Application Firewall managing a session) as a federated identity for authentication in new applications managed by ZITADEL.
+
+            Essentially, it enables session reuse by letting ZITADEL trust and validate a JWT issued by an external source. This allows users already authenticated in an existing system to seamlessly access new applications without re-logging in.
+
+            Read more in our docs about how to login users with [JWT IDP](https://zitadel.com/docs/guides/integrate/identity-providers/jwt_idp)
+        </details>
+
+        <details>
+            <summary>Custom Login UI Texts</summary>
+
+            This feature provides customers with the flexibility to personalize the user experience by customizing various text elements across different screens of the login UI. Administrators can modify default messages, labels, and instructions to align with their branding, provide specific guidance, or cater to unique regional or organizational needs, ensuring a more tailored and intuitive authentication process for their users.
+        </details>
+    </details>
+</details>
+
+
+<details>
+    <summary>General Availability</summary>
+
+    <BetaToGA/>
+
+    <details>
+        <summary>Hosted Login v2</summary>
+
+        We're officially moving our new Login UI v2 from beta to General Availability.
+        Starting now, it will be the default login experience for all new customers.
+        With this release, 8.0we are also focused on implementing previously missing features, such as device authorization and LDAP IDP support, to make the new UI fully feature-complete.
+
+        - [Hosted Login V2](http://localhost:3000/docs/guides/integrate/login/hosted-login#hosted-login-version-2-beta)
+    </details>
+
+    <details>
+        <summary>Web Keys</summary>
+
+        Web Keys in ZITADEL are used to sign and verify JSON Web Tokens (JWT).
+        ID tokens are created, signed and returned by ZITADEL when a OpenID connect (OIDC) or OAuth2 authorization flow completes and a user is authenticated.
+        Based on customer and community feedback, we've updated our key management system. You now have full manual control over key generation and rotation, instead of the previous automatic process.
+
+        Read the full description about Web Keys in our [Documentation](https://zitadel.com/docs/guides/integrate/login/oidc/webkeys).
+    </details>
+
+    <details>
+        <summary>SCIM 2.0 Server - User Resource</summary>
+
+        The Zitadel SCIM v2 service provider interface enables seamless integration of identity and access management (IAM) systems with Zitadel, following the System for Cross-domain Identity Management (SCIM) v2.0 specification.
+        This interface allows standardized management of IAM resources, making it easier to automate user provisioning and deprovisioning.
+
+        - [SCIM 2.0 API](https://zitadel.com/docs/apis/scim2)
+        - [Manage Users Guide](https://zitadel.com/docs/guides/manage/user/scim2)
+    </details>
+
+
+    <details>
+        <summary>Token Exchange (Impersonation)</summary>
+
+        The Token Exchange grant implements [RFC 8693, OAuth 2.0 Token Exchange](https://www.rfc-editor.org/rfc/rfc8693) and can be used to exchange tokens to a different scope, audience or subject.
+        Changing the subject of an authenticated token is called impersonation or delegation.
+        Read more in our [Impersonation and delegation using Token Exchange](https://zitadel.com/docs/guides/integrate/token-exchange) Guide
+    </details>
+
+    <details>
+        <summary>Caches</summary>
+
+        ZITADEL supports the use of a caches to speed up the lookup of frequently needed objects.
+        As opposed to HTTP caches which might reside between ZITADEL and end-user applications, the cache build into ZITADEL uses active invalidation when an object gets updated.
+        Another difference is that HTTP caches only cache the result of a complete request and the built-in cache stores objects needed for the internal business logic.
+        For example, each request made to ZITADEL needs to retrieve and set instance information in middleware.
+
+        Read more about Zitadel Caches [here](https://zitadel.com/docs/self-hosting/manage/cache)
+    </details>
+</details>
+
+### v5.x
+
+**Current State**: Planning
+
+<details>
+    <summary>New Features</summary>
+
+    <NewFeature/>
+
+    <details>
+        <summary>Analytics</summary>
+
+        We provide comprehensive and insightful analytics capabilities that empower you with the information needed to understand platform usage, monitor system health, and make data-driven decisions.
+
+        <details>
+            <summary>Daily Active Users (DAU) & Monthly Active Users (MAU)</summary>
+
+            Administrators need to track user activity to understand platform usage and identify trends.
+            This feature provides basic metrics for daily and monthly active users, allowing for filtering by date range and scope (instance-wide or within a specific organization).
+            The metrics should ensure that each user is counted only once per day or month, respectively, regardless of how many actions they performed.
+            This minimal feature serves as a foundation for future expansion into more detailed analytics.
+
+            For more details track our [github issue](https://github.com/zitadel/zitadel/issues/7506).
+        </details>
+
+        <details>
+            <summary>Resource Count Metrics</summary>
+
+            To effectively manage a Zitadel instance, administrators need to understand resource utilization.
+            This feature provides metrics for resource counts, including organizations, users (with filtering options), projects, applications, and authorizations.
+            For users, we will offer filters to retrieve the total count, counts per organization, and counts by user type (human or machine).
+            These metrics will provide administrators with valuable insights into the scale and complexity of their Zitadel instance.
+
+
+            For more details track our [github issue](https://github.com/zitadel/zitadel/issues/9709).
+        </details>
+
+        <details>
+            <summary>Operational Metrics</summary>
+
+            To empower customers to better manage and optimize their Zitadel instances, we will provide access to detailed operational metrics.
+            This data will help customers identify potential issues, optimize performance, and ensure the stability of their deployments.
+            The provided data will encompass basic system information, infrastructure details, configuration settings, error reports, and the health status of various Zitadel components, accessible via a user interface or an API.
+
+
+            For more details track our [github issue](https://github.com/zitadel/zitadel/issues/9476).
+
+        </details>
+    </details>
+
+    <details>
+        <summary>User Groups</summary>
+
+        Administrators will be able to define groups within an organization and assign users to these groups.
+        More details about the feature can be found [here](https://github.com/zitadel/zitadel/issues/9702)
+    </details>
+
+    <details>
+        <summary>User Uniqueness on Organization Level</summary>
+
+        Administrators will be able to define weather users should be unique across the instance or within an organization.
+        This allows managing users independently and avoids conflicts due to shared user identifiers.
+        Example: The user with the username user@gmail.com can be created in the Organization "Customer A" and "Customer B" if uniqueness is defined on the organization level.
+
+        Stay updated on the progress and details on our [GitHub Issue](https://github.com/zitadel/zitadel/issues/9535)
+    </details>
+
+
+    <details>
+        <summary>Remove Required Fields</summary>
+
+        Currently, the user creation process requires several fields, such as email, first name, and last name, which can be restrictive in certain scenarios. This feature allows administrators to create users with only a username, making other fields optional.
+        This provides flexibility for systems that don't require complete user profiles upon initial creation for example simplified onboarding flows.
+
+        For more details check out our [GitHub Issue](https://github.com/zitadel/zitadel/issues/4386)
+    </details>
+</details>
+
+<details>
+    <summary>Feature Deprecation</summary>
+
+    <Deprecated/>
+
+    <details>
+        <summary>Actions V1</summary>
+    </details>
+</details>
+
+<details>
+    <summary>Breaking Changes</summary>
+
+    <BreakingChanges/>
+
+    <details>
+        <summary>Hosted Login v1 will be removed</summary>
+    </details>
+
+
+    <details>
+        <summary>Zitadel APIs v1 will be removed</summary>
+    </details>
+</details>
+
+
+### v6.x
+
+<details>
+    <summary>New Features</summary>
+
+    <NewFeature/>
+
+    <details>
+        <summary>Basic Threat Detection Framework</summary>
+
+        This initial version of our Threat Detection Framework is designed to enhance the security of your account by identifying and challenging potentially anomalous user behavior.
+        When the system detects unusual activity, it will present a challenge, such as a reCAPTCHA, to verify that the user is legitimate and not a bot or malicious actor.
+        Security administrators will also have the ability to revoke user sessions based on the output of the threat detection model, providing a crucial tool to mitigate potential security risks in real-time.
+
+        We are beginning with a straightforward reCAPTCHA-style challenge to build and refine the core framework.
+        This foundational step will allow us to gather insights into how the system performs and how it can be improved.
+        Future iterations will build upon this groundwork to incorporate more sophisticated detection methods and a wider range of challenge and response mechanisms, ensuring an increasingly robust and intelligent security posture for all users.
+
+        More details can be found in the (GitHub Issue](https://github.com/zitadel/zitadel/issues/9707)
+    </details>
+
+    <details>
+        <summary>SCIM Outbound</summary>
+
+        Automate user provisioning to your external applications with our new SCIM Client.
+        This feature ensures users are automatically created in downstream systems before their first SSO login, preventing access issues and streamlining onboarding.
+
+        It also synchronizes user lifecycle events, so changes like deactivations or deletions are instantly reflected across all connected applications for consistent and secure access management.
+        The initial release will focus on provisioning the user resource.
+
+        More details can be found in the (GitHub Issue](https://github.com/zitadel/zitadel/issues/6601)
+    </details>
+
+    <details>
+        <summary>Analytics</summary>
+
+        We provide comprehensive and insightful analytics capabilities that empower you with the information needed to understand platform usage, monitor system health, and make data-driven decisions.
+
+        <details>
+            <summary>Login Insights: Successful and Failed Login Metrics</summary>
+
+            To enhance security monitoring and gain insights into user authentication patterns, administrators need access to login metrics.
+            This feature provides data on successful and failed login attempts, allowing for filtering by time range and level (overall instance, within a specific organization, or for a particular application).
+            This will enable administrators to detect suspicious login activity, analyze authentication trends, and proactively address potential security concerns.
+
+            For more details track our [GitHub issue](https://github.com/zitadel/zitadel/issues/9711).
+        </details>
+    </details>
+
+    <details>
+        <summary>Impersonation: External Token Exchange</summary>
+
+        This feature expands our existing impersonation capabilities to support seamless and secure integration with external, third-party applications.
+        Currently, our platform supports impersonation for internal use cases, allowing administrators or support staff to obtain a temporary token for an end-user to troubleshoot issues or provide assistance within applications that already use ZITADEL for authentication. (You can find more details in our [existing documentation](/docs/guides/integrate/token-exchange)).
+
+        The next evolution of this feature will focus on external applications.
+        This enables scenarios where a user, already authenticated in a third-party system (like their primary e-banking portal), can seamlessly access a connected application that is secured by ZITADEL without needing to log in again.
+
+        For example, a user in their e-banking app could click to open an integrated "Budget Planning" tool that relies on ZITADEL for access.
+        Using a secure token exchange, the budget app will grant the user a valid session on their behalf, creating a smooth, uninterrupted user experience while maintaining a high level of security.
+        This enhancement bridges the authentication gap between external platforms and ZITADEL-powered applications.
+    </details>
+</details>
+
+### Future Vision / Upcoming Features
+
+#### Fine Grained Authorization
+
+We're planning the future of Zitadel and fine-grained authorization is high on our list.
+While Zitadel already offers strong role-based access (RBAC), we know many of you need more granular control.
+
+**What is Fine-Grained Authorization?**
+
+It's about moving beyond broad roles to define precise access based on:
+
+- Attributes (ABAC): User details (department, location), resource characteristics (sensitivity), or context (time of day).
+- Relationships (ReBAC): Connections between users and resources (e.g., "owner" of a document, "manager" of a team).
+- Policies (PBAC): Explicit rules combining attributes and relationships.
+
+**Why Explore This?**
+
+Fine-grained authorization can offer:
+- Tighter Security: Minimize access to only what's essential.
+- Greater Flexibility: Adapt to complex and dynamic business rules.
+- Easier Compliance: Meet strict regulatory demands.
+- Scalable Permissions: Manage access effectively as you grow.
+
+**We Need Your Input!** 🗣️
+
+As we explore the best way to bring this to Zitadel, tell us:
+- Your Use Cases: Where do you need more detailed access control than standard roles provide?
+- Preferred Models: Are you thinking attribute-based, relationship-based, or something else?
+- Integration Preferences:
+    - A fully integrated solution within Zitadel?
+    - Or integration with existing authorization vendors (e.g. openFGA, cerbos, etc.)?
+
+Your feedback is crucial for shaping our roadmap.
+
+🔗 Share your thoughts and needs in our [discussion forum](https://discord.com/channels/927474939156643850/1368861057669533736)
+
+#### Threat Detection
+
+We're taking the next step in securing your applications by exploring a new Threat Detection framework for Zitadel.
+Our goal is to proactively identify and stop malicious activity in real-time.
+
+**Our First Step: A Modern reCAPTCHA Alternative**
+We will begin by building a system to detect and mitigate malicious bots, serving as a smart, privacy-focused alternative to CAPTCHA.
+This initial use case will help us combat credential stuffing, spam registrations, and other automated attacks, forming the foundation of our larger framework.
+
+**How We Envision It**
+
+Our exploration is focused on creating an intelligent system that:
+- **Analyzes Signals**: Gathers data points like IP reputation, device characteristics, and user behavior to spot suspicious activity.
+- **Uses AI/**: Trains models to distinguish between legitimate users and bots, reducing friction for real users.
+- **Mitigates Threats**: Enables flexible responses when a threat is detected, such as blocking the attempt, requiring MFA, or sending an alert.
+
+**Help Us Shape the Future** 🤝
+
+As we design this framework, we need to know:
+- What are your biggest security threats today?
+- What kind of automated responses (e.g., block, notification) would be most useful for you?
+- What are your key privacy or compliance concerns regarding threat detection?
+
+Your feedback will directly influence our development and ensure we build a solution that truly meets your needs.
+
+🔗 Join the conversation and share your insights [here](https://discord.com/channels/927474939156643850/1375383775164235806)
+
+
+#### The Role of AI in Zitadel
+
+As we look to the future, we believe Artificial Intelligence will be a critical tool for enhancing both user experience and security within Zitadel.
+Our vision for AI is focused on two key areas: providing intelligent, contextual assistance and building a collective defense against emerging threats.
+
+1. **AI-Powered Support**
+
+    We want you to get fast, accurate answers to your questions without ever having to leave your workflow.
+    To achieve this, we are integrating an AI-powered support assistant trained on our knowledge base, including our documentation, tutorials, and community discussions.
+
+    Our rollout is planned in phases to ensure we deliver a helpful experience:
+    - **Phase 1 (Happening Now)**: We are currently testing a preliminary version of our AI bot within our [community channels](https://discord.com/channels/927474939156643850/1357076488825995477). This allows us to gather real-world questions and answers, refining the AI's accuracy and helpfulness based on direct feedback.
+    - **Phase 2 (Next Steps)**: Once we are confident in its capabilities, we will integrate this AI assistant directly into our documentation. You'll be able to ask complex questions and get immediate, well-sourced answers.
+    - **Phase 3 (The Ultimate Goal)**: The final step is to embed the assistant directly into the Zitadel Console/Customer Portal. Imagine getting help based on the exact context of what you're doing—whether you're configuring an action, setting up a new organization, or integrating social login.
+
+2. **Decentralized AI for Threat Detection**
+
+    Security threats are constantly evolving.
+    A threat vector that targets one customer today might target another tomorrow.
+    We believe in the power of collective intelligence to provide proactive security for everyone.
+
+    This leads to our second major AI initiative: **decentralized model training** for our Threat Detection framework.
+
+    Here’s how it would work:
+    - **Collective Data, Anonymously**: Customers across our cloud and self-hosted environments experience different user behaviors and threat vectors. We plan to offer an opt-in system where anonymized, non-sensitive data (like behavioral patterns and threat signals) can be collected from participating instances.
+    - **Centralized Training**: This collective, anonymized data will be used to train powerful, next-generation AI security models. With a much larger and more diverse dataset, these models can learn to identify subtle and emerging threats far more effectively than a model trained on a single instance's data.
+    - **Shared Protection**: These constantly improving models would then be distributed to all participating Zitadel instances.
+
+    The result is a powerful security network effect. You could receive protection from a threat vector you haven't even experienced yet, simply because the system learned from an attack on another member of the community.
+
+
+
+## Zitadel Ecosystem
+
+### PHP SDK
+
+GitHub Repository: [PHP SDK](https://github.com/zitadel/client-php)
+
+#### v3.x
+
+<SDKv3/>
+
+### Java SDK
+
+GitHub Repository: [Java SDK](https://github.com/zitadel/client-java)
+
+#### v3.x
+
+<SDKv3/>
+
+### Ruby SDK
+
+GitHub Repository: [Ruby SDK](https://github.com/zitadel/client-ruby)
+
+#### v3.x
+
+<SDKv3/>
+
+### Python SDK
+
+GitHub Repository: [Python SDK](https://github.com/zitadel/client-python)
+
+#### v3.x
+
+<SDKv3/>
diff --git a/docs/sidebars.js b/docs/sidebars.js
index f9b97703e5..1bd53ed1b3 100644
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -183,7 +183,6 @@ module.exports = {
           items: [
             "guides/manage/user/reg-create-user",
             "guides/manage/customize/user-metadata",
-            "guides/manage/customize/user-schema",
             "guides/manage/user/scim2",
           ],
         },
@@ -611,6 +610,20 @@ module.exports = {
         },
       ],
     },
+    {
+      type: "category",
+      label: "Product Information",
+      collapsed: true,
+      items: [
+        "product/roadmap",
+        "product/release-cycle",
+        {
+          type: "link",
+          label: "Changelog",
+          href: "https://zitadel.com/changelog",
+        },
+      ],
+    },
     {
       type: "category",
       label: "Support",
diff --git a/docs/src/css/custom.css b/docs/src/css/custom.css
index 50035f2541..11d4208695 100644
--- a/docs/src/css/custom.css
+++ b/docs/src/css/custom.css
@@ -641,3 +641,7 @@ p strong {
 .zitadel-lifecycle-deprecated {
   text-decoration: line-through;
 }
+
+table#zitadel-versions td {
+  vertical-align: top;
+}
\ No newline at end of file
diff --git a/docs/static/img/product/release-cycle.png b/docs/static/img/product/release-cycle.png
new file mode 100644
index 0000000000000000000000000000000000000000..7017566ab7087d14af651d9e94f4b99caecac804
GIT binary patch
literal 102080
zcmeFZbySqw8#WB%AOk2Jf^;*al!Bxn9Rth&LmGr2B_Z7+M?xB;M{*cSK|mTskWi6Q
zK}rGXkPd-w&pF5VzHj}`|L<BaYauwy%=7HM@4W8ong<9y^|Pc*qyz*6XEilc4G9QN
z;|K^KiLle)5u8^PKlnlDVW@tEpyD0#0{Bm=t*NG+t}X!_{0<|45;74G;hzG&6$sD&
z`dy8XpWxKrk3$FuA{_{z|2{_#{KS97gKzw6{`m<_yiY(3{znbI?_mi4eI@ui2J-Wj
zr*W85KYxcLg69z^8>wh&f}ch=-ED1MJZ`yqI*rr2f(J<4G|(Od1oS-kZ$eE&?sagj
zj}AyvPg7kT*_*D;BG+wPZ`g|XIJ@EBhd|Cp7X0dL>v^5s$JxonL)J&0^Y3TKg5U8E
zi*mC6{S?pJ@|>o+2zC`$cUyL85it=lP6bkSc6K>;8#`G;RkeR#4*n<4dCSw&O;%LY
z+uK{jTSCOu-Cp#9jEsz^n7F98xG;Ezu!paU=XD=p7Z0v~-sI=|sM>nmba!y`bZ~WH
z$G`9O8?IiS@|>Lb3;p`~=RR$H9DZNP#pB;)fdz`<{~~%pL`?M8dxMwC;UASnIQZB)
zp;aB6!JdI@C`e0PlKcDl|G&TdzTzLRH2wX`3m3(t|9t5mfBOHv6y;&-uHxzpuIZ`p
z`@H^r@t=SE_l0tz_@)1`760t>-;aWgRv?uV{dH&xq-uPa2yl+f4yyV{@Do@Z{)-TA
z9Kd|>Kk?tqr?^6moe2n(2sBldkv@dW<3s_;>a3mL6}L+VIXlM7H5~4M<N7!yLb8hg
zVzr1K<RpqpE;ST=pXuwbd8(VYF*ESv#N<TrYrEY*^_J@MBXim5=bnBI+Ng6=As~cO
zD*exY+TKDgz;I(idR{R05CX{m{O3M_GMy;&zut*}Fb+nE^u3p@MfJZg2krxg^EvyU
zmxB4IhG2TQmXT5aaX&D2B}B*V|GBKc|Io$-fudNi7aRWfZHK|FPW{hy|NRG6Dt7D!
z>~ad{f9()h{CB4RTsh_XUj)i2>Yqwz|MN&fFi{`>bLAl+>R=b;Ug{P8_iaN_O{f3k
z=)oSzaVjBZsqVtB{^v%rW4}uM=gQfqs0hR0aZii{{<i_)Z&jJD@;_Jpe@*EBXcH2S
zU#c$KSgLI8uJ5ZP2qS=4@vrv?ifZ3KQ!<O%Uh6huXnGPMNkRyHrt~3hu(!JPBvn1G
zCB=WYg^-94+N3iz?mdxc(@mp&X1JnyPQ)L*bc_5CgUVq5UijnOdk9oW(Cy%rpYKYI
z3D3>cfmA8XG|Z>EEt0K8)I?-8e)x8scCT?@bA8FPvxM4YlCH)^rzw`X-<oZudM$aI
zjfTDBnu>+^y4$CD-7e~RbjQPH{)xlHC)Lq=zr8L*od|eXkNzyo)O_kq_t}je!Agyy
zI1*ghkrrlm0>1tw@&XD`V`*GD!YgdPyZOOxKm;lz`aaKBmr)W#uMJTsL6b4NYtC}j
z-5OF{Cl2FyNjc>sIqlis@p%0ahz76cOU@BO-(?vp5BG|eVsK~9!PuuFAWv^}B=<7F
za7}KvZc#(}NS@uY(k4Q&6gq5LRRy(I%;ijzK`GaplqQ;FY*ugr;$}psc5uUr?9YCC
za@!J!5=|}|w<sYWs4n?C<~MB_p6Sl2Df5!m)u&qL2>tX_AzquIwi`G6xd3(E4!QsS
zeLpgq<e8I!_UY49NVL<Zg$fFi86)LkCN6A7c^Ga%VaPq>kEk5t53Vpats@L$rwnZy
z89dLU7IQ8!0t1JzuwH4~ggm`jidmFXPMK2=qi3hAS1P5iu~kA4I}DT+JAHb7c_ZAH
zo)9`F5-&Q*S7kSABb6V8=~>xB{`Kn|rf5I}SGb@fNlkb{d&%1`Y4Ou!B9FPu$ufKM
zmA2PJUtb*~L~<tKf+o%>ADj;leOzxTK#m39;|fV}kjom=Me?@OykYPY76-p?rI3Aa
zVrImsn@EII7$d4h_TjVhzrs<Q9Ef0>P6CXC&^*e$A8&YlcXlT?E-0gD4dr4(?4e&@
z87L3WncGH?;zmK1v!le)5nhIx)s=B6hZ4fEi;u%_@^`adaDda(3x(`^^x)`{Y?4WF
z_i2#zNjVL_!*BpTxv8Iyvg4eJgXHFp3-#qFq{LOH?Y>^^=Ys}VvAc|!x_=p?r$ag$
zD5EfayOHGVQ<ac%^AZd$I7HHMKt<Y_7rXKCPLXws;JPb93fP52KpodJ=3i?eAWQ=1
zq7znV3Z?wZY^sSAmm}v3M|)5rua<XE!Jb>QOJdDR!f<y(S6vCDI731#A<kwWQ`&-7
zP>5kmB9#A%Y-Bj4Qd=N|h%5jun5Lg>kdH!0C1QF4H->&Y$&?^CoECAzXEcP0w3jOF
z9Di(ov`!ROCsJHyvAoi@OQdkXUpuel+tKqDjwRhVBJV#1{ei@klj075p<ka~t@0&P
zPRS*g7~i-a8b$;T$0;ucsXPn|gR`+}W<3051=mu6qoAvjqX{4er1Lx-$3KjSP`O|=
z4>|~8K1%F4q_{2W>|PV6)Y=sioSYaG`2fG9&qGPafuF&)Ws>4{M!d+0IYL4Xp`>&_
zbc}^ELEckvcf9h;Th=dt^JhCRmJuDINMi9LpmeOoLtiV!;j8|5o+xZDR;kJ7&djDn
zCJgt(PIck0R?=ri$|yxTq|~h;-CC#dxytbZYuH|y(w8f_-5Z6n*o+c8<lC*0p!aTn
z6d!M>*|Fl<sqR!t>{^6jIQ|EhK*l3|WuiPRLx&VLZ$Xa|iRJg?hbzy*R5{;QI0r6#
zEG{2%{e-G@`OMaxAQwRZ$)V)8;7<b)rS~rb3EP5$xbuHRNSK_c5@NfF*cz<#JdsHD
zByXKduyA3z!K|7W?n+xw=-&6~p8CP_whJ4&0}9tdj`-ZUA+YBtOkm@|K;1><6!ZR)
zGlay@DB5>Cy{TA?){1`NZpqjCzfJ;F0exhYNcpuFCcx0uLbVx?2rpoOw&;Vt*kxoy
z$T)<A`c+DGF$}kSdRhr8$4&XZB6MqETy0Tmp7V1p+d4uJ3w+**gjOKSoCq~-^PCi?
zMui-?@%7H{eIf&wK>MsO$U<`Hp9frT9BcAb*Gjv+xKM;pguqnU<HcU6yMG%xjc#zt
zf3_wj7RKcR1NlRl9n(yT^P@ugwwt~`4dtZfH{-4ovMdY3Q4QJ-JsP26d3p1Xg2~hj
zIO0IN{v6eMS=(&%=h@EK%ZB$cJ=Ld_S74tgH69^|P<$jfr}cF)h!xlS$AKyf<E1r2
z<&)^zwM+9-D|x`z*W;9)=K0!m=RFnIAwuPo;C#@3l(v+5As9F_2?cvdNF%huVvOTs
zWiXFz&qWWDl%a3}2sw;f>zuw`u7#*}s!M#x!*J$HNh(xIZP^eO2of<|T{8qi4tW^d
zd%%bRa+l=ZX;gc0_xw|j<-fi2m*qZ51m2ONmf6BNWeYJ8U5OWM`JvTAjr1Mqde00!
zrqW2(01Nrh`<3T>feIfeb{SwkrAn_u)CNlJ1xt)7la@dEc9~~tHc~z*Q~G|x*Y^9%
z3*w%iBpD?hVtT4Xp|XECq7m3K-n05(K_mD}0cX_(E^x6C-lI-H$Oon7ixMr?E91ht
zzkFy!=~k@tnmo49Bresk(S>iMJ{r@Ly)zUMA`jtE9*)0mWV`&lekbeYg+I?k3tYgk
zUDuv!T_p5&ns?9e?TdvLL}BnXCPuUHHbuw-8jw-;WYGn7NG}^TI#DuclQG8Vb>~2J
zBRNhMhk<{({aLe}@(E7q!PkA8{;+;=8!T`Z8YFt#OR4pDW8wr%Y^3%JBa~7MJvEwQ
z>At;qHVmGWEx<}>Pn5{5$<7y7j#3`>qeGs(TYK&uNZLt6vffUd@(p$IW?r&A72{A8
zuZNKwgq$pyAH@FseB1T+0^%+|<Rbg#{%n(eSb`Nzsy{mBnCgI7V=;?8baY6Rjamu=
z1&wa?6D31BWcGXI;Tv>FFJ5fbx^`%Vf4$P29>^#~;W%<QR(5%|ywDeBs*kaG@T1D@
zn4eKjl?X-i4NVck%JsV_r;H!~sY*#MmH_gNB*53J&Z6N*VRGfCmrYvyAf;u|Yh*}1
z&bri~MlWK;mn}<ir-4~d72qdC4W5qh@kXh%jGD_`tMX9PH%B8`$V0MZc)B(HoAW&3
z_jOXg(|o&ZMPUDjVNcD0$RDK8=1D>5N-q|M(}rVls)*UQ)2g4#1ml4xy!JxW0IRcv
z;mQuRFmn?k?+dF*aShUGOf{!$`f|7?CM-rHLuR2`DMFYqT!OgUx=p%R0;b1Zlt4D-
zSG1ul1dB>mWd_T%Be7_$RTr^n;-!PvNS2cJTqOv-1>@FE)p*E;7AB*wNO@-&sg}>J
z2Ra!EqK3OJyyFehNlZ0JL`@o|N9T5rS{q~NKp|<@k9s(kNm7$n$81W6DhqhwPwNY@
z1}3q;y*?lVZ8D!aV1Q#AK#myCS6wO-ikI`{l)3u|)6-K)c(8gNV%Z2{<B>_To&QMV
z8rD@Z!<h3L2mb9rnRo9DLU~v<3{Dm+XZgFWdSU|1z)IjDFr+lHvAr9W0YS%6$g;7X
zSz9A^5Yw#LuWr0@-&%*KR|3nvu7=uD79a#^e9H+gUka)s?rTw3*)t%vS`5j)9-w}4
z%hSnf63ZyOBl~Ls1dwAsaL2(nwc;q(8AH!o<1mXJVeni=F(yZuP+9>bf=&lvTOV57
zuE6(RcSU~~wPJ)SSGzn?ck-yOCigVg)EdOLmo~A!I#N5H6vs=2+&^?1RQw&5`9M*T
zr8G?orF4sJdn>xzUGI@rc!SOkS+ACCNa<Ft)I+N|qp_})uHccrwQ#w!Cc=mbWEUNF
zZY&NLhC70yL_7-Fp%y%pOvtm3*prHc+)+=H|2%?8&_nOPMGR0u1N5gpYzMl3Ted9$
zhUFiw9xcofFAg@C9Mq*Zo-7pTlX;p*;2N-uC{$@($`SFyLr?2la*$(wM1|A!bcx%K
zpx`XTl~WYSF9iP1@_!Wpi;^UiVF50|@Z2k~HA}|B0FH8A3E;?jKmaKsDbPwslCzm{
z4B88&C>(WW7*h~&g(z)78@z9GSjtKzz=ubBLc^h`{=pe1sD&scHFBGRNz|xF<Zd8Q
z^6$DeBqR=RO?w0b0nh;SRO$J{*`bAK!*onfT4X});Zr3X61evBD@C9>5mioMi<7k6
z^a>3Q$4P^SzbuVEK7#FKEA6{qwb^;|ct8<kqCrr2xP&ZF{yJ`@XP`sL)72mZiMXuI
z<RV2^x6xdo*0A(D`WL=1_G@`ci$mSqdu{GvaGF>FCPEX~7D56iTgr$^8SWblkA&eY
zu4^&Eo*RPWS!B4RSEOhDwI@%2?2jt4l@c^u(bo%TV0%Sv&LB`-0!5=EsQF~Vo{dft
z4S;ACPmU`BZ+Qgr|K#h;<NXSyxK$9lu;I85U?mHUERSbldnHN{8&_>V#BdB$wvytC
zXps90VuQlJ3=23isO3(@8G*9M58~~@l041#j?v#ywUYat8gOUmK!K)6<c_F>0&<Y8
z;tp`3HQM?9W?&3V+J*4)S%jE!iuXh6@~SGO4$`Z(-?lh9ud*F{rEvM_+IS~lZz510
z-ee5`C6o&-2wBr0WKDdCtuds7z&;7a8xx_3NpQ=vUoS!Bc)_Wn$_BK;!u5U2Sdbtd
zQIR3b5Fo6D7sidQ-Dw!zP59qc*J_ZL#zWT2f+!N)7*-Dj`y?7K?My23+*LpVx6C)K
z0Wg>MMsKl;AcLXGKyA_vASy;E{3<(js1{vxcZ`E9mMK3BXPdy>ZS=<iO!28VV_L70
zYMqpj3o8p8is=n@BZ}}b6|9LpUJu;AC!$a~=;Qe|kAHS(L<KaAOxh7z!n5lMgA*ef
zW)UF~L~xW)MHo(bpmFV7`h_G+&r4CFhCdR#3b@MYGZb7QA^Q;PNpfigM5%Fp_I`@N
zDG2P6P`rYr)<~=O1D*6*(*xp%-g^Oh0Pxy{Z7ug}5usv1FW9at44#LmH@uUsfFeQ#
zs`bX8ds!56X?{0Al<VH0)DC95eh?YLKsMG$BNR!Vo4N=^S;=WhzU_f543=UXDL_eM
zeQIm`BGeDKNIog9$Ha+4{bA1cShYbds1P@z(2yiu+6%J<`evQ~4z`URrsPDq$%|5-
z8=IU+RS81p$!s)owRTp}LPkY6MwId!Y*Y(B5Bs%;N|iaFQMtuE3yRugOb@e-)>U>U
z2nr7FCyEs37nhh`ZKC>5j`?Z4ZHmAPe|T6d&_NV9+)h@n%lQ0->ESyat!8G(u5y|V
zxnd=hghJ41AZ)uo5@he34SkQnUGb3dTQ2*VHgG7do}unj1;wN|I}qG%%`CuwIeADk
zNVGdzcbGvOwU{~{=W<`4x>I5$*!C-J+`K<j<-N-Z+6S-`_vRTiNPzE0ft8dG$KdW8
z0=s?<TEPoN2xuM`K3dI78QS%s8ME^)G5qQ2w7}DQuNNA@_U^ZZSH^W6pL$(*S~<n_
z%(?PsSxTKTaO`Md7)}7>P9=~-7zkK)7(*w3qhrEx8*gVmefLlpbYY4LK|ygSVICu1
zBF#9kl^NOy+mt)SxxdYL2VZu%b|iq9bt9D6nk^;pFi!LB=o_s21>p{kDe6!i#=))}
zOEMCiMV=-H>=EDlM$qewUQ8CB&FKD41IiOkBXP((l6z3pxc|d=84nW~6PP{6?>cDe
zHNG;Dd+vFb(3Qc*XAQeNu8x>pnN~dng^7$2(@3+&V;w^YT-YN6+i?bn{H`B9>K4JV
z2V+a0wNFt!$xzyMEVSKtrL-^s{AUvsFw)0czqg9r5%g`?*h>&Xs1Ehsx8n;V&AWdM
z;l^JSF!6)FCXWl;li5h~%}`PtJxD+|Jfpr^fEv>PqhBda{k|nMS>!WPFN+&1o{*78
z<)($X4-zdfaPzn?;@%UE#XVEpKP?N?_dn3U8*|k^h6hHoi9Vcf)(tw|H>r2~p7CRA
zuusH6_h3t4_Dj3#>}S_jZ%tp?uV@e$MnUY5g`#p;9?abiUMNiCwvBp~2uB&#`|pNY
zw79Dr|JdxCqi~-pt()*0<QKj36}mC?g=>E!+I-`PLQw_*iS*NAk0!<4UBEb2k>XB+
zKEjcixqKJ2_DNd{hFU-N?#wI>XSz>+WAWWtPS5YS$9l5b=&FrN)<pT<nLR#=+~`QN
z?v7JbAP>yBoWn3b2->_ACXJFR-I<y0%^X)s;lB*qhSvre1Y=kZPx(%7f1G_cekiKY
z@sX7hYtS5{lkwiV;VzrV<~JIo?=@H!ZsTZo;=*xJ;B@T8nXiSn7wxCGihDFMK|w7=
zLDK4X8-q{I?;q_da$deS_bbS>(gS;5`r_p}r<De0k3Ek{(s3-oQru{<zlS`CTQ{)|
zyt+D8FKXXsnRvauxL0bMqei06#WF+FWZSwigs{qKpVvNWidmG#XKU*D@+b?4(+{ma
zh%ZUa&8Ar=eh^;LSQv=l4kx{LvYC5vhIm_f%YX6IVzGX12}O~s=K2?-PXA966xi+E
z&<e{;&GrLSjAGN;SiOC~`*OuCt9r-MGc3}&t3gL?exDSEriIW0-4!dFws~N`0k*W=
z)e&%FxzL|qICCIWTA-JrW927s|4u@e|DsB*b?}j{h-HgNru15Z!(iIEH3xrL8c{2!
z1<)_frxPgR$n;hx{rO3#1GrsV_Sw))Hq9~2^4gYi8`l0&U(Y2GT?xmD$Ii}_knw(0
z`~Hsf(RYPdtS}yK3~Xd5CDX0Yu3=i?l)d+QObAh}#+ZJ|iWt=ns_4$QHAdN75QjnT
zv{lPY?bNtI&AfZxXZl)?6ZwMWF9hub?v7KqAHS4Jzu=LM?<iMqR9cLQumznP{PsQg
z<fx7oZe}84_2cEY3v!`9tM0u<(7Lw9Jvo1{`|h%9cl-;>0>5FyDz|>w5$~zz7Kqli
z;O*g$8;byY&3M*5OgvelTKP6-GwBV!VVF+yKO(D_uQRdoMXSXv3lwV6CD#qViP5vX
z4}#38xl^y_F^+Q;*Geow2awdBa^-E#z#;EEMP0Fuxlpm5wb(>^9BUxo!BP2StKWT_
z-fuNC!ym0uLdZ|qP9EP(kVc<eXz`ze_^wYSY^_{07QVW@Mt3YzWuF{+N>(%R)%U_{
z39=h+FHWkN(d+x^P2B{so*TO{M(_#k@#ST`&C5?M8@-~fjEdHMrRi@D+AFMs_EBFu
zV|f@Q3R0Ix#5I<Ty=DdqMGL(emFm5gTnY;LjMwz#Ggp7?mkx-!jd`%;%yws6;*o3D
zrtb~3f+I?-ipM+yRXzg&p)HPTD1WJZTmdOgj|!Piv8sC3u1TNE@qP|nv-`g4^vkCn
zb0RdztM_I?Ups!_FAc*54HSMBOK$}M<&+AgZOTFOAkNl#p-|)irVya^p=^ZrU~Zx2
z_Ql!mq~b&&^p)v3hsR;Ln%SeXw%r4<1I3f)roX=FBK=r>UNn2s?#H{sBX31DA8ZQ-
zbS|A|e`b;=Rd^^ueUd2fBb!aR_2swxCC-iPH#;NBZ`^$K7suPoVcMhXJzu!&hlDah
z_$wDbXy1REE;D2rR;E@?Fw*Fs@ST`d0_P-f_-^`O8<TeYxqb<BBC`8>?MG#WJW+E=
z>4U_jjB#m&u?OpBeL>H>2G`V&zId*f&D!jBF^c=WaWaqW$v_#!pwXaBjBy)LlIKz(
zMti$VrY+Wtein-4lM{^Jp5Cgu`B^Ugl0)d3bCTWFv5$9PM1FT&1z0Xi8nOjcNI?oG
zgAV0iPH%;4Ch;Z<B!$JGlVUS=;^iF|hW~Q$<K5a3_P823T(jgAvu<CL^Ym$OAN5Gf
zH0BPWrt0kaqeJMyjtkiF1H&p$F0ZFAuI{3AbnlV?N2@_SwF<=`yCI!1+i}CYZg$9#
zMEAAn8pqTWl4*eWcwygIKmX92Vq~5SIe6KX(#!Xt<q=%$R@j@IM)3g;(wRPoH}U=(
zGY^tW-&?d8OFVQQC#By*7U?pwJ4hry@q)$uMg;gljb(MZpW3v+r;J-a_0#jb(TPCp
z7ICim#l8y_N|{pr5pNHsU+p72_b&{cIF>M8^z(gOxdzpq6H!Swur+$?odYAmZB;RP
zEdoI8#>|#e30I^sZfft@GpF&sRe7ha;i99%+O#~L#q$!CR!;t4$P>d8xiM49x?q@_
z0;j)t?53ZCdvalOy2E{MbQ7fI9JcT-vv_%Pwe3yMTF*6^E8pH#yY|sEznRNIxAS;>
zlT75ZK6?}0#<0YXTsJ~j-O38cYPKlQKJ;4rWV$$9&X2B63w{b~xm&F?sQ|}1np<ln
zJ8~EIQ6lTp6$cjI_~oi0OODqA-j!YNT$@F~(<F_>*|AX?Jx6iF6==QAxFx}C05Ss?
zI66gnHP+euqmlM_t@y;{9g)`J-OAB?kvuu?)hGb5kK3I+*!`AwbweY?(b<W$o#uB1
zgP*D9abR`}G8DZFp0>tM*mos-UcWwGfIB#KP%Vdw6|A+EGZDR7>pr4dA2eP2J^G|i
z@x+n&3Sv7ic`c|s?IXS_dD?PWImN#7d+vzA?CjteirFkkKlpvK_eaisw6KJ6k%f`(
z9mc+Q*%=xfUfZ|OUJ(v9bu-;G-A~&~V+9T3STCO+c`P@_5$c4N=-Mgwuno&FkcwwS
zu`)&cRXRMW;_Z@aFQksF@|<>CYyYe7V6Ok3V{Qr83qjk4(VI8p%^vP{WF9lJXbVq{
z6rlSUa{X49Zd~2OD%~zC&@#Hm6P=TE=Y)Yn8TH-p?ChI#ZTyr#jsM!W!>tZdMS$sl
zudX-A?XS8!PJYwcq<KbKc{tiIXWy((jjb~E*0A=YrNV)F-#DcoK6herA9#E#Ps9+?
zusE9H+u2&PBb7?>C*EuQu)bk!h2!;h{eilZ=dj#4<zIzQXfX7VL5JWA0m5dX_uunx
z&qR$D)El$B-eovo|K{(mlih0DYeh1DiQnQpHBS^@&5+sZ&DVV?twY~xI4*|aC`l$y
zOd?q*S`^@)K@Hphip#^0BF$`_oi$6x01bJEo-2_{eVKfXWtQ^8rXp?~J;Ht2CohQC
z&i5WgK;QJqGkzm$_I?-PVP4?(_HLE8^^Ct&giLIs3vE}?j?{p58x^viYWy9JX{b_&
zE7IFUyIJb4<LTH5{+7VQ)175FhTYNuiHvQbg~{L(u7MB9!sez$`YimKiL)0W)fyC_
zf+adAVMMJA#o)g3pb%cEm>#4PG3mw4K&D#818?||1bVG7e^+UsuELQ-DGc{SE2p_~
zSCZ*s5on6+BRO7<+UuO>_FKCe_{A96+Ng$XyYDr~<C0~XDCk-PGvRx$ZP}MqZ;@L5
ziMfA4?l*S79*hqOq<SO;+G&R5%a)u{j>MnFra5t8>SvZjc(i7cgwVZeUbp5qp{U2S
z3c>hN$5?ro>Sl0K!}jIFfZ%}gQ@WYRG>&jt?Zg=(?kag_&Lxxe7j%yGNxcIN&L>^u
z)%zC50l8g^DM_(wguAQ3H#aZktY?K-RXKi6l@Y)GHGuKli#O-{YGN|x-m!{&|JorP
z2Dg{oVl_$=bxI@8KHUv4>MVhmd#s59Moc%23yg@|5__Qs+s=F|qeBv@<+A=eRlPlh
zn0b=tOM#>6D<@{p+*|}6@9-Z^$0^3DfrRI}Y!P@@12Oz`^BVe@PjhK>anmiBMPpU(
zquFoEZ@!bxM)#C4s>~$y!F!__g61jrOV1M*AV+xJkADo`dX@+vh<|bQ6a29G<brfz
zq@OEe;5NFJnQjKusd~eY75Uj@pGR}+qclK1?x+w4qmCOJ55l*KI(FCa)$$Xy*m;f!
zve`tZT%=nA$-$}TuO3WmCfwN0hO1bkvxIN^bz5U=jpjTO_aP(0MPEM;<%CUx7O|iD
z&bPV{CMS~l!b80rInfo!=})rUJ+HSTJ$h4}6N5q@imE4r0eh8Whbo<6jhmyINpkEo
zK_nDZbkt{O${IpKGQDBXrvq`jE&Z)Y44`1Bux@1;y%UB*kXAl7s?#H4yxdR+3d|0-
zd(v0>*jx7YjU7HJbS*IIb1=9qlC6Qc#yPXvmL&13)G`6LBJhJJ!$O@r5wQncl`RLj
zvFE<#6*$ItKD_{!-N_eybZ;1b#>EgeQUG^-!8GJ+%Qx21HeV>qiT(cdSaRn><;C09
zk9Qsq^wMX`2EM2OFxKC@W#u~yaB!AX=g$-x&8IB`^4=Z~b?GkIcZoX23CIf$jF_)k
zl^0&E&PbHJ`T~|F`=HFCSrN4!N;gnu>pJqxLEk2FBa4{G-KLKlBs4G&ojRwA+`e7e
z%v<Nm8qc9pe6Ckq%`-+m&Ur-AoVAqac=<>HQ+Y-opx}}&rl_7|0d7K;(><WgT`7sW
zsY5>xVAmRy1TKocQglwC^@h7Mt!rG!<%wdFudh?&8yPhFtnzK%j;{1cMPn9a$m4>k
zsF7Fg=}TW<{t|f>mOj4LHJL9e-gJDRsF*}dL2@EduXLPM<@x<m{r0fsO|{{C^~nbl
zje5kUj1ooC#}7Xo_LNUPS?aj4&-ANy$^y01?ENt*mJbpFiM*QZ5m6t!8roDzrn?uC
zmI|8>Ft-<~V(+G?AZ!_u^qC8GWg5LBF+E1%h4zMJh}*Nf3l~2u@D7z(sqyN~i;j30
zCx5P68?k(N93E795b|Ru`)~lO>0R9J(kM8iR7|AMouKLY=t2-abJ$c3&bsB@Cc08F
z@xkPl>v-+t!prT`YrdP`;>$*Q)zNDHH75qUtHLu<UOaoD;e0WredsC)E$KQIfHzA!
zHVTR#2I7L_%v$d@JhgTz7EyUw6AcDm57gPPCUto+jKkWp*k)e_Q7@NzRNUP*eL)KJ
z7cScj&W-7~xa`&01)3#*P)Q8b23~tE?kTptJW}lzw<OjWJ}OwHqQrI6ZnJDe@Fh$8
zFOpVB3P7UEBu7P-ORa8j2Oc03F9x42)*hCCKV-35c~5-~iqiA&AAjIC67BCD7E6KN
zjw~M=6U3y+j6Acg^jy2}av@4Z!LvKPGzyFsUst%_0L7^hAB9*2r*O&6fScW*V<Y@4
zdm1cYL(^`g>P~7*rkMU#%FD4P6(#Ej<!Q9H{~<7ZUQpA`6i2wv_3)-wr#`4U(=2Cr
ze@lSpaYNTkwZ39%6kSx$vP|jFgl*DHWowSAuLAKS!S}7!{tllTD$Js4asu8d@PE7U
z8Qn0lHb@xCqT2U?-wJnqz6E(bQw>39+`hTH1hA)PfXg6Dp3I}Y(x}w8S-x{ZFNw8A
zZ@GU0MPIyY>(Rsld9Gq38h~7h#?A*a7WacHYaLMPpcLb<p7ftz-_QDmkL*R`8?Kmw
z%)|bYn>QE6N*-|QW$5Q9oDGh6B>z^xN~luE>Qbkv`z<h|*~#LBqV8VUf2Ca6yn_n}
z%)}d8jo++I|6_w$TzR(36~qaFL;3L&y@D2sAIFDmcT*&8n0gBsUP?<Yf3LGT8Eo@W
zhIvLNGz)-7I*8eN!Y2mRR$=<0M;GnJEEwhOYGd>Bf_y$cB-#L_%}tUCY+TSWEbwW!
zcuiKq1VxE&uR@<<w}}e_s6$D?)DQ4TJ|A)6-oM#(STH2A*?7e+P_)B+xN%@Yg%X9L
zsH%LHUmR@1yXO<+S<EzF-i)n5bmZd5M8QVQ!X?x4U%!(b-mIGpGI9y3?=y|^p2BF7
zr#-ee&Q@&H<kd&hmd^&TR6P0(REpAo3{XY*J>^?6%HL>y_C(>W<yDulC$795(Sd_(
zZc7vmn+#<<X_Xei-xpx5yx6Gt4nDS_-q!J>#ds%!USp|iYAK&zyUkCD<W0U#S9s{h
z8&Tf5fRTwbV-nGAxKT^)yLu;Z+k1cGYC%8;J-IO5o&`t17vs<@nd+`@XC=VY-q`C9
ze));_1B-?LOS9V5+mj?z%w9_e3L}lXSV_lGt}y%jAb#@?XR4fgnd#&%rcJ-@yBY{l
zf5c0P1>wv<0_+=4dY|=kJ2QFO<wqfmYl9#a_2y)g6{=SzR5@--XP)K6R%uQr@PT5c
zz-|>Z%pqnQ0ZHnkN`+sDZnT_K%+EgA-bg27C?^XJVTrTp&NAMLVDqbdj`qkhZ*hH#
z6Ig^)xEAO(DqVJ*q5N6F{RBmI*HB&Vyl2mQC%rY_kwN87oabsatD2d1nq8jA2a|RI
z$4WT?N$e=Vvekr+=2n$S(Tm((qj`TLQK+Mm>7|)h-J5p<5fiP}mrKm*3z92`23Bn$
z*^ab)^~fnBK#>_x9`>o(nna`?dkDBlk_~FFgG$eWl(u38smXDusy5dyWBEPZ=zI*t
zZf8vPH1hJLZYfCU5#YJtDxP}JgURwoOaq2iVxqX&zcz7ag-O--#p}ZhlSvnct}0Wo
z{<!S#`{}QRDo_YAY{hUg)4}$eOD)?7(6w2Z9s@;*xR1TpD<_|5`)xC>Af-6`Yt`l;
z?=)#3Jj!9u4NJ5Hi$~iuf8|I;{B*0G-w#9KXY{GLk-nQP_*j5PORDPfEm8-^Jk{?r
zU5``5J$Bqln8Ys3eBnRg!A2!^*^~QB#{!J3JiN+wNdb(BH`DJPYOB!j?sa{dw%f@{
zp}ur2tbH7ZeENKzV#;xNfxq!CvASPS?u2uJacq^Las;wAl|SkkLC)5rkcsG9`DWDi
z%X{_WHuK21n((N0vSdMX)o*W@;5AEkld~H+gDLJSn#ah?I1a=47{ybQ*<L!aR|dE6
zX(qO<Dxq5yDlF<bEE_4Ju}rKUNlKWE#}&Jm1ds&}EuQa1WI7gRV4-h(a$62pKPSqf
z2C%qP*&0FYk&ThoniyM)_2Ji4Ja%c2(@R*vaO)GMDu#JNWt0e7f^n=~62zz$6Wu?%
z0++(2B=l_{Qz9u&mJl+25BdWAQ@cQ*6Y0>F_M9JkLhL#&r~WQ52<^AU%(!!X^;g%M
z3ivfuLvD?=)qa}%%|+fyuazB1$X-hm<y^k~h*mg5eWS$o#AUqUwl^TlEf;MZoKgvc
z%X8`Xy_x<N6iQAQTaY>0h8AsI&<H7by*mE|wXyeIv@<eKKS!=+WY0?8OjEul)CV*S
zvx_yE(s9!yYk1uJ-5nB#;htF<o(E>9g<Ov_Hs-8@BjlK8TN%X*#8b)5K^^M3D!Wxb
zy*cwv<hHSHs*?=-Q%%WXO7v&jS6%7i_7k|do-bs(r1zE?O`o{2)cZWZ^fVtNe6;I4
zl-yuC@l7o}SvGK=yb#NTOrUCS)c(AqTopj1oN_pmU$M}<JCTt8qSU5tRHEMbunnsZ
z^H3e^9JZa07a7PyS);2z)Q?2TE;j@@$7S?Osig{yQx<uy{$etJz;D?HpT?#-zx@_`
z$GhOJyV7#daAiMF{B|eh!iahKwEX9%UQGa!SGdP2xUP8OtKu>#he>@n20)Hg*4vRO
zf<Y_8CblOnJa{-vE88!7W-d24Hc_Ro_M99xNfK*<)=G5|%FS)Pv6+Pj52w{og*Q?@
zxbJVI{k@5FUE65mktZ$<F)YP)$g?-qQtD!nQM3<c+gb|6J&H22<=pZtt24KqVr;cL
zd)4pU)I7dY^Rjtu+yBQ__jc9wc9#W)OCkdzX>ha>AT0<G4GZN&zxn!LsArik9CE6_
zt5>$uFg{J>`_Ts{SM{EY(}9lqU>d!{U%&Q9?JQunl{G#k?vF|_A2YciHNt~QTg${8
zSCm)oydAGS3bCBS4~3;&Gk9LSC@wIdnL9}(L1_D)e&)*WyJ2E-h&*aU7F)(nvHuEx
zaiBc;aZ60TKZQcU$2wJriECk?2*GwMHf^8m!zZWCOxI)e)2F@S@!1N`%DFlB;%*?8
zz82r?F|`Dq08ULHn6~I<?y4=tU7j>v4_K<UeapT%_b|To*pIXP^A0|njXEV;ReAIj
zuy-fOCtV=psw!1z^mKs(kS)0fWlnZj_=$V_fX{sv%!Ni5#MOvUDkQij_ol@UCG73P
zRaal@XQka;)H-UkR(vw@uF1Emx8OnO#=-5%65Gp{yGA_Hxa5pQO{6^z0DxMVzieRg
zNZnIARVcv;$?=W8rtexEYdaSnCgumzd^((P+H<kC*o_^OEwEW!1_>^Y+I?*^_PlY*
zm-YtGFsF?_9_@U%TAunwNVIycLNc}J1drLvDFVXiK!Jf&|6%3gT3wB!cl=t*$%V0}
z2hRaS+O;5&HZxLf|0U-m#XS0rU}`Kwv-Qjd9rO_u=Xb!G_?wYpss;cZaTRAP^=)?|
zKcl&d?96U33Aa57o$e$aJcydWr~EBy6+G-JUPz`jP(We}Qos21fiV8_TMeTG2g4@T
zzN^nm)4Z8(uT+{f3vYb~KtAJASfoN5OD^U67qcc8cR(2y2S$K<s+mVM32UW1`dg8F
zbb_=J(n%kJ5!TP$P{PDM=G3^@YzgdcWe|l)xuN0Kp=Do-tj~ObE_rjowYi6}vFIf4
z)v>g+A(@16R&1%dsC7N-2nQa<8LO}AKByT4ybg6R>6aTK#l>o|J7>&@`x;`nbrTWB
z<s)`K&U}!_S{*-88z|7T`@#G!M>rouZc~@B=Ul^%&yp^Cuc@0YhqRFoJk#{TWAJzG
zbiXzCRt=s{)mn))DnN+zvxTuKey{(2G!>_K9P>;lN79;IBi3XowI&wro+i3^G!$^>
z^=+}~Kqj;x497Wm=fuPB{{H&o@tEi^<BHM6<I{+IONd|5`Xex<X&#d<4fNdZFlG?7
zN}5F8N-;RnEe+-qd8Al8&$GTA!2~isy}9BkqaqDJ`+IXCh`ukg&TMD-GJLls=+=+G
zEMv<VbiSWMiE+&{ot!Gf>1qnB<#fC9zsYiH65xf$@+~eamYp#rvCX%{ORT51zrA&B
z-nP4S^l_MYqH&iwb<q(W(d-|m(fi@Z$qG&HJ^)I;*bx&B>(2+fpl~p3aH28S-+Z1%
z+O+*4c;>_QQI!FhQUfozk&GV;6>8HZ>MS;wDaMeKL~WxmU?w1WZ0d?=P25_R>iHHV
z`GC4pBK53Cfr=lx?S~^h!NoP2u52*Qx(#U6t~M|0G+M3Cmk91`yT=~LXPK^87KZZ#
z4w^(PMQdyYxf7AiASGBnV+ET;?~BevsBg@^<!JV+O$9@=E<lkN(a)7nIky=6aVW?G
zpjT31D-3#Hv?)mDuRTp6#|`C#Lr++lpqFt{AXt@}g~83mb9|dLrya$eG)%(aee0Kz
zOOb4y$*IDQnyGIVVseYY2<MFa2^a;YWjBWLs2m_SG8(W|0TJJ*-W8F`aNJ#{D7d<5
zW>|mYPQM_{kE7km&c1JK!2wPdQ;d>s)V((&uYDK&=~7m}r8YzfJqWfUZ+0j0NCr`T
zJe-sZ`Vnnl@Nk*YcDtuLuabLt!1<9(iV;p9HqX8Z$U0Sbl1OnG;`u$FPwTE(7w!)4
z?WbAC%9mZKpdXeH0&@%-AxoOOcKLNRxjWC*lteYFUEU%YC5+!<ncl^~KVln-lf5T=
zd-o8_jcY;4C&#;&xe5jj^%r=KHf9fB?YXV=44=O%rFNpDPpMeZKrpL_pF!R%K{V>k
zu-B2CL1+usIU1O6(3J_8RD8Nv;c}aqZiLot_Hf9KNA3$9;2fe#rH}4S<~H5XSawmh
zs41Q%26bNKqU-3|Fm<r3)4=r)MQ0^q0$Bx74s<T9um2*AqnT6bw+%d;T#H2;Q?a!F
zVvmNTfT@3(+yU#NKbVsA<VD=H8Qm)E6c1r_JU#4Zsw7J0yQv)pr=SQo8um8Q4)R)l
zZ^|UO2)}%n)g5<6Z{sXsb8-LZu#qij?d}7fRVU_ZzZT0CQDcAYMcb|(oZySrgT*EO
zcT*15l(4fnQY@zD9l-#@f$gyLhQfAh!bgUKGc03QL6)(1+9qPoy!bZJylz!1){Ia(
zjbJO6b&%#)F0ufipGTm;_<g`8I&m6O@adv$+$pUxI74yxqzzaL$TQ7V*QZ_ZoP3Ji
zR~fo&vIWsYrA7w0k4~bIaapyzVMKn}7xl^Mkh*}5>I8n&DaDodUu{;$<cu?$3)>@$
z0wjF*)>}W!KWE!@zlKo1S%PcYzukqZk>t8K$uJeTczE+%E%93r-2ihDh$T{nZ`Vc!
zMja{$#lvk4Z`!3;MYVuC=v=mCTP4>8MACn5UJee>1%sg5CRVLhJd9F#kx!vhVG*~>
zW3RuMSekWl2>`UqvtSIMhnT%BO4v;MDOpq5uu3(kUppsD-h1R@gOdLW<$HhHax_@u
z1;AWTM%WUk_c2p%9(migA24=OtI@%0<JW@sy6s2xRNBeTFk`~tH56K`bjStySI_q&
z3D%5G&Z&<_+v(o!idW7qyjt2)WhbnhauQR9Z7v(Y*(Mfu*RBx9$aifGgpB<fK0}!S
zcIZA9BVoahNh8!LsZhn2fIoIVuZaky=QUa4WiF{p*2@Xo=kIC`ers-Ou74&93B}Jb
zaYzx4zMLcH<;x5&IOJxgA%3FyQjXu=@&g_!A9mw=|Cz~v<~g+v(vBF$OD`hzBNRi_
z1JnSWzsJO~BJfVH{iv==KK)c6Q%!;>bH4>(EX87QAaUK@yOQLPe+uF!GyVf;6W&?A
za5q|+?fNyiQ);^d?Bw;^OQ#5-7VPV*jez}FtNsBn6Bw0K$W#R&gdfRfOq5fsH~}Yk
zyEgf+5J95T0K^ssAods_PlRE5Ql2G8glI!EE|v;}6W>kzCVbd6>IEo&%7wrBLIT28
zP;G9MekqWE?LBPsUu)*Fwi*Yzl5D^vS-E_+xDaNlfeC4l^%;)R1oV+YK%swv=mUJ1
z79O!%N_=$4;p8#j(ryOppjq?S;u@H#l2WVU_Te+%Ucf~ebqHl0y!zAdffX@>2HyQm
zbUvU|UxhsWo6K7S9-$KKV4pGsJRCf*qDGCZr%iiF>GrsdUCJmwBI9WSptD<pM-i!c
zfae%8p`s_+UlKfLSsb)G`x{ILh{_*Cc;3+6$zYR~=T*IXH?uK4y7S2JknmsPiG;sx
zZx+KE$u*@AYQW{E6@HL117=0D2iu=lOCMzbsf9>rsxTmE4)uRZL#_4o{5}}44!rKk
zZz8-BJWUq@R7YOAL@2*~n&va47l8&y0UX@gc^b2ON~(~2H5>*9)DZ3fE;+4?QdN_?
zAHqjuR)ZBj6($RSUw2CEABvY!5X74Nd~PuV#SEncn5?X9=%E|$MoPL4zYe~v)knF0
zJ@g8ZViH|1Z&w!(8{GR_Y~WMeb_*N?&@2?!mv+UT_in0Act%P{M)u4RumeH;QGnJT
zd2**Nf@l6uZYmXE{#;#tnGe`WRc*v<O?-epo-7627kFirbO+Z|meS)ZaIBf^3s{M#
zX$RPVCL_FE1K-Vrq9$atp7rzq5zKG`=9mzQG7h48@BQnjLp8ukIA_0T0;Y}jR5-;1
zxH)ok^WDa0PQxF|9Qgr#CyxX193g^k@oajkm@-iu1^9blA)t~euo{m_lrXWa_uZ`U
zmQFP0xOP1>9)r6x$XW%y$+X{l{kjYxloQZOqCQ2a1B<c=rBDp8uCM@9p7ivuRDY!^
zC4iy-NaA<#fSEIlR}pl=+InhjI>5{pCFqdjoLKR}j4CQOHH_|31NEoMW=f<?{%e_^
z*Z={<7;r7CUh)sBLz@s&?G!fwd8o0>s#+JoK64Sm1pq}r6u7z2A!C!Sa~1W@U#KQj
zCLk20I|mT`p>iW-h5fR`v4-uMwAw^Fj%${owdG5iCqXL(21%<`Kr^;<<-Nxr>u>@{
z#7M}O>tMf3*p15`x$i@iQ|fz?9|ERp6n(d_HUp@4fij~LfZX~?)l_2ofF#=U-GOI+
zQ4px43V=##4mw&3^huL<2cF#V9%+ie^vGO&_nT<DZV${dnAP&&KH&Jhdbk~G(eOmq
zxO{@Qd=w~Lq9db<(59GM{c=^F{ickv0U0rjmtVi6_GBSkqd#}KC~m0S(#n0NjNf{^
zWo|sS&<kdYz*uG;3{<+B0|W#J(iF%@-`oDNB2M5VQDc$z;AFUgt_?UzP-dA$jjmZ8
z4_5p^`VIU6T>vDxe&t~?u!&sQD0*H#u4{R1mw+vUb=(DK#ETU-z_YUSFqYsd+YW+f
znY@xfzWNV}8U0_NM5qUI6aYn`lu^O1E^ud+wkk+R^lVB8+3T)<RSv0Mc!gr4(k;Zc
zCQ*IhTua@>v>lFXGNAx)(wLlZ2D5)amOK>x82ktOJwyo!ieLkh?{W~>BTm5GD@Q1!
z&WFK`VgzVI=ShJaL<O|2IT(0DPF7q98Z!NQCt<XvM_U>!g##-do$gNMX2z}rNSH_j
zs`a|bNJA{9$3X*6`~P?2*3H2owX&GW-VgC6dlh?LTO{i<r=aoQx-;*KsUJA58H7@I
zY<A}n{ZcnX!{0kYo2;+>_|yW&!uil1$!U$=Y(Bx^4jd4A8rZE##KD%M@HW%k1n1A>
zre(XHzo~Nsp;+LidD35D!0eQ#xB#E{qw=s89kPZ@^6}{?JTa3L@cMw_AOR>2uGU?8
z2TFk?C~wS?V2vYCb~KXWTEG$E57W&I6ArquB@7Pm>}qL{GH1IV{C1@vK~Ol<sc65Z
zTz3hLQ-~6t>vI8vOglOxk+1hn2NnoD9Y310RVYhQ>-5<iAwV{+!$QW@+75|$W7ha;
z9Fy^Kyrjz3p!uV-MG-Jl9SoR4ER0vD{Hy)B^>kv;@(<g~!$*bDzqmkrhKBlpYzXr1
zPcfPfdyxh-PZ&`Jm^$BL6GK5(Q$o-=>ys+A34z!E2hy}vK;W6xsfS$>d=J`_=C)Yx
zi$6aL0PyW+r{#WMiVXNI`da(~CuD-3Qq+ohALta(wE@-7$Us`{ypX30Oa2!EIYq3S
zNRmYVw+I(5b|)aX1f3sa(`{_LI)2!xZLV2O`K02PI;Yr*Z{+D_ycfs3%rE9C0Yn<0
z7*1_K`~-U>NU0daEaRPl>9MfYQU@e$&^pEMd#LvifO3!<8^y|N4}3{U1Cb(g8(klq
zi|J8yj8bb82-Rabuidu_#xY;+Q2%=C5FYT(LKoh6QWLJx{KckNL5h>^8JNv12y7!*
zyUi{PqKJSc4g-?2#{0Gh;tm^ERKeD26Y=WKi%Q|r65gPD0rNcJXQ+F}lBp55DqL`P
z{9%=c$&>$BMLfH*g^WK?Q~bM%Uup{ABu2nAi@Qev<rH|D?ZNXHIUm4u&5`86XQsdP
zI3KP!0+^CPImP3zEWjfF*{Oa6P8uZN<VjArMyK&;ic7}BF<i*9)?n28+<f!dLR*-r
zDMn`jq&6mz&{Mo!GXl{<LdqYhfN6HqoGSFI8Aue+cJN(aZ=D!7HH!=(`lZMLGNZ1F
z@kn8QrL<pDX`tt{0Gcv)wj3ZWNrF=I0tHt0*(#d_HIjKiF{YO2;G`4|t+FNU9vcBv
zW&r&l!*I8*yNg43Np*4x!f?1k9zdpMrADUn>-NJg@%_~0{FMK^6L6>hxwMcFMZAb%
zbAI3=w8@m+;H8iI!3<DDIRk+UyQqtRu1Z@2WVVMsRi^sB<_YGzxb5PNzY|T9#kGwB
zb~<EAVobVrce`uL_Qr<+IcOQ*`x+04g%369V4wvk*01~swt)8eXWbmi56mKu;Hv`&
z59;g&fYO|8DjJ>U6i=QF!@V&mLPGQS0M<kVG9!~RYD-e)JmDs^2#djGkmAIFL4eS>
zi2<3356FKElv55W@tm@1!2Q!y(*un7f3LHC6U014R*Q!FAs5NG^_Z>oSgZj<_-(lA
zXCYBUiv?A>ya#rRjG51<SomoZF#*uZwIyqw0wL6Jz#c9D7=v@=ZwoA8rp8K<NZB%+
zRcZ6`xc^WUx#yqyTXSF(wKhKBAssr6yf9o6sBHd`tfiEEpnVupjc-RMkEd-$JpluP
zMTUZ~ny5&Rl^s<|iA-P7*~bTipAwzsA|PL-Ldq<40a?e-N#3#G)JJ7h_}b^gwXS{%
zXn@63xQ(lJr6ApGf7OwD`JoWo+S#}2U=VX7<p?>T<05#GPbbB{uHn$0Pj_|r__+*^
zn1^}N?Z-Z)WN-RXjT}2-MM-v@Qe2Ps+83F(*a$0W=F{NiTbk*{0Q!Lg#BsM_r~eni
z33gLXc&bhr6>6=e8Jer@JDPR?GVlF1|L)27gO7^zXnLW6q-IwqvF~D#96J6aOB+L)
zgwRseiIQ(4wR^W#l;H)O*p2=dn~&{8gZOfWf{rX7Y>uaG%#RqcIm+l>ZDWFLPV8$i
zH62^svJa=oO>K|V?*@Wb6}IU=KM}x~e*F;RsQl)E`%;Z)nOx@<3t=Vgze=}G7!H1S
zk?%zxtH14K2U>_RJ=XN`qc>R!rZ#O_59DnNQUtPA592)iyRCBzl6INSCYb13+{Me{
z*u_H~jEJ>Tw0O9k?|<D`sZ&(F%ijkiwZu^TXkDr_Eg?FsC7vzFM+kg~0GV?~*GVMm
zp7CSuF;J5IYi3U{V9-iLoGrpNbr#YMjNO75r5#>)!#)h|dX8o^q%9f(IC4phfDd8i
zd1vN!7+n3?r4MLOdct)NzHW?rLs9Q!-C2R|O~+6fb(RiUZd!kJ^ck5XZs9{=`pmoR
z?DsuFo<Ifn^MdOFz^-$dM3|yOPJZg*Kxd@_I;*}I_z9z#-&b|~B|&M-p1>}Z?+BN`
zWibL^$$se4YlF}QBVx^2tqvaDgBu`$_4g0Tumanq|BD|>YR>Z*WqS7akOgLH0N|mh
ze7#(%bx7zxtTZ6r5TlhOB+P^ygu5OQK8J!@Wtczn_4j+u;I=+X%T3GTm*&-Q1F*TF
zsEVXQZm0!bk01<0T%*UqYANN3Ublu(M+`fi8zI-Fp2z(TuyJ@O@Dgr|gpiF=BSG#d
zvwV}5O}BE%Cmz6fQxLP0?DvDD4Ch=N9G<vHjSa&&fURqSfYfO)&8$uYgyDWA?}iql
zaF|6tb^SRX5M9vM2JR`<Y*{;?TW(Z8b7r$KarQlK6=Hv!VrjwrhrWFpTv<UOM3Rlr
znoc9(3K8lB&_2lqJ^PFog`~wh;B$t=C=i47Ph0pC+3B$f0Z2Fr=@8vRp$H1>rOrFB
z=i1i>RDs~rLkLUyS^7%p6Q;3W00-r|I@p|GX4JvG5DHj<PJ-$~XeBMsn80@!U&X-L
z&Pin4k`Mh?9-?|6n)Yc>-JGJ0NS+t#PRMyxRRBc8LIF<2AA6U2re%O7j0sYXW8hA=
zw+BKF==*g_r`n5o_SQ?DM0&9OG!sB?%Eha?9$e2$fbHcf^(4cwvIXHdd61vLj6PUJ
zC+>$5=(`q+!*GmXBhLsZr${(vO=H{MFapl;{*6RKB9tOEQl{tici1BlG4xw3uEOqL
z?fR#>tz7w7&SzEX4{rX9>V(h$WneB0Y7eA2ry?OGhCC_l#3p#M(5C^O6Dq86O|njU
zfdT?(hW!vExU8aSRbr^!yK^9D<|T4^UEg0Q&Sm*W7tI1WIgQFhA`0!`nQqZS&zLSa
z7LiC90tNf8uvmd_`LlU=fU};0lmJo{SX0QkNY1GsyzXXA{DHhj%;EVdVkv6m{tNa4
zB?dbHae&^3B8FD?87|~97{Jt0MHmCTx7`t~1dhw_&*P#8$K}dMG8!7v0W~bv<9$J#
z8vVvt`()d8K{5KQ;`lZdVY5!cv70V1KGq9i@ZyC_{e+<-68E*hjGx;VcLhIAB+u%8
z4CF85z#km(GW>}GMpW&A@-18K`>%iJ`6f-UX_;!_wd_DxDhbX=6=D0Bs<^ZTKW^DZ
z!=Kv6Zg+_IG`$7tF*b;{<h30gkZ-|95`cR82*^AiC>JLw;DwgL;4xy4)Z=Pm?!5Po
zGbd?8Hbp7&Va&f}mw$Y^LIP=lW|9T@igl44a>ZBzcVA<@`gH<pUlO?Cpirja-mU_Y
zBLF*Qb@E}|Gak~gP(A`mOZ*rju~3L#@#IJ8DSLN*pjA@2RyDfz6bR++0L~IHt@(%W
z{4$kD<9ZMKG`aff2v+S|bXqT1e&v3`i=fh|XUtlpRGMN7eFoMG6ohCHyVMaKOAta=
zS}Z7Eb(kx|a1)Md!%lWc83{FDo!C1M^YNK<fR+f56=68$?P(wA8~XK5;03uP<u4uG
zej9!p{-Z>45XE{>%6Lx)qpr|EZ6MbdW(TrtsoTk*c>^EjAPf-BOQJ3%yV9Ul@_*f#
zYbI@9n_++|dcv)10E)!ceWQ=_WRM^Zv8%xD!6pf#8w?<_ey?NT=1*jwE#i*J{BIWh
zzoX?N4p2wlhud<7C?!J{20#fZ3PjBaW{^&Z9EXJjX*z)k0+G`<fCxy?{#=v?3V{OJ
zEzLxRc<W#utou;hG?kcnTN<FZM$4U8)5pJutKJL#Z7*-YAX?lgtqNq}BBcXQ0o#)a
zo;TPkfmbvzA1jRUTX(RR+6cPX$Dma?&00JvEatuAMu(&W$t4I_jLWVsGf=OtQte&D
zj$*(J)?L3)q%7inPsAhI-?c8~W1ybBCnN`+X-8I|4^9Jwjf|2VkYZR-cK${Rkaw`5
z3KU>kgYE3=p!Q$&v5$K4Lk5aU4JLU`bPXU=Jy;C<PSuZ%&#q9Ei*hkFl$jFHd+0^S
z*;xX_K!`*&OJZ8CN)E#J)*VO`0^rME{%}A5lK~HGd~^wX+Jl8~JVzjWq|W{+KsUjr
zVxfxu%ZqS+3V`(pAc~EB886nxX;9E1--5_;9|#>8rQY2^UYp3GGA!~`*36R3{jqb%
z_Auw&cRV5mI`bL;PG<+Ws-+0CUJ*1Gm-{V>oWg=!o_~WG<RlR)00a}E8o@9;46je)
zMikcqm;~@<5`d8F5i&ZMK^rkUIlUy@oT=!2FIfbIpf15IdgJ2;{b;BXwk^3^*|1zo
z0R8`P_0?ffZr$60G$N&-Affb73ev4em%z{^DcvAB0wzc^APrK((A}ZZAl<EW_l)$n
zIeOmnyS~4?@EUmL*?aA^SKRl#Hm#(fFL6hbJD%i`W>~%xi#h$zi{ZTiZj3<o8vwik
zKk@0VdiU&1$mi!vH|^FXo8<#)-60+00}an=L6JrrxaUv*8VzU=Yf3>e<UcbOo$a-!
z{`+#^ng7JE6r8%;G$KU&HT->)bkARA#bJx)$6_;<@1Ok!no55ib~E)=RnS@UB{?Pq
zNk`11ip>d7g1c+8)+7m>NOQ!{Gdf^u!53+yn$PAU$i7f~mQclpGJ%F~EJ*A{86JW{
z1{ARWb--$#OCSjHlwRJ}3i>}US9z6IcJ2y-v=R~lV7?P&uJ@(jxm~xeiceQ4e>0gQ
z^^IeWm~ld8nWBdwDavXV0|B0{Rg@sqk0C&kG4?XRE{@|8ZF7V{I;7CtB?Z-?{{L=P
zJWvAo^VoU*fF4jAw#R~s05JFqva`*SsrBp!SR}=&z{85?bc8)X1S`E?F<=5k1BiT=
zRP#N+@Y^jEF7HYfsaxz!<~;0-yqxO}Ucz`PU;RI?`M2w=EPEwX(Gx$^wM|1Pot>8k
z0qoB@nfIet${^?7aPz~Clm~|3!EXTyec4?~ZRr!$iXfyI=s2)}5=4t?jQ+*R#>b2t
z*Q+8A$5lXNP_H8FP7462joPB=@SV`RoPY!UXLk%Z!FRNI-UYImI;>K}Kgp<}*1b2c
zbFiquPcfvLoFMFCROS1gv%!SeU;B9w-}W90x<|Gg%c6>h^tGISiLkhW3qJ$i;ECGp
ziRO)dWZnt)W@x<D|BbnR=KzC;g|P#Pr44NH-Y69hhg1+m7SXX$y|f6xIb!cdkcvsy
zf=7}9^D6=%sy{*GGeQ|fAiKe6^vwW*@LpeCyE-z=gi6Ugl1MEsHo)rKjO{(Rw7|eG
z*klIkF#nod4lp@i@85vF-*{EJsWX%9E@0>{ma@1j1WGB%D~g+~(FH@!lqf*T1r7-)
zCNLsSSf#kUPQZUK-%_QYzkhX`f?AL;Z${V8=k(<+pFjNv<Vz*r1;O8p=Ul8NTl5uy
z@&B?EJqRkAxwA5x`?Adc<`GGdplDEU5Dmzu%Za0zTK=e{;iE}p68^XDiA}|i0Ko|;
zYV?v505O4G!4ZdmXN2u?A5FcMGO$v?agU!_aR%^&YFU%Xm;m)G7ku4frvd;08Ww|}
zSaW(?OZtVp%!cm%93u1m9g~Vma`+#C^@4N$wiLAfRY{h1->7<qp7rrwPU_M{!}}=u
zud@5giI<VBilf~f17(Xpzh4SJCc}c>basA-=|I_$0M4EM3UGw)K}%6_mv`lfb(KI8
z0cmlBWX3zFc?+m|x&z*8EU3Q5r-R#DCe-!bZ5_aC`~^V-Q(y9Wp*~$9+QMX;?SPMU
zeS=@n<D8}Wzbzuiq$Ng@v4nBgd2mD=tQ09UH9NcP{c0*pJ-l`K^}0wWwPQV3s{(&S
zdpN9Q3LF9l$W3XWzc^898L_3m0s_X|Q~^~FA?N-2E7znF+iZ;|&Dmf50(w_G9~8ls
z!8cbJW^s}h1gFo5QPd=`xe0U_KrS-%hRQ&D5p*iq0Guk;44^nQStZc-e*H4J0%-EU
zBp(nK$b3q$_P@@d_7sqiz(-*bxWu%&X;p5de-F+y=lnq0I>32EZs{*~0W7xsmNyN9
z0g@5azDxhIx7=Jz#2ndipklQZ5t!KGM1Dl)S50!IauLt%?mhAq^MhEwFLVpb)vt|W
zU1rvEU3UBB*XSP4?qLctBuQ4<K@jRYuy`c6I}c~?LIIjMA~eyXJGS8T`_b2EVo`4=
zgVL3J)+)!j19RT9+HC-D={n54Zqb}3f7O0%+RiKJ<#PZPnsjhBK^Bv>jgS0x&Y@BE
zl=d9$Q<Gz<PY0#5bDXSa`8G%S4fQiC&L|4785BH@{Fu$!hNHOb3B2|fbEj*3j8Quh
zTn7~ST8cO7R-RITke1=QUm4aF45>AE87>HTXs4bH2B{WsiXXP}AXZo`sG5!G)-LRh
z%&;=wk9oF#x&!+>qB)>=$z{whrJlpNu10e<?fM}ks6h#wyo4r`0=G5Gf~?C@a~1aQ
zhdX4X(}#U1#ki&z#kj_pr(aoUY9I0i{(3?e%vwI!jY+H3jY+2WmPg3fYH9!Dy5kqW
zE2{JRzNP=k<j_Mf!f~K)3H%|76rs_e_!{D7-E>ttY^c4>WQ*E=e#CO<1-6Dan<(lE
z02Q6X#dGfpv+cal7PTl(E+2#gU;5}>XdPnYa(=R<#<G3J-e2S>G6B$A_aywc=Ws7!
z-2U}~E@!J$3)hou_$J@_q~PA8?7!b!$>~}zjt~YI+n$87!Eue|J);EAcTkDqkWIh!
zPaft=@W1HDp!X_p=LIOj=Bs|R%*gP2MZ*~?&4%A)O7B%lMxL=>F$DqAvEvl<G_QCy
zXS&(piH{po>*)@}bQ>%a4XT}#uaJ{Ph!C?V7DYx-Kz;ax<6LUwQ+&4)9W)R!^f6Zw
zpF{UC2>QGjQL;i?`>Oz*JzS(M|L$g@r9n@oHfR573qQhGo+pnOZVO<ZRSq*moO#lF
zzERBXJn;{$rB=;)XYV6iw89R6<j7o_O(^gL$1d9U9DEvqO5jA4vwHTlgpcA|PI`b&
zjS}~REPRV{1C;KZ-lyj1l<zNyKcf6#Hw(nonl?VsjcEhLE;4%-9|F*q`Y)er*1g&)
zZ=rM@06t;<;Vm=ifBwGe;<_jl!1=$2qqfY<M$!~^mPP=n%PHj~s4?<;U5JrGfpo6S
zKd?xVwsqp3ghv2yYRCl81z{1tK)Wt36?Or=IE&62eSqb%`}N)gZ`UYDY;KmmrF9rd
zgCNn?tP#ncUm!af;imfDUeU~<pz#61HJW9GO$&`J&CuBw!idtNGNm|C8)@Rsc;1j(
zY+8NQf(&-{Czzi>b&{Gl8?2(k!KpitsL6zOPY#xiu@1pN8T2j9{q01iVz)gVHoca{
zG=)npgw^BQ5Cd62&ZakrK78Mm(`OI`sJncJLJh`-`8sqRa+DmYpugAEMMH?Mq`_OB
zrwO@#K&iuv7=(4RC?s$X0<g?xC?GwII*v0noQ8co)UirEtm=ojBQtrPoQE2hxUgHv
z-xCf`>$=Z%^WV!I7yAo<9puF}U0%o@4}|T?^=-?8V#gk?bBD_V=U=|866c4mG2J16
zPByON&n91b);1`HI*d$%)JM&3Yz*(Y4>pX+T`^;RU+1{^aM9`m)V277AR!0U^`}BE
z=1~QSmO!XwYGe?`!1z1f?|ykVHQBQOpnZYa@k6!l#BY6lf4b*|xBC^vD?MlgT5EJm
zv*F^z)@9?w-)u)gOdqm{y1IbogSssM*oDWhZ7|}!*ac9pX@B2LMg(}KNkG%BTjzuu
zc@w=h)Al)jwIe?aU}~kgCzRE0!@2qxNJ>D9fDeR=hMa;KT`6e_-K`;%`hmpx54A8R
z%2woBK680%f+TSyW&EnJ#`$Q`C#i^o_;)8ue3oaQ7NDgubo`q$?pg%A1p0AphmTPH
zta|nSF*txm8yz4;!#LD#u?R4K;rqXfac|rm*5$EKU;qRF;!~$gG(Pgd@&Jr6NyJn4
zU3e1d9tMTK+Y0J<P{IkY3lfd4r-GO!1W4L|e@H;gzp0h{d}$q>o7e5?cCX?5H)z<H
zgtZun|KR))Y9j-8kOu5G9?MO;it;&BKR@;nam3lNcqE|2%GSJxuF5-9KUG`8F-JyZ
z+2|HLc)Ll6Je&>jhJ8=}z6DdoMcHyUot;nvO<X>#q+9(yMp_`_UjCsi1@+wEJhyUG
z%kt8%LNZ)oDC@CpWW1#EqQ8@FKQ<;RIPBsDdW}p70)a20{}zNnVW1#Q;k~Sn2UpCX
zMPkRt=oN;oCUGtudn2lWQn$!tgn+kEh3OZ9Ts?$^9G8s8s%syqrdT`a$=eGCpf#|Q
zsoGT1W(Ih6(d^oeh>GTLIsGHW!r3B8Zug^B%BoD{WXKx0g^9%ky!NFBff}9}&7Q!V
z?^FNZKTAp;e+NyOrTEEB@kLb1q=fn4n~OHRiOykv`YX(`K~1T`ua>=~(n$_aR1y?4
z*0&?RKfN63CSNCh7DCa>nXAsiM=Rldm_IODyw$I|O3ZU)yVfUh5!2{589XcUbE|4D
z24K!5s$w#Yo_w(k<*~`w)!YZN6V%jiafv>&UO|gviY`?z1L;(^q(<^&6?N+zasXeg
z{nhqbbj}sRx_{x&MMK0ByBkG=`;?BbCL=BpX<QYxS}|e_Ti~m4UI+tae9deX<9plJ
zHSGP3eqfFRT`bL9gC`0Ad(P4M`*2O8;^QtGK9%4=p>FVf_tW*J6M|+=YO7;AwJeF%
zjVW0EYQ@hZTQzQr!&abxvA>jPJ`wz*t$1}z3&`Lxee~YCJp64nQSMdr>7Eepw7MB@
z4l%#cinn#=@(&vX@sz7VZFwiq!oV$cpYp#e@xrKjED~&KpV7!E!P=O=Z^iZ{V3cx>
z70$%m|DOGBYKUdA0?|~3Qr9-4;7%C(P46;-Ea36kRxry|Y+#WG3NTEHvE?$UVKk>J
zV!2J>^{-sB9en0+QH`ow=i;W0URR+UV0OOOzfeU(VIRIUp)-}>(ue4ft5^V_p+7nM
z4=^tteQB?@URaNkxRfwE1GVrD@GGHy#^3zu{PuiR{bus5i3TV`<a|Jhy7=<x)@r!`
zGEHF$1|;Z)3&-RSH=fTODuwF{ps3BVn$X@ups<oC^Bp!-YS;N{pedv!^inq_*>0|~
zF@{4|a*J|k`1f7X34A&$d8;!AjUpB7g_X}2evcNjn>^p1>!!hsR*65CnX6cBMk3>G
zC-M7rx(1Yr3v3R;0Ix2#7P+Y^(fOdn3`S4MWuzf-uuSa}_->edzlhy``)y2X6JE8x
z$;q%3=v)I0q!Cb;+TLCl(@Ql{8IA<5Ur7RJ<nGn&O}dMu*w$V6sP2@+@yc47aVwlx
z&4bwJ)4btM1tp4N-?Q-IRN44(-sSS(9L)b>iSp?5yU^XVi{+Dx_o+`*@sFudS0WD3
zAC&|?Lrp~~f_pV@ddgiEJ&g=i#^<Py=4!m(-feI!Pr>lt?e8pxesqw1|N31Ux|LC$
ztRq}POe-%P(R5#??}p*N;ETZUVY_0xFZL49?)!a74G+q1%v2S_HiRcf<Ba{~uLNkH
z1us%GXzqi<$POT^F<+lDcPmwBUVzZke7k-m{m2>j-|DXuT(Ue6GV|dFwPn|q2s#Uz
z=+8fuDG@Q+zSIL<stJv^Pfmjg4R#Z(6JvD$N0GFrq5ZjV#jxran1}LMPTyPjuIblO
zoNl-T16uV-)FYGad$?={^RtxIFX0rdg`8?x+uJHc>)Q^u6s!r|Jt^1U#r)#b3aaf_
zpWeady1C?+5|BAz&tKQ+P#WFixc$D)I!eg37u{pYa**n}-14!>AvRgW(?hq!w9GeS
zNNCn~$epUIepy1uVTgOO9Fv$hl~JGXMyZd1p?Bw{d{g5Vqg8KS7Qnh(MALY1=NLK`
z!9kFx5ZC)7$^Q6e^Og;|MD>Q#&93&fPR}`)5onyqkO-}ylT!8?MxEiBt+BK>+HNb!
zi5uJ_QPy<EeqQlqeeN&Eq-VX*5%q_I)G9ib_ovv48n=?lecfIWv(VoWvZ=*+`hID%
ztT%QYltmZ9k30&is~&cOpSn7-;x1BeY|cr=a!t|i&|EfqU3iM^)xX>mUMV@ByMlez
zoQ(Tm#$lXKDONzTlJgimH>X#8_d0ye`3B3{pGGNPe^^&j5Pw3!d%3vK$7EZ{zLe<L
z=zbGbFa!2Hcl^UO!q<v1Hj7p0g1DCwJ7s-u1#cql=#s>&-o^~FkJ}?l1P<SLh27KM
z@IU)7o8*t&)}T}jUAM4^c=yetl*_6&pXbH2$$2RnUT!VGD(|VM8^m{LGg$qO{9WVj
zuZ>#AGi`^FL`8{o*CW{Z2rN@-q3~kvk-pG4eq9Jxt=jSruW5WJ$LEv7A@0^d>Ql1Q
z@ee7&BRvbf*w-6Fry74Zs5E)EZwYjMW7<fXvlkIE(e9n<Y`@Je5E7b1BWxGwn%>-W
z;U0ORQW+KO9ayF|;4Qy>N#0rc{a8${d&gQZmBE^gJLX_omtko*HOKsSM)XqgyYrPK
z*RXe90^O|Vz7r*`J9h;Xs>Jza>+Z}S7fiKemmMz-aW7_57r{SLZSG9C&VO?EJ&%c(
z(6?1PLUaR#uovy&G>pePdG{sO@rd<%20j&y`RHa_2>;SaAk%DBpQ@W8U_q2N$?6|r
zmMVMiy)mr5^@<z07>G?Uy<{Nxg2jtd2j<Yd7UIso`cY%<tuzJy#4|DvvN4s_N%`@!
zV+Z(M@B3{F-uEoqRU2C=H7l$I)YgZQ^Y>U93n`h;pK>4OYL>ha6|S#4ToX{xD)erv
z3O?XvxY%Z5i-6ISJOyd*@Xqtw<23BCDiJf@cDDrghraFV^3n~3eB&2Fe<=@v*$L0L
z5#@D0B_46*vIA+KuC7PYX^GJxoO255t#tNQ^k9?SMVh;<JcMOS#PUT$MClhJCtGxD
zd28eM#`89tn$r}UQj^)2$rff+24Chp_1E6U1cdm#uP{3kcucR@y;rHMEb6n2SFmx+
zV?O>$D3g+Z0^OtU_=8=nR*V&B9PS$*+VZN1KB`US7~V<CJLK(ed}=v%GF9?Rmd+27
zd{qB|lfq=86(4Qg;fSV5;y3%)6pZp47T|NKZeKy2`)qHvFZF4_x+31QthPF|FV!FP
z4sA`}Pd<ErD>9mrL0JZ%&^2EFMl^R>Bev6!mZ2^@*1t$<4z?lt@DwGYN~J^|1LFM)
zCIHSNLb*h(Y(o0P{U$rSbV~&Tp62v^Pm1=EpN)A3BhgI$IGk_Ixt3GO9~xLxw0Z5q
z__DsEMq$(eLT6XAS*o}+5*NE3gK3`}bh@|`FJKiDcJitdM)vLIJ~7>^-Wp;peWHi3
z0rnY8N<vdRM&(AIywjqV3ikF*%i>Pi<z%02A(zGZ1E8e0Ag`h`j^7Cswc7D<Qw9g<
zzQ(G17va>E&dS7Kad~{->k~g!s6Bf1c-Pv?6U}Tr<*yd3afwZc<hb_vu`}Wp`@qB1
z&Vi2$xFQUiCn)Nzx!Cxzey4nmxcA9w-!22ii%&n$h#l5zR4uZ+#GH%63*TCA3Z*h>
z-x!8f68q<AzZkV0Z-tdkpR^W=-aB2qcD(mKH7R27iQ$~7cF4{v*U&4yn424{EOVw7
z=eZeVi7ye>_wDC@)m0gU8-)uQ7yA`qi@dOU;WC=9E#Kbz)X(wYvV2bDl!HqbSpt)e
z+X{iQ$GKz^0@XUdOP?)tugup;c*^&qb$MgNhEGr^k6!*)t@*fNxk{SO9Vx`zkduUL
zzF2x!*;tSedTXXF9#si2i1ISglc(I(^K_;|_~PO=GEtEkjp7cIU(k0c?QRX6GUR*P
zluqlXWruw^9S(N>F<1+|zLHtumcXek$|uHrM8Nl@OMHw)^$x_aP9n<OEid`uzB2c{
zXoYtrq=CqX#jk8zFuUWz;(iIMAFOY_9n^ehD9!(3n!d!WK1)$x^~3&(dAJHu@}OzP
z6Z@8$oeR#+Ic>G;oYb5tqKE6_7Z^mVwt|#-$D<`_UD+2Egs@F<-A>tPEu@ZtOz7sq
zn}LA#h_B+|-_NHO@~%seeyDiOjVLu^IW=0yVwxs}TABs8d(iL=*IPJB!2Mw5*I169
z1)*@LG5qVo`VX;%P)Rf^T19#?sUim=aSaYHhC8F_POW@Pc8X7DCpZ*i3*+Q9D42wd
z%FOuc;-LGHT8(|ub8>km?Nj`iJu;#Ec7uE)grr-iyQ)-&Fa#wgE*GlixMx`?>T;H<
z7u%_EZ1X_?s6S*19vN4sM*4YI#MW)sPTWnuXs64uQYzV+VC6d9q!sa3iQ2i=Si4L9
zZ$uzhBv~5-nd|qZb`W<so910NW3fbUPSXEKKzkHEkXRt<OsU@Q>UO*J^+=fKe%^T8
zER`^3TXrz@#VX^a8rnP$>zqYu#G0Zm3aOZ5*&AcZsej~JxQK4B!QFMY)sDe@YkT^g
zea^NqH3-+8EODLtq1|4Cr9?rh_lA^xf$&yxj-S*BkpNttC;7>|u!lP8HVu=2|F5&=
zoFMVayxL907PSUsch$JOF*Uw=jb0vaAnTlu`ib=r;b@VzZda^h>>_7wa`8<H&55tI
z$<rlk#6g@w?h>;XlLTx!)nUG8oh!ZiJ!j}Sf6qeGo0VbM))Y5x+&MHajw4?df~oNx
z-_6}yeL3N=?xS6~1*eSb$QM%W1T2H7;Xc&YpW#Y_dELf}`}OB$=-#8=)t2TwNk7NQ
zYKM0{W2Knawb;801*>u~f;eaDDq;fBGg;|6R+rtKs^b%Q?VcWvZkQ&<BwMh9IbyA%
zqz4&?7jFC~-4s)lu;XLxmG$1HxnGx$<iEe39y5=INNp317pdy61S=2{+I@7Jiaevu
zMER^cN|xe&6_?%Q%!S8IACnP{{HTdiiLZcN4w&m7Z=`yBYgSRX1yLWntUcQM(4H-<
zA#{>@b{fDPQT5vSV2GOqCZusWlkI-pYw_nc*+yDd7)E7d@r<=ktZN^9Q&?|6=HwzD
zU0vQMLoH8TJ-#E?NrwHsHqK)HWWZNR?Y6RE7YbiT&0?s{@<(K4TGwcq*(>V%wyC;V
zd|3XMi!8k#JgJpaL`4-i5&I(y$Et~B6Bl7duJ+EC&uBcpxi1CFM`?$XM?1EUR#_wM
zaIV#*uCMdu>^zM-I}nU&66@S(ZzBBw2TjFS3`mYwrEIbxaJxmf=hn$o{;LtaE=@*G
zckN30%D&@PuC6Fp!|s^3*YNWo=3dWJnoWKfxP3C=Wj`C$E8MtKj5<FgrFldLKAqe^
zW%*;!mCnNv(cJnZ&wk2NsQq>0f_-9Wa~R)NVBcapSHMO#YTQyzuzKfi!yS8_C_)+_
z_4w0YX7ced|B@+C`B2Z_(CB92IWo3MZr%9XmjlHMa8jm9m9a;PUqEYQbAHPEFNG$H
z+N7mRVu(FY^)*-2v$01%)2n=y<O;XisJuQ@8hk)ogah?>n;#lj+<Nn+>w0HHH}_=~
zFP~9yB&o+WM@5DEF%6a&KZ0{oJhCy%VJya6LwS9hX-B9!hzR%b&3#v6?O&hRZT&X%
zep{eXd&#RPF}ls1AKd;M1p<N@$-YHX@^jC<i&9O{wfhY$S*iSD-_B|>&W?^6xGTs<
zJA)vJU-pC0#_%t#RI7&{Vag1v?CiTM-P|0`*#*UG%y#&<Z;o$_&Ym4Rs=8pOi>1B{
z0pa}P@<^;3$j#vP8gE!xb8eXLxfMENvPeS=2j?{X3AcV<V^a8V?&&tCPPcZ?T?Rh_
z$}X0SBXJwlGr=s2;#tKF&SYcQ&o33d`cJk(Jmw16-GsZE*){x@_#L$rA=(f&_akwS
zO7p|Yf}R+EV)aw83ilw+D<k&<Mt;_U*s9{q7K3<BpO38=7TfE7cGuiVcbg%~S`;A~
zwwEsmkK??%GR^)lt6yZ?!*tIeag>M;vCcgBTvoH-)6545_0o&f9e#@q(D3=CgrQ$(
zO1Sdnt;trUb!V-oedMAi<M=7hf>0o`M-4s8ug#G-uXK>WC;RgQmE(}uNRhs7j-3Nn
z`>Y7t(b2aLbBAB3=E$toEH+?>c7;}V1+%$TgSlathm?jw$az6|WV>0)=Ovipe&2%J
z1?o590tV(IiqD1Uv4Sk#$nm`wJB=Bp^+!E328;~IO~FI{WXwAM3@()=d&X$x0Q9Pv
zhPqwPy9(aJ3;4`gDqnh-YXM1OMYDLSo#maxun9B`s!hL3NW%$tN^QT7##qN<XaJYX
zLv<l{C|0oSPR~#Xmt#YQ>3lb-SfyF3a-#7*UAz8$K#N**C#oE1-of$sWSiR1xO4b*
zRuw>D-u|nPNuPnm!-yz7#oY4tNfsThHIB;rx&_$-X;WP85TyvNO{CUjAhyV!tu|`P
z&Cy!7o=Q_!&_eswgo{E>eVJFyR<lS}#KVf~uh^}2Qj~k|{hafQJH)9#B{&`f7)DDr
zb6Klr1RVrXnzy(q&d^9c)9A99Q}J_BR4AF0nxELC0-5E0(rg?xJ;qWI-59VmVRmX7
z&3Ot{iT5ybB2;y(D^riE%JTRo?4@RLkT@l}EL2o8Cjr-s!o0j_|AMV5IE1efUpwx_
z%;#EG;^Q^ZP(bFzrlS@FIe!xWK?<&{%%i{JXk2k}2%m3kEMG%!GMdbHRt=+8^xb0C
zVy%|tZ_bSQHeLB?vHr|=ZbRfpKq?1i4_WOSu}wV+N8YI5p47ZgK>;-CetmMW(+8DB
z&%)|*N?z|NElY(a+}!h&$=b@yCD)eOI6W`WA||mOL?rMg42`N<3psCQF>3c^kGAu_
zMTWX1@}D1y;iyAIV*9G>htzV0%hGIOaiAxsR6$JR!?1<+n{G0CW48Tkp9oF!6^;*P
zvWEtGq71x(lON64-9X-R0h+h>y<R;E!s0+c^cHD5V|h!{y0nQzva2GSLfqH$N)}Z5
zVn|egDA0q6M^QB2CzS9#(%*&#?;6U%fwI{4gtayrS7j*akH>BF*e4IrA^aVP6ap}!
z`v?U%>|%PLci6{6l|_H^_r!LN@8-BMrFphy^Fl_>Y0eKq_oNN|IW7*H;mpMP0!o*x
zB@sJBU-HypibmylLk?z~s+(4*$N`kd7or@_DOVQaQ8d^$kXKl5AiUc82^^Do4q{-C
zYVJh&uXpMKXci_}`4jo*v%riXrn@PBp>P48NID|Yx*(?7a|TFbrH$c@)go;;B+EQ_
zwyC|aOMd6a4|@nFHTLe}xX{J^Q?XqeH4A|tn#bk_tO<-oSxeVuw{y+V8s3JEcM@Zn
zIB}0X=AwCo6&Rf$ymeBA$w`eGL7CTa!@A@fw8NEOSZcIPxZMn3SXUQWvpp(*PP8@2
zAA8Do_$coC`*4w^3F!CA<VEeuKlTSlpG@xu&(^WG^F0ep5j@iUk<6z)JK-}f5y;GU
z5Tnw6+NBti`j%jpb7O2BFH~OmXzoKx!U=aq5ajgRX-~FLul(<rK%}=j`$xa8<!i!&
zwQnXVzvCl$fGJ)6@qR=rt}T_(z>ZWuO};Dz^@Hqn-{12TR{k)Ny%&l$sk#nC$jJ(8
zMq=U($e>gZ5*kmbIT2bfVBgQ?Ub&^jLzEwscWI@uaZlppOAN<Q3+%e{oNfGhbQ+}0
zr<r=nIGtfCWc^&DbcrKs8)wRGp!LvS8)$v(#=-S~)!;t1)f>8NZ>xcxI4^8G+ou-W
zK9Ok?6H-%HJty6IK%_rNrYR;`o@d}TfPE2?X4kNo+8%kfRpO#U(s2W$4)6Q+mZ()B
z4)pxabGRN|eT^TS_gVc6cNayS$<ot?YrMNpiiW%JuB-_C83#(_Har>zl&EfLW*xb<
zTPBq-?WSn)bIzl-L|Q#1*o|qTF3V4yC!akB3cXpI6Rwgw1!q~l>8UyVehtaQ@l7Tb
zFgRer=xwaCZ>Gl{Wqz4uc(_|OhfdgGk%FrR{;M=iLKJX=5NQ{-LgYPI<22xX!TrU<
zbT0cC&*NF6UwXrG!sh)PB|^JmWm1pTe&@9jEA#mwHgRTzLL_r1p|#L!;}W;Pe52DO
z4*kYQowaP|41n~h%;aA9PPLH@S232AKK#Z``Xwz>QDY^8{J_=}U#!SZHCsL@)WeaL
zy3-tYpOB&;5)^B{8)w5SUj2+-qkZmf6w9&yvs1gTI=2A!6ecmgzv+7=L7G2TJOUiq
zl_{}s3(Q^`A|i0E2<G{88ibEFX&;=sztNblKLfsMCi;>;KArN$VqK1Rf@i4Osi~k8
zRK{_NDq;{MT_$YPeWX(=i2co@#a{kN=S}kKj7=);iGwab-%@sTE^v1%SH;E^HC==s
zR1TkvS4ctiiI9hHO58r@N{#fyBqXKx;Zi@hpe{~)C2=|JyEX;;ly6wI^vQm*Gy3vu
zWr~rKFKI7Z=~ZAFguGv@T7K%%J|SnbW{^&ELe3+x7g?`TwWbdsvL2$3tx$3+=Exb<
zL)hi%KvlxQ!8zI}YH%sx9mwFe*{f~G#N!3M(wp-CSkfM4+jT5c4oNjQ%10BLYoH#K
zE2WNjX?XlAq$oM1^xFAJeN9&MYzA9_B4WXS{kx2Pqvs;_p7K##>`w7d|83B80+UMU
zIEQk$l{H?DR45Xzqy%_yL+WH*=S}B~?G?V3ham{63Q>M$^RI8JFJ5>DBr5NJPJ`g%
zUj7yP3%EhiQJmJbel$4R>V176xi_@ev35^yWijuEJWO(@J<7KvsB(mzMT7+^G5T{i
zm-9VJVq-eGBU@3f`-vKyB5Qaj&OB=z!&WPqAp2=fx;5l6a6;VTO>&m2!`O;(_D)^p
zxisyesVt4Bg4hnMV35`_pM+{qu}MZZ54a|U9emv1ita6LG76mD%&!Yw_qIaIuxS*=
z-xEVM9;n+GC#VZc(djrm5UnJ)*%(zalZJa(+T4GKT^DEIQZg&)g=pG{PA#s}LGvYM
zmsJ~8(5|OgUtk_eA^aXCr9m>P?A?{t(Da(cx3*V4*t2MQp}bwJ61!~1!rWbq1N5Q>
z=eP)am{spFS4|sz4R(qJ_E8`O^`U_a+r6ZWL{VuLq^#MhXu`5@X->#&iBs~^02ori
z;{4alb_)Kkqby2F#fFpQWV1+w7SE?|0JqTmtALbHw8A&)7Q`)Xu><<}7mqJHYGY_L
zzLeW(vO!G>Zg?(HZ0y4ZMPV3|%KN{g)||lWnmG}gD*SHZ1)9g_7EG6-VT+F8O%G}5
zNz5?nnk;@$StRGC`%$j9RujZm);MiHw-}nShuObXN~!NC*@xDecLwr!o71uBWU53F
zlK2(jp59#-9Gi9g+Veryr(@<gPbe=3++NkGBH9Lfj$T${GBs6_$}826hUM~dh0hNz
zJX2%q+!C4{55FZYDppHDtKBQ^-b<MkoT}+xZ>NJPG<vPfVL_#IUy=RIo_XZxp9Vpw
zy&YV;rZizsaXn)}nN|h44#ZnH`M-3jpbCtepg6=tV$ft7X|B%#dI~WP9H(eHBCYAW
zp!t?8MRxdc_~yKQ7SM^-oE@)Jhd{m5!tVJ=yc7yhJ-NAW?{7O-t{qS`)sRa|H=$2(
zD}Sr0YAB$gPjKkk_LL{%Zh`4gyHetQ@qt02N6=YOmdD^&_Lp+Dd)a+D>&ETqG~FS+
z!MygTR-X{wep4EQszt-FwIu;RN9BFq<6#)eG<ouNrfYk4ubT$!%o);ox<z+YIY@M<
zRnZe2Z@<*DS!PR4LsLf369=!}dS<JwuXa?faxNfKnS3$}=k!@>W#X~z)sQbVDi3})
ziOUdw;y8k|GM|3qWp!tqa=OaMm=nk_J2`Od_&nVw_dwNSmkS*l*#$JQH=@Dr*cjhn
zL3FL!>wB@C)4n+oBSM3VkQ^!MBlfv06mfD?HK$(R{sz04n!j<r$v6#8ZUZYBGo;pB
z`=E7N$F&7!*hL?Mxp3}wm#=wSbtb?Zf~Gm<^XXzj_Vtn6OiHaALS}A-1snRCJHxE!
zB9Gn1v5r?4`g~Pomsq5rnmTNc<D0u~M`xz>Iz%ia^aBqcZqq(O?v{zp)v%(i8lOuV
zGcsaU)<29DIBN82wCF)J_I_xUrAu7*>AD=smga<(Mm)Bk?Y>Of`TE2AM!9?UlbR;!
zAQ0)>WxsjQx}N&Tw0YF0_?cm@e$|(Y8QV4Xw&S~-2ZGa0KJo;Mba*Xl&2*Y;kAT>C
zhFSGe&zz=S5E4kgb!Fl|O*;Jq21}wo^&xWHsqE@H9yv)rM~qH5J2)hN&Dy&@)Au=h
zruUg>gLS3GZ2d7zIcw$gCiS{_cV&Z<geUVSYR0B>luuNyQo%jK0)ma!I#hB;)!BY`
z5s+X#<ITn`A299{7aObD@iaNL7w*&&W-?Jg!-0?FUR^mVy`5;@)??8KIfiMm8Y^v@
zKB#jX2dw+EzJq^ph$J1X0XK+{T%eY>UuZON`Fml={g#T)+Ta$cZq>!{tqr{j1?!br
ztx(!kX72i3?|w9p6(5RMcLEg&#hu1*TtC%fFj*}yH|f{_K|T_&Q%O?l**7|wLu?yy
z5c_*O+RT{M4)X5u3@zg2)^f}0_MB9s@=q(=N$#fovC}QW0OchU7F-ce8m>NjuOChL
zBCF@yb(d?yVd1CUmDJwEgVABIv%UA@Bkn(^GrGPZmQPY?$}fTLSg(iOWw~1CwuLF~
zQRmKcK7*a_F6+aoy<e*eOf=?14|>=y9&&<uht%Y^W3!}_iXFig39+{`8hIJByQ2=K
z`gtn2E0)cTZP}J7gZSQaCm;8RWS|MTO2cXEj{=bZ#qw-)^;Tk;Wx?)_Yt@WLP*42v
z=df`f6`8O>YqIOHCM=tqikl$cTb%KGZ_(V$k~GJrzclUIH$WcEl<6}@p+awmCMsbX
zZoK2529KPotj#*~Az4R1{@>MZ(yP6$T<~K;=5^Q|A?Ri%@H2rf`LiKQrQKZ4%jl|T
zvPLE&ko8}5bBRWJ@IFQ)EL}P7cT~@prgrVl8-A}mqf~g>fZ;vg>2a!589g0@;}LNM
zDWpn%(9h+xXL#2Rrj1-b=iPGrI%q+?RMMVve7XF)t9LaO3woDR!RsrQmbIFD>g*7&
z)%Iyn!zQdZYyhYmb6quOT&F8Fa>mM*l3aU7Nkh<GW(?k4Wqpm_Z4L9ASQcYkKeB?u
zEX&tob{fz(S3b9AXP4^U;x9~PTRI91M$eu$v-O1?+h}sL^BdaW(^%-`ILKZO&wGSJ
z>aN+3ZC~eE?$j;S-dV5)dAAKpl5=ggAj>tpX~x?zwwY;s#km^hgW0|C2(#o?vES^I
zUlUkR`EmQq6V56FZje?n+v^DoFU&9TcuX5ymN?BP`jwd~C6vl><LGVE=~|>-M<oL&
z6{dQXKg%V=BS~Lp=VP5}_;rqZ<vR(L1|Abx!ux(7X0Ho{xWXWFdkH%tb~fOGNEOj7
zGfGb%zXxO!LO%5u&vAK_wuZ56)fM{PH1=w>P|uX}w<6G9d3N43V0KX}`Lg?9Drq4$
z<iab`Zt~1D%1866f!V3=EwT26>I|TowWByU;HE38cCpm@-wJHw2cIQ1k)o2P8{@`3
z{Y4rJ3R71ER)<3@(aZWifbL*;0pRZcplEsYuCAiIBtx&6G=GcZqp`WgZ6D+@F}((|
zdgk<-!wnnlt#SD*@*UXfr!Sp(xKFZ<)|Kio*7Uu3z3a%jJb4~wm13r{AP9!#j-A1o
z>>MlgDlBMnS?XF=GIXk;MSwO#nSRp`<Lb$|vBn_Z#GNS>56aQJmd48q+|HCOh}DTm
zVpyN2`nM_~k=2UlY935GKfkvpCr(T@$h?yfo)8jrm_Y{UkSyw7rCluS1@<1M7Aw6C
z-cJr52yJYZCCzUh33zl93Llx2kP-Q{3Q259cMCQ=-#Hdu>N&m?RCV;IQ^dJR%T7T*
zPR4;KU9s2KYRV=aj&VI|=_8gnV~sO7fz@6(+<p98o~5M>eH=U7qaiG{qc8E?pJIgD
z%vKA`)`6X%tm+(7w`42(CgR2%8!w8KQflS2)?el=Di(taiZ+oa7dBVf+xhDB!P!u_
zM0eI@qt5Irvv8FnA%RXrK8U$NTp;5x)ujO9so@>#>QsixWVNM<4K^X;%=?`{Bqr$;
zZ~R=RG|96t$!~OGe;AoVv$Dv*;pcbnPQU(fV`~8eQrJd~uO$#!3F0buRW*wX596K!
zpnq+`AZka|>_F8sn~r9z*HRt#-CG(n-5AG@E6}eJY0~bL-90&ZkO2eq<Z{*}Y;v8W
z7#t`%n^tq8mg0eX|3DNR0*^@&DjZ#iO<i2i<Bp4_^L-G$@r*Q)zsaqQdDF3bGoIm4
z+Jg3Yj#y%KZ|*WP#K`UNr);Y5j{P(uVLT?lXI5zSEM+1_!$aL;`wS{<xWel7>USn1
z2-g_Znx1QyMCy4we|J7pW}Q7Z(vJ+EEjs*8d<hXKe!%8O`~JX_yI7Q#fkY9b2p5{C
zts-Qm8GWvNaTZdPl<SM$D8S^nBX5toRX4v_BJ15DhMwl~_&IXy{V2ola`Ny{kw;!O
z7)K?3MWnaFj61RI_r3GYveOUi+5);c=$o{;lzCXRMaPZbvq7cbpL}~I3|k>QbahGT
z#o5G)ao6!mDtFGIsZw3R*E4L}Gs++1=q;v@w$7{*LmsEQMP*#m{-?^Nx>MF@lbZ%7
zXnVl&kB#PTItf2JNTn2JxTtDs?7ob3+OQca3m*=lC>-tISO^!7PCY!B*e0@BvBf!b
z<W60+r@r%iX=MrHFX7BQP4XQsw8nKMLZGTBW<a$k>d}d@9!28Kw5DErScuB)m$>$@
zq?4z;gO@ZyE>GIlKaQwnl&VAKLI6#R;_i99p?l)dI(zc9wkPqx{(^i()-I05F6H+v
z=#RZoj)|82ObJ6v*RF|H$xBOVsyO(bti=J|Z%_kwK_BRLj2z_^H3~62RLH$?ifMjd
zSMV#Mh=aPqec&18D(YgvCpeW2@7BoNDc?!f$QA=q9pV2@JXy4*n4J<fP&_9<^>8qB
zBJS5guSDPR13JNV#=-q>y4;gfH;;U%I#=Wn`|7snChmsu8sSmQJZXJ9a|E_a$qgjW
zWWUVfa!(}m633T)&iBARid5%rLxIT>sV26@&zesZI!D9iHQK7v%Uv2A`CsgBY4j#}
zV+^*ZZalMuh2A8BzCQOWWjZcTL`{1M3*WaY%vag9&_<og%uU(ma`Gd8g>X0Cv`sd#
zkU4c!Ew<mkhiOf!^U(2A7y^<#Bwyr|O{Ll`T+dSenx^jj%l+UVo1}Jo*ie3GGN*^A
zQ@X!4;f=Du0?KVykQt8SvDZa#jISW<r?>)pBF}AVR%WMKvu(Eqw!Sh#_e0C6j?f?2
zeFnr~TffoKs!ekHvx}E_IfbYORQ*AzAZ0c)_j}m?v_%I<I(E|_V({`H9%^?pmXq+*
z-~I93LWBE2dIqj|>HRejc^IdF|B=}Qqr%WoUd`QG8mf?CPgbyFt$K#%Hkf8pj19HV
z?!LVN5CW}+ni_!+N_QDdZHo~FBIN#iI!&gB_<&Il#pH)p|2TYTTZsd`-d2rt_^21Z
zC<PU*8p>9x^3k2J;|)+O?uYEU|2O?}k8vKzV=(;0L-MHe)|cWTza8wa*KIZ4_Q0-I
z8t34X5x+mB;<p1OxEzK73fv5~!PKsbH+K$z?UQL{Wq?V5g8}VGYl>n*iT#y2Xkks|
ztAw$ip<t%B2tXx_>z-D|$VtJAlu^8zFDsOD3ehvE5GR`d^L%<hwjpk~W#tZ}Aj)ob
zXRecJCcje^Kbl+9e)UFjnZRu{%_agHT9DIudt=4i!Qz+O1{TzL(%D(dK2ZS;V0`fD
zF;dM|-LdC};dr1n887?=DZzj=9o+Z``2N3+E_~iVizBt(Xa%T?{>94%yaFuN;P*zs
zWx|tU`J0wg?~iEBN*cLUlAe3j*0zSsu&`?@nM%XAu>mT6_*Bl1^W&><2GyNK{Qloy
ztVU-V1`T-afjBJaTC>^6W5Rr0KInGih9wbFA=8Uy7BJjO$aTu+@!5>G{o{pfYYypt
zOK<XT{^Xo!*x5Al^0*Y?=6IuJv}!T=XXvA(DIhR1d0Y+(V;Qi|6C>L|Z$8||XI)~<
zgY5P}y(EAlnVZ0fka}w$kVKyl!RGJ5*Ov};|8`p^PiiFDbC$!akehTHSq}({rdR8E
z-JJg?B_4&|1YX|OlxG*>5%2j9=q~(iM$Iz=l7_$$j=NOzQ%t5{%7~m;)m!%w`)Wl)
z!>`C!Cu?eMtj-xNrsuk}w$<!u`DqUW9faF65xa1mI*?|FI1HvCfq)?#=K;wTy?Srl
z_TzJ_CwVQavU-1pGrgt+G_Csn?s8HLN&+z9R%(QY5Xld|Jd4Ft?vA03BJ$1aDj>8l
zkcOm_f_kGcf%UJJIOt(>AZiy-iHno<SWs)AU5MABZZhyB`J`y`oabrI1$FZ<tR&M)
z9|QA^7RDXXf2C-~@B#a?P!U0bIZMK-`z0-3hd&^#i+V<xeL*u#KaOG$=s!o|x=W8R
z%V<6u48?**B1%-MF+nLLdddNmc)Rr>(@-xk8@ff(WbYeGmchgq9<ybhy8u>k$1YNt
zo<y(tN#3`&2a1v3j?WzLoukWND-o}<{QP%4ThxH4#=CJl0t_q_F#1+kEtY#E%_b=f
zLDl*JIm9FSq*)Aerq)JnWDLx}qtg80s@nPs!3=D8Sl8JA%7Unc1|g~OkiV*_bG<RI
z48duIS#k)kfGmyN8uQPd;e$<uUrUxFC;1>7pw2{St;S~*gaqi=P>c1ZSDVu7NxPUc
zb(JyxepA8a!)Z1L^=}*<A5+Px-6n!|DRCA1|8T2WirrW`p;lypeFSdlH6dVDkGRo*
z!7rpxu2oWGMAYlIS`CLy&2J;M0;v9XP+o$yefDSOc&6l<`djk}G9qLf2tg9kAdD2;
z4<h6-0p$fCZNYi?uBry76&qE~Yd)!<(wtFJgKKfmzL(6$j^*%H?}}xE3|YNY<NKU@
zX}Z;i`bNpR4;J!`*3YRDoWF)C%?wO8p4#^QYe`{jps|?`__UEMd<d$iYH$@5Em?X9
zc$fsMpHCI3^&{QFSKj`bm65A&$uya~iR&`_s7HGvK=naue^#@N=Jpo~Jo*S}6EIvG
zD9jF|+2rCt&7$kuBuJd<uBF4Ld_J7~;Y~%{0Ve!$AiNwipqiXjqqdmC&`xRu2fXE@
zBjf2K`rD{LNmU}`35jM_ULHPju(iF*`qp@{3fMF7Q%CC*$%h)ygYM~^Fp0r>@>XlA
zawiJ3jb*I6Z-I&P|D3pwTwwQB#gtA-oN`|qLT!vEm+*;@DS&KlE%2N(obYgSFXC`*
zL@)E0vF2AiHtpDl{9|CHH6>cFFex-=UOlC)`MF&Bv!J66%s6GnRHO`t^JIl|JO;b>
zffV}akrl%LW$~%*1eu*TV4bg?mSO)1>&cXXVGel5py)|hFmr;CN5EdJq@hWN)FX$n
zlH5c{Z+*29r68mg0Jg9B1tR5!byy4nLN~1BX6wBcWdN0G?Ue-PBhp=5=n&Y2Z^N)h
zQdSI)Zqt_svk6fDQAMG@59oJfrTRc4W1EsyyAr`+gb;|P&5#<2#)59|JhEARhEexq
zRA>)utuq?TSW#*Zet~CaAfd5u1Ph&hrC9TD^j876E!Z&<w<oh3QuzHo;y{Iu_y{ra
zIY>ClOG&k+-1VBDn^`hDbz6gp!2huIGiAY>iFxOP75+yW4*XHP7Ns=LBCWx^_bMBM
zZeI-croVl*7l`DSR)fnmtj$*14W_NvZWKl)IsihnBlmM&?yE*tE*K^Z=6~!L&ev3u
z>v<J+TLZ<St4I9r&(cTG2JA0w$2}uVA-UV2V)H2(c%ikg=7v~b7)^#QCJw=^7<nDM
zm_vJlHRX8ui&z6sdle#NSB@XkESL)Xh+L=AJPB}lb+T24(rj44&4knU4iH9PE+Mzm
zc>cUkHJJ6@<!<=oEy*sB+S~_D0_Zi$I1Y8ax(ybec=ZF46S)0MI<QgC&61t4`EAwU
zEUGFs$NXTEw!kKpTwQ2yd8R(FV1S|xWiR(Lf|UbppToH!Odhec)Hk?)p7ZKzLb}F`
zvKgsUI2fzjYX0-=(Sr;(=@CI0&6*r51U_aC_6c}e3jde&0DQpz7e2=fAG|8BTS8_(
z-wgOcZKb$9J+Tx!1<A~~rFAt%8=pg;$4FN5b`;wXMR!E{LPo{iu4nXI*mwoMN~aKy
z|E%WSs}t}u^A@=7tVyqwR5(88NR2GmX0`qPsB|7j@pv{!@)P#S;b<DN4hO3I7~u_+
z$;kZwnj{ABkupKZDNq}(SUAUPd17)rxTlU}l!9{PPssQZlIXR1UOxBvWAuXz;8DO0
zf$#PK8=}QpC^hmj5cvUHmlTX{JzSdse+U;CbCJ}@uT{r~7**iYuanomF^hqE*kTu4
z*`cA~3!$wn9FREaG?hn4q2KR3Z>0^8w84CKkwQ@%r$TzC`k|Of8cz5h{=6Iq2y<H2
zRrP`-r|~oa;A^=Lc>l~WL_+fiWc8XLWSuRb5wuH-(~u=NQ2nc;=KJ4!b%Fi~4Hoq0
z<eop4Dd76wCbX!GM1cG4<0R1K`X@aP$OH~bUhFp|xS-_H)LY5GDF*RiC=N9G^9i@i
zwjEA@6Brr??$SgYXed~^05Cm8WX=a4=}UI@DZ9C_YOK?1#UgTQJO9>?A8PzyUN~#9
z?-~}kR@1H$*mpM*NnWt!19i&ue*iB)lvG6OuNGf`;B8=6Ltz<{crA63OA1Wpv-gOQ
zw7`xZ0HP_H<w#X2U<i0=B4jM1B}2wEBoN7ZU8A0%*!DdRR2L69PDA39*Bop?o@ov|
zUN%s$dng6hKmF+48uxmpuPfGM=sKBRtG2Pa{-4cLdYu-04hn@l&(ai@qIf(}3n0w}
z@gENZk|&FDoE0-2`vhg3$AHueehkWH&jOMCdS8tJmu34~*<JQxpLTB{^t9_D0Kiz;
zeT@OHboT++-}|3#1xf~kMP(b@{d=K011q^LVEF7ADcC=N<N~y2d2kJk)Ri+o$2zfA
z8%a)s7|zJ6!MVh>R5F@Vk~fw%U3()%z%|F(23&pt0PrPbG9ceQ`U0u^ZTG|VYVm-R
z^6m}7`4jY$a9@Q+gBru+0a)Y+y{wp?cs}(vX^^kpvCE86l1;!S+<|owwRPR*=2Xti
zZq4V!f<DSX9lk>W1f5l?d+fBc=WSJy{#RJjklo?^kLq7uVZ=YSNXLPa&*&+yzm@!k
zk40Eur`NpY&CUKK@6Cn-)j#SpBrD*-&a(lUbOHZ(kMP1Ms_2}DN5=IYj7KUjfwdlb
z0uhN5BDVYP0iKT$;6mSKL@3aNc+yAUV_ty4tvJxD9&<Y3I3wnhm#r#)AhoaSu*t*`
z-p8q`-JKlm(=&v_H!+9_VhW8UWqP+b_B$YV#r)FkP8WQLA^ql9)13VXRmI$~tP;6%
zmaI1XY=w`RRs6(0O8#|d%NnOHs?L4XSGiyl8Z7nOf)5>&&Oi?CVjJR++ZZQ6|5|br
zdsK8#Ut!iO4~TDz@R%-^k88i?1R@w@0Y+l_@*oh45*0YvvBtP-4S(|%_D8{mgg4*~
z5z^%{K|A3hN27;+0*pI<!{X#O)1CP%xL!q#sjTW<70-^$wSaNF!+hq!^gwb=`E=Tn
z3ClqHEb|HM{Xr<2Nhj}R*c6ud3EJI7fgQe)h@RHsTL;8_$nJEjP?lXRVTt6m06{Qo
zHZR$3C>KNbFAJT%5)+?V^RC$*9i&Ywx&TBl3D^W<waT@9MeN)+6B$G-3seuh>j9<M
zl*I|Q!>nGcL8CiaS>by)vOI1t__gx!VOSXc=!1j>{s6NX;jSH6N>pN-va|jOf*2DI
z(Hw|`XQ5`Qx?AK4uf`*M#R3`@5EFFKgG?9e6}5k+p$EL7lv_=M{PYP2ad|uDmDXMS
zkZecuS2K%~Pg%~>WXLedUj&CcV=A@o*7u>vs#t-!>FDY!k-3(d=2@}CMfBWdMBUE7
z^9T+g9U&YLKST!ysx1n$iCrC_8JoPZF8lWH>t5CJI{?)i*|UvN8U9)pd$YUN&zkPx
zs{ECByzK3l{FvJmclwJO+_nY{keaqkj_ZDWI>4nSV_qRvn=U|*UzbxW!Y)@pvRe(*
zffzDnDtKJZL$km*;u`L}c2C@d|3sWfq`_^EN1zH;^$;5jBxUE#2Ko`k37qsKHO;Rt
zz(I20g6CC6Rn0OZf(@ehNIw)dH+u3RPM!rJfgAk7uDpgP&HPX?2)PczsWhn(ppO;F
zR{Eb*9bkcju-j#4kRQw7YH+O(@NtnB*Ha_FV5Yk2Y)vAJ9fG8rNLmm=816jjcfm5?
zD!!b_SqdVShzy3)xp^t)(qhiu`pmcR2&91B?gBAUJB_EQ0;Dhb{st^p7J45fMNj5;
zfs~=N>XoPpj~^0b>7dFE2##Xb3NrLA0RbR)4GBXaHJ9#t`QS=H7o+k&O1fdAc1F_H
zuLmMmAsWJ%k%T=d$DcLxkWx@1B4i`WpI82O@*EZ!6fD+rpIDFk^DY6CeBIsUx!<$q
zUO(coMG?e}#jf9<R}KI(XyxKmeq@@$aV^@z8fK-_M(|n!nn7={<CH~WR4twq>fCRr
zIS_=|n6^Gy&$I+M-MeYml>eoh0%uKM4uam7bVlHsWyK#Z%#s?p1%hN-HNN+05QUyw
zA(FLNXHsw#mP#|wE~|a0dpCfU;NCR)Q_`!{G)QpEtx)g*FgJz`nimr#Iu;jmc^(ct
z?&thZe`974yhi{(hCfm8m;eJ!IGk%Jm965hbAqDdEL#y>x**VaiY3ZAPl$wQI<Ntf
z{lV4OqZh}zx$UE+lJr{*0`+4RhbVE9?tX4wOG5&^Qwi_<qsRYOP;?kXuId86Xh86Z
zjbW@dk~8-*o;NNHLeO&Sqhu{M4$&%WvIrlX01k!>JyU}_s1ZogD`0}|Jv*S~s6jx;
zC;!=$R4%nSX##AU3tOk3A^!1CT;N}=OTjJs$0@y*d;o^qF_{((GGqOcOmj#M=CK%j
zxHjYn%CGDTX>FRM7(4hks1Q=n_H6Y=Q^JV~pC<IRmya-=A2_WxyYA1HL|-A71#=&b
zNH^<ax>`wa0rjw$=`o5pI{&lIe}t_6J_)Q`CQ!?Q5XseJgDcdinNss;TSQ^GmjTiB
z>V<+d{W;i9WD?Gm0L>t=0zRI!{QPbJr_15^sX9PZDSQLFc5;;#@=<A?12s-@rP2R3
zTuu(0_BWeaRBvCOVgsQS#%PwC@L50FxS9j)nx=2VB;Yc*F-i(ec9VwI5d5$}r(CDK
zmDY*Z^1eATNPls6fLy&oZ{s)OVTE+F8Ro(Ar>HKtf?T0!>tar-KT2oAn(Kcnb`3KZ
z9LFq&77<`(1eiw~&?tHGcM2e1Sq8^m>hl9qxu)iMspL$J_qdt)I8e~b`1f@>zOH~_
za0}`c!aybI0~<wv8^~X?Lc-zyX&s4zRC*~uCHo^@_473UhAxl*M5Z*zcAa78&FDN^
zfAe|;`%DUYY+1UJ9F&5-b`7J7;2xk)+!F?3V51l5MtD7`A_@>F$9*B!Ic^|YMM(ee
zPG4DW1c+cDckwQP9_={Z)u1)zFmOOa`SqoMF5rD&CK;d<36dib;DPP~5A=vc(EC;1
zJ>lOengw4!An!Pp;bVORsyLqIIM7xQ@5Y+_&E>8fZxIl1^~%bzX2Iklf2r0Ki~|h<
zqqy45zkcK6%A*+p`hnyiTUbiy64{}}1SVhraRS-hb=+|I3MzX8y{E{xpz5;RH<X5a
z;@s)1{QL@U*$^tV@!#T*;DLDQHrCr5u<|FEMAVv*_zOU$j{64%kPbEJnC~4d@grw5
ztjw+de|)_OG}P_;2b_tBge*nb_p!B*5@i{L#4uyuDk{4y*|HZRWErBehB2~l$yzEJ
zM3y9LF@!8xv%lB${GO-&?>X<=sdMTy=KH<x``WM1eSK;`QCu}Xp?F>*nxkuZ0GEK9
zmif=t7AuAT86t)R2GcN@(86N;Pbf={XL(}D31hXV?NNjz+s&SI!UJyEi!axX@d8bl
z$1UwV4#Y6)0u?r!c%H|1jcZksQbN6vgqXM0t#ICD0xa9h+8hi6g)^=ABUuRLuf{1D
zGLairwf7bC|6T_<mPUjn!Sj3&Q5;aPFbE-VK|%u_f;^TL9EUC^x>rdZgCifud3Z@d
zV`i8kOvb_0<~L-?z_RJcenSMt?HtL|t$$?QYK-#Vj7mo;s~P;62zt>9^n!BEEG0DX
zF%^d_L1--Xn8=WiJTj84$juF#cN8XA9+5+Z5N>NfvrZN&bsk~rkn41z9F!cT#L6k$
zh%%WSw7^b>!K8Jz_5fvKQiEj(;Wa4WoW@>`sQ-*%pdwH*6LjTjA*Mw$!~VcE7Gz`+
z6ldsDf|)LcHFolvOXKat1-0yTv%4cocme~@QC&Xfs{xk~d6aPHYQju-c_P_v>SE{o
z-=}01Z|$5@Vy&V4OXuFhvBX6#IKxz=`-<^E0R<SaXZCCA0F>a4cPwS1WTert0ubJ;
z3?7MoS@L5fK)M#^EelD>rO`LO9GF>1Ku$w)8~P!Xkw#_IT^D;XgmB@tQGC^ZY*7$Z
z(36MYEuShtHF}VZkye$u^?N;_QS)GARaT_BLnaN5A~nK?Zqt&(-W^}5);R_0XF`xQ
z)P(zZn^}E?0^ObdOjnOp<;7-hm|r)-dGq{#%TQ#5UE&duhpA&94|}C+(0jXH3YhBh
zcp+|F$-8mXnhtDzWn*y$D5B#vQH#>pV`sd?f2<f&KwQS}viPgD)UD4y51Z@faJt0+
zWJf&cEe8hIojy%)pd$6;>0c>mef*b{Ed;};qr*PQFq}|1D2D^1kfDUV0l5$m02GJe
z4<Y0-?QR;<6F4*=EI4=wQ=-K)Y7!LRYzgHkZY7+(Z+L{axfPT<Y=Bj!{%EKFKS>a%
zdJrS{K3*5E{V<PAxN|uuW%12-|E|2&rc#IXci$bu<Dd|9H7HC5ZwG_G?uWuO8DFNP
zrU+P_c@V?pT0ZCbL9vP%_wcz;5l$F9f5@ox=JNyzeN<taiQ>-IQb#z^O7OpjQBWQ-
z2CEh8n^eg=dNm06Du|EJz`ZcXM+gm+mj@GaI%?b>R=|WQQ75keo`7_o_cFADDFUvJ
z!srt^bmG0~gab;r+%*c0zv4C%_}X%YBJ%J$$`qM`Y$dGa)MxKU;+7?%nx+{>l#CZ+
z0x#f^!-@wv&!?tl8j(lsi!6NIEFzjZH)MfJ6mhzj2}{)r%8qQ-Nbb5vipZajET{SO
zNB<OgGRXGirLXNV#2o9*;pd4D{DEDsP65@<$Vi?JR1U!D2sV43uoy;62@HEO2#UE}
zFXUWXtv=lY!`<w;(NfOfZoF%DZ595=(KPIT-qD{2K^uY<Bd=H3^o;pE18`pHx4d@r
zXM`#&$%ibiu~%0}EwRi~645L0o|=fux+|gkuq$8)QI|?+o@rT4!Qhma*1VHk*ePWA
zUv7x;qAuBR%o?TK3ml*_k?u>kgHGwd=KT$CQ>$N1AfO&9qOJ}5u<9Tib+Vm4vUGR0
zUY+jW*>K8(A#oE<nND16P+6)?5J&445)B%gXr<w(|BcUs5@1*KD!;PA0x}g_Cp^Y~
z#@1!~HS;d^5OcF$2u45_bdkJ(ubVUPVSa<U$$=RNuM?<tU?3i(zoJCbOc-_=j<TxW
zhZWRhf%%tK0{LZskI&sN1*!Fd`K7%~F1d=WY#{xgOuu*>;S)0i#;&p?Jg$$5%lk!5
zx$Tf5?coA3^_Zv2a@4cxjTMNrJ1@*F2I}>J8@{?S2LGsvDp874>TM+J!~8O4jJK~&
z`pO@lDoXa?0!>RG+t?s#(@(fqejg}*8$sDJ^Q8o>`ktT`N-p+7;OE(=2Nvhre~#59
znBaKsnMKHl6Q4OAgG#wj8HhjSc^fg5uY}ETF(hsOc?OM_GStPGhc59mxuij6Z#Upy
z{M<xamsHP{sYVkH9JD$hzM@o-J+S~a*>i{z3b~EB+;x&g^{c0qa9W#TcD%(``zfm%
zzSqUcP%E+e?)^`c_8?wC+#j5`a17#p^U)0InfKRXRuh2v#a4I4p{J^OAJ~~YK_{|g
z@IK%*!Sr(ikiznz3}bjy;|=ZxNq{XS0-3Vl>7&+SunCFea!U5ik6UpP>R*dLjkW*1
z3{_Z$n1c2>CYNNzeCnB2z%E_{aG&)GM=&zUgP~WckqLYUWTuH@%@<I=LxhF?X6F`w
z5Q?rGh2toX#3wdWrJ9^aN3eWKM*=Ro*^}z8RO}&GJS^>TdGJghS#PcY+BoK>Ztv}M
zz&o3{%c@Pm3&u7wgY@P>oTCfp0XGnscuNmKpz~`hUUvL#(s05)sB?5)XQsI;1!WBl
zy%(KB;KXAW46oDwC%!Nt`tLApMTLI+qxwrNdwRkr==GFD;+YYP<BxV072`QvEi+79
zzr9fp2bZTsb$)kTo1QRCF0JoET5Mpaiw#eY-~{{rpJuR-HRIV=h^xYL6lV+|{+pL9
z_;TQ3#Y`p2O+Nuv#zgxogb)k^n&93GFMmESqeqa`c|ZNi`d=@l9eQM@2d=_wMaKHy
z_&=+l8UaA}H(4gj{QCrW)<PgS25PxvA-++ypwk6MiTn(nU~H~U>IzftupQZav&XjU
z#mhm{;+$Hzl=9;DtJiP+knr}Oxo!LTQ93c(991DNS*#gC07JwzLie|i`#Tc23H?78
z$X4x!EI$<loVOduu!41&LFhlEpPutXUPG6)TELzU+(HAW17ymP|G5Nmr+t3-oB%+v
z_)XHF-uWLu@1i@HCe-|uFJZ8wUn*?{n!-H5(*NGkOIAPP_hxHk*|~Q3$&8Ovrv(PX
zU`v)WGtbN3<m?PAZk@L6xeJ5#%uzVThgdP;*1EMp-fE}>9{uY9G(gV8ns84TOy(B^
zKrwwlo2gA#;#ZDVs`<JlfCpisc>rN56inA4jR!A+P%==0h!m<*t@d5tgXTVt@R)*5
z7gLe%My`!FXuFa`*;ZdZ|M&VgD8>J2LYCVP7;$lZQ8hW=qjTCp0PlL`Fj|oE4L4@U
z)cpLf1$`9MChj3_r1@3e*?E6-5t1ZedNcd1g4s{OL`Q(ewsv84BGe}T79=Y;npYUF
zgW$9zJL}D_v7ZK94wUuk7*}RXKnQ5aL>EC__$xB+q1X+h6u<5*-A9i2C!ds&%3}5t
zt}3<*F@_siwG;E=q(&s5PZjgxfWg0QO_13C8!L|#La6XG`)!Dy&6p7M|2<i;OT~@9
zN<yUZ1myZ0%&6m6!+3icrcX(-!86=oU(HjY#HbCplW(b+b{1?#Wp;!?zdnh$O}SvC
z)I4?hACJLf181J#=mj<*Q=~J)kC|QWb1>mNtmepD2{e@PQOM(PAKLbFI(&nU%=-7N
z4nB#{6?n%8#AK>(^qq~^eb|mVq;|?`__st6ASUPgUvqj0n$u!TwoK2%{)%Rm$pshp
zwXQQTcDl1<d+$kW7h&7s(ijIa*Yj{{=5-6UN5`Ft_hGT)g<HMjW3XGbwNjn8*Jz*k
z&Q)_@9AOBd^I`NUO6yrWs9yq4&c>mefAU}`A^sf+e*df#LQrDEtb9tJ&i?NFPy+t{
zGlKb@y)JeHSPeKZeq5^?WZC(6xFwEcwm#l8yVzD%)Up>wlm&!1z@fipGpf0sGI(ns
z$`vk+UMXs&{oCx4XH?VGT{_C-lA)M;P}^o9J-X|;s&oI=vX<m?Uaaz-p!;KC7lF5l
z^x+Pc6c5uhKl3xXWGN=X$Ts{Jp$>V7b=;sOzslsHZ1r>>wu%{3!vEK59%h2ojgYP-
zzah)_9&`vHh%*~5#V;<Ol2ZT6X4T}k2&efo{Zq~V$Z}@BR($a%^}v&c>{VGDoa~@*
zu@iKHXFt`t!i~s5!?SjO=9QCM!ZZZ4&ixn)3MpFmxt>c<0D)Bb?T6g<Tl~juUo+-e
z7L^V{FFzN`%iYeH9#aHVB2(|UFUs^kKkO&Xk6$#H?EdnC$q0HY1?10IVp#sOyF9C)
zEhVxyB58Qi5s<1t#RE5_(=?a=3hc)mIdApEChA<+?DAuMrbffVLy7%CN%O+eYWoYj
zYioPo`xV*5+W|Itynp%CWO7q{|91xf)WgW}L9>0U&N{kpKLiFwQo(fu<jS-`+yGb)
zm`wRrLAAG5d?6;_i4=GJE@5~cZhKZ(O<$0jrz;<-LmZXHztjjJ0O(+DR>1BLP1nOb
zc;{qd$2+ElLPdz<_kpW>X3OBcT5VWIr_{>iQUbBU%h?Z_i|dn?)&Hv#g6n7pcEZHE
z|9zw})B~E~UIpWIc@HA(HG2OtgDvu)b8TfeT4}sY((RMjPNrL)vxTO&8{lk)58tfy
zg>`TUtxRKBf{|;hOfo8?!E`&k+)unzPeX|I1pFF;!jRU%=z@w<n{UCO%PA$C*tu}c
z|K@?xSic0h$?>FMRcw5W7=lf5R_fh5M5>l3@@5V);D-Vs;1PPEw)p8Bl6cti&g|kB
zJq5~IQ5R@32ut9<EN4mw6vzB7V@e+W{K7wH5Ws4Xu9#cs6aLob2`Eh1M4vNNZCnDR
zLuJB_-+*S8(2z~*60Br|caKXpuwXENwkbK)nTHUhz_j*jV2DeI!xmmaPvmz>9iR>X
zl*E&3)O!X+t(36CGj6R>Rp9E&!tkvB9l7Fluo^bE8H)WV<&m9rrdm^d&A|jGum($b
zM7vt!5JF%0g1CpB;X_lWA|4pK7gZysHOshwZ&W>O&NJVzR_gG1Ik@~zanb)O)St`!
zp<C-GSv{5LI#(!C@poDg587~Ye`-75s7Daj5Eprv*u|!IL*wfp+7=_+Hyh4D_}trG
zg?(65&xd!tA%zwzqJw*G_rPSLbV)0mL8~<;R!gDAuCrt`gr+WOIy%$!kJU&9umjF^
z+2II<Gu`rch+m!Q2mlhP7#cWI&P9<#OTL)_<FJ*S>I-W3VRvuYO60L2hS`2iUXV&)
zZU(b~=O=IhMyYCTpUJ$z@6K$h{Mqpd)7F}bh@L<7mOVk2pod4q_@9mr^rZ5+9dL1D
z*+~NCpWq6lAnozgNhdk6Jv#02qNmW<qG*qllw|+}z7zGCPQ$Ff`YuStjWt^&(1VKD
zsp^u36oL|Kj2rh8T%pWx*uVHM8x`1?4BB!dW#IrBNRxhp0pJA{i5pQbTj-=}xk4mL
z_k%|?B-aH1I<XsCBR3DB`w^P08B2(G{m?M(5Xn$EefZxGS}o=D$DK30J((KwwXk*b
z|10Sxvue*<6g=}+p(j}U>(;F|deommf!#H0cx(HyGgw<eu(pl6+ani9b^KB=gUpna
z@d-wV|KOj#+t|&4F;~%j8~s=40L?;5>_5#ylzuu45A4#~&F@PutNqn=^y46l4S%5G
zU5G`dCrTIF1L~uSS)d>kbd%g7NbO4}1W3!O_CtV}(f9#cuNOXC&~bu$)^`Pq|3xp5
zckMn*W5#{n)|z2-DNuBNx>}TUc^8;uzDQ<XrD=I!8>0y~mPmj?*@0K%3If7J$@*WG
zu0IwGjB9qhZQ&@0=QH(aen5duo}S>ukH323PyD9H12f05x@@UXg}g~dIl$1h_gYd7
z?6d7?sFk32j_ZdII5;pQFiBf$4I`?$h<xyf<y4ocv8G^}8UOtpxuN<V9AY)tIHu?A
z$Uo9cBTx^I__lUJ0@a8kS8}5FVWpTc)ul0b7R0GsQ1z$j5egJAncvJ6FzO#wI$FPg
z9jt%}qi&XH*?HO@!_^ia6xPhDf$^~B9EHRmUJDvg2oB@I4nuHgg79;nZb+3|v3%;o
zNg^2zM|`?Y=Hu()J?;i+b}x|#ZXpr4-OqChmLOqeTBCaOglHq(3aIu~0=0%~ju~Ya
zfANjUeP_u*7xaa5bB_Qt;E!9nLarWE+S?w1hSm4(nyBR;JLx?TCa?x0Jw4efmY$QF
zQ_^@Of8WSIjib~drkgMFsU+)`uby>viF^)aFBv6V{$>Qx+t8|`kluCG_(m(IC*-l7
zQt6~WJC;H2{!A@^44||DS<pMnQ&hWgyQfm+6^Kf8qc}Z*V6W>z9#l{>zjN4I={aCW
z(9FL8MVkl{ELx^zIy4^N-kVj)Neiia3)OIc1$taO_S}5oA#YytXa9YY;{PCIUDA|;
z;+=--n3YZ@Y{j(uLqki*K>peMwv?Yx$;&2vsm&hWoQKe=M!3^emTqfvBnevd$6%P{
zx%)4@Ek=iij*>bq$l!?}nd?s}_WVhr(m_G~xyzO*(OCsUU5CW+cHsA;Z#qXW!pR|k
zxPm+04l9920>XiTDWMUBhtV;pRk8+ka5mtwL4miym&&6o|4Q1z+?=-SbcepHVLjph
zPtyE0%c0Vg-Sd3N!eT%TwBT~4Uh3gTr`(=l3QRN?%`EkH)-C|U@jT<67kZ<Mt&+Hq
z%{0heZ02=EDR&NiuDKBpcY7eM*iZN@{Ff`HAw$o8&p6<jCX2J$?Cny=fe(1+7<$l*
zUkJDBwz}B2!2|$bY#;Hbcn&y6^x+p<uJnXes7!CL!&D}h|8n`dd56T2fKBtc`dpJ=
zVrBor+sJCqMW#<t6z)b*4vKW@sAD|(n6NT-@D-p2QGTeWK#5@*LLg=fta%8IhjITe
zP;6vP+BH4+!&eO^f2n=(fb8}fH(Hny9=!q+K+pXT)9_mYM4{W1eX)sL=+qAK_k-CM
zU-W>CS8Tv?gtc88{TuxO2-89dNnn1_zne`qN+|u&2r=*|K=Gh`ji|;`2TfW(6aQ_J
z;d@W#m1VZK8~+Lyh?&4MP<-XvVo}PC+lcLrN=Vbdb8pr}aQGNm!HlkK0B*PfI0a~4
zyuEbNr<~ZxBY><MQYi!MNT<5$`S}ThgN8lrHHg)78?VCBG~W^>>LL|e|FZBje;4n!
zVF@`(Sm<Dk!xay8XO#qK5i-%W!E*tqP`$_!pXR@D_M58_^wu+lUF7gS08!=rIKU_f
zR{9O%^z_ehYHk?gX7$FVnD0L=0Rv1%HMP`f4KTWtDDL`0Y79+rsKJE%8!jGq{veWP
zmPe_COY%f~nez$CFMMhCV@FoZ;JgIDf6YcLF`bVApI29;gcXFU_S~Lw$a?-KQ#@D*
z?J)Pfpbmsm0d>bZOF+p{nB#H!C8&DlHr}BpAZ>MVr`EO?mpU4rl}Q_bH@rz>R-n{t
zK}SgaBF-sCAN5X11V$}&iMqIql(~M}j(MiXs)osqkL&%jSBEf=94nnmyv{p%J7{P7
z%S<?7LJ!*Bvik{x!{$95SqPwYNYrGF1bbAzYkT_+jhWvHE8Le83MTyeE@?M~4hq?n
z!OKDX0b`_N<`B|<C|-G3$!iGoVuy|8KMu92LN*K*TKV-Wm)%b*=RvbeGH87Xl22VT
zS2KN#|2nD99ru<9lE)eJ+_>nWr>AoqN$fPt1Z&DHW7339vHSjGUv{6=dT#B_Gh4}U
z$2Gx+|8u(n1Q4vuRq<J6==bb}R&sB3wf_}oLFYP%M;7NYeYnV2xN2$q1}>eLRYTE!
zyIK)OjzP#2n@%KcqgHAqT)qeH!$NFC0Lw6|5cKIk_&v=t0XXfr105g}7_ysV0M&8A
zRH=T2w@q$DaH6r064-QLQU2R2RV}nv08tT6fVu33#B(*LiKRd<sDBvH!>o^AGllE^
z+co`g3Bknn%I@zqkh|i_o>EaNjdh5<o1PCPpFW<_&gPD*@`PZvDi@!eM8)>uC_gKb
zCEnp|WQ%hH6UN)yGJSTAwFRz0^_SW2Rl@n!gs1TGs2_BS<%i<$XV$;W)I}in`DgS+
z5S|tor<Jg|*Y!$>A*I)vhw)C4ufg)347#@jEgEMf>=k-~f6Q~nPmq4%X{|c|2={@$
z)O}rTYLN8xzYp_MrzJJ1$7uE174VA%R{Z@e7dU>(d8?GLKvQx{)P|mL8yXuGY51fn
zDmDo(=vCENmQIL>H|zq5_H13yry4Ae`f9!n47)0IPu_<$2O0dL)6+VDP-jq(3Oo2a
zC?F2_A`1RE`~SP3F6bY7ps@Fd5^%Z84?V<o56;V)3|&<QyUS$E`y3iOXx5fkl@J0a
z8^*CS-OlU3L;ToeO6q*I_RNkRnt7CecN{;GeSBS*EjL1v^@wzO79b3>l?7or<bvm8
za>0{L;*K6MNdjqjLrNfE3y3y;4h2orV0d8IW$DbU2T&yLo9cq$v)M!BvfS^kDhCD&
z8Sk%D#ic*ms0Reqni`>#a0~=Q$UcC4m*gcBeOA6bJIvkdhz8aYlu$9$x?CaT#1*7J
zk@G;7DjPwpo{4-2=#;0Ibt?eYt^QwKd-&X9Ff`gQgkA?`V+!)(|CKexU~&P)i@IAL
z+GK!&Ac6~doK7qlLe<Fw){^v-GjO8$o?@X{zxAZ4z0J?Km9C0&N?0>@4&3sSKwyhq
z<&K?}8Sp8bmHwMVu^bY)Y}NZ~;PXQ1{$K5Uc8l{=(DvA%N(6vtsa)nX@j2Ca$A#TX
z0YM3%#O#tTVD$kYcXAMiU~0J-G^TEuP`7!I8Dk@WwE2^h3M7zK#6vhriN~K(ZH-%`
z{hVR^`L{P(d~41}r$y-NQ_2e*zhdt3-T;~Q;Dd3KN<mH@&6}jgx7CG-p9XT?7fQ5R
z&n&0@#Cjj@x&57!(_EL1@bEh#ZDmSw{>d3plHqgB<(#hbl;8ByQHgZV;EzquqvTu0
z0my&4sfv8CMnPq%u6>l>F7d1tdE5Ame2gpdJZ<bhZ?S&0nc>za1R+xK8y(Awan5RI
z4|Hr?Rm8Y$+AlJj>zjPV!d6uae<SM=@z_bzxAtNuvxl3cfsT;K;?v={T+_Np{4f%b
z7&qeoy}Gj73fjC@6ups$CzlP~mPf9zX5jvV;=Un+nuOXM0Lg`*LO}gflRiPk_cCRD
z+cjt}1SuAY_dgpho!}F6!g2I#)ugLIU4}A_?(@8DtbAWYt@Nc-^BTRJ=pzYR5?kl)
zHpa}_6BCi`<F7^S1zHEFRchmt7y+81uA`l#Kpm}t<IU<eWV8o$3Z;XY7dod`W)78`
z(G^rWj%4r79@vo6`Cpe-@g4MAY@U!w&=fhSo}?4fqVdx>ZDN8wa=zAAB+7pAG?+%5
zqO$_Uu>IGp#T!3OpZH?l+SNF~oZv3W;?=FAz)SF2)jr#|gUQx1*^>xwHWeU4`o_i&
z(F}Ly@22j#HR}T78gopQ3fTbH1N-&5&FpmEWgcvnf$7xHQqjlvbvrv#VzHe>;a58U
zIMqxtWRug7>_-?80aVy)!0(OBZat0jT!Tscqu&GpH42`VwZ^!x&EUBHbfX%mVR;}k
z#@zR5OQZ@QT*|S<hUAOm3ue-km$?FrZ_j>_l9@S<bCSLz${e&zBfvmFw9>MgoRG0f
zXZaW2+W_JUSV?jXkcH*|K@;bvxH_kB?E3y%D4u3YKo>s}@YCCnY*gmlfubk0oo1l&
zdIc|T^g_*N*+;x9Q@)x@2`5~mpwHpA_)830%;)m}Pb9kIz!Id3$N<{&mEe2iIX1VS
zl9{=5Bbxuw^1rV`P{K(xz)2)yHF3YY$5^>D#;iejnl0d?eyFeNoRD97ID&Xu1S)P_
z!i+~S?U0B9^2#Wk5_{#=&k1*$J1*Z?Ve&0Zl;i9|)8>OFOH+2i1u3V;@W_z=J<|FC
ztoGd*Jz79c^1`>^#Jf>2UFXodFSV@DBIhNqR=tJ$9z4#C5%c!-6GtA#Lh=>|)U|x#
z1yZ2GRF@dS!h0ir<^R(qj(GU6moYp=5g^-EHZ%nY8LxkEUW((8N5l@42!Ul3u~O<i
zz=`&#g3ggK#Bi{sOnRjpkOZCKB%}7QU-6D%!EmOoK>|v>;Iexk=k31!XpO?2F{zbR
zK#(hYwJWRVAd<VJbAo&|0L^&OS(nvF@DC#Xf`U)mrO6ZBdp9(^{s}x3$!*wlae2s~
zKC-~sQ2<oC1u3X0o4CChqvq!JyB|c}Wd)&z!$dJ-Hy|}vY(YXR52_%G)8T~4u$JZI
zR_oDp;jH?0)EC%4zLlJsfyIyS`^MX4*DlWbKv{84)NWEW=)nO3V*Bsa|LHQfSOqnv
z6TI@?xsJj&>|@qHhL~c5*AaxK0DyC4g{XKK1<5@en5IUbI0bj}fpC%app4T077t-4
zU=KI}dv?535`kt4H-Lp3(-rtk1q9LY|Jm?B8fZ?!#ici9JQ}*#fA9|z9#$csg(hU>
zd0|mHfjqR)UK_Cok<16jEeqUckoRN*=)66_=go}Te!{nk$!|r&+yTYf76E=$J$W7B
zgkLiXc2B+|N`Q$ev{K?Rh%r(4_5bwtGI*+|m7`4X(2KBV`=)yWhRQVmK}5X0nA*<s
z@HT}o-b7B%zhPc3m{4B!^D^aCBnY22z|0vzgm?ZGVaV&ZSIps-eXe`LYXZD7eUQ;U
zY|x5uIc?AAiGO_K1N>EPXbfFqym$zMyD37=P?xm7!U`w|88x9PwtaiPB5pP%Gh>)&
z5Amx8^y@vw==nP6<7|K5a0w^4yo4D=$0UXya|P*~ACxR|91&e1-)(AnNrO`5DFbDF
zcbArIHU$TkmqMVX4iQrj>aZ0Go4Iy;Rt1_!K}x;bP||{$;1wyfU=iIJrQXumMf)9l
zL0_j}WYIiB`N&i9bK{|30>ad#0vZ4p(gdI_{!FRY{&&kd_W1`ncx6=zSxRhBd)a??
zdlW_gxi~410#cH>A~LJQbC5EQ68rXOOGZ=kSo$Y`6FP$d_s(yyb-Y6hVmpLa>QzjZ
z^Sgh5>!jrQqj4G)LU^Kp7lYGkcZ@}np`|ZG4IzFy@k3IhmFY;`2Y-ygU$>SrAYwR0
z9Ti*i(gv3aYXb_=f7S-ICCf!p>@n}Twcovc9C=}7urL57bt(O~Fu$#rwTnbky`n2g
z7Y%Lz2}gKl;NuWN<8^8Pu;1+kyXOKvI>?#yzeBtwy0E)v&z{}g)y>uY|I(TNcuM8P
zVt6=IM=L{lw~{4-+SAihYL5KNY5%Js-WN40E}ouwx?yZ~yJzF)PS*4b)I9EQZ~GwI
zu{W8sdTns6u&vFPRCng5>#mlO;vP!H#z@MzI&Ez?YVBtZLx*%<@p*jzRIq8$#%Ub1
zhvtk*y65uU9{b)iKJonQf|o5mC+oW$pa~32+V8M+T!QsdTH?(~#gw!5RP<bOy{$|~
z&einI=6BDm_I_Wwo+Y|5HS<pLKxUsz&|w{&&WtAEyvucxFQb`X1qHJ2XAyrG52GtI
znu9ygz0;2LLF5vn=99XeO))8fozc-UY5#9#DhU)y!Fy-|;dh`y&>9cnN9?E!{5^O7
z-Ee}2IN_WAtJmTLCl!o$%GoYz3d8*(nRYUf1P2Y#TM>MPsnKIfdnjua6`8Q?T}-n_
z6i*pp=!5XC_vKJHtrspX0yKA)eo%7Cw`3B|qp$+UzhM{`Xejt2kTNtE#bjV8-0vqJ
zN#29P#o9BJgaj&)zyEk7q3~y(;@2<ko2z?65-G2Q1kNAQMPWP7Z1CIbEr#G1ha%M8
zAJA?zz)0LclbpXVdY$tMM>;dhI{S~vpVOc|n412Q5j)|>oId_i(8?X1y-%!*uxE`?
z%!nt<W9ja$k5NW0j&;8Q`FQqFx@+#q)XZfKDOPMu+W$G6pe#<9lV2cx%XHwex`^P-
zw3FYCeH*i-$0lRV&L~auOO8SnV>8Z$9jI3Cy~KuX;vtyjxrHMQZ+`vU!uV@-UE_=A
z=$YR95t)<kN6i@bP%tnq2%@v!?X}I$3G#q{!*71ZK>SH%30^hEg%b!nG_FBc;-%YU
zMhuSeEd|9Gvo5MP<>#`m&;`vn+DzgvnTSKb_<|VGxKvf3z(C3(k7N?*Z=QK8ff%Vf
zqw2dxrC+y?5$i<pMuTTm2~m$E^t7N%@+QmT{Jz^}3*G(SGZo;OT`Ceh`xuY2Q!rua
znlI&Ca{Pwg35Mk=W0HSJ1b*WPR1Aj;MVUyZNVq;0euOtTaGgdZ6UiJ&aNM?)Tf=ii
zaA76u_QQ%_-wWYa;z40Juc3P-4&{wvU{yMd$3yU?F7c(r;=qRnY<$1y5IlPjJn6y+
zMywBk{tW^l#G4*YC=n-^G-utRvg;c1jk%=f%EC<fK&6q7U~%ITN<;tfsmr6`ER>f}
zAXCYw7#(MuGws+T3454v=NDD);UnZ#o-v*XS{wF_vHspr=WC3Sxr>i@bR>EY#r&b;
z@p!%Xd*yoFjdK4;G#8B`W-5b?aWBoI2Z1ISk`3B}A(Lo5zlWudhI05m;jTC#;wZ26
z8yZ9ozZE~>dNH2kAeuycyeE^$YI5e2IbyzHm&<SIhrn#VZ^E?fk2$B4XBa@GRVdqF
zm(MiC8-Q|sEEz4EZYnwWd$CY^<K2TMF+IP?LaE3jPZl5AHGG7Y_flWF?;3ZQ=b2Sd
zdlUu8P{C8hqV6)h=3X=_6*f>@iANa`fhWFJAXF}ADgKr#KI@$GAe-8IXHxkVb~fkB
z@N!BuYsa$pMez{i-?C2y2i8#X08!=pI|ij^IJg+Qh>5Hg@b#e0H?`mgO;az@!`tpB
zi&&UyuU|M)82^=#aY2$I67PdMPa&wK|GFlbUlz_Tmj?9xfjD798FN;(ZIve+Y0BkA
zVn=+;tkaQ7RmOOSO6pMswJ-<bX&>`G!+v%srY7r-qM|Px?w3=l5pdE>jEv}tn}aOG
z&qztqd&8%57rYL=V*gB!;2Cv<rJ2YES!COwacr5yfvs3>uzhgE#>N=O>u4E2QTn4N
z+LOCo+5%uj3kD1Of^L4yEWyiNu6d!3RawR_?sFZd0BX}fyz9Xvep^9>=fU1ajX-%P
zmqZhdAnOz(V6Wh~@9m|offth}fBBd(rs9ECwJ}B^5Wjff<}+GEEDs3a3iDJ|&rcEW
zmvONd_veE3^NQGm!j88nV^pKLKirOPq~=CtP3jn7X3s0rA6;{q6F5c%YmkAJ7G{N(
zyFO+A@LP)+!ym!Vy?Nk52?p~WWltv3aM*5n;j4a>o1!c1N37r;G^=s&8E#5>9eA7m
zlT41&D%~&CdtH|CuKWKnk;RWGGXoYV6nqaIK$C<nJlTgx6@s5S`}(0l>{wVCSXWrg
zFjHp*K7xITS@Veq*HEp;uK63Iy%dbc<w1`lg)e0skocxoC@)UnQo^v;>!J6g@iX!f
zggzGK)n~FyX|0>B>+&!zP{HfR=BtJiT7EY5e_#sddaBwxX7#0d=D3VqS9f*13k$5G
z4|dQt%;Xt12yr&gD(KiJl<=0UI8P{bIo~VV-#VpugwkD%FdVS!M{B~WNVPbbe%GJs
zH4XP;c-03N6(tC+6M333TneYIo?tvh^Gli{9GO;V!SX?!Y)E{sXGYc8nv5ReIDfKJ
zU322;RYi<<SXsZ@eI|Z61wZ!#nZzH?lnItqAO!OIG7k+>zeZrldjOXCy8&k9TjG%d
zlTR5s)rPDnoKyo9`t+$oG)!21u*8N5r(`1u&5YRVcevBrHiY1u=?Alrs>d{AGs^2j
zdX3$aPiAL0H~8gkbsOKLX>KOJ4|ODgzD_hywU;IwnPdlMRnY9rXKe%<y5ia-uiapI
z(&Id@`SPvx((bn~o_}R#<mrcU-B(ZCH`;7`mL>|iCr1?-JLzDF9etF~aFgse+8(7?
z)NkFlsQvX}DVdj=ES3w56y^~GzI$%n!QR(wTaE{$950kY;lhyI?}HUFOknF#Y}odO
z%wyI0ony@%SxA;5(m<8xQKX4<kxWCt?siiB`h;)x51`F?<~YC*=g{<xD~LU)N#xeI
zUzjWd>J6yu4r)=}=x2nTh@VOtFA=p-^NS!PcZYQYz0S?eXqD3?>MN0O;ks)&eYV`S
zHxYmE?Tw|~A7whWV=t54$G@|ad_LZw<4}54D?uOzm?y}2I9z4!g`$hHPMW`ptkZB7
zHovN?sG+{J-+5PAO&hOQ%|dF6jYUo8=p@AfIjpnK*7#XYIrj*l?^W+e^PS|SL*e{p
zM=OMB?)<uPz-Mtmq?(U_Vymz<k2(2FN8{wNot2}WQ@`#nN&CG!xiJ<an@ZE2GLf|z
zmglfO;l91WIa3*KQ15#y;<%<VDxui2h_X$bP<mZM{aW+#Z6leER6muzU%sPXD$cnt
ze@><e7~vGUT7@=hEe`BDZeC~Qr6@zc_NniA>bo@*we8nTk2%4>vft*4n$lgE@a=7+
z3iYaF7Db4V7{jf;eN@VrsnMulMny#}1Ro*sQi|r(;}SgaZDs`b<@Jq|H$GidO}~^@
zeMxlMcfL-2(JzTFnOnwI@9ECf>aJ4lfS0~&u|-)f`FCtuS#rv4<HQv99TRjJ??gs$
z?}`x<vkukytbF;%`+0&7tiGc)8uvqs4Qpd2KX5LL`+RZmgoKfbR-)6w<<QF$R}IiI
zUb@0IH}my#CFL}bTTQREq^<<NaG!qTLwW^d1W#Y<w1ll8Gm$sgGFR$EtT@0alln7u
zQ=|(&Fm%l5wSL+zz%=~YI;Hu>jR?dL!HY`|hlXCpJS!MDXtb7Z7$>N8DQG8TD$*#e
z8~U|VM4YMn*gJ)dz{v%T*ufao-TQCiyv2d}F#CKj{|qCR>s175mc|IxdwUMu`{q6u
zP>)unzl$P#d{k0)k>k|;E$ydBb{Si<sL}-$k`MjMk0I1L&#UjePZQqF3z2@j3-L<?
zo0t%<)pa!Xg|4JY#Z@F0Z!H%6Y?@T1pc2}n*%Sw)W#~1oEZdPCtM*~mddY(F9j9m-
zc@!3Px0oALpN7(1kdUeBoA#;bsZy2mh4j?AX5^AS*t)NdcaJDF%8=cgf}xGi;`lxL
z{YMsVGGV(y>^dLjWn?COA~C;P$pErOz5b%d9|tb%9`Jb3FAL*@L%zLPj}tGL{o#FQ
z>!-Sa%FNc*QqgM7!WXjkuefzdiDHEyraPX3#k4;@mBJ=&ruC}1qdHiu?Ha%4JOEkK
zNBn)YokvnU@uC&@#k9&tYSAfNLOK$+!|`^n89KERoW_q=+hJQf6EwE-yz<oCcXzHm
zz7}z~wUuA!fxgeBDE4#b+I+NdCq*mlP1813(qP(^N;vW{@--a;)35JY3{yWt;7KDw
z?XS5vbPA~qm*m^uYDuRH>!?_Ax2llbCX4!|i5l^8>`{|5Eri|yTRlWLQu{a`(_W_I
zHF%Q}2ikQ(v13kAI8pO(A)OyOk5A8IIdEaV#YfNmiCdhWaa82q+#WiHw&fx4@!j19
zx249zD2f&=;DhmmH*&cSXwC;Eh{lN=9=t+tcpRWZNOJ-sgG}co_K}x+s)%>-CtnZH
zoCprIr({9PB>Q4yNL<IyiY+}<%5Z*Tu7%!J4-+N`_;`okTJ2Gr?hZgW4!yM8rCM~o
zYhELr^?mT$d2uv}<Z>zYDIejqc1~K{o6MeM;&f@-cXW1<UF^|uQT@YqLWJ_mI+o?-
z_tluN)!;v0T0Emh3ub?*^p<p-7%Ay@GcciBe=p44UBaJl`{@Vn^gsbM>LV=*%Mv7O
zT*)1<#jEgADs!4g#&*IhT!JnRE+%#!PTSS7Ew}Aw`#3UKUG{KLT?M0xqTN(#JV6mo
z2v@~D)Ot87CU^VHMRqFd-JP-MD|W@$iL$u29~T1E;tWgzWYzDoWg_{MKQkbBtSAw&
zhsbogn0JX%*qmE;Z3+yl4n-aLggbd7Uy;m~i67HSXwg}^9+LwzhK<7NgYmTY_8(Pj
z6sGwcj^rZDipB)Y&S;@BHHlIM{gM{7m&b(KetH~}OmhA{`e8XjcqJ6?%Kmgf*hm$}
z9Z6_|KqOGwK8B!B!`A&UV<+W4vY^{7`(Tu-LpYvD%p~MGp?ZIn_<avy$V9KDW)&O>
zqn}bfN$r?d8Z`wWZHZING;25kUr6CLE>%~bofOxm{-xaeSElBK#hvBv>{0Bpt+r=?
z{`J|x*`p8;Y9F8u4wL{lH;KaO+K&`c$T*wC)3O%K{9IoYxWKO^R?zVHp1Kzu3hU)w
zOpcF5DER~lCvRNV+FTRQUSu`xoH~`%BvE!uc*uj3-dAwxz_HI&4>sr@p=M-%l;-S3
z+o%SyGA@Xc6&a_ByVNs16L~7rZnceRdC2oZXX7h<mSa!lr1gYyN17!*$t~`sNiI^H
zxDxjjZNK<LT*`9i=G#QRd)ywggBW)8t$3aDnb54ovZq`DYPsc(3-esG{vQh5_wEf9
zSvn#xxvrQZllRIk!a5hI?2z%-J1mP6D;<VzX!n)!H8EE@pdV}EL=^M71@up+ow=oS
zAIll`<6$Y$b9+G6*|xJWT3|`bZ(~Zh+|%-S#m!!wvxYnIXLHA|3)?3y6YrRxeAE8C
zU(9Pb&a+`}e`$^|J98a61i9Q=)bR7g_jwZ-V^^;JRnS((&Iott_|fFPH~z6-b2wz5
z=R8~bs(#}8a9y+eXyg8rv%cPV>YUeGCp(hKB+dkMoj950mp$$$oZp1T-HxtertT-x
zst(*COqOBc1kvUAkx6j^ajKN&$_hS?+Ak#Z5-<Bvi{X&|GMn@PPp+=%UQ=6a=jm*5
z*QL(|_HLTQc|ULG_fO=Qh1%$4dOi>KXC<svA2`wX63glTIW?>+SL>DAOkFys{785}
zW2WwWRxt{<Eb095Ioo?+nDidpC5I+XLoao*nm?4E?kWjP4BI&5sW^Hll^M?!u#=Be
zkn;R-2Icn4Z5u-3>|VdLVaFG;K1$>`_ND)rB>m*tcPh5w)yQ++S`1I+y-W29I4t#t
z<&8zymJ&Lei@#F1$B$Kt#|0qj6K6)MBpg4#2%FoM9UmA8*w%*G<rT+rws56=1^Ph{
zQD~?6t>ztCD*oF2y^D18)7TSj=WoC2%Wuq|_)@VMzG7w^TS`=6S)bFu$%$$ldo6Uc
z{dSm}F#Eb&Q8-~xobag>Pdl2itEN8N8SpxwKTbnlx*wY&Zxd9D@o75$!ZV!X^jyZB
zHRMr`MQ#-CGV*nE)5Dq4ur<hkt<b%~gI%}hK0hMj#E468%Q61^ug{&imH7*ku6Qu+
z>z<`W&y~S-rB6*dskJwk>ZaRdl1SFAodF~Mn{i*t39U_FWfSBDCZE<Y*tUP+JUDr8
zYwoQmF*%pO*DpTRVrl5_+cSBEld@I=vQlrfAitT}nHtsV)5FELs<dU^Z>P4EB!&6<
zw3;QjN_lO)@m8&EHS?W*>zXFkcdH9;K36^da;?g+=wf}txX)^Hnm;;CS^Z$)vu$b}
z-OWmRhsstN+YCOB=L3W5!?ByH)oE=BC+Oe%6`4%}k9QcGRKL}dx%gTaSnKTCJF_@x
zTfU9;Buj5;min+q(uT<~Cc!SGn*LrRo0lx20q^6eE{19*&QFz17Iul$?>uf*anb4+
zx)=G$*w~7SoXR{<<I&61q!nxOmG{|t0vCCXUGL9s%|DhT96<m0z9os$_ExoblLLuD
zImY6eLsuZa^i|Mdp3zfe?{Y6}$9|F3rrjboRbltj4I-O?(i0}EaCAZTd;P;A4Elmk
zORo9+JjTr%ZzHUg7#<v4+07t7Xb0@!>tBDMXPSOS$OqLOSU-6O#WQ=2UBJ!k?Z&rL
z(|uK(>+5fGH|T3jrHXAXC%NUy>X8VJd0LY~nilHOsp!{<)MNTW^tz!oDMW@539VYM
zTNeesRM>moWMd!+NcfS|p21*X;@&l7)tOGqEuPP%$Ig~(u4{kqEaWw>bq_hXNPn;8
zWUK>FNgEurZ~3Od^*Pe$kf?ylYZy@&J5kJXMArXw!9*!BPS*LfDs2mWTWivVk8=w1
zTo;|cK1M_e#Aoov32C4>&oN*>lx@kT2lx`qN(5G>PbGeMQkOX%FNf8e?#~j`;J>e?
z?E{z5o9UKr=rm+d?jP%dp`*{uerQ#Xy}7U2#jnV5lSK?YLL7EYmD<6gdatu#?;Bxk
zP9);v)<(CelrWiI{x<j$W??B^pu%1ElaCY5P0OQ6B49PUc@kgqUEJO}q}$l@>Q333
z0&oYm<j4sYyb`bDIE^P<jNPV=Uh*9iCbq<D>3l2Mu=L;M?{)0#-C&Q8=e&<((uibx
zkabw9UjI$c(&UJ!?CZtATW#M{d-B)LJpQ>R_H(n+zb+!;0qa=-H^kQRm=vbUNtIwx
zaG<xaJK11yystIUInz<R|CcQfw#X!<dpcX1=g^63#)I!`xF*Z)g*msTNj+XvxHa7)
z81Z4L@&57n4*!xkdKP0LZ{Wv`NcL9)oJ2Z|Z|H=gQ^IqSuhO@8RW64I93NGfLawc!
z@?R%v`|Q@O<!R#dq@6A~XXi#;v^IXCp%YCPx%Arm+EiM=ZU&RQWq14IH4&5Yn+dq=
zHLnkoZT+nop*<%TC(olWHc$!+8Ta+=`OY5v?wS_L4fB3&n%Dm!CfDhPs(}X2R96nq
z`mt<HQ$5d2?o8q}XI6pdd^{?a=dF#!==oAAXe=@B=Rclz8WkOx>2jIs&F>>5I2e+6
z^W@Fin;0(HIOQ9=85l7<v`-b=8sLpA>oZG?SH)B~oqIUlgVZ^?UNy;RnOnEBO-~{w
z-`~nTFg{bMPxQc%yw+zfVyZU=vMw{s@Qi9h8Q?=CGA}6|N8!HnTIO+T8eh|7J7-hW
z>q=2KwC3I-h6@jr=%=wci4yku*+|FdYmRZDX1)qG><P!O$oqWgK-`{_yHxe!M2>W7
z!ptS6aZ9%lujH}*QvCdhYt1{#-j$yp92GKVV`p1fPSz5j=X_c>oanacnpI>X(~y&T
zr$MBzX0cAJ?^J<tPs8X|HgC3gwVO?j2J^;8z4}V?DyLjmhUD<Ew0BX8Y4YBepVma{
zM!T(oiJ8Axy=!qM;Mn$NM}zd;qftXIJz^$rM!#yHFvc^>x<2$>rK0Oo#E4b|0%ro{
z15KW;Oidx}gHKMQygzR#TzGz~97x@R>wkR<z*PD7>DG{5S(apa=e6}|<Gk~Fs1-4J
zwlFB>P8ifc7jK|h!%B<sagq9#mVAe>iwi}TX{U+DX%px5ssndNa!=rfxlZQQW(nT@
zVWc@z3gI{M@Y-s#xXJNUU%zAJ5!_5z*`is4iC1>5^aqArv}9NK_^xjzdMEIEvf4Wf
z+MX4PfAwYU2`+SBRpEU0uwU~>lX{~naaU##VAVrsc_f@UCDx4;-#2+~QXl6Wkk#Y5
ztJSn`g-^lyS(2KO%I?`iSiU`oT>5O7;ePhc8M*d=;*(FTM*Nwd8}DBtY<1S@Cw+}b
zD4rW-O;-Q08dcX*&@A$Jkr4AU+d~z@nWl3=O;|I2#onAv;yD*~k!vg2^vb8gzIzr+
z4`UNmO}H*6%LiICY?#L;@OenI0?&!Yjmu8yCrK$^mf7OUcWgd>d6=DZ(PZUnvgu`x
zFD>+yHn#+HQ9{BO8Kn{~;oQdEg!?ohSt(xqeh4jN|L(Zm$Spiyp15tR<yixtYn<}#
zuQ&QDe<aNiP=luVHZwbk+7T_cW#$_LUy<tpVRbCBj*qgJFC}yY`&7I8AFXh_Akvnx
zYyIfPRJ%w?eiE)VcVX|nd0a=Lk1uNK>^E_SqbF@NRiYlRmQHCSr-%!tC!dVI`03{0
z6V374#Y1iE6RHj$7l!HH8zxGB=$T--4U?z?`wmd0Nd@o{mi3tHIn~=9ad(H*@DWza
z@Y6@HT*;2T(b%IT(B~y)==3#}P{X;JP$3||M`ruHa&UWcS|%wR8Ee)>r^j(I@31!`
zvH=GS?z#Df&ZeGlJcT=R#>`E$G+yN9hJB`8Px#!O0``&XBKp+<EJ6JAi9eDIBxZE4
z*Pkv6Kh`hRXMsiHzBy*hS6lDKsWK<*Lr*g$zkb>5E-jx96pLIRH59&tX3fl!Yf*RD
z9J=^hcQ!A7)0J|)uyszh@J<{3N^j&c<v_I`1*y#(YrE%0|KX3GW%(myn#CN4{w}eR
z_SGg4Evdp;)5&g@T`ERwB5k83)TdMqg_q+?-M4WW`*Jp<4p1p^ZJC{^x|bq7+un4Z
zv#eig$d~l>+El4_LI$P7?M1q9q%WTrJ)&Mo5!Kt3x06tK>zK{3obAu?87-qsO%pwj
zsU8%&-t)5zk-4dl3?xT!yj8S4Jdw4flhRPwh~u^CDOL4*Aphih`{9aS`%1&prYLNR
zd$uxtuGLxRp_D22Ukjo(^~|l6#XFk$lI+0_B309+pcp@Aq#Drohy}_D4=ax`f3jqs
z&>2_hVo`OZ3^|vnDfx-?HTpon_nSYpo&*NR>_gWhWD1s^?O$rx+0wFo`{VmD?{vw!
z^ZO2@{J2@A<EW47y-&3~M!n0Shlx7E-lDJ&9ZHB_x*;o8$IRKjTjJ4u%mh4llof8R
zY<V$0aUnW!ZYV|nJR4QTj7Q~M<zbPork~%|3nKO$oGGjIpFP0QvDAHk6sHOyvX8qo
z1Ah5<!f=d69BXBSgw{mYDLoV4i4TV6{o_u<Lp7(fzGZWm#8s?|DI0S|Xci$?4#gVj
zapzkkT~VFsDNHwGAXKR*q$*5G84>6v7v-%JHz){l+V@REv)@Ci;!zfRVJ!mxZQh&q
zDw@=xKzQd>ua1?Pi+$;GtEKqlNo(yp{w`1XR1ew2t?Xx>>_0Fj@sM;%uh!_illIUT
zqM4K!bYt@Nk3^5@*MF)BSmSZLg6<vMj~0|3=i0RALg?0)X_k%$EG#5<jhXx85yIRP
zVMzWFWb+x5*Dogyp|K^d_K!36_D;6W$Gl1BqJL|Fsa_h$`mpzZ&ZQ8Xz0OH--`H;}
zI6LHfl_mzxu4LM!T5L4i`uQ4fM~3XnhFx;VduF~G9qImikIBAEK+6OhZ0JYyye*hS
zxyOi(oa-z6G0rvAmtdimXe3V0scO=1>Fhjw#+04tJMr98K~G}x?51HTZS9Bk+dt&n
zax$)YjkFi~s}o)NPmW)$;FwKd(mM7w^eo{R`qgQW@hm2g@i>GQU8v6r5-rJ<^kw)*
zYrCzv|F4Hh+>`{<PGa%C%{9rfu>3K{34Zk6yZGNNq+bW2UbkL`x3iW+3rbke57V<B
z(vrNn?Ilur=2kr>^xe@{W16O+b)`M!W{s_f67R<OEvBEo*?!PQMA6%^;mrgW#`R;$
zSyL*TBvp){ma#a-S*W#|uff_Wt#C-)<n+CD!*_=}TCRC(Nzu0Q$uf<37jmn+nHxv%
zpPwJ2R>zAl6y;8QCE(+J)^OjFyBE<z`pT>l%IuafnXxUFa79eK?#kWu#}|gX9$wjr
zJ}4~e{NYKmqY0y&d?)p36I3t5$DQo*{s(<oNO5?5uEUG98i`*8d$EE`Xme5qS1-Nu
z`1Uaa6W7AQCo!aqP4TN2EBonKs#B92mqaxn0ZV)(pY$oOJL%?BX%vz7>wV-@vh)=P
zZkzLro6CB+nrdN2t3u0S=|8&UoHa0^k4);2fqF~2PSb*XCC|<q)JaZBSezN&P_XGg
zjP_Z5qT1GxEEC~79eQWPxC_0@n(VPTab7byhjRP1vN;=nz?=#Sdz%eARLwfe$1zKV
z?u`=6A)Sij@i(*UtE^u<TKsfU$E`fvi1laQ&Vw^@lE_LWj4GAK5=pd4W~iYlGa^ji
zaropnF6`>v@h!Ouq|4a79L=#0a)Zae={RAo8Nc>DVs}>Pc|&wzwYVF`yurWutF889
z%p|XgmKeh&3F^<0NKb!Xaoev_G+vK?n{3UAfc7^kR(*LRs(DEEe&x_cx}uV{#3(ns
zf0omy&6@DSI_n<9y1$+dGvh~vob9#C)Tv{}6RmN+F0HPlX$c=<Q>|7Ex|%y_zUHcY
zW>DL!!^t+R49#_pn@Tetwa-|GJ<I%_M=u(T9Bq*)9LzPEo8shTK$F60E1`#XBq~q{
z>M@*WJ$;xNPIbpjE_r#zBb$_;o~tuXF18p_=2ct%4ty?V*%kTQ#V70n7fE%eMLIW%
zRqG(k+k<!~n9hbxE={ar_x<uBoA!e16k70b)6&l4?;G4)8=CJ(iR;xphb*6Jq7E;(
z{vgo}B%F91u>SUTu!)D9^KflRrH_XiMnkOnWHucd%FaFSMP~FuS>A6aoG7;Wl>}3j
z78in?9VS-pe}7f)m&y0mTHaMd%4zU3Q6<1O<3_BHYi)j}X4g5ts|xFa^h0B)r@N(s
z@d;Om*W1hr9iqdli(|ROPFCTHq$2Qg)qxiEyA0W_1{O(g>7Bnf6pzOp&_0>g>}*-(
zZ-_tn{-KX+mfWo_`I-9g;STnb&oULx9Y$aEFET#gx{6R0x{(;R`RdhV!IYedal@^o
z3PT&OOwG_siQZ2aU7fWy1yyM;#I4VL6Kcu-M^=fo9^GcyxO}<Y@HcTAM&9YM55q(f
zI_la4d7@Ir*A(keV0~{e@zKv18u+*ox=SpRsNeC?+Z<Fdey~+-h+<_hRmoSyNLZs~
zy6a!0)Zdm?$2z7qt8wK3wcY2h^WGnhC3~Go@lFu%j@4~yx8rzn^u7|Nnu0#}#ih}J
z-AIi!CvF#0jPc0?U#F?{nmeTHDJNHkE((2BI8gD#eto7*#t<rjg-q%P=X2UFIBN9$
zwy@VU=mL})2cR=%#*B?Td|7uQtW^3({LGDHo%Ih-AMQ)O(mV2Ee_27(gsS_jpzXz`
zOh{=z+B&reYN7hZzxvHv6Cb72f7@((A^$DjCb`{BstUR>hXh4Y&Li~|4!5U^!lkPx
zqML2sMIH^4bGfF*{`T7bm^Lfp*PBiUr3_lv7yDeDdHP;-MQW?j)7S&pJMus!0631^
zCkraA`0Wd97aX1&*JM>}v5F<8v&&xyH`)cdnckP?T*WO(-@9*&bf!6vv@={$7;Ru(
zUreG~q-IDp@`Tp<gAIl!)_zf}V5-NMilHfNgz?*Sio=ZI-c^S;acoG{mOZTwO!7up
zpU)l>ejTvK>3uUhT9COp@tXzTbVi%?98;{c@p{l=g?-f&Z$~e`$|F*HJeECGO=zf6
zoM{Nva*MAPIwWeW#KXeua?`Kh&Jdp%0r%Zr?Wgj`F|DT!RdLJ6vv*tsTSI~~d^SwJ
zB{a}YMrB7PIh*)WquvbO$+Y9GyEE^snKWd;gJ)MGz2rh+)#`r^RXYYPGC~PkkYSOu
zPd{|V<@QHSjP28^H}i$~xZz8{+L-=Y+}FnS$79)f(GmVGQ^oV9>}8)<2i>rkvv#EU
z@U`|C--N{SL~3reoxvF;%>J<xgZanpC)_djsM25NhW#j$f0mRXU^9GFLE<-xVkGMA
zBKzlB8}5qHE2;ctEiNBbBgQj0D&&mf_s?I!9~+-0OAo;z`L)0j?}V69H%CYv-gUC7
zIpv6fVq@z+;v*c=C#v$M$jVkSayKDp`O#4;!ciYp%snP^-}mdDMwnibh3SnC7U;Oh
z?_Ax<^PG7z!Bnmfml66>(_bli2WI<hFneuTSkrtHEMK@pO&V=S*Kf~J$6a}DgSiV#
zJ*GPQ=WF_tjSBYv)NGxon3^ey{Bmb4f2|dI-U>{$`=E8rN70VLJ>adm*X${wi?6I0
zcwX*~%XkbEx*VI-Lam7@f(n+>4L8b$cJ5ueea6RHhpT&MD5eEU2gZ|!N-l5}k=xDW
z7_@XxfabvQ=tZl=0cT4N{)LOEDN!_Q`N=?2li3_-TgtIMJq2;;d;i935J4Riw-A?#
zI`&b8ov_mK@zm+{a_7FlhK}y)o-9qDUdcxn462Khstf!#XDhT*7`(WsZIii^xv+7~
zV`1vb+IIHwObwsQ>`!RZnJF(WTucmiO1UIVxLktg3nvu&+<5P+Ho-VGQuMU_#n!5V
zpDU>i<@Q2JC)x}<&XUVkfWm$9)>@bgM<z30_Bl?Z--@$2`W@H~D_tMXKO|`htG`so
zE#FS4)^}ah?YSb6c4zT~Lak?bmyNg<)VT4-u8()r@e#Zz5hlIbQ&&#-JYVz0>_;UB
zT;1DIc6<As!gTKq2a&DCg>fK)6Y|Ik)umQ_wJ)3?66o|=+{P)krfOBJk0X{9+ZAsf
zT87;8I3@Oefh+W-TRUqkRE$frHQ7d~Tg(ei{NoCr-@igdS$pYs(Ggpse2Yy#L?qz<
z;p;u1n##U6PzXUn4_$ib5Q>N(MM{8#-hv5Lte}93R7Hv=^xi>5DTWp<ilSgaMeGz2
z1S57(L5c-L5Cze<<IHcy`M<Z`TC7=4(A;~@+56l5J16}DFQ-e<EAcS~)3>7xO|KB6
zKL&k&<#PO_z{>0`cc*hAnRxH(2gceX`ldTQ`qgd~c|qoI<2!+p%gn&MoeRptEm!s{
zM!-UwT6$LQc5=!yx4wQhy=U)ZC1g+dC^xhqSn~#}Beg$x7IhnT+}Ks>_-?4q^<;Ek
z=|Q{Z&k4exbXG6*%ZHlqpy%B??I=Nd4XrkVhaVMY4{U@ez(*{+e@Lhz%}k<t9b=lK
zU(qBzUC-xoXm(Nk{i$`V!y>-#B0P7E<uQxOg1MI48bs@48;j31?^Z%oTXxtd1rLsW
zZ#`r?sq`xF`uwL$v4^xv@k1$LBL{KEafmpd(l0IBUlp5)Ykqw%9vsKSKTu?8ZQjDN
z&Bu#e*^=<t)V<pLk>8<s@`CC0;lQI080M=E#YWZpij7MAb@VyxqwmM9>dmpXtw*vO
zPwiGi0$1ON+O?isd6ji*&m+}0iA$~9O6Z5<b)1R9&ht7<79-R^n0vi?7P0hf$w~jk
z8DA$zw<|kq@8;hzH6AzH8HofmoR2)S^{E02;#fxes{4i4$KmeqKByo3_*saLzHYg<
zw7)#=+mBgd>4xD=BAEz@|E{*h_Io+UgLJe14>X(*qZ+&+&pyPJTP7Ye$hlBgo+Z`a
zaK8e7O@}2|sIx4;k~{g#`8E{iEHvXE^gJF?5v6`gm~kjKn0c2iHIn{xXxeAiv_1O!
zs(@>)$>+wIM62*yvded<<nho`21&Q_PJby)^E$KTS6J1xIT=Qek|Yc!VD(pXx{^va
zsrKq~7(5yoxKW{%xK#2&7HNC#fJ0u`rHfe;hS~YwT&ON))R^o1$h*?Jyz~atT*FN#
z$g-SWU^@L=Sot<oehoU>f}UtEI2z1!UTQI4bnTFt|Jq-0()Ucjt40B?V5`7lfv3j1
z?}m@hum8Bpw>WcB-6m}UPd2wQ3VYTYmlvd#*k00_uNW<<=QUh!&$|6NvGnn`nwv)t
zlhXD%l&coz>M(t4<YFM*A9$$|Dtq^eQWy4BZ9c6fKQVlYqzG*bVde8bI-mJra=mmI
z)A5qjDOWw@@#*J|8@VJ?m6s**qYh7hi^F?&NJAsfNc+fUO1F@RQRYE6^@Uw`;*yg8
zmX)||naJCFk3Fvc6q_17S$xt-)t1;hplhH=TT%X^urU45fC3%xgT;n&5oM6UdC6*+
ziCx}PGJJgfeb0B9E%&7~Wpn@XRd(2FUl|;0<oBUmix2;RC8!#kmDe~`)VlcSStK?M
z?>Te7iup=IP&;&3r(aMztsrq`(?Z1D2BXTu>1jgzP;cJCJP^_$M6NUSRGp;J%nM4C
zPC-h{;Ql%D6N00auYUayTWTjAipra_W!>$I8|p5WI%P_2@=NoJSfgPdb>vc1pBe+%
zy+{_4U8;4j$_i}0x9MP$Z+x8-?kmIT!sVqa8WUSN=}a87J+(0BzBm);oVFz=iA|K<
zveO$vd4!X7bLCi3hN<31B0rYugeZp&FyooahSJT^_bz;Qip!R~F6*?05%1F7&zh+)
zYwO+Ekmt$_{v7w%B<`27PW8$x4gA?UvxWAQ&~TMpk^LWi9M<hReOBu*1dX3=<8$d=
z+<R+Gqr6jX{G0cP6io;k?0a&P^xozpaAraOjy@kqCkr5zc;wQZ*-H`UFZ+kaPY>>`
zjkNxxCy;?Z(EZvRJ7CP&#&oJ`JY`^?*`bn`5M3!s6+LDsI{EUv(cuZ937*>xT?X!X
zFFd+D1gw6}^XJM~*lMMaDBZR<X(8ED1Fs9-j;9gQA`8-!A>mp5GCt3bU$^DgT<<>f
z6GJAupBWq;#T}abwm5RQxV3qs@Pzn7*Od87FWV35m5!$`m%Uz5{RK(-Vu2eTIq~L?
zPO%=E<(xt*OO3G0Hd&?qTDl8k+n55z+obp3C}fHjUWoooRO|REpYD_1P@sgE&81v4
z$lSY7F2CoUwc#As?%k;&t&9w0UH0Ua>#sc1PDmIzQJ)81Wz|gQTfG`srLaBf)m2<m
zXJ3hypzhHPX^LYX>s#LLdM<vykWhI1iLUI#K%KU62uFXLR+W~o<u{y+)lnTg$b4)}
zIZJx6TMKEu@4sEh8B#BgOBFZ$XnLXA8(~0XJ*Y^R*r{w%K4*2XU<tT@yTXdz+ZA>j
z9L|1m|9L-IVsl(%hsuM&CVLZSVGrq5?h5!WWed%Q*&hd5b{syLGjpcWzPqa`UKT1v
zq*5e3*)u%%SGEJialdXki}9f1xQF8>Bkd?@KgsWIWr=X9U^R@54yC!qPfoL*2Zl)N
zT-Pp*J>-AT{nVy5s#f;+;{Bqu#{jCW>RI!0A_X&5&vlUXVXtgY`w53fXPk3wez>z=
z&iWyPw6Xd5gG&BmM@VUXYc^?KG?04H9ANK|=IXVkrQ=(U+vgK?5WAD#{c=8v(^GT*
z)L`xsGg0nLEWOXq4h1`ojO<8^^=EE%D>Ajc=YFE;{vAdhoKob%Mf(bc$JU+4!Do}p
z#!ofs4JVjJ1v1t{-92VDH0bCy=N)!2^1gBRcpmuJeR+50!q-zpGn|(viVjZiW=#cJ
zkeaXYjrF>De>1Dz_lx)O`!`Qoc0}|qDw)@YM+Y6kFD&>G7mpTQY8u%PDU7!$tc{?(
zSmW1xYy78|496qp=DZ6tCX?ZA+EXEF!}^ggMZXLk{ZVnSb7vkh+j0D5W*enDsb^ox
zi{jqI%uOoYGtLqn>29}d*YI5_ZqOr8d`E(OIDb2OfbARw3e=eQl<JH7e${@sjQ2lW
z{esR#9v3n?!G&7Vz%fD(R$J9IDyHL*o6To36e^Mal8EMX;g3#^MXHpvt68_C5a7UV
zn$r*eJh<?9W_vc|L^^n8ubOek8a&-{IFXbodUs>m_2O-p^|o|0y7^t6EPaI?ELwcm
z7q1%9wMj+A&edBl&;KIQwCRbzTjV=+2B*7?_O0Pfmtq4hca=T9D{K7eWNP;C!#AmK
zL%wAYWXTdLb^_&A2Mo8QXf%v$zV_zaid}#Y)8f$FrtZh!Ey>SqrM%hwf+>^ODST-2
zwK&%;x0iB~l7aO0MzKWZu1x=*cDG+dTObc~>Sul?*h)tp^QUynQ5`R{8m{IO{W1l<
zzaDotOnhhH*L&^s2Pu0LDX(xb;#bGs()7=f#lM!{TWLN%QZ<w*CRMV{{?WB_t>RR_
zce){|YRDLUl2YlhY^yhsu6Sp(|EZ~rNo>|l7t8Fq@1j!)Uq1vb8SZq6%b&nYY&!(i
z;Aj1|d6HUQ?nM{%Ue{^xq~0;zdEY&_tJ<x{9A&_>d49Fx!1B!J<cydN;t#%B==^0f
ztjy~r0zyQykrp#7)zf(Jye@>$B)(_DT&lM?_U~AGJat0d`G)Y&^_5R*juqWpM-rEl
zO8ZL_g*Q76i9zR|22<HJ9<}AHLwn+mHG2b1pChhM7)}q0)9dA9fA-IfXBTgI^DW`!
z+=e^(is=fLadvMnkyE-<?45sgd}PM88O+P~zIL}-Ax=?c5`LVBWHt?NGCngyen;6e
ze8G~6cqILd{bG07E#b#l>YThv?g`jHhEra|_<?>)SBNh5{ceEjk8*joMYen2obkvZ
z_u(@mC!5Sm(=$XuHi^Dc7IeFt^TGOZWRO=%f4WZm*w5Xv*_DJ(T8M%{f8<BCT$Oae
zk2Vj#U2%UWGTuvib~}ovcOfUy<-v;`P6^G2W*m0VDqs40!p+1bGaF#U`{^&sy3;z9
z>R;MQUugFl#LRKvf5k*(-B~P}zEfo%P%yLkvVFm2AC@y%oX8X4`K}vmsfqVY2rHN^
zxn6u2h{i9H;(P@sM=C2VmRB*H0yuqmKy~Ce`$*Jtftgc*vwr3JAquWzhYNk7P0Lnz
zB8hg0mr0_w=LE%07F5m4p1Pr2%>NPn`7Iu0SDUl4U4+{0DY>yW_rsC&PY^q-p5EE{
zbCdK=kCZ`n1m)lPT=8ws?qj3R*EpiamF^plB<%ZmT4J-zV5m!3mCwz~?G7`!N7q_i
z2zfmdDznpU^AtH||Juamufjb?n~IKQg>Cd&KEC~+aL4PrCS{wg*YjMNwej=4`%OPB
zQe`GMLqn=4^1Fxogsw22xDzh#Y~(88Va~}ftSnlkh~Alg`{@1ax(3S!50{R#SbE1r
zXP%wALlU8;MvCap++>7WT0Lp`__ATqz&ShU`fc8C*Jjtbm;H=lo=h>9w<4A{@Tw##
z;e?I$1srgrG-f*H`&(Is(dOr6!_YE=8z|RC4h1wfjro0i`eon81E1yS&0C^;MGJS|
z8~J8^x@NO@*^U$6-%pJw?AqSB7B`wfJ4Py1QSjSSy!)cD4mmJT*ghMKvPaChu7ysG
zgfsPJzIhL#VvYku&LwIr4h^cjAfE{fi7hoDCxkw)S6Eqku08$mbgGf+)HVsZ1h1)>
z(3f4>uM>@%@}tzeE}zL2QE4C4r&g?b{JV*H5^X3&wc|<p2LETy4qqbrE00(~3v^|i
zgHRrjEX~<j-c{ZzLEYy=8Bb$+3a5vhDkrvfxO7f3@W}gB@SokCa^LT5-*zZFUTg1Y
z<=fNG(?)7~<cJ<l*a0bM(3%-ezs8(9gnl+Y8SK_{wzhQtWo0$C7c<MQ`*!%A(UibU
zmeZ7x`Y!{A7v6Y06R0codekoTBs~enYEJgdhm*z0F=4y`2Y(#R`jW7HXTXPe%CS<e
zp40Bo!H>Uhfs{q$Bi(Rgaaf08qTT5#CJve3DAgg?eZ>6s`@Y@E$o}W|r>1&??4A-j
z9l&s1-QwS&iaeSp`blUO6!Xo^E|mqL`rm70-=9hU-4Ft-r0{01zuediuPKa$c4z@f
zYRp@Y^7*<_C5Cx{U{N#yVo*-;J&_KbctoLviExlp6{tcZ>Q7eRLE8|iVUpB}5an$A
zv0JOMzrZ6;>`GO6sewJ7Ueq43*ZB0v+2hYzWhW2Wn214VnhN{{^CY7e#6&8kkzeqi
znVj%E$oWQ{_}v7b#{O20Y~+a!;?%;7G~eHr=BwQJ3)6KJnk+RMj$ix~pQwkWB(*>b
z`ScIZ_8+54rOYQUd~WPsy?1Wxka_+i=Q);Xo*^-{mO+EP&N|EV!!tq^vJq1<HZ|fr
z^h}1ml-8Pi(&9@Ac<K6n{RhT{kE^7$qHpt|>cI^jUkS~VT9aqM^XTG8$NZsp<N}pi
zsyM;E4AQ!3svP8?u29<n+}1sCBIVr-#BGmLMYH&d_+8beyLxI29?l)?0U~Zm>SCWR
zk`s`f@oJbo%mp=2vxm1~q)VMZx$HRsErbI%TRw?qh;5JzxZcjs=n0^~Y>PQN;J-yH
zyei09=ymN|RosnPTByu#I9dntwQkt5M+ikGLgIx_lG;e3)ag1}t^C+6PD<JXLVZ&i
zoOnrT7}8#WlcbU*sm^8((UR1+O2{Te4tngvUvD+$y`6cBG0m5aENp1pyL=<8K4}Q*
z_2wja@W#Nxuvqk1qDGXjwO^_|?=t-2z8(Bxk5S%S5={sLn1`37TG>*js=eUel_xM3
z#<~*}J@ttT@7sOV_SaL-8`{4$0qJ7#z)Z)t*Lx-~2@9+v(I4mBpnoy^wI+7f3>I=m
z#XfC68h82wZBz}C4k5e*%CQU6<Zx_;8GBprSRkSI>M0>k1O3;3NXFd2?E>jcXO9dm
z!}OAg`6^jhEu)NmxZ`SmFAC!+ed7w$sG9Y-<Z&T#&{@89!Ixl)VE;?E&|yvsM8Gc>
z^E@4%@jZN8=4`NmVYN<PoS!_ur9I3K$(*HNq}jbuCsg3<<uusCCe=#pc%qvzEtP>6
zoKn`p4y3`e^g#E(3B}t|LTn`(X|xM4a}xUF_T|81Zwb#gB^VoJ;73mTTa@ZR9zJ?u
zP{{8}8HsA2fwy1@Zs+8Lxun!Z`et5&-&EU9tQ4%e0j50;X6X!ab7C>Yv<#&5JeMZ*
z^b;uhM=UK2dv8<7mIsj|+rpfeZbSCP8PCQZ-5Pbw7#|9U)q~oY1n^B~n?Wyjw>j14
zga*95xwhPtB|TOLX$F};zn_PFJNZgVxH>${p8YViwkYc;A$HJ7Mtd80ha8++*z(Tb
zmSI4n-2in8ePHNB{o<T~PiD#AG!lkq1neZo6qBeD8Tc=c%$-72*)UX?AH0o6#(0~M
zYYH>6ap|vdw3n*bHJjzyBO^9&w=k#STh&SIX&UyPnqF{tx(+Sps4Xq2e>9ytrFBjq
z3WkAjqw)YfuU_YDg3YI}=XVYw+vlI}J420cf!|j1u&1}Uvylyucx7U5bD)HvTNn9!
zKIF~VccHwS^=H}RMx<5G+f=buhveE5tf5O@l4{%LA`=1yoM3=0C$0<!<sJ;dk0c!z
zC;$)Sga<0nvQ*i+q5%_Up68fx+++#MwI8@SXV_{hAxSj`)O1%gO`=6X(t~PX^)TtH
zVHt^~3gX+jazOm|WF?FZy}9=*i^N*b=XZ;N40#xDyb%ItRS60>u652~_&NG7#GMG}
z-PQ-;qgI@sZy~z{k8lqVFnW_IMi8A)3TIA@Y9RN>Z1Fr-LV}i~k;FEprW9s1Te6#*
ztNDk+Hcla@1^k83LMSjpc9h)Xq~dxVn2rqHygmcpSEy{wgBDf&mZeuAMQ+O_vGjTD
zw~Aqa{zjC>%yL@ldcF~q%$y`S#U8UN0*uv|Qr`Ppmtea?vKaGAM#NHEk0%%u*#X4t
zbRao~pMmFl&*_^?h-I%o3sh^L`wkz9YZ{YJ*qfP%rJgL<n#_Yyb-^Cds~mA^O1?n8
z_W-t)kfUmi^MutYrwVJx(l}~MIq|$o@LWy!Y!>bqVQW5#()U(@%DP@#s|B#UbnE?E
zoGna_&BEO2v`jXlZQK~$_V~48&Na5++rS%1K!azVU4Dh*#(KS+B9okQEn+Eo_XD2@
z4VNy)^b0S)wm8|CX%so=)HB=GogmFYX?}Lny0HBVZw^m$-{L~pT}1>O9<-mNmN+Je
zQfF7@9E+q*jvP*B8cg|f-g&$h2J+1M8HfO}G;cTG$z#W0`<>1+%kMEl1+wul^XdIc
z_<w-yP@=C8U~-ZB{{priZ`bnXcjuB?2ZI)Hnpk~yzxI%q1s}k*Jxrf{;nE6f^MR7o
zHc9F}hTiHiwm25BkNFJa%aJgTW7Cu5ajfY2B!ak@M>YbNj15qJk;rm|E$84Zy%MF3
zo)Mv0u;QhSw)eie2LWlaZL2e6(FtX6ru|;JeD72_9key9U+cr+=EIoaoXPe;82;Sq
z4kKYdiX`f-enKzju9RUMmIcQFiOK>i4ABK%EQn9EZ?AKW-FYUTkN9UtlbbM(+mnUT
zR!}W4iAXRzymK9~lt)@61e+lMo%vk@w=Q?s5z<zb+#$O+?YJ>9=`-uQMcbf<3lvrb
zw95<;NI{`?DuHqpNiwWnT{UukNOr^O3&7F8995u7or%gv)~994(vxV%0C5l<Fw1*G
z#wMr66wf|!xsxC5tAr@$VtGxh!QJrMd-6emy-CC>Awa8Hb=cB<gLa$klsQ6zYM<Gh
z!i~zpViIZ;$b49RahS$yl0tiCAuXC~vk_w~H4U*s?-pXCh*8Cr@Z6rqF!gJHx~9ZV
z1tb7s(gs=xoa!SbVySj(_^B)CA3sC~E)N|KRwI^P!9*xvVoP9i?LR9=C@NtqTV<>w
zn)6FU?|>j@gu+V60bE^*Xcq_ALw;WhHItNCBwh;<wxJTYxHNj+6+SoirBqypd4SU$
z$)sr9R!=r~dS?Xhmz7y-P=G=mIa-nue+Nbj@?{@H<`P6Dsk?kBr+qFTYmb(lde&_s
z0}j($SfF{{YUyvQIqe6X(zpfQZR1orop9<LSq?jE02{J~%YHv73lU3=m7>vpvK7e-
zTd^TNwdZjPbMSDklFd3%5UAHWNIeum=hwpoC$E&y{$fIrD(}>X#@yC~J3FVJ$uoLf
zb4&!$a3w6XMg|w2<ptC{R$W9UVrP}vPq}I51y4}|NNCH5r%>}qyeoVIP+sIVgpbWs
zwu-Rdy)>CQ==%{ThsCf5jnD9l^@Y0LvUjNo89IW><%gAQqNUotR4*tYv7|Hb7r(!T
zZ)Z;^x{KK@?Now8Eh{gG*CG9n3&76Qx-*Ks{(F*IQ0Yv8dJ`3!jf`Qb+psrxVl(1k
zKilPR-;xNZk8FEJN+e{!s3J}rOt;Kk1|G}6i`UGq2OD9}v)rm&0IkzzQITA_fIlw>
zYMiuBIq;wj!93MTJE@{kUMS_$eBxb>-27u_!;a66Z1P&IFp!1ThSh<eg8c2LOt7QA
zq}$)8pltLtp}va~PDqU{V1n6*GnT4Xc<Tmk)PjA?&=|DyLjAT|T$<r`4Q7HqahY0E
zz7y1BsxjR~YK$QbB4zJ(vQZC*hzb#_&kh};SjJB86Hx_TuXg3hS$8twp*en0pyC2-
zEzQ1cPp$J2w;~@}THcp|=knIDStPTU53U@Tq<pWnS>s%6zga|*dOBD$8<~Q)Vd4L0
ztco<8T^ig@H3aqgQWii0#8lk4IP+necW$+xssQRFCZl!w&aX%Oaelv>Fz>s96uel-
zA512cu!oA%NK^w7Wqb#D!M)@*-GyyE)!8TRwz>Aq?u)|9gb$#e83yn^NGBuIPFu#{
zeibwtC<L{vUb`a$ukyJ3^LDq&6C~E>g;t;@n|`&U^)nwW!@Bbx+b4_Vu8D0|#Z_&P
zmc$M^9bqL`6L4U(DSsL5cWNL?YT$L<WyJD+d1&<uJjKPAw4(Q=0G^+k>(*&Nwri@b
z2zz7-WFJw6rRyMR=a}W(>`8Le|0c<`ik2UCzkMG(WgtnlP(ogeXM7=af^kHC8%MD9
zxYH-zrqmER1>m#$9=)0>n8_S?LfJVcg3X@09pdoo=a(}Nl!+!F5p6p<7@NV#s=7p6
znf{8x0_Mt#PD)rPNu2U2AyJ+ECav<;>u#yNrMVzGSefNI8M7QZ-<=~UzA_)PvMQ@f
zz!evCGd6nv*I2*S9ab?FEl&o5tY>kf+2~sDdlwD`0H~Ut6R>`lJx)Bv9>CMFI5ig4
zxOwcnR@Fl&%CU~Kr`<<)z?&wVvH>8_M}f@qCHz9K@Vf`4gxcn)s}w9|XO~PoFC%J%
zi5OMxJU3W#3AYu8lK5t4Szy(a9*?a!zNfmg#`4iNU$a4vpAZb1JK|hhS4Xe&iY)(f
zum91zi&B;M`9eVNE?HOm%)3u^P8<q5k+~6kwX3exp$q#9sISuUez5s9z+uA3vgtJ7
zO3;{Yn;w64m4zR{(jr9G27MTmuE09XKjfdDOEiv4{9zWb$IwlKtRw(?7LSUMX*k)c
zvg+ZA>&oQQlT%->d^VFqrN0?Jnfz;oe?tEQitZrdAok^Obe)4^`SQF{%%x~c&yd%F
z@Q?ektCt+*@I5#A_`$pF;H8{?<u$^oYzE$h0|<7OxaA49iPfV+x2i{D5%*Nnw}UTS
zQ4{c*u}3?<Xxv~A-XZ}P&!<P(%)yy{5{2tK4f`rAvQ`OI+MJ&_6>Thif(O1q3DxMS
zR`=F^c;HQ)EOXbHwF*7l-G6g-{LS3a0%9zE<tNqxJh#rC@r{jvnLoshtvBB)<D@6k
z&WOeS95a!(jLe#T^#09z66rgk^DH}->DEEKq%X)}<iHgqOjEiwzXfCaDzCr`+?+kp
z;nxqIAe$KEuOGq~TP0vX9?JLO#c(SHa3|POE@uii&}rV7tFdt>gyhqhb9{ROQK&Fc
zrdOLl-!Y@2RkK{Pray3UzxN1J>(<AZ#t=(8Lb)IQ`^_Af$y_jWuR_tEX*5U7DZkh5
zce2OpK--Sh-quvdtj_N=?sprYCu=l@CC)PqHh)ywejdw&;efu%Zbs;+YWcc-ZN6E#
zkx8^|m|Dk*6M6E!@H;KrXoz~?r2hTE0IuK-#eixbJBtEyeJAT(-M35-ADXN$jph%6
z^x|e(F`=^wjd*MKGD6V{yU0dTjGm?sh0?%RfOD0Rq^5fh=~UW=VTq;dy4X}L|7;MA
z7f#{W*+Ft3c7Th{(q3r{E`*?a?!A&6#16PoTIa=n_rVUXdySh{nuWe@2RE6ffPqAN
z+0MSLWTUOheHDte=><SmL8E06o*8OQPQIpMsd#lCh|m651)Fi<D{+=>oVC$OUaLG_
z-@L44y&Ym&4tsUn=qmcYswzg}a&qHlE+7k;eJzfi<pck6dibz%pFe~L5|dqM^d?-v
zdfjZqRtMP${*V$B)w!chfU@E@-vIl+okZ9T7s^vjJZ3VJFaS|^YGex&U)^vP%RbAj
z&I4=Q9zx@~4<%;f-aB~ss1oz&6gh9Fo1$CdvU~M+{>PJAhQRrO>qHL%kppD*-hGfT
zjP0W6|DQt%|2w|}EDp2g^lIu56GrSy27svJOKTw)=91g!wZ&H|(o6gLU+th=2WRO$
zI${+jHl0SLEbJh+VHrIe9u@LqOx$q+?IqD;qfQVg6~1=(bIZga8Zp>bSJTA~>a3f5
zDH2^b7)Z6kO>2SQ_7!xYMh9ts{_&18{IhFVCiTniauJi9rFmI*e#vH*vrh&WnlNgG
zni^`Ty~X20>4Qc?+lMuL``9q@?@u@p?3Rec9w29!HK7~nAbex})|o{R_{yy};NUdI
zz&$L>^L^*VTI2i4p#vD;aY-?OE(@DZWh8D<-ko2{nsSia%z%?q3KQs1l_ezaWBoU!
z4qZ;@PchIJ1CzauwZ4ZBWu|;~e++KC_eid&hHh;Q6AMHQv{X>2RP@gz04AV!udH{M
zb-K2k2ixT~asx0*Ux_Xt4Fneuw4ET8Ugzbl?t+c@_XqoX3Re0x2G%Bw^^v{JzyoIi
z&w#Qcb|8h&8vJnb&d}S|Y$(VR^YN~5S0Z*6O*hj)P+;Dt*X2p-0urEi)bgSVl?v9{
zhMHYEY}$7ebage68tC(e&5HBS&j_$&j9-b#E~3+#c~9*i!;Rx!bIx8q!x73RSbc4}
zun)xoUUL~^wCBaGQ>#6~umcu!vo>vyt)19uR=kd`-?`0;pOpz%eOY>rv@hjjGSk5S
zTFupe7sG*SX7h&RO637`4P<n-8x3i>f6~EHWj+%PaMeb1Vaso{N-N$p=AewuAQxvY
z?<1Hhtp6^2vQh_;gk+10R5zV4#tRK}X+j_T?S_DE!ebt&Xgq5F+_TYQwmm%ON7lp+
zSOK`Or&?6IvnQ>5h!~W*D%N6&XZ}Nk{>K+FM`etrLTpf)2AI{!gqLO#z7)ZFg==>Q
zit1!@L<|{dPBD?L6Iy~FN3{RPeIrNu^YA%1Cje?p`}yp_3<Nu{Z?7m>w@clLk6foj
zRpmxK19lG!vutDsP_rnJoN&O32G>;7(i$O3re_na30$aS>l*4-;>!l-rNLQ&CDOzl
z|3xwm%r_i}m*OdkI4?Sf&F*As;0e9<xmdmJXwD&#jKA1Aa-jK|2tyYJ0pH16p-xVZ
zi_vaj$`GM?T@Q?jGHQEn^P=jN3Q|cdOGzpn9%M~9R{x6Z@z2@AAJ~i|m+$i1gPjj1
zZsl5J_EcJ^s5$eJ>qI<NxlrYz@UT_cNDY=+?n&B?tG1voE#M1(iD%$Hb}N%0F9z3}
zOa+g8QiHXQ67heYx+Oc3wAYrrgW|j<_T+4sdQg8EP$;dvmY(&E&{=}E{Gq?f;$Upa
z1wcUcNpeunA_w1I0Tg@osd3{f&x;B*!B6L0?_y-gNwiE%U=X>@o5-54Gu(6AP^|R-
z|3p->kyE}y8|Nr@3|%A~+1Vh{XpOK{?LFcAfv@s9Ncpx&tJ9a1<*@_hgybd2$->CV
z14uSOi&#RT0)|*d+cfj(W!q{7{v0mC@=qh<&W^38rb({}gzM<_&AZ5VbX|%Y@XaGQ
z5oyfPqn-AOEzCF^47+C|uhiA)jATFn!#y6U^)51mfGhd6Q1gDj!H38L5?KKG8U;z}
z-;6W{uQzazKtcXd&G0n9kaZ=$>B!!}qpC;-m!q>D!9m<2CE=<$>G@VaGZbE0xjet1
zSX<wxgcuUCRM{DJ9R}RESlGH9!dQEp3K^S$rhj;9Fz~4&8*(!@ux!Sie`M{OB?#Kc
znH?oqbhP8vp)}tTt&K8H$J$f$-r9QLw(duHk=s6U80~#{?}LfQA?$!I-A=G+a4d7B
z(fOi?4su~~y&HNJYNuL(#fEGIHWqbcV78FH^A0T%1nQrs&<K}6H*elat^oO{R6ZMW
zYfn$fTBAA_C_-!9b&x_U+m6E6czyb!&_gd^V}bWf7KI|4J+C2<6J?U96U{2Y<M<4G
z{!P0#Y!eHN5`)e1{C`u&7-Qau|GRG-oa@;1Ubeb5Ik;+D)Nx-*P**{gXPs{2tx2pX
z<i>zBOc=u0DiU=I2iU>^EjpV}qn3At8Fl1!Yvh7gg<U3)kzGYcj%_8kL1cV&hNDF8
zPunaFF2Dnin`>b;<zi2+7LurOkc_*bYz^>6xPP>2Ao&VUNbiM}M{*1&6~ti`x>aK!
zg~TSBsqmqkPGSx!=zF5+4x(MhRKz~M=%AtMA+t<gy|kvtB;qgXtiLvomJfz=?qL?G
zg+Q1=U)XcPc51M$`q7lrlm+EB52{{ucB-LjU}Xaw#5ratu!Gbmh*b}y;Rb3WV#-ZA
z*2H`;&++2fyN-AtBZ|IH#Cbn(Y2EQ0^*3EcSUscW)Sn8A8)XOM4dmAZ*iBvDJx>kO
z2kTv}ftsTAc2+BauntvqNT!&?g1^+4p{#_R6`<F<B10(=SZd|TY>G8*4jnn(<Fetx
zgLFV=r~jh!EjBt|iX<Ci2iDPb;Z*9}+(HJAJdQe=A&7Qy{$FEub)WxNa<<osOD`uk
z58y`dvs!>3%SR`NJox<12h6-yw#4eo(_g@nZ7Ii^Ujg#{qcQ&%&ECJe3|u+}PW%97
zWB{{gqTfb-Sptq!t>3qk%#s0yu6AJPYE>CH6(T5OCCPBwz;NJ2x2hFvI3W3~BS_&p
z&+NeAnzi#)7orPg{t#!{8IZ8K(sH6Hp>r#wL`v~mb$uRpw-%~w!s_$T`z@DCKD~Oz
zru?V_3ZUaP1Da}>)dhqv^+q8tp1gY0@fHio`E*WaT7h-vMc%P(zf-r5Xe7hXd4Ul<
z9VZAo{;+IeAOw+OauBg&Gvw%dk57<$N*px<>>wLgc>5`CR2o%v_^VZW)NVx}w_yR}
z%esO>JmkNt53ZA>LgqFGq*w@Y;k6DZw4qvovAb8%DnEdc?SSWhJjRlp`niV}2MW9z
zY(ZI_*2Zt(aPBTC5YfOK&FY+}I?rs^VuT83Bb@d44Sf74JLLh!L0y>*?NV*;^^ZPo
zejZXgAfk;qngpKVcfj<ufazII_DYa0_{Xo^1ngSl1_meKxz*hCkN)pA&W&YiB?8xr
zZmhB(z;P#BP-J&;--o)~<35x&I&-jm4Y&lSfdYs6{A+T^OHj1GfIExOarJ3%Z@sA@
z*tcN#^en*nAEKbht~~6J$a+JgkuiHl%&LHThbV1Oy3VO9Lk#Ug0+(<7S!SppIS6UD
z-<C_N4$6LJxRc@zw?aaWDc~-j!owsQFJ`P4lE5_?NGf>h<<++}mH!X}2#wuf&ti6(
zfOiT;{rSZfrqfLZ9x|q@ObXGMU^krCss5?Q3l^>0z#?4$P8HLwsu+}vNbns-s9`n&
zJ&+HV1i=y7Mgm7jn$Dgse3yG3pj;&@<)1x+KO_`_Em-py--AZ2!ktYfQAMw(l&tL?
zUX>xK#3l($fKpXGFm7FGjJZO8$3+tbDo0FfsBgMm{)ZckP%uU>S7pj<OQIdbjP>_3
zLb<Y$#uqiAI&qX^4e!XFf9{(%+aa*wzsGiM?6%&!z^#Lb0x6lDI4>OvUL8N?_}dTe
zy*M}OuRz<uMo$g;V;#h<g&F#CKW>o*DaT#9O89kRngv!od!OlNgJqQgf{}L@QBb)2
zSKP2dkW3CA-O4V5O<+!JxR$y7c7_|w%PekEcYtbK=Ux<4XJ3Nk=B117?zPQgm#f&%
zIz2te6nWVw(XV!~aH8ZE#5dJzP>{5%&V3IfArQwoZ@Hl)^XG!F1H1rO6%_PM4$ku;
zCXmoh#IA7l2#|v=Aod3ZZE!F{9Q}4$&+j5QC-G4FqR8GfRD$~)-w$@Z#!}T!#fd+~
zq4^}cz<*YEt%N{Ij#z4q2yXk+j{Y7qJwjL60O<!TYNG!fGfOfT*k?FYVa;Z$Sm=~(
zKSUz3+$5>VF{_nqAlSm9_WBLO%zCchg->j#;AY#f3K30;zQ$f3<6?Di<p8+OKeJ|M
zoc{TVgEC^>k#d3@ZmR)G>Ot7a#hPpG(3Rri^+mIpjJcipMJ*etXobS#h75cSMfMFW
z<-*?ShZ)=cU5Z2xN%rvr*sCfMYfmyUSN~59C3Ic^q`ulKdl}rOANHd+O(m(oy5)P$
z8!ZMeC@=bLx@pbSvmi<8dw>=~K3?8S1eTLZxUzmB<lEWiM+~afGnkKHg7u%wAwap~
zy%G}brH%QEu<$P|Anb!@%zLS1@St66M&DdM?c{j=9T;uL(wd{IRIrOpP(Pg$0+7^b
zo54UmciQ%ny7E9XM9e2)8Azl!Yb!cS{DJHH$1V+y#Sjm~LSDjWLFqq{%^G%oQ#3db
zN)ub1N8cQjr2hKp>>EWn_mb`n``M1e8tXyY7J4Rtcao8P6bn3pgkaRi=j*Gt*<SJZ
zQkED3bY3TgJ0;;zHPs;DDdtPbO=e~dwiDj{b0F}CB?zJFM%t|daic?My^0aLUq8MG
z2leuj$A=_xZ%UUDu3n0m?5X=Gew%@C5lgqd7ojg((!YKLveqe^KEL_8)6c;+UcXDW
zsS(liQx!ff$XA<LJki1|-_bfNvgSXC6U&Y)z4cYtXAzG&vSv@s^`AeFpPM+f=Q=-o
zC?lGH+iWgLm4ZUTQ#ZI?gk?>{u(Q-6bl?&igywFD5Vw(II)M*u6_k-v(OHsU5X+&y
zDM=NB!q8cK0r1cM<Ga!FAkvw-6p59=d^4c;{^0m=#_AX2!)18i%a!EyZ$&eJV@>oV
zDANlw;@CUfKp}~Rm87~JUp%?@xe{`p{9d!J5F@T#e&q3~N;@$hN-k8hJXuO!e`@F&
zwwI&4ClCtnvw5`nN3qKjRV6Ckr3YkN;2o=FQM^8sfbHZqvtU{9Xk3gVl-L<pf0X<N
zLxxha8I+qLtyTTe?J8(hMkMM^RtwV)s=DJ6bdEnkG#au`PQ$F^Q9|bd-c6TVlV5cl
zbT*B&rF;+5tqHVKFTh!EYL7mo4P?05A}z<02pXWQKyVuJ_&Bs;24@-66yUb1q98X`
zQ%&Ur_|#iumhb*;^Zwm1$S$&zX~P~WD)5d*^d_K%v^Zq9#XI=qs~k2JEM!BWa0zK@
z7>*$~=z&cr4z*s5!)6g0@^V9FJM$i0@?G<+<*f&E<q7CLwhiqh-f!RJy=vfFW>g63
z7aQ{azyln%97r&O)t|t}qui)ry_s5`{7TP*P_h}Ylf;dh(NlQeKD-m<55*Vz^mXjq
zni)W{Dg)61oWN2yr{>>hQ<SP@O#qkgnfvZ)UnqaI2K;+M|4rMGC>DWas))tkS-W1e
zs9Kgi8;MGrE_zPr-3qW&)PVhnO(#saxdso=gdQ;+-GS%w>;VIk9=y7nn5M6?)oI8w
z0?F3NOf1zc>K6UaCB1_pdQkI{U5GWo7~Q<(DQQvB92^1HTpSjAR;@sjoFGX(9x@Io
zu>hD_nHq(bs&vAU2d=?ep;Ei@2&2pivZ3ZISxxP27`*gXzrckJpZWgvLfBG4VE1Fd
z#r8BPaa=l7N@88RN9pkF)$CS02Ed-;jst$j=$|<mh%T77l*9U8;ZveCy}9D}AnoVJ
z#%*sET6ZrNYG!juL!@J(?g7mJPT+3&Qe2amkpjH_e`2bOJGcq+`#3q^juxfxx6@%j
zStvqf3Xmm?jA)yzp#|$urr5ycb;pC@nxsc{vP9~)*0WM*Mjl~U4>)0A(l$U4T3|3$
zgegz%kUQtJ4EMj#DK`wV{>HQ8zwmIBU9xo4R=Bf@&QuS7`z#E2jg_dUUf>a1>z}a6
zLYQygAseX62wj(r6bj{as>3l`U?(5fNiWO{=gAmOy8**3%hn+SK!d<`lJ1^mmJ5*U
zl#{9d3Iw=WvGyE{X?cFQA`25+*x9!`e)4Mt4~SD>-YG(-1j_M;=-|^K*^uv9eUI8U
zK!No`xDF<^m~gQf)^ni-Mk9wRuR-%iVE$D?r!*?aNs0jzSVNO7>q2@Sr9L>3wBt|B
zC3HrEy>Rg!*VM;MCU>5GA3yo-<1(c&a(5y+MHBw!9*nBv&EJ(ULGi1<i!ra-Oc&li
z2Qz3aNxc{S+u}xvoy|hl>L5P=msY|EQ-7Y&&3`(lu(O(U|KY{KKL16gC$zofC$U3L
zb$YF%*u!JRvcb}e%;_`*YMAHk5ZvfNltsHy16&&Ed2Q9p;2BF`A{Db2!i~z%&js-f
z!NhIwqodM>tiy%7HQomQXaDrsPDwGvFpC!zrxLz=cXNA$7{h7bLQ*WD(*_5O%R^9m
z+Q$g9u=8F27S5RV05d=NDrxC!81$QHXCqrHNa>KdMfa5Ix;RULM)xuBTSaJp0ulTf
zTnF+v2j6=3DOGlUJia`+v~Y!T86O8dkLx2LUgA}CE<5U0<pXoiW@aZiQJd8UpxZ|g
zS^(c4s7qW{Lay>D9;4I5*v|paM>$u{qT&aa<c7a0@_)G7U%=QJY^kWZjjQHI!3bl(
zmHp{>@7*=ov23$S)1{B;um|=0+V`l$%$PpgufZlto=hY3E9f@5pLtAaI3)G#`mal2
zZ)|WNrb_4zJ@1q<opOi&mFZ)*{AX!2cCSGmbE_<T_dVVh*V?L@H(hh3LOJh&j5Lk5
z0bQiAShMloFqFKxgeTyZXx{nlWEOB;SV&TNz`e;(@TJo>vY!IAX!PIZc#{|*p})C|
z|IWjlXRpdX7qXevVo>ItmIN=}EEBU0-i66qyOkVML}EeKkZFHr?Q{UUOK(7gzS+W`
zyzi&?m9SlA;j<}u%C?%YAe-tR!=#YUH+c=A3Tl{vzpC|L`BnmHNcTA_0+xCR{pqD8
z;Yjm~S_I;1yWDx}PF<9ir|QY#8!#yMf{_jdl6Z97Vkqfa9AvihO(Ic{#Vc8}B}a12
zYWKg(?d|&w*xA-U4yc%&6mcZg9K}@|vkS)w$%xm!hKmDOVKDb%4#y05D@-nwNkZIK
zISGwwXv}08O<-B$)-M(^lqsZO*7)2+WHsh!DIs<4PRPTg2*Vr_6-O-f9a*Jm{D;Fp
zK!c_#bELe4MOP|?|9W8E9y<kdr@LmAsn`rdIz_8^@biw{!Jnbq;o92yEwyxINY-Ov
z`NDM4Ib5{}Jxd~M=;n9GR`Pg^<^;*qWd;6st1d!-^4%+uVTjwh8nrm1P|GjXys=FN
zg3Y5&w$=5@1$YU_SMCn}`hsd0J`lLER6doPQ$=L*mIV?QnU9pWZ5TXxt070+Y&$pS
zMl93kBpMp+4M7Z|Gw>T9ney@eVP8kty^6!fUbD*#f*A8l@fi=QuG_IfZ6ISS=18Nx
zL$jF}ZrCRWf0YAg0RlIk9JDn-1(g^F8O2vcp=X(90G=XLcJ@JpNohgr9yKmY6Zp~~
zz3#~FBl@2I6*on8`<QKMCbX><V$5Oo^g-nnCtztY_I#2dfp)RQ#e_;yVNUY#iBiMh
zS@EF~S#EA%*MJ)>q5nXV%|>jNFxL9;ru|ji=od7esska5fS_~_BUBQ)guG4oFn_L1
z64rL{>}yr<Zo5QdV`ucC{|Y#&xii051H<}Yt()7uyi-s}z;03HNBN0N_A(G4Y@RmS
zFi;5TV7~~G8LnD_4pan#KQ8YGo*ig3jC#y>x(Gi0(?1#A2m+CSn2}dw^@Zs6i^4-w
z=Z`e5vhw*IyIG+^hEyAB(tRm?@1UdueHn+1QZfj*6vBulRD?2_q5X_$fwQ1*5KENy
z)CIpf@z5|9lZ`xuR--0`6!7i;c^IfDeAtLd;Y96JnVq~LVwSj6WI!o=+QV*M6~WZH
z9#6_s0M9TerN<_xp54K~3T<tuxd*0YWhdcvj3b!4+K1_eKRf?_eXM-w>M=`%q@Vqo
zu{0eJ&P{3sc_bEeUJNez`_cc7ioqy=w7sLW*=;b}|KXHnGLeGYx*bJrDyhGG-d^jA
zMbFjz-xpN;ksYyt<T76$+8@62Dq*zyR!#JqF>b_HmeIq1sgN6U$>rY?+mY_qXke13
zAA()VW+D$5>{|)0%ooZ+R~IY;YS=DN!_NAKmgD?mi#Q<d49?X}C;LKcf-q#RVv<Ny
zdFW7m#Iv0pPfYnz<R!^>#IE<EXW1_|?^wNM3;0>bH<nKC)iU{Z;(yCvA!R2`&)W^s
ztcyb)Y|6lkU6=5P{sV6Q!v$|YI#shnJmH5qD~UNL7g#F*Jn#jUiFmVwt=xS_+fJkj
zEaVfNOe6sOiqWSS2s8q|1?UURZME){hYYk)xM<(8i_a=l!-f7p8mN+(g9KNd*)EQS
z7lmHI3W%m1t2mYMSbbBvfDR%A^^P9_v^TPJ0(-K>e|RV5a;U7?p*L4WZ0vGyTk$AX
zQ)%7Pb@m>IC8<$LhzoU5Q|FH-(7u4^vfJ6gQ!rGWh2oL?_+`UTDAzbZQGvD}ZLrh9
zm1l7cC^Lkh`t!`eJRQ*Jy}a`?_ZSEa;#{CW+A!F@+HT>T;ciG{a*Bm~`hoi>YUlK?
z)Pneq+Ok!IX+Rdo>Wk8Mx%*J$Eo|G~?_d8vwclYUNnHjh-S}FQxs4Z6VRiV^Q@6YM
z({y=IJe*t9JZj<~O25?z+_VQ_%)qbjznufB5W|r~ac*Fr!t<f^;oekN;SlAD0<kn6
z9U+N{EhE(DgiLmJ1hFTgWXyCr&mU7-_;vn(!dACZUoOk90RaKevjnd&Fb*4Q9gpPA
zzXBTWb<t_B;_bz!uJJL&t<S=J5Wd3!-YWsWqMFrrrrmc@FLn%z99cFmaEYApepTH4
zB7S6MgCZJ-UC&v?MCuvSAw=pEIa4g^DXBWF!pUHtTakd=2_5G$%d!BLhaMWo!HFSo
zps+L!^qX>M8fd;{|5gcm9c{V%?Wo+LHz|g}k5mqAu<lhV=tR$rk;!d}<kC*1`rW)X
zTf3?s44$`lZuF|DFi(8*9X%!Sl16xgW%@Uq%R<N*$ZcLN3p&R?Pv}~O%0TweoC>it
z!d>?FUy`%@(P|i+!|XXK8Bf41q37OptL4vZQHy#vor9?Eq>!vok1+HBjDR%AYP@r!
z-?fSpCYemWT$y-lTpW6uby_ECSAG$&n|BWey|3|JYh?Y`N`5a2mxsY2Z!~=jB~Y2f
z(J$_Ky*F&#oq>HvIkmJy6-!Sz7}ZTrYzn;a`(@EtIsuM`sKZ&v1w69Zq4m>4Ma*re
z!NoLnop`De)Jc$__KHv=6g|xT-7s7M+-pgFnpA3|#6i!&B>e0i!XtSqhym)(GB!hm
zp78xs30J%~0{t$GP_G<6>o!=r9XbtGr(jltIJI4foRbEAjjOSWsE6tv*DJFSUzNIF
zotfwMd`}DZc28uV%Kr{1gCDl<5=JaHh44n?+nb?=@y;7N2AL84x8KWIBoR>9OZFtz
zAu(zcg_3JWQ6o4^*(8asHml8^pL}cs4x&oG`IqfUUyH)vqCj3l<`yapbt<j!FqwXI
zX4Z(qVC4VA0LMZ9ph{!*xV4uEazdNQXm7t;*H13{I<gorm=(YstZP-n`z;Q1|FqB!
zEXzVviBtg<YZhFON83W7QpquV<WfuBSE+<~-fu+ebxyIs?^(GI_i-56{CPM+?8Cu1
z7>b}W9Xds*%lQs9_18pO;^%o$5$?F_Sx6$RHeW^FApvDcrZ$G|HjSCCyFH_CkwQ2j
z68xmP95@a)Eq$%RX?rOnZ*&q2rGCrsUnlPb$3jNA8ewUjRp<w1?{!)p9bTqTjO-{Y
zylK0z;UbU#j_U1r*&AcWa;hL3JtyhbXu;Xw=-bMd&RnVg*+e0cSfDvL*-G0^L9|RG
zvwR9V;_=A(%O@RMp}GCvgK1WQqCtQ|FcvM!-hhwsPBO;tE56Csr(-j0QQQ>DM<cS4
zKZyk$0di>t>hUR^XHN#y#Sg#pY>Cu1UHQ<fFlF>Ih42F#{OD}^{S%fh(2KD~+gk~F
zqY>FE{_m4;<*=xSwXOkJ8qId}!}<QQek)VGcq+xnn(`TDB(&ikr0|O$p0>H{M3^$U
za7S}ausAx0gOSzGiGJZ)9Z@rFu%kQ+>3ADBKHc{zOy_j+zrsZ$<iL4sM^}a_jRwJn
zx7m}Z8;PYytoY_%-hq@Xh1@1a9)E*<XoxXEr@hZX!pv%>Z#e0WKb_c2=R@O04N$qV
zEDy2~C9a9-m&%OvjSd$2M|7d%2)_M=DDN{)PGJ#~i4##{=kxQsE3e^^^5Ug_+mj7V
z5yWbb8|LTYCp?dt?oK@=(_)<G=eAL4R2LOsx4xk4<!*-&e8u?biOq{%6H~hAH#EX`
zyVAP%B^?G0BjQgF#74-qKB;guFL`TuV116)Zx|p@cuOp2Y)m8PDU|oM1{ea)jJ<=e
zU3B53Ip|US7WS4aT|`zf9$7+Py|ocT=+s5?NqEAY7>#l+he(^Je_iu0Cv5<IprEtd
zuUhkcz3x?e7hNc2<*=Y<1=74$W1#wIS4zDy*Ko#FE8E(x?xV(93bNr|L&I-cp0+~q
z62wH=Ve43`cTWcYnQ$kU%Bv2ktdLqN`n#t%db=wO5xvKFSfR}wMqfnrgX&Peejt-s
zDDwD?e2#!TE>tT2cxk|fvaTDBYkHlzeyXMax}YuO=PITIy{~<C-UaD#W#L5X-1&Rg
zcxVc?o#W^^BLpX*5d%2wmuG(2C2#Ys`}e|a9v}Y6IdPVMB8+b$JnuIo)6uxI7k?xJ
zTi%UzaY?OaT)b-tI6Yp_NrOFxGN{k4qgTH?D0R0q$6r}ASAx`O?#zRMIE<<$J)VD}
zwBq@ZuD1Y_UgXk}n)sxzB>*ZNyg92MySDESQSbMb*Bf{LnD^Jez|nWQhW0$tN+zv3
zRW_DB+*`ZF(y?>%&cjDK;zCMK9GIhik8g^2x<%UPw;2LC-t)?21g`PkePE8i=}_YH
zy5J_qCdZ|GK@>K_3NY|nwzO^<;f0vV%+)UxihN<fm8ybwx_@DFK>_-c?g@7iYdeu@
zV|T<&O_VNji%N-EPd0KPu_}qvGKqA84L0~Og~SS!pssj3&OH;%K=f;}n0#V#>1?@i
zfXmhy`0xtk=ix4d5E2x^nLq94<<Nv);ut7R(V#J%zF~)~F_-c?zfV+YC?4L*n1*b}
zp-;PUx=9@9v5xpJ-FbWQh&q5g{XX-J3Mc19(ba3OUdcl0=Mp3&s0||2uw1c^b9(f5
zeWBeYW7Zjn&LI#?Uo;d!Kwd;?1V0A;>~4o9f{b}OAwh&dx#N8`SQjmt)X6<jwMH><
zw&VkaEhMGbwRK{d_M;ukp9<yurIZlSHLdfSH!wNyTW)gcR&w2jOk(F6WN9h~u|G<d
z2-_n<eO>g{gbnnWwm5OJ#1sEwuRB>1a}B($i#kTtd+)bK>dz{oH<2JZLc#}DV`7s#
zxuuxQxGf}>o&@#uQSx{$bEr2~#e+y<?U$hPMBA~n?=!P5&OY2MEVA0vhD2?spW8Hk
z()0DxYYNk*0jY!pZ1BUY7hEb0J!(gsB&f2ED^fe3Kwo*%TYdI>@Dg$7VYTo7S}kn@
zNZ<=;DL-y{iu&x4>zi<j9gC_A{K*=Zi8mF5Lgnv4%VnvNTW>ng^;9dWYS}Nw&WL_Y
zC)kM2W+P5`q|%n67FaMv*(4U+$iP1(QnyG@^OcdCg6a(Xrbsy+aCLAIm_QPR+mqnO
zJveHLeqjqst@IfX#l)tu(c4^A*Kcvr<@%H+`b}o%3Ld!tK&%zm%Bn%z<xVP9Y%nUE
zzzc$U_1B0`u1CLchH9o+k$D7oPT5K}lpqmYx-DCX;8G+}DqYjXZ(-;#U3Q9-D`Zv<
z^$<)&mcs5(kdvRd+2QLyNtUsTyiZ%cRJZOqE%j*+Ap3ia__gb_Juk1)q^Zr>0)j~d
zC)6RhO`F8}l7W;&f8#~9Xbd1h^2ZFV`wuLiDj177?f^UL@Sh!pG@!8iXRF8OZ2Z1w
z%wp)1V&IlmnHt%2enA7n*K%I+AR-7|hl&`EOGU8i+~G%ulO0zkdT<XlF`9I;N{k)V
zzJg4R0Ks0-2fWy12PximJYtv(>vS%(rUdaS^88*W2K7`6LBXH|>i@OC@Ykt_OBY8>
zbu#dlqS){?^z9`6o-)@jL15gyMW~+y#dW`!b6#i0d5~EAkk31e;}|tVo%UyyX1;}v
z$H&st{Ixas7aU5+O|^Rwzf~ih&<Zwrt+QaT|Jh?+z*%0VV(-rV=|L2nD?eL@X!lM6
zxW}UP+9%J<y?UM=^gQogU5sqNrgA`!aC!RnI~2-ZBIUB4z99zHh*8b`pjBbEzHCB4
zu9h)PKn{Et0gy3*lH_!E%I6hgobHjah2w0ICH!ZD;X(|o;vl|YRlgGUAV5;rx;i4f
z0vAduAo^q$VtZ~csQZNsL?Hb0dh~Xi&Ov#=w0vpm+LP{eSWE?BP*Z{`FVlNoVpVtY
z8fC;r<6b2;LkJ#ArR3UDf=bsj@J(n_1+X84A7UBMajtr_vbEgsAbGUeJe>n=1MV50
zi1-zNt3s98i`N4*XFA}<I61OY5_IpCXl`~`zZY!rC(^-~uIp-`C0*V&nebg@yg#&%
zRR}ZAymy=o#vkj8+Uq}j<n!C5tocpq-Le<-Yw#{t0S<3OtOnyvM=Ou2lO-~Yj<%j_
zrP&+l;$X?*{YnLvoJ8tULM(V(;L{&oeon$8LOqZ7^3=Lsv3}~oMFP|4tLDLo-6lbe
z0+KuK?$6k+ov0eNR2?T%H<MV-5D46Lg-;EkWD5Q&+%qV%3E{$08)>sDY_~yJG`tCJ
zWas{Cj|)s;kMDopz7O^oh1To%rhIV1l}JT<c%sqgatYm{sX=d-E}wJXMY(o22if!1
z<p#D3Pk&ew*T@W2?JwI%UNC?SHHQr?R3B*G%O!1GpYI@CL2fIQroNs7IymRNw`|8z
zRfryorP5mqz37IqLi8K}BZHl{6=3I5csE6U9vS;+tawD%f6*BlBvdw;-C^%P&g0zJ
zwR4|aOwa8*m4%$F{h5v4*h3@i$F8oZWgyow5l+~go%RwXyquUodS?|Qv@r`gUHg;2
zSdD>q371>N#w0rC_Hia3ao-?vw3#d5s*m-r-tNPvf=F=$E78i>6HwE5tH{wVO!vWF
z8WV-7d2rQkRGKMa@pK-LXBfQ6%3i@?*Rhepi^S5-K#p=JWhoV`g3_l<&y$DONbOC`
zXDM(4-^R2x5S|ck3;kB7N`iSd(m9IzOL-4N_rXec(k@tT3FgPjj8w1x8O4G=2vp?P
zAq-+gC=Sj+*gU*ykB{+jY3i|CcVEE}F?}ukh2%aa{yEr)lgwfFRQUHxXfq~LCYkA^
z=!uyD`KI00`~AQZ1V#qZsei0>y5SefcqbczFCPKd@T&OUB|gq0SU_>z<=TLBCA|=d
zKCp!--V$)fUJ+TVT~~~A9v!Cdi522B7C9?Bx?kl-^s%3wpINqHp)z{`qDp9)fnq&_
zdoxw{y|SCWu5ShRzWgi41sRMUsmeEpYq^PRNSq|W6+&z5DlBbrchP#+=0y*FX<Iob
zO_q4;;9-FtRQG77h#dUz(D&Sd`}}iDXMZ_(=6wp8xxWFHb|1sGWpHI#E;Gv)&0LL|
z5<6=&rbE(T;1k`XuVpiPGO#nhp)moK32k~c>8*UVH=@>n89%7?Y+eGTr!*=?g)W5R
zuky#p<3(o&1TeKY@G9uZinvifRB<tnWA@IrvFNEoo}b%pHSg6BOs0ABMt>OavCE&<
z8jNXC-S_lC4x(>``E!Az5@d<h2LB(xc-sh+byIr&U0a+b@234vN5*r#7rTKrjY<*B
zg<*qGjH(IUpl;?!O#c0nYoMd7@SPO3*h^EJ<-ls(iI@#;*T6(iKk+HDLzvSHMyNIe
z|Dsyu4@{;>k*Hhe3)nhSnE@c2xth9!<~$;HX%mU{9wMf&XWH^+Fc+_&S3W^T1@%D0
zna!LF{x-E=PUI+K9a8>02l0e(B4#J$4tX*dvByMzdP20z{Xl2-Y`+Tl@sDFf8-^!g
zhKjw4)z|R7D4oD&$O152;*}6gg}lS1A9K#*3*KK5=Cc|`sLz||oJzK4mFRAyC<JV<
z{W_V0{6B2HbzD?k_y4Vkgou=YfP{3TARsA9cg-Lnq0%WWEh5t0IWW{PbaxnZN;gPI
zgLDk>?76P{y5skK{^vD^v(MUlt-aRzyq932dYnX54o8rT(Z=%Ep+XB~p-TzF{L^-l
zpfR!YTfVg{gLN^%NFsKmFi-TdjR@McN)i26umS>h(ZsLWaXGg|krn_P@HJ@<`QI_i
z`!>>qZY!SMIDGIE^hjdiF(+<s+*l4h2#uSzG&CCgHaH=`ZF^q|9Z4SI47Yq>8O+ht
zq!5COfDpnLOjr0%2muCF`UO^YClYzoCV(@bsVvikP)-};)oc5tV5C_2o2+1De=kB|
zLSneAmRYUX`Uxp?*kk~)x)K)kTtVYrQ&&4UU24NyE7>HoEn)(eAzk7c>wPTx<KmQ<
zH%my?hIFJy-(ONq$(uoJ%w(XoFhCNhU4C{C?RORlB>;3VUakO~ySo!;QxM0h1eFGc
z_bYJ;T?ITzh^ZpDW$o&@YQQ5x0?h6N4rZ%yrG!~_<eU_wO|sKGOBNiTqLd%%sRc37
zw*rPQ&YJ2~z}Ks2T>Dc9NkJ1Ap4~-12?J~me_Ex#BGKr@wmau|@>lP;IEHSWNBv=J
z2L|=z-i=X7pnkftUs>7jR%|f2{4zU~4?qqfu$$*w-WV%Aq_5QZm0cn{RpuTZ8G_v7
zbK}avEX-WxQ3_}n@H)6@>PKXJNYV2r8PnX%3*=C0C}bNvl#2a--&dL$yl?0G?AT6{
z_x^}_v_0+mv^<-g^E%mnzB0Yrtm;ZT_ZcM0{92!1Wx_Y4rJ$ZtAzJQ#m1<Ugjj|(U
z5C{b@L-fc|qGeXqXlf*r9chU`Y!tya*iHl!$zHa;!>o6<;r<@rLb_fn0fK5%h(CqT
z|E`6!cp`Jr`FcxhSQ2_q(I{gS6G9cq!V)M)dvd0CUq~|dEHZ5l%?1d9tkWso`_bpc
zkqL$~Oc6!%On|8t7$GyPfb$_#!v7A_@-L_+5tJrGWH#(M#xO_~JW+>&T{#WBsnj4=
z_pCii*<nA4oX_zA>Lr~fCh!uJrf{TRFfuI=sq__Z0-T69{PGCZFvbmCt6qEVN$+o1
z*#-16nDtvNm-y64%zZd$ii~(8i&Gl}0z(vB{UW0Bqg=t(J8P!tlVg3?S!Na$QCJgc
zo5ebK2U(ad3m&-`y~hbwOYK#Qp-&u7^Qo{3(XcgefuMn-SVR2?1J2G*?)~Ls3XUiO
zZW$Jg)c+2Psgdz8lZn$m<k5Y`EzNp$0Ha;WiV%-;okwZY=-23rUmo_{-#w6A1Go2H
z2E5;4@!3x*Og5`;Wzu%0TM#Ecu|YhwUA9#>A#X;<@63Jfd6N;^jp~KwFOv8?vhTA(
z7|2FFa{I@)HWeCN@KaA)4*CPq*K10$W*e#^-$>R6R=!fN;&6v|n@Ssk6V$6O@*350
z9Rs>gHN>w@9Vg2+BU44sK3z9erq6gfs^l9~g)VnF1|0BoKwotO<`Bz(*fr96u3Qxi
z6ya>SJl4|<kUew;bN}o$v_Ip#{_x8%$Lu7&Kbfay)+OsI+>5EC@jRYWzgawczO3+R
zmes1M211R-V$@Wkvuy%@jmoZ8rQU^>V*kk&4)BJ5$`K0b&j!!*QiW-*FLzb<r#9_+
z3QC%}@?c&%2JY)&BMrvqX4%l(D1Xn^rjy?>aXry1#iFE=;_Zqe?XMyF@4ueyUx}#7
z<@1Iu9|_JK5qkh<JV4wTwWQ#-ewJ2ld#SQM<eY6LG-!`gn<UYOt=PR0rzy&Uv~4(&
z5pr36lCMz|cA<AW&W3zlIdHS2MJ9O8P-0^&pApRNi|W!OYY_5$Vl&-u6OyBFRQ+OF
ztw~o%r~X4@DD`vI+yQMeCt8EvhrSfUU-A)1?!4fmXocN}T{B<Rry7#y*3usr!<Osv
z6k;v!7EzW2BYU6*y@}#V$yIAql!&{>-H1lqC6s&tnRB*GQTYDh@PLV$?qbudr1Yqo
zETj*7HxbMHYiqTM!=#>-&Yzn1Mh^PLUKKZ=(?*M&*ic5)yKi5HKed^Y^*&!;<;#FM
zkLe7dBgCf}S@+l{cvv8olVK$T&VLX&f4CiX#fBPnl+OktuH#&`13CkQ6B!x=0nMEx
z_oA1$_II*R=RL7iA@2(zo$9xKjhDyR4lASy3VVzGKQz3Hy^I@9hs@5pX~YXtw&o6`
zq-2H|ke(2?L*kn}VC=LWnXpd?t$q!Ibmuj^f)V64$hy47w>9z?Z-KdJPbdW5)_Y!G
z60jZPonZgR%^$<eKI=78g@-J=I?7zWfaIvM{)V#~&WV_ehqpN_apgG0j+d<0#Jhr{
z;xipM`6BWW8v?wK&ZSuBBF!-`;FgK~2+E~23aGfcbI-QPvf=gl3B{YLr*Ax5xDvqp
z$xhH#J@5fW{zJ#_vFn_I1-z6hM*s=q;>9#YzDH*)MYG^Y5M67kfn?s6hxO2pn;I1^
zc}jZ<R;!`iBCDwtE5RJx2i9LgX@sZWf*F7G+aMzvUX0inwrh0M6m{O(%8kcoFO3=p
zS~|JC<4H3ZS43eFw~$?}OuY*gQ=Upo?4s8^LA7DWy|Cq`6LAMqtuupxVp*{4Q8_d3
zakYQ@y3Sv!eYpp7ks(U3w44;#1rr$Zq7Oox$F4wCU}ddr*z94<Bsn28iK+c6NTPKU
zZn-<hVltKrwfHhLq#Hpy{Yv3J59bk;3mCw(n_Xx3%#IOR8H`@h*F?~DlHfXorFIJv
z0F>3bwanwa72UwaNA3ZJOU!=Ts!L~mhYN^x;~rna83^SVF$5^BMuWS`9VaUGj}u|&
z6ou4=L9$nu9Awg$dP>k?4AVWsDeGy^-aZwr&j+dE9-WyU9Qc%L3xa)0lfA{`DbhJW
zmx2%Zl8H3!atp%^5bTIZpi$gB!uR2?6hRY5Tup;i+)?w$t&^Z4QZK#YSS#ro8-2ri
zXDe<%q)wpqK2<%GFi|6cv)__vq=sVnTy7dJ&(_?NZ^nS~G5w<TaEez-X$Bopqvq;5
z^uYJ#@F2s>ehmM^0`M$Tp`6sbL*CB;<?oSp$yrlY)m2Vz>>Q7+{Sb;?6lxi?nJI!k
z=#=6FyOztmiv!rTLJOJK_z?Dtdk_Bp&kk77%D|z`agXDqNrGGrjeK*$2jDh|Q(O5#
z(ojv^L^Hm@MfUF~GnM#H5RzIF7U$YdkHq+%c%9y0yn4*!5Yvx!4d$<5%<o?~>J|LD
zbiLQ}ytsMbfD?Y(=y&L^A;b%Qx8L5R(A`H!-tV&od`R|K9&UYM!LUR`u#;O-&>PXM
z=>k~}io&;QQ~fc^Vjl41bDkm!X!~|I2T#l^!zl*0gI7lb4pm=`Wnr&bW<A2<x2I`c
zNe!gp3cme1Yo9o`Ic|8H<m-KP)_a&_adWE1%s=#j&@C|5o6aCW0t>_?nL)^w%k7s!
z-o{Odk9F%THL)NSS1ynLN*P+7|M~zXTVL4r2ZG#_*GnB@=y2XWXEFzlYomihtDml1
zOkDsjoJR7CmOr7&j?c<%VecKU&)4t&S*r2ZOgy3u)ar2y_PHK=${7wh8s!dd<y#Lx
z5dIL({y4d2&fU*((JpJyrZhZ9J5kK>bH!XwTAgi_I)i&)+Q%z6-uS@a(Tm^xdP~n|
zuy!gfpsF;5YA=hMxC8jUZR6`_InI1`>z~59qCS$Z;qFUy!bcs`+V^KE(U5h*^t?|`
zTAb4oR+%ggInRz8c5e~br?1v8nXb>|2hGIna+g601mrsVD+H`(V&2YUE6j16%(_NY
z%*E%pZvis+j6JGvf92J@oGZ1&;Yif{IDgrpip}&$!oEpJ*S71-a_pPUC)&sqz;_rs
zo0K8bL)mt^g;kLCEM#h4ID4J`%45?|-JWk4(jjMZK5q%(u2(xhw9T@DEyrwDJ$z?n
z1@8qd8wPGGTt05cKN3|_c(rwFs2PQvFH6a|EJNf2Qk)4#MRq+iItt_U8wm2AF{}F|
z^1u5GBx3yB(s5o`+k9e<#|mb-@FKT&Y+Wwf!kl>I&)LDy$ujNp?3<S&fn9{C(8lwr
z>3*~8x>ZAEqM_CSM_hf{Z0{y^2Uu~|yZys6a)Z(Nva|Y5r|toDclbuUo`Zs_@?^Zo
z$+m90;c~<7)k-$%b@ul8{Pk4=e8<f(+KKC<#ak<We5$F@_2Cq|CY}g!Fg4)p9raBs
zpOW+<XCjo<3d-k_Zrb%>?DDeo3lrC8&eOf*DYyq8`=jd=$JtKLH+PLe!}L8pLywY{
z9ZNQ?!i-o>b?xA_-77fL=EY^{ZY;ThXWw<jW%#5LonFXVJ5@=HkM}hXDf!fIwvgon
z!>fTwo{@ddQ51lZXWI`OT<v?QZkgKg6m=Zep+nvn)#nMrd4?{{3C%xmM)~SBUd^3s
z<ijm9P*Tv+`xjoQ$~cE}eZxA-O^L(e58((0=?CUNXfd~D*1##F&?9hbdEx64g+p1(
zO&5I84@R<+m2R-cEVf%VC}={9cD-lQ^{HBaou>$P?p4LXae!rP!Z-i@XFgdf>nCf8
zWsb{Bs^TZxJEBvRe1dcD)9#T`CoMXo9`X5j^gl}^rz2znSH3}@`TgFHH(i;}A{{a=
z!XRwYJ;T$NGIGD6SWI@j^x|-sC)GKTb{uu!tGD1>oK`WJoFyGX7D;vJIo4m0z^Tsz
zq<moV^6y?sw()gm+r78`7bVkmh_r%g^U(pHFbg}=V~-BZ*SiKj20Y#;+b8>Q1D>g~
ze0@PoTbCxAak*-jai)ZezPc|D;+}G}o!KJh`+ij(?KIdWaHl0JWPWm62KAh%n!_oh
zqwjhv6$34?{|dTprSu#;$1#?Ntn{TQ(#+R%>%6~M=Hto58$GV@e{J)krnQgEtty4(
z`fR`_jo`eE+;DkD&26dgWce^Z;qdKBNb9WIJ&>uo;cIooc<Bbx+oJW7W}3WN>^EO3
zkP}CuTX&58(<L4u`|sKUZfDx<-+1KtD~%R{uT*K~S#RGNf4@9ezCv|~dFp)DkWP4w
zWLe?aaGc&^M(yX2q(yBq=Ynurv5bn?W%$EIZSzpc^^f}@KUE&gtBPN(@zotqJ?wAu
z<7&29m34VD*kb2F%6B{4p-N!?Y}HU`W!gtMMRYmvF;$(*+MnTm&f}N2cjNu>+Pi<q
z<2ik7Rk>~keIPMFJ==9i(PNSk{1FWL>-KQ}<P$R&TkT%>nnWK&?=Dh5FZ``m{0PK}
z8YD{3x0hR_^0E3UvzW;#&4pKeE|wf921}X_ss5}cv(S1S)@?n1|HE)M0hSi|@?_Mh
zd%wxtYNk;4iFEa@C@Y7St<xOe3w0!fh$3c0u{|7?=fhWxa&fgae~#)Ub3<s!HfdWF
z<r}+plc=WOr@9N>@TF(J7toXONb}Hi(BS$>(D@G@Wbk2R_ikQet&<{bSmDwP_7&(D
zyAlk&mtGrB)!Vszoh*IBpRd39B7Z)kq0s9?eW5{xv<qV5=Y4#Q2GiS@UhAu`eG)78
zZM5R`Lv4q3=x*c9aBT|i#B1gmK=R#!4%}&*5H>l2_qQDvr-z84qsTaCjU}eAbS~_B
z51oyNOcD&}{U8F%y>3-^66V;35Tb6UL``ajEMN}%=w@<Ne=_5^p-<J-PH5ELd4qS-
zox)@SXyhAqSLKJR5F!!B^Y_Z+M{!PTPkYB7u0Bbvmkm#5>q{AR@E+L0^3#8w^c0qZ
zaap%&uvhZJ_*=fxI(>L6pUeUIm5|yWil!ajC)U$V$?T>I`*b=vGlJF=T+E@x!@G|-
zcF~ux9WhxEl)tV)a%w?*6fUJA>T<4Omrd4FPwWW7n_Ou<Ynp+1M;=ui)-jKoV`s%)
z@3XMrdlh}M<J=d@P6e@V@IJx1^CKsuL&PWL%iWZX9}~*gp!xDX{?uDcP7yV~bLe5a
z)ivK3TtT^$G1`QfQn)sx(91ZbvB=NTy25#C+b-26Gu=^0WYb4n{pbR(L}=AiuZCu@
zC8wlk^pznSm`oDeeqK|lmDb<ir!)V=A_&=gwY?YD!GH-z*I(-qy!K6An{VrW{l?bl
zy{LQvl?I38O~05l$LAo<Uf<1AqFGKonYzI{Z@Oxbr)nEd$uFW10ji8v#Vj!QcDHG)
zAmtQZDY7;GMJMXi^=XWfC)>jN>m&mr<3Y_QUVKFcKMy`AN>gu~Rm)fLbL4FpCuH>-
zap*A&W2&udoQPPNPPsJ~J@J}zTLr0Fuhg$^NDj}(o5=^nH?7^)GWU7yJ$={=%j)h~
zUwD;Du+I05?eu!fY87edGOJQD%D*%1p=tV3<7gpbXFFS7d|-a79W*AXN_BT|2C;Kk
zc8p2y`-aDEkC=Suj=tqxuHIHX?<KwYETrgsuAGXRN32D&`TA;pztBL+>wJ=Yf1cKd
zSdr~R0=KB!<&lta@|<XrkfZeA&o9jm=n!r(<m0T9*VUnbPJtk`&4@S^DE*6LK-m*O
z@0ffwfjHN0_;nIL@(L%ai<!!^;)UHO)X;+o+{Uy4(MFd7zL*Y`WIr1hdhb4dp-<s&
ztG+%zSPhToHAy)ga8rVaL7E!p?yC@|K;zsiDC`6rINuWvUb_E$lhu87xf{C~JkfWz
zVb5yyZF3(t{Zx(BLT{t__?uFn_|Lmu9+m1&%uyNya^)eP1Px|+F0oZ&kK7riYbNCy
zNIC?vQ_gu35mWVUzFR-rd{@_$5F;u2v0JlMudS6I&vzQVyE^CaNF(yB9(%K3?Ikid
zqzcFgY|=iO2`Q}4r>(_fJ`el=Js{6rW1V({hmwl!KOjMQfr7eZKtvv4VRgi;QB72`
z%{0L=?OWI?xXA|heE<}*=4<D95<R_Q@1|~z;%~4dx=$b#SX`@=E?TKIyy)!oxoG#p
z{L+3-j8pYo=6xGpKz&M^)oxKIp!Ph;vU{}(_n8`bv=0WduJzX5RU)<2I7!MA?DC7#
z?cNkF7^;51d8O?C!Ldm_`MjY+rrh>}b@)ty#-${wQgh$u>PzpD!lDY#Pu9mG*IBui
zHItFPDSh74O^*5Z>uYiuW;}OIAO?^7nXl5dzRs&9rFkEl7^+{%>UB(*eu?KEA9?P_
zW#F@`oJ&BtK%?$_<+dunId<gKZiKgb^7W+2@=t_#mCElvA8oCoxvdC)z4X5uJbp14
zt-j2XJ&M+HU)r14GfT66B;ravgwlI{>LRqX=WpgJ*U|s|Q|?vImQX_4G*Av`DRH8V
zUm5wolRX)0iF>68lwg-U*d)+j7u$Q}og_F?Ng%c4q;4|LX4m8`p%7=YHK3xdi+ywI
zM%R#g-`TJ#+i<+@m%Ad^#q)>;!{yWdCQj=2vQ4|N^9K!Iz}%v;`;8}$%odWo9uC#F
zS8i6kb+^@hZFYjH&gr3XESB~fA8j7@OS7|k{rr{LJ23{$Jg%ed_}}j)%cavMi}S}<
zbsJ2R?@?YVxF1oZEKVFYr|_YuE&RA(LS;IDZsFF>UkSCmC8dWh2q+NwKKJPa94qL-
zizG3t&oi1C$(~1}yX%HmoL47iE}3rYIpm7p+r>0nRzew%bF$<vO}BMPM?W3A$mAtb
zn1F^HpeLPu?Y?s#&i({0&qEydF$|-e<j1xj1fmR3^Qj>SOiIDr8a|Bzl_u`}&5~=!
zZ@VJCuqRgjF{VrtX5VbPr<62Af>bv>yHuK4n0O8&y7|?Qrmww+lU~I5k*-&o%}!A`
zfQ$Zx4Q_o_^M`T$nl2J-T9+}6KeKW*AvjcGcH|71*+ugD$K^~U)anAf7P;3&@1^4U
z{*>yx5a?k)YKtf_qAEH8S)OyVFQ<v~?y{2^f}gj(oX^env?Zkfe5FD!el9iIg{oJK
zBM5IO4_WU+l>bcnIuxik^*#iJFBo^&qi48kjhWYXT6c0a)trzTvgqwK)p^T=5@m?z
z`Iha5GV8eAgtGN<q|H~%?mus4Qz1ULu$i!Fc6@AkYg_s$3js^&nx6!k<@_VN?~X!~
zn1^LS;c!yu*X7A$E<6+eVyZtA=lcC`evOH#m@(c~bY3Uvj$gFM%hf!zp$KA{_s*xa
z!CEWe*>)Kt$B$j5h$9a@i2Rziay)ITV1J9hRJ>rbGbUogb&>wMxAVhgQ_ZAj{JEMg
z=z8+{nWk=%l|JveDTZA%`>~v&B0l){?KIyv>v}c<S#}j8l`zi_BWKimVe!XJt6yZL
z;;7&fRG)}S9cjU>#i_jnzq2x_iR8$W`)J{&h(J?H=GX4yCbF&69;wmGlU3ItHq<em
zXC(zPPsKLs!XJqm&%|R!emk2c(Ix<;W@U8fD;?LiqD%^Ha*wdrP?;V8d779>M=e-X
z@xWX~-%#nafXN2&>QC1l=Z>@$zueTCG;6gH64g|~2C{0dSgT%Y_8QLbABzlkr=$59
z0&SR!G+=gmy1V`d9m3-w`Pi)I;RGu`hbE_QwA>-p%bpNx+WigOjjl@+x|tE3Iz@ax
zxn%`8lf(4sEk~5IIlFwHbVyZ&m2HLUT30SO3OmB3d#>1qnp4Z(QSwa4wf0f13Xwk%
zaiLLo$7ApXxR9WaMHWVaww&9(JYGtoRj}%pt$3J7Ew-iX`~xJI(ApLs-X@T8)4L#7
z^3-5lshs2wKY^Y6qc5H;f9f2bv(9@S=nqB&%p#Q2pAIJF5IJFc+1KX2d1k+V`&!P0
z1p55)#EjyJrOcot=j>d-uGsorvO7%B@@*@I4bS|0TlC+?a@ci{ZwB}I+<%S@)}wYr
zQlr3Rzwbm)mlwwC%tI+@c8epn$MHpjz4_f87rA<huqPh9E~Qk(yG>r5@?nYYUL1yc
zBr8AnTc_QXf|!xkjK=$)Z}#7|*w9W|cviT0G?m(RVK=!d#I?RM-NoHczR4e=diOR7
ztIKTJPMN-N$ez-=@yhGWiZko5*~YVi^WeBcu)!pBb2lR}b7v2!YvnW@nhQ5e&WbbX
z^=m-mN3Kfc(MOxyB)c9ta23ZpHeZ?K*I5Wn3GK#fpZsyruI%xtALGxch^-Q>tQyKR
ztbG&ws~wYTIu`u0(I>khmK)DWVtHEjzvQ+Hy|RSxtcp%4)x&&Lgo39!X8H$|J<q*m
zJxdyX5vi|yVIBMuinH9Z%Ds+Um5t*N%V4{SooY|O32b#ejv82M!Z}aVi`kOKT0KA;
zU+z6E-}ehbzP~!o9@m=llW+k=WPfhtmhPUPD{Ro2Wx6wem`BKBe{LMc<tJO}9L{B1
z{kwEFpe6}cZQ`_Jf=cWxbJq1h5>}v%vvoI(J1s@nN=OL%dJmQ+GG3r3ZQEQ_d7v;r
zQ{+^Xub1Q1k?GrDa$c9yTwVCYcXdxo&V9bm*9Kqf&4$%2k&ddv1K-td-;PH}42#q=
z(H?kraOJv37$r2}n=tX1VEx3axE$fqpG?xhqsmb|vnSrH5e2VQq7Dw1>t8I<WN!6~
zgC3k7+=+Vp0dYTsgIl6`dI#>rT^y>WI<Jg=MDkh_1=OYg&3e5x>c#L{(#&3;l)~jt
zoE6Mwo#Eu60y7RF_ruANfV@+;rQc$UdOrjh)J?FbScUWqm$UB_gP7y-gu7Pt@2}8T
z`k7W=51ma@K$>`Wlm4^AyXU1!DZk!_gi}`UZ^32{F92{vqp*x59FZ*MnC%G<@tUsJ
zx3D?epJUS#93UsrtoHvlGci#}K2Q0k-xv23W(b*`Rz`ZBR&sbe=nrLARDSEW9C9DU
zr=L^eSp8>zk708KX%&2G;J_WsM+_BE92pbc56U#cSOH1QXKY<u{BF7_UOT8ms$Cxu
zF?Ex5wRm&g7<{Ue(~}divO*HOrpsof^zsQeP=eOW99vydeZE?VyHy~_P_{fhK(oyp
zu-BhC|468~UZZ{uUpvNt!<jkJt_RU*l&TzfxWzAXZxd&xvRZ|jN-=2B|B^vt>FA`{
z4p!Yi<y8hSZ$ec^_%;<3P!C9|?eNi@XI8vsh0ozHihlZ~YTLwV0jaoY`j;L<41-Np
zj%8E@uB!#9^kVkzf|9p-@K#be0A<E!S78-3pO7n*h`6(Ar)s3<cF))RZ)>#1I?B9d
z^>FgwJHfSm|7!ZPS}g&)NtkV?f%_T$wc9(^RReHMct6HnJf4xFY0EmE__f(}3yjcB
z+j_fwZ)Phs2jt$uPYG5pewZd06zHUFosVLXBxZFws>Zdl50OH@P9-lIT|W9V)!J|G
zaYVCONS@~Y90jUpq1~_&X(@<)k>-)gX6$11Hg=92$D4I#71#{>0a>BFgZ{OS&F}O{
z)~5|$V_J-kdZ|0-fCX~kE;n9L3SIV+nTaLPxW{}#cQ4WUT0(n}h-A8Htkmce=F4xC
z(Dl!(u_PZ-_TJ|AT8`p2Gb@!YN)kciT^lnM_zl_l8p?hGZb%u0y+A>yZMU9fUP<%0
zOs*<5dwj%<ZRj*vxAf=jgw602XZ0N{hluovmi_LO{VQzPvvoWhBJC6%+Gpil57kX7
z6s*H&=KI_W_>N4i5_aYrUOLPjeylK1X6+SYK$=EGpF4B($V)-L@FBH;uwYmiK9Z2k
zm?%-^oK?Smo>V<2htSKGf@W`49|v$Ct!4Cv+xeF_3QD3^ow$CXi)hV*yTpn~ZyBUs
z70#@60Fze`>z+5%ZjGrf+Ei={W@>X?VgRuyDj#@<s38qA2zB62C{jY*#N39<Trp&-
z2*qlq-+E)Fe>giz%o(<s?bhR+KOcNH02*NeK4KYv`Z$YM;aG`Pf6+E9tle5;!ieN`
z>?Z{SSxfD5im&V1lfGKo;QZximo^C^2m=K`&%_!SIItbetHkGWx|5SqDwMxkCuGNN
z-_96Qx%i;F?iI=fKgV<Ot%|T42Maj5LYrN!wGxU<Oy+fbQ|vO7H~5P%PRdrRRUlwW
zS9W$T9zYe8EFX=}+ZP*hX$I?$Ptkp9<pSO{bc#|tT+HWk)T`eOvf%2oARdU6pfnSY
z2t<^>-Ddu7BJ5COds%#?i-dA;IGTky<&Iox4zGM};J1Z*?~?SH#c#U|S^uI()&bg)
z%2<r*%$03RbWkYssfn6EGSFg~j|&-Z`K3q>AncB~$BwKle?V7pl)rm1r1X#E*I=A;
zT^aaBwBi-BUCUnWsm8r@pE<X3$O?Q`t=c)udinK&Y5t#Xv5D8bd|BON5tMxO5qBRx
zmDecI8LHDHsgpghb6q?1u*50gc&N^AE+Jb7>R{O^cdB2WE%Lto;L5fqaVt+T^D&s@
zom>D%rUxOv>F0FIS`4V*UT{jG>hw$@)H5x*xhjUg2YP6gAVqp2ngW*f;j%QdG`zWT
zK}flA8)_U`$Ry`S2X<sVviHOFWrXH??FvgI!?SW>@Gq_ER+%~u#s)Uuk=@w6Fyy%i
zx%=Q*mm3?fm~G||6S}DQ3Q+Eku-s@Ffp<$xovhCY$!p{*a9q#dqCG%4-T3w!{~+7?
zEO$S7Zp3~VK%zCDnk%wmrn@hyQ#^6_l4~foF)s$(Uy|7B9cf6@-juh+1R@|6+?Vq3
zze+)$`FLDVFXCdtl|VKj86gZxUMAP+ar>v4U??+^jG5|(dH#)%xI!LKnX!<I!dscK
zQqtfNdWFq%KIV!KI^TYKbY#b+$&zZ?lh!6x3OgKDUWt&NmQS>P=;<{D+R@^<Wz|(X
zk;$rpv>sDa8K~)$rSrs5J1A(H^o%X=jT1s;*tWUe!n?^H%vZbl-se!Cf37jU|4bK|
z3b2(qv!4j(D1ZzE;#q1uVa57c?REn&3Ux-Ke1uBcMB!#50&&g|VROGAj~$fZF)`xD
zY`Wlk<wY(12nFyo_s*9>zSj-m8|9TZbDU&`8+N@D4eYN@c!{C$7;k1K#5FS1@K+zC
z+<fAsW_B&Cas_4<5r-qnkDNhicSn_)RNFLLYE+WHy9bE*b3SxoS>y)M@FHUPNHRd5
zmkP<tH#?xj0b1pvQ#nBo<~u2<TU^;!0X@NStgcwj+0K?$ugB^p<J8rqjtRC5exxLa
zReu{rSYIKc{&X>9d4=3XD9f(p4Aepo1vTK7(Z$bA1=TS$S#yi6K_#i)VB(%m^Ww>*
z-rl)~o#3lfqOV*Kh!~BBx=Cu0*zv4hnL`2J*ja@WeB2`Vp<Yk7GEf03|IFZ`AgW#X
zbg%-F+Uvq01YLPB@AY{xG4;4f$Kp^a=*~<{*ABH}TGFlS^YPtv>%W7bQ;{G4y0Jc0
z9|di?>$z-l+vgh{wAY&vL)@1trAd1Pn;Cm*)oT4sO1+#Tm4nq-O*WaJAH#cBJIN2*
zIkqq5L})yu-wi5(jgb@AM=xU7mSh(;{BiahF*M1hz~p@?CnHG=IhNM8PdH*f3+J2>
ze0hbMnFLebfV(N|uD|QsbhIbPw);2e$EwYDL0&K+AFn;5X+;|78%WXZzg59V0|46p
z@mU6RT>z2T6cWDSB?Yw<W%Itbf;o4uH0Jl_(Qm_ryV>_|=bV3)8dVlFSS=igcE?v!
z+^ezb0KB+XSCSe)anh((`kBF&!s$E*bX14TUXs^1=W5*aoMNvoWoB1$66WN73R6W1
z`q)Mv=o<NO*3`}}H*=fWpMkob#=|AlFCZ*h3rk7f_su1&>>FAVwKp$PO01QrwiQ{J
z?z=XR-ld?PF|r`>+Q#t*)2K&9(<szy!h?|9>`0aKy1I4wN>fM})$nxGS8ykorI@AV
zhX=g&*oH2~q*Y5kR(A%CN<y24(EKqObe{@eH}3JvzuizZ774V<Qk-@BslOqRTMn%C
zZ`aH&d)Cav7tB!XPIC5(HN*?C&E7JD<h)8JB@R6ZJD)WL1$Af0E(^@tUPhlOm^`|!
zB4)W6UbWJ4ec9#q92_=W+pwJL7_thWNeDa(W%sj~|0OVWx(f4&0<E#R4;YQ+mt@ml
zvrN}K-+4WrS0$bm_pU<7Zp`TuMb1K*S4I6JWVu4*5`%o}81-!3L1aw*GwnJ*Y?o+^
z+YTtrg!5x`rv=5+4-SJ>io72ECh+d7t5?XWscW(If)1JlZW^B5rt2Wau=Ew5zeAvi
z775S**9{7l>mlqY)LgxZew=Vxs#X6bc6fGRB))a3sC~waVPkswt&7yfCZp#db+VQE
zWFonfK#TPe3Cmh?`N{a6A<Ew&ENOC=y1~G6<4;!qS$n&3O9^VDS8H4*FJ4Q4VP@vD
z-IrHJEubZGJ2fUJT|I8j)zNg?(odd6m6G-L(-;NI_G$w}P+_CnPGrMA<gPX4z%?DA
zy1L0(*EaoQyDQ||e9E2rO|AT^$lpu--%N9VYDj9QZ;5%pdSA*vyaPJe{6Eg7mWq}X
z(9SJ#@~*|Z{Je)Fv7m|}Fyy}X&Az+}7L4rbMV!a<CJlf)qTsCVd1%zSugA3VoJ|UO
zHy%$Dx8xU<C{Wq^>Nc&?$nlDutLZ2=K>m@QX14$dv~7onj;HA&7pNk)=C47sLJW}G
zuAQr`3T<j$?)O{^p{D6FxAn;7+dev}FjrcNLtfAfUd-h1hZ)Yg>tFKCOV$NyKl2II
zv;$JNOF>>6o1r(to6BJ1#kE|le7bK1(UGKi^+@2&5XL0PjIUnqC!2QLemJiN-pHUP
zWe8L}>@~=2Cu%!j8<S&}+J$_mt%vV>Cxn{m8Sno#Ac3;nafw30=#bV;70s6{r)J7&
zK38Y%FQ#NRMv57$He6Jqy17BHMUbRFe7HMp;C`quloG^p0rOJSpUKk0L)UIiwrcCH
z2HyQ`{rjJSkUiW@QYve1i8(`+jhEvFj&U*7!`vI&B1>n()5bqom3>b;!ftTnNnFhg
z>C65$IIIaV?&$Yp8$&3Rh>8es^}EE3Vm5SrH*==uoZi9;F&Qew^F+-}R-sA{>MzMl
zT28#xM?s_63)evQB@3UJ<6WIc1kcO$&HA}35-w8k*(>f}F&DKfC+=qB<2`(>R;y;P
zK9N~AK^K_Yhw21%(beYy4Iraf9>TfuMY46wyNrL<v`=T{F6BO#^P7217jZL;c}$Is
zLtT(+9C1vYKNNBKqFIE0ce)9MyNYFJI#9PIQmL?_u|K(LsNka<bw2uPUf9II>8C%h
zf!WMzUyP#V=DZjxWo7zP5W5FYh0lrS${vodIp}jtV?%DeJ_#4Gjc#xzGr4q!uH3n#
z*%;%KH}Kp$%J`MU56bLV_8^Iw%4y!5hVD3%#Bz<VI~WU8eSZd$kGC&+bvTy)khH+a
zr_bQ{QYqQdNRNS^{m!tGRJGzKHuK=9k7aXg=^el6E+EuiOzwl)7R>7wW%n9eTSx&`
zPn;tEdpexfM@4fS=CmA-OD_^p)qC^!GSxi{3DS>6jlGql{U)w!{AUE$SL(vf6vZTV
z&CdOH2P=I{paCMT$X!3RFzGg^0?6ffh9VH<tt}ZAHq0A=6Pc32n{Bg+PaS!6`L@0r
z=ieNr%rS9eLbrsZK0EWQ-z3Z4B7P3SNLv;oK1^$(j!`QJ<cMPP`1g=F7;5uT6=JjQ
zp&*|438Annxgg>@AP3Q*aC!6u6nT|{)W+)A_Lh9EI1==)T+2u-8r01NC%sa5j$pVj
zbq0@4A@>((MaU?LeiWDRf%&%|XJ(wAr?c(x%lKjG9#_!S<ylh(o#4+V90F@=Me@Q(
z7nfW>*m<HCFfx=oNnbfOZpTkOVIC(_Emy>qK3%toV;GYr+wiPx<nFxJ2~XXAu%gM;
zr>b(}$#+*?=&w4A^&}MZ_HaV`0O_!(!ywnhv&8BSSKPM9z4M3~mcK&M@+2E(z-wE{
zmOUXGdWl_wuH+OqTv?u-<-yuyUeJhK6?V^cMZ4!hburq+-&Gf<&VH_>I;Qp6uRCz7
zq>75K{?LXDW80sV)qqHs+j4LuBFe{YDt)$f3Az*9-wl(+S375f(}>vE33<WztYRGx
zhPjJN8uuOC3|cff{pDlY34|C<xOROO;tkx^?YZ@lfp>>?rAX+HJ?!W&ifZN(GTliQ
zN5|*x71G=K>|%o+=4OGcZgBW7B%7BzU8Ws+T<mp3<Sf_-W?Fx>Ckb$w^{&3!D?5Bq
z&0W>jZcEIiUwsw&^Bdcppap_JB+j>NL?B`5*Qd8ou91!I2S2?H`=4Kn3aMUCx}_8;
z$DP}SLoNM+0YsafeC=%EwvUiu_{KTAWPqw;^DDl;oQ`e1c(r!|W5G<zYahV@VHD@8
z$YrbVJ6_M_!~1M4g;$kQaZL$HEgsd+sW9KZ0L@k#;%U8m0kFNL8Xb}N+pR-=lkQF~
z#T!(eYx8WQG3{ZNasbDbwu>in-3=NJSvK2K-3l~Q2~Laatd)%w+iW+bbl87x7We(S
zt5J67p6{=XfOjXyPVS~P?9?kWZy5FK+10%eA9SwX(ml}BhfQi+pN(l&-+T$Wf*rAR
z&gyN(V+H>FjHhvXtw}1Lk>7f&25cfPlu2$;{FU?8+MI?yHp9d`Mo5R1`_5AXub?zN
zT6a(7+_B>0s;_tvM5IuxUQ-Cawc4mWgIdP>u>0ipz7hk&o>A4Mdf^XWb%I*DaYJ}7
z5b8&y5mg>z&nsE*=y#5bn*$`A*t-{hTFZfC0p|y~Z^~2Y&aNdYD8vS+Cad_j77JD@
z$uRaLTTOo@W=ss7P>@2eS>%Q4J5-mJvU3FRetC)oRZ&2$QS;aR=2fbYGnv_`tsFdO
zHMLUbcNhfXhGx1ejlU?<W{<M?^u7sBalVK3ir1uEGB;VL`B!2+$l)HwdN_%HW#pyU
zWVZp^HmyqgVdfMScm9m$O4Mh^oD@pBBIVn!aWrh!7}&b*xDoQU!NUC0sOeo3lM3h9
z;<|HoGpTbB-M|X($F0AsXs|^Um(Fh+<)2tTT{{}r-<~<VfM_20?>8hGxKTLIom-Y~
zR17rlM@06mC4O+5A6wX*){}--Bt?6!?ICimLY~s1L{p3G%Ug7OH}$3J(<{3rAvw}t
z#%Cp3n-vFyR#PLde^0oD<6oS~V?(m%z6q_C^ICto%5k?{Ptl31pHcJa-)Rxcto8#^
zm(Y(1($L2=I$nLnJT~t$x{yW|(_TQeDUq92GU=?lF><J5p=jFTx`o==c<A1QAZ9Ic
zB&G`FcY060IyE}Bxo;y2`VrLo=m|M(>_G;xd5LdYYsq9)C90PBr0P)=Ed$75VjT|4
zjw|lRw(;s*=hRFh7ITI7Yvf}n`zwtb=*nAlimj<~_?2Y`cV>>v>H`kD7sbE@${R<U
z8%4s71gGbm7ZG%iL`Zjo38TtVD-xvGyMK!hbOwNy?6N>FOLfu^0ku37ZZ9kkjs%Lb
zDujd2vU%n!oV$Y*<X#>%KO3I_=}<=rBG|c+5Ly;~;|MJ)2^0gl38#02N)YLq+ffC5
zW0mY$g^~Bib>1}hnZBJQQ_?*<{`I6Dlb##-&89hQsOn-(KzDccL_8FcgkPhK)<7B)
zfDA=H8%wxNWL$xuJgj-CB9B<X{|08cRI7uaUhzd=lWKRsu(yc}G~WD+>ti^(sI7rW
z_t<gyeOs1&*JvaxZD04~@=_XdrvB%L2?#KwaB<-5ybsxKqx<<qffJP$bPr-gVsxQ(
zfwh};R$$Ik=^!Oo9ueFb2St@MH_%TM2UN3x$Sq^#NkW{2kF%%MR11JqifelLObR+i
z;hu>pHM*-V19AH`Oat?(<hMSb2t_jUF`fna*@J5C*dbWO|6P+v1e`q*F3+LY!t?%J
zE|e~8O<Wctogi2RJeoo)nYd^%+sjv=8$SfG$anMRD`G@Z{tq&9g|faTAY*j`>Jxgo
zYD7_vRCVevYeKn@k2!0VkTjN^pA=A-hpS8+7pooK&z6%pS&Pg?XPh6OTU&v&%N<1R
zcK{Lt`spD7TFG?<L=SK(Nxg{m@M*jF@%ayeh0Xz4(^G|`T7UP(7uxp%Mkun7c=-eP
z^I=TeCMY1<NI`SI+JixhavA8H6WE=T;4aJ{1-;*;Ns7rU+scAW?;lr3df5v*Vpj-a
z(nW4#V%=Lqz>!sQ?|`_0kq`Opb~xfr!b5Zth*0h!C=~q&%1QC~R2i)A1dQjMY9HYr
zPTy(UCiQS?HzlpY8CKA5`-c--80e`;5Sk4@nZh_ZqA5Lk7sw}sv?}|iG0C_daPZS2
z>A)y3pL=Uf9=LZk)JLa@pg>1JO@CyVnE4Xoj~o8|FX0>^FiMQud@A+P>3?M~9tv&D
zhLTMZfjLPoYB@^aP4zKqW&w>Pzr*+|T-JE4G=F`kCk0rGH4dn>%m3~JvUkw4tt17t
zhD#I?b|wN@>I#r=7=q5GcW<|D`mPZ_c&a81RZUYLm6IOT1eUV?-y$SXBes7_5g}G~
zRA`MCPeW)yniNQnr2ihJ0d$N?gteE|Da&h`o5o+iRq;BVRw_O0Dh3a)#2G2j)A`*`
z!$jqg8W~}Br5f$v6rnXbatrK|PpxqOrEJr%{e7podq7*<_akZx+(xAQ&>}tnQuy8r
zG~>emE#jj?60;`S&yi+Bk1+|=<HTOGk%EsA(7IhyfN*z6>jf&6yXtZG*ycV-Y~h?r
zLtROs72xB9VDd}Sd0~V=0q+sc9ubTz0av!+MSUD8SZjuFnv)EaBkBtPivX~D7<kYB
z2${k2SmJ|5VvL5mO|_{<D?b8VltOl~sfQt;l7uJT0k1xSxl_AjDzyItkd;S_PAM?B
z>D5{cNR#-ivaNv*mX-bKZ45JF?Z)?w!AOTdB;U_JcQ9YSFap9~17;*80wD~9@q(;i
zwY%&eq9vg}9s$`>sy4HwYNVD<2q&D~>f#wC1|g201ki`8CLwe)_>eM@=R9{mKg960
zW&u(+s`|7@Ra3q!_Gw?uo0#7iOO1bi$XC~w9-ZCJnHnGP*SUk1-A_sz{h=d;iYY;q
zq3TDN`Pbht!~R>6ABe=flZ##dsj}NMk_eh))=mUI9~tg)w{wW7^C|Gs1O<rX^tPdA
z4}mE49vE%#Dh}X=I=|Se79h^U_>twecuigc@n}4EGTmrFLL8tMAQ_PK60!7X6)ezA
z0`=k(paydKZ;AX3^|)tchq|gtx}+Rha>3*rYrF3Iv=%qz3D#uk1Ch^l{r~|}AhE9q
z_;TPt1NfF-fk;;MJW3qna0yB9aUqbR-SbLMVQlp{A@?nO-!&rbdLRSiCxzBc%OBaL
zM;Nq?VBW;}EcFjd2OI=)jYCtopv#!T04ROYlRLq%;~&CN9>J9gBK3jD%E><ftP!b<
zxzl){<+eYlD+LwU%hAS>`XuokYt(ow^jCRvNHDT45GnUK=Pr&hHc(jCD@u>nfTPw(
zDT%Q2j_)HsKt!-()36I>r1gm&@p<!2>i^xzF~!d?BemGj8pBvoAUY=u#PDqZS+h5A
z%Vr=Lkl$!wrOUg6W1K9J^<~ufw-X7p0}8>-zvfkryhTSyjiHzTB2}bt)*W?H>V**u
zUnNk8F(KBbY+yhR-T2;v7K4gP0p)$Bkw;-c+qE3tgsLVcmaTyzK_KEzsQ3VoD<B9v
zy~b@EP8YuOx?WL&OsouKBbykUB#xMr{Ds9pxga`rR_iH1@SnA<HiknAbY;TlC$*41
zCod1#bD6>4Gh#>r4HyAX9=nz^KEJ#Vdh6jXzg2*-Cjnyz$5#njo5{5}w^fpmLkjOs
zfw{Tk`z8{1rU7cp5-1^H`F1~wyosJ&&=YC_MBR_kqHYzC?L8nIyn&OgXtcHfQc}8f
z$f2Cry%ZqYqbS2h@0EW`{6;W`V*XL9=ZG^F`^Z4roKMX~F&AT6XY1?|BqK_q>JESt
zVg*jf?7oFFoWy(v@de0<_qAC7o(4t%4Wh9-CvU-w=SgD(V6*t8x+%FMpXLWG)R`-U
za%vco0l=^2!ja+q2;r}x$oJnv|6gaoB-SN*Q*WTV+GzbIiL@^0n!m1FzyZq>g1OTS
zUeuSL7x07Rq@ZLL4$m;l10-VF`HjyZq-d=i7x;JtCJO!%W4MKC>QI2j0ZK!DAh*X>
zz$FZP3@i+p#@WRZ0rtI8^M9*S!C8@EG!(~4BnPqZM|2N$eDVWd_C3yW9qOLY2P2S)
z1e!V1FPfMgASFGilwq+HU<_KG%2lLCSAj%47f8f$V6DL>T^czKY(g%wR{49EioeKz
zpb=8lgb#B0z$l|oAmWQZrAL;3jsQOnT4OPRFM9boN<}JB!hOhcXjz)5n9Cys$m)3v
z6~LDIMA#XFCM5xFIuye62>FR_kqPHVs>CoeJ2DrnVg}su5g+m`4I$+X-={c*+Qo1r
zF`OM=wDGQQBFO`R$^xg|sn^-@{RsCjKs}CysZPo*6plveL_PzNP!Nftd$btlCwUG<
zybqA^@?dQAi>D9V&H<wMb;8aRmITpeA5u6wwM^q}Uu_cevC3SfG*Rupmefoh=#0y3
ziP3@H3*aC|w~MmdTMX`%WAlI`vW)Rh9wHgU1+3t7yo>dJ9FG&zH13bA%9jumRL7^k
z&;EUo62Lw#ik=kCvIKUovGmIfr}h)L$BRu}C3=?OsILTP4C3HmJ}L!8HE1;jv?d>M
zep8(klZfX9UGCqYAAu}nZZHz<aQ%G$uTceY-~5kolSAc-fh!}$6j;~AuV1(TFu;Xz
zwm-{;eOwFxLJHEOh2~I2G4Sn}ah}>~DdsW~M9WT7$MKNC`a+RPrSD$hNX4`wS7LHB
za)7SA3Zj0b@U$S88yG1j#`gfATzU()ga;$v0mtjBQ>sr0{fYq7!N3l-L+@aYxkCXD
zoLU|5^m3NpvA|VlOD@omLQ%>P5MA(70?*41JZ~>fC14`}<tqa_vKdHKIqyO40(e)U
zZYCTFeq0X<xujB$BjT9@unF9|v}4NBP`;=D2qaAg;@?C2f4}zPJq+6ztw45HPi}KC
z+fRBS-D4;E(nG70lN2fsCT_N+_qP-HlJ!~jEX&_oi2`)7cz{{(rk7Q0k}*08X45Ep
zD=*}3rRWB}M%AC;`DZ{39;_4zg6dy#fJp@!X3!0A=~=SVvq~AK!26&qf?Hd;rq;pa
zCEr7IGq{w$1h8flKwiC3W&*Lagd!=liyb*uEyQlf1?UDnQA>1@vzS^XU_mp$8|rpS
zUc2!(6l8gVm5sra0Y`N)_{!~=^4`bKz!}~(P$L5734H>CtZ!h<F#%+_?bf>6A<hpC
zu(WV;v%mQzYIHuflMNnqy~#})(e1ro@PM;=iNU2e615xzNDkbg_{yIo=zK>DauwR{
zfT2acYTzPFPW0f(YiX#N6jV#{6QY~_ML62Y5nh9xvqvlGPH6aFC#7_yWFRtdF&l7V
z=<Z|OzJowa`6KT5lcFT(v@mt63K?RU5eQ2!sb*c5aK@E2nu1(49<U4Vp&edbo#^3`
z)%sSK9<Vk}oX`hz`T%GZwE<-2LO^m$b?bkHzf3Be>+%;wrGE#Hk2QvX-|~Us>D~p3
zaJACb*>baS-lTjG*?=%+XGtELI7Xr%-Wfnj5~_+I5H28PGL2n_(i3WD@gZp{DWHK!
zDI69rISC8~;Aw&8)~1p1`Snw<Z9|{@|7_c0T;l|=ZQG7IKK-TAzt0JzuYe~Yo+Vq*
z^fJS_pdQ@=4D{op<Lt-@VD7HOh-R^b8ORZDlwN({#c_%Vm3#pm0C)LWhE($G2C~<E
zh>?qmF~}uynIEw14*gmB%bpJHkuV><|FbKUbLd9SEN8cdg-M+7v9A=V)9@}=BoNX4
zl=mJmw{nI5CUJ$*h_Dp2*^7dO#mAhgM6!^ypTs2D2zFu@c=vvxWF-cn0j94@N{@VT
z_ju<|subL0c48^ETNqJH?>8gc9h_0!`<^SA``=GG06}GuI<BPPVYj_uqO2pDFal0%
zjGHkK2JS{)qWYJ#bdiIY;Tuy>5XN>p(Sk5fru`=Pep<Nq*|Xu69U4iQfU*im9?t;D
zWAbH&vK1+G>0BP9Vokoc&rWJ!`=h}lETt|-PuUEcYcG~8Z5K?_n3*KNxEz`AwMY8G
z{879s$=!-PEktK`SOMw<ye|5m0A`LW0fN07FS79n0|oz~ZUGn;*ZazGP0Xq4e4eF_
zW9VNHDH_$IwEmZL={SY@eEI;^%=}6pOe)B${i(G}_#g+4tO!O9tt5B$@U*O_g%1O&
z7`TxA>p8}sz)mJ9odCCjz`OqfX+a@<BNWgjKpLPx#$o_IERe(9OZ(E*t_-j;Lpe`z
zq{3UL0-%sMHY6M=w|pmu5p0LI07e8LPwLW89a3lszyM>#fBM&ppr1t?44#wuP2P--
zkQQ^NNf5R*Q>~pl@S6KwM_<@K^6-XgeB+r!@gXqphZO1|Hs(=}=X?6-Pv>{OY^8M+
zQ%4mbZ3R(s9T9^PAv?6XtZ~0v&tOB?3*-s@{V0h}uyG${y#*%)7)ZVY^!>NgN!e0k
zZ~0n38U&mdZBi)6w#F%^5J4v~l3qR{you2gf~03h?nFpf+`kEqu4IX!&h(-DckkGs
zGSZ_3AZk6x5&h4a`TjtoF+!gW;o<xs^+oM8$huhT{|H6a22+L|QT~HB0VoSJk;!T{
zuLX^Shyds<jhx`l(Q&|TVm5y|qKO$T1H8weHVx~roPpPo&0nAJKi@@y4gxOBYVu`h
zZsrpVX~0wwROgq}ybfbIGW^l1K?opj89)^e@-b7+59m{Bz={XP!$A=XBcd2wS6aQ;
zk-;*RukU~`fL;<@))nGy8B3bJAcF5g6#$#$pY@V^3LYaB!g}c|@sO~#Mb3M&+9Xpc
zrA(<k3`UO4l^aC(hXy@8qAM}mV5s`iXtLb7<>bcTJDeZ5zRp%=3SH4B-TdPW$VEou
zr^D|sWk5%2IH0c>=YIj3@7)iDCr<wbLA-&Hi3TgQ2Z0IizBnNMmL_DDenFRl15hGz
zG7%t5ATbE`m-vBG=wX}-m_gdbeL9?PO~A|25ei`(*Nj}{#;d6xfeWsK5gWJx{Igf+
zG6ArKm_5}A3uEs^#@gj=<IUf<d2Q-JcU)^I@-&dL=#cUz)ul~V>vSa*qh1a5AKjC6
z9?Zort@W~I@<DI?38D5RPbfF|0T9T=K{hSt^`bA<{yEjIdlBmJfByeR=>Pw75Ex|!
zCU~*x0%Tk6ZC;Qq`5*;l{HZ~PNiUP3+0h>TlvthgNydFlUu*h5iNQ!TWy)Fb{y;7z
zD;c;8-a(shF?<6bxEwVH&VPRkz?}ejDyH}E*C{b)6k2T&Hj_`m9Z-W5dN4bsG<Ex?
zD#_YRSx_kDq$JQ4vQAe&-?1QbqQS6b{xgvU8cImP@E#$#%D!Pt>n2&fld=z8=lks`
zyKc$1)6g#M?^6XFUb<k1SVaAD20LULjOWOOTQb1er*CLJ#-x|XaAYBcGPuhX2;4G3
z-2*_QNHoyMztx=-dNL0)EN&^2s*Y7f6RpN@LMdkTge$FB0l=y$2+>Wc6b^c6|9K36
zf&?Nz<8x8_ee}S+KVJ1zz%G?VGY@dzf_f1ScG>1h3Aj${BM@*3f{W9~V5Fac%!~O)
z3zit0<9+e;())@kK=!&MwbZC+w4d!e1b4Gx(}kxu9*v>qZodGxvA@p9zf1u5S1G9Q
z`ww_vZE3(T3-V}Xs^4ArNueYl=Wr`Y<58qEhQ2TWNzCc%R@2alxPZt!Fy{NCNE=K6
zQ31W3h7+1DH_a~V0>4k-D)0waNri@yD|s{;-Ufv<fh#|ZQ5Kxy|5zI%FL)ZgY(n#k
z)*LXNgQpN~SsaXHVn>qIR>nQW!<b_R)o?zFCxt1&$SaU7b)&*+3iud;YmL@I=sknY
zyyt^=x4nT|&@h8k#0hx`2M{d#2FMSB@A03fWCI~koB-7v*sA40f8(UUC(wjKl+nAy
z6zr0C94Ae6eh|5UfoUeI#gaPgA?TaT7DMTqreNetH;@2`^ompC1$#%pmksR6x_(4`
z3$R94;Pw2LCI0g?0JZ}s+S;EXA)MM63G|MZp}r{&!ci%yI1xXo0#Vfrz470?p60Ir
zo)EMW9E%d%kZ3K!v|f-!%L?1|2mwBjXnP+#CI$dKiqNgBQLb}mgVT@K#Qtp%V6zUP
zPtIF+dB9y_Qg-1cDKs95qaNoK%0>a;T!SG0@|Y9~M!?1BHvq)W3L4SHjXs<kfUD^)
zW@iOEu@l2LKL%T|BA0)q8ScD1>k9r*q6?VgzYPx;^gPA2e$BBWe9z&lK`_Gt%n8gf
z)HZ`~Ia%>pkYkD}XL!_*@mkA~Ta3X=0QTT>p3a~fph&dl9vx&$_|7;C7lGNm9YNJ@
z2>?^$mt#Q!Y=1l+pglSp=+=b(=Y`OzC+vH6=xmWBz#4+fnu5$f7gL-=5Y&VDaQuM}
z@qJkdCo12hFAw-6%y?R@vyRA+f-Pi<s|1RB(xZ|NfFf}MXaH>;SO4`YG~n0w<ucZp
zF=wPQobu`S!7gV6pM_B>F6E`99^C@VV3vm>g>Y>Jnig@q<u!CItP1v@E73%wefmrc
zU{2cP%#J?R1*yYl06ha$9|f77DBb-z6s;sWFaGaEBgA<LatD}q(095?MX-QPo@~?r
zBsK_G$`rgf>ZG{wu{QyN*XS>h!%F;gkFgm)8pZor{$E5HIRIAM1=-K+&Nu({yFnl&
z5w}K^>qGedk?%i5r{%5?<LIk*z%k9pX1t2f;{Bk;Vlh-$vo(7Xi=vbZ0dEk{`dj&c
z$uJ$j#l;B--&?aDMBKP>uTEa-1%%Ca9Uxj05%ndxjn`jUxNVsF0K4#?QwJn(LALvC
z4{Ykug8biLCz0VO2y+2CMm-@~8wKg)R+S+Tw~9-}p)jOE=>A~)a<L=#XS@Pt++}qV
z|G)OG{Hv)X3zHBu44^?oL{Y=e2{ZyigR&T8$CijDqAZfrK(mPrVH82YfIA)n2&gEF
z6B<aKfZ8Y$0f*zTj0k}q78OI_v_v3wvkea02y-86Y?psv`nPxT>ZR)5s#|sIF5d+a
zG}JQk>)Ia-){gan{(@mQo>yeMNDy@#Rx!hFeULQH%JKHGEcVzymnwgnTJEO2ka|{q
zy8N20w598t!fOAXS<OWhPBpC8x8I~z4nNs<yfR<S9)_cW>Q#voHd+vc$CdMPPG2Sh
z=pmej?ek>=a|5|160N^MO0lxC)6v<U@eE)I>+;q#tWFSCQ>h9AddWA(uYQ2)E2D~L
zo`VipxGakJC2SH@&b~5Q)H0-N6gh1a45%3E4T@3weddg&qnyO<`MoX7yqvgQ7L%f+
z=TQ#(!=MSog=CqWxZDuj8i(!(dBQM%`rI1uEFhd+V!q?QAS#bs9(GhON*H}b5FZ#F
zG|x5I%^;UIHN|GS>HIf8Npft#L-d;;S&rDd6U9bKe+XXueN=Zd1$Pl|t<)Bl95xO#
zrv2_6_aZ1eM=aPR!$e0-YZv<K4Pci9ICy!R9B8v6Q2x530^*XehlJRG!OEdENK0bs
z+fhdcEBi073yz7dJn!mg^Z#${l*x&%0|2fI)7tuo;)UkvCLvqFbj`bW-V}5QBP^5@
z>y9WBM0m(7Gy^)O<Y?ES!m8k_bSQ)I@fbTK5jX~O5+^kf?oAi~zZqaju1b#i=bP1l
z|Eg%ZY0w4xx*Xv=-r_EL*4s8%K{N`j#|OW>jR+3jdmK9^yFjbNjIdEV-ibac9)q_!
z{I_$(N6cstmZIBMxLq1Qf1&*_U7kKWeK$UTh%wR|p;Dfz17hn)pXqd9%!HY{mI~Hl
zaS)uXo&e@%=d;r~2m&UQr(dNd-rWpzV|n|`ejBO3S{UMQ{A6;3_IDIF5(W6)lsvA5
zQ9>;-j{$P|*<@Srgc7XXSQ!LD5H%3NHe*j1?9%B)KvBUD?=N!0pUPfB=JEe+l4lZE
z&q!&zJwpiB#q6C49GnxI4d`54v-|hO6?O8Mm%$_9)q_J-l^Uk=@^NEF=(+a09<(vh
zT~c2Be+s@TBoIc}RKYXxd&_8fpSQ-2xD|B5U)5b7C}K6h7~TyaNId<ufIKaY6FAfP
z#c3o2aXzX{%Y)3`jT&8G@?IK$FBa_ED!2q4a!n}I(TF7<D!F0cSI<vVEjx5-ULlOI
zr8D^)F(7=1JBLXZ^DGoq!V1#}BN_=P3URZ!53GW#DwUKx_1+k4<PUc^$Q`ygmxM<C
z@Saqg5+t|Y`>1V2=7jhhl(L~BaHpK|R|OO^9l%%2TlIMO5LSBn4oBR5NDPp-0K(j9
z^ot?>(q-h<@hUe)zXNqNg2~)0+mvJNibBsvQ>k%)e&Ba0NNGhbm~y}gZvyTnYF6fW
zb2Ey)a}DwvnyzJ)c`PWnKo1#}?=I(@7@xk&x|Di{TfthmDrb5>OPldV;YDM2wEpS)
zGvlh*Qq+F}sSXCdv7-;)z1}M=v2ckW%{-d*U-z@W%K>*YId{=0MY=mm9~57tge`Wl
z&-D6-eI=0y_WSPCgASQOT;Tk1Ko@3falHU3$1;h-@Qn>pl%T>As1PWw_QYT)ikt(y
z2T6#FNyxZCmUUoe(X?BjI$=9*72L9HK+`$d%^&MK*iyT<ELaz3<wT!g6)@uXceE)_
zNV)GUw_G4w5k@YP_O?ukuJ_d1r3cUBdoIntg!oY*qxsr)8X5~6V#rRS;LxShD+QTu
zUCt%DaztEBP!#GfeQR5T&yN4$N;X8P^QX-TptA{_=(7SXE;up!`1x!xl$D#&fWu}*
zX%)cb9?fi8g~FnBkOE*k%t&+D5x^I8Y<*|lje-<!w78w0gmeOGAD6RBd0TQ}CSin_
z5SaIh)Sr8r)z|FXakjeXIU#&^!c?RatTDYP5m(PQ?tRJ3=I<nTcp^a>1ac#}2q4&U
z$PbYK|5pImnNOuQ+fk!G{F^-2?LtpYLWF<|*Eyu+!~%g<)%KLZqy<u-<JInUff(#@
zZKE^bOY&3}@hkNkU-)Vwf=#+`BUxe^k>G`%S7SvdAt;OdJ|rMu@K;%r@7v|GEPqVa
zRc#H%SLA@>5RQ=YYZpVJGV+}$mDRilYq7c7BLZ$113;Dl45-8EIg@2q(~R5Dv|00E
zs5OTzwpFI}@Oaz@kZrP}t{9`B#i}u+3(P24FiAVZ1xb-6{GinuX|4o#ou06}gH)^O
zcfAe6w&V$Q7@bELYuSyjx8Y)jJpoESQ-9*@ShG1)_gR&60rt+Nzpl*yBSqmPR}CxF
zLd$9#`8lXce%nqT$SHn#i!fk@^LC@R*0{k6%WUVovSn>K(<v$`h(=4X^izI(!JpHa
zSYJHkgCAGJ8tU8&pFPZ_l_mBy`q(;j?Di2HxQPO*F7=l160VYUENe5nnlhYWMQ`jB
zWLJsMoQIw>b7vQU&6ox2Al4>69f09IW{2lyTblP3ge{Kt#X3M6j}%?^owO8pN&PYp
zUA_3q1Ar2F8uF&tWy+Sjl^6jAe<}qa98Vh;H7qgU^Ucs8Z33+nFP*$H1)u*y2op1Q
zv}w?IMQ$Z@vz5ni84Q$#drH=nkciJcGABUjt5hOm<Ubnsr^ECHEk=}N1dfAG-%0*4
zVAO-}vMzfo8n^N_YW`&5m!|L&7LLsQ{>oTEN=oXf(Ol{M`{#Bs8GD#g7%UD?Ad;6K
zi0Zu@*CrzFkH0TB=%v)SzkkH5|M;`z*Gxc*W9E~L&q7H#$^VsXup8sl(erkbl0>%>
zuc7C4SQb(%zvm0zLxWkI8tu%j(C<F}Ork?)yalpu2j2FJ4JMVssUN~hjlW3epNv>!
d&HoQ0Hl~-3SIC%1p8_F~a&d68FWo~={2!CJ4@&?5

literal 0
HcmV?d00001


From b9c1cdf4adb8b4a7737b8f8d5b6a5abd270ad5e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Tue, 3 Jun 2025 17:15:30 +0300
Subject: [PATCH 081/123] feat(projections): resource counters  (#9979)

# Which Problems Are Solved

Add the ability to keep track of the current counts of projection
resources. We want to prevent calling `SELECT COUNT(*)` on tables, as
that forces a full scan and sudden spikes of DB resource uses.

# How the Problems Are Solved

- A resource_counts table is added
- Triggers that increment and decrement the counted values on inserts
and deletes
- Triggers that delete all counts of a table when the source table is
TRUNCATEd. This is not in the business logic, but prevents wrong counts
in case someone want to force a re-projection.
- Triggers that delete all counts if the parent resource is deleted
- Script to pre-populate the resource_counts table when a new source
table is added.

The triggers are reusable for any type of resource, in case we choose to
add more in the future.
Counts are aggregated by a given parent. Currently only `instance` and
`organization` are defined as possible parent. This can later be
extended to other types, such as `project`, should the need arise.

I deliberately chose to use `parent_id` to distinguish from the
de-factor `resource_owner` which is usually an organization ID. For
example:

- For users the parent is an organization and the `parent_id` matches
`resource_owner`.
- For organizations the parent is an instance, but the `resource_owner`
is the `org_id`. In this case the `parent_id` is the `instance_id`.
- Applications would have a similar problem, where the parent is a
project, but the `resource_owner` is the `org_id`


# Additional Context

Closes https://github.com/zitadel/zitadel/issues/9957
---
 cmd/setup/57.go                               |  27 ++
 cmd/setup/57.sql                              | 106 ++++++++
 cmd/setup/config.go                           |   1 +
 cmd/setup/setup.go                            |   3 +
 cmd/setup/trigger_steps.go                    | 125 +++++++++
 internal/domain/count_trigger.go              |   9 +
 internal/domain/countparenttype_enumer.go     | 109 ++++++++
 internal/domain/secretgeneratortype_enumer.go |  93 +++++--
 internal/migration/count_trigger.sql          |  43 +++
 .../delete_parent_counts_trigger.sql          |  13 +
 internal/migration/migration.go               |   5 +-
 internal/migration/trigger.go                 | 127 +++++++++
 internal/migration/trigger_test.go            | 253 ++++++++++++++++++
 internal/query/resource_counts.go             |  61 +++++
 internal/query/resource_counts_list.sql       |  12 +
 internal/query/resource_counts_test.go        | 109 ++++++++
 16 files changed, 1080 insertions(+), 16 deletions(-)
 create mode 100644 cmd/setup/57.go
 create mode 100644 cmd/setup/57.sql
 create mode 100644 cmd/setup/trigger_steps.go
 create mode 100644 internal/domain/count_trigger.go
 create mode 100644 internal/domain/countparenttype_enumer.go
 create mode 100644 internal/migration/count_trigger.sql
 create mode 100644 internal/migration/delete_parent_counts_trigger.sql
 create mode 100644 internal/migration/trigger.go
 create mode 100644 internal/migration/trigger_test.go
 create mode 100644 internal/query/resource_counts.go
 create mode 100644 internal/query/resource_counts_list.sql
 create mode 100644 internal/query/resource_counts_test.go

diff --git a/cmd/setup/57.go b/cmd/setup/57.go
new file mode 100644
index 0000000000..4c52018f1e
--- /dev/null
+++ b/cmd/setup/57.go
@@ -0,0 +1,27 @@
+package setup
+
+import (
+	"context"
+	_ "embed"
+
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/eventstore"
+)
+
+var (
+	//go:embed 57.sql
+	createResourceCounts string
+)
+
+type CreateResourceCounts struct {
+	dbClient *database.DB
+}
+
+func (mig *CreateResourceCounts) Execute(ctx context.Context, _ eventstore.Event) error {
+	_, err := mig.dbClient.ExecContext(ctx, createResourceCounts)
+	return err
+}
+
+func (mig *CreateResourceCounts) String() string {
+	return "57_create_resource_counts"
+}
diff --git a/cmd/setup/57.sql b/cmd/setup/57.sql
new file mode 100644
index 0000000000..f2f0a40202
--- /dev/null
+++ b/cmd/setup/57.sql
@@ -0,0 +1,106 @@
+CREATE TABLE IF NOT EXISTS projections.resource_counts
+(
+    id SERIAL PRIMARY KEY, -- allows for easy pagination
+    instance_id TEXT NOT NULL,
+    table_name TEXT NOT NULL, -- needed for trigger matching, not in reports
+    parent_type TEXT NOT NULL,
+    parent_id TEXT NOT NULL,
+    resource_name TEXT NOT NULL, -- friendly name for reporting
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    amount INTEGER NOT NULL DEFAULT 1 CHECK (amount >= 0),
+    
+	UNIQUE (instance_id, parent_type, parent_id, table_name)
+);
+
+-- count_resource is a trigger function which increases or decreases the count of a resource.
+-- When creating the trigger the following required arguments (TG_ARGV) can be passed:
+-- 1. The type of the parent
+-- 2. The column name of the instance id
+-- 3. The column name of the owner id
+-- 4. The name of the resource
+CREATE OR REPLACE FUNCTION projections.count_resource()
+    RETURNS trigger
+    LANGUAGE 'plpgsql' VOLATILE
+AS $$
+DECLARE
+	-- trigger variables
+	tg_table_name TEXT := TG_TABLE_SCHEMA || '.' || TG_TABLE_NAME;
+	tg_parent_type TEXT := TG_ARGV[0];
+	tg_instance_id_column TEXT := TG_ARGV[1];
+	tg_parent_id_column TEXT := TG_ARGV[2];
+	tg_resource_name TEXT := TG_ARGV[3];
+	
+	tg_instance_id TEXT;
+	tg_parent_id TEXT;
+
+	select_ids TEXT := format('SELECT ($1).%I, ($1).%I', tg_instance_id_column, tg_parent_id_column);
+BEGIN
+	IF (TG_OP = 'INSERT') THEN
+		EXECUTE select_ids INTO tg_instance_id, tg_parent_id USING NEW;
+		
+		INSERT INTO projections.resource_counts(instance_id, table_name, parent_type, parent_id, resource_name)
+		VALUES (tg_instance_id, tg_table_name, tg_parent_type, tg_parent_id, tg_resource_name)	
+		ON CONFLICT (instance_id, table_name, parent_type, parent_id) DO
+		UPDATE SET updated_at = now(), amount = projections.resource_counts.amount + 1;
+		
+		RETURN NEW;
+	ELSEIF (TG_OP = 'DELETE') THEN
+		EXECUTE select_ids INTO tg_instance_id, tg_parent_id USING OLD;
+
+		UPDATE projections.resource_counts
+		SET updated_at = now(), amount = amount - 1
+		WHERE instance_id = tg_instance_id
+			AND table_name = tg_table_name
+			AND parent_type = tg_parent_type
+			AND parent_id = tg_parent_id
+			AND resource_name = tg_resource_name 
+			AND amount > 0; -- prevent check failure on negative amount.
+		
+		RETURN OLD;
+	END IF;
+END
+$$;
+
+-- delete_table_counts removes all resource counts for a TRUNCATED table.
+CREATE OR REPLACE FUNCTION projections.delete_table_counts()
+	RETURNS trigger
+	LANGUAGE 'plpgsql'
+AS $$
+DECLARE
+	-- trigger variables
+	tg_table_name TEXT := TG_TABLE_SCHEMA || '.' || TG_TABLE_NAME;
+BEGIN
+	DELETE FROM projections.resource_counts
+	WHERE table_name = tg_table_name;
+END
+$$;
+
+-- delete_parent_counts removes all resource counts for a deleted parent.
+-- 1. The type of the parent
+-- 2. The column name of the instance id
+-- 3. The column name of the owner id
+CREATE OR REPLACE FUNCTION projections.delete_parent_counts()
+	RETURNS trigger
+	LANGUAGE 'plpgsql'
+AS $$
+DECLARE
+	-- trigger variables
+	tg_parent_type TEXT := TG_ARGV[0];
+	tg_instance_id_column TEXT := TG_ARGV[1];
+	tg_parent_id_column TEXT := TG_ARGV[2];
+	
+	tg_instance_id TEXT;
+	tg_parent_id TEXT;
+
+	select_ids TEXT := format('SELECT ($1).%I, ($1).%I', tg_instance_id_column, tg_parent_id_column);
+BEGIN
+	EXECUTE select_ids INTO tg_instance_id, tg_parent_id USING OLD;
+	
+	DELETE FROM projections.resource_counts
+		WHERE instance_id = tg_instance_id
+		AND parent_type = tg_parent_type
+		AND parent_id = tg_parent_id;
+	
+	RETURN OLD;
+END
+$$;
diff --git a/cmd/setup/config.go b/cmd/setup/config.go
index bd2abde9ea..dd59ba3f07 100644
--- a/cmd/setup/config.go
+++ b/cmd/setup/config.go
@@ -153,6 +153,7 @@ type Steps struct {
 	s54InstancePositionIndex                *InstancePositionIndex
 	s55ExecutionHandlerStart                *ExecutionHandlerStart
 	s56IDPTemplate6SAMLFederatedLogout      *IDPTemplate6SAMLFederatedLogout
+	s57CreateResourceCounts                 *CreateResourceCounts
 }
 
 func MustNewSteps(v *viper.Viper) *Steps {
diff --git a/cmd/setup/setup.go b/cmd/setup/setup.go
index c84976f282..1465180a6b 100644
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -215,6 +215,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 	steps.s54InstancePositionIndex = &InstancePositionIndex{dbClient: dbClient}
 	steps.s55ExecutionHandlerStart = &ExecutionHandlerStart{dbClient: dbClient}
 	steps.s56IDPTemplate6SAMLFederatedLogout = &IDPTemplate6SAMLFederatedLogout{dbClient: dbClient}
+	steps.s57CreateResourceCounts = &CreateResourceCounts{dbClient: dbClient}
 
 	err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil, nil)
 	logging.OnError(err).Fatal("unable to start projections")
@@ -260,6 +261,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 		steps.s54InstancePositionIndex,
 		steps.s55ExecutionHandlerStart,
 		steps.s56IDPTemplate6SAMLFederatedLogout,
+		steps.s57CreateResourceCounts,
 	} {
 		setupErr = executeMigration(ctx, eventstoreClient, step, "migration failed")
 		if setupErr != nil {
@@ -296,6 +298,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 			client: dbClient,
 		},
 	}
+	repeatableSteps = append(repeatableSteps, triggerSteps(dbClient)...)
 
 	for _, repeatableStep := range repeatableSteps {
 		setupErr = executeMigration(ctx, eventstoreClient, repeatableStep, "unable to migrate repeatable step")
diff --git a/cmd/setup/trigger_steps.go b/cmd/setup/trigger_steps.go
new file mode 100644
index 0000000000..163a8fdb59
--- /dev/null
+++ b/cmd/setup/trigger_steps.go
@@ -0,0 +1,125 @@
+package setup
+
+import (
+	"fmt"
+
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/migration"
+	"github.com/zitadel/zitadel/internal/query/projection"
+)
+
+// triggerSteps defines the repeatable migrations that set up triggers
+// for counting resources in the database.
+func triggerSteps(db *database.DB) []migration.RepeatableMigration {
+	return []migration.RepeatableMigration{
+		// Delete parent count triggers for instances and organizations
+		migration.DeleteParentCountsTrigger(db,
+			projection.InstanceProjectionTable,
+			domain.CountParentTypeInstance,
+			projection.InstanceColumnID,
+			projection.InstanceColumnID,
+			"instance",
+		),
+		migration.DeleteParentCountsTrigger(db,
+			projection.OrgProjectionTable,
+			domain.CountParentTypeOrganization,
+			projection.OrgColumnInstanceID,
+			projection.OrgColumnID,
+			"organization",
+		),
+
+		// Count triggers for all the resources
+		migration.CountTrigger(db,
+			projection.OrgProjectionTable,
+			domain.CountParentTypeInstance,
+			projection.OrgColumnInstanceID,
+			projection.OrgColumnInstanceID,
+			"organization",
+		),
+		migration.CountTrigger(db,
+			projection.ProjectProjectionTable,
+			domain.CountParentTypeOrganization,
+			projection.ProjectColumnInstanceID,
+			projection.ProjectColumnResourceOwner,
+			"project",
+		),
+		migration.CountTrigger(db,
+			projection.UserTable,
+			domain.CountParentTypeOrganization,
+			projection.UserInstanceIDCol,
+			projection.UserResourceOwnerCol,
+			"user",
+		),
+		migration.CountTrigger(db,
+			projection.InstanceMemberProjectionTable,
+			domain.CountParentTypeInstance,
+			projection.MemberInstanceID,
+			projection.MemberResourceOwner,
+			"iam_admin",
+		),
+		migration.CountTrigger(db,
+			projection.IDPTable,
+			domain.CountParentTypeInstance,
+			projection.IDPInstanceIDCol,
+			projection.IDPInstanceIDCol,
+			"identity_provider",
+		),
+		migration.CountTrigger(db,
+			projection.IDPTemplateLDAPTable,
+			domain.CountParentTypeInstance,
+			projection.LDAPInstanceIDCol,
+			projection.LDAPInstanceIDCol,
+			"identity_provider_ldap",
+		),
+		migration.CountTrigger(db,
+			projection.ActionTable,
+			domain.CountParentTypeInstance,
+			projection.ActionInstanceIDCol,
+			projection.ActionInstanceIDCol,
+			"action_v1",
+		),
+		migration.CountTrigger(db,
+			projection.ExecutionTable,
+			domain.CountParentTypeInstance,
+			projection.ExecutionInstanceIDCol,
+			projection.ExecutionInstanceIDCol,
+			"execution",
+		),
+		migration.CountTrigger(db,
+			fmt.Sprintf("%s_%s", projection.ExecutionTable, projection.ExecutionTargetSuffix),
+			domain.CountParentTypeInstance,
+			projection.ExecutionTargetInstanceIDCol,
+			projection.ExecutionTargetInstanceIDCol,
+			"execution_target",
+		),
+		migration.CountTrigger(db,
+			projection.LoginPolicyTable,
+			domain.CountParentTypeInstance,
+			projection.LoginPolicyInstanceIDCol,
+			projection.LoginPolicyInstanceIDCol,
+			"login_policy",
+		),
+		migration.CountTrigger(db,
+			projection.PasswordComplexityTable,
+			domain.CountParentTypeInstance,
+			projection.ComplexityPolicyInstanceIDCol,
+			projection.ComplexityPolicyInstanceIDCol,
+			"password_complexity_policy",
+		),
+		migration.CountTrigger(db,
+			projection.PasswordAgeTable,
+			domain.CountParentTypeInstance,
+			projection.AgePolicyInstanceIDCol,
+			projection.AgePolicyInstanceIDCol,
+			"password_expiry_policy",
+		),
+		migration.CountTrigger(db,
+			projection.LockoutPolicyTable,
+			domain.CountParentTypeInstance,
+			projection.LockoutPolicyInstanceIDCol,
+			projection.LockoutPolicyInstanceIDCol,
+			"lockout_policy",
+		),
+	}
+}
diff --git a/internal/domain/count_trigger.go b/internal/domain/count_trigger.go
new file mode 100644
index 0000000000..a29d125fe9
--- /dev/null
+++ b/internal/domain/count_trigger.go
@@ -0,0 +1,9 @@
+package domain
+
+//go:generate enumer -type CountParentType -transform lower -trimprefix CountParentType -sql
+type CountParentType int
+
+const (
+	CountParentTypeInstance CountParentType = iota
+	CountParentTypeOrganization
+)
diff --git a/internal/domain/countparenttype_enumer.go b/internal/domain/countparenttype_enumer.go
new file mode 100644
index 0000000000..8691d97e62
--- /dev/null
+++ b/internal/domain/countparenttype_enumer.go
@@ -0,0 +1,109 @@
+// Code generated by "enumer -type CountParentType -transform lower -trimprefix CountParentType -sql"; DO NOT EDIT.
+
+package domain
+
+import (
+	"database/sql/driver"
+	"fmt"
+	"strings"
+)
+
+const _CountParentTypeName = "instanceorganization"
+
+var _CountParentTypeIndex = [...]uint8{0, 8, 20}
+
+const _CountParentTypeLowerName = "instanceorganization"
+
+func (i CountParentType) String() string {
+	if i < 0 || i >= CountParentType(len(_CountParentTypeIndex)-1) {
+		return fmt.Sprintf("CountParentType(%d)", i)
+	}
+	return _CountParentTypeName[_CountParentTypeIndex[i]:_CountParentTypeIndex[i+1]]
+}
+
+// An "invalid array index" compiler error signifies that the constant values have changed.
+// Re-run the stringer command to generate them again.
+func _CountParentTypeNoOp() {
+	var x [1]struct{}
+	_ = x[CountParentTypeInstance-(0)]
+	_ = x[CountParentTypeOrganization-(1)]
+}
+
+var _CountParentTypeValues = []CountParentType{CountParentTypeInstance, CountParentTypeOrganization}
+
+var _CountParentTypeNameToValueMap = map[string]CountParentType{
+	_CountParentTypeName[0:8]:       CountParentTypeInstance,
+	_CountParentTypeLowerName[0:8]:  CountParentTypeInstance,
+	_CountParentTypeName[8:20]:      CountParentTypeOrganization,
+	_CountParentTypeLowerName[8:20]: CountParentTypeOrganization,
+}
+
+var _CountParentTypeNames = []string{
+	_CountParentTypeName[0:8],
+	_CountParentTypeName[8:20],
+}
+
+// CountParentTypeString retrieves an enum value from the enum constants string name.
+// Throws an error if the param is not part of the enum.
+func CountParentTypeString(s string) (CountParentType, error) {
+	if val, ok := _CountParentTypeNameToValueMap[s]; ok {
+		return val, nil
+	}
+
+	if val, ok := _CountParentTypeNameToValueMap[strings.ToLower(s)]; ok {
+		return val, nil
+	}
+	return 0, fmt.Errorf("%s does not belong to CountParentType values", s)
+}
+
+// CountParentTypeValues returns all values of the enum
+func CountParentTypeValues() []CountParentType {
+	return _CountParentTypeValues
+}
+
+// CountParentTypeStrings returns a slice of all String values of the enum
+func CountParentTypeStrings() []string {
+	strs := make([]string, len(_CountParentTypeNames))
+	copy(strs, _CountParentTypeNames)
+	return strs
+}
+
+// IsACountParentType returns "true" if the value is listed in the enum definition. "false" otherwise
+func (i CountParentType) IsACountParentType() bool {
+	for _, v := range _CountParentTypeValues {
+		if i == v {
+			return true
+		}
+	}
+	return false
+}
+
+func (i CountParentType) Value() (driver.Value, error) {
+	return i.String(), nil
+}
+
+func (i *CountParentType) Scan(value interface{}) error {
+	if value == nil {
+		return nil
+	}
+
+	var str string
+	switch v := value.(type) {
+	case []byte:
+		str = string(v)
+	case string:
+		str = v
+	case fmt.Stringer:
+		str = v.String()
+	default:
+		return fmt.Errorf("invalid value of CountParentType: %[1]T(%[1]v)", value)
+	}
+
+	val, err := CountParentTypeString(str)
+	if err != nil {
+		return err
+	}
+
+	*i = val
+	return nil
+}
diff --git a/internal/domain/secretgeneratortype_enumer.go b/internal/domain/secretgeneratortype_enumer.go
index f819bafc1f..db66715670 100644
--- a/internal/domain/secretgeneratortype_enumer.go
+++ b/internal/domain/secretgeneratortype_enumer.go
@@ -4,11 +4,14 @@ package domain
 
 import (
 	"fmt"
+	"strings"
 )
 
-const _SecretGeneratorTypeName = "unspecifiedinit_codeverify_email_codeverify_phone_codeverify_domainpassword_reset_codepasswordless_init_codeapp_secretotpsmsotp_emailinvite_codesecret_generator_type_count"
+const _SecretGeneratorTypeName = "unspecifiedinit_codeverify_email_codeverify_phone_codeverify_domainpassword_reset_codepasswordless_init_codeapp_secretotpsmsotp_emailinvite_codesigning_keysecret_generator_type_count"
 
-var _SecretGeneratorTypeIndex = [...]uint8{0, 11, 20, 37, 54, 67, 86, 108, 118, 124, 133, 144, 171}
+var _SecretGeneratorTypeIndex = [...]uint8{0, 11, 20, 37, 54, 67, 86, 108, 118, 124, 133, 144, 155, 182}
+
+const _SecretGeneratorTypeLowerName = "unspecifiedinit_codeverify_email_codeverify_phone_codeverify_domainpassword_reset_codepasswordless_init_codeapp_secretotpsmsotp_emailinvite_codesigning_keysecret_generator_type_count"
 
 func (i SecretGeneratorType) String() string {
 	if i < 0 || i >= SecretGeneratorType(len(_SecretGeneratorTypeIndex)-1) {
@@ -17,21 +20,70 @@ func (i SecretGeneratorType) String() string {
 	return _SecretGeneratorTypeName[_SecretGeneratorTypeIndex[i]:_SecretGeneratorTypeIndex[i+1]]
 }
 
-var _SecretGeneratorTypeValues = []SecretGeneratorType{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11}
+// An "invalid array index" compiler error signifies that the constant values have changed.
+// Re-run the stringer command to generate them again.
+func _SecretGeneratorTypeNoOp() {
+	var x [1]struct{}
+	_ = x[SecretGeneratorTypeUnspecified-(0)]
+	_ = x[SecretGeneratorTypeInitCode-(1)]
+	_ = x[SecretGeneratorTypeVerifyEmailCode-(2)]
+	_ = x[SecretGeneratorTypeVerifyPhoneCode-(3)]
+	_ = x[SecretGeneratorTypeVerifyDomain-(4)]
+	_ = x[SecretGeneratorTypePasswordResetCode-(5)]
+	_ = x[SecretGeneratorTypePasswordlessInitCode-(6)]
+	_ = x[SecretGeneratorTypeAppSecret-(7)]
+	_ = x[SecretGeneratorTypeOTPSMS-(8)]
+	_ = x[SecretGeneratorTypeOTPEmail-(9)]
+	_ = x[SecretGeneratorTypeInviteCode-(10)]
+	_ = x[SecretGeneratorTypeSigningKey-(11)]
+	_ = x[secretGeneratorTypeCount-(12)]
+}
+
+var _SecretGeneratorTypeValues = []SecretGeneratorType{SecretGeneratorTypeUnspecified, SecretGeneratorTypeInitCode, SecretGeneratorTypeVerifyEmailCode, SecretGeneratorTypeVerifyPhoneCode, SecretGeneratorTypeVerifyDomain, SecretGeneratorTypePasswordResetCode, SecretGeneratorTypePasswordlessInitCode, SecretGeneratorTypeAppSecret, SecretGeneratorTypeOTPSMS, SecretGeneratorTypeOTPEmail, SecretGeneratorTypeInviteCode, SecretGeneratorTypeSigningKey, secretGeneratorTypeCount}
 
 var _SecretGeneratorTypeNameToValueMap = map[string]SecretGeneratorType{
-	_SecretGeneratorTypeName[0:11]:    0,
-	_SecretGeneratorTypeName[11:20]:   1,
-	_SecretGeneratorTypeName[20:37]:   2,
-	_SecretGeneratorTypeName[37:54]:   3,
-	_SecretGeneratorTypeName[54:67]:   4,
-	_SecretGeneratorTypeName[67:86]:   5,
-	_SecretGeneratorTypeName[86:108]:  6,
-	_SecretGeneratorTypeName[108:118]: 7,
-	_SecretGeneratorTypeName[118:124]: 8,
-	_SecretGeneratorTypeName[124:133]: 9,
-	_SecretGeneratorTypeName[133:144]: 10,
-	_SecretGeneratorTypeName[144:171]: 11,
+	_SecretGeneratorTypeName[0:11]:         SecretGeneratorTypeUnspecified,
+	_SecretGeneratorTypeLowerName[0:11]:    SecretGeneratorTypeUnspecified,
+	_SecretGeneratorTypeName[11:20]:        SecretGeneratorTypeInitCode,
+	_SecretGeneratorTypeLowerName[11:20]:   SecretGeneratorTypeInitCode,
+	_SecretGeneratorTypeName[20:37]:        SecretGeneratorTypeVerifyEmailCode,
+	_SecretGeneratorTypeLowerName[20:37]:   SecretGeneratorTypeVerifyEmailCode,
+	_SecretGeneratorTypeName[37:54]:        SecretGeneratorTypeVerifyPhoneCode,
+	_SecretGeneratorTypeLowerName[37:54]:   SecretGeneratorTypeVerifyPhoneCode,
+	_SecretGeneratorTypeName[54:67]:        SecretGeneratorTypeVerifyDomain,
+	_SecretGeneratorTypeLowerName[54:67]:   SecretGeneratorTypeVerifyDomain,
+	_SecretGeneratorTypeName[67:86]:        SecretGeneratorTypePasswordResetCode,
+	_SecretGeneratorTypeLowerName[67:86]:   SecretGeneratorTypePasswordResetCode,
+	_SecretGeneratorTypeName[86:108]:       SecretGeneratorTypePasswordlessInitCode,
+	_SecretGeneratorTypeLowerName[86:108]:  SecretGeneratorTypePasswordlessInitCode,
+	_SecretGeneratorTypeName[108:118]:      SecretGeneratorTypeAppSecret,
+	_SecretGeneratorTypeLowerName[108:118]: SecretGeneratorTypeAppSecret,
+	_SecretGeneratorTypeName[118:124]:      SecretGeneratorTypeOTPSMS,
+	_SecretGeneratorTypeLowerName[118:124]: SecretGeneratorTypeOTPSMS,
+	_SecretGeneratorTypeName[124:133]:      SecretGeneratorTypeOTPEmail,
+	_SecretGeneratorTypeLowerName[124:133]: SecretGeneratorTypeOTPEmail,
+	_SecretGeneratorTypeName[133:144]:      SecretGeneratorTypeInviteCode,
+	_SecretGeneratorTypeLowerName[133:144]: SecretGeneratorTypeInviteCode,
+	_SecretGeneratorTypeName[144:155]:      SecretGeneratorTypeSigningKey,
+	_SecretGeneratorTypeLowerName[144:155]: SecretGeneratorTypeSigningKey,
+	_SecretGeneratorTypeName[155:182]:      secretGeneratorTypeCount,
+	_SecretGeneratorTypeLowerName[155:182]: secretGeneratorTypeCount,
+}
+
+var _SecretGeneratorTypeNames = []string{
+	_SecretGeneratorTypeName[0:11],
+	_SecretGeneratorTypeName[11:20],
+	_SecretGeneratorTypeName[20:37],
+	_SecretGeneratorTypeName[37:54],
+	_SecretGeneratorTypeName[54:67],
+	_SecretGeneratorTypeName[67:86],
+	_SecretGeneratorTypeName[86:108],
+	_SecretGeneratorTypeName[108:118],
+	_SecretGeneratorTypeName[118:124],
+	_SecretGeneratorTypeName[124:133],
+	_SecretGeneratorTypeName[133:144],
+	_SecretGeneratorTypeName[144:155],
+	_SecretGeneratorTypeName[155:182],
 }
 
 // SecretGeneratorTypeString retrieves an enum value from the enum constants string name.
@@ -40,6 +92,10 @@ func SecretGeneratorTypeString(s string) (SecretGeneratorType, error) {
 	if val, ok := _SecretGeneratorTypeNameToValueMap[s]; ok {
 		return val, nil
 	}
+
+	if val, ok := _SecretGeneratorTypeNameToValueMap[strings.ToLower(s)]; ok {
+		return val, nil
+	}
 	return 0, fmt.Errorf("%s does not belong to SecretGeneratorType values", s)
 }
 
@@ -48,6 +104,13 @@ func SecretGeneratorTypeValues() []SecretGeneratorType {
 	return _SecretGeneratorTypeValues
 }
 
+// SecretGeneratorTypeStrings returns a slice of all String values of the enum
+func SecretGeneratorTypeStrings() []string {
+	strs := make([]string, len(_SecretGeneratorTypeNames))
+	copy(strs, _SecretGeneratorTypeNames)
+	return strs
+}
+
 // IsASecretGeneratorType returns "true" if the value is listed in the enum definition. "false" otherwise
 func (i SecretGeneratorType) IsASecretGeneratorType() bool {
 	for _, v := range _SecretGeneratorTypeValues {
diff --git a/internal/migration/count_trigger.sql b/internal/migration/count_trigger.sql
new file mode 100644
index 0000000000..4b521094ab
--- /dev/null
+++ b/internal/migration/count_trigger.sql
@@ -0,0 +1,43 @@
+{{ define "count_trigger" -}}
+CREATE OR REPLACE TRIGGER count_{{ .Resource }}
+    AFTER INSERT OR DELETE
+    ON {{ .Table }}
+    FOR EACH ROW
+    EXECUTE FUNCTION projections.count_resource(
+        '{{ .ParentType }}', 
+        '{{ .InstanceIDColumn }}', 
+        '{{ .ParentIDColumn }}',
+        '{{ .Resource }}'
+    );
+
+CREATE OR REPLACE TRIGGER truncate_{{ .Resource }}_counts
+    AFTER TRUNCATE
+    ON {{ .Table }}
+    FOR EACH STATEMENT
+    EXECUTE FUNCTION projections.delete_table_counts();
+
+-- Prevent inserts and deletes while we populate the counts.
+LOCK TABLE {{ .Table }} IN SHARE MODE;
+
+-- Populate the resource counts for the existing data in the table.
+INSERT INTO projections.resource_counts(
+	instance_id,
+    table_name,
+    parent_type,
+    parent_id,
+    resource_name,
+    amount
+)
+SELECT
+    {{ .InstanceIDColumn }},
+    '{{ .Table }}',
+    '{{ .ParentType }}',
+    {{ .ParentIDColumn }},
+    '{{ .Resource }}',
+    COUNT(*) AS amount
+FROM {{ .Table }}
+GROUP BY ({{ .InstanceIDColumn }}, {{ .ParentIDColumn }})
+ON CONFLICT (instance_id, table_name, parent_type, parent_id) DO
+UPDATE SET updated_at = now(), amount = EXCLUDED.amount;
+
+{{- end -}}
diff --git a/internal/migration/delete_parent_counts_trigger.sql b/internal/migration/delete_parent_counts_trigger.sql
new file mode 100644
index 0000000000..a2e9df6626
--- /dev/null
+++ b/internal/migration/delete_parent_counts_trigger.sql
@@ -0,0 +1,13 @@
+{{ define "delete_parent_counts_trigger" -}}
+
+CREATE OR REPLACE TRIGGER delete_parent_counts_trigger
+    AFTER DELETE
+    ON {{ .Table }}
+    FOR EACH ROW
+    EXECUTE FUNCTION projections.delete_parent_counts(
+        '{{ .ParentType }}', 
+        '{{ .InstanceIDColumn }}', 
+        '{{ .ParentIDColumn }}'
+    );
+
+{{- end -}}
diff --git a/internal/migration/migration.go b/internal/migration/migration.go
index a2224340a7..3aeb2f0612 100644
--- a/internal/migration/migration.go
+++ b/internal/migration/migration.go
@@ -36,7 +36,10 @@ type errCheckerMigration interface {
 
 type RepeatableMigration interface {
 	Migration
-	Check(lastRun map[string]interface{}) bool
+
+	// Check if the migration should be executed again.
+	// True will repeat the migration, false will not.
+	Check(lastRun map[string]any) bool
 }
 
 func Migrate(ctx context.Context, es *eventstore.Eventstore, migration Migration) (err error) {
diff --git a/internal/migration/trigger.go b/internal/migration/trigger.go
new file mode 100644
index 0000000000..bd06afd5c5
--- /dev/null
+++ b/internal/migration/trigger.go
@@ -0,0 +1,127 @@
+package migration
+
+import (
+	"context"
+	"embed"
+	"fmt"
+	"strings"
+	"text/template"
+
+	"github.com/mitchellh/mapstructure"
+
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+)
+
+const (
+	countTriggerTmpl       = "count_trigger"
+	deleteParentCountsTmpl = "delete_parent_counts_trigger"
+)
+
+var (
+	//go:embed *.sql
+	templateFS embed.FS
+	templates  = template.Must(template.ParseFS(templateFS, "*.sql"))
+)
+
+// CountTrigger registers the existing projections.count_trigger function.
+// The trigger than takes care of keeping count of existing
+// rows in the source table.
+// It also pre-populates the projections.resource_counts table with
+// the counts for the given table.
+//
+// During the population of the resource_counts table,
+// the source table is share-locked to prevent concurrent modifications.
+// Projection handlers will be halted until the lock is released.
+// SELECT statements are not blocked by the lock.
+//
+// This migration repeats when any of the arguments are changed,
+// such as renaming of a projection table.
+func CountTrigger(
+	db *database.DB,
+	table string,
+	parentType domain.CountParentType,
+	instanceIDColumn string,
+	parentIDColumn string,
+	resource string,
+) RepeatableMigration {
+	return &triggerMigration{
+		triggerConfig: triggerConfig{
+			Table:            table,
+			ParentType:       parentType.String(),
+			InstanceIDColumn: instanceIDColumn,
+			ParentIDColumn:   parentIDColumn,
+			Resource:         resource,
+		},
+		db:           db,
+		templateName: countTriggerTmpl,
+	}
+}
+
+// DeleteParentCountsTrigger
+//
+// This migration repeats when any of the arguments are changed,
+// such as renaming of a projection table.
+func DeleteParentCountsTrigger(
+	db *database.DB,
+	table string,
+	parentType domain.CountParentType,
+	instanceIDColumn string,
+	parentIDColumn string,
+	resource string,
+) RepeatableMigration {
+	return &triggerMigration{
+		triggerConfig: triggerConfig{
+			Table:            table,
+			ParentType:       parentType.String(),
+			InstanceIDColumn: instanceIDColumn,
+			ParentIDColumn:   parentIDColumn,
+			Resource:         resource,
+		},
+		db:           db,
+		templateName: deleteParentCountsTmpl,
+	}
+}
+
+type triggerMigration struct {
+	triggerConfig
+	db           *database.DB
+	templateName string
+}
+
+// String implements [Migration] and [fmt.Stringer].
+func (m *triggerMigration) String() string {
+	return fmt.Sprintf("repeatable_%s_%s", m.Resource, m.templateName)
+}
+
+// Execute implements [Migration]
+func (m *triggerMigration) Execute(ctx context.Context, _ eventstore.Event) error {
+	var query strings.Builder
+	err := templates.ExecuteTemplate(&query, m.templateName, m.triggerConfig)
+	if err != nil {
+		return fmt.Errorf("%s: execute trigger template: %w", m, err)
+	}
+	_, err = m.db.ExecContext(ctx, query.String())
+	if err != nil {
+		return fmt.Errorf("%s: exec trigger query: %w", m, err)
+	}
+	return nil
+}
+
+type triggerConfig struct {
+	Table            string `json:"table,omitempty" mapstructure:"table"`
+	ParentType       string `json:"parent_type,omitempty" mapstructure:"parent_type"`
+	InstanceIDColumn string `json:"instance_id_column,omitempty" mapstructure:"instance_id_column"`
+	ParentIDColumn   string `json:"parent_id_column,omitempty" mapstructure:"parent_id_column"`
+	Resource         string `json:"resource,omitempty" mapstructure:"resource"`
+}
+
+// Check implements [RepeatableMigration].
+func (c *triggerConfig) Check(lastRun map[string]any) bool {
+	var dst triggerConfig
+	if err := mapstructure.Decode(lastRun, &dst); err != nil {
+		panic(err)
+	}
+	return dst != *c
+}
diff --git a/internal/migration/trigger_test.go b/internal/migration/trigger_test.go
new file mode 100644
index 0000000000..5799526428
--- /dev/null
+++ b/internal/migration/trigger_test.go
@@ -0,0 +1,253 @@
+package migration
+
+import (
+	"context"
+	"regexp"
+	"testing"
+
+	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/zitadel/zitadel/internal/database"
+)
+
+const (
+	expCountTriggerQuery = `CREATE OR REPLACE TRIGGER count_resource
+    AFTER INSERT OR DELETE
+    ON table
+    FOR EACH ROW
+    EXECUTE FUNCTION projections.count_resource(
+        'instance', 
+        'instance_id', 
+        'parent_id',
+        'resource'
+    );
+
+CREATE OR REPLACE TRIGGER truncate_resource_counts
+    AFTER TRUNCATE
+    ON table
+    FOR EACH STATEMENT
+    EXECUTE FUNCTION projections.delete_table_counts();
+
+-- Prevent inserts and deletes while we populate the counts.
+LOCK TABLE table IN SHARE MODE;
+
+-- Populate the resource counts for the existing data in the table.
+INSERT INTO projections.resource_counts(
+	instance_id,
+    table_name,
+    parent_type,
+    parent_id,
+    resource_name,
+    amount
+)
+SELECT
+    instance_id,
+    'table',
+    'instance',
+    parent_id,
+    'resource',
+    COUNT(*) AS amount
+FROM table
+GROUP BY (instance_id, parent_id)
+ON CONFLICT (instance_id, table_name, parent_type, parent_id) DO
+UPDATE SET updated_at = now(), amount = EXCLUDED.amount;`
+
+	expDeleteParentCountsQuery = `CREATE OR REPLACE TRIGGER delete_parent_counts_trigger
+    AFTER DELETE
+    ON table
+    FOR EACH ROW
+    EXECUTE FUNCTION projections.delete_parent_counts(
+        'instance', 
+        'instance_id', 
+        'parent_id'
+    );`
+)
+
+func Test_triggerMigration_Execute(t *testing.T) {
+	type fields struct {
+		triggerConfig triggerConfig
+		templateName  string
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		expects func(sqlmock.Sqlmock)
+		wantErr bool
+	}{
+		{
+			name: "template error",
+			fields: fields{
+				triggerConfig: triggerConfig{
+					Table:            "table",
+					ParentType:       "instance",
+					InstanceIDColumn: "instance_id",
+					ParentIDColumn:   "parent_id",
+					Resource:         "resource",
+				},
+				templateName: "foo",
+			},
+			expects: func(_ sqlmock.Sqlmock) {},
+			wantErr: true,
+		},
+		{
+			name: "db error",
+			fields: fields{
+				triggerConfig: triggerConfig{
+					Table:            "table",
+					ParentType:       "instance",
+					InstanceIDColumn: "instance_id",
+					ParentIDColumn:   "parent_id",
+					Resource:         "resource",
+				},
+				templateName: countTriggerTmpl,
+			},
+			expects: func(mock sqlmock.Sqlmock) {
+				mock.ExpectExec(regexp.QuoteMeta(expCountTriggerQuery)).
+					WillReturnError(assert.AnError)
+			},
+			wantErr: true,
+		},
+		{
+			name: "count trigger",
+			fields: fields{
+				triggerConfig: triggerConfig{
+					Table:            "table",
+					ParentType:       "instance",
+					InstanceIDColumn: "instance_id",
+					ParentIDColumn:   "parent_id",
+					Resource:         "resource",
+				},
+				templateName: countTriggerTmpl,
+			},
+			expects: func(mock sqlmock.Sqlmock) {
+				mock.ExpectExec(regexp.QuoteMeta(expCountTriggerQuery)).
+					WithoutArgs().
+					WillReturnResult(
+						sqlmock.NewResult(1, 1),
+					)
+			},
+		},
+		{
+			name: "count trigger",
+			fields: fields{
+				triggerConfig: triggerConfig{
+					Table:            "table",
+					ParentType:       "instance",
+					InstanceIDColumn: "instance_id",
+					ParentIDColumn:   "parent_id",
+					Resource:         "resource",
+				},
+				templateName: deleteParentCountsTmpl,
+			},
+			expects: func(mock sqlmock.Sqlmock) {
+				mock.ExpectExec(regexp.QuoteMeta(expDeleteParentCountsQuery)).
+					WithoutArgs().
+					WillReturnResult(
+						sqlmock.NewResult(1, 1),
+					)
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			db, mock, err := sqlmock.New()
+			require.NoError(t, err)
+			defer func() {
+				err := mock.ExpectationsWereMet()
+				require.NoError(t, err)
+			}()
+			defer db.Close()
+			tt.expects(mock)
+			mock.ExpectClose()
+
+			m := &triggerMigration{
+				db: &database.DB{
+					DB: db,
+				},
+				triggerConfig: tt.fields.triggerConfig,
+				templateName:  tt.fields.templateName,
+			}
+			err = m.Execute(context.Background(), nil)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+		})
+	}
+}
+
+func Test_triggerConfig_Check(t *testing.T) {
+	type fields struct {
+		Table            string
+		ParentType       string
+		InstanceIDColumn string
+		ParentIDColumn   string
+		Resource         string
+	}
+	type args struct {
+		lastRun map[string]any
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   bool
+	}{
+		{
+			name: "should",
+			fields: fields{
+				Table:            "users2",
+				ParentType:       "instance",
+				InstanceIDColumn: "instance_id",
+				ParentIDColumn:   "parent_id",
+				Resource:         "user",
+			},
+			args: args{
+				lastRun: map[string]any{
+					"table":              "users1",
+					"parent_type":        "instance",
+					"instance_id_column": "instance_id",
+					"parent_id_column":   "parent_id",
+					"resource":           "user",
+				},
+			},
+			want: true,
+		},
+		{
+			name: "should not",
+			fields: fields{
+				Table:            "users1",
+				ParentType:       "instance",
+				InstanceIDColumn: "instance_id",
+				ParentIDColumn:   "parent_id",
+				Resource:         "user",
+			},
+			args: args{
+				lastRun: map[string]any{
+					"table":              "users1",
+					"parent_type":        "instance",
+					"instance_id_column": "instance_id",
+					"parent_id_column":   "parent_id",
+					"resource":           "user",
+				},
+			},
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &triggerConfig{
+				Table:            tt.fields.Table,
+				ParentType:       tt.fields.ParentType,
+				InstanceIDColumn: tt.fields.InstanceIDColumn,
+				ParentIDColumn:   tt.fields.ParentIDColumn,
+				Resource:         tt.fields.Resource,
+			}
+			got := c.Check(tt.args.lastRun)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/internal/query/resource_counts.go b/internal/query/resource_counts.go
new file mode 100644
index 0000000000..9d486e0b90
--- /dev/null
+++ b/internal/query/resource_counts.go
@@ -0,0 +1,61 @@
+package query
+
+import (
+	"context"
+	"database/sql"
+	_ "embed"
+	"time"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+var (
+	//go:embed resource_counts_list.sql
+	resourceCountsListQuery string
+)
+
+type ResourceCount struct {
+	ID         int // Primary key, used for pagination
+	InstanceID string
+	TableName  string
+	ParentType domain.CountParentType
+	ParentID   string
+	Resource   string
+	UpdatedAt  time.Time
+	Amount     int
+}
+
+// ListResourceCounts retrieves all resource counts.
+// It supports pagination using lastID and limit parameters.
+//
+// TODO: Currently only a proof of concept, filters may be implemented later if required.
+func (q *Queries) ListResourceCounts(ctx context.Context, lastID, limit int) (result []ResourceCount, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
+		for rows.Next() {
+			var count ResourceCount
+			err := rows.Scan(
+				&count.ID,
+				&count.InstanceID,
+				&count.TableName,
+				&count.ParentType,
+				&count.ParentID,
+				&count.Resource,
+				&count.UpdatedAt,
+				&count.Amount)
+			if err != nil {
+				return zerrors.ThrowInternal(err, "QUERY-2f4g5", "Errors.Internal")
+			}
+			result = append(result, count)
+		}
+		return nil
+	}, resourceCountsListQuery, lastID, limit)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "QUERY-3f4g5", "Errors.Internal")
+	}
+	return result, nil
+}
diff --git a/internal/query/resource_counts_list.sql b/internal/query/resource_counts_list.sql
new file mode 100644
index 0000000000..0d4abf87eb
--- /dev/null
+++ b/internal/query/resource_counts_list.sql
@@ -0,0 +1,12 @@
+SELECT id,
+    instance_id,
+    table_name,
+    parent_type,
+    parent_id,
+    resource_name,
+    updated_at,
+    amount
+FROM projections.resource_counts
+WHERE id > $1
+ORDER BY id
+LIMIT $2;
diff --git a/internal/query/resource_counts_test.go b/internal/query/resource_counts_test.go
new file mode 100644
index 0000000000..2829a660ef
--- /dev/null
+++ b/internal/query/resource_counts_test.go
@@ -0,0 +1,109 @@
+package query
+
+import (
+	"context"
+	_ "embed"
+	"regexp"
+	"testing"
+	"time"
+
+	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/domain"
+)
+
+func TestQueries_ListResourceCounts(t *testing.T) {
+	columns := []string{"id", "instance_id", "table_name", "parent_type", "parent_id", "resource_name", "updated_at", "amount"}
+	type args struct {
+		lastID int
+		limit  int
+	}
+	tests := []struct {
+		name       string
+		args       args
+		expects    func(sqlmock.Sqlmock)
+		wantResult []ResourceCount
+		wantErr    bool
+	}{
+		{
+			name: "query error",
+			args: args{
+				lastID: 0,
+				limit:  10,
+			},
+			expects: func(mock sqlmock.Sqlmock) {
+				mock.ExpectQuery(regexp.QuoteMeta(resourceCountsListQuery)).
+					WithArgs(0, 10).
+					WillReturnError(assert.AnError)
+			},
+			wantErr: true,
+		},
+		{
+			name: "success",
+			args: args{
+				lastID: 0,
+				limit:  10,
+			},
+			expects: func(mock sqlmock.Sqlmock) {
+				mock.ExpectQuery(regexp.QuoteMeta(resourceCountsListQuery)).
+					WithArgs(0, 10).
+					WillReturnRows(
+						sqlmock.NewRows(columns).
+							AddRow(1, "instance_1", "table", "instance", "parent_1", "resource_name", time.Unix(1, 2), 5).
+							AddRow(2, "instance_2", "table", "instance", "parent_2", "resource_name", time.Unix(1, 2), 6),
+					)
+			},
+			wantResult: []ResourceCount{
+				{
+					ID:         1,
+					InstanceID: "instance_1",
+					TableName:  "table",
+					ParentType: domain.CountParentTypeInstance,
+					ParentID:   "parent_1",
+					Resource:   "resource_name",
+					UpdatedAt:  time.Unix(1, 2),
+					Amount:     5,
+				},
+				{
+					ID:         2,
+					InstanceID: "instance_2",
+					TableName:  "table",
+					ParentType: domain.CountParentTypeInstance,
+					ParentID:   "parent_2",
+					Resource:   "resource_name",
+					UpdatedAt:  time.Unix(1, 2),
+					Amount:     6,
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			db, mock, err := sqlmock.New()
+			require.NoError(t, err)
+			defer func() {
+				err := mock.ExpectationsWereMet()
+				require.NoError(t, err)
+			}()
+			defer db.Close()
+			tt.expects(mock)
+			mock.ExpectClose()
+			q := &Queries{
+				client: &database.DB{
+					DB: db,
+				},
+			}
+
+			gotResult, err := q.ListResourceCounts(context.Background(), tt.args.lastID, tt.args.limit)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.Equal(t, tt.wantResult, gotResult, "ListResourceCounts() result mismatch")
+		})
+	}
+}

From 1e5ffd41c9a624df49d2f743ca199330b9463c91 Mon Sep 17 00:00:00 2001
From: Silvan <27845747+adlerhurst@users.noreply.github.com>
Date: Tue, 3 Jun 2025 17:18:16 +0200
Subject: [PATCH 082/123] docs(10016): improve understanding of output (#10014)

# Which Problems Are Solved

The output of the sql statement of tech advisory was unclear on how the
data should be compared

# How the Problems Are Solved

An additional column is added to the output to show the effective
difference of the old and new position.
---
 docs/docs/support/advisory/a10016.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/docs/support/advisory/a10016.md b/docs/docs/support/advisory/a10016.md
index 38d73e6078..6272eaa81d 100644
--- a/docs/docs/support/advisory/a10016.md
+++ b/docs/docs/support/advisory/a10016.md
@@ -87,12 +87,13 @@ select
   b.aggregate_type,
   b.sequence,
   b.old_position,
-  b.new_position
+  b.new_position,
+  b.old_position - b.new_position difference
 from
   broken b;
 ```
 
-If the output from the above looks reasonable, for example not a huge difference between `old_position` and `new_position`, commit the transaction:
+If the output from the above looks reasonable, for example not a huge number in the `difference` column, commit the transaction:
 
 ```sql
 commit;

From e2a61a60029783f9a29bf7b71f2ac3d8fd39bb78 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Wed, 4 Jun 2025 08:41:10 +0200
Subject: [PATCH 083/123] docs(api): remove unreleased services from api
 reference (#10015)

# Which Problems Are Solved

As we migrate resources to the new API, whenever a an implementation got
merged, the API reference was added to the docs sidenav. As these new
services and their implementation are not yet released, it can be
confusing for developers as the corresponding endpoints return 404 or
unimplemented errors.

# How the Problems Are Solved

Currently we just remove it from the sidenav and will add it once
they're released. We're looking into a proper solution for the API
references.

# Additional Changes

None

# Additional Context

None
---
 docs/sidebars.js | 41 -----------------------------------------
 1 file changed, 41 deletions(-)

diff --git a/docs/sidebars.js b/docs/sidebars.js
index 1bd53ed1b3..d7ebb80f5b 100644
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -805,18 +805,6 @@ module.exports = {
               },
               items: sidebar_api_org_service_v2,
             },
-            {
-              type: "category",
-              label: "Organization (Beta)",
-              link: {
-                type: "generated-index",
-                title: "Organization Service beta API",
-                slug: "/apis/resources/org_service/v2beta",
-                description:
-                  "This API is intended to manage organizations for ZITADEL. \n",
-              },
-              items: sidebar_api_org_service_v2beta,
-            },
             {
               type: "category",
               label: "Identity Provider",
@@ -868,35 +856,6 @@ module.exports = {
               },
               items: sidebar_api_actions_v2,
             },
-            {
-              type: "category",
-              label: "Project (Beta)",
-              link: {
-                type: "generated-index",
-                title: "Project Service API (Beta)",
-                slug: "/apis/resources/project_service_v2",
-                description:
-                  "This API is intended to manage projects and subresources for ZITADEL. \n"+
-                  "\n" +
-                  "This service is in beta state. It can AND will continue breaking until a stable version is released.",
-              },
-              items: sidebar_api_project_service_v2,
-              label: "Instance (Beta)",
-              link: {
-                type: "generated-index",
-                title: "Instance Service API (Beta)",
-                slug: "/apis/resources/instance_service_v2",
-                description:
-                    "This API is intended to manage instances, custom domains and trusted domains in ZITADEL.\n" +
-                    "\n" +
-                    "This service is in beta state. It can AND will continue breaking until a stable version is released.\n"+
-                    "\n" +
-                    "This v2 of the API provides the same functionalities as the v1, but organised on a per resource basis.\n" +
-                    "The whole functionality related to domains (custom and trusted) has been moved under this instance API."
-                    ,
-              },
-              items: sidebar_api_instance_service_v2,
-            },
           ],
         },
         {

From 8fc11a7366dcaf24a11d3c4fd26e86f5e61d4d1f Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 4 Jun 2025 09:17:23 +0200
Subject: [PATCH 084/123] feat: user api requests to resource API (#9794)

# Which Problems Are Solved

This pull request addresses a significant gap in the user service v2
API, which currently lacks methods for managing machine users.

# How the Problems Are Solved

This PR adds new API endpoints to the user service v2 to manage machine
users including their secret, keys and personal access tokens.
Additionally, there's now a CreateUser and UpdateUser endpoints which
allow to create either a human or machine user and update them. The
existing `CreateHumanUser` endpoint has been deprecated along the
corresponding management service endpoints. For details check the
additional context section.

# Additional Context

- Closes https://github.com/zitadel/zitadel/issues/9349

## More details
- API changes: https://github.com/zitadel/zitadel/pull/9680
- Implementation: https://github.com/zitadel/zitadel/pull/9763
- Tests: https://github.com/zitadel/zitadel/pull/9771

## Follow-ups

- Metadata: support managing user metadata using resource API
https://github.com/zitadel/zitadel/pull/10005
- Machine token type: support managing the machine token type (migrate
to new enum with zero value unspecified?)

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 API_DESIGN.md                                 |    4 +-
 cmd/start/start.go                            |    2 +-
 go.mod                                        |    1 +
 internal/api/grpc/admin/import.go             |    2 +-
 internal/api/grpc/filter/v2/converter.go      |   50 +
 .../grpc/management/project_application.go    |    2 +-
 internal/api/grpc/management/user.go          |   13 +-
 .../project/v2beta/integration/query_test.go  |  148 +-
 internal/api/grpc/project/v2beta/query.go     |   23 +-
 internal/api/grpc/user/v2/human.go            |  187 ++
 internal/api/grpc/user/v2/human_test.go       |  254 +++
 .../user/v2/integration_test/email_test.go    |    4 +-
 .../grpc/user/v2/integration_test/key_test.go |  659 +++++++
 .../user/v2/integration_test/password_test.go |    2 +-
 .../grpc/user/v2/integration_test/pat_test.go |  615 ++++++
 .../user/v2/integration_test/phone_test.go    |    4 +-
 .../user/v2/integration_test/secret_test.go   |  347 ++++
 .../user/v2/integration_test/user_test.go     | 1711 ++++++++++++++++-
 internal/api/grpc/user/v2/key.go              |   62 +
 internal/api/grpc/user/v2/key_query.go        |  124 ++
 internal/api/grpc/user/v2/machine.go          |   58 +
 internal/api/grpc/user/v2/machine_test.go     |   62 +
 internal/api/grpc/user/v2/pat.go              |   56 +
 internal/api/grpc/user/v2/pat_query.go        |  123 ++
 internal/api/grpc/user/v2/secret.go           |   39 +
 internal/api/grpc/user/v2/server.go           |   16 +-
 internal/api/grpc/user/v2/user.go             |  105 +-
 .../grpc/user/v2/{query.go => user_query.go}  |    0
 internal/api/scim/resources/user.go           |    1 -
 internal/command/instance_member.go           |    2 +-
 internal/command/org_member.go                |    2 +-
 ..._ower_model.go => resource_owner_model.go} |    0
 internal/command/user.go                      |   24 +-
 internal/command/user_machine.go              |   48 +-
 internal/command/user_machine_key.go          |   24 +-
 internal/command/user_machine_model.go        |   13 +-
 internal/command/user_machine_secret.go       |   22 +-
 internal/command/user_machine_secret_test.go  |    8 +-
 internal/command/user_machine_test.go         |  238 ++-
 .../command/user_personal_access_token.go     |   20 +-
 internal/command/user_test.go                 |    2 +-
 internal/command/user_v2.go                   |    2 -
 internal/command/user_v2_human.go             |   64 +-
 internal/command/user_v2_human_test.go        |    8 +-
 internal/command/user_v2_invite_test.go       |    1 +
 internal/command/user_v2_machine.go           |   94 +
 internal/command/user_v2_machine_test.go      |  260 +++
 internal/command/user_v2_model.go             |    8 +
 internal/domain/permission.go                 |    2 +-
 internal/eventstore/write_model.go            |   26 +-
 internal/integration/client.go                |   40 +
 internal/query/authn_key.go                   |  146 +-
 internal/query/authn_key_test.go              |    8 +
 internal/query/projection/authn_key.go        |    3 +
 .../projection/user_personal_access_token.go  |    2 +
 internal/query/user.go                        |   14 +-
 internal/query/user_personal_access_token.go  |   60 +-
 internal/repository/user/machine.go           |    7 +-
 internal/static/i18n/bg.yaml                  |    1 +
 internal/static/i18n/cs.yaml                  |    1 +
 internal/static/i18n/de.yaml                  |    1 +
 internal/static/i18n/en.yaml                  |    1 +
 internal/static/i18n/es.yaml                  |    1 +
 internal/static/i18n/fr.yaml                  |    1 +
 internal/static/i18n/hu.yaml                  |    1 +
 internal/static/i18n/id.yaml                  |    1 +
 internal/static/i18n/it.yaml                  |    1 +
 internal/static/i18n/ja.yaml                  |    1 +
 internal/static/i18n/ko.yaml                  |    1 +
 internal/static/i18n/mk.yaml                  |    1 +
 internal/static/i18n/nl.yaml                  |    1 +
 internal/static/i18n/pl.yaml                  |    1 +
 internal/static/i18n/pt.yaml                  |    1 +
 internal/static/i18n/ro.yaml                  |    1 +
 internal/static/i18n/ru.yaml                  |    1 +
 internal/static/i18n/sv.yaml                  |    1 +
 internal/static/i18n/zh.yaml                  |    1 +
 proto/buf.yaml                                |    2 +-
 proto/zitadel/filter/v2/filter.proto          |   96 +
 proto/zitadel/filter/v2beta/filter.proto      |   36 +-
 proto/zitadel/management.proto                |  201 +-
 proto/zitadel/project/v2beta/query.proto      |   66 +-
 proto/zitadel/user/v2/email.proto             |    2 +-
 proto/zitadel/user/v2/key.proto               |   69 +
 proto/zitadel/user/v2/pat.proto               |   70 +
 proto/zitadel/user/v2/user_service.proto      | 1186 +++++++++++-
 86 files changed, 7033 insertions(+), 536 deletions(-)
 create mode 100644 internal/api/grpc/filter/v2/converter.go
 create mode 100644 internal/api/grpc/user/v2/human.go
 create mode 100644 internal/api/grpc/user/v2/human_test.go
 create mode 100644 internal/api/grpc/user/v2/integration_test/key_test.go
 create mode 100644 internal/api/grpc/user/v2/integration_test/pat_test.go
 create mode 100644 internal/api/grpc/user/v2/integration_test/secret_test.go
 create mode 100644 internal/api/grpc/user/v2/key.go
 create mode 100644 internal/api/grpc/user/v2/key_query.go
 create mode 100644 internal/api/grpc/user/v2/machine.go
 create mode 100644 internal/api/grpc/user/v2/machine_test.go
 create mode 100644 internal/api/grpc/user/v2/pat.go
 create mode 100644 internal/api/grpc/user/v2/pat_query.go
 create mode 100644 internal/api/grpc/user/v2/secret.go
 rename internal/api/grpc/user/v2/{query.go => user_query.go} (100%)
 rename internal/command/{resource_ower_model.go => resource_owner_model.go} (100%)
 create mode 100644 internal/command/user_v2_machine.go
 create mode 100644 internal/command/user_v2_machine_test.go
 create mode 100644 proto/zitadel/filter/v2/filter.proto
 create mode 100644 proto/zitadel/user/v2/key.proto
 create mode 100644 proto/zitadel/user/v2/pat.proto

diff --git a/API_DESIGN.md b/API_DESIGN.md
index 9e77657ab0..11b7766a49 100644
--- a/API_DESIGN.md
+++ b/API_DESIGN.md
@@ -206,6 +206,8 @@ The same applies to messages that are returned by multiple resources.
 For example, information about the `User` might be different when managing the user resource itself than when it's returned
 as part of an authorization or a manager role, where only limited information is needed.
 
+On the other hand, types that always follow the same pattern and are used in multiple resources, such as `IDFilter`, `TimestampFilter` or `InIDsFilter` SHOULD be globalized and reused.
+
 ##### Re-using messages
 
 Prevent reusing messages for the creation and the retrieval of a resource.
@@ -271,7 +273,7 @@ Additionally, state changes, specific actions or operations that do not fit into
 The API uses OAuth 2 for authorization. There are corresponding middlewares that check the access token for validity and 
 automatically return an error if the token is invalid.
 
-Permissions grated to the user might be organization specific and can therefore only be checked based on the queried resource.
+Permissions granted to the user might be organization specific and can therefore only be checked based on the queried resource.
 In such case, the API does not check the permissions itself but relies on the checks of the functions that are called by the API.
 If the permission can be checked by the API itself, e.g. if the permission is instance wide, it can be annotated on the endpoint in the proto file (see below).
 In any case, the required permissions need to be documented in the [API documentation](#documentation).
diff --git a/cmd/start/start.go b/cmd/start/start.go
index 2fc1fb8413..8820480f0c 100644
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -461,7 +461,7 @@ func startAPIs(
 	if err := apis.RegisterService(ctx, user_v2beta.CreateServer(commands, queries, keys.User, keys.IDPConfig, idp.CallbackURL(), idp.SAMLRootURL(), assets.AssetAPI(), permissionCheck)); err != nil {
 		return nil, err
 	}
-	if err := apis.RegisterService(ctx, user_v2.CreateServer(commands, queries, keys.User, keys.IDPConfig, idp.CallbackURL(), idp.SAMLRootURL(), assets.AssetAPI(), permissionCheck)); err != nil {
+	if err := apis.RegisterService(ctx, user_v2.CreateServer(config.SystemDefaults, commands, queries, keys.User, keys.IDPConfig, idp.CallbackURL(), idp.SAMLRootURL(), assets.AssetAPI(), permissionCheck)); err != nil {
 		return nil, err
 	}
 	if err := apis.RegisterService(ctx, session_v2beta.CreateServer(commands, queries, permissionCheck)); err != nil {
diff --git a/go.mod b/go.mod
index c1cbf2dd77..21a7fe9f16 100644
--- a/go.mod
+++ b/go.mod
@@ -34,6 +34,7 @@ require (
 	github.com/go-webauthn/webauthn v0.10.2
 	github.com/goccy/go-json v0.10.5
 	github.com/golang/protobuf v1.5.4
+	github.com/google/go-cmp v0.7.0
 	github.com/gorilla/csrf v1.7.2
 	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/schema v1.4.1
diff --git a/internal/api/grpc/admin/import.go b/internal/api/grpc/admin/import.go
index 119afe9fc0..41a1e39081 100644
--- a/internal/api/grpc/admin/import.go
+++ b/internal/api/grpc/admin/import.go
@@ -510,7 +510,7 @@ func importMachineUsers(ctx context.Context, s *Server, errors *[]*admin_pb.Impo
 	}
 	for _, user := range org.GetMachineUsers() {
 		logging.Debugf("import user: %s", user.GetUserId())
-		_, err := s.command.AddMachine(ctx, management.AddMachineUserRequestToCommand(user.GetUser(), org.GetOrgId()))
+		_, err := s.command.AddMachine(ctx, management.AddMachineUserRequestToCommand(user.GetUser(), org.GetOrgId()), nil)
 		if err != nil {
 			*errors = append(*errors, &admin_pb.ImportDataError{Type: "machine_user", Id: user.GetUserId(), Message: err.Error()})
 			if isCtxTimeout(ctx) {
diff --git a/internal/api/grpc/filter/v2/converter.go b/internal/api/grpc/filter/v2/converter.go
new file mode 100644
index 0000000000..7a7d7cd8d7
--- /dev/null
+++ b/internal/api/grpc/filter/v2/converter.go
@@ -0,0 +1,50 @@
+package filter
+
+import (
+	"fmt"
+
+	"github.com/zitadel/zitadel/internal/config/systemdefaults"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	"github.com/zitadel/zitadel/pkg/grpc/filter/v2"
+)
+
+func TimestampMethodPbToQuery(method filter.TimestampFilterMethod) query.TimestampComparison {
+	switch method {
+	case filter.TimestampFilterMethod_TIMESTAMP_FILTER_METHOD_EQUALS:
+		return query.TimestampEquals
+	case filter.TimestampFilterMethod_TIMESTAMP_FILTER_METHOD_BEFORE:
+		return query.TimestampLess
+	case filter.TimestampFilterMethod_TIMESTAMP_FILTER_METHOD_AFTER:
+		return query.TimestampGreater
+	case filter.TimestampFilterMethod_TIMESTAMP_FILTER_METHOD_BEFORE_OR_EQUALS:
+		return query.TimestampLessOrEquals
+	case filter.TimestampFilterMethod_TIMESTAMP_FILTER_METHOD_AFTER_OR_EQUALS:
+		return query.TimestampGreaterOrEquals
+	default:
+		return -1
+	}
+}
+
+func PaginationPbToQuery(defaults systemdefaults.SystemDefaults, query *filter.PaginationRequest) (offset, limit uint64, asc bool, err error) {
+	limit = defaults.DefaultQueryLimit
+	if query == nil {
+		return 0, limit, asc, nil
+	}
+	offset = query.Offset
+	asc = query.Asc
+	if defaults.MaxQueryLimit > 0 && uint64(query.Limit) > defaults.MaxQueryLimit {
+		return 0, 0, false, zerrors.ThrowInvalidArgumentf(fmt.Errorf("given: %d, allowed: %d", query.Limit, defaults.MaxQueryLimit), "QUERY-4M0fs", "Errors.Query.LimitExceeded")
+	}
+	if query.Limit > 0 {
+		limit = uint64(query.Limit)
+	}
+	return offset, limit, asc, nil
+}
+
+func QueryToPaginationPb(request query.SearchRequest, response query.SearchResponse) *filter.PaginationResponse {
+	return &filter.PaginationResponse{
+		AppliedLimit: request.Limit,
+		TotalResult:  response.Count,
+	}
+}
diff --git a/internal/api/grpc/management/project_application.go b/internal/api/grpc/management/project_application.go
index 3a0e1d5f92..ab49905409 100644
--- a/internal/api/grpc/management/project_application.go
+++ b/internal/api/grpc/management/project_application.go
@@ -271,7 +271,7 @@ func (s *Server) ListAppKeys(ctx context.Context, req *mgmt_pb.ListAppKeysReques
 	if err != nil {
 		return nil, err
 	}
-	keys, err := s.query.SearchAuthNKeys(ctx, queries, false)
+	keys, err := s.query.SearchAuthNKeys(ctx, queries, query.JoinFilterApp, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/api/grpc/management/user.go b/internal/api/grpc/management/user.go
index f318051e63..ae1040cd1e 100644
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -297,7 +297,7 @@ func (s *Server) ImportHumanUser(ctx context.Context, req *mgmt_pb.ImportHumanUs
 
 func (s *Server) AddMachineUser(ctx context.Context, req *mgmt_pb.AddMachineUserRequest) (*mgmt_pb.AddMachineUserResponse, error) {
 	machine := AddMachineUserRequestToCommand(req, authz.GetCtxData(ctx).OrgID)
-	objectDetails, err := s.command.AddMachine(ctx, machine)
+	objectDetails, err := s.command.AddMachine(ctx, machine, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -752,11 +752,11 @@ func (s *Server) GetMachineKeyByIDs(ctx context.Context, req *mgmt_pb.GetMachine
 }
 
 func (s *Server) ListMachineKeys(ctx context.Context, req *mgmt_pb.ListMachineKeysRequest) (*mgmt_pb.ListMachineKeysResponse, error) {
-	query, err := ListMachineKeysRequestToQuery(ctx, req)
+	q, err := ListMachineKeysRequestToQuery(ctx, req)
 	if err != nil {
 		return nil, err
 	}
-	result, err := s.query.SearchAuthNKeys(ctx, query, false)
+	result, err := s.query.SearchAuthNKeys(ctx, q, query.JoinFilterUserMachine, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -774,7 +774,6 @@ func (s *Server) AddMachineKey(ctx context.Context, req *mgmt_pb.AddMachineKeyRe
 	if err != nil {
 		return nil, err
 	}
-
 	// Return key details only if the pubkey wasn't supplied, otherwise the user already has
 	// private key locally
 	var keyDetails []byte
@@ -821,7 +820,7 @@ func (s *Server) GenerateMachineSecret(ctx context.Context, req *mgmt_pb.Generat
 }
 
 func (s *Server) RemoveMachineSecret(ctx context.Context, req *mgmt_pb.RemoveMachineSecretRequest) (*mgmt_pb.RemoveMachineSecretResponse, error) {
-	objectDetails, err := s.command.RemoveMachineSecret(ctx, req.UserId, authz.GetCtxData(ctx).OrgID)
+	objectDetails, err := s.command.RemoveMachineSecret(ctx, req.UserId, authz.GetCtxData(ctx).OrgID, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -839,7 +838,7 @@ func (s *Server) GetPersonalAccessTokenByIDs(ctx context.Context, req *mgmt_pb.G
 	if err != nil {
 		return nil, err
 	}
-	token, err := s.query.PersonalAccessTokenByID(ctx, true, req.TokenId, false, resourceOwner, aggregateID)
+	token, err := s.query.PersonalAccessTokenByID(ctx, true, req.TokenId, resourceOwner, aggregateID)
 	if err != nil {
 		return nil, err
 	}
@@ -853,7 +852,7 @@ func (s *Server) ListPersonalAccessTokens(ctx context.Context, req *mgmt_pb.List
 	if err != nil {
 		return nil, err
 	}
-	result, err := s.query.SearchPersonalAccessTokens(ctx, queries, false)
+	result, err := s.query.SearchPersonalAccessTokens(ctx, queries, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/api/grpc/project/v2beta/integration/query_test.go b/internal/api/grpc/project/v2beta/integration/query_test.go
index f959bfe2f8..517f103628 100644
--- a/internal/api/grpc/project/v2beta/integration/query_test.go
+++ b/internal/api/grpc/project/v2beta/integration/query_test.go
@@ -168,8 +168,8 @@ func TestServer_ListProjects(t *testing.T) {
 					orgID := instance.DefaultOrg.GetId()
 					resp := instance.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{resp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{resp.GetId()},
 						},
 					}
 				},
@@ -188,8 +188,8 @@ func TestServer_ListProjects(t *testing.T) {
 					orgID := instance.DefaultOrg.GetId()
 					resp := instance.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{resp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{resp.GetId()},
 						},
 					}
 				},
@@ -208,8 +208,8 @@ func TestServer_ListProjects(t *testing.T) {
 					orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
 					resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name, false, false)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{resp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{resp.GetId()},
 						},
 					}
 				},
@@ -232,8 +232,8 @@ func TestServer_ListProjects(t *testing.T) {
 				req: &project.ListProjectsRequest{
 					Filters: []*project.ProjectSearchFilter{
 						{Filter: &project.ProjectSearchFilter_InProjectIdsFilter{
-							InProjectIdsFilter: &project.InProjectIDsFilter{
-								ProjectIds: []string{"notfound"},
+							InProjectIdsFilter: &filter.InIDsFilter{
+								Ids: []string{"notfound"},
 							},
 						},
 						},
@@ -255,8 +255,8 @@ func TestServer_ListProjects(t *testing.T) {
 					orgID := instance.DefaultOrg.GetId()
 					response.Projects[0] = createProject(iamOwnerCtx, instance, t, orgID, false, false)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{response.Projects[0].GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{response.Projects[0].GetId()},
 						},
 					}
 				},
@@ -317,8 +317,8 @@ func TestServer_ListProjects(t *testing.T) {
 					response.Projects[1] = createProject(iamOwnerCtx, instance, t, orgID, true, false)
 					response.Projects[0] = createProject(iamOwnerCtx, instance, t, orgID, false, true)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{response.Projects[0].GetId(), response.Projects[1].GetId(), response.Projects[2].GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{response.Projects[0].GetId(), response.Projects[1].GetId(), response.Projects[2].GetId()},
 						},
 					}
 				},
@@ -349,8 +349,8 @@ func TestServer_ListProjects(t *testing.T) {
 					resp2 := createProject(iamOwnerCtx, instance, t, orgID, true, false)
 					resp3 := createProject(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), false, true)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{resp1.GetId(), resp2.GetId(), resp3.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{resp1.GetId(), resp2.GetId(), resp3.GetId()},
 						},
 					}
 
@@ -379,8 +379,8 @@ func TestServer_ListProjects(t *testing.T) {
 					projectResp := createProject(iamOwnerCtx, instance, t, orgID, true, true)
 					response.Projects[3] = projectResp
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 					response.Projects[2] = createGrantedProject(iamOwnerCtx, instance, t, projectResp)
@@ -416,7 +416,7 @@ func TestServer_ListProjects(t *testing.T) {
 					response.Projects[1] = grantedProjectResp
 					response.Projects[0] = createProject(iamOwnerCtx, instance, t, *grantedProjectResp.GrantedOrganizationId, true, true)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_ProjectOrganizationIdFilter{
-						ProjectOrganizationIdFilter: &project.ProjectOrganizationIDFilter{ProjectOrganizationId: *grantedProjectResp.GrantedOrganizationId},
+						ProjectOrganizationIdFilter: &filter.IDFilter{Id: *grantedProjectResp.GrantedOrganizationId},
 					}
 				},
 				req: &project.ListProjectsRequest{
@@ -445,7 +445,7 @@ func TestServer_ListProjects(t *testing.T) {
 					grantedProjectResp := createGrantedProject(iamOwnerCtx, instance, t, projectResp)
 					response.Projects[0] = createProject(iamOwnerCtx, instance, t, *grantedProjectResp.GrantedOrganizationId, true, true)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_ProjectResourceOwnerFilter{
-						ProjectResourceOwnerFilter: &project.ProjectResourceOwnerFilter{ProjectResourceOwner: *grantedProjectResp.GrantedOrganizationId},
+						ProjectResourceOwnerFilter: &filter.IDFilter{Id: *grantedProjectResp.GrantedOrganizationId},
 					}
 				},
 				req: &project.ListProjectsRequest{
@@ -513,8 +513,8 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
 				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
 					resp := createProject(iamOwnerCtx, instancePermissionV2, t, orgID, false, false)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{resp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{resp.GetId()},
 						},
 					}
 				},
@@ -531,8 +531,8 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
 				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
 					resp := createProject(iamOwnerCtx, instancePermissionV2, t, orgID, false, false)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{resp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{resp.GetId()},
 						},
 					}
 				},
@@ -550,8 +550,8 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
 					orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
 					resp := createProject(iamOwnerCtx, instancePermissionV2, t, orgResp.GetOrganizationId(), false, false)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{resp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{resp.GetId()},
 						},
 					}
 				},
@@ -574,8 +574,8 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
 				req: &project.ListProjectsRequest{
 					Filters: []*project.ProjectSearchFilter{
 						{Filter: &project.ProjectSearchFilter_InProjectIdsFilter{
-							InProjectIdsFilter: &project.InProjectIDsFilter{
-								ProjectIds: []string{"notfound"},
+							InProjectIdsFilter: &filter.InIDsFilter{
+								Ids: []string{"notfound"},
 							},
 						},
 						},
@@ -596,8 +596,8 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
 				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
 					response.Projects[0] = createProject(iamOwnerCtx, instancePermissionV2, t, orgID, false, false)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{response.Projects[0].GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{response.Projects[0].GetId()},
 						},
 					}
 				},
@@ -650,8 +650,8 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
 					response.Projects[1] = createProject(iamOwnerCtx, instancePermissionV2, t, orgID, true, false)
 					response.Projects[0] = createProject(iamOwnerCtx, instancePermissionV2, t, orgID, false, true)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{response.Projects[0].GetId(), response.Projects[1].GetId(), response.Projects[2].GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{response.Projects[0].GetId(), response.Projects[1].GetId(), response.Projects[2].GetId()},
 						},
 					}
 				},
@@ -679,8 +679,8 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
 					projectResp := createProject(iamOwnerCtx, instancePermissionV2, t, orgID, true, true)
 					response.Projects[3] = projectResp
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 					response.Projects[2] = createGrantedProject(iamOwnerCtx, instancePermissionV2, t, projectResp)
@@ -715,7 +715,7 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
 					response.Projects[1] = grantedProjectResp
 					response.Projects[0] = createProject(iamOwnerCtx, instancePermissionV2, t, *grantedProjectResp.GrantedOrganizationId, true, true)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_ProjectOrganizationIdFilter{
-						ProjectOrganizationIdFilter: &project.ProjectOrganizationIDFilter{ProjectOrganizationId: *grantedProjectResp.GrantedOrganizationId},
+						ProjectOrganizationIdFilter: &filter.IDFilter{Id: *grantedProjectResp.GrantedOrganizationId},
 					}
 				},
 				req: &project.ListProjectsRequest{
@@ -743,7 +743,7 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
 					grantedProjectResp := createGrantedProject(iamOwnerCtx, instancePermissionV2, t, projectResp)
 					response.Projects[0] = createProject(iamOwnerCtx, instancePermissionV2, t, *grantedProjectResp.GrantedOrganizationId, true, true)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_ProjectResourceOwnerFilter{
-						ProjectResourceOwnerFilter: &project.ProjectResourceOwnerFilter{ProjectResourceOwner: *grantedProjectResp.GrantedOrganizationId},
+						ProjectResourceOwnerFilter: &filter.IDFilter{Id: *grantedProjectResp.GrantedOrganizationId},
 					}
 				},
 				req: &project.ListProjectsRequest{
@@ -770,8 +770,8 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
 					resp2 := createProject(iamOwnerCtx, instancePermissionV2, t, orgID, true, false)
 					resp3 := createProject(iamOwnerCtx, instancePermissionV2, t, orgResp.GetOrganizationId(), false, true)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{resp1.GetId(), resp2.GetId(), resp3.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{resp1.GetId(), resp2.GetId(), resp3.GetId()},
 						},
 					}
 
@@ -882,15 +882,13 @@ func TestServer_ListProjectGrants(t *testing.T) {
 			dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
 				projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
 				request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-					InProjectIdsFilter: &project.InProjectIDsFilter{
-						ProjectIds: []string{projectResp.GetId()},
+					InProjectIdsFilter: &filter.InIDsFilter{
+						Ids: []string{projectResp.GetId()},
 					},
 				}
 				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
 				request.Filters[1].Filter = &project.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter{
-					ProjectGrantResourceOwnerFilter: &project.ProjectGrantResourceOwnerFilter{
-						ProjectGrantResourceOwner: grantedOrg.GetOrganizationId(),
-					},
+					ProjectGrantResourceOwnerFilter: &filter.IDFilter{Id: grantedOrg.GetOrganizationId()},
 				}
 
 				instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
@@ -908,15 +906,13 @@ func TestServer_ListProjectGrants(t *testing.T) {
 				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
 					projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 					grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
 					request.Filters[1].Filter = &project.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter{
-						ProjectGrantResourceOwnerFilter: &project.ProjectGrantResourceOwnerFilter{
-							ProjectGrantResourceOwner: grantedOrg.GetOrganizationId(),
-						},
+						ProjectGrantResourceOwnerFilter: &filter.IDFilter{Id: grantedOrg.GetOrganizationId()},
 					}
 
 					instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
@@ -934,8 +930,8 @@ func TestServer_ListProjectGrants(t *testing.T) {
 				req: &project.ListProjectGrantsRequest{
 					Filters: []*project.ProjectGrantSearchFilter{
 						{Filter: &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-							InProjectIdsFilter: &project.InProjectIDsFilter{
-								ProjectIds: []string{"notfound"},
+							InProjectIdsFilter: &filter.InIDsFilter{
+								Ids: []string{"notfound"},
 							},
 						},
 						},
@@ -958,8 +954,8 @@ func TestServer_ListProjectGrants(t *testing.T) {
 					orgID := instance.DefaultOrg.GetId()
 					projectResp := instance.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 
@@ -988,8 +984,8 @@ func TestServer_ListProjectGrants(t *testing.T) {
 					orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
 					projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name, false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 
@@ -1016,8 +1012,8 @@ func TestServer_ListProjectGrants(t *testing.T) {
 					orgID := instance.DefaultOrg.GetId()
 					projectResp := instance.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 
@@ -1053,8 +1049,8 @@ func TestServer_ListProjectGrants(t *testing.T) {
 					project2Resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name2, false, false)
 					project3Resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name3, false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{project1Resp.GetId(), project2Resp.GetId(), project3Resp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{project1Resp.GetId(), project2Resp.GetId(), project3Resp.GetId()},
 						},
 					}
 
@@ -1084,8 +1080,8 @@ func TestServer_ListProjectGrants(t *testing.T) {
 					orgID := instance.DefaultOrg.GetId()
 					projectResp := instance.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 					projectRoleResp := addProjectRole(iamOwnerCtx, instance, t, projectResp.GetId())
@@ -1114,8 +1110,8 @@ func TestServer_ListProjectGrants(t *testing.T) {
 					orgID := instance.DefaultOrg.GetId()
 					projectResp := instance.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 					projectRoleResp := addProjectRole(iamOwnerCtx, instance, t, projectResp.GetId())
@@ -1189,15 +1185,13 @@ func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
 				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
 					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, instancePermissionV2.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 					grantedOrg := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
 					request.Filters[1].Filter = &project.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter{
-						ProjectGrantResourceOwnerFilter: &project.ProjectGrantResourceOwnerFilter{
-							ProjectGrantResourceOwner: grantedOrg.GetOrganizationId(),
-						},
+						ProjectGrantResourceOwnerFilter: &filter.IDFilter{Id: grantedOrg.GetOrganizationId()},
 					}
 
 					instancePermissionV2.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
@@ -1215,15 +1209,13 @@ func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
 				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
 					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, instancePermissionV2.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 					grantedOrg := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
 					request.Filters[1].Filter = &project.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter{
-						ProjectGrantResourceOwnerFilter: &project.ProjectGrantResourceOwnerFilter{
-							ProjectGrantResourceOwner: grantedOrg.GetOrganizationId(),
-						},
+						ProjectGrantResourceOwnerFilter: &filter.IDFilter{Id: grantedOrg.GetOrganizationId()},
 					}
 
 					instancePermissionV2.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
@@ -1243,8 +1235,8 @@ func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
 					orgID := instancePermissionV2.DefaultOrg.GetId()
 					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 
@@ -1273,8 +1265,8 @@ func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
 					orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
 					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name, false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 
@@ -1301,8 +1293,8 @@ func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
 					orgID := instancePermissionV2.DefaultOrg.GetId()
 					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgID, name, false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{projectResp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{projectResp.GetId()},
 						},
 					}
 
@@ -1338,8 +1330,8 @@ func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
 					project2Resp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name2, false, false)
 					project3Resp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name3, false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{project1Resp.GetId(), project2Resp.GetId(), project3Resp.GetId()},
+						InProjectIdsFilter: &filter.InIDsFilter{
+							Ids: []string{project1Resp.GetId(), project2Resp.GetId(), project3Resp.GetId()},
 						},
 					}
 
diff --git a/internal/api/grpc/project/v2beta/query.go b/internal/api/grpc/project/v2beta/query.go
index 1cdf9eefbd..42b69a480e 100644
--- a/internal/api/grpc/project/v2beta/query.go
+++ b/internal/api/grpc/project/v2beta/query.go
@@ -9,6 +9,7 @@ import (
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/zerrors"
+	filter_pb "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta"
 	project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
 )
 
@@ -109,20 +110,20 @@ func projectNameFilterToQuery(q *project_pb.ProjectNameFilter) (query.SearchQuer
 	return query.NewGrantedProjectNameSearchQuery(filter.TextMethodPbToQuery(q.Method), q.GetProjectName())
 }
 
-func projectInIDsFilterToQuery(q *project_pb.InProjectIDsFilter) (query.SearchQuery, error) {
-	return query.NewGrantedProjectIDSearchQuery(q.ProjectIds)
+func projectInIDsFilterToQuery(q *filter_pb.InIDsFilter) (query.SearchQuery, error) {
+	return query.NewGrantedProjectIDSearchQuery(q.Ids)
 }
 
-func projectResourceOwnerFilterToQuery(q *project_pb.ProjectResourceOwnerFilter) (query.SearchQuery, error) {
-	return query.NewGrantedProjectResourceOwnerSearchQuery(q.ProjectResourceOwner)
+func projectResourceOwnerFilterToQuery(q *filter_pb.IDFilter) (query.SearchQuery, error) {
+	return query.NewGrantedProjectResourceOwnerSearchQuery(q.Id)
 }
 
-func projectOrganizationIDFilterToQuery(q *project_pb.ProjectOrganizationIDFilter) (query.SearchQuery, error) {
-	return query.NewGrantedProjectOrganizationIDSearchQuery(q.ProjectOrganizationId)
+func projectOrganizationIDFilterToQuery(q *filter_pb.IDFilter) (query.SearchQuery, error) {
+	return query.NewGrantedProjectOrganizationIDSearchQuery(q.Id)
 }
 
-func projectGrantResourceOwnerFilterToQuery(q *project_pb.ProjectGrantResourceOwnerFilter) (query.SearchQuery, error) {
-	return query.NewGrantedProjectGrantResourceOwnerSearchQuery(q.ProjectGrantResourceOwner)
+func projectGrantResourceOwnerFilterToQuery(q *filter_pb.IDFilter) (query.SearchQuery, error) {
+	return query.NewGrantedProjectGrantResourceOwnerSearchQuery(q.Id)
 }
 
 func grantedProjectsToPb(projects []*query.GrantedProject) []*project_pb.Project {
@@ -283,11 +284,11 @@ func projectGrantFilterToModel(filter *project_pb.ProjectGrantSearchFilter) (que
 	case *project_pb.ProjectGrantSearchFilter_RoleKeyFilter:
 		return query.NewProjectGrantRoleKeySearchQuery(q.RoleKeyFilter.Key)
 	case *project_pb.ProjectGrantSearchFilter_InProjectIdsFilter:
-		return query.NewProjectGrantProjectIDsSearchQuery(q.InProjectIdsFilter.ProjectIds)
+		return query.NewProjectGrantProjectIDsSearchQuery(q.InProjectIdsFilter.Ids)
 	case *project_pb.ProjectGrantSearchFilter_ProjectResourceOwnerFilter:
-		return query.NewProjectGrantResourceOwnerSearchQuery(q.ProjectResourceOwnerFilter.ProjectResourceOwner)
+		return query.NewProjectGrantResourceOwnerSearchQuery(q.ProjectResourceOwnerFilter.Id)
 	case *project_pb.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter:
-		return query.NewProjectGrantGrantedOrgIDSearchQuery(q.ProjectGrantResourceOwnerFilter.ProjectGrantResourceOwner)
+		return query.NewProjectGrantGrantedOrgIDSearchQuery(q.ProjectGrantResourceOwnerFilter.Id)
 	default:
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid")
 	}
diff --git a/internal/api/grpc/user/v2/human.go b/internal/api/grpc/user/v2/human.go
new file mode 100644
index 0000000000..d8a0891396
--- /dev/null
+++ b/internal/api/grpc/user/v2/human.go
@@ -0,0 +1,187 @@
+package user
+
+import (
+	"context"
+	"io"
+
+	"golang.org/x/text/language"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	legacyobject "github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func (s *Server) createUserTypeHuman(ctx context.Context, humanPb *user.CreateUserRequest_Human, orgId string, userName, userId *string) (*user.CreateUserResponse, error) {
+	addHumanPb := &user.AddHumanUserRequest{
+		Username: userName,
+		UserId:   userId,
+		Organization: &legacyobject.Organization{
+			Org: &legacyobject.Organization_OrgId{OrgId: orgId},
+		},
+		Profile:    humanPb.Profile,
+		Email:      humanPb.Email,
+		Phone:      humanPb.Phone,
+		IdpLinks:   humanPb.IdpLinks,
+		TotpSecret: humanPb.TotpSecret,
+	}
+	switch pwType := humanPb.GetPasswordType().(type) {
+	case *user.CreateUserRequest_Human_HashedPassword:
+		addHumanPb.PasswordType = &user.AddHumanUserRequest_HashedPassword{
+			HashedPassword: pwType.HashedPassword,
+		}
+	case *user.CreateUserRequest_Human_Password:
+		addHumanPb.PasswordType = &user.AddHumanUserRequest_Password{
+			Password: pwType.Password,
+		}
+	default:
+		// optional password is not set
+	}
+	newHuman, err := AddUserRequestToAddHuman(addHumanPb)
+	if err != nil {
+		return nil, err
+	}
+	if err = s.command.AddUserHuman(
+		ctx,
+		orgId,
+		newHuman,
+		false,
+		s.userCodeAlg,
+	); err != nil {
+		return nil, err
+	}
+	return &user.CreateUserResponse{
+		Id:           newHuman.ID,
+		CreationDate: timestamppb.New(newHuman.Details.EventDate),
+		EmailCode:    newHuman.EmailCode,
+		PhoneCode:    newHuman.PhoneCode,
+	}, nil
+}
+
+func (s *Server) updateUserTypeHuman(ctx context.Context, humanPb *user.UpdateUserRequest_Human, userId string, userName *string) (*user.UpdateUserResponse, error) {
+	cmd, err := updateHumanUserToCommand(userId, userName, humanPb)
+	if err != nil {
+		return nil, err
+	}
+	if err = s.command.ChangeUserHuman(ctx, cmd, s.userCodeAlg); err != nil {
+		return nil, err
+	}
+	return &user.UpdateUserResponse{
+		ChangeDate: timestamppb.New(cmd.Details.EventDate),
+		EmailCode:  cmd.EmailCode,
+		PhoneCode:  cmd.PhoneCode,
+	}, nil
+}
+
+func updateHumanUserToCommand(userId string, userName *string, human *user.UpdateUserRequest_Human) (*command.ChangeHuman, error) {
+	phone := human.GetPhone()
+	if phone != nil && phone.Phone == "" && phone.GetVerification() != nil {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USERv2-4f3d6", "Errors.User.Phone.VerifyingRemovalIsNotSupported")
+	}
+	email, err := setHumanEmailToEmail(human.Email, userId)
+	if err != nil {
+		return nil, err
+	}
+	return &command.ChangeHuman{
+		ID:       userId,
+		Username: userName,
+		Profile:  SetHumanProfileToProfile(human.Profile),
+		Email:    email,
+		Phone:    setHumanPhoneToPhone(human.Phone, true),
+		Password: setHumanPasswordToPassword(human.Password),
+	}, nil
+}
+
+func updateHumanUserRequestToChangeHuman(req *user.UpdateHumanUserRequest) (*command.ChangeHuman, error) {
+	email, err := setHumanEmailToEmail(req.Email, req.GetUserId())
+	if err != nil {
+		return nil, err
+	}
+	changeHuman := &command.ChangeHuman{
+		ID:       req.GetUserId(),
+		Username: req.Username,
+		Email:    email,
+		Phone:    setHumanPhoneToPhone(req.Phone, false),
+		Password: setHumanPasswordToPassword(req.Password),
+	}
+	if profile := req.GetProfile(); profile != nil {
+		var firstName *string
+		if profile.GivenName != "" {
+			firstName = &profile.GivenName
+		}
+		var lastName *string
+		if profile.FamilyName != "" {
+			lastName = &profile.FamilyName
+		}
+		changeHuman.Profile = SetHumanProfileToProfile(&user.UpdateUserRequest_Human_Profile{
+			GivenName:         firstName,
+			FamilyName:        lastName,
+			NickName:          profile.NickName,
+			DisplayName:       profile.DisplayName,
+			PreferredLanguage: profile.PreferredLanguage,
+			Gender:            profile.Gender,
+		})
+	}
+	return changeHuman, nil
+}
+
+func SetHumanProfileToProfile(profile *user.UpdateUserRequest_Human_Profile) *command.Profile {
+	if profile == nil {
+		return nil
+	}
+	return &command.Profile{
+		FirstName:         profile.GivenName,
+		LastName:          profile.FamilyName,
+		NickName:          profile.NickName,
+		DisplayName:       profile.DisplayName,
+		PreferredLanguage: ifNotNilPtr(profile.PreferredLanguage, language.Make),
+		Gender:            ifNotNilPtr(profile.Gender, genderToDomain),
+	}
+}
+
+func setHumanEmailToEmail(email *user.SetHumanEmail, userID string) (*command.Email, error) {
+	if email == nil {
+		return nil, nil
+	}
+	var urlTemplate string
+	if email.GetSendCode() != nil && email.GetSendCode().UrlTemplate != nil {
+		urlTemplate = *email.GetSendCode().UrlTemplate
+		if err := domain.RenderConfirmURLTemplate(io.Discard, urlTemplate, userID, "code", "orgID"); err != nil {
+			return nil, err
+		}
+	}
+	return &command.Email{
+		Address:     domain.EmailAddress(email.Email),
+		Verified:    email.GetIsVerified(),
+		ReturnCode:  email.GetReturnCode() != nil,
+		URLTemplate: urlTemplate,
+	}, nil
+}
+
+func setHumanPhoneToPhone(phone *user.SetHumanPhone, withRemove bool) *command.Phone {
+	if phone == nil {
+		return nil
+	}
+	number := phone.GetPhone()
+	return &command.Phone{
+		Number:     domain.PhoneNumber(number),
+		Verified:   phone.GetIsVerified(),
+		ReturnCode: phone.GetReturnCode() != nil,
+		Remove:     withRemove && number == "",
+	}
+}
+
+func setHumanPasswordToPassword(password *user.SetPassword) *command.Password {
+	if password == nil {
+		return nil
+	}
+	return &command.Password{
+		PasswordCode:        password.GetVerificationCode(),
+		OldPassword:         password.GetCurrentPassword(),
+		Password:            password.GetPassword().GetPassword(),
+		EncodedPasswordHash: password.GetHashedPassword().GetHash(),
+		ChangeRequired:      password.GetPassword().GetChangeRequired() || password.GetHashedPassword().GetChangeRequired(),
+	}
+}
diff --git a/internal/api/grpc/user/v2/human_test.go b/internal/api/grpc/user/v2/human_test.go
new file mode 100644
index 0000000000..52e5371dcc
--- /dev/null
+++ b/internal/api/grpc/user/v2/human_test.go
@@ -0,0 +1,254 @@
+package user
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func Test_patchHumanUserToCommand(t *testing.T) {
+	type args struct {
+		userId   string
+		userName *string
+		human    *user.UpdateUserRequest_Human
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *command.ChangeHuman
+		wantErr assert.ErrorAssertionFunc
+	}{{
+		name: "single property",
+		args: args{
+			userId: "userId",
+			human: &user.UpdateUserRequest_Human{
+				Profile: &user.UpdateUserRequest_Human_Profile{
+					GivenName: gu.Ptr("givenName"),
+				},
+			},
+		},
+		want: &command.ChangeHuman{
+			ID: "userId",
+			Profile: &command.Profile{
+				FirstName: gu.Ptr("givenName"),
+			},
+		},
+		wantErr: assert.NoError,
+	}, {
+		name: "all properties",
+		args: args{
+			userId:   "userId",
+			userName: gu.Ptr("userName"),
+			human: &user.UpdateUserRequest_Human{
+				Profile: &user.UpdateUserRequest_Human_Profile{
+					GivenName:         gu.Ptr("givenName"),
+					FamilyName:        gu.Ptr("familyName"),
+					NickName:          gu.Ptr("nickName"),
+					DisplayName:       gu.Ptr("displayName"),
+					PreferredLanguage: gu.Ptr("en-US"),
+					Gender:            gu.Ptr(user.Gender_GENDER_FEMALE),
+				},
+				Email: &user.SetHumanEmail{
+					Email: "email@example.com",
+					Verification: &user.SetHumanEmail_IsVerified{
+						IsVerified: true,
+					},
+				},
+				Phone: &user.SetHumanPhone{
+					Phone: "+123456789",
+					Verification: &user.SetHumanPhone_IsVerified{
+						IsVerified: true,
+					},
+				},
+				Password: &user.SetPassword{
+					Verification: &user.SetPassword_CurrentPassword{
+						CurrentPassword: "currentPassword",
+					},
+					PasswordType: &user.SetPassword_Password{
+						Password: &user.Password{
+							Password:       "newPassword",
+							ChangeRequired: true,
+						},
+					},
+				},
+			},
+		},
+		want: &command.ChangeHuman{
+			ID:       "userId",
+			Username: gu.Ptr("userName"),
+			Profile: &command.Profile{
+				FirstName:         gu.Ptr("givenName"),
+				LastName:          gu.Ptr("familyName"),
+				NickName:          gu.Ptr("nickName"),
+				DisplayName:       gu.Ptr("displayName"),
+				PreferredLanguage: &language.AmericanEnglish,
+				Gender:            gu.Ptr(domain.GenderFemale),
+			},
+			Email: &command.Email{
+				Address:  "email@example.com",
+				Verified: true,
+			},
+			Phone: &command.Phone{
+				Number:   "+123456789",
+				Verified: true,
+			},
+			Password: &command.Password{
+				OldPassword:    "currentPassword",
+				Password:       "newPassword",
+				ChangeRequired: true,
+			},
+		},
+		wantErr: assert.NoError,
+	}, {
+		name: "set email and request code",
+		args: args{
+			userId: "userId",
+			human: &user.UpdateUserRequest_Human{
+				Email: &user.SetHumanEmail{
+					Email: "email@example.com",
+					Verification: &user.SetHumanEmail_ReturnCode{
+						ReturnCode: &user.ReturnEmailVerificationCode{},
+					},
+				},
+			},
+		},
+		want: &command.ChangeHuman{
+			ID: "userId",
+			Email: &command.Email{
+				Address:    "email@example.com",
+				ReturnCode: true,
+			},
+		},
+		wantErr: assert.NoError,
+	}, {
+		name: "set email and send code",
+		args: args{
+			userId: "userId",
+			human: &user.UpdateUserRequest_Human{
+				Email: &user.SetHumanEmail{
+					Email: "email@example.com",
+					Verification: &user.SetHumanEmail_SendCode{
+						SendCode: &user.SendEmailVerificationCode{},
+					},
+				},
+			},
+		},
+		want: &command.ChangeHuman{
+			ID: "userId",
+			Email: &command.Email{
+				Address: "email@example.com",
+			},
+		},
+		wantErr: assert.NoError,
+	}, {
+		name: "set email and send code with template",
+		args: args{
+			userId: "userId",
+			human: &user.UpdateUserRequest_Human{
+				Email: &user.SetHumanEmail{
+					Email: "email@example.com",
+					Verification: &user.SetHumanEmail_SendCode{
+						SendCode: &user.SendEmailVerificationCode{
+							UrlTemplate: gu.Ptr("Code: {{.Code}}"),
+						},
+					},
+				},
+			},
+		},
+		want: &command.ChangeHuman{
+			ID: "userId",
+			Email: &command.Email{
+				Address:     "email@example.com",
+				URLTemplate: "Code: {{.Code}}",
+			},
+		},
+		wantErr: assert.NoError,
+	}, {
+		name: "set phone and request code",
+		args: args{
+			userId: "userId",
+			human: &user.UpdateUserRequest_Human{
+				Phone: &user.SetHumanPhone{
+					Phone: "+123456789",
+					Verification: &user.SetHumanPhone_ReturnCode{
+						ReturnCode: &user.ReturnPhoneVerificationCode{},
+					},
+				},
+			},
+		},
+		want: &command.ChangeHuman{
+			ID: "userId",
+			Phone: &command.Phone{
+				Number:     "+123456789",
+				ReturnCode: true,
+			},
+		},
+		wantErr: assert.NoError,
+	}, {
+		name: "set phone and send code",
+		args: args{
+			userId: "userId",
+			human: &user.UpdateUserRequest_Human{
+				Phone: &user.SetHumanPhone{
+					Phone: "+123456789",
+					Verification: &user.SetHumanPhone_SendCode{
+						SendCode: &user.SendPhoneVerificationCode{},
+					},
+				},
+			},
+		},
+		want: &command.ChangeHuman{
+			ID: "userId",
+			Phone: &command.Phone{
+				Number: "+123456789",
+			},
+		},
+		wantErr: assert.NoError,
+	}, {
+		name: "remove phone, ok",
+		args: args{
+			userId: "userId",
+			human: &user.UpdateUserRequest_Human{
+				Phone: &user.SetHumanPhone{},
+			},
+		},
+		want: &command.ChangeHuman{
+			ID: "userId",
+			Phone: &command.Phone{
+				Remove: true,
+			},
+		},
+		wantErr: assert.NoError,
+	}, {
+		name: "remove phone with verification, error",
+		args: args{
+			userId: "userId",
+			human: &user.UpdateUserRequest_Human{
+				Phone: &user.SetHumanPhone{
+					Verification: &user.SetHumanPhone_ReturnCode{},
+				},
+			},
+		},
+		wantErr: assert.Error,
+	}}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := updateHumanUserToCommand(tt.args.userId, tt.args.userName, tt.args.human)
+			if !tt.wantErr(t, err, fmt.Sprintf("patchHumanUserToCommand(%v, %v, %v)", tt.args.userId, tt.args.userName, tt.args.human)) {
+				return
+			}
+			if diff := cmp.Diff(tt.want, got, cmpopts.EquateComparable(language.Tag{})); diff != "" {
+				t.Errorf("patchHumanUserToCommand() mismatch (-want +got):\n%s", diff)
+			}
+		})
+	}
+}
diff --git a/internal/api/grpc/user/v2/integration_test/email_test.go b/internal/api/grpc/user/v2/integration_test/email_test.go
index ad63c2ce5e..ad68ef5c5a 100644
--- a/internal/api/grpc/user/v2/integration_test/email_test.go
+++ b/internal/api/grpc/user/v2/integration_test/email_test.go
@@ -10,13 +10,13 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/timestamppb"
-
+ 
 	"github.com/zitadel/zitadel/internal/integration"
 	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func TestServer_SetEmail(t *testing.T) {
+func TestServer_Deprecated_SetEmail(t *testing.T) {
 	userID := Instance.CreateHumanUser(CTX).GetUserId()
 
 	tests := []struct {
diff --git a/internal/api/grpc/user/v2/integration_test/key_test.go b/internal/api/grpc/user/v2/integration_test/key_test.go
new file mode 100644
index 0000000000..e85903b2cb
--- /dev/null
+++ b/internal/api/grpc/user/v2/integration_test/key_test.go
@@ -0,0 +1,659 @@
+//go:build integration
+
+package user_test
+
+import (
+	"context"
+	"fmt"
+	"slices"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/google/go-cmp/cmp"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/testing/protocmp"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	"github.com/zitadel/zitadel/pkg/grpc/filter/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func TestServer_AddKey(t *testing.T) {
+	resp := Instance.CreateUserTypeMachine(IamCTX)
+	userId := resp.GetId()
+	expirationDate := timestamppb.New(time.Now().Add(time.Hour * 24))
+	type args struct {
+		req     *user.AddKeyRequest
+		prepare func(request *user.AddKeyRequest) error
+	}
+	tests := []struct {
+		name         string
+		args         args
+		wantErr      bool
+		wantEmtpyKey bool
+	}{
+		{
+			name: "add key, user not existing",
+			args: args{
+				&user.AddKeyRequest{
+					UserId:         "notexisting",
+					ExpirationDate: expirationDate,
+				},
+				func(request *user.AddKeyRequest) error { return nil },
+			},
+			wantErr: true,
+		},
+		{
+			name: "generate key pair, ok",
+			args: args{
+				&user.AddKeyRequest{
+					ExpirationDate: expirationDate,
+				},
+				func(request *user.AddKeyRequest) error {
+					request.UserId = userId
+					return nil
+				},
+			},
+		},
+		{
+			name: "add valid public key, ok",
+			args: args{
+				&user.AddKeyRequest{
+					ExpirationDate: expirationDate,
+					// This is the public key of the tester system user. This must be valid.
+					PublicKey: []byte(`
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzi+FFSJL7f5yw4KTwzgM
+P34ePGycm/M+kT0M7V4Cgx5V3EaDIvTQKTLfBaEB45zb9LtjIXzDw0rXRoS2hO6t
+h+CYQCz3KCvh09C0IzxZiB2IS3H/aT+5Bx9EFY+vnAkZjccbyG5YNRvmtOlnvIeI
+H7qZ0tEwkPfF5GEZNPJPtmy3UGV7iofdVQS1xRj73+aMw5rvH4D8IdyiAC3VekIb
+pt0Vj0SUX3DwKtog337BzTiPk3aXRF0sbFhQoqdJRI8NqgZjCwjq9yfI5tyxYswn
++JGzHGdHvW3idODlmwEt5K2pasiRIWK2OGfq+w0EcltQHabuqEPgZlmhCkRdNfix
+BwIDAQAB
+-----END PUBLIC KEY-----
+`),
+				},
+				func(request *user.AddKeyRequest) error {
+					request.UserId = userId
+					return nil
+				},
+			},
+			wantEmtpyKey: true,
+		},
+		{
+			name: "add invalid public key, error",
+			args: args{
+				&user.AddKeyRequest{
+					ExpirationDate: expirationDate,
+					PublicKey: []byte(`
+-----BEGIN PUBLIC KEY-----
+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
+-----END PUBLIC KEY-----
+`),
+				},
+				func(request *user.AddKeyRequest) error {
+					request.UserId = userId
+					return nil
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "add key human, error",
+			args: args{
+				&user.AddKeyRequest{
+					ExpirationDate: expirationDate,
+				},
+				func(request *user.AddKeyRequest) error {
+					resp := Instance.CreateUserTypeHuman(IamCTX)
+					request.UserId = resp.Id
+					return nil
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "add another key, ok",
+			args: args{
+				&user.AddKeyRequest{
+					ExpirationDate: expirationDate,
+				},
+				func(request *user.AddKeyRequest) error {
+					request.UserId = userId
+					_, err := Client.AddKey(IamCTX, &user.AddKeyRequest{
+						ExpirationDate: expirationDate,
+						UserId:         userId,
+					})
+					return err
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			err := tt.args.prepare(tt.args.req)
+			require.NoError(t, err)
+			got, err := Client.AddKey(CTX, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.NotEmpty(t, got.KeyId, "key id is empty")
+			if tt.wantEmtpyKey {
+				assert.Empty(t, got.KeyContent, "key content is not empty")
+			} else {
+				assert.NotEmpty(t, got.KeyContent, "key content is empty")
+			}
+			creationDate := got.CreationDate.AsTime()
+			assert.Greater(t, creationDate, now, "creation date is before the test started")
+			assert.Less(t, creationDate, time.Now(), "creation date is in the future")
+		})
+	}
+}
+
+func TestServer_AddKey_Permission(t *testing.T) {
+	OrgCTX := CTX
+	otherOrg := Instance.CreateOrganization(IamCTX, fmt.Sprintf("AddKey-%s", gofakeit.AppName()), gofakeit.Email())
+	otherOrgUser, err := Client.CreateUser(IamCTX, &user.CreateUserRequest{
+		OrganizationId: otherOrg.OrganizationId,
+		UserType: &user.CreateUserRequest_Machine_{
+			Machine: &user.CreateUserRequest_Machine{
+				Name: gofakeit.Name(),
+			},
+		},
+	})
+	require.NoError(t, err)
+	request := &user.AddKeyRequest{
+		ExpirationDate: timestamppb.New(time.Now().Add(time.Hour * 24)),
+		UserId:         otherOrgUser.GetId(),
+	}
+	type args struct {
+		ctx context.Context
+		req *user.AddKeyRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "system, ok",
+			args: args{SystemCTX, request},
+		},
+		{
+			name: "instance, ok",
+			args: args{IamCTX, request},
+		},
+		{
+			name:    "org, error",
+			args:    args{OrgCTX, request},
+			wantErr: true,
+		},
+		{
+			name:    "user, error",
+			args:    args{UserCTX, request},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			require.NoError(t, err)
+			got, err := Client.AddKey(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.NotEmpty(t, got.KeyId, "key id is empty")
+			assert.NotEmpty(t, got.KeyContent, "key content is empty")
+			creationDate := got.CreationDate.AsTime()
+			assert.Greater(t, creationDate, now, "creation date is before the test started")
+			assert.Less(t, creationDate, time.Now(), "creation date is in the future")
+		})
+	}
+}
+
+func TestServer_RemoveKey(t *testing.T) {
+	resp := Instance.CreateUserTypeMachine(IamCTX)
+	userId := resp.GetId()
+	expirationDate := timestamppb.New(time.Now().Add(time.Hour * 24))
+	type args struct {
+		req     *user.RemoveKeyRequest
+		prepare func(request *user.RemoveKeyRequest) error
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "remove key, user not existing",
+			args: args{
+				&user.RemoveKeyRequest{
+					UserId: "notexisting",
+				},
+				func(request *user.RemoveKeyRequest) error {
+					key, err := Client.AddKey(IamCTX, &user.AddKeyRequest{
+						ExpirationDate: expirationDate,
+						UserId:         userId,
+					})
+					request.KeyId = key.GetKeyId()
+					return err
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "remove key, not existing",
+			args: args{
+				&user.RemoveKeyRequest{
+					KeyId: "notexisting",
+				},
+				func(request *user.RemoveKeyRequest) error {
+					request.UserId = userId
+					return nil
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "remove key, ok",
+			args: args{
+				&user.RemoveKeyRequest{},
+				func(request *user.RemoveKeyRequest) error {
+					key, err := Client.AddKey(IamCTX, &user.AddKeyRequest{
+						ExpirationDate: expirationDate,
+						UserId:         userId,
+					})
+					request.KeyId = key.GetKeyId()
+					request.UserId = userId
+					return err
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			err := tt.args.prepare(tt.args.req)
+			require.NoError(t, err)
+			got, err := Client.RemoveKey(CTX, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			deletionDate := got.DeletionDate.AsTime()
+			assert.Greater(t, deletionDate, now, "creation date is before the test started")
+			assert.Less(t, deletionDate, time.Now(), "creation date is in the future")
+		})
+	}
+}
+
+func TestServer_RemoveKey_Permission(t *testing.T) {
+	OrgCTX := CTX
+	otherOrg := Instance.CreateOrganization(IamCTX, fmt.Sprintf("RemoveKey-%s", gofakeit.AppName()), gofakeit.Email())
+	otherOrgUser, err := Client.CreateUser(IamCTX, &user.CreateUserRequest{
+		OrganizationId: otherOrg.OrganizationId,
+		UserType: &user.CreateUserRequest_Machine_{
+			Machine: &user.CreateUserRequest_Machine{
+				Name: gofakeit.Name(),
+			},
+		},
+	})
+	request := &user.RemoveKeyRequest{
+		UserId: otherOrgUser.GetId(),
+	}
+	prepare := func(request *user.RemoveKeyRequest) error {
+		key, err := Client.AddKey(IamCTX, &user.AddKeyRequest{
+			ExpirationDate: timestamppb.New(time.Now().Add(time.Hour * 24)),
+			UserId:         otherOrgUser.GetId(),
+		})
+		request.KeyId = key.GetKeyId()
+		return err
+	}
+	require.NoError(t, err)
+	type args struct {
+		ctx     context.Context
+		req     *user.RemoveKeyRequest
+		prepare func(request *user.RemoveKeyRequest) error
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "system, ok",
+			args: args{SystemCTX, request, prepare},
+		},
+		{
+			name: "instance, ok",
+			args: args{IamCTX, request, prepare},
+		},
+		{
+			name:    "org, error",
+			args:    args{OrgCTX, request, prepare},
+			wantErr: true,
+		},
+		{
+			name:    "user, error",
+			args:    args{UserCTX, request, prepare},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			require.NoError(t, tt.args.prepare(tt.args.req))
+			got, err := Client.RemoveKey(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.NotEmpty(t, got.DeletionDate, "client key is empty")
+			creationDate := got.DeletionDate.AsTime()
+			assert.Greater(t, creationDate, now, "creation date is before the test started")
+			assert.Less(t, creationDate, time.Now(), "creation date is in the future")
+		})
+	}
+}
+
+func TestServer_ListKeys(t *testing.T) {
+	type args struct {
+		ctx context.Context
+		req *user.ListKeysRequest
+	}
+	type testCase struct {
+		name string
+		args args
+		want *user.ListKeysResponse
+	}
+	OrgCTX := CTX
+	otherOrg := Instance.CreateOrganization(SystemCTX, fmt.Sprintf("ListKeys-%s", gofakeit.AppName()), gofakeit.Email())
+	otherOrgUser, err := Client.CreateUser(SystemCTX, &user.CreateUserRequest{
+		OrganizationId: otherOrg.OrganizationId,
+		UserType: &user.CreateUserRequest_Machine_{
+			Machine: &user.CreateUserRequest_Machine{
+				Name: gofakeit.Name(),
+			},
+		},
+	})
+	require.NoError(t, err)
+	otherOrgUserId := otherOrgUser.GetId()
+	otherUserId := Instance.CreateUserTypeMachine(SystemCTX).GetId()
+	onlySinceTestStartFilter := &user.KeysSearchFilter{Filter: &user.KeysSearchFilter_CreatedDateFilter{CreatedDateFilter: &filter.TimestampFilter{
+		Timestamp: timestamppb.Now(),
+		Method:    filter.TimestampFilterMethod_TIMESTAMP_FILTER_METHOD_AFTER_OR_EQUALS,
+	}}}
+	myOrgId := Instance.DefaultOrg.GetId()
+	myUserId := Instance.Users.Get(integration.UserTypeNoPermission).ID
+	expiresInADay := time.Now().Truncate(time.Hour).Add(time.Hour * 24)
+	myDataPoint := setupKeyDataPoint(t, myUserId, myOrgId, expiresInADay)
+	otherUserDataPoint := setupKeyDataPoint(t, otherUserId, myOrgId, expiresInADay)
+	otherOrgDataPointExpiringSoon := setupKeyDataPoint(t, otherOrgUserId, otherOrg.OrganizationId, time.Now().Truncate(time.Hour).Add(time.Hour))
+	otherOrgDataPointExpiringLate := setupKeyDataPoint(t, otherOrgUserId, otherOrg.OrganizationId, expiresInADay.Add(time.Hour*24*30))
+	sortingColumnExpirationDate := user.KeyFieldName_KEY_FIELD_NAME_KEY_EXPIRATION_DATE
+	awaitKeys(t, onlySinceTestStartFilter,
+		otherOrgDataPointExpiringSoon.GetId(),
+		otherOrgDataPointExpiringLate.GetId(),
+		otherUserDataPoint.GetId(),
+		myDataPoint.GetId(),
+	)
+	tests := []testCase{
+		{
+			name: "list all, instance",
+			args: args{
+				IamCTX,
+				&user.ListKeysRequest{Filters: []*user.KeysSearchFilter{onlySinceTestStartFilter}},
+			},
+			want: &user.ListKeysResponse{
+				Result: []*user.Key{
+					otherOrgDataPointExpiringLate,
+					otherOrgDataPointExpiringSoon,
+					otherUserDataPoint,
+					myDataPoint,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  4,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list all, org",
+			args: args{
+				OrgCTX,
+				&user.ListKeysRequest{Filters: []*user.KeysSearchFilter{onlySinceTestStartFilter}},
+			},
+			want: &user.ListKeysResponse{
+				Result: []*user.Key{
+					otherUserDataPoint,
+					myDataPoint,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  2,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list all, user",
+			args: args{
+				UserCTX,
+				&user.ListKeysRequest{Filters: []*user.KeysSearchFilter{onlySinceTestStartFilter}},
+			},
+			want: &user.ListKeysResponse{
+				Result: []*user.Key{
+					myDataPoint,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list by id",
+			args: args{
+				IamCTX,
+				&user.ListKeysRequest{
+					Filters: []*user.KeysSearchFilter{
+						onlySinceTestStartFilter,
+						{
+							Filter: &user.KeysSearchFilter_KeyIdFilter{
+								KeyIdFilter: &filter.IDFilter{Id: otherOrgDataPointExpiringSoon.Id},
+							},
+						},
+					},
+				},
+			},
+			want: &user.ListKeysResponse{
+				Result: []*user.Key{
+					otherOrgDataPointExpiringSoon,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list all from other org",
+			args: args{
+				IamCTX,
+				&user.ListKeysRequest{
+					Filters: []*user.KeysSearchFilter{
+						onlySinceTestStartFilter,
+						{
+							Filter: &user.KeysSearchFilter_OrganizationIdFilter{
+								OrganizationIdFilter: &filter.IDFilter{Id: otherOrg.OrganizationId},
+							},
+						},
+					},
+				},
+			},
+			want: &user.ListKeysResponse{
+				Result: []*user.Key{
+					otherOrgDataPointExpiringLate,
+					otherOrgDataPointExpiringSoon,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  2,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "sort by next expiration dates",
+			args: args{
+				IamCTX,
+				&user.ListKeysRequest{
+					Pagination: &filter.PaginationRequest{
+						Asc: true,
+					},
+					SortingColumn: &sortingColumnExpirationDate,
+					Filters: []*user.KeysSearchFilter{
+						onlySinceTestStartFilter,
+						{Filter: &user.KeysSearchFilter_OrganizationIdFilter{OrganizationIdFilter: &filter.IDFilter{Id: otherOrg.OrganizationId}}},
+					},
+				},
+			},
+			want: &user.ListKeysResponse{
+				Result: []*user.Key{
+					otherOrgDataPointExpiringSoon,
+					otherOrgDataPointExpiringLate,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  2,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "get page",
+			args: args{
+				IamCTX,
+				&user.ListKeysRequest{
+					Pagination: &filter.PaginationRequest{
+						Offset: 2,
+						Limit:  2,
+						Asc:    true,
+					},
+					Filters: []*user.KeysSearchFilter{
+						onlySinceTestStartFilter,
+					},
+				},
+			},
+			want: &user.ListKeysResponse{
+				Result: []*user.Key{
+					otherOrgDataPointExpiringSoon,
+					otherOrgDataPointExpiringLate,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  4,
+					AppliedLimit: 2,
+				},
+			},
+		},
+		{
+			name: "empty list",
+			args: args{
+				UserCTX,
+				&user.ListKeysRequest{
+					Filters: []*user.KeysSearchFilter{
+						{
+							Filter: &user.KeysSearchFilter_KeyIdFilter{
+								KeyIdFilter: &filter.IDFilter{Id: otherUserDataPoint.Id},
+							},
+						},
+					},
+				},
+			},
+			want: &user.ListKeysResponse{
+				Result: []*user.Key{},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  0,
+					AppliedLimit: 100,
+				},
+			},
+		},
+	}
+	t.Run("with permission flag v2", func(t *testing.T) {
+		setPermissionCheckV2Flag(t, true)
+		defer setPermissionCheckV2Flag(t, false)
+		for _, tt := range tests {
+			t.Run(tt.name, func(t *testing.T) {
+				got, err := Client.ListKeys(tt.args.ctx, tt.args.req)
+				require.NoError(t, err)
+				assert.Len(t, got.Result, len(tt.want.Result))
+				if diff := cmp.Diff(tt.want, got, protocmp.Transform()); diff != "" {
+					t.Errorf("ListKeys() mismatch (-want +got):\n%s", diff)
+				}
+			})
+		}
+	})
+	t.Run("without permission flag v2", func(t *testing.T) {
+		for _, tt := range tests {
+			t.Run(tt.name, func(t *testing.T) {
+				got, err := Client.ListKeys(tt.args.ctx, tt.args.req)
+				require.NoError(t, err)
+				assert.Len(t, got.Result, len(tt.want.Result))
+				// ignore the total result, as this is a known bug with the in-memory permission checks.
+				// The command can't know how many keys exist in the system if the SQL statement has a limit.
+				// This is fixed, once the in-memory permission checks are removed with https://github.com/zitadel/zitadel/issues/9188
+				tt.want.Pagination.TotalResult = got.Pagination.TotalResult
+				if diff := cmp.Diff(tt.want, got, protocmp.Transform()); diff != "" {
+					t.Errorf("ListKeys() mismatch (-want +got):\n%s", diff)
+				}
+			})
+		}
+	})
+}
+
+func setupKeyDataPoint(t *testing.T, userId, orgId string, expirationDate time.Time) *user.Key {
+	expirationDatePb := timestamppb.New(expirationDate)
+	newKey, err := Client.AddKey(SystemCTX, &user.AddKeyRequest{
+		UserId:         userId,
+		ExpirationDate: expirationDatePb,
+		PublicKey:      nil,
+	})
+	require.NoError(t, err)
+	return &user.Key{
+		CreationDate:   newKey.CreationDate,
+		ChangeDate:     newKey.CreationDate,
+		Id:             newKey.GetKeyId(),
+		UserId:         userId,
+		OrganizationId: orgId,
+		ExpirationDate: expirationDatePb,
+	}
+}
+
+func awaitKeys(t *testing.T, sinceTestStartFilter *user.KeysSearchFilter, keyIds ...string) {
+	sortingColumn := user.KeyFieldName_KEY_FIELD_NAME_ID
+	slices.Sort(keyIds)
+	require.EventuallyWithT(t, func(collect *assert.CollectT) {
+		result, err := Client.ListKeys(SystemCTX, &user.ListKeysRequest{
+			Filters:       []*user.KeysSearchFilter{sinceTestStartFilter},
+			SortingColumn: &sortingColumn,
+			Pagination: &filter.PaginationRequest{
+				Asc: true,
+			},
+		})
+		require.NoError(t, err)
+		if !assert.Len(collect, result.Result, len(keyIds)) {
+			return
+		}
+		for i := range keyIds {
+			keyId := keyIds[i]
+			require.Equal(collect, keyId, result.Result[i].GetId())
+		}
+	}, 5*time.Second, time.Second, "key not created in time")
+}
diff --git a/internal/api/grpc/user/v2/integration_test/password_test.go b/internal/api/grpc/user/v2/integration_test/password_test.go
index 0cd0da7454..258cdaf78d 100644
--- a/internal/api/grpc/user/v2/integration_test/password_test.go
+++ b/internal/api/grpc/user/v2/integration_test/password_test.go
@@ -104,7 +104,7 @@ func TestServer_RequestPasswordReset(t *testing.T) {
 	}
 }
 
-func TestServer_SetPassword(t *testing.T) {
+func TestServer_Deprecated_SetPassword(t *testing.T) {
 	type args struct {
 		ctx context.Context
 		req *user.SetPasswordRequest
diff --git a/internal/api/grpc/user/v2/integration_test/pat_test.go b/internal/api/grpc/user/v2/integration_test/pat_test.go
new file mode 100644
index 0000000000..ce974e0407
--- /dev/null
+++ b/internal/api/grpc/user/v2/integration_test/pat_test.go
@@ -0,0 +1,615 @@
+//go:build integration
+
+package user_test
+
+import (
+	"context"
+	"fmt"
+	"slices"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/google/go-cmp/cmp"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/testing/protocmp"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	"github.com/zitadel/zitadel/pkg/grpc/filter/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func TestServer_AddPersonalAccessToken(t *testing.T) {
+	resp := Instance.CreateUserTypeMachine(IamCTX)
+	userId := resp.GetId()
+	expirationDate := timestamppb.New(time.Now().Add(time.Hour * 24))
+	type args struct {
+		req     *user.AddPersonalAccessTokenRequest
+		prepare func(request *user.AddPersonalAccessTokenRequest) error
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "add pat, user not existing",
+			args: args{
+				&user.AddPersonalAccessTokenRequest{
+					UserId:         "notexisting",
+					ExpirationDate: expirationDate,
+				},
+				func(request *user.AddPersonalAccessTokenRequest) error { return nil },
+			},
+			wantErr: true,
+		},
+		{
+			name: "add pat, ok",
+			args: args{
+				&user.AddPersonalAccessTokenRequest{
+					ExpirationDate: expirationDate,
+				},
+				func(request *user.AddPersonalAccessTokenRequest) error {
+					request.UserId = userId
+					return nil
+				},
+			},
+		},
+		{
+			name: "add pat human, not ok",
+			args: args{
+				&user.AddPersonalAccessTokenRequest{
+					ExpirationDate: expirationDate,
+				},
+				func(request *user.AddPersonalAccessTokenRequest) error {
+					resp := Instance.CreateUserTypeHuman(IamCTX)
+					request.UserId = resp.Id
+					return nil
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "add another pat, ok",
+			args: args{
+				&user.AddPersonalAccessTokenRequest{
+					ExpirationDate: expirationDate,
+				},
+				func(request *user.AddPersonalAccessTokenRequest) error {
+					request.UserId = userId
+					_, err := Client.AddPersonalAccessToken(IamCTX, &user.AddPersonalAccessTokenRequest{
+						ExpirationDate: expirationDate,
+						UserId:         userId,
+					})
+					return err
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			err := tt.args.prepare(tt.args.req)
+			require.NoError(t, err)
+			got, err := Client.AddPersonalAccessToken(CTX, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.NotEmpty(t, got.TokenId, "id is empty")
+			assert.NotEmpty(t, got.Token, "token is empty")
+			creationDate := got.CreationDate.AsTime()
+			assert.Greater(t, creationDate, now, "creation date is before the test started")
+			assert.Less(t, creationDate, time.Now(), "creation date is in the future")
+		})
+	}
+}
+
+func TestServer_AddPersonalAccessToken_Permission(t *testing.T) {
+	OrgCTX := CTX
+	otherOrg := Instance.CreateOrganization(IamCTX, fmt.Sprintf("AddPersonalAccessToken-%s", gofakeit.AppName()), gofakeit.Email())
+	otherOrgUser, err := Client.CreateUser(IamCTX, &user.CreateUserRequest{
+		OrganizationId: otherOrg.OrganizationId,
+		UserType: &user.CreateUserRequest_Machine_{
+			Machine: &user.CreateUserRequest_Machine{
+				Name: gofakeit.Name(),
+			},
+		},
+	})
+	require.NoError(t, err)
+	request := &user.AddPersonalAccessTokenRequest{
+		ExpirationDate: timestamppb.New(time.Now().Add(time.Hour * 24)),
+		UserId:         otherOrgUser.GetId(),
+	}
+	type args struct {
+		ctx context.Context
+		req *user.AddPersonalAccessTokenRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "system, ok",
+			args: args{SystemCTX, request},
+		},
+		{
+			name: "instance, ok",
+			args: args{IamCTX, request},
+		},
+		{
+			name:    "org, error",
+			args:    args{OrgCTX, request},
+			wantErr: true,
+		},
+		{
+			name:    "user, error",
+			args:    args{UserCTX, request},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			require.NoError(t, err)
+			got, err := Client.AddPersonalAccessToken(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.NotEmpty(t, got.TokenId, "id is empty")
+			assert.NotEmpty(t, got.Token, "token is empty")
+			creationDate := got.CreationDate.AsTime()
+			assert.Greater(t, creationDate, now, "creation date is before the test started")
+			assert.Less(t, creationDate, time.Now(), "creation date is in the future")
+		})
+	}
+}
+
+func TestServer_RemovePersonalAccessToken(t *testing.T) {
+	resp := Instance.CreateUserTypeMachine(IamCTX)
+	userId := resp.GetId()
+	expirationDate := timestamppb.New(time.Now().Add(time.Hour * 24))
+	type args struct {
+		req     *user.RemovePersonalAccessTokenRequest
+		prepare func(request *user.RemovePersonalAccessTokenRequest) error
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "remove pat, user not existing",
+			args: args{
+				&user.RemovePersonalAccessTokenRequest{
+					UserId: "notexisting",
+				},
+				func(request *user.RemovePersonalAccessTokenRequest) error {
+					pat, err := Client.AddPersonalAccessToken(CTX, &user.AddPersonalAccessTokenRequest{
+						ExpirationDate: expirationDate,
+						UserId:         userId,
+					})
+					request.TokenId = pat.GetTokenId()
+					return err
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "remove pat, not existing",
+			args: args{
+				&user.RemovePersonalAccessTokenRequest{
+					TokenId: "notexisting",
+				},
+				func(request *user.RemovePersonalAccessTokenRequest) error {
+					request.UserId = userId
+					return nil
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "remove pat, ok",
+			args: args{
+				&user.RemovePersonalAccessTokenRequest{},
+				func(request *user.RemovePersonalAccessTokenRequest) error {
+					pat, err := Client.AddPersonalAccessToken(CTX, &user.AddPersonalAccessTokenRequest{
+						ExpirationDate: expirationDate,
+						UserId:         userId,
+					})
+					request.TokenId = pat.GetTokenId()
+					request.UserId = userId
+					return err
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			err := tt.args.prepare(tt.args.req)
+			require.NoError(t, err)
+			got, err := Client.RemovePersonalAccessToken(CTX, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			deletionDate := got.DeletionDate.AsTime()
+			assert.Greater(t, deletionDate, now, "creation date is before the test started")
+			assert.Less(t, deletionDate, time.Now(), "creation date is in the future")
+		})
+	}
+}
+
+func TestServer_RemovePersonalAccessToken_Permission(t *testing.T) {
+	otherOrg := Instance.CreateOrganization(IamCTX, fmt.Sprintf("RemovePersonalAccessToken-%s", gofakeit.AppName()), gofakeit.Email())
+	otherOrgUser, err := Client.CreateUser(IamCTX, &user.CreateUserRequest{
+		OrganizationId: otherOrg.OrganizationId,
+		UserType: &user.CreateUserRequest_Machine_{
+			Machine: &user.CreateUserRequest_Machine{
+				Name: gofakeit.Name(),
+			},
+		},
+	})
+	request := &user.RemovePersonalAccessTokenRequest{
+		UserId: otherOrgUser.GetId(),
+	}
+	prepare := func(request *user.RemovePersonalAccessTokenRequest) error {
+		pat, err := Client.AddPersonalAccessToken(IamCTX, &user.AddPersonalAccessTokenRequest{
+			ExpirationDate: timestamppb.New(time.Now().Add(time.Hour * 24)),
+			UserId:         otherOrgUser.GetId(),
+		})
+		request.TokenId = pat.GetTokenId()
+		return err
+	}
+	require.NoError(t, err)
+	type args struct {
+		ctx     context.Context
+		req     *user.RemovePersonalAccessTokenRequest
+		prepare func(request *user.RemovePersonalAccessTokenRequest) error
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "system, ok",
+			args: args{SystemCTX, request, prepare},
+		},
+		{
+			name: "instance, ok",
+			args: args{IamCTX, request, prepare},
+		},
+		{
+			name:    "org, error",
+			args:    args{CTX, request, prepare},
+			wantErr: true,
+		},
+		{
+			name:    "user, error",
+			args:    args{UserCTX, request, prepare},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			require.NoError(t, tt.args.prepare(tt.args.req))
+			got, err := Client.RemovePersonalAccessToken(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.NotEmpty(t, got.DeletionDate, "client pat is empty")
+			creationDate := got.DeletionDate.AsTime()
+			assert.Greater(t, creationDate, now, "creation date is before the test started")
+			assert.Less(t, creationDate, time.Now(), "creation date is in the future")
+		})
+	}
+}
+
+func TestServer_ListPersonalAccessTokens(t *testing.T) {
+	type args struct {
+		ctx context.Context
+		req *user.ListPersonalAccessTokensRequest
+	}
+	type testCase struct {
+		name string
+		args args
+		want *user.ListPersonalAccessTokensResponse
+	}
+	OrgCTX := CTX
+	otherOrg := Instance.CreateOrganization(SystemCTX, fmt.Sprintf("ListPersonalAccessTokens-%s", gofakeit.AppName()), gofakeit.Email())
+	otherOrgUser, err := Client.CreateUser(SystemCTX, &user.CreateUserRequest{
+		OrganizationId: otherOrg.OrganizationId,
+		UserType: &user.CreateUserRequest_Machine_{
+			Machine: &user.CreateUserRequest_Machine{
+				Name: gofakeit.Name(),
+			},
+		},
+	})
+	require.NoError(t, err)
+	otherOrgUserId := otherOrgUser.GetId()
+	otherUserId := Instance.CreateUserTypeMachine(SystemCTX).GetId()
+	onlySinceTestStartFilter := &user.PersonalAccessTokensSearchFilter{Filter: &user.PersonalAccessTokensSearchFilter_CreatedDateFilter{CreatedDateFilter: &filter.TimestampFilter{
+		Timestamp: timestamppb.Now(),
+		Method:    filter.TimestampFilterMethod_TIMESTAMP_FILTER_METHOD_AFTER_OR_EQUALS,
+	}}}
+	myOrgId := Instance.DefaultOrg.GetId()
+	myUserId := Instance.Users.Get(integration.UserTypeNoPermission).ID
+	expiresInADay := time.Now().Truncate(time.Hour).Add(time.Hour * 24)
+	myDataPoint := setupPATDataPoint(t, myUserId, myOrgId, expiresInADay)
+	otherUserDataPoint := setupPATDataPoint(t, otherUserId, myOrgId, expiresInADay)
+	otherOrgDataPointExpiringSoon := setupPATDataPoint(t, otherOrgUserId, otherOrg.OrganizationId, time.Now().Truncate(time.Hour).Add(time.Hour))
+	otherOrgDataPointExpiringLate := setupPATDataPoint(t, otherOrgUserId, otherOrg.OrganizationId, expiresInADay.Add(time.Hour*24*30))
+	sortingColumnExpirationDate := user.PersonalAccessTokenFieldName_PERSONAL_ACCESS_TOKEN_FIELD_NAME_EXPIRATION_DATE
+	awaitPersonalAccessTokens(t,
+		onlySinceTestStartFilter,
+		otherOrgDataPointExpiringSoon.GetId(),
+		otherOrgDataPointExpiringLate.GetId(),
+		otherUserDataPoint.GetId(),
+		myDataPoint.GetId(),
+	)
+	tests := []testCase{
+		{
+			name: "list all, instance",
+			args: args{
+				IamCTX,
+				&user.ListPersonalAccessTokensRequest{
+					Filters: []*user.PersonalAccessTokensSearchFilter{onlySinceTestStartFilter},
+				},
+			},
+			want: &user.ListPersonalAccessTokensResponse{
+				Result: []*user.PersonalAccessToken{
+					otherOrgDataPointExpiringLate,
+					otherOrgDataPointExpiringSoon,
+					otherUserDataPoint,
+					myDataPoint,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  4,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list all, org",
+			args: args{
+				OrgCTX,
+				&user.ListPersonalAccessTokensRequest{
+					Filters: []*user.PersonalAccessTokensSearchFilter{onlySinceTestStartFilter},
+				},
+			},
+			want: &user.ListPersonalAccessTokensResponse{
+				Result: []*user.PersonalAccessToken{
+					otherUserDataPoint,
+					myDataPoint,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  2,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list all, user",
+			args: args{
+				UserCTX,
+				&user.ListPersonalAccessTokensRequest{
+					Filters: []*user.PersonalAccessTokensSearchFilter{onlySinceTestStartFilter},
+				},
+			},
+			want: &user.ListPersonalAccessTokensResponse{
+				Result: []*user.PersonalAccessToken{
+					myDataPoint,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list by id",
+			args: args{
+				IamCTX,
+				&user.ListPersonalAccessTokensRequest{
+					Filters: []*user.PersonalAccessTokensSearchFilter{
+						onlySinceTestStartFilter,
+						{
+							Filter: &user.PersonalAccessTokensSearchFilter_TokenIdFilter{
+								TokenIdFilter: &filter.IDFilter{Id: otherOrgDataPointExpiringSoon.Id},
+							},
+						},
+					},
+				},
+			},
+			want: &user.ListPersonalAccessTokensResponse{
+				Result: []*user.PersonalAccessToken{
+					otherOrgDataPointExpiringSoon,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  1,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "list all from other org",
+			args: args{
+				IamCTX,
+				&user.ListPersonalAccessTokensRequest{
+					Filters: []*user.PersonalAccessTokensSearchFilter{
+						onlySinceTestStartFilter,
+						{
+							Filter: &user.PersonalAccessTokensSearchFilter_OrganizationIdFilter{
+								OrganizationIdFilter: &filter.IDFilter{Id: otherOrg.OrganizationId},
+							},
+						}},
+				},
+			},
+			want: &user.ListPersonalAccessTokensResponse{
+				Result: []*user.PersonalAccessToken{
+					otherOrgDataPointExpiringLate,
+					otherOrgDataPointExpiringSoon,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  2,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "sort by next expiration dates",
+			args: args{
+				IamCTX,
+				&user.ListPersonalAccessTokensRequest{
+					Pagination: &filter.PaginationRequest{
+						Asc: true,
+					},
+					SortingColumn: &sortingColumnExpirationDate,
+					Filters: []*user.PersonalAccessTokensSearchFilter{
+						onlySinceTestStartFilter,
+						{Filter: &user.PersonalAccessTokensSearchFilter_OrganizationIdFilter{OrganizationIdFilter: &filter.IDFilter{Id: otherOrg.OrganizationId}}},
+					},
+				},
+			},
+			want: &user.ListPersonalAccessTokensResponse{
+				Result: []*user.PersonalAccessToken{
+					otherOrgDataPointExpiringSoon,
+					otherOrgDataPointExpiringLate,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  2,
+					AppliedLimit: 100,
+				},
+			},
+		},
+		{
+			name: "get page",
+			args: args{
+				IamCTX,
+				&user.ListPersonalAccessTokensRequest{
+					Pagination: &filter.PaginationRequest{
+						Offset: 2,
+						Limit:  2,
+						Asc:    true,
+					},
+					Filters: []*user.PersonalAccessTokensSearchFilter{
+						onlySinceTestStartFilter,
+					},
+				},
+			},
+			want: &user.ListPersonalAccessTokensResponse{
+				Result: []*user.PersonalAccessToken{
+					otherOrgDataPointExpiringSoon,
+					otherOrgDataPointExpiringLate,
+				},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  4,
+					AppliedLimit: 2,
+				},
+			},
+		},
+		{
+			name: "empty list",
+			args: args{
+				UserCTX,
+				&user.ListPersonalAccessTokensRequest{
+					Filters: []*user.PersonalAccessTokensSearchFilter{
+						{
+							Filter: &user.PersonalAccessTokensSearchFilter_TokenIdFilter{
+								TokenIdFilter: &filter.IDFilter{Id: otherUserDataPoint.Id},
+							},
+						},
+					},
+				},
+			},
+			want: &user.ListPersonalAccessTokensResponse{
+				Result: []*user.PersonalAccessToken{},
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  0,
+					AppliedLimit: 100,
+				},
+			},
+		},
+	}
+	t.Run("with permission flag v2", func(t *testing.T) {
+		setPermissionCheckV2Flag(t, true)
+		defer setPermissionCheckV2Flag(t, false)
+		for _, tt := range tests {
+			t.Run(tt.name, func(t *testing.T) {
+				got, err := Client.ListPersonalAccessTokens(tt.args.ctx, tt.args.req)
+				require.NoError(t, err)
+				assert.Len(t, got.Result, len(tt.want.Result))
+				if diff := cmp.Diff(tt.want, got, protocmp.Transform()); diff != "" {
+					t.Errorf("ListPersonalAccessTokens() mismatch (-want +got):\n%s", diff)
+				}
+			})
+		}
+	})
+	t.Run("without permission flag v2", func(t *testing.T) {
+		for _, tt := range tests {
+			t.Run(tt.name, func(t *testing.T) {
+				got, err := Client.ListPersonalAccessTokens(tt.args.ctx, tt.args.req)
+				require.NoError(t, err)
+				assert.Len(t, got.Result, len(tt.want.Result))
+				// ignore the total result, as this is a known bug with the in-memory permission checks.
+				// The command can't know how many keys exist in the system if the SQL statement has a limit.
+				// This is fixed, once the in-memory permission checks are removed with https://github.com/zitadel/zitadel/issues/9188
+				tt.want.Pagination.TotalResult = got.Pagination.TotalResult
+				if diff := cmp.Diff(tt.want, got, protocmp.Transform()); diff != "" {
+					t.Errorf("ListPersonalAccessTokens() mismatch (-want +got):\n%s", diff)
+				}
+			})
+		}
+	})
+}
+
+func setupPATDataPoint(t *testing.T, userId, orgId string, expirationDate time.Time) *user.PersonalAccessToken {
+	expirationDatePb := timestamppb.New(expirationDate)
+	newPersonalAccessToken, err := Client.AddPersonalAccessToken(SystemCTX, &user.AddPersonalAccessTokenRequest{
+		UserId:         userId,
+		ExpirationDate: expirationDatePb,
+	})
+	require.NoError(t, err)
+	return &user.PersonalAccessToken{
+		CreationDate:   newPersonalAccessToken.CreationDate,
+		ChangeDate:     newPersonalAccessToken.CreationDate,
+		Id:             newPersonalAccessToken.GetTokenId(),
+		UserId:         userId,
+		OrganizationId: orgId,
+		ExpirationDate: expirationDatePb,
+	}
+}
+
+func awaitPersonalAccessTokens(t *testing.T, sinceTestStartFilter *user.PersonalAccessTokensSearchFilter, patIds ...string) {
+	sortingColumn := user.PersonalAccessTokenFieldName_PERSONAL_ACCESS_TOKEN_FIELD_NAME_ID
+	slices.Sort(patIds)
+	require.EventuallyWithT(t, func(collect *assert.CollectT) {
+		result, err := Client.ListPersonalAccessTokens(SystemCTX, &user.ListPersonalAccessTokensRequest{
+			Filters:       []*user.PersonalAccessTokensSearchFilter{sinceTestStartFilter},
+			SortingColumn: &sortingColumn,
+			Pagination: &filter.PaginationRequest{
+				Asc: true,
+			},
+		})
+		require.NoError(t, err)
+		if !assert.Len(collect, result.Result, len(patIds)) {
+			return
+		}
+		for i := range patIds {
+			patId := patIds[i]
+			require.Equal(collect, patId, result.Result[i].GetId())
+		}
+	}, 5*time.Second, time.Second, "pat not created in time")
+}
diff --git a/internal/api/grpc/user/v2/integration_test/phone_test.go b/internal/api/grpc/user/v2/integration_test/phone_test.go
index 49050c5fe6..b87f9a9f28 100644
--- a/internal/api/grpc/user/v2/integration_test/phone_test.go
+++ b/internal/api/grpc/user/v2/integration_test/phone_test.go
@@ -17,7 +17,7 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func TestServer_SetPhone(t *testing.T) {
+func TestServer_Deprecated_SetPhone(t *testing.T) {
 	userID := Instance.CreateHumanUser(CTX).GetUserId()
 
 	tests := []struct {
@@ -249,7 +249,7 @@ func TestServer_VerifyPhone(t *testing.T) {
 	}
 }
 
-func TestServer_RemovePhone(t *testing.T) {
+func TestServer_Deprecated_RemovePhone(t *testing.T) {
 	userResp := Instance.CreateHumanUser(CTX)
 	failResp := Instance.CreateHumanUserNoPhone(CTX)
 	otherUser := Instance.CreateHumanUser(CTX).GetUserId()
diff --git a/internal/api/grpc/user/v2/integration_test/secret_test.go b/internal/api/grpc/user/v2/integration_test/secret_test.go
new file mode 100644
index 0000000000..8ff537b1fd
--- /dev/null
+++ b/internal/api/grpc/user/v2/integration_test/secret_test.go
@@ -0,0 +1,347 @@
+//go:build integration
+
+package user_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func TestServer_AddSecret(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		req     *user.AddSecretRequest
+		prepare func(request *user.AddSecretRequest) error
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "add secret, user not existing",
+			args: args{
+				CTX,
+				&user.AddSecretRequest{
+					UserId: "notexisting",
+				},
+				func(request *user.AddSecretRequest) error { return nil },
+			},
+			wantErr: true,
+		},
+		{
+			name: "add secret, ok",
+			args: args{
+				CTX,
+				&user.AddSecretRequest{},
+				func(request *user.AddSecretRequest) error {
+					resp := Instance.CreateUserTypeMachine(CTX)
+					request.UserId = resp.GetId()
+					return nil
+				},
+			},
+		},
+		{
+			name: "add secret human, not ok",
+			args: args{
+				CTX,
+				&user.AddSecretRequest{},
+				func(request *user.AddSecretRequest) error {
+					resp := Instance.CreateUserTypeMachine(CTX)
+					request.UserId = resp.GetId()
+					return nil
+				},
+			},
+		},
+		{
+			name: "overwrite secret, ok",
+			args: args{
+				CTX,
+				&user.AddSecretRequest{},
+				func(request *user.AddSecretRequest) error {
+					resp := Instance.CreateUserTypeMachine(CTX)
+					request.UserId = resp.GetId()
+					_, err := Client.AddSecret(CTX, &user.AddSecretRequest{
+						UserId: resp.GetId(),
+					})
+					return err
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			err := tt.args.prepare(tt.args.req)
+			require.NoError(t, err)
+			got, err := Client.AddSecret(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.NotEmpty(t, got.ClientSecret, "client secret is empty")
+			creationDate := got.CreationDate.AsTime()
+			assert.Greater(t, creationDate, now, "creation date is before the test started")
+			assert.Less(t, creationDate, time.Now(), "creation date is in the future")
+		})
+	}
+}
+
+func TestServer_AddSecret_Permission(t *testing.T) {
+	otherOrg := Instance.CreateOrganization(IamCTX, fmt.Sprintf("AddSecret-%s", gofakeit.AppName()), gofakeit.Email())
+	otherOrgUser, err := Instance.Client.UserV2.CreateUser(IamCTX, &user.CreateUserRequest{
+		OrganizationId: otherOrg.OrganizationId,
+		UserType: &user.CreateUserRequest_Machine_{
+			Machine: &user.CreateUserRequest_Machine{
+				Name: gofakeit.Name(),
+			},
+		},
+	})
+	require.NoError(t, err)
+
+	type args struct {
+		ctx context.Context
+		req *user.AddSecretRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "system, ok",
+			args: args{
+				SystemCTX,
+				&user.AddSecretRequest{
+					UserId: otherOrgUser.GetId(),
+				},
+			},
+		},
+		{
+			name: "instance, ok",
+			args: args{
+				IamCTX,
+				&user.AddSecretRequest{
+					UserId: otherOrgUser.GetId(),
+				},
+			},
+		},
+		{
+			name: "org, error",
+			args: args{
+				CTX,
+				&user.AddSecretRequest{
+					UserId: otherOrgUser.GetId(),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "user, error",
+			args: args{
+				UserCTX,
+				&user.AddSecretRequest{
+					UserId: otherOrgUser.GetId(),
+				},
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			require.NoError(t, err)
+			got, err := Client.AddSecret(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.NotEmpty(t, got.ClientSecret, "client secret is empty")
+			creationDate := got.CreationDate.AsTime()
+			assert.Greater(t, creationDate, now, "creation date is before the test started")
+			assert.Less(t, creationDate, time.Now(), "creation date is in the future")
+		})
+	}
+}
+
+func TestServer_RemoveSecret(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		req     *user.RemoveSecretRequest
+		prepare func(request *user.RemoveSecretRequest) error
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "remove secret, user not existing",
+			args: args{
+				CTX,
+				&user.RemoveSecretRequest{
+					UserId: "notexisting",
+				},
+				func(request *user.RemoveSecretRequest) error { return nil },
+			},
+			wantErr: true,
+		},
+		{
+			name: "remove secret, not existing",
+			args: args{
+				CTX,
+				&user.RemoveSecretRequest{},
+				func(request *user.RemoveSecretRequest) error {
+					resp := Instance.CreateUserTypeMachine(CTX)
+					request.UserId = resp.GetId()
+					return nil
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "remove secret, ok",
+			args: args{
+				CTX,
+				&user.RemoveSecretRequest{},
+				func(request *user.RemoveSecretRequest) error {
+					resp := Instance.CreateUserTypeMachine(CTX)
+					request.UserId = resp.GetId()
+					_, err := Instance.Client.UserV2.AddSecret(CTX, &user.AddSecretRequest{
+						UserId: resp.GetId(),
+					})
+					return err
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			err := tt.args.prepare(tt.args.req)
+			require.NoError(t, err)
+			got, err := Client.RemoveSecret(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			deletionDate := got.DeletionDate.AsTime()
+			assert.Greater(t, deletionDate, now, "creation date is before the test started")
+			assert.Less(t, deletionDate, time.Now(), "creation date is in the future")
+		})
+	}
+}
+
+func TestServer_RemoveSecret_Permission(t *testing.T) {
+	otherOrg := Instance.CreateOrganization(IamCTX, fmt.Sprintf("RemoveSecret-%s", gofakeit.AppName()), gofakeit.Email())
+	otherOrgUser, err := Instance.Client.UserV2.CreateUser(IamCTX, &user.CreateUserRequest{
+		OrganizationId: otherOrg.OrganizationId,
+		UserType: &user.CreateUserRequest_Machine_{
+			Machine: &user.CreateUserRequest_Machine{
+				Name: gofakeit.Name(),
+			},
+		},
+	})
+	require.NoError(t, err)
+
+	type args struct {
+		ctx     context.Context
+		req     *user.RemoveSecretRequest
+		prepare func(request *user.RemoveSecretRequest) error
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "system, ok",
+			args: args{
+				SystemCTX,
+				&user.RemoveSecretRequest{
+					UserId: otherOrgUser.GetId(),
+				},
+				func(request *user.RemoveSecretRequest) error {
+					_, err := Instance.Client.UserV2.AddSecret(IamCTX, &user.AddSecretRequest{
+						UserId: otherOrgUser.GetId(),
+					})
+					return err
+				},
+			},
+		},
+		{
+			name: "instance, ok",
+			args: args{
+				IamCTX,
+				&user.RemoveSecretRequest{
+					UserId: otherOrgUser.GetId(),
+				},
+				func(request *user.RemoveSecretRequest) error {
+					_, err := Instance.Client.UserV2.AddSecret(IamCTX, &user.AddSecretRequest{
+						UserId: otherOrgUser.GetId(),
+					})
+					return err
+				},
+			},
+		},
+		{
+			name: "org, error",
+			args: args{
+				CTX,
+				&user.RemoveSecretRequest{
+					UserId: otherOrgUser.GetId(),
+				},
+				func(request *user.RemoveSecretRequest) error {
+					_, err := Instance.Client.UserV2.AddSecret(IamCTX, &user.AddSecretRequest{
+						UserId: otherOrgUser.GetId(),
+					})
+					return err
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "user, error",
+			args: args{
+				UserCTX,
+				&user.RemoveSecretRequest{
+					UserId: otherOrgUser.GetId(),
+				},
+				func(request *user.RemoveSecretRequest) error {
+					_, err := Instance.Client.UserV2.AddSecret(IamCTX, &user.AddSecretRequest{
+						UserId: otherOrgUser.GetId(),
+					})
+					return err
+				},
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			require.NoError(t, tt.args.prepare(tt.args.req))
+			got, err := Client.RemoveSecret(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.NotEmpty(t, got.DeletionDate, "client secret is empty")
+			creationDate := got.DeletionDate.AsTime()
+			assert.Greater(t, creationDate, now, "creation date is before the test started")
+			assert.Less(t, creationDate, time.Now(), "creation date is in the future")
+		})
+	}
+}
diff --git a/internal/api/grpc/user/v2/integration_test/user_test.go b/internal/api/grpc/user/v2/integration_test/user_test.go
index 4cf4ab21f8..4eee44ab44 100644
--- a/internal/api/grpc/user/v2/integration_test/user_test.go
+++ b/internal/api/grpc/user/v2/integration_test/user_test.go
@@ -57,7 +57,7 @@ func TestMain(m *testing.M) {
 	}())
 }
 
-func TestServer_AddHumanUser(t *testing.T) {
+func TestServer_Deprecated_AddHumanUser(t *testing.T) {
 	idpResp := Instance.AddGenericOAuthProvider(IamCTX, Instance.DefaultOrg.Id)
 	type args struct {
 		ctx context.Context
@@ -652,6 +652,7 @@ func TestServer_AddHumanUser(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			userID := fmt.Sprint(time.Now().UnixNano() + int64(i))
 			tt.args.req.UserId = &userID
+			// In order to prevent unique constraint errors, we set the email to a unique value
 			if email := tt.args.req.GetEmail(); email != nil {
 				email.Email = fmt.Sprintf("%s@me.now", userID)
 			}
@@ -666,7 +667,6 @@ func TestServer_AddHumanUser(t *testing.T) {
 				return
 			}
 			require.NoError(t, err)
-
 			assert.Equal(t, tt.want.GetUserId(), got.GetUserId())
 			if tt.want.GetEmailCode() != "" {
 				assert.NotEmpty(t, got.GetEmailCode())
@@ -683,7 +683,7 @@ func TestServer_AddHumanUser(t *testing.T) {
 	}
 }
 
-func TestServer_AddHumanUser_Permission(t *testing.T) {
+func TestServer_Deprecated_AddHumanUser_Permission(t *testing.T) {
 	newOrgOwnerEmail := gofakeit.Email()
 	newOrg := Instance.CreateOrganization(IamCTX, fmt.Sprintf("AddHuman-%s", gofakeit.AppName()), newOrgOwnerEmail)
 	type args struct {
@@ -876,7 +876,7 @@ func TestServer_AddHumanUser_Permission(t *testing.T) {
 	}
 }
 
-func TestServer_UpdateHumanUser(t *testing.T) {
+func TestServer_Deprecated_UpdateHumanUser(t *testing.T) {
 	type args struct {
 		ctx context.Context
 		req *user.UpdateHumanUserRequest
@@ -1237,7 +1237,7 @@ func TestServer_UpdateHumanUser(t *testing.T) {
 	}
 }
 
-func TestServer_UpdateHumanUser_Permission(t *testing.T) {
+func TestServer_Deprecated_UpdateHumanUser_Permission(t *testing.T) {
 	newOrgOwnerEmail := gofakeit.Email()
 	newOrg := Instance.CreateOrganization(IamCTX, fmt.Sprintf("UpdateHuman-%s", gofakeit.AppName()), newOrgOwnerEmail)
 	newUserID := newOrg.CreatedAdmins[0].GetUserId()
@@ -1834,15 +1834,26 @@ func TestServer_DeleteUser(t *testing.T) {
 			args: args{
 				req: &user.DeleteUserRequest{},
 				prepare: func(t *testing.T, request *user.DeleteUserRequest) context.Context {
-					removeUser, err := Instance.Client.Mgmt.AddMachineUser(CTX, &mgmt.AddMachineUserRequest{
-						UserName: gofakeit.Username(),
-						Name:     gofakeit.Name(),
+					removeUser, err := Client.CreateUser(CTX, &user.CreateUserRequest{
+						OrganizationId: Instance.DefaultOrg.Id,
+						UserType: &user.CreateUserRequest_Human_{
+							Human: &user.CreateUserRequest_Human{
+								Profile: &user.SetHumanProfile{
+									GivenName:  "givenName",
+									FamilyName: "familyName",
+								},
+								Email: &user.SetHumanEmail{
+									Email:        gofakeit.Email(),
+									Verification: &user.SetHumanEmail_IsVerified{IsVerified: true},
+								},
+							},
+						},
 					})
-					request.UserId = removeUser.UserId
 					require.NoError(t, err)
-					tokenResp, err := Instance.Client.Mgmt.AddPersonalAccessToken(CTX, &mgmt.AddPersonalAccessTokenRequest{UserId: removeUser.UserId})
-					require.NoError(t, err)
-					return integration.WithAuthorizationToken(UserCTX, tokenResp.Token)
+					request.UserId = removeUser.Id
+					Instance.RegisterUserPasskey(CTX, removeUser.Id)
+					_, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, CTX, removeUser.Id)
+					return integration.WithAuthorizationToken(UserCTX, token)
 				},
 			},
 			want: &user.DeleteUserResponse{
@@ -3610,7 +3621,6 @@ func TestServer_HumanMFAInitSkipped(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			err := tt.args.prepare(tt.args.req)
 			require.NoError(t, err)
-
 			got, err := Client.HumanMFAInitSkipped(tt.args.ctx, tt.args.req)
 			if tt.wantErr {
 				require.Error(t, err)
@@ -3624,3 +3634,1678 @@ func TestServer_HumanMFAInitSkipped(t *testing.T) {
 		})
 	}
 }
+
+func TestServer_CreateUser(t *testing.T) {
+	type args struct {
+		ctx context.Context
+		req *user.CreateUserRequest
+	}
+	type testCase struct {
+		args    args
+		want    *user.CreateUserResponse
+		wantErr bool
+	}
+	tests := []struct {
+		name     string
+		testCase func(runId string) testCase
+	}{
+		{
+			name: "default verification",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+									},
+								},
+							},
+						},
+					},
+					want: &user.CreateUserResponse{
+						Id: "is generated",
+					},
+					wantErr: false,
+				}
+			},
+		},
+		{
+			name: "return email verification code",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+										Verification: &user.SetHumanEmail_ReturnCode{
+											ReturnCode: &user.ReturnEmailVerificationCode{},
+										},
+									},
+								},
+							},
+						},
+					},
+					want: &user.CreateUserResponse{
+						Id:        "is generated",
+						EmailCode: gu.Ptr("something"),
+					},
+				}
+			},
+		},
+		{
+			name: "custom template",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+										Verification: &user.SetHumanEmail_SendCode{
+											SendCode: &user.SendEmailVerificationCode{
+												UrlTemplate: gu.Ptr("https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}"),
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+					want: &user.CreateUserResponse{
+						Id: "is generated",
+					},
+				}
+			},
+		},
+		{
+			name: "return phone verification code",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+									},
+									Phone: &user.SetHumanPhone{
+										Phone: "+41791234567",
+										Verification: &user.SetHumanPhone_ReturnCode{
+											ReturnCode: &user.ReturnPhoneVerificationCode{},
+										},
+									},
+								},
+							},
+						},
+					},
+					want: &user.CreateUserResponse{
+						Id:        "is generated",
+						PhoneCode: gu.Ptr("something"),
+					},
+				}
+			},
+		},
+		{
+			name: "custom template error",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+										Verification: &user.SetHumanEmail_SendCode{
+											SendCode: &user.SendEmailVerificationCode{
+												UrlTemplate: gu.Ptr("{{"),
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "missing REQUIRED profile",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Email: &user.SetHumanEmail{
+										Email: email,
+										Verification: &user.SetHumanEmail_ReturnCode{
+											ReturnCode: &user.ReturnEmailVerificationCode{},
+										},
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "missing REQUIRED email",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "missing empty email",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "missing idp",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+										Verification: &user.SetHumanEmail_IsVerified{
+											IsVerified: true,
+										},
+									},
+									IdpLinks: []*user.IDPLink{
+										{
+											IdpId:    "idpID",
+											UserId:   "userID",
+											UserName: "username",
+										},
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "with idp",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				idpResp := Instance.AddGenericOAuthProvider(IamCTX, Instance.DefaultOrg.Id)
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+										Verification: &user.SetHumanEmail_IsVerified{
+											IsVerified: true,
+										},
+									},
+									IdpLinks: []*user.IDPLink{
+										{
+											IdpId:    idpResp.Id,
+											UserId:   "userID",
+											UserName: "username",
+										},
+									},
+								},
+							},
+						},
+					},
+					want: &user.CreateUserResponse{
+						Id: "is generated",
+					},
+				}
+			},
+		},
+		{
+			name: "with totp",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+										Verification: &user.SetHumanEmail_IsVerified{
+											IsVerified: true,
+										},
+									},
+									TotpSecret: gu.Ptr("secret"),
+								},
+							},
+						},
+					},
+					want: &user.CreateUserResponse{
+						Id: "is generated",
+					},
+				}
+			},
+		},
+		{
+			name: "password not complexity conform",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:         "Donald",
+										FamilyName:        "Duck",
+										NickName:          gu.Ptr("Dukkie"),
+										DisplayName:       gu.Ptr("Donald Duck"),
+										PreferredLanguage: gu.Ptr("en"),
+										Gender:            user.Gender_GENDER_DIVERSE.Enum(),
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+									},
+									PasswordType: &user.CreateUserRequest_Human_Password{
+										Password: &user.Password{
+											Password: "insufficient",
+										},
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "hashed password",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+									},
+									PasswordType: &user.CreateUserRequest_Human_HashedPassword{
+										HashedPassword: &user.HashedPassword{
+											Hash: "$2y$12$hXUrnqdq1RIIYZ2HPytIIe5lXdIvbhqrTvdPsSF7o.jFh817Z6lwm",
+										},
+									},
+								},
+							},
+						},
+					},
+					want: &user.CreateUserResponse{
+						Id: "is generated",
+					},
+				}
+			},
+		},
+		{
+			name: "unsupported hashed password",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+									},
+									PasswordType: &user.CreateUserRequest_Human_HashedPassword{
+										HashedPassword: &user.HashedPassword{
+											Hash: "$scrypt$ln=16,r=8,p=1$cmFuZG9tc2FsdGlzaGFyZA$Rh+NnJNo1I6nRwaNqbDm6kmADswD1+7FTKZ7Ln9D8nQ",
+										},
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "human default username",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+									},
+								},
+							},
+						},
+					},
+					want: &user.CreateUserResponse{
+						Id: "is generated",
+					},
+				}
+			},
+		},
+		{
+			name: "machine user",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Machine_{
+								Machine: &user.CreateUserRequest_Machine{
+									Name: "donald",
+								},
+							},
+						},
+					},
+					want: &user.CreateUserResponse{
+						Id: "is generated",
+					},
+				}
+			},
+		},
+		{
+			name: "machine default username to generated id",
+			testCase: func(runId string) testCase {
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: Instance.DefaultOrg.Id,
+							UserType: &user.CreateUserRequest_Machine_{
+								Machine: &user.CreateUserRequest_Machine{
+									Name: "donald",
+								},
+							},
+						},
+					},
+					want: &user.CreateUserResponse{
+						Id: "is generated",
+					},
+				}
+			},
+		},
+		{
+			name: "machine default username to given id",
+			testCase: func(runId string) testCase {
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							UserId:         &runId,
+							OrganizationId: Instance.DefaultOrg.Id,
+							UserType: &user.CreateUserRequest_Machine_{
+								Machine: &user.CreateUserRequest_Machine{
+									Name: "donald",
+								},
+							},
+						},
+					},
+					want: &user.CreateUserResponse{
+						Id: runId,
+					},
+				}
+			},
+		},
+		{
+			name: "org does not exist human, error",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: "does not exist",
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Human_{
+								Human: &user.CreateUserRequest_Human{
+									Profile: &user.SetHumanProfile{
+										GivenName:  "Donald",
+										FamilyName: "Duck",
+									},
+									Email: &user.SetHumanEmail{
+										Email: email,
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "org does not exist machine, error",
+			testCase: func(runId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				return testCase{
+					args: args{
+						CTX,
+						&user.CreateUserRequest{
+							OrganizationId: "does not exist",
+							Username:       &username,
+							UserType: &user.CreateUserRequest_Machine_{
+								Machine: &user.CreateUserRequest_Machine{
+									Name: gofakeit.Name(),
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+	}
+	for i, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			runId := fmt.Sprint(now.UnixNano() + int64(i))
+			test := tt.testCase(runId)
+			got, err := Client.CreateUser(test.args.ctx, test.args.req)
+			if test.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			creationDate := got.CreationDate.AsTime()
+			assert.Greater(t, creationDate, now, "creation date is before the test started")
+			assert.Less(t, creationDate, time.Now(), "creation date is in the future")
+			if test.want.GetEmailCode() != "" {
+				assert.NotEmpty(t, got.GetEmailCode(), "email code is empty")
+			} else {
+				assert.Empty(t, got.GetEmailCode(), "email code is not empty")
+			}
+			if test.want.GetPhoneCode() != "" {
+				assert.NotEmpty(t, got.GetPhoneCode(), "phone code is empty")
+			} else {
+				assert.Empty(t, got.GetPhoneCode(), "phone code is not empty")
+			}
+			if test.want.GetId() == "is generated" {
+				assert.Len(t, got.GetId(), 18, "ID is not 18 characters")
+			} else {
+				assert.Equal(t, test.want.GetId(), got.GetId(), "ID is not the same")
+			}
+		})
+	}
+}
+
+func TestServer_CreateUser_And_Compare(t *testing.T) {
+	type args struct {
+		ctx context.Context
+		req *user.CreateUserRequest
+	}
+	type testCase struct {
+		name   string
+		args   args
+		assert func(t *testing.T, createResponse *user.CreateUserResponse, getResponse *user.GetUserByIDResponse)
+	}
+	tests := []struct {
+		name     string
+		testCase func(runId string) testCase
+	}{{
+		name: "human given username",
+		testCase: func(runId string) testCase {
+			username := fmt.Sprintf("donald.duck+%s", runId)
+			email := username + "@example.com"
+			return testCase{
+				args: args{
+					ctx: CTX,
+					req: &user.CreateUserRequest{
+						OrganizationId: Instance.DefaultOrg.Id,
+						Username:       &username,
+						UserType: &user.CreateUserRequest_Human_{
+							Human: &user.CreateUserRequest_Human{
+								Profile: &user.SetHumanProfile{
+									GivenName:  "Donald",
+									FamilyName: "Duck",
+								},
+								Email: &user.SetHumanEmail{
+									Email: email,
+								},
+							},
+						},
+					},
+				},
+				assert: func(t *testing.T, _ *user.CreateUserResponse, getResponse *user.GetUserByIDResponse) {
+					assert.Equal(t, username, getResponse.GetUser().GetUsername())
+				},
+			}
+		},
+	}, {
+		name: "human username default to email",
+		testCase: func(runId string) testCase {
+			username := fmt.Sprintf("donald.duck+%s", runId)
+			email := username + "@example.com"
+			return testCase{
+				args: args{
+					ctx: CTX,
+					req: &user.CreateUserRequest{
+						OrganizationId: Instance.DefaultOrg.Id,
+						UserType: &user.CreateUserRequest_Human_{
+							Human: &user.CreateUserRequest_Human{
+								Profile: &user.SetHumanProfile{
+									GivenName:  "Donald",
+									FamilyName: "Duck",
+								},
+								Email: &user.SetHumanEmail{
+									Email: email,
+								},
+							},
+						},
+					},
+				},
+				assert: func(t *testing.T, _ *user.CreateUserResponse, getResponse *user.GetUserByIDResponse) {
+					assert.Equal(t, email, getResponse.GetUser().GetUsername())
+				},
+			}
+		},
+	}, {
+		name: "machine username given",
+		testCase: func(runId string) testCase {
+			username := fmt.Sprintf("donald.duck+%s", runId)
+			return testCase{
+				args: args{
+					ctx: CTX,
+					req: &user.CreateUserRequest{
+						OrganizationId: Instance.DefaultOrg.Id,
+						Username:       &username,
+						UserType: &user.CreateUserRequest_Machine_{
+							Machine: &user.CreateUserRequest_Machine{
+								Name: "donald",
+							},
+						},
+					},
+				},
+				assert: func(t *testing.T, _ *user.CreateUserResponse, getResponse *user.GetUserByIDResponse) {
+					assert.Equal(t, username, getResponse.GetUser().GetUsername())
+				},
+			}
+		},
+	}, {
+		name: "machine username default to generated id",
+		testCase: func(runId string) testCase {
+			return testCase{
+				args: args{
+					ctx: CTX,
+					req: &user.CreateUserRequest{
+						OrganizationId: Instance.DefaultOrg.Id,
+						UserType: &user.CreateUserRequest_Machine_{
+							Machine: &user.CreateUserRequest_Machine{
+								Name: "donald",
+							},
+						},
+					},
+				},
+				assert: func(t *testing.T, createResponse *user.CreateUserResponse, getResponse *user.GetUserByIDResponse) {
+					assert.Equal(t, createResponse.GetId(), getResponse.GetUser().GetUsername())
+				},
+			}
+		},
+	}, {
+		name: "machine username default to given id",
+		testCase: func(runId string) testCase {
+			return testCase{
+				args: args{
+					ctx: CTX,
+					req: &user.CreateUserRequest{
+						OrganizationId: Instance.DefaultOrg.Id,
+						UserId:         &runId,
+						UserType: &user.CreateUserRequest_Machine_{
+							Machine: &user.CreateUserRequest_Machine{
+								Name: "donald",
+							},
+						},
+					},
+				},
+				assert: func(t *testing.T, createResponse *user.CreateUserResponse, getResponse *user.GetUserByIDResponse) {
+					assert.Equal(t, runId, getResponse.GetUser().GetUsername())
+				},
+			}
+		},
+	}}
+	for i, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			runId := fmt.Sprint(now.UnixNano() + int64(i))
+			test := tt.testCase(runId)
+			createResponse, err := Client.CreateUser(test.args.ctx, test.args.req)
+			require.NoError(t, err)
+			Instance.TriggerUserByID(test.args.ctx, createResponse.GetId())
+			getResponse, err := Client.GetUserByID(test.args.ctx, &user.GetUserByIDRequest{
+				UserId: createResponse.GetId(),
+			})
+			require.NoError(t, err)
+			test.assert(t, createResponse, getResponse)
+		})
+	}
+}
+
+func TestServer_CreateUser_Permission(t *testing.T) {
+	newOrgOwnerEmail := gofakeit.Email()
+	newOrg := Instance.CreateOrganization(IamCTX, fmt.Sprintf("AddHuman-%s", gofakeit.AppName()), newOrgOwnerEmail)
+	type args struct {
+		ctx context.Context
+		req *user.CreateUserRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "human system, ok",
+			args: args{
+				SystemCTX,
+				&user.CreateUserRequest{
+					OrganizationId: newOrg.GetOrganizationId(),
+					UserType: &user.CreateUserRequest_Human_{
+						Human: &user.CreateUserRequest_Human{
+							Profile: &user.SetHumanProfile{
+								GivenName:  "Donald",
+								FamilyName: "Duck",
+							},
+							Email: &user.SetHumanEmail{
+								Email: "this is overwritten with a unique address",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "human instance, ok",
+			args: args{
+				IamCTX,
+				&user.CreateUserRequest{
+					OrganizationId: newOrg.GetOrganizationId(),
+					UserType: &user.CreateUserRequest_Human_{
+						Human: &user.CreateUserRequest_Human{
+							Profile: &user.SetHumanProfile{
+								GivenName:  "Donald",
+								FamilyName: "Duck",
+							},
+							Email: &user.SetHumanEmail{
+								Email: "this is overwritten with a unique address",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "human org, error",
+			args: args{
+				CTX,
+				&user.CreateUserRequest{
+					OrganizationId: newOrg.GetOrganizationId(),
+					UserType: &user.CreateUserRequest_Human_{
+						Human: &user.CreateUserRequest_Human{
+							Profile: &user.SetHumanProfile{
+								GivenName:  "Donald",
+								FamilyName: "Duck",
+							},
+							Email: &user.SetHumanEmail{
+								Email: "this is overwritten with a unique address",
+							},
+						},
+					},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "human user, error",
+			args: args{
+				UserCTX,
+				&user.CreateUserRequest{
+					OrganizationId: newOrg.GetOrganizationId(),
+					UserType: &user.CreateUserRequest_Human_{
+						Human: &user.CreateUserRequest_Human{
+							Profile: &user.SetHumanProfile{
+								GivenName:  "Donald",
+								FamilyName: "Duck",
+							},
+							Email: &user.SetHumanEmail{
+								Email: "this is overwritten with a unique address",
+							},
+						},
+					},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "machine system, ok",
+			args: args{
+				SystemCTX,
+				&user.CreateUserRequest{
+					OrganizationId: newOrg.GetOrganizationId(),
+					UserType: &user.CreateUserRequest_Machine_{
+						Machine: &user.CreateUserRequest_Machine{
+							Name: "donald",
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "machine instance, ok",
+			args: args{
+				IamCTX,
+				&user.CreateUserRequest{
+					OrganizationId: newOrg.GetOrganizationId(),
+					UserType: &user.CreateUserRequest_Machine_{
+						Machine: &user.CreateUserRequest_Machine{
+							Name: "donald",
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "machine org, error",
+			args: args{
+				CTX,
+				&user.CreateUserRequest{
+					OrganizationId: newOrg.GetOrganizationId(),
+					UserType: &user.CreateUserRequest_Machine_{
+						Machine: &user.CreateUserRequest_Machine{
+							Name: "donald",
+						},
+					},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "machine user, error",
+			args: args{
+				UserCTX,
+				&user.CreateUserRequest{
+					OrganizationId: newOrg.GetOrganizationId(),
+					UserType: &user.CreateUserRequest_Machine_{
+						Machine: &user.CreateUserRequest_Machine{
+							Name: "donald",
+						},
+					},
+				},
+			},
+			wantErr: true,
+		},
+	}
+	for i, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			userID := fmt.Sprint(time.Now().UnixNano() + int64(i))
+			tt.args.req.UserId = &userID
+			if email := tt.args.req.GetHuman().GetEmail(); email != nil {
+				email.Email = fmt.Sprintf("%s@example.com", userID)
+			}
+			_, err := Client.CreateUser(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+		})
+	}
+}
+
+func TestServer_UpdateUserTypeHuman(t *testing.T) {
+	type args struct {
+		ctx context.Context
+		req *user.UpdateUserRequest
+	}
+	type testCase struct {
+		args    args
+		want    *user.UpdateUserResponse
+		wantErr bool
+	}
+	tests := []struct {
+		name     string
+		testCase func(runId, userId string) testCase
+	}{
+		{
+			name: "default verification",
+			testCase: func(runId, userId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: userId,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Email: &user.SetHumanEmail{
+										Email: email,
+									},
+								},
+							},
+						},
+					},
+					want:    &user.UpdateUserResponse{},
+					wantErr: false,
+				}
+			},
+		},
+		{
+			name: "return email verification code",
+			testCase: func(runId, userId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: userId,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Email: &user.SetHumanEmail{
+										Email: email,
+										Verification: &user.SetHumanEmail_ReturnCode{
+											ReturnCode: &user.ReturnEmailVerificationCode{},
+										},
+									},
+								},
+							},
+						},
+					},
+					want: &user.UpdateUserResponse{
+						EmailCode: gu.Ptr("something"),
+					},
+				}
+			},
+		},
+		{
+			name: "custom template",
+			testCase: func(runId, userId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: userId,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Email: &user.SetHumanEmail{
+										Email: email,
+										Verification: &user.SetHumanEmail_SendCode{
+											SendCode: &user.SendEmailVerificationCode{
+												UrlTemplate: gu.Ptr("https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}"),
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+					want: &user.UpdateUserResponse{},
+				}
+			},
+		},
+		{
+			name: "return phone verification code",
+			testCase: func(runId, userId string) testCase {
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: userId,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Phone: &user.SetHumanPhone{
+										Phone: "+41791234568",
+										Verification: &user.SetHumanPhone_ReturnCode{
+											ReturnCode: &user.ReturnPhoneVerificationCode{},
+										},
+									},
+								},
+							},
+						},
+					},
+					want: &user.UpdateUserResponse{
+						PhoneCode: gu.Ptr("something"),
+					},
+				}
+			},
+		},
+		{
+			name: "custom template error",
+			testCase: func(runId, userId string) testCase {
+				username := fmt.Sprintf("donald.duck+%s", runId)
+				email := username + "@example.com"
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: userId,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Email: &user.SetHumanEmail{
+										Email: email,
+										Verification: &user.SetHumanEmail_SendCode{
+											SendCode: &user.SendEmailVerificationCode{
+												UrlTemplate: gu.Ptr("{{"),
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "missing empty email",
+			testCase: func(runId, userId string) testCase {
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: userId,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Email: &user.SetHumanEmail{},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "password not complexity conform",
+			testCase: func(runId, userId string) testCase {
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: userId,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Password: &user.SetPassword{
+										PasswordType: &user.SetPassword_Password{
+											Password: &user.Password{
+												Password: "insufficient",
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "hashed password",
+			testCase: func(runId, userId string) testCase {
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: userId,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Password: &user.SetPassword{
+										PasswordType: &user.SetPassword_HashedPassword{
+											HashedPassword: &user.HashedPassword{
+												Hash: "$2y$12$hXUrnqdq1RIIYZ2HPytIIe5lXdIvbhqrTvdPsSF7o.jFh817Z6lwm",
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+					want: &user.UpdateUserResponse{},
+				}
+			},
+		},
+		{
+			name: "unsupported hashed password",
+			testCase: func(runId, userId string) testCase {
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: userId,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Password: &user.SetPassword{
+										PasswordType: &user.SetPassword_HashedPassword{
+											HashedPassword: &user.HashedPassword{
+												Hash: "$scrypt$ln=16,r=8,p=1$cmFuZG9tc2FsdGlzaGFyZA$Rh+NnJNo1I6nRwaNqbDm6kmADswD1+7FTKZ7Ln9D8nQ",
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "update human user with machine fields, error",
+			testCase: func(runId, userId string) testCase {
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: userId,
+							UserType: &user.UpdateUserRequest_Machine_{
+								Machine: &user.UpdateUserRequest_Machine{
+									Name: &runId,
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+	}
+	for i, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			runId := fmt.Sprint(now.UnixNano() + int64(i))
+			userId := Instance.CreateUserTypeHuman(CTX).GetId()
+			test := tt.testCase(runId, userId)
+			got, err := Client.UpdateUser(test.args.ctx, test.args.req)
+			if test.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			changeDate := got.ChangeDate.AsTime()
+			assert.Greater(t, changeDate, now, "change date is before the test started")
+			assert.Less(t, changeDate, time.Now(), "change date is in the future")
+			if test.want.GetEmailCode() != "" {
+				assert.NotEmpty(t, got.GetEmailCode(), "email code is empty")
+			} else {
+				assert.Empty(t, got.GetEmailCode(), "email code is not empty")
+			}
+			if test.want.GetPhoneCode() != "" {
+				assert.NotEmpty(t, got.GetPhoneCode(), "phone code is empty")
+			} else {
+				assert.Empty(t, got.GetPhoneCode(), "phone code is not empty")
+			}
+		})
+	}
+}
+
+func TestServer_UpdateUserTypeMachine(t *testing.T) {
+	type args struct {
+		ctx context.Context
+		req *user.UpdateUserRequest
+	}
+	type testCase struct {
+		args    args
+		wantErr bool
+	}
+	tests := []struct {
+		name     string
+		testCase func(runId, userId string) testCase
+	}{
+		{
+			name: "update machine, ok",
+			testCase: func(runId, userId string) testCase {
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: userId,
+							UserType: &user.UpdateUserRequest_Machine_{
+								Machine: &user.UpdateUserRequest_Machine{
+									Name: gu.Ptr("donald"),
+								},
+							},
+						},
+					},
+				}
+			},
+		},
+		{
+			name: "update machine user with human fields, error",
+			testCase: func(runId, userId string) testCase {
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: userId,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Profile: &user.UpdateUserRequest_Human_Profile{
+										GivenName: gu.Ptr("Donald"),
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+	}
+	for i, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			runId := fmt.Sprint(now.UnixNano() + int64(i))
+			userId := Instance.CreateUserTypeMachine(CTX).GetId()
+			test := tt.testCase(runId, userId)
+			got, err := Client.UpdateUser(test.args.ctx, test.args.req)
+			if test.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			changeDate := got.ChangeDate.AsTime()
+			assert.Greater(t, changeDate, now, "change date is before the test started")
+			assert.Less(t, changeDate, time.Now(), "change date is in the future")
+		})
+	}
+}
+
+func TestServer_UpdateUser_And_Compare(t *testing.T) {
+	type args struct {
+		ctx    context.Context
+		create *user.CreateUserRequest
+		update *user.UpdateUserRequest
+	}
+	type testCase struct {
+		args   args
+		assert func(t *testing.T, getResponse *user.GetUserByIDResponse)
+	}
+	tests := []struct {
+		name     string
+		testCase func(runId string) testCase
+	}{{
+		name: "human remove phone",
+		testCase: func(runId string) testCase {
+			username := fmt.Sprintf("donald.duck+%s", runId)
+			email := username + "@example.com"
+			return testCase{
+				args: args{
+					ctx: CTX,
+					create: &user.CreateUserRequest{
+						OrganizationId: Instance.DefaultOrg.Id,
+						UserId:         &runId,
+						UserType: &user.CreateUserRequest_Human_{
+							Human: &user.CreateUserRequest_Human{
+								Profile: &user.SetHumanProfile{
+									GivenName:  "Donald",
+									FamilyName: "Duck",
+								},
+								Email: &user.SetHumanEmail{
+									Email: email,
+								},
+								Phone: &user.SetHumanPhone{
+									Phone: "+1234567890",
+								},
+							},
+						},
+					},
+					update: &user.UpdateUserRequest{
+						UserId: runId,
+						UserType: &user.UpdateUserRequest_Human_{
+							Human: &user.UpdateUserRequest_Human{
+								Phone: &user.SetHumanPhone{},
+							},
+						},
+					},
+				},
+				assert: func(t *testing.T, getResponse *user.GetUserByIDResponse) {
+					assert.Empty(t, getResponse.GetUser().GetHuman().GetPhone().GetPhone(), "phone is not empty")
+				},
+			}
+		},
+	}, {
+		name: "human username",
+		testCase: func(runId string) testCase {
+			username := fmt.Sprintf("donald.duck+%s", runId)
+			email := username + "@example.com"
+			return testCase{
+				args: args{
+					ctx: CTX,
+					create: &user.CreateUserRequest{
+						OrganizationId: Instance.DefaultOrg.Id,
+						UserId:         &runId,
+						UserType: &user.CreateUserRequest_Human_{
+							Human: &user.CreateUserRequest_Human{
+								Profile: &user.SetHumanProfile{
+									GivenName:  "Donald",
+									FamilyName: "Duck",
+								},
+								Email: &user.SetHumanEmail{
+									Email: email,
+								},
+							},
+						},
+					},
+					update: &user.UpdateUserRequest{
+						UserId:   runId,
+						Username: &username,
+						UserType: &user.UpdateUserRequest_Human_{
+							Human: &user.UpdateUserRequest_Human{},
+						},
+					},
+				},
+				assert: func(t *testing.T, getResponse *user.GetUserByIDResponse) {
+					assert.Equal(t, username, getResponse.GetUser().GetUsername())
+				},
+			}
+		},
+	}, {
+		name: "machine username",
+		testCase: func(runId string) testCase {
+			username := fmt.Sprintf("donald.duck+%s", runId)
+			return testCase{
+				args: args{
+					ctx: CTX,
+					create: &user.CreateUserRequest{
+						OrganizationId: Instance.DefaultOrg.Id,
+						UserId:         &runId,
+						UserType: &user.CreateUserRequest_Machine_{
+							Machine: &user.CreateUserRequest_Machine{
+								Name: "Donald",
+							},
+						},
+					},
+					update: &user.UpdateUserRequest{
+						UserId:   runId,
+						Username: &username,
+						UserType: &user.UpdateUserRequest_Machine_{
+							Machine: &user.UpdateUserRequest_Machine{},
+						},
+					},
+				},
+				assert: func(t *testing.T, getResponse *user.GetUserByIDResponse) {
+					assert.Equal(t, username, getResponse.GetUser().GetUsername())
+				},
+			}
+		},
+	}}
+	for i, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			now := time.Now()
+			runId := fmt.Sprint(now.UnixNano() + int64(i))
+			test := tt.testCase(runId)
+			createResponse, err := Client.CreateUser(test.args.ctx, test.args.create)
+			require.NoError(t, err)
+			_, err = Client.UpdateUser(test.args.ctx, test.args.update)
+			require.NoError(t, err)
+			Instance.TriggerUserByID(test.args.ctx, createResponse.GetId())
+			getResponse, err := Client.GetUserByID(test.args.ctx, &user.GetUserByIDRequest{
+				UserId: createResponse.GetId(),
+			})
+			require.NoError(t, err)
+			test.assert(t, getResponse)
+		})
+	}
+}
+
+func TestServer_UpdateUser_Permission(t *testing.T) {
+	newOrgOwnerEmail := gofakeit.Email()
+	newOrg := Instance.CreateOrganization(IamCTX, fmt.Sprintf("AddHuman-%s", gofakeit.AppName()), newOrgOwnerEmail)
+	newHumanUserID := newOrg.CreatedAdmins[0].GetUserId()
+	machineUserResp, err := Instance.Client.UserV2.CreateUser(IamCTX, &user.CreateUserRequest{
+		OrganizationId: newOrg.OrganizationId,
+		UserType: &user.CreateUserRequest_Machine_{
+			Machine: &user.CreateUserRequest_Machine{
+				Name: "Donald",
+			},
+		},
+	})
+	require.NoError(t, err)
+	newMachineUserID := machineUserResp.GetId()
+	Instance.TriggerUserByID(IamCTX, newMachineUserID)
+	type args struct {
+		ctx context.Context
+		req *user.UpdateUserRequest
+	}
+	type testCase struct {
+		args    args
+		wantErr bool
+	}
+	tests := []struct {
+		name     string
+		testCase func() testCase
+	}{
+		{
+			name: "human, system, ok",
+			testCase: func() testCase {
+				return testCase{
+					args: args{
+						SystemCTX,
+						&user.UpdateUserRequest{
+							UserId: newHumanUserID,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Profile: &user.UpdateUserRequest_Human_Profile{
+										GivenName: gu.Ptr("Donald"),
+									},
+								},
+							},
+						},
+					},
+				}
+			},
+		},
+		{
+			name: "human instance, ok",
+			testCase: func() testCase {
+				return testCase{
+					args: args{
+						IamCTX,
+						&user.UpdateUserRequest{
+							UserId: newHumanUserID,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Profile: &user.UpdateUserRequest_Human_Profile{
+										GivenName: gu.Ptr("Donald"),
+									},
+								},
+							},
+						},
+					},
+				}
+			},
+		},
+		{
+			name: "human org, error",
+			testCase: func() testCase {
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: newHumanUserID,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Profile: &user.UpdateUserRequest_Human_Profile{
+										GivenName: gu.Ptr("Donald"),
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "human user, error",
+			testCase: func() testCase {
+				return testCase{
+					args: args{
+						UserCTX,
+						&user.UpdateUserRequest{
+							UserId: newHumanUserID,
+							UserType: &user.UpdateUserRequest_Human_{
+								Human: &user.UpdateUserRequest_Human{
+									Profile: &user.UpdateUserRequest_Human_Profile{
+										GivenName: gu.Ptr("Donald"),
+									},
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "machine system, ok",
+			testCase: func() testCase {
+				return testCase{
+					args: args{
+						SystemCTX,
+						&user.UpdateUserRequest{
+							UserId: newMachineUserID,
+							UserType: &user.UpdateUserRequest_Machine_{
+								Machine: &user.UpdateUserRequest_Machine{
+									Name: gu.Ptr("Donald"),
+								},
+							},
+						},
+					},
+				}
+			},
+		},
+		{
+			name: "machine instance, ok",
+			testCase: func() testCase {
+				return testCase{
+					args: args{
+						IamCTX,
+						&user.UpdateUserRequest{
+							UserId: newMachineUserID,
+							UserType: &user.UpdateUserRequest_Machine_{
+								Machine: &user.UpdateUserRequest_Machine{
+									Name: gu.Ptr("Donald"),
+								},
+							},
+						},
+					},
+				}
+			},
+		},
+		{
+			name: "machine org, error",
+			testCase: func() testCase {
+				return testCase{
+					args: args{
+						CTX,
+						&user.UpdateUserRequest{
+							UserId: newMachineUserID,
+							UserType: &user.UpdateUserRequest_Machine_{
+								Machine: &user.UpdateUserRequest_Machine{
+									Name: gu.Ptr("Donald"),
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+		{
+			name: "machine user, error",
+			testCase: func() testCase {
+				return testCase{
+					args: args{
+						UserCTX,
+						&user.UpdateUserRequest{
+							UserId: newMachineUserID,
+							UserType: &user.UpdateUserRequest_Machine_{
+								Machine: &user.UpdateUserRequest_Machine{
+									Name: gu.Ptr("Donald"),
+								},
+							},
+						},
+					},
+					wantErr: true,
+				}
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			test := tt.testCase()
+			_, err := Client.UpdateUser(test.args.ctx, test.args.req)
+			if test.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+		})
+	}
+}
diff --git a/internal/api/grpc/user/v2/key.go b/internal/api/grpc/user/v2/key.go
new file mode 100644
index 0000000000..59dab44248
--- /dev/null
+++ b/internal/api/grpc/user/v2/key.go
@@ -0,0 +1,62 @@
+package user
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func (s *Server) AddKey(ctx context.Context, req *user.AddKeyRequest) (*user.AddKeyResponse, error) {
+	newMachineKey := &command.MachineKey{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.UserId,
+		},
+		ExpirationDate:  req.GetExpirationDate().AsTime(),
+		Type:            domain.AuthNKeyTypeJSON,
+		PermissionCheck: s.command.NewPermissionCheckUserWrite(ctx),
+	}
+	newMachineKey.PublicKey = req.PublicKey
+
+	pubkeySupplied := len(newMachineKey.PublicKey) > 0
+	details, err := s.command.AddUserMachineKey(ctx, newMachineKey)
+	if err != nil {
+		return nil, err
+	}
+	// Return key details only if the pubkey wasn't supplied, otherwise the user already has
+	// private key locally
+	var keyDetails []byte
+	if !pubkeySupplied {
+		var err error
+		keyDetails, err = newMachineKey.Detail()
+		if err != nil {
+			return nil, err
+		}
+	}
+	return &user.AddKeyResponse{
+		KeyId:        newMachineKey.KeyID,
+		KeyContent:   keyDetails,
+		CreationDate: timestamppb.New(details.EventDate),
+	}, nil
+}
+
+func (s *Server) RemoveKey(ctx context.Context, req *user.RemoveKeyRequest) (*user.RemoveKeyResponse, error) {
+	machineKey := &command.MachineKey{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.UserId,
+		},
+		PermissionCheck: s.command.NewPermissionCheckUserWrite(ctx),
+		KeyID:           req.KeyId,
+	}
+	objectDetails, err := s.command.RemoveUserMachineKey(ctx, machineKey)
+	if err != nil {
+		return nil, err
+	}
+	return &user.RemoveKeyResponse{
+		DeletionDate: timestamppb.New(objectDetails.EventDate),
+	}, nil
+}
diff --git a/internal/api/grpc/user/v2/key_query.go b/internal/api/grpc/user/v2/key_query.go
new file mode 100644
index 0000000000..da4f47decf
--- /dev/null
+++ b/internal/api/grpc/user/v2/key_query.go
@@ -0,0 +1,124 @@
+package user
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/api/grpc/filter/v2"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	filter_pb "github.com/zitadel/zitadel/pkg/grpc/filter/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func (s *Server) ListKeys(ctx context.Context, req *user.ListKeysRequest) (*user.ListKeysResponse, error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
+	if err != nil {
+		return nil, err
+	}
+
+	filters, err := keyFiltersToQueries(req.Filters)
+	if err != nil {
+		return nil, err
+	}
+	search := &query.AuthNKeySearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset:        offset,
+			Limit:         limit,
+			Asc:           asc,
+			SortingColumn: authnKeyFieldNameToSortingColumn(req.SortingColumn),
+		},
+		Queries: filters,
+	}
+	result, err := s.query.SearchAuthNKeys(ctx, search, query.JoinFilterUserMachine, s.checkPermission)
+	if err != nil {
+		return nil, err
+	}
+	resp := &user.ListKeysResponse{
+		Result:     make([]*user.Key, len(result.AuthNKeys)),
+		Pagination: filter.QueryToPaginationPb(search.SearchRequest, result.SearchResponse),
+	}
+	for i, key := range result.AuthNKeys {
+		resp.Result[i] = &user.Key{
+			CreationDate:   timestamppb.New(key.CreationDate),
+			ChangeDate:     timestamppb.New(key.ChangeDate),
+			Id:             key.ID,
+			UserId:         key.AggregateID,
+			OrganizationId: key.ResourceOwner,
+			ExpirationDate: timestamppb.New(key.Expiration),
+		}
+	}
+	return resp, nil
+}
+
+func keyFiltersToQueries(filters []*user.KeysSearchFilter) (_ []query.SearchQuery, err error) {
+	q := make([]query.SearchQuery, len(filters))
+	for i, filter := range filters {
+		q[i], err = keyFilterToQuery(filter)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func keyFilterToQuery(filter *user.KeysSearchFilter) (query.SearchQuery, error) {
+	switch q := filter.Filter.(type) {
+	case *user.KeysSearchFilter_CreatedDateFilter:
+		return authnKeyCreatedFilterToQuery(q.CreatedDateFilter)
+	case *user.KeysSearchFilter_ExpirationDateFilter:
+		return authnKeyExpirationFilterToQuery(q.ExpirationDateFilter)
+	case *user.KeysSearchFilter_KeyIdFilter:
+		return authnKeyIdFilterToQuery(q.KeyIdFilter)
+	case *user.KeysSearchFilter_UserIdFilter:
+		return authnKeyUserIdFilterToQuery(q.UserIdFilter)
+	case *user.KeysSearchFilter_OrganizationIdFilter:
+		return authnKeyOrgIdFilterToQuery(q.OrganizationIdFilter)
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "GRPC-vR9nC", "List.Query.Invalid")
+	}
+}
+
+func authnKeyIdFilterToQuery(f *filter_pb.IDFilter) (query.SearchQuery, error) {
+	return query.NewAuthNKeyIDQuery(f.Id)
+}
+
+func authnKeyUserIdFilterToQuery(f *filter_pb.IDFilter) (query.SearchQuery, error) {
+	return query.NewAuthNKeyIdentifyerQuery(f.Id)
+}
+
+func authnKeyOrgIdFilterToQuery(f *filter_pb.IDFilter) (query.SearchQuery, error) {
+	return query.NewAuthNKeyResourceOwnerQuery(f.Id)
+}
+
+func authnKeyCreatedFilterToQuery(f *filter_pb.TimestampFilter) (query.SearchQuery, error) {
+	return query.NewAuthNKeyCreationDateQuery(f.Timestamp.AsTime(), filter.TimestampMethodPbToQuery(f.Method))
+}
+
+func authnKeyExpirationFilterToQuery(f *filter_pb.TimestampFilter) (query.SearchQuery, error) {
+	return query.NewAuthNKeyExpirationDateDateQuery(f.Timestamp.AsTime(), filter.TimestampMethodPbToQuery(f.Method))
+}
+
+// authnKeyFieldNameToSortingColumn defaults to the creation date because this ensures deterministic pagination
+func authnKeyFieldNameToSortingColumn(field *user.KeyFieldName) query.Column {
+	if field == nil {
+		return query.AuthNKeyColumnCreationDate
+	}
+	switch *field {
+	case user.KeyFieldName_KEY_FIELD_NAME_UNSPECIFIED:
+		return query.AuthNKeyColumnCreationDate
+	case user.KeyFieldName_KEY_FIELD_NAME_ID:
+		return query.AuthNKeyColumnID
+	case user.KeyFieldName_KEY_FIELD_NAME_USER_ID:
+		return query.AuthNKeyColumnIdentifier
+	case user.KeyFieldName_KEY_FIELD_NAME_ORGANIZATION_ID:
+		return query.AuthNKeyColumnResourceOwner
+	case user.KeyFieldName_KEY_FIELD_NAME_CREATED_DATE:
+		return query.AuthNKeyColumnCreationDate
+	case user.KeyFieldName_KEY_FIELD_NAME_KEY_EXPIRATION_DATE:
+		return query.AuthNKeyColumnExpiration
+	default:
+		return query.AuthNKeyColumnCreationDate
+	}
+}
diff --git a/internal/api/grpc/user/v2/machine.go b/internal/api/grpc/user/v2/machine.go
new file mode 100644
index 0000000000..010ba75678
--- /dev/null
+++ b/internal/api/grpc/user/v2/machine.go
@@ -0,0 +1,58 @@
+package user
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func (s *Server) createUserTypeMachine(ctx context.Context, machinePb *user.CreateUserRequest_Machine, orgId, userName, userId string) (*user.CreateUserResponse, error) {
+	cmd := &command.Machine{
+		Username:        userName,
+		Name:            machinePb.Name,
+		Description:     machinePb.GetDescription(),
+		AccessTokenType: domain.OIDCTokenTypeBearer,
+		ObjectRoot: models.ObjectRoot{
+			ResourceOwner: orgId,
+			AggregateID:   userId,
+		},
+	}
+	details, err := s.command.AddMachine(
+		ctx,
+		cmd,
+		s.command.NewPermissionCheckUserWrite(ctx),
+		command.AddMachineWithUsernameToIDFallback(),
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &user.CreateUserResponse{
+		Id:           cmd.AggregateID,
+		CreationDate: timestamppb.New(details.EventDate),
+	}, nil
+}
+
+func (s *Server) updateUserTypeMachine(ctx context.Context, machinePb *user.UpdateUserRequest_Machine, userId string, userName *string) (*user.UpdateUserResponse, error) {
+	cmd := updateMachineUserToCommand(userId, userName, machinePb)
+	err := s.command.ChangeUserMachine(ctx, cmd)
+	if err != nil {
+		return nil, err
+	}
+	return &user.UpdateUserResponse{
+		ChangeDate: timestamppb.New(cmd.Details.EventDate),
+	}, nil
+}
+
+func updateMachineUserToCommand(userId string, userName *string, machine *user.UpdateUserRequest_Machine) *command.ChangeMachine {
+	return &command.ChangeMachine{
+		ID:          userId,
+		Username:    userName,
+		Name:        machine.Name,
+		Description: machine.Description,
+	}
+}
diff --git a/internal/api/grpc/user/v2/machine_test.go b/internal/api/grpc/user/v2/machine_test.go
new file mode 100644
index 0000000000..96d77d8fa2
--- /dev/null
+++ b/internal/api/grpc/user/v2/machine_test.go
@@ -0,0 +1,62 @@
+package user
+
+import (
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
+	"github.com/muhlemmer/gu"
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func Test_patchMachineUserToCommand(t *testing.T) {
+	type args struct {
+		userId   string
+		userName *string
+		machine  *user.UpdateUserRequest_Machine
+	}
+	tests := []struct {
+		name string
+		args args
+		want *command.ChangeMachine
+	}{{
+		name: "single property",
+		args: args{
+			userId: "userId",
+			machine: &user.UpdateUserRequest_Machine{
+				Name: gu.Ptr("name"),
+			},
+		},
+		want: &command.ChangeMachine{
+			ID:   "userId",
+			Name: gu.Ptr("name"),
+		},
+	}, {
+		name: "all properties",
+		args: args{
+			userId:   "userId",
+			userName: gu.Ptr("userName"),
+			machine: &user.UpdateUserRequest_Machine{
+				Name:        gu.Ptr("name"),
+				Description: gu.Ptr("description"),
+			},
+		},
+		want: &command.ChangeMachine{
+			ID:          "userId",
+			Username:    gu.Ptr("userName"),
+			Name:        gu.Ptr("name"),
+			Description: gu.Ptr("description"),
+		},
+	}}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := updateMachineUserToCommand(tt.args.userId, tt.args.userName, tt.args.machine)
+			if diff := cmp.Diff(tt.want, got, cmpopts.EquateComparable(language.Tag{})); diff != "" {
+				t.Errorf("patchMachineUserToCommand() mismatch (-want +got):\n%s", diff)
+			}
+		})
+	}
+}
diff --git a/internal/api/grpc/user/v2/pat.go b/internal/api/grpc/user/v2/pat.go
new file mode 100644
index 0000000000..54f6e99367
--- /dev/null
+++ b/internal/api/grpc/user/v2/pat.go
@@ -0,0 +1,56 @@
+package user
+
+import (
+	"context"
+
+	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	z_oidc "github.com/zitadel/zitadel/internal/api/oidc"
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func (s *Server) AddPersonalAccessToken(ctx context.Context, req *user.AddPersonalAccessTokenRequest) (*user.AddPersonalAccessTokenResponse, error) {
+	newPat := &command.PersonalAccessToken{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.UserId,
+		},
+		PermissionCheck: s.command.NewPermissionCheckUserWrite(ctx),
+		ExpirationDate:  req.ExpirationDate.AsTime(),
+		Scopes: []string{
+			oidc.ScopeOpenID,
+			oidc.ScopeProfile,
+			z_oidc.ScopeUserMetaData,
+			z_oidc.ScopeResourceOwner,
+		},
+		AllowedUserType: domain.UserTypeMachine,
+	}
+	details, err := s.command.AddPersonalAccessToken(ctx, newPat)
+	if err != nil {
+		return nil, err
+	}
+	return &user.AddPersonalAccessTokenResponse{
+		CreationDate: timestamppb.New(details.EventDate),
+		TokenId:      newPat.TokenID,
+		Token:        newPat.Token,
+	}, nil
+}
+
+func (s *Server) RemovePersonalAccessToken(ctx context.Context, req *user.RemovePersonalAccessTokenRequest) (*user.RemovePersonalAccessTokenResponse, error) {
+	objectDetails, err := s.command.RemovePersonalAccessToken(ctx, &command.PersonalAccessToken{
+		TokenID: req.TokenId,
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.UserId,
+		},
+		PermissionCheck: s.command.NewPermissionCheckUserWrite(ctx),
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &user.RemovePersonalAccessTokenResponse{
+		DeletionDate: timestamppb.New(objectDetails.EventDate),
+	}, nil
+}
diff --git a/internal/api/grpc/user/v2/pat_query.go b/internal/api/grpc/user/v2/pat_query.go
new file mode 100644
index 0000000000..6bbd44d511
--- /dev/null
+++ b/internal/api/grpc/user/v2/pat_query.go
@@ -0,0 +1,123 @@
+package user
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/api/grpc/filter/v2"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	filter_pb "github.com/zitadel/zitadel/pkg/grpc/filter/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func (s *Server) ListPersonalAccessTokens(ctx context.Context, req *user.ListPersonalAccessTokensRequest) (*user.ListPersonalAccessTokensResponse, error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
+	if err != nil {
+		return nil, err
+	}
+	filters, err := patFiltersToQueries(req.Filters)
+	if err != nil {
+		return nil, err
+	}
+	search := &query.PersonalAccessTokenSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset:        offset,
+			Limit:         limit,
+			Asc:           asc,
+			SortingColumn: authnPersonalAccessTokenFieldNameToSortingColumn(req.SortingColumn),
+		},
+		Queries: filters,
+	}
+	result, err := s.query.SearchPersonalAccessTokens(ctx, search, s.checkPermission)
+	if err != nil {
+		return nil, err
+	}
+	resp := &user.ListPersonalAccessTokensResponse{
+		Result:     make([]*user.PersonalAccessToken, len(result.PersonalAccessTokens)),
+		Pagination: filter.QueryToPaginationPb(search.SearchRequest, result.SearchResponse),
+	}
+	for i, pat := range result.PersonalAccessTokens {
+		resp.Result[i] = &user.PersonalAccessToken{
+			CreationDate:   timestamppb.New(pat.CreationDate),
+			ChangeDate:     timestamppb.New(pat.ChangeDate),
+			Id:             pat.ID,
+			UserId:         pat.UserID,
+			OrganizationId: pat.ResourceOwner,
+			ExpirationDate: timestamppb.New(pat.Expiration),
+		}
+	}
+	return resp, nil
+}
+
+func patFiltersToQueries(filters []*user.PersonalAccessTokensSearchFilter) (_ []query.SearchQuery, err error) {
+	q := make([]query.SearchQuery, len(filters))
+	for i, filter := range filters {
+		q[i], err = patFilterToQuery(filter)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func patFilterToQuery(filter *user.PersonalAccessTokensSearchFilter) (query.SearchQuery, error) {
+	switch q := filter.Filter.(type) {
+	case *user.PersonalAccessTokensSearchFilter_CreatedDateFilter:
+		return authnPersonalAccessTokenCreatedFilterToQuery(q.CreatedDateFilter)
+	case *user.PersonalAccessTokensSearchFilter_ExpirationDateFilter:
+		return authnPersonalAccessTokenExpirationFilterToQuery(q.ExpirationDateFilter)
+	case *user.PersonalAccessTokensSearchFilter_TokenIdFilter:
+		return authnPersonalAccessTokenIdFilterToQuery(q.TokenIdFilter)
+	case *user.PersonalAccessTokensSearchFilter_UserIdFilter:
+		return authnPersonalAccessTokenUserIdFilterToQuery(q.UserIdFilter)
+	case *user.PersonalAccessTokensSearchFilter_OrganizationIdFilter:
+		return authnPersonalAccessTokenOrgIdFilterToQuery(q.OrganizationIdFilter)
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "GRPC-vR9nC", "List.Query.Invalid")
+	}
+}
+
+func authnPersonalAccessTokenIdFilterToQuery(f *filter_pb.IDFilter) (query.SearchQuery, error) {
+	return query.NewPersonalAccessTokenIDQuery(f.Id)
+}
+
+func authnPersonalAccessTokenUserIdFilterToQuery(f *filter_pb.IDFilter) (query.SearchQuery, error) {
+	return query.NewPersonalAccessTokenUserIDSearchQuery(f.Id)
+}
+
+func authnPersonalAccessTokenOrgIdFilterToQuery(f *filter_pb.IDFilter) (query.SearchQuery, error) {
+	return query.NewPersonalAccessTokenResourceOwnerSearchQuery(f.Id)
+}
+
+func authnPersonalAccessTokenCreatedFilterToQuery(f *filter_pb.TimestampFilter) (query.SearchQuery, error) {
+	return query.NewPersonalAccessTokenCreationDateQuery(f.Timestamp.AsTime(), filter.TimestampMethodPbToQuery(f.Method))
+}
+
+func authnPersonalAccessTokenExpirationFilterToQuery(f *filter_pb.TimestampFilter) (query.SearchQuery, error) {
+	return query.NewPersonalAccessTokenExpirationDateDateQuery(f.Timestamp.AsTime(), filter.TimestampMethodPbToQuery(f.Method))
+}
+
+// authnPersonalAccessTokenFieldNameToSortingColumn defaults to the creation date because this ensures deterministic pagination
+func authnPersonalAccessTokenFieldNameToSortingColumn(field *user.PersonalAccessTokenFieldName) query.Column {
+	if field == nil {
+		return query.PersonalAccessTokenColumnCreationDate
+	}
+	switch *field {
+	case user.PersonalAccessTokenFieldName_PERSONAL_ACCESS_TOKEN_FIELD_NAME_UNSPECIFIED:
+		return query.PersonalAccessTokenColumnCreationDate
+	case user.PersonalAccessTokenFieldName_PERSONAL_ACCESS_TOKEN_FIELD_NAME_ID:
+		return query.PersonalAccessTokenColumnID
+	case user.PersonalAccessTokenFieldName_PERSONAL_ACCESS_TOKEN_FIELD_NAME_USER_ID:
+		return query.PersonalAccessTokenColumnUserID
+	case user.PersonalAccessTokenFieldName_PERSONAL_ACCESS_TOKEN_FIELD_NAME_ORGANIZATION_ID:
+		return query.PersonalAccessTokenColumnResourceOwner
+	case user.PersonalAccessTokenFieldName_PERSONAL_ACCESS_TOKEN_FIELD_NAME_CREATED_DATE:
+		return query.PersonalAccessTokenColumnCreationDate
+	case user.PersonalAccessTokenFieldName_PERSONAL_ACCESS_TOKEN_FIELD_NAME_EXPIRATION_DATE:
+		return query.PersonalAccessTokenColumnExpiration
+	default:
+		return query.PersonalAccessTokenColumnCreationDate
+	}
+}
diff --git a/internal/api/grpc/user/v2/secret.go b/internal/api/grpc/user/v2/secret.go
new file mode 100644
index 0000000000..1d54e1dde8
--- /dev/null
+++ b/internal/api/grpc/user/v2/secret.go
@@ -0,0 +1,39 @@
+package user
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func (s *Server) AddSecret(ctx context.Context, req *user.AddSecretRequest) (*user.AddSecretResponse, error) {
+	newSecret := &command.GenerateMachineSecret{
+		PermissionCheck: s.command.NewPermissionCheckUserWrite(ctx),
+	}
+	details, err := s.command.GenerateMachineSecret(ctx, req.UserId, "", newSecret)
+	if err != nil {
+		return nil, err
+	}
+	return &user.AddSecretResponse{
+		CreationDate: timestamppb.New(details.EventDate),
+		ClientSecret: newSecret.ClientSecret,
+	}, nil
+}
+
+func (s *Server) RemoveSecret(ctx context.Context, req *user.RemoveSecretRequest) (*user.RemoveSecretResponse, error) {
+	details, err := s.command.RemoveMachineSecret(
+		ctx,
+		req.UserId,
+		"",
+		s.command.NewPermissionCheckUserWrite(ctx),
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &user.RemoveSecretResponse{
+		DeletionDate: timestamppb.New(details.EventDate),
+	}, nil
+}
diff --git a/internal/api/grpc/user/v2/server.go b/internal/api/grpc/user/v2/server.go
index 9272ea27ee..e3c7e8011e 100644
--- a/internal/api/grpc/user/v2/server.go
+++ b/internal/api/grpc/user/v2/server.go
@@ -8,6 +8,7 @@ import (
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
 	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/config/systemdefaults"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
@@ -18,12 +19,13 @@ var _ user.UserServiceServer = (*Server)(nil)
 
 type Server struct {
 	user.UnimplementedUserServiceServer
-	command     *command.Commands
-	query       *query.Queries
-	userCodeAlg crypto.EncryptionAlgorithm
-	idpAlg      crypto.EncryptionAlgorithm
-	idpCallback func(ctx context.Context) string
-	samlRootURL func(ctx context.Context, idpID string) string
+	systemDefaults systemdefaults.SystemDefaults
+	command        *command.Commands
+	query          *query.Queries
+	userCodeAlg    crypto.EncryptionAlgorithm
+	idpAlg         crypto.EncryptionAlgorithm
+	idpCallback    func(ctx context.Context) string
+	samlRootURL    func(ctx context.Context, idpID string) string
 
 	assetAPIPrefix func(context.Context) string
 
@@ -33,6 +35,7 @@ type Server struct {
 type Config struct{}
 
 func CreateServer(
+	systemDefaults systemdefaults.SystemDefaults,
 	command *command.Commands,
 	query *query.Queries,
 	userCodeAlg crypto.EncryptionAlgorithm,
@@ -43,6 +46,7 @@ func CreateServer(
 	checkPermission domain.PermissionCheck,
 ) *Server {
 	return &Server{
+		systemDefaults:  systemDefaults,
 		command:         command,
 		query:           query,
 		userCodeAlg:     userCodeAlg,
diff --git a/internal/api/grpc/user/v2/user.go b/internal/api/grpc/user/v2/user.go
index 0f958f0d40..6b4b2da75b 100644
--- a/internal/api/grpc/user/v2/user.go
+++ b/internal/api/grpc/user/v2/user.go
@@ -11,6 +11,7 @@ import (
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
@@ -117,7 +118,7 @@ func genderToDomain(gender user.Gender) domain.Gender {
 }
 
 func (s *Server) UpdateHumanUser(ctx context.Context, req *user.UpdateHumanUserRequest) (_ *user.UpdateHumanUserResponse, err error) {
-	human, err := UpdateUserRequestToChangeHuman(req)
+	human, err := updateHumanUserRequestToChangeHuman(req)
 	if err != nil {
 		return nil, err
 	}
@@ -181,86 +182,6 @@ func ifNotNilPtr[v, p any](value *v, conv func(v) p) *p {
 	return &pVal
 }
 
-func UpdateUserRequestToChangeHuman(req *user.UpdateHumanUserRequest) (*command.ChangeHuman, error) {
-	email, err := SetHumanEmailToEmail(req.Email, req.GetUserId())
-	if err != nil {
-		return nil, err
-	}
-	return &command.ChangeHuman{
-		ID:       req.GetUserId(),
-		Username: req.Username,
-		Profile:  SetHumanProfileToProfile(req.Profile),
-		Email:    email,
-		Phone:    SetHumanPhoneToPhone(req.Phone),
-		Password: SetHumanPasswordToPassword(req.Password),
-	}, nil
-}
-
-func SetHumanProfileToProfile(profile *user.SetHumanProfile) *command.Profile {
-	if profile == nil {
-		return nil
-	}
-	var firstName *string
-	if profile.GivenName != "" {
-		firstName = &profile.GivenName
-	}
-	var lastName *string
-	if profile.FamilyName != "" {
-		lastName = &profile.FamilyName
-	}
-	return &command.Profile{
-		FirstName:         firstName,
-		LastName:          lastName,
-		NickName:          profile.NickName,
-		DisplayName:       profile.DisplayName,
-		PreferredLanguage: ifNotNilPtr(profile.PreferredLanguage, language.Make),
-		Gender:            ifNotNilPtr(profile.Gender, genderToDomain),
-	}
-}
-
-func SetHumanEmailToEmail(email *user.SetHumanEmail, userID string) (*command.Email, error) {
-	if email == nil {
-		return nil, nil
-	}
-	var urlTemplate string
-	if email.GetSendCode() != nil && email.GetSendCode().UrlTemplate != nil {
-		urlTemplate = *email.GetSendCode().UrlTemplate
-		if err := domain.RenderConfirmURLTemplate(io.Discard, urlTemplate, userID, "code", "orgID"); err != nil {
-			return nil, err
-		}
-	}
-	return &command.Email{
-		Address:     domain.EmailAddress(email.Email),
-		Verified:    email.GetIsVerified(),
-		ReturnCode:  email.GetReturnCode() != nil,
-		URLTemplate: urlTemplate,
-	}, nil
-}
-
-func SetHumanPhoneToPhone(phone *user.SetHumanPhone) *command.Phone {
-	if phone == nil {
-		return nil
-	}
-	return &command.Phone{
-		Number:     domain.PhoneNumber(phone.GetPhone()),
-		Verified:   phone.GetIsVerified(),
-		ReturnCode: phone.GetReturnCode() != nil,
-	}
-}
-
-func SetHumanPasswordToPassword(password *user.SetPassword) *command.Password {
-	if password == nil {
-		return nil
-	}
-	return &command.Password{
-		PasswordCode:        password.GetVerificationCode(),
-		OldPassword:         password.GetCurrentPassword(),
-		Password:            password.GetPassword().GetPassword(),
-		EncodedPasswordHash: password.GetHashedPassword().GetHash(),
-		ChangeRequired:      password.GetPassword().GetChangeRequired() || password.GetHashedPassword().GetChangeRequired(),
-	}
-}
-
 func (s *Server) DeleteUser(ctx context.Context, req *user.DeleteUserRequest) (_ *user.DeleteUserResponse, err error) {
 	memberships, grants, err := s.removeUserDependencies(ctx, req.GetUserId())
 	if err != nil {
@@ -482,3 +403,25 @@ func (s *Server) HumanMFAInitSkipped(ctx context.Context, req *user.HumanMFAInit
 		Details: object.DomainToDetailsPb(details),
 	}, nil
 }
+
+func (s *Server) CreateUser(ctx context.Context, req *user.CreateUserRequest) (*user.CreateUserResponse, error) {
+	switch userType := req.GetUserType().(type) {
+	case *user.CreateUserRequest_Human_:
+		return s.createUserTypeHuman(ctx, userType.Human, req.OrganizationId, req.Username, req.UserId)
+	case *user.CreateUserRequest_Machine_:
+		return s.createUserTypeMachine(ctx, userType.Machine, req.OrganizationId, req.GetUsername(), req.GetUserId())
+	default:
+		return nil, zerrors.ThrowInternal(nil, "", "user type is not implemented")
+	}
+}
+
+func (s *Server) UpdateUser(ctx context.Context, req *user.UpdateUserRequest) (*user.UpdateUserResponse, error) {
+	switch userType := req.GetUserType().(type) {
+	case *user.UpdateUserRequest_Human_:
+		return s.updateUserTypeHuman(ctx, userType.Human, req.UserId, req.Username)
+	case *user.UpdateUserRequest_Machine_:
+		return s.updateUserTypeMachine(ctx, userType.Machine, req.UserId, req.Username)
+	default:
+		return nil, zerrors.ThrowUnimplemented(nil, "", "user type is not implemented")
+	}
+}
diff --git a/internal/api/grpc/user/v2/query.go b/internal/api/grpc/user/v2/user_query.go
similarity index 100%
rename from internal/api/grpc/user/v2/query.go
rename to internal/api/grpc/user/v2/user_query.go
diff --git a/internal/api/scim/resources/user.go b/internal/api/scim/resources/user.go
index bc8d864994..13baed5d51 100644
--- a/internal/api/scim/resources/user.go
+++ b/internal/api/scim/resources/user.go
@@ -203,7 +203,6 @@ func (h *UsersHandler) Delete(ctx context.Context, id string) error {
 	if err != nil {
 		return err
 	}
-
 	_, err = h.command.RemoveUserV2(ctx, id, authz.GetCtxData(ctx).OrgID, memberships, grants...)
 	return err
 }
diff --git a/internal/command/instance_member.go b/internal/command/instance_member.go
index ee9bf15f84..a33635e8f5 100644
--- a/internal/command/instance_member.go
+++ b/internal/command/instance_member.go
@@ -22,7 +22,7 @@ func (c *Commands) AddInstanceMemberCommand(a *instance.Aggregate, userID string
 			return nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-4m0fS", "Errors.IAM.MemberInvalid")
 		}
 		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
-				if exists, err := ExistsUser(ctx, filter, userID, ""); err != nil || !exists {
+				if exists, err := ExistsUser(ctx, filter, userID, "", false); err != nil || !exists {
 					return nil, zerrors.ThrowPreconditionFailed(err, "INSTA-GSXOn", "Errors.User.NotFound")
 				}
 				if isMember, err := IsInstanceMember(ctx, filter, a.ID, userID); err != nil || isMember {
diff --git a/internal/command/org_member.go b/internal/command/org_member.go
index ae9bef2151..bf1ae91d8a 100644
--- a/internal/command/org_member.go
+++ b/internal/command/org_member.go
@@ -28,7 +28,7 @@ func (c *Commands) AddOrgMemberCommand(a *org.Aggregate, userID string, roles ..
 				ctx, span := tracing.NewSpan(ctx)
 				defer func() { span.EndWithError(err) }()
 
-				if exists, err := ExistsUser(ctx, filter, userID, ""); err != nil || !exists {
+				if exists, err := ExistsUser(ctx, filter, userID, "", false); err != nil || !exists {
 					return nil, zerrors.ThrowPreconditionFailed(err, "ORG-GoXOn", "Errors.User.NotFound")
 				}
 				if isMember, err := IsOrgMember(ctx, filter, a.ID, userID); err != nil || isMember {
diff --git a/internal/command/resource_ower_model.go b/internal/command/resource_owner_model.go
similarity index 100%
rename from internal/command/resource_ower_model.go
rename to internal/command/resource_owner_model.go
diff --git a/internal/command/user.go b/internal/command/user.go
index 6b65aa83ec..0db4fda328 100644
--- a/internal/command/user.go
+++ b/internal/command/user.go
@@ -353,21 +353,27 @@ func (c *Commands) userWriteModelByID(ctx context.Context, userID, resourceOwner
 	return writeModel, nil
 }
 
-func ExistsUser(ctx context.Context, filter preparation.FilterToQueryReducer, id, resourceOwner string) (exists bool, err error) {
+func ExistsUser(ctx context.Context, filter preparation.FilterToQueryReducer, id, resourceOwner string, machineOnly bool) (exists bool, err error) {
+	eventTypes := []eventstore.EventType{
+		user.MachineAddedEventType,
+		user.UserRemovedType,
+	}
+	if !machineOnly {
+		eventTypes = append(eventTypes,
+			user.HumanRegisteredType,
+			user.UserV1RegisteredType,
+			user.HumanAddedType,
+			user.UserV1AddedType,
+		)
+	}
 	events, err := filter(ctx, eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
 		ResourceOwner(resourceOwner).
 		OrderAsc().
 		AddQuery().
 		AggregateTypes(user.AggregateType).
 		AggregateIDs(id).
-		EventTypes(
-			user.HumanRegisteredType,
-			user.UserV1RegisteredType,
-			user.HumanAddedType,
-			user.UserV1AddedType,
-			user.MachineAddedEventType,
-			user.UserRemovedType,
-		).Builder())
+		EventTypes(eventTypes...).
+		Builder())
 	if err != nil {
 		return false, err
 	}
diff --git a/internal/command/user_machine.go b/internal/command/user_machine.go
index 1ec32450ac..7c8fd89eac 100644
--- a/internal/command/user_machine.go
+++ b/internal/command/user_machine.go
@@ -25,6 +25,7 @@ type Machine struct {
 	Name            string
 	Description     string
 	AccessTokenType domain.OIDCTokenType
+	PermissionCheck PermissionCheck
 }
 
 func (m *Machine) IsZero() bool {
@@ -33,8 +34,8 @@ func (m *Machine) IsZero() bool {
 
 func AddMachineCommand(a *user.Aggregate, machine *Machine) preparation.Validation {
 	return func() (_ preparation.CreateCommands, err error) {
-		if a.ResourceOwner == "" {
-			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-xiown2", "Errors.ResourceOwnerMissing")
+		if a.ResourceOwner == "" && machine.PermissionCheck == nil {
+			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-xiown3", "Errors.ResourceOwnerMissing")
 		}
 		if a.ID == "" {
 			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-p0p2mi", "Errors.User.UserIDMissing")
@@ -49,7 +50,7 @@ func AddMachineCommand(a *user.Aggregate, machine *Machine) preparation.Validati
 			ctx, span := tracing.NewSpan(ctx)
 			defer func() { span.EndWithError(err) }()
 
-			writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter)
+			writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter, machine.PermissionCheck)
 			if err != nil {
 				return nil, err
 			}
@@ -67,7 +68,18 @@ func AddMachineCommand(a *user.Aggregate, machine *Machine) preparation.Validati
 	}
 }
 
-func (c *Commands) AddMachine(ctx context.Context, machine *Machine) (_ *domain.ObjectDetails, err error) {
+type addMachineOption func(context.Context, *Machine) error
+
+func AddMachineWithUsernameToIDFallback() addMachineOption {
+	return func(ctx context.Context, m *Machine) error {
+		if m.Username == "" {
+			m.Username = m.AggregateID
+		}
+		return nil
+	}
+}
+
+func (c *Commands) AddMachine(ctx context.Context, machine *Machine, check PermissionCheck, options ...addMachineOption) (_ *domain.ObjectDetails, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
@@ -80,6 +92,16 @@ func (c *Commands) AddMachine(ctx context.Context, machine *Machine) (_ *domain.
 	}
 
 	agg := user.NewAggregate(machine.AggregateID, machine.ResourceOwner)
+	for _, option := range options {
+		if err = option(ctx, machine); err != nil {
+			return nil, err
+		}
+	}
+	if check != nil {
+		if err = check(machine.ResourceOwner, machine.AggregateID); err != nil {
+			return nil, err
+		}
+	}
 	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, AddMachineCommand(agg, machine))
 	if err != nil {
 		return nil, err
@@ -97,6 +119,7 @@ func (c *Commands) AddMachine(ctx context.Context, machine *Machine) (_ *domain.
 	}, nil
 }
 
+// Deprecated: use ChangeUserMachine instead
 func (c *Commands) ChangeMachine(ctx context.Context, machine *Machine) (*domain.ObjectDetails, error) {
 	agg := user.NewAggregate(machine.AggregateID, machine.ResourceOwner)
 	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, changeMachineCommand(agg, machine))
@@ -118,24 +141,21 @@ func (c *Commands) ChangeMachine(ctx context.Context, machine *Machine) (*domain
 
 func changeMachineCommand(a *user.Aggregate, machine *Machine) preparation.Validation {
 	return func() (_ preparation.CreateCommands, err error) {
-		if a.ResourceOwner == "" {
+		if a.ResourceOwner == "" && machine.PermissionCheck == nil {
 			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-xiown3", "Errors.ResourceOwnerMissing")
 		}
 		if a.ID == "" {
 			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-p0p3mi", "Errors.User.UserIDMissing")
 		}
 		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
-			writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter)
+			writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter, machine.PermissionCheck)
 			if err != nil {
 				return nil, err
 			}
 			if !isUserStateExists(writeModel.UserState) {
 				return nil, zerrors.ThrowNotFound(nil, "COMMAND-5M0od", "Errors.User.NotFound")
 			}
-			changedEvent, hasChanged, err := writeModel.NewChangedEvent(ctx, &a.Aggregate, machine.Name, machine.Description, machine.AccessTokenType)
-			if err != nil {
-				return nil, err
-			}
+			changedEvent, hasChanged := writeModel.NewChangedEvent(ctx, &a.Aggregate, machine.Name, machine.Description, machine.AccessTokenType)
 			if !hasChanged {
 				return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2n8vs", "Errors.User.NotChanged")
 			}
@@ -147,10 +167,9 @@ func changeMachineCommand(a *user.Aggregate, machine *Machine) preparation.Valid
 	}
 }
 
-func getMachineWriteModel(ctx context.Context, userID, resourceOwner string, filter preparation.FilterToQueryReducer) (_ *MachineWriteModel, err error) {
+func getMachineWriteModel(ctx context.Context, userID, resourceOwner string, filter preparation.FilterToQueryReducer, permissionCheck PermissionCheck) (_ *MachineWriteModel, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
-
 	writeModel := NewMachineWriteModel(userID, resourceOwner)
 	events, err := filter(ctx, writeModel.Query())
 	if err != nil {
@@ -161,5 +180,10 @@ func getMachineWriteModel(ctx context.Context, userID, resourceOwner string, fil
 	}
 	writeModel.AppendEvents(events...)
 	err = writeModel.Reduce()
+	if permissionCheck != nil {
+		if err := permissionCheck(writeModel.ResourceOwner, writeModel.AggregateID); err != nil {
+			return nil, err
+		}
+	}
 	return writeModel, err
 }
diff --git a/internal/command/user_machine_key.go b/internal/command/user_machine_key.go
index 8a0f0f437b..d628bf4c2d 100644
--- a/internal/command/user_machine_key.go
+++ b/internal/command/user_machine_key.go
@@ -15,12 +15,14 @@ import (
 )
 
 type AddMachineKey struct {
-	Type           domain.AuthNKeyType
-	ExpirationDate time.Time
+	Type            domain.AuthNKeyType
+	ExpirationDate  time.Time
+	PermissionCheck PermissionCheck
 }
 
 type MachineKey struct {
 	models.ObjectRoot
+	PermissionCheck PermissionCheck
 
 	KeyID          string
 	Type           domain.AuthNKeyType
@@ -64,7 +66,7 @@ func (key *MachineKey) Detail() ([]byte, error) {
 }
 
 func (key *MachineKey) content() error {
-	if key.ResourceOwner == "" {
+	if key.PermissionCheck == nil && key.ResourceOwner == "" {
 		return zerrors.ThrowInvalidArgument(nil, "COMMAND-kqpoix", "Errors.ResourceOwnerMissing")
 	}
 	if key.AggregateID == "" {
@@ -91,7 +93,7 @@ func (key *MachineKey) valid() (err error) {
 }
 
 func (key *MachineKey) checkAggregate(ctx context.Context, filter preparation.FilterToQueryReducer) error {
-	if exists, err := ExistsUser(ctx, filter, key.AggregateID, key.ResourceOwner); err != nil || !exists {
+	if exists, err := ExistsUser(ctx, filter, key.AggregateID, key.ResourceOwner, true); err != nil || !exists {
 		return zerrors.ThrowPreconditionFailed(err, "COMMAND-bnipwm1", "Errors.User.NotFound")
 	}
 	return nil
@@ -142,7 +144,7 @@ func prepareAddUserMachineKey(machineKey *MachineKey, keySize int) preparation.V
 					return nil, err
 				}
 			}
-			writeModel, err := getMachineKeyWriteModelByID(ctx, filter, machineKey.AggregateID, machineKey.KeyID, machineKey.ResourceOwner)
+			writeModel, err := getMachineKeyWriteModelByID(ctx, filter, machineKey.AggregateID, machineKey.KeyID, machineKey.ResourceOwner, machineKey.PermissionCheck)
 			if err != nil {
 				return nil, err
 			}
@@ -186,7 +188,7 @@ func prepareRemoveUserMachineKey(machineKey *MachineKey) preparation.Validation
 			return nil, err
 		}
 		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
-			writeModel, err := getMachineKeyWriteModelByID(ctx, filter, machineKey.AggregateID, machineKey.KeyID, machineKey.ResourceOwner)
+			writeModel, err := getMachineKeyWriteModelByID(ctx, filter, machineKey.AggregateID, machineKey.KeyID, machineKey.ResourceOwner, machineKey.PermissionCheck)
 			if err != nil {
 				return nil, err
 			}
@@ -204,16 +206,18 @@ func prepareRemoveUserMachineKey(machineKey *MachineKey) preparation.Validation
 	}
 }
 
-func getMachineKeyWriteModelByID(ctx context.Context, filter preparation.FilterToQueryReducer, userID, keyID, resourceOwner string) (_ *MachineKeyWriteModel, err error) {
+func getMachineKeyWriteModelByID(ctx context.Context, filter preparation.FilterToQueryReducer, userID, keyID, resourceOwner string, permissionCheck PermissionCheck) (_ *MachineKeyWriteModel, err error) {
 	writeModel := NewMachineKeyWriteModel(userID, keyID, resourceOwner)
 	events, err := filter(ctx, writeModel.Query())
 	if err != nil {
 		return nil, err
 	}
-	if len(events) == 0 {
-		return writeModel, nil
-	}
 	writeModel.AppendEvents(events...)
 	err = writeModel.Reduce()
+	if permissionCheck != nil {
+		if err := permissionCheck(writeModel.ResourceOwner, writeModel.AggregateID); err != nil {
+			return nil, err
+		}
+	}
 	return writeModel, err
 }
diff --git a/internal/command/user_machine_model.go b/internal/command/user_machine_model.go
index b7dfb02d32..1ed6c8ca58 100644
--- a/internal/command/user_machine_model.go
+++ b/internal/command/user_machine_model.go
@@ -2,7 +2,6 @@ package command
 
 import (
 	"context"
-
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -106,9 +105,8 @@ func (wm *MachineWriteModel) NewChangedEvent(
 	name,
 	description string,
 	accessTokenType domain.OIDCTokenType,
-) (*user.MachineChangedEvent, bool, error) {
+) (*user.MachineChangedEvent, bool) {
 	changes := make([]user.MachineChanges, 0)
-	var err error
 
 	if wm.Name != name {
 		changes = append(changes, user.ChangeName(name))
@@ -120,11 +118,8 @@ func (wm *MachineWriteModel) NewChangedEvent(
 		changes = append(changes, user.ChangeAccessTokenType(accessTokenType))
 	}
 	if len(changes) == 0 {
-		return nil, false, nil
+		return nil, false
 	}
-	changeEvent, err := user.NewMachineChangedEvent(ctx, aggregate, changes)
-	if err != nil {
-		return nil, false, err
-	}
-	return changeEvent, true, nil
+	changeEvent := user.NewMachineChangedEvent(ctx, aggregate, changes)
+	return changeEvent, true
 }
diff --git a/internal/command/user_machine_secret.go b/internal/command/user_machine_secret.go
index 3349fc90a5..34e9c0c5cc 100644
--- a/internal/command/user_machine_secret.go
+++ b/internal/command/user_machine_secret.go
@@ -11,7 +11,8 @@ import (
 )
 
 type GenerateMachineSecret struct {
-	ClientSecret string
+	PermissionCheck PermissionCheck
+	ClientSecret    string
 }
 
 func (c *Commands) GenerateMachineSecret(ctx context.Context, userID string, resourceOwner string, set *GenerateMachineSecret) (*domain.ObjectDetails, error) {
@@ -35,14 +36,14 @@ func (c *Commands) GenerateMachineSecret(ctx context.Context, userID string, res
 
 func (c *Commands) prepareGenerateMachineSecret(a *user.Aggregate, set *GenerateMachineSecret) preparation.Validation {
 	return func() (_ preparation.CreateCommands, err error) {
-		if a.ResourceOwner == "" {
-			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-x0992n", "Errors.ResourceOwnerMissing")
+		if a.ResourceOwner == "" && set.PermissionCheck == nil {
+			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-0qp2hus", "Errors.ResourceOwnerMissing")
 		}
 		if a.ID == "" {
 			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-bzoqjs", "Errors.User.UserIDMissing")
 		}
 		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
-			writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter)
+			writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter, set.PermissionCheck)
 			if err != nil {
 				return nil, err
 			}
@@ -62,9 +63,10 @@ func (c *Commands) prepareGenerateMachineSecret(a *user.Aggregate, set *Generate
 	}
 }
 
-func (c *Commands) RemoveMachineSecret(ctx context.Context, userID string, resourceOwner string) (*domain.ObjectDetails, error) {
+func (c *Commands) RemoveMachineSecret(ctx context.Context, userID string, resourceOwner string, permissionCheck PermissionCheck) (*domain.ObjectDetails, error) {
 	agg := user.NewAggregate(userID, resourceOwner)
-	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareRemoveMachineSecret(agg))
+	//nolint:staticcheck
+	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareRemoveMachineSecret(agg, permissionCheck))
 	if err != nil {
 		return nil, err
 	}
@@ -81,16 +83,16 @@ func (c *Commands) RemoveMachineSecret(ctx context.Context, userID string, resou
 	}, nil
 }
 
-func prepareRemoveMachineSecret(a *user.Aggregate) preparation.Validation {
+func prepareRemoveMachineSecret(a *user.Aggregate, check PermissionCheck) preparation.Validation {
 	return func() (_ preparation.CreateCommands, err error) {
-		if a.ResourceOwner == "" {
-			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-0qp2hus", "Errors.ResourceOwnerMissing")
+		if a.ResourceOwner == "" && check == nil {
+			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-x0992n", "Errors.ResourceOwnerMissing")
 		}
 		if a.ID == "" {
 			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-bzosjs", "Errors.User.UserIDMissing")
 		}
 		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
-			writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter)
+			writeModel, err := getMachineWriteModel(ctx, a.ID, a.ResourceOwner, filter, check)
 			if err != nil {
 				return nil, err
 			}
diff --git a/internal/command/user_machine_secret_test.go b/internal/command/user_machine_secret_test.go
index 4c6d16960c..8e839efe07 100644
--- a/internal/command/user_machine_secret_test.go
+++ b/internal/command/user_machine_secret_test.go
@@ -44,7 +44,7 @@ func TestCommandSide_GenerateMachineSecret(t *testing.T) {
 				ctx:           context.Background(),
 				userID:        "",
 				resourceOwner: "org1",
-				set:           nil,
+				set:           new(GenerateMachineSecret),
 			},
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
@@ -59,7 +59,7 @@ func TestCommandSide_GenerateMachineSecret(t *testing.T) {
 				ctx:           context.Background(),
 				userID:        "user1",
 				resourceOwner: "",
-				set:           nil,
+				set:           new(GenerateMachineSecret),
 			},
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
@@ -76,7 +76,7 @@ func TestCommandSide_GenerateMachineSecret(t *testing.T) {
 				ctx:           context.Background(),
 				userID:        "user1",
 				resourceOwner: "org1",
-				set:           nil,
+				set:           new(GenerateMachineSecret),
 			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
@@ -289,7 +289,7 @@ func TestCommandSide_RemoveMachineSecret(t *testing.T) {
 			r := &Commands{
 				eventstore: tt.fields.eventstore,
 			}
-			got, err := r.RemoveMachineSecret(tt.args.ctx, tt.args.userID, tt.args.resourceOwner)
+			got, err := r.RemoveMachineSecret(tt.args.ctx, tt.args.userID, tt.args.resourceOwner, nil)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
diff --git a/internal/command/user_machine_test.go b/internal/command/user_machine_test.go
index c7b4b8caf4..19548ae9c6 100644
--- a/internal/command/user_machine_test.go
+++ b/internal/command/user_machine_test.go
@@ -24,6 +24,8 @@ func TestCommandSide_AddMachine(t *testing.T) {
 	type args struct {
 		ctx     context.Context
 		machine *Machine
+		check   PermissionCheck
+		options func(*Commands) []addMachineOption
 	}
 	type res struct {
 		want *domain.ObjectDetails
@@ -194,14 +196,242 @@ func TestCommandSide_AddMachine(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "with username fallback to given username",
+			fields: fields{
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "aggregateID"),
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewDomainPolicyAddedEvent(context.Background(),
+								&user.NewAggregate("aggregateID", "org1").Aggregate,
+								true,
+								true,
+								true,
+							),
+						),
+					),
+					expectPush(
+						user.NewMachineAddedEvent(context.Background(),
+							&user.NewAggregate("aggregateID", "org1").Aggregate,
+							"username",
+							"name",
+							"",
+							true,
+							domain.OIDCTokenTypeBearer,
+						),
+					),
+				),
+			},
+			args: args{
+				ctx: context.Background(),
+				machine: &Machine{
+					ObjectRoot: models.ObjectRoot{
+						ResourceOwner: "org1",
+					},
+					Name:     "name",
+					Username: "username",
+				},
+				options: func(commands *Commands) []addMachineOption {
+					return []addMachineOption{
+						AddMachineWithUsernameToIDFallback(),
+					}
+				},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "with username fallback to generated id",
+			fields: fields{
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "aggregateID"),
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewDomainPolicyAddedEvent(context.Background(),
+								&user.NewAggregate("aggregateID", "org1").Aggregate,
+								true,
+								true,
+								true,
+							),
+						),
+					),
+					expectPush(
+						user.NewMachineAddedEvent(context.Background(),
+							&user.NewAggregate("aggregateID", "org1").Aggregate,
+							"aggregateID",
+							"name",
+							"",
+							true,
+							domain.OIDCTokenTypeBearer,
+						),
+					),
+				),
+			},
+			args: args{
+				ctx: context.Background(),
+				machine: &Machine{
+					ObjectRoot: models.ObjectRoot{
+						ResourceOwner: "org1",
+					},
+					Name: "name",
+				},
+				options: func(commands *Commands) []addMachineOption {
+					return []addMachineOption{
+						AddMachineWithUsernameToIDFallback(),
+					}
+				},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "with username fallback to given id",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewDomainPolicyAddedEvent(context.Background(),
+								&user.NewAggregate("aggregateID", "org1").Aggregate,
+								true,
+								true,
+								true,
+							),
+						),
+					),
+					expectPush(
+						user.NewMachineAddedEvent(context.Background(),
+							&user.NewAggregate("aggregateID", "org1").Aggregate,
+							"aggregateID",
+							"name",
+							"",
+							true,
+							domain.OIDCTokenTypeBearer,
+						),
+					),
+				),
+			},
+			args: args{
+				ctx: context.Background(),
+				machine: &Machine{
+					ObjectRoot: models.ObjectRoot{
+						ResourceOwner: "org1",
+						AggregateID:   "aggregateID",
+					},
+					Name: "name",
+				},
+				options: func(commands *Commands) []addMachineOption {
+					return []addMachineOption{
+						AddMachineWithUsernameToIDFallback(),
+					}
+				},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "with succeeding permission check, ok",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewDomainPolicyAddedEvent(context.Background(),
+								&user.NewAggregate("user1", "org1").Aggregate,
+								true,
+								true,
+								true,
+							),
+						),
+					),
+					expectPush(
+						user.NewMachineAddedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							"username",
+							"name",
+							"description",
+							true,
+							domain.OIDCTokenTypeBearer,
+						),
+					),
+				),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"),
+			},
+			args: args{
+				ctx: context.Background(),
+				machine: &Machine{
+					ObjectRoot: models.ObjectRoot{
+						ResourceOwner: "org1",
+					},
+					Description: "description",
+					Name:        "name",
+					Username:    "username",
+				},
+				check: func(resourceOwner, aggregateID string) error {
+					return nil
+				},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "with failing permission check, error",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+				),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"),
+			},
+			args: args{
+				ctx: context.Background(),
+				machine: &Machine{
+					ObjectRoot: models.ObjectRoot{
+						ResourceOwner: "org1",
+					},
+					Description: "description",
+					Name:        "name",
+					Username:    "username",
+				},
+				check: func(resourceOwner, aggregateID string) error {
+					return zerrors.ThrowPermissionDenied(nil, "", "")
+				},
+			},
+			res: res{
+				err: zerrors.IsPermissionDenied,
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore:  tt.fields.eventstore,
-				idGenerator: tt.fields.idGenerator,
+				eventstore:      tt.fields.eventstore,
+				idGenerator:     tt.fields.idGenerator,
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
-			got, err := r.AddMachine(tt.args.ctx, tt.args.machine)
+			var options []addMachineOption
+			if tt.args.options != nil {
+				options = tt.args.options(r)
+			}
+			got, err := r.AddMachine(tt.args.ctx, tt.args.machine, tt.args.check, options...)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -391,7 +621,7 @@ func TestCommandSide_ChangeMachine(t *testing.T) {
 }
 
 func newMachineChangedEvent(ctx context.Context, userID, resourceOwner, name, description string) *user.MachineChangedEvent {
-	event, _ := user.NewMachineChangedEvent(ctx,
+	event := user.NewMachineChangedEvent(ctx,
 		&user.NewAggregate(userID, resourceOwner).Aggregate,
 		[]user.MachineChanges{
 			user.ChangeName(name),
diff --git a/internal/command/user_personal_access_token.go b/internal/command/user_personal_access_token.go
index 0faf85d5eb..f37953f3d6 100644
--- a/internal/command/user_personal_access_token.go
+++ b/internal/command/user_personal_access_token.go
@@ -21,6 +21,7 @@ type AddPat struct {
 
 type PersonalAccessToken struct {
 	models.ObjectRoot
+	PermissionCheck PermissionCheck
 
 	ExpirationDate  time.Time
 	Scopes          []string
@@ -43,7 +44,7 @@ func NewPersonalAccessToken(resourceOwner string, userID string, expirationDate
 }
 
 func (pat *PersonalAccessToken) content() error {
-	if pat.ResourceOwner == "" {
+	if pat.ResourceOwner == "" && pat.PermissionCheck == nil {
 		return zerrors.ThrowInvalidArgument(nil, "COMMAND-xs0k2n", "Errors.ResourceOwnerMissing")
 	}
 	if pat.AggregateID == "" {
@@ -109,11 +110,10 @@ func prepareAddPersonalAccessToken(pat *PersonalAccessToken, algorithm crypto.En
 			if err := pat.checkAggregate(ctx, filter); err != nil {
 				return nil, err
 			}
-			writeModel, err := getPersonalAccessTokenWriteModelByID(ctx, filter, pat.AggregateID, pat.TokenID, pat.ResourceOwner)
+			writeModel, err := getPersonalAccessTokenWriteModelByID(ctx, filter, pat.AggregateID, pat.TokenID, pat.ResourceOwner, pat.PermissionCheck)
 			if err != nil {
 				return nil, err
 			}
-
 			pat.Token, err = createToken(algorithm, writeModel.TokenID, writeModel.AggregateID)
 			if err != nil {
 				return nil, err
@@ -155,7 +155,7 @@ func prepareRemovePersonalAccessToken(pat *PersonalAccessToken) preparation.Vali
 			return nil, err
 		}
 		return func(ctx context.Context, filter preparation.FilterToQueryReducer) (_ []eventstore.Command, err error) {
-			writeModel, err := getPersonalAccessTokenWriteModelByID(ctx, filter, pat.AggregateID, pat.TokenID, pat.ResourceOwner)
+			writeModel, err := getPersonalAccessTokenWriteModelByID(ctx, filter, pat.AggregateID, pat.TokenID, pat.ResourceOwner, pat.PermissionCheck)
 			if err != nil {
 				return nil, err
 			}
@@ -181,16 +181,18 @@ func createToken(algorithm crypto.EncryptionAlgorithm, tokenID, userID string) (
 	return base64.RawURLEncoding.EncodeToString(encrypted), nil
 }
 
-func getPersonalAccessTokenWriteModelByID(ctx context.Context, filter preparation.FilterToQueryReducer, userID, tokenID, resourceOwner string) (_ *PersonalAccessTokenWriteModel, err error) {
+func getPersonalAccessTokenWriteModelByID(ctx context.Context, filter preparation.FilterToQueryReducer, userID, tokenID, resourceOwner string, check PermissionCheck) (_ *PersonalAccessTokenWriteModel, err error) {
 	writeModel := NewPersonalAccessTokenWriteModel(userID, tokenID, resourceOwner)
 	events, err := filter(ctx, writeModel.Query())
 	if err != nil {
 		return nil, err
 	}
-	if len(events) == 0 {
-		return writeModel, nil
-	}
 	writeModel.AppendEvents(events...)
-	err = writeModel.Reduce()
+	if err = writeModel.Reduce(); err != nil {
+		return nil, err
+	}
+	if check != nil {
+		err = check(writeModel.ResourceOwner, writeModel.AggregateID)
+	}
 	return writeModel, err
 }
diff --git a/internal/command/user_test.go b/internal/command/user_test.go
index 9abae187c1..6a1597fc8b 100644
--- a/internal/command/user_test.go
+++ b/internal/command/user_test.go
@@ -1813,7 +1813,7 @@ func TestExistsUser(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			gotExists, err := ExistsUser(context.Background(), tt.args.filter, tt.args.id, tt.args.resourceOwner)
+			gotExists, err := ExistsUser(context.Background(), tt.args.filter, tt.args.id, tt.args.resourceOwner, false)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("ExistsUser() error = %v, wantErr %v", err, tt.wantErr)
 				return
diff --git a/internal/command/user_v2.go b/internal/command/user_v2.go
index 5f8e8d6ff5..be10fd03fe 100644
--- a/internal/command/user_v2.go
+++ b/internal/command/user_v2.go
@@ -132,7 +132,6 @@ func (c *Commands) RemoveUserV2(ctx context.Context, userID, resourceOwner strin
 	if userID == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-vaipl7s13l", "Errors.User.UserIDMissing")
 	}
-
 	existingUser, err := c.userRemoveWriteModel(ctx, userID, resourceOwner)
 	if err != nil {
 		return nil, err
@@ -143,7 +142,6 @@ func (c *Commands) RemoveUserV2(ctx context.Context, userID, resourceOwner strin
 	if err := c.checkPermissionDeleteUser(ctx, existingUser.ResourceOwner, existingUser.AggregateID); err != nil {
 		return nil, err
 	}
-
 	domainPolicy, err := c.domainPolicyWriteModel(ctx, existingUser.ResourceOwner)
 	if err != nil {
 		return nil, zerrors.ThrowPreconditionFailed(err, "COMMAND-l40ykb3xh2", "Errors.Org.DomainPolicy.NotExisting")
diff --git a/internal/command/user_v2_human.go b/internal/command/user_v2_human.go
index f88e2017d5..0945ae7578 100644
--- a/internal/command/user_v2_human.go
+++ b/internal/command/user_v2_human.go
@@ -5,6 +5,7 @@ import (
 
 	"golang.org/x/text/language"
 
+	"github.com/zitadel/zitadel/internal/command/preparation"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -121,7 +122,10 @@ func (c *Commands) AddUserHuman(ctx context.Context, resourceOwner string, human
 	if resourceOwner == "" {
 		return zerrors.ThrowInvalidArgument(nil, "COMMA-095xh8fll1", "Errors.Internal")
 	}
-
+	if human.Details == nil {
+		human.Details = &domain.ObjectDetails{}
+	}
+	human.Details.ResourceOwner = resourceOwner
 	if err := human.Validate(c.userPasswordHasher); err != nil {
 		return err
 	}
@@ -132,7 +136,12 @@ func (c *Commands) AddUserHuman(ctx context.Context, resourceOwner string, human
 			return err
 		}
 	}
-
+	// check for permission to create user on resourceOwner
+	if !human.Register {
+		if err := c.checkPermissionUpdateUser(ctx, resourceOwner, human.ID); err != nil {
+			return err
+		}
+	}
 	// only check if user is already existing
 	existingHuman, err := c.userExistsWriteModel(
 		ctx,
@@ -144,12 +153,6 @@ func (c *Commands) AddUserHuman(ctx context.Context, resourceOwner string, human
 	if isUserStateExists(existingHuman.UserState) {
 		return zerrors.ThrowPreconditionFailed(nil, "COMMAND-7yiox1isql", "Errors.User.AlreadyExisting")
 	}
-	// check for permission to create user on resourceOwner
-	if !human.Register {
-		if err := c.checkPermission(ctx, domain.PermissionUserWrite, resourceOwner, human.ID); err != nil {
-			return err
-		}
-	}
 	// add resourceowner for the events with the aggregate
 	existingHuman.ResourceOwner = resourceOwner
 
@@ -161,6 +164,7 @@ func (c *Commands) AddUserHuman(ctx context.Context, resourceOwner string, human
 	if err = c.userValidateDomain(ctx, resourceOwner, human.Username, domainPolicy.UserLoginMustBeDomain); err != nil {
 		return err
 	}
+
 	var createCmd humanCreationCommand
 	if human.Register {
 		createCmd = user.NewHumanRegisteredEvent(
@@ -203,17 +207,33 @@ func (c *Commands) AddUserHuman(ctx context.Context, resourceOwner string, human
 		return err
 	}
 
-	cmds := make([]eventstore.Command, 0, 3)
-	cmds = append(cmds, createCmd)
-
-	cmds, err = c.addHumanCommandEmail(ctx, filter, cmds, existingHuman.Aggregate(), human, alg, allowInitMail)
+	cmds, err := c.addUserHumanCommands(ctx, filter, existingHuman, human, allowInitMail, alg, createCmd)
 	if err != nil {
 		return err
 	}
+	if len(cmds) == 0 {
+		human.Details = writeModelToObjectDetails(&existingHuman.WriteModel)
+		return nil
+	}
+	err = c.pushAppendAndReduce(ctx, existingHuman, cmds...)
+	if err != nil {
+		return err
+	}
+	human.Details = writeModelToObjectDetails(&existingHuman.WriteModel)
+	return nil
+}
+
+func (c *Commands) addUserHumanCommands(ctx context.Context, filter preparation.FilterToQueryReducer, existingHuman *UserV2WriteModel, human *AddHuman, allowInitMail bool, alg crypto.EncryptionAlgorithm, addUserCommand eventstore.Command) ([]eventstore.Command, error) {
+	cmds := []eventstore.Command{addUserCommand}
+	var err error
+	cmds, err = c.addHumanCommandEmail(ctx, filter, cmds, existingHuman.Aggregate(), human, alg, allowInitMail)
+	if err != nil {
+		return nil, err
+	}
 
 	cmds, err = c.addHumanCommandPhone(ctx, filter, cmds, existingHuman.Aggregate(), human, alg)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	for _, metadataEntry := range human.Metadata {
@@ -227,7 +247,7 @@ func (c *Commands) AddUserHuman(ctx context.Context, resourceOwner string, human
 	for _, link := range human.Links {
 		cmd, err := addLink(ctx, filter, existingHuman.Aggregate(), link)
 		if err != nil {
-			return err
+			return nil, err
 		}
 		cmds = append(cmds, cmd)
 	}
@@ -235,7 +255,7 @@ func (c *Commands) AddUserHuman(ctx context.Context, resourceOwner string, human
 	if human.TOTPSecret != "" {
 		encryptedSecret, err := crypto.Encrypt([]byte(human.TOTPSecret), c.multifactors.OTP.CryptoMFA)
 		if err != nil {
-			return err
+			return nil, err
 		}
 		cmds = append(cmds,
 			user.NewHumanOTPAddedEvent(ctx, &existingHuman.Aggregate().Aggregate, encryptedSecret),
@@ -246,18 +266,7 @@ func (c *Commands) AddUserHuman(ctx context.Context, resourceOwner string, human
 	if human.SetInactive {
 		cmds = append(cmds, user.NewUserDeactivatedEvent(ctx, &existingHuman.Aggregate().Aggregate))
 	}
-
-	if len(cmds) == 0 {
-		human.Details = writeModelToObjectDetails(&existingHuman.WriteModel)
-		return nil
-	}
-
-	err = c.pushAppendAndReduce(ctx, existingHuman, cmds...)
-	if err != nil {
-		return err
-	}
-	human.Details = writeModelToObjectDetails(&existingHuman.WriteModel)
-	return nil
+	return cmds, nil
 }
 
 func (c *Commands) ChangeUserHuman(ctx context.Context, human *ChangeHuman, alg crypto.EncryptionAlgorithm) (err error) {
@@ -341,7 +350,6 @@ func (c *Commands) ChangeUserHuman(ctx context.Context, human *ChangeHuman, alg
 	if human.State != nil {
 		// only allow toggling between active and inactive
 		// any other target state is not supported
-		// the existing human's state has to be the
 		switch {
 		case isUserStateActive(*human.State):
 			if isUserStateActive(existingHuman.UserState) {
diff --git a/internal/command/user_v2_human_test.go b/internal/command/user_v2_human_test.go
index 2b4399fb2a..e44e182b92 100644
--- a/internal/command/user_v2_human_test.go
+++ b/internal/command/user_v2_human_test.go
@@ -302,9 +302,7 @@ func TestCommandSide_AddUserHuman(t *testing.T) {
 		{
 			name: "add human (with initial code), no permission",
 			fields: fields{
-				eventstore: expectEventstore(
-					expectFilter(),
-				),
+				eventstore:      expectEventstore(),
 				checkPermission: newMockPermissionCheckNotAllowed(),
 				idGenerator:     id_mock.NewIDGeneratorExpectIDs(t, "user1"),
 				newCode:         mockEncryptedCode("userinit", time.Hour),
@@ -326,9 +324,7 @@ func TestCommandSide_AddUserHuman(t *testing.T) {
 				codeAlg:         crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			res: res{
-				err: func(err error) bool {
-					return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))
-				},
+				err: zerrors.IsPermissionDenied,
 			},
 		},
 		{
diff --git a/internal/command/user_v2_invite_test.go b/internal/command/user_v2_invite_test.go
index 04c00d876e..75bd3157db 100644
--- a/internal/command/user_v2_invite_test.go
+++ b/internal/command/user_v2_invite_test.go
@@ -352,6 +352,7 @@ func TestCommands_ResendInviteCode(t *testing.T) {
 			"user does not exist",
 			fields{
 				eventstore: expectEventstore(
+					// The write model doesn't query any events
 					expectFilter(),
 				),
 				checkPermission: newMockPermissionCheckAllowed(),
diff --git a/internal/command/user_v2_machine.go b/internal/command/user_v2_machine.go
new file mode 100644
index 0000000000..34079b7e6f
--- /dev/null
+++ b/internal/command/user_v2_machine.go
@@ -0,0 +1,94 @@
+package command
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/user"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type ChangeMachine struct {
+	ID            string
+	ResourceOwner string
+	Username      *string
+	Name          *string
+	Description   *string
+
+	// Details are set after a successful execution of the command
+	Details *domain.ObjectDetails
+}
+
+func (h *ChangeMachine) Changed() bool {
+	if h.Username != nil {
+		return true
+	}
+	if h.Name != nil {
+		return true
+	}
+	if h.Description != nil {
+		return true
+	}
+	return false
+}
+
+func (c *Commands) ChangeUserMachine(ctx context.Context, machine *ChangeMachine) (err error) {
+	existingMachine, err := c.UserMachineWriteModel(
+		ctx,
+		machine.ID,
+		machine.ResourceOwner,
+		false,
+	)
+	if err != nil {
+		return err
+	}
+	if machine.Changed() {
+		if err := c.checkPermissionUpdateUser(ctx, existingMachine.ResourceOwner, existingMachine.AggregateID); err != nil {
+			return err
+		}
+	}
+
+	cmds := make([]eventstore.Command, 0)
+	if machine.Username != nil {
+		cmds, err = c.changeUsername(ctx, cmds, existingMachine, *machine.Username)
+		if err != nil {
+			return err
+		}
+	}
+	var machineChanges []user.MachineChanges
+	if machine.Name != nil && *machine.Name != existingMachine.Name {
+		machineChanges = append(machineChanges, user.ChangeName(*machine.Name))
+	}
+	if machine.Description != nil && *machine.Description != existingMachine.Description {
+		machineChanges = append(machineChanges, user.ChangeDescription(*machine.Description))
+	}
+	if len(machineChanges) > 0 {
+		cmds = append(cmds, user.NewMachineChangedEvent(ctx, &existingMachine.Aggregate().Aggregate, machineChanges))
+	}
+	if len(cmds) == 0 {
+		machine.Details = writeModelToObjectDetails(&existingMachine.WriteModel)
+		return nil
+	}
+	err = c.pushAppendAndReduce(ctx, existingMachine, cmds...)
+	if err != nil {
+		return err
+	}
+	machine.Details = writeModelToObjectDetails(&existingMachine.WriteModel)
+	return nil
+}
+
+func (c *Commands) UserMachineWriteModel(ctx context.Context, userID, resourceOwner string, metadataWM bool) (writeModel *UserV2WriteModel, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+	writeModel = NewUserMachineWriteModel(userID, resourceOwner, metadataWM)
+	err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
+	if err != nil {
+		return nil, err
+	}
+	if !isUserStateExists(writeModel.UserState) {
+		return nil, zerrors.ThrowNotFound(nil, "COMMAND-ugjs0upun6", "Errors.User.NotFound")
+	}
+	return writeModel, nil
+}
diff --git a/internal/command/user_v2_machine_test.go b/internal/command/user_v2_machine_test.go
new file mode 100644
index 0000000000..14df4bfae7
--- /dev/null
+++ b/internal/command/user_v2_machine_test.go
@@ -0,0 +1,260 @@
+package command
+
+import (
+	"context"
+	"errors"
+	"testing"
+	"time"
+
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/org"
+	"github.com/zitadel/zitadel/internal/repository/user"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+func TestCommandSide_ChangeUserMachine(t *testing.T) {
+	type fields struct {
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
+	}
+	type args struct {
+		ctx     context.Context
+		orgID   string
+		machine *ChangeMachine
+	}
+	type res struct {
+		want *domain.ObjectDetails
+		err  func(error) bool
+	}
+
+	userAgg := user.NewAggregate("user1", "org1")
+	userAddedEvent := user.NewMachineAddedEvent(context.Background(),
+		&userAgg.Aggregate,
+		"username",
+		"name",
+		"description",
+		true,
+		domain.OIDCTokenTypeBearer,
+	)
+
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		res    res
+	}{
+		{
+			name: "change machine username, no permission",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(userAddedEvent),
+					),
+				),
+				checkPermission: newMockPermissionCheckNotAllowed(),
+			},
+			args: args{
+				ctx:   context.Background(),
+				orgID: "org1",
+				machine: &ChangeMachine{
+					Username: gu.Ptr("changed"),
+				},
+			},
+			res: res{
+				err: func(err error) bool {
+					return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))
+				},
+			},
+		},
+		{
+			name: "change machine username, not found",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:   context.Background(),
+				orgID: "org1",
+				machine: &ChangeMachine{
+					Username: gu.Ptr("changed"),
+				},
+			},
+			res: res{
+				err: func(err error) bool {
+					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-ugjs0upun6", "Errors.User.NotFound"))
+				},
+			},
+		},
+		{
+			name: "change machine username, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(userAddedEvent),
+					),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewDomainPolicyAddedEvent(context.Background(),
+								&userAgg.Aggregate,
+								true,
+								true,
+								true,
+							),
+						),
+					),
+					expectPush(
+						user.NewUsernameChangedEvent(context.Background(),
+							&userAgg.Aggregate,
+							"username",
+							"changed",
+							true,
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:   context.Background(),
+				orgID: "org1",
+				machine: &ChangeMachine{
+					Username: gu.Ptr("changed"),
+				},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					Sequence:      0,
+					EventDate:     time.Time{},
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "change machine username, no change",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(userAddedEvent),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:   context.Background(),
+				orgID: "org1",
+				machine: &ChangeMachine{
+					Username: gu.Ptr("username"),
+				},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					Sequence:      0,
+					EventDate:     time.Time{},
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "change machine description, no permission",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(userAddedEvent),
+					),
+				),
+				checkPermission: newMockPermissionCheckNotAllowed(),
+			},
+			args: args{
+				ctx:   context.Background(),
+				orgID: "org1",
+				machine: &ChangeMachine{
+					Description: gu.Ptr("changed"),
+				},
+			},
+			res: res{
+				err: func(err error) bool {
+					return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))
+				},
+			},
+		},
+		{
+			name: "change machine description, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(userAddedEvent),
+					),
+					expectPush(
+						user.NewMachineChangedEvent(context.Background(),
+							&userAgg.Aggregate,
+							[]user.MachineChanges{
+								user.ChangeDescription("changed"),
+							},
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:   context.Background(),
+				orgID: "org1",
+				machine: &ChangeMachine{
+					Description: gu.Ptr("changed"),
+				},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "change machine description, no change",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(userAddedEvent),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:   context.Background(),
+				orgID: "org1",
+				machine: &ChangeMachine{
+					Description: gu.Ptr("description"),
+				},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := &Commands{
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
+			}
+			err := r.ChangeUserMachine(tt.args.ctx, tt.args.machine)
+			if tt.res.err == nil {
+				if !assert.NoError(t, err) {
+					t.FailNow()
+				}
+			} else if !tt.res.err(err) {
+				t.Errorf("got wrong err: %v ", err)
+				return
+			}
+			if tt.res.err == nil {
+				assertObjectDetails(t, tt.res.want, tt.args.machine.Details)
+			}
+		})
+	}
+}
diff --git a/internal/command/user_v2_model.go b/internal/command/user_v2_model.go
index 214a2a5f9d..92346bf3b6 100644
--- a/internal/command/user_v2_model.go
+++ b/internal/command/user_v2_model.go
@@ -118,6 +118,14 @@ func NewUserHumanWriteModel(userID, resourceOwner string, profileWM, emailWM, ph
 	return newUserV2WriteModel(userID, resourceOwner, opts...)
 }
 
+func NewUserMachineWriteModel(userID, resourceOwner string, metadataListWM bool) *UserV2WriteModel {
+	opts := []UserV2WMOption{WithMachine(), WithState()}
+	if metadataListWM {
+		opts = append(opts, WithMetadata())
+	}
+	return newUserV2WriteModel(userID, resourceOwner, opts...)
+}
+
 func newUserV2WriteModel(userID, resourceOwner string, opts ...UserV2WMOption) *UserV2WriteModel {
 	wm := &UserV2WriteModel{
 		WriteModel: eventstore.WriteModel{
diff --git a/internal/domain/permission.go b/internal/domain/permission.go
index fd300f63b9..bb569955f5 100644
--- a/internal/domain/permission.go
+++ b/internal/domain/permission.go
@@ -24,7 +24,7 @@ func (p *Permissions) appendPermission(ctxID, permission string) {
 	p.Permissions = append(p.Permissions, permission)
 }
 
-type PermissionCheck func(ctx context.Context, permission, orgID, resourceID string) (err error)
+type PermissionCheck func(ctx context.Context, permission, resourceOwnerID, aggregateID string) (err error)
 
 const (
 	PermissionUserWrite           = "user.write"
diff --git a/internal/eventstore/write_model.go b/internal/eventstore/write_model.go
index 277e65ed82..965fb16d0e 100644
--- a/internal/eventstore/write_model.go
+++ b/internal/eventstore/write_model.go
@@ -1,6 +1,8 @@
 package eventstore
 
-import "time"
+import (
+	"time"
+)
 
 // WriteModel is the minimum representation of a command side write model.
 // It implements a basic reducer
@@ -27,21 +29,25 @@ func (wm *WriteModel) Reduce() error {
 		return nil
 	}
 
+	latestEvent := wm.Events[len(wm.Events)-1]
 	if wm.AggregateID == "" {
-		wm.AggregateID = wm.Events[0].Aggregate().ID
-	}
-	if wm.ResourceOwner == "" {
-		wm.ResourceOwner = wm.Events[0].Aggregate().ResourceOwner
-	}
-	if wm.InstanceID == "" {
-		wm.InstanceID = wm.Events[0].Aggregate().InstanceID
+		wm.AggregateID = latestEvent.Aggregate().ID
 	}
 
-	wm.ProcessedSequence = wm.Events[len(wm.Events)-1].Sequence()
-	wm.ChangeDate = wm.Events[len(wm.Events)-1].CreatedAt()
+	if wm.ResourceOwner == "" {
+		wm.ResourceOwner = latestEvent.Aggregate().ResourceOwner
+	}
+
+	if wm.InstanceID == "" {
+		wm.InstanceID = latestEvent.Aggregate().InstanceID
+	}
+
+	wm.ProcessedSequence = latestEvent.Sequence()
+	wm.ChangeDate = latestEvent.CreatedAt()
 
 	// all events processed and not needed anymore
 	wm.Events = nil
 	wm.Events = []Event{}
+
 	return nil
 }
diff --git a/internal/integration/client.go b/internal/integration/client.go
index 320809a7e8..3bf794f5f6 100644
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -141,6 +141,7 @@ func (c *Client) pollHealth(ctx context.Context) (err error) {
 	}
 }
 
+// Deprecated: use CreateUserTypeHuman instead
 func (i *Instance) CreateHumanUser(ctx context.Context) *user_v2.AddHumanUserResponse {
 	resp, err := i.Client.UserV2.AddHumanUser(ctx, &user_v2.AddHumanUserRequest{
 		Organization: &object.Organization{
@@ -172,6 +173,7 @@ func (i *Instance) CreateHumanUser(ctx context.Context) *user_v2.AddHumanUserRes
 	return resp
 }
 
+// Deprecated: user CreateUserTypeHuman instead
 func (i *Instance) CreateHumanUserNoPhone(ctx context.Context) *user_v2.AddHumanUserResponse {
 	resp, err := i.Client.UserV2.AddHumanUser(ctx, &user_v2.AddHumanUserRequest{
 		Organization: &object.Organization{
@@ -197,6 +199,7 @@ func (i *Instance) CreateHumanUserNoPhone(ctx context.Context) *user_v2.AddHuman
 	return resp
 }
 
+// Deprecated: user CreateUserTypeHuman instead
 func (i *Instance) CreateHumanUserWithTOTP(ctx context.Context, secret string) *user_v2.AddHumanUserResponse {
 	resp, err := i.Client.UserV2.AddHumanUser(ctx, &user_v2.AddHumanUserRequest{
 		Organization: &object.Organization{
@@ -229,6 +232,43 @@ func (i *Instance) CreateHumanUserWithTOTP(ctx context.Context, secret string) *
 	return resp
 }
 
+func (i *Instance) CreateUserTypeHuman(ctx context.Context) *user_v2.CreateUserResponse {
+	resp, err := i.Client.UserV2.CreateUser(ctx, &user_v2.CreateUserRequest{
+		OrganizationId: i.DefaultOrg.GetId(),
+		UserType: &user_v2.CreateUserRequest_Human_{
+			Human: &user_v2.CreateUserRequest_Human{
+				Profile: &user_v2.SetHumanProfile{
+					GivenName:  "Mickey",
+					FamilyName: "Mouse",
+				},
+				Email: &user_v2.SetHumanEmail{
+					Email: fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()),
+					Verification: &user_v2.SetHumanEmail_ReturnCode{
+						ReturnCode: &user_v2.ReturnEmailVerificationCode{},
+					},
+				},
+			},
+		},
+	})
+	logging.OnError(err).Panic("create human user")
+	i.TriggerUserByID(ctx, resp.GetId())
+	return resp
+}
+
+func (i *Instance) CreateUserTypeMachine(ctx context.Context) *user_v2.CreateUserResponse {
+	resp, err := i.Client.UserV2.CreateUser(ctx, &user_v2.CreateUserRequest{
+		OrganizationId: i.DefaultOrg.GetId(),
+		UserType: &user_v2.CreateUserRequest_Machine_{
+			Machine: &user_v2.CreateUserRequest_Machine{
+				Name: "machine",
+			},
+		},
+	})
+	logging.OnError(err).Panic("create machine user")
+	i.TriggerUserByID(ctx, resp.GetId())
+	return resp
+}
+
 // TriggerUserByID makes sure the user projection gets triggered after creation.
 func (i *Instance) TriggerUserByID(ctx context.Context, users ...string) {
 	var wg sync.WaitGroup
diff --git a/internal/query/authn_key.go b/internal/query/authn_key.go
index 8075422e63..ffbe38e7ae 100644
--- a/internal/query/authn_key.go
+++ b/internal/query/authn_key.go
@@ -5,6 +5,7 @@ import (
 	"database/sql"
 	_ "embed"
 	"errors"
+	"slices"
 	"time"
 
 	sq "github.com/Masterminds/squirrel"
@@ -18,6 +19,14 @@ import (
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
+func keysCheckPermission(ctx context.Context, keys *AuthNKeys, permissionCheck domain.PermissionCheck) {
+	keys.AuthNKeys = slices.DeleteFunc(keys.AuthNKeys,
+		func(key *AuthNKey) bool {
+			return userCheckPermission(ctx, key.ResourceOwner, key.AggregateID, permissionCheck) != nil
+		},
+	)
+}
+
 var (
 	authNKeyTable = table{
 		name:          projection.AuthNKeyTable,
@@ -84,6 +93,7 @@ type AuthNKeys struct {
 
 type AuthNKey struct {
 	ID            string
+	AggregateID   string
 	CreationDate  time.Time
 	ChangeDate    time.Time
 	ResourceOwner string
@@ -124,12 +134,47 @@ func (q *AuthNKeySearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder
 	return query
 }
 
-func (q *Queries) SearchAuthNKeys(ctx context.Context, queries *AuthNKeySearchQueries, withOwnerRemoved bool) (authNKeys *AuthNKeys, err error) {
+type JoinFilter int
+
+const (
+	JoinFilterUnspecified JoinFilter = iota
+	JoinFilterApp
+	JoinFilterUserMachine
+)
+
+// SearchAuthNKeys returns machine or app keys, depending on the join filter.
+// If permissionCheck is nil, the keys are not filtered.
+// If permissionCheck is not nil and the PermissionCheckV2 feature flag is false, the returned keys are filtered in-memory by the given permission check.
+// If permissionCheck is not nil and the PermissionCheckV2 feature flag is true, the returned keys are filtered in the database.
+func (q *Queries) SearchAuthNKeys(ctx context.Context, queries *AuthNKeySearchQueries, filter JoinFilter, permissionCheck domain.PermissionCheck) (authNKeys *AuthNKeys, err error) {
+	permissionCheckV2 := PermissionV2(ctx, permissionCheck)
+	keys, err := q.searchAuthNKeys(ctx, queries, filter, permissionCheckV2)
+	if err != nil {
+		return nil, err
+	}
+	if permissionCheck != nil && !authz.GetFeatures(ctx).PermissionCheckV2 {
+		keysCheckPermission(ctx, keys, permissionCheck)
+	}
+	return keys, nil
+}
+
+func (q *Queries) searchAuthNKeys(ctx context.Context, queries *AuthNKeySearchQueries, joinFilter JoinFilter, permissionCheckV2 bool) (authNKeys *AuthNKeys, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
 	query, scan := prepareAuthNKeysQuery()
 	query = queries.toQuery(query)
+	switch joinFilter {
+	case JoinFilterUnspecified:
+		// Select all authN keys
+	case JoinFilterApp:
+		joinCol := ProjectColumnID
+		query = query.Join(joinCol.table.identifier() + " ON " + AuthNKeyColumnIdentifier.identifier() + " = " + joinCol.identifier())
+	case JoinFilterUserMachine:
+		joinCol := MachineUserIDCol
+		query = query.Join(joinCol.table.identifier() + " ON " + AuthNKeyColumnIdentifier.identifier() + " = " + joinCol.identifier())
+		query = userPermissionCheckV2WithCustomColumns(ctx, query, permissionCheckV2, queries.Queries, AuthNKeyColumnResourceOwner, AuthNKeyColumnIdentifier)
+	}
 	eq := sq.Eq{
 		AuthNKeyColumnEnabled.identifier():    true,
 		AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
@@ -249,6 +294,22 @@ func NewAuthNKeyObjectIDQuery(id string) (SearchQuery, error) {
 	return NewTextQuery(AuthNKeyColumnObjectID, id, TextEquals)
 }
 
+func NewAuthNKeyIDQuery(id string) (SearchQuery, error) {
+	return NewTextQuery(AuthNKeyColumnID, id, TextEquals)
+}
+
+func NewAuthNKeyIdentifyerQuery(id string) (SearchQuery, error) {
+	return NewTextQuery(AuthNKeyColumnIdentifier, id, TextEquals)
+}
+
+func NewAuthNKeyCreationDateQuery(ts time.Time, compare TimestampComparison) (SearchQuery, error) {
+	return NewTimestampQuery(AuthNKeyColumnCreationDate, ts, compare)
+}
+
+func NewAuthNKeyExpirationDateDateQuery(ts time.Time, compare TimestampComparison) (SearchQuery, error) {
+	return NewTimestampQuery(AuthNKeyColumnExpiration, ts, compare)
+}
+
 //go:embed authn_key_user.sql
 var authNKeyUserQuery string
 
@@ -288,49 +349,52 @@ func (q *Queries) GetAuthNKeyUser(ctx context.Context, keyID, userID string) (_
 }
 
 func prepareAuthNKeysQuery() (sq.SelectBuilder, func(rows *sql.Rows) (*AuthNKeys, error)) {
-	return sq.Select(
-			AuthNKeyColumnID.identifier(),
-			AuthNKeyColumnCreationDate.identifier(),
-			AuthNKeyColumnChangeDate.identifier(),
-			AuthNKeyColumnResourceOwner.identifier(),
-			AuthNKeyColumnSequence.identifier(),
-			AuthNKeyColumnExpiration.identifier(),
-			AuthNKeyColumnType.identifier(),
-			countColumn.identifier(),
-		).From(authNKeyTable.identifier()).
-			PlaceholderFormat(sq.Dollar),
-		func(rows *sql.Rows) (*AuthNKeys, error) {
-			authNKeys := make([]*AuthNKey, 0)
-			var count uint64
-			for rows.Next() {
-				authNKey := new(AuthNKey)
-				err := rows.Scan(
-					&authNKey.ID,
-					&authNKey.CreationDate,
-					&authNKey.ChangeDate,
-					&authNKey.ResourceOwner,
-					&authNKey.Sequence,
-					&authNKey.Expiration,
-					&authNKey.Type,
-					&count,
-				)
-				if err != nil {
-					return nil, err
-				}
-				authNKeys = append(authNKeys, authNKey)
-			}
+	query := sq.Select(
+		AuthNKeyColumnID.identifier(),
+		AuthNKeyColumnAggregateID.identifier(),
+		AuthNKeyColumnCreationDate.identifier(),
+		AuthNKeyColumnChangeDate.identifier(),
+		AuthNKeyColumnResourceOwner.identifier(),
+		AuthNKeyColumnSequence.identifier(),
+		AuthNKeyColumnExpiration.identifier(),
+		AuthNKeyColumnType.identifier(),
+		countColumn.identifier(),
+	).From(authNKeyTable.identifier()).
+		PlaceholderFormat(sq.Dollar)
 
-			if err := rows.Close(); err != nil {
-				return nil, zerrors.ThrowInternal(err, "QUERY-Dgfn3", "Errors.Query.CloseRows")
+	return query, func(rows *sql.Rows) (*AuthNKeys, error) {
+		authNKeys := make([]*AuthNKey, 0)
+		var count uint64
+		for rows.Next() {
+			authNKey := new(AuthNKey)
+			err := rows.Scan(
+				&authNKey.ID,
+				&authNKey.AggregateID,
+				&authNKey.CreationDate,
+				&authNKey.ChangeDate,
+				&authNKey.ResourceOwner,
+				&authNKey.Sequence,
+				&authNKey.Expiration,
+				&authNKey.Type,
+				&count,
+			)
+			if err != nil {
+				return nil, err
 			}
-
-			return &AuthNKeys{
-				AuthNKeys: authNKeys,
-				SearchResponse: SearchResponse{
-					Count: count,
-				},
-			}, nil
+			authNKeys = append(authNKeys, authNKey)
 		}
+
+		if err := rows.Close(); err != nil {
+			return nil, zerrors.ThrowInternal(err, "QUERY-Dgfn3", "Errors.Query.CloseRows")
+		}
+
+		return &AuthNKeys{
+			AuthNKeys: authNKeys,
+			SearchResponse: SearchResponse{
+				Count: count,
+			},
+		}, nil
+	}
 }
 
 func prepareAuthNKeyQuery() (sq.SelectBuilder, func(row *sql.Row) (*AuthNKey, error)) {
diff --git a/internal/query/authn_key_test.go b/internal/query/authn_key_test.go
index c7441f8dae..b7c66cc665 100644
--- a/internal/query/authn_key_test.go
+++ b/internal/query/authn_key_test.go
@@ -19,6 +19,7 @@ import (
 
 var (
 	prepareAuthNKeysStmt = `SELECT projections.authn_keys2.id,` +
+		` projections.authn_keys2.aggregate_id,` +
 		` projections.authn_keys2.creation_date,` +
 		` projections.authn_keys2.change_date,` +
 		` projections.authn_keys2.resource_owner,` +
@@ -29,6 +30,7 @@ var (
 		` FROM projections.authn_keys2`
 	prepareAuthNKeysCols = []string{
 		"id",
+		"aggregate_id",
 		"creation_date",
 		"change_date",
 		"resource_owner",
@@ -120,6 +122,7 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 					[][]driver.Value{
 						{
 							"id",
+							"aggId",
 							testNow,
 							testNow,
 							"ro",
@@ -137,6 +140,7 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 				AuthNKeys: []*AuthNKey{
 					{
 						ID:            "id",
+						AggregateID:   "aggId",
 						CreationDate:  testNow,
 						ChangeDate:    testNow,
 						ResourceOwner: "ro",
@@ -157,6 +161,7 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 					[][]driver.Value{
 						{
 							"id-1",
+							"aggId-1",
 							testNow,
 							testNow,
 							"ro",
@@ -166,6 +171,7 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 						},
 						{
 							"id-2",
+							"aggId-2",
 							testNow,
 							testNow,
 							"ro",
@@ -183,6 +189,7 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 				AuthNKeys: []*AuthNKey{
 					{
 						ID:            "id-1",
+						AggregateID:   "aggId-1",
 						CreationDate:  testNow,
 						ChangeDate:    testNow,
 						ResourceOwner: "ro",
@@ -192,6 +199,7 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 					},
 					{
 						ID:            "id-2",
+						AggregateID:   "aggId-2",
 						CreationDate:  testNow,
 						ChangeDate:    testNow,
 						ResourceOwner: "ro",
diff --git a/internal/query/projection/authn_key.go b/internal/query/projection/authn_key.go
index e2229ad332..a287701cfb 100644
--- a/internal/query/projection/authn_key.go
+++ b/internal/query/projection/authn_key.go
@@ -62,6 +62,9 @@ func (*authNKeyProjection) Init() *old_handler.Check {
 			handler.NewPrimaryKey(AuthNKeyInstanceIDCol, AuthNKeyIDCol),
 			handler.WithIndex(handler.NewIndex("enabled", []string{AuthNKeyEnabledCol})),
 			handler.WithIndex(handler.NewIndex("identifier", []string{AuthNKeyIdentifierCol})),
+			handler.WithIndex(handler.NewIndex("resource_owner", []string{AuthNKeyResourceOwnerCol})),
+			handler.WithIndex(handler.NewIndex("creation_date", []string{AuthNKeyCreationDateCol})),
+			handler.WithIndex(handler.NewIndex("expiration_date", []string{AuthNKeyExpirationCol})),
 		),
 	)
 }
diff --git a/internal/query/projection/user_personal_access_token.go b/internal/query/projection/user_personal_access_token.go
index 0efb5d6412..610ca9c4e2 100644
--- a/internal/query/projection/user_personal_access_token.go
+++ b/internal/query/projection/user_personal_access_token.go
@@ -56,6 +56,8 @@ func (*personalAccessTokenProjection) Init() *old_handler.Check {
 			handler.WithIndex(handler.NewIndex("user_id", []string{PersonalAccessTokenColumnUserID})),
 			handler.WithIndex(handler.NewIndex("resource_owner", []string{PersonalAccessTokenColumnResourceOwner})),
 			handler.WithIndex(handler.NewIndex("owner_removed", []string{PersonalAccessTokenColumnOwnerRemoved})),
+			handler.WithIndex(handler.NewIndex("creation_date", []string{PersonalAccessTokenColumnCreationDate})),
+			handler.WithIndex(handler.NewIndex("expiration_date", []string{PersonalAccessTokenColumnExpiration})),
 		),
 	)
 }
diff --git a/internal/query/user.go b/internal/query/user.go
index 3d47847cac..6844982f07 100644
--- a/internal/query/user.go
+++ b/internal/query/user.go
@@ -132,16 +132,20 @@ func usersCheckPermission(ctx context.Context, users *Users, permissionCheck dom
 	)
 }
 
-func userPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, queries *UserSearchQueries) sq.SelectBuilder {
+func userPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, filters []SearchQuery) sq.SelectBuilder {
+	return userPermissionCheckV2WithCustomColumns(ctx, query, enabled, filters, UserResourceOwnerCol, UserIDCol)
+}
+
+func userPermissionCheckV2WithCustomColumns(ctx context.Context, query sq.SelectBuilder, enabled bool, filters []SearchQuery, userResourceOwnerCol, userID Column) sq.SelectBuilder {
 	if !enabled {
 		return query
 	}
 	join, args := PermissionClause(
 		ctx,
-		UserResourceOwnerCol,
+		userResourceOwnerCol,
 		domain.PermissionUserRead,
-		SingleOrgPermissionOption(queries.Queries),
-		OwnedRowsPermissionOption(UserIDCol),
+		SingleOrgPermissionOption(filters),
+		OwnedRowsPermissionOption(userID),
 	)
 	return query.JoinClause(join, args...)
 }
@@ -637,7 +641,7 @@ func (q *Queries) searchUsers(ctx context.Context, queries *UserSearchQueries, p
 	defer func() { span.EndWithError(err) }()
 
 	query, scan := prepareUsersQuery()
-	query = userPermissionCheckV2(ctx, query, permissionCheckV2, queries)
+	query = userPermissionCheckV2(ctx, query, permissionCheckV2, queries.Queries)
 	stmt, args, err := queries.toQuery(query).Where(sq.Eq{
 		UserInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
diff --git a/internal/query/user_personal_access_token.go b/internal/query/user_personal_access_token.go
index 8ea33f51a4..61d349961c 100644
--- a/internal/query/user_personal_access_token.go
+++ b/internal/query/user_personal_access_token.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"database/sql"
 	"errors"
+	"slices"
 	"time"
 
 	sq "github.com/Masterminds/squirrel"
@@ -11,12 +12,21 @@ import (
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
 	"github.com/zitadel/zitadel/internal/query/projection"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
+func patsCheckPermission(ctx context.Context, tokens *PersonalAccessTokens, permissionCheck domain.PermissionCheck) {
+	tokens.PersonalAccessTokens = slices.DeleteFunc(tokens.PersonalAccessTokens,
+		func(token *PersonalAccessToken) bool {
+			return userCheckPermission(ctx, token.ResourceOwner, token.UserID, permissionCheck) != nil
+		},
+	)
+}
+
 var (
 	personalAccessTokensTable = table{
 		name:          projection.PersonalAccessTokenProjectionTable,
@@ -86,7 +96,7 @@ type PersonalAccessTokenSearchQueries struct {
 	Queries []SearchQuery
 }
 
-func (q *Queries) PersonalAccessTokenByID(ctx context.Context, shouldTriggerBulk bool, id string, withOwnerRemoved bool, queries ...SearchQuery) (pat *PersonalAccessToken, err error) {
+func (q *Queries) PersonalAccessTokenByID(ctx context.Context, shouldTriggerBulk bool, id string, queries ...SearchQuery) (pat *PersonalAccessToken, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
@@ -102,11 +112,9 @@ func (q *Queries) PersonalAccessTokenByID(ctx context.Context, shouldTriggerBulk
 		query = q.toQuery(query)
 	}
 	eq := sq.Eq{
-		PersonalAccessTokenColumnID.identifier():         id,
-		PersonalAccessTokenColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
-	}
-	if !withOwnerRemoved {
-		eq[PersonalAccessTokenColumnOwnerRemoved.identifier()] = false
+		PersonalAccessTokenColumnID.identifier():           id,
+		PersonalAccessTokenColumnInstanceID.identifier():   authz.GetInstance(ctx).InstanceID(),
+		PersonalAccessTokenColumnOwnerRemoved.identifier(): false,
 	}
 	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
@@ -123,18 +131,34 @@ func (q *Queries) PersonalAccessTokenByID(ctx context.Context, shouldTriggerBulk
 	return pat, nil
 }
 
-func (q *Queries) SearchPersonalAccessTokens(ctx context.Context, queries *PersonalAccessTokenSearchQueries, withOwnerRemoved bool) (personalAccessTokens *PersonalAccessTokens, err error) {
+// SearchPersonalAccessTokens returns personal access token resources.
+// If permissionCheck is nil, the PATs are not filtered.
+// If permissionCheck is not nil and the PermissionCheckV2 feature flag is false, the returned PATs are filtered in-memory by the given permission check.
+// If permissionCheck is not nil and the PermissionCheckV2 feature flag is true, the returned PATs are filtered in the database.
+func (q *Queries) SearchPersonalAccessTokens(ctx context.Context, queries *PersonalAccessTokenSearchQueries, permissionCheck domain.PermissionCheck) (authNKeys *PersonalAccessTokens, err error) {
+	permissionCheckV2 := PermissionV2(ctx, permissionCheck)
+	keys, err := q.searchPersonalAccessTokens(ctx, queries, permissionCheckV2)
+	if err != nil {
+		return nil, err
+	}
+	if permissionCheck != nil && !authz.GetFeatures(ctx).PermissionCheckV2 {
+		patsCheckPermission(ctx, keys, permissionCheck)
+	}
+	return keys, nil
+}
+
+func (q *Queries) searchPersonalAccessTokens(ctx context.Context, queries *PersonalAccessTokenSearchQueries, permissionCheckV2 bool) (personalAccessTokens *PersonalAccessTokens, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
 	query, scan := preparePersonalAccessTokensQuery()
+	query = queries.toQuery(query)
+	query = userPermissionCheckV2WithCustomColumns(ctx, query, permissionCheckV2, queries.Queries, PersonalAccessTokenColumnResourceOwner, PersonalAccessTokenColumnUserID)
 	eq := sq.Eq{
-		PersonalAccessTokenColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
+		PersonalAccessTokenColumnInstanceID.identifier():   authz.GetInstance(ctx).InstanceID(),
+		PersonalAccessTokenColumnOwnerRemoved.identifier(): false,
 	}
-	if !withOwnerRemoved {
-		eq[PersonalAccessTokenColumnOwnerRemoved.identifier()] = false
-	}
-	stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
+	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
 		return nil, zerrors.ThrowInvalidArgument(err, "QUERY-Hjw2w", "Errors.Query.InvalidRequest")
 	}
@@ -160,6 +184,18 @@ func NewPersonalAccessTokenUserIDSearchQuery(value string) (SearchQuery, error)
 	return NewTextQuery(PersonalAccessTokenColumnUserID, value, TextEquals)
 }
 
+func NewPersonalAccessTokenIDQuery(id string) (SearchQuery, error) {
+	return NewTextQuery(PersonalAccessTokenColumnID, id, TextEquals)
+}
+
+func NewPersonalAccessTokenCreationDateQuery(ts time.Time, compare TimestampComparison) (SearchQuery, error) {
+	return NewTimestampQuery(PersonalAccessTokenColumnCreationDate, ts, compare)
+}
+
+func NewPersonalAccessTokenExpirationDateDateQuery(ts time.Time, compare TimestampComparison) (SearchQuery, error) {
+	return NewTimestampQuery(PersonalAccessTokenColumnExpiration, ts, compare)
+}
+
 func (r *PersonalAccessTokenSearchQueries) AppendMyResourceOwnerQuery(orgID string) error {
 	query, err := NewPersonalAccessTokenResourceOwnerSearchQuery(orgID)
 	if err != nil {
diff --git a/internal/repository/user/machine.go b/internal/repository/user/machine.go
index d76290931a..a466f92fe3 100644
--- a/internal/repository/user/machine.go
+++ b/internal/repository/user/machine.go
@@ -88,10 +88,7 @@ func NewMachineChangedEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
 	changes []MachineChanges,
-) (*MachineChangedEvent, error) {
-	if len(changes) == 0 {
-		return nil, zerrors.ThrowPreconditionFailed(nil, "USER-3M9fs", "Errors.NoChangesFound")
-	}
+) *MachineChangedEvent {
 	changeEvent := &MachineChangedEvent{
 		BaseEvent: *eventstore.NewBaseEventForPush(
 			ctx,
@@ -102,7 +99,7 @@ func NewMachineChangedEvent(
 	for _, change := range changes {
 		change(changeEvent)
 	}
-	return changeEvent, nil
+	return changeEvent
 }
 
 type MachineChanges func(event *MachineChangedEvent)
diff --git a/internal/static/i18n/bg.yaml b/internal/static/i18n/bg.yaml
index 8254b82b45..d58b2eb64a 100644
--- a/internal/static/i18n/bg.yaml
+++ b/internal/static/i18n/bg.yaml
@@ -117,6 +117,7 @@ Errors:
       AlreadyVerified: Телефонът вече е потвърден
       Empty: Телефонът е празен
       NotChanged: Телефонът не е сменен
+      VerifyingRemovalIsNotSupported: Премахването на проверката не се поддържа
     Address:
       NotFound: Адресът не е намерен
       NotChanged: Адресът не е променен
diff --git a/internal/static/i18n/cs.yaml b/internal/static/i18n/cs.yaml
index bb4172fbff..d248ce4ca7 100644
--- a/internal/static/i18n/cs.yaml
+++ b/internal/static/i18n/cs.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: Telefon již ověřen
       Empty: Telefon je prázdný
       NotChanged: Telefon nezměněn
+      VerifyingRemovalIsNotSupported: Ověření odstranění telefonu není podporováno
     Address:
       NotFound: Adresa nenalezena
       NotChanged: Adresa nezměněna
diff --git a/internal/static/i18n/de.yaml b/internal/static/i18n/de.yaml
index a24ce7c933..96edf57456 100644
--- a/internal/static/i18n/de.yaml
+++ b/internal/static/i18n/de.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: Telefonnummer bereits verifiziert
       Empty: Telefonnummer ist leer
       NotChanged: Telefonnummer wurde nicht geändert
+      VerifyingRemovalIsNotSupported: Verifizieren der Telefonnummer Entfernung wird nicht unterstützt
     Address:
       NotFound: Adresse nicht gefunden
       NotChanged: Adresse wurde nicht geändert
diff --git a/internal/static/i18n/en.yaml b/internal/static/i18n/en.yaml
index e8f2781de1..0f512defe4 100644
--- a/internal/static/i18n/en.yaml
+++ b/internal/static/i18n/en.yaml
@@ -116,6 +116,7 @@ Errors:
       AlreadyVerified: Phone already verified
       Empty: Phone is empty
       NotChanged: Phone not changed
+      VerifyingRemovalIsNotSupported: Verifying phone removal is not supported
     Address:
       NotFound: Address not found
       NotChanged: Address not changed
diff --git a/internal/static/i18n/es.yaml b/internal/static/i18n/es.yaml
index b91d055f70..8c901f8ebe 100644
--- a/internal/static/i18n/es.yaml
+++ b/internal/static/i18n/es.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: El teléfono ya se verificó
       Empty: El teléfono está vacío
       NotChanged: El teléfono no ha cambiado
+      VerifyingRemovalIsNotSupported: La verificación de eliminación no está soportada
     Address:
       NotFound: Dirección no encontrada
       NotChanged: La dirección no ha cambiado
diff --git a/internal/static/i18n/fr.yaml b/internal/static/i18n/fr.yaml
index 98f2bee9a0..2a2a51d7c4 100644
--- a/internal/static/i18n/fr.yaml
+++ b/internal/static/i18n/fr.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: Téléphone déjà vérifié
       Empty: Téléphone est vide
       NotChanged: Téléphone n'a pas changé
+      VerifyingRemovalIsNotSupported: La vérification de la suppression n'est pas prise en charge
     Address:
       NotFound: Adresse non trouvée
       NotChanged: L'adresse n'a pas changé
diff --git a/internal/static/i18n/hu.yaml b/internal/static/i18n/hu.yaml
index 5becd6e606..a4cc908fa2 100644
--- a/internal/static/i18n/hu.yaml
+++ b/internal/static/i18n/hu.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: Telefon már ellenőrizve
       Empty: A telefon mező üres
       NotChanged: Telefon nem lett megváltoztatva
+      VerifyingRemovalIsNotSupported: A telefon eltávolításának ellenőrzése nem támogatott
     Address:
       NotFound: Cím nem található
       NotChanged: Cím nem lett megváltoztatva
diff --git a/internal/static/i18n/id.yaml b/internal/static/i18n/id.yaml
index 0108d7618b..c9187020f7 100644
--- a/internal/static/i18n/id.yaml
+++ b/internal/static/i18n/id.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: Telepon sudah diverifikasi
       Empty: Telepon kosong
       NotChanged: Telepon tidak berubah
+      VerifyingRemovalIsNotSupported: Verifikasi penghapusan tidak didukung
     Address:
       NotFound: Alamat tidak ditemukan
       NotChanged: Alamat tidak berubah
diff --git a/internal/static/i18n/it.yaml b/internal/static/i18n/it.yaml
index 750c48471a..d1dccef4c7 100644
--- a/internal/static/i18n/it.yaml
+++ b/internal/static/i18n/it.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: Telefono già verificato
       Empty: Il telefono è vuoto
       NotChanged: Telefono non cambiato
+      VerifyingRemovalIsNotSupported: La rimozione della verifica non è supportata
     Address:
       NotFound: Indirizzo non trovato
       NotChanged: Indirizzo non cambiato
diff --git a/internal/static/i18n/ja.yaml b/internal/static/i18n/ja.yaml
index fcd7920999..4b0f2ea203 100644
--- a/internal/static/i18n/ja.yaml
+++ b/internal/static/i18n/ja.yaml
@@ -116,6 +116,7 @@ Errors:
       AlreadyVerified: 電話番号はすでに認証済みです
       Empty: 電話番号が空です
       NotChanged: 電話番号が変更されていません
+      VerifyingRemovalIsNotSupported: 電話番号の削除を検証することはできません
     Address:
       NotFound: 住所が見つかりません
       NotChanged: 住所は変更されていません
diff --git a/internal/static/i18n/ko.yaml b/internal/static/i18n/ko.yaml
index d83af62235..2c87aa1f97 100644
--- a/internal/static/i18n/ko.yaml
+++ b/internal/static/i18n/ko.yaml
@@ -116,6 +116,7 @@ Errors:
       AlreadyVerified: 전화번호가 이미 인증되었습니다
       Empty: 전화번호가 비어 있습니다
       NotChanged: 전화번호가 변경되지 않았습니다
+      VerifyingRemovalIsNotSupported: 전화번호 제거를 확인하는 것은 지원되지 않습니다
     Address:
       NotFound: 주소를 찾을 수 없습니다
       NotChanged: 주소가 변경되지 않았습니다
diff --git a/internal/static/i18n/mk.yaml b/internal/static/i18n/mk.yaml
index 7126925279..64ae87a618 100644
--- a/internal/static/i18n/mk.yaml
+++ b/internal/static/i18n/mk.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: Телефонскиот број веќе е верифициран
       Empty: Телефонскиот број е празен
       NotChanged: Телефонскиот број не е променет
+      VerifyingRemovalIsNotSupported: Отстранувањето на верификацијата не е поддржано
     Address:
       NotFound: Адресата не е пронајдена
       NotChanged: Адресата не е променета
diff --git a/internal/static/i18n/nl.yaml b/internal/static/i18n/nl.yaml
index a398e4b770..dc9fd83721 100644
--- a/internal/static/i18n/nl.yaml
+++ b/internal/static/i18n/nl.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: Telefoon is al geverifieerd
       Empty: Telefoon is leeg
       NotChanged: Telefoon niet veranderd
+      VerifyingRemovalIsNotSupported: Verwijderen van verificatie is niet ondersteund
     Address:
       NotFound: Adres niet gevonden
       NotChanged: Adres niet veranderd
diff --git a/internal/static/i18n/pl.yaml b/internal/static/i18n/pl.yaml
index 049a189930..4952345510 100644
--- a/internal/static/i18n/pl.yaml
+++ b/internal/static/i18n/pl.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: Numer telefonu już zweryfikowany
       Empty: Numer telefonu jest pusty
       NotChanged: Numer telefonu nie zmieniony
+      VerifyingRemovalIsNotSupported: Usunięcie weryfikacji nie jest obsługiwane
     Address:
       NotFound: Adres nie znaleziony
       NotChanged: Adres nie zmieniony
diff --git a/internal/static/i18n/pt.yaml b/internal/static/i18n/pt.yaml
index 09a5fc02c5..e5fc785d0c 100644
--- a/internal/static/i18n/pt.yaml
+++ b/internal/static/i18n/pt.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: O telefone já foi verificado
       Empty: O telefone está vazio
       NotChanged: Telefone não alterado
+      VerifyingRemovalIsNotSupported: Remoção de verificação não suportada
     Address:
       NotFound: Endereço não encontrado
       NotChanged: Endereço não alterado
diff --git a/internal/static/i18n/ro.yaml b/internal/static/i18n/ro.yaml
index 9010e57032..ece4680de6 100644
--- a/internal/static/i18n/ro.yaml
+++ b/internal/static/i18n/ro.yaml
@@ -116,6 +116,7 @@ Errors:
       AlreadyVerified: Numărul de telefon este deja verificat
       Empty: Numărul de telefon este gol
       NotChanged: Numărul de telefon nu a fost schimbat
+      VerifyingRemovalIsNotSupported: Verificarea eliminării nu este acceptată
     Address:
       NotFound: Adresa nu a fost găsită
       NotChanged: Adresa nu a fost schimbată
diff --git a/internal/static/i18n/ru.yaml b/internal/static/i18n/ru.yaml
index 38b2847637..a2efd25322 100644
--- a/internal/static/i18n/ru.yaml
+++ b/internal/static/i18n/ru.yaml
@@ -116,6 +116,7 @@ Errors:
       AlreadyVerified: Телефон уже подтверждён
       Empty: Телефон пуст
       NotChanged: Телефон не менялся
+      VerifyingRemovalIsNotSupported: Удаление телефона не поддерживается
     Address:
       NotFound: Адрес не найден
       NotChanged: Адрес не изменён
diff --git a/internal/static/i18n/sv.yaml b/internal/static/i18n/sv.yaml
index ed4b863886..be40ceba3c 100644
--- a/internal/static/i18n/sv.yaml
+++ b/internal/static/i18n/sv.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: Mobilnr redan verifierad
       Empty: Mobilnr är tom
       NotChanged: Mobilnr ändrades inte
+      VerifyingRemovalIsNotSupported: Verifiering av borttagning stöds inte
     Address:
       NotFound: Adress hittades inte
       NotChanged: Adress ändrades inte
diff --git a/internal/static/i18n/zh.yaml b/internal/static/i18n/zh.yaml
index 03aa168a50..930fcaddae 100644
--- a/internal/static/i18n/zh.yaml
+++ b/internal/static/i18n/zh.yaml
@@ -115,6 +115,7 @@ Errors:
       AlreadyVerified: 手机号码已经验证
       Empty: 电话号码是空的
       NotChanged: 电话号码没有改变
+      VerifyingRemovalIsNotSupported: 验证手机号码删除不受支持
     Address:
       NotFound: 找不到地址
       NotChanged: 地址没有改变
diff --git a/proto/buf.yaml b/proto/buf.yaml
index 31bc7b4ccc..abe35b3055 100644
--- a/proto/buf.yaml
+++ b/proto/buf.yaml
@@ -40,4 +40,4 @@ lint:
     - zitadel/system.proto
     - zitadel/text.proto
     - zitadel/user.proto
-    - zitadel/v1.proto
\ No newline at end of file
+    - zitadel/v1.proto
diff --git a/proto/zitadel/filter/v2/filter.proto b/proto/zitadel/filter/v2/filter.proto
new file mode 100644
index 0000000000..3817324d31
--- /dev/null
+++ b/proto/zitadel/filter/v2/filter.proto
@@ -0,0 +1,96 @@
+syntax = "proto3";
+
+package zitadel.filter.v2;
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/filter/v2;filter";
+
+import "google/protobuf/timestamp.proto";
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "validate/validate.proto";
+
+enum TextFilterMethod {
+  TEXT_FILTER_METHOD_EQUALS = 0;
+  TEXT_FILTER_METHOD_EQUALS_IGNORE_CASE = 1;
+  TEXT_FILTER_METHOD_STARTS_WITH = 2;
+  TEXT_FILTER_METHOD_STARTS_WITH_IGNORE_CASE = 3;
+  TEXT_FILTER_METHOD_CONTAINS = 4;
+  TEXT_FILTER_METHOD_CONTAINS_IGNORE_CASE = 5;
+  TEXT_FILTER_METHOD_ENDS_WITH = 6;
+  TEXT_FILTER_METHOD_ENDS_WITH_IGNORE_CASE = 7;
+}
+
+enum ListFilterMethod {
+  LIST_FILTER_METHOD_IN = 0;
+}
+
+enum TimestampFilterMethod {
+  TIMESTAMP_FILTER_METHOD_EQUALS = 0;
+  TIMESTAMP_FILTER_METHOD_AFTER = 1;
+  TIMESTAMP_FILTER_METHOD_AFTER_OR_EQUALS = 2;
+  TIMESTAMP_FILTER_METHOD_BEFORE = 3;
+  TIMESTAMP_FILTER_METHOD_BEFORE_OR_EQUALS = 4;
+}
+
+message PaginationRequest {
+  // Starting point for retrieval, in combination of offset used to query a set list of objects.
+  uint64 offset = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "0";
+    }
+  ];
+  // limit is the maximum amount of objects returned. The default is set to 100
+  // with a maximum of 1000 in the runtime configuration.
+  // If the limit exceeds the maximum configured ZITADEL will throw an error.
+  // If no limit is present the default is taken.
+  uint32 limit = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "10";
+    }
+  ];
+  // Asc is the sorting order. If true the list is sorted ascending, if false
+  // the list is sorted descending. The default is descending.
+  bool asc = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "false";
+    }
+  ];
+}
+
+message PaginationResponse {
+  // Absolute number of objects matching the query, regardless of applied limit.
+  uint64 total_result = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "100";
+    }
+  ];
+  // Applied limit from query, defines maximum amount of objects per request, to compare if all objects are returned.
+  uint64 applied_limit = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "100";
+    }
+  ];
+}
+
+message IDFilter {
+  // Only return resources that belong to this id.
+  string id = 1 [
+    (validate.rules).string = {max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      max_length: 200;
+      example: "\"69629023906488337\"";
+    }
+  ];
+}
+
+message TimestampFilter {
+  // Filter resources by timestamp.
+  google.protobuf.Timestamp timestamp = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // Defines the condition (e.g., equals, before, after) that the timestamp of the retrieved resources should match.
+  TimestampFilterMethod method = 2 [
+    (validate.rules).enum.defined_only = true
+  ];
+}
diff --git a/proto/zitadel/filter/v2beta/filter.proto b/proto/zitadel/filter/v2beta/filter.proto
index 6aae583cde..2265fa4125 100644
--- a/proto/zitadel/filter/v2beta/filter.proto
+++ b/proto/zitadel/filter/v2beta/filter.proto
@@ -6,6 +6,7 @@ option go_package = "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta;filter";
 
 import "google/protobuf/timestamp.proto";
 import "protoc-gen-openapiv2/options/annotations.proto";
+import "validate/validate.proto";
 
 enum TextFilterMethod {
   TEXT_FILTER_METHOD_EQUALS = 0;
@@ -56,4 +57,37 @@ message PaginationResponse {
       example: "\"100\"";
     }
   ];
-}
\ No newline at end of file
+}
+
+message IDFilter {
+  // Only return resources that belong to this id.
+  string id = 1 [
+    (validate.rules).string = {max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      max_length: 200;
+      example: "\"69629023906488337\"";
+    }
+  ];
+}
+
+message TimestampFilter {
+  // Filter resources by timestamp.
+  google.protobuf.Timestamp timestamp = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // Defines the condition (e.g., equals, before, after) that the timestamp of the retrieved resources should match.
+  TimestampFilterMethod method = 2 [
+    (validate.rules).enum.defined_only = true
+  ];
+}
+
+message InIDsFilter {
+  // Defines the ids to query for.
+  repeated string ids = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "[\"69629023906488334\",\"69622366012355662\"]";
+    }
+  ];
+}
diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto
index 34a8384d39..8cd0b22759 100644
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -432,7 +432,11 @@ service ManagementService {
         };
     }
 
-    // Deprecated: use ImportHumanUser
+    // Create User (Human)
+    //
+    // Deprecated: use [ImportHumanUser](apis/resources/mgmt/management-service-import-human-user.api.mdx) instead.
+    //
+    // Create a new user with the type human. The newly created user will get an initialization email if either the email address is not marked as verified or no password is set. If a password is set the user will not be requested to set a new one on the first login.
     rpc AddHumanUser(AddHumanUserRequest) returns (AddHumanUserResponse) {
         option (google.api.http) = {
             post: "/users/human"
@@ -444,10 +448,8 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Deprecated: Create User (Human)";
-            description: "Create a new user with the type human. The newly created user will get an initialization email if either the email address is not marked as verified or no password is set. If a password is set the user will not be requested to set a new one on the first login.\n\nDeprecated: use ImportHumanUser"
-            tags: "Users";
             deprecated: true;
+            tags: "Users";
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -459,7 +461,11 @@ service ManagementService {
         };
     }
 
-    // Deprecated: please use user service v2 AddHumanUser
+    // Create/Import User (Human)
+    //
+    // Deprecated: use [UpdateHumanUser](apis/resources/user_service_v2/user-service-update-human-user.api.mdx) instead.
+    //
+    // Create/import a new user with the type human. The newly created user will get an initialization email if either the email address is not marked as verified or no password is set. If a password is set the user will not be requested to set a new one on the first login.
     rpc ImportHumanUser(ImportHumanUserRequest) returns (ImportHumanUserResponse) {
         option (google.api.http) = {
             post: "/users/human/_import"
@@ -471,11 +477,9 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Create/Import User (Human)";
-            description: "Create/import a new user with the type human. The newly created user will get an initialization email if either the email address is not marked as verified or no password is set. If a password is set the user will not be requested to set a new one on the first login.\n\nDeprecated: please use user service v2 [AddHumanUser](apis/resources/user_service_v2/user-service-add-human-user.api.mdx)"
+            deprecated: true;
             tags: "Users";
             tags: "User Human"
-            deprecated: true;
             parameters: {
                 headers: {
                     name: "x-zitadel-orgid";
@@ -487,6 +491,11 @@ service ManagementService {
         };
     }
 
+    // Create User (Machine)
+    //
+    // Deprecated: use [user service v2 CreateUser](apis/resources/user_service_v2/user-service-create-user.api.mdx) to create a user of type machine instead.
+    //
+    // Create a new user with the type machine for your API, service or device. These users are used for non-interactive authentication flows.
     rpc AddMachineUser(AddMachineUserRequest) returns (AddMachineUserResponse) {
         option (google.api.http) = {
             post: "/users/machine"
@@ -498,8 +507,7 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Create User (Machine)";
-            description: "Create a new user with the type machine for your API, service or device. These users are used for non-interactive authentication flows."
+            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -683,7 +691,11 @@ service ManagementService {
         };
     }
 
-    // Deprecated: please use user service v2 UpdateHumanUser
+    // Change user name
+    //
+    // Deprecated: use [user service v2 UpdateUser](apis/resources/user_service_v2/user-service-update-user.api.mdx) instead.
+    //
+    // Change the username of the user. Be aware that the user has to log in with the newly added username afterward
     rpc UpdateUserName(UpdateUserNameRequest) returns (UpdateUserNameResponse) {
         option (google.api.http) = {
             put: "/users/{user_id}/username"
@@ -695,8 +707,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Change user name";
-            description: "Change the username of the user. Be aware that the user has to log in with the newly added username afterward.\n\nDeprecated: please use user service v2 UpdateHumanUser"
             tags: "Users";
             deprecated: true;
             responses: {
@@ -903,7 +913,11 @@ service ManagementService {
         };
     }
 
-    // Deprecated: please use user service v2 UpdateHumanUser
+    // Update User Profile (Human)
+    //
+    // Deprecated: use [user service v2 UpdateHumanUser](apis/resources/user_service_v2/user-service-update-human-user.api.mdx) instead.
+    //
+    // Update the profile information from a user. The profile includes basic information like first_name and last_name.
     rpc UpdateHumanProfile(UpdateHumanProfileRequest) returns (UpdateHumanProfileResponse) {
         option (google.api.http) = {
             put: "/users/{user_id}/profile"
@@ -915,11 +929,9 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Update User Profile (Human)";
-            description: "Update the profile information from a user. The profile includes basic information like first_name and last_name.\n\nDeprecated: please use user service v2 UpdateHumanUser"
+            deprecated: true;
             tags: "Users";
             tags: "User Human";
-            deprecated: true;
             responses: {
                 key: "200"
                 value: {
@@ -970,7 +982,11 @@ service ManagementService {
         };
     }
 
-    // Deprecated: please use user service v2 SetEmail
+    // Update User Email (Human)
+    //
+    // Deprecated: use [user service v2 SetEmail](apis/resources/user_service_v2/user-service-set-email.api.mdx) instead.
+    //
+    // Change the email address of a user. If the state is set to not verified, the user will get a verification email.
     rpc UpdateHumanEmail(UpdateHumanEmailRequest) returns (UpdateHumanEmailResponse) {
         option (google.api.http) = {
             put: "/users/{user_id}/email"
@@ -982,8 +998,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Update User Email (Human)";
-            description: "Change the email address of a user. If the state is set to not verified, the user will get a verification email.\n\nDeprecated: please use user service v2 SetEmail"
             tags: "Users";
             tags: "User Human";
             deprecated: true;
@@ -1039,7 +1053,11 @@ service ManagementService {
         };
     }
 
-    // Deprecated: please use user service v2 ResendEmailCode
+    // Resend User Email Verification
+    //
+    // Deprecated: use [user service v2 ResendEmailCode](apis/resources/user_service_v2/user-service-resend-email-code.api.mdx) instead.
+    //
+    // Resend the email verification notification to the given email address of the user.
     rpc ResendHumanEmailVerification(ResendHumanEmailVerificationRequest) returns (ResendHumanEmailVerificationResponse) {
         option (google.api.http) = {
             post: "/users/{user_id}/email/_resend_verification"
@@ -1051,8 +1069,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Resend User Email Verification";
-            description: "Resend the email verification notification to the given email address of the user.\n\nDeprecated: please use user service v2 ResendEmailCode"
             tags: "Users";
             tags: "User Human";
             deprecated: true;
@@ -1106,7 +1122,11 @@ service ManagementService {
         };
     }
 
-    // Deprecated: please use user service v2 SetPhone
+    // Update User Phone (Human)
+    //
+    // Deprecated: use [user service v2 SetPhone](apis/resources/user_service_v2/user-service-update-user.api.mdx) instead.
+    //
+    // Change the phone number of a user. If the state is set to not verified, the user will get an SMS to verify (if a notification provider is configured). The phone number is only for informational purposes and to send messages, not for Authentication (2FA).
     rpc UpdateHumanPhone(UpdateHumanPhoneRequest) returns (UpdateHumanPhoneResponse) {
         option (google.api.http) = {
             put: "/users/{user_id}/phone"
@@ -1118,8 +1138,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Update User Phone (Human)";
-            description: "Change the phone number of a user. If the state is set to not verified, the user will get an SMS to verify (if a notification provider is configured). The phone number is only for informational purposes and to send messages, not for Authentication (2FA).\n\nDeprecated: please use user service v2 SetPhone"
             tags: "Users";
             tags: "User Human";
             deprecated: true;
@@ -1140,7 +1158,11 @@ service ManagementService {
         };
     }
 
-    // Deprecated: please use user service v2 SetPhone
+    // Remove User Phone (Human)
+    //
+    // Deprecated: use user service v2 [user service v2 SetPhone](apis/resources/user_service_v2/user-service-set-phone.api.mdx) instead.
+    //
+    // Remove the configured phone number of a user.
     rpc RemoveHumanPhone(RemoveHumanPhoneRequest) returns (RemoveHumanPhoneResponse) {
         option (google.api.http) = {
             delete: "/users/{user_id}/phone"
@@ -1151,8 +1173,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Remove User Phone (Human)";
-            description: "Remove the configured phone number of a user.\n\nDeprecated: please use user service v2 SetPhone"
             tags: "Users";
             tags: "User Human";
             deprecated: true;
@@ -1173,7 +1193,11 @@ service ManagementService {
         };
     }
 
-    // Deprecated: please use user service v2 ResendPhoneCode
+    // Resend User Phone Verification
+    //
+    // Deprecated: use user service v2 [user service v2 ResendPhoneCode](apis/resources/user_service_v2/user-service-resend-phone-code.api.mdx) instead.
+    //
+    // Resend the notification for the verification of the phone number, to the number stored on the user.
     rpc ResendHumanPhoneVerification(ResendHumanPhoneVerificationRequest) returns (ResendHumanPhoneVerificationResponse) {
         option (google.api.http) = {
             post: "/users/{user_id}/phone/_resend_verification"
@@ -1185,8 +1209,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Resend User Phone Verification";
-            description: "Resend the notification for the verification of the phone number, to the number stored on the user.\n\nDeprecated: please use user service v2 ResendPhoneCode"
             tags: "Users";
             tags: "User Human";
             deprecated: true;
@@ -1238,7 +1260,9 @@ service ManagementService {
         };
     }
 
-    // Deprecated: please use user service v2 SetPassword
+    // Set Human Initial Password
+    //
+    // Deprecated: use [user service v2 SetPassword](apis/resources/user_service_v2/user-service-set-password.api.mdx) instead.
     rpc SetHumanInitialPassword(SetHumanInitialPasswordRequest) returns (SetHumanInitialPasswordResponse) {
         option (google.api.http) = {
             post: "/users/{user_id}/password/_initialize"
@@ -1252,7 +1276,6 @@ service ManagementService {
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Users";
             tags: "User Human";
-            summary: "Set Human Initial Password\n\nDeprecated: please use user service v2 SetPassword";
             deprecated: true;
             parameters: {
                 headers: {
@@ -1265,7 +1288,9 @@ service ManagementService {
         };
     }
 
-    // Deprecated: please use user service v2 SetPassword
+    // Set User Password
+    //
+    // Deprecated: use [user service v2 SetPassword](apis/resources/user_service_v2/user-service-set-password.api.mdx) instead.
     rpc SetHumanPassword(SetHumanPasswordRequest) returns (SetHumanPasswordResponse) {
         option (google.api.http) = {
             post: "/users/{user_id}/password"
@@ -1277,8 +1302,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Set User Password";
-            description: "Set a new password for a user. Per default, the user has to change the password on the next login. You can set no_change_required to true, to avoid the change on the next login.\n\nDeprecated: please use user service v2 SetPassword"
             tags: "Users";
             tags: "User Human";
             deprecated: true;
@@ -1299,7 +1322,11 @@ service ManagementService {
         };
     }
 
-    // Deprecated: please use user service v2 PasswordReset
+    // Send Reset Password Notification
+    //
+    // Deprecated: use [user service v2 PasswordReset](apis/resources/user_service_v2/user-service-password-reset.api.mdx) instead.
+    //
+    // The user will receive an email with a link to change the password.
     rpc SendHumanResetPasswordNotification(SendHumanResetPasswordNotificationRequest) returns (SendHumanResetPasswordNotificationResponse) {
         option (google.api.http) = {
             post: "/users/{user_id}/password/_reset"
@@ -1311,8 +1338,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Send Reset Password Notification";
-            description: "The user will receive an email with a link to change the password.\n\nDeprecated: please use user service v2 PasswordReset"
             tags: "Users";
             tags: "User Human";
             deprecated: true;
@@ -1629,6 +1654,11 @@ service ManagementService {
         };
     }
 
+    // Update Machine User
+    //
+    // Deprecated: use [user service v2 UpdateUser](apis/resources/user_service_v2/user-service-update-user.api.mdx) to update a user of type machine instead.
+    //
+    // Change a service account/machine user. It is used for accounts with non-interactive authentication possibilities.
     rpc UpdateMachine(UpdateMachineRequest) returns (UpdateMachineResponse) {
         option (google.api.http) = {
             put: "/users/{user_id}/machine"
@@ -1640,8 +1670,7 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Update Machine User";
-            description: "Change a service account/machine user. It is used for accounts with non-interactive authentication possibilities."
+            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1661,6 +1690,11 @@ service ManagementService {
         };
     }
 
+    // Create Secret for Machine User
+    //
+    // Deprecated: use [user service v2 AddSecret](apis/resources/user_service_v2/user-service-add-secret.api.mdx) instead.
+    //
+    // Create a new secret for a machine user/service account. It is used to authenticate the user (client credential grant).
     rpc GenerateMachineSecret(GenerateMachineSecretRequest) returns (GenerateMachineSecretResponse) {
         option (google.api.http) = {
             put: "/users/{user_id}/secret"
@@ -1672,8 +1706,7 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Create Secret for Machine User";
-            description: "Create a new secret for a machine user/service account. It is used to authenticate the user (client credential grant)."
+            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1693,6 +1726,11 @@ service ManagementService {
         };
     }
 
+    // Delete Secret of Machine User
+    //
+    // Deprecated: use [user service v2 RemoveSecret](apis/resources/user_service_v2/user-service-remove-secret.api.mdx) instead.
+    //
+    // Delete a secret of a machine user/service account. The user will not be able to authenticate with the secret afterward.
     rpc RemoveMachineSecret(RemoveMachineSecretRequest) returns (RemoveMachineSecretResponse) {
         option (google.api.http) = {
             delete: "/users/{user_id}/secret"
@@ -1703,8 +1741,7 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Delete Secret of Machine User";
-            description: "Delete a secret of a machine user/service account. The user will not be able to authenticate with the secret afterward."
+            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1724,6 +1761,11 @@ service ManagementService {
         };
     }
 
+    // Get Machine user Key By ID
+    //
+    // Deprecated: use [user service v2 ListKeys](apis/resources/user_service_v2/user-service-list-keys.api.mdx) instead.
+    //
+    // Get a specific Key of a machine user by its id. Machine keys are used to authenticate with jwt profile authentication.
     rpc GetMachineKeyByIDs(GetMachineKeyByIDsRequest) returns (GetMachineKeyByIDsResponse) {
         option (google.api.http) = {
             get: "/users/{user_id}/keys/{key_id}"
@@ -1734,8 +1776,7 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Get Machine user Key By ID";
-            description: "Get a specific Key of a machine user by its id. Machine keys are used to authenticate with jwt profile authentication."
+            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1755,6 +1796,11 @@ service ManagementService {
         };
     }
 
+    // Get Machine user Key By ID
+    //
+    // Deprecated: use [user service v2 ListKeys](apis/resources/user_service_v2/user-service-list-keys.api.mdx) instead.
+    //
+    // Get the list of keys of a machine user. Machine keys are used to authenticate with jwt profile authentication.
     rpc ListMachineKeys(ListMachineKeysRequest) returns (ListMachineKeysResponse) {
         option (google.api.http) = {
             post: "/users/{user_id}/keys/_search"
@@ -1766,8 +1812,7 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Get Machine user Key By ID";
-            description: "Get the list of keys of a machine user. Machine keys are used to authenticate with jwt profile authentication."
+            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1787,6 +1832,14 @@ service ManagementService {
         };
     }
 
+    // Create Key for machine user
+    //
+    // Deprecated: use [user service v2 AddKey](apis/resources/user_service_v2/user-service-add-key.api.mdx) instead.
+    //
+    // If a public key is not supplied, a new key is generated and will be returned in the response.
+    // Make sure to store the returned key.
+    // If an RSA public key is supplied, the private key is omitted from the response.
+    // Machine keys are used to authenticate with jwt profile.
     rpc AddMachineKey(AddMachineKeyRequest) returns (AddMachineKeyResponse) {
         option (google.api.http) = {
             post: "/users/{user_id}/keys"
@@ -1798,8 +1851,7 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Create Key for machine user";
-            description: "If a public key is not supplied, a new key is generated and will be returned in the response. Make sure to store the returned key. If an RSA public key is supplied, the private key is omitted from the response. Machine keys are used to authenticate with jwt profile."
+            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1819,6 +1871,12 @@ service ManagementService {
         };
     }
 
+    // Delete Key for machine user
+    //
+    // Deprecated: use [user service v2 RemoveKey](apis/resources/user_service_v2/user-service-remove-key.api.mdx) instead.
+    //
+    // Delete a specific key from a user.
+    // The user will not be able to authenticate with that key afterward.
     rpc RemoveMachineKey(RemoveMachineKeyRequest) returns (RemoveMachineKeyResponse) {
         option (google.api.http) = {
             delete: "/users/{user_id}/keys/{key_id}"
@@ -1829,8 +1887,7 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Delete Key for machine user";
-            description: "Delete a specific key from a user. The user will not be able to authenticate with that key afterward."
+            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1850,6 +1907,11 @@ service ManagementService {
         };
     }
 
+    // Get Personal-Access-Token (PAT) by ID
+    //
+    // Deprecated: use [user service v2 ListPersonalAccessTokens](apis/resources/user_service_v2/user-service-list-personal-access-tokens.api.mdx) instead.
+    //
+    // Returns the PAT for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header.
     rpc GetPersonalAccessTokenByIDs(GetPersonalAccessTokenByIDsRequest) returns (GetPersonalAccessTokenByIDsResponse) {
         option (google.api.http) = {
             get: "/users/{user_id}/pats/{token_id}"
@@ -1860,8 +1922,7 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Get a Personal-Access-Token (PAT) by ID";
-            description: "Returns the PAT for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header."
+            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1881,6 +1942,11 @@ service ManagementService {
         };
     }
 
+    // List Personal-Access-Tokens (PATs)
+    //
+    // Deprecated: use [user service v2 ListPersonalAccessTokens](apis/resources/user_service_v2/user-service-list-personal-access-tokens.api.mdx) instead.
+    //
+    // Returns a list of PATs for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header.
     rpc ListPersonalAccessTokens(ListPersonalAccessTokensRequest) returns (ListPersonalAccessTokensResponse) {
         option (google.api.http) = {
             post: "/users/{user_id}/pats/_search"
@@ -1892,8 +1958,7 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Get a Personal-Access-Token (PAT) by ID";
-            description: "Returns a list of PATs for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header."
+            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1913,6 +1978,13 @@ service ManagementService {
         };
     }
 
+    // Create a Personal-Access-Token (PAT)
+    //
+    // Deprecated: use [user service v2 AddPersonalAccessToken](apis/resources/user_service_v2/user-service-add-personal-access-token.api.mdx) instead.
+    //
+    // Generates a new PAT for the user. Currently only available for machine users.
+    // The token will be returned in the response, make sure to store it.
+    // PATs are ready-to-use tokens and can be sent directly in the authentication header.
     rpc AddPersonalAccessToken(AddPersonalAccessTokenRequest) returns (AddPersonalAccessTokenResponse) {
         option (google.api.http) = {
             post: "/users/{user_id}/pats"
@@ -1924,8 +1996,7 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Create a Personal-Access-Token (PAT)";
-            description: "Generates a new PAT for the user. Currently only available for machine users. The token will be returned in the response, make sure to store it. PATs are ready-to-use tokens and can be sent directly in the authentication header."
+            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1945,6 +2016,11 @@ service ManagementService {
         };
     }
 
+    // Remove a Personal-Access-Token (PAT) by ID
+    //
+    // Deprecated: use [user service v2 RemovePersonalAccessToken](apis/resources/user_service_v2/user-service-remove-personal-access-token.api.mdx) instead.
+    //
+    // Delete a PAT from a user. Afterward, the user will not be able to authenticate with that token anymore.
     rpc RemovePersonalAccessToken(RemovePersonalAccessTokenRequest) returns (RemovePersonalAccessTokenResponse) {
         option (google.api.http) = {
             delete: "/users/{user_id}/pats/{token_id}"
@@ -1955,8 +2031,7 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            summary: "Get a Personal-Access-Token (PAT) by ID";
-            description: "Delete a PAT from a user. Afterward, the user will not be able to authenticate with that token anymore."
+            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -2003,7 +2078,7 @@ service ManagementService {
         };
     }
 
-    // Deprecated: please use user service v2 RemoveLinkedIDP
+    // Deprecated: please use [user service v2 RemoveIDPLink](apis/resources/user_service_v2/user-service-remove-idp-link.api.mdx)
     rpc RemoveHumanLinkedIDP(RemoveHumanLinkedIDPRequest) returns (RemoveHumanLinkedIDPResponse) {
         option (google.api.http) = {
             delete: "/users/{user_id}/idps/{idp_id}/{linked_user_id}"
diff --git a/proto/zitadel/project/v2beta/query.proto b/proto/zitadel/project/v2beta/query.proto
index f328b65189..9bfde662a3 100644
--- a/proto/zitadel/project/v2beta/query.proto
+++ b/proto/zitadel/project/v2beta/query.proto
@@ -185,10 +185,10 @@ message ProjectSearchFilter {
     option (validate.required) = true;
 
     ProjectNameFilter project_name_filter = 1;
-    InProjectIDsFilter in_project_ids_filter = 2;
-    ProjectResourceOwnerFilter project_resource_owner_filter = 3;
-    ProjectGrantResourceOwnerFilter project_grant_resource_owner_filter = 4;
-    ProjectOrganizationIDFilter project_organization_id_filter = 5;
+    zitadel.filter.v2beta.InIDsFilter in_project_ids_filter = 2;
+    zitadel.filter.v2beta.IDFilter project_resource_owner_filter = 3;
+    zitadel.filter.v2beta.IDFilter project_grant_resource_owner_filter = 4;
+    zitadel.filter.v2beta.IDFilter project_organization_id_filter = 5;
   }
 }
 
@@ -210,68 +210,18 @@ message ProjectNameFilter {
   ];
 }
 
-message InProjectIDsFilter {
-  // Defines the ids to query for.
-  repeated string project_ids = 1 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "the ids of the projects to include"
-      example: "[\"69629023906488334\",\"69622366012355662\"]";
-    }
-  ];
-}
-
-message ProjectResourceOwnerFilter {
-  // Defines the ID of organization the project belongs to query for.
-  string project_resource_owner = 1 [
-    (validate.rules).string = {max_len: 200},
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "\"69629023906488334\""
-    }
-  ];
-}
-
-message ProjectGrantResourceOwnerFilter {
-  // Defines the ID of organization the project grant belongs to query for.
-  string project_grant_resource_owner = 1 [
-    (validate.rules).string = {max_len: 200},
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "\"69629023906488334\""
-    }
-  ];
-}
-
-message ProjectOrganizationIDFilter {
-  // Defines the ID of organization the project and granted project belong to query for.
-  string project_organization_id = 1 [
-    (validate.rules).string = {max_len: 200},
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "\"69629023906488334\""
-    }
-  ];
-}
-
 message ProjectGrantSearchFilter {
   oneof filter {
     option (validate.required) = true;
 
     ProjectNameFilter project_name_filter = 1;
     ProjectRoleKeyFilter role_key_filter = 2;
-    InProjectIDsFilter in_project_ids_filter = 3;
-    ProjectResourceOwnerFilter project_resource_owner_filter = 4;
-    ProjectGrantResourceOwnerFilter project_grant_resource_owner_filter = 5;
+    zitadel.filter.v2beta.InIDsFilter in_project_ids_filter = 3;
+    zitadel.filter.v2beta.IDFilter project_resource_owner_filter = 4;
+    zitadel.filter.v2beta.IDFilter project_grant_resource_owner_filter = 5;
   }
 }
 
-message GrantedOrganizationIDFilter {
-  // Defines the ID of organization the project is granted to query for.
-  string granted_organization_id = 1 [
-    (validate.rules).string = {max_len: 200},
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "\"69629023906488334\""
-    }
-  ];
-}
-
 message ProjectRole {
   // ID of the project.
   string project_id = 1 [
@@ -344,4 +294,4 @@ message ProjectRoleDisplayNameFilter {
   zitadel.filter.v2beta.TextFilterMethod method = 2 [
     (validate.rules).enum.defined_only = true
   ];
-}
\ No newline at end of file
+}
diff --git a/proto/zitadel/user/v2/email.proto b/proto/zitadel/user/v2/email.proto
index e962707fcf..eb807206a7 100644
--- a/proto/zitadel/user/v2/email.proto
+++ b/proto/zitadel/user/v2/email.proto
@@ -19,7 +19,7 @@ message SetHumanEmail {
       example: "\"mini@mouse.com\"";
     }
   ];
-  // if no verification is specified, an email is sent with the default url
+  // If no verification is specified, an email is sent with the default url
   oneof verification {
     SendEmailVerificationCode send_code = 2;
     ReturnEmailVerificationCode return_code = 3;
diff --git a/proto/zitadel/user/v2/key.proto b/proto/zitadel/user/v2/key.proto
new file mode 100644
index 0000000000..ffa83c714e
--- /dev/null
+++ b/proto/zitadel/user/v2/key.proto
@@ -0,0 +1,69 @@
+syntax = "proto3";
+
+package zitadel.user.v2;
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/user/v2;user";
+
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "google/protobuf/timestamp.proto";
+import "validate/validate.proto";
+import "zitadel/filter/v2/filter.proto";
+
+message Key {
+  // The timestamp of the key creation.
+  google.protobuf.Timestamp creation_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // The timestamp of the last change of the key.
+  google.protobuf.Timestamp change_date = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // The unique identifier of the key.
+  string id = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The unique identifier of the user the key belongs to.
+  string user_id = 4 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The unique identifier of the organization the key belongs to.
+  string organization_id = 5 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The keys expiration date.
+  google.protobuf.Timestamp expiration_date = 6 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+}
+
+message KeysSearchFilter {
+  oneof filter {
+    option (validate.required) = true;
+    zitadel.filter.v2.IDFilter key_id_filter = 1;
+    zitadel.filter.v2.IDFilter user_id_filter = 2;
+    zitadel.filter.v2.IDFilter organization_id_filter = 3;
+    zitadel.filter.v2.TimestampFilter created_date_filter = 4;
+    zitadel.filter.v2.TimestampFilter expiration_date_filter = 5;
+  }
+}
+
+enum KeyFieldName {
+  KEY_FIELD_NAME_UNSPECIFIED = 0;
+  KEY_FIELD_NAME_CREATED_DATE = 1;
+  KEY_FIELD_NAME_ID = 2;
+  KEY_FIELD_NAME_USER_ID = 3;
+  KEY_FIELD_NAME_ORGANIZATION_ID = 4;
+  KEY_FIELD_NAME_KEY_EXPIRATION_DATE = 5;
+}
diff --git a/proto/zitadel/user/v2/pat.proto b/proto/zitadel/user/v2/pat.proto
new file mode 100644
index 0000000000..1d24c4c496
--- /dev/null
+++ b/proto/zitadel/user/v2/pat.proto
@@ -0,0 +1,70 @@
+syntax = "proto3";
+
+package zitadel.user.v2;
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/user/v2;user";
+
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "google/protobuf/timestamp.proto";
+import "validate/validate.proto";
+import "zitadel/filter/v2/filter.proto";
+
+message PersonalAccessToken {
+  // The timestamp of the personal access token creation.
+  google.protobuf.Timestamp creation_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // The timestamp of the last change of the personal access token.
+  google.protobuf.Timestamp change_date = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // The unique identifier of the personal access token.
+  string id = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The unique identifier of the user the personal access token belongs to.
+  string user_id = 4 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The unique identifier of the organization the personal access token belongs to.
+  string organization_id = 5 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The personal access tokens expiration date.
+  google.protobuf.Timestamp expiration_date = 6 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+}
+
+message PersonalAccessTokensSearchFilter {
+  oneof filter {
+    option (validate.required) = true;
+    zitadel.filter.v2.IDFilter token_id_filter = 1;
+    zitadel.filter.v2.IDFilter user_id_filter = 2;
+    zitadel.filter.v2.IDFilter organization_id_filter = 3;
+    zitadel.filter.v2.TimestampFilter created_date_filter = 4;
+    zitadel.filter.v2.TimestampFilter expiration_date_filter = 5;
+  }
+}
+
+enum PersonalAccessTokenFieldName {
+  PERSONAL_ACCESS_TOKEN_FIELD_NAME_UNSPECIFIED = 0;
+  PERSONAL_ACCESS_TOKEN_FIELD_NAME_CREATED_DATE = 1;
+  PERSONAL_ACCESS_TOKEN_FIELD_NAME_ID = 2;
+  PERSONAL_ACCESS_TOKEN_FIELD_NAME_USER_ID = 3;
+  PERSONAL_ACCESS_TOKEN_FIELD_NAME_ORGANIZATION_ID = 4;
+  PERSONAL_ACCESS_TOKEN_FIELD_NAME_EXPIRATION_DATE = 5;
+}
+
diff --git a/proto/zitadel/user/v2/user_service.proto b/proto/zitadel/user/v2/user_service.proto
index 44d25c07b3..3fc81836d6 100644
--- a/proto/zitadel/user/v2/user_service.proto
+++ b/proto/zitadel/user/v2/user_service.proto
@@ -2,6 +2,14 @@ syntax = "proto3";
 
 package zitadel.user.v2;
 
+import "google/protobuf/timestamp.proto";
+import "google/api/annotations.proto";
+import "google/api/field_behavior.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/struct.proto";
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "validate/validate.proto";
+
 import "zitadel/object/v2/object.proto";
 import "zitadel/protoc_gen_zitadel/v2/options.proto";
 import "zitadel/user/v2/auth.proto";
@@ -10,13 +18,10 @@ import "zitadel/user/v2/phone.proto";
 import "zitadel/user/v2/idp.proto";
 import "zitadel/user/v2/password.proto";
 import "zitadel/user/v2/user.proto";
+import "zitadel/user/v2/key.proto";
+import "zitadel/user/v2/pat.proto";
 import "zitadel/user/v2/query.proto";
-import "google/api/annotations.proto";
-import "google/api/field_behavior.proto";
-import "google/protobuf/duration.proto";
-import "google/protobuf/struct.proto";
-import "protoc-gen-openapiv2/options/annotations.proto";
-import "validate/validate.proto";
+import "zitadel/filter/v2/filter.proto";
 
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/user/v2;user";
 
@@ -85,9 +90,9 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
     }
   }
   responses: {
-    key: "403";
+    key: "400";
     value: {
-      description: "Returned when the user does not have permission to access the resource.";
+      description: "The request is malformed.";
       schema: {
         json_schema: {
           ref: "#/definitions/rpcStatus";
@@ -96,9 +101,20 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
     }
   }
   responses: {
-    key: "404";
+    key: "401";
     value: {
-      description: "Returned when the resource does not exist.";
+      description: "Returned when the user is not authenticated.";
+      schema: {
+        json_schema: {
+          ref: "#/definitions/rpcStatus";
+        }
+      }
+    }
+  }
+  responses: {
+    key: "403";
+    value: {
+      description: "Returned when the user does not have permission to access the resource.";
       schema: {
         json_schema: {
           ref: "#/definitions/rpcStatus";
@@ -110,8 +126,51 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
 
 service UserService {
 
+  // Create a User
+  //
+  // Create a new human or machine user in the specified organization.
+  //
+  // Required permission:
+  //   - user.write
+  rpc CreateUser (CreateUserRequest) returns (CreateUserResponse) {
+    option (google.api.http) = {
+      // The /new path segment does not follow Zitadels API design.
+      // The only reason why it is used here is to avoid a conflict with the ListUsers endpoint, which already handles POST /v2/users.
+      post: "/v2/users/new"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "OK";
+        }
+      };
+      responses: {
+        key: "409"
+        value: {
+          description: "The user already exists.";
+          schema: {
+            json_schema: {
+              ref: "#/definitions/rpcStatus";
+            };
+          };
+        }
+      };
+    };
+  }
+
   // Create a new human user
   //
+  // Deprecated: Use [CreateUser](apis/resources/user_service_v2/user-service-create-user.api.mdx) to create a new user of type human instead.
+  //
   // Create/import a new user with the type human. The newly created user will get a verification email if either the email address is not marked as verified and you did not request the verification to be returned.
   rpc AddHumanUser (AddHumanUserRequest) returns (AddHumanUserResponse) {
     option (google.api.http) = {
@@ -125,11 +184,12 @@ service UserService {
         org_field: "organization"
       }
       http_response: {
-        success_code: 201
+        success_code: 200
       }
     };
 
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      deprecated: true;
       responses: {
         key: "200"
         value: {
@@ -163,6 +223,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -204,6 +270,8 @@ service UserService {
 
   // Change the user email
   //
+  // Deprecated: [Update the users email field](apis/resources/user_service_v2/user-service-update-user.api.mdx).
+  //
   // Change the email address of a user. If the state is set to not verified, a verification code will be generated, which can be either returned or sent to the user by email..
   rpc SetEmail (SetEmailRequest) returns (SetEmailResponse) {
     option (google.api.http) = {
@@ -218,18 +286,23 @@ service UserService {
     };
 
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      deprecated: true;
       responses: {
         key: "200"
         value: {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
   // Resend code to verify user email
-  //
-  // Resend code to verify user email.
   rpc ResendEmailCode (ResendEmailCodeRequest) returns (ResendEmailCodeResponse) {
     option (google.api.http) = {
       post: "/v2/users/{user_id}/email/resend"
@@ -249,12 +322,16 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
   // Send code to verify user email
-  //
-  // Send code to verify user email.
   rpc SendEmailCode (SendEmailCodeRequest) returns (SendEmailCodeResponse) {
     option (google.api.http) = {
       post: "/v2/users/{user_id}/email/send"
@@ -274,6 +351,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -299,11 +382,19 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
   // Set the user phone
   //
+  // Deprecated: [Update the users phone field](apis/resources/user_service_v2/user-service-update-user.api.mdx).
+  //
   // Set the phone number of a user. If the state is set to not verified, a verification code will be generated, which can be either returned or sent to the user by sms..
   rpc SetPhone(SetPhoneRequest) returns (SetPhoneResponse) {
     option (google.api.http) = {
@@ -318,18 +409,27 @@ service UserService {
     };
 
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      deprecated: true;
       responses: {
         key: "200"
         value: {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
-  // Remove the user phone
+  // Delete the user phone
   //
-  // Remove the user phone
+  // Deprecated: [Update the users phone field](apis/resources/user_service_v2/user-service-update-user.api.mdx) to remove the phone number.
+  //
+  // Delete the phone number of a user.
   rpc RemovePhone(RemovePhoneRequest) returns (RemovePhoneResponse) {
     option (google.api.http) = {
       delete: "/v2/users/{user_id}/phone"
@@ -343,20 +443,23 @@ service UserService {
     };
 
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      summary: "Delete the user phone";
-      description: "Delete the phone number of a user."
+      deprecated: true;
       responses: {
         key: "200"
         value: {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
   // Resend code to verify user phone
-  //
-  // Resend code to verify user phone.
   rpc ResendPhoneCode (ResendPhoneCodeRequest) returns (ResendPhoneCodeResponse) {
     option (google.api.http) = {
       post: "/v2/users/{user_id}/phone/resend"
@@ -376,6 +479,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -401,15 +510,27 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
-  // Update User
+
+  // Update a User
   //
-  // Update all information from a user..
-  rpc UpdateHumanUser(UpdateHumanUserRequest) returns (UpdateHumanUserResponse) {
+  // Partially update an existing user.
+  // If you change the users email or phone, you can specify how the ownership should be verified.
+  // If you change the users password, you can specify if the password should be changed again on the users next login.
+  //
+  // Required permission:
+  //   - user.write
+  rpc UpdateUser(UpdateUserRequest) returns (UpdateUserResponse) {
     option (google.api.http) = {
-      put: "/v2/users/human/{user_id}"
+      patch: "/v2/users/{user_id}"
       body: "*"
     };
 
@@ -426,6 +547,62 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+          schema: {
+            json_schema: {
+              ref: "#/definitions/rpcStatus";
+            };
+          };
+        }
+      }
+      responses: {
+        key: "409"
+        value: {
+          description: "The user already exists.";
+          schema: {
+            json_schema: {
+              ref: "#/definitions/rpcStatus";
+            };
+          };
+        }
+      };
+    };
+  }
+
+  // Update Human User
+  //
+  // Deprecated: Use [UpdateUser](apis/resources/user_service_v2/user-service-update-user.api.mdx) to update a user of type human instead.
+  //
+  // Update all information from a user..
+  rpc UpdateHumanUser(UpdateHumanUserRequest) returns (UpdateHumanUserResponse) {
+    option (google.api.http) = {
+      put: "/v2/users/human/{user_id}"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      deprecated: true;
+      responses: {
+        key: "200"
+        value: {
+          description: "OK";
+        }
+      };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -451,6 +628,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -476,6 +659,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -501,6 +690,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -526,6 +721,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -550,6 +751,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -574,6 +781,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -598,6 +811,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -622,6 +841,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -670,6 +895,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -694,6 +925,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -718,6 +955,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -743,6 +986,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -767,6 +1016,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -791,6 +1046,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -814,6 +1075,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -838,6 +1105,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -861,6 +1134,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -885,6 +1164,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -908,6 +1193,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -958,6 +1249,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "Intent ID does not exist.";
+        }
+      }
     };
   }
 
@@ -983,6 +1280,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -1033,6 +1336,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -1058,11 +1367,19 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
   // Change password
   //
+  // Deprecated: [Update the users password](apis/resources/user_service_v2/user-service-update-user.api.mdx) instead.
+  //
   // Change the password of a user with either a verification code or the current password..
   rpc SetPassword (SetPasswordRequest) returns (SetPasswordResponse) {
     option (google.api.http) = {
@@ -1077,12 +1394,19 @@ service UserService {
     };
 
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      deprecated: true;
       responses: {
         key: "200"
         value: {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -1155,6 +1479,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -1183,6 +1513,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -1209,6 +1545,12 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
@@ -1234,9 +1576,289 @@ service UserService {
           description: "OK";
         }
       };
+      responses: {
+        key: "404";
+        value: {
+          description: "User ID does not exist.";
+        }
+      }
     };
   }
 
+  // Add a Users Secret
+  //
+  // Generates a client secret for the user.
+  // The client id is the users username.
+  // If the user already has a secret, it is overwritten.
+  // Only users of type machine can have a secret.
+  //
+  // Required permission:
+  //   - user.write
+  rpc AddSecret(AddSecretRequest) returns (AddSecretResponse) {
+    option (google.api.http) = {
+      post: "/v2/users/{user_id}/secret"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "The secret was successfully generated.";
+        }
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The user ID does not exist.";
+          schema: {
+            json_schema: {
+              ref: "#/definitions/rpcStatus";
+            };
+          };
+        }
+      };
+    };
+  }
+
+  // Remove a Users Secret
+  //
+  // Remove the current client ID and client secret from a machine user.
+  //
+  // Required permission:
+  //   - user.write
+  rpc RemoveSecret(RemoveSecretRequest) returns (RemoveSecretResponse) {
+    option (google.api.http) = {
+      delete: "/v2/users/{user_id}/secret"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "The secret was either successfully removed or it didn't exist in the first place.";
+        }
+      };
+    };
+  }
+
+  // Add a Key
+  //
+  // Add a keys that can be used to securely authenticate at the Zitadel APIs using JWT profile authentication using short-lived tokens.
+  // Make sure you store the returned key safely, as you won't be able to read it from the Zitadel API anymore.
+  // Only users of type machine can have keys.
+  //
+  // Required permission:
+  //   - user.write
+  rpc AddKey(AddKeyRequest) returns (AddKeyResponse) {
+    option (google.api.http) = {
+      post: "/v2/users/{user_id}/keys"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "The key was successfully created.";
+        }
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The user ID does not exist.";
+          schema: {
+            json_schema: {
+              ref: "#/definitions/rpcStatus";
+            };
+          };
+        }
+      };
+    };
+  }
+
+  // Remove a Key
+  //
+  // Remove a machine users key by the given key ID and an optionally given user ID.
+  //
+  // Required permission:
+  //   - user.write
+  rpc RemoveKey(RemoveKeyRequest) returns (RemoveKeyResponse) {
+    option (google.api.http) = {
+      delete: "/v2/users/{user_id}/keys/{key_id}"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "The key was either successfully removed or it not found in the first place.";
+        }
+      };
+    };
+  }
+
+  // Search Keys
+  //
+  // List all matching keys. By default all keys of the instance on which the caller has permission to read the owning users are returned.
+  // Make sure to include a limit and sorting for pagination.
+  //
+  // Required permission:
+  //   - user.read
+  rpc ListKeys(ListKeysRequest) returns (ListKeysResponse) {
+    option (google.api.http) = {
+      post: "/v2/users/keys/search"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "A list of all machine user keys matching the query";
+        };
+      };
+      responses: {
+        key: "400";
+        value: {
+          description: "invalid list query";
+        };
+      };
+    };
+  }
+
+  // Add a Personal Access Token
+  //
+  // Personal access tokens (PAT) are the easiest way to authenticate to the Zitadel APIs.
+  // Make sure you store the returned PAT safely, as you won't be able to read it from the Zitadel API anymore.
+  // Only users of type machine can have personal access tokens.
+  //
+  // Required permission:
+  //   - user.write
+  rpc AddPersonalAccessToken(AddPersonalAccessTokenRequest) returns (AddPersonalAccessTokenResponse) {
+    option (google.api.http) = {
+      post: "/v2/users/{user_id}/pats"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "The personal access token was successfully created.";
+        }
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The user ID does not exist.";
+          schema: {
+            json_schema: {
+              ref: "#/definitions/rpcStatus";
+            };
+          };
+        }
+      };
+    };
+  }
+
+  // Remove a Personal Access Token
+  //
+  // Removes a machine users personal access token by the given token ID and an optionally given user ID.
+  //
+  // Required permission:
+  //   - user.write
+  rpc RemovePersonalAccessToken(RemovePersonalAccessTokenRequest) returns (RemovePersonalAccessTokenResponse) {
+    option (google.api.http) = {
+      delete: "/v2/users/{user_id}/pats/{token_id}"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "The personal access token was either successfully removed or it was not found in the first place.";
+        }
+      };
+    };
+  }
+
+  // Search Personal Access Tokens
+  //
+  // List all personal access tokens. By default all personal access tokens of the instance on which the caller has permission to read the owning users are returned.
+  // Make sure to include a limit and sorting for pagination.
+  //
+  // Required permission:
+  //   - user.read
+  rpc ListPersonalAccessTokens(ListPersonalAccessTokensRequest) returns (ListPersonalAccessTokensResponse) {
+    option (google.api.http) = {
+      post: "/v2/users/pats/search"
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "A list of all personal access tokens matching the query";
+        };
+      };
+      responses: {
+        key: "400";
+        value: {
+          description: "invalid list query";
+        };
+      };
+    };
+  }
 }
 
 message AddHumanUserRequest{
@@ -1296,6 +1918,149 @@ message AddHumanUserResponse {
   optional string phone_code = 4;
 }
 
+
+message CreateUserRequest{
+  message Human {
+    // Set the users profile information.
+    SetHumanProfile profile = 1 [
+      (validate.rules).message.required = true,
+      (google.api.field_behavior) = REQUIRED
+    ];
+    // Set the users email address and optionally send a verification email.
+    SetHumanEmail email = 2 [
+      (validate.rules).message.required = true,
+      (google.api.field_behavior) = REQUIRED
+    ];
+    // Set the users phone number and optionally send a verification SMS.
+    optional SetHumanPhone phone = 3;
+    // Set the users initial password and optionally require the user to set a new password.
+    oneof password_type {
+      Password password = 4;
+      HashedPassword hashed_password = 5;
+    }
+    // Create the user with a list of links to identity providers.
+    // This can be useful in migration-scenarios.
+    // For example, if a user already has an account in an external identity provider or another Zitadel instance, an IDP link allows the user to authenticate as usual.
+    // Sessions, second factors, hardware keys registered externally are still available for authentication.
+    // Use the following endpoints to manage identity provider links:
+    // - [AddIDPLink](apis/resources/user_service_v2/user-service-add-idp-link.api.mdx)
+    // - [RemoveIDPLink](apis/resources/user_service_v2/user-service-remove-idp-link.api.mdx)
+    repeated IDPLink idp_links = 7;
+    // An Implementation of RFC 6238 is used, with HMAC-SHA-1 and time-step of 30 seconds.
+    // Currently no other options are supported, and if anything different is used the validation will fail.
+    optional string totp_secret = 8 [
+      (validate.rules).string = {min_len: 1 max_len: 200},
+      (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        min_length: 1,
+        max_length: 200,
+        example: "\"TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK\"";
+      }
+    ];
+  }
+  message Machine {
+    // The machine users name is a human readable field that helps identifying the user.
+    string name = 1 [
+      (validate.rules).string = {min_len: 1, max_len: 200},
+      (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        min_length: 1,
+        max_length: 200,
+        example: "\"Acceptance Test User\"";
+      }
+    ];
+    // The description is a field that helps to remember the purpose of the user.
+    optional string description = 2 [
+      (validate.rules).string = {min_len: 1, max_len: 500},
+      (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        min_length: 1,
+        max_length: 500,
+        example: "\"The user calls the session API in the continuous integration pipeline for acceptance tests.\"";
+      }
+    ];
+  }
+  // The unique identifier of the organization the user belongs to.
+  string organization_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"69629026806489455\"";
+    }
+  ];
+  // The ID is a unique identifier for the user in the instance.
+  // If not specified, it will be generated.
+  // You can set your own user id that is unique within the instance.
+  // This is useful in migration scenarios, for example if the user already has an ID in another Zitadel system.
+  // If not specified, it will be generated.
+  // It can't be changed after creation.
+  optional string user_id = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"163840776835432345\"";
+    }
+  ];
+
+  // The username is a unique identifier for the user in the organization.
+  // If not specified, Zitadel sets the username to the email for users of type human and to the user_id for users of type machine.
+  // It is used to identify the user in the organization and can be used for login.
+  optional string username = 3 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"minnie-mouse\"";
+    }
+  ];
+
+  // The type of the user.
+  oneof user_type {
+    option (validate.required) = true;
+    // Users of type human are users that are meant to be used by a person.
+    // They can log in interactively using a login UI.
+    // By default, new users will receive a verification email and, if a phone is configured, a verification SMS.
+    // To make sure these messages are sent, configure and activate valid SMTP and Twilio configurations.
+    // Read more about your options for controlling this behaviour in the email and phone field documentations.
+    Human human = 4;
+    // Users of type machine are users that are meant to be used by a machine.
+    // In order to authenticate, [add a secret](apis/resources/user_service_v2/user-service-add-secret.api.mdx), [a key](apis/resources/user_service_v2/user-service-add-key.api.mdx) or [a personal access token](apis/resources/user_service_v2/user-service-add-personal-access-token.api.mdx) to the user.
+    // Tokens generated for new users of type machine will be of an opaque Bearer type.
+    // You can change the users token type to JWT by using the [management v1 service method UpdateMachine](apis/resources/mgmt/management-service-update-machine.api.mdx).
+    Machine machine = 5;
+  }
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
+    example: "{\"organizationId\":\"69629026806489455\",\"userId\":\"163840776835432345\",\"username\":\"minnie-mouse\",\"human\":{\"profile\":{\"givenName\":\"Minnie\",\"familyName\":\"Mouse\",\"nickName\":\"Mini\",\"displayName\":\"Minnie Mouse\",\"preferredLanguage\":\"en\",\"gender\":\"GENDER_FEMALE\"},\"email\":{\"email\":\"mini@mouse.com\",\"sendCode\":{\"urlTemplate\":\"https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}\"}},\"phone\":{\"phone\":\"+41791234567\",\"isVerified\":true},\"password\":{\"password\":\"Secr3tP4ssw0rd!\",\"changeRequired\":true},\"idpLinks\":[{\"idpId\":\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\",\"userId\":\"6516849804890468048461403518\",\"userName\":\"user@external.com\"}],\"totpSecret\":\"TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK\"}}";
+  };
+}
+
+message CreateUserResponse {
+  // The unique identifier of the newly created user.
+  string id = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The timestamp of the user creation.
+  google.protobuf.Timestamp creation_date = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+
+  // The email verification code if it was requested by setting the email verification to return_code.
+  optional string email_code = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"XTA6BC\"";
+    }
+  ];
+  // The phone verification code if it was requested by setting the phone verification to return_code.
+  optional string phone_code = 4 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"XTA6BC\"";
+    }
+  ];
+}
+
 message GetUserByIDRequest {
   reserved 2;
   reserved "organization";
@@ -1550,6 +2315,142 @@ message DeleteUserResponse {
   zitadel.object.v2.Details details = 1;
 }
 
+
+message UpdateUserRequest{
+  message Human {
+    message Profile {
+      // The given name is the first name of the user.
+      // For example, it can be used to personalize notifications and login UIs.
+      optional string given_name = 1  [
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+          min_length: 1;
+          max_length: 200;
+          example: "\"Minnie\"";
+        }
+      ];
+      // The family name is the last name of the user.
+      // For example, it can be used to personalize user interfaces and notifications.
+      optional string family_name = 2  [
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+          min_length: 1;
+          max_length: 200;
+          example: "\"Mouse\"";
+        }
+      ];
+      // The nick name is the users short name.
+      // For example, it can be used to personalize user interfaces and notifications.
+      optional string nick_name = 3 [
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+          min_length: 1;
+          max_length: 200;
+          example: "\"Mini\"";
+        }
+      ];
+      // The display name is how a user should primarily be displayed in lists.
+      // It can also for example be used to personalize user interfaces and notifications.
+      optional string display_name = 4 [
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+          min_length: 1;
+          max_length: 200;
+          example: "\"Minnie Mouse\"";
+        }
+      ];
+      // The users preferred language is the language that systems should use to interact with the user.
+      // It has the format of a [BCP-47 language tag](https://datatracker.ietf.org/doc/html/rfc3066).
+      // It is used by Zitadel where no higher prioritized preferred language can be used.
+      // For example, browser settings can overwrite a users preferred_language.
+      // Notification messages and standard login UIs use the users preferred language if it is supported and allowed on the instance.
+      // Else, the default language of the instance is used.
+      optional string preferred_language = 5 [
+        (validate.rules).string = {min_len: 1, max_len: 10},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+          min_length: 1;
+          max_length: 10;
+          example: "\"en-US\"";
+        }
+      ];
+      // The users gender can for example be used to personalize user interfaces and notifications.
+      optional Gender gender = 6 [
+        (validate.rules).enum = {defined_only: true},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+          example: "\"GENDER_FEMALE\"";
+        }
+      ];
+    }
+    // Change the users profile information
+    optional Profile profile = 1;
+    // Change the users email address and/or trigger a verification email
+    optional SetHumanEmail email = 2;
+    // Change the users phone number and/or trigger a verification SMS
+    // To delete the users phone number, leave the phone field empty and omit the verification field.
+    optional SetHumanPhone phone = 3;
+    // Change the users password.
+    // You can optionally require the current password or the verification code to be correct.
+    optional SetPassword password = 4;
+  }
+  message Machine {
+    // The machine users name is a human readable field that helps identifying the user.
+    optional string name = 1 [
+      (validate.rules).string = {max_len: 200},
+      (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"Acceptance Test User\"";
+      }
+    ];
+    // The description is a field that helps to remember the purpose of the user.
+    optional string description = 2 [
+      (validate.rules).string = {max_len: 500},
+      (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"The user calls the session API in the continuous integration pipeline for acceptance tests.\"";
+      }
+    ];
+  }
+  // The user id is the users unique identifier in the instance.
+  // It can't be changed.
+  string user_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"163840776835432345\"";
+    }
+  ];
+  // Set a new username that is unique within the instance.
+  // Beware that active tokens and sessions are invalidated when the username is changed.
+  optional string username = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"minnie-mouse\"";
+    }
+  ];
+  // Change type specific properties of the user.
+  oneof user_type {
+    Human human = 3;
+    Machine machine = 4;
+  }
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
+    example: "{\"username\":\"minnie-mouse\",\"human\":{\"profile\":{\"givenName\":\"Minnie\",\"familyName\":\"Mouse\",\"displayName\":\"Minnie Mouse\"},\"email\":{\"email\":\"mini@mouse.com\",\"returnCode\":{}},\"phone\":{\"phone\":\"+41791234567\",\"isVerified\":true},\"password\":{\"password\":{\"password\":\"Secr3tP4ssw0rd!\",\"changeRequired\":true},\"verificationCode\":\"SKJd342k\"},\"totpSecret\":\"TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK\"}}";
+  };
+}
+
+message UpdateUserResponse {
+  // The timestamp of the change of the user.
+  google.protobuf.Timestamp change_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+  // In case the email verification was set to return_code, the code will be returned
+  optional string email_code = 2;
+  // In case the phone verification was set to return_code, the code will be returned
+  optional string phone_code = 3;
+}
+
 message UpdateHumanUserRequest{
   string user_id = 1 [
     (validate.rules).string = {min_len: 1, max_len: 200},
@@ -1595,7 +2496,6 @@ message DeactivateUserResponse {
   zitadel.object.v2.Details details = 1;
 }
 
-
 message ReactivateUserRequest {
   string user_id = 1 [
     (validate.rules).string = {min_len: 1, max_len: 200},
@@ -2384,3 +3284,237 @@ message HumanMFAInitSkippedRequest {
 message HumanMFAInitSkippedResponse {
   zitadel.object.v2.Details details = 1;
 }
+
+message AddSecretRequest {
+  // The users resource ID.
+  string user_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"163840776835432345\"";
+    }
+  ];
+}
+
+message AddSecretResponse {
+  // The timestamp of the secret creation.
+  google.protobuf.Timestamp creation_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // The client secret.
+  // Store this secret in a secure place.
+  // It is not possible to retrieve it again.
+  string client_secret = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"WoYLHB23HAZaCSxeMJGEzbu8urHICVdFp2IegVr6Q5U4lZHKAtRvmaalNDWfCuHV\"";
+    }
+  ];
+}
+
+message RemoveSecretRequest {
+  // The users resource ID.
+  string user_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"163840776835432345\"";
+    }
+  ];
+}
+
+message RemoveSecretResponse {
+  // The timestamp of the secret deletion.
+  google.protobuf.Timestamp deletion_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+}
+
+message AddKeyRequest {
+  // The users resource ID.
+  string user_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"163840776835432345\"";
+    }
+  ];
+  // The date the key will expire and no logins will be possible anymore.
+  google.protobuf.Timestamp expiration_date = 2 [
+    (validate.rules).timestamp.required = true,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2519-04-01T08:45:00.000000Z\"";
+    }
+  ];
+  // Optionally provide a public key of your own generated RSA private key.
+  bytes public_key = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1...\"";
+    }
+  ];
+}
+
+message AddKeyResponse {
+  // The timestamp of the key creation.
+  google.protobuf.Timestamp creation_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // The keys ID.
+  string key_id = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"163840776835432345\"";
+    }
+  ];
+  // The key which is usable to authenticate against the API.
+  bytes key_content = 3;
+}
+
+
+message RemoveKeyRequest {
+  // The users resource ID.
+  string user_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"163840776835432345\"";
+    }
+  ];
+  // The keys ID.
+  string key_id = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"163840776835432345\"";
+    }
+  ];
+}
+
+message RemoveKeyResponse {
+  // The timestamp of the key deletion.
+  google.protobuf.Timestamp deletion_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+}
+
+message ListKeysRequest {
+  // List limitations and ordering.
+  optional zitadel.filter.v2.PaginationRequest pagination = 1;
+  // The field the result is sorted by. The default is the creation date. Beware that if you change this, your result pagination might be inconsistent.
+  optional KeyFieldName sorting_column = 2 [
+    (validate.rules).enum = {defined_only: true},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      default: "\"KEY_FIELD_NAME_CREATED_DATE\""
+    }
+  ];
+  // Define the criteria to query for.
+  repeated KeysSearchFilter filters = 3;
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
+    example: "{\"pagination\":{\"offset\":0,\"limit\":10,\"asc\":false},\"sortingColumn\":\"KEY_FIELD_NAME_CREATED_DATE\",\"filters\":[{\"andFilter\":{\"filters\":[{\"organizationIdFilter\":{\"organizationId\":\"163840776835432345\",\"method\":\"TEXT_FILTER_METHOD_EQUALS\"}},{\"notFilter\":{\"filter\":{\"userIdFilter\":{\"userId\":\"163840776835432345\",\"method\":\"TEXT_FILTER_METHOD_EQUALS\"}}}},{\"orFilter\":{\"filters\":[{\"keyIdFilter\":{\"keyId\":\"163840776835432345\",\"method\":\"TEXT_FILTER_METHOD_EQUALS\"}},{\"keyIdFilter\":{\"keyId\":\"163840776835432345\",\"method\":\"TEXT_FILTER_METHOD_EQUALS\"}}]}}]}}]}";
+  };
+}
+
+message ListKeysResponse {
+  zitadel.filter.v2.PaginationResponse pagination = 1;
+  repeated Key result = 2;
+}
+
+message AddPersonalAccessTokenRequest {
+  // The users resource ID.
+  string user_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"163840776835432345\"";
+    }
+  ];
+  // The timestamp when the token will expire.
+  google.protobuf.Timestamp expiration_date = 2 [
+    (validate.rules).timestamp.required = true,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2519-04-01T08:45:00.000000Z\"";
+    }
+  ];
+}
+
+message AddPersonalAccessTokenResponse {
+  // The timestamp of the personal access token creation.
+  google.protobuf.Timestamp creation_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // The tokens ID.
+  string token_id = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"163840776835432345\"";
+    }
+  ];
+  // The personal access token that can be used to authenticate against the API
+  string token = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\"";
+    }
+  ];
+}
+
+message RemovePersonalAccessTokenRequest {
+  // The users resource ID.
+  string user_id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"163840776835432345\"";
+    }
+  ];
+  // The tokens ID.
+  string token_id = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1;
+      max_length: 200;
+      example: "\"163840776835432345\"";
+    }
+  ];
+}
+
+message RemovePersonalAccessTokenResponse {
+  // The timestamp of the personal access token deletion.
+  google.protobuf.Timestamp deletion_date = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+}
+
+
+message ListPersonalAccessTokensRequest {
+  // List limitations and ordering.
+  optional zitadel.filter.v2.PaginationRequest pagination = 1;
+  // The field the result is sorted by. The default is the creation date. Beware that if you change this, your result pagination might be inconsistent.
+  optional PersonalAccessTokenFieldName sorting_column = 2 [
+    (validate.rules).enum = {defined_only: true},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      default: "\"PERSONAL_ACCESS_TOKEN_FIELD_NAME_CREATED_DATE\""
+    }
+  ];
+  // Define the criteria to query for.
+  repeated PersonalAccessTokensSearchFilter filters = 3;
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
+    example: "{\"pagination\":{\"offset\":0,\"limit\":10,\"asc\":false},\"sortingColumn\":\"PERSONAL_ACCESS_TOKEN_FIELD_NAME_CREATED_DATE\",\"filters\":[{\"andFilter\":{\"filters\":[{\"organizationIdFilter\":{\"organizationId\":\"163840776835432345\",\"method\":\"TEXT_FILTER_METHOD_EQUALS\"}},{\"notFilter\":{\"filter\":{\"userIdFilter\":{\"userId\":\"163840776835432345\",\"method\":\"TEXT_FILTER_METHOD_EQUALS\"}}}},{\"orFilter\":{\"filters\":[{\"personalAccessTokenIdFilter\":{\"personalAccessTokenId\":\"163840776835432345\",\"method\":\"TEXT_FILTER_METHOD_EQUALS\"}},{\"personalAccessTokenIdFilter\":{\"personalAccessTokenId\":\"163840776835432345\",\"method\":\"TEXT_FILTER_METHOD_EQUALS\"}}]}}]}}]}";
+  };
+}
+
+message ListPersonalAccessTokensResponse {
+  zitadel.filter.v2.PaginationResponse pagination = 1;
+  repeated PersonalAccessToken result = 2;
+}

From 1a80e265020844a08586691bea135a69796745c4 Mon Sep 17 00:00:00 2001
From: Max Peintner <max@caos.ch>
Date: Wed, 4 Jun 2025 11:04:52 +0200
Subject: [PATCH 085/123] fix(console): org context for V2 user creation
 (#9971)

# Which Problems Are Solved

This PR addresses a bug in Console V2 APIs, specifically when the
feature toggle is enabled, which caused incorrect organization context
assignment during new user creation.

Co-authored-by: Ramon <mail@conblem.me>
---
 .../user-create/user-create-v2/user-create-v2.component.ts   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/console/src/app/pages/users/user-create/user-create-v2/user-create-v2.component.ts b/console/src/app/pages/users/user-create/user-create-v2/user-create-v2.component.ts
index 9fd765264d..b92c112357 100644
--- a/console/src/app/pages/users/user-create/user-create-v2/user-create-v2.component.ts
+++ b/console/src/app/pages/users/user-create/user-create-v2/user-create-v2.component.ts
@@ -32,6 +32,7 @@ import { withLatestFromSynchronousFix } from 'src/app/utils/withLatestFromSynchr
 import { PasswordComplexityValidatorFactoryService } from 'src/app/services/password-complexity-validator-factory.service';
 import { NewFeatureService } from 'src/app/services/new-feature.service';
 import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
+import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
 
 type PwdForm = ReturnType<UserCreateV2Component['buildPwdForm']>;
 type AuthenticationFactor =
@@ -65,6 +66,7 @@ export class UserCreateV2Component implements OnInit {
     private readonly destroyRef: DestroyRef,
     private readonly route: ActivatedRoute,
     protected readonly location: Location,
+    private readonly authService: GrpcAuthService,
   ) {
     this.userForm = this.buildUserForm();
 
@@ -180,9 +182,12 @@ export class UserCreateV2Component implements OnInit {
   private async createUserV2Try(authenticationFactor: AuthenticationFactor) {
     this.loading.set(true);
 
+    const org = await this.authService.getActiveOrg();
+
     const userValues = this.userForm.getRawValue();
 
     const humanReq: MessageInitShape<typeof AddHumanUserRequestSchema> = {
+      organization: { org: { case: 'orgId', value: org.id } },
       username: userValues.username,
       profile: {
         givenName: userValues.givenName,

From 839c761357f17f51ede7f0a3f0f4a4c96a3863ab Mon Sep 17 00:00:00 2001
From: AnthonyKot <kotatut@gmail.com>
Date: Wed, 4 Jun 2025 11:26:53 +0200
Subject: [PATCH 086/123] fix(FE): allow only enabled factors to be displayed
 on user page (#9313)

# Which Problems Are Solved

- Hides for users MFA options are not allowed by org policy.
- Fix for "ng test" across "console"

# How the Problems Are Solved

- Before displaying MFA options we call "listMyMultiFactors" from parent
component to filter MFA allowed by org

# Additional Changes

- Dependency Injection was fixed around ng unit tests

# Additional Context

admin view
<img width="698" alt="Screenshot 2025-02-06 at 00 26 50"
src="https://github.com/user-attachments/assets/1b642c8a-a640-4bdd-a1ca-bde70c263567"
/>
user view
<img width="751" alt="Screenshot 2025-02-06 at 00 27 16"
src="https://github.com/user-attachments/assets/e1c99907-3226-46ce-b8bc-e993af4b4cae"
/>
test
<img width="1500" alt="Screenshot 2025-02-06 at 00 01 36"
src="https://github.com/user-attachments/assets/d2d8ead1-9f0f-4916-a2fc-f4db9c71cfa8"
/>

The issue: https://github.com/zitadel/zitadel/issues/9176
The bug report:
https://discord.com/channels/927474939156643850/1307006457815896094

---------

Co-authored-by: a k <rdyto1@macbook-pro-1.home>
Co-authored-by: a k <rdyto1@macbook-pro.home>
Co-authored-by: a k <rdyto1@macbook-pro-2.home>
Co-authored-by: Ramon <mail@conblem.me>
---
 console/package.json                          |   1 +
 .../oidc-configuration.component.spec.ts      |  10 +-
 .../modules/domains/domains.component.spec.ts |  10 +-
 .../filter-project.component.spec.ts          |  10 +-
 .../app/modules/input/input.directive.spec.ts |  45 +++++-
 .../app/modules/label/label.component.spec.ts |  10 +-
 .../login-policy/login-policy.component.ts    |   7 +-
 .../message-texts.component.spec.ts           |  10 +-
 .../notification-policy.component.spec.ts     |  10 +-
 ...word-dialog-sms-provider.component.spec.ts |  10 +-
 .../provider-github-es.component.spec.ts      |  10 +-
 ...vider-gitlab-self-hosted.component.spec.ts |  10 +-
 .../provider-gitlab.component.spec.ts         |  10 +-
 .../show-token-dialog.component.spec.ts       |  10 +-
 .../smtp-table/smtp-table.component.spec.ts   |  10 +-
 .../add-action-dialog.component.spec.ts       |  10 +-
 .../add-flow-dialog.component.spec.ts         |  10 +-
 .../auth-factor-dialog.component.html         |  13 +-
 .../auth-factor-dialog.component.ts           |  14 +-
 .../auth-user-mfa.component.spec.ts           | 133 +++++++++++++++++-
 .../auth-user-mfa/auth-user-mfa.component.ts  | 127 +++++++++--------
 .../user-detail/contact/contact.component.ts  |   8 +-
 .../detail-form-machine.component.spec.ts     |  10 +-
 .../passwordless.component.spec.ts            |  10 +-
 console/src/app/services/grpc-auth.service.ts |  45 ------
 console/src/app/services/new-auth.service.ts  |  37 +++++
 console/yarn.lock                             |  25 +++-
 27 files changed, 411 insertions(+), 204 deletions(-)

diff --git a/console/package.json b/console/package.json
index 77a8a40147..0095360017 100644
--- a/console/package.json
+++ b/console/package.json
@@ -82,6 +82,7 @@
     "jasmine-spec-reporter": "~7.0.0",
     "karma": "^6.4.4",
     "karma-chrome-launcher": "^3.2.0",
+    "karma-coverage": "^2.2.1",
     "karma-coverage-istanbul-reporter": "^3.0.3",
     "karma-jasmine": "^5.1.0",
     "karma-jasmine-html-reporter": "^2.1.0",
diff --git a/console/src/app/components/oidc-configuration/oidc-configuration.component.spec.ts b/console/src/app/components/oidc-configuration/oidc-configuration.component.spec.ts
index 6155ba5693..e99aee357c 100644
--- a/console/src/app/components/oidc-configuration/oidc-configuration.component.spec.ts
+++ b/console/src/app/components/oidc-configuration/oidc-configuration.component.spec.ts
@@ -1,16 +1,16 @@
 import { ComponentFixture, TestBed } from '@angular/core/testing';
 
-import { QuickstartComponent } from './quickstart.component';
+import { OIDCConfigurationComponent } from './oidc-configuration.component';
 
 describe('QuickstartComponent', () => {
-  let component: QuickstartComponent;
-  let fixture: ComponentFixture<QuickstartComponent>;
+  let component: OIDCConfigurationComponent;
+  let fixture: ComponentFixture<OIDCConfigurationComponent>;
 
   beforeEach(() => {
     TestBed.configureTestingModule({
-      declarations: [QuickstartComponent],
+      declarations: [OIDCConfigurationComponent],
     });
-    fixture = TestBed.createComponent(QuickstartComponent);
+    fixture = TestBed.createComponent(OIDCConfigurationComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/modules/domains/domains.component.spec.ts b/console/src/app/modules/domains/domains.component.spec.ts
index 127bae48b5..f3d75fb12b 100644
--- a/console/src/app/modules/domains/domains.component.spec.ts
+++ b/console/src/app/modules/domains/domains.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed } from '@angular/core/testing';
 
-import { OrgDomainsComponent } from './org-domains.component';
+import { DomainsComponent } from './domains.component';
 
 describe('OrgDomainsComponent', () => {
-  let component: OrgDomainsComponent;
-  let fixture: ComponentFixture<OrgDomainsComponent>;
+  let component: DomainsComponent;
+  let fixture: ComponentFixture<DomainsComponent>;
 
   beforeEach(async () => {
     await TestBed.configureTestingModule({
-      declarations: [OrgDomainsComponent],
+      declarations: [DomainsComponent],
     }).compileComponents();
   });
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(OrgDomainsComponent);
+    fixture = TestBed.createComponent(DomainsComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/modules/filter-project/filter-project.component.spec.ts b/console/src/app/modules/filter-project/filter-project.component.spec.ts
index 0ed0436db8..ff465d8705 100644
--- a/console/src/app/modules/filter-project/filter-project.component.spec.ts
+++ b/console/src/app/modules/filter-project/filter-project.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed } from '@angular/core/testing';
 
-import { FilterUserComponent } from './filter-user.component';
+import { FilterProjectComponent } from './filter-project.component';
 
 describe('FilterUserComponent', () => {
-  let component: FilterUserComponent;
-  let fixture: ComponentFixture<FilterUserComponent>;
+  let component: FilterProjectComponent;
+  let fixture: ComponentFixture<FilterProjectComponent>;
 
   beforeEach(async () => {
     await TestBed.configureTestingModule({
-      declarations: [FilterUserComponent],
+      declarations: [FilterProjectComponent],
     }).compileComponents();
   });
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(FilterUserComponent);
+    fixture = TestBed.createComponent(FilterProjectComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/modules/input/input.directive.spec.ts b/console/src/app/modules/input/input.directive.spec.ts
index 463fed5431..46544ca096 100644
--- a/console/src/app/modules/input/input.directive.spec.ts
+++ b/console/src/app/modules/input/input.directive.spec.ts
@@ -1,8 +1,49 @@
+import { Component, ElementRef, NgZone } from '@angular/core';
+import { TestBed, ComponentFixture } from '@angular/core/testing';
 import { InputDirective } from './input.directive';
+import { Platform } from '@angular/cdk/platform';
+import { NgControl, NgForm, FormGroupDirective } from '@angular/forms';
+import { ErrorStateMatcher } from '@angular/material/core';
+import { AutofillMonitor } from '@angular/cdk/text-field';
+import { MatFormField } from '@angular/material/form-field';
+import { MAT_INPUT_VALUE_ACCESSOR } from '@angular/material/input';
+import { of } from 'rxjs';
+import { By } from '@angular/platform-browser';
+
+@Component({
+  template: `<input appInputDirective />`,
+})
+class TestHostComponent {}
 
 describe('InputDirective', () => {
+  let fixture: ComponentFixture<TestHostComponent>;
+
+  beforeEach(() => {
+    TestBed.configureTestingModule({
+      declarations: [InputDirective, TestHostComponent],
+      providers: [
+        { provide: ElementRef, useValue: new ElementRef(document.createElement('input')) },
+        Platform,
+        { provide: NgControl, useValue: null },
+        { provide: NgForm, useValue: null },
+        { provide: FormGroupDirective, useValue: null },
+        ErrorStateMatcher,
+        { provide: MAT_INPUT_VALUE_ACCESSOR, useValue: null },
+        {
+          provide: AutofillMonitor,
+          useValue: { monitor: () => of(), stopMonitoring: () => {} },
+        },
+        NgZone,
+        { provide: MatFormField, useValue: null },
+      ],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(TestHostComponent);
+    fixture.detectChanges();
+  });
+
   it('should create an instance', () => {
-    const directive = new InputDirective();
-    expect(directive).toBeTruthy();
+    const directiveEl = fixture.debugElement.query(By.directive(InputDirective));
+    expect(directiveEl).toBeTruthy();
   });
 });
diff --git a/console/src/app/modules/label/label.component.spec.ts b/console/src/app/modules/label/label.component.spec.ts
index 2b29b30873..e719aa3775 100644
--- a/console/src/app/modules/label/label.component.spec.ts
+++ b/console/src/app/modules/label/label.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { AvatarComponent } from './avatar.component';
+import { LabelComponent } from './label.component';
 
 describe('AvatarComponent', () => {
-  let component: AvatarComponent;
-  let fixture: ComponentFixture<AvatarComponent>;
+  let component: LabelComponent;
+  let fixture: ComponentFixture<LabelComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [AvatarComponent],
+      declarations: [LabelComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(AvatarComponent);
+    fixture = TestBed.createComponent(LabelComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/modules/policies/login-policy/login-policy.component.ts b/console/src/app/modules/policies/login-policy/login-policy.component.ts
index b4e4557f00..5dd85b8b38 100644
--- a/console/src/app/modules/policies/login-policy/login-policy.component.ts
+++ b/console/src/app/modules/policies/login-policy/login-policy.component.ts
@@ -2,14 +2,12 @@ import { Component, Injector, Input, OnDestroy, OnInit, Type } from '@angular/co
 import { AbstractControl, UntypedFormBuilder, UntypedFormGroup } from '@angular/forms';
 import { MatDialog } from '@angular/material/dialog';
 import { Duration } from 'google-protobuf/google/protobuf/duration_pb';
-import { firstValueFrom, forkJoin, from, Observable, of, Subject, take } from 'rxjs';
+import { forkJoin, from, of, Subject, take } from 'rxjs';
 import {
   GetLoginPolicyResponse as AdminGetLoginPolicyResponse,
   UpdateLoginPolicyRequest,
-  UpdateLoginPolicyResponse,
 } from 'src/app/proto/generated/zitadel/admin_pb';
 import {
-  AddCustomLoginPolicyRequest,
   GetLoginPolicyResponse as MgmtGetLoginPolicyResponse,
   UpdateCustomLoginPolicyRequest,
 } from 'src/app/proto/generated/zitadel/management_pb';
@@ -24,8 +22,7 @@ import { InfoSectionType } from '../../info-section/info-section.component';
 import { WarnDialogComponent } from '../../warn-dialog/warn-dialog.component';
 import { PolicyComponentServiceType } from '../policy-component-types.enum';
 import { LoginMethodComponentType } from './factor-table/factor-table.component';
-import { catchError, map, takeUntil } from 'rxjs/operators';
-import { error } from 'console';
+import { map, takeUntil } from 'rxjs/operators';
 import { LoginPolicyService } from '../../../services/login-policy.service';
 
 const minValueValidator = (minValue: number) => (control: AbstractControl) => {
diff --git a/console/src/app/modules/policies/message-texts/message-texts.component.spec.ts b/console/src/app/modules/policies/message-texts/message-texts.component.spec.ts
index 71dd427da5..e5569f9ed3 100644
--- a/console/src/app/modules/policies/message-texts/message-texts.component.spec.ts
+++ b/console/src/app/modules/policies/message-texts/message-texts.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { LoginPolicyComponent } from './login-policy.component';
+import { MessageTextsComponent } from './message-texts.component';
 
 describe('LoginPolicyComponent', () => {
-  let component: LoginPolicyComponent;
-  let fixture: ComponentFixture<LoginPolicyComponent>;
+  let component: MessageTextsComponent;
+  let fixture: ComponentFixture<MessageTextsComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [LoginPolicyComponent],
+      declarations: [MessageTextsComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(LoginPolicyComponent);
+    fixture = TestBed.createComponent(MessageTextsComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/modules/policies/notification-policy/notification-policy.component.spec.ts b/console/src/app/modules/policies/notification-policy/notification-policy.component.spec.ts
index c323d884f1..f529e143a5 100644
--- a/console/src/app/modules/policies/notification-policy/notification-policy.component.spec.ts
+++ b/console/src/app/modules/policies/notification-policy/notification-policy.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { PasswordComplexityPolicyComponent } from './password-complexity-policy.component';
+import { NotificationPolicyComponent } from './notification-policy.component';
 
 describe('PasswordComplexityPolicyComponent', () => {
-  let component: PasswordComplexityPolicyComponent;
-  let fixture: ComponentFixture<PasswordComplexityPolicyComponent>;
+  let component: NotificationPolicyComponent;
+  let fixture: ComponentFixture<NotificationPolicyComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [PasswordComplexityPolicyComponent],
+      declarations: [NotificationPolicyComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(PasswordComplexityPolicyComponent);
+    fixture = TestBed.createComponent(NotificationPolicyComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/modules/policies/notification-sms-provider/password-dialog-sms-provider/password-dialog-sms-provider.component.spec.ts b/console/src/app/modules/policies/notification-sms-provider/password-dialog-sms-provider/password-dialog-sms-provider.component.spec.ts
index 034bbe8de0..b009b03757 100644
--- a/console/src/app/modules/policies/notification-sms-provider/password-dialog-sms-provider/password-dialog-sms-provider.component.spec.ts
+++ b/console/src/app/modules/policies/notification-sms-provider/password-dialog-sms-provider/password-dialog-sms-provider.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { PasswordDialogComponent } from './password-dialog-sms-provider.component';
+import { PasswordDialogSMSProviderComponent } from './password-dialog-sms-provider.component';
 
 describe('PasswordDialogComponent', () => {
-  let component: PasswordDialogComponent;
-  let fixture: ComponentFixture<PasswordDialogComponent>;
+  let component: PasswordDialogSMSProviderComponent;
+  let fixture: ComponentFixture<PasswordDialogSMSProviderComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [PasswordDialogComponent],
+      declarations: [PasswordDialogSMSProviderComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(PasswordDialogComponent);
+    fixture = TestBed.createComponent(PasswordDialogSMSProviderComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/modules/providers/provider-github-es/provider-github-es.component.spec.ts b/console/src/app/modules/providers/provider-github-es/provider-github-es.component.spec.ts
index 0086bf0ce3..304004d0cf 100644
--- a/console/src/app/modules/providers/provider-github-es/provider-github-es.component.spec.ts
+++ b/console/src/app/modules/providers/provider-github-es/provider-github-es.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { ProviderOAuthComponent } from './provider-oauth.component';
+import { ProviderGithubESComponent } from './provider-github-es.component';
 
 describe('ProviderOAuthComponent', () => {
-  let component: ProviderOAuthComponent;
-  let fixture: ComponentFixture<ProviderOAuthComponent>;
+  let component: ProviderGithubESComponent;
+  let fixture: ComponentFixture<ProviderGithubESComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [ProviderOAuthComponent],
+      declarations: [ProviderGithubESComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(ProviderOAuthComponent);
+    fixture = TestBed.createComponent(ProviderGithubESComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/modules/providers/provider-gitlab-self-hosted/provider-gitlab-self-hosted.component.spec.ts b/console/src/app/modules/providers/provider-gitlab-self-hosted/provider-gitlab-self-hosted.component.spec.ts
index 3b6fdadce3..5a0bbf6d08 100644
--- a/console/src/app/modules/providers/provider-gitlab-self-hosted/provider-gitlab-self-hosted.component.spec.ts
+++ b/console/src/app/modules/providers/provider-gitlab-self-hosted/provider-gitlab-self-hosted.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { ProviderGoogleComponent } from './provider-google.component';
+import { ProviderGitlabSelfHostedComponent } from './provider-gitlab-self-hosted.component';
 
 describe('ProviderGoogleComponent', () => {
-  let component: ProviderGoogleComponent;
-  let fixture: ComponentFixture<ProviderGoogleComponent>;
+  let component: ProviderGitlabSelfHostedComponent;
+  let fixture: ComponentFixture<ProviderGitlabSelfHostedComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [ProviderGoogleComponent],
+      declarations: [ProviderGitlabSelfHostedComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(ProviderGoogleComponent);
+    fixture = TestBed.createComponent(ProviderGitlabSelfHostedComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/modules/providers/provider-gitlab/provider-gitlab.component.spec.ts b/console/src/app/modules/providers/provider-gitlab/provider-gitlab.component.spec.ts
index 3b6fdadce3..7b5becd782 100644
--- a/console/src/app/modules/providers/provider-gitlab/provider-gitlab.component.spec.ts
+++ b/console/src/app/modules/providers/provider-gitlab/provider-gitlab.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { ProviderGoogleComponent } from './provider-google.component';
+import { ProviderGitlabComponent } from './provider-gitlab.component';
 
 describe('ProviderGoogleComponent', () => {
-  let component: ProviderGoogleComponent;
-  let fixture: ComponentFixture<ProviderGoogleComponent>;
+  let component: ProviderGitlabComponent;
+  let fixture: ComponentFixture<ProviderGitlabComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [ProviderGoogleComponent],
+      declarations: [ProviderGitlabComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(ProviderGoogleComponent);
+    fixture = TestBed.createComponent(ProviderGitlabComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/modules/show-token-dialog/show-token-dialog.component.spec.ts b/console/src/app/modules/show-token-dialog/show-token-dialog.component.spec.ts
index de74dc7522..35f4dbcf77 100644
--- a/console/src/app/modules/show-token-dialog/show-token-dialog.component.spec.ts
+++ b/console/src/app/modules/show-token-dialog/show-token-dialog.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { ShowKeyDialogComponent } from './show-key-dialog.component';
+import { ShowTokenDialogComponent } from './show-token-dialog.component';
 
 describe('ShowKeyDialogComponent', () => {
-  let component: ShowKeyDialogComponent;
-  let fixture: ComponentFixture<ShowKeyDialogComponent>;
+  let component: ShowTokenDialogComponent;
+  let fixture: ComponentFixture<ShowTokenDialogComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [ShowKeyDialogComponent],
+      declarations: [ShowTokenDialogComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(ShowKeyDialogComponent);
+    fixture = TestBed.createComponent(ShowTokenDialogComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/modules/smtp-table/smtp-table.component.spec.ts b/console/src/app/modules/smtp-table/smtp-table.component.spec.ts
index 8095d73255..fe4719482c 100644
--- a/console/src/app/modules/smtp-table/smtp-table.component.spec.ts
+++ b/console/src/app/modules/smtp-table/smtp-table.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { IdpTableComponent } from './smtp-table.component';
+import { SMTPTableComponent } from './smtp-table.component';
 
 describe('UserTableComponent', () => {
-  let component: IdpTableComponent;
-  let fixture: ComponentFixture<IdpTableComponent>;
+  let component: SMTPTableComponent;
+  let fixture: ComponentFixture<SMTPTableComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [IdpTableComponent],
+      declarations: [SMTPTableComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(IdpTableComponent);
+    fixture = TestBed.createComponent(SMTPTableComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/pages/actions/add-action-dialog/add-action-dialog.component.spec.ts b/console/src/app/pages/actions/add-action-dialog/add-action-dialog.component.spec.ts
index f4b79bee55..b7c7069728 100644
--- a/console/src/app/pages/actions/add-action-dialog/add-action-dialog.component.spec.ts
+++ b/console/src/app/pages/actions/add-action-dialog/add-action-dialog.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { AddKeyDialogComponent } from './add-key-dialog.component';
+import { AddActionDialogComponent } from './add-action-dialog.component';
 
 describe('AddKeyDialogComponent', () => {
-  let component: AddKeyDialogComponent;
-  let fixture: ComponentFixture<AddKeyDialogComponent>;
+  let component: AddActionDialogComponent;
+  let fixture: ComponentFixture<AddActionDialogComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [AddKeyDialogComponent],
+      declarations: [AddActionDialogComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(AddKeyDialogComponent);
+    fixture = TestBed.createComponent(AddActionDialogComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/pages/actions/add-flow-dialog/add-flow-dialog.component.spec.ts b/console/src/app/pages/actions/add-flow-dialog/add-flow-dialog.component.spec.ts
index f4b79bee55..ca9b7c4507 100644
--- a/console/src/app/pages/actions/add-flow-dialog/add-flow-dialog.component.spec.ts
+++ b/console/src/app/pages/actions/add-flow-dialog/add-flow-dialog.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { AddKeyDialogComponent } from './add-key-dialog.component';
+import { AddFlowDialogComponent } from './add-flow-dialog.component';
 
 describe('AddKeyDialogComponent', () => {
-  let component: AddKeyDialogComponent;
-  let fixture: ComponentFixture<AddKeyDialogComponent>;
+  let component: AddFlowDialogComponent;
+  let fixture: ComponentFixture<AddFlowDialogComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [AddKeyDialogComponent],
+      declarations: [AddFlowDialogComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(AddKeyDialogComponent);
+    fixture = TestBed.createComponent(AddFlowDialogComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/pages/users/user-detail/auth-user-detail/auth-factor-dialog/auth-factor-dialog.component.html b/console/src/app/pages/users/user-detail/auth-user-detail/auth-factor-dialog/auth-factor-dialog.component.html
index e36ec2bcbb..22a4498090 100644
--- a/console/src/app/pages/users/user-detail/auth-user-detail/auth-factor-dialog/auth-factor-dialog.component.html
+++ b/console/src/app/pages/users/user-detail/auth-user-detail/auth-factor-dialog/auth-factor-dialog.component.html
@@ -1,5 +1,5 @@
 <h1 mat-dialog-title>
-  <span class="title">{{ 'USER.MFA.DIALOG.ADD_MFA_TITLE' | translate }} {{ data?.number }}</span>
+  <span class="title">{{ 'USER.MFA.DIALOG.ADD_MFA_TITLE' | translate }}</span>
 </h1>
 <div mat-dialog-content>
   <ng-container *ngIf="selectedType === undefined">
@@ -7,6 +7,7 @@
 
     <div class="type-selection">
       <button
+        *ngIf="data.otp$ | async"
         mat-stroked-button
         [disabled]="data.otpDisabled$ | async"
         (click)="selectType(AuthFactorType.OTP)"
@@ -56,7 +57,7 @@
           <span>{{ 'USER.MFA.OTP' | translate }}</span>
         </div>
       </button>
-      <button mat-stroked-button (click)="selectType(AuthFactorType.U2F)">
+      <button *ngIf="data.u2f$ | async" mat-stroked-button (click)="selectType(AuthFactorType.U2F)">
         <div class="u2f-btn">
           <div class="icon-row">
             <svg
@@ -78,6 +79,7 @@
         </div>
       </button>
       <button
+        *ngIf="data.otpSms$ | async"
         [disabled]="!data.phoneVerified || (data.otpSmsDisabled$ | async)"
         mat-stroked-button
         (click)="selectType(AuthFactorType.OTPSMS)"
@@ -110,7 +112,12 @@
           </div>
         </div>
       </button>
-      <button [disabled]="data.otpEmailDisabled$ | async" mat-stroked-button (click)="selectType(AuthFactorType.OTPEMAIL)">
+      <button
+        *ngIf="data.otpEmail$ | async"
+        [disabled]="data.otpEmailDisabled$ | async"
+        mat-stroked-button
+        (click)="selectType(AuthFactorType.OTPEMAIL)"
+      >
         <div class="otp-btn">
           <div class="icon-row">
             <svg
diff --git a/console/src/app/pages/users/user-detail/auth-user-detail/auth-factor-dialog/auth-factor-dialog.component.ts b/console/src/app/pages/users/user-detail/auth-user-detail/auth-factor-dialog/auth-factor-dialog.component.ts
index 1b2132deee..1974672c90 100644
--- a/console/src/app/pages/users/user-detail/auth-user-detail/auth-factor-dialog/auth-factor-dialog.component.ts
+++ b/console/src/app/pages/users/user-detail/auth-user-detail/auth-factor-dialog/auth-factor-dialog.component.ts
@@ -2,6 +2,7 @@ import { Component, Inject } from '@angular/core';
 import { MatDialogRef, MAT_DIALOG_DATA } from '@angular/material/dialog';
 import { TranslateService } from '@ngx-translate/core';
 import { take } from 'rxjs/operators';
+import { Observable } from 'rxjs';
 import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
 import { ToastService } from 'src/app/services/toast.service';
 
@@ -16,6 +17,17 @@ export enum AuthFactorType {
   OTPEMAIL,
 }
 
+export type AddAuthFactorDialogData = {
+  otp$: Observable<boolean>;
+  u2f$: Observable<boolean>;
+  otpSms$: Observable<boolean>;
+  otpEmail$: Observable<boolean>;
+  otpDisabled$: Observable<boolean>;
+  otpSmsDisabled$: Observable<boolean>;
+  otpEmailDisabled$: Observable<boolean>;
+  phoneVerified: boolean;
+};
+
 @Component({
   selector: 'cnsl-auth-factor-dialog',
   templateUrl: './auth-factor-dialog.component.html',
@@ -44,7 +56,7 @@ export class AuthFactorDialogComponent {
     private toast: ToastService,
     private translate: TranslateService,
     public dialogRef: MatDialogRef<AuthFactorDialogComponent>,
-    @Inject(MAT_DIALOG_DATA) public data: any,
+    @Inject(MAT_DIALOG_DATA) public data: AddAuthFactorDialogData,
   ) {}
 
   closeDialog(code: string = ''): void {
diff --git a/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-mfa/auth-user-mfa.component.spec.ts b/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-mfa/auth-user-mfa.component.spec.ts
index 5f14ff1318..9a905a4836 100644
--- a/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-mfa/auth-user-mfa.component.spec.ts
+++ b/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-mfa/auth-user-mfa.component.spec.ts
@@ -1,24 +1,147 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
-
+import { of } from 'rxjs';
 import { AuthUserMfaComponent } from './auth-user-mfa.component';
+import { ToastService } from 'src/app/services/toast.service';
+import { MatDialog } from '@angular/material/dialog';
+import { NewAuthService } from 'src/app/services/new-auth.service';
+import { SecondFactorType } from 'src/app/proto/generated/zitadel/policy_pb';
+import { CardComponent } from 'src/app/modules/card/card.component';
+import { RefreshTableComponent } from 'src/app/modules/refresh-table/refresh-table.component';
+import { TranslateModule } from '@ngx-translate/core';
+import { MatIconModule } from '@angular/material/icon';
+import { MatTableModule } from '@angular/material/table';
+import { MatTooltipModule } from '@angular/material/tooltip';
+import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
+import { AuthFactor, AuthFactorState } from '@zitadel/proto/zitadel/user_pb';
 
 describe('AuthUserMfaComponent', () => {
-  let component: AuthUserMfaComponent;
-  let fixture: ComponentFixture<AuthUserMfaComponent>;
+  // Create a test host component that extends the original component
+  class TestHostComponent extends AuthUserMfaComponent {
+    // Expose protected properties for testing
+    public getOtpEmailDisabled$() {
+      return this.otpEmailDisabled$;
+    }
+
+    public getOtpDisabled$() {
+      return this.otpDisabled$;
+    }
+
+    public getOtpSmsDisabled$() {
+      return this.otpSmsDisabled$;
+    }
+  }
+
+  let component: TestHostComponent;
+  let fixture: ComponentFixture<TestHostComponent>;
+  let serviceStub: Partial<NewAuthService>;
+  let toastStub: Partial<ToastService>;
+  let dialogStub: Partial<MatDialog>;
 
   beforeEach(waitForAsync(() => {
+    // Create stubs for required services
+    serviceStub = {
+      listMyMultiFactors: jasmine.createSpy('listMyMultiFactors').and.returnValue(
+        Promise.resolve({
+          result: [
+            { type: { case: 'otp' }, state: AuthFactorState.READY, $typeName: 'zitadel.user.v1.AuthFactor' } as AuthFactor,
+            {
+              type: { case: 'otpSms' },
+              state: AuthFactorState.READY,
+              $typeName: 'zitadel.user.v1.AuthFactor',
+            } as AuthFactor,
+            {
+              type: { case: 'otpEmail' },
+              state: AuthFactorState.READY,
+              $typeName: 'zitadel.user.v1.AuthFactor',
+            } as AuthFactor,
+          ],
+        }),
+      ),
+      getMyLoginPolicy: jasmine.createSpy('getMyLoginPolicy').and.returnValue(
+        Promise.resolve({
+          policy: {
+            secondFactorsList: [
+              SecondFactorType.SECOND_FACTOR_TYPE_OTP,
+              SecondFactorType.SECOND_FACTOR_TYPE_U2F,
+              SecondFactorType.SECOND_FACTOR_TYPE_OTP_EMAIL,
+              SecondFactorType.SECOND_FACTOR_TYPE_OTP_SMS,
+            ],
+          },
+        }),
+      ),
+      removeMyMultiFactorOTP: jasmine.createSpy('removeMyMultiFactorOTP').and.returnValue(Promise.resolve()),
+      removeMyMultiFactorU2F: jasmine.createSpy('removeMyMultiFactorU2F').and.returnValue(Promise.resolve()),
+      removeMyAuthFactorOTPEmail: jasmine.createSpy('removeMyAuthFactorOTPEmail').and.returnValue(Promise.resolve()),
+      removeMyAuthFactorOTPSMS: jasmine.createSpy('removeMyAuthFactorOTPSMS').and.returnValue(Promise.resolve()),
+    };
+
+    toastStub = {
+      showInfo: jasmine.createSpy('showInfo'),
+      showError: jasmine.createSpy('showError'),
+    };
+
+    dialogStub = {
+      // Opened dialog returns a truthy value after closing
+      open: jasmine.createSpy('open').and.returnValue({
+        afterClosed: () => of(true),
+      }),
+    };
+
     TestBed.configureTestingModule({
-      declarations: [AuthUserMfaComponent],
+      declarations: [TestHostComponent, CardComponent, RefreshTableComponent], // Use TestHostComponent instead
+      imports: [MatIconModule, TranslateModule.forRoot(), MatTooltipModule, MatTableModule, BrowserAnimationsModule],
+      providers: [
+        { provide: NewAuthService, useValue: serviceStub },
+        { provide: ToastService, useValue: toastStub },
+        { provide: MatDialog, useValue: dialogStub },
+      ],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(AuthUserMfaComponent);
+    fixture = TestBed.createComponent(TestHostComponent); // Use TestHostComponent
     component = fixture.componentInstance;
+    // Optionally set the phoneVerified input if needed by your tests
+    component.phoneVerified = true;
     fixture.detectChanges();
   });
 
   it('should create', () => {
     expect(component).toBeTruthy();
   });
+
+  it('should call getMFAs and update dataSource and disable flags', async () => {
+    // Call the method and wait for the Promise resolution
+    await component.getMFAs();
+    fixture.detectChanges();
+
+    expect(serviceStub.listMyMultiFactors).toHaveBeenCalled();
+    // Our stub returns 3 items
+    expect(component.dataSource.data.length).toBe(3);
+
+    // Use the public getter methods to access protected properties
+    component.getOtpDisabled$().subscribe((value) => {
+      expect(value).toBeTrue();
+    });
+    component.getOtpSmsDisabled$().subscribe((value) => {
+      expect(value).toBeTrue();
+    });
+    component.getOtpEmailDisabled$().subscribe((value) => {
+      expect(value).toBeTrue();
+    });
+  });
+
+  it('should call deleteMFA and remove OTP factor', async () => {
+    // OTP is set
+    const factor = {
+      type: { case: 'otp' },
+      state: AuthFactorState.READY,
+      $typeName: 'zitadel.user.v1.AuthFactor',
+    } as AuthFactor;
+    await component.deleteMFA(factor);
+
+    // Verify that the service method for OTP removal was called
+    expect(serviceStub.removeMyMultiFactorOTP).toHaveBeenCalled();
+    expect(serviceStub.listMyMultiFactors).toHaveBeenCalled();
+  });
 });
diff --git a/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-mfa/auth-user-mfa.component.ts b/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-mfa/auth-user-mfa.component.ts
index 1d43c822be..6d02b19ab0 100644
--- a/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-mfa/auth-user-mfa.component.ts
+++ b/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-mfa/auth-user-mfa.component.ts
@@ -4,12 +4,12 @@ import { MatSort } from '@angular/material/sort';
 import { MatTable, MatTableDataSource } from '@angular/material/table';
 import { BehaviorSubject, Observable } from 'rxjs';
 import { WarnDialogComponent } from 'src/app/modules/warn-dialog/warn-dialog.component';
-import { AuthFactor, AuthFactorState } from 'src/app/proto/generated/zitadel/user_pb';
-import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
+import { AuthFactorState } from 'src/app/proto/generated/zitadel/user_pb';
+import { NewAuthService } from 'src/app/services/new-auth.service';
 import { ToastService } from 'src/app/services/toast.service';
-
-import { AuthFactorDialogComponent } from '../auth-factor-dialog/auth-factor-dialog.component';
-
+import { AddAuthFactorDialogData, AuthFactorDialogComponent } from '../auth-factor-dialog/auth-factor-dialog.component';
+import { AuthFactor } from '@zitadel/proto/zitadel/user_pb';
+import { SecondFactorType } from '@zitadel/proto/zitadel/policy_pb';
 export interface WebAuthNOptions {
   challenge: string;
   rp: { name: string; id: string };
@@ -30,26 +30,31 @@ export class AuthUserMfaComponent implements OnInit, OnDestroy {
   private loadingSubject: BehaviorSubject<boolean> = new BehaviorSubject<boolean>(false);
   public loading$: Observable<boolean> = this.loadingSubject.asObservable();
 
-  @ViewChild(MatTable) public table!: MatTable<AuthFactor.AsObject>;
+  @ViewChild(MatTable) public table!: MatTable<AuthFactor>;
   @ViewChild(MatSort) public sort!: MatSort;
   @Input() public phoneVerified: boolean = false;
-  public dataSource: MatTableDataSource<AuthFactor.AsObject> = new MatTableDataSource<AuthFactor.AsObject>([]);
-
   public AuthFactorState: any = AuthFactorState;
+  public dataSource: MatTableDataSource<AuthFactor> = new MatTableDataSource<AuthFactor>([]);
 
-  public error: string = '';
-  public otpDisabled$ = new BehaviorSubject<boolean>(true);
-  public otpSmsDisabled$ = new BehaviorSubject<boolean>(true);
-  public otpEmailDisabled$ = new BehaviorSubject<boolean>(true);
+  protected error: string = '';
+
+  protected otpAvailable$ = new BehaviorSubject<boolean>(false);
+  protected u2fAvailable$ = new BehaviorSubject<boolean>(false);
+  protected otpSmsAvailable$ = new BehaviorSubject<boolean>(false);
+  protected otpEmailAvailable$ = new BehaviorSubject<boolean>(false);
+  protected otpDisabled$ = new BehaviorSubject<boolean>(true);
+  protected otpSmsDisabled$ = new BehaviorSubject<boolean>(true);
+  protected otpEmailDisabled$ = new BehaviorSubject<boolean>(true);
 
   constructor(
-    private service: GrpcAuthService,
-    private toast: ToastService,
-    private dialog: MatDialog,
+    private readonly service: NewAuthService,
+    private readonly toast: ToastService,
+    private readonly dialog: MatDialog,
   ) {}
 
   public ngOnInit(): void {
     this.getMFAs();
+    this.applyOrgPolicy();
   }
 
   public ngOnDestroy(): void {
@@ -57,13 +62,19 @@ export class AuthUserMfaComponent implements OnInit, OnDestroy {
   }
 
   public addAuthFactor(): void {
+    const data: AddAuthFactorDialogData = {
+      otp$: this.otpAvailable$,
+      u2f$: this.u2fAvailable$,
+      otpSms$: this.otpSmsAvailable$,
+      otpEmail$: this.otpEmailAvailable$,
+      otpDisabled$: this.otpDisabled$,
+      otpSmsDisabled$: this.otpSmsDisabled$,
+      otpEmailDisabled$: this.otpEmailDisabled$,
+      phoneVerified: this.phoneVerified,
+    } as const;
+
     const dialogRef = this.dialog.open(AuthFactorDialogComponent, {
-      data: {
-        otpDisabled$: this.otpDisabled$,
-        otpSmsDisabled$: this.otpSmsDisabled$,
-        otpEmailDisabled$: this.otpEmailDisabled$,
-        phoneVerified: this.phoneVerified,
-      },
+      data: data,
     });
 
     dialogRef.afterClosed().subscribe(() => {
@@ -75,48 +86,32 @@ export class AuthUserMfaComponent implements OnInit, OnDestroy {
     this.service
       .listMyMultiFactors()
       .then((mfas) => {
-        const list = mfas.resultList;
+        const list: AuthFactor[] = mfas.result;
         this.dataSource = new MatTableDataSource(list);
         this.dataSource.sort = this.sort;
 
-        const index = list.findIndex((mfa) => mfa.otp);
-        if (index === -1) {
-          this.otpDisabled$.next(false);
-        }
-
-        const sms = list.findIndex((mfa) => mfa.otpSms);
-        if (sms === -1) {
-          this.otpSmsDisabled$.next(false);
-        }
-
-        const email = list.findIndex((mfa) => mfa.otpEmail);
-        if (email === -1) {
-          this.otpEmailDisabled$.next(false);
-        }
+        this.disableAuthFactor(list, 'otp', this.otpDisabled$);
+        this.disableAuthFactor(list, 'otpSms', this.otpSmsDisabled$);
+        this.disableAuthFactor(list, 'otpEmail', this.otpEmailDisabled$);
       })
       .catch((error) => {
         this.error = error.message;
       });
   }
 
-  private cleanupList(): void {
-    const totp = this.dataSource.data.findIndex((mfa) => !!mfa.otp);
-    if (totp > -1) {
-      this.dataSource.data.splice(totp, 1);
-    }
-
-    const sms = this.dataSource.data.findIndex((mfa) => !!mfa.otpSms);
-    if (sms > -1) {
-      this.dataSource.data.splice(sms, 1);
-    }
-
-    const email = this.dataSource.data.findIndex((mfa) => !!mfa.otpEmail);
-    if (email > -1) {
-      this.dataSource.data.splice(email, 1);
-    }
+  public applyOrgPolicy(): void {
+    this.service.getMyLoginPolicy().then((resp) => {
+      if (resp && resp.policy) {
+        const secondFactors = resp.policy?.secondFactors;
+        this.displayAuthFactorBasedOnPolicy(secondFactors, SecondFactorType.OTP, this.otpAvailable$);
+        this.displayAuthFactorBasedOnPolicy(secondFactors, SecondFactorType.U2F, this.u2fAvailable$);
+        this.displayAuthFactorBasedOnPolicy(secondFactors, SecondFactorType.OTP_EMAIL, this.otpEmailAvailable$);
+        this.displayAuthFactorBasedOnPolicy(secondFactors, SecondFactorType.OTP_SMS, this.otpSmsAvailable$);
+      }
+    });
   }
 
-  public deleteMFA(factor: AuthFactor.AsObject): void {
+  public deleteMFA(factor: AuthFactor): void {
     const dialogRef = this.dialog.open(WarnDialogComponent, {
       data: {
         confirmKey: 'ACTIONS.DELETE',
@@ -129,7 +124,7 @@ export class AuthUserMfaComponent implements OnInit, OnDestroy {
 
     dialogRef.afterClosed().subscribe((resp) => {
       if (resp) {
-        if (factor.otp) {
+        if (factor.type.case === 'otp') {
           this.service
             .removeMyMultiFactorOTP()
             .then(() => {
@@ -141,9 +136,9 @@ export class AuthUserMfaComponent implements OnInit, OnDestroy {
             .catch((error) => {
               this.toast.showError(error);
             });
-        } else if (factor.u2f) {
+        } else if (factor.type.case === 'u2f') {
           this.service
-            .removeMyMultiFactorU2F(factor.u2f.id)
+            .removeMyMultiFactorU2F(factor.type.value.id)
             .then(() => {
               this.toast.showInfo('USER.TOAST.U2FREMOVED', true);
 
@@ -153,7 +148,7 @@ export class AuthUserMfaComponent implements OnInit, OnDestroy {
             .catch((error) => {
               this.toast.showError(error);
             });
-        } else if (factor.otpEmail) {
+        } else if (factor.type.case === 'otpEmail') {
           this.service
             .removeMyAuthFactorOTPEmail()
             .then(() => {
@@ -165,7 +160,7 @@ export class AuthUserMfaComponent implements OnInit, OnDestroy {
             .catch((error) => {
               this.toast.showError(error);
             });
-        } else if (factor.otpSms) {
+        } else if (factor.type.case === 'otpSms') {
           this.service
             .removeMyAuthFactorOTPSMS()
             .then(() => {
@@ -181,4 +176,22 @@ export class AuthUserMfaComponent implements OnInit, OnDestroy {
       }
     });
   }
+
+  private cleanupList(): void {
+    this.dataSource.data = this.dataSource.data.filter((mfa: AuthFactor) => {
+      return mfa.type.case;
+    });
+  }
+
+  private disableAuthFactor(mfas: AuthFactor[], key: string, subject: BehaviorSubject<boolean>): void {
+    subject.next(mfas.some((mfa) => mfa.type.case === key));
+  }
+
+  private displayAuthFactorBasedOnPolicy(
+    factors: SecondFactorType[],
+    factor: SecondFactorType,
+    subject: BehaviorSubject<boolean>,
+  ): void {
+    subject.next(factors.some((f) => f === factor));
+  }
 }
diff --git a/console/src/app/pages/users/user-detail/contact/contact.component.ts b/console/src/app/pages/users/user-detail/contact/contact.component.ts
index fd16d40c57..368ee44215 100644
--- a/console/src/app/pages/users/user-detail/contact/contact.component.ts
+++ b/console/src/app/pages/users/user-detail/contact/contact.component.ts
@@ -2,7 +2,7 @@ import { Component, EventEmitter, Input, Output } from '@angular/core';
 import { MatDialog } from '@angular/material/dialog';
 import { WarnDialogComponent } from 'src/app/modules/warn-dialog/warn-dialog.component';
 
-import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
+import { NewAuthService } from 'src/app/services/new-auth.service';
 import { CodeDialogComponent } from '../auth-user-detail/code-dialog/code-dialog.component';
 import { EditDialogType } from '../auth-user-detail/edit-dialog/edit-dialog.component';
 import { HumanUser, UserState } from '@zitadel/proto/zitadel/user/v2/user_pb';
@@ -28,12 +28,12 @@ export class ContactComponent {
   public EditDialogType: any = EditDialogType;
   constructor(
     private dialog: MatDialog,
-    private authService: GrpcAuthService,
+    private authService: NewAuthService,
   ) {}
 
   async emitDeletePhone(): Promise<void> {
-    const { resultList } = await this.authService.listMyMultiFactors();
-    const hasSMSOTP = !!resultList.find((mfa) => mfa.otpSms);
+    const { result } = await this.authService.listMyMultiFactors();
+    const hasSMSOTP = !!result.some((mfa) => mfa.type.case === 'otpSms');
 
     const dialogRef = this.dialog.open(WarnDialogComponent, {
       data: {
diff --git a/console/src/app/pages/users/user-detail/detail-form-machine/detail-form-machine.component.spec.ts b/console/src/app/pages/users/user-detail/detail-form-machine/detail-form-machine.component.spec.ts
index f6faa04959..77df969b31 100644
--- a/console/src/app/pages/users/user-detail/detail-form-machine/detail-form-machine.component.spec.ts
+++ b/console/src/app/pages/users/user-detail/detail-form-machine/detail-form-machine.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { DetailFormComponent } from './detail-form.component';
+import { DetailFormMachineComponent } from './detail-form-machine.component';
 
 describe('DetailFormComponent', () => {
-  let component: DetailFormComponent;
-  let fixture: ComponentFixture<DetailFormComponent>;
+  let component: DetailFormMachineComponent;
+  let fixture: ComponentFixture<DetailFormMachineComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [DetailFormComponent],
+      declarations: [DetailFormMachineComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(DetailFormComponent);
+    fixture = TestBed.createComponent(DetailFormMachineComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/pages/users/user-detail/user-detail/passwordless/passwordless.component.spec.ts b/console/src/app/pages/users/user-detail/user-detail/passwordless/passwordless.component.spec.ts
index 67436f440e..4174901596 100644
--- a/console/src/app/pages/users/user-detail/user-detail/passwordless/passwordless.component.spec.ts
+++ b/console/src/app/pages/users/user-detail/user-detail/passwordless/passwordless.component.spec.ts
@@ -1,19 +1,19 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
-import { AuthPasswordlessComponent } from './auth-passwordless.component';
+import { PasswordlessComponent } from './passwordless.component';
 
 describe('AuthPasswordlessComponent', () => {
-  let component: AuthPasswordlessComponent;
-  let fixture: ComponentFixture<AuthPasswordlessComponent>;
+  let component: PasswordlessComponent;
+  let fixture: ComponentFixture<PasswordlessComponent>;
 
   beforeEach(waitForAsync(() => {
     TestBed.configureTestingModule({
-      declarations: [AuthPasswordlessComponent],
+      declarations: [PasswordlessComponent],
     }).compileComponents();
   }));
 
   beforeEach(() => {
-    fixture = TestBed.createComponent(AuthPasswordlessComponent);
+    fixture = TestBed.createComponent(PasswordlessComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });
diff --git a/console/src/app/services/grpc-auth.service.ts b/console/src/app/services/grpc-auth.service.ts
index 198d048b6a..105cb62487 100644
--- a/console/src/app/services/grpc-auth.service.ts
+++ b/console/src/app/services/grpc-auth.service.ts
@@ -31,8 +31,6 @@ import {
   GetMyEmailRequest,
   GetMyEmailResponse,
   GetMyLabelPolicyRequest,
-  GetMyLoginPolicyRequest,
-  GetMyLoginPolicyResponse,
   GetMyPasswordComplexityPolicyRequest,
   GetMyPasswordComplexityPolicyResponse,
   GetMyPhoneRequest,
@@ -42,8 +40,6 @@ import {
   GetMyProfileResponse,
   GetMyUserRequest,
   GetMyUserResponse,
-  ListMyAuthFactorsRequest,
-  ListMyAuthFactorsResponse,
   ListMyLinkedIDPsRequest,
   ListMyLinkedIDPsResponse,
   ListMyMembershipsRequest,
@@ -62,14 +58,6 @@ import {
   ListMyUserSessionsResponse,
   ListMyZitadelPermissionsRequest,
   ListMyZitadelPermissionsResponse,
-  RemoveMyAuthFactorOTPEmailRequest,
-  RemoveMyAuthFactorOTPEmailResponse,
-  RemoveMyAuthFactorOTPRequest,
-  RemoveMyAuthFactorOTPResponse,
-  RemoveMyAuthFactorOTPSMSRequest,
-  RemoveMyAuthFactorOTPSMSResponse,
-  RemoveMyAuthFactorU2FRequest,
-  RemoveMyAuthFactorU2FResponse,
   RemoveMyAvatarRequest,
   RemoveMyAvatarResponse,
   RemoveMyLinkedIDPRequest,
@@ -357,10 +345,6 @@ export class GrpcAuthService {
     return this.grpcService.auth.getMyUser(new GetMyUserRequest(), null).then((resp) => resp.toObject());
   }
 
-  public listMyMultiFactors(): Promise<ListMyAuthFactorsResponse.AsObject> {
-    return this.grpcService.auth.listMyAuthFactors(new ListMyAuthFactorsRequest(), null).then((resp) => resp.toObject());
-  }
-
   public async revalidateOrgs() {
     const orgs = (await this.listMyProjectOrgs(ORG_LIMIT, 0)).resultList;
     this.cachedOrgs.next(orgs);
@@ -488,11 +472,6 @@ export class GrpcAuthService {
     return this.grpcService.auth.resendMyEmailVerification(req, null).then((resp) => resp.toObject());
   }
 
-  public getMyLoginPolicy(): Promise<GetMyLoginPolicyResponse.AsObject> {
-    const req = new GetMyLoginPolicyRequest();
-    return this.grpcService.auth.getMyLoginPolicy(req, null).then((resp) => resp.toObject());
-  }
-
   public removeMyPhone(): Promise<RemoveMyPhoneResponse.AsObject> {
     return this.grpcService.auth.removeMyPhone(new RemoveMyPhoneRequest(), null).then((resp) => resp.toObject());
   }
@@ -576,12 +555,6 @@ export class GrpcAuthService {
     return this.grpcService.auth.addMyAuthFactorU2F(new AddMyAuthFactorU2FRequest(), null).then((resp) => resp.toObject());
   }
 
-  public removeMyMultiFactorU2F(tokenId: string): Promise<RemoveMyAuthFactorU2FResponse.AsObject> {
-    const req = new RemoveMyAuthFactorU2FRequest();
-    req.setTokenId(tokenId);
-    return this.grpcService.auth.removeMyAuthFactorU2F(req, null).then((resp) => resp.toObject());
-  }
-
   public verifyMyMultiFactorU2F(credential: string, tokenname: string): Promise<VerifyMyAuthFactorU2FResponse.AsObject> {
     const req = new VerifyMyAuthFactorU2FRequest();
     const verification = new WebAuthNVerification();
@@ -626,24 +599,6 @@ export class GrpcAuthService {
     return this.grpcService.auth.addMyPasswordlessLink(req, null).then((resp) => resp.toObject());
   }
 
-  public removeMyMultiFactorOTP(): Promise<RemoveMyAuthFactorOTPResponse.AsObject> {
-    return this.grpcService.auth
-      .removeMyAuthFactorOTP(new RemoveMyAuthFactorOTPRequest(), null)
-      .then((resp) => resp.toObject());
-  }
-
-  public removeMyAuthFactorOTPSMS(): Promise<RemoveMyAuthFactorOTPSMSResponse.AsObject> {
-    return this.grpcService.auth
-      .removeMyAuthFactorOTPSMS(new RemoveMyAuthFactorOTPSMSRequest(), null)
-      .then((resp) => resp.toObject());
-  }
-
-  public removeMyAuthFactorOTPEmail(): Promise<RemoveMyAuthFactorOTPEmailResponse.AsObject> {
-    return this.grpcService.auth
-      .removeMyAuthFactorOTPEmail(new RemoveMyAuthFactorOTPEmailRequest(), null)
-      .then((resp) => resp.toObject());
-  }
-
   public verifyMyMultiFactorOTP(code: string): Promise<VerifyMyAuthFactorOTPResponse.AsObject> {
     const req = new VerifyMyAuthFactorOTPRequest();
     req.setCode(code);
diff --git a/console/src/app/services/new-auth.service.ts b/console/src/app/services/new-auth.service.ts
index 4827c0db31..4864d8d95f 100644
--- a/console/src/app/services/new-auth.service.ts
+++ b/console/src/app/services/new-auth.service.ts
@@ -1,9 +1,22 @@
 import { Injectable } from '@angular/core';
 import { GrpcService } from './grpc.service';
+import { create } from '@bufbuild/protobuf';
 import {
   AddMyAuthFactorOTPSMSResponse,
+  GetMyLoginPolicyResponse,
+  GetMyLoginPolicyRequestSchema,
   GetMyPasswordComplexityPolicyResponse,
   GetMyUserResponse,
+  ListMyAuthFactorsRequestSchema,
+  ListMyAuthFactorsResponse,
+  RemoveMyAuthFactorOTPEmailRequestSchema,
+  RemoveMyAuthFactorOTPEmailResponse,
+  RemoveMyAuthFactorOTPRequestSchema,
+  RemoveMyAuthFactorOTPResponse,
+  RemoveMyAuthFactorU2FRequestSchema,
+  RemoveMyAuthFactorU2FResponse,
+  RemoveMyAuthFactorOTPSMSRequestSchema,
+  RemoveMyAuthFactorOTPSMSResponse,
   ListMyMetadataResponse,
   VerifyMyPhoneResponse,
 } from '@zitadel/proto/zitadel/auth_pb';
@@ -30,6 +43,30 @@ export class NewAuthService {
     return this.grpcService.authNew.listMyMetadata({});
   }
 
+  public listMyMultiFactors(): Promise<ListMyAuthFactorsResponse> {
+    return this.grpcService.authNew.listMyAuthFactors(create(ListMyAuthFactorsRequestSchema), null);
+  }
+
+  public removeMyAuthFactorOTPSMS(): Promise<RemoveMyAuthFactorOTPSMSResponse> {
+    return this.grpcService.authNew.removeMyAuthFactorOTPSMS(create(RemoveMyAuthFactorOTPSMSRequestSchema), null);
+  }
+
+  public getMyLoginPolicy(): Promise<GetMyLoginPolicyResponse> {
+    return this.grpcService.authNew.getMyLoginPolicy(create(GetMyLoginPolicyRequestSchema), null);
+  }
+
+  public removeMyMultiFactorOTP(): Promise<RemoveMyAuthFactorOTPResponse> {
+    return this.grpcService.authNew.removeMyAuthFactorOTP(create(RemoveMyAuthFactorOTPRequestSchema), null);
+  }
+
+  public removeMyMultiFactorU2F(tokenId: string): Promise<RemoveMyAuthFactorU2FResponse> {
+    return this.grpcService.authNew.removeMyAuthFactorU2F(create(RemoveMyAuthFactorU2FRequestSchema, { tokenId }), null);
+  }
+
+  public removeMyAuthFactorOTPEmail(): Promise<RemoveMyAuthFactorOTPEmailResponse> {
+    return this.grpcService.authNew.removeMyAuthFactorOTPEmail(create(RemoveMyAuthFactorOTPEmailRequestSchema), null);
+  }
+
   public getMyPasswordComplexityPolicy(): Promise<GetMyPasswordComplexityPolicyResponse> {
     return this.grpcService.authNew.getMyPasswordComplexityPolicy({});
   }
diff --git a/console/yarn.lock b/console/yarn.lock
index 2e586abedb..3763923846 100644
--- a/console/yarn.lock
+++ b/console/yarn.lock
@@ -6038,7 +6038,7 @@ istanbul-lib-coverage@^3.0.0, istanbul-lib-coverage@^3.2.0:
   resolved "https://registry.yarnpkg.com/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz#2d166c4b0644d43a39f04bf6c2edd1e585f31756"
   integrity sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==
 
-istanbul-lib-instrument@^5.0.4:
+istanbul-lib-instrument@^5.0.4, istanbul-lib-instrument@^5.1.0:
   version "5.2.1"
   resolved "https://registry.yarnpkg.com/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz#d10c8885c2125574e1c231cacadf955675e1ce3d"
   integrity sha512-pzqtp31nLv/XFOzXGuvhCb8qhjmTVo5vjVk19XE4CRlSWz0KoeJ3bw9XsA7nOp9YBf4qHjwBxkDzKcME/J29Yg==
@@ -6069,7 +6069,16 @@ istanbul-lib-source-maps@^3.0.6:
     rimraf "^2.6.3"
     source-map "^0.6.1"
 
-istanbul-reports@^3.0.2:
+istanbul-lib-source-maps@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz#895f3a709fcfba34c6de5a42939022f3e4358551"
+  integrity sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==
+  dependencies:
+    debug "^4.1.1"
+    istanbul-lib-coverage "^3.0.0"
+    source-map "^0.6.1"
+
+istanbul-reports@^3.0.2, istanbul-reports@^3.0.5:
   version "3.1.7"
   resolved "https://registry.yarnpkg.com/istanbul-reports/-/istanbul-reports-3.1.7.tgz#daed12b9e1dca518e15c056e1e537e741280fa0b"
   integrity sha512-BewmUXImeuRk2YY0PVbxgKAysvhRPUQE0h5QRM++nVWyubKGV0l8qQ5op8+B2DOmwSe63Jivj0BjkPQVf8fP5g==
@@ -6279,6 +6288,18 @@ karma-coverage-istanbul-reporter@^3.0.3:
     istanbul-reports "^3.0.2"
     minimatch "^3.0.4"
 
+karma-coverage@^2.2.1:
+  version "2.2.1"
+  resolved "https://registry.yarnpkg.com/karma-coverage/-/karma-coverage-2.2.1.tgz#e1cc074f93ace9dc4fb7e7aeca7135879c2e358c"
+  integrity sha512-yj7hbequkQP2qOSb20GuNSIyE//PgJWHwC2IydLE6XRtsnaflv+/OSGNssPjobYUlhVVagy99TQpqUt3vAUG7A==
+  dependencies:
+    istanbul-lib-coverage "^3.2.0"
+    istanbul-lib-instrument "^5.1.0"
+    istanbul-lib-report "^3.0.0"
+    istanbul-lib-source-maps "^4.0.1"
+    istanbul-reports "^3.0.5"
+    minimatch "^3.0.4"
+
 karma-jasmine-html-reporter@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/karma-jasmine-html-reporter/-/karma-jasmine-html-reporter-2.1.0.tgz#f951ad00b08d61d03595402c914d1a589c4930e3"

From 6aeaa89c2564b237161fc30289dc831b0d30b0b4 Mon Sep 17 00:00:00 2001
From: Stygmates <styg.tan.dat@gmail.com>
Date: Wed, 4 Jun 2025 13:31:54 +0200
Subject: [PATCH 087/123] feat: Display Authentication Method Name on
 Application Page (#9639)

# Which Problems Are Solved

The Authentication Method name is currently not displayed on the
Application Page, this screenshot is taken from the linked issue:

<img width="946" alt="417991175-a6c8497f-9c4f-4042-8ffa-c5f995ab5039"
src="https://github.com/user-attachments/assets/aea0e956-27e3-4e32-bcb1-0a7456480084"
/>


I can also add other fields if necessary, but the layout may need to be
redesigned to keep a good looking UI since there are already a lot of
fields.

# How the Problems Are Solved

Display the Authentication Method name between the `Status` and the `ID`
fields from either the `oidcConfig` or the `apiConfig` objects.

Here are some screenshots of the result:

None:


![image](https://github.com/user-attachments/assets/776dc3db-5196-413e-bff4-38f1a149f5c5)

Private JWT:


![image](https://github.com/user-attachments/assets/e9279143-1c92-4932-a271-c0865393384c)

Post:


![image](https://github.com/user-attachments/assets/486ca69b-715d-4681-8b5b-5db47ff2cbf1)

API Basic:


![image](https://github.com/user-attachments/assets/3ad923f1-642b-400b-a38a-818c1ce3534e)

# Additional Changes

None

# Additional Context

- Closes #9435

---------

Co-authored-by: Ramon <mail@conblem.me>
---
 .../modules/info-row/info-row.component.html  | 111 ++++++++++--------
 1 file changed, 62 insertions(+), 49 deletions(-)

diff --git a/console/src/app/modules/info-row/info-row.component.html b/console/src/app/modules/info-row/info-row.component.html
index 52bd6b93ba..1acd013fbe 100644
--- a/console/src/app/modules/info-row/info-row.component.html
+++ b/console/src/app/modules/info-row/info-row.component.html
@@ -2,7 +2,7 @@
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'USER.PAGES.STATE' | translate }}</p>
     <p
-      *ngIf="user && user.state !== undefined"
+      *ngIf="user?.state"
       class="state"
       [ngClass]="{
         active: user.state === UserState.USER_STATE_ACTIVE,
@@ -53,7 +53,7 @@
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'IAM.PAGES.STATE' | translate }}</p>
     <p
-      *ngIf="instance && instance.state !== undefined"
+      *ngIf="instance?.state"
       class="state"
       [ngClass]="{
         active: instance.state === State.INSTANCE_STATE_RUNNING,
@@ -66,17 +66,17 @@
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'RESOURCEID' | translate }}</p>
-    <p *ngIf="instance && instance.id" class="info-row-desc">{{ instance.id }}</p>
+    <p *ngIf="instance?.id" class="info-row-desc">{{ instance.id }}</p>
   </div>
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'NAME' | translate }}</p>
-    <p *ngIf="instance && instance.name" class="info-row-desc">{{ instance.name }}</p>
+    <p *ngIf="instance?.name" class="info-row-desc">{{ instance.name }}</p>
   </div>
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'VERSION' | translate }}</p>
-    <p *ngIf="instance && instance.version" class="info-row-desc">{{ instance.version }}</p>
+    <p *ngIf="instance?.version" class="info-row-desc">{{ instance.version }}</p>
   </div>
 
   <div class="info-wrapper width">
@@ -96,15 +96,15 @@
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'ORG.PAGES.CREATIONDATE' | translate }}</p>
-    <p *ngIf="instance && instance.details && instance.details.creationDate" class="info-row-desc">
-      {{ instance.details.creationDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
+    <p *ngIf="instance?.details?.creationDate as creationDate" class="info-row-desc">
+      {{ creationDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
     </p>
   </div>
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'ORG.PAGES.DATECHANGED' | translate }}</p>
-    <p *ngIf="instance && instance.details && instance.details.changeDate" class="info-row-desc">
-      {{ instance.details.changeDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
+    <p *ngIf="instance?.details?.changeDate as changeDate" class="info-row-desc">
+      {{ changeDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
     </p>
   </div>
 </div>
@@ -113,7 +113,7 @@
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'ORG.PAGES.STATE' | translate }}</p>
     <p
-      *ngIf="org && org.state !== undefined"
+      *ngIf="org?.state"
       class="state"
       [ngClass]="{ active: org.state === OrgState.ORG_STATE_ACTIVE, inactive: org.state === OrgState.ORG_STATE_INACTIVE }"
     >
@@ -123,7 +123,7 @@
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'RESOURCEID' | translate }}</p>
-    <p *ngIf="org && org.id" class="info-row-desc">{{ org.id }}</p>
+    <p *ngIf="org?.id" class="info-row-desc">{{ org.id }}</p>
   </div>
 
   <div class="info-wrapper width">
@@ -143,15 +143,15 @@
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'ORG.PAGES.CREATIONDATE' | translate }}</p>
-    <p *ngIf="org && org.details && org.details.creationDate" class="info-row-desc">
-      {{ org.details.creationDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
+    <p *ngIf="org?.details?.creationDate as creationDate" class="info-row-desc">
+      {{ creationDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
     </p>
   </div>
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'ORG.PAGES.DATECHANGED' | translate }}</p>
-    <p *ngIf="org && org.details && org.details.changeDate" class="info-row-desc">
-      {{ org.details.changeDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
+    <p *ngIf="org?.details?.changeDate as changeDate" class="info-row-desc">
+      {{ changeDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
     </p>
   </div>
 </div>
@@ -160,7 +160,7 @@
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'PROJECT.STATE.TITLE' | translate }}</p>
     <p
-      *ngIf="project && project.state !== undefined"
+      *ngIf="project?.state"
       class="state"
       [ngClass]="{
         active: project.state === ProjectState.PROJECT_STATE_ACTIVE,
@@ -173,20 +173,20 @@
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'RESOURCEID' | translate }}</p>
-    <p *ngIf="project && project.id" class="info-row-desc">{{ project.id }}</p>
+    <p *ngIf="project?.id" class="info-row-desc">{{ project.id }}</p>
   </div>
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'PROJECT.PAGES.CREATEDON' | translate }}</p>
-    <p *ngIf="project && project.details && project.details.creationDate" class="info-row-desc">
-      {{ project.details.creationDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
+    <p *ngIf="project?.details?.creationDate as creationDate" class="info-row-desc">
+      {{ creationDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
     </p>
   </div>
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'PROJECT.PAGES.LASTMODIFIED' | translate }}</p>
-    <p *ngIf="project && project.details && project.details.changeDate" class="info-row-desc">
-      {{ project.details.changeDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
+    <p *ngIf="project?.details?.changeDate as changeDate" class="info-row-desc">
+      {{ changeDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
     </p>
   </div>
 </div>
@@ -195,7 +195,7 @@
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'PROJECT.STATE.TITLE' | translate }}</p>
     <p
-      *ngIf="grantedProject && grantedProject.state !== undefined"
+      *ngIf="grantedProject?.state"
       class="state"
       [ngClass]="{
         active: grantedProject.state === ProjectGrantState.PROJECT_GRANT_STATE_ACTIVE,
@@ -208,25 +208,25 @@
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'RESOURCEID' | translate }}</p>
-    <p *ngIf="grantedProject && grantedProject.projectId" class="info-row-desc">{{ grantedProject.projectId }}</p>
+    <p *ngIf="grantedProject?.projectId" class="info-row-desc">{{ grantedProject.projectId }}</p>
   </div>
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'PROJECT.GRANT.GRANTID' | translate }}</p>
-    <p *ngIf="grantedProject && grantedProject.grantId" class="info-row-desc">{{ grantedProject.grantId }}</p>
+    <p *ngIf="grantedProject?.grantId" class="info-row-desc">{{ grantedProject.grantId }}</p>
   </div>
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'PROJECT.PAGES.CREATEDON' | translate }}</p>
-    <p *ngIf="grantedProject && grantedProject.details && grantedProject.details.creationDate" class="info-row-desc">
-      {{ grantedProject.details.creationDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
+    <p *ngIf="grantedProject?.details?.creationDate as creationDate" class="info-row-desc">
+      {{ creationDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
     </p>
   </div>
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'PROJECT.PAGES.LASTMODIFIED' | translate }}</p>
-    <p *ngIf="grantedProject && grantedProject.details && grantedProject.details.changeDate" class="info-row-desc">
-      {{ grantedProject.details.changeDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
+    <p *ngIf="grantedProject?.details?.changeDate as changeDate" class="info-row-desc">
+      {{ changeDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
     </p>
   </div>
 </div>
@@ -236,30 +236,43 @@
     <div class="info-wrapper">
       <p class="info-row-title">{{ 'APP.PAGES.STATE' | translate }}</p>
       <p
-        *ngIf="app && app.state !== undefined"
+        *ngIf="app?.state"
         class="state"
         [ngClass]="{ active: app.state === AppState.APP_STATE_ACTIVE, inactive: app.state === AppState.APP_STATE_INACTIVE }"
       >
         {{ 'APP.PAGES.DETAIL.STATE.' + app.state | translate }}
       </p>
     </div>
+    <div class="info-wrapper" *ngIf="app?.apiConfig?.authMethodType as authMethodType">
+      <p class="info-row-title">{{ 'APP.AUTHMETHOD' | translate }}</p>
+      <p class="info-row-desc">
+        {{ 'APP.API.AUTHMETHOD.' + authMethodType | translate }}
+      </p>
+    </div>
+
+    <div class="info-wrapper" *ngIf="app?.oidcConfig?.authMethodType as authMethodType">
+      <p class="info-row-title">{{ 'APP.AUTHMETHOD' | translate }}</p>
+      <p class="info-row-desc">
+        {{ 'APP.OIDC.AUTHMETHOD.' + authMethodType | translate }}
+      </p>
+    </div>
 
     <div class="info-wrapper">
       <p class="info-row-title">{{ 'APP.PAGES.ID' | translate }}</p>
-      <p *ngIf="app && app.id" class="info-row-desc">{{ app.id }}</p>
+      <p *ngIf="app?.id" class="info-row-desc">{{ app.id }}</p>
     </div>
 
     <div class="info-wrapper">
       <p class="info-row-title">{{ 'APP.PAGES.DATECREATED' | translate }}</p>
-      <p *ngIf="app && app.details && app.details.creationDate" class="info-row-desc">
-        {{ app.details.creationDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
+      <p *ngIf="app?.details?.creationDate as creationDate" class="info-row-desc">
+        {{ creationDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
       </p>
     </div>
 
     <div class="info-wrapper">
       <p class="info-row-title">{{ 'APP.PAGES.DATECHANGED' | translate }}</p>
-      <p *ngIf="app && app.details && app.details.changeDate" class="info-row-desc">
-        {{ app.details.changeDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
+      <p *ngIf="app?.details?.changeDate as changeDate" class="info-row-desc">
+        {{ changeDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
       </p>
     </div>
 
@@ -267,27 +280,27 @@
       <p class="info-row-title">{{ 'APP.OIDC.INFO.CLIENTID' | translate }}</p>
       <div class="copy-row" *ngIf="app.oidcConfig?.clientId">
         <button
-          *ngIf="app.oidcConfig && app.oidcConfig?.clientId"
-          [disabled]="copied === app.oidcConfig.clientId"
-          [matTooltip]="(copied !== app.oidcConfig.clientId ? 'ACTIONS.COPY' : 'ACTIONS.COPIED') | translate"
+          *ngIf="app.oidcConfig?.clientId as clientId"
+          [disabled]="copied === clientId"
+          [matTooltip]="(copied !== clientId ? 'ACTIONS.COPY' : 'ACTIONS.COPIED') | translate"
           cnslCopyToClipboard
-          [valueToCopy]="app.oidcConfig.clientId"
+          [valueToCopy]="clientId"
           (copiedValue)="copied = $event"
         >
-          {{ app.oidcConfig.clientId }}
+          {{ clientId }}
         </button>
       </div>
 
       <div class="copy-row" *ngIf="app.apiConfig?.clientId">
         <button
-          *ngIf="app && app.apiConfig && app.apiConfig.clientId"
-          [disabled]="copied === app.apiConfig.clientId"
-          [matTooltip]="(copied !== app.apiConfig.clientId ? 'ACTIONS.COPY' : 'ACTIONS.COPIED') | translate"
+          *ngIf="app.apiConfig?.clientId as clientId"
+          [disabled]="copied === clientId"
+          [matTooltip]="(copied !== clientId ? 'ACTIONS.COPY' : 'ACTIONS.COPIED') | translate"
           cnslCopyToClipboard
-          [valueToCopy]="app.apiConfig.clientId"
+          [valueToCopy]="clientId"
           (copiedValue)="copied = $event"
         >
-          {{ app.apiConfig.clientId }}
+          {{ clientId }}
         </button>
       </div>
     </div>
@@ -304,22 +317,22 @@
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'IDP.DETAIL.DATECREATED' | translate }}</p>
-    <p class="info-row-desc" *ngIf="idp && idp.details && idp.details.creationDate">
-      {{ idp.details.creationDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
+    <p class="info-row-desc" *ngIf="idp?.details?.creationDate as creationDate">
+      {{ creationDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
     </p>
   </div>
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'IDP.DETAIL.DATECHANGED' | translate }}</p>
-    <p class="info-row-desc" *ngIf="idp && idp.details && idp.details.changeDate">
-      {{ idp.details.changeDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
+    <p class="info-row-desc" *ngIf="idp?.details?.changeDate as changeDate">
+      {{ changeDate | timestampToDate | localizedDate: 'dd. MMMM YYYY, HH:mm' }}
     </p>
   </div>
 
   <div class="info-wrapper">
     <p class="info-row-title">{{ 'IDP.STATE' | translate }}</p>
     <p
-      *ngIf="idp && idp.state !== undefined"
+      *ngIf="idp?.state"
       class="state"
       [ngClass]="{ active: idp.state === IDPState.IDP_STATE_ACTIVE, inactive: idp.state === IDPState.IDP_STATE_INACTIVE }"
     >

From 85e3b7449c417a238e12bac2b312ce4d58905804 Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Wed, 4 Jun 2025 13:46:10 +0200
Subject: [PATCH 088/123] fix: correct permissions for projects on v2 api
 (#9973)

# Which Problems Are Solved

Permission checks in project v2beta API did not cover projects and
granted projects correctly.

# How the Problems Are Solved

Add permission checks v1 correctly to the list queries, add correct
permission checks v2 for projects.

# Additional Changes

Correct Pre-Checks for project grants that the right resource owner is
used.

# Additional Context

Permission checks v2 for project grants is still outstanding under
#9972.
---
 internal/api/grpc/management/project_grant.go |   4 +-
 .../v2beta/integration/project_grant_test.go  |  65 ++-
 .../v2beta/integration/project_test.go        |  65 +++
 .../project/v2beta/integration/query_test.go  | 182 ++++++-
 .../api/grpc/project/v2beta/project_grant.go  |  10 +-
 internal/command/permission_checks.go         |  18 +-
 internal/command/project_grant.go             | 116 +++--
 internal/command/project_grant_model.go       |  62 +--
 internal/command/project_grant_test.go        | 444 +++++++++++++++++-
 internal/command/project_old.go               |   2 +-
 internal/domain/roles.go                      |   1 +
 internal/integration/client.go                |  18 +
 internal/query/project.go                     |  48 +-
 internal/query/project_grant.go               |  15 +-
 internal/query/project_role.go                |   2 +-
 15 files changed, 950 insertions(+), 102 deletions(-)

diff --git a/internal/api/grpc/management/project_grant.go b/internal/api/grpc/management/project_grant.go
index e9313c1327..d84375818d 100644
--- a/internal/api/grpc/management/project_grant.go
+++ b/internal/api/grpc/management/project_grant.go
@@ -109,7 +109,7 @@ func (s *Server) UpdateProjectGrant(ctx context.Context, req *mgmt_pb.UpdateProj
 }
 
 func (s *Server) DeactivateProjectGrant(ctx context.Context, req *mgmt_pb.DeactivateProjectGrantRequest) (*mgmt_pb.DeactivateProjectGrantResponse, error) {
-	details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, req.GrantId, authz.GetCtxData(ctx).OrgID)
+	details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, req.GrantId, "", authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
@@ -119,7 +119,7 @@ func (s *Server) DeactivateProjectGrant(ctx context.Context, req *mgmt_pb.Deacti
 }
 
 func (s *Server) ReactivateProjectGrant(ctx context.Context, req *mgmt_pb.ReactivateProjectGrantRequest) (*mgmt_pb.ReactivateProjectGrantResponse, error) {
-	details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, req.GrantId, authz.GetCtxData(ctx).OrgID)
+	details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, req.GrantId, "", authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/api/grpc/project/v2beta/integration/project_grant_test.go b/internal/api/grpc/project/v2beta/integration/project_grant_test.go
index 8500f24d56..34fa10e3de 100644
--- a/internal/api/grpc/project/v2beta/integration/project_grant_test.go
+++ b/internal/api/grpc/project/v2beta/integration/project_grant_test.go
@@ -169,6 +169,12 @@ func TestServer_CreateProjectGrant_Permission(t *testing.T) {
 	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
 
+	userResp := instance.CreateMachineUser(iamOwnerCtx)
+	patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
+	projectResp := createProject(iamOwnerCtx, instance, t, instance.DefaultOrg.GetId(), false, false)
+	instance.CreateProjectMembership(t, iamOwnerCtx, projectResp.GetId(), userResp.GetUserId())
+	projectOwnerCtx := integration.WithAuthorizationToken(CTX, patResp.Token)
+
 	type want struct {
 		creationDate bool
 	}
@@ -206,6 +212,33 @@ func TestServer_CreateProjectGrant_Permission(t *testing.T) {
 			req:     &project.CreateProjectGrantRequest{},
 			wantErr: true,
 		},
+		{
+			name: "project owner, other project",
+			ctx:  projectOwnerCtx,
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
+				grantedOrgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+
+				request.ProjectId = projectResp.GetId()
+				request.GrantedOrganizationId = grantedOrgResp.GetOrganizationId()
+			},
+			req:     &project.CreateProjectGrantRequest{},
+			wantErr: true,
+		},
+		{
+			name: "project owner, ok",
+			ctx:  projectOwnerCtx,
+			prepare: func(request *project.CreateProjectGrantRequest) {
+				request.ProjectId = projectResp.GetId()
+
+				grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+				request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
+			},
+			req: &project.CreateProjectGrantRequest{},
+			want: want{
+				creationDate: true,
+			},
+		},
 		{
 			name: "organization owner, other org",
 			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
@@ -405,6 +438,13 @@ func TestServer_UpdateProjectGrant_Permission(t *testing.T) {
 	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
 
+	userResp := instance.CreateMachineUser(iamOwnerCtx)
+	patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
+	projectID := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false).GetId()
+	instance.CreateProjectGrant(iamOwnerCtx, t, projectID, orgResp.GetOrganizationId())
+	instance.CreateProjectGrantMembership(t, iamOwnerCtx, projectID, orgResp.GetOrganizationId(), userResp.GetUserId())
+	projectGrantOwnerCtx := integration.WithAuthorizationToken(CTX, patResp.Token)
+
 	type args struct {
 		ctx context.Context
 		req *project.UpdateProjectGrantRequest
@@ -458,6 +498,25 @@ func TestServer_UpdateProjectGrant_Permission(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "project grant owner, no permission",
+			prepare: func(request *project.UpdateProjectGrantRequest) {
+				roles := []string{gofakeit.Animal(), gofakeit.Animal(), gofakeit.Animal()}
+				request.ProjectId = projectID
+				request.GrantedOrganizationId = orgResp.GetOrganizationId()
+
+				for _, role := range roles {
+					instance.AddProjectRole(iamOwnerCtx, t, projectID, role, role, "")
+				}
+
+				request.RoleKeys = roles
+			},
+			args: args{
+				ctx: projectGrantOwnerCtx,
+				req: &project.UpdateProjectGrantRequest{},
+			},
+			wantErr: true,
+		},
 		{
 			name: "organization owner, other org",
 			prepare: func(request *project.UpdateProjectGrantRequest) {
@@ -598,7 +657,7 @@ func TestServer_DeleteProjectGrant(t *testing.T) {
 				ProjectId:             "notexisting",
 				GrantedOrganizationId: "notexisting",
 			},
-			wantErr: true,
+			wantDeletionDate: false,
 		},
 		{
 			name: "delete",
@@ -650,8 +709,8 @@ func TestServer_DeleteProjectGrant(t *testing.T) {
 				instance.DeleteProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
 				return creationDate, time.Now().UTC()
 			},
-			req:     &project.DeleteProjectGrantRequest{},
-			wantErr: true,
+			req:              &project.DeleteProjectGrantRequest{},
+			wantDeletionDate: true,
 		},
 	}
 	for _, tt := range tests {
diff --git a/internal/api/grpc/project/v2beta/integration/project_test.go b/internal/api/grpc/project/v2beta/integration/project_test.go
index 6c0a5c96f6..5412f6eb58 100644
--- a/internal/api/grpc/project/v2beta/integration/project_test.go
+++ b/internal/api/grpc/project/v2beta/integration/project_test.go
@@ -300,6 +300,12 @@ func TestServer_UpdateProject_Permission(t *testing.T) {
 	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
 
+	userResp := instance.CreateMachineUser(iamOwnerCtx)
+	patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
+	projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+	instance.CreateProjectMembership(t, iamOwnerCtx, projectID, userResp.GetUserId())
+	projectOwnerCtx := integration.WithAuthorizationToken(CTX, patResp.Token)
+
 	type args struct {
 		ctx context.Context
 		req *project.UpdateProjectRequest
@@ -343,6 +349,36 @@ func TestServer_UpdateProject_Permission(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "project owner, no permission",
+			prepare: func(request *project.UpdateProjectRequest) {
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+			},
+			args: args{
+				ctx: projectOwnerCtx,
+				req: &project.UpdateProjectRequest{
+					Name: gu.Ptr(gofakeit.AppName()),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: " roject owner, ok",
+			prepare: func(request *project.UpdateProjectRequest) {
+				request.Id = projectID
+			},
+			args: args{
+				ctx: projectOwnerCtx,
+				req: &project.UpdateProjectRequest{
+					Name: gu.Ptr(gofakeit.AppName()),
+				},
+			},
+			want: want{
+				change:     true,
+				changeDate: true,
+			},
+		},
 		{
 			name: "missing permission, other organization",
 			prepare: func(request *project.UpdateProjectRequest) {
@@ -499,6 +535,12 @@ func TestServer_DeleteProject_Permission(t *testing.T) {
 	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 	orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
 
+	userResp := instance.CreateMachineUser(iamOwnerCtx)
+	patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
+	projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+	instance.CreateProjectMembership(t, iamOwnerCtx, projectID, userResp.GetUserId())
+	projectOwnerCtx := integration.WithAuthorizationToken(CTX, patResp.Token)
+
 	tests := []struct {
 		name             string
 		ctx              context.Context
@@ -531,6 +573,29 @@ func TestServer_DeleteProject_Permission(t *testing.T) {
 			req:     &project.DeleteProjectRequest{},
 			wantErr: true,
 		},
+		{
+			name: "project owner, no permission",
+			ctx:  projectOwnerCtx,
+			prepare: func(request *project.DeleteProjectRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
+				request.Id = projectID
+				return creationDate, time.Time{}
+			},
+			req:     &project.DeleteProjectRequest{},
+			wantErr: true,
+		},
+		{
+			name: "project owner, ok",
+			ctx:  projectOwnerCtx,
+			prepare: func(request *project.DeleteProjectRequest) (time.Time, time.Time) {
+				creationDate := time.Now().UTC()
+				request.Id = projectID
+				return creationDate, time.Time{}
+			},
+			req:              &project.DeleteProjectRequest{},
+			wantDeletionDate: true,
+		},
 		{
 			name: "organization owner, other org",
 			ctx:  instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
diff --git a/internal/api/grpc/project/v2beta/integration/query_test.go b/internal/api/grpc/project/v2beta/integration/query_test.go
index 517f103628..fc153f0130 100644
--- a/internal/api/grpc/project/v2beta/integration/query_test.go
+++ b/internal/api/grpc/project/v2beta/integration/query_test.go
@@ -148,6 +148,14 @@ func TestServer_GetProject(t *testing.T) {
 
 func TestServer_ListProjects(t *testing.T) {
 	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+
+	userResp := instance.CreateMachineUser(iamOwnerCtx)
+	patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
+	projectResp := createProject(iamOwnerCtx, instance, t, instance.DefaultOrg.GetId(), false, false)
+	instance.CreateProjectMembership(t, iamOwnerCtx, projectResp.GetId(), userResp.GetUserId())
+	grantedProjectResp := createGrantedProject(iamOwnerCtx, instance, t, projectResp)
+	projectOwnerCtx := integration.WithAuthorizationToken(CTX, patResp.Token)
+
 	type args struct {
 		ctx context.Context
 		dep func(*project.ListProjectsRequest, *project.ListProjectsResponse)
@@ -370,6 +378,39 @@ func TestServer_ListProjects(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "list multiple id, limited permissions, project owner",
+			args: args{
+				ctx: projectOwnerCtx,
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					orgID := instance.DefaultOrg.GetId()
+					orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					resp1 := createProject(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), false, false)
+					resp2 := createProject(iamOwnerCtx, instance, t, orgID, true, false)
+					resp3 := createProject(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), false, true)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{resp1.GetId(), resp2.GetId(), resp3.GetId(), projectResp.GetId()},
+						},
+					}
+					response.Projects[0] = grantedProjectResp
+					response.Projects[1] = projectResp
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  5,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+					{},
+				},
+			},
+		},
 		{
 			name: "list project and granted projects",
 			args: args{
@@ -462,6 +503,51 @@ func TestServer_ListProjects(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "list granted project, project id",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					orgID := instance.DefaultOrg.GetId()
+
+					orgName := gofakeit.AppName()
+					projectName := gofakeit.AppName()
+					orgResp := instance.CreateOrganization(iamOwnerCtx, orgName, gofakeit.Email())
+					projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), projectName, true, true)
+					projectGrantResp := instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), orgID)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{ProjectIds: []string{projectResp.GetId()}},
+					}
+					response.Projects[0] = &project.Project{
+						Id:                      projectResp.GetId(),
+						Name:                    projectName,
+						OrganizationId:          orgResp.GetOrganizationId(),
+						CreationDate:            projectGrantResp.GetCreationDate(),
+						ChangeDate:              projectGrantResp.GetCreationDate(),
+						State:                   1,
+						ProjectRoleAssertion:    false,
+						ProjectAccessRequired:   true,
+						AuthorizationRequired:   true,
+						PrivateLabelingSetting:  project.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED,
+						GrantedOrganizationId:   gu.Ptr(orgID),
+						GrantedOrganizationName: gu.Ptr(instance.DefaultOrg.GetName()),
+						GrantedState:            1,
+					}
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  2,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{
+					{},
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -791,6 +877,53 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
 				},
 			},
 		},
+		// TODO: correct when permission check is added for project grants https://github.com/zitadel/zitadel/issues/9972
+		{
+			name: "list granted project, project id",
+			args: args{
+				ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+				dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
+					orgID := instancePermissionV2.DefaultOrg.GetId()
+
+					orgName := gofakeit.AppName()
+					projectName := gofakeit.AppName()
+					orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, orgName, gofakeit.Email())
+					projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), projectName, true, true)
+					// projectGrantResp :=
+					instancePermissionV2.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), orgID)
+					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{ProjectIds: []string{projectResp.GetId()}},
+					}
+					/*
+						response.Projects[0] = &project.Project{
+							Id:                      projectResp.GetId(),
+							Name:                    projectName,
+							OrganizationId:          orgResp.GetOrganizationId(),
+							CreationDate:            projectGrantResp.GetCreationDate(),
+							ChangeDate:              projectGrantResp.GetCreationDate(),
+							State:                   1,
+							ProjectRoleAssertion:    false,
+							ProjectAccessRequired:   true,
+							AuthorizationRequired:   true,
+							PrivateLabelingSetting:  project.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED,
+							GrantedOrganizationId:   gu.Ptr(orgID),
+							GrantedOrganizationName: gu.Ptr(instancePermissionV2.DefaultOrg.GetName()),
+							GrantedState:            1,
+						}
+					*/
+				},
+				req: &project.ListProjectsRequest{
+					Filters: []*project.ProjectSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  0,
+					AppliedLimit: 100,
+				},
+				Projects: []*project.Project{},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -865,6 +998,14 @@ func assertPaginationResponse(t *assert.CollectT, expected *filter.PaginationRes
 
 func TestServer_ListProjectGrants(t *testing.T) {
 	iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+
+	userResp := instance.CreateMachineUser(iamOwnerCtx)
+	patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
+	projectResp := createProject(iamOwnerCtx, instance, t, instance.DefaultOrg.GetId(), false, false)
+	projectGrantResp := createProjectGrant(iamOwnerCtx, instance, t, instance.DefaultOrg.GetId(), projectResp.GetId(), projectResp.GetName())
+	instance.CreateProjectGrantMembership(t, iamOwnerCtx, projectResp.GetId(), projectGrantResp.GetGrantedOrganizationId(), userResp.GetUserId())
+	projectGrantOwnerCtx := integration.WithAuthorizationToken(CTX, patResp.Token)
+
 	type args struct {
 		ctx context.Context
 		dep func(*project.ListProjectGrantsRequest, *project.ListProjectGrantsResponse)
@@ -1071,7 +1212,46 @@ func TestServer_ListProjectGrants(t *testing.T) {
 					{},
 				},
 			},
-		}, {
+		},
+		{
+			name: "list multiple id, limited permissions, project grant owner",
+			args: args{
+				ctx: projectGrantOwnerCtx,
+				dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
+					name1 := gofakeit.AppName()
+					name2 := gofakeit.AppName()
+					name3 := gofakeit.AppName()
+					orgID := instance.DefaultOrg.GetId()
+					orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
+					project1Resp := instance.CreateProject(iamOwnerCtx, t, orgID, name1, false, false)
+					project2Resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name2, false, false)
+					project3Resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name3, false, false)
+					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
+						InProjectIdsFilter: &project.InProjectIDsFilter{
+							ProjectIds: []string{project1Resp.GetId(), project2Resp.GetId(), project3Resp.GetId(), projectResp.GetId()},
+						},
+					}
+
+					createProjectGrant(iamOwnerCtx, instance, t, orgID, project1Resp.GetId(), name1)
+					createProjectGrant(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), project2Resp.GetId(), name2)
+					createProjectGrant(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), project3Resp.GetId(), name3)
+					response.ProjectGrants[0] = projectGrantResp
+				},
+				req: &project.ListProjectGrantsRequest{
+					Filters: []*project.ProjectGrantSearchFilter{{}},
+				},
+			},
+			want: &project.ListProjectGrantsResponse{
+				Pagination: &filter.PaginationResponse{
+					TotalResult:  4,
+					AppliedLimit: 100,
+				},
+				ProjectGrants: []*project.ProjectGrant{
+					{},
+				},
+			},
+		},
+		{
 			name: "list single id with role",
 			args: args{
 				ctx: iamOwnerCtx,
diff --git a/internal/api/grpc/project/v2beta/project_grant.go b/internal/api/grpc/project/v2beta/project_grant.go
index c1c20d9cbc..6c3b195c66 100644
--- a/internal/api/grpc/project/v2beta/project_grant.go
+++ b/internal/api/grpc/project/v2beta/project_grant.go
@@ -56,13 +56,13 @@ func projectGrantUpdateToCommand(req *project_pb.UpdateProjectGrantRequest) *com
 		ObjectRoot: models.ObjectRoot{
 			AggregateID: req.ProjectId,
 		},
-		GrantID:  req.GrantedOrganizationId,
-		RoleKeys: req.RoleKeys,
+		GrantedOrgID: req.GrantedOrganizationId,
+		RoleKeys:     req.RoleKeys,
 	}
 }
 
 func (s *Server) DeactivateProjectGrant(ctx context.Context, req *project_pb.DeactivateProjectGrantRequest) (*project_pb.DeactivateProjectGrantResponse, error) {
-	details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "")
+	details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, "", req.GrantedOrganizationId, "")
 	if err != nil {
 		return nil, err
 	}
@@ -76,7 +76,7 @@ func (s *Server) DeactivateProjectGrant(ctx context.Context, req *project_pb.Dea
 }
 
 func (s *Server) ActivateProjectGrant(ctx context.Context, req *project_pb.ActivateProjectGrantRequest) (*project_pb.ActivateProjectGrantResponse, error) {
-	details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "")
+	details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, "", req.GrantedOrganizationId, "")
 	if err != nil {
 		return nil, err
 	}
@@ -94,7 +94,7 @@ func (s *Server) DeleteProjectGrant(ctx context.Context, req *project_pb.DeleteP
 	if err != nil {
 		return nil, err
 	}
-	details, err := s.command.RemoveProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "", userGrantIDs...)
+	details, err := s.command.DeleteProjectGrant(ctx, req.ProjectId, "", req.GrantedOrganizationId, "", userGrantIDs...)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/command/permission_checks.go b/internal/command/permission_checks.go
index 253b6ee72a..6bfeaae219 100644
--- a/internal/command/permission_checks.go
+++ b/internal/command/permission_checks.go
@@ -68,6 +68,20 @@ func (c *Commands) checkPermissionUpdateProject(ctx context.Context, resourceOwn
 	return c.newPermissionCheck(ctx, domain.PermissionProjectWrite, project.AggregateType)(resourceOwner, projectID)
 }
 
-func (c *Commands) checkPermissionWriteProjectGrant(ctx context.Context, resourceOwner, projectGrantID string) error {
-	return c.newPermissionCheck(ctx, domain.PermissionProjectGrantWrite, project.AggregateType)(resourceOwner, projectGrantID)
+func (c *Commands) checkPermissionUpdateProjectGrant(ctx context.Context, resourceOwner, projectID, projectGrantID string) (err error) {
+	if err := c.newPermissionCheck(ctx, domain.PermissionProjectGrantWrite, project.AggregateType)(resourceOwner, projectGrantID); err != nil {
+		if err := c.newPermissionCheck(ctx, domain.PermissionProjectGrantWrite, project.AggregateType)(resourceOwner, projectID); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (c *Commands) checkPermissionDeleteProjectGrant(ctx context.Context, resourceOwner, projectID, projectGrantID string) (err error) {
+	if err := c.newPermissionCheck(ctx, domain.PermissionProjectGrantDelete, project.AggregateType)(resourceOwner, projectGrantID); err != nil {
+		if err := c.newPermissionCheck(ctx, domain.PermissionProjectGrantDelete, project.AggregateType)(resourceOwner, projectID); err != nil {
+			return err
+		}
+	}
+	return nil
 }
diff --git a/internal/command/project_grant.go b/internal/command/project_grant.go
index 763ea7ab67..b613974b7e 100644
--- a/internal/command/project_grant.go
+++ b/internal/command/project_grant.go
@@ -58,11 +58,11 @@ func (c *Commands) AddProjectGrant(ctx context.Context, grant *AddProjectGrant)
 	if grant.ResourceOwner == "" {
 		grant.ResourceOwner = projectResourceOwner
 	}
-	if err := c.checkPermissionWriteProjectGrant(ctx, grant.ResourceOwner, grant.GrantID); err != nil {
+	if err := c.checkPermissionUpdateProjectGrant(ctx, grant.ResourceOwner, grant.AggregateID, grant.GrantID); err != nil {
 		return nil, err
 	}
 
-	wm := NewProjectGrantWriteModel(grant.GrantID, grant.AggregateID, grant.ResourceOwner)
+	wm := NewProjectGrantWriteModel(grant.GrantID, grant.GrantedOrgID, grant.AggregateID, grant.ResourceOwner)
 	// error if provided resourceowner is not equal to the resourceowner of the project or the project grant is for the same organization
 	if projectResourceOwner != wm.ResourceOwner || wm.ResourceOwner == grant.GrantedOrgID {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-ckUpbvboAH", "Errors.Project.Grant.Invalid")
@@ -83,19 +83,24 @@ func (c *Commands) AddProjectGrant(ctx context.Context, grant *AddProjectGrant)
 type ChangeProjectGrant struct {
 	es_models.ObjectRoot
 
-	GrantID  string
-	RoleKeys []string
+	GrantID      string
+	GrantedOrgID string
+	RoleKeys     []string
 }
 
 func (c *Commands) ChangeProjectGrant(ctx context.Context, grant *ChangeProjectGrant, cascadeUserGrantIDs ...string) (_ *domain.ObjectDetails, err error) {
-	if grant.GrantID == "" {
+	if grant.GrantID == "" && grant.GrantedOrgID == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-1j83s", "Errors.IDMissing")
 	}
-	existingGrant, err := c.projectGrantWriteModelByID(ctx, grant.GrantID, grant.AggregateID, grant.ResourceOwner)
+	existingGrant, err := c.projectGrantWriteModelByID(ctx, grant.GrantID, grant.GrantedOrgID, grant.AggregateID, grant.ResourceOwner)
 	if err != nil {
 		return nil, err
 	}
-	if err := c.checkPermissionWriteProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.GrantID); err != nil {
+	if !existingGrant.State.Exists() {
+		return nil, zerrors.ThrowNotFound(nil, "PROJECT-D8JxR", "Errors.Project.Grant.NotFound")
+	}
+
+	if err := c.checkPermissionUpdateProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.AggregateID, existingGrant.GrantID); err != nil {
 		return nil, err
 	}
 	projectResourceOwner, err := c.checkProjectGrantPreCondition(ctx, existingGrant.AggregateID, existingGrant.GrantedOrgID, existingGrant.ResourceOwner, grant.RoleKeys)
@@ -152,12 +157,12 @@ func (c *Commands) ChangeProjectGrant(ctx context.Context, grant *ChangeProjectG
 }
 
 func (c *Commands) removeRoleFromProjectGrant(ctx context.Context, projectAgg *eventstore.Aggregate, projectID, projectGrantID, roleKey string, cascade bool) (_ eventstore.Command, _ *ProjectGrantWriteModel, err error) {
-	existingProjectGrant, err := c.projectGrantWriteModelByID(ctx, projectGrantID, projectID, "")
+	existingProjectGrant, err := c.projectGrantWriteModelByID(ctx, projectGrantID, "", projectID, "")
 	if err != nil {
 		return nil, nil, err
 	}
-	if existingProjectGrant.State == domain.ProjectGrantStateUnspecified || existingProjectGrant.State == domain.ProjectGrantStateRemoved {
-		return nil, nil, zerrors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.Grant.NotFound")
+	if !existingProjectGrant.State.Exists() {
+		return nil, nil, zerrors.ThrowNotFound(nil, "PROJECT-D8JxR", "Errors.Project.Grant.NotFound")
 	}
 	keyExists := false
 	for i, key := range existingProjectGrant.RoleKeys {
@@ -172,7 +177,7 @@ func (c *Commands) removeRoleFromProjectGrant(ctx context.Context, projectAgg *e
 	if !keyExists {
 		return nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-5m8g9", "Errors.Project.Grant.RoleKeyNotFound")
 	}
-	changedProjectGrant := NewProjectGrantWriteModel(projectGrantID, projectID, existingProjectGrant.ResourceOwner)
+	changedProjectGrant := NewProjectGrantWriteModel(projectGrantID, projectID, "", existingProjectGrant.ResourceOwner)
 
 	if cascade {
 		return project.NewGrantCascadeChangedEvent(ctx, projectAgg, projectGrantID, existingProjectGrant.RoleKeys), changedProjectGrant, nil
@@ -181,8 +186,8 @@ func (c *Commands) removeRoleFromProjectGrant(ctx context.Context, projectAgg *e
 	return project.NewGrantChangedEvent(ctx, projectAgg, projectGrantID, existingProjectGrant.RoleKeys), changedProjectGrant, nil
 }
 
-func (c *Commands) DeactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (details *domain.ObjectDetails, err error) {
-	if grantID == "" || projectID == "" {
+func (c *Commands) DeactivateProjectGrant(ctx context.Context, projectID, grantID, grantedOrgID, resourceOwner string) (details *domain.ObjectDetails, err error) {
+	if (grantID == "" && grantedOrgID == "") || projectID == "" {
 		return details, zerrors.ThrowInvalidArgument(nil, "PROJECT-p0s4V", "Errors.IDMissing")
 	}
 
@@ -191,10 +196,13 @@ func (c *Commands) DeactivateProjectGrant(ctx context.Context, projectID, grantI
 		return nil, err
 	}
 
-	existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner)
+	existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, grantedOrgID, projectID, resourceOwner)
 	if err != nil {
 		return details, err
 	}
+	if !existingGrant.State.Exists() {
+		return nil, zerrors.ThrowNotFound(nil, "PROJECT-D8JxR", "Errors.Project.Grant.NotFound")
+	}
 	// error if provided resourceowner is not equal to the resourceowner of the project
 	if projectResourceOwner != existingGrant.ResourceOwner {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-0l10S9OmZV", "Errors.Project.Grant.Invalid")
@@ -207,13 +215,13 @@ func (c *Commands) DeactivateProjectGrant(ctx context.Context, projectID, grantI
 	if existingGrant.State != domain.ProjectGrantStateActive {
 		return details, zerrors.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotActive")
 	}
-	if err := c.checkPermissionWriteProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.GrantID); err != nil {
+	if err := c.checkPermissionUpdateProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.AggregateID, existingGrant.GrantID); err != nil {
 		return nil, err
 	}
 	pushedEvents, err := c.eventstore.Push(ctx,
 		project.NewGrantDeactivateEvent(ctx,
 			ProjectAggregateFromWriteModelWithCTX(ctx, &existingGrant.WriteModel),
-			grantID,
+			existingGrant.GrantID,
 		),
 	)
 	if err != nil {
@@ -226,8 +234,8 @@ func (c *Commands) DeactivateProjectGrant(ctx context.Context, projectID, grantI
 	return writeModelToObjectDetails(&existingGrant.WriteModel), nil
 }
 
-func (c *Commands) ReactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (details *domain.ObjectDetails, err error) {
-	if grantID == "" || projectID == "" {
+func (c *Commands) ReactivateProjectGrant(ctx context.Context, projectID, grantID, grantedOrgID, resourceOwner string) (details *domain.ObjectDetails, err error) {
+	if (grantID == "" && grantedOrgID == "") || projectID == "" {
 		return details, zerrors.ThrowInvalidArgument(nil, "PROJECT-p0s4V", "Errors.IDMissing")
 	}
 
@@ -236,10 +244,13 @@ func (c *Commands) ReactivateProjectGrant(ctx context.Context, projectID, grantI
 		return nil, err
 	}
 
-	existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner)
+	existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, grantedOrgID, projectID, resourceOwner)
 	if err != nil {
 		return details, err
 	}
+	if !existingGrant.State.Exists() {
+		return nil, zerrors.ThrowNotFound(nil, "PROJECT-D8JxR", "Errors.Project.Grant.NotFound")
+	}
 	// error if provided resourceowner is not equal to the resourceowner of the project
 	if projectResourceOwner != existingGrant.ResourceOwner {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-byscAarAST", "Errors.Project.Grant.Invalid")
@@ -252,13 +263,13 @@ func (c *Commands) ReactivateProjectGrant(ctx context.Context, projectID, grantI
 	if existingGrant.State != domain.ProjectGrantStateInactive {
 		return details, zerrors.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotInactive")
 	}
-	if err := c.checkPermissionWriteProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.GrantID); err != nil {
+	if err := c.checkPermissionUpdateProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.AggregateID, existingGrant.GrantID); err != nil {
 		return nil, err
 	}
 	pushedEvents, err := c.eventstore.Push(ctx,
 		project.NewGrantReactivatedEvent(ctx,
 			ProjectAggregateFromWriteModelWithCTX(ctx, &existingGrant.WriteModel),
-			grantID,
+			existingGrant.GrantID,
 		),
 	)
 	if err != nil {
@@ -271,25 +282,25 @@ func (c *Commands) ReactivateProjectGrant(ctx context.Context, projectID, grantI
 	return writeModelToObjectDetails(&existingGrant.WriteModel), nil
 }
 
+// Deprecated: use commands.DeleteProjectGrant
 func (c *Commands) RemoveProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string, cascadeUserGrantIDs ...string) (details *domain.ObjectDetails, err error) {
 	if grantID == "" || projectID == "" {
 		return details, zerrors.ThrowInvalidArgument(nil, "PROJECT-1m9fJ", "Errors.IDMissing")
 	}
-	existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner)
+	existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, "", projectID, resourceOwner)
 	if err != nil {
 		return details, err
 	}
-	// return if project grant does not exist, or was removed already
 	if !existingGrant.State.Exists() {
-		return writeModelToObjectDetails(&existingGrant.WriteModel), nil
+		return nil, zerrors.ThrowNotFound(nil, "PROJECT-D8JxR", "Errors.Project.Grant.NotFound")
 	}
-	if err := c.checkPermissionDeleteProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.GrantID); err != nil {
+	if err := c.checkPermissionDeleteProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.AggregateID, existingGrant.GrantID); err != nil {
 		return nil, err
 	}
 	events := make([]eventstore.Command, 0)
 	events = append(events, project.NewGrantRemovedEvent(ctx,
 		ProjectAggregateFromWriteModelWithCTX(ctx, &existingGrant.WriteModel),
-		grantID,
+		existingGrant.GrantID,
 		existingGrant.GrantedOrgID,
 	),
 	)
@@ -297,7 +308,7 @@ func (c *Commands) RemoveProjectGrant(ctx context.Context, projectID, grantID, r
 	for _, userGrantID := range cascadeUserGrantIDs {
 		event, _, err := c.removeUserGrant(ctx, userGrantID, "", true)
 		if err != nil {
-			logging.LogWithFields("COMMAND-3m8sG", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant")
+			logging.WithFields("id", "COMMAND-3m8sG", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant")
 			continue
 		}
 		events = append(events, event)
@@ -313,24 +324,57 @@ func (c *Commands) RemoveProjectGrant(ctx context.Context, projectID, grantID, r
 	return writeModelToObjectDetails(&existingGrant.WriteModel), nil
 }
 
-func (c *Commands) checkPermissionDeleteProjectGrant(ctx context.Context, resourceOwner, projectGrantID string) error {
-	return c.checkPermission(ctx, domain.PermissionProjectGrantDelete, resourceOwner, projectGrantID)
+func (c *Commands) DeleteProjectGrant(ctx context.Context, projectID, grantID, grantedOrgID, resourceOwner string, cascadeUserGrantIDs ...string) (details *domain.ObjectDetails, err error) {
+	if (grantID == "" && grantedOrgID == "") || projectID == "" {
+		return details, zerrors.ThrowInvalidArgument(nil, "PROJECT-1m9fJ", "Errors.IDMissing")
+	}
+	existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, grantedOrgID, projectID, resourceOwner)
+	if err != nil {
+		return details, err
+	}
+	// return if project grant does not exist, or was removed already
+	if !existingGrant.State.Exists() {
+		return writeModelToObjectDetails(&existingGrant.WriteModel), nil
+	}
+	if err := c.checkPermissionDeleteProjectGrant(ctx, existingGrant.ResourceOwner, existingGrant.AggregateID, existingGrant.GrantID); err != nil {
+		return nil, err
+	}
+	events := make([]eventstore.Command, 0)
+	events = append(events, project.NewGrantRemovedEvent(ctx,
+		ProjectAggregateFromWriteModelWithCTX(ctx, &existingGrant.WriteModel),
+		existingGrant.GrantID,
+		existingGrant.GrantedOrgID,
+	),
+	)
+
+	for _, userGrantID := range cascadeUserGrantIDs {
+		event, _, err := c.removeUserGrant(ctx, userGrantID, "", true)
+		if err != nil {
+			logging.WithFields("id", "COMMAND-3m8sG", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant")
+			continue
+		}
+		events = append(events, event)
+	}
+	pushedEvents, err := c.eventstore.Push(ctx, events...)
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(existingGrant, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+	return writeModelToObjectDetails(&existingGrant.WriteModel), nil
 }
 
-func (c *Commands) projectGrantWriteModelByID(ctx context.Context, grantID, projectID, resourceOwner string) (member *ProjectGrantWriteModel, err error) {
+func (c *Commands) projectGrantWriteModelByID(ctx context.Context, grantID, grantedOrgID, projectID, resourceOwner string) (member *ProjectGrantWriteModel, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	writeModel := NewProjectGrantWriteModel(grantID, projectID, resourceOwner)
+	writeModel := NewProjectGrantWriteModel(grantID, grantedOrgID, projectID, resourceOwner)
 	err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
 	if err != nil {
 		return nil, err
 	}
-
-	if writeModel.State == domain.ProjectGrantStateUnspecified || writeModel.State == domain.ProjectGrantStateRemoved {
-		return nil, zerrors.ThrowNotFound(nil, "PROJECT-D8JxR", "Errors.Project.Grant.NotFound")
-	}
-
 	return writeModel, nil
 }
 
diff --git a/internal/command/project_grant_model.go b/internal/command/project_grant_model.go
index a8c1fe2850..15950d4f3d 100644
--- a/internal/command/project_grant_model.go
+++ b/internal/command/project_grant_model.go
@@ -16,13 +16,14 @@ type ProjectGrantWriteModel struct {
 	State        domain.ProjectGrantState
 }
 
-func NewProjectGrantWriteModel(grantID, projectID, resourceOwner string) *ProjectGrantWriteModel {
+func NewProjectGrantWriteModel(grantID, grantedOrgID, projectID, resourceOwner string) *ProjectGrantWriteModel {
 	return &ProjectGrantWriteModel{
 		WriteModel: eventstore.WriteModel{
 			AggregateID:   projectID,
 			ResourceOwner: resourceOwner,
 		},
-		GrantID: grantID,
+		GrantID:      grantID,
+		GrantedOrgID: grantedOrgID,
 	}
 }
 
@@ -30,27 +31,28 @@ func (wm *ProjectGrantWriteModel) AppendEvents(events ...eventstore.Event) {
 	for _, event := range events {
 		switch e := event.(type) {
 		case *project.GrantAddedEvent:
-			if e.GrantID == wm.GrantID {
+			if (wm.GrantID != "" && e.GrantID == wm.GrantID) ||
+				(wm.GrantedOrgID != "" && e.GrantedOrgID == wm.GrantedOrgID) {
 				wm.WriteModel.AppendEvents(e)
 			}
 		case *project.GrantChangedEvent:
-			if e.GrantID == wm.GrantID {
+			if wm.GrantID != "" && e.GrantID == wm.GrantID {
 				wm.WriteModel.AppendEvents(e)
 			}
 		case *project.GrantCascadeChangedEvent:
-			if e.GrantID == wm.GrantID {
+			if wm.GrantID != "" && e.GrantID == wm.GrantID {
 				wm.WriteModel.AppendEvents(e)
 			}
 		case *project.GrantDeactivateEvent:
-			if e.GrantID == wm.GrantID {
+			if wm.GrantID != "" && e.GrantID == wm.GrantID {
 				wm.WriteModel.AppendEvents(e)
 			}
 		case *project.GrantReactivatedEvent:
-			if e.GrantID == wm.GrantID {
+			if wm.GrantID != "" && e.GrantID == wm.GrantID {
 				wm.WriteModel.AppendEvents(e)
 			}
 		case *project.GrantRemovedEvent:
-			if e.GrantID == wm.GrantID {
+			if wm.GrantID != "" && e.GrantID == wm.GrantID {
 				wm.WriteModel.AppendEvents(e)
 			}
 		case *project.ProjectRemovedEvent:
@@ -114,18 +116,20 @@ func (wm *ProjectGrantWriteModel) Query() *eventstore.SearchQueryBuilder {
 type ProjectGrantPreConditionReadModel struct {
 	eventstore.WriteModel
 
-	ProjectID        string
-	GrantedOrgID     string
-	ProjectExists    bool
-	GrantedOrgExists bool
-	ExistingRoleKeys []string
+	ProjectResourceOwner string
+	ProjectID            string
+	GrantedOrgID         string
+	ProjectExists        bool
+	GrantedOrgExists     bool
+	ExistingRoleKeys     []string
 }
 
 func NewProjectGrantPreConditionReadModel(projectID, grantedOrgID, resourceOwner string) *ProjectGrantPreConditionReadModel {
 	return &ProjectGrantPreConditionReadModel{
-		WriteModel:   eventstore.WriteModel{ResourceOwner: resourceOwner},
-		ProjectID:    projectID,
-		GrantedOrgID: grantedOrgID,
+		WriteModel:           eventstore.WriteModel{},
+		ProjectResourceOwner: resourceOwner,
+		ProjectID:            projectID,
+		GrantedOrgID:         grantedOrgID,
 	}
 }
 
@@ -133,26 +137,26 @@ func (wm *ProjectGrantPreConditionReadModel) Reduce() error {
 	for _, event := range wm.Events {
 		switch e := event.(type) {
 		case *project.ProjectAddedEvent:
-			if wm.ResourceOwner == "" {
-				wm.ResourceOwner = e.Aggregate().ResourceOwner
+			if wm.ProjectResourceOwner == "" {
+				wm.ProjectResourceOwner = e.Aggregate().ResourceOwner
 			}
-			if wm.ResourceOwner != e.Aggregate().ResourceOwner {
+			if wm.ProjectResourceOwner != e.Aggregate().ResourceOwner {
 				continue
 			}
 			wm.ProjectExists = true
 		case *project.ProjectRemovedEvent:
-			if wm.ResourceOwner != e.Aggregate().ResourceOwner {
+			if wm.ProjectResourceOwner != e.Aggregate().ResourceOwner {
 				continue
 			}
-			wm.ResourceOwner = ""
+			wm.ProjectResourceOwner = ""
 			wm.ProjectExists = false
 		case *project.RoleAddedEvent:
-			if e.Aggregate().ResourceOwner != wm.ResourceOwner {
+			if e.Aggregate().ResourceOwner != wm.ProjectResourceOwner {
 				continue
 			}
 			wm.ExistingRoleKeys = append(wm.ExistingRoleKeys, e.Key)
 		case *project.RoleRemovedEvent:
-			if e.Aggregate().ResourceOwner != wm.ResourceOwner {
+			if e.Aggregate().ResourceOwner != wm.ProjectResourceOwner {
 				continue
 			}
 			for i, key := range wm.ExistingRoleKeys {
@@ -175,12 +179,6 @@ func (wm *ProjectGrantPreConditionReadModel) Reduce() error {
 func (wm *ProjectGrantPreConditionReadModel) Query() *eventstore.SearchQueryBuilder {
 	query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
 		AddQuery().
-		AggregateTypes(org.AggregateType).
-		AggregateIDs(wm.GrantedOrgID).
-		EventTypes(
-			org.OrgAddedEventType,
-			org.OrgRemovedEventType).
-		Or().
 		AggregateTypes(project.AggregateType).
 		AggregateIDs(wm.ProjectID).
 		EventTypes(
@@ -188,6 +186,12 @@ func (wm *ProjectGrantPreConditionReadModel) Query() *eventstore.SearchQueryBuil
 			project.ProjectRemovedType,
 			project.RoleAddedType,
 			project.RoleRemovedType).
+		Or().
+		AggregateTypes(org.AggregateType).
+		AggregateIDs(wm.GrantedOrgID).
+		EventTypes(
+			org.OrgAddedEventType,
+			org.OrgRemovedEventType).
 		Builder()
 
 	return query
diff --git a/internal/command/project_grant_test.go b/internal/command/project_grant_test.go
index f1befa0de2..7a3bb98e7d 100644
--- a/internal/command/project_grant_test.go
+++ b/internal/command/project_grant_test.go
@@ -720,6 +720,76 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "projectgrant only added roles, grantedOrgID, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+							[]string{"key1"},
+						)),
+					),
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"projectname1", true, true, true,
+								domain.PrivateLabelingSettingUnspecified,
+							),
+						),
+						eventFromEventPusher(
+							org.NewOrgAddedEvent(context.Background(),
+								&org.NewAggregate("grantedorg1").Aggregate,
+								"granted org",
+							),
+						),
+						eventFromEventPusher(
+							project.NewRoleAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"key1",
+								"key",
+								"",
+							),
+						),
+						eventFromEventPusher(
+							project.NewRoleAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"key2",
+								"key2",
+								"",
+							),
+						),
+					),
+					expectPush(
+						project.NewGrantChangedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							[]string{"key1", "key2"},
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx: context.Background(),
+				projectGrant: &ChangeProjectGrant{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
+					},
+					GrantedOrgID: "grantedorg1",
+					RoleKeys:     []string{"key1", "key2"},
+				},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
 		{
 			name: "projectgrant remove roles, usergrant not found, ok",
 			fields: fields{
@@ -907,6 +977,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 		ctx           context.Context
 		projectID     string
 		grantID       string
+		grantedOrgID  string
 		resourceOwner string
 	}
 	type res struct {
@@ -1076,6 +1147,48 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "projectgrant deactivate, grantedOrgID, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"projectname1", true, true, true,
+								domain.PrivateLabelingSettingUnspecified,
+							),
+						),
+					),
+					expectFilter(
+						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+							[]string{"key1"},
+						)),
+					),
+					expectPush(
+						project.NewGrantDeactivateEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				grantedOrgID:  "grantedorg1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -1083,7 +1196,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
 				eventstore:      tt.fields.eventstore(t),
 				checkPermission: tt.fields.checkPermission,
 			}
-			got, err := r.DeactivateProjectGrant(tt.args.ctx, tt.args.projectID, tt.args.grantID, tt.args.resourceOwner)
+			got, err := r.DeactivateProjectGrant(tt.args.ctx, tt.args.projectID, tt.args.grantID, tt.args.grantedOrgID, tt.args.resourceOwner)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -1106,6 +1219,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 		ctx           context.Context
 		projectID     string
 		grantID       string
+		grantedOrgID  string
 		resourceOwner string
 	}
 	type res struct {
@@ -1275,6 +1389,52 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "projectgrant reactivate, grantedOrgID, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"projectname1", true, true, true,
+								domain.PrivateLabelingSettingUnspecified,
+							),
+						),
+					),
+					expectFilter(
+						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+							[]string{"key1"},
+						)),
+						eventFromEventPusher(project.NewGrantDeactivateEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+						)),
+					),
+					expectPush(
+						project.NewGrantReactivatedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				grantedOrgID:  "grantedorg1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -1282,7 +1442,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
 				eventstore:      tt.fields.eventstore(t),
 				checkPermission: tt.fields.checkPermission,
 			}
-			got, err := r.ReactivateProjectGrant(tt.args.ctx, tt.args.projectID, tt.args.grantID, tt.args.resourceOwner)
+			got, err := r.ReactivateProjectGrant(tt.args.ctx, tt.args.projectID, tt.args.grantID, tt.args.grantedOrgID, tt.args.resourceOwner)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -1536,3 +1696,283 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
 		})
 	}
 }
+
+func TestCommandSide_DeleteProjectGrant(t *testing.T) {
+	type fields struct {
+		eventstore      func(t *testing.T) *eventstore.Eventstore
+		checkPermission domain.PermissionCheck
+	}
+	type args struct {
+		ctx                 context.Context
+		projectID           string
+		grantID             string
+		grantedOrgID        string
+		resourceOwner       string
+		cascadeUserGrantIDs []string
+	}
+	type res struct {
+		want *domain.ObjectDetails
+		err  func(error) bool
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		res    res
+	}{
+		{
+			name: "missing projectid, invalid error",
+			fields: fields{
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				grantID:       "projectgrant1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: zerrors.IsErrorInvalidArgument,
+			},
+		},
+		{
+			name: "missing grantid, invalid error",
+			fields: fields{
+				eventstore:      expectEventstore(),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: zerrors.IsErrorInvalidArgument,
+			},
+		},
+		{
+			name: "project already removed, precondition failed error",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+							[]string{"key1"},
+						)),
+						eventFromEventPusher(
+							project.NewProjectRemovedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"projectname1",
+								nil,
+							),
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				grantID:       "projectgrant1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "projectgrant not existing, precondition error",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				grantID:       "projectgrant1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "projectgrant remove, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+							[]string{"key1"},
+						)),
+					),
+					expectPush(
+						project.NewGrantRemovedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				grantID:       "projectgrant1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "projectgrant remove, grantedOrgID, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+							[]string{"key1"},
+						)),
+					),
+					expectPush(
+						project.NewGrantRemovedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:           context.Background(),
+				projectID:     "project1",
+				grantedOrgID:  "grantedorg1",
+				resourceOwner: "org1",
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "projectgrant remove, cascading usergrant not found, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+							[]string{"key1"},
+						)),
+					),
+					expectFilter(),
+					expectPush(
+						project.NewGrantRemovedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:                 context.Background(),
+				projectID:           "project1",
+				grantID:             "projectgrant1",
+				resourceOwner:       "org1",
+				cascadeUserGrantIDs: []string{"usergrant1"},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "projectgrant remove with cascading usergrants, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(project.NewGrantAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+							[]string{"key1"},
+						)),
+					),
+					expectFilter(
+						eventFromEventPusher(usergrant.NewUserGrantAddedEvent(context.Background(),
+							&usergrant.NewAggregate("usergrant1", "org1").Aggregate,
+							"user1",
+							"project1",
+							"projectgrant1",
+							[]string{"key1"}))),
+					expectPush(
+						project.NewGrantRemovedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"projectgrant1",
+							"grantedorg1",
+						),
+						usergrant.NewUserGrantCascadeRemovedEvent(context.Background(),
+							&usergrant.NewAggregate("usergrant1", "org1").Aggregate,
+							"user1",
+							"project1",
+							"projectgrant1",
+						),
+					),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args: args{
+				ctx:                 context.Background(),
+				projectID:           "project1",
+				grantID:             "projectgrant1",
+				resourceOwner:       "org1",
+				cascadeUserGrantIDs: []string{"usergrant1"},
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := &Commands{
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: tt.fields.checkPermission,
+			}
+			got, err := r.DeleteProjectGrant(tt.args.ctx, tt.args.projectID, tt.args.grantID, tt.args.grantedOrgID, tt.args.resourceOwner, tt.args.cascadeUserGrantIDs...)
+			if tt.res.err == nil {
+				assert.NoError(t, err)
+			}
+			if tt.res.err != nil && !tt.res.err(err) {
+				t.Errorf("got wrong err: %v ", err)
+			}
+			if tt.res.err == nil {
+				assertObjectDetails(t, tt.res.want, got)
+			}
+		})
+	}
+}
diff --git a/internal/command/project_old.go b/internal/command/project_old.go
index e1b6f02721..99d7dd2e34 100644
--- a/internal/command/project_old.go
+++ b/internal/command/project_old.go
@@ -94,5 +94,5 @@ func (c *Commands) checkProjectGrantPreConditionOld(ctx context.Context, project
 	if domain.HasInvalidRoles(preConditions.ExistingRoleKeys, roles) {
 		return "", zerrors.ThrowPreconditionFailed(err, "COMMAND-6m9gd", "Errors.Project.Role.NotFound")
 	}
-	return preConditions.ResourceOwner, nil
+	return preConditions.ProjectResourceOwner, nil
 }
diff --git a/internal/domain/roles.go b/internal/domain/roles.go
index b6bf2ffadd..c40eef6120 100644
--- a/internal/domain/roles.go
+++ b/internal/domain/roles.go
@@ -16,6 +16,7 @@ const (
 	RoleIAMOwner             = "IAM_OWNER"
 	RoleProjectOwner         = "PROJECT_OWNER"
 	RoleProjectOwnerGlobal   = "PROJECT_OWNER_GLOBAL"
+	RoleProjectGrantOwner    = "PROJECT_GRANT_OWNER"
 	RoleSelfManagementGlobal = "SELF_MANAGEMENT_GLOBAL"
 )
 
diff --git a/internal/integration/client.go b/internal/integration/client.go
index 3bf794f5f6..838a728faf 100644
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -269,6 +269,14 @@ func (i *Instance) CreateUserTypeMachine(ctx context.Context) *user_v2.CreateUse
 	return resp
 }
 
+func (i *Instance) CreatePersonalAccessToken(ctx context.Context, userID string) *user_v2.AddPersonalAccessTokenResponse {
+	resp, err := i.Client.UserV2.AddPersonalAccessToken(ctx, &user_v2.AddPersonalAccessTokenRequest{
+		UserId: userID,
+	})
+	logging.OnError(err).Panic("create pat")
+	return resp
+}
+
 // TriggerUserByID makes sure the user projection gets triggered after creation.
 func (i *Instance) TriggerUserByID(ctx context.Context, users ...string) {
 	var wg sync.WaitGroup
@@ -903,6 +911,16 @@ func (i *Instance) CreateProjectMembership(t *testing.T, ctx context.Context, pr
 	require.NoError(t, err)
 }
 
+func (i *Instance) CreateProjectGrantMembership(t *testing.T, ctx context.Context, projectID, grantID, userID string) {
+	_, err := i.Client.Mgmt.AddProjectGrantMember(ctx, &mgmt.AddProjectGrantMemberRequest{
+		ProjectId: projectID,
+		GrantId:   grantID,
+		UserId:    userID,
+		Roles:     []string{domain.RoleProjectGrantOwner},
+	})
+	require.NoError(t, err)
+}
+
 func (i *Instance) CreateTarget(ctx context.Context, t *testing.T, name, endpoint string, ty domain.TargetType, interrupt bool) *action.CreateTargetResponse {
 	if name == "" {
 		name = gofakeit.Name()
diff --git a/internal/query/project.go b/internal/query/project.go
index ab58bd11a8..728731f7cb 100644
--- a/internal/query/project.go
+++ b/internal/query/project.go
@@ -126,6 +126,10 @@ var (
 		name:  "project_grant_resource_owner",
 		table: grantedProjectsAlias,
 	}
+	grantedProjectColumnGrantID = Column{
+		name:  projection.ProjectGrantColumnGrantID,
+		table: grantedProjectsAlias,
+	}
 	grantedProjectColumnGrantedOrganization = Column{
 		name:  projection.ProjectGrantColumnGrantedOrgID,
 		table: grantedProjectsAlias,
@@ -157,20 +161,6 @@ func projectCheckPermission(ctx context.Context, resourceOwner string, projectID
 	return permissionCheck(ctx, domain.PermissionProjectRead, resourceOwner, projectID)
 }
 
-func projectPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, queries *ProjectAndGrantedProjectSearchQueries) sq.SelectBuilder {
-	if !enabled {
-		return query
-	}
-	join, args := PermissionClause(
-		ctx,
-		grantedProjectColumnResourceOwner,
-		domain.PermissionProjectRead,
-		SingleOrgPermissionOption(queries.Queries),
-		OwnedRowsPermissionOption(GrantedProjectColumnID),
-	)
-	return query.JoinClause(join, args...)
-}
-
 type Project struct {
 	ID            string
 	CreationDate  time.Time
@@ -277,6 +267,20 @@ func (q *ProjectAndGrantedProjectSearchQueries) toQuery(query sq.SelectBuilder)
 	return query
 }
 
+func projectPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, queries *ProjectAndGrantedProjectSearchQueries) sq.SelectBuilder {
+	if !enabled {
+		return query
+	}
+	join, args := PermissionClause(
+		ctx,
+		grantedProjectColumnResourceOwner,
+		domain.PermissionProjectRead,
+		SingleOrgPermissionOption(queries.Queries),
+		WithProjectsPermissionOption(GrantedProjectColumnID),
+	)
+	return query.JoinClause(join, args...)
+}
+
 func (q *Queries) SearchGrantedProjects(ctx context.Context, queries *ProjectAndGrantedProjectSearchQueries, permissionCheck domain.PermissionCheck) (*GrantedProjects, error) {
 	permissionCheckV2 := PermissionV2(ctx, permissionCheck)
 	projects, err := q.searchGrantedProjects(ctx, queries, permissionCheckV2)
@@ -328,11 +332,11 @@ func NewGrantedProjectIDSearchQuery(ids []string) (SearchQuery, error) {
 }
 
 func NewGrantedProjectOrganizationIDSearchQuery(value string) (SearchQuery, error) {
-	project, err := NewTextQuery(grantedProjectColumnResourceOwner, value, TextEquals)
+	project, err := NewGrantedProjectResourceOwnerSearchQuery(value)
 	if err != nil {
 		return nil, err
 	}
-	grant, err := NewTextQuery(grantedProjectColumnGrantedOrganization, value, TextEquals)
+	grant, err := NewGrantedProjectGrantedOrganizationIDSearchQuery(value)
 	if err != nil {
 		return nil, err
 	}
@@ -494,6 +498,9 @@ type GrantedProjects struct {
 func grantedProjectsCheckPermission(ctx context.Context, grantedProjects *GrantedProjects, permissionCheck domain.PermissionCheck) {
 	grantedProjects.GrantedProjects = slices.DeleteFunc(grantedProjects.GrantedProjects,
 		func(grantedProject *GrantedProject) bool {
+			if grantedProject.GrantedOrgID != "" {
+				return projectGrantCheckPermission(ctx, grantedProject.ResourceOwner, grantedProject.ProjectID, grantedProject.GrantID, grantedProject.GrantedOrgID, permissionCheck) != nil
+			}
 			return projectCheckPermission(ctx, grantedProject.ResourceOwner, grantedProject.ProjectID, permissionCheck) != nil
 		},
 	)
@@ -513,6 +520,7 @@ type GrantedProject struct {
 	HasProjectCheck        bool
 	PrivateLabelingSetting domain.PrivateLabelingSetting
 
+	GrantID           string
 	GrantedOrgID      string
 	OrgName           string
 	ProjectGrantState domain.ProjectGrantState
@@ -531,6 +539,7 @@ func prepareGrantedProjectsQuery() (sq.SelectBuilder, func(*sql.Rows) (*GrantedP
 			grantedProjectColumnProjectRoleCheck.identifier(),
 			grantedProjectColumnHasProjectCheck.identifier(),
 			grantedProjectColumnPrivateLabelingSetting.identifier(),
+			grantedProjectColumnGrantID.identifier(),
 			grantedProjectColumnGrantedOrganization.identifier(),
 			grantedProjectColumnGrantedOrganizationName.identifier(),
 			grantedProjectColumnGrantState.identifier(),
@@ -541,6 +550,7 @@ func prepareGrantedProjectsQuery() (sq.SelectBuilder, func(*sql.Rows) (*GrantedP
 			projects := make([]*GrantedProject, 0)
 			var (
 				count             uint64
+				grantID           = sql.NullString{}
 				orgID             = sql.NullString{}
 				orgName           = sql.NullString{}
 				projectGrantState = sql.NullInt16{}
@@ -559,6 +569,7 @@ func prepareGrantedProjectsQuery() (sq.SelectBuilder, func(*sql.Rows) (*GrantedP
 					&grantedProject.ProjectRoleCheck,
 					&grantedProject.HasProjectCheck,
 					&grantedProject.PrivateLabelingSetting,
+					&grantID,
 					&orgID,
 					&orgName,
 					&projectGrantState,
@@ -567,6 +578,9 @@ func prepareGrantedProjectsQuery() (sq.SelectBuilder, func(*sql.Rows) (*GrantedP
 				if err != nil {
 					return nil, err
 				}
+				if grantID.Valid {
+					grantedProject.GrantID = grantID.String
+				}
 				if orgID.Valid {
 					grantedProject.GrantedOrgID = orgID.String
 				}
@@ -614,6 +628,7 @@ func prepareProjects() string {
 		ProjectColumnHasProjectCheck.identifier()+" AS "+grantedProjectColumnHasProjectCheck.name,
 		ProjectColumnPrivateLabelingSetting.identifier()+" AS "+grantedProjectColumnPrivateLabelingSetting.name,
 		"NULL::TEXT AS "+grantedProjectColumnGrantResourceOwner.name,
+		"NULL::TEXT AS "+grantedProjectColumnGrantID.name,
 		"NULL::TEXT AS "+grantedProjectColumnGrantedOrganization.name,
 		"NULL::TEXT AS "+grantedProjectColumnGrantedOrganizationName.name,
 		"NULL::SMALLINT AS "+grantedProjectColumnGrantState.name,
@@ -641,6 +656,7 @@ func prepareGrantedProjects() string {
 		ProjectColumnHasProjectCheck.identifier()+" AS "+grantedProjectColumnHasProjectCheck.name,
 		ProjectColumnPrivateLabelingSetting.identifier()+" AS "+grantedProjectColumnPrivateLabelingSetting.name,
 		ProjectGrantColumnResourceOwner.identifier()+" AS "+grantedProjectColumnGrantResourceOwner.name,
+		ProjectGrantColumnGrantID.identifier()+" AS "+grantedProjectColumnGrantID.name,
 		ProjectGrantColumnGrantedOrgID.identifier()+" AS "+grantedProjectColumnGrantedOrganization.name,
 		ProjectGrantColumnGrantedOrgName.identifier()+" AS "+grantedProjectColumnGrantedOrganizationName.name,
 		ProjectGrantColumnState.identifier()+" AS "+grantedProjectColumnGrantState.name,
diff --git a/internal/query/project_grant.go b/internal/query/project_grant.go
index a0dbd7c121..3093d26f30 100644
--- a/internal/query/project_grant.go
+++ b/internal/query/project_grant.go
@@ -108,15 +108,23 @@ type ProjectGrantSearchQueries struct {
 func projectGrantsCheckPermission(ctx context.Context, projectGrants *ProjectGrants, permissionCheck domain.PermissionCheck) {
 	projectGrants.ProjectGrants = slices.DeleteFunc(projectGrants.ProjectGrants,
 		func(projectGrant *ProjectGrant) bool {
-			return projectGrantCheckPermission(ctx, projectGrant.ResourceOwner, projectGrant.GrantID, permissionCheck) != nil
+			return projectGrantCheckPermission(ctx, projectGrant.ResourceOwner, projectGrant.ProjectID, projectGrant.GrantID, projectGrant.GrantedOrgID, permissionCheck) != nil
 		},
 	)
 }
 
-func projectGrantCheckPermission(ctx context.Context, resourceOwner string, grantID string, permissionCheck domain.PermissionCheck) error {
-	return permissionCheck(ctx, domain.PermissionProjectGrantRead, resourceOwner, grantID)
+func projectGrantCheckPermission(ctx context.Context, resourceOwner, projectID, grantID, grantedOrgID string, permissionCheck domain.PermissionCheck) error {
+	if err := permissionCheck(ctx, domain.PermissionProjectGrantRead, resourceOwner, grantID); err != nil {
+		if err := permissionCheck(ctx, domain.PermissionProjectGrantRead, grantedOrgID, grantID); err != nil {
+			if err := permissionCheck(ctx, domain.PermissionProjectGrantRead, resourceOwner, projectID); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
 }
 
+// TODO: add permission check on project grant level
 func projectGrantPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, queries *ProjectGrantSearchQueries) sq.SelectBuilder {
 	if !enabled {
 		return query
@@ -126,7 +134,6 @@ func projectGrantPermissionCheckV2(ctx context.Context, query sq.SelectBuilder,
 		ProjectGrantColumnResourceOwner,
 		domain.PermissionProjectGrantRead,
 		SingleOrgPermissionOption(queries.Queries),
-		OwnedRowsPermissionOption(ProjectGrantColumnGrantID),
 	)
 	return query.JoinClause(join, args...)
 }
diff --git a/internal/query/project_role.go b/internal/query/project_role.go
index 15ae806cd4..e70fcf277e 100644
--- a/internal/query/project_role.go
+++ b/internal/query/project_role.go
@@ -103,7 +103,7 @@ func projectRolePermissionCheckV2(ctx context.Context, query sq.SelectBuilder, e
 		ProjectRoleColumnResourceOwner,
 		domain.PermissionProjectRoleRead,
 		SingleOrgPermissionOption(queries.Queries),
-		OwnedRowsPermissionOption(ProjectRoleColumnKey),
+		WithProjectsPermissionOption(ProjectRoleColumnProjectID),
 	)
 	return query.JoinClause(join, args...)
 }

From 7df4f76f3c6d41320bc4639446afa08d9c631032 Mon Sep 17 00:00:00 2001
From: Iraq <66622793+kkrime@users.noreply.github.com>
Date: Thu, 5 Jun 2025 11:05:35 +0200
Subject: [PATCH 089/123] feat(api): reworking AddOrganization() API call to
 return all admins  (#9900)

---
 internal/api/grpc/admin/org.go                |  6 +-
 internal/api/grpc/org/v2/org.go               | 15 ++--
 internal/api/grpc/org/v2/org_test.go          |  4 +-
 internal/api/grpc/org/v2beta/helper.go        | 33 +++++--
 .../org/v2beta/integration_test/org_test.go   | 90 +++++++++++++------
 internal/api/grpc/org/v2beta/org_test.go      | 16 ++--
 internal/command/org.go                       | 25 +++++-
 internal/command/org_test.go                  | 16 ++--
 proto/zitadel/org/v2beta/org_service.proto    | 18 +++-
 9 files changed, 160 insertions(+), 63 deletions(-)

diff --git a/internal/api/grpc/admin/org.go b/internal/api/grpc/admin/org.go
index 293e7c74d7..ef97e47bb0 100644
--- a/internal/api/grpc/admin/org.go
+++ b/internal/api/grpc/admin/org.go
@@ -78,7 +78,7 @@ func (s *Server) SetUpOrg(ctx context.Context, req *admin_pb.SetUpOrgRequest) (*
 	if err != nil {
 		return nil, err
 	}
-	human := setUpOrgHumanToCommand(req.User.(*admin_pb.SetUpOrgRequest_Human_).Human) //TODO: handle machine
+	human := setUpOrgHumanToCommand(req.User.(*admin_pb.SetUpOrgRequest_Human_).Human) // TODO: handle machine
 	createdOrg, err := s.command.SetUpOrg(ctx, &command.OrgSetup{
 		Name:         req.Org.Name,
 		CustomDomain: req.Org.Domain,
@@ -93,8 +93,8 @@ func (s *Server) SetUpOrg(ctx context.Context, req *admin_pb.SetUpOrgRequest) (*
 		return nil, err
 	}
 	var userID string
-	if len(createdOrg.CreatedAdmins) == 1 {
-		userID = createdOrg.CreatedAdmins[0].ID
+	if len(createdOrg.OrgAdmins) == 1 {
+		userID = createdOrg.OrgAdmins[0].GetID()
 	}
 	return &admin_pb.SetUpOrgResponse{
 		Details: object.DomainToAddDetailsPb(createdOrg.ObjectDetails),
diff --git a/internal/api/grpc/org/v2/org.go b/internal/api/grpc/org/v2/org.go
index bbc3caca85..b876826365 100644
--- a/internal/api/grpc/org/v2/org.go
+++ b/internal/api/grpc/org/v2/org.go
@@ -69,12 +69,15 @@ func addOrganizationRequestAdminToCommand(admin *org.AddOrganizationRequest_Admi
 }
 
 func createdOrganizationToPb(createdOrg *command.CreatedOrg) (_ *org.AddOrganizationResponse, err error) {
-	admins := make([]*org.AddOrganizationResponse_CreatedAdmin, len(createdOrg.CreatedAdmins))
-	for i, admin := range createdOrg.CreatedAdmins {
-		admins[i] = &org.AddOrganizationResponse_CreatedAdmin{
-			UserId:    admin.ID,
-			EmailCode: admin.EmailCode,
-			PhoneCode: admin.PhoneCode,
+	admins := make([]*org.AddOrganizationResponse_CreatedAdmin, 0, len(createdOrg.OrgAdmins))
+	for _, admin := range createdOrg.OrgAdmins {
+		admin, ok := admin.(*command.CreatedOrgAdmin)
+		if ok {
+			admins = append(admins, &org.AddOrganizationResponse_CreatedAdmin{
+				UserId:    admin.GetID(),
+				EmailCode: admin.EmailCode,
+				PhoneCode: admin.PhoneCode,
+			})
 		}
 	}
 	return &org.AddOrganizationResponse{
diff --git a/internal/api/grpc/org/v2/org_test.go b/internal/api/grpc/org/v2/org_test.go
index 7ae252a209..37a3dca41a 100644
--- a/internal/api/grpc/org/v2/org_test.go
+++ b/internal/api/grpc/org/v2/org_test.go
@@ -150,8 +150,8 @@ func Test_createdOrganizationToPb(t *testing.T) {
 						EventDate:     now,
 						ResourceOwner: "orgID",
 					},
-					CreatedAdmins: []*command.CreatedOrgAdmin{
-						{
+					OrgAdmins: []command.OrgAdmin{
+						&command.CreatedOrgAdmin{
 							ID:        "id",
 							EmailCode: gu.Ptr("emailCode"),
 							PhoneCode: gu.Ptr("phoneCode"),
diff --git a/internal/api/grpc/org/v2beta/helper.go b/internal/api/grpc/org/v2beta/helper.go
index 39bad0dae2..6f47819bb4 100644
--- a/internal/api/grpc/org/v2beta/helper.go
+++ b/internal/api/grpc/org/v2beta/helper.go
@@ -72,18 +72,33 @@ func OrgStateToPb(state domain.OrgState) v2beta_org.OrgState {
 }
 
 func createdOrganizationToPb(createdOrg *command.CreatedOrg) (_ *org.CreateOrganizationResponse, err error) {
-	admins := make([]*org.CreatedAdmin, len(createdOrg.CreatedAdmins))
-	for i, admin := range createdOrg.CreatedAdmins {
-		admins[i] = &org.CreatedAdmin{
-			UserId:    admin.ID,
-			EmailCode: admin.EmailCode,
-			PhoneCode: admin.PhoneCode,
+	admins := make([]*org.OrganizationAdmin, len(createdOrg.OrgAdmins))
+	for i, admin := range createdOrg.OrgAdmins {
+		switch admin := admin.(type) {
+		case *command.CreatedOrgAdmin:
+			admins[i] = &org.OrganizationAdmin{
+				OrganizationAdmin: &org.OrganizationAdmin_CreatedAdmin{
+					CreatedAdmin: &org.CreatedAdmin{
+						UserId:    admin.ID,
+						EmailCode: admin.EmailCode,
+						PhoneCode: admin.PhoneCode,
+					},
+				},
+			}
+		case *command.AssignedOrgAdmin:
+			admins[i] = &org.OrganizationAdmin{
+				OrganizationAdmin: &org.OrganizationAdmin_AssignedAdmin{
+					AssignedAdmin: &org.AssignedAdmin{
+						UserId: admin.ID,
+					},
+				},
+			}
 		}
 	}
 	return &org.CreateOrganizationResponse{
-		CreationDate:  timestamppb.New(createdOrg.ObjectDetails.EventDate),
-		Id:            createdOrg.ObjectDetails.ResourceOwner,
-		CreatedAdmins: admins,
+		CreationDate:       timestamppb.New(createdOrg.ObjectDetails.EventDate),
+		Id:                 createdOrg.ObjectDetails.ResourceOwner,
+		OrganizationAdmins: admins,
 	}, nil
 }
 
diff --git a/internal/api/grpc/org/v2beta/integration_test/org_test.go b/internal/api/grpc/org/v2beta/integration_test/org_test.go
index 4e0ec26121..0d3b920afe 100644
--- a/internal/api/grpc/org/v2beta/integration_test/org_test.go
+++ b/internal/api/grpc/org/v2beta/integration_test/org_test.go
@@ -18,7 +18,6 @@ import (
 	"github.com/zitadel/zitadel/internal/integration"
 	"github.com/zitadel/zitadel/pkg/grpc/admin"
 	v2beta_object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
 	v2beta_org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 	user_v2beta "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
@@ -85,6 +84,29 @@ func TestServer_CreateOrganization(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "existing user as admin",
+			ctx:  CTX,
+			req: &v2beta_org.CreateOrganizationRequest{
+				Name: gofakeit.AppName(),
+				Admins: []*v2beta_org.CreateOrganizationRequest_Admin{
+					{
+						UserType: &v2beta_org.CreateOrganizationRequest_Admin_UserId{UserId: User.GetUserId()},
+					},
+				},
+			},
+			want: &v2beta_org.CreateOrganizationResponse{
+				OrganizationAdmins: []*v2beta_org.OrganizationAdmin{
+					{
+						OrganizationAdmin: &v2beta_org.OrganizationAdmin_AssignedAdmin{
+							AssignedAdmin: &v2beta_org.AssignedAdmin{
+								UserId: User.GetUserId(),
+							},
+						},
+					},
+				},
+			},
+		},
 		{
 			name: "admin with init",
 			ctx:  CTX,
@@ -111,11 +133,15 @@ func TestServer_CreateOrganization(t *testing.T) {
 			},
 			want: &v2beta_org.CreateOrganizationResponse{
 				Id: integration.NotEmpty,
-				CreatedAdmins: []*v2beta_org.CreatedAdmin{
+				OrganizationAdmins: []*v2beta_org.OrganizationAdmin{
 					{
-						UserId:    integration.NotEmpty,
-						EmailCode: gu.Ptr(integration.NotEmpty),
-						PhoneCode: nil,
+						OrganizationAdmin: &v2beta_org.OrganizationAdmin_CreatedAdmin{
+							CreatedAdmin: &v2beta_org.CreatedAdmin{
+								UserId:    integration.NotEmpty,
+								EmailCode: gu.Ptr(integration.NotEmpty),
+								PhoneCode: nil,
+							},
+						},
 					},
 				},
 			},
@@ -155,10 +181,21 @@ func TestServer_CreateOrganization(t *testing.T) {
 				},
 			},
 			want: &v2beta_org.CreateOrganizationResponse{
-				CreatedAdmins: []*v2beta_org.CreatedAdmin{
-					// a single admin is expected, because the first provided already exists
+				// OrganizationId: integration.NotEmpty,
+				OrganizationAdmins: []*v2beta_org.OrganizationAdmin{
 					{
-						UserId: integration.NotEmpty,
+						OrganizationAdmin: &v2beta_org.OrganizationAdmin_AssignedAdmin{
+							AssignedAdmin: &v2beta_org.AssignedAdmin{
+								UserId: User.GetUserId(),
+							},
+						},
+					},
+					{
+						OrganizationAdmin: &v2beta_org.OrganizationAdmin_CreatedAdmin{
+							CreatedAdmin: &v2beta_org.CreatedAdmin{
+								UserId: integration.NotEmpty,
+							},
+						},
 					},
 				},
 			},
@@ -192,13 +229,16 @@ func TestServer_CreateOrganization(t *testing.T) {
 			now := time.Now()
 			assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
 
-			// organization id must be the same as the resourceOwner
-
 			// check the admins
-			require.Len(t, got.GetCreatedAdmins(), len(tt.want.GetCreatedAdmins()))
-			for i, admin := range tt.want.GetCreatedAdmins() {
-				gotAdmin := got.GetCreatedAdmins()[i]
-				assertCreatedAdmin(t, admin, gotAdmin)
+			require.Equal(t, len(tt.want.GetOrganizationAdmins()), len(got.GetOrganizationAdmins()))
+			for i, admin := range tt.want.GetOrganizationAdmins() {
+				gotAdmin := got.GetOrganizationAdmins()[i].OrganizationAdmin
+				switch admin := admin.OrganizationAdmin.(type) {
+				case *v2beta_org.OrganizationAdmin_CreatedAdmin:
+					assertCreatedAdmin(t, admin.CreatedAdmin, gotAdmin.(*v2beta_org.OrganizationAdmin_CreatedAdmin).CreatedAdmin)
+				case *v2beta_org.OrganizationAdmin_AssignedAdmin:
+					assert.Equal(t, admin.AssignedAdmin.GetUserId(), gotAdmin.(*v2beta_org.OrganizationAdmin_AssignedAdmin).AssignedAdmin.GetUserId())
+				}
 			}
 		})
 	}
@@ -472,8 +512,8 @@ func TestServer_ListOrganizations(t *testing.T) {
 			ctx:  listOrgIAmOwnerCtx,
 			query: []*v2beta_org.OrganizationSearchFilter{
 				{
-					Filter: &org.OrganizationSearchFilter_DomainFilter{
-						DomainFilter: &org.OrgDomainFilter{
+					Filter: &v2beta_org.OrganizationSearchFilter_DomainFilter{
+						DomainFilter: &v2beta_org.OrgDomainFilter{
 							Domain: func() string {
 								listOrgRes, err := listOrgClient.ListOrganizations(listOrgIAmOwnerCtx, &v2beta_org.ListOrganizationsRequest{
 									Filter: []*v2beta_org.OrganizationSearchFilter{
@@ -507,8 +547,8 @@ func TestServer_ListOrganizations(t *testing.T) {
 			ctx:  listOrgIAmOwnerCtx,
 			query: []*v2beta_org.OrganizationSearchFilter{
 				{
-					Filter: &org.OrganizationSearchFilter_DomainFilter{
-						DomainFilter: &org.OrgDomainFilter{
+					Filter: &v2beta_org.OrganizationSearchFilter_DomainFilter{
+						DomainFilter: &v2beta_org.OrgDomainFilter{
 							Domain: func() string {
 								domain := strings.ToLower(strings.ReplaceAll(orgsName[1][1:len(orgsName[1])-2], " ", "-"))
 								return domain
@@ -530,8 +570,8 @@ func TestServer_ListOrganizations(t *testing.T) {
 			ctx:  listOrgIAmOwnerCtx,
 			query: []*v2beta_org.OrganizationSearchFilter{
 				{
-					Filter: &org.OrganizationSearchFilter_DomainFilter{
-						DomainFilter: &org.OrgDomainFilter{
+					Filter: &v2beta_org.OrganizationSearchFilter_DomainFilter{
+						DomainFilter: &v2beta_org.OrgDomainFilter{
 							Domain: func() string {
 								domain := strings.ToUpper(strings.ReplaceAll(orgsName[1][1:len(orgsName[1])-2], " ", "-"))
 								return domain
@@ -1374,7 +1414,7 @@ func TestServer_ValidateOrganizationDomain(t *testing.T) {
 			req: &v2beta_org.GenerateOrganizationDomainValidationRequest{
 				OrganizationId: orgId,
 				Domain:         domain,
-				Type:           org.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP,
+				Type:           v2beta_org.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP,
 			},
 		},
 		{
@@ -1383,7 +1423,7 @@ func TestServer_ValidateOrganizationDomain(t *testing.T) {
 			req: &v2beta_org.GenerateOrganizationDomainValidationRequest{
 				OrganizationId: "non existent org id",
 				Domain:         domain,
-				Type:           org.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP,
+				Type:           v2beta_org.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP,
 			},
 			// BUG: this should be 'organization does not exist'
 			err: errors.New("Domain doesn't exist on organization"),
@@ -1394,7 +1434,7 @@ func TestServer_ValidateOrganizationDomain(t *testing.T) {
 			req: &v2beta_org.GenerateOrganizationDomainValidationRequest{
 				OrganizationId: orgId,
 				Domain:         domain,
-				Type:           org.DomainValidationType_DOMAIN_VALIDATION_TYPE_DNS,
+				Type:           v2beta_org.DomainValidationType_DOMAIN_VALIDATION_TYPE_DNS,
 			},
 		},
 		{
@@ -1403,7 +1443,7 @@ func TestServer_ValidateOrganizationDomain(t *testing.T) {
 			req: &v2beta_org.GenerateOrganizationDomainValidationRequest{
 				OrganizationId: "non existent org id",
 				Domain:         domain,
-				Type:           org.DomainValidationType_DOMAIN_VALIDATION_TYPE_DNS,
+				Type:           v2beta_org.DomainValidationType_DOMAIN_VALIDATION_TYPE_DNS,
 			},
 			// BUG: this should be 'organization does not exist'
 			err: errors.New("Domain doesn't exist on organization"),
@@ -1414,7 +1454,7 @@ func TestServer_ValidateOrganizationDomain(t *testing.T) {
 			req: &v2beta_org.GenerateOrganizationDomainValidationRequest{
 				OrganizationId: orgId,
 				Domain:         "non existent domain",
-				Type:           org.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP,
+				Type:           v2beta_org.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP,
 			},
 			err: errors.New("Domain doesn't exist on organization"),
 		},
diff --git a/internal/api/grpc/org/v2beta/org_test.go b/internal/api/grpc/org/v2beta/org_test.go
index 2047f665a1..346d6b88c1 100644
--- a/internal/api/grpc/org/v2beta/org_test.go
+++ b/internal/api/grpc/org/v2beta/org_test.go
@@ -150,8 +150,8 @@ func Test_createdOrganizationToPb(t *testing.T) {
 						EventDate:     now,
 						ResourceOwner: "orgID",
 					},
-					CreatedAdmins: []*command.CreatedOrgAdmin{
-						{
+					OrgAdmins: []command.OrgAdmin{
+						&command.CreatedOrgAdmin{
 							ID:        "id",
 							EmailCode: gu.Ptr("emailCode"),
 							PhoneCode: gu.Ptr("phoneCode"),
@@ -162,11 +162,15 @@ func Test_createdOrganizationToPb(t *testing.T) {
 			want: &org.CreateOrganizationResponse{
 				CreationDate: timestamppb.New(now),
 				Id:           "orgID",
-				CreatedAdmins: []*org.CreatedAdmin{
+				OrganizationAdmins: []*org.OrganizationAdmin{
 					{
-						UserId:    "id",
-						EmailCode: gu.Ptr("emailCode"),
-						PhoneCode: gu.Ptr("phoneCode"),
+						OrganizationAdmin: &org.OrganizationAdmin_CreatedAdmin{
+							CreatedAdmin: &org.CreatedAdmin{
+								UserId:    "id",
+								EmailCode: gu.Ptr("emailCode"),
+								PhoneCode: gu.Ptr("phoneCode"),
+							},
+						},
 					},
 				},
 			},
diff --git a/internal/command/org.go b/internal/command/org.go
index b6650ef7f2..ddf99797e3 100644
--- a/internal/command/org.go
+++ b/internal/command/org.go
@@ -54,7 +54,11 @@ type orgSetupCommands struct {
 
 type CreatedOrg struct {
 	ObjectDetails *domain.ObjectDetails
-	CreatedAdmins []*CreatedOrgAdmin
+	OrgAdmins     []OrgAdmin
+}
+
+type OrgAdmin interface {
+	GetID() string
 }
 
 type CreatedOrgAdmin struct {
@@ -65,6 +69,18 @@ type CreatedOrgAdmin struct {
 	MachineKey *MachineKey
 }
 
+func (a *CreatedOrgAdmin) GetID() string {
+	return a.ID
+}
+
+type AssignedOrgAdmin struct {
+	ID string
+}
+
+func (a *AssignedOrgAdmin) GetID() string {
+	return a.ID
+}
+
 func (o *OrgSetup) Validate() (err error) {
 	if o.OrgID != "" && strings.TrimSpace(o.OrgID) == "" {
 		return zerrors.ThrowInvalidArgument(nil, "ORG-4ABd3", "Errors.Invalid.Argument")
@@ -188,14 +204,15 @@ func (c *orgSetupCommands) push(ctx context.Context) (_ *CreatedOrg, err error)
 			EventDate:     events[len(events)-1].CreatedAt(),
 			ResourceOwner: c.aggregate.ID,
 		},
-		CreatedAdmins: c.createdAdmins(),
+		OrgAdmins: c.createdAdmins(),
 	}, nil
 }
 
-func (c *orgSetupCommands) createdAdmins() []*CreatedOrgAdmin {
-	users := make([]*CreatedOrgAdmin, 0, len(c.admins))
+func (c *orgSetupCommands) createdAdmins() []OrgAdmin {
+	users := make([]OrgAdmin, 0, len(c.admins))
 	for _, admin := range c.admins {
 		if admin.ID != "" && admin.Human == nil {
+			users = append(users, &AssignedOrgAdmin{ID: admin.ID})
 			continue
 		}
 		if admin.Human != nil {
diff --git a/internal/command/org_test.go b/internal/command/org_test.go
index 4b6fd7afe5..4239be760a 100644
--- a/internal/command/org_test.go
+++ b/internal/command/org_test.go
@@ -1531,8 +1531,8 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 					ObjectDetails: &domain.ObjectDetails{
 						ResourceOwner: "orgID",
 					},
-					CreatedAdmins: []*CreatedOrgAdmin{
-						{
+					OrgAdmins: []OrgAdmin{
+						&CreatedOrgAdmin{
 							ID: "userID",
 						},
 					},
@@ -1574,7 +1574,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 					ObjectDetails: &domain.ObjectDetails{
 						ResourceOwner: "custom-org-ID",
 					},
-					CreatedAdmins: []*CreatedOrgAdmin{},
+					OrgAdmins: []OrgAdmin{},
 				},
 			},
 		},
@@ -1641,7 +1641,11 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 					ObjectDetails: &domain.ObjectDetails{
 						ResourceOwner: "orgID",
 					},
-					CreatedAdmins: []*CreatedOrgAdmin{},
+					OrgAdmins: []OrgAdmin{
+						&AssignedOrgAdmin{
+							ID: "userID",
+						},
+					},
 				},
 			},
 		},
@@ -1751,8 +1755,8 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 					ObjectDetails: &domain.ObjectDetails{
 						ResourceOwner: "orgID",
 					},
-					CreatedAdmins: []*CreatedOrgAdmin{
-						{
+					OrgAdmins: []OrgAdmin{
+						&CreatedOrgAdmin{
 							ID: "userID",
 							PAT: &PersonalAccessToken{
 								ObjectRoot: models.ObjectRoot{
diff --git a/proto/zitadel/org/v2beta/org_service.proto b/proto/zitadel/org/v2beta/org_service.proto
index 28c823a89b..387b2cb825 100644
--- a/proto/zitadel/org/v2beta/org_service.proto
+++ b/proto/zitadel/org/v2beta/org_service.proto
@@ -558,6 +558,18 @@ message CreatedAdmin {
   optional string phone_code = 3;
 }
 
+message AssignedAdmin {
+  string user_id = 1;
+}
+
+message OrganizationAdmin {
+  // The admins created/assigned for the Organization.
+  oneof OrganizationAdmin {
+    CreatedAdmin created_admin = 1;
+    AssignedAdmin assigned_admin = 2;
+  }
+}
+
 message CreateOrganizationResponse{
   // The timestamp of the organization was created.
   google.protobuf.Timestamp creation_date = 1 [
@@ -577,8 +589,8 @@ message CreateOrganizationResponse{
     }
   ];
 
-  // The admins created for the Organization
-  repeated CreatedAdmin created_admins = 3;
+  // The admins created/assigned for the Organization
+  repeated OrganizationAdmin organization_admins = 3;
 }
 
 message UpdateOrganizationRequest {
@@ -939,3 +951,5 @@ message DeleteOrganizationMetadataResponse{
     }
   ];
 }
+
+

From 63c92104baec2d326a3f296cd0572a98b56be199 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Thu, 5 Jun 2025 12:13:26 +0200
Subject: [PATCH 090/123] chore: service ping api design (#9984)

# Which Problems Are Solved

Add the possibility to report information and analytical data from
(self-hosted) ZITADEL systems to a central endpoint.
To be able to do so an API has to be designed to receive the different
reports and information.

# How the Problems Are Solved

- Telemetry service definition added, which currently has two endpoints:
- ReportBaseInformation: To gather the zitadel version and instance
information such as id and creation date
- ReportResourceCounts: Dynamically report (based on #9979) different
resources (orgs, users per org, ...)
- To be able to paginate and send multiple pages to the endpoint a
`report_id` is returned on the first page / request from the server,
which needs to be passed by the client on the following pages.
- Base error handling is described in the proto and is based on gRPC
standards and best practices.

# Additional Changes

none

# Additional Context

Public documentation of the behaviour / error handling and what data is
collected, resp. how to configure will be provided in
https://github.com/zitadel/zitadel/issues/9869.

Closes https://github.com/zitadel/zitadel/issues/9872
---
 .../zitadel/analytics/v2beta/telemetry.proto  | 48 +++++++++++
 .../analytics/v2beta/telemetry_service.proto  | 79 +++++++++++++++++++
 2 files changed, 127 insertions(+)
 create mode 100644 proto/zitadel/analytics/v2beta/telemetry.proto
 create mode 100644 proto/zitadel/analytics/v2beta/telemetry_service.proto

diff --git a/proto/zitadel/analytics/v2beta/telemetry.proto b/proto/zitadel/analytics/v2beta/telemetry.proto
new file mode 100644
index 0000000000..f0e1537f9a
--- /dev/null
+++ b/proto/zitadel/analytics/v2beta/telemetry.proto
@@ -0,0 +1,48 @@
+syntax = "proto3";
+
+package zitadel.analytics.v2beta;
+
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/analytics/v2beta;analytics";
+
+
+message InstanceInformation {
+  // The unique identifier of the instance.
+  string id = 1;
+  // The custom domains (incl. generated ones) of the instance.
+  repeated string domains = 2;
+  // The creation date of the instance.
+  google.protobuf.Timestamp created_at = 3;
+}
+
+message ResourceCount {
+  // The ID of the instance for which the resource counts are reported.
+  string instance_id = 3;
+  // The parent type of the resource counts (e.g. organization or instance).
+  // For example, reporting the amount of users per organization would use
+  // `COUNT_PARENT_TYPE_ORGANIZATION` as parent type and the organization ID as parent ID.
+  CountParentType parent_type = 4;
+  // The parent ID of the resource counts (e.g. organization or instance ID).
+  // For example, reporting the amount of users per organization would use
+  // `COUNT_PARENT_TYPE_ORGANIZATION` as parent type and the organization ID as parent ID.
+  string parent_id = 5;
+  // The resource counts to report, e.g. amount of `users`, `organizations`, etc.
+  string resource_name = 6;
+  // The name of the table in the database, which was used to calculate the counts.
+  // This can be used to deduplicate counts in case of multiple reports.
+  // For example, if the counts were calculated from the `users14` table,
+  // the table name would be `users14`, where there could also be a `users15` table
+  // reported at the same time as the system is rolling out a new version.
+  string table_name = 7;
+  // The timestamp when the count was last updated.
+  google.protobuf.Timestamp updated_at = 8;
+  // The actual amount of the resource.
+  uint32 amount = 9;
+}
+
+enum CountParentType {
+  COUNT_PARENT_TYPE_UNSPECIFIED = 0;
+  COUNT_PARENT_TYPE_INSTANCE = 1;
+  COUNT_PARENT_TYPE_ORGANIZATION = 2;
+}
diff --git a/proto/zitadel/analytics/v2beta/telemetry_service.proto b/proto/zitadel/analytics/v2beta/telemetry_service.proto
new file mode 100644
index 0000000000..e71536a811
--- /dev/null
+++ b/proto/zitadel/analytics/v2beta/telemetry_service.proto
@@ -0,0 +1,79 @@
+syntax = "proto3";
+
+package zitadel.analytics.v2beta;
+
+import "google/protobuf/timestamp.proto";
+import "zitadel/analytics/v2beta/telemetry.proto";
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/analytics/v2beta;analytics";
+
+// The TelemetryService is used to report telemetry such as usage statistics of the ZITADEL instance(s).
+// back to a central storage.
+// It is used to collect anonymized data about the usage of ZITADEL features, capabilities, and configurations.
+// ZITADEL acts as a client of the TelemetryService.
+//
+// Reports are sent periodically based on the system's runtime configuration.
+// The content of the reports, respectively the data collected, can be configured in the system's runtime configuration.
+//
+// All endpoints follow the same error and retry handling:
+// In case of a failure to report the usage, ZITADEL will retry to report the usage
+// based on the configured retry policy and error type:
+// - Client side errors will not be retried, as they indicate a misconfiguration or an invalid request:
+//   - `INVALID_ARGUMENT`: The request was malformed.
+//   - `NOT_FOUND`: The TelemetryService's endpoint is likely misconfigured.
+// - Connection / transfer errors will be retried based on the retry policy configured in the system's runtime configuration:
+//   - `DEADLINE_EXCEEDED`: The request took too long to complete, it will be retried.
+//   - `RESOURCE_EXHAUSTED`: The request was rejected due to resource exhaustion, it will be retried after a backoff period.
+//   - `UNAVAILABLE`: The TelemetryService is currently unavailable, it will be retried after a backoff period.
+// Server side errors will also be retried based on the information provided by the server:
+// - `FAILED_PRECONDITION`: The request failed due to a precondition, e.g. the report ID does not exists,
+//    does not correspond to the same system ID or previous reporting is too old, do not retry.
+// - `INTERNAL`: An internal error occurred. Check details and logs.
+service TelemetryService {
+
+  // ReportBaseInformation is used to report the base information of the ZITADEL system,
+  // including the version, instances, their creation date and domains.
+  // The response contains a report ID to link it to the resource counts or other reports.
+  // The report ID is only valid for the same system ID.
+  rpc ReportBaseInformation (ReportBaseInformationRequest) returns (ReportBaseInformationResponse) {}
+
+  // ReportResourceCounts is used to report the resource counts such as amount of organizations
+  // or users per organization and much more.
+  // Since the resource counts can be reported in multiple batches,
+  // the response contains a report ID to continue reporting.
+  // The report ID is only valid for the same system ID.
+  rpc ReportResourceCounts (ReportResourceCountsRequest) returns (ReportResourceCountsResponse) {}
+}
+
+message ReportBaseInformationRequest {
+  // The system ID is a unique identifier for the ZITADEL system.
+  string system_id = 1;
+  // The current version of the ZITADEL system.
+  string version = 2;
+  // A list of instances in the ZITADEL system and their information.
+  repeated InstanceInformation instances = 3;
+}
+
+message ReportBaseInformationResponse {
+  // The report ID is a unique identifier for the report.
+  // It is used to identify the report to be able to link it to the resource counts or other reports.
+  // Note that the report ID is only valid for the same system ID.
+  string report_id = 1;
+}
+
+message ReportResourceCountsRequest {
+  // The system ID is a unique identifier for the ZITADEL system.
+  string system_id = 1;
+  // The previously returned report ID from the server to continue reporting.
+  // Note that the report ID is only valid for the same system ID.
+  optional string report_id = 2;
+  // A list of resource counts to report.
+  repeated ResourceCount resource_counts = 3;
+}
+
+message ReportResourceCountsResponse {
+  // The report ID is a unique identifier for the report.
+  // It is used to identify the report in case of additional data / pagination.
+  // Note that the report ID is only valid for the same system ID.
+  string report_id = 1;
+}
\ No newline at end of file

From 6c309d65c6d6367959d012a9b97a46a26cc8be6a Mon Sep 17 00:00:00 2001
From: Silvan <27845747+adlerhurst@users.noreply.github.com>
Date: Thu, 5 Jun 2025 13:42:59 +0200
Subject: [PATCH 091/123] fix(fields): project by id and resource owner
 (#10034)

# Which Problems Are Solved

If the `IMPROVED_PERFORMANCE_PROJECT` feature flag was enabled it was
not possible to remove organizations anymore because the project was
searched in the `eventstore.fields` table without resource owner.

# How the Problems Are Solved

Search now includes resource owner.
---
 internal/command/project.go | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/internal/command/project.go b/internal/command/project.go
index bf72306417..40aa79f186 100644
--- a/internal/command/project.go
+++ b/internal/command/project.go
@@ -138,14 +138,14 @@ func projectWriteModel(ctx context.Context, filter preparation.FilterToQueryRedu
 	return project, nil
 }
 
-func (c *Commands) projectAggregateByID(ctx context.Context, projectID string) (*eventstore.Aggregate, domain.ProjectState, error) {
-	result, err := c.projectState(ctx, projectID)
+func (c *Commands) projectAggregateByID(ctx context.Context, projectID, resourceOwner string) (*eventstore.Aggregate, domain.ProjectState, error) {
+	result, err := c.projectState(ctx, projectID, resourceOwner)
 	if err != nil {
 		return nil, domain.ProjectStateUnspecified, zerrors.ThrowNotFound(err, "COMMA-NDQoF", "Errors.Project.NotFound")
 	}
 	if len(result) == 0 {
 		_ = projection.ProjectGrantFields.Trigger(ctx)
-		result, err = c.projectState(ctx, projectID)
+		result, err = c.projectState(ctx, projectID, resourceOwner)
 		if err != nil || len(result) == 0 {
 			return nil, domain.ProjectStateUnspecified, zerrors.ThrowNotFound(err, "COMMA-U1nza", "Errors.Project.NotFound")
 		}
@@ -159,7 +159,7 @@ func (c *Commands) projectAggregateByID(ctx context.Context, projectID string) (
 	return &result[0].Aggregate, state, nil
 }
 
-func (c *Commands) projectState(ctx context.Context, projectID string) ([]*eventstore.SearchResult, error) {
+func (c *Commands) projectState(ctx context.Context, projectID, resourceOwner string) ([]*eventstore.SearchResult, error) {
 	return c.eventstore.Search(
 		ctx,
 		map[eventstore.FieldType]any{
@@ -167,6 +167,7 @@ func (c *Commands) projectState(ctx context.Context, projectID string) ([]*event
 			eventstore.FieldTypeObjectID:       projectID,
 			eventstore.FieldTypeObjectRevision: project.ProjectObjectRevision,
 			eventstore.FieldTypeFieldName:      project.ProjectStateSearchField,
+			eventstore.FieldTypeResourceOwner:  resourceOwner,
 		},
 	)
 }
@@ -179,7 +180,7 @@ func (c *Commands) checkProjectExists(ctx context.Context, projectID, resourceOw
 		return c.checkProjectExistsOld(ctx, projectID, resourceOwner)
 	}
 
-	agg, state, err := c.projectAggregateByID(ctx, projectID)
+	agg, state, err := c.projectAggregateByID(ctx, projectID, resourceOwner)
 	if err != nil || !state.Valid() {
 		return "", zerrors.ThrowPreconditionFailed(err, "COMMA-VCnwD", "Errors.Project.NotFound")
 	}
@@ -249,7 +250,7 @@ func (c *Commands) DeactivateProject(ctx context.Context, projectID string, reso
 		return c.deactivateProjectOld(ctx, projectID, resourceOwner)
 	}
 
-	projectAgg, state, err := c.projectAggregateByID(ctx, projectID)
+	projectAgg, state, err := c.projectAggregateByID(ctx, projectID, resourceOwner)
 	if err != nil {
 		return nil, err
 	}
@@ -285,7 +286,7 @@ func (c *Commands) ReactivateProject(ctx context.Context, projectID string, reso
 		return c.reactivateProjectOld(ctx, projectID, resourceOwner)
 	}
 
-	projectAgg, state, err := c.projectAggregateByID(ctx, projectID)
+	projectAgg, state, err := c.projectAggregateByID(ctx, projectID, resourceOwner)
 	if err != nil {
 		return nil, err
 	}

From 647b3b57cffe4c34d3ae9d0d66e635a967f7eea9 Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Thu, 5 Jun 2025 15:50:21 +0200
Subject: [PATCH 092/123] fix: correct id filter for project service (#10035)

# Which Problems Are Solved

IDs filter definition was changed in another PR and not changed in the
Project service.

# How the Problems Are Solved

Correctly use the IDs filter.

# Additional Changes

Add timeout to the integration tests.

# Additional Context

None
---
 .../grpc/project/v2beta/integration/query_test.go    | 12 ++++--------
 internal/integration/client.go                       |  4 +++-
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/internal/api/grpc/project/v2beta/integration/query_test.go b/internal/api/grpc/project/v2beta/integration/query_test.go
index fc153f0130..b648e8c1d7 100644
--- a/internal/api/grpc/project/v2beta/integration/query_test.go
+++ b/internal/api/grpc/project/v2beta/integration/query_test.go
@@ -389,9 +389,7 @@ func TestServer_ListProjects(t *testing.T) {
 					resp2 := createProject(iamOwnerCtx, instance, t, orgID, true, false)
 					resp3 := createProject(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), false, true)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{resp1.GetId(), resp2.GetId(), resp3.GetId(), projectResp.GetId()},
-						},
+						InProjectIdsFilter: &filter.InIDsFilter{Ids: []string{resp1.GetId(), resp2.GetId(), resp3.GetId(), projectResp.GetId()}},
 					}
 					response.Projects[0] = grantedProjectResp
 					response.Projects[1] = projectResp
@@ -516,7 +514,7 @@ func TestServer_ListProjects(t *testing.T) {
 					projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), projectName, true, true)
 					projectGrantResp := instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), orgID)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{ProjectIds: []string{projectResp.GetId()}},
+						InProjectIdsFilter: &filter.InIDsFilter{Ids: []string{projectResp.GetId()}},
 					}
 					response.Projects[0] = &project.Project{
 						Id:                      projectResp.GetId(),
@@ -892,7 +890,7 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
 					// projectGrantResp :=
 					instancePermissionV2.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), orgID)
 					request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{ProjectIds: []string{projectResp.GetId()}},
+						InProjectIdsFilter: &filter.InIDsFilter{Ids: []string{projectResp.GetId()}},
 					}
 					/*
 						response.Projects[0] = &project.Project{
@@ -1227,9 +1225,7 @@ func TestServer_ListProjectGrants(t *testing.T) {
 					project2Resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name2, false, false)
 					project3Resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name3, false, false)
 					request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
-						InProjectIdsFilter: &project.InProjectIDsFilter{
-							ProjectIds: []string{project1Resp.GetId(), project2Resp.GetId(), project3Resp.GetId(), projectResp.GetId()},
-						},
+						InProjectIdsFilter: &filter.InIDsFilter{Ids: []string{project1Resp.GetId(), project2Resp.GetId(), project3Resp.GetId(), projectResp.GetId()}},
 					}
 
 					createProjectGrant(iamOwnerCtx, instance, t, orgID, project1Resp.GetId(), name1)
diff --git a/internal/integration/client.go b/internal/integration/client.go
index 838a728faf..20c98b5628 100644
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -16,6 +16,7 @@ import (
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/structpb"
+	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/integration/scim"
@@ -271,7 +272,8 @@ func (i *Instance) CreateUserTypeMachine(ctx context.Context) *user_v2.CreateUse
 
 func (i *Instance) CreatePersonalAccessToken(ctx context.Context, userID string) *user_v2.AddPersonalAccessTokenResponse {
 	resp, err := i.Client.UserV2.AddPersonalAccessToken(ctx, &user_v2.AddPersonalAccessTokenRequest{
-		UserId: userID,
+		UserId:         userID,
+		ExpirationDate: timestamppb.New(time.Now().Add(30 * time.Minute)),
 	})
 	logging.OnError(err).Panic("create pat")
 	return resp

From 4df138286b673255319b20b685f1cba31c05b47d Mon Sep 17 00:00:00 2001
From: Silvan <27845747+adlerhurst@users.noreply.github.com>
Date: Fri, 6 Jun 2025 10:48:29 +0200
Subject: [PATCH 093/123] perf(query): reduce user query duration (#10037)

# Which Problems Are Solved

The resource usage to query user(s) on the database was high and
therefore could have performance impact.

# How the Problems Are Solved

Database queries involving the users and loginnames table were improved
and an index was added for user by email query.

# Additional Changes

- spellchecks
- updated apis on load tests

# additional info

needs cherry pick to v3
---
 cmd/setup/58.go                               |  49 +++
 cmd/setup/58/01_update_login_names3_view.sql  |  36 ++
 cmd/setup/58/02_create_index.sql              |   1 +
 cmd/setup/config.go                           |   1 +
 cmd/setup/setup.go                            |   2 +
 internal/query/oidc_settings.go               |   2 +-
 internal/query/org_metadata.go                |   4 +-
 internal/query/project.go                     |   2 +-
 internal/query/project_grant.go               |   4 +-
 internal/query/projection/login_name.go       | 111 +-----
 .../query/projection/login_name_query.sql     |  35 ++
 internal/query/projection/user.go             |   1 +
 internal/query/restrictions.go                |   2 +-
 internal/query/search_query.go                |  13 +-
 internal/query/search_query_test.go           |  22 +-
 internal/query/secret_generators.go           |   2 +-
 internal/query/security_policy.go             |   2 +-
 internal/query/user.go                        | 158 ++------
 internal/query/user_by_id.sql                 |  52 +--
 internal/query/user_metadata.go               |   6 +-
 internal/query/user_notify_by_id.sql          |  52 +--
 internal/query/user_personal_access_token.go  |   2 +-
 internal/query/user_test.go                   | 345 +-----------------
 load-test/src/org.ts                          |   2 +-
 load-test/src/use_cases/manipulate_user.ts    |   2 +-
 load-test/src/user.ts                         |   6 +-
 26 files changed, 225 insertions(+), 689 deletions(-)
 create mode 100644 cmd/setup/58.go
 create mode 100644 cmd/setup/58/01_update_login_names3_view.sql
 create mode 100644 cmd/setup/58/02_create_index.sql
 create mode 100644 internal/query/projection/login_name_query.sql

diff --git a/cmd/setup/58.go b/cmd/setup/58.go
new file mode 100644
index 0000000000..c46b30f548
--- /dev/null
+++ b/cmd/setup/58.go
@@ -0,0 +1,49 @@
+package setup
+
+import (
+	"context"
+	"database/sql"
+	"embed"
+	"fmt"
+
+	"github.com/zitadel/logging"
+
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/eventstore"
+)
+
+var (
+	//go:embed 58/*.sql
+	replaceLoginNames3View embed.FS
+)
+
+type ReplaceLoginNames3View struct {
+	dbClient *database.DB
+}
+
+func (mig *ReplaceLoginNames3View) Execute(ctx context.Context, _ eventstore.Event) error {
+	var exists bool
+	err := mig.dbClient.QueryRowContext(ctx, func(r *sql.Row) error {
+		return r.Scan(&exists)
+	}, "SELECT exists(SELECT 1 from information_schema.views WHERE table_schema = 'projections' AND table_name = 'login_names3')")
+
+	if err != nil || !exists {
+		return err
+	}
+
+	statements, err := readStatements(replaceLoginNames3View, "58")
+	if err != nil {
+		return err
+	}
+	for _, stmt := range statements {
+		logging.WithFields("file", stmt.file, "migration", mig.String()).Info("execute statement")
+		if _, err := mig.dbClient.ExecContext(ctx, stmt.query); err != nil {
+			return fmt.Errorf("%s %s: %w", mig.String(), stmt.file, err)
+		}
+	}
+	return nil
+}
+
+func (mig *ReplaceLoginNames3View) String() string {
+	return "58_replace_login_names3_view"
+}
diff --git a/cmd/setup/58/01_update_login_names3_view.sql b/cmd/setup/58/01_update_login_names3_view.sql
new file mode 100644
index 0000000000..4499296152
--- /dev/null
+++ b/cmd/setup/58/01_update_login_names3_view.sql
@@ -0,0 +1,36 @@
+CREATE OR REPLACE VIEW projections.login_names3 AS
+    SELECT
+        u.id AS user_id
+        , CASE
+            WHEN p.must_be_domain THEN CONCAT(u.user_name, '@', d.name)
+            ELSE u.user_name
+        END AS login_name
+        , COALESCE(d.is_primary, TRUE) AS is_primary
+        , u.instance_id
+    FROM
+        projections.login_names3_users AS u
+    LEFT JOIN LATERAL (
+        SELECT
+            must_be_domain
+            , is_default
+        FROM
+            projections.login_names3_policies AS p
+        WHERE
+            (
+                p.instance_id = u.instance_id
+                AND NOT p.is_default
+                AND p.resource_owner = u.resource_owner
+            ) OR (
+                p.instance_id = u.instance_id
+                AND p.is_default
+            )
+        ORDER BY
+            p.is_default -- custom first
+        LIMIT 1
+    ) AS p ON TRUE
+    LEFT JOIN 
+        projections.login_names3_domains d
+        ON 
+            p.must_be_domain 
+            AND u.resource_owner = d.resource_owner 
+            AND u.instance_id = d.instance_id
diff --git a/cmd/setup/58/02_create_index.sql b/cmd/setup/58/02_create_index.sql
new file mode 100644
index 0000000000..ed3627b427
--- /dev/null
+++ b/cmd/setup/58/02_create_index.sql
@@ -0,0 +1 @@
+CREATE INDEX CONCURRENTLY IF NOT EXISTS login_names3_policies_is_default_owner_idx ON projections.login_names3_policies (instance_id, is_default, resource_owner) INCLUDE (must_be_domain)
diff --git a/cmd/setup/config.go b/cmd/setup/config.go
index dd59ba3f07..0c3f726902 100644
--- a/cmd/setup/config.go
+++ b/cmd/setup/config.go
@@ -154,6 +154,7 @@ type Steps struct {
 	s55ExecutionHandlerStart                *ExecutionHandlerStart
 	s56IDPTemplate6SAMLFederatedLogout      *IDPTemplate6SAMLFederatedLogout
 	s57CreateResourceCounts                 *CreateResourceCounts
+	s58ReplaceLoginNames3View               *ReplaceLoginNames3View
 }
 
 func MustNewSteps(v *viper.Viper) *Steps {
diff --git a/cmd/setup/setup.go b/cmd/setup/setup.go
index 1465180a6b..8ee8d7fc68 100644
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -216,6 +216,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 	steps.s55ExecutionHandlerStart = &ExecutionHandlerStart{dbClient: dbClient}
 	steps.s56IDPTemplate6SAMLFederatedLogout = &IDPTemplate6SAMLFederatedLogout{dbClient: dbClient}
 	steps.s57CreateResourceCounts = &CreateResourceCounts{dbClient: dbClient}
+	steps.s58ReplaceLoginNames3View = &ReplaceLoginNames3View{dbClient: dbClient}
 
 	err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil, nil)
 	logging.OnError(err).Fatal("unable to start projections")
@@ -262,6 +263,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 		steps.s55ExecutionHandlerStart,
 		steps.s56IDPTemplate6SAMLFederatedLogout,
 		steps.s57CreateResourceCounts,
+		steps.s58ReplaceLoginNames3View,
 	} {
 		setupErr = executeMigration(ctx, eventstoreClient, step, "migration failed")
 		if setupErr != nil {
diff --git a/internal/query/oidc_settings.go b/internal/query/oidc_settings.go
index bdd21cfd15..4ecd6cdad2 100644
--- a/internal/query/oidc_settings.go
+++ b/internal/query/oidc_settings.go
@@ -84,7 +84,7 @@ func (q *Queries) OIDCSettingsByAggID(ctx context.Context, aggregateID string) (
 		OIDCSettingsColumnInstanceID.identifier():  authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-s9nle", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-s9nle", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
diff --git a/internal/query/org_metadata.go b/internal/query/org_metadata.go
index fe61ad51d9..e67c7222cd 100644
--- a/internal/query/org_metadata.go
+++ b/internal/query/org_metadata.go
@@ -103,7 +103,7 @@ func (q *Queries) GetOrgMetadataByKey(ctx context.Context, shouldTriggerBulk boo
 	}
 	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-aDaG2", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-aDaG2", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
@@ -133,7 +133,7 @@ func (q *Queries) SearchOrgMetadata(ctx context.Context, shouldTriggerBulk bool,
 	query, scan := prepareOrgMetadataListQuery()
 	stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Egbld", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-Egbld", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
diff --git a/internal/query/project.go b/internal/query/project.go
index 728731f7cb..59e2dd95c0 100644
--- a/internal/query/project.go
+++ b/internal/query/project.go
@@ -211,7 +211,7 @@ func (q *Queries) ProjectByID(ctx context.Context, shouldTriggerBulk bool, id st
 	}
 	query, args, err := stmt.Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-2m00Q", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-2m00Q", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
diff --git a/internal/query/project_grant.go b/internal/query/project_grant.go
index 3093d26f30..1931cad0f5 100644
--- a/internal/query/project_grant.go
+++ b/internal/query/project_grant.go
@@ -167,7 +167,7 @@ func (q *Queries) ProjectGrantByID(ctx context.Context, shouldTriggerBulk bool,
 	}
 	query, args, err := stmt.Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Nf93d", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-Nf93d", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
@@ -189,7 +189,7 @@ func (q *Queries) ProjectGrantByIDAndGrantedOrg(ctx context.Context, id, granted
 	}
 	query, args, err := stmt.Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-MO9fs", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-MO9fs", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
diff --git a/internal/query/projection/login_name.go b/internal/query/projection/login_name.go
index 3c31928af4..e60f725dc7 100644
--- a/internal/query/projection/login_name.go
+++ b/internal/query/projection/login_name.go
@@ -2,9 +2,7 @@ package projection
 
 import (
 	"context"
-	"strings"
-
-	sq "github.com/Masterminds/squirrel"
+	_ "embed"
 
 	"github.com/zitadel/zitadel/internal/eventstore"
 	old_handler "github.com/zitadel/zitadel/internal/eventstore/handler"
@@ -58,105 +56,8 @@ const (
 	LoginNamePoliciesInstanceIDCol    = "instance_id"
 )
 
-var (
-	policyUsers = sq.Select(
-		alias(
-			col(usersAlias, LoginNameUserIDCol),
-			LoginNameUserCol,
-		),
-		col(usersAlias, LoginNameUserUserNameCol),
-		col(usersAlias, LoginNameUserInstanceIDCol),
-		col(usersAlias, LoginNameUserResourceOwnerCol),
-		alias(
-			coalesce(col(policyCustomAlias, LoginNamePoliciesMustBeDomainCol), col(policyDefaultAlias, LoginNamePoliciesMustBeDomainCol)),
-			LoginNamePoliciesMustBeDomainCol,
-		),
-	).From(alias(LoginNameUserProjectionTable, usersAlias)).
-		LeftJoin(
-			leftJoin(LoginNamePolicyProjectionTable, policyCustomAlias,
-				eq(col(policyCustomAlias, LoginNamePoliciesResourceOwnerCol), col(usersAlias, LoginNameUserResourceOwnerCol)),
-				eq(col(policyCustomAlias, LoginNamePoliciesInstanceIDCol), col(usersAlias, LoginNameUserInstanceIDCol)),
-			),
-		).
-		LeftJoin(
-			leftJoin(LoginNamePolicyProjectionTable, policyDefaultAlias,
-				eq(col(policyDefaultAlias, LoginNamePoliciesIsDefaultCol), "true"),
-				eq(col(policyDefaultAlias, LoginNamePoliciesInstanceIDCol), col(usersAlias, LoginNameUserInstanceIDCol)),
-			),
-		)
-
-	loginNamesTable = sq.Select(
-		col(policyUsersAlias, LoginNameUserCol),
-		col(policyUsersAlias, LoginNameUserUserNameCol),
-		col(policyUsersAlias, LoginNameUserResourceOwnerCol),
-		alias(col(policyUsersAlias, LoginNameUserInstanceIDCol),
-			LoginNameInstanceIDCol),
-		col(policyUsersAlias, LoginNamePoliciesMustBeDomainCol),
-		alias(col(domainsAlias, LoginNameDomainNameCol),
-			domainAlias),
-		col(domainsAlias, LoginNameDomainIsPrimaryCol),
-	).FromSelect(policyUsers, policyUsersAlias).
-		LeftJoin(
-			leftJoin(LoginNameDomainProjectionTable, domainsAlias,
-				col(policyUsersAlias, LoginNamePoliciesMustBeDomainCol),
-				eq(col(policyUsersAlias, LoginNameUserResourceOwnerCol), col(domainsAlias, LoginNameDomainResourceOwnerCol)),
-				eq(col(policyUsersAlias, LoginNamePoliciesInstanceIDCol), col(domainsAlias, LoginNameDomainInstanceIDCol)),
-			),
-		)
-
-	viewStmt, _ = sq.Select(
-		LoginNameUserCol,
-		alias(
-			whenThenElse(
-				LoginNamePoliciesMustBeDomainCol,
-				concat(LoginNameUserUserNameCol, "'@'", domainAlias),
-				LoginNameUserUserNameCol),
-			LoginNameCol),
-		alias(coalesce(LoginNameDomainIsPrimaryCol, "true"),
-			LoginNameIsPrimaryCol),
-		LoginNameInstanceIDCol,
-	).FromSelect(loginNamesTable, LoginNameTableAlias).MustSql()
-)
-
-func col(table, name string) string {
-	return table + "." + name
-}
-
-func alias(col, alias string) string {
-	return col + " AS " + alias
-}
-
-func coalesce(values ...string) string {
-	str := "COALESCE("
-	for i, value := range values {
-		if i > 0 {
-			str += ", "
-		}
-		str += value
-	}
-	str += ")"
-	return str
-}
-
-func eq(first, second string) string {
-	return first + " = " + second
-}
-
-func leftJoin(table, alias, on string, and ...string) string {
-	st := table + " " + alias + " ON " + on
-	for _, a := range and {
-		st += " AND " + a
-	}
-	return st
-}
-
-func concat(strs ...string) string {
-	return "CONCAT(" + strings.Join(strs, ", ") + ")"
-}
-
-func whenThenElse(when, then, el string) string {
-	return "(CASE WHEN " + when + " THEN " + then + " ELSE " + el + " END)"
-}
+//go:embed login_name_query.sql
+var loginNameViewStmt string
 
 type loginNameProjection struct{}
 
@@ -170,7 +71,7 @@ func (*loginNameProjection) Name() string {
 
 func (*loginNameProjection) Init() *old_handler.Check {
 	return handler.NewViewCheck(
-		viewStmt,
+		loginNameViewStmt,
 		handler.NewSuffixedTable(
 			[]*handler.InitColumn{
 				handler.NewColumn(LoginNameUserIDCol, handler.ColumnTypeText),
@@ -229,7 +130,9 @@ func (*loginNameProjection) Init() *old_handler.Check {
 			},
 			handler.NewPrimaryKey(LoginNamePoliciesInstanceIDCol, LoginNamePoliciesResourceOwnerCol),
 			loginNamePolicySuffix,
-			handler.WithIndex(handler.NewIndex("is_default", []string{LoginNamePoliciesResourceOwnerCol, LoginNamePoliciesIsDefaultCol})),
+			// this index is not used anymore, but kept for understanding why the default exists on existing systems, TODO: remove in login_names4
+			// handler.WithIndex(handler.NewIndex("is_default", []string{LoginNamePoliciesResourceOwnerCol, LoginNamePoliciesIsDefaultCol})),
+			handler.WithIndex(handler.NewIndex("is_default_owner", []string{LoginNamePoliciesInstanceIDCol, LoginNamePoliciesIsDefaultCol, LoginNamePoliciesResourceOwnerCol}, handler.WithInclude(LoginNamePoliciesMustBeDomainCol))),
 		),
 	)
 }
diff --git a/internal/query/projection/login_name_query.sql b/internal/query/projection/login_name_query.sql
new file mode 100644
index 0000000000..89dc803feb
--- /dev/null
+++ b/internal/query/projection/login_name_query.sql
@@ -0,0 +1,35 @@
+SELECT
+    u.id AS user_id
+    , CASE
+        WHEN p.must_be_domain THEN CONCAT(u.user_name, '@', d.name)
+        ELSE u.user_name
+    END AS login_name
+    , COALESCE(d.is_primary, TRUE) AS is_primary
+    , u.instance_id
+FROM
+    projections.login_names3_users AS u
+LEFT JOIN LATERAL (
+    SELECT
+        must_be_domain
+        , is_default
+    FROM
+        projections.login_names3_policies AS p
+    WHERE
+        (
+            p.instance_id = u.instance_id
+            AND NOT p.is_default
+            AND p.resource_owner = u.resource_owner
+        ) OR (
+            p.instance_id = u.instance_id
+            AND p.is_default
+        )
+    ORDER BY
+        p.is_default -- custom first
+    LIMIT 1
+) AS p ON TRUE
+LEFT JOIN 
+    projections.login_names3_domains d
+    ON 
+        p.must_be_domain 
+        AND u.resource_owner = d.resource_owner 
+        AND u.instance_id = d.instance_id
\ No newline at end of file
diff --git a/internal/query/projection/user.go b/internal/query/projection/user.go
index f1e0613287..d11c4855f7 100644
--- a/internal/query/projection/user.go
+++ b/internal/query/projection/user.go
@@ -124,6 +124,7 @@ func (*userProjection) Init() *old_handler.Check {
 			handler.NewPrimaryKey(HumanUserInstanceIDCol, HumanUserIDCol),
 			UserHumanSuffix,
 			handler.WithForeignKey(handler.NewForeignKeyOfPublicKeys()),
+			handler.WithIndex(handler.NewIndex("email", []string{HumanUserInstanceIDCol, "LOWER(" + HumanEmailCol + ")"})),
 		),
 		handler.NewSuffixedTable([]*handler.InitColumn{
 			handler.NewColumn(MachineUserIDCol, handler.ColumnTypeText),
diff --git a/internal/query/restrictions.go b/internal/query/restrictions.go
index 8cff5737f7..93d435278c 100644
--- a/internal/query/restrictions.go
+++ b/internal/query/restrictions.go
@@ -78,7 +78,7 @@ func (q *Queries) GetInstanceRestrictions(ctx context.Context) (restrictions Res
 		RestrictionsColumnResourceOwner.identifier(): instanceID,
 	}).ToSql()
 	if err != nil {
-		return restrictions, zitade_errors.ThrowInternal(err, "QUERY-XnLMQ", "Errors.Query.SQLStatment")
+		return restrictions, zitade_errors.ThrowInternal(err, "QUERY-XnLMQ", "Errors.Query.SQLStatement")
 	}
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
 		restrictions, err = scan(row)
diff --git a/internal/query/search_query.go b/internal/query/search_query.go
index d5e09027c4..d6dd710d1e 100644
--- a/internal/query/search_query.go
+++ b/internal/query/search_query.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"reflect"
+	"strings"
 	"time"
 
 	sq "github.com/Masterminds/squirrel"
@@ -334,23 +335,23 @@ func (q *textQuery) comp() sq.Sqlizer {
 	case TextNotEquals:
 		return sq.NotEq{q.Column.identifier(): q.Text}
 	case TextEqualsIgnoreCase:
-		return sq.ILike{q.Column.identifier(): q.Text}
+		return sq.Like{"LOWER(" + q.Column.identifier() + ")": strings.ToLower(q.Text)}
 	case TextNotEqualsIgnoreCase:
-		return sq.NotILike{q.Column.identifier(): q.Text}
+		return sq.NotLike{"LOWER(" + q.Column.identifier() + ")": strings.ToLower(q.Text)}
 	case TextStartsWith:
 		return sq.Like{q.Column.identifier(): q.Text + "%"}
 	case TextStartsWithIgnoreCase:
-		return sq.ILike{q.Column.identifier(): q.Text + "%"}
+		return sq.Like{"LOWER(" + q.Column.identifier() + ")": strings.ToLower(q.Text) + "%"}
 	case TextEndsWith:
 		return sq.Like{q.Column.identifier(): "%" + q.Text}
 	case TextEndsWithIgnoreCase:
-		return sq.ILike{q.Column.identifier(): "%" + q.Text}
+		return sq.Like{"LOWER(" + q.Column.identifier() + ")": "%" + strings.ToLower(q.Text)}
 	case TextContains:
 		return sq.Like{q.Column.identifier(): "%" + q.Text + "%"}
 	case TextContainsIgnoreCase:
-		return sq.ILike{q.Column.identifier(): "%" + q.Text + "%"}
+		return sq.Like{"LOWER(" + q.Column.identifier() + ")": "%" + strings.ToLower(q.Text) + "%"}
 	case TextListContains:
-		return &listContains{col: q.Column, args: []interface{}{q.Text}}
+		return &listContains{col: q.Column, args: []any{q.Text}}
 	case textCompareMax:
 		return nil
 	}
diff --git a/internal/query/search_query_test.go b/internal/query/search_query_test.go
index 13142a0158..7f6672b279 100644
--- a/internal/query/search_query_test.go
+++ b/internal/query/search_query_test.go
@@ -1204,7 +1204,7 @@ func TestTextQuery_comp(t *testing.T) {
 				Compare: TextEqualsIgnoreCase,
 			},
 			want: want{
-				query: sq.ILike{"test_table.test_col": "Hurst"},
+				query: sq.Like{"LOWER(test_table.test_col)": "hurst"},
 			},
 		},
 		{
@@ -1226,7 +1226,7 @@ func TestTextQuery_comp(t *testing.T) {
 				Compare: TextNotEqualsIgnoreCase,
 			},
 			want: want{
-				query: sq.NotILike{"test_table.test_col": "Hurst"},
+				query: sq.NotLike{"LOWER(test_table.test_col)": "hurst"},
 			},
 		},
 		{
@@ -1237,7 +1237,7 @@ func TestTextQuery_comp(t *testing.T) {
 				Compare: TextEqualsIgnoreCase,
 			},
 			want: want{
-				query: sq.ILike{"test_table.test_col": "Hu\\%\\%rst"},
+				query: sq.Like{"LOWER(test_table.test_col)": "hu\\%\\%rst"},
 			},
 		},
 		{
@@ -1270,7 +1270,7 @@ func TestTextQuery_comp(t *testing.T) {
 				Compare: TextStartsWithIgnoreCase,
 			},
 			want: want{
-				query: sq.ILike{"test_table.test_col": "Hurst%"},
+				query: sq.Like{"LOWER(test_table.test_col)": "hurst%"},
 			},
 		},
 		{
@@ -1281,7 +1281,7 @@ func TestTextQuery_comp(t *testing.T) {
 				Compare: TextStartsWithIgnoreCase,
 			},
 			want: want{
-				query: sq.ILike{"test_table.test_col": "Hurst\\%%"},
+				query: sq.Like{"LOWER(test_table.test_col)": "hurst\\%%"},
 			},
 		},
 		{
@@ -1314,7 +1314,7 @@ func TestTextQuery_comp(t *testing.T) {
 				Compare: TextEndsWithIgnoreCase,
 			},
 			want: want{
-				query: sq.ILike{"test_table.test_col": "%Hurst"},
+				query: sq.Like{"LOWER(test_table.test_col)": "%hurst"},
 			},
 		},
 		{
@@ -1325,7 +1325,7 @@ func TestTextQuery_comp(t *testing.T) {
 				Compare: TextEndsWithIgnoreCase,
 			},
 			want: want{
-				query: sq.ILike{"test_table.test_col": "%\\%Hurst"},
+				query: sq.Like{"LOWER(test_table.test_col)": "%\\%hurst"},
 			},
 		},
 		{
@@ -1351,14 +1351,14 @@ func TestTextQuery_comp(t *testing.T) {
 			},
 		},
 		{
-			name: "containts ignore case",
+			name: "contains ignore case",
 			fields: fields{
 				Column:  testCol,
 				Text:    "Hurst",
 				Compare: TextContainsIgnoreCase,
 			},
 			want: want{
-				query: sq.ILike{"test_table.test_col": "%Hurst%"},
+				query: sq.Like{"LOWER(test_table.test_col)": "%hurst%"},
 			},
 		},
 		{
@@ -1369,11 +1369,11 @@ func TestTextQuery_comp(t *testing.T) {
 				Compare: TextContainsIgnoreCase,
 			},
 			want: want{
-				query: sq.ILike{"test_table.test_col": "%\\%Hurst\\%%"},
+				query: sq.Like{"LOWER(test_table.test_col)": "%\\%hurst\\%%"},
 			},
 		},
 		{
-			name: "list containts",
+			name: "list contains",
 			fields: fields{
 				Column:  testCol,
 				Text:    "Hurst",
diff --git a/internal/query/secret_generators.go b/internal/query/secret_generators.go
index c267d7b290..ca77bc35b5 100644
--- a/internal/query/secret_generators.go
+++ b/internal/query/secret_generators.go
@@ -132,7 +132,7 @@ func (q *Queries) SecretGeneratorByType(ctx context.Context, generatorType domai
 		SecretGeneratorColumnInstanceID.identifier():    instanceID,
 	}).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-3k99f", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-3k99f", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
diff --git a/internal/query/security_policy.go b/internal/query/security_policy.go
index 7a3fb3fa89..5a2450258e 100644
--- a/internal/query/security_policy.go
+++ b/internal/query/security_policy.go
@@ -67,7 +67,7 @@ func (q *Queries) SecurityPolicy(ctx context.Context) (policy *SecurityPolicy, e
 		SecurityPolicyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Sf6d1", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-Sf6d1", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
diff --git a/internal/query/user.go b/internal/query/user.go
index 6844982f07..ac3eb79fc9 100644
--- a/internal/query/user.go
+++ b/internal/query/user.go
@@ -200,21 +200,15 @@ var (
 
 	userLoginNamesTable         = loginNameTable.setAlias("login_names")
 	userLoginNamesUserIDCol     = LoginNameUserIDCol.setTable(userLoginNamesTable)
-	userLoginNamesNameCol       = LoginNameNameCol.setTable(userLoginNamesTable)
 	userLoginNamesInstanceIDCol = LoginNameInstanceIDCol.setTable(userLoginNamesTable)
 	userLoginNamesListCol       = Column{
-		name:  "loginnames",
+		name:  "login_names",
 		table: userLoginNamesTable,
 	}
-	userLoginNamesLowerListCol = Column{
-		name:  "loginnames_lower",
+	userPreferredLoginNameCol = Column{
+		name:  "preferred_login_name",
 		table: userLoginNamesTable,
 	}
-	userPreferredLoginNameTable         = loginNameTable.setAlias("preferred_login_name")
-	userPreferredLoginNameUserIDCol     = LoginNameUserIDCol.setTable(userPreferredLoginNameTable)
-	userPreferredLoginNameCol           = LoginNameNameCol.setTable(userPreferredLoginNameTable)
-	userPreferredLoginNameIsPrimaryCol  = LoginNameIsPrimaryCol.setTable(userPreferredLoginNameTable)
-	userPreferredLoginNameInstanceIDCol = LoginNameInstanceIDCol.setTable(userPreferredLoginNameTable)
 )
 
 var (
@@ -459,7 +453,7 @@ func (q *Queries) GetHumanProfile(ctx context.Context, userID string, queries ..
 	}
 	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Dgbg2", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-Dgbg2", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
@@ -483,7 +477,7 @@ func (q *Queries) GetHumanEmail(ctx context.Context, userID string, queries ...S
 	}
 	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-BHhj3", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-BHhj3", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
@@ -507,7 +501,7 @@ func (q *Queries) GetHumanPhone(ctx context.Context, userID string, queries ...S
 	}
 	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Dg43g", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-Dg43g", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
@@ -593,7 +587,7 @@ func (q *Queries) GetNotifyUser(ctx context.Context, shouldTriggered bool, queri
 	}
 	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Err3g", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-Err3g", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
@@ -611,7 +605,7 @@ func (q *Queries) CountUsers(ctx context.Context, queries *UserSearchQueries) (c
 	eq := sq.Eq{UserInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID()}
 	stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
 	if err != nil {
-		return 0, zerrors.ThrowInternal(err, "QUERY-w3Dx", "Errors.Query.SQLStatment")
+		return 0, zerrors.ThrowInternal(err, "QUERY-w3Dx", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
@@ -646,7 +640,7 @@ func (q *Queries) searchUsers(ctx context.Context, queries *UserSearchQueries, p
 		UserInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
 	}).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Dgbg2", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-Dgbg2", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
@@ -693,7 +687,7 @@ func (q *Queries) IsUserUnique(ctx context.Context, username, email, resourceOwn
 	eq := sq.Eq{UserInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID()}
 	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
-		return false, zerrors.ThrowInternal(err, "QUERY-Dg43g", "Errors.Query.SQLStatment")
+		return false, zerrors.ThrowInternal(err, "QUERY-Dg43g", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
@@ -792,12 +786,8 @@ func NewUserPreferredLoginNameSearchQuery(value string, comparison TextCompariso
 	return NewTextQuery(userPreferredLoginNameCol, value, comparison)
 }
 
-func NewUserLoginNamesSearchQuery(value string) (SearchQuery, error) {
-	return NewTextQuery(userLoginNamesLowerListCol, strings.ToLower(value), TextListContains)
-}
-
 func NewUserLoginNameExistsQuery(value string, comparison TextComparison) (SearchQuery, error) {
-	// linking queries for the subselect
+	// linking queries for the sub select
 	instanceQuery, err := NewColumnComparisonQuery(LoginNameInstanceIDCol, UserInstanceIDCol, ColumnEquals)
 	if err != nil {
 		return nil, err
@@ -828,30 +818,16 @@ func triggerUserProjections(ctx context.Context) {
 	triggerBatch(ctx, projection.UserProjection, projection.LoginNameProjection)
 }
 
-func prepareLoginNamesQuery() (string, []interface{}, error) {
-	return sq.Select(
-		userLoginNamesUserIDCol.identifier(),
-		"ARRAY_AGG("+userLoginNamesNameCol.identifier()+")::TEXT[] AS "+userLoginNamesListCol.name,
-		"ARRAY_AGG(LOWER("+userLoginNamesNameCol.identifier()+"))::TEXT[] AS "+userLoginNamesLowerListCol.name,
-		userLoginNamesInstanceIDCol.identifier(),
-	).From(userLoginNamesTable.identifier()).
-		GroupBy(
-			userLoginNamesUserIDCol.identifier(),
-			userLoginNamesInstanceIDCol.identifier(),
-		).ToSql()
-}
-
-func preparePreferredLoginNamesQuery() (string, []interface{}, error) {
-	return sq.Select(
-		userPreferredLoginNameUserIDCol.identifier(),
-		userPreferredLoginNameCol.identifier(),
-		userPreferredLoginNameInstanceIDCol.identifier(),
-	).From(userPreferredLoginNameTable.identifier()).
-		Where(sq.Eq{
-			userPreferredLoginNameIsPrimaryCol.identifier(): true,
-		},
-		).ToSql()
-}
+var joinLoginNames = `LEFT JOIN LATERAL (` +
+	`SELECT` +
+	` ARRAY_AGG(ln.login_name ORDER BY ln.login_name) AS login_names,` +
+	` MAX(CASE WHEN ln.is_primary THEN ln.login_name ELSE NULL END) AS preferred_login_name` +
+	` FROM` +
+	` projections.login_names3 AS ln` +
+	` WHERE` +
+	` ln.user_id = ` + UserIDCol.identifier() +
+	` AND ln.instance_id = ` + UserInstanceIDCol.identifier() +
+	`) AS login_names ON TRUE`
 
 func scanUser(row *sql.Row) (*User, error) {
 	u := new(User)
@@ -951,64 +927,6 @@ func scanUser(row *sql.Row) (*User, error) {
 	return u, nil
 }
 
-func prepareUserQuery() (sq.SelectBuilder, func(*sql.Row) (*User, error)) {
-	loginNamesQuery, loginNamesArgs, err := prepareLoginNamesQuery()
-	if err != nil {
-		return sq.SelectBuilder{}, nil
-	}
-	preferredLoginNameQuery, preferredLoginNameArgs, err := preparePreferredLoginNamesQuery()
-	if err != nil {
-		return sq.SelectBuilder{}, nil
-	}
-	return sq.Select(
-			UserIDCol.identifier(),
-			UserCreationDateCol.identifier(),
-			UserChangeDateCol.identifier(),
-			UserResourceOwnerCol.identifier(),
-			UserSequenceCol.identifier(),
-			UserStateCol.identifier(),
-			UserTypeCol.identifier(),
-			UserUsernameCol.identifier(),
-			userLoginNamesListCol.identifier(),
-			userPreferredLoginNameCol.identifier(),
-			HumanUserIDCol.identifier(),
-			HumanFirstNameCol.identifier(),
-			HumanLastNameCol.identifier(),
-			HumanNickNameCol.identifier(),
-			HumanDisplayNameCol.identifier(),
-			HumanPreferredLanguageCol.identifier(),
-			HumanGenderCol.identifier(),
-			HumanAvatarURLCol.identifier(),
-			HumanEmailCol.identifier(),
-			HumanIsEmailVerifiedCol.identifier(),
-			HumanPhoneCol.identifier(),
-			HumanIsPhoneVerifiedCol.identifier(),
-			HumanPasswordChangeRequiredCol.identifier(),
-			HumanPasswordChangedCol.identifier(),
-			HumanMFAInitSkippedCol.identifier(),
-			MachineUserIDCol.identifier(),
-			MachineNameCol.identifier(),
-			MachineDescriptionCol.identifier(),
-			MachineSecretCol.identifier(),
-			MachineAccessTokenTypeCol.identifier(),
-			countColumn.identifier(),
-		).
-			From(userTable.identifier()).
-			LeftJoin(join(HumanUserIDCol, UserIDCol)).
-			LeftJoin(join(MachineUserIDCol, UserIDCol)).
-			LeftJoin("("+loginNamesQuery+") AS "+userLoginNamesTable.alias+" ON "+
-				userLoginNamesUserIDCol.identifier()+" = "+UserIDCol.identifier()+" AND "+
-				userLoginNamesInstanceIDCol.identifier()+" = "+UserInstanceIDCol.identifier(),
-				loginNamesArgs...).
-			LeftJoin("("+preferredLoginNameQuery+") AS "+userPreferredLoginNameTable.alias+" ON "+
-				userPreferredLoginNameUserIDCol.identifier()+" = "+UserIDCol.identifier()+" AND "+
-				userPreferredLoginNameInstanceIDCol.identifier()+" = "+UserInstanceIDCol.identifier(),
-				preferredLoginNameArgs...).
-			PlaceholderFormat(sq.Dollar),
-
-		scanUser
-}
-
 func prepareProfileQuery() (sq.SelectBuilder, func(*sql.Row) (*Profile, error)) {
 	return sq.Select(
 			UserIDCol.identifier(),
@@ -1170,14 +1088,6 @@ func preparePhoneQuery() (sq.SelectBuilder, func(*sql.Row) (*Phone, error)) {
 }
 
 func prepareNotifyUserQuery() (sq.SelectBuilder, func(*sql.Row) (*NotifyUser, error)) {
-	loginNamesQuery, loginNamesArgs, err := prepareLoginNamesQuery()
-	if err != nil {
-		return sq.SelectBuilder{}, nil
-	}
-	preferredLoginNameQuery, preferredLoginNameArgs, err := preparePreferredLoginNamesQuery()
-	if err != nil {
-		return sq.SelectBuilder{}, nil
-	}
 	return sq.Select(
 			UserIDCol.identifier(),
 			UserCreationDateCol.identifier(),
@@ -1208,14 +1118,7 @@ func prepareNotifyUserQuery() (sq.SelectBuilder, func(*sql.Row) (*NotifyUser, er
 			From(userTable.identifier()).
 			LeftJoin(join(HumanUserIDCol, UserIDCol)).
 			LeftJoin(join(NotifyUserIDCol, UserIDCol)).
-			LeftJoin("("+loginNamesQuery+") AS "+userLoginNamesTable.alias+" ON "+
-				userLoginNamesUserIDCol.identifier()+" = "+UserIDCol.identifier()+" AND "+
-				userLoginNamesInstanceIDCol.identifier()+" = "+UserInstanceIDCol.identifier(),
-				loginNamesArgs...).
-			LeftJoin("("+preferredLoginNameQuery+") AS "+userPreferredLoginNameTable.alias+" ON "+
-				userPreferredLoginNameUserIDCol.identifier()+" = "+UserIDCol.identifier()+" AND "+
-				userPreferredLoginNameInstanceIDCol.identifier()+" = "+UserInstanceIDCol.identifier(),
-				preferredLoginNameArgs...).
+			JoinClause(joinLoginNames).
 			PlaceholderFormat(sq.Dollar),
 		scanNotifyUser
 }
@@ -1359,14 +1262,6 @@ func prepareUserUniqueQuery() (sq.SelectBuilder, func(*sql.Row) (bool, error)) {
 }
 
 func prepareUsersQuery() (sq.SelectBuilder, func(*sql.Rows) (*Users, error)) {
-	loginNamesQuery, loginNamesArgs, err := prepareLoginNamesQuery()
-	if err != nil {
-		return sq.SelectBuilder{}, nil
-	}
-	preferredLoginNameQuery, preferredLoginNameArgs, err := preparePreferredLoginNamesQuery()
-	if err != nil {
-		return sq.SelectBuilder{}, nil
-	}
 	return sq.Select(
 			UserIDCol.identifier(),
 			UserCreationDateCol.identifier(),
@@ -1401,14 +1296,7 @@ func prepareUsersQuery() (sq.SelectBuilder, func(*sql.Rows) (*Users, error)) {
 			From(userTable.identifier()).
 			LeftJoin(join(HumanUserIDCol, UserIDCol)).
 			LeftJoin(join(MachineUserIDCol, UserIDCol)).
-			LeftJoin("("+loginNamesQuery+") AS "+userLoginNamesTable.alias+" ON "+
-				userLoginNamesUserIDCol.identifier()+" = "+UserIDCol.identifier()+" AND "+
-				userLoginNamesInstanceIDCol.identifier()+" = "+UserInstanceIDCol.identifier(),
-				loginNamesArgs...).
-			LeftJoin("("+preferredLoginNameQuery+") AS "+userPreferredLoginNameTable.alias+" ON "+
-				userPreferredLoginNameUserIDCol.identifier()+" = "+UserIDCol.identifier()+" AND "+
-				userPreferredLoginNameInstanceIDCol.identifier()+" = "+UserInstanceIDCol.identifier(),
-				preferredLoginNameArgs...).
+			JoinClause(joinLoginNames).
 			PlaceholderFormat(sq.Dollar),
 		func(rows *sql.Rows) (*Users, error) {
 			users := make([]*User, 0)
diff --git a/internal/query/user_by_id.sql b/internal/query/user_by_id.sql
index 2ce741f9b7..a89e701698 100644
--- a/internal/query/user_by_id.sql
+++ b/internal/query/user_by_id.sql
@@ -1,41 +1,3 @@
-WITH login_names AS (SELECT 
-  u.id user_id
-  , u.instance_id
-  , u.resource_owner
-  , u.user_name
-  , d.name domain_name
-  , d.is_primary
-  , p.must_be_domain
-  , CASE WHEN p.must_be_domain 
-      THEN concat(u.user_name, '@', d.name)
-      ELSE u.user_name
-    END login_name
-  FROM 
-    projections.login_names3_users u
-  JOIN lateral (
-    SELECT 
-      p.must_be_domain 
-    FROM 
-      projections.login_names3_policies p
-    WHERE
-      u.instance_id = p.instance_id
-      AND (
-        (p.is_default IS TRUE AND p.instance_id = $3)
-        OR (p.instance_id = $3 AND p.resource_owner = u.resource_owner)
-      )
-    ORDER BY is_default
-    LIMIT 1
-  ) p ON TRUE
-  JOIN 
-    projections.login_names3_domains d
-    ON 
-      u.instance_id = d.instance_id
-      AND u.resource_owner = d.resource_owner
-  WHERE
-      u.id = $1
-    AND (u.resource_owner = $2 OR $2 = '')
-    AND u.instance_id = $3
-)
 SELECT 
   u.id
   , u.creation_date
@@ -45,8 +7,8 @@ SELECT
   , u.state
   , u.type
   , u.username
-  , (SELECT array_agg(ln.login_name)::TEXT[] login_names FROM login_names ln GROUP BY ln.user_id, ln.instance_id) login_names
-  , (SELECT ln.login_name login_names_lower FROM login_names ln WHERE ln.is_primary IS TRUE) preferred_login_name
+  , login_names.login_names AS login_names
+  , login_names.preferred_login_name AS preferred_login_name
   , h.user_id
   , h.first_name
   , h.last_name
@@ -79,6 +41,16 @@ LEFT JOIN
   ON
     u.id = m.user_id
     AND u.instance_id = m.instance_id
+LEFT JOIN LATERAL (
+    SELECT
+        ARRAY_AGG(ln.login_name ORDER BY ln.login_name) AS login_names,
+        MAX(CASE WHEN ln.is_primary THEN ln.login_name ELSE NULL END) AS preferred_login_name
+    FROM
+        projections.login_names3 AS ln
+    WHERE
+        ln.user_id = u.id
+        AND ln.instance_id = u.instance_id
+) AS login_names ON TRUE
 WHERE 
   u.id = $1
   AND (u.resource_owner = $2 OR $2 = '')
diff --git a/internal/query/user_metadata.go b/internal/query/user_metadata.go
index ff612f82c8..534c707593 100644
--- a/internal/query/user_metadata.go
+++ b/internal/query/user_metadata.go
@@ -97,7 +97,7 @@ func (q *Queries) GetUserMetadataByKey(ctx context.Context, shouldTriggerBulk bo
 	}
 	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-aDGG2", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-aDGG2", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
@@ -125,7 +125,7 @@ func (q *Queries) SearchUserMetadataForUsers(ctx context.Context, shouldTriggerB
 	}
 	stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Egbgd", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-Egbgd", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
@@ -157,7 +157,7 @@ func (q *Queries) SearchUserMetadata(ctx context.Context, shouldTriggerBulk bool
 	}
 	stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Egbgd", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-Egbgd", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
diff --git a/internal/query/user_notify_by_id.sql b/internal/query/user_notify_by_id.sql
index 10aa60ee60..6322229a91 100644
--- a/internal/query/user_notify_by_id.sql
+++ b/internal/query/user_notify_by_id.sql
@@ -1,41 +1,3 @@
-WITH login_names AS (
-  SELECT 
-    u.id user_id
-    , u.instance_id
-    , u.resource_owner
-    , u.user_name
-    , d.name domain_name
-    , d.is_primary
-    , p.must_be_domain
-    , CASE WHEN p.must_be_domain 
-        THEN concat(u.user_name, '@', d.name)
-        ELSE u.user_name
-    END login_name
-  FROM 
-    projections.login_names3_users u
-  JOIN lateral (
-    SELECT 
-      p.must_be_domain 
-    FROM 
-      projections.login_names3_policies p
-    WHERE
-      u.instance_id = p.instance_id
-      AND (
-        (p.is_default IS TRUE AND p.instance_id = $2)
-        OR (p.instance_id = $2 AND p.resource_owner = u.resource_owner)
-      )
-    ORDER BY is_default
-    LIMIT 1
-  ) p ON TRUE
-  JOIN 
-    projections.login_names3_domains d
-    ON 
-      u.instance_id = d.instance_id
-      AND u.resource_owner = d.resource_owner
-  WHERE
-    u.instance_id = $2
-    AND u.id = $1
-)
 SELECT 
   u.id
   , u.creation_date
@@ -45,8 +7,8 @@ SELECT
   , u.state
   , u.type
   , u.username
-  , (SELECT array_agg(ln.login_name)::TEXT[] login_names FROM login_names ln GROUP BY ln.user_id, ln.instance_id) login_names
-  , (SELECT ln.login_name login_names_lower FROM login_names ln WHERE ln.is_primary IS TRUE) preferred_login_name
+  , login_names.login_names AS login_names
+  , login_names.preferred_login_name AS preferred_login_name
   , h.user_id
   , h.first_name
   , h.last_name
@@ -73,6 +35,16 @@ LEFT JOIN
   ON
     u.id = n.user_id
     AND u.instance_id = n.instance_id
+LEFT JOIN LATERAL (
+    SELECT
+        ARRAY_AGG(ln.login_name ORDER BY ln.login_name) AS login_names,
+        MAX(CASE WHEN ln.is_primary THEN ln.login_name ELSE NULL END) AS preferred_login_name
+    FROM
+        projections.login_names3 AS ln
+    WHERE
+        ln.user_id = u.id
+        AND ln.instance_id = u.instance_id
+) AS login_names ON TRUE
 WHERE 
   u.id = $1
   AND u.instance_id = $2
diff --git a/internal/query/user_personal_access_token.go b/internal/query/user_personal_access_token.go
index 61d349961c..49281d9f90 100644
--- a/internal/query/user_personal_access_token.go
+++ b/internal/query/user_personal_access_token.go
@@ -118,7 +118,7 @@ func (q *Queries) PersonalAccessTokenByID(ctx context.Context, shouldTriggerBulk
 	}
 	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Dgfb4", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-Dgfb4", "Errors.Query.SQLStatement")
 	}
 
 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
diff --git a/internal/query/user_test.go b/internal/query/user_test.go
index 50d65cc1ec..ae5f6be207 100644
--- a/internal/query/user_test.go
+++ b/internal/query/user_test.go
@@ -222,87 +222,6 @@ func TestUser_userCheckPermission(t *testing.T) {
 }
 
 var (
-	loginNamesQuery = `SELECT login_names.user_id, ARRAY_AGG(login_names.login_name)::TEXT[] AS loginnames, ARRAY_AGG(LOWER(login_names.login_name))::TEXT[] AS loginnames_lower, login_names.instance_id` +
-		` FROM projections.login_names3 AS login_names` +
-		` GROUP BY login_names.user_id, login_names.instance_id`
-	preferredLoginNameQuery = `SELECT preferred_login_name.user_id, preferred_login_name.login_name, preferred_login_name.instance_id` +
-		` FROM projections.login_names3 AS preferred_login_name` +
-		` WHERE  preferred_login_name.is_primary = $1`
-	userQuery = `SELECT projections.users14.id,` +
-		` projections.users14.creation_date,` +
-		` projections.users14.change_date,` +
-		` projections.users14.resource_owner,` +
-		` projections.users14.sequence,` +
-		` projections.users14.state,` +
-		` projections.users14.type,` +
-		` projections.users14.username,` +
-		` login_names.loginnames,` +
-		` preferred_login_name.login_name,` +
-		` projections.users14_humans.user_id,` +
-		` projections.users14_humans.first_name,` +
-		` projections.users14_humans.last_name,` +
-		` projections.users14_humans.nick_name,` +
-		` projections.users14_humans.display_name,` +
-		` projections.users14_humans.preferred_language,` +
-		` projections.users14_humans.gender,` +
-		` projections.users14_humans.avatar_key,` +
-		` projections.users14_humans.email,` +
-		` projections.users14_humans.is_email_verified,` +
-		` projections.users14_humans.phone,` +
-		` projections.users14_humans.is_phone_verified,` +
-		` projections.users14_humans.password_change_required,` +
-		` projections.users14_humans.password_changed,` +
-		` projections.users14_humans.mfa_init_skipped,` +
-		` projections.users14_machines.user_id,` +
-		` projections.users14_machines.name,` +
-		` projections.users14_machines.description,` +
-		` projections.users14_machines.secret,` +
-		` projections.users14_machines.access_token_type,` +
-		` COUNT(*) OVER ()` +
-		` FROM projections.users14` +
-		` LEFT JOIN projections.users14_humans ON projections.users14.id = projections.users14_humans.user_id AND projections.users14.instance_id = projections.users14_humans.instance_id` +
-		` LEFT JOIN projections.users14_machines ON projections.users14.id = projections.users14_machines.user_id AND projections.users14.instance_id = projections.users14_machines.instance_id` +
-		` LEFT JOIN` +
-		` (` + loginNamesQuery + `) AS login_names` +
-		` ON login_names.user_id = projections.users14.id AND login_names.instance_id = projections.users14.instance_id` +
-		` LEFT JOIN` +
-		` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
-		` ON preferred_login_name.user_id = projections.users14.id AND preferred_login_name.instance_id = projections.users14.instance_id`
-	userCols = []string{
-		"id",
-		"creation_date",
-		"change_date",
-		"resource_owner",
-		"sequence",
-		"state",
-		"type",
-		"username",
-		"loginnames",
-		"login_name",
-		// human
-		"user_id",
-		"first_name",
-		"last_name",
-		"nick_name",
-		"display_name",
-		"preferred_language",
-		"gender",
-		"avatar_key",
-		"email",
-		"is_email_verified",
-		"phone",
-		"is_phone_verified",
-		"password_change_required",
-		"password_changed",
-		"mfa_init_skipped",
-		// machine
-		"user_id",
-		"name",
-		"description",
-		"secret",
-		"access_token_type",
-		"count",
-	}
 	profileQuery = `SELECT projections.users14.id,` +
 		` projections.users14.creation_date,` +
 		` projections.users14.change_date,` +
@@ -397,8 +316,8 @@ var (
 		` projections.users14.state,` +
 		` projections.users14.type,` +
 		` projections.users14.username,` +
-		` login_names.loginnames,` +
-		` preferred_login_name.login_name,` +
+		` login_names.login_names,` +
+		` login_names.preferred_login_name,` +
 		` projections.users14_humans.user_id,` +
 		` projections.users14_humans.first_name,` +
 		` projections.users14_humans.last_name,` +
@@ -417,12 +336,7 @@ var (
 		` FROM projections.users14` +
 		` LEFT JOIN projections.users14_humans ON projections.users14.id = projections.users14_humans.user_id AND projections.users14.instance_id = projections.users14_humans.instance_id` +
 		` LEFT JOIN projections.users14_notifications ON projections.users14.id = projections.users14_notifications.user_id AND projections.users14.instance_id = projections.users14_notifications.instance_id` +
-		` LEFT JOIN` +
-		` (` + loginNamesQuery + `) AS login_names` +
-		` ON login_names.user_id = projections.users14.id AND login_names.instance_id = projections.users14.instance_id` +
-		` LEFT JOIN` +
-		` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
-		` ON preferred_login_name.user_id = projections.users14.id AND preferred_login_name.instance_id = projections.users14.instance_id`
+		` LEFT JOIN LATERAL (SELECT ARRAY_AGG(ln.login_name ORDER BY ln.login_name) AS login_names, MAX(CASE WHEN ln.is_primary THEN ln.login_name ELSE NULL END) AS preferred_login_name FROM projections.login_names3 AS ln WHERE ln.user_id = projections.users14.id AND ln.instance_id = projections.users14.instance_id) AS login_names ON TRUE`
 	notifyUserCols = []string{
 		"id",
 		"creation_date",
@@ -432,8 +346,8 @@ var (
 		"state",
 		"type",
 		"username",
-		"loginnames",
-		"login_name",
+		"login_names",
+		"preferred_login_name",
 		// human
 		"user_id",
 		"first_name",
@@ -460,8 +374,8 @@ var (
 		` projections.users14.state,` +
 		` projections.users14.type,` +
 		` projections.users14.username,` +
-		` login_names.loginnames,` +
-		` preferred_login_name.login_name,` +
+		` login_names.login_names,` +
+		` login_names.preferred_login_name,` +
 		` projections.users14_humans.user_id,` +
 		` projections.users14_humans.first_name,` +
 		` projections.users14_humans.last_name,` +
@@ -485,12 +399,7 @@ var (
 		` FROM projections.users14` +
 		` LEFT JOIN projections.users14_humans ON projections.users14.id = projections.users14_humans.user_id AND projections.users14.instance_id = projections.users14_humans.instance_id` +
 		` LEFT JOIN projections.users14_machines ON projections.users14.id = projections.users14_machines.user_id AND projections.users14.instance_id = projections.users14_machines.instance_id` +
-		` LEFT JOIN` +
-		` (` + loginNamesQuery + `) AS login_names` +
-		` ON login_names.user_id = projections.users14.id AND login_names.instance_id = projections.users14.instance_id` +
-		` LEFT JOIN` +
-		` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
-		` ON preferred_login_name.user_id = projections.users14.id AND preferred_login_name.instance_id = projections.users14.instance_id`
+		` LEFT JOIN LATERAL (SELECT ARRAY_AGG(ln.login_name ORDER BY ln.login_name) AS login_names, MAX(CASE WHEN ln.is_primary THEN ln.login_name ELSE NULL END) AS preferred_login_name FROM projections.login_names3 AS ln WHERE ln.user_id = projections.users14.id AND ln.instance_id = projections.users14.instance_id) AS login_names ON TRUE`
 	usersCols = []string{
 		"id",
 		"creation_date",
@@ -500,8 +409,8 @@ var (
 		"state",
 		"type",
 		"username",
-		"loginnames",
-		"login_name",
+		"login_names",
+		"preferred_login_name",
 		// human
 		"user_id",
 		"first_name",
@@ -540,240 +449,6 @@ func Test_UserPrepares(t *testing.T) {
 		want    want
 		object  interface{}
 	}{
-		{
-			name:    "prepareUserQuery no result",
-			prepare: prepareUserQuery,
-			want: want{
-				sqlExpectations: mockQueryScanErr(
-					regexp.QuoteMeta(userQuery),
-					nil,
-					nil,
-				),
-				err: func(err error) (error, bool) {
-					if !zerrors.IsNotFound(err) {
-						return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
-					}
-					return nil, true
-				},
-			},
-			object: (*User)(nil),
-		},
-		{
-			name:    "prepareUserQuery human found",
-			prepare: prepareUserQuery,
-			want: want{
-				sqlExpectations: mockQuery(
-					regexp.QuoteMeta(userQuery),
-					userCols,
-					[]driver.Value{
-						"id",
-						testNow,
-						testNow,
-						"resource_owner",
-						uint64(20211108),
-						domain.UserStateActive,
-						domain.UserTypeHuman,
-						"username",
-						database.TextArray[string]{"login_name1", "login_name2"},
-						"login_name1",
-						// human
-						"id",
-						"first_name",
-						"last_name",
-						"nick_name",
-						"display_name",
-						"de",
-						domain.GenderUnspecified,
-						"avatar_key",
-						"email",
-						true,
-						"phone",
-						true,
-						true,
-						testNow,
-						testNow,
-						// machine
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						1,
-					},
-				),
-			},
-			object: &User{
-				ID:                 "id",
-				CreationDate:       testNow,
-				ChangeDate:         testNow,
-				ResourceOwner:      "resource_owner",
-				Sequence:           20211108,
-				State:              domain.UserStateActive,
-				Type:               domain.UserTypeHuman,
-				Username:           "username",
-				LoginNames:         database.TextArray[string]{"login_name1", "login_name2"},
-				PreferredLoginName: "login_name1",
-				Human: &Human{
-					FirstName:              "first_name",
-					LastName:               "last_name",
-					NickName:               "nick_name",
-					DisplayName:            "display_name",
-					AvatarKey:              "avatar_key",
-					PreferredLanguage:      language.German,
-					Gender:                 domain.GenderUnspecified,
-					Email:                  "email",
-					IsEmailVerified:        true,
-					Phone:                  "phone",
-					IsPhoneVerified:        true,
-					PasswordChangeRequired: true,
-					PasswordChanged:        testNow,
-					MFAInitSkipped:         testNow,
-				},
-			},
-		},
-		{
-			name:    "prepareUserQuery machine found",
-			prepare: prepareUserQuery,
-			want: want{
-				sqlExpectations: mockQuery(
-					regexp.QuoteMeta(userQuery),
-					userCols,
-					[]driver.Value{
-						"id",
-						testNow,
-						testNow,
-						"resource_owner",
-						uint64(20211108),
-						domain.UserStateActive,
-						domain.UserTypeMachine,
-						"username",
-						database.TextArray[string]{"login_name1", "login_name2"},
-						"login_name1",
-						// human
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						// machine
-						"id",
-						"name",
-						"description",
-						nil,
-						domain.OIDCTokenTypeBearer,
-						1,
-					},
-				),
-			},
-			object: &User{
-				ID:                 "id",
-				CreationDate:       testNow,
-				ChangeDate:         testNow,
-				ResourceOwner:      "resource_owner",
-				Sequence:           20211108,
-				State:              domain.UserStateActive,
-				Type:               domain.UserTypeMachine,
-				Username:           "username",
-				LoginNames:         database.TextArray[string]{"login_name1", "login_name2"},
-				PreferredLoginName: "login_name1",
-				Machine: &Machine{
-					Name:            "name",
-					Description:     "description",
-					EncodedSecret:   "",
-					AccessTokenType: domain.OIDCTokenTypeBearer,
-				},
-			},
-		},
-		{
-			name:    "prepareUserQuery machine with secret found",
-			prepare: prepareUserQuery,
-			want: want{
-				sqlExpectations: mockQuery(
-					regexp.QuoteMeta(userQuery),
-					userCols,
-					[]driver.Value{
-						"id",
-						testNow,
-						testNow,
-						"resource_owner",
-						uint64(20211108),
-						domain.UserStateActive,
-						domain.UserTypeMachine,
-						"username",
-						database.TextArray[string]{"login_name1", "login_name2"},
-						"login_name1",
-						// human
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						nil,
-						// machine
-						"id",
-						"name",
-						"description",
-						"secret",
-						domain.OIDCTokenTypeBearer,
-						1,
-					},
-				),
-			},
-			object: &User{
-				ID:                 "id",
-				CreationDate:       testNow,
-				ChangeDate:         testNow,
-				ResourceOwner:      "resource_owner",
-				Sequence:           20211108,
-				State:              domain.UserStateActive,
-				Type:               domain.UserTypeMachine,
-				Username:           "username",
-				LoginNames:         database.TextArray[string]{"login_name1", "login_name2"},
-				PreferredLoginName: "login_name1",
-				Machine: &Machine{
-					Name:            "name",
-					Description:     "description",
-					EncodedSecret:   "secret",
-					AccessTokenType: domain.OIDCTokenTypeBearer,
-				},
-			},
-		},
-		{
-			name:    "prepareUserQuery sql err",
-			prepare: prepareUserQuery,
-			want: want{
-				sqlExpectations: mockQueryErr(
-					regexp.QuoteMeta(userQuery),
-					sql.ErrConnDone,
-				),
-				err: func(err error) (error, bool) {
-					if !errors.Is(err, sql.ErrConnDone) {
-						return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
-					}
-					return nil, true
-				},
-			},
-			object: (*User)(nil),
-		},
 		{
 			name:    "prepareProfileQuery no result",
 			prepare: prepareProfileQuery,
diff --git a/load-test/src/org.ts b/load-test/src/org.ts
index f5655432a5..1ed6778d9c 100644
--- a/load-test/src/org.ts
+++ b/load-test/src/org.ts
@@ -13,7 +13,7 @@ export function createOrg(accessToken: string): Promise<Org> {
   return new Promise((resolve, reject) => {
     let response = http.asyncRequest(
       'POST',
-      url('/v2beta/organizations'),
+      url('/v2/organizations'),
       JSON.stringify({
         name: `load-test-${new Date(Date.now()).toISOString()}`,
       }),
diff --git a/load-test/src/use_cases/manipulate_user.ts b/load-test/src/use_cases/manipulate_user.ts
index 2ea53bd324..104d81678e 100644
--- a/load-test/src/use_cases/manipulate_user.ts
+++ b/load-test/src/use_cases/manipulate_user.ts
@@ -15,7 +15,7 @@ export async function setup() {
 }
 
 export default async function (data: any) {
-  const human = await createHuman(`vu-${__VU}`, data.org, data.tokens.accessToken);
+  const human = await createHuman(`vu-${__VU}-${new Date(Date.now()).getTime()}`, data.org, data.tokens.accessToken);
   const updateRes = await updateHuman(
     {
       profile: {
diff --git a/load-test/src/user.ts b/load-test/src/user.ts
index 86ce71fd9b..83a6bba839 100644
--- a/load-test/src/user.ts
+++ b/load-test/src/user.ts
@@ -30,7 +30,7 @@ export function createHuman(username: string, org: Org, accessToken: string): Pr
           familyName: 'Zitizen',
         },
         email: {
-          email: `zitizen-@caos.ch`,
+          email: `${username}@zitadel.com`,
           isVerified: true,
         },
         password: {
@@ -50,11 +50,11 @@ export function createHuman(username: string, org: Org, accessToken: string): Pr
     response
       .then((res) => {
         check(res, {
-          'create user is status ok': (r) => r.status === 201,
+          'create user is status ok': (r) => r.status === 200,
         }) || reject(`unable to create user(username: ${username}) status: ${res.status} body: ${res.body}`);
         createHumanTrend.add(res.timings.duration);
 
-        const user = http.get(url(`/v2beta/users/${res.json('userId')!}`), {
+        const user = http.get(url(`/v2/users/${res.json('userId')!}`), {
           headers: {
             authorization: `Bearer ${accessToken}`,
             'Content-Type': 'application/json',

From c1cda9bfac63ea2a34a7fda555781ec8ba5583bb Mon Sep 17 00:00:00 2001
From: Ramon <mail@conblem.me>
Date: Tue, 10 Jun 2025 09:48:46 +0200
Subject: [PATCH 094/123] fix: metadata decoding and encoding #9816 (#10024)

# Which Problems Are Solved
Metadata encoding and decoding on the organization detail page was
broken due to use of the old, generated gRPC client.

# How the Problems Are Solved
The metadata values are now correctly base64 decoded and encoded on the
organization detail page.

# Additional Changes
Refactored parts of the code to remove the dependency on the buffer npm
package, replacing it with the browser-native TextEncoder and
TextDecoder APIs.

# Additional Context
- Closes [#9816](https://github.com/zitadel/zitadel/issues/9816)
---
 .../metadata-dialog/metadata-dialog.component.ts     |  4 ++--
 .../modules/metadata/metadata/metadata.component.ts  | 12 ++++++------
 .../pages/orgs/org-detail/org-detail.component.ts    |  8 ++++----
 .../user-detail/user-detail/user-detail.component.ts |  3 +--
 4 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/console/src/app/modules/metadata/metadata-dialog/metadata-dialog.component.ts b/console/src/app/modules/metadata/metadata-dialog/metadata-dialog.component.ts
index 8deff09eee..c75e15bf04 100644
--- a/console/src/app/modules/metadata/metadata-dialog/metadata-dialog.component.ts
+++ b/console/src/app/modules/metadata/metadata-dialog/metadata-dialog.component.ts
@@ -4,7 +4,6 @@ import { Timestamp } from 'google-protobuf/google/protobuf/timestamp_pb';
 import { ToastService } from 'src/app/services/toast.service';
 import { Metadata as MetadataV2 } from '@zitadel/proto/zitadel/metadata_pb';
 import { Metadata } from 'src/app/proto/generated/zitadel/metadata_pb';
-import { Buffer } from 'buffer';
 
 export type MetadataDialogData = {
   metadata: (Metadata.AsObject | MetadataV2)[];
@@ -26,9 +25,10 @@ export class MetadataDialogComponent {
     public dialogRef: MatDialogRef<MetadataDialogComponent>,
     @Inject(MAT_DIALOG_DATA) public data: MetadataDialogData,
   ) {
+    const decoder = new TextDecoder();
     this.metadata = data.metadata.map(({ key, value }) => ({
       key,
-      value: typeof value === 'string' ? value : Buffer.from(value as unknown as string, 'base64').toString('utf8'),
+      value: typeof value === 'string' ? value : decoder.decode(value),
     }));
   }
 
diff --git a/console/src/app/modules/metadata/metadata/metadata.component.ts b/console/src/app/modules/metadata/metadata/metadata.component.ts
index 7f72297c00..bdb2c7734c 100644
--- a/console/src/app/modules/metadata/metadata/metadata.component.ts
+++ b/console/src/app/modules/metadata/metadata/metadata.component.ts
@@ -5,7 +5,6 @@ import { Observable, ReplaySubject } from 'rxjs';
 import { Metadata as MetadataV2 } from '@zitadel/proto/zitadel/metadata_pb';
 import { map, startWith } from 'rxjs/operators';
 import { Metadata } from 'src/app/proto/generated/zitadel/metadata_pb';
-import { Buffer } from 'buffer';
 
 type StringMetadata = {
   key: string;
@@ -37,12 +36,13 @@ export class MetadataComponent implements OnInit {
 
   ngOnInit() {
     this.dataSource$ = this.metadata$.pipe(
-      map((metadata) =>
-        metadata.map(({ key, value }) => ({
+      map((metadata) => {
+        const decoder = new TextDecoder();
+        return metadata.map(({ key, value }) => ({
           key,
-          value: Buffer.from(value as any as string, 'base64').toString('utf-8'),
-        })),
-      ),
+          value: typeof value === 'string' ? value : decoder.decode(value),
+        }));
+      }),
       startWith([] as StringMetadata[]),
       map((metadata) => new MatTableDataSource(metadata)),
     );
diff --git a/console/src/app/pages/orgs/org-detail/org-detail.component.ts b/console/src/app/pages/orgs/org-detail/org-detail.component.ts
index 0de6696ac3..39514d33d3 100644
--- a/console/src/app/pages/orgs/org-detail/org-detail.component.ts
+++ b/console/src/app/pages/orgs/org-detail/org-detail.component.ts
@@ -1,7 +1,6 @@
 import { Component, OnDestroy, OnInit } from '@angular/core';
 import { MatDialog } from '@angular/material/dialog';
 import { Router } from '@angular/router';
-import { Buffer } from 'buffer';
 import { BehaviorSubject, from, Observable, of, Subject, takeUntil } from 'rxjs';
 import { catchError, finalize, map } from 'rxjs/operators';
 import { CreationType, MemberCreateDialogComponent } from 'src/app/modules/add-member-dialog/member-create-dialog.component';
@@ -266,10 +265,11 @@ export class OrgDetailComponent implements OnInit, OnDestroy {
       .listOrgMetadata()
       .then((resp) => {
         this.loadingMetadata = false;
-        this.metadata = resp.resultList.map((md) => {
+        const decoder = new TextDecoder();
+        this.metadata = resp.resultList.map(({ key, value }) => {
           return {
-            key: md.key,
-            value: Buffer.from(md.value as string, 'base64').toString('utf-8'),
+            key,
+            value: atob(typeof value === 'string' ? value : decoder.decode(value)),
           };
         });
       })
diff --git a/console/src/app/pages/users/user-detail/user-detail/user-detail.component.ts b/console/src/app/pages/users/user-detail/user-detail/user-detail.component.ts
index 9370471ea4..90de097f35 100644
--- a/console/src/app/pages/users/user-detail/user-detail/user-detail.component.ts
+++ b/console/src/app/pages/users/user-detail/user-detail/user-detail.component.ts
@@ -4,7 +4,6 @@ import { Validators } from '@angular/forms';
 import { MatDialog } from '@angular/material/dialog';
 import { ActivatedRoute, Params, Router } from '@angular/router';
 import { TranslateService } from '@ngx-translate/core';
-import { Buffer } from 'buffer';
 import { catchError, filter, map, startWith, take } from 'rxjs/operators';
 import { ChangeType } from 'src/app/modules/changes/changes.component';
 import { phoneValidator, requiredValidator } from 'src/app/modules/form-field/validators/validators';
@@ -582,7 +581,7 @@ export class UserDetailComponent implements OnInit {
     const setFcn = (key: string, value: string) =>
       this.newMgmtService.setUserMetadata({
         key,
-        value: Buffer.from(value),
+        value: new TextEncoder().encode(value),
         id: user.userId,
       });
     const removeFcn = (key: string): Promise<any> => this.newMgmtService.removeUserMetadata({ key, id: user.userId });

From 0ae3f2a6eab7dfe60f686ed08fca7c4f1c9822e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabienne=20B=C3=BChler?= <fabienne@zitadel.com>
Date: Wed, 11 Jun 2025 11:23:39 +0200
Subject: [PATCH 095/123] docs: remove token exchange from "GA" list as we have
 some open issues (#10052)

# Which Problems Are Solved

Token Exchange will not move from Beta to GA feature, as there are still
some unsolved issues

# How the Problems Are Solved

Remove from roadmap
---
 docs/docs/product/roadmap.mdx | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/docs/docs/product/roadmap.mdx b/docs/docs/product/roadmap.mdx
index b83efedb10..b61323fa90 100644
--- a/docs/docs/product/roadmap.mdx
+++ b/docs/docs/product/roadmap.mdx
@@ -394,15 +394,6 @@ Excitingly, v3 introduces the foundational elements for Actions V2, opening up a
         - [Manage Users Guide](https://zitadel.com/docs/guides/manage/user/scim2)
     </details>
 
-
-    <details>
-        <summary>Token Exchange (Impersonation)</summary>
-
-        The Token Exchange grant implements [RFC 8693, OAuth 2.0 Token Exchange](https://www.rfc-editor.org/rfc/rfc8693) and can be used to exchange tokens to a different scope, audience or subject.
-        Changing the subject of an authenticated token is called impersonation or delegation.
-        Read more in our [Impersonation and delegation using Token Exchange](https://zitadel.com/docs/guides/integrate/token-exchange) Guide
-    </details>
-
     <details>
         <summary>Caches</summary>
 

From 77f0a10c1e303ac881f3c1357a73596c22ffaf16 Mon Sep 17 00:00:00 2001
From: Iraq <66622793+kkrime@users.noreply.github.com>
Date: Wed, 11 Jun 2025 13:50:31 +0200
Subject: [PATCH 096/123] fix(import/export): fix for deactivated
 user/organization being imported as active (#9992)

---
 internal/api/grpc/admin/export.go     |  12 +-
 internal/api/grpc/admin/import.go     |  15 +-
 internal/api/grpc/management/user.go  |   5 +-
 internal/api/grpc/user/v2/machine.go  |   1 +
 internal/command/org.go               |  13 +-
 internal/command/user_human.go        |  65 +++--
 internal/command/user_human_test.go   | 367 +++++++++++++++++++++++++-
 internal/command/user_machine.go      |  25 +-
 internal/command/user_machine_test.go | 109 +++++++-
 proto/zitadel/admin.proto             |   1 +
 proto/zitadel/v1.proto                |   2 +
 11 files changed, 574 insertions(+), 41 deletions(-)

diff --git a/internal/api/grpc/admin/export.go b/internal/api/grpc/admin/export.go
index 2558e5b5fc..b5d36272d4 100644
--- a/internal/api/grpc/admin/export.go
+++ b/internal/api/grpc/admin/export.go
@@ -8,7 +8,9 @@ import (
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	authn_grpc "github.com/zitadel/zitadel/internal/api/grpc/authn"
+	"github.com/zitadel/zitadel/internal/api/grpc/org"
 	text_grpc "github.com/zitadel/zitadel/internal/api/grpc/text"
+	user_converter "github.com/zitadel/zitadel/internal/api/grpc/user"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
@@ -65,7 +67,7 @@ func (s *Server) ExportData(ctx context.Context, req *admin_pb.ExportDataRequest
 		/******************************************************************************************************************
 		Organization
 		******************************************************************************************************************/
-		org := &admin_pb.DataOrg{OrgId: queriedOrg.ID, Org: &management_pb.AddOrgRequest{Name: queriedOrg.Name}}
+		org := &admin_pb.DataOrg{OrgId: queriedOrg.ID, OrgState: org.OrgStateToPb(queriedOrg.State), Org: &management_pb.AddOrgRequest{Name: queriedOrg.Name}}
 		orgs[i] = org
 	}
 
@@ -567,6 +569,7 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w
 		case domain.UserTypeHuman:
 			dataUser := &v1_pb.DataHumanUser{
 				UserId: user.ID,
+				State:  user_converter.UserStateToPb(user.State),
 				User: &management_pb.ImportHumanUserRequest{
 					UserName: user.Username,
 					Profile: &management_pb.ImportHumanUserRequest_Profile{
@@ -620,6 +623,7 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w
 		case domain.UserTypeMachine:
 			machineUsers = append(machineUsers, &v1_pb.DataMachineUser{
 				UserId: user.ID,
+				State:  user_converter.UserStateToPb(user.State),
 				User: &management_pb.AddMachineUserRequest{
 					UserName:    user.Username,
 					Name:        user.Machine.Name,
@@ -647,7 +651,6 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w
 					ExpirationDate: timestamppb.New(key.Expiration),
 					PublicKey:      key.PublicKey,
 				})
-
 			}
 		}
 
@@ -888,7 +891,6 @@ func (s *Server) getNecessaryProjectGrantMembersForOrg(ctx context.Context, org
 						break
 					}
 				}
-
 			}
 		}
 	}
@@ -940,7 +942,6 @@ func (s *Server) getNecessaryOrgMembersForOrg(ctx context.Context, org string, p
 }
 
 func (s *Server) getNecessaryProjectGrantsForOrg(ctx context.Context, org string, processedOrgs []string, processedProjects []string) ([]*v1_pb.DataProjectGrant, error) {
-
 	projectGrantSearchOrg, err := query.NewProjectGrantResourceOwnerSearchQuery(org)
 	if err != nil {
 		return nil, err
@@ -991,7 +992,7 @@ func (s *Server) getNecessaryUserGrantsForOrg(ctx context.Context, org string, p
 	for _, userGrant := range queriedUserGrants.UserGrants {
 		for _, projectID := range processedProjects {
 			if projectID == userGrant.ProjectID {
-				//if usergrant is on a granted project
+				// if usergrant is on a granted project
 				if userGrant.GrantID != "" {
 					for _, grantID := range processedGrants {
 						if grantID == userGrant.GrantID {
@@ -1024,6 +1025,7 @@ func (s *Server) getNecessaryUserGrantsForOrg(ctx context.Context, org string, p
 	}
 	return userGrants, nil
 }
+
 func (s *Server) getCustomLoginTexts(ctx context.Context, org string, languages []string) ([]*management_pb.SetCustomLoginTextsRequest, error) {
 	customTexts := make([]*management_pb.SetCustomLoginTextsRequest, 0, len(languages))
 	for _, lang := range languages {
diff --git a/internal/api/grpc/admin/import.go b/internal/api/grpc/admin/import.go
index 41a1e39081..84b0215f03 100644
--- a/internal/api/grpc/admin/import.go
+++ b/internal/api/grpc/admin/import.go
@@ -22,6 +22,7 @@ import (
 	action_grpc "github.com/zitadel/zitadel/internal/api/grpc/action"
 	"github.com/zitadel/zitadel/internal/api/grpc/authn"
 	"github.com/zitadel/zitadel/internal/api/grpc/management"
+	org_converter "github.com/zitadel/zitadel/internal/api/grpc/org"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
@@ -305,7 +306,8 @@ func importOrg1(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataEr
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	_, err = s.command.AddOrgWithID(ctx, org.GetOrg().GetName(), ctxData.UserID, ctxData.ResourceOwner, org.GetOrgId(), []string{})
+	setOrgInactive := org_converter.OrgStateToDomain(org.OrgState) == domain.OrgStateInactive
+	_, err = s.command.AddOrgWithID(ctx, org.GetOrg().GetName(), ctxData.UserID, ctxData.ResourceOwner, org.GetOrgId(), setOrgInactive, []string{})
 	if err != nil {
 		*errors = append(*errors, &admin_pb.ImportDataError{Type: "org", Id: org.GetOrgId(), Message: err.Error()})
 		if _, err := s.query.OrgByID(ctx, true, org.OrgId); err != nil {
@@ -474,7 +476,10 @@ func importHumanUsers(ctx context.Context, s *Server, errors *[]*admin_pb.Import
 		logging.Debugf("import user: %s", user.GetUserId())
 		human, passwordless, links := management.ImportHumanUserRequestToDomain(user.User)
 		human.AggregateID = user.UserId
-		_, _, err := s.command.ImportHuman(ctx, org.GetOrgId(), human, passwordless, links, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessInitCode)
+		userState := user.State.ToDomain()
+
+		//nolint:staticcheck
+		_, _, err := s.command.ImportHuman(ctx, org.GetOrgId(), human, passwordless, &userState, links, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessInitCode)
 		if err != nil {
 			*errors = append(*errors, &admin_pb.ImportDataError{Type: "human_user", Id: user.GetUserId(), Message: err.Error()})
 			if isCtxTimeout(ctx) {
@@ -510,7 +515,8 @@ func importMachineUsers(ctx context.Context, s *Server, errors *[]*admin_pb.Impo
 	}
 	for _, user := range org.GetMachineUsers() {
 		logging.Debugf("import user: %s", user.GetUserId())
-		_, err := s.command.AddMachine(ctx, management.AddMachineUserRequestToCommand(user.GetUser(), org.GetOrgId()), nil)
+		userState := user.State.ToDomain()
+		_, err := s.command.AddMachine(ctx, management.AddMachineUserRequestToCommand(user.GetUser(), org.GetOrgId()), &userState, nil)
 		if err != nil {
 			*errors = append(*errors, &admin_pb.ImportDataError{Type: "machine_user", Id: user.GetUserId(), Message: err.Error()})
 			if isCtxTimeout(ctx) {
@@ -609,7 +615,6 @@ func importUserLinks(ctx context.Context, s *Server, errors *[]*admin_pb.ImportD
 		successOrg.UserLinks = append(successOrg.UserLinks, &admin_pb.ImportDataSuccessUserLinks{UserId: userLinks.GetUserId(), IdpId: userLinks.GetIdpId(), ExternalUserId: userLinks.GetProvidedUserId(), DisplayName: userLinks.GetProvidedUserName()})
 	}
 	return nil
-
 }
 
 func importProjects(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts) (err error) {
@@ -750,6 +755,7 @@ func importActions(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDat
 	}
 	return nil
 }
+
 func importProjectRoles(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataError, successOrg *admin_pb.ImportDataSuccessOrg, org *admin_pb.DataOrg, count *counts) (err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
@@ -805,6 +811,7 @@ func importResources(ctx context.Context, s *Server, errors *[]*admin_pb.ImportD
 	importDomainClaimedMessageTexts(ctx, s, errors, org)
 	importPasswordlessRegistrationMessageTexts(ctx, s, errors, org)
 	importInviteUserMessageTexts(ctx, s, errors, org)
+
 	if err := importHumanUsers(ctx, s, errors, successOrg, org, count, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessInitCode); err != nil {
 		return err
 	}
diff --git a/internal/api/grpc/management/user.go b/internal/api/grpc/management/user.go
index ae1040cd1e..09b9faa756 100644
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -273,7 +273,8 @@ func (s *Server) ImportHumanUser(ctx context.Context, req *mgmt_pb.ImportHumanUs
 	if err != nil {
 		return nil, err
 	}
-	addedHuman, code, err := s.command.ImportHuman(ctx, authz.GetCtxData(ctx).OrgID, human, passwordless, links, initCodeGenerator, phoneCodeGenerator, emailCodeGenerator, passwordlessInitCode)
+	//nolint:staticcheck
+	addedHuman, code, err := s.command.ImportHuman(ctx, authz.GetCtxData(ctx).OrgID, human, passwordless, nil, links, initCodeGenerator, phoneCodeGenerator, emailCodeGenerator, passwordlessInitCode)
 	if err != nil {
 		return nil, err
 	}
@@ -297,7 +298,7 @@ func (s *Server) ImportHumanUser(ctx context.Context, req *mgmt_pb.ImportHumanUs
 
 func (s *Server) AddMachineUser(ctx context.Context, req *mgmt_pb.AddMachineUserRequest) (*mgmt_pb.AddMachineUserResponse, error) {
 	machine := AddMachineUserRequestToCommand(req, authz.GetCtxData(ctx).OrgID)
-	objectDetails, err := s.command.AddMachine(ctx, machine, nil)
+	objectDetails, err := s.command.AddMachine(ctx, machine, nil, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/api/grpc/user/v2/machine.go b/internal/api/grpc/user/v2/machine.go
index 010ba75678..ad02b2289e 100644
--- a/internal/api/grpc/user/v2/machine.go
+++ b/internal/api/grpc/user/v2/machine.go
@@ -25,6 +25,7 @@ func (s *Server) createUserTypeMachine(ctx context.Context, machinePb *user.Crea
 	details, err := s.command.AddMachine(
 		ctx,
 		cmd,
+		nil,
 		s.command.NewPermissionCheckUserWrite(ctx),
 		command.AddMachineWithUsernameToIDFallback(),
 	)
diff --git a/internal/command/org.go b/internal/command/org.go
index ddf99797e3..faab882d68 100644
--- a/internal/command/org.go
+++ b/internal/command/org.go
@@ -317,7 +317,7 @@ func (c *Commands) checkOrgExists(ctx context.Context, orgID string) error {
 	return nil
 }
 
-func (c *Commands) AddOrgWithID(ctx context.Context, name, userID, resourceOwner, orgID string, claimedUserIDs []string) (_ *domain.Org, err error) {
+func (c *Commands) AddOrgWithID(ctx context.Context, name, userID, resourceOwner, orgID string, setOrgInactive bool, claimedUserIDs []string) (_ *domain.Org, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
@@ -329,7 +329,7 @@ func (c *Commands) AddOrgWithID(ctx context.Context, name, userID, resourceOwner
 		return nil, zerrors.ThrowNotFound(nil, "ORG-lapo2m", "Errors.Org.AlreadyExisting")
 	}
 
-	return c.addOrgWithIDAndMember(ctx, name, userID, resourceOwner, orgID, claimedUserIDs)
+	return c.addOrgWithIDAndMember(ctx, name, userID, resourceOwner, orgID, setOrgInactive, claimedUserIDs)
 }
 
 func (c *Commands) AddOrg(ctx context.Context, name, userID, resourceOwner string, claimedUserIDs []string) (*domain.Org, error) {
@@ -342,10 +342,10 @@ func (c *Commands) AddOrg(ctx context.Context, name, userID, resourceOwner strin
 		return nil, zerrors.ThrowInternal(err, "COMMA-OwciI", "Errors.Internal")
 	}
 
-	return c.addOrgWithIDAndMember(ctx, name, userID, resourceOwner, orgID, claimedUserIDs)
+	return c.addOrgWithIDAndMember(ctx, name, userID, resourceOwner, orgID, false, claimedUserIDs)
 }
 
-func (c *Commands) addOrgWithIDAndMember(ctx context.Context, name, userID, resourceOwner, orgID string, claimedUserIDs []string) (_ *domain.Org, err error) {
+func (c *Commands) addOrgWithIDAndMember(ctx context.Context, name, userID, resourceOwner, orgID string, setOrgInactive bool, claimedUserIDs []string) (_ *domain.Org, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
@@ -363,10 +363,15 @@ func (c *Commands) addOrgWithIDAndMember(ctx context.Context, name, userID, reso
 		return nil, err
 	}
 	events = append(events, orgMemberEvent)
+	if setOrgInactive {
+		deactivateOrgEvent := org.NewOrgDeactivatedEvent(ctx, orgAgg)
+		events = append(events, deactivateOrgEvent)
+	}
 	pushedEvents, err := c.eventstore.Push(ctx, events...)
 	if err != nil {
 		return nil, err
 	}
+
 	err = AppendAndReduce(addedOrg, pushedEvents...)
 	if err != nil {
 		return nil, err
diff --git a/internal/command/user_human.go b/internal/command/user_human.go
index 9e6ba43629..07628b9e19 100644
--- a/internal/command/user_human.go
+++ b/internal/command/user_human.go
@@ -428,7 +428,7 @@ func (h *AddHuman) shouldAddInitCode() bool {
 }
 
 // Deprecated: use commands.AddUserHuman
-func (c *Commands) ImportHuman(ctx context.Context, orgID string, human *domain.Human, passwordless bool, links []*domain.UserIDPLink, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessCodeGenerator crypto.Generator) (_ *domain.Human, passwordlessCode *domain.PasswordlessInitCode, err error) {
+func (c *Commands) ImportHuman(ctx context.Context, orgID string, human *domain.Human, passwordless bool, state *domain.UserState, links []*domain.UserIDPLink, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessCodeGenerator crypto.Generator) (_ *domain.Human, passwordlessCode *domain.PasswordlessInitCode, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
@@ -455,10 +455,32 @@ func (c *Commands) ImportHuman(ctx context.Context, orgID string, human *domain.
 		}
 	}
 
-	events, addedHuman, addedCode, code, err := c.importHuman(ctx, orgID, human, passwordless, links, domainPolicy, pwPolicy, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessCodeGenerator)
+	events, userAgg, addedHuman, addedCode, code, err := c.importHuman(ctx, orgID, human, passwordless, links, domainPolicy, pwPolicy, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessCodeGenerator)
 	if err != nil {
 		return nil, nil, err
 	}
+	if state != nil {
+		var event eventstore.Command
+		switch *state {
+		case domain.UserStateInactive:
+			event = user.NewUserDeactivatedEvent(ctx, userAgg)
+		case domain.UserStateLocked:
+			event = user.NewUserLockedEvent(ctx, userAgg)
+		case domain.UserStateDeleted:
+		// users are never imported if deleted
+		case domain.UserStateActive:
+		// added because of the linter
+		case domain.UserStateSuspend:
+		// added because of the linter
+		case domain.UserStateInitial:
+		// added because of the linter
+		case domain.UserStateUnspecified:
+			// added because of the linter
+		}
+		if event != nil {
+			events = append(events, event)
+		}
+	}
 	pushedEvents, err := c.eventstore.Push(ctx, events...)
 	if err != nil {
 		return nil, nil, err
@@ -479,48 +501,48 @@ func (c *Commands) ImportHuman(ctx context.Context, orgID string, human *domain.
 	return writeModelToHuman(addedHuman), passwordlessCode, nil
 }
 
-func (c *Commands) importHuman(ctx context.Context, orgID string, human *domain.Human, passwordless bool, links []*domain.UserIDPLink, domainPolicy *domain.DomainPolicy, pwPolicy *domain.PasswordComplexityPolicy, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessCodeGenerator crypto.Generator) (events []eventstore.Command, humanWriteModel *HumanWriteModel, passwordlessCodeWriteModel *HumanPasswordlessInitCodeWriteModel, code string, err error) {
+func (c *Commands) importHuman(ctx context.Context, orgID string, human *domain.Human, passwordless bool, links []*domain.UserIDPLink, domainPolicy *domain.DomainPolicy, pwPolicy *domain.PasswordComplexityPolicy, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator, passwordlessCodeGenerator crypto.Generator) (events []eventstore.Command, userAgg *eventstore.Aggregate, humanWriteModel *HumanWriteModel, passwordlessCodeWriteModel *HumanPasswordlessInitCodeWriteModel, code string, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
 	if orgID == "" {
-		return nil, nil, nil, "", zerrors.ThrowInvalidArgument(nil, "COMMAND-00p2b", "Errors.Org.Empty")
+		return nil, nil, nil, nil, "", zerrors.ThrowInvalidArgument(nil, "COMMAND-00p2b", "Errors.Org.Empty")
 	}
 	if err = human.Normalize(); err != nil {
-		return nil, nil, nil, "", err
+		return nil, nil, nil, nil, "", err
 	}
-	events, humanWriteModel, err = c.createHuman(ctx, orgID, human, links, passwordless, domainPolicy, pwPolicy, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator)
+	events, userAgg, humanWriteModel, err = c.createHuman(ctx, orgID, human, links, passwordless, domainPolicy, pwPolicy, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator)
 	if err != nil {
-		return nil, nil, nil, "", err
+		return nil, nil, nil, nil, "", err
 	}
 	if passwordless {
 		var codeEvent eventstore.Command
 		codeEvent, passwordlessCodeWriteModel, code, err = c.humanAddPasswordlessInitCode(ctx, human.AggregateID, orgID, true, passwordlessCodeGenerator)
 		if err != nil {
-			return nil, nil, nil, "", err
+			return nil, nil, nil, nil, "", err
 		}
 		events = append(events, codeEvent)
 	}
-	return events, humanWriteModel, passwordlessCodeWriteModel, code, nil
+	return events, userAgg, humanWriteModel, passwordlessCodeWriteModel, code, nil
 }
 
-func (c *Commands) createHuman(ctx context.Context, orgID string, human *domain.Human, links []*domain.UserIDPLink, passwordless bool, domainPolicy *domain.DomainPolicy, pwPolicy *domain.PasswordComplexityPolicy, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator crypto.Generator) (events []eventstore.Command, addedHuman *HumanWriteModel, err error) {
+func (c *Commands) createHuman(ctx context.Context, orgID string, human *domain.Human, links []*domain.UserIDPLink, passwordless bool, domainPolicy *domain.DomainPolicy, pwPolicy *domain.PasswordComplexityPolicy, initCodeGenerator, emailCodeGenerator, phoneCodeGenerator crypto.Generator) (events []eventstore.Command, userAgg *eventstore.Aggregate, addedHuman *HumanWriteModel, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
 	if err = human.CheckDomainPolicy(domainPolicy); err != nil {
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 	human.Username = strings.TrimSpace(human.Username)
 	human.EmailAddress = human.EmailAddress.Normalize()
 	if err = c.userValidateDomain(ctx, orgID, human.Username, domainPolicy.UserLoginMustBeDomain); err != nil {
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 
 	if human.AggregateID == "" {
 		userID, err := c.idGenerator.Next()
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 		human.AggregateID = userID
 	}
@@ -528,20 +550,21 @@ func (c *Commands) createHuman(ctx context.Context, orgID string, human *domain.
 	human.EnsureDisplayName()
 	if human.Password != nil {
 		if err := human.HashPasswordIfExisting(ctx, pwPolicy, c.userPasswordHasher, human.Password.ChangeRequired); err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 	}
 
 	addedHuman = NewHumanWriteModel(human.AggregateID, orgID)
-	//TODO: adlerhurst maybe we could simplify the code below
-	userAgg := UserAggregateFromWriteModel(&addedHuman.WriteModel)
+
+	// TODO: adlerhurst maybe we could simplify the code below
+	userAgg = UserAggregateFromWriteModelCtx(ctx, &addedHuman.WriteModel)
 
 	events = append(events, createAddHumanEvent(ctx, userAgg, human, domainPolicy.UserLoginMustBeDomain))
 
 	for _, link := range links {
 		event, err := c.addUserIDPLink(ctx, userAgg, link, false)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 		events = append(events, event)
 	}
@@ -549,7 +572,7 @@ func (c *Commands) createHuman(ctx context.Context, orgID string, human *domain.
 	if human.IsInitialState(passwordless, len(links) > 0) {
 		initCode, err := domain.NewInitUserCode(initCodeGenerator)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 		events = append(events, user.NewHumanInitialCodeAddedEvent(ctx, userAgg, initCode.Code, initCode.Expiry, ""))
 	} else {
@@ -558,7 +581,7 @@ func (c *Commands) createHuman(ctx context.Context, orgID string, human *domain.
 		} else {
 			emailCode, _, err := domain.NewEmailCode(emailCodeGenerator)
 			if err != nil {
-				return nil, nil, err
+				return nil, nil, nil, err
 			}
 			events = append(events, user.NewHumanEmailCodeAddedEvent(ctx, userAgg, emailCode.Code, emailCode.Expiry, ""))
 		}
@@ -567,14 +590,14 @@ func (c *Commands) createHuman(ctx context.Context, orgID string, human *domain.
 	if human.Phone != nil && human.PhoneNumber != "" && !human.IsPhoneVerified {
 		phoneCode, generatorID, err := c.newPhoneCode(ctx, c.eventstore.Filter, domain.SecretGeneratorTypeVerifyPhoneCode, c.userEncryption, c.defaultSecretGenerators.PhoneVerificationCode) //nolint:staticcheck
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, err
 		}
 		events = append(events, user.NewHumanPhoneCodeAddedEvent(ctx, userAgg, phoneCode.CryptedCode(), phoneCode.CodeExpiry(), generatorID))
 	} else if human.Phone != nil && human.PhoneNumber != "" && human.IsPhoneVerified {
 		events = append(events, user.NewHumanPhoneVerifiedEvent(ctx, userAgg))
 	}
 
-	return events, addedHuman, nil
+	return events, userAgg, addedHuman, nil
 }
 
 func (c *Commands) HumanSkipMFAInit(ctx context.Context, userID, resourceowner string) (err error) {
diff --git a/internal/command/user_human_test.go b/internal/command/user_human_test.go
index 78d7248516..1ef3e2aab6 100644
--- a/internal/command/user_human_test.go
+++ b/internal/command/user_human_test.go
@@ -1200,7 +1200,8 @@ func TestCommandSide_AddHuman(t *testing.T) {
 				},
 				wantID: "user1",
 			},
-		}, {
+		},
+		{
 			name: "add human (with return code), ok",
 			fields: fields{
 				eventstore: expectEventstore(
@@ -1432,6 +1433,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
 		orgID                string
 		human                *domain.Human
 		passwordless         bool
+		state                *domain.UserState
 		links                []*domain.UserIDPLink
 		secretGenerator      crypto.Generator
 		passwordlessInitCode crypto.Generator
@@ -1584,7 +1586,8 @@ func TestCommandSide_ImportHuman(t *testing.T) {
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
 			},
-		}, {
+		},
+		{
 			name: "add human (with password and initial code), ok",
 			given: func(t *testing.T) (fields, args) {
 				return fields{
@@ -2985,6 +2988,364 @@ func TestCommandSide_ImportHuman(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "add human (with idp, auto creation not allowed) + deactivated state, ok",
+			given: func(t *testing.T) (fields, args) {
+				return fields{
+						eventstore: expectEventstore(
+							expectFilter(
+								eventFromEventPusher(
+									org.NewDomainPolicyAddedEvent(context.Background(),
+										&user.NewAggregate("user1", "org1").Aggregate,
+										true,
+										true,
+										true,
+									),
+								),
+							),
+							expectFilter(
+								eventFromEventPusher(
+									org.NewPasswordComplexityPolicyAddedEvent(context.Background(),
+										&user.NewAggregate("user1", "org1").Aggregate,
+										1,
+										false,
+										false,
+										false,
+										false,
+									),
+								),
+							),
+							expectFilter(
+								eventFromEventPusher(
+									org.NewIDPConfigAddedEvent(context.Background(),
+										&org.NewAggregate("org1").Aggregate,
+										"idpID",
+										"name",
+										domain.IDPConfigTypeOIDC,
+										domain.IDPConfigStylingTypeUnspecified,
+										false,
+									),
+								),
+								eventFromEventPusher(
+									org.NewIDPOIDCConfigAddedEvent(context.Background(),
+										&org.NewAggregate("org1").Aggregate,
+										"clientID",
+										"idpID",
+										"issuer",
+										"authEndpoint",
+										"tokenEndpoint",
+										nil,
+										domain.OIDCMappingFieldUnspecified,
+										domain.OIDCMappingFieldUnspecified,
+									),
+								),
+								eventFromEventPusher(
+									func() eventstore.Command {
+										e, _ := org.NewOIDCIDPChangedEvent(context.Background(),
+											&org.NewAggregate("org1").Aggregate,
+											"config1",
+											[]idp.OIDCIDPChanges{
+												idp.ChangeOIDCOptions(idp.OptionChanges{IsCreationAllowed: gu.Ptr(false)}),
+											},
+										)
+										return e
+									}(),
+								),
+							),
+							expectFilter(
+								eventFromEventPusher(
+									org.NewIDPConfigAddedEvent(context.Background(),
+										&org.NewAggregate("org1").Aggregate,
+										"idpID",
+										"name",
+										domain.IDPConfigTypeOIDC,
+										domain.IDPConfigStylingTypeUnspecified,
+										false,
+									),
+								),
+								eventFromEventPusher(
+									org.NewIDPOIDCConfigAddedEvent(context.Background(),
+										&org.NewAggregate("org1").Aggregate,
+										"clientID",
+										"idpID",
+										"issuer",
+										"authEndpoint",
+										"tokenEndpoint",
+										nil,
+										domain.OIDCMappingFieldUnspecified,
+										domain.OIDCMappingFieldUnspecified,
+									),
+								),
+								eventFromEventPusher(
+									func() eventstore.Command {
+										e, _ := org.NewOIDCIDPChangedEvent(context.Background(),
+											&org.NewAggregate("org1").Aggregate,
+											"config1",
+											[]idp.OIDCIDPChanges{
+												idp.ChangeOIDCOptions(idp.OptionChanges{
+													IsCreationAllowed: gu.Ptr(true),
+													IsAutoCreation:    gu.Ptr(false),
+												}),
+											},
+										)
+										return e
+									}(),
+								),
+								eventFromEventPusher(
+									org.NewIdentityProviderAddedEvent(context.Background(),
+										&org.NewAggregate("org1").Aggregate,
+										"idpID",
+										domain.IdentityProviderTypeOrg,
+									),
+								),
+							),
+							expectPush(
+								newAddHumanEvent("", false, true, "", AllowedLanguage),
+								user.NewUserIDPLinkAddedEvent(context.Background(),
+									&user.NewAggregate("user1", "org1").Aggregate,
+									"idpID",
+									"name",
+									"externalID",
+								),
+								user.NewHumanEmailVerifiedEvent(context.Background(),
+									&user.NewAggregate("user1", "org1").Aggregate),
+								user.NewUserDeactivatedEvent(context.Background(),
+									&user.NewAggregate("user1", "org1").Aggregate,
+								),
+							),
+						),
+						idGenerator:        id_mock.NewIDGeneratorExpectIDs(t, "user1"),
+						userPasswordHasher: mockPasswordHasher("x"),
+					},
+					args{
+						ctx:   context.Background(),
+						orgID: "org1",
+						state: func() *domain.UserState {
+							state := domain.UserStateInactive
+							return &state
+						}(),
+						human: &domain.Human{
+							Username: "username",
+							Profile: &domain.Profile{
+								FirstName:         "firstname",
+								LastName:          "lastname",
+								PreferredLanguage: AllowedLanguage,
+							},
+							Email: &domain.Email{
+								EmailAddress:    "email@test.ch",
+								IsEmailVerified: true,
+							},
+						},
+						links: []*domain.UserIDPLink{
+							{
+								IDPConfigID:    "idpID",
+								ExternalUserID: "externalID",
+								DisplayName:    "name",
+							},
+						},
+						secretGenerator: GetMockSecretGenerator(t),
+					}
+			},
+			res: res{
+				wantHuman: &domain.Human{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "user1",
+						ResourceOwner: "org1",
+					},
+					Username: "username",
+					Profile: &domain.Profile{
+						FirstName:         "firstname",
+						LastName:          "lastname",
+						DisplayName:       "firstname lastname",
+						PreferredLanguage: AllowedLanguage,
+					},
+					Email: &domain.Email{
+						EmailAddress:    "email@test.ch",
+						IsEmailVerified: true,
+					},
+					State: domain.UserStateInactive,
+				},
+			},
+		},
+		{
+			name: "add human (with idp, auto creation not allowed) + locked state, ok",
+			given: func(t *testing.T) (fields, args) {
+				return fields{
+						eventstore: expectEventstore(
+							expectFilter(
+								eventFromEventPusher(
+									org.NewDomainPolicyAddedEvent(context.Background(),
+										&user.NewAggregate("user1", "org1").Aggregate,
+										true,
+										true,
+										true,
+									),
+								),
+							),
+							expectFilter(
+								eventFromEventPusher(
+									org.NewPasswordComplexityPolicyAddedEvent(context.Background(),
+										&user.NewAggregate("user1", "org1").Aggregate,
+										1,
+										false,
+										false,
+										false,
+										false,
+									),
+								),
+							),
+							expectFilter(
+								eventFromEventPusher(
+									org.NewIDPConfigAddedEvent(context.Background(),
+										&org.NewAggregate("org1").Aggregate,
+										"idpID",
+										"name",
+										domain.IDPConfigTypeOIDC,
+										domain.IDPConfigStylingTypeUnspecified,
+										false,
+									),
+								),
+								eventFromEventPusher(
+									org.NewIDPOIDCConfigAddedEvent(context.Background(),
+										&org.NewAggregate("org1").Aggregate,
+										"clientID",
+										"idpID",
+										"issuer",
+										"authEndpoint",
+										"tokenEndpoint",
+										nil,
+										domain.OIDCMappingFieldUnspecified,
+										domain.OIDCMappingFieldUnspecified,
+									),
+								),
+								eventFromEventPusher(
+									func() eventstore.Command {
+										e, _ := org.NewOIDCIDPChangedEvent(context.Background(),
+											&org.NewAggregate("org1").Aggregate,
+											"config1",
+											[]idp.OIDCIDPChanges{
+												idp.ChangeOIDCOptions(idp.OptionChanges{IsCreationAllowed: gu.Ptr(false)}),
+											},
+										)
+										return e
+									}(),
+								),
+							),
+							expectFilter(
+								eventFromEventPusher(
+									org.NewIDPConfigAddedEvent(context.Background(),
+										&org.NewAggregate("org1").Aggregate,
+										"idpID",
+										"name",
+										domain.IDPConfigTypeOIDC,
+										domain.IDPConfigStylingTypeUnspecified,
+										false,
+									),
+								),
+								eventFromEventPusher(
+									org.NewIDPOIDCConfigAddedEvent(context.Background(),
+										&org.NewAggregate("org1").Aggregate,
+										"clientID",
+										"idpID",
+										"issuer",
+										"authEndpoint",
+										"tokenEndpoint",
+										nil,
+										domain.OIDCMappingFieldUnspecified,
+										domain.OIDCMappingFieldUnspecified,
+									),
+								),
+								eventFromEventPusher(
+									func() eventstore.Command {
+										e, _ := org.NewOIDCIDPChangedEvent(context.Background(),
+											&org.NewAggregate("org1").Aggregate,
+											"config1",
+											[]idp.OIDCIDPChanges{
+												idp.ChangeOIDCOptions(idp.OptionChanges{
+													IsCreationAllowed: gu.Ptr(true),
+													IsAutoCreation:    gu.Ptr(false),
+												}),
+											},
+										)
+										return e
+									}(),
+								),
+								eventFromEventPusher(
+									org.NewIdentityProviderAddedEvent(context.Background(),
+										&org.NewAggregate("org1").Aggregate,
+										"idpID",
+										domain.IdentityProviderTypeOrg,
+									),
+								),
+							),
+							expectPush(
+								newAddHumanEvent("", false, true, "", AllowedLanguage),
+								user.NewUserIDPLinkAddedEvent(context.Background(),
+									&user.NewAggregate("user1", "org1").Aggregate,
+									"idpID",
+									"name",
+									"externalID",
+								),
+								user.NewHumanEmailVerifiedEvent(context.Background(),
+									&user.NewAggregate("user1", "org1").Aggregate),
+								user.NewUserLockedEvent(context.Background(),
+									&user.NewAggregate("user1", "org1").Aggregate,
+								),
+							),
+						),
+						idGenerator:        id_mock.NewIDGeneratorExpectIDs(t, "user1"),
+						userPasswordHasher: mockPasswordHasher("x"),
+					},
+					args{
+						ctx:   context.Background(),
+						orgID: "org1",
+						state: func() *domain.UserState {
+							state := domain.UserStateLocked
+							return &state
+						}(),
+						human: &domain.Human{
+							Username: "username",
+							Profile: &domain.Profile{
+								FirstName:         "firstname",
+								LastName:          "lastname",
+								PreferredLanguage: AllowedLanguage,
+							},
+							Email: &domain.Email{
+								EmailAddress:    "email@test.ch",
+								IsEmailVerified: true,
+							},
+						},
+						links: []*domain.UserIDPLink{
+							{
+								IDPConfigID:    "idpID",
+								ExternalUserID: "externalID",
+								DisplayName:    "name",
+							},
+						},
+						secretGenerator: GetMockSecretGenerator(t),
+					}
+			},
+			res: res{
+				wantHuman: &domain.Human{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "user1",
+						ResourceOwner: "org1",
+					},
+					Username: "username",
+					Profile: &domain.Profile{
+						FirstName:         "firstname",
+						LastName:          "lastname",
+						DisplayName:       "firstname lastname",
+						PreferredLanguage: AllowedLanguage,
+					},
+					Email: &domain.Email{
+						EmailAddress:    "email@test.ch",
+						IsEmailVerified: true,
+					},
+					State: domain.UserStateLocked,
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -2996,7 +3357,7 @@ func TestCommandSide_ImportHuman(t *testing.T) {
 				newEncryptedCodeWithDefault: f.newEncryptedCodeWithDefault,
 				defaultSecretGenerators:     f.defaultSecretGenerators,
 			}
-			gotHuman, gotCode, err := r.ImportHuman(a.ctx, a.orgID, a.human, a.passwordless, a.links, a.secretGenerator, a.secretGenerator, a.secretGenerator, a.secretGenerator)
+			gotHuman, gotCode, err := r.ImportHuman(a.ctx, a.orgID, a.human, a.passwordless, a.state, a.links, a.secretGenerator, a.secretGenerator, a.secretGenerator, a.secretGenerator)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
diff --git a/internal/command/user_machine.go b/internal/command/user_machine.go
index 7c8fd89eac..75ed43ee69 100644
--- a/internal/command/user_machine.go
+++ b/internal/command/user_machine.go
@@ -79,7 +79,7 @@ func AddMachineWithUsernameToIDFallback() addMachineOption {
 	}
 }
 
-func (c *Commands) AddMachine(ctx context.Context, machine *Machine, check PermissionCheck, options ...addMachineOption) (_ *domain.ObjectDetails, err error) {
+func (c *Commands) AddMachine(ctx context.Context, machine *Machine, state *domain.UserState, check PermissionCheck, options ...addMachineOption) (_ *domain.ObjectDetails, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
@@ -107,6 +107,29 @@ func (c *Commands) AddMachine(ctx context.Context, machine *Machine, check Permi
 		return nil, err
 	}
 
+	if state != nil {
+		var cmd eventstore.Command
+		switch *state {
+		case domain.UserStateInactive:
+			cmd = user.NewUserDeactivatedEvent(ctx, &agg.Aggregate)
+		case domain.UserStateLocked:
+			cmd = user.NewUserLockedEvent(ctx, &agg.Aggregate)
+		case domain.UserStateDeleted:
+		// users are never imported if deleted
+		case domain.UserStateActive:
+		// added because of the linter
+		case domain.UserStateSuspend:
+		// added because of the linter
+		case domain.UserStateInitial:
+		// added because of the linter
+		case domain.UserStateUnspecified:
+			// added because of the linter
+		}
+		if cmd != nil {
+			cmds = append(cmds, cmd)
+		}
+	}
+
 	events, err := c.eventstore.Push(ctx, cmds...)
 	if err != nil {
 		return nil, err
diff --git a/internal/command/user_machine_test.go b/internal/command/user_machine_test.go
index 19548ae9c6..6d94154a42 100644
--- a/internal/command/user_machine_test.go
+++ b/internal/command/user_machine_test.go
@@ -24,6 +24,7 @@ func TestCommandSide_AddMachine(t *testing.T) {
 	type args struct {
 		ctx     context.Context
 		machine *Machine
+		state   *domain.UserState
 		check   PermissionCheck
 		options func(*Commands) []addMachineOption
 	}
@@ -419,6 +420,112 @@ func TestCommandSide_AddMachine(t *testing.T) {
 				err: zerrors.IsPermissionDenied,
 			},
 		},
+		{
+			name: "add machine, ok + deactive state",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewDomainPolicyAddedEvent(context.Background(),
+								&user.NewAggregate("user1", "org1").Aggregate,
+								true,
+								true,
+								true,
+							),
+						),
+					),
+					expectPush(
+						user.NewMachineAddedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							"username",
+							"name",
+							"description",
+							true,
+							domain.OIDCTokenTypeBearer,
+						),
+						user.NewUserDeactivatedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+						),
+					),
+				),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"),
+			},
+			args: args{
+				ctx: context.Background(),
+				machine: &Machine{
+					ObjectRoot: models.ObjectRoot{
+						ResourceOwner: "org1",
+					},
+					Description: "description",
+					Name:        "name",
+					Username:    "username",
+				},
+				state: func() *domain.UserState {
+					state := domain.UserStateInactive
+					return &state
+				}(),
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
+		{
+			name: "add machine, ok + locked state",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewDomainPolicyAddedEvent(context.Background(),
+								&user.NewAggregate("user1", "org1").Aggregate,
+								true,
+								true,
+								true,
+							),
+						),
+					),
+					expectPush(
+						user.NewMachineAddedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+							"username",
+							"name",
+							"description",
+							true,
+							domain.OIDCTokenTypeBearer,
+						),
+						user.NewUserLockedEvent(context.Background(),
+							&user.NewAggregate("user1", "org1").Aggregate,
+						),
+					),
+				),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"),
+			},
+			args: args{
+				ctx: context.Background(),
+				machine: &Machine{
+					ObjectRoot: models.ObjectRoot{
+						ResourceOwner: "org1",
+					},
+					Description: "description",
+					Name:        "name",
+					Username:    "username",
+				},
+				state: func() *domain.UserState {
+					state := domain.UserStateLocked
+					return &state
+				}(),
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -431,7 +538,7 @@ func TestCommandSide_AddMachine(t *testing.T) {
 			if tt.args.options != nil {
 				options = tt.args.options(r)
 			}
-			got, err := r.AddMachine(tt.args.ctx, tt.args.machine, tt.args.check, options...)
+			got, err := r.AddMachine(tt.args.ctx, tt.args.machine, tt.args.state, tt.args.check, options...)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
diff --git a/proto/zitadel/admin.proto b/proto/zitadel/admin.proto
index d8c88d540b..da496b7c7d 100644
--- a/proto/zitadel/admin.proto
+++ b/proto/zitadel/admin.proto
@@ -9005,6 +9005,7 @@ message DataOrg {
     repeated zitadel.management.v1.SetCustomVerifySMSOTPMessageTextRequest verify_sms_otp_messages = 37;
     repeated zitadel.management.v1.SetCustomVerifyEmailOTPMessageTextRequest verify_email_otp_messages = 38;
     repeated zitadel.management.v1.SetCustomInviteUserMessageTextRequest invite_user_messages = 39;
+    zitadel.org.v1.OrgState org_state = 40;
 }
 
 message ImportDataResponse{
diff --git a/proto/zitadel/v1.proto b/proto/zitadel/v1.proto
index c186ea7d61..beb91116f1 100644
--- a/proto/zitadel/v1.proto
+++ b/proto/zitadel/v1.proto
@@ -172,10 +172,12 @@ message DataOIDCApplication {
 message DataHumanUser {
   string user_id = 1;
   zitadel.management.v1.ImportHumanUserRequest user = 2;
+  zitadel.user.v1.UserState state = 3;
 }
 message DataMachineUser {
   string user_id = 1;
   zitadel.management.v1.AddMachineUserRequest user = 2;
+  zitadel.user.v1.UserState state = 3;
 }
 message DataAction {
   string action_id = 1;

From 83839fc2eff533611abb2b0a81c09ae65eff94b0 Mon Sep 17 00:00:00 2001
From: Abhinav Sethi <abhinav.sethi03@gmail.com>
Date: Thu, 12 Jun 2025 13:03:25 -0400
Subject: [PATCH 097/123] fix: enable opentelemetry metrics for river queue
 (#10044)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# Which Problems Are Solved

Right now we have no visibility into river queue's job processing times
and queue sizes. This makes it difficult to reliably know if
notifications are actually being published in a reasonable time and
current queue size.

# How the Problems Are Solved
Integrates River's OpenTelemetry middleware with Zitadel's metrics
system by adding the otelriver middleware to the queue configuration.


# Additional Changes
- Updated dependencies to include required `otelriver` package

# Additional Context

Example output from `/debug/metrics`

<details>
  <summary>output</summary>

# HELP failed_deliveries_json_total Failed JSON message deliveries
# TYPE failed_deliveries_json_total counter

failed_deliveries_json_total{otel_scope_name="",otel_scope_version="",triggering_event_type="user.human.phone.code.added"}
2
# HELP go_gc_duration_seconds A summary of the wall-time pause
(stop-the-world) duration in garbage collection cycles.
# TYPE go_gc_duration_seconds summary
go_gc_duration_seconds{quantile="0"} 3.8e-05
go_gc_duration_seconds{quantile="0.25"} 6.3916e-05
go_gc_duration_seconds{quantile="0.5"} 7.5584e-05
go_gc_duration_seconds{quantile="0.75"} 9.2584e-05
go_gc_duration_seconds{quantile="1"} 0.000204292
go_gc_duration_seconds_sum 0.003028502
go_gc_duration_seconds_count 34
# HELP go_gc_gogc_percent Heap size target percentage configured by the
user, otherwise 100. This value is set by the GOGC environment variable,
and the runtime/debug.SetGCPercent function. Sourced from
/gc/gogc:percent
# TYPE go_gc_gogc_percent gauge
go_gc_gogc_percent 100
# HELP go_gc_gomemlimit_bytes Go runtime memory limit configured by the
user, otherwise math.MaxInt64. This value is set by the GOMEMLIMIT
environment variable, and the runtime/debug.SetMemoryLimit function.
Sourced from /gc/gomemlimit:bytes
# TYPE go_gc_gomemlimit_bytes gauge
go_gc_gomemlimit_bytes 9.223372036854776e+18
# HELP go_goroutines Number of goroutines that currently exist.
# TYPE go_goroutines gauge
go_goroutines 231
# HELP go_info Information about the Go environment.
# TYPE go_info gauge
go_info{version="go1.24.3"} 1
# HELP go_memstats_alloc_bytes Number of bytes allocated in heap and
currently in use. Equals to /memory/classes/heap/objects:bytes.
# TYPE go_memstats_alloc_bytes gauge
go_memstats_alloc_bytes 7.7565832e+07
# HELP go_memstats_alloc_bytes_total Total number of bytes allocated in
heap until now, even if released already. Equals to
/gc/heap/allocs:bytes.
# TYPE go_memstats_alloc_bytes_total counter
go_memstats_alloc_bytes_total 7.3319844e+08
# HELP go_memstats_buck_hash_sys_bytes Number of bytes used by the
profiling bucket hash table. Equals to
/memory/classes/profiling/buckets:bytes.
# TYPE go_memstats_buck_hash_sys_bytes gauge
go_memstats_buck_hash_sys_bytes 1.63816e+06
# HELP go_memstats_frees_total Total number of heap objects frees.
Equals to /gc/heap/frees:objects + /gc/heap/tiny/allocs:objects.
# TYPE go_memstats_frees_total counter
go_memstats_frees_total 1.1496925e+07
# HELP go_memstats_gc_sys_bytes Number of bytes used for garbage
collection system metadata. Equals to
/memory/classes/metadata/other:bytes.
# TYPE go_memstats_gc_sys_bytes gauge
go_memstats_gc_sys_bytes 5.182776e+06
# HELP go_memstats_heap_alloc_bytes Number of heap bytes allocated and
currently in use, same as go_memstats_alloc_bytes. Equals to
/memory/classes/heap/objects:bytes.
# TYPE go_memstats_heap_alloc_bytes gauge
go_memstats_heap_alloc_bytes 7.7565832e+07
# HELP go_memstats_heap_idle_bytes Number of heap bytes waiting to be
used. Equals to /memory/classes/heap/released:bytes +
/memory/classes/heap/free:bytes.
# TYPE go_memstats_heap_idle_bytes gauge
go_memstats_heap_idle_bytes 5.8179584e+07
# HELP go_memstats_heap_inuse_bytes Number of heap bytes that are in
use. Equals to /memory/classes/heap/objects:bytes +
/memory/classes/heap/unused:bytes
# TYPE go_memstats_heap_inuse_bytes gauge
go_memstats_heap_inuse_bytes 8.5868544e+07
# HELP go_memstats_heap_objects Number of currently allocated objects.
Equals to /gc/heap/objects:objects.
# TYPE go_memstats_heap_objects gauge
go_memstats_heap_objects 573723
# HELP go_memstats_heap_released_bytes Number of heap bytes released to
OS. Equals to /memory/classes/heap/released:bytes.
# TYPE go_memstats_heap_released_bytes gauge
go_memstats_heap_released_bytes 7.20896e+06
# HELP go_memstats_heap_sys_bytes Number of heap bytes obtained from
system. Equals to /memory/classes/heap/objects:bytes +
/memory/classes/heap/unused:bytes + /memory/classes/heap/released:bytes
+ /memory/classes/heap/free:bytes.
# TYPE go_memstats_heap_sys_bytes gauge
go_memstats_heap_sys_bytes 1.44048128e+08
# HELP go_memstats_last_gc_time_seconds Number of seconds since 1970 of
last garbage collection.
# TYPE go_memstats_last_gc_time_seconds gauge
go_memstats_last_gc_time_seconds 1.749491558214289e+09
# HELP go_memstats_mallocs_total Total number of heap objects allocated,
both live and gc-ed. Semantically a counter version for
go_memstats_heap_objects gauge. Equals to /gc/heap/allocs:objects +
/gc/heap/tiny/allocs:objects.
# TYPE go_memstats_mallocs_total counter
go_memstats_mallocs_total 1.2070648e+07
# HELP go_memstats_mcache_inuse_bytes Number of bytes in use by mcache
structures. Equals to /memory/classes/metadata/mcache/inuse:bytes.
# TYPE go_memstats_mcache_inuse_bytes gauge
go_memstats_mcache_inuse_bytes 16912
# HELP go_memstats_mcache_sys_bytes Number of bytes used for mcache
structures obtained from system. Equals to
/memory/classes/metadata/mcache/inuse:bytes +
/memory/classes/metadata/mcache/free:bytes.
# TYPE go_memstats_mcache_sys_bytes gauge
go_memstats_mcache_sys_bytes 31408
# HELP go_memstats_mspan_inuse_bytes Number of bytes in use by mspan
structures. Equals to /memory/classes/metadata/mspan/inuse:bytes.
# TYPE go_memstats_mspan_inuse_bytes gauge
go_memstats_mspan_inuse_bytes 1.3496e+06
# HELP go_memstats_mspan_sys_bytes Number of bytes used for mspan
structures obtained from system. Equals to
/memory/classes/metadata/mspan/inuse:bytes +
/memory/classes/metadata/mspan/free:bytes.
# TYPE go_memstats_mspan_sys_bytes gauge
go_memstats_mspan_sys_bytes 2.18688e+06
# HELP go_memstats_next_gc_bytes Number of heap bytes when next garbage
collection will take place. Equals to /gc/heap/goal:bytes.
# TYPE go_memstats_next_gc_bytes gauge
go_memstats_next_gc_bytes 1.34730994e+08
# HELP go_memstats_other_sys_bytes Number of bytes used for other system
allocations. Equals to /memory/classes/other:bytes.
# TYPE go_memstats_other_sys_bytes gauge
go_memstats_other_sys_bytes 3.125168e+06
# HELP go_memstats_stack_inuse_bytes Number of bytes obtained from
system for stack allocator in non-CGO environments. Equals to
/memory/classes/heap/stacks:bytes.
# TYPE go_memstats_stack_inuse_bytes gauge
go_memstats_stack_inuse_bytes 2.752512e+06
# HELP go_memstats_stack_sys_bytes Number of bytes obtained from system
for stack allocator. Equals to /memory/classes/heap/stacks:bytes +
/memory/classes/os-stacks:bytes.
# TYPE go_memstats_stack_sys_bytes gauge
go_memstats_stack_sys_bytes 2.752512e+06
# HELP go_memstats_sys_bytes Number of bytes obtained from system.
Equals to /memory/classes/total:byte.
# TYPE go_memstats_sys_bytes gauge
go_memstats_sys_bytes 1.58965032e+08
# HELP go_sched_gomaxprocs_threads The current runtime.GOMAXPROCS
setting, or the number of operating system threads that can execute
user-level Go code simultaneously. Sourced from
/sched/gomaxprocs:threads
# TYPE go_sched_gomaxprocs_threads gauge
go_sched_gomaxprocs_threads 14
# HELP go_threads Number of OS threads created.
# TYPE go_threads gauge
go_threads 25
# HELP grpc_server_grpc_status_code_total Grpc status code counter
# TYPE grpc_server_grpc_status_code_total counter

grpc_server_grpc_status_code_total{grpc_method="/zitadel.management.v1.ManagementService/ListUserChanges",otel_scope_name="",otel_scope_version="",return_code="200"}
1

grpc_server_grpc_status_code_total{grpc_method="/zitadel.management.v1.ManagementService/ListUserMetadata",otel_scope_name="",otel_scope_version="",return_code="200"}
2

grpc_server_grpc_status_code_total{grpc_method="/zitadel.management.v1.ManagementService/ResendHumanPhoneVerification",otel_scope_name="",otel_scope_version="",return_code="200"}
1

grpc_server_grpc_status_code_total{grpc_method="/zitadel.user.v2.UserService/GetUserByID",otel_scope_name="",otel_scope_version="",return_code="200"}
1
# HELP grpc_server_request_counter_total Grpc request counter
# TYPE grpc_server_request_counter_total counter

grpc_server_request_counter_total{grpc_method="/zitadel.management.v1.ManagementService/ListUserChanges",otel_scope_name="",otel_scope_version=""}
1

grpc_server_request_counter_total{grpc_method="/zitadel.management.v1.ManagementService/ListUserMetadata",otel_scope_name="",otel_scope_version=""}
2

grpc_server_request_counter_total{grpc_method="/zitadel.management.v1.ManagementService/ResendHumanPhoneVerification",otel_scope_name="",otel_scope_version=""}
1

grpc_server_request_counter_total{grpc_method="/zitadel.user.v2.UserService/GetUserByID",otel_scope_name="",otel_scope_version=""}
1
# HELP grpc_server_total_request_counter_total Total grpc request
counter
# TYPE grpc_server_total_request_counter_total counter

grpc_server_total_request_counter_total{otel_scope_name="",otel_scope_version=""}
5
# HELP otel_scope_info Instrumentation Scope metadata
# TYPE otel_scope_info gauge
otel_scope_info{otel_scope_name="",otel_scope_version=""} 1

otel_scope_info{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version=""}
1
# HELP projection_events_processed_total Number of events reduced to
process projection updates
# TYPE projection_events_processed_total counter

projection_events_processed_total{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",success="true"}
1

projection_events_processed_total{otel_scope_name="",otel_scope_version="",projection="projections.instance_features2",success="true"}
0

projection_events_processed_total{otel_scope_name="",otel_scope_version="",projection="projections.login_names3",success="true"}
0

projection_events_processed_total{otel_scope_name="",otel_scope_version="",projection="projections.notifications",success="true"}
1

projection_events_processed_total{otel_scope_name="",otel_scope_version="",projection="projections.orgs1",success="true"}
0

projection_events_processed_total{otel_scope_name="",otel_scope_version="",projection="projections.user_metadata5",success="true"}
0

projection_events_processed_total{otel_scope_name="",otel_scope_version="",projection="projections.users14",success="true"}
0
# HELP projection_handle_timer_seconds Time taken to process a
projection update
# TYPE projection_handle_timer_seconds histogram

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="0.005"}
0

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="0.01"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="0.05"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="0.1"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="1"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="5"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="10"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="30"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="60"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="120"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="+Inf"}
1

projection_handle_timer_seconds_sum{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler"}
0.007344541

projection_handle_timer_seconds_count{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="0.005"}
0

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="0.01"}
0

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="0.05"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="0.1"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="1"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="5"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="10"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="30"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="60"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="120"}
1

projection_handle_timer_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="+Inf"}
1

projection_handle_timer_seconds_sum{otel_scope_name="",otel_scope_version="",projection="projections.notifications"}
0.014258458

projection_handle_timer_seconds_count{otel_scope_name="",otel_scope_version="",projection="projections.notifications"}
1
# HELP projection_state_latency_seconds When finishing processing a
batch of events, this track the age of the last events seen from current
time
# TYPE projection_state_latency_seconds histogram

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="0.1"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="0.5"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="1"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="5"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="10"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="30"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="60"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="300"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="600"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="1800"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler",le="+Inf"}
1

projection_state_latency_seconds_sum{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler"}
0.012979

projection_state_latency_seconds_count{otel_scope_name="",otel_scope_version="",projection="projections.execution_handler"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="0.1"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="0.5"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="1"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="5"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="10"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="30"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="60"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="300"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="600"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="1800"}
1

projection_state_latency_seconds_bucket{otel_scope_name="",otel_scope_version="",projection="projections.notifications",le="+Inf"}
1

projection_state_latency_seconds_sum{otel_scope_name="",otel_scope_version="",projection="projections.notifications"}
0.0199

projection_state_latency_seconds_count{otel_scope_name="",otel_scope_version="",projection="projections.notifications"}
1
# HELP promhttp_metric_handler_requests_in_flight Current number of
scrapes being served.
# TYPE promhttp_metric_handler_requests_in_flight gauge
promhttp_metric_handler_requests_in_flight 1
# HELP promhttp_metric_handler_requests_total Total number of scrapes by
HTTP status code.
# TYPE promhttp_metric_handler_requests_total counter
promhttp_metric_handler_requests_total{code="200"} 1
promhttp_metric_handler_requests_total{code="500"} 0
promhttp_metric_handler_requests_total{code="503"} 0
# HELP river_insert_count_total Number of jobs inserted
# TYPE river_insert_count_total counter

river_insert_count_total{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok"}
1
# HELP river_insert_many_count_total Number of job batches inserted (all
jobs are inserted in a batch, but batches may be one job)
# TYPE river_insert_many_count_total counter

river_insert_many_count_total{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok"}
1
# HELP river_insert_many_duration_histogram_seconds Duration of job
batch insertion (histogram)
# TYPE river_insert_many_duration_histogram_seconds histogram

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="0"}
0

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="5"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="10"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="25"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="50"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="75"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="100"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="250"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="500"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="750"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="1000"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="2500"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="5000"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="7500"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="10000"}
1

river_insert_many_duration_histogram_seconds_bucket{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok",le="+Inf"}
1

river_insert_many_duration_histogram_seconds_sum{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok"}
0.002905666

river_insert_many_duration_histogram_seconds_count{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok"}
1
# HELP river_insert_many_duration_seconds Duration of job batch
insertion
# TYPE river_insert_many_duration_seconds gauge

river_insert_many_duration_seconds{otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",status="ok"}
0.002905666
# HELP river_work_count_total Number of jobs worked
# TYPE river_work_count_total counter

river_work_count_total{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]"}
1

river_work_count_total{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]"}
1
# HELP river_work_duration_histogram_seconds Duration of job being
worked (histogram)
# TYPE river_work_duration_histogram_seconds histogram

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="0"}
0

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="5"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="10"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="25"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="50"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="75"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="100"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="250"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="500"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="750"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="1000"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="2500"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="5000"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="7500"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="10000"}
1

river_work_duration_histogram_seconds_bucket{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="+Inf"}
1

river_work_duration_histogram_seconds_sum{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]"}
0.029241083

river_work_duration_histogram_seconds_count{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="0"}
0

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="5"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="10"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="25"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="50"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="75"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="100"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="250"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="500"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="750"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="1000"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="2500"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="5000"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="7500"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="10000"}
1

river_work_duration_histogram_seconds_bucket{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]",le="+Inf"}
1

river_work_duration_histogram_seconds_sum{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]"}
0.0408745

river_work_duration_histogram_seconds_count{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]"}
1
# HELP river_work_duration_seconds Duration of job being worked
# TYPE river_work_duration_seconds gauge

river_work_duration_seconds{attempt="1",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]"}
0.029241083

river_work_duration_seconds{attempt="2",kind="notification_request",otel_scope_name="github.com/riverqueue/rivercontrib/otelriver",otel_scope_version="",priority="1",queue="notification",status="error",tag="[]"}
0.0408745
# HELP target_info Target metadata
# TYPE target_info gauge

target_info{service_name="ZITADEL",service_version="2025-06-09T13:52:29-04:00",telemetry_sdk_language="go",telemetry_sdk_name="opentelemetry",telemetry_sdk_version="1.35.0"}
1

</details>

Example grafana dashboard:
![Screenshot 2025-06-11 at 11 30
06 AM](https://github.com/user-attachments/assets/a2c9b377-8ddd-40b9-a506-7df3b31941da)

- Closes #10043

---------

Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
---
 go.mod                  | 1 +
 go.sum                  | 2 ++
 internal/queue/queue.go | 7 +++++++
 3 files changed, 10 insertions(+)

diff --git a/go.mod b/go.mod
index 21a7fe9f16..15b3d2b391 100644
--- a/go.mod
+++ b/go.mod
@@ -146,6 +146,7 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/riverqueue/river/rivershared v0.22.0 // indirect
+	github.com/riverqueue/rivercontrib/otelriver v0.5.0 // indirect
 	github.com/sagikazarmark/locafero v0.7.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
diff --git a/go.sum b/go.sum
index cc3bc35841..272ce655a3 100644
--- a/go.sum
+++ b/go.sum
@@ -682,6 +682,8 @@ github.com/riverqueue/river/rivershared v0.22.0 h1:hLPHr98d6OEfmUJ4KpIXgoy2tbQ14
 github.com/riverqueue/river/rivershared v0.22.0/go.mod h1:BK+hvhECfdDLWNDH3xiGI95m2YoPfVtECZLT+my8XM8=
 github.com/riverqueue/river/rivertype v0.22.0 h1:rSRhbd5uV/BaFTPxReCxuYTAzx+/riBZJlZdREADvO4=
 github.com/riverqueue/river/rivertype v0.22.0/go.mod h1:lmdl3vLNDfchDWbYdW2uAocIuwIN+ZaXqAukdSCFqWs=
+github.com/riverqueue/rivercontrib/otelriver v0.5.0 h1:dZF4Fy7/3RaIRsyCPdpIJtzEip0pCvoJ44YpSDum8e4=
+github.com/riverqueue/rivercontrib/otelriver v0.5.0/go.mod h1:rXANcBrlgRvg+auD3/O6Xfs59AWeWNpa/kim62mkxGo=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
diff --git a/internal/queue/queue.go b/internal/queue/queue.go
index d680221753..22df8c2b5c 100644
--- a/internal/queue/queue.go
+++ b/internal/queue/queue.go
@@ -7,9 +7,12 @@ import (
 	"github.com/riverqueue/river"
 	"github.com/riverqueue/river/riverdriver"
 	"github.com/riverqueue/river/riverdriver/riverpgxv5"
+	"github.com/riverqueue/river/rivertype"
+	"github.com/riverqueue/rivercontrib/otelriver"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/telemetry/metrics"
 )
 
 // Queue abstracts the underlying queuing library
@@ -27,12 +30,16 @@ type Config struct {
 }
 
 func NewQueue(config *Config) (_ *Queue, err error) {
+	middleware := []rivertype.Middleware{otelriver.NewMiddleware(&otelriver.MiddlewareConfig{
+		MeterProvider: metrics.GetMetricsProvider(),
+	})}
 	return &Queue{
 		driver: riverpgxv5.New(config.Client.Pool),
 		config: &river.Config{
 			Workers:    river.NewWorkers(),
 			Queues:     make(map[string]river.QueueConfig),
 			JobTimeout: -1,
+			Middleware: middleware,
 		},
 	}, nil
 }

From cddbd3dd47d559dde2e2deb63be25bc93137826b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabienne=20B=C3=BChler?= <fabienne@zitadel.com>
Date: Tue, 17 Jun 2025 15:20:44 +0200
Subject: [PATCH 098/123] docs: Correct API docs of unlock user (#10064)

# Which Problems Are Solved

The API docs of unlock user show the description of the lock user.

# How the Problems Are Solved

Correct API docs for unlock user are added
---
 proto/zitadel/user/v2/user_service.proto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proto/zitadel/user/v2/user_service.proto b/proto/zitadel/user/v2/user_service.proto
index 3fc81836d6..a416555905 100644
--- a/proto/zitadel/user/v2/user_service.proto
+++ b/proto/zitadel/user/v2/user_service.proto
@@ -701,7 +701,7 @@ service UserService {
 
   // Unlock user
   //
-  // The state of the user will be changed to 'locked'. The user will not be able to log in anymore. The endpoint returns an error if the user is already in the state 'locked'. Use this endpoint if the user should not be able to log in temporarily because of an event that happened (wrong password, etc.)..
+  // The state of the user will be changed to 'active'. The user will be able to log in again. The endpoint returns an error if the user is not in the state 'locked'.
   rpc UnlockUser(UnlockUserRequest) returns (UnlockUserResponse) {
     option (google.api.http) = {
       post: "/v2/users/{user_id}/unlock"

From 28f7218ea1068a4bc7587166ce3a17af20ff4156 Mon Sep 17 00:00:00 2001
From: "Marco A." <marco@zitadel.com>
Date: Wed, 18 Jun 2025 13:24:39 +0200
Subject: [PATCH 099/123] feat: Hosted login translation API (#10011)

# Which Problems Are Solved

This PR implements https://github.com/zitadel/zitadel/issues/9850

# How the Problems Are Solved

  - New protobuf definition
  - Implementation of retrieval of system translations
- Implementation of retrieval and persistence of organization and
instance level translations

# Additional Context

- Closes #9850

# TODO

- [x] Integration tests for Get and Set hosted login translation
endpoints
- [x] DB migration test
- [x] Command function tests
- [x] Command util functions tests
- [x] Query function test
- [x] Query util functions tests
---
 go.mod                                        |    3 +-
 go.sum                                        |    2 +
 internal/api/authz/context_mock.go            |   24 +-
 .../v2/integration_test/query_test.go         |  432 +++++
 .../v2/integration_test/server_test.go        |    9 +-
 .../v2/integration_test/settings_test.go      |  371 +---
 internal/api/grpc/settings/v2/query.go        |  209 +++
 internal/api/grpc/settings/v2/settings.go     |  201 +--
 internal/command/hosted_login_translation.go  |   73 +
 .../command/hosted_login_translation_model.go |   45 +
 .../command/hosted_login_translation_test.go  |  211 +++
 internal/database/mock/sql_mock.go            |   12 +-
 internal/query/hosted_login_translation.go    |  256 +++
 .../query/hosted_login_translation_test.go    |  337 ++++
 .../projection/hosted_login_translation.go    |  144 ++
 internal/query/projection/projection.go       |    3 +
 internal/query/v2-default.json                | 1557 +++++++++++++++++
 internal/repository/instance/eventstore.go    |    1 +
 .../instance/hosted_login_translation.go      |   55 +
 internal/repository/org/eventstore.go         |    1 +
 .../org/hosted_login_translation.go           |   55 +
 proto/zitadel/settings/v2/settings.proto      |    2 +-
 .../settings/v2/settings_service.proto        |  137 ++
 23 files changed, 3613 insertions(+), 527 deletions(-)
 create mode 100644 internal/api/grpc/settings/v2/integration_test/query_test.go
 create mode 100644 internal/api/grpc/settings/v2/query.go
 create mode 100644 internal/command/hosted_login_translation.go
 create mode 100644 internal/command/hosted_login_translation_model.go
 create mode 100644 internal/command/hosted_login_translation_test.go
 create mode 100644 internal/query/hosted_login_translation.go
 create mode 100644 internal/query/hosted_login_translation_test.go
 create mode 100644 internal/query/projection/hosted_login_translation.go
 create mode 100644 internal/query/v2-default.json
 create mode 100644 internal/repository/instance/hosted_login_translation.go
 create mode 100644 internal/repository/org/hosted_login_translation.go

diff --git a/go.mod b/go.mod
index 15b3d2b391..9d02050b48 100644
--- a/go.mod
+++ b/go.mod
@@ -7,6 +7,7 @@ toolchain go1.24.1
 require (
 	cloud.google.com/go/profiler v0.4.2
 	cloud.google.com/go/storage v1.54.0
+	dario.cat/mergo v1.0.2
 	github.com/BurntSushi/toml v1.5.0
 	github.com/DATA-DOG/go-sqlmock v1.5.2
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.27.0
@@ -65,6 +66,7 @@ require (
 	github.com/riverqueue/river v0.22.0
 	github.com/riverqueue/river/riverdriver v0.22.0
 	github.com/riverqueue/river/rivertype v0.22.0
+	github.com/riverqueue/rivercontrib/otelriver v0.5.0
 	github.com/rs/cors v1.11.1
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
 	github.com/shopspring/decimal v1.3.1
@@ -146,7 +148,6 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/riverqueue/river/rivershared v0.22.0 // indirect
-	github.com/riverqueue/rivercontrib/otelriver v0.5.0 // indirect
 	github.com/sagikazarmark/locafero v0.7.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
diff --git a/go.sum b/go.sum
index 272ce655a3..e2ab9768a6 100644
--- a/go.sum
+++ b/go.sum
@@ -24,6 +24,8 @@ cloud.google.com/go/storage v1.54.0 h1:Du3XEyliAiftfyW0bwfdppm2MMLdpVAfiIg4T2nAI
 cloud.google.com/go/storage v1.54.0/go.mod h1:hIi9Boe8cHxTyaeqh7KMMwKg088VblFK46C2x/BWaZE=
 cloud.google.com/go/trace v1.11.3 h1:c+I4YFjxRQjvAhRmSsmjpASUKq88chOX854ied0K/pE=
 cloud.google.com/go/trace v1.11.3/go.mod h1:pt7zCYiDSQjC9Y2oqCsh9jF4GStB/hmjrYLsxRR27q8=
+dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
+dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
diff --git a/internal/api/authz/context_mock.go b/internal/api/authz/context_mock.go
index 6891030bd3..d26b371bc6 100644
--- a/internal/api/authz/context_mock.go
+++ b/internal/api/authz/context_mock.go
@@ -1,10 +1,28 @@
 package authz
 
-import "context"
+import (
+	"context"
 
-func NewMockContext(instanceID, orgID, userID string) context.Context {
+	"golang.org/x/text/language"
+)
+
+type MockContextInstanceOpts func(i *instance)
+
+func WithMockDefaultLanguage(lang language.Tag) MockContextInstanceOpts {
+	return func(i *instance) {
+		i.defaultLanguage = lang
+	}
+}
+
+func NewMockContext(instanceID, orgID, userID string, opts ...MockContextInstanceOpts) context.Context {
 	ctx := context.WithValue(context.Background(), dataKey, CtxData{UserID: userID, OrgID: orgID})
-	return context.WithValue(ctx, instanceKey, &instance{id: instanceID})
+
+	i := &instance{id: instanceID}
+	for _, o := range opts {
+		o(i)
+	}
+
+	return context.WithValue(ctx, instanceKey, i)
 }
 
 func NewMockContextWithAgent(instanceID, orgID, userID, agentID string) context.Context {
diff --git a/internal/api/grpc/settings/v2/integration_test/query_test.go b/internal/api/grpc/settings/v2/integration_test/query_test.go
new file mode 100644
index 0000000000..c3bf54e992
--- /dev/null
+++ b/internal/api/grpc/settings/v2/integration_test/query_test.go
@@ -0,0 +1,432 @@
+//go:build integration
+
+package settings_test
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/structpb"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	"github.com/zitadel/zitadel/pkg/grpc/idp"
+	idp_pb "github.com/zitadel/zitadel/pkg/grpc/idp/v2"
+	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
+)
+
+func TestServer_GetSecuritySettings(t *testing.T) {
+	_, err := Client.SetSecuritySettings(AdminCTX, &settings.SetSecuritySettingsRequest{
+		EmbeddedIframe: &settings.EmbeddedIframeSettings{
+			Enabled:        true,
+			AllowedOrigins: []string{"foo", "bar"},
+		},
+		EnableImpersonation: true,
+	})
+	require.NoError(t, err)
+
+	tests := []struct {
+		name    string
+		ctx     context.Context
+		want    *settings.GetSecuritySettingsResponse
+		wantErr bool
+	}{
+		{
+			name:    "permission error",
+			ctx:     Instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
+			wantErr: true,
+		},
+		{
+			name: "success",
+			ctx:  AdminCTX,
+			want: &settings.GetSecuritySettingsResponse{
+				Settings: &settings.SecuritySettings{
+					EmbeddedIframe: &settings.EmbeddedIframeSettings{
+						Enabled:        true,
+						AllowedOrigins: []string{"foo", "bar"},
+					},
+					EnableImpersonation: true,
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.ctx, time.Minute)
+			assert.EventuallyWithT(t, func(ct *assert.CollectT) {
+				resp, err := Client.GetSecuritySettings(tt.ctx, &settings.GetSecuritySettingsRequest{})
+				if tt.wantErr {
+					assert.Error(ct, err)
+					return
+				}
+				if !assert.NoError(ct, err) {
+					return
+				}
+				got, want := resp.GetSettings(), tt.want.GetSettings()
+				assert.Equal(ct, want.GetEmbeddedIframe().GetEnabled(), got.GetEmbeddedIframe().GetEnabled(), "enable iframe embedding")
+				assert.Equal(ct, want.GetEmbeddedIframe().GetAllowedOrigins(), got.GetEmbeddedIframe().GetAllowedOrigins(), "allowed origins")
+				assert.Equal(ct, want.GetEnableImpersonation(), got.GetEnableImpersonation(), "enable impersonation")
+			}, retryDuration, tick)
+		})
+	}
+}
+
+func idpResponse(id, name string, linking, creation, autoCreation, autoUpdate bool, autoLinking idp_pb.AutoLinkingOption) *settings.IdentityProvider {
+	return &settings.IdentityProvider{
+		Id:   id,
+		Name: name,
+		Type: settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_OAUTH,
+		Options: &idp_pb.Options{
+			IsLinkingAllowed:  linking,
+			IsCreationAllowed: creation,
+			IsAutoCreation:    autoCreation,
+			IsAutoUpdate:      autoUpdate,
+			AutoLinking:       autoLinking,
+		},
+	}
+}
+
+func TestServer_GetActiveIdentityProviders(t *testing.T) {
+	instance := integration.NewInstance(CTX)
+	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+
+	instance.AddGenericOAuthProvider(isolatedIAMOwnerCTX, gofakeit.AppName()) // inactive
+	idpActiveName := gofakeit.AppName()
+	idpActiveResp := instance.AddGenericOAuthProvider(isolatedIAMOwnerCTX, idpActiveName)
+	instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpActiveResp.GetId())
+	idpActiveResponse := idpResponse(idpActiveResp.GetId(), idpActiveName, true, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
+	idpLinkingDisallowedName := gofakeit.AppName()
+	idpLinkingDisallowedResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpLinkingDisallowedName, false, true, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
+	instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpLinkingDisallowedResp.GetId())
+	idpLinkingDisallowedResponse := idpResponse(idpLinkingDisallowedResp.GetId(), idpLinkingDisallowedName, false, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
+	idpCreationDisallowedName := gofakeit.AppName()
+	idpCreationDisallowedResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpCreationDisallowedName, true, false, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
+	instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpCreationDisallowedResp.GetId())
+	idpCreationDisallowedResponse := idpResponse(idpCreationDisallowedResp.GetId(), idpCreationDisallowedName, true, false, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
+	idpNoAutoCreationName := gofakeit.AppName()
+	idpNoAutoCreationResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpNoAutoCreationName, true, true, false, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
+	instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpNoAutoCreationResp.GetId())
+	idpNoAutoCreationResponse := idpResponse(idpNoAutoCreationResp.GetId(), idpNoAutoCreationName, true, true, false, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
+	idpNoAutoLinkingName := gofakeit.AppName()
+	idpNoAutoLinkingResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpNoAutoLinkingName, true, true, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_UNSPECIFIED)
+	instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpNoAutoLinkingResp.GetId())
+	idpNoAutoLinkingResponse := idpResponse(idpNoAutoLinkingResp.GetId(), idpNoAutoLinkingName, true, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_UNSPECIFIED)
+
+	type args struct {
+		ctx context.Context
+		req *settings.GetActiveIdentityProvidersRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *settings.GetActiveIdentityProvidersResponse
+		wantErr bool
+	}{
+		{
+			name: "permission error",
+			args: args{
+				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
+				req: &settings.GetActiveIdentityProvidersRequest{},
+			},
+			wantErr: true,
+		},
+		{
+			name: "success, all",
+			args: args{
+				ctx: isolatedIAMOwnerCTX,
+				req: &settings.GetActiveIdentityProvidersRequest{},
+			},
+			want: &settings.GetActiveIdentityProvidersResponse{
+				Details: &object_pb.ListDetails{
+					TotalResult: 5,
+					Timestamp:   timestamppb.Now(),
+				},
+				IdentityProviders: []*settings.IdentityProvider{
+					idpActiveResponse,
+					idpLinkingDisallowedResponse,
+					idpCreationDisallowedResponse,
+					idpNoAutoCreationResponse,
+					idpNoAutoLinkingResponse,
+				},
+			},
+		},
+		{
+			name: "success, exclude linking disallowed",
+			args: args{
+				ctx: isolatedIAMOwnerCTX,
+				req: &settings.GetActiveIdentityProvidersRequest{
+					LinkingAllowed: gu.Ptr(true),
+				},
+			},
+			want: &settings.GetActiveIdentityProvidersResponse{
+				Details: &object_pb.ListDetails{
+					TotalResult: 4,
+					Timestamp:   timestamppb.Now(),
+				},
+				IdentityProviders: []*settings.IdentityProvider{
+					idpActiveResponse,
+					idpCreationDisallowedResponse,
+					idpNoAutoCreationResponse,
+					idpNoAutoLinkingResponse,
+				},
+			},
+		},
+		{
+			name: "success, only linking disallowed",
+			args: args{
+				ctx: isolatedIAMOwnerCTX,
+				req: &settings.GetActiveIdentityProvidersRequest{
+					LinkingAllowed: gu.Ptr(false),
+				},
+			},
+			want: &settings.GetActiveIdentityProvidersResponse{
+				Details: &object_pb.ListDetails{
+					TotalResult: 1,
+					Timestamp:   timestamppb.Now(),
+				},
+				IdentityProviders: []*settings.IdentityProvider{
+					idpLinkingDisallowedResponse,
+				},
+			},
+		},
+		{
+			name: "success, exclude creation disallowed",
+			args: args{
+				ctx: isolatedIAMOwnerCTX,
+				req: &settings.GetActiveIdentityProvidersRequest{
+					CreationAllowed: gu.Ptr(true),
+				},
+			},
+			want: &settings.GetActiveIdentityProvidersResponse{
+				Details: &object_pb.ListDetails{
+					TotalResult: 4,
+					Timestamp:   timestamppb.Now(),
+				},
+				IdentityProviders: []*settings.IdentityProvider{
+					idpActiveResponse,
+					idpLinkingDisallowedResponse,
+					idpNoAutoCreationResponse,
+					idpNoAutoLinkingResponse,
+				},
+			},
+		},
+		{
+			name: "success, only creation disallowed",
+			args: args{
+				ctx: isolatedIAMOwnerCTX,
+				req: &settings.GetActiveIdentityProvidersRequest{
+					CreationAllowed: gu.Ptr(false),
+				},
+			},
+			want: &settings.GetActiveIdentityProvidersResponse{
+				Details: &object_pb.ListDetails{
+					TotalResult: 1,
+					Timestamp:   timestamppb.Now(),
+				},
+				IdentityProviders: []*settings.IdentityProvider{
+					idpCreationDisallowedResponse,
+				},
+			},
+		},
+		{
+			name: "success, auto creation",
+			args: args{
+				ctx: isolatedIAMOwnerCTX,
+				req: &settings.GetActiveIdentityProvidersRequest{
+					AutoCreation: gu.Ptr(true),
+				},
+			},
+			want: &settings.GetActiveIdentityProvidersResponse{
+				Details: &object_pb.ListDetails{
+					TotalResult: 4,
+					Timestamp:   timestamppb.Now(),
+				},
+				IdentityProviders: []*settings.IdentityProvider{
+					idpActiveResponse,
+					idpLinkingDisallowedResponse,
+					idpCreationDisallowedResponse,
+					idpNoAutoLinkingResponse,
+				},
+			},
+		},
+		{
+			name: "success, no auto creation",
+			args: args{
+				ctx: isolatedIAMOwnerCTX,
+				req: &settings.GetActiveIdentityProvidersRequest{
+					AutoCreation: gu.Ptr(false),
+				},
+			},
+			want: &settings.GetActiveIdentityProvidersResponse{
+				Details: &object_pb.ListDetails{
+					TotalResult: 1,
+					Timestamp:   timestamppb.Now(),
+				},
+				IdentityProviders: []*settings.IdentityProvider{
+					idpNoAutoCreationResponse,
+				},
+			},
+		},
+		{
+			name: "success, auto linking",
+			args: args{
+				ctx: isolatedIAMOwnerCTX,
+				req: &settings.GetActiveIdentityProvidersRequest{
+					AutoLinking: gu.Ptr(true),
+				},
+			},
+			want: &settings.GetActiveIdentityProvidersResponse{
+				Details: &object_pb.ListDetails{
+					TotalResult: 4,
+					Timestamp:   timestamppb.Now(),
+				},
+				IdentityProviders: []*settings.IdentityProvider{
+					idpActiveResponse,
+					idpLinkingDisallowedResponse,
+					idpCreationDisallowedResponse,
+					idpNoAutoCreationResponse,
+				},
+			},
+		},
+		{
+			name: "success, no auto linking",
+			args: args{
+				ctx: isolatedIAMOwnerCTX,
+				req: &settings.GetActiveIdentityProvidersRequest{
+					AutoLinking: gu.Ptr(false),
+				},
+			},
+			want: &settings.GetActiveIdentityProvidersResponse{
+				Details: &object_pb.ListDetails{
+					TotalResult: 1,
+					Timestamp:   timestamppb.Now(),
+				},
+				IdentityProviders: []*settings.IdentityProvider{
+					idpNoAutoLinkingResponse,
+				},
+			},
+		},
+		{
+			name: "success, exclude all",
+			args: args{
+				ctx: isolatedIAMOwnerCTX,
+				req: &settings.GetActiveIdentityProvidersRequest{
+					LinkingAllowed:  gu.Ptr(true),
+					CreationAllowed: gu.Ptr(true),
+					AutoCreation:    gu.Ptr(true),
+					AutoLinking:     gu.Ptr(true),
+				},
+			},
+			want: &settings.GetActiveIdentityProvidersResponse{
+				Details: &object_pb.ListDetails{
+					TotalResult: 1,
+					Timestamp:   timestamppb.Now(),
+				},
+				IdentityProviders: []*settings.IdentityProvider{
+					idpActiveResponse,
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.args.ctx, time.Minute)
+			assert.EventuallyWithT(t, func(ct *assert.CollectT) {
+				got, err := instance.Client.SettingsV2.GetActiveIdentityProviders(tt.args.ctx, tt.args.req)
+				if tt.wantErr {
+					assert.Error(ct, err)
+					return
+				}
+				if !assert.NoError(ct, err) {
+					return
+				}
+				for i, result := range tt.want.GetIdentityProviders() {
+					assert.EqualExportedValues(ct, result, got.GetIdentityProviders()[i])
+				}
+				integration.AssertListDetails(ct, tt.want, got)
+			}, retryDuration, tick)
+		})
+	}
+}
+
+func TestServer_GetHostedLoginTranslation(t *testing.T) {
+	// Given
+	translations := map[string]any{"loginTitle": gofakeit.Slogan()}
+
+	protoTranslations, err := structpb.NewStruct(translations)
+	require.NoError(t, err)
+
+	setupRequest := &settings.SetHostedLoginTranslationRequest{
+		Level: &settings.SetHostedLoginTranslationRequest_OrganizationId{
+			OrganizationId: Instance.DefaultOrg.GetId(),
+		},
+		Translations: protoTranslations,
+		Locale:       gofakeit.LanguageBCP(),
+	}
+	savedTranslation, err := Client.SetHostedLoginTranslation(AdminCTX, setupRequest)
+	require.NoError(t, err)
+
+	tt := []struct {
+		testName     string
+		inputCtx     context.Context
+		inputRequest *settings.GetHostedLoginTranslationRequest
+
+		expectedErrorCode codes.Code
+		expectedErrorMsg  string
+		expectedResponse  *settings.GetHostedLoginTranslationResponse
+	}{
+		{
+			testName:          "when unauthN context should return unauthN error",
+			inputCtx:          CTX,
+			inputRequest:      &settings.GetHostedLoginTranslationRequest{Locale: "en-US"},
+			expectedErrorCode: codes.Unauthenticated,
+			expectedErrorMsg:  "auth header missing",
+		},
+		{
+			testName:          "when unauthZ context should return unauthZ error",
+			inputCtx:          OrgOwnerCtx,
+			inputRequest:      &settings.GetHostedLoginTranslationRequest{Locale: "en-US"},
+			expectedErrorCode: codes.PermissionDenied,
+			expectedErrorMsg:  "No matching permissions found (AUTH-5mWD2)",
+		},
+		{
+			testName: "when authZ request should save to db and return etag",
+			inputCtx: AdminCTX,
+			inputRequest: &settings.GetHostedLoginTranslationRequest{
+				Level: &settings.GetHostedLoginTranslationRequest_OrganizationId{
+					OrganizationId: Instance.DefaultOrg.GetId(),
+				},
+				Locale: setupRequest.GetLocale(),
+			},
+			expectedResponse: &settings.GetHostedLoginTranslationResponse{
+				Etag:         savedTranslation.GetEtag(),
+				Translations: protoTranslations,
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// When
+			res, err := Client.GetHostedLoginTranslation(tc.inputCtx, tc.inputRequest)
+
+			// Then
+			assert.Equal(t, tc.expectedErrorCode, status.Code(err))
+			assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
+
+			if tc.expectedErrorMsg == "" {
+				require.NoError(t, err)
+				assert.NotEmpty(t, res.GetEtag())
+				assert.NotEmpty(t, res.GetTranslations().GetFields())
+			}
+		})
+	}
+}
diff --git a/internal/api/grpc/settings/v2/integration_test/server_test.go b/internal/api/grpc/settings/v2/integration_test/server_test.go
index d57e2a7694..c5c851c310 100644
--- a/internal/api/grpc/settings/v2/integration_test/server_test.go
+++ b/internal/api/grpc/settings/v2/integration_test/server_test.go
@@ -13,9 +13,9 @@ import (
 )
 
 var (
-	CTX, AdminCTX context.Context
-	Instance      *integration.Instance
-	Client        settings.SettingsServiceClient
+	CTX, AdminCTX, UserTypeLoginCtx, OrgOwnerCtx context.Context
+	Instance                                     *integration.Instance
+	Client                                       settings.SettingsServiceClient
 )
 
 func TestMain(m *testing.M) {
@@ -27,6 +27,9 @@ func TestMain(m *testing.M) {
 
 		CTX = ctx
 		AdminCTX = Instance.WithAuthorization(ctx, integration.UserTypeIAMOwner)
+		UserTypeLoginCtx = Instance.WithAuthorization(ctx, integration.UserTypeLogin)
+		OrgOwnerCtx = Instance.WithAuthorization(ctx, integration.UserTypeOrgOwner)
+
 		Client = Instance.Client.SettingsV2
 		return m.Run()
 	}())
diff --git a/internal/api/grpc/settings/v2/integration_test/settings_test.go b/internal/api/grpc/settings/v2/integration_test/settings_test.go
index 3430eae5f8..7d1e4b0239 100644
--- a/internal/api/grpc/settings/v2/integration_test/settings_test.go
+++ b/internal/api/grpc/settings/v2/integration_test/settings_test.go
@@ -4,78 +4,23 @@ package settings_test
 
 import (
 	"context"
+	"crypto/md5"
+	"encoding/hex"
+	"fmt"
 	"testing"
-	"time"
 
-	"github.com/brianvoe/gofakeit/v6"
-	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/integration"
-	"github.com/zitadel/zitadel/pkg/grpc/idp"
-	idp_pb "github.com/zitadel/zitadel/pkg/grpc/idp/v2"
 	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2"
 	"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
 )
 
-func TestServer_GetSecuritySettings(t *testing.T) {
-	_, err := Client.SetSecuritySettings(AdminCTX, &settings.SetSecuritySettingsRequest{
-		EmbeddedIframe: &settings.EmbeddedIframeSettings{
-			Enabled:        true,
-			AllowedOrigins: []string{"foo", "bar"},
-		},
-		EnableImpersonation: true,
-	})
-	require.NoError(t, err)
-
-	tests := []struct {
-		name    string
-		ctx     context.Context
-		want    *settings.GetSecuritySettingsResponse
-		wantErr bool
-	}{
-		{
-			name:    "permission error",
-			ctx:     Instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
-			wantErr: true,
-		},
-		{
-			name: "success",
-			ctx:  AdminCTX,
-			want: &settings.GetSecuritySettingsResponse{
-				Settings: &settings.SecuritySettings{
-					EmbeddedIframe: &settings.EmbeddedIframeSettings{
-						Enabled:        true,
-						AllowedOrigins: []string{"foo", "bar"},
-					},
-					EnableImpersonation: true,
-				},
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.ctx, time.Minute)
-			assert.EventuallyWithT(t, func(ct *assert.CollectT) {
-				resp, err := Client.GetSecuritySettings(tt.ctx, &settings.GetSecuritySettingsRequest{})
-				if tt.wantErr {
-					assert.Error(ct, err)
-					return
-				}
-				if !assert.NoError(ct, err) {
-					return
-				}
-				got, want := resp.GetSettings(), tt.want.GetSettings()
-				assert.Equal(ct, want.GetEmbeddedIframe().GetEnabled(), got.GetEmbeddedIframe().GetEnabled(), "enable iframe embedding")
-				assert.Equal(ct, want.GetEmbeddedIframe().GetAllowedOrigins(), got.GetEmbeddedIframe().GetAllowedOrigins(), "allowed origins")
-				assert.Equal(ct, want.GetEnableImpersonation(), got.GetEnableImpersonation(), "enable impersonation")
-			}, retryDuration, tick)
-		})
-	}
-}
-
 func TestServer_SetSecuritySettings(t *testing.T) {
 	type args struct {
 		ctx context.Context
@@ -183,280 +128,64 @@ func TestServer_SetSecuritySettings(t *testing.T) {
 	}
 }
 
-func idpResponse(id, name string, linking, creation, autoCreation, autoUpdate bool, autoLinking idp_pb.AutoLinkingOption) *settings.IdentityProvider {
-	return &settings.IdentityProvider{
-		Id:   id,
-		Name: name,
-		Type: settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_OAUTH,
-		Options: &idp_pb.Options{
-			IsLinkingAllowed:  linking,
-			IsCreationAllowed: creation,
-			IsAutoCreation:    autoCreation,
-			IsAutoUpdate:      autoUpdate,
-			AutoLinking:       autoLinking,
-		},
-	}
-}
+func TestSetHostedLoginTranslation(t *testing.T) {
+	translations := map[string]any{"loginTitle": "Welcome to our service"}
 
-func TestServer_GetActiveIdentityProviders(t *testing.T) {
-	instance := integration.NewInstance(CTX)
-	isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	protoTranslations, err := structpb.NewStruct(translations)
+	require.Nil(t, err)
 
-	instance.AddGenericOAuthProvider(isolatedIAMOwnerCTX, gofakeit.AppName()) // inactive
-	idpActiveName := gofakeit.AppName()
-	idpActiveResp := instance.AddGenericOAuthProvider(isolatedIAMOwnerCTX, idpActiveName)
-	instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpActiveResp.GetId())
-	idpActiveResponse := idpResponse(idpActiveResp.GetId(), idpActiveName, true, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
-	idpLinkingDisallowedName := gofakeit.AppName()
-	idpLinkingDisallowedResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpLinkingDisallowedName, false, true, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
-	instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpLinkingDisallowedResp.GetId())
-	idpLinkingDisallowedResponse := idpResponse(idpLinkingDisallowedResp.GetId(), idpLinkingDisallowedName, false, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
-	idpCreationDisallowedName := gofakeit.AppName()
-	idpCreationDisallowedResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpCreationDisallowedName, true, false, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
-	instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpCreationDisallowedResp.GetId())
-	idpCreationDisallowedResponse := idpResponse(idpCreationDisallowedResp.GetId(), idpCreationDisallowedName, true, false, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
-	idpNoAutoCreationName := gofakeit.AppName()
-	idpNoAutoCreationResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpNoAutoCreationName, true, true, false, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
-	instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpNoAutoCreationResp.GetId())
-	idpNoAutoCreationResponse := idpResponse(idpNoAutoCreationResp.GetId(), idpNoAutoCreationName, true, true, false, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
-	idpNoAutoLinkingName := gofakeit.AppName()
-	idpNoAutoLinkingResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpNoAutoLinkingName, true, true, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_UNSPECIFIED)
-	instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpNoAutoLinkingResp.GetId())
-	idpNoAutoLinkingResponse := idpResponse(idpNoAutoLinkingResp.GetId(), idpNoAutoLinkingName, true, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_UNSPECIFIED)
+	hash := md5.Sum(fmt.Append(nil, translations))
 
-	type args struct {
-		ctx context.Context
-		req *settings.GetActiveIdentityProvidersRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    *settings.GetActiveIdentityProvidersResponse
-		wantErr bool
+	tt := []struct {
+		testName     string
+		inputCtx     context.Context
+		inputRequest *settings.SetHostedLoginTranslationRequest
+
+		expectedErrorCode codes.Code
+		expectedErrorMsg  string
+		expectedResponse  *settings.SetHostedLoginTranslationResponse
 	}{
 		{
-			name: "permission error",
-			args: args{
-				ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
-				req: &settings.GetActiveIdentityProvidersRequest{},
-			},
-			wantErr: true,
+			testName:          "when unauthN context should return unauthN error",
+			inputCtx:          CTX,
+			expectedErrorCode: codes.Unauthenticated,
+			expectedErrorMsg:  "auth header missing",
 		},
 		{
-			name: "success, all",
-			args: args{
-				ctx: isolatedIAMOwnerCTX,
-				req: &settings.GetActiveIdentityProvidersRequest{},
-			},
-			want: &settings.GetActiveIdentityProvidersResponse{
-				Details: &object_pb.ListDetails{
-					TotalResult: 5,
-					Timestamp:   timestamppb.Now(),
-				},
-				IdentityProviders: []*settings.IdentityProvider{
-					idpActiveResponse,
-					idpLinkingDisallowedResponse,
-					idpCreationDisallowedResponse,
-					idpNoAutoCreationResponse,
-					idpNoAutoLinkingResponse,
-				},
-			},
+			testName:          "when unauthZ context should return unauthZ error",
+			inputCtx:          UserTypeLoginCtx,
+			expectedErrorCode: codes.PermissionDenied,
+			expectedErrorMsg:  "No matching permissions found (AUTH-5mWD2)",
 		},
 		{
-			name: "success, exclude linking disallowed",
-			args: args{
-				ctx: isolatedIAMOwnerCTX,
-				req: &settings.GetActiveIdentityProvidersRequest{
-					LinkingAllowed: gu.Ptr(true),
+			testName: "when authZ request should save to db and return etag",
+			inputCtx: AdminCTX,
+			inputRequest: &settings.SetHostedLoginTranslationRequest{
+				Level: &settings.SetHostedLoginTranslationRequest_OrganizationId{
+					OrganizationId: Instance.DefaultOrg.GetId(),
 				},
+				Translations: protoTranslations,
+				Locale:       "en-US",
 			},
-			want: &settings.GetActiveIdentityProvidersResponse{
-				Details: &object_pb.ListDetails{
-					TotalResult: 4,
-					Timestamp:   timestamppb.Now(),
-				},
-				IdentityProviders: []*settings.IdentityProvider{
-					idpActiveResponse,
-					idpCreationDisallowedResponse,
-					idpNoAutoCreationResponse,
-					idpNoAutoLinkingResponse,
-				},
-			},
-		},
-		{
-			name: "success, only linking disallowed",
-			args: args{
-				ctx: isolatedIAMOwnerCTX,
-				req: &settings.GetActiveIdentityProvidersRequest{
-					LinkingAllowed: gu.Ptr(false),
-				},
-			},
-			want: &settings.GetActiveIdentityProvidersResponse{
-				Details: &object_pb.ListDetails{
-					TotalResult: 1,
-					Timestamp:   timestamppb.Now(),
-				},
-				IdentityProviders: []*settings.IdentityProvider{
-					idpLinkingDisallowedResponse,
-				},
-			},
-		},
-		{
-			name: "success, exclude creation disallowed",
-			args: args{
-				ctx: isolatedIAMOwnerCTX,
-				req: &settings.GetActiveIdentityProvidersRequest{
-					CreationAllowed: gu.Ptr(true),
-				},
-			},
-			want: &settings.GetActiveIdentityProvidersResponse{
-				Details: &object_pb.ListDetails{
-					TotalResult: 4,
-					Timestamp:   timestamppb.Now(),
-				},
-				IdentityProviders: []*settings.IdentityProvider{
-					idpActiveResponse,
-					idpLinkingDisallowedResponse,
-					idpNoAutoCreationResponse,
-					idpNoAutoLinkingResponse,
-				},
-			},
-		},
-		{
-			name: "success, only creation disallowed",
-			args: args{
-				ctx: isolatedIAMOwnerCTX,
-				req: &settings.GetActiveIdentityProvidersRequest{
-					CreationAllowed: gu.Ptr(false),
-				},
-			},
-			want: &settings.GetActiveIdentityProvidersResponse{
-				Details: &object_pb.ListDetails{
-					TotalResult: 1,
-					Timestamp:   timestamppb.Now(),
-				},
-				IdentityProviders: []*settings.IdentityProvider{
-					idpCreationDisallowedResponse,
-				},
-			},
-		},
-		{
-			name: "success, auto creation",
-			args: args{
-				ctx: isolatedIAMOwnerCTX,
-				req: &settings.GetActiveIdentityProvidersRequest{
-					AutoCreation: gu.Ptr(true),
-				},
-			},
-			want: &settings.GetActiveIdentityProvidersResponse{
-				Details: &object_pb.ListDetails{
-					TotalResult: 4,
-					Timestamp:   timestamppb.Now(),
-				},
-				IdentityProviders: []*settings.IdentityProvider{
-					idpActiveResponse,
-					idpLinkingDisallowedResponse,
-					idpCreationDisallowedResponse,
-					idpNoAutoLinkingResponse,
-				},
-			},
-		},
-		{
-			name: "success, no auto creation",
-			args: args{
-				ctx: isolatedIAMOwnerCTX,
-				req: &settings.GetActiveIdentityProvidersRequest{
-					AutoCreation: gu.Ptr(false),
-				},
-			},
-			want: &settings.GetActiveIdentityProvidersResponse{
-				Details: &object_pb.ListDetails{
-					TotalResult: 1,
-					Timestamp:   timestamppb.Now(),
-				},
-				IdentityProviders: []*settings.IdentityProvider{
-					idpNoAutoCreationResponse,
-				},
-			},
-		},
-		{
-			name: "success, auto linking",
-			args: args{
-				ctx: isolatedIAMOwnerCTX,
-				req: &settings.GetActiveIdentityProvidersRequest{
-					AutoLinking: gu.Ptr(true),
-				},
-			},
-			want: &settings.GetActiveIdentityProvidersResponse{
-				Details: &object_pb.ListDetails{
-					TotalResult: 4,
-					Timestamp:   timestamppb.Now(),
-				},
-				IdentityProviders: []*settings.IdentityProvider{
-					idpActiveResponse,
-					idpLinkingDisallowedResponse,
-					idpCreationDisallowedResponse,
-					idpNoAutoCreationResponse,
-				},
-			},
-		},
-		{
-			name: "success, no auto linking",
-			args: args{
-				ctx: isolatedIAMOwnerCTX,
-				req: &settings.GetActiveIdentityProvidersRequest{
-					AutoLinking: gu.Ptr(false),
-				},
-			},
-			want: &settings.GetActiveIdentityProvidersResponse{
-				Details: &object_pb.ListDetails{
-					TotalResult: 1,
-					Timestamp:   timestamppb.Now(),
-				},
-				IdentityProviders: []*settings.IdentityProvider{
-					idpNoAutoLinkingResponse,
-				},
-			},
-		},
-		{
-			name: "success, exclude all",
-			args: args{
-				ctx: isolatedIAMOwnerCTX,
-				req: &settings.GetActiveIdentityProvidersRequest{
-					LinkingAllowed:  gu.Ptr(true),
-					CreationAllowed: gu.Ptr(true),
-					AutoCreation:    gu.Ptr(true),
-					AutoLinking:     gu.Ptr(true),
-				},
-			},
-			want: &settings.GetActiveIdentityProvidersResponse{
-				Details: &object_pb.ListDetails{
-					TotalResult: 1,
-					Timestamp:   timestamppb.Now(),
-				},
-				IdentityProviders: []*settings.IdentityProvider{
-					idpActiveResponse,
-				},
+			expectedResponse: &settings.SetHostedLoginTranslationResponse{
+				Etag: hex.EncodeToString(hash[:]),
 			},
 		},
 	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.args.ctx, time.Minute)
-			assert.EventuallyWithT(t, func(ct *assert.CollectT) {
-				got, err := instance.Client.SettingsV2.GetActiveIdentityProviders(tt.args.ctx, tt.args.req)
-				if tt.wantErr {
-					assert.Error(ct, err)
-					return
-				}
-				if !assert.NoError(ct, err) {
-					return
-				}
-				for i, result := range tt.want.GetIdentityProviders() {
-					assert.EqualExportedValues(ct, result, got.GetIdentityProviders()[i])
-				}
-				integration.AssertListDetails(ct, tt.want, got)
-			}, retryDuration, tick)
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// When
+			res, err := Client.SetHostedLoginTranslation(tc.inputCtx, tc.inputRequest)
+
+			// Then
+			assert.Equal(t, tc.expectedErrorCode, status.Code(err))
+			assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message())
+
+			if tc.expectedErrorMsg == "" {
+				require.NoError(t, err)
+				assert.Equal(t, tc.expectedResponse.GetEtag(), res.GetEtag())
+			}
 		})
 	}
 }
diff --git a/internal/api/grpc/settings/v2/query.go b/internal/api/grpc/settings/v2/query.go
new file mode 100644
index 0000000000..b8994ccb87
--- /dev/null
+++ b/internal/api/grpc/settings/v2/query.go
@@ -0,0 +1,209 @@
+package settings
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/i18n"
+	"github.com/zitadel/zitadel/internal/query"
+	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
+)
+
+func (s *Server) GetLoginSettings(ctx context.Context, req *settings.GetLoginSettingsRequest) (*settings.GetLoginSettingsResponse, error) {
+	current, err := s.query.LoginPolicyByID(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetLoginSettingsResponse{
+		Settings: loginSettingsToPb(current),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			CreationDate:  timestamppb.New(current.CreationDate),
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.OrgID,
+		},
+	}, nil
+}
+
+func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *settings.GetPasswordComplexitySettingsRequest) (*settings.GetPasswordComplexitySettingsResponse, error) {
+	current, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetPasswordComplexitySettingsResponse{
+		Settings: passwordComplexitySettingsToPb(current),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			CreationDate:  timestamppb.New(current.CreationDate),
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.ResourceOwner,
+		},
+	}, nil
+}
+
+func (s *Server) GetPasswordExpirySettings(ctx context.Context, req *settings.GetPasswordExpirySettingsRequest) (*settings.GetPasswordExpirySettingsResponse, error) {
+	current, err := s.query.PasswordAgePolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetPasswordExpirySettingsResponse{
+		Settings: passwordExpirySettingsToPb(current),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			CreationDate:  timestamppb.New(current.CreationDate),
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.ResourceOwner,
+		},
+	}, nil
+}
+
+func (s *Server) GetBrandingSettings(ctx context.Context, req *settings.GetBrandingSettingsRequest) (*settings.GetBrandingSettingsResponse, error) {
+	current, err := s.query.ActiveLabelPolicyByOrg(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetBrandingSettingsResponse{
+		Settings: brandingSettingsToPb(current, s.assetsAPIDomain(ctx)),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			CreationDate:  timestamppb.New(current.CreationDate),
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.ResourceOwner,
+		},
+	}, nil
+}
+
+func (s *Server) GetDomainSettings(ctx context.Context, req *settings.GetDomainSettingsRequest) (*settings.GetDomainSettingsResponse, error) {
+	current, err := s.query.DomainPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetDomainSettingsResponse{
+		Settings: domainSettingsToPb(current),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			CreationDate:  timestamppb.New(current.CreationDate),
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.ResourceOwner,
+		},
+	}, nil
+}
+
+func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *settings.GetLegalAndSupportSettingsRequest) (*settings.GetLegalAndSupportSettingsResponse, error) {
+	current, err := s.query.PrivacyPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetLegalAndSupportSettingsResponse{
+		Settings: legalAndSupportSettingsToPb(current),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			CreationDate:  timestamppb.New(current.CreationDate),
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.ResourceOwner,
+		},
+	}, nil
+}
+
+func (s *Server) GetLockoutSettings(ctx context.Context, req *settings.GetLockoutSettingsRequest) (*settings.GetLockoutSettingsResponse, error) {
+	current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()))
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetLockoutSettingsResponse{
+		Settings: lockoutSettingsToPb(current),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			CreationDate:  timestamppb.New(current.CreationDate),
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.ResourceOwner,
+		},
+	}, nil
+}
+
+func (s *Server) GetActiveIdentityProviders(ctx context.Context, req *settings.GetActiveIdentityProvidersRequest) (*settings.GetActiveIdentityProvidersResponse, error) {
+	queries, err := activeIdentityProvidersToQuery(req)
+	if err != nil {
+		return nil, err
+	}
+
+	links, err := s.query.IDPLoginPolicyLinks(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), &query.IDPLoginPolicyLinksSearchQuery{Queries: queries}, false)
+	if err != nil {
+		return nil, err
+	}
+
+	return &settings.GetActiveIdentityProvidersResponse{
+		Details:           object.ToListDetails(links.SearchResponse),
+		IdentityProviders: identityProvidersToPb(links.Links),
+	}, nil
+}
+
+func activeIdentityProvidersToQuery(req *settings.GetActiveIdentityProvidersRequest) (_ []query.SearchQuery, err error) {
+	q := make([]query.SearchQuery, 0, 4)
+	if req.CreationAllowed != nil {
+		creationQuery, err := query.NewIDPTemplateIsCreationAllowedSearchQuery(*req.CreationAllowed)
+		if err != nil {
+			return nil, err
+		}
+		q = append(q, creationQuery)
+	}
+	if req.LinkingAllowed != nil {
+		creationQuery, err := query.NewIDPTemplateIsLinkingAllowedSearchQuery(*req.LinkingAllowed)
+		if err != nil {
+			return nil, err
+		}
+		q = append(q, creationQuery)
+	}
+	if req.AutoCreation != nil {
+		creationQuery, err := query.NewIDPTemplateIsAutoCreationSearchQuery(*req.AutoCreation)
+		if err != nil {
+			return nil, err
+		}
+		q = append(q, creationQuery)
+	}
+	if req.AutoLinking != nil {
+		compare := query.NumberEquals
+		if *req.AutoLinking {
+			compare = query.NumberNotEquals
+		}
+		creationQuery, err := query.NewIDPTemplateAutoLinkingSearchQuery(0, compare)
+		if err != nil {
+			return nil, err
+		}
+		q = append(q, creationQuery)
+	}
+	return q, nil
+}
+
+func (s *Server) GetGeneralSettings(ctx context.Context, _ *settings.GetGeneralSettingsRequest) (*settings.GetGeneralSettingsResponse, error) {
+	instance := authz.GetInstance(ctx)
+	return &settings.GetGeneralSettingsResponse{
+		SupportedLanguages: domain.LanguagesToStrings(i18n.SupportedLanguages()),
+		DefaultOrgId:       instance.DefaultOrganisationID(),
+		DefaultLanguage:    instance.DefaultLanguage().String(),
+	}, nil
+}
+
+func (s *Server) GetSecuritySettings(ctx context.Context, req *settings.GetSecuritySettingsRequest) (*settings.GetSecuritySettingsResponse, error) {
+	policy, err := s.query.SecurityPolicy(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetSecuritySettingsResponse{
+		Settings: securityPolicyToSettingsPb(policy),
+	}, nil
+}
+
+func (s *Server) GetHostedLoginTranslation(ctx context.Context, req *settings.GetHostedLoginTranslationRequest) (*settings.GetHostedLoginTranslationResponse, error) {
+	translation, err := s.query.GetHostedLoginTranslation(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+
+	return translation, nil
+}
diff --git a/internal/api/grpc/settings/v2/settings.go b/internal/api/grpc/settings/v2/settings.go
index 77874bf970..09ee6b27c8 100644
--- a/internal/api/grpc/settings/v2/settings.go
+++ b/internal/api/grpc/settings/v2/settings.go
@@ -3,202 +3,10 @@ package settings
 import (
 	"context"
 
-	"google.golang.org/protobuf/types/known/timestamppb"
-
-	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
-	"github.com/zitadel/zitadel/internal/domain"
-	"github.com/zitadel/zitadel/internal/i18n"
-	"github.com/zitadel/zitadel/internal/query"
-	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2"
 	"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
 )
 
-func (s *Server) GetLoginSettings(ctx context.Context, req *settings.GetLoginSettingsRequest) (*settings.GetLoginSettingsResponse, error) {
-	current, err := s.query.LoginPolicyByID(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
-	if err != nil {
-		return nil, err
-	}
-	return &settings.GetLoginSettingsResponse{
-		Settings: loginSettingsToPb(current),
-		Details: &object_pb.Details{
-			Sequence:      current.Sequence,
-			CreationDate:  timestamppb.New(current.CreationDate),
-			ChangeDate:    timestamppb.New(current.ChangeDate),
-			ResourceOwner: current.OrgID,
-		},
-	}, nil
-}
-
-func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *settings.GetPasswordComplexitySettingsRequest) (*settings.GetPasswordComplexitySettingsResponse, error) {
-	current, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
-	if err != nil {
-		return nil, err
-	}
-	return &settings.GetPasswordComplexitySettingsResponse{
-		Settings: passwordComplexitySettingsToPb(current),
-		Details: &object_pb.Details{
-			Sequence:      current.Sequence,
-			CreationDate:  timestamppb.New(current.CreationDate),
-			ChangeDate:    timestamppb.New(current.ChangeDate),
-			ResourceOwner: current.ResourceOwner,
-		},
-	}, nil
-}
-
-func (s *Server) GetPasswordExpirySettings(ctx context.Context, req *settings.GetPasswordExpirySettingsRequest) (*settings.GetPasswordExpirySettingsResponse, error) {
-	current, err := s.query.PasswordAgePolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
-	if err != nil {
-		return nil, err
-	}
-	return &settings.GetPasswordExpirySettingsResponse{
-		Settings: passwordExpirySettingsToPb(current),
-		Details: &object_pb.Details{
-			Sequence:      current.Sequence,
-			CreationDate:  timestamppb.New(current.CreationDate),
-			ChangeDate:    timestamppb.New(current.ChangeDate),
-			ResourceOwner: current.ResourceOwner,
-		},
-	}, nil
-}
-
-func (s *Server) GetBrandingSettings(ctx context.Context, req *settings.GetBrandingSettingsRequest) (*settings.GetBrandingSettingsResponse, error) {
-	current, err := s.query.ActiveLabelPolicyByOrg(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
-	if err != nil {
-		return nil, err
-	}
-	return &settings.GetBrandingSettingsResponse{
-		Settings: brandingSettingsToPb(current, s.assetsAPIDomain(ctx)),
-		Details: &object_pb.Details{
-			Sequence:      current.Sequence,
-			CreationDate:  timestamppb.New(current.CreationDate),
-			ChangeDate:    timestamppb.New(current.ChangeDate),
-			ResourceOwner: current.ResourceOwner,
-		},
-	}, nil
-}
-
-func (s *Server) GetDomainSettings(ctx context.Context, req *settings.GetDomainSettingsRequest) (*settings.GetDomainSettingsResponse, error) {
-	current, err := s.query.DomainPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
-	if err != nil {
-		return nil, err
-	}
-	return &settings.GetDomainSettingsResponse{
-		Settings: domainSettingsToPb(current),
-		Details: &object_pb.Details{
-			Sequence:      current.Sequence,
-			CreationDate:  timestamppb.New(current.CreationDate),
-			ChangeDate:    timestamppb.New(current.ChangeDate),
-			ResourceOwner: current.ResourceOwner,
-		},
-	}, nil
-}
-
-func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *settings.GetLegalAndSupportSettingsRequest) (*settings.GetLegalAndSupportSettingsResponse, error) {
-	current, err := s.query.PrivacyPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
-	if err != nil {
-		return nil, err
-	}
-	return &settings.GetLegalAndSupportSettingsResponse{
-		Settings: legalAndSupportSettingsToPb(current),
-		Details: &object_pb.Details{
-			Sequence:      current.Sequence,
-			CreationDate:  timestamppb.New(current.CreationDate),
-			ChangeDate:    timestamppb.New(current.ChangeDate),
-			ResourceOwner: current.ResourceOwner,
-		},
-	}, nil
-}
-
-func (s *Server) GetLockoutSettings(ctx context.Context, req *settings.GetLockoutSettingsRequest) (*settings.GetLockoutSettingsResponse, error) {
-	current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()))
-	if err != nil {
-		return nil, err
-	}
-	return &settings.GetLockoutSettingsResponse{
-		Settings: lockoutSettingsToPb(current),
-		Details: &object_pb.Details{
-			Sequence:      current.Sequence,
-			CreationDate:  timestamppb.New(current.CreationDate),
-			ChangeDate:    timestamppb.New(current.ChangeDate),
-			ResourceOwner: current.ResourceOwner,
-		},
-	}, nil
-}
-
-func (s *Server) GetActiveIdentityProviders(ctx context.Context, req *settings.GetActiveIdentityProvidersRequest) (*settings.GetActiveIdentityProvidersResponse, error) {
-	queries, err := activeIdentityProvidersToQuery(req)
-	if err != nil {
-		return nil, err
-	}
-
-	links, err := s.query.IDPLoginPolicyLinks(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), &query.IDPLoginPolicyLinksSearchQuery{Queries: queries}, false)
-	if err != nil {
-		return nil, err
-	}
-
-	return &settings.GetActiveIdentityProvidersResponse{
-		Details:           object.ToListDetails(links.SearchResponse),
-		IdentityProviders: identityProvidersToPb(links.Links),
-	}, nil
-}
-
-func activeIdentityProvidersToQuery(req *settings.GetActiveIdentityProvidersRequest) (_ []query.SearchQuery, err error) {
-	q := make([]query.SearchQuery, 0, 4)
-	if req.CreationAllowed != nil {
-		creationQuery, err := query.NewIDPTemplateIsCreationAllowedSearchQuery(*req.CreationAllowed)
-		if err != nil {
-			return nil, err
-		}
-		q = append(q, creationQuery)
-	}
-	if req.LinkingAllowed != nil {
-		creationQuery, err := query.NewIDPTemplateIsLinkingAllowedSearchQuery(*req.LinkingAllowed)
-		if err != nil {
-			return nil, err
-		}
-		q = append(q, creationQuery)
-	}
-	if req.AutoCreation != nil {
-		creationQuery, err := query.NewIDPTemplateIsAutoCreationSearchQuery(*req.AutoCreation)
-		if err != nil {
-			return nil, err
-		}
-		q = append(q, creationQuery)
-	}
-	if req.AutoLinking != nil {
-		compare := query.NumberEquals
-		if *req.AutoLinking {
-			compare = query.NumberNotEquals
-		}
-		creationQuery, err := query.NewIDPTemplateAutoLinkingSearchQuery(0, compare)
-		if err != nil {
-			return nil, err
-		}
-		q = append(q, creationQuery)
-	}
-	return q, nil
-}
-
-func (s *Server) GetGeneralSettings(ctx context.Context, _ *settings.GetGeneralSettingsRequest) (*settings.GetGeneralSettingsResponse, error) {
-	instance := authz.GetInstance(ctx)
-	return &settings.GetGeneralSettingsResponse{
-		SupportedLanguages: domain.LanguagesToStrings(i18n.SupportedLanguages()),
-		DefaultOrgId:       instance.DefaultOrganisationID(),
-		DefaultLanguage:    instance.DefaultLanguage().String(),
-	}, nil
-}
-
-func (s *Server) GetSecuritySettings(ctx context.Context, req *settings.GetSecuritySettingsRequest) (*settings.GetSecuritySettingsResponse, error) {
-	policy, err := s.query.SecurityPolicy(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return &settings.GetSecuritySettingsResponse{
-		Settings: securityPolicyToSettingsPb(policy),
-	}, nil
-}
-
 func (s *Server) SetSecuritySettings(ctx context.Context, req *settings.SetSecuritySettingsRequest) (*settings.SetSecuritySettingsResponse, error) {
 	details, err := s.command.SetSecurityPolicy(ctx, securitySettingsToCommand(req))
 	if err != nil {
@@ -208,3 +16,12 @@ func (s *Server) SetSecuritySettings(ctx context.Context, req *settings.SetSecur
 		Details: object.DomainToDetailsPb(details),
 	}, nil
 }
+
+func (s *Server) SetHostedLoginTranslation(ctx context.Context, req *settings.SetHostedLoginTranslationRequest) (*settings.SetHostedLoginTranslationResponse, error) {
+	res, err := s.command.SetHostedLoginTranslation(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+
+	return res, nil
+}
diff --git a/internal/command/hosted_login_translation.go b/internal/command/hosted_login_translation.go
new file mode 100644
index 0000000000..024ab6bdad
--- /dev/null
+++ b/internal/command/hosted_login_translation.go
@@ -0,0 +1,73 @@
+package command
+
+import (
+	"context"
+	"crypto/md5"
+	"encoding/hex"
+	"fmt"
+
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/instance"
+	"github.com/zitadel/zitadel/internal/repository/org"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
+)
+
+func (c *Commands) SetHostedLoginTranslation(ctx context.Context, req *settings.SetHostedLoginTranslationRequest) (res *settings.SetHostedLoginTranslationResponse, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	var agg eventstore.Aggregate
+	switch t := req.GetLevel().(type) {
+	case *settings.SetHostedLoginTranslationRequest_Instance:
+		agg = instance.NewAggregate(authz.GetInstance(ctx).InstanceID()).Aggregate
+	case *settings.SetHostedLoginTranslationRequest_OrganizationId:
+		agg = org.NewAggregate(t.OrganizationId).Aggregate
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "COMMA-YB6Sri", "Errors.Arguments.Level.Invalid")
+	}
+
+	lang, err := language.Parse(req.GetLocale())
+	if err != nil || lang.IsRoot() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "COMMA-xmjATA", "Errors.Arguments.Locale.Invalid")
+	}
+
+	commands, wm, err := c.setTranslationEvents(ctx, agg, lang, req.GetTranslations().AsMap())
+	if err != nil {
+		return nil, err
+	}
+
+	pushedEvents, err := c.eventstore.Push(ctx, commands...)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "COMMA-i8nqFl", "Errors.Internal")
+	}
+
+	err = AppendAndReduce(wm, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+
+	etag := md5.Sum(fmt.Append(nil, wm.Translation))
+	return &settings.SetHostedLoginTranslationResponse{
+		Etag: hex.EncodeToString(etag[:]),
+	}, nil
+}
+
+func (c *Commands) setTranslationEvents(ctx context.Context, agg eventstore.Aggregate, lang language.Tag, translations map[string]any) ([]eventstore.Command, *HostedLoginTranslationWriteModel, error) {
+	wm := NewHostedLoginTranslationWriteModel(agg.ID)
+	events := []eventstore.Command{}
+	switch agg.Type {
+	case instance.AggregateType:
+		events = append(events, instance.NewHostedLoginTranslationSetEvent(ctx, &agg, translations, lang))
+	case org.AggregateType:
+		events = append(events, org.NewHostedLoginTranslationSetEvent(ctx, &agg, translations, lang))
+	default:
+		return nil, nil, zerrors.ThrowInvalidArgument(nil, "COMMA-0aw7In", "Errors.Arguments.LevelType.Invalid")
+	}
+
+	return events, wm, nil
+}
diff --git a/internal/command/hosted_login_translation_model.go b/internal/command/hosted_login_translation_model.go
new file mode 100644
index 0000000000..16bc42c541
--- /dev/null
+++ b/internal/command/hosted_login_translation_model.go
@@ -0,0 +1,45 @@
+package command
+
+import (
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/instance"
+	"github.com/zitadel/zitadel/internal/repository/org"
+)
+
+type HostedLoginTranslationWriteModel struct {
+	eventstore.WriteModel
+	Language    language.Tag
+	Translation map[string]any
+	Level       string
+	LevelID     string
+}
+
+func NewHostedLoginTranslationWriteModel(resourceID string) *HostedLoginTranslationWriteModel {
+	return &HostedLoginTranslationWriteModel{
+		WriteModel: eventstore.WriteModel{
+			AggregateID:   resourceID,
+			ResourceOwner: resourceID,
+		},
+	}
+}
+
+func (wm *HostedLoginTranslationWriteModel) Reduce() error {
+	for _, event := range wm.Events {
+		switch e := event.(type) {
+		case *org.HostedLoginTranslationSetEvent:
+			wm.Language = e.Language
+			wm.Translation = e.Translation
+			wm.Level = e.Level
+			wm.LevelID = e.Aggregate().ID
+		case *instance.HostedLoginTranslationSetEvent:
+			wm.Language = e.Language
+			wm.Translation = e.Translation
+			wm.Level = e.Level
+			wm.LevelID = e.Aggregate().ID
+		}
+	}
+
+	return wm.WriteModel.Reduce()
+}
diff --git a/internal/command/hosted_login_translation_test.go b/internal/command/hosted_login_translation_test.go
new file mode 100644
index 0000000000..a5f0941711
--- /dev/null
+++ b/internal/command/hosted_login_translation_test.go
@@ -0,0 +1,211 @@
+package command
+
+import (
+	"context"
+	"crypto/md5"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"golang.org/x/text/language"
+	"google.golang.org/protobuf/types/known/structpb"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/api/service"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/instance"
+	"github.com/zitadel/zitadel/internal/repository/org"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
+)
+
+func TestSetTranslationEvents(t *testing.T) {
+	t.Parallel()
+
+	testCtx := authz.SetCtxData(context.Background(), authz.CtxData{UserID: "test-user"})
+	testCtx = service.WithService(testCtx, "test-service")
+
+	tt := []struct {
+		testName string
+
+		inputAggregate    eventstore.Aggregate
+		inputLanguage     language.Tag
+		inputTranslations map[string]any
+
+		expectedCommands   []eventstore.Command
+		expectedWriteModel *HostedLoginTranslationWriteModel
+		expectedError      error
+	}{
+		{
+			testName:          "when aggregate type is instance should return matching write model and instance.hosted_login_translation_set event",
+			inputAggregate:    eventstore.Aggregate{ID: "123", Type: instance.AggregateType},
+			inputLanguage:     language.MustParse("en-US"),
+			inputTranslations: map[string]any{"test": "translation"},
+			expectedCommands: []eventstore.Command{
+				instance.NewHostedLoginTranslationSetEvent(testCtx, &eventstore.Aggregate{ID: "123", Type: instance.AggregateType}, map[string]any{"test": "translation"}, language.MustParse("en-US")),
+			},
+			expectedWriteModel: &HostedLoginTranslationWriteModel{
+				WriteModel: eventstore.WriteModel{AggregateID: "123", ResourceOwner: "123"},
+			},
+		},
+		{
+			testName:          "when aggregate type is org should return matching write model and org.hosted_login_translation_set event",
+			inputAggregate:    eventstore.Aggregate{ID: "123", Type: org.AggregateType},
+			inputLanguage:     language.MustParse("en-GB"),
+			inputTranslations: map[string]any{"test": "translation"},
+			expectedCommands: []eventstore.Command{
+				org.NewHostedLoginTranslationSetEvent(testCtx, &eventstore.Aggregate{ID: "123", Type: org.AggregateType}, map[string]any{"test": "translation"}, language.MustParse("en-GB")),
+			},
+			expectedWriteModel: &HostedLoginTranslationWriteModel{
+				WriteModel: eventstore.WriteModel{AggregateID: "123", ResourceOwner: "123"},
+			},
+		},
+		{
+			testName:          "when aggregate type is neither org nor instance should return invalid argument error",
+			inputAggregate:    eventstore.Aggregate{ID: "123"},
+			inputLanguage:     language.MustParse("en-US"),
+			inputTranslations: map[string]any{"test": "translation"},
+			expectedError:     zerrors.ThrowInvalidArgument(nil, "COMMA-0aw7In", "Errors.Arguments.LevelType.Invalid"),
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// Given
+			c := Commands{}
+
+			// When
+			events, writeModel, err := c.setTranslationEvents(testCtx, tc.inputAggregate, tc.inputLanguage, tc.inputTranslations)
+
+			// Verify
+			require.Equal(t, tc.expectedError, err)
+			assert.Equal(t, tc.expectedWriteModel, writeModel)
+
+			require.Len(t, events, len(tc.expectedCommands))
+			assert.ElementsMatch(t, tc.expectedCommands, events)
+		})
+	}
+}
+
+func TestSetHostedLoginTranslation(t *testing.T) {
+	t.Parallel()
+
+	testCtx := authz.SetCtxData(context.Background(), authz.CtxData{UserID: "test-user"})
+	testCtx = service.WithService(testCtx, "test-service")
+	testCtx = authz.WithInstanceID(testCtx, "instance-id")
+
+	testTranslation := map[string]any{"test": "translation", "translation": "2"}
+	protoTranslation, err := structpb.NewStruct(testTranslation)
+	require.NoError(t, err)
+
+	hashTestTranslation := md5.Sum(fmt.Append(nil, testTranslation))
+	require.NotEmpty(t, hashTestTranslation)
+
+	tt := []struct {
+		testName string
+
+		mockPush func(*testing.T) *eventstore.Eventstore
+
+		inputReq *settings.SetHostedLoginTranslationRequest
+
+		expectedError  error
+		expectedResult *settings.SetHostedLoginTranslationResponse
+	}{
+		{
+			testName: "when locale is malformed should return invalid argument error",
+			mockPush: func(t *testing.T) *eventstore.Eventstore { return &eventstore.Eventstore{} },
+			inputReq: &settings.SetHostedLoginTranslationRequest{
+				Level:  &settings.SetHostedLoginTranslationRequest_Instance{},
+				Locale: "123",
+			},
+
+			expectedError: zerrors.ThrowInvalidArgument(nil, "COMMA-xmjATA", "Errors.Arguments.Locale.Invalid"),
+		},
+		{
+			testName: "when locale is unknown should return invalid argument error",
+			mockPush: func(t *testing.T) *eventstore.Eventstore { return &eventstore.Eventstore{} },
+			inputReq: &settings.SetHostedLoginTranslationRequest{
+				Level:  &settings.SetHostedLoginTranslationRequest_Instance{},
+				Locale: "root",
+			},
+
+			expectedError: zerrors.ThrowInvalidArgument(nil, "COMMA-xmjATA", "Errors.Arguments.Locale.Invalid"),
+		},
+		{
+			testName: "when event pushing fails should return internal error",
+
+			mockPush: expectEventstore(expectPushFailed(
+				errors.New("mock push failed"),
+				instance.NewHostedLoginTranslationSetEvent(
+					testCtx, &eventstore.Aggregate{
+						ID:            "instance-id",
+						Type:          instance.AggregateType,
+						ResourceOwner: "instance-id",
+						InstanceID:    "instance-id",
+						Version:       instance.AggregateVersion,
+					},
+					testTranslation,
+					language.MustParse("it-CH"),
+				),
+			)),
+
+			inputReq: &settings.SetHostedLoginTranslationRequest{
+				Level:        &settings.SetHostedLoginTranslationRequest_Instance{},
+				Locale:       "it-CH",
+				Translations: protoTranslation,
+			},
+
+			expectedError: zerrors.ThrowInternal(errors.New("mock push failed"), "COMMA-i8nqFl", "Errors.Internal"),
+		},
+		{
+			testName: "when request is valid should return expected response",
+
+			mockPush: expectEventstore(expectPush(
+				org.NewHostedLoginTranslationSetEvent(
+					testCtx, &eventstore.Aggregate{
+						ID:            "org-id",
+						Type:          org.AggregateType,
+						ResourceOwner: "org-id",
+						InstanceID:    "",
+						Version:       org.AggregateVersion,
+					},
+					testTranslation,
+					language.MustParse("it-CH"),
+				),
+			)),
+
+			inputReq: &settings.SetHostedLoginTranslationRequest{
+				Level:        &settings.SetHostedLoginTranslationRequest_OrganizationId{OrganizationId: "org-id"},
+				Locale:       "it-CH",
+				Translations: protoTranslation,
+			},
+
+			expectedResult: &settings.SetHostedLoginTranslationResponse{
+				Etag: hex.EncodeToString(hashTestTranslation[:]),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// Given
+			c := Commands{
+				eventstore: tc.mockPush(t),
+			}
+
+			// When
+			res, err := c.SetHostedLoginTranslation(testCtx, tc.inputReq)
+
+			// Verify
+			require.Equal(t, tc.expectedError, err)
+			assert.Equal(t, tc.expectedResult, res)
+		})
+	}
+}
diff --git a/internal/database/mock/sql_mock.go b/internal/database/mock/sql_mock.go
index b8030b269f..cd30cd9cf0 100644
--- a/internal/database/mock/sql_mock.go
+++ b/internal/database/mock/sql_mock.go
@@ -14,9 +14,9 @@ type SQLMock struct {
 	mock sqlmock.Sqlmock
 }
 
-type expectation func(m sqlmock.Sqlmock)
+type Expectation func(m sqlmock.Sqlmock)
 
-func NewSQLMock(t *testing.T, expectations ...expectation) *SQLMock {
+func NewSQLMock(t *testing.T, expectations ...Expectation) *SQLMock {
 	db, mock, err := sqlmock.New(
 		sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual),
 		sqlmock.ValueConverterOption(new(TypeConverter)),
@@ -45,7 +45,7 @@ func (m *SQLMock) Assert(t *testing.T) {
 	m.DB.Close()
 }
 
-func ExpectBegin(err error) expectation {
+func ExpectBegin(err error) Expectation {
 	return func(m sqlmock.Sqlmock) {
 		e := m.ExpectBegin()
 		if err != nil {
@@ -54,7 +54,7 @@ func ExpectBegin(err error) expectation {
 	}
 }
 
-func ExpectCommit(err error) expectation {
+func ExpectCommit(err error) Expectation {
 	return func(m sqlmock.Sqlmock) {
 		e := m.ExpectCommit()
 		if err != nil {
@@ -89,7 +89,7 @@ func WithExecRowsAffected(affected driver.RowsAffected) ExecOpt {
 	}
 }
 
-func ExcpectExec(stmt string, opts ...ExecOpt) expectation {
+func ExcpectExec(stmt string, opts ...ExecOpt) Expectation {
 	return func(m sqlmock.Sqlmock) {
 		e := m.ExpectExec(stmt)
 		for _, opt := range opts {
@@ -122,7 +122,7 @@ func WithQueryResult(columns []string, rows [][]driver.Value) QueryOpt {
 	}
 }
 
-func ExpectQuery(stmt string, opts ...QueryOpt) expectation {
+func ExpectQuery(stmt string, opts ...QueryOpt) Expectation {
 	return func(m sqlmock.Sqlmock) {
 		e := m.ExpectQuery(stmt)
 		for _, opt := range opts {
diff --git a/internal/query/hosted_login_translation.go b/internal/query/hosted_login_translation.go
new file mode 100644
index 0000000000..82193d2069
--- /dev/null
+++ b/internal/query/hosted_login_translation.go
@@ -0,0 +1,256 @@
+package query
+
+import (
+	"context"
+	"crypto/md5"
+	"database/sql"
+	_ "embed"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"dario.cat/mergo"
+	sq "github.com/Masterminds/squirrel"
+	"github.com/zitadel/logging"
+	"golang.org/x/text/language"
+	"google.golang.org/protobuf/types/known/structpb"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/query/projection"
+	"github.com/zitadel/zitadel/internal/repository/instance"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+	"github.com/zitadel/zitadel/internal/v2/org"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
+)
+
+var (
+	//go:embed v2-default.json
+	defaultLoginTranslations []byte
+
+	defaultSystemTranslations map[language.Tag]map[string]any
+
+	hostedLoginTranslationTable = table{
+		name:          projection.HostedLoginTranslationTable,
+		instanceIDCol: projection.HostedLoginTranslationInstanceIDCol,
+	}
+
+	hostedLoginTranslationColInstanceID = Column{
+		name:  projection.HostedLoginTranslationInstanceIDCol,
+		table: hostedLoginTranslationTable,
+	}
+	hostedLoginTranslationColResourceOwner = Column{
+		name:  projection.HostedLoginTranslationAggregateIDCol,
+		table: hostedLoginTranslationTable,
+	}
+	hostedLoginTranslationColResourceOwnerType = Column{
+		name:  projection.HostedLoginTranslationAggregateTypeCol,
+		table: hostedLoginTranslationTable,
+	}
+	hostedLoginTranslationColLocale = Column{
+		name:  projection.HostedLoginTranslationLocaleCol,
+		table: hostedLoginTranslationTable,
+	}
+	hostedLoginTranslationColFile = Column{
+		name:  projection.HostedLoginTranslationFileCol,
+		table: hostedLoginTranslationTable,
+	}
+	hostedLoginTranslationColEtag = Column{
+		name:  projection.HostedLoginTranslationEtagCol,
+		table: hostedLoginTranslationTable,
+	}
+)
+
+func init() {
+	err := json.Unmarshal(defaultLoginTranslations, &defaultSystemTranslations)
+	if err != nil {
+		panic(err)
+	}
+}
+
+type HostedLoginTranslations struct {
+	SearchResponse
+	HostedLoginTranslations []*HostedLoginTranslation
+}
+
+type HostedLoginTranslation struct {
+	AggregateID  string
+	Sequence     uint64
+	CreationDate time.Time
+	ChangeDate   time.Time
+
+	Locale    string
+	File      map[string]any
+	LevelType string
+	LevelID   string
+	Etag      string
+}
+
+func (q *Queries) GetHostedLoginTranslation(ctx context.Context, req *settings.GetHostedLoginTranslationRequest) (res *settings.GetHostedLoginTranslationResponse, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	inst := authz.GetInstance(ctx)
+	defaultInstLang := inst.DefaultLanguage()
+
+	lang, err := language.BCP47.Parse(req.GetLocale())
+	if err != nil || lang.IsRoot() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "QUERY-rZLAGi", "Errors.Arguments.Locale.Invalid")
+	}
+	parentLang := lang.Parent()
+	if parentLang.IsRoot() {
+		parentLang = lang
+	}
+
+	sysTranslation, systemEtag, err := getSystemTranslation(parentLang, defaultInstLang)
+	if err != nil {
+		return nil, err
+	}
+
+	var levelID, resourceOwner string
+	switch t := req.GetLevel().(type) {
+	case *settings.GetHostedLoginTranslationRequest_System:
+		return getTranslationOutputMessage(sysTranslation, systemEtag)
+	case *settings.GetHostedLoginTranslationRequest_Instance:
+		levelID = authz.GetInstance(ctx).InstanceID()
+		resourceOwner = instance.AggregateType
+	case *settings.GetHostedLoginTranslationRequest_OrganizationId:
+		levelID = t.OrganizationId
+		resourceOwner = org.AggregateType
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "QUERY-YB6Sri", "Errors.Arguments.Level.Invalid")
+	}
+
+	stmt, scan := prepareHostedLoginTranslationQuery()
+
+	langORBaseLang := sq.Or{
+		sq.Eq{hostedLoginTranslationColLocale.identifier(): lang.String()},
+		sq.Eq{hostedLoginTranslationColLocale.identifier(): parentLang.String()},
+	}
+	eq := sq.Eq{
+		hostedLoginTranslationColInstanceID.identifier():        inst.InstanceID(),
+		hostedLoginTranslationColResourceOwner.identifier():     levelID,
+		hostedLoginTranslationColResourceOwnerType.identifier(): resourceOwner,
+	}
+
+	query, args, err := stmt.Where(eq).Where(langORBaseLang).ToSql()
+	if err != nil {
+		logging.WithError(err).Error("unable to generate sql statement")
+		return nil, zerrors.ThrowInternal(err, "QUERY-ZgCMux", "Errors.Query.SQLStatement")
+	}
+
+	var trs []*HostedLoginTranslation
+	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
+		trs, err = scan(rows)
+		return err
+	}, query, args...)
+	if err != nil {
+		logging.WithError(err).Error("failed to query translations")
+		return nil, zerrors.ThrowInternal(err, "QUERY-6k1zjx", "Errors.Internal")
+	}
+
+	requestedTranslation, parentTranslation := &HostedLoginTranslation{}, &HostedLoginTranslation{}
+	for _, tr := range trs {
+		if tr == nil {
+			continue
+		}
+
+		if tr.LevelType == resourceOwner {
+			requestedTranslation = tr
+		} else {
+			parentTranslation = tr
+		}
+	}
+
+	if !req.GetIgnoreInheritance() {
+
+		// There is no record for the requested level, set the upper level etag
+		if requestedTranslation.Etag == "" {
+			requestedTranslation.Etag = parentTranslation.Etag
+		}
+
+		// Case where Level == ORGANIZATION -> Check if we have an instance level translation
+		// If so, merge it with the translations we have
+		if parentTranslation != nil && parentTranslation.LevelType == instance.AggregateType {
+			if err := mergo.Merge(&requestedTranslation.File, parentTranslation.File); err != nil {
+				return nil, zerrors.ThrowInternal(err, "QUERY-pdgEJd", "Errors.Query.MergeTranslations")
+			}
+		}
+
+		// The DB query returned no results, we have to set the system translation etag
+		if requestedTranslation.Etag == "" {
+			requestedTranslation.Etag = systemEtag
+		}
+
+		// Merge the system translations
+		if err := mergo.Merge(&requestedTranslation.File, sysTranslation); err != nil {
+			return nil, zerrors.ThrowInternal(err, "QUERY-HdprNF", "Errors.Query.MergeTranslations")
+		}
+	}
+
+	return getTranslationOutputMessage(requestedTranslation.File, requestedTranslation.Etag)
+}
+
+func getSystemTranslation(lang, instanceDefaultLang language.Tag) (map[string]any, string, error) {
+	translation, ok := defaultSystemTranslations[lang]
+	if !ok {
+		translation, ok = defaultSystemTranslations[instanceDefaultLang]
+		if !ok {
+			return nil, "", zerrors.ThrowNotFoundf(nil, "QUERY-6gb5QR", "Errors.Query.HostedLoginTranslationNotFound-%s", lang)
+		}
+	}
+
+	hash := md5.Sum(fmt.Append(nil, translation))
+
+	return translation, hex.EncodeToString(hash[:]), nil
+}
+
+func prepareHostedLoginTranslationQuery() (sq.SelectBuilder, func(*sql.Rows) ([]*HostedLoginTranslation, error)) {
+	return sq.Select(
+			hostedLoginTranslationColFile.identifier(),
+			hostedLoginTranslationColResourceOwnerType.identifier(),
+			hostedLoginTranslationColEtag.identifier(),
+		).From(hostedLoginTranslationTable.identifier()).
+			Limit(2).
+			PlaceholderFormat(sq.Dollar),
+		func(r *sql.Rows) ([]*HostedLoginTranslation, error) {
+			translations := make([]*HostedLoginTranslation, 0, 2)
+			for r.Next() {
+				var rawTranslation json.RawMessage
+				translation := &HostedLoginTranslation{}
+				err := r.Scan(
+					&rawTranslation,
+					&translation.LevelType,
+					&translation.Etag,
+				)
+				if err != nil {
+					return nil, err
+				}
+
+				if err := json.Unmarshal(rawTranslation, &translation.File); err != nil {
+					return nil, err
+				}
+
+				translations = append(translations, translation)
+			}
+
+			if err := r.Close(); err != nil {
+				return nil, zerrors.ThrowInternal(err, "QUERY-oc7r7i", "Errors.Query.CloseRows")
+			}
+
+			return translations, nil
+		}
+}
+
+func getTranslationOutputMessage(translation map[string]any, etag string) (*settings.GetHostedLoginTranslationResponse, error) {
+	protoTranslation, err := structpb.NewStruct(translation)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "QUERY-70ppPp", "Errors.Protobuf.ConvertToStruct")
+	}
+
+	return &settings.GetHostedLoginTranslationResponse{
+		Translations: protoTranslation,
+		Etag:         etag,
+	}, nil
+}
diff --git a/internal/query/hosted_login_translation_test.go b/internal/query/hosted_login_translation_test.go
new file mode 100644
index 0000000000..0e9f511002
--- /dev/null
+++ b/internal/query/hosted_login_translation_test.go
@@ -0,0 +1,337 @@
+package query
+
+import (
+	"crypto/md5"
+	"database/sql"
+	"database/sql/driver"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"maps"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"golang.org/x/text/language"
+	"google.golang.org/protobuf/runtime/protoimpl"
+	"google.golang.org/protobuf/types/known/structpb"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/database/mock"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
+)
+
+func TestGetSystemTranslation(t *testing.T) {
+	okTranslation := defaultLoginTranslations
+
+	parsedOKTranslation := map[string]map[string]any{}
+	require.Nil(t, json.Unmarshal(okTranslation, &parsedOKTranslation))
+
+	hashOK := md5.Sum(fmt.Append(nil, parsedOKTranslation["de"]))
+
+	tt := []struct {
+		testName string
+
+		inputLanguage          language.Tag
+		inputInstanceLanguage  language.Tag
+		systemTranslationToSet []byte
+
+		expectedLanguage map[string]any
+		expectedEtag     string
+		expectedError    error
+	}{
+		{
+			testName:               "when neither input language nor system default language have translation should return not found error",
+			systemTranslationToSet: okTranslation,
+			inputLanguage:          language.MustParse("ro"),
+			inputInstanceLanguage:  language.MustParse("fr"),
+
+			expectedError: zerrors.ThrowNotFoundf(nil, "QUERY-6gb5QR", "Errors.Query.HostedLoginTranslationNotFound-%s", "ro"),
+		},
+		{
+			testName:               "when input language has no translation should fallback onto instance default",
+			systemTranslationToSet: okTranslation,
+			inputLanguage:          language.MustParse("ro"),
+			inputInstanceLanguage:  language.MustParse("de"),
+
+			expectedLanguage: parsedOKTranslation["de"],
+			expectedEtag:     hex.EncodeToString(hashOK[:]),
+		},
+		{
+			testName:               "when input language has translation should return it",
+			systemTranslationToSet: okTranslation,
+			inputLanguage:          language.MustParse("de"),
+			inputInstanceLanguage:  language.MustParse("en"),
+
+			expectedLanguage: parsedOKTranslation["de"],
+			expectedEtag:     hex.EncodeToString(hashOK[:]),
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// Given
+			defaultLoginTranslations = tc.systemTranslationToSet
+
+			// When
+			translation, etag, err := getSystemTranslation(tc.inputLanguage, tc.inputInstanceLanguage)
+
+			// Verify
+			require.Equal(t, tc.expectedError, err)
+			assert.Equal(t, tc.expectedLanguage, translation)
+			assert.Equal(t, tc.expectedEtag, etag)
+		})
+	}
+}
+
+func TestGetTranslationOutput(t *testing.T) {
+	t.Parallel()
+
+	validMap := map[string]any{"loginHeader": "A login header"}
+	protoMap, err := structpb.NewStruct(validMap)
+	require.NoError(t, err)
+
+	hash := md5.Sum(fmt.Append(nil, validMap))
+	encodedHash := hex.EncodeToString(hash[:])
+
+	tt := []struct {
+		testName         string
+		inputTranslation map[string]any
+		expectedError    error
+		expectedResponse *settings.GetHostedLoginTranslationResponse
+	}{
+		{
+			testName:         "when unparsable map should return internal error",
+			inputTranslation: map[string]any{"\xc5z": "something"},
+			expectedError:    zerrors.ThrowInternal(protoimpl.X.NewError("invalid UTF-8 in string: %q", "\xc5z"), "QUERY-70ppPp", "Errors.Protobuf.ConvertToStruct"),
+		},
+		{
+			testName:         "when input translation is valid should return expected response message",
+			inputTranslation: validMap,
+			expectedResponse: &settings.GetHostedLoginTranslationResponse{
+				Translations: protoMap,
+				Etag:         hex.EncodeToString(hash[:]),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res, err := getTranslationOutputMessage(tc.inputTranslation, encodedHash)
+
+			// Verify
+			require.Equal(t, tc.expectedError, err)
+			assert.Equal(t, tc.expectedResponse, res)
+		})
+	}
+}
+
+func TestGetHostedLoginTranslation(t *testing.T) {
+	query := `SELECT projections.hosted_login_translations.file, projections.hosted_login_translations.aggregate_type, projections.hosted_login_translations.etag
+	FROM projections.hosted_login_translations
+	WHERE projections.hosted_login_translations.aggregate_id = $1
+	AND projections.hosted_login_translations.aggregate_type = $2
+	AND projections.hosted_login_translations.instance_id = $3
+	AND (projections.hosted_login_translations.locale = $4 OR projections.hosted_login_translations.locale = $5)
+	LIMIT 2`
+	okTranslation := defaultLoginTranslations
+
+	parsedOKTranslation := map[string]map[string]any{}
+	require.NoError(t, json.Unmarshal(okTranslation, &parsedOKTranslation))
+
+	protoDefaultTranslation, err := structpb.NewStruct(parsedOKTranslation["en"])
+	require.Nil(t, err)
+
+	defaultWithDBTranslations := maps.Clone(parsedOKTranslation["en"])
+	defaultWithDBTranslations["test"] = "translation"
+	defaultWithDBTranslations["test2"] = "translation2"
+	protoDefaultWithDBTranslation, err := structpb.NewStruct(defaultWithDBTranslations)
+	require.NoError(t, err)
+
+	nilProtoDefaultMap, err := structpb.NewStruct(nil)
+	require.NoError(t, err)
+
+	hashDefaultTranslations := md5.Sum(fmt.Append(nil, parsedOKTranslation["en"]))
+
+	tt := []struct {
+		testName string
+
+		defaultInstanceLanguage language.Tag
+		sqlExpectations         []mock.Expectation
+
+		inputRequest *settings.GetHostedLoginTranslationRequest
+
+		expectedError  error
+		expectedResult *settings.GetHostedLoginTranslationResponse
+	}{
+		{
+			testName: "when input language is invalid should return invalid argument error",
+
+			inputRequest: &settings.GetHostedLoginTranslationRequest{},
+
+			expectedError: zerrors.ThrowInvalidArgument(nil, "QUERY-rZLAGi", "Errors.Arguments.Locale.Invalid"),
+		},
+		{
+			testName: "when input language is root should return invalid argument error",
+
+			defaultInstanceLanguage: language.English,
+			inputRequest: &settings.GetHostedLoginTranslationRequest{
+				Locale: "root",
+			},
+
+			expectedError: zerrors.ThrowInvalidArgument(nil, "QUERY-rZLAGi", "Errors.Arguments.Locale.Invalid"),
+		},
+		{
+			testName: "when no system translation is available should return not found error",
+
+			defaultInstanceLanguage: language.Romanian,
+			inputRequest: &settings.GetHostedLoginTranslationRequest{
+				Locale: "ro-RO",
+			},
+
+			expectedError: zerrors.ThrowNotFoundf(nil, "QUERY-6gb5QR", "Errors.Query.HostedLoginTranslationNotFound-%s", "ro"),
+		},
+		{
+			testName: "when requesting system translation should return it",
+
+			defaultInstanceLanguage: language.English,
+			inputRequest: &settings.GetHostedLoginTranslationRequest{
+				Locale: "en-US",
+				Level:  &settings.GetHostedLoginTranslationRequest_System{},
+			},
+
+			expectedResult: &settings.GetHostedLoginTranslationResponse{
+				Translations: protoDefaultTranslation,
+				Etag:         hex.EncodeToString(hashDefaultTranslations[:]),
+			},
+		},
+		{
+			testName: "when querying DB fails should return internal error",
+
+			defaultInstanceLanguage: language.English,
+			sqlExpectations: []mock.Expectation{
+				mock.ExpectQuery(
+					query,
+					mock.WithQueryArgs("123", "org", "instance-id", "en-US", "en"),
+					mock.WithQueryErr(sql.ErrConnDone),
+				),
+			},
+			inputRequest: &settings.GetHostedLoginTranslationRequest{
+				Locale: "en-US",
+				Level: &settings.GetHostedLoginTranslationRequest_OrganizationId{
+					OrganizationId: "123",
+				},
+			},
+
+			expectedError: zerrors.ThrowInternal(sql.ErrConnDone, "QUERY-6k1zjx", "Errors.Internal"),
+		},
+		{
+			testName: "when querying DB returns no result should return system translations",
+
+			defaultInstanceLanguage: language.English,
+			sqlExpectations: []mock.Expectation{
+				mock.ExpectQuery(
+					query,
+					mock.WithQueryArgs("123", "org", "instance-id", "en-US", "en"),
+					mock.WithQueryResult(
+						[]string{"file", "aggregate_type", "etag"},
+						[][]driver.Value{},
+					),
+				),
+			},
+			inputRequest: &settings.GetHostedLoginTranslationRequest{
+				Locale: "en-US",
+				Level: &settings.GetHostedLoginTranslationRequest_OrganizationId{
+					OrganizationId: "123",
+				},
+			},
+
+			expectedResult: &settings.GetHostedLoginTranslationResponse{
+				Translations: protoDefaultTranslation,
+				Etag:         hex.EncodeToString(hashDefaultTranslations[:]),
+			},
+		},
+		{
+			testName: "when querying DB returns no result and inheritance disabled should return empty result",
+
+			defaultInstanceLanguage: language.English,
+			sqlExpectations: []mock.Expectation{
+				mock.ExpectQuery(
+					query,
+					mock.WithQueryArgs("123", "org", "instance-id", "en-US", "en"),
+					mock.WithQueryResult(
+						[]string{"file", "aggregate_type", "etag"},
+						[][]driver.Value{},
+					),
+				),
+			},
+			inputRequest: &settings.GetHostedLoginTranslationRequest{
+				Locale: "en-US",
+				Level: &settings.GetHostedLoginTranslationRequest_OrganizationId{
+					OrganizationId: "123",
+				},
+				IgnoreInheritance: true,
+			},
+
+			expectedResult: &settings.GetHostedLoginTranslationResponse{
+				Etag:         "",
+				Translations: nilProtoDefaultMap,
+			},
+		},
+		{
+			testName: "when querying DB returns records should return merged result",
+
+			defaultInstanceLanguage: language.English,
+			sqlExpectations: []mock.Expectation{
+				mock.ExpectQuery(
+					query,
+					mock.WithQueryArgs("123", "org", "instance-id", "en-US", "en"),
+					mock.WithQueryResult(
+						[]string{"file", "aggregate_type", "etag"},
+						[][]driver.Value{
+							{[]byte(`{"test": "translation"}`), "org", "etag-org"},
+							{[]byte(`{"test2": "translation2"}`), "instance", "etag-instance"},
+						},
+					),
+				),
+			},
+			inputRequest: &settings.GetHostedLoginTranslationRequest{
+				Locale: "en-US",
+				Level: &settings.GetHostedLoginTranslationRequest_OrganizationId{
+					OrganizationId: "123",
+				},
+			},
+
+			expectedResult: &settings.GetHostedLoginTranslationResponse{
+				Etag:         "etag-org",
+				Translations: protoDefaultWithDBTranslation,
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// Given
+			db := &database.DB{DB: mock.NewSQLMock(t, tc.sqlExpectations...).DB}
+			querier := Queries{client: db}
+
+			ctx := authz.NewMockContext("instance-id", "org-id", "user-id", authz.WithMockDefaultLanguage(tc.defaultInstanceLanguage))
+
+			// When
+			res, err := querier.GetHostedLoginTranslation(ctx, tc.inputRequest)
+
+			// Verify
+			require.Equal(t, tc.expectedError, err)
+
+			if tc.expectedError == nil {
+				assert.Equal(t, tc.expectedResult.GetEtag(), res.GetEtag())
+				assert.Equal(t, tc.expectedResult.GetTranslations().GetFields(), res.GetTranslations().GetFields())
+			}
+		})
+	}
+}
diff --git a/internal/query/projection/hosted_login_translation.go b/internal/query/projection/hosted_login_translation.go
new file mode 100644
index 0000000000..865d3738b9
--- /dev/null
+++ b/internal/query/projection/hosted_login_translation.go
@@ -0,0 +1,144 @@
+package projection
+
+import (
+	"context"
+	"crypto/md5"
+	"encoding/hex"
+	"fmt"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	old_handler "github.com/zitadel/zitadel/internal/eventstore/handler"
+	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
+	"github.com/zitadel/zitadel/internal/repository/instance"
+	"github.com/zitadel/zitadel/internal/repository/org"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	HostedLoginTranslationTable = "projections.hosted_login_translations"
+
+	HostedLoginTranslationInstanceIDCol    = "instance_id"
+	HostedLoginTranslationCreationDateCol  = "creation_date"
+	HostedLoginTranslationChangeDateCol    = "change_date"
+	HostedLoginTranslationAggregateIDCol   = "aggregate_id"
+	HostedLoginTranslationAggregateTypeCol = "aggregate_type"
+	HostedLoginTranslationSequenceCol      = "sequence"
+	HostedLoginTranslationLocaleCol        = "locale"
+	HostedLoginTranslationFileCol          = "file"
+	HostedLoginTranslationEtagCol          = "etag"
+)
+
+type hostedLoginTranslationProjection struct{}
+
+func newHostedLoginTranslationProjection(ctx context.Context, config handler.Config) *handler.Handler {
+	return handler.NewHandler(ctx, &config, new(hostedLoginTranslationProjection))
+}
+
+// Init implements [handler.initializer]
+func (p *hostedLoginTranslationProjection) Init() *old_handler.Check {
+	return handler.NewTableCheck(
+		handler.NewTable([]*handler.InitColumn{
+			handler.NewColumn(HostedLoginTranslationInstanceIDCol, handler.ColumnTypeText),
+			handler.NewColumn(HostedLoginTranslationCreationDateCol, handler.ColumnTypeTimestamp),
+			handler.NewColumn(HostedLoginTranslationChangeDateCol, handler.ColumnTypeTimestamp),
+			handler.NewColumn(HostedLoginTranslationAggregateIDCol, handler.ColumnTypeText),
+			handler.NewColumn(HostedLoginTranslationAggregateTypeCol, handler.ColumnTypeText),
+			handler.NewColumn(HostedLoginTranslationSequenceCol, handler.ColumnTypeInt64),
+			handler.NewColumn(HostedLoginTranslationLocaleCol, handler.ColumnTypeText),
+			handler.NewColumn(HostedLoginTranslationFileCol, handler.ColumnTypeJSONB),
+			handler.NewColumn(HostedLoginTranslationEtagCol, handler.ColumnTypeText),
+		},
+			handler.NewPrimaryKey(
+				HostedLoginTranslationInstanceIDCol,
+				HostedLoginTranslationAggregateIDCol,
+				HostedLoginTranslationAggregateTypeCol,
+				HostedLoginTranslationLocaleCol,
+			),
+		),
+	)
+}
+
+func (hltp *hostedLoginTranslationProjection) Name() string {
+	return HostedLoginTranslationTable
+}
+
+func (hltp *hostedLoginTranslationProjection) Reducers() []handler.AggregateReducer {
+	return []handler.AggregateReducer{
+		{
+			Aggregate: org.AggregateType,
+			EventReducers: []handler.EventReducer{
+				{
+					Event:  org.HostedLoginTranslationSet,
+					Reduce: hltp.reduceSet,
+				},
+			},
+		},
+		{
+			Aggregate: instance.AggregateType,
+			EventReducers: []handler.EventReducer{
+				{
+					Event:  instance.HostedLoginTranslationSet,
+					Reduce: hltp.reduceSet,
+				},
+			},
+		},
+	}
+}
+
+func (hltp *hostedLoginTranslationProjection) reduceSet(e eventstore.Event) (*handler.Statement, error) {
+
+	switch e := e.(type) {
+	case *org.HostedLoginTranslationSetEvent:
+		orgEvent := *e
+		return handler.NewUpsertStatement(
+			&orgEvent,
+			[]handler.Column{
+				handler.NewCol(HostedLoginTranslationInstanceIDCol, nil),
+				handler.NewCol(HostedLoginTranslationAggregateIDCol, nil),
+				handler.NewCol(HostedLoginTranslationAggregateTypeCol, nil),
+				handler.NewCol(HostedLoginTranslationLocaleCol, nil),
+			},
+			[]handler.Column{
+				handler.NewCol(HostedLoginTranslationInstanceIDCol, orgEvent.Aggregate().InstanceID),
+				handler.NewCol(HostedLoginTranslationAggregateIDCol, orgEvent.Aggregate().ID),
+				handler.NewCol(HostedLoginTranslationAggregateTypeCol, orgEvent.Aggregate().Type),
+				handler.NewCol(HostedLoginTranslationCreationDateCol, handler.OnlySetValueOnInsert(HostedLoginTranslationTable, orgEvent.CreationDate())),
+				handler.NewCol(HostedLoginTranslationChangeDateCol, orgEvent.CreationDate()),
+				handler.NewCol(HostedLoginTranslationSequenceCol, orgEvent.Sequence()),
+				handler.NewCol(HostedLoginTranslationLocaleCol, orgEvent.Language),
+				handler.NewCol(HostedLoginTranslationFileCol, orgEvent.Translation),
+				handler.NewCol(HostedLoginTranslationEtagCol, hltp.computeEtag(orgEvent.Translation)),
+			},
+		), nil
+	case *instance.HostedLoginTranslationSetEvent:
+		instanceEvent := *e
+		return handler.NewUpsertStatement(
+			&instanceEvent,
+			[]handler.Column{
+				handler.NewCol(HostedLoginTranslationInstanceIDCol, nil),
+				handler.NewCol(HostedLoginTranslationAggregateIDCol, nil),
+				handler.NewCol(HostedLoginTranslationAggregateTypeCol, nil),
+				handler.NewCol(HostedLoginTranslationLocaleCol, nil),
+			},
+			[]handler.Column{
+				handler.NewCol(HostedLoginTranslationInstanceIDCol, instanceEvent.Aggregate().InstanceID),
+				handler.NewCol(HostedLoginTranslationAggregateIDCol, instanceEvent.Aggregate().ID),
+				handler.NewCol(HostedLoginTranslationAggregateTypeCol, instanceEvent.Aggregate().Type),
+				handler.NewCol(HostedLoginTranslationCreationDateCol, handler.OnlySetValueOnInsert(HostedLoginTranslationTable, instanceEvent.CreationDate())),
+				handler.NewCol(HostedLoginTranslationChangeDateCol, instanceEvent.CreationDate()),
+				handler.NewCol(HostedLoginTranslationSequenceCol, instanceEvent.Sequence()),
+				handler.NewCol(HostedLoginTranslationLocaleCol, instanceEvent.Language),
+				handler.NewCol(HostedLoginTranslationFileCol, instanceEvent.Translation),
+				handler.NewCol(HostedLoginTranslationEtagCol, hltp.computeEtag(instanceEvent.Translation)),
+			},
+		), nil
+	default:
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "PROJE-AZshaa", "reduce.wrong.event.type %v", []eventstore.EventType{org.HostedLoginTranslationSet})
+	}
+
+}
+
+func (hltp *hostedLoginTranslationProjection) computeEtag(translation map[string]any) string {
+	hash := md5.Sum(fmt.Append(nil, translation))
+	return hex.EncodeToString(hash[:])
+}
diff --git a/internal/query/projection/projection.go b/internal/query/projection/projection.go
index 77a28ac79a..5ad62380ea 100644
--- a/internal/query/projection/projection.go
+++ b/internal/query/projection/projection.go
@@ -86,6 +86,7 @@ var (
 	UserSchemaProjection                *handler.Handler
 	WebKeyProjection                    *handler.Handler
 	DebugEventsProjection               *handler.Handler
+	HostedLoginTranslationProjection    *handler.Handler
 
 	ProjectGrantFields      *handler.FieldHandler
 	OrgDomainVerifiedFields *handler.FieldHandler
@@ -179,6 +180,7 @@ func Create(ctx context.Context, sqlClient *database.DB, es handler.EventStore,
 	UserSchemaProjection = newUserSchemaProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["user_schemas"]))
 	WebKeyProjection = newWebKeyProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["web_keys"]))
 	DebugEventsProjection = newDebugEventsProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["debug_events"]))
+	HostedLoginTranslationProjection = newHostedLoginTranslationProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["hosted_login_translation"]))
 
 	ProjectGrantFields = newFillProjectGrantFields(applyCustomConfig(projectionConfig, config.Customizations[fieldsProjectGrant]))
 	OrgDomainVerifiedFields = newFillOrgDomainVerifiedFields(applyCustomConfig(projectionConfig, config.Customizations[fieldsOrgDomainVerified]))
@@ -357,5 +359,6 @@ func newProjectionsList() {
 		UserSchemaProjection,
 		WebKeyProjection,
 		DebugEventsProjection,
+		HostedLoginTranslationProjection,
 	}
 }
diff --git a/internal/query/v2-default.json b/internal/query/v2-default.json
new file mode 100644
index 0000000000..c86396ef34
--- /dev/null
+++ b/internal/query/v2-default.json
@@ -0,0 +1,1557 @@
+{
+    "de":{
+        "common": {
+            "back": "Zurück"
+        },
+        "accounts": {
+            "title": "Konten",
+            "description": "Wählen Sie das Konto aus, das Sie verwenden möchten.",
+            "addAnother": "Ein weiteres Konto hinzufügen",
+            "noResults": "Keine Konten gefunden"
+        },
+        "loginname": {
+            "title": "Willkommen zurück!",
+            "description": "Geben Sie Ihre Anmeldedaten ein.",
+            "register": "Neuen Benutzer registrieren"
+        },
+        "password": {
+            "verify": {
+            "title": "Passwort",
+            "description": "Geben Sie Ihr Passwort ein.",
+            "resetPassword": "Passwort zurücksetzen",
+            "submit": "Weiter"
+            },
+            "set": {
+            "title": "Passwort festlegen",
+            "description": "Legen Sie das Passwort für Ihr Konto fest",
+            "codeSent": "Ein Code wurde an Ihre E-Mail-Adresse gesendet.",
+            "noCodeReceived": "Keinen Code erhalten?",
+            "resend": "Erneut senden",
+            "submit": "Weiter"
+            },
+            "change": {
+            "title": "Passwort ändern",
+            "description": "Legen Sie das Passwort für Ihr Konto fest",
+            "submit": "Weiter"
+            }
+        },
+        "idp": {
+            "title": "Mit SSO anmelden",
+            "description": "Wählen Sie einen der folgenden Anbieter, um sich anzumelden",
+            "signInWithApple": "Mit Apple anmelden",
+            "signInWithGoogle": "Mit Google anmelden",
+            "signInWithAzureAD": "Mit AzureAD anmelden",
+            "signInWithGithub": "Mit GitHub anmelden",
+            "signInWithGitlab": "Mit GitLab anmelden",
+            "loginSuccess": {
+            "title": "Anmeldung erfolgreich",
+            "description": "Sie haben sich erfolgreich angemeldet!"
+            },
+            "linkingSuccess": {
+            "title": "Konto verknüpft",
+            "description": "Sie haben Ihr Konto erfolgreich verknüpft!"
+            },
+            "registerSuccess": {
+            "title": "Registrierung erfolgreich",
+            "description": "Sie haben sich erfolgreich registriert!"
+            },
+            "loginError": {
+            "title": "Anmeldung fehlgeschlagen",
+            "description": "Beim Anmelden ist ein Fehler aufgetreten."
+            },
+            "linkingError": {
+            "title": "Konto-Verknüpfung fehlgeschlagen",
+            "description": "Beim Verknüpfen Ihres Kontos ist ein Fehler aufgetreten."
+            }
+        },
+        "mfa": {
+            "verify": {
+            "title": "Bestätigen Sie Ihre Identität",
+            "description": "Wählen Sie einen der folgenden Faktoren.",
+            "noResults": "Keine zweiten Faktoren verfügbar, um sie einzurichten."
+            },
+            "set": {
+            "title": "2-Faktor einrichten",
+            "description": "Wählen Sie einen der folgenden zweiten Faktoren.",
+            "skip": "Überspringen"
+            }
+        },
+        "otp": {
+            "verify": {
+            "title": "2-Faktor bestätigen",
+            "totpDescription": "Geben Sie den Code aus Ihrer Authentifizierungs-App ein.",
+            "smsDescription": "Geben Sie den Code ein, den Sie per SMS erhalten haben.",
+            "emailDescription": "Geben Sie den Code ein, den Sie per E-Mail erhalten haben.",
+            "noCodeReceived": "Keinen Code erhalten?",
+            "resendCode": "Code erneut senden",
+            "submit": "Weiter"
+            },
+            "set": {
+            "title": "2-Faktor einrichten",
+            "totpDescription": "Scannen Sie den QR-Code mit Ihrer Authentifizierungs-App.",
+            "smsDescription": "Geben Sie Ihre Telefonnummer ein, um einen Code per SMS zu erhalten.",
+            "emailDescription": "Geben Sie Ihre E-Mail-Adresse ein, um einen Code per E-Mail zu erhalten.",
+            "totpRegisterDescription": "Scannen Sie den QR-Code oder navigieren Sie manuell zur URL.",
+            "submit": "Weiter"
+            }
+        },
+        "passkey": {
+            "verify": {
+            "title": "Mit einem Passkey authentifizieren",
+            "description": "Ihr Gerät wird nach Ihrem Fingerabdruck, Gesicht oder Bildschirmsperre fragen",
+            "usePassword": "Passwort verwenden",
+            "submit": "Weiter"
+            },
+            "set": {
+            "title": "Passkey einrichten",
+            "description": "Ihr Gerät wird nach Ihrem Fingerabdruck, Gesicht oder Bildschirmsperre fragen",
+            "info": {
+                "description": "Ein Passkey ist eine Authentifizierungsmethode auf einem Gerät wie Ihr Fingerabdruck, Apple FaceID oder ähnliches.",
+                "link": "Passwortlose Authentifizierung"
+            },
+            "skip": "Überspringen",
+            "submit": "Weiter"
+            }
+        },
+        "u2f": {
+            "verify": {
+            "title": "2-Faktor bestätigen",
+            "description": "Bestätigen Sie Ihr Konto mit Ihrem Gerät."
+            },
+            "set": {
+            "title": "2-Faktor einrichten",
+            "description": "Richten Sie ein Gerät als zweiten Faktor ein.",
+            "submit": "Weiter"
+            }
+        },
+        "register": {
+            "methods": {
+            "passkey": "Passkey",
+            "password": "Password"
+            },
+            "disabled": {
+            "title": "Registrierung deaktiviert",
+            "description": "Die Registrierung ist deaktiviert. Bitte wenden Sie sich an den Administrator."
+            },
+            "missingdata": {
+            "title": "Registrierung fehlgeschlagen",
+            "description": "Einige Daten fehlen. Bitte überprüfen Sie Ihre Eingaben."
+            },
+            "title": "Registrieren",
+            "description": "Erstellen Sie Ihr ZITADEL-Konto.",
+            "selectMethod": "Wählen Sie die Methode, mit der Sie sich authentifizieren möchten",
+            "agreeTo": "Um sich zu registrieren, müssen Sie den Nutzungsbedingungen zustimmen",
+            "termsOfService": "Nutzungsbedingungen",
+            "privacyPolicy": "Datenschutzrichtlinie",
+            "submit": "Weiter",
+            "password": {
+            "title": "Passwort festlegen",
+            "description": "Legen Sie das Passwort für Ihr Konto fest",
+            "submit": "Weiter"
+            }
+        },
+        "invite": {
+            "title": "Benutzer einladen",
+            "description": "Geben Sie die E-Mail-Adresse des Benutzers ein, den Sie einladen möchten.",
+            "info": "Der Benutzer erhält eine E-Mail mit einem Link, um sich zu registrieren.",
+            "notAllowed": "Sie haben keine Berechtigung, Benutzer einzuladen.",
+            "submit": "Einladen",
+            "success": {
+            "title": "Einladung erfolgreich",
+            "description": "Der Benutzer wurde erfolgreich eingeladen.",
+            "verified": "Der Benutzer wurde eingeladen und hat seine E-Mail bereits verifiziert.",
+            "notVerifiedYet": "Der Benutzer wurde eingeladen. Er erhält eine E-Mail mit weiteren Anweisungen.",
+            "submit": "Weiteren Benutzer einladen"
+            }
+        },
+        "signedin": {
+            "title": "Willkommen {user}!",
+            "description": "Sie sind angemeldet.",
+            "continue": "Weiter",
+            "error": {
+            "title": "Fehler",
+            "description": "Ein Fehler ist aufgetreten."
+            }
+        },
+        "verify": {
+            "userIdMissing": "Keine Benutzer-ID angegeben!",
+            "success": "Erfolgreich verifiziert",
+            "setupAuthenticator": "Authentifikator einrichten",
+            "verify": {
+            "title": "Benutzer verifizieren",
+            "description": "Geben Sie den Code ein, der in der Bestätigungs-E-Mail angegeben ist.",
+            "noCodeReceived": "Keinen Code erhalten?",
+            "resendCode": "Code erneut senden",
+            "submit": "Weiter"
+            }
+        },
+        "authenticator": {
+            "title": "Authentifizierungsmethode auswählen",
+            "description": "Wählen Sie die Methode, mit der Sie sich authentifizieren möchten.",
+            "noMethodsAvailable": "Keine Authentifizierungsmethoden verfügbar",
+            "allSetup": "Sie haben bereits einen Authentifikator eingerichtet!",
+            "linkWithIDP": "oder verknüpfe mit einem Identitätsanbieter"
+        },
+        "device": {
+            "usercode": {
+            "title": "Gerätecode",
+            "description": "Geben Sie den Code ein.",
+            "submit": "Weiter"
+            },
+            "request": {
+            "title": "{appName} möchte eine Verbindung herstellen:",
+            "disclaimer": "{appName} hat Zugriff auf:",
+            "description": "Durch Klicken auf Zulassen erlauben Sie {appName} und Zitadel, Ihre Informationen gemäß ihren jeweiligen Nutzungsbedingungen und Datenschutzrichtlinien zu verwenden. Sie können diesen Zugriff jederzeit widerrufen.",
+            "submit": "Zulassen",
+            "deny": "Ablehnen"
+            },
+            "scope": {
+            "openid": "Überprüfen Ihrer Identität.",
+            "email": "Zugriff auf Ihre E-Mail-Adresse.",
+            "profile": "Zugriff auf Ihre vollständigen Profilinformationen.",
+            "offline_access": "Erlauben Sie den Offline-Zugriff auf Ihr Konto."
+            }
+        },
+        "error": {
+            "noUserCode": "Kein Benutzercode angegeben!",
+            "noDeviceRequest": " Es wurde keine Geräteanforderung gefunden. Bitte überprüfen Sie die URL.",
+            "unknownContext": "Der Kontext des Benutzers konnte nicht ermittelt werden. Stellen Sie sicher, dass Sie zuerst den Benutzernamen eingeben oder einen loginName als Suchparameter angeben.",
+            "sessionExpired": "Ihre aktuelle Sitzung ist abgelaufen. Bitte melden Sie sich erneut an.",
+            "failedLoading": "Daten konnten nicht geladen werden. Bitte versuchen Sie es erneut.",
+            "tryagain": "Erneut versuchen"
+        }
+    },
+    "en":{
+        "common": {
+            "back": "Back"
+        },
+        "accounts": {
+            "title": "Accounts",
+            "description": "Select the account you want to use.",
+            "addAnother": "Add another account",
+            "noResults": "No accounts found"
+        },
+        "loginname": {
+            "title": "Welcome back!",
+            "description": "Enter your login data.",
+            "register": "Register new user"
+        },
+        "password": {
+            "verify": {
+            "title": "Password",
+            "description": "Enter your password.",
+            "resetPassword": "Reset Password",
+            "submit": "Continue"
+            },
+            "set": {
+            "title": "Set Password",
+            "description": "Set the password for your account",
+            "codeSent": "A code has been sent to your email address.",
+            "noCodeReceived": "Didn't receive a code?",
+            "resend": "Resend code",
+            "submit": "Continue"
+            },
+            "change": {
+            "title": "Change Password",
+            "description": "Set the password for your account",
+            "submit": "Continue"
+            }
+        },
+        "idp": {
+            "title": "Sign in with SSO",
+            "description": "Select one of the following providers to sign in",
+            "signInWithApple": "Sign in with Apple",
+            "signInWithGoogle": "Sign in with Google",
+            "signInWithAzureAD": "Sign in with AzureAD",
+            "signInWithGithub": "Sign in with GitHub",
+            "signInWithGitlab": "Sign in with GitLab",
+            "loginSuccess": {
+            "title": "Login successful",
+            "description": "You have successfully been loggedIn!"
+            },
+            "linkingSuccess": {
+            "title": "Account linked",
+            "description": "You have successfully linked your account!"
+            },
+            "registerSuccess": {
+            "title": "Registration successful",
+            "description": "You have successfully registered!"
+            },
+            "loginError": {
+            "title": "Login failed",
+            "description": "An error occurred while trying to login."
+            },
+            "linkingError": {
+            "title": "Account linking failed",
+            "description": "An error occurred while trying to link your account."
+            }
+        },
+        "mfa": {
+            "verify": {
+            "title": "Verify your identity",
+            "description": "Choose one of the following factors.",
+            "noResults": "No second factors available to setup."
+            },
+            "set": {
+            "title": "Set up 2-Factor",
+            "description": "Choose one of the following second factors.",
+            "skip": "Skip"
+            }
+        },
+        "otp": {
+            "verify": {
+            "title": "Verify 2-Factor",
+            "totpDescription": "Enter the code from your authenticator app.",
+            "smsDescription": "Enter the code you received via SMS.",
+            "emailDescription": "Enter the code you received via email.",
+            "noCodeReceived": "Didn't receive a code?",
+            "resendCode": "Resend code",
+            "submit": "Continue"
+            },
+            "set": {
+            "title": "Set up 2-Factor",
+            "totpDescription": "Scan the QR code with your authenticator app.",
+            "smsDescription": "Enter your phone number to receive a code via SMS.",
+            "emailDescription": "Enter your email address to receive a code via email.",
+            "totpRegisterDescription": "Scan the QR Code or navigate to the URL manually.",
+            "submit": "Continue"
+            }
+        },
+        "passkey": {
+            "verify": {
+            "title": "Authenticate with a passkey",
+            "description": "Your device will ask for your fingerprint, face, or screen lock",
+            "usePassword": "Use password",
+            "submit": "Continue"
+            },
+            "set": {
+            "title": "Setup a passkey",
+            "description": "Your device will ask for your fingerprint, face, or screen lock",
+            "info": {
+                "description": "A passkey is an authentication method on a device like your fingerprint, Apple FaceID or similar. ",
+                "link": "Passwordless Authentication"
+            },
+            "skip": "Skip",
+            "submit": "Continue"
+            }
+        },
+        "u2f": {
+            "verify": {
+            "title": "Verify 2-Factor",
+            "description": "Verify your account with your device."
+            },
+            "set": {
+            "title": "Set up 2-Factor",
+            "description": "Set up a device as a second factor.",
+            "submit": "Continue"
+            }
+        },
+        "register": {
+            "methods": {
+            "passkey": "Passkey",
+            "password": "Password"
+            },
+            "disabled": {
+            "title": "Registration disabled",
+            "description": "The registration is disabled. Please contact your administrator."
+            },
+            "missingdata": {
+            "title": "Missing data",
+            "description": "Provide email, first and last name to register."
+            },
+            "title": "Register",
+            "description": "Create your ZITADEL account.",
+            "selectMethod": "Select the method you would like to authenticate",
+            "agreeTo": "To register you must agree to the terms and conditions",
+            "termsOfService": "Terms of Service",
+            "privacyPolicy": "Privacy Policy",
+            "submit": "Continue",
+            "password": {
+            "title": "Set Password",
+            "description": "Set the password for your account",
+            "submit": "Continue"
+            }
+        },
+        "invite": {
+            "title": "Invite User",
+            "description": "Provide the email address and the name of the user you want to invite.",
+            "info": "The user will receive an email with further instructions.",
+            "notAllowed": "Your settings do not allow you to invite users.",
+            "submit": "Continue",
+            "success": {
+            "title": "User invited",
+            "description": "The email has successfully been sent.",
+            "verified": "The user has been invited and has already verified his email.",
+            "notVerifiedYet": "The user has been invited. They will receive an email with further instructions.",
+            "submit": "Invite another user"
+            }
+        },
+        "signedin": {
+            "title": "Welcome {user}!",
+            "description": "You are signed in.",
+            "continue": "Continue",
+            "error": {
+            "title": "Error",
+            "description": "An error occurred while trying to sign in."
+            }
+        },
+        "verify": {
+            "userIdMissing": "No userId provided!",
+            "success": "The user has been verified successfully.",
+            "setupAuthenticator": "Setup authenticator",
+            "verify": {
+            "title": "Verify user",
+            "description": "Enter the Code provided in the verification email.",
+            "noCodeReceived": "Didn't receive a code?",
+            "resendCode": "Resend code",
+            "submit": "Continue"
+            }
+        },
+        "authenticator": {
+            "title": "Choose authentication method",
+            "description": "Select the method you would like to authenticate",
+            "noMethodsAvailable": "No authentication methods available",
+            "allSetup": "You have already setup an authenticator!",
+            "linkWithIDP": "or link with an Identity Provider"
+        },
+        "device": {
+            "usercode": {
+            "title": "Device code",
+            "description": "Enter the code displayed on your app or device.",
+            "submit": "Continue"
+            },
+            "request": {
+            "title": "{appName} would like to connect",
+            "description": "{appName} will have access to:",
+            "disclaimer": "By clicking Allow, you allow {appName} and Zitadel to use your information in accordance with their respective terms of service and privacy policies. You can revoke this access at any time.",
+            "submit": "Allow",
+            "deny": "Deny"
+            },
+            "scope": {
+            "openid": "Verify your identity.",
+            "email": "View your email address.",
+            "profile": "View your full profile information.",
+            "offline_access": "Allow offline access to your account."
+            }
+        },
+        "error": {
+            "noUserCode": "No user code provided!",
+            "noDeviceRequest": "No device request found.",
+            "unknownContext": "Could not get the context of the user. Make sure to enter the username first or provide a loginName as searchParam.",
+            "sessionExpired": "Your current session has expired. Please login again.",
+            "failedLoading": "Failed to load data. Please try again.",
+            "tryagain": "Try Again"
+        }
+    },
+    "es":{
+        "common": {
+            "back": "Atrás"
+        },
+        "accounts": {
+            "title": "Cuentas",
+            "description": "Selecciona la cuenta que deseas usar.",
+            "addAnother": "Agregar otra cuenta",
+            "noResults": "No se encontraron cuentas"
+        },
+        "loginname": {
+            "title": "¡Bienvenido de nuevo!",
+            "description": "Introduce tus datos de acceso.",
+            "register": "Registrar nuevo usuario"
+        },
+        "password": {
+            "verify": {
+            "title": "Contraseña",
+            "description": "Introduce tu contraseña.",
+            "resetPassword": "Restablecer contraseña",
+            "submit": "Continuar"
+            },
+            "set": {
+            "title": "Establecer Contraseña",
+            "description": "Establece la contraseña para tu cuenta",
+            "codeSent": "Se ha enviado un código a su correo electrónico.",
+            "noCodeReceived": "¿No recibiste un código?",
+            "resend": "Reenviar código",
+            "submit": "Continuar"
+            },
+            "change": {
+            "title": "Cambiar Contraseña",
+            "description": "Establece la contraseña para tu cuenta",
+            "submit": "Continuar"
+            }
+        },
+        "idp": {
+            "title": "Iniciar sesión con SSO",
+            "description": "Selecciona uno de los siguientes proveedores para iniciar sesión",
+            "signInWithApple": "Iniciar sesión con Apple",
+            "signInWithGoogle": "Iniciar sesión con Google",
+            "signInWithAzureAD": "Iniciar sesión con AzureAD",
+            "signInWithGithub": "Iniciar sesión con GitHub",
+            "signInWithGitlab": "Iniciar sesión con GitLab",
+            "loginSuccess": {
+            "title": "Inicio de sesión exitoso",
+            "description": "¡Has iniciado sesión con éxito!"
+            },
+            "linkingSuccess": {
+            "title": "Cuenta vinculada",
+            "description": "¡Has vinculado tu cuenta con éxito!"
+            },
+            "registerSuccess": {
+            "title": "Registro exitoso",
+            "description": "¡Te has registrado con éxito!"
+            },
+            "loginError": {
+            "title": "Error de inicio de sesión",
+            "description": "Ocurrió un error al intentar iniciar sesión."
+            },
+            "linkingError": {
+            "title": "Error al vincular la cuenta",
+            "description": "Ocurrió un error al intentar vincular tu cuenta."
+            }
+        },
+        "mfa": {
+            "verify": {
+            "title": "Verifica tu identidad",
+            "description": "Elige uno de los siguientes factores.",
+            "noResults": "No hay factores secundarios disponibles para configurar."
+            },
+            "set": {
+            "title": "Configurar autenticación de 2 factores",
+            "description": "Elige uno de los siguientes factores secundarios.",
+            "skip": "Omitir"
+            }
+        },
+        "otp": {
+            "verify": {
+            "title": "Verificar autenticación de 2 factores",
+            "totpDescription": "Introduce el código de tu aplicación de autenticación.",
+            "smsDescription": "Introduce el código que recibiste por SMS.",
+            "emailDescription": "Introduce el código que recibiste por correo electrónico.",
+            "noCodeReceived": "¿No recibiste un código?",
+            "resendCode": "Reenviar código",
+            "submit": "Continuar"
+            },
+            "set": {
+            "title": "Configurar autenticación de 2 factores",
+            "totpDescription": "Escanea el código QR con tu aplicación de autenticación.",
+            "smsDescription": "Introduce tu número de teléfono para recibir un código por SMS.",
+            "emailDescription": "Introduce tu dirección de correo electrónico para recibir un código por correo electrónico.",
+            "totpRegisterDescription": "Escanea el código QR o navega manualmente a la URL.",
+            "submit": "Continuar"
+            }
+        },
+        "passkey": {
+            "verify": {
+            "title": "Autenticar con una clave de acceso",
+            "description": "Tu dispositivo pedirá tu huella digital, rostro o bloqueo de pantalla",
+            "usePassword": "Usar contraseña",
+            "submit": "Continuar"
+            },
+            "set": {
+            "title": "Configurar una clave de acceso",
+            "description": "Tu dispositivo pedirá tu huella digital, rostro o bloqueo de pantalla",
+            "info": {
+                "description": "Una clave de acceso es un método de autenticación en un dispositivo como tu huella digital, Apple FaceID o similar.",
+                "link": "Autenticación sin contraseña"
+            },
+            "skip": "Omitir",
+            "submit": "Continuar"
+            }
+        },
+        "u2f": {
+            "verify": {
+            "title": "Verificar autenticación de 2 factores",
+            "description": "Verifica tu cuenta con tu dispositivo."
+            },
+            "set": {
+            "title": "Configurar autenticación de 2 factores",
+            "description": "Configura un dispositivo como segundo factor.",
+            "submit": "Continuar"
+            }
+        },
+        "register": {
+            "methods": {
+            "passkey": "Clave de acceso",
+            "password": "Contraseña"
+            },
+            "disabled": {
+            "title": "Registro deshabilitado",
+            "description": "Registrarse está deshabilitado en este momento."
+            },
+            "missingdata": {
+            "title": "Datos faltantes",
+            "description": "No se proporcionaron datos suficientes para el registro."
+            },
+            "title": "Registrarse",
+            "description": "Crea tu cuenta ZITADEL.",
+            "selectMethod": "Selecciona el método con el que deseas autenticarte",
+            "agreeTo": "Para registrarte debes aceptar los términos y condiciones",
+            "termsOfService": "Términos de Servicio",
+            "privacyPolicy": "Política de Privacidad",
+            "submit": "Continuar",
+            "password": {
+            "title": "Establecer Contraseña",
+            "description": "Establece la contraseña para tu cuenta",
+            "submit": "Continuar"
+            }
+        },
+        "invite": {
+            "title": "Invitar usuario",
+            "description": "Introduce el correo electrónico del usuario que deseas invitar.",
+            "info": "El usuario recibirá un correo electrónico con un enlace para completar el registro.",
+            "notAllowed": "No tienes permiso para invitar usuarios.",
+            "submit": "Invitar usuario",
+            "success": {
+            "title": "¡Usuario invitado!",
+            "description": "El usuario ha sido invitado.",
+            "verified": "El usuario ha sido invitado y ya ha verificado su correo electrónico.",
+            "notVerifiedYet": "El usuario ha sido invitado. Recibirá un correo electrónico con más instrucciones.",
+            "submit": "Invitar a otro usuario"
+            }
+        },
+        "signedin": {
+            "title": "¡Bienvenido {user}!",
+            "description": "Has iniciado sesión.",
+            "continue": "Continuar",
+            "error": {
+            "title": "Error",
+            "description": "Ocurrió un error al iniciar sesión."
+            }
+        },
+        "verify": {
+            "userIdMissing": "¡No se proporcionó userId!",
+            "success": "¡Verificación exitosa!",
+            "setupAuthenticator": "Configurar autenticador",
+            "verify": {
+            "title": "Verificar usuario",
+            "description": "Introduce el código proporcionado en el correo electrónico de verificación.",
+            "noCodeReceived": "¿No recibiste un código?",
+            "resendCode": "Reenviar código",
+            "submit": "Continuar"
+            }
+        },
+        "authenticator": {
+            "title": "Seleccionar método de autenticación",
+            "description": "Selecciona el método con el que deseas autenticarte",
+            "noMethodsAvailable": "No hay métodos de autenticación disponibles",
+            "allSetup": "¡Ya has configurado un autenticador!",
+            "linkWithIDP": "o vincúlalo con un proveedor de identidad"
+        },
+        "device": {
+            "usercode": {
+            "title": "Código del dispositivo",
+            "description": "Introduce el código.",
+            "submit": "Continuar"
+            },
+            "request": {
+            "title": "{appName} desea conectarse:",
+            "description": "{appName} tendrá acceso a:",
+            "disclaimer": "Al hacer clic en Permitir, autorizas a {appName} y a Zitadel a usar tu información de acuerdo con sus respectivos términos de servicio y políticas de privacidad. Puedes revocar este acceso en cualquier momento.",
+            "submit": "Permitir",
+            "deny": "Denegar"
+            },
+            "scope": {
+            "openid": "Verifica tu identidad.",
+            "email": "Accede a tu dirección de correo electrónico.",
+            "profile": "Accede a la información completa de tu perfil.",
+            "offline_access": "Permitir acceso sin conexión a tu cuenta."
+            }
+        },
+        "error": {
+            "noUserCode": "¡No se proporcionó código de usuario!",
+            "noDeviceRequest": "No se encontró ninguna solicitud de dispositivo.",
+            "unknownContext": "No se pudo obtener el contexto del usuario. Asegúrate de ingresar primero el nombre de usuario o proporcionar un loginName como parámetro de búsqueda.",
+            "sessionExpired": "Tu sesión actual ha expirado. Por favor, inicia sesión de nuevo.",
+            "failedLoading": "No se pudieron cargar los datos. Por favor, inténtalo de nuevo.",
+            "tryagain": "Intentar de nuevo"
+        }
+    },
+    "it":{
+        "common": {
+            "back": "Indietro"
+        },
+        "accounts": {
+            "title": "Account",
+            "description": "Seleziona l'account che desideri utilizzare.",
+            "addAnother": "Aggiungi un altro account",
+            "noResults": "Nessun account trovato"
+        },
+        "loginname": {
+            "title": "Bentornato!",
+            "description": "Inserisci i tuoi dati di accesso.",
+            "register": "Registrati come nuovo utente"
+        },
+        "password": {
+            "verify": {
+            "title": "Password",
+            "description": "Inserisci la tua password.",
+            "resetPassword": "Reimposta Password",
+            "submit": "Continua"
+            },
+            "set": {
+            "title": "Imposta Password",
+            "description": "Imposta la password per il tuo account",
+            "codeSent": "Un codice è stato inviato al tuo indirizzo email.",
+            "noCodeReceived": "Non hai ricevuto un codice?",
+            "resend": "Invia di nuovo",
+            "submit": "Continua"
+            },
+            "change": {
+            "title": "Cambia Password",
+            "description": "Imposta la password per il tuo account",
+            "submit": "Continua"
+            }
+        },
+        "idp": {
+            "title": "Accedi con SSO",
+            "description": "Seleziona uno dei seguenti provider per accedere",
+            "signInWithApple": "Accedi con Apple",
+            "signInWithGoogle": "Accedi con Google",
+            "signInWithAzureAD": "Accedi con AzureAD",
+            "signInWithGithub": "Accedi con GitHub",
+            "signInWithGitlab": "Accedi con GitLab",
+            "loginSuccess": {
+            "title": "Accesso riuscito",
+            "description": "Accesso effettuato con successo!"
+            },
+            "linkingSuccess": {
+            "title": "Account collegato",
+            "description": "Hai collegato con successo il tuo account!"
+            },
+            "registerSuccess": {
+            "title": "Registrazione riuscita",
+            "description": "Registrazione effettuata con successo!"
+            },
+            "loginError": {
+            "title": "Accesso fallito",
+            "description": "Si è verificato un errore durante il tentativo di accesso."
+            },
+            "linkingError": {
+            "title": "Collegamento account fallito",
+            "description": "Si è verificato un errore durante il tentativo di collegare il tuo account."
+            }
+        },
+        "mfa": {
+            "verify": {
+            "title": "Verifica la tua identità",
+            "description": "Scegli uno dei seguenti fattori.",
+            "noResults": "Nessun secondo fattore disponibile per la configurazione."
+            },
+            "set": {
+            "title": "Configura l'autenticazione a 2 fattori",
+            "description": "Scegli uno dei seguenti secondi fattori.",
+            "skip": "Salta"
+            }
+        },
+        "otp": {
+            "verify": {
+            "title": "Verifica l'autenticazione a 2 fattori",
+            "totpDescription": "Inserisci il codice dalla tua app di autenticazione.",
+            "smsDescription": "Inserisci il codice ricevuto via SMS.",
+            "emailDescription": "Inserisci il codice ricevuto via email.",
+            "noCodeReceived": "Non hai ricevuto un codice?",
+            "resendCode": "Invia di nuovo il codice",
+            "submit": "Continua"
+            },
+            "set": {
+            "title": "Configura l'autenticazione a 2 fattori",
+            "totpDescription": "Scansiona il codice QR con la tua app di autenticazione.",
+            "smsDescription": "Inserisci il tuo numero di telefono per ricevere un codice via SMS.",
+            "emailDescription": "Inserisci il tuo indirizzo email per ricevere un codice via email.",
+            "totpRegisterDescription": "Scansiona il codice QR o naviga manualmente all'URL.",
+            "submit": "Continua"
+            }
+        },
+        "passkey": {
+            "verify": {
+            "title": "Autenticati con una passkey",
+            "description": "Il tuo dispositivo chiederà la tua impronta digitale, il volto o il blocco schermo",
+            "usePassword": "Usa password",
+            "submit": "Continua"
+            },
+            "set": {
+            "title": "Configura una passkey",
+            "description": "Il tuo dispositivo chiederà la tua impronta digitale, il volto o il blocco schermo",
+            "info": {
+                "description": "Una passkey è un metodo di autenticazione su un dispositivo come la tua impronta digitale, Apple FaceID o simili.",
+                "link": "Autenticazione senza password"
+            },
+            "skip": "Salta",
+            "submit": "Continua"
+            }
+        },
+        "u2f": {
+            "verify": {
+            "title": "Verifica l'autenticazione a 2 fattori",
+            "description": "Verifica il tuo account con il tuo dispositivo."
+            },
+            "set": {
+            "title": "Configura l'autenticazione a 2 fattori",
+            "description": "Configura un dispositivo come secondo fattore.",
+            "submit": "Continua"
+            }
+        },
+        "register": {
+            "methods": {
+            "passkey": "Passkey",
+            "password": "Password"
+            },
+            "disabled": {
+            "title": "Registration disabled",
+            "description": "Registrazione disabilitata. Contatta l'amministratore di sistema per assistenza."
+            },
+            "missingdata": {
+            "title": "Registrazione",
+            "description": "Inserisci i tuoi dati per registrarti."
+            },
+            "title": "Registrati",
+            "description": "Crea il tuo account ZITADEL.",
+            "selectMethod": "Seleziona il metodo con cui desideri autenticarti",
+            "agreeTo": "Per registrarti devi accettare i termini e le condizioni",
+            "termsOfService": "Termini di Servizio",
+            "privacyPolicy": "Informativa sulla Privacy",
+            "submit": "Continua",
+            "password": {
+            "title": "Imposta Password",
+            "description": "Imposta la password per il tuo account",
+            "submit": "Continua"
+            }
+        },
+        "invite": {
+            "title": "Invita Utente",
+            "description": "Inserisci l'indirizzo email dell'utente che desideri invitare.",
+            "info": "L'utente riceverà un'email con ulteriori istruzioni.",
+            "notAllowed": "Non hai i permessi per invitare un utente.",
+            "submit": "Invita Utente",
+            "success": {
+            "title": "Invito inviato",
+            "description": "L'utente è stato invitato con successo.",
+            "verified": "L'utente è stato invitato e ha già verificato la sua email.",
+            "notVerifiedYet": "L'utente è stato invitato. Riceverà un'email con ulteriori istruzioni.",
+            "submit": "Invita un altro utente"
+            }
+        },
+        "signedin": {
+            "title": "Benvenuto {user}!",
+            "description": "Sei connesso.",
+            "continue": "Continua",
+            "error": {
+            "title": "Errore",
+            "description": "Si è verificato un errore durante il tentativo di accesso."
+            }
+        },
+        "verify": {
+            "userIdMissing": "Nessun userId fornito!",
+            "success": "Verifica effettuata con successo!",
+            "setupAuthenticator": "Configura autenticatore",
+            "verify": {
+            "title": "Verifica utente",
+            "description": "Inserisci il codice fornito nell'email di verifica.",
+            "noCodeReceived": "Non hai ricevuto un codice?",
+            "resendCode": "Invia di nuovo il codice",
+            "submit": "Continua"
+            }
+        },
+        "authenticator": {
+            "title": "Seleziona metodo di autenticazione",
+            "description": "Seleziona il metodo con cui desideri autenticarti",
+            "noMethodsAvailable": "Nessun metodo di autenticazione disponibile",
+            "allSetup": "Hai già configurato un autenticatore!",
+            "linkWithIDP": "o collega con un Identity Provider"
+        },
+        "device": {
+            "usercode": {
+            "title": "Codice dispositivo",
+            "description": "Inserisci il codice.",
+            "submit": "Continua"
+            },
+            "request": {
+            "title": "{appName} desidera connettersi:",
+            "description": "{appName} avrà accesso a:",
+            "disclaimer": "Cliccando su Consenti, autorizzi {appName} e Zitadel a utilizzare le tue informazioni in conformità con i rispettivi termini di servizio e politiche sulla privacy. Puoi revocare questo accesso in qualsiasi momento.",
+            "submit": "Consenti",
+            "deny": "Nega"
+            },
+            "scope": {
+            "openid": "Verifica la tua identità.",
+            "email": "Accedi al tuo indirizzo email.",
+            "profile": "Accedi alle informazioni complete del tuo profilo.",
+            "offline_access": "Consenti l'accesso offline al tuo account."
+            }
+        },
+        "error": {
+            "noUserCode": "Nessun codice utente fornito!",
+            "noDeviceRequest": "Nessuna richiesta di dispositivo trovata.",
+            "unknownContext": "Impossibile ottenere il contesto dell'utente. Assicurati di inserire prima il nome utente o di fornire un loginName come parametro di ricerca.",
+            "sessionExpired": "La tua sessione attuale è scaduta. Effettua nuovamente l'accesso.",
+            "failedLoading": "Impossibile caricare i dati. Riprova.",
+            "tryagain": "Riprova"
+        }
+
+    },
+    "pl":{
+        "common": {
+            "back": "Powrót"
+        },
+        "accounts": {
+            "title": "Konta",
+            "description": "Wybierz konto, którego chcesz użyć.",
+            "addAnother": "Dodaj kolejne konto",
+            "noResults": "Nie znaleziono kont"
+        },
+        "loginname": {
+            "title": "Witamy ponownie!",
+            "description": "Wprowadź dane logowania.",
+            "register": "Zarejestruj nowego użytkownika"
+        },
+        "password": {
+            "verify": {
+            "title": "Hasło",
+            "description": "Wprowadź swoje hasło.",
+            "resetPassword": "Zresetuj hasło",
+            "submit": "Kontynuuj"
+            },
+            "set": {
+            "title": "Ustaw hasło",
+            "description": "Ustaw hasło dla swojego konta",
+            "codeSent": "Kod został wysłany na twój adres e-mail.",
+            "noCodeReceived": "Nie otrzymałeś kodu?",
+            "resend": "Wyślij kod ponownie",
+            "submit": "Kontynuuj"
+            },
+            "change": {
+            "title": "Zmień hasło",
+            "description": "Ustaw nowe hasło dla swojego konta",
+            "submit": "Kontynuuj"
+            }
+        },
+        "idp": {
+            "title": "Zaloguj się za pomocą SSO",
+            "description": "Wybierz jednego z poniższych dostawców, aby się zalogować",
+            "signInWithApple": "Zaloguj się przez Apple",
+            "signInWithGoogle": "Zaloguj się przez Google",
+            "signInWithAzureAD": "Zaloguj się przez AzureAD",
+            "signInWithGithub": "Zaloguj się przez GitHub",
+            "signInWithGitlab": "Zaloguj się przez GitLab",
+            "loginSuccess": {
+            "title": "Logowanie udane",
+            "description": "Zostałeś pomyślnie zalogowany!"
+            },
+            "linkingSuccess": {
+            "title": "Konto powiązane",
+            "description": "Pomyślnie powiązałeś swoje konto!"
+            },
+            "registerSuccess": {
+            "title": "Rejestracja udana",
+            "description": "Pomyślnie się zarejestrowałeś!"
+            },
+            "loginError": {
+            "title": "Logowanie nieudane",
+            "description": "Wystąpił błąd podczas próby logowania."
+            },
+            "linkingError": {
+            "title": "Powiązanie konta nie powiodło się",
+            "description": "Wystąpił błąd podczas próby powiązania konta."
+            }
+        },
+        "mfa": {
+            "verify": {
+            "title": "Zweryfikuj swoją tożsamość",
+            "description": "Wybierz jeden z poniższych sposobów weryfikacji.",
+            "noResults": "Nie znaleziono dostępnych metod uwierzytelniania dwuskładnikowego."
+            },
+            "set": {
+            "title": "Skonfiguruj uwierzytelnianie dwuskładnikowe",
+            "description": "Wybierz jedną z poniższych metod drugiego czynnika.",
+            "skip": "Pomiń"
+            }
+        },
+        "otp": {
+            "verify": {
+            "title": "Zweryfikuj uwierzytelnianie dwuskładnikowe",
+            "totpDescription": "Wprowadź kod z aplikacji uwierzytelniającej.",
+            "smsDescription": "Wprowadź kod otrzymany SMS-em.",
+            "emailDescription": "Wprowadź kod otrzymany e-mailem.",
+            "noCodeReceived": "Nie otrzymałeś kodu?",
+            "resendCode": "Wyślij kod ponownie",
+            "submit": "Kontynuuj"
+            },
+            "set": {
+            "title": "Skonfiguruj uwierzytelnianie dwuskładnikowe",
+            "totpDescription": "Zeskanuj kod QR za pomocą aplikacji uwierzytelniającej.",
+            "smsDescription": "Wprowadź swój numer telefonu, aby otrzymać kod SMS-em.",
+            "emailDescription": "Wprowadź swój adres e-mail, aby otrzymać kod e-mailem.",
+            "totpRegisterDescription": "Zeskanuj kod QR lub otwórz adres URL ręcznie.",
+            "submit": "Kontynuuj"
+            }
+        },
+        "passkey": {
+            "verify": {
+            "title": "Uwierzytelnij się za pomocą klucza dostępu",
+            "description": "Twoje urządzenie poprosi o użycie odcisku palca, rozpoznawania twarzy lub blokady ekranu.",
+            "usePassword": "Użyj hasła",
+            "submit": "Kontynuuj"
+            },
+            "set": {
+            "title": "Skonfiguruj klucz dostępu",
+            "description": "Twoje urządzenie poprosi o użycie odcisku palca, rozpoznawania twarzy lub blokady ekranu.",
+            "info": {
+                "description": "Klucz dostępu to metoda uwierzytelniania na urządzeniu, wykorzystująca np. odcisk palca, Apple FaceID lub podobne rozwiązania.",
+                "link": "Uwierzytelnianie bez hasła"
+            },
+            "skip": "Pomiń",
+            "submit": "Kontynuuj"
+            }
+        },
+        "u2f": {
+            "verify": {
+            "title": "Zweryfikuj uwierzytelnianie dwuskładnikowe",
+            "description": "Zweryfikuj swoje konto za pomocą urządzenia."
+            },
+            "set": {
+            "title": "Skonfiguruj uwierzytelnianie dwuskładnikowe",
+            "description": "Skonfiguruj urządzenie jako dodatkowy czynnik uwierzytelniania.",
+            "submit": "Kontynuuj"
+            }
+        },
+        "register": {
+            "methods": {
+            "passkey": "Klucz dostępu",
+            "password": "Hasło"
+            },
+            "disabled": {
+            "title": "Rejestracja wyłączona",
+            "description": "Rejestracja jest wyłączona. Skontaktuj się z administratorem."
+            },
+            "missingdata": {
+            "title": "Brak danych",
+            "description": "Podaj e-mail, imię i nazwisko, aby się zarejestrować."
+            },
+            "title": "Rejestracja",
+            "description": "Utwórz konto ZITADEL.",
+            "selectMethod": "Wybierz metodę uwierzytelniania, której chcesz użyć",
+            "agreeTo": "Aby się zarejestrować, musisz zaakceptować warunki korzystania",
+            "termsOfService": "Regulamin",
+            "privacyPolicy": "Polityka prywatności",
+            "submit": "Kontynuuj",
+            "password": {
+            "title": "Ustaw hasło",
+            "description": "Ustaw hasło dla swojego konta",
+            "submit": "Kontynuuj"
+            }
+        },
+        "invite": {
+            "title": "Zaproś użytkownika",
+            "description": "Podaj adres e-mail oraz imię i nazwisko użytkownika, którego chcesz zaprosić.",
+            "info": "Użytkownik otrzyma e-mail z dalszymi instrukcjami.",
+            "notAllowed": "Twoje ustawienia nie pozwalają na zapraszanie użytkowników.",
+            "submit": "Kontynuuj",
+            "success": {
+            "title": "Użytkownik zaproszony",
+            "description": "E-mail został pomyślnie wysłany.",
+            "verified": "Użytkownik został zaproszony i już zweryfikował swój e-mail.",
+            "notVerifiedYet": "Użytkownik został zaproszony. Otrzyma e-mail z dalszymi instrukcjami.",
+            "submit": "Zaproś kolejnego użytkownika"
+            }
+        },
+        "signedin": {
+            "title": "Witaj {user}!",
+            "description": "Jesteś zalogowany.",
+            "continue": "Kontynuuj",
+            "error": {
+            "title": "Błąd",
+            "description": "Nie można załadować danych. Sprawdź połączenie z internetem lub spróbuj ponownie później."
+            }
+        },
+        "verify": {
+            "userIdMissing": "Nie podano identyfikatora użytkownika!",
+            "success": "Użytkownik został pomyślnie zweryfikowany.",
+            "setupAuthenticator": "Skonfiguruj uwierzytelnianie",
+            "verify": {
+            "title": "Zweryfikuj użytkownika",
+            "description": "Wprowadź kod z wiadomości weryfikacyjnej.",
+            "noCodeReceived": "Nie otrzymałeś kodu?",
+            "resendCode": "Wyślij kod ponownie",
+            "submit": "Kontynuuj"
+            }
+        },
+        "authenticator": {
+            "title": "Wybierz metodę uwierzytelniania",
+            "description": "Wybierz metodę, której chcesz użyć do uwierzytelnienia.",
+            "noMethodsAvailable": "Brak dostępnych metod uwierzytelniania",
+            "allSetup": "Już skonfigurowałeś metodę uwierzytelniania!",
+            "linkWithIDP": "lub połącz z dostawcą tożsamości"
+        },
+        "device": {
+            "usercode": {
+            "title": "Kod urządzenia",
+            "description": "Wprowadź kod.",
+            "submit": "Kontynuuj"
+            },
+            "request": {
+            "title": "{appName} chce się połączyć:",
+            "description": "{appName} będzie miało dostęp do:",
+            "disclaimer": "Klikając Zezwól, pozwalasz tej aplikacji i Zitadel na korzystanie z Twoich informacji zgodnie z ich odpowiednimi warunkami użytkowania i politykami prywatności. Możesz cofnąć ten dostęp w dowolnym momencie.",
+            "submit": "Zezwól",
+            "deny": "Odmów"
+            },
+            "scope": {
+            "openid": "Zweryfikuj swoją tożsamość.",
+            "email": "Uzyskaj dostęp do swojego adresu e-mail.",
+            "profile": "Uzyskaj dostęp do pełnych informacji o swoim profilu.",
+            "offline_access": "Zezwól na dostęp offline do swojego konta."
+            }
+        },
+        "error": {
+            "noUserCode": "Nie podano kodu użytkownika!",
+            "noDeviceRequest": "Nie znaleziono żądania urządzenia.",
+            "unknownContext": "Nie udało się pobrać kontekstu użytkownika. Upewnij się, że najpierw wprowadziłeś nazwę użytkownika lub podałeś login jako parametr wyszukiwania.",
+            "sessionExpired": "Twoja sesja wygasła. Zaloguj się ponownie.",
+            "failedLoading": "Nie udało się załadować danych. Spróbuj ponownie.",
+            "tryagain": "Spróbuj ponownie"
+        }
+    },
+    "ru":{
+        "common": {
+            "back": "Назад"
+        },
+        "accounts": {
+            "title": "Аккаунты",
+            "description": "Выберите аккаунт, который хотите использовать.",
+            "addAnother": "Добавить другой аккаунт",
+            "noResults": "Аккаунты не найдены"
+        },
+        "loginname": {
+            "title": "С возвращением!",
+            "description": "Введите свои данные для входа.",
+            "register": "Зарегистрировать нового пользователя"
+        },
+        "password": {
+            "verify": {
+            "title": "Пароль",
+            "description": "Введите ваш пароль.",
+            "resetPassword": "Сбросить пароль",
+            "submit": "Продолжить"
+            },
+            "set": {
+            "title": "Установить пароль",
+            "description": "Установите пароль для вашего аккаунта",
+            "codeSent": "Код отправлен на ваш адрес электронной почты.",
+            "noCodeReceived": "Не получили код?",
+            "resend": "Отправить код повторно",
+            "submit": "Продолжить"
+            },
+            "change": {
+            "title": "Изменить пароль",
+            "description": "Установите пароль для вашего аккаунта",
+            "submit": "Продолжить"
+            }
+        },
+        "idp": {
+            "title": "Войти через SSO",
+            "description": "Выберите одного из провайдеров для входа",
+            "signInWithApple": "Войти через Apple",
+            "signInWithGoogle": "Войти через Google",
+            "signInWithAzureAD": "Войти через AzureAD",
+            "signInWithGithub": "Войти через GitHub",
+            "signInWithGitlab": "Войти через GitLab",
+            "loginSuccess": {
+            "title": "Вход выполнен успешно",
+            "description": "Вы успешно вошли в систему!"
+            },
+            "linkingSuccess": {
+            "title": "Аккаунт привязан",
+            "description": "Аккаунт успешно привязан!"
+            },
+            "registerSuccess": {
+            "title": "Регистрация завершена",
+            "description": "Вы успешно зарегистрировались!"
+            },
+            "loginError": {
+            "title": "Ошибка входа",
+            "description": "Произошла ошибка при попытке входа."
+            },
+            "linkingError": {
+            "title": "Ошибка привязки аккаунта",
+            "description": "Произошла ошибка при попытке привязать аккаунт."
+            }
+        },
+        "mfa": {
+            "verify": {
+            "title": "Подтвердите вашу личность",
+            "description": "Выберите один из следующих факторов.",
+            "noResults": "Нет доступных методов двухфакторной аутентификации"
+            },
+            "set": {
+            "title": "Настройка двухфакторной аутентификации",
+            "description": "Выберите один из следующих методов.",
+            "skip": "Пропустить"
+            }
+        },
+        "otp": {
+            "verify": {
+            "title": "Подтверждение 2FA",
+            "totpDescription": "Введите код из приложения-аутентификатора.",
+            "smsDescription": "Введите код, полученный по SMS.",
+            "emailDescription": "Введите код, полученный по email.",
+            "noCodeReceived": "Не получили код?",
+            "resendCode": "Отправить код повторно",
+            "submit": "Продолжить"
+            },
+            "set": {
+            "title": "Настройка двухфакторной аутентификации",
+            "totpDescription": "Отсканируйте QR-код в приложении-аутентификаторе.",
+            "smsDescription": "Введите номер телефона для получения кода по SMS.",
+            "emailDescription": "Введите email для получения кода.",
+            "totpRegisterDescription": "Отсканируйте QR-код или перейдите по ссылке вручную.",
+            "submit": "Продолжить"
+            }
+        },
+        "passkey": {
+            "verify": {
+            "title": "Аутентификация с помощью пасскей",
+            "description": "Устройство запросит отпечаток пальца, лицо или экранный замок",
+            "usePassword": "Использовать пароль",
+            "submit": "Продолжить"
+            },
+            "set": {
+            "title": "Настройка пасскей",
+            "description": "Устройство запросит отпечаток пальца, лицо или экранный замок",
+            "info": {
+                "description": "Пасскей — метод аутентификации через устройство (отпечаток пальца, Apple FaceID и аналоги).",
+                "link": "Аутентификация без пароля"
+            },
+            "skip": "Пропустить",
+            "submit": "Продолжить"
+            }
+        },
+        "u2f": {
+            "verify": {
+            "title": "Подтверждение 2FA",
+            "description": "Подтвердите аккаунт с помощью устройства."
+            },
+            "set": {
+            "title": "Настройка двухфакторной аутентификации",
+            "description": "Настройте устройство как второй фактор.",
+            "submit": "Продолжить"
+            }
+        },
+        "register": {
+            "methods": {
+            "passkey": "Пасскей",
+            "password": "Пароль"
+            },
+            "disabled": {
+            "title": "Регистрация отключена",
+            "description": "Регистрация недоступна. Обратитесь к администратору."
+            },
+            "missingdata": {
+            "title": "Недостаточно данных",
+            "description": "Укажите email, имя и фамилию для регистрации."
+            },
+            "title": "Регистрация",
+            "description": "Создайте свой аккаунт ZITADEL.",
+            "selectMethod": "Выберите метод аутентификации",
+            "agreeTo": "Для регистрации необходимо принять условия:",
+            "termsOfService": "Условия использования",
+            "privacyPolicy": "Политика конфиденциальности",
+            "submit": "Продолжить",
+            "password": {
+            "title": "Установить пароль",
+            "description": "Установите пароль для вашего аккаунта",
+            "submit": "Продолжить"
+            }
+        },
+        "invite": {
+            "title": "Пригласить пользователя",
+            "description": "Укажите email и имя пользователя для приглашения.",
+            "info": "Пользователь получит email с инструкциями.",
+            "notAllowed": "Ваши настройки не позволяют приглашать пользователей.",
+            "submit": "Продолжить",
+            "success": {
+            "title": "Пользователь приглашён",
+            "description": "Письмо успешно отправлено.",
+            "verified": "Пользователь приглашён и уже подтвердил email.",
+            "notVerifiedYet": "Пользователь приглашён. Он получит email с инструкциями.",
+            "submit": "Пригласить другого пользователя"
+            }
+        },
+        "signedin": {
+            "title": "Добро пожаловать, {user}!",
+            "description": "Вы вошли в систему.",
+            "continue": "Продолжить",
+            "error": {
+            "title": "Ошибка",
+            "description": "Не удалось войти в систему. Проверьте свои данные и попробуйте снова."
+            }
+        },
+        "verify": {
+            "userIdMissing": "Не указан userId!",
+            "success": "Пользователь успешно подтверждён.",
+            "setupAuthenticator": "Настроить аутентификатор",
+            "verify": {
+            "title": "Подтверждение пользователя",
+            "description": "Введите код из письма подтверждения.",
+            "noCodeReceived": "Не получили код?",
+            "resendCode": "Отправить код повторно",
+            "submit": "Продолжить"
+            }
+        },
+        "authenticator": {
+            "title": "Выбор метода аутентификации",
+            "description": "Выберите предпочитаемый метод аутентификации",
+            "noMethodsAvailable": "Нет доступных методов аутентификации",
+            "allSetup": "Аутентификатор уже настроен!",
+            "linkWithIDP": "или привязать через Identity Provider"
+        },
+        "device": {
+            "usercode": {
+            "title": "Код устройства",
+            "description": "Введите код.",
+            "submit": "Продолжить"
+            },
+            "request": {
+            "title": "{appName} хочет подключиться:",
+            "description": "{appName} получит доступ к:",
+            "disclaimer": "Нажимая «Разрешить», вы разрешаете этому приложению и Zitadel использовать вашу информацию в соответствии с их условиями использования и политиками конфиденциальности. Вы можете отозвать этот доступ в любое время.",
+            "submit": "Разрешить",
+            "deny": "Запретить"
+            },
+            "scope": {
+            "openid": "Проверка вашей личности.",
+            "email": "Доступ к вашему адресу электронной почты.",
+            "profile": "Доступ к полной информации вашего профиля.",
+            "offline_access": "Разрешить офлайн-доступ к вашему аккаунту."
+            }
+        },
+        "error": {
+            "noUserCode": "Не указан код пользователя!",
+            "noDeviceRequest": "Не найдена ни одна заявка на устройство.",
+            "unknownContext": "Не удалось получить контекст пользователя. Укажите имя пользователя или loginName в параметрах поиска.",
+            "sessionExpired": "Ваша сессия истекла. Войдите снова.",
+            "failedLoading": "Ошибка загрузки данных. Попробуйте ещё раз.",
+            "tryagain": "Попробовать снова"
+        }
+    },
+    "zh":{
+        "common": {
+            "back": "返回"
+        },
+        "accounts": {
+            "title": "账户",
+            "description": "选择您想使用的账户。",
+            "addAnother": "添加另一个账户",
+            "noResults": "未找到账户"
+        },
+        "loginname": {
+            "title": "欢迎回来！",
+            "description": "请输入您的登录信息。",
+            "register": "注册新用户"
+        },
+        "password": {
+            "verify": {
+            "title": "密码",
+            "description": "请输入您的密码。",
+            "resetPassword": "重置密码",
+            "submit": "继续"
+            },
+            "set": {
+            "title": "设置密码",
+            "description": "为您的账户设置密码",
+            "codeSent": "验证码已发送到您的邮箱。",
+            "noCodeReceived": "没有收到验证码？",
+            "resend": "重发验证码",
+            "submit": "继续"
+            },
+            "change": {
+            "title": "更改密码",
+            "description": "为您的账户设置密码",
+            "submit": "继续"
+            }
+        },
+        "idp": {
+            "title": "使用 SSO 登录",
+            "description": "选择以下提供商中的一个进行登录",
+            "signInWithApple": "用 Apple 登录",
+            "signInWithGoogle": "用 Google 登录",
+            "signInWithAzureAD": "用 AzureAD 登录",
+            "signInWithGithub": "用 GitHub 登录",
+            "signInWithGitlab": "用 GitLab 登录",
+            "loginSuccess": {
+            "title": "登录成功",
+            "description": "您已成功登录！"
+            },
+            "linkingSuccess": {
+            "title": "账户已链接",
+            "description": "您已成功链接您的账户！"
+            },
+            "registerSuccess": {
+            "title": "注册成功",
+            "description": "您已成功注册！"
+            },
+            "loginError": {
+            "title": "登录失败",
+            "description": "登录时发生错误。"
+            },
+            "linkingError": {
+            "title": "账户链接失败",
+            "description": "链接账户时发生错误。"
+            }
+        },
+        "mfa": {
+            "verify": {
+            "title": "验证您的身份",
+            "description": "选择以下的一个因素。",
+            "noResults": "没有可设置的第二因素。"
+            },
+            "set": {
+            "title": "设置双因素认证",
+            "description": "选择以下的一个第二因素。",
+            "skip": "跳过"
+            }
+        },
+        "otp": {
+            "verify": {
+            "title": "验证双因素",
+            "totpDescription": "请输入认证应用程序中的验证码。",
+            "smsDescription": "输入通过短信收到的验证码。",
+            "emailDescription": "输入通过电子邮件收到的验证码。",
+            "noCodeReceived": "没有收到验证码？",
+            "resendCode": "重发验证码",
+            "submit": "继续"
+            },
+            "set": {
+            "title": "设置双因素认证",
+            "totpDescription": "使用认证应用程序扫描二维码。",
+            "smsDescription": "输入您的电话号码以接收短信验证码。",
+            "emailDescription": "输入您的电子邮箱地址以接收电子邮件验证码。",
+            "totpRegisterDescription": "扫描二维码或手动导航到URL。",
+            "submit": "继续"
+            }
+        },
+        "passkey": {
+            "verify": {
+            "title": "使用密钥认证",
+            "description": "您的设备将请求指纹、面部识别或屏幕锁",
+            "usePassword": "使用密码",
+            "submit": "继续"
+            },
+            "set": {
+            "title": "设置密钥",
+            "description": "您的设备将请求指纹、面部识别或屏幕锁",
+            "info": {
+                "description": "密钥是在设备上如指纹、Apple FaceID 或类似的认证方法。",
+                "link": "无密码认证"
+            },
+            "skip": "跳过",
+            "submit": "继续"
+            }
+        },
+        "u2f": {
+            "verify": {
+            "title": "验证双因素",
+            "description": "使用您的设备验证帐户。"
+            },
+            "set": {
+            "title": "设置双因素认证",
+            "description": "设置设备为第二因素。",
+            "submit": "继续"
+            }
+        },
+        "register": {
+            "methods": {
+            "passkey": "密钥",
+            "password": "密码"
+            },
+            "disabled": {
+            "title": "注册已禁用",
+            "description": "您的设置不允许注册新用户。"
+            },
+            "missingdata": {
+            "title": "缺少数据",
+            "description": "请提供所有必需的数据。"
+            },
+            "title": "注册",
+            "description": "创建您的 ZITADEL 账户。",
+            "selectMethod": "选择您想使用的认证方法",
+            "agreeTo": "注册即表示您同意条款和条件",
+            "termsOfService": "服务条款",
+            "privacyPolicy": "隐私政策",
+            "submit": "继续",
+            "password": {
+            "title": "设置密码",
+            "description": "为您的账户设置密码",
+            "submit": "继续"
+            }
+        },
+        "invite": {
+            "title": "邀请用户",
+            "description": "提供您想邀请的用户的电子邮箱地址和姓名。",
+            "info": "用户将收到一封包含进一步说明的电子邮件。",
+            "notAllowed": "您的设置不允许邀请用户。",
+            "submit": "继续",
+            "success": {
+            "title": "用户已邀请",
+            "description": "邮件已成功发送。",
+            "verified": "用户已被邀请并已验证其电子邮件。",
+            "notVerifiedYet": "用户已被邀请。他们将收到一封包含进一步说明的电子邮件。",
+            "submit": "邀请另一位用户"
+            }
+        },
+        "signedin": {
+            "title": "欢迎 {user}！",
+            "description": "您已登录。",
+            "continue": "继续",
+            "error": {
+            "title": "错误",
+            "description": "登录时发生错误。"
+            }
+        },
+        "verify": {
+            "userIdMissing": "未提供用户 ID！",
+            "success": "用户验证成功。",
+            "setupAuthenticator": "设置认证器",
+            "verify": {
+            "title": "验证用户",
+            "description": "输入验证邮件中的验证码。",
+            "noCodeReceived": "没有收到验证码？",
+            "resendCode": "重发验证码",
+            "submit": "继续"
+            }
+        },
+        "authenticator": {
+            "title": "选择认证方式",
+            "description": "选择您想使用的认证方法",
+            "noMethodsAvailable": "没有可用的认证方法",
+            "allSetup": "您已经设置好了一个认证器！",
+            "linkWithIDP": "或将其与身份提供者关联"
+        },
+        "device": {
+            "usercode": {
+            "title": "设备代码",
+            "description": "输入代码。",
+            "submit": "继续"
+            },
+            "request": {
+            "title": "{appName} 想要连接：",
+            "description": "{appName} 将访问：",
+            "disclaimer": "点击“允许”即表示您允许此应用程序和 Zitadel 根据其各自的服务条款和隐私政策使用您的信息。您可以随时撤销此访问权限。",
+            "submit": "允许",
+            "deny": "拒绝"
+            },
+            "scope": {
+            "openid": "验证您的身份。",
+            "email": "访问您的电子邮件地址。",
+            "profile": "访问您的完整个人资料信息。",
+            "offline_access": "允许离线访问您的账户。"
+            }
+        },
+        "error": {
+            "noUserCode": "未提供用户代码！",
+            "noDeviceRequest": "没有找到设备请求。",
+            "unknownContext": "无法获取用户的上下文。请先输入用户名或提供 loginName 作为搜索参数。",
+            "sessionExpired": "当前会话已过期，请重新登录。",
+            "failedLoading": "加载数据失败，请再试一次。",
+            "tryagain": "重试"
+        }
+    }
+}
\ No newline at end of file
diff --git a/internal/repository/instance/eventstore.go b/internal/repository/instance/eventstore.go
index 68621597a8..b8089152bb 100644
--- a/internal/repository/instance/eventstore.go
+++ b/internal/repository/instance/eventstore.go
@@ -130,4 +130,5 @@ func init() {
 	eventstore.RegisterFilterEventMapper(AggregateType, NotificationPolicyChangedEventType, NotificationPolicyChangedEventMapper)
 	eventstore.RegisterFilterEventMapper(AggregateType, TrustedDomainAddedEventType, eventstore.GenericEventMapper[TrustedDomainAddedEvent])
 	eventstore.RegisterFilterEventMapper(AggregateType, TrustedDomainRemovedEventType, eventstore.GenericEventMapper[TrustedDomainRemovedEvent])
+	eventstore.RegisterFilterEventMapper(AggregateType, HostedLoginTranslationSet, HostedLoginTranslationSetEventMapper)
 }
diff --git a/internal/repository/instance/hosted_login_translation.go b/internal/repository/instance/hosted_login_translation.go
new file mode 100644
index 0000000000..05380521fc
--- /dev/null
+++ b/internal/repository/instance/hosted_login_translation.go
@@ -0,0 +1,55 @@
+package instance
+
+import (
+	"context"
+
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	HostedLoginTranslationSet = instanceEventTypePrefix + "hosted_login_translation.set"
+)
+
+type HostedLoginTranslationSetEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Translation map[string]any `json:"translation,omitempty"`
+	Language    language.Tag   `json:"language,omitempty"`
+	Level       string         `json:"level,omitempty"`
+}
+
+func NewHostedLoginTranslationSetEvent(ctx context.Context, aggregate *eventstore.Aggregate, translation map[string]any, language language.Tag) *HostedLoginTranslationSetEvent {
+	return &HostedLoginTranslationSetEvent{
+		BaseEvent:   *eventstore.NewBaseEventForPush(ctx, aggregate, HostedLoginTranslationSet),
+		Translation: translation,
+		Language:    language,
+		Level:       string(aggregate.Type),
+	}
+}
+
+func (e *HostedLoginTranslationSetEvent) Payload() any {
+	return e
+}
+
+func (e *HostedLoginTranslationSetEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func (e *HostedLoginTranslationSetEvent) Fields() []*eventstore.FieldOperation {
+	return nil
+}
+
+func HostedLoginTranslationSetEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	translationSet := &HostedLoginTranslationSetEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := event.Unmarshal(translationSet)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "INST-lOxtJJ", "unable to unmarshal hosted login translation set event")
+	}
+
+	return translationSet, nil
+}
diff --git a/internal/repository/org/eventstore.go b/internal/repository/org/eventstore.go
index d1efa75dfc..289bbbc608 100644
--- a/internal/repository/org/eventstore.go
+++ b/internal/repository/org/eventstore.go
@@ -114,4 +114,5 @@ func init() {
 	eventstore.RegisterFilterEventMapper(AggregateType, NotificationPolicyAddedEventType, NotificationPolicyAddedEventMapper)
 	eventstore.RegisterFilterEventMapper(AggregateType, NotificationPolicyChangedEventType, NotificationPolicyChangedEventMapper)
 	eventstore.RegisterFilterEventMapper(AggregateType, NotificationPolicyRemovedEventType, NotificationPolicyRemovedEventMapper)
+	eventstore.RegisterFilterEventMapper(AggregateType, HostedLoginTranslationSet, HostedLoginTranslationSetEventMapper)
 }
diff --git a/internal/repository/org/hosted_login_translation.go b/internal/repository/org/hosted_login_translation.go
new file mode 100644
index 0000000000..e07bdc1e3b
--- /dev/null
+++ b/internal/repository/org/hosted_login_translation.go
@@ -0,0 +1,55 @@
+package org
+
+import (
+	"context"
+
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	HostedLoginTranslationSet = orgEventTypePrefix + "hosted_login_translation.set"
+)
+
+type HostedLoginTranslationSetEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Translation map[string]any `json:"translation,omitempty"`
+	Language    language.Tag   `json:"language,omitempty"`
+	Level       string         `json:"level,omitempty"`
+}
+
+func NewHostedLoginTranslationSetEvent(ctx context.Context, aggregate *eventstore.Aggregate, translation map[string]any, language language.Tag) *HostedLoginTranslationSetEvent {
+	return &HostedLoginTranslationSetEvent{
+		BaseEvent:   *eventstore.NewBaseEventForPush(ctx, aggregate, HostedLoginTranslationSet),
+		Translation: translation,
+		Language:    language,
+		Level:       string(aggregate.Type),
+	}
+}
+
+func (e *HostedLoginTranslationSetEvent) Payload() any {
+	return e
+}
+
+func (e *HostedLoginTranslationSetEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func (e *HostedLoginTranslationSetEvent) Fields() []*eventstore.FieldOperation {
+	return nil
+}
+
+func HostedLoginTranslationSetEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	translationSet := &HostedLoginTranslationSetEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := event.Unmarshal(translationSet)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "ORG-BH82Eb", "unable to unmarshal hosted login translation set event")
+	}
+
+	return translationSet, nil
+}
diff --git a/proto/zitadel/settings/v2/settings.proto b/proto/zitadel/settings/v2/settings.proto
index b3ca5b5ca5..c797d27965 100644
--- a/proto/zitadel/settings/v2/settings.proto
+++ b/proto/zitadel/settings/v2/settings.proto
@@ -10,4 +10,4 @@ enum ResourceOwnerType {
   RESOURCE_OWNER_TYPE_UNSPECIFIED = 0;
   RESOURCE_OWNER_TYPE_INSTANCE = 1;
   RESOURCE_OWNER_TYPE_ORG = 2;
-}
+}
\ No newline at end of file
diff --git a/proto/zitadel/settings/v2/settings_service.proto b/proto/zitadel/settings/v2/settings_service.proto
index 7f71e08da4..0a1f13e7e7 100644
--- a/proto/zitadel/settings/v2/settings_service.proto
+++ b/proto/zitadel/settings/v2/settings_service.proto
@@ -15,6 +15,8 @@ import "google/api/annotations.proto";
 import "google/api/field_behavior.proto";
 import "protoc-gen-openapiv2/options/annotations.proto";
 import "validate/validate.proto";
+import "google/protobuf/struct.proto";
+import "zitadel/settings/v2/settings.proto";
 
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/settings/v2;settings";
 
@@ -362,6 +364,69 @@ service SettingsService {
       description: "Set the security settings of the ZITADEL instance."
     };
   }
+
+  // Get Hosted Login Translation
+  //
+  // Returns the translations in the requested locale for the hosted login.
+  // The translations returned are based on the input level specified (system, instance or organization).
+  //
+  // If the requested level doesn't contain all translations, and ignore_inheritance is set to false,
+  // a merging process fallbacks onto the higher levels ensuring all keys in the file have a translation,
+  // which could be in the default language if the one of the locale is missing on all levels.
+  //
+  // The etag returned in the response represents the hash of the translations as they are stored on DB
+  // and its reliable only if ignore_inheritance = true.
+  //
+  // Required permissions:
+  //   - `iam.policy.read`
+  rpc GetHostedLoginTranslation(GetHostedLoginTranslationRequest) returns (GetHostedLoginTranslationResponse) {
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "The localized translations.";
+        }
+      };
+    };
+
+    option (google.api.http) = {
+      get: "/v2/settings/hosted_login_translation"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.policy.read"
+      }
+    };
+  }
+
+  // Set Hosted Login Translation
+  //
+  // Sets the input translations at the specified level (instance or organization) for the input language.
+  //
+  // Required permissions:
+  //   - `iam.policy.write`
+  rpc SetHostedLoginTranslation(SetHostedLoginTranslationRequest) returns (SetHostedLoginTranslationResponse) {
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "The translations was successfully set.";
+        }
+      };
+    };
+    
+    option (google.api.http) = {
+      put: "/v2/settings/hosted_login_translation";
+      body: "*"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.policy.write"
+      }
+    };
+  }
 }
 
 message GetLoginSettingsRequest {
@@ -480,4 +545,76 @@ message SetSecuritySettingsRequest{
 
 message SetSecuritySettingsResponse{
   zitadel.object.v2.Details details = 1;
+}
+
+message GetHostedLoginTranslationRequest {
+  oneof level {
+    bool system = 1 [(validate.rules).bool = {const: true}];
+    bool instance = 2 [(validate.rules).bool = {const: true}];
+    string organization_id = 3;
+  }
+
+  string locale = 4 [
+    (validate.rules).string = {min_len: 2},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 2;
+      example: "\"fr-FR\"";
+    }
+  ];
+
+  // if set to true, higher levels are ignored, if false higher levels are merged into the file
+  bool ignore_inheritance = 5;
+}
+
+message GetHostedLoginTranslationResponse {
+  // hash of the payload
+  string etag = 1 [
+    (validate.rules).string = {min_len: 32, max_len: 32},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 32;
+      max_length: 32;
+      example: "\"42a1ba123e6ea6f0c93e286ed97c7018\"";
+    }
+  ];
+
+  google.protobuf.Struct translations = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "{\"common\":{\"back\":\"Indietro\"},\"accounts\":{\"title\":\"Account\",\"description\":\"Seleziona l'account che desideri utilizzare.\",\"addAnother\":\"Aggiungi un altro account\",\"noResults\":\"Nessun account trovato\"}}";
+        description: "Translations contains the translations in the request language.";
+    }
+  ];
+}
+
+message SetHostedLoginTranslationRequest {
+  oneof level {
+    bool instance = 1 [(validate.rules).bool = {const: true}];
+    string organization_id = 2;
+  }
+ 
+  string locale = 3 [
+    (validate.rules).string = {min_len: 2},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 2;
+      example: "\"fr-FR\"";
+    }
+  ];
+
+  google.protobuf.Struct translations = 4 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "{\"common\":{\"back\":\"Indietro\"},\"accounts\":{\"title\":\"Account\",\"description\":\"Seleziona l'account che desideri utilizzare.\",\"addAnother\":\"Aggiungi un altro account\",\"noResults\":\"Nessun account trovato\"}}";
+        description: "Translations should contain the translations in the specified locale.";
+    }
+  ];
+}
+
+message SetHostedLoginTranslationResponse {
+  // hash of the saved translation. Valid only when ignore_inheritance = true
+  string etag = 1 [
+    (validate.rules).string = {min_len: 32, max_len: 32},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 32;
+      max_length: 32;
+      example: "\"42a1ba123e6ea6f0c93e286ed97c7018\"";
+    }
+  ];
 }
\ No newline at end of file

From 3a4298c1794ad61c4fa3d3d186aa4235b8742424 Mon Sep 17 00:00:00 2001
From: Trong Huu Nguyen <tronghn@users.noreply.github.com>
Date: Thu, 19 Jun 2025 11:42:44 +0200
Subject: [PATCH 100/123] fix(scim): add type attribute to ScimEmail (#9690)

# Which Problems Are Solved

- SCIM PATCH operations for users from Entra ID for the `emails`
attribute fails due to missing `type` subattribute

# How the Problems Are Solved

- Adds the `type` attribute to the `ScimUser` struct and sets the
default value to `"work"` in the `mapWriteModelToScimUser()` method.

# Additional Changes

# Additional Context

The SCIM handlers for POST and PUT ignore multiple emails and only uses
the primary email for a given user, or falls back to the first email if
none are marked as primary. PATCH operations however, will attempt to
resolve the provided filter in `operations[].path`.

Some services, such as Entra ID, only support patching emails by
filtering for `emails[type eq "(work|home|other)"].value`, which fails
with Zitadel as the ScimUser struct (and thus the generated schema)
doesn't include the `type` field.

This commit adds the `type` field to work around this issue, while still
preserving compatibility with filters such as `emails[primary eq
true].value`.

-
https://discord.com/channels/927474939156643850/927866013545025566/1356556668527448191

---------

Co-authored-by: Christer Edvartsen <christer.edvartsen@nav.no>
Co-authored-by: Thomas Siegfried Krampl <thomas.siegfried.krampl@nav.no>
---
 ...vice_provider_config_expected_schemas.json | 11 +++++
 ..._provider_config_expected_user_schema.json | 11 +++++
 ..._replace_test_minimal_with_email_type.json | 17 ++++++++
 .../integration_test/users_create_test.go     |  1 +
 .../scim/integration_test/users_get_test.go   |  1 +
 .../integration_test/users_replace_test.go    | 40 ++++++++++++++++++-
 .../integration_test/users_update_test.go     |  9 +++++
 internal/api/scim/metadata/metadata.go        |  3 ++
 internal/api/scim/resources/user.go           |  1 +
 internal/api/scim/resources/user_mapping.go   |  4 ++
 internal/api/scim/resources/user_metadata.go  |  5 ++-
 .../api/scim/resources/user_patch_test.go     | 34 ++++++++++++++++
 12 files changed, 135 insertions(+), 2 deletions(-)
 create mode 100644 internal/api/scim/integration_test/testdata/users_replace_test_minimal_with_email_type.json

diff --git a/internal/api/scim/integration_test/testdata/service_provider_config_expected_schemas.json b/internal/api/scim/integration_test/testdata/service_provider_config_expected_schemas.json
index bc87b8e2e1..2751c85a79 100644
--- a/internal/api/scim/integration_test/testdata/service_provider_config_expected_schemas.json
+++ b/internal/api/scim/integration_test/testdata/service_provider_config_expected_schemas.json
@@ -233,6 +233,17 @@
               "mutability": "readWrite",
               "returned": "always",
               "uniqueness": "none"
+            },
+            {
+              "name": "type",
+              "description": "For details see RFC7643",
+              "type": "string",
+              "multiValued": false,
+              "required": false,
+              "caseExact": true,
+              "mutability": "readWrite",
+              "returned": "always",
+              "uniqueness": "none"
             }
           ],
           "multiValued": true,
diff --git a/internal/api/scim/integration_test/testdata/service_provider_config_expected_user_schema.json b/internal/api/scim/integration_test/testdata/service_provider_config_expected_user_schema.json
index a199fe1465..35d0e356b3 100644
--- a/internal/api/scim/integration_test/testdata/service_provider_config_expected_user_schema.json
+++ b/internal/api/scim/integration_test/testdata/service_provider_config_expected_user_schema.json
@@ -225,6 +225,17 @@
           "mutability": "readWrite",
           "returned": "always",
           "uniqueness": "none"
+        },
+        {
+          "name": "type",
+          "description": "For details see RFC7643",
+          "type": "string",
+          "multiValued": false,
+          "required": false,
+          "caseExact": true,
+          "mutability": "readWrite",
+          "returned": "always",
+          "uniqueness": "none"
         }
       ],
       "multiValued": true,
diff --git a/internal/api/scim/integration_test/testdata/users_replace_test_minimal_with_email_type.json b/internal/api/scim/integration_test/testdata/users_replace_test_minimal_with_email_type.json
new file mode 100644
index 0000000000..b7e8d87590
--- /dev/null
+++ b/internal/api/scim/integration_test/testdata/users_replace_test_minimal_with_email_type.json
@@ -0,0 +1,17 @@
+{
+  "schemas": [
+    "urn:ietf:params:scim:schemas:core:2.0:User"
+  ],
+  "userName": "acmeUser1-minimal-replaced",
+  "name": {
+    "familyName": "Ross-replaced",
+    "givenName": "Bethany-replaced"
+  },
+  "emails": [
+    {
+      "value": "user1-minimal-replaced@example.com",
+      "primary": true,
+      "type": "work"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/internal/api/scim/integration_test/users_create_test.go b/internal/api/scim/integration_test/users_create_test.go
index 8b6986666c..35d5297878 100644
--- a/internal/api/scim/integration_test/users_create_test.go
+++ b/internal/api/scim/integration_test/users_create_test.go
@@ -391,6 +391,7 @@ func TestCreateUser_metadata(t *testing.T) {
 		test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:locale", "en-US")
 		test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:ims", `[{"value":"someaimhandle","type":"aim"},{"value":"twitterhandle","type":"X"}]`)
 		test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:roles", `[{"value":"my-role-1","display":"Rolle 1","type":"main-role","primary":true},{"value":"my-role-2","display":"Rolle 2","type":"secondary-role"}]`)
+		test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:emails", `[{"value":"bjensen@example.com","primary":true,"type":"work"},{"value":"babs@jensen.org","primary":false,"type":"home"}]`)
 	}, retryDuration, tick)
 }
 
diff --git a/internal/api/scim/integration_test/users_get_test.go b/internal/api/scim/integration_test/users_get_test.go
index 0106e47ca2..8a1bab6c93 100644
--- a/internal/api/scim/integration_test/users_get_test.go
+++ b/internal/api/scim/integration_test/users_get_test.go
@@ -115,6 +115,7 @@ func TestGetUser(t *testing.T) {
 					{
 						Value:   "bjensen@example.com",
 						Primary: true,
+						Type:    "work",
 					},
 				},
 				PhoneNumbers: []*resources.ScimPhoneNumber{
diff --git a/internal/api/scim/integration_test/users_replace_test.go b/internal/api/scim/integration_test/users_replace_test.go
index 770ed06959..1c99592b01 100644
--- a/internal/api/scim/integration_test/users_replace_test.go
+++ b/internal/api/scim/integration_test/users_replace_test.go
@@ -27,6 +27,9 @@ var (
 	//go:embed testdata/users_replace_test_minimal_with_external_id.json
 	minimalUserWithExternalIDJson []byte
 
+	//go:embed testdata/users_replace_test_minimal_with_email_type.json
+	minimalUserWithEmailTypeReplaceJson []byte
+
 	//go:embed testdata/users_replace_test_minimal.json
 	minimalUserReplaceJson []byte
 
@@ -303,7 +306,42 @@ func TestReplaceUser_removeOldMetadata(t *testing.T) {
 			Id: createdUser.ID,
 		})
 		require.NoError(tt, err)
-		require.Equal(tt, 0, len(md.Result))
+		require.Equal(tt, 1, len(md.Result))
+
+		mdMap := make(map[string]string)
+		for i := range md.Result {
+			mdMap[md.Result[i].Key] = string(md.Result[i].Value)
+		}
+
+		test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:emails", "[{\"value\":\"user1@example.com\",\"primary\":true}]")
+	}, retryDuration, tick)
+
+	_, err = Instance.Client.UserV2.DeleteUser(CTX, &user.DeleteUserRequest{UserId: createdUser.ID})
+	require.NoError(t, err)
+}
+
+func TestReplaceUser_emailType(t *testing.T) {
+	// ensure old metadata is removed correctly
+	createdUser, err := Instance.Client.SCIM.Users.Create(CTX, Instance.DefaultOrg.Id, fullUserJson)
+	require.NoError(t, err)
+
+	_, err = Instance.Client.SCIM.Users.Replace(CTX, Instance.DefaultOrg.Id, createdUser.ID, minimalUserWithEmailTypeReplaceJson)
+	require.NoError(t, err)
+
+	retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Minute)
+	require.EventuallyWithT(t, func(tt *assert.CollectT) {
+		md, err := Instance.Client.Mgmt.ListUserMetadata(CTX, &management.ListUserMetadataRequest{
+			Id: createdUser.ID,
+		})
+		require.NoError(tt, err)
+		require.Equal(tt, 1, len(md.Result))
+
+		mdMap := make(map[string]string)
+		for i := range md.Result {
+			mdMap[md.Result[i].Key] = string(md.Result[i].Value)
+		}
+
+		test.AssertMapContains(tt, mdMap, "urn:zitadel:scim:emails", "[{\"value\":\"user1-minimal-replaced@example.com\",\"primary\":true,\"type\":\"work\"}]")
 	}, retryDuration, tick)
 
 	_, err = Instance.Client.UserV2.DeleteUser(CTX, &user.DeleteUserRequest{UserId: createdUser.ID})
diff --git a/internal/api/scim/integration_test/users_update_test.go b/internal/api/scim/integration_test/users_update_test.go
index 2fe129291a..77e55bac60 100644
--- a/internal/api/scim/integration_test/users_update_test.go
+++ b/internal/api/scim/integration_test/users_update_test.go
@@ -137,9 +137,18 @@ func TestUpdateUser(t *testing.T) {
 				NickName:    "",
 				ProfileUrl:  test.Must(schemas.ParseHTTPURL("http://login.example.com/bjensen")),
 				Emails: []*resources.ScimEmail{
+					{
+						Value: "bjensen@example.com",
+						Type:  "work",
+					},
+					{
+						Value: "babs@jensen.org",
+						Type:  "home",
+					},
 					{
 						Value:   "babs@example.com",
 						Primary: true,
+						Type:    "home",
 					},
 				},
 				Addresses: []*resources.ScimAddress{
diff --git a/internal/api/scim/metadata/metadata.go b/internal/api/scim/metadata/metadata.go
index 66a0a2483c..28e42290d1 100644
--- a/internal/api/scim/metadata/metadata.go
+++ b/internal/api/scim/metadata/metadata.go
@@ -30,6 +30,7 @@ const (
 	KeyAddresses                Key = KeyPrefix + "addresses"
 	KeyEntitlements             Key = KeyPrefix + "entitlements"
 	KeyRoles                    Key = KeyPrefix + "roles"
+	KeyEmails                   Key = KeyPrefix + "emails"
 )
 
 var (
@@ -47,6 +48,7 @@ var (
 		KeyAddresses,
 		KeyEntitlements,
 		KeyRoles,
+		KeyEmails,
 	}
 
 	AttributePathToMetadataKeys = map[string][]Key{
@@ -64,6 +66,7 @@ var (
 		"addresses":            {KeyAddresses},
 		"entitlements":         {KeyEntitlements},
 		"roles":                {KeyRoles},
+		"emails":               {KeyEmails},
 	}
 )
 
diff --git a/internal/api/scim/resources/user.go b/internal/api/scim/resources/user.go
index 13baed5d51..6506ae35c7 100644
--- a/internal/api/scim/resources/user.go
+++ b/internal/api/scim/resources/user.go
@@ -90,6 +90,7 @@ type ScimIms struct {
 type ScimEmail struct {
 	Value   string `json:"value" scim:"required"`
 	Primary bool   `json:"primary"`
+	Type    string `json:"type,omitempty"`
 }
 
 type ScimPhoneNumber struct {
diff --git a/internal/api/scim/resources/user_mapping.go b/internal/api/scim/resources/user_mapping.go
index 171af87238..260e50846a 100644
--- a/internal/api/scim/resources/user_mapping.go
+++ b/internal/api/scim/resources/user_mapping.go
@@ -382,6 +382,10 @@ func (h *UsersHandler) mapAndValidateMetadata(ctx context.Context, user *ScimUse
 	if err := extractJsonMetadata(ctx, md, metadata.KeyRoles, &user.Roles); err != nil {
 		logging.OnError(err).Warn("Could not deserialize scim roles metadata")
 	}
+
+	if err := extractJsonMetadata(ctx, md, metadata.KeyEmails, &user.Emails); err != nil {
+		logging.OnError(err).Warn("Could not deserialize scim emails metadata")
+	}
 }
 
 func (h *UsersHandler) buildResourceForQuery(ctx context.Context, user *query.User) *schemas.Resource {
diff --git a/internal/api/scim/resources/user_metadata.go b/internal/api/scim/resources/user_metadata.go
index 69d85e40e5..3e018507fe 100644
--- a/internal/api/scim/resources/user_metadata.go
+++ b/internal/api/scim/resources/user_metadata.go
@@ -129,7 +129,8 @@ func getValueForMetadataKey(user *ScimUser, key metadata.Key) ([]byte, error) {
 		metadata.KeyAddresses,
 		metadata.KeyEntitlements,
 		metadata.KeyIms,
-		metadata.KeyPhotos:
+		metadata.KeyPhotos,
+		metadata.KeyEmails:
 		val, err := json.Marshal(value)
 		if err != nil {
 			return nil, err
@@ -223,6 +224,8 @@ func getRawValueForMetadataKey(user *ScimUser, key metadata.Key) interface{} {
 		return user.Locale
 	case metadata.KeyTimezone:
 		return user.Timezone
+	case metadata.KeyEmails:
+		return user.Emails
 	case metadata.KeyProvisioningDomain:
 		break
 	}
diff --git a/internal/api/scim/resources/user_patch_test.go b/internal/api/scim/resources/user_patch_test.go
index ff3fc720bf..0c8aadc388 100644
--- a/internal/api/scim/resources/user_patch_test.go
+++ b/internal/api/scim/resources/user_patch_test.go
@@ -685,6 +685,39 @@ func TestOperationCollection_Apply(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "replace filter complex subattribute multiple emails primary value",
+			op: &patch.Operation{
+				Operation: patch.OperationTypeReplace,
+				Path:      test.Must(filter.ParsePath(`emails[primary eq true].value`)),
+				Value:     json.RawMessage(`"jeanie.rebecca.pendleton@example.com"`),
+			},
+			want: &ScimUser{
+				Emails: []*ScimEmail{
+					{
+						Value:   "jeanie.rebecca.pendleton@example.com",
+						Primary: true,
+					},
+				},
+			},
+		},
+		{
+			name: "replace filter complex subattribute multiple emails type value",
+			op: &patch.Operation{
+				Operation: patch.OperationTypeReplace,
+				Path:      test.Must(filter.ParsePath(`emails[type eq "work"].value`)),
+				Value:     json.RawMessage(`"jeanie.rebecca.pendleton@example.com"`),
+			},
+			want: &ScimUser{
+				Emails: []*ScimEmail{
+					{
+						Value:   "jeanie.rebecca.pendleton@example.com",
+						Primary: true,
+						Type:    "work",
+					},
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -711,6 +744,7 @@ func TestOperationCollection_Apply(t *testing.T) {
 					{
 						Value:   "jeanie.pendleton@example.com",
 						Primary: true,
+						Type:    "work",
 					},
 				},
 				PhoneNumbers: []*ScimPhoneNumber{

From fa9de9a0f123269cc257b849cec03b4ab316c133 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Tue, 24 Jun 2025 12:41:41 +0300
Subject: [PATCH 101/123] feat: generate webkeys setup step (#10105)

# Which Problems Are Solved

We are preparing to roll-out and stabilize webkeys in the next version
of Zitadel. Before removing legacy signing-key code, we must ensure all
existing instances have their webkeys generated.

# How the Problems Are Solved

Add a setup step which generate 2 webkeys for each existing instance
that didn't have webkeys yet.

# Additional Changes

Return an error from the config type-switch, when the type is unknown.

# Additional Context

- Part 1/2 of https://github.com/zitadel/zitadel/issues/10029
- Should be back-ported to v3
---
 cmd/setup/59.go            | 54 ++++++++++++++++++++++++++++++++++++++
 cmd/setup/config.go        |  1 +
 cmd/setup/setup.go         |  2 ++
 internal/crypto/web_key.go |  3 +++
 4 files changed, 60 insertions(+)
 create mode 100644 cmd/setup/59.go

diff --git a/cmd/setup/59.go b/cmd/setup/59.go
new file mode 100644
index 0000000000..530937d1a5
--- /dev/null
+++ b/cmd/setup/59.go
@@ -0,0 +1,54 @@
+package setup
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/zitadel/logging"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/instance"
+)
+
+type SetupWebkeys struct {
+	eventstore *eventstore.Eventstore
+	commands   *command.Commands
+}
+
+func (mig *SetupWebkeys) Execute(ctx context.Context, _ eventstore.Event) error {
+	instances, err := mig.eventstore.InstanceIDs(
+		ctx,
+		eventstore.NewSearchQueryBuilder(eventstore.ColumnsInstanceIDs).
+			OrderDesc().
+			AddQuery().
+			AggregateTypes(instance.AggregateType).
+			EventTypes(instance.InstanceAddedEventType).
+			Builder().ExcludeAggregateIDs().
+			AggregateTypes(instance.AggregateType).
+			EventTypes(instance.InstanceRemovedEventType).
+			Builder(),
+	)
+	if err != nil {
+		return fmt.Errorf("%s get instance IDs: %w", mig, err)
+	}
+	conf := &crypto.WebKeyRSAConfig{
+		Bits:   crypto.RSABits2048,
+		Hasher: crypto.RSAHasherSHA256,
+	}
+
+	for _, instance := range instances {
+		ctx := authz.WithInstanceID(ctx, instance)
+		logging.Info("prepare initial webkeys for instance", "instance_id", instance, "migration", mig)
+		if err := mig.commands.GenerateInitialWebKeys(ctx, conf); err != nil {
+			return fmt.Errorf("%s generate initial webkeys: %w", mig, err)
+		}
+	}
+	return nil
+}
+
+func (mig *SetupWebkeys) String() string {
+	return "59_setup_webkeys"
+}
diff --git a/cmd/setup/config.go b/cmd/setup/config.go
index 0c3f726902..7385cc7652 100644
--- a/cmd/setup/config.go
+++ b/cmd/setup/config.go
@@ -155,6 +155,7 @@ type Steps struct {
 	s56IDPTemplate6SAMLFederatedLogout      *IDPTemplate6SAMLFederatedLogout
 	s57CreateResourceCounts                 *CreateResourceCounts
 	s58ReplaceLoginNames3View               *ReplaceLoginNames3View
+	s59SetupWebkeys                         *SetupWebkeys
 }
 
 func MustNewSteps(v *viper.Viper) *Steps {
diff --git a/cmd/setup/setup.go b/cmd/setup/setup.go
index 8ee8d7fc68..dd23c320c7 100644
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -272,6 +272,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 	}
 
 	commands, _, _, _ := startCommandsQueries(ctx, eventstoreClient, eventstoreV4, dbClient, masterKey, config)
+	steps.s59SetupWebkeys = &SetupWebkeys{eventstore: eventstoreClient, commands: commands}
 
 	repeatableSteps := []migration.RepeatableMigration{
 		&externalConfigChange{
@@ -321,6 +322,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 		steps.s42Apps7OIDCConfigsLoginVersion,
 		steps.s43CreateFieldsDomainIndex,
 		steps.s48Apps7SAMLConfigsLoginVersion,
+		steps.s59SetupWebkeys, // this step needs commands.
 	} {
 		setupErr = executeMigration(ctx, eventstoreClient, step, "migration failed")
 		if setupErr != nil {
diff --git a/internal/crypto/web_key.go b/internal/crypto/web_key.go
index c769cb1213..286305259b 100644
--- a/internal/crypto/web_key.go
+++ b/internal/crypto/web_key.go
@@ -7,6 +7,7 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"encoding/json"
+	"fmt"
 
 	"github.com/go-jose/go-jose/v4"
 	"github.com/muhlemmer/gu"
@@ -219,6 +220,8 @@ func generateWebKey(keyID string, genConfig WebKeyConfig) (private, public *jose
 		key, err = ecdsa.GenerateKey(conf.GetCurve(), rand.Reader)
 	case *WebKeyED25519Config:
 		_, key, err = ed25519.GenerateKey(rand.Reader)
+	default:
+		return nil, nil, fmt.Errorf("unknown webkey config type %T", genConfig)
 	}
 	if err != nil {
 		return nil, nil, err

From 1719bbaba5f3a4a7aa8c29fd46414d4f65e76396 Mon Sep 17 00:00:00 2001
From: Florian Forster <florian@zitadel.com>
Date: Tue, 24 Jun 2025 23:02:12 -0700
Subject: [PATCH 102/123] chore(docs): update docusaurus to 3.8.1 (#10115)

This pull request updates several dependencies in the
`docs/package.json` file to their latest minor versions, ensuring
compatibility and access to the latest features and fixes.

Dependency updates:

* Updated `@docusaurus/core`, `@docusaurus/faster`,
`@docusaurus/preset-classic`, `@docusaurus/theme-mermaid`, and
`@docusaurus/theme-search-algolia` from version `^3.8.0` to `^3.8.1` in
the `dependencies` section.
* Updated `@docusaurus/module-type-aliases` and `@docusaurus/types` from
version `^3.8.0` to `^3.8.1` in the `devDependencies` section.

Co-authored-by: Florian Forster <florian@zitadel>
---
 docs/package.json |  14 +-
 docs/yarn.lock    | 750 ++++++++++++++++++++++++----------------------
 2 files changed, 399 insertions(+), 365 deletions(-)

diff --git a/docs/package.json b/docs/package.json
index 014a8ec0ca..2c9eb8bb84 100644
--- a/docs/package.json
+++ b/docs/package.json
@@ -22,11 +22,11 @@
   },
   "dependencies": {
     "@bufbuild/buf": "^1.14.0",
-    "@docusaurus/core": "^3.8.0",
-    "@docusaurus/faster": "^3.8.0",
-    "@docusaurus/preset-classic": "^3.8.0",
-    "@docusaurus/theme-mermaid": "^3.8.0",
-    "@docusaurus/theme-search-algolia": "^3.8.0",
+    "@docusaurus/core": "^3.8.1",
+    "@docusaurus/faster": "^3.8.1",
+    "@docusaurus/preset-classic": "^3.8.1",
+    "@docusaurus/theme-mermaid": "^3.8.1",
+    "@docusaurus/theme-search-algolia": "^3.8.1",
     "@headlessui/react": "^1.7.4",
     "@heroicons/react": "^2.0.13",
     "autoprefixer": "^10.4.13",
@@ -57,8 +57,8 @@
     ]
   },
   "devDependencies": {
-    "@docusaurus/module-type-aliases": "^3.8.0",
-    "@docusaurus/types": "^3.8.0",
+    "@docusaurus/module-type-aliases": "^3.8.1",
+    "@docusaurus/types": "^3.8.1",
     "tailwindcss": "^3.2.4"
   },
   "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
diff --git a/docs/yarn.lock b/docs/yarn.lock
index 70f2de1f05..c933386f97 100644
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@@ -2347,10 +2347,10 @@
   resolved "https://registry.yarnpkg.com/@csstools/postcss-initial/-/postcss-initial-2.0.1.tgz#c385bd9d8ad31ad159edd7992069e97ceea4d09a"
   integrity sha512-L1wLVMSAZ4wovznquK0xmC7QSctzO4D0Is590bxpGqhqjboLXYA16dWZpfwImkdOgACdQ9PqXsuRroW6qPlEsg==
 
-"@csstools/postcss-is-pseudo-class@^5.0.1":
-  version "5.0.1"
-  resolved "https://registry.yarnpkg.com/@csstools/postcss-is-pseudo-class/-/postcss-is-pseudo-class-5.0.1.tgz#12041448fedf01090dd4626022c28b7f7623f58e"
-  integrity sha512-JLp3POui4S1auhDR0n8wHd/zTOWmMsmK3nQd3hhL6FhWPaox5W7j1se6zXOG/aP07wV2ww0lxbKYGwbBszOtfQ==
+"@csstools/postcss-is-pseudo-class@^5.0.3":
+  version "5.0.3"
+  resolved "https://registry.yarnpkg.com/@csstools/postcss-is-pseudo-class/-/postcss-is-pseudo-class-5.0.3.tgz#d34e850bcad4013c2ed7abe948bfa0448aa8eb74"
+  integrity sha512-jS/TY4SpG4gszAtIg7Qnf3AS2pjcUM5SzxpApOrlndMeGhIbaTzWBzzP/IApXoNWEW7OhcjkRT48jnAUIFXhAQ==
   dependencies:
     "@csstools/selector-specificity" "^5.0.0"
     postcss-selector-parser "^7.0.0"
@@ -2514,10 +2514,10 @@
   resolved "https://registry.yarnpkg.com/@csstools/postcss-unset-value/-/postcss-unset-value-4.0.0.tgz#7caa981a34196d06a737754864baf77d64de4bba"
   integrity sha512-cBz3tOCI5Fw6NIFEwU3RiwK6mn3nKegjpJuzCndoGq3BZPkUjnsq7uQmIeMNeMbMk7YD2MfKcgCpZwX5jyXqCA==
 
-"@csstools/selector-resolve-nested@^3.0.0":
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/@csstools/selector-resolve-nested/-/selector-resolve-nested-3.0.0.tgz#704a9b637975680e025e069a4c58b3beb3e2752a"
-  integrity sha512-ZoK24Yku6VJU1gS79a5PFmC8yn3wIapiKmPgun0hZgEI5AOqgH2kiPRsPz1qkGv4HL+wuDLH83yQyk6inMYrJQ==
+"@csstools/selector-resolve-nested@^3.1.0":
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/@csstools/selector-resolve-nested/-/selector-resolve-nested-3.1.0.tgz#848c6f44cb65e3733e478319b9342b7aa436fac7"
+  integrity sha512-mf1LEW0tJLKfWyvn5KdDrhpxHyuxpbNwTIwOYLIvsTffeyOf85j5oIzfG0yosxDgx/sswlqBnESYUcQH0vgZ0g==
 
 "@csstools/selector-specificity@^5.0.0":
   version "5.0.0"
@@ -2549,10 +2549,10 @@
     "@docsearch/css" "3.9.0"
     algoliasearch "^5.14.2"
 
-"@docusaurus/babel@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/babel/-/babel-3.8.0.tgz#2f390cc4e588a96ec496d87921e44890899738a6"
-  integrity sha512-9EJwSgS6TgB8IzGk1L8XddJLhZod8fXT4ULYMx6SKqyCBqCFpVCEjR/hNXXhnmtVM2irDuzYoVLGWv7srG/VOA==
+"@docusaurus/babel@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/babel/-/babel-3.8.1.tgz#db329ac047184214e08e2dbc809832c696c18506"
+  integrity sha512-3brkJrml8vUbn9aeoZUlJfsI/GqyFcDgQJwQkmBtclJgWDEQBKKeagZfOgx0WfUQhagL1sQLNW0iBdxnI863Uw==
   dependencies:
     "@babel/core" "^7.25.9"
     "@babel/generator" "^7.25.9"
@@ -2564,54 +2564,54 @@
     "@babel/runtime" "^7.25.9"
     "@babel/runtime-corejs3" "^7.25.9"
     "@babel/traverse" "^7.25.9"
-    "@docusaurus/logger" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/logger" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
     babel-plugin-dynamic-import-node "^2.3.3"
     fs-extra "^11.1.1"
     tslib "^2.6.0"
 
-"@docusaurus/bundler@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/bundler/-/bundler-3.8.0.tgz#386f54dca594d81bac6b617c71822e0808d6e2f6"
-  integrity sha512-Rq4Z/MSeAHjVzBLirLeMcjLIAQy92pF1OI+2rmt18fSlMARfTGLWRE8Vb+ljQPTOSfJxwDYSzsK6i7XloD2rNA==
+"@docusaurus/bundler@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/bundler/-/bundler-3.8.1.tgz#e2b11d615f09a6e470774bb36441b8d06736b94c"
+  integrity sha512-/z4V0FRoQ0GuSLToNjOSGsk6m2lQUG4FRn8goOVoZSRsTrU8YR2aJacX5K3RG18EaX9b+52pN4m1sL3MQZVsQA==
   dependencies:
     "@babel/core" "^7.25.9"
-    "@docusaurus/babel" "3.8.0"
-    "@docusaurus/cssnano-preset" "3.8.0"
-    "@docusaurus/logger" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/babel" "3.8.1"
+    "@docusaurus/cssnano-preset" "3.8.1"
+    "@docusaurus/logger" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
     babel-loader "^9.2.1"
-    clean-css "^5.3.2"
+    clean-css "^5.3.3"
     copy-webpack-plugin "^11.0.0"
-    css-loader "^6.8.1"
+    css-loader "^6.11.0"
     css-minimizer-webpack-plugin "^5.0.1"
     cssnano "^6.1.2"
     file-loader "^6.2.0"
     html-minifier-terser "^7.2.0"
-    mini-css-extract-plugin "^2.9.1"
+    mini-css-extract-plugin "^2.9.2"
     null-loader "^4.0.1"
-    postcss "^8.4.26"
-    postcss-loader "^7.3.3"
-    postcss-preset-env "^10.1.0"
+    postcss "^8.5.4"
+    postcss-loader "^7.3.4"
+    postcss-preset-env "^10.2.1"
     terser-webpack-plugin "^5.3.9"
     tslib "^2.6.0"
     url-loader "^4.1.1"
     webpack "^5.95.0"
     webpackbar "^6.0.1"
 
-"@docusaurus/core@3.8.0", "@docusaurus/core@^3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/core/-/core-3.8.0.tgz#79d5e1084415c8834a8a5cb87162ca13f52fe147"
-  integrity sha512-c7u6zFELmSGPEP9WSubhVDjgnpiHgDqMh1qVdCB7rTflh4Jx0msTYmMiO91Ez0KtHj4sIsDsASnjwfJ2IZp3Vw==
+"@docusaurus/core@3.8.1", "@docusaurus/core@^3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/core/-/core-3.8.1.tgz#c22e47c16a22cb7d245306c64bc54083838ff3db"
+  integrity sha512-ENB01IyQSqI2FLtOzqSI3qxG2B/jP4gQPahl2C3XReiLebcVh5B5cB9KYFvdoOqOWPyr5gXK4sjgTKv7peXCrA==
   dependencies:
-    "@docusaurus/babel" "3.8.0"
-    "@docusaurus/bundler" "3.8.0"
-    "@docusaurus/logger" "3.8.0"
-    "@docusaurus/mdx-loader" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
-    "@docusaurus/utils-common" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/babel" "3.8.1"
+    "@docusaurus/bundler" "3.8.1"
+    "@docusaurus/logger" "3.8.1"
+    "@docusaurus/mdx-loader" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
+    "@docusaurus/utils-common" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     boxen "^6.2.1"
     chalk "^4.1.2"
     chokidar "^3.5.3"
@@ -2648,23 +2648,23 @@
     webpack-dev-server "^4.15.2"
     webpack-merge "^6.0.1"
 
-"@docusaurus/cssnano-preset@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/cssnano-preset/-/cssnano-preset-3.8.0.tgz#a70f19e2995be2299f5ef9c3da3e5d4d5c14bff2"
-  integrity sha512-UJ4hAS2T0R4WNy+phwVff2Q0L5+RXW9cwlH6AEphHR5qw3m/yacfWcSK7ort2pMMbDn8uGrD38BTm4oLkuuNoQ==
+"@docusaurus/cssnano-preset@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/cssnano-preset/-/cssnano-preset-3.8.1.tgz#bd55026251a6ab8e2194839a2042458ef9880c44"
+  integrity sha512-G7WyR2N6SpyUotqhGznERBK+x84uyhfMQM2MmDLs88bw4Flom6TY46HzkRkSEzaP9j80MbTN8naiL1fR17WQug==
   dependencies:
     cssnano-preset-advanced "^6.1.2"
-    postcss "^8.4.38"
+    postcss "^8.5.4"
     postcss-sort-media-queries "^5.2.0"
     tslib "^2.6.0"
 
-"@docusaurus/faster@^3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/faster/-/faster-3.8.0.tgz#2814c5ea4f19e10a6cebf9296b6f15f8a621bf61"
-  integrity sha512-v9+8rT2gw/4zIRBwc4fIVhrTH/yFVDQgJgyYZjqr3fgojOypdQCOwkN6Z8dOwTei4/zo+b/zDPB4x1UvghJZRg==
+"@docusaurus/faster@^3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/faster/-/faster-3.8.1.tgz#4db2d426f2caa754b12fa4c1264c82ab16618685"
+  integrity sha512-XYrj3qnTm+o2d5ih5drCq9s63GJoM8vZ26WbLG5FZhURsNxTSXgHJcx11Qo7nWPUStCQkuqk1HvItzscCUnd4A==
   dependencies:
-    "@docusaurus/types" "3.8.0"
-    "@rspack/core" "^1.3.10"
+    "@docusaurus/types" "3.8.1"
+    "@rspack/core" "^1.3.15"
     "@swc/core" "^1.7.39"
     "@swc/html" "^1.7.39"
     browserslist "^4.24.2"
@@ -2673,22 +2673,22 @@
     tslib "^2.6.0"
     webpack "^5.95.0"
 
-"@docusaurus/logger@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/logger/-/logger-3.8.0.tgz#c1abbb084a8058dc0047d57070fb9cd0241a679d"
-  integrity sha512-7eEMaFIam5Q+v8XwGqF/n0ZoCld4hV4eCCgQkfcN9Mq5inoZa6PHHW9Wu6lmgzoK5Kx3keEeABcO2SxwraoPDQ==
+"@docusaurus/logger@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/logger/-/logger-3.8.1.tgz#45321b2e2e14695d0dbd8b4104ea7b0fbaa98700"
+  integrity sha512-2wjeGDhKcExEmjX8k1N/MRDiPKXGF2Pg+df/bDDPnnJWHXnVEZxXj80d6jcxp1Gpnksl0hF8t/ZQw9elqj2+ww==
   dependencies:
     chalk "^4.1.2"
     tslib "^2.6.0"
 
-"@docusaurus/mdx-loader@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/mdx-loader/-/mdx-loader-3.8.0.tgz#2b225cd2b1159cc49b10b1cac63a927a8368274b"
-  integrity sha512-mDPSzssRnpjSdCGuv7z2EIAnPS1MHuZGTaRLwPn4oQwszu4afjWZ/60sfKjTnjBjI8Vl4OgJl2vMmfmiNDX4Ng==
+"@docusaurus/mdx-loader@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/mdx-loader/-/mdx-loader-3.8.1.tgz#74309b3614bbcef1d55fb13e6cc339b7fb000b5f"
+  integrity sha512-DZRhagSFRcEq1cUtBMo4TKxSNo/W6/s44yhr8X+eoXqCLycFQUylebOMPseHi5tc4fkGJqwqpWJLz6JStU9L4w==
   dependencies:
-    "@docusaurus/logger" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/logger" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     "@mdx-js/mdx" "^3.0.0"
     "@slorber/remark-comment" "^1.0.0"
     escape-html "^1.0.3"
@@ -2711,12 +2711,12 @@
     vfile "^6.0.1"
     webpack "^5.88.1"
 
-"@docusaurus/module-type-aliases@3.8.0", "@docusaurus/module-type-aliases@^3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/module-type-aliases/-/module-type-aliases-3.8.0.tgz#e487052c372538c5dcf2200999e13f328fa5ffaa"
-  integrity sha512-/uMb4Ipt5J/QnD13MpnoC/A4EYAe6DKNWqTWLlGrqsPJwJv73vSwkA25xnYunwfqWk0FlUQfGv/Swdh5eCCg7g==
+"@docusaurus/module-type-aliases@3.8.1", "@docusaurus/module-type-aliases@^3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/module-type-aliases/-/module-type-aliases-3.8.1.tgz#454de577bd7f50b5eae16db0f76b49ca5e4e281a"
+  integrity sha512-6xhvAJiXzsaq3JdosS7wbRt/PwEPWHr9eM4YNYqVlbgG1hSK3uQDXTVvQktasp3VO6BmfYWPozueLWuj4gB+vg==
   dependencies:
-    "@docusaurus/types" "3.8.0"
+    "@docusaurus/types" "3.8.1"
     "@types/history" "^4.7.11"
     "@types/react" "*"
     "@types/react-router-config" "*"
@@ -2724,19 +2724,19 @@
     react-helmet-async "npm:@slorber/react-helmet-async@1.3.0"
     react-loadable "npm:@docusaurus/react-loadable@6.0.0"
 
-"@docusaurus/plugin-content-blog@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.8.0.tgz#0c200b1fb821e09e9e975c45255e5ddfab06c392"
-  integrity sha512-0SlOTd9R55WEr1GgIXu+hhTT0hzARYx3zIScA5IzpdekZQesI/hKEa5LPHBd415fLkWMjdD59TaW/3qQKpJ0Lg==
+"@docusaurus/plugin-content-blog@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.8.1.tgz#88d842b562b04cf59df900d9f6984b086f821525"
+  integrity sha512-vNTpMmlvNP9n3hGEcgPaXyvTljanAKIUkuG9URQ1DeuDup0OR7Ltvoc8yrmH+iMZJbcQGhUJF+WjHLwuk8HSdw==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/logger" "3.8.0"
-    "@docusaurus/mdx-loader" "3.8.0"
-    "@docusaurus/theme-common" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
-    "@docusaurus/utils-common" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/logger" "3.8.1"
+    "@docusaurus/mdx-loader" "3.8.1"
+    "@docusaurus/theme-common" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
+    "@docusaurus/utils-common" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     cheerio "1.0.0-rc.12"
     feed "^4.2.2"
     fs-extra "^11.1.1"
@@ -2748,20 +2748,20 @@
     utility-types "^3.10.0"
     webpack "^5.88.1"
 
-"@docusaurus/plugin-content-docs@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.8.0.tgz#6aedb1261da1f0c8c2fa11cfaa6df4577a9b7826"
-  integrity sha512-fRDMFLbUN6eVRXcjP8s3Y7HpAt9pzPYh1F/7KKXOCxvJhjjCtbon4VJW0WndEPInVz4t8QUXn5QZkU2tGVCE2g==
+"@docusaurus/plugin-content-docs@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.8.1.tgz#40686a206abb6373bee5638de100a2c312f112a4"
+  integrity sha512-oByRkSZzeGNQByCMaX+kif5Nl2vmtj2IHQI2fWjCfCootsdKZDPFLonhIp5s3IGJO7PLUfe0POyw0Xh/RrGXJA==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/logger" "3.8.0"
-    "@docusaurus/mdx-loader" "3.8.0"
-    "@docusaurus/module-type-aliases" "3.8.0"
-    "@docusaurus/theme-common" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
-    "@docusaurus/utils-common" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/logger" "3.8.1"
+    "@docusaurus/mdx-loader" "3.8.1"
+    "@docusaurus/module-type-aliases" "3.8.1"
+    "@docusaurus/theme-common" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
+    "@docusaurus/utils-common" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     "@types/react-router-config" "^5.0.7"
     combine-promises "^1.1.0"
     fs-extra "^11.1.1"
@@ -2772,148 +2772,149 @@
     utility-types "^3.10.0"
     webpack "^5.88.1"
 
-"@docusaurus/plugin-content-pages@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.8.0.tgz#2db5f990872684c621665d0d0d8d9b5831fd2999"
-  integrity sha512-39EDx2y1GA0Pxfion5tQZLNJxL4gq6susd1xzetVBjVIQtwpCdyloOfQBAgX0FylqQxfJrYqL0DIUuq7rd7uBw==
+"@docusaurus/plugin-content-pages@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.8.1.tgz#41b684dbd15390b7bb6a627f78bf81b6324511ac"
+  integrity sha512-a+V6MS2cIu37E/m7nDJn3dcxpvXb6TvgdNI22vJX8iUTp8eoMoPa0VArEbWvCxMY/xdC26WzNv4wZ6y0iIni/w==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/mdx-loader" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/mdx-loader" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     fs-extra "^11.1.1"
     tslib "^2.6.0"
     webpack "^5.88.1"
 
-"@docusaurus/plugin-css-cascade-layers@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-css-cascade-layers/-/plugin-css-cascade-layers-3.8.0.tgz#a0741ae32917a88ce7ce76b6f472495fa4bf576d"
-  integrity sha512-/VBTNymPIxQB8oA3ZQ4GFFRYdH4ZxDRRBECxyjRyv486mfUPXfcdk+im4S5mKWa6EK2JzBz95IH/Wu0qQgJ5yQ==
+"@docusaurus/plugin-css-cascade-layers@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-css-cascade-layers/-/plugin-css-cascade-layers-3.8.1.tgz#cb414b4a82aa60fc64ef2a435ad0105e142a6c71"
+  integrity sha512-VQ47xRxfNKjHS5ItzaVXpxeTm7/wJLFMOPo1BkmoMG4Cuz4nuI+Hs62+RMk1OqVog68Swz66xVPK8g9XTrBKRw==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     tslib "^2.6.0"
 
-"@docusaurus/plugin-debug@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-debug/-/plugin-debug-3.8.0.tgz#297c159ae99924e60042426d2ad6ee0d5e9126b3"
-  integrity sha512-teonJvJsDB9o2OnG6ifbhblg/PXzZvpUKHFgD8dOL1UJ58u0lk8o0ZOkvaYEBa9nDgqzoWrRk9w+e3qaG2mOhQ==
+"@docusaurus/plugin-debug@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-debug/-/plugin-debug-3.8.1.tgz#45b107e46b627caaae66995f53197ace78af3491"
+  integrity sha512-nT3lN7TV5bi5hKMB7FK8gCffFTBSsBsAfV84/v293qAmnHOyg1nr9okEw8AiwcO3bl9vije5nsUvP0aRl2lpaw==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
     fs-extra "^11.1.1"
     react-json-view-lite "^2.3.0"
     tslib "^2.6.0"
 
-"@docusaurus/plugin-google-analytics@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.8.0.tgz#fb97097af331beb13553a384081dc83607539b31"
-  integrity sha512-aKKa7Q8+3xRSRESipNvlFgNp3FNPELKhuo48Cg/svQbGNwidSHbZT03JqbW4cBaQnyyVchO1ttk+kJ5VC9Gx0w==
+"@docusaurus/plugin-google-analytics@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.8.1.tgz#64a302e62fe5cb6e007367c964feeef7b056764a"
+  integrity sha512-Hrb/PurOJsmwHAsfMDH6oVpahkEGsx7F8CWMjyP/dw1qjqmdS9rcV1nYCGlM8nOtD3Wk/eaThzUB5TSZsGz+7Q==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     tslib "^2.6.0"
 
-"@docusaurus/plugin-google-gtag@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.8.0.tgz#b5a60006c28ac582859a469fb92e53d383b0a055"
-  integrity sha512-ugQYMGF4BjbAW/JIBtVcp+9eZEgT9HRdvdcDudl5rywNPBA0lct+lXMG3r17s02rrhInMpjMahN3Yc9Cb3H5/g==
+"@docusaurus/plugin-google-gtag@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.8.1.tgz#8c76f8a1d96448f2f0f7b10e6bde451c40672b95"
+  integrity sha512-tKE8j1cEZCh8KZa4aa80zpSTxsC2/ZYqjx6AAfd8uA8VHZVw79+7OTEP2PoWi0uL5/1Is0LF5Vwxd+1fz5HlKg==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     "@types/gtag.js" "^0.0.12"
     tslib "^2.6.0"
 
-"@docusaurus/plugin-google-tag-manager@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.8.0.tgz#612aa63e161fb273bf7db2591034c0142951727d"
-  integrity sha512-9juRWxbwZD3SV02Jd9QB6yeN7eu+7T4zB0bvJLcVQwi+am51wAxn2CwbdL0YCCX+9OfiXbADE8D8Q65Hbopu/w==
+"@docusaurus/plugin-google-tag-manager@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.8.1.tgz#88241ffd06369f4a4d5fb982ff3ac2777561ae37"
+  integrity sha512-iqe3XKITBquZq+6UAXdb1vI0fPY5iIOitVjPQ581R1ZKpHr0qe+V6gVOrrcOHixPDD/BUKdYwkxFjpNiEN+vBw==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     tslib "^2.6.0"
 
-"@docusaurus/plugin-sitemap@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.8.0.tgz#a39e3b5aa2f059aba0052ed11a6b4fbf78ac0dad"
-  integrity sha512-fGpOIyJvNiuAb90nSJ2Gfy/hUOaDu6826e5w5UxPmbpCIc7KlBHNAZ5g4L4ZuHhc4hdfq4mzVBsQSnne+8Ze1g==
+"@docusaurus/plugin-sitemap@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.8.1.tgz#3aebd39186dc30e53023f1aab44625bc0bdac892"
+  integrity sha512-+9YV/7VLbGTq8qNkjiugIelmfUEVkTyLe6X8bWq7K5qPvGXAjno27QAfFq63mYfFFbJc7z+pudL63acprbqGzw==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/logger" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
-    "@docusaurus/utils-common" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/logger" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
+    "@docusaurus/utils-common" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     fs-extra "^11.1.1"
     sitemap "^7.1.1"
     tslib "^2.6.0"
 
-"@docusaurus/plugin-svgr@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-svgr/-/plugin-svgr-3.8.0.tgz#6d2d43f14b32b4bb2dd8dc87a70c6e78754c1e85"
-  integrity sha512-kEDyry+4OMz6BWLG/lEqrNsL/w818bywK70N1gytViw4m9iAmoxCUT7Ri9Dgs7xUdzCHJ3OujolEmD88Wy44OA==
+"@docusaurus/plugin-svgr@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/plugin-svgr/-/plugin-svgr-3.8.1.tgz#6f340be8eae418a2cce540d8ece096ffd9c9b6ab"
+  integrity sha512-rW0LWMDsdlsgowVwqiMb/7tANDodpy1wWPwCcamvhY7OECReN3feoFwLjd/U4tKjNY3encj0AJSTxJA+Fpe+Gw==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     "@svgr/core" "8.1.0"
     "@svgr/webpack" "^8.1.0"
     tslib "^2.6.0"
     webpack "^5.88.1"
 
-"@docusaurus/preset-classic@^3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/preset-classic/-/preset-classic-3.8.0.tgz#ac8bc17e3b7b443d8a24f2f1da0c0be396950fef"
-  integrity sha512-qOu6tQDOWv+rpTlKu+eJATCJVGnABpRCPuqf7LbEaQ1mNY//N/P8cHQwkpAU+aweQfarcZ0XfwCqRHJfjeSV/g==
+"@docusaurus/preset-classic@^3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/preset-classic/-/preset-classic-3.8.1.tgz#bb79fd12f3211363720c569a526c7e24d3aa966b"
+  integrity sha512-yJSjYNHXD8POMGc2mKQuj3ApPrN+eG0rO1UPgSx7jySpYU+n4WjBikbrA2ue5ad9A7aouEtMWUoiSRXTH/g7KQ==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/plugin-content-blog" "3.8.0"
-    "@docusaurus/plugin-content-docs" "3.8.0"
-    "@docusaurus/plugin-content-pages" "3.8.0"
-    "@docusaurus/plugin-css-cascade-layers" "3.8.0"
-    "@docusaurus/plugin-debug" "3.8.0"
-    "@docusaurus/plugin-google-analytics" "3.8.0"
-    "@docusaurus/plugin-google-gtag" "3.8.0"
-    "@docusaurus/plugin-google-tag-manager" "3.8.0"
-    "@docusaurus/plugin-sitemap" "3.8.0"
-    "@docusaurus/plugin-svgr" "3.8.0"
-    "@docusaurus/theme-classic" "3.8.0"
-    "@docusaurus/theme-common" "3.8.0"
-    "@docusaurus/theme-search-algolia" "3.8.0"
-    "@docusaurus/types" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/plugin-content-blog" "3.8.1"
+    "@docusaurus/plugin-content-docs" "3.8.1"
+    "@docusaurus/plugin-content-pages" "3.8.1"
+    "@docusaurus/plugin-css-cascade-layers" "3.8.1"
+    "@docusaurus/plugin-debug" "3.8.1"
+    "@docusaurus/plugin-google-analytics" "3.8.1"
+    "@docusaurus/plugin-google-gtag" "3.8.1"
+    "@docusaurus/plugin-google-tag-manager" "3.8.1"
+    "@docusaurus/plugin-sitemap" "3.8.1"
+    "@docusaurus/plugin-svgr" "3.8.1"
+    "@docusaurus/theme-classic" "3.8.1"
+    "@docusaurus/theme-common" "3.8.1"
+    "@docusaurus/theme-search-algolia" "3.8.1"
+    "@docusaurus/types" "3.8.1"
 
-"@docusaurus/theme-classic@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/theme-classic/-/theme-classic-3.8.0.tgz#6d44fb801b86a7c7af01cda0325af1a3300b3ac2"
-  integrity sha512-nQWFiD5ZjoT76OaELt2n33P3WVuuCz8Dt5KFRP2fCBo2r9JCLsp2GJjZpnaG24LZ5/arRjv4VqWKgpK0/YLt7g==
+"@docusaurus/theme-classic@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/theme-classic/-/theme-classic-3.8.1.tgz#1e45c66d89ded359225fcd29bf3258d9205765c1"
+  integrity sha512-bqDUCNqXeYypMCsE1VcTXSI1QuO4KXfx8Cvl6rYfY0bhhqN6d2WZlRkyLg/p6pm+DzvanqHOyYlqdPyP0iz+iw==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/logger" "3.8.0"
-    "@docusaurus/mdx-loader" "3.8.0"
-    "@docusaurus/module-type-aliases" "3.8.0"
-    "@docusaurus/plugin-content-blog" "3.8.0"
-    "@docusaurus/plugin-content-docs" "3.8.0"
-    "@docusaurus/plugin-content-pages" "3.8.0"
-    "@docusaurus/theme-common" "3.8.0"
-    "@docusaurus/theme-translations" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
-    "@docusaurus/utils-common" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/logger" "3.8.1"
+    "@docusaurus/mdx-loader" "3.8.1"
+    "@docusaurus/module-type-aliases" "3.8.1"
+    "@docusaurus/plugin-content-blog" "3.8.1"
+    "@docusaurus/plugin-content-docs" "3.8.1"
+    "@docusaurus/plugin-content-pages" "3.8.1"
+    "@docusaurus/theme-common" "3.8.1"
+    "@docusaurus/theme-translations" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
+    "@docusaurus/utils-common" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     "@mdx-js/react" "^3.0.0"
     clsx "^2.0.0"
     copy-text-to-clipboard "^3.2.0"
     infima "0.2.0-alpha.45"
     lodash "^4.17.21"
     nprogress "^0.2.0"
-    postcss "^8.4.26"
+    postcss "^8.5.4"
     prism-react-renderer "^2.3.0"
     prismjs "^1.29.0"
     react-router-dom "^5.3.4"
@@ -2921,15 +2922,15 @@
     tslib "^2.6.0"
     utility-types "^3.10.0"
 
-"@docusaurus/theme-common@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/theme-common/-/theme-common-3.8.0.tgz#102c385c3d1d3b7a6b52d1911c7e88c38d9a977e"
-  integrity sha512-YqV2vAWpXGLA+A3PMLrOMtqgTHJLDcT+1Caa6RF7N4/IWgrevy5diY8oIHFkXR/eybjcrFFjUPrHif8gSGs3Tw==
+"@docusaurus/theme-common@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/theme-common/-/theme-common-3.8.1.tgz#17c23316fbe3ee3f7e707c7298cb59a0fff38b4b"
+  integrity sha512-UswMOyTnPEVRvN5Qzbo+l8k4xrd5fTFu2VPPfD6FcW/6qUtVLmJTQCktbAL3KJ0BVXGm5aJXz/ZrzqFuZERGPw==
   dependencies:
-    "@docusaurus/mdx-loader" "3.8.0"
-    "@docusaurus/module-type-aliases" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
-    "@docusaurus/utils-common" "3.8.0"
+    "@docusaurus/mdx-loader" "3.8.1"
+    "@docusaurus/module-type-aliases" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
+    "@docusaurus/utils-common" "3.8.1"
     "@types/history" "^4.7.11"
     "@types/react" "*"
     "@types/react-router-config" "*"
@@ -2939,32 +2940,32 @@
     tslib "^2.6.0"
     utility-types "^3.10.0"
 
-"@docusaurus/theme-mermaid@^3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/theme-mermaid/-/theme-mermaid-3.8.0.tgz#f0720ec89fd386870f30978ba984b1b126ca92a5"
-  integrity sha512-ou0NJM37p4xrVuFaZp8qFe5Z/qBq9LuyRTP4KKRa0u2J3zC4f3saBJDgc56FyvvN1OsmU0189KGEPUjTr6hFxg==
+"@docusaurus/theme-mermaid@^3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/theme-mermaid/-/theme-mermaid-3.8.1.tgz#2b73b5e90057bd9fb46f267aeb2d3470b168a7c8"
+  integrity sha512-IWYqjyTPjkNnHsFFu9+4YkeXS7PD1xI3Bn2shOhBq+f95mgDfWInkpfBN4aYvx4fTT67Am6cPtohRdwh4Tidtg==
   dependencies:
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/module-type-aliases" "3.8.0"
-    "@docusaurus/theme-common" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/module-type-aliases" "3.8.1"
+    "@docusaurus/theme-common" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     mermaid ">=11.6.0"
     tslib "^2.6.0"
 
-"@docusaurus/theme-search-algolia@3.8.0", "@docusaurus/theme-search-algolia@^3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.8.0.tgz#21c2f18e07a73d13ca3b44fcf0ae9aac33bef60f"
-  integrity sha512-GBZ5UOcPgiu6nUw153+0+PNWvFKweSnvKIL6Rp04H9olKb475jfKjAwCCtju5D2xs5qXHvCMvzWOg5o9f6DtuQ==
+"@docusaurus/theme-search-algolia@3.8.1", "@docusaurus/theme-search-algolia@^3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.8.1.tgz#3aa3d99c35cc2d4b709fcddd4df875a9b536e29b"
+  integrity sha512-NBFH5rZVQRAQM087aYSRKQ9yGEK9eHd+xOxQjqNpxMiV85OhJDD4ZGz6YJIod26Fbooy54UWVdzNU0TFeUUUzQ==
   dependencies:
     "@docsearch/react" "^3.9.0"
-    "@docusaurus/core" "3.8.0"
-    "@docusaurus/logger" "3.8.0"
-    "@docusaurus/plugin-content-docs" "3.8.0"
-    "@docusaurus/theme-common" "3.8.0"
-    "@docusaurus/theme-translations" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
-    "@docusaurus/utils-validation" "3.8.0"
+    "@docusaurus/core" "3.8.1"
+    "@docusaurus/logger" "3.8.1"
+    "@docusaurus/plugin-content-docs" "3.8.1"
+    "@docusaurus/theme-common" "3.8.1"
+    "@docusaurus/theme-translations" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
+    "@docusaurus/utils-validation" "3.8.1"
     algoliasearch "^5.17.1"
     algoliasearch-helper "^3.22.6"
     clsx "^2.0.0"
@@ -2974,18 +2975,18 @@
     tslib "^2.6.0"
     utility-types "^3.10.0"
 
-"@docusaurus/theme-translations@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/theme-translations/-/theme-translations-3.8.0.tgz#deb64dccab74361624c3cb352a4949a7ac868c74"
-  integrity sha512-1DTy/snHicgkCkryWq54fZvsAglTdjTx4qjOXgqnXJ+DIty1B+aPQrAVUu8LiM+6BiILfmNxYsxhKTj+BS3PZg==
+"@docusaurus/theme-translations@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/theme-translations/-/theme-translations-3.8.1.tgz#4b1d76973eb53861e167c7723485e059ba4ffd0a"
+  integrity sha512-OTp6eebuMcf2rJt4bqnvuwmm3NVXfzfYejL+u/Y1qwKhZPrjPoKWfk1CbOP5xH5ZOPkiAsx4dHdQBRJszK3z2g==
   dependencies:
     fs-extra "^11.1.1"
     tslib "^2.6.0"
 
-"@docusaurus/types@3.8.0", "@docusaurus/types@^3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/types/-/types-3.8.0.tgz#f6cd31c4e3e392e0270b8137d7fe4365ea7a022e"
-  integrity sha512-RDEClpwNxZq02c+JlaKLWoS13qwWhjcNsi2wG1UpzmEnuti/z1Wx4SGpqbUqRPNSd8QWWePR8Cb7DvG0VN/TtA==
+"@docusaurus/types@3.8.1", "@docusaurus/types@^3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/types/-/types-3.8.1.tgz#83ab66c345464e003b576a49f78897482061fc26"
+  integrity sha512-ZPdW5AB+pBjiVrcLuw3dOS6BFlrG0XkS2lDGsj8TizcnREQg3J8cjsgfDviszOk4CweNfwo1AEELJkYaMUuOPg==
   dependencies:
     "@mdx-js/mdx" "^3.0.0"
     "@types/history" "^4.7.11"
@@ -3012,36 +3013,36 @@
     webpack "^5.88.1"
     webpack-merge "^5.9.0"
 
-"@docusaurus/utils-common@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/utils-common/-/utils-common-3.8.0.tgz#2b1a6b1ec4a7fac62f1898d523d42f8cc4a8258f"
-  integrity sha512-3TGF+wVTGgQ3pAc9+5jVchES4uXUAhAt9pwv7uws4mVOxL4alvU3ue/EZ+R4XuGk94pDy7CNXjRXpPjlfZXQfw==
+"@docusaurus/utils-common@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/utils-common/-/utils-common-3.8.1.tgz#c369b8c3041afb7dcd595d4172beb1cc1015c85f"
+  integrity sha512-zTZiDlvpvoJIrQEEd71c154DkcriBecm4z94OzEE9kz7ikS3J+iSlABhFXM45mZ0eN5pVqqr7cs60+ZlYLewtg==
   dependencies:
-    "@docusaurus/types" "3.8.0"
+    "@docusaurus/types" "3.8.1"
     tslib "^2.6.0"
 
-"@docusaurus/utils-validation@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/utils-validation/-/utils-validation-3.8.0.tgz#aa02e9d998e20998fbcaacd94873878bc3b9a4cd"
-  integrity sha512-MrnEbkigr54HkdFeg8e4FKc4EF+E9dlVwsY3XQZsNkbv3MKZnbHQ5LsNJDIKDROFe8PBf5C4qCAg5TPBpsjrjg==
+"@docusaurus/utils-validation@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/utils-validation/-/utils-validation-3.8.1.tgz#0499c0d151a4098a0963237057993282cfbd538e"
+  integrity sha512-gs5bXIccxzEbyVecvxg6upTwaUbfa0KMmTj7HhHzc016AGyxH2o73k1/aOD0IFrdCsfJNt37MqNI47s2MgRZMA==
   dependencies:
-    "@docusaurus/logger" "3.8.0"
-    "@docusaurus/utils" "3.8.0"
-    "@docusaurus/utils-common" "3.8.0"
+    "@docusaurus/logger" "3.8.1"
+    "@docusaurus/utils" "3.8.1"
+    "@docusaurus/utils-common" "3.8.1"
     fs-extra "^11.2.0"
     joi "^17.9.2"
     js-yaml "^4.1.0"
     lodash "^4.17.21"
     tslib "^2.6.0"
 
-"@docusaurus/utils@3.8.0":
-  version "3.8.0"
-  resolved "https://registry.yarnpkg.com/@docusaurus/utils/-/utils-3.8.0.tgz#92bad89d2a11f5f246196af153093b12cd79f9ac"
-  integrity sha512-2wvtG28ALCN/A1WCSLxPASFBFzXCnP0YKCAFIPcvEb6imNu1wg7ni/Svcp71b3Z2FaOFFIv4Hq+j4gD7gA0yfQ==
+"@docusaurus/utils@3.8.1":
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/@docusaurus/utils/-/utils-3.8.1.tgz#2ac1e734106e2f73dbd0f6a8824d525f9064e9f0"
+  integrity sha512-P1ml0nvOmEFdmu0smSXOqTS1sxU5tqvnc0dA4MTKV39kye+bhQnjkIKEE18fNOvxjyB86k8esoCIFM3x4RykOQ==
   dependencies:
-    "@docusaurus/logger" "3.8.0"
-    "@docusaurus/types" "3.8.0"
-    "@docusaurus/utils-common" "3.8.0"
+    "@docusaurus/logger" "3.8.1"
+    "@docusaurus/types" "3.8.1"
+    "@docusaurus/utils-common" "3.8.1"
     escape-string-regexp "^4.0.0"
     execa "5.1.1"
     file-loader "^6.2.0"
@@ -3244,48 +3245,48 @@
   dependencies:
     langium "3.3.1"
 
-"@module-federation/error-codes@0.14.0":
-  version "0.14.0"
-  resolved "https://registry.yarnpkg.com/@module-federation/error-codes/-/error-codes-0.14.0.tgz#d54581bfb998ce9ace4cb33f8795c644e461bfeb"
-  integrity sha512-GGk+EoeSACJikZZyShnLshtq9E2eCrDWbRiB4QAFXCX4oYmGgFfzXlx59vMNwqTKPJWxkEGnPYacJMcr2YYjag==
+"@module-federation/error-codes@0.14.3":
+  version "0.14.3"
+  resolved "https://registry.yarnpkg.com/@module-federation/error-codes/-/error-codes-0.14.3.tgz#e6b5c380240f5650bcf67a1906b22271b891d2c5"
+  integrity sha512-sBJ3XKU9g5Up31jFeXPFsD8AgORV7TLO/cCSMuRewSfgYbG/3vSKLJmfHrO6+PvjZSb9VyV2UaF02ojktW65vw==
 
-"@module-federation/runtime-core@0.14.0":
-  version "0.14.0"
-  resolved "https://registry.yarnpkg.com/@module-federation/runtime-core/-/runtime-core-0.14.0.tgz#a00a3666cc25a8bb822a36552c631e6e3f7326cc"
-  integrity sha512-fGE1Ro55zIFDp/CxQuRhKQ1pJvG7P0qvRm2N+4i8z++2bgDjcxnCKUqDJ8lLD+JfJQvUJf0tuSsJPgevzueD4g==
+"@module-federation/runtime-core@0.14.3":
+  version "0.14.3"
+  resolved "https://registry.yarnpkg.com/@module-federation/runtime-core/-/runtime-core-0.14.3.tgz#434025c1304278e30bbc024aaeab086d80f9e196"
+  integrity sha512-xMFQXflLVW/AJTWb4soAFP+LB4XuhE7ryiLIX8oTyUoBBgV6U2OPghnFljPjeXbud72O08NYlQ1qsHw1kN/V8Q==
   dependencies:
-    "@module-federation/error-codes" "0.14.0"
-    "@module-federation/sdk" "0.14.0"
+    "@module-federation/error-codes" "0.14.3"
+    "@module-federation/sdk" "0.14.3"
 
-"@module-federation/runtime-tools@0.14.0":
-  version "0.14.0"
-  resolved "https://registry.yarnpkg.com/@module-federation/runtime-tools/-/runtime-tools-0.14.0.tgz#f5b5f3d19605b6d7c90ed278dc00a5400f1aa49d"
-  integrity sha512-y/YN0c2DKsLETE+4EEbmYWjqF9G6ZwgZoDIPkaQ9p0pQu0V4YxzWfQagFFxR0RigYGuhJKmSU/rtNoHq+qF8jg==
+"@module-federation/runtime-tools@0.14.3":
+  version "0.14.3"
+  resolved "https://registry.yarnpkg.com/@module-federation/runtime-tools/-/runtime-tools-0.14.3.tgz#fa1414b449cbe5fb6dcbde4ed02c85e0cdcc758b"
+  integrity sha512-QBETX7iMYXdSa3JtqFlYU+YkpymxETZqyIIRiqg0gW+XGpH3jgU68yjrme2NBJp7URQi/CFZG8KWtfClk0Pjgw==
   dependencies:
-    "@module-federation/runtime" "0.14.0"
-    "@module-federation/webpack-bundler-runtime" "0.14.0"
+    "@module-federation/runtime" "0.14.3"
+    "@module-federation/webpack-bundler-runtime" "0.14.3"
 
-"@module-federation/runtime@0.14.0":
-  version "0.14.0"
-  resolved "https://registry.yarnpkg.com/@module-federation/runtime/-/runtime-0.14.0.tgz#e04012d2d928275fd00525904c0b4f8be514dc70"
-  integrity sha512-kR3cyHw/Y64SEa7mh4CHXOEQYY32LKLK75kJOmBroLNLO7/W01hMNAvGBYTedS7hWpVuefPk1aFZioy3q2VLdQ==
+"@module-federation/runtime@0.14.3":
+  version "0.14.3"
+  resolved "https://registry.yarnpkg.com/@module-federation/runtime/-/runtime-0.14.3.tgz#fc9142c093001c67a0fcacaf53d4eb5749e9bbd6"
+  integrity sha512-7ZHpa3teUDVhraYdxQGkfGHzPbjna4LtwbpudgzAxSLLFxLDNanaxCuSeIgSM9c+8sVUNC9kvzUgJEZB0krPJw==
   dependencies:
-    "@module-federation/error-codes" "0.14.0"
-    "@module-federation/runtime-core" "0.14.0"
-    "@module-federation/sdk" "0.14.0"
+    "@module-federation/error-codes" "0.14.3"
+    "@module-federation/runtime-core" "0.14.3"
+    "@module-federation/sdk" "0.14.3"
 
-"@module-federation/sdk@0.14.0":
-  version "0.14.0"
-  resolved "https://registry.yarnpkg.com/@module-federation/sdk/-/sdk-0.14.0.tgz#efa38341b7601f58967397cc630068f69691b931"
-  integrity sha512-lg/OWRsh18hsyTCamOOhEX546vbDiA2O4OggTxxH2wTGr156N6DdELGQlYIKfRdU/0StgtQS81Goc0BgDZlx9A==
+"@module-federation/sdk@0.14.3":
+  version "0.14.3"
+  resolved "https://registry.yarnpkg.com/@module-federation/sdk/-/sdk-0.14.3.tgz#a03e37f1cb018283542cfc66a87e7a37e39cfe1a"
+  integrity sha512-THJZMfbXpqjQOLblCQ8jjcBFFXsGRJwUWE9l/Q4SmuCSKMgAwie7yLT0qSGrHmyBYrsUjAuy+xNB4nfKP0pnGw==
 
-"@module-federation/webpack-bundler-runtime@0.14.0":
-  version "0.14.0"
-  resolved "https://registry.yarnpkg.com/@module-federation/webpack-bundler-runtime/-/webpack-bundler-runtime-0.14.0.tgz#21a82505f95fdb3cb202786f8dc20611b4d7f93c"
-  integrity sha512-POWS6cKBicAAQ3DNY5X7XEUSfOfUsRaBNxbuwEfSGlrkTE9UcWheO06QP2ndHi8tHQuUKcIHi2navhPkJ+k5xg==
+"@module-federation/webpack-bundler-runtime@0.14.3":
+  version "0.14.3"
+  resolved "https://registry.yarnpkg.com/@module-federation/webpack-bundler-runtime/-/webpack-bundler-runtime-0.14.3.tgz#2d6bf63e93f626a2f5e469bc57fb5bcc098fee37"
+  integrity sha512-hIyJFu34P7bY2NeMIUHAS/mYUHEY71VTAsN0A0AqEJFSVPszheopu9VdXq0VDLrP9KQfuXT8SDxeYeJXyj0mgA==
   dependencies:
-    "@module-federation/runtime" "0.14.0"
-    "@module-federation/sdk" "0.14.0"
+    "@module-federation/runtime" "0.14.3"
+    "@module-federation/sdk" "0.14.3"
 
 "@nodelib/fs.scandir@2.1.5":
   version "2.1.5"
@@ -3469,75 +3470,74 @@
     redux-thunk "^2.4.2"
     reselect "^4.1.8"
 
-"@rspack/binding-darwin-arm64@1.3.12":
-  version "1.3.12"
-  resolved "https://registry.yarnpkg.com/@rspack/binding-darwin-arm64/-/binding-darwin-arm64-1.3.12.tgz#2e7cc00b813dcb155572908d956ab1d75d9747a5"
-  integrity sha512-8hKjVTBeWPqkMzFPNWIh72oU9O3vFy3e88wRjMPImDCXBiEYrKqGTTLd/J0SO+efdL3SBD1rX1IvdJpxCv6Yrw==
+"@rspack/binding-darwin-arm64@1.3.15":
+  version "1.3.15"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-darwin-arm64/-/binding-darwin-arm64-1.3.15.tgz#8deb8845dbb6285e40dd329b9ad13fcbaf6be8f4"
+  integrity sha512-f+DnVRENRdVe+ufpZeqTtWAUDSTnP48jVo7x9KWsXf8XyJHUi+eHKEPrFoy1HvL1/k5yJ3HVnFBh1Hb9cNIwSg==
 
-"@rspack/binding-darwin-x64@1.3.12":
-  version "1.3.12"
-  resolved "https://registry.yarnpkg.com/@rspack/binding-darwin-x64/-/binding-darwin-x64-1.3.12.tgz#cb148cc62658d74204621a695e1698cda82877f9"
-  integrity sha512-Sj4m+mCUxL7oCpdu7OmWT7fpBM7hywk5CM9RDc3D7StaBZbvNtNftafCrTZzTYKuZrKmemTh5SFzT5Tz7tf6GA==
+"@rspack/binding-darwin-x64@1.3.15":
+  version "1.3.15"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-darwin-x64/-/binding-darwin-x64-1.3.15.tgz#a7dc05a5d278c2c1fd920987afb0b839311bff89"
+  integrity sha512-TfUvEIBqYUT2OK01BYXb2MNcZeZIhAnJy/5aj0qV0uy4KlvwW63HYcKWa1sFd4Ac7bnGShDkanvP3YEuHOFOyg==
 
-"@rspack/binding-linux-arm64-gnu@1.3.12":
-  version "1.3.12"
-  resolved "https://registry.yarnpkg.com/@rspack/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.3.12.tgz#79820857dfbd3819e0026da507c271531c013d0c"
-  integrity sha512-7MuOxf3/Mhv4mgFdLTvgnt/J+VouNR65DEhorth+RZm3LEWojgoFEphSAMAvpvAOpYSS68Sw4SqsOZi719ia2w==
+"@rspack/binding-linux-arm64-gnu@1.3.15":
+  version "1.3.15"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.3.15.tgz#31a29d4aac66fd92232bccbb2be0273362e1d6f2"
+  integrity sha512-D/YjYk9snKvYm1Elotq8/GsEipB4ZJWVv/V8cZ+ohhFNOPzygENi6JfyI06TryBTQiN0/JDZqt/S9RaWBWnMqw==
 
-"@rspack/binding-linux-arm64-musl@1.3.12":
-  version "1.3.12"
-  resolved "https://registry.yarnpkg.com/@rspack/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.3.12.tgz#a794dfe8df6bf75af217597881592add6f6b046e"
-  integrity sha512-s6KKj20T9Z1bA8caIjU6EzJbwyDo1URNFgBAlafCT2UC6yX7flstDJJ38CxZacA9A2P24RuQK2/jPSZpWrTUFA==
+"@rspack/binding-linux-arm64-musl@1.3.15":
+  version "1.3.15"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.3.15.tgz#f8bdc956f6ef644b1c469d20ecc3849415f3e71b"
+  integrity sha512-lJbBsPMOiR0hYPCSM42yp7QiZjfo0ALtX7ws2wURpsQp3BMfRVAmXU3Ixpo2XCRtG1zj8crHaCmAWOJTS0smsA==
 
-"@rspack/binding-linux-x64-gnu@1.3.12":
-  version "1.3.12"
-  resolved "https://registry.yarnpkg.com/@rspack/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.3.12.tgz#a0e23831a1374d9039a4b29e927cef58a485085c"
-  integrity sha512-0w/sRREYbRgHgWvs2uMEJSLfvzbZkPHUg6CMcYQGNVK6axYRot6jPyKetyFYA9pR5fB5rsXegpnFaZaVrRIK2g==
+"@rspack/binding-linux-x64-gnu@1.3.15":
+  version "1.3.15"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.3.15.tgz#5dd39fd59eb5d3f8e353110f3ed40e00242c73f8"
+  integrity sha512-qGB8ucHklrzNg6lsAS36VrBsCbOw0acgpQNqTE5cuHWrp1Pu3GFTRiFEogenxEmzoRbohMZt0Ev5grivrcgKBQ==
 
-"@rspack/binding-linux-x64-musl@1.3.12":
-  version "1.3.12"
-  resolved "https://registry.yarnpkg.com/@rspack/binding-linux-x64-musl/-/binding-linux-x64-musl-1.3.12.tgz#61620efda6a6805689890c130e6b38c1725baaf4"
-  integrity sha512-jEdxkPymkRxbijDRsBGdhopcbGXiXDg59lXqIRkVklqbDmZ/O6DHm7gImmlx5q9FoWbz0gqJuOKBz4JqWxjWVA==
+"@rspack/binding-linux-x64-musl@1.3.15":
+  version "1.3.15"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-linux-x64-musl/-/binding-linux-x64-musl-1.3.15.tgz#32c2bb197568cca841a26ecea019590bc0e2ce56"
+  integrity sha512-qRn6e40fLQP+N2rQD8GAj/h4DakeTIho32VxTIaHRVuzw68ZD7VmKkwn55ssN370ejmey35ZdoNFNE12RBrMZA==
 
-"@rspack/binding-win32-arm64-msvc@1.3.12":
-  version "1.3.12"
-  resolved "https://registry.yarnpkg.com/@rspack/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.3.12.tgz#46d874df8bd5b84e82ea83480969f7e0293ccd82"
-  integrity sha512-ZRvUCb3TDLClAqcTsl/o9UdJf0B5CgzAxgdbnYJbldyuyMeTUB4jp20OfG55M3C2Nute2SNhu2bOOp9Se5Ongw==
+"@rspack/binding-win32-arm64-msvc@1.3.15":
+  version "1.3.15"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.3.15.tgz#75c1b04d2ea08b49f480825ad57d8ca82acaf6d9"
+  integrity sha512-7uJ7dWhO1nWXJiCss6Rslz8hoAxAhFpwpbWja3eHgRb7O4NPHg6MWw63AQSI2aFVakreenfu9yXQqYfpVWJ2dA==
 
-"@rspack/binding-win32-ia32-msvc@1.3.12":
-  version "1.3.12"
-  resolved "https://registry.yarnpkg.com/@rspack/binding-win32-ia32-msvc/-/binding-win32-ia32-msvc-1.3.12.tgz#fec435e31e56f3d58b4fa52746643d1d593b2b89"
-  integrity sha512-1TKPjuXStPJr14f3ZHuv40Xc/87jUXx10pzVtrPnw+f3hckECHrbYU/fvbVzZyuXbsXtkXpYca6ygCDRJAoNeQ==
+"@rspack/binding-win32-ia32-msvc@1.3.15":
+  version "1.3.15"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-win32-ia32-msvc/-/binding-win32-ia32-msvc-1.3.15.tgz#56093d8818d68cd270ba63bddffd38dbd50957f7"
+  integrity sha512-UsaWTYCjDiSCB0A0qETgZk4QvhwfG8gCrO4SJvA+QSEWOmgSai1YV70prFtLLIiyT9mDt1eU3tPWl1UWPRU/EQ==
 
-"@rspack/binding-win32-x64-msvc@1.3.12":
-  version "1.3.12"
-  resolved "https://registry.yarnpkg.com/@rspack/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.3.12.tgz#33b73cbab75920cf8a92e7245a794970f8508b6c"
-  integrity sha512-lCR0JfnYKpV+a6r2A2FdxyUKUS4tajePgpPJN5uXDgMGwrDtRqvx+d0BHhwjFudQVJq9VVbRaL89s2MQ6u+xYw==
+"@rspack/binding-win32-x64-msvc@1.3.15":
+  version "1.3.15"
+  resolved "https://registry.yarnpkg.com/@rspack/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.3.15.tgz#eb404ff76ea9da045173e6efccc6b7f276fd6960"
+  integrity sha512-ZnDIc9Es8EF94MirPDN+hOMt7tkb8nMEbRJFKLMmNd0ElNPgsql+1cY5SqyGRH1hsKB87KfSUQlhFiKZvzbfIg==
 
-"@rspack/binding@1.3.12":
-  version "1.3.12"
-  resolved "https://registry.yarnpkg.com/@rspack/binding/-/binding-1.3.12.tgz#0a8356fdbd89f08cda3e9bb8aff4ea781dfe972e"
-  integrity sha512-4Ic8lV0+LCBfTlH5aIOujIRWZOtgmG223zC4L3o8WY/+ESAgpdnK6lSSMfcYgRanYLAy3HOmFIp20jwskMpbAg==
+"@rspack/binding@1.3.15":
+  version "1.3.15"
+  resolved "https://registry.yarnpkg.com/@rspack/binding/-/binding-1.3.15.tgz#535fa1f14d173fb72a2d8bb7df10906827e77185"
+  integrity sha512-utNPuJglLO5lW9XbwIqjB7+2ilMo6JkuVLTVdnNVKU94FW7asn9F/qV+d+MgjUVqU1QPCGm0NuGO9xhbgeJ7pg==
   optionalDependencies:
-    "@rspack/binding-darwin-arm64" "1.3.12"
-    "@rspack/binding-darwin-x64" "1.3.12"
-    "@rspack/binding-linux-arm64-gnu" "1.3.12"
-    "@rspack/binding-linux-arm64-musl" "1.3.12"
-    "@rspack/binding-linux-x64-gnu" "1.3.12"
-    "@rspack/binding-linux-x64-musl" "1.3.12"
-    "@rspack/binding-win32-arm64-msvc" "1.3.12"
-    "@rspack/binding-win32-ia32-msvc" "1.3.12"
-    "@rspack/binding-win32-x64-msvc" "1.3.12"
+    "@rspack/binding-darwin-arm64" "1.3.15"
+    "@rspack/binding-darwin-x64" "1.3.15"
+    "@rspack/binding-linux-arm64-gnu" "1.3.15"
+    "@rspack/binding-linux-arm64-musl" "1.3.15"
+    "@rspack/binding-linux-x64-gnu" "1.3.15"
+    "@rspack/binding-linux-x64-musl" "1.3.15"
+    "@rspack/binding-win32-arm64-msvc" "1.3.15"
+    "@rspack/binding-win32-ia32-msvc" "1.3.15"
+    "@rspack/binding-win32-x64-msvc" "1.3.15"
 
-"@rspack/core@^1.3.10":
-  version "1.3.12"
-  resolved "https://registry.yarnpkg.com/@rspack/core/-/core-1.3.12.tgz#68df0111cfac7e8f9dfa11a608ac8731181b5483"
-  integrity sha512-mAPmV4LPPRgxpouUrGmAE4kpF1NEWJGyM5coebsjK/zaCMSjw3mkdxiU2b5cO44oIi0Ifv5iGkvwbdrZOvMyFA==
+"@rspack/core@^1.3.15":
+  version "1.3.15"
+  resolved "https://registry.yarnpkg.com/@rspack/core/-/core-1.3.15.tgz#22bce959aa386c3f38021af6ee6a94339896ffd2"
+  integrity sha512-QuElIC8jXSKWAp0LSx18pmbhA7NiA5HGoVYesmai90UVxz98tud0KpMxTVCg+0lrLrnKZfCWN9kwjCxM5pGnrA==
   dependencies:
-    "@module-federation/runtime-tools" "0.14.0"
-    "@rspack/binding" "1.3.12"
+    "@module-federation/runtime-tools" "0.14.3"
+    "@rspack/binding" "1.3.15"
     "@rspack/lite-tapable" "1.0.1"
-    caniuse-lite "^1.0.30001718"
 
 "@rspack/lite-tapable@1.0.1":
   version "1.0.1"
@@ -5163,7 +5163,7 @@ browserslist@^4.0.0, browserslist@^4.21.10, browserslist@^4.22.2, browserslist@^
     node-releases "^2.0.14"
     update-browserslist-db "^1.0.16"
 
-browserslist@^4.24.0, browserslist@^4.24.2, browserslist@^4.24.4, browserslist@^4.24.5:
+browserslist@^4.24.0, browserslist@^4.24.2, browserslist@^4.24.4:
   version "4.24.5"
   resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.24.5.tgz#aa0f5b8560fe81fde84c6dcb38f759bafba0e11b"
   integrity sha512-FDToo4Wo82hIdgc1CQ+NQD0hEhmpPjrZ3hiUgwgOG6IuTdlpr8jdjyG24P6cNP1yJpTLzS5OcGgSw0xmDU1/Tw==
@@ -5173,6 +5173,16 @@ browserslist@^4.24.0, browserslist@^4.24.2, browserslist@^4.24.4, browserslist@^
     node-releases "^2.0.19"
     update-browserslist-db "^1.1.3"
 
+browserslist@^4.25.0:
+  version "4.25.0"
+  resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.25.0.tgz#986aa9c6d87916885da2b50d8eb577ac8d133b2c"
+  integrity sha512-PJ8gYKeS5e/whHBh8xrwYK+dAvEj7JXtz6uTucnMRB8OiGTsKccFekoRrjajPBHV8oOY+2tI4uxeceSimKwMFA==
+  dependencies:
+    caniuse-lite "^1.0.30001718"
+    electron-to-chromium "^1.5.160"
+    node-releases "^2.0.19"
+    update-browserslist-db "^1.1.3"
+
 buffer-crc32@~0.2.3:
   version "0.2.13"
   resolved "https://registry.yarnpkg.com/buffer-crc32/-/buffer-crc32-0.2.13.tgz#0d333e3f00eac50aa1454abd30ef8c2a5d9a7242"
@@ -5445,7 +5455,7 @@ ci-info@^3.2.0:
   resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-3.9.0.tgz#4279a62028a7b1f262f3473fc9605f5e218c59b4"
   integrity sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==
 
-clean-css@^5.2.2, clean-css@^5.3.2, clean-css@~5.3.2:
+clean-css@^5.2.2, clean-css@^5.3.3, clean-css@~5.3.2:
   version "5.3.3"
   resolved "https://registry.yarnpkg.com/clean-css/-/clean-css-5.3.3.tgz#b330653cd3bd6b75009cc25c714cae7b93351ccd"
   integrity sha512-D5J+kHaVb/wKSFcyyV75uCn8fiY4sV38XJoe4CUyGQ+mOU/fMVYUdH1hJC+CJQ5uY3EnW27SbJYS4X8BiLrAFg==
@@ -5834,7 +5844,7 @@ css-has-pseudo@^7.0.2:
     postcss-selector-parser "^7.0.0"
     postcss-value-parser "^4.2.0"
 
-css-loader@^6.8.1:
+css-loader@^6.11.0:
   version "6.11.0"
   resolved "https://registry.yarnpkg.com/css-loader/-/css-loader-6.11.0.tgz#33bae3bf6363d0a7c2cf9031c96c744ff54d85ba"
   integrity sha512-CTJ+AEQJjq5NzLga5pE39qdiSV56F8ywCIsqNIRF0r7BDgWsN25aazToqAFg7ZrtA/U016xudB3ffgweORxX7g==
@@ -6665,6 +6675,11 @@ electron-to-chromium@^1.5.149:
   resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.158.tgz#e5f01fc7fdf810d9d223e30593e0839c306276d4"
   integrity sha512-9vcp2xHhkvraY6AHw2WMi+GDSLPX42qe2xjYaVoZqFRJiOcilVQFq9mZmpuHEQpzlgGDelKlV7ZiGcmMsc8WxQ==
 
+electron-to-chromium@^1.5.160:
+  version "1.5.172"
+  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.172.tgz#fe1d99028d8d6321668d0f1fed61d99ac896259c"
+  integrity sha512-fnKW9dGgmBfsebbYognQSv0CGGLFH1a5iV9EDYTBwmAQn+whbzHbLFlC+3XbHc8xaNtpO0etm8LOcRXs1qMRkQ==
+
 emoji-regex@^8.0.0:
   version "8.0.0"
   resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37"
@@ -10053,7 +10068,7 @@ mimic-response@^4.0.0:
   resolved "https://registry.yarnpkg.com/mimic-response/-/mimic-response-4.0.0.tgz#35468b19e7c75d10f5165ea25e75a5ceea7cf70f"
   integrity sha512-e5ISH9xMYU0DzrT+jl8q2ze9D6eWBto+I8CNpe+VI+K2J/F/k3PdkdTdz4wvGVH4NTpo+NRYTVIuMQEMMcsLqg==
 
-mini-css-extract-plugin@^2.9.1:
+mini-css-extract-plugin@^2.9.2:
   version "2.9.2"
   resolved "https://registry.yarnpkg.com/mini-css-extract-plugin/-/mini-css-extract-plugin-2.9.2.tgz#966031b468917a5446f4c24a80854b2947503c5b"
   integrity sha512-GJuACcS//jtq4kCtd5ii/M0SZf7OZRH+BxdqXZHaJfb8TJiVl+NgQRPwiYt2EuqeSkNydn/7vP+bcE27C5mb9w==
@@ -10159,6 +10174,11 @@ mz@^2.7.0:
     object-assign "^4.0.1"
     thenify-all "^1.0.0"
 
+nanoid@^3.3.11:
+  version "3.3.11"
+  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.11.tgz#4f4f112cefbe303202f2199838128936266d185b"
+  integrity sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==
+
 nanoid@^3.3.7:
   version "3.3.8"
   resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.8.tgz#b1be3030bee36aaff18bacb375e5cce521684baf"
@@ -10842,10 +10862,10 @@ postcss-custom-media@^11.0.6:
     "@csstools/css-tokenizer" "^3.0.4"
     "@csstools/media-query-list-parser" "^4.0.3"
 
-postcss-custom-properties@^14.0.5:
-  version "14.0.5"
-  resolved "https://registry.yarnpkg.com/postcss-custom-properties/-/postcss-custom-properties-14.0.5.tgz#a180444de695f6e11ee2390be93ff6537663e86c"
-  integrity sha512-UWf/vhMapZatv+zOuqlfLmYXeOhhHLh8U8HAKGI2VJ00xLRYoAJh4xv8iX6FB6+TLXeDnm0DBLMi00E0hodbQw==
+postcss-custom-properties@^14.0.6:
+  version "14.0.6"
+  resolved "https://registry.yarnpkg.com/postcss-custom-properties/-/postcss-custom-properties-14.0.6.tgz#1af73a650bf115ba052cf915287c9982825fc90e"
+  integrity sha512-fTYSp3xuk4BUeVhxCSJdIPhDLpJfNakZKoiTDx7yRGCdlZrSJR7mWKVOBS4sBF+5poPQFMj2YdXx1VHItBGihQ==
   dependencies:
     "@csstools/cascade-layer-name-parser" "^2.0.5"
     "@csstools/css-parser-algorithms" "^3.0.5"
@@ -10973,7 +10993,7 @@ postcss-load-config@^4.0.1:
     lilconfig "^3.0.0"
     yaml "^2.3.4"
 
-postcss-loader@^7.3.3:
+postcss-loader@^7.3.4:
   version "7.3.4"
   resolved "https://registry.yarnpkg.com/postcss-loader/-/postcss-loader-7.3.4.tgz#aed9b79ce4ed7e9e89e56199d25ad1ec8f606209"
   integrity sha512-iW5WTTBSC5BfsBJ9daFMPVrLT36MrNiC6fqOZTTaHjBNX6Pfd5p+hSBqe/fEeNd7pc13QiAyGt7VdGMw4eRC4A==
@@ -11082,12 +11102,12 @@ postcss-nested@^6.0.1:
   dependencies:
     postcss-selector-parser "^6.0.11"
 
-postcss-nesting@^13.0.1:
-  version "13.0.1"
-  resolved "https://registry.yarnpkg.com/postcss-nesting/-/postcss-nesting-13.0.1.tgz#c405796d7245a3e4c267a9956cacfe9670b5d43e"
-  integrity sha512-VbqqHkOBOt4Uu3G8Dm8n6lU5+9cJFxiuty9+4rcoyRPO9zZS1JIs6td49VIoix3qYqELHlJIn46Oih9SAKo+yQ==
+postcss-nesting@^13.0.2:
+  version "13.0.2"
+  resolved "https://registry.yarnpkg.com/postcss-nesting/-/postcss-nesting-13.0.2.tgz#fde0d4df772b76d03b52eccc84372e8d1ca1402e"
+  integrity sha512-1YCI290TX+VP0U/K/aFxzHzQWHWURL+CtHMSbex1lCdpXD1SoR2sYuxDu5aNI9lPoXpKTCggFZiDJbwylU0LEQ==
   dependencies:
-    "@csstools/selector-resolve-nested" "^3.0.0"
+    "@csstools/selector-resolve-nested" "^3.1.0"
     "@csstools/selector-specificity" "^5.0.0"
     postcss-selector-parser "^7.0.0"
 
@@ -11185,10 +11205,10 @@ postcss-place@^10.0.0:
   dependencies:
     postcss-value-parser "^4.2.0"
 
-postcss-preset-env@^10.1.0:
-  version "10.2.0"
-  resolved "https://registry.yarnpkg.com/postcss-preset-env/-/postcss-preset-env-10.2.0.tgz#ea95a6fc70efb1a26f81e5cf0ccdb321a3439b6e"
-  integrity sha512-cl13sPBbSqo1Q7Ryb19oT5NZO5IHFolRbIMdgDq4f9w1MHYiL6uZS7uSsjXJ1KzRIcX5BMjEeyxmAevVXENa3Q==
+postcss-preset-env@^10.2.1:
+  version "10.2.3"
+  resolved "https://registry.yarnpkg.com/postcss-preset-env/-/postcss-preset-env-10.2.3.tgz#3a84bde7205b48f1304a656b25841bd3f40fb3cb"
+  integrity sha512-zlQN1yYmA7lFeM1wzQI14z97mKoM8qGng+198w1+h6sCud/XxOjcKtApY9jWr7pXNS3yHDEafPlClSsWnkY8ow==
   dependencies:
     "@csstools/postcss-cascade-layers" "^5.0.1"
     "@csstools/postcss-color-function" "^4.0.10"
@@ -11202,7 +11222,7 @@ postcss-preset-env@^10.1.0:
     "@csstools/postcss-hwb-function" "^4.0.10"
     "@csstools/postcss-ic-unit" "^4.0.2"
     "@csstools/postcss-initial" "^2.0.1"
-    "@csstools/postcss-is-pseudo-class" "^5.0.1"
+    "@csstools/postcss-is-pseudo-class" "^5.0.3"
     "@csstools/postcss-light-dark-function" "^2.0.9"
     "@csstools/postcss-logical-float-and-clear" "^3.0.0"
     "@csstools/postcss-logical-overflow" "^2.0.0"
@@ -11224,7 +11244,7 @@ postcss-preset-env@^10.1.0:
     "@csstools/postcss-trigonometric-functions" "^4.0.9"
     "@csstools/postcss-unset-value" "^4.0.0"
     autoprefixer "^10.4.21"
-    browserslist "^4.24.5"
+    browserslist "^4.25.0"
     css-blank-pseudo "^7.0.1"
     css-has-pseudo "^7.0.2"
     css-prefers-color-scheme "^10.0.0"
@@ -11235,7 +11255,7 @@ postcss-preset-env@^10.1.0:
     postcss-color-hex-alpha "^10.0.0"
     postcss-color-rebeccapurple "^10.0.0"
     postcss-custom-media "^11.0.6"
-    postcss-custom-properties "^14.0.5"
+    postcss-custom-properties "^14.0.6"
     postcss-custom-selectors "^8.0.5"
     postcss-dir-pseudo-class "^9.0.1"
     postcss-double-position-gradients "^6.0.2"
@@ -11246,7 +11266,7 @@ postcss-preset-env@^10.1.0:
     postcss-image-set-function "^7.0.0"
     postcss-lab-function "^7.0.10"
     postcss-logical "^8.1.0"
-    postcss-nesting "^13.0.1"
+    postcss-nesting "^13.0.2"
     postcss-opacity-percentage "^3.0.0"
     postcss-overflow-shorthand "^6.0.0"
     postcss-page-break "^3.0.4"
@@ -11344,7 +11364,7 @@ postcss-zindex@^6.0.2:
   resolved "https://registry.yarnpkg.com/postcss-zindex/-/postcss-zindex-6.0.2.tgz#e498304b83a8b165755f53db40e2ea65a99b56e1"
   integrity sha512-5BxW9l1evPB/4ZIc+2GobEBoKC+h8gPGCMi+jxsYvd2x0mjq7wazk6DrP71pStqxE9Foxh5TVnonbWpFZzXaYg==
 
-postcss@^8.4.21, postcss@^8.4.23, postcss@^8.4.24, postcss@^8.4.26, postcss@^8.4.31, postcss@^8.4.33, postcss@^8.4.38:
+postcss@^8.4.21, postcss@^8.4.23, postcss@^8.4.24, postcss@^8.4.31, postcss@^8.4.33:
   version "8.4.38"
   resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.38.tgz#b387d533baf2054288e337066d81c6bee9db9e0e"
   integrity sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A==
@@ -11353,6 +11373,15 @@ postcss@^8.4.21, postcss@^8.4.23, postcss@^8.4.24, postcss@^8.4.26, postcss@^8.4
     picocolors "^1.0.0"
     source-map-js "^1.2.0"
 
+postcss@^8.5.4:
+  version "8.5.6"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.5.6.tgz#2825006615a619b4f62a9e7426cc120b349a8f3c"
+  integrity sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==
+  dependencies:
+    nanoid "^3.3.11"
+    picocolors "^1.1.1"
+    source-map-js "^1.2.1"
+
 postman-code-generators@^1.10.1:
   version "1.10.1"
   resolved "https://registry.yarnpkg.com/postman-code-generators/-/postman-code-generators-1.10.1.tgz#5d8d8500616b2bb0cac7417e923c36b2e73cbffe"
@@ -12682,6 +12711,11 @@ sort-css-media-queries@2.2.0:
   resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-1.2.0.tgz#16b809c162517b5b8c3e7dcd315a2a5c2612b2af"
   integrity sha512-itJW8lvSA0TXEphiRoawsCksnlf8SyvmFzIhltqAHluXd88pkCd+cXJVHTDwdCr0IzwptSm035IHQktUu1QUMg==
 
+source-map-js@^1.2.1:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-1.2.1.tgz#1ce5650fddd87abc099eda37dcff024c2667ae46"
+  integrity sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==
+
 source-map-support@~0.5.20:
   version "0.5.21"
   resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.21.tgz#04fe7c7f9e1ed2d662233c28cb2b35b9f63f6e4f"

From 5da5ccda5ced787f28addbc88f087082e2fd1a39 Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Wed, 25 Jun 2025 16:53:40 +0200
Subject: [PATCH 103/123] fix: correct user v2 api docs for v3 (#10112)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# Which Problems Are Solved

As documentation is published from the main branch and the releases get
created from another branch, they are not always correctly equal.

# How the Problems Are Solved

Remove the unnecessary changes in the documentation for now, and create
a second PR which can then be used to update the documentation.

# Additional Changes

Correct integration tests which also use the endpoints.

# Additional Context

Closes #10083

---------

Co-authored-by: Fabienne Bühler <fabienne@zitadel.com>
---
 proto/zitadel/management.proto           |  44 +-
 proto/zitadel/user/v2/user_service.proto | 544 ++++++++++-------------
 2 files changed, 240 insertions(+), 348 deletions(-)

diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto
index 8cd0b22759..d633fbe8c5 100644
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -493,8 +493,6 @@ service ManagementService {
 
     // Create User (Machine)
     //
-    // Deprecated: use [user service v2 CreateUser](apis/resources/user_service_v2/user-service-create-user.api.mdx) to create a user of type machine instead.
-    //
     // Create a new user with the type machine for your API, service or device. These users are used for non-interactive authentication flows.
     rpc AddMachineUser(AddMachineUserRequest) returns (AddMachineUserResponse) {
         option (google.api.http) = {
@@ -507,7 +505,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -693,8 +690,6 @@ service ManagementService {
 
     // Change user name
     //
-    // Deprecated: use [user service v2 UpdateUser](apis/resources/user_service_v2/user-service-update-user.api.mdx) instead.
-    //
     // Change the username of the user. Be aware that the user has to log in with the newly added username afterward
     rpc UpdateUserName(UpdateUserNameRequest) returns (UpdateUserNameResponse) {
         option (google.api.http) = {
@@ -708,7 +703,6 @@ service ManagementService {
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Users";
-            deprecated: true;
             responses: {
                 key: "200"
                 value: {
@@ -1124,8 +1118,6 @@ service ManagementService {
 
     // Update User Phone (Human)
     //
-    // Deprecated: use [user service v2 SetPhone](apis/resources/user_service_v2/user-service-update-user.api.mdx) instead.
-    //
     // Change the phone number of a user. If the state is set to not verified, the user will get an SMS to verify (if a notification provider is configured). The phone number is only for informational purposes and to send messages, not for Authentication (2FA).
     rpc UpdateHumanPhone(UpdateHumanPhoneRequest) returns (UpdateHumanPhoneResponse) {
         option (google.api.http) = {
@@ -1140,7 +1132,6 @@ service ManagementService {
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
             tags: "Users";
             tags: "User Human";
-            deprecated: true;
             responses: {
                 key: "200"
                 value: {
@@ -1656,8 +1647,6 @@ service ManagementService {
 
     // Update Machine User
     //
-    // Deprecated: use [user service v2 UpdateUser](apis/resources/user_service_v2/user-service-update-user.api.mdx) to update a user of type machine instead.
-    //
     // Change a service account/machine user. It is used for accounts with non-interactive authentication possibilities.
     rpc UpdateMachine(UpdateMachineRequest) returns (UpdateMachineResponse) {
         option (google.api.http) = {
@@ -1670,7 +1659,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1692,8 +1680,6 @@ service ManagementService {
 
     // Create Secret for Machine User
     //
-    // Deprecated: use [user service v2 AddSecret](apis/resources/user_service_v2/user-service-add-secret.api.mdx) instead.
-    //
     // Create a new secret for a machine user/service account. It is used to authenticate the user (client credential grant).
     rpc GenerateMachineSecret(GenerateMachineSecretRequest) returns (GenerateMachineSecretResponse) {
         option (google.api.http) = {
@@ -1706,7 +1692,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1728,8 +1713,6 @@ service ManagementService {
 
     // Delete Secret of Machine User
     //
-    // Deprecated: use [user service v2 RemoveSecret](apis/resources/user_service_v2/user-service-remove-secret.api.mdx) instead.
-    //
     // Delete a secret of a machine user/service account. The user will not be able to authenticate with the secret afterward.
     rpc RemoveMachineSecret(RemoveMachineSecretRequest) returns (RemoveMachineSecretResponse) {
         option (google.api.http) = {
@@ -1741,7 +1724,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1763,8 +1745,6 @@ service ManagementService {
 
     // Get Machine user Key By ID
     //
-    // Deprecated: use [user service v2 ListKeys](apis/resources/user_service_v2/user-service-list-keys.api.mdx) instead.
-    //
     // Get a specific Key of a machine user by its id. Machine keys are used to authenticate with jwt profile authentication.
     rpc GetMachineKeyByIDs(GetMachineKeyByIDsRequest) returns (GetMachineKeyByIDsResponse) {
         option (google.api.http) = {
@@ -1776,7 +1756,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1796,9 +1775,7 @@ service ManagementService {
         };
     }
 
-    // Get Machine user Key By ID
-    //
-    // Deprecated: use [user service v2 ListKeys](apis/resources/user_service_v2/user-service-list-keys.api.mdx) instead.
+    // List Machine Keys
     //
     // Get the list of keys of a machine user. Machine keys are used to authenticate with jwt profile authentication.
     rpc ListMachineKeys(ListMachineKeysRequest) returns (ListMachineKeysResponse) {
@@ -1812,7 +1789,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1834,8 +1810,6 @@ service ManagementService {
 
     // Create Key for machine user
     //
-    // Deprecated: use [user service v2 AddKey](apis/resources/user_service_v2/user-service-add-key.api.mdx) instead.
-    //
     // If a public key is not supplied, a new key is generated and will be returned in the response.
     // Make sure to store the returned key.
     // If an RSA public key is supplied, the private key is omitted from the response.
@@ -1851,7 +1825,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1873,8 +1846,6 @@ service ManagementService {
 
     // Delete Key for machine user
     //
-    // Deprecated: use [user service v2 RemoveKey](apis/resources/user_service_v2/user-service-remove-key.api.mdx) instead.
-    //
     // Delete a specific key from a user.
     // The user will not be able to authenticate with that key afterward.
     rpc RemoveMachineKey(RemoveMachineKeyRequest) returns (RemoveMachineKeyResponse) {
@@ -1887,7 +1858,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1909,8 +1879,6 @@ service ManagementService {
 
     // Get Personal-Access-Token (PAT) by ID
     //
-    // Deprecated: use [user service v2 ListPersonalAccessTokens](apis/resources/user_service_v2/user-service-list-personal-access-tokens.api.mdx) instead.
-    //
     // Returns the PAT for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header.
     rpc GetPersonalAccessTokenByIDs(GetPersonalAccessTokenByIDsRequest) returns (GetPersonalAccessTokenByIDsResponse) {
         option (google.api.http) = {
@@ -1922,7 +1890,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1944,8 +1911,6 @@ service ManagementService {
 
     // List Personal-Access-Tokens (PATs)
     //
-    // Deprecated: use [user service v2 ListPersonalAccessTokens](apis/resources/user_service_v2/user-service-list-personal-access-tokens.api.mdx) instead.
-    //
     // Returns a list of PATs for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header.
     rpc ListPersonalAccessTokens(ListPersonalAccessTokensRequest) returns (ListPersonalAccessTokensResponse) {
         option (google.api.http) = {
@@ -1958,7 +1923,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -1980,8 +1944,6 @@ service ManagementService {
 
     // Create a Personal-Access-Token (PAT)
     //
-    // Deprecated: use [user service v2 AddPersonalAccessToken](apis/resources/user_service_v2/user-service-add-personal-access-token.api.mdx) instead.
-    //
     // Generates a new PAT for the user. Currently only available for machine users.
     // The token will be returned in the response, make sure to store it.
     // PATs are ready-to-use tokens and can be sent directly in the authentication header.
@@ -1996,7 +1958,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
@@ -2018,8 +1979,6 @@ service ManagementService {
 
     // Remove a Personal-Access-Token (PAT) by ID
     //
-    // Deprecated: use [user service v2 RemovePersonalAccessToken](apis/resources/user_service_v2/user-service-remove-personal-access-token.api.mdx) instead.
-    //
     // Delete a PAT from a user. Afterward, the user will not be able to authenticate with that token anymore.
     rpc RemovePersonalAccessToken(RemovePersonalAccessTokenRequest) returns (RemovePersonalAccessTokenResponse) {
         option (google.api.http) = {
@@ -2031,7 +1990,6 @@ service ManagementService {
         };
 
         option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-            deprecated: true;
             tags: "Users";
             tags: "User Machine";
             responses: {
diff --git a/proto/zitadel/user/v2/user_service.proto b/proto/zitadel/user/v2/user_service.proto
index a416555905..79f66266bc 100644
--- a/proto/zitadel/user/v2/user_service.proto
+++ b/proto/zitadel/user/v2/user_service.proto
@@ -133,13 +133,6 @@ service UserService {
   // Required permission:
   //   - user.write
   rpc CreateUser (CreateUserRequest) returns (CreateUserResponse) {
-    option (google.api.http) = {
-      // The /new path segment does not follow Zitadels API design.
-      // The only reason why it is used here is to avoid a conflict with the ListUsers endpoint, which already handles POST /v2/users.
-      post: "/v2/users/new"
-      body: "*"
-    };
-
     option (zitadel.protoc_gen_zitadel.v2.options) = {
       auth_option: {
         permission: "authenticated"
@@ -169,8 +162,6 @@ service UserService {
 
   // Create a new human user
   //
-  // Deprecated: Use [CreateUser](apis/resources/user_service_v2/user-service-create-user.api.mdx) to create a new user of type human instead.
-  //
   // Create/import a new user with the type human. The newly created user will get a verification email if either the email address is not marked as verified and you did not request the verification to be returned.
   rpc AddHumanUser (AddHumanUserRequest) returns (AddHumanUserResponse) {
     option (google.api.http) = {
@@ -189,7 +180,6 @@ service UserService {
     };
 
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      deprecated: true;
       responses: {
         key: "200"
         value: {
@@ -270,8 +260,6 @@ service UserService {
 
   // Change the user email
   //
-  // Deprecated: [Update the users email field](apis/resources/user_service_v2/user-service-update-user.api.mdx).
-  //
   // Change the email address of a user. If the state is set to not verified, a verification code will be generated, which can be either returned or sent to the user by email..
   rpc SetEmail (SetEmailRequest) returns (SetEmailResponse) {
     option (google.api.http) = {
@@ -286,7 +274,6 @@ service UserService {
     };
 
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      deprecated: true;
       responses: {
         key: "200"
         value: {
@@ -393,8 +380,6 @@ service UserService {
 
   // Set the user phone
   //
-  // Deprecated: [Update the users phone field](apis/resources/user_service_v2/user-service-update-user.api.mdx).
-  //
   // Set the phone number of a user. If the state is set to not verified, a verification code will be generated, which can be either returned or sent to the user by sms..
   rpc SetPhone(SetPhoneRequest) returns (SetPhoneResponse) {
     option (google.api.http) = {
@@ -409,7 +394,6 @@ service UserService {
     };
 
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      deprecated: true;
       responses: {
         key: "200"
         value: {
@@ -427,8 +411,6 @@ service UserService {
 
   // Delete the user phone
   //
-  // Deprecated: [Update the users phone field](apis/resources/user_service_v2/user-service-update-user.api.mdx) to remove the phone number.
-  //
   // Delete the phone number of a user.
   rpc RemovePhone(RemovePhoneRequest) returns (RemovePhoneResponse) {
     option (google.api.http) = {
@@ -443,7 +425,6 @@ service UserService {
     };
 
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      deprecated: true;
       responses: {
         key: "200"
         value: {
@@ -519,7 +500,6 @@ service UserService {
     };
   }
 
-
   // Update a User
   //
   // Partially update an existing user.
@@ -529,10 +509,6 @@ service UserService {
   // Required permission:
   //   - user.write
   rpc UpdateUser(UpdateUserRequest) returns (UpdateUserResponse) {
-    option (google.api.http) = {
-      patch: "/v2/users/{user_id}"
-      body: "*"
-    };
 
     option (zitadel.protoc_gen_zitadel.v2.options) = {
       auth_option: {
@@ -574,8 +550,6 @@ service UserService {
 
   // Update Human User
   //
-  // Deprecated: Use [UpdateUser](apis/resources/user_service_v2/user-service-update-user.api.mdx) to update a user of type human instead.
-  //
   // Update all information from a user..
   rpc UpdateHumanUser(UpdateHumanUserRequest) returns (UpdateHumanUserResponse) {
     option (google.api.http) = {
@@ -590,7 +564,6 @@ service UserService {
     };
 
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      deprecated: true;
       responses: {
         key: "200"
         value: {
@@ -1378,8 +1351,6 @@ service UserService {
 
   // Change password
   //
-  // Deprecated: [Update the users password](apis/resources/user_service_v2/user-service-update-user.api.mdx) instead.
-  //
   // Change the password of a user with either a verification code or the current password..
   rpc SetPassword (SetPasswordRequest) returns (SetPasswordResponse) {
     option (google.api.http) = {
@@ -1394,7 +1365,6 @@ service UserService {
     };
 
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      deprecated: true;
       responses: {
         key: "200"
         value: {
@@ -1410,6 +1380,245 @@ service UserService {
     };
   }
 
+
+  // Add a Users Secret
+  //
+  // Generates a client secret for the user.
+  // The client id is the users username.
+  // If the user already has a secret, it is overwritten.
+  // Only users of type machine can have a secret.
+  //
+  // Required permission:
+  //   - user.write
+  rpc AddSecret(AddSecretRequest) returns (AddSecretResponse) {
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "The secret was successfully generated.";
+        }
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The user ID does not exist.";
+          schema: {
+            json_schema: {
+              ref: "#/definitions/rpcStatus";
+            };
+          };
+        }
+      };
+    };
+  }
+
+  // Remove a Users Secret
+  //
+  // Remove the current client ID and client secret from a machine user.
+  //
+  // Required permission:
+  //   - user.write
+  rpc RemoveSecret(RemoveSecretRequest) returns (RemoveSecretResponse) {
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "The secret was either successfully removed or it didn't exist in the first place.";
+        }
+      };
+    };
+  }
+
+  // Add a Key
+  //
+  // Add a keys that can be used to securely authenticate at the Zitadel APIs using JWT profile authentication using short-lived tokens.
+  // Make sure you store the returned key safely, as you won't be able to read it from the Zitadel API anymore.
+  // Only users of type machine can have keys.
+  //
+  // Required permission:
+  //   - user.write
+  rpc AddKey(AddKeyRequest) returns (AddKeyResponse) {
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "The key was successfully created.";
+        }
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The user ID does not exist.";
+          schema: {
+            json_schema: {
+              ref: "#/definitions/rpcStatus";
+            };
+          };
+        }
+      };
+    };
+  }
+
+  // Remove a Key
+  //
+  // Remove a machine users key by the given key ID and an optionally given user ID.
+  //
+  // Required permission:
+  //   - user.write
+  rpc RemoveKey(RemoveKeyRequest) returns (RemoveKeyResponse) {
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "The key was either successfully removed or it not found in the first place.";
+        }
+      };
+    };
+  }
+
+  // Search Keys
+  //
+  // List all matching keys. By default all keys of the instance on which the caller has permission to read the owning users are returned.
+  // Make sure to include a limit and sorting for pagination.
+  //
+  // Required permission:
+  //   - user.read
+  rpc ListKeys(ListKeysRequest) returns (ListKeysResponse) {
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "A list of all machine user keys matching the query";
+        };
+      };
+      responses: {
+        key: "400";
+        value: {
+          description: "invalid list query";
+        };
+      };
+    };
+  }
+
+  // Add a Personal Access Token
+  //
+  // Personal access tokens (PAT) are the easiest way to authenticate to the Zitadel APIs.
+  // Make sure you store the returned PAT safely, as you won't be able to read it from the Zitadel API anymore.
+  // Only users of type machine can have personal access tokens.
+  //
+  // Required permission:
+  //   - user.write
+  rpc AddPersonalAccessToken(AddPersonalAccessTokenRequest) returns (AddPersonalAccessTokenResponse) {
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "The personal access token was successfully created.";
+        }
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The user ID does not exist.";
+          schema: {
+            json_schema: {
+              ref: "#/definitions/rpcStatus";
+            };
+          };
+        }
+      };
+    };
+  }
+
+  // Remove a Personal Access Token
+  //
+  // Removes a machine users personal access token by the given token ID and an optionally given user ID.
+  //
+  // Required permission:
+  //   - user.write
+  rpc RemovePersonalAccessToken(RemovePersonalAccessTokenRequest) returns (RemovePersonalAccessTokenResponse) {
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "The personal access token was either successfully removed or it was not found in the first place.";
+        }
+      };
+    };
+  }
+
+  // Search Personal Access Tokens
+  //
+  // List all personal access tokens. By default all personal access tokens of the instance on which the caller has permission to read the owning users are returned.
+  // Make sure to include a limit and sorting for pagination.
+  //
+  // Required permission:
+  //   - user.read
+  rpc ListPersonalAccessTokens(ListPersonalAccessTokensRequest) returns (ListPersonalAccessTokensResponse) {
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "authenticated"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200";
+        value: {
+          description: "A list of all personal access tokens matching the query";
+        };
+      };
+      responses: {
+        key: "400";
+        value: {
+          description: "invalid list query";
+        };
+      };
+    };
+  }
+
   // List all possible authentication methods of a user
   //
   // List all possible authentication methods of a user like password, passwordless, (T)OTP and more..
@@ -1584,281 +1793,6 @@ service UserService {
       }
     };
   }
-
-  // Add a Users Secret
-  //
-  // Generates a client secret for the user.
-  // The client id is the users username.
-  // If the user already has a secret, it is overwritten.
-  // Only users of type machine can have a secret.
-  //
-  // Required permission:
-  //   - user.write
-  rpc AddSecret(AddSecretRequest) returns (AddSecretResponse) {
-    option (google.api.http) = {
-      post: "/v2/users/{user_id}/secret"
-      body: "*"
-    };
-
-    option (zitadel.protoc_gen_zitadel.v2.options) = {
-      auth_option: {
-        permission: "authenticated"
-      }
-    };
-
-    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      responses: {
-        key: "200"
-        value: {
-          description: "The secret was successfully generated.";
-        }
-      };
-      responses: {
-        key: "404"
-        value: {
-          description: "The user ID does not exist.";
-          schema: {
-            json_schema: {
-              ref: "#/definitions/rpcStatus";
-            };
-          };
-        }
-      };
-    };
-  }
-
-  // Remove a Users Secret
-  //
-  // Remove the current client ID and client secret from a machine user.
-  //
-  // Required permission:
-  //   - user.write
-  rpc RemoveSecret(RemoveSecretRequest) returns (RemoveSecretResponse) {
-    option (google.api.http) = {
-      delete: "/v2/users/{user_id}/secret"
-    };
-
-    option (zitadel.protoc_gen_zitadel.v2.options) = {
-      auth_option: {
-        permission: "authenticated"
-      }
-    };
-
-    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      responses: {
-        key: "200"
-        value: {
-          description: "The secret was either successfully removed or it didn't exist in the first place.";
-        }
-      };
-    };
-  }
-
-  // Add a Key
-  //
-  // Add a keys that can be used to securely authenticate at the Zitadel APIs using JWT profile authentication using short-lived tokens.
-  // Make sure you store the returned key safely, as you won't be able to read it from the Zitadel API anymore.
-  // Only users of type machine can have keys.
-  //
-  // Required permission:
-  //   - user.write
-  rpc AddKey(AddKeyRequest) returns (AddKeyResponse) {
-    option (google.api.http) = {
-      post: "/v2/users/{user_id}/keys"
-      body: "*"
-    };
-
-    option (zitadel.protoc_gen_zitadel.v2.options) = {
-      auth_option: {
-        permission: "authenticated"
-      }
-    };
-
-    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      responses: {
-        key: "200"
-        value: {
-          description: "The key was successfully created.";
-        }
-      };
-      responses: {
-        key: "404"
-        value: {
-          description: "The user ID does not exist.";
-          schema: {
-            json_schema: {
-              ref: "#/definitions/rpcStatus";
-            };
-          };
-        }
-      };
-    };
-  }
-
-  // Remove a Key
-  //
-  // Remove a machine users key by the given key ID and an optionally given user ID.
-  //
-  // Required permission:
-  //   - user.write
-  rpc RemoveKey(RemoveKeyRequest) returns (RemoveKeyResponse) {
-    option (google.api.http) = {
-      delete: "/v2/users/{user_id}/keys/{key_id}"
-    };
-
-    option (zitadel.protoc_gen_zitadel.v2.options) = {
-      auth_option: {
-        permission: "authenticated"
-      }
-    };
-
-    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      responses: {
-        key: "200"
-        value: {
-          description: "The key was either successfully removed or it not found in the first place.";
-        }
-      };
-    };
-  }
-
-  // Search Keys
-  //
-  // List all matching keys. By default all keys of the instance on which the caller has permission to read the owning users are returned.
-  // Make sure to include a limit and sorting for pagination.
-  //
-  // Required permission:
-  //   - user.read
-  rpc ListKeys(ListKeysRequest) returns (ListKeysResponse) {
-    option (google.api.http) = {
-      post: "/v2/users/keys/search"
-      body: "*"
-    };
-
-    option (zitadel.protoc_gen_zitadel.v2.options) = {
-      auth_option: {
-        permission: "authenticated"
-      }
-    };
-
-    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      responses: {
-        key: "200";
-        value: {
-          description: "A list of all machine user keys matching the query";
-        };
-      };
-      responses: {
-        key: "400";
-        value: {
-          description: "invalid list query";
-        };
-      };
-    };
-  }
-
-  // Add a Personal Access Token
-  //
-  // Personal access tokens (PAT) are the easiest way to authenticate to the Zitadel APIs.
-  // Make sure you store the returned PAT safely, as you won't be able to read it from the Zitadel API anymore.
-  // Only users of type machine can have personal access tokens.
-  //
-  // Required permission:
-  //   - user.write
-  rpc AddPersonalAccessToken(AddPersonalAccessTokenRequest) returns (AddPersonalAccessTokenResponse) {
-    option (google.api.http) = {
-      post: "/v2/users/{user_id}/pats"
-      body: "*"
-    };
-
-    option (zitadel.protoc_gen_zitadel.v2.options) = {
-      auth_option: {
-        permission: "authenticated"
-      }
-    };
-
-    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      responses: {
-        key: "200"
-        value: {
-          description: "The personal access token was successfully created.";
-        }
-      };
-      responses: {
-        key: "404"
-        value: {
-          description: "The user ID does not exist.";
-          schema: {
-            json_schema: {
-              ref: "#/definitions/rpcStatus";
-            };
-          };
-        }
-      };
-    };
-  }
-
-  // Remove a Personal Access Token
-  //
-  // Removes a machine users personal access token by the given token ID and an optionally given user ID.
-  //
-  // Required permission:
-  //   - user.write
-  rpc RemovePersonalAccessToken(RemovePersonalAccessTokenRequest) returns (RemovePersonalAccessTokenResponse) {
-    option (google.api.http) = {
-      delete: "/v2/users/{user_id}/pats/{token_id}"
-    };
-
-    option (zitadel.protoc_gen_zitadel.v2.options) = {
-      auth_option: {
-        permission: "authenticated"
-      }
-    };
-
-    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      responses: {
-        key: "200"
-        value: {
-          description: "The personal access token was either successfully removed or it was not found in the first place.";
-        }
-      };
-    };
-  }
-
-  // Search Personal Access Tokens
-  //
-  // List all personal access tokens. By default all personal access tokens of the instance on which the caller has permission to read the owning users are returned.
-  // Make sure to include a limit and sorting for pagination.
-  //
-  // Required permission:
-  //   - user.read
-  rpc ListPersonalAccessTokens(ListPersonalAccessTokensRequest) returns (ListPersonalAccessTokensResponse) {
-    option (google.api.http) = {
-      post: "/v2/users/pats/search"
-      body: "*"
-    };
-
-    option (zitadel.protoc_gen_zitadel.v2.options) = {
-      auth_option: {
-        permission: "authenticated"
-      }
-    };
-
-    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      responses: {
-        key: "200";
-        value: {
-          description: "A list of all personal access tokens matching the query";
-        };
-      };
-      responses: {
-        key: "400";
-        value: {
-          description: "invalid list query";
-        };
-      };
-    };
-  }
 }
 
 message AddHumanUserRequest{

From 27f88a639035ca83be099c7a35b2ebe48f486b32 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Racedo?= <matiasracedo@gmail.com>
Date: Wed, 25 Jun 2025 12:44:11 -0300
Subject: [PATCH 104/123] docs(migration): Added step-by-step guide for the
 Auth0 to Zitadel migration (#10118)

Added a step-by-step guide for the Auth0 to Zitadel migration in
preparation for the upcoming workshop.
---
 .../guides/migrate/sources/auth0-guide.md     | 185 ++++++++++++++++++
 docs/sidebars.js                              |   1 +
 2 files changed, 186 insertions(+)
 create mode 100644 docs/docs/guides/migrate/sources/auth0-guide.md

diff --git a/docs/docs/guides/migrate/sources/auth0-guide.md b/docs/docs/guides/migrate/sources/auth0-guide.md
new file mode 100644
index 0000000000..f8a62b75fa
--- /dev/null
+++ b/docs/docs/guides/migrate/sources/auth0-guide.md
@@ -0,0 +1,185 @@
+---
+title: Migrating Users from Auth0 to ZITADEL (Including Password Hashes)
+sidebar_label: Auth0 Migration Guide
+---
+
+## 1. Introduction
+
+This guide will walk you through the steps to migrate users from Auth0 to ZITADEL, including password hashes (which requires Auth0's support assistance), so users don't need to reset their passwords.
+
+**What you'll learn with this guide**
+- How to prepare your data from Auth0
+- Use of the ZITADEL migration tooling
+- Performing the user import via ZITADEL's API
+- Troubleshooting and validating the migration
+
+---
+
+## 2. Prerequisites
+
+### 2.1. Install Go
+The migration tool is written in Go. Download and install the latest version of Go from the [official Go website](https://go.dev/doc/install).
+
+### 2.2. Create a ZITADEL Instance and Organization
+You'll need a target organization in ZITADEL to import your users. You can create a new organization or use an existing one.  
+
+If you don't have a ZITADEL instance, you can [sign up for free here](https://zitadel.com) to create a new one for you.  
+See: [Managing Organizations in ZITADEL](https://zitadel.com/docs/guides/manage/console/organizations).
+
+> **Note:** Copy your Organization ID (Resource ID) since you will use the id in the later steps.
+
+---
+
+## 3. Preparing Auth0 Data
+
+### 3.1. Export User Profiles and Password Hashes from Auth0
+You cannot bulk export user data from the Auth0 Dashboard. Instead, use the  [Auth0 Management API](https://auth0.com/docs/manage-users/user-migration#bulk-user-exports) or the [User Import/Export extension](https://auth0.com/docs/manage-users/user-migration/user-import-export-extension).
+
+> **Important:** Password hashes cannot be obtained in a self-service way.  
+> You must open a **support ticket** with Auth0 and request a password hash export.  
+> If approved, Auth0 will provide an export containing the password hashes.  
+
+Reference: [Export hashed passwords from Auth0](https://zitadel.com/docs/guides/migrate/sources/auth0#export-hashed-passwords)
+
+---
+
+## 4. Running the ZITADEL Migration Tool
+
+### 4.1. Install the Migration Tool
+Follow the installation instructions to set up the ZITADEL migration tool from [ZITADEL Tools](https://github.com/zitadel/zitadel-tools?tab=readme-ov-file#installation).
+
+### 4.2. Generate Import JSON
+Use the migration tool to convert the Auth0 export file to a ZITADEL-compatible JSON.
+Step-by-step instructions: [Migration Tool for Auth0](https://github.com/zitadel/zitadel-tools/blob/main/cmd/migration/auth0/readme.md)
+
+Typical steps:
+- Run the migration tool with your exported Auth0 files as input.
+- The tool generates a JSON file ready for import into ZITADEL.
+
+Example:
+After obtaining the 2 required input files (passwords and profile) in JSON lines format, you can run the following command:
+
+Sample `passwords.ndjson` content, as obtained from the Auth0 Support team:
+```json
+{"_id":{"$oid":"emxdpVxozXeFb1HeEn5ThAK8"},"email_verified":true,"email":"tommie_krajcik85@hotmail.com","passwordHash":"$2b$10$d.GvZhGwTllA7OdAmsA75uGGzqr/mhdQoU88M3zD.fX3Vb8Rcf33.","password_set_date":{"$date":"2025-06-30T00:00:00.000Z"},"tenant":"test","connection":"Username-Password-Authentication","_tmp_is_unique":true}
+```
+
+Sample `profiles.json` content, as obtained from the Auth0 Management API:
+```json
+{"user_id":"auth0|emxdpVxozXeFb1HeEn5ThAK8","email_verified":true,"name":"Tommie Krajcik","email":"tommie_krajcik85@hotmail.com"}
+```
+
+Run the following command in your terminal (replace ORG_ID with your own organization ID):
+```bash
+zitadel-tools migrate auth0 --org=<ORG_ID> --users=./profiles.json --passwords=./passwords.ndjson --multiline --email-verified --output=./importBody.json --timeout=5m0s
+```
+
+The tool will merge both objects into a single one in the importBody.json output, this will be used in the next step to complete the import process.
+
+## 5. Importing Users into ZITADEL
+
+### 5.1. Obtain Access Token (or PAT) for API Access
+
+To call the ZITADEL Admin API, you need to authenticate using a **Service User** with the `IAM_OWNER` Manager permissions.
+
+There are two recommended authentication methods:
+
+- **Client Credentials Flow**  
+  [Learn how to authenticate with client credentials.](https://zitadel.com/docs/guides/integrate/service-users/client-credentials)
+
+- **Personal Access Token (PAT)**  
+  [Learn how to create and use a PAT.](https://zitadel.com/docs/guides/integrate/service-users/authenticate-service-users#personal-access-token)
+
+**Reference:** [Service Users & API Authentication](https://zitadel.com/docs/guides/integrate/service-users/authenticate-service-users#authentication-methods)
+
+---
+
+### 5.2. Import Data with the ZITADEL API
+
+- Use your **access token** or **PAT** to authenticate.
+- Call the [Admin API – Import Data](https://zitadel.com/docs/apis/resources/admin/admin-service-import-data) endpoint, passing your generated JSON file.
+- Verify that the users were imported successfully in the ZITADEL console.
+
+**Import Endpoint:**
+
+- `POST /admin/v1/import`
+- `Authorization: Bearer <token>`
+- **Body:** Generated in step 4.2
+
+#### Example cURL request
+
+```bash
+curl --location 'https://<instance-domain>/admin/v1/import' \
+--header 'Content-Type: application/json' \
+--header 'Accept: application/json' \
+--header 'Authorization: Bearer <access-token>' \
+--data-raw '{
+  "dataOrgs": {
+    "orgs": [
+      {
+        "orgId": "<your-org-id>",
+        "humanUsers": [
+          {
+            "userId": "auth0|emxdpVxozXeFb1HeEn5ThAK8",
+            "user": {
+              "userName": "tommie_krajcik85@hotmail.com",
+              "profile": {
+                "firstName": "Tommie Krajcik",
+                "lastName": "Tommie Krajcik"
+              },
+              "email": {
+                "email": "tommie_krajcik85@hotmail.com",
+                "isEmailVerified": true
+              },
+              "hashedPassword": {
+                "value": "$2b$10$d.GvZhGwTllA7OdAmsA75uGGzqr/mhdQoU88M3zD.fX3Vb8Rcf33."
+              }
+            }
+          }
+        ]
+      }
+    ]
+  },
+  "timeout": "5m0s"
+}'
+```
+
+## 6. Testing the Migration
+
+### 6.1. Test User Login
+
+Use the **ZITADEL login page** or your integrated app to test logging in with one of the imported users.
+
+> **Password for the sample user:** `Password1!`
+
+Confirm that the migrated password works as expected.
+
+---
+
+### 6.2. Troubleshooting
+
+**Common issues:**
+
+- Missing password hashes  
+- Malformed JSON  
+- Invalid or incomplete user data  
+
+The import endpoint returns an `errors` array which can help you identify any issues with the import.
+
+#### Where to check logs and get help
+
+You can also verify that a user was imported by calling the **events endpoint** and checking for the following event type:
+
+```json
+"user.human.added"
+```
+
+## 7. Q&A and Further Resources
+
+### Real-World Scenarios & Common Questions
+
+**Q:** What is the maximum number of users that can be imported in a single batch?  
+**A:** There is no hard limit on the number of users. However, there is a **timeout**.  
+For **ZITADEL Cloud deployments**, the timeout is **5 minutes**, which typically allows for importing around **5,000 users per batch**.
+
+---
\ No newline at end of file
diff --git a/docs/sidebars.js b/docs/sidebars.js
index d7ebb80f5b..fe77ea0af2 100644
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -203,6 +203,7 @@ module.exports = {
           items: [
             "guides/migrate/sources/zitadel",
             "guides/migrate/sources/auth0",
+            "guides/migrate/sources/auth0-guide",
             "guides/migrate/sources/keycloak",
           ],
         },

From 1ebbe275b98d1b0918b808e1d7960df1ad638c27 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Thu, 26 Jun 2025 11:08:37 +0300
Subject: [PATCH 105/123] chore(oidc): remove legacy storage methods (#10061)

# Which Problems Are Solved

Stabilize the optimized introspection code and cleanup unused code.

# How the Problems Are Solved

- `oidc_legacy_introspection` feature flag is removed and reserved.
- `OPStorage` which are no longer needed have their bodies removed.
- The method definitions need to remain in place so the interface
remains implemented.
  - A panic is thrown in case any such method is still called

# Additional Changes

- A number of `OPStorage` methods related to token creation were already
unused. These are also cleaned up.

# Additional Context

- Closes #10027
- #7822

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
---
 cmd/setup/config_test.go                      |   1 -
 cmd/start/config_test.go                      |   1 -
 .../components/features/features.component.ts |   1 -
 console/src/assets/i18n/bg.json               |   2 -
 console/src/assets/i18n/cs.json               |   2 -
 console/src/assets/i18n/de.json               |   2 -
 console/src/assets/i18n/en.json               |   2 -
 console/src/assets/i18n/es.json               |   2 -
 console/src/assets/i18n/fr.json               |   2 -
 console/src/assets/i18n/hu.json               |   2 -
 console/src/assets/i18n/id.json               |   2 -
 console/src/assets/i18n/it.json               |   2 -
 console/src/assets/i18n/ja.json               |   2 -
 console/src/assets/i18n/ko.json               |   2 -
 console/src/assets/i18n/mk.json               |   2 -
 console/src/assets/i18n/nl.json               |   2 -
 console/src/assets/i18n/pl.json               |   2 -
 console/src/assets/i18n/pt.json               |   2 -
 console/src/assets/i18n/ro.json               |   2 -
 console/src/assets/i18n/ru.json               |   2 -
 console/src/assets/i18n/sv.json               |   2 -
 console/src/assets/i18n/zh.json               |   2 -
 docs/docs/apis/openidoauth/scopes.md          |   8 +-
 internal/api/grpc/feature/v2/converter.go     |   4 -
 .../api/grpc/feature/v2/converter_test.go     |  20 -
 .../v2/integration_test/feature_test.go       |  16 +-
 internal/api/grpc/feature/v2beta/converter.go |   4 -
 .../api/grpc/feature/v2beta/converter_test.go |  20 -
 .../v2beta/integration_test/feature_test.go   |   9 -
 internal/api/oidc/auth_request.go             |  49 +-
 internal/api/oidc/client.go                   | 832 +-----------------
 internal/api/oidc/client_credentials.go       |  21 -
 internal/api/oidc/device_auth.go              |   4 +-
 .../integration_test/token_exchange_test.go   |   7 -
 .../oidc/integration_test/userinfo_test.go    |  15 +-
 internal/api/oidc/introspect.go               |   3 -
 internal/api/oidc/jwt-profile.go              |  33 +-
 internal/api/oidc/userinfo.go                 |   3 -
 internal/command/instance_features.go         |   2 -
 internal/command/instance_features_model.go   |   5 -
 internal/command/instance_features_test.go    |  32 +-
 internal/command/project_application_api.go   |  31 -
 .../command/project_application_api_test.go   | 101 ---
 internal/command/project_application_oidc.go  |  31 -
 .../command/project_application_oidc_test.go  | 170 ----
 internal/command/system_features.go           |   2 -
 internal/command/system_features_model.go     |   5 -
 internal/command/system_features_test.go      |  32 +-
 internal/feature/feature.go                   |  33 +-
 internal/feature/feature_test.go              |   1 -
 internal/feature/key_enumer.go                | 123 +--
 internal/query/app.go                         |  92 --
 internal/query/authn_key.go                   |  48 -
 internal/query/authn_key_test.go              |  49 --
 internal/query/instance_features.go           |   1 -
 internal/query/instance_features_model.go     |   7 +-
 internal/query/instance_features_test.go      |  28 -
 .../query/projection/instance_features.go     |   4 -
 .../projection/instance_features_test.go      |   4 +-
 internal/query/projection/system_features.go  |   4 -
 .../query/projection/system_features_test.go  |   4 +-
 internal/query/system_features.go             |   1 -
 internal/query/system_features_model.go       |   6 +-
 internal/query/system_features_test.go        |  24 -
 internal/query/user_grant.go                  |   8 -
 .../feature/feature_v2/eventstore.go          |   2 -
 .../repository/feature/feature_v2/feature.go  |   2 -
 proto/zitadel/feature/v2/instance.proto       |  21 +-
 proto/zitadel/feature/v2/system.proto         |  22 +-
 proto/zitadel/feature/v2beta/instance.proto   |  21 +-
 proto/zitadel/feature/v2beta/system.proto     |  22 +-
 71 files changed, 143 insertions(+), 1884 deletions(-)

diff --git a/cmd/setup/config_test.go b/cmd/setup/config_test.go
index 8cf241cd6a..b147ed54a7 100644
--- a/cmd/setup/config_test.go
+++ b/cmd/setup/config_test.go
@@ -48,7 +48,6 @@ Actions:
 		want: func(t *testing.T, config *Config) {
 			assert.Equal(t, config.DefaultInstance.Features, &command.InstanceFeatures{
 				LoginDefaultOrg:                 gu.Ptr(true),
-				LegacyIntrospection:             gu.Ptr(true),
 				TriggerIntrospectionProjections: gu.Ptr(true),
 				UserSchema:                      gu.Ptr(true),
 			})
diff --git a/cmd/start/config_test.go b/cmd/start/config_test.go
index 53c95d35ab..918fa51950 100644
--- a/cmd/start/config_test.go
+++ b/cmd/start/config_test.go
@@ -85,7 +85,6 @@ Actions:
 		want: func(t *testing.T, config *Config) {
 			assert.Equal(t, config.DefaultInstance.Features, &command.InstanceFeatures{
 				LoginDefaultOrg:                 gu.Ptr(true),
-				LegacyIntrospection:             gu.Ptr(true),
 				TriggerIntrospectionProjections: gu.Ptr(true),
 				UserSchema:                      gu.Ptr(true),
 			})
diff --git a/console/src/app/components/features/features.component.ts b/console/src/app/components/features/features.component.ts
index d95bbdde43..70e038bae8 100644
--- a/console/src/app/components/features/features.component.ts
+++ b/console/src/app/components/features/features.component.ts
@@ -33,7 +33,6 @@ const FEATURE_KEYS = [
   'enableBackChannelLogout',
   // 'improvedPerformance',
   'loginDefaultOrg',
-  'oidcLegacyIntrospection',
   'oidcSingleV1SessionTermination',
   'oidcTokenExchange',
   'oidcTriggerIntrospectionProjections',
diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json
index dc3dc04193..7d594e8318 100644
--- a/console/src/assets/i18n/bg.json
+++ b/console/src/assets/i18n/bg.json
@@ -1623,8 +1623,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Организация по подразбиране за влизане",
       "LOGINDEFAULTORG_DESCRIPTION": "Потребителският интерфейс за влизане ще използва настройките на организацията по подразбиране (а не на инстанцията), ако не е зададен контекст на организация.",
-      "OIDCLEGACYINTROSPECTION": "Наследено осмисляне OIDC",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "На скоро префакторизирахме крайния пункт за осмисляне заради производителностни причини. Тази функция може да се използва за връщане към наследената реализация, ако възникнат неочаквани грешки.",
       "OIDCTOKENEXCHANGE": "Обмяна на токени OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Активиране на експерименталния тип на дарение urn:ietf:params:oauth:grant-type:token-exchange за краен пункт на токен OIDC. Обменът на токени може да се използва за заявка на токени с по-малък обхват или за имперсонализиране на други потребители. Вижте политиката за сигурност, за да разрешите имперсонализацията на инстанция.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Тригери за проекции на осмисляне на OIDC",
diff --git a/console/src/assets/i18n/cs.json b/console/src/assets/i18n/cs.json
index 6c85389c60..2ee5d9d0c5 100644
--- a/console/src/assets/i18n/cs.json
+++ b/console/src/assets/i18n/cs.json
@@ -1624,8 +1624,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Výchozí organizace pro přihlášení",
       "LOGINDEFAULTORG_DESCRIPTION": "Přihlašovací rozhraní použije nastavení výchozí organizace (a ne z instance), pokud není nastaven žádný kontext organizace.",
-      "OIDCLEGACYINTROSPECTION": "Dědictví OIDC introspekce",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Nedávno jsme přepracovali bod introspekce z výkonnostních důvodů. Tato funkce lze použít k rollbacku na dědickou implementaci, pokud se objeví neočekávané chyby.",
       "OIDCTOKENEXCHANGE": "Výměna tokenů OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Povolit experimentální typ udělení urn:ietf:params:oauth:grant-type:token-exchange pro bod tokenového bodu OIDC. Výměna tokenů lze použít k žádosti o tokeny s menším rozsahem nebo k impersonaci jiných uživatelů. Podívejte se na bezpečnostní politiku, abyste umožnili impersonaci na instanci.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Spouštěče projekcí introspekce OIDC",
diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json
index a1f449c1c2..b8f8363d13 100644
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@@ -1624,8 +1624,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Standardorganisation für die Anmeldung",
       "LOGINDEFAULTORG_DESCRIPTION": "Die Anmelde-Benutzeroberfläche verwendet die Einstellungen der Standardorganisation (und nicht von der Instanz), wenn kein Organisationskontext festgelegt ist.",
-      "OIDCLEGACYINTROSPECTION": "OIDC Legacy-Introspektion",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Wir haben kürzlich den Introspektionsendpunkt aus Leistungsgründen neu strukturiert. Mit diesem Feature können Sie zur alten Implementierung zurückkehren, falls unerwartete Fehler auftreten.",
       "OIDCTOKENEXCHANGE": "OIDC Token-Austausch",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Aktivieren Sie den experimentellen urn:ietf:params:oauth:grant-type:token-exchange-Grant-Typ für den OIDC-Token-Endpunkt. Der Token-Austausch kann verwendet werden, um Token mit einem geringeren Umfang anzufordern oder andere Benutzer zu impersonieren. Siehe die Sicherheitsrichtlinie, um die Impersonation auf einer Instanz zu erlauben.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC Trigger-Introspektionsprojektionen",
diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json
index 9e8dadd416..fe152acb81 100644
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@@ -1627,8 +1627,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Login Default Org",
       "LOGINDEFAULTORG_DESCRIPTION": "The login UI will use the settings of the default org (and not from the instance) if no organization context is set",
-      "OIDCLEGACYINTROSPECTION": "OIDC Legacy introspection",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise.",
       "OIDCTOKENEXCHANGE": "OIDC Token Exchange",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Enable the experimental urn:ietf:params:oauth:grant-type:token-exchange grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC Trigger introspection Projections",
diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json
index d5493f5d70..fff111fd1d 100644
--- a/console/src/assets/i18n/es.json
+++ b/console/src/assets/i18n/es.json
@@ -1625,8 +1625,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Organización predeterminada de inicio de sesión",
       "LOGINDEFAULTORG_DESCRIPTION": "La interfaz de inicio de sesión utilizará la configuración de la organización predeterminada (y no de la instancia) si no se establece ningún contexto de organización.",
-      "OIDCLEGACYINTROSPECTION": "Introspección heredada OIDC",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Recientemente hemos refactorizado el punto de introspección por razones de rendimiento. Esta función se puede utilizar para volver a la implementación heredada si surgen errores inesperados.",
       "OIDCTOKENEXCHANGE": "Intercambio de tokens OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Habilita el tipo de concesión experimental urn:ietf:params:oauth:grant-type:token-exchange para el punto de extremo de token OIDC. El intercambio de tokens se puede utilizar para solicitar tokens con un alcance menor o suplantar a otros usuarios. Consulta la política de seguridad para permitir la suplantación en una instancia.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Desencadenadores de proyecciones de introspección OIDC",
diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json
index c0a17ac19d..fc5cf69602 100644
--- a/console/src/assets/i18n/fr.json
+++ b/console/src/assets/i18n/fr.json
@@ -1624,8 +1624,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Organisation par défaut de connexion",
       "LOGINDEFAULTORG_DESCRIPTION": "L'interface de connexion utilisera les paramètres de l'organisation par défaut (et non de l'instance) si aucun contexte d'organisation n'est défini.",
-      "OIDCLEGACYINTROSPECTION": "Introspection héritée OIDC",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Nous avons récemment refondu le point d'introspection pour des raisons de performances. Cette fonctionnalité peut être utilisée pour revenir à l'implémentation héritée en cas de bogues inattendus.",
       "OIDCTOKENEXCHANGE": "Échange de jetons OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Activez le type d'octroi expérimental urn:ietf:params:oauth:grant-type:token-exchange pour le point de terminaison de jeton OIDC. L'échange de jetons peut être utilisé pour demander des jetons avec une portée moindre ou pour usurper d'autres utilisateurs. Consultez la politique de sécurité pour autoriser l'usurpation sur une instance.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Déclencheurs de projections d'introspection OIDC",
diff --git a/console/src/assets/i18n/hu.json b/console/src/assets/i18n/hu.json
index 2f208b82b9..d7dd32b15a 100644
--- a/console/src/assets/i18n/hu.json
+++ b/console/src/assets/i18n/hu.json
@@ -1622,8 +1622,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Alapértelmezett Org bejelentkezés",
       "LOGINDEFAULTORG_DESCRIPTION": "A bejelentkezési felület az alapértelmezett org beállításait fogja használni (és nem az instance-tól), ha nincs megadva szervezeti kontextus",
-      "OIDCLEGACYINTROSPECTION": "OIDC régi introspekció",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Nemrég refaktoráltuk az introspekciós végpontot a teljesítmény javítása érdekében. Ezt a funkciót használhatod a régi implementációra való visszaállításhoz, ha váratlan hibák lépnének fel.",
       "OIDCTOKENEXCHANGE": "OIDC Token Exchange",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Engedélyezd a kísérleti urn:ietf:params:oauth:grant-type:token-exchange támogatását az OIDC token végpont számára. A token csere használható kisebb hatókörű tokenek kérésére vagy más felhasználók megszemélyesítésére. Tekintsd meg a biztonsági irányelvet az impersonáció engedélyezéséhez egy példányon.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC Introspekciós Projekciók Indítása",
diff --git a/console/src/assets/i18n/id.json b/console/src/assets/i18n/id.json
index d1d4001813..3dcd7b36b7 100644
--- a/console/src/assets/i18n/id.json
+++ b/console/src/assets/i18n/id.json
@@ -1498,8 +1498,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Masuk Organisasi Default",
       "LOGINDEFAULTORG_DESCRIPTION": "UI login akan menggunakan pengaturan organisasi default (dan bukan dari instance) jika tidak ada konteks organisasi yang ditetapkan",
-      "OIDCLEGACYINTROSPECTION": "Introspeksi Warisan OIDC",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Kami baru-baru ini memfaktorkan ulang titik akhir introspeksi untuk alasan kinerja. Fitur ini dapat digunakan untuk melakukan rollback ke implementasi lama jika muncul bug yang tidak terduga.",
       "OIDCTOKENEXCHANGE": "Pertukaran Token OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Aktifkan jenis pemberian urn:ietf:params:oauth:grant-type:token-exchange eksperimental untuk titik akhir token OIDC. Pertukaran token dapat digunakan untuk meminta token dengan cakupan yang lebih kecil atau menyamar sebagai pengguna lain. Lihat kebijakan keamanan untuk mengizinkan peniruan identitas pada sebuah instans.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC Memicu Proyeksi Introspeksi",
diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json
index 2645afb801..da1df2ba38 100644
--- a/console/src/assets/i18n/it.json
+++ b/console/src/assets/i18n/it.json
@@ -1624,8 +1624,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Organizzazione predefinita per l'accesso",
       "LOGINDEFAULTORG_DESCRIPTION": "L'interfaccia di accesso utilizzerà le impostazioni dell'organizzazione predefinita (e non dell'istanza) se non è impostato alcun contesto organizzativo.",
-      "OIDCLEGACYINTROSPECTION": "Introspezione legacy OIDC",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Abbiamo recentemente ristrutturato il punto di introspezione per motivi di prestazioni. Questa funzionalità può essere utilizzata per tornare alla vecchia implementazione in caso di bug imprevisti.",
       "OIDCTOKENEXCHANGE": "Scambio token OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Abilita il tipo di concessione sperimentale urn:ietf:params:oauth:grant-type:token-exchange per il punto finale del token OIDC. Lo scambio di token può essere utilizzato per richiedere token con uno scopo inferiore o impersonare altri utenti. Consultare la policy di sicurezza per consentire l'impersonificazione su un'istanza.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Proiezioni trigger OIDC per l'introspezione",
diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json
index 95855ca5fe..1828a8ada8 100644
--- a/console/src/assets/i18n/ja.json
+++ b/console/src/assets/i18n/ja.json
@@ -1624,8 +1624,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "ログイン時の既定組織",
       "LOGINDEFAULTORG_DESCRIPTION": "組織コンテキストが設定されていない場合、ログイン UI は既定の組織の設定を使用します (インスタンスの設定ではなく)",
-      "OIDCLEGACYINTROSPECTION": "OIDC レガシーイントロスペクション",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "パフォーマンス上の理由から最近イントロスペクション エンドポイントをリファクタリングしました。この機能は、予期しないバグが発生した場合にレガシー実装にロールバックするために使用できます。",
       "OIDCTOKENEXCHANGE": "OIDC トークン交換",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "OIDC トークン エンドポイント用に実験的な urn:ietf:params:oauth:grant-type:token-exchange 付与タイプを有効にします。トークン交換は、より少ないスコープを持つトークンを要求するか、他のユーザーになりすますために使用できます。インスタンスでのなりすましを許可するには、セキュリティポリシーを参照してください。",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC トリガーイントロスペクションプロジェクション",
diff --git a/console/src/assets/i18n/ko.json b/console/src/assets/i18n/ko.json
index b51f14ff20..af5fa65972 100644
--- a/console/src/assets/i18n/ko.json
+++ b/console/src/assets/i18n/ko.json
@@ -1624,8 +1624,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "로그인 기본 조직",
       "LOGINDEFAULTORG_DESCRIPTION": "조직 컨텍스트가 설정되지 않은 경우 로그인 UI가 기본 조직의 설정을 사용합니다 (인스턴스에서 설정되지 않음).",
-      "OIDCLEGACYINTROSPECTION": "OIDC 레거시 내부 조사",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "최근 내부 조사 엔드포인트를 성능을 위해 리팩토링했습니다. 예상치 못한 버그가 발생하면 이 기능을 사용하여 레거시 구현으로 롤백할 수 있습니다.",
       "OIDCTOKENEXCHANGE": "OIDC 토큰 교환",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "OIDC 토큰 엔드포인트의 실험적 urn:ietf:params:oauth:grant-type:token-exchange 허용을 활성화합니다. 토큰 교환을 통해 범위가 좁은 토큰을 요청하거나 다른 사용자를 가장할 수 있습니다. 인스턴스에서 가장을 허용하는 보안 정책을 확인하세요.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC 트리거 내부 조사 프로젝션",
diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json
index c89a78238d..1e85e06928 100644
--- a/console/src/assets/i18n/mk.json
+++ b/console/src/assets/i18n/mk.json
@@ -1625,8 +1625,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Најава Стандардна организација",
       "LOGINDEFAULTORG_DESCRIPTION": "Интерфејсот за најавување ќе ги користи поставките на стандардната организација (а не од примерот) ако не е поставен контекст на организацијата",
-      "OIDCLEGACYINTROSPECTION": "Интроспекција на наследството на OIDC",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Неодамна ја рефакториравме крајната точка на интроспекција поради перформанси. Оваа функција може да се користи за враќање на наследната имплементација доколку се појават неочекувани грешки.",
       "OIDCTOKENEXCHANGE": "Размена на токени OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Овозможете го експерименталниот тип на грант urn:ietf:params:oauth:grant-type:token-exchange за крајната точка на токенот OIDC. Размената на токени може да се користи за барање токени со помал опсег или имитирање на други корисници. Погледнете ја безбедносната политика за да дозволите имитирање на пример.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Проекции за интроспекција на активирањето на OIDC",
diff --git a/console/src/assets/i18n/nl.json b/console/src/assets/i18n/nl.json
index 17eb2241f7..c3de881784 100644
--- a/console/src/assets/i18n/nl.json
+++ b/console/src/assets/i18n/nl.json
@@ -1624,8 +1624,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Standaard inlogorganisatie",
       "LOGINDEFAULTORG_DESCRIPTION": "Als er geen organisatiecontext is ingesteld, gebruikt de inlog-UI de instellingen van de standaardorganisatie (en niet van de instantie)",
-      "OIDCLEGACYINTROSPECTION": "Oude OIDC-introspectie",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "We hebben onlangs het introspectie-endpoint opnieuw gefactoreerd omwille van de prestaties. Deze functie kan worden gebruikt om terug te keren naar de oude implementatie als er onverwachte bugs optreden.",
       "OIDCTOKENEXCHANGE": "OIDC-tokenuitwisseling",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Schakel het experimentele type verlening urn:ietf:params:oauth:grant-type:token-exchange in voor het OIDC-tokenendpoint. Tokenuitwisseling kan worden gebruikt om tokens met een kleinere scope op te vragen of om zich voor te doen als andere gebruikers. Raadpleeg het beveiligingsbeleid om impersonation op een instantie toe te staan.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC-triggers voor introspectieprojecties",
diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json
index 33e5f5291d..ca5476463d 100644
--- a/console/src/assets/i18n/pl.json
+++ b/console/src/assets/i18n/pl.json
@@ -1623,8 +1623,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Domyślna Organizacja Logowania",
       "LOGINDEFAULTORG_DESCRIPTION": "Jeśli nie ustawiono kontekstu organizacji, interfejs logowania będzie używać ustawień domyślnej organizacji (a nie instancji)",
-      "OIDCLEGACYINTROSPECTION": "Starsza Introspekcja OIDC",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Ostatnio przeprojektowaliśmy punkt końcowy introspekcji ze względów wydajnościowych. Ta funkcja może być używana do cofnięcia do starszej implementacji, jeśli wystąpią nieoczekiwane błędy.",
       "OIDCTOKENEXCHANGE": "Wymiana Tokenów OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Włącz eksperymentalny typ grantu urn:ietf:params:oauth:grant-type:token-exchange dla punktu końcowego tokena OIDC. Wymiana tokenów może być używana do żądania tokenów o mniejszym zakresie lub podszywania się za innych użytkowników. Aby zezwolić na podszywanie się na instancji, zapoznaj się z polityką bezpieczeństwa.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Projekcje Introspekcji Wyzwalane przez OIDC",
diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json
index ccd17170e4..7c68a4cada 100644
--- a/console/src/assets/i18n/pt.json
+++ b/console/src/assets/i18n/pt.json
@@ -1625,8 +1625,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Organização Padrão de Login",
       "LOGINDEFAULTORG_DESCRIPTION": "A interface de login utilizará as configurações da organização padrão (e não da instância) se nenhum contexto de organização estiver definido",
-      "OIDCLEGACYINTROSPECTION": "Introspecção Legada OIDC",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Recentemente refatoramos o endpoint de introspecção por motivos de performance. Esse recurso pode ser usado para reverter para a implementação legada caso surjam bugs inesperados.",
       "OIDCTOKENEXCHANGE": "Troca de Token OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Habilita o tipo de concessão experimental urn:ietf:params:oauth:grant-type:token-exchange para o endpoint de token OIDC. A troca de token pode ser usada para solicitar tokens com escopo menor ou personificar outros usuários. Consulte a política de segurança para permitir a personificação em uma instância.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Projeções de Introspecção com Gatilho OIDC",
diff --git a/console/src/assets/i18n/ro.json b/console/src/assets/i18n/ro.json
index e0f2e93045..0e0802a17c 100644
--- a/console/src/assets/i18n/ro.json
+++ b/console/src/assets/i18n/ro.json
@@ -1622,8 +1622,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Organizație implicită de conectare",
       "LOGINDEFAULTORG_DESCRIPTION": "UI-ul de conectare va utiliza setările organizației implicite (și nu din instanță) dacă nu este setat niciun context de organizație",
-      "OIDCLEGACYINTROSPECTION": "Introspecție OIDC Legacy",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Am refactorizat recent endpointul de introspecție din motive de performanță. Această caracteristică poate fi utilizată pentru a reveni la implementarea legacy dacă apar erori neașteptate.",
       "OIDCTOKENEXCHANGE": "Schimb de token OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Activați tipul de grant experimental urn:ietf:params:oauth:grant-type:token-exchange pentru endpointul token OIDC. Schimbul de tokenuri poate fi utilizat pentru a solicita tokenuri cu o rază de acțiune mai mică sau pentru a impersona alți utilizatori. Consultați politica de securitate pentru a permite impersonarea pe o instanță.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Proiecții de introspecție OIDC Trigger",
diff --git a/console/src/assets/i18n/ru.json b/console/src/assets/i18n/ru.json
index 175e18688b..8e06568a82 100644
--- a/console/src/assets/i18n/ru.json
+++ b/console/src/assets/i18n/ru.json
@@ -1677,8 +1677,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Организация по умолчанию для входа",
       "LOGINDEFAULTORG_DESCRIPTION": "Если контекст организации не установлен, пользовательский интерфейс входа будет использовать настройки организации по умолчанию (а не экземпляра)",
-      "OIDCLEGACYINTROSPECTION": "Устаревшая интроспекция OIDC",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Недавно мы переработали конечную точку интроспекции для повышения производительности. Эта функция может использоваться для отката к устаревшей реализации, если возникнут непредвиденные ошибки.",
       "OIDCTOKENEXCHANGE": "Обмен токенами OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Включите экспериментальный тип гранта urn:ietf:params:oauth:grant-type:token-exchange для конечной точки токена OIDC. Обмен токенами можно использовать для запроса токенов с меньшей областью действия или для impersonation (выдачи себя за) других пользователей. Информацию о разрешении impersonation на экземпляре см. в политике безопасности.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Проекции интроспекции с триггером OIDC",
diff --git a/console/src/assets/i18n/sv.json b/console/src/assets/i18n/sv.json
index 9de5093353..1b80021a67 100644
--- a/console/src/assets/i18n/sv.json
+++ b/console/src/assets/i18n/sv.json
@@ -1628,8 +1628,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "Standardorganisation för inloggning",
       "LOGINDEFAULTORG_DESCRIPTION": "Inloggningsgränssnittet kommer att använda inställningarna för standardorganisationen (och inte från instansen) om ingen organisationskontext är inställd",
-      "OIDCLEGACYINTROSPECTION": "OIDC Legacy introspection",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "Vi har nyligen omarbetat introspektionsändpunkten av prestandaskäl. Denna funktion kan användas för att återgå till den äldre implementationen om oväntade buggar uppstår.",
       "OIDCTOKENEXCHANGE": "OIDC Token Exchange",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Aktivera den experimentella urn:ietf:params:oauth:grant-type:token-exchange grant-typen för OIDC-tokenändpunkten. Tokenutbyte kan användas för att begära tokens med en mindre omfattning eller impersonera andra användare. Se säkerhetspolicyn för att tillåta impersonation på en instans.",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC Trigger introspection Projections",
diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json
index 4aa5ad0ef2..9565b61eca 100644
--- a/console/src/assets/i18n/zh.json
+++ b/console/src/assets/i18n/zh.json
@@ -1624,8 +1624,6 @@
     "FEATURES": {
       "LOGINDEFAULTORG": "登录默认组织",
       "LOGINDEFAULTORG_DESCRIPTION": "如果没有设置组织上下文，登录界面将使用默认组织的设置（而不是实例的设置）",
-      "OIDCLEGACYINTROSPECTION": "OIDC 传统内省",
-      "OIDCLEGACYINTROSPECTION_DESCRIPTION": "我们最近出于性能原因重构了内省端点。如果出现意外错误，可以使用此功能回滚到传统实现。",
       "OIDCTOKENEXCHANGE": "OIDC 令牌交换",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "启用 OIDC 令牌端点的实验性 urn:ietf:params:oauth:grant-type:token-exchange 授权类型。令牌交换可用于请求具有较少范围的令牌或模拟其他用户。请参阅安全策略以允许在实例上模拟。",
       "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC 触发内省投影",
diff --git a/docs/docs/apis/openidoauth/scopes.md b/docs/docs/apis/openidoauth/scopes.md
index 86f9769cab..d1fe9c7c5b 100644
--- a/docs/docs/apis/openidoauth/scopes.md
+++ b/docs/docs/apis/openidoauth/scopes.md
@@ -8,7 +8,7 @@ ZITADEL supports the usage of scopes as way of requesting information from the I
 ## Standard Scopes
 
 | Scopes         | Description                                                                    |
-|:---------------|--------------------------------------------------------------------------------|
+| :------------- | ------------------------------------------------------------------------------ |
 | openid         | When using openid connect this is a mandatory scope                            |
 | profile        | Optional scope to request the profile of the subject                           |
 | email          | Optional scope to request the email of the subject                             |
@@ -30,11 +30,9 @@ In addition to the standard compliant scopes we utilize the following scopes.
 | `urn:zitadel:iam:org:projects:roles`              | `urn:zitadel:iam:org:projects:roles`                   | By using this scope a client can request the claim `urn:zitadel:iam:org:project:{projectid}:roles` to be asserted for each requested project. All projects of the token audience, requested by the `urn:zitadel:iam:org:project:id:{projectid}:aud` scopes will be used.     |
 | `urn:zitadel:iam:org:id:{id}`                     | `urn:zitadel:iam:org:id:178204173316174381`            | When requesting this scope **ZITADEL** will enforce that the user is a member of the selected organization. If the organization does not exist a failure is displayed. It will assert the `urn:zitadel:iam:user:resourceowner` claims.                                       |
 | `urn:zitadel:iam:org:domain:primary:{domainname}` | `urn:zitadel:iam:org:domain:primary:acme.ch`           | When requesting this scope **ZITADEL** will enforce that the user is a member of the selected organization and the username is suffixed by the provided domain. If the organization does not exist a failure is displayed                                                    |
-| `urn:zitadel:iam:org:roles:id:{orgID}`            | `urn:zitadel:iam:org:roles:id:178204173316174381`      | This scope can be used one or more times to limit the granted organization IDs in the returned roles. Unknown organization IDs are ignored. When this scope is not used, all granted organizations are returned inside the roles.[^1]                                        |
+| `urn:zitadel:iam:org:roles:id:{orgID}`            | `urn:zitadel:iam:org:roles:id:178204173316174381`      | This scope can be used one or more times to limit the granted organization IDs in the returned roles. Unknown organization IDs are ignored. When this scope is not used, all granted organizations are returned inside the roles.                                            |
 | `urn:zitadel:iam:org:project:id:{projectid}:aud`  | `urn:zitadel:iam:org:project:id:69234237810729019:aud` | By adding this scope, the requested projectid will be added to the audience of the access token                                                                                                                                                                              |
 | `urn:zitadel:iam:org:project:id:zitadel:aud`      | `urn:zitadel:iam:org:project:id:zitadel:aud`           | By adding this scope, the ZITADEL project ID will be added to the audience of the access token                                                                                                                                                                               |
 | `urn:zitadel:iam:user:metadata`                   | `urn:zitadel:iam:user:metadata`                        | By adding this scope, the metadata of the user will be included in the token. The values are base64 encoded.                                                                                                                                                                 |
-| `urn:zitadel:iam:user:resourceowner`              | `urn:zitadel:iam:user:resourceowner`                   | By adding this scope: id, name and  primary_domain of the resource owner (the users organization) will be included in the token.                                                                                                                                                                |
+| `urn:zitadel:iam:user:resourceowner`              | `urn:zitadel:iam:user:resourceowner`                   | By adding this scope: id, name and primary_domain of the resource owner (the users organization) will be included in the token.                                                                                                                                              |
 | `urn:zitadel:iam:org:idp:id:{idp_id}`             | `urn:zitadel:iam:org:idp:id:76625965177954913`         | By adding this scope the user will directly be redirected to the identity provider to authenticate. Make sure you also send the primary domain scope if a custom login policy is configured. Otherwise the system will not be able to identify the identity provider.        |
-
-[^1]: `urn:zitadel:iam:org:roles:id:{orgID}` is not supported when the `oidcLegacyIntrospection` [feature flag](/docs/apis/resources/feature_service_v2/feature-service-set-instance-features) is enabled.
diff --git a/internal/api/grpc/feature/v2/converter.go b/internal/api/grpc/feature/v2/converter.go
index e146ac2db6..56d3009457 100644
--- a/internal/api/grpc/feature/v2/converter.go
+++ b/internal/api/grpc/feature/v2/converter.go
@@ -20,7 +20,6 @@ func systemFeaturesToCommand(req *feature_pb.SetSystemFeaturesRequest) (*command
 	return &command.SystemFeatures{
 		LoginDefaultOrg:                 req.LoginDefaultOrg,
 		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
-		LegacyIntrospection:             req.OidcLegacyIntrospection,
 		UserSchema:                      req.UserSchema,
 		TokenExchange:                   req.OidcTokenExchange,
 		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
@@ -37,7 +36,6 @@ func systemFeaturesToPb(f *query.SystemFeatures) *feature_pb.GetSystemFeaturesRe
 		Details:                             object.DomainToDetailsPb(f.Details),
 		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
 		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
-		OidcLegacyIntrospection:             featureSourceToFlagPb(&f.LegacyIntrospection),
 		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
 		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
 		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
@@ -57,7 +55,6 @@ func instanceFeaturesToCommand(req *feature_pb.SetInstanceFeaturesRequest) (*com
 	return &command.InstanceFeatures{
 		LoginDefaultOrg:                 req.LoginDefaultOrg,
 		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
-		LegacyIntrospection:             req.OidcLegacyIntrospection,
 		UserSchema:                      req.UserSchema,
 		TokenExchange:                   req.OidcTokenExchange,
 		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
@@ -77,7 +74,6 @@ func instanceFeaturesToPb(f *query.InstanceFeatures) *feature_pb.GetInstanceFeat
 		Details:                             object.DomainToDetailsPb(f.Details),
 		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
 		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
-		OidcLegacyIntrospection:             featureSourceToFlagPb(&f.LegacyIntrospection),
 		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
 		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
 		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
diff --git a/internal/api/grpc/feature/v2/converter_test.go b/internal/api/grpc/feature/v2/converter_test.go
index f481e4f65a..b77ed438f5 100644
--- a/internal/api/grpc/feature/v2/converter_test.go
+++ b/internal/api/grpc/feature/v2/converter_test.go
@@ -21,7 +21,6 @@ func Test_systemFeaturesToCommand(t *testing.T) {
 	arg := &feature_pb.SetSystemFeaturesRequest{
 		LoginDefaultOrg:                     gu.Ptr(true),
 		OidcTriggerIntrospectionProjections: gu.Ptr(false),
-		OidcLegacyIntrospection:             nil,
 		UserSchema:                          gu.Ptr(true),
 		OidcTokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:                 nil,
@@ -34,7 +33,6 @@ func Test_systemFeaturesToCommand(t *testing.T) {
 	want := &command.SystemFeatures{
 		LoginDefaultOrg:                 gu.Ptr(true),
 		TriggerIntrospectionProjections: gu.Ptr(false),
-		LegacyIntrospection:             nil,
 		UserSchema:                      gu.Ptr(true),
 		TokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:             nil,
@@ -64,10 +62,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Level: feature.LevelUnspecified,
 			Value: false,
 		},
-		LegacyIntrospection: query.FeatureSource[bool]{
-			Level: feature.LevelSystem,
-			Value: true,
-		},
 		UserSchema: query.FeatureSource[bool]{
 			Level: feature.LevelSystem,
 			Value: true,
@@ -114,10 +108,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Enabled: false,
 			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
 		},
-		OidcLegacyIntrospection: &feature_pb.FeatureFlag{
-			Enabled: true,
-			Source:  feature_pb.Source_SOURCE_SYSTEM,
-		},
 		UserSchema: &feature_pb.FeatureFlag{
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
@@ -160,7 +150,6 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 	arg := &feature_pb.SetInstanceFeaturesRequest{
 		LoginDefaultOrg:                     gu.Ptr(true),
 		OidcTriggerIntrospectionProjections: gu.Ptr(false),
-		OidcLegacyIntrospection:             nil,
 		UserSchema:                          gu.Ptr(true),
 		OidcTokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:                 nil,
@@ -177,7 +166,6 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 	want := &command.InstanceFeatures{
 		LoginDefaultOrg:                 gu.Ptr(true),
 		TriggerIntrospectionProjections: gu.Ptr(false),
-		LegacyIntrospection:             nil,
 		UserSchema:                      gu.Ptr(true),
 		TokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:             nil,
@@ -211,10 +199,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Level: feature.LevelUnspecified,
 			Value: false,
 		},
-		LegacyIntrospection: query.FeatureSource[bool]{
-			Level: feature.LevelInstance,
-			Value: true,
-		},
 		UserSchema: query.FeatureSource[bool]{
 			Level: feature.LevelInstance,
 			Value: true,
@@ -269,10 +253,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Enabled: false,
 			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
 		},
-		OidcLegacyIntrospection: &feature_pb.FeatureFlag{
-			Enabled: true,
-			Source:  feature_pb.Source_SOURCE_INSTANCE,
-		},
 		UserSchema: &feature_pb.FeatureFlag{
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_INSTANCE,
diff --git a/internal/api/grpc/feature/v2/integration_test/feature_test.go b/internal/api/grpc/feature/v2/integration_test/feature_test.go
index f27b57ff8c..fe09242429 100644
--- a/internal/api/grpc/feature/v2/integration_test/feature_test.go
+++ b/internal/api/grpc/feature/v2/integration_test/feature_test.go
@@ -209,7 +209,6 @@ func TestServer_GetSystemFeatures(t *testing.T) {
 			require.NoError(t, err)
 			assertFeatureFlag(t, tt.want.LoginDefaultOrg, got.LoginDefaultOrg)
 			assertFeatureFlag(t, tt.want.OidcTriggerIntrospectionProjections, got.OidcTriggerIntrospectionProjections)
-			assertFeatureFlag(t, tt.want.OidcLegacyIntrospection, got.OidcLegacyIntrospection)
 			assertFeatureFlag(t, tt.want.UserSchema, got.UserSchema)
 		})
 	}
@@ -321,7 +320,7 @@ func TestServer_ResetInstanceFeatures(t *testing.T) {
 
 func TestServer_GetInstanceFeatures(t *testing.T) {
 	_, err := Client.SetSystemFeatures(SystemCTX, &feature.SetSystemFeaturesRequest{
-		OidcLegacyIntrospection: gu.Ptr(true),
+		LoginDefaultOrg: gu.Ptr(true),
 	})
 	require.NoError(t, err)
 	t.Cleanup(func() {
@@ -358,17 +357,13 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 			},
 			want: &feature.GetInstanceFeaturesResponse{
 				LoginDefaultOrg: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
+					Enabled: true,
+					Source:  feature.Source_SOURCE_SYSTEM,
 				},
 				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
 				},
-				OidcLegacyIntrospection: &feature.FeatureFlag{
-					Enabled: true,
-					Source:  feature.Source_SOURCE_SYSTEM,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
@@ -427,10 +422,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
 				},
-				OidcLegacyIntrospection: &feature.FeatureFlag{
-					Enabled: true,
-					Source:  feature.Source_SOURCE_SYSTEM,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
@@ -456,7 +447,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 			require.NoError(t, err)
 			assertFeatureFlag(t, tt.want.LoginDefaultOrg, got.LoginDefaultOrg)
 			assertFeatureFlag(t, tt.want.OidcTriggerIntrospectionProjections, got.OidcTriggerIntrospectionProjections)
-			assertFeatureFlag(t, tt.want.OidcLegacyIntrospection, got.OidcLegacyIntrospection)
 			assertFeatureFlag(t, tt.want.UserSchema, got.UserSchema)
 		})
 	}
diff --git a/internal/api/grpc/feature/v2beta/converter.go b/internal/api/grpc/feature/v2beta/converter.go
index 9739e1c4c8..406146fdbe 100644
--- a/internal/api/grpc/feature/v2beta/converter.go
+++ b/internal/api/grpc/feature/v2beta/converter.go
@@ -12,7 +12,6 @@ func systemFeaturesToCommand(req *feature_pb.SetSystemFeaturesRequest) *command.
 	return &command.SystemFeatures{
 		LoginDefaultOrg:                 req.LoginDefaultOrg,
 		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
-		LegacyIntrospection:             req.OidcLegacyIntrospection,
 		UserSchema:                      req.UserSchema,
 		TokenExchange:                   req.OidcTokenExchange,
 		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
@@ -25,7 +24,6 @@ func systemFeaturesToPb(f *query.SystemFeatures) *feature_pb.GetSystemFeaturesRe
 		Details:                             object.DomainToDetailsPb(f.Details),
 		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
 		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
-		OidcLegacyIntrospection:             featureSourceToFlagPb(&f.LegacyIntrospection),
 		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
 		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
 		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
@@ -37,7 +35,6 @@ func instanceFeaturesToCommand(req *feature_pb.SetInstanceFeaturesRequest) *comm
 	return &command.InstanceFeatures{
 		LoginDefaultOrg:                 req.LoginDefaultOrg,
 		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
-		LegacyIntrospection:             req.OidcLegacyIntrospection,
 		UserSchema:                      req.UserSchema,
 		TokenExchange:                   req.OidcTokenExchange,
 		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
@@ -52,7 +49,6 @@ func instanceFeaturesToPb(f *query.InstanceFeatures) *feature_pb.GetInstanceFeat
 		Details:                             object.DomainToDetailsPb(f.Details),
 		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
 		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
-		OidcLegacyIntrospection:             featureSourceToFlagPb(&f.LegacyIntrospection),
 		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
 		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
 		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
diff --git a/internal/api/grpc/feature/v2beta/converter_test.go b/internal/api/grpc/feature/v2beta/converter_test.go
index 72d91b10d4..2395574733 100644
--- a/internal/api/grpc/feature/v2beta/converter_test.go
+++ b/internal/api/grpc/feature/v2beta/converter_test.go
@@ -20,7 +20,6 @@ func Test_systemFeaturesToCommand(t *testing.T) {
 	arg := &feature_pb.SetSystemFeaturesRequest{
 		LoginDefaultOrg:                     gu.Ptr(true),
 		OidcTriggerIntrospectionProjections: gu.Ptr(false),
-		OidcLegacyIntrospection:             nil,
 		UserSchema:                          gu.Ptr(true),
 		OidcTokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:                 nil,
@@ -29,7 +28,6 @@ func Test_systemFeaturesToCommand(t *testing.T) {
 	want := &command.SystemFeatures{
 		LoginDefaultOrg:                 gu.Ptr(true),
 		TriggerIntrospectionProjections: gu.Ptr(false),
-		LegacyIntrospection:             nil,
 		UserSchema:                      gu.Ptr(true),
 		TokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:             nil,
@@ -54,10 +52,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Level: feature.LevelUnspecified,
 			Value: false,
 		},
-		LegacyIntrospection: query.FeatureSource[bool]{
-			Level: feature.LevelSystem,
-			Value: true,
-		},
 		UserSchema: query.FeatureSource[bool]{
 			Level: feature.LevelSystem,
 			Value: true,
@@ -89,10 +83,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Enabled: false,
 			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
 		},
-		OidcLegacyIntrospection: &feature_pb.FeatureFlag{
-			Enabled: true,
-			Source:  feature_pb.Source_SOURCE_SYSTEM,
-		},
 		UserSchema: &feature_pb.FeatureFlag{
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
@@ -118,7 +108,6 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 	arg := &feature_pb.SetInstanceFeaturesRequest{
 		LoginDefaultOrg:                     gu.Ptr(true),
 		OidcTriggerIntrospectionProjections: gu.Ptr(false),
-		OidcLegacyIntrospection:             nil,
 		UserSchema:                          gu.Ptr(true),
 		OidcTokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:                 nil,
@@ -128,7 +117,6 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 	want := &command.InstanceFeatures{
 		LoginDefaultOrg:                 gu.Ptr(true),
 		TriggerIntrospectionProjections: gu.Ptr(false),
-		LegacyIntrospection:             nil,
 		UserSchema:                      gu.Ptr(true),
 		TokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:             nil,
@@ -154,10 +142,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Level: feature.LevelUnspecified,
 			Value: false,
 		},
-		LegacyIntrospection: query.FeatureSource[bool]{
-			Level: feature.LevelInstance,
-			Value: true,
-		},
 		UserSchema: query.FeatureSource[bool]{
 			Level: feature.LevelInstance,
 			Value: true,
@@ -193,10 +177,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Enabled: false,
 			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
 		},
-		OidcLegacyIntrospection: &feature_pb.FeatureFlag{
-			Enabled: true,
-			Source:  feature_pb.Source_SOURCE_INSTANCE,
-		},
 		UserSchema: &feature_pb.FeatureFlag{
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_INSTANCE,
diff --git a/internal/api/grpc/feature/v2beta/integration_test/feature_test.go b/internal/api/grpc/feature/v2beta/integration_test/feature_test.go
index cbd9f5f939..549bc4ef0a 100644
--- a/internal/api/grpc/feature/v2beta/integration_test/feature_test.go
+++ b/internal/api/grpc/feature/v2beta/integration_test/feature_test.go
@@ -194,10 +194,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
 				},
-				OidcLegacyIntrospection: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
@@ -256,10 +252,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
 				},
-				OidcLegacyIntrospection: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
@@ -285,7 +277,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 			require.NoError(t, err)
 			assertFeatureFlag(t, tt.want.LoginDefaultOrg, got.LoginDefaultOrg)
 			assertFeatureFlag(t, tt.want.OidcTriggerIntrospectionProjections, got.OidcTriggerIntrospectionProjections)
-			assertFeatureFlag(t, tt.want.OidcLegacyIntrospection, got.OidcLegacyIntrospection)
 			assertFeatureFlag(t, tt.want.UserSchema, got.UserSchema)
 		})
 	}
diff --git a/internal/api/oidc/auth_request.go b/internal/api/oidc/auth_request.go
index da0e084877..b29e157fc2 100644
--- a/internal/api/oidc/auth_request.go
+++ b/internal/api/oidc/auth_request.go
@@ -24,7 +24,6 @@ import (
 	"github.com/zitadel/zitadel/internal/domain/federatedlogout"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
-	"github.com/zitadel/zitadel/internal/user/model"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
@@ -216,11 +215,11 @@ func (o *OPStorage) SaveAuthCode(ctx context.Context, id, code string) (err erro
 	return o.repo.SaveAuthCode(ctx, id, code, userAgentID)
 }
 
-func (o *OPStorage) DeleteAuthRequest(ctx context.Context, id string) (err error) {
+func (o *OPStorage) DeleteAuthRequest(context.Context, string) error {
 	panic(o.panicErr("DeleteAuthRequest"))
 }
 
-func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest) (string, time.Time, error) {
+func (o *OPStorage) CreateAccessToken(context.Context, op.TokenRequest) (string, time.Time, error) {
 	panic(o.panicErr("CreateAccessToken"))
 }
 
@@ -492,34 +491,6 @@ func (o *OPStorage) GetRefreshTokenInfo(ctx context.Context, clientID string, to
 	return refreshToken.UserID, refreshToken.ID, nil
 }
 
-func (o *OPStorage) assertProjectRoleScopes(ctx context.Context, clientID string, scopes []string) ([]string, error) {
-	for _, scope := range scopes {
-		if strings.HasPrefix(scope, ScopeProjectRolePrefix) {
-			return scopes, nil
-		}
-	}
-
-	project, err := o.query.ProjectByOIDCClientID(ctx, clientID)
-	if err != nil {
-		return nil, zerrors.ThrowPreconditionFailed(nil, "OIDC-w4wIn", "Errors.Internal")
-	}
-	if !project.ProjectRoleAssertion {
-		return scopes, nil
-	}
-	projectIDQuery, err := query.NewProjectRoleProjectIDSearchQuery(project.ID)
-	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal")
-	}
-	roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, nil)
-	if err != nil {
-		return nil, err
-	}
-	for _, role := range roles.ProjectRoles {
-		scopes = append(scopes, ScopeProjectRolePrefix+role.Key)
-	}
-	return scopes, nil
-}
-
 func (o *OPStorage) assertProjectRoleScopesByProject(ctx context.Context, project *query.Project, scopes []string) ([]string, error) {
 	for _, scope := range scopes {
 		if strings.HasPrefix(scope, ScopeProjectRolePrefix) {
@@ -543,22 +514,6 @@ func (o *OPStorage) assertProjectRoleScopesByProject(ctx context.Context, projec
 	return scopes, nil
 }
 
-func (o *OPStorage) assertClientScopesForPAT(ctx context.Context, token *model.TokenView, clientID, projectID string) error {
-	token.Audience = append(token.Audience, clientID)
-	projectIDQuery, err := query.NewProjectRoleProjectIDSearchQuery(projectID)
-	if err != nil {
-		return zerrors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal")
-	}
-	roles, err := o.query.SearchProjectRoles(ctx, true, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, nil)
-	if err != nil {
-		return err
-	}
-	for _, role := range roles.ProjectRoles {
-		token.Scopes = append(token.Scopes, ScopeProjectRolePrefix+role.Key)
-	}
-	return nil
-}
-
 func setContextUserSystem(ctx context.Context) context.Context {
 	data := authz.CtxData{
 		UserID: "SYSTEM",
diff --git a/internal/api/oidc/client.go b/internal/api/oidc/client.go
index 08ed8c31b9..6a2639f213 100644
--- a/internal/api/oidc/client.go
+++ b/internal/api/oidc/client.go
@@ -2,25 +2,17 @@ package oidc
 
 import (
 	"context"
-	"encoding/base64"
 	"encoding/json"
-	"fmt"
 	"slices"
 	"strings"
 	"time"
 
-	"github.com/dop251/goja"
 	"github.com/go-jose/go-jose/v4"
-	"github.com/zitadel/logging"
 	"github.com/zitadel/oidc/v3/pkg/oidc"
 	"github.com/zitadel/oidc/v3/pkg/op"
 
 	"github.com/zitadel/zitadel/internal/actions"
-	"github.com/zitadel/zitadel/internal/actions/object"
 	"github.com/zitadel/zitadel/internal/api/authz"
-	api_http "github.com/zitadel/zitadel/internal/api/http"
-	"github.com/zitadel/zitadel/internal/command"
-	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
@@ -44,6 +36,9 @@ const (
 	oidcCtx = "oidc"
 )
 
+// GetClientByClientID implements the op.Storage interface to retrieve an OIDC client by its ID.
+//
+// TODO: Still used for Auth request creation for v1 login.
 func (o *OPStorage) GetClientByClientID(ctx context.Context, id string) (_ op.Client, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() {
@@ -57,819 +52,44 @@ func (o *OPStorage) GetClientByClientID(ctx context.Context, id string) (_ op.Cl
 	return ClientFromBusiness(client, o.defaultLoginURL, o.defaultLoginURLV2), nil
 }
 
-func (o *OPStorage) GetKeyByIDAndClientID(ctx context.Context, keyID, userID string) (_ *jose.JSONWebKey, err error) {
-	return o.GetKeyByIDAndIssuer(ctx, keyID, userID)
+func (o *OPStorage) GetKeyByIDAndClientID(context.Context, string, string) (*jose.JSONWebKey, error) {
+	panic(o.panicErr("GetKeyByIDAndClientID"))
 }
 
-func (o *OPStorage) GetKeyByIDAndIssuer(ctx context.Context, keyID, issuer string) (_ *jose.JSONWebKey, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() {
-		err = oidcError(err)
-		span.EndWithError(err)
-	}()
-	publicKeyData, err := o.query.GetAuthNKeyPublicKeyByIDAndIdentifier(ctx, keyID, issuer)
-	if err != nil {
-		return nil, err
-	}
-	publicKey, err := crypto.BytesToPublicKey(publicKeyData)
-	if err != nil {
-		return nil, err
-	}
-	return &jose.JSONWebKey{
-		KeyID: keyID,
-		Use:   "sig",
-		Key:   publicKey,
-	}, nil
+func (o *OPStorage) ValidateJWTProfileScopes(context.Context, string, []string) ([]string, error) {
+	panic(o.panicErr("ValidateJWTProfileScopes"))
 }
 
-func (o *OPStorage) ValidateJWTProfileScopes(ctx context.Context, subject string, scopes []string) (_ []string, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() {
-		err = oidcError(err)
-		span.EndWithError(err)
-	}()
-	user, err := o.query.GetUserByID(ctx, true, subject)
-	if err != nil {
-		return nil, err
-	}
-	return o.checkOrgScopes(ctx, user, scopes)
+func (o *OPStorage) AuthorizeClientIDSecret(context.Context, string, string) error {
+	panic(o.panicErr("AuthorizeClientIDSecret"))
 }
 
-func (o *OPStorage) AuthorizeClientIDSecret(ctx context.Context, id string, secret string) (err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() {
-		err = oidcError(err)
-		span.EndWithError(err)
-	}()
-	ctx = authz.SetCtxData(ctx, authz.CtxData{
-		UserID: oidcCtx,
-		OrgID:  oidcCtx,
-	})
-	app, err := o.query.AppByClientID(ctx, id)
-	if err != nil {
-		return err
-	}
-	if app.OIDCConfig != nil {
-		return o.command.VerifyOIDCClientSecret(ctx, app.ProjectID, app.ID, secret)
-	}
-	return o.command.VerifyAPIClientSecret(ctx, app.ProjectID, app.ID, secret)
+func (o *OPStorage) SetUserinfoFromToken(context.Context, *oidc.UserInfo, string, string, string) error {
+	panic(o.panicErr("SetUserinfoFromToken"))
 }
 
-func (o *OPStorage) SetUserinfoFromToken(ctx context.Context, userInfo *oidc.UserInfo, tokenID, subject, origin string) (err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() {
-		err = oidcError(err)
-		span.EndWithError(err)
-	}()
-
-	if strings.HasPrefix(tokenID, command.IDPrefixV2) {
-		token, err := o.query.ActiveAccessTokenByToken(ctx, tokenID)
-		if err != nil {
-			return err
-		}
-		if err = o.isOriginAllowed(ctx, token.ClientID, origin); err != nil {
-			return err
-		}
-		return o.setUserinfo(ctx, userInfo, token.UserID, token.ClientID, token.Scope, nil)
-	}
-
-	token, err := o.repo.TokenByIDs(ctx, subject, tokenID)
-	if err != nil {
-		return zerrors.ThrowPermissionDenied(nil, "OIDC-Dsfb2", "token is not valid or has expired")
-	}
-	if token.ApplicationID != "" {
-		if err = o.isOriginAllowed(ctx, token.ApplicationID, origin); err != nil {
-			return err
-		}
-	}
-	return o.setUserinfo(ctx, userInfo, token.UserID, token.ApplicationID, token.Scopes, nil)
+func (o *OPStorage) SetUserinfoFromScopes(context.Context, *oidc.UserInfo, string, string, []string) error {
+	panic(o.panicErr("SetUserinfoFromScopes"))
 }
 
-func (o *OPStorage) SetUserinfoFromScopes(ctx context.Context, userInfo *oidc.UserInfo, userID, applicationID string, scopes []string) (err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() {
-		err = oidcError(err)
-		span.EndWithError(err)
-	}()
-	if applicationID != "" {
-		app, err := o.query.AppByOIDCClientID(ctx, applicationID)
-		if err != nil {
-			return err
-		}
-		if app.OIDCConfig.AssertIDTokenRole {
-			scopes, err = o.assertProjectRoleScopes(ctx, applicationID, scopes)
-			if err != nil {
-				return zerrors.ThrowPreconditionFailed(err, "OIDC-Dfe2s", "Errors.Internal")
-			}
-		}
-	}
-	return o.setUserinfo(ctx, userInfo, userID, applicationID, scopes, nil)
+func (o *OPStorage) SetUserinfoFromRequest(context.Context, *oidc.UserInfo, op.IDTokenRequest, []string) error {
+	panic(o.panicErr("SetUserinfoFromRequest"))
 }
 
-// SetUserinfoFromRequest extends the SetUserinfoFromScopes during the id_token generation.
-// This is required for V2 tokens to be able to set the sessionID (`sid`) claim.
-func (o *OPStorage) SetUserinfoFromRequest(ctx context.Context, userinfo *oidc.UserInfo, request op.IDTokenRequest, _ []string) error {
-	switch t := request.(type) {
-	case *AuthRequestV2:
-		userinfo.AppendClaims("sid", t.SessionID)
-	case *RefreshTokenRequestV2:
-		userinfo.AppendClaims("sid", t.SessionID)
-	}
-	return nil
+func (o *OPStorage) SetIntrospectionFromToken(context.Context, *oidc.IntrospectionResponse, string, string, string) error {
+	panic(o.panicErr("SetIntrospectionFromToken"))
 }
 
-func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection *oidc.IntrospectionResponse, tokenID, subject, clientID string) (err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() {
-		err = oidcError(err)
-		span.EndWithError(err)
-	}()
-
-	if strings.HasPrefix(tokenID, command.IDPrefixV2) {
-		token, err := o.query.ActiveAccessTokenByToken(ctx, tokenID)
-		if err != nil {
-			return err
-		}
-		projectID, err := o.query.ProjectIDFromClientID(ctx, clientID)
-		if err != nil {
-			return zerrors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found")
-		}
-		return o.introspect(ctx, introspection,
-			tokenID, token.UserID, token.ClientID, clientID, projectID,
-			token.Audience, token.Scope,
-			token.AccessTokenCreation, token.AccessTokenExpiration)
-	}
-
-	token, err := o.repo.TokenByIDs(ctx, subject, tokenID)
-	if err != nil {
-		return zerrors.ThrowPermissionDenied(nil, "OIDC-Dsfb2", "token is not valid or has expired")
-	}
-	projectID, err := o.query.ProjectIDFromClientID(ctx, clientID)
-	if err != nil {
-		return zerrors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found")
-	}
-	if token.IsPAT {
-		err = o.assertClientScopesForPAT(ctx, token, clientID, projectID)
-		if err != nil {
-			return zerrors.ThrowPreconditionFailed(err, "OIDC-AGefw", "Errors.Internal")
-		}
-	}
-	return o.introspect(ctx, introspection,
-		token.ID, token.UserID, token.ApplicationID, clientID, projectID,
-		token.Audience, token.Scopes,
-		token.CreationDate, token.Expiration)
+func (o *OPStorage) ClientCredentialsTokenRequest(context.Context, string, []string) (op.TokenRequest, error) {
+	panic(o.panicErr("ClientCredentialsTokenRequest"))
 }
 
-func (o *OPStorage) ClientCredentialsTokenRequest(ctx context.Context, clientID string, scope []string) (_ op.TokenRequest, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() {
-		err = oidcError(err)
-		span.EndWithError(err)
-	}()
-	user, err := o.query.GetUserByLoginName(ctx, false, clientID)
-	if err != nil {
-		return nil, err
-	}
-	scope, err = o.checkOrgScopes(ctx, user, scope)
-	if err != nil {
-		return nil, err
-	}
-	audience := domain.AddAudScopeToAudience(ctx, nil, scope)
-	return &clientCredentialsRequest{
-		sub:      user.ID,
-		scopes:   scope,
-		audience: audience,
-	}, nil
-}
-
-// ClientCredentials method is kept to keep the storage interface implemented.
-// However, it should never be called as the VerifyClient method on the Server is overridden.
 func (o *OPStorage) ClientCredentials(context.Context, string, string) (op.Client, error) {
-	return nil, zerrors.ThrowInternal(nil, "OIDC-Su8So", "Errors.Internal")
+	panic(o.panicErr("ClientCredentials"))
 }
 
-// isOriginAllowed checks whether a call by the client to the endpoint is allowed from the provided origin
-// if no origin is provided, no error will be returned
-func (o *OPStorage) isOriginAllowed(ctx context.Context, clientID, origin string) error {
-	if origin == "" {
-		return nil
-	}
-	app, err := o.query.AppByOIDCClientID(ctx, clientID)
-	if err != nil {
-		return err
-	}
-	if api_http.IsOriginAllowed(app.OIDCConfig.AllowedOrigins, origin) {
-		return nil
-	}
-	return zerrors.ThrowPermissionDenied(nil, "OIDC-da1f3", "origin is not allowed")
-}
-
-func (o *OPStorage) introspect(
-	ctx context.Context,
-	introspection *oidc.IntrospectionResponse,
-	tokenID, subject, tokenClientID, introspectionClientID, introspectionProjectID string,
-	audience, scope []string,
-	tokenCreation, tokenExpiration time.Time,
-) (err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-
-	for _, aud := range audience {
-		if aud == introspectionClientID || aud == introspectionProjectID {
-			userInfo := new(oidc.UserInfo)
-			err = o.setUserinfo(ctx, userInfo, subject, introspectionClientID, scope, []string{introspectionProjectID})
-			if err != nil {
-				return err
-			}
-			introspection.SetUserInfo(userInfo)
-			introspection.Scope = scope
-			introspection.ClientID = tokenClientID
-			introspection.TokenType = oidc.BearerToken
-			introspection.Expiration = oidc.FromTime(tokenExpiration)
-			introspection.IssuedAt = oidc.FromTime(tokenCreation)
-			introspection.NotBefore = oidc.FromTime(tokenCreation)
-			introspection.Audience = audience
-			introspection.Issuer = op.IssuerFromContext(ctx)
-			introspection.JWTID = tokenID
-			return nil
-		}
-	}
-	return zerrors.ThrowPermissionDenied(nil, "OIDC-sdg3G", "token is not valid for this client")
-}
-
-func (o *OPStorage) checkOrgScopes(ctx context.Context, user *query.User, scopes []string) ([]string, error) {
-	for i := len(scopes) - 1; i >= 0; i-- {
-		scope := scopes[i]
-		if strings.HasPrefix(scope, domain.OrgDomainPrimaryScope) {
-			var orgID string
-			org, err := o.query.OrgByPrimaryDomain(ctx, strings.TrimPrefix(scope, domain.OrgDomainPrimaryScope))
-			if err == nil {
-				orgID = org.ID
-			}
-			if orgID != user.ResourceOwner {
-				scopes[i] = scopes[len(scopes)-1]
-				scopes[len(scopes)-1] = ""
-				scopes = scopes[:len(scopes)-1]
-			}
-		}
-		if strings.HasPrefix(scope, domain.OrgIDScope) {
-			if strings.TrimPrefix(scope, domain.OrgIDScope) != user.ResourceOwner {
-				scopes[i] = scopes[len(scopes)-1]
-				scopes[len(scopes)-1] = ""
-				scopes = scopes[:len(scopes)-1]
-			}
-		}
-	}
-	return scopes, nil
-}
-
-func (o *OPStorage) setUserinfo(ctx context.Context, userInfo *oidc.UserInfo, userID, applicationID string, scopes []string, roleAudience []string) (err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-	user, err := o.query.GetUserByID(ctx, true, userID)
-	if err != nil {
-		return err
-	}
-	if user.State != domain.UserStateActive {
-		return zerrors.ThrowUnauthenticated(nil, "OIDC-S3tha", "Errors.Users.NotActive")
-	}
-	var allRoles bool
-	roles := make([]string, 0)
-	for _, scope := range scopes {
-		switch scope {
-		case oidc.ScopeOpenID:
-			userInfo.Subject = user.ID
-		case oidc.ScopeEmail:
-			setUserInfoEmail(userInfo, user)
-		case oidc.ScopeProfile:
-			o.setUserInfoProfile(ctx, userInfo, user)
-		case oidc.ScopePhone:
-			setUserInfoPhone(userInfo, user)
-		case oidc.ScopeAddress:
-			//TODO: handle address for human users as soon as implemented
-		case ScopeUserMetaData:
-			if err := o.setUserInfoMetadata(ctx, userInfo, userID); err != nil {
-				return err
-			}
-		case ScopeResourceOwner:
-			if err := o.setUserInfoResourceOwner(ctx, userInfo, userID); err != nil {
-				return err
-			}
-		case ScopeProjectsRoles:
-			allRoles = true
-		default:
-			if strings.HasPrefix(scope, ScopeProjectRolePrefix) {
-				roles = append(roles, strings.TrimPrefix(scope, ScopeProjectRolePrefix))
-			}
-			if strings.HasPrefix(scope, domain.OrgDomainPrimaryScope) {
-				userInfo.AppendClaims(domain.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, domain.OrgDomainPrimaryScope))
-			}
-			if strings.HasPrefix(scope, domain.OrgIDScope) {
-				userInfo.AppendClaims(domain.OrgIDClaim, strings.TrimPrefix(scope, domain.OrgIDScope))
-				if err := o.setUserInfoResourceOwner(ctx, userInfo, userID); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	// if all roles are requested take the audience for those from the scopes
-	if allRoles && len(roleAudience) == 0 {
-		roleAudience = domain.AddAudScopeToAudience(ctx, roleAudience, scopes)
-	}
-
-	userGrants, projectRoles, err := o.assertRoles(ctx, userID, applicationID, roles, roleAudience)
-	if err != nil {
-		return err
-	}
-	o.setUserInfoRoleClaims(userInfo, projectRoles)
-
-	return o.userinfoFlows(ctx, user, userGrants, userInfo)
-}
-
-func (o *OPStorage) setUserInfoProfile(ctx context.Context, userInfo *oidc.UserInfo, user *query.User) {
-	userInfo.PreferredUsername = user.PreferredLoginName
-	userInfo.UpdatedAt = oidc.FromTime(user.ChangeDate)
-	if user.Machine != nil {
-		userInfo.Name = user.Machine.Name
-		return
-	}
-	userInfo.Name = user.Human.DisplayName
-	userInfo.FamilyName = user.Human.LastName
-	userInfo.GivenName = user.Human.FirstName
-	userInfo.Nickname = user.Human.NickName
-	userInfo.Gender = getGender(user.Human.Gender)
-	userInfo.Locale = oidc.NewLocale(user.Human.PreferredLanguage)
-	userInfo.Picture = domain.AvatarURL(o.assetAPIPrefix(ctx), user.ResourceOwner, user.Human.AvatarKey)
-}
-
-func setUserInfoEmail(userInfo *oidc.UserInfo, user *query.User) {
-	if user.Human == nil {
-		return
-	}
-	userInfo.UserInfoEmail = oidc.UserInfoEmail{
-		Email:         string(user.Human.Email),
-		EmailVerified: oidc.Bool(user.Human.IsEmailVerified)}
-}
-
-func setUserInfoPhone(userInfo *oidc.UserInfo, user *query.User) {
-	if user.Human == nil {
-		return
-	}
-	userInfo.UserInfoPhone = oidc.UserInfoPhone{
-		PhoneNumber:         string(user.Human.Phone),
-		PhoneNumberVerified: user.Human.IsPhoneVerified,
-	}
-}
-
-func (o *OPStorage) setUserInfoMetadata(ctx context.Context, userInfo *oidc.UserInfo, userID string) error {
-	userMetaData, err := o.assertUserMetaData(ctx, userID)
-	if err != nil {
-		return err
-	}
-	if len(userMetaData) > 0 {
-		userInfo.AppendClaims(ClaimUserMetaData, userMetaData)
-	}
-	return nil
-}
-
-func (o *OPStorage) setUserInfoResourceOwner(ctx context.Context, userInfo *oidc.UserInfo, userID string) error {
-	resourceOwnerClaims, err := o.assertUserResourceOwner(ctx, userID)
-	if err != nil {
-		return err
-	}
-	for claim, value := range resourceOwnerClaims {
-		userInfo.AppendClaims(claim, value)
-	}
-	return nil
-}
-
-func (o *OPStorage) setUserInfoRoleClaims(userInfo *oidc.UserInfo, roles *projectsRoles) {
-	if roles != nil && len(roles.projects) > 0 {
-		if roles, ok := roles.projects[roles.requestProjectID]; ok {
-			userInfo.AppendClaims(ClaimProjectRoles, roles)
-		}
-		for projectID, roles := range roles.projects {
-			userInfo.AppendClaims(fmt.Sprintf(ClaimProjectRolesFormat, projectID), roles)
-		}
-	}
-}
-
-func (o *OPStorage) userinfoFlows(ctx context.Context, user *query.User, userGrants *query.UserGrants, userInfo *oidc.UserInfo) error {
-	queriedActions, err := o.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeCustomiseToken, domain.TriggerTypePreUserinfoCreation, user.ResourceOwner)
-	if err != nil {
-		return err
-	}
-
-	ctxFields := actions.SetContextFields(
-		actions.SetFields("v1",
-			actions.SetFields("claims", userinfoClaims(userInfo)),
-			actions.SetFields("getUser", func(c *actions.FieldConfig) interface{} {
-				return func(call goja.FunctionCall) goja.Value {
-					return object.UserFromQuery(c, user)
-				}
-			}),
-			actions.SetFields("user",
-				actions.SetFields("getMetadata", func(c *actions.FieldConfig) interface{} {
-					return func(goja.FunctionCall) goja.Value {
-						resourceOwnerQuery, err := query.NewUserMetadataResourceOwnerSearchQuery(user.ResourceOwner)
-						if err != nil {
-							logging.WithError(err).Debug("unable to create search query")
-							panic(err)
-						}
-						metadata, err := o.query.SearchUserMetadata(
-							ctx,
-							true,
-							userInfo.Subject,
-							&query.UserMetadataSearchQueries{Queries: []query.SearchQuery{resourceOwnerQuery}},
-							false,
-						)
-						if err != nil {
-							logging.WithError(err).Info("unable to get md in action")
-							panic(err)
-						}
-						return object.UserMetadataListFromQuery(c, metadata)
-					}
-				}),
-				actions.SetFields("grants",
-					func(c *actions.FieldConfig) interface{} {
-						return object.UserGrantsFromQuery(ctx, o.query, c, userGrants)
-					},
-				),
-			),
-			actions.SetFields("org",
-				actions.SetFields("getMetadata", func(c *actions.FieldConfig) interface{} {
-					return func(goja.FunctionCall) goja.Value {
-						return object.GetOrganizationMetadata(ctx, o.query, c, user.ResourceOwner)
-					}
-				}),
-			),
-		),
-	)
-
-	for _, action := range queriedActions {
-		actionCtx, cancel := context.WithTimeout(ctx, action.Timeout())
-		claimLogs := []string{}
-
-		apiFields := actions.WithAPIFields(
-			actions.SetFields("v1",
-				actions.SetFields("userinfo",
-					actions.SetFields("setClaim", func(key string, value interface{}) {
-						if strings.HasPrefix(key, ClaimPrefix) {
-							return
-						}
-						if userInfo.Claims[key] == nil {
-							userInfo.AppendClaims(key, value)
-							return
-						}
-						claimLogs = append(claimLogs, fmt.Sprintf("key %q already exists", key))
-					}),
-					actions.SetFields("appendLogIntoClaims", func(entry string) {
-						claimLogs = append(claimLogs, entry)
-					}),
-				),
-				actions.SetFields("claims",
-					actions.SetFields("setClaim", func(key string, value interface{}) {
-						if strings.HasPrefix(key, ClaimPrefix) {
-							return
-						}
-						if userInfo.Claims[key] == nil {
-							userInfo.AppendClaims(key, value)
-							return
-						}
-						claimLogs = append(claimLogs, fmt.Sprintf("key %q already exists", key))
-					}),
-					actions.SetFields("appendLogIntoClaims", func(entry string) {
-						claimLogs = append(claimLogs, entry)
-					}),
-				),
-				actions.SetFields("user",
-					actions.SetFields("setMetadata", func(call goja.FunctionCall) goja.Value {
-						if len(call.Arguments) != 2 {
-							panic("exactly 2 (key, value) arguments expected")
-						}
-						key := call.Arguments[0].Export().(string)
-						val := call.Arguments[1].Export()
-
-						value, err := json.Marshal(val)
-						if err != nil {
-							logging.WithError(err).Debug("unable to marshal")
-							panic(err)
-						}
-
-						metadata := &domain.Metadata{
-							Key:   key,
-							Value: value,
-						}
-						if _, err = o.command.SetUserMetadata(ctx, metadata, userInfo.Subject, user.ResourceOwner); err != nil {
-							logging.WithError(err).Info("unable to set md in action")
-							panic(err)
-						}
-						return nil
-					}),
-				),
-			),
-		)
-
-		err = actions.Run(
-			actionCtx,
-			ctxFields,
-			apiFields,
-			action.Script,
-			action.Name,
-			append(actions.ActionToOptions(action), actions.WithHTTP(actionCtx), actions.WithUUID(actionCtx))...,
-		)
-		cancel()
-		if err != nil {
-			return err
-		}
-		if len(claimLogs) > 0 {
-			userInfo.AppendClaims(fmt.Sprintf(ClaimActionLogFormat, action.Name), claimLogs)
-		}
-	}
-
-	return nil
-}
-
-func (o *OPStorage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clientID string, scopes []string) (claims map[string]interface{}, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() {
-		err = oidcError(err)
-		span.EndWithError(err)
-	}()
-
-	roles := make([]string, 0)
-	var allRoles bool
-	for _, scope := range scopes {
-		switch scope {
-		case ScopeUserMetaData:
-			userMetaData, err := o.assertUserMetaData(ctx, userID)
-			if err != nil {
-				return nil, err
-			}
-			if len(userMetaData) > 0 {
-				claims = appendClaim(claims, ClaimUserMetaData, userMetaData)
-			}
-		case ScopeResourceOwner:
-			resourceOwnerClaims, err := o.assertUserResourceOwner(ctx, userID)
-			if err != nil {
-				return nil, err
-			}
-			for claim, value := range resourceOwnerClaims {
-				claims = appendClaim(claims, claim, value)
-			}
-		case ScopeProjectsRoles:
-			allRoles = true
-		}
-		if strings.HasPrefix(scope, ScopeProjectRolePrefix) {
-			roles = append(roles, strings.TrimPrefix(scope, ScopeProjectRolePrefix))
-		}
-		if strings.HasPrefix(scope, domain.OrgDomainPrimaryScope) {
-			claims = appendClaim(claims, domain.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, domain.OrgDomainPrimaryScope))
-		}
-		if strings.HasPrefix(scope, domain.OrgIDScope) {
-			claims = appendClaim(claims, domain.OrgIDClaim, strings.TrimPrefix(scope, domain.OrgIDScope))
-			resourceOwnerClaims, err := o.assertUserResourceOwner(ctx, userID)
-			if err != nil {
-				return nil, err
-			}
-			for claim, value := range resourceOwnerClaims {
-				claims = appendClaim(claims, claim, value)
-			}
-		}
-	}
-
-	// If requested, use the audience as context for the roles,
-	// otherwise the project itself will be used
-	var roleAudience []string
-	if allRoles {
-		roleAudience = domain.AddAudScopeToAudience(ctx, roleAudience, scopes)
-	}
-
-	userGrants, projectRoles, err := o.assertRoles(ctx, userID, clientID, roles, roleAudience)
-	if err != nil {
-		return nil, err
-	}
-
-	if projectRoles != nil && len(projectRoles.projects) > 0 {
-		if roles, ok := projectRoles.projects[projectRoles.requestProjectID]; ok {
-			claims = appendClaim(claims, ClaimProjectRoles, roles)
-		}
-		for projectID, roles := range projectRoles.projects {
-			claims = appendClaim(claims, fmt.Sprintf(ClaimProjectRolesFormat, projectID), roles)
-		}
-	}
-
-	return o.privateClaimsFlows(ctx, userID, userGrants, claims)
-}
-
-func (o *OPStorage) privateClaimsFlows(ctx context.Context, userID string, userGrants *query.UserGrants, claims map[string]interface{}) (map[string]interface{}, error) {
-	user, err := o.query.GetUserByID(ctx, true, userID)
-	if err != nil {
-		return nil, err
-	}
-	queriedActions, err := o.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeCustomiseToken, domain.TriggerTypePreAccessTokenCreation, user.ResourceOwner)
-	if err != nil {
-		return nil, err
-	}
-
-	ctxFields := actions.SetContextFields(
-		actions.SetFields("v1",
-			actions.SetFields("claims", func(c *actions.FieldConfig) interface{} {
-				return c.Runtime.ToValue(claims)
-			}),
-			actions.SetFields("getUser", func(c *actions.FieldConfig) interface{} {
-				return func(call goja.FunctionCall) goja.Value {
-					return object.UserFromQuery(c, user)
-				}
-			}),
-			actions.SetFields("user",
-				actions.SetFields("getMetadata", func(c *actions.FieldConfig) interface{} {
-					return func(goja.FunctionCall) goja.Value {
-						resourceOwnerQuery, err := query.NewUserMetadataResourceOwnerSearchQuery(user.ResourceOwner)
-						if err != nil {
-							logging.WithError(err).Debug("unable to create search query")
-							panic(err)
-						}
-						metadata, err := o.query.SearchUserMetadata(
-							ctx,
-							true,
-							userID,
-							&query.UserMetadataSearchQueries{Queries: []query.SearchQuery{resourceOwnerQuery}},
-							false,
-						)
-						if err != nil {
-							logging.WithError(err).Info("unable to get md in action")
-							panic(err)
-						}
-						return object.UserMetadataListFromQuery(c, metadata)
-					}
-				}),
-				actions.SetFields("grants", func(c *actions.FieldConfig) interface{} {
-					return object.UserGrantsFromQuery(ctx, o.query, c, userGrants)
-				}),
-			),
-			actions.SetFields("org",
-				actions.SetFields("getMetadata", func(c *actions.FieldConfig) interface{} {
-					return func(goja.FunctionCall) goja.Value {
-						return object.GetOrganizationMetadata(ctx, o.query, c, user.ResourceOwner)
-					}
-				}),
-			),
-		),
-	)
-
-	for _, action := range queriedActions {
-		claimLogs := []string{}
-		actionCtx, cancel := context.WithTimeout(ctx, action.Timeout())
-
-		apiFields := actions.WithAPIFields(
-			actions.SetFields("v1",
-				actions.SetFields("claims",
-					actions.SetFields("setClaim", func(key string, value interface{}) {
-						if strings.HasPrefix(key, ClaimPrefix) {
-							return
-						}
-						if _, ok := claims[key]; !ok {
-							claims = appendClaim(claims, key, value)
-							return
-						}
-						claimLogs = append(claimLogs, fmt.Sprintf("key %q already exists", key))
-					}),
-					actions.SetFields("appendLogIntoClaims", func(entry string) {
-						claimLogs = append(claimLogs, entry)
-					}),
-				),
-				actions.SetFields("user",
-					actions.SetFields("setMetadata", func(call goja.FunctionCall) goja.Value {
-						if len(call.Arguments) != 2 {
-							panic("exactly 2 (key, value) arguments expected")
-						}
-						key := call.Arguments[0].Export().(string)
-						val := call.Arguments[1].Export()
-
-						value, err := json.Marshal(val)
-						if err != nil {
-							logging.WithError(err).Debug("unable to marshal")
-							panic(err)
-						}
-
-						metadata := &domain.Metadata{
-							Key:   key,
-							Value: value,
-						}
-						if _, err = o.command.SetUserMetadata(ctx, metadata, userID, user.ResourceOwner); err != nil {
-							logging.WithError(err).Info("unable to set md in action")
-							panic(err)
-						}
-						return nil
-					}),
-				),
-			),
-		)
-
-		err = actions.Run(
-			actionCtx,
-			ctxFields,
-			apiFields,
-			action.Script,
-			action.Name,
-			append(actions.ActionToOptions(action), actions.WithHTTP(actionCtx), actions.WithUUID(actionCtx))...,
-		)
-		cancel()
-		if err != nil {
-			return nil, err
-		}
-		if len(claimLogs) > 0 {
-			claims = appendClaim(claims, fmt.Sprintf(ClaimActionLogFormat, action.Name), claimLogs)
-			claimLogs = nil
-		}
-	}
-
-	return claims, nil
-}
-
-func (o *OPStorage) assertRoles(ctx context.Context, userID, applicationID string, requestedRoles, roleAudience []string) (*query.UserGrants, *projectsRoles, error) {
-	if (applicationID == "" || len(requestedRoles) == 0) && len(roleAudience) == 0 {
-		return nil, nil, nil
-	}
-	projectID, err := o.query.ProjectIDFromClientID(ctx, applicationID)
-	// applicationID might contain a username (e.g. client credentials) -> ignore the not found
-	if err != nil && !zerrors.IsNotFound(err) {
-		return nil, nil, err
-	}
-	// ensure the projectID of the requesting is part of the roleAudience
-	if projectID != "" {
-		roleAudience = append(roleAudience, projectID)
-	}
-	projectQuery, err := query.NewUserGrantProjectIDsSearchQuery(roleAudience)
-	if err != nil {
-		return nil, nil, err
-	}
-	userIDQuery, err := query.NewUserGrantUserIDSearchQuery(userID)
-	if err != nil {
-		return nil, nil, err
-	}
-	activeQuery, err := query.NewUserGrantStateQuery(domain.UserGrantStateActive)
-	if err != nil {
-		return nil, nil, err
-	}
-	grants, err := o.query.UserGrants(ctx, &query.UserGrantsQueries{
-		Queries: []query.SearchQuery{
-			projectQuery,
-			userIDQuery,
-			activeQuery,
-		},
-	}, true)
-	if err != nil {
-		return nil, nil, err
-	}
-	roles := new(projectsRoles)
-	// if specific roles where requested, check if they are granted and append them in the roles list
-	if len(requestedRoles) > 0 {
-		for _, requestedRole := range requestedRoles {
-			for _, grant := range grants.UserGrants {
-				checkGrantedRoles(roles, *grant, requestedRole, grant.ProjectID == projectID)
-			}
-		}
-		return grants, roles, nil
-	}
-	// no specific roles were requested, so convert any grants into roles
-	for _, grant := range grants.UserGrants {
-		for _, role := range grant.Roles {
-			roles.Add(grant.ProjectID, role, grant.ResourceOwner, grant.OrgPrimaryDomain, grant.ProjectID == projectID)
-		}
-	}
-	return grants, roles, nil
-}
-
-func (o *OPStorage) assertUserMetaData(ctx context.Context, userID string) (map[string]string, error) {
-	metaData, err := o.query.SearchUserMetadata(ctx, true, userID, &query.UserMetadataSearchQueries{}, false)
-	if err != nil {
-		return nil, err
-	}
-
-	userMetaData := make(map[string]string)
-	for _, md := range metaData.Metadata {
-		userMetaData[md.Key] = base64.RawURLEncoding.EncodeToString(md.Value)
-	}
-	return userMetaData, nil
-}
-
-func (o *OPStorage) assertUserResourceOwner(ctx context.Context, userID string) (map[string]string, error) {
-	user, err := o.query.GetUserByID(ctx, true, userID)
-	if err != nil {
-		return nil, err
-	}
-	resourceOwner, err := o.query.OrgByID(ctx, true, user.ResourceOwner)
-	if err != nil {
-		return nil, err
-	}
-	return map[string]string{
-		ClaimResourceOwnerID:            resourceOwner.ID,
-		ClaimResourceOwnerName:          resourceOwner.Name,
-		ClaimResourceOwnerPrimaryDomain: resourceOwner.Domain,
-	}, nil
+func (o *OPStorage) GetPrivateClaimsFromScopes(context.Context, string, string, []string) (map[string]interface{}, error) {
+	panic(o.panicErr("GetPrivateClaimsFromScopes"))
 }
 
 func checkGrantedRoles(roles *projectsRoles, grant query.UserGrant, requestedRole string, isRequested bool) {
@@ -946,14 +166,6 @@ func getGender(gender domain.Gender) oidc.Gender {
 	return ""
 }
 
-func appendClaim(claims map[string]interface{}, claim string, value interface{}) map[string]interface{} {
-	if claims == nil {
-		claims = make(map[string]interface{})
-	}
-	claims[claim] = value
-	return claims
-}
-
 func userinfoClaims(userInfo *oidc.UserInfo) func(c *actions.FieldConfig) interface{} {
 	return func(c *actions.FieldConfig) interface{} {
 		marshalled, err := json.Marshal(userInfo)
diff --git a/internal/api/oidc/client_credentials.go b/internal/api/oidc/client_credentials.go
index 9087360452..c86f5da9ae 100644
--- a/internal/api/oidc/client_credentials.go
+++ b/internal/api/oidc/client_credentials.go
@@ -14,27 +14,6 @@ import (
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
-type clientCredentialsRequest struct {
-	sub      string
-	audience []string
-	scopes   []string
-}
-
-// GetSubject returns the subject for token to be created because of the client credentials request
-// the subject will be the id of the service user
-func (c *clientCredentialsRequest) GetSubject() string {
-	return c.sub
-}
-
-// GetAudience returns the audience for token to be created because of the client credentials request
-func (c *clientCredentialsRequest) GetAudience() []string {
-	return c.audience
-}
-
-func (c *clientCredentialsRequest) GetScopes() []string {
-	return c.scopes
-}
-
 func (s *Server) clientCredentialsAuth(ctx context.Context, clientID, clientSecret string) (op.Client, error) {
 	user, err := s.query.GetUserByLoginName(ctx, false, clientID)
 	if zerrors.IsNotFound(err) {
diff --git a/internal/api/oidc/device_auth.go b/internal/api/oidc/device_auth.go
index a10cba499d..8912ad1736 100644
--- a/internal/api/oidc/device_auth.go
+++ b/internal/api/oidc/device_auth.go
@@ -88,6 +88,6 @@ func (o *OPStorage) StoreDeviceAuthorization(ctx context.Context, clientID, devi
 	return err
 }
 
-func (o *OPStorage) GetDeviceAuthorizatonState(ctx context.Context, _, deviceCode string) (state *op.DeviceAuthorizationState, err error) {
-	return nil, nil
+func (o *OPStorage) GetDeviceAuthorizatonState(context.Context, string, string) (*op.DeviceAuthorizationState, error) {
+	panic(o.panicErr("GetDeviceAuthorizatonState"))
 }
diff --git a/internal/api/oidc/integration_test/token_exchange_test.go b/internal/api/oidc/integration_test/token_exchange_test.go
index dcd2d61669..56a50a7c96 100644
--- a/internal/api/oidc/integration_test/token_exchange_test.go
+++ b/internal/api/oidc/integration_test/token_exchange_test.go
@@ -52,13 +52,6 @@ func setTokenExchangeFeature(t *testing.T, instance *integration.Instance, value
 	time.Sleep(time.Second)
 }
 
-func resetFeatures(t *testing.T, instance *integration.Instance) {
-	iamCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
-	_, err := instance.Client.FeatureV2.ResetInstanceFeatures(iamCTX, &feature.ResetInstanceFeaturesRequest{})
-	require.NoError(t, err)
-	time.Sleep(time.Second)
-}
-
 func setImpersonationPolicy(t *testing.T, instance *integration.Instance, value bool) {
 	iamCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 
diff --git a/internal/api/oidc/integration_test/userinfo_test.go b/internal/api/oidc/integration_test/userinfo_test.go
index d4aded0b48..bf201b242e 100644
--- a/internal/api/oidc/integration_test/userinfo_test.go
+++ b/internal/api/oidc/integration_test/userinfo_test.go
@@ -34,22 +34,11 @@ func TestServer_UserInfo(t *testing.T) {
 	})
 	tests := []struct {
 		name    string
-		legacy  bool
 		trigger bool
 		webKey  bool
 	}{
 		{
-			name:   "legacy enabled",
-			legacy: true,
-		},
-		{
-			name:    "legacy disabled, trigger disabled",
-			legacy:  false,
-			trigger: false,
-		},
-		{
-			name:    "legacy disabled, trigger enabled",
-			legacy:  false,
+			name:    "trigger enabled",
 			trigger: true,
 		},
 
@@ -59,7 +48,6 @@ func TestServer_UserInfo(t *testing.T) {
 		// - By calling userinfo with the access token as JWT, the Token Verifier with the public key cache is tested.
 		{
 			name:    "web keys",
-			legacy:  false,
 			trigger: false,
 			webKey:  true,
 		},
@@ -68,7 +56,6 @@ func TestServer_UserInfo(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			_, err := Instance.Client.FeatureV2.SetInstanceFeatures(iamOwnerCTX, &feature.SetInstanceFeaturesRequest{
-				OidcLegacyIntrospection:             &tt.legacy,
 				OidcTriggerIntrospectionProjections: &tt.trigger,
 				WebKey:                              &tt.webKey,
 			})
diff --git a/internal/api/oidc/introspect.go b/internal/api/oidc/introspect.go
index c028013d6a..ee022eb3e9 100644
--- a/internal/api/oidc/introspect.go
+++ b/internal/api/oidc/introspect.go
@@ -25,9 +25,6 @@ func (s *Server) Introspect(ctx context.Context, r *op.Request[op.IntrospectionR
 	}()
 
 	features := authz.GetFeatures(ctx)
-	if features.LegacyIntrospection {
-		return s.LegacyServer.Introspect(ctx, r)
-	}
 	if features.TriggerIntrospectionProjections {
 		query.TriggerIntrospectionProjections(ctx)
 	}
diff --git a/internal/api/oidc/jwt-profile.go b/internal/api/oidc/jwt-profile.go
index fe668b5a8a..d230f58b5b 100644
--- a/internal/api/oidc/jwt-profile.go
+++ b/internal/api/oidc/jwt-profile.go
@@ -3,38 +3,9 @@ package oidc
 import (
 	"context"
 
-	"github.com/zitadel/oidc/v3/pkg/oidc"
 	"github.com/zitadel/oidc/v3/pkg/op"
-
-	"github.com/zitadel/zitadel/internal/domain"
-	"github.com/zitadel/zitadel/internal/telemetry/tracing"
-	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
-func (o *OPStorage) JWTProfileTokenType(ctx context.Context, request op.TokenRequest) (_ op.AccessTokenType, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() {
-		err = oidcError(err)
-		span.EndWithError(err)
-	}()
-
-	mapJWTProfileScopesToAudience(ctx, request)
-	user, err := o.query.GetUserByID(ctx, false, request.GetSubject())
-	if err != nil {
-		return 0, err
-	}
-	// the user should always be a machine, but let's just be sure
-	if user.Machine == nil {
-		return 0, zerrors.ThrowInvalidArgument(nil, "OIDC-jk26S", "invalid client type")
-	}
-	return accessTokenTypeToOIDC(user.Machine.AccessTokenType), nil
-}
-
-func mapJWTProfileScopesToAudience(ctx context.Context, request op.TokenRequest) {
-	// the request should always be a JWTTokenRequest, but let's make sure
-	jwt, ok := request.(*oidc.JWTTokenRequest)
-	if !ok {
-		return
-	}
-	jwt.Audience = domain.AddAudScopeToAudience(ctx, jwt.Audience, jwt.Scopes)
+func (o *OPStorage) JWTProfileTokenType(context.Context, op.TokenRequest) (op.AccessTokenType, error) {
+	panic(o.panicErr("JWTProfileTokenType"))
 }
diff --git a/internal/api/oidc/userinfo.go b/internal/api/oidc/userinfo.go
index 61f03b6d0f..5266500e7a 100644
--- a/internal/api/oidc/userinfo.go
+++ b/internal/api/oidc/userinfo.go
@@ -35,9 +35,6 @@ func (s *Server) UserInfo(ctx context.Context, r *op.Request[oidc.UserInfoReques
 	}()
 
 	features := authz.GetFeatures(ctx)
-	if features.LegacyIntrospection {
-		return s.LegacyServer.UserInfo(ctx, r)
-	}
 	if features.TriggerIntrospectionProjections {
 		query.TriggerOIDCUserInfoProjections(ctx)
 	}
diff --git a/internal/command/instance_features.go b/internal/command/instance_features.go
index cb12bff828..4d35d5a318 100644
--- a/internal/command/instance_features.go
+++ b/internal/command/instance_features.go
@@ -18,7 +18,6 @@ import (
 type InstanceFeatures struct {
 	LoginDefaultOrg                 *bool
 	TriggerIntrospectionProjections *bool
-	LegacyIntrospection             *bool
 	UserSchema                      *bool
 	TokenExchange                   *bool
 	ImprovedPerformance             []feature.ImprovedPerformanceType
@@ -35,7 +34,6 @@ type InstanceFeatures struct {
 func (m *InstanceFeatures) isEmpty() bool {
 	return m.LoginDefaultOrg == nil &&
 		m.TriggerIntrospectionProjections == nil &&
-		m.LegacyIntrospection == nil &&
 		m.UserSchema == nil &&
 		m.TokenExchange == nil &&
 		// nil check to allow unset improvements
diff --git a/internal/command/instance_features_model.go b/internal/command/instance_features_model.go
index 977a46b6c2..399013aded 100644
--- a/internal/command/instance_features_model.go
+++ b/internal/command/instance_features_model.go
@@ -68,7 +68,6 @@ func (m *InstanceFeaturesWriteModel) Query() *eventstore.SearchQueryBuilder {
 			feature_v2.InstanceResetEventType,
 			feature_v2.InstanceLoginDefaultOrgEventType,
 			feature_v2.InstanceTriggerIntrospectionProjectionsEventType,
-			feature_v2.InstanceLegacyIntrospectionEventType,
 			feature_v2.InstanceUserSchemaEventType,
 			feature_v2.InstanceTokenExchangeEventType,
 			feature_v2.InstanceImprovedPerformanceEventType,
@@ -98,9 +97,6 @@ func reduceInstanceFeature(features *InstanceFeatures, key feature.Key, value an
 	case feature.KeyTriggerIntrospectionProjections:
 		v := value.(bool)
 		features.TriggerIntrospectionProjections = &v
-	case feature.KeyLegacyIntrospection:
-		v := value.(bool)
-		features.LegacyIntrospection = &v
 	case feature.KeyTokenExchange:
 		v := value.(bool)
 		features.TokenExchange = &v
@@ -141,7 +137,6 @@ func (wm *InstanceFeaturesWriteModel) setCommands(ctx context.Context, f *Instan
 	cmds := make([]eventstore.Command, 0, len(feature.KeyValues())-1)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.LoginDefaultOrg, f.LoginDefaultOrg, feature_v2.InstanceLoginDefaultOrgEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.TriggerIntrospectionProjections, f.TriggerIntrospectionProjections, feature_v2.InstanceTriggerIntrospectionProjectionsEventType)
-	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.LegacyIntrospection, f.LegacyIntrospection, feature_v2.InstanceLegacyIntrospectionEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.TokenExchange, f.TokenExchange, feature_v2.InstanceTokenExchangeEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.UserSchema, f.UserSchema, feature_v2.InstanceUserSchemaEventType)
 	cmds = appendFeatureSliceUpdate(ctx, cmds, aggregate, wm.ImprovedPerformance, f.ImprovedPerformance, feature_v2.InstanceImprovedPerformanceEventType)
diff --git a/internal/command/instance_features_test.go b/internal/command/instance_features_test.go
index 02e8896a0c..8d0c7d5964 100644
--- a/internal/command/instance_features_test.go
+++ b/internal/command/instance_features_test.go
@@ -113,24 +113,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 				ResourceOwner: "instance1",
 			},
 		},
-		{
-			name: "set LegacyIntrospection",
-			eventstore: expectEventstore(
-				expectFilter(),
-				expectPush(
-					feature_v2.NewSetEvent[bool](
-						ctx, aggregate,
-						feature_v2.InstanceLegacyIntrospectionEventType, true,
-					),
-				),
-			),
-			args: args{ctx, &InstanceFeatures{
-				LegacyIntrospection: gu.Ptr(true),
-			}},
-			want: &domain.ObjectDetails{
-				ResourceOwner: "instance1",
-			},
-		},
 		{
 			name: "set UserSchema",
 			eventstore: expectEventstore(
@@ -156,12 +138,12 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 				expectPushFailed(io.ErrClosedPipe,
 					feature_v2.NewSetEvent[bool](
 						ctx, aggregate,
-						feature_v2.InstanceLegacyIntrospectionEventType, true,
+						feature_v2.InstanceConsoleUseV2UserApi, true,
 					),
 				),
 			),
 			args: args{ctx, &InstanceFeatures{
-				LegacyIntrospection: gu.Ptr(true),
+				ConsoleUseV2UserApi: gu.Ptr(true),
 			}},
 			wantErr: io.ErrClosedPipe,
 		},
@@ -178,10 +160,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, false,
 					),
-					feature_v2.NewSetEvent[bool](
-						ctx, aggregate,
-						feature_v2.InstanceLegacyIntrospectionEventType, true,
-					),
 					feature_v2.NewSetEvent[bool](
 						ctx, aggregate,
 						feature_v2.InstanceUserSchemaEventType, true,
@@ -195,7 +173,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 			args: args{ctx, &InstanceFeatures{
 				LoginDefaultOrg:                 gu.Ptr(true),
 				TriggerIntrospectionProjections: gu.Ptr(false),
-				LegacyIntrospection:             gu.Ptr(true),
 				UserSchema:                      gu.Ptr(true),
 				OIDCSingleV1SessionTermination:  gu.Ptr(true),
 			}},
@@ -224,10 +201,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceLoginDefaultOrgEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent[bool](
-						ctx, aggregate,
-						feature_v2.InstanceLegacyIntrospectionEventType, true,
-					)),
 					feature_v2.NewSetEvent[bool](
 						context.Background(), aggregate,
 						feature_v2.InstanceOIDCSingleV1SessionTerminationEventType, false,
@@ -247,7 +220,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 			args: args{ctx, &InstanceFeatures{
 				LoginDefaultOrg:                 gu.Ptr(true),
 				TriggerIntrospectionProjections: gu.Ptr(false),
-				LegacyIntrospection:             gu.Ptr(true),
 				OIDCSingleV1SessionTermination:  gu.Ptr(false),
 			}},
 			want: &domain.ObjectDetails{
diff --git a/internal/command/project_application_api.go b/internal/command/project_application_api.go
index 5b8bbafcdf..2832dcf873 100644
--- a/internal/command/project_application_api.go
+++ b/internal/command/project_application_api.go
@@ -226,37 +226,6 @@ func (c *Commands) ChangeAPIApplicationSecret(ctx context.Context, projectID, ap
 	return result, err
 }
 
-func (c *Commands) VerifyAPIClientSecret(ctx context.Context, projectID, appID, secret string) (err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-
-	app, err := c.getAPIAppWriteModel(ctx, projectID, appID, "")
-	if err != nil {
-		return err
-	}
-	if !app.State.Exists() {
-		return zerrors.ThrowPreconditionFailed(nil, "COMMAND-DFnbf", "Errors.Project.App.NotExisting")
-	}
-	if !app.IsAPI() {
-		return zerrors.ThrowInvalidArgument(nil, "COMMAND-Bf3fw", "Errors.Project.App.IsNotAPI")
-	}
-	if app.HashedSecret == "" {
-		return zerrors.ThrowPreconditionFailed(nil, "COMMAND-D3t5g", "Errors.Project.App.APIConfigInvalid")
-	}
-
-	projectAgg := ProjectAggregateFromWriteModel(&app.WriteModel)
-	ctx, spanPasswordComparison := tracing.NewNamedSpan(ctx, "passwap.Verify")
-	updated, err := c.secretHasher.Verify(app.HashedSecret, secret)
-	spanPasswordComparison.EndWithError(err)
-	if err != nil {
-		return zerrors.ThrowInvalidArgument(err, "COMMAND-SADfg", "Errors.Project.App.ClientSecretInvalid")
-	}
-	if updated != "" {
-		c.apiUpdateSecret(ctx, projectAgg, app.AppID, updated)
-	}
-	return nil
-}
-
 func (c *Commands) APIUpdateSecret(ctx context.Context, appID, projectID, resourceOwner, updated string) {
 	agg := project_repo.NewAggregate(projectID, resourceOwner)
 	c.apiUpdateSecret(ctx, &agg.Aggregate, appID, updated)
diff --git a/internal/command/project_application_api_test.go b/internal/command/project_application_api_test.go
index 2702c00b39..a6d4349254 100644
--- a/internal/command/project_application_api_test.go
+++ b/internal/command/project_application_api_test.go
@@ -2,16 +2,11 @@ package command
 
 import (
 	"context"
-	"io"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/zitadel/passwap"
-	"github.com/zitadel/passwap/bcrypt"
 
 	"github.com/zitadel/zitadel/internal/command/preparation"
-	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
@@ -771,99 +766,3 @@ func newAPIAppChangedEvent(ctx context.Context, appID, projectID, resourceOwner
 	)
 	return event
 }
-
-func TestCommands_VerifyAPIClientSecret(t *testing.T) {
-	hasher := &crypto.Hasher{
-		Swapper: passwap.NewSwapper(bcrypt.New(bcrypt.MinCost)),
-	}
-	hashedSecret, err := hasher.Hash("secret")
-	require.NoError(t, err)
-	agg := project.NewAggregate("projectID", "orgID")
-
-	tests := []struct {
-		name       string
-		secret     string
-		eventstore func(*testing.T) *eventstore.Eventstore
-		wantErr    error
-	}{
-		{
-			name: "filter error",
-			eventstore: expectEventstore(
-				expectFilterError(io.ErrClosedPipe),
-			),
-			wantErr: io.ErrClosedPipe,
-		},
-		{
-			name: "app not exists",
-			eventstore: expectEventstore(
-				expectFilter(),
-			),
-			wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-DFnbf", "Errors.Project.App.NotExisting"),
-		},
-		{
-			name: "wrong app type",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-				),
-			),
-			wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-Bf3fw", "Errors.Project.App.IsNotAPI"),
-		},
-		{
-			name: "no secret set",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-					eventFromEventPusher(
-						project.NewAPIConfigAddedEvent(context.Background(), &agg.Aggregate, "appID", "clientID", "", domain.APIAuthMethodTypePrivateKeyJWT),
-					),
-				),
-			),
-			wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-D3t5g", "Errors.Project.App.APIConfigInvalid"),
-		},
-		{
-			name:   "check succeeded",
-			secret: "secret",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-					eventFromEventPusher(
-						project.NewAPIConfigAddedEvent(context.Background(), &agg.Aggregate, "appID", "clientID", hashedSecret, domain.APIAuthMethodTypePrivateKeyJWT),
-					),
-				),
-			),
-		},
-		{
-			name:   "check failed",
-			secret: "wrong!",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-					eventFromEventPusher(
-						project.NewAPIConfigAddedEvent(context.Background(), &agg.Aggregate, "appID", "clientID", hashedSecret, domain.APIAuthMethodTypePrivateKeyJWT),
-					),
-				),
-			),
-			wantErr: zerrors.ThrowInvalidArgument(err, "COMMAND-SADfg", "Errors.Project.App.ClientSecretInvalid"),
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			c := &Commands{
-				eventstore:   tt.eventstore(t),
-				secretHasher: hasher,
-			}
-			err := c.VerifyAPIClientSecret(context.Background(), "projectID", "appID", tt.secret)
-			c.jobs.Wait()
-			require.ErrorIs(t, err, tt.wantErr)
-		})
-	}
-}
diff --git a/internal/command/project_application_oidc.go b/internal/command/project_application_oidc.go
index 491bd38fca..77ef7ff0c7 100644
--- a/internal/command/project_application_oidc.go
+++ b/internal/command/project_application_oidc.go
@@ -322,37 +322,6 @@ func (c *Commands) ChangeOIDCApplicationSecret(ctx context.Context, projectID, a
 	return result, err
 }
 
-func (c *Commands) VerifyOIDCClientSecret(ctx context.Context, projectID, appID, secret string) (err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-
-	app, err := c.getOIDCAppWriteModel(ctx, projectID, appID, "")
-	if err != nil {
-		return err
-	}
-	if !app.State.Exists() {
-		return zerrors.ThrowPreconditionFailed(nil, "COMMAND-D8hba", "Errors.Project.App.NotExisting")
-	}
-	if !app.IsOIDC() {
-		return zerrors.ThrowInvalidArgument(nil, "COMMAND-BHgn2", "Errors.Project.App.IsNotOIDC")
-	}
-	if app.HashedSecret == "" {
-		return zerrors.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.OIDCConfigInvalid")
-	}
-
-	projectAgg := ProjectAggregateFromWriteModel(&app.WriteModel)
-	ctx, spanPasswordComparison := tracing.NewNamedSpan(ctx, "passwap.Verify")
-	updated, err := c.secretHasher.Verify(app.HashedSecret, secret)
-	spanPasswordComparison.EndWithError(err)
-	if err != nil {
-		return zerrors.ThrowInvalidArgument(err, "COMMAND-Bz542", "Errors.Project.App.ClientSecretInvalid")
-	}
-	if updated != "" {
-		c.oidcUpdateSecret(ctx, projectAgg, appID, updated)
-	}
-	return nil
-}
-
 func (c *Commands) OIDCUpdateSecret(ctx context.Context, appID, projectID, resourceOwner, updated string) {
 	agg := project_repo.NewAggregate(projectID, resourceOwner)
 	c.oidcUpdateSecret(ctx, &agg.Aggregate, appID, updated)
diff --git a/internal/command/project_application_oidc_test.go b/internal/command/project_application_oidc_test.go
index 4b9f5bf94f..d0383b1b29 100644
--- a/internal/command/project_application_oidc_test.go
+++ b/internal/command/project_application_oidc_test.go
@@ -2,18 +2,13 @@ package command
 
 import (
 	"context"
-	"io"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/zitadel/passwap"
-	"github.com/zitadel/passwap/bcrypt"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/command/preparation"
-	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
@@ -1307,168 +1302,3 @@ func newOIDCAppChangedEvent(ctx context.Context, appID, projectID, resourceOwner
 	)
 	return event
 }
-
-func TestCommands_VerifyOIDCClientSecret(t *testing.T) {
-	hasher := &crypto.Hasher{
-		Swapper: passwap.NewSwapper(bcrypt.New(bcrypt.MinCost)),
-	}
-	hashedSecret, err := hasher.Hash("secret")
-	require.NoError(t, err)
-	agg := project.NewAggregate("projectID", "orgID")
-
-	tests := []struct {
-		name       string
-		secret     string
-		eventstore func(*testing.T) *eventstore.Eventstore
-		wantErr    error
-	}{
-		{
-			name: "filter error",
-			eventstore: expectEventstore(
-				expectFilterError(io.ErrClosedPipe),
-			),
-			wantErr: io.ErrClosedPipe,
-		},
-		{
-			name: "app not exists",
-			eventstore: expectEventstore(
-				expectFilter(),
-			),
-			wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-D8hba", "Errors.Project.App.NotExisting"),
-		},
-		{
-			name: "wrong app type",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-				),
-			),
-			wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-BHgn2", "Errors.Project.App.IsNotOIDC"),
-		},
-		{
-			name: "no secret set",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-					eventFromEventPusher(
-						project.NewOIDCConfigAddedEvent(context.Background(),
-							&agg.Aggregate,
-							domain.OIDCVersionV1,
-							"appID",
-							"client1@project",
-							"",
-							[]string{"https://test.ch"},
-							[]domain.OIDCResponseType{domain.OIDCResponseTypeCode},
-							[]domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-							domain.OIDCApplicationTypeWeb,
-							domain.OIDCAuthMethodTypePost,
-							[]string{"https://test.ch/logout"},
-							true,
-							domain.OIDCTokenTypeBearer,
-							true,
-							true,
-							true,
-							time.Second*1,
-							[]string{"https://sub.test.ch"},
-							false,
-							"",
-							domain.LoginVersionUnspecified,
-							"",
-						),
-					),
-				),
-			),
-			wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.OIDCConfigInvalid"),
-		},
-		{
-			name:   "check succeeded",
-			secret: "secret",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-					eventFromEventPusher(
-						project.NewOIDCConfigAddedEvent(context.Background(),
-							&agg.Aggregate,
-							domain.OIDCVersionV1,
-							"appID",
-							"client1@project",
-							hashedSecret,
-							[]string{"https://test.ch"},
-							[]domain.OIDCResponseType{domain.OIDCResponseTypeCode},
-							[]domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-							domain.OIDCApplicationTypeWeb,
-							domain.OIDCAuthMethodTypePost,
-							[]string{"https://test.ch/logout"},
-							true,
-							domain.OIDCTokenTypeBearer,
-							true,
-							true,
-							true,
-							time.Second*1,
-							[]string{"https://sub.test.ch"},
-							false,
-							"",
-							domain.LoginVersionUnspecified,
-							"",
-						),
-					),
-				),
-			),
-		},
-		{
-			name:   "check failed",
-			secret: "wrong!",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-					eventFromEventPusher(
-						project.NewOIDCConfigAddedEvent(context.Background(),
-							&agg.Aggregate,
-							domain.OIDCVersionV1,
-							"appID",
-							"client1@project",
-							hashedSecret,
-							[]string{"https://test.ch"},
-							[]domain.OIDCResponseType{domain.OIDCResponseTypeCode},
-							[]domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-							domain.OIDCApplicationTypeWeb,
-							domain.OIDCAuthMethodTypePost,
-							[]string{"https://test.ch/logout"},
-							true,
-							domain.OIDCTokenTypeBearer,
-							true,
-							true,
-							true,
-							time.Second*1,
-							[]string{"https://sub.test.ch"},
-							false,
-							"",
-							domain.LoginVersionUnspecified,
-							"",
-						),
-					),
-				),
-			),
-			wantErr: zerrors.ThrowInvalidArgument(err, "COMMAND-Bz542", "Errors.Project.App.ClientSecretInvalid"),
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			c := &Commands{
-				eventstore:   tt.eventstore(t),
-				secretHasher: hasher,
-			}
-			err := c.VerifyOIDCClientSecret(context.Background(), "projectID", "appID", tt.secret)
-			c.jobs.Wait()
-			require.ErrorIs(t, err, tt.wantErr)
-		})
-	}
-}
diff --git a/internal/command/system_features.go b/internal/command/system_features.go
index b317ea93bb..f20c9f3cda 100644
--- a/internal/command/system_features.go
+++ b/internal/command/system_features.go
@@ -12,7 +12,6 @@ import (
 type SystemFeatures struct {
 	LoginDefaultOrg                 *bool
 	TriggerIntrospectionProjections *bool
-	LegacyIntrospection             *bool
 	TokenExchange                   *bool
 	UserSchema                      *bool
 	ImprovedPerformance             []feature.ImprovedPerformanceType
@@ -26,7 +25,6 @@ type SystemFeatures struct {
 func (m *SystemFeatures) isEmpty() bool {
 	return m.LoginDefaultOrg == nil &&
 		m.TriggerIntrospectionProjections == nil &&
-		m.LegacyIntrospection == nil &&
 		m.UserSchema == nil &&
 		m.TokenExchange == nil &&
 		// nil check to allow unset improvements
diff --git a/internal/command/system_features_model.go b/internal/command/system_features_model.go
index 28e56f8bd4..f1e6ba6357 100644
--- a/internal/command/system_features_model.go
+++ b/internal/command/system_features_model.go
@@ -61,7 +61,6 @@ func (m *SystemFeaturesWriteModel) Query() *eventstore.SearchQueryBuilder {
 			feature_v2.SystemResetEventType,
 			feature_v2.SystemLoginDefaultOrgEventType,
 			feature_v2.SystemTriggerIntrospectionProjectionsEventType,
-			feature_v2.SystemLegacyIntrospectionEventType,
 			feature_v2.SystemUserSchemaEventType,
 			feature_v2.SystemTokenExchangeEventType,
 			feature_v2.SystemImprovedPerformanceEventType,
@@ -88,9 +87,6 @@ func reduceSystemFeature(features *SystemFeatures, key feature.Key, value any) {
 	case feature.KeyTriggerIntrospectionProjections:
 		v := value.(bool)
 		features.TriggerIntrospectionProjections = &v
-	case feature.KeyLegacyIntrospection:
-		v := value.(bool)
-		features.LegacyIntrospection = &v
 	case feature.KeyUserSchema:
 		v := value.(bool)
 		features.UserSchema = &v
@@ -121,7 +117,6 @@ func (wm *SystemFeaturesWriteModel) setCommands(ctx context.Context, f *SystemFe
 	cmds := make([]eventstore.Command, 0, len(feature.KeyValues())-1)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.LoginDefaultOrg, f.LoginDefaultOrg, feature_v2.SystemLoginDefaultOrgEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.TriggerIntrospectionProjections, f.TriggerIntrospectionProjections, feature_v2.SystemTriggerIntrospectionProjectionsEventType)
-	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.LegacyIntrospection, f.LegacyIntrospection, feature_v2.SystemLegacyIntrospectionEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.UserSchema, f.UserSchema, feature_v2.SystemUserSchemaEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.TokenExchange, f.TokenExchange, feature_v2.SystemTokenExchangeEventType)
 	cmds = appendFeatureSliceUpdate(ctx, cmds, aggregate, wm.ImprovedPerformance, f.ImprovedPerformance, feature_v2.SystemImprovedPerformanceEventType)
diff --git a/internal/command/system_features_test.go b/internal/command/system_features_test.go
index b1b5207b8c..ff6aef8104 100644
--- a/internal/command/system_features_test.go
+++ b/internal/command/system_features_test.go
@@ -81,24 +81,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 				ResourceOwner: "SYSTEM",
 			},
 		},
-		{
-			name: "set LegacyIntrospection",
-			eventstore: expectEventstore(
-				expectFilter(),
-				expectPush(
-					feature_v2.NewSetEvent[bool](
-						context.Background(), aggregate,
-						feature_v2.SystemLegacyIntrospectionEventType, true,
-					),
-				),
-			),
-			args: args{context.Background(), &SystemFeatures{
-				LegacyIntrospection: gu.Ptr(true),
-			}},
-			want: &domain.ObjectDetails{
-				ResourceOwner: "SYSTEM",
-			},
-		},
 		{
 			name: "set UserSchema",
 			eventstore: expectEventstore(
@@ -124,12 +106,12 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 				expectPushFailed(io.ErrClosedPipe,
 					feature_v2.NewSetEvent[bool](
 						context.Background(), aggregate,
-						feature_v2.SystemLegacyIntrospectionEventType, true,
+						feature_v2.SystemEnableBackChannelLogout, true,
 					),
 				),
 			),
 			args: args{context.Background(), &SystemFeatures{
-				LegacyIntrospection: gu.Ptr(true),
+				EnableBackChannelLogout: gu.Ptr(true),
 			}},
 			wantErr: io.ErrClosedPipe,
 		},
@@ -146,10 +128,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemTriggerIntrospectionProjectionsEventType, false,
 					),
-					feature_v2.NewSetEvent[bool](
-						context.Background(), aggregate,
-						feature_v2.SystemLegacyIntrospectionEventType, true,
-					),
 					feature_v2.NewSetEvent[bool](
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, true,
@@ -163,7 +141,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 			args: args{context.Background(), &SystemFeatures{
 				LoginDefaultOrg:                 gu.Ptr(true),
 				TriggerIntrospectionProjections: gu.Ptr(false),
-				LegacyIntrospection:             gu.Ptr(true),
 				UserSchema:                      gu.Ptr(true),
 				OIDCSingleV1SessionTermination:  gu.Ptr(true),
 			}},
@@ -192,10 +169,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemLoginDefaultOrgEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent[bool](
-						context.Background(), aggregate,
-						feature_v2.SystemLegacyIntrospectionEventType, true,
-					)),
 				),
 				expectPush(
 					feature_v2.NewSetEvent[bool](
@@ -219,7 +192,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 			args: args{context.Background(), &SystemFeatures{
 				LoginDefaultOrg:                 gu.Ptr(true),
 				TriggerIntrospectionProjections: gu.Ptr(false),
-				LegacyIntrospection:             gu.Ptr(true),
 				UserSchema:                      gu.Ptr(true),
 				OIDCSingleV1SessionTermination:  gu.Ptr(false),
 			}},
diff --git a/internal/feature/feature.go b/internal/feature/feature.go
index b5f5a901d4..2e32b6b122 100644
--- a/internal/feature/feature.go
+++ b/internal/feature/feature.go
@@ -9,22 +9,22 @@ import (
 type Key int
 
 const (
-	KeyUnspecified Key = iota
-	KeyLoginDefaultOrg
-	KeyTriggerIntrospectionProjections
-	KeyLegacyIntrospection
-	KeyUserSchema
-	KeyTokenExchange
-	KeyActionsDeprecated
-	KeyImprovedPerformance
-	KeyWebKey
-	KeyDebugOIDCParentError
-	KeyOIDCSingleV1SessionTermination
-	KeyDisableUserTokenEvent
-	KeyEnableBackChannelLogout
-	KeyLoginV2
-	KeyPermissionCheckV2
-	KeyConsoleUseV2UserApi
+	// Reserved: 3, 6
+
+	KeyUnspecified                     Key = 0
+	KeyLoginDefaultOrg                 Key = 1
+	KeyTriggerIntrospectionProjections Key = 2
+	KeyUserSchema                      Key = 4
+	KeyTokenExchange                   Key = 5
+	KeyImprovedPerformance             Key = 7
+	KeyWebKey                          Key = 8
+	KeyDebugOIDCParentError            Key = 9
+	KeyOIDCSingleV1SessionTermination  Key = 10
+	KeyDisableUserTokenEvent           Key = 11
+	KeyEnableBackChannelLogout         Key = 12
+	KeyLoginV2                         Key = 13
+	KeyPermissionCheckV2               Key = 14
+	KeyConsoleUseV2UserApi             Key = 15
 )
 
 //go:generate enumer -type Level -transform snake -trimprefix Level
@@ -43,7 +43,6 @@ const (
 type Features struct {
 	LoginDefaultOrg                 bool                      `json:"login_default_org,omitempty"`
 	TriggerIntrospectionProjections bool                      `json:"trigger_introspection_projections,omitempty"`
-	LegacyIntrospection             bool                      `json:"legacy_introspection,omitempty"`
 	UserSchema                      bool                      `json:"user_schema,omitempty"`
 	TokenExchange                   bool                      `json:"token_exchange,omitempty"`
 	ImprovedPerformance             []ImprovedPerformanceType `json:"improved_performance,omitempty"`
diff --git a/internal/feature/feature_test.go b/internal/feature/feature_test.go
index 70e3ec9ffb..abb8968d6f 100644
--- a/internal/feature/feature_test.go
+++ b/internal/feature/feature_test.go
@@ -12,7 +12,6 @@ func TestKey(t *testing.T) {
 		"unspecified",
 		"login_default_org",
 		"trigger_introspection_projections",
-		"legacy_introspection",
 	}
 	for _, want := range tests {
 		t.Run(want, func(t *testing.T) {
diff --git a/internal/feature/key_enumer.go b/internal/feature/key_enumer.go
index a47b3eb4d9..e06199120a 100644
--- a/internal/feature/key_enumer.go
+++ b/internal/feature/key_enumer.go
@@ -7,17 +7,34 @@ import (
 	"strings"
 )
 
-const _KeyName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schematoken_exchangeactions_deprecatedimproved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2permission_check_v2console_use_v2_user_api"
+const (
+	_KeyName_0      = "unspecifiedlogin_default_orgtrigger_introspection_projections"
+	_KeyLowerName_0 = "unspecifiedlogin_default_orgtrigger_introspection_projections"
+	_KeyName_1      = "user_schematoken_exchange"
+	_KeyLowerName_1 = "user_schematoken_exchange"
+	_KeyName_2      = "improved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2permission_check_v2console_use_v2_user_api"
+	_KeyLowerName_2 = "improved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2permission_check_v2console_use_v2_user_api"
+)
 
-var _KeyIndex = [...]uint16{0, 11, 28, 61, 81, 92, 106, 124, 144, 151, 174, 208, 232, 258, 266, 285, 308}
-
-const _KeyLowerName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schematoken_exchangeactions_deprecatedimproved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2permission_check_v2console_use_v2_user_api"
+var (
+	_KeyIndex_0 = [...]uint8{0, 11, 28, 61}
+	_KeyIndex_1 = [...]uint8{0, 11, 25}
+	_KeyIndex_2 = [...]uint8{0, 20, 27, 50, 84, 108, 134, 142, 161, 184}
+)
 
 func (i Key) String() string {
-	if i < 0 || i >= Key(len(_KeyIndex)-1) {
+	switch {
+	case 0 <= i && i <= 2:
+		return _KeyName_0[_KeyIndex_0[i]:_KeyIndex_0[i+1]]
+	case 4 <= i && i <= 5:
+		i -= 4
+		return _KeyName_1[_KeyIndex_1[i]:_KeyIndex_1[i+1]]
+	case 7 <= i && i <= 15:
+		i -= 7
+		return _KeyName_2[_KeyIndex_2[i]:_KeyIndex_2[i+1]]
+	default:
 		return fmt.Sprintf("Key(%d)", i)
 	}
-	return _KeyName[_KeyIndex[i]:_KeyIndex[i+1]]
 }
 
 // An "invalid array index" compiler error signifies that the constant values have changed.
@@ -27,10 +44,8 @@ func _KeyNoOp() {
 	_ = x[KeyUnspecified-(0)]
 	_ = x[KeyLoginDefaultOrg-(1)]
 	_ = x[KeyTriggerIntrospectionProjections-(2)]
-	_ = x[KeyLegacyIntrospection-(3)]
 	_ = x[KeyUserSchema-(4)]
 	_ = x[KeyTokenExchange-(5)]
-	_ = x[KeyActionsDeprecated-(6)]
 	_ = x[KeyImprovedPerformance-(7)]
 	_ = x[KeyWebKey-(8)]
 	_ = x[KeyDebugOIDCParentError-(9)]
@@ -42,60 +57,54 @@ func _KeyNoOp() {
 	_ = x[KeyConsoleUseV2UserApi-(15)]
 }
 
-var _KeyValues = []Key{KeyUnspecified, KeyLoginDefaultOrg, KeyTriggerIntrospectionProjections, KeyLegacyIntrospection, KeyUserSchema, KeyTokenExchange, KeyActionsDeprecated, KeyImprovedPerformance, KeyWebKey, KeyDebugOIDCParentError, KeyOIDCSingleV1SessionTermination, KeyDisableUserTokenEvent, KeyEnableBackChannelLogout, KeyLoginV2, KeyPermissionCheckV2, KeyConsoleUseV2UserApi}
+var _KeyValues = []Key{KeyUnspecified, KeyLoginDefaultOrg, KeyTriggerIntrospectionProjections, KeyUserSchema, KeyTokenExchange, KeyImprovedPerformance, KeyWebKey, KeyDebugOIDCParentError, KeyOIDCSingleV1SessionTermination, KeyDisableUserTokenEvent, KeyEnableBackChannelLogout, KeyLoginV2, KeyPermissionCheckV2, KeyConsoleUseV2UserApi}
 
 var _KeyNameToValueMap = map[string]Key{
-	_KeyName[0:11]:         KeyUnspecified,
-	_KeyLowerName[0:11]:    KeyUnspecified,
-	_KeyName[11:28]:        KeyLoginDefaultOrg,
-	_KeyLowerName[11:28]:   KeyLoginDefaultOrg,
-	_KeyName[28:61]:        KeyTriggerIntrospectionProjections,
-	_KeyLowerName[28:61]:   KeyTriggerIntrospectionProjections,
-	_KeyName[61:81]:        KeyLegacyIntrospection,
-	_KeyLowerName[61:81]:   KeyLegacyIntrospection,
-	_KeyName[81:92]:        KeyUserSchema,
-	_KeyLowerName[81:92]:   KeyUserSchema,
-	_KeyName[92:106]:       KeyTokenExchange,
-	_KeyLowerName[92:106]:  KeyTokenExchange,
-	_KeyName[106:124]:      KeyActionsDeprecated,
-	_KeyLowerName[106:124]: KeyActionsDeprecated,
-	_KeyName[124:144]:      KeyImprovedPerformance,
-	_KeyLowerName[124:144]: KeyImprovedPerformance,
-	_KeyName[144:151]:      KeyWebKey,
-	_KeyLowerName[144:151]: KeyWebKey,
-	_KeyName[151:174]:      KeyDebugOIDCParentError,
-	_KeyLowerName[151:174]: KeyDebugOIDCParentError,
-	_KeyName[174:208]:      KeyOIDCSingleV1SessionTermination,
-	_KeyLowerName[174:208]: KeyOIDCSingleV1SessionTermination,
-	_KeyName[208:232]:      KeyDisableUserTokenEvent,
-	_KeyLowerName[208:232]: KeyDisableUserTokenEvent,
-	_KeyName[232:258]:      KeyEnableBackChannelLogout,
-	_KeyLowerName[232:258]: KeyEnableBackChannelLogout,
-	_KeyName[258:266]:      KeyLoginV2,
-	_KeyLowerName[258:266]: KeyLoginV2,
-	_KeyName[266:285]:      KeyPermissionCheckV2,
-	_KeyLowerName[266:285]: KeyPermissionCheckV2,
-	_KeyName[285:308]:      KeyConsoleUseV2UserApi,
-	_KeyLowerName[285:308]: KeyConsoleUseV2UserApi,
+	_KeyName_0[0:11]:         KeyUnspecified,
+	_KeyLowerName_0[0:11]:    KeyUnspecified,
+	_KeyName_0[11:28]:        KeyLoginDefaultOrg,
+	_KeyLowerName_0[11:28]:   KeyLoginDefaultOrg,
+	_KeyName_0[28:61]:        KeyTriggerIntrospectionProjections,
+	_KeyLowerName_0[28:61]:   KeyTriggerIntrospectionProjections,
+	_KeyName_1[0:11]:         KeyUserSchema,
+	_KeyLowerName_1[0:11]:    KeyUserSchema,
+	_KeyName_1[11:25]:        KeyTokenExchange,
+	_KeyLowerName_1[11:25]:   KeyTokenExchange,
+	_KeyName_2[0:20]:         KeyImprovedPerformance,
+	_KeyLowerName_2[0:20]:    KeyImprovedPerformance,
+	_KeyName_2[20:27]:        KeyWebKey,
+	_KeyLowerName_2[20:27]:   KeyWebKey,
+	_KeyName_2[27:50]:        KeyDebugOIDCParentError,
+	_KeyLowerName_2[27:50]:   KeyDebugOIDCParentError,
+	_KeyName_2[50:84]:        KeyOIDCSingleV1SessionTermination,
+	_KeyLowerName_2[50:84]:   KeyOIDCSingleV1SessionTermination,
+	_KeyName_2[84:108]:       KeyDisableUserTokenEvent,
+	_KeyLowerName_2[84:108]:  KeyDisableUserTokenEvent,
+	_KeyName_2[108:134]:      KeyEnableBackChannelLogout,
+	_KeyLowerName_2[108:134]: KeyEnableBackChannelLogout,
+	_KeyName_2[134:142]:      KeyLoginV2,
+	_KeyLowerName_2[134:142]: KeyLoginV2,
+	_KeyName_2[142:161]:      KeyPermissionCheckV2,
+	_KeyLowerName_2[142:161]: KeyPermissionCheckV2,
+	_KeyName_2[161:184]:      KeyConsoleUseV2UserApi,
+	_KeyLowerName_2[161:184]: KeyConsoleUseV2UserApi,
 }
 
 var _KeyNames = []string{
-	_KeyName[0:11],
-	_KeyName[11:28],
-	_KeyName[28:61],
-	_KeyName[61:81],
-	_KeyName[81:92],
-	_KeyName[92:106],
-	_KeyName[106:124],
-	_KeyName[124:144],
-	_KeyName[144:151],
-	_KeyName[151:174],
-	_KeyName[174:208],
-	_KeyName[208:232],
-	_KeyName[232:258],
-	_KeyName[258:266],
-	_KeyName[266:285],
-	_KeyName[285:308],
+	_KeyName_0[0:11],
+	_KeyName_0[11:28],
+	_KeyName_0[28:61],
+	_KeyName_1[0:11],
+	_KeyName_1[11:25],
+	_KeyName_2[0:20],
+	_KeyName_2[20:27],
+	_KeyName_2[27:50],
+	_KeyName_2[50:84],
+	_KeyName_2[84:108],
+	_KeyName_2[108:134],
+	_KeyName_2[134:142],
+	_KeyName_2[142:161],
+	_KeyName_2[161:184],
 }
 
 // KeyString retrieves an enum value from the enum constants string name.
diff --git a/internal/query/app.go b/internal/query/app.go
index 5fed1e3ced..bc97c1807e 100644
--- a/internal/query/app.go
+++ b/internal/query/app.go
@@ -455,27 +455,6 @@ func (q *Queries) ProjectIDFromClientID(ctx context.Context, appID string) (id s
 	return id, err
 }
 
-func (q *Queries) ProjectByOIDCClientID(ctx context.Context, id string) (project *Project, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-
-	stmt, scan := prepareProjectByOIDCAppQuery()
-	eq := sq.Eq{
-		AppOIDCConfigColumnClientID.identifier(): id,
-		AppColumnInstanceID.identifier():         authz.GetInstance(ctx).InstanceID(),
-	}
-	query, args, err := stmt.Where(eq).ToSql()
-	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-XhJi4", "Errors.Query.SQLStatement")
-	}
-
-	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
-		project, err = scan(row)
-		return err
-	}, query, args...)
-	return project, err
-}
-
 func (q *Queries) AppByOIDCClientID(ctx context.Context, clientID string) (app *App, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
@@ -497,35 +476,6 @@ func (q *Queries) AppByOIDCClientID(ctx context.Context, clientID string) (app *
 	return app, err
 }
 
-func (q *Queries) AppByClientID(ctx context.Context, clientID string) (app *App, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-
-	stmt, scan := prepareAppQuery(true)
-	eq := sq.Eq{
-		AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
-		AppColumnState.identifier():      domain.AppStateActive,
-		ProjectColumnState.identifier():  domain.ProjectStateActive,
-		OrgColumnState.identifier():      domain.OrgStateActive,
-	}
-	query, args, err := stmt.Where(sq.And{
-		eq,
-		sq.Or{
-			sq.Eq{AppOIDCConfigColumnClientID.identifier(): clientID},
-			sq.Eq{AppAPIConfigColumnClientID.identifier(): clientID},
-		},
-	}).ToSql()
-	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Dfge2", "Errors.Query.SQLStatement")
-	}
-
-	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
-		app, err = scan(row)
-		return err
-	}, query, args...)
-	return app, err
-}
-
 func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries, withOwnerRemoved bool) (apps *Apps, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
@@ -867,48 +817,6 @@ func prepareProjectIDByAppQuery() (sq.SelectBuilder, func(*sql.Row) (projectID s
 		}
 }
 
-func prepareProjectByOIDCAppQuery() (sq.SelectBuilder, func(*sql.Row) (*Project, error)) {
-	return sq.Select(
-			ProjectColumnID.identifier(),
-			ProjectColumnCreationDate.identifier(),
-			ProjectColumnChangeDate.identifier(),
-			ProjectColumnResourceOwner.identifier(),
-			ProjectColumnState.identifier(),
-			ProjectColumnSequence.identifier(),
-			ProjectColumnName.identifier(),
-			ProjectColumnProjectRoleAssertion.identifier(),
-			ProjectColumnProjectRoleCheck.identifier(),
-			ProjectColumnHasProjectCheck.identifier(),
-			ProjectColumnPrivateLabelingSetting.identifier(),
-		).From(projectsTable.identifier()).
-			Join(join(AppColumnProjectID, ProjectColumnID)).
-			Join(join(AppOIDCConfigColumnAppID, AppColumnID)).
-			PlaceholderFormat(sq.Dollar),
-		func(row *sql.Row) (*Project, error) {
-			p := new(Project)
-			err := row.Scan(
-				&p.ID,
-				&p.CreationDate,
-				&p.ChangeDate,
-				&p.ResourceOwner,
-				&p.State,
-				&p.Sequence,
-				&p.Name,
-				&p.ProjectRoleAssertion,
-				&p.ProjectRoleCheck,
-				&p.HasProjectCheck,
-				&p.PrivateLabelingSetting,
-			)
-			if err != nil {
-				if errors.Is(err, sql.ErrNoRows) {
-					return nil, zerrors.ThrowNotFound(err, "QUERY-yxTMh", "Errors.Project.NotFound")
-				}
-				return nil, zerrors.ThrowInternal(err, "QUERY-dj2FF", "Errors.Internal")
-			}
-			return p, nil
-		}
-}
-
 func prepareProjectByAppQuery() (sq.SelectBuilder, func(*sql.Row) (*Project, error)) {
 	return sq.Select(
 			ProjectColumnID.identifier(),
diff --git a/internal/query/authn_key.go b/internal/query/authn_key.go
index ffbe38e7ae..5a1f49d63c 100644
--- a/internal/query/authn_key.go
+++ b/internal/query/authn_key.go
@@ -254,34 +254,6 @@ func (q *Queries) GetAuthNKeyByID(ctx context.Context, shouldTriggerBulk bool, i
 	return key, err
 }
 
-func (q *Queries) GetAuthNKeyPublicKeyByIDAndIdentifier(ctx context.Context, id string, identifier string) (key []byte, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-
-	stmt, scan := prepareAuthNKeyPublicKeyQuery()
-	eq := sq.And{
-		sq.Eq{
-			AuthNKeyColumnID.identifier():         id,
-			AuthNKeyColumnIdentifier.identifier(): identifier,
-			AuthNKeyColumnEnabled.identifier():    true,
-			AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
-		},
-		sq.Gt{
-			AuthNKeyColumnExpiration.identifier(): time.Now(),
-		},
-	}
-	query, args, err := stmt.Where(eq).ToSql()
-	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-DAb32", "Errors.Query.SQLStatement")
-	}
-
-	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
-		key, err = scan(row)
-		return err
-	}, query, args...)
-	return key, err
-}
-
 func NewAuthNKeyResourceOwnerQuery(id string) (SearchQuery, error) {
 	return NewTextQuery(AuthNKeyColumnResourceOwner, id, TextEquals)
 }
@@ -429,26 +401,6 @@ func prepareAuthNKeyQuery() (sq.SelectBuilder, func(row *sql.Row) (*AuthNKey, er
 		}
 }
 
-func prepareAuthNKeyPublicKeyQuery() (sq.SelectBuilder, func(row *sql.Row) ([]byte, error)) {
-	return sq.Select(
-			AuthNKeyColumnPublicKey.identifier(),
-		).From(authNKeyTable.identifier()).
-			PlaceholderFormat(sq.Dollar),
-		func(row *sql.Row) ([]byte, error) {
-			var publicKey []byte
-			err := row.Scan(
-				&publicKey,
-			)
-			if err != nil {
-				if errors.Is(err, sql.ErrNoRows) {
-					return nil, zerrors.ThrowNotFound(err, "QUERY-SDf32", "Errors.AuthNKey.NotFound")
-				}
-				return nil, zerrors.ThrowInternal(err, "QUERY-Bfs2a", "Errors.Internal")
-			}
-			return publicKey, nil
-		}
-}
-
 func prepareAuthNKeysDataQuery() (sq.SelectBuilder, func(rows *sql.Rows) (*AuthNKeysData, error)) {
 	return sq.Select(
 			AuthNKeyColumnID.identifier(),
diff --git a/internal/query/authn_key_test.go b/internal/query/authn_key_test.go
index b7c66cc665..ce45185363 100644
--- a/internal/query/authn_key_test.go
+++ b/internal/query/authn_key_test.go
@@ -423,55 +423,6 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 			},
 			object: (*AuthNKey)(nil),
 		},
-		{
-			name:    "prepareAuthNKeyPublicKeyQuery no result",
-			prepare: prepareAuthNKeyPublicKeyQuery,
-			want: want{
-				sqlExpectations: mockQueriesScanErr(
-					regexp.QuoteMeta(prepareAuthNKeyPublicKeyStmt),
-					nil,
-					nil,
-				),
-				err: func(err error) (error, bool) {
-					if !zerrors.IsNotFound(err) {
-						return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
-					}
-					return nil, true
-				},
-			},
-			object: ([]byte)(nil),
-		},
-		{
-			name:    "prepareAuthNKeyPublicKeyQuery found",
-			prepare: prepareAuthNKeyPublicKeyQuery,
-			want: want{
-				sqlExpectations: mockQuery(
-					regexp.QuoteMeta(prepareAuthNKeyPublicKeyStmt),
-					prepareAuthNKeyPublicKeyCols,
-					[]driver.Value{
-						[]byte("publicKey"),
-					},
-				),
-			},
-			object: []byte("publicKey"),
-		},
-		{
-			name:    "prepareAuthNKeyPublicKeyQuery sql err",
-			prepare: prepareAuthNKeyPublicKeyQuery,
-			want: want{
-				sqlExpectations: mockQueryErr(
-					regexp.QuoteMeta(prepareAuthNKeyPublicKeyStmt),
-					sql.ErrConnDone,
-				),
-				err: func(err error) (error, bool) {
-					if !errors.Is(err, sql.ErrConnDone) {
-						return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
-					}
-					return nil, true
-				},
-			},
-			object: ([]byte)(nil),
-		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/internal/query/instance_features.go b/internal/query/instance_features.go
index 4ec40dc9d5..501cfc4e9c 100644
--- a/internal/query/instance_features.go
+++ b/internal/query/instance_features.go
@@ -11,7 +11,6 @@ type InstanceFeatures struct {
 	Details                         *domain.ObjectDetails
 	LoginDefaultOrg                 FeatureSource[bool]
 	TriggerIntrospectionProjections FeatureSource[bool]
-	LegacyIntrospection             FeatureSource[bool]
 	UserSchema                      FeatureSource[bool]
 	TokenExchange                   FeatureSource[bool]
 	ImprovedPerformance             FeatureSource[[]feature.ImprovedPerformanceType]
diff --git a/internal/query/instance_features_model.go b/internal/query/instance_features_model.go
index 6a0abbb58c..7130044fbf 100644
--- a/internal/query/instance_features_model.go
+++ b/internal/query/instance_features_model.go
@@ -64,7 +64,6 @@ func (m *InstanceFeaturesReadModel) Query() *eventstore.SearchQueryBuilder {
 			feature_v2.InstanceResetEventType,
 			feature_v2.InstanceLoginDefaultOrgEventType,
 			feature_v2.InstanceTriggerIntrospectionProjectionsEventType,
-			feature_v2.InstanceLegacyIntrospectionEventType,
 			feature_v2.InstanceUserSchemaEventType,
 			feature_v2.InstanceTokenExchangeEventType,
 			feature_v2.InstanceImprovedPerformanceEventType,
@@ -94,7 +93,6 @@ func (m *InstanceFeaturesReadModel) populateFromSystem() bool {
 	}
 	m.instance.LoginDefaultOrg = m.system.LoginDefaultOrg
 	m.instance.TriggerIntrospectionProjections = m.system.TriggerIntrospectionProjections
-	m.instance.LegacyIntrospection = m.system.LegacyIntrospection
 	m.instance.UserSchema = m.system.UserSchema
 	m.instance.TokenExchange = m.system.TokenExchange
 	m.instance.ImprovedPerformance = m.system.ImprovedPerformance
@@ -111,15 +109,12 @@ func reduceInstanceFeatureSet[T any](features *InstanceFeatures, event *feature_
 		return err
 	}
 	switch key {
-	case feature.KeyUnspecified,
-		feature.KeyActionsDeprecated:
+	case feature.KeyUnspecified:
 		return nil
 	case feature.KeyLoginDefaultOrg:
 		features.LoginDefaultOrg.set(level, event.Value)
 	case feature.KeyTriggerIntrospectionProjections:
 		features.TriggerIntrospectionProjections.set(level, event.Value)
-	case feature.KeyLegacyIntrospection:
-		features.LegacyIntrospection.set(level, event.Value)
 	case feature.KeyUserSchema:
 		features.UserSchema.set(level, event.Value)
 	case feature.KeyTokenExchange:
diff --git a/internal/query/instance_features_test.go b/internal/query/instance_features_test.go
index d80a3b05fc..af662e4898 100644
--- a/internal/query/instance_features_test.go
+++ b/internal/query/instance_features_test.go
@@ -75,10 +75,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 					Level: feature.LevelUnspecified,
 					Value: false,
 				},
-				LegacyIntrospection: FeatureSource[bool]{
-					Level: feature.LevelUnspecified,
-					Value: false,
-				},
 			},
 		},
 		{
@@ -97,10 +93,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, true,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						ctx, aggregate,
-						feature_v2.InstanceLegacyIntrospectionEventType, false,
-					)),
 					eventFromEventPusher(feature_v2.NewSetEvent(
 						ctx, aggregate,
 						feature_v2.InstanceUserSchemaEventType, false,
@@ -120,10 +112,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 					Level: feature.LevelInstance,
 					Value: true,
 				},
-				LegacyIntrospection: FeatureSource[bool]{
-					Level: feature.LevelInstance,
-					Value: false,
-				},
 				UserSchema: FeatureSource[bool]{
 					Level: feature.LevelInstance,
 					Value: false,
@@ -146,10 +134,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, true,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						ctx, aggregate,
-						feature_v2.InstanceLegacyIntrospectionEventType, false,
-					)),
 					eventFromEventPusher(feature_v2.NewSetEvent(
 						ctx, aggregate,
 						feature_v2.InstanceUserSchemaEventType, false,
@@ -177,10 +161,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 					Level: feature.LevelInstance,
 					Value: true,
 				},
-				LegacyIntrospection: FeatureSource[bool]{
-					Level: feature.LevelUnspecified,
-					Value: false,
-				},
 				UserSchema: FeatureSource[bool]{
 					Level: feature.LevelUnspecified,
 					Value: false,
@@ -199,10 +179,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, true,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						ctx, aggregate,
-						feature_v2.InstanceLegacyIntrospectionEventType, false,
-					)),
 					eventFromEventPusher(feature_v2.NewSetEvent(
 						ctx, aggregate,
 						feature_v2.InstanceUserSchemaEventType, false,
@@ -230,10 +206,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 					Level: feature.LevelInstance,
 					Value: true,
 				},
-				LegacyIntrospection: FeatureSource[bool]{
-					Level: feature.LevelUnspecified,
-					Value: false,
-				},
 				UserSchema: FeatureSource[bool]{
 					Level: feature.LevelUnspecified,
 					Value: false,
diff --git a/internal/query/projection/instance_features.go b/internal/query/projection/instance_features.go
index 34100a0d66..443353c2e5 100644
--- a/internal/query/projection/instance_features.go
+++ b/internal/query/projection/instance_features.go
@@ -68,10 +68,6 @@ func (*instanceFeatureProjection) Reducers() []handler.AggregateReducer {
 				Event:  feature_v2.InstanceTriggerIntrospectionProjectionsEventType,
 				Reduce: reduceInstanceSetFeature[bool],
 			},
-			{
-				Event:  feature_v2.InstanceLegacyIntrospectionEventType,
-				Reduce: reduceInstanceSetFeature[bool],
-			},
 			{
 				Event:  feature_v2.InstanceUserSchemaEventType,
 				Reduce: reduceInstanceSetFeature[bool],
diff --git a/internal/query/projection/instance_features_test.go b/internal/query/projection/instance_features_test.go
index 4a4a46727f..703a0ce00a 100644
--- a/internal/query/projection/instance_features_test.go
+++ b/internal/query/projection/instance_features_test.go
@@ -26,7 +26,7 @@ func TestInstanceFeaturesProjection_reduces(t *testing.T) {
 			args: args{
 				event: getEvent(
 					testEvent(
-						feature_v2.InstanceLegacyIntrospectionEventType,
+						feature_v2.SystemUserSchemaEventType,
 						feature_v2.AggregateType,
 						[]byte(`{"value": true}`),
 					), eventstore.GenericEventMapper[feature_v2.SetEvent[bool]]),
@@ -41,7 +41,7 @@ func TestInstanceFeaturesProjection_reduces(t *testing.T) {
 							expectedStmt: "INSERT INTO projections.instance_features2 (instance_id, key, creation_date, change_date, sequence, value) VALUES ($1, $2, $3, $4, $5, $6) ON CONFLICT (instance_id, key) DO UPDATE SET (creation_date, change_date, sequence, value) = (projections.instance_features2.creation_date, EXCLUDED.change_date, EXCLUDED.sequence, EXCLUDED.value)",
 							expectedArgs: []interface{}{
 								"agg-id",
-								"legacy_introspection",
+								"user_schema",
 								anyArg{},
 								anyArg{},
 								uint64(15),
diff --git a/internal/query/projection/system_features.go b/internal/query/projection/system_features.go
index de54054e78..3f70f7dfa6 100644
--- a/internal/query/projection/system_features.go
+++ b/internal/query/projection/system_features.go
@@ -60,10 +60,6 @@ func (*systemFeatureProjection) Reducers() []handler.AggregateReducer {
 				Event:  feature_v2.SystemTriggerIntrospectionProjectionsEventType,
 				Reduce: reduceSystemSetFeature[bool],
 			},
-			{
-				Event:  feature_v2.SystemLegacyIntrospectionEventType,
-				Reduce: reduceSystemSetFeature[bool],
-			},
 			{
 				Event:  feature_v2.SystemUserSchemaEventType,
 				Reduce: reduceSystemSetFeature[bool],
diff --git a/internal/query/projection/system_features_test.go b/internal/query/projection/system_features_test.go
index 9bc19573cc..b64db7fb0a 100644
--- a/internal/query/projection/system_features_test.go
+++ b/internal/query/projection/system_features_test.go
@@ -24,7 +24,7 @@ func TestSystemFeaturesProjection_reduces(t *testing.T) {
 			args: args{
 				event: getEvent(
 					testEvent(
-						feature_v2.SystemLegacyIntrospectionEventType,
+						feature_v2.SystemUserSchemaEventType,
 						feature_v2.AggregateType,
 						[]byte(`{"value": true}`),
 					), eventstore.GenericEventMapper[feature_v2.SetEvent[bool]]),
@@ -38,7 +38,7 @@ func TestSystemFeaturesProjection_reduces(t *testing.T) {
 						{
 							expectedStmt: "INSERT INTO projections.system_features (key, creation_date, change_date, sequence, value) VALUES ($1, $2, $3, $4, $5) ON CONFLICT (key) DO UPDATE SET (creation_date, change_date, sequence, value) = (projections.system_features.creation_date, EXCLUDED.change_date, EXCLUDED.sequence, EXCLUDED.value)",
 							expectedArgs: []interface{}{
-								"legacy_introspection",
+								"user_schema",
 								anyArg{},
 								anyArg{},
 								uint64(15),
diff --git a/internal/query/system_features.go b/internal/query/system_features.go
index dcbbb7d6fe..8c340ce739 100644
--- a/internal/query/system_features.go
+++ b/internal/query/system_features.go
@@ -22,7 +22,6 @@ type SystemFeatures struct {
 
 	LoginDefaultOrg                 FeatureSource[bool]
 	TriggerIntrospectionProjections FeatureSource[bool]
-	LegacyIntrospection             FeatureSource[bool]
 	UserSchema                      FeatureSource[bool]
 	TokenExchange                   FeatureSource[bool]
 	ImprovedPerformance             FeatureSource[[]feature.ImprovedPerformanceType]
diff --git a/internal/query/system_features_model.go b/internal/query/system_features_model.go
index 69e1f35968..f91bc7d1e9 100644
--- a/internal/query/system_features_model.go
+++ b/internal/query/system_features_model.go
@@ -57,7 +57,6 @@ func (m *SystemFeaturesReadModel) Query() *eventstore.SearchQueryBuilder {
 			feature_v2.SystemResetEventType,
 			feature_v2.SystemLoginDefaultOrgEventType,
 			feature_v2.SystemTriggerIntrospectionProjectionsEventType,
-			feature_v2.SystemLegacyIntrospectionEventType,
 			feature_v2.SystemUserSchemaEventType,
 			feature_v2.SystemTokenExchangeEventType,
 			feature_v2.SystemImprovedPerformanceEventType,
@@ -81,15 +80,12 @@ func reduceSystemFeatureSet[T any](features *SystemFeatures, event *feature_v2.S
 		return err
 	}
 	switch key {
-	case feature.KeyUnspecified,
-		feature.KeyActionsDeprecated:
+	case feature.KeyUnspecified:
 		return nil
 	case feature.KeyLoginDefaultOrg:
 		features.LoginDefaultOrg.set(level, event.Value)
 	case feature.KeyTriggerIntrospectionProjections:
 		features.TriggerIntrospectionProjections.set(level, event.Value)
-	case feature.KeyLegacyIntrospection:
-		features.LegacyIntrospection.set(level, event.Value)
 	case feature.KeyUserSchema:
 		features.UserSchema.set(level, event.Value)
 	case feature.KeyTokenExchange:
diff --git a/internal/query/system_features_test.go b/internal/query/system_features_test.go
index 5a58ac23d7..da59ceb549 100644
--- a/internal/query/system_features_test.go
+++ b/internal/query/system_features_test.go
@@ -53,10 +53,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemTriggerIntrospectionProjectionsEventType, true,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						context.Background(), aggregate,
-						feature_v2.SystemLegacyIntrospectionEventType, false,
-					)),
 					eventFromEventPusher(feature_v2.NewSetEvent(
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, false,
@@ -75,10 +71,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 					Level: feature.LevelSystem,
 					Value: true,
 				},
-				LegacyIntrospection: FeatureSource[bool]{
-					Level: feature.LevelSystem,
-					Value: false,
-				},
 				UserSchema: FeatureSource[bool]{
 					Level: feature.LevelSystem,
 					Value: false,
@@ -97,10 +89,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemTriggerIntrospectionProjectionsEventType, true,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						context.Background(), aggregate,
-						feature_v2.SystemLegacyIntrospectionEventType, false,
-					)),
 					eventFromEventPusher(feature_v2.NewSetEvent(
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, false,
@@ -127,10 +115,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 					Level: feature.LevelSystem,
 					Value: true,
 				},
-				LegacyIntrospection: FeatureSource[bool]{
-					Level: feature.LevelUnspecified,
-					Value: false,
-				},
 				UserSchema: FeatureSource[bool]{
 					Level: feature.LevelUnspecified,
 					Value: false,
@@ -149,10 +133,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemTriggerIntrospectionProjectionsEventType, true,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						context.Background(), aggregate,
-						feature_v2.SystemLegacyIntrospectionEventType, false,
-					)),
 					eventFromEventPusher(feature_v2.NewSetEvent(
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, false,
@@ -179,10 +159,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 					Level: feature.LevelSystem,
 					Value: true,
 				},
-				LegacyIntrospection: FeatureSource[bool]{
-					Level: feature.LevelUnspecified,
-					Value: false,
-				},
 				UserSchema: FeatureSource[bool]{
 					Level: feature.LevelUnspecified,
 					Value: false,
diff --git a/internal/query/user_grant.go b/internal/query/user_grant.go
index ebd4ab7c0c..05d80fe381 100644
--- a/internal/query/user_grant.go
+++ b/internal/query/user_grant.go
@@ -78,14 +78,6 @@ func NewUserGrantProjectIDSearchQuery(id string) (SearchQuery, error) {
 	return NewTextQuery(UserGrantProjectID, id, TextEquals)
 }
 
-func NewUserGrantProjectIDsSearchQuery(ids []string) (SearchQuery, error) {
-	list := make([]interface{}, len(ids))
-	for i, value := range ids {
-		list[i] = value
-	}
-	return NewListQuery(UserGrantProjectID, list, ListIn)
-}
-
 func NewUserGrantProjectOwnerSearchQuery(id string) (SearchQuery, error) {
 	return NewTextQuery(ProjectColumnResourceOwner, id, TextEquals)
 }
diff --git a/internal/repository/feature/feature_v2/eventstore.go b/internal/repository/feature/feature_v2/eventstore.go
index 00618f56c2..62fa568fca 100644
--- a/internal/repository/feature/feature_v2/eventstore.go
+++ b/internal/repository/feature/feature_v2/eventstore.go
@@ -9,7 +9,6 @@ func init() {
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemResetEventType, eventstore.GenericEventMapper[ResetEvent])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemLoginDefaultOrgEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemTriggerIntrospectionProjectionsEventType, eventstore.GenericEventMapper[SetEvent[bool]])
-	eventstore.RegisterFilterEventMapper(AggregateType, SystemLegacyIntrospectionEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemUserSchemaEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemTokenExchangeEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemImprovedPerformanceEventType, eventstore.GenericEventMapper[SetEvent[[]feature.ImprovedPerformanceType]])
@@ -22,7 +21,6 @@ func init() {
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceResetEventType, eventstore.GenericEventMapper[ResetEvent])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceLoginDefaultOrgEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceTriggerIntrospectionProjectionsEventType, eventstore.GenericEventMapper[SetEvent[bool]])
-	eventstore.RegisterFilterEventMapper(AggregateType, InstanceLegacyIntrospectionEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceUserSchemaEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceTokenExchangeEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceImprovedPerformanceEventType, eventstore.GenericEventMapper[SetEvent[[]feature.ImprovedPerformanceType]])
diff --git a/internal/repository/feature/feature_v2/feature.go b/internal/repository/feature/feature_v2/feature.go
index d5e8941df2..f75fae618b 100644
--- a/internal/repository/feature/feature_v2/feature.go
+++ b/internal/repository/feature/feature_v2/feature.go
@@ -14,7 +14,6 @@ var (
 	SystemResetEventType                           = resetEventTypeFromFeature(feature.LevelSystem)
 	SystemLoginDefaultOrgEventType                 = setEventTypeFromFeature(feature.LevelSystem, feature.KeyLoginDefaultOrg)
 	SystemTriggerIntrospectionProjectionsEventType = setEventTypeFromFeature(feature.LevelSystem, feature.KeyTriggerIntrospectionProjections)
-	SystemLegacyIntrospectionEventType             = setEventTypeFromFeature(feature.LevelSystem, feature.KeyLegacyIntrospection)
 	SystemUserSchemaEventType                      = setEventTypeFromFeature(feature.LevelSystem, feature.KeyUserSchema)
 	SystemTokenExchangeEventType                   = setEventTypeFromFeature(feature.LevelSystem, feature.KeyTokenExchange)
 	SystemImprovedPerformanceEventType             = setEventTypeFromFeature(feature.LevelSystem, feature.KeyImprovedPerformance)
@@ -27,7 +26,6 @@ var (
 	InstanceResetEventType                           = resetEventTypeFromFeature(feature.LevelInstance)
 	InstanceLoginDefaultOrgEventType                 = setEventTypeFromFeature(feature.LevelInstance, feature.KeyLoginDefaultOrg)
 	InstanceTriggerIntrospectionProjectionsEventType = setEventTypeFromFeature(feature.LevelInstance, feature.KeyTriggerIntrospectionProjections)
-	InstanceLegacyIntrospectionEventType             = setEventTypeFromFeature(feature.LevelInstance, feature.KeyLegacyIntrospection)
 	InstanceUserSchemaEventType                      = setEventTypeFromFeature(feature.LevelInstance, feature.KeyUserSchema)
 	InstanceTokenExchangeEventType                   = setEventTypeFromFeature(feature.LevelInstance, feature.KeyTokenExchange)
 	InstanceImprovedPerformanceEventType             = setEventTypeFromFeature(feature.LevelInstance, feature.KeyImprovedPerformance)
diff --git a/proto/zitadel/feature/v2/instance.proto b/proto/zitadel/feature/v2/instance.proto
index fe8d3f7a39..0455befb46 100644
--- a/proto/zitadel/feature/v2/instance.proto
+++ b/proto/zitadel/feature/v2/instance.proto
@@ -11,8 +11,8 @@ import "zitadel/feature/v2/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2;feature";
 
 message SetInstanceFeaturesRequest{
-  reserved 6;
-  reserved "actions";
+  reserved 3, 6;
+  reserved "oidc_legacy_introspection", "actions";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -25,12 +25,6 @@ message SetInstanceFeaturesRequest{
       description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
     }
   ];
-  optional bool oidc_legacy_introspection = 3 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
 
   optional bool user_schema = 4 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -131,8 +125,8 @@ message GetInstanceFeaturesRequest {
 }
 
 message GetInstanceFeaturesResponse {
-  reserved 7;
-  reserved "actions";
+  reserved 4, 7;
+  reserved "oidc_legacy_introspection", "actions";
   zitadel.object.v2.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -148,13 +142,6 @@ message GetInstanceFeaturesResponse {
     }
   ];
 
-  FeatureFlag oidc_legacy_introspection = 4 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
-
   FeatureFlag user_schema = 5 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
diff --git a/proto/zitadel/feature/v2/system.proto b/proto/zitadel/feature/v2/system.proto
index d222e2a90c..ac39e62f09 100644
--- a/proto/zitadel/feature/v2/system.proto
+++ b/proto/zitadel/feature/v2/system.proto
@@ -11,8 +11,8 @@ import "zitadel/feature/v2/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2;feature";
 
 message SetSystemFeaturesRequest{
-  reserved 6;
-  reserved "actions";
+  reserved 3, 6;
+  reserved "oidc_legacy_introspection", "actions";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -27,13 +27,6 @@ message SetSystemFeaturesRequest{
     }
   ];
 
-  optional bool oidc_legacy_introspection = 3 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
-
   optional bool user_schema = 4 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -105,8 +98,8 @@ message ResetSystemFeaturesResponse {
 message GetSystemFeaturesRequest {}
 
 message GetSystemFeaturesResponse {
-  reserved 7;
-  reserved "actions";
+  reserved 4, 7;
+  reserved "oidc_legacy_introspection", "actions";
   zitadel.object.v2.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -122,13 +115,6 @@ message GetSystemFeaturesResponse {
     }
   ];
 
-  FeatureFlag oidc_legacy_introspection = 4 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
-
   FeatureFlag user_schema = 5 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
diff --git a/proto/zitadel/feature/v2beta/instance.proto b/proto/zitadel/feature/v2beta/instance.proto
index 7717dd7556..8028305fe4 100644
--- a/proto/zitadel/feature/v2beta/instance.proto
+++ b/proto/zitadel/feature/v2beta/instance.proto
@@ -11,8 +11,8 @@ import "zitadel/feature/v2beta/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta;feature";
 
 message SetInstanceFeaturesRequest{
-  reserved 6;
-  reserved "actions";
+  reserved 3, 6;
+  reserved "oidc_legacy_introspection", "actions";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -25,12 +25,6 @@ message SetInstanceFeaturesRequest{
       description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
     }
   ];
-  optional bool oidc_legacy_introspection = 3 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
 
   optional bool user_schema = 4 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -97,8 +91,8 @@ message GetInstanceFeaturesRequest {
 }
 
 message GetInstanceFeaturesResponse {
-  reserved 7;
-  reserved "actions";
+  reserved 4, 7;
+  reserved "oidc_legacy_introspection", "actions";
   zitadel.object.v2beta.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -114,13 +108,6 @@ message GetInstanceFeaturesResponse {
     }
   ];
 
-  FeatureFlag oidc_legacy_introspection = 4 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
-
   FeatureFlag user_schema = 5 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
diff --git a/proto/zitadel/feature/v2beta/system.proto b/proto/zitadel/feature/v2beta/system.proto
index 624e68ec79..95bf71da9b 100644
--- a/proto/zitadel/feature/v2beta/system.proto
+++ b/proto/zitadel/feature/v2beta/system.proto
@@ -11,8 +11,8 @@ import "zitadel/feature/v2beta/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta;feature";
 
 message SetSystemFeaturesRequest{
-  reserved 6;
-  reserved "actions";
+  reserved 3, 6;
+  reserved "oidc_legacy_introspection", "actions";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -27,13 +27,6 @@ message SetSystemFeaturesRequest{
     }
   ];
 
-  optional bool oidc_legacy_introspection = 3 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
-
   optional bool user_schema = 4 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -78,8 +71,8 @@ message ResetSystemFeaturesResponse {
 message GetSystemFeaturesRequest {}
 
 message GetSystemFeaturesResponse {
-  reserved 7;
-  reserved "actions";
+  reserved 4, 7;
+  reserved "oidc_legacy_introspection", "actions";
   zitadel.object.v2beta.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -95,13 +88,6 @@ message GetSystemFeaturesResponse {
     }
   ];
 
-  FeatureFlag oidc_legacy_introspection = 4 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
-
   FeatureFlag user_schema = 5 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";

From 016676e1dc21f031eb3819179f7c2827ad30ca3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Thu, 26 Jun 2025 19:17:45 +0300
Subject: [PATCH 106/123] chore(oidc): graduate webkey to stable (#10122)

# Which Problems Are Solved

Stabilize the usage of webkeys.

# How the Problems Are Solved

- Remove all legacy signing key code from the OIDC API
- Remove the webkey feature flag from proto
- Remove the webkey feature flag from console
- Cleanup documentation

# Additional Changes

- Resolved some canonical header linter errors in OIDC
- Use the constant for `projections.lock` in the saml package.

# Additional Context

- Closes #10029
- After #10105
- After #10061
---
 cmd/start/start.go                            |   1 -
 .../components/features/features.component.ts |   1 -
 console/src/assets/i18n/bg.json               |   2 -
 console/src/assets/i18n/cs.json               |   2 -
 console/src/assets/i18n/de.json               |   2 -
 console/src/assets/i18n/en.json               |   2 -
 console/src/assets/i18n/es.json               |   2 -
 console/src/assets/i18n/fr.json               |   2 -
 console/src/assets/i18n/hu.json               |   2 -
 console/src/assets/i18n/id.json               |   2 -
 console/src/assets/i18n/it.json               |   2 -
 console/src/assets/i18n/ja.json               |   2 -
 console/src/assets/i18n/ko.json               |   2 -
 console/src/assets/i18n/mk.json               |   2 -
 console/src/assets/i18n/nl.json               |   2 -
 console/src/assets/i18n/pl.json               |   2 -
 console/src/assets/i18n/pt.json               |   2 -
 console/src/assets/i18n/ro.json               |   2 -
 console/src/assets/i18n/ru.json               |   2 -
 console/src/assets/i18n/sv.json               |   2 -
 console/src/assets/i18n/zh.json               |   2 -
 .../guides/integrate/login/oidc/webkeys.md    |   7 -
 internal/api/grpc/feature/v2/converter.go     |   2 -
 .../api/grpc/feature/v2/converter_test.go     |  10 -
 internal/api/grpc/feature/v2beta/converter.go |   2 -
 .../api/grpc/feature/v2beta/converter_test.go |  10 -
 .../webkey_integration_test.go                |  62 +--
 internal/api/grpc/webkey/v2beta/webkey.go     |  21 -
 internal/api/oidc/access_token.go             |   2 +-
 internal/api/oidc/auth_request_converter.go   |   9 +-
 .../api/oidc/integration_test/keys_test.go    |  41 +-
 .../oidc/integration_test/userinfo_test.go    |  10 +-
 internal/api/oidc/key.go                      | 210 +-------
 internal/api/oidc/op.go                       |  12 +-
 internal/api/oidc/server.go                   |   2 +-
 internal/api/oidc/server_test.go              |  89 ----
 internal/api/oidc/token.go                    |  21 +-
 internal/api/saml/certificate.go              |   3 +-
 .../eventstore/token_verifier.go              |  29 +-
 internal/command/instance_features.go         |  23 -
 internal/command/instance_features_model.go   |   5 -
 internal/command/key_pair.go                  |  25 -
 internal/crypto/rsa.go                        |   8 -
 internal/feature/feature.go                   |   4 +-
 internal/feature/key_enumer.go                |  65 +--
 .../handlers/back_channel_logout.go           |  18 +-
 .../handlers/mock/commands.mock.go            | 113 ++---
 .../handlers/mock/queries.mock.go             | 137 +++---
 .../notification/handlers/mock/queue.mock.go  |  11 +-
 internal/notification/handlers/queries.go     |   2 -
 internal/query/instance_features.go           |   1 -
 internal/query/instance_features_model.go     |   3 -
 internal/query/key.go                         | 317 ------------
 internal/query/key_test.go                    | 453 ------------------
 .../query/projection/instance_features.go     |   4 -
 .../feature/feature_v2/eventstore.go          |   1 -
 .../repository/feature/feature_v2/feature.go  |   1 -
 proto/zitadel/feature/v2/instance.proto       |  22 +-
 proto/zitadel/feature/v2beta/instance.proto   |  22 +-
 59 files changed, 203 insertions(+), 1614 deletions(-)
 delete mode 100644 internal/query/key_test.go

diff --git a/cmd/start/start.go b/cmd/start/start.go
index 8820480f0c..3c3b5cb3e0 100644
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -550,7 +550,6 @@ func startAPIs(
 		keys.OIDC,
 		keys.OIDCKey,
 		eventstore,
-		dbClient,
 		userAgentInterceptor,
 		instanceInterceptor.Handler,
 		limitingAccessInterceptor,
diff --git a/console/src/app/components/features/features.component.ts b/console/src/app/components/features/features.component.ts
index 70e038bae8..ace2788fcf 100644
--- a/console/src/app/components/features/features.component.ts
+++ b/console/src/app/components/features/features.component.ts
@@ -38,7 +38,6 @@ const FEATURE_KEYS = [
   'oidcTriggerIntrospectionProjections',
   'permissionCheckV2',
   'userSchema',
-  'webKey',
 ] as const;
 
 export type ToggleState = { source: Source; enabled: boolean };
diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json
index 7d594e8318..50c0d66027 100644
--- a/console/src/assets/i18n/bg.json
+++ b/console/src/assets/i18n/bg.json
@@ -1641,8 +1641,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "Back-Channel Logout имплементира OpenID Connect Back-Channel Logout 1.0 и може да се използва за уведомяване на клиентите за прекратяване на сесията при OpenID доставчика.",
       "PERMISSIONCHECKV2": "Проверка на разрешения V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Ако флагът е активиран, ще можете да използвате новия API и неговите функции.",
-      "WEBKEY": "Уеб ключ",
-      "WEBKEY_DESCRIPTION": "Ако флагът е активиран, ще можете да използвате новия API и неговите функции.",
       "STATES": {
         "INHERITED": "Наследено",
         "ENABLED": "Активирано",
diff --git a/console/src/assets/i18n/cs.json b/console/src/assets/i18n/cs.json
index 2ee5d9d0c5..5b4547ccb4 100644
--- a/console/src/assets/i18n/cs.json
+++ b/console/src/assets/i18n/cs.json
@@ -1642,8 +1642,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "Back-Channel Logout implementuje OpenID Connect Back-Channel Logout 1.0 a může být použit k informování klientů o ukončení relace u poskytovatele OpenID.",
       "PERMISSIONCHECKV2": "Kontrola oprávnění V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Pokud je příznak povolen, budete moci používat nový API a jeho funkce.",
-      "WEBKEY": "Webový klíč",
-      "WEBKEY_DESCRIPTION": "Pokud je příznak povolen, budete moci používat nový API a jeho funkce.",
       "STATES": {
         "INHERITED": "Děděno",
         "ENABLED": "Povoleno",
diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json
index b8f8363d13..8fec6498ec 100644
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@@ -1642,8 +1642,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "Der Back-Channel-Logout implementiert OpenID Connect Back-Channel Logout 1.0 und kann verwendet werden, um Clients über die Beendigung der Sitzung beim OpenID-Provider zu benachrichtigen.",
       "PERMISSIONCHECKV2": "Berechtigungsprüfung V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Wenn die Flagge aktiviert ist, können Sie die neue API und ihre Funktionen verwenden.",
-      "WEBKEY": "Web-Schlüssel",
-      "WEBKEY_DESCRIPTION": "Wenn die Flagge aktiviert ist, können Sie die neue API und ihre Funktionen verwenden.",
       "STATES": {
         "INHERITED": "Erben",
         "ENABLED": "Aktiviert",
diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json
index fe152acb81..95fd55bfef 100644
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@@ -1645,8 +1645,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "The Back-Channel Logout implements OpenID Connect Back-Channel Logout 1.0 and can be used to notify clients about session termination at the OpenID Provider.",
       "PERMISSIONCHECKV2": "Permission Check V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "If the flag is enabled, you'll be able to use the new API and its features.",
-      "WEBKEY": "Web Key",
-      "WEBKEY_DESCRIPTION": "If the flag is enabled, you'll be able to use the new API and its features.",
       "STATES": {
         "INHERITED": "Inherit",
         "ENABLED": "Enabled",
diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json
index fff111fd1d..359aa4a0b5 100644
--- a/console/src/assets/i18n/es.json
+++ b/console/src/assets/i18n/es.json
@@ -1643,8 +1643,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "El Back-Channel Logout implementa OpenID Connect Back-Channel Logout 1.0 y se puede usar para notificar a los clientes sobre la terminación de la sesión en el proveedor de OpenID.",
       "PERMISSIONCHECKV2": "Verificación de permisos V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Si la bandera está habilitada, podrá usar la nueva API y sus funciones.",
-      "WEBKEY": "Clave web",
-      "WEBKEY_DESCRIPTION": "Si la bandera está habilitada, podrá usar la nueva API y sus funciones.",
       "STATES": {
         "INHERITED": "Heredado",
         "ENABLED": "Habilitado",
diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json
index fc5cf69602..0864a2f8c0 100644
--- a/console/src/assets/i18n/fr.json
+++ b/console/src/assets/i18n/fr.json
@@ -1642,8 +1642,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "Le Back-Channel Logout implémente OpenID Connect Back-Channel Logout 1.0 et peut être utilisé pour notifier les clients de la fin de session chez le fournisseur OpenID.",
       "PERMISSIONCHECKV2": "Vérification des permissions V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Si le drapeau est activé, vous pourrez utiliser la nouvelle API et ses fonctionnalités.",
-      "WEBKEY": "Clé web",
-      "WEBKEY_DESCRIPTION": "Si le drapeau est activé, vous pourrez utiliser la nouvelle API et ses fonctionnalités.",
       "STATES": {
         "INHERITED": "Hérité",
         "ENABLED": "Activé",
diff --git a/console/src/assets/i18n/hu.json b/console/src/assets/i18n/hu.json
index d7dd32b15a..a87122dc52 100644
--- a/console/src/assets/i18n/hu.json
+++ b/console/src/assets/i18n/hu.json
@@ -1640,8 +1640,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "A Back-Channel Logout megvalósítja az OpenID Connect Back-Channel Logout 1.0-t, és használható az ügyfelek értesítésére a munkamenet befejezéséről az OpenID szolgáltatónál.",
       "PERMISSIONCHECKV2": "Engedély ellenőrzés V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Ha a zászló engedélyezve van, használhatja az új API-t és annak funkcióit.",
-      "WEBKEY": "Webkulcs",
-      "WEBKEY_DESCRIPTION": "Ha a zászló engedélyezve van, használhatja az új API-t és annak funkcióit.",
       "STATES": {
         "INHERITED": "Örököl",
         "ENABLED": "Engedélyezve",
diff --git a/console/src/assets/i18n/id.json b/console/src/assets/i18n/id.json
index 3dcd7b36b7..3f245d03c5 100644
--- a/console/src/assets/i18n/id.json
+++ b/console/src/assets/i18n/id.json
@@ -1513,8 +1513,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "The Back-Channel Logout implements OpenID Connect Back-Channel Logout 1.0 and can be used to notify clients about session termination at the OpenID Provider.",
       "PERMISSIONCHECKV2": "Permission Check V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "If the flag is enabled, you'll be able to use the new API and its features.",
-      "WEBKEY": "Web Key",
-      "WEBKEY_DESCRIPTION": "If the flag is enabled, you'll be able to use the new API and its features.",
       "STATES": { "INHERITED": "Mewarisi", "ENABLED": "Diaktifkan", "DISABLED": "Dengan disabilitas" },
       "INHERITED_DESCRIPTION": "Ini menetapkan nilai ke nilai default sistem.",
       "INHERITEDINDICATOR_DESCRIPTION": {
diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json
index da1df2ba38..e127281433 100644
--- a/console/src/assets/i18n/it.json
+++ b/console/src/assets/i18n/it.json
@@ -1642,8 +1642,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "Il Back-Channel Logout implementa OpenID Connect Back-Channel Logout 1.0 e può essere utilizzato per notificare ai client la terminazione della sessione presso il provider OpenID.",
       "PERMISSIONCHECKV2": "Controllo permessi V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Se il flag è abilitato, potrai utilizzare la nuova API e le sue funzionalità.",
-      "WEBKEY": "Chiave Web",
-      "WEBKEY_DESCRIPTION": "Se il flag è abilitato, potrai utilizzare la nuova API e le sue funzionalità.",
       "STATES": {
         "INHERITED": "Predefinito",
         "ENABLED": "Abilitato",
diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json
index 1828a8ada8..250561e938 100644
--- a/console/src/assets/i18n/ja.json
+++ b/console/src/assets/i18n/ja.json
@@ -1642,8 +1642,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "バックチャネルログアウトは OpenID Connect バックチャネルログアウト 1.0 を実装し、OpenID プロバイダーでのセッション終了についてクライアントに通知するために使用できます。",
       "PERMISSIONCHECKV2": "権限チェック V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "フラグが有効になっている場合、新しい API とその機能を使用できます。",
-      "WEBKEY": "ウェブキー",
-      "WEBKEY_DESCRIPTION": "フラグが有効になっている場合、新しい API とその機能を使用できます。",
       "STATES": {
         "INHERITED": "継承",
         "ENABLED": "有効",
diff --git a/console/src/assets/i18n/ko.json b/console/src/assets/i18n/ko.json
index af5fa65972..716375941d 100644
--- a/console/src/assets/i18n/ko.json
+++ b/console/src/assets/i18n/ko.json
@@ -1642,8 +1642,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "백채널 로그아웃은 OpenID Connect 백채널 로그아웃 1.0을 구현하며, OpenID 제공자에서 세션 종료에 대해 클라이언트에게 알리는 데 사용할 수 있습니다.",
       "PERMISSIONCHECKV2": "권한 확인 V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "플래그가 활성화되면 새로운 API와 그 기능을 사용할 수 있습니다.",
-      "WEBKEY": "웹 키",
-      "WEBKEY_DESCRIPTION": "플래그가 활성화되면 새로운 API와 그 기능을 사용할 수 있습니다.",
       "STATES": {
         "INHERITED": "상속",
         "ENABLED": "활성화됨",
diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json
index 1e85e06928..39836f5dfc 100644
--- a/console/src/assets/i18n/mk.json
+++ b/console/src/assets/i18n/mk.json
@@ -1643,8 +1643,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "Back-Channel Logout имплементира OpenID Connect Back-Channel Logout 1.0 и може да се користи за известување на клиентите за завршување на сесијата кај OpenID провајдерот.",
       "PERMISSIONCHECKV2": "Проверка на дозволи V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Ако знамето е овозможено, ќе можете да ја користите новата API и нејзините функции.",
-      "WEBKEY": "Веб клуч",
-      "WEBKEY_DESCRIPTION": "Ако знамето е овозможено, ќе можете да ја користите новата API и нејзините функции.",
       "STATES": {
         "INHERITED": "Наследи",
         "ENABLED": "Овозможено",
diff --git a/console/src/assets/i18n/nl.json b/console/src/assets/i18n/nl.json
index c3de881784..c49867aa3e 100644
--- a/console/src/assets/i18n/nl.json
+++ b/console/src/assets/i18n/nl.json
@@ -1642,8 +1642,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "De Back-Channel Logout implementeert OpenID Connect Back-Channel Logout 1.0 en kan worden gebruikt om clients te informeren over het beëindigen van de sessie bij de OpenID-provider.",
       "PERMISSIONCHECKV2": "Permissiecontrole V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Als de vlag is ingeschakeld, kunt u de nieuwe API en de bijbehorende functies gebruiken.",
-      "WEBKEY": "Websleutel",
-      "WEBKEY_DESCRIPTION": "Als de vlag is ingeschakeld, kunt u de nieuwe API en de bijbehorende functies gebruiken.",
       "STATES": {
         "INHERITED": "Overgenomen",
         "ENABLED": "Ingeschakeld",
diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json
index ca5476463d..abf2e1ba8a 100644
--- a/console/src/assets/i18n/pl.json
+++ b/console/src/assets/i18n/pl.json
@@ -1641,8 +1641,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "Back-Channel Logout implementuje OpenID Connect Back-Channel Logout 1.0 i może być używany do powiadamiania klientów o zakończeniu sesji u dostawcy OpenID.",
       "PERMISSIONCHECKV2": "Sprawdzanie uprawnień V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Jeśli flaga jest włączona, będziesz mógł korzystać z nowego API i jego funkcji.",
-      "WEBKEY": "Klucz Web",
-      "WEBKEY_DESCRIPTION": "Jeśli flaga jest włączona, będziesz mógł korzystać z nowego API i jego funkcji.",
       "STATES": {
         "INHERITED": "Dziedziczony",
         "ENABLED": "Włączony",
diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json
index 7c68a4cada..8b858bd44e 100644
--- a/console/src/assets/i18n/pt.json
+++ b/console/src/assets/i18n/pt.json
@@ -1643,8 +1643,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "O Logout de Back-Channel implementa o OpenID Connect Back-Channel Logout 1.0 e pode ser usado para notificar os clientes sobre a terminação da sessão no Provedor de OpenID.",
       "PERMISSIONCHECKV2": "Verificação de Permissão V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Se a bandeira estiver ativada, você poderá usar a nova API e seus recursos.",
-      "WEBKEY": "Chave Web",
-      "WEBKEY_DESCRIPTION": "Se a bandeira estiver ativada, você poderá usar a nova API e seus recursos.",
       "STATES": {
         "INHERITED": "Herdade",
         "ENABLED": "Habilitado",
diff --git a/console/src/assets/i18n/ro.json b/console/src/assets/i18n/ro.json
index 0e0802a17c..d2f51a81e0 100644
--- a/console/src/assets/i18n/ro.json
+++ b/console/src/assets/i18n/ro.json
@@ -1640,8 +1640,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "Logout-ul Back-Channel implementează OpenID Connect Back-Channel Logout 1.0 și poate fi folosit pentru a notifica clienții despre terminarea sesiunii la Producătorul OpenID.",
       "PERMISSIONCHECKV2": "Verificare Permisiuni V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Dacă steagul este activat, veți putea folosi noua API și funcțiile sale.",
-      "WEBKEY": "Cheie Web",
-      "WEBKEY_DESCRIPTION": "Dacă steagul este activat, veți putea folosi noua API și funcțiile sale.",
       "STATES": {
         "INHERITED": "Moșteniți",
         "ENABLED": "Activat",
diff --git a/console/src/assets/i18n/ru.json b/console/src/assets/i18n/ru.json
index 8e06568a82..3070b311e7 100644
--- a/console/src/assets/i18n/ru.json
+++ b/console/src/assets/i18n/ru.json
@@ -1695,8 +1695,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "Back-Channel Logout реализует OpenID Connect Back-Channel Logout 1.0 и может использоваться для уведомления клиентов о завершении сеанса у поставщика OpenID.",
       "PERMISSIONCHECKV2": "Проверка Разрешений V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Если флаг включен, вы сможете использовать новый API и его функции.",
-      "WEBKEY": "Веб-ключ",
-      "WEBKEY_DESCRIPTION": "Если флаг включен, вы сможете использовать новый API и его функции.",
       "STATES": {
         "INHERITED": "Наследовать",
         "ENABLED": "Включено",
diff --git a/console/src/assets/i18n/sv.json b/console/src/assets/i18n/sv.json
index 1b80021a67..8f03501054 100644
--- a/console/src/assets/i18n/sv.json
+++ b/console/src/assets/i18n/sv.json
@@ -1646,8 +1646,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "Back-Channel Logout implementerar OpenID Connect Back-Channel Logout 1.0 och kan användas för att meddela klienter om sessionens avslutning hos OpenID-leverantören.",
       "PERMISSIONCHECKV2": "Behörighetskontroll V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "Om flaggan är aktiverad kan du använda den nya API:n och dess funktioner.",
-      "WEBKEY": "Webbnyckel",
-      "WEBKEY_DESCRIPTION": "Om flaggan är aktiverad kan du använda den nya API:n och dess funktioner.",
       "STATES": {
         "INHERITED": "Ärv",
         "ENABLED": "Aktiverad",
diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json
index 9565b61eca..0431405979 100644
--- a/console/src/assets/i18n/zh.json
+++ b/console/src/assets/i18n/zh.json
@@ -1642,8 +1642,6 @@
       "ENABLEBACKCHANNELLOGOUT_DESCRIPTION": "Back-Channel 注销实现了 OpenID Connect Back-Channel Logout 1.0，可用于通知客户端在 OpenID 提供商处终止会话。",
       "PERMISSIONCHECKV2": "权限检查 V2",
       "PERMISSIONCHECKV2_DESCRIPTION": "如果启用该标志，您将能够使用新的 API 及其功能。",
-      "WEBKEY": "Web 密钥",
-      "WEBKEY_DESCRIPTION": "如果启用该标志，您将能够使用新的 API 及其功能。",
       "STATES": {
         "INHERITED": "继承",
         "ENABLED": "已启用",
diff --git a/docs/docs/guides/integrate/login/oidc/webkeys.md b/docs/docs/guides/integrate/login/oidc/webkeys.md
index 62f62a90e0..288284fefc 100644
--- a/docs/docs/guides/integrate/login/oidc/webkeys.md
+++ b/docs/docs/guides/integrate/login/oidc/webkeys.md
@@ -20,13 +20,6 @@ JWT access tokens, instead of [introspection](/docs/apis/openidoauth/endpoints#i
 ZITADEL uses public key verification when API calls are made or when the userInfo or introspection
 endpoints are called with a JWT access token.
 
-:::info
-Web keys are an [experimental](/docs/support/software-release-cycles-support#beta) feature. Be sure to enable the `web_key` [feature](/docs/apis/resources/feature_service_v2/feature-service-set-instance-features) before using it.
-
-The documentation describes the state of the feature in ZITADEL V3.
-Test the feature and add improvement or bug reports directly to the [github repository](https://github.com/zitadel/zitadel) or let us know your general feedback in the [discord thread](https://discord.com/channels/927474939156643850/1329100936127320175/threads/1332344892629717075)!
-:::
-
 ### JSON Web Key
 
 ZITADEL implements the [RFC7517 - JSON Web Key (JWK)](https://www.rfc-editor.org/rfc/rfc7517) format for storage and distribution of public keys.
diff --git a/internal/api/grpc/feature/v2/converter.go b/internal/api/grpc/feature/v2/converter.go
index 56d3009457..1f0a3b21e7 100644
--- a/internal/api/grpc/feature/v2/converter.go
+++ b/internal/api/grpc/feature/v2/converter.go
@@ -58,7 +58,6 @@ func instanceFeaturesToCommand(req *feature_pb.SetInstanceFeaturesRequest) (*com
 		UserSchema:                      req.UserSchema,
 		TokenExchange:                   req.OidcTokenExchange,
 		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
-		WebKey:                          req.WebKey,
 		DebugOIDCParentError:            req.DebugOidcParentError,
 		OIDCSingleV1SessionTermination:  req.OidcSingleV1SessionTermination,
 		DisableUserTokenEvent:           req.DisableUserTokenEvent,
@@ -77,7 +76,6 @@ func instanceFeaturesToPb(f *query.InstanceFeatures) *feature_pb.GetInstanceFeat
 		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
 		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
 		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
-		WebKey:                              featureSourceToFlagPb(&f.WebKey),
 		DebugOidcParentError:                featureSourceToFlagPb(&f.DebugOIDCParentError),
 		OidcSingleV1SessionTermination:      featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
 		DisableUserTokenEvent:               featureSourceToFlagPb(&f.DisableUserTokenEvent),
diff --git a/internal/api/grpc/feature/v2/converter_test.go b/internal/api/grpc/feature/v2/converter_test.go
index b77ed438f5..d09f1839ba 100644
--- a/internal/api/grpc/feature/v2/converter_test.go
+++ b/internal/api/grpc/feature/v2/converter_test.go
@@ -153,7 +153,6 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 		UserSchema:                          gu.Ptr(true),
 		OidcTokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:                 nil,
-		WebKey:                              gu.Ptr(true),
 		DebugOidcParentError:                gu.Ptr(true),
 		OidcSingleV1SessionTermination:      gu.Ptr(true),
 		EnableBackChannelLogout:             gu.Ptr(true),
@@ -169,7 +168,6 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 		UserSchema:                      gu.Ptr(true),
 		TokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:             nil,
-		WebKey:                          gu.Ptr(true),
 		DebugOIDCParentError:            gu.Ptr(true),
 		OIDCSingleV1SessionTermination:  gu.Ptr(true),
 		EnableBackChannelLogout:         gu.Ptr(true),
@@ -211,10 +209,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: []feature.ImprovedPerformanceType{feature.ImprovedPerformanceTypeOrgByID},
 		},
-		WebKey: query.FeatureSource[bool]{
-			Level: feature.LevelInstance,
-			Value: true,
-		},
 		OIDCSingleV1SessionTermination: query.FeatureSource[bool]{
 			Level: feature.LevelInstance,
 			Value: true,
@@ -265,10 +259,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			ExecutionPaths: []feature_pb.ImprovedPerformance{feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_ORG_BY_ID},
 			Source:         feature_pb.Source_SOURCE_SYSTEM,
 		},
-		WebKey: &feature_pb.FeatureFlag{
-			Enabled: true,
-			Source:  feature_pb.Source_SOURCE_INSTANCE,
-		},
 		DebugOidcParentError: &feature_pb.FeatureFlag{
 			Enabled: false,
 			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
diff --git a/internal/api/grpc/feature/v2beta/converter.go b/internal/api/grpc/feature/v2beta/converter.go
index 406146fdbe..8927b16e29 100644
--- a/internal/api/grpc/feature/v2beta/converter.go
+++ b/internal/api/grpc/feature/v2beta/converter.go
@@ -38,7 +38,6 @@ func instanceFeaturesToCommand(req *feature_pb.SetInstanceFeaturesRequest) *comm
 		UserSchema:                      req.UserSchema,
 		TokenExchange:                   req.OidcTokenExchange,
 		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
-		WebKey:                          req.WebKey,
 		DebugOIDCParentError:            req.DebugOidcParentError,
 		OIDCSingleV1SessionTermination:  req.OidcSingleV1SessionTermination,
 	}
@@ -52,7 +51,6 @@ func instanceFeaturesToPb(f *query.InstanceFeatures) *feature_pb.GetInstanceFeat
 		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
 		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
 		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
-		WebKey:                              featureSourceToFlagPb(&f.WebKey),
 		DebugOidcParentError:                featureSourceToFlagPb(&f.DebugOIDCParentError),
 		OidcSingleV1SessionTermination:      featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
 	}
diff --git a/internal/api/grpc/feature/v2beta/converter_test.go b/internal/api/grpc/feature/v2beta/converter_test.go
index 2395574733..5fdb5e993e 100644
--- a/internal/api/grpc/feature/v2beta/converter_test.go
+++ b/internal/api/grpc/feature/v2beta/converter_test.go
@@ -111,7 +111,6 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 		UserSchema:                          gu.Ptr(true),
 		OidcTokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:                 nil,
-		WebKey:                              gu.Ptr(true),
 		OidcSingleV1SessionTermination:      gu.Ptr(true),
 	}
 	want := &command.InstanceFeatures{
@@ -120,7 +119,6 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 		UserSchema:                      gu.Ptr(true),
 		TokenExchange:                   gu.Ptr(true),
 		ImprovedPerformance:             nil,
-		WebKey:                          gu.Ptr(true),
 		OIDCSingleV1SessionTermination:  gu.Ptr(true),
 	}
 	got := instanceFeaturesToCommand(arg)
@@ -154,10 +152,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: []feature.ImprovedPerformanceType{feature.ImprovedPerformanceTypeOrgByID},
 		},
-		WebKey: query.FeatureSource[bool]{
-			Level: feature.LevelInstance,
-			Value: true,
-		},
 		OIDCSingleV1SessionTermination: query.FeatureSource[bool]{
 			Level: feature.LevelInstance,
 			Value: true,
@@ -189,10 +183,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			ExecutionPaths: []feature_pb.ImprovedPerformance{feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_ORG_BY_ID},
 			Source:         feature_pb.Source_SOURCE_SYSTEM,
 		},
-		WebKey: &feature_pb.FeatureFlag{
-			Enabled: true,
-			Source:  feature_pb.Source_SOURCE_INSTANCE,
-		},
 		DebugOidcParentError: &feature_pb.FeatureFlag{
 			Enabled: false,
 			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
diff --git a/internal/api/grpc/webkey/v2beta/integration_test/webkey_integration_test.go b/internal/api/grpc/webkey/v2beta/integration_test/webkey_integration_test.go
index 002669c233..0cbf629b43 100644
--- a/internal/api/grpc/webkey/v2beta/integration_test/webkey_integration_test.go
+++ b/internal/api/grpc/webkey/v2beta/integration_test/webkey_integration_test.go
@@ -12,11 +12,9 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/integration"
-	"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
 	webkey "github.com/zitadel/zitadel/pkg/grpc/webkey/v2beta"
 )
 
@@ -33,34 +31,8 @@ func TestMain(m *testing.M) {
 	}())
 }
 
-func TestServer_Feature_Disabled(t *testing.T) {
-	instance, iamCtx, _ := createInstance(t, false)
-	client := instance.Client.WebKeyV2Beta
-
-	t.Run("CreateWebKey", func(t *testing.T) {
-		_, err := client.CreateWebKey(iamCtx, &webkey.CreateWebKeyRequest{})
-		assertFeatureDisabledError(t, err)
-	})
-	t.Run("ActivateWebKey", func(t *testing.T) {
-		_, err := client.ActivateWebKey(iamCtx, &webkey.ActivateWebKeyRequest{
-			Id: "1",
-		})
-		assertFeatureDisabledError(t, err)
-	})
-	t.Run("DeleteWebKey", func(t *testing.T) {
-		_, err := client.DeleteWebKey(iamCtx, &webkey.DeleteWebKeyRequest{
-			Id: "1",
-		})
-		assertFeatureDisabledError(t, err)
-	})
-	t.Run("ListWebKeys", func(t *testing.T) {
-		_, err := client.ListWebKeys(iamCtx, &webkey.ListWebKeysRequest{})
-		assertFeatureDisabledError(t, err)
-	})
-}
-
 func TestServer_ListWebKeys(t *testing.T) {
-	instance, iamCtx, creationDate := createInstance(t, true)
+	instance, iamCtx, creationDate := createInstance(t)
 	// After the feature is first enabled, we can expect 2 generated keys with the default config.
 	checkWebKeyListState(iamCtx, t, instance, 2, "", &webkey.WebKey_Rsa{
 		Rsa: &webkey.RSA{
@@ -71,7 +43,7 @@ func TestServer_ListWebKeys(t *testing.T) {
 }
 
 func TestServer_CreateWebKey(t *testing.T) {
-	instance, iamCtx, creationDate := createInstance(t, true)
+	instance, iamCtx, creationDate := createInstance(t)
 	client := instance.Client.WebKeyV2Beta
 
 	_, err := client.CreateWebKey(iamCtx, &webkey.CreateWebKeyRequest{
@@ -93,7 +65,7 @@ func TestServer_CreateWebKey(t *testing.T) {
 }
 
 func TestServer_ActivateWebKey(t *testing.T) {
-	instance, iamCtx, creationDate := createInstance(t, true)
+	instance, iamCtx, creationDate := createInstance(t)
 	client := instance.Client.WebKeyV2Beta
 
 	resp, err := client.CreateWebKey(iamCtx, &webkey.CreateWebKeyRequest{
@@ -120,7 +92,7 @@ func TestServer_ActivateWebKey(t *testing.T) {
 }
 
 func TestServer_DeleteWebKey(t *testing.T) {
-	instance, iamCtx, creationDate := createInstance(t, true)
+	instance, iamCtx, creationDate := createInstance(t)
 	client := instance.Client.WebKeyV2Beta
 
 	keyIDs := make([]string, 2)
@@ -197,40 +169,22 @@ func TestServer_DeleteWebKey(t *testing.T) {
 	}, creationDate)
 }
 
-func createInstance(t *testing.T, enableFeature bool) (*integration.Instance, context.Context, *timestamppb.Timestamp) {
+func createInstance(t *testing.T) (*integration.Instance, context.Context, *timestamppb.Timestamp) {
 	instance := integration.NewInstance(CTX)
 	creationDate := timestamppb.Now()
 	iamCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
 
-	if enableFeature {
-		_, err := instance.Client.FeatureV2.SetInstanceFeatures(iamCTX, &feature.SetInstanceFeaturesRequest{
-			WebKey: proto.Bool(true),
-		})
-		require.NoError(t, err)
-	}
-
 	retryDuration, tick := integration.WaitForAndTickWithMaxDuration(iamCTX, time.Minute)
 	assert.EventuallyWithT(t, func(collect *assert.CollectT) {
 		resp, err := instance.Client.WebKeyV2Beta.ListWebKeys(iamCTX, &webkey.ListWebKeysRequest{})
-		if enableFeature {
-			assert.NoError(collect, err)
-			assert.Len(collect, resp.GetWebKeys(), 2)
-		} else {
-			assert.Error(collect, err)
-		}
+		assert.NoError(collect, err)
+		assert.Len(collect, resp.GetWebKeys(), 2)
+
 	}, retryDuration, tick)
 
 	return instance, iamCTX, creationDate
 }
 
-func assertFeatureDisabledError(t *testing.T, err error) {
-	t.Helper()
-	require.Error(t, err)
-	s := status.Convert(err)
-	assert.Equal(t, codes.FailedPrecondition, s.Code())
-	assert.Contains(t, s.Message(), "WEBKEY-Ohx6E")
-}
-
 func checkWebKeyListState(ctx context.Context, t *testing.T, instance *integration.Instance, nKeys int, expectActiveKeyID string, config any, creationDate *timestamppb.Timestamp) {
 	t.Helper()
 
diff --git a/internal/api/grpc/webkey/v2beta/webkey.go b/internal/api/grpc/webkey/v2beta/webkey.go
index d45288dff2..469d6fc9a6 100644
--- a/internal/api/grpc/webkey/v2beta/webkey.go
+++ b/internal/api/grpc/webkey/v2beta/webkey.go
@@ -5,9 +5,7 @@ import (
 
 	"google.golang.org/protobuf/types/known/timestamppb"
 
-	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
-	"github.com/zitadel/zitadel/internal/zerrors"
 	webkey "github.com/zitadel/zitadel/pkg/grpc/webkey/v2beta"
 )
 
@@ -15,9 +13,6 @@ func (s *Server) CreateWebKey(ctx context.Context, req *webkey.CreateWebKeyReque
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	if err = checkWebKeyFeature(ctx); err != nil {
-		return nil, err
-	}
 	webKey, err := s.command.CreateWebKey(ctx, createWebKeyRequestToConfig(req))
 	if err != nil {
 		return nil, err
@@ -33,9 +28,6 @@ func (s *Server) ActivateWebKey(ctx context.Context, req *webkey.ActivateWebKeyR
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	if err = checkWebKeyFeature(ctx); err != nil {
-		return nil, err
-	}
 	details, err := s.command.ActivateWebKey(ctx, req.GetId())
 	if err != nil {
 		return nil, err
@@ -50,9 +42,6 @@ func (s *Server) DeleteWebKey(ctx context.Context, req *webkey.DeleteWebKeyReque
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	if err = checkWebKeyFeature(ctx); err != nil {
-		return nil, err
-	}
 	deletedAt, err := s.command.DeleteWebKey(ctx, req.GetId())
 	if err != nil {
 		return nil, err
@@ -71,9 +60,6 @@ func (s *Server) ListWebKeys(ctx context.Context, _ *webkey.ListWebKeysRequest)
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	if err = checkWebKeyFeature(ctx); err != nil {
-		return nil, err
-	}
 	list, err := s.query.ListWebKeys(ctx)
 	if err != nil {
 		return nil, err
@@ -83,10 +69,3 @@ func (s *Server) ListWebKeys(ctx context.Context, _ *webkey.ListWebKeysRequest)
 		WebKeys: webKeyDetailsListToPb(list),
 	}, nil
 }
-
-func checkWebKeyFeature(ctx context.Context) error {
-	if !authz.GetFeatures(ctx).WebKey {
-		return zerrors.ThrowPreconditionFailed(nil, "WEBKEY-Ohx6E", "Errors.WebKey.FeatureDisabled")
-	}
-	return nil
-}
diff --git a/internal/api/oidc/access_token.go b/internal/api/oidc/access_token.go
index 2f2880efc2..5c0b9c9f66 100644
--- a/internal/api/oidc/access_token.go
+++ b/internal/api/oidc/access_token.go
@@ -53,7 +53,7 @@ func (s *Server) verifyAccessToken(ctx context.Context, tkn string) (_ *accessTo
 		tokenID, subject = split[0], split[1]
 	} else {
 		verifier := op.NewAccessTokenVerifier(op.IssuerFromContext(ctx), s.accessTokenKeySet,
-			op.WithSupportedAccessTokenSigningAlgorithms(supportedSigningAlgs(ctx)...),
+			op.WithSupportedAccessTokenSigningAlgorithms(supportedSigningAlgs()...),
 		)
 		claims, err := op.VerifyAccessToken[*oidc.AccessTokenClaims](ctx, tkn, verifier)
 		if err != nil {
diff --git a/internal/api/oidc/auth_request_converter.go b/internal/api/oidc/auth_request_converter.go
index 2144ca8ba1..064af20de0 100644
--- a/internal/api/oidc/auth_request_converter.go
+++ b/internal/api/oidc/auth_request_converter.go
@@ -140,13 +140,8 @@ func HttpHeadersFromContext(ctx context.Context) (userAgent, acceptLang string)
 	if !ok {
 		return
 	}
-	if agents, ok := ctxHeaders[http_utils.UserAgentHeader]; ok {
-		userAgent = agents[0]
-	}
-	if langs, ok := ctxHeaders[http_utils.AcceptLanguage]; ok {
-		acceptLang = langs[0]
-	}
-	return userAgent, acceptLang
+	return ctxHeaders.Get(http_utils.UserAgentHeader),
+		ctxHeaders.Get(http_utils.AcceptLanguage)
 }
 
 func IpFromContext(ctx context.Context) net.IP {
diff --git a/internal/api/oidc/integration_test/keys_test.go b/internal/api/oidc/integration_test/keys_test.go
index 8b66e980d0..a6223cf1ee 100644
--- a/internal/api/oidc/integration_test/keys_test.go
+++ b/internal/api/oidc/integration_test/keys_test.go
@@ -14,12 +14,10 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/zitadel/oidc/v3/pkg/client"
 	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"google.golang.org/protobuf/proto"
 
 	http_util "github.com/zitadel/zitadel/internal/api/http"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/integration"
-	"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
 	oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2"
 )
 
@@ -53,25 +51,16 @@ func TestServer_Keys(t *testing.T) {
 	require.NoError(t, err)
 
 	tests := []struct {
-		name          string
-		webKeyFeature bool
-		wantLen       int
+		name    string
+		wantLen int
 	}{
 		{
-			name:          "legacy only",
-			webKeyFeature: false,
-			wantLen:       1,
-		},
-		{
-			name:          "webkeys with legacy",
-			webKeyFeature: true,
-			wantLen:       3, // 1 legacy + 2 created by enabling feature flag
+			name:    "webkeys",
+			wantLen: 2, // 2 from instance creation.
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ensureWebKeyFeature(t, instance, tt.webKeyFeature)
-
 			assert.EventuallyWithT(t, func(ttt *assert.CollectT) {
 				resp, err := http.Get(discovery.JwksURI)
 				require.NoError(ttt, err)
@@ -92,30 +81,10 @@ func TestServer_Keys(t *testing.T) {
 				}
 
 				cacheControl := resp.Header.Get("cache-control")
-				if tt.webKeyFeature {
-					require.Equal(ttt, "max-age=300, must-revalidate", cacheControl)
-					return
-				}
-				require.Equal(ttt, "no-store", cacheControl)
+				require.Equal(ttt, "max-age=300, must-revalidate", cacheControl)
 
 			}, time.Minute, time.Second/10)
 		})
 
 	}
 }
-
-func ensureWebKeyFeature(t *testing.T, instance *integration.Instance, set bool) {
-	ctxIam := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
-
-	_, err := instance.Client.FeatureV2.SetInstanceFeatures(ctxIam, &feature.SetInstanceFeaturesRequest{
-		WebKey: proto.Bool(set),
-	})
-	require.NoError(t, err)
-
-	t.Cleanup(func() {
-		_, err := instance.Client.FeatureV2.SetInstanceFeatures(ctxIam, &feature.SetInstanceFeaturesRequest{
-			WebKey: proto.Bool(false),
-		})
-		require.NoError(t, err)
-	})
-}
diff --git a/internal/api/oidc/integration_test/userinfo_test.go b/internal/api/oidc/integration_test/userinfo_test.go
index bf201b242e..b3bc836343 100644
--- a/internal/api/oidc/integration_test/userinfo_test.go
+++ b/internal/api/oidc/integration_test/userinfo_test.go
@@ -35,21 +35,14 @@ func TestServer_UserInfo(t *testing.T) {
 	tests := []struct {
 		name    string
 		trigger bool
-		webKey  bool
 	}{
 		{
 			name:    "trigger enabled",
 			trigger: true,
 		},
-
-		// This is the only functional test we need to cover web keys.
-		// - By creating tokens the signer is tested
-		// - When obtaining the tokens, the RP verifies the ID Token using the key set from the jwks endpoint.
-		// - By calling userinfo with the access token as JWT, the Token Verifier with the public key cache is tested.
 		{
-			name:    "web keys",
+			name:    "trigger disabled",
 			trigger: false,
-			webKey:  true,
 		},
 	}
 
@@ -57,7 +50,6 @@ func TestServer_UserInfo(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			_, err := Instance.Client.FeatureV2.SetInstanceFeatures(iamOwnerCTX, &feature.SetInstanceFeaturesRequest{
 				OidcTriggerIntrospectionProjections: &tt.trigger,
-				WebKey:                              &tt.webKey,
 			})
 			require.NoError(t, err)
 			testServer_UserInfo(t)
diff --git a/internal/api/oidc/key.go b/internal/api/oidc/key.go
index 852bbc7db8..61f874664f 100644
--- a/internal/api/oidc/key.go
+++ b/internal/api/oidc/key.go
@@ -10,18 +10,12 @@ import (
 
 	"github.com/go-jose/go-jose/v4"
 	"github.com/jonboulle/clockwork"
-	"github.com/muhlemmer/gu"
-	"github.com/shopspring/decimal"
-	"github.com/zitadel/logging"
 	"github.com/zitadel/oidc/v3/pkg/op"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	http_util "github.com/zitadel/zitadel/internal/api/http"
 	"github.com/zitadel/zitadel/internal/crypto"
-	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/query"
-	"github.com/zitadel/zitadel/internal/repository/instance"
-	"github.com/zitadel/zitadel/internal/repository/keypair"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
@@ -36,11 +30,8 @@ var supportedWebKeyAlgs = []string{
 	string(jose.ES512),
 }
 
-func supportedSigningAlgs(ctx context.Context) []string {
-	if authz.GetFeatures(ctx).WebKey {
-		return supportedWebKeyAlgs
-	}
-	return []string{string(jose.RS256)}
+func supportedSigningAlgs() []string {
+	return supportedWebKeyAlgs
 }
 
 type cachedPublicKey struct {
@@ -211,15 +202,6 @@ func withKeyExpiryCheck(check bool) keySetOption {
 	}
 }
 
-func jsonWebkey(key query.PublicKey) *jose.JSONWebKey {
-	return &jose.JSONWebKey{
-		KeyID:     key.ID(),
-		Algorithm: key.Algorithm(),
-		Use:       key.Use().String(),
-		Key:       key.Key(),
-	}
-}
-
 // keySetMap is a mapping of key IDs to public key data.
 type keySetMap map[string][]byte
 
@@ -250,7 +232,6 @@ func (k keySetMap) VerifySignature(ctx context.Context, jws *jose.JSONWebSignatu
 }
 
 const (
-	locksTable = "projections.locks"
 	signingKey = "signing_key"
 	oidcUser   = "OIDC"
 
@@ -279,203 +260,36 @@ func (s *SigningKey) ID() string {
 	return s.id
 }
 
-// PublicKey wraps the query.PublicKey to implement the op.Key interface
-type PublicKey struct {
-	key query.PublicKey
-}
-
-func (s *PublicKey) Algorithm() jose.SignatureAlgorithm {
-	return jose.SignatureAlgorithm(s.key.Algorithm())
-}
-
-func (s *PublicKey) Use() string {
-	return s.key.Use().String()
-}
-
-func (s *PublicKey) Key() interface{} {
-	return s.key.Key()
-}
-
-func (s *PublicKey) ID() string {
-	return s.key.ID()
-}
-
 // KeySet implements the op.Storage interface
 func (o *OPStorage) KeySet(ctx context.Context) (keys []op.Key, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-	err = retry(func() error {
-		publicKeys, err := o.query.ActivePublicKeys(ctx, time.Now())
-		if err != nil {
-			return err
-		}
-		keys = make([]op.Key, len(publicKeys.Keys))
-		for i, key := range publicKeys.Keys {
-			keys[i] = &PublicKey{key}
-		}
-		return nil
-	})
-	return keys, err
+	panic(o.panicErr("KeySet"))
 }
 
 // SignatureAlgorithms implements the op.Storage interface
 func (o *OPStorage) SignatureAlgorithms(ctx context.Context) ([]jose.SignatureAlgorithm, error) {
-	key, err := o.SigningKey(ctx)
-	if err != nil {
-		logging.WithError(err).Warn("unable to fetch signing key")
-		return nil, err
-	}
-	return []jose.SignatureAlgorithm{key.SignatureAlgorithm()}, nil
+	panic(o.panicErr("SignatureAlgorithms"))
 }
 
 // SigningKey implements the op.Storage interface
 func (o *OPStorage) SigningKey(ctx context.Context) (key op.SigningKey, err error) {
-	err = retry(func() error {
-		key, err = o.getSigningKey(ctx)
-		if err != nil {
-			return err
-		}
-		if key == nil {
-			return zerrors.ThrowNotFound(nil, "OIDC-ve4Qu", "Errors.Internal")
-		}
-		return nil
-	})
-	return key, err
-}
-
-func (o *OPStorage) getSigningKey(ctx context.Context) (op.SigningKey, error) {
-	keys, err := o.query.ActivePrivateSigningKey(ctx, time.Now().Add(gracefulPeriod))
-	if err != nil {
-		return nil, err
-	}
-	if len(keys.Keys) > 0 {
-		return PrivateKeyToSigningKey(SelectSigningKey(keys.Keys), o.encAlg)
-	}
-	var position decimal.Decimal
-	if keys.State != nil {
-		position = keys.State.Position
-	}
-	return nil, o.refreshSigningKey(ctx, position)
-}
-
-func (o *OPStorage) refreshSigningKey(ctx context.Context, position decimal.Decimal) error {
-	ok, err := o.ensureIsLatestKey(ctx, position)
-	if err != nil || !ok {
-		return zerrors.ThrowInternal(err, "OIDC-ASfh3", "cannot ensure that projection is up to date")
-	}
-	err = o.lockAndGenerateSigningKeyPair(ctx)
-	if err != nil {
-		return zerrors.ThrowInternal(err, "OIDC-ADh31", "could not create signing key")
-	}
-	return zerrors.ThrowInternal(nil, "OIDC-Df1bh", "")
-}
-
-func (o *OPStorage) ensureIsLatestKey(ctx context.Context, position decimal.Decimal) (bool, error) {
-	maxSequence, err := o.getMaxKeyPosition(ctx)
-	if err != nil {
-		return false, fmt.Errorf("error retrieving new events: %w", err)
-	}
-	return position.GreaterThanOrEqual(maxSequence), nil
-}
-
-func PrivateKeyToSigningKey(key query.PrivateKey, algorithm crypto.EncryptionAlgorithm) (_ op.SigningKey, err error) {
-	keyData, err := crypto.Decrypt(key.Key(), algorithm)
-	if err != nil {
-		return nil, err
-	}
-	privateKey, err := crypto.BytesToPrivateKey(keyData)
-	if err != nil {
-		return nil, err
-	}
-	return &SigningKey{
-		algorithm: jose.SignatureAlgorithm(key.Algorithm()),
-		key:       privateKey,
-		id:        key.ID(),
-	}, nil
-}
-
-func (o *OPStorage) lockAndGenerateSigningKeyPair(ctx context.Context) error {
-	logging.Info("lock and generate signing key pair")
-
-	ctx, cancel := context.WithCancel(ctx)
-	defer cancel()
-
-	errs := o.locker.Lock(ctx, lockDuration, authz.GetInstance(ctx).InstanceID())
-	err, ok := <-errs
-	if err != nil || !ok {
-		if zerrors.IsErrorAlreadyExists(err) {
-			return nil
-		}
-		logging.OnError(err).Debug("initial lock failed")
-		return err
-	}
-
-	return o.command.GenerateSigningKeyPair(setOIDCCtx(ctx), "RS256")
-}
-
-func (o *OPStorage) getMaxKeyPosition(ctx context.Context) (decimal.Decimal, error) {
-	return o.eventstore.LatestPosition(ctx,
-		eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxPosition).
-			ResourceOwner(authz.GetInstance(ctx).InstanceID()).
-			AwaitOpenTransactions().
-			AddQuery().
-			AggregateTypes(
-				keypair.AggregateType,
-				instance.AggregateType,
-			).
-			EventTypes(
-				keypair.AddedEventType,
-				instance.InstanceRemovedEventType,
-			).
-			Builder(),
-	)
-}
-
-func SelectSigningKey(keys []query.PrivateKey) query.PrivateKey {
-	return keys[len(keys)-1]
-}
-
-func setOIDCCtx(ctx context.Context) context.Context {
-	return authz.SetCtxData(ctx, authz.CtxData{UserID: oidcUser, OrgID: authz.GetInstance(ctx).InstanceID()})
-}
-
-func retry(retryable func() error) (err error) {
-	for i := 0; i < retryCount; i++ {
-		err = retryable()
-		if err == nil {
-			return nil
-		}
-		time.Sleep(retryBackoff)
-	}
-	return err
+	panic(o.panicErr("SigningKey"))
 }
 
 func (s *Server) Keys(ctx context.Context, r *op.Request[struct{}]) (_ *op.Response, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	if !authz.GetFeatures(ctx).WebKey {
-		return s.LegacyServer.Keys(ctx, r)
-	}
-
 	keyset, err := s.query.GetWebKeySet(ctx)
 	if err != nil {
 		return nil, err
 	}
 
-	// Return legacy keys, so we do not invalidate all tokens
-	// once the feature flag is enabled.
-	legacyKeys, err := s.query.ActivePublicKeys(ctx, time.Now())
-	logging.OnError(err).Error("oidc server: active public keys (legacy)")
-	appendPublicKeysToWebKeySet(keyset, legacyKeys)
-
 	resp := op.NewResponse(keyset)
 	if s.jwksCacheControlMaxAge != 0 {
 		resp.Header.Set(http_util.CacheControl,
 			fmt.Sprintf("max-age=%d, must-revalidate", int(s.jwksCacheControlMaxAge/time.Second)),
 		)
 	}
-
 	return resp, nil
 }
 
@@ -497,20 +311,10 @@ func appendPublicKeysToWebKeySet(keyset *jose.JSONWebKeySet, pubkeys *query.Publ
 
 func queryKeyFunc(q *query.Queries) func(ctx context.Context, keyID string) (*jose.JSONWebKey, *time.Time, error) {
 	return func(ctx context.Context, keyID string) (*jose.JSONWebKey, *time.Time, error) {
-		if authz.GetFeatures(ctx).WebKey {
-			webKey, err := q.GetPublicWebKeyByID(ctx, keyID)
-			if err == nil {
-				return webKey, nil, nil
-			}
-			if !zerrors.IsNotFound(err) {
-				return nil, nil, err
-			}
-		}
-
-		pubKey, err := q.GetPublicKeyByID(ctx, keyID)
+		webKey, err := q.GetPublicWebKeyByID(ctx, keyID)
 		if err != nil {
 			return nil, nil, err
 		}
-		return jsonWebkey(pubKey), gu.Ptr(pubKey.Expiry()), nil
+		return webKey, nil, nil
 	}
 }
diff --git a/internal/api/oidc/op.go b/internal/api/oidc/op.go
index d7171b957b..6f59ce3525 100644
--- a/internal/api/oidc/op.go
+++ b/internal/api/oidc/op.go
@@ -18,10 +18,8 @@ import (
 	"github.com/zitadel/zitadel/internal/cache"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/crypto"
-	"github.com/zitadel/zitadel/internal/database"
 	"github.com/zitadel/zitadel/internal/domain/federatedlogout"
 	"github.com/zitadel/zitadel/internal/eventstore"
-	"github.com/zitadel/zitadel/internal/eventstore/handler/crdb"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/telemetry/metrics"
 	"github.com/zitadel/zitadel/internal/zerrors"
@@ -75,7 +73,6 @@ type OPStorage struct {
 	defaultRefreshTokenIdleExpiration time.Duration
 	defaultRefreshTokenExpiration     time.Duration
 	encAlg                            crypto.EncryptionAlgorithm
-	locker                            crdb.Locker
 	assetAPIPrefix                    func(ctx context.Context) string
 	contextToIssuer                   func(context.Context) string
 	federateLogoutCache               cache.Cache[federatedlogout.Index, string, *federatedlogout.FederatedLogout]
@@ -91,14 +88,14 @@ type Provider struct {
 // IDTokenHintVerifier configures a Verifier and supported signing algorithms based on the Web Key feature in the context.
 func (o *Provider) IDTokenHintVerifier(ctx context.Context) *op.IDTokenHintVerifier {
 	return op.NewIDTokenHintVerifier(op.IssuerFromContext(ctx), o.idTokenHintKeySet, op.WithSupportedIDTokenHintSigningAlgorithms(
-		supportedSigningAlgs(ctx)...,
+		supportedSigningAlgs()...,
 	))
 }
 
 // AccessTokenVerifier configures a Verifier and supported signing algorithms based on the Web Key feature in the context.
 func (o *Provider) AccessTokenVerifier(ctx context.Context) *op.AccessTokenVerifier {
 	return op.NewAccessTokenVerifier(op.IssuerFromContext(ctx), o.accessTokenKeySet, op.WithSupportedAccessTokenSigningAlgorithms(
-		supportedSigningAlgs(ctx)...,
+		supportedSigningAlgs()...,
 	))
 }
 
@@ -113,7 +110,6 @@ func NewServer(
 	encryptionAlg crypto.EncryptionAlgorithm,
 	cryptoKey []byte,
 	es *eventstore.Eventstore,
-	projections *database.DB,
 	userAgentCookie, instanceHandler func(http.Handler) http.Handler,
 	accessHandler *middleware.AccessInterceptor,
 	fallbackLogger *slog.Logger,
@@ -124,7 +120,7 @@ func NewServer(
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "OIDC-EGrqd", "cannot create op config: %w")
 	}
-	storage := newStorage(config, command, query, repo, encryptionAlg, es, projections, ContextToIssuer, federatedLogoutCache)
+	storage := newStorage(config, command, query, repo, encryptionAlg, es, ContextToIssuer, federatedLogoutCache)
 	keyCache := newPublicKeyCache(ctx, config.PublicKeyCacheMaxAge, queryKeyFunc(query))
 	accessTokenKeySet := newOidcKeySet(keyCache, withKeyExpiryCheck(true))
 	idTokenHintKeySet := newOidcKeySet(keyCache)
@@ -236,7 +232,6 @@ func newStorage(
 	repo repository.Repository,
 	encAlg crypto.EncryptionAlgorithm,
 	es *eventstore.Eventstore,
-	db *database.DB,
 	contextToIssuer func(context.Context) string,
 	federateLogoutCache cache.Cache[federatedlogout.Index, string, *federatedlogout.FederatedLogout],
 ) *OPStorage {
@@ -253,7 +248,6 @@ func newStorage(
 		defaultRefreshTokenIdleExpiration: config.DefaultRefreshTokenIdleExpiration,
 		defaultRefreshTokenExpiration:     config.DefaultRefreshTokenExpiration,
 		encAlg:                            encAlg,
-		locker:                            crdb.NewLocker(db.DB, locksTable, signingKey),
 		assetAPIPrefix:                    assets.AssetAPI(),
 		contextToIssuer:                   contextToIssuer,
 		federateLogoutCache:               federateLogoutCache,
diff --git a/internal/api/oidc/server.go b/internal/api/oidc/server.go
index 1a0854e2a6..df7127443f 100644
--- a/internal/api/oidc/server.go
+++ b/internal/api/oidc/server.go
@@ -188,7 +188,7 @@ func (s *Server) createDiscoveryConfig(ctx context.Context, supportedUILocales o
 		},
 		GrantTypesSupported:                                op.GrantTypes(s.Provider()),
 		SubjectTypesSupported:                              op.SubjectTypes(s.Provider()),
-		IDTokenSigningAlgValuesSupported:                   supportedSigningAlgs(ctx),
+		IDTokenSigningAlgValuesSupported:                   supportedSigningAlgs(),
 		RequestObjectSigningAlgValuesSupported:             op.RequestObjectSigAlgorithms(s.Provider()),
 		TokenEndpointAuthMethodsSupported:                  op.AuthMethodsTokenEndpoint(s.Provider()),
 		TokenEndpointAuthSigningAlgValuesSupported:         op.TokenSigAlgorithms(s.Provider()),
diff --git a/internal/api/oidc/server_test.go b/internal/api/oidc/server_test.go
index 76d073151a..9bf22fd210 100644
--- a/internal/api/oidc/server_test.go
+++ b/internal/api/oidc/server_test.go
@@ -8,9 +8,6 @@ import (
 	"github.com/zitadel/oidc/v3/pkg/oidc"
 	"github.com/zitadel/oidc/v3/pkg/op"
 	"golang.org/x/text/language"
-
-	"github.com/zitadel/zitadel/internal/api/authz"
-	"github.com/zitadel/zitadel/internal/feature"
 )
 
 func TestServer_createDiscoveryConfig(t *testing.T) {
@@ -63,92 +60,6 @@ func TestServer_createDiscoveryConfig(t *testing.T) {
 				ctx:                op.ContextWithIssuer(context.Background(), "https://issuer.com"),
 				supportedUILocales: []language.Tag{language.English, language.German},
 			},
-			&oidc.DiscoveryConfiguration{
-				Issuer:                                             "https://issuer.com",
-				AuthorizationEndpoint:                              "https://issuer.com/auth",
-				TokenEndpoint:                                      "https://issuer.com/token",
-				IntrospectionEndpoint:                              "https://issuer.com/introspect",
-				UserinfoEndpoint:                                   "https://issuer.com/userinfo",
-				RevocationEndpoint:                                 "https://issuer.com/revoke",
-				EndSessionEndpoint:                                 "https://issuer.com/logout",
-				DeviceAuthorizationEndpoint:                        "https://issuer.com/device",
-				CheckSessionIframe:                                 "",
-				JwksURI:                                            "https://issuer.com/keys",
-				RegistrationEndpoint:                               "",
-				ScopesSupported:                                    []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail, oidc.ScopePhone, oidc.ScopeAddress, oidc.ScopeOfflineAccess},
-				ResponseTypesSupported:                             []string{string(oidc.ResponseTypeCode), string(oidc.ResponseTypeIDTokenOnly), string(oidc.ResponseTypeIDToken)},
-				ResponseModesSupported:                             []string{string(oidc.ResponseModeQuery), string(oidc.ResponseModeFragment), string(oidc.ResponseModeFormPost)},
-				GrantTypesSupported:                                []oidc.GrantType{oidc.GrantTypeCode, oidc.GrantTypeImplicit, oidc.GrantTypeRefreshToken, oidc.GrantTypeBearer},
-				ACRValuesSupported:                                 nil,
-				SubjectTypesSupported:                              []string{"public"},
-				IDTokenSigningAlgValuesSupported:                   []string{"RS256"},
-				IDTokenEncryptionAlgValuesSupported:                nil,
-				IDTokenEncryptionEncValuesSupported:                nil,
-				UserinfoSigningAlgValuesSupported:                  nil,
-				UserinfoEncryptionAlgValuesSupported:               nil,
-				UserinfoEncryptionEncValuesSupported:               nil,
-				RequestObjectSigningAlgValuesSupported:             []string{"RS256"},
-				RequestObjectEncryptionAlgValuesSupported:          nil,
-				RequestObjectEncryptionEncValuesSupported:          nil,
-				TokenEndpointAuthMethodsSupported:                  []oidc.AuthMethod{oidc.AuthMethodNone, oidc.AuthMethodBasic, oidc.AuthMethodPost, oidc.AuthMethodPrivateKeyJWT},
-				TokenEndpointAuthSigningAlgValuesSupported:         []string{"RS256"},
-				RevocationEndpointAuthMethodsSupported:             []oidc.AuthMethod{oidc.AuthMethodNone, oidc.AuthMethodBasic, oidc.AuthMethodPost, oidc.AuthMethodPrivateKeyJWT},
-				RevocationEndpointAuthSigningAlgValuesSupported:    []string{"RS256"},
-				IntrospectionEndpointAuthMethodsSupported:          []oidc.AuthMethod{oidc.AuthMethodBasic, oidc.AuthMethodPrivateKeyJWT},
-				IntrospectionEndpointAuthSigningAlgValuesSupported: []string{"RS256"},
-				DisplayValuesSupported:                             nil,
-				ClaimTypesSupported:                                nil,
-				ClaimsSupported:                                    []string{"sub", "aud", "exp", "iat", "iss", "auth_time", "nonce", "acr", "amr", "c_hash", "at_hash", "act", "scopes", "client_id", "azp", "preferred_username", "name", "family_name", "given_name", "locale", "email", "email_verified", "phone_number", "phone_number_verified"},
-				ClaimsParameterSupported:                           false,
-				CodeChallengeMethodsSupported:                      []oidc.CodeChallengeMethod{"S256"},
-				ServiceDocumentation:                               "",
-				ClaimsLocalesSupported:                             nil,
-				UILocalesSupported:                                 []language.Tag{language.English, language.German},
-				RequestParameterSupported:                          true,
-				RequestURIParameterSupported:                       false,
-				RequireRequestURIRegistration:                      false,
-				OPPolicyURI:                                        "",
-				OPTermsOfServiceURI:                                "",
-			},
-		},
-		{
-			"web keys feature enabled",
-			fields{
-				LegacyServer: op.NewLegacyServer(
-					func() *op.Provider {
-						//nolint:staticcheck
-						provider, _ := op.NewForwardedOpenIDProvider("path",
-							&op.Config{
-								CodeMethodS256:          true,
-								AuthMethodPost:          true,
-								AuthMethodPrivateKeyJWT: true,
-								GrantTypeRefreshToken:   true,
-								RequestObjectSupported:  true,
-							},
-							nil,
-						)
-						return provider
-					}(),
-					op.Endpoints{
-						Authorization:       op.NewEndpoint("auth"),
-						Token:               op.NewEndpoint("token"),
-						Introspection:       op.NewEndpoint("introspect"),
-						Userinfo:            op.NewEndpoint("userinfo"),
-						Revocation:          op.NewEndpoint("revoke"),
-						EndSession:          op.NewEndpoint("logout"),
-						JwksURI:             op.NewEndpoint("keys"),
-						DeviceAuthorization: op.NewEndpoint("device"),
-					},
-				),
-				signingKeyAlgorithm: "RS256",
-			},
-			args{
-				ctx: authz.WithFeatures(
-					op.ContextWithIssuer(context.Background(), "https://issuer.com"),
-					feature.Features{WebKey: true},
-				),
-				supportedUILocales: []language.Tag{language.English, language.German},
-			},
 			&oidc.DiscoveryConfiguration{
 				Issuer:                                             "https://issuer.com",
 				AuthorizationEndpoint:                              "https://issuer.com/auth",
diff --git a/internal/api/oidc/token.go b/internal/api/oidc/token.go
index 485f455784..2efc0fb583 100644
--- a/internal/api/oidc/token.go
+++ b/internal/api/oidc/token.go
@@ -12,7 +12,6 @@ import (
 	"github.com/zitadel/oidc/v3/pkg/oidc"
 	"github.com/zitadel/oidc/v3/pkg/op"
 
-	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
@@ -64,14 +63,13 @@ func (s *Server) accessTokenResponseFromSession(ctx context.Context, client op.C
 type SignerFunc func(ctx context.Context) (jose.Signer, jose.SignatureAlgorithm, error)
 
 func (s *Server) getSignerOnce() SignerFunc {
-	return GetSignerOnce(s.query.GetActiveSigningWebKey, s.Provider().Storage().SigningKey)
+	return GetSignerOnce(s.query.GetActiveSigningWebKey)
 }
 
 // GetSignerOnce returns a function which retrieves the instance's signer from the database once.
 // Repeated calls of the returned function return the same results.
 func GetSignerOnce(
 	getActiveSigningWebKey func(ctx context.Context) (*jose.JSONWebKey, error),
-	getSigningKey func(ctx context.Context) (op.SigningKey, error),
 ) SignerFunc {
 	var (
 		once    sync.Once
@@ -84,23 +82,12 @@ func GetSignerOnce(
 			ctx, span := tracing.NewSpan(ctx)
 			defer func() { span.EndWithError(err) }()
 
-			if authz.GetFeatures(ctx).WebKey {
-				var webKey *jose.JSONWebKey
-				webKey, err = getActiveSigningWebKey(ctx)
-				if err != nil {
-					return
-				}
-				signer, signAlg, err = signerFromWebKey(webKey)
-				return
-			}
-
-			var signingKey op.SigningKey
-			signingKey, err = getSigningKey(ctx)
+			var webKey *jose.JSONWebKey
+			webKey, err = getActiveSigningWebKey(ctx)
 			if err != nil {
 				return
 			}
-			signAlg = signingKey.SignatureAlgorithm()
-			signer, err = op.SignerFromKey(signingKey)
+			signer, signAlg, err = signerFromWebKey(webKey)
 		})
 		return signer, signAlg, err
 	}
diff --git a/internal/api/saml/certificate.go b/internal/api/saml/certificate.go
index 14752cd5cd..e0eb31255e 100644
--- a/internal/api/saml/certificate.go
+++ b/internal/api/saml/certificate.go
@@ -14,13 +14,14 @@ import (
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/query/projection"
 	"github.com/zitadel/zitadel/internal/repository/instance"
 	"github.com/zitadel/zitadel/internal/repository/keypair"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
 const (
-	locksTable = "projections.locks"
+	locksTable = projection.LocksTable
 	signingKey = "signing_key"
 	samlUser   = "SAML"
 
diff --git a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
index b707631c22..d6c14afea3 100644
--- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
+++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
-	"slices"
 	"strings"
 	"time"
 
@@ -329,18 +328,10 @@ type openIDKeySet struct {
 // VerifySignature implements the oidc.KeySet interface
 // providing an implementation for the keys retrieved directly from Queries
 func (o *openIDKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) (payload []byte, err error) {
-	keySet := new(jose.JSONWebKeySet)
-	if authz.GetFeatures(ctx).WebKey {
-		keySet, err = o.Queries.GetWebKeySet(ctx)
-		if err != nil {
-			return nil, err
-		}
-	}
-	legacyKeySet, err := o.Queries.ActivePublicKeys(ctx, time.Now())
+	keySet, err := o.Queries.GetWebKeySet(ctx)
 	if err != nil {
-		return nil, fmt.Errorf("error fetching keys: %w", err)
+		return nil, err
 	}
-	appendPublicKeysToWebKeySet(keySet, legacyKeySet)
 	keyID, alg := oidc.GetKeyIDAndAlg(jws)
 	key, err := oidc.FindMatchingKey(keyID, oidc.KeyUseSignature, alg, keySet.Keys...)
 	if err != nil {
@@ -348,19 +339,3 @@ func (o *openIDKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSig
 	}
 	return jws.Verify(&key)
 }
-
-func appendPublicKeysToWebKeySet(keyset *jose.JSONWebKeySet, pubkeys *query.PublicKeys) {
-	if pubkeys == nil || len(pubkeys.Keys) == 0 {
-		return
-	}
-	keyset.Keys = slices.Grow(keyset.Keys, len(pubkeys.Keys))
-
-	for _, key := range pubkeys.Keys {
-		keyset.Keys = append(keyset.Keys, jose.JSONWebKey{
-			Key:       key.Key(),
-			KeyID:     key.ID(),
-			Algorithm: key.Algorithm(),
-			Use:       key.Use().String(),
-		})
-	}
-}
diff --git a/internal/command/instance_features.go b/internal/command/instance_features.go
index 4d35d5a318..21de5653a9 100644
--- a/internal/command/instance_features.go
+++ b/internal/command/instance_features.go
@@ -3,11 +3,8 @@ package command
 import (
 	"context"
 
-	"github.com/muhlemmer/gu"
-
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/command/preparation"
-	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/feature"
@@ -21,7 +18,6 @@ type InstanceFeatures struct {
 	UserSchema                      *bool
 	TokenExchange                   *bool
 	ImprovedPerformance             []feature.ImprovedPerformanceType
-	WebKey                          *bool
 	DebugOIDCParentError            *bool
 	OIDCSingleV1SessionTermination  *bool
 	DisableUserTokenEvent           *bool
@@ -38,7 +34,6 @@ func (m *InstanceFeatures) isEmpty() bool {
 		m.TokenExchange == nil &&
 		// nil check to allow unset improvements
 		m.ImprovedPerformance == nil &&
-		m.WebKey == nil &&
 		m.DebugOIDCParentError == nil &&
 		m.OIDCSingleV1SessionTermination == nil &&
 		m.DisableUserTokenEvent == nil &&
@@ -55,9 +50,6 @@ func (c *Commands) SetInstanceFeatures(ctx context.Context, f *InstanceFeatures)
 	if err := c.eventstore.FilterToQueryReducer(ctx, wm); err != nil {
 		return nil, err
 	}
-	if err := c.setupWebKeyFeature(ctx, wm, f); err != nil {
-		return nil, err
-	}
 	commands := wm.setCommands(ctx, f)
 	if len(commands) == 0 {
 		return writeModelToObjectDetails(wm.WriteModel), nil
@@ -78,21 +70,6 @@ func prepareSetFeatures(instanceID string, f *InstanceFeatures) preparation.Vali
 	}
 }
 
-// setupWebKeyFeature generates the initial web keys for the instance,
-// if the feature is enabled in the request and the feature wasn't enabled already in the writeModel.
-// [Commands.GenerateInitialWebKeys] checks if keys already exist and does nothing if that's the case.
-// The default config of a RSA key with 2048 and the SHA256 hasher is assumed.
-// Users can customize this after using the webkey/v3 API.
-func (c *Commands) setupWebKeyFeature(ctx context.Context, wm *InstanceFeaturesWriteModel, f *InstanceFeatures) error {
-	if !gu.Value(f.WebKey) || gu.Value(wm.WebKey) {
-		return nil
-	}
-	return c.GenerateInitialWebKeys(ctx, &crypto.WebKeyRSAConfig{
-		Bits:   crypto.RSABits2048,
-		Hasher: crypto.RSAHasherSHA256,
-	})
-}
-
 func (c *Commands) ResetInstanceFeatures(ctx context.Context) (*domain.ObjectDetails, error) {
 	instanceID := authz.GetInstance(ctx).InstanceID()
 	wm := NewInstanceFeaturesWriteModel(instanceID)
diff --git a/internal/command/instance_features_model.go b/internal/command/instance_features_model.go
index 399013aded..8ca2865eae 100644
--- a/internal/command/instance_features_model.go
+++ b/internal/command/instance_features_model.go
@@ -71,7 +71,6 @@ func (m *InstanceFeaturesWriteModel) Query() *eventstore.SearchQueryBuilder {
 			feature_v2.InstanceUserSchemaEventType,
 			feature_v2.InstanceTokenExchangeEventType,
 			feature_v2.InstanceImprovedPerformanceEventType,
-			feature_v2.InstanceWebKeyEventType,
 			feature_v2.InstanceDebugOIDCParentErrorEventType,
 			feature_v2.InstanceOIDCSingleV1SessionTerminationEventType,
 			feature_v2.InstanceDisableUserTokenEvent,
@@ -106,9 +105,6 @@ func reduceInstanceFeature(features *InstanceFeatures, key feature.Key, value an
 	case feature.KeyImprovedPerformance:
 		v := value.([]feature.ImprovedPerformanceType)
 		features.ImprovedPerformance = v
-	case feature.KeyWebKey:
-		v := value.(bool)
-		features.WebKey = &v
 	case feature.KeyDebugOIDCParentError:
 		v := value.(bool)
 		features.DebugOIDCParentError = &v
@@ -140,7 +136,6 @@ func (wm *InstanceFeaturesWriteModel) setCommands(ctx context.Context, f *Instan
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.TokenExchange, f.TokenExchange, feature_v2.InstanceTokenExchangeEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.UserSchema, f.UserSchema, feature_v2.InstanceUserSchemaEventType)
 	cmds = appendFeatureSliceUpdate(ctx, cmds, aggregate, wm.ImprovedPerformance, f.ImprovedPerformance, feature_v2.InstanceImprovedPerformanceEventType)
-	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.WebKey, f.WebKey, feature_v2.InstanceWebKeyEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.DebugOIDCParentError, f.DebugOIDCParentError, feature_v2.InstanceDebugOIDCParentErrorEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.OIDCSingleV1SessionTermination, f.OIDCSingleV1SessionTermination, feature_v2.InstanceOIDCSingleV1SessionTerminationEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.DisableUserTokenEvent, f.DisableUserTokenEvent, feature_v2.InstanceDisableUserTokenEvent)
diff --git a/internal/command/key_pair.go b/internal/command/key_pair.go
index 90eaf7e3da..76193431d6 100644
--- a/internal/command/key_pair.go
+++ b/internal/command/key_pair.go
@@ -13,31 +13,6 @@ import (
 	"github.com/zitadel/zitadel/internal/repository/keypair"
 )
 
-func (c *Commands) GenerateSigningKeyPair(ctx context.Context, algorithm string) error {
-	privateCrypto, publicCrypto, err := crypto.GenerateEncryptedKeyPair(c.keySize, c.keyAlgorithm)
-	if err != nil {
-		return err
-	}
-	keyID, err := c.idGenerator.Next()
-	if err != nil {
-		return err
-	}
-
-	privateKeyExp := time.Now().UTC().Add(c.privateKeyLifetime)
-	publicKeyExp := time.Now().UTC().Add(c.publicKeyLifetime)
-
-	keyPairWriteModel := NewKeyPairWriteModel(keyID, authz.GetInstance(ctx).InstanceID())
-	keyAgg := KeyPairAggregateFromWriteModel(&keyPairWriteModel.WriteModel)
-	_, err = c.eventstore.Push(ctx, keypair.NewAddedEvent(
-		ctx,
-		keyAgg,
-		crypto.KeyUsageSigning,
-		algorithm,
-		privateCrypto, publicCrypto,
-		privateKeyExp, publicKeyExp))
-	return err
-}
-
 func (c *Commands) GenerateSAMLCACertificate(ctx context.Context, algorithm string) error {
 	now := time.Now().UTC()
 	after := now.Add(c.certificateLifetime)
diff --git a/internal/crypto/rsa.go b/internal/crypto/rsa.go
index 198610d8aa..3fd9a77569 100644
--- a/internal/crypto/rsa.go
+++ b/internal/crypto/rsa.go
@@ -21,14 +21,6 @@ func GenerateKeyPair(bits int) (*rsa.PrivateKey, *rsa.PublicKey, error) {
 	return privkey, &privkey.PublicKey, nil
 }
 
-func GenerateEncryptedKeyPair(bits int, alg EncryptionAlgorithm) (*CryptoValue, *CryptoValue, error) {
-	privateKey, publicKey, err := GenerateKeyPair(bits)
-	if err != nil {
-		return nil, nil, err
-	}
-	return EncryptKeys(privateKey, publicKey, alg)
-}
-
 type CertificateInformations struct {
 	SerialNumber *big.Int
 	Organisation []string
diff --git a/internal/feature/feature.go b/internal/feature/feature.go
index 2e32b6b122..107b06edf1 100644
--- a/internal/feature/feature.go
+++ b/internal/feature/feature.go
@@ -9,7 +9,7 @@ import (
 type Key int
 
 const (
-	// Reserved: 3, 6
+	// Reserved: 3, 6, 8
 
 	KeyUnspecified                     Key = 0
 	KeyLoginDefaultOrg                 Key = 1
@@ -17,7 +17,6 @@ const (
 	KeyUserSchema                      Key = 4
 	KeyTokenExchange                   Key = 5
 	KeyImprovedPerformance             Key = 7
-	KeyWebKey                          Key = 8
 	KeyDebugOIDCParentError            Key = 9
 	KeyOIDCSingleV1SessionTermination  Key = 10
 	KeyDisableUserTokenEvent           Key = 11
@@ -46,7 +45,6 @@ type Features struct {
 	UserSchema                      bool                      `json:"user_schema,omitempty"`
 	TokenExchange                   bool                      `json:"token_exchange,omitempty"`
 	ImprovedPerformance             []ImprovedPerformanceType `json:"improved_performance,omitempty"`
-	WebKey                          bool                      `json:"web_key,omitempty"`
 	DebugOIDCParentError            bool                      `json:"debug_oidc_parent_error,omitempty"`
 	OIDCSingleV1SessionTermination  bool                      `json:"oidc_single_v1_session_termination,omitempty"`
 	DisableUserTokenEvent           bool                      `json:"disable_user_token_event,omitempty"`
diff --git a/internal/feature/key_enumer.go b/internal/feature/key_enumer.go
index e06199120a..1b4fb9a3ad 100644
--- a/internal/feature/key_enumer.go
+++ b/internal/feature/key_enumer.go
@@ -12,14 +12,17 @@ const (
 	_KeyLowerName_0 = "unspecifiedlogin_default_orgtrigger_introspection_projections"
 	_KeyName_1      = "user_schematoken_exchange"
 	_KeyLowerName_1 = "user_schematoken_exchange"
-	_KeyName_2      = "improved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2permission_check_v2console_use_v2_user_api"
-	_KeyLowerName_2 = "improved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2permission_check_v2console_use_v2_user_api"
+	_KeyName_2      = "improved_performance"
+	_KeyLowerName_2 = "improved_performance"
+	_KeyName_3      = "debug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2permission_check_v2console_use_v2_user_api"
+	_KeyLowerName_3 = "debug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2permission_check_v2console_use_v2_user_api"
 )
 
 var (
 	_KeyIndex_0 = [...]uint8{0, 11, 28, 61}
 	_KeyIndex_1 = [...]uint8{0, 11, 25}
-	_KeyIndex_2 = [...]uint8{0, 20, 27, 50, 84, 108, 134, 142, 161, 184}
+	_KeyIndex_2 = [...]uint8{0, 20}
+	_KeyIndex_3 = [...]uint8{0, 23, 57, 81, 107, 115, 134, 157}
 )
 
 func (i Key) String() string {
@@ -29,9 +32,11 @@ func (i Key) String() string {
 	case 4 <= i && i <= 5:
 		i -= 4
 		return _KeyName_1[_KeyIndex_1[i]:_KeyIndex_1[i+1]]
-	case 7 <= i && i <= 15:
-		i -= 7
-		return _KeyName_2[_KeyIndex_2[i]:_KeyIndex_2[i+1]]
+	case i == 7:
+		return _KeyName_2
+	case 9 <= i && i <= 15:
+		i -= 9
+		return _KeyName_3[_KeyIndex_3[i]:_KeyIndex_3[i+1]]
 	default:
 		return fmt.Sprintf("Key(%d)", i)
 	}
@@ -47,7 +52,6 @@ func _KeyNoOp() {
 	_ = x[KeyUserSchema-(4)]
 	_ = x[KeyTokenExchange-(5)]
 	_ = x[KeyImprovedPerformance-(7)]
-	_ = x[KeyWebKey-(8)]
 	_ = x[KeyDebugOIDCParentError-(9)]
 	_ = x[KeyOIDCSingleV1SessionTermination-(10)]
 	_ = x[KeyDisableUserTokenEvent-(11)]
@@ -57,7 +61,7 @@ func _KeyNoOp() {
 	_ = x[KeyConsoleUseV2UserApi-(15)]
 }
 
-var _KeyValues = []Key{KeyUnspecified, KeyLoginDefaultOrg, KeyTriggerIntrospectionProjections, KeyUserSchema, KeyTokenExchange, KeyImprovedPerformance, KeyWebKey, KeyDebugOIDCParentError, KeyOIDCSingleV1SessionTermination, KeyDisableUserTokenEvent, KeyEnableBackChannelLogout, KeyLoginV2, KeyPermissionCheckV2, KeyConsoleUseV2UserApi}
+var _KeyValues = []Key{KeyUnspecified, KeyLoginDefaultOrg, KeyTriggerIntrospectionProjections, KeyUserSchema, KeyTokenExchange, KeyImprovedPerformance, KeyDebugOIDCParentError, KeyOIDCSingleV1SessionTermination, KeyDisableUserTokenEvent, KeyEnableBackChannelLogout, KeyLoginV2, KeyPermissionCheckV2, KeyConsoleUseV2UserApi}
 
 var _KeyNameToValueMap = map[string]Key{
 	_KeyName_0[0:11]:         KeyUnspecified,
@@ -72,22 +76,20 @@ var _KeyNameToValueMap = map[string]Key{
 	_KeyLowerName_1[11:25]:   KeyTokenExchange,
 	_KeyName_2[0:20]:         KeyImprovedPerformance,
 	_KeyLowerName_2[0:20]:    KeyImprovedPerformance,
-	_KeyName_2[20:27]:        KeyWebKey,
-	_KeyLowerName_2[20:27]:   KeyWebKey,
-	_KeyName_2[27:50]:        KeyDebugOIDCParentError,
-	_KeyLowerName_2[27:50]:   KeyDebugOIDCParentError,
-	_KeyName_2[50:84]:        KeyOIDCSingleV1SessionTermination,
-	_KeyLowerName_2[50:84]:   KeyOIDCSingleV1SessionTermination,
-	_KeyName_2[84:108]:       KeyDisableUserTokenEvent,
-	_KeyLowerName_2[84:108]:  KeyDisableUserTokenEvent,
-	_KeyName_2[108:134]:      KeyEnableBackChannelLogout,
-	_KeyLowerName_2[108:134]: KeyEnableBackChannelLogout,
-	_KeyName_2[134:142]:      KeyLoginV2,
-	_KeyLowerName_2[134:142]: KeyLoginV2,
-	_KeyName_2[142:161]:      KeyPermissionCheckV2,
-	_KeyLowerName_2[142:161]: KeyPermissionCheckV2,
-	_KeyName_2[161:184]:      KeyConsoleUseV2UserApi,
-	_KeyLowerName_2[161:184]: KeyConsoleUseV2UserApi,
+	_KeyName_3[0:23]:         KeyDebugOIDCParentError,
+	_KeyLowerName_3[0:23]:    KeyDebugOIDCParentError,
+	_KeyName_3[23:57]:        KeyOIDCSingleV1SessionTermination,
+	_KeyLowerName_3[23:57]:   KeyOIDCSingleV1SessionTermination,
+	_KeyName_3[57:81]:        KeyDisableUserTokenEvent,
+	_KeyLowerName_3[57:81]:   KeyDisableUserTokenEvent,
+	_KeyName_3[81:107]:       KeyEnableBackChannelLogout,
+	_KeyLowerName_3[81:107]:  KeyEnableBackChannelLogout,
+	_KeyName_3[107:115]:      KeyLoginV2,
+	_KeyLowerName_3[107:115]: KeyLoginV2,
+	_KeyName_3[115:134]:      KeyPermissionCheckV2,
+	_KeyLowerName_3[115:134]: KeyPermissionCheckV2,
+	_KeyName_3[134:157]:      KeyConsoleUseV2UserApi,
+	_KeyLowerName_3[134:157]: KeyConsoleUseV2UserApi,
 }
 
 var _KeyNames = []string{
@@ -97,14 +99,13 @@ var _KeyNames = []string{
 	_KeyName_1[0:11],
 	_KeyName_1[11:25],
 	_KeyName_2[0:20],
-	_KeyName_2[20:27],
-	_KeyName_2[27:50],
-	_KeyName_2[50:84],
-	_KeyName_2[84:108],
-	_KeyName_2[108:134],
-	_KeyName_2[134:142],
-	_KeyName_2[142:161],
-	_KeyName_2[161:184],
+	_KeyName_3[0:23],
+	_KeyName_3[23:57],
+	_KeyName_3[57:81],
+	_KeyName_3[81:107],
+	_KeyName_3[107:115],
+	_KeyName_3[115:134],
+	_KeyName_3[134:157],
 }
 
 // KeyString retrieves an enum value from the enum constants string name.
diff --git a/internal/notification/handlers/back_channel_logout.go b/internal/notification/handlers/back_channel_logout.go
index f1a99146ca..983915ac28 100644
--- a/internal/notification/handlers/back_channel_logout.go
+++ b/internal/notification/handlers/back_channel_logout.go
@@ -7,10 +7,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/zitadel/logging"
 	"github.com/zitadel/oidc/v3/pkg/crypto"
 	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	http_utils "github.com/zitadel/zitadel/internal/api/http"
@@ -149,7 +147,7 @@ func (u *backChannelLogoutNotifier) terminateSession(ctx context.Context, id str
 		return err
 	}
 
-	getSigner := zoidc.GetSignerOnce(u.queries.GetActiveSigningWebKey, u.signingKey)
+	getSigner := zoidc.GetSignerOnce(u.queries.GetActiveSigningWebKey)
 
 	var wg sync.WaitGroup
 	wg.Add(len(sessions.sessions))
@@ -172,20 +170,6 @@ func (u *backChannelLogoutNotifier) terminateSession(ctx context.Context, id str
 	return errors.Join(errs...)
 }
 
-func (u *backChannelLogoutNotifier) signingKey(ctx context.Context) (op.SigningKey, error) {
-	keys, err := u.queries.ActivePrivateSigningKey(ctx, time.Now())
-	if err != nil {
-		return nil, err
-	}
-	if len(keys.Keys) == 0 {
-		logging.WithFields("instanceID", authz.GetInstance(ctx).InstanceID()).
-			Info("There's no active signing key and automatic rotation is not supported for back channel logout." +
-				"Please enable the webkey management feature on your instance")
-		return nil, zerrors.ThrowPreconditionFailed(nil, "HANDL-DF3nf", "no active signing key")
-	}
-	return zoidc.PrivateKeyToSigningKey(zoidc.SelectSigningKey(keys.Keys), u.keyEncryptionAlg)
-}
-
 func (u *backChannelLogoutNotifier) sendLogoutToken(ctx context.Context, oidcSession *backChannelLogoutOIDCSessions, e eventstore.Event, getSigner zoidc.SignerFunc) error {
 	token, err := u.logoutToken(ctx, oidcSession, getSigner)
 	if err != nil {
diff --git a/internal/notification/handlers/mock/commands.mock.go b/internal/notification/handlers/mock/commands.mock.go
index 7d41c30f30..ec327de8e8 100644
--- a/internal/notification/handlers/mock/commands.mock.go
+++ b/internal/notification/handlers/mock/commands.mock.go
@@ -23,6 +23,7 @@ import (
 type MockCommands struct {
 	ctrl     *gomock.Controller
 	recorder *MockCommandsMockRecorder
+	isgomock struct{}
 }
 
 // MockCommandsMockRecorder is the mock recorder for MockCommands.
@@ -43,197 +44,197 @@ func (m *MockCommands) EXPECT() *MockCommandsMockRecorder {
 }
 
 // HumanEmailVerificationCodeSent mocks base method.
-func (m *MockCommands) HumanEmailVerificationCodeSent(arg0 context.Context, arg1, arg2 string) error {
+func (m *MockCommands) HumanEmailVerificationCodeSent(ctx context.Context, orgID, userID string) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "HumanEmailVerificationCodeSent", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "HumanEmailVerificationCodeSent", ctx, orgID, userID)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // HumanEmailVerificationCodeSent indicates an expected call of HumanEmailVerificationCodeSent.
-func (mr *MockCommandsMockRecorder) HumanEmailVerificationCodeSent(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) HumanEmailVerificationCodeSent(ctx, orgID, userID any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HumanEmailVerificationCodeSent", reflect.TypeOf((*MockCommands)(nil).HumanEmailVerificationCodeSent), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HumanEmailVerificationCodeSent", reflect.TypeOf((*MockCommands)(nil).HumanEmailVerificationCodeSent), ctx, orgID, userID)
 }
 
 // HumanInitCodeSent mocks base method.
-func (m *MockCommands) HumanInitCodeSent(arg0 context.Context, arg1, arg2 string) error {
+func (m *MockCommands) HumanInitCodeSent(ctx context.Context, orgID, userID string) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "HumanInitCodeSent", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "HumanInitCodeSent", ctx, orgID, userID)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // HumanInitCodeSent indicates an expected call of HumanInitCodeSent.
-func (mr *MockCommandsMockRecorder) HumanInitCodeSent(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) HumanInitCodeSent(ctx, orgID, userID any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HumanInitCodeSent", reflect.TypeOf((*MockCommands)(nil).HumanInitCodeSent), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HumanInitCodeSent", reflect.TypeOf((*MockCommands)(nil).HumanInitCodeSent), ctx, orgID, userID)
 }
 
 // HumanOTPEmailCodeSent mocks base method.
-func (m *MockCommands) HumanOTPEmailCodeSent(arg0 context.Context, arg1, arg2 string) error {
+func (m *MockCommands) HumanOTPEmailCodeSent(ctx context.Context, userID, resourceOwner string) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "HumanOTPEmailCodeSent", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "HumanOTPEmailCodeSent", ctx, userID, resourceOwner)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // HumanOTPEmailCodeSent indicates an expected call of HumanOTPEmailCodeSent.
-func (mr *MockCommandsMockRecorder) HumanOTPEmailCodeSent(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) HumanOTPEmailCodeSent(ctx, userID, resourceOwner any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HumanOTPEmailCodeSent", reflect.TypeOf((*MockCommands)(nil).HumanOTPEmailCodeSent), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HumanOTPEmailCodeSent", reflect.TypeOf((*MockCommands)(nil).HumanOTPEmailCodeSent), ctx, userID, resourceOwner)
 }
 
 // HumanOTPSMSCodeSent mocks base method.
-func (m *MockCommands) HumanOTPSMSCodeSent(arg0 context.Context, arg1, arg2 string, arg3 *senders.CodeGeneratorInfo) error {
+func (m *MockCommands) HumanOTPSMSCodeSent(ctx context.Context, userID, resourceOwner string, generatorInfo *senders.CodeGeneratorInfo) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "HumanOTPSMSCodeSent", arg0, arg1, arg2, arg3)
+	ret := m.ctrl.Call(m, "HumanOTPSMSCodeSent", ctx, userID, resourceOwner, generatorInfo)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // HumanOTPSMSCodeSent indicates an expected call of HumanOTPSMSCodeSent.
-func (mr *MockCommandsMockRecorder) HumanOTPSMSCodeSent(arg0, arg1, arg2, arg3 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) HumanOTPSMSCodeSent(ctx, userID, resourceOwner, generatorInfo any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HumanOTPSMSCodeSent", reflect.TypeOf((*MockCommands)(nil).HumanOTPSMSCodeSent), arg0, arg1, arg2, arg3)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HumanOTPSMSCodeSent", reflect.TypeOf((*MockCommands)(nil).HumanOTPSMSCodeSent), ctx, userID, resourceOwner, generatorInfo)
 }
 
 // HumanPasswordlessInitCodeSent mocks base method.
-func (m *MockCommands) HumanPasswordlessInitCodeSent(arg0 context.Context, arg1, arg2, arg3 string) error {
+func (m *MockCommands) HumanPasswordlessInitCodeSent(ctx context.Context, userID, resourceOwner, codeID string) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "HumanPasswordlessInitCodeSent", arg0, arg1, arg2, arg3)
+	ret := m.ctrl.Call(m, "HumanPasswordlessInitCodeSent", ctx, userID, resourceOwner, codeID)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // HumanPasswordlessInitCodeSent indicates an expected call of HumanPasswordlessInitCodeSent.
-func (mr *MockCommandsMockRecorder) HumanPasswordlessInitCodeSent(arg0, arg1, arg2, arg3 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) HumanPasswordlessInitCodeSent(ctx, userID, resourceOwner, codeID any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HumanPasswordlessInitCodeSent", reflect.TypeOf((*MockCommands)(nil).HumanPasswordlessInitCodeSent), arg0, arg1, arg2, arg3)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HumanPasswordlessInitCodeSent", reflect.TypeOf((*MockCommands)(nil).HumanPasswordlessInitCodeSent), ctx, userID, resourceOwner, codeID)
 }
 
 // HumanPhoneVerificationCodeSent mocks base method.
-func (m *MockCommands) HumanPhoneVerificationCodeSent(arg0 context.Context, arg1, arg2 string, arg3 *senders.CodeGeneratorInfo) error {
+func (m *MockCommands) HumanPhoneVerificationCodeSent(ctx context.Context, orgID, userID string, generatorInfo *senders.CodeGeneratorInfo) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "HumanPhoneVerificationCodeSent", arg0, arg1, arg2, arg3)
+	ret := m.ctrl.Call(m, "HumanPhoneVerificationCodeSent", ctx, orgID, userID, generatorInfo)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // HumanPhoneVerificationCodeSent indicates an expected call of HumanPhoneVerificationCodeSent.
-func (mr *MockCommandsMockRecorder) HumanPhoneVerificationCodeSent(arg0, arg1, arg2, arg3 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) HumanPhoneVerificationCodeSent(ctx, orgID, userID, generatorInfo any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HumanPhoneVerificationCodeSent", reflect.TypeOf((*MockCommands)(nil).HumanPhoneVerificationCodeSent), arg0, arg1, arg2, arg3)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HumanPhoneVerificationCodeSent", reflect.TypeOf((*MockCommands)(nil).HumanPhoneVerificationCodeSent), ctx, orgID, userID, generatorInfo)
 }
 
 // InviteCodeSent mocks base method.
-func (m *MockCommands) InviteCodeSent(arg0 context.Context, arg1, arg2 string) error {
+func (m *MockCommands) InviteCodeSent(ctx context.Context, orgID, userID string) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "InviteCodeSent", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "InviteCodeSent", ctx, orgID, userID)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // InviteCodeSent indicates an expected call of InviteCodeSent.
-func (mr *MockCommandsMockRecorder) InviteCodeSent(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) InviteCodeSent(ctx, orgID, userID any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "InviteCodeSent", reflect.TypeOf((*MockCommands)(nil).InviteCodeSent), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "InviteCodeSent", reflect.TypeOf((*MockCommands)(nil).InviteCodeSent), ctx, orgID, userID)
 }
 
 // MilestonePushed mocks base method.
-func (m *MockCommands) MilestonePushed(arg0 context.Context, arg1 string, arg2 milestone.Type, arg3 []string) error {
+func (m *MockCommands) MilestonePushed(ctx context.Context, instanceID string, msType milestone.Type, endpoints []string) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "MilestonePushed", arg0, arg1, arg2, arg3)
+	ret := m.ctrl.Call(m, "MilestonePushed", ctx, instanceID, msType, endpoints)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // MilestonePushed indicates an expected call of MilestonePushed.
-func (mr *MockCommandsMockRecorder) MilestonePushed(arg0, arg1, arg2, arg3 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) MilestonePushed(ctx, instanceID, msType, endpoints any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "MilestonePushed", reflect.TypeOf((*MockCommands)(nil).MilestonePushed), arg0, arg1, arg2, arg3)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "MilestonePushed", reflect.TypeOf((*MockCommands)(nil).MilestonePushed), ctx, instanceID, msType, endpoints)
 }
 
 // OTPEmailSent mocks base method.
-func (m *MockCommands) OTPEmailSent(arg0 context.Context, arg1, arg2 string) error {
+func (m *MockCommands) OTPEmailSent(ctx context.Context, sessionID, resourceOwner string) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "OTPEmailSent", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "OTPEmailSent", ctx, sessionID, resourceOwner)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // OTPEmailSent indicates an expected call of OTPEmailSent.
-func (mr *MockCommandsMockRecorder) OTPEmailSent(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) OTPEmailSent(ctx, sessionID, resourceOwner any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "OTPEmailSent", reflect.TypeOf((*MockCommands)(nil).OTPEmailSent), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "OTPEmailSent", reflect.TypeOf((*MockCommands)(nil).OTPEmailSent), ctx, sessionID, resourceOwner)
 }
 
 // OTPSMSSent mocks base method.
-func (m *MockCommands) OTPSMSSent(arg0 context.Context, arg1, arg2 string, arg3 *senders.CodeGeneratorInfo) error {
+func (m *MockCommands) OTPSMSSent(ctx context.Context, sessionID, resourceOwner string, generatorInfo *senders.CodeGeneratorInfo) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "OTPSMSSent", arg0, arg1, arg2, arg3)
+	ret := m.ctrl.Call(m, "OTPSMSSent", ctx, sessionID, resourceOwner, generatorInfo)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // OTPSMSSent indicates an expected call of OTPSMSSent.
-func (mr *MockCommandsMockRecorder) OTPSMSSent(arg0, arg1, arg2, arg3 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) OTPSMSSent(ctx, sessionID, resourceOwner, generatorInfo any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "OTPSMSSent", reflect.TypeOf((*MockCommands)(nil).OTPSMSSent), arg0, arg1, arg2, arg3)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "OTPSMSSent", reflect.TypeOf((*MockCommands)(nil).OTPSMSSent), ctx, sessionID, resourceOwner, generatorInfo)
 }
 
 // PasswordChangeSent mocks base method.
-func (m *MockCommands) PasswordChangeSent(arg0 context.Context, arg1, arg2 string) error {
+func (m *MockCommands) PasswordChangeSent(ctx context.Context, orgID, userID string) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "PasswordChangeSent", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "PasswordChangeSent", ctx, orgID, userID)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // PasswordChangeSent indicates an expected call of PasswordChangeSent.
-func (mr *MockCommandsMockRecorder) PasswordChangeSent(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) PasswordChangeSent(ctx, orgID, userID any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "PasswordChangeSent", reflect.TypeOf((*MockCommands)(nil).PasswordChangeSent), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "PasswordChangeSent", reflect.TypeOf((*MockCommands)(nil).PasswordChangeSent), ctx, orgID, userID)
 }
 
 // PasswordCodeSent mocks base method.
-func (m *MockCommands) PasswordCodeSent(arg0 context.Context, arg1, arg2 string, arg3 *senders.CodeGeneratorInfo) error {
+func (m *MockCommands) PasswordCodeSent(ctx context.Context, orgID, userID string, generatorInfo *senders.CodeGeneratorInfo) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "PasswordCodeSent", arg0, arg1, arg2, arg3)
+	ret := m.ctrl.Call(m, "PasswordCodeSent", ctx, orgID, userID, generatorInfo)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // PasswordCodeSent indicates an expected call of PasswordCodeSent.
-func (mr *MockCommandsMockRecorder) PasswordCodeSent(arg0, arg1, arg2, arg3 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) PasswordCodeSent(ctx, orgID, userID, generatorInfo any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "PasswordCodeSent", reflect.TypeOf((*MockCommands)(nil).PasswordCodeSent), arg0, arg1, arg2, arg3)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "PasswordCodeSent", reflect.TypeOf((*MockCommands)(nil).PasswordCodeSent), ctx, orgID, userID, generatorInfo)
 }
 
 // UsageNotificationSent mocks base method.
-func (m *MockCommands) UsageNotificationSent(arg0 context.Context, arg1 *quota.NotificationDueEvent) error {
+func (m *MockCommands) UsageNotificationSent(ctx context.Context, dueEvent *quota.NotificationDueEvent) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "UsageNotificationSent", arg0, arg1)
+	ret := m.ctrl.Call(m, "UsageNotificationSent", ctx, dueEvent)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // UsageNotificationSent indicates an expected call of UsageNotificationSent.
-func (mr *MockCommandsMockRecorder) UsageNotificationSent(arg0, arg1 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) UsageNotificationSent(ctx, dueEvent any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UsageNotificationSent", reflect.TypeOf((*MockCommands)(nil).UsageNotificationSent), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UsageNotificationSent", reflect.TypeOf((*MockCommands)(nil).UsageNotificationSent), ctx, dueEvent)
 }
 
 // UserDomainClaimedSent mocks base method.
-func (m *MockCommands) UserDomainClaimedSent(arg0 context.Context, arg1, arg2 string) error {
+func (m *MockCommands) UserDomainClaimedSent(ctx context.Context, orgID, userID string) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "UserDomainClaimedSent", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "UserDomainClaimedSent", ctx, orgID, userID)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // UserDomainClaimedSent indicates an expected call of UserDomainClaimedSent.
-func (mr *MockCommandsMockRecorder) UserDomainClaimedSent(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockCommandsMockRecorder) UserDomainClaimedSent(ctx, orgID, userID any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UserDomainClaimedSent", reflect.TypeOf((*MockCommands)(nil).UserDomainClaimedSent), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UserDomainClaimedSent", reflect.TypeOf((*MockCommands)(nil).UserDomainClaimedSent), ctx, orgID, userID)
 }
diff --git a/internal/notification/handlers/mock/queries.mock.go b/internal/notification/handlers/mock/queries.mock.go
index 670d3f3896..2cf53d1b2a 100644
--- a/internal/notification/handlers/mock/queries.mock.go
+++ b/internal/notification/handlers/mock/queries.mock.go
@@ -12,7 +12,6 @@ package mock
 import (
 	context "context"
 	reflect "reflect"
-	time "time"
 
 	jose "github.com/go-jose/go-jose/v4"
 	authz "github.com/zitadel/zitadel/internal/api/authz"
@@ -26,6 +25,7 @@ import (
 type MockQueries struct {
 	ctrl     *gomock.Controller
 	recorder *MockQueriesMockRecorder
+	isgomock struct{}
 }
 
 // MockQueriesMockRecorder is the mock recorder for MockQueries.
@@ -60,240 +60,225 @@ func (mr *MockQueriesMockRecorder) ActiveInstances() *gomock.Call {
 }
 
 // ActiveLabelPolicyByOrg mocks base method.
-func (m *MockQueries) ActiveLabelPolicyByOrg(arg0 context.Context, arg1 string, arg2 bool) (*query.LabelPolicy, error) {
+func (m *MockQueries) ActiveLabelPolicyByOrg(ctx context.Context, orgID string, withOwnerRemoved bool) (*query.LabelPolicy, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "ActiveLabelPolicyByOrg", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "ActiveLabelPolicyByOrg", ctx, orgID, withOwnerRemoved)
 	ret0, _ := ret[0].(*query.LabelPolicy)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // ActiveLabelPolicyByOrg indicates an expected call of ActiveLabelPolicyByOrg.
-func (mr *MockQueriesMockRecorder) ActiveLabelPolicyByOrg(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) ActiveLabelPolicyByOrg(ctx, orgID, withOwnerRemoved any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ActiveLabelPolicyByOrg", reflect.TypeOf((*MockQueries)(nil).ActiveLabelPolicyByOrg), arg0, arg1, arg2)
-}
-
-// ActivePrivateSigningKey mocks base method.
-func (m *MockQueries) ActivePrivateSigningKey(arg0 context.Context, arg1 time.Time) (*query.PrivateKeys, error) {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "ActivePrivateSigningKey", arg0, arg1)
-	ret0, _ := ret[0].(*query.PrivateKeys)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// ActivePrivateSigningKey indicates an expected call of ActivePrivateSigningKey.
-func (mr *MockQueriesMockRecorder) ActivePrivateSigningKey(arg0, arg1 any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ActivePrivateSigningKey", reflect.TypeOf((*MockQueries)(nil).ActivePrivateSigningKey), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ActiveLabelPolicyByOrg", reflect.TypeOf((*MockQueries)(nil).ActiveLabelPolicyByOrg), ctx, orgID, withOwnerRemoved)
 }
 
 // CustomTextListByTemplate mocks base method.
-func (m *MockQueries) CustomTextListByTemplate(arg0 context.Context, arg1, arg2 string, arg3 bool) (*query.CustomTexts, error) {
+func (m *MockQueries) CustomTextListByTemplate(ctx context.Context, aggregateID, template string, withOwnerRemoved bool) (*query.CustomTexts, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "CustomTextListByTemplate", arg0, arg1, arg2, arg3)
+	ret := m.ctrl.Call(m, "CustomTextListByTemplate", ctx, aggregateID, template, withOwnerRemoved)
 	ret0, _ := ret[0].(*query.CustomTexts)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // CustomTextListByTemplate indicates an expected call of CustomTextListByTemplate.
-func (mr *MockQueriesMockRecorder) CustomTextListByTemplate(arg0, arg1, arg2, arg3 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) CustomTextListByTemplate(ctx, aggregateID, template, withOwnerRemoved any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CustomTextListByTemplate", reflect.TypeOf((*MockQueries)(nil).CustomTextListByTemplate), arg0, arg1, arg2, arg3)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CustomTextListByTemplate", reflect.TypeOf((*MockQueries)(nil).CustomTextListByTemplate), ctx, aggregateID, template, withOwnerRemoved)
 }
 
 // GetActiveSigningWebKey mocks base method.
-func (m *MockQueries) GetActiveSigningWebKey(arg0 context.Context) (*jose.JSONWebKey, error) {
+func (m *MockQueries) GetActiveSigningWebKey(ctx context.Context) (*jose.JSONWebKey, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "GetActiveSigningWebKey", arg0)
+	ret := m.ctrl.Call(m, "GetActiveSigningWebKey", ctx)
 	ret0, _ := ret[0].(*jose.JSONWebKey)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // GetActiveSigningWebKey indicates an expected call of GetActiveSigningWebKey.
-func (mr *MockQueriesMockRecorder) GetActiveSigningWebKey(arg0 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) GetActiveSigningWebKey(ctx any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetActiveSigningWebKey", reflect.TypeOf((*MockQueries)(nil).GetActiveSigningWebKey), arg0)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetActiveSigningWebKey", reflect.TypeOf((*MockQueries)(nil).GetActiveSigningWebKey), ctx)
 }
 
 // GetDefaultLanguage mocks base method.
-func (m *MockQueries) GetDefaultLanguage(arg0 context.Context) language.Tag {
+func (m *MockQueries) GetDefaultLanguage(ctx context.Context) language.Tag {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "GetDefaultLanguage", arg0)
+	ret := m.ctrl.Call(m, "GetDefaultLanguage", ctx)
 	ret0, _ := ret[0].(language.Tag)
 	return ret0
 }
 
 // GetDefaultLanguage indicates an expected call of GetDefaultLanguage.
-func (mr *MockQueriesMockRecorder) GetDefaultLanguage(arg0 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) GetDefaultLanguage(ctx any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetDefaultLanguage", reflect.TypeOf((*MockQueries)(nil).GetDefaultLanguage), arg0)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetDefaultLanguage", reflect.TypeOf((*MockQueries)(nil).GetDefaultLanguage), ctx)
 }
 
 // GetInstanceRestrictions mocks base method.
-func (m *MockQueries) GetInstanceRestrictions(arg0 context.Context) (query.Restrictions, error) {
+func (m *MockQueries) GetInstanceRestrictions(ctx context.Context) (query.Restrictions, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "GetInstanceRestrictions", arg0)
+	ret := m.ctrl.Call(m, "GetInstanceRestrictions", ctx)
 	ret0, _ := ret[0].(query.Restrictions)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // GetInstanceRestrictions indicates an expected call of GetInstanceRestrictions.
-func (mr *MockQueriesMockRecorder) GetInstanceRestrictions(arg0 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) GetInstanceRestrictions(ctx any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetInstanceRestrictions", reflect.TypeOf((*MockQueries)(nil).GetInstanceRestrictions), arg0)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetInstanceRestrictions", reflect.TypeOf((*MockQueries)(nil).GetInstanceRestrictions), ctx)
 }
 
 // GetNotifyUserByID mocks base method.
-func (m *MockQueries) GetNotifyUserByID(arg0 context.Context, arg1 bool, arg2 string) (*query.NotifyUser, error) {
+func (m *MockQueries) GetNotifyUserByID(ctx context.Context, shouldTriggered bool, userID string) (*query.NotifyUser, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "GetNotifyUserByID", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "GetNotifyUserByID", ctx, shouldTriggered, userID)
 	ret0, _ := ret[0].(*query.NotifyUser)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // GetNotifyUserByID indicates an expected call of GetNotifyUserByID.
-func (mr *MockQueriesMockRecorder) GetNotifyUserByID(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) GetNotifyUserByID(ctx, shouldTriggered, userID any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetNotifyUserByID", reflect.TypeOf((*MockQueries)(nil).GetNotifyUserByID), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetNotifyUserByID", reflect.TypeOf((*MockQueries)(nil).GetNotifyUserByID), ctx, shouldTriggered, userID)
 }
 
 // InstanceByID mocks base method.
-func (m *MockQueries) InstanceByID(arg0 context.Context, arg1 string) (authz.Instance, error) {
+func (m *MockQueries) InstanceByID(ctx context.Context, id string) (authz.Instance, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "InstanceByID", arg0, arg1)
+	ret := m.ctrl.Call(m, "InstanceByID", ctx, id)
 	ret0, _ := ret[0].(authz.Instance)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // InstanceByID indicates an expected call of InstanceByID.
-func (mr *MockQueriesMockRecorder) InstanceByID(arg0, arg1 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) InstanceByID(ctx, id any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "InstanceByID", reflect.TypeOf((*MockQueries)(nil).InstanceByID), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "InstanceByID", reflect.TypeOf((*MockQueries)(nil).InstanceByID), ctx, id)
 }
 
 // MailTemplateByOrg mocks base method.
-func (m *MockQueries) MailTemplateByOrg(arg0 context.Context, arg1 string, arg2 bool) (*query.MailTemplate, error) {
+func (m *MockQueries) MailTemplateByOrg(ctx context.Context, orgID string, withOwnerRemoved bool) (*query.MailTemplate, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "MailTemplateByOrg", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "MailTemplateByOrg", ctx, orgID, withOwnerRemoved)
 	ret0, _ := ret[0].(*query.MailTemplate)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // MailTemplateByOrg indicates an expected call of MailTemplateByOrg.
-func (mr *MockQueriesMockRecorder) MailTemplateByOrg(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) MailTemplateByOrg(ctx, orgID, withOwnerRemoved any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "MailTemplateByOrg", reflect.TypeOf((*MockQueries)(nil).MailTemplateByOrg), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "MailTemplateByOrg", reflect.TypeOf((*MockQueries)(nil).MailTemplateByOrg), ctx, orgID, withOwnerRemoved)
 }
 
 // NotificationPolicyByOrg mocks base method.
-func (m *MockQueries) NotificationPolicyByOrg(arg0 context.Context, arg1 bool, arg2 string, arg3 bool) (*query.NotificationPolicy, error) {
+func (m *MockQueries) NotificationPolicyByOrg(ctx context.Context, shouldTriggerBulk bool, orgID string, withOwnerRemoved bool) (*query.NotificationPolicy, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "NotificationPolicyByOrg", arg0, arg1, arg2, arg3)
+	ret := m.ctrl.Call(m, "NotificationPolicyByOrg", ctx, shouldTriggerBulk, orgID, withOwnerRemoved)
 	ret0, _ := ret[0].(*query.NotificationPolicy)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // NotificationPolicyByOrg indicates an expected call of NotificationPolicyByOrg.
-func (mr *MockQueriesMockRecorder) NotificationPolicyByOrg(arg0, arg1, arg2, arg3 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) NotificationPolicyByOrg(ctx, shouldTriggerBulk, orgID, withOwnerRemoved any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NotificationPolicyByOrg", reflect.TypeOf((*MockQueries)(nil).NotificationPolicyByOrg), arg0, arg1, arg2, arg3)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NotificationPolicyByOrg", reflect.TypeOf((*MockQueries)(nil).NotificationPolicyByOrg), ctx, shouldTriggerBulk, orgID, withOwnerRemoved)
 }
 
 // NotificationProviderByIDAndType mocks base method.
-func (m *MockQueries) NotificationProviderByIDAndType(arg0 context.Context, arg1 string, arg2 domain.NotificationProviderType) (*query.DebugNotificationProvider, error) {
+func (m *MockQueries) NotificationProviderByIDAndType(ctx context.Context, aggID string, providerType domain.NotificationProviderType) (*query.DebugNotificationProvider, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "NotificationProviderByIDAndType", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "NotificationProviderByIDAndType", ctx, aggID, providerType)
 	ret0, _ := ret[0].(*query.DebugNotificationProvider)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // NotificationProviderByIDAndType indicates an expected call of NotificationProviderByIDAndType.
-func (mr *MockQueriesMockRecorder) NotificationProviderByIDAndType(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) NotificationProviderByIDAndType(ctx, aggID, providerType any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NotificationProviderByIDAndType", reflect.TypeOf((*MockQueries)(nil).NotificationProviderByIDAndType), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NotificationProviderByIDAndType", reflect.TypeOf((*MockQueries)(nil).NotificationProviderByIDAndType), ctx, aggID, providerType)
 }
 
 // SMSProviderConfigActive mocks base method.
-func (m *MockQueries) SMSProviderConfigActive(arg0 context.Context, arg1 string) (*query.SMSConfig, error) {
+func (m *MockQueries) SMSProviderConfigActive(ctx context.Context, resourceOwner string) (*query.SMSConfig, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SMSProviderConfigActive", arg0, arg1)
+	ret := m.ctrl.Call(m, "SMSProviderConfigActive", ctx, resourceOwner)
 	ret0, _ := ret[0].(*query.SMSConfig)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // SMSProviderConfigActive indicates an expected call of SMSProviderConfigActive.
-func (mr *MockQueriesMockRecorder) SMSProviderConfigActive(arg0, arg1 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) SMSProviderConfigActive(ctx, resourceOwner any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SMSProviderConfigActive", reflect.TypeOf((*MockQueries)(nil).SMSProviderConfigActive), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SMSProviderConfigActive", reflect.TypeOf((*MockQueries)(nil).SMSProviderConfigActive), ctx, resourceOwner)
 }
 
 // SMTPConfigActive mocks base method.
-func (m *MockQueries) SMTPConfigActive(arg0 context.Context, arg1 string) (*query.SMTPConfig, error) {
+func (m *MockQueries) SMTPConfigActive(ctx context.Context, resourceOwner string) (*query.SMTPConfig, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SMTPConfigActive", arg0, arg1)
+	ret := m.ctrl.Call(m, "SMTPConfigActive", ctx, resourceOwner)
 	ret0, _ := ret[0].(*query.SMTPConfig)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // SMTPConfigActive indicates an expected call of SMTPConfigActive.
-func (mr *MockQueriesMockRecorder) SMTPConfigActive(arg0, arg1 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) SMTPConfigActive(ctx, resourceOwner any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SMTPConfigActive", reflect.TypeOf((*MockQueries)(nil).SMTPConfigActive), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SMTPConfigActive", reflect.TypeOf((*MockQueries)(nil).SMTPConfigActive), ctx, resourceOwner)
 }
 
 // SearchInstanceDomains mocks base method.
-func (m *MockQueries) SearchInstanceDomains(arg0 context.Context, arg1 *query.InstanceDomainSearchQueries) (*query.InstanceDomains, error) {
+func (m *MockQueries) SearchInstanceDomains(ctx context.Context, queries *query.InstanceDomainSearchQueries) (*query.InstanceDomains, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SearchInstanceDomains", arg0, arg1)
+	ret := m.ctrl.Call(m, "SearchInstanceDomains", ctx, queries)
 	ret0, _ := ret[0].(*query.InstanceDomains)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // SearchInstanceDomains indicates an expected call of SearchInstanceDomains.
-func (mr *MockQueriesMockRecorder) SearchInstanceDomains(arg0, arg1 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) SearchInstanceDomains(ctx, queries any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchInstanceDomains", reflect.TypeOf((*MockQueries)(nil).SearchInstanceDomains), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchInstanceDomains", reflect.TypeOf((*MockQueries)(nil).SearchInstanceDomains), ctx, queries)
 }
 
 // SearchMilestones mocks base method.
-func (m *MockQueries) SearchMilestones(arg0 context.Context, arg1 []string, arg2 *query.MilestonesSearchQueries) (*query.Milestones, error) {
+func (m *MockQueries) SearchMilestones(ctx context.Context, instanceIDs []string, queries *query.MilestonesSearchQueries) (*query.Milestones, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SearchMilestones", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "SearchMilestones", ctx, instanceIDs, queries)
 	ret0, _ := ret[0].(*query.Milestones)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // SearchMilestones indicates an expected call of SearchMilestones.
-func (mr *MockQueriesMockRecorder) SearchMilestones(arg0, arg1, arg2 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) SearchMilestones(ctx, instanceIDs, queries any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchMilestones", reflect.TypeOf((*MockQueries)(nil).SearchMilestones), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchMilestones", reflect.TypeOf((*MockQueries)(nil).SearchMilestones), ctx, instanceIDs, queries)
 }
 
 // SessionByID mocks base method.
-func (m *MockQueries) SessionByID(arg0 context.Context, arg1 bool, arg2, arg3 string, arg4 domain.PermissionCheck) (*query.Session, error) {
+func (m *MockQueries) SessionByID(ctx context.Context, shouldTriggerBulk bool, id, sessionToken string, check domain.PermissionCheck) (*query.Session, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SessionByID", arg0, arg1, arg2, arg3, arg4)
+	ret := m.ctrl.Call(m, "SessionByID", ctx, shouldTriggerBulk, id, sessionToken, check)
 	ret0, _ := ret[0].(*query.Session)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // SessionByID indicates an expected call of SessionByID.
-func (mr *MockQueriesMockRecorder) SessionByID(arg0, arg1, arg2, arg3, arg4 any) *gomock.Call {
+func (mr *MockQueriesMockRecorder) SessionByID(ctx, shouldTriggerBulk, id, sessionToken, check any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SessionByID", reflect.TypeOf((*MockQueries)(nil).SessionByID), arg0, arg1, arg2, arg3, arg4)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SessionByID", reflect.TypeOf((*MockQueries)(nil).SessionByID), ctx, shouldTriggerBulk, id, sessionToken, check)
 }
diff --git a/internal/notification/handlers/mock/queue.mock.go b/internal/notification/handlers/mock/queue.mock.go
index e1387595db..e9cf3efed1 100644
--- a/internal/notification/handlers/mock/queue.mock.go
+++ b/internal/notification/handlers/mock/queue.mock.go
@@ -22,6 +22,7 @@ import (
 type MockQueue struct {
 	ctrl     *gomock.Controller
 	recorder *MockQueueMockRecorder
+	isgomock struct{}
 }
 
 // MockQueueMockRecorder is the mock recorder for MockQueue.
@@ -42,10 +43,10 @@ func (m *MockQueue) EXPECT() *MockQueueMockRecorder {
 }
 
 // Insert mocks base method.
-func (m *MockQueue) Insert(arg0 context.Context, arg1 river.JobArgs, arg2 ...queue.InsertOpt) error {
+func (m *MockQueue) Insert(ctx context.Context, args river.JobArgs, opts ...queue.InsertOpt) error {
 	m.ctrl.T.Helper()
-	varargs := []any{arg0, arg1}
-	for _, a := range arg2 {
+	varargs := []any{ctx, args}
+	for _, a := range opts {
 		varargs = append(varargs, a)
 	}
 	ret := m.ctrl.Call(m, "Insert", varargs...)
@@ -54,8 +55,8 @@ func (m *MockQueue) Insert(arg0 context.Context, arg1 river.JobArgs, arg2 ...que
 }
 
 // Insert indicates an expected call of Insert.
-func (mr *MockQueueMockRecorder) Insert(arg0, arg1 any, arg2 ...any) *gomock.Call {
+func (mr *MockQueueMockRecorder) Insert(ctx, args any, opts ...any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{arg0, arg1}, arg2...)
+	varargs := append([]any{ctx, args}, opts...)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Insert", reflect.TypeOf((*MockQueue)(nil).Insert), varargs...)
 }
diff --git a/internal/notification/handlers/queries.go b/internal/notification/handlers/queries.go
index a3d68e4797..d9ff1b4201 100644
--- a/internal/notification/handlers/queries.go
+++ b/internal/notification/handlers/queries.go
@@ -2,7 +2,6 @@ package handlers
 
 import (
 	"context"
-	"time"
 
 	"github.com/go-jose/go-jose/v4"
 	"golang.org/x/text/language"
@@ -30,7 +29,6 @@ type Queries interface {
 	GetInstanceRestrictions(ctx context.Context) (restrictions query.Restrictions, err error)
 	InstanceByID(ctx context.Context, id string) (instance authz.Instance, err error)
 	GetActiveSigningWebKey(ctx context.Context) (*jose.JSONWebKey, error)
-	ActivePrivateSigningKey(ctx context.Context, t time.Time) (keys *query.PrivateKeys, err error)
 
 	ActiveInstances() []string
 }
diff --git a/internal/query/instance_features.go b/internal/query/instance_features.go
index 501cfc4e9c..9e0081a542 100644
--- a/internal/query/instance_features.go
+++ b/internal/query/instance_features.go
@@ -14,7 +14,6 @@ type InstanceFeatures struct {
 	UserSchema                      FeatureSource[bool]
 	TokenExchange                   FeatureSource[bool]
 	ImprovedPerformance             FeatureSource[[]feature.ImprovedPerformanceType]
-	WebKey                          FeatureSource[bool]
 	DebugOIDCParentError            FeatureSource[bool]
 	OIDCSingleV1SessionTermination  FeatureSource[bool]
 	DisableUserTokenEvent           FeatureSource[bool]
diff --git a/internal/query/instance_features_model.go b/internal/query/instance_features_model.go
index 7130044fbf..a30009e9ee 100644
--- a/internal/query/instance_features_model.go
+++ b/internal/query/instance_features_model.go
@@ -67,7 +67,6 @@ func (m *InstanceFeaturesReadModel) Query() *eventstore.SearchQueryBuilder {
 			feature_v2.InstanceUserSchemaEventType,
 			feature_v2.InstanceTokenExchangeEventType,
 			feature_v2.InstanceImprovedPerformanceEventType,
-			feature_v2.InstanceWebKeyEventType,
 			feature_v2.InstanceDebugOIDCParentErrorEventType,
 			feature_v2.InstanceOIDCSingleV1SessionTerminationEventType,
 			feature_v2.InstanceDisableUserTokenEvent,
@@ -121,8 +120,6 @@ func reduceInstanceFeatureSet[T any](features *InstanceFeatures, event *feature_
 		features.TokenExchange.set(level, event.Value)
 	case feature.KeyImprovedPerformance:
 		features.ImprovedPerformance.set(level, event.Value)
-	case feature.KeyWebKey:
-		features.WebKey.set(level, event.Value)
 	case feature.KeyDebugOIDCParentError:
 		features.DebugOIDCParentError.set(level, event.Value)
 	case feature.KeyOIDCSingleV1SessionTermination:
diff --git a/internal/query/key.go b/internal/query/key.go
index 4831d88654..e7b81bb951 100644
--- a/internal/query/key.go
+++ b/internal/query/key.go
@@ -1,20 +1,10 @@
 package query
 
 import (
-	"context"
-	"crypto/rsa"
-	"database/sql"
 	"time"
 
-	sq "github.com/Masterminds/squirrel"
-
-	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/crypto"
-	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/query/projection"
-	"github.com/zitadel/zitadel/internal/repository/keypair"
-	"github.com/zitadel/zitadel/internal/telemetry/tracing"
-	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
 type Key interface {
@@ -36,11 +26,6 @@ type PublicKey interface {
 	Key() interface{}
 }
 
-type PrivateKeys struct {
-	SearchResponse
-	Keys []PrivateKey
-}
-
 type PublicKeys struct {
 	SearchResponse
 	Keys []PublicKey
@@ -72,34 +57,6 @@ func (k *key) Sequence() uint64 {
 	return k.sequence
 }
 
-type privateKey struct {
-	key
-	expiry     time.Time
-	privateKey *crypto.CryptoValue
-}
-
-func (k *privateKey) Expiry() time.Time {
-	return k.expiry
-}
-
-func (k *privateKey) Key() *crypto.CryptoValue {
-	return k.privateKey
-}
-
-type rsaPublicKey struct {
-	key
-	expiry    time.Time
-	publicKey *rsa.PublicKey
-}
-
-func (r *rsaPublicKey) Expiry() time.Time {
-	return r.expiry
-}
-
-func (r *rsaPublicKey) Key() interface{} {
-	return r.publicKey
-}
-
 var (
 	keyTable = table{
 		name:          projection.KeyProjectionTable,
@@ -157,277 +114,3 @@ var (
 		table: keyPrivateTable,
 	}
 )
-
-var (
-	keyPublicTable = table{
-		name:          projection.KeyPublicTable,
-		instanceIDCol: projection.KeyPrivateColumnInstanceID,
-	}
-	KeyPublicColID = Column{
-		name:  projection.KeyPublicColumnID,
-		table: keyPublicTable,
-	}
-	KeyPublicColExpiry = Column{
-		name:  projection.KeyPublicColumnExpiry,
-		table: keyPublicTable,
-	}
-	KeyPublicColKey = Column{
-		name:  projection.KeyPublicColumnKey,
-		table: keyPublicTable,
-	}
-)
-
-func (q *Queries) ActivePublicKeys(ctx context.Context, t time.Time) (keys *PublicKeys, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-
-	query, scan := preparePublicKeysQuery()
-	if t.IsZero() {
-		t = time.Now()
-	}
-	stmt, args, err := query.Where(
-		sq.And{
-			sq.Eq{KeyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()},
-			sq.Gt{KeyPublicColExpiry.identifier(): t},
-		}).ToSql()
-	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-SDFfg", "Errors.Query.SQLStatement")
-	}
-
-	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
-		keys, err = scan(rows)
-		return err
-	}, stmt, args...)
-	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Sghn4", "Errors.Internal")
-	}
-
-	keys.State, err = q.latestState(ctx, keyTable)
-	if !zerrors.IsNotFound(err) {
-		return keys, err
-	}
-	return keys, nil
-}
-
-func (q *Queries) ActivePrivateSigningKey(ctx context.Context, t time.Time) (keys *PrivateKeys, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-
-	stmt, scan := preparePrivateKeysQuery()
-	if t.IsZero() {
-		t = time.Now()
-	}
-	query, args, err := stmt.Where(
-		sq.And{
-			sq.Eq{
-				KeyColUse.identifier():        crypto.KeyUsageSigning,
-				KeyColInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
-			},
-			sq.Gt{KeyPrivateColExpiry.identifier(): t},
-		}).OrderBy(KeyPrivateColExpiry.identifier()).ToSql()
-	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-SDff2", "Errors.Query.SQLStatement")
-	}
-
-	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
-		keys, err = scan(rows)
-		return err
-	}, query, args...)
-	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-WRFG4", "Errors.Internal")
-	}
-	keys.State, err = q.latestState(ctx, keyTable)
-	if !zerrors.IsNotFound(err) {
-		return keys, err
-	}
-	return keys, nil
-}
-
-func preparePublicKeysQuery() (sq.SelectBuilder, func(*sql.Rows) (*PublicKeys, error)) {
-	return sq.Select(
-			KeyColID.identifier(),
-			KeyColCreationDate.identifier(),
-			KeyColChangeDate.identifier(),
-			KeyColSequence.identifier(),
-			KeyColResourceOwner.identifier(),
-			KeyColAlgorithm.identifier(),
-			KeyColUse.identifier(),
-			KeyPublicColExpiry.identifier(),
-			KeyPublicColKey.identifier(),
-			countColumn.identifier(),
-		).From(keyTable.identifier()).
-			LeftJoin(join(KeyPublicColID, KeyColID)).
-			PlaceholderFormat(sq.Dollar),
-		func(rows *sql.Rows) (*PublicKeys, error) {
-			keys := make([]PublicKey, 0)
-			var count uint64
-			for rows.Next() {
-				k := new(rsaPublicKey)
-				var keyValue []byte
-				err := rows.Scan(
-					&k.id,
-					&k.creationDate,
-					&k.changeDate,
-					&k.sequence,
-					&k.resourceOwner,
-					&k.algorithm,
-					&k.use,
-					&k.expiry,
-					&keyValue,
-					&count,
-				)
-				if err != nil {
-					return nil, err
-				}
-				k.publicKey, err = crypto.BytesToPublicKey(keyValue)
-				if err != nil {
-					return nil, err
-				}
-				keys = append(keys, k)
-			}
-
-			if err := rows.Close(); err != nil {
-				return nil, zerrors.ThrowInternal(err, "QUERY-rKd6k", "Errors.Query.CloseRows")
-			}
-
-			return &PublicKeys{
-				Keys: keys,
-				SearchResponse: SearchResponse{
-					Count: count,
-				},
-			}, nil
-		}
-}
-
-func preparePrivateKeysQuery() (sq.SelectBuilder, func(*sql.Rows) (*PrivateKeys, error)) {
-	return sq.Select(
-			KeyColID.identifier(),
-			KeyColCreationDate.identifier(),
-			KeyColChangeDate.identifier(),
-			KeyColSequence.identifier(),
-			KeyColResourceOwner.identifier(),
-			KeyColAlgorithm.identifier(),
-			KeyColUse.identifier(),
-			KeyPrivateColExpiry.identifier(),
-			KeyPrivateColKey.identifier(),
-			countColumn.identifier(),
-		).From(keyTable.identifier()).
-			LeftJoin(join(KeyPrivateColID, KeyColID)).
-			PlaceholderFormat(sq.Dollar),
-		func(rows *sql.Rows) (*PrivateKeys, error) {
-			keys := make([]PrivateKey, 0)
-			var count uint64
-			for rows.Next() {
-				k := new(privateKey)
-				err := rows.Scan(
-					&k.id,
-					&k.creationDate,
-					&k.changeDate,
-					&k.sequence,
-					&k.resourceOwner,
-					&k.algorithm,
-					&k.use,
-					&k.expiry,
-					&k.privateKey,
-					&count,
-				)
-				if err != nil {
-					return nil, err
-				}
-				keys = append(keys, k)
-			}
-
-			if err := rows.Close(); err != nil {
-				return nil, zerrors.ThrowInternal(err, "QUERY-rKd6k", "Errors.Query.CloseRows")
-			}
-
-			return &PrivateKeys{
-				Keys: keys,
-				SearchResponse: SearchResponse{
-					Count: count,
-				},
-			}, nil
-		}
-}
-
-type PublicKeyReadModel struct {
-	eventstore.ReadModel
-
-	Algorithm string
-	Key       *crypto.CryptoValue
-	Expiry    time.Time
-	Usage     crypto.KeyUsage
-}
-
-func NewPublicKeyReadModel(keyID, resourceOwner string) *PublicKeyReadModel {
-	return &PublicKeyReadModel{
-		ReadModel: eventstore.ReadModel{
-			AggregateID:   keyID,
-			ResourceOwner: resourceOwner,
-		},
-	}
-}
-
-func (wm *PublicKeyReadModel) AppendEvents(events ...eventstore.Event) {
-	wm.ReadModel.AppendEvents(events...)
-}
-
-func (wm *PublicKeyReadModel) Reduce() error {
-	for _, event := range wm.Events {
-		switch e := event.(type) {
-		case *keypair.AddedEvent:
-			wm.Algorithm = e.Algorithm
-			wm.Key = e.PublicKey.Key
-			wm.Expiry = e.PublicKey.Expiry
-			wm.Usage = e.Usage
-		default:
-		}
-	}
-	return wm.ReadModel.Reduce()
-}
-
-func (wm *PublicKeyReadModel) Query() *eventstore.SearchQueryBuilder {
-	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
-		AwaitOpenTransactions().
-		ResourceOwner(wm.ResourceOwner).
-		AddQuery().
-		AggregateTypes(keypair.AggregateType).
-		AggregateIDs(wm.AggregateID).
-		EventTypes(keypair.AddedEventType).
-		Builder()
-}
-
-func (q *Queries) GetPublicKeyByID(ctx context.Context, keyID string) (_ PublicKey, err error) {
-	ctx, span := tracing.NewSpan(ctx)
-	defer func() { span.EndWithError(err) }()
-
-	model := NewPublicKeyReadModel(keyID, authz.GetInstance(ctx).InstanceID())
-	if err := q.eventstore.FilterToQueryReducer(ctx, model); err != nil {
-		return nil, err
-	}
-	if model.Algorithm == "" || model.Key == nil {
-		return nil, zerrors.ThrowNotFound(err, "QUERY-Ahf7x", "Errors.Key.NotFound")
-	}
-	keyValue, err := crypto.Decrypt(model.Key, q.keyEncryptionAlgorithm)
-	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Ie4oh", "Errors.Internal")
-	}
-	publicKey, err := crypto.BytesToPublicKey(keyValue)
-	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-Kai2Z", "Errors.Internal")
-	}
-
-	return &rsaPublicKey{
-		key: key{
-			id:            model.AggregateID,
-			creationDate:  model.CreationDate,
-			changeDate:    model.ChangeDate,
-			sequence:      model.ProcessedSequence,
-			resourceOwner: model.ResourceOwner,
-			algorithm:     model.Algorithm,
-			use:           model.Usage,
-		},
-		expiry:    model.Expiry,
-		publicKey: publicKey,
-	}, nil
-}
diff --git a/internal/query/key_test.go b/internal/query/key_test.go
deleted file mode 100644
index 7bc029fd7f..0000000000
--- a/internal/query/key_test.go
+++ /dev/null
@@ -1,453 +0,0 @@
-package query
-
-import (
-	"context"
-	"crypto/rsa"
-	"database/sql"
-	"database/sql/driver"
-	"errors"
-	"fmt"
-	"io"
-	"math/big"
-	"regexp"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"go.uber.org/mock/gomock"
-
-	"github.com/zitadel/zitadel/internal/api/authz"
-	"github.com/zitadel/zitadel/internal/crypto"
-	"github.com/zitadel/zitadel/internal/eventstore"
-	key_repo "github.com/zitadel/zitadel/internal/repository/keypair"
-	"github.com/zitadel/zitadel/internal/zerrors"
-)
-
-var (
-	preparePublicKeysStmt = `SELECT projections.keys4.id,` +
-		` projections.keys4.creation_date,` +
-		` projections.keys4.change_date,` +
-		` projections.keys4.sequence,` +
-		` projections.keys4.resource_owner,` +
-		` projections.keys4.algorithm,` +
-		` projections.keys4.use,` +
-		` projections.keys4_public.expiry,` +
-		` projections.keys4_public.key,` +
-		` COUNT(*) OVER ()` +
-		` FROM projections.keys4` +
-		` LEFT JOIN projections.keys4_public ON projections.keys4.id = projections.keys4_public.id AND projections.keys4.instance_id = projections.keys4_public.instance_id`
-	preparePublicKeysCols = []string{
-		"id",
-		"creation_date",
-		"change_date",
-		"sequence",
-		"resource_owner",
-		"algorithm",
-		"use",
-		"expiry",
-		"key",
-		"count",
-	}
-
-	preparePrivateKeysStmt = `SELECT projections.keys4.id,` +
-		` projections.keys4.creation_date,` +
-		` projections.keys4.change_date,` +
-		` projections.keys4.sequence,` +
-		` projections.keys4.resource_owner,` +
-		` projections.keys4.algorithm,` +
-		` projections.keys4.use,` +
-		` projections.keys4_private.expiry,` +
-		` projections.keys4_private.key,` +
-		` COUNT(*) OVER ()` +
-		` FROM projections.keys4` +
-		` LEFT JOIN projections.keys4_private ON projections.keys4.id = projections.keys4_private.id AND projections.keys4.instance_id = projections.keys4_private.instance_id`
-)
-
-func Test_KeyPrepares(t *testing.T) {
-	type want struct {
-		sqlExpectations sqlExpectation
-		err             checkErr
-	}
-	tests := []struct {
-		name    string
-		prepare interface{}
-		want    want
-		object  interface{}
-	}{
-		{
-			name:    "preparePublicKeysQuery no result",
-			prepare: preparePublicKeysQuery,
-			want: want{
-				sqlExpectations: mockQueries(
-					regexp.QuoteMeta(preparePublicKeysStmt),
-					nil,
-					nil,
-				),
-				err: func(err error) (error, bool) {
-					if !zerrors.IsNotFound(err) {
-						return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
-					}
-					return nil, true
-				},
-			},
-			object: &PublicKeys{Keys: []PublicKey{}},
-		},
-		{
-			name:    "preparePublicKeysQuery found",
-			prepare: preparePublicKeysQuery,
-			want: want{
-				sqlExpectations: mockQueries(
-					regexp.QuoteMeta(preparePublicKeysStmt),
-					preparePublicKeysCols,
-					[][]driver.Value{
-						{
-							"key-id",
-							testNow,
-							testNow,
-							uint64(20211109),
-							"ro",
-							"RS256",
-							0,
-							testNow,
-							[]byte("-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvX9P58JFxEs5C+L+H7W\nduFSWL5EPzber7C2m94klrSV6q0bAcrYQnGwFOlveThsY200hRbadKaKjHD7qIKH\nDEe0IY2PSRht33Jye52AwhkRw+M3xuQH/7R8LydnsNFk2KHpr5X2SBv42e37LjkE\nslKSaMRgJW+v0KZ30piY8QsdFRKKaVg5/Ajt1YToM1YVsdHXJ3vmXFMtypLdxwUD\ndIaLEX6pFUkU75KSuEQ/E2luT61Q3ta9kOWm9+0zvi7OMcbdekJT7mzcVnh93R1c\n13ZhQCLbh9A7si8jKFtaMWevjayrvqQABEcTN9N4Hoxcyg6l4neZtRDk75OMYcqm\nDQIDAQAB\n-----END RSA PUBLIC KEY-----\n"),
-						},
-					},
-				),
-			},
-			object: &PublicKeys{
-				SearchResponse: SearchResponse{
-					Count: 1,
-				},
-				Keys: []PublicKey{
-					&rsaPublicKey{
-						key: key{
-							id:            "key-id",
-							creationDate:  testNow,
-							changeDate:    testNow,
-							sequence:      20211109,
-							resourceOwner: "ro",
-							algorithm:     "RS256",
-							use:           crypto.KeyUsageSigning,
-						},
-						expiry: testNow,
-						publicKey: &rsa.PublicKey{
-							E: 65537,
-							N: fromBase16("b2f5fd3f9f0917112ce42f8bf87ed676e15258be443f36deafb0b69bde2496b495eaad1b01cad84271b014e96f79386c636d348516da74a68a8c70fba882870c47b4218d8f49186ddf72727b9d80c21911c3e337c6e407ffb47c2f2767b0d164d8a1e9af95f6481bf8d9edfb2e3904b2529268c460256fafd0a677d29898f10b1d15128a695839fc08edd584e8335615b1d1d7277be65c532dca92ddc7050374868b117ea9154914ef9292b8443f13696e4fad50ded6bd90e5a6f7ed33be2ece31c6dd7a4253ee6cdc56787ddd1d5cd776614022db87d03bb22f23285b5a3167af8dacabbea40004471337d3781e8c5cca0ea5e27799b510e4ef938c61caa60d"),
-						},
-					},
-				},
-			},
-		},
-		{
-			name:    "preparePublicKeysQuery sql err",
-			prepare: preparePublicKeysQuery,
-			want: want{
-				sqlExpectations: mockQueryErr(
-					regexp.QuoteMeta(preparePublicKeysStmt),
-					sql.ErrConnDone,
-				),
-				err: func(err error) (error, bool) {
-					if !errors.Is(err, sql.ErrConnDone) {
-						return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
-					}
-					return nil, true
-				},
-			},
-			object: (*PublicKeys)(nil),
-		},
-		{
-			name:    "preparePrivateKeysQuery no result",
-			prepare: preparePrivateKeysQuery,
-			want: want{
-				sqlExpectations: mockQueries(
-					regexp.QuoteMeta(preparePrivateKeysStmt),
-					nil,
-					nil,
-				),
-				err: func(err error) (error, bool) {
-					if !zerrors.IsNotFound(err) {
-						return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
-					}
-					return nil, true
-				},
-			},
-			object: &PrivateKeys{Keys: []PrivateKey{}},
-		},
-		{
-			name:    "preparePrivateKeysQuery found",
-			prepare: preparePrivateKeysQuery,
-			want: want{
-				sqlExpectations: mockQueries(
-					regexp.QuoteMeta(preparePrivateKeysStmt),
-					preparePublicKeysCols,
-					[][]driver.Value{
-						{
-							"key-id",
-							testNow,
-							testNow,
-							uint64(20211109),
-							"ro",
-							"RS256",
-							0,
-							testNow,
-							[]byte(`{"Algorithm": "enc", "Crypted": "cHJpdmF0ZUtleQ==", "CryptoType": 0, "KeyID": "id"}`),
-						},
-					},
-				),
-			},
-			object: &PrivateKeys{
-				SearchResponse: SearchResponse{
-					Count: 1,
-				},
-				Keys: []PrivateKey{
-					&privateKey{
-						key: key{
-							id:            "key-id",
-							creationDate:  testNow,
-							changeDate:    testNow,
-							sequence:      20211109,
-							resourceOwner: "ro",
-							algorithm:     "RS256",
-							use:           crypto.KeyUsageSigning,
-						},
-						expiry: testNow,
-						privateKey: &crypto.CryptoValue{
-							CryptoType: crypto.TypeEncryption,
-							Algorithm:  "enc",
-							KeyID:      "id",
-							Crypted:    []byte("privateKey"),
-						},
-					},
-				},
-			},
-		},
-		{
-			name:    "preparePrivateKeysQuery sql err",
-			prepare: preparePrivateKeysQuery,
-			want: want{
-				sqlExpectations: mockQueryErr(
-					regexp.QuoteMeta(preparePrivateKeysStmt),
-					sql.ErrConnDone,
-				),
-				err: func(err error) (error, bool) {
-					if !errors.Is(err, sql.ErrConnDone) {
-						return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
-					}
-					return nil, true
-				},
-			},
-			object: (*PrivateKeys)(nil),
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			assertPrepare(t, tt.prepare, tt.object, tt.want.sqlExpectations, tt.want.err)
-		})
-	}
-}
-
-func fromBase16(base16 string) *big.Int {
-	i, ok := new(big.Int).SetString(base16, 16)
-	if !ok {
-		panic("bad number: " + base16)
-	}
-	return i
-}
-
-const pubKey = `-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs38btwb3c7r0tMaQpGvB
-mY+mPwMU/LpfuPoC0k2t4RsKp0fv40SMl50CRrHgk395wch8PMPYbl3+8TtYAJuy
-rFALIj3Ff1UcKIk0hOH5DDsfh7/q2wFuncTmS6bifYo8CfSq2vDGnM7nZnEvxY/M
-fSydZdcmIqlkUpfQmtzExw9+tSe5Dxq6gn5JtlGgLgZGt69r5iMMrTEGhhVAXzNu
-MZbmlCoBru+rC8ITlTX/0V1ZcsSbL8tYWhthyu9x6yjo1bH85wiVI4gs0MhU8f2a
-+kjL/KGZbR14Ua2eo6tonBZLC5DHWM2TkYXgRCDPufjcgmzN0Lm91E4P8KvBcvly
-6QIDAQAB
------END PUBLIC KEY-----
-`
-
-func TestQueries_GetPublicKeyByID(t *testing.T) {
-	now := time.Now()
-	future := now.Add(time.Hour)
-
-	tests := []struct {
-		name       string
-		eventstore func(*testing.T) *eventstore.Eventstore
-		encryption func(*testing.T) *crypto.MockEncryptionAlgorithm
-		want       *rsaPublicKey
-		wantErr    error
-	}{
-		{
-			name: "filter error",
-			eventstore: expectEventstore(
-				expectFilterError(io.ErrClosedPipe),
-			),
-			wantErr: io.ErrClosedPipe,
-		},
-		{
-			name: "not found error",
-			eventstore: expectEventstore(
-				expectFilter(),
-			),
-			wantErr: zerrors.ThrowNotFound(nil, "QUERY-Ahf7x", "Errors.Key.NotFound"),
-		},
-		{
-			name: "decrypt error",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(key_repo.NewAddedEvent(context.Background(),
-						&eventstore.Aggregate{
-							ID:            "keyID",
-							Type:          key_repo.AggregateType,
-							ResourceOwner: "instanceID",
-							InstanceID:    "instanceID",
-							Version:       key_repo.AggregateVersion,
-						},
-						crypto.KeyUsageSigning, "alg",
-						&crypto.CryptoValue{
-							CryptoType: crypto.TypeEncryption,
-							Algorithm:  "alg",
-							KeyID:      "keyID",
-							Crypted:    []byte("private"),
-						},
-						&crypto.CryptoValue{
-							CryptoType: crypto.TypeEncryption,
-							Algorithm:  "alg",
-							KeyID:      "keyID",
-							Crypted:    []byte("public"),
-						},
-						future,
-						future,
-					)),
-				),
-			),
-			encryption: func(t *testing.T) *crypto.MockEncryptionAlgorithm {
-				encryption := crypto.NewMockEncryptionAlgorithm(gomock.NewController(t))
-				expect := encryption.EXPECT()
-				expect.Algorithm().Return("alg")
-				expect.DecryptionKeyIDs().Return([]string{})
-				return encryption
-			},
-			wantErr: zerrors.ThrowInternal(nil, "QUERY-Ie4oh", "Errors.Internal"),
-		},
-		{
-			name: "parse error",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(key_repo.NewAddedEvent(context.Background(),
-						&eventstore.Aggregate{
-							ID:            "keyID",
-							Type:          key_repo.AggregateType,
-							ResourceOwner: "instanceID",
-							InstanceID:    "instanceID",
-							Version:       key_repo.AggregateVersion,
-						},
-						crypto.KeyUsageSigning, "alg",
-						&crypto.CryptoValue{
-							CryptoType: crypto.TypeEncryption,
-							Algorithm:  "alg",
-							KeyID:      "keyID",
-							Crypted:    []byte("private"),
-						},
-						&crypto.CryptoValue{
-							CryptoType: crypto.TypeEncryption,
-							Algorithm:  "alg",
-							KeyID:      "keyID",
-							Crypted:    []byte("public"),
-						},
-						future,
-						future,
-					)),
-				),
-			),
-			encryption: func(t *testing.T) *crypto.MockEncryptionAlgorithm {
-				encryption := crypto.NewMockEncryptionAlgorithm(gomock.NewController(t))
-				expect := encryption.EXPECT()
-				expect.Algorithm().Return("alg")
-				expect.DecryptionKeyIDs().Return([]string{"keyID"})
-				expect.Decrypt([]byte("public"), "keyID").Return([]byte("foo"), nil)
-				return encryption
-			},
-			wantErr: zerrors.ThrowInternal(nil, "QUERY-Kai2Z", "Errors.Internal"),
-		},
-		{
-			name: "success",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(key_repo.NewAddedEvent(context.Background(),
-						&eventstore.Aggregate{
-							ID:            "keyID",
-							Type:          key_repo.AggregateType,
-							ResourceOwner: "instanceID",
-							InstanceID:    "instanceID",
-							Version:       key_repo.AggregateVersion,
-						},
-						crypto.KeyUsageSigning, "alg",
-						&crypto.CryptoValue{
-							CryptoType: crypto.TypeEncryption,
-							Algorithm:  "alg",
-							KeyID:      "keyID",
-							Crypted:    []byte("private"),
-						},
-						&crypto.CryptoValue{
-							CryptoType: crypto.TypeEncryption,
-							Algorithm:  "alg",
-							KeyID:      "keyID",
-							Crypted:    []byte("public"),
-						},
-						future,
-						future,
-					)),
-				),
-			),
-			encryption: func(t *testing.T) *crypto.MockEncryptionAlgorithm {
-				encryption := crypto.NewMockEncryptionAlgorithm(gomock.NewController(t))
-				expect := encryption.EXPECT()
-				expect.Algorithm().Return("alg")
-				expect.DecryptionKeyIDs().Return([]string{"keyID"})
-				expect.Decrypt([]byte("public"), "keyID").Return([]byte(pubKey), nil)
-				return encryption
-			},
-			want: &rsaPublicKey{
-				key: key{
-					id:            "keyID",
-					resourceOwner: "instanceID",
-					algorithm:     "alg",
-					use:           crypto.KeyUsageSigning,
-				},
-				expiry: future,
-				publicKey: func() *rsa.PublicKey {
-					publicKey, err := crypto.BytesToPublicKey([]byte(pubKey))
-					if err != nil {
-						panic(err)
-					}
-					return publicKey
-				}(),
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			q := &Queries{
-				eventstore: tt.eventstore(t),
-			}
-			if tt.encryption != nil {
-				q.keyEncryptionAlgorithm = tt.encryption(t)
-			}
-			ctx := authz.NewMockContext("instanceID", "orgID", "loginClient")
-			key, err := q.GetPublicKeyByID(ctx, "keyID")
-			if tt.wantErr != nil {
-				require.ErrorIs(t, err, tt.wantErr)
-				return
-			}
-			require.NoError(t, err)
-			require.NotNil(t, key)
-
-			got := key.(*rsaPublicKey)
-			assert.WithinDuration(t, tt.want.expiry, got.expiry, time.Second)
-			tt.want.expiry = time.Time{}
-			got.expiry = time.Time{}
-			assert.Equal(t, tt.want, got)
-		})
-	}
-}
diff --git a/internal/query/projection/instance_features.go b/internal/query/projection/instance_features.go
index 443353c2e5..3c33ff6fdf 100644
--- a/internal/query/projection/instance_features.go
+++ b/internal/query/projection/instance_features.go
@@ -80,10 +80,6 @@ func (*instanceFeatureProjection) Reducers() []handler.AggregateReducer {
 				Event:  feature_v2.InstanceImprovedPerformanceEventType,
 				Reduce: reduceInstanceSetFeature[[]feature.ImprovedPerformanceType],
 			},
-			{
-				Event:  feature_v2.InstanceWebKeyEventType,
-				Reduce: reduceInstanceSetFeature[bool],
-			},
 			{
 				Event:  feature_v2.InstanceDebugOIDCParentErrorEventType,
 				Reduce: reduceInstanceSetFeature[bool],
diff --git a/internal/repository/feature/feature_v2/eventstore.go b/internal/repository/feature/feature_v2/eventstore.go
index 62fa568fca..25d0f270f6 100644
--- a/internal/repository/feature/feature_v2/eventstore.go
+++ b/internal/repository/feature/feature_v2/eventstore.go
@@ -24,7 +24,6 @@ func init() {
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceUserSchemaEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceTokenExchangeEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceImprovedPerformanceEventType, eventstore.GenericEventMapper[SetEvent[[]feature.ImprovedPerformanceType]])
-	eventstore.RegisterFilterEventMapper(AggregateType, InstanceWebKeyEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceDebugOIDCParentErrorEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceOIDCSingleV1SessionTerminationEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceDisableUserTokenEvent, eventstore.GenericEventMapper[SetEvent[bool]])
diff --git a/internal/repository/feature/feature_v2/feature.go b/internal/repository/feature/feature_v2/feature.go
index f75fae618b..a87042d72a 100644
--- a/internal/repository/feature/feature_v2/feature.go
+++ b/internal/repository/feature/feature_v2/feature.go
@@ -29,7 +29,6 @@ var (
 	InstanceUserSchemaEventType                      = setEventTypeFromFeature(feature.LevelInstance, feature.KeyUserSchema)
 	InstanceTokenExchangeEventType                   = setEventTypeFromFeature(feature.LevelInstance, feature.KeyTokenExchange)
 	InstanceImprovedPerformanceEventType             = setEventTypeFromFeature(feature.LevelInstance, feature.KeyImprovedPerformance)
-	InstanceWebKeyEventType                          = setEventTypeFromFeature(feature.LevelInstance, feature.KeyWebKey)
 	InstanceDebugOIDCParentErrorEventType            = setEventTypeFromFeature(feature.LevelInstance, feature.KeyDebugOIDCParentError)
 	InstanceOIDCSingleV1SessionTerminationEventType  = setEventTypeFromFeature(feature.LevelInstance, feature.KeyOIDCSingleV1SessionTermination)
 	InstanceDisableUserTokenEvent                    = setEventTypeFromFeature(feature.LevelInstance, feature.KeyDisableUserTokenEvent)
diff --git a/proto/zitadel/feature/v2/instance.proto b/proto/zitadel/feature/v2/instance.proto
index 0455befb46..efbe5e3cdf 100644
--- a/proto/zitadel/feature/v2/instance.proto
+++ b/proto/zitadel/feature/v2/instance.proto
@@ -11,8 +11,8 @@ import "zitadel/feature/v2/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2;feature";
 
 message SetInstanceFeaturesRequest{
-  reserved 3, 6;
-  reserved "oidc_legacy_introspection", "actions";
+  reserved 3, 6, 8;
+  reserved "oidc_legacy_introspection", "actions", "web_key";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -49,13 +49,6 @@ message SetInstanceFeaturesRequest{
     }
   ];
 
-  optional bool web_key = 8 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable the webkey/v3alpha API. The first time this feature is enabled, web keys are generated and activated.";
-    }
-  ];
-
   optional bool debug_oidc_parent_error = 9 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -125,8 +118,8 @@ message GetInstanceFeaturesRequest {
 }
 
 message GetInstanceFeaturesResponse {
-  reserved 4, 7;
-  reserved "oidc_legacy_introspection", "actions";
+  reserved 4, 7, 9;
+  reserved "oidc_legacy_introspection", "actions", "web_key";
   zitadel.object.v2.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -163,13 +156,6 @@ message GetInstanceFeaturesResponse {
     }
   ];
 
-  FeatureFlag web_key = 9 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable the webkey/v3alpha API. The first time this feature is enabled, web keys are generated and activated.";
-    }
-  ];
-
   FeatureFlag debug_oidc_parent_error = 10 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
diff --git a/proto/zitadel/feature/v2beta/instance.proto b/proto/zitadel/feature/v2beta/instance.proto
index 8028305fe4..7968668e50 100644
--- a/proto/zitadel/feature/v2beta/instance.proto
+++ b/proto/zitadel/feature/v2beta/instance.proto
@@ -11,8 +11,8 @@ import "zitadel/feature/v2beta/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta;feature";
 
 message SetInstanceFeaturesRequest{
-  reserved 3, 6;
-  reserved "oidc_legacy_introspection", "actions";
+  reserved 3, 6, 8;
+  reserved "oidc_legacy_introspection", "actions", "web_key";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -49,13 +49,6 @@ message SetInstanceFeaturesRequest{
     }
   ];
 
-  optional bool web_key = 8 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable the webkey/v3alpha API. The first time this feature is enabled, web keys are generated and activated.";
-    }
-  ];
-
   optional bool debug_oidc_parent_error = 9 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -91,8 +84,8 @@ message GetInstanceFeaturesRequest {
 }
 
 message GetInstanceFeaturesResponse {
-  reserved 4, 7;
-  reserved "oidc_legacy_introspection", "actions";
+  reserved 4, 7, 9;
+  reserved "oidc_legacy_introspection", "actions", "web_key";
   zitadel.object.v2beta.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -129,13 +122,6 @@ message GetInstanceFeaturesResponse {
     }
   ];
 
-  FeatureFlag web_key = 9 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable the webkey/v3alpha API. The first time this feature is enabled, web keys are generated and activated.";
-    }
-  ];
-
   FeatureFlag debug_oidc_parent_error = 10 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";

From 2691dae2b6355d3e962be791db28b88d4b763f98 Mon Sep 17 00:00:00 2001
From: "Marco A." <marco@zitadel.com>
Date: Fri, 27 Jun 2025 17:25:44 +0200
Subject: [PATCH 107/123] feat: App API v2 (#10077)

# Which Problems Are Solved

This PR *partially* addresses #9450 . Specifically, it implements the
resource based API for the apps. APIs for app keys ARE not part of this
PR.

# How the Problems Are Solved

- `CreateApplication`, `PatchApplication` (update) and
`RegenerateClientSecret` endpoints are now unique for all app types:
API, SAML and OIDC apps.
  - All new endpoints have integration tests
  - All new endpoints are using permission checks V2

# Additional Changes

- The `ListApplications` endpoint allows to do sorting (see protobuf for
details) and filtering by app type (see protobuf).
- SAML and OIDC update endpoint can now receive requests for partial
updates

# Additional Context

Partially addresses #9450
---
 cmd/start/start.go                            |    5 +
 internal/api/grpc/admin/export.go             |    2 +-
 internal/api/grpc/app/v2beta/app.go           |  208 +++
 .../api/grpc/app/v2beta/convert/api_app.go    |   60 +
 .../grpc/app/v2beta/convert/api_app_test.go   |  149 ++
 .../api/grpc/app/v2beta/convert/convert.go    |  165 ++
 .../grpc/app/v2beta/convert/convert_test.go   |  520 ++++++
 .../api/grpc/app/v2beta/convert/oidc_app.go   |  291 ++++
 .../grpc/app/v2beta/convert/oidc_app_test.go  |  755 +++++++++
 .../api/grpc/app/v2beta/convert/saml_app.go   |   77 +
 .../grpc/app/v2beta/convert/saml_app_test.go  |  256 +++
 .../app/v2beta/integration_test/app_test.go   | 1446 +++++++++++++++++
 .../app/v2beta/integration_test/query_test.go |  575 +++++++
 .../v2beta/integration_test/server_test.go    |  205 +++
 internal/api/grpc/app/v2beta/query.go         |   37 +
 internal/api/grpc/app/v2beta/server.go        |   57 +
 internal/api/grpc/filter/v2/converter.go      |   23 +
 .../grpc/management/project_application.go    |   10 +-
 .../project_application_converter.go          |   64 +-
 .../eventsourcing/view/application.go         |    2 +-
 internal/command/permission_checks.go         |    8 +
 internal/command/project_application.go       |   28 +-
 internal/command/project_application_api.go   |   37 +-
 .../command/project_application_api_test.go   |   21 +-
 internal/command/project_application_oidc.go  |   71 +-
 .../command/project_application_oidc_model.go |   82 +-
 .../command/project_application_oidc_test.go  |  279 ++--
 internal/command/project_application_saml.go  |   40 +-
 .../command/project_application_saml_model.go |   22 +-
 .../command/project_application_saml_test.go  |  161 +-
 internal/command/project_application_test.go  |  133 +-
 internal/command/project_converter.go         |   43 +-
 internal/command/project_model.go             |   12 +-
 internal/domain/application_oidc.go           |   93 +-
 internal/domain/application_oidc_test.go      |   57 +-
 internal/domain/application_saml.go           |   13 +-
 internal/domain/permission.go                 |    3 +
 internal/integration/client.go                |    3 +
 internal/project/model/oidc_config.go         |    4 +-
 internal/query/app.go                         |   92 +-
 pkg/grpc/app/v2beta/application.go            |    5 +
 proto/zitadel/app/v2beta/api.proto            |   26 +
 proto/zitadel/app/v2beta/app.proto            |   94 ++
 proto/zitadel/app/v2beta/app_service.proto    |  788 +++++++++
 proto/zitadel/app/v2beta/login.proto          |   18 +
 proto/zitadel/app/v2beta/oidc.proto           |  166 ++
 proto/zitadel/app/v2beta/saml.proto           |   20 +
 proto/zitadel/management.proto                |  222 +--
 48 files changed, 6845 insertions(+), 603 deletions(-)
 create mode 100644 internal/api/grpc/app/v2beta/app.go
 create mode 100644 internal/api/grpc/app/v2beta/convert/api_app.go
 create mode 100644 internal/api/grpc/app/v2beta/convert/api_app_test.go
 create mode 100644 internal/api/grpc/app/v2beta/convert/convert.go
 create mode 100644 internal/api/grpc/app/v2beta/convert/convert_test.go
 create mode 100644 internal/api/grpc/app/v2beta/convert/oidc_app.go
 create mode 100644 internal/api/grpc/app/v2beta/convert/oidc_app_test.go
 create mode 100644 internal/api/grpc/app/v2beta/convert/saml_app.go
 create mode 100644 internal/api/grpc/app/v2beta/convert/saml_app_test.go
 create mode 100644 internal/api/grpc/app/v2beta/integration_test/app_test.go
 create mode 100644 internal/api/grpc/app/v2beta/integration_test/query_test.go
 create mode 100644 internal/api/grpc/app/v2beta/integration_test/server_test.go
 create mode 100644 internal/api/grpc/app/v2beta/query.go
 create mode 100644 internal/api/grpc/app/v2beta/server.go
 create mode 100644 pkg/grpc/app/v2beta/application.go
 create mode 100644 proto/zitadel/app/v2beta/api.proto
 create mode 100644 proto/zitadel/app/v2beta/app.proto
 create mode 100644 proto/zitadel/app/v2beta/app_service.proto
 create mode 100644 proto/zitadel/app/v2beta/login.proto
 create mode 100644 proto/zitadel/app/v2beta/oidc.proto
 create mode 100644 proto/zitadel/app/v2beta/saml.proto

diff --git a/cmd/start/start.go b/cmd/start/start.go
index 3c3b5cb3e0..dbd6289041 100644
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -36,6 +36,7 @@ import (
 	internal_authz "github.com/zitadel/zitadel/internal/api/authz"
 	action_v2_beta "github.com/zitadel/zitadel/internal/api/grpc/action/v2beta"
 	"github.com/zitadel/zitadel/internal/api/grpc/admin"
+	app "github.com/zitadel/zitadel/internal/api/grpc/app/v2beta"
 	"github.com/zitadel/zitadel/internal/api/grpc/auth"
 	feature_v2 "github.com/zitadel/zitadel/internal/api/grpc/feature/v2"
 	feature_v2beta "github.com/zitadel/zitadel/internal/api/grpc/feature/v2beta"
@@ -509,6 +510,10 @@ func startAPIs(
 	if err := apis.RegisterService(ctx, debug_events.CreateServer(commands, queries)); err != nil {
 		return nil, err
 	}
+	if err := apis.RegisterService(ctx, app.CreateServer(commands, queries, permissionCheck)); err != nil {
+		return nil, err
+	}
+
 	instanceInterceptor := middleware.InstanceInterceptor(queries, config.ExternalDomain, login.IgnoreInstanceEndpoints...)
 	assetsCache := middleware.AssetsCacheInterceptor(config.AssetStorage.Cache.MaxAge, config.AssetStorage.Cache.SharedMaxAge)
 	apis.RegisterHandlerOnPrefix(assets.HandlerPrefix, assets.NewHandler(commands, verifier, config.SystemAuthZ, config.InternalAuthZ, id.SonyFlakeGenerator(), store, queries, middleware.CallDurationHandler, instanceInterceptor.Handler, assetsCache.Handler, limitingAccessInterceptor.Handle))
diff --git a/internal/api/grpc/admin/export.go b/internal/api/grpc/admin/export.go
index b5d36272d4..8024cd9d6e 100644
--- a/internal/api/grpc/admin/export.go
+++ b/internal/api/grpc/admin/export.go
@@ -783,7 +783,7 @@ func (s *Server) getProjectsAndApps(ctx context.Context, org string) ([]*v1_pb.D
 		if err != nil {
 			return nil, nil, nil, nil, nil, err
 		}
-		apps, err := s.query.SearchApps(ctx, &query.AppSearchQueries{Queries: []query.SearchQuery{appSearch}}, false)
+		apps, err := s.query.SearchApps(ctx, &query.AppSearchQueries{Queries: []query.SearchQuery{appSearch}}, nil)
 		if err != nil {
 			return nil, nil, nil, nil, nil, err
 		}
diff --git a/internal/api/grpc/app/v2beta/app.go b/internal/api/grpc/app/v2beta/app.go
new file mode 100644
index 0000000000..48c602f454
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/app.go
@@ -0,0 +1,208 @@
+package app
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/api/grpc/app/v2beta/convert"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+func (s *Server) CreateApplication(ctx context.Context, req *app.CreateApplicationRequest) (*app.CreateApplicationResponse, error) {
+	switch t := req.GetCreationRequestType().(type) {
+	case *app.CreateApplicationRequest_ApiRequest:
+		apiApp, err := s.command.AddAPIApplication(ctx, convert.CreateAPIApplicationRequestToDomain(req.GetName(), req.GetProjectId(), req.GetId(), t.ApiRequest), "")
+		if err != nil {
+			return nil, err
+		}
+
+		return &app.CreateApplicationResponse{
+			AppId:        apiApp.AppID,
+			CreationDate: timestamppb.New(apiApp.ChangeDate),
+			CreationResponseType: &app.CreateApplicationResponse_ApiResponse{
+				ApiResponse: &app.CreateAPIApplicationResponse{
+					ClientId:     apiApp.ClientID,
+					ClientSecret: apiApp.ClientSecretString,
+				},
+			},
+		}, nil
+
+	case *app.CreateApplicationRequest_OidcRequest:
+		oidcAppRequest, err := convert.CreateOIDCAppRequestToDomain(req.GetName(), req.GetProjectId(), req.GetOidcRequest())
+		if err != nil {
+			return nil, err
+		}
+
+		oidcApp, err := s.command.AddOIDCApplication(ctx, oidcAppRequest, "")
+		if err != nil {
+			return nil, err
+		}
+
+		return &app.CreateApplicationResponse{
+			AppId:        oidcApp.AppID,
+			CreationDate: timestamppb.New(oidcApp.ChangeDate),
+			CreationResponseType: &app.CreateApplicationResponse_OidcResponse{
+				OidcResponse: &app.CreateOIDCApplicationResponse{
+					ClientId:           oidcApp.ClientID,
+					ClientSecret:       oidcApp.ClientSecretString,
+					NoneCompliant:      oidcApp.Compliance.NoneCompliant,
+					ComplianceProblems: convert.ComplianceProblemsToLocalizedMessages(oidcApp.Compliance.Problems),
+				},
+			},
+		}, nil
+
+	case *app.CreateApplicationRequest_SamlRequest:
+		samlAppRequest, err := convert.CreateSAMLAppRequestToDomain(req.GetName(), req.GetProjectId(), req.GetSamlRequest())
+		if err != nil {
+			return nil, err
+		}
+
+		samlApp, err := s.command.AddSAMLApplication(ctx, samlAppRequest, "")
+		if err != nil {
+			return nil, err
+		}
+
+		return &app.CreateApplicationResponse{
+			AppId:        samlApp.AppID,
+			CreationDate: timestamppb.New(samlApp.ChangeDate),
+			CreationResponseType: &app.CreateApplicationResponse_SamlResponse{
+				SamlResponse: &app.CreateSAMLApplicationResponse{},
+			},
+		}, nil
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "APP-0iiN46", "unknown app type")
+	}
+}
+
+func (s *Server) UpdateApplication(ctx context.Context, req *app.UpdateApplicationRequest) (*app.UpdateApplicationResponse, error) {
+	var changedTime time.Time
+
+	if name := strings.TrimSpace(req.GetName()); name != "" {
+		updatedDetails, err := s.command.UpdateApplicationName(
+			ctx,
+			req.GetProjectId(),
+			&domain.ChangeApp{
+				AppID:   req.GetId(),
+				AppName: name,
+			},
+			"",
+		)
+		if err != nil {
+			return nil, err
+		}
+
+		changedTime = updatedDetails.EventDate
+	}
+
+	switch t := req.GetUpdateRequestType().(type) {
+	case *app.UpdateApplicationRequest_ApiConfigurationRequest:
+		updatedAPIApp, err := s.command.UpdateAPIApplication(ctx, convert.UpdateAPIApplicationConfigurationRequestToDomain(req.GetId(), req.GetProjectId(), t.ApiConfigurationRequest), "")
+		if err != nil {
+			return nil, err
+		}
+
+		changedTime = updatedAPIApp.ChangeDate
+
+	case *app.UpdateApplicationRequest_OidcConfigurationRequest:
+		oidcApp, err := convert.UpdateOIDCAppConfigRequestToDomain(req.GetId(), req.GetProjectId(), t.OidcConfigurationRequest)
+		if err != nil {
+			return nil, err
+		}
+
+		updatedOIDCApp, err := s.command.UpdateOIDCApplication(ctx, oidcApp, "")
+		if err != nil {
+			return nil, err
+		}
+
+		changedTime = updatedOIDCApp.ChangeDate
+
+	case *app.UpdateApplicationRequest_SamlConfigurationRequest:
+		samlApp, err := convert.UpdateSAMLAppConfigRequestToDomain(req.GetId(), req.GetProjectId(), t.SamlConfigurationRequest)
+		if err != nil {
+			return nil, err
+		}
+
+		updatedSAMLApp, err := s.command.UpdateSAMLApplication(ctx, samlApp, "")
+		if err != nil {
+			return nil, err
+		}
+
+		changedTime = updatedSAMLApp.ChangeDate
+	}
+
+	return &app.UpdateApplicationResponse{
+		ChangeDate: timestamppb.New(changedTime),
+	}, nil
+}
+
+func (s *Server) DeleteApplication(ctx context.Context, req *app.DeleteApplicationRequest) (*app.DeleteApplicationResponse, error) {
+	details, err := s.command.RemoveApplication(ctx, req.GetProjectId(), req.GetId(), "")
+	if err != nil {
+		return nil, err
+	}
+
+	return &app.DeleteApplicationResponse{
+		DeletionDate: timestamppb.New(details.EventDate),
+	}, nil
+}
+
+func (s *Server) DeactivateApplication(ctx context.Context, req *app.DeactivateApplicationRequest) (*app.DeactivateApplicationResponse, error) {
+	details, err := s.command.DeactivateApplication(ctx, req.GetProjectId(), req.GetId(), "")
+	if err != nil {
+		return nil, err
+	}
+
+	return &app.DeactivateApplicationResponse{
+		DeactivationDate: timestamppb.New(details.EventDate),
+	}, nil
+
+}
+
+func (s *Server) ReactivateApplication(ctx context.Context, req *app.ReactivateApplicationRequest) (*app.ReactivateApplicationResponse, error) {
+	details, err := s.command.ReactivateApplication(ctx, req.GetProjectId(), req.GetId(), "")
+	if err != nil {
+		return nil, err
+	}
+
+	return &app.ReactivateApplicationResponse{
+		ReactivationDate: timestamppb.New(details.EventDate),
+	}, nil
+
+}
+
+func (s *Server) RegenerateClientSecret(ctx context.Context, req *app.RegenerateClientSecretRequest) (*app.RegenerateClientSecretResponse, error) {
+	var secret string
+	var changeDate time.Time
+
+	switch req.GetAppType().(type) {
+	case *app.RegenerateClientSecretRequest_IsApi:
+		config, err := s.command.ChangeAPIApplicationSecret(ctx, req.GetProjectId(), req.GetApplicationId(), "")
+		if err != nil {
+			return nil, err
+		}
+		secret = config.ClientSecretString
+		changeDate = config.ChangeDate
+
+	case *app.RegenerateClientSecretRequest_IsOidc:
+		config, err := s.command.ChangeOIDCApplicationSecret(ctx, req.GetProjectId(), req.GetApplicationId(), "")
+		if err != nil {
+			return nil, err
+		}
+
+		secret = config.ClientSecretString
+		changeDate = config.ChangeDate
+
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "APP-aLWIzw", "unknown app type")
+	}
+
+	return &app.RegenerateClientSecretResponse{
+		ClientSecret: secret,
+		CreationDate: timestamppb.New(changeDate),
+	}, nil
+}
diff --git a/internal/api/grpc/app/v2beta/convert/api_app.go b/internal/api/grpc/app/v2beta/convert/api_app.go
new file mode 100644
index 0000000000..bad76ab0d5
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/convert/api_app.go
@@ -0,0 +1,60 @@
+package convert
+
+import (
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/query"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+func CreateAPIApplicationRequestToDomain(name, projectID, appID string, app *app.CreateAPIApplicationRequest) *domain.APIApp {
+	return &domain.APIApp{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: projectID,
+		},
+		AppName:        name,
+		AppID:          appID,
+		AuthMethodType: apiAuthMethodTypeToDomain(app.GetAuthMethodType()),
+	}
+}
+
+func UpdateAPIApplicationConfigurationRequestToDomain(appID, projectID string, app *app.UpdateAPIApplicationConfigurationRequest) *domain.APIApp {
+	return &domain.APIApp{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: projectID,
+		},
+		AppID:          appID,
+		AuthMethodType: apiAuthMethodTypeToDomain(app.GetAuthMethodType()),
+	}
+}
+
+func appAPIConfigToPb(apiApp *query.APIApp) app.ApplicationConfig {
+	return &app.Application_ApiConfig{
+		ApiConfig: &app.APIConfig{
+			ClientId:       apiApp.ClientID,
+			AuthMethodType: apiAuthMethodTypeToPb(apiApp.AuthMethodType),
+		},
+	}
+}
+
+func apiAuthMethodTypeToDomain(authType app.APIAuthMethodType) domain.APIAuthMethodType {
+	switch authType {
+	case app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC:
+		return domain.APIAuthMethodTypeBasic
+	case app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT:
+		return domain.APIAuthMethodTypePrivateKeyJWT
+	default:
+		return domain.APIAuthMethodTypeBasic
+	}
+}
+
+func apiAuthMethodTypeToPb(methodType domain.APIAuthMethodType) app.APIAuthMethodType {
+	switch methodType {
+	case domain.APIAuthMethodTypeBasic:
+		return app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC
+	case domain.APIAuthMethodTypePrivateKeyJWT:
+		return app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
+	default:
+		return app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/convert/api_app_test.go b/internal/api/grpc/app/v2beta/convert/api_app_test.go
new file mode 100644
index 0000000000..9f15c3df76
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/convert/api_app_test.go
@@ -0,0 +1,149 @@
+package convert
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+func TestCreateAPIApplicationRequestToDomain(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name      string
+		appName   string
+		projectID string
+		appID     string
+		req       *app.CreateAPIApplicationRequest
+		want      *domain.APIApp
+	}{
+		{
+			name:      "basic auth method",
+			appName:   "my-app",
+			projectID: "proj-1",
+			appID:     "someID",
+			req: &app.CreateAPIApplicationRequest{
+				AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC,
+			},
+			want: &domain.APIApp{
+				ObjectRoot:     models.ObjectRoot{AggregateID: "proj-1"},
+				AppName:        "my-app",
+				AuthMethodType: domain.APIAuthMethodTypeBasic,
+				AppID:          "someID",
+			},
+		},
+		{
+			name:      "private key jwt",
+			appName:   "jwt-app",
+			projectID: "proj-2",
+			req: &app.CreateAPIApplicationRequest{
+				AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT,
+			},
+			want: &domain.APIApp{
+				ObjectRoot:     models.ObjectRoot{AggregateID: "proj-2"},
+				AppName:        "jwt-app",
+				AuthMethodType: domain.APIAuthMethodTypePrivateKeyJWT,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			got := CreateAPIApplicationRequestToDomain(tt.appName, tt.projectID, tt.appID, tt.req)
+
+			// Then
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func TestUpdateAPIApplicationConfigurationRequestToDomain(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name      string
+		appID     string
+		projectID string
+		req       *app.UpdateAPIApplicationConfigurationRequest
+		want      *domain.APIApp
+	}{
+		{
+			name:      "basic auth method",
+			appID:     "app-1",
+			projectID: "proj-1",
+			req: &app.UpdateAPIApplicationConfigurationRequest{
+				AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC,
+			},
+			want: &domain.APIApp{
+				ObjectRoot:     models.ObjectRoot{AggregateID: "proj-1"},
+				AppID:          "app-1",
+				AuthMethodType: domain.APIAuthMethodTypeBasic,
+			},
+		},
+		{
+			name:      "private key jwt",
+			appID:     "app-2",
+			projectID: "proj-2",
+			req: &app.UpdateAPIApplicationConfigurationRequest{
+				AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT,
+			},
+			want: &domain.APIApp{
+				ObjectRoot:     models.ObjectRoot{AggregateID: "proj-2"},
+				AppID:          "app-2",
+				AuthMethodType: domain.APIAuthMethodTypePrivateKeyJWT,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			got := UpdateAPIApplicationConfigurationRequestToDomain(tt.appID, tt.projectID, tt.req)
+
+			// Then
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_apiAuthMethodTypeToPb(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name           string
+		methodType     domain.APIAuthMethodType
+		expectedResult app.APIAuthMethodType
+	}{
+		{
+			name:           "basic auth method",
+			methodType:     domain.APIAuthMethodTypeBasic,
+			expectedResult: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC,
+		},
+		{
+			name:           "private key jwt",
+			methodType:     domain.APIAuthMethodTypePrivateKeyJWT,
+			expectedResult: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT,
+		},
+		{
+			name:           "unknown auth method defaults to basic",
+			expectedResult: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC,
+		},
+	}
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res := apiAuthMethodTypeToPb(tc.methodType)
+
+			// Then
+			assert.Equal(t, tc.expectedResult, res)
+		})
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/convert/convert.go b/internal/api/grpc/app/v2beta/convert/convert.go
new file mode 100644
index 0000000000..c732b3a0c5
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/convert/convert.go
@@ -0,0 +1,165 @@
+package convert
+
+import (
+	"net/url"
+
+	"github.com/muhlemmer/gu"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/api/grpc/filter/v2"
+	"github.com/zitadel/zitadel/internal/config/systemdefaults"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+func AppToPb(query_app *query.App) *app.Application {
+	if query_app == nil {
+		return &app.Application{}
+	}
+
+	return &app.Application{
+		Id:           query_app.ID,
+		CreationDate: timestamppb.New(query_app.CreationDate),
+		ChangeDate:   timestamppb.New(query_app.ChangeDate),
+		State:        appStateToPb(query_app.State),
+		Name:         query_app.Name,
+		Config:       appConfigToPb(query_app),
+	}
+}
+
+func AppsToPb(queryApps []*query.App) []*app.Application {
+	pbApps := make([]*app.Application, len(queryApps))
+
+	for i, queryApp := range queryApps {
+		pbApps[i] = AppToPb(queryApp)
+	}
+
+	return pbApps
+}
+
+func ListApplicationsRequestToModel(sysDefaults systemdefaults.SystemDefaults, req *app.ListApplicationsRequest) (*query.AppSearchQueries, error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(sysDefaults, req.GetPagination())
+	if err != nil {
+		return nil, err
+	}
+
+	queries, err := appQueriesToModel(req.GetFilters())
+	if err != nil {
+		return nil, err
+	}
+	projectQuery, err := query.NewAppProjectIDSearchQuery(req.GetProjectId())
+	if err != nil {
+		return nil, err
+	}
+
+	queries = append(queries, projectQuery)
+	return &query.AppSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset:        offset,
+			Limit:         limit,
+			Asc:           asc,
+			SortingColumn: appSortingToColumn(req.GetSortingColumn()),
+		},
+
+		Queries: queries,
+	}, nil
+}
+
+func appSortingToColumn(sortingCriteria app.AppSorting) query.Column {
+	switch sortingCriteria {
+	case app.AppSorting_APP_SORT_BY_CHANGE_DATE:
+		return query.AppColumnChangeDate
+	case app.AppSorting_APP_SORT_BY_CREATION_DATE:
+		return query.AppColumnCreationDate
+	case app.AppSorting_APP_SORT_BY_NAME:
+		return query.AppColumnName
+	case app.AppSorting_APP_SORT_BY_STATE:
+		return query.AppColumnState
+	case app.AppSorting_APP_SORT_BY_ID:
+		fallthrough
+	default:
+		return query.AppColumnID
+	}
+}
+
+func appStateToPb(state domain.AppState) app.AppState {
+	switch state {
+	case domain.AppStateActive:
+		return app.AppState_APP_STATE_ACTIVE
+	case domain.AppStateInactive:
+		return app.AppState_APP_STATE_INACTIVE
+	case domain.AppStateRemoved:
+		return app.AppState_APP_STATE_REMOVED
+	case domain.AppStateUnspecified:
+		fallthrough
+	default:
+		return app.AppState_APP_STATE_UNSPECIFIED
+	}
+}
+
+func appConfigToPb(app *query.App) app.ApplicationConfig {
+	if app.OIDCConfig != nil {
+		return appOIDCConfigToPb(app.OIDCConfig)
+	}
+	if app.SAMLConfig != nil {
+		return appSAMLConfigToPb(app.SAMLConfig)
+	}
+	return appAPIConfigToPb(app.APIConfig)
+}
+
+func loginVersionToDomain(version *app.LoginVersion) (*domain.LoginVersion, *string, error) {
+	switch v := version.GetVersion().(type) {
+	case nil:
+		return gu.Ptr(domain.LoginVersionUnspecified), gu.Ptr(""), nil
+	case *app.LoginVersion_LoginV1:
+		return gu.Ptr(domain.LoginVersion1), gu.Ptr(""), nil
+	case *app.LoginVersion_LoginV2:
+		_, err := url.Parse(v.LoginV2.GetBaseUri())
+		return gu.Ptr(domain.LoginVersion2), gu.Ptr(v.LoginV2.GetBaseUri()), err
+	default:
+		return gu.Ptr(domain.LoginVersionUnspecified), gu.Ptr(""), nil
+	}
+}
+
+func loginVersionToPb(version domain.LoginVersion, baseURI *string) *app.LoginVersion {
+	switch version {
+	case domain.LoginVersionUnspecified:
+		return nil
+	case domain.LoginVersion1:
+		return &app.LoginVersion{Version: &app.LoginVersion_LoginV1{LoginV1: &app.LoginV1{}}}
+	case domain.LoginVersion2:
+		return &app.LoginVersion{Version: &app.LoginVersion_LoginV2{LoginV2: &app.LoginV2{BaseUri: baseURI}}}
+	default:
+		return nil
+	}
+}
+
+func appQueriesToModel(queries []*app.ApplicationSearchFilter) (toReturn []query.SearchQuery, err error) {
+	toReturn = make([]query.SearchQuery, len(queries))
+	for i, query := range queries {
+		toReturn[i], err = appQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return toReturn, nil
+}
+
+func appQueryToModel(appQuery *app.ApplicationSearchFilter) (query.SearchQuery, error) {
+	switch q := appQuery.GetFilter().(type) {
+	case *app.ApplicationSearchFilter_NameFilter:
+		return query.NewAppNameSearchQuery(filter.TextMethodPbToQuery(q.NameFilter.GetMethod()), q.NameFilter.Name)
+	case *app.ApplicationSearchFilter_StateFilter:
+		return query.NewAppStateSearchQuery(domain.AppState(q.StateFilter))
+	case *app.ApplicationSearchFilter_ApiAppOnly:
+		return query.NewNotNullQuery(query.AppAPIConfigColumnAppID)
+	case *app.ApplicationSearchFilter_OidcAppOnly:
+		return query.NewNotNullQuery(query.AppOIDCConfigColumnAppID)
+	case *app.ApplicationSearchFilter_SamlAppOnly:
+		return query.NewNotNullQuery(query.AppSAMLConfigColumnAppID)
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "CONV-z2mAGy", "List.Query.Invalid")
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/convert/convert_test.go b/internal/api/grpc/app/v2beta/convert/convert_test.go
new file mode 100644
index 0000000000..5835691d43
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/convert/convert_test.go
@@ -0,0 +1,520 @@
+package convert
+
+import (
+	"errors"
+	"fmt"
+	"net/url"
+	"testing"
+	"time"
+
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	filter "github.com/zitadel/zitadel/internal/api/grpc/filter/v2beta"
+	"github.com/zitadel/zitadel/internal/config/systemdefaults"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+	filter_pb_v2 "github.com/zitadel/zitadel/pkg/grpc/filter/v2"
+	filter_pb_v2_beta "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta"
+)
+
+func TestAppToPb(t *testing.T) {
+	t.Parallel()
+
+	now := time.Now()
+
+	tt := []struct {
+		testName      string
+		inputQueryApp *query.App
+		expectedPbApp *app.Application
+	}{
+		{
+			testName: "full app conversion",
+			inputQueryApp: &query.App{
+				ID:           "id",
+				CreationDate: now,
+				ChangeDate:   now,
+				State:        domain.AppStateActive,
+				Name:         "test-app",
+				APIConfig:    &query.APIApp{},
+			},
+			expectedPbApp: &app.Application{
+				Id:           "id",
+				CreationDate: timestamppb.New(now),
+				ChangeDate:   timestamppb.New(now),
+				State:        app.AppState_APP_STATE_ACTIVE,
+				Name:         "test-app",
+				Config: &app.Application_ApiConfig{
+					ApiConfig: &app.APIConfig{},
+				},
+			},
+		},
+		{
+			testName:      "nil app",
+			inputQueryApp: nil,
+			expectedPbApp: &app.Application{},
+		},
+	}
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res := AppToPb(tc.inputQueryApp)
+
+			// Then
+			assert.Equal(t, tc.expectedPbApp, res)
+		})
+	}
+}
+
+func TestListApplicationsRequestToModel(t *testing.T) {
+	t.Parallel()
+
+	validSearchByNameQuery, err := query.NewAppNameSearchQuery(filter.TextMethodPbToQuery(filter_pb_v2_beta.TextFilterMethod_TEXT_FILTER_METHOD_EQUALS), "test")
+	require.NoError(t, err)
+
+	validSearchByProjectQuery, err := query.NewAppProjectIDSearchQuery("project1")
+	require.NoError(t, err)
+
+	sysDefaults := systemdefaults.SystemDefaults{DefaultQueryLimit: 100, MaxQueryLimit: 150}
+
+	tt := []struct {
+		testName string
+		req      *app.ListApplicationsRequest
+
+		expectedResponse *query.AppSearchQueries
+		expectedError    error
+	}{
+		{
+			testName: "invalid pagination limit",
+			req: &app.ListApplicationsRequest{
+				Pagination: &filter_pb_v2.PaginationRequest{Asc: true, Limit: uint32(sysDefaults.MaxQueryLimit + 1)},
+			},
+			expectedResponse: nil,
+			expectedError:    zerrors.ThrowInvalidArgumentf(fmt.Errorf("given: %d, allowed: %d", sysDefaults.MaxQueryLimit+1, sysDefaults.MaxQueryLimit), "QUERY-4M0fs", "Errors.Query.LimitExceeded"),
+		},
+		{
+			testName: "empty request",
+			req: &app.ListApplicationsRequest{
+				ProjectId:  "project1",
+				Pagination: &filter_pb_v2.PaginationRequest{Asc: true},
+			},
+			expectedResponse: &query.AppSearchQueries{
+				SearchRequest: query.SearchRequest{
+					Offset:        0,
+					Limit:         100,
+					Asc:           true,
+					SortingColumn: query.AppColumnID,
+				},
+				Queries: []query.SearchQuery{
+					validSearchByProjectQuery,
+				},
+			},
+		},
+		{
+			testName: "valid request",
+			req: &app.ListApplicationsRequest{
+				ProjectId: "project1",
+				Filters: []*app.ApplicationSearchFilter{
+					{
+						Filter: &app.ApplicationSearchFilter_NameFilter{NameFilter: &app.ApplicationNameQuery{Name: "test"}},
+					},
+				},
+				SortingColumn: app.AppSorting_APP_SORT_BY_NAME,
+				Pagination:    &filter_pb_v2.PaginationRequest{Asc: true},
+			},
+
+			expectedResponse: &query.AppSearchQueries{
+				SearchRequest: query.SearchRequest{
+					Offset:        0,
+					Limit:         100,
+					Asc:           true,
+					SortingColumn: query.AppColumnName,
+				},
+				Queries: []query.SearchQuery{
+					validSearchByNameQuery,
+					validSearchByProjectQuery,
+				},
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			got, err := ListApplicationsRequestToModel(sysDefaults, tc.req)
+
+			// Then
+			assert.Equal(t, tc.expectedError, err)
+			assert.Equal(t, tc.expectedResponse, got)
+		})
+	}
+}
+
+func TestAppSortingToColumn(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name     string
+		sorting  app.AppSorting
+		expected query.Column
+	}{
+		{
+			name:     "sort by change date",
+			sorting:  app.AppSorting_APP_SORT_BY_CHANGE_DATE,
+			expected: query.AppColumnChangeDate,
+		},
+		{
+			name:     "sort by creation date",
+			sorting:  app.AppSorting_APP_SORT_BY_CREATION_DATE,
+			expected: query.AppColumnCreationDate,
+		},
+		{
+			name:     "sort by name",
+			sorting:  app.AppSorting_APP_SORT_BY_NAME,
+			expected: query.AppColumnName,
+		},
+		{
+			name:     "sort by state",
+			sorting:  app.AppSorting_APP_SORT_BY_STATE,
+			expected: query.AppColumnState,
+		},
+		{
+			name:     "sort by ID",
+			sorting:  app.AppSorting_APP_SORT_BY_ID,
+			expected: query.AppColumnID,
+		},
+		{
+			name:     "unknown sorting defaults to ID",
+			sorting:  app.AppSorting(99),
+			expected: query.AppColumnID,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result := appSortingToColumn(tc.sorting)
+
+			// Then
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+
+func TestAppStateToPb(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name     string
+		state    domain.AppState
+		expected app.AppState
+	}{
+		{
+			name:     "active state",
+			state:    domain.AppStateActive,
+			expected: app.AppState_APP_STATE_ACTIVE,
+		},
+		{
+			name:     "inactive state",
+			state:    domain.AppStateInactive,
+			expected: app.AppState_APP_STATE_INACTIVE,
+		},
+		{
+			name:     "removed state",
+			state:    domain.AppStateRemoved,
+			expected: app.AppState_APP_STATE_REMOVED,
+		},
+		{
+			name:     "unspecified state",
+			state:    domain.AppStateUnspecified,
+			expected: app.AppState_APP_STATE_UNSPECIFIED,
+		},
+		{
+			name:     "unknown state defaults to unspecified",
+			state:    domain.AppState(99),
+			expected: app.AppState_APP_STATE_UNSPECIFIED,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result := appStateToPb(tc.state)
+
+			// Then
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+
+func TestAppConfigToPb(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name     string
+		app      *query.App
+		expected app.ApplicationConfig
+	}{
+		{
+			name: "OIDC config",
+			app: &query.App{
+				OIDCConfig: &query.OIDCApp{},
+			},
+			expected: &app.Application_OidcConfig{
+				OidcConfig: &app.OIDCConfig{
+					ResponseTypes:      []app.OIDCResponseType{},
+					GrantTypes:         []app.OIDCGrantType{},
+					ComplianceProblems: []*app.OIDCLocalizedMessage{},
+					ClockSkew:          &durationpb.Duration{},
+				},
+			},
+		},
+		{
+			name: "SAML config",
+			app: &query.App{
+				SAMLConfig: &query.SAMLApp{},
+			},
+			expected: &app.Application_SamlConfig{
+				SamlConfig: &app.SAMLConfig{
+					Metadata: &app.SAMLConfig_MetadataXml{},
+				},
+			},
+		},
+		{
+			name: "API config",
+			app: &query.App{
+				APIConfig: &query.APIApp{},
+			},
+			expected: &app.Application_ApiConfig{
+				ApiConfig: &app.APIConfig{},
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result := appConfigToPb(tc.app)
+
+			// Then
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+
+func TestLoginVersionToDomain(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name          string
+		version       *app.LoginVersion
+		expectedVer   *domain.LoginVersion
+		expectedURI   *string
+		expectedError error
+	}{
+		{
+			name:        "nil version",
+			version:     nil,
+			expectedVer: gu.Ptr(domain.LoginVersionUnspecified),
+			expectedURI: gu.Ptr(""),
+		},
+		{
+			name:        "login v1",
+			version:     &app.LoginVersion{Version: &app.LoginVersion_LoginV1{LoginV1: &app.LoginV1{}}},
+			expectedVer: gu.Ptr(domain.LoginVersion1),
+			expectedURI: gu.Ptr(""),
+		},
+		{
+			name:        "login v2 valid URI",
+			version:     &app.LoginVersion{Version: &app.LoginVersion_LoginV2{LoginV2: &app.LoginV2{BaseUri: gu.Ptr("https://valid.url")}}},
+			expectedVer: gu.Ptr(domain.LoginVersion2),
+			expectedURI: gu.Ptr("https://valid.url"),
+		},
+		{
+			name:          "login v2 invalid URI",
+			version:       &app.LoginVersion{Version: &app.LoginVersion_LoginV2{LoginV2: &app.LoginV2{BaseUri: gu.Ptr("://invalid")}}},
+			expectedVer:   gu.Ptr(domain.LoginVersion2),
+			expectedURI:   gu.Ptr("://invalid"),
+			expectedError: &url.Error{Op: "parse", URL: "://invalid", Err: errors.New("missing protocol scheme")},
+		},
+		{
+			name:        "unknown version type",
+			version:     &app.LoginVersion{},
+			expectedVer: gu.Ptr(domain.LoginVersionUnspecified),
+			expectedURI: gu.Ptr(""),
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			version, uri, err := loginVersionToDomain(tc.version)
+
+			// Then
+			assert.Equal(t, tc.expectedVer, version)
+			assert.Equal(t, tc.expectedURI, uri)
+			assert.Equal(t, tc.expectedError, err)
+		})
+	}
+}
+
+func TestLoginVersionToPb(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name     string
+		version  domain.LoginVersion
+		baseURI  *string
+		expected *app.LoginVersion
+	}{
+		{
+			name:     "unspecified version",
+			version:  domain.LoginVersionUnspecified,
+			baseURI:  nil,
+			expected: nil,
+		},
+		{
+			name:    "login v1",
+			version: domain.LoginVersion1,
+			baseURI: nil,
+			expected: &app.LoginVersion{
+				Version: &app.LoginVersion_LoginV1{
+					LoginV1: &app.LoginV1{},
+				},
+			},
+		},
+		{
+			name:    "login v2",
+			version: domain.LoginVersion2,
+			baseURI: gu.Ptr("https://example.com"),
+			expected: &app.LoginVersion{
+				Version: &app.LoginVersion_LoginV2{
+					LoginV2: &app.LoginV2{
+						BaseUri: gu.Ptr("https://example.com"),
+					},
+				},
+			},
+		},
+		{
+			name:     "unknown version",
+			version:  domain.LoginVersion(99),
+			baseURI:  nil,
+			expected: nil,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result := loginVersionToPb(tc.version, tc.baseURI)
+
+			// Then
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+
+func TestAppQueryToModel(t *testing.T) {
+	t.Parallel()
+
+	validAppNameSearchQuery, err := query.NewAppNameSearchQuery(query.TextEquals, "test")
+	require.NoError(t, err)
+
+	validAppStateSearchQuery, err := query.NewAppStateSearchQuery(domain.AppStateActive)
+	require.NoError(t, err)
+
+	tt := []struct {
+		name  string
+		query *app.ApplicationSearchFilter
+
+		expectedQuery query.SearchQuery
+		expectedError error
+	}{
+		{
+			name: "name query",
+			query: &app.ApplicationSearchFilter{
+				Filter: &app.ApplicationSearchFilter_NameFilter{
+					NameFilter: &app.ApplicationNameQuery{
+						Name:   "test",
+						Method: filter_pb_v2.TextFilterMethod_TEXT_FILTER_METHOD_EQUALS,
+					},
+				},
+			},
+			expectedQuery: validAppNameSearchQuery,
+		},
+		{
+			name: "state query",
+			query: &app.ApplicationSearchFilter{
+				Filter: &app.ApplicationSearchFilter_StateFilter{
+					StateFilter: app.AppState_APP_STATE_ACTIVE,
+				},
+			},
+			expectedQuery: validAppStateSearchQuery,
+		},
+		{
+			name: "api app only query",
+			query: &app.ApplicationSearchFilter{
+				Filter: &app.ApplicationSearchFilter_ApiAppOnly{},
+			},
+			expectedQuery: &query.NotNullQuery{
+				Column: query.AppAPIConfigColumnAppID,
+			},
+		},
+		{
+			name: "oidc app only query",
+			query: &app.ApplicationSearchFilter{
+				Filter: &app.ApplicationSearchFilter_OidcAppOnly{},
+			},
+			expectedQuery: &query.NotNullQuery{
+				Column: query.AppOIDCConfigColumnAppID,
+			},
+		},
+		{
+			name: "saml app only query",
+			query: &app.ApplicationSearchFilter{
+				Filter: &app.ApplicationSearchFilter_SamlAppOnly{},
+			},
+			expectedQuery: &query.NotNullQuery{
+				Column: query.AppSAMLConfigColumnAppID,
+			},
+		},
+		{
+			name:          "invalid query type",
+			query:         &app.ApplicationSearchFilter{},
+			expectedQuery: nil,
+			expectedError: zerrors.ThrowInvalidArgument(nil, "CONV-z2mAGy", "List.Query.Invalid"),
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result, err := appQueryToModel(tc.query)
+
+			// Then
+			assert.Equal(t, tc.expectedError, err)
+			assert.Equal(t, tc.expectedQuery, result)
+		})
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/convert/oidc_app.go b/internal/api/grpc/app/v2beta/convert/oidc_app.go
new file mode 100644
index 0000000000..223e43d166
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/convert/oidc_app.go
@@ -0,0 +1,291 @@
+package convert
+
+import (
+	"github.com/muhlemmer/gu"
+	"google.golang.org/protobuf/types/known/durationpb"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/query"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+func CreateOIDCAppRequestToDomain(name, projectID string, req *app.CreateOIDCApplicationRequest) (*domain.OIDCApp, error) {
+	loginVersion, loginBaseURI, err := loginVersionToDomain(req.GetLoginVersion())
+	if err != nil {
+		return nil, err
+	}
+	return &domain.OIDCApp{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: projectID,
+		},
+		AppName:                  name,
+		OIDCVersion:              gu.Ptr(domain.OIDCVersionV1),
+		RedirectUris:             req.GetRedirectUris(),
+		ResponseTypes:            oidcResponseTypesToDomain(req.GetResponseTypes()),
+		GrantTypes:               oidcGrantTypesToDomain(req.GetGrantTypes()),
+		ApplicationType:          gu.Ptr(oidcApplicationTypeToDomain(req.GetAppType())),
+		AuthMethodType:           gu.Ptr(oidcAuthMethodTypeToDomain(req.GetAuthMethodType())),
+		PostLogoutRedirectUris:   req.GetPostLogoutRedirectUris(),
+		DevMode:                  &req.DevMode,
+		AccessTokenType:          gu.Ptr(oidcTokenTypeToDomain(req.GetAccessTokenType())),
+		AccessTokenRoleAssertion: gu.Ptr(req.GetAccessTokenRoleAssertion()),
+		IDTokenRoleAssertion:     gu.Ptr(req.GetIdTokenRoleAssertion()),
+		IDTokenUserinfoAssertion: gu.Ptr(req.GetIdTokenUserinfoAssertion()),
+		ClockSkew:                gu.Ptr(req.GetClockSkew().AsDuration()),
+		AdditionalOrigins:        req.GetAdditionalOrigins(),
+		SkipNativeAppSuccessPage: gu.Ptr(req.GetSkipNativeAppSuccessPage()),
+		BackChannelLogoutURI:     gu.Ptr(req.GetBackChannelLogoutUri()),
+		LoginVersion:             loginVersion,
+		LoginBaseURI:             loginBaseURI,
+	}, nil
+}
+
+func UpdateOIDCAppConfigRequestToDomain(appID, projectID string, app *app.UpdateOIDCApplicationConfigurationRequest) (*domain.OIDCApp, error) {
+	loginVersion, loginBaseURI, err := loginVersionToDomain(app.GetLoginVersion())
+	if err != nil {
+		return nil, err
+	}
+	return &domain.OIDCApp{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: projectID,
+		},
+		AppID:                    appID,
+		RedirectUris:             app.RedirectUris,
+		ResponseTypes:            oidcResponseTypesToDomain(app.ResponseTypes),
+		GrantTypes:               oidcGrantTypesToDomain(app.GrantTypes),
+		ApplicationType:          oidcApplicationTypeToDomainPtr(app.AppType),
+		AuthMethodType:           oidcAuthMethodTypeToDomainPtr(app.AuthMethodType),
+		PostLogoutRedirectUris:   app.PostLogoutRedirectUris,
+		DevMode:                  app.DevMode,
+		AccessTokenType:          oidcTokenTypeToDomainPtr(app.AccessTokenType),
+		AccessTokenRoleAssertion: app.AccessTokenRoleAssertion,
+		IDTokenRoleAssertion:     app.IdTokenRoleAssertion,
+		IDTokenUserinfoAssertion: app.IdTokenUserinfoAssertion,
+		ClockSkew:                gu.Ptr(app.GetClockSkew().AsDuration()),
+		AdditionalOrigins:        app.AdditionalOrigins,
+		SkipNativeAppSuccessPage: app.SkipNativeAppSuccessPage,
+		BackChannelLogoutURI:     app.BackChannelLogoutUri,
+		LoginVersion:             loginVersion,
+		LoginBaseURI:             loginBaseURI,
+	}, nil
+}
+
+func oidcResponseTypesToDomain(responseTypes []app.OIDCResponseType) []domain.OIDCResponseType {
+	if len(responseTypes) == 0 {
+		return []domain.OIDCResponseType{domain.OIDCResponseTypeCode}
+	}
+	oidcResponseTypes := make([]domain.OIDCResponseType, len(responseTypes))
+	for i, responseType := range responseTypes {
+		switch responseType {
+		case app.OIDCResponseType_OIDC_RESPONSE_TYPE_UNSPECIFIED:
+			oidcResponseTypes[i] = domain.OIDCResponseTypeUnspecified
+		case app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE:
+			oidcResponseTypes[i] = domain.OIDCResponseTypeCode
+		case app.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN:
+			oidcResponseTypes[i] = domain.OIDCResponseTypeIDToken
+		case app.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN:
+			oidcResponseTypes[i] = domain.OIDCResponseTypeIDTokenToken
+		}
+	}
+	return oidcResponseTypes
+}
+
+func oidcGrantTypesToDomain(grantTypes []app.OIDCGrantType) []domain.OIDCGrantType {
+	if len(grantTypes) == 0 {
+		return []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode}
+	}
+	oidcGrantTypes := make([]domain.OIDCGrantType, len(grantTypes))
+	for i, grantType := range grantTypes {
+		switch grantType {
+		case app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE:
+			oidcGrantTypes[i] = domain.OIDCGrantTypeAuthorizationCode
+		case app.OIDCGrantType_OIDC_GRANT_TYPE_IMPLICIT:
+			oidcGrantTypes[i] = domain.OIDCGrantTypeImplicit
+		case app.OIDCGrantType_OIDC_GRANT_TYPE_REFRESH_TOKEN:
+			oidcGrantTypes[i] = domain.OIDCGrantTypeRefreshToken
+		case app.OIDCGrantType_OIDC_GRANT_TYPE_DEVICE_CODE:
+			oidcGrantTypes[i] = domain.OIDCGrantTypeDeviceCode
+		case app.OIDCGrantType_OIDC_GRANT_TYPE_TOKEN_EXCHANGE:
+			oidcGrantTypes[i] = domain.OIDCGrantTypeTokenExchange
+		}
+	}
+	return oidcGrantTypes
+}
+
+func oidcApplicationTypeToDomainPtr(appType *app.OIDCAppType) *domain.OIDCApplicationType {
+	if appType == nil {
+		return nil
+	}
+
+	res := oidcApplicationTypeToDomain(*appType)
+	return &res
+}
+
+func oidcApplicationTypeToDomain(appType app.OIDCAppType) domain.OIDCApplicationType {
+	switch appType {
+	case app.OIDCAppType_OIDC_APP_TYPE_WEB:
+		return domain.OIDCApplicationTypeWeb
+	case app.OIDCAppType_OIDC_APP_TYPE_USER_AGENT:
+		return domain.OIDCApplicationTypeUserAgent
+	case app.OIDCAppType_OIDC_APP_TYPE_NATIVE:
+		return domain.OIDCApplicationTypeNative
+	}
+	return domain.OIDCApplicationTypeWeb
+}
+
+func oidcAuthMethodTypeToDomainPtr(authType *app.OIDCAuthMethodType) *domain.OIDCAuthMethodType {
+	if authType == nil {
+		return nil
+	}
+
+	res := oidcAuthMethodTypeToDomain(*authType)
+	return &res
+}
+
+func oidcAuthMethodTypeToDomain(authType app.OIDCAuthMethodType) domain.OIDCAuthMethodType {
+	switch authType {
+	case app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC:
+		return domain.OIDCAuthMethodTypeBasic
+	case app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_POST:
+		return domain.OIDCAuthMethodTypePost
+	case app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE:
+		return domain.OIDCAuthMethodTypeNone
+	case app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT:
+		return domain.OIDCAuthMethodTypePrivateKeyJWT
+	default:
+		return domain.OIDCAuthMethodTypeBasic
+	}
+}
+
+func oidcTokenTypeToDomainPtr(tokenType *app.OIDCTokenType) *domain.OIDCTokenType {
+	if tokenType == nil {
+		return nil
+	}
+
+	res := oidcTokenTypeToDomain(*tokenType)
+	return &res
+}
+
+func oidcTokenTypeToDomain(tokenType app.OIDCTokenType) domain.OIDCTokenType {
+	switch tokenType {
+	case app.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER:
+		return domain.OIDCTokenTypeBearer
+	case app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT:
+		return domain.OIDCTokenTypeJWT
+	default:
+		return domain.OIDCTokenTypeBearer
+	}
+}
+
+func ComplianceProblemsToLocalizedMessages(complianceProblems []string) []*app.OIDCLocalizedMessage {
+	converted := make([]*app.OIDCLocalizedMessage, len(complianceProblems))
+	for i, p := range complianceProblems {
+		converted[i] = &app.OIDCLocalizedMessage{Key: p}
+	}
+
+	return converted
+}
+
+func appOIDCConfigToPb(oidcApp *query.OIDCApp) *app.Application_OidcConfig {
+	return &app.Application_OidcConfig{
+		OidcConfig: &app.OIDCConfig{
+			RedirectUris:             oidcApp.RedirectURIs,
+			ResponseTypes:            oidcResponseTypesFromModel(oidcApp.ResponseTypes),
+			GrantTypes:               oidcGrantTypesFromModel(oidcApp.GrantTypes),
+			AppType:                  oidcApplicationTypeToPb(oidcApp.AppType),
+			ClientId:                 oidcApp.ClientID,
+			AuthMethodType:           oidcAuthMethodTypeToPb(oidcApp.AuthMethodType),
+			PostLogoutRedirectUris:   oidcApp.PostLogoutRedirectURIs,
+			Version:                  app.OIDCVersion_OIDC_VERSION_1_0,
+			NoneCompliant:            len(oidcApp.ComplianceProblems) != 0,
+			ComplianceProblems:       ComplianceProblemsToLocalizedMessages(oidcApp.ComplianceProblems),
+			DevMode:                  oidcApp.IsDevMode,
+			AccessTokenType:          oidcTokenTypeToPb(oidcApp.AccessTokenType),
+			AccessTokenRoleAssertion: oidcApp.AssertAccessTokenRole,
+			IdTokenRoleAssertion:     oidcApp.AssertIDTokenRole,
+			IdTokenUserinfoAssertion: oidcApp.AssertIDTokenUserinfo,
+			ClockSkew:                durationpb.New(oidcApp.ClockSkew),
+			AdditionalOrigins:        oidcApp.AdditionalOrigins,
+			AllowedOrigins:           oidcApp.AllowedOrigins,
+			SkipNativeAppSuccessPage: oidcApp.SkipNativeAppSuccessPage,
+			BackChannelLogoutUri:     oidcApp.BackChannelLogoutURI,
+			LoginVersion:             loginVersionToPb(oidcApp.LoginVersion, oidcApp.LoginBaseURI),
+		},
+	}
+}
+
+func oidcResponseTypesFromModel(responseTypes []domain.OIDCResponseType) []app.OIDCResponseType {
+	oidcResponseTypes := make([]app.OIDCResponseType, len(responseTypes))
+	for i, responseType := range responseTypes {
+		switch responseType {
+		case domain.OIDCResponseTypeUnspecified:
+			oidcResponseTypes[i] = app.OIDCResponseType_OIDC_RESPONSE_TYPE_UNSPECIFIED
+		case domain.OIDCResponseTypeCode:
+			oidcResponseTypes[i] = app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE
+		case domain.OIDCResponseTypeIDToken:
+			oidcResponseTypes[i] = app.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN
+		case domain.OIDCResponseTypeIDTokenToken:
+			oidcResponseTypes[i] = app.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN
+		}
+	}
+	return oidcResponseTypes
+}
+
+func oidcGrantTypesFromModel(grantTypes []domain.OIDCGrantType) []app.OIDCGrantType {
+	oidcGrantTypes := make([]app.OIDCGrantType, len(grantTypes))
+	for i, grantType := range grantTypes {
+		switch grantType {
+		case domain.OIDCGrantTypeAuthorizationCode:
+			oidcGrantTypes[i] = app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE
+		case domain.OIDCGrantTypeImplicit:
+			oidcGrantTypes[i] = app.OIDCGrantType_OIDC_GRANT_TYPE_IMPLICIT
+		case domain.OIDCGrantTypeRefreshToken:
+			oidcGrantTypes[i] = app.OIDCGrantType_OIDC_GRANT_TYPE_REFRESH_TOKEN
+		case domain.OIDCGrantTypeDeviceCode:
+			oidcGrantTypes[i] = app.OIDCGrantType_OIDC_GRANT_TYPE_DEVICE_CODE
+		case domain.OIDCGrantTypeTokenExchange:
+			oidcGrantTypes[i] = app.OIDCGrantType_OIDC_GRANT_TYPE_TOKEN_EXCHANGE
+		}
+	}
+	return oidcGrantTypes
+}
+
+func oidcApplicationTypeToPb(appType domain.OIDCApplicationType) app.OIDCAppType {
+	switch appType {
+	case domain.OIDCApplicationTypeWeb:
+		return app.OIDCAppType_OIDC_APP_TYPE_WEB
+	case domain.OIDCApplicationTypeUserAgent:
+		return app.OIDCAppType_OIDC_APP_TYPE_USER_AGENT
+	case domain.OIDCApplicationTypeNative:
+		return app.OIDCAppType_OIDC_APP_TYPE_NATIVE
+	default:
+		return app.OIDCAppType_OIDC_APP_TYPE_WEB
+	}
+}
+
+func oidcAuthMethodTypeToPb(authType domain.OIDCAuthMethodType) app.OIDCAuthMethodType {
+	switch authType {
+	case domain.OIDCAuthMethodTypeBasic:
+		return app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC
+	case domain.OIDCAuthMethodTypePost:
+		return app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_POST
+	case domain.OIDCAuthMethodTypeNone:
+		return app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE
+	case domain.OIDCAuthMethodTypePrivateKeyJWT:
+		return app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
+	default:
+		return app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC
+	}
+}
+
+func oidcTokenTypeToPb(tokenType domain.OIDCTokenType) app.OIDCTokenType {
+	switch tokenType {
+	case domain.OIDCTokenTypeBearer:
+		return app.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER
+	case domain.OIDCTokenTypeJWT:
+		return app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT
+	default:
+		return app.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/convert/oidc_app_test.go b/internal/api/grpc/app/v2beta/convert/oidc_app_test.go
new file mode 100644
index 0000000000..a6b3f0b709
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/convert/oidc_app_test.go
@@ -0,0 +1,755 @@
+package convert
+
+import (
+	"net/url"
+	"testing"
+	"time"
+
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/types/known/durationpb"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/query"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+func TestCreateOIDCAppRequestToDomain(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		testName  string
+		projectID string
+		req       *app.CreateOIDCApplicationRequest
+
+		expectedModel *domain.OIDCApp
+		expectedError error
+	}{
+		{
+			testName:  "unparsable login version 2 URL",
+			projectID: "pid",
+			req: &app.CreateOIDCApplicationRequest{
+				LoginVersion: &app.LoginVersion{Version: &app.LoginVersion_LoginV2{
+					LoginV2: &app.LoginV2{BaseUri: gu.Ptr("%+o")}},
+				},
+			},
+			expectedModel: nil,
+			expectedError: &url.Error{
+				URL: "%+o",
+				Op:  "parse",
+				Err: url.EscapeError("%+o"),
+			},
+		},
+		{
+			testName:  "all fields set",
+			projectID: "project1",
+			req: &app.CreateOIDCApplicationRequest{
+				RedirectUris:             []string{"https://redirect"},
+				ResponseTypes:            []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
+				GrantTypes:               []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
+				AppType:                  app.OIDCAppType_OIDC_APP_TYPE_WEB,
+				AuthMethodType:           app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+				PostLogoutRedirectUris:   []string{"https://logout"},
+				DevMode:                  true,
+				AccessTokenType:          app.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER,
+				AccessTokenRoleAssertion: true,
+				IdTokenRoleAssertion:     true,
+				IdTokenUserinfoAssertion: true,
+				ClockSkew:                durationpb.New(5 * time.Second),
+				AdditionalOrigins:        []string{"https://origin"},
+				SkipNativeAppSuccessPage: true,
+				BackChannelLogoutUri:     "https://backchannel",
+				LoginVersion: &app.LoginVersion{Version: &app.LoginVersion_LoginV2{LoginV2: &app.LoginV2{
+					BaseUri: gu.Ptr("https://login"),
+				}}},
+			},
+			expectedModel: &domain.OIDCApp{
+				ObjectRoot:               models.ObjectRoot{AggregateID: "project1"},
+				AppName:                  "all fields set",
+				OIDCVersion:              gu.Ptr(domain.OIDCVersionV1),
+				RedirectUris:             []string{"https://redirect"},
+				ResponseTypes:            []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
+				GrantTypes:               []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
+				ApplicationType:          gu.Ptr(domain.OIDCApplicationTypeWeb),
+				AuthMethodType:           gu.Ptr(domain.OIDCAuthMethodTypeBasic),
+				PostLogoutRedirectUris:   []string{"https://logout"},
+				DevMode:                  gu.Ptr(true),
+				AccessTokenType:          gu.Ptr(domain.OIDCTokenTypeBearer),
+				AccessTokenRoleAssertion: gu.Ptr(true),
+				IDTokenRoleAssertion:     gu.Ptr(true),
+				IDTokenUserinfoAssertion: gu.Ptr(true),
+				ClockSkew:                gu.Ptr(5 * time.Second),
+				AdditionalOrigins:        []string{"https://origin"},
+				SkipNativeAppSuccessPage: gu.Ptr(true),
+				BackChannelLogoutURI:     gu.Ptr("https://backchannel"),
+				LoginVersion:             gu.Ptr(domain.LoginVersion2),
+				LoginBaseURI:             gu.Ptr("https://login"),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res, err := CreateOIDCAppRequestToDomain(tc.testName, tc.projectID, tc.req)
+
+			// Then
+			assert.Equal(t, tc.expectedError, err)
+			assert.Equal(t, tc.expectedModel, res)
+		})
+	}
+}
+
+func TestUpdateOIDCAppConfigRequestToDomain(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		testName string
+
+		appID     string
+		projectID string
+		req       *app.UpdateOIDCApplicationConfigurationRequest
+
+		expectedModel *domain.OIDCApp
+		expectedError error
+	}{
+		{
+			testName:  "unparsable login version 2 URL",
+			appID:     "app1",
+			projectID: "pid",
+			req: &app.UpdateOIDCApplicationConfigurationRequest{
+				LoginVersion: &app.LoginVersion{Version: &app.LoginVersion_LoginV2{
+					LoginV2: &app.LoginV2{BaseUri: gu.Ptr("%+o")},
+				}},
+			},
+			expectedModel: nil,
+			expectedError: &url.Error{
+				URL: "%+o",
+				Op:  "parse",
+				Err: url.EscapeError("%+o"),
+			},
+		},
+		{
+			testName:  "successful Update",
+			appID:     "app1",
+			projectID: "proj1",
+			req: &app.UpdateOIDCApplicationConfigurationRequest{
+				RedirectUris:             []string{"https://redirect"},
+				ResponseTypes:            []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
+				GrantTypes:               []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
+				AppType:                  gu.Ptr(app.OIDCAppType_OIDC_APP_TYPE_WEB),
+				AuthMethodType:           gu.Ptr(app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC),
+				PostLogoutRedirectUris:   []string{"https://logout"},
+				DevMode:                  gu.Ptr(true),
+				AccessTokenType:          gu.Ptr(app.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER),
+				AccessTokenRoleAssertion: gu.Ptr(true),
+				IdTokenRoleAssertion:     gu.Ptr(true),
+				IdTokenUserinfoAssertion: gu.Ptr(true),
+				ClockSkew:                durationpb.New(5 * time.Second),
+				AdditionalOrigins:        []string{"https://origin"},
+				SkipNativeAppSuccessPage: gu.Ptr(true),
+				BackChannelLogoutUri:     gu.Ptr("https://backchannel"),
+				LoginVersion: &app.LoginVersion{Version: &app.LoginVersion_LoginV2{
+					LoginV2: &app.LoginV2{BaseUri: gu.Ptr("https://login")},
+				}},
+			},
+			expectedModel: &domain.OIDCApp{
+				ObjectRoot:               models.ObjectRoot{AggregateID: "proj1"},
+				AppID:                    "app1",
+				RedirectUris:             []string{"https://redirect"},
+				ResponseTypes:            []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
+				GrantTypes:               []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
+				ApplicationType:          gu.Ptr(domain.OIDCApplicationTypeWeb),
+				AuthMethodType:           gu.Ptr(domain.OIDCAuthMethodTypeBasic),
+				PostLogoutRedirectUris:   []string{"https://logout"},
+				DevMode:                  gu.Ptr(true),
+				AccessTokenType:          gu.Ptr(domain.OIDCTokenTypeBearer),
+				AccessTokenRoleAssertion: gu.Ptr(true),
+				IDTokenRoleAssertion:     gu.Ptr(true),
+				IDTokenUserinfoAssertion: gu.Ptr(true),
+				ClockSkew:                gu.Ptr(5 * time.Second),
+				AdditionalOrigins:        []string{"https://origin"},
+				SkipNativeAppSuccessPage: gu.Ptr(true),
+				BackChannelLogoutURI:     gu.Ptr("https://backchannel"),
+				LoginVersion:             gu.Ptr(domain.LoginVersion2),
+				LoginBaseURI:             gu.Ptr("https://login"),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			got, err := UpdateOIDCAppConfigRequestToDomain(tc.appID, tc.projectID, tc.req)
+
+			// Then
+			assert.Equal(t, tc.expectedError, err)
+			assert.Equal(t, tc.expectedModel, got)
+		})
+	}
+}
+
+func TestOIDCResponseTypesToDomain(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		testName          string
+		inputResponseType []app.OIDCResponseType
+		expectedResponse  []domain.OIDCResponseType
+	}{
+		{
+			testName:          "empty response types",
+			inputResponseType: []app.OIDCResponseType{},
+			expectedResponse:  []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
+		},
+		{
+			testName: "all response types",
+			inputResponseType: []app.OIDCResponseType{
+				app.OIDCResponseType_OIDC_RESPONSE_TYPE_UNSPECIFIED,
+				app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE,
+				app.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN,
+				app.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN,
+			},
+			expectedResponse: []domain.OIDCResponseType{
+				domain.OIDCResponseTypeUnspecified,
+				domain.OIDCResponseTypeCode,
+				domain.OIDCResponseTypeIDToken,
+				domain.OIDCResponseTypeIDTokenToken,
+			},
+		},
+		{
+			testName: "single response type",
+			inputResponseType: []app.OIDCResponseType{
+				app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE,
+			},
+			expectedResponse: []domain.OIDCResponseType{
+				domain.OIDCResponseTypeCode,
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res := oidcResponseTypesToDomain(tc.inputResponseType)
+
+			// Then
+			assert.Equal(t, tc.expectedResponse, res)
+		})
+	}
+}
+
+func TestOIDCGrantTypesToDomain(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		testName       string
+		inputGrantType []app.OIDCGrantType
+		expectedGrants []domain.OIDCGrantType
+	}{
+		{
+			testName:       "empty grant types",
+			inputGrantType: []app.OIDCGrantType{},
+			expectedGrants: []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
+		},
+		{
+			testName: "all grant types",
+			inputGrantType: []app.OIDCGrantType{
+				app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE,
+				app.OIDCGrantType_OIDC_GRANT_TYPE_IMPLICIT,
+				app.OIDCGrantType_OIDC_GRANT_TYPE_REFRESH_TOKEN,
+				app.OIDCGrantType_OIDC_GRANT_TYPE_DEVICE_CODE,
+				app.OIDCGrantType_OIDC_GRANT_TYPE_TOKEN_EXCHANGE,
+			},
+			expectedGrants: []domain.OIDCGrantType{
+				domain.OIDCGrantTypeAuthorizationCode,
+				domain.OIDCGrantTypeImplicit,
+				domain.OIDCGrantTypeRefreshToken,
+				domain.OIDCGrantTypeDeviceCode,
+				domain.OIDCGrantTypeTokenExchange,
+			},
+		},
+		{
+			testName: "single grant type",
+			inputGrantType: []app.OIDCGrantType{
+				app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE,
+			},
+			expectedGrants: []domain.OIDCGrantType{
+				domain.OIDCGrantTypeAuthorizationCode,
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res := oidcGrantTypesToDomain(tc.inputGrantType)
+
+			// Then
+			assert.Equal(t, tc.expectedGrants, res)
+		})
+	}
+}
+
+func TestOIDCApplicationTypeToDomain(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name     string
+		appType  app.OIDCAppType
+		expected domain.OIDCApplicationType
+	}{
+		{
+			name:     "web type",
+			appType:  app.OIDCAppType_OIDC_APP_TYPE_WEB,
+			expected: domain.OIDCApplicationTypeWeb,
+		},
+		{
+			name:     "user agent type",
+			appType:  app.OIDCAppType_OIDC_APP_TYPE_USER_AGENT,
+			expected: domain.OIDCApplicationTypeUserAgent,
+		},
+		{
+			name:     "native type",
+			appType:  app.OIDCAppType_OIDC_APP_TYPE_NATIVE,
+			expected: domain.OIDCApplicationTypeNative,
+		},
+		{
+			name:     "unspecified type defaults to web",
+			expected: domain.OIDCApplicationTypeWeb,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result := oidcApplicationTypeToDomain(tc.appType)
+
+			// Then
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+
+func TestOIDCAuthMethodTypeToDomain(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name             string
+		authType         app.OIDCAuthMethodType
+		expectedResponse domain.OIDCAuthMethodType
+	}{
+		{
+			name:             "basic auth type",
+			authType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+			expectedResponse: domain.OIDCAuthMethodTypeBasic,
+		},
+		{
+			name:             "post auth type",
+			authType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_POST,
+			expectedResponse: domain.OIDCAuthMethodTypePost,
+		},
+		{
+			name:             "none auth type",
+			authType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE,
+			expectedResponse: domain.OIDCAuthMethodTypeNone,
+		},
+		{
+			name:             "private key jwt auth type",
+			authType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT,
+			expectedResponse: domain.OIDCAuthMethodTypePrivateKeyJWT,
+		},
+		{
+			name:             "unspecified auth type defaults to basic",
+			expectedResponse: domain.OIDCAuthMethodTypeBasic,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res := oidcAuthMethodTypeToDomain(tc.authType)
+
+			// Then
+			assert.Equal(t, tc.expectedResponse, res)
+		})
+	}
+}
+
+func TestOIDCTokenTypeToDomain(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name         string
+		tokenType    app.OIDCTokenType
+		expectedType domain.OIDCTokenType
+	}{
+		{
+			name:         "bearer token type",
+			tokenType:    app.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER,
+			expectedType: domain.OIDCTokenTypeBearer,
+		},
+		{
+			name:         "jwt token type",
+			tokenType:    app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
+			expectedType: domain.OIDCTokenTypeJWT,
+		},
+		{
+			name:         "unspecified defaults to bearer",
+			expectedType: domain.OIDCTokenTypeBearer,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result := oidcTokenTypeToDomain(tc.tokenType)
+
+			// Then
+			assert.Equal(t, tc.expectedType, result)
+		})
+	}
+}
+func TestAppOIDCConfigToPb(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name     string
+		input    *query.OIDCApp
+		expected *app.Application_OidcConfig
+	}{
+		{
+			name:  "empty config",
+			input: &query.OIDCApp{},
+			expected: &app.Application_OidcConfig{
+				OidcConfig: &app.OIDCConfig{
+					Version:            app.OIDCVersion_OIDC_VERSION_1_0,
+					ComplianceProblems: []*app.OIDCLocalizedMessage{},
+					ClockSkew:          durationpb.New(0),
+					ResponseTypes:      []app.OIDCResponseType{},
+					GrantTypes:         []app.OIDCGrantType{},
+				},
+			},
+		},
+		{
+			name: "full config",
+			input: &query.OIDCApp{
+				RedirectURIs:             []string{"https://example.com/callback"},
+				ResponseTypes:            []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
+				GrantTypes:               []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
+				AppType:                  domain.OIDCApplicationTypeWeb,
+				ClientID:                 "client123",
+				AuthMethodType:           domain.OIDCAuthMethodTypeBasic,
+				PostLogoutRedirectURIs:   []string{"https://example.com/logout"},
+				ComplianceProblems:       []string{"problem1", "problem2"},
+				IsDevMode:                true,
+				AccessTokenType:          domain.OIDCTokenTypeBearer,
+				AssertAccessTokenRole:    true,
+				AssertIDTokenRole:        true,
+				AssertIDTokenUserinfo:    true,
+				ClockSkew:                5 * time.Second,
+				AdditionalOrigins:        []string{"https://app.example.com"},
+				AllowedOrigins:           []string{"https://allowed.example.com"},
+				SkipNativeAppSuccessPage: true,
+				BackChannelLogoutURI:     "https://example.com/backchannel",
+				LoginVersion:             domain.LoginVersion2,
+				LoginBaseURI:             gu.Ptr("https://login.example.com"),
+			},
+			expected: &app.Application_OidcConfig{
+				OidcConfig: &app.OIDCConfig{
+					RedirectUris:           []string{"https://example.com/callback"},
+					ResponseTypes:          []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
+					GrantTypes:             []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
+					AppType:                app.OIDCAppType_OIDC_APP_TYPE_WEB,
+					ClientId:               "client123",
+					AuthMethodType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+					PostLogoutRedirectUris: []string{"https://example.com/logout"},
+					Version:                app.OIDCVersion_OIDC_VERSION_1_0,
+					NoneCompliant:          true,
+					ComplianceProblems: []*app.OIDCLocalizedMessage{
+						{Key: "problem1"},
+						{Key: "problem2"},
+					},
+					DevMode:                  true,
+					AccessTokenType:          app.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER,
+					AccessTokenRoleAssertion: true,
+					IdTokenRoleAssertion:     true,
+					IdTokenUserinfoAssertion: true,
+					ClockSkew:                durationpb.New(5 * time.Second),
+					AdditionalOrigins:        []string{"https://app.example.com"},
+					AllowedOrigins:           []string{"https://allowed.example.com"},
+					SkipNativeAppSuccessPage: true,
+					BackChannelLogoutUri:     "https://example.com/backchannel",
+					LoginVersion: &app.LoginVersion{
+						Version: &app.LoginVersion_LoginV2{
+							LoginV2: &app.LoginV2{
+								BaseUri: gu.Ptr("https://login.example.com"),
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for _, tt := range tt {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result := appOIDCConfigToPb(tt.input)
+
+			// Then
+			assert.Equal(t, tt.expected, result)
+		})
+	}
+}
+
+func TestOIDCResponseTypesFromModel(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name          string
+		responseTypes []domain.OIDCResponseType
+		expected      []app.OIDCResponseType
+	}{
+		{
+			name:          "empty response types",
+			responseTypes: []domain.OIDCResponseType{},
+			expected:      []app.OIDCResponseType{},
+		},
+		{
+			name: "all response types",
+			responseTypes: []domain.OIDCResponseType{
+				domain.OIDCResponseTypeUnspecified,
+				domain.OIDCResponseTypeCode,
+				domain.OIDCResponseTypeIDToken,
+				domain.OIDCResponseTypeIDTokenToken,
+			},
+			expected: []app.OIDCResponseType{
+				app.OIDCResponseType_OIDC_RESPONSE_TYPE_UNSPECIFIED,
+				app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE,
+				app.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN,
+				app.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN,
+			},
+		},
+		{
+			name: "single response type",
+			responseTypes: []domain.OIDCResponseType{
+				domain.OIDCResponseTypeCode,
+			},
+			expected: []app.OIDCResponseType{
+				app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE,
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result := oidcResponseTypesFromModel(tc.responseTypes)
+
+			// Then
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+func TestOIDCGrantTypesFromModel(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name       string
+		grantTypes []domain.OIDCGrantType
+		expected   []app.OIDCGrantType
+	}{
+		{
+			name:       "empty grant types",
+			grantTypes: []domain.OIDCGrantType{},
+			expected:   []app.OIDCGrantType{},
+		},
+		{
+			name: "all grant types",
+			grantTypes: []domain.OIDCGrantType{
+				domain.OIDCGrantTypeAuthorizationCode,
+				domain.OIDCGrantTypeImplicit,
+				domain.OIDCGrantTypeRefreshToken,
+				domain.OIDCGrantTypeDeviceCode,
+				domain.OIDCGrantTypeTokenExchange,
+			},
+			expected: []app.OIDCGrantType{
+				app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE,
+				app.OIDCGrantType_OIDC_GRANT_TYPE_IMPLICIT,
+				app.OIDCGrantType_OIDC_GRANT_TYPE_REFRESH_TOKEN,
+				app.OIDCGrantType_OIDC_GRANT_TYPE_DEVICE_CODE,
+				app.OIDCGrantType_OIDC_GRANT_TYPE_TOKEN_EXCHANGE,
+			},
+		},
+		{
+			name: "single grant type",
+			grantTypes: []domain.OIDCGrantType{
+				domain.OIDCGrantTypeAuthorizationCode,
+			},
+			expected: []app.OIDCGrantType{
+				app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE,
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result := oidcGrantTypesFromModel(tc.grantTypes)
+
+			// Then
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+
+func TestOIDCApplicationTypeToPb(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name     string
+		appType  domain.OIDCApplicationType
+		expected app.OIDCAppType
+	}{
+		{
+			name:     "web type",
+			appType:  domain.OIDCApplicationTypeWeb,
+			expected: app.OIDCAppType_OIDC_APP_TYPE_WEB,
+		},
+		{
+			name:     "user agent type",
+			appType:  domain.OIDCApplicationTypeUserAgent,
+			expected: app.OIDCAppType_OIDC_APP_TYPE_USER_AGENT,
+		},
+		{
+			name:     "native type",
+			appType:  domain.OIDCApplicationTypeNative,
+			expected: app.OIDCAppType_OIDC_APP_TYPE_NATIVE,
+		},
+		{
+			name:     "unspecified type defaults to web",
+			appType:  domain.OIDCApplicationType(999), // Invalid value to trigger default case
+			expected: app.OIDCAppType_OIDC_APP_TYPE_WEB,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result := oidcApplicationTypeToPb(tc.appType)
+
+			// Then
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+
+func TestOIDCAuthMethodTypeToPb(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name     string
+		authType domain.OIDCAuthMethodType
+		expected app.OIDCAuthMethodType
+	}{
+		{
+			name:     "basic auth type",
+			authType: domain.OIDCAuthMethodTypeBasic,
+			expected: app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+		},
+		{
+			name:     "post auth type",
+			authType: domain.OIDCAuthMethodTypePost,
+			expected: app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_POST,
+		},
+		{
+			name:     "none auth type",
+			authType: domain.OIDCAuthMethodTypeNone,
+			expected: app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE,
+		},
+		{
+			name:     "private key jwt auth type",
+			authType: domain.OIDCAuthMethodTypePrivateKeyJWT,
+			expected: app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT,
+		},
+		{
+			name:     "unknown auth type defaults to basic",
+			authType: domain.OIDCAuthMethodType(999),
+			expected: app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result := oidcAuthMethodTypeToPb(tc.authType)
+
+			// Then
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+
+func TestOIDCTokenTypeToPb(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		name      string
+		tokenType domain.OIDCTokenType
+		expected  app.OIDCTokenType
+	}{
+		{
+			name:      "bearer token type",
+			tokenType: domain.OIDCTokenTypeBearer,
+			expected:  app.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER,
+		},
+		{
+			name:      "jwt token type",
+			tokenType: domain.OIDCTokenTypeJWT,
+			expected:  app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
+		},
+		{
+			name:      "unknown token type defaults to bearer",
+			tokenType: domain.OIDCTokenType(999), // Invalid value to trigger default case
+			expected:  app.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			result := oidcTokenTypeToPb(tc.tokenType)
+
+			// Then
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/convert/saml_app.go b/internal/api/grpc/app/v2beta/convert/saml_app.go
new file mode 100644
index 0000000000..7f1bef082b
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/convert/saml_app.go
@@ -0,0 +1,77 @@
+package convert
+
+import (
+	"github.com/muhlemmer/gu"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/query"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+func CreateSAMLAppRequestToDomain(name, projectID string, req *app.CreateSAMLApplicationRequest) (*domain.SAMLApp, error) {
+	loginVersion, loginBaseURI, err := loginVersionToDomain(req.GetLoginVersion())
+	if err != nil {
+		return nil, err
+	}
+	return &domain.SAMLApp{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: projectID,
+		},
+		AppName:      name,
+		Metadata:     req.GetMetadataXml(),
+		MetadataURL:  gu.Ptr(req.GetMetadataUrl()),
+		LoginVersion: loginVersion,
+		LoginBaseURI: loginBaseURI,
+	}, nil
+}
+
+func UpdateSAMLAppConfigRequestToDomain(appID, projectID string, app *app.UpdateSAMLApplicationConfigurationRequest) (*domain.SAMLApp, error) {
+	loginVersion, loginBaseURI, err := loginVersionToDomain(app.GetLoginVersion())
+	if err != nil {
+		return nil, err
+	}
+
+	metasXML, metasURL := metasToDomain(app.GetMetadata())
+	return &domain.SAMLApp{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: projectID,
+		},
+		AppID:        appID,
+		Metadata:     metasXML,
+		MetadataURL:  metasURL,
+		LoginVersion: loginVersion,
+		LoginBaseURI: loginBaseURI,
+	}, nil
+}
+
+func metasToDomain(metas app.MetaType) ([]byte, *string) {
+	switch t := metas.(type) {
+	case *app.UpdateSAMLApplicationConfigurationRequest_MetadataXml:
+		return t.MetadataXml, nil
+	case *app.UpdateSAMLApplicationConfigurationRequest_MetadataUrl:
+		return nil, &t.MetadataUrl
+	case nil:
+		return nil, nil
+	default:
+		return nil, nil
+	}
+}
+
+func appSAMLConfigToPb(samlApp *query.SAMLApp) app.ApplicationConfig {
+	if samlApp == nil {
+		return &app.Application_SamlConfig{
+			SamlConfig: &app.SAMLConfig{
+				Metadata:     &app.SAMLConfig_MetadataXml{},
+				LoginVersion: &app.LoginVersion{},
+			},
+		}
+	}
+
+	return &app.Application_SamlConfig{
+		SamlConfig: &app.SAMLConfig{
+			Metadata:     &app.SAMLConfig_MetadataXml{MetadataXml: samlApp.Metadata},
+			LoginVersion: loginVersionToPb(samlApp.LoginVersion, samlApp.LoginBaseURI),
+		},
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/convert/saml_app_test.go b/internal/api/grpc/app/v2beta/convert/saml_app_test.go
new file mode 100644
index 0000000000..b41ec432b6
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/convert/saml_app_test.go
@@ -0,0 +1,256 @@
+package convert
+
+import (
+	"fmt"
+	"net/url"
+	"testing"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/query"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+func samlMetadataGen(entityID string) []byte {
+	str := fmt.Sprintf(`<?xml version="1.0"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+                     validUntil="2022-08-26T14:08:16Z"
+                     cacheDuration="PT604800S"
+                     entityID="%s">
+    <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+                                     Location="https://test.com/saml/acs"
+                                     index="1" />
+        
+    </md:SPSSODescriptor>
+</md:EntityDescriptor>
+`,
+		entityID)
+
+	return []byte(str)
+}
+
+func TestCreateSAMLAppRequestToDomain(t *testing.T) {
+	t.Parallel()
+
+	genMetaForValidRequest := samlMetadataGen(gofakeit.URL())
+
+	tt := []struct {
+		testName  string
+		appName   string
+		projectID string
+		req       *app.CreateSAMLApplicationRequest
+
+		expectedResponse *domain.SAMLApp
+		expectedError    error
+	}{
+		{
+			testName:  "login version error",
+			appName:   "test-app",
+			projectID: "proj-1",
+			req: &app.CreateSAMLApplicationRequest{
+				Metadata: &app.CreateSAMLApplicationRequest_MetadataXml{
+					MetadataXml: samlMetadataGen(gofakeit.URL()),
+				},
+				LoginVersion: &app.LoginVersion{
+					Version: &app.LoginVersion_LoginV2{
+						LoginV2: &app.LoginV2{BaseUri: gu.Ptr("%+o")},
+					},
+				},
+			},
+			expectedError: &url.Error{
+				URL: "%+o",
+				Op:  "parse",
+				Err: url.EscapeError("%+o"),
+			},
+		},
+		{
+			testName:  "valid request",
+			appName:   "test-app",
+			projectID: "proj-1",
+			req: &app.CreateSAMLApplicationRequest{
+				Metadata: &app.CreateSAMLApplicationRequest_MetadataXml{
+					MetadataXml: genMetaForValidRequest,
+				},
+				LoginVersion: nil,
+			},
+
+			expectedResponse: &domain.SAMLApp{
+				ObjectRoot:   models.ObjectRoot{AggregateID: "proj-1"},
+				AppName:      "test-app",
+				Metadata:     genMetaForValidRequest,
+				MetadataURL:  gu.Ptr(""),
+				LoginVersion: gu.Ptr(domain.LoginVersionUnspecified),
+				LoginBaseURI: gu.Ptr(""),
+				State:        0,
+			},
+		},
+		{
+			testName:  "nil request",
+			appName:   "test-app",
+			projectID: "proj-1",
+			req:       nil,
+
+			expectedResponse: &domain.SAMLApp{
+				AppName:      "test-app",
+				ObjectRoot:   models.ObjectRoot{AggregateID: "proj-1"},
+				MetadataURL:  gu.Ptr(""),
+				LoginVersion: gu.Ptr(domain.LoginVersionUnspecified),
+				LoginBaseURI: gu.Ptr(""),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res, err := CreateSAMLAppRequestToDomain(tc.appName, tc.projectID, tc.req)
+
+			// Then
+			assert.Equal(t, tc.expectedError, err)
+			assert.Equal(t, tc.expectedResponse, res)
+		})
+	}
+}
+func TestUpdateSAMLAppConfigRequestToDomain(t *testing.T) {
+	t.Parallel()
+
+	genMetaForValidRequest := samlMetadataGen(gofakeit.URL())
+
+	tt := []struct {
+		testName  string
+		appID     string
+		projectID string
+		req       *app.UpdateSAMLApplicationConfigurationRequest
+
+		expectedResponse *domain.SAMLApp
+		expectedError    error
+	}{
+		{
+			testName:  "login version error",
+			appID:     "app-1",
+			projectID: "proj-1",
+			req: &app.UpdateSAMLApplicationConfigurationRequest{
+				Metadata: &app.UpdateSAMLApplicationConfigurationRequest_MetadataXml{
+					MetadataXml: samlMetadataGen(gofakeit.URL()),
+				},
+				LoginVersion: &app.LoginVersion{
+					Version: &app.LoginVersion_LoginV2{
+						LoginV2: &app.LoginV2{BaseUri: gu.Ptr("%+o")},
+					},
+				},
+			},
+			expectedError: &url.Error{
+				URL: "%+o",
+				Op:  "parse",
+				Err: url.EscapeError("%+o"),
+			},
+		},
+		{
+			testName:  "valid request",
+			appID:     "app-1",
+			projectID: "proj-1",
+			req: &app.UpdateSAMLApplicationConfigurationRequest{
+				Metadata: &app.UpdateSAMLApplicationConfigurationRequest_MetadataXml{
+					MetadataXml: genMetaForValidRequest,
+				},
+				LoginVersion: nil,
+			},
+			expectedResponse: &domain.SAMLApp{
+				ObjectRoot:   models.ObjectRoot{AggregateID: "proj-1"},
+				AppID:        "app-1",
+				Metadata:     genMetaForValidRequest,
+				LoginVersion: gu.Ptr(domain.LoginVersionUnspecified),
+				LoginBaseURI: gu.Ptr(""),
+			},
+		},
+		{
+			testName:  "nil request",
+			appID:     "app-1",
+			projectID: "proj-1",
+			req:       nil,
+			expectedResponse: &domain.SAMLApp{
+				ObjectRoot:   models.ObjectRoot{AggregateID: "proj-1"},
+				AppID:        "app-1",
+				LoginVersion: gu.Ptr(domain.LoginVersionUnspecified),
+				LoginBaseURI: gu.Ptr(""),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res, err := UpdateSAMLAppConfigRequestToDomain(tc.appID, tc.projectID, tc.req)
+
+			// Then
+			assert.Equal(t, tc.expectedError, err)
+			assert.Equal(t, tc.expectedResponse, res)
+		})
+	}
+}
+
+func TestAppSAMLConfigToPb(t *testing.T) {
+	t.Parallel()
+
+	metadata := samlMetadataGen(gofakeit.URL())
+
+	tt := []struct {
+		name         string
+		inputSAMLApp *query.SAMLApp
+
+		expectedPbApp app.ApplicationConfig
+	}{
+		{
+			name: "valid conversion",
+			inputSAMLApp: &query.SAMLApp{
+				Metadata:     metadata,
+				LoginVersion: domain.LoginVersion2,
+				LoginBaseURI: gu.Ptr("https://example.com"),
+			},
+			expectedPbApp: &app.Application_SamlConfig{
+				SamlConfig: &app.SAMLConfig{
+					Metadata: &app.SAMLConfig_MetadataXml{
+						MetadataXml: metadata,
+					},
+					LoginVersion: &app.LoginVersion{
+						Version: &app.LoginVersion_LoginV2{
+							LoginV2: &app.LoginV2{BaseUri: gu.Ptr("https://example.com")},
+						},
+					},
+				},
+			},
+		},
+		{
+			name:         "nil saml app",
+			inputSAMLApp: nil,
+			expectedPbApp: &app.Application_SamlConfig{
+				SamlConfig: &app.SAMLConfig{
+					Metadata:     &app.SAMLConfig_MetadataXml{},
+					LoginVersion: &app.LoginVersion{},
+				},
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			got := appSAMLConfigToPb(tc.inputSAMLApp)
+
+			// Then
+			assert.Equal(t, tc.expectedPbApp, got)
+		})
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/integration_test/app_test.go b/internal/api/grpc/app/v2beta/integration_test/app_test.go
new file mode 100644
index 0000000000..1ba46987cf
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/integration_test/app_test.go
@@ -0,0 +1,1446 @@
+//go:build integration
+
+package instance_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+	org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
+)
+
+func TestCreateApplication(t *testing.T) {
+	p := instance.CreateProject(IAMOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.Name(), false, false)
+
+	t.Parallel()
+
+	notExistingProjectID := gofakeit.UUID()
+
+	tt := []struct {
+		testName        string
+		creationRequest *app.CreateApplicationRequest
+		inputCtx        context.Context
+
+		expectedResponseType string
+		expectedErrorType    codes.Code
+	}{
+		{
+			testName: "when project for API app creation is not found should return failed precondition error",
+			inputCtx: IAMOwnerCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: notExistingProjectID,
+				Name:      "App Name",
+				CreationRequestType: &app.CreateApplicationRequest_ApiRequest{
+					ApiRequest: &app.CreateAPIApplicationRequest{
+						AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT,
+					},
+				},
+			},
+			expectedErrorType: codes.FailedPrecondition,
+		},
+		{
+			testName: "when CreateAPIApp request is valid should create app and return no error",
+			inputCtx: IAMOwnerCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: p.GetId(),
+				Name:      "App Name",
+				CreationRequestType: &app.CreateApplicationRequest_ApiRequest{
+					ApiRequest: &app.CreateAPIApplicationRequest{
+						AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT,
+					},
+				},
+			},
+			expectedResponseType: fmt.Sprintf("%T", &app.CreateApplicationResponse_ApiResponse{}),
+		},
+		{
+			testName: "when project for OIDC app creation is not found should return failed precondition error",
+			inputCtx: IAMOwnerCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: notExistingProjectID,
+				Name:      "App Name",
+				CreationRequestType: &app.CreateApplicationRequest_OidcRequest{
+					OidcRequest: &app.CreateOIDCApplicationRequest{
+						RedirectUris:           []string{"http://example.com"},
+						ResponseTypes:          []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
+						GrantTypes:             []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
+						AppType:                app.OIDCAppType_OIDC_APP_TYPE_WEB,
+						AuthMethodType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+						PostLogoutRedirectUris: []string{"http://example.com/home"},
+						Version:                app.OIDCVersion_OIDC_VERSION_1_0,
+						AccessTokenType:        app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
+						BackChannelLogoutUri:   "http://example.com/logout",
+						LoginVersion: &app.LoginVersion{
+							Version: &app.LoginVersion_LoginV2{
+								LoginV2: &app.LoginV2{
+									BaseUri: &baseURI,
+								},
+							},
+						},
+					},
+				},
+			},
+			expectedErrorType: codes.FailedPrecondition,
+		},
+		{
+			testName: "when CreateOIDCApp request is valid should create app and return no error",
+			inputCtx: IAMOwnerCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: p.GetId(),
+				Name:      gofakeit.AppName(),
+				CreationRequestType: &app.CreateApplicationRequest_OidcRequest{
+					OidcRequest: &app.CreateOIDCApplicationRequest{
+						RedirectUris:           []string{"http://example.com"},
+						ResponseTypes:          []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
+						GrantTypes:             []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
+						AppType:                app.OIDCAppType_OIDC_APP_TYPE_WEB,
+						AuthMethodType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+						PostLogoutRedirectUris: []string{"http://example.com/home"},
+						Version:                app.OIDCVersion_OIDC_VERSION_1_0,
+						AccessTokenType:        app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
+						BackChannelLogoutUri:   "http://example.com/logout",
+						LoginVersion: &app.LoginVersion{
+							Version: &app.LoginVersion_LoginV2{
+								LoginV2: &app.LoginV2{
+									BaseUri: &baseURI,
+								},
+							},
+						},
+					},
+				},
+			},
+
+			expectedResponseType: fmt.Sprintf("%T", &app.CreateApplicationResponse_OidcResponse{}),
+		},
+		{
+			testName: "when project for SAML app creation is not found should return failed precondition error",
+			inputCtx: IAMOwnerCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: notExistingProjectID,
+				Name:      gofakeit.AppName(),
+				CreationRequestType: &app.CreateApplicationRequest_SamlRequest{
+					SamlRequest: &app.CreateSAMLApplicationRequest{
+						Metadata: &app.CreateSAMLApplicationRequest_MetadataUrl{
+							MetadataUrl: "http://example.com/metas",
+						},
+						LoginVersion: &app.LoginVersion{
+							Version: &app.LoginVersion_LoginV2{
+								LoginV2: &app.LoginV2{
+									BaseUri: &baseURI,
+								},
+							},
+						},
+					},
+				},
+			},
+			expectedErrorType: codes.FailedPrecondition,
+		},
+		{
+			testName: "when CreateSAMLApp request is valid should create app and return no error",
+			inputCtx: IAMOwnerCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: p.GetId(),
+				Name:      gofakeit.AppName(),
+				CreationRequestType: &app.CreateApplicationRequest_SamlRequest{
+					SamlRequest: &app.CreateSAMLApplicationRequest{
+						Metadata: &app.CreateSAMLApplicationRequest_MetadataXml{
+							MetadataXml: samlMetadataGen(gofakeit.URL()),
+						},
+						LoginVersion: &app.LoginVersion{
+							Version: &app.LoginVersion_LoginV2{
+								LoginV2: &app.LoginV2{
+									BaseUri: &baseURI,
+								},
+							},
+						},
+					},
+				},
+			},
+			expectedResponseType: fmt.Sprintf("%T", &app.CreateApplicationResponse_SamlResponse{}),
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+			res, err := instance.Client.AppV2Beta.CreateApplication(tc.inputCtx, tc.creationRequest)
+
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				resType := fmt.Sprintf("%T", res.GetCreationResponseType())
+				assert.Equal(t, tc.expectedResponseType, resType)
+				assert.NotZero(t, res.GetAppId())
+				assert.NotZero(t, res.GetCreationDate())
+			}
+		})
+	}
+}
+
+func TestCreateApplication_WithDifferentPermissions(t *testing.T) {
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
+
+	t.Parallel()
+
+	tt := []struct {
+		testName        string
+		creationRequest *app.CreateApplicationRequest
+		inputCtx        context.Context
+
+		expectedResponseType string
+		expectedErrorType    codes.Code
+	}{
+		// Login User with no project.app.write
+		{
+			testName: "when user has no project.app.write permission for API request should return permission error",
+			inputCtx: LoginUserCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: p.GetId(),
+				Name:      gofakeit.Name(),
+				CreationRequestType: &app.CreateApplicationRequest_ApiRequest{
+					ApiRequest: &app.CreateAPIApplicationRequest{
+						AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT,
+					},
+				},
+			},
+			expectedErrorType: codes.PermissionDenied,
+		},
+		{
+			testName: "when user has no project.app.write permission for OIDC request should return permission error",
+			inputCtx: LoginUserCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: p.GetId(),
+				Name:      gofakeit.AppName(),
+				CreationRequestType: &app.CreateApplicationRequest_OidcRequest{
+					OidcRequest: &app.CreateOIDCApplicationRequest{
+						RedirectUris:           []string{"http://example.com"},
+						ResponseTypes:          []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
+						GrantTypes:             []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
+						AppType:                app.OIDCAppType_OIDC_APP_TYPE_WEB,
+						AuthMethodType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+						PostLogoutRedirectUris: []string{"http://example.com/home"},
+						Version:                app.OIDCVersion_OIDC_VERSION_1_0,
+						AccessTokenType:        app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
+						BackChannelLogoutUri:   "http://example.com/logout",
+						LoginVersion: &app.LoginVersion{
+							Version: &app.LoginVersion_LoginV2{
+								LoginV2: &app.LoginV2{
+									BaseUri: &baseURI,
+								},
+							},
+						},
+					},
+				},
+			},
+
+			expectedErrorType: codes.PermissionDenied,
+		},
+		{
+			testName: "when user has no project.app.write permission for SAML request should return permission error",
+			inputCtx: LoginUserCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: p.GetId(),
+				Name:      gofakeit.AppName(),
+				CreationRequestType: &app.CreateApplicationRequest_SamlRequest{
+					SamlRequest: &app.CreateSAMLApplicationRequest{
+						Metadata: &app.CreateSAMLApplicationRequest_MetadataXml{
+							MetadataXml: samlMetadataGen(gofakeit.URL()),
+						},
+						LoginVersion: &app.LoginVersion{
+							Version: &app.LoginVersion_LoginV2{
+								LoginV2: &app.LoginV2{
+									BaseUri: &baseURI,
+								},
+							},
+						},
+					},
+				},
+			},
+			expectedErrorType: codes.PermissionDenied,
+		},
+
+		// OrgOwner with project.app.write permission
+		{
+			testName: "when user is OrgOwner API request should succeed",
+			inputCtx: OrgOwnerCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: p.GetId(),
+				Name:      gofakeit.Name(),
+				CreationRequestType: &app.CreateApplicationRequest_ApiRequest{
+					ApiRequest: &app.CreateAPIApplicationRequest{
+						AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT,
+					},
+				},
+			},
+			expectedResponseType: fmt.Sprintf("%T", &app.CreateApplicationResponse_ApiResponse{}),
+		},
+		{
+			testName: "when user is OrgOwner OIDC request should succeed",
+			inputCtx: OrgOwnerCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: p.GetId(),
+				Name:      gofakeit.AppName(),
+				CreationRequestType: &app.CreateApplicationRequest_OidcRequest{
+					OidcRequest: &app.CreateOIDCApplicationRequest{
+						RedirectUris:           []string{"http://example.com"},
+						ResponseTypes:          []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
+						GrantTypes:             []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
+						AppType:                app.OIDCAppType_OIDC_APP_TYPE_WEB,
+						AuthMethodType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+						PostLogoutRedirectUris: []string{"http://example.com/home"},
+						Version:                app.OIDCVersion_OIDC_VERSION_1_0,
+						AccessTokenType:        app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
+						BackChannelLogoutUri:   "http://example.com/logout",
+						LoginVersion: &app.LoginVersion{
+							Version: &app.LoginVersion_LoginV2{
+								LoginV2: &app.LoginV2{
+									BaseUri: &baseURI,
+								},
+							},
+						},
+					},
+				},
+			},
+
+			expectedResponseType: fmt.Sprintf("%T", &app.CreateApplicationResponse_OidcResponse{}),
+		},
+		{
+			testName: "when user is OrgOwner SAML request should succeed",
+			inputCtx: OrgOwnerCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: p.GetId(),
+				Name:      gofakeit.AppName(),
+				CreationRequestType: &app.CreateApplicationRequest_SamlRequest{
+					SamlRequest: &app.CreateSAMLApplicationRequest{
+						Metadata: &app.CreateSAMLApplicationRequest_MetadataXml{
+							MetadataXml: samlMetadataGen(gofakeit.URL()),
+						},
+						LoginVersion: &app.LoginVersion{
+							Version: &app.LoginVersion_LoginV2{
+								LoginV2: &app.LoginV2{
+									BaseUri: &baseURI,
+								},
+							},
+						},
+					},
+				},
+			},
+			expectedResponseType: fmt.Sprintf("%T", &app.CreateApplicationResponse_SamlResponse{}),
+		},
+
+		// Project owner with project.app.write permission
+		{
+			testName: "when user is ProjectOwner API request should succeed",
+			inputCtx: projectOwnerCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: p.GetId(),
+				Name:      gofakeit.Name(),
+				CreationRequestType: &app.CreateApplicationRequest_ApiRequest{
+					ApiRequest: &app.CreateAPIApplicationRequest{
+						AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT,
+					},
+				},
+			},
+			expectedResponseType: fmt.Sprintf("%T", &app.CreateApplicationResponse_ApiResponse{}),
+		},
+		{
+			testName: "when user is ProjectOwner OIDC request should succeed",
+			inputCtx: projectOwnerCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: p.GetId(),
+				Name:      gofakeit.AppName(),
+				CreationRequestType: &app.CreateApplicationRequest_OidcRequest{
+					OidcRequest: &app.CreateOIDCApplicationRequest{
+						RedirectUris:           []string{"http://example.com"},
+						ResponseTypes:          []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
+						GrantTypes:             []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
+						AppType:                app.OIDCAppType_OIDC_APP_TYPE_WEB,
+						AuthMethodType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+						PostLogoutRedirectUris: []string{"http://example.com/home"},
+						Version:                app.OIDCVersion_OIDC_VERSION_1_0,
+						AccessTokenType:        app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
+						BackChannelLogoutUri:   "http://example.com/logout",
+						LoginVersion: &app.LoginVersion{
+							Version: &app.LoginVersion_LoginV2{
+								LoginV2: &app.LoginV2{
+									BaseUri: &baseURI,
+								},
+							},
+						},
+					},
+				},
+			},
+
+			expectedResponseType: fmt.Sprintf("%T", &app.CreateApplicationResponse_OidcResponse{}),
+		},
+		{
+			testName: "when user is ProjectOwner SAML request should succeed",
+			inputCtx: projectOwnerCtx,
+			creationRequest: &app.CreateApplicationRequest{
+				ProjectId: p.GetId(),
+				Name:      gofakeit.AppName(),
+				CreationRequestType: &app.CreateApplicationRequest_SamlRequest{
+					SamlRequest: &app.CreateSAMLApplicationRequest{
+						Metadata: &app.CreateSAMLApplicationRequest_MetadataXml{
+							MetadataXml: samlMetadataGen(gofakeit.URL()),
+						},
+						LoginVersion: &app.LoginVersion{
+							Version: &app.LoginVersion_LoginV2{
+								LoginV2: &app.LoginV2{
+									BaseUri: &baseURI,
+								},
+							},
+						},
+					},
+				},
+			},
+			expectedResponseType: fmt.Sprintf("%T", &app.CreateApplicationResponse_SamlResponse{}),
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+			res, err := instance.Client.AppV2Beta.CreateApplication(tc.inputCtx, tc.creationRequest)
+
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				resType := fmt.Sprintf("%T", res.GetCreationResponseType())
+				assert.Equal(t, tc.expectedResponseType, resType)
+				assert.NotZero(t, res.GetAppId())
+				assert.NotZero(t, res.GetCreationDate())
+			}
+		})
+	}
+}
+
+func TestUpdateApplication(t *testing.T) {
+	orgNotInCtx := instance.CreateOrganization(IAMOwnerCtx, gofakeit.Name(), gofakeit.Email())
+	pNotInCtx := instance.CreateProject(IAMOwnerCtx, t, orgNotInCtx.GetOrganizationId(), gofakeit.AppName(), false, false)
+
+	p := instance.CreateProject(IAMOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.Name(), false, false)
+
+	baseURI := "http://example.com"
+
+	t.Cleanup(func() {
+		instance.Client.OrgV2beta.DeleteOrganization(IAMOwnerCtx, &org.DeleteOrganizationRequest{
+			Id: orgNotInCtx.GetOrganizationId(),
+		})
+	})
+
+	reqForAppNameCreation := &app.CreateApplicationRequest_ApiRequest{
+		ApiRequest: &app.CreateAPIApplicationRequest{AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT},
+	}
+	reqForAPIAppCreation := reqForAppNameCreation
+
+	reqForOIDCAppCreation := &app.CreateApplicationRequest_OidcRequest{
+		OidcRequest: &app.CreateOIDCApplicationRequest{
+			RedirectUris:           []string{"http://example.com"},
+			ResponseTypes:          []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
+			GrantTypes:             []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
+			AppType:                app.OIDCAppType_OIDC_APP_TYPE_WEB,
+			AuthMethodType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+			PostLogoutRedirectUris: []string{"http://example.com/home"},
+			Version:                app.OIDCVersion_OIDC_VERSION_1_0,
+			AccessTokenType:        app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
+			BackChannelLogoutUri:   "http://example.com/logout",
+			LoginVersion: &app.LoginVersion{
+				Version: &app.LoginVersion_LoginV2{
+					LoginV2: &app.LoginV2{
+						BaseUri: &baseURI,
+					},
+				},
+			},
+		},
+	}
+
+	samlMetas := samlMetadataGen(gofakeit.URL())
+	reqForSAMLAppCreation := &app.CreateApplicationRequest_SamlRequest{
+		SamlRequest: &app.CreateSAMLApplicationRequest{
+			Metadata: &app.CreateSAMLApplicationRequest_MetadataXml{
+				MetadataXml: samlMetas,
+			},
+			LoginVersion: &app.LoginVersion{
+				Version: &app.LoginVersion_LoginV2{
+					LoginV2: &app.LoginV2{
+						BaseUri: &baseURI,
+					},
+				},
+			},
+		},
+	}
+
+	appForNameChange, appNameChangeErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                gofakeit.AppName(),
+		CreationRequestType: reqForAppNameCreation,
+	})
+	require.Nil(t, appNameChangeErr)
+
+	appForAPIConfigChange, appAPIConfigChangeErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                gofakeit.AppName(),
+		CreationRequestType: reqForAPIAppCreation,
+	})
+	require.Nil(t, appAPIConfigChangeErr)
+
+	appForOIDCConfigChange, appOIDCConfigChangeErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                gofakeit.AppName(),
+		CreationRequestType: reqForOIDCAppCreation,
+	})
+	require.Nil(t, appOIDCConfigChangeErr)
+
+	appForSAMLConfigChange, appSAMLConfigChangeErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                gofakeit.AppName(),
+		CreationRequestType: reqForSAMLAppCreation,
+	})
+	require.Nil(t, appSAMLConfigChangeErr)
+
+	t.Parallel()
+
+	tt := []struct {
+		testName      string
+		inputCtx      context.Context
+		updateRequest *app.UpdateApplicationRequest
+
+		expectedErrorType codes.Code
+	}{
+		{
+			testName: "when app for app name change request is not found should return not found error",
+			inputCtx: IAMOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: pNotInCtx.GetId(),
+				Id:        appForNameChange.GetAppId(),
+				Name:      "New name",
+			},
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when request for app name change is valid should return updated timestamp",
+			inputCtx: IAMOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForNameChange.GetAppId(),
+
+				Name: "New name",
+			},
+		},
+
+		{
+			testName: "when app for API config change request is not found should return not found error",
+			inputCtx: IAMOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: pNotInCtx.GetId(),
+				Id:        appForAPIConfigChange.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_ApiConfigurationRequest{
+					ApiConfigurationRequest: &app.UpdateAPIApplicationConfigurationRequest{
+						AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT,
+					},
+				},
+			},
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when request for API config change is valid should return updated timestamp",
+			inputCtx: IAMOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForAPIConfigChange.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_ApiConfigurationRequest{
+					ApiConfigurationRequest: &app.UpdateAPIApplicationConfigurationRequest{
+						AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC,
+					},
+				},
+			},
+		},
+		{
+			testName: "when app for OIDC config change request is not found should return not found error",
+			inputCtx: IAMOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: pNotInCtx.GetId(),
+				Id:        appForOIDCConfigChange.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_OidcConfigurationRequest{
+					OidcConfigurationRequest: &app.UpdateOIDCApplicationConfigurationRequest{
+						PostLogoutRedirectUris: []string{"http://example.com/home2"},
+					},
+				},
+			},
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when request for OIDC config change is valid should return updated timestamp",
+			inputCtx: IAMOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForOIDCConfigChange.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_OidcConfigurationRequest{
+					OidcConfigurationRequest: &app.UpdateOIDCApplicationConfigurationRequest{
+						PostLogoutRedirectUris: []string{"http://example.com/home2"},
+					},
+				},
+			},
+		},
+
+		{
+			testName: "when app for SAML config change request is not found should return not found error",
+			inputCtx: IAMOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: pNotInCtx.GetId(),
+				Id:        appForSAMLConfigChange.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_SamlConfigurationRequest{
+					SamlConfigurationRequest: &app.UpdateSAMLApplicationConfigurationRequest{
+						Metadata: &app.UpdateSAMLApplicationConfigurationRequest_MetadataXml{
+							MetadataXml: samlMetas,
+						},
+						LoginVersion: &app.LoginVersion{Version: &app.LoginVersion_LoginV1{LoginV1: &app.LoginV1{}}},
+					},
+				},
+			},
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when request for SAML config change is valid should return updated timestamp",
+			inputCtx: IAMOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForSAMLConfigChange.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_SamlConfigurationRequest{
+					SamlConfigurationRequest: &app.UpdateSAMLApplicationConfigurationRequest{
+						Metadata: &app.UpdateSAMLApplicationConfigurationRequest_MetadataXml{
+							MetadataXml: samlMetas,
+						},
+						LoginVersion: &app.LoginVersion{Version: &app.LoginVersion_LoginV1{LoginV1: &app.LoginV1{}}},
+					},
+				},
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+			res, err := instance.Client.AppV2Beta.UpdateApplication(tc.inputCtx, tc.updateRequest)
+
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				assert.NotZero(t, res.GetChangeDate())
+			}
+		})
+	}
+}
+
+func TestUpdateApplication_WithDifferentPermissions(t *testing.T) {
+	baseURI := "http://example.com"
+
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
+
+	reqForAppNameCreation := &app.CreateApplicationRequest_ApiRequest{
+		ApiRequest: &app.CreateAPIApplicationRequest{AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT},
+	}
+
+	appForNameChange, appNameChangeErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                gofakeit.AppName(),
+		CreationRequestType: reqForAppNameCreation,
+	})
+	require.Nil(t, appNameChangeErr)
+
+	appForAPIConfigChangeForProjectOwner := createAPIApp(t, p.GetId())
+	appForAPIConfigChangeForOrgOwner := createAPIApp(t, p.GetId())
+	appForAPIConfigChangeForLoginUser := createAPIApp(t, p.GetId())
+
+	appForOIDCConfigChangeForProjectOwner := createOIDCApp(t, baseURI, p.GetId())
+	appForOIDCConfigChangeForOrgOwner := createOIDCApp(t, baseURI, p.GetId())
+	appForOIDCConfigChangeForLoginUser := createOIDCApp(t, baseURI, p.GetId())
+
+	samlMetasForProjectOwner, appForSAMLConfigChangeForProjectOwner := createSAMLApp(t, baseURI, p.GetId())
+	samlMetasForOrgOwner, appForSAMLConfigChangeForOrgOwner := createSAMLApp(t, baseURI, p.GetId())
+	samlMetasForLoginUser, appForSAMLConfigChangeForLoginUser := createSAMLApp(t, baseURI, p.GetId())
+
+	t.Parallel()
+
+	tt := []struct {
+		testName      string
+		inputCtx      context.Context
+		updateRequest *app.UpdateApplicationRequest
+
+		expectedErrorType codes.Code
+	}{
+		// ProjectOwner
+		{
+			testName: "when user is ProjectOwner app name request should succeed",
+			inputCtx: projectOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForNameChange.GetAppId(),
+
+				Name: gofakeit.AppName(),
+			},
+		},
+		{
+			testName: "when user is ProjectOwner API app request should succeed",
+			inputCtx: projectOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForAPIConfigChangeForProjectOwner.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_ApiConfigurationRequest{
+					ApiConfigurationRequest: &app.UpdateAPIApplicationConfigurationRequest{
+						AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC,
+					},
+				},
+			},
+		},
+		{
+			testName: "when user is ProjectOwner OIDC app request should succeed",
+			inputCtx: projectOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForOIDCConfigChangeForProjectOwner.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_OidcConfigurationRequest{
+					OidcConfigurationRequest: &app.UpdateOIDCApplicationConfigurationRequest{
+						PostLogoutRedirectUris: []string{"http://example.com/home2"},
+					},
+				},
+			},
+		},
+		{
+			testName: "when user is ProjectOwner SAML request should succeed",
+			inputCtx: projectOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForSAMLConfigChangeForProjectOwner.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_SamlConfigurationRequest{
+					SamlConfigurationRequest: &app.UpdateSAMLApplicationConfigurationRequest{
+						Metadata: &app.UpdateSAMLApplicationConfigurationRequest_MetadataXml{
+							MetadataXml: samlMetasForProjectOwner,
+						},
+						LoginVersion: &app.LoginVersion{Version: &app.LoginVersion_LoginV1{LoginV1: &app.LoginV1{}}},
+					},
+				},
+			},
+		},
+
+		// OrgOwner context
+		{
+			testName: "when user is OrgOwner app name request should succeed",
+			inputCtx: OrgOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForNameChange.GetAppId(),
+
+				Name: gofakeit.AppName(),
+			},
+		},
+		{
+			testName: "when user is OrgOwner API app request should succeed",
+			inputCtx: OrgOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForAPIConfigChangeForOrgOwner.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_ApiConfigurationRequest{
+					ApiConfigurationRequest: &app.UpdateAPIApplicationConfigurationRequest{
+						AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC,
+					},
+				},
+			},
+		},
+		{
+			testName: "when user is OrgOwner OIDC app request should succeed",
+			inputCtx: OrgOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForOIDCConfigChangeForOrgOwner.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_OidcConfigurationRequest{
+					OidcConfigurationRequest: &app.UpdateOIDCApplicationConfigurationRequest{
+						PostLogoutRedirectUris: []string{"http://example.com/home2"},
+					},
+				},
+			},
+		},
+		{
+			testName: "when user is OrgOwner SAML request should succeed",
+			inputCtx: OrgOwnerCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForSAMLConfigChangeForOrgOwner.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_SamlConfigurationRequest{
+					SamlConfigurationRequest: &app.UpdateSAMLApplicationConfigurationRequest{
+						Metadata: &app.UpdateSAMLApplicationConfigurationRequest_MetadataXml{
+							MetadataXml: samlMetasForOrgOwner,
+						},
+						LoginVersion: &app.LoginVersion{Version: &app.LoginVersion_LoginV1{LoginV1: &app.LoginV1{}}},
+					},
+				},
+			},
+		},
+
+		// LoginUser
+		{
+			testName: "when user has no project.app.write permission for app name change request should return permission error",
+			inputCtx: LoginUserCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForNameChange.GetAppId(),
+
+				Name: gofakeit.AppName(),
+			},
+			expectedErrorType: codes.PermissionDenied,
+		},
+		{
+			testName: "when user has no project.app.write permission for API request should return permission error",
+			inputCtx: LoginUserCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForAPIConfigChangeForLoginUser.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_ApiConfigurationRequest{
+					ApiConfigurationRequest: &app.UpdateAPIApplicationConfigurationRequest{
+						AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC,
+					},
+				},
+			},
+			expectedErrorType: codes.PermissionDenied,
+		},
+		{
+			testName: "when user has no project.app.write permission for OIDC request should return permission error",
+			inputCtx: LoginUserCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForOIDCConfigChangeForLoginUser.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_OidcConfigurationRequest{
+					OidcConfigurationRequest: &app.UpdateOIDCApplicationConfigurationRequest{
+						PostLogoutRedirectUris: []string{"http://example.com/home2"},
+					},
+				},
+			},
+			expectedErrorType: codes.PermissionDenied,
+		},
+		{
+			testName: "when user has no project.app.write permission for SAML request should return permission error",
+			inputCtx: LoginUserCtx,
+			updateRequest: &app.UpdateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appForSAMLConfigChangeForLoginUser.GetAppId(),
+				UpdateRequestType: &app.UpdateApplicationRequest_SamlConfigurationRequest{
+					SamlConfigurationRequest: &app.UpdateSAMLApplicationConfigurationRequest{
+						Metadata: &app.UpdateSAMLApplicationConfigurationRequest_MetadataXml{
+							MetadataXml: samlMetasForLoginUser,
+						},
+						LoginVersion: &app.LoginVersion{Version: &app.LoginVersion_LoginV1{LoginV1: &app.LoginV1{}}},
+					},
+				},
+			},
+			expectedErrorType: codes.PermissionDenied,
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+			res, err := instance.Client.AppV2Beta.UpdateApplication(tc.inputCtx, tc.updateRequest)
+
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				assert.NotZero(t, res.GetChangeDate())
+			}
+		})
+	}
+}
+
+func TestDeleteApplication(t *testing.T) {
+	p := instance.CreateProject(IAMOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.Name(), false, false)
+
+	reqForAppNameCreation := &app.CreateApplicationRequest_ApiRequest{
+		ApiRequest: &app.CreateAPIApplicationRequest{AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT},
+	}
+
+	appToDelete, appNameChangeErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                gofakeit.AppName(),
+		CreationRequestType: reqForAppNameCreation,
+	})
+	require.Nil(t, appNameChangeErr)
+
+	t.Parallel()
+	tt := []struct {
+		testName      string
+		deleteRequest *app.DeleteApplicationRequest
+		inputCtx      context.Context
+
+		expectedErrorType codes.Code
+	}{
+		{
+			testName: "when app to delete is not found should return not found error",
+			inputCtx: IAMOwnerCtx,
+			deleteRequest: &app.DeleteApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        gofakeit.Sentence(2),
+			},
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when app to delete is found should return deletion time",
+			inputCtx: IAMOwnerCtx,
+			deleteRequest: &app.DeleteApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appToDelete.GetAppId(),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res, err := instance.Client.AppV2Beta.DeleteApplication(tc.inputCtx, tc.deleteRequest)
+
+			// Then
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				assert.NotZero(t, res.GetDeletionDate())
+			}
+		})
+	}
+}
+
+func TestDeleteApplication_WithDifferentPermissions(t *testing.T) {
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
+
+	appToDeleteForLoginUser := createAPIApp(t, p.GetId())
+	appToDeleteForProjectOwner := createAPIApp(t, p.GetId())
+	appToDeleteForOrgOwner := createAPIApp(t, p.GetId())
+
+	t.Parallel()
+	tt := []struct {
+		testName      string
+		deleteRequest *app.DeleteApplicationRequest
+		inputCtx      context.Context
+
+		expectedErrorType codes.Code
+	}{
+		// Login User
+		{
+			testName: "when user has no project.app.delete permission for app delete request should return permission error",
+			inputCtx: LoginUserCtx,
+			deleteRequest: &app.DeleteApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appToDeleteForLoginUser.GetAppId(),
+			},
+			expectedErrorType: codes.PermissionDenied,
+		},
+
+		// Project Owner
+		{
+			testName: "when user is ProjectOwner delete app request should succeed",
+			inputCtx: projectOwnerCtx,
+			deleteRequest: &app.DeleteApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appToDeleteForProjectOwner.GetAppId(),
+			},
+		},
+
+		// Org Owner
+		{
+			testName: "when user is OrgOwner delete app request should succeed",
+			inputCtx: projectOwnerCtx,
+			deleteRequest: &app.DeleteApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appToDeleteForOrgOwner.GetAppId(),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res, err := instance.Client.AppV2Beta.DeleteApplication(tc.inputCtx, tc.deleteRequest)
+
+			// Then
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				assert.NotZero(t, res.GetDeletionDate())
+			}
+		})
+	}
+}
+
+func TestDeactivateApplication(t *testing.T) {
+	p := instance.CreateProject(IAMOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.Name(), false, false)
+
+	reqForAppNameCreation := &app.CreateApplicationRequest_ApiRequest{
+		ApiRequest: &app.CreateAPIApplicationRequest{AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT},
+	}
+
+	appToDeactivate, appCreateErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                gofakeit.AppName(),
+		CreationRequestType: reqForAppNameCreation,
+	})
+	require.NoError(t, appCreateErr)
+
+	t.Parallel()
+
+	tt := []struct {
+		testName      string
+		inputCtx      context.Context
+		deleteRequest *app.DeactivateApplicationRequest
+
+		expectedErrorType codes.Code
+	}{
+		{
+			testName: "when app to deactivate is not found should return not found error",
+			inputCtx: IAMOwnerCtx,
+			deleteRequest: &app.DeactivateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        gofakeit.Sentence(2),
+			},
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when app to deactivate is found should return deactivation time",
+			inputCtx: IAMOwnerCtx,
+			deleteRequest: &app.DeactivateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appToDeactivate.GetAppId(),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res, err := instance.Client.AppV2Beta.DeactivateApplication(tc.inputCtx, tc.deleteRequest)
+
+			// Then
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				assert.NotZero(t, res.GetDeactivationDate())
+			}
+		})
+	}
+}
+
+func TestDeactivateApplication_WithDifferentPermissions(t *testing.T) {
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
+
+	appToDeactivateForLoginUser := createAPIApp(t, p.GetId())
+	appToDeactivateForPrjectOwner := createAPIApp(t, p.GetId())
+	appToDeactivateForOrgOwner := createAPIApp(t, p.GetId())
+
+	t.Parallel()
+
+	tt := []struct {
+		testName      string
+		inputCtx      context.Context
+		deleteRequest *app.DeactivateApplicationRequest
+
+		expectedErrorType codes.Code
+	}{
+		// Login User
+		{
+			testName: "when user has no project.app.write permission for app deactivate request should return permission error",
+			inputCtx: IAMOwnerCtx,
+			deleteRequest: &app.DeactivateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appToDeactivateForLoginUser.GetAppId(),
+			},
+		},
+
+		// Project Owner
+		{
+			testName: "when user is ProjectOwner deactivate app request should succeed",
+			inputCtx: projectOwnerCtx,
+			deleteRequest: &app.DeactivateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appToDeactivateForPrjectOwner.GetAppId(),
+			},
+		},
+
+		// Org Owner
+		{
+			testName: "when user is OrgOwner deactivate app request should succeed",
+			inputCtx: OrgOwnerCtx,
+			deleteRequest: &app.DeactivateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appToDeactivateForOrgOwner.GetAppId(),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res, err := instance.Client.AppV2Beta.DeactivateApplication(tc.inputCtx, tc.deleteRequest)
+
+			// Then
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				assert.NotZero(t, res.GetDeactivationDate())
+			}
+		})
+	}
+}
+
+func TestReactivateApplication(t *testing.T) {
+	p := instance.CreateProject(IAMOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.Name(), false, false)
+
+	reqForAppNameCreation := &app.CreateApplicationRequest_ApiRequest{
+		ApiRequest: &app.CreateAPIApplicationRequest{AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT},
+	}
+
+	appToReactivate, appCreateErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                gofakeit.AppName(),
+		CreationRequestType: reqForAppNameCreation,
+	})
+	require.Nil(t, appCreateErr)
+
+	_, appDeactivateErr := instance.Client.AppV2Beta.DeactivateApplication(IAMOwnerCtx, &app.DeactivateApplicationRequest{
+		ProjectId: p.GetId(),
+		Id:        appToReactivate.GetAppId(),
+	})
+	require.Nil(t, appDeactivateErr)
+
+	t.Parallel()
+
+	tt := []struct {
+		testName          string
+		inputCtx          context.Context
+		reactivateRequest *app.ReactivateApplicationRequest
+
+		expectedErrorType codes.Code
+	}{
+		{
+			testName: "when app to reactivate is not found should return not found error",
+			inputCtx: IAMOwnerCtx,
+			reactivateRequest: &app.ReactivateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        gofakeit.Sentence(2),
+			},
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when app to reactivate is found should return deactivation time",
+			inputCtx: IAMOwnerCtx,
+			reactivateRequest: &app.ReactivateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appToReactivate.GetAppId(),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res, err := instance.Client.AppV2Beta.ReactivateApplication(tc.inputCtx, tc.reactivateRequest)
+
+			// Then
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				assert.NotZero(t, res.GetReactivationDate())
+			}
+		})
+	}
+}
+
+func TestReactivateApplication_WithDifferentPermissions(t *testing.T) {
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
+
+	appToReactivateForLoginUser := createAPIApp(t, p.GetId())
+	deactivateApp(t, appToReactivateForLoginUser, p.GetId())
+
+	appToReactivateForProjectOwner := createAPIApp(t, p.GetId())
+	deactivateApp(t, appToReactivateForProjectOwner, p.GetId())
+
+	appToReactivateForOrgOwner := createAPIApp(t, p.GetId())
+	deactivateApp(t, appToReactivateForOrgOwner, p.GetId())
+
+	t.Parallel()
+
+	tt := []struct {
+		testName          string
+		inputCtx          context.Context
+		reactivateRequest *app.ReactivateApplicationRequest
+
+		expectedErrorType codes.Code
+	}{
+		// Login User
+		{
+			testName: "when user has no project.app.write permission for app reactivate request should return permission error",
+			inputCtx: LoginUserCtx,
+			reactivateRequest: &app.ReactivateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appToReactivateForLoginUser.GetAppId(),
+			},
+			expectedErrorType: codes.PermissionDenied,
+		},
+
+		// Project Owner
+		{
+			testName: "when user is ProjectOwner reactivate app request should succeed",
+			inputCtx: projectOwnerCtx,
+			reactivateRequest: &app.ReactivateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appToReactivateForProjectOwner.GetAppId(),
+			},
+		},
+
+		// Org Owner
+		{
+			testName: "when user is OrgOwner reactivate app request should succeed",
+			inputCtx: OrgOwnerCtx,
+			reactivateRequest: &app.ReactivateApplicationRequest{
+				ProjectId: p.GetId(),
+				Id:        appToReactivateForOrgOwner.GetAppId(),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res, err := instance.Client.AppV2Beta.ReactivateApplication(tc.inputCtx, tc.reactivateRequest)
+
+			// Then
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				assert.NotZero(t, res.GetReactivationDate())
+			}
+		})
+	}
+}
+
+func TestRegenerateClientSecret(t *testing.T) {
+	p := instance.CreateProject(IAMOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.Name(), false, false)
+
+	reqForApiAppCreation := &app.CreateApplicationRequest_ApiRequest{
+		ApiRequest: &app.CreateAPIApplicationRequest{AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT},
+	}
+
+	apiAppToRegen, apiAppCreateErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                gofakeit.AppName(),
+		CreationRequestType: reqForApiAppCreation,
+	})
+	require.Nil(t, apiAppCreateErr)
+
+	reqForOIDCAppCreation := &app.CreateApplicationRequest_OidcRequest{
+		OidcRequest: &app.CreateOIDCApplicationRequest{
+			RedirectUris:           []string{"http://example.com"},
+			ResponseTypes:          []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
+			GrantTypes:             []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
+			AppType:                app.OIDCAppType_OIDC_APP_TYPE_WEB,
+			AuthMethodType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+			PostLogoutRedirectUris: []string{"http://example.com/home"},
+			Version:                app.OIDCVersion_OIDC_VERSION_1_0,
+			AccessTokenType:        app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
+			BackChannelLogoutUri:   "http://example.com/logout",
+			LoginVersion: &app.LoginVersion{
+				Version: &app.LoginVersion_LoginV2{
+					LoginV2: &app.LoginV2{
+						BaseUri: &baseURI,
+					},
+				},
+			},
+		},
+	}
+
+	oidcAppToRegen, oidcAppCreateErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                gofakeit.AppName(),
+		CreationRequestType: reqForOIDCAppCreation,
+	})
+	require.Nil(t, oidcAppCreateErr)
+
+	t.Parallel()
+
+	tt := []struct {
+		testName     string
+		inputCtx     context.Context
+		regenRequest *app.RegenerateClientSecretRequest
+
+		expectedErrorType codes.Code
+		oldSecret         string
+	}{
+		{
+			testName: "when app to regen is not expected type should return invalid argument error",
+			inputCtx: IAMOwnerCtx,
+			regenRequest: &app.RegenerateClientSecretRequest{
+				ProjectId:     p.GetId(),
+				ApplicationId: gofakeit.Sentence(2),
+			},
+			expectedErrorType: codes.InvalidArgument,
+		},
+		{
+			testName: "when app to regen is not found should return not found error",
+			inputCtx: IAMOwnerCtx,
+			regenRequest: &app.RegenerateClientSecretRequest{
+				ProjectId:     p.GetId(),
+				ApplicationId: gofakeit.Sentence(2),
+				AppType:       &app.RegenerateClientSecretRequest_IsApi{},
+			},
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when API app to regen is found should return different secret",
+			inputCtx: IAMOwnerCtx,
+			regenRequest: &app.RegenerateClientSecretRequest{
+				ProjectId:     p.GetId(),
+				ApplicationId: apiAppToRegen.GetAppId(),
+				AppType:       &app.RegenerateClientSecretRequest_IsApi{},
+			},
+			oldSecret: apiAppToRegen.GetApiResponse().GetClientSecret(),
+		},
+		{
+			testName: "when OIDC app to regen is found should return different secret",
+			inputCtx: IAMOwnerCtx,
+			regenRequest: &app.RegenerateClientSecretRequest{
+				ProjectId:     p.GetId(),
+				ApplicationId: oidcAppToRegen.GetAppId(),
+				AppType:       &app.RegenerateClientSecretRequest_IsOidc{},
+			},
+			oldSecret: oidcAppToRegen.GetOidcResponse().GetClientSecret(),
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res, err := instance.Client.AppV2Beta.RegenerateClientSecret(tc.inputCtx, tc.regenRequest)
+
+			// Then
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				assert.NotZero(t, res.GetCreationDate())
+				assert.NotEqual(t, tc.oldSecret, res.GetClientSecret())
+			}
+		})
+	}
+
+}
+
+func TestRegenerateClientSecret_WithDifferentPermissions(t *testing.T) {
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
+
+	apiAppToRegenForLoginUser := createAPIApp(t, p.GetId())
+	apiAppToRegenForProjectOwner := createAPIApp(t, p.GetId())
+	apiAppToRegenForOrgOwner := createAPIApp(t, p.GetId())
+
+	oidcAppToRegenForLoginUser := createOIDCApp(t, baseURI, p.GetId())
+	oidcAppToRegenForProjectOwner := createOIDCApp(t, baseURI, p.GetId())
+	oidcAppToRegenForOrgOwner := createOIDCApp(t, baseURI, p.GetId())
+
+	t.Parallel()
+
+	tt := []struct {
+		testName     string
+		inputCtx     context.Context
+		regenRequest *app.RegenerateClientSecretRequest
+
+		expectedErrorType codes.Code
+		oldSecret         string
+	}{
+		// Login user
+		{
+			testName: "when user has no project.app.write permission for API app secret regen request should return permission error",
+			inputCtx: LoginUserCtx,
+			regenRequest: &app.RegenerateClientSecretRequest{
+				ProjectId:     p.GetId(),
+				ApplicationId: apiAppToRegenForLoginUser.GetAppId(),
+				AppType:       &app.RegenerateClientSecretRequest_IsApi{},
+			},
+			expectedErrorType: codes.PermissionDenied,
+		},
+		{
+			testName: "when user has no project.app.write permission for OIDC app secret regen request should return permission error",
+			inputCtx: LoginUserCtx,
+			regenRequest: &app.RegenerateClientSecretRequest{
+				ProjectId:     p.GetId(),
+				ApplicationId: oidcAppToRegenForLoginUser.GetAppId(),
+				AppType:       &app.RegenerateClientSecretRequest_IsOidc{},
+			},
+			expectedErrorType: codes.PermissionDenied,
+		},
+
+		// Project Owner
+		{
+			testName: "when user is ProjectOwner regen API app secret request should succeed",
+			inputCtx: projectOwnerCtx,
+			regenRequest: &app.RegenerateClientSecretRequest{
+				ProjectId:     p.GetId(),
+				ApplicationId: apiAppToRegenForProjectOwner.GetAppId(),
+				AppType:       &app.RegenerateClientSecretRequest_IsApi{},
+			},
+			oldSecret: apiAppToRegenForProjectOwner.GetApiResponse().GetClientSecret(),
+		},
+		{
+			testName: "when user is ProjectOwner regen OIDC app secret request should succeed",
+			inputCtx: projectOwnerCtx,
+			regenRequest: &app.RegenerateClientSecretRequest{
+				ProjectId:     p.GetId(),
+				ApplicationId: oidcAppToRegenForProjectOwner.GetAppId(),
+				AppType:       &app.RegenerateClientSecretRequest_IsOidc{},
+			},
+			oldSecret: oidcAppToRegenForProjectOwner.GetOidcResponse().GetClientSecret(),
+		},
+
+		// Org Owner
+		{
+			testName: "when user is OrgOwner regen API app secret request should succeed",
+			inputCtx: OrgOwnerCtx,
+			regenRequest: &app.RegenerateClientSecretRequest{
+				ProjectId:     p.GetId(),
+				ApplicationId: apiAppToRegenForOrgOwner.GetAppId(),
+				AppType:       &app.RegenerateClientSecretRequest_IsApi{},
+			},
+			oldSecret: apiAppToRegenForOrgOwner.GetApiResponse().GetClientSecret(),
+		},
+		{
+			testName: "when user is OrgOwner regen OIDC app secret request should succeed",
+			inputCtx: OrgOwnerCtx,
+			regenRequest: &app.RegenerateClientSecretRequest{
+				ProjectId:     p.GetId(),
+				ApplicationId: oidcAppToRegenForOrgOwner.GetAppId(),
+				AppType:       &app.RegenerateClientSecretRequest_IsOidc{},
+			},
+			oldSecret: oidcAppToRegenForOrgOwner.GetOidcResponse().GetClientSecret(),
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			res, err := instance.Client.AppV2Beta.RegenerateClientSecret(tc.inputCtx, tc.regenRequest)
+
+			// Then
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				assert.NotZero(t, res.GetCreationDate())
+				assert.NotEqual(t, tc.oldSecret, res.GetClientSecret())
+			}
+		})
+	}
+
+}
diff --git a/internal/api/grpc/app/v2beta/integration_test/query_test.go b/internal/api/grpc/app/v2beta/integration_test/query_test.go
new file mode 100644
index 0000000000..578fcec138
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/integration_test/query_test.go
@@ -0,0 +1,575 @@
+//go:build integration
+
+package instance_test
+
+import (
+	"context"
+	"fmt"
+	"slices"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/filter/v2"
+)
+
+func TestGetApplication(t *testing.T) {
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
+
+	apiAppName := gofakeit.AppName()
+	createdApiApp, errAPIAppCreation := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId: p.GetId(),
+		Name:      apiAppName,
+		CreationRequestType: &app.CreateApplicationRequest_ApiRequest{
+			ApiRequest: &app.CreateAPIApplicationRequest{
+				AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC,
+			},
+		},
+	})
+	require.Nil(t, errAPIAppCreation)
+
+	samlAppName := gofakeit.AppName()
+	createdSAMLApp, errSAMLAppCreation := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId: p.GetId(),
+		Name:      samlAppName,
+		CreationRequestType: &app.CreateApplicationRequest_SamlRequest{
+			SamlRequest: &app.CreateSAMLApplicationRequest{
+				LoginVersion: &app.LoginVersion{Version: &app.LoginVersion_LoginV1{LoginV1: &app.LoginV1{}}},
+				Metadata:     &app.CreateSAMLApplicationRequest_MetadataXml{MetadataXml: samlMetadataGen(gofakeit.URL())},
+			},
+		},
+	})
+	require.Nil(t, errSAMLAppCreation)
+
+	oidcAppName := gofakeit.AppName()
+	createdOIDCApp, errOIDCAppCreation := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId: p.GetId(),
+		Name:      oidcAppName,
+		CreationRequestType: &app.CreateApplicationRequest_OidcRequest{
+			OidcRequest: &app.CreateOIDCApplicationRequest{
+				RedirectUris:           []string{"http://example.com"},
+				ResponseTypes:          []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
+				GrantTypes:             []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
+				AppType:                app.OIDCAppType_OIDC_APP_TYPE_WEB,
+				AuthMethodType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+				PostLogoutRedirectUris: []string{"http://example.com/home"},
+				Version:                app.OIDCVersion_OIDC_VERSION_1_0,
+				AccessTokenType:        app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
+				BackChannelLogoutUri:   "http://example.com/logout",
+				LoginVersion:           &app.LoginVersion{Version: &app.LoginVersion_LoginV2{LoginV2: &app.LoginV2{BaseUri: &baseURI}}},
+			},
+		},
+	})
+	require.Nil(t, errOIDCAppCreation)
+
+	t.Parallel()
+
+	tt := []struct {
+		testName     string
+		inputRequest *app.GetApplicationRequest
+		inputCtx     context.Context
+
+		expectedErrorType       codes.Code
+		expectedAppName         string
+		expectedAppID           string
+		expectedApplicationType string
+	}{
+		{
+			testName: "when unknown app ID should return not found error",
+			inputCtx: IAMOwnerCtx,
+			inputRequest: &app.GetApplicationRequest{
+				Id: gofakeit.Sentence(2),
+			},
+
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when user has no permission should return membership not found error",
+			inputCtx: NoPermissionCtx,
+			inputRequest: &app.GetApplicationRequest{
+				Id: createdApiApp.GetAppId(),
+			},
+
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when providing API app ID should return valid API app result",
+			inputCtx: projectOwnerCtx,
+			inputRequest: &app.GetApplicationRequest{
+				Id: createdApiApp.GetAppId(),
+			},
+
+			expectedAppName:         apiAppName,
+			expectedAppID:           createdApiApp.GetAppId(),
+			expectedApplicationType: fmt.Sprintf("%T", &app.Application_ApiConfig{}),
+		},
+		{
+			testName: "when providing SAML app ID should return valid SAML app result",
+			inputCtx: IAMOwnerCtx,
+			inputRequest: &app.GetApplicationRequest{
+				Id: createdSAMLApp.GetAppId(),
+			},
+
+			expectedAppName:         samlAppName,
+			expectedAppID:           createdSAMLApp.GetAppId(),
+			expectedApplicationType: fmt.Sprintf("%T", &app.Application_SamlConfig{}),
+		},
+		{
+			testName: "when providing OIDC app ID should return valid OIDC app result",
+			inputCtx: IAMOwnerCtx,
+			inputRequest: &app.GetApplicationRequest{
+				Id: createdOIDCApp.GetAppId(),
+			},
+
+			expectedAppName:         oidcAppName,
+			expectedAppID:           createdOIDCApp.GetAppId(),
+			expectedApplicationType: fmt.Sprintf("%T", &app.Application_OidcConfig{}),
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tc.inputCtx, 30*time.Second)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				// When
+				res, err := instance.Client.AppV2Beta.GetApplication(tc.inputCtx, tc.inputRequest)
+
+				// Then
+				require.Equal(t, tc.expectedErrorType, status.Code(err))
+				if tc.expectedErrorType == codes.OK {
+
+					assert.Equal(t, tc.expectedAppID, res.GetApp().GetId())
+					assert.Equal(t, tc.expectedAppName, res.GetApp().GetName())
+					assert.NotZero(t, res.GetApp().GetCreationDate())
+					assert.NotZero(t, res.GetApp().GetChangeDate())
+
+					appType := fmt.Sprintf("%T", res.GetApp().GetConfig())
+					assert.Equal(t, tc.expectedApplicationType, appType)
+				}
+			}, retryDuration, tick)
+		})
+	}
+}
+
+func TestListApplications(t *testing.T) {
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
+
+	t.Parallel()
+
+	createdApiApp, apiAppName := createAPIAppWithName(t, p.GetId())
+
+	createdDeactivatedApiApp, deactivatedApiAppName := createAPIAppWithName(t, p.GetId())
+	deactivateApp(t, createdDeactivatedApiApp, p.GetId())
+
+	_, createdSAMLApp, samlAppName := createSAMLAppWithName(t, gofakeit.URL(), p.GetId())
+
+	createdOIDCApp, oidcAppName := createOIDCAppWithName(t, gofakeit.URL(), p.GetId())
+
+	type appWithName struct {
+		app  *app.CreateApplicationResponse
+		name string
+	}
+
+	// Sorting
+	appsSortedByName := []appWithName{
+		{name: apiAppName, app: createdApiApp},
+		{name: deactivatedApiAppName, app: createdDeactivatedApiApp},
+		{name: samlAppName, app: createdSAMLApp},
+		{name: oidcAppName, app: createdOIDCApp},
+	}
+	slices.SortFunc(appsSortedByName, func(a, b appWithName) int {
+		if a.name < b.name {
+			return -1
+		}
+		if a.name > b.name {
+			return 1
+		}
+
+		return 0
+	})
+
+	appsSortedByID := []appWithName{
+		{name: apiAppName, app: createdApiApp},
+		{name: deactivatedApiAppName, app: createdDeactivatedApiApp},
+		{name: samlAppName, app: createdSAMLApp},
+		{name: oidcAppName, app: createdOIDCApp},
+	}
+	slices.SortFunc(appsSortedByID, func(a, b appWithName) int {
+		if a.app.GetAppId() < b.app.GetAppId() {
+			return -1
+		}
+		if a.app.GetAppId() > b.app.GetAppId() {
+			return 1
+		}
+		return 0
+	})
+
+	appsSortedByCreationDate := []appWithName{
+		{name: apiAppName, app: createdApiApp},
+		{name: deactivatedApiAppName, app: createdDeactivatedApiApp},
+		{name: samlAppName, app: createdSAMLApp},
+		{name: oidcAppName, app: createdOIDCApp},
+	}
+	slices.SortFunc(appsSortedByCreationDate, func(a, b appWithName) int {
+		aCreationDate := a.app.GetCreationDate().AsTime()
+		bCreationDate := b.app.GetCreationDate().AsTime()
+
+		if aCreationDate.Before(bCreationDate) {
+			return -1
+		}
+		if bCreationDate.Before(aCreationDate) {
+			return 1
+		}
+
+		return 0
+	})
+
+	tt := []struct {
+		testName     string
+		inputRequest *app.ListApplicationsRequest
+		inputCtx     context.Context
+
+		expectedOrderedList []appWithName
+		expectedOrderedKeys func(keys []appWithName) any
+		actualOrderedKeys   func(keys []*app.Application) any
+	}{
+		{
+			testName: "when no apps found should return empty list",
+			inputCtx: IAMOwnerCtx,
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId: "another-id",
+			},
+
+			expectedOrderedList: []appWithName{},
+			expectedOrderedKeys: func(keys []appWithName) any { return keys },
+			actualOrderedKeys:   func(keys []*app.Application) any { return keys },
+		},
+		{
+			testName: "when user has no read permission should return empty set",
+			inputCtx: NoPermissionCtx,
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId: p.GetId(),
+			},
+
+			expectedOrderedList: []appWithName{},
+			expectedOrderedKeys: func(keys []appWithName) any { return keys },
+			actualOrderedKeys:   func(keys []*app.Application) any { return keys },
+		},
+		{
+			testName: "when sorting by name should return apps sorted by name in descending order",
+			inputCtx: IAMOwnerCtx,
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId:     p.GetId(),
+				SortingColumn: app.AppSorting_APP_SORT_BY_NAME,
+				Pagination:    &filter.PaginationRequest{Asc: true},
+			},
+
+			expectedOrderedList: appsSortedByName,
+			expectedOrderedKeys: func(apps []appWithName) any {
+				names := make([]string, len(apps))
+				for i, a := range apps {
+					names[i] = a.name
+				}
+
+				return names
+			},
+			actualOrderedKeys: func(apps []*app.Application) any {
+				names := make([]string, len(apps))
+				for i, a := range apps {
+					names[i] = a.GetName()
+				}
+
+				return names
+			},
+		},
+
+		{
+			testName: "when user is project owner should return apps sorted by name in ascending order",
+			inputCtx: projectOwnerCtx,
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId:     p.GetId(),
+				SortingColumn: app.AppSorting_APP_SORT_BY_NAME,
+				Pagination:    &filter.PaginationRequest{Asc: true},
+			},
+
+			expectedOrderedList: appsSortedByName,
+			expectedOrderedKeys: func(apps []appWithName) any {
+				names := make([]string, len(apps))
+				for i, a := range apps {
+					names[i] = a.name
+				}
+
+				return names
+			},
+			actualOrderedKeys: func(apps []*app.Application) any {
+				names := make([]string, len(apps))
+				for i, a := range apps {
+					names[i] = a.GetName()
+				}
+
+				return names
+			},
+		},
+
+		{
+			testName: "when sorting by id should return apps sorted by id in descending order",
+			inputCtx: IAMOwnerCtx,
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId:     p.GetId(),
+				SortingColumn: app.AppSorting_APP_SORT_BY_ID,
+				Pagination:    &filter.PaginationRequest{Asc: true},
+			},
+			expectedOrderedList: appsSortedByID,
+			expectedOrderedKeys: func(apps []appWithName) any {
+				ids := make([]string, len(apps))
+				for i, a := range apps {
+					ids[i] = a.app.GetAppId()
+				}
+
+				return ids
+			},
+			actualOrderedKeys: func(apps []*app.Application) any {
+				ids := make([]string, len(apps))
+				for i, a := range apps {
+					ids[i] = a.GetId()
+				}
+
+				return ids
+			},
+		},
+		{
+			testName: "when sorting by creation date should return apps sorted by creation date in descending order",
+			inputCtx: IAMOwnerCtx,
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId:     p.GetId(),
+				SortingColumn: app.AppSorting_APP_SORT_BY_CREATION_DATE,
+				Pagination:    &filter.PaginationRequest{Asc: true},
+			},
+			expectedOrderedList: appsSortedByCreationDate,
+			expectedOrderedKeys: func(apps []appWithName) any {
+				creationDates := make([]time.Time, len(apps))
+				for i, a := range apps {
+					creationDates[i] = a.app.GetCreationDate().AsTime()
+				}
+
+				return creationDates
+			},
+			actualOrderedKeys: func(apps []*app.Application) any {
+				creationDates := make([]time.Time, len(apps))
+				for i, a := range apps {
+					creationDates[i] = a.GetCreationDate().AsTime()
+				}
+
+				return creationDates
+			},
+		},
+		{
+			testName: "when filtering by active apps should return active apps only",
+			inputCtx: IAMOwnerCtx,
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId:  p.GetId(),
+				Pagination: &filter.PaginationRequest{Asc: true},
+				Filters: []*app.ApplicationSearchFilter{
+					{Filter: &app.ApplicationSearchFilter_StateFilter{StateFilter: app.AppState_APP_STATE_ACTIVE}},
+				},
+			},
+			expectedOrderedList: slices.DeleteFunc(
+				slices.Clone(appsSortedByID),
+				func(a appWithName) bool { return a.name == deactivatedApiAppName },
+			),
+			expectedOrderedKeys: func(apps []appWithName) any {
+				creationDates := make([]time.Time, len(apps))
+				for i, a := range apps {
+					creationDates[i] = a.app.GetCreationDate().AsTime()
+				}
+
+				return creationDates
+			},
+			actualOrderedKeys: func(apps []*app.Application) any {
+				creationDates := make([]time.Time, len(apps))
+				for i, a := range apps {
+					creationDates[i] = a.GetCreationDate().AsTime()
+				}
+
+				return creationDates
+			},
+		},
+		{
+			testName: "when filtering by app type should return apps of matching type only",
+			inputCtx: IAMOwnerCtx,
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId:  p.GetId(),
+				Pagination: &filter.PaginationRequest{Asc: true},
+				Filters: []*app.ApplicationSearchFilter{
+					{Filter: &app.ApplicationSearchFilter_OidcAppOnly{}},
+				},
+			},
+			expectedOrderedList: slices.DeleteFunc(
+				slices.Clone(appsSortedByID),
+				func(a appWithName) bool { return a.name != oidcAppName },
+			),
+			expectedOrderedKeys: func(apps []appWithName) any {
+				creationDates := make([]time.Time, len(apps))
+				for i, a := range apps {
+					creationDates[i] = a.app.GetCreationDate().AsTime()
+				}
+
+				return creationDates
+			},
+			actualOrderedKeys: func(apps []*app.Application) any {
+				creationDates := make([]time.Time, len(apps))
+				for i, a := range apps {
+					creationDates[i] = a.GetCreationDate().AsTime()
+				}
+
+				return creationDates
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tc.inputCtx, 30*time.Second)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				// When
+				res, err := instance.Client.AppV2Beta.ListApplications(tc.inputCtx, tc.inputRequest)
+
+				// Then
+				require.Equal(ttt, codes.OK, status.Code(err))
+
+				if err == nil {
+					assert.Len(ttt, res.GetApplications(), len(tc.expectedOrderedList))
+					actualOrderedKeys := tc.actualOrderedKeys(res.GetApplications())
+					expectedOrderedKeys := tc.expectedOrderedKeys(tc.expectedOrderedList)
+					assert.ElementsMatch(ttt, expectedOrderedKeys, actualOrderedKeys)
+				}
+			}, retryDuration, tick)
+		})
+	}
+}
+
+func TestListApplications_WithPermissionV2(t *testing.T) {
+	ensureFeaturePermissionV2Enabled(t, instancePermissionV2)
+	iamOwnerCtx := instancePermissionV2.WithAuthorization(context.Background(), integration.UserTypeIAMOwner)
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instancePermissionV2, iamOwnerCtx)
+	_, otherProjectOwnerCtx := getProjectAndProjectContext(t, instancePermissionV2, iamOwnerCtx)
+
+	appName1, appName2, appName3 := gofakeit.AppName(), gofakeit.AppName(), gofakeit.AppName()
+	reqForAPIAppCreation := &app.CreateApplicationRequest_ApiRequest{
+		ApiRequest: &app.CreateAPIApplicationRequest{AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT},
+	}
+
+	app1, appAPIConfigChangeErr := instancePermissionV2.Client.AppV2Beta.CreateApplication(iamOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                appName1,
+		CreationRequestType: reqForAPIAppCreation,
+	})
+	require.Nil(t, appAPIConfigChangeErr)
+
+	app2, appAPIConfigChangeErr := instancePermissionV2.Client.AppV2Beta.CreateApplication(iamOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                appName2,
+		CreationRequestType: reqForAPIAppCreation,
+	})
+	require.Nil(t, appAPIConfigChangeErr)
+
+	app3, appAPIConfigChangeErr := instancePermissionV2.Client.AppV2Beta.CreateApplication(iamOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           p.GetId(),
+		Name:                appName3,
+		CreationRequestType: reqForAPIAppCreation,
+	})
+	require.Nil(t, appAPIConfigChangeErr)
+
+	t.Parallel()
+
+	tt := []struct {
+		testName     string
+		inputRequest *app.ListApplicationsRequest
+		inputCtx     context.Context
+
+		expectedCode   codes.Code
+		expectedAppIDs []string
+	}{
+		{
+			testName: "when user has no read permission should return empty set",
+			inputCtx: instancePermissionV2.WithAuthorization(context.Background(), integration.UserTypeNoPermission),
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId: p.GetId(),
+			},
+
+			expectedAppIDs: []string{},
+		},
+		{
+			testName: "when projectOwner should return full app list",
+			inputCtx: projectOwnerCtx,
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId: p.GetId(),
+			},
+
+			expectedCode:   codes.OK,
+			expectedAppIDs: []string{app1.GetAppId(), app2.GetAppId(), app3.GetAppId()},
+		},
+		{
+			testName: "when orgOwner should return full app list",
+			inputCtx: instancePermissionV2.WithAuthorization(context.Background(), integration.UserTypeOrgOwner),
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId: p.GetId(),
+			},
+
+			expectedAppIDs: []string{app1.GetAppId(), app2.GetAppId(), app3.GetAppId()},
+		},
+		{
+			testName: "when iamOwner user should return full app list",
+			inputCtx: iamOwnerCtx,
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId: p.GetId(),
+			},
+
+			expectedAppIDs: []string{app1.GetAppId(), app2.GetAppId(), app3.GetAppId()},
+		},
+		{
+			testName: "when other projectOwner user should return empty list",
+			inputCtx: otherProjectOwnerCtx,
+			inputRequest: &app.ListApplicationsRequest{
+				ProjectId: p.GetId(),
+			},
+
+			expectedAppIDs: []string{},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tc.inputCtx, 5*time.Second)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				// When
+				res, err := instancePermissionV2.Client.AppV2Beta.ListApplications(tc.inputCtx, tc.inputRequest)
+
+				// Then
+				require.Equal(ttt, tc.expectedCode, status.Code(err))
+
+				if err == nil {
+					require.Len(ttt, res.GetApplications(), len(tc.expectedAppIDs))
+
+					resAppIDs := []string{}
+					for _, a := range res.GetApplications() {
+						resAppIDs = append(resAppIDs, a.GetId())
+					}
+
+					assert.ElementsMatch(ttt, tc.expectedAppIDs, resAppIDs)
+				}
+			}, retryDuration, tick)
+		})
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/integration_test/server_test.go b/internal/api/grpc/app/v2beta/integration_test/server_test.go
new file mode 100644
index 0000000000..6618ab0616
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/integration_test/server_test.go
@@ -0,0 +1,205 @@
+//go:build integration
+
+package instance_test
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
+	project_v2beta "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
+)
+
+var (
+	NoPermissionCtx context.Context
+	LoginUserCtx    context.Context
+	OrgOwnerCtx     context.Context
+	IAMOwnerCtx     context.Context
+
+	instance             *integration.Instance
+	instancePermissionV2 *integration.Instance
+
+	baseURI = "http://example.com"
+)
+
+func TestMain(m *testing.M) {
+	os.Exit(func() int {
+		ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+		defer cancel()
+
+		instance = integration.NewInstance(ctx)
+		instancePermissionV2 = integration.NewInstance(ctx)
+
+		IAMOwnerCtx = instance.WithAuthorization(ctx, integration.UserTypeIAMOwner)
+
+		LoginUserCtx = instance.WithAuthorization(ctx, integration.UserTypeLogin)
+		OrgOwnerCtx = instance.WithAuthorization(ctx, integration.UserTypeOrgOwner)
+		NoPermissionCtx = instance.WithAuthorization(ctx, integration.UserTypeNoPermission)
+
+		return m.Run()
+	}())
+}
+
+func getProjectAndProjectContext(t *testing.T, inst *integration.Instance, ctx context.Context) (*project_v2beta.CreateProjectResponse, context.Context) {
+	project := inst.CreateProject(ctx, t, inst.DefaultOrg.GetId(), gofakeit.Name(), false, false)
+	userResp := inst.CreateMachineUser(ctx)
+	patResp := inst.CreatePersonalAccessToken(ctx, userResp.GetUserId())
+	inst.CreateProjectMembership(t, ctx, project.GetId(), userResp.GetUserId())
+	projectOwnerCtx := integration.WithAuthorizationToken(context.Background(), patResp.Token)
+
+	return project, projectOwnerCtx
+}
+
+func samlMetadataGen(entityID string) []byte {
+	str := fmt.Sprintf(`<?xml version="1.0"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+                     validUntil="2022-08-26T14:08:16Z"
+                     cacheDuration="PT604800S"
+                     entityID="%s">
+    <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+                                     Location="https://test.com/saml/acs"
+                                     index="1" />
+        
+    </md:SPSSODescriptor>
+</md:EntityDescriptor>
+`,
+		entityID)
+
+	return []byte(str)
+}
+
+func createSAMLAppWithName(t *testing.T, baseURI, projectID string) ([]byte, *app.CreateApplicationResponse, string) {
+	samlMetas := samlMetadataGen(gofakeit.URL())
+	appName := gofakeit.AppName()
+
+	appForSAMLConfigChange, appSAMLConfigChangeErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId: projectID,
+		Name:      appName,
+		CreationRequestType: &app.CreateApplicationRequest_SamlRequest{
+			SamlRequest: &app.CreateSAMLApplicationRequest{
+				Metadata: &app.CreateSAMLApplicationRequest_MetadataXml{
+					MetadataXml: samlMetas,
+				},
+				LoginVersion: &app.LoginVersion{
+					Version: &app.LoginVersion_LoginV2{
+						LoginV2: &app.LoginV2{
+							BaseUri: &baseURI,
+						},
+					},
+				},
+			},
+		},
+	})
+	require.Nil(t, appSAMLConfigChangeErr)
+
+	return samlMetas, appForSAMLConfigChange, appName
+}
+
+func createSAMLApp(t *testing.T, baseURI, projectID string) ([]byte, *app.CreateApplicationResponse) {
+	metas, app, _ := createSAMLAppWithName(t, baseURI, projectID)
+	return metas, app
+}
+
+func createOIDCAppWithName(t *testing.T, baseURI, projectID string) (*app.CreateApplicationResponse, string) {
+	appName := gofakeit.AppName()
+
+	appForOIDCConfigChange, appOIDCConfigChangeErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId: projectID,
+		Name:      appName,
+		CreationRequestType: &app.CreateApplicationRequest_OidcRequest{
+			OidcRequest: &app.CreateOIDCApplicationRequest{
+				RedirectUris:           []string{"http://example.com"},
+				ResponseTypes:          []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
+				GrantTypes:             []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
+				AppType:                app.OIDCAppType_OIDC_APP_TYPE_WEB,
+				AuthMethodType:         app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC,
+				PostLogoutRedirectUris: []string{"http://example.com/home"},
+				Version:                app.OIDCVersion_OIDC_VERSION_1_0,
+				AccessTokenType:        app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
+				BackChannelLogoutUri:   "http://example.com/logout",
+				LoginVersion: &app.LoginVersion{
+					Version: &app.LoginVersion_LoginV2{
+						LoginV2: &app.LoginV2{
+							BaseUri: &baseURI,
+						},
+					},
+				},
+			},
+		},
+	})
+	require.Nil(t, appOIDCConfigChangeErr)
+
+	return appForOIDCConfigChange, appName
+}
+
+func createOIDCApp(t *testing.T, baseURI, projctID string) *app.CreateApplicationResponse {
+	app, _ := createOIDCAppWithName(t, baseURI, projctID)
+
+	return app
+}
+
+func createAPIAppWithName(t *testing.T, projectID string) (*app.CreateApplicationResponse, string) {
+	appName := gofakeit.AppName()
+
+	reqForAPIAppCreation := &app.CreateApplicationRequest_ApiRequest{
+		ApiRequest: &app.CreateAPIApplicationRequest{AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT},
+	}
+
+	appForAPIConfigChange, appAPIConfigChangeErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+		ProjectId:           projectID,
+		Name:                appName,
+		CreationRequestType: reqForAPIAppCreation,
+	})
+	require.Nil(t, appAPIConfigChangeErr)
+
+	return appForAPIConfigChange, appName
+}
+
+func createAPIApp(t *testing.T, projectID string) *app.CreateApplicationResponse {
+	res, _ := createAPIAppWithName(t, projectID)
+	return res
+}
+
+func deactivateApp(t *testing.T, appToDeactivate *app.CreateApplicationResponse, projectID string) {
+	_, appDeactivateErr := instance.Client.AppV2Beta.DeactivateApplication(IAMOwnerCtx, &app.DeactivateApplicationRequest{
+		ProjectId: projectID,
+		Id:        appToDeactivate.GetAppId(),
+	})
+	require.Nil(t, appDeactivateErr)
+}
+
+func ensureFeaturePermissionV2Enabled(t *testing.T, instance *integration.Instance) {
+	ctx := instance.WithAuthorization(context.Background(), integration.UserTypeIAMOwner)
+	f, err := instance.Client.FeatureV2.GetInstanceFeatures(ctx, &feature.GetInstanceFeaturesRequest{
+		Inheritance: true,
+	})
+	require.NoError(t, err)
+
+	if f.PermissionCheckV2.GetEnabled() {
+		return
+	}
+
+	_, err = instance.Client.FeatureV2.SetInstanceFeatures(ctx, &feature.SetInstanceFeaturesRequest{
+		PermissionCheckV2: gu.Ptr(true),
+	})
+	require.NoError(t, err)
+
+	retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, 5*time.Minute)
+	require.EventuallyWithT(t, func(tt *assert.CollectT) {
+		f, err := instance.Client.FeatureV2.GetInstanceFeatures(ctx, &feature.GetInstanceFeaturesRequest{Inheritance: true})
+		require.NoError(tt, err)
+		assert.True(tt, f.PermissionCheckV2.GetEnabled())
+	}, retryDuration, tick, "timed out waiting for ensuring instance feature")
+}
diff --git a/internal/api/grpc/app/v2beta/query.go b/internal/api/grpc/app/v2beta/query.go
new file mode 100644
index 0000000000..add8af83e6
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/query.go
@@ -0,0 +1,37 @@
+package app
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/api/grpc/app/v2beta/convert"
+	filter "github.com/zitadel/zitadel/internal/api/grpc/filter/v2"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+func (s *Server) GetApplication(ctx context.Context, req *app.GetApplicationRequest) (*app.GetApplicationResponse, error) {
+	res, err := s.query.AppByIDWithPermission(ctx, req.GetId(), false, s.checkPermission)
+	if err != nil {
+		return nil, err
+	}
+
+	return &app.GetApplicationResponse{
+		App: convert.AppToPb(res),
+	}, nil
+}
+
+func (s *Server) ListApplications(ctx context.Context, req *app.ListApplicationsRequest) (*app.ListApplicationsResponse, error) {
+	queries, err := convert.ListApplicationsRequestToModel(s.systemDefaults, req)
+	if err != nil {
+		return nil, err
+	}
+
+	res, err := s.query.SearchApps(ctx, queries, s.checkPermission)
+	if err != nil {
+		return nil, err
+	}
+
+	return &app.ListApplicationsResponse{
+		Applications: convert.AppsToPb(res.Apps),
+		Pagination:   filter.QueryToPaginationPb(queries.SearchRequest, res.SearchResponse),
+	}, nil
+}
diff --git a/internal/api/grpc/app/v2beta/server.go b/internal/api/grpc/app/v2beta/server.go
new file mode 100644
index 0000000000..8343cbe404
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/server.go
@@ -0,0 +1,57 @@
+package app
+
+import (
+	"google.golang.org/grpc"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/api/grpc/server"
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/config/systemdefaults"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+var _ app.AppServiceServer = (*Server)(nil)
+
+type Server struct {
+	app.UnimplementedAppServiceServer
+	command         *command.Commands
+	query           *query.Queries
+	systemDefaults  systemdefaults.SystemDefaults
+	checkPermission domain.PermissionCheck
+}
+
+type Config struct{}
+
+func CreateServer(
+	command *command.Commands,
+	query *query.Queries,
+	checkPermission domain.PermissionCheck,
+) *Server {
+	return &Server{
+		command:         command,
+		query:           query,
+		checkPermission: checkPermission,
+	}
+}
+
+func (s *Server) RegisterServer(grpcServer *grpc.Server) {
+	app.RegisterAppServiceServer(grpcServer, s)
+}
+
+func (s *Server) AppName() string {
+	return app.AppService_ServiceDesc.ServiceName
+}
+
+func (s *Server) MethodPrefix() string {
+	return app.AppService_ServiceDesc.ServiceName
+}
+
+func (s *Server) AuthMethods() authz.MethodMapping {
+	return app.AppService_AuthMethods
+}
+
+func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
+	return app.RegisterAppServiceHandler
+}
diff --git a/internal/api/grpc/filter/v2/converter.go b/internal/api/grpc/filter/v2/converter.go
index 7a7d7cd8d7..f797ad4bba 100644
--- a/internal/api/grpc/filter/v2/converter.go
+++ b/internal/api/grpc/filter/v2/converter.go
@@ -48,3 +48,26 @@ func QueryToPaginationPb(request query.SearchRequest, response query.SearchRespo
 		TotalResult:  response.Count,
 	}
 }
+
+func TextMethodPbToQuery(method filter.TextFilterMethod) query.TextComparison {
+	switch method {
+	case filter.TextFilterMethod_TEXT_FILTER_METHOD_EQUALS:
+		return query.TextEquals
+	case filter.TextFilterMethod_TEXT_FILTER_METHOD_EQUALS_IGNORE_CASE:
+		return query.TextEqualsIgnoreCase
+	case filter.TextFilterMethod_TEXT_FILTER_METHOD_STARTS_WITH:
+		return query.TextStartsWith
+	case filter.TextFilterMethod_TEXT_FILTER_METHOD_STARTS_WITH_IGNORE_CASE:
+		return query.TextStartsWithIgnoreCase
+	case filter.TextFilterMethod_TEXT_FILTER_METHOD_CONTAINS:
+		return query.TextContains
+	case filter.TextFilterMethod_TEXT_FILTER_METHOD_CONTAINS_IGNORE_CASE:
+		return query.TextContainsIgnoreCase
+	case filter.TextFilterMethod_TEXT_FILTER_METHOD_ENDS_WITH:
+		return query.TextEndsWith
+	case filter.TextFilterMethod_TEXT_FILTER_METHOD_ENDS_WITH_IGNORE_CASE:
+		return query.TextEndsWithIgnoreCase
+	default:
+		return -1
+	}
+}
diff --git a/internal/api/grpc/management/project_application.go b/internal/api/grpc/management/project_application.go
index ab49905409..a5526d3cb7 100644
--- a/internal/api/grpc/management/project_application.go
+++ b/internal/api/grpc/management/project_application.go
@@ -29,7 +29,7 @@ func (s *Server) ListApps(ctx context.Context, req *mgmt_pb.ListAppsRequest) (*m
 	if err != nil {
 		return nil, err
 	}
-	apps, err := s.query.SearchApps(ctx, queries, false)
+	apps, err := s.query.SearchApps(ctx, queries, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -125,7 +125,7 @@ func (s *Server) AddAPIApp(ctx context.Context, req *mgmt_pb.AddAPIAppRequest) (
 }
 
 func (s *Server) UpdateApp(ctx context.Context, req *mgmt_pb.UpdateAppRequest) (*mgmt_pb.UpdateAppResponse, error) {
-	details, err := s.command.ChangeApplication(ctx, req.ProjectId, UpdateAppRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
+	details, err := s.command.UpdateApplicationName(ctx, req.ProjectId, UpdateAppRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
@@ -139,7 +139,7 @@ func (s *Server) UpdateOIDCAppConfig(ctx context.Context, req *mgmt_pb.UpdateOID
 	if err != nil {
 		return nil, err
 	}
-	config, err := s.command.ChangeOIDCApplication(ctx, oidcApp, authz.GetCtxData(ctx).OrgID)
+	config, err := s.command.UpdateOIDCApplication(ctx, oidcApp, authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
@@ -157,7 +157,7 @@ func (s *Server) UpdateSAMLAppConfig(ctx context.Context, req *mgmt_pb.UpdateSAM
 	if err != nil {
 		return nil, err
 	}
-	config, err := s.command.ChangeSAMLApplication(ctx, samlApp, authz.GetCtxData(ctx).OrgID)
+	config, err := s.command.UpdateSAMLApplication(ctx, samlApp, authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
@@ -171,7 +171,7 @@ func (s *Server) UpdateSAMLAppConfig(ctx context.Context, req *mgmt_pb.UpdateSAM
 }
 
 func (s *Server) UpdateAPIAppConfig(ctx context.Context, req *mgmt_pb.UpdateAPIAppConfigRequest) (*mgmt_pb.UpdateAPIAppConfigResponse, error) {
-	config, err := s.command.ChangeAPIApplication(ctx, UpdateAPIAppConfigRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
+	config, err := s.command.UpdateAPIApplication(ctx, UpdateAPIAppConfigRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/api/grpc/management/project_application_converter.go b/internal/api/grpc/management/project_application_converter.go
index 13a0048a5b..186cedc933 100644
--- a/internal/api/grpc/management/project_application_converter.go
+++ b/internal/api/grpc/management/project_application_converter.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"time"
 
+	"github.com/muhlemmer/gu"
+
 	"github.com/zitadel/zitadel/internal/api/authz"
 	authn_grpc "github.com/zitadel/zitadel/internal/api/grpc/authn"
 	"github.com/zitadel/zitadel/internal/api/grpc/object"
@@ -46,24 +48,24 @@ func AddOIDCAppRequestToDomain(req *mgmt_pb.AddOIDCAppRequest) (*domain.OIDCApp,
 			AggregateID: req.ProjectId,
 		},
 		AppName:                  req.Name,
-		OIDCVersion:              app_grpc.OIDCVersionToDomain(req.Version),
+		OIDCVersion:              gu.Ptr(app_grpc.OIDCVersionToDomain(req.Version)),
 		RedirectUris:             req.RedirectUris,
 		ResponseTypes:            app_grpc.OIDCResponseTypesToDomain(req.ResponseTypes),
 		GrantTypes:               app_grpc.OIDCGrantTypesToDomain(req.GrantTypes),
-		ApplicationType:          app_grpc.OIDCApplicationTypeToDomain(req.AppType),
-		AuthMethodType:           app_grpc.OIDCAuthMethodTypeToDomain(req.AuthMethodType),
+		ApplicationType:          gu.Ptr(app_grpc.OIDCApplicationTypeToDomain(req.AppType)),
+		AuthMethodType:           gu.Ptr(app_grpc.OIDCAuthMethodTypeToDomain(req.AuthMethodType)),
 		PostLogoutRedirectUris:   req.PostLogoutRedirectUris,
-		DevMode:                  req.DevMode,
-		AccessTokenType:          app_grpc.OIDCTokenTypeToDomain(req.AccessTokenType),
-		AccessTokenRoleAssertion: req.AccessTokenRoleAssertion,
-		IDTokenRoleAssertion:     req.IdTokenRoleAssertion,
-		IDTokenUserinfoAssertion: req.IdTokenUserinfoAssertion,
-		ClockSkew:                req.ClockSkew.AsDuration(),
+		DevMode:                  gu.Ptr(req.GetDevMode()),
+		AccessTokenType:          gu.Ptr(app_grpc.OIDCTokenTypeToDomain(req.AccessTokenType)),
+		AccessTokenRoleAssertion: gu.Ptr(req.GetAccessTokenRoleAssertion()),
+		IDTokenRoleAssertion:     gu.Ptr(req.GetIdTokenRoleAssertion()),
+		IDTokenUserinfoAssertion: gu.Ptr(req.GetIdTokenUserinfoAssertion()),
+		ClockSkew:                gu.Ptr(req.GetClockSkew().AsDuration()),
 		AdditionalOrigins:        req.AdditionalOrigins,
-		SkipNativeAppSuccessPage: req.SkipNativeAppSuccessPage,
-		BackChannelLogoutURI:     req.GetBackChannelLogoutUri(),
-		LoginVersion:             loginVersion,
-		LoginBaseURI:             loginBaseURI,
+		SkipNativeAppSuccessPage: gu.Ptr(req.GetSkipNativeAppSuccessPage()),
+		BackChannelLogoutURI:     gu.Ptr(req.GetBackChannelLogoutUri()),
+		LoginVersion:             gu.Ptr(loginVersion),
+		LoginBaseURI:             gu.Ptr(loginBaseURI),
 	}, nil
 }
 
@@ -78,9 +80,9 @@ func AddSAMLAppRequestToDomain(req *mgmt_pb.AddSAMLAppRequest) (*domain.SAMLApp,
 		},
 		AppName:      req.Name,
 		Metadata:     req.GetMetadataXml(),
-		MetadataURL:  req.GetMetadataUrl(),
-		LoginVersion: loginVersion,
-		LoginBaseURI: loginBaseURI,
+		MetadataURL:  gu.Ptr(req.GetMetadataUrl()),
+		LoginVersion: gu.Ptr(loginVersion),
+		LoginBaseURI: gu.Ptr(loginBaseURI),
 	}, nil
 }
 
@@ -114,20 +116,20 @@ func UpdateOIDCAppConfigRequestToDomain(app *mgmt_pb.UpdateOIDCAppConfigRequest)
 		RedirectUris:             app.RedirectUris,
 		ResponseTypes:            app_grpc.OIDCResponseTypesToDomain(app.ResponseTypes),
 		GrantTypes:               app_grpc.OIDCGrantTypesToDomain(app.GrantTypes),
-		ApplicationType:          app_grpc.OIDCApplicationTypeToDomain(app.AppType),
-		AuthMethodType:           app_grpc.OIDCAuthMethodTypeToDomain(app.AuthMethodType),
+		ApplicationType:          gu.Ptr(app_grpc.OIDCApplicationTypeToDomain(app.AppType)),
+		AuthMethodType:           gu.Ptr(app_grpc.OIDCAuthMethodTypeToDomain(app.AuthMethodType)),
 		PostLogoutRedirectUris:   app.PostLogoutRedirectUris,
-		DevMode:                  app.DevMode,
-		AccessTokenType:          app_grpc.OIDCTokenTypeToDomain(app.AccessTokenType),
-		AccessTokenRoleAssertion: app.AccessTokenRoleAssertion,
-		IDTokenRoleAssertion:     app.IdTokenRoleAssertion,
-		IDTokenUserinfoAssertion: app.IdTokenUserinfoAssertion,
-		ClockSkew:                app.ClockSkew.AsDuration(),
+		DevMode:                  gu.Ptr(app.GetDevMode()),
+		AccessTokenType:          gu.Ptr(app_grpc.OIDCTokenTypeToDomain(app.AccessTokenType)),
+		AccessTokenRoleAssertion: gu.Ptr(app.GetAccessTokenRoleAssertion()),
+		IDTokenRoleAssertion:     gu.Ptr(app.GetIdTokenRoleAssertion()),
+		IDTokenUserinfoAssertion: gu.Ptr(app.GetIdTokenUserinfoAssertion()),
+		ClockSkew:                gu.Ptr(app.GetClockSkew().AsDuration()),
 		AdditionalOrigins:        app.AdditionalOrigins,
-		SkipNativeAppSuccessPage: app.SkipNativeAppSuccessPage,
-		BackChannelLogoutURI:     app.BackChannelLogoutUri,
-		LoginVersion:             loginVersion,
-		LoginBaseURI:             loginBaseURI,
+		SkipNativeAppSuccessPage: gu.Ptr(app.GetSkipNativeAppSuccessPage()),
+		BackChannelLogoutURI:     gu.Ptr(app.GetBackChannelLogoutUri()),
+		LoginVersion:             gu.Ptr(loginVersion),
+		LoginBaseURI:             gu.Ptr(loginBaseURI),
 	}, nil
 }
 
@@ -142,9 +144,9 @@ func UpdateSAMLAppConfigRequestToDomain(app *mgmt_pb.UpdateSAMLAppConfigRequest)
 		},
 		AppID:        app.AppId,
 		Metadata:     app.GetMetadataXml(),
-		MetadataURL:  app.GetMetadataUrl(),
-		LoginVersion: loginVersion,
-		LoginBaseURI: loginBaseURI,
+		MetadataURL:  gu.Ptr(app.GetMetadataUrl()),
+		LoginVersion: gu.Ptr(loginVersion),
+		LoginBaseURI: gu.Ptr(loginBaseURI),
 	}, nil
 }
 
diff --git a/internal/authz/repository/eventsourcing/view/application.go b/internal/authz/repository/eventsourcing/view/application.go
index 8db8ec8e39..7fa920bcfe 100644
--- a/internal/authz/repository/eventsourcing/view/application.go
+++ b/internal/authz/repository/eventsourcing/view/application.go
@@ -32,7 +32,7 @@ func (v *View) ApplicationByProjecIDAndAppName(ctx context.Context, projectID, a
 		},
 	}
 
-	apps, err := v.Query.SearchApps(ctx, queries, false)
+	apps, err := v.Query.SearchApps(ctx, queries, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/command/permission_checks.go b/internal/command/permission_checks.go
index 6bfeaae219..3f978b6618 100644
--- a/internal/command/permission_checks.go
+++ b/internal/command/permission_checks.go
@@ -85,3 +85,11 @@ func (c *Commands) checkPermissionDeleteProjectGrant(ctx context.Context, resour
 	}
 	return nil
 }
+
+func (c *Commands) checkPermissionUpdateApplication(ctx context.Context, resourceOwner, appID string) error {
+	return c.newPermissionCheck(ctx, domain.PermissionProjectAppWrite, project.AggregateType)(resourceOwner, appID)
+}
+
+func (c *Commands) checkPermissionDeleteApp(ctx context.Context, resourceOwner, appID string) error {
+	return c.newPermissionCheck(ctx, domain.PermissionProjectAppDelete, project.AggregateType)(resourceOwner, appID)
+}
diff --git a/internal/command/project_application.go b/internal/command/project_application.go
index 0ccf5dc852..465b12e1e1 100644
--- a/internal/command/project_application.go
+++ b/internal/command/project_application.go
@@ -15,7 +15,7 @@ type AddApp struct {
 	Name      string
 }
 
-func (c *Commands) ChangeApplication(ctx context.Context, projectID string, appChange domain.Application, resourceOwner string) (*domain.ObjectDetails, error) {
+func (c *Commands) UpdateApplicationName(ctx context.Context, projectID string, appChange domain.Application, resourceOwner string) (*domain.ObjectDetails, error) {
 	if projectID == "" || appChange.GetAppID() == "" || appChange.GetApplicationName() == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.App.Invalid")
 	}
@@ -30,6 +30,13 @@ func (c *Commands) ChangeApplication(ctx context.Context, projectID string, appC
 	if existingApp.Name == appChange.GetApplicationName() {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-2m8vx", "Errors.NoChangesFound")
 	}
+	if err := c.eventstore.FilterToQueryReducer(ctx, existingApp); err != nil {
+		return nil, err
+	}
+	if err := c.checkPermissionUpdateApplication(ctx, existingApp.ResourceOwner, existingApp.AggregateID); err != nil {
+		return nil, err
+	}
+
 	projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel)
 	pushedEvents, err := c.eventstore.Push(
 		ctx,
@@ -59,6 +66,13 @@ func (c *Commands) DeactivateApplication(ctx context.Context, projectID, appID,
 	if existingApp.State != domain.AppStateActive {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-dsh35", "Errors.Project.App.NotActive")
 	}
+	if err := c.eventstore.FilterToQueryReducer(ctx, existingApp); err != nil {
+		return nil, err
+	}
+	if err := c.checkPermissionUpdateApplication(ctx, existingApp.ResourceOwner, existingApp.AggregateID); err != nil {
+		return nil, err
+	}
+
 	projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel)
 	pushedEvents, err := c.eventstore.Push(ctx, project.NewApplicationDeactivatedEvent(ctx, projectAgg, appID))
 	if err != nil {
@@ -86,6 +100,11 @@ func (c *Commands) ReactivateApplication(ctx context.Context, projectID, appID,
 	if existingApp.State != domain.AppStateInactive {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-1n8cM", "Errors.Project.App.NotInactive")
 	}
+
+	if err := c.checkPermissionUpdateApplication(ctx, existingApp.ResourceOwner, existingApp.AggregateID); err != nil {
+		return nil, err
+	}
+
 	projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel)
 
 	pushedEvents, err := c.eventstore.Push(ctx, project.NewApplicationReactivatedEvent(ctx, projectAgg, appID))
@@ -111,6 +130,13 @@ func (c *Commands) RemoveApplication(ctx context.Context, projectID, appID, reso
 	if existingApp.State == domain.AppStateUnspecified || existingApp.State == domain.AppStateRemoved {
 		return nil, zerrors.ThrowNotFound(nil, "COMMAND-0po9s", "Errors.Project.App.NotExisting")
 	}
+	if err := c.eventstore.FilterToQueryReducer(ctx, existingApp); err != nil {
+		return nil, err
+	}
+	if err := c.checkPermissionDeleteApp(ctx, existingApp.ResourceOwner, existingApp.AggregateID); err != nil {
+		return nil, err
+	}
+
 	projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel)
 
 	entityID := ""
diff --git a/internal/command/project_application_api.go b/internal/command/project_application_api.go
index 2832dcf873..82e7d0bde8 100644
--- a/internal/command/project_application_api.go
+++ b/internal/command/project_application_api.go
@@ -90,16 +90,24 @@ func (c *Commands) AddAPIApplication(ctx context.Context, apiApp *domain.APIApp,
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-5m9E", "Errors.Project.App.Invalid")
 	}
 
-	if _, err := c.checkProjectExists(ctx, apiApp.AggregateID, resourceOwner); err != nil {
+	projectResOwner, err := c.checkProjectExists(ctx, apiApp.AggregateID, resourceOwner)
+	if err != nil {
 		return nil, err
 	}
+	if resourceOwner == "" {
+		resourceOwner = projectResOwner
+	}
+
 	if !apiApp.IsValid() {
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-Bff2g", "Errors.Project.App.Invalid")
 	}
 
-	appID, err := c.idGenerator.Next()
-	if err != nil {
-		return nil, err
+	appID := apiApp.AppID
+	if appID == "" {
+		appID, err = c.idGenerator.Next()
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	return c.addAPIApplicationWithID(ctx, apiApp, resourceOwner, appID)
@@ -112,6 +120,13 @@ func (c *Commands) addAPIApplicationWithID(ctx context.Context, apiApp *domain.A
 	apiApp.AppID = appID
 
 	addedApplication := NewAPIApplicationWriteModel(apiApp.AggregateID, resourceOwner)
+	if err := c.eventstore.FilterToQueryReducer(ctx, addedApplication); err != nil {
+		return nil, err
+	}
+	if err := c.checkPermissionUpdateApplication(ctx, addedApplication.ResourceOwner, addedApplication.AggregateID); err != nil {
+		return nil, err
+	}
+
 	projectAgg := ProjectAggregateFromWriteModel(&addedApplication.WriteModel)
 
 	events := []eventstore.Command{
@@ -150,7 +165,7 @@ func (c *Commands) addAPIApplicationWithID(ctx context.Context, apiApp *domain.A
 	return result, nil
 }
 
-func (c *Commands) ChangeAPIApplication(ctx context.Context, apiApp *domain.APIApp, resourceOwner string) (*domain.APIApp, error) {
+func (c *Commands) UpdateAPIApplication(ctx context.Context, apiApp *domain.APIApp, resourceOwner string) (*domain.APIApp, error) {
 	if apiApp.AppID == "" || apiApp.AggregateID == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-1m900", "Errors.Project.App.APIConfigInvalid")
 	}
@@ -165,6 +180,13 @@ func (c *Commands) ChangeAPIApplication(ctx context.Context, apiApp *domain.APIA
 	if !existingAPI.IsAPI() {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Gnwt3", "Errors.Project.App.IsNotAPI")
 	}
+	if err := c.eventstore.FilterToQueryReducer(ctx, existingAPI); err != nil {
+		return nil, err
+	}
+	if err := c.checkPermissionUpdateApplication(ctx, existingAPI.ResourceOwner, existingAPI.AggregateID); err != nil {
+		return nil, err
+	}
+
 	projectAgg := ProjectAggregateFromWriteModel(&existingAPI.WriteModel)
 	changedEvent, hasChanged, err := existingAPI.NewChangedEvent(
 		ctx,
@@ -205,6 +227,11 @@ func (c *Commands) ChangeAPIApplicationSecret(ctx context.Context, projectID, ap
 	if !existingAPI.IsAPI() {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-aeH4", "Errors.Project.App.IsNotAPI")
 	}
+
+	if err := c.checkPermissionUpdateApplication(ctx, existingAPI.ResourceOwner, existingAPI.AggregateID); err != nil {
+		return nil, err
+	}
+
 	encodedHash, plain, err := c.newHashedSecret(ctx, c.eventstore.Filter) //nolint:staticcheck
 	if err != nil {
 		return nil, err
diff --git a/internal/command/project_application_api_test.go b/internal/command/project_application_api_test.go
index a6d4349254..53448e1c5e 100644
--- a/internal/command/project_application_api_test.go
+++ b/internal/command/project_application_api_test.go
@@ -142,6 +142,7 @@ func TestAddAPIConfig(t *testing.T) {
 }
 
 func TestCommandSide_AddAPIApplication(t *testing.T) {
+	t.Parallel()
 	type fields struct {
 		eventstore  func(t *testing.T) *eventstore.Eventstore
 		idGenerator id.Generator
@@ -238,6 +239,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
 								domain.PrivateLabelingSettingUnspecified),
 						),
 					),
+					expectFilter(),
 					expectPush(
 						project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -292,6 +294,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
 								domain.PrivateLabelingSettingUnspecified),
 						),
 					),
+					expectFilter(),
 					expectPush(
 						project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -346,6 +349,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
 								domain.PrivateLabelingSettingUnspecified),
 						),
 					),
+					expectFilter(),
 					expectPush(
 						project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -390,6 +394,8 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
 			r := &Commands{
 				eventstore:      tt.fields.eventstore(t),
 				idGenerator:     tt.fields.idGenerator,
@@ -397,6 +403,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
 				defaultSecretGenerators: &SecretGenerators{
 					ClientSecret: emptyConfig,
 				},
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
 			got, err := r.AddAPIApplication(tt.args.ctx, tt.args.apiApp, tt.args.resourceOwner)
 			if tt.res.err == nil {
@@ -413,6 +420,8 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
 }
 
 func TestCommandSide_ChangeAPIApplication(t *testing.T) {
+	t.Parallel()
+
 	type fields struct {
 		eventstore func(t *testing.T) *eventstore.Eventstore
 	}
@@ -516,6 +525,7 @@ func TestCommandSide_ChangeAPIApplication(t *testing.T) {
 								domain.APIAuthMethodTypePrivateKeyJWT),
 						),
 					),
+					expectFilter(),
 				),
 			},
 			args: args{
@@ -555,6 +565,7 @@ func TestCommandSide_ChangeAPIApplication(t *testing.T) {
 								domain.APIAuthMethodTypeBasic),
 						),
 					),
+					expectFilter(),
 					expectPush(
 						newAPIAppChangedEvent(context.Background(),
 							"app1",
@@ -593,14 +604,17 @@ func TestCommandSide_ChangeAPIApplication(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
 			r := &Commands{
 				eventstore:      tt.fields.eventstore(t),
 				newHashedSecret: mockHashedSecret("secret"),
 				defaultSecretGenerators: &SecretGenerators{
 					ClientSecret: emptyConfig,
 				},
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
-			got, err := r.ChangeAPIApplication(tt.args.ctx, tt.args.apiApp, tt.args.resourceOwner)
+			got, err := r.UpdateAPIApplication(tt.args.ctx, tt.args.apiApp, tt.args.resourceOwner)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -615,6 +629,8 @@ func TestCommandSide_ChangeAPIApplication(t *testing.T) {
 }
 
 func TestCommandSide_ChangeAPIApplicationSecret(t *testing.T) {
+	t.Parallel()
+
 	type fields struct {
 		eventstore func(*testing.T) *eventstore.Eventstore
 	}
@@ -734,12 +750,15 @@ func TestCommandSide_ChangeAPIApplicationSecret(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
 			r := &Commands{
 				eventstore:      tt.fields.eventstore(t),
 				newHashedSecret: mockHashedSecret("secret"),
 				defaultSecretGenerators: &SecretGenerators{
 					ClientSecret: emptyConfig,
 				},
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
 			got, err := r.ChangeAPIApplicationSecret(tt.args.ctx, tt.args.projectID, tt.args.appID, tt.args.resourceOwner)
 			if tt.res.err == nil {
diff --git a/internal/command/project_application_oidc.go b/internal/command/project_application_oidc.go
index 77ef7ff0c7..7f33b6a3cf 100644
--- a/internal/command/project_application_oidc.go
+++ b/internal/command/project_application_oidc.go
@@ -5,6 +5,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/muhlemmer/gu"
+
 	http_util "github.com/zitadel/zitadel/internal/api/http"
 	"github.com/zitadel/zitadel/internal/command/preparation"
 	"github.com/zitadel/zitadel/internal/domain"
@@ -120,6 +122,7 @@ func (c *Commands) AddOIDCAppCommand(app *addOIDCApp) preparation.Validation {
 	}
 }
 
+// TODO: Combine with AddOIDCApplication and addOIDCApplicationWithID
 func (c *Commands) AddOIDCApplicationWithID(ctx context.Context, oidcApp *domain.OIDCApp, resourceOwner, appID string) (_ *domain.OIDCApp, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
@@ -142,9 +145,15 @@ func (c *Commands) AddOIDCApplication(ctx context.Context, oidcApp *domain.OIDCA
 	if oidcApp == nil || oidcApp.AggregateID == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-34Fm0", "Errors.Project.App.Invalid")
 	}
-	if _, err := c.checkProjectExists(ctx, oidcApp.AggregateID, resourceOwner); err != nil {
+
+	projectResOwner, err := c.checkProjectExists(ctx, oidcApp.AggregateID, resourceOwner)
+	if err != nil {
 		return nil, err
 	}
+	if resourceOwner == "" {
+		resourceOwner = projectResOwner
+	}
+
 	if oidcApp.AppName == "" || !oidcApp.IsValid() {
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-1n8df", "Errors.Project.App.Invalid")
 	}
@@ -162,6 +171,13 @@ func (c *Commands) addOIDCApplicationWithID(ctx context.Context, oidcApp *domain
 	defer func() { span.EndWithError(err) }()
 
 	addedApplication := NewOIDCApplicationWriteModel(oidcApp.AggregateID, resourceOwner)
+	if err := c.eventstore.FilterToQueryReducer(ctx, addedApplication); err != nil {
+		return nil, err
+	}
+	if err := c.checkPermissionUpdateApplication(ctx, addedApplication.ResourceOwner, addedApplication.AggregateID); err != nil {
+		return nil, err
+	}
+
 	projectAgg := ProjectAggregateFromWriteModel(&addedApplication.WriteModel)
 
 	oidcApp.AppID = appID
@@ -183,27 +199,27 @@ func (c *Commands) addOIDCApplicationWithID(ctx context.Context, oidcApp *domain
 	}
 	events = append(events, project_repo.NewOIDCConfigAddedEvent(ctx,
 		projectAgg,
-		oidcApp.OIDCVersion,
+		gu.Value(oidcApp.OIDCVersion),
 		oidcApp.AppID,
 		oidcApp.ClientID,
 		oidcApp.EncodedHash,
 		trimStringSliceWhiteSpaces(oidcApp.RedirectUris),
 		oidcApp.ResponseTypes,
 		oidcApp.GrantTypes,
-		oidcApp.ApplicationType,
-		oidcApp.AuthMethodType,
+		gu.Value(oidcApp.ApplicationType),
+		gu.Value(oidcApp.AuthMethodType),
 		trimStringSliceWhiteSpaces(oidcApp.PostLogoutRedirectUris),
-		oidcApp.DevMode,
-		oidcApp.AccessTokenType,
-		oidcApp.AccessTokenRoleAssertion,
-		oidcApp.IDTokenRoleAssertion,
-		oidcApp.IDTokenUserinfoAssertion,
-		oidcApp.ClockSkew,
+		gu.Value(oidcApp.DevMode),
+		gu.Value(oidcApp.AccessTokenType),
+		gu.Value(oidcApp.AccessTokenRoleAssertion),
+		gu.Value(oidcApp.IDTokenRoleAssertion),
+		gu.Value(oidcApp.IDTokenUserinfoAssertion),
+		gu.Value(oidcApp.ClockSkew),
 		trimStringSliceWhiteSpaces(oidcApp.AdditionalOrigins),
-		oidcApp.SkipNativeAppSuccessPage,
-		strings.TrimSpace(oidcApp.BackChannelLogoutURI),
-		oidcApp.LoginVersion,
-		strings.TrimSpace(oidcApp.LoginBaseURI),
+		gu.Value(oidcApp.SkipNativeAppSuccessPage),
+		strings.TrimSpace(gu.Value(oidcApp.BackChannelLogoutURI)),
+		gu.Value(oidcApp.LoginVersion),
+		strings.TrimSpace(gu.Value(oidcApp.LoginBaseURI)),
 	))
 
 	addedApplication.AppID = oidcApp.AppID
@@ -226,7 +242,7 @@ func (c *Commands) addOIDCApplicationWithID(ctx context.Context, oidcApp *domain
 	return result, nil
 }
 
-func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCApp, resourceOwner string) (*domain.OIDCApp, error) {
+func (c *Commands) UpdateOIDCApplication(ctx context.Context, oidc *domain.OIDCApp, resourceOwner string) (*domain.OIDCApp, error) {
 	if !oidc.IsValid() || oidc.AppID == "" || oidc.AggregateID == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-5m9fs", "Errors.Project.App.OIDCConfigInvalid")
 	}
@@ -241,7 +257,23 @@ func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCA
 	if !existingOIDC.IsOIDC() {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-GBr34", "Errors.Project.App.IsNotOIDC")
 	}
+	if err := c.eventstore.FilterToQueryReducer(ctx, existingOIDC); err != nil {
+		return nil, err
+	}
+	if err := c.checkPermissionUpdateApplication(ctx, existingOIDC.ResourceOwner, existingOIDC.AggregateID); err != nil {
+		return nil, err
+	}
+
 	projectAgg := ProjectAggregateFromWriteModel(&existingOIDC.WriteModel)
+	var backChannelLogout, loginBaseURI *string
+	if oidc.BackChannelLogoutURI != nil {
+		backChannelLogout = gu.Ptr(strings.TrimSpace(*oidc.BackChannelLogoutURI))
+	}
+
+	if oidc.LoginBaseURI != nil {
+		loginBaseURI = gu.Ptr(strings.TrimSpace(*oidc.LoginBaseURI))
+	}
+
 	changedEvent, hasChanged, err := existingOIDC.NewChangedEvent(
 		ctx,
 		projectAgg,
@@ -261,9 +293,9 @@ func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCA
 		oidc.ClockSkew,
 		trimStringSliceWhiteSpaces(oidc.AdditionalOrigins),
 		oidc.SkipNativeAppSuccessPage,
-		strings.TrimSpace(oidc.BackChannelLogoutURI),
+		backChannelLogout,
 		oidc.LoginVersion,
-		strings.TrimSpace(oidc.LoginBaseURI),
+		loginBaseURI,
 	)
 	if err != nil {
 		return nil, err
@@ -301,6 +333,11 @@ func (c *Commands) ChangeOIDCApplicationSecret(ctx context.Context, projectID, a
 	if !existingOIDC.IsOIDC() {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Ghrh3", "Errors.Project.App.IsNotOIDC")
 	}
+
+	if err := c.checkPermissionUpdateApplication(ctx, existingOIDC.ResourceOwner, existingOIDC.AggregateID); err != nil {
+		return nil, err
+	}
+
 	encodedHash, plain, err := c.newHashedSecret(ctx, c.eventstore.Filter) //nolint:staticcheck
 	if err != nil {
 		return nil, err
diff --git a/internal/command/project_application_oidc_model.go b/internal/command/project_application_oidc_model.go
index 603ebdcda2..375bb26f5e 100644
--- a/internal/command/project_application_oidc_model.go
+++ b/internal/command/project_application_oidc_model.go
@@ -258,77 +258,77 @@ func (wm *OIDCApplicationWriteModel) NewChangedEvent(
 	postLogoutRedirectURIs []string,
 	responseTypes []domain.OIDCResponseType,
 	grantTypes []domain.OIDCGrantType,
-	appType domain.OIDCApplicationType,
-	authMethodType domain.OIDCAuthMethodType,
-	oidcVersion domain.OIDCVersion,
-	accessTokenType domain.OIDCTokenType,
+	appType *domain.OIDCApplicationType,
+	authMethodType *domain.OIDCAuthMethodType,
+	oidcVersion *domain.OIDCVersion,
+	accessTokenType *domain.OIDCTokenType,
 	devMode,
 	accessTokenRoleAssertion,
 	idTokenRoleAssertion,
-	idTokenUserinfoAssertion bool,
-	clockSkew time.Duration,
+	idTokenUserinfoAssertion *bool,
+	clockSkew *time.Duration,
 	additionalOrigins []string,
-	skipNativeAppSuccessPage bool,
-	backChannelLogoutURI string,
-	loginVersion domain.LoginVersion,
-	loginBaseURI string,
+	skipNativeAppSuccessPage *bool,
+	backChannelLogoutURI *string,
+	loginVersion *domain.LoginVersion,
+	loginBaseURI *string,
 ) (*project.OIDCConfigChangedEvent, bool, error) {
 	changes := make([]project.OIDCConfigChanges, 0)
 	var err error
 
-	if !slices.Equal(wm.RedirectUris, redirectURIS) {
+	if redirectURIS != nil && !slices.Equal(wm.RedirectUris, redirectURIS) {
 		changes = append(changes, project.ChangeRedirectURIs(redirectURIS))
 	}
-	if !slices.Equal(wm.ResponseTypes, responseTypes) {
+	if responseTypes != nil && !slices.Equal(wm.ResponseTypes, responseTypes) {
 		changes = append(changes, project.ChangeResponseTypes(responseTypes))
 	}
-	if !slices.Equal(wm.GrantTypes, grantTypes) {
+	if grantTypes != nil && !slices.Equal(wm.GrantTypes, grantTypes) {
 		changes = append(changes, project.ChangeGrantTypes(grantTypes))
 	}
-	if wm.ApplicationType != appType {
-		changes = append(changes, project.ChangeApplicationType(appType))
+	if appType != nil && wm.ApplicationType != *appType {
+		changes = append(changes, project.ChangeApplicationType(*appType))
 	}
-	if wm.AuthMethodType != authMethodType {
-		changes = append(changes, project.ChangeAuthMethodType(authMethodType))
+	if authMethodType != nil && wm.AuthMethodType != *authMethodType {
+		changes = append(changes, project.ChangeAuthMethodType(*authMethodType))
 	}
-	if !slices.Equal(wm.PostLogoutRedirectUris, postLogoutRedirectURIs) {
+	if postLogoutRedirectURIs != nil && !slices.Equal(wm.PostLogoutRedirectUris, postLogoutRedirectURIs) {
 		changes = append(changes, project.ChangePostLogoutRedirectURIs(postLogoutRedirectURIs))
 	}
-	if wm.OIDCVersion != oidcVersion {
-		changes = append(changes, project.ChangeVersion(oidcVersion))
+	if oidcVersion != nil && wm.OIDCVersion != *oidcVersion {
+		changes = append(changes, project.ChangeVersion(*oidcVersion))
 	}
-	if wm.DevMode != devMode {
-		changes = append(changes, project.ChangeDevMode(devMode))
+	if devMode != nil && wm.DevMode != *devMode {
+		changes = append(changes, project.ChangeDevMode(*devMode))
 	}
-	if wm.AccessTokenType != accessTokenType {
-		changes = append(changes, project.ChangeAccessTokenType(accessTokenType))
+	if accessTokenType != nil && wm.AccessTokenType != *accessTokenType {
+		changes = append(changes, project.ChangeAccessTokenType(*accessTokenType))
 	}
-	if wm.AccessTokenRoleAssertion != accessTokenRoleAssertion {
-		changes = append(changes, project.ChangeAccessTokenRoleAssertion(accessTokenRoleAssertion))
+	if accessTokenRoleAssertion != nil && wm.AccessTokenRoleAssertion != *accessTokenRoleAssertion {
+		changes = append(changes, project.ChangeAccessTokenRoleAssertion(*accessTokenRoleAssertion))
 	}
-	if wm.IDTokenRoleAssertion != idTokenRoleAssertion {
-		changes = append(changes, project.ChangeIDTokenRoleAssertion(idTokenRoleAssertion))
+	if idTokenRoleAssertion != nil && wm.IDTokenRoleAssertion != *idTokenRoleAssertion {
+		changes = append(changes, project.ChangeIDTokenRoleAssertion(*idTokenRoleAssertion))
 	}
-	if wm.IDTokenUserinfoAssertion != idTokenUserinfoAssertion {
-		changes = append(changes, project.ChangeIDTokenUserinfoAssertion(idTokenUserinfoAssertion))
+	if idTokenUserinfoAssertion != nil && wm.IDTokenUserinfoAssertion != *idTokenUserinfoAssertion {
+		changes = append(changes, project.ChangeIDTokenUserinfoAssertion(*idTokenUserinfoAssertion))
 	}
-	if wm.ClockSkew != clockSkew {
-		changes = append(changes, project.ChangeClockSkew(clockSkew))
+	if clockSkew != nil && wm.ClockSkew != *clockSkew {
+		changes = append(changes, project.ChangeClockSkew(*clockSkew))
 	}
-	if !slices.Equal(wm.AdditionalOrigins, additionalOrigins) {
+	if additionalOrigins != nil && !slices.Equal(wm.AdditionalOrigins, additionalOrigins) {
 		changes = append(changes, project.ChangeAdditionalOrigins(additionalOrigins))
 	}
-	if wm.SkipNativeAppSuccessPage != skipNativeAppSuccessPage {
-		changes = append(changes, project.ChangeSkipNativeAppSuccessPage(skipNativeAppSuccessPage))
+	if skipNativeAppSuccessPage != nil && wm.SkipNativeAppSuccessPage != *skipNativeAppSuccessPage {
+		changes = append(changes, project.ChangeSkipNativeAppSuccessPage(*skipNativeAppSuccessPage))
 	}
-	if wm.BackChannelLogoutURI != backChannelLogoutURI {
-		changes = append(changes, project.ChangeBackChannelLogoutURI(backChannelLogoutURI))
+	if backChannelLogoutURI != nil && wm.BackChannelLogoutURI != *backChannelLogoutURI {
+		changes = append(changes, project.ChangeBackChannelLogoutURI(*backChannelLogoutURI))
 	}
-	if wm.LoginVersion != loginVersion {
-		changes = append(changes, project.ChangeOIDCLoginVersion(loginVersion))
+	if loginVersion != nil && wm.LoginVersion != *loginVersion {
+		changes = append(changes, project.ChangeOIDCLoginVersion(*loginVersion))
 	}
-	if wm.LoginBaseURI != loginBaseURI {
-		changes = append(changes, project.ChangeOIDCLoginBaseURI(loginBaseURI))
+	if loginBaseURI != nil && wm.LoginBaseURI != *loginBaseURI {
+		changes = append(changes, project.ChangeOIDCLoginBaseURI(*loginBaseURI))
 	}
 
 	if len(changes) == 0 {
diff --git a/internal/command/project_application_oidc_test.go b/internal/command/project_application_oidc_test.go
index d0383b1b29..d728ffca45 100644
--- a/internal/command/project_application_oidc_test.go
+++ b/internal/command/project_application_oidc_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -401,6 +402,8 @@ func TestAddOIDCApp(t *testing.T) {
 }
 
 func TestCommandSide_AddOIDCApplication(t *testing.T) {
+	t.Parallel()
+
 	type fields struct {
 		eventstore  func(t *testing.T) *eventstore.Eventstore
 		idGenerator id.Generator
@@ -497,6 +500,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 								domain.PrivateLabelingSettingUnspecified),
 						),
 					),
+					expectFilter(),
 					expectPush(
 						project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -538,24 +542,24 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 						AggregateID: "project1",
 					},
 					AppName:                  "app",
-					AuthMethodType:           domain.OIDCAuthMethodTypePost,
-					OIDCVersion:              domain.OIDCVersionV1,
+					AuthMethodType:           gu.Ptr(domain.OIDCAuthMethodTypePost),
+					OIDCVersion:              gu.Ptr(domain.OIDCVersionV1),
 					RedirectUris:             []string{" https://test.ch "},
 					ResponseTypes:            []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
 					GrantTypes:               []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-					ApplicationType:          domain.OIDCApplicationTypeWeb,
+					ApplicationType:          gu.Ptr(domain.OIDCApplicationTypeWeb),
 					PostLogoutRedirectUris:   []string{" https://test.ch/logout "},
-					DevMode:                  true,
-					AccessTokenType:          domain.OIDCTokenTypeBearer,
-					AccessTokenRoleAssertion: true,
-					IDTokenRoleAssertion:     true,
-					IDTokenUserinfoAssertion: true,
-					ClockSkew:                time.Second * 1,
+					DevMode:                  gu.Ptr(true),
+					AccessTokenType:          gu.Ptr(domain.OIDCTokenTypeBearer),
+					AccessTokenRoleAssertion: gu.Ptr(true),
+					IDTokenRoleAssertion:     gu.Ptr(true),
+					IDTokenUserinfoAssertion: gu.Ptr(true),
+					ClockSkew:                gu.Ptr(time.Second * 1),
 					AdditionalOrigins:        []string{" https://sub.test.ch "},
-					SkipNativeAppSuccessPage: true,
-					BackChannelLogoutURI:     " https://test.ch/backchannel ",
-					LoginVersion:             domain.LoginVersion2,
-					LoginBaseURI:             " https://login.test.ch ",
+					SkipNativeAppSuccessPage: gu.Ptr(true),
+					BackChannelLogoutURI:     gu.Ptr(" https://test.ch/backchannel "),
+					LoginVersion:             gu.Ptr(domain.LoginVersion2),
+					LoginBaseURI:             gu.Ptr(" https://login.test.ch "),
 				},
 				resourceOwner: "org1",
 			},
@@ -569,24 +573,24 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 					AppName:                  "app",
 					ClientID:                 "client1",
 					ClientSecretString:       "secret",
-					AuthMethodType:           domain.OIDCAuthMethodTypePost,
-					OIDCVersion:              domain.OIDCVersionV1,
+					AuthMethodType:           gu.Ptr(domain.OIDCAuthMethodTypePost),
+					OIDCVersion:              gu.Ptr(domain.OIDCVersionV1),
 					RedirectUris:             []string{"https://test.ch"},
 					ResponseTypes:            []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
 					GrantTypes:               []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-					ApplicationType:          domain.OIDCApplicationTypeWeb,
+					ApplicationType:          gu.Ptr(domain.OIDCApplicationTypeWeb),
 					PostLogoutRedirectUris:   []string{"https://test.ch/logout"},
-					DevMode:                  true,
-					AccessTokenType:          domain.OIDCTokenTypeBearer,
-					AccessTokenRoleAssertion: true,
-					IDTokenRoleAssertion:     true,
-					IDTokenUserinfoAssertion: true,
-					ClockSkew:                time.Second * 1,
+					DevMode:                  gu.Ptr(true),
+					AccessTokenType:          gu.Ptr(domain.OIDCTokenTypeBearer),
+					AccessTokenRoleAssertion: gu.Ptr(true),
+					IDTokenRoleAssertion:     gu.Ptr(true),
+					IDTokenUserinfoAssertion: gu.Ptr(true),
+					ClockSkew:                gu.Ptr(time.Second * 1),
 					AdditionalOrigins:        []string{"https://sub.test.ch"},
-					SkipNativeAppSuccessPage: true,
-					BackChannelLogoutURI:     "https://test.ch/backchannel",
-					LoginVersion:             domain.LoginVersion2,
-					LoginBaseURI:             "https://login.test.ch",
+					SkipNativeAppSuccessPage: gu.Ptr(true),
+					BackChannelLogoutURI:     gu.Ptr("https://test.ch/backchannel"),
+					LoginVersion:             gu.Ptr(domain.LoginVersion2),
+					LoginBaseURI:             gu.Ptr("https://login.test.ch"),
 					State:                    domain.AppStateActive,
 					Compliance:               &domain.Compliance{},
 				},
@@ -604,6 +608,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 								domain.PrivateLabelingSettingUnspecified),
 						),
 					),
+					expectFilter(),
 					expectPush(
 						project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -645,24 +650,24 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 						AggregateID: "project1",
 					},
 					AppName:                  "app",
-					AuthMethodType:           domain.OIDCAuthMethodTypePost,
-					OIDCVersion:              domain.OIDCVersionV1,
+					AuthMethodType:           gu.Ptr(domain.OIDCAuthMethodTypePost),
+					OIDCVersion:              gu.Ptr(domain.OIDCVersionV1),
 					RedirectUris:             []string{"https://test.ch"},
 					ResponseTypes:            []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
 					GrantTypes:               []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-					ApplicationType:          domain.OIDCApplicationTypeWeb,
+					ApplicationType:          gu.Ptr(domain.OIDCApplicationTypeWeb),
 					PostLogoutRedirectUris:   []string{"https://test.ch/logout"},
-					DevMode:                  true,
-					AccessTokenType:          domain.OIDCTokenTypeBearer,
-					AccessTokenRoleAssertion: true,
-					IDTokenRoleAssertion:     true,
-					IDTokenUserinfoAssertion: true,
-					ClockSkew:                time.Second * 1,
+					DevMode:                  gu.Ptr(true),
+					AccessTokenType:          gu.Ptr(domain.OIDCTokenTypeBearer),
+					AccessTokenRoleAssertion: gu.Ptr(true),
+					IDTokenRoleAssertion:     gu.Ptr(true),
+					IDTokenUserinfoAssertion: gu.Ptr(true),
+					ClockSkew:                gu.Ptr(time.Second * 1),
 					AdditionalOrigins:        []string{"https://sub.test.ch"},
-					SkipNativeAppSuccessPage: true,
-					BackChannelLogoutURI:     "https://test.ch/backchannel",
-					LoginVersion:             domain.LoginVersion2,
-					LoginBaseURI:             "https://login.test.ch",
+					SkipNativeAppSuccessPage: gu.Ptr(true),
+					BackChannelLogoutURI:     gu.Ptr("https://test.ch/backchannel"),
+					LoginVersion:             gu.Ptr(domain.LoginVersion2),
+					LoginBaseURI:             gu.Ptr("https://login.test.ch"),
 				},
 				resourceOwner: "org1",
 			},
@@ -676,24 +681,24 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 					AppName:                  "app",
 					ClientID:                 "client1",
 					ClientSecretString:       "secret",
-					AuthMethodType:           domain.OIDCAuthMethodTypePost,
-					OIDCVersion:              domain.OIDCVersionV1,
+					AuthMethodType:           gu.Ptr(domain.OIDCAuthMethodTypePost),
+					OIDCVersion:              gu.Ptr(domain.OIDCVersionV1),
 					RedirectUris:             []string{"https://test.ch"},
 					ResponseTypes:            []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
 					GrantTypes:               []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-					ApplicationType:          domain.OIDCApplicationTypeWeb,
+					ApplicationType:          gu.Ptr(domain.OIDCApplicationTypeWeb),
 					PostLogoutRedirectUris:   []string{"https://test.ch/logout"},
-					DevMode:                  true,
-					AccessTokenType:          domain.OIDCTokenTypeBearer,
-					AccessTokenRoleAssertion: true,
-					IDTokenRoleAssertion:     true,
-					IDTokenUserinfoAssertion: true,
-					ClockSkew:                time.Second * 1,
+					DevMode:                  gu.Ptr(true),
+					AccessTokenType:          gu.Ptr(domain.OIDCTokenTypeBearer),
+					AccessTokenRoleAssertion: gu.Ptr(true),
+					IDTokenRoleAssertion:     gu.Ptr(true),
+					IDTokenUserinfoAssertion: gu.Ptr(true),
+					ClockSkew:                gu.Ptr(time.Second * 1),
 					AdditionalOrigins:        []string{"https://sub.test.ch"},
-					SkipNativeAppSuccessPage: true,
-					BackChannelLogoutURI:     "https://test.ch/backchannel",
-					LoginVersion:             domain.LoginVersion2,
-					LoginBaseURI:             "https://login.test.ch",
+					SkipNativeAppSuccessPage: gu.Ptr(true),
+					BackChannelLogoutURI:     gu.Ptr("https://test.ch/backchannel"),
+					LoginVersion:             gu.Ptr(domain.LoginVersion2),
+					LoginBaseURI:             gu.Ptr("https://login.test.ch"),
 					State:                    domain.AppStateActive,
 					Compliance:               &domain.Compliance{},
 				},
@@ -702,6 +707,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
 			c := &Commands{
 				eventstore:      tt.fields.eventstore(t),
 				idGenerator:     tt.fields.idGenerator,
@@ -709,6 +715,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 				defaultSecretGenerators: &SecretGenerators{
 					ClientSecret: emptyConfig,
 				},
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
 			c.setMilestonesCompletedForTest("instanceID")
 			got, err := c.AddOIDCApplication(tt.args.ctx, tt.args.oidcApp, tt.args.resourceOwner)
@@ -726,6 +733,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 }
 
 func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
+	t.Parallel()
 	type fields struct {
 		eventstore func(*testing.T) *eventstore.Eventstore
 	}
@@ -775,7 +783,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 						AggregateID: "project1",
 					},
 					AppID:          "",
-					AuthMethodType: domain.OIDCAuthMethodTypePost,
+					AuthMethodType: gu.Ptr(domain.OIDCAuthMethodTypePost),
 					GrantTypes:     []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
 					ResponseTypes:  []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
 				},
@@ -797,7 +805,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 						AggregateID: "",
 					},
 					AppID:          "appid",
-					AuthMethodType: domain.OIDCAuthMethodTypePost,
+					AuthMethodType: gu.Ptr(domain.OIDCAuthMethodTypePost),
 					GrantTypes:     []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
 					ResponseTypes:  []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
 				},
@@ -821,7 +829,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 						AggregateID: "project1",
 					},
 					AppID:          "app1",
-					AuthMethodType: domain.OIDCAuthMethodTypePost,
+					AuthMethodType: gu.Ptr(domain.OIDCAuthMethodTypePost),
 					GrantTypes:     []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
 					ResponseTypes:  []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
 				},
@@ -870,6 +878,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 							),
 						),
 					),
+					expectFilter(),
 				),
 			},
 			args: args{
@@ -880,24 +889,24 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 					},
 					AppID:                    "app1",
 					AppName:                  "app",
-					AuthMethodType:           domain.OIDCAuthMethodTypePost,
-					OIDCVersion:              domain.OIDCVersionV1,
+					AuthMethodType:           gu.Ptr(domain.OIDCAuthMethodTypePost),
+					OIDCVersion:              gu.Ptr(domain.OIDCVersionV1),
 					RedirectUris:             []string{"https://test.ch"},
 					ResponseTypes:            []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
 					GrantTypes:               []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-					ApplicationType:          domain.OIDCApplicationTypeWeb,
+					ApplicationType:          gu.Ptr(domain.OIDCApplicationTypeWeb),
 					PostLogoutRedirectUris:   []string{"https://test.ch/logout"},
-					DevMode:                  true,
-					AccessTokenType:          domain.OIDCTokenTypeBearer,
-					AccessTokenRoleAssertion: true,
-					IDTokenRoleAssertion:     true,
-					IDTokenUserinfoAssertion: true,
-					ClockSkew:                time.Second * 1,
+					DevMode:                  gu.Ptr(true),
+					AccessTokenType:          gu.Ptr(domain.OIDCTokenTypeBearer),
+					AccessTokenRoleAssertion: gu.Ptr(true),
+					IDTokenRoleAssertion:     gu.Ptr(true),
+					IDTokenUserinfoAssertion: gu.Ptr(true),
+					ClockSkew:                gu.Ptr(time.Second * 1),
 					AdditionalOrigins:        []string{"https://sub.test.ch"},
-					SkipNativeAppSuccessPage: true,
-					BackChannelLogoutURI:     "https://test.ch/backchannel",
-					LoginVersion:             domain.LoginVersion2,
-					LoginBaseURI:             "https://login.test.ch",
+					SkipNativeAppSuccessPage: gu.Ptr(true),
+					BackChannelLogoutURI:     gu.Ptr("https://test.ch/backchannel"),
+					LoginVersion:             gu.Ptr(domain.LoginVersion2),
+					LoginBaseURI:             gu.Ptr("https://login.test.ch"),
 				},
 				resourceOwner: "org1",
 			},
@@ -944,6 +953,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 							),
 						),
 					),
+					expectFilter(),
 				),
 			},
 			args: args{
@@ -954,24 +964,24 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 					},
 					AppID:                    "app1",
 					AppName:                  "app",
-					AuthMethodType:           domain.OIDCAuthMethodTypePost,
-					OIDCVersion:              domain.OIDCVersionV1,
+					AuthMethodType:           gu.Ptr(domain.OIDCAuthMethodTypePost),
+					OIDCVersion:              gu.Ptr(domain.OIDCVersionV1),
 					RedirectUris:             []string{"https://test.ch "},
 					ResponseTypes:            []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
 					GrantTypes:               []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-					ApplicationType:          domain.OIDCApplicationTypeWeb,
+					ApplicationType:          gu.Ptr(domain.OIDCApplicationTypeWeb),
 					PostLogoutRedirectUris:   []string{" https://test.ch/logout"},
-					DevMode:                  true,
-					AccessTokenType:          domain.OIDCTokenTypeBearer,
-					AccessTokenRoleAssertion: true,
-					IDTokenRoleAssertion:     true,
-					IDTokenUserinfoAssertion: true,
-					ClockSkew:                time.Second * 1,
+					DevMode:                  gu.Ptr(true),
+					AccessTokenType:          gu.Ptr(domain.OIDCTokenTypeBearer),
+					AccessTokenRoleAssertion: gu.Ptr(true),
+					IDTokenRoleAssertion:     gu.Ptr(true),
+					IDTokenUserinfoAssertion: gu.Ptr(true),
+					ClockSkew:                gu.Ptr(time.Second * 1),
 					AdditionalOrigins:        []string{" https://sub.test.ch "},
-					SkipNativeAppSuccessPage: true,
-					BackChannelLogoutURI:     " https://test.ch/backchannel ",
-					LoginVersion:             domain.LoginVersion2,
-					LoginBaseURI:             " https://login.test.ch ",
+					SkipNativeAppSuccessPage: gu.Ptr(true),
+					BackChannelLogoutURI:     gu.Ptr(" https://test.ch/backchannel "),
+					LoginVersion:             gu.Ptr(domain.LoginVersion2),
+					LoginBaseURI:             gu.Ptr(" https://login.test.ch "),
 				},
 				resourceOwner: "org1",
 			},
@@ -980,7 +990,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 			},
 		},
 		{
-			name: "change oidc app, ok",
+			name: "partial change oidc app, ok",
 			fields: fields{
 				eventstore: expectEventstore(
 					expectFilter(
@@ -1018,6 +1028,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 							),
 						),
 					),
+					expectFilter(),
 					expectPush(
 						newOIDCAppChangedEvent(context.Background(),
 							"app1",
@@ -1032,26 +1043,11 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 					ObjectRoot: models.ObjectRoot{
 						AggregateID: "project1",
 					},
-					AppID:                    "app1",
-					AppName:                  "app",
-					AuthMethodType:           domain.OIDCAuthMethodTypePost,
-					OIDCVersion:              domain.OIDCVersionV1,
-					RedirectUris:             []string{" https://test-change.ch "},
-					ResponseTypes:            []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
-					GrantTypes:               []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-					ApplicationType:          domain.OIDCApplicationTypeWeb,
-					PostLogoutRedirectUris:   []string{" https://test-change.ch/logout "},
-					DevMode:                  true,
-					AccessTokenType:          domain.OIDCTokenTypeJWT,
-					AccessTokenRoleAssertion: false,
-					IDTokenRoleAssertion:     false,
-					IDTokenUserinfoAssertion: false,
-					ClockSkew:                time.Second * 2,
-					AdditionalOrigins:        []string{"https://sub.test.ch"},
-					SkipNativeAppSuccessPage: true,
-					BackChannelLogoutURI:     "https://test.ch/backchannel",
-					LoginVersion:             domain.LoginVersion2,
-					LoginBaseURI:             "https://login.test.ch",
+					AppID:          "app1",
+					AppName:        "app",
+					AuthMethodType: gu.Ptr(domain.OIDCAuthMethodTypeBasic),
+					GrantTypes:     []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
+					ResponseTypes:  []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
 				},
 				resourceOwner: "org1",
 			},
@@ -1064,24 +1060,24 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 					AppID:                    "app1",
 					ClientID:                 "client1@project",
 					AppName:                  "app",
-					AuthMethodType:           domain.OIDCAuthMethodTypePost,
-					OIDCVersion:              domain.OIDCVersionV1,
-					RedirectUris:             []string{"https://test-change.ch"},
+					AuthMethodType:           gu.Ptr(domain.OIDCAuthMethodTypeBasic),
+					OIDCVersion:              gu.Ptr(domain.OIDCVersionV1),
+					RedirectUris:             []string{"https://test.ch"},
 					ResponseTypes:            []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
 					GrantTypes:               []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-					ApplicationType:          domain.OIDCApplicationTypeWeb,
-					PostLogoutRedirectUris:   []string{"https://test-change.ch/logout"},
-					DevMode:                  true,
-					AccessTokenType:          domain.OIDCTokenTypeJWT,
-					AccessTokenRoleAssertion: false,
-					IDTokenRoleAssertion:     false,
-					IDTokenUserinfoAssertion: false,
-					ClockSkew:                time.Second * 2,
+					ApplicationType:          gu.Ptr(domain.OIDCApplicationTypeWeb),
+					PostLogoutRedirectUris:   []string{"https://test.ch/logout"},
+					DevMode:                  gu.Ptr(false),
+					AccessTokenType:          gu.Ptr(domain.OIDCTokenTypeBearer),
+					AccessTokenRoleAssertion: gu.Ptr(true),
+					IDTokenRoleAssertion:     gu.Ptr(true),
+					IDTokenUserinfoAssertion: gu.Ptr(true),
+					ClockSkew:                gu.Ptr(time.Second * 1),
 					AdditionalOrigins:        []string{"https://sub.test.ch"},
-					SkipNativeAppSuccessPage: true,
-					BackChannelLogoutURI:     "https://test.ch/backchannel",
-					LoginVersion:             domain.LoginVersion2,
-					LoginBaseURI:             "https://login.test.ch",
+					SkipNativeAppSuccessPage: gu.Ptr(true),
+					BackChannelLogoutURI:     gu.Ptr("https://test.ch/backchannel"),
+					LoginVersion:             gu.Ptr(domain.LoginVersion1),
+					LoginBaseURI:             gu.Ptr(""),
 					Compliance:               &domain.Compliance{},
 					State:                    domain.AppStateActive,
 				},
@@ -1090,10 +1086,12 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			// t.Parallel()
 			r := &Commands{
-				eventstore: tt.fields.eventstore(t),
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
-			got, err := r.ChangeOIDCApplication(tt.args.ctx, tt.args.oidcApp, tt.args.resourceOwner)
+			got, err := r.UpdateOIDCApplication(tt.args.ctx, tt.args.oidcApp, tt.args.resourceOwner)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -1108,6 +1106,8 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 }
 
 func TestCommandSide_ChangeOIDCApplicationSecret(t *testing.T) {
+	t.Parallel()
+
 	type fields struct {
 		eventstore func(*testing.T) *eventstore.Eventstore
 	}
@@ -1237,36 +1237,40 @@ func TestCommandSide_ChangeOIDCApplicationSecret(t *testing.T) {
 					AppName:                  "app",
 					ClientID:                 "client1@project",
 					ClientSecretString:       "secret",
-					AuthMethodType:           domain.OIDCAuthMethodTypePost,
-					OIDCVersion:              domain.OIDCVersionV1,
+					AuthMethodType:           gu.Ptr(domain.OIDCAuthMethodTypePost),
+					OIDCVersion:              gu.Ptr(domain.OIDCVersionV1),
 					RedirectUris:             []string{"https://test.ch"},
 					ResponseTypes:            []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
 					GrantTypes:               []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
-					ApplicationType:          domain.OIDCApplicationTypeWeb,
+					ApplicationType:          gu.Ptr(domain.OIDCApplicationTypeWeb),
 					PostLogoutRedirectUris:   []string{"https://test.ch/logout"},
-					DevMode:                  true,
-					AccessTokenType:          domain.OIDCTokenTypeBearer,
-					AccessTokenRoleAssertion: true,
-					IDTokenRoleAssertion:     true,
-					IDTokenUserinfoAssertion: true,
-					ClockSkew:                time.Second * 1,
+					DevMode:                  gu.Ptr(true),
+					AccessTokenType:          gu.Ptr(domain.OIDCTokenTypeBearer),
+					AccessTokenRoleAssertion: gu.Ptr(true),
+					IDTokenRoleAssertion:     gu.Ptr(true),
+					IDTokenUserinfoAssertion: gu.Ptr(true),
+					ClockSkew:                gu.Ptr(time.Second * 1),
 					AdditionalOrigins:        []string{"https://sub.test.ch"},
-					SkipNativeAppSuccessPage: false,
-					BackChannelLogoutURI:     "",
-					LoginVersion:             domain.LoginVersionUnspecified,
+					SkipNativeAppSuccessPage: gu.Ptr(false),
+					BackChannelLogoutURI:     gu.Ptr(""),
+					LoginVersion:             gu.Ptr(domain.LoginVersionUnspecified),
+					LoginBaseURI:             gu.Ptr(""),
 					State:                    domain.AppStateActive,
 				},
 			},
 		},
 	}
 	for _, tt := range tests {
-		t.Run(tt.name, func(*testing.T) {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
 			r := &Commands{
 				eventstore:      tt.fields.eventstore(t),
 				newHashedSecret: mockHashedSecret("secret"),
 				defaultSecretGenerators: &SecretGenerators{
 					ClientSecret: emptyConfig,
 				},
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
 			got, err := r.ChangeOIDCApplicationSecret(tt.args.ctx, tt.args.projectID, tt.args.appID, tt.args.resourceOwner)
 			if tt.res.err == nil {
@@ -1284,16 +1288,7 @@ func TestCommandSide_ChangeOIDCApplicationSecret(t *testing.T) {
 
 func newOIDCAppChangedEvent(ctx context.Context, appID, projectID, resourceOwner string) *project.OIDCConfigChangedEvent {
 	changes := []project.OIDCConfigChanges{
-		project.ChangeRedirectURIs([]string{"https://test-change.ch"}),
-		project.ChangePostLogoutRedirectURIs([]string{"https://test-change.ch/logout"}),
-		project.ChangeDevMode(true),
-		project.ChangeAccessTokenType(domain.OIDCTokenTypeJWT),
-		project.ChangeAccessTokenRoleAssertion(false),
-		project.ChangeIDTokenRoleAssertion(false),
-		project.ChangeIDTokenUserinfoAssertion(false),
-		project.ChangeClockSkew(time.Second * 2),
-		project.ChangeOIDCLoginVersion(domain.LoginVersion2),
-		project.ChangeOIDCLoginBaseURI("https://login.test.ch"),
+		project.ChangeAuthMethodType(domain.OIDCAuthMethodTypeBasic),
 	}
 	event, _ := project.NewOIDCConfigChangedEvent(ctx,
 		&project.NewAggregate(projectID, resourceOwner).Aggregate,
diff --git a/internal/command/project_application_saml.go b/internal/command/project_application_saml.go
index 1a5cefa221..9b1dc9e97a 100644
--- a/internal/command/project_application_saml.go
+++ b/internal/command/project_application_saml.go
@@ -3,6 +3,7 @@ package command
 import (
 	"context"
 
+	"github.com/muhlemmer/gu"
 	"github.com/zitadel/saml/pkg/provider/xml"
 
 	"github.com/zitadel/zitadel/internal/domain"
@@ -16,10 +17,22 @@ func (c *Commands) AddSAMLApplication(ctx context.Context, application *domain.S
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-35Fn0", "Errors.Project.App.Invalid")
 	}
 
-	if _, err := c.checkProjectExists(ctx, application.AggregateID, resourceOwner); err != nil {
+	projectResOwner, err := c.checkProjectExists(ctx, application.AggregateID, resourceOwner)
+	if err != nil {
 		return nil, err
 	}
+	if resourceOwner == "" {
+		resourceOwner = projectResOwner
+	}
+
 	addedApplication := NewSAMLApplicationWriteModel(application.AggregateID, resourceOwner)
+	if err := c.eventstore.FilterToQueryReducer(ctx, addedApplication); err != nil {
+		return nil, err
+	}
+	if err := c.checkPermissionUpdateApplication(ctx, addedApplication.ResourceOwner, addedApplication.AggregateID); err != nil {
+		return nil, err
+	}
+
 	projectAgg := ProjectAggregateFromWriteModel(&addedApplication.WriteModel)
 	events, err := c.addSAMLApplication(ctx, projectAgg, application)
 	if err != nil {
@@ -49,12 +62,8 @@ func (c *Commands) addSAMLApplication(ctx context.Context, projectAgg *eventstor
 		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-1n9df", "Errors.Project.App.Invalid")
 	}
 
-	if samlApp.Metadata == nil && samlApp.MetadataURL == "" {
-		return nil, zerrors.ThrowInvalidArgument(nil, "SAML-podix9", "Errors.Project.App.SAMLMetadataMissing")
-	}
-
-	if samlApp.MetadataURL != "" {
-		data, err := xml.ReadMetadataFromURL(c.httpClient, samlApp.MetadataURL)
+	if samlApp.MetadataURL != nil && *samlApp.MetadataURL != "" {
+		data, err := xml.ReadMetadataFromURL(c.httpClient, *samlApp.MetadataURL)
 		if err != nil {
 			return nil, zerrors.ThrowInvalidArgument(err, "SAML-wmqlo1", "Errors.Project.App.SAMLMetadataMissing")
 		}
@@ -78,14 +87,14 @@ func (c *Commands) addSAMLApplication(ctx context.Context, projectAgg *eventstor
 			samlApp.AppID,
 			string(entity.EntityID),
 			samlApp.Metadata,
-			samlApp.MetadataURL,
-			samlApp.LoginVersion,
-			samlApp.LoginBaseURI,
+			gu.Value(samlApp.MetadataURL),
+			gu.Value(samlApp.LoginVersion),
+			gu.Value(samlApp.LoginBaseURI),
 		),
 	}, nil
 }
 
-func (c *Commands) ChangeSAMLApplication(ctx context.Context, samlApp *domain.SAMLApp, resourceOwner string) (*domain.SAMLApp, error) {
+func (c *Commands) UpdateSAMLApplication(ctx context.Context, samlApp *domain.SAMLApp, resourceOwner string) (*domain.SAMLApp, error) {
 	if !samlApp.IsValid() || samlApp.AppID == "" || samlApp.AggregateID == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-5n9fs", "Errors.Project.App.SAMLConfigInvalid")
 	}
@@ -100,10 +109,15 @@ func (c *Commands) ChangeSAMLApplication(ctx context.Context, samlApp *domain.SA
 	if !existingSAML.IsSAML() {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-GBr35", "Errors.Project.App.IsNotSAML")
 	}
+
+	if err := c.checkPermissionUpdateApplication(ctx, existingSAML.ResourceOwner, existingSAML.AggregateID); err != nil {
+		return nil, err
+	}
+
 	projectAgg := ProjectAggregateFromWriteModel(&existingSAML.WriteModel)
 
-	if samlApp.MetadataURL != "" {
-		data, err := xml.ReadMetadataFromURL(c.httpClient, samlApp.MetadataURL)
+	if samlApp.MetadataURL != nil && *samlApp.MetadataURL != "" {
+		data, err := xml.ReadMetadataFromURL(c.httpClient, *samlApp.MetadataURL)
 		if err != nil {
 			return nil, zerrors.ThrowInvalidArgument(err, "SAML-J3kg3", "Errors.Project.App.SAMLMetadataMissing")
 		}
diff --git a/internal/command/project_application_saml_model.go b/internal/command/project_application_saml_model.go
index f219039b58..f3097914f3 100644
--- a/internal/command/project_application_saml_model.go
+++ b/internal/command/project_application_saml_model.go
@@ -2,7 +2,7 @@ package command
 
 import (
 	"context"
-	"reflect"
+	"slices"
 
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -170,26 +170,26 @@ func (wm *SAMLApplicationWriteModel) NewChangedEvent(
 	appID string,
 	entityID string,
 	metadata []byte,
-	metadataURL string,
-	loginVersion domain.LoginVersion,
-	loginBaseURI string,
+	metadataURL *string,
+	loginVersion *domain.LoginVersion,
+	loginBaseURI *string,
 ) (*project.SAMLConfigChangedEvent, bool, error) {
 	changes := make([]project.SAMLConfigChanges, 0)
 	var err error
-	if !reflect.DeepEqual(wm.Metadata, metadata) {
+	if metadata != nil && !slices.Equal(wm.Metadata, metadata) {
 		changes = append(changes, project.ChangeMetadata(metadata))
 	}
-	if wm.MetadataURL != metadataURL {
-		changes = append(changes, project.ChangeMetadataURL(metadataURL))
+	if metadataURL != nil && wm.MetadataURL != *metadataURL {
+		changes = append(changes, project.ChangeMetadataURL(*metadataURL))
 	}
 	if wm.EntityID != entityID {
 		changes = append(changes, project.ChangeEntityID(entityID))
 	}
-	if wm.LoginVersion != loginVersion {
-		changes = append(changes, project.ChangeSAMLLoginVersion(loginVersion))
+	if loginVersion != nil && wm.LoginVersion != *loginVersion {
+		changes = append(changes, project.ChangeSAMLLoginVersion(*loginVersion))
 	}
-	if wm.LoginBaseURI != loginBaseURI {
-		changes = append(changes, project.ChangeSAMLLoginBaseURI(loginBaseURI))
+	if loginBaseURI != nil && wm.LoginBaseURI != *loginBaseURI {
+		changes = append(changes, project.ChangeSAMLLoginBaseURI(*loginBaseURI))
 	}
 
 	if len(changes) == 0 {
diff --git a/internal/command/project_application_saml_test.go b/internal/command/project_application_saml_test.go
index c6f6f7cf21..5d18d9587c 100644
--- a/internal/command/project_application_saml_test.go
+++ b/internal/command/project_application_saml_test.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"testing"
 
+	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -49,6 +50,8 @@ var testMetadataChangedEntityID = []byte(`<?xml version="1.0"?>
 `)
 
 func TestCommandSide_AddSAMLApplication(t *testing.T) {
+	t.Parallel()
+
 	type fields struct {
 		eventstore  func(t *testing.T) *eventstore.Eventstore
 		idGenerator id.Generator
@@ -117,6 +120,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 								domain.PrivateLabelingSettingUnspecified),
 						),
 					),
+					expectFilter(),
 				),
 			},
 			args: args{
@@ -134,6 +138,37 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 				err: zerrors.IsErrorInvalidArgument,
 			},
 		},
+		{
+			name: "empty metas, invalid argument error",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingUnspecified),
+						),
+					),
+					expectFilter(),
+				),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t),
+			},
+			args: args{
+				ctx: authz.WithInstanceID(context.Background(), "instanceID"),
+				samlApp: &domain.SAMLApp{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID: "project1",
+					},
+					AppName:  "app",
+					EntityID: "https://test.com/saml/metadata",
+				},
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: zerrors.IsErrorInvalidArgument,
+			},
+		},
 		{
 			name: "create saml app, metadata not parsable",
 			fields: fields{
@@ -146,6 +181,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 								domain.PrivateLabelingSettingUnspecified),
 						),
 					),
+					expectFilter(),
 				),
 				idGenerator: id_mock.NewIDGeneratorExpectIDs(t),
 			},
@@ -158,7 +194,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 					AppName:     "app",
 					EntityID:    "https://test.com/saml/metadata",
 					Metadata:    []byte("test metadata"),
-					MetadataURL: "",
+					MetadataURL: gu.Ptr(""),
 				},
 				resourceOwner: "org1",
 			},
@@ -178,6 +214,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 								domain.PrivateLabelingSettingUnspecified),
 						),
 					),
+					expectFilter(),
 					expectPush(
 						project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -206,7 +243,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 					AppName:     "app",
 					EntityID:    "https://test.com/saml/metadata",
 					Metadata:    testMetadata,
-					MetadataURL: "",
+					MetadataURL: gu.Ptr(""),
 				},
 				resourceOwner: "org1",
 			},
@@ -216,12 +253,14 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 						AggregateID:   "project1",
 						ResourceOwner: "org1",
 					},
-					AppID:       "app1",
-					AppName:     "app",
-					EntityID:    "https://test.com/saml/metadata",
-					Metadata:    testMetadata,
-					MetadataURL: "",
-					State:       domain.AppStateActive,
+					AppID:        "app1",
+					AppName:      "app",
+					EntityID:     "https://test.com/saml/metadata",
+					Metadata:     testMetadata,
+					MetadataURL:  gu.Ptr(""),
+					State:        domain.AppStateActive,
+					LoginVersion: gu.Ptr(domain.LoginVersionUnspecified),
+					LoginBaseURI: gu.Ptr(""),
 				},
 			},
 		},
@@ -237,6 +276,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 								domain.PrivateLabelingSettingUnspecified),
 						),
 					),
+					expectFilter(),
 					expectPush(
 						project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -265,9 +305,9 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 					AppName:      "app",
 					EntityID:     "https://test.com/saml/metadata",
 					Metadata:     testMetadata,
-					MetadataURL:  "",
-					LoginVersion: domain.LoginVersion2,
-					LoginBaseURI: "https://test.com/login",
+					MetadataURL:  gu.Ptr(""),
+					LoginVersion: gu.Ptr(domain.LoginVersion2),
+					LoginBaseURI: gu.Ptr("https://test.com/login"),
 				},
 				resourceOwner: "org1",
 			},
@@ -281,10 +321,10 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 					AppName:      "app",
 					EntityID:     "https://test.com/saml/metadata",
 					Metadata:     testMetadata,
-					MetadataURL:  "",
+					MetadataURL:  gu.Ptr(""),
 					State:        domain.AppStateActive,
-					LoginVersion: domain.LoginVersion2,
-					LoginBaseURI: "https://test.com/login",
+					LoginVersion: gu.Ptr(domain.LoginVersion2),
+					LoginBaseURI: gu.Ptr("https://test.com/login"),
 				},
 			},
 		},
@@ -300,6 +340,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 								domain.PrivateLabelingSettingUnspecified),
 						),
 					),
+					expectFilter(),
 					expectPush(
 						project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -329,7 +370,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 					AppName:     "app",
 					EntityID:    "https://test.com/saml/metadata",
 					Metadata:    nil,
-					MetadataURL: "http://localhost:8080/saml/metadata",
+					MetadataURL: gu.Ptr("http://localhost:8080/saml/metadata"),
 				},
 				resourceOwner: "org1",
 			},
@@ -339,12 +380,14 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 						AggregateID:   "project1",
 						ResourceOwner: "org1",
 					},
-					AppID:       "app1",
-					AppName:     "app",
-					EntityID:    "https://test.com/saml/metadata",
-					Metadata:    testMetadata,
-					MetadataURL: "http://localhost:8080/saml/metadata",
-					State:       domain.AppStateActive,
+					AppID:        "app1",
+					AppName:      "app",
+					EntityID:     "https://test.com/saml/metadata",
+					Metadata:     testMetadata,
+					MetadataURL:  gu.Ptr("http://localhost:8080/saml/metadata"),
+					State:        domain.AppStateActive,
+					LoginVersion: gu.Ptr(domain.LoginVersionUnspecified),
+					LoginBaseURI: gu.Ptr(""),
 				},
 			},
 		},
@@ -360,6 +403,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 								domain.PrivateLabelingSettingUnspecified),
 						),
 					),
+					expectFilter(),
 				),
 				idGenerator: id_mock.NewIDGeneratorExpectIDs(t),
 				httpClient:  newTestClient(http.StatusNotFound, nil),
@@ -373,7 +417,7 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 					AppName:     "app",
 					EntityID:    "https://test.com/saml/metadata",
 					Metadata:    nil,
-					MetadataURL: "http://localhost:8080/saml/metadata",
+					MetadataURL: gu.Ptr("http://localhost:8080/saml/metadata"),
 				},
 				resourceOwner: "org1",
 			},
@@ -385,10 +429,13 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
 			c := &Commands{
-				eventstore:  tt.fields.eventstore(t),
-				idGenerator: tt.fields.idGenerator,
-				httpClient:  tt.fields.httpClient,
+				eventstore:      tt.fields.eventstore(t),
+				idGenerator:     tt.fields.idGenerator,
+				httpClient:      tt.fields.httpClient,
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
 			c.setMilestonesCompletedForTest("instanceID")
 			got, err := c.AddSAMLApplication(tt.args.ctx, tt.args.samlApp, tt.args.resourceOwner)
@@ -406,6 +453,8 @@ func TestCommandSide_AddSAMLApplication(t *testing.T) {
 }
 
 func TestCommandSide_ChangeSAMLApplication(t *testing.T) {
+	t.Parallel()
+
 	type fields struct {
 		eventstore func(t *testing.T) *eventstore.Eventstore
 		httpClient *http.Client
@@ -544,7 +593,7 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) {
 					AppID:       "app1",
 					EntityID:    "https://test.com/saml/metadata",
 					Metadata:    nil,
-					MetadataURL: "http://localhost:8080/saml/metadata",
+					MetadataURL: gu.Ptr("http://localhost:8080/saml/metadata"),
 				},
 				resourceOwner: "org1",
 			},
@@ -590,7 +639,7 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) {
 					AppID:       "app1",
 					EntityID:    "https://test.com/saml/metadata",
 					Metadata:    testMetadata,
-					MetadataURL: "",
+					MetadataURL: gu.Ptr(""),
 				},
 				resourceOwner: "org1",
 			},
@@ -646,7 +695,7 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) {
 					AppName:     "app",
 					EntityID:    "https://test2.com/saml/metadata",
 					Metadata:    nil,
-					MetadataURL: "http://localhost:8080/saml/metadata",
+					MetadataURL: gu.Ptr("http://localhost:8080/saml/metadata"),
 				},
 				resourceOwner: "org1",
 			},
@@ -656,17 +705,19 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) {
 						AggregateID:   "project1",
 						ResourceOwner: "org1",
 					},
-					AppID:       "app1",
-					AppName:     "app",
-					EntityID:    "https://test2.com/saml/metadata",
-					Metadata:    testMetadataChangedEntityID,
-					MetadataURL: "http://localhost:8080/saml/metadata",
-					State:       domain.AppStateActive,
+					AppID:        "app1",
+					AppName:      "app",
+					EntityID:     "https://test2.com/saml/metadata",
+					Metadata:     testMetadataChangedEntityID,
+					MetadataURL:  gu.Ptr("http://localhost:8080/saml/metadata"),
+					State:        domain.AppStateActive,
+					LoginVersion: gu.Ptr(domain.LoginVersionUnspecified),
+					LoginBaseURI: gu.Ptr(""),
 				},
 			},
 		},
 		{
-			name: "change saml app, ok, metadata",
+			name: "partial change saml app, ok, metadata",
 			fields: fields{
 				eventstore: expectEventstore(
 					expectFilter(
@@ -713,7 +764,7 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) {
 					AppName:     "app",
 					EntityID:    "https://test2.com/saml/metadata",
 					Metadata:    testMetadataChangedEntityID,
-					MetadataURL: "",
+					MetadataURL: gu.Ptr(""),
 				},
 				resourceOwner: "org1",
 			},
@@ -723,15 +774,18 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) {
 						AggregateID:   "project1",
 						ResourceOwner: "org1",
 					},
-					AppID:       "app1",
-					AppName:     "app",
-					EntityID:    "https://test2.com/saml/metadata",
-					Metadata:    testMetadataChangedEntityID,
-					MetadataURL: "",
-					State:       domain.AppStateActive,
+					AppID:        "app1",
+					AppName:      "app",
+					EntityID:     "https://test2.com/saml/metadata",
+					Metadata:     testMetadataChangedEntityID,
+					MetadataURL:  gu.Ptr(""),
+					State:        domain.AppStateActive,
+					LoginVersion: gu.Ptr(domain.LoginVersionUnspecified),
+					LoginBaseURI: gu.Ptr(""),
 				},
 			},
-		}, {
+		},
+		{
 			name: "change saml app, ok, loginversion",
 			fields: fields{
 				eventstore: expectEventstore(
@@ -781,9 +835,9 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) {
 					AppName:      "app",
 					EntityID:     "https://test2.com/saml/metadata",
 					Metadata:     testMetadataChangedEntityID,
-					MetadataURL:  "",
-					LoginVersion: domain.LoginVersion2,
-					LoginBaseURI: "https://test.com/login",
+					MetadataURL:  gu.Ptr(""),
+					LoginVersion: gu.Ptr(domain.LoginVersion2),
+					LoginBaseURI: gu.Ptr("https://test.com/login"),
 				},
 				resourceOwner: "org1",
 			},
@@ -797,10 +851,10 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) {
 					AppName:      "app",
 					EntityID:     "https://test2.com/saml/metadata",
 					Metadata:     testMetadataChangedEntityID,
-					MetadataURL:  "",
+					MetadataURL:  gu.Ptr(""),
 					State:        domain.AppStateActive,
-					LoginVersion: domain.LoginVersion2,
-					LoginBaseURI: "https://test.com/login",
+					LoginVersion: gu.Ptr(domain.LoginVersion2),
+					LoginBaseURI: gu.Ptr("https://test.com/login"),
 				},
 			},
 		},
@@ -808,11 +862,14 @@ func TestCommandSide_ChangeSAMLApplication(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
 			r := &Commands{
-				eventstore: tt.fields.eventstore(t),
-				httpClient: tt.fields.httpClient,
+				eventstore:      tt.fields.eventstore(t),
+				httpClient:      tt.fields.httpClient,
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
-			got, err := r.ChangeSAMLApplication(tt.args.ctx, tt.args.samlApp, tt.args.resourceOwner)
+			got, err := r.UpdateSAMLApplication(tt.args.ctx, tt.args.samlApp, tt.args.resourceOwner)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
diff --git a/internal/command/project_application_test.go b/internal/command/project_application_test.go
index 050a41d29f..a67e6886ed 100644
--- a/internal/command/project_application_test.go
+++ b/internal/command/project_application_test.go
@@ -8,13 +8,16 @@ import (
 
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/repository/mock"
 	"github.com/zitadel/zitadel/internal/repository/project"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
 func TestCommandSide_ChangeApplication(t *testing.T) {
+	t.Parallel()
+
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore func(*testing.T) *eventstore.Eventstore
 	}
 	type args struct {
 		ctx           context.Context
@@ -35,9 +38,7 @@ func TestCommandSide_ChangeApplication(t *testing.T) {
 		{
 			name: "invalid app missing projectid, invalid argument error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore: expectEventstore(func(mockRepository *mock.MockRepository) {}),
 			},
 			args: args{
 				ctx:       context.Background(),
@@ -55,9 +56,7 @@ func TestCommandSide_ChangeApplication(t *testing.T) {
 		{
 			name: "invalid app missing appid, invalid argument error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore: expectEventstore(func(mockRepository *mock.MockRepository) {}),
 			},
 			args: args{
 				ctx:       context.Background(),
@@ -74,9 +73,7 @@ func TestCommandSide_ChangeApplication(t *testing.T) {
 		{
 			name: "invalid app missing name, invalid argument error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore: expectEventstore(func(mockRepository *mock.MockRepository) {}),
 			},
 			args: args{
 				ctx:       context.Background(),
@@ -94,10 +91,7 @@ func TestCommandSide_ChangeApplication(t *testing.T) {
 		{
 			name: "app not existing, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-					expectFilter(),
-				),
+				eventstore: expectEventstore(expectFilter()),
 			},
 			args: args{
 				ctx:       context.Background(),
@@ -115,8 +109,7 @@ func TestCommandSide_ChangeApplication(t *testing.T) {
 		{
 			name: "app name not changed, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -142,8 +135,14 @@ func TestCommandSide_ChangeApplication(t *testing.T) {
 		{
 			name: "app changed, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"app1",
+							"app",
+						)),
+					),
 					expectFilter(
 						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -179,10 +178,13 @@ func TestCommandSide_ChangeApplication(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
-			got, err := r.ChangeApplication(tt.args.ctx, tt.args.projectID, tt.args.app, tt.args.resourceOwner)
+			got, err := r.UpdateApplicationName(tt.args.ctx, tt.args.projectID, tt.args.app, tt.args.resourceOwner)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -197,8 +199,10 @@ func TestCommandSide_ChangeApplication(t *testing.T) {
 }
 
 func TestCommandSide_DeactivateApplication(t *testing.T) {
+	t.Parallel()
+
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore func(*testing.T) *eventstore.Eventstore
 	}
 	type args struct {
 		ctx           context.Context
@@ -219,9 +223,7 @@ func TestCommandSide_DeactivateApplication(t *testing.T) {
 		{
 			name: "missing projectid, invalid argument error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore: expectEventstore(func(mockRepository *mock.MockRepository) {}),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -236,9 +238,7 @@ func TestCommandSide_DeactivateApplication(t *testing.T) {
 		{
 			name: "missing appid, invalid argument error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore: expectEventstore(func(mockRepository *mock.MockRepository) {}),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -253,8 +253,7 @@ func TestCommandSide_DeactivateApplication(t *testing.T) {
 		{
 			name: "app not existing, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(),
 				),
 			},
@@ -271,8 +270,7 @@ func TestCommandSide_DeactivateApplication(t *testing.T) {
 		{
 			name: "app already inactive, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -299,8 +297,14 @@ func TestCommandSide_DeactivateApplication(t *testing.T) {
 		{
 			name: "app deactivate, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"app1",
+							"app",
+						)),
+					),
 					expectFilter(
 						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -331,8 +335,11 @@ func TestCommandSide_DeactivateApplication(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
 			got, err := r.DeactivateApplication(tt.args.ctx, tt.args.projectID, tt.args.appID, tt.args.resourceOwner)
 			if tt.res.err == nil {
@@ -349,8 +356,10 @@ func TestCommandSide_DeactivateApplication(t *testing.T) {
 }
 
 func TestCommandSide_ReactivateApplication(t *testing.T) {
+	t.Parallel()
+
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore func(*testing.T) *eventstore.Eventstore
 	}
 	type args struct {
 		ctx           context.Context
@@ -371,9 +380,7 @@ func TestCommandSide_ReactivateApplication(t *testing.T) {
 		{
 			name: "missing projectid, invalid argument error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore: expectEventstore(func(mockRepository *mock.MockRepository) {}),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -388,9 +395,7 @@ func TestCommandSide_ReactivateApplication(t *testing.T) {
 		{
 			name: "missing appid, invalid argument error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore: expectEventstore(func(mockRepository *mock.MockRepository) {}),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -405,10 +410,7 @@ func TestCommandSide_ReactivateApplication(t *testing.T) {
 		{
 			name: "app not existing, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-					expectFilter(),
-				),
+				eventstore: expectEventstore(expectFilter()),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -423,8 +425,7 @@ func TestCommandSide_ReactivateApplication(t *testing.T) {
 		{
 			name: "app already active, precondition error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -447,8 +448,7 @@ func TestCommandSide_ReactivateApplication(t *testing.T) {
 		{
 			name: "app reactivate, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -483,8 +483,11 @@ func TestCommandSide_ReactivateApplication(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
 			got, err := r.ReactivateApplication(tt.args.ctx, tt.args.projectID, tt.args.appID, tt.args.resourceOwner)
 			if tt.res.err == nil {
@@ -501,8 +504,10 @@ func TestCommandSide_ReactivateApplication(t *testing.T) {
 }
 
 func TestCommandSide_RemoveApplication(t *testing.T) {
+	t.Parallel()
+
 	type fields struct {
-		eventstore *eventstore.Eventstore
+		eventstore func(*testing.T) *eventstore.Eventstore
 	}
 	type args struct {
 		ctx           context.Context
@@ -523,9 +528,7 @@ func TestCommandSide_RemoveApplication(t *testing.T) {
 		{
 			name: "missing projectid, invalid argument error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore: expectEventstore(func(mockRepository *mock.MockRepository) {}),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -540,9 +543,7 @@ func TestCommandSide_RemoveApplication(t *testing.T) {
 		{
 			name: "missing appid, invalid argument error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore: expectEventstore(func(mockRepository *mock.MockRepository) {}),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -557,10 +558,7 @@ func TestCommandSide_RemoveApplication(t *testing.T) {
 		{
 			name: "app not existing, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-					expectFilter(),
-				),
+				eventstore: expectEventstore(expectFilter()),
 			},
 			args: args{
 				ctx:           context.Background(),
@@ -575,8 +573,7 @@ func TestCommandSide_RemoveApplication(t *testing.T) {
 		{
 			name: "app remove, entityID, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -584,6 +581,7 @@ func TestCommandSide_RemoveApplication(t *testing.T) {
 							"app",
 						)),
 					),
+					expectFilter(),
 					expectFilter(
 						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -625,8 +623,7 @@ func TestCommandSide_RemoveApplication(t *testing.T) {
 		{
 			name: "app remove, ok",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(project.NewApplicationAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -636,6 +633,7 @@ func TestCommandSide_RemoveApplication(t *testing.T) {
 					),
 					// app is not saml, or no saml config available
 					expectFilter(),
+					expectFilter(),
 					expectPush(
 						project.NewApplicationRemovedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
@@ -661,8 +659,11 @@ func TestCommandSide_RemoveApplication(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
 			r := &Commands{
-				eventstore: tt.fields.eventstore,
+				eventstore:      tt.fields.eventstore(t),
+				checkPermission: newMockPermissionCheckAllowed(),
 			}
 			got, err := r.RemoveApplication(tt.args.ctx, tt.args.projectID, tt.args.appID, tt.args.resourceOwner)
 			if tt.res.err == nil {
diff --git a/internal/command/project_converter.go b/internal/command/project_converter.go
index 01b5a4e63d..e88a1cb75a 100644
--- a/internal/command/project_converter.go
+++ b/internal/command/project_converter.go
@@ -1,6 +1,8 @@
 package command
 
 import (
+	"github.com/muhlemmer/gu"
+
 	"github.com/zitadel/zitadel/internal/domain"
 )
 
@@ -35,21 +37,21 @@ func oidcWriteModelToOIDCConfig(writeModel *OIDCApplicationWriteModel) *domain.O
 		RedirectUris:             writeModel.RedirectUris,
 		ResponseTypes:            writeModel.ResponseTypes,
 		GrantTypes:               writeModel.GrantTypes,
-		ApplicationType:          writeModel.ApplicationType,
-		AuthMethodType:           writeModel.AuthMethodType,
+		ApplicationType:          gu.Ptr(writeModel.ApplicationType),
+		AuthMethodType:           gu.Ptr(writeModel.AuthMethodType),
 		PostLogoutRedirectUris:   writeModel.PostLogoutRedirectUris,
-		OIDCVersion:              writeModel.OIDCVersion,
-		DevMode:                  writeModel.DevMode,
-		AccessTokenType:          writeModel.AccessTokenType,
-		AccessTokenRoleAssertion: writeModel.AccessTokenRoleAssertion,
-		IDTokenRoleAssertion:     writeModel.IDTokenRoleAssertion,
-		IDTokenUserinfoAssertion: writeModel.IDTokenUserinfoAssertion,
-		ClockSkew:                writeModel.ClockSkew,
+		OIDCVersion:              gu.Ptr(writeModel.OIDCVersion),
+		DevMode:                  gu.Ptr(writeModel.DevMode),
+		AccessTokenType:          gu.Ptr(writeModel.AccessTokenType),
+		AccessTokenRoleAssertion: gu.Ptr(writeModel.AccessTokenRoleAssertion),
+		IDTokenRoleAssertion:     gu.Ptr(writeModel.IDTokenRoleAssertion),
+		IDTokenUserinfoAssertion: gu.Ptr(writeModel.IDTokenUserinfoAssertion),
+		ClockSkew:                gu.Ptr(writeModel.ClockSkew),
 		AdditionalOrigins:        writeModel.AdditionalOrigins,
-		SkipNativeAppSuccessPage: writeModel.SkipNativeAppSuccessPage,
-		BackChannelLogoutURI:     writeModel.BackChannelLogoutURI,
-		LoginVersion:             writeModel.LoginVersion,
-		LoginBaseURI:             writeModel.LoginBaseURI,
+		SkipNativeAppSuccessPage: gu.Ptr(writeModel.SkipNativeAppSuccessPage),
+		BackChannelLogoutURI:     gu.Ptr(writeModel.BackChannelLogoutURI),
+		LoginVersion:             gu.Ptr(writeModel.LoginVersion),
+		LoginBaseURI:             gu.Ptr(writeModel.LoginBaseURI),
 	}
 }
 
@@ -60,10 +62,10 @@ func samlWriteModelToSAMLConfig(writeModel *SAMLApplicationWriteModel) *domain.S
 		AppName:      writeModel.AppName,
 		State:        writeModel.State,
 		Metadata:     writeModel.Metadata,
-		MetadataURL:  writeModel.MetadataURL,
+		MetadataURL:  gu.Ptr(writeModel.MetadataURL),
 		EntityID:     writeModel.EntityID,
-		LoginVersion: writeModel.LoginVersion,
-		LoginBaseURI: writeModel.LoginBaseURI,
+		LoginVersion: gu.Ptr(writeModel.LoginVersion),
+		LoginBaseURI: gu.Ptr(writeModel.LoginBaseURI),
 	}
 }
 
@@ -78,15 +80,6 @@ func apiWriteModelToAPIConfig(writeModel *APIApplicationWriteModel) *domain.APIA
 	}
 }
 
-func roleWriteModelToRole(writeModel *ProjectRoleWriteModel) *domain.ProjectRole {
-	return &domain.ProjectRole{
-		ObjectRoot:  writeModelToObjectRoot(writeModel.WriteModel),
-		Key:         writeModel.Key,
-		DisplayName: writeModel.DisplayName,
-		Group:       writeModel.Group,
-	}
-}
-
 func memberWriteModelToProjectGrantMember(writeModel *ProjectGrantMemberWriteModel) *domain.ProjectGrantMember {
 	return &domain.ProjectGrantMember{
 		ObjectRoot: writeModelToObjectRoot(writeModel.WriteModel),
diff --git a/internal/command/project_model.go b/internal/command/project_model.go
index cabceb8500..4c9496b3ad 100644
--- a/internal/command/project_model.go
+++ b/internal/command/project_model.go
@@ -2,6 +2,7 @@ package command
 
 import (
 	"context"
+	"slices"
 
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -120,7 +121,7 @@ func (wm *ProjectWriteModel) NewChangedEvent(
 }
 
 func isProjectStateExists(state domain.ProjectState) bool {
-	return !hasProjectState(state, domain.ProjectStateRemoved, domain.ProjectStateUnspecified)
+	return !slices.Contains([]domain.ProjectState{domain.ProjectStateRemoved, domain.ProjectStateUnspecified}, state)
 }
 
 func ProjectAggregateFromWriteModel(wm *eventstore.WriteModel) *eventstore.Aggregate {
@@ -130,12 +131,3 @@ func ProjectAggregateFromWriteModel(wm *eventstore.WriteModel) *eventstore.Aggre
 func ProjectAggregateFromWriteModelWithCTX(ctx context.Context, wm *eventstore.WriteModel) *eventstore.Aggregate {
 	return project.AggregateFromWriteModel(ctx, wm)
 }
-
-func hasProjectState(check domain.ProjectState, states ...domain.ProjectState) bool {
-	for _, state := range states {
-		if check == state {
-			return true
-		}
-	}
-	return false
-}
diff --git a/internal/domain/application_oidc.go b/internal/domain/application_oidc.go
index 5d466c689d..10a70a1776 100644
--- a/internal/domain/application_oidc.go
+++ b/internal/domain/application_oidc.go
@@ -1,6 +1,7 @@
 package domain
 
 import (
+	"slices"
 	"strings"
 	"time"
 
@@ -32,22 +33,22 @@ type OIDCApp struct {
 	RedirectUris             []string
 	ResponseTypes            []OIDCResponseType
 	GrantTypes               []OIDCGrantType
-	ApplicationType          OIDCApplicationType
-	AuthMethodType           OIDCAuthMethodType
+	ApplicationType          *OIDCApplicationType
+	AuthMethodType           *OIDCAuthMethodType
 	PostLogoutRedirectUris   []string
-	OIDCVersion              OIDCVersion
+	OIDCVersion              *OIDCVersion
 	Compliance               *Compliance
-	DevMode                  bool
-	AccessTokenType          OIDCTokenType
-	AccessTokenRoleAssertion bool
-	IDTokenRoleAssertion     bool
-	IDTokenUserinfoAssertion bool
-	ClockSkew                time.Duration
+	DevMode                  *bool
+	AccessTokenType          *OIDCTokenType
+	AccessTokenRoleAssertion *bool
+	IDTokenRoleAssertion     *bool
+	IDTokenUserinfoAssertion *bool
+	ClockSkew                *time.Duration
 	AdditionalOrigins        []string
-	SkipNativeAppSuccessPage bool
-	BackChannelLogoutURI     string
-	LoginVersion             LoginVersion
-	LoginBaseURI             string
+	SkipNativeAppSuccessPage *bool
+	BackChannelLogoutURI     *string
+	LoginVersion             *LoginVersion
+	LoginBaseURI             *string
 
 	State AppState
 }
@@ -69,7 +70,7 @@ func (a *OIDCApp) setClientSecret(encodedHash string) {
 }
 
 func (a *OIDCApp) requiresClientSecret() bool {
-	return a.AuthMethodType == OIDCAuthMethodTypeBasic || a.AuthMethodType == OIDCAuthMethodTypePost
+	return a.AuthMethodType != nil && (*a.AuthMethodType == OIDCAuthMethodTypeBasic || *a.AuthMethodType == OIDCAuthMethodTypePost)
 }
 
 type OIDCVersion int32
@@ -137,7 +138,7 @@ const (
 )
 
 func (a *OIDCApp) IsValid() bool {
-	if a.ClockSkew > time.Second*5 || a.ClockSkew < time.Second*0 || !a.OriginsValid() {
+	if (a.ClockSkew != nil && (*a.ClockSkew > time.Second*5 || *a.ClockSkew < time.Second*0)) || !a.OriginsValid() {
 		return false
 	}
 	grantTypes := a.getRequiredGrantTypes()
@@ -204,30 +205,25 @@ func ContainsOIDCGrantTypes(shouldContain, list []OIDCGrantType) bool {
 }
 
 func containsOIDCGrantType(grantTypes []OIDCGrantType, grantType OIDCGrantType) bool {
-	for _, gt := range grantTypes {
-		if gt == grantType {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(grantTypes, grantType)
 }
 
 func (a *OIDCApp) FillCompliance() {
 	a.Compliance = GetOIDCCompliance(a.OIDCVersion, a.ApplicationType, a.GrantTypes, a.ResponseTypes, a.AuthMethodType, a.RedirectUris)
 }
 
-func GetOIDCCompliance(version OIDCVersion, appType OIDCApplicationType, grantTypes []OIDCGrantType, responseTypes []OIDCResponseType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance {
-	switch version {
-	case OIDCVersionV1:
+func GetOIDCCompliance(version *OIDCVersion, appType *OIDCApplicationType, grantTypes []OIDCGrantType, responseTypes []OIDCResponseType, authMethod *OIDCAuthMethodType, redirectUris []string) *Compliance {
+	if version != nil && *version == OIDCVersionV1 {
 		return GetOIDCV1Compliance(appType, grantTypes, authMethod, redirectUris)
 	}
+
 	return &Compliance{
 		NoneCompliant: true,
 		Problems:      []string{"Application.OIDC.UnsupportedVersion"},
 	}
 }
 
-func GetOIDCV1Compliance(appType OIDCApplicationType, grantTypes []OIDCGrantType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance {
+func GetOIDCV1Compliance(appType *OIDCApplicationType, grantTypes []OIDCGrantType, authMethod *OIDCAuthMethodType, redirectUris []string) *Compliance {
 	compliance := &Compliance{NoneCompliant: false}
 
 	checkGrantTypesCombination(compliance, grantTypes)
@@ -247,7 +243,7 @@ func checkGrantTypesCombination(compliance *Compliance, grantTypes []OIDCGrantTy
 	}
 }
 
-func checkRedirectURIs(compliance *Compliance, grantTypes []OIDCGrantType, appType OIDCApplicationType, redirectUris []string) {
+func checkRedirectURIs(compliance *Compliance, grantTypes []OIDCGrantType, appType *OIDCApplicationType, redirectUris []string) {
 	// See #5684 for OIDCGrantTypeDeviceCode and redirectUris further explanation
 	if len(redirectUris) == 0 && (!containsOIDCGrantType(grantTypes, OIDCGrantTypeDeviceCode) || (containsOIDCGrantType(grantTypes, OIDCGrantTypeDeviceCode) && containsOIDCGrantType(grantTypes, OIDCGrantTypeAuthorizationCode))) {
 		compliance.NoneCompliant = true
@@ -266,53 +262,58 @@ func checkRedirectURIs(compliance *Compliance, grantTypes []OIDCGrantType, appTy
 	}
 }
 
-func checkApplicationType(compliance *Compliance, appType OIDCApplicationType, authMethod OIDCAuthMethodType) {
-	switch appType {
-	case OIDCApplicationTypeNative:
-		GetOIDCV1NativeApplicationCompliance(compliance, authMethod)
-	case OIDCApplicationTypeUserAgent:
-		GetOIDCV1UserAgentApplicationCompliance(compliance, authMethod)
+func checkApplicationType(compliance *Compliance, appType *OIDCApplicationType, authMethod *OIDCAuthMethodType) {
+	if appType != nil {
+		switch *appType {
+		case OIDCApplicationTypeNative:
+			GetOIDCV1NativeApplicationCompliance(compliance, authMethod)
+		case OIDCApplicationTypeUserAgent:
+			GetOIDCV1UserAgentApplicationCompliance(compliance, authMethod)
+		case OIDCApplicationTypeWeb:
+			return
+		}
 	}
+
 	if compliance.NoneCompliant {
 		compliance.Problems = append([]string{"Application.OIDC.V1.NotCompliant"}, compliance.Problems...)
 	}
 }
 
-func GetOIDCV1NativeApplicationCompliance(compliance *Compliance, authMethod OIDCAuthMethodType) {
-	if authMethod != OIDCAuthMethodTypeNone {
+func GetOIDCV1NativeApplicationCompliance(compliance *Compliance, authMethod *OIDCAuthMethodType) {
+	if authMethod != nil && *authMethod != OIDCAuthMethodTypeNone {
 		compliance.NoneCompliant = true
 		compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Native.AuthMethodType.NotNone")
 	}
 }
 
-func GetOIDCV1UserAgentApplicationCompliance(compliance *Compliance, authMethod OIDCAuthMethodType) {
-	if authMethod != OIDCAuthMethodTypeNone {
+func GetOIDCV1UserAgentApplicationCompliance(compliance *Compliance, authMethod *OIDCAuthMethodType) {
+	if authMethod != nil && *authMethod != OIDCAuthMethodTypeNone {
 		compliance.NoneCompliant = true
 		compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.UserAgent.AuthMethodType.NotNone")
 	}
 }
 
-func CheckRedirectUrisCode(compliance *Compliance, appType OIDCApplicationType, redirectUris []string) {
+func CheckRedirectUrisCode(compliance *Compliance, appType *OIDCApplicationType, redirectUris []string) {
 	if urlsAreHttps(redirectUris) {
 		return
 	}
 	if urlContainsPrefix(redirectUris, http) {
-		if appType == OIDCApplicationTypeUserAgent {
+		if appType != nil && *appType == OIDCApplicationTypeUserAgent {
 			compliance.NoneCompliant = true
 			compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Code.RedirectUris.HttpOnlyForWeb")
 		}
-		if appType == OIDCApplicationTypeNative && !onlyLocalhostIsHttp(redirectUris) {
+		if appType != nil && *appType == OIDCApplicationTypeNative && !onlyLocalhostIsHttp(redirectUris) {
 			compliance.NoneCompliant = true
 			compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Native.RedirectUris.MustBeHttpLocalhost")
 		}
 	}
-	if containsCustom(redirectUris) && appType != OIDCApplicationTypeNative {
+	if containsCustom(redirectUris) && appType != nil && *appType != OIDCApplicationTypeNative {
 		compliance.NoneCompliant = true
 		compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Code.RedirectUris.CustomOnlyForNative")
 	}
 }
 
-func CheckRedirectUrisImplicit(compliance *Compliance, appType OIDCApplicationType, redirectUris []string) {
+func CheckRedirectUrisImplicit(compliance *Compliance, appType *OIDCApplicationType, redirectUris []string) {
 	if urlsAreHttps(redirectUris) {
 		return
 	}
@@ -321,7 +322,7 @@ func CheckRedirectUrisImplicit(compliance *Compliance, appType OIDCApplicationTy
 		compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Implicit.RedirectUris.CustomNotAllowed")
 	}
 	if urlContainsPrefix(redirectUris, http) {
-		if appType == OIDCApplicationTypeNative {
+		if appType != nil && *appType == OIDCApplicationTypeNative {
 			if !onlyLocalhostIsHttp(redirectUris) {
 				compliance.NoneCompliant = true
 				compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Native.RedirectUris.MustBeHttpLocalhost")
@@ -333,20 +334,20 @@ func CheckRedirectUrisImplicit(compliance *Compliance, appType OIDCApplicationTy
 	}
 }
 
-func CheckRedirectUrisImplicitAndCode(compliance *Compliance, appType OIDCApplicationType, redirectUris []string) {
+func CheckRedirectUrisImplicitAndCode(compliance *Compliance, appType *OIDCApplicationType, redirectUris []string) {
 	if urlsAreHttps(redirectUris) {
 		return
 	}
-	if containsCustom(redirectUris) && appType != OIDCApplicationTypeNative {
+	if containsCustom(redirectUris) && appType != nil && *appType != OIDCApplicationTypeNative {
 		compliance.NoneCompliant = true
 		compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Implicit.RedirectUris.CustomNotAllowed")
 	}
 	if urlContainsPrefix(redirectUris, http) {
-		if appType == OIDCApplicationTypeUserAgent {
+		if appType != nil && *appType == OIDCApplicationTypeUserAgent {
 			compliance.NoneCompliant = true
 			compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Code.RedirectUris.HttpOnlyForWeb")
 		}
-		if !onlyLocalhostIsHttp(redirectUris) && appType == OIDCApplicationTypeNative {
+		if !onlyLocalhostIsHttp(redirectUris) && appType != nil && *appType == OIDCApplicationTypeNative {
 			compliance.NoneCompliant = true
 			compliance.Problems = append(compliance.Problems, "Application.OIDC.V1.Native.RedirectUris.MustBeHttpLocalhost")
 		}
diff --git a/internal/domain/application_oidc_test.go b/internal/domain/application_oidc_test.go
index b3d9488827..4208917cdd 100644
--- a/internal/domain/application_oidc_test.go
+++ b/internal/domain/application_oidc_test.go
@@ -6,6 +6,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/muhlemmer/gu"
+
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
 )
 
@@ -25,7 +27,7 @@ func TestApplicationValid(t *testing.T) {
 					ObjectRoot:    models.ObjectRoot{AggregateID: "AggregateID"},
 					AppID:         "AppID",
 					AppName:       "AppName",
-					ClockSkew:     time.Minute * 1,
+					ClockSkew:     gu.Ptr(time.Minute * 1),
 					ResponseTypes: []OIDCResponseType{OIDCResponseTypeCode},
 					GrantTypes:    []OIDCGrantType{OIDCGrantTypeAuthorizationCode},
 				},
@@ -39,7 +41,7 @@ func TestApplicationValid(t *testing.T) {
 					ObjectRoot:    models.ObjectRoot{AggregateID: "AggregateID"},
 					AppID:         "AppID",
 					AppName:       "AppName",
-					ClockSkew:     time.Minute * -1,
+					ClockSkew:     gu.Ptr(time.Minute * -1),
 					ResponseTypes: []OIDCResponseType{OIDCResponseTypeCode},
 					GrantTypes:    []OIDCGrantType{OIDCGrantTypeAuthorizationCode},
 				},
@@ -190,9 +192,9 @@ func TestApplicationValid(t *testing.T) {
 
 func TestGetOIDCV1Compliance(t *testing.T) {
 	type args struct {
-		appType      OIDCApplicationType
+		appType      *OIDCApplicationType
 		grantTypes   []OIDCGrantType
-		authMethod   OIDCAuthMethodType
+		authMethod   *OIDCAuthMethodType
 		redirectUris []string
 	}
 	tests := []struct {
@@ -266,7 +268,7 @@ func Test_checkGrantTypesCombination(t *testing.T) {
 func Test_checkRedirectURIs(t *testing.T) {
 	type args struct {
 		grantTypes   []OIDCGrantType
-		appType      OIDCApplicationType
+		appType      *OIDCApplicationType
 		redirectUris []string
 	}
 	tests := []struct {
@@ -304,7 +306,7 @@ func Test_checkRedirectURIs(t *testing.T) {
 			args: args{
 				redirectUris: []string{"http://redirect.to/me"},
 				grantTypes:   []OIDCGrantType{OIDCGrantTypeImplicit},
-				appType:      OIDCApplicationTypeUserAgent,
+				appType:      gu.Ptr(OIDCApplicationTypeUserAgent),
 			},
 		},
 		{
@@ -316,7 +318,7 @@ func Test_checkRedirectURIs(t *testing.T) {
 			args: args{
 				redirectUris: []string{"http://redirect.to/me"},
 				grantTypes:   []OIDCGrantType{OIDCGrantTypeAuthorizationCode},
-				appType:      OIDCApplicationTypeUserAgent,
+				appType:      gu.Ptr(OIDCApplicationTypeUserAgent),
 			},
 		},
 	}
@@ -338,7 +340,7 @@ func Test_checkRedirectURIs(t *testing.T) {
 
 func Test_CheckRedirectUrisImplicitAndCode(t *testing.T) {
 	type args struct {
-		appType      OIDCApplicationType
+		appType      *OIDCApplicationType
 		redirectUris []string
 	}
 	tests := []struct {
@@ -356,17 +358,6 @@ func Test_CheckRedirectUrisImplicitAndCode(t *testing.T) {
 				redirectUris: []string{"https://redirect.to/me"},
 			},
 		},
-		// {
-		// 	name: "custom protocol, not native",
-		// 	want: &Compliance{
-		// 		NoneCompliant: true,
-		// 		Problems:      []string{"Application.OIDC.V1.Implicit.RedirectUris.CustomNotAllowed"},
-		// 	},
-		// 	args: args{
-		// 		redirectUris: []string{"protocol://redirect.to/me"},
-		// 		appType:      OIDCApplicationTypeWeb,
-		// 	},
-		// },
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -386,7 +377,7 @@ func Test_CheckRedirectUrisImplicitAndCode(t *testing.T) {
 
 func TestCheckRedirectUrisImplicitAndCode(t *testing.T) {
 	type args struct {
-		appType      OIDCApplicationType
+		appType      *OIDCApplicationType
 		redirectUris []string
 	}
 	tests := []struct {
@@ -402,7 +393,7 @@ func TestCheckRedirectUrisImplicitAndCode(t *testing.T) {
 		{
 			name: "custom protocol not native app",
 			args: args{
-				appType:      OIDCApplicationTypeWeb,
+				appType:      gu.Ptr(OIDCApplicationTypeWeb),
 				redirectUris: []string{"custom://nirvana.com"},
 			},
 			want: &Compliance{
@@ -413,7 +404,7 @@ func TestCheckRedirectUrisImplicitAndCode(t *testing.T) {
 		{
 			name: "http localhost user agent app",
 			args: args{
-				appType:      OIDCApplicationTypeUserAgent,
+				appType:      gu.Ptr(OIDCApplicationTypeUserAgent),
 				redirectUris: []string{"http://localhost:9009"},
 			},
 			want: &Compliance{
@@ -424,7 +415,7 @@ func TestCheckRedirectUrisImplicitAndCode(t *testing.T) {
 		{
 			name: "http, not only localhost native app",
 			args: args{
-				appType:      OIDCApplicationTypeNative,
+				appType:      gu.Ptr(OIDCApplicationTypeNative),
 				redirectUris: []string{"http://nirvana.com", "http://localhost:9009"},
 			},
 			want: &Compliance{
@@ -435,7 +426,7 @@ func TestCheckRedirectUrisImplicitAndCode(t *testing.T) {
 		{
 			name: "not allowed combination",
 			args: args{
-				appType:      OIDCApplicationTypeNative,
+				appType:      gu.Ptr(OIDCApplicationTypeNative),
 				redirectUris: []string{"https://nirvana.com", "cutom://nirvana.com"},
 			},
 			want: &Compliance{
@@ -461,7 +452,7 @@ func TestCheckRedirectUrisImplicitAndCode(t *testing.T) {
 
 func TestCheckRedirectUrisImplicit(t *testing.T) {
 	type args struct {
-		appType      OIDCApplicationType
+		appType      *OIDCApplicationType
 		redirectUris []string
 	}
 	tests := []struct {
@@ -488,7 +479,7 @@ func TestCheckRedirectUrisImplicit(t *testing.T) {
 			name: "only http protocol, app type native, not only localhost",
 			args: args{
 				redirectUris: []string{"http://nirvana.com"},
-				appType:      OIDCApplicationTypeNative,
+				appType:      gu.Ptr(OIDCApplicationTypeNative),
 			},
 			want: &Compliance{
 				NoneCompliant: true,
@@ -499,7 +490,7 @@ func TestCheckRedirectUrisImplicit(t *testing.T) {
 			name: "only http protocol, app type native, only localhost",
 			args: args{
 				redirectUris: []string{"http://localhost:8080"},
-				appType:      OIDCApplicationTypeNative,
+				appType:      gu.Ptr(OIDCApplicationTypeNative),
 			},
 			want: &Compliance{
 				NoneCompliant: false,
@@ -510,7 +501,7 @@ func TestCheckRedirectUrisImplicit(t *testing.T) {
 			name: "only http protocol, app type web",
 			args: args{
 				redirectUris: []string{"http://nirvana.com"},
-				appType:      OIDCApplicationTypeWeb,
+				appType:      gu.Ptr(OIDCApplicationTypeWeb),
 			},
 			want: &Compliance{
 				NoneCompliant: true,
@@ -535,7 +526,7 @@ func TestCheckRedirectUrisImplicit(t *testing.T) {
 
 func TestCheckRedirectUrisCode(t *testing.T) {
 	type args struct {
-		appType      OIDCApplicationType
+		appType      *OIDCApplicationType
 		redirectUris []string
 	}
 	tests := []struct {
@@ -552,7 +543,7 @@ func TestCheckRedirectUrisCode(t *testing.T) {
 			name: "custom prefix, app type web",
 			args: args{
 				redirectUris: []string{"custom://nirvana.com"},
-				appType:      OIDCApplicationTypeWeb,
+				appType:      gu.Ptr(OIDCApplicationTypeWeb),
 			},
 			want: &Compliance{
 				NoneCompliant: true,
@@ -563,7 +554,7 @@ func TestCheckRedirectUrisCode(t *testing.T) {
 			name: "only http protocol, app type user agent",
 			args: args{
 				redirectUris: []string{"http://nirvana.com"},
-				appType:      OIDCApplicationTypeUserAgent,
+				appType:      gu.Ptr(OIDCApplicationTypeUserAgent),
 			},
 			want: &Compliance{
 				NoneCompliant: true,
@@ -574,7 +565,7 @@ func TestCheckRedirectUrisCode(t *testing.T) {
 			name: "only http protocol, app type native, only localhost",
 			args: args{
 				redirectUris: []string{"http://localhost:8080", "http://nirvana.com:8080"},
-				appType:      OIDCApplicationTypeNative,
+				appType:      gu.Ptr(OIDCApplicationTypeNative),
 			},
 			want: &Compliance{
 				NoneCompliant: true,
@@ -585,7 +576,7 @@ func TestCheckRedirectUrisCode(t *testing.T) {
 			name: "custom protocol, not native",
 			args: args{
 				redirectUris: []string{"custom://nirvana.com"},
-				appType:      OIDCApplicationTypeWeb,
+				appType:      gu.Ptr(OIDCApplicationTypeWeb),
 			},
 			want: &Compliance{
 				NoneCompliant: true,
diff --git a/internal/domain/application_saml.go b/internal/domain/application_saml.go
index de7ef789ee..aff1875c7e 100644
--- a/internal/domain/application_saml.go
+++ b/internal/domain/application_saml.go
@@ -11,9 +11,9 @@ type SAMLApp struct {
 	AppName      string
 	EntityID     string
 	Metadata     []byte
-	MetadataURL  string
-	LoginVersion LoginVersion
-	LoginBaseURI string
+	MetadataURL  *string
+	LoginVersion *LoginVersion
+	LoginBaseURI *string
 
 	State AppState
 }
@@ -31,11 +31,14 @@ func (a *SAMLApp) GetMetadata() []byte {
 }
 
 func (a *SAMLApp) GetMetadataURL() string {
-	return a.MetadataURL
+	if a.MetadataURL != nil {
+		return *a.MetadataURL
+	}
+	return ""
 }
 
 func (a *SAMLApp) IsValid() bool {
-	if a.MetadataURL == "" && a.Metadata == nil {
+	if (a.MetadataURL == nil || *a.MetadataURL == "") && a.Metadata == nil {
 		return false
 	}
 	return true
diff --git a/internal/domain/permission.go b/internal/domain/permission.go
index bb569955f5..119e8c2d3e 100644
--- a/internal/domain/permission.go
+++ b/internal/domain/permission.go
@@ -47,6 +47,9 @@ const (
 	PermissionProjectRoleWrite    = "project.role.write"
 	PermissionProjectRoleRead     = "project.role.read"
 	PermissionProjectRoleDelete   = "project.role.delete"
+	PermissionProjectAppWrite     = "project.app.write"
+	PermissionProjectAppDelete    = "project.app.delete"
+	PermissionProjectAppRead      = "project.app.read"
 )
 
 // ProjectPermissionCheck is used as a check for preconditions dependent on application, project, user resourceowner and usergrants.
diff --git a/internal/integration/client.go b/internal/integration/client.go
index 20c98b5628..326d6fa8b4 100644
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -22,6 +22,7 @@ import (
 	"github.com/zitadel/zitadel/internal/integration/scim"
 	action "github.com/zitadel/zitadel/pkg/grpc/action/v2beta"
 	"github.com/zitadel/zitadel/pkg/grpc/admin"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
 	"github.com/zitadel/zitadel/pkg/grpc/auth"
 	"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
 	feature_v2beta "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta"
@@ -75,6 +76,7 @@ type Client struct {
 	SCIM           *scim.Client
 	Projectv2Beta  project_v2beta.ProjectServiceClient
 	InstanceV2Beta instance.InstanceServiceClient
+	AppV2Beta      app.AppServiceClient
 }
 
 func NewDefaultClient(ctx context.Context) (*Client, error) {
@@ -114,6 +116,7 @@ func newClient(ctx context.Context, target string) (*Client, error) {
 		SCIM:           scim.NewScimClient(target),
 		Projectv2Beta:  project_v2beta.NewProjectServiceClient(cc),
 		InstanceV2Beta: instance.NewInstanceServiceClient(cc),
+		AppV2Beta:      app.NewAppServiceClient(cc),
 	}
 	return client, client.pollHealth(ctx)
 }
diff --git a/internal/project/model/oidc_config.go b/internal/project/model/oidc_config.go
index 50be6c318a..2c482a67a7 100644
--- a/internal/project/model/oidc_config.go
+++ b/internal/project/model/oidc_config.go
@@ -3,6 +3,8 @@ package model
 import (
 	"time"
 
+	"github.com/muhlemmer/gu"
+
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
@@ -98,7 +100,7 @@ func GetOIDCCompliance(version OIDCVersion, appType OIDCApplicationType, grantTy
 		for i, grantType := range grantTypes {
 			domainGrantTypes[i] = domain.OIDCGrantType(grantType)
 		}
-		compliance := domain.GetOIDCV1Compliance(domain.OIDCApplicationType(appType), domainGrantTypes, domain.OIDCAuthMethodType(authMethod), redirectUris)
+		compliance := domain.GetOIDCV1Compliance(gu.Ptr(domain.OIDCApplicationType(appType)), domainGrantTypes, gu.Ptr(domain.OIDCAuthMethodType(authMethod)), redirectUris)
 		return &Compliance{
 			NoneCompliant: compliance.NoneCompliant,
 			Problems:      compliance.Problems,
diff --git a/internal/query/app.go b/internal/query/app.go
index bc97c1807e..777c295139 100644
--- a/internal/query/app.go
+++ b/internal/query/app.go
@@ -5,9 +5,11 @@ import (
 	"database/sql"
 	_ "embed"
 	"errors"
+	"slices"
 	"time"
 
 	sq "github.com/Masterminds/squirrel"
+	"github.com/muhlemmer/gu"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -307,6 +309,19 @@ func (q *Queries) AppByProjectAndAppID(ctx context.Context, shouldTriggerBulk bo
 	return app, err
 }
 
+func (q *Queries) AppByIDWithPermission(ctx context.Context, appID string, activeOnly bool, permissionCheck domain.PermissionCheck) (*App, error) {
+	app, err := q.AppByID(ctx, appID, activeOnly)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := appCheckPermission(ctx, app.ResourceOwner, app.ProjectID, permissionCheck); err != nil {
+		return nil, err
+	}
+
+	return app, nil
+}
+
 func (q *Queries) AppByID(ctx context.Context, appID string, activeOnly bool) (app *App, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
@@ -476,11 +491,54 @@ func (q *Queries) AppByOIDCClientID(ctx context.Context, clientID string) (app *
 	return app, err
 }
 
-func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries, withOwnerRemoved bool) (apps *Apps, err error) {
+func (q *Queries) AppByClientID(ctx context.Context, clientID string) (app *App, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	stmt, scan := prepareAppQuery(true)
+	eq := sq.Eq{
+		AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
+		AppColumnState.identifier():      domain.AppStateActive,
+		ProjectColumnState.identifier():  domain.ProjectStateActive,
+		OrgColumnState.identifier():      domain.OrgStateActive,
+	}
+	query, args, err := stmt.Where(sq.And{
+		eq,
+		sq.Or{
+			sq.Eq{AppOIDCConfigColumnClientID.identifier(): clientID},
+			sq.Eq{AppAPIConfigColumnClientID.identifier(): clientID},
+		},
+	}).ToSql()
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "QUERY-Dfge2", "Errors.Query.SQLStatement")
+	}
+
+	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
+		app, err = scan(row)
+		return err
+	}, query, args...)
+	return app, err
+}
+
+func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries, permissionCheck domain.PermissionCheck) (*Apps, error) {
+	apps, err := q.searchApps(ctx, queries, PermissionV2(ctx, permissionCheck))
+	if err != nil {
+		return nil, err
+	}
+
+	if permissionCheck != nil && !authz.GetFeatures(ctx).PermissionCheckV2 {
+		apps.Apps = appsCheckPermission(ctx, apps.Apps, permissionCheck)
+	}
+	return apps, nil
+}
+
+func (q *Queries) searchApps(ctx context.Context, queries *AppSearchQueries, isPermissionV2Enabled bool) (apps *Apps, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
 	query, scan := prepareAppsQuery()
+	query = appPermissionCheckV2(ctx, query, isPermissionV2Enabled, queries)
+
 	eq := sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()}
 	stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
 	if err != nil {
@@ -498,6 +556,21 @@ func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries, wit
 	return apps, err
 }
 
+func appPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, queries *AppSearchQueries) sq.SelectBuilder {
+	if !enabled {
+		return query
+	}
+
+	join, args := PermissionClause(
+		ctx,
+		AppColumnResourceOwner,
+		domain.PermissionProjectAppRead,
+		SingleOrgPermissionOption(queries.Queries),
+		WithProjectsPermissionOption(AppColumnProjectID),
+	)
+	return query.JoinClause(join, args...)
+}
+
 func (q *Queries) SearchClientIDs(ctx context.Context, queries *AppSearchQueries, shouldTriggerBulk bool) (ids []string, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
@@ -574,10 +647,25 @@ func (q *Queries) SAMLAppLoginVersion(ctx context.Context, appID string) (loginV
 	return loginVersion, nil
 }
 
+func appCheckPermission(ctx context.Context, resourceOwner string, projectID string, permissionCheck domain.PermissionCheck) error {
+	return permissionCheck(ctx, domain.PermissionProjectAppRead, resourceOwner, projectID)
+}
+
+// appsCheckPermission returns only the apps that the user in context has permission to read
+func appsCheckPermission(ctx context.Context, apps []*App, permissionCheck domain.PermissionCheck) []*App {
+	return slices.DeleteFunc(apps, func(app *App) bool {
+		return permissionCheck(ctx, domain.PermissionProjectAppRead, app.ResourceOwner, app.ProjectID) != nil
+	})
+}
+
 func NewAppNameSearchQuery(method TextComparison, value string) (SearchQuery, error) {
 	return NewTextQuery(AppColumnName, value, method)
 }
 
+func NewAppStateSearchQuery(value domain.AppState) (SearchQuery, error) {
+	return NewNumberQuery(AppColumnState, int(value), NumberEquals)
+}
+
 func NewAppProjectIDSearchQuery(id string) (SearchQuery, error) {
 	return NewTextQuery(AppColumnProjectID, id, TextEquals)
 }
@@ -1089,7 +1177,7 @@ func (c sqlOIDCConfig) set(app *App) {
 	if c.loginBaseURI.Valid {
 		app.OIDCConfig.LoginBaseURI = &c.loginBaseURI.String
 	}
-	compliance := domain.GetOIDCCompliance(app.OIDCConfig.Version, app.OIDCConfig.AppType, app.OIDCConfig.GrantTypes, app.OIDCConfig.ResponseTypes, app.OIDCConfig.AuthMethodType, app.OIDCConfig.RedirectURIs)
+	compliance := domain.GetOIDCCompliance(gu.Ptr(app.OIDCConfig.Version), gu.Ptr(app.OIDCConfig.AppType), app.OIDCConfig.GrantTypes, app.OIDCConfig.ResponseTypes, gu.Ptr(app.OIDCConfig.AuthMethodType), app.OIDCConfig.RedirectURIs)
 	app.OIDCConfig.ComplianceProblems = compliance.Problems
 
 	var err error
diff --git a/pkg/grpc/app/v2beta/application.go b/pkg/grpc/app/v2beta/application.go
new file mode 100644
index 0000000000..bbce4289f9
--- /dev/null
+++ b/pkg/grpc/app/v2beta/application.go
@@ -0,0 +1,5 @@
+package app
+
+type ApplicationConfig = isApplication_Config
+
+type MetaType = isUpdateSAMLApplicationConfigurationRequest_Metadata
\ No newline at end of file
diff --git a/proto/zitadel/app/v2beta/api.proto b/proto/zitadel/app/v2beta/api.proto
new file mode 100644
index 0000000000..9ef09d5ad8
--- /dev/null
+++ b/proto/zitadel/app/v2beta/api.proto
@@ -0,0 +1,26 @@
+syntax = "proto3";
+
+package zitadel.app.v2beta;
+
+import "protoc-gen-openapiv2/options/annotations.proto";
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/app/v2beta;app";
+
+enum APIAuthMethodType {
+    API_AUTH_METHOD_TYPE_BASIC = 0;
+    API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT = 1;
+}
+
+message APIConfig {
+    string client_id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"69629023906488334@ZITADEL\"";
+            description: "generated oauth2/oidc client_id";
+        }
+    ];
+    APIAuthMethodType auth_method_type = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "defines how the API passes the login credentials";
+        }
+    ];
+}
\ No newline at end of file
diff --git a/proto/zitadel/app/v2beta/app.proto b/proto/zitadel/app/v2beta/app.proto
new file mode 100644
index 0000000000..f85e3c021d
--- /dev/null
+++ b/proto/zitadel/app/v2beta/app.proto
@@ -0,0 +1,94 @@
+syntax = "proto3";
+
+package zitadel.app.v2beta;
+
+import "zitadel/app/v2beta/oidc.proto";
+import "zitadel/app/v2beta/saml.proto";
+import "zitadel/app/v2beta/api.proto";
+import "zitadel/filter/v2/filter.proto";
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/timestamp.proto";
+import "validate/validate.proto";
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/app/v2beta;app";
+
+message Application {
+    string id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"69629023906488334\"";
+        }
+    ];
+
+    // The timestamp of the app creation.
+    google.protobuf.Timestamp creation_date = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"2024-12-18T07:50:47.492Z\"";
+        }
+    ];
+
+    // The timestamp of the app update.
+    google.protobuf.Timestamp change_date = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"2024-12-18T07:50:47.492Z\"";
+        }
+    ];
+
+    AppState state = 4 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "current state of the application";
+        }
+    ];
+    string name = 5 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"Console\"";
+        }
+    ];
+    oneof config {
+        OIDCConfig oidc_config = 6;
+        APIConfig api_config = 7;
+        SAMLConfig saml_config = 8;
+    }
+}
+
+enum AppState {
+    APP_STATE_UNSPECIFIED = 0;
+    APP_STATE_ACTIVE = 1;
+    APP_STATE_INACTIVE = 2;
+    APP_STATE_REMOVED = 3;
+}
+
+enum AppSorting {
+    APP_SORT_BY_ID = 0;
+    APP_SORT_BY_NAME = 1;
+    APP_SORT_BY_STATE = 2;
+    APP_SORT_BY_CREATION_DATE = 3;
+    APP_SORT_BY_CHANGE_DATE = 4;
+}
+
+message ApplicationSearchFilter {
+    oneof filter {
+        option (validate.required) = true;
+        ApplicationNameQuery name_filter = 1;
+        AppState state_filter = 2;
+        bool api_app_only = 3;
+        bool oidc_app_only = 4;
+        bool saml_app_only = 5;
+    }
+}
+
+message ApplicationNameQuery {
+    string name = 1 [
+        (validate.rules).string = {max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"Conso\""
+        }
+    ];
+
+    zitadel.filter.v2.TextFilterMethod method = 2 [
+        (validate.rules).enum.defined_only = true,
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "defines which text equality method is used"
+        }
+    ];
+}
diff --git a/proto/zitadel/app/v2beta/app_service.proto b/proto/zitadel/app/v2beta/app_service.proto
new file mode 100644
index 0000000000..a881022caa
--- /dev/null
+++ b/proto/zitadel/app/v2beta/app_service.proto
@@ -0,0 +1,788 @@
+syntax = "proto3";
+
+package zitadel.app.v2beta;
+
+import "google/api/annotations.proto";
+import "google/api/field_behavior.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/struct.proto";
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "validate/validate.proto";
+import "zitadel/app/v2beta/login.proto";
+import "zitadel/app/v2beta/oidc.proto";
+import "zitadel/app/v2beta/api.proto";
+import "zitadel/app/v2beta/app.proto";
+import "google/protobuf/timestamp.proto";
+import "zitadel/protoc_gen_zitadel/v2/options.proto";
+import "zitadel/filter/v2/filter.proto";
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/app/v2beta;app";
+
+option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
+  info: {
+    title: "Application Service";
+    version: "2.0-beta";
+    description: "This API is intended to manage apps (SAML, OIDC, etc..) in a ZITADEL instance. This service is in beta state. It can AND will continue breaking until a stable version is released.";
+    contact:{
+      name: "ZITADEL"
+      url: "https://zitadel.com"
+      email: "hi@zitadel.com"
+    }
+    license: {
+      name: "Apache 2.0",
+      url: "https://github.com/zitadel/zitadel/blob/main/LICENSING.md";
+    };
+  };
+  schemes: HTTPS;
+  schemes: HTTP;
+
+  consumes: "application/json";
+  consumes: "application/grpc";
+
+  produces: "application/json";
+  produces: "application/grpc";
+
+  consumes: "application/grpc-web+proto";
+  produces: "application/grpc-web+proto";
+
+  host: "$CUSTOM-DOMAIN";
+  base_path: "/";
+
+  external_docs: {
+    description: "Detailed information about ZITADEL",
+    url: "https://zitadel.com/docs"
+  }
+  security_definitions: {
+    security: {
+      key: "OAuth2";
+      value: {
+        type: TYPE_OAUTH2;
+        flow: FLOW_ACCESS_CODE;
+        authorization_url: "$CUSTOM-DOMAIN/oauth/v2/authorize";
+        token_url: "$CUSTOM-DOMAIN/oauth/v2/token";
+        scopes: {
+          scope: {
+            key: "openid";
+            value: "openid";
+          }
+          scope: {
+            key: "urn:zitadel:iam:org:project:id:zitadel:aud";
+            value: "urn:zitadel:iam:org:project:id:zitadel:aud";
+          }
+        }
+      }
+    }
+  }
+  security: {
+    security_requirement: {
+      key: "OAuth2";
+      value: {
+        scope: "openid";
+        scope: "urn:zitadel:iam:org:project:id:zitadel:aud";
+      }
+    }
+  }
+  responses: {
+    key: "403";
+    value: {
+      description: "Returned when the user does not have permission to access the resource.";
+      schema: {
+        json_schema: {
+          ref: "#/definitions/rpcStatus";
+        }
+      }
+    }
+  }
+  responses: {
+    key: "404";
+    value: {
+      description: "Returned when the resource does not exist.";
+      schema: {
+        json_schema: {
+          ref: "#/definitions/rpcStatus";
+        }
+      }
+    }
+  }
+};
+
+// Service to manage apps.
+// The service provides methods to create, update, delete and list apps and app keys.
+service AppService {
+
+    // Create Application
+    //
+    // Create an application. The application can be OIDC, API or SAML type, based on the input.
+    //
+    // The user needs to have project.app.write permission
+    //
+    // Required permissions:
+    //   - project.app.write
+    rpc CreateApplication(CreateApplicationRequest) returns (CreateApplicationResponse) {
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            responses: {
+                key: "200";
+                value: {
+                    description: "The created application";
+                }
+            };
+        };
+
+        option (google.api.http) = {
+            post: "/v2beta/applications"
+            body: "*"
+        };
+
+        option (zitadel.protoc_gen_zitadel.v2.options) = {
+            auth_option: {
+                permission: "authenticated"
+            }
+        };
+    }
+
+    // Update Application
+    //
+    // Changes the configuration of an OIDC, API or SAML type application, as well as
+    // the application name, based on the input provided.
+    //
+    // The user needs to have project.app.write permission
+    //
+    // Required permissions:
+    //   - project.app.write
+    rpc UpdateApplication(UpdateApplicationRequest) returns (UpdateApplicationResponse) {
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            responses: {
+                key: "200";
+                value: {
+                    description: "The updated app.";
+                }
+            };
+        };
+
+        option (google.api.http) = {
+            patch: "/v2beta/applications/{id}"
+            body: "*"
+        };
+
+        option (zitadel.protoc_gen_zitadel.v2.options) = {
+            auth_option: {
+                permission: "authenticated"
+            }
+        };
+    }
+
+    // Get Application
+    //
+    // Retrieves the application matching the provided ID.
+    //
+    // The user needs to have project.app.read permission
+    //
+    // Required permissions:
+    //   - project.app.read
+    rpc GetApplication(GetApplicationRequest) returns (GetApplicationResponse) {
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            responses: {
+                key: "200";
+                value: {
+                    description: "The fetched app.";
+                }
+            };
+        };
+
+        option (google.api.http) = {
+            get: "/v2beta/applications/{id}"
+        };
+
+        option (zitadel.protoc_gen_zitadel.v2.options) = {
+            auth_option: {
+                permission: "authenticated"
+            }
+        };
+    }
+
+    // Delete Application
+    //
+    // Deletes the application belonging to the input project and matching the provided
+    // application ID
+    //
+    // The user needs to have project.app.delete permission
+    //
+    // Required permissions:
+    //   - project.app.delete
+    rpc DeleteApplication(DeleteApplicationRequest) returns (DeleteApplicationResponse) {
+        option (google.api.http) = {
+            delete: "/v2beta/applications/{id}"
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            responses: {
+                key: "200";
+                value: {
+                description: "The time of deletion.";
+                }
+            };
+        };
+
+        option (zitadel.protoc_gen_zitadel.v2.options) = {
+            auth_option: {
+                permission: "authenticated"
+            }
+        };
+    }
+
+    // Deactivate Application
+    //
+    // Deactivates the application belonging to the input project and matching the provided
+    // application ID
+    //
+    // The user needs to have project.app.write permission
+    //
+    // Required permissions:
+    //   - project.app.write
+    rpc DeactivateApplication(DeactivateApplicationRequest) returns (DeactivateApplicationResponse) {
+        option (google.api.http) = {
+            post: "/v2beta/applications/{id}/deactivate"
+            body: "*"
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            responses: {
+                key: "200";
+                value: {
+                description: "The time of deactivation.";
+                }
+            };
+        };
+
+        option (zitadel.protoc_gen_zitadel.v2.options) = {
+            auth_option: {
+                permission: "authenticated"
+            }
+        };
+    }
+
+    // Reactivate Application
+    //
+    // Reactivates the application belonging to the input project and matching the provided
+    // application ID
+    //
+    // The user needs to have project.app.write permission
+    //
+    // Required permissions:
+    //   - project.app.write
+    rpc ReactivateApplication(ReactivateApplicationRequest) returns (ReactivateApplicationResponse) {
+        option (google.api.http) = {
+            post: "/v2beta/applications/{id}/reactivate"
+            body: "*"
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            responses: {
+                key: "200";
+                value: {
+                description: "The time of reactivation.";
+                }
+            };
+        };
+
+        option (zitadel.protoc_gen_zitadel.v2.options) = {
+            auth_option: {
+                permission: "authenticated"
+            }
+        };
+    }
+
+
+    // Regenerate Client Secret
+    //
+    // Regenerates the client secret of an API or OIDC application that belongs to the input project.
+    // 
+    // The user needs to have project.app.write permission
+    //
+    // Required permissions:
+    //   - project.app.write
+    rpc RegenerateClientSecret(RegenerateClientSecretRequest) returns (RegenerateClientSecretResponse) {
+        option (google.api.http) = {
+            post: "/v2beta/applications/{application_id}/generate_client_secret"
+            body: "*"
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            responses: {
+                key: "200";
+                value: {
+                description: "The regenerated client secret.";
+                }
+            };
+        };
+
+        option (zitadel.protoc_gen_zitadel.v2.options) = {
+            auth_option: {
+                permission: "authenticated"
+            }
+        };
+    }
+
+    // List Applications
+    //
+    // Returns a list of applications matching the input parameters that belong to the provided
+    // project.
+    //
+    // The result can be sorted by app id, name, creation date, change date or state. It can also
+    // be filtered by app state, app type and app name.
+    //
+    // The user needs to have project.app.read permission
+    //
+    // Required permissions:
+    //   - project.app.read
+    rpc ListApplications(ListApplicationsRequest) returns (ListApplicationsResponse) {
+        option (google.api.http) = {
+            post: "/v2beta/applications/search"
+            body: "*"
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            responses: {
+                key: "200";
+                value: {
+                    description: "The matching applications";
+                }
+            };
+        };
+
+        option (zitadel.protoc_gen_zitadel.v2.options) = {
+            auth_option: {
+                permission: "authenticated"
+            }
+        };
+    }
+}
+
+message CreateApplicationRequest {
+    string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string id = 2 [(validate.rules).string = {max_len: 200}];
+    string name = 3 [
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (google.api.field_behavior) = REQUIRED,
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            min_length: 1;
+            max_length: 200;
+            example: "\"MyApp\"";
+        }
+    ];
+    oneof creation_request_type {
+        option (validate.required) = true;
+        CreateOIDCApplicationRequest oidc_request = 4;
+        CreateSAMLApplicationRequest saml_request = 5;
+        CreateAPIApplicationRequest api_request = 6;
+    }
+}
+
+message CreateApplicationResponse {
+    string app_id = 1;
+    // The timestamp of the app creation.
+    google.protobuf.Timestamp creation_date = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"2024-12-18T07:50:47.492Z\"";
+        }
+    ];
+
+    oneof creation_response_type {
+        CreateOIDCApplicationResponse oidc_response = 3;
+        CreateSAMLApplicationResponse saml_response = 4;
+        CreateAPIApplicationResponse api_response = 5;
+    }
+}
+
+message CreateOIDCApplicationRequest {
+    // Callback URI of the authorization request where the code or tokens will be sent to
+    repeated string redirect_uris = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"http://localhost:4200/auth/callback\"]";
+            description: "Callback URI of the authorization request where the code or tokens will be sent to";
+        }
+    ];
+    repeated OIDCResponseType response_types = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Determines whether a code, id_token token or just id_token will be returned"
+        }
+    ];
+    repeated OIDCGrantType grant_types = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "The flow type the application uses to gain access";
+        }
+    ];
+    OIDCAppType app_type = 4 [
+        (validate.rules).enum = {defined_only: true},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Determines the paradigm of the application";
+        }
+    ];
+    OIDCAuthMethodType auth_method_type = 5 [
+        (validate.rules).enum = {defined_only: true},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Defines how the application passes login credentials";
+        }
+    ];
+
+    // ZITADEL will redirect to this link after a successful logout
+    repeated string post_logout_redirect_uris = 6 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"http://localhost:4200/signedout\"]";
+            description: "ZITADEL will redirect to this link after a successful logout";
+        }
+    ];
+    OIDCVersion version = 7 [(validate.rules).enum = {defined_only: true}];
+    bool dev_mode = 8 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Used for development, some checks of the OIDC specification will not be checked.";
+        }
+    ];
+    OIDCTokenType access_token_type = 9 [
+        (validate.rules).enum = {defined_only: true},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Type of the access token returned from ZITADEL";
+        }
+    ];
+    bool access_token_role_assertion = 10 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes";
+        }
+    ];
+    bool id_token_role_assertion = 11 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Adds roles to the claims of the id token even if they are not requested by scopes";
+        }
+    ];
+    bool id_token_userinfo_assertion = 12 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification";
+        }
+    ];
+    google.protobuf.Duration clock_skew = 13 [
+        (validate.rules).duration = {gte: {}, lte: {seconds: 5}},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Used to compensate time difference of servers. Duration added to the \"exp\" claim and subtracted from \"iat\", \"auth_time\" and \"nbf\" claims";
+            example: "\"1s\"";
+        }
+    ];
+    repeated string additional_origins = 14 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"scheme://localhost:8080\"]";
+            description: "Additional origins (other than the redirect_uris) from where the API can be used, provided string has to be an origin (scheme://hostname[:port]) without path, query or fragment";
+        }
+    ];
+    bool skip_native_app_success_page = 15 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Skip the successful login page on native apps and directly redirect the user to the callback.";
+        }
+    ];
+    string back_channel_logout_uri = 16 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"https://example.com/auth/backchannel\"]";
+            description: "ZITADEL will use this URI to notify the application about terminated session according to the OIDC Back-Channel Logout (https://openid.net/specs/openid-connect-backchannel-1_0.html)";
+        }
+    ];
+    LoginVersion login_version = 17 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Specify the preferred login UI, where the user is redirected to for authentication. If unset, the login UI is chosen by the instance default.";
+        }
+    ];
+}
+
+message CreateOIDCApplicationResponse {
+    string client_id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"1035496534033449\"";
+            description: "generated client id for this config";
+        }
+    ];
+    string client_secret = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"gjoq34589uasgh\"";
+            description: "generated secret for this config";
+        }
+    ];
+    bool none_compliant = 3;
+    repeated OIDCLocalizedMessage compliance_problems = 4;
+}
+
+message CreateSAMLApplicationRequest {
+    oneof metadata {
+        option (validate.required) = true;
+        bytes metadata_xml = 1 [(validate.rules).bytes.max_len = 500000];
+        string metadata_url = 2 [(validate.rules).string.max_len = 200];
+    }
+    LoginVersion login_version = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Specify the preferred login UI, where the user is redirected to for authentication. If unset, the login UI is chosen by the instance default.";
+        }
+    ];    
+}
+
+message CreateSAMLApplicationResponse {}
+
+message CreateAPIApplicationRequest {
+    APIAuthMethodType auth_method_type = 1 [(validate.rules).enum = {defined_only: true}];
+}
+
+message CreateAPIApplicationResponse {
+    string client_id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"3950723409029374\"";
+            description: "generated secret for this config";
+        }
+    ];
+    string client_secret = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"gjoq34589uasgh\"";
+            description: "generated secret for this config";
+        }
+    ];
+}
+
+message UpdateApplicationRequest {
+    string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string id = 2 [
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (google.api.field_behavior) = REQUIRED,
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            min_length: 1;
+            max_length: 200;
+            example: "\"45984352431\"";
+        }
+    ];
+    string name = 3 [
+        (validate.rules).string = {max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"MyApplicationName\"";
+            min_length: 1;
+            max_length: 200;
+        }
+    ];
+
+    oneof update_request_type {
+        UpdateSAMLApplicationConfigurationRequest saml_configuration_request = 4;
+        UpdateOIDCApplicationConfigurationRequest oidc_configuration_request = 5;
+        UpdateAPIApplicationConfigurationRequest api_configuration_request = 6;
+    }
+}
+
+message UpdateApplicationResponse {
+    // The timestamp of the app update.
+    google.protobuf.Timestamp change_date = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"2024-12-18T07:50:47.492Z\"";
+        }
+    ];
+}
+
+message UpdateSAMLApplicationConfigurationRequest {
+    oneof metadata {
+        option (validate.required) = true;
+        bytes metadata_xml = 1 [(validate.rules).bytes.max_len = 500000];
+        string metadata_url = 2 [(validate.rules).string.max_len = 200];
+    }
+    optional LoginVersion login_version = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Specify the preferred login UI, where the user is redirected to for authentication. If unset, the login UI is chosen by the instance default.";
+        }
+    ];    
+}
+
+message UpdateOIDCApplicationConfigurationRequest {
+    repeated string redirect_uris = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"http://localhost:4200/auth/callback\"]";
+            description: "Callback URI of the authorization request where the code or tokens will be sent to";
+        }
+    ];
+    repeated OIDCResponseType response_types = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Determines whether a code, id_token token or just id_token will be returned"
+        }
+    ];
+    repeated OIDCGrantType grant_types = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "The flow type the application uses to gain access";
+        }
+    ];
+    optional OIDCAppType app_type = 4 [
+        (validate.rules).enum = {defined_only: true},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Determines the paradigm of the application";
+        }
+    ];
+    optional OIDCAuthMethodType auth_method_type = 5 [
+        (validate.rules).enum = {defined_only: true},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Defines how the application passes login credentials";
+        }
+    ];
+    repeated string post_logout_redirect_uris = 6 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"http://localhost:4200/signedout\"]";
+            description: "ZITADEL will redirect to this link after a successful logout";
+        }
+    ];
+    optional OIDCVersion version = 7 [(validate.rules).enum = {defined_only: true}];
+    optional bool dev_mode = 8 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Used for development, some checks of the OIDC specification will not be checked.";
+        }
+    ];
+    optional OIDCTokenType access_token_type = 9 [
+        (validate.rules).enum = {defined_only: true},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Type of the access token returned from ZITADEL";
+        }
+    ];
+    optional bool access_token_role_assertion = 10 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes";
+        }
+    ];
+    optional bool id_token_role_assertion = 11 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Adds roles to the claims of the id token even if they are not requested by scopes";
+        }
+    ];
+    optional bool id_token_userinfo_assertion = 12 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification";
+        }
+    ];
+    optional google.protobuf.Duration clock_skew = 13 [
+        (validate.rules).duration = {gte: {}, lte: {seconds: 5}},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Used to compensate time difference of servers. Duration added to the \"exp\" claim and subtracted from \"iat\", \"auth_time\" and \"nbf\" claims";
+            example: "\"1s\"";
+        }
+    ];
+    repeated string additional_origins = 14 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"scheme://localhost:8080\"]";
+            description: "Additional origins (other than the redirect_uris) from where the API can be used, provided string has to be an origin (scheme://hostname[:port]) without path, query or fragment";
+        }
+    ];
+    optional bool skip_native_app_success_page = 15 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Skip the successful login page on native apps and directly redirect the user to the callback.";
+        }
+    ];
+    optional string back_channel_logout_uri = 16 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"https://example.com/auth/backchannel\"]";
+            description: "ZITADEL will use this URI to notify the application about terminated session according to the OIDC Back-Channel Logout (https://openid.net/specs/openid-connect-backchannel-1_0.html)";
+        }
+    ];
+    optional LoginVersion login_version = 17 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Specify the preferred login UI, where the user is redirected to for authentication. If unset, the login UI is chosen by the instance default.";
+        }
+    ];
+}
+
+message UpdateAPIApplicationConfigurationRequest {
+    APIAuthMethodType auth_method_type = 1 [(validate.rules).enum = {defined_only: true}];
+}
+
+message GetApplicationRequest {
+    string id = 1 [
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (google.api.field_behavior) = REQUIRED,
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            min_length: 1;
+            max_length: 200;
+            example: "\"45984352431\"";
+        }
+    ];
+}
+
+message GetApplicationResponse {
+    Application app = 1;
+}
+
+message DeleteApplicationRequest {
+    string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
+}
+
+message DeleteApplicationResponse {
+    google.protobuf.Timestamp deletion_date = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"2025-01-23T10:34:18.051Z\"";
+        }
+    ];
+}
+
+message DeactivateApplicationRequest{
+    string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
+}
+
+message DeactivateApplicationResponse{
+    google.protobuf.Timestamp deactivation_date = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"2025-01-23T10:34:18.051Z\"";
+        }
+    ];
+}
+
+message ReactivateApplicationRequest{
+    string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
+}
+
+message ReactivateApplicationResponse{
+    google.protobuf.Timestamp reactivation_date = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"2025-01-23T10:34:18.051Z\"";
+        }
+    ];
+}
+
+message RegenerateClientSecretRequest{
+    string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string application_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    oneof app_type {
+        option (validate.required) = true;
+        bool is_oidc = 3;
+        bool is_api = 4;
+    }
+}
+
+message RegenerateClientSecretResponse{
+    string client_secret = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"gjoq34589uasgh\"";
+            description: "generated secret for the client";
+        }
+    ];
+
+    // The timestamp of the creation of the new client secret
+    google.protobuf.Timestamp creation_date = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"2025-01-23T10:34:18.051Z\"";
+        }
+    ];
+}
+
+message ListApplicationsRequest {
+    string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+
+    // Pagination and sorting.
+    zitadel.filter.v2.PaginationRequest pagination = 2;
+
+    //criteria the client is looking for
+    repeated ApplicationSearchFilter filters = 3;
+
+    AppSorting sorting_column = 4;
+}
+
+message ListApplicationsResponse {
+    repeated Application applications = 1;
+
+    // Contains the total number of apps matching the query and the applied limit.
+    zitadel.filter.v2.PaginationResponse pagination = 2;
+}
\ No newline at end of file
diff --git a/proto/zitadel/app/v2beta/login.proto b/proto/zitadel/app/v2beta/login.proto
new file mode 100644
index 0000000000..567b4b5167
--- /dev/null
+++ b/proto/zitadel/app/v2beta/login.proto
@@ -0,0 +1,18 @@
+syntax = "proto3";
+
+package zitadel.app.v2beta;
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/app/v2beta;app";
+
+message LoginVersion {
+    oneof version {
+        LoginV1 login_v1 = 1;
+        LoginV2 login_v2 = 2;
+    }
+}
+
+message LoginV1 {}
+
+message LoginV2 {
+    // Optionally specify a base uri of the login UI. If unspecified the default URI will be used.
+    optional string base_uri = 1;
+}
\ No newline at end of file
diff --git a/proto/zitadel/app/v2beta/oidc.proto b/proto/zitadel/app/v2beta/oidc.proto
new file mode 100644
index 0000000000..7cfd1dcc43
--- /dev/null
+++ b/proto/zitadel/app/v2beta/oidc.proto
@@ -0,0 +1,166 @@
+syntax = "proto3";
+
+package zitadel.app.v2beta;
+import "zitadel/app/v2beta/login.proto";
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "google/protobuf/duration.proto";
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/app/v2beta;app";
+
+message OIDCLocalizedMessage {
+    string key = 1;
+    string localized_message = 2;
+}
+
+enum OIDCResponseType {
+    OIDC_RESPONSE_TYPE_UNSPECIFIED = 0;
+    OIDC_RESPONSE_TYPE_CODE = 1;
+    OIDC_RESPONSE_TYPE_ID_TOKEN = 2;
+    OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN = 3;
+}
+
+enum OIDCGrantType{
+    OIDC_GRANT_TYPE_AUTHORIZATION_CODE = 0;
+    OIDC_GRANT_TYPE_IMPLICIT = 1;
+    OIDC_GRANT_TYPE_REFRESH_TOKEN = 2;
+    OIDC_GRANT_TYPE_DEVICE_CODE = 3;
+    OIDC_GRANT_TYPE_TOKEN_EXCHANGE = 4;
+}
+
+enum OIDCAppType {
+    OIDC_APP_TYPE_WEB = 0;
+    OIDC_APP_TYPE_USER_AGENT = 1;
+    OIDC_APP_TYPE_NATIVE = 2;
+}
+
+enum OIDCAuthMethodType {
+    OIDC_AUTH_METHOD_TYPE_BASIC = 0;
+    OIDC_AUTH_METHOD_TYPE_POST = 1;
+    OIDC_AUTH_METHOD_TYPE_NONE = 2;
+    OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT = 3;
+}
+
+enum OIDCVersion {
+    OIDC_VERSION_1_0 = 0;
+}
+
+enum OIDCTokenType {
+    OIDC_TOKEN_TYPE_BEARER = 0;
+    OIDC_TOKEN_TYPE_JWT = 1;
+}
+
+message OIDCConfig {
+    repeated string redirect_uris = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"https://console.zitadel.ch/auth/callback\"]";
+            description: "Callback URI of the authorization request where the code or tokens will be sent to";
+        }
+    ];
+    repeated OIDCResponseType response_types = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Determines whether a code, id_token token or just id_token will be returned"
+        }
+    ];
+    repeated OIDCGrantType grant_types = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "The flow type the application uses to gain access";
+        }
+    ];
+    OIDCAppType app_type = 4 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "determines the paradigm of the application";
+        }
+    ];
+    string client_id = 5 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"69629023906488334@ZITADEL\"";
+            description: "generated oauth2/oidc client id";
+        }
+    ];
+    OIDCAuthMethodType auth_method_type = 6 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "defines how the application passes login credentials";
+        }
+    ];
+    repeated string post_logout_redirect_uris = 7 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"https://console.zitadel.ch/logout\"]";
+            description: "ZITADEL will redirect to this link after a successful logout";
+        }
+    ];
+    OIDCVersion version = 8 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "the OIDC version used by the application";
+        }
+    ];
+    bool none_compliant = 9 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "specifies whether the config is OIDC compliant. A production configuration SHOULD be compliant";
+        }
+    ];
+    repeated OIDCLocalizedMessage compliance_problems = 10 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "lists the problems for non-compliancy";
+        }
+    ];
+    bool dev_mode = 11 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "used for development";
+        }
+    ];
+    OIDCTokenType access_token_type = 12 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "type of the access token returned from ZITADEL";
+        }
+    ];
+    bool access_token_role_assertion = 13 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "adds roles to the claims of the access token (only if type == JWT) even if they are not requested by scopes";
+        }
+    ];
+    bool id_token_role_assertion = 14 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "adds roles to the claims of the id token even if they are not requested by scopes";
+        }
+    ];
+    bool id_token_userinfo_assertion = 15 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the OIDC specification";
+        }
+    ];
+    google.protobuf.Duration clock_skew = 16 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Used to compensate time difference of servers. Duration added to the \"exp\" claim and subtracted from \"iat\", \"auth_time\" and \"nbf\" claims";
+            // min: "0s";
+            // max: "5s";
+        }
+    ];
+    repeated string additional_origins = 17 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"https://console.zitadel.ch/auth/callback\"]";
+            description: "additional origins (other than the redirect_uris) from where the API can be used";
+        }
+    ];
+    repeated string allowed_origins = 18 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"https://console.zitadel.ch/auth/callback\"]";
+            description: "all allowed origins from where the API can be used";
+        }
+    ];
+    bool skip_native_app_success_page = 19 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Skip the successful login page on native apps and directly redirect the user to the callback.";
+        }
+    ];
+    string back_channel_logout_uri = 20 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"https://example.com/auth/backchannel\"]";
+            description: "ZITADEL will use this URI to notify the application about terminated session according to the OIDC Back-Channel Logout (https://openid.net/specs/openid-connect-backchannel-1_0.html)";
+        }
+    ];
+    LoginVersion login_version = 21 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Specify the preferred login UI, where the user is redirected to for authentication. If unset, the login UI is chosen by the instance default.";
+        }
+    ];
+}
\ No newline at end of file
diff --git a/proto/zitadel/app/v2beta/saml.proto b/proto/zitadel/app/v2beta/saml.proto
new file mode 100644
index 0000000000..7c85447880
--- /dev/null
+++ b/proto/zitadel/app/v2beta/saml.proto
@@ -0,0 +1,20 @@
+syntax = "proto3";
+
+package zitadel.app.v2beta;
+
+import "zitadel/app/v2beta/login.proto";
+import "protoc-gen-openapiv2/options/annotations.proto";
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/app/v2beta;app";
+
+message SAMLConfig {
+    oneof metadata{
+        bytes metadata_xml = 1;
+        string metadata_url = 2;
+    }
+    LoginVersion login_version = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Specify the preferred login UI, where the user is redirected to for authentication. If unset, the login UI is chosen by the instance default.";
+        }
+    ];
+}
\ No newline at end of file
diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto
index d633fbe8c5..74d5dcf60b 100644
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -3287,6 +3287,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: Use [GetApplication](/apis/resources/application_service_v2/application-service-get-application.api.mdx) instead to fetch an app
     rpc GetAppByID(GetAppByIDRequest) returns (GetAppByIDResponse) {
         option (google.api.http) = {
             get: "/projects/{project_id}/apps/{app_id}"
@@ -3309,9 +3310,11 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true;
         };
     }
 
+    // Deprecated: Use [ListApplications](/apis/resources/application_service_v2/application-service-list-applications.api.mdx) instead to list applications
     rpc ListApps(ListAppsRequest) returns (ListAppsResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/apps/_search"
@@ -3335,6 +3338,7 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true;
         };
     }
 
@@ -3363,6 +3367,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: Use [CreateApplication](/apis/resources/application_service_v2/application-service-create-application.api.mdx) instead to create an OIDC application
     rpc AddOIDCApp(AddOIDCAppRequest) returns (AddOIDCAppResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/apps/oidc"
@@ -3386,62 +3391,74 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true;
         };
     }
 
-  rpc AddSAMLApp(AddSAMLAppRequest) returns (AddSAMLAppResponse) {
-    option (google.api.http) = {
-      post: "/projects/{project_id}/apps/saml"
-      body: "*"
-    };
-
-    option (zitadel.v1.auth_option) = {
-      permission: "project.app.write"
-      check_field_name: "ProjectId"
-    };
-
-      option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-          tags: "Applications";
-          summary: "Create Application (SAML)";
-          description: "Create a new SAML client. Returns an entity ID"
-          parameters: {
-              headers: {
-                  name: "x-zitadel-orgid";
-                  description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
-                  type: STRING,
-                  required: false;
-              };
-          };
-      };
-  }
-
-  rpc AddAPIApp(AddAPIAppRequest) returns (AddAPIAppResponse) {
-    option (google.api.http) = {
-      post: "/projects/{project_id}/apps/api"
-      body: "*"
-    };
-
-        option (zitadel.v1.auth_option) = {
-            permission: "project.app.write"
-            check_field_name: "ProjectId"
+    // Deprecated: Use [CreateApplication](/apis/resources/application_service_v2/application-service-create-application.api.mdx) instead to create a SAML application
+    rpc AddSAMLApp(AddSAMLAppRequest) returns (AddSAMLAppResponse) {
+        option (google.api.http) = {
+        post: "/projects/{project_id}/apps/saml"
+        body: "*"
         };
 
-      option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-          tags: "Applications";
-          summary: "Create Application (API)";
-          description: "Create a new API client. The client id will be generated and returned in the response. Depending on the chosen configuration also a secret will be generated and returned."
-          parameters: {
-              headers: {
-                  name: "x-zitadel-orgid";
-                  description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
-                  type: STRING,
-                  required: false;
-              };
-          };
-      };
+        option (zitadel.v1.auth_option) = {
+        permission: "project.app.write"
+        check_field_name: "ProjectId"
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            tags: "Applications";
+            summary: "Create Application (SAML)";
+            description: "Create a new SAML client. Returns an entity ID"
+            parameters: {
+                headers: {
+                    name: "x-zitadel-orgid";
+                    description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
+                    type: STRING,
+                    required: false;
+                };
+            };
+            deprecated: true;
+        };
+    }
+
+    // Create Application (API)
+    //
+    // Create a new API client. The client id will be generated and returned in the response.
+    // Depending on the chosen configuration also a secret will be generated and returned.
+    //
+    // Deprecated: Use [CreateApplication](/apis/resources/application_service_v2/application-service-create-application.api.mdx) instead to create an API application
+    rpc AddAPIApp(AddAPIAppRequest) returns (AddAPIAppResponse) {
+        option (google.api.http) = {
+        post: "/projects/{project_id}/apps/api"
+        body: "*"
+        };
+
+            option (zitadel.v1.auth_option) = {
+                permission: "project.app.write"
+                check_field_name: "ProjectId"
+            };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            tags: "Applications";
+            summary: "Create Application (API)";
+            description: "Create a new API client. The client id will be generated and returned in the response. Depending on the chosen configuration also a secret will be generated and returned."
+            parameters: {
+                headers: {
+                    name: "x-zitadel-orgid";
+                    description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
+                    type: STRING,
+                    required: false;
+                };
+            };
+            deprecated: true;
+        };
     }
 
     // Changes application
+    //
+    // Deprecated: Use [PatchApplication](/apis/resources/application_service_v2/application-service-patch-application.api.mdx) instead to update the generic params of an app
     rpc UpdateApp(UpdateAppRequest) returns (UpdateAppResponse) {
         option (google.api.http) = {
             put: "/projects/{project_id}/apps/{app_id}"
@@ -3465,9 +3482,11 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true;
         };
     }
 
+    // Deprecated: Use [PatchApplication](/apis/resources/application_service_v2/application-service-patch-application.api.mdx) instead to update the config of an OIDC app 
     rpc UpdateOIDCAppConfig(UpdateOIDCAppConfigRequest) returns (UpdateOIDCAppConfigResponse) {
         option (google.api.http) = {
             put: "/projects/{project_id}/apps/{app_id}/oidc_config"
@@ -3491,61 +3510,67 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true
         };
     }
 
-  rpc UpdateSAMLAppConfig(UpdateSAMLAppConfigRequest) returns (UpdateSAMLAppConfigResponse) {
-    option (google.api.http) = {
-      put: "/projects/{project_id}/apps/{app_id}/saml_config"
-      body: "*"
-    };
-
-    option (zitadel.v1.auth_option) = {
-      permission: "project.app.write"
-      check_field_name: "ProjectId"
-    };
-
-      option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-          tags: "Applications";
-          summary: "Update SAML Application Config";
-          description: "Update the SAML specific configuration of an application."
-          parameters: {
-              headers: {
-                  name: "x-zitadel-orgid";
-                  description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
-                  type: STRING,
-                  required: false;
-              };
-          };
-      };
-  }
-
-  rpc UpdateAPIAppConfig(UpdateAPIAppConfigRequest) returns (UpdateAPIAppConfigResponse) {
-    option (google.api.http) = {
-      put: "/projects/{project_id}/apps/{app_id}/api_config"
-      body: "*"
-    };
+    // Deprecated: Use [PatchApplication](/apis/resources/application_service_v2/application-service-patch-application.api.mdx) instead to update the config of a SAML app
+    rpc UpdateSAMLAppConfig(UpdateSAMLAppConfigRequest) returns (UpdateSAMLAppConfigResponse) {
+        option (google.api.http) = {
+        put: "/projects/{project_id}/apps/{app_id}/saml_config"
+        body: "*"
+        };
 
         option (zitadel.v1.auth_option) = {
-            permission: "project.app.write"
-            check_field_name: "ProjectId"
+        permission: "project.app.write"
+        check_field_name: "ProjectId"
         };
 
-      option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-          tags: "Applications";
-          summary: "Update API Application Config";
-          description: "Update the OIDC-specific configuration of an application."
-          parameters: {
-              headers: {
-                  name: "x-zitadel-orgid";
-                  description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
-                  type: STRING,
-                  required: false;
-              };
-          };
-      };
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            tags: "Applications";
+            summary: "Update SAML Application Config";
+            description: "Update the SAML specific configuration of an application."
+            parameters: {
+                headers: {
+                    name: "x-zitadel-orgid";
+                    description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
+                    type: STRING,
+                    required: false;
+                };
+            };
+            deprecated: true;
+        };
     }
 
+    // Deprecated: Use [PatchApplication](/apis/resources/application_service_v2/application-service-patch-application.api.mdx) instead to update the config of an API app
+    rpc UpdateAPIAppConfig(UpdateAPIAppConfigRequest) returns (UpdateAPIAppConfigResponse) {
+        option (google.api.http) = {
+        put: "/projects/{project_id}/apps/{app_id}/api_config"
+        body: "*"
+        };
+
+            option (zitadel.v1.auth_option) = {
+                permission: "project.app.write"
+                check_field_name: "ProjectId"
+            };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            tags: "Applications";
+            summary: "Update API Application Config";
+            description: "Update the OIDC-specific configuration of an application."
+            parameters: {
+                headers: {
+                    name: "x-zitadel-orgid";
+                    description: "The default is always the organization of the requesting user. If you like to change/get objects of another organization include the header. Make sure the requesting user has permission to access the requested data.";
+                    type: STRING,
+                    required: false;
+                };
+            };
+            deprecated: true;
+        };
+    }
+
+    // Deprecated: Use [DeactivateApplication](/apis/resources/application_service_v2/application-service-deactivate-application.api.mdx) instead to deactivate an app
     rpc DeactivateApp(DeactivateAppRequest) returns (DeactivateAppResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/apps/{app_id}/_deactivate"
@@ -3569,9 +3594,11 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true;
         };
     }
 
+    // Deprecated: Use [ReactivateApplication](/apis/resources/application_service_v2/application-service-reactivate-application.api.mdx) instead to reactivate an app
     rpc ReactivateApp(ReactivateAppRequest) returns (ReactivateAppResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/apps/{app_id}/_reactivate"
@@ -3595,9 +3622,11 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true;
         };
     }
 
+    // Deprecated: Use [DeleteApplication](/apis/resources/application_service_v2/application-service-delete-application.api.mdx) instead to delete an app
     rpc RemoveApp(RemoveAppRequest) returns (RemoveAppResponse) {
         option (google.api.http) = {
             delete: "/projects/{project_id}/apps/{app_id}"
@@ -3620,9 +3649,11 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true;
         };
     }
 
+    // Deprecated: Use [RegenerateClientSecret](/apis/resources/application_service_v2/application-service-regenerate-client-secret.api.mdx) instead to regenerate an OIDC app client secret
     rpc RegenerateOIDCClientSecret(RegenerateOIDCClientSecretRequest) returns (RegenerateOIDCClientSecretResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/apps/{app_id}/oidc_config/_generate_client_secret"
@@ -3646,9 +3677,11 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true;
         };
     }
 
+    // Deprecated: Use [RegenerateClientSecret](/apis/resources/application_service_v2/application-service-regenerate-client-secret.api.mdx) instead to regenerate an API app client secret
     rpc RegenerateAPIClientSecret(RegenerateAPIClientSecretRequest) returns (RegenerateAPIClientSecretResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/apps/{app_id}/api_config/_generate_client_secret"
@@ -3672,6 +3705,7 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true;
         };
     }
 

From 14b45b58ebc955f7ee2b1161b74bd2f57ed07916 Mon Sep 17 00:00:00 2001
From: Florian Forster <florian@zitadel.com>
Date: Fri, 27 Jun 2025 13:46:21 -0700
Subject: [PATCH 108/123] chore: add inkeep search and ai to docs (#10119)

---
 docs/docusaurus.config.js |  111 ++-
 docs/package.json         |    1 +
 docs/yarn.lock            | 1776 ++++++++++++++++++++++++++++++-------
 3 files changed, 1508 insertions(+), 380 deletions(-)

diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
index 43830eafd0..abf5c742a5 100644
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -71,13 +71,13 @@ module.exports = {
           label: "🚀 Quick Start",
           docId: "guides/start/quickstart",
           position: "left",
-        }, 
+        },
         {
           type: "doc",
           label: "Documentation",
           docId: "guides/overview",
           position: "left",
-        }, 
+        },
         {
           type: "doc",
           label: "APIs",
@@ -174,20 +174,25 @@ module.exports = {
             {
               label: "Status",
               href: "https://status.zitadel.com/",
-            }
+            },
           ],
         },
       ],
       copyright: `Copyright © ${new Date().getFullYear()} ZITADEL Docs - Built with Docusaurus.`,
     },
-    algolia: {
-      appId: "8H6ZKXENLO",
-      apiKey: "124fe1c102a184bc6fc70c75dc84f96f",
-      indexName: "zitadel",
-      selector: "div#",
-    },
     prism: {
-      additionalLanguages: ["csharp", "dart", "groovy", "regex", "java", "php", "python", "protobuf", "json", "bash"],
+      additionalLanguages: [
+        "csharp",
+        "dart",
+        "groovy",
+        "regex",
+        "java",
+        "php",
+        "python",
+        "protobuf",
+        "json",
+        "bash",
+      ],
     },
     colorMode: {
       defaultMode: "dark",
@@ -196,9 +201,9 @@ module.exports = {
     },
     codeblock: {
       showGithubLink: true,
-      githubLinkLabel: 'View on GitHub',
+      githubLinkLabel: "View on GitHub",
       showRunmeLink: false,
-      runmeLinkLabel: 'Checkout via Runme'
+      runmeLinkLabel: "Checkout via Runme",
     },
   },
   presets: [
@@ -213,19 +218,33 @@ module.exports = {
           showLastUpdateTime: true,
           editUrl: "https://github.com/zitadel/zitadel/edit/main/docs/",
           remarkPlugins: [require("mdx-mermaid")],
-          
-          docItemComponent:  '@theme/ApiItem'
+
+          docItemComponent: "@theme/ApiItem",
         },
         theme: {
           customCss: require.resolve("./src/css/custom.css"),
         },
-      })
+      }),
     ],
-
   ],
   plugins: [
     [
-      'docusaurus-plugin-openapi-docs',
+      "@inkeep/cxkit-docusaurus",
+      {
+        SearchBar: {
+          baseSettings: {
+            apiKey: process.env.INKEEP_API_KEY,
+            primaryBrandColor: "#ff2069",
+            organizationDisplayName: "ZITADEL",
+          },
+        },
+        SearchSettings: {
+          tabs: ["All", "Docs", "GitHub", "Forums", "Discord"],
+        },
+      },
+    ],
+    [
+      "docusaurus-plugin-openapi-docs",
       {
         id: "apiDocs",
         docsPluginId: "classic",
@@ -263,7 +282,8 @@ module.exports = {
             },
           },
           user_v2: {
-            specPath: ".artifacts/openapi/zitadel/user/v2/user_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/user/v2/user_service.swagger.json",
             outputDir: "docs/apis/resources/user_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -271,7 +291,8 @@ module.exports = {
             },
           },
           session_v2: {
-            specPath: ".artifacts/openapi/zitadel/session/v2/session_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/session/v2/session_service.swagger.json",
             outputDir: "docs/apis/resources/session_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -279,7 +300,8 @@ module.exports = {
             },
           },
           oidc_v2: {
-            specPath: ".artifacts/openapi/zitadel/oidc/v2/oidc_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/oidc/v2/oidc_service.swagger.json",
             outputDir: "docs/apis/resources/oidc_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -287,7 +309,8 @@ module.exports = {
             },
           },
           saml_v2: {
-            specPath: ".artifacts/openapi/zitadel/saml/v2/saml_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/saml/v2/saml_service.swagger.json",
             outputDir: "docs/apis/resources/saml_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -295,7 +318,8 @@ module.exports = {
             },
           },
           settings_v2: {
-            specPath: ".artifacts/openapi/zitadel/settings/v2/settings_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/settings/v2/settings_service.swagger.json",
             outputDir: "docs/apis/resources/settings_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -303,31 +327,35 @@ module.exports = {
             },
           },
           action_v2: {
-            specPath: ".artifacts/openapi/zitadel/action/v2beta/action_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/action/v2beta/action_service.swagger.json",
             outputDir: "docs/apis/resources/action_service_v2",
             sidebarOptions: {
-                groupPathsBy: "tag",
-                categoryLinkSource: "auto",
+              groupPathsBy: "tag",
+              categoryLinkSource: "auto",
             },
           },
           webkey_v2: {
-            specPath: ".artifacts/openapi/zitadel/webkey/v2beta/webkey_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/webkey/v2beta/webkey_service.swagger.json",
             outputDir: "docs/apis/resources/webkey_service_v2",
             sidebarOptions: {
-                groupPathsBy: "tag",
-                categoryLinkSource: "auto",
+              groupPathsBy: "tag",
+              categoryLinkSource: "auto",
             },
           },
           feature_v2: {
-            specPath: ".artifacts/openapi/zitadel/feature/v2/feature_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/feature/v2/feature_service.swagger.json",
             outputDir: "docs/apis/resources/feature_service_v2",
             sidebarOptions: {
-                groupPathsBy: "tag",
-                categoryLinkSource: "auto",
+              groupPathsBy: "tag",
+              categoryLinkSource: "auto",
             },
           },
           org_v2: {
-            specPath: ".artifacts/openapi/zitadel/org/v2/org_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/org/v2/org_service.swagger.json",
             outputDir: "docs/apis/resources/org_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -335,7 +363,8 @@ module.exports = {
             },
           },
           idp_v2: {
-            specPath: ".artifacts/openapi/zitadel/idp/v2/idp_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/idp/v2/idp_service.swagger.json",
             outputDir: "docs/apis/resources/idp_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -343,7 +372,8 @@ module.exports = {
             },
           },
           org_v2beta: {
-            specPath: ".artifacts/openapi/zitadel/org/v2beta/org_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/org/v2beta/org_service.swagger.json",
             outputDir: "docs/apis/resources/org_service_v2beta",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -351,7 +381,8 @@ module.exports = {
             },
           },
           project_v2beta: {
-            specPath: ".artifacts/openapi/zitadel/project/v2beta/project_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/project/v2beta/project_service.swagger.json",
             outputDir: "docs/apis/resources/project_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -359,7 +390,8 @@ module.exports = {
             },
           },
           instance_v2: {
-            specPath: ".artifacts/openapi/zitadel/instance/v2beta/instance_service.swagger.json",
+            specPath:
+              ".artifacts/openapi/zitadel/instance/v2beta/instance_service.swagger.json",
             outputDir: "docs/apis/resources/instance_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -382,13 +414,16 @@ module.exports = {
       };
     },
   ],
-  themes: [ "docusaurus-theme-github-codeblock", "docusaurus-theme-openapi-docs"],
+  themes: [
+    "docusaurus-theme-github-codeblock",
+    "docusaurus-theme-openapi-docs",
+  ],
   future: {
     v4: false, // Disabled because of some problems related to https://github.com/facebook/docusaurus/issues/11040
     experimental_faster: {
       swcJsLoader: false, // Disabled because of memory usage > 8GB which is a problem on vercel default runners
       swcJsMinimizer: true,
-      swcHtmlMinimizer : true,
+      swcHtmlMinimizer: true,
       lightningCssMinimizer: true,
       mdxCrossCompilerCache: true,
       ssgWorkerThreads: false, // Disabled because of some problems related to https://github.com/facebook/docusaurus/issues/11040
diff --git a/docs/package.json b/docs/package.json
index 2c9eb8bb84..2e1214f378 100644
--- a/docs/package.json
+++ b/docs/package.json
@@ -29,6 +29,7 @@
     "@docusaurus/theme-search-algolia": "^3.8.1",
     "@headlessui/react": "^1.7.4",
     "@heroicons/react": "^2.0.13",
+    "@inkeep/cxkit-docusaurus": "^0.5.89",
     "autoprefixer": "^10.4.13",
     "clsx": "^1.2.1",
     "docusaurus-plugin-image-zoom": "^3.0.1",
diff --git a/docs/yarn.lock b/docs/yarn.lock
index c933386f97..c48c5b8bd6 100644
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@@ -29,126 +29,126 @@
   resolved "https://registry.yarnpkg.com/@algolia/autocomplete-shared/-/autocomplete-shared-1.17.9.tgz#5f38868f7cb1d54b014b17a10fc4f7e79d427fa8"
   integrity sha512-iDf05JDQ7I0b7JEA/9IektxN/80a2MZ1ToohfmNS3rfeuQnIKI3IJlIafD0xu4StbtQTghx9T3Maa97ytkXenQ==
 
-"@algolia/client-abtesting@5.25.0":
-  version "5.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/client-abtesting/-/client-abtesting-5.25.0.tgz#012204f1614e1a71366fb1e117c8f195186ff081"
-  integrity sha512-1pfQulNUYNf1Tk/svbfjfkLBS36zsuph6m+B6gDkPEivFmso/XnRgwDvjAx80WNtiHnmeNjIXdF7Gos8+OLHqQ==
+"@algolia/client-abtesting@5.29.0":
+  version "5.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-abtesting/-/client-abtesting-5.29.0.tgz#af9928f3b206cc5224e30256ea27d4e4d6023f22"
+  integrity sha512-AM/6LYMSTnZvAT5IarLEKjYWOdV+Fb+LVs8JRq88jn8HH6bpVUtjWdOZXqX1hJRXuCAY8SdQfb7F8uEiMNXdYQ==
   dependencies:
-    "@algolia/client-common" "5.25.0"
-    "@algolia/requester-browser-xhr" "5.25.0"
-    "@algolia/requester-fetch" "5.25.0"
-    "@algolia/requester-node-http" "5.25.0"
+    "@algolia/client-common" "5.29.0"
+    "@algolia/requester-browser-xhr" "5.29.0"
+    "@algolia/requester-fetch" "5.29.0"
+    "@algolia/requester-node-http" "5.29.0"
 
-"@algolia/client-analytics@5.25.0":
-  version "5.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/client-analytics/-/client-analytics-5.25.0.tgz#eba015bfafb3dbb82712c9160a00717a5974ff71"
-  integrity sha512-AFbG6VDJX/o2vDd9hqncj1B6B4Tulk61mY0pzTtzKClyTDlNP0xaUiEKhl6E7KO9I/x0FJF5tDCm0Hn6v5x18A==
+"@algolia/client-analytics@5.29.0":
+  version "5.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-analytics/-/client-analytics-5.29.0.tgz#d71b2f6e6c77c390343ee0ab73806378adb295eb"
+  integrity sha512-La34HJh90l0waw3wl5zETO8TuukeUyjcXhmjYZL3CAPLggmKv74mobiGRIb+mmBENybiFDXf/BeKFLhuDYWMMQ==
   dependencies:
-    "@algolia/client-common" "5.25.0"
-    "@algolia/requester-browser-xhr" "5.25.0"
-    "@algolia/requester-fetch" "5.25.0"
-    "@algolia/requester-node-http" "5.25.0"
+    "@algolia/client-common" "5.29.0"
+    "@algolia/requester-browser-xhr" "5.29.0"
+    "@algolia/requester-fetch" "5.29.0"
+    "@algolia/requester-node-http" "5.29.0"
 
-"@algolia/client-common@5.25.0":
-  version "5.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/client-common/-/client-common-5.25.0.tgz#2def8947efe849266057d92f67d1b8d83de0c005"
-  integrity sha512-il1zS/+Rc6la6RaCdSZ2YbJnkQC6W1wiBO8+SH+DE6CPMWBU6iDVzH0sCKSAtMWl9WBxoN6MhNjGBnCv9Yy2bA==
+"@algolia/client-common@5.29.0":
+  version "5.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-common/-/client-common-5.29.0.tgz#0908e90c5dc881be08eab4e595bf981e23525474"
+  integrity sha512-T0lzJH/JiCxQYtCcnWy7Jf1w/qjGDXTi2npyF9B9UsTvXB97GRC6icyfXxe21mhYvhQcaB1EQ/J2575FXxi2rA==
 
-"@algolia/client-insights@5.25.0":
-  version "5.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/client-insights/-/client-insights-5.25.0.tgz#b87df8614b96c4cc9c9aa7765cce07fa70864fa8"
-  integrity sha512-blbjrUH1siZNfyCGeq0iLQu00w3a4fBXm0WRIM0V8alcAPo7rWjLbMJMrfBtzL9X5ic6wgxVpDADXduGtdrnkw==
+"@algolia/client-insights@5.29.0":
+  version "5.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-insights/-/client-insights-5.29.0.tgz#80ca3c3d16ff2fa78b3a6a091a10ae508977dffa"
+  integrity sha512-A39F1zmHY9aev0z4Rt3fTLcGN5AG1VsVUkVWy6yQG5BRDScktH+U5m3zXwThwniBTDV1HrPgiGHZeWb67GkR2Q==
   dependencies:
-    "@algolia/client-common" "5.25.0"
-    "@algolia/requester-browser-xhr" "5.25.0"
-    "@algolia/requester-fetch" "5.25.0"
-    "@algolia/requester-node-http" "5.25.0"
+    "@algolia/client-common" "5.29.0"
+    "@algolia/requester-browser-xhr" "5.29.0"
+    "@algolia/requester-fetch" "5.29.0"
+    "@algolia/requester-node-http" "5.29.0"
 
-"@algolia/client-personalization@5.25.0":
-  version "5.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/client-personalization/-/client-personalization-5.25.0.tgz#74b041f0e7d91e1009c131c8d716c34e4d45c30f"
-  integrity sha512-aywoEuu1NxChBcHZ1pWaat0Plw7A8jDMwjgRJ00Mcl7wGlwuPt5dJ/LTNcg3McsEUbs2MBNmw0ignXBw9Tbgow==
+"@algolia/client-personalization@5.29.0":
+  version "5.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-personalization/-/client-personalization-5.29.0.tgz#1bc8882fe889ad25132794b7beecf1cfc0783acc"
+  integrity sha512-ibxmh2wKKrzu5du02gp8CLpRMeo+b/75e4ORct98CT7mIxuYFXowULwCd6cMMkz/R0LpKXIbTUl15UL5soaiUQ==
   dependencies:
-    "@algolia/client-common" "5.25.0"
-    "@algolia/requester-browser-xhr" "5.25.0"
-    "@algolia/requester-fetch" "5.25.0"
-    "@algolia/requester-node-http" "5.25.0"
+    "@algolia/client-common" "5.29.0"
+    "@algolia/requester-browser-xhr" "5.29.0"
+    "@algolia/requester-fetch" "5.29.0"
+    "@algolia/requester-node-http" "5.29.0"
 
-"@algolia/client-query-suggestions@5.25.0":
-  version "5.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/client-query-suggestions/-/client-query-suggestions-5.25.0.tgz#e92d935d9e2994f790d43c64d3518d81070a3888"
-  integrity sha512-a/W2z6XWKjKjIW1QQQV8PTTj1TXtaKx79uR3NGBdBdGvVdt24KzGAaN7sCr5oP8DW4D3cJt44wp2OY/fZcPAVA==
+"@algolia/client-query-suggestions@5.29.0":
+  version "5.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-query-suggestions/-/client-query-suggestions-5.29.0.tgz#784001417cee2ffde376f10074a477eef1eb095d"
+  integrity sha512-VZq4/AukOoJC2WSwF6J5sBtt+kImOoBwQc1nH3tgI+cxJBg7B77UsNC+jT6eP2dQCwGKBBRTmtPLUTDDnHpMgA==
   dependencies:
-    "@algolia/client-common" "5.25.0"
-    "@algolia/requester-browser-xhr" "5.25.0"
-    "@algolia/requester-fetch" "5.25.0"
-    "@algolia/requester-node-http" "5.25.0"
+    "@algolia/client-common" "5.29.0"
+    "@algolia/requester-browser-xhr" "5.29.0"
+    "@algolia/requester-fetch" "5.29.0"
+    "@algolia/requester-node-http" "5.29.0"
 
-"@algolia/client-search@5.25.0":
-  version "5.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/client-search/-/client-search-5.25.0.tgz#dc38ca1015f2f4c9f5053a4517f96fb28a2117f8"
-  integrity sha512-9rUYcMIBOrCtYiLX49djyzxqdK9Dya/6Z/8sebPn94BekT+KLOpaZCuc6s0Fpfq7nx5J6YY5LIVFQrtioK9u0g==
+"@algolia/client-search@5.29.0":
+  version "5.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/client-search/-/client-search-5.29.0.tgz#91c9a036b6677d954cd87d9262850f73f145bf81"
+  integrity sha512-cZ0Iq3OzFUPpgszzDr1G1aJV5UMIZ4VygJ2Az252q4Rdf5cQMhYEIKArWY/oUjMhQmosM8ygOovNq7gvA9CdCg==
   dependencies:
-    "@algolia/client-common" "5.25.0"
-    "@algolia/requester-browser-xhr" "5.25.0"
-    "@algolia/requester-fetch" "5.25.0"
-    "@algolia/requester-node-http" "5.25.0"
+    "@algolia/client-common" "5.29.0"
+    "@algolia/requester-browser-xhr" "5.29.0"
+    "@algolia/requester-fetch" "5.29.0"
+    "@algolia/requester-node-http" "5.29.0"
 
 "@algolia/events@^4.0.1":
   version "4.0.1"
   resolved "https://registry.yarnpkg.com/@algolia/events/-/events-4.0.1.tgz#fd39e7477e7bc703d7f893b556f676c032af3950"
   integrity sha512-FQzvOCgoFXAbf5Y6mYozw2aj5KCJoA3m4heImceldzPSMbdyS4atVjJzXKMsfX3wnZTFYwkkt8/z8UesLHlSBQ==
 
-"@algolia/ingestion@1.25.0":
-  version "1.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/ingestion/-/ingestion-1.25.0.tgz#4d13c56dda0a05c7bacb0e3ef5866292dfd86ed5"
-  integrity sha512-jJeH/Hk+k17Vkokf02lkfYE4A+EJX+UgnMhTLR/Mb+d1ya5WhE+po8p5a/Nxb6lo9OLCRl6w3Hmk1TX1e9gVbQ==
+"@algolia/ingestion@1.29.0":
+  version "1.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/ingestion/-/ingestion-1.29.0.tgz#9d7f30a7161b1cb612309f8240aa471faac8a21f"
+  integrity sha512-scBXn0wO5tZCxmO6evfa7A3bGryfyOI3aoXqSQBj5SRvNYXaUlFWQ/iKI70gRe/82ICwE0ICXbHT/wIvxOW7vw==
   dependencies:
-    "@algolia/client-common" "5.25.0"
-    "@algolia/requester-browser-xhr" "5.25.0"
-    "@algolia/requester-fetch" "5.25.0"
-    "@algolia/requester-node-http" "5.25.0"
+    "@algolia/client-common" "5.29.0"
+    "@algolia/requester-browser-xhr" "5.29.0"
+    "@algolia/requester-fetch" "5.29.0"
+    "@algolia/requester-node-http" "5.29.0"
 
-"@algolia/monitoring@1.25.0":
-  version "1.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/monitoring/-/monitoring-1.25.0.tgz#d59360cfe556338519d05a9d8107147e9dbcb020"
-  integrity sha512-Ls3i1AehJ0C6xaHe7kK9vPmzImOn5zBg7Kzj8tRYIcmCWVyuuFwCIsbuIIz/qzUf1FPSWmw0TZrGeTumk2fqXg==
+"@algolia/monitoring@1.29.0":
+  version "1.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/monitoring/-/monitoring-1.29.0.tgz#919f86b7c53f1ea7c78f4c0ed9bd7917c1ca3a67"
+  integrity sha512-FGWWG9jLFhsKB7YiDjM2dwQOYnWu//7Oxrb2vT96N7+s+hg1mdHHfHNRyEudWdxd4jkMhBjeqNA21VbTiOIPVg==
   dependencies:
-    "@algolia/client-common" "5.25.0"
-    "@algolia/requester-browser-xhr" "5.25.0"
-    "@algolia/requester-fetch" "5.25.0"
-    "@algolia/requester-node-http" "5.25.0"
+    "@algolia/client-common" "5.29.0"
+    "@algolia/requester-browser-xhr" "5.29.0"
+    "@algolia/requester-fetch" "5.29.0"
+    "@algolia/requester-node-http" "5.29.0"
 
-"@algolia/recommend@5.25.0":
-  version "5.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/recommend/-/recommend-5.25.0.tgz#b96f12c85aa74a0326982c7801fcd4a610b420f4"
-  integrity sha512-79sMdHpiRLXVxSjgw7Pt4R1aNUHxFLHiaTDnN2MQjHwJ1+o3wSseb55T9VXU4kqy3m7TUme3pyRhLk5ip/S4Mw==
+"@algolia/recommend@5.29.0":
+  version "5.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/recommend/-/recommend-5.29.0.tgz#8f2e5fe2e43e6d1dfa488b4c095404e46d0e1b0c"
+  integrity sha512-xte5+mpdfEARAu61KXa4ewpjchoZuJlAlvQb8ptK6hgHlBHDnYooy1bmOFpokaAICrq/H9HpoqNUX71n+3249A==
   dependencies:
-    "@algolia/client-common" "5.25.0"
-    "@algolia/requester-browser-xhr" "5.25.0"
-    "@algolia/requester-fetch" "5.25.0"
-    "@algolia/requester-node-http" "5.25.0"
+    "@algolia/client-common" "5.29.0"
+    "@algolia/requester-browser-xhr" "5.29.0"
+    "@algolia/requester-fetch" "5.29.0"
+    "@algolia/requester-node-http" "5.29.0"
 
-"@algolia/requester-browser-xhr@5.25.0":
-  version "5.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.25.0.tgz#c194fa5f49206b9343e6646c41bfbca2a3f2ac54"
-  integrity sha512-JLaF23p1SOPBmfEqozUAgKHQrGl3z/Z5RHbggBu6s07QqXXcazEsub5VLonCxGVqTv6a61AAPr8J1G5HgGGjEw==
+"@algolia/requester-browser-xhr@5.29.0":
+  version "5.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.29.0.tgz#c3cec914716160d3d972ff09b3b35093916cb5bb"
+  integrity sha512-og+7Em75aPHhahEUScq2HQ3J7ULN63Levtd87BYMpn6Im5d5cNhaC4QAUsXu6LWqxRPgh4G+i+wIb6tVhDhg2A==
   dependencies:
-    "@algolia/client-common" "5.25.0"
+    "@algolia/client-common" "5.29.0"
 
-"@algolia/requester-fetch@5.25.0":
-  version "5.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/requester-fetch/-/requester-fetch-5.25.0.tgz#231a2d0da2397d141f80b8f28e2cb6e3d219d38d"
-  integrity sha512-rtzXwqzFi1edkOF6sXxq+HhmRKDy7tz84u0o5t1fXwz0cwx+cjpmxu/6OQKTdOJFS92JUYHsG51Iunie7xbqfQ==
+"@algolia/requester-fetch@5.29.0":
+  version "5.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/requester-fetch/-/requester-fetch-5.29.0.tgz#3d885d73ab116c4c1ae88e7e6fb3b022cba45ce8"
+  integrity sha512-JCxapz7neAy8hT/nQpCvOrI5JO8VyQ1kPvBiaXWNC1prVq0UMYHEL52o1BsPvtXfdQ7BVq19OIq6TjOI06mV/w==
   dependencies:
-    "@algolia/client-common" "5.25.0"
+    "@algolia/client-common" "5.29.0"
 
-"@algolia/requester-node-http@5.25.0":
-  version "5.25.0"
-  resolved "https://registry.yarnpkg.com/@algolia/requester-node-http/-/requester-node-http-5.25.0.tgz#0ce13c550890de21c558b04381535d2d245a3725"
-  integrity sha512-ZO0UKvDyEFvyeJQX0gmZDQEvhLZ2X10K+ps6hViMo1HgE2V8em00SwNsQ+7E/52a+YiBkVWX61pJJJE44juDMQ==
+"@algolia/requester-node-http@5.29.0":
+  version "5.29.0"
+  resolved "https://registry.yarnpkg.com/@algolia/requester-node-http/-/requester-node-http-5.29.0.tgz#9e8fb975c392ba1a99b8774856cfc892ed17819e"
+  integrity sha512-lVBD81RBW5VTdEYgnzCz7Pf9j2H44aymCP+/eHGJu4vhU+1O8aKf3TVBgbQr5UM6xoe8IkR/B112XY6YIG2vtg==
   dependencies:
-    "@algolia/client-common" "5.25.0"
+    "@algolia/client-common" "5.29.0"
 
 "@alloc/quick-lru@^5.2.0":
   version "5.2.0"
@@ -217,9 +217,9 @@
   integrity sha512-qJzAIcv03PyaWqxRgO4mSU3lihncDT296vnyuE2O8uA4w3UHWI4S3hgeZd1L8W1Bft40w9JxJ2b412iDUFFRhw==
 
 "@babel/compat-data@^7.27.2":
-  version "7.27.3"
-  resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.27.3.tgz#cc49c2ac222d69b889bf34c795f537c0c6311111"
-  integrity sha512-V42wFfx1ymFte+ecf6iXghnnP8kWTO+ZLXIyZq+1LAXHHvTZdVxicn4yiVYdYMGaCO3tmqub11AorKkv+iodqw==
+  version "7.27.5"
+  resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.27.5.tgz#7d0658ec1a8420fc866d1df1b03bea0e79934c82"
+  integrity sha512-KiRAp/VoJaWkkte84TvUd9qjdbZAdiqyvMxrGl1N6vzFogKmaLgoM3L1kgtLicp2HP5fBJS8JrZKLVIZGVJAVg==
 
 "@babel/core@^7.21.3":
   version "7.24.7"
@@ -243,19 +243,19 @@
     semver "^6.3.1"
 
 "@babel/core@^7.25.9":
-  version "7.27.3"
-  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.27.3.tgz#d7d05502bccede3cab36373ed142e6a1df554c2f"
-  integrity sha512-hyrN8ivxfvJ4i0fIJuV4EOlV0WDMz5Ui4StRTgVaAvWeiRCilXgwVvxJKtFQ3TKtHgJscB2YiXKGNJuVwhQMtA==
+  version "7.27.4"
+  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.27.4.tgz#cc1fc55d0ce140a1828d1dd2a2eba285adbfb3ce"
+  integrity sha512-bXYxrXFubeYdvB0NhD/NBB3Qi6aZeV20GOWVI47t2dkecCEoneR4NPVcb7abpXDEvejgrUfFtG6vG/zxAKmg+g==
   dependencies:
     "@ampproject/remapping" "^2.2.0"
     "@babel/code-frame" "^7.27.1"
     "@babel/generator" "^7.27.3"
     "@babel/helper-compilation-targets" "^7.27.2"
     "@babel/helper-module-transforms" "^7.27.3"
-    "@babel/helpers" "^7.27.3"
-    "@babel/parser" "^7.27.3"
+    "@babel/helpers" "^7.27.4"
+    "@babel/parser" "^7.27.4"
     "@babel/template" "^7.27.2"
-    "@babel/traverse" "^7.27.3"
+    "@babel/traverse" "^7.27.4"
     "@babel/types" "^7.27.3"
     convert-source-map "^2.0.0"
     debug "^4.1.0"
@@ -274,11 +274,11 @@
     jsesc "^2.5.1"
 
 "@babel/generator@^7.25.9", "@babel/generator@^7.27.3":
-  version "7.27.3"
-  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.27.3.tgz#ef1c0f7cfe3b5fc8cbb9f6cc69f93441a68edefc"
-  integrity sha512-xnlJYj5zepml8NXtjkG0WquFUv8RskFqyFcVgTBp5k+NaA/8uw/K+OSVf8AMGw5e9HKP2ETd5xpK5MLZQD6b4Q==
+  version "7.27.5"
+  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.27.5.tgz#3eb01866b345ba261b04911020cbe22dd4be8c8c"
+  integrity sha512-ZGhA37l0e/g2s1Cnzdix0O3aLYm66eF8aufiVteOgnwxgnRP8GoyMj7VWsgWnQbVKXyge7hqrFh2K2TQM6t1Hw==
   dependencies:
-    "@babel/parser" "^7.27.3"
+    "@babel/parser" "^7.27.5"
     "@babel/types" "^7.27.3"
     "@jridgewell/gen-mapping" "^0.3.5"
     "@jridgewell/trace-mapping" "^0.3.25"
@@ -628,13 +628,13 @@
     "@babel/template" "^7.27.0"
     "@babel/types" "^7.27.0"
 
-"@babel/helpers@^7.27.3":
-  version "7.27.3"
-  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.27.3.tgz#387d65d279290e22fe7a47a8ffcd2d0c0184edd0"
-  integrity sha512-h/eKy9agOya1IGuLaZ9tEUgz+uIRXcbtOhRtUyyMf8JFmn1iT13vnl/IGVWSkdOCG/pC57U4S1jnAabAavTMwg==
+"@babel/helpers@^7.27.4":
+  version "7.27.6"
+  resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.27.6.tgz#6456fed15b2cb669d2d1fabe84b66b34991d812c"
+  integrity sha512-muE8Tt8M22638HU31A3CgfSUciwz1fhATfoVai05aPXGor//CdWDCbnlY1yvBPo07njuVOCNGCSp/GTt12lIug==
   dependencies:
     "@babel/template" "^7.27.2"
-    "@babel/types" "^7.27.3"
+    "@babel/types" "^7.27.6"
 
 "@babel/highlight@^7.24.7":
   version "7.24.7"
@@ -658,10 +658,10 @@
   dependencies:
     "@babel/types" "^7.27.0"
 
-"@babel/parser@^7.27.2", "@babel/parser@^7.27.3":
-  version "7.27.3"
-  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.27.3.tgz#1b7533f0d908ad2ac545c4d05cbe2fb6dc8cfaaf"
-  integrity sha512-xyYxRj6+tLNDTWi0KCBcZ9V7yg3/lwL9DWh9Uwh/RIVlIfFidggcgxKX3GCXwCiswwcGRawBKbEg2LG/Y8eJhw==
+"@babel/parser@^7.27.2", "@babel/parser@^7.27.4", "@babel/parser@^7.27.5":
+  version "7.27.5"
+  resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.27.5.tgz#ed22f871f110aa285a6fd934a0efed621d118826"
+  integrity sha512-OsQd175SxWkGlzbny8J3K8TnnDD0N3lrIUtB92xwyRpzaenGZhxDvxN/JgU00U3CDZNj9tPuDJ5H0WS4Nt3vKg==
   dependencies:
     "@babel/types" "^7.27.3"
 
@@ -983,9 +983,9 @@
     "@babel/helper-plugin-utils" "^7.24.7"
 
 "@babel/plugin-transform-block-scoping@^7.27.1":
-  version "7.27.3"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.27.3.tgz#a21f37e222dc0a7b91c3784fa3bd4edf8d7a6dc1"
-  integrity sha512-+F8CnfhuLhwUACIJMLWnjz6zvzYM2r0yeIHKlbgfw7ml8rOMJsXNXV/hyRcb3nb493gRs4WvYpQAndWj/qQmkQ==
+  version "7.27.5"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.27.5.tgz#98c37485d815533623d992fd149af3e7b3140157"
+  integrity sha512-JF6uE2s67f0y2RZcm2kpAUEbD50vH62TyWVebxwHAlbSdM49VqPz8t4a1uIjp4NIOIZ4xzLfjY5emt/RCyC7TQ==
   dependencies:
     "@babel/helper-plugin-utils" "^7.27.1"
 
@@ -1595,9 +1595,9 @@
     regenerator-transform "^0.15.2"
 
 "@babel/plugin-transform-regenerator@^7.27.1":
-  version "7.27.1"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.27.1.tgz#0a471df9213416e44cd66bf67176b66f65768401"
-  integrity sha512-B19lbbL7PMrKr52BNPjCqg1IyNUIjTcxKj8uX9zHO+PmWN93s19NDr/f69mIkEp2x9nmDJ08a7lgHaTTzvW7mw==
+  version "7.27.5"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.27.5.tgz#0c01f4e0e4cced15f68ee14b9c76dac9813850c7"
+  integrity sha512-uhB8yHerfe3MWnuLAhEbeQ4afVoqv8BQsPqrTv7e/jZ9y00kJL6l9a/f4OWaKxotmjzewfEyXE1vgDJenkQ2/Q==
   dependencies:
     "@babel/helper-plugin-utils" "^7.27.1"
 
@@ -1624,9 +1624,9 @@
     "@babel/helper-plugin-utils" "^7.27.1"
 
 "@babel/plugin-transform-runtime@^7.25.9":
-  version "7.27.3"
-  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.27.3.tgz#ad35f1eff5ba18a5e23f7270e939fb5a59d3ec0b"
-  integrity sha512-bA9ZL5PW90YwNgGfjg6U+7Qh/k3zCEQJ06BFgAGRp/yMjw9hP9UGbGPtx3KSOkHGljEPCCxaE+PH4fUR2h1sDw==
+  version "7.27.4"
+  resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.27.4.tgz#dee5c5db6543313d1ae1b4b1ec122ff1e77352b9"
+  integrity sha512-D68nR5zxU64EUzV8i7T3R5XP0Xhrou/amNnddsRQssx6GrTLdZl1rLxyjtVZBd+v/NVX4AbTPOB5aU8thAZV1A==
   dependencies:
     "@babel/helper-module-imports" "^7.27.1"
     "@babel/helper-plugin-utils" "^7.27.1"
@@ -2013,13 +2013,13 @@
   integrity sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA==
 
 "@babel/runtime-corejs3@^7.25.9":
-  version "7.27.3"
-  resolved "https://registry.yarnpkg.com/@babel/runtime-corejs3/-/runtime-corejs3-7.27.3.tgz#b971a4a0a376171e266629152e74ef50e9931f79"
-  integrity sha512-ZYcgrwb+dkWNcDlsTe4fH1CMdqMDSJ5lWFd1by8Si2pI54XcQjte/+ViIPqAk7EAWisaUxvQ89grv+bNX2x8zg==
+  version "7.27.6"
+  resolved "https://registry.yarnpkg.com/@babel/runtime-corejs3/-/runtime-corejs3-7.27.6.tgz#97644153808a62898e7c05f3361501417db3c48b"
+  integrity sha512-vDVrlmRAY8z9Ul/HxT+8ceAru95LQgkSKiXkSYZvqtbkPSfhZJgpRp45Cldbh1GJ1kxzQkI70AqyrTI58KpaWQ==
   dependencies:
     core-js-pure "^3.30.2"
 
-"@babel/runtime@^7.1.2", "@babel/runtime@^7.10.3", "@babel/runtime@^7.12.13", "@babel/runtime@^7.12.5", "@babel/runtime@^7.15.4", "@babel/runtime@^7.8.4", "@babel/runtime@^7.9.2":
+"@babel/runtime@^7.1.2", "@babel/runtime@^7.10.3", "@babel/runtime@^7.12.13", "@babel/runtime@^7.12.5", "@babel/runtime@^7.15.4", "@babel/runtime@^7.20.13", "@babel/runtime@^7.23.2", "@babel/runtime@^7.26.0", "@babel/runtime@^7.8.4", "@babel/runtime@^7.9.2":
   version "7.27.0"
   resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.27.0.tgz#fbee7cf97c709518ecc1f590984481d5460d4762"
   integrity sha512-VtPOkrdPHZsKc/clNqyi9WUA8TINkZ4cGk63UUE3u4pmB2k+ZMQRDuIOagv8UVd6j7k0T3+RRIb7beKTebNbcw==
@@ -2027,9 +2027,9 @@
     regenerator-runtime "^0.14.0"
 
 "@babel/runtime@^7.25.9":
-  version "7.27.3"
-  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.27.3.tgz#10491113799fb8d77e1d9273384d5d68deeea8f6"
-  integrity sha512-7EYtGezsdiDMyY80+65EzwiGmcJqpmcZCojSXaRgdrBaGtWTgDZKq69cPIVped6MkIM78cTQ2GOiEYjwOlG4xw==
+  version "7.27.6"
+  resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.27.6.tgz#ec4070a04d76bae8ddbb10770ba55714a417b7c6"
+  integrity sha512-vbavdySgbTTrmFE+EsiqUTzlOr5bzlnJtUv9PynGCAKvfQqjIXbvFdumPM/GxMDfyuGMJaJAU6TO4zc1Jf1i8Q==
 
 "@babel/template@^7.24.7":
   version "7.24.7"
@@ -2074,14 +2074,14 @@
     debug "^4.3.1"
     globals "^11.1.0"
 
-"@babel/traverse@^7.25.9", "@babel/traverse@^7.27.1", "@babel/traverse@^7.27.3":
-  version "7.27.3"
-  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.27.3.tgz#8b62a6c2d10f9d921ba7339c90074708509cffae"
-  integrity sha512-lId/IfN/Ye1CIu8xG7oKBHXd2iNb2aW1ilPszzGcJug6M8RCKfVNcYhpI5+bMvFYjK7lXIM0R+a+6r8xhHp2FQ==
+"@babel/traverse@^7.25.9", "@babel/traverse@^7.27.1", "@babel/traverse@^7.27.3", "@babel/traverse@^7.27.4":
+  version "7.27.4"
+  resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.27.4.tgz#b0045ac7023c8472c3d35effd7cc9ebd638da6ea"
+  integrity sha512-oNcu2QbHqts9BtOWJosOVJapWjBDSxGCpFvikNR5TGDYDQf3JwpIoMzIKrvfoti93cLfPJEG4tH9SPVeyCGgdA==
   dependencies:
     "@babel/code-frame" "^7.27.1"
     "@babel/generator" "^7.27.3"
-    "@babel/parser" "^7.27.3"
+    "@babel/parser" "^7.27.4"
     "@babel/template" "^7.27.2"
     "@babel/types" "^7.27.3"
     debug "^4.3.1"
@@ -2104,10 +2104,10 @@
     "@babel/helper-string-parser" "^7.25.9"
     "@babel/helper-validator-identifier" "^7.25.9"
 
-"@babel/types@^7.27.1", "@babel/types@^7.27.3":
-  version "7.27.3"
-  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.27.3.tgz#c0257bedf33aad6aad1f406d35c44758321eb3ec"
-  integrity sha512-Y1GkI4ktrtvmawoSq+4FCVHNryea6uR+qUQy0AGxLSsjCX0nVmkYQMBLHDkXZuo5hGx7eYdnIaslsdBFm7zbUw==
+"@babel/types@^7.27.1", "@babel/types@^7.27.3", "@babel/types@^7.27.6":
+  version "7.27.6"
+  resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.27.6.tgz#a434ca7add514d4e646c80f7375c0aa2befc5535"
+  integrity sha512-ETyHEk2VHHvl9b9jZP5IHPavHYk57EhanlRRuae9XCpb/j5bDCbPPMOBfCWhnl/7EDJz0jEMCi/RhccCE8r1+Q==
   dependencies:
     "@babel/helper-string-parser" "^7.27.1"
     "@babel/helper-validator-identifier" "^7.27.1"
@@ -3072,6 +3072,33 @@
   resolved "https://registry.yarnpkg.com/@faker-js/faker/-/faker-5.5.3.tgz#18e3af6b8eae7984072bbeb0c0858474d7c4cefe"
   integrity sha512-R11tGE6yIFwqpaIqcfkcg7AICXzFg14+5h5v0TfF/9+RMDL6jhzCy/pxHVOfbALGdtVYdt6JdR21tuxEgl34dw==
 
+"@floating-ui/core@^1.6.0":
+  version "1.6.9"
+  resolved "https://registry.yarnpkg.com/@floating-ui/core/-/core-1.6.9.tgz#64d1da251433019dafa091de9b2886ff35ec14e6"
+  integrity sha512-uMXCuQ3BItDUbAMhIXw7UPXRfAlOAvZzdK9BWpE60MCn+Svt3aLn9jsPTi/WNGlRUu2uI0v5S7JiIUsbsvh3fw==
+  dependencies:
+    "@floating-ui/utils" "^0.2.9"
+
+"@floating-ui/dom@^1.0.0":
+  version "1.6.13"
+  resolved "https://registry.yarnpkg.com/@floating-ui/dom/-/dom-1.6.13.tgz#a8a938532aea27a95121ec16e667a7cbe8c59e34"
+  integrity sha512-umqzocjDgNRGTuO7Q8CU32dkHkECqI8ZdMZ5Swb6QAM0t5rnlrN3lGo1hdpscRd3WS8T6DKYK4ephgIH9iRh3w==
+  dependencies:
+    "@floating-ui/core" "^1.6.0"
+    "@floating-ui/utils" "^0.2.9"
+
+"@floating-ui/react-dom@^2.0.0":
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/@floating-ui/react-dom/-/react-dom-2.1.2.tgz#a1349bbf6a0e5cb5ded55d023766f20a4d439a31"
+  integrity sha512-06okr5cgPzMNBy+Ycse2A6udMi4bqwW/zgBF/rwjcNqWkyr82Mcg8b0vjX8OJpZFy/FKjJmw6wV7t44kK6kW7A==
+  dependencies:
+    "@floating-ui/dom" "^1.0.0"
+
+"@floating-ui/utils@^0.2.9":
+  version "0.2.9"
+  resolved "https://registry.yarnpkg.com/@floating-ui/utils/-/utils-0.2.9.tgz#50dea3616bc8191fb8e112283b49eaff03e78429"
+  integrity sha512-MDWhGtE+eHw5JW7lq4qhc5yRLS11ERl1c7Z6Xd0a58DozHES6EnNNwUWbMiG4J9Cgj053Bhk8zvlhFYKVhULwg==
+
 "@hapi/hoek@^9.0.0", "@hapi/hoek@^9.3.0":
   version "9.3.0"
   resolved "https://registry.yarnpkg.com/@hapi/hoek/-/hoek-9.3.0.tgz#8368869dcb735be2e7f5cb7647de78e167a251fb"
@@ -3121,6 +3148,104 @@
     local-pkg "^1.0.0"
     mlly "^1.7.4"
 
+"@inkeep/cxkit-color-mode@0.5.89":
+  version "0.5.89"
+  resolved "https://registry.yarnpkg.com/@inkeep/cxkit-color-mode/-/cxkit-color-mode-0.5.89.tgz#4a5471b3dc453262ef0277908c30e108b1095331"
+  integrity sha512-h89/i67uEiJh0Bqf/dt9nJWv3IjCnmu96nkomocZ3evPKrLeBq13IygFIxtvmvXfx1QBBdmAD+x933rc5RcgFA==
+
+"@inkeep/cxkit-docusaurus@^0.5.89":
+  version "0.5.89"
+  resolved "https://registry.yarnpkg.com/@inkeep/cxkit-docusaurus/-/cxkit-docusaurus-0.5.89.tgz#aff4035fe2bb69401d1677393dcd2943bf3e0d1f"
+  integrity sha512-z4OxGLoPVbk6ZcKW5i/MrGJUx6Wyc5zh2mxOt2IHTQgFL3XiArCKds0R8jSxSi8SB/a9j5Wm/X0FinT+or9NKA==
+  dependencies:
+    "@inkeep/cxkit-react" "0.5.89"
+    merge-anything "5.1.7"
+    path "^0.12.7"
+
+"@inkeep/cxkit-primitives@0.5.89":
+  version "0.5.89"
+  resolved "https://registry.yarnpkg.com/@inkeep/cxkit-primitives/-/cxkit-primitives-0.5.89.tgz#1f8252f18754aab2c28dd0e1436381b4323d2c0b"
+  integrity sha512-ugC80ivuimKmzcm8RktAL9C7YHss7CneerbHnNy+uipCx9ZcIY5dRfgMqIdoLG6fL7fhSm6E0QElGL8YjjfN6g==
+  dependencies:
+    "@inkeep/cxkit-color-mode" "0.5.89"
+    "@inkeep/cxkit-theme" "0.5.89"
+    "@inkeep/cxkit-types" "0.5.89"
+    "@radix-ui/primitive" "^1.1.1"
+    "@radix-ui/react-avatar" "1.1.2"
+    "@radix-ui/react-checkbox" "1.1.3"
+    "@radix-ui/react-compose-refs" "^1.1.1"
+    "@radix-ui/react-context" "^1.1.1"
+    "@radix-ui/react-dismissable-layer" "^1.1.5"
+    "@radix-ui/react-focus-guards" "^1.1.1"
+    "@radix-ui/react-focus-scope" "^1.1.2"
+    "@radix-ui/react-hover-card" "^1.1.6"
+    "@radix-ui/react-id" "^1.1.0"
+    "@radix-ui/react-popover" "1.1.6"
+    "@radix-ui/react-portal" "^1.1.4"
+    "@radix-ui/react-presence" "^1.1.2"
+    "@radix-ui/react-primitive" "^2.0.2"
+    "@radix-ui/react-scroll-area" "1.2.2"
+    "@radix-ui/react-select" "^2.1.7"
+    "@radix-ui/react-slot" "^1.2.0"
+    "@radix-ui/react-tabs" "^1.1.4"
+    "@radix-ui/react-tooltip" "1.1.6"
+    "@radix-ui/react-use-callback-ref" "^1.1.0"
+    "@radix-ui/react-use-controllable-state" "^1.1.0"
+    "@zag-js/focus-trap" "^1.7.0"
+    "@zag-js/presence" "^1.13.1"
+    "@zag-js/react" "^1.13.1"
+    altcha-lib "^1.2.0"
+    aria-hidden "^1.2.4"
+    dequal "^2.0.3"
+    humps "2.0.1"
+    lucide-react "^0.503.0"
+    marked "^15.0.9"
+    merge-anything "5.1.7"
+    openai "4.78.1"
+    prism-react-renderer "2.4.1"
+    react-error-boundary "^6.0.0"
+    react-hook-form "7.54.2"
+    react-markdown "9.0.3"
+    react-remove-scroll "^2.7.1"
+    react-svg "16.3.0"
+    react-textarea-autosize "8.5.7"
+    rehype-raw "7.0.0"
+    remark-gfm "^4.0.1"
+    unist-util-visit "^5.0.0"
+    use-sync-external-store "^1.4.0"
+
+"@inkeep/cxkit-react@0.5.89":
+  version "0.5.89"
+  resolved "https://registry.yarnpkg.com/@inkeep/cxkit-react/-/cxkit-react-0.5.89.tgz#4bc37852bc6161ed4dc5b44b3ceb8beddf49f6f8"
+  integrity sha512-v86J6xe86kgKfDzlNGZSGHQ3PB8KJ46ra8xnVV4RrRjp7kPGiR7MvGfalFcSiaSEQzWiAcKAl4gya/AF/J/OZw==
+  dependencies:
+    "@inkeep/cxkit-styled" "0.5.89"
+    "@radix-ui/react-use-controllable-state" "^1.1.0"
+    lucide-react "^0.503.0"
+
+"@inkeep/cxkit-styled@0.5.89":
+  version "0.5.89"
+  resolved "https://registry.yarnpkg.com/@inkeep/cxkit-styled/-/cxkit-styled-0.5.89.tgz#e113ee393f5055457281a52cfb8221dd14f70661"
+  integrity sha512-w9V3vYuq4ytluow16RO/0/V1s9PSBqOjZdvATdn+jy06gUn5ClNAiJ79m34fB3Ep0Y6o2m+obujX4njw4A+LPw==
+  dependencies:
+    "@inkeep/cxkit-primitives" "0.5.89"
+    class-variance-authority "0.7.1"
+    clsx "2.1.1"
+    merge-anything "5.1.7"
+    tailwind-merge "2.6.0"
+
+"@inkeep/cxkit-theme@0.5.89":
+  version "0.5.89"
+  resolved "https://registry.yarnpkg.com/@inkeep/cxkit-theme/-/cxkit-theme-0.5.89.tgz#b1f9f7be2a87f25b8c6b2c4eb654b998b6bd7cc8"
+  integrity sha512-Yji2OCDi2buYZQXY4tw93U6W3ZFDaNw7wgGLP+vTyRZaFBMGwW52zNOjewz2UL1jNGl6ublHXmWM+kjIC4b5SQ==
+  dependencies:
+    colorjs.io "0.5.2"
+
+"@inkeep/cxkit-types@0.5.89":
+  version "0.5.89"
+  resolved "https://registry.yarnpkg.com/@inkeep/cxkit-types/-/cxkit-types-0.5.89.tgz#f8db85cca7c8dbb72c6a035882435b5e0e86ca76"
+  integrity sha512-zz6945Ex9kSpIUeZaVAX4h6HeCaOt28BzZyuprQWXIpzvAlFKuKDNV1Zm5umEglaiGSx+T9J6WViy3PoRXwTtA==
+
 "@isaacs/cliui@^8.0.2":
   version "8.0.2"
   resolved "https://registry.yarnpkg.com/@isaacs/cliui/-/cliui-8.0.2.tgz#b37667b7bc181c168782259bab42474fbf52b550"
@@ -3238,10 +3363,10 @@
   dependencies:
     "@types/mdx" "^2.0.0"
 
-"@mermaid-js/parser@^0.4.0":
-  version "0.4.0"
-  resolved "https://registry.yarnpkg.com/@mermaid-js/parser/-/parser-0.4.0.tgz#c1de1f5669f8fcbd0d0c9d124927d36ddc00d8a6"
-  integrity sha512-wla8XOWvQAwuqy+gxiZqY+c7FokraOTHRWMsbB4AgRx9Sy7zKslNyejy7E+a77qHfey5GXw/ik3IXv/NHMJgaA==
+"@mermaid-js/parser@^0.5.0":
+  version "0.5.0"
+  resolved "https://registry.yarnpkg.com/@mermaid-js/parser/-/parser-0.5.0.tgz#63d676e930b0cfd6abfeadee46fb228761438ce6"
+  integrity sha512-AiaN7+VjXC+3BYE+GwNezkpjIcCI2qIMB/K4S2/vMWe0q/XJCBbx5+K7iteuz7VyltX9iAK4FmVTvGc9kjOV4w==
   dependencies:
     langium "3.3.1"
 
@@ -3429,6 +3554,551 @@
   resolved "https://registry.yarnpkg.com/@polka/url/-/url-1.0.0-next.25.tgz#f077fdc0b5d0078d30893396ff4827a13f99e817"
   integrity sha512-j7P6Rgr3mmtdkeDGTe0E/aYyWEWVtc5yFXtHCRHs28/jptDEWfaVOc5T7cblqy1XKPPfCxJc/8DwQ5YgLOZOVQ==
 
+"@radix-ui/number@1.1.0":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@radix-ui/number/-/number-1.1.0.tgz#1e95610461a09cdf8bb05c152e76ca1278d5da46"
+  integrity sha512-V3gRzhVNU1ldS5XhAPTom1fOIo4ccrjjJgmE+LI2h/WaFpHmx0MQApT+KZHnx8abG6Avtfcz4WoEciMnpFT3HQ==
+
+"@radix-ui/number@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/number/-/number-1.1.1.tgz#7b2c9225fbf1b126539551f5985769d0048d9090"
+  integrity sha512-MkKCwxlXTgz6CFoJx3pCwn07GKp36+aZyu/u2Ln2VrA5DcdyCZkASEDBTd8x5whTQQL5CiYf4prXKLcgQdv29g==
+
+"@radix-ui/primitive@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/primitive/-/primitive-1.1.1.tgz#fc169732d755c7fbad33ba8d0cd7fd10c90dc8e3"
+  integrity sha512-SJ31y+Q/zAyShtXJc8x83i9TYdbAfHZ++tUZnvjJJqFjzsdUnKsxPL6IEtBlxKkU7yzer//GQtZSV4GbldL3YA==
+
+"@radix-ui/primitive@1.1.2", "@radix-ui/primitive@^1.1.1":
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/@radix-ui/primitive/-/primitive-1.1.2.tgz#83f415c4425f21e3d27914c12b3272a32e3dae65"
+  integrity sha512-XnbHrrprsNqZKQhStrSwgRUQzoCI1glLzdw79xiZPoofhGICeZRSQ3dIxAKH1gb3OHfNf4d6f+vAv3kil2eggA==
+
+"@radix-ui/react-arrow@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-arrow/-/react-arrow-1.1.1.tgz#2103721933a8bfc6e53bbfbdc1aaad5fc8ba0dd7"
+  integrity sha512-NaVpZfmv8SKeZbn4ijN2V3jlHA9ngBG16VnIIm22nUR0Yk8KUALyBxT3KYEUnNuch9sTE8UTsS3whzBgKOL30w==
+  dependencies:
+    "@radix-ui/react-primitive" "2.0.1"
+
+"@radix-ui/react-arrow@1.1.2":
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-arrow/-/react-arrow-1.1.2.tgz#30c0d574d7bb10eed55cd7007b92d38b03c6b2ab"
+  integrity sha512-G+KcpzXHq24iH0uGG/pF8LyzpFJYGD4RfLjCIBfGdSLXvjLHST31RUiRVrupIBMvIppMgSzQ6l66iAxl03tdlg==
+  dependencies:
+    "@radix-ui/react-primitive" "2.0.2"
+
+"@radix-ui/react-arrow@1.1.3":
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-arrow/-/react-arrow-1.1.3.tgz#8926eb1d87f73c2e047eac96703949f168c85861"
+  integrity sha512-2dvVU4jva0qkNZH6HHWuSz5FN5GeU5tymvCgutF8WaXz9WnD1NgUhy73cqzkjkN4Zkn8lfTPv5JIfrC221W+Nw==
+  dependencies:
+    "@radix-ui/react-primitive" "2.0.3"
+
+"@radix-ui/react-avatar@1.1.2":
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-avatar/-/react-avatar-1.1.2.tgz#24af4c66bb5271460a4a6b74c4f4f9d4789d3d90"
+  integrity sha512-GaC7bXQZ5VgZvVvsJ5mu/AEbjYLnhhkoidOboC50Z6FFlLA03wG2ianUoH+zgDQ31/9gCF59bE4+2bBgTyMiig==
+  dependencies:
+    "@radix-ui/react-context" "1.1.1"
+    "@radix-ui/react-primitive" "2.0.1"
+    "@radix-ui/react-use-callback-ref" "1.1.0"
+    "@radix-ui/react-use-layout-effect" "1.1.0"
+
+"@radix-ui/react-checkbox@1.1.3":
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-checkbox/-/react-checkbox-1.1.3.tgz#0e2ab913fddf3c88603625f7a9457d73882c8a32"
+  integrity sha512-HD7/ocp8f1B3e6OHygH0n7ZKjONkhciy1Nh0yuBgObqThc3oyx+vuMfFHKAknXRHHWVE9XvXStxJFyjUmB8PIw==
+  dependencies:
+    "@radix-ui/primitive" "1.1.1"
+    "@radix-ui/react-compose-refs" "1.1.1"
+    "@radix-ui/react-context" "1.1.1"
+    "@radix-ui/react-presence" "1.1.2"
+    "@radix-ui/react-primitive" "2.0.1"
+    "@radix-ui/react-use-controllable-state" "1.1.0"
+    "@radix-ui/react-use-previous" "1.1.0"
+    "@radix-ui/react-use-size" "1.1.0"
+
+"@radix-ui/react-collection@1.1.3":
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-collection/-/react-collection-1.1.3.tgz#cfd46dcea5a8ab064d91798feeb46faba4032930"
+  integrity sha512-mM2pxoQw5HJ49rkzwOs7Y6J4oYH22wS8BfK2/bBxROlI4xuR0c4jEenQP63LlTlDkO6Buj2Vt+QYAYcOgqtrXA==
+  dependencies:
+    "@radix-ui/react-compose-refs" "1.1.2"
+    "@radix-ui/react-context" "1.1.2"
+    "@radix-ui/react-primitive" "2.0.3"
+    "@radix-ui/react-slot" "1.2.0"
+
+"@radix-ui/react-compose-refs@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-compose-refs/-/react-compose-refs-1.1.1.tgz#6f766faa975f8738269ebb8a23bad4f5a8d2faec"
+  integrity sha512-Y9VzoRDSJtgFMUCoiZBDVo084VQ5hfpXxVE+NgkdNsjiDBByiImMZKKhxMwCbdHvhlENG6a833CbFkOQvTricw==
+
+"@radix-ui/react-compose-refs@1.1.2", "@radix-ui/react-compose-refs@^1.1.1":
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-compose-refs/-/react-compose-refs-1.1.2.tgz#a2c4c47af6337048ee78ff6dc0d090b390d2bb30"
+  integrity sha512-z4eqJvfiNnFMHIIvXP3CY57y2WJs5g2v3X0zm9mEJkrkNv4rDxu+sg9Jh8EkXyeqBkB7SOcboo9dMVqhyrACIg==
+
+"@radix-ui/react-context@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-context/-/react-context-1.1.1.tgz#82074aa83a472353bb22e86f11bcbd1c61c4c71a"
+  integrity sha512-UASk9zi+crv9WteK/NU4PLvOoL3OuE6BWVKNF6hPRBtYBDXQ2u5iu3O59zUlJiTVvkyuycnqrztsHVJwcK9K+Q==
+
+"@radix-ui/react-context@1.1.2", "@radix-ui/react-context@^1.1.1":
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-context/-/react-context-1.1.2.tgz#61628ef269a433382c364f6f1e3788a6dc213a36"
+  integrity sha512-jCi/QKUM2r1Ju5a3J64TH2A5SpKAgh0LpknyqdQ4m6DCV0xJ2HG1xARRwNGPQfi1SLdLWZ1OJz6F4OMBBNiGJA==
+
+"@radix-ui/react-direction@1.1.0":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-direction/-/react-direction-1.1.0.tgz#a7d39855f4d077adc2a1922f9c353c5977a09cdc"
+  integrity sha512-BUuBvgThEiAXh2DWu93XsT+a3aWrGqolGlqqw5VU1kG7p/ZH2cuDlM1sRLNnY3QcBS69UIz2mcKhMxDsdewhjg==
+
+"@radix-ui/react-direction@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-direction/-/react-direction-1.1.1.tgz#39e5a5769e676c753204b792fbe6cf508e550a14"
+  integrity sha512-1UEWRX6jnOA2y4H5WczZ44gOOjTEmlqv1uNW4GAJEO5+bauCBhv8snY65Iw5/VOS/ghKN9gr2KjnLKxrsvoMVw==
+
+"@radix-ui/react-dismissable-layer@1.1.3":
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-dismissable-layer/-/react-dismissable-layer-1.1.3.tgz#4ee0f0f82d53bf5bd9db21665799bb0d1bad5ed8"
+  integrity sha512-onrWn/72lQoEucDmJnr8uczSNTujT0vJnA/X5+3AkChVPowr8n1yvIKIabhWyMQeMvvmdpsvcyDqx3X1LEXCPg==
+  dependencies:
+    "@radix-ui/primitive" "1.1.1"
+    "@radix-ui/react-compose-refs" "1.1.1"
+    "@radix-ui/react-primitive" "2.0.1"
+    "@radix-ui/react-use-callback-ref" "1.1.0"
+    "@radix-ui/react-use-escape-keydown" "1.1.0"
+
+"@radix-ui/react-dismissable-layer@1.1.5":
+  version "1.1.5"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-dismissable-layer/-/react-dismissable-layer-1.1.5.tgz#96dde2be078c694a621e55e047406c58cd5fe774"
+  integrity sha512-E4TywXY6UsXNRhFrECa5HAvE5/4BFcGyfTyK36gP+pAW1ed7UTK4vKwdr53gAJYwqbfCWC6ATvJa3J3R/9+Qrg==
+  dependencies:
+    "@radix-ui/primitive" "1.1.1"
+    "@radix-ui/react-compose-refs" "1.1.1"
+    "@radix-ui/react-primitive" "2.0.2"
+    "@radix-ui/react-use-callback-ref" "1.1.0"
+    "@radix-ui/react-use-escape-keydown" "1.1.0"
+
+"@radix-ui/react-dismissable-layer@1.1.6", "@radix-ui/react-dismissable-layer@^1.1.5":
+  version "1.1.6"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-dismissable-layer/-/react-dismissable-layer-1.1.6.tgz#e72c156cac7b07614fe8e3a039ab7081ce413686"
+  integrity sha512-7gpgMT2gyKym9Jz2ZhlRXSg2y6cNQIK8d/cqBZ0RBCaps8pFryCWXiUKI+uHGFrhMrbGUP7U6PWgiXzIxoyF3Q==
+  dependencies:
+    "@radix-ui/primitive" "1.1.2"
+    "@radix-ui/react-compose-refs" "1.1.2"
+    "@radix-ui/react-primitive" "2.0.3"
+    "@radix-ui/react-use-callback-ref" "1.1.1"
+    "@radix-ui/react-use-escape-keydown" "1.1.1"
+
+"@radix-ui/react-focus-guards@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-focus-guards/-/react-focus-guards-1.1.1.tgz#8635edd346304f8b42cae86b05912b61aef27afe"
+  integrity sha512-pSIwfrT1a6sIoDASCSpFwOasEwKTZWDw/iBdtnqKO7v6FeOzYJ7U53cPzYFVR3geGGXgVHaH+CdngrrAzqUGxg==
+
+"@radix-ui/react-focus-guards@1.1.2", "@radix-ui/react-focus-guards@^1.1.1":
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-focus-guards/-/react-focus-guards-1.1.2.tgz#4ec9a7e50925f7fb661394460045b46212a33bed"
+  integrity sha512-fyjAACV62oPV925xFCrH8DR5xWhg9KYtJT4s3u54jxp+L/hbpTY2kIeEFFbFe+a/HCE94zGQMZLIpVTPVZDhaA==
+
+"@radix-ui/react-focus-scope@1.1.2":
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-focus-scope/-/react-focus-scope-1.1.2.tgz#c0a4519cd95c772606a82fc5b96226cd7fdd2602"
+  integrity sha512-zxwE80FCU7lcXUGWkdt6XpTTCKPitG1XKOwViTxHVKIJhZl9MvIl2dVHeZENCWD9+EdWv05wlaEkRXUykU27RA==
+  dependencies:
+    "@radix-ui/react-compose-refs" "1.1.1"
+    "@radix-ui/react-primitive" "2.0.2"
+    "@radix-ui/react-use-callback-ref" "1.1.0"
+
+"@radix-ui/react-focus-scope@1.1.3", "@radix-ui/react-focus-scope@^1.1.2":
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-focus-scope/-/react-focus-scope-1.1.3.tgz#eac83a3aac700db17650b41b30724deffac5b28a"
+  integrity sha512-4XaDlq0bPt7oJwR+0k0clCiCO/7lO7NKZTAaJBYxDNQT/vj4ig0/UvctrRscZaFREpRvUTkpKR96ov1e6jptQg==
+  dependencies:
+    "@radix-ui/react-compose-refs" "1.1.2"
+    "@radix-ui/react-primitive" "2.0.3"
+    "@radix-ui/react-use-callback-ref" "1.1.1"
+
+"@radix-ui/react-hover-card@^1.1.6":
+  version "1.1.7"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-hover-card/-/react-hover-card-1.1.7.tgz#01b2f956daeb8a1193ccdb36c9c00943120bf2d4"
+  integrity sha512-HwM03kP8psrv21J1+9T/hhxi0f5rARVbqIZl9+IAq13l4j4fX+oGIuxisukZZmebO7J35w9gpoILvtG8bbph0w==
+  dependencies:
+    "@radix-ui/primitive" "1.1.2"
+    "@radix-ui/react-compose-refs" "1.1.2"
+    "@radix-ui/react-context" "1.1.2"
+    "@radix-ui/react-dismissable-layer" "1.1.6"
+    "@radix-ui/react-popper" "1.2.3"
+    "@radix-ui/react-portal" "1.1.5"
+    "@radix-ui/react-presence" "1.1.3"
+    "@radix-ui/react-primitive" "2.0.3"
+    "@radix-ui/react-use-controllable-state" "1.1.1"
+
+"@radix-ui/react-id@1.1.0":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-id/-/react-id-1.1.0.tgz#de47339656594ad722eb87f94a6b25f9cffae0ed"
+  integrity sha512-EJUrI8yYh7WOjNOqpoJaf1jlFIH2LvtgAl+YcFqNCa+4hj64ZXmPkAKOFs/ukjz3byN6bdb/AVUqHkI8/uWWMA==
+  dependencies:
+    "@radix-ui/react-use-layout-effect" "1.1.0"
+
+"@radix-ui/react-id@1.1.1", "@radix-ui/react-id@^1.1.0":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-id/-/react-id-1.1.1.tgz#1404002e79a03fe062b7e3864aa01e24bd1471f7"
+  integrity sha512-kGkGegYIdQsOb4XjsfM97rXsiHaBwco+hFI66oO4s9LU+PLAC5oJ7khdOVFxkhsmlbpUqDAvXw11CluXP+jkHg==
+  dependencies:
+    "@radix-ui/react-use-layout-effect" "1.1.1"
+
+"@radix-ui/react-popover@1.1.6":
+  version "1.1.6"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-popover/-/react-popover-1.1.6.tgz#699634dbc7899429f657bb590d71fb3ca0904087"
+  integrity sha512-NQouW0x4/GnkFJ/pRqsIS3rM/k97VzKnVb2jB7Gq7VEGPy5g7uNV1ykySFt7eWSp3i2uSGFwaJcvIRJBAHmmFg==
+  dependencies:
+    "@radix-ui/primitive" "1.1.1"
+    "@radix-ui/react-compose-refs" "1.1.1"
+    "@radix-ui/react-context" "1.1.1"
+    "@radix-ui/react-dismissable-layer" "1.1.5"
+    "@radix-ui/react-focus-guards" "1.1.1"
+    "@radix-ui/react-focus-scope" "1.1.2"
+    "@radix-ui/react-id" "1.1.0"
+    "@radix-ui/react-popper" "1.2.2"
+    "@radix-ui/react-portal" "1.1.4"
+    "@radix-ui/react-presence" "1.1.2"
+    "@radix-ui/react-primitive" "2.0.2"
+    "@radix-ui/react-slot" "1.1.2"
+    "@radix-ui/react-use-controllable-state" "1.1.0"
+    aria-hidden "^1.2.4"
+    react-remove-scroll "^2.6.3"
+
+"@radix-ui/react-popper@1.2.1":
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-popper/-/react-popper-1.2.1.tgz#2fc66cfc34f95f00d858924e3bee54beae2dff0a"
+  integrity sha512-3kn5Me69L+jv82EKRuQCXdYyf1DqHwD2U/sxoNgBGCB7K9TRc3bQamQ+5EPM9EvyPdli0W41sROd+ZU1dTCztw==
+  dependencies:
+    "@floating-ui/react-dom" "^2.0.0"
+    "@radix-ui/react-arrow" "1.1.1"
+    "@radix-ui/react-compose-refs" "1.1.1"
+    "@radix-ui/react-context" "1.1.1"
+    "@radix-ui/react-primitive" "2.0.1"
+    "@radix-ui/react-use-callback-ref" "1.1.0"
+    "@radix-ui/react-use-layout-effect" "1.1.0"
+    "@radix-ui/react-use-rect" "1.1.0"
+    "@radix-ui/react-use-size" "1.1.0"
+    "@radix-ui/rect" "1.1.0"
+
+"@radix-ui/react-popper@1.2.2":
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-popper/-/react-popper-1.2.2.tgz#d2e1ee5a9b24419c5936a1b7f6f472b7b412b029"
+  integrity sha512-Rvqc3nOpwseCyj/rgjlJDYAgyfw7OC1tTkKn2ivhaMGcYt8FSBlahHOZak2i3QwkRXUXgGgzeEe2RuqeEHuHgA==
+  dependencies:
+    "@floating-ui/react-dom" "^2.0.0"
+    "@radix-ui/react-arrow" "1.1.2"
+    "@radix-ui/react-compose-refs" "1.1.1"
+    "@radix-ui/react-context" "1.1.1"
+    "@radix-ui/react-primitive" "2.0.2"
+    "@radix-ui/react-use-callback-ref" "1.1.0"
+    "@radix-ui/react-use-layout-effect" "1.1.0"
+    "@radix-ui/react-use-rect" "1.1.0"
+    "@radix-ui/react-use-size" "1.1.0"
+    "@radix-ui/rect" "1.1.0"
+
+"@radix-ui/react-popper@1.2.3":
+  version "1.2.3"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-popper/-/react-popper-1.2.3.tgz#3b6ef3388fd209bb46341e1e40125b75f07f1304"
+  integrity sha512-iNb9LYUMkne9zIahukgQmHlSBp9XWGeQQ7FvUGNk45ywzOb6kQa+Ca38OphXlWDiKvyneo9S+KSJsLfLt8812A==
+  dependencies:
+    "@floating-ui/react-dom" "^2.0.0"
+    "@radix-ui/react-arrow" "1.1.3"
+    "@radix-ui/react-compose-refs" "1.1.2"
+    "@radix-ui/react-context" "1.1.2"
+    "@radix-ui/react-primitive" "2.0.3"
+    "@radix-ui/react-use-callback-ref" "1.1.1"
+    "@radix-ui/react-use-layout-effect" "1.1.1"
+    "@radix-ui/react-use-rect" "1.1.1"
+    "@radix-ui/react-use-size" "1.1.1"
+    "@radix-ui/rect" "1.1.1"
+
+"@radix-ui/react-portal@1.1.3":
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-portal/-/react-portal-1.1.3.tgz#b0ea5141103a1671b715481b13440763d2ac4440"
+  integrity sha512-NciRqhXnGojhT93RPyDaMPfLH3ZSl4jjIFbZQ1b/vxvZEdHsBZ49wP9w8L3HzUQwep01LcWtkUvm0OVB5JAHTw==
+  dependencies:
+    "@radix-ui/react-primitive" "2.0.1"
+    "@radix-ui/react-use-layout-effect" "1.1.0"
+
+"@radix-ui/react-portal@1.1.4":
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-portal/-/react-portal-1.1.4.tgz#ff5401ff63c8a825c46eea96d3aef66074b8c0c8"
+  integrity sha512-sn2O9k1rPFYVyKd5LAJfo96JlSGVFpa1fS6UuBJfrZadudiw5tAmru+n1x7aMRQ84qDM71Zh1+SzK5QwU0tJfA==
+  dependencies:
+    "@radix-ui/react-primitive" "2.0.2"
+    "@radix-ui/react-use-layout-effect" "1.1.0"
+
+"@radix-ui/react-portal@1.1.5", "@radix-ui/react-portal@^1.1.4":
+  version "1.1.5"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-portal/-/react-portal-1.1.5.tgz#50ed6bee2d895c9a9dfc28625f24b8483b74d431"
+  integrity sha512-ps/67ZqsFm+Mb6lSPJpfhRLrVL2i2fntgCmGMqqth4eaGUf+knAuuRtWVJrNjUhExgmdRqftSgzpf0DF0n6yXA==
+  dependencies:
+    "@radix-ui/react-primitive" "2.0.3"
+    "@radix-ui/react-use-layout-effect" "1.1.1"
+
+"@radix-ui/react-presence@1.1.2":
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-presence/-/react-presence-1.1.2.tgz#bb764ed8a9118b7ec4512da5ece306ded8703cdc"
+  integrity sha512-18TFr80t5EVgL9x1SwF/YGtfG+l0BS0PRAlCWBDoBEiDQjeKgnNZRVJp/oVBl24sr3Gbfwc/Qpj4OcWTQMsAEg==
+  dependencies:
+    "@radix-ui/react-compose-refs" "1.1.1"
+    "@radix-ui/react-use-layout-effect" "1.1.0"
+
+"@radix-ui/react-presence@1.1.3", "@radix-ui/react-presence@^1.1.2":
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-presence/-/react-presence-1.1.3.tgz#ce3400caec9892ceb862f96ddaa2add080c09b90"
+  integrity sha512-IrVLIhskYhH3nLvtcBLQFZr61tBG7wx7O3kEmdzcYwRGAEBmBicGGL7ATzNgruYJ3xBTbuzEEq9OXJM3PAX3tA==
+  dependencies:
+    "@radix-ui/react-compose-refs" "1.1.2"
+    "@radix-ui/react-use-layout-effect" "1.1.1"
+
+"@radix-ui/react-primitive@2.0.1":
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-primitive/-/react-primitive-2.0.1.tgz#6d9efc550f7520135366f333d1e820cf225fad9e"
+  integrity sha512-sHCWTtxwNn3L3fH8qAfnF3WbUZycW93SM1j3NFDzXBiz8D6F5UTTy8G1+WFEaiCdvCVRJWj6N2R4Xq6HdiHmDg==
+  dependencies:
+    "@radix-ui/react-slot" "1.1.1"
+
+"@radix-ui/react-primitive@2.0.2":
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-primitive/-/react-primitive-2.0.2.tgz#ac8b7854d87b0d7af388d058268d9a7eb64ca8ef"
+  integrity sha512-Ec/0d38EIuvDF+GZjcMU/Ze6MxntVJYO/fRlCPhCaVUyPY9WTalHJw54tp9sXeJo3tlShWpy41vQRgLRGOuz+w==
+  dependencies:
+    "@radix-ui/react-slot" "1.1.2"
+
+"@radix-ui/react-primitive@2.0.3", "@radix-ui/react-primitive@^2.0.2":
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-primitive/-/react-primitive-2.0.3.tgz#13c654dc4754558870a9c769f6febe5980a1bad8"
+  integrity sha512-Pf/t/GkndH7CQ8wE2hbkXA+WyZ83fhQQn5DDmwDiDo6AwN/fhaH8oqZ0jRjMrO2iaMhDi6P1HRx6AZwyMinY1g==
+  dependencies:
+    "@radix-ui/react-slot" "1.2.0"
+
+"@radix-ui/react-roving-focus@1.1.3":
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-roving-focus/-/react-roving-focus-1.1.3.tgz#c992b9d30c795f5f5a668853db8f4a6e07b7284d"
+  integrity sha512-ufbpLUjZiOg4iYgb2hQrWXEPYX6jOLBbR27bDyAff5GYMRrCzcze8lukjuXVUQvJ6HZe8+oL+hhswDcjmcgVyg==
+  dependencies:
+    "@radix-ui/primitive" "1.1.2"
+    "@radix-ui/react-collection" "1.1.3"
+    "@radix-ui/react-compose-refs" "1.1.2"
+    "@radix-ui/react-context" "1.1.2"
+    "@radix-ui/react-direction" "1.1.1"
+    "@radix-ui/react-id" "1.1.1"
+    "@radix-ui/react-primitive" "2.0.3"
+    "@radix-ui/react-use-callback-ref" "1.1.1"
+    "@radix-ui/react-use-controllable-state" "1.1.1"
+
+"@radix-ui/react-scroll-area@1.2.2":
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-scroll-area/-/react-scroll-area-1.2.2.tgz#28e34fd4d83e9de5d987c5e8914a7bd8be9546a5"
+  integrity sha512-EFI1N/S3YxZEW/lJ/H1jY3njlvTd8tBmgKEn4GHi51+aMm94i6NmAJstsm5cu3yJwYqYc93gpCPm21FeAbFk6g==
+  dependencies:
+    "@radix-ui/number" "1.1.0"
+    "@radix-ui/primitive" "1.1.1"
+    "@radix-ui/react-compose-refs" "1.1.1"
+    "@radix-ui/react-context" "1.1.1"
+    "@radix-ui/react-direction" "1.1.0"
+    "@radix-ui/react-presence" "1.1.2"
+    "@radix-ui/react-primitive" "2.0.1"
+    "@radix-ui/react-use-callback-ref" "1.1.0"
+    "@radix-ui/react-use-layout-effect" "1.1.0"
+
+"@radix-ui/react-select@^2.1.7":
+  version "2.1.7"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-select/-/react-select-2.1.7.tgz#68561488ca54cad07352b3f2c2d29e0da28bbaa0"
+  integrity sha512-exzGIRtc7S8EIM2KjFg+7lJZsH7O7tpaBaJbBNVDnOZNhtoQ2iV+iSNfi2Wth0m6h3trJkMVvzAehB3c6xj/3Q==
+  dependencies:
+    "@radix-ui/number" "1.1.1"
+    "@radix-ui/primitive" "1.1.2"
+    "@radix-ui/react-collection" "1.1.3"
+    "@radix-ui/react-compose-refs" "1.1.2"
+    "@radix-ui/react-context" "1.1.2"
+    "@radix-ui/react-direction" "1.1.1"
+    "@radix-ui/react-dismissable-layer" "1.1.6"
+    "@radix-ui/react-focus-guards" "1.1.2"
+    "@radix-ui/react-focus-scope" "1.1.3"
+    "@radix-ui/react-id" "1.1.1"
+    "@radix-ui/react-popper" "1.2.3"
+    "@radix-ui/react-portal" "1.1.5"
+    "@radix-ui/react-primitive" "2.0.3"
+    "@radix-ui/react-slot" "1.2.0"
+    "@radix-ui/react-use-callback-ref" "1.1.1"
+    "@radix-ui/react-use-controllable-state" "1.1.1"
+    "@radix-ui/react-use-layout-effect" "1.1.1"
+    "@radix-ui/react-use-previous" "1.1.1"
+    "@radix-ui/react-visually-hidden" "1.1.3"
+    aria-hidden "^1.2.4"
+    react-remove-scroll "^2.6.3"
+
+"@radix-ui/react-slot@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-slot/-/react-slot-1.1.1.tgz#ab9a0ffae4027db7dc2af503c223c978706affc3"
+  integrity sha512-RApLLOcINYJA+dMVbOju7MYv1Mb2EBp2nH4HdDzXTSyaR5optlm6Otrz1euW3HbdOR8UmmFK06TD+A9frYWv+g==
+  dependencies:
+    "@radix-ui/react-compose-refs" "1.1.1"
+
+"@radix-ui/react-slot@1.1.2":
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-slot/-/react-slot-1.1.2.tgz#daffff7b2bfe99ade63b5168407680b93c00e1c6"
+  integrity sha512-YAKxaiGsSQJ38VzKH86/BPRC4rh+b1Jpa+JneA5LRE7skmLPNAyeG8kPJj/oo4STLvlrs8vkf/iYyc3A5stYCQ==
+  dependencies:
+    "@radix-ui/react-compose-refs" "1.1.1"
+
+"@radix-ui/react-slot@1.2.0", "@radix-ui/react-slot@^1.2.0":
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-slot/-/react-slot-1.2.0.tgz#57727fc186ddb40724ccfbe294e1a351d92462ba"
+  integrity sha512-ujc+V6r0HNDviYqIK3rW4ffgYiZ8g5DEHrGJVk4x7kTlLXRDILnKX9vAUYeIsLOoDpDJ0ujpqMkjH4w2ofuo6w==
+  dependencies:
+    "@radix-ui/react-compose-refs" "1.1.2"
+
+"@radix-ui/react-tabs@^1.1.4":
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-tabs/-/react-tabs-1.1.4.tgz#2e43f3ef3450143281e7c1491da1e5d7941b9826"
+  integrity sha512-fuHMHWSf5SRhXke+DbHXj2wVMo+ghVH30vhX3XVacdXqDl+J4XWafMIGOOER861QpBx1jxgwKXL2dQnfrsd8MQ==
+  dependencies:
+    "@radix-ui/primitive" "1.1.2"
+    "@radix-ui/react-context" "1.1.2"
+    "@radix-ui/react-direction" "1.1.1"
+    "@radix-ui/react-id" "1.1.1"
+    "@radix-ui/react-presence" "1.1.3"
+    "@radix-ui/react-primitive" "2.0.3"
+    "@radix-ui/react-roving-focus" "1.1.3"
+    "@radix-ui/react-use-controllable-state" "1.1.1"
+
+"@radix-ui/react-tooltip@1.1.6":
+  version "1.1.6"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-tooltip/-/react-tooltip-1.1.6.tgz#eab98e9a5c876ef0abfae3cfeee229870528ed06"
+  integrity sha512-TLB5D8QLExS1uDn7+wH/bjEmRurNMTzNrtq7IjaS4kjion9NtzsTGkvR5+i7yc9q01Pi2KMM2cN3f8UG4IvvXA==
+  dependencies:
+    "@radix-ui/primitive" "1.1.1"
+    "@radix-ui/react-compose-refs" "1.1.1"
+    "@radix-ui/react-context" "1.1.1"
+    "@radix-ui/react-dismissable-layer" "1.1.3"
+    "@radix-ui/react-id" "1.1.0"
+    "@radix-ui/react-popper" "1.2.1"
+    "@radix-ui/react-portal" "1.1.3"
+    "@radix-ui/react-presence" "1.1.2"
+    "@radix-ui/react-primitive" "2.0.1"
+    "@radix-ui/react-slot" "1.1.1"
+    "@radix-ui/react-use-controllable-state" "1.1.0"
+    "@radix-ui/react-visually-hidden" "1.1.1"
+
+"@radix-ui/react-use-callback-ref@1.1.0":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-callback-ref/-/react-use-callback-ref-1.1.0.tgz#bce938ca413675bc937944b0d01ef6f4a6dc5bf1"
+  integrity sha512-CasTfvsy+frcFkbXtSJ2Zu9JHpN8TYKxkgJGWbjiZhFivxaeW7rMeZt7QELGVLaYVfFMsKHjb7Ak0nMEe+2Vfw==
+
+"@radix-ui/react-use-callback-ref@1.1.1", "@radix-ui/react-use-callback-ref@^1.1.0":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-callback-ref/-/react-use-callback-ref-1.1.1.tgz#62a4dba8b3255fdc5cc7787faeac1c6e4cc58d40"
+  integrity sha512-FkBMwD+qbGQeMu1cOHnuGB6x4yzPjho8ap5WtbEJ26umhgqVXbhekKUQO+hZEL1vU92a3wHwdp0HAcqAUF5iDg==
+
+"@radix-ui/react-use-controllable-state@1.1.0":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-controllable-state/-/react-use-controllable-state-1.1.0.tgz#1321446857bb786917df54c0d4d084877aab04b0"
+  integrity sha512-MtfMVJiSr2NjzS0Aa90NPTnvTSg6C/JLCV7ma0W6+OMV78vd8OyRpID+Ng9LxzsPbLeuBnWBA1Nq30AtBIDChw==
+  dependencies:
+    "@radix-ui/react-use-callback-ref" "1.1.0"
+
+"@radix-ui/react-use-controllable-state@1.1.1", "@radix-ui/react-use-controllable-state@^1.1.0":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-controllable-state/-/react-use-controllable-state-1.1.1.tgz#ec9c572072a6f269df7435c1652fbeebabe0f0c1"
+  integrity sha512-YnEXIy8/ga01Y1PN0VfaNH//MhA91JlEGVBDxDzROqwrAtG5Yr2QGEPz8A/rJA3C7ZAHryOYGaUv8fLSW2H/mg==
+  dependencies:
+    "@radix-ui/react-use-callback-ref" "1.1.1"
+
+"@radix-ui/react-use-escape-keydown@1.1.0":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-escape-keydown/-/react-use-escape-keydown-1.1.0.tgz#31a5b87c3b726504b74e05dac1edce7437b98754"
+  integrity sha512-L7vwWlR1kTTQ3oh7g1O0CBF3YCyyTj8NmhLR+phShpyA50HCfBFKVJTpshm9PzLiKmehsrQzTYTpX9HvmC9rhw==
+  dependencies:
+    "@radix-ui/react-use-callback-ref" "1.1.0"
+
+"@radix-ui/react-use-escape-keydown@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-escape-keydown/-/react-use-escape-keydown-1.1.1.tgz#b3fed9bbea366a118f40427ac40500aa1423cc29"
+  integrity sha512-Il0+boE7w/XebUHyBjroE+DbByORGR9KKmITzbR7MyQ4akpORYP/ZmbhAr0DG7RmmBqoOnZdy2QlvajJ2QA59g==
+  dependencies:
+    "@radix-ui/react-use-callback-ref" "1.1.1"
+
+"@radix-ui/react-use-layout-effect@1.1.0":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-layout-effect/-/react-use-layout-effect-1.1.0.tgz#3c2c8ce04827b26a39e442ff4888d9212268bd27"
+  integrity sha512-+FPE0rOdziWSrH9athwI1R0HDVbWlEhd+FR+aSDk4uWGmSJ9Z54sdZVDQPZAinJhJXwfT+qnj969mCsT2gfm5w==
+
+"@radix-ui/react-use-layout-effect@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-layout-effect/-/react-use-layout-effect-1.1.1.tgz#0c4230a9eed49d4589c967e2d9c0d9d60a23971e"
+  integrity sha512-RbJRS4UWQFkzHTTwVymMTUv8EqYhOp8dOOviLj2ugtTiXRaRQS7GLGxZTLL1jWhMeoSCf5zmcZkqTl9IiYfXcQ==
+
+"@radix-ui/react-use-previous@1.1.0":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-previous/-/react-use-previous-1.1.0.tgz#d4dd37b05520f1d996a384eb469320c2ada8377c"
+  integrity sha512-Z/e78qg2YFnnXcW88A4JmTtm4ADckLno6F7OXotmkQfeuCVaKuYzqAATPhVzl3delXE7CxIV8shofPn3jPc5Og==
+
+"@radix-ui/react-use-previous@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-previous/-/react-use-previous-1.1.1.tgz#1a1ad5568973d24051ed0af687766f6c7cb9b5b5"
+  integrity sha512-2dHfToCj/pzca2Ck724OZ5L0EVrr3eHRNsG/b3xQJLA2hZpVCS99bLAX+hm1IHXDEnzU6by5z/5MIY794/a8NQ==
+
+"@radix-ui/react-use-rect@1.1.0":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-rect/-/react-use-rect-1.1.0.tgz#13b25b913bd3e3987cc9b073a1a164bb1cf47b88"
+  integrity sha512-0Fmkebhr6PiseyZlYAOtLS+nb7jLmpqTrJyv61Pe68MKYW6OWdRE2kI70TaYY27u7H0lajqM3hSMMLFq18Z7nQ==
+  dependencies:
+    "@radix-ui/rect" "1.1.0"
+
+"@radix-ui/react-use-rect@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-rect/-/react-use-rect-1.1.1.tgz#01443ca8ed071d33023c1113e5173b5ed8769152"
+  integrity sha512-QTYuDesS0VtuHNNvMh+CjlKJ4LJickCMUAqjlE3+j8w+RlRpwyX3apEQKGFzbZGdo7XNG1tXa+bQqIE7HIXT2w==
+  dependencies:
+    "@radix-ui/rect" "1.1.1"
+
+"@radix-ui/react-use-size@1.1.0":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-size/-/react-use-size-1.1.0.tgz#b4dba7fbd3882ee09e8d2a44a3eed3a7e555246b"
+  integrity sha512-XW3/vWuIXHa+2Uwcc2ABSfcCledmXhhQPlGbfcRXbiUQI5Icjcg19BGCZVKKInYbvUCut/ufbbLLPFC5cbb1hw==
+  dependencies:
+    "@radix-ui/react-use-layout-effect" "1.1.0"
+
+"@radix-ui/react-use-size@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-use-size/-/react-use-size-1.1.1.tgz#6de276ffbc389a537ffe4316f5b0f24129405b37"
+  integrity sha512-ewrXRDTAqAXlkl6t/fkXWNAhFX9I+CkKlw6zjEwk86RSPKwZr3xpBRso655aqYafwtnbpHLj6toFzmd6xdVptQ==
+  dependencies:
+    "@radix-ui/react-use-layout-effect" "1.1.1"
+
+"@radix-ui/react-visually-hidden@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-visually-hidden/-/react-visually-hidden-1.1.1.tgz#f7b48c1af50dfdc366e92726aee6d591996c5752"
+  integrity sha512-vVfA2IZ9q/J+gEamvj761Oq1FpWgCDaNOOIfbPVp2MVPLEomUr5+Vf7kJGwQ24YxZSlQVar7Bes8kyTo5Dshpg==
+  dependencies:
+    "@radix-ui/react-primitive" "2.0.1"
+
+"@radix-ui/react-visually-hidden@1.1.3":
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/@radix-ui/react-visually-hidden/-/react-visually-hidden-1.1.3.tgz#f704c49121859941a8bb50ff1e4f156058cacd0b"
+  integrity sha512-oXSF3ZQRd5fvomd9hmUCb2EHSZbPp3ZSHAHJJU/DlF9XoFkJBBW8RHU/E8WEH+RbSfJd/QFA0sl8ClJXknBwHQ==
+  dependencies:
+    "@radix-ui/react-primitive" "2.0.3"
+
+"@radix-ui/rect@1.1.0":
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/@radix-ui/rect/-/rect-1.1.0.tgz#f817d1d3265ac5415dadc67edab30ae196696438"
+  integrity sha512-A9+lCBZoaMJlVKcRBz2YByCG+Cp2t6nAnMnNba+XiWxnj6r4JUFqfsgwocMBZU9LPtdxC6wB56ySYpc7LQIoJg==
+
+"@radix-ui/rect@1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@radix-ui/rect/-/rect-1.1.1.tgz#78244efe12930c56fd255d7923865857c41ac8cb"
+  integrity sha512-HPwpGIzkl28mWyZqG52jiqDJ12waP11Pa1lGoiyUkIEuMLBP0oeK/C89esbXrxsky5we7dfd8U58nm0SgAWpVw==
+
 "@redocly/ajv@^8.11.0":
   version "8.11.0"
   resolved "https://registry.yarnpkg.com/@redocly/ajv/-/ajv-8.11.0.tgz#2fad322888dc0113af026e08fceb3e71aae495ae"
@@ -3691,152 +4361,152 @@
     "@svgr/plugin-jsx" "8.1.0"
     "@svgr/plugin-svgo" "8.1.0"
 
-"@swc/core-darwin-arm64@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/core-darwin-arm64/-/core-darwin-arm64-1.11.29.tgz#bf66e3f4f00e6fe9d95e8a33f780e6c40fca946d"
-  integrity sha512-whsCX7URzbuS5aET58c75Dloby3Gtj/ITk2vc4WW6pSDQKSPDuONsIcZ7B2ng8oz0K6ttbi4p3H/PNPQLJ4maQ==
+"@swc/core-darwin-arm64@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/core-darwin-arm64/-/core-darwin-arm64-1.12.6.tgz#3d9166720df2dc00fa3b6cf90fce3e77a442a43e"
+  integrity sha512-yLiw+XzG+MilfFh0ON7qt67bfIr7UxB9JprhYReVOmLTBDmDVQSC3T4/vIuc+GwlX08ydnHy0ud4lIjTNW4uWg==
 
-"@swc/core-darwin-x64@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/core-darwin-x64/-/core-darwin-x64-1.11.29.tgz#0a77d2d79ef2c789f9d40a86784bbf52c5f9877f"
-  integrity sha512-S3eTo/KYFk+76cWJRgX30hylN5XkSmjYtCBnM4jPLYn7L6zWYEPajsFLmruQEiTEDUg0gBEWLMNyUeghtswouw==
+"@swc/core-darwin-x64@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/core-darwin-x64/-/core-darwin-x64-1.12.6.tgz#2bbc32c56f8bccf6958b73d46bdd5670aa31f4d9"
+  integrity sha512-qwg8ux5x5Gd1LmSUtL4s9mbyfzAjr5M6OtjO281dKHwc/GYiSc4j1urb2jNSo9FcMkfT78oAOW2L6HQiWv+j1A==
 
-"@swc/core-linux-arm-gnueabihf@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm-gnueabihf/-/core-linux-arm-gnueabihf-1.11.29.tgz#80fa3a6a36034ffdbbba73e26c8f27cb13111a33"
-  integrity sha512-o9gdshbzkUMG6azldHdmKklcfrcMx+a23d/2qHQHPDLUPAN+Trd+sDQUYArK5Fcm7TlpG4sczz95ghN0DMkM7g==
+"@swc/core-linux-arm-gnueabihf@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm-gnueabihf/-/core-linux-arm-gnueabihf-1.12.6.tgz#45d8bdef987c4f7fbc5b14640374f0e77904f304"
+  integrity sha512-pnkqH59JXBZu+MedaykMAC2or7tlUKeya7GKjzub+hkwxBP0ywWoFd+QYEdzp7QSziOt1VIHc4Wb9iZ2EfnzmA==
 
-"@swc/core-linux-arm64-gnu@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm64-gnu/-/core-linux-arm64-gnu-1.11.29.tgz#42da87f445bc3e26da01d494246884006d9b9a1a"
-  integrity sha512-sLoaciOgUKQF1KX9T6hPGzvhOQaJn+3DHy4LOHeXhQqvBgr+7QcZ+hl4uixPKTzxk6hy6Hb0QOvQEdBAAR1gXw==
+"@swc/core-linux-arm64-gnu@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm64-gnu/-/core-linux-arm64-gnu-1.12.6.tgz#f69616d4269e11cb93348437687e08f49f58cc36"
+  integrity sha512-h8+Ltx0NSEzIFHetkOYoQ+UQ59unYLuJ4wF6kCpxzS4HskRLjcngr1HgN0F/PRpptnrmJUPVQmfms/vjN8ndAQ==
 
-"@swc/core-linux-arm64-musl@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm64-musl/-/core-linux-arm64-musl-1.11.29.tgz#c9cec610525dc9e9b11ef26319db3780812dfa54"
-  integrity sha512-PwjB10BC0N+Ce7RU/L23eYch6lXFHz7r3NFavIcwDNa/AAqywfxyxh13OeRy+P0cg7NDpWEETWspXeI4Ek8otw==
+"@swc/core-linux-arm64-musl@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm64-musl/-/core-linux-arm64-musl-1.12.6.tgz#3277154e7b60213c0fa11e415c8a90b41563d76e"
+  integrity sha512-GZu3MnB/5qtBxKEH46hgVDaplEe4mp3ZmQ1O2UpFCv/u/Ji3Gar5w5g2wHCZoT5AOouAhP1bh7IAEqjG/fbVfg==
 
-"@swc/core-linux-x64-gnu@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/core-linux-x64-gnu/-/core-linux-x64-gnu-1.11.29.tgz#1cda2df38a4ab8905ba6ac3aa16e4ad710b6f2de"
-  integrity sha512-i62vBVoPaVe9A3mc6gJG07n0/e7FVeAvdD9uzZTtGLiuIfVfIBta8EMquzvf+POLycSk79Z6lRhGPZPJPYiQaA==
+"@swc/core-linux-x64-gnu@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-x64-gnu/-/core-linux-x64-gnu-1.12.6.tgz#7d04d9437011396bf54c4ab0686c4db65a1283f8"
+  integrity sha512-WwJLQFzMW9ufVjM6k3le4HUgBFNunyt2oghjcgn2YjnKj0Ka2LrrBHCxfS7lgFSCQh/shib2wIlKXUnlTEWQJw==
 
-"@swc/core-linux-x64-musl@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/core-linux-x64-musl/-/core-linux-x64-musl-1.11.29.tgz#5d634efff33f47c8d6addd84291ab606903d1cfd"
-  integrity sha512-YER0XU1xqFdK0hKkfSVX1YIyCvMDI7K07GIpefPvcfyNGs38AXKhb2byySDjbVxkdl4dycaxxhRyhQ2gKSlsFQ==
+"@swc/core-linux-x64-musl@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-x64-musl/-/core-linux-x64-musl-1.12.6.tgz#2f3e586eda3ee5d08b6b8de7714623d5a44ceb3c"
+  integrity sha512-rVGPNpI/sm8VVAhnB09Z/23OJP3ymouv6F4z4aYDbq/2JIwxqgpnl8gtMYP+Jw3XqabaFNjQmPiL15TvKCQaxQ==
 
-"@swc/core-win32-arm64-msvc@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/core-win32-arm64-msvc/-/core-win32-arm64-msvc-1.11.29.tgz#bc54f2e3f8f180113b7a092b1ee1eaaab24df62b"
-  integrity sha512-po+WHw+k9g6FAg5IJ+sMwtA/fIUL3zPQ4m/uJgONBATCVnDDkyW6dBA49uHNVtSEvjvhuD8DVWdFP847YTcITw==
+"@swc/core-win32-arm64-msvc@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/core-win32-arm64-msvc/-/core-win32-arm64-msvc-1.12.6.tgz#70211534238ed941efaf0a1b34310e937bd4afa7"
+  integrity sha512-EKDJ1+8vaIlJGMl2yvd2HklV4GNbpKKwNQcUQid6j91tFYz4/aByw+9vh/sDVG7ZNqdmdywSnLRo317UTt0zFg==
 
-"@swc/core-win32-ia32-msvc@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/core-win32-ia32-msvc/-/core-win32-ia32-msvc-1.11.29.tgz#f1df344c06283643d1fe66c6931b350347b73722"
-  integrity sha512-h+NjOrbqdRBYr5ItmStmQt6x3tnhqgwbj9YxdGPepbTDamFv7vFnhZR0YfB3jz3UKJ8H3uGJ65Zw1VsC+xpFkg==
+"@swc/core-win32-ia32-msvc@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/core-win32-ia32-msvc/-/core-win32-ia32-msvc-1.12.6.tgz#d3584da07b47904b547baced8b00c9e4d32110e7"
+  integrity sha512-jnULikZkR2fpZgFUQs7NsNIztavM1JdX+8Y+8FsfChBvMvziKxXtvUPGjeVJ8nzU1wgMnaeilJX9vrwuDGkA0Q==
 
-"@swc/core-win32-x64-msvc@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/core-win32-x64-msvc/-/core-win32-x64-msvc-1.11.29.tgz#a6f9dc1df66c8db96d70091abedd78cc52544724"
-  integrity sha512-Q8cs2BDV9wqDvqobkXOYdC+pLUSEpX/KvI0Dgfun1F+LzuLotRFuDhrvkU9ETJA6OnD2+Fn/ieHgloiKA/Mn/g==
+"@swc/core-win32-x64-msvc@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/core-win32-x64-msvc/-/core-win32-x64-msvc-1.12.6.tgz#8eff8c0d9e7c3b91bd9427e67483be90070b0f7d"
+  integrity sha512-jL2Dcdcc/QZiQnwByP1uIE4k/mTlapzUng7owtLD2tSBBi1d+jPIdXIefdv+nccYJKRA+lKG3rRB6Tk9GrC7Kg==
 
 "@swc/core@^1.7.39":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/core/-/core-1.11.29.tgz#bce20113c47fcd6251d06262b8b8c063f8e86a20"
-  integrity sha512-g4mThMIpWbNhV8G2rWp5a5/Igv8/2UFRJx2yImrLGMgrDDYZIopqZ/z0jZxDgqNA1QDx93rpwNF7jGsxVWcMlA==
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/core/-/core-1.12.6.tgz#1bf204f7afc59fde6cb2cef067de23af232d6ff6"
+  integrity sha512-TEpta6Gi02X1b2yDIzBOIr7dFprvq9jD8RbEVI2OcMrwklbCUx0Dz9TrAnklSOwRvYvH5JjCx8ht9E94oWiG7A==
   dependencies:
     "@swc/counter" "^0.1.3"
-    "@swc/types" "^0.1.21"
+    "@swc/types" "^0.1.23"
   optionalDependencies:
-    "@swc/core-darwin-arm64" "1.11.29"
-    "@swc/core-darwin-x64" "1.11.29"
-    "@swc/core-linux-arm-gnueabihf" "1.11.29"
-    "@swc/core-linux-arm64-gnu" "1.11.29"
-    "@swc/core-linux-arm64-musl" "1.11.29"
-    "@swc/core-linux-x64-gnu" "1.11.29"
-    "@swc/core-linux-x64-musl" "1.11.29"
-    "@swc/core-win32-arm64-msvc" "1.11.29"
-    "@swc/core-win32-ia32-msvc" "1.11.29"
-    "@swc/core-win32-x64-msvc" "1.11.29"
+    "@swc/core-darwin-arm64" "1.12.6"
+    "@swc/core-darwin-x64" "1.12.6"
+    "@swc/core-linux-arm-gnueabihf" "1.12.6"
+    "@swc/core-linux-arm64-gnu" "1.12.6"
+    "@swc/core-linux-arm64-musl" "1.12.6"
+    "@swc/core-linux-x64-gnu" "1.12.6"
+    "@swc/core-linux-x64-musl" "1.12.6"
+    "@swc/core-win32-arm64-msvc" "1.12.6"
+    "@swc/core-win32-ia32-msvc" "1.12.6"
+    "@swc/core-win32-x64-msvc" "1.12.6"
 
 "@swc/counter@^0.1.3":
   version "0.1.3"
   resolved "https://registry.yarnpkg.com/@swc/counter/-/counter-0.1.3.tgz#cc7463bd02949611c6329596fccd2b0ec782b0e9"
   integrity sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==
 
-"@swc/html-darwin-arm64@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/html-darwin-arm64/-/html-darwin-arm64-1.11.29.tgz#7bd6d10115ffe155ecd757387b5aff318b02b5a0"
-  integrity sha512-q53kn/HI0n/+pecsOB2gxqITbRAhtBG7VI520SIWuCGXHPsTQ/1VOrhLMNvyfw1xVhRyFal7BpAvfGUORCl0sw==
+"@swc/html-darwin-arm64@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/html-darwin-arm64/-/html-darwin-arm64-1.12.6.tgz#dff9ee656cd1a4ac0a4a2637c4e9a058ce64b42a"
+  integrity sha512-McW4JsF5wFB5KmHyAaty94kw2hHLbYtrIQvVlshbXM3lpY+rDO0KnS74CcIiAD46p7knV0Y6Xuhint8K3rYfkg==
 
-"@swc/html-darwin-x64@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/html-darwin-x64/-/html-darwin-x64-1.11.29.tgz#ccafed56081932ffaa51be1788cef88eb9a144d1"
-  integrity sha512-YfQPjh5WoDqOxsA7vDOOSnxEPc1Ki4SuZ0ufR4t8jYdMOFsU3AhZQ/sgBZLpTzegBTutUn7/7yy8VSoFngeR7Q==
+"@swc/html-darwin-x64@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/html-darwin-x64/-/html-darwin-x64-1.12.6.tgz#194456c256cb5f949af24cfaf1740fb20098285a"
+  integrity sha512-Fh/bPNdnSNeJ7GrRAe/BqERWV9hbIyZktoMlvkMipz2NPTdadIwXjd8fscVDc6S5j1DigiSp2Mnf0rZgH6Xnhw==
 
-"@swc/html-linux-arm-gnueabihf@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/html-linux-arm-gnueabihf/-/html-linux-arm-gnueabihf-1.11.29.tgz#e784a1a0f69034e9dd52a9019ff80f0d5eb91433"
-  integrity sha512-dC3aEv1mqAUkY9TiZWOE2IcYpvxJzw0LdvkDzGW5072JSlZZYQMqq2Llwg63LIp6qBlj1JLHMLnBqk7Ubatmjw==
+"@swc/html-linux-arm-gnueabihf@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/html-linux-arm-gnueabihf/-/html-linux-arm-gnueabihf-1.12.6.tgz#aeeeb4b27c06d0f813bbebd6ed48e471fb5873b8"
+  integrity sha512-F0Z2Fmvdw4vTmmJyFZaGMklrZkrtT9A5d8K1Ez2f7SZwhU09e2cgi49PCHL7wBfc5MBItnugdVJKYi/V6O/Jsg==
 
-"@swc/html-linux-arm64-gnu@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/html-linux-arm64-gnu/-/html-linux-arm64-gnu-1.11.29.tgz#ef015d81d3a011d6c273a428eee130b3aac790b7"
-  integrity sha512-seo+lCiBUggTR9NsHE4qVC+7+XIfLHK7yxWiIsXb8nNAXDcqVZ0Rxv8O1Y1GTeJfUlcCt1koahCG2AeyWpYFBg==
+"@swc/html-linux-arm64-gnu@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/html-linux-arm64-gnu/-/html-linux-arm64-gnu-1.12.6.tgz#5aaf98ff9bced40c70a8662dde73db3a1bf21991"
+  integrity sha512-2S9hXG5EvDMHdjeiVANft+mZ+dRUrqUqKEAM0GehxsnG/ITT4uTolI3u/upMo7t1leOMWcz85hJZqDbVtfyP5Q==
 
-"@swc/html-linux-arm64-musl@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/html-linux-arm64-musl/-/html-linux-arm64-musl-1.11.29.tgz#b20e4b442287367c4c1d62db2b8065106542f432"
-  integrity sha512-bK8K6t3hHgaZZ1vMNaZ+8x42EWJPEX1Dx4zi6ulMhKa1uan+DjW5SiMlUg0an16fFSYfE+r9oFC4cFEbGP1o4Q==
+"@swc/html-linux-arm64-musl@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/html-linux-arm64-musl/-/html-linux-arm64-musl-1.12.6.tgz#7f658b07b41ca7910d1af980988549d638666ebc"
+  integrity sha512-RqKvGk4V2HpEObFva1AbhhEpvH8VrRI1sRjHZW7I0kTWZZkg13tJXSmGhIAfUgJFGWvvVSoZ/8TSyRq8Ju6Pvw==
 
-"@swc/html-linux-x64-gnu@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/html-linux-x64-gnu/-/html-linux-x64-gnu-1.11.29.tgz#c45505b3e22c02dc8bdef8b3da48ba855527a62c"
-  integrity sha512-34tSms5TkRUCr+J6uuSE/11ECcfIpp5R1ODuIgxZRUd/u88pQGKzLVNLWGPLw4b3cZSjnAn+PFJl7BtaYl0UyQ==
+"@swc/html-linux-x64-gnu@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/html-linux-x64-gnu/-/html-linux-x64-gnu-1.12.6.tgz#b32b9f6fa65ef322d499e35ac0d1599ec425ad93"
+  integrity sha512-nZzjhrya4VFfT2jX2EYe+FF1EzeghHAB5wyOASFN35CxOpJMhr/04COu5uRggZGYD+19s1LrLelKhSOBAPDrOw==
 
-"@swc/html-linux-x64-musl@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/html-linux-x64-musl/-/html-linux-x64-musl-1.11.29.tgz#86116e7db3cf02b1a627bc94c374d26ce6f9d68a"
-  integrity sha512-oJLLrX94ccaniWdQt8PH6K2u8aN/ehBo/YPg84LycFtaud/k73Fa1kh6Neq8vbWI4CugIWTl4LXWoHm+l+QYeA==
+"@swc/html-linux-x64-musl@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/html-linux-x64-musl/-/html-linux-x64-musl-1.12.6.tgz#ac03730723528385f71b2a30b635002eea4f23e1"
+  integrity sha512-hJdSZw5lo+Ws355gs6M2cV4QTbRmc6Ide7kUYMoSQQFyZVc05am2sulPLfOTHmzV8BW3QZ3apO7wcKTzJ/yBbQ==
 
-"@swc/html-win32-arm64-msvc@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/html-win32-arm64-msvc/-/html-win32-arm64-msvc-1.11.29.tgz#cf7e57b8c0b52f7f93abc307b0cb78d8213b3c13"
-  integrity sha512-nw4TCFfA4YV6jicRdicJZPKW+ihOZPMKEG/4bj1/6HqXw1T2pXI070ASOLE0KOHYuoyV/jConEHfIjlU0olneA==
+"@swc/html-win32-arm64-msvc@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/html-win32-arm64-msvc/-/html-win32-arm64-msvc-1.12.6.tgz#10fd59442feda8e3d0ce6dfccd3bef6fc1e01440"
+  integrity sha512-l7kFWXr4/A5joeJBSft8oGMVxXOORu6oKMSNk0SU9kFlSaqmQM9sFXW8Mny7P5bvJoNb/fGjnJ3o7BmSjwu3ow==
 
-"@swc/html-win32-ia32-msvc@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/html-win32-ia32-msvc/-/html-win32-ia32-msvc-1.11.29.tgz#61c91409c3fcdf942891c02aa2a2eac1892d1907"
-  integrity sha512-rO6X4qOofGpKV8pyZ7VblJn+J3PHEqeWHJkJfzwP7c04Flr1oLyuLbTU8lwf8enXrTAZqitHZs+OpofKcUwHEw==
+"@swc/html-win32-ia32-msvc@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/html-win32-ia32-msvc/-/html-win32-ia32-msvc-1.12.6.tgz#aaa89f639059c1263855c571d6678ca8c5ce8e8a"
+  integrity sha512-4PQysHukXaGUbP9af6DdqEIuNHMShUj5xQrVZ9M/JNV77JuX8RhTTc8Nq4IzGvCepS77gJnKg2nUbKEOt0vHaQ==
 
-"@swc/html-win32-x64-msvc@1.11.29":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/html-win32-x64-msvc/-/html-win32-x64-msvc-1.11.29.tgz#0e78b507d2bf28315487655852008cdecfe84535"
-  integrity sha512-GSCihzBItEPJAeLzkAtw0ZGbxRGMsGt1Z1ugo0uHva1R3Eybkqu9qoax1tGAON+EJzeiHRqphhNgh8MVDpnKnQ==
+"@swc/html-win32-x64-msvc@1.12.6":
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/html-win32-x64-msvc/-/html-win32-x64-msvc-1.12.6.tgz#632091341d39231c813fab1beabab4408d6ffe33"
+  integrity sha512-dNg1qIzriAUQkSwWQP+b7GK09zU126VYt9Eng4RlLzdvZYO1EWrnvTLGgvAADyLk8ELvrDUJ1joaaKzFzZXVOQ==
 
 "@swc/html@^1.7.39":
-  version "1.11.29"
-  resolved "https://registry.yarnpkg.com/@swc/html/-/html-1.11.29.tgz#6e9e1b8ea65baa0d6f25cb883565a5e7d22d2858"
-  integrity sha512-Tsk/o6Eo3lDvHPGjLqVwXGEdC1bemGzByPWx/TrF5N7qEsanRblPeRcJzLl6LbWa80pRYIRB6T4VqdXXZqklaw==
+  version "1.12.6"
+  resolved "https://registry.yarnpkg.com/@swc/html/-/html-1.12.6.tgz#faf01ad0594287680bdb495b424da0f232f81216"
+  integrity sha512-Qki6Ci6f16BWJhEz5gNB/2QAsSIYvvIjLYUNsrmo1P//By7SF42oDZcu7jPLpsdlMK+qGH9n37be+HZFj9Zn5w==
   dependencies:
     "@swc/counter" "^0.1.3"
   optionalDependencies:
-    "@swc/html-darwin-arm64" "1.11.29"
-    "@swc/html-darwin-x64" "1.11.29"
-    "@swc/html-linux-arm-gnueabihf" "1.11.29"
-    "@swc/html-linux-arm64-gnu" "1.11.29"
-    "@swc/html-linux-arm64-musl" "1.11.29"
-    "@swc/html-linux-x64-gnu" "1.11.29"
-    "@swc/html-linux-x64-musl" "1.11.29"
-    "@swc/html-win32-arm64-msvc" "1.11.29"
-    "@swc/html-win32-ia32-msvc" "1.11.29"
-    "@swc/html-win32-x64-msvc" "1.11.29"
+    "@swc/html-darwin-arm64" "1.12.6"
+    "@swc/html-darwin-x64" "1.12.6"
+    "@swc/html-linux-arm-gnueabihf" "1.12.6"
+    "@swc/html-linux-arm64-gnu" "1.12.6"
+    "@swc/html-linux-arm64-musl" "1.12.6"
+    "@swc/html-linux-x64-gnu" "1.12.6"
+    "@swc/html-linux-x64-musl" "1.12.6"
+    "@swc/html-win32-arm64-msvc" "1.12.6"
+    "@swc/html-win32-ia32-msvc" "1.12.6"
+    "@swc/html-win32-x64-msvc" "1.12.6"
 
-"@swc/types@^0.1.21":
-  version "0.1.21"
-  resolved "https://registry.yarnpkg.com/@swc/types/-/types-0.1.21.tgz#6fcadbeca1d8bc89e1ab3de4948cef12344a38c0"
-  integrity sha512-2YEtj5HJVbKivud9N4bpPBAyZhj4S2Ipe5LkUG94alTpr7in/GU/EARgPAd3BwU+YOmFVJC2+kjqhGRi3r0ZpQ==
+"@swc/types@^0.1.23":
+  version "0.1.23"
+  resolved "https://registry.yarnpkg.com/@swc/types/-/types-0.1.23.tgz#7eabf88b9cfd929253859c562ae95982ee04b4e8"
+  integrity sha512-u1iIVZV9Q0jxY+yM2vw/hZGDNudsN85bBpTqzAQ9rzkxW9D+e3aEM4Han+ow518gSewkXgjmEK0BD79ZcNVgPw==
   dependencies:
     "@swc/counter" "^0.1.3"
 
@@ -3847,6 +4517,15 @@
   dependencies:
     defer-to-connect "^2.0.1"
 
+"@tanem/svg-injector@^10.1.68":
+  version "10.1.68"
+  resolved "https://registry.yarnpkg.com/@tanem/svg-injector/-/svg-injector-10.1.68.tgz#0bd08da3c4184b055a6fe16909037c96f49e3cd1"
+  integrity sha512-UkJajeR44u73ujtr5GVSbIlELDWD/mzjqWe54YMK61ljKxFcJoPd9RBSaO7xj02ISCWUqJW99GjrS+sVF0UnrA==
+  dependencies:
+    "@babel/runtime" "^7.23.2"
+    content-type "^1.0.5"
+    tslib "^2.6.2"
+
 "@tanstack/react-virtual@^3.0.0-beta.60":
   version "3.5.1"
   resolved "https://registry.yarnpkg.com/@tanstack/react-virtual/-/react-virtual-3.5.1.tgz#1ce466f530a10f781871360ed2bf7ff83e664f85"
@@ -4147,9 +4826,9 @@
   integrity sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw==
 
 "@types/estree@^1.0.6":
-  version "1.0.7"
-  resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.7.tgz#4158d3105276773d5b7695cd4834b1722e4f37a8"
-  integrity sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ==
+  version "1.0.8"
+  resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.8.tgz#958b91c991b1867ced318bedea0e215ee050726e"
+  integrity sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==
 
 "@types/express-serve-static-core@*", "@types/express-serve-static-core@^4.17.33":
   version "4.19.3"
@@ -4283,6 +4962,14 @@
   resolved "https://registry.yarnpkg.com/@types/ms/-/ms-0.7.34.tgz#10964ba0dee6ac4cd462e2795b6bebd407303433"
   integrity sha512-nG96G3Wp6acyAgJqGasjODb+acrI7KltPiRxzHPXnP3NgI28bpQDRv53olbqGXbfcgF5aiiHmO3xpwEpS5Ld9g==
 
+"@types/node-fetch@^2.6.4":
+  version "2.6.12"
+  resolved "https://registry.yarnpkg.com/@types/node-fetch/-/node-fetch-2.6.12.tgz#8ab5c3ef8330f13100a7479e2cd56d3386830a03"
+  integrity sha512-8nneRWKCg3rMtF69nLQJnOYUcbafYeFSjqkw3jCRLsqkWFlHaoQrr5mXmofFGOx3DKn7UfmBMyov8ySvLRVldA==
+  dependencies:
+    "@types/node" "*"
+    form-data "^4.0.0"
+
 "@types/node-forge@^1.3.0":
   version "1.3.11"
   resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.11.tgz#0972ea538ddb0f4d9c2fa0ec5db5724773a604da"
@@ -4302,6 +4989,13 @@
   resolved "https://registry.yarnpkg.com/@types/node/-/node-17.0.45.tgz#2c0fafd78705e7a18b7906b5201a522719dc5190"
   integrity sha512-w+tIMs3rq2afQdsPJlODhoUEKzFP1ayaoyl1CcnwtIlsVe7K7bA1NGm4s3PraqTLlXnbIN84zuBlxBWo1u9BLw==
 
+"@types/node@^18.11.18":
+  version "18.19.86"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-18.19.86.tgz#a7e1785289c343155578b9d84a0e3e924deb948b"
+  integrity sha512-fifKayi175wLyKyc5qUfyENhQ1dCNI1UNjp653d8kuYcPQN5JhX3dGuP/XmvPTg/xRBn1VTLpbmi+H/Mr7tLfQ==
+  dependencies:
+    undici-types "~5.26.4"
+
 "@types/parse5@^6.0.0":
   version "6.0.3"
   resolved "https://registry.yarnpkg.com/@types/parse5/-/parse5-6.0.3.tgz#705bb349e789efa06f43f128cef51240753424cb"
@@ -4317,6 +5011,11 @@
   resolved "https://registry.yarnpkg.com/@types/prop-types/-/prop-types-15.7.12.tgz#12bb1e2be27293c1406acb6af1c3f3a1481d98c6"
   integrity sha512-5zvhXYtRNRluoE/jAp4GVsSduVUzNWKkOZrCDBWYtE7biZywwdC2AcEzg+cSMLFRfVgeAFqpfNabiPjxFddV1Q==
 
+"@types/prop-types@^15.7.14":
+  version "15.7.14"
+  resolved "https://registry.yarnpkg.com/@types/prop-types/-/prop-types-15.7.14.tgz#1433419d73b2a7ebfc6918dcefd2ec0d5cd698f2"
+  integrity sha512-gNMvNH49DJ7OJYv+KAKn0Xp45p8PLl6zo2YnvDIbTd4J6MER2BmWN49TG7n9LvkyihINxeKW8+3bfS2yDC9dzQ==
+
 "@types/qs@*":
   version "6.9.15"
   resolved "https://registry.yarnpkg.com/@types/qs/-/qs-6.9.15.tgz#adde8a060ec9c305a82de1babc1056e73bd64dce"
@@ -4712,6 +5411,87 @@
   resolved "https://registry.yarnpkg.com/@xtuc/long/-/long-4.2.2.tgz#d291c6a4e97989b5c61d9acf396ae4fe133a718d"
   integrity sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ==
 
+"@zag-js/core@1.17.1":
+  version "1.17.1"
+  resolved "https://registry.yarnpkg.com/@zag-js/core/-/core-1.17.1.tgz#1d47e8117352cb42b3de0dd2672189a8e0bf955b"
+  integrity sha512-68jh6R87QLMYrtntu34eSF9JJXRXd+/l5Mpaz/InEOwA9sjxuyJIESqO578IpI2GAqk+cE1sUTKhhPmkzeTq3g==
+  dependencies:
+    "@zag-js/dom-query" "1.17.1"
+    "@zag-js/utils" "1.17.1"
+
+"@zag-js/dom-query@1.10.0":
+  version "1.10.0"
+  resolved "https://registry.yarnpkg.com/@zag-js/dom-query/-/dom-query-1.10.0.tgz#62d5cdb887297c7522bde3e86ddb67cedf1cfad2"
+  integrity sha512-UQM4pHPPwpPNyuIcaDvuTjI4ntvBCV0oatpd+OcOW8NdUc2VVcPzL4cN6q1h+Q9s0Rpi+q77X0x6t9c1QWj1Iw==
+  dependencies:
+    "@zag-js/types" "1.10.0"
+
+"@zag-js/dom-query@1.17.1":
+  version "1.17.1"
+  resolved "https://registry.yarnpkg.com/@zag-js/dom-query/-/dom-query-1.17.1.tgz#38a8496869fb4fd1e02b6734d5f59e52d17bfc71"
+  integrity sha512-fwwzEKLPq3kAZVkkPBdskL4Ge4aHRAGqBLfAHCKioQNgvKYGRTzqmGA6ijls9ESULUWf0M2ogKstuUtY19PopA==
+  dependencies:
+    "@zag-js/types" "1.17.1"
+
+"@zag-js/focus-trap@^1.7.0":
+  version "1.10.0"
+  resolved "https://registry.yarnpkg.com/@zag-js/focus-trap/-/focus-trap-1.10.0.tgz#c292010997ce09581aeb1729f9151a80aa4cf141"
+  integrity sha512-6+SPzXws7BurUb5AxHD6RoygInvPkGhleJmClQadeFhOlOdZdaeqwZjnoA3WoH/15V4NfUnoIzy72Su36D8RmA==
+  dependencies:
+    "@zag-js/dom-query" "1.10.0"
+
+"@zag-js/presence@^1.13.1":
+  version "1.17.1"
+  resolved "https://registry.yarnpkg.com/@zag-js/presence/-/presence-1.17.1.tgz#9fee698db453fa49c743a175910b2ba107a9bed5"
+  integrity sha512-2b9/4gs/ZuTpplqNjTARWjEgqkV8pMjcrH5u/fFng2cm5JRhcPrgWDSeOiahKOCdWj8x+f5EkNVvBOqs4Bmcsw==
+  dependencies:
+    "@zag-js/core" "1.17.1"
+    "@zag-js/dom-query" "1.17.1"
+    "@zag-js/types" "1.17.1"
+
+"@zag-js/react@^1.13.1":
+  version "1.17.1"
+  resolved "https://registry.yarnpkg.com/@zag-js/react/-/react-1.17.1.tgz#917f6fd739a9e54e73578f03813e2de96cc919c2"
+  integrity sha512-hgIpkHpfJByWMtaBvrJQNxBsEghFDWDWRx/JcG5cv+0VDS3bdT2U6b4AWRq6/6CMI1a2bXodgxXrgXj0t1UofQ==
+  dependencies:
+    "@zag-js/core" "1.17.1"
+    "@zag-js/store" "1.17.1"
+    "@zag-js/types" "1.17.1"
+    "@zag-js/utils" "1.17.1"
+
+"@zag-js/store@1.17.1":
+  version "1.17.1"
+  resolved "https://registry.yarnpkg.com/@zag-js/store/-/store-1.17.1.tgz#d7833045c56169f028324d64b8fd3dc2f78df22a"
+  integrity sha512-01iHhN08QezWTgouaAQdOW/WQUieTBv3Abl3QeGPtQ1UC8oygG84zea1uF+FzqxhT/KtWvI2AT0zRaw368aqVQ==
+  dependencies:
+    proxy-compare "3.0.1"
+
+"@zag-js/types@1.10.0":
+  version "1.10.0"
+  resolved "https://registry.yarnpkg.com/@zag-js/types/-/types-1.10.0.tgz#d6f0d406d06cc954622b0234d2c2aeab64999ffd"
+  integrity sha512-HlM+EHYPLPaHgmuf2Bg5isNy2Kv30nwaANbkcMhVQYi8OfrTraxUQbTDXk3hb56qFmW1HQCMZzt1L7aS2qlOyQ==
+  dependencies:
+    csstype "3.1.3"
+
+"@zag-js/types@1.17.1":
+  version "1.17.1"
+  resolved "https://registry.yarnpkg.com/@zag-js/types/-/types-1.17.1.tgz#ce75409a9a89431f790038fd145cc9353d5fa236"
+  integrity sha512-KEPko1DK19hEMfM5IPKTZQtpf4HC3X56qwckezRX1yk+/vGotVUxdjRIrv+pcITjlFAoQQO9TiiZv2UiiVrFGA==
+  dependencies:
+    csstype "3.1.3"
+
+"@zag-js/utils@1.17.1":
+  version "1.17.1"
+  resolved "https://registry.yarnpkg.com/@zag-js/utils/-/utils-1.17.1.tgz#0015f9a160877672a75a2ed0419c289fb5fcb22d"
+  integrity sha512-+w/Kx7uZufg3cD6I5bQ8iSoeY3qSarPpUwrxz6FCOxJ86IAmf3ActqFC2pJ6DQCdHdkWINaKKchb4GNt8ld7KQ==
+
+abort-controller@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/abort-controller/-/abort-controller-3.0.0.tgz#eaf54d53b62bae4138e809ca225c8439a6efb392"
+  integrity sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==
+  dependencies:
+    event-target-shim "^5.0.0"
+
 accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.8:
   version "1.3.8"
   resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.8.tgz#0bf0be125b67014adcb0b0921e62db7bffe16b2e"
@@ -4743,9 +5523,9 @@ acorn@^8.0.0, acorn@^8.0.4, acorn@^8.11.0, acorn@^8.7.1, acorn@^8.8.2:
   integrity sha512-RTvkC4w+KNXrM39/lWCUaG0IbRkWdCv7W/IOW9oU6SawyxulvkQy5HQPVTKxEjczcUvapcrw3cFx/60VN/NRNw==
 
 acorn@^8.14.0:
-  version "8.14.1"
-  resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.14.1.tgz#721d5dc10f7d5b5609a891773d47731796935dfb"
-  integrity sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg==
+  version "8.15.0"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.15.0.tgz#a360898bc415edaac46c8241f6383975b930b816"
+  integrity sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==
 
 address@^1.0.1:
   version "1.2.2"
@@ -4759,6 +5539,13 @@ agent-base@6:
   dependencies:
     debug "4"
 
+agentkeepalive@^4.2.1:
+  version "4.6.0"
+  resolved "https://registry.yarnpkg.com/agentkeepalive/-/agentkeepalive-4.6.0.tgz#35f73e94b3f40bf65f105219c623ad19c136ea6a"
+  integrity sha512-kja8j7PjmncONqaTsB8fQ+wE2mSU2DJ9D4XKoJ5PFWIdRMa6SLSN1ff4mOr4jCbfRSsxR4keIiySJU0N9T5hIQ==
+  dependencies:
+    humanize-ms "^1.2.1"
+
 aggregate-error@^3.0.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/aggregate-error/-/aggregate-error-3.1.0.tgz#92670ff50f5359bdb7a3e0d40d0ec30c5737687a"
@@ -4822,30 +5609,30 @@ ajv@^8.0.0, ajv@^8.9.0:
     uri-js "^4.4.1"
 
 algoliasearch-helper@^3.22.6:
-  version "3.25.0"
-  resolved "https://registry.yarnpkg.com/algoliasearch-helper/-/algoliasearch-helper-3.25.0.tgz#15cc79ad7909db66b8bb5a5a9c38b40e3941fa2f"
-  integrity sha512-vQoK43U6HXA9/euCqLjvyNdM4G2Fiu/VFp4ae0Gau9sZeIKBPvUPnXfLYAe65Bg7PFuw03coeu5K6lTPSXRObw==
+  version "3.26.0"
+  resolved "https://registry.yarnpkg.com/algoliasearch-helper/-/algoliasearch-helper-3.26.0.tgz#d6e283396a9fc5bf944f365dc3b712570314363f"
+  integrity sha512-Rv2x3GXleQ3ygwhkhJubhhYGsICmShLAiqtUuJTUkr9uOCOXyF2E71LVT4XDnVffbknv8XgScP4U0Oxtgm+hIw==
   dependencies:
     "@algolia/events" "^4.0.1"
 
 algoliasearch@^5.14.2, algoliasearch@^5.17.1:
-  version "5.25.0"
-  resolved "https://registry.yarnpkg.com/algoliasearch/-/algoliasearch-5.25.0.tgz#7337b097deadeca0e6e985c0f8724abea189994f"
-  integrity sha512-n73BVorL4HIwKlfJKb4SEzAYkR3Buwfwbh+MYxg2mloFph2fFGV58E90QTzdbfzWrLn4HE5Czx/WTjI8fcHaMg==
+  version "5.29.0"
+  resolved "https://registry.yarnpkg.com/algoliasearch/-/algoliasearch-5.29.0.tgz#0feae8e0a71fced857be4e97c434ef9dce89783b"
+  integrity sha512-E2l6AlTWGznM2e7vEE6T6hzObvEyXukxMOlBmVlMyixZyK1umuO/CiVc6sDBbzVH0oEviCE5IfVY1oZBmccYPQ==
   dependencies:
-    "@algolia/client-abtesting" "5.25.0"
-    "@algolia/client-analytics" "5.25.0"
-    "@algolia/client-common" "5.25.0"
-    "@algolia/client-insights" "5.25.0"
-    "@algolia/client-personalization" "5.25.0"
-    "@algolia/client-query-suggestions" "5.25.0"
-    "@algolia/client-search" "5.25.0"
-    "@algolia/ingestion" "1.25.0"
-    "@algolia/monitoring" "1.25.0"
-    "@algolia/recommend" "5.25.0"
-    "@algolia/requester-browser-xhr" "5.25.0"
-    "@algolia/requester-fetch" "5.25.0"
-    "@algolia/requester-node-http" "5.25.0"
+    "@algolia/client-abtesting" "5.29.0"
+    "@algolia/client-analytics" "5.29.0"
+    "@algolia/client-common" "5.29.0"
+    "@algolia/client-insights" "5.29.0"
+    "@algolia/client-personalization" "5.29.0"
+    "@algolia/client-query-suggestions" "5.29.0"
+    "@algolia/client-search" "5.29.0"
+    "@algolia/ingestion" "1.29.0"
+    "@algolia/monitoring" "1.29.0"
+    "@algolia/recommend" "5.29.0"
+    "@algolia/requester-browser-xhr" "5.29.0"
+    "@algolia/requester-fetch" "5.29.0"
+    "@algolia/requester-node-http" "5.29.0"
 
 allof-merge@^0.6.6:
   version "0.6.6"
@@ -4854,6 +5641,11 @@ allof-merge@^0.6.6:
   dependencies:
     json-crawl "^0.5.3"
 
+altcha-lib@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/altcha-lib/-/altcha-lib-1.2.0.tgz#a8b874ace261751473686adc5cc210be7449ba0d"
+  integrity sha512-S5WF8QLNRaM1hvK24XPhOLfu9is2EBCvH7+nv50sM5CaIdUCqQCd0WV/qm/ZZFGTdSoKLuDp+IapZxBLvC+SNg==
+
 ansi-align@^3.0.1:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/ansi-align/-/ansi-align-3.0.1.tgz#0cdf12e111ace773a86e9a1fad1225c43cb19a59"
@@ -4932,6 +5724,13 @@ argparse@^2.0.1:
   resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38"
   integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==
 
+aria-hidden@^1.2.4:
+  version "1.2.4"
+  resolved "https://registry.yarnpkg.com/aria-hidden/-/aria-hidden-1.2.4.tgz#b78e383fdbc04d05762c78b4a25a501e736c4522"
+  integrity sha512-y+CcFFwelSXpLZk/7fMB2mUbGtX9lKycf1MWJ7CaTIERyitVlyQx6C+sxcROU2BAJ24OiZyK+8wj2i8AlBoS3A==
+  dependencies:
+    tslib "^2.0.0"
+
 array-flatten@1.1.1:
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/array-flatten/-/array-flatten-1.1.1.tgz#9a5f699051b1e7073328f2a008968b64ea2955d2"
@@ -4957,6 +5756,11 @@ async@3.2.4:
   resolved "https://registry.yarnpkg.com/async/-/async-3.2.4.tgz#2d22e00f8cddeb5fde5dd33522b56d1cf569a81c"
   integrity sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==
 
+asynckit@^0.4.0:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
+  integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==
+
 at-least-node@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/at-least-node/-/at-least-node-1.0.0.tgz#602cd4b46e844ad4effc92a8011a3c46e0238dc2"
@@ -5312,10 +6116,10 @@ caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001599, caniuse-lite@^1.0.30001629:
   resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001702.tgz"
   integrity sha512-LoPe/D7zioC0REI5W73PeR1e1MLCipRGq/VkovJnd6Df+QVqT+vT33OXCp8QUd7kA7RZrHWxb1B36OQKI/0gOA==
 
-caniuse-lite@^1.0.30001702, caniuse-lite@^1.0.30001716, caniuse-lite@^1.0.30001718:
-  version "1.0.30001718"
-  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001718.tgz#dae13a9c80d517c30c6197515a96131c194d8f82"
-  integrity sha512-AflseV1ahcSunK53NfEs9gFWgOEmzr0f+kaMFA4xiLZlr9Hzt7HxcSpIFcnNCUkz6R6dWKa54rUz3HUmI3nVcw==
+caniuse-lite@^1.0.30001702, caniuse-lite@^1.0.30001718:
+  version "1.0.30001724"
+  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001724.tgz#312e163553dd70d2c0fb603d74810c85d8ed94a0"
+  integrity sha512-WqJo7p0TbHDOythNTqYujmaJTvtYRZrjpP8TCvH6Vb9CYJerJNKamKzIWOM4BkQatWj9H2lYulpdAQNBe7QhNA==
 
 ccount@^2.0.0:
   version "2.0.1"
@@ -5455,6 +6259,13 @@ ci-info@^3.2.0:
   resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-3.9.0.tgz#4279a62028a7b1f262f3473fc9605f5e218c59b4"
   integrity sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==
 
+class-variance-authority@0.7.1:
+  version "0.7.1"
+  resolved "https://registry.yarnpkg.com/class-variance-authority/-/class-variance-authority-0.7.1.tgz#4008a798a0e4553a781a57ac5177c9fb5d043787"
+  integrity sha512-Ka+9Trutv7G8M6WT6SeiRWz792K5qEqIGEGzXKhAE6xOWAY6pPH8U+9IY3oCMv6kqTmLsv7Xh/2w2RigkePMsg==
+  dependencies:
+    clsx "^2.1.1"
+
 clean-css@^5.2.2, clean-css@^5.3.3, clean-css@~5.3.2:
   version "5.3.3"
   resolved "https://registry.yarnpkg.com/clean-css/-/clean-css-5.3.3.tgz#b330653cd3bd6b75009cc25c714cae7b93351ccd"
@@ -5504,16 +6315,16 @@ clone-deep@^4.0.1:
     kind-of "^6.0.2"
     shallow-clone "^3.0.0"
 
+clsx@2.1.1, clsx@^2.0.0, clsx@^2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/clsx/-/clsx-2.1.1.tgz#eed397c9fd8bd882bfb18deab7102049a2f32999"
+  integrity sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==
+
 clsx@^1.1.1, clsx@^1.2.1:
   version "1.2.1"
   resolved "https://registry.yarnpkg.com/clsx/-/clsx-1.2.1.tgz#0ddc4a20a549b59c93a4116bb26f5294ca17dc12"
   integrity sha512-EcR6r5a8bj6pu3ycsa/E/cKVGuTgZJZdsyUYHOksG/UHIiKfjxzRxYJpyVBwYaQeOvghal9fcc4PidlgzugAQg==
 
-clsx@^2.0.0:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/clsx/-/clsx-2.1.1.tgz#eed397c9fd8bd882bfb18deab7102049a2f32999"
-  integrity sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==
-
 collapse-white-space@^2.0.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/collapse-white-space/-/collapse-white-space-2.1.0.tgz#640257174f9f42c740b40f3b55ee752924feefca"
@@ -5558,11 +6369,23 @@ colorette@^2.0.10:
   resolved "https://registry.yarnpkg.com/colorette/-/colorette-2.0.20.tgz#9eb793e6833067f7235902fcd3b09917a000a95a"
   integrity sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==
 
+colorjs.io@0.5.2:
+  version "0.5.2"
+  resolved "https://registry.yarnpkg.com/colorjs.io/-/colorjs.io-0.5.2.tgz#63b20139b007591ebc3359932bef84628eb3fcef"
+  integrity sha512-twmVoizEW7ylZSN32OgKdXRmo1qg+wT5/6C3xu5b9QsWzSFAhHLn2xd8ro0diCsKfCj1RdaTP/nrcW+vAoQPIw==
+
 combine-promises@^1.1.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/combine-promises/-/combine-promises-1.2.0.tgz#5f2e68451862acf85761ded4d9e2af7769c2ca6a"
   integrity sha512-VcQB1ziGD0NXrhKxiwyNbCDmRzs/OShMs2GqW2DlU2A/Sd0nQxE1oWDAE5O0ygSx5mgQOn9eIFh7yKPgFRVkPQ==
 
+combined-stream@^1.0.8:
+  version "1.0.8"
+  resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.8.tgz#c3d45a8b34fd730631a110a8a2520682b31d5a7f"
+  integrity sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==
+  dependencies:
+    delayed-stream "~1.0.0"
+
 comma-separated-tokens@^2.0.0:
   version "2.0.3"
   resolved "https://registry.yarnpkg.com/comma-separated-tokens/-/comma-separated-tokens-2.0.3.tgz#4e89c9458acb61bc8fef19f4529973b2392839ee"
@@ -5698,7 +6521,7 @@ content-disposition@0.5.4:
   dependencies:
     safe-buffer "5.2.1"
 
-content-type@~1.0.4, content-type@~1.0.5:
+content-type@^1.0.5, content-type@~1.0.4, content-type@~1.0.5:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/content-type/-/content-type-1.0.5.tgz#8b773162656d1d1086784c8f23a54ce6d73d7918"
   integrity sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==
@@ -5750,11 +6573,11 @@ core-js-compat@^3.31.0, core-js-compat@^3.36.1:
     browserslist "^4.23.0"
 
 core-js-compat@^3.40.0:
-  version "3.42.0"
-  resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.42.0.tgz#ce19c29706ee5806e26d3cb3c542d4cfc0ed51bb"
-  integrity sha512-bQasjMfyDGyaeWKBIu33lHh9qlSR0MFE/Nmc6nMjf/iU9b3rSMdAYz1Baxrv4lPdGUsTqZudHA4jIGSJy0SWZQ==
+  version "3.43.0"
+  resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.43.0.tgz#055587369c458795ef316f65e0aabb808fb15840"
+  integrity sha512-2GML2ZsCc5LR7hZYz4AXmjQw8zuy2T//2QntwdnpuYI7jteT6GVYJL7F6C2C57R7gSYrcqVW3lAALefdbhBLDA==
   dependencies:
-    browserslist "^4.24.4"
+    browserslist "^4.25.0"
 
 core-js-pure@^3.30.2:
   version "3.37.1"
@@ -5919,9 +6742,9 @@ css-what@^6.0.1, css-what@^6.1.0:
   integrity sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw==
 
 cssdb@^8.3.0:
-  version "8.3.0"
-  resolved "https://registry.yarnpkg.com/cssdb/-/cssdb-8.3.0.tgz#940becad497b8509ad822a28fb0cfe54c969ccfe"
-  integrity sha512-c7bmItIg38DgGjSwDPZOYF/2o0QU/sSgkWOMyl8votOfgFuyiFKWPesmCGEsrGLxEA9uL540cp8LdaGEjUGsZQ==
+  version "8.3.1"
+  resolved "https://registry.yarnpkg.com/cssdb/-/cssdb-8.3.1.tgz#0ac96395b7092ffee14563e948cf43c2019b051e"
+  integrity sha512-XnDRQMXucLueX92yDe0LPKupXetWoFOgawr4O4X41l5TltgK2NVbJJVDnnOywDYfW1sTJ28AcXGKOqdRKwCcmQ==
 
 cssesc@^3.0.0:
   version "3.0.0"
@@ -5997,7 +6820,7 @@ csso@^5.0.5:
   dependencies:
     css-tree "~2.2.0"
 
-csstype@^3.0.2:
+csstype@3.1.3, csstype@^3.0.2:
   version "3.1.3"
   resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.1.3.tgz#d80ff294d114fb0e6ac500fbf85b60137d7eff81"
   integrity sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==
@@ -6404,6 +7227,11 @@ delaunator@5:
   dependencies:
     robust-predicates "^3.0.2"
 
+delayed-stream@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619"
+  integrity sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==
+
 depd@2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/depd/-/depd-2.0.0.tgz#b696163cc757560d09cf22cc8fad1571b79e76df"
@@ -6414,7 +7242,7 @@ depd@~1.1.2:
   resolved "https://registry.yarnpkg.com/depd/-/depd-1.1.2.tgz#9bcd52e14c097763e749b274c4346ed2e560b5a9"
   integrity sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==
 
-dequal@^2.0.0:
+dequal@^2.0.0, dequal@^2.0.3:
   version "2.0.3"
   resolved "https://registry.yarnpkg.com/dequal/-/dequal-2.0.3.tgz#2644214f1997d39ed0ee0ece72335490a7ac67be"
   integrity sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==
@@ -6434,6 +7262,11 @@ detect-libc@^2.0.3:
   resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-2.0.4.tgz#f04715b8ba815e53b4d8109655b6508a6865a7e8"
   integrity sha512-3UDv+G9CsCKO1WKMGw9fwq/SWJYbI0c5Y7LU1AXYoDdbhE2AHQ6N6Nb34sG8Fj7T5APy8qXDCKuuIHd1BR0tVA==
 
+detect-node-es@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/detect-node-es/-/detect-node-es-1.1.0.tgz#163acdf643330caa0b4cd7c21e7ee7755d6fa493"
+  integrity sha512-ypdmJU/TbBby2Dxibuv7ZLW3Bs1QEmM7nHjEANfohJLvE0XVujisn1qPJcZxg+qDucsr+bP6fLD1rPS3AhJ7EQ==
+
 detect-node@^2.0.4:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/detect-node/-/detect-node-2.1.0.tgz#c9c70775a49c3d03bc2c06d9a73be550f978f8b1"
@@ -6601,7 +7434,7 @@ domhandler@^5.0.2, domhandler@^5.0.3:
   dependencies:
     domelementtype "^2.3.0"
 
-dompurify@^3.2.4:
+dompurify@^3.2.5:
   version "3.2.6"
   resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.6.tgz#ca040a6ad2b88e2a92dc45f38c79f84a714a1cad"
   integrity sha512-/2GogDQlohXPZe6D6NOgQvXLPSYBqIWMnZ8zzOhn09REE4eyAzb+Hed3jhoM9OkuaJ8P6ZGTTVWQKAi8ieIzfQ==
@@ -6670,11 +7503,6 @@ electron-to-chromium@^1.4.796:
   resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.803.tgz#cf55808a5ee12e2a2778bbe8cdc941ef87c2093b"
   integrity sha512-61H9mLzGOCLLVsnLiRzCbc63uldP0AniRYPV3hbGVtONA1pI7qSGILdbofR7A8TMbOypDocEAjH/e+9k1QIe3g==
 
-electron-to-chromium@^1.5.149:
-  version "1.5.158"
-  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.158.tgz#e5f01fc7fdf810d9d223e30593e0839c306276d4"
-  integrity sha512-9vcp2xHhkvraY6AHw2WMi+GDSLPX42qe2xjYaVoZqFRJiOcilVQFq9mZmpuHEQpzlgGDelKlV7ZiGcmMsc8WxQ==
-
 electron-to-chromium@^1.5.160:
   version "1.5.172"
   resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.172.tgz#fe1d99028d8d6321668d0f1fed61d99ac896259c"
@@ -6726,9 +7554,9 @@ enhanced-resolve@^5.17.0:
     tapable "^2.2.0"
 
 enhanced-resolve@^5.17.1:
-  version "5.18.1"
-  resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.18.1.tgz#728ab082f8b7b6836de51f1637aab5d3b9568faf"
-  integrity sha512-ZSW3ma5GkcQBIpwZTSRAI8N71Uuwgs93IezB7mf7R60tC8ZbJideoDNKjHn2O9KIlx6rkGTTEk1xUCK2E1Y2Yg==
+  version "5.18.2"
+  resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.18.2.tgz#7903c5b32ffd4b2143eeb4b92472bd68effd5464"
+  integrity sha512-6Jw4sE1maoRJo3q8MsSIn2onJFbLTOjY9hlx4DZXmOKvLRd1Ok2kXmAGXaafL2+ijsJZ1ClYbl/pmqr9+k4iUQ==
   dependencies:
     graceful-fs "^4.2.4"
     tapable "^2.2.0"
@@ -6779,6 +7607,16 @@ es-object-atoms@^1.0.0, es-object-atoms@^1.1.1:
   dependencies:
     es-errors "^1.3.0"
 
+es-set-tostringtag@^2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz#f31dbbe0c183b00a6d26eb6325c810c0fd18bd4d"
+  integrity sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==
+  dependencies:
+    es-errors "^1.3.0"
+    get-intrinsic "^1.2.6"
+    has-tostringtag "^1.0.2"
+    hasown "^2.0.2"
+
 es6-promise@^3.2.1:
   version "3.3.1"
   resolved "https://registry.yarnpkg.com/es6-promise/-/es6-promise-3.3.1.tgz#a08cdde84ccdbf34d027a1451bc91d4bcd28a613"
@@ -6955,6 +7793,11 @@ eval@^0.1.8:
     "@types/node" "*"
     require-like ">= 0.1.1"
 
+event-target-shim@^5.0.0:
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/event-target-shim/-/event-target-shim-5.0.1.tgz#5d4d3ebdf9583d63a5333ce2deb7480ab2b05789"
+  integrity sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==
+
 eventemitter3@^4.0.0, eventemitter3@^4.0.4:
   version "4.0.7"
   resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-4.0.7.tgz#2de9b68f6528d5644ef5c59526a1b4a07306169f"
@@ -7023,9 +7866,9 @@ express@^4.17.3:
     vary "~1.1.2"
 
 exsolve@^1.0.1:
-  version "1.0.5"
-  resolved "https://registry.yarnpkg.com/exsolve/-/exsolve-1.0.5.tgz#1f5b6b4fe82ad6b28a173ccb955a635d77859dcf"
-  integrity sha512-pz5dvkYYKQ1AHVrgOzBKWeP4u4FRb3a6DNK2ucr0OoNwYIU4QWsJ+NM36LLzORT+z845MzKHHhpXiUF5nvQoJg==
+  version "1.0.7"
+  resolved "https://registry.yarnpkg.com/exsolve/-/exsolve-1.0.7.tgz#3b74e4c7ca5c5f9a19c3626ca857309fa99f9e9e"
+  integrity sha512-VO5fQUzZtI6C+vx4w/4BWJpg3s/5l+6pRQEHzFRM8WFi4XffSP1Z+4qi7GbjWbvRQEbdIco5mIMq+zX4rPuLrw==
 
 extend-shallow@^2.0.1:
   version "2.0.1"
@@ -7200,16 +8043,39 @@ foreground-child@^3.1.0:
     cross-spawn "^7.0.0"
     signal-exit "^4.0.1"
 
+form-data-encoder@1.7.2:
+  version "1.7.2"
+  resolved "https://registry.yarnpkg.com/form-data-encoder/-/form-data-encoder-1.7.2.tgz#1f1ae3dccf58ed4690b86d87e4f57c654fbab040"
+  integrity sha512-qfqtYan3rxrnCk1VYaA4H+Ms9xdpPqvLZa6xmMgFvhO32x7/3J/ExcTd6qpxM0vH2GdMI+poehyBZvqfMTto8A==
+
 form-data-encoder@^2.1.2:
   version "2.1.4"
   resolved "https://registry.yarnpkg.com/form-data-encoder/-/form-data-encoder-2.1.4.tgz#261ea35d2a70d48d30ec7a9603130fa5515e9cd5"
   integrity sha512-yDYSgNMraqvnxiEXO4hi88+YZxaHC6QKzb5N84iRCTDeRO7ZALpir/lVmf/uXUhnwUr2O4HU8s/n6x+yNjQkHw==
 
+form-data@^4.0.0:
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.2.tgz#35cabbdd30c3ce73deb2c42d3c8d3ed9ca51794c"
+  integrity sha512-hGfm/slu0ZabnNt4oaRZ6uREyfCj6P4fT/n6A1rGV+Z0VdGXjfOhVUpkn6qVQONHGIFwmveGXyDs75+nr6FM8w==
+  dependencies:
+    asynckit "^0.4.0"
+    combined-stream "^1.0.8"
+    es-set-tostringtag "^2.1.0"
+    mime-types "^2.1.12"
+
 format@^0.2.0:
   version "0.2.2"
   resolved "https://registry.yarnpkg.com/format/-/format-0.2.2.tgz#d6170107e9efdc4ed30c9dc39016df942b5cb58b"
   integrity sha512-wzsgA6WOq+09wrU1tsJ09udeR/YZRaeArL9e1wPbFg3GG2yDnC2ldKpxs4xunpFF9DgqCqOIra3bc1HWrJ37Ww==
 
+formdata-node@^4.3.2:
+  version "4.4.1"
+  resolved "https://registry.yarnpkg.com/formdata-node/-/formdata-node-4.4.1.tgz#23f6a5cb9cb55315912cbec4ff7b0f59bbd191e2"
+  integrity sha512-0iirZp3uVDjVGt9p49aTaqjk84TrglENEDuqfdlZQ1roC9CWlPk6Avf8EEnZNcAqPonwkG35x4n3ww/1THYAeQ==
+  dependencies:
+    node-domexception "1.0.0"
+    web-streams-polyfill "4.0.0-beta.3"
+
 forwarded@0.2.0:
   version "0.2.0"
   resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811"
@@ -7290,7 +8156,7 @@ get-intrinsic@^1.1.3, get-intrinsic@^1.2.4:
     has-symbols "^1.0.3"
     hasown "^2.0.0"
 
-get-intrinsic@^1.2.5, get-intrinsic@^1.3.0:
+get-intrinsic@^1.2.5, get-intrinsic@^1.2.6, get-intrinsic@^1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz#743f0e3b6964a93a5491ed1bffaae054d7f98d01"
   integrity sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==
@@ -7306,6 +8172,11 @@ get-intrinsic@^1.2.5, get-intrinsic@^1.3.0:
     hasown "^2.0.2"
     math-intrinsics "^1.1.0"
 
+get-nonce@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/get-nonce/-/get-nonce-1.0.1.tgz#fdf3f0278073820d2ce9426c18f07481b1e0cdf3"
+  integrity sha512-FJhYRoDaiatfEkUK8HKlicmu/3SGFD51q3itKDGoSTysQJBnfOcxU5GxnhE1E6soB76MbT0MBtnKJuXyAx+96Q==
+
 get-own-enumerable-property-symbols@^3.0.0:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.2.tgz#b5fde77f22cbe35f390b4e089922c50bce6ef664"
@@ -7523,6 +8394,13 @@ has-symbols@^1.1.0:
   resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.1.0.tgz#fc9c6a783a084951d0b971fe1018de813707a338"
   integrity sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==
 
+has-tostringtag@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/has-tostringtag/-/has-tostringtag-1.0.2.tgz#2cdc42d40bef2e5b4eeab7c01a73c54ce7ab5abc"
+  integrity sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==
+  dependencies:
+    has-symbols "^1.0.3"
+
 has-yarn@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/has-yarn/-/has-yarn-3.0.0.tgz#c3c21e559730d1d3b57e28af1f30d06fac38147d"
@@ -7821,6 +8699,11 @@ html-tags@^3.3.1:
   resolved "https://registry.yarnpkg.com/html-tags/-/html-tags-3.3.1.tgz#a04026a18c882e4bba8a01a3d39cfe465d40b5ce"
   integrity sha512-ztqyC3kLto0e9WbNp0aeP+M3kTt+nbaIveGmUxAtZa+8iFgKLUOD4YKM5j+f3QD89bra7UeumolZHKuOXnTmeQ==
 
+html-url-attributes@^3.0.0:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/html-url-attributes/-/html-url-attributes-3.0.1.tgz#83b052cd5e437071b756cd74ae70f708870c2d87"
+  integrity sha512-ol6UPyBWqsrO6EJySPz2O7ZSr856WDrEzM5zMqp+FJJLGMW35cLYmmZnl0vztAZxRUoNZJFTCohfjuIJ8I4QBQ==
+
 html-void-elements@^2.0.0:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/html-void-elements/-/html-void-elements-2.0.1.tgz#29459b8b05c200b6c5ee98743c41b979d577549f"
@@ -7949,6 +8832,18 @@ human-signals@^2.1.0:
   resolved "https://registry.yarnpkg.com/human-signals/-/human-signals-2.1.0.tgz#dc91fcba42e4d06e4abaed33b3e7a3c02f514ea0"
   integrity sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==
 
+humanize-ms@^1.2.1:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/humanize-ms/-/humanize-ms-1.2.1.tgz#c46e3159a293f6b896da29316d8b6fe8bb79bbed"
+  integrity sha512-Fl70vYtsAFb/C06PTS9dZBo7ihau+Tu/DNCk/OyHhea07S+aeMWpFFkUaXRa8fI+ScZbEI8dfSxwY7gxZ9SAVQ==
+  dependencies:
+    ms "^2.0.0"
+
+humps@2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/humps/-/humps-2.0.1.tgz#dd02ea6081bd0568dc5d073184463957ba9ef9aa"
+  integrity sha512-E0eIbrFWUhwfXJmsbdjRQFQPrl5pTEoKlz163j1mTqqUnU9PgR4AgB8AIITzuB3vLBdxZXyZ9TDIrwB2OASz4g==
+
 iconv-lite@0.4.24:
   version "0.4.24"
   resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.24.tgz#2022b4b25fbddc21d2f524974a474aafe733908b"
@@ -7989,9 +8884,9 @@ immer@^9.0.21:
   integrity sha512-bc4NBHqOqSfRW7POMkHd51LvClaeMXpm8dx0e8oE2GORbq5aRK7Bxl4FyzVLdGtLmvLKL7BTDBG5ACQm4HWjTA==
 
 immutable@^5.0.2:
-  version "5.1.2"
-  resolved "https://registry.yarnpkg.com/immutable/-/immutable-5.1.2.tgz#e8169476414505e5a4fa650107b65e1227d16d4b"
-  integrity sha512-qHKXW1q6liAk1Oys6umoaZbDRqjcjgSrbnrifHsfsttza7zcvRAsL7mMV6xWcyhwQy7Xj5v4hhbr6b+iDYwlmQ==
+  version "5.1.3"
+  resolved "https://registry.yarnpkg.com/immutable/-/immutable-5.1.3.tgz#e6486694c8b76c37c063cca92399fa64098634d4"
+  integrity sha512-+chQdDfvscSF1SJqv2gn4SRO2ZyS3xL3r7IW/wWEEzrzLisnOlKiQu5ytC/BVNcS15C39WT2Hg/bjKjDMcu+zg==
 
 import-fresh@^3.3.0:
   version "3.3.0"
@@ -8244,6 +9139,11 @@ is-typedarray@^1.0.0:
   resolved "https://registry.yarnpkg.com/is-typedarray/-/is-typedarray-1.0.0.tgz#e479c80858df0c1b11ddda6940f96011fcda4a9a"
   integrity sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA==
 
+is-what@^4.1.8:
+  version "4.1.16"
+  resolved "https://registry.yarnpkg.com/is-what/-/is-what-4.1.16.tgz#1ad860a19da8b4895ad5495da3182ce2acdd7a6f"
+  integrity sha512-ZhMwEosbFJkA0YhFnNDgTM4ZxDRsS6HqTo7qsZM08fehyRYIYa0yHu5R6mgo1n/8MgaPBXiPimPD77baVFYg+A==
+
 is-wsl@^2.2.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/is-wsl/-/is-wsl-2.2.0.tgz#74a4c76e77ca9fd3f932f290c17ea326cd157271"
@@ -8715,6 +9615,11 @@ lru-cache@^6.0.0:
   dependencies:
     yallist "^4.0.0"
 
+lucide-react@^0.503.0:
+  version "0.503.0"
+  resolved "https://registry.yarnpkg.com/lucide-react/-/lucide-react-0.503.0.tgz#4ac55b262fa613f9497531c9df50ea0e883d2de2"
+  integrity sha512-HGGkdlPWQ0vTF8jJ5TdIqhQXZi6uh3LnNgfZ8MHiuxFfX3RZeA79r2MW2tHAZKlAVfoNE8esm3p+O6VkIvpj6w==
+
 markdown-extensions@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/markdown-extensions/-/markdown-extensions-2.0.0.tgz#34bebc83e9938cae16e0e017e4a9814a8330d3c4"
@@ -8732,7 +9637,7 @@ markdown-table@^3.0.0:
   resolved "https://registry.yarnpkg.com/markdown-table/-/markdown-table-3.0.3.tgz#e6331d30e493127e031dd385488b5bd326e4a6bd"
   integrity sha512-Z1NL3Tb1M9wH4XESsCDEksWoKTdlUafKc4pt0GRwjUyXaCFZ+dc3g2erqB6zm3szA2IUSi7VnPI+o/9jnxh9hw==
 
-marked@^15.0.7:
+marked@^15.0.7, marked@^15.0.9:
   version "15.0.12"
   resolved "https://registry.yarnpkg.com/marked/-/marked-15.0.12.tgz#30722c7346e12d0a2d0207ab9b0c4f0102d86c4e"
   integrity sha512-8dD6FusOQSrpv9Z1rdNMdlSgQOIP880DHqnohobOmYLElGEqAL/JvxvuxZO16r4HtjTlfPRDC1hbvxC9dPN2nA==
@@ -9194,6 +10099,13 @@ memoize-one@^5.1.1:
   resolved "https://registry.yarnpkg.com/memoize-one/-/memoize-one-5.2.1.tgz#8337aa3c4335581839ec01c3d594090cebe8f00e"
   integrity sha512-zYiwtZUcYyXKo/np96AGZAckk+FWWsUdJ3cHGGmld7+AhvcWmQyGCYUh1hc4Q/pkOhb65dQR/pqCyK0cOaHz4Q==
 
+merge-anything@5.1.7:
+  version "5.1.7"
+  resolved "https://registry.yarnpkg.com/merge-anything/-/merge-anything-5.1.7.tgz#94f364d2b0cf21ac76067b5120e429353b3525d7"
+  integrity sha512-eRtbOb1N5iyH0tkQDAoQ4Ipsp/5qSR79Dzrz8hEPxRX10RWWR/iQXdoKmBSRCThY1Fh5EhISDtpSc93fpxUniQ==
+  dependencies:
+    is-what "^4.1.8"
+
 merge-descriptors@1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/merge-descriptors/-/merge-descriptors-1.0.1.tgz#b00aaa556dd8b44568150ec9d1b953f3f90cbb61"
@@ -9210,13 +10122,13 @@ merge2@^1.3.0, merge2@^1.4.1:
   integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==
 
 mermaid@>=11.6.0:
-  version "11.6.0"
-  resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-11.6.0.tgz#eee45cdc3087be561a19faf01745596d946bb575"
-  integrity sha512-PE8hGUy1LDlWIHWBP05SFdqUHGmRcCcK4IzpOKPE35eOw+G9zZgcnMpyunJVUEOgb//KBORPjysKndw8bFLuRg==
+  version "11.7.0"
+  resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-11.7.0.tgz#53f319147632db15e499c5ccb72b24b277a00bae"
+  integrity sha512-/1/5R0rt0Z1Ak0CuznAnCF3HtQgayRXUz6SguzOwN4L+DuCobz0UxnQ+ZdTSZ3AugKVVh78tiVmsHpHWV25TCw==
   dependencies:
     "@braintree/sanitize-url" "^7.0.4"
     "@iconify/utils" "^2.1.33"
-    "@mermaid-js/parser" "^0.4.0"
+    "@mermaid-js/parser" "^0.5.0"
     "@types/d3" "^7.4.3"
     cytoscape "^3.29.3"
     cytoscape-cose-bilkent "^4.1.0"
@@ -9225,7 +10137,7 @@ mermaid@>=11.6.0:
     d3-sankey "^0.12.3"
     dagre-d3-es "7.0.11"
     dayjs "^1.11.13"
-    dompurify "^3.2.4"
+    dompurify "^3.2.5"
     katex "^0.16.9"
     khroma "^2.1.0"
     lodash-es "^4.17.21"
@@ -10041,7 +10953,7 @@ mime-types@2.1.31:
   dependencies:
     mime-db "1.48.0"
 
-mime-types@2.1.35, mime-types@^2.1.27, mime-types@^2.1.31, mime-types@~2.1.17, mime-types@~2.1.24, mime-types@~2.1.34:
+mime-types@2.1.35, mime-types@^2.1.12, mime-types@^2.1.27, mime-types@^2.1.31, mime-types@~2.1.17, mime-types@~2.1.24, mime-types@~2.1.34:
   version "2.1.35"
   resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a"
   integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==
@@ -10147,7 +11059,7 @@ ms@2.1.2:
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
   integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==
 
-ms@2.1.3, ms@^2.1.3:
+ms@2.1.3, ms@^2.0.0, ms@^2.1.3:
   version "2.1.3"
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
   integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
@@ -10207,6 +11119,11 @@ node-addon-api@^7.0.0:
   resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-7.1.1.tgz#1aba6693b0f255258a049d621329329322aad558"
   integrity sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==
 
+node-domexception@1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/node-domexception/-/node-domexception-1.0.0.tgz#6888db46a1f71c0b76b3f7555016b63fe64766e5"
+  integrity sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==
+
 node-emoji@^2.1.0:
   version "2.1.3"
   resolved "https://registry.yarnpkg.com/node-emoji/-/node-emoji-2.1.3.tgz#93cfabb5cc7c3653aa52f29d6ffb7927d8047c06"
@@ -10231,7 +11148,7 @@ node-fetch@2.6.7:
   dependencies:
     whatwg-url "^5.0.0"
 
-node-fetch@^2.6.1:
+node-fetch@^2.6.1, node-fetch@^2.6.7:
   version "2.7.0"
   resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.7.0.tgz#d0f0fa6e3e2dc1d27efcd8ad99d550bda94d187d"
   integrity sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==
@@ -10435,6 +11352,19 @@ open@^8.0.9, open@^8.4.0:
     is-docker "^2.1.1"
     is-wsl "^2.2.0"
 
+openai@4.78.1:
+  version "4.78.1"
+  resolved "https://registry.yarnpkg.com/openai/-/openai-4.78.1.tgz#44c3b195d239891be9c9c53722539ad8a1fcc5f2"
+  integrity sha512-drt0lHZBd2lMyORckOXFPQTmnGLWSLt8VK0W9BhOKWpMFBEoHMoz5gxMPmVq5icp+sOrsbMnsmZTVHUlKvD1Ow==
+  dependencies:
+    "@types/node" "^18.11.18"
+    "@types/node-fetch" "^2.6.4"
+    abort-controller "^3.0.0"
+    agentkeepalive "^4.2.1"
+    form-data-encoder "1.7.2"
+    formdata-node "^4.3.2"
+    node-fetch "^2.6.7"
+
 openapi-to-postmanv2@^4.21.0:
   version "4.21.0"
   resolved "https://registry.yarnpkg.com/openapi-to-postmanv2/-/openapi-to-postmanv2-4.21.0.tgz#4bc5b19ccbd1514c2b3466268a7f5dd64b61f535"
@@ -10690,7 +11620,7 @@ path-type@^4.0.0:
   resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b"
   integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==
 
-path@0.12.7:
+path@0.12.7, path@^0.12.7:
   version "0.12.7"
   resolved "https://registry.yarnpkg.com/path/-/path-0.12.7.tgz#d4dc2a506c4ce2197eb481ebfcd5b36c0140b10f"
   integrity sha512-aXXC6s+1w7otVF9UletFkFcDsJeO7lSZBPUQhtb5O0xJe8LtYhj/GxldoL09bBj9+ZmE2hNoHqQSFMN5fikh4Q==
@@ -11471,6 +12401,14 @@ pretty-time@^1.1.0:
   resolved "https://registry.yarnpkg.com/pretty-time/-/pretty-time-1.1.0.tgz#ffb7429afabb8535c346a34e41873adf3d74dd0e"
   integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==
 
+prism-react-renderer@2.4.1:
+  version "2.4.1"
+  resolved "https://registry.yarnpkg.com/prism-react-renderer/-/prism-react-renderer-2.4.1.tgz#ac63b7f78e56c8f2b5e76e823a976d5ede77e35f"
+  integrity sha512-ey8Ls/+Di31eqzUxC46h8MksNuGx/n0AAC8uKpwFau4RPDYLuE3EXTp8N8G2vX2N7UC/+IXeNUnlWBGGcAG+Ig==
+  dependencies:
+    "@types/prismjs" "^1.26.0"
+    clsx "^2.0.0"
+
 prism-react-renderer@^2.0.6, prism-react-renderer@^2.3.0:
   version "2.3.1"
   resolved "https://registry.yarnpkg.com/prism-react-renderer/-/prism-react-renderer-2.3.1.tgz#e59e5450052ede17488f6bc85de1553f584ff8d5"
@@ -11534,6 +12472,11 @@ proxy-addr@~2.0.7:
     forwarded "0.2.0"
     ipaddr.js "1.9.1"
 
+proxy-compare@3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/proxy-compare/-/proxy-compare-3.0.1.tgz#3262cff3a25a6dedeaa299f6cf2369d6f7588a94"
+  integrity sha512-V9plBAt3qjMlS1+nC8771KNf6oJ12gExvaxnNzN/9yVRLdTv/lc+oJlnSzrdYDAvBfTStPCoiaCOTmTs0adv7Q==
+
 proxy-from-env@1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2"
@@ -11680,6 +12623,13 @@ react-dom@^18.2.0:
     loose-envify "^1.1.0"
     scheduler "^0.23.2"
 
+react-error-boundary@^6.0.0:
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/react-error-boundary/-/react-error-boundary-6.0.0.tgz#a9e552146958fa77d873b587aa6a5e97544ee954"
+  integrity sha512-gdlJjD7NWr0IfkPlaREN2d9uUZUlksrfOx7SX62VRerwXbMY6ftGCIZua1VG1aXFNOimhISsTq+Owp725b9SiA==
+  dependencies:
+    "@babel/runtime" "^7.12.5"
+
 react-fast-compare@^3.0.1, react-fast-compare@^3.2.0:
   version "3.2.2"
   resolved "https://registry.yarnpkg.com/react-fast-compare/-/react-fast-compare-3.2.2.tgz#929a97a532304ce9fee4bcae44234f1ce2c21d49"
@@ -11701,6 +12651,11 @@ react-helmet-async@^1.3.0, "react-helmet-async@npm:@slorber/react-helmet-async@1
     react-fast-compare "^3.2.0"
     shallowequal "^1.1.0"
 
+react-hook-form@7.54.2:
+  version "7.54.2"
+  resolved "https://registry.yarnpkg.com/react-hook-form/-/react-hook-form-7.54.2.tgz#8c26ed54c71628dff57ccd3c074b1dd377cfb211"
+  integrity sha512-eHpAUgUjWbZocoQYUHposymRb4ZP6d0uwUnooL2uOybA9/3tPUvoAKqEWK1WaSiTxxOfTpffNZP7QwlnM3/gEg==
+
 react-hook-form@^7.43.8:
   version "7.52.0"
   resolved "https://registry.yarnpkg.com/react-hook-form/-/react-hook-form-7.52.0.tgz#e52b33043e283719586b9dd80f6d51b68dd3999c"
@@ -11759,6 +12714,22 @@ react-magic-dropzone@^1.0.1:
   resolved "https://registry.yarnpkg.com/react-magic-dropzone/-/react-magic-dropzone-1.0.1.tgz#bfd25b77b57e7a04aaef0a28910563b707ee54df"
   integrity sha512-0BIROPARmXHpk4AS3eWBOsewxoM5ndk2psYP/JmbCq8tz3uR2LIV1XiroZ9PKrmDRMctpW+TvsBCtWasuS8vFA==
 
+react-markdown@9.0.3:
+  version "9.0.3"
+  resolved "https://registry.yarnpkg.com/react-markdown/-/react-markdown-9.0.3.tgz#c12bf60dad05e9bf650b86bcc612d80636e8456e"
+  integrity sha512-Yk7Z94dbgYTOrdk41Z74GoKA7rThnsbbqBTRYuxoe08qvfQ9tJVhmAKw6BJS/ZORG7kTy/s1QvYzSuaoBA1qfw==
+  dependencies:
+    "@types/hast" "^3.0.0"
+    devlop "^1.0.0"
+    hast-util-to-jsx-runtime "^2.0.0"
+    html-url-attributes "^3.0.0"
+    mdast-util-to-hast "^13.0.0"
+    remark-parse "^11.0.0"
+    remark-rehype "^11.0.0"
+    unified "^11.0.0"
+    unist-util-visit "^5.0.0"
+    vfile "^6.0.0"
+
 react-markdown@^8.0.1:
   version "8.0.7"
   resolved "https://registry.yarnpkg.com/react-markdown/-/react-markdown-8.0.7.tgz#c8dbd1b9ba5f1c5e7e5f2a44de465a3caafdf89b"
@@ -11813,6 +12784,36 @@ react-redux@^7.2.0:
     prop-types "^15.7.2"
     react-is "^17.0.2"
 
+react-remove-scroll-bar@^2.3.7:
+  version "2.3.8"
+  resolved "https://registry.yarnpkg.com/react-remove-scroll-bar/-/react-remove-scroll-bar-2.3.8.tgz#99c20f908ee467b385b68a3469b4a3e750012223"
+  integrity sha512-9r+yi9+mgU33AKcj6IbT9oRCO78WriSj6t/cF8DWBZJ9aOGPOTEDvdUDz1FwKim7QXWwmHqtdHnRJfhAxEG46Q==
+  dependencies:
+    react-style-singleton "^2.2.2"
+    tslib "^2.0.0"
+
+react-remove-scroll@^2.6.3:
+  version "2.6.3"
+  resolved "https://registry.yarnpkg.com/react-remove-scroll/-/react-remove-scroll-2.6.3.tgz#df02cde56d5f2731e058531f8ffd7f9adec91ac2"
+  integrity sha512-pnAi91oOk8g8ABQKGF5/M9qxmmOPxaAnopyTHYfqYEwJhyFrbbBtHuSgtKEoH0jpcxx5o3hXqH1mNd9/Oi+8iQ==
+  dependencies:
+    react-remove-scroll-bar "^2.3.7"
+    react-style-singleton "^2.2.3"
+    tslib "^2.1.0"
+    use-callback-ref "^1.3.3"
+    use-sidecar "^1.1.3"
+
+react-remove-scroll@^2.7.1:
+  version "2.7.1"
+  resolved "https://registry.yarnpkg.com/react-remove-scroll/-/react-remove-scroll-2.7.1.tgz#d2101d414f6d81d7d3bf033f3c1cb4785789f753"
+  integrity sha512-HpMh8+oahmIdOuS5aFKKY6Pyog+FNaZV/XyJOq7b4YFwsFHe5yYfdbIalI4k3vU2nSDql7YskmUseHsRrJqIPA==
+  dependencies:
+    react-remove-scroll-bar "^2.3.7"
+    react-style-singleton "^2.2.3"
+    tslib "^2.1.0"
+    use-callback-ref "^1.3.3"
+    use-sidecar "^1.1.3"
+
 react-router-config@^5.1.1:
   version "5.1.1"
   resolved "https://registry.yarnpkg.com/react-router-config/-/react-router-config-5.1.1.tgz#0f4263d1a80c6b2dc7b9c1902c9526478194a988"
@@ -11848,6 +12849,33 @@ react-router@5.3.4, react-router@^5.3.4:
     tiny-invariant "^1.0.2"
     tiny-warning "^1.0.0"
 
+react-style-singleton@^2.2.2, react-style-singleton@^2.2.3:
+  version "2.2.3"
+  resolved "https://registry.yarnpkg.com/react-style-singleton/-/react-style-singleton-2.2.3.tgz#4265608be69a4d70cfe3047f2c6c88b2c3ace388"
+  integrity sha512-b6jSvxvVnyptAiLjbkWLE/lOnR4lfTtDAl+eUC7RZy+QQWc6wRzIV2CE6xBuMmDxc2qIihtDCZD5NPOFl7fRBQ==
+  dependencies:
+    get-nonce "^1.0.0"
+    tslib "^2.0.0"
+
+react-svg@16.3.0:
+  version "16.3.0"
+  resolved "https://registry.yarnpkg.com/react-svg/-/react-svg-16.3.0.tgz#de7a4bb6ee2d465c1ff7125ec27414ac27e907d7"
+  integrity sha512-MvoQbITgkmpPJYwDTNdiUyoncJFfoa0D86WzoZuMQ9c/ORJURPR6rPMnXDsLOWDCAyXuV9nKZhQhGyP0HZ0MVQ==
+  dependencies:
+    "@babel/runtime" "^7.26.0"
+    "@tanem/svg-injector" "^10.1.68"
+    "@types/prop-types" "^15.7.14"
+    prop-types "^15.8.1"
+
+react-textarea-autosize@8.5.7:
+  version "8.5.7"
+  resolved "https://registry.yarnpkg.com/react-textarea-autosize/-/react-textarea-autosize-8.5.7.tgz#b2bf1913383a05ffef7fbc89c2ea21ba8133b023"
+  integrity sha512-2MqJ3p0Jh69yt9ktFIaZmORHXw4c4bxSIhCeWiFwmJ9EYKgLmuNII3e9c9b2UO+ijl4StnpZdqpxNIhTdHvqtQ==
+  dependencies:
+    "@babel/runtime" "^7.20.13"
+    use-composed-ref "^1.3.0"
+    use-latest "^1.2.1"
+
 react@^18.2.0:
   version "18.3.1"
   resolved "https://registry.yarnpkg.com/react/-/react-18.3.1.tgz#49ab892009c53933625bd16b2533fc754cab2891"
@@ -12008,6 +13036,15 @@ regjsparser@^0.9.1:
   dependencies:
     jsesc "~0.5.0"
 
+rehype-raw@7.0.0, rehype-raw@^7.0.0:
+  version "7.0.0"
+  resolved "https://registry.yarnpkg.com/rehype-raw/-/rehype-raw-7.0.0.tgz#59d7348fd5dbef3807bbaa1d443efd2dd85ecee4"
+  integrity sha512-/aE8hCfKlQeA8LmyeyQvQF3eBiLRGNlfBJEvWH7ivp9sBqs7TNqBL5X3v157rM4IFETqDnIOO+z5M/biZbo9Ww==
+  dependencies:
+    "@types/hast" "^3.0.0"
+    hast-util-raw "^9.0.0"
+    vfile "^6.0.0"
+
 rehype-raw@^6.1.1:
   version "6.1.1"
   resolved "https://registry.yarnpkg.com/rehype-raw/-/rehype-raw-6.1.1.tgz#81bbef3793bd7abacc6bf8335879d1b6c868c9d4"
@@ -12017,15 +13054,6 @@ rehype-raw@^6.1.1:
     hast-util-raw "^7.2.0"
     unified "^10.0.0"
 
-rehype-raw@^7.0.0:
-  version "7.0.0"
-  resolved "https://registry.yarnpkg.com/rehype-raw/-/rehype-raw-7.0.0.tgz#59d7348fd5dbef3807bbaa1d443efd2dd85ecee4"
-  integrity sha512-/aE8hCfKlQeA8LmyeyQvQF3eBiLRGNlfBJEvWH7ivp9sBqs7TNqBL5X3v157rM4IFETqDnIOO+z5M/biZbo9Ww==
-  dependencies:
-    "@types/hast" "^3.0.0"
-    hast-util-raw "^9.0.0"
-    vfile "^6.0.0"
-
 relateurl@^0.2.7:
   version "0.2.7"
   resolved "https://registry.yarnpkg.com/relateurl/-/relateurl-0.2.7.tgz#54dbf377e51440aca90a4cd274600d3ff2d888a9"
@@ -12084,6 +13112,18 @@ remark-gfm@^4.0.0:
     remark-stringify "^11.0.0"
     unified "^11.0.0"
 
+remark-gfm@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/remark-gfm/-/remark-gfm-4.0.1.tgz#33227b2a74397670d357bf05c098eaf8513f0d6b"
+  integrity sha512-1quofZ2RQ9EWdeN34S79+KExV1764+wCUGop5CPL1WGdD0ocPpu91lzPGbwWMECpEpd42kJGQwzRfyov9j4yNg==
+  dependencies:
+    "@types/mdast" "^4.0.0"
+    mdast-util-gfm "^3.0.0"
+    micromark-extension-gfm "^3.0.0"
+    remark-parse "^11.0.0"
+    remark-stringify "^11.0.0"
+    unified "^11.0.0"
+
 remark-mdx@^3.0.0:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/remark-mdx/-/remark-mdx-3.0.1.tgz#8f73dd635c1874e44426e243f72c0977cf60e212"
@@ -12304,9 +13344,9 @@ sass-loader@^16.0.2:
     neo-async "^2.6.2"
 
 sass@^1.80.4:
-  version "1.89.0"
-  resolved "https://registry.yarnpkg.com/sass/-/sass-1.89.0.tgz#6df72360c5c3ec2a9833c49adafe57b28206752d"
-  integrity sha512-ld+kQU8YTdGNjOLfRWBzewJpU5cwEv/h5yyqlSeJcj6Yh8U4TDA9UA5FPicqDz/xgRPWRSYIQNiFks21TbA9KQ==
+  version "1.89.2"
+  resolved "https://registry.yarnpkg.com/sass/-/sass-1.89.2.tgz#a771716aeae774e2b529f72c0ff2dfd46c9de10e"
+  integrity sha512-xCmtksBKd/jdJ9Bt9p7nPKiuqrlBMBuuGkQlkhZjjQk3Ty48lv93k5Dq6OPkKt4XwxDJ7tvlfrTa1MPA9bf+QA==
   dependencies:
     chokidar "^4.0.0"
     immutable "^5.0.2"
@@ -12994,6 +14034,11 @@ swc-loader@^0.2.6:
   dependencies:
     "@swc/counter" "^0.1.3"
 
+tailwind-merge@2.6.0:
+  version "2.6.0"
+  resolved "https://registry.yarnpkg.com/tailwind-merge/-/tailwind-merge-2.6.0.tgz#ac5fb7e227910c038d458f396b7400d93a3142d5"
+  integrity sha512-P+Vu1qXfzediirmHOC3xKGAYeZtPcV9g76X+xg2FD4tYgR71ewMA35Y3sCz3zhiN/dwefRpJX0yBcgwi1fXNQA==
+
 tailwindcss@^3.2.4:
   version "3.4.4"
   resolved "https://registry.yarnpkg.com/tailwindcss/-/tailwindcss-3.4.4.tgz#351d932273e6abfa75ce7d226b5bf3a6cb257c05"
@@ -13081,9 +14126,9 @@ terser@^5.10.0, terser@^5.15.1, terser@^5.26.0:
     source-map-support "~0.5.20"
 
 terser@^5.31.1:
-  version "5.40.0"
-  resolved "https://registry.yarnpkg.com/terser/-/terser-5.40.0.tgz#839a80db42bfee8340085f44ea99b5cba36c55c8"
-  integrity sha512-cfeKl/jjwSR5ar7d0FGmave9hFGJT8obyo0z+CrQOylLDbk7X81nPU6vq9VORa5jU30SkDnT2FXjLbR8HLP+xA==
+  version "5.43.1"
+  resolved "https://registry.yarnpkg.com/terser/-/terser-5.43.1.tgz#88387f4f9794ff1a29e7ad61fb2932e25b4fdb6d"
+  integrity sha512-+6erLbBm0+LROX2sPXlUYx/ux5PyE9K/a92Wrt6oA+WDAoFTdpHE5tCYCI5PNzq2y8df4rA+QgHLJuR4jNymsg==
   dependencies:
     "@jridgewell/source-map" "^0.3.3"
     acorn "^8.14.0"
@@ -13130,9 +14175,9 @@ tinyexec@^1.0.1:
   integrity sha512-5uC6DDlmeqiOwCPmK9jMSdOuZTh8bU39Ys6yidB+UTt5hfZUPGAypSgFRiEp+jbi9qH40BLDvy85jIU88wKSqw==
 
 tinypool@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/tinypool/-/tinypool-1.0.2.tgz#706193cc532f4c100f66aa00b01c42173d9051b2"
-  integrity sha512-al6n+QEANGFOMf/dmUMsuS5/r9B06uwlyNjZZql/zv8J7ybHCgoihBNORZCY2mzUuAnomQa2JdhyHKzZxPCrFA==
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/tinypool/-/tinypool-1.1.1.tgz#059f2d042bd37567fbc017d3d426bdd2a2612591"
+  integrity sha512-Zba82s87IFq9A9XmjiX5uZA/ARWDrB03OHlq+Vw1fSdt0I+4/Kutwy8BP4Y/y/aORMo61FQ0vIb5j44vSo5Pkg==
 
 to-fast-properties@^2.0.0:
   version "2.0.0"
@@ -13191,7 +14236,12 @@ ts-interface-checker@^0.1.9:
   resolved "https://registry.yarnpkg.com/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz#784fd3d679722bc103b1b4b8030bcddb5db2a699"
   integrity sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==
 
-tslib@^2.0.3, tslib@^2.6.0:
+tslib@^2.0.0, tslib@^2.6.2:
+  version "2.8.1"
+  resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.8.1.tgz#612efe4ed235d567e8aba5f2a5fab70280ade83f"
+  integrity sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==
+
+tslib@^2.0.3, tslib@^2.1.0, tslib@^2.6.0:
   version "2.6.3"
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.6.3.tgz#0438f810ad7a9edcde7a241c3d80db693c8cbfe0"
   integrity sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==
@@ -13486,11 +14536,48 @@ url@^0.11.1:
     punycode "^1.4.1"
     qs "^6.12.3"
 
+use-callback-ref@^1.3.3:
+  version "1.3.3"
+  resolved "https://registry.yarnpkg.com/use-callback-ref/-/use-callback-ref-1.3.3.tgz#98d9fab067075841c5b2c6852090d5d0feabe2bf"
+  integrity sha512-jQL3lRnocaFtu3V00JToYz/4QkNWswxijDaCVNZRiRTO3HQDLsdu1ZtmIUvV4yPp+rvWm5j0y0TG/S61cuijTg==
+  dependencies:
+    tslib "^2.0.0"
+
+use-composed-ref@^1.3.0:
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/use-composed-ref/-/use-composed-ref-1.4.0.tgz#09e023bf798d005286ad85cd20674bdf5770653b"
+  integrity sha512-djviaxuOOh7wkj0paeO1Q/4wMZ8Zrnag5H6yBvzN7AKKe8beOaED9SF5/ByLqsku8NP4zQqsvM2u3ew/tJK8/w==
+
 use-editable@^2.3.3:
   version "2.3.3"
   resolved "https://registry.yarnpkg.com/use-editable/-/use-editable-2.3.3.tgz#a292fe9ba4c291cd28d1cc2728c75a5fc8d9a33f"
   integrity sha512-7wVD2JbfAFJ3DK0vITvXBdpd9JAz5BcKAAolsnLBuBn6UDDwBGuCIAGvR3yA2BNKm578vAMVHFCWaOcA+BhhiA==
 
+use-isomorphic-layout-effect@^1.1.1:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/use-isomorphic-layout-effect/-/use-isomorphic-layout-effect-1.2.0.tgz#afb292eb284c39219e8cb8d3d62d71999361a21d"
+  integrity sha512-q6ayo8DWoPZT0VdG4u3D3uxcgONP3Mevx2i2b0434cwWBoL+aelL1DzkXI6w3PhTZzUeR2kaVlZn70iCiseP6w==
+
+use-latest@^1.2.1:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/use-latest/-/use-latest-1.3.0.tgz#549b9b0d4c1761862072f0899c6f096eb379137a"
+  integrity sha512-mhg3xdm9NaM8q+gLT8KryJPnRFOz1/5XPBhmDEVZK1webPzDjrPk7f/mbpeLqTgB9msytYWANxgALOCJKnLvcQ==
+  dependencies:
+    use-isomorphic-layout-effect "^1.1.1"
+
+use-sidecar@^1.1.3:
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/use-sidecar/-/use-sidecar-1.1.3.tgz#10e7fd897d130b896e2c546c63a5e8233d00efdb"
+  integrity sha512-Fedw0aZvkhynoPYlA5WXrMCAMm+nSWdZt6lzJQ7Ok8S6Q+VsHmHpRWndVRJ8Be0ZbkfPc5LRYH+5XrzXcEeLRQ==
+  dependencies:
+    detect-node-es "^1.1.0"
+    tslib "^2.0.0"
+
+use-sync-external-store@^1.4.0:
+  version "1.5.0"
+  resolved "https://registry.yarnpkg.com/use-sync-external-store/-/use-sync-external-store-1.5.0.tgz#55122e2a3edd2a6c106174c27485e0fd59bcfca0"
+  integrity sha512-Rb46I4cGGVBmjamjphe8L/UnvJD+uPPtTkNvX5mZgqdbavhI4EbgIWJiIHXJ8bc/i9EQGPRh4DwEURJ552Do0A==
+
 util-deprecate@^1.0.1, util-deprecate@^1.0.2, util-deprecate@~1.0.1:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"
@@ -13699,6 +14786,11 @@ web-namespaces@^2.0.0:
   resolved "https://registry.yarnpkg.com/web-namespaces/-/web-namespaces-2.0.1.tgz#1010ff7c650eccb2592cebeeaf9a1b253fd40692"
   integrity sha512-bKr1DkiNa2krS7qxNtdrtHAmzuYGFQLiQ13TsorsdT6ULTkPLKuu5+GsFpDlg6JFjUTwX2DyhMPG2be8uPrqsQ==
 
+web-streams-polyfill@4.0.0-beta.3:
+  version "4.0.0-beta.3"
+  resolved "https://registry.yarnpkg.com/web-streams-polyfill/-/web-streams-polyfill-4.0.0-beta.3.tgz#2898486b74f5156095e473efe989dcf185047a38"
+  integrity sha512-QW95TCTaHmsYfHDybGMwO5IJIM93I/6vTRk+daHTWFPhwh+C8Cg7j7XyKrwrj8Ib6vYXe0ocYNrmzY4xAAN6ug==
+
 webidl-conversions@^3.0.0:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871"

From 4cd52f33ebb8d3fb8a2f7e14bc9d8aeafbbdd976 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Mon, 30 Jun 2025 08:48:04 +0300
Subject: [PATCH 109/123] chore(oidc): remove feature flag for introspection
 triggers (#10132)

# Which Problems Are Solved

Remove the feature flag that allowed triggers in introspection. This
option was a fallback in case introspection would not function properly
without triggers. The API documentation asked for anyone using this flag
to raise an issue. No such issue was received, hence we concluded it is
safe to remove it.

# How the Problems Are Solved

- Remove flags from the system and instance level feature APIs.
- Remove trigger functions that are no longer used
- Adjust tests that used the flag.

# Additional Changes

- none

# Additional Context

- Closes #10026
- Flag was introduced in #7356

---------

Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
---
 cmd/setup/config_test.go                      |  7 +-
 cmd/start/config_test.go                      |  7 +-
 .../components/features/features.component.ts |  1 -
 console/src/assets/i18n/bg.json               |  2 -
 console/src/assets/i18n/cs.json               |  2 -
 console/src/assets/i18n/de.json               |  2 -
 console/src/assets/i18n/en.json               |  2 -
 console/src/assets/i18n/es.json               |  2 -
 console/src/assets/i18n/fr.json               |  2 -
 console/src/assets/i18n/hu.json               |  2 -
 console/src/assets/i18n/id.json               |  2 -
 console/src/assets/i18n/it.json               |  2 -
 console/src/assets/i18n/ja.json               |  2 -
 console/src/assets/i18n/ko.json               |  2 -
 console/src/assets/i18n/mk.json               |  2 -
 console/src/assets/i18n/nl.json               |  2 -
 console/src/assets/i18n/pl.json               |  2 -
 console/src/assets/i18n/pt.json               |  2 -
 console/src/assets/i18n/ro.json               |  2 -
 console/src/assets/i18n/ru.json               |  2 -
 console/src/assets/i18n/sv.json               |  2 -
 console/src/assets/i18n/zh.json               |  2 -
 internal/api/grpc/feature/v2/converter.go     | 88 +++++++++----------
 .../api/grpc/feature/v2/converter_test.go     | 68 +++++---------
 .../v2/integration_test/feature_test.go       | 33 ++-----
 internal/api/grpc/feature/v2beta/converter.go | 52 +++++------
 .../api/grpc/feature/v2beta/converter_test.go | 60 +++++--------
 .../v2beta/integration_test/feature_test.go   | 22 +----
 internal/api/oidc/access_token.go             |  3 +-
 .../oidc/integration_test/userinfo_test.go    | 37 --------
 internal/api/oidc/introspect.go               |  6 --
 internal/api/oidc/userinfo.go                 |  6 --
 internal/command/instance_features.go         | 24 +++--
 internal/command/instance_features_model.go   |  5 --
 internal/command/instance_features_test.go    | 42 ++-------
 internal/command/system_features.go           | 20 ++---
 internal/command/system_features_model.go     |  5 --
 internal/command/system_features_test.go      | 44 ++--------
 internal/feature/feature.go                   | 50 +++++------
 internal/feature/feature_test.go              |  1 -
 internal/feature/key_enumer.go                | 14 ++-
 internal/query/instance_features.go           | 25 +++---
 internal/query/instance_features_model.go     |  4 -
 internal/query/instance_features_test.go      | 36 --------
 internal/query/introspection.go               |  6 --
 .../query/projection/instance_features.go     |  4 -
 internal/query/projection/system_features.go  |  4 -
 internal/query/system_features.go             | 19 ++--
 internal/query/system_features_model.go       |  3 -
 internal/query/system_features_test.go        | 32 -------
 internal/query/userinfo.go                    |  6 --
 .../feature/feature_v2/eventstore.go          |  2 -
 .../repository/feature/feature_v2/feature.go  | 46 +++++-----
 proto/zitadel/feature/v2/instance.proto       | 21 +----
 proto/zitadel/feature/v2/system.proto         | 22 +----
 proto/zitadel/feature/v2beta/instance.proto   | 21 +----
 proto/zitadel/feature/v2beta/system.proto     | 22 +----
 57 files changed, 247 insertions(+), 659 deletions(-)

diff --git a/cmd/setup/config_test.go b/cmd/setup/config_test.go
index b147ed54a7..6c087fe402 100644
--- a/cmd/setup/config_test.go
+++ b/cmd/setup/config_test.go
@@ -36,8 +36,6 @@ func TestMustNewConfig(t *testing.T) {
 DefaultInstance:
   Features:
     LoginDefaultOrg: true
-    LegacyIntrospection: true
-    TriggerIntrospectionProjections: true
     UserSchema: true
 Log:
   Level: info
@@ -47,9 +45,8 @@ Actions:
 `},
 		want: func(t *testing.T, config *Config) {
 			assert.Equal(t, config.DefaultInstance.Features, &command.InstanceFeatures{
-				LoginDefaultOrg:                 gu.Ptr(true),
-				TriggerIntrospectionProjections: gu.Ptr(true),
-				UserSchema:                      gu.Ptr(true),
+				LoginDefaultOrg: gu.Ptr(true),
+				UserSchema:      gu.Ptr(true),
 			})
 		},
 	}, {
diff --git a/cmd/start/config_test.go b/cmd/start/config_test.go
index 918fa51950..3c8328e557 100644
--- a/cmd/start/config_test.go
+++ b/cmd/start/config_test.go
@@ -73,8 +73,6 @@ Log:
 DefaultInstance:
   Features:
     LoginDefaultOrg: true
-    LegacyIntrospection: true
-    TriggerIntrospectionProjections: true
     UserSchema: true
 Log:
   Level: info
@@ -84,9 +82,8 @@ Actions:
 `},
 		want: func(t *testing.T, config *Config) {
 			assert.Equal(t, config.DefaultInstance.Features, &command.InstanceFeatures{
-				LoginDefaultOrg:                 gu.Ptr(true),
-				TriggerIntrospectionProjections: gu.Ptr(true),
-				UserSchema:                      gu.Ptr(true),
+				LoginDefaultOrg: gu.Ptr(true),
+				UserSchema:      gu.Ptr(true),
 			})
 		},
 	}, {
diff --git a/console/src/app/components/features/features.component.ts b/console/src/app/components/features/features.component.ts
index ace2788fcf..8e8c0f9106 100644
--- a/console/src/app/components/features/features.component.ts
+++ b/console/src/app/components/features/features.component.ts
@@ -35,7 +35,6 @@ const FEATURE_KEYS = [
   'loginDefaultOrg',
   'oidcSingleV1SessionTermination',
   'oidcTokenExchange',
-  'oidcTriggerIntrospectionProjections',
   'permissionCheckV2',
   'userSchema',
 ] as const;
diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json
index 50c0d66027..2d51fa2571 100644
--- a/console/src/assets/i18n/bg.json
+++ b/console/src/assets/i18n/bg.json
@@ -1625,8 +1625,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "Потребителският интерфейс за влизане ще използва настройките на организацията по подразбиране (а не на инстанцията), ако не е зададен контекст на организация.",
       "OIDCTOKENEXCHANGE": "Обмяна на токени OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Активиране на експерименталния тип на дарение urn:ietf:params:oauth:grant-type:token-exchange за краен пункт на токен OIDC. Обменът на токени може да се използва за заявка на токени с по-малък обхват или за имперсонализиране на други потребители. Вижте политиката за сигурност, за да разрешите имперсонализацията на инстанция.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Тригери за проекции на осмисляне на OIDC",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Активиране на тригери за проекции по време на заявка за осмисляне. Това може да действа като обходен механизъм, ако има забележими проблеми с консистентността в отговора на осмислянето, но може да окаже влияние върху производителността. Планираме да премахнем тригерите за заявки за осмисляне в бъдеще.",
       "USERSCHEMA": "Потребителска схема",
       "USERSCHEMA_DESCRIPTION": "Потребителските схеми позволяват управление на данните за схемите на потребителите. Ако е активиран флагът, ще можете да използвате новото API и неговите функции.",
       "ACTIONS": "Действия",
diff --git a/console/src/assets/i18n/cs.json b/console/src/assets/i18n/cs.json
index 5b4547ccb4..cfa342f548 100644
--- a/console/src/assets/i18n/cs.json
+++ b/console/src/assets/i18n/cs.json
@@ -1626,8 +1626,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "Přihlašovací rozhraní použije nastavení výchozí organizace (a ne z instance), pokud není nastaven žádný kontext organizace.",
       "OIDCTOKENEXCHANGE": "Výměna tokenů OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Povolit experimentální typ udělení urn:ietf:params:oauth:grant-type:token-exchange pro bod tokenového bodu OIDC. Výměna tokenů lze použít k žádosti o tokeny s menším rozsahem nebo k impersonaci jiných uživatelů. Podívejte se na bezpečnostní politiku, abyste umožnili impersonaci na instanci.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Spouštěče projekcí introspekce OIDC",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Povolit spouštěče projekcí během požadavku na introspekci. To může sloužit jako obcházení, pokud existují zjevné problémy s konzistencí v odpovědi na introspekci, ale může to mít vliv na výkon. Plánujeme odstranit spouštěče pro požadavky na introspekci v budoucnosti.",
       "USERSCHEMA": "Schéma uživatele",
       "USERSCHEMA_DESCRIPTION": "Schémata uživatelů umožňují spravovat datová schémata uživatelů. Pokud je příznak povolen, budete moci používat nové API a jeho funkce.",
       "ACTIONS": "Akce",
diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json
index 8fec6498ec..ad278c5863 100644
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@@ -1626,8 +1626,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "Die Anmelde-Benutzeroberfläche verwendet die Einstellungen der Standardorganisation (und nicht von der Instanz), wenn kein Organisationskontext festgelegt ist.",
       "OIDCTOKENEXCHANGE": "OIDC Token-Austausch",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Aktivieren Sie den experimentellen urn:ietf:params:oauth:grant-type:token-exchange-Grant-Typ für den OIDC-Token-Endpunkt. Der Token-Austausch kann verwendet werden, um Token mit einem geringeren Umfang anzufordern oder andere Benutzer zu impersonieren. Siehe die Sicherheitsrichtlinie, um die Impersonation auf einer Instanz zu erlauben.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC Trigger-Introspektionsprojektionen",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Aktivieren Sie Projektionstrigger während einer Introspektionsanfrage. Dies kann als Workaround fungieren, wenn bemerkbare Konsistenzprobleme in der Introspektionsantwort auftreten, kann sich jedoch auf die Leistung auswirken. Wir planen, Trigger für Introspektionsanfragen in Zukunft zu entfernen.",
       "USERSCHEMA": "Benutzerschema",
       "USERSCHEMA_DESCRIPTION": "Benutzerschemata ermöglichen das Verwalten von Datenschemata von Benutzern. Wenn die Flagge aktiviert ist, können Sie die neue API und ihre Funktionen verwenden.",
       "ACTIONS": "Aktionen",
diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json
index 95fd55bfef..6e584f9336 100644
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@@ -1629,8 +1629,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "The login UI will use the settings of the default org (and not from the instance) if no organization context is set",
       "OIDCTOKENEXCHANGE": "OIDC Token Exchange",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Enable the experimental urn:ietf:params:oauth:grant-type:token-exchange grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC Trigger introspection Projections",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future.",
       "USERSCHEMA": "User Schema",
       "USERSCHEMA_DESCRIPTION": "User Schemas allow to manage data schemas of user. If the flag is enabled, you'll be able to use the new API and its features.",
       "ACTIONS": "Actions",
diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json
index 359aa4a0b5..55007b3086 100644
--- a/console/src/assets/i18n/es.json
+++ b/console/src/assets/i18n/es.json
@@ -1627,8 +1627,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "La interfaz de inicio de sesión utilizará la configuración de la organización predeterminada (y no de la instancia) si no se establece ningún contexto de organización.",
       "OIDCTOKENEXCHANGE": "Intercambio de tokens OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Habilita el tipo de concesión experimental urn:ietf:params:oauth:grant-type:token-exchange para el punto de extremo de token OIDC. El intercambio de tokens se puede utilizar para solicitar tokens con un alcance menor o suplantar a otros usuarios. Consulta la política de seguridad para permitir la suplantación en una instancia.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Desencadenadores de proyecciones de introspección OIDC",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Habilita los desencadenadores de proyección durante una solicitud de introspección. Esto puede actuar como un mecanismo alternativo si hay problemas de coherencia perceptibles en la respuesta a la introspección, pero puede afectar al rendimiento. Estamos planeando eliminar los desencadenadores para las solicitudes de introspección en el futuro.",
       "USERSCHEMA": "Esquema de usuario",
       "USERSCHEMA_DESCRIPTION": "Los esquemas de usuario permiten gestionar los esquemas de datos de los usuarios. Si se activa la bandera, podrás utilizar la nueva API y sus funciones.",
       "ACTIONS": "Acciones",
diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json
index 0864a2f8c0..cda6a044ff 100644
--- a/console/src/assets/i18n/fr.json
+++ b/console/src/assets/i18n/fr.json
@@ -1626,8 +1626,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "L'interface de connexion utilisera les paramètres de l'organisation par défaut (et non de l'instance) si aucun contexte d'organisation n'est défini.",
       "OIDCTOKENEXCHANGE": "Échange de jetons OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Activez le type d'octroi expérimental urn:ietf:params:oauth:grant-type:token-exchange pour le point de terminaison de jeton OIDC. L'échange de jetons peut être utilisé pour demander des jetons avec une portée moindre ou pour usurper d'autres utilisateurs. Consultez la politique de sécurité pour autoriser l'usurpation sur une instance.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Déclencheurs de projections d'introspection OIDC",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Activez les déclencheurs de projection lors d'une demande d'introspection. Cela peut agir comme un contournement s'il existe des problèmes de cohérence perceptibles dans la réponse à l'introspection, mais cela peut avoir un impact sur les performances. Nous prévoyons de supprimer les déclencheurs pour les demandes d'introspection à l'avenir.",
       "USERSCHEMA": "Schéma utilisateur",
       "USERSCHEMA_DESCRIPTION": "Les schémas utilisateur permettent de gérer les schémas de données des utilisateurs. Si le drapeau est activé, vous pourrez utiliser la nouvelle API et ses fonctionnalités.",
       "ACTIONS": "Actions",
diff --git a/console/src/assets/i18n/hu.json b/console/src/assets/i18n/hu.json
index a87122dc52..133d183355 100644
--- a/console/src/assets/i18n/hu.json
+++ b/console/src/assets/i18n/hu.json
@@ -1624,8 +1624,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "A bejelentkezési felület az alapértelmezett org beállításait fogja használni (és nem az instance-tól), ha nincs megadva szervezeti kontextus",
       "OIDCTOKENEXCHANGE": "OIDC Token Exchange",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Engedélyezd a kísérleti urn:ietf:params:oauth:grant-type:token-exchange támogatását az OIDC token végpont számára. A token csere használható kisebb hatókörű tokenek kérésére vagy más felhasználók megszemélyesítésére. Tekintsd meg a biztonsági irányelvet az impersonáció engedélyezéséhez egy példányon.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC Introspekciós Projekciók Indítása",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Engedélyezd a projekciós indítókat az introspekciós kérés során. Ez lehet egy megoldás, ha észrevehető konzisztenciaproblémák vannak az introspekciós válaszban, de hatással lehet a teljesítményre. Tervezzük, hogy a jövőben eltávolítjuk a triggereket az introspekciós kérésből.",
       "USERSCHEMA": "Felhasználói Séma",
       "USERSCHEMA_DESCRIPTION": "A Felhasználói Sémák lehetővé teszik a felhasználói adat sémák kezelését. Ha az opció engedélyezve van, használhatod az új API-t és annak funkcióit.",
       "ACTIONS": "Műveletek",
diff --git a/console/src/assets/i18n/id.json b/console/src/assets/i18n/id.json
index 3f245d03c5..e494beeeca 100644
--- a/console/src/assets/i18n/id.json
+++ b/console/src/assets/i18n/id.json
@@ -1500,8 +1500,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "UI login akan menggunakan pengaturan organisasi default (dan bukan dari instance) jika tidak ada konteks organisasi yang ditetapkan",
       "OIDCTOKENEXCHANGE": "Pertukaran Token OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Aktifkan jenis pemberian urn:ietf:params:oauth:grant-type:token-exchange eksperimental untuk titik akhir token OIDC. Pertukaran token dapat digunakan untuk meminta token dengan cakupan yang lebih kecil atau menyamar sebagai pengguna lain. Lihat kebijakan keamanan untuk mengizinkan peniruan identitas pada sebuah instans.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC Memicu Proyeksi Introspeksi",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Aktifkan pemicu proyeksi selama permintaan introspeksi. Hal ini dapat menjadi solusi jika terdapat masalah konsistensi yang nyata dalam respons introspeksi namun dapat berdampak pada kinerja. Kami berencana untuk menghilangkan pemicu permintaan introspeksi di masa depan.",
       "USERSCHEMA": "Skema Pengguna",
       "USERSCHEMA_DESCRIPTION": "Skema Pengguna memungkinkan untuk mengelola skema data pengguna. Jika tanda ini diaktifkan, Anda akan dapat menggunakan API baru dan fitur-fiturnya.",
       "ACTIONS": "Tindakan",
diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json
index e127281433..fa009cac77 100644
--- a/console/src/assets/i18n/it.json
+++ b/console/src/assets/i18n/it.json
@@ -1626,8 +1626,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "L'interfaccia di accesso utilizzerà le impostazioni dell'organizzazione predefinita (e non dell'istanza) se non è impostato alcun contesto organizzativo.",
       "OIDCTOKENEXCHANGE": "Scambio token OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Abilita il tipo di concessione sperimentale urn:ietf:params:oauth:grant-type:token-exchange per il punto finale del token OIDC. Lo scambio di token può essere utilizzato per richiedere token con uno scopo inferiore o impersonare altri utenti. Consultare la policy di sicurezza per consentire l'impersonificazione su un'istanza.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Proiezioni trigger OIDC per l'introspezione",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Abilita i trigger di proiezione durante una richiesta di introspezione. Questo può agire come soluzione alternativa se ci sono problemi di coerenza evidenti nella risposta all'introspezione, ma può influire sulle prestazioni. Stiamo pianificando di rimuovere i trigger per le richieste di introspezione in futuro.",
       "USERSCHEMA": "Schema utente",
       "USERSCHEMA_DESCRIPTION": "Gli schemi utente consentono di gestire gli schemi di dati degli utenti. Se la flag è attivata, sarà possibile utilizzare la nuova API e le sue funzionalità.",
       "ACTIONS": "Azioni",
diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json
index 250561e938..dc5dfd4a34 100644
--- a/console/src/assets/i18n/ja.json
+++ b/console/src/assets/i18n/ja.json
@@ -1626,8 +1626,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "組織コンテキストが設定されていない場合、ログイン UI は既定の組織の設定を使用します (インスタンスの設定ではなく)",
       "OIDCTOKENEXCHANGE": "OIDC トークン交換",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "OIDC トークン エンドポイント用に実験的な urn:ietf:params:oauth:grant-type:token-exchange 付与タイプを有効にします。トークン交換は、より少ないスコープを持つトークンを要求するか、他のユーザーになりすますために使用できます。インスタンスでのなりすましを許可するには、セキュリティポリシーを参照してください。",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC トリガーイントロスペクションプロジェクション",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "イントロスペクション要求中にプロジェクショントリガーを有効にします。これは、イントロスペクションレスポンスに顕著な整合性問題がある場合の回避策として機能しますが、パフォーマンスに影響を与える可能性があります。今後、イントロスペクション要求のトリガーを削除する予定です。",
       "USERSCHEMA": "ユーザー スキーマ",
       "USERSCHEMA_DESCRIPTION": "ユーザー スキーマを使用すると、ユーザーのデータスキーマを管理できます。フラグが有効になっている場合、新しい APIとその機能を使用できます。",
       "ACTIONS": "アクション",
diff --git a/console/src/assets/i18n/ko.json b/console/src/assets/i18n/ko.json
index 716375941d..eaf9968a66 100644
--- a/console/src/assets/i18n/ko.json
+++ b/console/src/assets/i18n/ko.json
@@ -1626,8 +1626,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "조직 컨텍스트가 설정되지 않은 경우 로그인 UI가 기본 조직의 설정을 사용합니다 (인스턴스에서 설정되지 않음).",
       "OIDCTOKENEXCHANGE": "OIDC 토큰 교환",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "OIDC 토큰 엔드포인트의 실험적 urn:ietf:params:oauth:grant-type:token-exchange 허용을 활성화합니다. 토큰 교환을 통해 범위가 좁은 토큰을 요청하거나 다른 사용자를 가장할 수 있습니다. 인스턴스에서 가장을 허용하는 보안 정책을 확인하세요.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC 트리거 내부 조사 프로젝션",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "내부 조사 요청 중 프로젝션 트리거를 활성화합니다. 이는 내부 조사 응답에서 일관성 문제가 있는 경우 임시 해결책으로 작동할 수 있으나 성능에 영향을 미칠 수 있습니다. 향후 내부 조사 요청에 대한 트리거 제거를 계획 중입니다.",
       "USERSCHEMA": "사용자 스키마",
       "USERSCHEMA_DESCRIPTION": "사용자 스키마를 통해 사용자의 데이터 스키마를 관리할 수 있습니다. 플래그가 활성화되면 새 API 및 기능을 사용할 수 있습니다.",
       "ACTIONS": "액션",
diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json
index 39836f5dfc..543456df24 100644
--- a/console/src/assets/i18n/mk.json
+++ b/console/src/assets/i18n/mk.json
@@ -1627,8 +1627,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "Интерфејсот за најавување ќе ги користи поставките на стандардната организација (а не од примерот) ако не е поставен контекст на организацијата",
       "OIDCTOKENEXCHANGE": "Размена на токени OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Овозможете го експерименталниот тип на грант urn:ietf:params:oauth:grant-type:token-exchange за крајната точка на токенот OIDC. Размената на токени може да се користи за барање токени со помал опсег или имитирање на други корисници. Погледнете ја безбедносната политика за да дозволите имитирање на пример.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Проекции за интроспекција на активирањето на OIDC",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Овозможете предизвикувачи за проекција за време на барање за интроспекција. Ова може да дејствува како заобиколување ако има забележителни проблеми со конзистентноста во одговорот на интроспекцијата, но може да има влијание врз перформансите. Планираме да ги отстраниме предизвикувачите за барањата за интроспекција во иднина.",
       "USERSCHEMA": "Корисничка шема",
       "USERSCHEMA_DESCRIPTION": "Корисничките шеми овозможуваат управување со податоци шеми на корисникот. Ако знамето е овозможено, ќе можете да го користите новиот API и неговите функции.",
       "ACTIONS": "Акции",
diff --git a/console/src/assets/i18n/nl.json b/console/src/assets/i18n/nl.json
index c49867aa3e..f8e81a1310 100644
--- a/console/src/assets/i18n/nl.json
+++ b/console/src/assets/i18n/nl.json
@@ -1626,8 +1626,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "Als er geen organisatiecontext is ingesteld, gebruikt de inlog-UI de instellingen van de standaardorganisatie (en niet van de instantie)",
       "OIDCTOKENEXCHANGE": "OIDC-tokenuitwisseling",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Schakel het experimentele type verlening urn:ietf:params:oauth:grant-type:token-exchange in voor het OIDC-tokenendpoint. Tokenuitwisseling kan worden gebruikt om tokens met een kleinere scope op te vragen of om zich voor te doen als andere gebruikers. Raadpleeg het beveiligingsbeleid om impersonation op een instantie toe te staan.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC-triggers voor introspectieprojecties",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Schakel projectietriggers in tijdens een introspectieverzoek. Dit kan dienen als een tijdelijke oplossing als er merkbare consistentieproblemen optreden in het introspectieantwoord, maar het kan wel prestaties beïnvloeden. We zijn van plan om triggers voor introspectieverzoeken in de toekomst te verwijderen.",
       "USERSCHEMA": "Gebruikerschema",
       "USERSCHEMA_DESCRIPTION": "Met gebruikerschema's kunt u de dataschema's van gebruikers beheren. Als de vlag is ingeschakeld, kunt u de nieuwe API en zijn functies gebruiken.",
       "ACTIONS": "Acties",
diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json
index abf2e1ba8a..def9e920b6 100644
--- a/console/src/assets/i18n/pl.json
+++ b/console/src/assets/i18n/pl.json
@@ -1625,8 +1625,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "Jeśli nie ustawiono kontekstu organizacji, interfejs logowania będzie używać ustawień domyślnej organizacji (a nie instancji)",
       "OIDCTOKENEXCHANGE": "Wymiana Tokenów OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Włącz eksperymentalny typ grantu urn:ietf:params:oauth:grant-type:token-exchange dla punktu końcowego tokena OIDC. Wymiana tokenów może być używana do żądania tokenów o mniejszym zakresie lub podszywania się za innych użytkowników. Aby zezwolić na podszywanie się na instancji, zapoznaj się z polityką bezpieczeństwa.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Projekcje Introspekcji Wyzwalane przez OIDC",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Włącz wyzwalacze projekcji podczas żądania introspekcji. Może to stanowić obejście, jeśli w odpowiedzi introspekcji występują zauważalne problemy z spójnością, ale może mieć wpływ na wydajność. Planujemy w przyszłości usunąć wyzwalacze dla żądań introspekcji.",
       "USERSCHEMA": "Schemat Użytkownika",
       "USERSCHEMA_DESCRIPTION": "Schematy użytkowników umożliwiają zarządzanie schematami danych użytkowników. Jeśli flaga jest włączona, będziesz mógł korzystać z nowego interfejsu API i jego funkcji.",
       "ACTIONS": "Akcje",
diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json
index 8b858bd44e..92363fff7b 100644
--- a/console/src/assets/i18n/pt.json
+++ b/console/src/assets/i18n/pt.json
@@ -1627,8 +1627,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "A interface de login utilizará as configurações da organização padrão (e não da instância) se nenhum contexto de organização estiver definido",
       "OIDCTOKENEXCHANGE": "Troca de Token OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Habilita o tipo de concessão experimental urn:ietf:params:oauth:grant-type:token-exchange para o endpoint de token OIDC. A troca de token pode ser usada para solicitar tokens com escopo menor ou personificar outros usuários. Consulte a política de segurança para permitir a personificação em uma instância.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Projeções de Introspecção com Gatilho OIDC",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Habilita gatilhos de projeção durante uma solicitação de introspecção. Isso pode funcionar como uma solução alternativa se houver problemas de consistência perceptíveis na resposta de introspecção, mas pode impactar o desempenho. Planejamos remover gatilhos para solicitações de introspecção no futuro.",
       "USERSCHEMA": "Esquema de Usuário",
       "USERSCHEMAS_DESCRIPTION": "Esquemas de Usuário permitem gerenciar esquemas de dados do usuário. Se o sinalizador estiver ativado, você poderá usar a nova API e seus recursos.",
       "ACTIONS": "Ações",
diff --git a/console/src/assets/i18n/ro.json b/console/src/assets/i18n/ro.json
index d2f51a81e0..a7bf9b4f23 100644
--- a/console/src/assets/i18n/ro.json
+++ b/console/src/assets/i18n/ro.json
@@ -1624,8 +1624,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "UI-ul de conectare va utiliza setările organizației implicite (și nu din instanță) dacă nu este setat niciun context de organizație",
       "OIDCTOKENEXCHANGE": "Schimb de token OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Activați tipul de grant experimental urn:ietf:params:oauth:grant-type:token-exchange pentru endpointul token OIDC. Schimbul de tokenuri poate fi utilizat pentru a solicita tokenuri cu o rază de acțiune mai mică sau pentru a impersona alți utilizatori. Consultați politica de securitate pentru a permite impersonarea pe o instanță.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Proiecții de introspecție OIDC Trigger",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Activați declanșatoarele de proiecție în timpul unei solicitări de introspecție. Acest lucru poate acționa ca o soluție dacă există probleme notabile de consistență în răspunsul de introspecție, dar poate avea un impact asupra performanței. Planificăm să eliminăm declanșatoarele pentru solicitările de introspecție în viitor.",
       "USERSCHEMA": "Schema de utilizator",
       "USERSCHEMA_DESCRIPTION": "Schemele de utilizator permit gestionarea schemelor de date ale utilizatorului. Dacă indicatorul este activat, veți putea utiliza noul API și caracteristicile sale.",
       "ACTIONS": "Acțiuni",
diff --git a/console/src/assets/i18n/ru.json b/console/src/assets/i18n/ru.json
index 3070b311e7..40f35bdcc8 100644
--- a/console/src/assets/i18n/ru.json
+++ b/console/src/assets/i18n/ru.json
@@ -1679,8 +1679,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "Если контекст организации не установлен, пользовательский интерфейс входа будет использовать настройки организации по умолчанию (а не экземпляра)",
       "OIDCTOKENEXCHANGE": "Обмен токенами OIDC",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Включите экспериментальный тип гранта urn:ietf:params:oauth:grant-type:token-exchange для конечной точки токена OIDC. Обмен токенами можно использовать для запроса токенов с меньшей областью действия или для impersonation (выдачи себя за) других пользователей. Информацию о разрешении impersonation на экземпляре см. в политике безопасности.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "Проекции интроспекции с триггером OIDC",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Включите триггеры проекций во время запроса интроспекции. Это может служить обходным путем, если в ответе интроспекции наблюдаются заметные проблемы согласованности, но может повлиять на производительность. В будущем мы планируем удалить триггеры для запросов интроспекции.",
       "USERSCHEMA": "Схема пользователя",
       "USERSCHEMA_DESCRIPTION": "Схемы пользователей позволяют управлять схемами данных пользователей. Если флаг включен, вы сможете использовать новый API и его функции.",
       "ACTIONS": "Действия",
diff --git a/console/src/assets/i18n/sv.json b/console/src/assets/i18n/sv.json
index 8f03501054..6dfe81f99c 100644
--- a/console/src/assets/i18n/sv.json
+++ b/console/src/assets/i18n/sv.json
@@ -1630,8 +1630,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "Inloggningsgränssnittet kommer att använda inställningarna för standardorganisationen (och inte från instansen) om ingen organisationskontext är inställd",
       "OIDCTOKENEXCHANGE": "OIDC Token Exchange",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "Aktivera den experimentella urn:ietf:params:oauth:grant-type:token-exchange grant-typen för OIDC-tokenändpunkten. Tokenutbyte kan användas för att begära tokens med en mindre omfattning eller impersonera andra användare. Se säkerhetspolicyn för att tillåta impersonation på en instans.",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC Trigger introspection Projections",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "Aktivera projektionstriggers under en introspektionsbegäran. Detta kan fungera som en lösning om det finns märkbara konsistensproblem i introspektionssvaret men kan påverka prestandan. Vi planerar att ta bort triggers för introspektionsbegäranden i framtiden.",
       "USERSCHEMA": "Användarschema",
       "USERSCHEMA_DESCRIPTION": "Användarscheman tillåter att hantera datascheman för användare. Om flaggan är aktiverad kommer du att kunna använda det nya API:et och dess funktioner.",
       "ACTIONS": "Åtgärder",
diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json
index 0431405979..c4b40d71ea 100644
--- a/console/src/assets/i18n/zh.json
+++ b/console/src/assets/i18n/zh.json
@@ -1626,8 +1626,6 @@
       "LOGINDEFAULTORG_DESCRIPTION": "如果没有设置组织上下文，登录界面将使用默认组织的设置（而不是实例的设置）",
       "OIDCTOKENEXCHANGE": "OIDC 令牌交换",
       "OIDCTOKENEXCHANGE_DESCRIPTION": "启用 OIDC 令牌端点的实验性 urn:ietf:params:oauth:grant-type:token-exchange 授权类型。令牌交换可用于请求具有较少范围的令牌或模拟其他用户。请参阅安全策略以允许在实例上模拟。",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS": "OIDC 触发内省投影",
-      "OIDCTRIGGERINTROSPECTIONPROJECTIONS_DESCRIPTION": "在内省请求期间启用投影触发器。如果内省响应中存在明显的一致性问题，这可以作为一个解决方法，但可能会影响性能。我们计划在未来删除内省请求的触发器。",
       "USERSCHEMA": "用户架构",
       "USERSCHEMA_DESCRIPTION": "用户架构允许管理用户的数据架构。如果启用此标志，您将可以使用新的 API 及其功能。",
       "ACTIONS": "操作",
diff --git a/internal/api/grpc/feature/v2/converter.go b/internal/api/grpc/feature/v2/converter.go
index 1f0a3b21e7..ab8ddc7d75 100644
--- a/internal/api/grpc/feature/v2/converter.go
+++ b/internal/api/grpc/feature/v2/converter.go
@@ -18,32 +18,30 @@ func systemFeaturesToCommand(req *feature_pb.SetSystemFeaturesRequest) (*command
 		return nil, err
 	}
 	return &command.SystemFeatures{
-		LoginDefaultOrg:                 req.LoginDefaultOrg,
-		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
-		UserSchema:                      req.UserSchema,
-		TokenExchange:                   req.OidcTokenExchange,
-		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
-		OIDCSingleV1SessionTermination:  req.OidcSingleV1SessionTermination,
-		DisableUserTokenEvent:           req.DisableUserTokenEvent,
-		EnableBackChannelLogout:         req.EnableBackChannelLogout,
-		LoginV2:                         loginV2,
-		PermissionCheckV2:               req.PermissionCheckV2,
+		LoginDefaultOrg:                req.LoginDefaultOrg,
+		UserSchema:                     req.UserSchema,
+		TokenExchange:                  req.OidcTokenExchange,
+		ImprovedPerformance:            improvedPerformanceListToDomain(req.ImprovedPerformance),
+		OIDCSingleV1SessionTermination: req.OidcSingleV1SessionTermination,
+		DisableUserTokenEvent:          req.DisableUserTokenEvent,
+		EnableBackChannelLogout:        req.EnableBackChannelLogout,
+		LoginV2:                        loginV2,
+		PermissionCheckV2:              req.PermissionCheckV2,
 	}, nil
 }
 
 func systemFeaturesToPb(f *query.SystemFeatures) *feature_pb.GetSystemFeaturesResponse {
 	return &feature_pb.GetSystemFeaturesResponse{
-		Details:                             object.DomainToDetailsPb(f.Details),
-		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
-		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
-		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
-		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
-		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
-		OidcSingleV1SessionTermination:      featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
-		DisableUserTokenEvent:               featureSourceToFlagPb(&f.DisableUserTokenEvent),
-		EnableBackChannelLogout:             featureSourceToFlagPb(&f.EnableBackChannelLogout),
-		LoginV2:                             loginV2ToLoginV2FlagPb(f.LoginV2),
-		PermissionCheckV2:                   featureSourceToFlagPb(&f.PermissionCheckV2),
+		Details:                        object.DomainToDetailsPb(f.Details),
+		LoginDefaultOrg:                featureSourceToFlagPb(&f.LoginDefaultOrg),
+		UserSchema:                     featureSourceToFlagPb(&f.UserSchema),
+		OidcTokenExchange:              featureSourceToFlagPb(&f.TokenExchange),
+		ImprovedPerformance:            featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
+		OidcSingleV1SessionTermination: featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
+		DisableUserTokenEvent:          featureSourceToFlagPb(&f.DisableUserTokenEvent),
+		EnableBackChannelLogout:        featureSourceToFlagPb(&f.EnableBackChannelLogout),
+		LoginV2:                        loginV2ToLoginV2FlagPb(f.LoginV2),
+		PermissionCheckV2:              featureSourceToFlagPb(&f.PermissionCheckV2),
 	}
 }
 
@@ -53,36 +51,34 @@ func instanceFeaturesToCommand(req *feature_pb.SetInstanceFeaturesRequest) (*com
 		return nil, err
 	}
 	return &command.InstanceFeatures{
-		LoginDefaultOrg:                 req.LoginDefaultOrg,
-		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
-		UserSchema:                      req.UserSchema,
-		TokenExchange:                   req.OidcTokenExchange,
-		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
-		DebugOIDCParentError:            req.DebugOidcParentError,
-		OIDCSingleV1SessionTermination:  req.OidcSingleV1SessionTermination,
-		DisableUserTokenEvent:           req.DisableUserTokenEvent,
-		EnableBackChannelLogout:         req.EnableBackChannelLogout,
-		LoginV2:                         loginV2,
-		PermissionCheckV2:               req.PermissionCheckV2,
-		ConsoleUseV2UserApi:             req.ConsoleUseV2UserApi,
+		LoginDefaultOrg:                req.LoginDefaultOrg,
+		UserSchema:                     req.UserSchema,
+		TokenExchange:                  req.OidcTokenExchange,
+		ImprovedPerformance:            improvedPerformanceListToDomain(req.ImprovedPerformance),
+		DebugOIDCParentError:           req.DebugOidcParentError,
+		OIDCSingleV1SessionTermination: req.OidcSingleV1SessionTermination,
+		DisableUserTokenEvent:          req.DisableUserTokenEvent,
+		EnableBackChannelLogout:        req.EnableBackChannelLogout,
+		LoginV2:                        loginV2,
+		PermissionCheckV2:              req.PermissionCheckV2,
+		ConsoleUseV2UserApi:            req.ConsoleUseV2UserApi,
 	}, nil
 }
 
 func instanceFeaturesToPb(f *query.InstanceFeatures) *feature_pb.GetInstanceFeaturesResponse {
 	return &feature_pb.GetInstanceFeaturesResponse{
-		Details:                             object.DomainToDetailsPb(f.Details),
-		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
-		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
-		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
-		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
-		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
-		DebugOidcParentError:                featureSourceToFlagPb(&f.DebugOIDCParentError),
-		OidcSingleV1SessionTermination:      featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
-		DisableUserTokenEvent:               featureSourceToFlagPb(&f.DisableUserTokenEvent),
-		EnableBackChannelLogout:             featureSourceToFlagPb(&f.EnableBackChannelLogout),
-		LoginV2:                             loginV2ToLoginV2FlagPb(f.LoginV2),
-		PermissionCheckV2:                   featureSourceToFlagPb(&f.PermissionCheckV2),
-		ConsoleUseV2UserApi:                 featureSourceToFlagPb(&f.ConsoleUseV2UserApi),
+		Details:                        object.DomainToDetailsPb(f.Details),
+		LoginDefaultOrg:                featureSourceToFlagPb(&f.LoginDefaultOrg),
+		UserSchema:                     featureSourceToFlagPb(&f.UserSchema),
+		OidcTokenExchange:              featureSourceToFlagPb(&f.TokenExchange),
+		ImprovedPerformance:            featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
+		DebugOidcParentError:           featureSourceToFlagPb(&f.DebugOIDCParentError),
+		OidcSingleV1SessionTermination: featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
+		DisableUserTokenEvent:          featureSourceToFlagPb(&f.DisableUserTokenEvent),
+		EnableBackChannelLogout:        featureSourceToFlagPb(&f.EnableBackChannelLogout),
+		LoginV2:                        loginV2ToLoginV2FlagPb(f.LoginV2),
+		PermissionCheckV2:              featureSourceToFlagPb(&f.PermissionCheckV2),
+		ConsoleUseV2UserApi:            featureSourceToFlagPb(&f.ConsoleUseV2UserApi),
 	}
 }
 
diff --git a/internal/api/grpc/feature/v2/converter_test.go b/internal/api/grpc/feature/v2/converter_test.go
index d09f1839ba..7b11fc0d17 100644
--- a/internal/api/grpc/feature/v2/converter_test.go
+++ b/internal/api/grpc/feature/v2/converter_test.go
@@ -19,24 +19,22 @@ import (
 
 func Test_systemFeaturesToCommand(t *testing.T) {
 	arg := &feature_pb.SetSystemFeaturesRequest{
-		LoginDefaultOrg:                     gu.Ptr(true),
-		OidcTriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                          gu.Ptr(true),
-		OidcTokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:                 nil,
-		OidcSingleV1SessionTermination:      gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		OidcTokenExchange:              gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		OidcSingleV1SessionTermination: gu.Ptr(true),
 		LoginV2: &feature_pb.LoginV2{
 			Required: true,
 			BaseUri:  gu.Ptr("https://login.com"),
 		},
 	}
 	want := &command.SystemFeatures{
-		LoginDefaultOrg:                 gu.Ptr(true),
-		TriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                      gu.Ptr(true),
-		TokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:             nil,
-		OIDCSingleV1SessionTermination:  gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		TokenExchange:                  gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		OIDCSingleV1SessionTermination: gu.Ptr(true),
 		LoginV2: &feature.LoginV2{
 			Required: true,
 			BaseURI:  &url.URL{Scheme: "https", Host: "login.com"},
@@ -58,10 +56,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: true,
 		},
-		TriggerIntrospectionProjections: query.FeatureSource[bool]{
-			Level: feature.LevelUnspecified,
-			Value: false,
-		},
 		UserSchema: query.FeatureSource[bool]{
 			Level: feature.LevelSystem,
 			Value: true,
@@ -104,10 +98,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
 		},
-		OidcTriggerIntrospectionProjections: &feature_pb.FeatureFlag{
-			Enabled: false,
-			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
-		},
 		UserSchema: &feature_pb.FeatureFlag{
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
@@ -148,14 +138,13 @@ func Test_systemFeaturesToPb(t *testing.T) {
 
 func Test_instanceFeaturesToCommand(t *testing.T) {
 	arg := &feature_pb.SetInstanceFeaturesRequest{
-		LoginDefaultOrg:                     gu.Ptr(true),
-		OidcTriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                          gu.Ptr(true),
-		OidcTokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:                 nil,
-		DebugOidcParentError:                gu.Ptr(true),
-		OidcSingleV1SessionTermination:      gu.Ptr(true),
-		EnableBackChannelLogout:             gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		OidcTokenExchange:              gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		DebugOidcParentError:           gu.Ptr(true),
+		OidcSingleV1SessionTermination: gu.Ptr(true),
+		EnableBackChannelLogout:        gu.Ptr(true),
 		LoginV2: &feature_pb.LoginV2{
 			Required: true,
 			BaseUri:  gu.Ptr("https://login.com"),
@@ -163,14 +152,13 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 		ConsoleUseV2UserApi: gu.Ptr(true),
 	}
 	want := &command.InstanceFeatures{
-		LoginDefaultOrg:                 gu.Ptr(true),
-		TriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                      gu.Ptr(true),
-		TokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:             nil,
-		DebugOIDCParentError:            gu.Ptr(true),
-		OIDCSingleV1SessionTermination:  gu.Ptr(true),
-		EnableBackChannelLogout:         gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		TokenExchange:                  gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		DebugOIDCParentError:           gu.Ptr(true),
+		OIDCSingleV1SessionTermination: gu.Ptr(true),
+		EnableBackChannelLogout:        gu.Ptr(true),
 		LoginV2: &feature.LoginV2{
 			Required: true,
 			BaseURI:  &url.URL{Scheme: "https", Host: "login.com"},
@@ -193,10 +181,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: true,
 		},
-		TriggerIntrospectionProjections: query.FeatureSource[bool]{
-			Level: feature.LevelUnspecified,
-			Value: false,
-		},
 		UserSchema: query.FeatureSource[bool]{
 			Level: feature.LevelInstance,
 			Value: true,
@@ -243,10 +227,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
 		},
-		OidcTriggerIntrospectionProjections: &feature_pb.FeatureFlag{
-			Enabled: false,
-			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
-		},
 		UserSchema: &feature_pb.FeatureFlag{
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_INSTANCE,
diff --git a/internal/api/grpc/feature/v2/integration_test/feature_test.go b/internal/api/grpc/feature/v2/integration_test/feature_test.go
index fe09242429..369f5b37b8 100644
--- a/internal/api/grpc/feature/v2/integration_test/feature_test.go
+++ b/internal/api/grpc/feature/v2/integration_test/feature_test.go
@@ -58,7 +58,7 @@ func TestServer_SetSystemFeatures(t *testing.T) {
 			args: args{
 				ctx: IamCTX,
 				req: &feature.SetSystemFeaturesRequest{
-					OidcTriggerIntrospectionProjections: gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
 				},
 			},
 			wantErr: true,
@@ -76,7 +76,7 @@ func TestServer_SetSystemFeatures(t *testing.T) {
 			args: args{
 				ctx: SystemCTX,
 				req: &feature.SetSystemFeaturesRequest{
-					OidcTriggerIntrospectionProjections: gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
 				},
 			},
 			want: &feature.SetSystemFeaturesResponse{
@@ -170,8 +170,8 @@ func TestServer_GetSystemFeatures(t *testing.T) {
 			name: "some features",
 			prepare: func(t *testing.T) {
 				_, err := Client.SetSystemFeatures(SystemCTX, &feature.SetSystemFeaturesRequest{
-					LoginDefaultOrg:                     gu.Ptr(true),
-					OidcTriggerIntrospectionProjections: gu.Ptr(false),
+					LoginDefaultOrg: gu.Ptr(true),
+					UserSchema:      gu.Ptr(false),
 				})
 				require.NoError(t, err)
 			},
@@ -184,7 +184,7 @@ func TestServer_GetSystemFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_SYSTEM,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
+				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_SYSTEM,
 				},
@@ -208,7 +208,6 @@ func TestServer_GetSystemFeatures(t *testing.T) {
 			}
 			require.NoError(t, err)
 			assertFeatureFlag(t, tt.want.LoginDefaultOrg, got.LoginDefaultOrg)
-			assertFeatureFlag(t, tt.want.OidcTriggerIntrospectionProjections, got.OidcTriggerIntrospectionProjections)
 			assertFeatureFlag(t, tt.want.UserSchema, got.UserSchema)
 		})
 	}
@@ -230,7 +229,7 @@ func TestServer_SetInstanceFeatures(t *testing.T) {
 			args: args{
 				ctx: OrgCTX,
 				req: &feature.SetInstanceFeaturesRequest{
-					OidcTriggerIntrospectionProjections: gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
 				},
 			},
 			wantErr: true,
@@ -248,7 +247,7 @@ func TestServer_SetInstanceFeatures(t *testing.T) {
 			args: args{
 				ctx: IamCTX,
 				req: &feature.SetInstanceFeaturesRequest{
-					OidcTriggerIntrospectionProjections: gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
 				},
 			},
 			want: &feature.SetInstanceFeaturesResponse{
@@ -360,10 +359,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_SYSTEM,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
@@ -374,9 +369,8 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 			name: "some features, no inheritance",
 			prepare: func(t *testing.T) {
 				_, err := Client.SetInstanceFeatures(IamCTX, &feature.SetInstanceFeaturesRequest{
-					LoginDefaultOrg:                     gu.Ptr(true),
-					OidcTriggerIntrospectionProjections: gu.Ptr(false),
-					UserSchema:                          gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
+					UserSchema:      gu.Ptr(true),
 				})
 				require.NoError(t, err)
 			},
@@ -389,10 +383,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_INSTANCE,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
@@ -418,10 +408,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
@@ -446,7 +432,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 			}
 			require.NoError(t, err)
 			assertFeatureFlag(t, tt.want.LoginDefaultOrg, got.LoginDefaultOrg)
-			assertFeatureFlag(t, tt.want.OidcTriggerIntrospectionProjections, got.OidcTriggerIntrospectionProjections)
 			assertFeatureFlag(t, tt.want.UserSchema, got.UserSchema)
 		})
 	}
diff --git a/internal/api/grpc/feature/v2beta/converter.go b/internal/api/grpc/feature/v2beta/converter.go
index 8927b16e29..dc791d4c51 100644
--- a/internal/api/grpc/feature/v2beta/converter.go
+++ b/internal/api/grpc/feature/v2beta/converter.go
@@ -10,49 +10,45 @@ import (
 
 func systemFeaturesToCommand(req *feature_pb.SetSystemFeaturesRequest) *command.SystemFeatures {
 	return &command.SystemFeatures{
-		LoginDefaultOrg:                 req.LoginDefaultOrg,
-		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
-		UserSchema:                      req.UserSchema,
-		TokenExchange:                   req.OidcTokenExchange,
-		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
-		OIDCSingleV1SessionTermination:  req.OidcSingleV1SessionTermination,
+		LoginDefaultOrg:                req.LoginDefaultOrg,
+		UserSchema:                     req.UserSchema,
+		TokenExchange:                  req.OidcTokenExchange,
+		ImprovedPerformance:            improvedPerformanceListToDomain(req.ImprovedPerformance),
+		OIDCSingleV1SessionTermination: req.OidcSingleV1SessionTermination,
 	}
 }
 
 func systemFeaturesToPb(f *query.SystemFeatures) *feature_pb.GetSystemFeaturesResponse {
 	return &feature_pb.GetSystemFeaturesResponse{
-		Details:                             object.DomainToDetailsPb(f.Details),
-		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
-		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
-		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
-		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
-		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
-		OidcSingleV1SessionTermination:      featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
+		Details:                        object.DomainToDetailsPb(f.Details),
+		LoginDefaultOrg:                featureSourceToFlagPb(&f.LoginDefaultOrg),
+		UserSchema:                     featureSourceToFlagPb(&f.UserSchema),
+		OidcTokenExchange:              featureSourceToFlagPb(&f.TokenExchange),
+		ImprovedPerformance:            featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
+		OidcSingleV1SessionTermination: featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
 	}
 }
 
 func instanceFeaturesToCommand(req *feature_pb.SetInstanceFeaturesRequest) *command.InstanceFeatures {
 	return &command.InstanceFeatures{
-		LoginDefaultOrg:                 req.LoginDefaultOrg,
-		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
-		UserSchema:                      req.UserSchema,
-		TokenExchange:                   req.OidcTokenExchange,
-		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
-		DebugOIDCParentError:            req.DebugOidcParentError,
-		OIDCSingleV1SessionTermination:  req.OidcSingleV1SessionTermination,
+		LoginDefaultOrg:                req.LoginDefaultOrg,
+		UserSchema:                     req.UserSchema,
+		TokenExchange:                  req.OidcTokenExchange,
+		ImprovedPerformance:            improvedPerformanceListToDomain(req.ImprovedPerformance),
+		DebugOIDCParentError:           req.DebugOidcParentError,
+		OIDCSingleV1SessionTermination: req.OidcSingleV1SessionTermination,
 	}
 }
 
 func instanceFeaturesToPb(f *query.InstanceFeatures) *feature_pb.GetInstanceFeaturesResponse {
 	return &feature_pb.GetInstanceFeaturesResponse{
-		Details:                             object.DomainToDetailsPb(f.Details),
-		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
-		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
-		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
-		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
-		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
-		DebugOidcParentError:                featureSourceToFlagPb(&f.DebugOIDCParentError),
-		OidcSingleV1SessionTermination:      featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
+		Details:                        object.DomainToDetailsPb(f.Details),
+		LoginDefaultOrg:                featureSourceToFlagPb(&f.LoginDefaultOrg),
+		UserSchema:                     featureSourceToFlagPb(&f.UserSchema),
+		OidcTokenExchange:              featureSourceToFlagPb(&f.TokenExchange),
+		ImprovedPerformance:            featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
+		DebugOidcParentError:           featureSourceToFlagPb(&f.DebugOIDCParentError),
+		OidcSingleV1SessionTermination: featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
 	}
 }
 
diff --git a/internal/api/grpc/feature/v2beta/converter_test.go b/internal/api/grpc/feature/v2beta/converter_test.go
index 5fdb5e993e..ec681011f0 100644
--- a/internal/api/grpc/feature/v2beta/converter_test.go
+++ b/internal/api/grpc/feature/v2beta/converter_test.go
@@ -18,20 +18,18 @@ import (
 
 func Test_systemFeaturesToCommand(t *testing.T) {
 	arg := &feature_pb.SetSystemFeaturesRequest{
-		LoginDefaultOrg:                     gu.Ptr(true),
-		OidcTriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                          gu.Ptr(true),
-		OidcTokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:                 nil,
-		OidcSingleV1SessionTermination:      gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		OidcTokenExchange:              gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		OidcSingleV1SessionTermination: gu.Ptr(true),
 	}
 	want := &command.SystemFeatures{
-		LoginDefaultOrg:                 gu.Ptr(true),
-		TriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                      gu.Ptr(true),
-		TokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:             nil,
-		OIDCSingleV1SessionTermination:  gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		TokenExchange:                  gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		OIDCSingleV1SessionTermination: gu.Ptr(true),
 	}
 	got := systemFeaturesToCommand(arg)
 	assert.Equal(t, want, got)
@@ -48,10 +46,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: true,
 		},
-		TriggerIntrospectionProjections: query.FeatureSource[bool]{
-			Level: feature.LevelUnspecified,
-			Value: false,
-		},
 		UserSchema: query.FeatureSource[bool]{
 			Level: feature.LevelSystem,
 			Value: true,
@@ -79,10 +73,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
 		},
-		OidcTriggerIntrospectionProjections: &feature_pb.FeatureFlag{
-			Enabled: false,
-			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
-		},
 		UserSchema: &feature_pb.FeatureFlag{
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
@@ -106,20 +96,18 @@ func Test_systemFeaturesToPb(t *testing.T) {
 
 func Test_instanceFeaturesToCommand(t *testing.T) {
 	arg := &feature_pb.SetInstanceFeaturesRequest{
-		LoginDefaultOrg:                     gu.Ptr(true),
-		OidcTriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                          gu.Ptr(true),
-		OidcTokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:                 nil,
-		OidcSingleV1SessionTermination:      gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		OidcTokenExchange:              gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		OidcSingleV1SessionTermination: gu.Ptr(true),
 	}
 	want := &command.InstanceFeatures{
-		LoginDefaultOrg:                 gu.Ptr(true),
-		TriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                      gu.Ptr(true),
-		TokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:             nil,
-		OIDCSingleV1SessionTermination:  gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		TokenExchange:                  gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		OIDCSingleV1SessionTermination: gu.Ptr(true),
 	}
 	got := instanceFeaturesToCommand(arg)
 	assert.Equal(t, want, got)
@@ -136,10 +124,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: true,
 		},
-		TriggerIntrospectionProjections: query.FeatureSource[bool]{
-			Level: feature.LevelUnspecified,
-			Value: false,
-		},
 		UserSchema: query.FeatureSource[bool]{
 			Level: feature.LevelInstance,
 			Value: true,
@@ -167,10 +151,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
 		},
-		OidcTriggerIntrospectionProjections: &feature_pb.FeatureFlag{
-			Enabled: false,
-			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
-		},
 		UserSchema: &feature_pb.FeatureFlag{
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_INSTANCE,
diff --git a/internal/api/grpc/feature/v2beta/integration_test/feature_test.go b/internal/api/grpc/feature/v2beta/integration_test/feature_test.go
index 549bc4ef0a..4e24bb2a4f 100644
--- a/internal/api/grpc/feature/v2beta/integration_test/feature_test.go
+++ b/internal/api/grpc/feature/v2beta/integration_test/feature_test.go
@@ -61,7 +61,7 @@ func TestServer_SetInstanceFeatures(t *testing.T) {
 			args: args{
 				ctx: OrgCTX,
 				req: &feature.SetInstanceFeaturesRequest{
-					OidcTriggerIntrospectionProjections: gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
 				},
 			},
 			wantErr: true,
@@ -79,7 +79,7 @@ func TestServer_SetInstanceFeatures(t *testing.T) {
 			args: args{
 				ctx: IamCTX,
 				req: &feature.SetInstanceFeaturesRequest{
-					OidcTriggerIntrospectionProjections: gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
 				},
 			},
 			want: &feature.SetInstanceFeaturesResponse{
@@ -190,10 +190,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
@@ -204,9 +200,8 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 			name: "some features, no inheritance",
 			prepare: func(t *testing.T) {
 				_, err := Client.SetInstanceFeatures(IamCTX, &feature.SetInstanceFeaturesRequest{
-					LoginDefaultOrg:                     gu.Ptr(true),
-					OidcTriggerIntrospectionProjections: gu.Ptr(false),
-					UserSchema:                          gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
+					UserSchema:      gu.Ptr(true),
 				})
 				require.NoError(t, err)
 			},
@@ -219,10 +214,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_INSTANCE,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
@@ -248,10 +239,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
@@ -276,7 +263,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 			}
 			require.NoError(t, err)
 			assertFeatureFlag(t, tt.want.LoginDefaultOrg, got.LoginDefaultOrg)
-			assertFeatureFlag(t, tt.want.OidcTriggerIntrospectionProjections, got.OidcTriggerIntrospectionProjections)
 			assertFeatureFlag(t, tt.want.UserSchema, got.UserSchema)
 		})
 	}
diff --git a/internal/api/oidc/access_token.go b/internal/api/oidc/access_token.go
index 5c0b9c9f66..08337bb5af 100644
--- a/internal/api/oidc/access_token.go
+++ b/internal/api/oidc/access_token.go
@@ -11,7 +11,6 @@ import (
 	"github.com/zitadel/oidc/v3/pkg/op"
 	"golang.org/x/text/language"
 
-	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
@@ -122,7 +121,7 @@ func (s *Server) assertClientScopesForPAT(ctx context.Context, token *accessToke
 	if err != nil {
 		return zerrors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal")
 	}
-	roles, err := s.query.SearchProjectRoles(ctx, authz.GetFeatures(ctx).TriggerIntrospectionProjections, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, nil)
+	roles, err := s.query.SearchProjectRoles(ctx, false, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, nil)
 	if err != nil {
 		return err
 	}
diff --git a/internal/api/oidc/integration_test/userinfo_test.go b/internal/api/oidc/integration_test/userinfo_test.go
index b3bc836343..2a31dd964b 100644
--- a/internal/api/oidc/integration_test/userinfo_test.go
+++ b/internal/api/oidc/integration_test/userinfo_test.go
@@ -18,48 +18,11 @@ import (
 	oidc_api "github.com/zitadel/zitadel/internal/api/oidc"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/integration"
-	"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
 	"github.com/zitadel/zitadel/pkg/grpc/management"
 	oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2"
 )
 
-// TestServer_UserInfo is a top-level test which re-executes the actual
-// userinfo integration test against a matrix of different feature flags.
-// This ensure that the response of the different implementations remains the same.
 func TestServer_UserInfo(t *testing.T) {
-	iamOwnerCTX := Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
-	t.Cleanup(func() {
-		_, err := Instance.Client.FeatureV2.ResetInstanceFeatures(iamOwnerCTX, &feature.ResetInstanceFeaturesRequest{})
-		require.NoError(t, err)
-	})
-	tests := []struct {
-		name    string
-		trigger bool
-	}{
-		{
-			name:    "trigger enabled",
-			trigger: true,
-		},
-		{
-			name:    "trigger disabled",
-			trigger: false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			_, err := Instance.Client.FeatureV2.SetInstanceFeatures(iamOwnerCTX, &feature.SetInstanceFeaturesRequest{
-				OidcTriggerIntrospectionProjections: &tt.trigger,
-			})
-			require.NoError(t, err)
-			testServer_UserInfo(t)
-		})
-	}
-}
-
-// testServer_UserInfo is the actual userinfo integration test,
-// which calls the userinfo endpoint with different client configurations, roles and token scopes.
-func testServer_UserInfo(t *testing.T) {
 	const (
 		roleFoo = "foo"
 		roleBar = "bar"
diff --git a/internal/api/oidc/introspect.go b/internal/api/oidc/introspect.go
index ee022eb3e9..e5479a4683 100644
--- a/internal/api/oidc/introspect.go
+++ b/internal/api/oidc/introspect.go
@@ -23,12 +23,6 @@ func (s *Server) Introspect(ctx context.Context, r *op.Request[op.IntrospectionR
 		err = oidcError(err)
 		span.EndWithError(err)
 	}()
-
-	features := authz.GetFeatures(ctx)
-	if features.TriggerIntrospectionProjections {
-		query.TriggerIntrospectionProjections(ctx)
-	}
-
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
 
diff --git a/internal/api/oidc/userinfo.go b/internal/api/oidc/userinfo.go
index 5266500e7a..170ff49c94 100644
--- a/internal/api/oidc/userinfo.go
+++ b/internal/api/oidc/userinfo.go
@@ -33,12 +33,6 @@ func (s *Server) UserInfo(ctx context.Context, r *op.Request[oidc.UserInfoReques
 		err = oidcError(err)
 		span.EndWithError(err)
 	}()
-
-	features := authz.GetFeatures(ctx)
-	if features.TriggerIntrospectionProjections {
-		query.TriggerOIDCUserInfoProjections(ctx)
-	}
-
 	token, err := s.verifyAccessToken(ctx, r.Data.AccessToken)
 	if err != nil {
 		return nil, op.NewStatusError(oidc.ErrAccessDenied().WithDescription("access token invalid").WithParent(err).WithReturnParentToClient(authz.GetFeatures(ctx).DebugOIDCParentError), http.StatusUnauthorized)
diff --git a/internal/command/instance_features.go b/internal/command/instance_features.go
index 21de5653a9..04f2621705 100644
--- a/internal/command/instance_features.go
+++ b/internal/command/instance_features.go
@@ -13,23 +13,21 @@ import (
 )
 
 type InstanceFeatures struct {
-	LoginDefaultOrg                 *bool
-	TriggerIntrospectionProjections *bool
-	UserSchema                      *bool
-	TokenExchange                   *bool
-	ImprovedPerformance             []feature.ImprovedPerformanceType
-	DebugOIDCParentError            *bool
-	OIDCSingleV1SessionTermination  *bool
-	DisableUserTokenEvent           *bool
-	EnableBackChannelLogout         *bool
-	LoginV2                         *feature.LoginV2
-	PermissionCheckV2               *bool
-	ConsoleUseV2UserApi             *bool
+	LoginDefaultOrg                *bool
+	UserSchema                     *bool
+	TokenExchange                  *bool
+	ImprovedPerformance            []feature.ImprovedPerformanceType
+	DebugOIDCParentError           *bool
+	OIDCSingleV1SessionTermination *bool
+	DisableUserTokenEvent          *bool
+	EnableBackChannelLogout        *bool
+	LoginV2                        *feature.LoginV2
+	PermissionCheckV2              *bool
+	ConsoleUseV2UserApi            *bool
 }
 
 func (m *InstanceFeatures) isEmpty() bool {
 	return m.LoginDefaultOrg == nil &&
-		m.TriggerIntrospectionProjections == nil &&
 		m.UserSchema == nil &&
 		m.TokenExchange == nil &&
 		// nil check to allow unset improvements
diff --git a/internal/command/instance_features_model.go b/internal/command/instance_features_model.go
index 8ca2865eae..8fe9dd0284 100644
--- a/internal/command/instance_features_model.go
+++ b/internal/command/instance_features_model.go
@@ -67,7 +67,6 @@ func (m *InstanceFeaturesWriteModel) Query() *eventstore.SearchQueryBuilder {
 			feature_v1.DefaultLoginInstanceEventType,
 			feature_v2.InstanceResetEventType,
 			feature_v2.InstanceLoginDefaultOrgEventType,
-			feature_v2.InstanceTriggerIntrospectionProjectionsEventType,
 			feature_v2.InstanceUserSchemaEventType,
 			feature_v2.InstanceTokenExchangeEventType,
 			feature_v2.InstanceImprovedPerformanceEventType,
@@ -93,9 +92,6 @@ func reduceInstanceFeature(features *InstanceFeatures, key feature.Key, value an
 	case feature.KeyLoginDefaultOrg:
 		v := value.(bool)
 		features.LoginDefaultOrg = &v
-	case feature.KeyTriggerIntrospectionProjections:
-		v := value.(bool)
-		features.TriggerIntrospectionProjections = &v
 	case feature.KeyTokenExchange:
 		v := value.(bool)
 		features.TokenExchange = &v
@@ -132,7 +128,6 @@ func (wm *InstanceFeaturesWriteModel) setCommands(ctx context.Context, f *Instan
 	aggregate := feature_v2.NewAggregate(wm.AggregateID, wm.ResourceOwner)
 	cmds := make([]eventstore.Command, 0, len(feature.KeyValues())-1)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.LoginDefaultOrg, f.LoginDefaultOrg, feature_v2.InstanceLoginDefaultOrgEventType)
-	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.TriggerIntrospectionProjections, f.TriggerIntrospectionProjections, feature_v2.InstanceTriggerIntrospectionProjectionsEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.TokenExchange, f.TokenExchange, feature_v2.InstanceTokenExchangeEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.UserSchema, f.UserSchema, feature_v2.InstanceUserSchemaEventType)
 	cmds = appendFeatureSliceUpdate(ctx, cmds, aggregate, wm.ImprovedPerformance, f.ImprovedPerformance, feature_v2.InstanceImprovedPerformanceEventType)
diff --git a/internal/command/instance_features_test.go b/internal/command/instance_features_test.go
index 8d0c7d5964..f0bea9752d 100644
--- a/internal/command/instance_features_test.go
+++ b/internal/command/instance_features_test.go
@@ -95,24 +95,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 				ResourceOwner: "instance1",
 			},
 		},
-		{
-			name: "set TriggerIntrospectionProjections",
-			eventstore: expectEventstore(
-				expectFilter(),
-				expectPush(
-					feature_v2.NewSetEvent[bool](
-						ctx, aggregate,
-						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, true,
-					),
-				),
-			),
-			args: args{ctx, &InstanceFeatures{
-				TriggerIntrospectionProjections: gu.Ptr(true),
-			}},
-			want: &domain.ObjectDetails{
-				ResourceOwner: "instance1",
-			},
-		},
 		{
 			name: "set UserSchema",
 			eventstore: expectEventstore(
@@ -156,10 +138,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceLoginDefaultOrgEventType, true,
 					),
-					feature_v2.NewSetEvent[bool](
-						ctx, aggregate,
-						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, false,
-					),
 					feature_v2.NewSetEvent[bool](
 						ctx, aggregate,
 						feature_v2.InstanceUserSchemaEventType, true,
@@ -171,10 +149,9 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 				),
 			),
 			args: args{ctx, &InstanceFeatures{
-				LoginDefaultOrg:                 gu.Ptr(true),
-				TriggerIntrospectionProjections: gu.Ptr(false),
-				UserSchema:                      gu.Ptr(true),
-				OIDCSingleV1SessionTermination:  gu.Ptr(true),
+				LoginDefaultOrg:                gu.Ptr(true),
+				UserSchema:                     gu.Ptr(true),
+				OIDCSingleV1SessionTermination: gu.Ptr(true),
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
@@ -189,10 +166,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceLoginDefaultOrgEventType, true,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent[bool](
-						ctx, aggregate,
-						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, false,
-					)),
 					eventFromEventPusher(feature_v2.NewResetEvent(
 						ctx, aggregate,
 						feature_v2.InstanceResetEventType,
@@ -211,16 +184,11 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceLoginDefaultOrgEventType, true,
 					),
-					feature_v2.NewSetEvent[bool](
-						ctx, aggregate,
-						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, false,
-					),
 				),
 			),
 			args: args{ctx, &InstanceFeatures{
-				LoginDefaultOrg:                 gu.Ptr(true),
-				TriggerIntrospectionProjections: gu.Ptr(false),
-				OIDCSingleV1SessionTermination:  gu.Ptr(false),
+				LoginDefaultOrg:                gu.Ptr(true),
+				OIDCSingleV1SessionTermination: gu.Ptr(false),
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
diff --git a/internal/command/system_features.go b/internal/command/system_features.go
index f20c9f3cda..c2d4f9f9e7 100644
--- a/internal/command/system_features.go
+++ b/internal/command/system_features.go
@@ -10,21 +10,19 @@ import (
 )
 
 type SystemFeatures struct {
-	LoginDefaultOrg                 *bool
-	TriggerIntrospectionProjections *bool
-	TokenExchange                   *bool
-	UserSchema                      *bool
-	ImprovedPerformance             []feature.ImprovedPerformanceType
-	OIDCSingleV1SessionTermination  *bool
-	DisableUserTokenEvent           *bool
-	EnableBackChannelLogout         *bool
-	LoginV2                         *feature.LoginV2
-	PermissionCheckV2               *bool
+	LoginDefaultOrg                *bool
+	TokenExchange                  *bool
+	UserSchema                     *bool
+	ImprovedPerformance            []feature.ImprovedPerformanceType
+	OIDCSingleV1SessionTermination *bool
+	DisableUserTokenEvent          *bool
+	EnableBackChannelLogout        *bool
+	LoginV2                        *feature.LoginV2
+	PermissionCheckV2              *bool
 }
 
 func (m *SystemFeatures) isEmpty() bool {
 	return m.LoginDefaultOrg == nil &&
-		m.TriggerIntrospectionProjections == nil &&
 		m.UserSchema == nil &&
 		m.TokenExchange == nil &&
 		// nil check to allow unset improvements
diff --git a/internal/command/system_features_model.go b/internal/command/system_features_model.go
index f1e6ba6357..212d00e6ce 100644
--- a/internal/command/system_features_model.go
+++ b/internal/command/system_features_model.go
@@ -60,7 +60,6 @@ func (m *SystemFeaturesWriteModel) Query() *eventstore.SearchQueryBuilder {
 		EventTypes(
 			feature_v2.SystemResetEventType,
 			feature_v2.SystemLoginDefaultOrgEventType,
-			feature_v2.SystemTriggerIntrospectionProjectionsEventType,
 			feature_v2.SystemUserSchemaEventType,
 			feature_v2.SystemTokenExchangeEventType,
 			feature_v2.SystemImprovedPerformanceEventType,
@@ -84,9 +83,6 @@ func reduceSystemFeature(features *SystemFeatures, key feature.Key, value any) {
 	case feature.KeyLoginDefaultOrg:
 		v := value.(bool)
 		features.LoginDefaultOrg = &v
-	case feature.KeyTriggerIntrospectionProjections:
-		v := value.(bool)
-		features.TriggerIntrospectionProjections = &v
 	case feature.KeyUserSchema:
 		v := value.(bool)
 		features.UserSchema = &v
@@ -116,7 +112,6 @@ func (wm *SystemFeaturesWriteModel) setCommands(ctx context.Context, f *SystemFe
 	aggregate := feature_v2.NewAggregate(wm.AggregateID, wm.ResourceOwner)
 	cmds := make([]eventstore.Command, 0, len(feature.KeyValues())-1)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.LoginDefaultOrg, f.LoginDefaultOrg, feature_v2.SystemLoginDefaultOrgEventType)
-	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.TriggerIntrospectionProjections, f.TriggerIntrospectionProjections, feature_v2.SystemTriggerIntrospectionProjectionsEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.UserSchema, f.UserSchema, feature_v2.SystemUserSchemaEventType)
 	cmds = appendFeatureUpdate(ctx, cmds, aggregate, wm.TokenExchange, f.TokenExchange, feature_v2.SystemTokenExchangeEventType)
 	cmds = appendFeatureSliceUpdate(ctx, cmds, aggregate, wm.ImprovedPerformance, f.ImprovedPerformance, feature_v2.SystemImprovedPerformanceEventType)
diff --git a/internal/command/system_features_test.go b/internal/command/system_features_test.go
index ff6aef8104..2defd23d5e 100644
--- a/internal/command/system_features_test.go
+++ b/internal/command/system_features_test.go
@@ -63,24 +63,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 				ResourceOwner: "SYSTEM",
 			},
 		},
-		{
-			name: "set TriggerIntrospectionProjections",
-			eventstore: expectEventstore(
-				expectFilter(),
-				expectPush(
-					feature_v2.NewSetEvent[bool](
-						context.Background(), aggregate,
-						feature_v2.SystemTriggerIntrospectionProjectionsEventType, true,
-					),
-				),
-			),
-			args: args{context.Background(), &SystemFeatures{
-				TriggerIntrospectionProjections: gu.Ptr(true),
-			}},
-			want: &domain.ObjectDetails{
-				ResourceOwner: "SYSTEM",
-			},
-		},
 		{
 			name: "set UserSchema",
 			eventstore: expectEventstore(
@@ -124,10 +106,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemLoginDefaultOrgEventType, true,
 					),
-					feature_v2.NewSetEvent[bool](
-						context.Background(), aggregate,
-						feature_v2.SystemTriggerIntrospectionProjectionsEventType, false,
-					),
 					feature_v2.NewSetEvent[bool](
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, true,
@@ -139,10 +117,9 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 				),
 			),
 			args: args{context.Background(), &SystemFeatures{
-				LoginDefaultOrg:                 gu.Ptr(true),
-				TriggerIntrospectionProjections: gu.Ptr(false),
-				UserSchema:                      gu.Ptr(true),
-				OIDCSingleV1SessionTermination:  gu.Ptr(true),
+				LoginDefaultOrg:                gu.Ptr(true),
+				UserSchema:                     gu.Ptr(true),
+				OIDCSingleV1SessionTermination: gu.Ptr(true),
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "SYSTEM",
@@ -157,10 +134,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemLoginDefaultOrgEventType, true,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent[bool](
-						context.Background(), aggregate,
-						feature_v2.SystemTriggerIntrospectionProjectionsEventType, false,
-					)),
 					eventFromEventPusher(feature_v2.NewResetEvent(
 						context.Background(), aggregate,
 						feature_v2.SystemResetEventType,
@@ -175,10 +148,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemLoginDefaultOrgEventType, true,
 					),
-					feature_v2.NewSetEvent[bool](
-						context.Background(), aggregate,
-						feature_v2.SystemTriggerIntrospectionProjectionsEventType, false,
-					),
 					feature_v2.NewSetEvent[bool](
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, true,
@@ -190,10 +159,9 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 				),
 			),
 			args: args{context.Background(), &SystemFeatures{
-				LoginDefaultOrg:                 gu.Ptr(true),
-				TriggerIntrospectionProjections: gu.Ptr(false),
-				UserSchema:                      gu.Ptr(true),
-				OIDCSingleV1SessionTermination:  gu.Ptr(false),
+				LoginDefaultOrg:                gu.Ptr(true),
+				UserSchema:                     gu.Ptr(true),
+				OIDCSingleV1SessionTermination: gu.Ptr(false),
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "SYSTEM",
diff --git a/internal/feature/feature.go b/internal/feature/feature.go
index 107b06edf1..5e28338904 100644
--- a/internal/feature/feature.go
+++ b/internal/feature/feature.go
@@ -9,21 +9,20 @@ import (
 type Key int
 
 const (
-	// Reserved: 3, 6, 8
+	// Reserved: 2, 3, 6, 8
 
-	KeyUnspecified                     Key = 0
-	KeyLoginDefaultOrg                 Key = 1
-	KeyTriggerIntrospectionProjections Key = 2
-	KeyUserSchema                      Key = 4
-	KeyTokenExchange                   Key = 5
-	KeyImprovedPerformance             Key = 7
-	KeyDebugOIDCParentError            Key = 9
-	KeyOIDCSingleV1SessionTermination  Key = 10
-	KeyDisableUserTokenEvent           Key = 11
-	KeyEnableBackChannelLogout         Key = 12
-	KeyLoginV2                         Key = 13
-	KeyPermissionCheckV2               Key = 14
-	KeyConsoleUseV2UserApi             Key = 15
+	KeyUnspecified                    Key = 0
+	KeyLoginDefaultOrg                Key = 1
+	KeyUserSchema                     Key = 4
+	KeyTokenExchange                  Key = 5
+	KeyImprovedPerformance            Key = 7
+	KeyDebugOIDCParentError           Key = 9
+	KeyOIDCSingleV1SessionTermination Key = 10
+	KeyDisableUserTokenEvent          Key = 11
+	KeyEnableBackChannelLogout        Key = 12
+	KeyLoginV2                        Key = 13
+	KeyPermissionCheckV2              Key = 14
+	KeyConsoleUseV2UserApi            Key = 15
 )
 
 //go:generate enumer -type Level -transform snake -trimprefix Level
@@ -40,18 +39,17 @@ const (
 )
 
 type Features struct {
-	LoginDefaultOrg                 bool                      `json:"login_default_org,omitempty"`
-	TriggerIntrospectionProjections bool                      `json:"trigger_introspection_projections,omitempty"`
-	UserSchema                      bool                      `json:"user_schema,omitempty"`
-	TokenExchange                   bool                      `json:"token_exchange,omitempty"`
-	ImprovedPerformance             []ImprovedPerformanceType `json:"improved_performance,omitempty"`
-	DebugOIDCParentError            bool                      `json:"debug_oidc_parent_error,omitempty"`
-	OIDCSingleV1SessionTermination  bool                      `json:"oidc_single_v1_session_termination,omitempty"`
-	DisableUserTokenEvent           bool                      `json:"disable_user_token_event,omitempty"`
-	EnableBackChannelLogout         bool                      `json:"enable_back_channel_logout,omitempty"`
-	LoginV2                         LoginV2                   `json:"login_v2,omitempty"`
-	PermissionCheckV2               bool                      `json:"permission_check_v2,omitempty"`
-	ConsoleUseV2UserApi             bool                      `json:"console_use_v2_user_api,omitempty"`
+	LoginDefaultOrg                bool                      `json:"login_default_org,omitempty"`
+	UserSchema                     bool                      `json:"user_schema,omitempty"`
+	TokenExchange                  bool                      `json:"token_exchange,omitempty"`
+	ImprovedPerformance            []ImprovedPerformanceType `json:"improved_performance,omitempty"`
+	DebugOIDCParentError           bool                      `json:"debug_oidc_parent_error,omitempty"`
+	OIDCSingleV1SessionTermination bool                      `json:"oidc_single_v1_session_termination,omitempty"`
+	DisableUserTokenEvent          bool                      `json:"disable_user_token_event,omitempty"`
+	EnableBackChannelLogout        bool                      `json:"enable_back_channel_logout,omitempty"`
+	LoginV2                        LoginV2                   `json:"login_v2,omitempty"`
+	PermissionCheckV2              bool                      `json:"permission_check_v2,omitempty"`
+	ConsoleUseV2UserApi            bool                      `json:"console_use_v2_user_api,omitempty"`
 }
 
 /* Note: do not generate the stringer or enumer for this type, is it breaks existing events */
diff --git a/internal/feature/feature_test.go b/internal/feature/feature_test.go
index abb8968d6f..d9a459e3db 100644
--- a/internal/feature/feature_test.go
+++ b/internal/feature/feature_test.go
@@ -11,7 +11,6 @@ func TestKey(t *testing.T) {
 	tests := []string{
 		"unspecified",
 		"login_default_org",
-		"trigger_introspection_projections",
 	}
 	for _, want := range tests {
 		t.Run(want, func(t *testing.T) {
diff --git a/internal/feature/key_enumer.go b/internal/feature/key_enumer.go
index 1b4fb9a3ad..9d6f5877e0 100644
--- a/internal/feature/key_enumer.go
+++ b/internal/feature/key_enumer.go
@@ -8,8 +8,8 @@ import (
 )
 
 const (
-	_KeyName_0      = "unspecifiedlogin_default_orgtrigger_introspection_projections"
-	_KeyLowerName_0 = "unspecifiedlogin_default_orgtrigger_introspection_projections"
+	_KeyName_0      = "unspecifiedlogin_default_org"
+	_KeyLowerName_0 = "unspecifiedlogin_default_org"
 	_KeyName_1      = "user_schematoken_exchange"
 	_KeyLowerName_1 = "user_schematoken_exchange"
 	_KeyName_2      = "improved_performance"
@@ -19,7 +19,7 @@ const (
 )
 
 var (
-	_KeyIndex_0 = [...]uint8{0, 11, 28, 61}
+	_KeyIndex_0 = [...]uint8{0, 11, 28}
 	_KeyIndex_1 = [...]uint8{0, 11, 25}
 	_KeyIndex_2 = [...]uint8{0, 20}
 	_KeyIndex_3 = [...]uint8{0, 23, 57, 81, 107, 115, 134, 157}
@@ -27,7 +27,7 @@ var (
 
 func (i Key) String() string {
 	switch {
-	case 0 <= i && i <= 2:
+	case 0 <= i && i <= 1:
 		return _KeyName_0[_KeyIndex_0[i]:_KeyIndex_0[i+1]]
 	case 4 <= i && i <= 5:
 		i -= 4
@@ -48,7 +48,6 @@ func _KeyNoOp() {
 	var x [1]struct{}
 	_ = x[KeyUnspecified-(0)]
 	_ = x[KeyLoginDefaultOrg-(1)]
-	_ = x[KeyTriggerIntrospectionProjections-(2)]
 	_ = x[KeyUserSchema-(4)]
 	_ = x[KeyTokenExchange-(5)]
 	_ = x[KeyImprovedPerformance-(7)]
@@ -61,15 +60,13 @@ func _KeyNoOp() {
 	_ = x[KeyConsoleUseV2UserApi-(15)]
 }
 
-var _KeyValues = []Key{KeyUnspecified, KeyLoginDefaultOrg, KeyTriggerIntrospectionProjections, KeyUserSchema, KeyTokenExchange, KeyImprovedPerformance, KeyDebugOIDCParentError, KeyOIDCSingleV1SessionTermination, KeyDisableUserTokenEvent, KeyEnableBackChannelLogout, KeyLoginV2, KeyPermissionCheckV2, KeyConsoleUseV2UserApi}
+var _KeyValues = []Key{KeyUnspecified, KeyLoginDefaultOrg, KeyUserSchema, KeyTokenExchange, KeyImprovedPerformance, KeyDebugOIDCParentError, KeyOIDCSingleV1SessionTermination, KeyDisableUserTokenEvent, KeyEnableBackChannelLogout, KeyLoginV2, KeyPermissionCheckV2, KeyConsoleUseV2UserApi}
 
 var _KeyNameToValueMap = map[string]Key{
 	_KeyName_0[0:11]:         KeyUnspecified,
 	_KeyLowerName_0[0:11]:    KeyUnspecified,
 	_KeyName_0[11:28]:        KeyLoginDefaultOrg,
 	_KeyLowerName_0[11:28]:   KeyLoginDefaultOrg,
-	_KeyName_0[28:61]:        KeyTriggerIntrospectionProjections,
-	_KeyLowerName_0[28:61]:   KeyTriggerIntrospectionProjections,
 	_KeyName_1[0:11]:         KeyUserSchema,
 	_KeyLowerName_1[0:11]:    KeyUserSchema,
 	_KeyName_1[11:25]:        KeyTokenExchange,
@@ -95,7 +92,6 @@ var _KeyNameToValueMap = map[string]Key{
 var _KeyNames = []string{
 	_KeyName_0[0:11],
 	_KeyName_0[11:28],
-	_KeyName_0[28:61],
 	_KeyName_1[0:11],
 	_KeyName_1[11:25],
 	_KeyName_2[0:20],
diff --git a/internal/query/instance_features.go b/internal/query/instance_features.go
index 9e0081a542..73f51bfdf7 100644
--- a/internal/query/instance_features.go
+++ b/internal/query/instance_features.go
@@ -8,19 +8,18 @@ import (
 )
 
 type InstanceFeatures struct {
-	Details                         *domain.ObjectDetails
-	LoginDefaultOrg                 FeatureSource[bool]
-	TriggerIntrospectionProjections FeatureSource[bool]
-	UserSchema                      FeatureSource[bool]
-	TokenExchange                   FeatureSource[bool]
-	ImprovedPerformance             FeatureSource[[]feature.ImprovedPerformanceType]
-	DebugOIDCParentError            FeatureSource[bool]
-	OIDCSingleV1SessionTermination  FeatureSource[bool]
-	DisableUserTokenEvent           FeatureSource[bool]
-	EnableBackChannelLogout         FeatureSource[bool]
-	LoginV2                         FeatureSource[*feature.LoginV2]
-	PermissionCheckV2               FeatureSource[bool]
-	ConsoleUseV2UserApi             FeatureSource[bool]
+	Details                        *domain.ObjectDetails
+	LoginDefaultOrg                FeatureSource[bool]
+	UserSchema                     FeatureSource[bool]
+	TokenExchange                  FeatureSource[bool]
+	ImprovedPerformance            FeatureSource[[]feature.ImprovedPerformanceType]
+	DebugOIDCParentError           FeatureSource[bool]
+	OIDCSingleV1SessionTermination FeatureSource[bool]
+	DisableUserTokenEvent          FeatureSource[bool]
+	EnableBackChannelLogout        FeatureSource[bool]
+	LoginV2                        FeatureSource[*feature.LoginV2]
+	PermissionCheckV2              FeatureSource[bool]
+	ConsoleUseV2UserApi            FeatureSource[bool]
 }
 
 func (q *Queries) GetInstanceFeatures(ctx context.Context, cascade bool) (_ *InstanceFeatures, err error) {
diff --git a/internal/query/instance_features_model.go b/internal/query/instance_features_model.go
index a30009e9ee..fa0f638bed 100644
--- a/internal/query/instance_features_model.go
+++ b/internal/query/instance_features_model.go
@@ -63,7 +63,6 @@ func (m *InstanceFeaturesReadModel) Query() *eventstore.SearchQueryBuilder {
 			feature_v1.DefaultLoginInstanceEventType,
 			feature_v2.InstanceResetEventType,
 			feature_v2.InstanceLoginDefaultOrgEventType,
-			feature_v2.InstanceTriggerIntrospectionProjectionsEventType,
 			feature_v2.InstanceUserSchemaEventType,
 			feature_v2.InstanceTokenExchangeEventType,
 			feature_v2.InstanceImprovedPerformanceEventType,
@@ -91,7 +90,6 @@ func (m *InstanceFeaturesReadModel) populateFromSystem() bool {
 		return false
 	}
 	m.instance.LoginDefaultOrg = m.system.LoginDefaultOrg
-	m.instance.TriggerIntrospectionProjections = m.system.TriggerIntrospectionProjections
 	m.instance.UserSchema = m.system.UserSchema
 	m.instance.TokenExchange = m.system.TokenExchange
 	m.instance.ImprovedPerformance = m.system.ImprovedPerformance
@@ -112,8 +110,6 @@ func reduceInstanceFeatureSet[T any](features *InstanceFeatures, event *feature_
 		return nil
 	case feature.KeyLoginDefaultOrg:
 		features.LoginDefaultOrg.set(level, event.Value)
-	case feature.KeyTriggerIntrospectionProjections:
-		features.TriggerIntrospectionProjections.set(level, event.Value)
 	case feature.KeyUserSchema:
 		features.UserSchema.set(level, event.Value)
 	case feature.KeyTokenExchange:
diff --git a/internal/query/instance_features_test.go b/internal/query/instance_features_test.go
index af662e4898..5c5f8ecc64 100644
--- a/internal/query/instance_features_test.go
+++ b/internal/query/instance_features_test.go
@@ -71,10 +71,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 					Level: feature.LevelUnspecified,
 					Value: false,
 				},
-				TriggerIntrospectionProjections: FeatureSource[bool]{
-					Level: feature.LevelUnspecified,
-					Value: false,
-				},
 			},
 		},
 		{
@@ -89,10 +85,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceLoginDefaultOrgEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						ctx, aggregate,
-						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, true,
-					)),
 					eventFromEventPusher(feature_v2.NewSetEvent(
 						ctx, aggregate,
 						feature_v2.InstanceUserSchemaEventType, false,
@@ -108,10 +100,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 					Level: feature.LevelInstance,
 					Value: false,
 				},
-				TriggerIntrospectionProjections: FeatureSource[bool]{
-					Level: feature.LevelInstance,
-					Value: true,
-				},
 				UserSchema: FeatureSource[bool]{
 					Level: feature.LevelInstance,
 					Value: false,
@@ -130,10 +118,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceLoginDefaultOrgEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						ctx, aggregate,
-						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, true,
-					)),
 					eventFromEventPusher(feature_v2.NewSetEvent(
 						ctx, aggregate,
 						feature_v2.InstanceUserSchemaEventType, false,
@@ -142,10 +126,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceResetEventType,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						ctx, aggregate,
-						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, true,
-					)),
 				),
 			),
 			args: args{true},
@@ -157,10 +137,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 					Level: feature.LevelSystem,
 					Value: true,
 				},
-				TriggerIntrospectionProjections: FeatureSource[bool]{
-					Level: feature.LevelInstance,
-					Value: true,
-				},
 				UserSchema: FeatureSource[bool]{
 					Level: feature.LevelUnspecified,
 					Value: false,
@@ -175,10 +151,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceLoginDefaultOrgEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						ctx, aggregate,
-						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, true,
-					)),
 					eventFromEventPusher(feature_v2.NewSetEvent(
 						ctx, aggregate,
 						feature_v2.InstanceUserSchemaEventType, false,
@@ -187,10 +159,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 						ctx, aggregate,
 						feature_v2.InstanceResetEventType,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						ctx, aggregate,
-						feature_v2.InstanceTriggerIntrospectionProjectionsEventType, true,
-					)),
 				),
 			),
 			args: args{false},
@@ -202,10 +170,6 @@ func TestQueries_GetInstanceFeatures(t *testing.T) {
 					Level: feature.LevelUnspecified,
 					Value: false,
 				},
-				TriggerIntrospectionProjections: FeatureSource[bool]{
-					Level: feature.LevelInstance,
-					Value: true,
-				},
 				UserSchema: FeatureSource[bool]{
 					Level: feature.LevelUnspecified,
 					Value: false,
diff --git a/internal/query/introspection.go b/internal/query/introspection.go
index ee96bf576b..a3ef125466 100644
--- a/internal/query/introspection.go
+++ b/internal/query/introspection.go
@@ -25,12 +25,6 @@ var introspectionTriggerHandlers = sync.OnceValue(func() []*handler.Handler {
 	)
 })
 
-// TriggerIntrospectionProjections triggers all projections
-// relevant to introspection queries concurrently.
-func TriggerIntrospectionProjections(ctx context.Context) {
-	triggerBatch(ctx, introspectionTriggerHandlers()...)
-}
-
 type AppType string
 
 const (
diff --git a/internal/query/projection/instance_features.go b/internal/query/projection/instance_features.go
index 3c33ff6fdf..32ec2cf111 100644
--- a/internal/query/projection/instance_features.go
+++ b/internal/query/projection/instance_features.go
@@ -64,10 +64,6 @@ func (*instanceFeatureProjection) Reducers() []handler.AggregateReducer {
 				Event:  feature_v2.InstanceLoginDefaultOrgEventType,
 				Reduce: reduceInstanceSetFeature[bool],
 			},
-			{
-				Event:  feature_v2.InstanceTriggerIntrospectionProjectionsEventType,
-				Reduce: reduceInstanceSetFeature[bool],
-			},
 			{
 				Event:  feature_v2.InstanceUserSchemaEventType,
 				Reduce: reduceInstanceSetFeature[bool],
diff --git a/internal/query/projection/system_features.go b/internal/query/projection/system_features.go
index 3f70f7dfa6..32f49108e6 100644
--- a/internal/query/projection/system_features.go
+++ b/internal/query/projection/system_features.go
@@ -56,10 +56,6 @@ func (*systemFeatureProjection) Reducers() []handler.AggregateReducer {
 				Event:  feature_v2.SystemLoginDefaultOrgEventType,
 				Reduce: reduceSystemSetFeature[bool],
 			},
-			{
-				Event:  feature_v2.SystemTriggerIntrospectionProjectionsEventType,
-				Reduce: reduceSystemSetFeature[bool],
-			},
 			{
 				Event:  feature_v2.SystemUserSchemaEventType,
 				Reduce: reduceSystemSetFeature[bool],
diff --git a/internal/query/system_features.go b/internal/query/system_features.go
index 8c340ce739..34410cb9b8 100644
--- a/internal/query/system_features.go
+++ b/internal/query/system_features.go
@@ -20,16 +20,15 @@ func (f *FeatureSource[T]) set(level feature.Level, value any) {
 type SystemFeatures struct {
 	Details *domain.ObjectDetails
 
-	LoginDefaultOrg                 FeatureSource[bool]
-	TriggerIntrospectionProjections FeatureSource[bool]
-	UserSchema                      FeatureSource[bool]
-	TokenExchange                   FeatureSource[bool]
-	ImprovedPerformance             FeatureSource[[]feature.ImprovedPerformanceType]
-	OIDCSingleV1SessionTermination  FeatureSource[bool]
-	DisableUserTokenEvent           FeatureSource[bool]
-	EnableBackChannelLogout         FeatureSource[bool]
-	LoginV2                         FeatureSource[*feature.LoginV2]
-	PermissionCheckV2               FeatureSource[bool]
+	LoginDefaultOrg                FeatureSource[bool]
+	UserSchema                     FeatureSource[bool]
+	TokenExchange                  FeatureSource[bool]
+	ImprovedPerformance            FeatureSource[[]feature.ImprovedPerformanceType]
+	OIDCSingleV1SessionTermination FeatureSource[bool]
+	DisableUserTokenEvent          FeatureSource[bool]
+	EnableBackChannelLogout        FeatureSource[bool]
+	LoginV2                        FeatureSource[*feature.LoginV2]
+	PermissionCheckV2              FeatureSource[bool]
 }
 
 func (q *Queries) GetSystemFeatures(ctx context.Context) (_ *SystemFeatures, err error) {
diff --git a/internal/query/system_features_model.go b/internal/query/system_features_model.go
index f91bc7d1e9..67045f314d 100644
--- a/internal/query/system_features_model.go
+++ b/internal/query/system_features_model.go
@@ -56,7 +56,6 @@ func (m *SystemFeaturesReadModel) Query() *eventstore.SearchQueryBuilder {
 		EventTypes(
 			feature_v2.SystemResetEventType,
 			feature_v2.SystemLoginDefaultOrgEventType,
-			feature_v2.SystemTriggerIntrospectionProjectionsEventType,
 			feature_v2.SystemUserSchemaEventType,
 			feature_v2.SystemTokenExchangeEventType,
 			feature_v2.SystemImprovedPerformanceEventType,
@@ -84,8 +83,6 @@ func reduceSystemFeatureSet[T any](features *SystemFeatures, event *feature_v2.S
 		return nil
 	case feature.KeyLoginDefaultOrg:
 		features.LoginDefaultOrg.set(level, event.Value)
-	case feature.KeyTriggerIntrospectionProjections:
-		features.TriggerIntrospectionProjections.set(level, event.Value)
 	case feature.KeyUserSchema:
 		features.UserSchema.set(level, event.Value)
 	case feature.KeyTokenExchange:
diff --git a/internal/query/system_features_test.go b/internal/query/system_features_test.go
index da59ceb549..7aa12a6a8f 100644
--- a/internal/query/system_features_test.go
+++ b/internal/query/system_features_test.go
@@ -49,10 +49,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemLoginDefaultOrgEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						context.Background(), aggregate,
-						feature_v2.SystemTriggerIntrospectionProjectionsEventType, true,
-					)),
 					eventFromEventPusher(feature_v2.NewSetEvent(
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, false,
@@ -67,10 +63,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 					Level: feature.LevelSystem,
 					Value: false,
 				},
-				TriggerIntrospectionProjections: FeatureSource[bool]{
-					Level: feature.LevelSystem,
-					Value: true,
-				},
 				UserSchema: FeatureSource[bool]{
 					Level: feature.LevelSystem,
 					Value: false,
@@ -85,10 +77,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemLoginDefaultOrgEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						context.Background(), aggregate,
-						feature_v2.SystemTriggerIntrospectionProjectionsEventType, true,
-					)),
 					eventFromEventPusher(feature_v2.NewSetEvent(
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, false,
@@ -97,10 +85,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemResetEventType,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						context.Background(), aggregate,
-						feature_v2.SystemTriggerIntrospectionProjectionsEventType, true,
-					)),
 				),
 			),
 			want: &SystemFeatures{
@@ -111,10 +95,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 					Level: feature.LevelUnspecified,
 					Value: false,
 				},
-				TriggerIntrospectionProjections: FeatureSource[bool]{
-					Level: feature.LevelSystem,
-					Value: true,
-				},
 				UserSchema: FeatureSource[bool]{
 					Level: feature.LevelUnspecified,
 					Value: false,
@@ -129,10 +109,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemLoginDefaultOrgEventType, false,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						context.Background(), aggregate,
-						feature_v2.SystemTriggerIntrospectionProjectionsEventType, true,
-					)),
 					eventFromEventPusher(feature_v2.NewSetEvent(
 						context.Background(), aggregate,
 						feature_v2.SystemUserSchemaEventType, false,
@@ -141,10 +117,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 						context.Background(), aggregate,
 						feature_v2.SystemResetEventType,
 					)),
-					eventFromEventPusher(feature_v2.NewSetEvent(
-						context.Background(), aggregate,
-						feature_v2.SystemTriggerIntrospectionProjectionsEventType, true,
-					)),
 				),
 			),
 			want: &SystemFeatures{
@@ -155,10 +127,6 @@ func TestQueries_GetSystemFeatures(t *testing.T) {
 					Level: feature.LevelUnspecified,
 					Value: false,
 				},
-				TriggerIntrospectionProjections: FeatureSource[bool]{
-					Level: feature.LevelSystem,
-					Value: true,
-				},
 				UserSchema: FeatureSource[bool]{
 					Level: feature.LevelUnspecified,
 					Value: false,
diff --git a/internal/query/userinfo.go b/internal/query/userinfo.go
index 0e749f09b3..aa2920dfba 100644
--- a/internal/query/userinfo.go
+++ b/internal/query/userinfo.go
@@ -31,12 +31,6 @@ var oidcUserInfoTriggerHandlers = sync.OnceValue(func() []*handler.Handler {
 	}
 })
 
-// TriggerOIDCUserInfoProjections triggers all projections
-// relevant to userinfo queries concurrently.
-func TriggerOIDCUserInfoProjections(ctx context.Context) {
-	triggerBatch(ctx, oidcUserInfoTriggerHandlers()...)
-}
-
 var (
 	//go:embed userinfo_by_id.sql
 	oidcUserInfoQueryTmpl           string
diff --git a/internal/repository/feature/feature_v2/eventstore.go b/internal/repository/feature/feature_v2/eventstore.go
index 25d0f270f6..293c1ee3cd 100644
--- a/internal/repository/feature/feature_v2/eventstore.go
+++ b/internal/repository/feature/feature_v2/eventstore.go
@@ -8,7 +8,6 @@ import (
 func init() {
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemResetEventType, eventstore.GenericEventMapper[ResetEvent])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemLoginDefaultOrgEventType, eventstore.GenericEventMapper[SetEvent[bool]])
-	eventstore.RegisterFilterEventMapper(AggregateType, SystemTriggerIntrospectionProjectionsEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemUserSchemaEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemTokenExchangeEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, SystemImprovedPerformanceEventType, eventstore.GenericEventMapper[SetEvent[[]feature.ImprovedPerformanceType]])
@@ -20,7 +19,6 @@ func init() {
 
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceResetEventType, eventstore.GenericEventMapper[ResetEvent])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceLoginDefaultOrgEventType, eventstore.GenericEventMapper[SetEvent[bool]])
-	eventstore.RegisterFilterEventMapper(AggregateType, InstanceTriggerIntrospectionProjectionsEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceUserSchemaEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceTokenExchangeEventType, eventstore.GenericEventMapper[SetEvent[bool]])
 	eventstore.RegisterFilterEventMapper(AggregateType, InstanceImprovedPerformanceEventType, eventstore.GenericEventMapper[SetEvent[[]feature.ImprovedPerformanceType]])
diff --git a/internal/repository/feature/feature_v2/feature.go b/internal/repository/feature/feature_v2/feature.go
index a87042d72a..2859b65ebf 100644
--- a/internal/repository/feature/feature_v2/feature.go
+++ b/internal/repository/feature/feature_v2/feature.go
@@ -11,31 +11,29 @@ import (
 )
 
 var (
-	SystemResetEventType                           = resetEventTypeFromFeature(feature.LevelSystem)
-	SystemLoginDefaultOrgEventType                 = setEventTypeFromFeature(feature.LevelSystem, feature.KeyLoginDefaultOrg)
-	SystemTriggerIntrospectionProjectionsEventType = setEventTypeFromFeature(feature.LevelSystem, feature.KeyTriggerIntrospectionProjections)
-	SystemUserSchemaEventType                      = setEventTypeFromFeature(feature.LevelSystem, feature.KeyUserSchema)
-	SystemTokenExchangeEventType                   = setEventTypeFromFeature(feature.LevelSystem, feature.KeyTokenExchange)
-	SystemImprovedPerformanceEventType             = setEventTypeFromFeature(feature.LevelSystem, feature.KeyImprovedPerformance)
-	SystemOIDCSingleV1SessionTerminationEventType  = setEventTypeFromFeature(feature.LevelSystem, feature.KeyOIDCSingleV1SessionTermination)
-	SystemDisableUserTokenEvent                    = setEventTypeFromFeature(feature.LevelSystem, feature.KeyDisableUserTokenEvent)
-	SystemEnableBackChannelLogout                  = setEventTypeFromFeature(feature.LevelSystem, feature.KeyEnableBackChannelLogout)
-	SystemLoginVersion                             = setEventTypeFromFeature(feature.LevelSystem, feature.KeyLoginV2)
-	SystemPermissionCheckV2                        = setEventTypeFromFeature(feature.LevelSystem, feature.KeyPermissionCheckV2)
+	SystemResetEventType                          = resetEventTypeFromFeature(feature.LevelSystem)
+	SystemLoginDefaultOrgEventType                = setEventTypeFromFeature(feature.LevelSystem, feature.KeyLoginDefaultOrg)
+	SystemUserSchemaEventType                     = setEventTypeFromFeature(feature.LevelSystem, feature.KeyUserSchema)
+	SystemTokenExchangeEventType                  = setEventTypeFromFeature(feature.LevelSystem, feature.KeyTokenExchange)
+	SystemImprovedPerformanceEventType            = setEventTypeFromFeature(feature.LevelSystem, feature.KeyImprovedPerformance)
+	SystemOIDCSingleV1SessionTerminationEventType = setEventTypeFromFeature(feature.LevelSystem, feature.KeyOIDCSingleV1SessionTermination)
+	SystemDisableUserTokenEvent                   = setEventTypeFromFeature(feature.LevelSystem, feature.KeyDisableUserTokenEvent)
+	SystemEnableBackChannelLogout                 = setEventTypeFromFeature(feature.LevelSystem, feature.KeyEnableBackChannelLogout)
+	SystemLoginVersion                            = setEventTypeFromFeature(feature.LevelSystem, feature.KeyLoginV2)
+	SystemPermissionCheckV2                       = setEventTypeFromFeature(feature.LevelSystem, feature.KeyPermissionCheckV2)
 
-	InstanceResetEventType                           = resetEventTypeFromFeature(feature.LevelInstance)
-	InstanceLoginDefaultOrgEventType                 = setEventTypeFromFeature(feature.LevelInstance, feature.KeyLoginDefaultOrg)
-	InstanceTriggerIntrospectionProjectionsEventType = setEventTypeFromFeature(feature.LevelInstance, feature.KeyTriggerIntrospectionProjections)
-	InstanceUserSchemaEventType                      = setEventTypeFromFeature(feature.LevelInstance, feature.KeyUserSchema)
-	InstanceTokenExchangeEventType                   = setEventTypeFromFeature(feature.LevelInstance, feature.KeyTokenExchange)
-	InstanceImprovedPerformanceEventType             = setEventTypeFromFeature(feature.LevelInstance, feature.KeyImprovedPerformance)
-	InstanceDebugOIDCParentErrorEventType            = setEventTypeFromFeature(feature.LevelInstance, feature.KeyDebugOIDCParentError)
-	InstanceOIDCSingleV1SessionTerminationEventType  = setEventTypeFromFeature(feature.LevelInstance, feature.KeyOIDCSingleV1SessionTermination)
-	InstanceDisableUserTokenEvent                    = setEventTypeFromFeature(feature.LevelInstance, feature.KeyDisableUserTokenEvent)
-	InstanceEnableBackChannelLogout                  = setEventTypeFromFeature(feature.LevelInstance, feature.KeyEnableBackChannelLogout)
-	InstanceLoginVersion                             = setEventTypeFromFeature(feature.LevelInstance, feature.KeyLoginV2)
-	InstancePermissionCheckV2                        = setEventTypeFromFeature(feature.LevelInstance, feature.KeyPermissionCheckV2)
-	InstanceConsoleUseV2UserApi                      = setEventTypeFromFeature(feature.LevelInstance, feature.KeyConsoleUseV2UserApi)
+	InstanceResetEventType                          = resetEventTypeFromFeature(feature.LevelInstance)
+	InstanceLoginDefaultOrgEventType                = setEventTypeFromFeature(feature.LevelInstance, feature.KeyLoginDefaultOrg)
+	InstanceUserSchemaEventType                     = setEventTypeFromFeature(feature.LevelInstance, feature.KeyUserSchema)
+	InstanceTokenExchangeEventType                  = setEventTypeFromFeature(feature.LevelInstance, feature.KeyTokenExchange)
+	InstanceImprovedPerformanceEventType            = setEventTypeFromFeature(feature.LevelInstance, feature.KeyImprovedPerformance)
+	InstanceDebugOIDCParentErrorEventType           = setEventTypeFromFeature(feature.LevelInstance, feature.KeyDebugOIDCParentError)
+	InstanceOIDCSingleV1SessionTerminationEventType = setEventTypeFromFeature(feature.LevelInstance, feature.KeyOIDCSingleV1SessionTermination)
+	InstanceDisableUserTokenEvent                   = setEventTypeFromFeature(feature.LevelInstance, feature.KeyDisableUserTokenEvent)
+	InstanceEnableBackChannelLogout                 = setEventTypeFromFeature(feature.LevelInstance, feature.KeyEnableBackChannelLogout)
+	InstanceLoginVersion                            = setEventTypeFromFeature(feature.LevelInstance, feature.KeyLoginV2)
+	InstancePermissionCheckV2                       = setEventTypeFromFeature(feature.LevelInstance, feature.KeyPermissionCheckV2)
+	InstanceConsoleUseV2UserApi                     = setEventTypeFromFeature(feature.LevelInstance, feature.KeyConsoleUseV2UserApi)
 )
 
 const (
diff --git a/proto/zitadel/feature/v2/instance.proto b/proto/zitadel/feature/v2/instance.proto
index efbe5e3cdf..f3467f723d 100644
--- a/proto/zitadel/feature/v2/instance.proto
+++ b/proto/zitadel/feature/v2/instance.proto
@@ -11,20 +11,14 @@ import "zitadel/feature/v2/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2;feature";
 
 message SetInstanceFeaturesRequest{
-  reserved 3, 6, 8;
-  reserved "oidc_legacy_introspection", "actions", "web_key";
+  reserved 2, 3, 6, 8;
+  reserved "oidc_trigger_introspection_projections", "oidc_legacy_introspection", "actions", "web_key";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
       description: "The login UI will use the settings of the default org (and not from the instance) if no organization context is set";
     }
   ];
-  optional bool oidc_trigger_introspection_projections = 2 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
 
   optional bool user_schema = 4 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -118,8 +112,8 @@ message GetInstanceFeaturesRequest {
 }
 
 message GetInstanceFeaturesResponse {
-  reserved 4, 7, 9;
-  reserved "oidc_legacy_introspection", "actions", "web_key";
+  reserved 3, 4, 7, 9;
+  reserved "oidc_trigger_introspection_projections", "oidc_legacy_introspection", "actions", "web_key";
   zitadel.object.v2.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -128,13 +122,6 @@ message GetInstanceFeaturesResponse {
     }
   ];
 
-  FeatureFlag oidc_trigger_introspection_projections = 3 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
-
   FeatureFlag user_schema = 5 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
diff --git a/proto/zitadel/feature/v2/system.proto b/proto/zitadel/feature/v2/system.proto
index ac39e62f09..d3fbe6bccb 100644
--- a/proto/zitadel/feature/v2/system.proto
+++ b/proto/zitadel/feature/v2/system.proto
@@ -11,8 +11,8 @@ import "zitadel/feature/v2/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2;feature";
 
 message SetSystemFeaturesRequest{
-  reserved 3, 6;
-  reserved "oidc_legacy_introspection", "actions";
+  reserved 2, 3, 6;
+  reserved "oidc_trigger_introspection_projections", "oidc_legacy_introspection", "actions";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -20,13 +20,6 @@ message SetSystemFeaturesRequest{
     }
   ];
 
-  optional bool oidc_trigger_introspection_projections = 2 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
-
   optional bool user_schema = 4 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -98,8 +91,8 @@ message ResetSystemFeaturesResponse {
 message GetSystemFeaturesRequest {}
 
 message GetSystemFeaturesResponse {
-  reserved 4, 7;
-  reserved "oidc_legacy_introspection", "actions";
+  reserved 3, 4, 7;
+  reserved "oidc_trigger_introspection_projections", "oidc_legacy_introspection", "actions";
   zitadel.object.v2.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -108,13 +101,6 @@ message GetSystemFeaturesResponse {
     }
   ];
 
-  FeatureFlag oidc_trigger_introspection_projections = 3 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
-
   FeatureFlag user_schema = 5 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
diff --git a/proto/zitadel/feature/v2beta/instance.proto b/proto/zitadel/feature/v2beta/instance.proto
index 7968668e50..ac7a6c9286 100644
--- a/proto/zitadel/feature/v2beta/instance.proto
+++ b/proto/zitadel/feature/v2beta/instance.proto
@@ -11,20 +11,14 @@ import "zitadel/feature/v2beta/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta;feature";
 
 message SetInstanceFeaturesRequest{
-  reserved 3, 6, 8;
-  reserved "oidc_legacy_introspection", "actions", "web_key";
+  reserved 2, 3, 6, 8;
+  reserved "oidc_trigger_introspection_projections", "oidc_legacy_introspection", "actions", "web_key";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
       description: "The login UI will use the settings of the default org (and not from the instance) if no organization context is set";
     }
   ];
-  optional bool oidc_trigger_introspection_projections = 2 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
 
   optional bool user_schema = 4 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -84,8 +78,8 @@ message GetInstanceFeaturesRequest {
 }
 
 message GetInstanceFeaturesResponse {
-  reserved 4, 7, 9;
-  reserved "oidc_legacy_introspection", "actions", "web_key";
+  reserved 3, 4, 7, 9;
+  reserved "oidc_trigger_introspection_projections", "oidc_legacy_introspection", "actions", "web_key";
   zitadel.object.v2beta.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -94,13 +88,6 @@ message GetInstanceFeaturesResponse {
     }
   ];
 
-  FeatureFlag oidc_trigger_introspection_projections = 3 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
-
   FeatureFlag user_schema = 5 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
diff --git a/proto/zitadel/feature/v2beta/system.proto b/proto/zitadel/feature/v2beta/system.proto
index 95bf71da9b..ae500eb87b 100644
--- a/proto/zitadel/feature/v2beta/system.proto
+++ b/proto/zitadel/feature/v2beta/system.proto
@@ -11,8 +11,8 @@ import "zitadel/feature/v2beta/feature.proto";
 option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta;feature";
 
 message SetSystemFeaturesRequest{
-  reserved 3, 6;
-  reserved "oidc_legacy_introspection", "actions";
+  reserved 2, 3, 6;
+  reserved "oidc_trigger_introspection_projections", "oidc_legacy_introspection", "actions";
   optional bool login_default_org = 1 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -20,13 +20,6 @@ message SetSystemFeaturesRequest{
     }
   ];
 
-  optional bool oidc_trigger_introspection_projections = 2 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
-
   optional bool user_schema = 4 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";
@@ -71,8 +64,8 @@ message ResetSystemFeaturesResponse {
 message GetSystemFeaturesRequest {}
 
 message GetSystemFeaturesResponse {
-  reserved 4, 7;
-  reserved "oidc_legacy_introspection", "actions";
+  reserved 3, 4, 7;
+  reserved "oidc_trigger_introspection_projections", "oidc_legacy_introspection", "actions";
   zitadel.object.v2beta.Details details = 1;
   FeatureFlag login_default_org = 2 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -81,13 +74,6 @@ message GetSystemFeaturesResponse {
     }
   ];
 
-  FeatureFlag oidc_trigger_introspection_projections = 3 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "true";
-      description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
-    }
-  ];
-
   FeatureFlag user_schema = 5 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       example: "true";

From b7d447e313891d344fb55fc056c1a1a4654f57f4 Mon Sep 17 00:00:00 2001
From: Federico Coppede <fcoppede@gmail.com>
Date: Mon, 30 Jun 2025 09:21:08 -0300
Subject: [PATCH 110/123] docs(legal): Update account-lockout-policy.md
 (#10124)

Review finished for the account lockout policy.

Main changes:

- Revised wording
- Removed free account from the policy scope
- Fixed broken link to the support form in the customer portal

---------

Co-authored-by: Maximilian <mpa@zitadel.com>
---
 .../legal/policies/account-lockout-policy.md  | 67 +++++++++++--------
 1 file changed, 40 insertions(+), 27 deletions(-)

diff --git a/docs/docs/legal/policies/account-lockout-policy.md b/docs/docs/legal/policies/account-lockout-policy.md
index a593eac1bc..663fd12d9d 100644
--- a/docs/docs/legal/policies/account-lockout-policy.md
+++ b/docs/docs/legal/policies/account-lockout-policy.md
@@ -4,56 +4,69 @@ sidebar_label: Account Lockout Policy
 custom_edit_url: null
 ---
 
-Last updated on May 31, 2023
+Last updated on June 25, 2025
 
-This policy is an annex to the [Terms of Service](../terms-of-service) that clarifies your obligations and our procedure handling requests where you can't get access to your ZITADEL Cloud services and data. This policy is applicable to situations where we, ZITADEL, need to restore your access for a otherwise available service and not in cases where the services are unavailable.
+This policy is an annex to the [Terms of Service](../terms-of-service) and outlines your responsibilities, as well as our procedures, for handling situations where you are unable to access your ZITADEL Cloud services or data. 
 
-## Why to do we have this policy?
+It applies specifically to cases where **ZITADEL** must restore your access to services that are otherwise operational, and does **not** cover service outages or unavailability.
 
-Users may not be able to access our services anymore due to loss of credentials or misconfiguration.
-In certain circumstances it might not be possible to recover the credentials through a self-service flow (eg, loss of 2FA credentials) or access the system to undo the configuration that caused the issue.
-These cases might require help from our support, so you can regain access to your data.
 
-We will require some initial information and conditions to be able to assist you, and will require further information to handle the request.
-We also keep the right to refuse any such request without providing a reason, in case you can't provide the requested information.
+## Why do we have this policy?
 
-## Scope
+Users may lose access to ZITADEL services due to lost credentials or misconfiguration.
 
-In scope of this policy are requests to recover
+In some cases, it may not be possible to recover access through self-service options—for example, losing access to 2FA credentials or being unable to reverse a misconfiguration. These situations may require support from our team to help you regain access to your data.
 
-- ZITADEL Cloud account (customer portal)
-- Manager accounts to a specific instance
-- Undo configuration changes resulting in lockout (eg, misconfigured Action)
+To assist with such requests, we will require specific information and may request additional details throughout the process.
 
-Out of scope are requests to recover access
+**ZITADEL reserves the right to decline any access recovery request without providing a reason if the required information cannot be verified or provided.**
+
+
+## Scope of This Policy
+
+This policy applies to the following situations:
+
+- Loss of access to your **ZITADEL Cloud Admin Account** (customer portal)
+- Inability to access **Instance Manager accounts** for a specific instance
+- Need to **undo configuration changes** that caused a lockout (e.g., a misconfigured Action)
+
+
+## Out of Scope
+
+The following types of access recovery requests are **not** covered by this policy:
+
+- Situations where you can request access from another **Admin** or **Instance Manager**
+- Requests made by **end-users** who should instead contact their Admin or Manager
+- Issues related to **self-hosted ZITADEL instances**
+- **Free accounts/Instances**
 
-- Where you have to option to ask another Admin/Manager
-- by end-users who should ask an Admin/Manager instead
-- self-hosted instances
 
 ## Process
 
-Before you send a request to restore access to your account, please make sure that can't ask your manager/admin or another manager/admin to recover access.
+Before submitting a request to restore access to your account, please ensure that you are unable to regain access through your existing **Manager** or **Admin**, or by contacting another **Manager/Admin** within your organization.
 
-### ZITADEL Cloud account
 
-If you need to recover your ZITADEL Cloud account for the customer portal, please send an email to [support@zitadel.com](mailto:support@zitadel.com?subject=ZITADEL%20Cloud%20account%20lockout):
+### ZITADEL Cloud account (Customer Portal)
+
+Please visit the [support page in the customer portal](https://zitadel.com/admin/support):
 
 - State clearly in the subject line that this is related to an account lockout for a ZITADEL Cloud account
 - The sender's email address must match the verified email address of the account owner
 - State the reason why you're not able to recover the account yourself
 
-Please allow us time to validate your request.
-Our support will get back to you to request additional information for verification.
+Please allow us time to validate your request.  
+Our support team will follow up with additional verification steps if needed.
 
-### Manager access to an Instance
+### Instance Manager access recovery
 
 If you need to recover a Manager account to an instance, please make sure you can't recover the account via another user or service user with Manager permissions.
 
-Please visit the [support page in the customer portal](https://zitadel.cloud/admin/support):
+Please visit the [support page in the customer portal](https://zitadel.com/admin/support):
 
-- State clearly in the subject line that this is related to an account lockout the affected instance
+- State clearly in the subject line that this is related to an account lockout **for** the affected instance
+- The sender's email address must match the verified email address of the affected instance manager
 - State the reason why you're not able to recover the account yourself
 
-Please allow us time to validate your request.
-Our support will get back to you to request additional information for verification.
+Please allow us time to validate your request.  
+Our support team will follow up with additional verification steps if needed.
+

From 64a03fba28dc73e97f851c4d04cdb7e6596fc575 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Mon, 30 Jun 2025 11:07:33 -0400
Subject: [PATCH 111/123] fix(api): return typed saml form post data in idp
 intent (#10136)

<!--
Please inform yourself about the contribution guidelines on submitting a
PR here:
https://github.com/zitadel/zitadel/blob/main/CONTRIBUTING.md#submit-a-pull-request-pr.
Take note of how PR/commit titles should be written and replace the
template texts in the sections below. Don't remove any of the sections.
It is important that the commit history clearly shows what is changed
and why.
Important: By submitting a contribution you agree to the terms from our
Licensing Policy as described here:
https://github.com/zitadel/zitadel/blob/main/LICENSING.md#community-contributions.
-->

# Which Problems Are Solved

The current user V2 API returns a `[]byte` containing a whole HTML
document including the form on `StartIdentifyProviderIntent` for intents
based on form post (e.g. SAML POST bindings). This is not usable for
most clients as they cannot handle that and render a whole page inside
their app.
For redirect based intents, the url to which the client needs to
redirect is returned.

# How the Problems Are Solved

- Changed the returned type to a new `FormData` message containing the
url and a `fields` map.
- internal changes:
- Session.GetAuth now returns an `Auth` interfacce and error instead of
(content string, redirect bool)
- Auth interface has two implementations: `RedirectAuth` and `FormAuth`
- All use of the GetAuth function now type switch on the returned auth
object
- A template has been added to the login UI to execute the form post
automatically (as is).

# Additional Changes

- Some intent integration test did not check the redirect url and were
wrongly configured.

# Additional Context

- relates to zitadel/typescript#410
---
 .../user/v2/integration_test/user_test.go     |  22 ++-
 internal/api/grpc/user/v2/intent.go           |  27 ++--
 .../user/v2beta/integration_test/user_test.go |  22 ++-
 internal/api/grpc/user/v2beta/user.go         |  27 ++--
 .../api/ui/login/external_provider_handler.go |  32 ++++-
 internal/command/idp_intent_test.go           | 135 +++++++++++++++---
 internal/idp/providers/apple/apple_test.go    |   8 +-
 .../idp/providers/azuread/azuread_test.go     |   8 +-
 internal/idp/providers/azuread/session.go     |   2 +-
 internal/idp/providers/github/github_test.go  |   8 +-
 internal/idp/providers/gitlab/gitlab_test.go  |   8 +-
 internal/idp/providers/google/google_test.go  |   8 +-
 internal/idp/providers/jwt/jwt_test.go        |   8 +-
 internal/idp/providers/jwt/session.go         |   2 +-
 internal/idp/providers/ldap/session.go        |   2 +-
 internal/idp/providers/oauth/oauth2_test.go   |   8 +-
 internal/idp/providers/oauth/session.go       |   2 +-
 internal/idp/providers/oidc/oidc_test.go      |   8 +-
 internal/idp/providers/oidc/session.go        |   2 +-
 internal/idp/providers/saml/saml_test.go      | 130 +++++++++++++++++
 internal/idp/providers/saml/session.go        |  93 +++++++-----
 internal/idp/session.go                       |  30 +++-
 proto/zitadel/user/v2/idp.proto               |  18 +++
 proto/zitadel/user/v2/user_service.proto      |   4 +
 proto/zitadel/user/v2beta/idp.proto           |  18 +++
 proto/zitadel/user/v2beta/user_service.proto  |  13 +-
 26 files changed, 512 insertions(+), 133 deletions(-)

diff --git a/internal/api/grpc/user/v2/integration_test/user_test.go b/internal/api/grpc/user/v2/integration_test/user_test.go
index 4eee44ab44..1776c57fcb 100644
--- a/internal/api/grpc/user/v2/integration_test/user_test.go
+++ b/internal/api/grpc/user/v2/integration_test/user_test.go
@@ -2057,7 +2057,7 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) {
 					ChangeDate:    timestamppb.Now(),
 					ResourceOwner: Instance.ID(),
 				},
-				url:                "http://" + Instance.Domain + ":8000/sso",
+				url:                "http://localhost:8000/sso",
 				parametersExisting: []string{"RelayState", "SAMLRequest"},
 			},
 			wantErr: false,
@@ -2081,7 +2081,7 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) {
 					ChangeDate:    timestamppb.Now(),
 					ResourceOwner: Instance.ID(),
 				},
-				url:                "http://" + Instance.Domain + ":8000/sso",
+				url:                "http://localhost:8000/sso",
 				parametersExisting: []string{"RelayState", "SAMLRequest"},
 			},
 			wantErr: false,
@@ -2105,7 +2105,9 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) {
 					ChangeDate:    timestamppb.Now(),
 					ResourceOwner: Instance.ID(),
 				},
-				postForm: true,
+				url:                "http://localhost:8000/sso",
+				parametersExisting: []string{"RelayState", "SAMLRequest"},
+				postForm:           true,
 			},
 			wantErr: false,
 		},
@@ -2143,9 +2145,11 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) {
 			}
 			require.NoError(t, err)
 
-			if tt.want.url != "" {
+			if tt.want.url != "" && !tt.want.postForm {
 				authUrl, err := url.Parse(got.GetAuthUrl())
 				require.NoError(t, err)
+
+				assert.Equal(t, tt.want.url, authUrl.Scheme+"://"+authUrl.Host+authUrl.Path)
 				require.Len(t, authUrl.Query(), len(tt.want.parametersEqual)+len(tt.want.parametersExisting))
 
 				for _, existing := range tt.want.parametersExisting {
@@ -2156,7 +2160,15 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) {
 				}
 			}
 			if tt.want.postForm {
-				assert.NotEmpty(t, got.GetPostForm())
+				assert.Equal(t, tt.want.url, got.GetFormData().GetUrl())
+
+				require.Len(t, got.GetFormData().GetFields(), len(tt.want.parametersEqual)+len(tt.want.parametersExisting))
+				for _, existing := range tt.want.parametersExisting {
+					assert.Contains(t, got.GetFormData().GetFields(), existing)
+				}
+				for key, equal := range tt.want.parametersEqual {
+					assert.Equal(t, got.GetFormData().GetFields()[key], equal)
+				}
 			}
 			integration.AssertDetails(t, &user.StartIdentityProviderIntentResponse{
 				Details: tt.want.details,
diff --git a/internal/api/grpc/user/v2/intent.go b/internal/api/grpc/user/v2/intent.go
index 5514b6ef03..fd65d61dfb 100644
--- a/internal/api/grpc/user/v2/intent.go
+++ b/internal/api/grpc/user/v2/intent.go
@@ -52,19 +52,28 @@ func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.Re
 	if err != nil {
 		return nil, err
 	}
-	content, redirect := session.GetAuth(ctx)
-	if redirect {
+	auth, err := session.GetAuth(ctx)
+	if err != nil {
+		return nil, err
+	}
+	switch a := auth.(type) {
+	case *idp.RedirectAuth:
 		return &user.StartIdentityProviderIntentResponse{
 			Details:  object.DomainToDetailsPb(details),
-			NextStep: &user.StartIdentityProviderIntentResponse_AuthUrl{AuthUrl: content},
+			NextStep: &user.StartIdentityProviderIntentResponse_AuthUrl{AuthUrl: a.RedirectURL},
+		}, nil
+	case *idp.FormAuth:
+		return &user.StartIdentityProviderIntentResponse{
+			Details: object.DomainToDetailsPb(details),
+			NextStep: &user.StartIdentityProviderIntentResponse_FormData{
+				FormData: &user.FormData{
+					Url:    a.URL,
+					Fields: a.Fields,
+				},
+			},
 		}, nil
 	}
-	return &user.StartIdentityProviderIntentResponse{
-		Details: object.DomainToDetailsPb(details),
-		NextStep: &user.StartIdentityProviderIntentResponse_PostForm{
-			PostForm: []byte(content),
-		},
-	}, nil
+	return nil, zerrors.ThrowInvalidArgumentf(nil, "USERv2-3g2j3", "type oneOf %T in method StartIdentityProviderIntent not implemented", auth)
 }
 
 func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredentials *user.LDAPCredentials) (*user.StartIdentityProviderIntentResponse, error) {
diff --git a/internal/api/grpc/user/v2beta/integration_test/user_test.go b/internal/api/grpc/user/v2beta/integration_test/user_test.go
index 250322d66f..7b02f7da70 100644
--- a/internal/api/grpc/user/v2beta/integration_test/user_test.go
+++ b/internal/api/grpc/user/v2beta/integration_test/user_test.go
@@ -2058,7 +2058,7 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) {
 					ChangeDate:    timestamppb.Now(),
 					ResourceOwner: Instance.ID(),
 				},
-				url:                "http://" + Instance.Domain + ":8000/sso",
+				url:                "http://localhost:8000/sso",
 				parametersExisting: []string{"RelayState", "SAMLRequest"},
 			},
 			wantErr: false,
@@ -2082,7 +2082,7 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) {
 					ChangeDate:    timestamppb.Now(),
 					ResourceOwner: Instance.ID(),
 				},
-				url:                "http://" + Instance.Domain + ":8000/sso",
+				url:                "http://localhost:8000/sso",
 				parametersExisting: []string{"RelayState", "SAMLRequest"},
 			},
 			wantErr: false,
@@ -2106,7 +2106,9 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) {
 					ChangeDate:    timestamppb.Now(),
 					ResourceOwner: Instance.ID(),
 				},
-				postForm: true,
+				url:                "http://localhost:8000/sso",
+				parametersExisting: []string{"RelayState", "SAMLRequest"},
+				postForm:           true,
 			},
 			wantErr: false,
 		},
@@ -2120,9 +2122,11 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) {
 			}
 			require.NoError(t, err)
 
-			if tt.want.url != "" {
+			if tt.want.url != "" && !tt.want.postForm {
 				authUrl, err := url.Parse(got.GetAuthUrl())
 				require.NoError(t, err)
+				
+				assert.Equal(t, tt.want.url, authUrl.Scheme+"://"+authUrl.Host+authUrl.Path)
 				require.Len(t, authUrl.Query(), len(tt.want.parametersEqual)+len(tt.want.parametersExisting))
 
 				for _, existing := range tt.want.parametersExisting {
@@ -2133,7 +2137,15 @@ func TestServer_StartIdentityProviderIntent(t *testing.T) {
 				}
 			}
 			if tt.want.postForm {
-				assert.NotEmpty(t, got.GetPostForm())
+				assert.Equal(t, tt.want.url, got.GetFormData().GetUrl())
+
+				require.Len(t, got.GetFormData().GetFields(), len(tt.want.parametersEqual)+len(tt.want.parametersExisting))
+				for _, existing := range tt.want.parametersExisting {
+					assert.Contains(t, got.GetFormData().GetFields(), existing)
+				}
+				for key, equal := range tt.want.parametersEqual {
+					assert.Equal(t, got.GetFormData().GetFields()[key], equal)
+				}
 			}
 			integration.AssertDetails(t, &user.StartIdentityProviderIntentResponse{
 				Details: tt.want.details,
diff --git a/internal/api/grpc/user/v2beta/user.go b/internal/api/grpc/user/v2beta/user.go
index 93afbde0aa..49f0c7d9c7 100644
--- a/internal/api/grpc/user/v2beta/user.go
+++ b/internal/api/grpc/user/v2beta/user.go
@@ -380,19 +380,28 @@ func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.Re
 	if err != nil {
 		return nil, err
 	}
-	content, redirect := session.GetAuth(ctx)
-	if redirect {
+	auth, err := session.GetAuth(ctx)
+	if err != nil {
+		return nil, err
+	}
+	switch a := auth.(type) {
+	case *idp.RedirectAuth:
 		return &user.StartIdentityProviderIntentResponse{
 			Details:  object.DomainToDetailsPb(details),
-			NextStep: &user.StartIdentityProviderIntentResponse_AuthUrl{AuthUrl: content},
+			NextStep: &user.StartIdentityProviderIntentResponse_AuthUrl{AuthUrl: a.RedirectURL},
+		}, nil
+	case *idp.FormAuth:
+		return &user.StartIdentityProviderIntentResponse{
+			Details: object.DomainToDetailsPb(details),
+			NextStep: &user.StartIdentityProviderIntentResponse_FormData{
+				FormData: &user.FormData{
+					Url:    a.URL,
+					Fields: a.Fields,
+				},
+			},
 		}, nil
 	}
-	return &user.StartIdentityProviderIntentResponse{
-		Details: object.DomainToDetailsPb(details),
-		NextStep: &user.StartIdentityProviderIntentResponse_PostForm{
-			PostForm: []byte(content),
-		},
-	}, nil
+	return nil, zerrors.ThrowInvalidArgumentf(nil, "USERv2-3g2j3", "type oneOf %T in method StartIdentityProviderIntent not implemented", auth)
 }
 
 func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredentials *user.LDAPCredentials) (*user.StartIdentityProviderIntentResponse, error) {
diff --git a/internal/api/ui/login/external_provider_handler.go b/internal/api/ui/login/external_provider_handler.go
index 6202c38c8b..abd20088ba 100644
--- a/internal/api/ui/login/external_provider_handler.go
+++ b/internal/api/ui/login/external_provider_handler.go
@@ -48,6 +48,18 @@ const (
 	tmplExternalNotFoundOption = "externalnotfoundoption"
 )
 
+var (
+	samlFormPost = template.Must(template.New("saml-post-form").Parse(`<!DOCTYPE html><html><body>
+<form method="post" action="{{.URL}}" id="SAMLRequestForm">
+{{range $key, $value := .Fields}}
+<input type="hidden" name="{{$key}}" value="{{$value}}" />
+{{end}}
+<input id="SAMLSubmitButton" type="submit" value="Submit" />
+</form>
+<script>document.getElementById('SAMLSubmitButton').style.visibility="hidden";document.getElementById('SAMLRequestForm').submit();</script>
+</body></html>`))
+)
+
 type externalIDPData struct {
 	IDPConfigID string `schema:"idpConfigID"`
 }
@@ -201,15 +213,21 @@ func (l *Login) handleIDP(w http.ResponseWriter, r *http.Request, authReq *domai
 		l.externalAuthFailed(w, r, authReq, err)
 		return
 	}
-
-	content, redirect := session.GetAuth(r.Context())
-	if redirect {
-		http.Redirect(w, r, content, http.StatusFound)
+	auth, err := session.GetAuth(r.Context())
+	if err != nil {
+		l.renderInternalError(w, r, authReq, err)
 		return
 	}
-	_, err = w.Write([]byte(content))
-	if err != nil {
-		l.renderError(w, r, authReq, err)
+	switch a := auth.(type) {
+	case *idp.RedirectAuth:
+		http.Redirect(w, r, a.RedirectURL, http.StatusFound)
+		return
+	case *idp.FormAuth:
+		err = samlFormPost.Execute(w, a)
+		if err != nil {
+			l.renderError(w, r, authReq, err)
+			return
+		}
 		return
 	}
 }
diff --git a/internal/command/idp_intent_test.go b/internal/command/idp_intent_test.go
index 6cf835f521..e0f4e2ffdb 100644
--- a/internal/command/idp_intent_test.go
+++ b/internal/command/idp_intent_test.go
@@ -432,9 +432,8 @@ func TestCommands_AuthFromProvider(t *testing.T) {
 		samlRootURL string
 	}
 	type res struct {
-		content  string
-		redirect bool
-		err      error
+		auth idp.Auth
+		err  error
 	}
 	tests := []struct {
 		name   string
@@ -579,8 +578,7 @@ func TestCommands_AuthFromProvider(t *testing.T) {
 				callbackURL: "url",
 			},
 			res{
-				content:  "auth?client_id=clientID&prompt=select_account&redirect_uri=url&response_type=code&state=id",
-				redirect: true,
+				auth: &idp.RedirectAuth{RedirectURL: "auth?client_id=clientID&prompt=select_account&redirect_uri=url&response_type=code&state=id"},
 			},
 		},
 		{
@@ -671,8 +669,7 @@ func TestCommands_AuthFromProvider(t *testing.T) {
 				callbackURL: "url",
 			},
 			res{
-				content:  "https://login.microsoftonline.com/tenant/oauth2/v2.0/authorize?client_id=clientID&prompt=select_account&redirect_uri=url&response_type=code&scope=openid+profile+User.Read&state=id",
-				redirect: true,
+				auth: &idp.RedirectAuth{RedirectURL: "https://login.microsoftonline.com/tenant/oauth2/v2.0/authorize?client_id=clientID&prompt=select_account&redirect_uri=url&response_type=code&scope=openid+profile+User.Read&state=id"},
 			},
 		},
 	}
@@ -686,13 +683,12 @@ func TestCommands_AuthFromProvider(t *testing.T) {
 			_, session, err := c.AuthFromProvider(tt.args.ctx, tt.args.idpID, tt.args.callbackURL, tt.args.samlRootURL)
 			require.ErrorIs(t, err, tt.res.err)
 
-			var content string
-			var redirect bool
+			var got idp.Auth
 			if err == nil {
-				content, redirect = session.GetAuth(tt.args.ctx)
+				got, err = session.GetAuth(tt.args.ctx)
+				assert.Equal(t, tt.res.auth, got)
+				assert.NoError(t, err)
 			}
-			assert.Equal(t, tt.res.redirect, redirect)
-			assert.Equal(t, tt.res.content, content)
 		})
 	}
 }
@@ -811,6 +807,97 @@ func TestCommands_AuthFromProvider_SAML(t *testing.T) {
 				},
 			},
 		},
+		{
+			"saml post auth",
+			fields{
+				secretCrypto: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusherWithInstanceID(
+							"instance",
+							instance.NewSAMLIDPAddedEvent(context.Background(), &instance.NewAggregate("instance").Aggregate,
+								"idp",
+								"name",
+								[]byte("<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2023-08-27T12:40:58.803Z\" cacheDuration=\"PT48H\" entityID=\"http://localhost:8000/metadata\">\n  <IDPSSODescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n    <KeyDescriptor use=\"signing\">\n      <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n        <X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n          <X509Certificate xmlns=\"http://www.w3.org/2000/09/xmldsig#\">MIIDBzCCAe+gAwIBAgIJAPr/Mrlc8EGhMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNTEyMjgxOTE5NDVaFw0yNTEyMjUxOTE5NDVaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDoWzLos4LWxTn8Gyu2lEbl4WcelUbgLN5zYm4ron8Ahs+rvcsu2zkdD/s6jdGJI8WqJKhYK2u61ygnXgAZqC6ggtFPnBpizcDzjgND2g+aucSoUODHt67f0fQuAmupN/zp5MZysJ6IHLJnYLNpfJYk96lRz9ODnO1Mpqtr9PWxm+pz7nzq5F0vRepkgpcRxv6ufQBjlrFytccyEVdXrvFtkjXcnhVVNSR4kHuOOMS6D7pebSJ1mrCmshbD5SX1jXPBKFPAjozYX6PxqLxUx1Y4faFEf4MBBVcInyB4oURNB2s59hEEi2jq9izNE7EbEK6BY5sEhoCPl9m32zE6ljkCAwEAAaNQME4wHQYDVR0OBBYEFB9ZklC1Ork2zl56zg08ei7ss/+iMB8GA1UdIwQYMBaAFB9ZklC1Ork2zl56zg08ei7ss/+iMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAVoTSQ5pAirw8OR9FZ1bRSuTDhY9uxzl/OL7lUmsv2cMNeCB3BRZqm3mFt+cwN8GsH6f3uvNONIhgFpTGN5LEcXQz89zJEzB+qaHqmbFpHQl/sx2B8ezNgT/882H2IH00dXESEfy/+1gHg2pxjGnhRBN6el/gSaDiySIMKbilDrffuvxiCfbpPN0NRRiPJhd2ay9KuL/RxQRl1gl9cHaWiouWWba1bSBb2ZPhv2rPMUsFo98ntkGCObDX6Y1SpkqmoTbrsbGFsTG2DLxnvr4GdN1BSr0Uu/KV3adj47WkXVPeMYQti/bQmxQB8tRFhrw80qakTLUzreO96WzlBBMtY=</X509Certificate>\n        </X509Data>\n      </KeyInfo>\n    </KeyDescriptor>\n    <KeyDescriptor use=\"encryption\">\n      <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n        <X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n          <X509Certificate xmlns=\"http://www.w3.org/2000/09/xmldsig#\">MIIDBzCCAe+gAwIBAgIJAPr/Mrlc8EGhMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNTEyMjgxOTE5NDVaFw0yNTEyMjUxOTE5NDVaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDoWzLos4LWxTn8Gyu2lEbl4WcelUbgLN5zYm4ron8Ahs+rvcsu2zkdD/s6jdGJI8WqJKhYK2u61ygnXgAZqC6ggtFPnBpizcDzjgND2g+aucSoUODHt67f0fQuAmupN/zp5MZysJ6IHLJnYLNpfJYk96lRz9ODnO1Mpqtr9PWxm+pz7nzq5F0vRepkgpcRxv6ufQBjlrFytccyEVdXrvFtkjXcnhVVNSR4kHuOOMS6D7pebSJ1mrCmshbD5SX1jXPBKFPAjozYX6PxqLxUx1Y4faFEf4MBBVcInyB4oURNB2s59hEEi2jq9izNE7EbEK6BY5sEhoCPl9m32zE6ljkCAwEAAaNQME4wHQYDVR0OBBYEFB9ZklC1Ork2zl56zg08ei7ss/+iMB8GA1UdIwQYMBaAFB9ZklC1Ork2zl56zg08ei7ss/+iMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAVoTSQ5pAirw8OR9FZ1bRSuTDhY9uxzl/OL7lUmsv2cMNeCB3BRZqm3mFt+cwN8GsH6f3uvNONIhgFpTGN5LEcXQz89zJEzB+qaHqmbFpHQl/sx2B8ezNgT/882H2IH00dXESEfy/+1gHg2pxjGnhRBN6el/gSaDiySIMKbilDrffuvxiCfbpPN0NRRiPJhd2ay9KuL/RxQRl1gl9cHaWiouWWba1bSBb2ZPhv2rPMUsFo98ntkGCObDX6Y1SpkqmoTbrsbGFsTG2DLxnvr4GdN1BSr0Uu/KV3adj47WkXVPeMYQti/bQmxQB8tRFhrw80qakTLUzreO96WzlBBMtY=</X509Certificate>\n        </X509Data>\n      </KeyInfo>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\"></EncryptionMethod>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes192-cbc\"></EncryptionMethod>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\"></EncryptionMethod>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\"></EncryptionMethod>\n    </KeyDescriptor>\n    <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>\n    <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8000/sso\"></SingleSignOnService>\n    <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8000/sso\"></SingleSignOnService>\n  </IDPSSODescriptor>\n</EntityDescriptor>"),
+								&crypto.CryptoValue{
+									CryptoType: crypto.TypeEncryption,
+									Algorithm:  "enc",
+									KeyID:      "id",
+									Crypted:    []byte("key"),
+								},
+								[]byte("certificate"),
+								"",
+								false,
+								gu.Ptr(domain.SAMLNameIDFormatUnspecified),
+								"",
+								false,
+								rep_idp.Options{},
+							)),
+					),
+					expectFilter(
+						eventFromEventPusherWithInstanceID(
+							"instance",
+							instance.NewSAMLIDPAddedEvent(context.Background(), &instance.NewAggregate("instance").Aggregate,
+								"idp",
+								"name",
+								[]byte("<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2023-08-27T12:40:58.803Z\" cacheDuration=\"PT48H\" entityID=\"http://localhost:8000/metadata\">\n  <IDPSSODescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n    <KeyDescriptor use=\"signing\">\n      <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n        <X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n          <X509Certificate xmlns=\"http://www.w3.org/2000/09/xmldsig#\">MIIDBzCCAe+gAwIBAgIJAPr/Mrlc8EGhMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNTEyMjgxOTE5NDVaFw0yNTEyMjUxOTE5NDVaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDoWzLos4LWxTn8Gyu2lEbl4WcelUbgLN5zYm4ron8Ahs+rvcsu2zkdD/s6jdGJI8WqJKhYK2u61ygnXgAZqC6ggtFPnBpizcDzjgND2g+aucSoUODHt67f0fQuAmupN/zp5MZysJ6IHLJnYLNpfJYk96lRz9ODnO1Mpqtr9PWxm+pz7nzq5F0vRepkgpcRxv6ufQBjlrFytccyEVdXrvFtkjXcnhVVNSR4kHuOOMS6D7pebSJ1mrCmshbD5SX1jXPBKFPAjozYX6PxqLxUx1Y4faFEf4MBBVcInyB4oURNB2s59hEEi2jq9izNE7EbEK6BY5sEhoCPl9m32zE6ljkCAwEAAaNQME4wHQYDVR0OBBYEFB9ZklC1Ork2zl56zg08ei7ss/+iMB8GA1UdIwQYMBaAFB9ZklC1Ork2zl56zg08ei7ss/+iMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAVoTSQ5pAirw8OR9FZ1bRSuTDhY9uxzl/OL7lUmsv2cMNeCB3BRZqm3mFt+cwN8GsH6f3uvNONIhgFpTGN5LEcXQz89zJEzB+qaHqmbFpHQl/sx2B8ezNgT/882H2IH00dXESEfy/+1gHg2pxjGnhRBN6el/gSaDiySIMKbilDrffuvxiCfbpPN0NRRiPJhd2ay9KuL/RxQRl1gl9cHaWiouWWba1bSBb2ZPhv2rPMUsFo98ntkGCObDX6Y1SpkqmoTbrsbGFsTG2DLxnvr4GdN1BSr0Uu/KV3adj47WkXVPeMYQti/bQmxQB8tRFhrw80qakTLUzreO96WzlBBMtY=</X509Certificate>\n        </X509Data>\n      </KeyInfo>\n    </KeyDescriptor>\n    <KeyDescriptor use=\"encryption\">\n      <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n        <X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n          <X509Certificate xmlns=\"http://www.w3.org/2000/09/xmldsig#\">MIIDBzCCAe+gAwIBAgIJAPr/Mrlc8EGhMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNTEyMjgxOTE5NDVaFw0yNTEyMjUxOTE5NDVaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDoWzLos4LWxTn8Gyu2lEbl4WcelUbgLN5zYm4ron8Ahs+rvcsu2zkdD/s6jdGJI8WqJKhYK2u61ygnXgAZqC6ggtFPnBpizcDzjgND2g+aucSoUODHt67f0fQuAmupN/zp5MZysJ6IHLJnYLNpfJYk96lRz9ODnO1Mpqtr9PWxm+pz7nzq5F0vRepkgpcRxv6ufQBjlrFytccyEVdXrvFtkjXcnhVVNSR4kHuOOMS6D7pebSJ1mrCmshbD5SX1jXPBKFPAjozYX6PxqLxUx1Y4faFEf4MBBVcInyB4oURNB2s59hEEi2jq9izNE7EbEK6BY5sEhoCPl9m32zE6ljkCAwEAAaNQME4wHQYDVR0OBBYEFB9ZklC1Ork2zl56zg08ei7ss/+iMB8GA1UdIwQYMBaAFB9ZklC1Ork2zl56zg08ei7ss/+iMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAVoTSQ5pAirw8OR9FZ1bRSuTDhY9uxzl/OL7lUmsv2cMNeCB3BRZqm3mFt+cwN8GsH6f3uvNONIhgFpTGN5LEcXQz89zJEzB+qaHqmbFpHQl/sx2B8ezNgT/882H2IH00dXESEfy/+1gHg2pxjGnhRBN6el/gSaDiySIMKbilDrffuvxiCfbpPN0NRRiPJhd2ay9KuL/RxQRl1gl9cHaWiouWWba1bSBb2ZPhv2rPMUsFo98ntkGCObDX6Y1SpkqmoTbrsbGFsTG2DLxnvr4GdN1BSr0Uu/KV3adj47WkXVPeMYQti/bQmxQB8tRFhrw80qakTLUzreO96WzlBBMtY=</X509Certificate>\n        </X509Data>\n      </KeyInfo>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\"></EncryptionMethod>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes192-cbc\"></EncryptionMethod>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\"></EncryptionMethod>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\"></EncryptionMethod>\n    </KeyDescriptor>\n    <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>\n    <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8000/sso\"></SingleSignOnService>\n    <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8000/sso\"></SingleSignOnService>\n  </IDPSSODescriptor>\n</EntityDescriptor>"),
+								&crypto.CryptoValue{
+									CryptoType: crypto.TypeEncryption,
+									Algorithm:  "enc",
+									KeyID:      "id",
+									Crypted:    []byte("-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAxHd087RoEm9ywVWZ/H+tDWxQsmVvhfRz4jAq/RfU+OWXNH4J\njMMSHdFs0Q+WP98nNXRyc7fgbMb8NdmlB2yD4qLYapN5SDaBc5dh/3EnyFt53oSs\njTlKnQUPAeJr2qh/NY046CfyUyQMM4JR5OiQFo4TssfWnqdcgamGt0AEnk2lvbMZ\nKQdAqNS9lDzYbjMGavEQPTZE35mFXFQXjaooZXq+TIa7hbaq7/idH7cHNbLcPLgj\nfPQA8q+DYvnvhXlmq0LPQZH3Oiixf+SF2vRwrBzT2mqGD2OiOkUmhuPwyqEiiBHt\nfxklRtRU6WfLa1Gcb1PsV0uoBGpV3KybIl/GlwIDAQABAoIBAEQjDduLgOCL6Gem\n0X3hpdnW6/HC/jed/Sa//9jBECq2LYeWAqff64ON40hqOHi0YvvGA/+gEOSI6mWe\nsv5tIxxRz+6+cLybsq+tG96kluCE4TJMHy/nY7orS/YiWbd+4odnEApr+D3fbZ/b\nnZ1fDsHTyn8hkYx6jLmnWsJpIHDp7zxD76y7k2Bbg6DZrCGiVxngiLJk23dvz79W\np03lHLM7XE92aFwXQmhfxHGxrbuoB/9eY4ai5IHp36H4fw0vL6NXdNQAo/bhe0p9\nAYB7y0ZumF8Hg0Z/BmMeEzLy6HrYB+VE8cO93pNjhSyH+p2yDB/BlUyTiRLQAoM0\nVTmOZXECgYEA7NGlzpKNhyQEJihVqt0MW0LhKIO/xbBn+XgYfX6GpqPa/ucnMx5/\nVezpl3gK8IU4wPUhAyXXAHJiqNBcEeyxrw0MXLujDVMJgYaLysCLJdvMVgoY08mS\nK5IQivpbozpf4+0y3mOnA+Sy1kbfxv2X8xiWLODRQW3f3q/xoklwOR8CgYEA1GEe\nfaibOFTQAYcIVj77KXtBfYZsX3EGAyfAN9O7cKHq5oaxVstwnF47WxpuVtoKZxCZ\nbNm9D5WvQ9b+Ztpioe42tzwE7Bff/Osj868GcDdRPK7nFlh9N2yVn/D514dOYVwR\n4MBr1KrJzgRWt4QqS4H+to1GzudDTSNlG7gnK4kCgYBUi6AbOHzoYzZL/RhgcJwp\ntJ23nhmH1Su5h2OO4e3mbhcP66w19sxU+8iFN+kH5zfUw26utgKk+TE5vXExQQRK\nT2k7bg2PAzcgk80ybD0BHhA8I0yrx4m0nmfjhe/TPVLgh10iwgbtP+eM0i6v1vc5\nZWyvxu9N4ZEL6lpkqr0y1wKBgG/NAIQd8jhhTW7Aav8cAJQBsqQl038avJOEpYe+\nCnpsgoAAf/K0/f8TDCQVceh+t+MxtdK7fO9rWOxZjWsPo8Si5mLnUaAHoX4/OpnZ\nlYYVWMqdOEFnK+O1Yb7k2GFBdV2DXlX2dc1qavntBsls5ecB89id3pyk2aUN8Pf6\npYQhAoGAMGtrHFely9wyaxI0RTCyfmJbWZHGVGkv6ELK8wneJjdjl82XOBUGCg5q\naRCrTZ3dPitKwrUa6ibJCIFCIziiriBmjDvTHzkMvoJEap2TVxYNDR6IfINVsQ57\nlOsiC4A2uGq4Lbfld+gjoplJ5GX6qXtTgZ6m7eo0y7U6zm2tkN0=\n-----END RSA PRIVATE KEY-----\n"),
+								}, []byte("-----BEGIN CERTIFICATE-----\nMIIC2zCCAcOgAwIBAgIIAy/jm1gAAdEwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE\nChMHWklUQURFTDAeFw0yMzA4MzAwNzExMTVaFw0yNDA4MjkwNzExMTVaMBIxEDAO\nBgNVBAoTB1pJVEFERUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE\nd3TztGgSb3LBVZn8f60NbFCyZW+F9HPiMCr9F9T45Zc0fgmMwxId0WzRD5Y/3yc1\ndHJzt+Bsxvw12aUHbIPiothqk3lINoFzl2H/cSfIW3nehKyNOUqdBQ8B4mvaqH81\njTjoJ/JTJAwzglHk6JAWjhOyx9aep1yBqYa3QASeTaW9sxkpB0Co1L2UPNhuMwZq\n8RA9NkTfmYVcVBeNqihler5MhruFtqrv+J0ftwc1stw8uCN89ADyr4Ni+e+FeWar\nQs9Bkfc6KLF/5IXa9HCsHNPaaoYPY6I6RSaG4/DKoSKIEe1/GSVG1FTpZ8trUZxv\nU+xXS6gEalXcrJsiX8aXAgMBAAGjNTAzMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCx\n/dRNIj0N/16zJhZR/ahkc2AkvDXYxyr4JRT5wK9GQDNl/oaX3debRuSi/tfaXFIX\naJA6PxM4J49ZaiEpLrKfxMz5kAhjKchCBEMcH3mGt+iNZH7EOyTvHjpGrP2OZrsh\nO17yrvN3HuQxIU6roJlqtZz2iAADsoPtwOO4D7hupm9XTMkSnAmlMWOo/q46Jz89\n1sMxB+dXmH/zV0wgwh0omZfLV0u89mvdq269VhcjNBpBYSnN1ccqYWd5iwziob3I\nvaavGHGfkbvRUn/tKftYuTK30q03R+e9YbmlWZ0v695owh2e/apCzowQsCKfSVC8\nOxVyt5XkHq1tWwVyBmFp\n-----END CERTIFICATE-----\n"),
+								"",
+								false,
+								gu.Ptr(domain.SAMLNameIDFormatUnspecified),
+								"",
+								false,
+								rep_idp.Options{},
+							)),
+					),
+					expectFilter(
+						eventFromEventPusherWithInstanceID(
+							"instance",
+							func() eventstore.Command {
+								success, _ := url.Parse("https://success.url")
+								failure, _ := url.Parse("https://failure.url")
+								return idpintent.NewStartedEvent(
+									context.Background(),
+									&idpintent.NewAggregate("id", "instance").Aggregate,
+									success,
+									failure,
+									"idp",
+									nil,
+								)
+							}(),
+						),
+					),
+					expectRandomPush(
+						[]eventstore.Command{
+							idpintent.NewSAMLRequestEvent(
+								context.Background(),
+								&idpintent.NewAggregate("id", "instance").Aggregate,
+								"request",
+							),
+						},
+					),
+				),
+				idGenerator: mock.ExpectID(t, "id"),
+			},
+			args{
+				ctx:         authz.SetCtxData(context.Background(), authz.CtxData{OrgID: "ro"}),
+				idpID:       "idp",
+				callbackURL: "url",
+				samlRootURL: "samlurl",
+			},
+			res{
+				url: "http://localhost:8000/sso",
+				values: map[string]string{
+					"SAMLRequest": "", // generated IDs so not assertable
+					"RelayState":  "id",
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -822,16 +909,30 @@ func TestCommands_AuthFromProvider_SAML(t *testing.T) {
 			_, session, err := c.AuthFromProvider(tt.args.ctx, tt.args.idpID, tt.args.callbackURL, tt.args.samlRootURL)
 			require.ErrorIs(t, err, tt.res.err)
 
-			content, _ := session.GetAuth(tt.args.ctx)
-			authURL, err := url.Parse(content)
+			auth, err := session.GetAuth(tt.args.ctx)
 			require.NoError(t, err)
 
+			var authURL *url.URL
+			authFields := make(map[string]string)
+
+			switch a := auth.(type) {
+			case *idp.RedirectAuth:
+				authURL, err = url.Parse(a.RedirectURL)
+				for key, values := range authURL.Query() {
+					authFields[key] = values[0]
+				}
+				require.NoError(t, err)
+			case *idp.FormAuth:
+				authURL, err = url.Parse(a.URL)
+				require.NoError(t, err)
+				authFields = a.Fields
+			}
+
 			assert.Equal(t, tt.res.url, authURL.Scheme+"://"+authURL.Host+authURL.Path)
-			query := authURL.Query()
 			for k, v := range tt.res.values {
-				assert.True(t, query.Has(k))
+				assert.Contains(t, authFields, k)
 				if v != "" {
-					assert.Equal(t, v, query.Get(k))
+					assert.Equal(t, v, authFields[k])
 				}
 			}
 		})
diff --git a/internal/idp/providers/apple/apple_test.go b/internal/idp/providers/apple/apple_test.go
index f3b7e81a1a..7d1f3a8481 100644
--- a/internal/idp/providers/apple/apple_test.go
+++ b/internal/idp/providers/apple/apple_test.go
@@ -62,10 +62,10 @@ func TestProvider_BeginAuth(t *testing.T) {
 			ctx := context.Background()
 			session, err := provider.BeginAuth(ctx, "testState")
 			r.NoError(err)
-			content, redirect := session.GetAuth(ctx)
-			contentExpected, redirectExpected := tt.want.GetAuth(ctx)
-			a.Equal(redirectExpected, redirect)
-			a.Equal(contentExpected, content)
+			auth, err := session.GetAuth(ctx)
+			authExpected, errExpected := tt.want.GetAuth(ctx)
+			a.ErrorIs(err, errExpected)
+			a.Equal(authExpected, auth)
 		})
 	}
 }
diff --git a/internal/idp/providers/azuread/azuread_test.go b/internal/idp/providers/azuread/azuread_test.go
index 122a70bb07..e46815cc8e 100644
--- a/internal/idp/providers/azuread/azuread_test.go
+++ b/internal/idp/providers/azuread/azuread_test.go
@@ -81,10 +81,10 @@ func TestProvider_BeginAuth(t *testing.T) {
 			session, err := provider.BeginAuth(ctx, "testState")
 			r.NoError(err)
 
-			wantHeaders, wantContent := tt.want.GetAuth(ctx)
-			gotHeaders, gotContent := session.GetAuth(ctx)
-			a.Equal(wantHeaders, gotHeaders)
-			a.Equal(wantContent, gotContent)
+			wantAuth, wantErr := tt.want.GetAuth(ctx)
+			gotAuth, gotErr := session.GetAuth(ctx)
+			a.Equal(wantAuth, gotAuth)
+			a.ErrorIs(gotErr, wantErr)
 		})
 	}
 }
diff --git a/internal/idp/providers/azuread/session.go b/internal/idp/providers/azuread/session.go
index 169784fb58..f417897893 100644
--- a/internal/idp/providers/azuread/session.go
+++ b/internal/idp/providers/azuread/session.go
@@ -28,7 +28,7 @@ func NewSession(provider *Provider, code string) *Session {
 }
 
 // GetAuth implements the [idp.Provider] interface by calling the wrapped [oauth.Session].
-func (s *Session) GetAuth(ctx context.Context) (content string, redirect bool) {
+func (s *Session) GetAuth(ctx context.Context) (idp.Auth, error) {
 	return s.oauth().GetAuth(ctx)
 }
 
diff --git a/internal/idp/providers/github/github_test.go b/internal/idp/providers/github/github_test.go
index 6274b51841..42f03c050d 100644
--- a/internal/idp/providers/github/github_test.go
+++ b/internal/idp/providers/github/github_test.go
@@ -48,10 +48,10 @@ func TestProvider_BeginAuth(t *testing.T) {
 			session, err := provider.BeginAuth(ctx, "testState")
 			r.NoError(err)
 
-			wantHeaders, wantContent := tt.want.GetAuth(ctx)
-			gotHeaders, gotContent := session.GetAuth(ctx)
-			a.Equal(wantHeaders, gotHeaders)
-			a.Equal(wantContent, gotContent)
+			wantAuth, wantErr := tt.want.GetAuth(ctx)
+			gotAuth, gotErr := session.GetAuth(ctx)
+			a.Equal(wantAuth, gotAuth)
+			a.ErrorIs(gotErr, wantErr)
 		})
 	}
 }
diff --git a/internal/idp/providers/gitlab/gitlab_test.go b/internal/idp/providers/gitlab/gitlab_test.go
index 24b813bc81..99b28c5003 100644
--- a/internal/idp/providers/gitlab/gitlab_test.go
+++ b/internal/idp/providers/gitlab/gitlab_test.go
@@ -59,10 +59,10 @@ func TestProvider_BeginAuth(t *testing.T) {
 			session, err := provider.BeginAuth(ctx, "testState")
 			r.NoError(err)
 
-			wantHeaders, wantContent := tt.want.GetAuth(ctx)
-			gotHeaders, gotContent := session.GetAuth(ctx)
-			a.Equal(wantHeaders, gotHeaders)
-			a.Equal(wantContent, gotContent)
+			wantAuth, wantErr := tt.want.GetAuth(ctx)
+			gotAuth, gotErr := session.GetAuth(ctx)
+			a.Equal(wantAuth, gotAuth)
+			a.ErrorIs(gotErr, wantErr)
 		})
 	}
 }
diff --git a/internal/idp/providers/google/google_test.go b/internal/idp/providers/google/google_test.go
index b95f8eaf9f..b8f31b86e3 100644
--- a/internal/idp/providers/google/google_test.go
+++ b/internal/idp/providers/google/google_test.go
@@ -48,10 +48,10 @@ func TestProvider_BeginAuth(t *testing.T) {
 			session, err := provider.BeginAuth(ctx, "testState")
 			r.NoError(err)
 
-			wantHeaders, wantContent := tt.want.GetAuth(ctx)
-			gotHeaders, gotContent := session.GetAuth(ctx)
-			a.Equal(wantHeaders, gotHeaders)
-			a.Equal(wantContent, gotContent)
+			wantAuth, wantErr := tt.want.GetAuth(ctx)
+			gotAuth, gotErr := session.GetAuth(ctx)
+			a.Equal(wantAuth, gotAuth)
+			a.ErrorIs(gotErr, wantErr)
 		})
 	}
 }
diff --git a/internal/idp/providers/jwt/jwt_test.go b/internal/idp/providers/jwt/jwt_test.go
index 5756c58e07..aba337d2ee 100644
--- a/internal/idp/providers/jwt/jwt_test.go
+++ b/internal/idp/providers/jwt/jwt_test.go
@@ -119,10 +119,10 @@ func TestProvider_BeginAuth(t *testing.T) {
 			}
 			if tt.want.err == nil {
 				a.NoError(err)
-				wantHeaders, wantContent := tt.want.session.GetAuth(ctx)
-				gotHeaders, gotContent := session.GetAuth(ctx)
-				a.Equal(wantHeaders, gotHeaders)
-				a.Equal(wantContent, gotContent)
+				wantAuth, wantErr := tt.want.session.GetAuth(ctx)
+				gotAuth, gotErr := session.GetAuth(ctx)
+				a.Equal(wantAuth, gotAuth)
+				a.ErrorIs(gotErr, wantErr)
 			}
 		})
 	}
diff --git a/internal/idp/providers/jwt/session.go b/internal/idp/providers/jwt/session.go
index 85b164a9c5..0d91986fc9 100644
--- a/internal/idp/providers/jwt/session.go
+++ b/internal/idp/providers/jwt/session.go
@@ -42,7 +42,7 @@ func NewSessionFromRequest(provider *Provider, r *http.Request) *Session {
 }
 
 // GetAuth implements the [idp.Session] interface.
-func (s *Session) GetAuth(ctx context.Context) (string, bool) {
+func (s *Session) GetAuth(ctx context.Context) (idp.Auth, error) {
 	return idp.Redirect(s.AuthURL)
 }
 
diff --git a/internal/idp/providers/ldap/session.go b/internal/idp/providers/ldap/session.go
index a78dd02d73..6a56cd6132 100644
--- a/internal/idp/providers/ldap/session.go
+++ b/internal/idp/providers/ldap/session.go
@@ -39,7 +39,7 @@ func NewSession(provider *Provider, username, password string) *Session {
 }
 
 // GetAuth implements the [idp.Session] interface.
-func (s *Session) GetAuth(ctx context.Context) (string, bool) {
+func (s *Session) GetAuth(ctx context.Context) (idp.Auth, error) {
 	return idp.Redirect(s.loginUrl)
 }
 
diff --git a/internal/idp/providers/oauth/oauth2_test.go b/internal/idp/providers/oauth/oauth2_test.go
index 984315ac1f..93a0dd404f 100644
--- a/internal/idp/providers/oauth/oauth2_test.go
+++ b/internal/idp/providers/oauth/oauth2_test.go
@@ -80,10 +80,10 @@ func TestProvider_BeginAuth(t *testing.T) {
 			session, err := provider.BeginAuth(ctx, "testState")
 			r.NoError(err)
 
-			wantHeaders, wantContent := tt.want.GetAuth(ctx)
-			gotHeaders, gotContent := session.GetAuth(ctx)
-			a.Equal(wantHeaders, gotHeaders)
-			a.Equal(wantContent, gotContent)
+			wantAuth, wantErr := tt.want.GetAuth(ctx)
+			gotAuth, gotErr := session.GetAuth(ctx)
+			a.Equal(wantAuth, gotAuth)
+			a.ErrorIs(gotErr, wantErr)
 		})
 	}
 }
diff --git a/internal/idp/providers/oauth/session.go b/internal/idp/providers/oauth/session.go
index c9e175d1cf..27d38b1740 100644
--- a/internal/idp/providers/oauth/session.go
+++ b/internal/idp/providers/oauth/session.go
@@ -37,7 +37,7 @@ func NewSession(provider *Provider, code string, idpArguments map[string]any) *S
 }
 
 // GetAuth implements the [idp.Session] interface.
-func (s *Session) GetAuth(ctx context.Context) (string, bool) {
+func (s *Session) GetAuth(ctx context.Context) (idp.Auth, error) {
 	return idp.Redirect(s.AuthURL)
 }
 
diff --git a/internal/idp/providers/oidc/oidc_test.go b/internal/idp/providers/oidc/oidc_test.go
index a46f09f13f..86e23f95d2 100644
--- a/internal/idp/providers/oidc/oidc_test.go
+++ b/internal/idp/providers/oidc/oidc_test.go
@@ -98,10 +98,10 @@ func TestProvider_BeginAuth(t *testing.T) {
 			session, err := provider.BeginAuth(ctx, "testState")
 			r.NoError(err)
 
-			wantHeaders, wantContent := tt.want.GetAuth(ctx)
-			gotHeaders, gotContent := session.GetAuth(ctx)
-			a.Equal(wantHeaders, gotHeaders)
-			a.Equal(wantContent, gotContent)
+			wantAuth, wantErr := tt.want.GetAuth(ctx)
+			gotAuth, gotErr := session.GetAuth(ctx)
+			a.Equal(wantAuth, gotAuth)
+			a.ErrorIs(gotErr, wantErr)
 		})
 	}
 }
diff --git a/internal/idp/providers/oidc/session.go b/internal/idp/providers/oidc/session.go
index 9e1e55baf5..08e277a9cc 100644
--- a/internal/idp/providers/oidc/session.go
+++ b/internal/idp/providers/oidc/session.go
@@ -33,7 +33,7 @@ func NewSession(provider *Provider, code string, idpArguments map[string]any) *S
 }
 
 // GetAuth implements the [idp.Session] interface.
-func (s *Session) GetAuth(ctx context.Context) (string, bool) {
+func (s *Session) GetAuth(ctx context.Context) (idp.Auth, error) {
 	return idp.Redirect(s.AuthURL)
 }
 
diff --git a/internal/idp/providers/saml/saml_test.go b/internal/idp/providers/saml/saml_test.go
index 69ff231ccc..5e76e6dcaa 100644
--- a/internal/idp/providers/saml/saml_test.go
+++ b/internal/idp/providers/saml/saml_test.go
@@ -1,7 +1,9 @@
 package saml
 
 import (
+	"context"
 	"encoding/xml"
+	"net/url"
 	"testing"
 	"time"
 
@@ -11,10 +13,138 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/idp"
 	"github.com/zitadel/zitadel/internal/idp/providers/saml/requesttracker"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
 
+func TestProvider_BeginAuth(t *testing.T) {
+	requestTracker := requesttracker.New(
+		func(ctx context.Context, authRequestID, samlRequestID string) error {
+			assert.Equal(t, "state", authRequestID)
+			return nil
+		},
+		func(ctx context.Context, authRequestID string) (*samlsp.TrackedRequest, error) {
+			return &samlsp.TrackedRequest{
+				SAMLRequestID: "state",
+				Index:         authRequestID,
+			}, nil
+		},
+	)
+	type fields struct {
+		name        string
+		rootURL     string
+		metadata    []byte
+		certificate []byte
+		key         []byte
+		options     []ProviderOpts
+	}
+	type args struct {
+		state string
+	}
+	type want struct {
+		err        func(error) bool
+		authType   idp.Auth
+		ssoURL     string
+		relayState string
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   want
+	}{
+		{
+			name: "redirect binding, success",
+			fields: fields{
+				name:        "saml",
+				rootURL:     "https://localhost:8080",
+				metadata:    []byte("<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2023-08-27T12:40:58.803Z\" cacheDuration=\"PT48H\" entityID=\"http://localhost:8000/metadata\">\n  <IDPSSODescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n    <KeyDescriptor use=\"signing\">\n      <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n        <X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n          <X509Certificate xmlns=\"http://www.w3.org/2000/09/xmldsig#\">MIIDBzCCAe+gAwIBAgIJAPr/Mrlc8EGhMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNTEyMjgxOTE5NDVaFw0yNTEyMjUxOTE5NDVaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDoWzLos4LWxTn8Gyu2lEbl4WcelUbgLN5zYm4ron8Ahs+rvcsu2zkdD/s6jdGJI8WqJKhYK2u61ygnXgAZqC6ggtFPnBpizcDzjgND2g+aucSoUODHt67f0fQuAmupN/zp5MZysJ6IHLJnYLNpfJYk96lRz9ODnO1Mpqtr9PWxm+pz7nzq5F0vRepkgpcRxv6ufQBjlrFytccyEVdXrvFtkjXcnhVVNSR4kHuOOMS6D7pebSJ1mrCmshbD5SX1jXPBKFPAjozYX6PxqLxUx1Y4faFEf4MBBVcInyB4oURNB2s59hEEi2jq9izNE7EbEK6BY5sEhoCPl9m32zE6ljkCAwEAAaNQME4wHQYDVR0OBBYEFB9ZklC1Ork2zl56zg08ei7ss/+iMB8GA1UdIwQYMBaAFB9ZklC1Ork2zl56zg08ei7ss/+iMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAVoTSQ5pAirw8OR9FZ1bRSuTDhY9uxzl/OL7lUmsv2cMNeCB3BRZqm3mFt+cwN8GsH6f3uvNONIhgFpTGN5LEcXQz89zJEzB+qaHqmbFpHQl/sx2B8ezNgT/882H2IH00dXESEfy/+1gHg2pxjGnhRBN6el/gSaDiySIMKbilDrffuvxiCfbpPN0NRRiPJhd2ay9KuL/RxQRl1gl9cHaWiouWWba1bSBb2ZPhv2rPMUsFo98ntkGCObDX6Y1SpkqmoTbrsbGFsTG2DLxnvr4GdN1BSr0Uu/KV3adj47WkXVPeMYQti/bQmxQB8tRFhrw80qakTLUzreO96WzlBBMtY=</X509Certificate>\n        </X509Data>\n      </KeyInfo>\n    </KeyDescriptor>\n    <KeyDescriptor use=\"encryption\">\n      <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n        <X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n          <X509Certificate xmlns=\"http://www.w3.org/2000/09/xmldsig#\">MIIDBzCCAe+gAwIBAgIJAPr/Mrlc8EGhMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNTEyMjgxOTE5NDVaFw0yNTEyMjUxOTE5NDVaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDoWzLos4LWxTn8Gyu2lEbl4WcelUbgLN5zYm4ron8Ahs+rvcsu2zkdD/s6jdGJI8WqJKhYK2u61ygnXgAZqC6ggtFPnBpizcDzjgND2g+aucSoUODHt67f0fQuAmupN/zp5MZysJ6IHLJnYLNpfJYk96lRz9ODnO1Mpqtr9PWxm+pz7nzq5F0vRepkgpcRxv6ufQBjlrFytccyEVdXrvFtkjXcnhVVNSR4kHuOOMS6D7pebSJ1mrCmshbD5SX1jXPBKFPAjozYX6PxqLxUx1Y4faFEf4MBBVcInyB4oURNB2s59hEEi2jq9izNE7EbEK6BY5sEhoCPl9m32zE6ljkCAwEAAaNQME4wHQYDVR0OBBYEFB9ZklC1Ork2zl56zg08ei7ss/+iMB8GA1UdIwQYMBaAFB9ZklC1Ork2zl56zg08ei7ss/+iMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAVoTSQ5pAirw8OR9FZ1bRSuTDhY9uxzl/OL7lUmsv2cMNeCB3BRZqm3mFt+cwN8GsH6f3uvNONIhgFpTGN5LEcXQz89zJEzB+qaHqmbFpHQl/sx2B8ezNgT/882H2IH00dXESEfy/+1gHg2pxjGnhRBN6el/gSaDiySIMKbilDrffuvxiCfbpPN0NRRiPJhd2ay9KuL/RxQRl1gl9cHaWiouWWba1bSBb2ZPhv2rPMUsFo98ntkGCObDX6Y1SpkqmoTbrsbGFsTG2DLxnvr4GdN1BSr0Uu/KV3adj47WkXVPeMYQti/bQmxQB8tRFhrw80qakTLUzreO96WzlBBMtY=</X509Certificate>\n        </X509Data>\n      </KeyInfo>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\"></EncryptionMethod>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes192-cbc\"></EncryptionMethod>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\"></EncryptionMethod>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\"></EncryptionMethod>\n    </KeyDescriptor>\n    <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>\n    <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://localhost:8000/sso\"></SingleSignOnService>\n    <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8000/sso\"></SingleSignOnService>\n  </IDPSSODescriptor>\n</EntityDescriptor>"),
+				certificate: []byte("-----BEGIN CERTIFICATE-----\nMIIC2zCCAcOgAwIBAgIIAy/jm1gAAdEwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE\nChMHWklUQURFTDAeFw0yMzA4MzAwNzExMTVaFw0yNDA4MjkwNzExMTVaMBIxEDAO\nBgNVBAoTB1pJVEFERUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE\nd3TztGgSb3LBVZn8f60NbFCyZW+F9HPiMCr9F9T45Zc0fgmMwxId0WzRD5Y/3yc1\ndHJzt+Bsxvw12aUHbIPiothqk3lINoFzl2H/cSfIW3nehKyNOUqdBQ8B4mvaqH81\njTjoJ/JTJAwzglHk6JAWjhOyx9aep1yBqYa3QASeTaW9sxkpB0Co1L2UPNhuMwZq\n8RA9NkTfmYVcVBeNqihler5MhruFtqrv+J0ftwc1stw8uCN89ADyr4Ni+e+FeWar\nQs9Bkfc6KLF/5IXa9HCsHNPaaoYPY6I6RSaG4/DKoSKIEe1/GSVG1FTpZ8trUZxv\nU+xXS6gEalXcrJsiX8aXAgMBAAGjNTAzMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCx\n/dRNIj0N/16zJhZR/ahkc2AkvDXYxyr4JRT5wK9GQDNl/oaX3debRuSi/tfaXFIX\naJA6PxM4J49ZaiEpLrKfxMz5kAhjKchCBEMcH3mGt+iNZH7EOyTvHjpGrP2OZrsh\nO17yrvN3HuQxIU6roJlqtZz2iAADsoPtwOO4D7hupm9XTMkSnAmlMWOo/q46Jz89\n1sMxB+dXmH/zV0wgwh0omZfLV0u89mvdq269VhcjNBpBYSnN1ccqYWd5iwziob3I\nvaavGHGfkbvRUn/tKftYuTK30q03R+e9YbmlWZ0v695owh2e/apCzowQsCKfSVC8\nOxVyt5XkHq1tWwVyBmFp\n-----END CERTIFICATE-----\n"),
+				key:         []byte("-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAxHd087RoEm9ywVWZ/H+tDWxQsmVvhfRz4jAq/RfU+OWXNH4J\njMMSHdFs0Q+WP98nNXRyc7fgbMb8NdmlB2yD4qLYapN5SDaBc5dh/3EnyFt53oSs\njTlKnQUPAeJr2qh/NY046CfyUyQMM4JR5OiQFo4TssfWnqdcgamGt0AEnk2lvbMZ\nKQdAqNS9lDzYbjMGavEQPTZE35mFXFQXjaooZXq+TIa7hbaq7/idH7cHNbLcPLgj\nfPQA8q+DYvnvhXlmq0LPQZH3Oiixf+SF2vRwrBzT2mqGD2OiOkUmhuPwyqEiiBHt\nfxklRtRU6WfLa1Gcb1PsV0uoBGpV3KybIl/GlwIDAQABAoIBAEQjDduLgOCL6Gem\n0X3hpdnW6/HC/jed/Sa//9jBECq2LYeWAqff64ON40hqOHi0YvvGA/+gEOSI6mWe\nsv5tIxxRz+6+cLybsq+tG96kluCE4TJMHy/nY7orS/YiWbd+4odnEApr+D3fbZ/b\nnZ1fDsHTyn8hkYx6jLmnWsJpIHDp7zxD76y7k2Bbg6DZrCGiVxngiLJk23dvz79W\np03lHLM7XE92aFwXQmhfxHGxrbuoB/9eY4ai5IHp36H4fw0vL6NXdNQAo/bhe0p9\nAYB7y0ZumF8Hg0Z/BmMeEzLy6HrYB+VE8cO93pNjhSyH+p2yDB/BlUyTiRLQAoM0\nVTmOZXECgYEA7NGlzpKNhyQEJihVqt0MW0LhKIO/xbBn+XgYfX6GpqPa/ucnMx5/\nVezpl3gK8IU4wPUhAyXXAHJiqNBcEeyxrw0MXLujDVMJgYaLysCLJdvMVgoY08mS\nK5IQivpbozpf4+0y3mOnA+Sy1kbfxv2X8xiWLODRQW3f3q/xoklwOR8CgYEA1GEe\nfaibOFTQAYcIVj77KXtBfYZsX3EGAyfAN9O7cKHq5oaxVstwnF47WxpuVtoKZxCZ\nbNm9D5WvQ9b+Ztpioe42tzwE7Bff/Osj868GcDdRPK7nFlh9N2yVn/D514dOYVwR\n4MBr1KrJzgRWt4QqS4H+to1GzudDTSNlG7gnK4kCgYBUi6AbOHzoYzZL/RhgcJwp\ntJ23nhmH1Su5h2OO4e3mbhcP66w19sxU+8iFN+kH5zfUw26utgKk+TE5vXExQQRK\nT2k7bg2PAzcgk80ybD0BHhA8I0yrx4m0nmfjhe/TPVLgh10iwgbtP+eM0i6v1vc5\nZWyvxu9N4ZEL6lpkqr0y1wKBgG/NAIQd8jhhTW7Aav8cAJQBsqQl038avJOEpYe+\nCnpsgoAAf/K0/f8TDCQVceh+t+MxtdK7fO9rWOxZjWsPo8Si5mLnUaAHoX4/OpnZ\nlYYVWMqdOEFnK+O1Yb7k2GFBdV2DXlX2dc1qavntBsls5ecB89id3pyk2aUN8Pf6\npYQhAoGAMGtrHFely9wyaxI0RTCyfmJbWZHGVGkv6ELK8wneJjdjl82XOBUGCg5q\naRCrTZ3dPitKwrUa6ibJCIFCIziiriBmjDvTHzkMvoJEap2TVxYNDR6IfINVsQ57\nlOsiC4A2uGq4Lbfld+gjoplJ5GX6qXtTgZ6m7eo0y7U6zm2tkN0=\n-----END RSA PRIVATE KEY-----\n"),
+				options: []ProviderOpts{
+					WithCustomRequestTracker(requestTracker),
+				},
+			},
+			args: args{
+				state: "state",
+			},
+			want: want{
+				authType:   &idp.RedirectAuth{},
+				ssoURL:     "http://localhost:8000/sso",
+				relayState: "state",
+			},
+		},
+		{
+			name: "post binding, success",
+			fields: fields{
+				name:        "saml",
+				rootURL:     "https://localhost:8080",
+				metadata:    []byte("<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2023-08-27T12:40:58.803Z\" cacheDuration=\"PT48H\" entityID=\"http://localhost:8000/metadata\">\n  <IDPSSODescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n    <KeyDescriptor use=\"signing\">\n      <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n        <X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n          <X509Certificate xmlns=\"http://www.w3.org/2000/09/xmldsig#\">MIIDBzCCAe+gAwIBAgIJAPr/Mrlc8EGhMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNTEyMjgxOTE5NDVaFw0yNTEyMjUxOTE5NDVaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDoWzLos4LWxTn8Gyu2lEbl4WcelUbgLN5zYm4ron8Ahs+rvcsu2zkdD/s6jdGJI8WqJKhYK2u61ygnXgAZqC6ggtFPnBpizcDzjgND2g+aucSoUODHt67f0fQuAmupN/zp5MZysJ6IHLJnYLNpfJYk96lRz9ODnO1Mpqtr9PWxm+pz7nzq5F0vRepkgpcRxv6ufQBjlrFytccyEVdXrvFtkjXcnhVVNSR4kHuOOMS6D7pebSJ1mrCmshbD5SX1jXPBKFPAjozYX6PxqLxUx1Y4faFEf4MBBVcInyB4oURNB2s59hEEi2jq9izNE7EbEK6BY5sEhoCPl9m32zE6ljkCAwEAAaNQME4wHQYDVR0OBBYEFB9ZklC1Ork2zl56zg08ei7ss/+iMB8GA1UdIwQYMBaAFB9ZklC1Ork2zl56zg08ei7ss/+iMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAVoTSQ5pAirw8OR9FZ1bRSuTDhY9uxzl/OL7lUmsv2cMNeCB3BRZqm3mFt+cwN8GsH6f3uvNONIhgFpTGN5LEcXQz89zJEzB+qaHqmbFpHQl/sx2B8ezNgT/882H2IH00dXESEfy/+1gHg2pxjGnhRBN6el/gSaDiySIMKbilDrffuvxiCfbpPN0NRRiPJhd2ay9KuL/RxQRl1gl9cHaWiouWWba1bSBb2ZPhv2rPMUsFo98ntkGCObDX6Y1SpkqmoTbrsbGFsTG2DLxnvr4GdN1BSr0Uu/KV3adj47WkXVPeMYQti/bQmxQB8tRFhrw80qakTLUzreO96WzlBBMtY=</X509Certificate>\n        </X509Data>\n      </KeyInfo>\n    </KeyDescriptor>\n    <KeyDescriptor use=\"encryption\">\n      <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n        <X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n          <X509Certificate xmlns=\"http://www.w3.org/2000/09/xmldsig#\">MIIDBzCCAe+gAwIBAgIJAPr/Mrlc8EGhMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNTEyMjgxOTE5NDVaFw0yNTEyMjUxOTE5NDVaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDoWzLos4LWxTn8Gyu2lEbl4WcelUbgLN5zYm4ron8Ahs+rvcsu2zkdD/s6jdGJI8WqJKhYK2u61ygnXgAZqC6ggtFPnBpizcDzjgND2g+aucSoUODHt67f0fQuAmupN/zp5MZysJ6IHLJnYLNpfJYk96lRz9ODnO1Mpqtr9PWxm+pz7nzq5F0vRepkgpcRxv6ufQBjlrFytccyEVdXrvFtkjXcnhVVNSR4kHuOOMS6D7pebSJ1mrCmshbD5SX1jXPBKFPAjozYX6PxqLxUx1Y4faFEf4MBBVcInyB4oURNB2s59hEEi2jq9izNE7EbEK6BY5sEhoCPl9m32zE6ljkCAwEAAaNQME4wHQYDVR0OBBYEFB9ZklC1Ork2zl56zg08ei7ss/+iMB8GA1UdIwQYMBaAFB9ZklC1Ork2zl56zg08ei7ss/+iMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAVoTSQ5pAirw8OR9FZ1bRSuTDhY9uxzl/OL7lUmsv2cMNeCB3BRZqm3mFt+cwN8GsH6f3uvNONIhgFpTGN5LEcXQz89zJEzB+qaHqmbFpHQl/sx2B8ezNgT/882H2IH00dXESEfy/+1gHg2pxjGnhRBN6el/gSaDiySIMKbilDrffuvxiCfbpPN0NRRiPJhd2ay9KuL/RxQRl1gl9cHaWiouWWba1bSBb2ZPhv2rPMUsFo98ntkGCObDX6Y1SpkqmoTbrsbGFsTG2DLxnvr4GdN1BSr0Uu/KV3adj47WkXVPeMYQti/bQmxQB8tRFhrw80qakTLUzreO96WzlBBMtY=</X509Certificate>\n        </X509Data>\n      </KeyInfo>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\"></EncryptionMethod>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes192-cbc\"></EncryptionMethod>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\"></EncryptionMethod>\n      <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\"></EncryptionMethod>\n    </KeyDescriptor>\n    <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>\n    <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8000/sso\"></SingleSignOnService>\n    <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8000/sso\"></SingleSignOnService>\n  </IDPSSODescriptor>\n</EntityDescriptor>"),
+				certificate: []byte("-----BEGIN CERTIFICATE-----\nMIIC2zCCAcOgAwIBAgIIAy/jm1gAAdEwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE\nChMHWklUQURFTDAeFw0yMzA4MzAwNzExMTVaFw0yNDA4MjkwNzExMTVaMBIxEDAO\nBgNVBAoTB1pJVEFERUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE\nd3TztGgSb3LBVZn8f60NbFCyZW+F9HPiMCr9F9T45Zc0fgmMwxId0WzRD5Y/3yc1\ndHJzt+Bsxvw12aUHbIPiothqk3lINoFzl2H/cSfIW3nehKyNOUqdBQ8B4mvaqH81\njTjoJ/JTJAwzglHk6JAWjhOyx9aep1yBqYa3QASeTaW9sxkpB0Co1L2UPNhuMwZq\n8RA9NkTfmYVcVBeNqihler5MhruFtqrv+J0ftwc1stw8uCN89ADyr4Ni+e+FeWar\nQs9Bkfc6KLF/5IXa9HCsHNPaaoYPY6I6RSaG4/DKoSKIEe1/GSVG1FTpZ8trUZxv\nU+xXS6gEalXcrJsiX8aXAgMBAAGjNTAzMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCx\n/dRNIj0N/16zJhZR/ahkc2AkvDXYxyr4JRT5wK9GQDNl/oaX3debRuSi/tfaXFIX\naJA6PxM4J49ZaiEpLrKfxMz5kAhjKchCBEMcH3mGt+iNZH7EOyTvHjpGrP2OZrsh\nO17yrvN3HuQxIU6roJlqtZz2iAADsoPtwOO4D7hupm9XTMkSnAmlMWOo/q46Jz89\n1sMxB+dXmH/zV0wgwh0omZfLV0u89mvdq269VhcjNBpBYSnN1ccqYWd5iwziob3I\nvaavGHGfkbvRUn/tKftYuTK30q03R+e9YbmlWZ0v695owh2e/apCzowQsCKfSVC8\nOxVyt5XkHq1tWwVyBmFp\n-----END CERTIFICATE-----\n"),
+				key:         []byte("-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAxHd087RoEm9ywVWZ/H+tDWxQsmVvhfRz4jAq/RfU+OWXNH4J\njMMSHdFs0Q+WP98nNXRyc7fgbMb8NdmlB2yD4qLYapN5SDaBc5dh/3EnyFt53oSs\njTlKnQUPAeJr2qh/NY046CfyUyQMM4JR5OiQFo4TssfWnqdcgamGt0AEnk2lvbMZ\nKQdAqNS9lDzYbjMGavEQPTZE35mFXFQXjaooZXq+TIa7hbaq7/idH7cHNbLcPLgj\nfPQA8q+DYvnvhXlmq0LPQZH3Oiixf+SF2vRwrBzT2mqGD2OiOkUmhuPwyqEiiBHt\nfxklRtRU6WfLa1Gcb1PsV0uoBGpV3KybIl/GlwIDAQABAoIBAEQjDduLgOCL6Gem\n0X3hpdnW6/HC/jed/Sa//9jBECq2LYeWAqff64ON40hqOHi0YvvGA/+gEOSI6mWe\nsv5tIxxRz+6+cLybsq+tG96kluCE4TJMHy/nY7orS/YiWbd+4odnEApr+D3fbZ/b\nnZ1fDsHTyn8hkYx6jLmnWsJpIHDp7zxD76y7k2Bbg6DZrCGiVxngiLJk23dvz79W\np03lHLM7XE92aFwXQmhfxHGxrbuoB/9eY4ai5IHp36H4fw0vL6NXdNQAo/bhe0p9\nAYB7y0ZumF8Hg0Z/BmMeEzLy6HrYB+VE8cO93pNjhSyH+p2yDB/BlUyTiRLQAoM0\nVTmOZXECgYEA7NGlzpKNhyQEJihVqt0MW0LhKIO/xbBn+XgYfX6GpqPa/ucnMx5/\nVezpl3gK8IU4wPUhAyXXAHJiqNBcEeyxrw0MXLujDVMJgYaLysCLJdvMVgoY08mS\nK5IQivpbozpf4+0y3mOnA+Sy1kbfxv2X8xiWLODRQW3f3q/xoklwOR8CgYEA1GEe\nfaibOFTQAYcIVj77KXtBfYZsX3EGAyfAN9O7cKHq5oaxVstwnF47WxpuVtoKZxCZ\nbNm9D5WvQ9b+Ztpioe42tzwE7Bff/Osj868GcDdRPK7nFlh9N2yVn/D514dOYVwR\n4MBr1KrJzgRWt4QqS4H+to1GzudDTSNlG7gnK4kCgYBUi6AbOHzoYzZL/RhgcJwp\ntJ23nhmH1Su5h2OO4e3mbhcP66w19sxU+8iFN+kH5zfUw26utgKk+TE5vXExQQRK\nT2k7bg2PAzcgk80ybD0BHhA8I0yrx4m0nmfjhe/TPVLgh10iwgbtP+eM0i6v1vc5\nZWyvxu9N4ZEL6lpkqr0y1wKBgG/NAIQd8jhhTW7Aav8cAJQBsqQl038avJOEpYe+\nCnpsgoAAf/K0/f8TDCQVceh+t+MxtdK7fO9rWOxZjWsPo8Si5mLnUaAHoX4/OpnZ\nlYYVWMqdOEFnK+O1Yb7k2GFBdV2DXlX2dc1qavntBsls5ecB89id3pyk2aUN8Pf6\npYQhAoGAMGtrHFely9wyaxI0RTCyfmJbWZHGVGkv6ELK8wneJjdjl82XOBUGCg5q\naRCrTZ3dPitKwrUa6ibJCIFCIziiriBmjDvTHzkMvoJEap2TVxYNDR6IfINVsQ57\nlOsiC4A2uGq4Lbfld+gjoplJ5GX6qXtTgZ6m7eo0y7U6zm2tkN0=\n-----END RSA PRIVATE KEY-----\n"),
+				options: []ProviderOpts{
+					WithCustomRequestTracker(requestTracker),
+				},
+			},
+			args: args{
+				state: "state",
+			},
+			want: want{
+				authType:   &idp.FormAuth{},
+				ssoURL:     "http://localhost:8000/sso",
+				relayState: "state",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			a := assert.New(t)
+
+			provider, err := New(
+				tt.fields.name,
+				tt.fields.rootURL,
+				tt.fields.metadata,
+				tt.fields.certificate,
+				tt.fields.key,
+				tt.fields.options...,
+			)
+			require.NoError(t, err)
+
+			ctx := context.Background()
+			session, err := provider.BeginAuth(ctx, tt.args.state, nil)
+			if tt.want.err != nil && !tt.want.err(err) {
+				a.Fail("invalid error", err)
+			}
+			if tt.want.err == nil {
+				a.NoError(err)
+				gotAuth, gotErr := session.GetAuth(ctx)
+				a.NoError(gotErr)
+				a.IsType(tt.want.authType, gotAuth)
+
+				var ssoURL, relayState, samlRequest string
+				switch auth := gotAuth.(type) {
+				case *idp.RedirectAuth:
+					gotRedirect, err := url.Parse(auth.RedirectURL)
+					a.NoError(err)
+					gotQuery := gotRedirect.Query()
+
+					ssoURL = gotRedirect.Scheme + "://" + gotRedirect.Host + gotRedirect.Path
+					relayState = gotQuery.Get("RelayState")
+					samlRequest = gotQuery.Get("SAMLRequest")
+				case *idp.FormAuth:
+					ssoURL = auth.URL
+					relayState = auth.Fields["RelayState"]
+					samlRequest = auth.Fields["SAMLRequest"]
+				}
+				a.Equal(tt.want.ssoURL, ssoURL)
+				a.Equal(tt.want.relayState, relayState)
+				a.NotEmpty(samlRequest)
+			}
+		})
+	}
+}
+
 func TestProvider_Options(t *testing.T) {
 	type fields struct {
 		name        string
diff --git a/internal/idp/providers/saml/session.go b/internal/idp/providers/saml/session.go
index e2a1655a26..e1f32209b0 100644
--- a/internal/idp/providers/saml/session.go
+++ b/internal/idp/providers/saml/session.go
@@ -1,13 +1,14 @@
 package saml
 
 import (
-	"bytes"
 	"context"
+	"encoding/base64"
 	"errors"
 	"net/http"
 	"net/url"
 	"time"
 
+	"github.com/beevik/etree"
 	"github.com/crewjam/saml"
 	"github.com/crewjam/saml/samlsp"
 
@@ -43,22 +44,15 @@ func NewSession(provider *Provider, requestID string, request *http.Request) (*S
 }
 
 // GetAuth implements the [idp.Session] interface.
-func (s *Session) GetAuth(ctx context.Context) (string, bool) {
-	url, _ := url.Parse(s.state)
-	resp := NewTempResponseWriter()
-
+func (s *Session) GetAuth(ctx context.Context) (idp.Auth, error) {
+	url, err := url.Parse(s.state)
+	if err != nil {
+		return nil, err
+	}
 	request := &http.Request{
 		URL: url,
 	}
-	s.ServiceProvider.HandleStartAuthFlow(
-		resp,
-		request.WithContext(ctx),
-	)
-
-	if location := resp.Header().Get("Location"); location != "" {
-		return idp.Redirect(location)
-	}
-	return idp.Form(resp.content.String())
+	return s.auth(request.WithContext(ctx))
 }
 
 // PersistentParameters implements the [idp.Session] interface.
@@ -130,24 +124,57 @@ func (s *Session) transientMappingID() (string, error) {
 	return "", zerrors.ThrowInvalidArgument(nil, "SAML-swwg2", "Errors.Intent.MissingSingleMappingAttribute")
 }
 
-type TempResponseWriter struct {
-	header  http.Header
-	content *bytes.Buffer
-}
-
-func (w *TempResponseWriter) Header() http.Header {
-	return w.header
-}
-
-func (w *TempResponseWriter) Write(content []byte) (int, error) {
-	return w.content.Write(content)
-}
-
-func (w *TempResponseWriter) WriteHeader(statusCode int) {}
-
-func NewTempResponseWriter() *TempResponseWriter {
-	return &TempResponseWriter{
-		header:  map[string][]string{},
-		content: bytes.NewBuffer([]byte{}),
+// auth is a modified copy of the [samlsp.Middleware.HandleStartAuthFlow] method.
+// Instead of writing the response to the http.ResponseWriter, it returns the auth request as an [idp.Auth].
+// In case of an error, it returns the error directly and does not write to the response.
+func (s *Session) auth(r *http.Request) (idp.Auth, error) {
+	if r.URL.Path == s.ServiceProvider.ServiceProvider.AcsURL.Path {
+		// should never occur, but was handled in the original method, so we keep it here
+		return nil, zerrors.ThrowInvalidArgument(nil, "SAML-Eoi24", "don't wrap Middleware with RequireAccount")
 	}
+
+	var binding, bindingLocation string
+	if s.ServiceProvider.Binding != "" {
+		binding = s.ServiceProvider.Binding
+		bindingLocation = s.ServiceProvider.ServiceProvider.GetSSOBindingLocation(binding)
+	} else {
+		binding = saml.HTTPRedirectBinding
+		bindingLocation = s.ServiceProvider.ServiceProvider.GetSSOBindingLocation(binding)
+		if bindingLocation == "" {
+			binding = saml.HTTPPostBinding
+			bindingLocation = s.ServiceProvider.ServiceProvider.GetSSOBindingLocation(binding)
+		}
+	}
+
+	authReq, err := s.ServiceProvider.ServiceProvider.MakeAuthenticationRequest(bindingLocation, binding, s.ServiceProvider.ResponseBinding)
+	if err != nil {
+		return nil, err
+	}
+	relayState, err := s.ServiceProvider.RequestTracker.TrackRequest(nil, r, authReq.ID)
+	if err != nil {
+		return nil, err
+	}
+
+	if binding == saml.HTTPRedirectBinding {
+		redirectURL, err := authReq.Redirect(relayState, &s.ServiceProvider.ServiceProvider)
+		if err != nil {
+			return nil, err
+		}
+		return idp.Redirect(redirectURL.String())
+	}
+	if binding == saml.HTTPPostBinding {
+		doc := etree.NewDocument()
+		doc.SetRoot(authReq.Element())
+		reqBuf, err := doc.WriteToBytes()
+		if err != nil {
+			return nil, err
+		}
+		encodedReqBuf := base64.StdEncoding.EncodeToString(reqBuf)
+		return idp.Form(authReq.Destination,
+			map[string]string{
+				"SAMLRequest": encodedReqBuf,
+				"RelayState":  relayState,
+			})
+	}
+	return nil, zerrors.ThrowInvalidArgument(nil, "SAML-Eoi24", "Errors.Intent.Invalid")
 }
diff --git a/internal/idp/session.go b/internal/idp/session.go
index fc593eb820..d0df3415bf 100644
--- a/internal/idp/session.go
+++ b/internal/idp/session.go
@@ -7,12 +7,29 @@ import (
 
 // Session is the minimal implementation for a session of a 3rd party authentication [Provider]
 type Session interface {
-	GetAuth(ctx context.Context) (content string, redirect bool)
+	GetAuth(ctx context.Context) (Auth, error)
 	PersistentParameters() map[string]any
 	FetchUser(ctx context.Context) (User, error)
 	ExpiresAt() time.Time
 }
 
+type Auth interface {
+	auth()
+}
+
+type RedirectAuth struct {
+	RedirectURL string
+}
+
+func (r *RedirectAuth) auth() {}
+
+type FormAuth struct {
+	URL    string
+	Fields map[string]string
+}
+
+func (f *FormAuth) auth() {}
+
 // SessionSupportsMigration is an optional extension to the Session interface.
 // It can be implemented to support migrating users, were the initial external id has changed because of a migration of the Provider type.
 // E.g. when a user was linked on a generic OIDC provider and this provider has now been migrated to an AzureAD provider.
@@ -22,10 +39,13 @@ type SessionSupportsMigration interface {
 	RetrievePreviousID() (previousID string, err error)
 }
 
-func Redirect(redirectURL string) (string, bool) {
-	return redirectURL, true
+func Redirect(redirectURL string) (*RedirectAuth, error) {
+	return &RedirectAuth{RedirectURL: redirectURL}, nil
 }
 
-func Form(html string) (string, bool) {
-	return html, false
+func Form(url string, fields map[string]string) (*FormAuth, error) {
+	return &FormAuth{
+		URL:    url,
+		Fields: fields,
+	}, nil
 }
diff --git a/proto/zitadel/user/v2/idp.proto b/proto/zitadel/user/v2/idp.proto
index 73e633fb67..828a035c29 100644
--- a/proto/zitadel/user/v2/idp.proto
+++ b/proto/zitadel/user/v2/idp.proto
@@ -162,3 +162,21 @@ message IDPLink {
     }
   ];
 }
+
+message FormData {
+  // The URL to which the form should be submitted using the POST method.
+  string url = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"https://idp.com/saml/v2/acs\"";
+    }
+  ];
+  // The form fields to be submitted.
+  // Each field is represented as a key-value pair, where the key is the field / input name
+  // and the value is the field / input value.
+  // All fields need to be submitted as is and as input type "text".
+  map<string, string> fields = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "{\"relayState\":\"state\",\"SAMLRequest\":\"asjfkj3ir2fj248=\"}";
+    }
+ ];
+}
\ No newline at end of file
diff --git a/proto/zitadel/user/v2/user_service.proto b/proto/zitadel/user/v2/user_service.proto
index 79f66266bc..349f3c6c54 100644
--- a/proto/zitadel/user/v2/user_service.proto
+++ b/proto/zitadel/user/v2/user_service.proto
@@ -2895,11 +2895,15 @@ message StartIdentityProviderIntentResponse{
         description: "IDP Intent information"
       }
     ];
+    // POST call information
+    // Deprecated: Use form_data instead
     bytes post_form = 4 [
       (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
         description: "POST call information"
       }
     ];
+    // Data for a form POST call
+    FormData form_data = 5;
   }
 }
 
diff --git a/proto/zitadel/user/v2beta/idp.proto b/proto/zitadel/user/v2beta/idp.proto
index 7d58ec5363..237c8de114 100644
--- a/proto/zitadel/user/v2beta/idp.proto
+++ b/proto/zitadel/user/v2beta/idp.proto
@@ -162,3 +162,21 @@ message IDPLink {
     }
   ];
 }
+
+message FormData {
+  // The URL to which the form should be submitted using the POST method.
+  string url = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"https://idp.com/saml/v2/acs\"";
+    }
+  ];
+  // The form fields to be submitted.
+  // Each field is represented as a key-value pair, where the key is the field / input name
+  // and the value is the field / input value.
+  // All fields need to be submitted as is and as input type "text".
+  map<string, string> fields = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "{\"relayState\":\"state\",\"SAMLRequest\":\"asjfkj3ir2fj248=\"}";
+    }
+  ];
+}
\ No newline at end of file
diff --git a/proto/zitadel/user/v2beta/user_service.proto b/proto/zitadel/user/v2beta/user_service.proto
index f877252f51..bcb091abf2 100644
--- a/proto/zitadel/user/v2beta/user_service.proto
+++ b/proto/zitadel/user/v2beta/user_service.proto
@@ -1788,22 +1788,23 @@ message StartIdentityProviderIntentRequest{
 message StartIdentityProviderIntentResponse{
   zitadel.object.v2beta.Details details = 1;
   oneof next_step {
+    // URL to which the client should redirect
     string auth_url = 2 [
       (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-        description: "URL to which the client should redirect"
         example: "\"https://accounts.google.com/o/oauth2/v2/auth?client_id=clientID&callback=https%3A%2F%2Fzitadel.cloud%2Fidps%2Fcallback\"";
       }
     ];
-    IDPIntent idp_intent = 3 [
-      (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-        description: "IDP Intent information"
-      }
-    ];
+    // IDP Intent information
+    IDPIntent idp_intent = 3;
+    // POST call information
+    // Deprecated: Use form_data instead
     bytes post_form = 4 [
       (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
         description: "POST call information"
       }
     ];
+    // Data for a form POST call
+    FormData form_data = 5;
   }
 }
 

From fce9e770ac9d24544fcbe3e842ff85c91e9d3d5f Mon Sep 17 00:00:00 2001
From: "Marco A." <marco@zitadel.com>
Date: Wed, 2 Jul 2025 09:34:19 +0200
Subject: [PATCH 112/123] feat: App Keys API v2 (#10140)

# Which Problems Are Solved

This PR *partially* addresses #9450 . Specifically, it implements the
resource based API for app keys.

This PR, together with https://github.com/zitadel/zitadel/pull/10077
completes #9450 .

# How the Problems Are Solved

- Implementation of the following endpoints: `CreateApplicationKey`,
`DeleteApplicationKey`, `GetApplicationKey`, `ListApplicationKeys`
- `ListApplicationKeys` can filter by project, app or organization ID.
Sorting is also possible according to some criteria.
  - All endpoints use permissions V2

# TODO

 - [x] Deprecate old endpoints

# Additional Context

Closes #9450
---
 internal/api/grpc/app/v2beta/app_key.go       |  47 ++++
 .../api/grpc/app/v2beta/convert/api_app.go    |  38 +++
 .../grpc/app/v2beta/convert/api_app_test.go   |  69 +++++
 .../api/grpc/app/v2beta/convert/convert.go    |  97 +++++++
 .../grpc/app/v2beta/convert/convert_test.go   | 184 +++++++++++++
 .../v2beta/integration_test/app_key_test.go   | 206 ++++++++++++++
 .../app/v2beta/integration_test/app_test.go   |  32 +--
 .../app/v2beta/integration_test/query_test.go | 251 +++++++++++++++++-
 .../v2beta/integration_test/server_test.go    |  25 +-
 internal/api/grpc/app/v2beta/query.go         |  39 +++
 .../project_application_converter.go          |   4 +-
 internal/command/project_application_key.go   |  13 +
 .../command/project_application_key_test.go   |  86 ++++--
 internal/domain/mock/permission.go            |  22 ++
 internal/query/authn_key.go                   |  16 ++
 internal/query/authn_key_test.go              |   8 +
 proto/zitadel/app/v2beta/app.proto            |  27 ++
 proto/zitadel/app/v2beta/app_service.proto    | 246 +++++++++++++++--
 proto/zitadel/management.proto                |   9 +
 19 files changed, 1350 insertions(+), 69 deletions(-)
 create mode 100644 internal/api/grpc/app/v2beta/app_key.go
 create mode 100644 internal/api/grpc/app/v2beta/integration_test/app_key_test.go
 create mode 100644 internal/domain/mock/permission.go

diff --git a/internal/api/grpc/app/v2beta/app_key.go b/internal/api/grpc/app/v2beta/app_key.go
new file mode 100644
index 0000000000..8c0c1989b2
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/app_key.go
@@ -0,0 +1,47 @@
+package app
+
+import (
+	"context"
+	"strings"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/api/grpc/app/v2beta/convert"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+func (s *Server) CreateApplicationKey(ctx context.Context, req *app.CreateApplicationKeyRequest) (*app.CreateApplicationKeyResponse, error) {
+	domainReq := convert.CreateAPIClientKeyRequestToDomain(req)
+
+	appKey, err := s.command.AddApplicationKey(ctx, domainReq, "")
+	if err != nil {
+		return nil, err
+	}
+
+	keyDetails, err := appKey.Detail()
+	if err != nil {
+		return nil, err
+	}
+
+	return &app.CreateApplicationKeyResponse{
+		Id:           appKey.KeyID,
+		CreationDate: timestamppb.New(appKey.ChangeDate),
+		KeyDetails:   keyDetails,
+	}, nil
+}
+
+func (s *Server) DeleteApplicationKey(ctx context.Context, req *app.DeleteApplicationKeyRequest) (*app.DeleteApplicationKeyResponse, error) {
+	deletionDetails, err := s.command.RemoveApplicationKey(ctx,
+		strings.TrimSpace(req.GetProjectId()),
+		strings.TrimSpace(req.GetApplicationId()),
+		strings.TrimSpace(req.GetId()),
+		strings.TrimSpace(req.GetOrganizationId()),
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return &app.DeleteApplicationKeyResponse{
+		DeletionDate: timestamppb.New(deletionDetails.EventDate),
+	}, nil
+}
diff --git a/internal/api/grpc/app/v2beta/convert/api_app.go b/internal/api/grpc/app/v2beta/convert/api_app.go
index bad76ab0d5..4900d534cb 100644
--- a/internal/api/grpc/app/v2beta/convert/api_app.go
+++ b/internal/api/grpc/app/v2beta/convert/api_app.go
@@ -1,6 +1,8 @@
 package convert
 
 import (
+	"strings"
+
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
 	"github.com/zitadel/zitadel/internal/query"
@@ -58,3 +60,39 @@ func apiAuthMethodTypeToPb(methodType domain.APIAuthMethodType) app.APIAuthMetho
 		return app.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC
 	}
 }
+
+func GetApplicationKeyQueriesRequestToDomain(orgID, projectID, appID string) ([]query.SearchQuery, error) {
+	var searchQueries []query.SearchQuery
+
+	orgID, projectID, appID = strings.TrimSpace(orgID), strings.TrimSpace(projectID), strings.TrimSpace(appID)
+
+	if orgID != "" {
+		resourceOwner, err := query.NewAuthNKeyResourceOwnerQuery(orgID)
+		if err != nil {
+			return nil, err
+		}
+
+		searchQueries = append(searchQueries, resourceOwner)
+	}
+
+	if projectID != "" {
+		aggregateID, err := query.NewAuthNKeyAggregateIDQuery(projectID)
+		if err != nil {
+			return nil, err
+		}
+
+		searchQueries = append(searchQueries, aggregateID)
+	}
+
+	if appID != "" {
+		objectID, err := query.NewAuthNKeyObjectIDQuery(appID)
+
+		if err != nil {
+			return nil, err
+		}
+
+		searchQueries = append(searchQueries, objectID)
+	}
+
+	return searchQueries, nil
+}
diff --git a/internal/api/grpc/app/v2beta/convert/api_app_test.go b/internal/api/grpc/app/v2beta/convert/api_app_test.go
index 9f15c3df76..dcb87d712f 100644
--- a/internal/api/grpc/app/v2beta/convert/api_app_test.go
+++ b/internal/api/grpc/app/v2beta/convert/api_app_test.go
@@ -4,6 +4,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
@@ -147,3 +148,71 @@ func Test_apiAuthMethodTypeToPb(t *testing.T) {
 		})
 	}
 }
+func TestGetApplicationKeyQueriesRequestToDomain(t *testing.T) {
+	t.Parallel()
+
+	tt := []struct {
+		testName       string
+		inputOrgID     string
+		inputProjectID string
+		inputAppID     string
+
+		expectedQueriesLength int
+	}{
+		{
+			testName:              "all IDs provided",
+			inputOrgID:            "org-1",
+			inputProjectID:        "proj-1",
+			inputAppID:            "app-1",
+			expectedQueriesLength: 3,
+		},
+		{
+			testName:              "only org ID",
+			inputOrgID:            "org-1",
+			inputProjectID:        " ",
+			inputAppID:            "",
+			expectedQueriesLength: 1,
+		},
+		{
+			testName:              "only project ID",
+			inputOrgID:            "",
+			inputProjectID:        "proj-1",
+			inputAppID:            " ",
+			expectedQueriesLength: 1,
+		},
+		{
+			testName:              "only app ID",
+			inputOrgID:            " ",
+			inputProjectID:        "",
+			inputAppID:            "app-1",
+			expectedQueriesLength: 1,
+		},
+		{
+			testName:              "empty IDs",
+			inputOrgID:            " ",
+			inputProjectID:        " ",
+			inputAppID:            " ",
+			expectedQueriesLength: 0,
+		},
+		{
+			testName:              "with spaces",
+			inputOrgID:            " org-1 ",
+			inputProjectID:        " proj-1 ",
+			inputAppID:            " app-1 ",
+			expectedQueriesLength: 3,
+		},
+	}
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// When
+			got, err := GetApplicationKeyQueriesRequestToDomain(tc.inputOrgID, tc.inputProjectID, tc.inputAppID)
+
+			// Then
+			require.NoError(t, err)
+
+			assert.Len(t, got, tc.expectedQueriesLength)
+		})
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/convert/convert.go b/internal/api/grpc/app/v2beta/convert/convert.go
index c732b3a0c5..a0a1d5ef05 100644
--- a/internal/api/grpc/app/v2beta/convert/convert.go
+++ b/internal/api/grpc/app/v2beta/convert/convert.go
@@ -2,6 +2,7 @@ package convert
 
 import (
 	"net/url"
+	"strings"
 
 	"github.com/muhlemmer/gu"
 	"google.golang.org/protobuf/types/known/timestamppb"
@@ -9,6 +10,7 @@ import (
 	"github.com/zitadel/zitadel/internal/api/grpc/filter/v2"
 	"github.com/zitadel/zitadel/internal/config/systemdefaults"
 	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/zerrors"
 	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
@@ -163,3 +165,98 @@ func appQueryToModel(appQuery *app.ApplicationSearchFilter) (query.SearchQuery,
 		return nil, zerrors.ThrowInvalidArgument(nil, "CONV-z2mAGy", "List.Query.Invalid")
 	}
 }
+
+func CreateAPIClientKeyRequestToDomain(key *app.CreateApplicationKeyRequest) *domain.ApplicationKey {
+	return &domain.ApplicationKey{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: strings.TrimSpace(key.GetProjectId()),
+		},
+		ExpirationDate: key.GetExpirationDate().AsTime(),
+		Type:           domain.AuthNKeyTypeJSON,
+		ApplicationID:  strings.TrimSpace(key.GetAppId()),
+	}
+}
+
+func ListApplicationKeysRequestToDomain(sysDefaults systemdefaults.SystemDefaults, req *app.ListApplicationKeysRequest) (*query.AuthNKeySearchQueries, error) {
+	var queries []query.SearchQuery
+
+	switch req.GetResourceId().(type) {
+	case *app.ListApplicationKeysRequest_ApplicationId:
+		object, err := query.NewAuthNKeyObjectIDQuery(strings.TrimSpace(req.GetApplicationId()))
+		if err != nil {
+			return nil, err
+		}
+		queries = append(queries, object)
+	case *app.ListApplicationKeysRequest_OrganizationId:
+		resourceOwner, err := query.NewAuthNKeyResourceOwnerQuery(strings.TrimSpace(req.GetOrganizationId()))
+		if err != nil {
+			return nil, err
+		}
+		queries = append(queries, resourceOwner)
+	case *app.ListApplicationKeysRequest_ProjectId:
+		aggregate, err := query.NewAuthNKeyAggregateIDQuery(strings.TrimSpace(req.GetProjectId()))
+		if err != nil {
+			return nil, err
+		}
+		queries = append(queries, aggregate)
+	case nil:
+
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "CONV-t3ENme", "unexpected resource id")
+	}
+
+	offset, limit, asc, err := filter.PaginationPbToQuery(sysDefaults, req.GetPagination())
+	if err != nil {
+		return nil, err
+	}
+
+	return &query.AuthNKeySearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset:        offset,
+			Limit:         limit,
+			Asc:           asc,
+			SortingColumn: appKeysSortingToColumn(req.GetSortingColumn()),
+		},
+
+		Queries: queries,
+	}, nil
+}
+
+func appKeysSortingToColumn(sortingCriteria app.ApplicationKeysSorting) query.Column {
+	switch sortingCriteria {
+	case app.ApplicationKeysSorting_APPLICATION_KEYS_SORT_BY_PROJECT_ID:
+		return query.AuthNKeyColumnAggregateID
+	case app.ApplicationKeysSorting_APPLICATION_KEYS_SORT_BY_CREATION_DATE:
+		return query.AuthNKeyColumnCreationDate
+	case app.ApplicationKeysSorting_APPLICATION_KEYS_SORT_BY_EXPIRATION:
+		return query.AuthNKeyColumnExpiration
+	case app.ApplicationKeysSorting_APPLICATION_KEYS_SORT_BY_ORGANIZATION_ID:
+		return query.AuthNKeyColumnResourceOwner
+	case app.ApplicationKeysSorting_APPLICATION_KEYS_SORT_BY_TYPE:
+		return query.AuthNKeyColumnType
+	case app.ApplicationKeysSorting_APPLICATION_KEYS_SORT_BY_APPLICATION_ID:
+		return query.AuthNKeyColumnObjectID
+	case app.ApplicationKeysSorting_APPLICATION_KEYS_SORT_BY_ID:
+		fallthrough
+	default:
+		return query.AuthNKeyColumnID
+	}
+}
+
+func ApplicationKeysToPb(keys []*query.AuthNKey) []*app.ApplicationKey {
+	pbAppKeys := make([]*app.ApplicationKey, len(keys))
+
+	for i, k := range keys {
+		pbKey := &app.ApplicationKey{
+			Id:             k.ID,
+			ApplicationId:  k.ApplicationID,
+			ProjectId:      k.AggregateID,
+			CreationDate:   timestamppb.New(k.CreationDate),
+			OrganizationId: k.ResourceOwner,
+			ExpirationDate: timestamppb.New(k.Expiration),
+		}
+		pbAppKeys[i] = pbKey
+	}
+
+	return pbAppKeys
+}
diff --git a/internal/api/grpc/app/v2beta/convert/convert_test.go b/internal/api/grpc/app/v2beta/convert/convert_test.go
index 5835691d43..8715d2a5dd 100644
--- a/internal/api/grpc/app/v2beta/convert/convert_test.go
+++ b/internal/api/grpc/app/v2beta/convert/convert_test.go
@@ -518,3 +518,187 @@ func TestAppQueryToModel(t *testing.T) {
 		})
 	}
 }
+
+func TestListApplicationKeysRequestToDomain(t *testing.T) {
+	t.Parallel()
+
+	resourceOwnerQuery, err := query.NewAuthNKeyResourceOwnerQuery("org1")
+	require.NoError(t, err)
+
+	projectIDQuery, err := query.NewAuthNKeyAggregateIDQuery("project1")
+	require.NoError(t, err)
+
+	appIDQuery, err := query.NewAuthNKeyObjectIDQuery("app1")
+	require.NoError(t, err)
+
+	sysDefaults := systemdefaults.SystemDefaults{DefaultQueryLimit: 100, MaxQueryLimit: 150}
+
+	tt := []struct {
+		name string
+		req  *app.ListApplicationKeysRequest
+
+		expectedResult *query.AuthNKeySearchQueries
+		expectedError  error
+	}{
+		{
+			name: "invalid pagination limit",
+			req: &app.ListApplicationKeysRequest{
+				Pagination: &filter_pb_v2.PaginationRequest{Asc: true, Limit: uint32(sysDefaults.MaxQueryLimit + 1)},
+			},
+			expectedResult: nil,
+			expectedError:  zerrors.ThrowInvalidArgumentf(fmt.Errorf("given: %d, allowed: %d", sysDefaults.MaxQueryLimit+1, sysDefaults.MaxQueryLimit), "QUERY-4M0fs", "Errors.Query.LimitExceeded"),
+		},
+		{
+			name: "empty request",
+			req: &app.ListApplicationKeysRequest{
+				Pagination: &filter_pb_v2.PaginationRequest{Asc: true},
+			},
+			expectedResult: &query.AuthNKeySearchQueries{
+				SearchRequest: query.SearchRequest{
+					Offset:        0,
+					Limit:         100,
+					Asc:           true,
+					SortingColumn: query.AuthNKeyColumnID,
+				},
+				Queries: nil,
+			},
+		},
+		{
+			name: "only organization id",
+			req: &app.ListApplicationKeysRequest{
+				ResourceId: &app.ListApplicationKeysRequest_OrganizationId{OrganizationId: "org1"},
+				Pagination: &filter_pb_v2.PaginationRequest{Asc: true},
+			},
+			expectedResult: &query.AuthNKeySearchQueries{
+				SearchRequest: query.SearchRequest{
+					Offset:        0,
+					Limit:         100,
+					Asc:           true,
+					SortingColumn: query.AuthNKeyColumnID,
+				},
+				Queries: []query.SearchQuery{
+					resourceOwnerQuery,
+				},
+			},
+		},
+		{
+			name: "only project id",
+			req: &app.ListApplicationKeysRequest{
+				ResourceId: &app.ListApplicationKeysRequest_ProjectId{ProjectId: "project1"},
+				Pagination: &filter_pb_v2.PaginationRequest{Asc: true},
+			},
+			expectedResult: &query.AuthNKeySearchQueries{
+				SearchRequest: query.SearchRequest{
+					Offset:        0,
+					Limit:         100,
+					Asc:           true,
+					SortingColumn: query.AuthNKeyColumnID,
+				},
+				Queries: []query.SearchQuery{
+					projectIDQuery,
+				},
+			},
+		},
+		{
+			name: "only application id",
+			req: &app.ListApplicationKeysRequest{
+				ResourceId: &app.ListApplicationKeysRequest_ApplicationId{ApplicationId: "app1"},
+				Pagination: &filter_pb_v2.PaginationRequest{Asc: true},
+			},
+			expectedResult: &query.AuthNKeySearchQueries{
+				SearchRequest: query.SearchRequest{
+					Offset:        0,
+					Limit:         100,
+					Asc:           true,
+					SortingColumn: query.AuthNKeyColumnID,
+				},
+				Queries: []query.SearchQuery{
+					appIDQuery,
+				},
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			result, err := ListApplicationKeysRequestToDomain(sysDefaults, tc.req)
+
+			assert.Equal(t, tc.expectedError, err)
+			assert.Equal(t, tc.expectedResult, result)
+		})
+	}
+}
+
+func TestApplicationKeysToPb(t *testing.T) {
+	t.Parallel()
+
+	now := time.Now()
+
+	tt := []struct {
+		name     string
+		input    []*query.AuthNKey
+		expected []*app.ApplicationKey
+	}{
+		{
+			name: "multiple keys",
+			input: []*query.AuthNKey{
+				{
+					ID:            "key1",
+					AggregateID:   "project1",
+					ApplicationID: "app1",
+					CreationDate:  now,
+					ResourceOwner: "org1",
+					Expiration:    now.Add(24 * time.Hour),
+					Type:          domain.AuthNKeyTypeJSON,
+				},
+				{
+					ID:            "key2",
+					AggregateID:   "project2",
+					ApplicationID: "app1",
+					CreationDate:  now.Add(-time.Hour),
+					ResourceOwner: "org2",
+					Expiration:    now.Add(48 * time.Hour),
+					Type:          domain.AuthNKeyTypeNONE,
+				},
+			},
+			expected: []*app.ApplicationKey{
+				{
+					Id:             "key1",
+					ApplicationId:  "app1",
+					ProjectId:      "project1",
+					CreationDate:   timestamppb.New(now),
+					OrganizationId: "org1",
+					ExpirationDate: timestamppb.New(now.Add(24 * time.Hour)),
+				},
+				{
+					Id:             "key2",
+					ApplicationId:  "app1",
+					ProjectId:      "project2",
+					CreationDate:   timestamppb.New(now.Add(-time.Hour)),
+					OrganizationId: "org2",
+					ExpirationDate: timestamppb.New(now.Add(48 * time.Hour)),
+				},
+			},
+		},
+		{
+			name:     "empty slice",
+			input:    []*query.AuthNKey{},
+			expected: []*app.ApplicationKey{},
+		},
+		{
+			name:     "nil input",
+			input:    nil,
+			expected: []*app.ApplicationKey{},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			result := ApplicationKeysToPb(tc.input)
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/integration_test/app_key_test.go b/internal/api/grpc/app/v2beta/integration_test/app_key_test.go
new file mode 100644
index 0000000000..7c3c886cff
--- /dev/null
+++ b/internal/api/grpc/app/v2beta/integration_test/app_key_test.go
@@ -0,0 +1,206 @@
+//go:build integration
+
+package app_test
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+func TestCreateApplicationKey(t *testing.T) {
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
+	createdApp := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+
+	t.Parallel()
+
+	tt := []struct {
+		testName        string
+		creationRequest *app.CreateApplicationKeyRequest
+		inputCtx        context.Context
+
+		expectedErrorType codes.Code
+	}{
+		{
+			testName: "when app id is not found should return failed precondition",
+			inputCtx: IAMOwnerCtx,
+			creationRequest: &app.CreateApplicationKeyRequest{
+				ProjectId:      p.GetId(),
+				AppId:          gofakeit.UUID(),
+				ExpirationDate: timestamppb.New(time.Now().AddDate(0, 0, 1).UTC()),
+			},
+			expectedErrorType: codes.FailedPrecondition,
+		},
+		{
+			testName: "when CreateAPIApp request is valid should create app and return no error",
+			inputCtx: IAMOwnerCtx,
+			creationRequest: &app.CreateApplicationKeyRequest{
+				ProjectId:      p.GetId(),
+				AppId:          createdApp.GetAppId(),
+				ExpirationDate: timestamppb.New(time.Now().AddDate(0, 0, 1).UTC()),
+			},
+		},
+
+		// LoginUser
+		{
+			testName: "when user has no project.app.write permission for app key generation should return permission error",
+			inputCtx: LoginUserCtx,
+			creationRequest: &app.CreateApplicationKeyRequest{
+				ProjectId:      p.GetId(),
+				AppId:          createdApp.GetAppId(),
+				ExpirationDate: timestamppb.New(time.Now().AddDate(0, 0, 1).UTC()),
+			},
+			expectedErrorType: codes.PermissionDenied,
+		},
+
+		// OrgOwner
+		{
+			testName: "when user is OrgOwner app key request should succeed",
+			inputCtx: OrgOwnerCtx,
+			creationRequest: &app.CreateApplicationKeyRequest{
+				ProjectId:      p.GetId(),
+				AppId:          createdApp.GetAppId(),
+				ExpirationDate: timestamppb.New(time.Now().AddDate(0, 0, 1).UTC()),
+			},
+		},
+
+		// ProjectOwner
+		{
+			testName: "when user is ProjectOwner app key request should succeed",
+			inputCtx: projectOwnerCtx,
+			creationRequest: &app.CreateApplicationKeyRequest{
+				ProjectId:      p.GetId(),
+				AppId:          createdApp.GetAppId(),
+				ExpirationDate: timestamppb.New(time.Now().AddDate(0, 0, 1).UTC()),
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+			res, err := instance.Client.AppV2Beta.CreateApplicationKey(tc.inputCtx, tc.creationRequest)
+
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				assert.NotZero(t, res.GetId())
+				assert.NotZero(t, res.GetCreationDate())
+				assert.NotZero(t, res.GetKeyDetails())
+			}
+		})
+	}
+}
+
+func TestDeleteApplicationKey(t *testing.T) {
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
+	createdApp := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+
+	t.Parallel()
+
+	tt := []struct {
+		testName        string
+		deletionRequest func(ttt *testing.T) *app.DeleteApplicationKeyRequest
+		inputCtx        context.Context
+
+		expectedErrorType codes.Code
+	}{
+		{
+			testName: "when app key ID is not found should return not found error",
+			inputCtx: IAMOwnerCtx,
+			deletionRequest: func(ttt *testing.T) *app.DeleteApplicationKeyRequest {
+				return &app.DeleteApplicationKeyRequest{
+					Id:            gofakeit.UUID(),
+					ProjectId:     p.GetId(),
+					ApplicationId: createdApp.GetAppId(),
+				}
+			},
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when valid app key ID should delete successfully",
+			inputCtx: IAMOwnerCtx,
+			deletionRequest: func(ttt *testing.T) *app.DeleteApplicationKeyRequest {
+				createdAppKey := createAppKey(ttt, IAMOwnerCtx, instance, p.GetId(), createdApp.GetAppId(), time.Now().AddDate(0, 0, 1))
+
+				return &app.DeleteApplicationKeyRequest{
+					Id:            createdAppKey.GetId(),
+					ProjectId:     p.GetId(),
+					ApplicationId: createdApp.GetAppId(),
+				}
+			},
+		},
+
+		// LoginUser
+		{
+			testName: "when user has no project.app.write permission for app key deletion should return permission error",
+			inputCtx: LoginUserCtx,
+			deletionRequest: func(ttt *testing.T) *app.DeleteApplicationKeyRequest {
+				createdAppKey := createAppKey(ttt, IAMOwnerCtx, instance, p.GetId(), createdApp.GetAppId(), time.Now().AddDate(0, 0, 1))
+
+				return &app.DeleteApplicationKeyRequest{
+					Id:            createdAppKey.GetId(),
+					ProjectId:     p.GetId(),
+					ApplicationId: createdApp.GetAppId(),
+				}
+			},
+			expectedErrorType: codes.PermissionDenied,
+		},
+
+		// ProjectOwner
+		{
+			testName: "when user is OrgOwner API request should succeed",
+			inputCtx: projectOwnerCtx,
+			deletionRequest: func(ttt *testing.T) *app.DeleteApplicationKeyRequest {
+				createdAppKey := createAppKey(ttt, IAMOwnerCtx, instance, p.GetId(), createdApp.GetAppId(), time.Now().AddDate(0, 0, 1))
+
+				return &app.DeleteApplicationKeyRequest{
+					Id:            createdAppKey.GetId(),
+					ProjectId:     p.GetId(),
+					ApplicationId: createdApp.GetAppId(),
+				}
+			},
+		},
+
+		// OrganizationOwner
+		{
+			testName: "when user is OrgOwner app key deletion request should succeed",
+			inputCtx: OrgOwnerCtx,
+			deletionRequest: func(ttt *testing.T) *app.DeleteApplicationKeyRequest {
+				createdAppKey := createAppKey(ttt, IAMOwnerCtx, instance, p.GetId(), createdApp.GetAppId(), time.Now().AddDate(0, 0, 1))
+
+				return &app.DeleteApplicationKeyRequest{
+					Id:            createdAppKey.GetId(),
+					ProjectId:     p.GetId(),
+					ApplicationId: createdApp.GetAppId(),
+				}
+			},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			// Given
+			deletionReq := tc.deletionRequest(t)
+
+			// When
+			res, err := instance.Client.AppV2Beta.DeleteApplicationKey(tc.inputCtx, deletionReq)
+
+			// Then
+			require.Equal(t, tc.expectedErrorType, status.Code(err))
+			if tc.expectedErrorType == codes.OK {
+				assert.NotEmpty(t, res.GetDeletionDate())
+			}
+		})
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/integration_test/app_test.go b/internal/api/grpc/app/v2beta/integration_test/app_test.go
index 1ba46987cf..67e59aa91d 100644
--- a/internal/api/grpc/app/v2beta/integration_test/app_test.go
+++ b/internal/api/grpc/app/v2beta/integration_test/app_test.go
@@ -1,6 +1,6 @@
 //go:build integration
 
-package instance_test
+package app_test
 
 import (
 	"context"
@@ -653,9 +653,9 @@ func TestUpdateApplication_WithDifferentPermissions(t *testing.T) {
 	})
 	require.Nil(t, appNameChangeErr)
 
-	appForAPIConfigChangeForProjectOwner := createAPIApp(t, p.GetId())
-	appForAPIConfigChangeForOrgOwner := createAPIApp(t, p.GetId())
-	appForAPIConfigChangeForLoginUser := createAPIApp(t, p.GetId())
+	appForAPIConfigChangeForProjectOwner := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+	appForAPIConfigChangeForOrgOwner := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+	appForAPIConfigChangeForLoginUser := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
 
 	appForOIDCConfigChangeForProjectOwner := createOIDCApp(t, baseURI, p.GetId())
 	appForOIDCConfigChangeForOrgOwner := createOIDCApp(t, baseURI, p.GetId())
@@ -914,9 +914,9 @@ func TestDeleteApplication(t *testing.T) {
 func TestDeleteApplication_WithDifferentPermissions(t *testing.T) {
 	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
 
-	appToDeleteForLoginUser := createAPIApp(t, p.GetId())
-	appToDeleteForProjectOwner := createAPIApp(t, p.GetId())
-	appToDeleteForOrgOwner := createAPIApp(t, p.GetId())
+	appToDeleteForLoginUser := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+	appToDeleteForProjectOwner := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+	appToDeleteForOrgOwner := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
 
 	t.Parallel()
 	tt := []struct {
@@ -1035,9 +1035,9 @@ func TestDeactivateApplication(t *testing.T) {
 func TestDeactivateApplication_WithDifferentPermissions(t *testing.T) {
 	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
 
-	appToDeactivateForLoginUser := createAPIApp(t, p.GetId())
-	appToDeactivateForPrjectOwner := createAPIApp(t, p.GetId())
-	appToDeactivateForOrgOwner := createAPIApp(t, p.GetId())
+	appToDeactivateForLoginUser := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+	appToDeactivateForPrjectOwner := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+	appToDeactivateForOrgOwner := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
 
 	t.Parallel()
 
@@ -1162,13 +1162,13 @@ func TestReactivateApplication(t *testing.T) {
 func TestReactivateApplication_WithDifferentPermissions(t *testing.T) {
 	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
 
-	appToReactivateForLoginUser := createAPIApp(t, p.GetId())
+	appToReactivateForLoginUser := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
 	deactivateApp(t, appToReactivateForLoginUser, p.GetId())
 
-	appToReactivateForProjectOwner := createAPIApp(t, p.GetId())
+	appToReactivateForProjectOwner := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
 	deactivateApp(t, appToReactivateForProjectOwner, p.GetId())
 
-	appToReactivateForOrgOwner := createAPIApp(t, p.GetId())
+	appToReactivateForOrgOwner := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
 	deactivateApp(t, appToReactivateForOrgOwner, p.GetId())
 
 	t.Parallel()
@@ -1342,9 +1342,9 @@ func TestRegenerateClientSecret(t *testing.T) {
 func TestRegenerateClientSecret_WithDifferentPermissions(t *testing.T) {
 	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
 
-	apiAppToRegenForLoginUser := createAPIApp(t, p.GetId())
-	apiAppToRegenForProjectOwner := createAPIApp(t, p.GetId())
-	apiAppToRegenForOrgOwner := createAPIApp(t, p.GetId())
+	apiAppToRegenForLoginUser := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+	apiAppToRegenForProjectOwner := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+	apiAppToRegenForOrgOwner := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
 
 	oidcAppToRegenForLoginUser := createOIDCApp(t, baseURI, p.GetId())
 	oidcAppToRegenForProjectOwner := createOIDCApp(t, baseURI, p.GetId())
diff --git a/internal/api/grpc/app/v2beta/integration_test/query_test.go b/internal/api/grpc/app/v2beta/integration_test/query_test.go
index 578fcec138..4f6679da7f 100644
--- a/internal/api/grpc/app/v2beta/integration_test/query_test.go
+++ b/internal/api/grpc/app/v2beta/integration_test/query_test.go
@@ -1,6 +1,6 @@
 //go:build integration
 
-package instance_test
+package app_test
 
 import (
 	"context"
@@ -165,9 +165,9 @@ func TestListApplications(t *testing.T) {
 
 	t.Parallel()
 
-	createdApiApp, apiAppName := createAPIAppWithName(t, p.GetId())
+	createdApiApp, apiAppName := createAPIAppWithName(t, IAMOwnerCtx, instance, p.GetId())
 
-	createdDeactivatedApiApp, deactivatedApiAppName := createAPIAppWithName(t, p.GetId())
+	createdDeactivatedApiApp, deactivatedApiAppName := createAPIAppWithName(t, IAMOwnerCtx, instance, p.GetId())
 	deactivateApp(t, createdDeactivatedApiApp, p.GetId())
 
 	_, createdSAMLApp, samlAppName := createSAMLAppWithName(t, gofakeit.URL(), p.GetId())
@@ -573,3 +573,248 @@ func TestListApplications_WithPermissionV2(t *testing.T) {
 		})
 	}
 }
+
+func TestGetApplicationKey(t *testing.T) {
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
+	createdApiApp := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+	createdAppKey := createAppKey(t, IAMOwnerCtx, instance, p.GetId(), createdApiApp.GetAppId(), time.Now().AddDate(0, 0, 1))
+
+	t.Parallel()
+
+	tt := []struct {
+		testName     string
+		inputRequest *app.GetApplicationKeyRequest
+		inputCtx     context.Context
+
+		expectedErrorType codes.Code
+		expectedAppKeyID  string
+	}{
+		{
+			testName: "when unknown app ID should return not found error",
+			inputCtx: IAMOwnerCtx,
+			inputRequest: &app.GetApplicationKeyRequest{
+				Id: gofakeit.Sentence(2),
+			},
+
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when user has no permission should return membership not found error",
+			inputCtx: NoPermissionCtx,
+			inputRequest: &app.GetApplicationKeyRequest{
+				Id: createdAppKey.GetId(),
+			},
+
+			expectedErrorType: codes.NotFound,
+		},
+		{
+			testName: "when providing API app ID should return valid API app result",
+			inputCtx: projectOwnerCtx,
+			inputRequest: &app.GetApplicationKeyRequest{
+				Id: createdAppKey.GetId(),
+			},
+
+			expectedAppKeyID: createdAppKey.GetId(),
+		},
+		{
+			testName: "when user is OrgOwner should return request key",
+			inputCtx: OrgOwnerCtx,
+			inputRequest: &app.GetApplicationKeyRequest{
+				Id:        createdAppKey.GetId(),
+				ProjectId: p.GetId(),
+			},
+
+			expectedAppKeyID: createdAppKey.GetId(),
+		},
+		{
+			testName: "when user is IAMOwner should return request key",
+			inputCtx: OrgOwnerCtx,
+			inputRequest: &app.GetApplicationKeyRequest{
+				Id:             createdAppKey.GetId(),
+				OrganizationId: instance.DefaultOrg.GetId(),
+			},
+
+			expectedAppKeyID: createdAppKey.GetId(),
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tc.inputCtx, 30*time.Second)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				// When
+				res, err := instance.Client.AppV2Beta.GetApplicationKey(tc.inputCtx, tc.inputRequest)
+
+				// Then
+				require.Equal(t, tc.expectedErrorType, status.Code(err))
+				if tc.expectedErrorType == codes.OK {
+
+					assert.Equal(t, tc.expectedAppKeyID, res.GetId())
+					assert.NotEmpty(t, res.GetCreationDate())
+					assert.NotEmpty(t, res.GetExpirationDate())
+				}
+			}, retryDuration, tick)
+		})
+	}
+}
+
+func TestListApplicationKeys(t *testing.T) {
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instance, IAMOwnerCtx)
+
+	createdApiApp1 := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+	createdApiApp2 := createAPIApp(t, IAMOwnerCtx, instance, p.GetId())
+
+	tomorrow := time.Now().AddDate(0, 0, 1)
+	in2Days := tomorrow.AddDate(0, 0, 1)
+	in3Days := in2Days.AddDate(0, 0, 1)
+
+	appKey1 := createAppKey(t, IAMOwnerCtx, instance, p.GetId(), createdApiApp1.GetAppId(), in2Days)
+	appKey2 := createAppKey(t, IAMOwnerCtx, instance, p.GetId(), createdApiApp1.GetAppId(), in3Days)
+	appKey3 := createAppKey(t, IAMOwnerCtx, instance, p.GetId(), createdApiApp1.GetAppId(), tomorrow)
+	appKey4 := createAppKey(t, IAMOwnerCtx, instance, p.GetId(), createdApiApp2.GetAppId(), tomorrow)
+
+	t.Parallel()
+
+	tt := []struct {
+		testName     string
+		inputRequest *app.ListApplicationKeysRequest
+		deps         func() (projectID, applicationID, organizationID string)
+		inputCtx     context.Context
+
+		expectedErrorType  codes.Code
+		expectedAppKeysIDs []string
+	}{
+		{
+			testName: "when sorting by expiration date should return keys sorted by expiration date ascending",
+			inputCtx: LoginUserCtx,
+			inputRequest: &app.ListApplicationKeysRequest{
+				ResourceId:    &app.ListApplicationKeysRequest_ProjectId{ProjectId: p.GetId()},
+				Pagination:    &filter.PaginationRequest{Asc: true},
+				SortingColumn: app.ApplicationKeysSorting_APPLICATION_KEYS_SORT_BY_EXPIRATION,
+			},
+			expectedAppKeysIDs: []string{appKey3.GetId(), appKey4.GetId(), appKey1.GetId(), appKey2.GetId()},
+		},
+		{
+			testName: "when sorting by creation date should return keys sorted by creation date descending",
+			inputCtx: IAMOwnerCtx,
+			inputRequest: &app.ListApplicationKeysRequest{
+				ResourceId:    &app.ListApplicationKeysRequest_ProjectId{ProjectId: p.GetId()},
+				SortingColumn: app.ApplicationKeysSorting_APPLICATION_KEYS_SORT_BY_CREATION_DATE,
+			},
+			expectedAppKeysIDs: []string{appKey4.GetId(), appKey3.GetId(), appKey2.GetId(), appKey1.GetId()},
+		},
+		{
+			testName: "when filtering by app ID should return keys matching app ID sorted by ID",
+			inputCtx: projectOwnerCtx,
+			inputRequest: &app.ListApplicationKeysRequest{
+				Pagination: &filter.PaginationRequest{Asc: true},
+				ResourceId: &app.ListApplicationKeysRequest_ApplicationId{ApplicationId: createdApiApp1.GetAppId()},
+			},
+			expectedAppKeysIDs: []string{appKey1.GetId(), appKey2.GetId(), appKey3.GetId()},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			t.Parallel()
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tc.inputCtx, 5*time.Second)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				// When
+				res, err := instance.Client.AppV2Beta.ListApplicationKeys(tc.inputCtx, tc.inputRequest)
+
+				// Then
+				require.Equal(ttt, tc.expectedErrorType, status.Code(err))
+				if tc.expectedErrorType == codes.OK {
+					require.Len(ttt, res.GetKeys(), len(tc.expectedAppKeysIDs))
+
+					for i, k := range res.GetKeys() {
+						assert.Equal(ttt, tc.expectedAppKeysIDs[i], k.GetId())
+					}
+				}
+			}, retryDuration, tick)
+		})
+	}
+}
+
+func TestListApplicationKeys_WithPermissionV2(t *testing.T) {
+	ensureFeaturePermissionV2Enabled(t, instancePermissionV2)
+	iamOwnerCtx := instancePermissionV2.WithAuthorization(context.Background(), integration.UserTypeIAMOwner)
+	loginUserCtx := instancePermissionV2.WithAuthorization(context.Background(), integration.UserTypeLogin)
+	p, projectOwnerCtx := getProjectAndProjectContext(t, instancePermissionV2, iamOwnerCtx)
+
+	createdApiApp1 := createAPIApp(t, iamOwnerCtx, instancePermissionV2, p.GetId())
+	createdApiApp2 := createAPIApp(t, iamOwnerCtx, instancePermissionV2, p.GetId())
+
+	tomorrow := time.Now().AddDate(0, 0, 1)
+	in2Days := tomorrow.AddDate(0, 0, 1)
+	in3Days := in2Days.AddDate(0, 0, 1)
+
+	appKey1 := createAppKey(t, iamOwnerCtx, instancePermissionV2, p.GetId(), createdApiApp1.GetAppId(), in2Days)
+	appKey2 := createAppKey(t, iamOwnerCtx, instancePermissionV2, p.GetId(), createdApiApp1.GetAppId(), in3Days)
+	appKey3 := createAppKey(t, iamOwnerCtx, instancePermissionV2, p.GetId(), createdApiApp1.GetAppId(), tomorrow)
+	appKey4 := createAppKey(t, iamOwnerCtx, instancePermissionV2, p.GetId(), createdApiApp2.GetAppId(), tomorrow)
+
+	t.Parallel()
+
+	tt := []struct {
+		testName     string
+		inputRequest *app.ListApplicationKeysRequest
+		deps         func() (projectID, applicationID, organizationID string)
+		inputCtx     context.Context
+
+		expectedErrorType  codes.Code
+		expectedAppKeysIDs []string
+	}{
+		{
+			testName: "when sorting by expiration date should return keys sorted by expiration date ascending",
+			inputCtx: loginUserCtx,
+			inputRequest: &app.ListApplicationKeysRequest{
+				Pagination:    &filter.PaginationRequest{Asc: true},
+				SortingColumn: app.ApplicationKeysSorting_APPLICATION_KEYS_SORT_BY_EXPIRATION,
+			},
+			expectedAppKeysIDs: []string{appKey3.GetId(), appKey4.GetId(), appKey1.GetId(), appKey2.GetId()},
+		},
+		{
+			testName: "when sorting by creation date should return keys sorted by creation date descending",
+			inputCtx: iamOwnerCtx,
+			inputRequest: &app.ListApplicationKeysRequest{
+				SortingColumn: app.ApplicationKeysSorting_APPLICATION_KEYS_SORT_BY_CREATION_DATE,
+			},
+			expectedAppKeysIDs: []string{appKey4.GetId(), appKey3.GetId(), appKey2.GetId(), appKey1.GetId()},
+		},
+		{
+			testName: "when filtering by app ID should return keys matching app ID sorted by ID",
+			inputCtx: projectOwnerCtx,
+			inputRequest: &app.ListApplicationKeysRequest{
+				Pagination: &filter.PaginationRequest{Asc: true},
+				ResourceId: &app.ListApplicationKeysRequest_ApplicationId{ApplicationId: createdApiApp1.GetAppId()},
+			},
+			expectedAppKeysIDs: []string{appKey1.GetId(), appKey2.GetId(), appKey3.GetId()},
+		},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.testName, func(t *testing.T) {
+			// t.Parallel()
+
+			retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tc.inputCtx, 5*time.Second)
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				// When
+				res, err := instancePermissionV2.Client.AppV2Beta.ListApplicationKeys(tc.inputCtx, tc.inputRequest)
+
+				// Then
+				require.Equal(ttt, tc.expectedErrorType, status.Code(err))
+				if tc.expectedErrorType == codes.OK {
+					require.Len(ttt, res.GetKeys(), len(tc.expectedAppKeysIDs))
+
+					for i, k := range res.GetKeys() {
+						assert.Equal(ttt, tc.expectedAppKeysIDs[i], k.GetId())
+					}
+				}
+			}, retryDuration, tick)
+		})
+	}
+}
diff --git a/internal/api/grpc/app/v2beta/integration_test/server_test.go b/internal/api/grpc/app/v2beta/integration_test/server_test.go
index 6618ab0616..8ba012c18b 100644
--- a/internal/api/grpc/app/v2beta/integration_test/server_test.go
+++ b/internal/api/grpc/app/v2beta/integration_test/server_test.go
@@ -1,6 +1,6 @@
 //go:build integration
 
-package instance_test
+package app_test
 
 import (
 	"context"
@@ -13,6 +13,7 @@ import (
 	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/integration"
 	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
@@ -150,14 +151,14 @@ func createOIDCApp(t *testing.T, baseURI, projctID string) *app.CreateApplicatio
 	return app
 }
 
-func createAPIAppWithName(t *testing.T, projectID string) (*app.CreateApplicationResponse, string) {
+func createAPIAppWithName(t *testing.T, ctx context.Context, inst *integration.Instance, projectID string) (*app.CreateApplicationResponse, string) {
 	appName := gofakeit.AppName()
 
 	reqForAPIAppCreation := &app.CreateApplicationRequest_ApiRequest{
 		ApiRequest: &app.CreateAPIApplicationRequest{AuthMethodType: app.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT},
 	}
 
-	appForAPIConfigChange, appAPIConfigChangeErr := instance.Client.AppV2Beta.CreateApplication(IAMOwnerCtx, &app.CreateApplicationRequest{
+	appForAPIConfigChange, appAPIConfigChangeErr := inst.Client.AppV2Beta.CreateApplication(ctx, &app.CreateApplicationRequest{
 		ProjectId:           projectID,
 		Name:                appName,
 		CreationRequestType: reqForAPIAppCreation,
@@ -167,8 +168,8 @@ func createAPIAppWithName(t *testing.T, projectID string) (*app.CreateApplicatio
 	return appForAPIConfigChange, appName
 }
 
-func createAPIApp(t *testing.T, projectID string) *app.CreateApplicationResponse {
-	res, _ := createAPIAppWithName(t, projectID)
+func createAPIApp(t *testing.T, ctx context.Context, inst *integration.Instance, projectID string) *app.CreateApplicationResponse {
+	res, _ := createAPIAppWithName(t, ctx, inst, projectID)
 	return res
 }
 
@@ -203,3 +204,17 @@ func ensureFeaturePermissionV2Enabled(t *testing.T, instance *integration.Instan
 		assert.True(tt, f.PermissionCheckV2.GetEnabled())
 	}, retryDuration, tick, "timed out waiting for ensuring instance feature")
 }
+
+func createAppKey(t *testing.T, ctx context.Context, inst *integration.Instance, projectID, appID string, expirationDate time.Time) *app.CreateApplicationKeyResponse {
+	res, err := inst.Client.AppV2Beta.CreateApplicationKey(ctx,
+		&app.CreateApplicationKeyRequest{
+			AppId:          appID,
+			ProjectId:      projectID,
+			ExpirationDate: timestamppb.New(expirationDate.UTC()),
+		},
+	)
+
+	require.Nil(t, err)
+
+	return res
+}
diff --git a/internal/api/grpc/app/v2beta/query.go b/internal/api/grpc/app/v2beta/query.go
index add8af83e6..2926884520 100644
--- a/internal/api/grpc/app/v2beta/query.go
+++ b/internal/api/grpc/app/v2beta/query.go
@@ -2,9 +2,13 @@ package app
 
 import (
 	"context"
+	"strings"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/api/grpc/app/v2beta/convert"
 	filter "github.com/zitadel/zitadel/internal/api/grpc/filter/v2"
+	"github.com/zitadel/zitadel/internal/query"
 	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
 )
 
@@ -35,3 +39,38 @@ func (s *Server) ListApplications(ctx context.Context, req *app.ListApplications
 		Pagination:   filter.QueryToPaginationPb(queries.SearchRequest, res.SearchResponse),
 	}, nil
 }
+
+func (s *Server) GetApplicationKey(ctx context.Context, req *app.GetApplicationKeyRequest) (*app.GetApplicationKeyResponse, error) {
+	queries, err := convert.GetApplicationKeyQueriesRequestToDomain(req.GetOrganizationId(), req.GetProjectId(), req.GetApplicationId())
+	if err != nil {
+		return nil, err
+	}
+
+	key, err := s.query.GetAuthNKeyByIDWithPermission(ctx, true, strings.TrimSpace(req.GetId()), s.checkPermission, queries...)
+	if err != nil {
+		return nil, err
+	}
+
+	return &app.GetApplicationKeyResponse{
+		Id:             key.ID,
+		CreationDate:   timestamppb.New(key.CreationDate),
+		ExpirationDate: timestamppb.New(key.Expiration),
+	}, nil
+}
+
+func (s *Server) ListApplicationKeys(ctx context.Context, req *app.ListApplicationKeysRequest) (*app.ListApplicationKeysResponse, error) {
+	queries, err := convert.ListApplicationKeysRequestToDomain(s.systemDefaults, req)
+	if err != nil {
+		return nil, err
+	}
+
+	res, err := s.query.SearchAuthNKeys(ctx, queries, query.JoinFilterUnspecified, s.checkPermission)
+	if err != nil {
+		return nil, err
+	}
+
+	return &app.ListApplicationKeysResponse{
+		Keys:       convert.ApplicationKeysToPb(res.AuthNKeys),
+		Pagination: filter.QueryToPaginationPb(queries.SearchRequest, res.SearchResponse),
+	}, nil
+}
diff --git a/internal/api/grpc/management/project_application_converter.go b/internal/api/grpc/management/project_application_converter.go
index 186cedc933..fa31565445 100644
--- a/internal/api/grpc/management/project_application_converter.go
+++ b/internal/api/grpc/management/project_application_converter.go
@@ -177,7 +177,7 @@ func AddAPIClientKeyRequestToDomain(key *mgmt_pb.AddAppKeyRequest) *domain.Appli
 }
 
 func ListAPIClientKeysRequestToQuery(ctx context.Context, req *mgmt_pb.ListAppKeysRequest) (*query.AuthNKeySearchQueries, error) {
-	resourcOwner, err := query.NewAuthNKeyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
+	resourceOwner, err := query.NewAuthNKeyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
@@ -197,7 +197,7 @@ func ListAPIClientKeysRequestToQuery(ctx context.Context, req *mgmt_pb.ListAppKe
 			Asc:    asc,
 		},
 		Queries: []query.SearchQuery{
-			resourcOwner,
+			resourceOwner,
 			projectID,
 			appID,
 		},
diff --git a/internal/command/project_application_key.go b/internal/command/project_application_key.go
index 519e9fc30a..47dacdd638 100644
--- a/internal/command/project_application_key.go
+++ b/internal/command/project_application_key.go
@@ -38,6 +38,11 @@ func (c *Commands) AddApplicationKey(ctx context.Context, key *domain.Applicatio
 	if err != nil {
 		return nil, err
 	}
+
+	if resourceOwner == "" {
+		resourceOwner = application.ResourceOwner
+	}
+
 	if !application.State.Exists() {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-sak25", "Errors.Project.App.NotFound")
 	}
@@ -59,6 +64,10 @@ func (c *Commands) addApplicationKey(ctx context.Context, key *domain.Applicatio
 		return nil, err
 	}
 
+	if err := c.checkPermissionUpdateApplication(ctx, keyWriteModel.ResourceOwner, keyWriteModel.AggregateID); err != nil {
+		return nil, err
+	}
+
 	if !keyWriteModel.KeysAllowed {
 		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Dff54", "Errors.Project.App.AuthMethodNoPrivateKeyJWT")
 	}
@@ -110,6 +119,10 @@ func (c *Commands) RemoveApplicationKey(ctx context.Context, projectID, applicat
 		return nil, zerrors.ThrowNotFound(nil, "COMMAND-4m77G", "Errors.Project.App.Key.NotFound")
 	}
 
+	if err := c.checkPermissionUpdateApplication(ctx, keyWriteModel.ResourceOwner, keyWriteModel.AggregateID); err != nil {
+		return nil, err
+	}
+
 	pushedEvents, err := c.eventstore.Push(ctx, project.NewApplicationKeyRemovedEvent(ctx, ProjectAggregateFromWriteModel(&keyWriteModel.WriteModel), keyID))
 	if err != nil {
 		return nil, err
diff --git a/internal/command/project_application_key_test.go b/internal/command/project_application_key_test.go
index 9fd46c75f3..3402cab507 100644
--- a/internal/command/project_application_key_test.go
+++ b/internal/command/project_application_key_test.go
@@ -7,6 +7,7 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/zitadel/zitadel/internal/domain"
+	permissionmock "github.com/zitadel/zitadel/internal/domain/mock"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
 	"github.com/zitadel/zitadel/internal/id"
@@ -17,9 +18,10 @@ import (
 
 func TestCommandSide_AddAPIApplicationKey(t *testing.T) {
 	type fields struct {
-		eventstore  *eventstore.Eventstore
-		idGenerator id.Generator
-		keySize     int
+		eventstore          func(*testing.T) *eventstore.Eventstore
+		idGenerator         id.Generator
+		keySize             int
+		permissionCheckMock domain.PermissionCheck
 	}
 	type args struct {
 		ctx           context.Context
@@ -39,9 +41,8 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) {
 		{
 			name: "no aggregateid, invalid argument error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:          expectEventstore(),
+				permissionCheckMock: permissionmock.MockPermissionCheckOK(),
 			},
 			args: args{
 				ctx: context.Background(),
@@ -57,9 +58,8 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) {
 		{
 			name: "no appid, invalid argument error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
+				eventstore:          expectEventstore(),
+				permissionCheckMock: permissionmock.MockPermissionCheckOK(),
 			},
 			args: args{
 				ctx: context.Background(),
@@ -77,10 +77,8 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) {
 		{
 			name: "app not existing, not found error",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-					expectFilter(),
-				),
+				eventstore:          expectEventstore(expectFilter()),
+				permissionCheckMock: permissionmock.MockPermissionCheckOK(),
 			},
 			args: args{
 				ctx: context.Background(),
@@ -97,10 +95,9 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) {
 			},
 		},
 		{
-			name: "create key not allowed, precondition error",
+			name: "create key not allowed, precondition error 1",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewApplicationAddedEvent(context.Background(),
@@ -121,7 +118,8 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) {
 						),
 					),
 				),
-				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "key1"),
+				idGenerator:         id_mock.NewIDGeneratorExpectIDs(t, "key1"),
+				permissionCheckMock: permissionmock.MockPermissionCheckOK(),
 			},
 			args: args{
 				ctx: context.Background(),
@@ -138,10 +136,9 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) {
 			},
 		},
 		{
-			name: "create key not allowed, precondition error",
+			name: "permission check failed",
 			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
+				eventstore: expectEventstore(
 					expectFilter(
 						eventFromEventPusher(
 							project.NewApplicationAddedEvent(context.Background(),
@@ -162,8 +159,9 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) {
 						),
 					),
 				),
-				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "key1"),
-				keySize:     10,
+				idGenerator:         id_mock.NewIDGeneratorExpectIDs(t, "key1"),
+				keySize:             10,
+				permissionCheckMock: permissionmock.MockPermissionCheckErr(zerrors.ThrowPermissionDenied(nil, "mock.err", "mock permission check failed")),
 			},
 			args: args{
 				ctx: context.Background(),
@@ -175,6 +173,47 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) {
 				},
 				resourceOwner: "org1",
 			},
+			res: res{
+				err: zerrors.IsPermissionDenied,
+			},
+		},
+		{
+			name: "create key not allowed, precondition error 2",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewApplicationAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"app1",
+								"app",
+							),
+						),
+					),
+					expectFilter(
+						eventFromEventPusher(
+							project.NewAPIConfigAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"app1",
+								"client1@project",
+								"secret",
+								domain.APIAuthMethodTypeBasic),
+						),
+					),
+				),
+				idGenerator:         id_mock.NewIDGeneratorExpectIDs(t, "key1"),
+				keySize:             10,
+				permissionCheckMock: permissionmock.MockPermissionCheckOK(),
+			},
+			args: args{
+				ctx: context.Background(),
+				key: &domain.ApplicationKey{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID: "project1",
+					},
+					ApplicationID: "app1",
+				},
+			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
 			},
@@ -183,9 +222,10 @@ func TestCommandSide_AddAPIApplicationKey(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
-				eventstore:         tt.fields.eventstore,
+				eventstore:         tt.fields.eventstore(t),
 				idGenerator:        tt.fields.idGenerator,
 				applicationKeySize: tt.fields.keySize,
+				checkPermission:    tt.fields.permissionCheckMock,
 			}
 			got, err := r.AddApplicationKey(tt.args.ctx, tt.args.key, tt.args.resourceOwner)
 			if tt.res.err == nil {
diff --git a/internal/domain/mock/permission.go b/internal/domain/mock/permission.go
new file mode 100644
index 0000000000..9a3c6478c9
--- /dev/null
+++ b/internal/domain/mock/permission.go
@@ -0,0 +1,22 @@
+package permissionmock
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/zitadel/zitadel/internal/domain"
+)
+
+// MockPermissionCheckErr returns a permission check function that will fail
+// and return the input error
+func MockPermissionCheckErr(err error) domain.PermissionCheck {
+	return func(_ context.Context, _, _, _ string) error {
+		return err
+	}
+}
+
+// MockPermissionCheckOK returns a permission check function that will succeed
+func MockPermissionCheckOK() domain.PermissionCheck {
+	return func(_ context.Context, _, _, _ string) (err error) {
+		return nil
+	}
+}
diff --git a/internal/query/authn_key.go b/internal/query/authn_key.go
index 5a1f49d63c..abda5f011e 100644
--- a/internal/query/authn_key.go
+++ b/internal/query/authn_key.go
@@ -98,6 +98,7 @@ type AuthNKey struct {
 	ChangeDate    time.Time
 	ResourceOwner string
 	Sequence      uint64
+	ApplicationID string
 
 	Expiration time.Time
 	Type       domain.AuthNKeyType
@@ -222,6 +223,19 @@ func (q *Queries) SearchAuthNKeysData(ctx context.Context, queries *AuthNKeySear
 	return authNKeys, err
 }
 
+func (q *Queries) GetAuthNKeyByIDWithPermission(ctx context.Context, shouldTriggerBulk bool, id string, permissionCheck domain.PermissionCheck, queries ...SearchQuery) (*AuthNKey, error) {
+	key, err := q.GetAuthNKeyByID(ctx, shouldTriggerBulk, id, queries...)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := appCheckPermission(ctx, key.ResourceOwner, key.AggregateID, permissionCheck); err != nil {
+		return nil, err
+	}
+
+	return key, nil
+}
+
 func (q *Queries) GetAuthNKeyByID(ctx context.Context, shouldTriggerBulk bool, id string, queries ...SearchQuery) (key *AuthNKey, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
@@ -330,6 +344,7 @@ func prepareAuthNKeysQuery() (sq.SelectBuilder, func(rows *sql.Rows) (*AuthNKeys
 		AuthNKeyColumnSequence.identifier(),
 		AuthNKeyColumnExpiration.identifier(),
 		AuthNKeyColumnType.identifier(),
+		AuthNKeyColumnObjectID.identifier(),
 		countColumn.identifier(),
 	).From(authNKeyTable.identifier()).
 		PlaceholderFormat(sq.Dollar)
@@ -348,6 +363,7 @@ func prepareAuthNKeysQuery() (sq.SelectBuilder, func(rows *sql.Rows) (*AuthNKeys
 				&authNKey.Sequence,
 				&authNKey.Expiration,
 				&authNKey.Type,
+				&authNKey.ApplicationID,
 				&count,
 			)
 			if err != nil {
diff --git a/internal/query/authn_key_test.go b/internal/query/authn_key_test.go
index ce45185363..619ffaac8c 100644
--- a/internal/query/authn_key_test.go
+++ b/internal/query/authn_key_test.go
@@ -26,6 +26,7 @@ var (
 		` projections.authn_keys2.sequence,` +
 		` projections.authn_keys2.expiration,` +
 		` projections.authn_keys2.type,` +
+		` projections.authn_keys2.object_id,` +
 		` COUNT(*) OVER ()` +
 		` FROM projections.authn_keys2`
 	prepareAuthNKeysCols = []string{
@@ -37,6 +38,7 @@ var (
 		"sequence",
 		"expiration",
 		"type",
+		"object_id",
 		"count",
 	}
 
@@ -129,6 +131,7 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 							uint64(20211109),
 							testNow,
 							1,
+							"app1",
 						},
 					},
 				),
@@ -147,6 +150,7 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 						Sequence:      20211109,
 						Expiration:    testNow,
 						Type:          domain.AuthNKeyTypeJSON,
+						ApplicationID: "app1",
 					},
 				},
 			},
@@ -168,6 +172,7 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 							uint64(20211109),
 							testNow,
 							1,
+							"app1",
 						},
 						{
 							"id-2",
@@ -178,6 +183,7 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 							uint64(20211109),
 							testNow,
 							1,
+							"app1",
 						},
 					},
 				),
@@ -196,6 +202,7 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 						Sequence:      20211109,
 						Expiration:    testNow,
 						Type:          domain.AuthNKeyTypeJSON,
+						ApplicationID: "app1",
 					},
 					{
 						ID:            "id-2",
@@ -206,6 +213,7 @@ func Test_AuthNKeyPrepares(t *testing.T) {
 						Sequence:      20211109,
 						Expiration:    testNow,
 						Type:          domain.AuthNKeyTypeJSON,
+						ApplicationID: "app1",
 					},
 				},
 			},
diff --git a/proto/zitadel/app/v2beta/app.proto b/proto/zitadel/app/v2beta/app.proto
index f85e3c021d..f108f3bacb 100644
--- a/proto/zitadel/app/v2beta/app.proto
+++ b/proto/zitadel/app/v2beta/app.proto
@@ -92,3 +92,30 @@ message ApplicationNameQuery {
         }
     ];
 }
+
+enum ApplicationKeysSorting {
+    APPLICATION_KEYS_SORT_BY_ID = 0;
+    APPLICATION_KEYS_SORT_BY_PROJECT_ID = 1;
+    APPLICATION_KEYS_SORT_BY_APPLICATION_ID = 2;
+    APPLICATION_KEYS_SORT_BY_CREATION_DATE = 3;
+    APPLICATION_KEYS_SORT_BY_ORGANIZATION_ID = 4;
+    APPLICATION_KEYS_SORT_BY_EXPIRATION = 5;
+    APPLICATION_KEYS_SORT_BY_TYPE = 6;
+}
+
+message ApplicationKey {
+    string id = 1;
+    string application_id = 2;
+    string project_id = 3;
+    google.protobuf.Timestamp creation_date = 4 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"2024-12-18T07:50:47.492Z\"";
+        }
+    ];
+    string organization_id = 5;
+    google.protobuf.Timestamp expiration_date = 6 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"2024-12-18T07:50:47.492Z\"";
+        }
+    ];
+}
\ No newline at end of file
diff --git a/proto/zitadel/app/v2beta/app_service.proto b/proto/zitadel/app/v2beta/app_service.proto
index a881022caa..61cde73696 100644
--- a/proto/zitadel/app/v2beta/app_service.proto
+++ b/proto/zitadel/app/v2beta/app_service.proto
@@ -114,8 +114,6 @@ service AppService {
     //
     // Create an application. The application can be OIDC, API or SAML type, based on the input.
     //
-    // The user needs to have project.app.write permission
-    //
     // Required permissions:
     //   - project.app.write
     rpc CreateApplication(CreateApplicationRequest) returns (CreateApplicationResponse) {
@@ -145,8 +143,6 @@ service AppService {
     // Changes the configuration of an OIDC, API or SAML type application, as well as
     // the application name, based on the input provided.
     //
-    // The user needs to have project.app.write permission
-    //
     // Required permissions:
     //   - project.app.write
     rpc UpdateApplication(UpdateApplicationRequest) returns (UpdateApplicationResponse) {
@@ -175,8 +171,6 @@ service AppService {
     //
     // Retrieves the application matching the provided ID.
     //
-    // The user needs to have project.app.read permission
-    //
     // Required permissions:
     //   - project.app.read
     rpc GetApplication(GetApplicationRequest) returns (GetApplicationResponse) {
@@ -203,9 +197,7 @@ service AppService {
     // Delete Application
     //
     // Deletes the application belonging to the input project and matching the provided
-    // application ID
-    //
-    // The user needs to have project.app.delete permission
+    // application ID.
     //
     // Required permissions:
     //   - project.app.delete
@@ -233,9 +225,7 @@ service AppService {
     // Deactivate Application
     //
     // Deactivates the application belonging to the input project and matching the provided
-    // application ID
-    //
-    // The user needs to have project.app.write permission
+    // application ID.
     //
     // Required permissions:
     //   - project.app.write
@@ -264,9 +254,7 @@ service AppService {
     // Reactivate Application
     //
     // Reactivates the application belonging to the input project and matching the provided
-    // application ID
-    //
-    // The user needs to have project.app.write permission
+    // application ID.
     //
     // Required permissions:
     //   - project.app.write
@@ -297,8 +285,6 @@ service AppService {
     //
     // Regenerates the client secret of an API or OIDC application that belongs to the input project.
     // 
-    // The user needs to have project.app.write permission
-    //
     // Required permissions:
     //   - project.app.write
     rpc RegenerateClientSecret(RegenerateClientSecretRequest) returns (RegenerateClientSecretResponse) {
@@ -331,8 +317,6 @@ service AppService {
     // The result can be sorted by app id, name, creation date, change date or state. It can also
     // be filtered by app state, app type and app name.
     //
-    // The user needs to have project.app.read permission
-    //
     // Required permissions:
     //   - project.app.read
     rpc ListApplications(ListApplicationsRequest) returns (ListApplicationsResponse) {
@@ -356,6 +340,129 @@ service AppService {
             }
         };
     }
+
+
+    // Create Application Key 
+    //
+    // Create a new application key, which is used to authorize an API application.
+    //
+    // Key details are returned in the response. They must be stored safely, as it will not
+    // be possible to retrieve them again.
+    //
+    // Required permissions:
+    //   - `project.app.write`
+    rpc CreateApplicationKey(CreateApplicationKeyRequest) returns (CreateApplicationKeyResponse) {
+        option (google.api.http) = {
+            post: "/v2beta/application_keys"
+            body: "*"
+        };
+
+        option (zitadel.protoc_gen_zitadel.v2.options) = {
+            auth_option: {
+                permission: "authenticated"
+            }
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            responses: {
+                key: "200";
+                value: {
+                    description: "The created application key";
+                }
+            };
+        };
+    }
+
+    // Delete Application Key 
+    //
+    // Deletes an application key matching the provided ID.
+    //
+    // Organization ID is not mandatory, but helps with filtering/performance.
+    //
+    // The deletion time is returned in response message.
+    //
+    // Required permissions:
+    //   - `project.app.write`
+    rpc DeleteApplicationKey(DeleteApplicationKeyRequest) returns (DeleteApplicationKeyResponse) {
+        option (google.api.http) = {
+            delete: "/v2beta/application_keys/{id}"
+        };
+
+        option (zitadel.protoc_gen_zitadel.v2.options) = {
+            auth_option: {
+                permission: "authenticated"
+            }
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            responses: {
+                key: "200";
+                value: {
+                    description: "The time of deletion.";
+                }
+            };
+        };
+    }
+
+    // Get Application Key
+    //
+    // Retrieves the application key matching the provided ID.
+    //
+    // Specifying a project, organization and app ID is optional but help with filtering/performance.
+    //
+    // Required permissions:
+    //   - project.app.read
+    rpc GetApplicationKey(GetApplicationKeyRequest) returns (GetApplicationKeyResponse) {
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            responses: {
+                key: "200";
+                value: {
+                    description: "The fetched app key.";
+                }
+            };
+        };
+
+        option (google.api.http) = {
+            get: "/v2beta/application_keys/{id}"
+        };
+
+        option (zitadel.protoc_gen_zitadel.v2.options) = {
+            auth_option: {
+                permission: "authenticated"
+            }
+        };
+    }
+
+    // List Application Keys
+    //
+    // Returns a list of application keys matching the input parameters.
+    //
+    // The result can be sorted by id, aggregate, creation date, expiration date, resource owner or type.
+    // It can also be filtered by app, project or organization ID.
+    //
+    // Required permissions:
+    //   - project.app.read
+    rpc ListApplicationKeys(ListApplicationKeysRequest) returns (ListApplicationKeysResponse) {
+        option (google.api.http) = {
+            post: "/v2beta/application_keys/search"
+            body: "*"
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            responses: {
+                key: "200";
+                value: {
+                    description: "The matching applications";
+                }
+            };
+        };
+
+        option (zitadel.protoc_gen_zitadel.v2.options) = {
+            auth_option: {
+                permission: "authenticated"
+            }
+        };
+    }
 }
 
 message CreateApplicationRequest {
@@ -785,4 +892,103 @@ message ListApplicationsResponse {
 
     // Contains the total number of apps matching the query and the applied limit.
     zitadel.filter.v2.PaginationResponse pagination = 2;
-}
\ No newline at end of file
+}
+
+message CreateApplicationKeyRequest {
+    string app_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+
+    string project_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
+
+    // The date the key will expire
+    google.protobuf.Timestamp expiration_date = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"2519-04-01T08:45:00.000000Z\"";
+            description: "The date the key will expire";
+        }
+    ];
+}
+
+message CreateApplicationKeyResponse {
+    string id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"28746028909593987\"";
+        }
+    ];
+
+    // The timestamp of the app creation.
+    google.protobuf.Timestamp creation_date = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        example: "\"2024-12-18T07:50:47.492Z\"";
+        }
+    ];
+
+    bytes key_details = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"eyJ0eXBlIjoiYXBwbGljYXRpb24iLCJrZXlJZCI6IjIwMjcxMDE4NjYyMjcxNDExMyIsImtleSI6Ii0tLS0tQkVHSU4gUlNBIFBSSVZBVEUgS0VZLS0tLS1cbk1JSUVvd0lCQUFLQ0FRRUFuMUxyNStTV0pGRllURU1kaXQ2U0dNY0E2Yks5dG0xMmhlcm55V0wrZm9PWnA3eEVcbk9wcmsvWE81QVplSU5NY0x0ZVhxckJlK1NPdVVNMFpLU2xCMHFTNzNjVStDVTVMTGoycVB0UzhNOFI0N3BGdFhcbjJXRTFJNjNhZHB1N01TejA2SXduQ2lyNnJYOTVPQ2ZneHA3VU1Dd0pSTUZmYXJqdjVBRXY3NXpsSS9lYUV6bUJcbkxKWU1xanZFRmZoN2x3M2lPT3VsWW9kNjNpN3RDNWl5czNlYjNLZW4yWU0rN1FSbXB2dE5qcTJMVmlIMnkrUGJcbk9ESlI3MU9ib05TYVJDNTZDUFpWVytoWDByYXI3VzMwUjI2eGtIQ09oSytQbUpSeGtOY0g1VTdja0xXMEw0WEVcbnNNZkVUSmszeDR3Q0psbisxbElXUzkrNmw0R1E2TWRzWURyOU5RSURBUUFCQW9JQkFCSkx6WGQxMHFBZEQwekNcbnNGUFFOMnJNLzVmV3hONThONDR0YWF6QXg0VHp5K050UlZDTmxScGQvYkxuR2VjbHJIeVpDSmYycWcxcHNEMHJcbkowRGRlR2d0VXBFYWxsYk9scjNEZVBsUGkrYnNsK0RKOUk2c0VSUWwxTjZtQjVzZ0ZJZllBR3UwZjlFSXdIem9cblozR25yNnBRaEVmM0JPUVdsTVhVTlJNSksyOHp3M2E1L01nRmtKVUZUSTUzeXFwbGRtZ2hLajRZR1hLRk1LUGhcbkV3RkxrRncwK2s3K0xuSjFQNGp1ZVd1RXo3WlAyaFpvUWxCcXdSajVyTG9QZ05RbUU4UytFVDRuczlUYzByOFFcbnFyaHlacDZBczJrTDhGTytCZnF3SVpDZnpnWHN2cC9PLzRaSHIzVTB2Ymp3UW1sSzdVSm42U0J6T2hpWFpNU0lcbk5Wc0V5VUVDZ1lFQTFEaktkRGo3NTM1MWQzdlRNQlRFd2JSQ3hoUVZOdENFMnMwVUw4ckJQZ1I0K1dlblNUWmFcbnprWUprcEV0bE54VGxzYnN1Y0RTUXZqeWRYYk5nSHFBeDYzMm1vdTVkak9lR0VTUDFWVGtUdElsZFZQZWszQWxcbjVYbkpQa1dqWGVyVVJZNm5KeUQ5UWhlREx3MVp4NEFYVzNHWURiTFkrT05XV0VKUlJaQUloNjBDZ1lFQXdEQ2xcbnc1MHc4dkcvbEJ4RzNSYW9FaHdLOWNna1VXOHk2T25DekNwcEtjOEZUUmY1VE5iWjl5TzNXUmdYajhkeHRCakFcbkl5VGlzYk9NQk1VaFZKUUtGZHRQaDhoVDBwRkRjeE9ndzY0aHBtYzhyY2RTbXVKNzlYSVRTaHUySjA0N0UvNFZcbnJOTThpWVk5ZGR3VGdGUUlsdFNZL0l0RnFxWERmdjhqK1dVY25La0NnWUVBaENOUU80bDNuNjRucWR2WnBTaHBcblVrclJBTkJrWFJyOGZkZ1BaNnFSSS9KWStNSEhjVmg4dGM3NkN0NkdTUmZlbkJVRU5LeVF2czZPK1FDZCtBOU9cbnZBWGZkRjduZldlcVdtWG1RT2g0dDNNMWk1WkxFZlpVUWt2UU9BdllLcFFhMDZ4OCsyb1pCdHZvL0pVTmY2Q0xcbjZvNFNKUVZrLzZOZGtkckpDODBnNG9rQ2dZQkZsNWYrbkVYa1F0dWZVeG5wNXRGWE5XWldsM0ZuTjMvVXpRaW5cbmkxZm5OcnB4cnhPcjJrUzA4KzdwU1FzSEdpNDNDNXRQWG9UajJlTUN1eXNWaUVHYXBuNUc2YWhJb0NjdlhWVWlcblprUnpFQUR0NERZdU5ZS3pYdXBUTkhPaUNmYmtoMlhyM2RXVzZ0QUloSGRmU1k2T3AwNzZhNmYvWWVUSGNMWGpcbkVkVHBlUUtCZ0FPdnBqcDQ4TzRUWEZkU0JLSnYya005OHVhUjlSQURtdGxTWHd2cTlyQkhTV084NFk4bzE0L1Bcbkl1UmxUOHhROGRYKzhMR21UUCtjcUtiOFFRQ1grQk1YUWxMSEVtWnpnb0xFa0pGMUVIMm4vZEZ5bngxS3prdFNcbm9UZUdsRzZhbXhVOVh4eW9RVFlEVGJCbERwc2FZUlFBZ2FUQzM3UVZRUjhmK1ZoRzFHSFFcbi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tXG4iLCJhcHBJZCI6IjIwMjcwNjM5ODgxMzg4MDU3NyIsImNsaWVudElkIjoiMjAyNzA2Mzk4ODEzOTQ2MTEzQG15dGVzdHByb2plY3QifQ==\"";
+        }
+    ];
+}
+
+message DeleteApplicationKeyRequest {
+    string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string project_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string application_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string organization_id = 4 [(validate.rules).string = {max_len: 200}];
+}
+
+message DeleteApplicationKeyResponse {
+    google.protobuf.Timestamp deletion_date = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"2025-01-23T10:34:18.051Z\"";
+        }
+    ];
+}
+
+message GetApplicationKeyRequest {
+    string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string project_id = 2 [(validate.rules).string = {max_len: 200}];
+    string application_id = 3 [(validate.rules).string = {max_len: 200}];
+    string organization_id = 4 [(validate.rules).string = {max_len: 200}];
+}
+
+message GetApplicationKeyResponse {
+    string id = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"69629023906488334\"";
+        }
+    ];
+
+    google.protobuf.Timestamp creation_date = 2 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"2025-01-23T10:34:18.051Z\"";
+        }
+    ];
+
+    // the date a key will expire
+    google.protobuf.Timestamp expiration_date = 3 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "the date a key will expire";
+            example: "\"3019-04-01T08:45:00.000000Z\"";
+        }
+    ];
+}
+
+message ListApplicationKeysRequest {
+    // Pagination and sorting.
+    zitadel.filter.v2.PaginationRequest pagination = 1;
+
+    ApplicationKeysSorting sorting_column = 2;
+
+    oneof resource_id {
+        string application_id = 3 [(validate.rules).string = {min_len: 1; max_len: 200}];
+        string project_id = 4 [(validate.rules).string = {min_len: 1; max_len: 200}];
+        string organization_id = 5 [(validate.rules).string = {min_len: 1; max_len: 200}];
+    }
+}
+
+message ListApplicationKeysResponse {
+    repeated ApplicationKey keys = 1;
+
+    // Contains the total number of app keys matching the query and the applied limit.
+    zitadel.filter.v2.PaginationResponse pagination = 2;
+}
diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto
index 74d5dcf60b..bb62e2eba6 100644
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -3709,6 +3709,7 @@ service ManagementService {
         };
     }
 
+    // Deprecated: Use [GetApplicationKey](/apis/resources/application_service_v2/application-service-get-application-key.api.mdx) instead to get an application key
     rpc GetAppKey(GetAppKeyRequest) returns (GetAppKeyResponse) {
         option (google.api.http) = {
             get: "/projects/{project_id}/apps/{app_id}/keys/{key_id}"
@@ -3731,9 +3732,11 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true;
         };
     }
 
+    // Deprecated: Use [ListApplicationKeys](/apis/resources/application_service_v2/application-service-list-application-keys.api.mdx) instead to list application keys
     rpc ListAppKeys(ListAppKeysRequest) returns (ListAppKeysResponse) {
         option (google.api.http) = {
             post: "/projects/{project_id}/apps/{app_id}/keys/_search"
@@ -3760,6 +3763,8 @@ service ManagementService {
         };
     }
 
+    // Deprecated: Use [CreateApplicationKey](/apis/resources/application_service_v2/application-service-create-application-key.api.mdx) instead to
+    // create an application key
     rpc AddAppKey(AddAppKeyRequest) returns (AddAppKeyResponse){
         option (google.api.http) = {
             post: "/projects/{project_id}/apps/{app_id}/keys"
@@ -3783,9 +3788,12 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true;
         };
     }
 
+    // Deprecated: Use [DeleteApplicationKey](/apis/resources/application_service_v2/application-service-delete-application-key.api.mdx) instead to
+    // delete an application key
     rpc RemoveAppKey(RemoveAppKeyRequest) returns (RemoveAppKeyResponse) {
         option (google.api.http) = {
             delete: "/projects/{project_id}/apps/{app_id}/keys/{key_id}"
@@ -3808,6 +3816,7 @@ service ManagementService {
                     required: false;
                 };
             };
+            deprecated: true;
         };
     }
 

From 2928c6ac2bba8799f002fca0548f165f8cfe1be0 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 2 Jul 2025 10:04:19 +0200
Subject: [PATCH 113/123] chore(login): migrate nextjs login to monorepo
 (#10134)

# Which Problems Are Solved

We move the login code to the zitadel repo.

# How the Problems Are Solved

The login repo is added to ./login as a git subtree pulled from the
dockerize-ci branch.
Apart from the login code, this PR contains the changes from #10116

# Additional Context

- Closes https://github.com/zitadel/typescript/issues/474
- Also merges #10116
- Merging is blocked by failing check because of:
- https://github.com/zitadel/zitadel/pull/10134#issuecomment-3012086106

---------

Co-authored-by: Max Peintner <peintnerm@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Florian Forster <florian@zitadel.com>
---
 .github/dependabot.yml                        |   13 +
 .github/workflows/build.yml                   |   28 +-
 .github/workflows/compile.yml                 |   36 +-
 .github/workflows/login-container.yml         |   63 +
 .github/workflows/login-quality.yml           |   59 +
 .github/workflows/release.yml                 |   70 +
 .golangci.yaml                                |    1 +
 LICENSING.md                                  |    7 +
 Makefile                                      |   50 +-
 build/Dockerfile.gitignore                    |    3 +
 cmd/defaults.yaml                             |   10 +-
 docker-bake.hcl                               |    5 +
 dockerfiles/proto-files.Dockerfile            |    8 +
 .../proto-files.Dockerfile.dockerignore       |    2 +
 .../typescript-proto-client.Dockerfile        |    8 +
 ...cript-proto-client.Dockerfile.dockerignore |   11 +
 e2e/config/host.docker.internal/zitadel.yaml  |    3 +
 e2e/config/localhost/zitadel.yaml             |    3 +
 internal/integration/config/zitadel.yaml      |    7 +
 login/.changeset/README.md                    |    8 +
 login/.changeset/config.json                  |   11 +
 login/.eslintrc.cjs                           |   10 +
 login/.github/ISSUE_TEMPLATE/bug.yaml         |   63 +
 login/.github/ISSUE_TEMPLATE/config.yml       |    4 +
 login/.github/ISSUE_TEMPLATE/docs.yaml        |   30 +
 login/.github/ISSUE_TEMPLATE/improvement.yaml |   54 +
 login/.github/ISSUE_TEMPLATE/proposal.yaml    |   54 +
 login/.github/custom-i18n.png                 |  Bin 0 -> 85028 bytes
 login/.github/dependabot.yml                  |   21 +
 login/.github/pull_request_template.md        |   13 +
 login/.github/workflows/close_pr.yml          |   35 +
 login/.github/workflows/issues.yml            |   41 +
 login/.github/workflows/release.yml           |   32 +
 login/.github/workflows/test.yml              |   67 +
 login/.gitignore                              |   18 +
 login/.npmrc                                  |    1 +
 login/.nvmrc                                  |    1 +
 login/.prettierignore                         |    9 +
 login/.prettierrc                             |    6 +
 login/CODE_OF_CONDUCT.md                      |  128 +
 login/CONTRIBUTING.md                         |  206 +
 login/LICENSE                                 |   21 +
 login/Makefile                                |  137 +
 login/README.md                               |  264 +
 login/acceptance/docker-compose.yaml          |   71 +
 login/apps/login-test-acceptance/.gitignore   |    1 +
 .../docker-compose-ci.yaml                    |   59 +
 .../login-test-acceptance/docker-compose.yaml |  237 +
 .../go-command.Dockerfile                     |   11 +
 .../login-test-acceptance/idp/oidc/go.mod     |   28 +
 .../login-test-acceptance/idp/oidc/go.sum     |   71 +
 .../login-test-acceptance/idp/oidc/main.go    |  186 +
 .../login-test-acceptance/idp/saml/go.mod     |   16 +
 .../login-test-acceptance/idp/saml/go.sum     |   49 +
 .../login-test-acceptance/idp/saml/main.go    |  328 +
 .../apps/login-test-acceptance/oidcrp/go.mod  |   26 +
 .../apps/login-test-acceptance/oidcrp/go.sum  |   67 +
 .../apps/login-test-acceptance/oidcrp/main.go |  322 +
 login/apps/login-test-acceptance/package.json |   18 +
 .../apps/login-test-acceptance/pat/.gitignore |    2 +
 login/apps/login-test-acceptance/pat/.gitkeep |    0
 .../playwright-report/.gitignore              |    2 +
 .../playwright-report/.gitkeep                |    0
 .../playwright.config.ts                      |   78 +
 .../apps/login-test-acceptance/samlsp/go.mod  |   18 +
 .../apps/login-test-acceptance/samlsp/go.sum  |   38 +
 .../apps/login-test-acceptance/samlsp/main.go |  271 +
 login/apps/login-test-acceptance/setup/go.mod |    3 +
 login/apps/login-test-acceptance/setup/go.sum |    0
 .../apps/login-test-acceptance/setup/main.go  |    3 +
 .../apps/login-test-acceptance/setup/setup.sh |  139 +
 login/apps/login-test-acceptance/sink/go.mod  |    3 +
 login/apps/login-test-acceptance/sink/go.sum  |    0
 login/apps/login-test-acceptance/sink/main.go |  111 +
 .../test-results/.gitignore                   |    2 +
 .../test-results/.gitkeep                     |    0
 .../login-test-acceptance/tests/admin.spec.ts |    7 +
 .../tests/code-screen.ts                      |   12 +
 .../apps/login-test-acceptance/tests/code.ts  |   17 +
 .../tests/email-verify-screen.ts              |   12 +
 .../tests/email-verify.spec.ts                |   69 +
 .../tests/email-verify.ts                     |   15 +
 .../tests/idp-apple.spec.ts                   |  102 +
 .../tests/idp-generic-jwt.spec.ts             |   99 +
 .../tests/idp-generic-oauth.spec.ts           |   99 +
 .../tests/idp-generic-oidc.spec.ts            |  101 +
 .../tests/idp-github-enterprise.spec.ts       |  103 +
 .../tests/idp-github.spec.ts                  |  103 +
 .../tests/idp-gitlab-self-hosted.spec.ts      |  103 +
 .../tests/idp-gitlab.spec.ts                  |  103 +
 .../tests/idp-google.spec.ts                  |   99 +
 .../tests/idp-ldap.spec.ts                    |   99 +
 .../tests/idp-microsoft.spec.ts               |  102 +
 .../tests/idp-saml.spec.ts                    |  103 +
 .../login-configuration-possiblities.spec.ts  |   57 +
 .../apps/login-test-acceptance/tests/login.ts |   41 +
 .../tests/loginname-screen.ts                 |   12 +
 .../login-test-acceptance/tests/loginname.ts  |    7 +
 .../login-test-acceptance/tests/passkey.ts    |  109 +
 .../tests/password-screen.ts                  |   98 +
 .../login-test-acceptance/tests/password.ts   |   29 +
 .../tests/register-screen.ts                  |   27 +
 .../tests/register.spec.ts                    |  183 +
 .../login-test-acceptance/tests/register.ts   |   39 +
 .../tests/select-account.ts                   |    5 +
 .../apps/login-test-acceptance/tests/sink.ts  |   43 +
 .../apps/login-test-acceptance/tests/user.ts  |  177 +
 .../tests/username-passkey.spec.ts            |   43 +
 .../username-password-change-required.spec.ts |   41 +
 .../tests/username-password-changed.spec.ts   |   54 +
 .../tests/username-password-otp_email.spec.ts |   98 +
 .../tests/username-password-otp_sms.spec.ts   |   71 +
 .../tests/username-password-set.spec.ts       |   52 +
 .../tests/username-password-totp.spec.ts      |   71 +
 .../tests/username-password-u2f.spec.ts       |   26 +
 .../tests/username-password.spec.ts           |  157 +
 .../login-test-acceptance/tests/welcome.ts    |    6 +
 .../login-test-acceptance/tests/zitadel.ts    |  190 +
 login/apps/login-test-acceptance/turbo.json   |   10 +
 login/apps/login-test-acceptance/zitadel.yaml |   83 +
 login/apps/login-test-integration/.gitignore  |    2 +
 .../core-mock/Dockerfile                      |    9 +
 .../zitadel.settings.v2.SettingsService.json  |   59 +
 .../core-mock/mocked-services.cfg             |    7 +
 .../login-test-integration/cypress.config.ts  |   14 +
 .../docker-compose.yaml                       |   30 +
 .../fixtures/example.json                     |    5 +
 .../integration/invite.cy.ts                  |  110 +
 .../integration/login.cy.ts                   |  172 +
 .../integration/register-idp.cy.ts            |   21 +
 .../integration/register.cy.ts                |   73 +
 .../integration/verify.cy.ts                  |   95 +
 .../apps/login-test-integration/package.json  |   17 +
 .../login-test-integration/support/e2e.ts     |   29 +
 .../apps/login-test-integration/tsconfig.json |    8 +
 login/apps/login-test-integration/turbo.json  |   10 +
 login/apps/login/.env.test                    |    5 +
 login/apps/login/.eslintrc.cjs                |   12 +
 login/apps/login/.gitignore                   |    3 +
 login/apps/login/.prettierignore              |    2 +
 login/apps/login/constants/csp.js             |    2 +
 login/apps/login/locales/de.json              |  250 +
 login/apps/login/locales/en.json              |  250 +
 login/apps/login/locales/es.json              |  250 +
 login/apps/login/locales/it.json              |  250 +
 login/apps/login/locales/pl.json              |  250 +
 login/apps/login/locales/ru.json              |  250 +
 login/apps/login/locales/zh.json              |  250 +
 login/apps/login/next-env-vars.d.ts           |   33 +
 login/apps/login/next-env.d.ts                |    5 +
 login/apps/login/next.config.mjs              |   83 +
 login/apps/login/package.json                 |   75 +
 login/apps/login/postcss.config.cjs           |    6 +
 login/apps/login/prettier.config.mjs          |    1 +
 login/apps/login/public/checkbox.svg          |    1 +
 login/apps/login/public/favicon.ico           |  Bin 0 -> 15086 bytes
 .../public/favicon/android-chrome-192x192.png |  Bin 0 -> 17828 bytes
 .../public/favicon/android-chrome-512x512.png |  Bin 0 -> 137768 bytes
 .../login/public/favicon/apple-touch-icon.png |  Bin 0 -> 18112 bytes
 .../login/public/favicon/browserconfig.xml    |    9 +
 .../login/public/favicon/favicon-16x16.png    |  Bin 0 -> 1551 bytes
 .../login/public/favicon/favicon-32x32.png    |  Bin 0 -> 2050 bytes
 login/apps/login/public/favicon/favicon.ico   |  Bin 0 -> 15086 bytes
 .../login/public/favicon/mstile-150x150.png   |  Bin 0 -> 13206 bytes
 .../login/public/favicon/site.webmanifest     |   19 +
 login/apps/login/public/grid-dark.svg         |    5 +
 login/apps/login/public/grid-light.svg        |    5 +
 .../logo/zitadel-logo-solo-darkdesign.svg     |   74 +
 .../logo/zitadel-logo-solo-lightdesign.svg    |   76 +
 login/apps/login/public/zitadel-logo-dark.svg |  101 +
 .../apps/login/public/zitadel-logo-light.svg  |   99 +
 login/apps/login/readme.md                    |  394 +
 login/apps/login/screenshots/accounts.png     |  Bin 0 -> 159830 bytes
 .../login/screenshots/accounts_jumpto.png     |  Bin 0 -> 15180 bytes
 login/apps/login/screenshots/collage.png      |  Bin 0 -> 288519 bytes
 login/apps/login/screenshots/idp.png          |  Bin 0 -> 86616 bytes
 login/apps/login/screenshots/loginname.png    |  Bin 0 -> 114853 bytes
 login/apps/login/screenshots/mfa.png          |  Bin 0 -> 104053 bytes
 login/apps/login/screenshots/mfaset.png       |  Bin 0 -> 116794 bytes
 login/apps/login/screenshots/otp.png          |  Bin 0 -> 84122 bytes
 login/apps/login/screenshots/otpset.png       |  Bin 0 -> 146885 bytes
 login/apps/login/screenshots/passkey.png      |  Bin 0 -> 86883 bytes
 login/apps/login/screenshots/password.png     |  Bin 0 -> 84874 bytes
 .../login/screenshots/password_change.png     |  Bin 0 -> 123203 bytes
 login/apps/login/screenshots/password_set.png |  Bin 0 -> 153578 bytes
 login/apps/login/screenshots/register.png     |  Bin 0 -> 161800 bytes
 .../login/screenshots/register_password.png   |  Bin 0 -> 118094 bytes
 login/apps/login/screenshots/signedin.png     |  Bin 0 -> 60794 bytes
 login/apps/login/screenshots/u2f.png          |  Bin 0 -> 76779 bytes
 login/apps/login/screenshots/u2fset.png       |  Bin 0 -> 90769 bytes
 login/apps/login/screenshots/verify.png       |  Bin 0 -> 67934 bytes
 .../login/src/app/(login)/accounts/page.tsx   |   97 +
 .../app/(login)/authenticator/set/page.tsx    |  218 +
 .../src/app/(login)/device/consent/page.tsx   |   99 +
 .../login/src/app/(login)/device/page.tsx     |   48 +
 login/apps/login/src/app/(login)/error.tsx    |   27 +
 .../(login)/idp/[provider]/failure/page.tsx   |  105 +
 .../(login)/idp/[provider]/success/page.tsx   |  340 +
 .../login/src/app/(login)/idp/ldap/page.tsx   |   56 +
 login/apps/login/src/app/(login)/idp/page.tsx |   51 +
 login/apps/login/src/app/(login)/layout.tsx   |   62 +
 .../login/src/app/(login)/loginname/page.tsx  |   93 +
 .../login/src/app/(login)/logout/page.tsx     |   86 +
 .../src/app/(login)/logout/success/page.tsx   |   43 +
 login/apps/login/src/app/(login)/mfa/page.tsx |  134 +
 .../login/src/app/(login)/mfa/set/page.tsx    |  174 +
 .../src/app/(login)/otp/[method]/page.tsx     |  136 +
 .../src/app/(login)/otp/[method]/set/page.tsx |  204 +
 login/apps/login/src/app/(login)/page.tsx     |    8 +
 .../login/src/app/(login)/passkey/page.tsx    |   89 +
 .../src/app/(login)/passkey/set/page.tsx      |   85 +
 .../src/app/(login)/password/change/page.tsx  |  100 +
 .../login/src/app/(login)/password/page.tsx   |  102 +
 .../src/app/(login)/password/set/page.tsx     |  137 +
 .../login/src/app/(login)/register/page.tsx   |  136 +
 .../app/(login)/register/password/page.tsx    |  100 +
 .../login/src/app/(login)/saml-post/route.ts  |   30 +
 .../login/src/app/(login)/signedin/page.tsx   |  141 +
 login/apps/login/src/app/(login)/u2f/page.tsx |   96 +
 .../login/src/app/(login)/u2f/set/page.tsx    |   76 +
 .../login/src/app/(login)/verify/page.tsx     |  174 +
 .../src/app/(login)/verify/success/page.tsx   |   92 +
 login/apps/login/src/app/global-error.tsx     |   36 +
 login/apps/login/src/app/healthy/route.ts     |    5 +
 login/apps/login/src/app/login/route.ts       |  557 +
 login/apps/login/src/app/security/route.ts    |   28 +
 .../apps/login/src/components/address-bar.tsx |   61 +
 login/apps/login/src/components/alert.tsx     |   45 +
 .../apps/login/src/components/app-avatar.tsx  |   48 +
 .../login/src/components/auth-methods.tsx     |  234 +
 .../authentication-method-radio.tsx           |  104 +
 login/apps/login/src/components/avatar.tsx    |   97 +
 .../apps/login/src/components/back-button.tsx |   18 +
 login/apps/login/src/components/boundary.tsx  |   83 +
 login/apps/login/src/components/button.tsx    |   74 +
 .../src/components/change-password-form.tsx   |  211 +
 login/apps/login/src/components/checkbox.tsx  |   62 +
 .../choose-authenticator-to-login.tsx         |   38 +
 .../choose-authenticator-to-setup.tsx         |   51 +
 .../choose-second-factor-to-setup.tsx         |  119 +
 .../src/components/choose-second-factor.tsx   |   54 +
 login/apps/login/src/components/consent.tsx   |  116 +
 .../src/components/copy-to-clipboard.tsx      |   41 +
 .../login/src/components/default-tags.tsx     |   32 +
 .../login/src/components/device-code-form.tsx |   95 +
 .../login/src/components/dynamic-theme.tsx    |   43 +
 .../login/src/components/external-link.tsx    |   21 +
 .../apps/login/src/components/idp-signin.tsx  |   67 +
 .../login/src/components/idps/base-button.tsx |   41 +
 .../components/idps/pages/complete-idp.tsx    |   55 +
 .../components/idps/pages/linking-failed.tsx  |   27 +
 .../components/idps/pages/linking-success.tsx |   30 +
 .../components/idps/pages/login-failed.tsx    |   24 +
 .../components/idps/pages/login-success.tsx   |   30 +
 .../components/idps/sign-in-with-apple.tsx    |   36 +
 .../components/idps/sign-in-with-azure-ad.tsx |   42 +
 .../components/idps/sign-in-with-generic.tsx  |   21 +
 .../components/idps/sign-in-with-github.tsx   |   64 +
 .../idps/sign-in-with-gitlab.test.tsx         |   45 +
 .../components/idps/sign-in-with-gitlab.tsx   |   53 +
 .../idps/sign-in-with-google.test.tsx         |   44 +
 .../components/idps/sign-in-with-google.tsx   |   66 +
 login/apps/login/src/components/input.tsx     |  102 +
 .../src/components/language-provider.tsx      |   13 +
 .../src/components/language-switcher.tsx      |   74 +
 .../login/src/components/layout-providers.tsx |   17 +
 .../ldap-username-password-form.tsx           |  109 +
 login/apps/login/src/components/login-otp.tsx |  284 +
 .../login/src/components/login-passkey.tsx    |  280 +
 login/apps/login/src/components/logo.tsx      |   37 +
 .../components/password-complexity.test.tsx   |   64 +
 .../src/components/password-complexity.tsx    |   99 +
 .../login/src/components/password-form.tsx    |  176 +
 .../components/privacy-policy-checkboxes.tsx  |  105 +
 .../register-form-idp-incomplete.tsx          |  156 +
 .../login/src/components/register-form.tsx    |  227 +
 .../login/src/components/register-passkey.tsx |  220 +
 .../login/src/components/register-u2f.tsx     |  225 +
 .../src/components/self-service-menu.tsx      |   42 +
 .../src/components/session-clear-item.tsx     |  105 +
 .../login/src/components/session-item.tsx     |  156 +
 .../src/components/sessions-clear-list.tsx    |  109 +
 .../login/src/components/sessions-list.tsx    |   50 +
 .../src/components/set-password-form.tsx      |  286 +
 .../components/set-register-password-form.tsx |  170 +
 .../login/src/components/sign-in-with-idp.tsx |   93 +
 .../login/src/components/skeleton-card.tsx    |   16 +
 login/apps/login/src/components/skeleton.tsx  |    9 +
 login/apps/login/src/components/spinner.tsx   |   22 +
 .../apps/login/src/components/state-badge.tsx |   40 +
 login/apps/login/src/components/tab-group.tsx |   16 +
 login/apps/login/src/components/tab.tsx       |   35 +
 .../login/src/components/theme-provider.tsx   |   16 +
 .../login/src/components/theme-wrapper.tsx    |   18 +
 login/apps/login/src/components/theme.tsx     |   44 +
 .../login/src/components/totp-register.tsx    |  157 +
 .../apps/login/src/components/translated.tsx  |   23 +
 .../apps/login/src/components/user-avatar.tsx |   59 +
 .../login/src/components/username-form.tsx    |  156 +
 .../apps/login/src/components/verify-form.tsx |  168 +
 .../src/components/zitadel-logo-dark.tsx      |  210 +
 .../src/components/zitadel-logo-light.tsx     |  210 +
 .../login/src/components/zitadel-logo.tsx     |   32 +
 login/apps/login/src/helpers/base64.ts        |   63 +
 login/apps/login/src/helpers/colors.ts        |  439 +
 login/apps/login/src/helpers/validators.ts    |   19 +
 login/apps/login/src/i18n/request.ts          |   59 +
 login/apps/login/src/lib/api.ts               |   17 +
 login/apps/login/src/lib/client.ts            |   80 +
 login/apps/login/src/lib/cookies.ts           |  341 +
 login/apps/login/src/lib/demos.ts             |   38 +
 login/apps/login/src/lib/fingerprint.ts       |   66 +
 login/apps/login/src/lib/hooks.ts             |   14 +
 login/apps/login/src/lib/i18n.ts              |   38 +
 login/apps/login/src/lib/idp.ts               |   77 +
 login/apps/login/src/lib/oidc.ts              |  132 +
 login/apps/login/src/lib/saml.ts              |  130 +
 login/apps/login/src/lib/self.ts              |   60 +
 login/apps/login/src/lib/server/cookie.ts     |  278 +
 login/apps/login/src/lib/server/device.ts     |   20 +
 login/apps/login/src/lib/server/idp.ts        |  241 +
 login/apps/login/src/lib/server/loginname.ts  |  454 +
 login/apps/login/src/lib/server/oidc.ts       |   15 +
 login/apps/login/src/lib/server/otp.ts        |   83 +
 login/apps/login/src/lib/server/passkeys.ts   |  278 +
 login/apps/login/src/lib/server/password.ts   |  460 +
 login/apps/login/src/lib/server/register.ts   |  233 +
 login/apps/login/src/lib/server/session.ts    |  221 +
 login/apps/login/src/lib/server/u2f.ts        |  103 +
 login/apps/login/src/lib/server/verify.ts     |  329 +
 login/apps/login/src/lib/service-url.ts       |   58 +
 login/apps/login/src/lib/service.ts           |   49 +
 login/apps/login/src/lib/session.ts           |  194 +
 login/apps/login/src/lib/verify-helper.ts     |  289 +
 login/apps/login/src/lib/zitadel.ts           | 1525 +++
 login/apps/login/src/middleware.ts            |  109 +
 login/apps/login/src/styles/globals.scss      |   65 +
 login/apps/login/src/styles/vars.scss         |  174 +
 login/apps/login/tailwind.config.mjs          |  117 +
 login/apps/login/tsconfig.json                |   24 +
 login/apps/login/turbo.json                   |   22 +
 login/apps/login/vitest.config.mts            |   12 +
 login/docker-bake.hcl                         |  145 +
 login/dockerfiles/login-client.Dockerfile     |    7 +
 .../login-client.Dockerfile.dockerignore      |   11 +
 login/dockerfiles/login-dev-base.Dockerfile   |    3 +
 .../login-dev-base.Dockerfile.dockerignore    |    1 +
 login/dockerfiles/login-lint.Dockerfile       |    7 +
 .../login-lint.Dockerfile.dockerignore        |   25 +
 login/dockerfiles/login-pnpm.Dockerfile       |   10 +
 .../login-pnpm.Dockerfile.dockerignore        |    6 +
 login/dockerfiles/login-standalone.Dockerfile |   34 +
 .../login-standalone.Dockerfile.dockerignore  |   17 +
 .../login-test-acceptance.Dockerfile          |    8 +
 ...in-test-acceptance.Dockerfile.dockerignore |    5 +
 .../login-test-integration.Dockerfile         |   11 +
 ...n-test-integration.Dockerfile.dockerignore |    9 +
 login/dockerfiles/login-test-unit.Dockerfile  |    6 +
 .../login-test-unit.Dockerfile.dockerignore   |   13 +
 ...gin-typescript-proto-client-out.Dockerfile |    5 +
 ...t-proto-client-out.Dockerfile.dockerignore |    1 +
 login/dockerfiles/proto-files.Dockerfile      |    8 +
 .../proto-files.Dockerfile.dockerignore       |    1 +
 .../typescript-proto-client.Dockerfile        |    6 +
 ...cript-proto-client.Dockerfile.dockerignore |   11 +
 login/meta.json                               |    4 +
 login/package.json                            |   55 +
 login/packages/zitadel-client/.eslintrc.cjs   |    4 +
 login/packages/zitadel-client/.gitignore      |    4 +
 login/packages/zitadel-client/CHANGELOG.md    |   77 +
 login/packages/zitadel-client/README.md       |   53 +
 login/packages/zitadel-client/package.json    |   71 +
 login/packages/zitadel-client/src/helpers.ts  |   11 +
 login/packages/zitadel-client/src/index.ts    |   10 +
 .../zitadel-client/src/interceptors.test.ts   |   67 +
 .../zitadel-client/src/interceptors.ts        |   16 +
 login/packages/zitadel-client/src/node.ts     |   36 +
 login/packages/zitadel-client/src/v1.ts       |   11 +
 login/packages/zitadel-client/src/v2.ts       |   27 +
 login/packages/zitadel-client/src/v3alpha.ts  |    6 +
 login/packages/zitadel-client/src/web.ts      |   15 +
 login/packages/zitadel-client/tsconfig.json   |    5 +
 login/packages/zitadel-client/tsup.config.ts  |   13 +
 login/packages/zitadel-client/turbo.json      |   12 +
 .../zitadel-eslint-config/CHANGELOG.md        |   13 +
 .../packages/zitadel-eslint-config/README.md  |   35 +
 login/packages/zitadel-eslint-config/index.js |   13 +
 .../zitadel-eslint-config/package.json        |   17 +
 .../zitadel-prettier-config/CHANGELOG.md      |   13 +
 .../zitadel-prettier-config/README.md         |   36 +
 .../packages/zitadel-prettier-config/index.js |   11 +
 .../zitadel-prettier-config/package.json      |   12 +
 login/packages/zitadel-proto/.gitignore       |    5 +
 login/packages/zitadel-proto/CHANGELOG.md     |   47 +
 login/packages/zitadel-proto/README.md        |   35 +
 login/packages/zitadel-proto/buf.gen.yaml     |   10 +
 login/packages/zitadel-proto/package.json     |   26 +
 login/packages/zitadel-proto/turbo.json       |    9 +
 .../zitadel-tailwind-config/CHANGELOG.md      |   13 +
 .../zitadel-tailwind-config/README.md         |   36 +
 .../zitadel-tailwind-config/package.json      |   12 +
 .../tailwind.config.mjs                       |   97 +
 login/packages/zitadel-tsconfig/CHANGELOG.md  |   13 +
 login/packages/zitadel-tsconfig/README.md     |   35 +
 login/packages/zitadel-tsconfig/base.json     |   20 +
 login/packages/zitadel-tsconfig/nextjs.json   |   32 +
 login/packages/zitadel-tsconfig/node20.json   |   10 +
 login/packages/zitadel-tsconfig/package.json  |    9 +
 .../zitadel-tsconfig/react-library.json       |   11 +
 login/packages/zitadel-tsconfig/tsup.json     |    5 +
 login/pnpm-lock.yaml                          | 9519 +++++++++++++++++
 login/pnpm-workspace.yaml                     |    3 +
 login/scripts/entrypoint.sh                   |   11 +
 login/scripts/healthcheck.js                  |   14 +
 login/scripts/run_or_skip.sh                  |   67 +
 login/turbo.json                              |   51 +
 416 files changed, 38969 insertions(+), 10 deletions(-)
 create mode 100644 .github/workflows/login-container.yml
 create mode 100644 .github/workflows/login-quality.yml
 create mode 100644 build/Dockerfile.gitignore
 create mode 100644 docker-bake.hcl
 create mode 100644 dockerfiles/proto-files.Dockerfile
 create mode 100644 dockerfiles/proto-files.Dockerfile.dockerignore
 create mode 100644 dockerfiles/typescript-proto-client.Dockerfile
 create mode 100644 dockerfiles/typescript-proto-client.Dockerfile.dockerignore
 create mode 100644 login/.changeset/README.md
 create mode 100644 login/.changeset/config.json
 create mode 100644 login/.eslintrc.cjs
 create mode 100644 login/.github/ISSUE_TEMPLATE/bug.yaml
 create mode 100644 login/.github/ISSUE_TEMPLATE/config.yml
 create mode 100644 login/.github/ISSUE_TEMPLATE/docs.yaml
 create mode 100644 login/.github/ISSUE_TEMPLATE/improvement.yaml
 create mode 100644 login/.github/ISSUE_TEMPLATE/proposal.yaml
 create mode 100644 login/.github/custom-i18n.png
 create mode 100644 login/.github/dependabot.yml
 create mode 100644 login/.github/pull_request_template.md
 create mode 100644 login/.github/workflows/close_pr.yml
 create mode 100644 login/.github/workflows/issues.yml
 create mode 100644 login/.github/workflows/release.yml
 create mode 100644 login/.github/workflows/test.yml
 create mode 100644 login/.gitignore
 create mode 100644 login/.npmrc
 create mode 100644 login/.nvmrc
 create mode 100644 login/.prettierignore
 create mode 100644 login/.prettierrc
 create mode 100644 login/CODE_OF_CONDUCT.md
 create mode 100644 login/CONTRIBUTING.md
 create mode 100644 login/LICENSE
 create mode 100644 login/Makefile
 create mode 100644 login/README.md
 create mode 100644 login/acceptance/docker-compose.yaml
 create mode 100644 login/apps/login-test-acceptance/.gitignore
 create mode 100644 login/apps/login-test-acceptance/docker-compose-ci.yaml
 create mode 100644 login/apps/login-test-acceptance/docker-compose.yaml
 create mode 100644 login/apps/login-test-acceptance/go-command.Dockerfile
 create mode 100644 login/apps/login-test-acceptance/idp/oidc/go.mod
 create mode 100644 login/apps/login-test-acceptance/idp/oidc/go.sum
 create mode 100644 login/apps/login-test-acceptance/idp/oidc/main.go
 create mode 100644 login/apps/login-test-acceptance/idp/saml/go.mod
 create mode 100644 login/apps/login-test-acceptance/idp/saml/go.sum
 create mode 100644 login/apps/login-test-acceptance/idp/saml/main.go
 create mode 100644 login/apps/login-test-acceptance/oidcrp/go.mod
 create mode 100644 login/apps/login-test-acceptance/oidcrp/go.sum
 create mode 100644 login/apps/login-test-acceptance/oidcrp/main.go
 create mode 100644 login/apps/login-test-acceptance/package.json
 create mode 100644 login/apps/login-test-acceptance/pat/.gitignore
 create mode 100644 login/apps/login-test-acceptance/pat/.gitkeep
 create mode 100644 login/apps/login-test-acceptance/playwright-report/.gitignore
 create mode 100644 login/apps/login-test-acceptance/playwright-report/.gitkeep
 create mode 100644 login/apps/login-test-acceptance/playwright.config.ts
 create mode 100644 login/apps/login-test-acceptance/samlsp/go.mod
 create mode 100644 login/apps/login-test-acceptance/samlsp/go.sum
 create mode 100644 login/apps/login-test-acceptance/samlsp/main.go
 create mode 100644 login/apps/login-test-acceptance/setup/go.mod
 create mode 100644 login/apps/login-test-acceptance/setup/go.sum
 create mode 100644 login/apps/login-test-acceptance/setup/main.go
 create mode 100755 login/apps/login-test-acceptance/setup/setup.sh
 create mode 100644 login/apps/login-test-acceptance/sink/go.mod
 create mode 100644 login/apps/login-test-acceptance/sink/go.sum
 create mode 100644 login/apps/login-test-acceptance/sink/main.go
 create mode 100644 login/apps/login-test-acceptance/test-results/.gitignore
 create mode 100644 login/apps/login-test-acceptance/test-results/.gitkeep
 create mode 100644 login/apps/login-test-acceptance/tests/admin.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/code-screen.ts
 create mode 100644 login/apps/login-test-acceptance/tests/code.ts
 create mode 100644 login/apps/login-test-acceptance/tests/email-verify-screen.ts
 create mode 100644 login/apps/login-test-acceptance/tests/email-verify.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/email-verify.ts
 create mode 100644 login/apps/login-test-acceptance/tests/idp-apple.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/idp-generic-jwt.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/idp-generic-oauth.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/idp-generic-oidc.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/idp-github-enterprise.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/idp-github.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/idp-gitlab-self-hosted.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/idp-gitlab.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/idp-google.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/idp-ldap.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/idp-microsoft.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/idp-saml.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/login-configuration-possiblities.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/login.ts
 create mode 100644 login/apps/login-test-acceptance/tests/loginname-screen.ts
 create mode 100644 login/apps/login-test-acceptance/tests/loginname.ts
 create mode 100644 login/apps/login-test-acceptance/tests/passkey.ts
 create mode 100644 login/apps/login-test-acceptance/tests/password-screen.ts
 create mode 100644 login/apps/login-test-acceptance/tests/password.ts
 create mode 100644 login/apps/login-test-acceptance/tests/register-screen.ts
 create mode 100644 login/apps/login-test-acceptance/tests/register.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/register.ts
 create mode 100644 login/apps/login-test-acceptance/tests/select-account.ts
 create mode 100644 login/apps/login-test-acceptance/tests/sink.ts
 create mode 100644 login/apps/login-test-acceptance/tests/user.ts
 create mode 100644 login/apps/login-test-acceptance/tests/username-passkey.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/username-password-change-required.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/username-password-changed.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/username-password-otp_email.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/username-password-otp_sms.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/username-password-set.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/username-password-totp.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/username-password-u2f.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/username-password.spec.ts
 create mode 100644 login/apps/login-test-acceptance/tests/welcome.ts
 create mode 100644 login/apps/login-test-acceptance/tests/zitadel.ts
 create mode 100644 login/apps/login-test-acceptance/turbo.json
 create mode 100644 login/apps/login-test-acceptance/zitadel.yaml
 create mode 100644 login/apps/login-test-integration/.gitignore
 create mode 100644 login/apps/login-test-integration/core-mock/Dockerfile
 create mode 100644 login/apps/login-test-integration/core-mock/initial-stubs/zitadel.settings.v2.SettingsService.json
 create mode 100644 login/apps/login-test-integration/core-mock/mocked-services.cfg
 create mode 100644 login/apps/login-test-integration/cypress.config.ts
 create mode 100644 login/apps/login-test-integration/docker-compose.yaml
 create mode 100644 login/apps/login-test-integration/fixtures/example.json
 create mode 100644 login/apps/login-test-integration/integration/invite.cy.ts
 create mode 100644 login/apps/login-test-integration/integration/login.cy.ts
 create mode 100644 login/apps/login-test-integration/integration/register-idp.cy.ts
 create mode 100644 login/apps/login-test-integration/integration/register.cy.ts
 create mode 100644 login/apps/login-test-integration/integration/verify.cy.ts
 create mode 100644 login/apps/login-test-integration/package.json
 create mode 100644 login/apps/login-test-integration/support/e2e.ts
 create mode 100644 login/apps/login-test-integration/tsconfig.json
 create mode 100644 login/apps/login-test-integration/turbo.json
 create mode 100644 login/apps/login/.env.test
 create mode 100755 login/apps/login/.eslintrc.cjs
 create mode 100644 login/apps/login/.gitignore
 create mode 100644 login/apps/login/.prettierignore
 create mode 100644 login/apps/login/constants/csp.js
 create mode 100644 login/apps/login/locales/de.json
 create mode 100644 login/apps/login/locales/en.json
 create mode 100644 login/apps/login/locales/es.json
 create mode 100644 login/apps/login/locales/it.json
 create mode 100644 login/apps/login/locales/pl.json
 create mode 100644 login/apps/login/locales/ru.json
 create mode 100644 login/apps/login/locales/zh.json
 create mode 100644 login/apps/login/next-env-vars.d.ts
 create mode 100755 login/apps/login/next-env.d.ts
 create mode 100755 login/apps/login/next.config.mjs
 create mode 100644 login/apps/login/package.json
 create mode 100644 login/apps/login/postcss.config.cjs
 create mode 100644 login/apps/login/prettier.config.mjs
 create mode 100644 login/apps/login/public/checkbox.svg
 create mode 100644 login/apps/login/public/favicon.ico
 create mode 100644 login/apps/login/public/favicon/android-chrome-192x192.png
 create mode 100644 login/apps/login/public/favicon/android-chrome-512x512.png
 create mode 100644 login/apps/login/public/favicon/apple-touch-icon.png
 create mode 100644 login/apps/login/public/favicon/browserconfig.xml
 create mode 100644 login/apps/login/public/favicon/favicon-16x16.png
 create mode 100644 login/apps/login/public/favicon/favicon-32x32.png
 create mode 100644 login/apps/login/public/favicon/favicon.ico
 create mode 100644 login/apps/login/public/favicon/mstile-150x150.png
 create mode 100644 login/apps/login/public/favicon/site.webmanifest
 create mode 100644 login/apps/login/public/grid-dark.svg
 create mode 100644 login/apps/login/public/grid-light.svg
 create mode 100644 login/apps/login/public/logo/zitadel-logo-solo-darkdesign.svg
 create mode 100644 login/apps/login/public/logo/zitadel-logo-solo-lightdesign.svg
 create mode 100644 login/apps/login/public/zitadel-logo-dark.svg
 create mode 100644 login/apps/login/public/zitadel-logo-light.svg
 create mode 100644 login/apps/login/readme.md
 create mode 100644 login/apps/login/screenshots/accounts.png
 create mode 100644 login/apps/login/screenshots/accounts_jumpto.png
 create mode 100644 login/apps/login/screenshots/collage.png
 create mode 100644 login/apps/login/screenshots/idp.png
 create mode 100644 login/apps/login/screenshots/loginname.png
 create mode 100644 login/apps/login/screenshots/mfa.png
 create mode 100644 login/apps/login/screenshots/mfaset.png
 create mode 100644 login/apps/login/screenshots/otp.png
 create mode 100644 login/apps/login/screenshots/otpset.png
 create mode 100644 login/apps/login/screenshots/passkey.png
 create mode 100644 login/apps/login/screenshots/password.png
 create mode 100644 login/apps/login/screenshots/password_change.png
 create mode 100644 login/apps/login/screenshots/password_set.png
 create mode 100644 login/apps/login/screenshots/register.png
 create mode 100644 login/apps/login/screenshots/register_password.png
 create mode 100644 login/apps/login/screenshots/signedin.png
 create mode 100644 login/apps/login/screenshots/u2f.png
 create mode 100644 login/apps/login/screenshots/u2fset.png
 create mode 100644 login/apps/login/screenshots/verify.png
 create mode 100644 login/apps/login/src/app/(login)/accounts/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/authenticator/set/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/device/consent/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/device/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/error.tsx
 create mode 100644 login/apps/login/src/app/(login)/idp/[provider]/failure/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/idp/[provider]/success/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/idp/ldap/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/idp/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/layout.tsx
 create mode 100644 login/apps/login/src/app/(login)/loginname/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/logout/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/logout/success/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/mfa/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/mfa/set/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/otp/[method]/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/otp/[method]/set/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/passkey/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/passkey/set/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/password/change/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/password/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/password/set/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/register/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/register/password/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/saml-post/route.ts
 create mode 100644 login/apps/login/src/app/(login)/signedin/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/u2f/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/u2f/set/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/verify/page.tsx
 create mode 100644 login/apps/login/src/app/(login)/verify/success/page.tsx
 create mode 100644 login/apps/login/src/app/global-error.tsx
 create mode 100644 login/apps/login/src/app/healthy/route.ts
 create mode 100644 login/apps/login/src/app/login/route.ts
 create mode 100644 login/apps/login/src/app/security/route.ts
 create mode 100644 login/apps/login/src/components/address-bar.tsx
 create mode 100644 login/apps/login/src/components/alert.tsx
 create mode 100644 login/apps/login/src/components/app-avatar.tsx
 create mode 100644 login/apps/login/src/components/auth-methods.tsx
 create mode 100644 login/apps/login/src/components/authentication-method-radio.tsx
 create mode 100644 login/apps/login/src/components/avatar.tsx
 create mode 100644 login/apps/login/src/components/back-button.tsx
 create mode 100644 login/apps/login/src/components/boundary.tsx
 create mode 100644 login/apps/login/src/components/button.tsx
 create mode 100644 login/apps/login/src/components/change-password-form.tsx
 create mode 100644 login/apps/login/src/components/checkbox.tsx
 create mode 100644 login/apps/login/src/components/choose-authenticator-to-login.tsx
 create mode 100644 login/apps/login/src/components/choose-authenticator-to-setup.tsx
 create mode 100644 login/apps/login/src/components/choose-second-factor-to-setup.tsx
 create mode 100644 login/apps/login/src/components/choose-second-factor.tsx
 create mode 100644 login/apps/login/src/components/consent.tsx
 create mode 100644 login/apps/login/src/components/copy-to-clipboard.tsx
 create mode 100644 login/apps/login/src/components/default-tags.tsx
 create mode 100644 login/apps/login/src/components/device-code-form.tsx
 create mode 100644 login/apps/login/src/components/dynamic-theme.tsx
 create mode 100644 login/apps/login/src/components/external-link.tsx
 create mode 100644 login/apps/login/src/components/idp-signin.tsx
 create mode 100644 login/apps/login/src/components/idps/base-button.tsx
 create mode 100644 login/apps/login/src/components/idps/pages/complete-idp.tsx
 create mode 100644 login/apps/login/src/components/idps/pages/linking-failed.tsx
 create mode 100644 login/apps/login/src/components/idps/pages/linking-success.tsx
 create mode 100644 login/apps/login/src/components/idps/pages/login-failed.tsx
 create mode 100644 login/apps/login/src/components/idps/pages/login-success.tsx
 create mode 100644 login/apps/login/src/components/idps/sign-in-with-apple.tsx
 create mode 100644 login/apps/login/src/components/idps/sign-in-with-azure-ad.tsx
 create mode 100644 login/apps/login/src/components/idps/sign-in-with-generic.tsx
 create mode 100644 login/apps/login/src/components/idps/sign-in-with-github.tsx
 create mode 100644 login/apps/login/src/components/idps/sign-in-with-gitlab.test.tsx
 create mode 100644 login/apps/login/src/components/idps/sign-in-with-gitlab.tsx
 create mode 100644 login/apps/login/src/components/idps/sign-in-with-google.test.tsx
 create mode 100644 login/apps/login/src/components/idps/sign-in-with-google.tsx
 create mode 100644 login/apps/login/src/components/input.tsx
 create mode 100644 login/apps/login/src/components/language-provider.tsx
 create mode 100644 login/apps/login/src/components/language-switcher.tsx
 create mode 100644 login/apps/login/src/components/layout-providers.tsx
 create mode 100644 login/apps/login/src/components/ldap-username-password-form.tsx
 create mode 100644 login/apps/login/src/components/login-otp.tsx
 create mode 100644 login/apps/login/src/components/login-passkey.tsx
 create mode 100644 login/apps/login/src/components/logo.tsx
 create mode 100644 login/apps/login/src/components/password-complexity.test.tsx
 create mode 100644 login/apps/login/src/components/password-complexity.tsx
 create mode 100644 login/apps/login/src/components/password-form.tsx
 create mode 100644 login/apps/login/src/components/privacy-policy-checkboxes.tsx
 create mode 100644 login/apps/login/src/components/register-form-idp-incomplete.tsx
 create mode 100644 login/apps/login/src/components/register-form.tsx
 create mode 100644 login/apps/login/src/components/register-passkey.tsx
 create mode 100644 login/apps/login/src/components/register-u2f.tsx
 create mode 100644 login/apps/login/src/components/self-service-menu.tsx
 create mode 100644 login/apps/login/src/components/session-clear-item.tsx
 create mode 100644 login/apps/login/src/components/session-item.tsx
 create mode 100644 login/apps/login/src/components/sessions-clear-list.tsx
 create mode 100644 login/apps/login/src/components/sessions-list.tsx
 create mode 100644 login/apps/login/src/components/set-password-form.tsx
 create mode 100644 login/apps/login/src/components/set-register-password-form.tsx
 create mode 100644 login/apps/login/src/components/sign-in-with-idp.tsx
 create mode 100644 login/apps/login/src/components/skeleton-card.tsx
 create mode 100644 login/apps/login/src/components/skeleton.tsx
 create mode 100644 login/apps/login/src/components/spinner.tsx
 create mode 100644 login/apps/login/src/components/state-badge.tsx
 create mode 100644 login/apps/login/src/components/tab-group.tsx
 create mode 100644 login/apps/login/src/components/tab.tsx
 create mode 100644 login/apps/login/src/components/theme-provider.tsx
 create mode 100644 login/apps/login/src/components/theme-wrapper.tsx
 create mode 100644 login/apps/login/src/components/theme.tsx
 create mode 100644 login/apps/login/src/components/totp-register.tsx
 create mode 100644 login/apps/login/src/components/translated.tsx
 create mode 100644 login/apps/login/src/components/user-avatar.tsx
 create mode 100644 login/apps/login/src/components/username-form.tsx
 create mode 100644 login/apps/login/src/components/verify-form.tsx
 create mode 100644 login/apps/login/src/components/zitadel-logo-dark.tsx
 create mode 100644 login/apps/login/src/components/zitadel-logo-light.tsx
 create mode 100644 login/apps/login/src/components/zitadel-logo.tsx
 create mode 100644 login/apps/login/src/helpers/base64.ts
 create mode 100644 login/apps/login/src/helpers/colors.ts
 create mode 100644 login/apps/login/src/helpers/validators.ts
 create mode 100644 login/apps/login/src/i18n/request.ts
 create mode 100644 login/apps/login/src/lib/api.ts
 create mode 100644 login/apps/login/src/lib/client.ts
 create mode 100644 login/apps/login/src/lib/cookies.ts
 create mode 100644 login/apps/login/src/lib/demos.ts
 create mode 100644 login/apps/login/src/lib/fingerprint.ts
 create mode 100644 login/apps/login/src/lib/hooks.ts
 create mode 100644 login/apps/login/src/lib/i18n.ts
 create mode 100644 login/apps/login/src/lib/idp.ts
 create mode 100644 login/apps/login/src/lib/oidc.ts
 create mode 100644 login/apps/login/src/lib/saml.ts
 create mode 100644 login/apps/login/src/lib/self.ts
 create mode 100644 login/apps/login/src/lib/server/cookie.ts
 create mode 100644 login/apps/login/src/lib/server/device.ts
 create mode 100644 login/apps/login/src/lib/server/idp.ts
 create mode 100644 login/apps/login/src/lib/server/loginname.ts
 create mode 100644 login/apps/login/src/lib/server/oidc.ts
 create mode 100644 login/apps/login/src/lib/server/otp.ts
 create mode 100644 login/apps/login/src/lib/server/passkeys.ts
 create mode 100644 login/apps/login/src/lib/server/password.ts
 create mode 100644 login/apps/login/src/lib/server/register.ts
 create mode 100644 login/apps/login/src/lib/server/session.ts
 create mode 100644 login/apps/login/src/lib/server/u2f.ts
 create mode 100644 login/apps/login/src/lib/server/verify.ts
 create mode 100644 login/apps/login/src/lib/service-url.ts
 create mode 100644 login/apps/login/src/lib/service.ts
 create mode 100644 login/apps/login/src/lib/session.ts
 create mode 100644 login/apps/login/src/lib/verify-helper.ts
 create mode 100644 login/apps/login/src/lib/zitadel.ts
 create mode 100644 login/apps/login/src/middleware.ts
 create mode 100755 login/apps/login/src/styles/globals.scss
 create mode 100644 login/apps/login/src/styles/vars.scss
 create mode 100644 login/apps/login/tailwind.config.mjs
 create mode 100755 login/apps/login/tsconfig.json
 create mode 100644 login/apps/login/turbo.json
 create mode 100644 login/apps/login/vitest.config.mts
 create mode 100644 login/docker-bake.hcl
 create mode 100644 login/dockerfiles/login-client.Dockerfile
 create mode 100644 login/dockerfiles/login-client.Dockerfile.dockerignore
 create mode 100644 login/dockerfiles/login-dev-base.Dockerfile
 create mode 100644 login/dockerfiles/login-dev-base.Dockerfile.dockerignore
 create mode 100644 login/dockerfiles/login-lint.Dockerfile
 create mode 100644 login/dockerfiles/login-lint.Dockerfile.dockerignore
 create mode 100644 login/dockerfiles/login-pnpm.Dockerfile
 create mode 100644 login/dockerfiles/login-pnpm.Dockerfile.dockerignore
 create mode 100644 login/dockerfiles/login-standalone.Dockerfile
 create mode 100644 login/dockerfiles/login-standalone.Dockerfile.dockerignore
 create mode 100644 login/dockerfiles/login-test-acceptance.Dockerfile
 create mode 100644 login/dockerfiles/login-test-acceptance.Dockerfile.dockerignore
 create mode 100644 login/dockerfiles/login-test-integration.Dockerfile
 create mode 100644 login/dockerfiles/login-test-integration.Dockerfile.dockerignore
 create mode 100644 login/dockerfiles/login-test-unit.Dockerfile
 create mode 100644 login/dockerfiles/login-test-unit.Dockerfile.dockerignore
 create mode 100644 login/dockerfiles/login-typescript-proto-client-out.Dockerfile
 create mode 100644 login/dockerfiles/login-typescript-proto-client-out.Dockerfile.dockerignore
 create mode 100644 login/dockerfiles/proto-files.Dockerfile
 create mode 100644 login/dockerfiles/proto-files.Dockerfile.dockerignore
 create mode 100644 login/dockerfiles/typescript-proto-client.Dockerfile
 create mode 100644 login/dockerfiles/typescript-proto-client.Dockerfile.dockerignore
 create mode 100644 login/meta.json
 create mode 100644 login/package.json
 create mode 100644 login/packages/zitadel-client/.eslintrc.cjs
 create mode 100644 login/packages/zitadel-client/.gitignore
 create mode 100644 login/packages/zitadel-client/CHANGELOG.md
 create mode 100644 login/packages/zitadel-client/README.md
 create mode 100644 login/packages/zitadel-client/package.json
 create mode 100644 login/packages/zitadel-client/src/helpers.ts
 create mode 100644 login/packages/zitadel-client/src/index.ts
 create mode 100644 login/packages/zitadel-client/src/interceptors.test.ts
 create mode 100644 login/packages/zitadel-client/src/interceptors.ts
 create mode 100644 login/packages/zitadel-client/src/node.ts
 create mode 100644 login/packages/zitadel-client/src/v1.ts
 create mode 100644 login/packages/zitadel-client/src/v2.ts
 create mode 100644 login/packages/zitadel-client/src/v3alpha.ts
 create mode 100644 login/packages/zitadel-client/src/web.ts
 create mode 100644 login/packages/zitadel-client/tsconfig.json
 create mode 100644 login/packages/zitadel-client/tsup.config.ts
 create mode 100644 login/packages/zitadel-client/turbo.json
 create mode 100644 login/packages/zitadel-eslint-config/CHANGELOG.md
 create mode 100644 login/packages/zitadel-eslint-config/README.md
 create mode 100644 login/packages/zitadel-eslint-config/index.js
 create mode 100644 login/packages/zitadel-eslint-config/package.json
 create mode 100644 login/packages/zitadel-prettier-config/CHANGELOG.md
 create mode 100644 login/packages/zitadel-prettier-config/README.md
 create mode 100644 login/packages/zitadel-prettier-config/index.js
 create mode 100644 login/packages/zitadel-prettier-config/package.json
 create mode 100644 login/packages/zitadel-proto/.gitignore
 create mode 100644 login/packages/zitadel-proto/CHANGELOG.md
 create mode 100644 login/packages/zitadel-proto/README.md
 create mode 100644 login/packages/zitadel-proto/buf.gen.yaml
 create mode 100644 login/packages/zitadel-proto/package.json
 create mode 100644 login/packages/zitadel-proto/turbo.json
 create mode 100644 login/packages/zitadel-tailwind-config/CHANGELOG.md
 create mode 100644 login/packages/zitadel-tailwind-config/README.md
 create mode 100644 login/packages/zitadel-tailwind-config/package.json
 create mode 100644 login/packages/zitadel-tailwind-config/tailwind.config.mjs
 create mode 100644 login/packages/zitadel-tsconfig/CHANGELOG.md
 create mode 100644 login/packages/zitadel-tsconfig/README.md
 create mode 100644 login/packages/zitadel-tsconfig/base.json
 create mode 100644 login/packages/zitadel-tsconfig/nextjs.json
 create mode 100644 login/packages/zitadel-tsconfig/node20.json
 create mode 100644 login/packages/zitadel-tsconfig/package.json
 create mode 100644 login/packages/zitadel-tsconfig/react-library.json
 create mode 100644 login/packages/zitadel-tsconfig/tsup.json
 create mode 100644 login/pnpm-lock.yaml
 create mode 100644 login/pnpm-workspace.yaml
 create mode 100755 login/scripts/entrypoint.sh
 create mode 100644 login/scripts/healthcheck.js
 create mode 100755 login/scripts/run_or_skip.sh
 create mode 100644 login/turbo.json

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index b7354f3f4a..8fa71ba652 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -22,6 +22,19 @@ updates:
   commit-message:
     prefix: chore
     include: scope
+- package-ecosystem: npm
+  directory: '/login'
+  open-pull-requests-limit: 3
+  schedule:
+    interval: daily
+  groups:
+    prod:
+      dependency-type: production
+    dev:
+      dependency-type: development
+  ignore:
+    - dependency-name: "eslint"
+      versions: [ "9.x" ]
 - package-ecosystem: gomod
   groups:
     go:
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f06c4a959c..47aa4adef0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -18,6 +18,8 @@ permissions:
   packages: write
   issues: write
   pull-requests: write
+  actions: write
+  id-token: write
 
 jobs:
   core:
@@ -47,6 +49,7 @@ jobs:
       core_cache_path: ${{ needs.core.outputs.cache_path }}
       console_cache_path: ${{ needs.console.outputs.cache_path }}
       version: ${{ needs.version.outputs.version }}
+      node_version: "20"
 
   core-unit-test:
     needs: core
@@ -76,6 +79,16 @@ jobs:
       core_cache_key: ${{ needs.core.outputs.cache_key }}
       core_cache_path: ${{ needs.core.outputs.cache_path }}
 
+  login-quality:
+    needs: [compile]
+    uses: ./.github/workflows/login-quality.yml
+    permissions:
+      actions: write
+      id-token: write
+    with:
+      ignore-run-cache:  ${{ github.event_name == 'workflow_dispatch' }}
+      node_version: "20"
+
   container:
     needs: [compile]
     uses: ./.github/workflows/container.yml
@@ -86,6 +99,16 @@ jobs:
     with:
       build_image_name: "ghcr.io/zitadel/zitadel-build"
 
+  login-container:
+    uses: ./.github/workflows/login-container.yml
+    if: ${{ github.event_name == 'workflow_dispatch' }}
+    permissions:
+      packages: write
+      id-token: write
+    with:
+      login_build_image_name: "ghcr.io/zitadel/login-build"
+      node_version: "20"
+
   e2e:
     uses: ./.github/workflows/e2e.yml
     needs: [compile]
@@ -98,7 +121,7 @@ jobs:
       issues: write
       pull-requests: write
     needs:
-      [version, core-unit-test, core-integration-test, lint, container, e2e]
+      [version, core-unit-test, core-integration-test, lint, container, login-container, login-quality, e2e]
     if: ${{ github.event_name == 'workflow_dispatch' }}
     secrets:
       GCR_JSON_KEY_BASE64: ${{ secrets.GCR_JSON_KEY_BASE64 }}
@@ -109,3 +132,6 @@ jobs:
       semantic_version: "23.0.7"
       image_name: "ghcr.io/zitadel/zitadel"
       google_image_name: "europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel"
+      build_image_name_login: ${{ needs.login-container.outputs.login_build_image }}
+      image_name_login: "ghcr.io/zitadel/login"
+      google_image_name_login: europe-docker.pkg.dev/zitadel-common/zitadel-repo/login
diff --git a/.github/workflows/compile.yml b/.github/workflows/compile.yml
index 519586b9ee..7b64427a18 100644
--- a/.github/workflows/compile.yml
+++ b/.github/workflows/compile.yml
@@ -18,7 +18,9 @@ on:
       version:
         required: true
         type: string
-
+      node_version:
+        required: true
+        type: string
 jobs:
   executable:
     runs-on: ubuntu-latest
@@ -73,10 +75,38 @@ jobs:
       with:
         name: zitadel-${{ matrix.goos }}-${{ matrix.goarch }}
         path: zitadel-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz
-  
+
+  login:
+    runs-on: ubuntu-latest
+    steps:
+    -
+      uses: actions/checkout@v4
+    -
+      uses: depot/setup-action@v1
+      with:
+        oidc: true
+    -
+      run: make login_standalone_out
+      env:
+        # latest if branch is main, otherwise image version which is the pull request number
+        LOGIN_BAKE_CLI: depot bake
+        DEPOT_PROJECT_ID: w47wkxzdtw
+        NODE_VERSION: ${{ inputs.node_version }}
+    -
+      name: move files
+      run: |
+        cp login/LICENSE login/apps/login/standalone/
+        cp login/README.md login/apps/login/standalone/
+        tar -czvf login.tar.gz -C login/apps/login/standalone .
+    -
+      uses: actions/upload-artifact@v4
+      with:
+        name: login
+        path: login.tar.gz
+
   checksums:
     runs-on: ubuntu-latest
-    needs: executable
+    needs: [executable, login]
     steps:
     - 
       uses: actions/download-artifact@v4
diff --git a/.github/workflows/login-container.yml b/.github/workflows/login-container.yml
new file mode 100644
index 0000000000..bce15512af
--- /dev/null
+++ b/.github/workflows/login-container.yml
@@ -0,0 +1,63 @@
+name: Login Container
+
+on:
+  workflow_call:
+    inputs:
+      login_build_image_name:
+        description: 'The image repository name of the standalone login image'
+        type: string
+        required: true
+      node_version:
+        required: true
+        type: string
+    outputs:
+      login_build_image:
+          description: 'The full image tag of the standalone login image'
+          value: '${{ inputs.login_build_image_name }}:${{ github.sha }}'
+
+permissions:
+  packages: write
+
+env:
+  default_labels: |
+    org.opencontainers.image.documentation=https://zitadel.com/docs
+    org.opencontainers.image.vendor=CAOS AG
+
+jobs:
+  login-container:
+    name: Build Login Container
+    runs-on: depot-ubuntu-22.04-8
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: depot/setup-action@v1
+        with:
+          oidc: true
+      - name: Login meta
+        id: login-meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ inputs.login_build_image_name }}
+          labels: ${{ env.default_labels}}
+          tags: |
+            type=sha,prefix=,suffix=,format=long
+      - name: Login to Docker registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Bake login multi-arch
+        uses: depot/bake-action@v1
+        env:
+          NODE_VERSION: ${{ inputs.node_version }}
+        with:
+          workdir: login
+          push: true
+          targets: login-standalone
+          set: login-standalone.platforms=[linux/amd64,linux/arm64]
+          project: w47wkxzdtw
+          files: |
+            ./docker-bake.hcl
+            cwd://${{ steps.login-meta.outputs.bake-file }}
diff --git a/.github/workflows/login-quality.yml b/.github/workflows/login-quality.yml
new file mode 100644
index 0000000000..0b4fea73f4
--- /dev/null
+++ b/.github/workflows/login-quality.yml
@@ -0,0 +1,59 @@
+name: Login Quality
+
+on:
+  workflow_call:
+    inputs:
+      ignore-run-cache:
+        description: 'Ignore run caches'
+        type: boolean
+        required: true
+      node_version:
+        required: true
+        type: string
+jobs:
+  quality:
+    name: Ensure Quality
+    runs-on: depot-ubuntu-22.04-8
+    timeout-minutes: 30
+    permissions:
+      id-token: write
+      actions: write
+    env:
+      CACHE_DIR: /tmp/login-run-caches
+    steps:
+      - uses: actions/checkout@v4
+      - uses: depot/setup-action@v1
+        with:
+          oidc: true
+      - name: Restore Run Caches
+        uses: actions/cache/restore@v4
+        id: run-caches-restore
+        with:
+          path: ${{ env.CACHE_DIR }}
+          key: ${{ runner.os }}-login-run-caches-${{github.ref_name}}-${{ github.sha }}-${{github.run_attempt}}
+          restore-keys: |
+            ${{ runner.os }}-login-run-caches-${{github.ref_name}}-${{ github.sha }}-
+            ${{ runner.os }}-login-run-caches-${{github.ref_name}}-
+            ${{ runner.os }}-login-run-caches-
+      - uses: actions/download-artifact@v4
+        with:
+          path: .artifacts
+          name: zitadel-linux-amd64
+      - name: Unpack executable
+        run: |
+          tar -xvf .artifacts/zitadel-linux-amd64.tar.gz
+          mv zitadel-linux-amd64/zitadel ./zitadel
+      - run: make login_quality
+        env:
+          # latest if branch is main, otherwise image version which is the pull request number
+          LOGIN_BAKE_CLI: depot bake
+          DEPOT_PROJECT_ID: w47wkxzdtw
+          IGNORE_RUN_CACHE: ${{ github.event.inputs.ignore-run-cache }}
+          NODE_VERSION: ${{ inputs.node_version }}
+
+      - name: Save Run Caches
+        uses: actions/cache/save@v4
+        with:
+          path: ${{ env.CACHE_DIR }}
+          key: ${{ steps.run-caches-restore.outputs.cache-primary-key }}
+        if: always()
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3e40ae8805..e23c8869c5 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,6 +15,15 @@ on:
       google_image_name:
         required: true
         type: string
+      build_image_name_login:
+        required: true
+        type: string
+      image_name_login:
+        required: true
+        type: string
+      google_image_name_login:
+        required: true
+        type: string
     secrets:
       GCR_JSON_KEY_BASE64:
         description: 'base64 endcrypted key to connect to Google'
@@ -96,6 +105,12 @@ jobs:
         docker buildx imagetools create \
           --tag ${{ inputs.google_image_name }}:${{ needs.version.outputs.version }} \
           ${{ inputs.build_image_name }}
+        docker buildx imagetools create \
+          --tag ${{ inputs.image_name_login }}:${{ needs.version.outputs.version }} \
+          ${{ inputs.build_image_name_login }}
+        docker buildx imagetools create \
+          --tag ${{ inputs.google_image_name_login }}:${{ needs.version.outputs.version }} \
+          ${{ inputs.build_image_name_login }}
     -
       name: Publish latest
       if: ${{ github.ref_name == 'next' }}
@@ -106,6 +121,9 @@ jobs:
         docker buildx imagetools create \
           --tag ${{ inputs.image_name }}:latest-debug \
           ${{ inputs.build_image_name }}-debug
+        docker buildx imagetools create \
+          --tag ${{ inputs.image_name_login }}:latest \
+          ${{ inputs.build_image_name_login }}
 
   homebrew-tap:
     runs-on: ubuntu-22.04
@@ -146,3 +164,55 @@ jobs:
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}
         run: |
           gh workflow -R zitadel/zitadel-charts run bump.yml
+
+  typescript-packages:
+    runs-on: ubuntu-latest
+    needs: version
+    if: ${{ github.ref_name == 'next' }}
+    continue-on-error: true
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Install dependencies
+        working-directory: login
+        run: pnpm install
+
+      - name: Create Release Pull Request
+        uses: changesets/action@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          version: ${{ needs.version.outputs.version }}
+          cwd: login
+
+  typescript-repo:
+    runs-on: ubuntu-latest
+    needs: version
+    if: ${{ github.ref_name == 'next' }}
+    continue-on-error: true
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Push Subtree
+        run: make login_push LOGIN_REMOTE_BRANCH=mirror-zitadel-repo
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: 'chore: mirror zitadel repo'
+          branch: mirror-zitadel-repo
+          title: 'chore: mirror zitadel repo'
+          body: 'This PR updates the login repository with the latest changes from the zitadel repository.'
+          base: main
+          reviewers: |
+            @peintnermax
+            @eliobischof
diff --git a/.golangci.yaml b/.golangci.yaml
index 1cae359605..a4d5fd95d4 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -20,6 +20,7 @@ issues:
     - openapi
     - proto
     - tools
+    - login
 
 run:
   concurrency: 4
diff --git a/LICENSING.md b/LICENSING.md
index 9cad2082f8..259a0d5070 100644
--- a/LICENSING.md
+++ b/LICENSING.md
@@ -18,6 +18,13 @@ The following files and directories, including their subdirectories, are license
 proto/
 ```
 
+
+The following files and directories, including their subdirectories, are licensed under the [MIT License](https://opensource.org/license/mit/):
+
+```
+login/
+```
+
 ## Community Contributions
 
 To maintain a clear licensing structure and facilitate community contributions, all contributions must be licensed under the [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0) to be accepted. By submitting a contribution, you agree to this licensing.
diff --git a/Makefile b/Makefile
index 3c50231bee..10f52b7c4c 100644
--- a/Makefile
+++ b/Makefile
@@ -12,11 +12,21 @@ ZITADEL_MASTERKEY ?= MasterkeyNeedsToHave32Characters
 
 export GOCOVERDIR ZITADEL_MASTERKEY
 
+LOGIN_REMOTE_NAME := login
+LOGIN_REMOTE_URL ?= https://github.com/zitadel/typescript.git
+LOGIN_REMOTE_BRANCH ?= main
+
 .PHONY: compile
 compile: core_build console_build compile_pipeline
 
 .PHONY: docker_image
-docker_image: compile
+docker_image:
+	@if [ ! -f ./zitadel ]; then \
+		echo "Compiling zitadel binary"; \
+		$(MAKE) compile; \
+	else \
+		echo "Reusing precompiled zitadel binary"; \
+	fi
 	DOCKER_BUILDKIT=1 docker build -f build/Dockerfile -t $(ZITADEL_IMAGE) .
 
 .PHONY: compile_pipeline
@@ -165,3 +175,41 @@ core_lint:
 		--config ./.golangci.yaml \
 		--out-format=github-actions \
 		--concurrency=$$(getconf _NPROCESSORS_ONLN)
+
+.PHONY: login_pull
+login_pull: login_ensure_remote
+	@echo "Pulling changes from the 'login' subtree on remote $(LOGIN_REMOTE_NAME) branch $(LOGIN_REMOTE_BRANCH)"
+	git fetch $(LOGIN_REMOTE_NAME)
+	git subtree pull --prefix=login $(LOGIN_REMOTE_NAME) $(LOGIN_REMOTE_BRANCH)
+
+.PHONY: login_push
+login_push: login_ensure_remote
+	@echo "Pushing changes to the 'login' subtree on remote $(LOGIN_REMOTE_NAME) branch $(LOGIN_REMOTE_BRANCH)"
+	git subtree push --prefix=login $(LOGIN_REMOTE_NAME) $(LOGIN_REMOTE_BRANCH)
+
+login_ensure_remote:
+	@if ! git remote get-url $(LOGIN_REMOTE_NAME) > /dev/null 2>&1; then \
+		echo "Adding remote $(LOGIN_REMOTE_NAME)"; \
+		git remote add $(LOGIN_REMOTE_NAME) $(LOGIN_REMOTE_URL); \
+	else \
+		echo "Remote $(LOGIN_REMOTE_NAME) already exists."; \
+	fi
+	@if [ ! -d login ]; then \
+		echo "Adding subtree for 'login' from branch $(LOGIN_REMOTE_BRANCH)"; \
+		git subtree add --prefix=login $(LOGIN_REMOTE_NAME) $(LOGIN_REMOTE_BRANCH); \
+	else \
+		echo "Subtree 'login' already exists."; \
+	fi
+
+export LOGIN_DIR := ./login/
+export LOGIN_BAKE_CLI_ADDITIONAL_ARGS := --set login-*.context=./login/ --file ./docker-bake.hcl
+export ZITADEL_TAG ?= $(ZITADEL_IMAGE)
+include login/Makefile
+
+# Intentional override of login_test_acceptance_build
+login_test_acceptance_build: docker_image
+	@echo "Building login test acceptance environment with the local zitadel image"
+	$(MAKE) login_test_acceptance_build_compose login_test_acceptance_build_bake
+
+login_dev: docker_image typescript_generate login_test_acceptance_build_compose login_test_acceptance_cleanup login_test_acceptance_setup_dev
+	@echo "Starting login test environment with the local zitadel image"
diff --git a/build/Dockerfile.gitignore b/build/Dockerfile.gitignore
new file mode 100644
index 0000000000..a2cc8ed480
--- /dev/null
+++ b/build/Dockerfile.gitignore
@@ -0,0 +1,3 @@
+*
+!build/entrypoint.sh
+!zitadel
diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index 7bb44b743f..9697e354c5 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -526,13 +526,13 @@ OIDC:
       CharSet: "BCDFGHJKLMNPQRSTVWXZ" # ZITADEL_OIDC_DEVICEAUTH_USERCODE_CHARSET
       CharAmount: 8 # ZITADEL_OIDC_DEVICEAUTH_USERCODE_CHARARMOUNT
       DashInterval: 4 # ZITADEL_OIDC_DEVICEAUTH_USERCODE_DASHINTERVAL
-  DefaultLoginURLV2: "/login?authRequest=" # ZITADEL_OIDC_DEFAULTLOGINURLV2
-  DefaultLogoutURLV2: "/logout?post_logout_redirect=" # ZITADEL_OIDC_DEFAULTLOGOUTURLV2
+  DefaultLoginURLV2: "/ui/v2/login/login?authRequest=" # ZITADEL_OIDC_DEFAULTLOGINURLV2
+  DefaultLogoutURLV2: "/ui/v2/login/logout?post_logout_redirect=" # ZITADEL_OIDC_DEFAULTLOGOUTURLV2
   PublicKeyCacheMaxAge: 24h # ZITADEL_OIDC_PUBLICKEYCACHEMAXAGE
   DefaultBackChannelLogoutLifetime: 15m # ZITADEL_OIDC_DEFAULTBACKCHANNELLOGOUTLIFETIME
 
 SAML:
-  DefaultLoginURLV2: "/login?authRequest=" # ZITADEL_SAML_DEFAULTLOGINURLV2
+  DefaultLoginURLV2: "/ui/v2/login/login?samlRequest=" # ZITADEL_SAML_DEFAULTLOGINURLV2
   ProviderConfig:
     MetadataConfig:
       Path: "/metadata" # ZITADEL_SAML_PROVIDERCONFIG_METADATACONFIG_PATH
@@ -1131,8 +1131,8 @@ DefaultInstance:
     # OIDCSingleV1SessionTermination: false # ZITADEL_DEFAULTINSTANCE_FEATURES_OIDCSINGLEV1SESSIONTERMINATION
     # DisableUserTokenEvent: false # ZITADEL_DEFAULTINSTANCE_FEATURES_DISABLEUSERTOKENEVENT
     # EnableBackChannelLogout: false # ZITADEL_DEFAULTINSTANCE_FEATURES_ENABLEBACKCHANNELLOGOUT
-    # LoginV2:
-    #  Required: false # ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED
+    LoginV2:
+      Required: true # ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED
     #  BaseURI: "" # ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_BASEURI
     # PermissionCheckV2: false # ZITADEL_DEFAULTINSTANCE_FEATURES_PERMISSIONCHECKV2
     # ConsoleUseV2UserApi: false # ZITADEL_DEFAULTINSTANCE_FEATURES_CONSOLEUSEV2USERAPI
diff --git a/docker-bake.hcl b/docker-bake.hcl
new file mode 100644
index 0000000000..d75373dee1
--- /dev/null
+++ b/docker-bake.hcl
@@ -0,0 +1,5 @@
+target "typescript-proto-client" {
+  contexts = {
+    proto-files = "target:proto-files"
+  }
+}
diff --git a/dockerfiles/proto-files.Dockerfile b/dockerfiles/proto-files.Dockerfile
new file mode 100644
index 0000000000..0af3346096
--- /dev/null
+++ b/dockerfiles/proto-files.Dockerfile
@@ -0,0 +1,8 @@
+FROM bufbuild/buf:1.54.0 AS proto-files
+RUN buf export https://github.com/envoyproxy/protoc-gen-validate.git --path validate --output /proto-files && \
+    buf export https://github.com/grpc-ecosystem/grpc-gateway.git --path protoc-gen-openapiv2 --output /proto-files && \
+    buf export https://github.com/googleapis/googleapis.git --path google/api/annotations.proto --path google/api/http.proto --path google/api/field_behavior.proto --output /proto-files
+
+FROM scratch
+COPY --from=proto-files /proto-files /
+COPY ./proto /
diff --git a/dockerfiles/proto-files.Dockerfile.dockerignore b/dockerfiles/proto-files.Dockerfile.dockerignore
new file mode 100644
index 0000000000..e26cd3c2d6
--- /dev/null
+++ b/dockerfiles/proto-files.Dockerfile.dockerignore
@@ -0,0 +1,2 @@
+*
+!proto
diff --git a/dockerfiles/typescript-proto-client.Dockerfile b/dockerfiles/typescript-proto-client.Dockerfile
new file mode 100644
index 0000000000..4a9505d19d
--- /dev/null
+++ b/dockerfiles/typescript-proto-client.Dockerfile
@@ -0,0 +1,8 @@
+FROM login-pnpm AS typescript-proto-client
+COPY ./login/packages/zitadel-proto/package.json ./packages/zitadel-proto/
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install --frozen-lockfile --workspace-root --filter zitadel-proto
+COPY --from=proto-files /buf.yaml /buf.lock /proto-files/
+COPY --from=proto-files /zitadel /proto-files/zitadel
+COPY ./login/packages/zitadel-proto/buf.gen.yaml ./packages/zitadel-proto/
+RUN cd packages/zitadel-proto && pnpm exec buf generate /proto-files
diff --git a/dockerfiles/typescript-proto-client.Dockerfile.dockerignore b/dockerfiles/typescript-proto-client.Dockerfile.dockerignore
new file mode 100644
index 0000000000..3915a26e4e
--- /dev/null
+++ b/dockerfiles/typescript-proto-client.Dockerfile.dockerignore
@@ -0,0 +1,11 @@
+*
+!/login/packages/zitadel-proto/
+login/packages/zitadel-proto/google
+login/packages/zitadel-proto/zitadel
+login/packages/zitadel-proto/protoc-gen-openapiv2
+login/packages/zitadel-proto/validate
+
+**/*.md
+**/*.png
+**/node_modules
+**/.turbo
diff --git a/e2e/config/host.docker.internal/zitadel.yaml b/e2e/config/host.docker.internal/zitadel.yaml
index 203dd16437..23f35302b4 100644
--- a/e2e/config/host.docker.internal/zitadel.yaml
+++ b/e2e/config/host.docker.internal/zitadel.yaml
@@ -60,6 +60,9 @@ Projections:
 DefaultInstance:
   LoginPolicy:
     MfaInitSkipLifetime: "0"
+  Features:
+    LoginV2:
+      Required: false
 
 SystemAPIUsers:
 - cypress:
diff --git a/e2e/config/localhost/zitadel.yaml b/e2e/config/localhost/zitadel.yaml
index 966bb4f6b7..701e7b806b 100644
--- a/e2e/config/localhost/zitadel.yaml
+++ b/e2e/config/localhost/zitadel.yaml
@@ -52,6 +52,9 @@ Quotas:
 DefaultInstance:
   LoginPolicy:
     MfaInitSkipLifetime: "0"
+  Features:
+    LoginV2:
+      Required: false
 
 SystemAPIUsers:
 - cypress:
diff --git a/internal/integration/config/zitadel.yaml b/internal/integration/config/zitadel.yaml
index bb8d86376d..fed746d823 100644
--- a/internal/integration/config/zitadel.yaml
+++ b/internal/integration/config/zitadel.yaml
@@ -101,3 +101,10 @@ SystemDefaults:
   KeyConfig:
     PrivateKeyLifetime: 7200h
     PublicKeyLifetime: 14400h
+
+OIDC:
+  DefaultLoginURLV2: "/login?authRequest=" # ZITADEL_OIDC_DEFAULTLOGINURLV2
+  DefaultLogoutURLV2: "/logout?post_logout_redirect=" # ZITADEL_OIDC_DEFAULTLOGOUTURLV2
+
+SAML:
+  DefaultLoginURLV2: "/login?authRequest=" # ZITADEL_SAML_DEFAULTLOGINURLV2
diff --git a/login/.changeset/README.md b/login/.changeset/README.md
new file mode 100644
index 0000000000..e5b6d8d6a6
--- /dev/null
+++ b/login/.changeset/README.md
@@ -0,0 +1,8 @@
+# Changesets
+
+Hello and welcome! This folder has been automatically generated by `@changesets/cli`, a build tool that works
+with multi-package repos, or single-package repos to help you version and publish your code. You can
+find the full documentation for it [in our repository](https://github.com/changesets/changesets)
+
+We have a quick list of common questions to get you started engaging with this project in
+[our documentation](https://github.com/changesets/changesets/blob/main/docs/common-questions.md)
diff --git a/login/.changeset/config.json b/login/.changeset/config.json
new file mode 100644
index 0000000000..3f2d313f66
--- /dev/null
+++ b/login/.changeset/config.json
@@ -0,0 +1,11 @@
+{
+  "$schema": "https://unpkg.com/@changesets/config@3.0.3/schema.json",
+  "changelog": "@changesets/cli/changelog",
+  "commit": false,
+  "fixed": [],
+  "linked": [],
+  "access": "public",
+  "baseBranch": "main",
+  "updateInternalDependencies": "patch",
+  "ignore": ["@zitadel/login"]
+}
diff --git a/login/.eslintrc.cjs b/login/.eslintrc.cjs
new file mode 100644
index 0000000000..1bfcec169d
--- /dev/null
+++ b/login/.eslintrc.cjs
@@ -0,0 +1,10 @@
+module.exports = {
+  root: true,
+  // This tells ESLint to load the config from the package `@zitadel/eslint-config`
+  extends: ["@zitadel/eslint-config"],
+  settings: {
+    next: {
+      rootDir: ["apps/*/"],
+    },
+  },
+};
diff --git a/login/.github/ISSUE_TEMPLATE/bug.yaml b/login/.github/ISSUE_TEMPLATE/bug.yaml
new file mode 100644
index 0000000000..2764c1a365
--- /dev/null
+++ b/login/.github/ISSUE_TEMPLATE/bug.yaml
@@ -0,0 +1,63 @@
+name: 🐛 Bug Report
+description: "Create a bug report to help us improve ZITADEL Typescript Library."
+title: "[Bug]: "
+labels: ["bug"]
+body:
+- type: markdown
+  attributes:
+    value: |
+      Thanks for taking the time to fill out this bug report!
+- type: checkboxes
+  id: preflight
+  attributes:
+    label: Preflight Checklist
+    options:
+    - label:
+        I could not find a solution in the documentation, the existing issues or discussions
+      required: true
+    - label:
+        I have joined the [ZITADEL chat](https://zitadel.com/chat)
+  validations:
+    required: true
+- type: input
+  id: version
+  attributes:
+    label: Version
+    description: Which version of ZITADEL Typescript Library are you using.
+- type: textarea
+  id: impact
+  attributes:
+    label: Describe the problem caused by this bug
+    description: A clear and concise description of the problem you have and what the bug is.
+  validations:
+    required: true
+- type: textarea
+  id: reproduce
+  attributes:
+    label: To reproduce
+    description: Steps to reproduce the behaviour
+    placeholder: |
+      Steps to reproduce the behavior:
+      1. ...
+  validations:
+    required: true
+- type: textarea
+  id: screenshots
+  attributes:
+    label: Screenshots
+    description: If applicable, add screenshots to help explain your problem.
+- type: textarea
+  id: expected
+  attributes:
+    label: Expected behavior
+    description: A clear and concise description of what you expected to happen.
+- type: textarea
+  id: config
+  attributes:
+    label: Relevant Configuration
+    description: Add any relevant configurations that could help us. Make sure to redact any sensitive information. 
+- type: textarea
+  id: additional
+  attributes:
+    label: Additional Context
+    description: Please add any other infos that could be useful.
diff --git a/login/.github/ISSUE_TEMPLATE/config.yml b/login/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 0000000000..7e690b9344
--- /dev/null
+++ b/login/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,4 @@
+blank_issues_enabled: true
+contact_links:
+  - name: 💬 ZITADEL Community Chat
+    url: https://zitadel.com/chat
diff --git a/login/.github/ISSUE_TEMPLATE/docs.yaml b/login/.github/ISSUE_TEMPLATE/docs.yaml
new file mode 100644
index 0000000000..04c1c0cdb1
--- /dev/null
+++ b/login/.github/ISSUE_TEMPLATE/docs.yaml
@@ -0,0 +1,30 @@
+name: 📄 Documentation
+description: Create an issue for missing or wrong documentation.
+labels: ["docs"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this issue.
+  - type: checkboxes
+    id: preflight
+    attributes:
+      label: Preflight Checklist
+      options:
+      - label:
+          I could not find a solution in the existing issues, docs, nor discussions
+        required: true
+      - label:
+          I have joined the [ZITADEL chat](https://zitadel.com/chat)
+  - type: textarea
+    id: docs
+    attributes:
+      label: Describe the docs your are missing or that are wrong
+      placeholder: As a [type of user], I want [some goal] so that [some reason].
+    validations:
+      required: true
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context
+      description: Please add any other infos that could be useful.
diff --git a/login/.github/ISSUE_TEMPLATE/improvement.yaml b/login/.github/ISSUE_TEMPLATE/improvement.yaml
new file mode 100644
index 0000000000..cfe79d407b
--- /dev/null
+++ b/login/.github/ISSUE_TEMPLATE/improvement.yaml
@@ -0,0 +1,54 @@
+name: 🛠️ Improvement
+description: "Create an new issue for an improvment in ZITADEL"
+labels: ["improvement"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this improvement request
+  - type: checkboxes
+    id: preflight
+    attributes:
+      label: Preflight Checklist
+      options:
+      - label:
+          I could not find a solution in the existing issues, docs, nor discussions
+        required: true
+      - label:
+          I have joined the [ZITADEL chat](https://zitadel.com/chat)
+  - type: textarea
+    id: problem
+    attributes:
+      label: Describe your problem
+      description: Please describe your problem this improvement is supposed to solve.
+      placeholder: Describe the problem you have
+    validations:
+      required: true
+  - type: textarea
+    id: solution
+    attributes:
+      label: Describe your ideal solution
+      description: Which solution do you propose?
+      placeholder: As a [type of user], I want [some goal] so that [some reason].
+    validations:
+      required: true
+  - type: input
+    id: version
+    attributes:
+      label: Version
+      description: Which version of the typescript library are you using.
+  - type: dropdown
+    id: environment
+    attributes:
+      label: Environment
+      description: How do you use ZITADEL?
+      options:
+      - ZITADEL Cloud
+      - Self-hosted
+    validations:
+      required: true
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context
+      description: Please add any other infos that could be useful.
diff --git a/login/.github/ISSUE_TEMPLATE/proposal.yaml b/login/.github/ISSUE_TEMPLATE/proposal.yaml
new file mode 100644
index 0000000000..cd9ff66972
--- /dev/null
+++ b/login/.github/ISSUE_TEMPLATE/proposal.yaml
@@ -0,0 +1,54 @@
+name: 💡 Proposal / Feature request
+description: "Create an issue for a feature request/proposal."
+labels: ["enhancement"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this proposal / feature reqeust
+  - type: checkboxes
+    id: preflight
+    attributes:
+      label: Preflight Checklist
+      options:
+      - label:
+          I could not find a solution in the existing issues, docs, nor discussions
+        required: true
+      - label:
+          I have joined the [ZITADEL chat](https://zitadel.com/chat)
+  - type: textarea
+    id: problem
+    attributes:
+      label: Describe your problem
+      description: Please describe your problem this proposal / feature is supposed to solve.
+      placeholder: Describe the problem you have.
+    validations:
+      required: true
+  - type: textarea
+    id: solution
+    attributes:
+      label: Describe your ideal solution
+      description: Which solution do you propose?
+      placeholder: As a [type of user], I want [some goal] so that [some reason].
+    validations:
+      required: true
+  - type: input
+    id: version
+    attributes:
+      label: Version
+      description: Which version of the Typescript Library are you using.
+  - type: dropdown
+    id: environment
+    attributes:
+      label: Environment
+      description: How do you use ZITADEL?
+      options:
+      - ZITADEL Cloud
+      - Self-hosted
+    validations:
+      required: true
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context
+      description: Please add any other infos that could be useful.
diff --git a/login/.github/custom-i18n.png b/login/.github/custom-i18n.png
new file mode 100644
index 0000000000000000000000000000000000000000..2306e62f8709d5b6f756b773410eca411b3b5c2e
GIT binary patch
literal 85028
zcmd42V|b-amna<USUa|DcRIFhyJOo<I<{?g(s4Sr)3MXBZS$m`cV^z1@0|Jn)pgab
z+EojMbr)8x6|NvBjsS}T3jzXyASofD1Ofse0s#S~f`<Go2@mzJ1_6PWvk(?mkQ5ds
zQgF00wXik;0g(t#R)^A19>K`bRw4#KiwH;^$^zq21f-zpZ)1pPh+%+IQ80o7F?2sS
zS40705kHmC{=g0!3G2F;D4zP%<`q;%o*1dG2ZOYp(r#p4WO9GJ9sK4$$l`Xozy~?h
z^)6?_oCgreCoo1L+?&bD$r;9bf`A@^qD4WSdk5%@hQ}a6)xiJqW2~+Q6<OAERj_=k
z|LDS?&zE5MZ1nf9x>T6Eg0G|??mq-*#-RMELfW4yy~|OmgEYh;@q?Si!dX?DRl{dh
zAGh;lz3DKw#X;icpS(3GKyZBG%+R4(@)7aH;IhbsY5_+4VLsQ_rqINCfLerx0H>Mc
z=hNG2XO@qWbiRU-1G5+dRl1-MJfak7rzfZPN$1y#gw!8cIej>4cXXN(l`N)dzr;CN
zdy_Qqw|^zv4pW6Sf(kg)+E3|)r)x&U0g`zwN#mRhCqPiQC9hY%t^)~accFp>t)U&h
zlX0+k50_90;}taoJPFhGKefAu-4Xpn9s%F^ZXGjb+K)KtMK3(K2Y)61R3}K7^qh;%
z34@o+SCUP>jc{Zf6QX$~2~;LVqykck2~~nR6!B0pSPxS)GDYHYT9YdG(-_zKYfvNr
zUVhxxUc+lDoW}X+=6HW~J#|k>!{iKR+%p>pEprUvMY)7}3#~QqA%USZ)DS1j#pA<^
zR6qlkMc`9LlEFC85G*F{zYJ9jZoAH`9uj-4>L=k=?v4}1q+<3X#L^FkMk*J_rb^rt
z?x^~1CojKFnJ4o<@&OT>i9l-n!4{mEz`ubzh}$VMwkzKOK>6YVWQf2Jg@0d$74;Cn
zv=0UdU2=<%5D{V@@GsGVLBxHqMW{M%Bg?tCfM5&zNG0Q4Vr}yPAsx3mj1(kUwgpMt
z0oYgkJllOV{>;0*6{jB$uS_o?TLKi`VT$mR!v#p%DB$6s{Xiq&GzLevk3Ay~p5B{*
z%iwbJkUgIMDNHO(b}&@%k6?!0@uO{$WhzEe0n9lhoKgAb#iyRCyb{{;STA9hvM5#u
z@J;`=ZjZ0cj9JU*b*sc($(n}IGw<2}ecpUx?g&(f;;8&bMQgFxxtdvfd_~3m=abhm
zZ&|_-4!0t++t=0VI>um|C3ERh?NcIGNbZ2_KCN1c?%o)~aSd))k#KRf)xsWh4j%2(
zJbq3Ev)hcP>u<^FN!;_?cVB%}?)D;04`?|^-M%}=$YiA_Pi}WJeh(W+gvJ}H&C1Tw
z1y%6%Q>p%?&K$IX9=!Y>qJ51EvOWX}3F-UX8$tkX(8cXdj`!ZXT(eawir`-#3IVGb
z5Yd;63FhrIwRJuVHQ0@})a{-XfO`q%O9TuKqyi!(^spWJVCWpMFv0x>j}(NV0{_wN
zsQ}Xyc$Now3JN8FY7Rl!J-Nx#4E;0kkNur<&_NzjJ0u|xKupXQ9B@cV5k_tl`<2wX
z9|}gKH(rAbTT++>8KyvBpIADM<r{)hxV5ll{M)eMF2E7-NW_-pA)a7YewQ~Q|F{g%
zGFU5rNAb(3VBeIxGfhVLgb3WUku!u=fLdYOwAd}clb|EQHGgv27v8`U3zc;MkLk<c
zKtT-}9eAQ4T#ZsC-j6|?8jQy*Mq^zK#(PA{ZTPGZ?rwCvK*~)pZ;DP3{TTIac6U-=
z*siFJp_j`^08USwf&3-eC3GT8da!0NiV&wE<rZ*@ZB=?Lcu|BTUb2CrwXY*h<~PLz
zIRm9F#W^_vr7H>{%8Mjf0^dl^u51L!mE=<q%8b~I?F{n_xe~__y=JtvkShgLyz(%L
zBXUcYjyRuGr--l6yTEjjh7u38A{wy?q6xVPRB?!7z>MsZz<hz0a!2{qob|DhB}8L@
zXNG6!vy`mtxXidPy_jrelSGw}P40?j<BR3RT;u%NT+4C!G3*`saob$%j|~++(ZcCU
zbKeFuEj}BFsub4**Vuctp!}_}o>`zJ-CWs>`CN0+RiIqH_6+B(#jTJh=Nr)*SciII
zfkpAi{H_(lROJj$rH5|4eq=toAgvUwyj6=@_5x>B=?a+*?U{g0zH9Bh>sjIo5;j&}
zR*wlZmNXVORw?!xmk7QUevVv|T>1n-HexoPu8l6{n#kI6t7@ybb6XnLY{ZE1K8rdF
z5>qwvMl3T<A2umYy|qkVnzZryVf6gXEb3A6@!5P^#e-gMF=1J5VV72y<i}4?TLUwo
zG1HhqWRFGAdM%f6#~|!rN(?X4eG0Lqxfzz#*G2m_!#2aN_*%u9_&M{!X~{x8<C5B3
zho&p8ox(w03V2jP)Y=iQL}Q9cjaE8D+EmpZu7P7#b~XfN)ihhyGp08KQ=1e6wQo&}
zr$0I8vutt<J15%5+b4VbNqUWPL^}rPr6b7yu#7nd?O~5`s4b{Ts!3O6ROV=%Xx>!9
zRh?8_EKON^+nBDX{L!f;U#YWkvgY`s*C2eRb5?g+amuh%cyD`e^fG>*y#u|&GblNz
z8rycBci!zlWnbpjd@<|{??&fn?dZ+CZsa}sIKML)^>Mm;oOIIAcXSUpgULsYplFbJ
zoL!#K+|=3gHX*Swn(7Zh&7|yfu609hv36+L8nutM*F9d@e;yfMligp~T-dSQ%GvK6
zdE?R!#UIz3;5!k#ynN6&oIbvqm>p-`xbZ(A)I-$c)N|33r__{3kzHXv%Kw$lvEh~J
zmWnh+Iey@k%b>5U-)Yx)0nYElpT8m3MTw^^_r;9kAfzj?>-R_82kuWwH@*jV5DXxm
z0?rh28Gag21KXW(n2w6IjIWGwiQV1y@(L&<p)q_Mcfv!O<F7t;0_TF1P3TD@!%N3d
z$#N>#tlLc2P7W3g9j$@uKsm#rgtCkVQQ)p<Rd_C@Ej}6bPW>GV6<-<s=BumFY5NkZ
zLsavTgNsA;&fAXq;D%g{qykw3`3$Nusuk)683b9C<Z%X%@Ad1*K_WuJz{ogtQBr?W
zHuak_SZQVMO!jexR)VKZ#ogSp@}w+lS_=2su=BI?`)!a#a6?f;YeVcSl`nf2e|Bmo
zb%%U6x;2mo^BHCl#!F<qfW3ecdmY<~CCAj$?C1FD$n`kQ<T1L_K=O9#GV!u@{l>1y
z-svdzu<Ynsruc;P7&qN?%C3amI8zR@msshXo)*bj#u2B}+iyP2H0x5lc==?GgOhH;
zH`kEpZQOx3u-w3kz+d$!X82iE?Ak1CJ~3-qCQdnMkm&DBn7OoRf4)pQuWx%i960UU
zY5UVj=ub6Gc^h8!o{RQGT4E?;9?-ov4wswDPU}l2q%@%6qBGL?KFVHl+>zsu*Cm`t
zccj?9VSK2)+6>i&k9}cy(V?MxEB;+x*?zj?*mJGlnR%%@;08|1qUK!btleUQ?vVU#
zzHz?uht-046}8Tdy-okhpi8Ao@yWXuzt3BXW9oGkZW%5bZYxbMZ3c&ywNB%ev5DH=
zJk3W%M<zT6{hwRYdi$GVdS7jvCLA03KhN)8R}UOb5O!9TO%)6qa;thZZ&xw>_-4Ka
z9|~==24>3>@@-^ot(Hbsa`UZ=3k%o_Rh8l==y$wr%5M6rs5PZ6J^6-z^!C^5d<=4p
zHtOFjUaIk-xu;y?d}_AD#|Sy_jqqq}L~st+?%7S)UDzo(+z1ePR~NSD9S<poa$OrU
zn$+;8dF!sJ?#!>I1B^q4o@1qBA999yu4-&N|C}Wz%Ik5WJ5}sBFCEqML%n%l!yo*v
ztzS3Op7hA!euaBUExEBh!2P592kGtj`6M6lSIi*XIc5f<r;hbe)||&}!bLG^DmcT3
zcZl2G>-_MK>_wEHYt1>H9Vg!}2WK-|IP}+Pn(wym3%G;1i{02SQZ`uI)!#DD?7Z4m
zTVqy{nm68w&U?;614AbXM+kjR8GL2Dbl&@SCC`)(N~?GUc`<WkJr>?{o?nISMlQ6v
z>^u!`wuks%-_0*FR~O%u?j1KL_o{F8&z{Hjs+-;q-@U4D^!(hFpVdBW#<}m?ST7RS
z`Jb3hNRNyMDF4XQ=l1b!U=QPB#a)}c_UMDcQ^kJ426=6P1JPmufp@npl2gn^f`TjH
znnfhJ%&j?w=hRpQG57ztW$w7V*yjRyaRo7exH~Eb5t#)EdjL7?4<~hbq~mZuSHU3R
z!S&`pQ})#3dgKswp?Dj;n5I{#X!V~y>jGJ42oeui!>#?iU__W`NSeyZg3x^Cp+Nwk
zI3N(8Ind9@2a5Y&c`;Bb5b%G>!9YMlEkFSO0VDUB{ta=T@h{H5Qt*WDAW)zGP(Gu3
z9@u|E1Bmj#|1<wd?=uK03rk9Vrpm^SCMLE{=623c^(22=0%I?s=>!6TLH;*_N-B|E
ze$rpGP|<MKkd@&wwzFX{{AOol!r*RW|CbI3k2}|A*2cuykjUM}+SZB7otNYv2(Hik
z-(p4*qJKb~t$0Z^WEF^n?Ho;rzA!K`Fp==V5)l#cIDRwbQW6pS5A@G}yd>t%&h}i4
zjBajj3~sCpc8+F@%$%H@j7%(yEG+b&5cEzSw$6s`^tMi<|043AbVN*?j2$iPoh|Ha
ziT=_xG_rGX<|QHd%jmztzuIZyZt-tUwod=it<MfJ{;gqTW?*9cFWR4|Jbz2M6fE3L
ztTja}Y(B^AlLsFQ=NF!T;Qz0he{=kAm>U1aWM*RjAE^JW>i>(X>SW?5Y-jVy)0ywz
z^YtHm|9j<sAo4K&?fQQkihqssKc$}o%?HcF_+OL82MZ#wCi*##corh^Dxc}6l>HNu
zK7ap8%HQ-e)`Ol8XA6LU2!Ke62&%Y)p6Wulqb*|a39O<P1OveUFz0{>K<QV}$fOyi
zN;H}zFo=j>#q_s|MH&vYT6huYZU`7;#O8nk0hHZrr_{Fe#%~;A{!X2Y+-^T7`Rg-V
zK6n#KRcaF$1457u09c@6{{MFpU@by~gbG{^V{jXXW&(=>A?^OZ5-?B-qDR61or1VO
zOqg|O8r1&=@fRKYf2$0z{(qwn+d#Xwcm$@lVK#HN1ZHRRYG`TfH&Nqc$tyXckdgHZ
zf0IF5jckT`Ai2P;9E13$;ky)oH2+~)x1fXG|IvxKD(FYd`%o0oh@hY<;ij0x#OxvR
z!JcGXbz(9$GRn}s+J6Rz3H!69GT-Uk*lOyU=F=q{XO!Kqwp--*%)Su>@OXgG{k}eS
zPD;8KqP(z~tYKRm*jm0xy?libzm>gMKj?!R`3+A<5z;QQl#tuuH5m^ECdcx3K;uZE
zo4>XQ%+DkfcSZidVq_pj?7ax-3o3&S3y%#beI&Rm2}>?U|GLZ_5c-4r(f!FkC_6$X
z+!qUCC`i7yFD=w=wD^(-8&qr)UwE^Mm?+~u6UsJZw6|)Lx5jQnA?VliNFj8?qft4P
zK5scEkF5KRZ=TI5o?(9!FV|wT-H!Lt)dL~dlbw}VElpLv=MTI7J$wyzoL+`gjHA{y
z-@w2DtBBic=DV$dn<O@3bEO%4$hm6>GhDdgRQ1NMs~+qqVs;$`wu?O7;9_jo>bYYg
zZCx>aZ_Q*L&tinq9!ov;?P7%DR_x0t$!YLa`vl7Rsa2wUOUsN3J`AW`7i}=KldJKi
z-faHe{TRi0deg5s#qvry!a>-f?ALYA{fu1*bk8*fhfVYCJC}zJj%r9fZ_Hp(-P~dR
z*~Qp%K6ja}9QV{&ov1$ogw)=07Y^BiC_C3f^3;m83fPg6Fn{X#PjMS!pVB|D)1IEe
znM9;2q9Q}d;|JGp|8m?A@euo*g3Afg%LO2C9Et%l6^wjyB3Zb`tH&USBjs2@H(?%i
zBb4$=5%Oez0c^(i(R9@G?zYlKrShRu)~_c<b$0H_&Wj{Zj-zb#6wV<%bWz6Nit<aC
zbA6{%&-||}2}VLysGMS~_35(n6L{s7BsF33hs$4j5&l=)KPzs^bI6G36j6H#^jjtP
z9!~(Pk*up-twB0D_T4ATubM9Gpu)4{bmu#b)9g~jXQ5sE6(sUK^9w>n9}gP{8V=7t
zxpGmTkq@<JG1tXeB7<{?JyRS5{i)7P;o$U;f%FG>L5I%JVYTB@fnAvhuRi+(mAr29
z9|QL1R-*n5bt$et0M2A}x0c_wt+J7j-fc-Pz1mn5=7%J8UhfV?4m)=nAc2}!ep-cn
z@Htc?p;m^ATT3k}M!Z3~`zxmNqpCqhouUJ;X~Dydzrra8q1$Jn+noTx9Y2uRK6FF{
zDqmXI$#@sOoow`%8m{UO5!vyv8i4gWgBiIFT`LTZ5fD)FhcYhc`9~sc&-wt&InwoB
zCD$>)3d|aXE;S8^9b`9bS^-dYJi!OwaN}Z5@fDQKrI|qE5fwZm_$&6oeZYL2g8eTY
z>H@o3RnY1mK^k3+a`|Ri3+F2R_{w2_x~9}@_4+(oEH=)8$?f3)B($wQ1m<ne)o~em
z<EJ>}GZ`2CM^HzAVC-<*eT-GgFt4jp0&&Ztvn#Uw?2w^=zU8q47UvE-rNV3SF+mHz
z`Htl#KkiK9c1e!dgHh;q@V~w7|Kl#7?hi6t2H8KjK2OA-p=X|{Q*@Wr9u4SEGbPVc
zbl|9EmE+zWghd4ok`!w*Qo=y5P0vmkf|1yGI|@^y0$a8i+S{CnawW7q)uC|N#z-qN
zqA;CkL8pt<NVjgbY!<zzd~u2?08hb7zV@ZA%(<+8myOF6;BX^AgkX;Lj{XlYhhnh%
z?PQ1@gl1D8A2z8B;>-O{dyZYI)z%s~oVy&0DL`NEC?ZdU%EDogoUJ||2xDW`7p>(M
z0niVeg7fkEKQ5!?-3!ygw-48QaLpd3nPr*igbcRp3awhgm(*I2r}#I0ePP`8=fkee
zj`so?Yq-(^yCa#HQtB2U17q_5vqi9iN$z~iEze74XwKXw1kdsa7ot2%aC-+vXvQ4g
zptR73t(lPy`>S1oASb7X`=D;IY~n6)VkXvK!Oi0FK-W98tVcWWqHh6(rBP+B39XJh
zDCgTI;S}$>K}JSUA4^qOOW#c~m2C59%88Rrm0_T@s8kqt0ef&?1&A?mp}iilV!jU?
zE{)E>>Ao4!3~3aFJDg0Ta^m0BvQ)IT<}V8i&9Hv8XLaJvVWYhE61-My4BR}i2H(9g
z91Kv17blF(DcaN_ET3#dEkOZ-65K1a<dG&_Hv}E_qkZ+_z_<?<IWgCsV@Mzz-spdO
zEVbX4%et@GjQpD7_zU%^ZAxEU3WKwo3^g&MlR*LH&G4~BL-<>uWlWn;!7bM^S!sgH
z)O!ovx^^pLzPnxQMofs4mg^K3ra$(wtU#QNtEioLc0SUUQ=xoYu_25)(^#P+)3dCC
zVr@;cJqO}Kjy%HI{pkSQ<3ojSJv$>5ZCOBxl!;<t7zWwF#lTia^vrZq9;e5Wc5g8h
z3~=`XR#dUje6o>hDcZ#f%{9Q3e68Q<*Y+)b$Gd9f_>JHR3xNVz7yei6OhL4a#MLlg
z_z%5sv@>UhuZh^Ax;FVJy!DUm=?7zQhOq>FDUrzbi~dLGTY9L~LH72w%;HrQfUo{I
zqH}WEuWP6Mcl=@UflguS5d9@`$e33hWUmYPPh+eD^|B>O>~A_E9Jg&G<GpIR9dMWz
zlx1zP5)y&Rk9fzZ#$7>mRfWmefbF{}Hdmc+5LUd@iJ*vb@ARyGhbA3Q5HTv55e5VT
z*_L1DW%<Gndq?#LHH25>zc++Wuea=8Yqe`@9z2r-4}RX_>isICMH3k(@`7W94wnkv
zgmSRQ^Gi*3Kgpy*USPLB$h9X!ZTM3wZ$KDhcgSsbdePNc8#R)+@dxf<XVW#x*QuN6
zwM%GUPn`sHlfqZMPN-AdPw<<ZD-RDOESDCj&qsZre~p7ZR2Qu5=4kx<C7tGjUtYOW
zsX3<Vm>THyQ;mgu#Zg81n?{<Zz}mG-o_D-s@2SOmQwR_rlfKmgdkK%`=|=+z_0D0j
zan0GIt8(aY$}@dn23#(1XfoSBt|rbJJBZul?;)&P1u#QS#AiN>vC?E~Y}r-t-imNy
zIR5NH(b(v8AINgY_nibiQ;<)mLGRU$Icv4z+A5CHj<0NEhl7leEqjxkKOE}0-ibPI
z5h|D?0sYQPZaO`bj}VCXGbHbB@rURdIIS31Ja9#+bWG%uei4{cO4d`S*w`4!>bzd?
z0xX-ZVSP6)^a03*w|k+M_&x-fmTdpV0_$B^$Nnz=fvJ6TFR#0X&;h8Y^e#xndNk^V
zy}YFUiN(y0?Rm%c8~a1ja`1=BkJ#^mcaZqb*VLp(79>$`bT`c=!Txy=`#JA4P|2Q@
z4>V2}cjj0zCD70PXkdYQ_8;czh^uF+a6Tq};zEQyHRGwoF#36thoUa?;>iP%c<I4$
zH$y{*c?z)ft0lh}Y2`Q|#Jl_blzmi&xk~UjcFvPo8RBLV(kLf4-<HMU)tFQKiB>5)
z^rhOHt=uq>bK&3Aa%V4#iS=#EZ7-6|h#!61Te0aczxZm&wksrlM909%ACp7PAw<c<
z<;I4OOM}q|Hju*<s<35vXc#*vf#^4zxlqx{pf{WlVm#a@^gsaTCvCxmw0X5ArsI&p
zgoD--RcCk>UUgG}Zw=oWZ!69VXJZPy;0G?^6Z*B*3t19$7r0!?5!b+}cX10xDoJtD
zW&>{?noQWdlZT(3t@&QeQ{sWQzhi85@Qyo3Ad+_!Jm077)4a%JNMCr#pa#42mCpKA
zHNQUCWBumG`1w1~;n1p3&_P{Lu0LN>Mw1aL`kIOig^P|0hGiwDX%Z)TG$PTSjFH=r
zyEyF`KglK>{<YkM+F=Fzh3tm)xk?H4={I)iWqKhU>ld5jjx&XP5O2+2VUOqf-5XFO
z?#V(+cRIe11blLera}1!u{6k_f6S8i?c(dM#8rJZS#Ng=JnkxRL>7GRf0bBvQFnce
zI><=cohjqvRs9~YBYRV`jJ*DsFY>GI8QfG6Qf&KKd$3#Mu6F<%Xl~7UK=u1bg>MWR
z+HK={s^|jGS?Ct!T!$AP^Zs{e7?Z3{bT;L@l_DYLCYI&RRJky=>sQT25%kC6N%^=3
zbio%ej@)ONBc#;6>acS76Be}NBrl{9PS%>bn!rBH*zR9W-_u#ft$#?zP+O^0z@Qa4
z&7Mc0GA(}*JWu<);H*pj{l1`+qvC)iaY!EV8kawo(4-d65o555g{Z|BKj774E1&~1
z2%~}vRJ9_um%=jb8F#UopHf0zA;9NkZ#nbHl=78kCq?mTxy`JV^@{G0fhtqJOB6L?
z7<??Jbk>>k+H=W-B0%r2`~1U^yTj4S+FP3&g(iyMW3!)S{T&0wMZ8GZg@h-Bcr4+X
zy)Z!;HxlA*$v_A1s;p}KjG>{$F_9i!kJV0h$a$cV0*1W|<FanCU@@p^2lFRL&sY67
zLK_#cO10kZr&<r}<1s&|z<TWfg&R@s_KX_vuxJeAVUgH{Z59m<uCyTfA9adx)NEpp
zcW`Cn$cR77V77Mj39dII2g>A?B#SKRL;cOBM{#_xxFkI?K(x(#Xd<K+PN7w`eMx7~
zAa?dGTKW9H=e~mK4OE0<rkNZDUq988#mf^m7|VV>n81B2M6umA$#9Kf*o-Mm5;m8&
zF)vkr5=u=$f-W`|UqR+`C&j_Uk)JvU4th56__zyg7HFdiMd$AO;iZP`RFM7g-poWv
zY~$}|KP?-%Q>o?rAVdg&$X0<9T=8)2UHhhWd)8L6GN12ok*9v+A&%fR{Uya;BRo<r
zS3OehlYAr&SVNE|A*Q}FW7wfN=R;YBghB#yxTM73Z*GcxF{g}3#!k>jFd0LB7{8UX
z@ya;U5jN)%F`<Wu;e4xRS}7+AS>)c1^;=;}p#b+@8z0NE?D&~&PM&=jm4VhGNudHC
zJJFJD(l(edp|20Vjj)l(7L<Anwg||;4fabYxD`Gz3;+GE`)L%8hjV9GpT`KvN&Ume
z;Kx=y#mBt%)H2~nK9UQ%>%AbcGDX2=<Q)7<KFMg%J+QbioSCqAV%wu9?oc>RNfGat
zNl^q@LJJ(Be#o;+{RjyVByPB}?HxJ^KH)_Q3bXB@y7S~bCd-w$DYux0BC1tu3wf`6
zV&N{N!X`bnhYB(%bKj2wF>#&*SeJ;_umNn<IXw_5Fd<h*?CJx=cZ_&7gf003GOn=O
z=Z5d2>Tqw2mVqlIWJUCXXGK#n@7Ky1iWV|&h@+iJ0DzDDky~I6+zg6S-Iq|5N8Q!P
zMJ^+08jQLsYH{U@Dl(#7tn1~Qo(;CA*QpE7p%BV%=nkvP96)RO8$oEUGkC#h|KZ?o
zc^6W=bA!bF;nvn+iWUux!I1ORVA(VnKp&u>H}FGT#87)CF8|_9c&=YDquONmLEpGQ
zEGLc-`<b5DA|hB9&vJ;`1TDc_R=Oo}V~pq(L0Y~~cv($9!}sOOt<qCidh7@8K0ynF
z72i*zIDe+QkA^4}F<d#N1Qddvy*|Ib;-E2yL^4IwQm<Rbo8UYg!Sn^+wEHKOGKB`7
z-z#jmDHodITN8JovJ6McVEf+ewCcz}K*C($lG8V&)yUsGpverEIstz*A_2}orU?H$
zJ{e--D00GK;&01&dYkH<%v_2xYvILyU({o&LdKxf%d$l>v{!@<rm;+sKVC#vc@X}X
zJt*pHoyqOwF;$$#ACeNyp)(uGphaCrKMS-xH~)x*+uJKVu@q6HQYfHcJLFV#Zt>7^
zb9aA;sPjsk{i)Z<^f=ULR7-&BgH(cW0WF_f^d3}v-AeD-o55)ee{Ta1Y8Z1>5TxY;
z>-C=gqi}EP<;6pxxp`D@ttbG2nD~ooqu)|Pwn6AVkvxjAp?4QiG^fULo<(FVf3PlR
zRs4p_lpRo^g`oEV#g||eUY1cw7IzrFNFyBw=y)F2DjV4|*1cSq_RKR5xNmWHzhnE6
zrbMMLhKY|9su|iFWobzVN-WGU16FxZ$GUBzjyQ$nHr={oi!&mwWpZ~Vn&zq~S>!at
z&z*t_C!yv1OWz($!i1Z4Pu-aeBg}F@ofO4kQQ^k7ggu5C5X=&M#OU?YN<=kp0Pid(
z{x$rOvHyiAWbT$6+lhq-1M(*?5^n`Ya3?!lBn_#8SFp+hEA6dN$B}aK7ifBaF9z=D
zZ$igLF&INZ4p&#S6S@piTB%pT`R1L%EFKRo8gB17o;Y2^DMbacGp_FrK@T)-Fwl3w
zOoo<d@GV#}lQ6}lLF5d46%ir0@h}^&sFi91lrvEc*3kTW=QU(RMJe&uPmkXQunjY6
zfuydF#=D4GBJzLylyzX^zjZaL#gF%K=m&Pd7DUlZ)jLCAUZ(3BDC)~Hvt5)?&{S2k
zn_cu&dsQnpX_^1Z!KgaXPcNNfZD?^rsQp?BO{$BLjbf@)*8}DZqP4oFX6EpNj7ZH0
zEq#MI10Dvs_{38cd4=80IPsFZ+TuIaaUMostsGS{R^~N+k;CWLnjO30p_-PbkP$3{
z0$V8AC#f<pS@vyrodyP)B#bMcBB}jhbR)d;$D~!7cmw?j#0Rlt2|kQi_;lKty5Y;-
z+=uq9b^`|HntNtQdQWMY1yQ5YVMcko4JTuo3saI@$hX@E{U(lk36Y_uPIeI&N$BCG
zTb+bKLLVqMV#6;=f@vdMB?RFhC#oHBkQP}OpoW$oD!J=Wk!rSx#g?uMt4X~d9}iPx
z554OlTqP~fgXJo%BuR8iC@d%Lj(ZQ%`2z1?Q<r~A+&2(DF2<_>!OjvMPlG03(XC%U
z+<ej;3I0(yY6kdE0{{r7@G$WNPXd)qe#vS;g*IFuDDmFF4H`7kI#kaKrtqze?!4Qx
znM(bexuVbPM{8f9S2>*D^`9xj{x6Ct=z!q5uEG<Fo_XVwUAE~YV;Xl-nE2pMYPD#)
z%85zyf?0n_g`cevJWoDLP-P)`p37f~`Hi8&8lK_G@Bq3{Z!{IZvzKsf_2g97@SnTR
zHaB-6!yS+ew+|3zkHvHsJi6r-nmkDb1!NBOkwzj_?mS$`MSFkA_}JS&DDPs)@k#r_
zry|mE==Ag_oRSb74qR+v(j>d?kx0qK&gHx9L=tyQF>pC(?+hd#NA>IeFm1LH-5n^|
zgqo^rfHDzQqi+>8i-<k_6b{2BIVDkw4`@OLzG5uZ<RtF;2GS>FhWF$GGGlY*RangT
z;N_G^Bzxi_i%H8ExVrXg*XU%QL+Kr_O0CQQj6^?g1vQmf3e?-iVjgVXkOo$qajr_m
zXzTo=kSvi*6-6~~T<9=j!2$cNJ!)5V+`MquvsYSCOL3rsn%9b;A{k6r*A$-N#1@kv
zo&-w8{Rbj!f;hu^6IJgPO`}SuSi#QaxcF$k^UN)NQU*F#h$o9gTfn|#UAs7W{s>BJ
z+lcH3PXUGMEgPz45jiV_tgwWHmE<2gm=NkB`w%jzL=s7Xsj>#{s(w2I8~#J35p9t}
zi?Ah2I13nTX@PJ1++}1$_n&&5G|*YLv!`@N+vASn&SXG8(x0Dsei0IPaUz?igV4N1
zqIGYMWKqjG&z*Tci<0v;Vmq)@gMIaP>#2Xhiz&y(m|qLd=;e=-jy1+&KfO)<zM+A!
zBvDP$!n&K1AL`$yxxpr%&Ys?oBH#K7T__g+0hLfmL6qd4ARp$xq8lG)4vMjGe@w#C
z))C=L68OL<in^+DCh7tqBXN+}hIA3|qF8eFntG4m57RLiex7xf9sDH9)(Itv&9*}e
z?FFQeADI5URc-ts6m!8vgjn;bndIq>?JwHn@4KR<k;SKllYX=s=22YmlHxby63k8<
zM71zNbEb#x+mH5_{uQ<O_1gI^_&GqZdxDDH7Blx#H{Wd~(oF^yxSx*k&sTCbfA8ZQ
zD1-yRM4}6ts^`At@>ZD#D_d$NOoDmVnA2n-Q84`xi!Xi-kj5RNoA%F>)AngW!E;c=
z^EqI#eku&b3LQ@Txq}FTZ-MM>bc1&Hh%M{Q=gaAiP6HZVcE?=n7X<HOOb04h!XQ}1
zA5a${+p{nMLszMCJiu0l&80!2$-Kk;)$d!V#H{%2L{Q%S3t{-p;}TV~w<RNha06kH
zG20(=l3kV8gtV2Ql_4Q%x6~dz+Z-}?DQJT2p>KAmJZ9$G+oH#B2C%@nOABOSp-3F1
zlX;A50yz@5hvdD6=0{vvW*!GK*$78wikrIQv}{1|TtZ$;!f{=b1}Wn0jQk1|g2J7q
zHW@bQ4MKVz*3PWZz2HL-hBsNZV%0O;oIO!IoPk5aVCWo>sPVPugyC>*b)H`#jj+gN
zavc&(h`}2g#OEO;>x+~!n8i;r7-&b=*4<qj1xqx^50t{pB;Y>8iYc9!y`tpA?IE`)
z4sbW@?y*Xo%k`a&(DBQQuyQg6cy=kJA6_%em|VqgjJXGSr0L>n!o8R_KD@H%*G}mw
ziqS+sKk2RV6rRmdvJjk})+5abu1O0uK*Y2&ND6HGhW!A6>zB#|J*kEAIsIKV8PPDm
zbisn%*tRYDbWds3_xtE9Ok|-oh0M`EJzC~fQ`@;B&wiS2=X^5jPO{12xw9+DA)|aT
zhiDuyEBR{5o(b_AAHR931AHegt$xfHX%QA~z|8<i;y2`3<Sp14UDmPRs**BzzP*b~
z1}1$jHoI8Px0gQv#V7Y57u%1BkH;m{Z^6_jO3y(QXWb~6w^nYIL8TO2o%at6kiy(P
zq^)!j7OdWWt=FRm;3hG8Y#8SvYv_B|q`Y7S34Wq!GZ&bGret}XM~Ow0oBL%fh0l)r
z9QNB4mN%tVK@3yB2F!YgL@qX-BhLBl){wa7PoPVM<iO(zOTy4CyPK?5F%l9I4aV;q
zOW5{W|9R8-1_wrg3S@)xAq!^S1#g_EAR12X+Y_eU`m{;GX?j*sr=GbY^$?|~hqke}
zxx>j<j7P@-&bf_fW#?H&Ru3@I`a+|)hN2}GPK2V0uCL^33vQFnV!2E!oESew=}JI;
zJ-O@3Q=Q)||2(8*7s7e7dw^?bEnD6So1&1-JncO{?QA}-t3)GNX?tO@UD?&Rxh|TE
z@AlQMSs9#MQ(vBH)`?+f-{NqgMx-pTCFj-tgdhxXaT*dj?Sta7(GwSQMFt{F|LW0j
zW-^PSnx9R+ONL`z!7j!(Z4v%anTme&xl@=!Wnl0RLhF(~X-;8inV%hFmaUJU2Wp|A
zNs4H*JS)-T>*3(&d*N}V!g2XzV5xL=s<Uq;Zqhxo9+vK<#f(aR%5vaqf&v+cvB-J1
z6qwO*CvMI0Z{2)+VeZ>oX_b@Yps_84Na4tta{*I)eLHA1H~CJAVZ84-FvU8}n6Yq!
zCpe~Z*t%2G=TGm9mf`1S_^=_OLw2;GGnoXlXnjis{Mg3d?zgmSHq%C{BglxTgdo#x
zsEY9`Zk5>*exm@>-w<hF!uGKW9+1!L%tF%~?JT^>L5ag@_u5Sx7(*3B@th^VB`K&*
zD&FC?KYG;DSLE17UIT{>t{VmAXl4_mUf<1bJ(8WCF#SlwcN0o5zJWD@-yCL;EmNMD
z?*3BBC<CfhU2-a9)a;^xZt2!h0NNK3e8g1aQwz4rbh4jlt_;T*NE)pRErmteR+nz(
z3)KTd6S?Q!S*XS-j*x*TzK^&%__|xM2&@Ks>s_MyE@SiGuLxs9pqP=Td}SzIKKy(+
z!NFjY1F><<dRk5n3>P+!F0p(p8}Zi!@#fK^Wxk<fh#?Nm|MN^Jff@jh44f-W2xdz0
z&U0;;qE{&a6>EKzcr?!AA#VOk9y^4om@UVBN|7uLmGqrNzTwRkTmcYWNka6St}=fN
z$qQmkE(5XXYHGKhzh|wQgp8*h?u6nO^6bRvklU=Q!LY1)m@g2q3&A2g|2&GA=s89&
zY>QXba=#SOI=BOOzqfCgyG-#KEbQB(?>--M(-%-;N)^aHx6Z|ODEDVHaHoE;Q5$C_
zPNyg-VUhijLh+u0smdDzDg`ouI69Wx1`^*#HWx*$+7XaT5uNCGvQ_q_4ucwI)#!>u
z-OrOcSU`gnhow-2)HQ^bX*_*<lQE}e%ChmNAdl*5DZg4%RhL@r1u|`R^d46#m)*Z`
zR(x2((Knc1nMcKybVTtLOv(^-@a-Z#$*H^$L?3Ug)YZDN8{*nY2nQZ_ApnAP+|#zX
zMKb*_T^qz~a!19Gfx(#wTuo%Bhumrad=Q$8=9vRXURX6#8hTR8)Eu(HAX&-Fkuai_
zipTHIL{K?ZOl)Pub=?YWSwuuEFZe1bz-Nr-??35Dp9a^pkN;?Z2^|R+%4*6#Hg%4=
z!Et6}2k_xi(G}mG)$Oq+6C&Aw31x)qib1t@Ovy|B=W@wLctrMjQVBmMjejA|xVY`x
zkR^d1E~l_alN=egEB00^M>5fOW?&cphRvCE*15};ZK^dK?ta9z#>{4>jEpVo`bfqA
zmaX(NcuZWa$7ywWky5kqZ~_*r_fI28B~~rkTM|#`#Xh{ceCm35xPJ}XFMmkkj6Cd=
zh)t)O+EDgF^#F){{(+PF+J^6-vz`7<97^o+bJ<w&!!&eJSP?(|d6|!60K=vrDl;P?
zmXJYcq{i6_ZS43#L=urN53O}6E!o2q%^_ze_NSBFl0K;J&QmCa;w{8@n4HuS`U9+v
z51*S<)4<ju(F6dvTdus&vA?5-a){3t@TKI#d&wmto3PFWJ$PWqqe)NUE5s1UH`)^s
ziD2$f<pY;F`yAsT*AE0-44IifItwkH_e6BBE_q`3A9Vp!PQ%XezqYEc?5*WjXgtYB
z7XuM}hDaT@!ff<<hhu->vJJ(7w|Kn>4t1i6s347MUydDEiYM7+ph^{cR;|t_FH*<u
zrbT1qlVM-|nL@x^d()?HJ%VWUFD!PCKP^_MPBu0fV6F!QH{G!AW$jL^erY%$v@$B=
z!#<CGCXKz{l@1gsXZSQ>xypB@TE^-arZo46UtGL9&QTrUWo{s)VJB-)ZAtc#Z1mA$
zntK!8BNWukNj^Gt6r#qrwfx~;%Kq@Vf{k`sq&^70{`7vOf$dgeJ4%Zw!B0;<JDi&&
z$bP{-x$$?s2p=XX59(wnV(q`(C&qM1pZAxTq!jzy#W^JfsIH_g{$9v@rsaz^;EG$i
ze<SXR07!&O(4d&n=#jNnx>OUjAqA>P7=SNq5E*af7Bq!f^)hDn5Bm4Uql%mqoUp}H
z%|(rZzBt4B!lt5pKL&3LCplu6&%WV%rqb$l@S;^;1uSVKJTW?4`M%8fe*NW@qlnne
zY8*&BRAj6M1S-u6E?2v@4#^Ytjlbj{Tf=@lX>W{dd(U^yGud<;^UCV>3<EL^uwc;C
zjXyOWc)~==01>r`8Ol6{1Z3Wx`O*flUrI0jDi_CoY^q6Tx;%hh#&hLGr~B(r41GHE
z1I=Pk!EE%wL%c@rSj;z+BO+)Zk2Z4?Xi*+`QDt1pT2}~8G*{%$hBrp6KOYbE_koSk
z;5^Mf2=AeaY_}usw?H`=?kBfAhotMH8vdSY71ekXcu+xfE4EW;datr)%}Xag=oWjC
z<>K`QrP=MdcZB0%f`O@)q(pUx4x0v6YQW-hwx6Y$*&`1r4lt$pN2{4Y9+ndYgDb{P
zfp~6Q(AO0omG852>hj$3Er%2?T8?>5=ZO_Y;=0^q#jby%a?Fza<7gf&(s6!YD1l0~
z{t4HuA7qU!bHkm@q&@p?`&g6#osRiwzhE={-9zUlK><k^E#aF=y@;1iad~8C7}Uz$
zkv9z&Ugh@~D2t&?S6pR@;_YOWTi4*DGu0I_G~R&cIZ7$^vx!K#UV8ZH3|%7{P~vPR
zg6^r>4cqo__F4_YN2+V$Np8B1Ql}KSm9G^<v@p<|Dc*>8oGi&MGMp2GA(rW2h}-X9
zGJV)|l_~&y8-80(azX%TWa7avow>iSEAM-On%wQB_e<Dsh)Vp`k^XUu28W+w7siid
z48V7`q!~aQDa5ZP5vG#t9?+d;1XzwA_O-!?@nOHwT!(+|5{=1aAB@unV~V$L2|1tl
ze*O;MS(@Bf;s|LY4HayL<YPpUYhqSpsa<zltS`&>!t2M0BZq!M-_7uA_fUAmY~W_-
zM#91#S^}i|O=GQdFAoVUx#@!93QuO)=9BOCm|5khObDHS!-5q^CJ$cvEE?LMox7x6
zP12b>9N#XV9L(VWla^aer5{UzMmPHW4j%f#o(kt&WF>1*rIe?({~q|_P@#8mz=ZVZ
zMDwVk31Z)VG=e+bsuSVEPj9!(maUOoSO~FIepD3_fnKL;3PlP^clXSzJI5yjf@hA3
zvIsfHi!L)Y$<YX$$TIkMSy?eV(J<bgA#{-VO3ph!73vCwf?kgs(CCu+3<_kBQ3F85
z5NX2+>7}|;j<3zKqJvZw-NTwM-LR_9!>@+dsTaaV?Z*%mayL0sMYEX46)ONhJgPd=
zH;OyzY`FwhX-AeL#hNrMr)_`8<M*<{1>R7YI^%<5Y@8=e!KO0G4AJl?AdszLRgsK)
z>B2q$!&^T!E@5l5?42hnnGeahM4H&;59A@`HYxl7r@KwfN=^#K+HJ3FQ~Pe(&%1VG
zBaZpS0mu}WYBJXY8FIGWGz)xIDFG_XZB!<jfiI$mT%3CTp}fD(bo8=jY*(53BlQ%D
z6&^);Epa`6sDJNFY)fuvxVW|qkX!%5VK6M?xjZh#BF6C5qH?6Iy1b8e1}{AC5t(<y
ztq-D!3}=*hgy{r*ByW|xG-Q&++4mrV@uX;300(_$F6dcF3N$LE_F1(7zO{6BgdZ$>
zz$7$HN<d;9@;dVBjvsUS${=c80*E$lf?H9QXe>bzKFpk*AmJd6$0rsDM&B_f_r~&R
zdZFbNv~7!(znL=iJ^m|owQS2$(jGP^4Ge@<<^9JC507U8No&D{ZEi+L4+_5ZXid5b
z6DFn~X!B#?3m;fta6*s_b+GaQ?79M6^%iT0eB9^Cef>a-H}d1cUPd^wGs+jr;+<1a
z;9uG?N18tfs_z&56%y^#Hd4Ya`l?hqN3TggLtd|eSK>3qM;6T($y75U&j};AyhCK4
zbDK_QeNpH+G4g7#nE_{iC3tMdCwfAhi!U`4^{GL?3^Lmmmb6sjNS_yBa;2F;JMnZj
zDv@O@%4M2yh34+Uow!JcVn(vX;zp15)I|S2s{z(KS<gg=^Ng9*;)?<K&a7d~usi4Y
z&f!F~JHdW<Cv6wa;zP-23t>1?6LJYQp14Ce6u|lni`(UlV$EMGtbfOL^A+AK<I<k^
zQ%Tki32?**&F{|x@#LZ?O+?N&6LGydKFjmOo&U-G<|Gy60rKTgFwICzdYXcWuJSZ*
zoTHoq!h?AQy!;_v0gLij9Qu8@I%7&CS<QRl;)>QiwW4Z*v)vR-hr3qLCkGv-_zUP=
zYA^-W$RYmn%7UOssr&O+g1>K8_EdIVAcy>rZt!|AoL)t#yP2u-pds^Q7Sle^fG@|_
z6_5g8Vhv2<nL>_IPp_I0L;__Bnf_SZ7nihcW2so>q>y?=MgI8T_sE38L~@tKX^6qF
z?nnr7Hgie2YJX==$~1)cPN^z?FZ=B#GHCT0$9P%tOnDd_87}DZHpiOUw9|Fkf{4bD
z5Zpkh=A(j5MMnzLK_;Gu>Eh&_?jk(oqarusumy7$DCJ3C8p1^Ho(u=O2j`}hfmxu8
z%Ks^LK;}BUaAaz>3(PWv8bY^;P`ggLdO<GFBKY12j1@-x{eah|{o_>My@^^j`Ml@g
zqZOxeEkHw13$z;xOh*G7V_8+L(AJ*XeOW=wl0ZB>iG$#okuihHRXL$!oFtqhwPTOu
zK?9Y??IX7PQt7(7&5UG|G66LksmE?ANp9hnva@{WYl^XGUKC^@nnNWzCcONpUV(h_
z>9qjhbJbK#rvSw0RFSjXO~C;NHs<2R<iecmjBAegja>I-(NFX5->lMOGpx)(O_KZ-
z_&%HwZsC!81WQoJ*t$x}2<*Zxk&|T}<9zYUV0ahfuSUu`ZiJ#FH`e?Vxh>`v=FGC7
z$y>i*-v#YI0&DGS*q|uAV-7uvIY$p^=j=>jpd;3W6m^QGZY1{!G2?*qF%w3|ZVLD5
zr~nbM^Qt<8@#OPqpIhF|Z#F;gCG)C!3g;LKzuZ=$7?KqtC=xp7Ho!nv{OD+=qz`gu
z8?hIy0=W(l@SzqqFx`E~9UO_8>N0`7pbJNHyq22KtJkhe@XwPi6DmXYI_npE)i2<m
zNvU1j+1rN^WDg|zw2S<5wrp+9n(aA=0-U?t$o;i*vBzqDt?Lx+`}^|EY)D@F@}UQh
zOa8C|Rj_Y%0QH<d=>qY|;I0h4*Klu%9Cg!ZiCp80cRUektIT1^&r)Uq9Li54jG&-w
z@Keq@sB_VZL5V^x%unmW&yD5`de;(6Xk#7@rQl8h;jX=nSX>l(;&q*T>wXWs#>~(%
zjD%L(?C|o<)kpVem!6=cZdo0}9is|1n$O3?EtK(OOl+Q65<+2FUCUwv1wH>yo_-Hx
zpRwhr^j8-H)XH>TEmrN5N|gbwsip_>npzj7L~u7@#-3Y6-FfylgdDJ9nt9b+WfJTT
znn{9(a4zfpl@{a8UB7Zb<fsSvKy~S2ol1Vl*xhDf&1Gu9V?tbOrYw8dX&KIK09S*V
zB`pXEA;#Nvh<$7MZ$DiNixZp5dd@wb@Zdwu4x+DG#V7{KmnIi>-baZ-jQRR=_d)kq
zO7f_J@QM+PoelM`Zz*FW!CBWK&ksHvhI{GUb+~s|NIErYo{a|N)lUuFndmGn=qq1e
zTKsF}7Ltq;N}m+5zD$FkMeng6J9RFhsb+<Kp(^p^O!1kL_LC4Hd2QeZFytq4ke3?{
z`?kPwY2b!6Cls0N6VYHjZTZ736HYH={uI}i5H{RgxiKPU7#rT&dx(yVw2x<rjcL&M
zK#*lz$d>;QorKSgMUIXT&Msg$7Dc@i{8W=Q5NA0cH$BxK&#AT=4c8iU7(H#(3+OxW
z@A?!^+|E-*2aM25!;B-HfsU-_45y7_%_N9qxD8*xB0D$u=N|}&^~6Pf1aT1b#zkX_
zwv9fn#txXHPBf=2V$5`6)xTM$lx5JqP&k@s2(Ou?xTa8^!3L}mD~=vNY8yZ%Y90E0
zFB?yhM)Lou9kCjZG*HGsXylAp+#nhnE<9yO!Yki6T^-Dqe^BZqYPSUy)DTz{oG%8j
zK(L6c-4Hb4E*2K`dC=43C_IW<)qe7leEiLg6EkT^9KAInc#34+`Te7Ut;obe9$8le
zMN~ziYv9|l*o5to2OHYj;6`-L4G8j<*fRCF;lL3$*SomP)0_HzYI*}%V_EFNBR5LA
ztd{C1r&R9OMa9A*Zp)Ni3X4yxijC%Ur^7j7=nmAB{PJ`mfw)P?>op+$1F+9B$G>dJ
zJgw293G0_~2jZp2$@^n_ad#^??xyRm&E?%?2qbzC5hzDam<|#4ybXY@Vikx8LHIr2
zDKxSj$?{i7&snGc3zkpS?BmbJ^}7gBjN<S7uwE}h<5KLz49JpcYuJ>A@Uh+G|7h;g
zV!Cm~1*XUoVEiN9sB2v9LtZ%KOw;)xXSc?lF?K2QB?MIM1?Ypq+Bk?$k2T#>5?m~o
z(PHY&1=yp$8A7N}H;|kwinL<JQ`+fWQY%5Oc0?L*ONX__(oAtMbSL(!psV;~$L&Z~
z3z2s(tV3)woti$58-zv6`6-rESN|fOgu<tqfurj<T^Ca|)N(fO!s|j<OkZb@t7lsY
zCu`jIYBu&DeU?l)(<<d?V%}>gyK$?BAf&WfotFuqMTW6>1|h1COE5PTT0tUKjGYE-
zt+iJN)29QIg%WYha9PO|l!(wU$sEMK-m&d>4s$gOQ_^F>en@7}<cD!^QjN>SPgY`E
zCQNPXm8Tck>Flwhy#O4#zaYhhjnI=+Q~vUS`ZRo#0t<x3c_v8MM=bxyZo!3<r2dX+
zzB^PJ+*WmIVUOLlQNqVRdhlv1lK}leGhPqBwv+YzmP+jJM2c+yoq78E;o&Z{Vz1(x
z6x{ZO;#kk@GV2;smNWkP&vmA!dcpu1DhYzZFII^c>zEeLhYAPaha0VgX<J^EXc19Y
zlljq1CgT@CECq1ib6yyjaDX{$1ux%Fc^9r9{44$_CN<QLhw6}xMY+WBSstmg(47N$
z0SR-7440O;f1b^=gf^qeh#X<@2txnuSl~zqwgM12&orEvEaT!D%nn3!l$0QqI8vrO
zFiZ3jOPZjn4$%!YK2Y+p?wG(<(wG2yf)fDPf`y2$ebFlHN#azeRY!<;!U#DGRjhg2
zlvB=d)cwbCp$`4iI=>EG?>y_@%<6DH%T&S=zKGq-5FCQc>phke)g#ToTe6*8a+e#H
zUT``&I0lq7s`7OP3I}eT?m0bIbf|jFT#@O{HNE}WGL)%MUj20}^knp@+1rd3`E+F9
zxNf>C`ZTux$5$f24f8L92R&?v?~cQS17<%aVEwo*&S&$z_WsiboruFi=x~DVhEwS#
zz>~}Um?(HnGP*nYX}tyNA0jNVAgI9fp*XL9dq4!>iTDd`-B&6BsaA%~;SFDY!am(#
zO%D^2Hk1|Qo_5<0?rMjMVuF&x2*xur=yb#x4kfjAbiLy_e$^~-$40&iH0|5%JL#h2
z0smw%^_Ri3!<Np!+WenQ{{;=oGE}D3%ChU`fUYhoBJ$W_?+!!<Wxis*WIGxswyUJ8
z>K<8#;n7*^85$Fp<%ydN-RYrRKHaAGw0%;-3iyTa+4uD(?$O1*|KUwx00jN$eOD-u
za6m4YH7Mq&^cS+xYjH>})NMC>h%Oz2ZjXd!0=;5bcj+|!?@d~F0JN|2^o*^+t!C-;
zOiU2aG0#0_l1Pq7#>D}V;+Ylg8Mg^mBfZ`Fvbv}rq7Ftrxzc<(bZk=oW2N!`a$l*#
z|0@&tMg;#4&z66|f1;cHua*BlKt}`mF*%bief8)b_`v8JshUM2AEeZUO#;ytN3y;|
z`Nxu5zmu)gfx<H8<pgVY+zj%M`a9D5pLQZt-VP7hOjiOx<HiN3Jj#y2rvXSIL!SLr
zMBGL_(K@03EEGrI7$zfp6YH;rK(3{(R6FV#7yIvN!`${eGcaE}-LiYWa4K$Ys{uRT
z?+BUa5~zc=W{y7o4`pu^7H6|{Ylp@fZzQ<8yL;pA?(PuW-Q5C&;I0WyaCeg62_D?t
z9d>8!wZ8R!|8?zypEIDFeuSD;HRe6W<7&3xKveAc=|ZJK!;o#b3PF*S>Y!dGh}D5Z
zM^`}9;F@XS-f!L^7ustAXaN_J8vxxmF39rSdW7%LeNW0^Xxrq-b4^nB%_H(&+G``9
zE?44nt~}UA$h%D@Dre!{$m@e-G0NY5=Kpw&l9xdy05KP7{=@~;49^MYhjlsL?gMQ}
z*+<#4RIWm~E0#XUF5l2+C-X7+nG>>E$&EpXQ!=~rF_~ZbT<7<a!-z+({HK$3yX9vx
zk20|iTL5mjkx(wxi<JkBqcAb5X4uleRT?GkjjT!5s&>U9VV3(VfG}re?uHt*0xjl(
z?a<A#$Tj!()b18~=!)vD`lGBF<1^nk9Em?2m4;~)dk|FTd`Foc!{XsBvNr;=!_{Kt
zn6Sj<?DM*6NdvCg&;nfYC8beGN8&1)&rc>Yx(##?TVLu8FzvP}>WtuNpb>|q@F{iW
z!Eo}idg77z4($u<!{u&>@tsi=gdMS5d`GhBMG7G<h)4RXToNRDl!zq@cGlmM6M3E*
z-+y>GXCz1xF#Csti&Wt61q-p00!BZ>%8Pf^h#>w%kklrBD8mH#T<wOrASK4x>vFll
z<Op?YK4G{G`GkGT2d`q2i2JXIXFglHb-B^&wd1=J2j7iN$d<2wpf+}Q;KKq9P<)bu
z$zlTT-<__u0|Ke&LrR--N96}$FG?l}N-M!+^i~7#5VzR7LxB~`fFNz$w?Nqt(VuH*
zodYr!r!(`nRfwn=Ruxd_fH$LraRckv-wL9%z3Y_!HI;SNLux}|s|Ow#={V0m$`1Z5
zb{FOFN>q51*PKA>-&Y6x9Mckt0^d9mY1|>mhJ{O~tZ%3r<PeaPE(Nk9R?Rt593C%U
z;~eXx+htrm-0!SwR)o`LbCtn|8~2dT@ICawNGKJ(+$Ie{W})s81<~zO$n}S4p8u&I
zTOe<11mM!I+y8M@R2c?RLAm&jAfGd<A|YmcL1D=&@6D}--}oIN#9xtt@Q53$<x8T-
zUDmtG5JkG)g;wZ#)mLQX2?A{=71*tMs(f+qcz3N2@^@v)5w1hvdY`zF`KZWBc;#0V
zBPMWu&Wz}Z$_&Evz;QAZfX7KZ3BA|(NyIN8jYCVapzuQk%}$i_=u3OXm9*C;`BTp0
zBZ=gnh&URq3(}7XGn)9K7p`1=i_O6mel*wQ5FrbWY!9t^*-Em%F<HbL2X$)y&_#^V
zfWKLrLOHK#Ul>MC+Yz{&q5M9JP?0|X$|LIzYbX*J{c4^O+>&n>kMI%}{P;<&*i_nP
zaZA9Z>be7r3)#bm>S4aKo@xm%O=r^ZujRvH)`fL!p;#Xbdh1PybFXD*u|)@Mqm@X7
zB__jb_HCJwZ#<_E@k6I-$;4bX7m9AACPyz(@UY~EoBRFVyn0nAb}}he>WA6kpLlxx
z3QA!2QA5dRag(<PcKBjDt&Q^HebmK_e~0E*VK9X*=d%QMH$%+nB0%yJE81v-GG<KF
zvI6NWz)l^$`<HKEFb?7y*unYadFjdM&~`0)kC-wqH!@7M5^g&)T_=6MFN>J`0N80;
z&=Hl<0DKX4LnAI1)aHi5uU1mkrrokc!+yBz-+@PPrsc%%H_x-1Q_s8KX$iq_a%UQI
zhFAcOovpi|?C3S_JVGIWxyfF-3~vC<O`FCyF6xsbGw9M4%_YH|E}{YtJmqPJ<J)Td
zpDY^&1H_fjF0@GWPrM=7UttYm6oRv-lL~{w-gD9)z(JkfIt$#!u!36&?lf#*=C0k)
z72i6DzlNc_U&!1O_t$78K@9-bE34;=_ZKpoX-|zI9y9#_ZAkzFLGU93X5nMeu1e$X
z9>&%cx(j$Y4nH<<f3HTF`w8fUbmW$1lKj-A%dmQI&UscDA3zl(VkAS|b3OnI=7=7D
zD0j)XiTA%>)s{Pd;q|`fmHbRK!_521E+U8Q;Q?uZ2m{vL5zK4F)`>Pxfob~k@C16{
z)h*Ahgb5F7=04vy0!l={A6*aO{kJ?rv?pd5BLS!jaQ3&UZ_Rd}7BxV>9d*#`e`oIk
zrzRGW#^;`JV>KM8k8RUYX&^)C>YDqUSr>`%%L!K*R-h@*v0;^-yB!v-Qp3k!XP2wU
z*R2dle;~|EA~;%rr+0N3?aCb?8m%XjQ3fgju2#vY(;Kz=jj+^IPgS^%&i$B2)z~9J
zkeoS?a6u>6+WriAp!_XvkKPT|qpx~!bxNMqub*aLW9r;YzC%%OZx#Lxj*8*eY=v1o
z8gQ`}7qIz)))T3xsELXeL@<M2L=ygeSJaB+X8HF0UQqlo;I6+Wx+%SxDgN25M}}mv
z4Wo)el}wS>V(ZK0tZ8&GD@S8+pU77zYkwmdZk7jF)Ds=*C~51&Z&ODdBEPm{+uva(
zVVaqs{wa?Zs0?J1n&f+joxu(A5y2`8TvpOGED4Cs2<a}yiQ%-3N&Y4yMO6$FPR0L{
zeH}<w5rPDEjEPo`46L5)6EXnW%b$=xY?Nn|N_bjd7dJHNQ<?VEerdT;gNa`*Y$Fxn
z+!s>aiE`8~2x1a(ZfQ}0{DU|CeAXzcgiFO2X{LqUeQ@s~X+&EKg&lFSZTdtrK!6>E
zUAih6<dzuT7cKSLAQM1X|G<9SRwheXg)}Scuit~)L|08tG*czljXYW&@-4Y7q`Zp?
zB(*D3#mRVDWe6KuMgk`g=U)fu;Hq-}%bJk!Xqbv3{C~}PL$=@fM&{zqcZBG}Y8#us
zl)1!<nUzh_uli-9;q{Jv1-R$IlRIwamj$EUdhuSP`*)FfxEP_ymdE_moD3Z%tyS73
z>4J4j+V4@m^ilc7u?<}$E9-^3TEg2-2bY<kGismVsGipoKB<)(!GNCi8m2%+s)uX@
zH$gnK4(S6J@HZjW5b9NW9@39&Qv7$0VFmCd^xD&q?uT-SiDiljC$m8J#3~lLpPa5o
zD|Mu~y1z_1-|X9^P$2+y1L3*wZD<y&Z8QzEtFckD%RQo^yfot=?PH%GN&qtmB4QG!
z#4dZf(g{SPI0Y&KsmKbuT2G>o20~j!DUD&#H|Cwu0|+SiT7!eyL<=J55zwJcwKbIX
zqDO5Kkv^n;^8Wd1si8y^vmNc{ZM;1@vZ}8wIf(LkV}BEBO^J#Gon-^;4dk~%4zq|i
zQK^&BrIgmlR43^{vuDY+IFu1MeQ(zc3TXAk#+Xn01#w;$Gx+l;mhw6890%&K?=Wca
z`y>WZ5}Hnx^z@;A|CmSFyCCc_H(vx{G_D>Ru{Jtqf6d|mDKKVOac7@|yl)k}KB;T4
zUW$`IfhC|)&^WOrO>{+q2y+%%jEbe(soS|zE8tC?pO#?1oG~|XMl;I#W&yXJeq+wd
zc`V)HBWNBrmr^R=FMu%2NMf6w@4ZJ!?g@Vn&VFKT*Dh$Su?pA=ZA-VaHvG-u-WjwN
zzT_A5lBceE75xa%xey02XJSaUU!nP_4)nt*TA%i{=j+D_?u^J8l*|;RZj+z>&WGrS
zOFK15NM?__GyRP_E5+wI8bnx-v#Ch@*!)@Ncr99Ku!%3NH}|}&RbI&KyQL(<yS8-&
z1z*%}84tmUC9tBX`nGq^vg1hJLAU7Bk)AX2f$=?Lw4AR_lt_7$J;9`J&n8LuD3l*x
zyWj}I)O(D{F-0h$z;S9Elq~ytVkE*+>{JMd>q^2*KV<bymv?}RgC*t#`5c^=UYL%E
zh1?SFCUPwZFc9SyL%NX@3$#MN$pFMQMXx#&7lw+oWL)M}oQGFm;W$t!h$l@0_YhSu
zo@izYeywP@O5Hw8(rEU*Khp);LHRc+-1tdYVrho5mOX<8dD+SE5I15uOxpgF1>i9+
zt_bR<I9Nooi8iNgHt4orNBcTn(fy&M%^A371mHp*$C07>(2NlMO=b`oEVk=%=~k#I
z#*0~bnP(h0xTL1w_PbC;$Nl-641>rp7X#fX+D-}_tgJ6gctto#_(+UCn@mP)^j^{>
z3&q2f{R5t^B%wgU5|zvajSG66Z|Y&oWM4C=>D9NHwkObzgYeNWzFo1)NhD19!1vHi
zZL7`i1lM3eh=e%2Y%^OgME#$Wg@p*9Ei|~`J7>gSK&H;?CZqw})m!UtPKoj3mrW|o
z3&Y57v!=NB{l%?}Di|PvJyex!E1l&IF+XHz8Op(C^P~0icG-rQ3APSkbORT@_};5X
z>;<ZmA+mmkGP*6tb?ocOnf}~hI5!knm5^9!1^e)3e5?!u?i~*cQB>Q<N7^{aB`lgW
z3w(^ZL-mELNdqFLs6T6y(1?DrMIWFT5ZNzG<*<<X;@R*)8ZD+zuil3FCb1d(kk&d8
zQ#3q%G3;x*k4W#>8~02lhzc@L23U++uqGHPlNIpv+)3yUEhE&G9RZt5L&do7&A&n>
zW5=Bzru=0%XQsTWwpxvTtBecHPTw-o0`5Pdgy)Hu#a#^ud>SYl`Y4(8!!=To;siU`
zyyGnr1xYPGh@B5l;4GT-Fl|!xE=KxSNv=)i@JKQIyvghw+H6INr|Q)^v}UVb2s=Np
z<aRfQGRkSDRDQYnJSlEkciy@?(E(A^<+i+xBA9U0an>HDONv;lM)M`!`<Kc9LNC9q
zn*{*AiH}BP7UM}f8ic3%3XN@NK&ezm$1Pl(e%nrC)hzI5=hI0Tgh?T;Z)I3JRvuK4
zhYX0trm52~fh}zpGUkYyq@^-TV$!2BuOHE9Kv_|hHH)HY>m9ymc{#3J(gdI_K>VP-
zRfXokW)Tle9gX=+$^kPYO!i>9tZ9l$p>$sCsLMjyh~n4?vlBoPM)~7bn=+osPT%23
zUEHPt!k?i9yb4!$^N15*sb_z-!36y^s3w1GHgZg5%KrtrJ3!CU;LI=f%ilIQ$TY%2
zu7m=6jKP$^r!uAD63l*q;iRu254U?s>gQGe8Xs4jO_EkK5B)r~l3X+@BP%vLz#y$P
zFckLvSBjMd9?5@%oxhubQ6(5x6euu`?f-?&1CgGqn?i$^R)c{+y6q7%L2nY6Gh^iG
z7M3xGgknn4O>%M5fe%Dn<9enQ95Z>X1g=<~KS?T7%LK=m0h_ZMZoRb@mh}um?b;|e
zr<@6fjk4M{e>6**3lv3Z_sVi#PwyN}&W@QCkVXeZ^%clSo0jP(q3Pkl^WdtwGB=uA
zt&e0)`uR9G_QRu%X;@+S(2KI7$=}5HCWAtYpy+R0b__nfv0=T~9BWu1T*29ff&)3U
z6tvM%8)oh!Xd+~X^HAK@*SI(&xl?4Utg3RIbtk7T`0Pw%I3S5L;4IVx0aX9@J6lwC
z_WlT;l-|l`f3nU6lKw=A-M_e6x8mPX6CkI)L{*Twlo&6Nt&X7nK09*3TJyp1Gm54v
zM-hshOfoH(tz6eU><>nVxtkfeL8+CgBV($s+~W<JB%0{mP&Olv14HF$lH^Ry6ir^g
zD^(ze9~5kwef`F5;{{=3X0npAP?tQmAG#;)5oY5kDlXsB#dh+?1vF^i8UNO_1$y+g
zMQw1=O3I2VEZ_mMS%g)vt!?=mVI-CxMmE6yseOE8K}a1>^Dy#_o#gz36<;g$s3-_<
zqO3|+$naz{;5byX!Sd>o#^n;%$3w}Vu8}TrvfO|05mHxmk*uSx@z68R2)Ve_QaX%A
z4JSgZ4xb@J1Urg9^040=`q}%R)wfMyaCVgqie#j4HC+W@r}Qh&aNU#dv59(<0*On+
zkrxVX7<v&UixNwq(zPSRn(iGn`IHTB=PRt7wJV$z@e?5SKjp3lf)GeV!qiZiq*#fx
zu!`Tmy^wN<WNtBW@EPF!MIu~!)mgfnFBD0s!BaTOT^lq(!P@n9pnv1p4n=MdG<q}J
zm<KUC@Fapv5u$P<ys#W&yG=`rCJzknk_19K8Fiaj+9xF<T*b6Ms4#>ZDPT_J4^T#k
zz^g`+Kz!~RA{93@D%dYF3udkINY!(&6`XfE5Nx}iL3tbc0h?8eINUhmEn)vli!X%l
zn{a{+uZ(DmXrA%}_IP4%()z+}9_;Gs{D>gr!Kfsctb{5&@e4VO{~RQd*-g0C0rwM<
z!e~|e`m9X!Tm9C2Uxu2f*jE#02%>6p5|`A*Z24&oJoZo@o|r+xA;P}_-lvYme%qF8
zBs`4zAs)S-s#a*_wm;>S!>gGplbY$Bii@=M1Uq)f=er_MK&`W0lo39+*F1#pHE5e6
zXZ6kkwE&9>>f#~m${8_N37;Z0SjS_RSz*;{zy#CP?tz3kRkqBetEawOO>ioxpZ~g8
z^pYr*q-nMm3*tAB^8V_8n(!G95ZXl2&NxFAlr}GBTNxr+hJRyCh=JrwPJK(t2EI#H
z5E-_6ST69?oL;nSse<kM3tf||5MbEPk(2$0x-NP8bscf48GxJ$tCkIhETxt(yQ*+P
z>3Q=Q_~)C%*2pQXDh?=Kyh?D2=CA<dKsFgMHzK<6y$y5DzNuSivLnk~n~*Y9Du94k
z4E{;)QlH_k_pgDB#5IqGV+w048UNL{aYL>_qaH9YiaI0+rpOPXj*toeuU{1}_k*EG
z8{Wx<2ads<6okmFc)dudBJ$JyU9fkiQXoO<`@RP;`*mK?>WHur!U@IA`L)#alB{`6
z<9YR0e+qI06#2A}sWjF*1?+^T6QU{Y8ylA^s{?^*vu}2naOgMSMf3!5a-5MS^&tN<
z{*5`-7EDlnfC!0yoHppnnAIm(iZZDz7an|aCxT(Qto4fe#KVGRO9fT$u*3uMH;_b*
z5qrKjJtbppsS|5VK&kUQ#Z6&4`}*bM?`aTJp@VoJeHpSXG@5E0n9hRwY9L2^oH5Ln
zodoZpzU=qNf=^V$mX@s@c!^BHf4WOE3l{H~lK|0XS`H?hO|0YSrp(@`CpFk6F%gaA
zAV#>L_5-A3{0Tt$Z8`@K--Kj7eD|wRK#Fwggn9a4gMs{zTu=bZF!lqwu<pL3EC>ox
zmy#l+8ac->#m%iaML1x>yN5cveN@uof01aTOU^iik{drqqw>o}50bKr)BPK;A7?b3
z5W}nW25!Kp^CMCPA)`#KgpF22Rwx!SshLapP3%mG3|^y+AM%ow8ng1D-lS{7gbS<1
zC<K-?PAF^VNCr_~EX__{x25MI!OR^Z4^@4GlGmrv3{nuaz}G(ghejPQPO6Oo;`E?G
zFlBrYJ+Wcas8E28cfUYy#i9l4()Zzf5zs~(7<!Ta)lFoPB3OkG9VR2{Fb+X?-9>#!
zxS+~xZ2`$dulKMtgO;=iK%AD)^PAeYXn$9+HkWB-=bdY)4Z>9RQe9~XHW(ny0+U~4
zIi&M%v^W;_TpszoU4kCY+T;q&IAkS2qs8q>KAD+hJvPSY6iSA(LN}(o9;K`qC$VDy
zAx0$cGli?FY1J@5@<DHUG#Zt{fY9g=|NY}RT%VA_r_nZ=7&T~est3BqV%#V_#H}H(
zV6hLc*OHhC%<176d}RhaAHGQW_|p8#IE`DB4osZRhY_1q3X@0!k$)b(t42~LDfd00
z>7M|IC*xC;00Qlvkj<+O=Tw>3aSDU}8Wr6SOVSG|NoVwR=$}$xBz)0n(@<&0w%3i_
zcPp@{LW-2d#V|ms6|rlGnwO30?Bb%hGX_&UYnH1FU{iN*A1-oqUuF>$4uLex39_?c
zYVZ?m*1QZlKdl-(!soglytwqw)G|>YAtN2HQi8u=PMTL$WadKzH&i{5BF88lZF8|-
zJyL)-W#^@JA?K0I86TS#G&v1Ibf?cx)=PDD+L*zxMs1f+Fx7R?#U&JPTq0fZ2l(#>
z!vD&K`ghn?vLkR?4-i_DDFeh%7k7-6x(82C#6;6Z3X}a%NidQ_^nK`Y@#T07(*eXJ
zsd=%uaX^u2u5OV?_9lg8jmx7;Q%x68l3L)(>X9lDs*s2?+EslDx>}}o_GEe&Ik%UN
z^t;D8A)F(M+djTpFeUDy+8V9D-x!`gjx&eA>E2$DaJf;dSg?_1(K3|mg=+<o4>~CE
zsFXudR)zLVRtgBrO-%R!S*llCp^i9LEsIuucDbFx*5NwxOZc;$Q=2OS6QuZRP|Vnc
zi3t6~l?6y~kff>b(7VN&P(F(=j1-Zw<4^e^OOy6?iv&a9Drh4bAoBHSoDqu6|B7nC
zPf@)Z%t!ngk??s_D5aDoG?ayT@Y7ak&h~c?oON0$aTQ2?YZ~ySKiZdni!YR9GX6}X
z^5D#QCNpQASLBe52N08eNBcDQ$w_w!Gm=Xq1u+*pFZlibKo}?TXj+7VUK;sW%+tPp
z5z%AjR7MysYWfoW*-KP<*T&V|vxMf1H<=ii&QHZW@>vBkT4Jl}0Th+V`y3Gm+SRP?
zwQ4G9<$HweJm{d){j-o~viFRd`i{QRI2XLTQ2Yf3aAeZ+eT`}5o9*{u|18@%qNLiG
zAYFuDWl=*)3g6IbW!nTNWrsWf#2|>{)Al)dpW7QTtx7}to_vZLQ!juMxr%3>v<56I
z+I02;t?^}5uIXW8HtW9Vvt6iI$&hxB1E^ys5(qq0Vea?(k_Gp~{X#W7bw_rTE7AZx
zIvJ)WOms_gpRTsp)*}lc?7tk%Qj<m%lz_!t-#mc|1b<{pjB%jqpM%8L`(q5vP{V?Z
zs&7^6Ee^Gv59W*@ZhzyKPU1`R1+~iy(L&L&xqd7%j_hY*VRDV~9R?KmorQ*4#DvFC
zyvGMtDYL0B2TNm$!y3Qztpjn8&!Wk&$411rK1*}<vmH7XjQ(%}ghr;qAV>=C$EvcX
zu~#Ue?`zZtkJ^RdqoV66!9xhf(TFxedE>PP1!9KcwJ_V0@#xvI#zY&5#$=DCB(>~b
z$fQZqz}}GpLz<5W*&~a2q;iYC97M6rM3tc>4H+^3B+IAv%*F5&#bia(Zd`-^T9DO$
zQFGCI3-rd{R<Tn-6~<>2o#3YOFRgU6XVR3eVF8LvS+4cB^X;T0g_HZk?)uw=kfzek
z5e*TM{+Do+*ef6|Dq}JB+U$N(vu^yAD02&NxEU0;vHjb&h!>*WwUvIYODI>8D{`xC
zxY6v`AqaFt8&lS_I~Y^mbgBPDUT%6h4N)|S$ZOC~oYsJmpGDkpY$1q3!CU5#-AJe$
zfE*Mc(j-a(qKxunjQS~09mn}#kIU-B$IIImbJYX{+OmU^66rrFJRmx)wURE`1jXkx
zqbbrKhbTZ%2R#T=4p)1+9&w%_U|p(>A3^M5)*)@Ba*!aGqdzLJ6uimLYz=XG0+ej0
zDOnYGye?GU*w;87w~jez0<W*)C1ZtFJ#2Bkv(lyGok8El7QStIsb&xWf$crw<xZHB
zFz6^E#l!KPB$D#lVMgNCF>R^4{hcIF1#k+Tyya+b>|6z^QIo36mJEbT-5R+pm|Xat
z;Tb||2-NLs5>8!82<LTCZMm9-+)3uGKTP-SH`r3q)offIY!k%lPFzd)HHsO(BLK|)
zZTm#7yv9?7=+{<Wj4b}B21!ccr}9eQZ7Y-h67?@=$DQ~w_y|0+H!&&bfKX;91$AT|
zU9p=d@x4d#a24T*laljXN}-IrNPE>7a>WJo6wxeXO32c4Li_FuA}k?ONRA<@o)_`N
zN({7@fV|E^Gk{m`v-*1!6rihBTXj&uXn8yIG#TAzpJcf2GVvADSQHRzvN|vtJM2?P
zqcoe0w>J(E8%sp8`4PvBh>VfQ|K2<z1I`Gc3Sp{6FGRf~Z(sg}V@g5f81dg>xp8(l
z>We+>0lp&&t-*y8>=Xe~Ou=G98XaCubqZqY7zFO*)I@@6YmkG*9vCP)!%)Skh+j&^
ziwwi;n)<lOej>2TW)m6`F@+w0m{$8BOcgPe$ahjA)aoXFau<vU5g`B}32M29Y8EJZ
z$Ft0Qd`ds8%X|+eA>g&#D);$obzLzhH=hTk8#+e6gxvLuKE4|vw<Aqt!4H<W8)CFG
z1JrEn>S%l(77^U%S-UUNI#8($%IgS^e07apTA0ETe-xfOQ}jNP@<8C_`OE$4LW)NR
z(*MK-LEN56wLwuBJN7;NK?oA<$)6LOzlJ>u6D_m@e=?R;Esw%H5a4m(<f?YJ=kFyt
zMWxS1jcv|*K6j^xbds!-4VSCLl*pc6S`v?bu&*&HQIe)fl5frt+=YQMjY+}!7N8|A
zgoe2KaQxurJOo>xCR{zy_u%JpsS)r)77z-T{))E^BU24Sg0eyAMi$vVml2Nv3Vd)h
zvE@lWK)A7`1t6fKT=8qGpb;b}iN$D~5AKsuRvEJz0*chY(wUK{RGMoB@%N#VFb_y%
zDYm6>Fgue{##ok9=u`;55R!ZVM*Ex}Wl$F*$D0tM+jvD>Yv_i?^mZmA6hw#_$PMB}
z-EwEW%)oX|Q!C9B*|f3+Kllr;tEaGt|Fi+>Q+Rgf?nnPYOZ3`Hujf*eHcg+gnlb1s
z?%+`4S!5NaJqneFdc|b<4mf{%uwq)+(_VyUSf-t|o*Mh}(1nzyOI>bzad*+eQD7rl
zrN`vq>b$Jx4tGyhcG)|@H9HNpE$Fc(S?AOO?y(8?DH+<8)R?CkiGnmepj}n?>Vu#?
z2rNTAp9s8g-)V*}*-ErdS!a;`lt?=nGu=FP$?x6U(zIg6dI%vGwU9bAt(cS|L6&Jj
zIyu7Uc7(?ORjq1>C!}YQYeXq9jXo50xgDZbI1qT=AT#FQG9`OPV_AAnQ>nuZl+M15
zk-MbfQ_-+ujPl0=Q}I+EU#IrY8=kb)3oRn}&45&Fl6cKoo)OeUJt~+8uEf_4gA%I|
z&HGcA!$aom`dby8l@B*ZTKf*y-=rRn_-*xO48wiWIyPO2o2HP!QBfi%s3G!b7#81n
ze={B<_cUpJwk+K<P+3&rFPy_!6w_5M%Vlftds|A6EP8OX%-~gXkLx>P5j}s=V8XJ5
zJy3xJH^EpMTIwys6jMpv7YzCNid{W3)`377a)jEDxU!y;uEJS=6se{H$w!Et-sE`#
zlzZ94UZN{5$nWbAN=*_O?l0w!si8px_wf)Nfz9gaJ?^=YY1kH~4_l2c-MN?|u!uPN
zUf1~;JK0>`HM9+hC^S)Gq(F^u3To$r<9E?_-_*w~{jIR`TTw8xK4C2`O~$wzRXP;2
zFy*HYS3F!m+XX{HLx68TyEJ>w^1tvFUv(ZHeY*OeRy9OU@cszt^lvJ*>(}nebsSUC
z&qeOF#`!+X35QLSZI`0EfU_`-B4Wk2yHr|T4q)uqZ1}A{dT{tr-UN}$$S`aiwuytH
zlsMMlT--0-kqk}|H%k|(6q6Dvs-~%u{F$?N_hcZI!RBy-V0Ac=)ZBfCv;>hgwuAAj
zCgyuENy!!WJJr~cRbAiwmn6%EXe2XRaqh63Bt)h!n9kd&t>Y%xzZWC{;{1I!TqOV!
zb`SpEhF9YUE+@|Q%1B=1a5gR?S0*-D>UEso;i*;}r{nv@);$GwZL@CDBevc8kuNe{
zslMG-GXG%RB|(X5lkQK`l*|IAo9%m%<GrZnv=P)gm8++4{PTL4z$i!sBLF{=ZNbI&
zcEpJ;;wKcky^+Aa%l`CQHLpC_5r=BrRuA+ytflo=`6I9KA#n*WDSm2#_1g#CBn9SC
zcQLx5RR`0)sP~e;c?d!`K#{i=rvHTl{>p-Ue?w&XzW7l7CBk}_eiJKlv!)qOv-itV
zeSQ=iiKZ|1n;+*^%;LeI&2!HJs*Fw_M&uMgqVX!i(RpM>ZTAbBab_GorHJA0?P-;=
zN!Vc>cMzkXvBq1=&czm<=UC{O+3C#2{|H(BCj-+9+$Zma31_Cx`Ab_N!XV<*0=s&Y
zZy3aC-gXra<H`g_-Z%4(0ZS5k%enjuwLM5Ys4iuvEvM;ZAd3lICJ9jma1iR_Hlz`N
z8?4G)Q-FZ{zg9N!q7#t6FEO$CvzQI=fe--6ew?!HO~OUlfL#HTpi6tbp`d#$G`<pe
zQ5au^{|yyPwDAO|a48k+4kR+9Bu86_dIBYhZT0$zs)|3VD#vr1C3N$g4hu)b?H{|b
zNr@E#-!uNR4FKuF{RPwblK7JTSrPvS`hj$n-Trc76RWP>CjS)9{(HMg_s~rM<a=y;
z=>ODh|H09Dp@s;a9JWlytKUw5dvSjJqw@aab65e336LXMOklm6{C~Zo7Y0TI=6@gl
zf4_sU;*eC*6VTPW|NiX%6O#;iJM{nSm;Zm>zRe2oxqO$oH-yF{8#n=uX(HX2H3)tu
zQv10B0UH}TndO6Uf|6QZX>X(TB<JOQ_<uGX-Z+2jgkkIVwsZXIW(cvOZ4U$4shjL9
zD7$VTH+sqCO25Hc?P5FIExWdQo2a*k>FVe~x;a%vMnA%wqr2TWesbqYeiz+n2w7j>
zg`HGaBjvtCH4tt>!623_S!C`&%D%xvdI*T!5F|H!sSRuJYjrqV>z{xf_x#K_9MkRl
zPVDZ5YUb1uKUCQSC#Adl3N0Ez=quYNy@)Rb+Li(dg8UDjPvX&m&tf!h9@hSv-_hmT
zvif5D#?JTZ@8^Yxh}Yf$f|^FrGFm4Lo%zvG|M=P!WE?E=-E_8Rd_n4N_KQaNvmk^-
zY$(D!GnC~Il^8J|cU|cdu)Y%)&$0q-|LdKApFpdR5LQiufjnls9amLo@kfgAwRV(G
zEJjL=PI?jQ*3XDq8Cv+76_W_&)VA9fG0cD-#cX75Zf<9jH!__DlS-$E`5X@SL7sK(
zLA0XcBGbVsRlF?4f#Dl62wt{{SG-4FK3HnQHEM5#fN&?iZhQQagP$=nW(mY%Q6;SU
zU4i`eWfgdFfp9PZ`9hV0O?!va@|=vD4>T=oIp<*)T=j$`PO1DI=NKqTd$<6urQ1le
z^sseZIgBs3S1uU|`t>f>v}%Rig1*j3o-EIF-yeS-CblP(<5UVdJKf=5SXTtu3rJVQ
zS|}Dm3;-GeyXdCcCL=j)zS-N~tx<nICP33ninZ^wwgsMS6Z19%COYY&?r@T@qUUrW
z4t%_quG=k#;^VZtMKM2EN44yDC5MYf5rQStFOPK(k^5RGdV?nMxLczO3b;ugrW|k0
zrhqbKx%_dp14ZEWtBa`p1zkcYutt@KCnp}+HL_pnVf{G_E7O;jn@8c`YYwz6e!Ts9
zxbcl3D?v=2etj8J(_YgAnvZIu)xn~~Lco@67A_aF6^h66m-XENYt}Q1r4ltIq1wFn
zf1*M|a)&y_?|y_;e1DQ?*H}(5IXYmODc|)+WXYo{_i?m+FUP))-OZ{@cxA4qX}XlJ
z-na6Du*L`>WGzrDpk>y<q`-MQb7MVcO*d`E4FA04-t*oO_YE2o1V^fF{U*G{Q`giK
zP7#&Z8|oAH>!FQ`&Fq@>oK6E|W^Qh>uT7zlr`7H6WBPb(TeP|nCT+6uoYN)+fA)^{
z&!GUD(`Z>f8TWJOnA;xQ2Y7%-sGT^N<b%#P8_9MYthoYWEZY52^)u{L(9<2!+}Iwn
zR4)jiAc`v%dDZwn1QPIofBlTw8Jiwfj=)y;IP$vai}LxPbKqR0Z>1km$;l8=JMnaC
zS+lFgSiCPao$9Qh<|8)Lbltr3Iis4?T)@RMp2VMa#Ejpb>)RpW;dTi~(ka0}zIy3Z
zV<qa$;3>(D;IPkj(=n25>B0N@zlg_u^?Ik5W$X6c9|b7ewa55|Nkz5z+?HBntJKkk
z$TrNE#Gdx3nN93d;ITJ__#^M=nGOtxi0$rm#4I+E?wv*knyT#5EcdRmFd+%YF~xlY
z1FIFVTVH%;hnnA7tVJ00Q(wQg!KuJ0NhOgW7#Zb3PPJEBAR7VbDABOn=|19OlDmeZ
zhEcR}yvfp7rhdAUAl8e}+~Mz!1QtC=O~#3-Tfh25O3#jXy4nTLVoWYyMfFpU6ZVs~
z#NkI8Wm0Zx)D@wX<m(9ryO}c!CA)JQ#U$l5R>-XEJ>ayk%)aWC8_c>Z>`Byt`-@#Q
zAO8()rOOi=@&40*l}|4zR7gkJ>M#?!N1ljs$WF0{8rs&jDo79cSvO}yay25TEU=jQ
z`xp!+sNKeTFI35kb7Jf#&>|z4b!X|1Cctcc{Z*yi!B$2|Hj?EL-^hE%%Oe6oBmq5{
z*{BW%^;E<Gu@mly9m*7h-vz56x*tKM{+YX`8#HB_voD?>X;j9)H{3=H1uqQ`tTM(q
zCUpNPYJ16I+!<~e$AzH%hViQMRqDNqBTwyWxOl}^aj_+l5-=FUmxA+qAdO_y^Mw`#
zWR9l(@PXLinh)nI>SW#^cqKOuze{(aBgB5}u6KMIX;IQmM#-Pn;e>cq5P`)dqyme;
zOQg<|{++B#%K5e_FE36dT%xdLog(sJL_SvqvGmrm-zPZuGc}Wqb?SD1LOjHayBg8W
zu%mG@iLAqpdw4T`w58Jg(9YeA^<!<=W2CguZI~vJHxa*iC|t?u2$GUJIkDj6DY3Jz
zyFYP2VC;D@siumGge|1W1BS%{!Ge8jXZ(<uB9tn~U}pTn-n!a;Se?1zFq6sn6|X?*
z;E#zwzs2Q;-LA7$Uet?1@aLs28L;pqhDwR6kU_*<c-<4vM%fvdR<k9+6bG5GSbGs)
zrMH}Xf!D5vj*ttD_|Iij)I5tNeysI@oypNL^>~0CH@twg*PM_{D3ag2-LEc>4It%^
zZ8pBXK&x2HVM5>ZPfSL~6Ef6h1md+0R4-_y;%w0pttXsSy3iUj3#Uq@J{|z6@L^25
z%vjIcDn_S~2ye4x46avgOwh*N=o~4O>CrY^u9WSMa1vP9{vP>m?Z+a8JC~lYwo;T5
zYMOqLkB@XCE1mM8@_l9?f>+?FF&|o<WmTwlo1TfOISV80GnxZ{oYR%UQc`r(Wy<ID
zK3~G1N!yai@wm4`%+UFY85aBZH!=9F#I*|rU)-9ASg>$y>L!0}{$j1y!gkSS2tVFr
zo^S*MjpxBva|Kf+L)N(f>rcUTL+?+=iLq6F3~2y$|0K#p$dk#Q1GO7asNlbMs&p0b
zr8%=jO)Y5flB5FeraOBW+d~Bhtf87myimVt%q=1lGS2+8nn{}C3oX9sfKC3~ohxYs
z?7xtp6plbVwNgR<O08CJ+>>l^jxy1iWxOzrg}C%t)Vp83l{f=HW%zTjc~N&aB-^yo
znUof4=Gp*Tm|W#!KcU<n2duU}<pJwz-<8pTuv4LYh*Op7C}3(9Hk4ew5TTtYGkZ5=
z032i1Q`kb4)>prlBo{`cy*1?Rv8-Phr!e%4t+KMn`GT*$4lq)e`4QLgeZgeyJ%~om
z=c2!ad$c<n0U*zZ-M@eM@kdb9Tt<yzE-<X3<VP=h_k>oKwaS&5*7}YG;sxD(gOBQR
z)egB4LHd#W;!8J1rP>5hk6*N5pn$q}^jgn5_nm1kCJ0K)+UNrJ38R^m(}YBD$hw=Y
z(rrF*szDLS6rH;+-;}2=Hl3lrfGj_nc_b+pm_%&3zc&?Ye3SL7z`~Zq0Lnc~nk;F3
z23DliTlnhi<7uX=m?##L7R<ONEz%#!&U2nYjhwUfZgEgNL;7Q?wW)H2Ru>}H?WIH!
z)qAIvR;cpC+{pcXo3DpPe<BLQm0e5|zzl^u7ldHmn1yajnk-$M;9aKdBF_j|LP2NT
zXXZ!y=5&G5@w8A^nf<9YGc&XG$6o|Cu>mka9PB}F7TL!RzhDL@96Jh?UY1n8c&h>f
z&p}H0g7zvS1N}3A!{61=e<Zt{fBnYW+}a$1IUxU24u3}?=mku#)&!8`W2n@rfaj{@
zuo*huPX8deEF|$;?u4qYl;e8)`NbS|TTg-|ym!4~SKRwpTRi%_Cg4E+p2fb=pD(Ed
z{1eU+O39e$h$mQxG7nlA>#k^F6OGb)`}<JxicaO^6nG{6bOG7=K3TrEJPN*1U~(7~
zV1BI&RlmqGInqMj%v%YO@!wMf&euAo%+C?7c~ysabd#Hy9wAoB)`M_-<vW#WB!$!-
zKjCpOz}Jm<nfpee_W0m`$w4xGIy5=iM7S`$Tff+WP7Xc$$-c9VN4DIZp#RuWU|kSX
zx$DKj&94PQ-!Mh@UY<GsFa&#cqkg}4#x=e(+ga#0=~ST~*@IJmQRnhv<q|(G;Cb+l
z``d3b5qu`{Z%%(|nzoQBlHWsSaf=8g>=DLegT7)pc<0;7FmmDD^ZjSkRxkE2Hb#}N
z99R{9bU&a~#;`eWpq=25<a?T*7wTanM638mFNelN?4s#;f;{%fR~Go-e-^O^&Q&Vy
zblZ?u71uB=OROP@=3g)BS->YWj|UGGjfc%16`I^I-;<ZU-1_dF=bz&m@4HfH+CPz{
zRjtZ(F!<Ldc)P>rT>4qg1lRS-?)n+C3_dQIrxJz3!xz5xQBEsmco1AM=q&M#8-^`Y
z*zXSH%Hvh*p!g<;I!5689?gc`FFZy#Kbf6AG~K)gT9&y9DMO2`uKU2i{7TotG`(}`
zose9s%np;fp8=4ol9(?;?l6s}%^yg@84evZ!Zdnv4lX>ZQ$*7e70qCO+2;W=K05n+
z*RN7=o{&hSp(@VcrQ8ci;0HfI`=moIhuo3Bd#6@86n-2ix4Sm?6-VjAgE$?Neh;*U
z)1vtCnbg<#k&4fS*-L0|=!BQ=u_S&~#gH5kbNjyaP?L^tNjS+c`LX`mtsnH}fg2v+
z&JjJL&T>zUE^*3Mze_Ek&RSQ;Z=(>L4fl{jqH(UD?kpJ<Zk!3uoE^qHP6_6Xd6_BE
zIn*2d*4-z2enjU8NH!3tqToAc<wn^|%>%noYR=JN(5xE2#jVL}x`PhyXasR=iT358
z3h5wAQ>>Dz))1;(LrKjnweMPKJrUuOY&aaH1X);<ycng&>X9;OV6Njn1p-7>>#H5_
z1y?GLT|FW}>!|4L$%|J(79p|tVRGztS)=Usm1MZVChUoItKz-y#ZK`Ld?Q7@BrbEG
z8pK6g$@n<i^PqW4KN26lK2LXTTR#hzRGd0`A^?}4g;lDqcnuo-;8eX>`Uc$eIWb9Z
zV%#s&tF=OvMF>bCsRWODndm{!vc?sOn4WTRfrgCH;oLS(D}`=;7ZIwM?>Wg{{I8ws
zn(NVTev!0<ISu4|z9OZYX2nY-0`!m1Ai|+MVfj1Xs2cOfV+I)ZoEQc8iiSzuaA+zI
ztTkE2y@hg=PtcFRAs?e@&erPF4Jzp9WM($)r35kEOLO==63+Fv7HSmNqrACRu=i=9
znox5yqguVOj*x<jYMwefDM_O_X`=%VEzm2JqR`0U_^X?52<9Ttgbzz=%F^fOrL<^O
zdc_Ssg>~ii$PSwJJ+GZVxu|Nvi^E8qv~z6~zmmjWNJ&cfh1b%Ei<#}NP2o_HUT%-Y
z#mP0329<u>SKFX_#hze(mch$+iu_~v{VtCw_Ke6FA&L2P<}3NFyvH-XgNv!0acpPA
z;N+=~UKIV?84oL4WBC3PR4b_#+?&((M=kY}*O(yE?S9m++!BIV;vu@?G0|!397`6l
zNZoEYwy|f3_dF#2zF|eplux7~OW%)Z!~`)&(p)d&lLNXEmLE}$z@{IR!R!utEqI7z
zy0RH49W7@eG_)mhHMp>Xg6rL}B@7A7_?lIk*v^C^zGA@p8B|^2WY};8i3!#G99$@K
z$i}@NH*Mx<D(p|G1<|N+J(CXq7Fr>FCC!NyccM!Dr1B<IP8Mz)nnjRIJTe#w9*s2P
z9`DsFu-?j2(vu7U*hZ3s?Cda#0+!R^x1G3I2qIbGyDa|#u+q9!sXv>1cW;JH;EJ-i
z2H%R92K+`$b&<atL3O*~(b{0!Fe9ZXszMgylR^bkKXNHJ$tt+eMwJib*09YCi_g^X
z>?1)`ut+&yf0V2fbGY<*pzS({RnZgR75~I?kp(IqP4)xbY!~W`m1#Qiu_YpQq3Q1>
zXgyZUG~gf-Y@)GHe-axSq8C92lG(5oDs>BJiCXMKm&!<4$iyb~$vy~0BluB%Ar+kZ
z6*5RjccLqZF80AXua`d8f<hcKU_&j$am6_zPt6Gvl&V1b{EbZN(igJ$3&TI*(n7QL
zVjPLa6&QLrpeRl#qornq*(@Fy!rk$PtfG+0xmh%qwmFNFf>n|dip(7z4v?OWtP}z}
z8RkNKSEHiUX95De2hdV6H%WsoTup3?ePjiDo=AYa4U%(X=4ODdVHQlCsFmxet{{b9
z_{_R$?oYlcv>iUDpqzy|pn?BksPvAf-c7?&TQ}s%ribxuxkwuOLed&2JuVndFHhB@
z)ii1?x6h1PcE~r@$Kex0{4B{yBBkXvHO_EMh^cB&RfU#eImavlI7rf`l=S6Amp-_7
zAx5wVT`xbvC}jrIPqKIqT0|M%eZEEq5y|O>m4`)wNaYc#J|IJpJyBM}V;W?!<W4Fm
znVZan$h3xO0oi2%VyA0~3SlFyVn%Jj5n`DRU8(P~nMcOxL$^sA!dP1q8D7weW=YY1
zGWsXWB*P4&H05P_@|wR_P?}Ls=|MqO#P-F$Jd}kd!_&4$D#C^@4bksUldaDplmUx{
zoyW-sB5Df$c<(BO<7QbPWo7VHu|VCHK{Z<|P3BVwhT*_gEAp4qO^?&IJRg8KZdS=h
zHciCLxNi{ekrvgLg5<79S-LGNR0}-ud5>H0uvaAif;(Sd0d7_Ons&o+X0{U6wAUHA
zlnPlKdcz7`iqfM&Z^Hvk@lfW$z*m1aT7%l81?}v}rzYvpZWUd&gL6rAIa{zyb-v|T
znt^2hM=mqkSFM>rdL}9kBP=NMU4sPCi)X$b(cmCbh3p3*UOv8<D`F8}jMqnVKL6()
zv_h+stmMozAcZgiRpR3E^1wBp`o&ZH8u9bn?*x5NYzBIsjjT$YD3t0Rb;b*?W5(#w
z(<mxbAu*0F&PqETrI=T0Gq~ITVSPNkn)PlZKE~w8lc~^r4|TI?tko_EkHTvz)_P1$
zIE!ryy_qX2D;S7^GL){MUq_arAm<%mVRvHqL%*rZeHtw=w?)MbSp)%|PnPB=dATLD
z7oCl=8sxhGa-xXxr=#YVD<-s{gd)rS)9!;rPElOo(8ey7lR7S&AND+HX*WweR;+YF
z21_BjDqcUS(xk!$W}8+kl?x{NBQE!JM;y#m{d<hsOnxl^ud$rGt@42Yq0iInbmhIp
zM;yI;(1C<w#aD$#ATTTQ=5SS9qi`R0Yh=1ec6hD9L4G+010)fMQxO|yGGs4K+{yj<
zn#p<0you?z8Li%l7S37Vo}>hx|GRz4*hJN)h+Q5Yw#&jgZ&G^%d+iSwUNWKS^DS=`
zzvM7L4Xl?LEG2`|h;jOD1)c%RNj5)^XsSiK*%f=MO^u%g6vG$R8Io~{k$tB6NBTP0
zbxQQFg?XE?V}`!U5kv&bu*k;5^?DtP`nS})E6cz)wQc~Q8kFk>kBxDN@#%7N49R0@
zb7JJpbMoPR-JdW7`Ep*bvU3}DI@8IAUirMZpZvjN{K`0uNQ*lfTNOCaE+c~#+4E*#
zS!Y|#{j-lMzxrO^sM)`{VlQkm?U1W_Q!vDeb21ziM)&@BA?w1)woY8Q7fAY7)VbiQ
zb9Nqq50LI--y6%W7o#z92i%HRtPztIfvL|TNy6+u4{ur?^yiCD2~n8;N-|<~Twy~d
zixg6$;etZ<yupPznO8`zP^wf~vjf8B_^SfhE8pe8(~LP;W*0mh1nxvA+{&7MCrmLc
za}PWq<!qkq?5&1Ged9BKy(d&Vk4Q*$yU<f<dax!B3V2eeFQW8xy(eSBjJ8;~-%^o@
zoi{1Tb3ViXmF;7w)u_^(i?qsq9}kI~GVAr?rDLX&YJ80Xx2h4R+gdE57cv?(lMRMP
z^%oa>*L$%@CJi28?_jsloY+XLS7n`BB`}8qJK-vdNL|Ufix*1#Mhdt6bB&XR>)yC<
zJ8Q%A36Tp5j7=gvU!;jboi*BX_Y1%(jsATF<7SSERBql8NmD<FbV7OwOMfq^@2uf4
z0{CY1=gpH1(NhoMD4xkpN~~x+A<{r;KTFox?N>=s`nR9LQfx{aW+`wCsz~CFd>UP=
z(kcyF@-7oM9FYY((!Ack4-ih@>&LO13)eX0<Q#lh$n<<X#1$wch|EBH@3JZXvF+?u
zlD-C%A%pxJJQz;YZZ){M?R|giyu;bWuq3uslwlS$-Y3%<;e?oGvngv4*%Uh^EgBtr
zKr$@Rmy8XXv)G-cZGF}eC!cP!YW6I9KqhR@t)Mciq$YjsN_qEoZ=0u1?Y(B*<PMNF
z;G2IhOZk0z_>Y$Jx@TxcI&`j=v!Y+}$8*!=ep2Su1W^bR7ho>wEvK6#6AzU=P(e2e
z#1JWf9rS1l?<MQa;bsQR)4J0=Sbcz@tXRPqHn&Lb$Hfc(!V&3!62)nd;x{cJ*dG_I
zGH%Z*AzCqV*T6+eIUJ6NuI!~bs6NmBd#bF&sz^X}FVi=Ec>93ovjNfS_m(*$+}<a!
zQwkZc&$LI9LEW}BTcuHtC&hDzJ<DhSKZzngjXwuM_q{JA7K@QWtI<?R?hKA`04nEL
z0n617603m(dmc%?0RM$rp1DeW{o~1;ngE5$a6EGaAmY!3lb4#J1HQGZa{@i93e2`>
zEXI8(fo~@mL)T8=j~;GrZZZlA;k7;Ya2ObzgBWej@x#t3*XJsjl&QhVlt}1|9J>mb
zFJpC|NCH>j59g|3H#X2&Z@;^2>Rf64EI9JZmCRG9Y56dwv&bAa*jqQrg`Ed~OBDW#
zVLle}IB^wB(AyUS3Tnl<PYDTJ7}Dy4H^alj{Wt?7wB-dyOwr7gj~Wk_SXliwgX^kt
z1mp1%-?0&8Wn}YDrAL@gBI0CCM27{!n4zYTSGC$b&d480=W}G&0`f}*<UD~uJ&^N7
zCHw<J3zWRUl$zS3*UNOo3EZkjWld!%lLmRU?sLu5+E75w%8~qzNG28VUDk^6vwf@9
zd)MV=_t9D%+|e*Qz$Uexv_wHV3>D_{NzIgX%|fc5OYh+a3(PvtTNtGBXSr6xop)CB
z0nc%ySo=ax{p=`sVk5s`B+TxifjU<SmrqJ(wb#V*V>n+$OOnl$^3aPuIt2Qkt4=yJ
z7sv)p3ZF5MCk}I>UL%EH?J?u4YktVBxnFH+Y6vbVu~=yJ#B8!%(*yY&Y1Pi_=Og-E
zpC(FtMvx%yt0O{ybG0RJ_&9^!Bw96JK+Jr<9TJ5m)-=ke8X|%V1r2F$nF4YBr#`X}
zeYL=VBE$Ubh2HpdzKI&9htL!%&cJ6u?iqMco*XHBHz^M}&3=-6TXg&qG}W@|UD$n}
z>dH&Ok^>bC#eG`Xnis8yddRIR41DWfE&gtaS^t&$T=`;4V#i&uJjVZejo>NUCh&!`
zChx<vk<i)235GjY{rGlh%C85Rqrwe%3d!`KPYM$fgi|5MAdqfu_0hg@@Aw}Cgjnf1
zpWD46dd1P7QxQW8Y3bklzeBQ<9ZI-V%fHjaHb)S$D4w@WzUjsJ7nmbLg|L*rDLm@L
z-B&*Su~sQD6EaPybM2STsyW{oBBb!f%~nhOn1%zx1?2*HdUnNBN%lT9`8N0Qy=9J?
z^6d!(VVXM=);K0MV8i61pBNK2JJPJ7o;xe_0WbA9;KzDA#<(_Q+HyHJjOMSte#)4D
zmL#pO`xdre7gYyqC`3EGmKkOZo5HgjW{@^lQq1Ov{0s8LDxJA$O%UAU7f@D_NKh>z
z_a@esbI~)aVYZ2r{!f@Jcf4+CfLQJ}Oxn2X$6!*gSQq{pz{hNUFqDB0nrP$GBJL`f
z8p5(udaP&A=!N$`?KlRDNv3)XtbfH%75&E1MCJ8y`i5xGw7EF~LWAngH*il4k03_t
z;I^rYFUWie9De_B)yiJ`Eif~&WRQ#KC4&9ohpC2;pGys0RFR6Gn0PBLem2|A2PCMF
zB%n?X@lSI!4EgHW7^;{MKE2`RC9wJD#w|U-7qlsm@};*@%l26=NsPq2T188-t9i+<
z<*DE<8$h>u@&(7<Pf+#ZNFwnF!igzo@f)J?=*Pi0Z$ykMaS<XYbt?q`&UF;(Ia2V0
zThI`nKCw>Sy)|2tI*sxGNzc}YQu-A6{v2cLSlRBTA{8R721p#3$d4>QVq&6b2J(Oi
zL8U@jTB18UMAq7<{?Lt8x||GJDBFq?y6s@Am{q~$(ws3l4>m1=JbIH@BoKKmkPDn9
z%Pyt&UZx>rg}xiNtX?pO%@030*-%0P27?G+O^j3NE%`V4_V~q5o1bz`kKUe_5L?xg
zIB&)5Q`eucVMT%%@&lz};To2;x7k3IF1VVN&7iPHYXyhO)BaLkzL6-^sjsA&!mwwh
z=(38UgnZt}OCAmkda9YfDnFJHSVEB(e<kGi#@$A2e4NWrA{H&o&5fP!UAu|@KkU6#
zSX|4t1`4EcYaD_*!JXiZy9aj*mf-HvxLZhYm*5uM9YT;`!8KTdyWW|7&faIAz0UgX
z!+pJv%{P1Yq^jnqQDgif#qRv0=(=Gj2r(t}m7Cy-kS=k;EUfPMXM%dy!_;GbQs#tp
z**Jf=w5Pd2gQlwGG?1jNFRsCj#(4%yJYK~Vy3nLvNYZh>f3s~iBPP)@e$^83GGhbS
zT)1t|yeK<8u=&dlB8&6Xw?0I9_i0~pwkIAqpzb;0Uc~V>#!tF*i7;aV8Fs2tM%(v@
z@Y%@g>6aH0TC>@&1kPEz$x<@u&J)}n$;n9<7D^GU$b|s4KB;=yQv2=gUr-t;CN;_a
zjOPKEy)z^FJVd9<GoIJSK4M_pHyikRifRnH$}xc)e*y~(?SKRG<LldG;nrrHUWZKY
zDmyqV{2iZ12EAfhddN+qIoNAA7#zk;lL9buC4Raj5h95+k_At^*OFGUr@Wm+3052)
zpX%rVT~b?66{jZ&4A!Rys%A8g@@hU^w}Fe%MB0%3j(LYS-#MHUu%M3L*?hFW>{oT4
zG3)j;-K@5Q6&u=5ALToO28X!yOHR#Dnb$EHQoCM~SakiMrI3xO(aR87U)O`tzH^dd
z70yhMGvc=CPur8k%{SmPG{?(VoY@)4u3zCLH>4n2nb$wG!~*jOUP-8pzunB-))U9#
zQXK!Px|PSQ_bLO0YGe4o%kj9bnv>Pbu&ng-WMcbCp5Ky@=NMz>rF-u(mk!6#3#S-v
zVcDg=1zb-H;>@KE^*3oCXe&#LW<}<LcCC>rxrSXt=?dqJTcMjw_Xdlj|Agphp1pA%
zZ$xDQeq<pXo$`Alv@l7=ROP3T7!DA~ChaK<1S--@+caTA!Tp?EpNjmjFe-;Tg3SGU
z7|+QsxxLj0f3i9%%Q`s&)K7%=+<c-Kv#0GJBTgE~xfdlSo|ybbGJ=L8Uyc3LWhPIx
z<m~`+o)x_QhAm|!?zU5UDIc>Lyql0(H(Iq}Ywo1ezFz(uM*^r{2aQioJpH%hWd~PP
zZ+Rut+eT-6e1hqsd?h)iJw0iO12A$vTjC`$ZMw;K$$P2qOX84i8Plm(<J@a9b(~^-
znTm2|G9NfCIFgq}svxg62#!^ogDGaq0?KB&?R#~wuAdH4?HnH$(XHq6&{bE<WleDn
z8=%#b-X?HiV+}w%cSZ0DX^IE?-NW4yhuKGNuURW~hp-7fdBC{JKX@<+f?FyQLrd|K
zEj=3AM09g|+sEcYQ0hIIL#uIsDKfK1<}2t9C**&jQ%+U6+GJn;NfzzNqEsgpc*#ye
z5S!ISHD{i8uD$lA&EXURjKiqntyER=$u17QYk;|vU=rL)VO#k3=(t?^VV^B%J{9-~
z3En3KHis5=qmilyR;Ud#hE7k2KB7FO!KGBafA=2hXmpA_FsauojkUtnv*x*P#!>TZ
zQY2y{>dU9g1w8y??wgqrfKP1rfE(~V41*-GXeXq#lg2NCo9axKFV!yqC5pwCF4h88
z;W!0z!hs;&wABs$ceF>>Q#7<~I(aO7{i=sH4DdK=5(nTCTidpT{*O>_4$VBmUB_G+
z4Q!qYx%i_9X^nTq2a2M|PpOj%^=xlmeyzxw)YCX$l}8mxddJ^JvE?VB1j&@}V79?h
zG^fJ)hT``#Vxx>;^&&QHw9Z=^u<R>NOQw}b#*gh8XE82Th>VNE!bfwebsFVxyNLGl
zxe{x9Ios1SWwa-iU=M1so~_i@pAmJsz-^6OQD1Zp!x}~bM4QlZ3;a#gQ~M(jPxhv}
zPPPvc6^}6PS{WA6lzLPNWtk|KWHFtwpAzjc&zfl{k|x)_Ii&uil_4u&L6(`ulwC-r
z2D`3%I1PjF!pE-D^KLp`U7iY2O>yGVHS%Ys2ToeXm)ToB1W_foRD3-zT|H0oPHH6@
z|0$;p$+DhJ*Q$0yMq<)O++%nC!rr1iUy??Y$eji%;eEuIpCFt3EH3zil42%VzcOym
zV1GAH?qRVkC#ugmze<xYI_o(-5Fj-NVo<-0#7g|oTdezX42F@tZ?>h1VNULduvLwH
z+bt1k=Z=Vo&0?lXJehT03xzE{F!y}9YZDbw+j>y>o>NX6r6p(f>R?3J@$C|4k^I2h
zW3gN5tbtC~M(eW;>zFEax#o9B(HOT)`3-l+T!Ucn0diKlNkW09ioyK-P+#2PDWv=>
zs$=S>B#~s_OOyb6Z1BB3UGJ#EBGap!`C5WR@R8|uEb=`UGY2s76SnzIYD{~EQ*<~0
zTMbS_RWZ>(c}8v*D=0W^N`4z%4&vLw1V?RO2x~*xuKi6q!dTu8-C2$@D|Tnse1oDj
z%2#h3!?y5{qjaKx%|RCCjqysw=*+bft6tPi-hixo5>4jCio=S3A$&|abgHtzVeR8F
zlN9MKZsV&MIX*Qc*Mp5^dJ2+uMwBK-%7`=(upDGKl5d|(Qd$x@aY(83mr<=VJcD{e
z#L0O;wUzcpaqYTQ?4AiVn*RJ&$kCtywvaC&9L|spbB!x8p#-FK{Or;OZ|_R(zEFLw
zP}kgPuO3!{tFpa3l&D1U0k%M3`9)-3N87dOs3f}S*|~#g(5s}`X#YpU3j4V#eN>Ty
zc^PDVc~-J>d}}(dyTLqG4SoI6vHIjR5a_m(?PENSwWhPPJJd#08H;v0E6kn2Y<PVm
zr2kPvbN-=f3=y6T$Zy>^TBUP3JESgcl1uusmOL8MUoHZ?OjSd_EuNWhnvAC>7g`d2
zUuF#+;FMfdkNZdoT46zx`Y=2Li_f5ibdynX__9KO4a7pCP%vBhAp=n>-vzN?(r)<n
z{ig^de4#}{7#Pk*IZ3fMa*)0H3e9MqHOa@qh+LP=luh9bX1DJ=d?`+o$If^6OsV^{
z6g6>G3&oSh_m0_nKhN%vsnWxyOR^QUCXj?@bM&{@_h7X4R!tP;CFVPZ^5T0I7f~uB
zV|=vKyYli>P9As4I7)`=Fm%~xt29szR=AIm>Ns28Rv34P)i!^IRvB3`rC^00uXfUd
zn3I##C;iN+vESKDg5e!dz3{Myv@3P8n9P&SH-0buf!QG(v3;Udv(9<YTr4<=)0SrO
z-Ai2L)s@)0OMUxhdK)SWmhPkYklKG>K~;`~{j5eG8raRA=^qfUPLAy*2N4p}Xj=+@
z0$b89#^C0EXpmsjihsDy9U%&v?%@F5{GF$l1V|E~{@L;GoS_<{EO6p1ke2tWX;Fmv
zgs=U%?@VxU84Y=GV5e-?X&j{}<>Z^bneVa91XJ)KwKLSz)CFC4P9?Ch$wNvdw6I4U
zU(#1$vV&-qzP;i(erC}_Pmx}ULW2vgU^_D-q%zltA{(&#ab>9kDWzW~n8fZTXMvk3
z^VXjcDP2*=EtAXpg$=$iGbyf<SIdzw7Qs`pDnbZZgbO}m)6H)7v_0apQQ4CwO<cp#
zQ%=Swy!)0{9W(raY%6UuPsp+F8YXkOfzVs&Mnflf51Wjpb;n37B(}5Db<F<A5NU*C
zktwFtEoO!9t#}E3t^srozGP|?k|j%Es)qO;71=u=`Rz$kifU6CG*2jeZo2(un+{fN
zj>w`YPq{@7f>!;$8d|v=`t#n$ffhp3s=iJQXRY~|c9m}RI~p5IuK6VdVHN)q68O?>
z$NlL&B?SWt$_l-F^3-Oi_`nlEr0@50ZF?r@am2f{NPhxy!^POm6rX`8o3S~TT$iRe
za1NO5h%FM;pX;sAOr<gEVuKxkvoj8zE>ej4X&giNqSiXypxzxFxA;LeWjyN^$3X0S
zE0YHBK0VM*-y!Gs<yHuK%^#+0C;%z{l5Vw-5Y)$|Yt3yN1(Ih&529kB0eb4HNYlmv
zIc&-btjuH2H~JVGMehJp8AH<<dZ+PSxV2|?IowKvP81AsA;vSw1h5*Qm9LAJfDc-c
zkhhIR;DJ@c(|kfiyUQu%@(FYA$5gXk|Ff|P`C~7ix1nN3e^y|^exa0V7WL88&MF+A
zzC`K`{tm=@aCuHQf~GB3zvk%r&S_oDbGu0&Iy3X0{#s5jc=dNFOAB~y;W1e#W#_}N
z;B{1`Bn@(-0*;hrTc?Ci4^Z+s@Obm1Wsy;*l1-~+O?-n<s(*0Bd<?!;{75}Tc7CAk
zl%6Ul0|c#|KyuoA=fB+#AF>?5&|XwKg4s80#0kcpUl6enrXq;Om+5ue5ulXb4@&1u
zxyogYYsmc^(r<v}dYlv~N#A6@SlnzUs}y<Ti8j&VUSBb&FTLIZWZS0(5yMtrvB;l(
zhtfe^?Q-8r(m)M`Q7B6h6G?DBSgQPVzwK^Q6OB#co14L_O$LF=U=O8-DL4xmZMaO-
z!#O_-m_(|I7IOeq$^`U$Z2yI3f{<y$!RVC?pPx)rqPD0JX>yQeTxPgRL>nzSjOz3k
z9xuKP=S9BH5L*jz>B;|ughV9Gd9w(=@H~%J$%~tnzb|7P$tm&kd{7Va=KTty{JhkZ
zSY|^-)>R}`!Yh>pn;8`b`;RISud6=g-(sZ<Ih)^eB1POCW5QRTH4dE2Dc!$Os7OSa
z1r6kNS-r9+{6R-y1Op=nk)6kPnStF8uELhYPq5iVK)aU9PvF$Fp2lNgZ;e{fWT5*L
zR@+sdtcUTDBEPC|eeE-wt=P=LLz#7zLR5!5mVBdI2&I?^3nwKzhP%Nm@AWk#`TF>~
z(&}s#q6Mtj2e8aBO%M65Swn8J7R;L)IxH}1qIF)v$Dw1o9&F>^c8q|>#u~RP?)>fH
zKH<qgDPD@R8SE5@g<S-KiYA})&ObPrD3Rx`KtP(_CeWUW)6n-Lw2JFxu*Qdd`$nV)
z9BbI1M9I43Csb4<^Ui7-Apzo0nO9}U67E$43$2o0cA1uNmq)qbU3}1y=@&Q8Y0j?T
zk*-z>ttm!C{N(XvdU_@jePwZe-b`x-iof$0bgFP9rMO0HR1S<TXHxtmqUL&fZQQIL
zo4lA=c)Aw<0u#+eCXu?Zxv0~Bo91pXHiO+|@tvP$!>H}dXN*UL3p~p^t&>@AWarH+
z9JpX*_5jM(@Z2__WJd8d<1za6?$})dKxc0HaE3S5vu+yFUuLD4^(r6gX{IAKeUaPX
z`(w@V*RWG!8o9-|7!I3!$P=F=^MY#j*U^%RbZK3kE{p*=k0ZR>T|ZekDgnlq((w;3
zWl=5emdi}+izy+pFQ_@G`VJ1g9xdH6SK;LhGFN3P&%Nw4i-v6|32$lPDyeBU*qEAA
z9fGDTx#vjz0|F9R=Fxv3>N4TlaS*PBXF*v*BBVnCM1eLK)j^eUF%l6*_D-&3+f@E%
zAyF*Yoyp*|=~zQiF^h!i;jwt}##ZW23(CJf!_(pspjl+bHU<s@orE}Q!KF+v*h14%
zoC!&~Sb^Z72a|ewTbil^8{368Pp7VbFJ=)V1pwDXo0ZQ?b=sWMC3FS04Syd}o8iwJ
zW=|Q8E$}*gOBFyWagj8JPcPlA1E3b!@yjl}m8CwfOVoCJTrbafi>IPHr=d>^&0GpY
z>9^aaOaOuK_U?wuB&f<RNeWq^BFRl=<A?<&YD!bj<rEaddbzuj=r(8Ti(ao!=Ho{j
zlLjT&grqClt5BtnN0>rCZIgE4I9go#7NJ{iOMW^7XrlbcB{ezabpDE(m&F2xBBA-3
zFHzvkcKYL?yulR=71Yw-@V0UpupLlf^Rg?*jd%#;a=xD>^?%tK=9hPkK^MgcxhbX3
zH`uhTKn>F>`LPVps>RV-eH6)=^~xiQUb~Y1D0L>KWWueJ&cpR|70g^p?U?0l1Z)Yx
zxJnX!_EQ}G37)CcdO}1Qd&hjVl%op=x^r9-!6v4y<xmj?_#Yp&u53a@3Hvzw+t|eM
zqu*oVzIzuJ9GlX)fQNyFoc`miusDvYy-<X5=s1J2*0w~~%PScvVj#;fG(1H_8*_hJ
z>~$%9CqE@cJBiXp+u%!1^U45{U(+~n$=}QwE+y3_-!fn@YCx<}zKUEu9LKbalu1!8
z5!a7nz)qoF@}%c~lNOS`B8<Y4h*28!H{Q{y5|#_ymvOd&D;AVyO6yH$&+MNpqR0N`
zv)zO$MUP47npTK6ltb`DlaV{tFX8&>#^_i1CHhQnw5#gfK{*djigL_Xv}d!AHC3M3
zKEVws6xiEiSjMlIZo-tej*bv;N^J2-FCr~Q6S4tEjXO|^vphsGJ?y2jy?t;gQBZG!
z%@506G(%{%vm6Ah%MBV3%MlqjfkQ-p#AVd_OreKPE~E~ne<QPzU{7;kzx%|gVC|#&
zDLpXP&+E7#zrf_{u6fyBiyXjmS4(7nyUmy1>5bMx*<a=WZeW+D+%O#D2I17BWik6j
z>r78m@ZK;Q{HV|+oSxr3ADu~@W_9?8<P>kus06V6=g@ZX%}Wh9<rGw;GB7|^IRa)A
z9;U`(38e%h7cDQed%@?$gtpn!(O@vYpL7I{)j2h}@^Gb-xPzj+f)b7%hdbfj?2p-j
zk97IU>|ql#C2eQz7!mAWL*^7ltP>e=5|cQlIH;186RB2JOM>3Q+Kq)(Mukd@3-GX?
zsc=kf4_;<C9(WG=(Aw<2e$5}zB}c{K+{Yss7u)0@3UuGLPslPhLO22jc-Qs5)J`fU
zbQaAR1|4LD9-AVy+9aex6${M_a^Gs#meXOELI7mL@=hQRAr_3b&&aPzUzHiJ?(_Xt
z`!{#iA|LexBhD1Y)J_;44XTP>=I`qTc<FiK0d~9XJkpeoJ=P%Zv9&f=M(8pM*nE_|
zJX{eZ`CkaoScWxjmydN(#$WsqOPA}ytyRc@9yi)JT%f}J{6?W$_@-7K_h5`(!RBbB
zAtVu-ArV0;qer7>6hqfvu{tS`B7bnys6I;8d|${mj^cf9NXYv7+DmeSySQP;LJKwV
z540&sI8Lb#X|)hNa0&wr?fxs({Df4dp#X-ni__1@NH0UgkxZZNh+@*~yk6l&&upCQ
znjCLZGSevMUk#1Bgzr#NphiV8q{z)TU6!z=I=e~xmsk+_v9bPMqwp|}uB0JgVC<VH
zHFRVWsvq(8pdr#LPDWEN2}C&l4K05{Cvl|Z!xV~8#-kM2kxG@(xWU>lJ|W<!d(lEW
znXc)BYx)a-r%3H90kwC_EUkrCG(XeY`cfx9UUo3&Ii#XttpX?=q&}xul02l%j3^hf
z-lP0csvu^Ch>Nm4`(o`riV{%&#BYOc6gO5fQ|`nZl>vqgtsUWUTPFI)L2HO?Ec$`N
zEj)@!I_TA2+B-$gpZD@>)fh$GYqjHPTc%@pu{J!HD!#C~5ebBQ73Nb^FC#g2XDbV=
zc{aAWALfWW_u2-myFAO>Abw<ns?JPlcA$6k&w*MRw`Y+WD_z$xojL59{O_wpgjG{&
zI~PQKVU{W;8}i`vvg{WMVYwZCpuL^ALGI1AMlvdL@-CLxb?+Syaet*Zc%W(5->=)0
z-7uYdHaskQvvE(Jn(8V*u#fjK|JCI5+J{$4C11PO4A2r~k}q4hc6)dXQVS(<;EA$=
zmO&p_bXiAT<RK}H8Yt2+FB$JB9+8}Zp7vOCm*waOAP*MoF2gA?UF$-W?8x*7q`MZ&
z;rWqsCS>Bl$9lHts7y=>AJ5O3odl?&WRHW9uzTO_?dFJms<TYV+rtLiG6B6w$jwd(
zJj#Y?G>#Msn|z*>3W;FRMIKOh2(eX&?h8L@JJTNYkg|y(y6lLIj0<BEeb)0^C~XhX
zrj1DoLN&itSU>#m#WK*0BT$%#`l~E`A$&!tk3TrfEKS`tX;p@yF1-@5m2TtuP)HgO
zl+T=z#s;SVxIpqF5<O|%8Yd={BEc;xIM&x?hJ3^6A0;PVVR1OS9b#@8xaJIB_7+(f
zI>m?>K?6M#t)QHNO%xi%1~#Q{il{&<?Xj#R{<4xZ64yp6>sOUaH%%EZMPncOJtEq3
z59K#P6I~8?rkA4;ugQ9Q9ueVRx*g8L9_JeYX|z411MG}1vh*K9O(MinbG)Zss4AD<
zG$q<DKRsPBH$jr-wcO9QUXz8%*q=t>t8ysL&LmdCMkAz@<KjW67mvws!XB#kLA@*^
zlBTh;I<j;qBa(1Q#UI>zCp7O+IvL@_6(bNgp|Aa%qAqY1Cz%t!{<fS3q<B{`+)!*A
zQ^KWiQE*UEYn_#FtfICdBVbsu4be8gMu_5!)PU86{wJzB+(ET4o5D!D`P#jJhz~DQ
zh8slrMerjL^-c?6%_Ww9;=_t1TPv+Cu+Zs6mPm>om6h7Ed_QgMVywbi#XA)5xaQV^
zJ8M4ru=xCFNM6)zvsT?x;OR9kVkB;6P}u!-nbF*=IC|v}0+|eKi|d&z+3%lN6-}sV
z-Dj)no2sN}AUz9lRvBrfCGu;M3-3*F>|ZKU_-qX`>1!JuD-sewcZCB=YyDRKjc+LR
zjI7y=6-Npqw_($aghX6SQl5L`v8=LwVcK8ujO$@l1SgT$I%oO~8lsm5J;}BX4SiIL
zb?5FIne%b!Gfeu~Vy`lqdQ=46H#3ZxwV&Tc2ghG%i)}?|I8ooL9g8V5?>0Cg_(Zo;
zi4Tp<1X@QY&#@Brh!?BI*oxt}V;3n(3n9_Vw}?TS^~|}$e=4IWTd;sbu>@t2zGGCU
zev{lKX`ro#7gI)#xE@<FyO~1!rIElP-zPVqL{sF-!Vp2>)X0G~uRyN;F?o?@v)Mu~
zaC<~Ei#=b<T1g^LX2&DYmcB^lo<g0Xye5Cp*LWmr8?pZzt)DLxNB8H)O<4Ldp<woc
zQ@>bBeTl?(BXXSe&M-0!^1jYHHJoakU&x6VlMW`bc*v_jMp#O-I79VTzNV+WXq+iV
zlO+?`DDHdJDzESYk~i6fXr*FvOHtFiuxC05Me)d%11Jvm{1dvjmyK1e`Gw68Na>lv
zp->PZzhs6aDYq*{)k%ry1lEMko05Pqd>C$`Vi&^}XS|<JuT}WrBiS&Bo<7y7;FA<v
zuPP-1eMQeMk}Eu#!b6;$l)&6hgm^;G&RAMO1!32uPWN#cUKLDo1Z|OU+jUPE51aHA
zuv;8(@zd%mW+T10Wv6xyqf_UUJH%R~e>Vc(`)yS@Ci-f}Z<?0E`b;q7sJi3rPF4g-
z6p~3WKG)pb&DS2$Bmg`VDGPgM0OXVcB7Rr6j*gQ$YGqyKbu90fJZur)FE!yy)z;RY
z44iNr^!*sk&|8d(urBnV(g<BG4L98l?q3#esCtyfw`$QG2DLv~_=bC?e_&oUg?EWy
z37N3(XRsk|yi;8)OiTLE_Z_!Epnn*bYQv+C9DWX`Ks?1=QW0qyDt}_&8nc`_(8hE$
z=CMXVNnx~2l!tb~GR$o|jfCRu&7e&s;m8R8krFkGrSv#AE?8`$%wD(^$vOBy{UWFR
z2Ccw~vWPy<w8m$bEO8f8nnDmbCnu6N#8fEs!`$wbT~b+SP?6jJ%0?Wi-KdiViVR{K
zBKtk>wQF1loqQeF_}dkueG?Enh_57Y+NGVf-)Z2O2YubLU{Gy5sQG}<UtA`eZf(?R
zfv65m(n=!BG@_4oX)ij7SGtSSqPv^Hs{9tdj275yX%{G>9Vy+RmRt8mv(hE$^>+3e
zeZE^Sx0=8678NeOP@$&GQL|SX)VB0=Jw^Z*<vxhtunELD;c(F-%Pz$!E_V~`#CO6i
zVxR<-E!KmomnDZNPMij;D<~qInw6qnx~UOP1K38w&y1r$bsNP{vwZ70P!cjbubdkB
zi@(bb&p^27(Ohgp9Xa}Dk9~pNycFmGr8vwWH&VB5*<VRfSdt%9&HxntqdY7G+Oaqx
zvx;ZM2OS%rKD_Vqx|Kj{)FQ0vuqV~!lY#rTQ={j8@;#r)eDCpg-n^|sa;tk$MfaRg
z7GC$%e%Nv$@)N=3uTcF^?-L7jcH#oMy$tS6K^|Y75e!>=P6A5CNXcg6N8B%lks*|g
z+-!^7LB+`Vine(&y2TDYzm%z%g$bB2<i?=FeApb!Ma7C=D4Ede1}D+`Zf($GxYZ`%
z$Oa30n>!ZY-o>`F<f&Lbn!Xn8Jwxy`$TH)Y+j@g5lo^G^$xv1hD%%vMMhH)hU0~7x
z84JBmv{1|OkVYN1xMhn8rj#Q;2p>-C;UVoF(&Q@3=lq1^F`YjddnY#J776N-dBuKx
zb8g7au+11-ZHa6bs+#*GZZ^H1(Xm*?cRr;jP8ytYu&-dtJTrt^kRiuM<05Y!@un^}
zF|yZ8-ScZj633eMK^-DCqtfIob%BRcwPc{7UnUx=YB_Ze<m2~>Z_oKd(($D5Qqg#L
z@gri7Tn#V`*n<G?B<hH-YAJJnC*7$1-fx<qZ)(Hg&0tPUsS1u(UHXm9)r20~X{$M{
zaHJ_UVnI=8^i5^nmhC)}n_twssUjbGOLeyRDM??_&$G$2VFHP_&)t+Spa?;&Ld?u0
zZ=cvvsd~AdzTE{ZVt(FoTb9Z>0$SA32f*<=IESET;5-fYbbNc;f{=I5#Vu{JLJDUO
zYL=bksEV;U?tgZJTmeB3%Zzdx?fm%^#fl@FYw$V%E9xE>5gRQv5-Bx@L$Zt}-l9bq
z8>xU@h`yz$^!wIOyy?WZfK<mKbyNw%@FRz{XFsIEvOJ#vx!sL4FVqGqi<n1yG~7W=
zvpV%#+mtI%jwC1jGrJm?%(W{FeP%HJ+Y)}I#-hhNrZ6xL4)yZ;nJurxc0C`l`2*f^
z|IluJ)(SZ|NLlo8{>HpY{?CPcMFAWj%f^x)qSC~>Mz&Sh*sXr|DJt4QOkO)BPu8Ax
z$q#wXnl?`v_vn1%wz8Bz&x>3wT2&ye6kRF<z1OGU{l3`m5zZE>R(n+x15uIhxBWpL
z7a<LDqi-0{3lqh)#FHQtR8&L-dLU6Ge0&AmAL4w8a}xDhN}+g(Lejs7(>METlj|ay
zVjy1tXg8I<qh)nnXjVCrxrMD|_|z+^#2|l@Ne2T;ijyAV<|DxkZ&U4D?!sI=kZ^;W
zROk$KUU)N$NcVYeuhY9>9$BRbHFAHJGa7lIwUj58#wFE1$p>)`bsUnbeWj-;)a);(
z@KM$HktA*77qhV`x#PEEcr}$^9($@A6Tj~`y6&$DP7sD3vU>$6emyA_I0md#XH<>h
z9jD<KX^R`+N`ltH_UJL|N!(9A$Ey0C;iy?X=ZHes{c~0?B+KUqR2>r^PD7~F-U0jj
zAPwp}dhM2?F*q#j7rfy_-ya%3OK2f&lZg>7L(1bn7N*^MDD(%GguH5AN{5i>iGhZM
z@F<0inN*FodYYHE;i-foJUyXWOp;IS`|)}cy`fNXp^k=RhpXR99;fL>->xU&ANxms
z2h!cs3=`tI(vP(%C9fqF`BL!n!w*ogS;<9M{7A$C)Tpc*FVtiiHXUWE^&_zig`4F4
zF+EOt4qHR!pW9VG!J~LW63td2dGL>{w^lxiXHV+)`c1(p!!Q%1+ji<=VaJM*=poT#
zT*>6R=*bmg6`3eOEg{5b;I|1-wHyW#KRxe4_LVP5fk*(Zppu#wNdZB>i3%M5fgln~
z_gVUTTV11_scDPChkg}Jt-RLVjmKrNT%|UxUdD(9;uyILzmx7RdXH;ga1g%KMbmX%
zw%cG#_+k6)pXzM-vV<YrCJzxlW(bz&78an8#ar=?l#=Ha?9->^=h&|7Uq*q*ov#y+
zyX^0Z^IqV(@rKkia}##R_*fb?u^w~%muX5nKavhVL2%u%-GxH%6^o>B_!gVnNh_#d
zL72$nsTV0>6}d&}{aWjJ==~-JVNfOoKq^&M^+A3QP-u~Jozsq);f!`{gEKr{ZTzHm
zqkX`9AB_53<+aOxOZIr;bV`O%@Ig{llJVn)vWDw*X&@_B%8VXzejtDp`-e`$sx`=Z
zK(7^+xK3|)9MuAjif_ud#qU#YxqbZViWuMLfiYpG>u*Tb0GAcYOIH0Z9yvlAK{)4z
zMKX75x4!2aZI`p<e{qefORhpVhtpC%MS(yq=z9u<#x?!dmo7i1`LtO7+p@z`7|?*&
zyliK?la|^}A&{=|j5$(2*yFi7a3-QYsr#dPU`d%V?!Pk1gD6uS1;+7(AMp5MS<j<w
z1;~2vzyTms7<;3lKuO7CLy_n_;p=kDE)6e~@4EE~@ScL{L8Q{;vb_xW*9GcoLL3|#
z7Eliq!cLw4(xV765bJK+7&3{&Vk5i#9aP%p(D_ZhDzG;T5bg*R`%~IOLMQ(pIf{Qe
zjQsbPm&E})sb%q``~R&k@^9CN080X35(CiU|E&b_uTL$ZknHIJ1<SaJ5BeQ0qJJka
z@n6v7llgxWk^CPKjX!@h5&()P?XD5Ge=BhT=wAdN{_ijS&!_bwU@H3+!au6~?UO1(
zPCWiU{XF!WNB6f`oaGKiaa(!p<<5(0=LVx|Ie;Y01Vjz=FXM-mDOU96TYDJa$Y`aK
zhddrBI9RC!$6HwcUBB&rM(AYl&#CZR<>6~*^o8B?u#YwOH8yVvcC16PHG0a$xgz|1
ziFqfEs#1uPorbkRpBu@M;pJ!Ed?q*MBeK7<*SzBYqr>t)_xsm>-aZb@T3%~g6;NNk
zv{H~7>A@@5FzOcDu~tSx;$jlCUi4tyW->6^mwEd!FhTa@-{oBYwL;bnA%Kd_tf4)R
zbtDC9k{Pwhc*=**)G$CvGgC+&(q<YE?XRAUvwk%Ykmq@cVU~l8#Nz4oZ#HZHHaRRZ
z>y`9>h*2+$b~5r-#c80+Lgpv#0=Y|4h^}3^uC`m;&F<a>T82EZwQlw*j!f$CLSx)8
z3dB~PzQ@>r`zu+th|;X>)}9fr9=ZV>!Sxe@wn_!89iqpckauz^z@e%6;t@iXs@FT4
zd>Dv?s{DTp3NTXLOTpdx3XlZ>FG!0txy00HWl#TCI5<o;#I>w*^wlQ1Jw~+}3sPCR
zsPI`F;yysXq~QS2E-k!a7!DUtJxBqQq7YlTg*I%{xYcT{&XqwvfS|-zKb+T(1L?yN
z=amDWgNnf3yGdH)?SD5jkx1>DAj#EsIx2OkA9sG;u$7oI`!mHvj=yIF+!B+T>RdwY
z%{?L>QGM`($(0}6k^z*Y*G<S6!<$<ep)p=)JKfv-o9WJh-bJywsTGm<K#FK&=O4o%
z^OQI(AqM=l_^jmmq1&>V%s*NFX3<Ggo&c(<xB~UQTmAs(6g3nrw+-kkm6z~!r<y;*
z=&}&XyRBs)NtHK*mDs$hvGt{{ovkdVqhK`;uxc8|*NkA^6L`y|lXoxq&XfJ!Lv6CX
zhUGIr&(x&hEYO+#qS~sA`5qg-l8P)JHS)PfwBD6gO?i;$zXHy`7T15jhwD6mKOb<m
z+ceJCLuAnC;sXP~-bAEpI1I7w#2v8va~(5pGf#a@5ZTuCi(IY#RP*wUuU~Y%4;euq
zY*?l)I~bcXqAGmNrI>D~3+yA}XGQD6CSkmn0RDnFnNIT49XSQ%6vkJM{4m84WDZAk
zH!8Te2lNr-sk)C%f3rmFqPvL|APnBf`;%da#-ZH>OdQkwWS&>t<JR5fjgKVq^M|io
z3A9vfQAQ$by_e+S#Eqdb>eiL29gnh3t9WZOb4%GM^$L(uL1&q%u{v~7Xt2nFXcBEo
zc8Oh{{e;)w41^}t$s8E0mM7-8b7R}Q-)1-_K*{7dvXZykAJY4K<0^CoXrDA8lq<kd
z-JQN)5Nd1F>PTvA6^o54FlK~Rt9e7ppi#}Y&8DTq&xZp>!Oi?XBf94}mggUse6?<~
zfyN)b-q!>SpI}|QL6Hzwm0`wTbUY06H|C|wW(n49{y_P8NESbA8tCu*GDMa5f#Ao^
zZN-E&A`ur$Wp5zuk;p_pZ$acHF}M47OYQSNevQWwcOW<-VzU(4)YiU;L|!f?M1Qxb
zK&uxeA{t3;^pyl?@O}$3@KY!c$XFQm{sa2FKvmnhF&3DcEGK=XyF^Rd^~Z^7n3z57
zH5+-5!hIS{ONQgWTaEo&P+z41t)jq*qc>Z93X_$-fY+X=J1~3Q<_E|GwaUL@QY*lj
zIS|tN<&d@Xf{J`aJ#K&OfdB+emO-}Wa}CWug=|H{dPdA)Fm2qGDM`0|*drEA`-c_p
zze4N3;%zl{P*YrBf{EUufP`)gg<8He0egMJ2+hL6W5x==4~Hgl!kG@S`B`#>{NX4S
zzx`kmrG=g%3$6PTkykx-g__;$!-q@g=wTj{d($m`I}SOB-jM2?8JJ1Bc9Z|z>Wupn
zz)GFi0u!mNgUP+`gBj?UBBlNOac@^p5g~h7(FX_K=lrx3wjNI}qviq8bQRs3?QgUT
zEhhnxLOD~CrPzA?js5R$y#DqDAdc@A6oc%o7AY41I+5k{{X#8>8E@TYg)2O|{NrD(
z8`koxHpH^Htj>Sl(x^wB`E`-H%0SpC5I|eO-tcnomyk4^1pziCKpXwPmU>VVUXVvz
zpyPQJh(+{KX?Y@qNxH8iFvQ`oW9RU1Ce?@-w8{^cf7v~-exM2a-#bzDc<g%6zh>iq
z50?YiALUC^Gh0|MB}MjpNfaR^1+R=_7GvVSiHVC8C*QEZ)#ztJ;Q#BP0pm^5Kbexp
z-rMt{e-}mmw`EcN2Qp}ccjjyK|KH*NeH{4q-tO{nz`MAhR$`S1D}|&KN>*~NdYyxZ
zlM%a@xgCmw=!=BL-weY4?}`1#r}oG{#}tH>M%XRDFiyo1xI-~r-;IA`!|3W&7OVM}
zz|>freo0W@2ma&eu|_vm5UETB_U)k+U*A3pm$3pN21XTiM3{|_L-$-D*fQq*SaToW
zxB|mH=l7j>E--c$jfe5b++Yu>K&&49H^0LNjMueJ>BDIiv*@22iCE9VwPQnl(&F2b
zPEY0jBKo#I4rEOcd|M)sYVJqRq$!oFlH23smEHX_Xsc3i`SXR;CT4G8<xbUV-a5Mk
zg%|j!S&MFxCw95muuVc=^L;OzE6SA=vD5L{pnTVS!9HY2PNYYm2pBPvU#~%9{fQoD
zE}YeokWd?-HTCRxyL)#-x}JoOwk!q_%li*I2prk>LE#(SXKa$4f429s0Z5`~>zyD{
zYmLJ8?Z3-E|MTVa`;#eRrt;-h_~lHgmV03WG%{*9Gll1abz3{wj7JHRyG~;Mr!Yb)
ziWyRTr`oVCA3%U!5mK7CA@rA*sU7e`g*^>h6$WmikBUS`u>iM;?)T=T=0AohXdWTR
z<3r$Z$makc9~3h)_>&J(+spPOx%Koe!ipaoz<GWM8_Ec=+o%JR`Jx}elLQXSG#QP?
zGHF-7!hL0kw=ArHBsLQ6QQezJ8Xzui5YuyR86N29ID$D#>;ZcnJOCI`5K-lT`c{b3
zx}PsZA|k!bPDnn?eVNQ%8Co|gCDd6G5I1lIL6^HQO0FwI_99d}exGfRqc&z-!m#B;
z0X8Uc_ShWYr`LqOm=3{+VriFOM(j<M4cLMDRi2a6JhKYkrvx||dw>#=p6Uw!UFfCh
zFxyLNgr9Wl<Rs|C51b9e>Nz5z9rK*#vcXBQQ7z)Jy%-5sXzP2Gj<5X%Nn~G$=b(l;
ztAA}*L`C9j*eq2ahQ-$Sexlcx7uUo!!*qZ~#}MpwXOBzLehW&{Xbfd@*$h^z-G^y*
za!2h46i19-?*7N9{)tl3>!~<kLqWH&Z=`}dd-(5`+mYuS7C%;g`JzmwS~WGK+Td)L
zM-BG$<i9z}WV_qr*r52RtJBv<T+&mZ;|7DGlq=sUxGT24f%iFyV5}978Sb%D59E&V
ziGFY*TR0^3yfYB8_QG4mj2U*yZXsS39~r}M|CRKlPSc)Xv!|I=ai8U9-Z0Ft<b(oV
zgu2a(jY`f$Ft2;u$xh~PldwD7yXkKMKYOQ01NH?|D(e6sODf7@U-b&3g;#cIKdyDh
zUW)qe&55_XNV#HGPMj^Ndo6FcsJAAZHnB^kb65D3>fp*zDmM67lMyC|j~T^AB_}9A
z7VQnQNj1+PeXZQ2$1FTjyo%bWi#X)sQ`GCtH5H3tw-eC@k|TpVg1!5}$bX6v{_BXl
zY6vpohZURLg+hlhZWH*bk#WnGQAX#EUtln3l`5C;jtAP6aHBi}^uVEGcoHb|Bl}6!
z0^HZiUy`StqG1vzjW~7kaZTL1&$drp5c7hIZPSDrFkmek7%Vl05*_lM$sda2qqQ#_
zUJL5aJq-}cGuxqH<%JVJUJ0y`x$Z%zq>z78ie6ltj(p~zao3kszT5bX%f1IThI<1>
z<-0oN%{NU?&uf$g!ImJa+B36v_0o+pV_}GT@9*NC;N?@wSw_ha5qmoHp9pzpu!Y*?
zgQDB$f2}nmU2TZUUsZ+XsT~thIeZO&&g%-KVpsKkZu8spr;!ZrZMFF=Npv~SA*|jv
z?y|ITvly9g;NQHY+r92BwOv(Ll=?hK%MDW1@#SoIer$05RbEWnoyllodytIzm7V-$
zGTQEu45M4pboSe6=)z>R!1mC&nt+!e+>s0|gu0<q6$iVODn&m0qt_>VFfe$#)V&+)
z<LoD{4RF}Kg|4EUSgp@qT3WEgB@dI97x=XS_tStHpl#-Gn$0Bf=PzV*K%9*W74-K>
z<y{&24U0-FWBF_YoVr_Uh#xRmLl#c%<@v4tl4Go|h^;qLP#_)sN&pWgVY*jkL*yT&
z5+K8NX2r|1G?_8R!X2<xB=<6s>IsN5p#HqBp>D%~*h@g5oW+%>9`7sjdy35|^ab9g
zw0B8c@1Ls!Lh_5sBd>_@RU`>Q$MyVpj<1N8JDoAA?sH}s(*yz9mnN|*^kniL>^h*$
zi>Ht18c!&!ZGH=Oy+vcrzAAHWH~T#|={Jd6+hwzF@!CaoX|zzXMQ>q^pEB?j@eU71
z=tzJy-SPaRN_QPm$PQ)g_^ujAyIUg>riK1$rJYfHEU3$FcEncZeOZ!b$1k#sg;pAF
z8Rwws;qf3@Lg?Y|ULEv^^iWb$<z46ec;oohFucz6kuOBjojNN`>Eep*7$A_;yyvru
zv8<FGl03N<8|cNMXY@n2n?K;jnKHZ!c+f<qs}_spD9%Yv#XF#uBT=Pf*J?^CZ|u1L
z$L8Bj9Nujw0RcM?CV(fX$<K17#3F4;a}^&~At0zCuvS%vHozbfT@2IfOFJw8MaRL5
zHm7XEk`eX3=;w<(-(-KP=j-NHYoY{GfTl1toOSH9DI<V;?Qqu@97+E22V+5cEl5&2
z`fE$I|02A*^(>^Y8_=I%#FI_Vrw2;idTl5A&5pip&R<o-Dqhhs^HWyspS4KTm>ul`
zloIFZ#gnpGmN9{Yke>NC;&z7v?;j%`W$UnozacjJWj-}G+oU1mz-hDi3kz)psk-V-
z-bnROXnDx52Fq7`glp3>zd9LUO@r4+H8f(~!hVUCzgLfvo)>!$%V9dNx!`hHI~{Yk
z9RCu}V!!r&)cj-f{b%Q2Qk--@@z*r~LF|f0vV|60_165ZJi)Z9o}$NS%DWN6qD-#;
z7(^KA6L+c;JuEQDNsFfcd>GNTx~-0k%oh(Xz6!cTa4qD~sEG~sP;)$+jN+KdN}74J
z&sy3F1-+8HH@#`N%y;mc!yJ{XAGQb&95!wSHT=GW-#$NqQy><kND50r)(ZtAV@Hdp
zd=L9FDX>&nRMOp_QX!o!Hn~#|_B>(-Wv(EqnG(Up=%G7WEu;jf%4%@+(AADI$x7bj
z{6NH<3f*#3usmPtaX8k-MIq?C&NtaZ=wc4HW`?b;u(CXHst-Dh-&!w7U9@MRfwowg
zusCG{U>dq6)=+!OPmL02hW$Qcz8kQu!KKI%KT(w-26bOp`_5KV^FBt$f|njFSfXlw
zI#a>rljunSaaP*8M)kVIQZr>tV&~{DFEd3NmgjFk_+P}22FkJhqEQnEzJVO?B}hB2
zIxM4eiIRmUG71e~n;Hn$A}Bk2D$`V9>GyEFO><;BNtiqR^(#SNGVM8*K*^u<Su8GJ
zf=~g{@cWT=#%7A^`-$v!(lDa@X>B6=PCcETTe|xbF5tKg8f(!0Ay;nJH+{@yBdu!g
zJbq)+{|+~=Vdj8|k`?8u;t^i?*tkUV>9c!g#n(XBm(1+y@cSaJk6Z7GhcR2txjqCg
zh~(0}*3Af_RF^=}@5BH>t32rpxsctGOsr%Tv0ZgPM`9F24@CbG++oA8B=$uz+IcBq
z#1*TIfCFX=W@xhfUqa6&pj8r(kpf)sx<>M!cs3J9Hyb*}GaySq9^?{~^rlem^@e}o
zW@3=clUA?&sDv{Uas+V+UvFgWcZ=GEBte-HwU_0geq+**li4l3q567_DruKJev4M?
zI?sbZ#XGdY3rjTEjm&CrOnMO(CJokTWq?w6`EI<pvwHjMf#<;|3@LfdSp|qHJX6C5
z>m@r}&jPK`g6ME@oyl5$bAbZKpQNL<v?zT)nk52q?Y?T~Mo`tsrCz<)fw||iaV3wK
zEL-yn)>^7?hf}MTU~&Gaxl$3QhV(VHqdc%AIn^<KFRqHcF!ZF|f*F<)o?&7o8cIq0
z(AY}bxx2uwWDyH2EyYuTuZm~3mpQY_;!%Us!0VWZ2a83L3R?NFg8^%5Z;4rC>k*F4
zBN)=yA?*+{m>$-fg8P{Z240%qz)H&_KK?(??|?e$Ga?Mk^Yc>S%kF=gS^hGFH_((L
z5RF1&h+^PH__7dc=Fwz#xL9@jqr<(@Znw2+C3Yofg>(U#Fam`tBG-TSs|)LSl<J#)
zmxtTc<ubwRfMcKb^Bf!}=eHxL$Y!P7rTQur@A~MP*!1$0s1Sz@zu;NCG9ca@Xqx(o
z<aLdIWVnDaAIBWtRGn>msU+PTQltrY(&+_v#def8t3jzWm#>=lTTyM7w^jtyelcSg
zKPpBgh)DR_C7!U(Zrt^CouAyBu;@-6y^D~|)QsMtcybf#Ln^u<ZHGBT`8V$|azy-s
zoeak$OagO^x;iz!1a(NfMDjjFG#5zwZpS4gYhs6(O6(RwWl0=Sd@j?}8|KxA-nLIV
z6l(`7#l#z&&T?nwN8<VW9z=Kbnewi1I05ss>zzt<fG6TSCR>P$pxX@~c$xntQL|p6
z=+}r;lZbv*Pvm_y)k~_yrUoWBj4xU>w+9*@Yo6nNa6I#lqI#**hlN+e<?T<Odp{<9
z_sk5p*bHi0ci)LLY7-hZ$$`;&G*Tt`qUVKWe-9ciuJ(8MD2jf;m@M~I<FM=dI`NH>
z!?(stln`@lyVuA2h%3AXQ+Cm#uq*c$UW|b*BX1MFPU$+7R`0qsds`z5b^c_{R_c%z
z`B#?r&)5>A6Aj7ys0fjyKiJP4qad1kNiw}NopJT+s%+iKHMKMu)IXG9qQl?bknQ}Y
zZi>N?QC0IopQB%s;mI3E>eS>S|2ue|imd(A2R6X1nq*)KW<a&J`tlyaVGoF1oNR9>
z74Z8X0^;Z?pINHRCGR)EQS-F4HqJ78!Zuv}kvR0~ASlW8u7O95Tmqrdy=PCqNTY>Y
z^YMGchZmn*@CHP3Ooop`C5`Qt3OD_sf~q#Yu9l)g0iJSYk>0gN*>5JReepRQr}l?V
z)*{0bv!O_^R0wga=b=yf!e8TvRVh(tMzT<<adXc^>DPbXW9qGaVcpN|utRVnA%iu=
zn}EY`cf)&p;=hCWkah1|ryzK{8!Qibh@S5PIVG6c;bC66GSXqJu!@F8B97y*ILEYj
z-0CL%rtArF-2M7iOsE~z^Huq6)?bone@c))U~;soq3-LFYKx(3co0(LCa&r+r&+Xr
zwIAy^{hN)0`I9+o>718He~+PIb;i&}_hz<pE1Q4yY@H}>`HW;tm)|WRbJny5H4ipj
zUAUH?Rqu$O-TFgfCEY|KRVB^^VV78g@MSwXQ^_^_nw9A&4Nr4^sH75rWajU*!h2^d
zqL%Xhcar%0R5^tcb{1`59=zleHV-8LDp_cBM-cLJ)sM+bi}`^92^S@Z*s`;_?i(d)
zZ7B=>`EJ&Vj$~PgyedbK;chb84Njks+m5_Hnt&WG;T_R4yhSwc4{coM;)c*$rLzK3
zgznp+>b#}Fa<%mL@>vF|%mu>jn2$()UkqeWgXU#_5vnB8)$&w0Xy|Zf`ktV8J9N^G
z?oWO;(LE0aiy9gHnF%q{D>wI0&?yTvv=>4nR3+?3J?Qs4S{?%0YHZN)hi!id?r+dI
z{2822^h>IxC%^ur|9OQVr)sBJ!}<an(Kms+b+Z$x-Jaxmv&EC*FURnH43IxRoOs83
zo4OY9y?YAJr}g|&Eo7w6p5zw@;!eA~Vo52jrln5y+0)<$W1(r%fC0PAW+&72i<Q!5
zdYt+MCaLv|c@t9`<T>6*sAVrN4Vp5AlZkR`tPye<*S2c9+so5!k;V;LJqDd68mL(P
zHR?`|KxkMefjwbl^6Pc1vdx*b1-Sf82g6*0-&YF=;NY9~0XJI36cDp$Tdgk=Iu<MO
zF&6Qw5%uDbRUE!(30q9xbChaY5t<q$s<!UnE`gqo!;;3WW8J+-d&Jnu$3U9xKKdK$
zVBwQ1AH?yr!#1U19(>n^5MA`MVTqfQQ=A02XR_VTBFBYVDxr~$nR$}Mh54)u+b?c9
zP(xE9D?pod=8_=Etp}St86x^0hMDmgbfoP}%aDdJ2K+aG8Pqh+32tN<4etjNa~sOH
z(Ziz>u2Ji>R*}VfKO0^IzqnlSry?92|4S+dj>ftvLPqMlXGD$=ELow*a?!1+oBfTT
zAxgz~^)Qd@D?FaDM*NLnisN>K@4*~*`<0d^7{fN84qr#02+?zeFF>S@(R#{<@%0Wv
zVIms$P>R1Bw_SwdH`dAgA)1=H+S%fgkKp;K;2t<bh%+uTs>2JTo@Q3OhO6aJCdea3
z-{s)&U@j!UQJ)>9DvO_@ykAiF{e#2uOPV(k%advG<l-B{-z;maek(qP9eZAMO@GRj
zgC&JEJ!+^95sw`PH9GuY9?7L{Rke^!hr}x~h&+}q#_~Ryf(Fuui|g4FW4D#3YCREZ
zB8U;6L>v)$4ZRpM6gzQ{r&>#?7j*S)e`{c_gt!rOG;WpR1JHcXXs|~7srU4uQtfpy
zX3T=$cK~Z{B=grW3@c3$^{4OzLx&tOhKS!?)bSi#>Gu)~a(ww+aDDe2vQP9lFtcAT
z(aP+#?sp>S>ARaGO(8k-X?T&!??ZcnfFJJ(;6ZTYl^Lo+E-L++2Y#%O=Lf9<e2*CH
z`r}DhwnA7LGIM1GrTN@L0xk=cNS@{pSGCW&+i`16C;O}@@4T+=VCaL*ugS)rI0h$Y
zA*#O5Q~B87qPJu(6lf%dTSIh`qgVaGB-p1erv=qP6Mr>j5TytD)eP6;34yBV&BI9j
zC?GWC2puOiU#!2Zk`oO8-2ipY_!y|#y>3<^2^0u*y!3DL|G6pscP%a`2M#D9r!4h@
zpl}ET=Cr{5`$v~X2?qY7$@_r&XXuvc=DkBGf(#i?Ue_YDbF9#zQiGSk!x?iJdIauJ
zzMedG-}&(ccQ0SzzdR2ZC<MY$A*_)Yz5Gk;_(w$@tp5iU^krGD6XX9bW>X*l-F8W|
zPX2c8zq#PcA3(>umSkVjzx@0^isleBz#}Ds(AUM&=5H=|Ck9-w;7orj@E_y!&*37B
z0jRtjH$P9N|K@^)VBmt<9py8(zv&Zj5CQ{kb~3(E^q)!Me?L<#{GSWPvbGO_Od==;
zA?URe%;r$EUBl{nLcFw_LC-&@re7L_O($#Zs(T!~))S6N9&^wV4D6C-n13cQ+virp
zQ116!NUrs582I6cCFVfqphVBdmD#=jVatSQ4F#xEV90nd$2!W}WkA;rnuQWJ?=DVB
zPg;+$jy`^EF`#gmVq8z4qlR{3hV8CiZ}cB&o=gvMEjz8X)}Egft$*a_YxmwjPxhXF
zm@B#ec~0M;fb4c(L9pB6VTzdPNX$0+Bl-~`wEP;p(^rnrXC6=OZCAFDi5>Q4^s}}M
z;w3>=P{~t|^rdL4nO?^-U>Addv3eS6D(LXAxAUOB>!8go+`#mK%m^`5{L+g)pv<l$
zdSz(@uYzT(*ZBUp`|5DQZ01ssRslvK0}pKXxnmuz9mV%qVqQC-8^1=*8q>kZtM5Zu
z?10|8WC8K4>~hK5s~_Wz-eZN;M&?o5BY6fb&RE}E9`D?moiA;nkIjA6k&w;)NYg_E
zzJh4uT3gz$`pw;?PcquBM+;al`QCvX;NWt#I$A}&`8Toyo~u^C6I5gmg3qElEpOeL
z{aVz>VHL`u36xDo_rIrjJUpLSAzd%XrBH#{kVK6Ul6!+yI&V*i%c?;jzS<Rn^*dU|
zt@+0jkPwFl)7s`H`2*#i1N$#)@%Dsm7bL8d7$lDO1Xo)DE@pOVxVB9%K`jZsxlc5h
z4uBby`C?SvhC;jNY2MgyQ39tSZy(*w#Xe4^U<2|pejKmuy%FAubTxE_$T{%Yj{M_E
z7vtJt!`d&Qi>*$hu2?hwiNo-X^}5dd%n}3rVdIu$2696#v?Jr?qNXrl_veA@MPZ@D
z)*Zn4jgFrcO8<0xaW@DJ2~|3mh{OHjc-F(T*Kw<-s58x0AErFO)qN~A-LtfgscLf+
zY5cQwCzNd82#$GkFlgk+!?dr6zD{6q)ul)t6rlADC68QGY;1=hpWETfHnQod6<q#Y
zKuOOvA`W<5niLjQfe8uYBBZf^Dbh|Zi4$m>mT5r9j8+jPBm668s{S9EzQHZ>@BKR)
zlU<Xs*|zP?oLpNQHruvs*KXKsx7oGXcAM)rpYL-$|3P#0KKFgji@L}!_s0Y~oK{o0
zq218%k}E9iBnC)$fsnqhqQ~L!Gp(MDqbNJVY{ZZaemafLp})r^5wRj~qZX@8HiMq^
zd==^MPgb#Pmn&eezH5}L$DXoT=+Z3jbi0#%n8iRxr!j^N{YlR}$66e3{l3?qb?^mp
z%Va;}m(%lUYK8KR#yyLAHTphX91Qb^rIAnraR?0j2lm;=D()EAxbtJgY|N_%2XeOk
z(|$DTFAmh3kExIQ2Kvtogw<`n*S<9d$a5Vo9OX-WJLgCyZ{@&q*ztnJ;5d(j+<r>n
z8d?r=X0D;+GI}BT_3=Nc|6WS;#ErIh_To^xF&#H`!8xD$-5ijnG0Yc5b=GRCoP(NB
zX0FY|+gY=u|2D;U5!{P(yUCz>_#uD&a=?&{f!Q#AbsXr{XDK3iy458yQG6ga+uWUx
zm$vzEm8&sT)5wLDgl;mr^~NJCy_wy3mH_}tVnVan(ziPN$-p*QAw6adYN2t>Dgcwq
zEfpIwWSbqC24ch#lYjW3QdaMu<$7~L#D7d+P6!#9_orRFhxKp_8N4_8dAu&VDre0w
zMIH_(0eEcb>GW^hfpOmU#97uaDyIL@m5PP^Zd=5G#<>9zD80pa`C?_O;yTRhZO+6E
zhtvv*yp~MBT_BSX+=y!a%*-QervuvsCp`(rz~^u+)(A`9dUz!?p|!(SBY3;9t%*QG
zns(aOJsTmsox%*Z3_sf;L^yW+u9*6yM2IkYf9-!pR%;}VJatp^rvY}uH0RqXD$)Y|
zXgD(io*Ft*%Y6h!jZe_oJl<PR0rxa7a#t++y5~egFoRz=HP&*c63Qt$y<Z9QHmMI-
z6zwnOMGwWffQb@t!1*W9&!g+N9SaYi3xE&8;^Uq2VFuQDl7LvR0*lA{IdjRhA><qw
zcry3teO>x~-R;X@Z&oUKq>|c(P%>qJkGWQk!_>V=dj0kx<#DsJ@|g5uHDRokVd?2b
zEbXFXC!1f*STe4Ou=yes{+j+Hu-@wF1~z40rYb{N!Dux88wUNn1!R54*PZhnCDkHZ
zg+^xl64@gL1IUKLeut|B>70SHKDSoy3(oa!Gy9-(g9_pm+U18YdW9HN3Ylnz0zoEM
zFMM8S9Uk`ZoxXSS^;68c40P&s!X=8?1ol|8q09K$+q1cUoF4A|JofOqj0K++7GTU0
zwAx%Qu%DiVwW^zLe|pMnqZwTt4($!K%P<MT;@&V$Vglrn%R|9F-Kd*Kp{d@tn|2m8
zzMXuRjXoMNGmrQ~5T!s$%3=b!H>8uRb6EOx*Y@EMWkRDW!Kg+FJC&k6I=F)o>QU(q
zwy+TODN5V}T-ge*<o|FleC=I%b(PDihB<nqN5XD7jn4gBu9ql3@(-;$(a?a?L<$i*
z=ufz%i<r|(!IV(H(^%!46;2ujnaKZm5CU$QmnQ{qSp=43YQWFNIQUWy0ny8aNMN^=
zLF)}8M4ZTV=t%u!$2Tek02u?wCBVl9Gx+EX$m?@Oy?*11%zSb_q#h^Yfk-w3V~E49
zq!P8Kd2^2(^x9oEi4k3<0`+g@^QDnz8|&IgM=`|}TxHLDg_yHNvL}NtzqJ25fq+Rg
zuM08kkIEalzn%bHE`4Rj5fW*Kp&y0f9_q->GCuYXMX1pERWVxuqFJB4XQI~q1N7y*
zZnkqYoSU`1oyRD6vqhjW!_O!y$n1JSSaf0y9(P;1q)oKTr_N9dE1@ATRN9|IBu~2p
z$>OAgf;LbJox>2kQTW0>7KF$HH;F=1U}|D~`@u@gJ^f5&vp4WBOTmxJ6pVHg-f~4M
zGuM4Z3*>G`iS48oGUCn)WU`r%g`9nrY<&6cce(6AIQO3-J3=1ek0&@ekM|rrk_+>V
znkcoV$2n+-d(c8y;ehBrMr9*7^64;1<~`ZMkh`mL$t#2m2eN2W^q7&q_O*8$wtr|6
zAGH7ljHT*?9>UWD$>n3~@X<Fo7%UZ-(a<&?V9QGo3l!5pqDO6XP9CP5%+UYFBJq>=
zC5TV=m8r*ze{5l1-G=7j4R|X~i$nS-qaHl@zM+H$x4;TFm2%Jq3qBE036gfAgm6SO
z)2|;t*X0Poe&oXOM&0S{9OcwS?*0@Um|oh<o*rtnZw;%!1c2d!{%YEmn-=kf^(swv
zU;_+HrXvp+KpSLR>vANc`Y8vY#h?}R_I%riyoLAEe3_Y&f>P$+c><67x9^$Hw};_L
zLy;ly8A4w_9bZeoeBC}|diR!jKfZDZbv`H*{dh~5n#CX$@<SO>&IvFdiC1fs8_N`e
z-yh3G&U@{IcpL}^MjB#PgdYA2MaBu^aop^k67udRadcKMZE&qrPhgNj@;E<1q*c!R
zFg((0s?fQbKbqdTPNW>S4gkp|Q+!MP9^2M8H;4Ic$Bm5F72$H7>$hUD4oTgR0XY>F
z%*{q6kBZ=6ne+o;(KnGx5crr^FDoBa27DL3R-vkK{|lVb`sL$Uq53=L*!{5IQ>VpG
z=(mjV_I?Eb(DZStRV}{R>Dfna!`|5va)j8JF<0bZZ(m^9e7ddP$_mqi-e<Lgf8J;H
z3uP0_&W?!J{exIgVnS;yhaL+won}}ICF1YjI4znd=n1s?ZNL4nPoE>`hAF?zp<m~!
zE1NWkR%g@$r;yHq_bB1mU(frq;dhYUqOJH&KkN?HN3D?aIsW-(2Rwp;3o}0b&2zPG
zF&wYOD1zL@#m-n`xfAMMGcmspzK?PDf_|*f@2~x@%9!wMS94;I9k)PXmt~>;Zl2D3
z;o#yCup8=_!?+zpPj|WtRjFQv?XuqPi~PMCqI~-FOrhw8sGGOs5A46n#{P@>?1{Wk
z?l(eo5r~`JzX3<F#ZFFgj>*2Eq^b2tR4VE4_7@srPBTOvduNE~_1jn4`S4!myTh^Y
z1b14vZt-;_Fdf*Ll0JxY==nme0p|Y(Iv{)}4q%pk%YC<}mQCtM^uObeSP?E+783JK
zSU*P@5_bFXQzeyPv)d0z7@b87sXQoQs*O{JRuM@!o@JmGi|G1}(6Th0KN?ww`X|;I
z4c^5SlcJ~(`7XE`lH7fjJE2mPYsba&{hFP(#ifi}fAjW&+_*Gu?Ux>cbc5Li{suJt
z*_YqBu$7JN5#br&LQZaeW8T$Ew>#cemWyC?6&;X?!ukBuv=9JZgtKga>|)*tFj4^u
zm-6{y&8_|jf3dsiPwp>eK>5C=w!cu;v$ItBAU~OoXV-KLKlFuXF*|_t-YTz!9A}uG
zH3l+~HBks9uM7S4tX@ue`@I+XFxDY_+#;ia%leS?XR}L!;Y4?R9tWT<XT7+Y=XFa`
z%+(r4KG4bN^NO|ARs1vl_Z;>3&@Y8)qS#0}xDb9I1ys;WoRKS`(#UQgEvC?C%$p$z
zT6=H$(lz$4e7@FSOG|z;J=-ab2!3rs;RU@AvWeWuOVXhQEq)Xx`yIe{GCHqZ3Qv=`
z06Lv2+yzGw@zzMd4M(lNkm|I|#lspJ&a$OPmB#CGUmEpZ^XVLyo<!>KC)Nn|mtX^J
zl+q((BA_QBt(a!4wQ>JXzPXXD>;Sqj`RkA@zP`Esr#rT*K}sE;m&DmMIo%>K31<Fp
z^FC01H97i&>r=p@q{P8m17E!uvs~VT4fxxgE^084`n-DwdMNk2xfR#B^EDTb)#DY_
zlWudYIXD7C{q}9vM@Z##(CdN)DyWcrSV65ZI034)(OeA!PqhB-D0n{JNaC}0dB@j!
z1$}Q%NIpvY1?x*<@hz95|7a{yA+~yVheIm``j9{(9jM5W!EWpg3*B_*WW?*e=YIQ<
zB5tPAL%M6HX&5=)SVBy5S7|8VXa9E0UiA@nNWiA3pvT9dkgJjZDo8OA3~z~wX<8~p
z3NYLRw|HjQ25I9*7f}wEB;Z%&)={L9EE{T9OJ*9-sZ;j{bdXNp5X5{L1r8`5Smp<8
z&;0Chxb>@ipBM^|HMN7yUc<pKM5i#-Kr>{}L=<x_?f9!DB-P{p%&5u}ALpw2N|+W&
zTzFR{zCT*R-?qS@hQ<O1lSuADbO;G=P+bT(;jr!q-@KE5d@#YwZBWWTL#sQ9WzF~4
zW^Og~EaEZLM2yH1`Woar&iDkqf+rYPADTU~EIGdQtbl-U`?&SXGg_zq@1c@vi!w<k
z%{%SbjIr-TM51a{$Yo=-dm$WrcpPz%X|eRlV$v?J+Z^bp0`|Y>G!nsYn*m1eFXF1I
z2{m(@BgKy1H$_9eSFs`qUjj5+o6vMJ1Rap<SGx^sqg*|?+e`L;OvRQM(`ibZ4Y2-&
zrg!jmKgWiIsW0qbD+T+y2yzS5pOILtdm-K~IX)(3GL*A%{t>0T@YHNUw7XqG<zE}G
z%HveZCu>%!_hnhMKOuL)-%FHUcY;4=Tdk_z-tKoP!`CVQUjNStu6E<{>6|dXVEB{R
z*R0@COaK7~C?IpbOu|h6eQV71@{C8Yz^X?Wf7`%6Ilj*QW4#Tyr#R}i+3f<~02*Vg
zo4kH57T%MN4a2N!pDrTCGD3;4!J;MK(SnfUBBOGHA~%0QanA5~ME8IO7rBPF1R8&O
zGq_bPTyL%W$JCwl6^AE~3;9~%j|AWg`S2z|l|C#{p$l(cZQfwf9Jgr$PB>j>0INgi
z9amqBE4C^Umy`!LXs9YsMD`j6Y6V&f_3KHcALV|_jC4@9^I47Ppz%fXK-v8TU7xO!
ztZ>(6u2weU)S^qBp<!QS(|*Ezu*CSQ47L0Y^?K(aI<a=1!#b1c%XRs?Pp(>U`vTn(
zwI?IXT{5j9W>?%lf=>R^-S4Z%hv=uf?JPeuQ2!U4m+t{&EMIF4nMbivh5Sj`9#CR4
zYCE0^0RwxCV_zei9D%2AgN7#n{g_)uJaEn>%@&PJJZMK4POay>8)37Xy^FkxM~#z&
z6%qp$7)j#7po-(1YK!;-e?<;Q%cezcAEF1fUqrcLWnSWXe~R8Gfh?FrPrPJOO*~_v
zo>Wbn1Pv@gN$t*CPV8%^kVO;#^~iq9U56;=R!K0thEByML|YB5IfB2r?)LLS$EgyP
zJxMY4zK($X%heLhElmxqNFwbVAq`L9`V%#gb16vn>)RrNS@%E&yF(BiHc~20sdEXw
z7%pN9Gg-Lgk1?R{(%Twi7)*%aT*{0;A^p3ox(QG&pB8;6uFJekFw5+1{ftzR>^_@Y
zW|2k+=+<7d%gbb`Q(*WJ|1|Qx`7p0X#$a#EN08^ev3v@W4r_s|-{!MSyY@Yd?D&wI
zUF_4+sZo`o5Fp*`EQo#1f}(%f|0<nCo{biKOaoj)&4SN##vSJH!NeasW6~=uM6i@Q
z+Uz!CC*G=k-4PoBCkL}fUd_vFf1VQPNn>L(12x?bx4l-Htch`Y<P|Xhr)zWq!<??@
zh(lJY^1{niGZl@O>#oLE212k`Q19d}bw#^=YCRivmc2U{(L(?V6KQ5%@+Ch!CPiH3
zW5&}1WL<TXJYP}bJdp+h?l&IH$idTuju>H6%GYc!k=9PK&c10^aZu0M<MMljpOYs#
zvF=0p@ufjKEOu4d>yC%Vfk_{0c2@W)g&kxf!!I0r`(llzQN0}qhI_Fqk)r-oMU8(W
zR~^v$^`Y;O<QBf}<z`Qm0eJ`k@5d6K|AaoSrFQ#<+0SKa=%IodSU`P1Zz^W%4bgW>
z3DF41C-EpPK`MEq;#<WdTARjGigh2-0)gJI;Jn8uqLstYG~y-=M#SXMa?*jfWONHW
zQ<7g@!O=fgT0`VnbU~e{&jB5Ckz7#0HMAc(L}e%np=l|z;FUlwmZYhl++xfM6B<@T
z9d@awWswmSs$5&G!5ulX5{`69L?th8rCgQB5td<x94lU^Sq5S))K+HORdS*`?|2s1
z!At4ClVy_<t$FSOlr*+r7>+XRVd{}5h#Qg0k@V-VTP<Yy%TKpUx$yyakAliYX87m}
zija-2=sO+Dpkn{g<suT|$x=??JbgeDOH`-fwGydl6G>e^dqhIw%OUb$gJZd0u=I2x
zHiA2>efRLNgN~YTO0+`xXn_b<h1g!q$E)P@!P8K3AaDX6Ud*G7$S?zWLvURxl+IkE
z@pC@b)A`xdP85u8Y0X%rK#7bU!cofaqE2KvOs#+0M+a0!<qRhnS5wsNQ49@Xi6xnQ
zP(e@chW^;|!o}sJ-Qsqoz(8HNR~WNAN_XS_0Egw~`3kUUWR8oZ`v_SV<1D7t2-A!7
z%PyDNwIY3N_ywLw%t`p+%MF*5n_2k1YI*!O32=5qn|*W-xnW&{b1Opoq3;o=fzVIY
z^Qlm-<8&|xGv)soG~zZNvKXt+!)CJO&87oBwiGbt*oMO>1SfO+P!|iy3F=18+DZ=L
zt?ENjs-;27-<4DOn~xRVr|{47E;l>As@N16>bEqXU2}*&eqgC`$Bh`}B{11>kEYB<
zmi2BNSI;!dpsQ&cgV~O8{6t935f?Ht)6zr=Dd%+ucK|NF9gn?gxKz6VxRxd3<&kRE
zf31dK`?qJ~=E_<t$40r8qnZq)AbkR@T$t;L=}Es-k>axJ$F3CBNpOK`Ul6{EybLyx
zrC<az6a_1ts!k1n{%(H^OBQ5@Y%^C97@f{6rh<Y(XoyJw4saZsV$yH6>y8vS-P}}}
zp%^3}PCCh>)Oh@H*N$o(njp#eFtyRqPgrKs2bDne9UsFk3LF@&M!=*jd#qc^NAbV2
zup2p@i!Lkzsw9srX8PMg5y_?W<9YXSl8D>(tbBS6tEnBRfRGAe>n!uPoPs(c=G$rR
zAzSZpM`z;7L-<0LP7zApZQ=7P?OT_3KTZ<^1$jfce))7y;q{*y1U;xkz}QZ)PV~C8
z;>mNec>amom#@*&Tko%rFq>jxS3s+&971{tmnPd~ZM4YWk14HpDuKNkR()Fv_pooe
zqfk3Dw~)6p$6XlTj`gS&p;%_reUH}vNndEHftmS2c=gN|AsLcC6nR{{pi$_txx-#Y
z39OyNNVf$>N$@{D$h9s!{SnD9U=-?CU`%#HwM?4K?PKjXKzEv>5bB&I3v&&DkzhN+
zC}8e6=k_ZGF5$xWzcFdneLpmaC=n5KZ|43$^E7u|3v|bnc^hnskTHYzU^~d&0fD*s
zb?kC?<7!n1EH<DQY;Dqa9MG@V_}^|q1Y+@(V4*i+WzEXMCWXNk?|R+cOSgWvZ_eY3
zvFj2`7%I(sGVlIoujM-JQJNd7=$=$QO=-Z^B+pm@GuU+}u)Wfbq35!w{D~+Y7!kH8
zixLuc{Ns~e2Z`-Ri?YK)qjN!^g`T45a+I@K99J<z|0~d64b1IQ5OTj6%5Z#=a}=s8
z4M+IB;yrSjElWyZ8<ki<C8GF0*1!cq@+XsP?Ql{78E?>S+SV?1w$q-yw9#DG(EOPL
zz|43APRx}N2DH-YCu>Pq1xz8MW;<FtiAVoC(a~VeEp-eGB<sOA@YQ$H8`Nl0aTE~)
zD>=6x2L<gcK~8=a`gBtpnu<p9D(sEI0mrrAQmG2&_N;Gy9g>m!Rf>As*7atq%{FX;
zeE|Of^4fNYi&_7QN&~0o;ah)82MJ>0Jc(cON*s|weK`w}<?jrne?Kh{7`IzR@tr*w
zBsEl_+dhmyqi*^IR!UGJAT@vrb?~bWR43Ekdz;lY*hWG~wG!<;>)86%1~IUI?2*wr
zmq(#RGD5QbO5;coz4KA$(PI>;Zxg2yH8T;y#FDe$H3f76D*j#3JLvk3TS}(~FYLCy
zpDOeV1)+_`<Y7xx?q^c~o8*21G8ysbpn`_owmfjAcBX_7bM25Z;qEz1?iS0v#2CSS
zypynw8GcWB_!5Vw-yD#mNz5q_{IGs0Nhbf4tO);x_3dl^@dcsA8E+FB{j08NE&n6c
zQ?Z#61!BZ6Z^vlOxCSx|J}~cy<qP^9s(e--vElr((a<Hq7Wl=2$2tmE5i<X%7&4me
z$>cXSVyLqY2F~&I#MKaDzo+isDpp=IQ3>_AGiJeB`f&zb6Is!UN&{MwPGq84Ln)-T
z>9=LxeBQUmCkY*AnhAMx-!qDY;VGoCV3UG{#45npegrc?%dDYzYKnEA=rr<%1O@t9
zeOrlDs`$mjZCO~`2x-NDq%J1FRWxLT%#PXaG4ym)h(^#I!_yc%K4#wSTlZ_y#<>OB
zbs76nn5n9#y!$37AEk7C)!5=}0pp|K&HES!iPI3FL8!;1D5ikqY(-w#avkF&Rn#Ca
z3Yb+zZ`>Qj&c|sK=&h*Yt02OZT8>4)oCSp9IloV6{d0E`|2o&2Atr&OYr84fMp{Rv
z4@+)sRuctI#(fAo=#%&iF{f3DuuTOAmKECk!4>~iKK$Z#CLUk6AtmC{cd_6ijUD2A
zxL|YKo+v{nvf=$WmqO3q7tsA);FVgnYfx20&2TLR{&|X2a#w!u_eJ2arGK}J3a!!O
zf78c*D`kfy$(G1QFV)_c>9(6Bu5^`=+@8AG+BvwCO@|mvP3>m!yI;YP^0+R6A~9F{
z*Kn#~!~plqvH)IZRadZmZ7avq#dNZrbtsAvslj5>cAtV``kneJksPSUZ3lPpw+U;W
zh+)~qY7)-5klbdrEY-=S(D}K+!t^PjP%}hHzomD9U|uS7op-5D4|eR_jjDXdrzrUr
z^Z$L3VHX0eWYY2T4tX<e>r0LRZK8UkuAuf<KMl(`FSV{RuCwL79RH&zx!sX?^fT?+
zr3l0UyDFn*LQHNWr<;b4D?B;;87e$xBhfEO-O|xf@&I{fRGY;bSVrBp_0e%LKj9OY
z5a^woW^vq|De5e!Qc+q=F{Bf|$62o3tXFl{c-D`P^mq1sX7tkRPii#xDI4=Srr6OS
zTywWAt4Egepkll5v7Oyq?h=SkxUL89vc+l`m=mXO$)`5jaB}mYaKerB$Zk>@?cP<A
z_M;?*Ilgp^{Q-q5)}X-CgJF(T)JDQem=O5WQmYoF!f!$Q)~qHRD^$vX-##|CxqsDF
zl;btDPOB9mg4`?7wSTwwNNKWs?{Ic1T(K{1KgOj2P5|Z6^_KdZ``R>-V|EHO4lBN7
zcB`U<+sUM5#-?tocd&rmr8KDeY^9h(!O|Pm7skb&@LdVbt9Hp6&Y}%XPd@DVLiKR}
z!JU7ZOk%==43OXN2K9<_wwXo>Z-aU|!R?_iJTp{x3Zd*QD48y*C?dWlxe?|CQ(Wg;
z111*ccKbnv|JWEcYQhhNXrfP__xSNK;1>WmQ2kDR4<6h1h6$s>p{gr#C)DJjg2L@T
zCABs2pa$5sz+3uGwI&koB0Tb;>WCWFe`%Y>3#@(xt3VCRrGGFM%Di!&bHd%?$#AH>
zVUjIPX(`H-1f-_M^1HPjJRUPsB0{7F@Vb}?X;y6M#`xYI(@YR7iJ#HZPH5DybDk8v
z7XS3IRk?0;(&3JLTxU)#uxUXo>U_Flc6vRPQ!C>I<jOGO960=;JstAIXFr0lgcD19
zU6sgKtIq@XhyUVSjf!>#8GYM9cX{9-%w#)!kxUEVU8oHKqA2Q;b57*Ld8Lj~DbKpD
zdU`~B98d}HpJH3DkvR6e6jda%3{-={8IGe>FmqvG=rc=ds>OAMkNIsLTb9f0^uS(c
zVN<2H)sY8;(96=C0-L@j(T<Czc_ISx7AR*Hpjs^xxMc2(e+TW~RVc~M(BDT@?+=?<
zV>2$m20B_X5!6sqMpWGwD#Mx79g5*})lvk#ABy$$c2@yNZIvrnw*D>$Ava7Wj#e91
zb~}|a))zOj_0?2AP!JL1^i&xGEj^}DrSxRhhgWcGwT))7z7{S@!mSULyVj?;QM1os
z<=09-#U#FknWLC<hwy}hhmiaa5A%iJV3;<A+I&Sh*No;!X9Y%Mv?w%~zCZNE#}3NO
zsMv?XD0=6;*d;j{tBpUgLNZZaw5DetRb%}jb;JBvT@p02An|CjA?3*SVP|aZ5>i9%
zoN6D};psV0MwveLdbBg%CuKcZ`C3x}g18vYPWFR_w-tC|fE4@Kqa2QzBccgDWYYab
zjLU3PvMddM$~Qm>v<`pUzU(r4Bc14H`&WPC<uc3vyBJ*A!hOEph5V7lsa9`D4gAOy
zLD#O=EnX%if#2wG4c$6j#M4-GTvxs8XlZN=W;)}EdYRO3=}#e;Z<;4r>5@4wm{)!z
zGwiT_(6s*Bj@o3qDZcPNTZ_EjTB)H|6dlm&e8J#)wkmOzv$YFkhZ$sVf|8400`^%;
zD>E}z&3t=LdPbI73{xU99X?+z67;>r9?j<=(+lzq7+<VDv2ak!{~}>wn43MWMh-l7
zQ7hF(6*}-9?G;lcVDjp3EMOHZZ!>?$V%XuTtP{NLo?nTmlgsrVI9=?I8bn5nvaI#{
znk~u4024B6Qd$IxOk%~|sFwA*Ke3PuqcfyrRId?i_#vCf)|1x^txIbF=8OgF$uPB#
zFqAY~uB2sCCe&J4?DH@W<%{BqJ<ujcw!>ikzN#}uCV%61mb)<5(MF7bPyg4SxcG9(
zxY)sjlZI8bn6*P3Hsa=0A38Y35mdj7y2AG5T-XK%#?PvrSX<B0yj}GnuVR`Ti}^<w
z?vu0M3yC7`N7WEa^K*{}!g3<8&E-e+&(`$!o`1QB2pkAyqFb2^)}Fvn?58uCuSL4!
zc?gaW7`Se)_5cZq&8|@IWBonPJAAmXPKd(eC=+=qNK*!3n1}Si-XS5EoA7{3<h0W<
zCaN!b`XB}!Xv~5$86Q`X1o1#k*?%nOb+Es{09~<NSl@ee2gv<q({-QRbkpUz7pgUc
zjiOtV-IQVUM+Rn+q!!A756Pzi-8uk;30RR^S80&@BLQCN3ah9He~UkmxU5YYf7m5~
zqzF7QS^EhmU&L=02v}7WD46oXVB6(q&>J9PWLUesE!es=7Y^Deyz<#v$%orp?Ha(Z
z3*hN*f*3I_w+a5XG{H_!M7iWAieYHjpHvj4i|1n7-!~2Q(>v?73n1_xWNd2lkW&55
zpe$x7LQ$T=3wFiTJDoWyX8SWp@M39<;?8xTI<(I+4CO>CHbPRNl8E+=OzCV<F!Va;
z3p*dF!hbUb3E5fM8p2JkNB<H_I!TmeVEg4ci{B{5&@9(2LCy{X1G^@$-W8$~OJ5rN
zqhP}+JWG;cMl)^vuR2Pdb*q5k1|RqpLQmuttqm2lE*M5g7g$n}+^-DD@t5JhDjFkG
zr#?dbaB&=U54jtyT5OO&=HmR6b8`+oYe7B^RRfv}ZDJjD*UZ%?_HZx|98YY%PEu}?
zTWc`aM^;B5+FZ91^c`kY#<*Rxf{h>ohK(9AK@gZ3m_}4R8?>iDMawXPtSU#tCIyO-
zsYY{_VAV9)=)hgxRnO4NN3DxZ(R6kI;=$8TB9(@Iqs|@N+53uLgLj1oi&*MyJ{4td
z`7Wr60PQC{WK#I>y<C`q0ue!DP!n{RIPC;t1eSzG^Vd@~j3yN@CK-g?)*>Q28>rbQ
z<vl49j(;%M^>^98xBJJex+ri~!wg0kwwR#9<!VaB>4x0Md<fjAIz*+hKl9Dg$p15Y
z7^=(6!1iBYCNj{()+%Lc5TgTMi4Sx5D1H{U>qL2r(roLy+Xu^OlvgQ9AECqtjK)Di
z98E4cbSGfq->$++=Bj?9N}%`aP$pTVnFQan35S(t&Yp1KLCrti_GrX{DweA;vE2OZ
zAnM;;w~Vpvowv|79Ggp9i#tscg~cQwxzkznD75b%Q^tP!9-*nFMO9SVMarW@kW+>c
z!Q#I~{oxVd1WzOF7N!2E05b&F<MlCX=4awueqX{DbONfiWk%yTF@VOvyp>A9cVrSZ
zO8B|1mEYeRd1GXC<B=dut^34jt+&chn<T3tG#(}DXdAAo)0yC-AWcuRG%5ZpaH;uV
zN1-MO=Tfei5u;LE$R6`in#D2toO0P(H>H5t&4nI|#zWOYAI}1=RULgh7kT&iM01$|
zNO$*I;VRflqFG+`UB`mz7be$0uucgGF1r0AeGtd*d(gXUv>p1A#a9_a)It9}I6cI*
zJ^U+rlq6)?u9PZSY5;2ty4VFf8niBP4Ze0%6(_kkm4E3}0;iHT#y}9anB1=EEd+%a
z-St7496v?!DL6B5>Dg{XyO2T28QT#`%Ju>G<?NQcPOqyH%Ar@_pc;x#fqTfsYPnsq
z{D4Ji93}*=)~_!i;M&^{Tq&{CyW#TpL5KQX%~XbZHZ{<I`yS>qV5_H<XwtsS<{Ns0
zAtqpu(;?6PtuMW=^wQKR*&KgAgsNM~jEaBhER!e_PB0$eBPxehiw_ZhEg=pTTVg*A
zvbxA5@4)wAPHxn<v4q`q97V7h-xe`cg2Y72KC5QxxGs!{Faf`R$Q3>gPWJB`U9eC#
zVbY5>*z8#I?p>Dsz&HRe-zw*7WyzzYBSaJrRP&A$yh(MnudiWWKQ_VF*Ce_wnq$^N
z9VD<cZXwMow-*;~Y6Uv&IL<T!R>BAmw(t$v5L2^KwVpDiUdDgFhXhjW=#JMPAx-71
zG*2(3^h>B(aAZ`n_j2!&1y)m9lx$vt0D2_20SBxZ2mSdf-fEBHcok(lOxFA%QUw5`
zGCo6J!A1tg@4edSyg?t^RSDwCQG{b6GGx6CE_q&->t!iCT-{=>dZIINjEPiLvKlS}
z8y<3^8S2Vs#d7{z&Y7_Y5rg>4W?b!z34bCP@_QbxkCK()%uPfxJtZ&!&hXuy<TA&4
z?8Q!q2}^|PYIz>pXmF3-NR-u<%R#PHM{HW$cn}Mk#smE0KUj-wxz!Bu3@P%8?Lrvl
zV!<dj9T40Skcc5Mlx^?>mvb^)8(=!fJSp*xn|~8>U`2K|gj2vB8Ea~fY8x%PuM>qh
zXLZ*c(N5GX6B?ju=)W&{Yc$W+_7_lCI^IG9q*80zd*Q$jW)=-=sH{aUk;NwCNPm(z
znidn(g6d!3y13Y9*tKDlSkCf~6XDFct&Sg?SSFZsZp5x6`u9pfh!{~=ERCOed9~UN
zT{F|~1P?}eSbxeFAgjy8Un4|#;jcGXwR}n;1&7Cz_FY}99Y3Vv0?K}@Jn;J+K*G9B
zq)}HRNYfcI{kC_-663fMYK3>;cb%CkNMgXEQDGmqE@TL^<Ea_J$Ki*fX-9|%o6NGl
zWM3=l76T9ekaL&adpUewP{b@lKWk?^{^`eu#<d1TucB`J3{3dHOT4=b^`%8D$<P3g
zKruQZPMadM@c%Sd+&wK(xKQFo$@G}9%C?tTnn?<V#EBG=!U?K1@oNumONF*%4}2U)
z4Aie0#A&GtX-LaJU70IaQcTY}@Dv1|v>Gn>j)5N>GjNv|^WX4Q-D4Bua5mTHkOCXf
zzTq2FcGiima>^Q03d!M6h)mgMTVh`+fNfAG25s^!Awi4n(UsajHehY&U5W$hbG56Q
zO5vAezeinkB%gN_ZpDhyheYsZE97k21ukQ!^S@I{i6(gaABr~vWp2Xs>_zzzu>gb%
zTfaq-=t}!141cGRLQ8(bF=|mpaKV;1*l?1<CKoXd{WqG16A~h)ZZiqO`Q-)TyU0LF
z3ShmTPRyl({0=W-K)XI1ed=6W7GNHiRHUfOJ8BW6?wbUqG;5q4<Amp6i5T(8KQQlo
zBuVy+X$TWS7~uR;0O!?5c4F|K;Eovf4<QC1H;g6FHS;dwAV;JfXPsv{JRKYvtkxuk
z94hk3N43_S7Eqvr=u6{>;gVR|yHtv`eHdCS&R0JEFZdI>oH&&An-o5zSf%D(A(t5F
zfW$I|m3FHiN?faT3^RZcO0)8RzLJvH;EE)1HELi8a+q0aQQm;&v(QWFIE&UI7(jK5
zT2S7O2$YapGCM~csG+>&Q$qx39I<N2+(=5l$teCH=JmG5f}16Vraa2;4G>F{4uLP7
zD<xY`Or^9I!oD6CXxJFIzylj!P(|fv4nekcQB?`@$cQgQZs-2(SMYN373K@Q;j?n0
zHBwM!Ydlmynx$bKe0<3y5G*Fs8M82CeoNo|B1(zD)c}b_(lr8t4Qv4>nYvmU%wR8)
zt`w4@1}^?C%<O&9CcMTasxt`#WFe-qf*NA(E37<S>4<%h81<bQZi1xjDVR6FmUTyy
zK*r^x>2#0$0_#Ei;2AE``4Q#-zD_F+Nm>VjH1MdhW#uP$8S=2cUq2t{V*%#$0vo1K
zw%jy?n&}*ep6IY?rJ55|5fR46%`yld^uaX~MmdPV_Q@hYeNXL8&q}rgGm<Vb;mYnG
z7BFNP2(GFBJB|y*(E$|(zc5k2*T5Q)20P@Am7n;4l-mFFxwaZjX$sgZkbBan+{xCt
zfq{Y7SBx8F(;0|+rdQp*YtIW1DP>S!lX~9sYWb_-7sV+Ap(q^IIDb0duz!z>XfO$p
zd9sd<2@9ga)2=asy~Ca0;VW)(;`QDUyg%8Ru9*JOGTB<~h+GvKf+Fg9C5BH=4qqkz
zFfA!M3Xy^xU2;KY3c@i=KMgA}(jY|HZ?`>h{(b_+gkB~HC>$y$;3zlvi-H3(IH1kb
z_FZw0)|%aU7^RjOkdowV^tGy!>#2cBe1}0k2Y<~1{NHNtblJ+2yS<zh29G+ze-ZX0
zS2*S~fCF%Tsn^^+z09_bb!w#yc$2@gRx3cGAn57>Fm3HcxyT_W3&Ht6W@iTs?*f>B
zjlq+&;!uJUM?_X_iD0q6k|d=If^FX!X$V_OhCaVU|6-UkornUnc<L6+LCp9}GbC*p
zq-p!7-%+78gxlMVYg8B+35`~uC@_KQ+Q<|X4JL{RCrhFOu9rA}*+>VSnJOaMPUw#8
ze!T><F;qt%n~hR|`$njE0nkcmi`ikM|8TLhArIE42%O%3ULuz~S5Q(|r<j85PLC3p
zc{I<8To!pd&45{mBn7s<$PtdRq9tzQh=$U2fFlFGMiv8sVu7BD-gIWlbO}9LD@rKw
zvcyie6MV+Z8gtl#j2cgaLbsmP-I<(c9}p9;isuZPx{4c*tn9ntP4F9^Xqn*GE&9K`
zo8++wyS!zM!n#ziK9jF4Kp>qq)Q}>u&`v#=OFdU!l`(%w-(?^I{K|FltpwK%w*UUm
zXcTzNAeKh3AH;@H%S}gDl7jT`A&ML$GDr@ajDqURl1=gOF)|ZMaVF22<o7pSrN4%8
zV2D>jT`{Xq%2xdx^z<Bi&a3gRc^0Pqg@q6nqJ-_<T`LLEC0-<;v{j>49xf)Pr>b;H
zT-;5FH=<)-yH&sYV$B7=Ma629X+(}XC(fS+O8l>yw&KzOS7jewxP1>KJevkWWFc%w
z=Rfe_McR~Gf~P9|eq=Do4P>D7ARqc2mvnlw(v>c{A5&QIxV7+&$6^O)hm#sm!1vE|
z9l;s$S$)XJ5IzxLUS)yDOefizlIvzLO(Fp&%7x-wHDy}Ih=?FR!1qFg1t??meM$Wj
z1j)|!RY1=}H3viDc?l*2<;7;oOHz3HTY7%~V6gk(Z8t4sBGjIcYR#9CoKj9aNj;eN
z)-FGL>UH6RviIxMl_3yR(8S!BVD7%coP|6xf{T2{Adr94-C-ll@`U>s+8>cFprl%X
zE%^pgGt{~3uXF~V%%gy89XVKTN9b9Y)l~ghX^<)}{+w)X5RDt!GaQ2zZu=W`wXSUE
zZ4+kj&_Uk>sq70Eb@oyn{F)(8x|moJK6rbF6;jGX(c?}IoSP_TN*#vtqn@5Ao$aS!
z;7;oooV9@17>(*EE$;b!g(Ku}0SdT`*sD~Ex_T9o!SbT6L-x3_gl{x809#75kB<+p
z^fs?&B-vbcoD9k>&4%Fws`+dL^nG7dLsJl0dcTy(?o-cTVcYa^&I!l8SsjL)WvdY%
zSy!??6zsutWFQ?Dm0Ts4+O~{JJS9crK=jBkvlGtWNlY(-6Bj$_)cA%VCFZ@RK&_%#
zgqwGpj8hG2APNU)hQgv<$(haQc@;L8y#c2pssttpBW#t;TCtY&3lPzgnKOpy20RYI
zda#?<9=`UQWo)8lP7%aV<W`p-$Odl4P-2evJe{sW-5;rl5p-s<iE=K*HYk}p70y3i
zHLrQw<!jj)s<jbaHCWEkUMaz^HNqx0JuHvdO4X8?0mJspOY~5}X|XKQM7z<<+GGp&
z8)h;|{wE9=7+vHT0}u6@gTqqFpRUe25R@;yQJj&-)1c!ZHp?--oe!sjebNG6^eS1Y
z%+m=BfI4D%Q$FR|nd00cALzLSjj}+ra&7mICD^O#WkWW`U-U?Yq8_S8W|8=$i-4e|
zYs^(lW*}6}@g-$hv5tvdV0f#mDmed2W0vZBEVz0n=SpFd8gl1z4W8z$J}N_;I?brK
z`48CD+Eh7)6k4Mu8+U1dB=A*fevLvy)jSb^D7MPE;PQu$E<nu-ltTIC>js|8*dR-%
zXYH<TZ(m)zp|?gFl5>qFFZ~6`Wg@6BDvLsmYtMM8C_t9Qh9O~3o{AA9-;*C1kO29l
z*ybghj@Ex@hls!x+<#t-9?~2d<tb^w<wW_Q<=(pZ%hm^7g2T7LbtPUBTDKJ+6Tr@a
zIOI|BHZ3RAFPbaTU@<PuhBR-Sgg;!Az{XLbMBRGKOYxisGpOZie*Cl=D^{m4Y;rxg
zLKe#k7g3l%JvuSnC%HI5ANH<DB13~b%!vY$x3Q00p^t}=jo5`!2iB5Id?;Dnlqb<{
zMF*(*yU#q##y^ZKukYOU4SAhxfXivM>?!Rm3WfuoFp(qXO6B{GO(_S}DWY;%p!Epb
z+3}6SEBCJCMDNcw;BB?5nX$!@DDct!u`-cn<j&TknHjJ<b_vRa?H4*LH|N69NKtV9
zXaU?N^;%$9SV(3o8N8Yl>MSqu7wSbcYinMKh&2!pGD!wgN`pF0PTIxG-mpW|%REbe
zELMST8cKg!pJ1}ttNM2?$+z1%Z2Tfw@A(v6nE#U>3@284i!=1As>Y5aMO={rI2=ce
zN*#^IBS&-pVvJs)U;TTQYs~u_k^lvhHnSm(0VVjm;w*f#PYgxUt;)b!jo%dj(3eGJ
z(GL<sl8^lPe(J(>HqrIBd@4>G!=V@Bfh+Ow)<x#(Z@HwRARjY1Ce8!=F(c{JRSxVj
z8cV8@nqT_2$9s~hVIA;YMB_xrUqS(XT)A-Ag)U-Wf|-guB0z_&sYKQfh(}dJ3AdXi
zC!#jTq|vePN^usnW6(f=T{Wwr%(UrCYAA;HMt!}q_tWUTg%_N{i>yXXHfAtNXfd=v
zy^k!(3^@8Rh23~iEqh3t^$PR<vj9}TCnV@p;vs}mG#}Ql%iXI*!c?jHBg_m)JR6FH
zz(JR$RW1|l37U9eODxBRN&JZFrPA!dcn<*0q%ww{1=t0%Znct$iOz7jk^Vv<=D<+9
zL&SYsB)BvbQCiG;g-t~T5A`<dTwr2FeuR9(`Vfm@F_)$d@!_&fTmV9}ZUD;pu)nH}
zAtd%)ud2Zpp3p2N*F*1-$D00)o5&*Mp@L(6FB~f6Bm?44a0yF9mgK*7w;8h+<uwX+
zeGifAfP?whhzDQMXo$?X6h`^ch7c;c88S<B2e^7L9w^Cv<Q(`L`p}OQ3u<8PG$>MS
zD4qsrjhX}~y3Gte19O2gt+U_jBfo7Yum?Ns{pTy4BAb2hE8uP@0RD+%Y>Vn^3Pi0K
zm;J~&L*tfrT7v%OV%qapu-H$eK|BdL<?=gl*n>4yO$=_n*iD`Xl0gF?5!IwJ&QL0A
z-}VNjh5X&EA$+Xa4Mcy@o2)NR_n~HYmPERSqrlSfu89kn1Lb1hdPPrJSF+h1$ioIR
zSkBg+fRA^UwJ=<`tF(`Vun7wG;N|gq`r2Cw757*^uDl7Mlmu9rD+PWnbhAst(N~fz
z8$qF?AjnZ{uvFN~ih@=3A!mPNl$_u+^3eK^XaHjf^dQtZ(yN;~BH^E}(ivJ9iJY`-
zM2Nb|qXo(L=c@k_e5?`0>?*jgQo_DW%D{|XibNsW5mE@YJGNGpx|aTEpeV>7*=IJP
z+e!{7aH)PYgkvxD8o<ublo7u~zgJ8=?>Y#+lz41TNiSm0Ngo9OJQG0~ubCj;kX0=>
z(=;4ReOGVYNEmWh;nJgO_Oe)1w8f2{D=E>1^ES+L4NHv5)jBdma*7U(vib<Hkl`ci
zp2wimb#))WevuZ4-IEre8cdTnz!~WOF4Sjl5VR@eC7PSX4?Dq{4Wo;-P-{r^pFvLO
z^*)eRCI7hg-5V3ol&m7~QdMz6x#;Emh5QjS3048OPaUO3R-M(~FN6Jik}7e&us>XE
zHV@XrebJQ4zC?cDyVSUZyc)m5Ehted_+<ziN}L++(1bX;nTUJl_Fl4iUA57L>X!o4
zA6yn(NCx`9QnBrBqV2e<5QCE$P|3S!3C>D=U%)98NGapaD+wY}Lb>}^;0(DKGEyE#
z(eiJGu*$mZR)PL(ukeYwVap2;9QAML96u8((m3yPCh`UFh?DpueuHmSCkzL#<9J~x
zByg_ZG$;&B>C)r}ES37Er&V0-mRb?tX7gOBa($4Y#HW<%Fu+cNAP&oazm&4zP-?MC
zz+f%#Yb+gJT{YaK-1kT839UydugfzK!Isk~vnhE!CL$*o6FJsd908fgR(&<($zg>6
zjnVMW9a0SMcI<X%v`5^1J!^o#6aWE6j1@#>{}|7aJLYdjEWLdxaxhn7WDUZj0a8HF
zu}^}n_DC+NN9fE^mkgQL%)MXNX9maS?D&5B3e^w9t=2x2X^*Hv`vRf1p3Kf8QV4_H
zk<3Nb`|$zl&gpj0ung{L;Xz`>$BQY@=@Xuy9}o|L%gEx-sD`Z8Y9#<HM6om&Dr}WN
z#fy_3Yze3$%RheGdh{_Hv>Lt&iqEnF%VeyyJkM9j8I(Y}_oD*cS4kSwQ<)D<GLh^H
zmh3eJg?ZVivx3#v<{CoKn#zAJ{TV#gT0D~R8*m8;f_f3w>Ph$dcQd9@nl_S<?XIMT
zZ<nf*Ton0sT-FPoHTLY!%6s9zXWu=_&>UW-0~y<*BfDKM9N&#8EN^;g3Uj$P0Ua6O
zexF^qiIrLm5oB7|ppIqN5Ur>t<r&{|y^Fjgw?7>%j*>r8o}LV5?xd!}<g2XlqG8`n
zit|k*;omijZMVp@zQsh@$FnQ1oyZ|lWx8H7+jqZcrpVE+hT3qAl?Ls*saD9+N+ZRj
zh%6bwu|H^A7!7nL5aB4$x6=}hiD-H;GP&j}NgyLMR8%BUh7v>lz`suPnrq)I*k!SJ
zmtxV0NPLn5wU0WIKo@CYOqi${Ji=#8DG2;6nNU-eXKze@s)#yHZ#9`&w_#PHD6LK5
z?LtHgO_#-_{tX_Xh;(MW8C(}&Kv;~K6O>rgL4<GkI_X_-pMzM-XiXpv<`Api8r8Kc
zE^9b=O1&i@8AW`fpvN%vY<cnZ9Az7#UtUcJ)z!V`%|+!sziCv8o)}bx!jR10Jsuh&
zFwERY;lfi)+rF2-PN;YM2O3Mh04~)*Kh=<u2=H&!w2{S+gVM=LdXN0EELqh;moV|_
zM@g?R5ZmH3Wz=DNFqNWgQ6)(tK!x4d6K-QiN7<(*e8u<W>brYKGM3_nR(k_S2ea<=
zS&LGbx}0%`emM9@^laBu7$Q{2tPiJ9ihT?R-WUMo=jwii`t0o^7vnsB^(zKQj7<o2
z^-~^Os&*eHa0yh6ejA}W6*}d?R(K~~N625+vw?fv#-`GQ%BSH)J94=ssv>5XPvIwX
z6Cq^H@pDYtVOojsjzTR6w~st<Yn@8goW^PjpU`45z%N^kyyfkUhz=}r^ZBG5W`t9J
zK_!JLpFZ}7`^snp6=y>tg}3(XM|7<{C|l4lNL~hpdA}esWh}`$pWIp~F0bgPoLKM~
zX|zu-OHM-=YGA%ntv%o;DRW9UBNdo?zDsKBY+Is7l0&LN*J`x8p}odBSXh)kP`{OW
zczN0o@a<oAS9%lViqV~{yOf#dz*>RrGyUWMM3IN*GPsAVV}i9Nzphbk2?x$FVZ5;<
z8mtvLMX)(kGa4g{65Bu6Px34m9)Ct_QvSB5&ahBy<7Gh#!D8v>Fe5&qJtl-N>4D1|
z6C#4=H?J0jOBlI%%VqXYjLaF2V<S_!?ZBwVRgyA8zXd)`_CVK~miqjHv+&rwKO^8V
z!Kxh>2P*q@iqD6468im`1>1o!Syleg&71+*H#AO8#f}pce|W2M3BcZB!5GG&ibiW_
zD0l?p6zZ0Y0bXW4ObQgauii*lfGr3I3OKr;N<tR#ys*)5i9hhY`aM<+@||EA!JKax
zOjlq^=78V+3`?O#_QxD0+5WcK0~~Ug3hBIn(1gIJO?4@hoADAlsX4O&=54Yq|LIS<
zt7otl{U6Z2C56EPF#ZMK>2%j<Bd+cEEtCbUHV)K&x3rBCR+8wrdsJ<k&?=$O<Hzri
zZ#w3~amHmVb_e@lGI-iaT#1S~p4WK&sd5B5b?f5=M-#dr%9hT9VPutSl0>Q@Q8q9~
z1$(68<-iJxFX2%v0cXeUq9U4fvNW(2#LJ~YOCP177<cjHH)dEnP7m$3ri63SxdV)l
zim2RFKsqIruHO;`!1nZtWo7fo^VMcA!kqOMZO5t~(4V1-Q&PQG2OLiwR$N`bo!!<X
zhTsf;GBYBF8HLl4j;@fEtqZvZik;*Qvo*w!-<CZDtR{@JRnHQD>lkxH?Drce1*-ZK
z$hNwmTx5PHDY2dA%0?_nk@QXJm2=MSf<)!oRK3@0bJaxBovIVu?v=-Frj@=b=_vy~
zc?x{ACyuv)*i!0(jy)d8(Q3b5kTnF8QnFo$gK!R%QSa&aGd$G{;lNV8(&Cb)lq$u#
zWMqR`^<LHp^31nnv)644AgBHhBNC_wRzLBcTV0qFu~lSE0#)*8*@4QX#H7{llhitQ
zx?-A*;5MOH{tSzL_*7S<?k5o{-G#ev|MS1>3YdP9#NHP^U)1dNJ!MTLh&bR!Qcf$h
zUR`@wraT0%+4%9trzB^<7P<540!NcVYXBfZHNr<I#2^WGpTJ$Ugdlxb_c7E`2281t
za4I8^z`JYD`x}!YuakabMFDqv%Mfc>h^F7-$1AJqZiP?_%wdC(?{wBWE*&Y1g@bBn
zUgaWQXTT_$L}F{zbd)LCg9li)T>v+v`FEkAvj+_IOdEbxWUDeF8hU;*pR~A^d7D7=
zt>bSmgYQ=#`u<Msn6XRxkMZwco&JAurc36Bhs7^o7q#sq?i2Z2qcb<vLw|~uE!BEi
z>lTjg*QO~Q)s2SsnjRFqu6sEtf{>)qM1K`Q&2YbT=h{=Q0>^sR(3y2PFikN$4EMuf
zm8Kny^o5pKz*F2YV_lb;-ISs%iIZAV_^sZ~olbi}O2ecgpS}f_g8YM+7k@leio^cE
z9pZtuG`RsjVb|gKtMIo4Yq}l1bx<b+A<@RIeiz(K7xH_oRCM(avgv9Rj-`s&vWUx?
zt8A*c4F7ms(;q?53M;S6)XGrAk8ye+kUn316SgOKr&y*xgl$hstKQFd`%P*CF6+D)
z?(WTq4S2jx4bG7L1gq4rZMX`k9wNgZ|JDE6E085WaA#jihU#(}Gn?cOd8wLf(B-gR
zf-#3Fz*M|FUHp>4>RANLJtkmNME~31>0-UrUdtak#t!S6@{78xh)cfj4K~CL%>rHR
z;1QRpz_6OzEO$0>H?_u-M(K$NY3Et9P>~Lmh!Zf~wZowWRyE^un3ZhaiMEmmJLCJ8
z>q|eKYgA34Is6r?CFJ5HK3Qim>JEU5C93`daY9q1tzMJ-4eX^1YWs|`)zCGp=$nBp
zmivP%y(E9ysm9c?a2Z}1MucSHH(7xsdh<wu*&tg#>xQW6r6^ITw0Gxyh~KsgR*kit
z;#K_<anQ&-1V%sRel~?aioI;zj1jwthicDrCW+^uyY*$$F7K6@`An#4!XqY>TfZy!
zJh-V>jp>YL)MKhH4KryxT)_^F(CN7sv>Gi+NyfcnT!9^Y5)1ULGQ0Z(eGGvla5vXO
zt!VC(SuNmqRZ;9^#zTiwmuzU8W$>HvHd<&ns|Zhvrr9kW4Xm!<lS#>fyQ6XD*~`Fb
zB+7rL=gTc#yA+Ipg`!a$3Jy#d5YzXw+wWbyA!RTAHY66Vvia03CCd4zK6!!x-lSGH
z(1gGL{42ftIR1_uOsO<XoWMZB;AE}-`gFM{yYo@JOfvg?(mrQ32~U614)x}{Gd7TY
zy({-5(u<s4iTtpJilxDlw}AR>@9w@4`6BK}ITwFde=wA28ahOsB=i5uJIkoJwx&Tt
z(}YF>jfdb6+(HuEJ;B{Q5CQ~u*93P9?(XjH?(XjHKAo9+zc=sq=Fa??Uo)(;SiM;L
zoIY%+T~)j4DPxk&Xj|=18T|k%z8?s#dRup+E|mBNlGg8uzMmr8JvAfv&saYgPl=bl
zE+dx$?S{{|6DIAq<`dapkq<cT8gD6f%S!hRAj1O<A>^sVISkWSb$H(nB0KokcEc<m
z-|w>EeawL5FTfKQCNf=xz(_rKdgun^(Bu91Jn^}YnSW-U!WV9-*h^?do~g=X?piHI
z0gyJB7hsOggW@gFC#YzSlN=D^v3ynQ+jpt5_C69u!=UGG^(uhZ-g^V2qFUmt2JE3-
zWHXRN(#7+CdcI!WI#j!fr~dMg`0R9G4@n>;i5wH1%uf~4>lilHtynXsQdjQquCd=G
zvFC9>qjwkVk`@L~P*AXj%#so~IsTY`HZTkfQRzL~?nf~k&v+4n%d#?cI3HG5{2{m?
z5@c+-NOX-9e$?pLwwd2$s>g_rLK34MfZ4fy4}-_yVey5;{)cZ3QNJH;?ECig?vPbL
zxYY9AIqwnv_t1-ywgNr9#P##FP86RAX5IKeR!UzeIlc!{Riez?3aLa`x(PYb{Y%sb
z7ecS)@_XM@#@<3S@Vr44a88fh(&HVe?3VyLXokV0-~y)z?Pz3<3DV_;3t^3uI(ySW
z<eT2tKiz$aSq4HOzx&tp-vW5J05Aqes7DMC*3sL&kTIUeOTkOP*K38lyZq13#tA5t
zl2BCnFR^fr6LMW@2S6S2KuAUpqfKE0y)dtkd*pjac0-5cC2XMaXt|bFWo-YbFO-Ue
zcUr!CYEBVOl(B-(iruIbHEvQwh#M^+@BXf?RH2;=y2&;(3*=jz_`WL806_9%;S&Um
z(-X9!4*?%p*2{Ya&YmN(5aLKrxb!>E)VoR+)HLO&cjPT2BDmeqO}{N%k_$}q;MizR
z{p1FpouT`hNs(WEYqKekSNs<*{iiv${Yx3X6pQvBp=5GjQU(a7YTk?MQWFTtZ*4TK
zlD<XIkXQGwX$eagv7mTD0={^`Kl@HU1(L(z3B_)8g>-@c;qAkx8YV>|FpDWC>ix=k
zHp&U~VoXyeq<Rs71|%5t^SOrFPxqT5^YdO^HbCR^60lb`bGm2@T|@c_=eFMVfd+F*
z8{BDqm9-vn&>{}{JhGkq9rZ@#S7j%IMyuwdx|fghF$K!Vh}aBwHqf`oN|HdqSXq7X
zq}|#Ol#2a{QAz^e-XZl~kRUXKtTEu#3G{aO)?|zbD_}98iI%j;1E+*S_gJ*O6~PE7
zed)0$;l%gj0G2Ugz<7Y#5-dr$@M@l(aco-P=>)T!Or+U9ao837BEDfA9mK(CPoj^i
ztpjxZ0;D8B$iyPU34s=*>Y;=XpCV9yUQ7ca<^0C`(XS2`;j%5R6F28cLYYlo=V)aU
zKvLXsDd{L+6ECi=JR^J`_n3^E4tpK0w6K2haY$?^pv`sHmBR+tVqn`>+G5?`LV2V7
z2UYy9@)|^Uzo=1njGH+B)S?9n@}DC?tqS~^3FVIJ>k27I<?AZ$ApB1)-u|jN1jBn1
z`X7kFzZg$xgplt@Ba}-D`==I25O!4?6qsA@zmZh`hD3Snh(KoCPIsiiKed2{`BgXT
z|3+7Q+6YCK{n7)MO5A#~a;E8}_|I>}0Kr{>U?%o1G!gwG47^#Il1dC^UH*@Ez%uz*
z*QTn*d{66gad5MD9@H@0B>6Mds|Dmt^@~~7qj1;&1<5*rX@xG<KAfQzMa2H65nV9`
z`(6SC6Id;X1d{wujt-6O9j^mb3JyjN)0peDLK7@;QK}{DcP}OWh+IMNc;a4h*=Mz1
z=FXhvvBAPF5!Hr6DL(L$O6K0JJca)Ad!FPIgCRaYwfl+C`fs>B@+q&Cl~r3W+xu4*
zhGM@Qo83;06PaACfzj|l#=_C>NnTR_m03Rn7NqT{{*=KIGd;Mz(o})s{BXlJfnBr&
zWBDta^zF~hM?{X5vU?Ky`@P(ySAW9N{hI5pm_S_!VwR-{mK8Gxp;ojKSRWaCakQE%
z;nrR#w|}{};Q=AK-k6*qTi9C+tJhdcW5e-Rjn_jeH6=m-q$dvcLZN83R0)EYg%P+b
z6I<|U35%7)H4{e^^#OLx2G=WlshKA$W2QklBl|6I|3E*Z6(WLEX^LcjFI8K$5?TDN
zqq1be6tmN^#=((vfwk(jC(L7oV>`d!4^m>eR-=<s0Z_qfO~nS>D;aoSr)|5IQXA3=
zdIgS0xL!t^ZHfw4Wv(>5tP^L7xgJ>(5kK<K#Y}GH**W7!o^S<V-52oa=~n0G!X(6h
zc$;rRE7@d3Ybliie+ASN0r(NZKq1BWo{(^QkK$~f0_J;D!zgeZ5)YJnDTyhb8jL}e
z1caMOMl=;%lp*p}+SzwcBgWUlM+q6rf)I%!m0K@1j9v+cE4<^mQ=rCG4|ajAUIF~-
z$NJ6BKd)@xm!O9Vpddm8YmR3$oUEqfviGkzS*P|SN~*K(#uuImWbuF(F7A+|sFr&>
zXiL#XyHC8p&u{xHKU42lj`H<eyz)l-gk(jJX9<N$A$gnUYeg;*p`qA*RC~C3+ulFN
zi2b*S_=_<2H)w9go40_N=pkv@2e*6rR~+1`z*qB(Bh*^s5BR(Ev}gqC3ok{ckeE0m
z(ZG78B@UJX>8=ol7HTW~apL@o?x~P>MlqOJrv*e-sj8vr_5z`$q&Y$GAU|;PU&Rvt
z9Zv^g$+@aRtaM{p>VXA)H4mdtywOO%0(7c>oQ#={4Gw4&y~M~_P+6FMxo)g0I=KDi
zxbzJXK-1A{zN1d~@mGM(xLs1qhom3j)K;k0tzV%H%P`TS(aIL5_g|>Dw?u{%9kKK^
z5Z|A0{KEn)Cp{TQ15=+w{;JzV`wE>z(;2srYGYBY#!iQ$%S+ib5)c6j>}p5x{Eb>1
z^j;wp2+Z77=SnNk#E#2{t<_FRm}i5LbEU`D7lqvm%w>I#SwJ;JN_|Rp;R5b*o&hK=
z#_*2BW0%D(|5*V2qV*OK5lz%b4AmlqqZYOjYtUD|9x_cvAP`Y9w1Ieg`AZ$WI!~tz
zC03ZSdXS_bS(z?K_Xa(3sG=;m6hDr&X7C%#k^$S{gDKKMNse-NoOOWdP;2`G3+3V@
zlz$rTVBP{!qK%j3RTBR6D1*c_SuGV6lD>-Y{Uhu;S>JvL3)lus{DfqZ>vSJXsW#R^
z2)Z}-obD#?RsEIGqnZ6uG><QJ>C0-AxyllLrkP(7grW~i*;F%P?l28lpVF^n*6!9O
z{lgre1a+uF$gRe|+{x8Gzud`2W#N?bmT8p7N%PR<QtGnx@w5<&$mZr18j^>ZGqFy1
zByTL;M@gLnAGKF7o^SNK0Iwq7HI@7TV?MO~O(*>K`33p=0~*kK^|5f?0OpP5M>sQ0
z&L0vHxUZPwIin#Xc#j0{2t)NA8+qTygF(vVPK=bW?R8DZpC9%X;N8L?!kf|alQ8dr
zQEI{Edh>Dhl*vvecn6YM6<Mj<U9jw-&LFE#4di=bSjmimg9v5fG^(2agb4r7;keO9
zz1al$8YOOd3H)dP<DDQ(1s9_2;z9yZ1RaU&{%Onh&>9A`K}cs1G1&qYP7INUA2WVw
z3M4Nv|LLAU@XaPIQ6Sh?4;CF92K2B02L>ehFMR??nUz;o&kXE7AX}Y%v@*XOk(JY^
z3I6jaY6Ay;0Y7oHYvTT?K^n?0H3mg2=|2mS{5328zk5W#mMgg!jd6*uajK8N*N-6Y
zA5GKw>t0$ge?vE|OIwKvgZ3s6XvEeTQwh0SeL|8aOx3^qcRkM|841$4ZM8ZO2Z86l
znLsPOA-k`!A(`WgyZe?Or%Y`)m;1~w<L!V21?YRw5N7wwpG+08ni}7@KYoot+q+U>
zpg&#uj&I&((m-jzaD|Iev?LITQv4bzge$lM^oll=Y)AGT>BK-3+PA_rXv-J;!UuJ*
zPNv+?c}!F0lJEl5`b=@@PigN@CU|CYlBm(Ts@)qCHG<}{2<uRc=^b$<<%FW!Y*M}+
zHl-cz%&nfB>_N-WkLv<hztGV4<qJpqK(M`nv04M9+K>$ul3z!`&RMsGe7p?%^8gRd
zugg=Rp7g4csHu_;s#JnfWE#oq9@{P!uRZF&?cKbAq(rYL3gK{>YadTI(3i;>KipZd
zjG&lEK+y2+(^9R6$Ly+@*lpmO<(bJ)RuyU)9g_%<O*rex#;C;4OM~$e$<hYB_zBd#
z%X!M8vGY3})*A8bSKCz6SZ7K{Z}vWihffu&W97ss*$scS80*r$8Nw|&o<b~LVsN2~
zYt<wrDi}c{K}ExR^B1{NTvBWbWnUF@Y7P&r3wsmC=eTtbaY?mN)tr72fS_=noWowK
zLkm#@R3h_j;!u!r&iv2vbTWxQbX>4a);3ioP$i;gNJL@b9pJTeb&<=C!@|P0224Mj
z9gDXZ*Hy7L>4gf46K4s6(TMrK4$7e$8OaC?GAUfjs3yv5<!7a#PhPV-6jC$gJ0zj&
z2FHf}4FBj2<|iQrnH9Sn?k`Z)=8nW)G&c`(Z6E9&JaSkxSv?sPRz~dTt_iUdVw)($
zXDj4t`k>^ft`n@GtP<1V5sF{G8yif@Yo$rgF={Ug=@)d7)Ik)H8z>zNIWL6+5JCOx
zdJSNv;2n5$VW!inT{FWbHmZ6hSgH0XmWGgckJ=f)Foi;>XEdV2LIXH<t&J3QuorMI
zv4GaSKOx`vs^v~nypSd}l~ndMHgvMGDr=x#k2vmn&Z^8v5#Vj1mD>JVj0IT@n@HIn
zbb(l*YW+4ToBa#p+SiHEW+C4aJM*-p^{TMMM$$x%ifG$sHqDp)dh-Tr^eV@9opKoL
zW*C`dTFkj#NMI=Fe_e0MwIcvPl(S<j;<(GWk5NXISsc|xqsb9-I9BZz%s?Vu@N6Bd
zcZ3($cck%Jj=)(WT7tBsfi>cM9=``#-iep?NqLS+QR7l|NrI!Nqt<M@?=rJu?X=!*
z$#+z~jj~}7TiR^wZS=0E<;Hi3Lr!4*s(zVEU@SCE7NM0kpS$%;fQOfuJME2cNjtW-
zx|5a7PH&C;ul^(obpy>5K(+cNXMtLepfQb`KH80$j%-@3p7}f8FcWRJk!`vTu0YFI
z$dj%8MDbyHpgh0XmQ;O5mavr0qsSro-9IeG4IGsx9dUq<FvfJM|CZZ`B9pu`mzsQj
zO`lp0KE&vZ?|E$Yaf5OJi+b|gr=+HryOMV=SH&9r(9%(QZ6Q4pu7y|Jnf#_%xY*x{
zb$s`+fA_94VneN&#^Ginb3bNi%<r(=YI1sUwlm6z>6-wivyn`1879?bmVK)~r{H}R
zZ5Eu0viF9d`$--eZzXQCIGJb+#WsIY<SVym-43M{^m`TqoR+eRY!)V?$q3QtTwY`n
zVG+?Y1%ECVU*rR2D)H{Y_<0U&YVpB&l#F+q`O>Lvom6yWvGm=^sgG(gzE@IM=k5&h
zk{WO09AiRDv4hDnq&;D)ftNmV<?1qLv|Hk(y}Q=bqjfQAlZqx{7?v4#m<t;^j0PgF
zPd%#_k{fv>FPzjA(oYasc2w)=?J4W8;qG@d1Ft*D<>oX5#8MnJJ9B-@VTAk{RpPwp
z;KAShqsfowOel?x(dyi;PZKU9hFgObok2WUk_NiNTPc->3d{c7^2Lf=Dxqp5-t|f^
zEorvJ46cgba;>K0ajY6meLi5eq}<^@4dbBFySjg2lZY5Ygkqt!)^S}|ceosJ-(5YJ
z5t)H#ne2AM{YA2dQZ5%c3iCQgH?v`r>r(Up)gPT+R7EAq0j?^H-rTu)^PYaVz1~*M
z67_m#LoA!ha#(klL{@wuTP*rIJ6<Whw@@7O?82B|i2)CL+Kvj7YWI^u=i_K=EjaO|
z)+Z(1;GWXx^IV2)R43<v6K0uUkvl_eI3O?7-`5HiYKbAV=XSz8iJ(rkB?kCIDD||V
z$kkfr<wh`@wfW;Un%T7!OSqiQVt*{z5)OZfGG}QeU#XAQXN05sAPf)^LPu-Z;B)%=
zyzBd+=<c9;S78M~aP<YQpS5-WvtUa<Bl)H6z`gQ|$^H9IR}CB<S{{U(F4wtFYkX?A
zwN~Fd&fyHliv=X^ZfS5lg63pnTGxB{K-67S=TBU5CtuzN06Z!I9XZdY8EKtjICcyn
zX4%;z49O@NG}sc4YaCb4EKFZ#2fx(^au`~E>-zpQ3@4Y2DkoTFpUxc7^m_ElPsld`
z0ZgM=ER`96k#U(_G_oBp8ILo$UZCK$7v`ixp-QnQIgoX<uK2^rBrhtf)WlkA|D_mG
z2)PNjfUy*LpLlRT_$-?K=lV%z_pbDVgjZj@&j%7E3a2=90ui3$U?xgAxT-h2kwvdQ
zn*4a6UdL0%V5p|x|1uUe^Vujz(QNiGO~+(W%%NuqTxZQ>w*c;oq84j?>9xsvMKF6G
zv%rX#h!B?SyD8mhVMmomPLY(!w0v2`TAlZ@PTEV7u>UMdPKybQ$vUpKzz}asXja-t
zJyWg+NaU&!#z)W@iPZ#O3uD;@p)X%EKb?^;iZ<z~zX_S-GTUw&hV=fbe2zVim*ax#
zt`dGu6Nq<jI;Wlwhp^<Mj5-MIj+J}Owf4%#)tZY~^o4ifQUQwoQh&-<RN5=$onv!S
zMq=OJgldlqfSG~!Br;jvd!^WE$!1PA=!;A4&l2{LEEk%ltnvHko&r_6C9u{&!$woK
z7OABr9es1CCM#;5ndQDCC;lR}rX~TIQgzwHX1c<eZ}V1X(v0Z!dsDgZ?pX5D${)<f
zUUWs^gt$gRwT|8%9tgT~6Vom<pwSWb-1ck8T>DoTpR%q^VobENPD`+shx7#$JB#|(
z*l>9qEs9}lJv-|S*P@y;q?n5BT@JC7@jUU{pE?6IBv=`SR)sccrbE*@YFdNnR9`F8
z@CL@0#^WKfj|b&rQ^{N;$0Z1ob+9$$b1`HoxhwCyVyW>f*{dlQ*;efH;{I8t8oi9k
zceXZ^n6j_5)}x`!Z-4tj7MgL1(Mw!O_SK^msI~?x!iB6u*zX1-On##9gM&gYRUvVf
z>xf5DfQ5OU`ZgJYeQNSk!t9~<06tZrMui&+V>h$RjOS=sF0=Gn@NF{K&0+IHQzBty
zo~r+v*+S}3IZ6+w6%Vp4?APx3wYY!}jv8-FI6g0NE~%@T5FkRkBr`CSCv^Iw^C?(k
z@vK_3t*u56t$84B6V`n+h#1r3g6yVwelZ7*_}r17Hx=Hdp%lm5Ga%o2+=#It+MEl4
z`v&fD-X+t8%r(D1J`Kq28LWw-ZOVE6lx<4~b{nsA=<ic`uy!qt2)qr&jYjFpmWc-A
zq3hma^+zLi9roGth~S-6BuH^RK6>n{`+`yrtweB?rU~r`8$T@_hkJv|UGH%3oGaT0
zj6NJQpx}2{)?*s&0MQIjAz@Vt=@A^;{@Bm&@7A#%v%(E7znuL%Hu+|vIMIj}b&feL
zlo5ClUvYD;Xt{hNvUq+3&o?SlP}DxZ4<EMn+?ZHluf30n<y8p)c4wGV$%d<YM+JyO
zs;pz-)1sAwEts7#4^^0DKv;`{^<giv8)EG>l|vu-7)4mV7%u9MfZ%@DYS>6ZDS)7)
zQ7u$r{~D)WAB*FbsTWi54`ry8Za6|ms+5H8gQ&)gD;zp~^UAJtYWFT$RtkDaPta<d
zJ4H`Y40Xf=x@@P|Jwv2QJwA?ND6^vOD|ZiMre5|Z+r?JYrM-;R5{+2J*hCZ9!kW6F
zS^(vXpZB>(`uCNeoHhimx}F<zS(p@EHucn6hJv~8*&-9v5yTLEcGvIvwZrpJL{0%?
zE<JBlPueMAba<oAr&OWSgtA+$?Wa{mo8nSTBqg-=L=GLBXwIjG;zjFOhQ?#AaZc%O
zc?jP~WH-B3Cwfc*LKZ1fh!feW)U=ZA0JxRuM*<YR4VdqFvQMPjqZFNmaBb;o-L$UJ
zhQz*{Vapni3tJpM^(kFcwUOuqmVDGEJ;{1r>^<)LB4;w3b}^n`hl#KH*wEeavh7>?
zw|BGnp9i%UV|MuvLzJ!eOKhM?;tk{Iws->+lH633K^Gq|$U0$b-e`tPc@It1e~I1a
zRpBuo@R6uzj?X{qa43wg2xlZNEBDl%rh6uD^o?=UAC=F9d$7?0X`rUMeY^%nnKcwr
zc8qPgG)2ztyS@JS$pW=Y0V#MEKYczMS8u6~@P54VM()Mt9xqLoM&O*p{FmJ)9;;eK
zsFF7$)X<*$R?^~4*Hm`!O|F_x3?GT5;K6<DK}v7;7=<ZLN&|Yr2FG(H<8|833VBL<
zO7`lL7Ba0{bEYyVZYPg*wQsX(@Uf#ARcc3iB~M^}*WE|~kUHoqDk`M>Crb3ob@;u_
zv&J0&Z_#gTVC>RFlC~{nXKh6r2jfDh)U;L#!Nb(Ta^bJ_;Qm>zr+4*x^91A!(5le7
z*Wtsv3$2qc4lCjIbP_tjSX2`*Ox-!kcb)xZd3XN3`L-QG-bV4;U$wUL-YQhh)*Tqk
zRjp0qRc`l9A%LUVw|*jj!*5jtucnF_c8Vw3w_G|Q-}@Uee<jlrCU3+PtR9!8vq>MG
zR<(X$dwkDc=2X};uprrcHrbn=H+0ydUTd*rh$`jYnU;{HOJdu0=e9d=12@1Uo?V<J
z6I3R&(~mq!wZ0^<$IPMbkLHD|kl}IJxYKobe=)}3)T?Q3VNR)ix%=*j>uv766c$m%
zTUK)KW^jBS=dz|*WyhwSSvH#1v~P)nE|1W>cig10sHT47j-fJ74muT$Z%w}i23C`t
z{(kkrRLc}{Ce0*siLExx4|E+XA@IcE9k#6t>3fbuZgq0n=03T;$ychkg}F3d7U;&X
zAQS0+eJ#5W78W~f^zsOm(FODqTvG6eUF*`_qV6@ejNw!8*ocy%feKT?+-q}X0r8ge
z(k7G9&&}oE6O@9mkvjGwGnCn>ik@d-^2-C2Qtw)^{#J(|dJ&N^;8xOo<lc@aj-|OE
zd4Wyq=cH-hC`<+u09Y?^5t{)i^x5<!uOvrVk9S_-hSm-z6CHEF58w#R?`)HJ?sp_s
z!3P%ybNRMO*GTDBAy|vksG5NPz_s)tUb1W}|5=k%B81LGX2LpV({%sHY#fn9nlyX(
z#Z>jz%}@mjHdG?OUUgauGEA<oFYGFbryw^5!*qiDfuApon&FchVZ2yO{)$LD1%0T^
z(PE=OcF0kNFAOn;%?EMdaRb@;;G_7@S}EYMHHHuh)!hU%yTezXuhmhen*I38E>_zW
z<Wil|H--jCgIuqq2!RTzMIM`a<JHl4>7>|lJKLs}lq2bshyG2Hq)Ley!}AL1(F%)&
zyP8wG%=<(d4G!}u+&~Zv-kH0`D<jY}?r>gP-p=T9DzjvuQR)JNqM4dW$y{ek70k{h
z^P}Nb*R1u%0V+G~lf~Kty8<9LSjt4@>i&nyyJWW~j&E_Z&YJk?0s+W+y)V;`H(c%*
zmn3WX!$@}43|ECMuY)(AVeTTh=T>j4T&?Oj=a~1o>Rwg$*ZB9ARssYgOxJVItPb^3
zdcLoFir>l5zl#=xwi#Z(r(V{gBO~Kg_v5D372S!JJbF(Yc;M|@tDvm$2DFce%(~EU
zy+NzNUE_vT!giy7nbj!huFdmE^_=%Tq6y}}9SZbc*T-Lryrk>S!$6Ogw`AF3<4CBj
zPP=dkZXwRtEC`~cOmj3fE8AkT8)W$IH7%wX2Xl>z)CifgH>|?#Y84cw06|wKnylQ)
zYI<eG1YI$HDaM8*H>yEfF1xk1X1LCk2k(q9Yq1!_?iHP>)>LWV@3zkcx)MJ4JOJW9
zt$M)vHis8r5-ESw=HrWxjAc^eF=w~>hCLW}R#k=2$h~KfC)+Mvv1)5TdNp>2gTAw6
zqX8vkk{+G-EJVlNOjTz6m{*n|Hd^s*OVB@vy`U^<*H$(A^+ZY<?qSfUtZOCVk+SK1
znOPD^OC*|Lt*qke#7sH?Tp422avh@`HdV(9G@x&`^>@yECi3U3VwqWLn@fYY6ucKl
zBVy6RT8+F~A)T;T=<>R!tBHim5k5NO{PI;8Wb#dDwDQE;G^3v91BoJ&lL+8%Wah#J
z{#K$3`$r3PMR|JlE`~RR@?+(3>aqMPvij3KkWH-+bfF>&d=Rg<h>doc9L<;~U+jYS
zSR>Po@p1TUZ9!5IHNnMDe;<oR#7fW^z5Jt}-VqVn(+kNgiBY_6%wEAvlJ7CAhZRj_
z(fANQ!JAARPN#7y$Uo|83Iz_}O#o~Ao5AA;+JJ{{Q$6+gbRuT_-9372S?L}&;Bba*
zjVpdUPoJfn#2^R?0-ZosJE7{tdw&7D?K8WS?9)5`vpiH90Ca0qKNGqy_>mq0oeBhD
zPDmRwC#nGii&wQ!)yPURTe2UMhAq{j5eiX>JT-9y3+s?0G}HsRKN)XJgh7)jwDdAI
zdxu4UxD6!TSA-iP$-Dhdat@@5;wHsrsC5@`w-zbX)dNQQ8+lShC--Gf!#6jU1LE2%
zWD==%Aq<!ehODPHo`pG#s;_|{f;epx8!tz$eftrPK^n1Zf79|d!*VdLZc(;eC))QN
zqdkp1mSeEVt2C?eoiis^4ar_2WYOKPW(Fftig4A(`f(WB(XifVB2PsMZ^g-@+XK^%
zFf&rR#W>Hz@<kt>&mwQ`2x{#Z^_K>vXDy8-U%ka5nnB=KVW*^loBULM?YUWG;VKFA
z4c|1D)()8NEmxImBm>$}$K+s~nhX&x5qVNADP@0{t&6%$y&~P}e>hNYsR$~>B)Y&t
ze$B#Y!ZYY7ks(^Cs#XE%SZ`JMkMoN4$+!T)S?Wt~#4h8uL(vBwr#H@LY%_(V{J^XR
zB2Ppb9eF3y1Fzp!=|-UYAR?Fzl`t^-NVY=*0hODC99V2tjHZT{z|)|3V>`@rDyC>t
zfJ&r%U>`J?BE(*HO2JORE_RepsCnMBejl*0Iu&cyKS?8xV-^La(+gBlQ{oEbL4;oW
z9_*EKna{4HeO3}3868)E@2_xA+N8{%$web4t4k|^J3IR=-j19Bi^LNp(=R0@V%f-0
z)?n?xOO}Y$$(iNxDd?y_>r<u(P9|5QzV?76W`1viirkNQVA=;$wH$LsqeU0iNyI(s
z0OUh;2{AVun(Jf*uqbz|l7)flgw}QEW4y`sSG@r051*xInJ{VO<!Lm2HlbpHN!4zo
zyB^^%9@2+4MUc<n-5_G3g2vpLlJ<iwqS#B5Ii|GS3aZ<6UQUT+%yhc3V<l@ELBu;Q
zijezZ9)5!&RY(>IdjTV+bxC^cJ^e^vBlg83*Df-gU*X(}Lf%{n&FNSJwT1Nbjhv3P
zIBjD7OHh8_Br^v#QsE^`wM;Z}g4@l4Oyk?uG$E5ysag}tR?m68ZO>L4)>GM-hQKd2
zsJ^oG@|kgn#Rs7ncKk{z=lMWD6Cr)vNZTIvH)B{|;lyVN?n@4}3iGcldOy_pe|jAh
z{Tvf||8B9UZrdc8MHB=TLiaI{=1BqCvzVj%Dd$1m2`7O6vOnKAfvZIH1xaIKTt*qB
zw$;D9eLb)MW;$L@zZ>m=AEa4uz?VdtD*W-t1&PAhw%p9=iuzL^u(}eg?6|O!lFNk2
zbCW&Qh>MWcRi=4jjo}WKc0RycDGKWKyDJp7Am0<Z56|}@6Ojc=)Y$M<UrIK*PFJgq
zdj=N;Xd4~AH{p#=r5tye+>P|RaEChldT>}FuJCh%Mim=IRe1ChyXKL>^?OIh9A7RO
zd3xBpAZ7mubhxYaO!-0y3h$dp^l`g&*U128xLDewHC_!j9^Td_GDCYgGeewK2MRRV
zok5-u9G1uaZitfS3?O^=K)EJAfNnu8zvdp>d<Ba1QGo|bB41&=6Yo#}?;4DD<4F*{
z8*dxVW7&(SH|Arf-s1icvvs666f@V%HN7HsUAQ6EHmAd#I9uIDtwg5=;x|N&Rb%7P
z!DI~W3%JMcelP78bEJ<dPiEpAC$R69;)`GRe4NLbUkKS~E6KTXG@TZob=IRCX4ng+
zZ=~6Tt)QK6AEe~mPt4}xliY4k^YEOT^09*hFa^HIE#%@m`vQN{l}|8!`8mVl*Sw-}
zc{r!RT8++~W5x|t4Q$V*MP?8M`BAp$Qei7+@9@V^B+5*$pMl|^U1Mc?=zSG6@5xFe
zB5XXqnaUOV_o4?09#<^NyM}u@35RBwMeL{ft+9aOCZSgR<xnBo7X?r2xOMSirqVVe
z-OuTLPnUX24Cq?fGvjscE>Zc@>CmKZ_84!&dz9Vn^;?=V^*gr6c;NQ~aqqY}E*^bf
zSB=4QBf8!F3_f1WV8~z0;F>g@_`yv3#Guh+E}X2DYlQ!rQ<a5fT|4GZbXeQqOYz*;
zoQG6YoJI1S__7!oB4);<7h(6xjf67P134|UCC#RwyYlrH0jj_f-golAu0TwBlJALl
zJ0aXQ7pK%^Xhik{eG2QUcN%y0msI{W32}$=P5XGfmoymJ18^vYV_WYlh|ff;Ov>_8
z);dbQ^B$a<SaWW$Jf79gRw`^(RUl=*j<D_Tm%p1jezT@>k=jPa*>giM(J-x-r@Sv@
zm{_8%ZXR9qdd}5hSrxjiDFuwvwI}$Z>TFHlU%`D~rAf~F<CwZ_qs5(esrRAG`Z%Wo
zH2-4t?A>~xa(Ju~y8{~ZsNPA>zj@TfTF7C2v&pz$p`U=mj%F9GL<5gHmDEfNp;}R9
zxrEI|?}M%0*1*NuZ5m<Z@rXeWd{c3!R2Yh1y47X0Ad--b<^TFoOe`#4o|W6u0EeZf
z^klgyJ<G79vfM7kg5-zSRCdy5(FIAVOg{lny+z0f8jf_2UmhO$mWi*H7p<|C+_aj~
zcL6#|;Lm%~Wo>4I=gpHl7eoU#&++t<*s4(qi7chmt+43T128C<Vg~N7zpjmFqlXFd
z)MPijudoo>QyUgb(zlvWcwJ8{dQ=Y8$`8zjSgs?vg8S;&dS2gLElGGAMoUN<mv~vY
zkD`UV*M@@Ej?>+_GYo72f+2HBAJ$;a9&?oCS3Zz!;1zP}xRRj-dzGdX57~I_TL!?T
zY0TUjU-Zs>9O|=J!`?w?<9Cly9H18Fx5cMn3Cu3V$X4|nA47OG8ziANRHRMD`AB)!
z^CDJbB$M*;M!X{*^|@No5BnHq|0%sN>97gn;jqKFS<}v&v@AJ@fF(pu*{5Brq>QP_
zr~#=ykMovqJI7&x^{FROud_VKO)b8_d5Zr_B0_nnlWJQ51g9kv4R`%FYnfY{=VZ*E
z&2k$+M_C$bOR`!IyiaSmJfUhhgkIDSHYWW8t8LHhZA4o5ANJ0uZYP{NbtCN+LaM3P
z9%WGr-e~~4*Y(%-njQ#FsR{G5E<+VK+$v=6%8xa;Rh%c)Qca#>t`M<l_+UDX(DnQ8
z<0_i*+<v&?EvhxN=*LCo2BKwh=01z?Nc+idzVr@c^s>&nQ7^vjhsjZ>*15ABTIZe~
zxQ(-)M3_z^+c=AJ6UT2AdRKYO5xxg&H_0%bd*;x;)=nt5lxpl}G4~B2XFj|Ri9k$}
z{`<?b+Z9_!1iEJvfRMM@dnzYIoXQTg`0-BJ_ylfcOg^VH8w)IM(_Jxqn7)sQ?q8OV
z`zBXwYFWqTSZrwgkkrk+(~6X_Sn$4&wB*}xZY!wsyubo?nfa&5v^H(*=}DDecaJ^`
z9{3la1%P2*M`r8tH%J@KU7cTSqxM5{8arWSGMYT(1S;cXw4@8)Gc2Uo#l&|pNxN_d
z6qb3eSbaZunJT6<7(mH}FIFq7PgSE+@~!H+M-y@)mpD#eR-o0q{_)IsLV{kb;VZuw
z4)9(73*qlWMWz!b7s9diSNBaSU41K}c*g0j-6%-v{H)IpsWue`yW3dD#G>wRtJ}cU
zN`8x+Gm8TIU&f3dY^f~2-RXnKgb7Kcn#tSpOkOWGCQ`3yRLD#G+jeQ+1^g!IZr^o2
zJUPzBUhA*FZ3I8<;b~3x6p4Xgc?oorGeFkm#&m|s4U9p_d_y5CzCjE#?L&dD$cG9Z
zsaM6fME4XL*lmA7kEU`t=t1ECFEvd<Mkz#FkAscR$5O2Sh^CzJlf&V5B14y~U$*N|
zEfS1tczIj)x}PVrKwZXQmpVMul0vL?Ex9e-wB=lWvOX`t)Kr<DvLEi~#QMUJ-F!{E
zC~d<%imUtkN5++f)XIwc;nUi==FFj)aKD&JTFoqfWx6di4eWd|PQOdP%yS~b-)#7n
zDtKP^lEZzkQ4c843@daYD9oD6FKs=2*Ajw_kSPBqla`29Y%4R>Nb3-DO@57bRJLR2
zi?U$Bd%~MH?wG^b4LK(yIr4bpLHPTMG7y3Sbd-|>okMKI4K=_)FzOEWM|ygCsShH-
zx8@)Az82MM<nYbTvh~csp%8qL-C9J73Zna$MG3i$6CD61N`n8A00i=`B=fp|2MxbV
z+R$8BG-C7=^2vz*WPN(pnN805fIjm%_;*)jl@t`f`%sHC5d7Q!`S&r-87DLd?C^x9
z``gC*Ux&Ba_mIQRnJ1<;5Z~YJ|78vl4Wqk5g>5qslmA!y-#+|5_N6@#d5CJqKrP1@
zdbHf1^7C_iVI7nQ9h_VtHk_RB+)Gu?Qk!TK$KaR5KAuArcC&BToy;YoZDc@y>{fga
zP72<JvnO3@)jYIJ&46r7xjJR0e)d8iS;#c1v!e*Y3Pu?!8#Io%l7{ARnrq&}^`AR8
z_}@K`jJL)KR=U3WOJD5wp-0~}68^$CeTaocpROpw7n3#yXj4T*%zxn_`uoiI>+=Z;
zd1yA!w@Sb=@4Ofa3V!dCAfLQjx-6!VY*(S4DraucWDFezz<V+=jpW~^<X;XC_etQB
zEp!^M2SC1bE5KT$!=T2QeqpU80KPgPxb4w%ylGQw1ad|^IAue#FQECvx3RS<_6eJW
z^6CcbtngYin*LRit3=PxQfo>xL>nAWRGWTzW?v8mn3whd*hbnv5oIolf1uok;oyLi
z5y3VfSsl=vh3igXb<&QSy(7mbg89?LCiZBSaHl*_3<h|<klkcI>{%N1lRWw<05|Ps
zhH4Q2y&RUU^|>x4Ofo<a&j(VtHg2L2=YzXZwL||~t%=X2DdJIeSf6<>9(9{_a4qzx
zUI-q;>sU5GP6Om-+N31r90G1X9CB-J75|)zl8so)f%u``$RpNS+#)5;aQo;Aoj`Q4
zcM@|Xe|$F@4+Co68NZd_zt6&yWBXo+Ul-oQNgk`|hGru}LjK3|lM5nzM3^PA*NN*`
z!FdVQnv?Nz(#=%w_Kyzb{n_gL5HRV4HXq~n^HmV|XCdlaBdoVl5RuAqIMisxJ&?@@
zP8T!S;d9*Xy&}iqj{%}<|H>WPK1|g!A*a|ymkV;pDO*t<xSGpNj}#vzQK-78d;h%j
zcW3qA%lS5{<vl8q{q8_qYjH%ixkO31-9-6@GP2BljLb&S_sB3;xn#43@r-%<ya#m-
z$54k5tiYGyYU}I}C#<lLXmpGsvRLys23oQ)Jxtr<uS-s43)OFUzuxzmVg{lSxL%yi
zTj@m<zF*Gre&1HNDpSU=BiPt|7&?XAT{V=FuI4Huw6Qwx{t$niX{oT+YpD=w$t0{Q
z1hLVB3EHUnb^gr<`@iHAQ8KE%5dg@bzpGYFdduPzr0g#3C*)n@dx(L`>{Ha4EIW%;
z9V}TiVRgWKJ4R4zjQYJe)<{-q3J06yJjCQtq2cD)NILsI8@D&NBwh#`$z<~Y2r8O?
zEFavE&w14;a+DD|d%Pd7WO72yv~v;0`D7)l7V!#Ay@f<*(ov(QScZk_XHM4u+0~39
zdzHzH%r_d+vyh_9|FL>_n}|*(fWBjxFu8-F-TW<=-jwXMR!!DHJ-sncbqviSlkrz1
zs23hs5??>r9WT6t)+%$haWtIy7Tf%k?GcHAts_mbQ(5e%L1Wnt@Z>0(e{#uN%E+!z
z{`ssT=fdf8bv!^;ZK<%k74=n>snDnO)c}4;C&V}De^PWF9!S$_6OKMS7I*9zpC8Qm
z+kW-8ecV$HOp1kSW!Ma>#~!WqGNw9r{h`n@qmd4==60)4Np;D+>Fx%;aX<neat%Y^
z%f8LV;EOB9=Pc{Ixn(+vHU<FUMh+fEMID;(&$+W^(C2$bGeMVl<qBKhi<3yU^3+P(
z58Mg$&;0S3;;z&Ep<DGR02Y>>P^Tbd=KmB_xBe}1=tTCteF)HWoub%}e(U5r5hZ#x
z_KqltNbxb7W%24fMD|3JhFtQ@8q@&xtbmr_t#D?j&9h>T(ZUU&mr+oivnaPN)zCtj
z`^u1tyEgIKSuIS3Lzf!=#~rcZN+&f{qXEL{gm=er*eVEh7@3e8BFwyo-hIq^{WS|D
z-YaG!{O!42kXOd0<aZy!U$%}%gXl^wJXn>e!5<d!mp92<fDhXR6%nwFQjB>@v?Z&0
zrtiXiT;e|Z`5TCh9W%{4hpWP73gl&Z$X6;Gm9u`&9^f_j{zohbmrm<h^M%KN1T;TG
zFo;h-$-I5%=7=9>f6eGXX6~&^iLHG{zMFi`Z1_X`RaW@s<I6tCq{iT*Gzh49mHH(H
zizz1%=1=394ovccO4VQAeD(yBz6gaxp_nk^D{}-%9;&AdpBFCsy|#T4Bq)9=qFDUM
zS<LW$skGcGg&Sfn9-PBXj}(!y+aV3D#5`-Rd*k|;Tl7dkd(z=J2F{WUJJ`3Q$Y&p#
z*AiB($oaEXsT}1eC#^luX5?5ikR}fOD2{AvhsbpW=Boc3SE5iecup&5{xEBLbx)%Y
z`vOgu^`YtIG>Hq0KFCGSnwSx)wVrgqsYh1cWHZC;P50+eA1zXxSC)^%#rsM#(nr_}
z^enKTBPrO#4Hro~bvfKf*%+}2yE5fGIc4h-n~u|w<z3wjNm`lBKdwPnij!){u$2%f
z;Eq1lSMQ1rpvDd=qVc&jhu!0T=V-?~T}#rSR_u#sZ>pAV+Ob-MgsAY(P||k3oSaI4
zIvp!fA&K_#$>WzS>fC&SL5)~VdKDo$FI3Xou_Lf2ZCa`LIsw(q67KuJ?MMnTp}g6c
zSWR3(I^?LDT>sz9<iDqp8vr^UOccmxcc+~jm>n92AwrX7%S2ygKhSScMZmd8G$iQQ
zr+}l?3K27PP8<sKo4JQ6KFYOeDax%R^%(31Z#okfOr-~xTKycQW>T@a20D}9es%xT
zgt+lRD`A69v(B8G*wSk5=|^S1CZ!_SxR^7S?pxFK>o-0{)fEa9V>1c9`@^_F0cyot
zwt&920$)O%I#nYrXkxLXj3WBSh3x*=+6@jm9-U~WuytrD>D}>iI$Z4a6EZm~#eaxJ
zh@j-9M~A!_NzAs-(Z6)g-?Y$g?odDwZVl)a;173i*g<sVvwO_0hd<og@&W`=@jU|E
ziT~@s=3gIpT`8cTNt(5E22lQ>RQx~or6+C+<lasi!yne5AU~gkBn6B3wLSj_8PExW

literal 0
HcmV?d00001

diff --git a/login/.github/dependabot.yml b/login/.github/dependabot.yml
new file mode 100644
index 0000000000..8f3906c179
--- /dev/null
+++ b/login/.github/dependabot.yml
@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: '/'
+    open-pull-requests-limit: 1
+    schedule:
+      interval: 'daily'
+
+  - package-ecosystem: npm
+    directory: '/'
+    open-pull-requests-limit: 3
+    schedule:
+      interval: daily
+    groups:
+      prod:
+        dependency-type: production
+      dev:
+        dependency-type: development
+    ignore:
+      - dependency-name: "eslint"
+        versions: [ "9.x" ]
diff --git a/login/.github/pull_request_template.md b/login/.github/pull_request_template.md
new file mode 100644
index 0000000000..138d4919af
--- /dev/null
+++ b/login/.github/pull_request_template.md
@@ -0,0 +1,13 @@
+### Definition of Ready
+
+- [ ] I am happy with the code
+- [ ] Short description of the feature/issue is added in the pr description
+- [ ] PR is linked to the corresponding user story
+- [ ] Acceptance criteria are met
+- [ ] All open todos and follow ups are defined in a new ticket and justified
+- [ ] Deviations from the acceptance criteria and design are agreed with the PO and documented.
+- [ ] Vitest unit tests ensure that components produce expected outputs on different inputs.
+- [ ] Cypress integration tests ensure that login app pages work as expected on good and bad user inputs, ZITADEL responses or IDP redirects. The ZITADEL API is mocked, IDP redirects are simulated.
+- [ ] Playwright acceptances tests ensure that the happy paths of common user journeys work as expected. The ZITADEL API is not mocked but IDP redirects are simulated.
+- [ ] No debug or dead code
+- [ ] My code has no repetitions
diff --git a/login/.github/workflows/close_pr.yml b/login/.github/workflows/close_pr.yml
new file mode 100644
index 0000000000..b44eb5bfe8
--- /dev/null
+++ b/login/.github/workflows/close_pr.yml
@@ -0,0 +1,35 @@
+name: Auto-close PRs and guide to correct repo
+
+on:
+  pull_request_target:
+    types: [opened]
+
+jobs:
+  auto-close:
+    runs-on: ubuntu-latest
+    if: github.repository_id == '622995060'
+    steps:
+      - name: Comment and close PR
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const message = `
+            👋 **Thanks for your contribution!**
+            
+            This repository \`${{ github.repository }}\` is a read-only mirror of our internal development in [\`zitadel/zitadel\`](https://github.com/zitadel/zitadel).
+            Therefore, we close this pull request automatically, but submitting your changes to the main repository is easy:
+            1. Fork and clone zitadel/zitadel
+            2. Create a new branch for your changes
+            3. Pull your changes into the new fork by running `make login_pull LOGIN_REMOTE_URL=<your-typescript-fork-org>/typescript LOGIN_REMOTE_BRANCH=<your-typescript-fork-branch>`.
+            4. Push your changes and open a pull request to zitadel/zitadel
+            `.trim();
+            await github.rest.issues.createComment({
+                ...context.repo,
+              issue_number: context.issue.number,
+              body: message
+            });
+            await github.rest.pulls.update({
+                ...context.repo,
+              pull_number: context.issue.number,
+              state: "closed"
+            });
diff --git a/login/.github/workflows/issues.yml b/login/.github/workflows/issues.yml
new file mode 100644
index 0000000000..ff12b8fe04
--- /dev/null
+++ b/login/.github/workflows/issues.yml
@@ -0,0 +1,41 @@
+name: Add new issues to product management project
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  add-to-project:
+    name: Add issue and community pr to project
+    runs-on: ubuntu-latest
+    if: github.repository_id == '622995060'
+    steps:
+      - name: add issue
+        uses: actions/add-to-project@v1.0.2
+        if: ${{ github.event_name == 'issues' }}
+        with:
+          # You can target a repository in a different organization
+          # to the issue
+          project-url: https://github.com/orgs/zitadel/projects/2
+          github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
+      - uses: tspascoal/get-user-teams-membership@v3
+        id: checkUserMember
+        if: github.actor != 'dependabot[bot]'
+        with:
+         username: ${{ github.actor }}
+         GITHUB_TOKEN: ${{ secrets.ADD_TO_PROJECT_PAT }}
+      - name: add pr
+        uses: actions/add-to-project@v1.0.2
+        if: ${{ github.event_name == 'pull_request_target' && github.actor != 'dependabot[bot]' && !contains(steps.checkUserMember.outputs.teams, 'engineers')}}
+        with:
+          # You can target a repository in a different organization
+          # to the issue
+          project-url: https://github.com/orgs/zitadel/projects/2
+          github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
+      - uses: actions-ecosystem/action-add-labels@v1.1.3
+        if: ${{ github.event_name == 'pull_request_target' && github.actor != 'dependabot[bot]' && !contains(steps.checkUserMember.outputs.teams, 'staff')}}
+        with:
+          github_token: ${{ secrets.ADD_TO_PROJECT_PAT }}
+          labels: |
+            os-contribution
diff --git a/login/.github/workflows/release.yml b/login/.github/workflows/release.yml
new file mode 100644
index 0000000000..2508627d1b
--- /dev/null
+++ b/login/.github/workflows/release.yml
@@ -0,0 +1,32 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+
+concurrency: ${{ github.workflow }}-${{ github.ref }}
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    if: github.repository_id != '622995060'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Create Release Pull Request
+        uses: changesets/action@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/login/.github/workflows/test.yml b/login/.github/workflows/test.yml
new file mode 100644
index 0000000000..7b4721dbee
--- /dev/null
+++ b/login/.github/workflows/test.yml
@@ -0,0 +1,67 @@
+name: Quality
+on:
+  pull_request:
+  workflow_dispatch:
+    inputs:
+      ignore-run-cache:
+        description: 'Whether to ignore the run cache'
+        required: false
+        default: true
+      ref-tag:
+        description: 'overwrite the DOCKER_METADATA_OUTPUT_VERSION environment variable used by the make file'
+        required: false
+        default: ''
+jobs:
+  quality:
+    name: Ensure Quality
+    if: github.event_name == 'workflow_dispatch' ||
+      (github.event_name == 'pull_request' && github.repository_id != '622995060')
+    runs-on: ubuntu-22.04
+    timeout-minutes: 30
+    permissions:
+      contents: read # We only need read access to the repository contents
+      actions: write # We need write access to the actions cache
+    env:
+      CACHE_DIR: /tmp/login-run-caches
+    # Only run this job on workflow_dispatch or pushes to forks
+    steps:
+      - uses: actions/checkout@v4
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/zitadel/login
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+      - name: Set up Buildx
+        uses: docker/setup-buildx-action@v3
+      # Only with correctly restored build cache layers, the run caches work as expected.
+      # To restore docker build layer caches, extend the docker-bake.hcl to use the cache-from and cache-to options.
+      # https://docs.docker.com/build/ci/github-actions/cache/
+      # Alternatively, you can use a self-hosted runner or a third-party builder that restores build layer caches out-of-the-box, like https://depot.dev/
+      - name: Restore Run Caches
+        uses: actions/cache/restore@v4
+        id: run-caches-restore
+        with:
+          path: ${{ env.CACHE_DIR }}
+          key: ${{ runner.os }}-login-run-caches-${{github.ref_name}}-${{ github.sha }}-${{github.run_attempt}}
+          restore-keys: |
+            ${{ runner.os }}-login-run-caches-${{github.ref_name}}-${{ github.sha }}-
+            ${{ runner.os }}-login-run-caches-${{github.ref_name}}-
+            ${{ runner.os }}-login-run-caches-
+      - run: make login_quality
+        env:
+          IGNORE_RUN_CACHE: ${{ github.event.inputs.ignore-run-cache == 'true' }}
+          DOCKER_METADATA_OUTPUT_VERSION: ${{ github.event.inputs.ref-tag || env.DOCKER_METADATA_OUTPUT_VERSION || steps.meta.outputs.version }}
+      - name: Save Run Caches
+        uses: actions/cache/save@v4
+        with:
+          path: ${{ env.CACHE_DIR }}
+          key: ${{ steps.run-caches-restore.outputs.cache-primary-key }}
+        if: always()
diff --git a/login/.gitignore b/login/.gitignore
new file mode 100644
index 0000000000..8d49ae1b37
--- /dev/null
+++ b/login/.gitignore
@@ -0,0 +1,18 @@
+.DS_Store
+node_modules
+.turbo
+*.log
+.next
+dist
+dist-ssr
+*.local
+.env
+server/dist
+public/dist
+.vscode
+.idea
+.vercel
+.env*.local
+/blob-report/
+/out
+/docker
diff --git a/login/.npmrc b/login/.npmrc
new file mode 100644
index 0000000000..ded82e2f63
--- /dev/null
+++ b/login/.npmrc
@@ -0,0 +1 @@
+auto-install-peers = true
diff --git a/login/.nvmrc b/login/.nvmrc
new file mode 100644
index 0000000000..0a47c855eb
--- /dev/null
+++ b/login/.nvmrc
@@ -0,0 +1 @@
+lts/iron
\ No newline at end of file
diff --git a/login/.prettierignore b/login/.prettierignore
new file mode 100644
index 0000000000..77415caa1e
--- /dev/null
+++ b/login/.prettierignore
@@ -0,0 +1,9 @@
+.next/
+.changeset/
+.github/
+dist/
+standalone/
+packages/zitadel-proto/google
+packages/zitadel-proto/protoc-gen-openapiv2
+packages/zitadel-proto/validate
+packages/zitadel-proto/zitadel
diff --git a/login/.prettierrc b/login/.prettierrc
new file mode 100644
index 0000000000..ba42405b03
--- /dev/null
+++ b/login/.prettierrc
@@ -0,0 +1,6 @@
+{
+  "printWidth": 125,
+  "trailingComma": "all",
+  "plugins": ["prettier-plugin-organize-imports"],
+  "filepath": ""
+}
diff --git a/login/CODE_OF_CONDUCT.md b/login/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000000..ac3f129652
--- /dev/null
+++ b/login/CODE_OF_CONDUCT.md
@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+legal@zitadel.com.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.
diff --git a/login/CONTRIBUTING.md b/login/CONTRIBUTING.md
new file mode 100644
index 0000000000..783935984f
--- /dev/null
+++ b/login/CONTRIBUTING.md
@@ -0,0 +1,206 @@
+# Contributing
+
+:attention: In this CONTRIBUTING.md you read about contributing to this very repository.
+If you want to develop your own login UI, please refer [to the README.md](./README.md).
+
+## Introduction
+
+Thank you for your interest about how to contribute!
+
+:attention: If you notice a possible **security vulnerability**, please don't hesitate to disclose any concern by contacting [security@zitadel.com](mailto:security@zitadel.com).
+You don't have to be perfectly sure about the nature of the vulnerability.
+We will give them a high priority and figure them out.
+
+We also appreciate all your other ideas, thoughts and feedback and will take care of them as soon as possible.
+We love to discuss in an open space using [GitHub issues](https://github.com/zitadel/typescript/issues),
+[GitHub discussions in the core repo](https://github.com/zitadel/zitadel/discussions)
+or in our [chat on Discord](https://zitadel.com/chat).
+For private discussions,
+you have [more contact options on our Website](https://zitadel.com/contact).
+
+## Pull Requests
+
+Please consider the following guidelines when creating a pull request.
+
+- The latest changes are always in `main`, so please make your pull request against that branch.
+- pull requests should be raised for any change
+- Pull requests need approval of a Zitadel core engineer @zitadel/engineers before merging
+- We use ESLint/Prettier for linting/formatting, so please run `pnpm lint:fix` before committing to make resolving conflicts easier (VSCode users, check out [this ESLint extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) and [this Prettier extension](https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode) to fix lint and formatting issues in development)
+- If you add new functionality, please provide the corresponding documentation as well and make it part of the pull request
+
+### Setting up local environment
+
+```sh
+# Install dependencies. Developing requires Node.js v20
+pnpm install
+
+# Generate gRPC stubs
+pnpm generate
+
+# Start a local development server for the login and manually configure apps/login/.env.local
+pnpm dev
+```
+
+The application is now available at `http://localhost:3000`
+
+Configure apps/login/.env.local to target the Zitadel instance of your choice.
+The login app live-reloads on changes, so you can start developing right away.
+
+### <a name="latest"></a>Developing Against A Local Latest Zitadel Release
+
+The following command uses Docker to run a local Zitadel instance and the login application in live-reloading dev mode.
+Additionally, it runs a Traefik reverse proxy that exposes the login with a self-signed certificate at https://127.0.0.1.sslip.io
+127.0.0.1.sslip.io is a special domain that resolves to your localhost, so it's safe to allow your browser to proceed with loading the page.
+
+```sh
+# Install dependencies. Developing requires Node.js v20
+pnpm install
+
+# Generate gRPC stubs
+pnpm generate
+
+# Start a local development server and have apps/login/.env.test.local configured for you to target the local Zitadel instance.
+pnpm dev:local
+```
+
+Log in at https://127.0.0.1.sslip.io/ui/v2/login/loginname and use the following credentials:
+**Loginname**: *zitadel-admin@zitadel.127.0.0.1.sslip.io*
+**Password**: _Password1!_.
+
+The login app live-reloads on changes, so you can start developing right away.
+
+### <a name="local"></a>Developing Against A Locally Compiled Zitadel
+
+To develop against a locally compiled version of Zitadel, you need to build the Zitadel docker image first.
+Clone the [Zitadel repository](https://github.com/zitadel/zitadel.git) and run the following command from its root:
+
+```sh
+# This compiles a Zitadel binary if it does not exist at ./zitadel already and copies it into a Docker image.
+# If you want to recompile the binary, run `make compile` first
+make login_dev
+```
+
+Open another terminal session at zitadel/zitadel/login and run the following commands to start the dev server.
+
+```bash
+# Install dependencies. Developing requires Node.js v20
+pnpm install
+
+# Start a local development server and have apps/login/.env.test.local configured for you to target the local Zitadel instance.
+NODE_ENV=test pnpm dev
+```
+
+Log in at https://127.0.0.1.sslip.io/ui/v2/login/loginname and use the following credentials:
+**Loginname**: *zitadel-admin@zitadel.127.0.0.1.sslip.io*
+**Password**: _Password1!_.
+
+The login app live-reloads on changes, so you can start developing right away.
+
+### Quality Assurance
+
+Use `make` commands to test the quality of your code against a production build without installing any dependencies besides Docker.
+Using `make` commands, you can reproduce and debug the CI pipelines locally.
+
+```sh
+# Reproduce the whole CI pipeline in docker
+make login_quality
+# Show other options with make
+make help
+```
+
+Use `pnpm` commands to run the tests in dev mode with live reloading and debugging capabilities.
+
+#### Linting and formatting
+
+Check the formatting and linting of the code in docker
+
+```sh
+make login_lint
+```
+
+Check the linting of the code using pnpm
+
+```sh
+pnpm lint
+pnpm format
+```
+
+Fix the linting of your code
+
+```sh
+pnpm lint:fix
+pnpm format:fix
+```
+
+#### Running Unit Tests
+
+Run the tests in docker
+
+```sh
+make login_test_unit
+```
+
+Run unit tests with live-reloading
+
+```sh
+pnpm test:unit
+```
+
+#### Running Integration Tests
+
+Run the test in docker
+
+```sh
+make login_test_integration
+```
+
+Alternatively, run a live-reloading development server with an interactive Cypress test suite.
+First, set up your local test environment.
+
+```sh
+# Install dependencies. Developing requires Node.js v20
+pnpm install
+
+# Generate gRPC stubs
+pnpm generate
+
+# Start a local development server and use apps/login/.env.test to use the locally mocked Zitadel API.
+pnpm test:integration:setup
+```
+
+Now, in another terminal session, open the interactive Cypress integration test suite.
+
+```sh
+pnpm test:integration open
+```
+
+Show more options with Cypress
+
+```sh
+pnpm test:integration help
+```
+
+#### Running Acceptance Tests
+
+To run the tests in docker against the latest release of Zitadel, use the following command:
+
+:warning: The acceptance tests are not reliable at the moment :construction:
+
+```sh
+make login_test_acceptance
+```
+
+Alternatively, run can use a live-reloading development server with an interactive Playwright test suite.
+Set up your local environment by running the commands either for [developing against a local latest Zitadel release](latest) or for [developing against a locally compiled Zitadel](compiled).
+
+Now, in another terminal session, open the interactive Playwright acceptance test suite.
+
+```sh
+pnpm test:acceptance open
+```
+
+Show more options with Playwright
+
+```sh
+pnpm test:acceptance help
+```
diff --git a/login/LICENSE b/login/LICENSE
new file mode 100644
index 0000000000..89f750f2ab
--- /dev/null
+++ b/login/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 ZITADEL
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/login/Makefile b/login/Makefile
new file mode 100644
index 0000000000..a6e781374b
--- /dev/null
+++ b/login/Makefile
@@ -0,0 +1,137 @@
+XDG_CACHE_HOME ?= $(HOME)/.cache
+export CACHE_DIR ?= $(XDG_CACHE_HOME)/zitadel-make
+
+LOGIN_DIR ?= ./
+LOGIN_BAKE_CLI ?= docker buildx bake
+LOGIN_BAKE_CLI_WITH_ARGS := $(LOGIN_BAKE_CLI) --file $(LOGIN_DIR)docker-bake.hcl --file $(LOGIN_DIR)apps/login-test-acceptance/docker-compose.yaml
+LOGIN_BAKE_CLI_ADDITIONAL_ARGS ?=
+LOGIN_BAKE_CLI_WITH_ARGS += $(LOGIN_BAKE_CLI_ADDITIONAL_ARGS)
+
+export COMPOSE_BAKE=true
+export UID := $(id -u)
+export GID := $(id -g)
+
+export LOGIN_TEST_ACCEPTANCE_BUILD_CONTEXT := $(LOGIN_DIR)apps/login-test-acceptance
+
+export DOCKER_METADATA_OUTPUT_VERSION ?= local
+export LOGIN_TAG ?= login:${DOCKER_METADATA_OUTPUT_VERSION}
+export LOGIN_TEST_UNIT_TAG := login-test-unit:${DOCKER_METADATA_OUTPUT_VERSION}
+export LOGIN_TEST_INTEGRATION_TAG := login-test-integration:${DOCKER_METADATA_OUTPUT_VERSION}
+export LOGIN_TEST_ACCEPTANCE_TAG := login-test-acceptance:${DOCKER_METADATA_OUTPUT_VERSION}
+export LOGIN_TEST_ACCEPTANCE_SETUP_TAG := login-test-acceptance-setup:${DOCKER_METADATA_OUTPUT_VERSION}
+export LOGIN_TEST_ACCEPTANCE_SINK_TAG := login-test-acceptance-sink:${DOCKER_METADATA_OUTPUT_VERSION}
+export LOGIN_TEST_ACCEPTANCE_OIDCRP_TAG := login-test-acceptance-oidcrp:${DOCKER_METADATA_OUTPUT_VERSION}
+export LOGIN_TEST_ACCEPTANCE_OIDCOP_TAG := login-test-acceptance-oidcop:${DOCKER_METADATA_OUTPUT_VERSION}
+export LOGIN_TEST_ACCEPTANCE_SAMLSP_TAG := login-test-acceptance-samlsp:${DOCKER_METADATA_OUTPUT_VERSION}
+export LOGIN_TEST_ACCEPTANCE_SAMLIDP_TAG := login-test-acceptance-samlidp:${DOCKER_METADATA_OUTPUT_VERSION}
+export POSTGRES_TAG := postgres:17.0-alpine3.19
+export GOLANG_TAG := golang:1.24-alpine
+export ZITADEL_TAG ?= ghcr.io/zitadel/zitadel:latest
+export LOGIN_CORE_MOCK_TAG := login-core-mock:${DOCKER_METADATA_OUTPUT_VERSION}
+
+login_help:
+	@echo "Makefile for the login service"
+	@echo "Available targets:"
+	@echo "  login_help              - Show this help message."
+	@echo "  login_quality           - Run all quality checks (login_lint, login_test_unit, login_test_integration, login_test_acceptance)."
+	@echo "  login_standalone_build  - Build the docker image for production login containers."
+	@echo "  login_lint              - Run linting and formatting checks. IGNORE_RUN_CACHE=true prevents skipping."
+	@echo "  login_test_unit         - Run unit tests. Tests without any dependencies. IGNORE_RUN_CACHE=true prevents skipping."
+	@echo "  login-test_integration  - Run integration tests. Tests a login production build against a mocked Zitadel core API. IGNORE_RUN_CACHE=true prevents skipping."
+	@echo "  login_test_acceptance   - Run acceptance tests. Tests a login production build with a local Zitadel instance behind a reverse proxy. IGNORE_RUN_CACHE=true prevents skipping."
+	@echo "  typescript_generate	 - Generate TypeScript client code from Protobuf definitions."
+	@echo "  show_run_caches         - Show all run caches with image ids and exit codes."
+	@echo "  clean_run_caches        - Remove all run caches."
+
+
+login_lint:
+	@echo "Running login linting and formatting checks"
+	$(LOGIN_BAKE_CLI_WITH_ARGS) login-lint
+
+login_test_unit:
+	@echo "Running login unit tests"
+	$(LOGIN_BAKE_CLI_WITH_ARGS) login-test-unit
+
+login_test_integration_build:
+	@echo "Building login integration test environment with the local core mock image"
+	$(LOGIN_BAKE_CLI_WITH_ARGS) core-mock login-test-integration login-standalone --load
+
+login_test_integration_dev: login_test_integration_cleanup
+	@echo "Starting login integration test environment with the local core mock image"
+	$(LOGIN_BAKE_CLI_WITH_ARGS) core-mock && docker compose --file $(LOGIN_DIR)apps/login-test-integration/docker-compose.yaml run --service-ports --rm core-mock
+
+login_test_integration_run: login_test_integration_cleanup
+	@echo "Running login integration tests"
+	docker compose --file $(LOGIN_DIR)apps/login-test-integration/docker-compose.yaml run --rm integration
+
+login_test_integration_cleanup:
+	@echo "Cleaning up login integration test environment"
+	docker compose --file $(LOGIN_DIR)apps/login-test-integration/docker-compose.yaml down --volumes
+
+login_test_integration: login_test_integration_build
+	$(LOGIN_DIR)scripts/run_or_skip.sh login_test_integration_run \
+	"$(LOGIN_TAG) \
+	$(LOGIN_CORE_MOCK_TAG) \
+	$(LOGIN_TEST_INTEGRATION_TAG)"
+
+login_test_acceptance_build_bake:
+	@echo "Building login test acceptance images as defined in the docker-bake.hcl"
+	$(LOGIN_BAKE_CLI_WITH_ARGS) login-test-acceptance login-standalone --load
+
+login_test_acceptance_build_compose:
+	@echo "Building login test acceptance images as defined in the docker-compose.yaml"
+	$(LOGIN_BAKE_CLI_WITH_ARGS) --load setup sink
+
+# login_test_acceptance_build is overwritten by the login_dev target in zitadel/zitadel/Makefile
+login_test_acceptance_build: login_test_acceptance_build_compose login_test_acceptance_build_bake
+
+login_test_acceptance_run: login_test_acceptance_cleanup
+	@echo "Running login test acceptance tests"
+	docker compose --file $(LOGIN_DIR)apps/login-test-acceptance/docker-compose.yaml --file $(LOGIN_DIR)apps/login-test-acceptance/docker-compose-ci.yaml run --rm --service-ports acceptance
+
+login_test_acceptance_cleanup:
+	@echo "Cleaning up login test acceptance environment"
+	docker compose --file $(LOGIN_DIR)apps/login-test-acceptance/docker-compose.yaml --file $(LOGIN_DIR)apps/login-test-acceptance/docker-compose-ci.yaml down --volumes
+
+login_test_acceptance: login_test_acceptance_build
+	$(LOGIN_DIR)scripts/run_or_skip.sh login_test_acceptance_run \
+		"$(LOGIN_TAG) \
+  		$(ZITADEL_TAG) \
+  		$(POSTGRES_TAG) \
+  		$(GOLANG_TAG) \
+  		$(LOGIN_TEST_ACCEPTANCE_TAG) \
+  		$(LOGIN_TEST_ACCEPTANCE_SETUP_TAG) \
+  		$(LOGIN_TEST_ACCEPTANCE_SINK_TAG)"
+
+login_test_acceptance_setup_env: login_test_acceptance_build_compose login_test_acceptance_cleanup
+	@echo "Setting up the login test acceptance environment and writing the env.test.local file"
+	docker compose --file $(LOGIN_DIR)apps/login-test-acceptance/docker-compose.yaml run setup
+
+login_test_acceptance_setup_dev:
+	@echo "Starting the login test acceptance environment with the local zitadel image"
+	docker compose --file $(LOGIN_DIR)apps/login-test-acceptance/docker-compose.yaml up --no-recreate zitadel traefik sink
+
+login_quality: login_lint login_test_unit login_test_integration
+	@echo "Running login quality checks: lint, unit tests, integration tests"
+
+login_standalone_build:
+	@echo "Building the login standalone docker image with tag: $(LOGIN_TAG)"
+	$(LOGIN_BAKE_CLI_WITH_ARGS) login-standalone --load
+
+login_standalone_out:
+	$(LOGIN_BAKE_CLI_WITH_ARGS) login-standalone-out
+
+typescript_generate:
+	@echo "Generating TypeScript client and writing to local $(LOGIN_DIR)packages/zitadel-proto"
+	$(LOGIN_BAKE_CLI_WITH_ARGS) login-typescript-proto-client-out
+
+clean_run_caches:
+	@echo "Removing cache directory: $(CACHE_DIR)"
+	rm -rf "$(CACHE_DIR)"
+
+show_run_caches:
+	@echo "Showing run caches with docker image ids and exit codes in $(CACHE_DIR):"
+	@find "$(CACHE_DIR)" -type f 2>/dev/null | while read file; do \
+		echo "$$file: $$(cat $$file)"; \
+	done
+
diff --git a/login/README.md b/login/README.md
new file mode 100644
index 0000000000..c3601e666b
--- /dev/null
+++ b/login/README.md
@@ -0,0 +1,264 @@
+# ZITADEL TypeScript with Turborepo
+
+This repository contains all TypeScript and JavaScript packages and applications you need to create your own ZITADEL
+Login UI.
+
+<img src="./apps/login/screenshots/collage.png" alt="collage of login screens" width="1600px" />
+
+[![npm package](https://img.shields.io/npm/v/@zitadel/proto.svg?style=for-the-badge&logo=npm&logoColor=white)](https://www.npmjs.com/package/@zitadel/proto)
+[![npm package](https://img.shields.io/npm/v/@zitadel/client.svg?style=for-the-badge&logo=npm&logoColor=white)](https://www.npmjs.com/package/@zitadel/client)
+
+**⚠️ This repo and packages are in beta state and subject to change ⚠️**
+
+The scope of functionality of this repo and packages is under active development.
+
+The `@zitadel/client` package is using [@connectrpc/connect](https://github.com/connectrpc/connect-es#readme).
+
+You can read the [contribution guide](/CONTRIBUTING.md) on how to contribute.
+Questions can be raised in our [Discord channel](https://discord.gg/erh5Brh7jE) or as
+a [GitHub issue](https://github.com/zitadel/typescript/issues).
+
+## Developing Your Own ZITADEL Login UI
+
+We think the easiest path of getting up and running, is the following:
+
+1. Fork and clone this repository
+1. [Run the ZITADEL Cloud login UI locally](#run-login-ui)
+1. Make changes to the code and see the effects live on your local machine
+1. Study the rest of this README.md and get familiar and comfortable with how everything works.
+1. Decide on a way of how you want to build and run your login UI.
+   You can reuse ZITADEL Clouds way.
+   But if you need more freedom, you can also import the packages you need into your self built application.
+
+## Included Apps And Packages
+
+- `login`: The login UI used by ZITADEL Cloud, powered by Next.js
+- `@zitadel/client`: shared client utilities for node and browser environments
+- `@zitadel/proto`: Protocol Buffers (proto) definitions used by ZITADEL projects
+- `@zitadel/tsconfig`: shared `tsconfig.json`s used throughout the monorepo
+- `@zitadel/eslint-config`: ESLint preset
+
+Each package and app is 100% [TypeScript](https://www.typescriptlang.org/).
+
+### Login
+
+The login is currently in a work in progress state.
+The goal is to implement a login UI, using the session API of ZITADEL, which also implements the OIDC Standard and is
+ready to use for everyone.
+
+In the first phase we want to have a MVP login ready with the OIDC Standard and a basic feature set. In a second step
+the features will be extended.
+
+This list should show the current implementation state, and also what is missing.
+You can already use the current state, and extend it with your needs.
+
+#### Features list
+
+- [x] Local User Registration (with Password)
+- [x] User Registration and Login with external Provider
+  - [x] Google
+  - [x] GitHub
+  - [x] GitHub Enterprise
+  - [x] GitLab
+  - [x] GitLab Enterprise
+  - [x] Azure
+  - [x] Apple
+  - [x] Generic OIDC
+  - [x] Generic OAuth
+  - [x] Generic JWT
+  - [x] LDAP
+  - [x] SAML SP
+- Multifactor Registration an Login
+  - [x] Passkeys
+  - [x] TOTP
+  - [x] OTP: Email Code
+  - [x] OTP: SMS Code
+- [x] Password Change/Reset
+- [x] Domain Discovery
+- [x] Branding
+- OIDC Standard
+
+  - [x] Authorization Code Flow with PKCE
+  - [x] AuthRequest `hintUserId`
+  - [x] AuthRequest `loginHint`
+  - [x] AuthRequest `prompt`
+    - [x] Login
+    - [x] Select Account
+    - [ ] Consent
+    - [x] Create
+  - Scopes
+    - [x] `openid email profile address``
+    - [x] `offline access`
+    - [x] `urn:zitadel:iam:org:idp:id:{idp_id}`
+    - [x] `urn:zitadel:iam:org:project:id:zitadel:aud`
+    - [x] `urn:zitadel:iam:org:id:{orgid}`
+    - [x] `urn:zitadel:iam:org:domain:primary:{domain}`
+  - [ ] AuthRequest UI locales
+
+  #### Flow diagram
+
+  This diagram shows the available pages and flows.
+
+  > Note that back navigation or retries are not displayed.
+
+```mermaid
+    flowchart TD
+    A[Start] --> register
+    A[Start] --> accounts
+    A[Start] --> loginname
+    loginname -- signInWithIDP --> idp-success
+    loginname -- signInWithIDP --> idp-failure
+    idp-success --> B[signedin]
+    loginname --> password
+    loginname -- hasPasskey --> passkey
+    loginname -- allowRegister --> register
+    passkey-add --passwordAllowed --> password
+    passkey -- hasPassword --> password
+    passkey --> B[signedin]
+    password -- hasMFA --> mfa
+    password -- allowPasskeys --> passkey-add
+    password -- reset --> password-set
+    email -- reset --> password-set
+    password-set --> B[signedin]
+    password-change --> B[signedin]
+    password -- userstate=initial --> password-change
+
+    mfa --> otp
+    otp --> B[signedin]
+    mfa--> u2f
+    u2f -->B[signedin]
+    register -- password/passkey --> B[signedin]
+    password --> B[signedin]
+    password-- forceMFA -->mfaset
+    mfaset --> u2fset
+    mfaset --> otpset
+    u2fset --> B[signedin]
+    otpset --> B[signedin]
+    accounts--> loginname
+    password -- not verified yet -->verify
+    register-- withpassword -->verify
+    passkey-- notVerified --> verify
+    verify --> B[signedin]
+```
+
+You can find a more detailed documentation of the different pages [here](./apps/login/readme.md).
+
+#### Custom translations
+
+The new login uses the [SettingsApi](https://zitadel.com/docs/apis/resources/settings_service_v2/settings-service-get-hosted-login-translation) to load custom translations.
+Translations can be overriden at both the instance and organization levels.
+To find the keys more easily, you can inspect the HTML and search for a `data-i18n-key` attribute, or look at the defaults in `/apps/login/locales/[locale].ts`.
+![Custom Translations](.github/custom-i18n.png)
+
+## Tooling
+
+- [TypeScript](https://www.typescriptlang.org/) for static type checking
+- [ESLint](https://eslint.org/) for code linting
+- [Prettier](https://prettier.io) for code formatting
+
+## Useful Commands
+
+- `make login-quality` - Check the quality of your code against a production build without installing any dependencies besides Docker
+- `pnpm generate` - Build proto stubs for the client package
+- `pnpm dev` - Develop all packages and the login app
+- `pnpm build` - Build all packages and the login app
+- `pnpm clean` - Clean up all `node_modules` and `dist` folders (runs each package's clean script)
+
+Learn more about developing the login UI in the [contribution guide](/CONTRIBUTING.md).
+
+## Versioning And Publishing Packages
+
+Package publishing has been configured using [Changesets](https://github.com/changesets/changesets).
+Here is their [documentation](https://github.com/changesets/changesets#documentation) for more information about the
+workflow.
+
+The [GitHub Action](https://github.com/changesets/action) needs an `NPM_TOKEN` and `GITHUB_TOKEN` in the repository
+settings. The [Changesets bot](https://github.com/apps/changeset-bot) should also be installed on the GitHub repository.
+
+Read the [changesets documentation](https://github.com/changesets/changesets/blob/main/docs/automating-changesets.md)
+for more information about this automation
+
+### Run Login UI
+
+To run the application make sure to install the dependencies with
+
+```sh
+pnpm install
+```
+
+then generate the GRPC stubs with
+
+```sh
+pnpm generate
+```
+
+To run the application against a local ZITADEL instance, run the following command:
+
+```sh
+pnpm run-zitadel
+```
+
+This sets up ZITADEL using docker compose and writes the configuration to the file `apps/login/.env.local`.
+
+<details>
+<summary>Alternatively, use another environment</summary>
+You can develop against any ZITADEL instance in which you have sufficient rights to execute the following steps.
+Just create or overwrite the file `apps/login/.env.local` yourself.
+Add your instances base URL to the file at the key `ZITADEL_API_URL`.
+Go to your instance and create a service user for the login application.
+The login application creates users on your primary organization and reads policy data.
+For the sake of simplicity, just make the service user an instance member with the role `IAM_OWNER`.
+Create a PAT and copy it to the file `apps/login/.env.local` using the key `ZITADEL_SERVICE_USER_TOKEN`.
+
+The file should look similar to this:
+
+```
+ZITADEL_API_URL=https://zitadel-tlx3du.us1.zitadel.cloud
+ZITADEL_SERVICE_USER_TOKEN=1S6w48thfWFI2klgfwkCnhXJLf9FQ457E-_3H74ePQxfO3Af0Tm4V5Xi-ji7urIl_xbn-Rk
+```
+
+</details>
+
+Start the login application in dev mode:
+
+```sh
+pnpm dev
+```
+
+Open the login application with your favorite browser at `localhost:3000`.
+Change the source code and see the changes live in your browser.
+
+Make sure the application still behaves as expected by running all tests
+
+```sh
+pnpm test
+```
+
+To satisfy your unique workflow requirements, check out the package.json in the root directory for more detailed scripts.
+
+### Run Login UI Acceptance tests
+
+To run the acceptance tests you need a running ZITADEL environment and a component which receives HTTP requests for the emails and sms's.
+This component should also be able to return the content of these notifications, as the codes and links are used in the login flows.
+There is a basic implementation in Golang available under [the sink package](./acceptance/sink).
+
+To setup ZITADEL with the additional Sink container for handling the notifications:
+
+```sh
+pnpm run-sink
+```
+
+Then you can start the acceptance tests with:
+
+```sh
+pnpm test:acceptance
+```
+
+### Deploy to Vercel
+
+To deploy your own version on Vercel, navigate to your instance and create a service user.
+Then create a personal access token (PAT), copy and set it as ZITADEL_SERVICE_USER_TOKEN, then navigate to your instance
+settings and make sure it gets IAM_OWNER permissions.
+Finally set your instance url as ZITADEL_API_URL. Make sure to set it without trailing slash.
+
+[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Fzitadel%2Ftypescript&env=ZITADEL_API_URL,ZITADEL_SERVICE_USER_TOKEN&root-directory=apps/login&envDescription=Setup%20a%20service%20account%20with%20IAM_LOGIN_CLIENT%20membership%20on%20your%20instance%20and%20provide%20its%20personal%20access%20token.&project-name=zitadel-login&repository-name=zitadel-login)
diff --git a/login/acceptance/docker-compose.yaml b/login/acceptance/docker-compose.yaml
new file mode 100644
index 0000000000..a68a435e83
--- /dev/null
+++ b/login/acceptance/docker-compose.yaml
@@ -0,0 +1,71 @@
+services:
+  zitadel:
+    user: "${ZITADEL_DEV_UID}"
+    image: "${ZITADEL_IMAGE:-ghcr.io/zitadel/zitadel:02617cf17fdde849378c1a6b5254bbfb2745b164}"
+    command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled --config /zitadel.yaml --steps /zitadel.yaml'
+    ports:
+      - "8080:8080"
+    volumes:
+      - ./pat:/pat
+      - ./zitadel.yaml:/zitadel.yaml
+    depends_on:
+      db:
+        condition: "service_healthy"
+    extra_hosts:
+      - "localhost:host-gateway"
+
+  db:
+    restart: "always"
+    image: postgres:17.0-alpine3.19
+    environment:
+      - POSTGRES_USER=zitadel
+      - PGUSER=zitadel
+      - POSTGRES_DB=zitadel
+      - POSTGRES_HOST_AUTH_METHOD=trust
+    command: postgres -c shared_preload_libraries=pg_stat_statements -c pg_stat_statements.track=all -c shared_buffers=1GB -c work_mem=16MB -c effective_io_concurrency=100 -c wal_level=minimal -c archive_mode=off -c max_wal_senders=0
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: "10s"
+      timeout: "30s"
+      retries: 5
+      start_period: "20s"
+    ports:
+      - 5432:5432
+
+  wait_for_zitadel:
+    image: curlimages/curl:8.00.1
+    command: /bin/sh -c "until curl -s -o /dev/null -i -f http://zitadel:8080/debug/ready; do echo 'waiting' && sleep 1; done; echo 'ready' && sleep 5;" || false
+    depends_on:
+      - zitadel
+
+  setup:
+    user: "${ZITADEL_DEV_UID}"
+    container_name: setup
+    image: acceptance-setup:latest
+    environment:
+      PAT_FILE: /pat/zitadel-admin-sa.pat
+      ZITADEL_API_INTERNAL_URL: http://zitadel:8080
+      WRITE_ENVIRONMENT_FILE: /apps/login/.env.local
+      WRITE_TEST_ENVIRONMENT_FILE: /acceptance/tests/.env.local
+      SINK_EMAIL_INTERNAL_URL: http://sink:3333/email
+      SINK_SMS_INTERNAL_URL: http://sink:3333/sms
+      SINK_NOTIFICATION_URL: http://localhost:3333/notification
+    volumes:
+      - "./pat:/pat"
+      - "../apps/login:/apps/login"
+      - "../acceptance/tests:/acceptance/tests"
+    depends_on:
+      wait_for_zitadel:
+        condition: "service_completed_successfully"
+
+  sink:
+    image: golang:1.24-alpine
+    container_name: sink
+    command: go run /sink/main.go -port '3333' -email '/email' -sms '/sms' -notification '/notification'
+    ports:
+      - 3333:3333
+    volumes:
+      - "./sink:/sink"
+    depends_on:
+      setup:
+        condition: "service_completed_successfully"
diff --git a/login/apps/login-test-acceptance/.gitignore b/login/apps/login-test-acceptance/.gitignore
new file mode 100644
index 0000000000..6a7425e885
--- /dev/null
+++ b/login/apps/login-test-acceptance/.gitignore
@@ -0,0 +1 @@
+go-command
diff --git a/login/apps/login-test-acceptance/docker-compose-ci.yaml b/login/apps/login-test-acceptance/docker-compose-ci.yaml
new file mode 100644
index 0000000000..7a531fcf42
--- /dev/null
+++ b/login/apps/login-test-acceptance/docker-compose-ci.yaml
@@ -0,0 +1,59 @@
+services:
+
+  zitadel:
+    environment:
+      ZITADEL_EXTERNALDOMAIN: traefik
+
+  traefik:
+    labels: !reset []
+
+  setup:
+    environment:
+      ZITADEL_API_DOMAIN: traefik
+      ZITADEL_API_URL: https://traefik
+      LOGIN_BASE_URL: https://traefik/ui/v2/login/
+      SINK_NOTIFICATION_URL: http://sink:3333/notification
+      ZITADEL_ADMIN_USER: zitadel-admin@zitadel.traefik
+
+  login:
+    image: "${LOGIN_TAG:-login:local}"
+    container_name: acceptance-login
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.login.rule=PathPrefix(`/ui/v2/login`)"
+    ports:
+      - "3000:3000"
+    environment:
+      - NODE_TLS_REJECT_UNAUTHORIZED=0
+    depends_on:
+      setup:
+        condition: service_completed_successfully
+
+  acceptance:
+    image: "${LOGIN_TEST_ACCEPTANCE_TAG:-login-test-acceptance:local}"
+    container_name: acceptance
+    environment:
+      - CI
+      - LOGIN_BASE_URL=https://traefik/ui/v2/login/
+      - NODE_TLS_REJECT_UNAUTHORIZED=0
+    volumes:
+      - ../login/.env.test.local:/build/apps/login/.env.test.local
+      - ./test-results:/build/apps/login-test-acceptance/test-results
+      - ./playwright-report:/build/apps/login-test-acceptance/playwright-report
+    ports:
+      - 9323:9323
+    ipc: "host"
+    init: true
+    depends_on:
+      login:
+        condition: "service_healthy"
+      sink:
+        condition: service_healthy
+#      oidcrp:
+#        condition: service_healthy
+#      oidcop:
+#        condition: service_healthy
+#      samlsp:
+#        condition: service_healthy
+#      samlidp:
+#        condition: service_healthy
diff --git a/login/apps/login-test-acceptance/docker-compose.yaml b/login/apps/login-test-acceptance/docker-compose.yaml
new file mode 100644
index 0000000000..cb0463fdc8
--- /dev/null
+++ b/login/apps/login-test-acceptance/docker-compose.yaml
@@ -0,0 +1,237 @@
+services:
+
+  zitadel:
+    user: "${UID:-1000}:${GID:-1000}"
+    image: "${ZITADEL_TAG:-ghcr.io/zitadel/zitadel:latest}"
+    container_name: acceptance-zitadel
+    command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --config /zitadel.yaml --steps /zitadel.yaml'
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.zitadel.rule=!PathPrefix(`/ui/v2/login`)"
+      #      - "traefik.http.middlewares.zitadel.headers.customrequestheaders.Host=localhost"
+#      - "traefik.http.routers.zitadel.middlewares=zitadel@docker"
+      - "traefik.http.services.zitadel-service.loadbalancer.server.scheme=h2c"
+    ports:
+      - "8080:8080"
+    volumes:
+      - ./pat:/pat
+      - ./zitadel.yaml:/zitadel.yaml
+    depends_on:
+      db:
+        condition: "service_healthy"
+
+  db:
+    restart: "always"
+    image: ${LOGIN_TEST_ACCEPTANCE_POSTGES_TAG:-postgres:17.0-alpine3.19}
+    container_name: acceptance-db
+    environment:
+      - POSTGRES_USER=zitadel
+      - PGUSER=zitadel
+      - POSTGRES_DB=zitadel
+      - POSTGRES_HOST_AUTH_METHOD=trust
+    command: postgres -c shared_preload_libraries=pg_stat_statements -c pg_stat_statements.track=all -c shared_buffers=1GB -c work_mem=16MB -c effective_io_concurrency=100 -c wal_level=minimal -c archive_mode=off -c max_wal_senders=0
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: "10s"
+      timeout: "30s"
+      retries: 5
+      start_period: "20s"
+    ports:
+      - "5432:5432"
+
+  wait-for-zitadel:
+    image: curlimages/curl:8.00.1
+    container_name: acceptance-wait-for-zitadel
+    command: /bin/sh -c "until curl -s -o /dev/null -i -f http://zitadel:8080/debug/ready; do echo 'waiting' && sleep 1; done; echo 'ready' && sleep 5;" || false
+    depends_on:
+      - zitadel
+
+  traefik:
+    image: "traefik:v3.4"
+    container_name: "acceptance-traefik"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.login.rule=PathPrefix(`/ui/v2/login`)"
+      - "traefik.http.services.login-service.loadbalancer.server.url=http://host.docker.internal:3000"
+    command:
+#      - "--log.level=DEBUG"
+      - "--ping"
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.websecure.http.tls=true"
+      - "--entryPoints.websecure.address=:443"
+    healthcheck:
+      test: ["CMD", "traefik", "healthcheck", "--ping"]
+      interval: "10s"
+      timeout: "30s"
+      retries: 5
+      start_period: "20s"
+    ports:
+      - "443:443"
+      - "8090:8080"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    extra_hosts:
+      - host.docker.internal:host-gateway
+
+  setup:
+    user: "${UID:-1000}:${GID:-1000}"
+    image: ${LOGIN_TEST_ACCEPTANCE_SETUP_TAG:-login-test-acceptance-setup:local}
+    container_name: acceptance-setup
+    restart: no
+    build:
+      context: "${LOGIN_TEST_ACCEPTANCE_BUILD_CONTEXT:-.}/setup"
+      dockerfile: ../go-command.Dockerfile
+    entrypoint: "./setup.sh"
+    environment:
+      PAT_FILE: /pat/zitadel-admin-sa.pat
+      ZITADEL_API_INTERNAL_URL: http://zitadel:8080
+      WRITE_ENVIRONMENT_FILE: /login-env/.env.test.local
+      SINK_EMAIL_INTERNAL_URL: http://sink:3333/email
+      SINK_SMS_INTERNAL_URL: http://sink:3333/sms
+      SINK_NOTIFICATION_URL: http://localhost:3333/notification
+      LOGIN_BASE_URL: https://127.0.0.1.sslip.io/ui/v2/login/
+      ZITADEL_API_URL: https://127.0.0.1.sslip.io
+      ZITADEL_API_DOMAIN: 127.0.0.1.sslip.io
+      ZITADEL_ADMIN_USER: zitadel-admin@zitadel.127.0.0.1.sslip.io
+    volumes:
+      - ./pat:/pat # Read the PAT file from zitadels setup
+      - ../login:/login-env # Write the environment variables file for the login
+    depends_on:
+      traefik:
+        condition: "service_healthy"
+      wait-for-zitadel:
+        condition: "service_completed_successfully"
+
+  sink:
+    image: ${LOGIN_TEST_ACCEPTANCE_SINK_TAG:-login-test-acceptance-sink:local}
+    container_name: acceptance-sink
+    build:
+      context: "${LOGIN_TEST_ACCEPTANCE_BUILD_CONTEXT:-.}/sink"
+      dockerfile: ../go-command.Dockerfile
+      args:
+        - LOGIN_TEST_ACCEPTANCE_GOLANG_TAG=${LOGIN_TEST_ACCEPTANCE_GOLANG_TAG:-golang:1.24-alpine}
+    environment:
+      PORT: '3333'
+    command:
+      - -port
+      - '3333'
+      - -email
+      - '/email'
+      - -sms
+      - '/sms'
+      - -notification
+      - '/notification'
+    ports:
+      - "3333:3333"
+    depends_on:
+      setup:
+        condition: "service_completed_successfully"
+
+  oidcrp:
+    user: "${UID:-1000}:${GID:-1000}"
+    image: ${LOGIN_TEST_ACCEPTANCE_OIDCRP_TAG:-login-test-acceptance-oidcrp:local}
+    container_name: acceptance-oidcrp
+    build:
+      context: "${LOGIN_TEST_ACCEPTANCE_BUILD_CONTEXT:-.}/oidcrp"
+      dockerfile: ../go-command.Dockerfile
+      args:
+        - LOGIN_TEST_ACCEPTANCE_GOLANG_TAG=${LOGIN_TEST_ACCEPTANCE_GOLANG_TAG:-golang:1.24-alpine}
+    environment:
+      API_URL: 'http://traefik'
+      API_DOMAIN: 'traefik'
+      PAT_FILE: '/pat/zitadel-admin-sa.pat'
+      LOGIN_URL: 'https://traefik/ui/v2/login'
+      ISSUER: 'https://traefik'
+      HOST: 'traefik'
+      PORT: '8000'
+      SCOPES: 'openid profile email'
+    ports:
+      - "8000:8000"
+    volumes:
+      - "./pat:/pat"
+    depends_on:
+      traefik:
+        condition: "service_healthy"
+      setup:
+        condition: "service_completed_successfully"
+
+  oidcop:
+    user: "${UID:-1000}:${GID:-1000}"
+    image: ${LOGIN_TEST_ACCEPTANCE_OIDCOP_TAG:-login-test-acceptance-oidcop:local}
+    container_name: acceptance-oidcop
+    build:
+      context: "${LOGIN_TEST_ACCEPTANCE_BUILD_CONTEXT:-.}/idp/oidc"
+      dockerfile: ../../go-command.Dockerfile
+      args:
+        - LOGIN_TEST_ACCEPTANCE_GOLANG_TAG=${LOGIN_TEST_ACCEPTANCE_GOLANG_TAG:-golang:1.24-alpine}
+    environment:
+      API_URL: 'http://traefik'
+      API_DOMAIN: 'traefik'
+      PAT_FILE: '/pat/zitadel-admin-sa.pat'
+      SCHEMA: 'https'
+      HOST: 'traefik'
+      PORT: "8004"
+    ports:
+      - 8004:8004
+    volumes:
+      - "./pat:/pat"
+    depends_on:
+      traefik:
+        condition: "service_healthy"
+      setup:
+        condition: "service_completed_successfully"
+
+  samlsp:
+    user: "${UID:-1000}:${GID:-1000}"
+    image: "${LOGIN_TEST_ACCEPTANCE_SAMLSP_TAG:-login-test-acceptance-samlsp:local}"
+    container_name: acceptance-samlsp
+    build:
+      context: "${LOGIN_TEST_ACCEPTANCE_BUILD_CONTEXT:-.}/samlsp"
+      dockerfile: ../go-command.Dockerfile
+      args:
+        - LOGIN_TEST_ACCEPTANCE_GOLANG_TAG=${LOGIN_TEST_ACCEPTANCE_GOLANG_TAG:-golang:1.24-alpine}
+    environment:
+      API_URL: 'http://traefik'
+      API_DOMAIN: 'traefik'
+      PAT_FILE: '/pat/zitadel-admin-sa.pat'
+      LOGIN_URL: 'https://traefik/ui/v2/login'
+      IDP_URL: 'http://zitadel:8080/saml/v2/metadata'
+      HOST: 'https://traefik'
+      PORT: '8001'
+    ports:
+      - 8001:8001
+    volumes:
+      - "./pat:/pat"
+    depends_on:
+      traefik:
+        condition: "service_healthy"
+      setup:
+        condition: "service_completed_successfully"
+
+  samlidp:
+    user: "${UID:-1000}:${GID:-1000}"
+    image: "${LOGIN_TEST_ACCEPTANCE_SAMLIDP_TAG:-login-test-acceptance-samlidp:local}"
+    container_name: acceptance-samlidp
+    build:
+      context: "${LOGIN_TEST_ACCEPTANCE_BUILD_CONTEXT:-.}/idp/saml"
+      dockerfile: ../../go-command.Dockerfile
+      args:
+        - LOGIN_TEST_ACCEPTANCE_GOLANG_TAG=${LOGIN_TEST_ACCEPTANCE_GOLANG_TAG:-golang:1.24-alpine}
+    environment:
+      API_URL: 'http://traefik:8080'
+      API_DOMAIN: 'traefik'
+      PAT_FILE: '/pat/zitadel-admin-sa.pat'
+      SCHEMA: 'https'
+      HOST: 'traefik'
+      PORT: "8003"
+    ports:
+      - 8003:8003
+    volumes:
+      - "./pat:/pat"
+    depends_on:
+      traefik:
+        condition: "service_healthy"
+      setup:
+        condition: "service_completed_successfully"
diff --git a/login/apps/login-test-acceptance/go-command.Dockerfile b/login/apps/login-test-acceptance/go-command.Dockerfile
new file mode 100644
index 0000000000..fafebd6f4d
--- /dev/null
+++ b/login/apps/login-test-acceptance/go-command.Dockerfile
@@ -0,0 +1,11 @@
+ARG LOGIN_TEST_ACCEPTANCE_GOLANG_TAG="golang:1.24-alpine"
+
+FROM ${LOGIN_TEST_ACCEPTANCE_GOLANG_TAG}
+RUN apk add curl jq
+COPY go.mod go.sum ./
+RUN go mod download
+COPY . .
+RUN go build -o /go-command .
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s \
+  CMD curl -f http://localhost:${PORT}/healthy || exit 1
+ENTRYPOINT [ "/go-command" ]
diff --git a/login/apps/login-test-acceptance/idp/oidc/go.mod b/login/apps/login-test-acceptance/idp/oidc/go.mod
new file mode 100644
index 0000000000..84dae766c8
--- /dev/null
+++ b/login/apps/login-test-acceptance/idp/oidc/go.mod
@@ -0,0 +1,28 @@
+module github.com/zitadel/typescript/acceptance/idp/oidc
+
+go 1.24.1
+
+require github.com/zitadel/oidc/v3 v3.37.0
+
+require (
+	github.com/bmatcuk/doublestar/v4 v4.8.1 // indirect
+	github.com/go-chi/chi/v5 v5.2.1 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
+	github.com/muhlemmer/gu v0.3.1 // indirect
+	github.com/muhlemmer/httpforwarded v0.1.0 // indirect
+	github.com/rs/cors v1.11.1 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/zitadel/logging v0.6.2 // indirect
+	github.com/zitadel/schema v1.3.1 // indirect
+	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/trace v1.29.0 // indirect
+	golang.org/x/crypto v0.35.0 // indirect
+	golang.org/x/oauth2 v0.28.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
+)
diff --git a/login/apps/login-test-acceptance/idp/oidc/go.sum b/login/apps/login-test-acceptance/idp/oidc/go.sum
new file mode 100644
index 0000000000..42d80d8683
--- /dev/null
+++ b/login/apps/login-test-acceptance/idp/oidc/go.sum
@@ -0,0 +1,71 @@
+github.com/bmatcuk/doublestar/v4 v4.8.1 h1:54Bopc5c2cAvhLRAzqOGCYHYyhcDHsFF4wWIR5wKP38=
+github.com/bmatcuk/doublestar/v4 v4.8.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
+github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
+github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/muhlemmer/gu v0.3.1 h1:7EAqmFrW7n3hETvuAdmFmn4hS8W+z3LgKtrnow+YzNM=
+github.com/muhlemmer/gu v0.3.1/go.mod h1:YHtHR+gxM+bKEIIs7Hmi9sPT3ZDUvTN/i88wQpZkrdM=
+github.com/muhlemmer/httpforwarded v0.1.0 h1:x4DLrzXdliq8mprgUMR0olDvHGkou5BJsK/vWUetyzY=
+github.com/muhlemmer/httpforwarded v0.1.0/go.mod h1:yo9czKedo2pdZhoXe+yDkGVbU0TJ0q9oQ90BVoDEtw0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
+github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/zitadel/logging v0.6.2 h1:MW2kDDR0ieQynPZ0KIZPrh9ote2WkxfBif5QoARDQcU=
+github.com/zitadel/logging v0.6.2/go.mod h1:z6VWLWUkJpnNVDSLzrPSQSQyttysKZ6bCRongw0ROK4=
+github.com/zitadel/oidc/v3 v3.37.0 h1:nYATWlnP7f18XiAbw6upUruBaqfB1kUrXrSTf1EYGO8=
+github.com/zitadel/oidc/v3 v3.37.0/go.mod h1:/xDan4OUQhguJ4Ur73OOJrtugvR164OMnidXP9xfVNw=
+github.com/zitadel/schema v1.3.1 h1:QT3kwiRIRXXLVAs6gCK/u044WmUVh6IlbLXUsn6yRQU=
+github.com/zitadel/schema v1.3.1/go.mod h1:071u7D2LQacy1HAN+YnMd/mx1qVE2isb0Mjeqg46xnU=
+go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw=
+go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8=
+go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc=
+go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8=
+go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4=
+go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
+golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
+golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/login/apps/login-test-acceptance/idp/oidc/main.go b/login/apps/login-test-acceptance/idp/oidc/main.go
new file mode 100644
index 0000000000..b04ac94234
--- /dev/null
+++ b/login/apps/login-test-acceptance/idp/oidc/main.go
@@ -0,0 +1,186 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"log/slog"
+	"net/http"
+	"os"
+	"os/signal"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/zitadel/oidc/v3/example/server/exampleop"
+	"github.com/zitadel/oidc/v3/example/server/storage"
+)
+
+func main() {
+	apiURL := os.Getenv("API_URL")
+	pat := readPAT(os.Getenv("PAT_FILE"))
+	domain := os.Getenv("API_DOMAIN")
+	schema := os.Getenv("SCHEMA")
+	host := os.Getenv("HOST")
+	port := os.Getenv("PORT")
+
+	logger := slog.New(
+		slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
+			AddSource: true,
+			Level:     slog.LevelDebug,
+		}),
+	)
+
+	issuer := fmt.Sprintf("%s://%s:%s/", schema, host, port)
+	redirectURI := fmt.Sprintf("%s/idps/callback", apiURL)
+
+	clientID := "web"
+	clientSecret := "secret"
+	storage.RegisterClients(
+		storage.WebClient(clientID, clientSecret, redirectURI),
+	)
+
+	storage := storage.NewStorage(storage.NewUserStore(issuer))
+	router := exampleop.SetupServer(issuer, storage, logger, false)
+
+	server := &http.Server{
+		Addr:    ":" + port,
+		Handler: router,
+	}
+	go func() {
+		if err := server.ListenAndServe(); !errors.Is(err, http.ErrServerClosed) {
+			log.Fatalf("HTTP server error: %v", err)
+		}
+		log.Println("Stopped serving new connections.")
+	}()
+
+	createZitadelResources(apiURL, pat, domain, issuer, clientID, clientSecret)
+
+	sigChan := make(chan os.Signal, 1)
+	signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
+	<-sigChan
+
+	shutdownCtx, shutdownRelease := context.WithTimeout(context.Background(), 10*time.Second)
+	defer shutdownRelease()
+
+	if err := server.Shutdown(shutdownCtx); err != nil {
+		log.Fatalf("HTTP shutdown error: %v", err)
+	}
+}
+
+func readPAT(path string) string {
+	f, err := os.Open(path)
+	if err != nil {
+		panic(err)
+	}
+	pat, err := io.ReadAll(f)
+	if err != nil {
+		panic(err)
+	}
+	return strings.Trim(string(pat), "\n")
+}
+
+func createZitadelResources(apiURL, pat, domain, issuer, clientID, clientSecret string) error {
+	idpID, err := CreateIDP(apiURL, pat, domain, issuer, clientID, clientSecret)
+	if err != nil {
+		return err
+	}
+	return ActivateIDP(apiURL, pat, domain, idpID)
+}
+
+type createIDP struct {
+	Name             string          `json:"name"`
+	Issuer           string          `json:"issuer"`
+	ClientId         string          `json:"clientId"`
+	ClientSecret     string          `json:"clientSecret"`
+	Scopes           []string        `json:"scopes"`
+	ProviderOptions  providerOptions `json:"providerOptions"`
+	IsIdTokenMapping bool            `json:"isIdTokenMapping"`
+	UsePkce          bool            `json:"usePkce"`
+}
+
+type providerOptions struct {
+	IsLinkingAllowed  bool   `json:"isLinkingAllowed"`
+	IsCreationAllowed bool   `json:"isCreationAllowed"`
+	IsAutoCreation    bool   `json:"isAutoCreation"`
+	IsAutoUpdate      bool   `json:"isAutoUpdate"`
+	AutoLinking       string `json:"autoLinking"`
+}
+
+type idp struct {
+	ID string `json:"id"`
+}
+
+func CreateIDP(apiURL, pat, domain string, issuer, clientID, clientSecret string) (string, error) {
+	createIDP := &createIDP{
+		Name:         "OIDC",
+		Issuer:       issuer,
+		ClientId:     clientID,
+		ClientSecret: clientSecret,
+		Scopes:       []string{"openid", "profile", "email"},
+		ProviderOptions: providerOptions{
+			IsLinkingAllowed:  true,
+			IsCreationAllowed: true,
+			IsAutoCreation:    true,
+			IsAutoUpdate:      true,
+			AutoLinking:       "AUTO_LINKING_OPTION_USERNAME",
+		},
+		IsIdTokenMapping: false,
+		UsePkce:          false,
+	}
+
+	resp, err := doRequestWithHeaders(apiURL+"/admin/v1/idps/generic_oidc", pat, domain, createIDP)
+	if err != nil {
+		return "", err
+	}
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	idp := new(idp)
+	if err := json.Unmarshal(data, idp); err != nil {
+		return "", err
+	}
+	return idp.ID, nil
+}
+
+type activateIDP struct {
+	IdpId string `json:"idpId"`
+}
+
+func ActivateIDP(apiURL, pat, domain string, idpID string) error {
+	activateIDP := &activateIDP{
+		IdpId: idpID,
+	}
+	_, err := doRequestWithHeaders(apiURL+"/admin/v1/policies/login/idps", pat, domain, activateIDP)
+	return err
+}
+
+func doRequestWithHeaders(apiURL, pat, domain string, body any) (*http.Response, error) {
+	data, err := json.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest(http.MethodPost, apiURL, io.NopCloser(bytes.NewReader(data)))
+	if err != nil {
+		return nil, err
+	}
+	values := http.Header{}
+	values.Add("Authorization", "Bearer "+pat)
+	values.Add("x-forwarded-host", domain)
+	values.Add("Content-Type", "application/json")
+	req.Header = values
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
diff --git a/login/apps/login-test-acceptance/idp/saml/go.mod b/login/apps/login-test-acceptance/idp/saml/go.mod
new file mode 100644
index 0000000000..e73b4feb3b
--- /dev/null
+++ b/login/apps/login-test-acceptance/idp/saml/go.mod
@@ -0,0 +1,16 @@
+module github.com/zitadel/typescript/acceptance/idp/saml
+
+go 1.24.1
+
+require (
+	github.com/crewjam/saml v0.4.14
+	github.com/mattermost/xml-roundtrip-validator v0.1.0
+	github.com/zenazn/goji v1.0.1
+	golang.org/x/crypto v0.36.0
+)
+
+require (
+	github.com/beevik/etree v1.1.0 // indirect
+	github.com/jonboulle/clockwork v0.2.2 // indirect
+	github.com/russellhaering/goxmldsig v1.3.0 // indirect
+)
diff --git a/login/apps/login-test-acceptance/idp/saml/go.sum b/login/apps/login-test-acceptance/idp/saml/go.sum
new file mode 100644
index 0000000000..1208550f6e
--- /dev/null
+++ b/login/apps/login-test-acceptance/idp/saml/go.sum
@@ -0,0 +1,49 @@
+github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
+github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
+github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU=
+github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
+github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU=
+github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/russellhaering/goxmldsig v1.3.0 h1:DllIWUgMy0cRUMfGiASiYEa35nsieyD3cigIwLonTPM=
+github.com/russellhaering/goxmldsig v1.3.0/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/zenazn/goji v1.0.1 h1:4lbD8Mx2h7IvloP7r2C0D6ltZP6Ufip8Hn0wmSK5LR8=
+github.com/zenazn/goji v1.0.1/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
diff --git a/login/apps/login-test-acceptance/idp/saml/main.go b/login/apps/login-test-acceptance/idp/saml/main.go
new file mode 100644
index 0000000000..059eab79e2
--- /dev/null
+++ b/login/apps/login-test-acceptance/idp/saml/main.go
@@ -0,0 +1,328 @@
+package main
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"encoding/pem"
+	"encoding/xml"
+	"errors"
+	"io"
+	"log"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"os/signal"
+	"strings"
+	"syscall"
+
+	"github.com/crewjam/saml"
+	"github.com/crewjam/saml/logger"
+	"github.com/crewjam/saml/samlidp"
+	xrv "github.com/mattermost/xml-roundtrip-validator"
+	"github.com/zenazn/goji"
+	"github.com/zenazn/goji/bind"
+	"github.com/zenazn/goji/web"
+	"golang.org/x/crypto/bcrypt"
+)
+
+var key = func() crypto.PrivateKey {
+	b, _ := pem.Decode([]byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA0OhbMuizgtbFOfwbK7aURuXhZx6VRuAs3nNibiuifwCGz6u9
+yy7bOR0P+zqN0YkjxaokqFgra7rXKCdeABmoLqCC0U+cGmLNwPOOA0PaD5q5xKhQ
+4Me3rt/R9C4Ca6k3/OnkxnKwnogcsmdgs2l8liT3qVHP04Oc7Uymq2v09bGb6nPu
+fOrkXS9F6mSClxHG/q59AGOWsXK1xzIRV1eu8W2SNdyeFVU1JHiQe444xLoPul5t
+InWasKayFsPlJfWNc8EoU8COjNhfo/GovFTHVjh9oUR/gwEFVwifIHihRE0Hazn2
+EQSLaOr2LM0TsRsQroFjmwSGgI+X2bfbMTqWOQIDAQABAoIBAFWZwDTeESBdrLcT
+zHZe++cJLxE4AObn2LrWANEv5AeySYsyzjRBYObIN9IzrgTb8uJ900N/zVr5VkxH
+xUa5PKbOcowd2NMfBTw5EEnaNbILLm+coHdanrNzVu59I9TFpAFoPavrNt/e2hNo
+NMGPSdOkFi81LLl4xoadz/WR6O/7N2famM+0u7C2uBe+TrVwHyuqboYoidJDhO8M
+w4WlY9QgAUhkPyzZqrl+VfF1aDTGVf4LJgaVevfFCas8Ws6DQX5q4QdIoV6/0vXi
+B1M+aTnWjHuiIzjBMWhcYW2+I5zfwNWRXaxdlrYXRukGSdnyO+DH/FhHePJgmlkj
+NInADDkCgYEA6MEQFOFSCc/ELXYWgStsrtIlJUcsLdLBsy1ocyQa2lkVUw58TouW
+RciE6TjW9rp31pfQUnO2l6zOUC6LT9Jvlb9PSsyW+rvjtKB5PjJI6W0hjX41wEO6
+fshFELMJd9W+Ezao2AsP2hZJ8McCF8no9e00+G4xTAyxHsNI2AFTCQcCgYEA5cWZ
+JwNb4t7YeEajPt9xuYNUOQpjvQn1aGOV7KcwTx5ELP/Hzi723BxHs7GSdrLkkDmi
+Gpb+mfL4wxCt0fK0i8GFQsRn5eusyq9hLqP/bmjpHoXe/1uajFbE1fZQR+2LX05N
+3ATlKaH2hdfCJedFa4wf43+cl6Yhp6ZA0Yet1r8CgYEAwiu1j8W9G+RRA5/8/DtO
+yrUTOfsbFws4fpLGDTA0mq0whf6Soy/96C90+d9qLaC3srUpnG9eB0CpSOjbXXbv
+kdxseLkexwOR3bD2FHX8r4dUM2bzznZyEaxfOaQypN8SV5ME3l60Fbr8ajqLO288
+wlTmGM5Mn+YCqOg/T7wjGmcCgYBpzNfdl/VafOROVbBbhgXWtzsz3K3aYNiIjbp+
+MunStIwN8GUvcn6nEbqOaoiXcX4/TtpuxfJMLw4OvAJdtxUdeSmEee2heCijV6g3
+ErrOOy6EqH3rNWHvlxChuP50cFQJuYOueO6QggyCyruSOnDDuc0BM0SGq6+5g5s7
+H++S/wKBgQDIkqBtFr9UEf8d6JpkxS0RXDlhSMjkXmkQeKGFzdoJcYVFIwq8jTNB
+nJrVIGs3GcBkqGic+i7rTO1YPkquv4dUuiIn+vKZVoO6b54f+oPBXd4S0BnuEqFE
+rdKNuCZhiaE2XD9L/O9KP1fh5bfEcKwazQ23EvpJHBMm8BGC+/YZNw==
+-----END RSA PRIVATE KEY-----`))
+	k, _ := x509.ParsePKCS1PrivateKey(b.Bytes)
+	return k
+}()
+
+var cert = func() *x509.Certificate {
+	b, _ := pem.Decode([]byte(`-----BEGIN CERTIFICATE-----
+MIIDBzCCAe+gAwIBAgIJAPr/Mrlc8EGhMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
+BAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNTEyMjgxOTE5NDVaFw0yNTEyMjUxOTE5
+NDVaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBANDoWzLos4LWxTn8Gyu2lEbl4WcelUbgLN5zYm4ron8A
+hs+rvcsu2zkdD/s6jdGJI8WqJKhYK2u61ygnXgAZqC6ggtFPnBpizcDzjgND2g+a
+ucSoUODHt67f0fQuAmupN/zp5MZysJ6IHLJnYLNpfJYk96lRz9ODnO1Mpqtr9PWx
+m+pz7nzq5F0vRepkgpcRxv6ufQBjlrFytccyEVdXrvFtkjXcnhVVNSR4kHuOOMS6
+D7pebSJ1mrCmshbD5SX1jXPBKFPAjozYX6PxqLxUx1Y4faFEf4MBBVcInyB4oURN
+B2s59hEEi2jq9izNE7EbEK6BY5sEhoCPl9m32zE6ljkCAwEAAaNQME4wHQYDVR0O
+BBYEFB9ZklC1Ork2zl56zg08ei7ss/+iMB8GA1UdIwQYMBaAFB9ZklC1Ork2zl56
+zg08ei7ss/+iMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAVoTSQ5
+pAirw8OR9FZ1bRSuTDhY9uxzl/OL7lUmsv2cMNeCB3BRZqm3mFt+cwN8GsH6f3uv
+NONIhgFpTGN5LEcXQz89zJEzB+qaHqmbFpHQl/sx2B8ezNgT/882H2IH00dXESEf
+y/+1gHg2pxjGnhRBN6el/gSaDiySIMKbilDrffuvxiCfbpPN0NRRiPJhd2ay9KuL
+/RxQRl1gl9cHaWiouWWba1bSBb2ZPhv2rPMUsFo98ntkGCObDX6Y1SpkqmoTbrsb
+GFsTG2DLxnvr4GdN1BSr0Uu/KV3adj47WkXVPeMYQti/bQmxQB8tRFhrw80qakTL
+UzreO96WzlBBMtY=
+-----END CERTIFICATE-----`))
+	c, _ := x509.ParseCertificate(b.Bytes)
+	return c
+}()
+
+// Example from https://github.com/crewjam/saml/blob/main/example/idp/idp.go
+func main() {
+	apiURL := os.Getenv("API_URL")
+	pat := readPAT(os.Getenv("PAT_FILE"))
+	domain := os.Getenv("API_DOMAIN")
+	schema := os.Getenv("SCHEMA")
+	host := os.Getenv("HOST")
+	port := os.Getenv("PORT")
+
+	baseURL, err := url.Parse(schema + "://" + host + ":" + port)
+	if err != nil {
+
+		panic(err)
+	}
+
+	idpServer, err := samlidp.New(samlidp.Options{
+		URL:         *baseURL,
+		Logger:      logger.DefaultLogger,
+		Key:         key,
+		Certificate: cert,
+		Store:       &samlidp.MemoryStore{},
+	})
+	if err != nil {
+
+		panic(err)
+	}
+
+	metadata, err := xml.MarshalIndent(idpServer.IDP.Metadata(), "", "  ")
+	if err != nil {
+		panic(err)
+	}
+	idpID, err := createZitadelResources(apiURL, pat, domain, metadata)
+	if err != nil {
+		panic(err)
+	}
+
+	lis := bind.Socket(":" + baseURL.Port())
+	goji.Handle("/*", idpServer)
+
+	go func() {
+		goji.ServeListener(lis)
+	}()
+
+	addService(idpServer, apiURL+"/idps/"+idpID+"/saml/metadata")
+	addUsers(idpServer)
+
+	sigChan := make(chan os.Signal, 1)
+	signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
+	<-sigChan
+
+	if err := lis.Close(); err != nil {
+		log.Fatalf("HTTP shutdown error: %v", err)
+	}
+}
+
+func readPAT(path string) string {
+	f, err := os.Open(path)
+	if err != nil {
+		panic(err)
+	}
+	pat, err := io.ReadAll(f)
+	if err != nil {
+		panic(err)
+	}
+	return strings.Trim(string(pat), "\n")
+}
+
+func addService(idpServer *samlidp.Server, spURLStr string) {
+	metadataResp, err := http.Get(spURLStr)
+	if err != nil {
+		panic(err)
+	}
+	defer metadataResp.Body.Close()
+
+	idpServer.HandlePutService(
+		web.C{URLParams: map[string]string{"id": spURLStr}},
+		httptest.NewRecorder(),
+		httptest.NewRequest(http.MethodPost, spURLStr, metadataResp.Body),
+	)
+}
+
+func getSPMetadata(r io.Reader) (spMetadata *saml.EntityDescriptor, err error) {
+	var data []byte
+	if data, err = io.ReadAll(r); err != nil {
+		return nil, err
+	}
+
+	spMetadata = &saml.EntityDescriptor{}
+	if err := xrv.Validate(bytes.NewBuffer(data)); err != nil {
+		return nil, err
+	}
+
+	if err := xml.Unmarshal(data, &spMetadata); err != nil {
+		if err.Error() == "expected element type <EntityDescriptor> but have <EntitiesDescriptor>" {
+			entities := &saml.EntitiesDescriptor{}
+			if err := xml.Unmarshal(data, &entities); err != nil {
+				return nil, err
+			}
+
+			for _, e := range entities.EntityDescriptors {
+				if len(e.SPSSODescriptors) > 0 {
+					return &e, nil
+				}
+			}
+
+			// there were no SPSSODescriptors in the response
+			return nil, errors.New("metadata contained no service provider metadata")
+		}
+
+		return nil, err
+	}
+
+	return spMetadata, nil
+}
+
+func addUsers(idpServer *samlidp.Server) {
+	hashedPassword, _ := bcrypt.GenerateFromPassword([]byte("hunter2"), bcrypt.DefaultCost)
+	err := idpServer.Store.Put("/users/alice", samlidp.User{Name: "alice",
+		HashedPassword: hashedPassword,
+		Groups:         []string{"Administrators", "Users"},
+		Email:          "alice@example.com",
+		CommonName:     "Alice Smith",
+		Surname:        "Smith",
+		GivenName:      "Alice",
+	})
+	if err != nil {
+		panic(err)
+	}
+
+	err = idpServer.Store.Put("/users/bob", samlidp.User{
+		Name:           "bob",
+		HashedPassword: hashedPassword,
+		Groups:         []string{"Users"},
+		Email:          "bob@example.com",
+		CommonName:     "Bob Smith",
+		Surname:        "Smith",
+		GivenName:      "Bob",
+	})
+	if err != nil {
+		panic(err)
+	}
+}
+
+func createZitadelResources(apiURL, pat, domain string, metadata []byte) (string, error) {
+	idpID, err := CreateIDP(apiURL, pat, domain, metadata)
+	if err != nil {
+		return "", err
+	}
+	return idpID, ActivateIDP(apiURL, pat, domain, idpID)
+}
+
+type createIDP struct {
+	Name              string          `json:"name"`
+	MetadataXml       string          `json:"metadataXml"`
+	Binding           string          `json:"binding"`
+	WithSignedRequest bool            `json:"withSignedRequest"`
+	ProviderOptions   providerOptions `json:"providerOptions"`
+	NameIdFormat      string          `json:"nameIdFormat"`
+}
+type providerOptions struct {
+	IsLinkingAllowed  bool   `json:"isLinkingAllowed"`
+	IsCreationAllowed bool   `json:"isCreationAllowed"`
+	IsAutoCreation    bool   `json:"isAutoCreation"`
+	IsAutoUpdate      bool   `json:"isAutoUpdate"`
+	AutoLinking       string `json:"autoLinking"`
+}
+
+type idp struct {
+	ID string `json:"id"`
+}
+
+func CreateIDP(apiURL, pat, domain string, idpMetadata []byte) (string, error) {
+	encoded := make([]byte, base64.URLEncoding.EncodedLen(len(idpMetadata)))
+	base64.URLEncoding.Encode(encoded, idpMetadata)
+
+	createIDP := &createIDP{
+		Name:              "CREWJAM",
+		MetadataXml:       string(encoded),
+		Binding:           "SAML_BINDING_REDIRECT",
+		WithSignedRequest: false,
+		ProviderOptions: providerOptions{
+			IsLinkingAllowed:  true,
+			IsCreationAllowed: true,
+			IsAutoCreation:    true,
+			IsAutoUpdate:      true,
+			AutoLinking:       "AUTO_LINKING_OPTION_USERNAME",
+		},
+		NameIdFormat: "SAML_NAME_ID_FORMAT_PERSISTENT",
+	}
+
+	resp, err := doRequestWithHeaders(apiURL+"/admin/v1/idps/saml", pat, domain, createIDP)
+	if err != nil {
+		return "", err
+	}
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	idp := new(idp)
+	if err := json.Unmarshal(data, idp); err != nil {
+		return "", err
+	}
+	return idp.ID, nil
+}
+
+type activateIDP struct {
+	IdpId string `json:"idpId"`
+}
+
+func ActivateIDP(apiURL, pat, domain string, idpID string) error {
+	activateIDP := &activateIDP{
+		IdpId: idpID,
+	}
+	_, err := doRequestWithHeaders(apiURL+"/admin/v1/policies/login/idps", pat, domain, activateIDP)
+	return err
+}
+
+func doRequestWithHeaders(apiURL, pat, domain string, body any) (*http.Response, error) {
+	data, err := json.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest(http.MethodPost, apiURL, io.NopCloser(bytes.NewReader(data)))
+	if err != nil {
+		return nil, err
+	}
+	values := http.Header{}
+	values.Add("Authorization", "Bearer "+pat)
+	values.Add("x-forwarded-host", domain)
+	values.Add("Content-Type", "application/json")
+	req.Header = values
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
diff --git a/login/apps/login-test-acceptance/oidcrp/go.mod b/login/apps/login-test-acceptance/oidcrp/go.mod
new file mode 100644
index 0000000000..f2cda3058e
--- /dev/null
+++ b/login/apps/login-test-acceptance/oidcrp/go.mod
@@ -0,0 +1,26 @@
+module github.com/zitadel/typescript/acceptance/oidc
+
+go 1.24.1
+
+require (
+	github.com/google/uuid v1.6.0
+	github.com/sirupsen/logrus v1.9.3
+	github.com/zitadel/logging v0.6.1
+	github.com/zitadel/oidc/v3 v3.36.1
+)
+
+require (
+	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
+	github.com/muhlemmer/gu v0.3.1 // indirect
+	github.com/zitadel/schema v1.3.0 // indirect
+	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/trace v1.29.0 // indirect
+	golang.org/x/crypto v0.35.0 // indirect
+	golang.org/x/oauth2 v0.28.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+)
diff --git a/login/apps/login-test-acceptance/oidcrp/go.sum b/login/apps/login-test-acceptance/oidcrp/go.sum
new file mode 100644
index 0000000000..33244ea6eb
--- /dev/null
+++ b/login/apps/login-test-acceptance/oidcrp/go.sum
@@ -0,0 +1,67 @@
+github.com/bmatcuk/doublestar/v4 v4.8.1 h1:54Bopc5c2cAvhLRAzqOGCYHYyhcDHsFF4wWIR5wKP38=
+github.com/bmatcuk/doublestar/v4 v4.8.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
+github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
+github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/jeremija/gosubmit v0.2.8 h1:mmSITBz9JxVtu8eqbN+zmmwX7Ij2RidQxhcwRVI4wqA=
+github.com/jeremija/gosubmit v0.2.8/go.mod h1:Ui+HS073lCFREXBbdfrJzMB57OI/bdxTiLtrDHHhFPI=
+github.com/muhlemmer/gu v0.3.1 h1:7EAqmFrW7n3hETvuAdmFmn4hS8W+z3LgKtrnow+YzNM=
+github.com/muhlemmer/gu v0.3.1/go.mod h1:YHtHR+gxM+bKEIIs7Hmi9sPT3ZDUvTN/i88wQpZkrdM=
+github.com/muhlemmer/httpforwarded v0.1.0 h1:x4DLrzXdliq8mprgUMR0olDvHGkou5BJsK/vWUetyzY=
+github.com/muhlemmer/httpforwarded v0.1.0/go.mod h1:yo9czKedo2pdZhoXe+yDkGVbU0TJ0q9oQ90BVoDEtw0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
+github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/zitadel/logging v0.6.1 h1:Vyzk1rl9Kq9RCevcpX6ujUaTYFX43aa4LkvV1TvUk+Y=
+github.com/zitadel/logging v0.6.1/go.mod h1:Y4CyAXHpl3Mig6JOszcV5Rqqsojj+3n7y2F591Mp/ow=
+github.com/zitadel/oidc/v3 v3.36.1 h1:1AT1NqKKEqAwx4GmKJZ9fYkWH2WIn/VKMfQ46nBtRf0=
+github.com/zitadel/oidc/v3 v3.36.1/go.mod h1:dApGZLvWZTHRuxmcbQlW5d2XVjVYR3vGOdq536igmTs=
+github.com/zitadel/schema v1.3.0 h1:kQ9W9tvIwZICCKWcMvCEweXET1OcOyGEuFbHs4o5kg0=
+github.com/zitadel/schema v1.3.0/go.mod h1:NptN6mkBDFvERUCvZHlvWmmME+gmZ44xzwRXwhzsbtc=
+go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw=
+go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8=
+go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc=
+go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8=
+go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4=
+go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
+golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/login/apps/login-test-acceptance/oidcrp/main.go b/login/apps/login-test-acceptance/oidcrp/main.go
new file mode 100644
index 0000000000..72ae5f57e9
--- /dev/null
+++ b/login/apps/login-test-acceptance/oidcrp/main.go
@@ -0,0 +1,322 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"crypto/tls"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"log/slog"
+	"net/http"
+	"os"
+	"os/signal"
+	"strings"
+	"sync/atomic"
+	"syscall"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/sirupsen/logrus"
+
+	"github.com/zitadel/logging"
+	"github.com/zitadel/oidc/v3/pkg/client/rp"
+	httphelper "github.com/zitadel/oidc/v3/pkg/http"
+	"github.com/zitadel/oidc/v3/pkg/oidc"
+)
+
+var (
+	callbackPath = "/auth/callback"
+	key          = []byte("test1234test1234")
+)
+
+func main() {
+	apiURL := os.Getenv("API_URL")
+	pat := readPAT(os.Getenv("PAT_FILE"))
+	domain := os.Getenv("API_DOMAIN")
+	loginURL := os.Getenv("LOGIN_URL")
+	issuer := os.Getenv("ISSUER")
+	port := os.Getenv("PORT")
+	scopeList := strings.Split(os.Getenv("SCOPES"), " ")
+
+	redirectURI := fmt.Sprintf("%s%s", issuer, callbackPath)
+	cookieHandler := httphelper.NewCookieHandler(key, key, httphelper.WithUnsecure())
+
+	clientID, clientSecret, err := createZitadelResources(apiURL, pat, domain, redirectURI, loginURL)
+	if err != nil {
+		panic(err)
+	}
+
+	logger := slog.New(
+		slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
+			AddSource: true,
+			Level:     slog.LevelDebug,
+		}),
+	)
+	client := &http.Client{
+		Timeout: time.Minute,
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: true,
+			},
+		},
+	}
+	// enable outgoing request logging
+	logging.EnableHTTPClient(client,
+		logging.WithClientGroup("client"),
+	)
+
+	options := []rp.Option{
+		rp.WithCookieHandler(cookieHandler),
+		rp.WithVerifierOpts(rp.WithIssuedAtOffset(5 * time.Second)),
+		rp.WithHTTPClient(client),
+		rp.WithLogger(logger),
+		rp.WithSigningAlgsFromDiscovery(),
+		rp.WithCustomDiscoveryUrl(issuer + "/.well-known/openid-configuration"),
+	}
+	if clientSecret == "" {
+		options = append(options, rp.WithPKCE(cookieHandler))
+	}
+
+	// One can add a logger to the context,
+	// pre-defining log attributes as required.
+	ctx := logging.ToContext(context.TODO(), logger)
+	provider, err := rp.NewRelyingPartyOIDC(ctx, issuer, clientID, clientSecret, redirectURI, scopeList, options...)
+	if err != nil {
+		logrus.Fatalf("error creating provider %s", err.Error())
+	}
+
+	// generate some state (representing the state of the user in your application,
+	// e.g. the page where he was before sending him to login
+	state := func() string {
+		return uuid.New().String()
+	}
+
+	urlOptions := []rp.URLParamOpt{
+		rp.WithPromptURLParam("Welcome back!"),
+	}
+
+	// register the AuthURLHandler at your preferred path.
+	// the AuthURLHandler creates the auth request and redirects the user to the auth server.
+	// including state handling with secure cookie and the possibility to use PKCE.
+	// Prompts can optionally be set to inform the server of
+	// any messages that need to be prompted back to the user.
+	http.Handle("/login", rp.AuthURLHandler(
+		state,
+		provider,
+		urlOptions...,
+	))
+
+	// for demonstration purposes the returned userinfo response is written as JSON object onto response
+	marshalUserinfo := func(w http.ResponseWriter, r *http.Request, tokens *oidc.Tokens[*oidc.IDTokenClaims], state string, rp rp.RelyingParty, info *oidc.UserInfo) {
+		fmt.Println("access token", tokens.AccessToken)
+		fmt.Println("refresh token", tokens.RefreshToken)
+		fmt.Println("id token", tokens.IDToken)
+
+		data, err := json.Marshal(info)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		w.Header().Set("content-type", "application/json")
+		w.Write(data)
+	}
+
+	// register the CodeExchangeHandler at the callbackPath
+	// the CodeExchangeHandler handles the auth response, creates the token request and calls the callback function
+	// with the returned tokens from the token endpoint
+	// in this example the callback function itself is wrapped by the UserinfoCallback which
+	// will call the Userinfo endpoint, check the sub and pass the info into the callback function
+	http.Handle(callbackPath, rp.CodeExchangeHandler(rp.UserinfoCallback(marshalUserinfo), provider))
+
+	// if you would use the callback without calling the userinfo endpoint, simply switch the callback handler for:
+	//
+	// http.Handle(callbackPath, rp.CodeExchangeHandler(marshalToken, provider))
+
+	// simple counter for request IDs
+	var counter atomic.Int64
+	// enable incomming request logging
+	mw := logging.Middleware(
+		logging.WithLogger(logger),
+		logging.WithGroup("server"),
+		logging.WithIDFunc(func() slog.Attr {
+			return slog.Int64("id", counter.Add(1))
+		}),
+	)
+
+	http.Handle("/healthy", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return }))
+	fmt.Println("/healthy returns 200 OK")
+
+	server := &http.Server{
+		Addr:    ":" + port,
+		Handler: mw(http.DefaultServeMux),
+	}
+	go func() {
+		if err := server.ListenAndServe(); !errors.Is(err, http.ErrServerClosed) {
+			log.Fatalf("HTTP server error: %v", err)
+		}
+		log.Println("Stopped serving new connections.")
+	}()
+
+	sigChan := make(chan os.Signal, 1)
+	signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
+	<-sigChan
+
+	shutdownCtx, shutdownRelease := context.WithTimeout(context.Background(), 10*time.Second)
+	defer shutdownRelease()
+
+	if err := server.Shutdown(shutdownCtx); err != nil {
+		log.Fatalf("HTTP shutdown error: %v", err)
+	}
+}
+
+func readPAT(path string) string {
+	f, err := os.Open(path)
+	if err != nil {
+		panic(err)
+	}
+	pat, err := io.ReadAll(f)
+	if err != nil {
+		panic(err)
+	}
+	return strings.Trim(string(pat), "\n")
+}
+
+func createZitadelResources(apiURL, pat, domain, redirectURI, loginURL string) (string, string, error) {
+	projectID, err := CreateProject(apiURL, pat, domain)
+	if err != nil {
+		return "", "", err
+	}
+	return CreateApp(apiURL, pat, domain, projectID, redirectURI, loginURL)
+}
+
+type project struct {
+	ID string `json:"id"`
+}
+type createProject struct {
+	Name                   string `json:"name"`
+	ProjectRoleAssertion   bool   `json:"projectRoleAssertion"`
+	ProjectRoleCheck       bool   `json:"projectRoleCheck"`
+	HasProjectCheck        bool   `json:"hasProjectCheck"`
+	PrivateLabelingSetting string `json:"privateLabelingSetting"`
+}
+
+func CreateProject(apiURL, pat, domain string) (string, error) {
+	createProject := &createProject{
+		Name:                   "OIDC",
+		ProjectRoleAssertion:   false,
+		ProjectRoleCheck:       false,
+		HasProjectCheck:        false,
+		PrivateLabelingSetting: "PRIVATE_LABELING_SETTING_UNSPECIFIED",
+	}
+	resp, err := doRequestWithHeaders(apiURL+"/management/v1/projects", pat, domain, createProject)
+	if err != nil {
+		return "", err
+	}
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	p := new(project)
+	if err := json.Unmarshal(data, p); err != nil {
+		return "", err
+	}
+	fmt.Printf("projectID: %+v\n", p.ID)
+	return p.ID, nil
+}
+
+type createApp struct {
+	Name                     string   `json:"name"`
+	RedirectUris             []string `json:"redirectUris"`
+	ResponseTypes            []string `json:"responseTypes"`
+	GrantTypes               []string `json:"grantTypes"`
+	AppType                  string   `json:"appType"`
+	AuthMethodType           string   `json:"authMethodType"`
+	PostLogoutRedirectUris   []string `json:"postLogoutRedirectUris"`
+	Version                  string   `json:"version"`
+	DevMode                  bool     `json:"devMode"`
+	AccessTokenType          string   `json:"accessTokenType"`
+	AccessTokenRoleAssertion bool     `json:"accessTokenRoleAssertion"`
+	IdTokenRoleAssertion     bool     `json:"idTokenRoleAssertion"`
+	IdTokenUserinfoAssertion bool     `json:"idTokenUserinfoAssertion"`
+	ClockSkew                string   `json:"clockSkew"`
+	AdditionalOrigins        []string `json:"additionalOrigins"`
+	SkipNativeAppSuccessPage bool     `json:"skipNativeAppSuccessPage"`
+	BackChannelLogoutUri     []string `json:"backChannelLogoutUri"`
+	LoginVersion             version  `json:"loginVersion"`
+}
+
+type version struct {
+	LoginV2 loginV2 `json:"loginV2"`
+}
+type loginV2 struct {
+	BaseUri string `json:"baseUri"`
+}
+
+type app struct {
+	ClientID     string `json:"clientId"`
+	ClientSecret string `json:"clientSecret"`
+}
+
+func CreateApp(apiURL, pat, domain, projectID string, redirectURI, loginURL string) (string, string, error) {
+	createApp := &createApp{
+		Name:                     "OIDC",
+		RedirectUris:             []string{redirectURI},
+		ResponseTypes:            []string{"OIDC_RESPONSE_TYPE_CODE"},
+		GrantTypes:               []string{"OIDC_GRANT_TYPE_AUTHORIZATION_CODE"},
+		AppType:                  "OIDC_APP_TYPE_WEB",
+		AuthMethodType:           "OIDC_AUTH_METHOD_TYPE_BASIC",
+		Version:                  "OIDC_VERSION_1_0",
+		DevMode:                  true,
+		AccessTokenType:          "OIDC_TOKEN_TYPE_BEARER",
+		AccessTokenRoleAssertion: true,
+		IdTokenRoleAssertion:     true,
+		IdTokenUserinfoAssertion: true,
+		ClockSkew:                "1s",
+		SkipNativeAppSuccessPage: true,
+		LoginVersion: version{
+			LoginV2: loginV2{
+				BaseUri: loginURL,
+			},
+		},
+	}
+
+	resp, err := doRequestWithHeaders(apiURL+"/management/v1/projects/"+projectID+"/apps/oidc", pat, domain, createApp)
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", "", err
+	}
+	defer resp.Body.Close()
+
+	a := new(app)
+	if err := json.Unmarshal(data, a); err != nil {
+		return "", "", err
+	}
+	return a.ClientID, a.ClientSecret, err
+}
+
+func doRequestWithHeaders(apiURL, pat, domain string, body any) (*http.Response, error) {
+	data, err := json.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+	req, err := http.NewRequest(http.MethodPost, apiURL, io.NopCloser(bytes.NewReader(data)))
+	if err != nil {
+		return nil, err
+	}
+	values := http.Header{}
+	values.Add("Authorization", "Bearer "+pat)
+	values.Add("x-forwarded-host", domain)
+	values.Add("Content-Type", "application/json")
+	req.Header = values
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
diff --git a/login/apps/login-test-acceptance/package.json b/login/apps/login-test-acceptance/package.json
new file mode 100644
index 0000000000..1fb83f0345
--- /dev/null
+++ b/login/apps/login-test-acceptance/package.json
@@ -0,0 +1,18 @@
+{
+  "name": "login-test-acceptance",
+  "private": true,
+  "scripts": {
+    "test:acceptance": "dotenv -e ../login/.env.test.local pnpm exec playwright",
+    "test:acceptance:setup": "cd ../.. && make login_test_acceptance_setup_env && NODE_ENV=test pnpm exec turbo run test:acceptance:setup:dev",
+    "test:acceptance:setup:dev": "cd ../.. && make login_test_acceptance_setup_dev"
+  },
+  "devDependencies": {
+    "@faker-js/faker": "^9.7.0",
+    "@otplib/core": "^12.0.0",
+    "@otplib/plugin-crypto": "^12.0.0",
+    "@otplib/plugin-thirty-two": "^12.0.0",
+    "@playwright/test": "^1.52.0",
+    "gaxios": "^7.1.0",
+    "typescript": "^5.8.3"
+  }
+}
diff --git a/login/apps/login-test-acceptance/pat/.gitignore b/login/apps/login-test-acceptance/pat/.gitignore
new file mode 100644
index 0000000000..377ccd3fdf
--- /dev/null
+++ b/login/apps/login-test-acceptance/pat/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitkeep
diff --git a/login/apps/login-test-acceptance/pat/.gitkeep b/login/apps/login-test-acceptance/pat/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/login/apps/login-test-acceptance/playwright-report/.gitignore b/login/apps/login-test-acceptance/playwright-report/.gitignore
new file mode 100644
index 0000000000..377ccd3fdf
--- /dev/null
+++ b/login/apps/login-test-acceptance/playwright-report/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitkeep
diff --git a/login/apps/login-test-acceptance/playwright-report/.gitkeep b/login/apps/login-test-acceptance/playwright-report/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/login/apps/login-test-acceptance/playwright.config.ts b/login/apps/login-test-acceptance/playwright.config.ts
new file mode 100644
index 0000000000..8025db3238
--- /dev/null
+++ b/login/apps/login-test-acceptance/playwright.config.ts
@@ -0,0 +1,78 @@
+import { defineConfig, devices } from "@playwright/test";
+import dotenv from "dotenv";
+import path from "path";
+
+dotenv.config({ path: path.resolve(__dirname, "../login/.env.test.local") });
+
+/**
+ * See https://playwright.dev/docs/test-configuration.
+ */
+export default defineConfig({
+  testDir: "./tests",
+  /* Run tests in files in parallel */
+  fullyParallel: true,
+  /* Fail the build on CI if you accidentally left test.only in the source code. */
+  forbidOnly: !!process.env.CI,
+  /* Retry on CI only */
+  retries: process.env.CI ? 2 : 0,
+  expect: {
+    timeout: 10_000, // 10 seconds
+  },
+  timeout: 300 * 1000, // 5 minutes
+  globalTimeout: 30 * 60_000, // 30 minutes
+  /* Reporter to use. See https://playwright.dev/docs/test-reporters */
+  reporter: [
+    ["line"],
+    ["html", { open: process.env.CI ? "never" : "on-failure", host: "0.0.0.0", outputFolder: "./playwright-report/html" }],
+  ],
+  /* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
+  use: {
+    /* Base URL to use in actions like `await page.goto('/')`. */
+    baseURL: process.env.LOGIN_BASE_URL || "http://127.0.0.1:3000",
+    trace: "retain-on-failure",
+    headless: true,
+    screenshot: "only-on-failure",
+    video: "retain-on-failure",
+    ignoreHTTPSErrors: true,
+  },
+  outputDir: "test-results/results",
+
+  /* Configure projects for major browsers */
+  projects: [
+    {
+      name: "chromium",
+      use: { ...devices["Desktop Chrome"] },
+    },
+    /*
+            {
+              name: "firefox",
+              use: { ...devices["Desktop Firefox"] },
+            },
+            TODO: webkit fails. Is this a bug?
+            {
+              name: 'webkit',
+              use: { ...devices['Desktop Safari'] },
+            },
+        */
+
+    /* Test against mobile viewports. */
+    // {
+    //   name: 'Mobile Chrome',
+    //   use: { ...devices['Pixel 5'] },
+    // },
+    // {
+    //   name: 'Mobile Safari',
+    //   use: { ...devices['iPhone 12'] },
+    // },
+
+    /* Test against branded browsers. */
+    // {
+    //   name: 'Microsoft Edge',
+    //   use: { ...devices['Desktop Edge'], channel: 'msedge' },
+    // },
+    // {
+    //   name: 'Google Chrome',
+    //   use: { ...devices['Desktop Chrome'], channel: 'chrome' },
+    // },
+  ],
+});
diff --git a/login/apps/login-test-acceptance/samlsp/go.mod b/login/apps/login-test-acceptance/samlsp/go.mod
new file mode 100644
index 0000000000..9986149bfb
--- /dev/null
+++ b/login/apps/login-test-acceptance/samlsp/go.mod
@@ -0,0 +1,18 @@
+module github.com/zitadel/typescript/acceptance/saml
+
+go 1.24.0
+
+require github.com/crewjam/saml v0.4.14
+
+require (
+	github.com/beevik/etree v1.5.0 // indirect
+	github.com/crewjam/httperr v0.2.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/jonboulle/clockwork v0.5.0 // indirect
+	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/russellhaering/goxmldsig v1.5.0 // indirect
+	github.com/stretchr/testify v1.10.0 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
+)
diff --git a/login/apps/login-test-acceptance/samlsp/go.sum b/login/apps/login-test-acceptance/samlsp/go.sum
new file mode 100644
index 0000000000..3394a39410
--- /dev/null
+++ b/login/apps/login-test-acceptance/samlsp/go.sum
@@ -0,0 +1,38 @@
+github.com/beevik/etree v1.5.0 h1:iaQZFSDS+3kYZiGoc9uKeOkUY3nYMXOKLl6KIJxiJWs=
+github.com/beevik/etree v1.5.0/go.mod h1:gPNJNaBGVZ9AwsidazFZyygnd+0pAU38N4D+WemwKNs=
+github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo=
+github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4=
+github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
+github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
+github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I=
+github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7XN3SzBPjZF60=
+github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU=
+github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/russellhaering/goxmldsig v1.5.0 h1:AU2UkkYIUOTyZRbe08XMThaOCelArgvNfYapcmSjBNw=
+github.com/russellhaering/goxmldsig v1.5.0/go.mod h1:x98CjQNFJcWfMxeOrMnMKg70lvDP6tE0nTaeUnjXDmk=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
diff --git a/login/apps/login-test-acceptance/samlsp/main.go b/login/apps/login-test-acceptance/samlsp/main.go
new file mode 100644
index 0000000000..9dcfd13796
--- /dev/null
+++ b/login/apps/login-test-acceptance/samlsp/main.go
@@ -0,0 +1,271 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"encoding/xml"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"net/url"
+	"os"
+	"os/signal"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/crewjam/saml/samlsp"
+)
+
+var keyPair = func() tls.Certificate {
+	cert := []byte(`-----BEGIN CERTIFICATE-----
+MIIDITCCAgmgAwIBAgIUKjAUmxsHO44X+/TKBNciPgNl1GEwDQYJKoZIhvcNAQEL
+BQAwIDEeMBwGA1UEAwwVbXlzZXJ2aWNlLmV4YW1wbGUuY29tMB4XDTI0MTIxOTEz
+Mzc1MVoXDTI1MTIxOTEzMzc1MVowIDEeMBwGA1UEAwwVbXlzZXJ2aWNlLmV4YW1w
+bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QYuJsayILRI
+hVT7G1DlitVSXnt1iw3gEXJZfe81Egz06fUbvXF6Yo1LJmwYpqe/rm+hf4FNUb8e
+2O+LH2FieA9FkVe4P2gKOzw87A/KxvpV8stgNgl4LlqRCokbc1AzeE/NiLr5TcTD
+RXm3DUcYxXxinprtDu2jftFysaOZmNAukvE/iL6qS3X6ggVEDDM7tY9n5FV2eJ4E
+p0ImKfypi2aZYROxOK+v5x9ryFRMl4y07lMDvmtcV45uXYmfGNCgG9PNf91Kk/mh
+JxEQbxycJwFoSi9XWljR8ahPdO11LXG7Dsj/RVbY8k2LdKNstl6Ae3aCpbe9u2Pj
+vxYs1bVJuQIDAQABo1MwUTAdBgNVHQ4EFgQU+mRVN5HYJWgnpopReaLhf2cMcoYw
+HwYDVR0jBBgwFoAU+mRVN5HYJWgnpopReaLhf2cMcoYwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEABJpHVuc9tGhD04infRVlofvqXIUizTlOrjZX
+vozW9pIhSWEHX8o+sJP8AMZLnrsdq+bm0HE0HvgYrw7Lb8pd4FpR46TkFHjeukoj
+izqfgckjIBl2nwPGlynbKA0/U/rTCSxVt7XiAn+lgYUGIpOzNdk06/hRMitrMNB7
+t2C97NseVC4b1ZgyFrozsefCfUmD8IJF0+XJ4Wzmsh0jRrI8koCtVmPYnKn6vw1b
+cZprg/97CWHYrsavd406wOB60CMtYl83Q16ucOF1dretDFqJC5kY+aFLvuqfag2+
+kIaoPV1MnGsxveQyyHdOsEatS5XOv/1OWcmnvePDPxcvb9jCcw==
+-----END CERTIFICATE-----
+`)
+	key := []byte(`-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRBi4mxrIgtEiF
+VPsbUOWK1VJee3WLDeARcll97zUSDPTp9Ru9cXpijUsmbBimp7+ub6F/gU1Rvx7Y
+74sfYWJ4D0WRV7g/aAo7PDzsD8rG+lXyy2A2CXguWpEKiRtzUDN4T82IuvlNxMNF
+ebcNRxjFfGKemu0O7aN+0XKxo5mY0C6S8T+IvqpLdfqCBUQMMzu1j2fkVXZ4ngSn
+QiYp/KmLZplhE7E4r6/nH2vIVEyXjLTuUwO+a1xXjm5diZ8Y0KAb081/3UqT+aEn
+ERBvHJwnAWhKL1daWNHxqE907XUtcbsOyP9FVtjyTYt0o2y2XoB7doKlt727Y+O/
+FizVtUm5AgMBAAECggEACak+l5f6Onj+u5vrjc4JyAaXW6ra6loSM9g8Uu3sHukW
+plwoA7Pzp0u20CAxrP1Gpqw984/hSCCcb0Q2ItWMWLaC/YZni5W2WFnOyo3pzlPa
+hmH4UNMT+ReCSfF/oW8w69QLcNEMjhfEu0i2iWBygIlA4SoRwC2Db6yEX7nLMwUB
+6AICid9hfeACNRz/nq5ytdcHdmcB7Ptgb9jLiXr6RZw26g5AsRPHU3LdcyZAOXjP
+aUHriHuHQFKAVkoEUxslvCB6ePCTCpB0bSAuzQbeGoY8fmvmNSCvJ1vrH5hiSUYp
+Axtl5iNgFl5o9obb0eBYlY9x3pMSz0twdbCwfR7HAQKBgQDtWhmFm0NaJALoY+tq
+lIIC0EOMSrcRIlgeXr6+g8womuDOMi5m/Nr5Mqt4mPOdP4HytrQb+a/ZmEm17KHh
+mQb1vwH8ffirCBHbPNC1vwSNoxDKv9E6OysWlKiOzxPFSVZr3dKl2EMX6qi17n0l
+LBrGXXaNPgYiHSmwBA5CZvvouQKBgQDhclGJfZfuoubQkUuz8yOA2uxalh/iUmQ/
+G8ac6/w7dmnL9pXehqCWh06SeC3ZvW7yrf7IIGx4sTJji2FzQ+8Ta6pPELMyBEXr
+1VirIFrlNVMlMQEbZcbzdzEhchM1RUpZJtl3b4amvH21UcRB69d9klcDRisKoFRm
+k0P9QLHpAQKBgQDh5J9nphZa4u0ViYtTW1XFIbs3+R/0IbCl7tww67TRbF3KQL4i
+7EHna88ALumkXf3qJvKRsXgoaqS0jSqgUAjst8ZHLQkOldaQxneIkezedDSWEisp
+9YgTrJYjnHefiyXB8VL63jE0wPOiewEF8Mzmv6sFz+L8cq7rQ2Di16qmmQKBgQDH
+bvCwVxkrMpJK2O2GH8U9fOzu6bUE6eviY/jb4mp8U7EdjGJhuuieoM2iBoxQ/SID
+rmYftYcfcWlo4+juJZ99p5W+YcCTs3IDQPUyVOnzr6uA0Avxp6RKxhsBQj+5tTUj
+Dpn77P3JzB7MYqvhwPcdD3LH46+5s8FWCFpx02RPAQKBgARbngtggfifatcsMC7n
+lSv/FVLH7LYQAHdoW/EH5Be7FeeP+eQvGXwh1dgl+u0VZO8FvI8RwFganpBRR2Nc
+ZSBRIb0fSUlTvIsckSWjpEvUJUomJXyi4PIZAfNvd9/u1uLInQiCDtObwb6hnLTU
+FHHEZ+dR4eMaJp6PhNm8hu2O
+-----END PRIVATE KEY-----
+`)
+
+	kp, err := tls.X509KeyPair(cert, key)
+	if err != nil {
+		panic(err)
+	}
+	kp.Leaf, err = x509.ParseCertificate(kp.Certificate[0])
+	if err != nil {
+		panic(err)
+	}
+	return kp
+}()
+
+func hello(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, "Hello, %s!", samlsp.AttributeFromContext(r.Context(), "UserName"))
+}
+
+func main() {
+	apiURL := os.Getenv("API_URL")
+	pat := readPAT(os.Getenv("PAT_FILE"))
+	domain := os.Getenv("API_DOMAIN")
+	loginURL := os.Getenv("LOGIN_URL")
+	idpURL := os.Getenv("IDP_URL")
+	host := os.Getenv("HOST")
+	port := os.Getenv("PORT")
+
+	idpMetadataURL, err := url.Parse(idpURL)
+	if err != nil {
+		panic(err)
+	}
+	idpMetadata, err := samlsp.FetchMetadata(context.Background(), http.DefaultClient,
+		*idpMetadataURL)
+	if err != nil {
+		panic(fmt.Errorf("failed to fetch IDP metadata from %s: %w", idpURL, err))
+	}
+	fmt.Printf("idpMetadata: %+v\n", idpMetadata)
+	rootURL, err := url.Parse(host + ":" + port)
+	if err != nil {
+		panic(err)
+	}
+
+	samlSP, err := samlsp.New(samlsp.Options{
+		URL:         *rootURL,
+		Key:         keyPair.PrivateKey.(*rsa.PrivateKey),
+		Certificate: keyPair.Leaf,
+		IDPMetadata: idpMetadata,
+	})
+	if err != nil {
+		panic(err)
+	}
+
+	server := &http.Server{
+		Addr: ":" + port,
+	}
+	app := http.HandlerFunc(hello)
+	http.Handle("/hello", samlSP.RequireAccount(app))
+	http.Handle("/saml/", samlSP)
+	go func() {
+		if err := server.ListenAndServe(); !errors.Is(err, http.ErrServerClosed) {
+			log.Fatalf("HTTP server error: %v", err)
+		}
+		log.Println("Stopped serving new connections.")
+	}()
+
+	metadata, err := xml.MarshalIndent(samlSP.ServiceProvider.Metadata(), "", "  ")
+	if err != nil {
+		panic(err)
+	}
+	if err := createZitadelResources(apiURL, pat, domain, metadata, loginURL); err != nil {
+		panic(err)
+	}
+
+	http.Handle("/healthy", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return }))
+	fmt.Println("/healthy returns 200 OK")
+
+	sigChan := make(chan os.Signal, 1)
+	signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
+	<-sigChan
+
+	shutdownCtx, shutdownRelease := context.WithTimeout(context.Background(), 10*time.Second)
+	defer shutdownRelease()
+
+	if err := server.Shutdown(shutdownCtx); err != nil {
+		log.Fatalf("HTTP shutdown error: %v", err)
+	}
+}
+
+func readPAT(path string) string {
+	f, err := os.Open(path)
+	if err != nil {
+		panic(err)
+	}
+	pat, err := io.ReadAll(f)
+	if err != nil {
+		panic(err)
+	}
+	return strings.Trim(string(pat), "\n")
+}
+
+func createZitadelResources(apiURL, pat, domain string, metadata []byte, loginURL string) error {
+	projectID, err := CreateProject(apiURL, pat, domain)
+	if err != nil {
+		return err
+	}
+	return CreateApp(apiURL, pat, domain, projectID, metadata, loginURL)
+}
+
+type project struct {
+	ID string `json:"id"`
+}
+type createProject struct {
+	Name                   string `json:"name"`
+	ProjectRoleAssertion   bool   `json:"projectRoleAssertion"`
+	ProjectRoleCheck       bool   `json:"projectRoleCheck"`
+	HasProjectCheck        bool   `json:"hasProjectCheck"`
+	PrivateLabelingSetting string `json:"privateLabelingSetting"`
+}
+
+func CreateProject(apiURL, pat, domain string) (string, error) {
+	createProject := &createProject{
+		Name:                   "SAML",
+		ProjectRoleAssertion:   false,
+		ProjectRoleCheck:       false,
+		HasProjectCheck:        false,
+		PrivateLabelingSetting: "PRIVATE_LABELING_SETTING_UNSPECIFIED",
+	}
+	resp, err := doRequestWithHeaders(apiURL+"/management/v1/projects", pat, domain, createProject)
+	if err != nil {
+		return "", err
+	}
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	p := new(project)
+	if err := json.Unmarshal(data, p); err != nil {
+		return "", err
+	}
+	return p.ID, nil
+}
+
+type createApp struct {
+	Name         string  `json:"name"`
+	MetadataXml  string  `json:"metadataXml"`
+	LoginVersion version `json:"loginVersion"`
+}
+type version struct {
+	LoginV2 loginV2 `json:"loginV2"`
+}
+type loginV2 struct {
+	BaseUri string `json:"baseUri"`
+}
+
+func CreateApp(apiURL, pat, domain, projectID string, spMetadata []byte, loginURL string) error {
+	encoded := make([]byte, base64.URLEncoding.EncodedLen(len(spMetadata)))
+	base64.URLEncoding.Encode(encoded, spMetadata)
+
+	createApp := &createApp{
+		Name:        "SAML",
+		MetadataXml: string(encoded),
+		LoginVersion: version{
+			LoginV2: loginV2{
+				BaseUri: loginURL,
+			},
+		},
+	}
+	_, err := doRequestWithHeaders(apiURL+"/management/v1/projects/"+projectID+"/apps/saml", pat, domain, createApp)
+	if err != nil {
+		return fmt.Errorf("error creating saml app with request %+v: %v", *createApp, err)
+	}
+	return err
+}
+
+func doRequestWithHeaders(apiURL, pat, domain string, body any) (*http.Response, error) {
+	data, err := json.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+	req, err := http.NewRequest(http.MethodPost, apiURL, io.NopCloser(bytes.NewReader(data)))
+	if err != nil {
+		return nil, err
+	}
+	values := http.Header{}
+	values.Add("Authorization", "Bearer "+pat)
+	values.Add("x-forwarded-host", domain)
+	values.Add("Content-Type", "application/json")
+	req.Header = values
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
diff --git a/login/apps/login-test-acceptance/setup/go.mod b/login/apps/login-test-acceptance/setup/go.mod
new file mode 100644
index 0000000000..7be166ef9b
--- /dev/null
+++ b/login/apps/login-test-acceptance/setup/go.mod
@@ -0,0 +1,3 @@
+module github.com/zitadel/typescript/apps/login-test-acceptance/setup
+
+go 1.23.3
diff --git a/login/apps/login-test-acceptance/setup/go.sum b/login/apps/login-test-acceptance/setup/go.sum
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/login/apps/login-test-acceptance/setup/main.go b/login/apps/login-test-acceptance/setup/main.go
new file mode 100644
index 0000000000..38dd16da61
--- /dev/null
+++ b/login/apps/login-test-acceptance/setup/main.go
@@ -0,0 +1,3 @@
+package main
+
+func main() {}
diff --git a/login/apps/login-test-acceptance/setup/setup.sh b/login/apps/login-test-acceptance/setup/setup.sh
new file mode 100755
index 0000000000..9d1a04e18f
--- /dev/null
+++ b/login/apps/login-test-acceptance/setup/setup.sh
@@ -0,0 +1,139 @@
+#!/bin/sh
+
+set -e pipefail
+
+PAT_FILE=${PAT_FILE:-./pat/zitadel-admin-sa.pat}
+LOGIN_BASE_URL=${LOGIN_BASE_URL:-"http://localhost:3000"}
+ZITADEL_API_PROTOCOL="${ZITADEL_API_PROTOCOL:-http}"
+ZITADEL_API_DOMAIN="${ZITADEL_API_DOMAIN:-localhost}"
+ZITADEL_API_PORT="${ZITADEL_API_PORT:-8080}"
+ZITADEL_API_URL="${ZITADEL_API_URL:-${ZITADEL_API_PROTOCOL}://${ZITADEL_API_DOMAIN}:${ZITADEL_API_PORT}}"
+ZITADEL_API_INTERNAL_URL="${ZITADEL_API_INTERNAL_URL:-${ZITADEL_API_URL}}"
+SINK_EMAIL_INTERNAL_URL="${SINK_EMAIL_INTERNAL_URL:-"http://sink:3333/email"}"
+SINK_SMS_INTERNAL_URL="${SINK_SMS_INTERNAL_URL:-"http://sink:3333/sms"}"
+SINK_NOTIFICATION_URL="${SINK_NOTIFICATION_URL:-"http://localhost:3333/notification"}"
+WRITE_ENVIRONMENT_FILE=${WRITE_ENVIRONMENT_FILE:-$(dirname "$0")/../apps/login/.env.test.local}
+
+if [ -z "${PAT}" ]; then
+  echo "Reading PAT from file ${PAT_FILE}"
+  PAT=$(cat ${PAT_FILE})
+fi
+
+#################################################################
+# ServiceAccount as Login Client
+#################################################################
+
+SERVICEACCOUNT_RESPONSE=$(curl -s --request POST \
+      --url "${ZITADEL_API_INTERNAL_URL}/management/v1/users/machine" \
+      --header "Authorization: Bearer ${PAT}" \
+      --header "Host: ${ZITADEL_API_DOMAIN}" \
+      --header "Content-Type: application/json" \
+      -d "{\"userName\": \"login\",  \"name\": \"Login v2\",  \"description\": \"Serviceaccount for Login v2\", \"accessTokenType\": \"ACCESS_TOKEN_TYPE_BEARER\"}")
+echo "Received ServiceAccount response: ${SERVICEACCOUNT_RESPONSE}"
+
+SERVICEACCOUNT_ID=$(echo ${SERVICEACCOUNT_RESPONSE} | jq -r '. | .userId')
+echo "Received ServiceAccount ID: ${SERVICEACCOUNT_ID}"
+
+MEMBER_RESPONSE=$(curl -s --request POST \
+      --url "${ZITADEL_API_INTERNAL_URL}/admin/v1/members" \
+      --header "Authorization: Bearer ${PAT}" \
+      --header "Host: ${ZITADEL_API_DOMAIN}" \
+      --header "Content-Type: application/json" \
+      -d "{\"userId\": \"${SERVICEACCOUNT_ID}\",  \"roles\": [\"IAM_LOGIN_CLIENT\"]}")
+echo "Received Member response: ${MEMBER_RESPONSE}"
+
+SA_PAT_RESPONSE=$(curl -s --request POST \
+      --url "${ZITADEL_API_INTERNAL_URL}/management/v1/users/${SERVICEACCOUNT_ID}/pats" \
+      --header "Authorization: Bearer ${PAT}" \
+      --header "Host: ${ZITADEL_API_DOMAIN}" \
+      --header "Content-Type: application/json" \
+      -d "{\"expirationDate\": \"2519-04-01T08:45:00.000000Z\"}")
+echo "Received Member response: ${MEMBER_RESPONSE}"
+
+SA_PAT=$(echo ${SA_PAT_RESPONSE} | jq -r '. | .token')
+echo "Received ServiceAccount Token: ${SA_PAT}"
+
+#################################################################
+# Environment files
+#################################################################
+
+echo "Writing environment file ${WRITE_ENVIRONMENT_FILE}."
+
+echo "ZITADEL_API_URL=${ZITADEL_API_URL}
+ZITADEL_SERVICE_USER_TOKEN=${SA_PAT}
+ZITADEL_ADMIN_TOKEN=${PAT}
+SINK_NOTIFICATION_URL=${SINK_NOTIFICATION_URL}
+EMAIL_VERIFICATION=true
+DEBUG=false
+LOGIN_BASE_URL=${LOGIN_BASE_URL}
+NODE_TLS_REJECT_UNAUTHORIZED=0
+ZITADEL_ADMIN_USER=${ZITADEL_ADMIN_USER:-"zitadel-admin@zitadel.localhost"}
+NEXT_PUBLIC_BASE_PATH=/ui/v2/login
+" > ${WRITE_ENVIRONMENT_FILE}
+
+echo "Wrote environment file ${WRITE_ENVIRONMENT_FILE}"
+cat ${WRITE_ENVIRONMENT_FILE}
+
+#################################################################
+# SMS provider with HTTP
+#################################################################
+
+SMSHTTP_RESPONSE=$(curl -s --request POST \
+      --url "${ZITADEL_API_INTERNAL_URL}/admin/v1/sms/http" \
+      --header "Authorization: Bearer ${PAT}" \
+      --header "Host: ${ZITADEL_API_DOMAIN}" \
+      --header "Content-Type: application/json" \
+      -d "{\"endpoint\": \"${SINK_SMS_INTERNAL_URL}\", \"description\": \"test\"}")
+echo "Received SMS HTTP response: ${SMSHTTP_RESPONSE}"
+
+SMSHTTP_ID=$(echo ${SMSHTTP_RESPONSE} | jq -r '. | .id')
+echo "Received SMS HTTP ID: ${SMSHTTP_ID}"
+
+SMS_ACTIVE_RESPONSE=$(curl -s --request POST \
+      --url "${ZITADEL_API_INTERNAL_URL}/admin/v1/sms/${SMSHTTP_ID}/_activate" \
+      --header "Authorization: Bearer ${PAT}" \
+      --header "Host: ${ZITADEL_API_DOMAIN}" \
+      --header "Content-Type: application/json")
+echo "Received SMS active response: ${SMS_ACTIVE_RESPONSE}"
+
+#################################################################
+# Email provider with HTTP
+#################################################################
+
+EMAILHTTP_RESPONSE=$(curl -s --request POST \
+      --url "${ZITADEL_API_INTERNAL_URL}/admin/v1/email/http" \
+      --header "Authorization: Bearer ${PAT}" \
+      --header "Host: ${ZITADEL_API_DOMAIN}" \
+      --header "Content-Type: application/json" \
+      -d "{\"endpoint\": \"${SINK_EMAIL_INTERNAL_URL}\", \"description\": \"test\"}")
+echo "Received Email HTTP response: ${EMAILHTTP_RESPONSE}"
+
+EMAILHTTP_ID=$(echo ${EMAILHTTP_RESPONSE} | jq -r '. | .id')
+echo "Received Email HTTP ID: ${EMAILHTTP_ID}"
+
+EMAIL_ACTIVE_RESPONSE=$(curl -s --request POST \
+      --url "${ZITADEL_API_INTERNAL_URL}/admin/v1/email/${EMAILHTTP_ID}/_activate" \
+      --header "Authorization: Bearer ${PAT}" \
+      --header "Host: ${ZITADEL_API_DOMAIN}" \
+      --header "Content-Type: application/json")
+echo "Received Email active response: ${EMAIL_ACTIVE_RESPONSE}"
+
+#################################################################
+# Wait for projection of default organization in ZITADEL
+#################################################################
+
+DEFAULTORG_RESPONSE_RESULTS=0
+# waiting for default organization
+until [ ${DEFAULTORG_RESPONSE_RESULTS} -eq 1 ]
+do
+  DEFAULTORG_RESPONSE=$(curl -s --request POST \
+      --url "${ZITADEL_API_INTERNAL_URL}/v2/organizations/_search" \
+      --header "Authorization: Bearer ${PAT}" \
+      --header "Host: ${ZITADEL_API_DOMAIN}" \
+      --header "Content-Type: application/json" \
+      -d "{\"queries\": [{\"defaultQuery\":{}}]}" )
+  echo "Received default organization response: ${DEFAULTORG_RESPONSE}"
+  DEFAULTORG_RESPONSE_RESULTS=$(echo $DEFAULTORG_RESPONSE | jq -r '.result | length')
+  echo "Received default organization response result: ${DEFAULTORG_RESPONSE_RESULTS}"
+done
+
diff --git a/login/apps/login-test-acceptance/sink/go.mod b/login/apps/login-test-acceptance/sink/go.mod
new file mode 100644
index 0000000000..1da7622b58
--- /dev/null
+++ b/login/apps/login-test-acceptance/sink/go.mod
@@ -0,0 +1,3 @@
+module github.com/zitadel/typescript/acceptance/sink
+
+go 1.24.0
diff --git a/login/apps/login-test-acceptance/sink/go.sum b/login/apps/login-test-acceptance/sink/go.sum
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/login/apps/login-test-acceptance/sink/main.go b/login/apps/login-test-acceptance/sink/main.go
new file mode 100644
index 0000000000..f3795ba0d0
--- /dev/null
+++ b/login/apps/login-test-acceptance/sink/main.go
@@ -0,0 +1,111 @@
+package main
+
+import (
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io"
+	"net/http"
+)
+
+type serializableData struct {
+	ContextInfo map[string]interface{} `json:"contextInfo,omitempty"`
+	Args        map[string]interface{} `json:"args,omitempty"`
+}
+
+type response struct {
+	Recipient string `json:"recipient,omitempty"`
+}
+
+func main() {
+	port := flag.String("port", "3333", "used port for the sink")
+	email := flag.String("email", "/email", "path for a sent email")
+	emailKey := flag.String("email-key", "recipientEmailAddress", "value in the sent context info of the email used as key to retrieve the notification")
+	sms := flag.String("sms", "/sms", "path for a sent sms")
+	smsKey := flag.String("sms-key", "recipientPhoneNumber", "value in the sent context info of the sms used as key to retrieve the notification")
+	notification := flag.String("notification", "/notification", "path to receive the notification")
+	flag.Parse()
+
+	messages := make(map[string]serializableData)
+
+	http.HandleFunc(*email, func(w http.ResponseWriter, r *http.Request) {
+		data, err := io.ReadAll(r.Body)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		serializableData := serializableData{}
+		if err := json.Unmarshal(data, &serializableData); err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+		email, ok := serializableData.ContextInfo[*emailKey].(string)
+		if !ok {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+		fmt.Println(email + ": " + string(data))
+		messages[email] = serializableData
+		io.WriteString(w, "Email!\n")
+	})
+
+	http.HandleFunc(*sms, func(w http.ResponseWriter, r *http.Request) {
+		data, err := io.ReadAll(r.Body)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		serializableData := serializableData{}
+		if err := json.Unmarshal(data, &serializableData); err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+		phone, ok := serializableData.ContextInfo[*smsKey].(string)
+		if !ok {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+		fmt.Println(phone + ": " + string(data))
+		messages[phone] = serializableData
+		io.WriteString(w, "SMS!\n")
+	})
+
+	http.HandleFunc(*notification, func(w http.ResponseWriter, r *http.Request) {
+		data, err := io.ReadAll(r.Body)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		response := response{}
+		if err := json.Unmarshal(data, &response); err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+		msg, ok := messages[response.Recipient]
+		if !ok {
+			http.Error(w, "No messages found for recipient: "+response.Recipient, http.StatusNotFound)
+			return
+		}
+		serializableData, err := json.Marshal(msg)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json")
+		io.WriteString(w, string(serializableData))
+	})
+
+	fmt.Println("Starting server on", *port)
+	fmt.Println(*email, " for email handling")
+	fmt.Println(*sms, " for sms handling")
+	fmt.Println(*notification, " for retrieving notifications")
+	http.Handle("/healthy", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return }))
+	fmt.Println("/healthy returns 200 OK")
+	err := http.ListenAndServe(":"+*port, nil)
+	if err != nil {
+		panic("Server could not be started: " + err.Error())
+	}
+}
diff --git a/login/apps/login-test-acceptance/test-results/.gitignore b/login/apps/login-test-acceptance/test-results/.gitignore
new file mode 100644
index 0000000000..377ccd3fdf
--- /dev/null
+++ b/login/apps/login-test-acceptance/test-results/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitkeep
diff --git a/login/apps/login-test-acceptance/test-results/.gitkeep b/login/apps/login-test-acceptance/test-results/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/login/apps/login-test-acceptance/tests/admin.spec.ts b/login/apps/login-test-acceptance/tests/admin.spec.ts
new file mode 100644
index 0000000000..13b748fc63
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/admin.spec.ts
@@ -0,0 +1,7 @@
+import { test } from "@playwright/test";
+import { loginScreenExpect, loginWithPassword } from "./login";
+
+test("admin login", async ({ page }) => {
+  await loginWithPassword(page, process.env["ZITADEL_ADMIN_USER"], "Password1!");
+  await loginScreenExpect(page, "ZITADEL Admin");
+});
diff --git a/login/apps/login-test-acceptance/tests/code-screen.ts b/login/apps/login-test-acceptance/tests/code-screen.ts
new file mode 100644
index 0000000000..3ab9dad26d
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/code-screen.ts
@@ -0,0 +1,12 @@
+import { expect, Page } from "@playwright/test";
+
+const codeTextInput = "code-text-input";
+
+export async function codeScreen(page: Page, code: string) {
+  await page.getByTestId(codeTextInput).pressSequentially(code);
+}
+
+export async function codeScreenExpect(page: Page, code: string) {
+  await expect(page.getByTestId(codeTextInput)).toHaveValue(code);
+  await expect(page.getByTestId("error").locator("div")).toContainText("Could not verify OTP code");
+}
diff --git a/login/apps/login-test-acceptance/tests/code.ts b/login/apps/login-test-acceptance/tests/code.ts
new file mode 100644
index 0000000000..e27d1f6150
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/code.ts
@@ -0,0 +1,17 @@
+import { Page } from "@playwright/test";
+import { codeScreen } from "./code-screen";
+import { getOtpFromSink } from "./sink";
+
+export async function otpFromSink(page: Page, key: string) {
+  const c = await getOtpFromSink(key);
+  await code(page, c);
+}
+
+export async function code(page: Page, code: string) {
+  await codeScreen(page, code);
+  await page.getByTestId("submit-button").click();
+}
+
+export async function codeResend(page: Page) {
+  await page.getByTestId("resend-button").click();
+}
diff --git a/login/apps/login-test-acceptance/tests/email-verify-screen.ts b/login/apps/login-test-acceptance/tests/email-verify-screen.ts
new file mode 100644
index 0000000000..b077ecb424
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/email-verify-screen.ts
@@ -0,0 +1,12 @@
+import { expect, Page } from "@playwright/test";
+
+const codeTextInput = "code-text-input";
+
+export async function emailVerifyScreen(page: Page, code: string) {
+  await page.getByTestId(codeTextInput).pressSequentially(code);
+}
+
+export async function emailVerifyScreenExpect(page: Page, code: string) {
+  await expect(page.getByTestId(codeTextInput)).toHaveValue(code);
+  await expect(page.getByTestId("error").locator("div")).toContainText("Could not verify email");
+}
diff --git a/login/apps/login-test-acceptance/tests/email-verify.spec.ts b/login/apps/login-test-acceptance/tests/email-verify.spec.ts
new file mode 100644
index 0000000000..2c546b8eee
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/email-verify.spec.ts
@@ -0,0 +1,69 @@
+import { faker } from "@faker-js/faker";
+import { test as base } from "@playwright/test";
+import dotenv from "dotenv";
+import path from "path";
+import { emailVerify, emailVerifyResend } from "./email-verify";
+import { emailVerifyScreenExpect } from "./email-verify-screen";
+import { loginScreenExpect, loginWithPassword } from "./login";
+import { getCodeFromSink } from "./sink";
+import { PasswordUser } from "./user";
+
+// Read from ".env" file.
+dotenv.config({ path: path.resolve(__dirname, "../../login/.env.test.local") });
+
+const test = base.extend<{ user: PasswordUser }>({
+  user: async ({ page }, use) => {
+    const user = new PasswordUser({
+      email: faker.internet.email(),
+      isEmailVerified: false,
+      firstName: faker.person.firstName(),
+      lastName: faker.person.lastName(),
+      organization: "",
+      phone: faker.phone.number(),
+      isPhoneVerified: false,
+      password: "Password1!",
+      passwordChangeRequired: false,
+    });
+    await user.ensure(page);
+    await use(user);
+    await user.cleanup();
+  },
+});
+
+test("user email not verified, verify", async ({ user, page }) => {
+  await loginWithPassword(page, user.getUsername(), user.getPassword());
+  const c = await getCodeFromSink(user.getUsername());
+  await emailVerify(page, c);
+  // wait for resend of the code
+  await page.waitForTimeout(2000);
+  await loginScreenExpect(page, user.getFullName());
+});
+
+test("user email not verified, resend, verify", async ({ user, page }) => {
+  await loginWithPassword(page, user.getUsername(), user.getPassword());
+  // auto-redirect on /verify
+  await emailVerifyResend(page);
+  const c = await getCodeFromSink(user.getUsername());
+  // wait for resend of the code
+  await page.waitForTimeout(2000);
+  await emailVerify(page, c);
+  await loginScreenExpect(page, user.getFullName());
+});
+
+test("user email not verified, resend, old code", async ({ user, page }) => {
+  await loginWithPassword(page, user.getUsername(), user.getPassword());
+  const c = await getCodeFromSink(user.getUsername());
+  await emailVerifyResend(page);
+  // wait for resend of the code
+  await page.waitForTimeout(2000);
+  await emailVerify(page, c);
+  await emailVerifyScreenExpect(page, c);
+});
+
+test("user email not verified, wrong code", async ({ user, page }) => {
+  await loginWithPassword(page, user.getUsername(), user.getPassword());
+  // auto-redirect on /verify
+  const code = "wrong";
+  await emailVerify(page, code);
+  await emailVerifyScreenExpect(page, code);
+});
diff --git a/login/apps/login-test-acceptance/tests/email-verify.ts b/login/apps/login-test-acceptance/tests/email-verify.ts
new file mode 100644
index 0000000000..5275e82bfe
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/email-verify.ts
@@ -0,0 +1,15 @@
+import { Page } from "@playwright/test";
+import { emailVerifyScreen } from "./email-verify-screen";
+
+export async function startEmailVerify(page: Page, loginname: string) {
+  await page.goto("./verify");
+}
+
+export async function emailVerify(page: Page, code: string) {
+  await emailVerifyScreen(page, code);
+  await page.getByTestId("submit-button").click();
+}
+
+export async function emailVerifyResend(page: Page) {
+  await page.getByTestId("resend-button").click();
+}
diff --git a/login/apps/login-test-acceptance/tests/idp-apple.spec.ts b/login/apps/login-test-acceptance/tests/idp-apple.spec.ts
new file mode 100644
index 0000000000..32d3adba6b
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/idp-apple.spec.ts
@@ -0,0 +1,102 @@
+// Note for all tests, in case Apple doesn't deliver all relevant information per default
+// We should add an action in the needed cases
+
+import test from "@playwright/test";
+
+test("login with Apple IDP", async ({ page }) => {
+  test.skip();
+  // Given an Apple IDP is configured on the organization
+  // Given the user has an Apple added as auth method
+  // User authenticates with Apple
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with Apple IDP - error", async ({ page }) => {
+  test.skip();
+  // Given an Apple IDP is configured on the organization
+  // Given the user has an Apple added as auth method
+  // User is redirected to Apple
+  // User authenticates with Apple and gets an error
+  // User is redirect back to login
+  // An error is shown to the user "Something went wrong in Apple Login"
+});
+
+test("login with Apple IDP, no user existing - auto register", async ({ page }) => {
+  test.skip();
+  // Given idp Apple is configure on the organization as only authencation method
+  // Given idp Apple is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Apple
+  // User authenticates in Apple
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Apple IDP, no user existing - auto register not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Apple is configure on the organization as only authencation method
+  // Given idp Apple is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Apple
+  // User authenticates in Apple
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Apple IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  test.skip();
+  // Given idp Apple is configure on the organization as only authencation method
+  // Given idp Apple is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Apple
+  // User authenticates in Apple
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with Apple IDP, no user linked - auto link", async ({ page }) => {
+  test.skip();
+  // Given idp Apple is configure on the organization as only authencation method
+  // Given idp Apple is configure with account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com exists
+  // User is automatically redirected to Apple
+  // User authenticates in Apple with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Apple IDP, no user linked, linking not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Apple is configure on the organization as only authencation method
+  // Given idp Apple is configure with manually account linking  not allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Apple
+  // User authenticates in Apple with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with Apple IDP, no user linked, user link successful", async ({ page }) => {
+  test.skip();
+  // Given idp Apple is configure on the organization as only authencation method
+  // Given idp Apple is configure with manually account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Apple
+  // User authenticates in Apple with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/idp-generic-jwt.spec.ts b/login/apps/login-test-acceptance/tests/idp-generic-jwt.spec.ts
new file mode 100644
index 0000000000..d68475a226
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/idp-generic-jwt.spec.ts
@@ -0,0 +1,99 @@
+import test from "@playwright/test";
+
+test("login with Generic JWT IDP", async ({ page }) => {
+  test.skip();
+  // Given a Generic JWT IDP is configured on the organization
+  // Given the user has Generic JWT IDP added as auth method
+  // User authenticates with the Generic JWT IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with Generic JWT IDP - error", async ({ page }) => {
+  test.skip();
+  // Given the Generic JWT IDP is configured on the organization
+  // Given the user has Generic JWT IDP added as auth method
+  // User is redirected to the Generic JWT IDP
+  // User authenticates with the Generic JWT IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with Generic JWT IDP, no user existing - auto register", async ({ page }) => {
+  test.skip();
+  // Given idp Generic JWT is configure on the organization as only authencation method
+  // Given idp Generic JWT is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic JWT
+  // User authenticates in Generic JWT
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic JWT IDP, no user existing - auto register not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Generic JWT is configure on the organization as only authencation method
+  // Given idp Generic JWT is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic JWT
+  // User authenticates in Generic JWT
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic JWT IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  test.skip();
+  // Given idp Generic JWT is configure on the organization as only authencation method
+  // Given idp Generic JWT is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic JWT
+  // User authenticates in Generic JWT
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with Generic JWT IDP, no user linked - auto link", async ({ page }) => {
+  test.skip();
+  // Given idp Generic JWT is configure on the organization as only authencation method
+  // Given idp Generic JWT is configure with account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com exists
+  // User is automatically redirected to Generic JWT
+  // User authenticates in Generic JWT with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic JWT IDP, no user linked, linking not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Generic JWT is configure on the organization as only authencation method
+  // Given idp Generic JWT is configure with manually account linking  not allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Generic JWT
+  // User authenticates in Generic JWT with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with Generic JWT IDP, no user linked, linking successful", async ({ page }) => {
+  test.skip();
+  // Given idp Generic JWT is configure on the organization as only authencation method
+  // Given idp Generic JWT is configure with manually account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Generic JWT
+  // User authenticates in Generic JWT with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/idp-generic-oauth.spec.ts b/login/apps/login-test-acceptance/tests/idp-generic-oauth.spec.ts
new file mode 100644
index 0000000000..24c25d0005
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/idp-generic-oauth.spec.ts
@@ -0,0 +1,99 @@
+import test from "@playwright/test";
+
+test("login with Generic OAuth IDP", async ({ page }) => {
+  test.skip();
+  // Given a Generic OAuth IDP is configured on the organization
+  // Given the user has Generic OAuth IDP added as auth method
+  // User authenticates with the Generic OAuth IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with Generic OAuth IDP - error", async ({ page }) => {
+  test.skip();
+  // Given the Generic OAuth IDP is configured on the organization
+  // Given the user has Generic OAuth IDP added as auth method
+  // User is redirected to the Generic OAuth IDP
+  // User authenticates with the Generic OAuth IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with Generic OAuth IDP, no user existing - auto register", async ({ page }) => {
+  test.skip();
+  // Given idp Generic OAuth is configure on the organization as only authencation method
+  // Given idp Generic OAuth is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic OAuth
+  // User authenticates in Generic OAuth
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic OAuth IDP, no user existing - auto register not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Generic OAuth is configure on the organization as only authencation method
+  // Given idp Generic OAuth is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic OAuth
+  // User authenticates in Generic OAuth
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic OAuth IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  test.skip();
+  // Given idp Generic OAuth is configure on the organization as only authencation method
+  // Given idp Generic OAuth is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic OAuth
+  // User authenticates in Generic OAuth
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with Generic OAuth IDP, no user linked - auto link", async ({ page }) => {
+  test.skip();
+  // Given idp Generic OAuth is configure on the organization as only authencation method
+  // Given idp Generic OAuth is configure with account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com exists
+  // User is automatically redirected to Generic OAuth
+  // User authenticates in Generic OAuth with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic OAuth IDP, no user linked, linking not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Generic OAuth is configure on the organization as only authencation method
+  // Given idp Generic OAuth is configure with manually account linking  not allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Generic OAuth
+  // User authenticates in Generic OAuth with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with Generic OAuth IDP, no user linked, linking successful", async ({ page }) => {
+  test.skip();
+  // Given idp Generic OAuth is configure on the organization as only authencation method
+  // Given idp Generic OAuth is configure with manually account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Generic OAuth
+  // User authenticates in Generic OAuth with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/idp-generic-oidc.spec.ts b/login/apps/login-test-acceptance/tests/idp-generic-oidc.spec.ts
new file mode 100644
index 0000000000..391481f99d
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/idp-generic-oidc.spec.ts
@@ -0,0 +1,101 @@
+// Note, we should use a provider such as Google to test this, where we know OIDC standard is properly implemented
+
+import test from "@playwright/test";
+
+test("login with Generic OIDC IDP", async ({ page }) => {
+  test.skip();
+  // Given a Generic OIDC IDP is configured on the organization
+  // Given the user has Generic OIDC IDP added as auth method
+  // User authenticates with the Generic OIDC IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with Generic OIDC IDP - error", async ({ page }) => {
+  test.skip();
+  // Given the Generic OIDC IDP is configured on the organization
+  // Given the user has Generic OIDC IDP added as auth method
+  // User is redirected to the Generic OIDC IDP
+  // User authenticates with the Generic OIDC IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with Generic OIDC IDP, no user existing - auto register", async ({ page }) => {
+  test.skip();
+  // Given idp Generic OIDC is configure on the organization as only authencation method
+  // Given idp Generic OIDC is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic OIDC
+  // User authenticates in Generic OIDC
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic OIDC IDP, no user existing - auto register not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Generic OIDC is configure on the organization as only authencation method
+  // Given idp Generic OIDC is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic OIDC
+  // User authenticates in Generic OIDC
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic OIDC IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  test.skip();
+  // Given idp Generic OIDC is configure on the organization as only authencation method
+  // Given idp Generic OIDC is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic OIDC
+  // User authenticates in Generic OIDC
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with Generic OIDC IDP, no user linked - auto link", async ({ page }) => {
+  test.skip();
+  // Given idp Generic OIDC is configure on the organization as only authencation method
+  // Given idp Generic OIDC is configure with account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com exists
+  // User is automatically redirected to Generic OIDC
+  // User authenticates in Generic OIDC with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic OIDC IDP, no user linked, linking not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Generic OIDC is configure on the organization as only authencation method
+  // Given idp Generic OIDC is configure with manually account linking  not allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Generic OIDC
+  // User authenticates in Generic OIDC with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with Generic OIDC IDP, no user linked, linking successful", async ({ page }) => {
+  test.skip();
+  // Given idp Generic OIDC is configure on the organization as only authencation method
+  // Given idp Generic OIDC is configure with manually account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Generic OIDC
+  // User authenticates in Generic OIDC with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/idp-github-enterprise.spec.ts b/login/apps/login-test-acceptance/tests/idp-github-enterprise.spec.ts
new file mode 100644
index 0000000000..2c39092851
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/idp-github-enterprise.spec.ts
@@ -0,0 +1,103 @@
+import test from "@playwright/test";
+
+test("login with GitHub Enterprise IDP", async ({ page }) => {
+  test.skip();
+  // Given a GitHub Enterprise IDP is configured on the organization
+  // Given the user has GitHub Enterprise IDP added as auth method
+  // User authenticates with the GitHub Enterprise IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with GitHub Enterprise IDP - error", async ({ page }) => {
+  test.skip();
+  // Given the GitHub Enterprise IDP is configured on the organization
+  // Given the user has GitHub Enterprise IDP added as auth method
+  // User is redirected to the GitHub Enterprise IDP
+  // User authenticates with the GitHub Enterprise IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with GitHub Enterprise IDP, no user existing - auto register", async ({ page }) => {
+  test.skip();
+  // Given idp GitHub Enterprise is configure on the organization as only authencation method
+  // Given idp GitHub Enterprise is configure with account creation alloweed, and automatic creation enabled
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given no user exists yet
+  // User is automatically redirected to GitHub Enterprise
+  // User authenticates in GitHub Enterprise
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with GitHub Enterprise IDP, no user existing - auto register not possible", async ({ page }) => {
+  test.skip();
+  // Given idp GitHub Enterprise is configure on the organization as only authencation method
+  // Given idp GitHub Enterprise is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to GitHub Enterprise
+  // User authenticates in GitHub Enterprise
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with GitHub Enterprise IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  test.skip();
+  // Given idp GitHub Enterprise is configure on the organization as only authencation method
+  // Given idp GitHub Enterprise is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to GitHub Enterprise
+  // User authenticates in GitHub Enterprise
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with GitHub Enterprise IDP, no user linked - auto link", async ({ page }) => {
+  test.skip();
+  // Given idp GitHub Enterprise is configure on the organization as only authencation method
+  // Given idp GitHub Enterprise is configure with account linking allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com exists
+  // User is automatically redirected to GitHub Enterprise
+  // User authenticates in GitHub Enterprise with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with GitHub Enterprise IDP, no user linked, linking not possible", async ({ page }) => {
+  test.skip();
+  // Given idp GitHub Enterprise is configure on the organization as only authencation method
+  // Given idp GitHub Enterprise is configure with manually account linking  not allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to GitHub Enterprise
+  // User authenticates in GitHub Enterprise with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with GitHub Enterprise IDP, no user linked, linking successful", async ({ page }) => {
+  test.skip();
+  // Given idp GitHub Enterprise is configure on the organization as only authencation method
+  // Given idp GitHub Enterprise is configure with manually account linking allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to GitHub Enterprise
+  // User authenticates in GitHub Enterprise with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/idp-github.spec.ts b/login/apps/login-test-acceptance/tests/idp-github.spec.ts
new file mode 100644
index 0000000000..689e040537
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/idp-github.spec.ts
@@ -0,0 +1,103 @@
+import test from "@playwright/test";
+
+test("login with GitHub IDP", async ({ page }) => {
+  test.skip();
+  // Given a GitHub IDP is configured on the organization
+  // Given the user has GitHub IDP added as auth method
+  // User authenticates with the GitHub IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with GitHub IDP - error", async ({ page }) => {
+  test.skip();
+  // Given the GitHub IDP is configured on the organization
+  // Given the user has GitHub IDP added as auth method
+  // User is redirected to the GitHub IDP
+  // User authenticates with the GitHub IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with GitHub IDP, no user existing - auto register", async ({ page }) => {
+  test.skip();
+  // Given idp GitHub is configure on the organization as only authencation method
+  // Given idp GitHub is configure with account creation alloweed, and automatic creation enabled
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given no user exists yet
+  // User is automatically redirected to GitHub
+  // User authenticates in GitHub
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with GitHub IDP, no user existing - auto register not possible", async ({ page }) => {
+  test.skip();
+  // Given idp GitHub is configure on the organization as only authencation method
+  // Given idp GitHub is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to GitHub
+  // User authenticates in GitHub
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with GitHub IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  test.skip();
+  // Given idp GitHub is configure on the organization as only authencation method
+  // Given idp GitHub is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to GitHub
+  // User authenticates in GitHub
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with GitHub IDP, no user linked - auto link", async ({ page }) => {
+  test.skip();
+  // Given idp GitHub is configure on the organization as only authencation method
+  // Given idp GitHub is configure with account linking allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com exists
+  // User is automatically redirected to GitHub
+  // User authenticates in GitHub with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with GitHub IDP, no user linked, linking not possible", async ({ page }) => {
+  test.skip();
+  // Given idp GitHub is configure on the organization as only authencation method
+  // Given idp GitHub is configure with manually account linking  not allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to GitHub
+  // User authenticates in GitHub with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with GitHub IDP, no user linked, linking successful", async ({ page }) => {
+  test.skip();
+  // Given idp GitHub is configure on the organization as only authencation method
+  // Given idp GitHub is configure with manually account linking allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to GitHub
+  // User authenticates in GitHub with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/idp-gitlab-self-hosted.spec.ts b/login/apps/login-test-acceptance/tests/idp-gitlab-self-hosted.spec.ts
new file mode 100644
index 0000000000..1b05d5e19b
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/idp-gitlab-self-hosted.spec.ts
@@ -0,0 +1,103 @@
+import test from "@playwright/test";
+
+test("login with GitLab Self-Hosted IDP", async ({ page }) => {
+  test.skip();
+  // Given a GitLab Self-Hosted IDP is configured on the organization
+  // Given the user has GitLab Self-Hosted IDP added as auth method
+  // User authenticates with the GitLab Self-Hosted IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with GitLab Self-Hosted IDP - error", async ({ page }) => {
+  test.skip();
+  // Given the GitLab Self-Hosted IDP is configured on the organization
+  // Given the user has GitLab Self-Hosted IDP added as auth method
+  // User is redirected to the GitLab Self-Hosted IDP
+  // User authenticates with the GitLab Self-Hosted IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with Gitlab Self-Hosted IDP, no user existing - auto register", async ({ page }) => {
+  test.skip();
+  // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method
+  // Given idp Gitlab Self-Hosted is configure with account creation alloweed, and automatic creation enabled
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given no user exists yet
+  // User is automatically redirected to Gitlab Self-Hosted
+  // User authenticates in Gitlab Self-Hosted
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Gitlab Self-Hosted IDP, no user existing - auto register not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method
+  // Given idp Gitlab Self-Hosted is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Gitlab Self-Hosted
+  // User authenticates in Gitlab Self-Hosted
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Gitlab Self-Hosted IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  test.skip();
+  // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method
+  // Given idp Gitlab Self-Hosted is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Gitlab Self-Hosted
+  // User authenticates in Gitlab Self-Hosted
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with Gitlab Self-Hosted IDP, no user linked - auto link", async ({ page }) => {
+  test.skip();
+  // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method
+  // Given idp Gitlab Self-Hosted is configure with account linking allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com exists
+  // User is automatically redirected to Gitlab Self-Hosted
+  // User authenticates in Gitlab Self-Hosted with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Gitlab Self-Hosted IDP, no user linked, linking not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method
+  // Given idp Gitlab Self-Hosted is configure with manually account linking  not allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Gitlab Self-Hosted
+  // User authenticates in Gitlab Self-Hosted with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with Gitlab Self-Hosted IDP, no user linked, linking successful", async ({ page }) => {
+  test.skip();
+  // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method
+  // Given idp Gitlab Self-Hosted is configure with manually account linking allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Gitlab Self-Hosted
+  // User authenticates in Gitlab Self-Hosted with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/idp-gitlab.spec.ts b/login/apps/login-test-acceptance/tests/idp-gitlab.spec.ts
new file mode 100644
index 0000000000..fdb235843b
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/idp-gitlab.spec.ts
@@ -0,0 +1,103 @@
+import test from "@playwright/test";
+
+test("login with GitLab IDP", async ({ page }) => {
+  test.skip();
+  // Given a GitLab IDP is configured on the organization
+  // Given the user has GitLab IDP added as auth method
+  // User authenticates with the GitLab IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with GitLab IDP - error", async ({ page }) => {
+  test.skip();
+  // Given the GitLab IDP is configured on the organization
+  // Given the user has GitLab IDP added as auth method
+  // User is redirected to the GitLab IDP
+  // User authenticates with the GitLab IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with Gitlab IDP, no user existing - auto register", async ({ page }) => {
+  test.skip();
+  // Given idp Gitlab is configure on the organization as only authencation method
+  // Given idp Gitlab is configure with account creation alloweed, and automatic creation enabled
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given no user exists yet
+  // User is automatically redirected to Gitlab
+  // User authenticates in Gitlab
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Gitlab IDP, no user existing - auto register not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Gitlab is configure on the organization as only authencation method
+  // Given idp Gitlab is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Gitlab
+  // User authenticates in Gitlab
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Gitlab IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  test.skip();
+  // Given idp Gitlab is configure on the organization as only authencation method
+  // Given idp Gitlab is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Gitlab
+  // User authenticates in Gitlab
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with Gitlab IDP, no user linked - auto link", async ({ page }) => {
+  test.skip();
+  // Given idp Gitlab is configure on the organization as only authencation method
+  // Given idp Gitlab is configure with account linking allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com exists
+  // User is automatically redirected to Gitlab
+  // User authenticates in Gitlab with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Gitlab IDP, no user linked, linking not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Gitlab is configure on the organization as only authencation method
+  // Given idp Gitlab is configure with manually account linking  not allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Gitlab
+  // User authenticates in Gitlab with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with Gitlab IDP, no user linked, linking successful", async ({ page }) => {
+  test.skip();
+  // Given idp Gitlab is configure on the organization as only authencation method
+  // Given idp Gitlab is configure with manually account linking allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Gitlab
+  // User authenticates in Gitlab with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/idp-google.spec.ts b/login/apps/login-test-acceptance/tests/idp-google.spec.ts
new file mode 100644
index 0000000000..8eb4d54e34
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/idp-google.spec.ts
@@ -0,0 +1,99 @@
+import test from "@playwright/test";
+
+test("login with Google IDP", async ({ page }) => {
+  test.skip();
+  // Given a Google IDP is configured on the organization
+  // Given the user has Google IDP added as auth method
+  // User authenticates with the Google IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with Google IDP - error", async ({ page }) => {
+  test.skip();
+  // Given the Google IDP is configured on the organization
+  // Given the user has Google IDP added as auth method
+  // User is redirected to the Google IDP
+  // User authenticates with the Google IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with Google IDP, no user existing - auto register", async ({ page }) => {
+  test.skip();
+  // Given idp Google is configure on the organization as only authencation method
+  // Given idp Google is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Google
+  // User authenticates in Google
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Google IDP, no user existing - auto register not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Google is configure on the organization as only authencation method
+  // Given idp Google is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Google
+  // User authenticates in Google
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Google IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  test.skip();
+  // Given idp Google is configure on the organization as only authencation method
+  // Given idp Google is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Google
+  // User authenticates in Google
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with Google IDP, no user linked - auto link", async ({ page }) => {
+  test.skip();
+  // Given idp Google is configure on the organization as only authencation method
+  // Given idp Google is configure with account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com exists
+  // User is automatically redirected to Google
+  // User authenticates in Google with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Google IDP, no user linked, linking not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Google is configure on the organization as only authencation method
+  // Given idp Google is configure with manually account linking  not allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Google
+  // User authenticates in Google with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with Google IDP, no user linked, linking successful", async ({ page }) => {
+  test.skip();
+  // Given idp Google is configure on the organization as only authencation method
+  // Given idp Google is configure with manually account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Google
+  // User authenticates in Google with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/idp-ldap.spec.ts b/login/apps/login-test-acceptance/tests/idp-ldap.spec.ts
new file mode 100644
index 0000000000..0705ed45f8
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/idp-ldap.spec.ts
@@ -0,0 +1,99 @@
+import test from "@playwright/test";
+
+test("login with LDAP IDP", async ({ page }) => {
+  test.skip();
+  // Given a LDAP IDP is configured on the organization
+  // Given the user has LDAP IDP added as auth method
+  // User authenticates with the LDAP IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with LDAP IDP - error", async ({ page }) => {
+  test.skip();
+  // Given the LDAP IDP is configured on the organization
+  // Given the user has LDAP IDP added as auth method
+  // User is redirected to the LDAP IDP
+  // User authenticates with the LDAP IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with LDAP IDP, no user existing - auto register", async ({ page }) => {
+  test.skip();
+  // Given idp LDAP is configure on the organization as only authencation method
+  // Given idp LDAP is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to LDAP
+  // User authenticates in LDAP
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with LDAP IDP, no user existing - auto register not possible", async ({ page }) => {
+  test.skip();
+  // Given idp LDAP is configure on the organization as only authencation method
+  // Given idp LDAP is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to LDAP
+  // User authenticates in LDAP
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with LDAP IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  test.skip();
+  // Given idp LDAP is configure on the organization as only authencation method
+  // Given idp LDAP is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to LDAP
+  // User authenticates in LDAP
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with LDAP IDP, no user linked - auto link", async ({ page }) => {
+  test.skip();
+  // Given idp LDAP is configure on the organization as only authencation method
+  // Given idp LDAP is configure with account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com exists
+  // User is automatically redirected to LDAP
+  // User authenticates in LDAP with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with LDAP IDP, no user linked, linking not possible", async ({ page }) => {
+  test.skip();
+  // Given idp LDAP is configure on the organization as only authencation method
+  // Given idp LDAP is configure with manually account linking  not allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to LDAP
+  // User authenticates in LDAP with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with LDAP IDP, no user linked, linking successful", async ({ page }) => {
+  test.skip();
+  // Given idp LDAP is configure on the organization as only authencation method
+  // Given idp LDAP is configure with manually account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to LDAP
+  // User authenticates in LDAP with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/idp-microsoft.spec.ts b/login/apps/login-test-acceptance/tests/idp-microsoft.spec.ts
new file mode 100644
index 0000000000..15d67c28aa
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/idp-microsoft.spec.ts
@@ -0,0 +1,102 @@
+// Note for all tests, in case Microsoft doesn't deliver all relevant information per default
+// We should add an action in the needed cases
+
+import test from "@playwright/test";
+
+test("login with Microsoft IDP", async ({ page }) => {
+  test.skip();
+  // Given a Microsoft IDP is configured on the organization
+  // Given the user has Microsoft IDP added as auth method
+  // User authenticates with the Microsoft IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with Microsoft IDP - error", async ({ page }) => {
+  test.skip();
+  // Given the Microsoft IDP is configured on the organization
+  // Given the user has Microsoft IDP added as auth method
+  // User is redirected to the Microsoft IDP
+  // User authenticates with the Microsoft IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with Microsoft IDP, no user existing - auto register", async ({ page }) => {
+  test.skip();
+  // Given idp Microsoft is configure on the organization as only authencation method
+  // Given idp Microsoft is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Microsoft
+  // User authenticates in Microsoft
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Microsoft IDP, no user existing - auto register not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Microsoft is configure on the organization as only authencation method
+  // Given idp Microsoft is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Microsoft
+  // User authenticates in Microsoft
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Microsoft IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  test.skip();
+  // Given idp Microsoft is configure on the organization as only authencation method
+  // Given idp Microsoft is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Microsoft
+  // User authenticates in Microsoft
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with Microsoft IDP, no user linked - auto link", async ({ page }) => {
+  test.skip();
+  // Given idp Microsoft is configure on the organization as only authencation method
+  // Given idp Microsoft is configure with account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com exists
+  // User is automatically redirected to Microsoft
+  // User authenticates in Microsoft with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Microsoft IDP, no user linked, linking not possible", async ({ page }) => {
+  test.skip();
+  // Given idp Microsoft is configure on the organization as only authencation method
+  // Given idp Microsoft is configure with manually account linking  not allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Microsoft
+  // User authenticates in Microsoft with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with Microsoft IDP, no user linked, linking successful", async ({ page }) => {
+  test.skip();
+  // Given idp Microsoft is configure on the organization as only authencation method
+  // Given idp Microsoft is configure with manually account linking allowed, and linking set to existing email
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to Microsoft
+  // User authenticates in Microsoft with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/idp-saml.spec.ts b/login/apps/login-test-acceptance/tests/idp-saml.spec.ts
new file mode 100644
index 0000000000..90d8d618b4
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/idp-saml.spec.ts
@@ -0,0 +1,103 @@
+import test from "@playwright/test";
+
+test("login with SAML IDP", async ({ page }) => {
+  test.skip();
+  // Given a SAML IDP is configured on the organization
+  // Given the user has SAML IDP added as auth method
+  // User authenticates with the SAML IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with SAML IDP - error", async ({ page }) => {
+  test.skip();
+  // Given the SAML IDP is configured on the organization
+  // Given the user has SAML IDP added as auth method
+  // User is redirected to the SAML IDP
+  // User authenticates with the SAML IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with SAML IDP, no user existing - auto register", async ({ page }) => {
+  test.skip();
+  // Given idp SAML is configure on the organization as only authencation method
+  // Given idp SAML is configure with account creation alloweed, and automatic creation enabled
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given no user exists yet
+  // User is automatically redirected to SAML
+  // User authenticates in SAML
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with SAML IDP, no user existing - auto register not possible", async ({ page }) => {
+  test.skip();
+  // Given idp SAML is configure on the organization as only authencation method
+  // Given idp SAML is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to SAML
+  // User authenticates in SAML
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with SAML IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  test.skip();
+  // Given idp SAML is configure on the organization as only authencation method
+  // Given idp SAML is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to SAML
+  // User authenticates in SAML
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with SAML IDP, no user linked - auto link", async ({ page }) => {
+  test.skip();
+  // Given idp SAML is configure on the organization as only authencation method
+  // Given idp SAML is configure with account linking allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com exists
+  // User is automatically redirected to SAML
+  // User authenticates in SAML with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with SAML IDP, no user linked, linking not possible", async ({ page }) => {
+  test.skip();
+  // Given idp SAML is configure on the organization as only authencation method
+  // Given idp SAML is configure with manually account linking  not allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to SAML
+  // User authenticates in SAML with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with SAML IDP, no user linked, linking successful", async ({ page }) => {
+  test.skip();
+  // Given idp SAML is configure on the organization as only authencation method
+  // Given idp SAML is configure with manually account linking allowed, and linking set to existing email
+  // Given ZITADEL Action is added to autofill missing user information
+  // Given user with email address user@zitadel.com doesn't exists
+  // User is automatically redirected to SAML
+  // User authenticates in SAML with user@zitadel.com
+  // User is redirect to ZITADEL login
+  // User with email address user@zitadel.com can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/login-configuration-possiblities.spec.ts b/login/apps/login-test-acceptance/tests/login-configuration-possiblities.spec.ts
new file mode 100644
index 0000000000..cc58dbcc71
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/login-configuration-possiblities.spec.ts
@@ -0,0 +1,57 @@
+import test from "@playwright/test";
+
+test("login with mfa setup, mfa setup prompt", async ({ page }) => {
+  test.skip();
+  // Given the organization has enabled at least one mfa types
+  // Given the user has a password but no mfa registered
+  // User authenticates with login name and password
+  // User is prompted to setup a mfa, mfa providers are listed, the user can choose the provider
+});
+
+test("login with mfa setup, no mfa setup prompt", async ({ page }) => {
+  test.skip();
+  // Given the organization has set "multifactor init check time" to 0
+  // Given the organization has enabled mfa types
+  // Given the user has a password but no mfa registered
+  // User authenticates with loginname and password
+  // user is directly loged in and not prompted to setup mfa
+});
+
+test("login with mfa setup, force mfa for local authenticated users", async ({ page }) => {
+  test.skip();
+  // Given the organization has enabled force mfa for local authentiacted users
+  // Given the organization has enabled all possible mfa types
+  // Given the user has a password but no mfa registered
+  // User authenticates with loginname and password
+  // User is prompted to setup a mfa, all possible mfa providers are listed, the user can choose the provider
+});
+
+test("login with mfa setup, force mfa - local user", async ({ page }) => {
+  test.skip();
+  // Given the organization has enabled force mfa for local authentiacted users
+  // Given the organization has enabled all possible mfa types
+  // Given the user has a password but no mfa registered
+  // User authenticates with loginname and password
+  // User is prompted to setup a mfa, all possible mfa providers are listed, the user can choose the provider
+});
+
+test("login with mfa setup, force mfa - external user", async ({ page }) => {
+  test.skip();
+  // Given the organization has enabled force mfa
+  // Given the organization has enabled all possible mfa types
+  // Given the user has an idp but no mfa registered
+  // enter login name
+  // redirect to configured external idp
+  // User is prompted to setup a mfa, all possible mfa providers are listed, the user can choose the provider
+});
+
+test("login with mfa setup, force mfa - local user, wrong password", async ({ page }) => {
+  test.skip();
+  // Given the organization has a password lockout policy set to 1 on the max password attempts
+  // Given the user has only a password as auth methos
+  // enter login name
+  // enter wrong password
+  // User will get an error "Wrong password"
+  // enter password
+  // User will get an error "Max password attempts reached - user is locked. Please reach out to your administrator"
+});
diff --git a/login/apps/login-test-acceptance/tests/login.ts b/login/apps/login-test-acceptance/tests/login.ts
new file mode 100644
index 0000000000..2076412456
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/login.ts
@@ -0,0 +1,41 @@
+import { expect, Page } from "@playwright/test";
+import { code, otpFromSink } from "./code";
+import { loginname } from "./loginname";
+import { password } from "./password";
+import { totp } from "./zitadel";
+
+export async function startLogin(page: Page) {
+  await page.goto(`./loginname`);
+}
+
+export async function loginWithPassword(page: Page, username: string, pw: string) {
+  await startLogin(page);
+  await loginname(page, username);
+  await password(page, pw);
+}
+
+export async function loginWithPasskey(page: Page, authenticatorId: string, username: string) {
+  await startLogin(page);
+  await loginname(page, username);
+  // await passkey(page, authenticatorId);
+}
+
+export async function loginScreenExpect(page: Page, fullName: string) {
+  await expect(page).toHaveURL(/.*signedin.*/);
+  await expect(page.getByRole("heading")).toContainText(fullName);
+}
+
+export async function loginWithPasswordAndEmailOTP(page: Page, username: string, password: string, email: string) {
+  await loginWithPassword(page, username, password);
+  await otpFromSink(page, email);
+}
+
+export async function loginWithPasswordAndPhoneOTP(page: Page, username: string, password: string, phone: string) {
+  await loginWithPassword(page, username, password);
+  await otpFromSink(page, phone);
+}
+
+export async function loginWithPasswordAndTOTP(page: Page, username: string, password: string, secret: string) {
+  await loginWithPassword(page, username, password);
+  await code(page, totp(secret));
+}
diff --git a/login/apps/login-test-acceptance/tests/loginname-screen.ts b/login/apps/login-test-acceptance/tests/loginname-screen.ts
new file mode 100644
index 0000000000..be41a28eda
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/loginname-screen.ts
@@ -0,0 +1,12 @@
+import { expect, Page } from "@playwright/test";
+
+const usernameTextInput = "username-text-input";
+
+export async function loginnameScreen(page: Page, username: string) {
+  await page.getByTestId(usernameTextInput).pressSequentially(username);
+}
+
+export async function loginnameScreenExpect(page: Page, username: string) {
+  await expect(page.getByTestId(usernameTextInput)).toHaveValue(username);
+  await expect(page.getByTestId("error").locator("div")).toContainText("User not found in the system");
+}
diff --git a/login/apps/login-test-acceptance/tests/loginname.ts b/login/apps/login-test-acceptance/tests/loginname.ts
new file mode 100644
index 0000000000..2050ec1d3c
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/loginname.ts
@@ -0,0 +1,7 @@
+import { Page } from "@playwright/test";
+import { loginnameScreen } from "./loginname-screen";
+
+export async function loginname(page: Page, username: string) {
+  await loginnameScreen(page, username);
+  await page.getByTestId("submit-button").click();
+}
diff --git a/login/apps/login-test-acceptance/tests/passkey.ts b/login/apps/login-test-acceptance/tests/passkey.ts
new file mode 100644
index 0000000000..d8cda10ddb
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/passkey.ts
@@ -0,0 +1,109 @@
+import { expect, Page } from "@playwright/test";
+import { CDPSession } from "playwright-core";
+
+interface session {
+  client: CDPSession;
+  authenticatorId: string;
+}
+
+async function client(page: Page): Promise<session> {
+  const cdpSession = await page.context().newCDPSession(page);
+  await cdpSession.send("WebAuthn.enable", { enableUI: false });
+  const result = await cdpSession.send("WebAuthn.addVirtualAuthenticator", {
+    options: {
+      protocol: "ctap2",
+      transport: "internal",
+      hasResidentKey: true,
+      hasUserVerification: true,
+      isUserVerified: true,
+      automaticPresenceSimulation: true,
+    },
+  });
+  return { client: cdpSession, authenticatorId: result.authenticatorId };
+}
+
+export async function passkeyRegister(page: Page): Promise<string> {
+  const session = await client(page);
+
+  await passkeyNotExisting(session.client, session.authenticatorId);
+  await simulateSuccessfulPasskeyRegister(session.client, session.authenticatorId, () =>
+    page.getByTestId("submit-button").click(),
+  );
+  await passkeyRegistered(session.client, session.authenticatorId);
+
+  return session.authenticatorId;
+}
+
+export async function passkey(page: Page, authenticatorId: string) {
+  const cdpSession = await page.context().newCDPSession(page);
+  await cdpSession.send("WebAuthn.enable", { enableUI: false });
+
+  const signCount = await passkeyExisting(cdpSession, authenticatorId);
+
+  await simulateSuccessfulPasskeyInput(cdpSession, authenticatorId, () => page.getByTestId("submit-button").click());
+
+  await passkeyUsed(cdpSession, authenticatorId, signCount);
+}
+
+async function passkeyNotExisting(client: CDPSession, authenticatorId: string) {
+  const result = await client.send("WebAuthn.getCredentials", { authenticatorId });
+  expect(result.credentials).toHaveLength(0);
+}
+
+async function passkeyRegistered(client: CDPSession, authenticatorId: string) {
+  const result = await client.send("WebAuthn.getCredentials", { authenticatorId });
+  expect(result.credentials).toHaveLength(1);
+  await passkeyUsed(client, authenticatorId, 0);
+}
+
+async function passkeyExisting(client: CDPSession, authenticatorId: string): Promise<number> {
+  const result = await client.send("WebAuthn.getCredentials", { authenticatorId });
+  expect(result.credentials).toHaveLength(1);
+  return result.credentials[0].signCount;
+}
+
+async function passkeyUsed(client: CDPSession, authenticatorId: string, signCount: number) {
+  const result = await client.send("WebAuthn.getCredentials", { authenticatorId });
+  expect(result.credentials).toHaveLength(1);
+  expect(result.credentials[0].signCount).toBeGreaterThan(signCount);
+}
+
+async function simulateSuccessfulPasskeyRegister(
+  client: CDPSession,
+  authenticatorId: string,
+  operationTrigger: () => Promise<void>,
+) {
+  // initialize event listeners to wait for a successful passkey input event
+  const operationCompleted = new Promise<void>((resolve) => {
+    client.on("WebAuthn.credentialAdded", () => {
+      console.log("Credential Added!");
+      resolve();
+    });
+  });
+
+  // perform a user action that triggers passkey prompt
+  await operationTrigger();
+
+  // wait to receive the event that the passkey was successfully registered or verified
+  await operationCompleted;
+}
+
+async function simulateSuccessfulPasskeyInput(
+  client: CDPSession,
+  authenticatorId: string,
+  operationTrigger: () => Promise<void>,
+) {
+  // initialize event listeners to wait for a successful passkey input event
+  const operationCompleted = new Promise<void>((resolve) => {
+    client.on("WebAuthn.credentialAsserted", () => {
+      console.log("Credential Asserted!");
+      resolve();
+    });
+  });
+
+  // perform a user action that triggers passkey prompt
+  await operationTrigger();
+
+  // wait to receive the event that the passkey was successfully registered or verified
+  await operationCompleted;
+}
diff --git a/login/apps/login-test-acceptance/tests/password-screen.ts b/login/apps/login-test-acceptance/tests/password-screen.ts
new file mode 100644
index 0000000000..fda6f6d39f
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/password-screen.ts
@@ -0,0 +1,98 @@
+import { expect, Page } from "@playwright/test";
+import { getCodeFromSink } from "./sink";
+
+const codeField = "code-text-input";
+const passwordField = "password-text-input";
+const passwordChangeField = "password-change-text-input";
+const passwordChangeConfirmField = "password-change-confirm-text-input";
+const passwordSetField = "password-set-text-input";
+const passwordSetConfirmField = "password-set-confirm-text-input";
+const lengthCheck = "length-check";
+const symbolCheck = "symbol-check";
+const numberCheck = "number-check";
+const uppercaseCheck = "uppercase-check";
+const lowercaseCheck = "lowercase-check";
+const equalCheck = "equal-check";
+
+const matchText = "Matches";
+const noMatchText = "Doesn't match";
+
+export async function changePasswordScreen(page: Page, password1: string, password2: string) {
+  await page.getByTestId(passwordChangeField).pressSequentially(password1);
+  await page.getByTestId(passwordChangeConfirmField).pressSequentially(password2);
+}
+
+export async function passwordScreen(page: Page, password: string) {
+  await page.getByTestId(passwordField).pressSequentially(password);
+}
+
+export async function passwordScreenExpect(page: Page, password: string) {
+  await expect(page.getByTestId(passwordField)).toHaveValue(password);
+  await expect(page.getByTestId("error").locator("div")).toContainText("Failed to authenticate.");
+}
+
+export async function changePasswordScreenExpect(
+  page: Page,
+  password1: string,
+  password2: string,
+  length: boolean,
+  symbol: boolean,
+  number: boolean,
+  uppercase: boolean,
+  lowercase: boolean,
+  equals: boolean,
+) {
+  await expect(page.getByTestId(passwordChangeField)).toHaveValue(password1);
+  await expect(page.getByTestId(passwordChangeConfirmField)).toHaveValue(password2);
+
+  await checkComplexity(page, length, symbol, number, uppercase, lowercase, equals);
+}
+
+async function checkComplexity(
+  page: Page,
+  length: boolean,
+  symbol: boolean,
+  number: boolean,
+  uppercase: boolean,
+  lowercase: boolean,
+  equals: boolean,
+) {
+  await checkContent(page, lengthCheck, length);
+  await checkContent(page, symbolCheck, symbol);
+  await checkContent(page, numberCheck, number);
+  await checkContent(page, uppercaseCheck, uppercase);
+  await checkContent(page, lowercaseCheck, lowercase);
+  await checkContent(page, equalCheck, equals);
+}
+
+async function checkContent(page: Page, testid: string, match: boolean) {
+  if (match) {
+    await expect(page.getByTestId(testid)).toContainText(matchText);
+  } else {
+    await expect(page.getByTestId(testid)).toContainText(noMatchText);
+  }
+}
+
+export async function resetPasswordScreen(page: Page, username: string, password1: string, password2: string) {
+  const c = await getCodeFromSink(username);
+  await page.getByTestId(codeField).pressSequentially(c);
+  await page.getByTestId(passwordSetField).pressSequentially(password1);
+  await page.getByTestId(passwordSetConfirmField).pressSequentially(password2);
+}
+
+export async function resetPasswordScreenExpect(
+  page: Page,
+  password1: string,
+  password2: string,
+  length: boolean,
+  symbol: boolean,
+  number: boolean,
+  uppercase: boolean,
+  lowercase: boolean,
+  equals: boolean,
+) {
+  await expect(page.getByTestId(passwordSetField)).toHaveValue(password1);
+  await expect(page.getByTestId(passwordSetConfirmField)).toHaveValue(password2);
+
+  await checkComplexity(page, length, symbol, number, uppercase, lowercase, equals);
+}
diff --git a/login/apps/login-test-acceptance/tests/password.ts b/login/apps/login-test-acceptance/tests/password.ts
new file mode 100644
index 0000000000..ccf3e509d9
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/password.ts
@@ -0,0 +1,29 @@
+import { Page } from "@playwright/test";
+import { changePasswordScreen, passwordScreen, resetPasswordScreen } from "./password-screen";
+
+const passwordSubmitButton = "submit-button";
+const passwordResetButton = "reset-button";
+
+export async function startChangePassword(page: Page, loginname: string) {
+  await page.goto("./password/change?" + new URLSearchParams({ loginName: loginname }));
+}
+
+export async function changePassword(page: Page, password: string) {
+  await changePasswordScreen(page, password, password);
+  await page.getByTestId(passwordSubmitButton).click();
+}
+
+export async function password(page: Page, password: string) {
+  await passwordScreen(page, password);
+  await page.getByTestId(passwordSubmitButton).click();
+}
+
+export async function startResetPassword(page: Page) {
+  await page.getByTestId(passwordResetButton).click();
+}
+
+export async function resetPassword(page: Page, username: string, password: string) {
+  await startResetPassword(page);
+  await resetPasswordScreen(page, username, password, password);
+  await page.getByTestId(passwordSubmitButton).click();
+}
diff --git a/login/apps/login-test-acceptance/tests/register-screen.ts b/login/apps/login-test-acceptance/tests/register-screen.ts
new file mode 100644
index 0000000000..d14f5dc970
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/register-screen.ts
@@ -0,0 +1,27 @@
+import { Page } from "@playwright/test";
+
+const passwordField = "password-text-input";
+const passwordConfirmField = "password-confirm-text-input";
+
+export async function registerUserScreenPassword(page: Page, firstname: string, lastname: string, email: string) {
+  await registerUserScreen(page, firstname, lastname, email);
+  await page.getByTestId("password-radio").click();
+}
+
+export async function registerUserScreenPasskey(page: Page, firstname: string, lastname: string, email: string) {
+  await registerUserScreen(page, firstname, lastname, email);
+  await page.getByTestId("passkey-radio").click();
+}
+
+export async function registerPasswordScreen(page: Page, password1: string, password2: string) {
+  await page.getByTestId(passwordField).pressSequentially(password1);
+  await page.getByTestId(passwordConfirmField).pressSequentially(password2);
+}
+
+export async function registerUserScreen(page: Page, firstname: string, lastname: string, email: string) {
+  await page.getByTestId("firstname-text-input").pressSequentially(firstname);
+  await page.getByTestId("lastname-text-input").pressSequentially(lastname);
+  await page.getByTestId("email-text-input").pressSequentially(email);
+  await page.getByTestId("privacy-policy-checkbox").check();
+  await page.getByTestId("tos-checkbox").check();
+}
diff --git a/login/apps/login-test-acceptance/tests/register.spec.ts b/login/apps/login-test-acceptance/tests/register.spec.ts
new file mode 100644
index 0000000000..4ad7e9e349
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/register.spec.ts
@@ -0,0 +1,183 @@
+import { faker } from "@faker-js/faker";
+import { test } from "@playwright/test";
+import dotenv from "dotenv";
+import path from "path";
+import { loginScreenExpect } from "./login";
+import { registerWithPasskey, registerWithPassword } from "./register";
+import { removeUserByUsername } from "./zitadel";
+
+// Read from ".env" file.
+dotenv.config({ path: path.resolve(__dirname, "../../login/.env.test.local") });
+
+test("register with password", async ({ page }) => {
+  const username = faker.internet.email();
+  const password = "Password1!";
+  const firstname = faker.person.firstName();
+  const lastname = faker.person.lastName();
+
+  await registerWithPassword(page, firstname, lastname, username, password, password);
+  await loginScreenExpect(page, firstname + " " + lastname);
+
+  // wait for projection of user
+  await page.waitForTimeout(10000);
+  await removeUserByUsername(username);
+});
+
+test("register with passkey", async ({ page }) => {
+  const username = faker.internet.email();
+  const firstname = faker.person.firstName();
+  const lastname = faker.person.lastName();
+
+  await registerWithPasskey(page, firstname, lastname, username);
+  await loginScreenExpect(page, firstname + " " + lastname);
+
+  // wait for projection of user
+  await page.waitForTimeout(10000);
+  await removeUserByUsername(username);
+});
+
+test("register with username and password - only password enabled", async ({ page }) => {
+  test.skip();
+  // Given on the default organization "username and password is allowed" is enabled
+  // Given on the default organization "username registeration allowed" is enabled
+  // Given on the default organization no idp is configured and enabled
+  // Given on the default organization passkey is not enabled
+  // Given user doesn't exist
+  // Click on button "register new user"
+  // User is redirected to registration page
+  // Only password is shown as an option - no passkey
+  // User enters "firstname", "lastname", "username" and "password"
+  // User is redirected to app (default redirect url)
+});
+
+test("register with username and password - wrong password not enough characters", async ({ page }) => {
+  test.skip();
+  // Given on the default organization "username and password is allowed" is enabled
+  // Given on the default organization "username registeration allowed" is enabled
+  // Given on the default organization no idp is configured and enabled
+  // Given on the default organization passkey is not enabled
+  // Given password policy is set to 8 characters and must include number, symbol, lower and upper letter
+  // Given user doesn't exist
+  // Click on button "register new user"
+  // User is redirected to registration page
+  // Only password is shown as an option - no passkey
+  // User enters "firstname", "lastname", "username" and a password thats to short
+  // Error is shown "Password doesn't match the policy - it must have at least 8 characters"
+});
+
+test("register with username and password - wrong password number missing", async ({ page }) => {
+  test.skip();
+  // Given on the default organization "username and password is allowed" is enabled
+  // Given on the default organization "username registeration allowed" is enabled
+  // Given on the default organization no idp is configured and enabled
+  // Given on the default organization passkey is not enabled
+  // Given password policy is set to 8 characters and must include number, symbol, lower and upper letter
+  // Given user doesn't exist
+  // Click on button "register new user"
+  // User is redirected to registration page
+  // Only password is shown as an option - no passkey
+  // User enters "firstname", "lastname", "username" and a password without a number
+  // Error is shown "Password doesn't match the policy - number missing"
+});
+
+test("register with username and password - wrong password upper case missing", async ({ page }) => {
+  test.skip();
+  // Given on the default organization "username and password is allowed" is enabled
+  // Given on the default organization "username registeration allowed" is enabled
+  // Given on the default organization no idp is configured and enabled
+  // Given on the default organization passkey is not enabled
+  // Given password policy is set to 8 characters and must include number, symbol, lower and upper letter
+  // Given user doesn't exist
+  // Click on button "register new user"
+  // User is redirected to registration page
+  // Only password is shown as an option - no passkey
+  // User enters "firstname", "lastname", "username" and a password without an upper case
+  // Error is shown "Password doesn't match the policy - uppercase letter missing"
+});
+
+test("register with username and password - wrong password lower case missing", async ({ page }) => {
+  test.skip();
+  // Given on the default organization "username and password is allowed" is enabled
+  // Given on the default organization "username registeration allowed" is enabled
+  // Given on the default organization no idp is configured and enabled
+  // Given on the default organization passkey is not enabled
+  // Given password policy is set to 8 characters and must include number, symbol, lower and upper letter
+  // Given user doesn't exist
+  // Click on button "register new user"
+  // User is redirected to registration page
+  // Only password is shown as an option - no passkey
+  // User enters "firstname", "lastname", "username" and a password without an lower case
+  // Error is shown "Password doesn't match the policy - lowercase letter missing"
+});
+
+test("register with username and password - wrong password symboo missing", async ({ page }) => {
+  test.skip();
+  // Given on the default organization "username and password is allowed" is enabled
+  // Given on the default organization "username registeration allowed" is enabled
+  // Given on the default organization no idp is configured and enabled
+  // Given on the default organization passkey is not enabled
+  // Given password policy is set to 8 characters and must include number, symbol, lower and upper letter
+  // Given user doesn't exist
+  // Click on button "register new user"
+  // User is redirected to registration page
+  // Only password is shown as an option - no passkey
+  // User enters "firstname", "lastname", "username" and a password without an symbol
+  // Error is shown "Password doesn't match the policy - symbol missing"
+});
+
+test("register with username and password - password and passkey enabled", async ({ page }) => {
+  test.skip();
+  // Given on the default organization "username and password is allowed" is enabled
+  // Given on the default organization "username registeration allowed" is enabled
+  // Given on the default organization no idp is configured and enabled
+  // Given on the default organization passkey is enabled
+  // Given user doesn't exist
+  // Click on button "register new user"
+  // User is redirected to registration page
+  // User enters "firstname", "lastname", "username"
+  // Password and passkey are shown as authentication option
+  // User clicks password
+  // User enters password
+  // User is redirected to app (default redirect url)
+});
+
+test("register with username and passkey - password and passkey enabled", async ({ page }) => {
+  test.skip();
+  // Given on the default organization "username and password is allowed" is enabled
+  // Given on the default organization "username registeration allowed" is enabled
+  // Given on the default organization no idp is configured and enabled
+  // Given on the default organization passkey is enabled
+  // Given user doesn't exist
+  // Click on button "register new user"
+  // User is redirected to registration page
+  // User enters "firstname", "lastname", "username"
+  // Password and passkey are shown as authentication option
+  // User clicks passkey
+  // Passkey is opened automatically
+  // User verifies passkey
+  // User is redirected to app (default redirect url)
+});
+
+test("register with username and password - registration disabled", async ({ page }) => {
+  test.skip();
+  // Given on the default organization "username and password is allowed" is enabled
+  // Given on the default organization "username registeration allowed" is enabled
+  // Given on the default organization no idp is configured and enabled
+  // Given user doesn't exist
+  // Button "register new user" is not available
+});
+
+test("register with username and password - multiple registration options", async ({ page }) => {
+  test.skip();
+  // Given on the default organization "username and password is allowed" is enabled
+  // Given on the default organization "username registeration allowed" is enabled
+  // Given on the default organization one idp is configured and enabled
+  // Given user doesn't exist
+  // Click on button "register new user"
+  // User is redirected to registration options
+  // Local User and idp button are shown
+  // User clicks idp button
+  // User enters "firstname", "lastname", "username" and "password"
+  // User clicks next
+  // User is redirected to app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/register.ts b/login/apps/login-test-acceptance/tests/register.ts
new file mode 100644
index 0000000000..164a72753b
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/register.ts
@@ -0,0 +1,39 @@
+import { Page } from "@playwright/test";
+import { emailVerify } from "./email-verify";
+import { passkeyRegister } from "./passkey";
+import { registerPasswordScreen, registerUserScreenPasskey, registerUserScreenPassword } from "./register-screen";
+import { getCodeFromSink } from "./sink";
+
+export async function registerWithPassword(
+  page: Page,
+  firstname: string,
+  lastname: string,
+  email: string,
+  password1: string,
+  password2: string,
+) {
+  await page.goto("./register");
+  await registerUserScreenPassword(page, firstname, lastname, email);
+  await page.getByTestId("submit-button").click();
+  await registerPasswordScreen(page, password1, password2);
+  await page.getByTestId("submit-button").click();
+  await verifyEmail(page, email);
+}
+
+export async function registerWithPasskey(page: Page, firstname: string, lastname: string, email: string): Promise<string> {
+  await page.goto("./register");
+  await registerUserScreenPasskey(page, firstname, lastname, email);
+  await page.getByTestId("submit-button").click();
+
+  // wait for projection of user
+  await page.waitForTimeout(10000);
+  const authId = await passkeyRegister(page);
+
+  await verifyEmail(page, email);
+  return authId;
+}
+
+async function verifyEmail(page: Page, email: string) {
+  const c = await getCodeFromSink(email);
+  await emailVerify(page, c);
+}
diff --git a/login/apps/login-test-acceptance/tests/select-account.ts b/login/apps/login-test-acceptance/tests/select-account.ts
new file mode 100644
index 0000000000..64bd7cd145
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/select-account.ts
@@ -0,0 +1,5 @@
+import { Page } from "@playwright/test";
+
+export async function selectNewAccount(page: Page) {
+  await page.getByRole("link", { name: "Add another account" }).click();
+}
diff --git a/login/apps/login-test-acceptance/tests/sink.ts b/login/apps/login-test-acceptance/tests/sink.ts
new file mode 100644
index 0000000000..bc3336b358
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/sink.ts
@@ -0,0 +1,43 @@
+import { Gaxios, GaxiosResponse } from "gaxios";
+
+const awaitNotification = new Gaxios({
+  url: process.env.SINK_NOTIFICATION_URL,
+  method: "POST",
+  retryConfig: {
+    httpMethodsToRetry: ["POST"],
+    statusCodesToRetry: [[404, 404]],
+    retry: Number.MAX_SAFE_INTEGER, // totalTimeout limits the number of retries
+    totalTimeout: 10000, // 10 seconds
+    onRetryAttempt: (error) => {
+      console.warn(`Retrying request to sink notification service: ${error.message}`);
+    },
+  },
+});
+
+export async function getOtpFromSink(recipient: string): Promise<any> {
+  return awaitNotification.request({ data: { recipient } }).then((response) => {
+    expectSuccess(response);
+    const otp = response?.data?.args?.otp;
+    if (!otp) {
+      throw new Error(`Response does not contain an otp property: ${JSON.stringify(response.data, null, 2)}`);
+    }
+    return otp;
+  });
+}
+
+export async function getCodeFromSink(recipient: string): Promise<any> {
+  return awaitNotification.request({ data: { recipient } }).then((response) => {
+    expectSuccess(response);
+    const code = response?.data?.args?.code;
+    if (!code) {
+      throw new Error(`Response does not contain a code property: ${JSON.stringify(response.data, null, 2)}`);
+    }
+    return code;
+  });
+}
+
+function expectSuccess(response: GaxiosResponse): void {
+  if (response.status !== 200) {
+    throw new Error(`Expected HTTP status 200, but got: ${response.status} - ${response.statusText}`);
+  }
+}
diff --git a/login/apps/login-test-acceptance/tests/user.ts b/login/apps/login-test-acceptance/tests/user.ts
new file mode 100644
index 0000000000..3b03291408
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/user.ts
@@ -0,0 +1,177 @@
+import { Page } from "@playwright/test";
+import { registerWithPasskey } from "./register";
+import { activateOTP, addTOTP, addUser, eventualNewUser, getUserByUsername, removeUser } from "./zitadel";
+
+export interface userProps {
+  email: string;
+  isEmailVerified?: boolean;
+  firstName: string;
+  lastName: string;
+  organization: string;
+  password: string;
+  passwordChangeRequired?: boolean;
+  phone: string;
+  isPhoneVerified?: boolean;
+}
+
+class User {
+  private readonly props: userProps;
+  private user: string;
+
+  constructor(userProps: userProps) {
+    this.props = userProps;
+  }
+
+  async ensure(page: Page) {
+    const response = await addUser(this.props);
+
+    this.setUserId(response.userId);
+  }
+
+  async cleanup() {
+    await removeUser(this.getUserId());
+  }
+
+  public setUserId(userId: string) {
+    this.user = userId;
+  }
+
+  public getUserId() {
+    return this.user;
+  }
+
+  public getUsername() {
+    return this.props.email;
+  }
+
+  public getPassword() {
+    return this.props.password;
+  }
+
+  public getFirstname() {
+    return this.props.firstName;
+  }
+
+  public getLastname() {
+    return this.props.lastName;
+  }
+
+  public getPhone() {
+    return this.props.phone;
+  }
+
+  public getFullName() {
+    return `${this.props.firstName} ${this.props.lastName}`;
+  }
+}
+
+export class PasswordUser extends User {
+  async ensure(page: Page) {
+    await super.ensure(page);
+    await eventualNewUser(this.getUserId());
+  }
+}
+
+export enum OtpType {
+  sms = "sms",
+  email = "email",
+}
+
+export interface otpUserProps {
+  email: string;
+  isEmailVerified?: boolean;
+  firstName: string;
+  lastName: string;
+  organization: string;
+  password: string;
+  passwordChangeRequired?: boolean;
+  phone: string;
+  isPhoneVerified?: boolean;
+  type: OtpType;
+}
+
+export class PasswordUserWithOTP extends User {
+  private type: OtpType;
+
+  constructor(props: otpUserProps) {
+    super({
+      email: props.email,
+      firstName: props.firstName,
+      lastName: props.lastName,
+      organization: props.organization,
+      password: props.password,
+      phone: props.phone,
+      isEmailVerified: props.isEmailVerified,
+      isPhoneVerified: props.isPhoneVerified,
+      passwordChangeRequired: props.passwordChangeRequired,
+    });
+    this.type = props.type;
+  }
+
+  async ensure(page: Page) {
+    await super.ensure(page);
+    await activateOTP(this.getUserId(), this.type);
+    await eventualNewUser(this.getUserId());
+  }
+}
+
+export class PasswordUserWithTOTP extends User {
+  private secret: string;
+
+  async ensure(page: Page) {
+    await super.ensure(page);
+    this.secret = await addTOTP(this.getUserId());
+    await eventualNewUser(this.getUserId());
+  }
+
+  public getSecret(): string {
+    return this.secret;
+  }
+}
+
+export interface passkeyUserProps {
+  email: string;
+  firstName: string;
+  lastName: string;
+  organization: string;
+  phone: string;
+  isEmailVerified?: boolean;
+  isPhoneVerified?: boolean;
+}
+
+export class PasskeyUser extends User {
+  private authenticatorId: string;
+
+  constructor(props: passkeyUserProps) {
+    super({
+      email: props.email,
+      firstName: props.firstName,
+      lastName: props.lastName,
+      organization: props.organization,
+      password: "",
+      phone: props.phone,
+      isEmailVerified: props.isEmailVerified,
+      isPhoneVerified: props.isPhoneVerified,
+    });
+  }
+
+  public async ensure(page: Page) {
+    const authId = await registerWithPasskey(page, this.getFirstname(), this.getLastname(), this.getUsername());
+    this.authenticatorId = authId;
+
+    // wait for projection of user
+    await page.waitForTimeout(10000);
+  }
+
+  async cleanup() {
+    const resp: any = await getUserByUsername(this.getUsername());
+    if (!resp || !resp.result || !resp.result[0]) {
+      return;
+    }
+    await removeUser(resp.result[0].userId);
+  }
+
+  public getAuthenticatorId(): string {
+    return this.authenticatorId;
+  }
+}
diff --git a/login/apps/login-test-acceptance/tests/username-passkey.spec.ts b/login/apps/login-test-acceptance/tests/username-passkey.spec.ts
new file mode 100644
index 0000000000..dff1c65f5a
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/username-passkey.spec.ts
@@ -0,0 +1,43 @@
+import { faker } from "@faker-js/faker";
+import { test as base } from "@playwright/test";
+import dotenv from "dotenv";
+import path from "path";
+import { loginScreenExpect, loginWithPasskey } from "./login";
+import { PasskeyUser } from "./user";
+
+// Read from ".env" file.
+dotenv.config({ path: path.resolve(__dirname, "../../login/.env.test.local") });
+
+const test = base.extend<{ user: PasskeyUser }>({
+  user: async ({ page }, use) => {
+    const user = new PasskeyUser({
+      email: faker.internet.email(),
+      isEmailVerified: true,
+      firstName: faker.person.firstName(),
+      lastName: faker.person.lastName(),
+      organization: "",
+      phone: faker.phone.number(),
+      isPhoneVerified: false,
+    });
+    await user.ensure(page);
+    await use(user);
+    await user.cleanup();
+  },
+});
+
+test("username and passkey login", async ({ user, page }) => {
+  await loginWithPasskey(page, user.getAuthenticatorId(), user.getUsername());
+  await loginScreenExpect(page, user.getFullName());
+});
+
+test("username and passkey login, multiple auth methods", async ({ page }) => {
+  test.skip();
+  // Given passkey and password is enabled on the organization of the user
+  // Given the user has password and passkey registered
+  // enter username
+  // passkey popup is directly shown
+  // user aborts passkey authentication
+  // user switches to password authentication
+  // user enters password
+  // user is redirected to app
+});
diff --git a/login/apps/login-test-acceptance/tests/username-password-change-required.spec.ts b/login/apps/login-test-acceptance/tests/username-password-change-required.spec.ts
new file mode 100644
index 0000000000..50605e5ff0
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/username-password-change-required.spec.ts
@@ -0,0 +1,41 @@
+import { faker } from "@faker-js/faker";
+import { test as base } from "@playwright/test";
+import dotenv from "dotenv";
+import path from "path";
+import { loginScreenExpect, loginWithPassword } from "./login";
+import { changePassword } from "./password";
+import { PasswordUser } from "./user";
+
+// Read from ".env" file.
+dotenv.config({ path: path.resolve(__dirname, "../../login/.env.test.local") });
+
+const test = base.extend<{ user: PasswordUser }>({
+  user: async ({ page }, use) => {
+    const user = new PasswordUser({
+      email: faker.internet.email(),
+      isEmailVerified: true,
+      firstName: faker.person.firstName(),
+      lastName: faker.person.lastName(),
+      organization: "",
+      phone: faker.phone.number(),
+      isPhoneVerified: false,
+      password: "Password1!",
+      passwordChangeRequired: true,
+    });
+    await user.ensure(page);
+    await use(user);
+    await user.cleanup();
+  },
+});
+
+test("username and password login, change required", async ({ user, page }) => {
+  const changedPw = "ChangedPw1!";
+
+  await loginWithPassword(page, user.getUsername(), user.getPassword());
+  await page.waitForTimeout(10000);
+  await changePassword(page, changedPw);
+  await loginScreenExpect(page, user.getFullName());
+
+  await loginWithPassword(page, user.getUsername(), changedPw);
+  await loginScreenExpect(page, user.getFullName());
+});
diff --git a/login/apps/login-test-acceptance/tests/username-password-changed.spec.ts b/login/apps/login-test-acceptance/tests/username-password-changed.spec.ts
new file mode 100644
index 0000000000..dc29dc2286
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/username-password-changed.spec.ts
@@ -0,0 +1,54 @@
+import { faker } from "@faker-js/faker";
+import { test as base } from "@playwright/test";
+import dotenv from "dotenv";
+import path from "path";
+import { loginScreenExpect, loginWithPassword } from "./login";
+import { changePassword, startChangePassword } from "./password";
+import { changePasswordScreen, changePasswordScreenExpect } from "./password-screen";
+import { PasswordUser } from "./user";
+
+// Read from ".env" file.
+dotenv.config({ path: path.resolve(__dirname, "../../login/.env.test.local") });
+
+const test = base.extend<{ user: PasswordUser }>({
+  user: async ({ page }, use) => {
+    const user = new PasswordUser({
+      email: faker.internet.email(),
+      isEmailVerified: true,
+      firstName: faker.person.firstName(),
+      lastName: faker.person.lastName(),
+      organization: "",
+      phone: faker.phone.number(),
+      isPhoneVerified: false,
+      password: "Password1!",
+      passwordChangeRequired: false,
+    });
+    await user.ensure(page);
+    await use(user);
+    await user.cleanup();
+  },
+});
+
+test("username and password changed login", async ({ user, page }) => {
+  const changedPw = "ChangedPw1!";
+  await loginWithPassword(page, user.getUsername(), user.getPassword());
+
+  // wait for projection of token
+  await page.waitForTimeout(10000);
+
+  await startChangePassword(page, user.getUsername());
+  await changePassword(page, changedPw);
+  await loginScreenExpect(page, user.getFullName());
+
+  await loginWithPassword(page, user.getUsername(), changedPw);
+  await loginScreenExpect(page, user.getFullName());
+});
+
+test("password change not with desired complexity", async ({ user, page }) => {
+  const changedPw1 = "change";
+  const changedPw2 = "chang";
+  await loginWithPassword(page, user.getUsername(), user.getPassword());
+  await startChangePassword(page, user.getUsername());
+  await changePasswordScreen(page, changedPw1, changedPw2);
+  await changePasswordScreenExpect(page, changedPw1, changedPw2, false, false, false, false, true, false);
+});
diff --git a/login/apps/login-test-acceptance/tests/username-password-otp_email.spec.ts b/login/apps/login-test-acceptance/tests/username-password-otp_email.spec.ts
new file mode 100644
index 0000000000..e4a77751c1
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/username-password-otp_email.spec.ts
@@ -0,0 +1,98 @@
+import { faker } from "@faker-js/faker";
+import { test as base } from "@playwright/test";
+import dotenv from "dotenv";
+import path from "path";
+import { code, codeResend, otpFromSink } from "./code";
+import { codeScreenExpect } from "./code-screen";
+import { loginScreenExpect, loginWithPassword, loginWithPasswordAndEmailOTP } from "./login";
+import { OtpType, PasswordUserWithOTP } from "./user";
+
+// Read from ".env" file.
+dotenv.config({ path: path.resolve(__dirname, "../../login/.env.test.local") });
+
+const test = base.extend<{ user: PasswordUserWithOTP; sink: any }>({
+  user: async ({ page }, use) => {
+    const user = new PasswordUserWithOTP({
+      email: faker.internet.email(),
+      isEmailVerified: true,
+      firstName: faker.person.firstName(),
+      lastName: faker.person.lastName(),
+      organization: "",
+      phone: faker.phone.number(),
+      isPhoneVerified: false,
+      password: "Password1!",
+      passwordChangeRequired: false,
+      type: OtpType.email,
+    });
+
+    await user.ensure(page);
+    await use(user);
+    await user.cleanup();
+  },
+});
+
+test.skip("DOESN'T WORK: username, password and email otp login, enter code manually", async ({ user, page }) => {
+  // Given email otp is enabled on the organization of the user
+  // Given the user has only email otp configured as second factor
+  // User enters username
+  // User enters password
+  // User receives an email with a verification code
+  // User enters the code into the ui
+  // User is redirected to the app (default redirect url)
+  await loginWithPasswordAndEmailOTP(page, user.getUsername(), user.getPassword(), user.getUsername());
+  await loginScreenExpect(page, user.getFullName());
+});
+
+test("username, password and email otp login, click link in email", async ({ page }) => {
+  base.skip();
+  // Given email otp is enabled on the organization of the user
+  // Given the user has only email otp configured as second factor
+  // User enters username
+  // User enters password
+  // User receives an email with a verification code
+  // User clicks link in the email
+  // User is redirected to the app (default redirect url)
+});
+
+test.skip("DOESN'T WORK: username, password and email otp login, resend code", async ({ user, page }) => {
+  // Given email otp is enabled on the organization of the user
+  // Given the user has only email otp configured as second factor
+  // User enters username
+  // User enters password
+  // User receives an email with a verification code
+  // User clicks resend code
+  // User receives a new email with a verification code
+  // User enters the new code in the ui
+  // User is redirected to the app (default redirect url)
+  await loginWithPassword(page, user.getUsername(), user.getPassword());
+  await codeResend(page);
+  await otpFromSink(page, user.getUsername());
+  await loginScreenExpect(page, user.getFullName());
+});
+
+test("username, password and email otp login, wrong code", async ({ user, page }) => {
+  // Given email otp is enabled on the organization of the user
+  // Given the user has only email otp configured as second factor
+  // User enters username
+  // User enters password
+  // User receives an email with a verification code
+  // User enters a wrong code
+  // Error message - "Invalid code" is shown
+  const c = "wrongcode";
+  await loginWithPassword(page, user.getUsername(), user.getPassword());
+  await code(page, c);
+  await codeScreenExpect(page, c);
+});
+
+test("username, password and email otp login, multiple mfa options", async ({ page }) => {
+  base.skip();
+  // Given email otp and sms otp is enabled on the organization of the user
+  // Given the user has email and sms otp configured as second factor
+  // User enters username
+  // User enters password
+  // User receives an email with a verification code
+  // User clicks button to use sms otp as second factor
+  // User receives a sms with a verification code
+  // User enters code in ui
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/username-password-otp_sms.spec.ts b/login/apps/login-test-acceptance/tests/username-password-otp_sms.spec.ts
new file mode 100644
index 0000000000..10901cd243
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/username-password-otp_sms.spec.ts
@@ -0,0 +1,71 @@
+import { faker } from "@faker-js/faker";
+import { test as base } from "@playwright/test";
+import dotenv from "dotenv";
+import path from "path";
+import { code } from "./code";
+import { codeScreenExpect } from "./code-screen";
+import { loginScreenExpect, loginWithPassword, loginWithPasswordAndPhoneOTP } from "./login";
+import { OtpType, PasswordUserWithOTP } from "./user";
+
+// Read from ".env" file.
+dotenv.config({ path: path.resolve(__dirname, "../../login/.env.test.local") });
+
+const test = base.extend<{ user: PasswordUserWithOTP; sink: any }>({
+  user: async ({ page }, use) => {
+    const user = new PasswordUserWithOTP({
+      email: faker.internet.email(),
+      isEmailVerified: true,
+      firstName: faker.person.firstName(),
+      lastName: faker.person.lastName(),
+      organization: "",
+      phone: faker.phone.number({ style: "international" }),
+      isPhoneVerified: true,
+      password: "Password1!",
+      passwordChangeRequired: false,
+      type: OtpType.sms,
+    });
+
+    await user.ensure(page);
+    await use(user);
+    await user.cleanup();
+  },
+});
+
+test.skip("DOESN'T WORK: username, password and sms otp login, enter code manually", async ({ user, page }) => {
+  // Given sms otp is enabled on the organization of the user
+  // Given the user has only sms otp configured as second factor
+  // User enters username
+  // User enters password
+  // User receives a sms with a verification code
+  // User enters the code into the ui
+  // User is redirected to the app (default redirect url)
+  await loginWithPasswordAndPhoneOTP(page, user.getUsername(), user.getPassword(), user.getPhone());
+  await loginScreenExpect(page, user.getFullName());
+});
+
+test.skip("DOESN'T WORK: username, password and sms otp login, resend code", async ({ user, page }) => {
+  // Given sms otp is enabled on the organization of the user
+  // Given the user has only sms otp configured as second factor
+  // User enters username
+  // User enters password
+  // User receives a sms with a verification code
+  // User clicks resend code
+  // User receives a new sms with a verification code
+  // User is redirected to the app (default redirect url)
+  await loginWithPasswordAndPhoneOTP(page, user.getUsername(), user.getPassword(), user.getPhone());
+  await loginScreenExpect(page, user.getFullName());
+});
+
+test("username, password and sms otp login, wrong code", async ({ user, page }) => {
+  // Given sms otp is enabled on the organization of the user
+  // Given the user has only sms otp configured as second factor
+  // User enters username
+  // User enters password
+  // User receives a sms with a verification code
+  // User enters a wrong code
+  // Error message - "Invalid code" is shown
+  const c = "wrongcode";
+  await loginWithPassword(page, user.getUsername(), user.getPassword());
+  await code(page, c);
+  await codeScreenExpect(page, c);
+});
diff --git a/login/apps/login-test-acceptance/tests/username-password-set.spec.ts b/login/apps/login-test-acceptance/tests/username-password-set.spec.ts
new file mode 100644
index 0000000000..06ce42f1a7
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/username-password-set.spec.ts
@@ -0,0 +1,52 @@
+import { faker } from "@faker-js/faker";
+import { test as base } from "@playwright/test";
+import dotenv from "dotenv";
+import path from "path";
+import { loginScreenExpect, loginWithPassword, startLogin } from "./login";
+import { loginname } from "./loginname";
+import { resetPassword, startResetPassword } from "./password";
+import { resetPasswordScreen, resetPasswordScreenExpect } from "./password-screen";
+import { PasswordUser } from "./user";
+
+// Read from ".env" file.
+dotenv.config({ path: path.resolve(__dirname, "../../login/.env.test.local") });
+
+const test = base.extend<{ user: PasswordUser }>({
+  user: async ({ page }, use) => {
+    const user = new PasswordUser({
+      email: faker.internet.email(),
+      isEmailVerified: true,
+      firstName: faker.person.firstName(),
+      lastName: faker.person.lastName(),
+      organization: "",
+      phone: faker.phone.number(),
+      isPhoneVerified: false,
+      password: "Password1!",
+      passwordChangeRequired: false,
+    });
+    await user.ensure(page);
+    await use(user);
+    await user.cleanup();
+  },
+});
+
+test("username and password set login", async ({ user, page }) => {
+  const changedPw = "ChangedPw1!";
+  await startLogin(page);
+  await loginname(page, user.getUsername());
+  await resetPassword(page, user.getUsername(), changedPw);
+  await loginScreenExpect(page, user.getFullName());
+
+  await loginWithPassword(page, user.getUsername(), changedPw);
+  await loginScreenExpect(page, user.getFullName());
+});
+
+test("password set not with desired complexity", async ({ user, page }) => {
+  const changedPw1 = "change";
+  const changedPw2 = "chang";
+  await startLogin(page);
+  await loginname(page, user.getUsername());
+  await startResetPassword(page);
+  await resetPasswordScreen(page, user.getUsername(), changedPw1, changedPw2);
+  await resetPasswordScreenExpect(page, changedPw1, changedPw2, false, false, false, false, true, false);
+});
diff --git a/login/apps/login-test-acceptance/tests/username-password-totp.spec.ts b/login/apps/login-test-acceptance/tests/username-password-totp.spec.ts
new file mode 100644
index 0000000000..e495b16681
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/username-password-totp.spec.ts
@@ -0,0 +1,71 @@
+import { faker } from "@faker-js/faker";
+import { test as base } from "@playwright/test";
+import dotenv from "dotenv";
+import path from "path";
+import { code } from "./code";
+import { codeScreenExpect } from "./code-screen";
+import { loginScreenExpect, loginWithPassword, loginWithPasswordAndTOTP } from "./login";
+import { PasswordUserWithTOTP } from "./user";
+
+// Read from ".env" file.
+dotenv.config({ path: path.resolve(__dirname, "../../login/.env.test.local") });
+
+const test = base.extend<{ user: PasswordUserWithTOTP; sink: any }>({
+  user: async ({ page }, use) => {
+    const user = new PasswordUserWithTOTP({
+      email: faker.internet.email(),
+      isEmailVerified: true,
+      firstName: faker.person.firstName(),
+      lastName: faker.person.lastName(),
+      organization: "",
+      phone: faker.phone.number({ style: "international" }),
+      isPhoneVerified: true,
+      password: "Password1!",
+      passwordChangeRequired: false,
+    });
+
+    await user.ensure(page);
+    await use(user);
+    await user.cleanup();
+  },
+});
+
+test("username, password and totp login", async ({ user, page }) => {
+  // Given totp is enabled on the organization of the user
+  // Given the user has only totp configured as second factor
+  // User enters username
+  // User enters password
+  // Screen for entering the code is shown directly
+  // User enters the code into the ui
+  // User is redirected to the app (default redirect url)
+  await loginWithPasswordAndTOTP(page, user.getUsername(), user.getPassword(), user.getSecret());
+  await loginScreenExpect(page, user.getFullName());
+});
+
+test("username, password and totp otp login, wrong code", async ({ user, page }) => {
+  // Given totp is enabled on the organization of the user
+  // Given the user has only totp configured as second factor
+  // User enters username
+  // User enters password
+  // Screen for entering the code is shown directly
+  // User enters a wrond code
+  // Error message - "Invalid code" is shown
+  const c = "wrongcode";
+  await loginWithPassword(page, user.getUsername(), user.getPassword());
+  await code(page, c);
+  await codeScreenExpect(page, c);
+});
+
+test("username, password and totp login, multiple mfa options", async ({ page }) => {
+  test.skip();
+  // Given totp and email otp is enabled on the organization of the user
+  // Given the user has totp and email otp configured as second factor
+  // User enters username
+  // User enters password
+  // Screen for entering the code is shown directly
+  // Button to switch to email otp is shown
+  // User clicks button to use email otp instead
+  // User receives an email with a verification code
+  // User enters code in ui
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/username-password-u2f.spec.ts b/login/apps/login-test-acceptance/tests/username-password-u2f.spec.ts
new file mode 100644
index 0000000000..dc23064fd6
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/username-password-u2f.spec.ts
@@ -0,0 +1,26 @@
+import { test } from "@playwright/test";
+
+test("username, password and u2f login", async ({ page }) => {
+  test.skip();
+  // Given u2f is enabled on the organization of the user
+  // Given the user has only u2f configured as second factor
+  // User enters username
+  // User enters password
+  // Popup for u2f is directly opened
+  // User verifies u2f
+  // User is redirected to the app (default redirect url)
+});
+
+test("username, password and u2f login, multiple mfa options", async ({ page }) => {
+  test.skip();
+  // Given u2f and semailms otp is enabled on the organization of the user
+  // Given the user has u2f and email otp configured as second factor
+  // User enters username
+  // User enters password
+  // Popup for u2f is directly opened
+  // User aborts u2f verification
+  // User clicks button to use email otp as second factor
+  // User receives an email with a verification code
+  // User enters code in ui
+  // User is redirected to the app (default redirect url)
+});
diff --git a/login/apps/login-test-acceptance/tests/username-password.spec.ts b/login/apps/login-test-acceptance/tests/username-password.spec.ts
new file mode 100644
index 0000000000..ceb340f8da
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/username-password.spec.ts
@@ -0,0 +1,157 @@
+import { faker } from "@faker-js/faker";
+import { test as base } from "@playwright/test";
+import dotenv from "dotenv";
+import path from "path";
+import { loginScreenExpect, loginWithPassword, startLogin } from "./login";
+import { loginname } from "./loginname";
+import { loginnameScreenExpect } from "./loginname-screen";
+import { password } from "./password";
+import { passwordScreenExpect } from "./password-screen";
+import { PasswordUser } from "./user";
+
+// Read from ".env" file.
+dotenv.config({ path: path.resolve(__dirname, "../../login/.env.test.local") });
+
+const test = base.extend<{ user: PasswordUser }>({
+  user: async ({ page }, use) => {
+    const user = new PasswordUser({
+      email: faker.internet.email(),
+      isEmailVerified: true,
+      firstName: faker.person.firstName(),
+      lastName: faker.person.lastName(),
+      organization: "",
+      phone: faker.phone.number(),
+      isPhoneVerified: false,
+      password: "Password1!",
+      passwordChangeRequired: false,
+    });
+    await user.ensure(page);
+    await use(user);
+    await user.cleanup();
+  },
+});
+
+test("username and password login", async ({ user, page }) => {
+  await loginWithPassword(page, user.getUsername(), user.getPassword());
+  await loginScreenExpect(page, user.getFullName());
+});
+
+test("username and password login, unknown username", async ({ page }) => {
+  const username = "unknown";
+  await startLogin(page);
+  await loginname(page, username);
+  await loginnameScreenExpect(page, username);
+});
+
+test("username and password login, wrong password", async ({ user, page }) => {
+  await startLogin(page);
+  await loginname(page, user.getUsername());
+  await password(page, "wrong");
+  await passwordScreenExpect(page, "wrong");
+});
+
+test("username and password login, wrong username, ignore unknown usernames", async ({ user, page }) => {
+  test.skip();
+  // Given user doesn't exist but ignore unknown usernames setting is set to true
+  // Given username password login is enabled on the users organization
+  // enter login name
+  // enter password
+  // redirect to loginname page --> error message username or password wrong
+});
+
+test("username and password login, initial password change", async ({ user, page }) => {
+  test.skip();
+  // Given user is created and has changePassword set to true
+  // Given username password login is enabled on the users organization
+  // enter login name
+  // enter password
+  // create new password
+});
+
+test("username and password login, reset password hidden", async ({ user, page }) => {
+  test.skip();
+  // Given the organization has enabled "Password reset hidden" in the login policy
+  // Given username password login is enabled on the users organization
+  // enter login name
+  // password reset link should not be shown on password screen
+});
+
+test("username and password login, reset password - enter code manually", async ({ user, page }) => {
+  test.skip();
+  // Given user has forgotten password and clicks the forgot password button
+  // Given username password login is enabled on the users organization
+  // enter login name
+  // click password forgotten
+  // enter code from email
+  // user is redirected to app (default redirect url)
+});
+
+test("username and password login, reset password - click link", async ({ user, page }) => {
+  test.skip();
+  // Given user has forgotten password and clicks the forgot password button, and then the link in the email
+  // Given username password login is enabled on the users organization
+  // enter login name
+  // click password forgotten
+  // click link in email
+  // set new password
+  // redirect to app (default redirect url)
+});
+
+test("username and password login, reset password, resend code", async ({ user, page }) => {
+  test.skip();
+  // Given user has forgotten password and clicks the forgot password button and then resend code
+  // Given username password login is enabled on the users organization
+  // enter login name
+  // click password forgotten
+  // click resend code
+  // enter code from second email
+  // user is redirected to app (default redirect url)
+});
+
+test("email login enabled", async ({ user, page }) => {
+  test.skip();
+  // Given user with the username "testuser", email test@zitadel.com and phone number 0711111111 exists
+  // Given no other user with the same email address exists
+  // enter email address "test@zitadel.com " in login screen
+  // user will get to password screen
+});
+
+test("email login disabled", async ({ user, page }) => {
+  test.skip();
+  // Given user with the username "testuser", email test@zitadel.com and phone number 0711111111 exists
+  // Given no other user with the same email address exists
+  // enter email address "test@zitadel.com" in login screen
+  // user will see error message "user not found"
+});
+
+test("email login enabled - multiple users", async ({ user, page }) => {
+  test.skip();
+  // Given user with the username "testuser", email test@zitadel.com and phone number 0711111111 exists
+  // Given a second user with the username "testuser2", email test@zitadel.com and phone number 0711111111 exists
+  // enter email address "test@zitadel.com" in login screen
+  // user will see error message "user not found"
+});
+
+test("phone login enabled", async ({ user, page }) => {
+  test.skip();
+  // Given user with the username "testuser", email test@zitadel.com and phone number 0711111111 exists
+  // Given no other user with the same phon number exists
+  // enter phone number "0711111111" in login screen
+  // user will get to password screen
+});
+
+test("phone login disabled", async ({ user, page }) => {
+  test.skip();
+  // Given user with the username "testuser", email test@zitadel.com and phone number 0711111111 exists
+  // Given no other user with the same phone number exists
+  // enter phone number "0711111111" in login screen
+  // user will see error message "user not found"
+});
+
+test("phone login enabled - multiple users", async ({ user, page }) => {
+  test.skip();
+  // Given user with the username "testuser", email test@zitadel.com and phone number 0711111111 exists
+  // Given a second user with the username "testuser2", email test@zitadel.com and phone number 0711111111 exists
+  // enter phone number "0711111111" in login screen
+  // user will see error message "user not found"
+});
diff --git a/login/apps/login-test-acceptance/tests/welcome.ts b/login/apps/login-test-acceptance/tests/welcome.ts
new file mode 100644
index 0000000000..34267c2bd0
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/welcome.ts
@@ -0,0 +1,6 @@
+import { test } from "@playwright/test";
+
+test("login is accessible", async ({ page }) => {
+  await page.goto("./");
+  await page.getByRole("heading", { name: "Welcome back!" }).isVisible();
+});
diff --git a/login/apps/login-test-acceptance/tests/zitadel.ts b/login/apps/login-test-acceptance/tests/zitadel.ts
new file mode 100644
index 0000000000..b252654f86
--- /dev/null
+++ b/login/apps/login-test-acceptance/tests/zitadel.ts
@@ -0,0 +1,190 @@
+import { Authenticator } from "@otplib/core";
+import { createDigest, createRandomBytes } from "@otplib/plugin-crypto";
+import { keyDecoder, keyEncoder } from "@otplib/plugin-thirty-two"; // use your chosen base32 plugin
+import axios from "axios";
+import dotenv from "dotenv";
+import { request } from "gaxios";
+import path from "path";
+import { OtpType, userProps } from "./user";
+
+dotenv.config({ path: path.resolve(__dirname, "../../login/.env.test.local") });
+
+export async function addUser(props: userProps) {
+  const body = {
+    username: props.email,
+    organization: {
+      orgId: props.organization,
+    },
+    profile: {
+      givenName: props.firstName,
+      familyName: props.lastName,
+    },
+    email: {
+      email: props.email,
+      isVerified: true,
+    },
+    phone: {
+      phone: props.phone,
+      isVerified: true,
+    },
+    password: {
+      password: props.password,
+      changeRequired: props.passwordChangeRequired ?? false,
+    },
+  };
+  if (!props.isEmailVerified) {
+    delete body.email.isVerified;
+  }
+  if (!props.isPhoneVerified) {
+    delete body.phone.isVerified;
+  }
+
+  return await listCall(`${process.env.ZITADEL_API_URL}/v2/users/human`, body);
+}
+
+export async function removeUserByUsername(username: string) {
+  const resp = await getUserByUsername(username);
+  if (!resp || !resp.result || !resp.result[0]) {
+    return;
+  }
+  await removeUser(resp.result[0].userId);
+}
+
+export async function removeUser(id: string) {
+  await deleteCall(`${process.env.ZITADEL_API_URL}/v2/users/${id}`);
+}
+
+async function deleteCall(url: string) {
+  try {
+    const response = await axios.delete(url, {
+      headers: {
+        Authorization: `Bearer ${process.env.ZITADEL_ADMIN_TOKEN}`,
+      },
+    });
+
+    if (response.status >= 400 && response.status !== 404) {
+      const error = `HTTP Error: ${response.status} - ${response.statusText}`;
+      console.error(error);
+      throw new Error(error);
+    }
+  } catch (error) {
+    console.error("Error making request:", error);
+    throw error;
+  }
+}
+
+export async function getUserByUsername(username: string): Promise<any> {
+  const listUsersBody = {
+    queries: [
+      {
+        userNameQuery: {
+          userName: username,
+        },
+      },
+    ],
+  };
+
+  return await listCall(`${process.env.ZITADEL_API_URL}/v2/users`, listUsersBody);
+}
+
+async function listCall(url: string, data: any): Promise<any> {
+  try {
+    const response = await axios.post(url, data, {
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${process.env.ZITADEL_ADMIN_TOKEN}`,
+      },
+    });
+
+    if (response.status >= 400) {
+      const error = `HTTP Error: ${response.status} - ${response.statusText}`;
+      console.error(error);
+      throw new Error(error);
+    }
+
+    return response.data;
+  } catch (error) {
+    console.error("Error making request:", error);
+    throw error;
+  }
+}
+
+export async function activateOTP(userId: string, type: OtpType) {
+  let url = "otp_";
+  switch (type) {
+    case OtpType.sms:
+      url = url + "sms";
+      break;
+    case OtpType.email:
+      url = url + "email";
+      break;
+  }
+
+  await pushCall(`${process.env.ZITADEL_API_URL}/v2/users/${userId}/${url}`, {});
+}
+
+async function pushCall(url: string, data: any) {
+  try {
+    const response = await axios.post(url, data, {
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${process.env.ZITADEL_ADMIN_TOKEN}`,
+      },
+    });
+
+    if (response.status >= 400) {
+      const error = `HTTP Error: ${response.status} - ${response.statusText}`;
+      console.error(error);
+      throw new Error(error);
+    }
+  } catch (error) {
+    console.error("Error making request:", error);
+    throw error;
+  }
+}
+
+export async function addTOTP(userId: string): Promise<string> {
+  const response = await listCall(`${process.env.ZITADEL_API_URL}/v2/users/${userId}/totp`, {});
+  const code = totp(response.secret);
+  await pushCall(`${process.env.ZITADEL_API_URL}/v2/users/${userId}/totp/verify`, { code: code });
+  return response.secret;
+}
+
+export function totp(secret: string) {
+  const authenticator = new Authenticator({
+    createDigest,
+    createRandomBytes,
+    keyDecoder,
+    keyEncoder,
+  });
+  // google authenticator usage
+  const token = authenticator.generate(secret);
+
+  // check if token can be used
+  if (!authenticator.verify({ token: token, secret: secret })) {
+    const error = `Generated token could not be verified`;
+    console.error(error);
+    throw new Error(error);
+  }
+
+  return token;
+}
+
+export async function eventualNewUser(id: string) {
+  return request({
+    url: `${process.env.ZITADEL_API_URL}/v2/users/${id}`,
+    method: "GET",
+    headers: {
+      Authorization: `Bearer ${process.env.ZITADEL_ADMIN_TOKEN}`,
+      "Content-Type": "application/json",
+    },
+    retryConfig: {
+      statusCodesToRetry: [[404, 404]],
+      retry: Number.MAX_SAFE_INTEGER, // totalTimeout limits the number of retries
+      totalTimeout: 10000, // 10 seconds
+      onRetryAttempt: (error) => {
+        console.warn(`Retrying to query new user ${id}: ${error.message}`);
+      },
+    },
+  });
+}
diff --git a/login/apps/login-test-acceptance/turbo.json b/login/apps/login-test-acceptance/turbo.json
new file mode 100644
index 0000000000..3be0539d0f
--- /dev/null
+++ b/login/apps/login-test-acceptance/turbo.json
@@ -0,0 +1,10 @@
+{
+  "extends": ["//"],
+  "tasks": {
+    "test:acceptance:setup:dev": {
+      "interactive": true,
+      "cache": false,
+      "persistent": true
+    }
+  }
+}
diff --git a/login/apps/login-test-acceptance/zitadel.yaml b/login/apps/login-test-acceptance/zitadel.yaml
new file mode 100644
index 0000000000..3ddeaf67f0
--- /dev/null
+++ b/login/apps/login-test-acceptance/zitadel.yaml
@@ -0,0 +1,83 @@
+ExternalDomain: 127.0.0.1.sslip.io
+ExternalSecure: true
+ExternalPort: 443
+TLS.Enabled: false
+
+FirstInstance:
+  PatPath: /pat/zitadel-admin-sa.pat
+  Org:
+    Human:
+      UserName: zitadel-admin
+      FirstName: ZITADEL
+      LastName: Admin
+      Password: Password1!
+      PasswordChangeRequired: false
+      PreferredLanguage: en
+    Machine:
+      Machine:
+        Username: zitadel-admin-sa
+        Name: Admin
+      Pat:
+        ExpirationDate: 2099-01-01T00:00:00Z
+
+DefaultInstance:
+  LoginPolicy:
+    AllowUsernamePassword: true # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_ALLOWUSERNAMEPASSWORD
+    AllowRegister: true # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_ALLOWREGISTER
+    AllowExternalIDP: true # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_ALLOWEXTERNALIDP
+    ForceMFA: false # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_FORCEMFA
+    HidePasswordReset: false # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_HIDEPASSWORDRESET
+    IgnoreUnknownUsernames: false # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_IGNOREUNKNOWNUSERNAMES
+    AllowDomainDiscovery: true # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_ALLOWDOMAINDISCOVERY
+    # 1 is allowed, 0 is not allowed
+    PasswordlessType: 1 # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_PASSWORDLESSTYPE
+    # DefaultRedirectURL is empty by default because we use the Console UI
+    DefaultRedirectURI: # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_DEFAULTREDIRECTURI
+    # 240h = 10d
+    PasswordCheckLifetime: 240h # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_PASSWORDCHECKLIFETIME
+    # 240h = 10d
+    ExternalLoginCheckLifetime: 240h # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_EXTERNALLOGINCHECKLIFETIME
+    # 720h = 30d
+    MfaInitSkipLifetime: 0h # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_MFAINITSKIPLIFETIME
+    SecondFactorCheckLifetime: 18h # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_SECONDFACTORCHECKLIFETIME
+    MultiFactorCheckLifetime: 12h # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_MULTIFACTORCHECKLIFETIME
+  PrivacyPolicy:
+    TOSLink: "https://zitadel.com/docs/legal/terms-of-service"
+    PrivacyLink: "https://zitadel.com/docs/legal/policies/privacy-policy"
+    HelpLink: "https://zitadel.com/docs"
+    SupportEmail: "support@zitadel.com"
+    DocsLink: "https://zitadel.com/docs"
+  Features:
+    LoginV2:
+      Required: true
+
+OIDC:
+  DefaultLoginURLV2: "/ui/v2/login/login?authRequest="
+
+SAML:
+  DefaultLoginURLV2: "/ui/v2/login/login?authRequest="
+
+Database:
+  EventPushConnRatio: 0.2 # 4
+  ProjectionSpoolerConnRatio: 0.3 # 6
+  postgres:
+    Host: db
+    Port: 5432
+    Database: zitadel
+    MaxOpenConns: 20
+    MaxIdleConns: 20
+    MaxConnLifetime: 1h
+    MaxConnIdleTime: 5m
+    User:
+      Username: zitadel
+      SSL:
+        Mode: disable
+    Admin:
+      Username: zitadel
+      SSL:
+        Mode: disable
+
+Logstore:
+  Access:
+    Stdout:
+      Enabled: true
diff --git a/login/apps/login-test-integration/.gitignore b/login/apps/login-test-integration/.gitignore
new file mode 100644
index 0000000000..2ca81ab137
--- /dev/null
+++ b/login/apps/login-test-integration/.gitignore
@@ -0,0 +1,2 @@
+screenshots
+videos
\ No newline at end of file
diff --git a/login/apps/login-test-integration/core-mock/Dockerfile b/login/apps/login-test-integration/core-mock/Dockerfile
new file mode 100644
index 0000000000..469147d17d
--- /dev/null
+++ b/login/apps/login-test-integration/core-mock/Dockerfile
@@ -0,0 +1,9 @@
+FROM golang:1.20.5-alpine3.18
+
+RUN go install github.com/eliobischof/grpc-mock/cmd/grpc-mock@01b09f60db1b501178af59bed03b2c22661df48c
+
+COPY mocked-services.cfg .
+COPY initial-stubs initial-stubs
+COPY --from=protos . .
+
+ENTRYPOINT [ "sh", "-c", "grpc-mock -v 1 -proto $(tr '\n' ',' < ./mocked-services.cfg) -stub-dir ./initial-stubs -mock-addr :22222" ]
diff --git a/login/apps/login-test-integration/core-mock/initial-stubs/zitadel.settings.v2.SettingsService.json b/login/apps/login-test-integration/core-mock/initial-stubs/zitadel.settings.v2.SettingsService.json
new file mode 100644
index 0000000000..3da4ae999f
--- /dev/null
+++ b/login/apps/login-test-integration/core-mock/initial-stubs/zitadel.settings.v2.SettingsService.json
@@ -0,0 +1,59 @@
+[
+  {
+    "service": "zitadel.settings.v2.SettingsService",
+    "method": "GetBrandingSettings",
+    "out": {
+      "data": {}
+    }
+  },
+  {
+    "service": "zitadel.settings.v2.SettingsService",
+    "method": "GetSecuritySettings",
+    "out": {
+      "data": {}
+    }
+  },
+  {
+    "service": "zitadel.settings.v2.SettingsService",
+    "method": "GetLegalAndSupportSettings",
+    "out": {
+      "data": {
+        "settings": {
+          "tosLink": "http://whatever.com/help",
+          "privacyPolicyLink": "http://whatever.com/help",
+          "helpLink": "http://whatever.com/help"
+        }
+      }
+    }
+  },
+  {
+    "service": "zitadel.settings.v2.SettingsService",
+    "method": "GetActiveIdentityProviders",
+    "out": {
+      "data": {
+        "identityProviders": [
+          {
+            "id": "123",
+            "name": "Hubba bubba",
+            "type": 10
+          }
+        ]
+      }
+    }
+  },
+  {
+    "service": "zitadel.settings.v2.SettingsService",
+    "method": "GetPasswordComplexitySettings",
+    "out": {
+      "data": {
+        "settings": {
+          "minLength": 8,
+          "requiresUppercase": true,
+          "requiresLowercase": true,
+          "requiresNumber": true,
+          "requiresSymbol": true
+        }
+      }
+    }
+  }
+]
diff --git a/login/apps/login-test-integration/core-mock/mocked-services.cfg b/login/apps/login-test-integration/core-mock/mocked-services.cfg
new file mode 100644
index 0000000000..6a758ab8c1
--- /dev/null
+++ b/login/apps/login-test-integration/core-mock/mocked-services.cfg
@@ -0,0 +1,7 @@
+zitadel/user/v2/user_service.proto
+zitadel/org/v2/org_service.proto
+zitadel/session/v2/session_service.proto
+zitadel/settings/v2/settings_service.proto
+zitadel/management.proto
+zitadel/auth.proto
+zitadel/admin.proto
\ No newline at end of file
diff --git a/login/apps/login-test-integration/cypress.config.ts b/login/apps/login-test-integration/cypress.config.ts
new file mode 100644
index 0000000000..080cb31bc6
--- /dev/null
+++ b/login/apps/login-test-integration/cypress.config.ts
@@ -0,0 +1,14 @@
+import { defineConfig } from "cypress";
+
+export default defineConfig({
+  reporter: "list",
+
+  e2e: {
+    baseUrl: process.env.LOGIN_BASE_URL || "http://localhost:3000",
+    specPattern: "integration/**/*.cy.{js,jsx,ts,tsx}",
+    supportFile: "support/e2e.{js,jsx,ts,tsx}",
+    setupNodeEvents(on, config) {
+      // implement node event listeners here
+    },
+  },
+});
diff --git a/login/apps/login-test-integration/docker-compose.yaml b/login/apps/login-test-integration/docker-compose.yaml
new file mode 100644
index 0000000000..2f09a2253e
--- /dev/null
+++ b/login/apps/login-test-integration/docker-compose.yaml
@@ -0,0 +1,30 @@
+services:
+  core-mock:
+    image: "${LOGIN_CORE_MOCK_TAG:-login-core-mock:local}"
+    container_name: integration-core-mock
+    ports:
+      - 22220:22220
+      - 22222:22222
+
+  login:
+    image: "${LOGIN_TAG:-login:local}"
+    container_name: integration-login
+    ports:
+      - 3001:3001
+    environment:
+      - PORT=3001
+      - ZITADEL_API_URL=http://core-mock:22222
+      - ZITADEL_SERVICE_USER_TOKEN="yolo"
+      - EMAIL_VERIFICATION=true
+
+  integration:
+    image: "${LOGIN_TEST_INTEGRATION_TAG:-login-test-integration:local}"
+    container_name: integration
+    environment:
+      - LOGIN_BASE_URL=http://login:3001/ui/v2/login
+      - CYPRESS_CORE_MOCK_STUBS_URL=http://core-mock:22220/v1/stubs
+    depends_on:
+      login:
+        condition: service_started
+      core-mock:
+        condition: service_started
diff --git a/login/apps/login-test-integration/fixtures/example.json b/login/apps/login-test-integration/fixtures/example.json
new file mode 100644
index 0000000000..02e4254378
--- /dev/null
+++ b/login/apps/login-test-integration/fixtures/example.json
@@ -0,0 +1,5 @@
+{
+  "name": "Using fixtures to represent data",
+  "email": "hello@cypress.io",
+  "body": "Fixtures are a great way to mock data for responses to routes"
+}
diff --git a/login/apps/login-test-integration/integration/invite.cy.ts b/login/apps/login-test-integration/integration/invite.cy.ts
new file mode 100644
index 0000000000..a68ff96c36
--- /dev/null
+++ b/login/apps/login-test-integration/integration/invite.cy.ts
@@ -0,0 +1,110 @@
+import { stub } from "../support/e2e";
+
+describe("verify invite", () => {
+  beforeEach(() => {
+    stub("zitadel.org.v2.OrganizationService", "ListOrganizations", {
+      data: {
+        details: {
+          totalResult: 1,
+        },
+        result: [{ id: "256088834543534543" }],
+      },
+    });
+
+    stub("zitadel.user.v2.UserService", "ListAuthenticationMethodTypes", {
+      data: {
+        authMethodTypes: [], // user with no auth methods was invited
+      },
+    });
+
+    stub("zitadel.user.v2.UserService", "GetUserByID", {
+      data: {
+        user: {
+          userId: "221394658884845598",
+          state: 1,
+          username: "john@zitadel.com",
+          loginNames: ["john@zitadel.com"],
+          preferredLoginName: "john@zitadel.com",
+          human: {
+            userId: "221394658884845598",
+            state: 1,
+            username: "john@zitadel.com",
+            loginNames: ["john@zitadel.com"],
+            preferredLoginName: "john@zitadel.com",
+            profile: {
+              givenName: "John",
+              familyName: "Doe",
+              avatarUrl: "https://zitadel.com/avatar.jpg",
+            },
+            email: {
+              email: "john@zitadel.com",
+              isVerified: false,
+            },
+          },
+        },
+      },
+    });
+
+    stub("zitadel.session.v2.SessionService", "CreateSession", {
+      data: {
+        details: {
+          sequence: 859,
+          changeDate: new Date("2024-04-04T09:40:55.577Z"),
+          resourceOwner: "220516472055706145",
+        },
+        sessionId: "221394658884845598",
+        sessionToken: "SDMc7DlYXPgwRJ-Tb5NlLqynysHjEae3csWsKzoZWLplRji0AYY3HgAkrUEBqtLCvOayLJPMd0ax4Q",
+        challenges: undefined,
+      },
+    });
+
+    stub("zitadel.session.v2.SessionService", "GetSession", {
+      data: {
+        session: {
+          id: "221394658884845598",
+          creationDate: new Date("2024-04-04T09:40:55.577Z"),
+          changeDate: new Date("2024-04-04T09:40:55.577Z"),
+          sequence: 859,
+          factors: {
+            user: {
+              id: "221394658884845598",
+              loginName: "john@zitadel.com",
+            },
+            password: undefined,
+            webAuthN: undefined,
+            intent: undefined,
+          },
+          metadata: {},
+        },
+      },
+    });
+
+    stub("zitadel.settings.v2.SettingsService", "GetLoginSettings", {
+      data: {
+        settings: {
+          passkeysType: 1,
+          allowUsernamePassword: true,
+        },
+      },
+    });
+  });
+
+  it.only("shows authenticators after successful invite verification", () => {
+    stub("zitadel.user.v2.UserService", "VerifyInviteCode");
+
+    cy.visit("/verify?userId=221394658884845598&code=abc&invite=true");
+    cy.url({ timeout: 10_000 }).should("include", Cypress.config().baseUrl + "/authenticator/set");
+  });
+
+  it("shows an error if invite code validation failed", () => {
+    stub("zitadel.user.v2.UserService", "VerifyInviteCode", {
+      code: 3,
+      error: "error validating code",
+    });
+
+    // TODO: Avoid uncaught exception in application
+    cy.once("uncaught:exception", () => false);
+    cy.visit("/verify?userId=221394658884845598&code=abc&invite=true");
+    cy.contains("Could not verify invite", { timeout: 10_000 });
+  });
+});
diff --git a/login/apps/login-test-integration/integration/login.cy.ts b/login/apps/login-test-integration/integration/login.cy.ts
new file mode 100644
index 0000000000..917d719cb1
--- /dev/null
+++ b/login/apps/login-test-integration/integration/login.cy.ts
@@ -0,0 +1,172 @@
+import { stub } from "../support/e2e";
+
+describe("login", () => {
+  beforeEach(() => {
+    stub("zitadel.org.v2.OrganizationService", "ListOrganizations", {
+      data: {
+        details: {
+          totalResult: 1,
+        },
+        result: [{ id: "256088834543534543" }],
+      },
+    });
+    stub("zitadel.session.v2.SessionService", "CreateSession", {
+      data: {
+        details: {
+          sequence: 859,
+          changeDate: new Date("2024-04-04T09:40:55.577Z"),
+          resourceOwner: "220516472055706145",
+        },
+        sessionId: "221394658884845598",
+        sessionToken: "SDMc7DlYXPgwRJ-Tb5NlLqynysHjEae3csWsKzoZWLplRji0AYY3HgAkrUEBqtLCvOayLJPMd0ax4Q",
+        challenges: undefined,
+      },
+    });
+
+    stub("zitadel.session.v2.SessionService", "GetSession", {
+      data: {
+        session: {
+          id: "221394658884845598",
+          creationDate: new Date("2024-04-04T09:40:55.577Z"),
+          changeDate: new Date("2024-04-04T09:40:55.577Z"),
+          sequence: 859,
+          factors: {
+            user: {
+              id: "221394658884845598",
+              loginName: "john@zitadel.com",
+            },
+            password: undefined,
+            webAuthN: undefined,
+            intent: undefined,
+          },
+          metadata: {},
+        },
+      },
+    });
+
+    stub("zitadel.settings.v2.SettingsService", "GetLoginSettings", {
+      data: {
+        settings: {
+          passkeysType: 1,
+          allowUsernamePassword: true,
+        },
+      },
+    });
+  });
+  describe("password login", () => {
+    beforeEach(() => {
+      stub("zitadel.user.v2.UserService", "ListUsers", {
+        data: {
+          details: {
+            totalResult: 1,
+          },
+          result: [
+            {
+              userId: "221394658884845598",
+              state: 1,
+              username: "john@zitadel.com",
+              loginNames: ["john@zitadel.com"],
+              preferredLoginName: "john@zitadel.com",
+              human: {
+                userId: "221394658884845598",
+                state: 1,
+                username: "john@zitadel.com",
+                loginNames: ["john@zitadel.com"],
+                preferredLoginName: "john@zitadel.com",
+                profile: {
+                  givenName: "John",
+                  familyName: "Doe",
+                  avatarUrl: "https://zitadel.com/avatar.jpg",
+                },
+                email: {
+                  email: "john@zitadel.com",
+                  isVerified: true,
+                },
+              },
+            },
+          ],
+        },
+      });
+      stub("zitadel.user.v2.UserService", "ListAuthenticationMethodTypes", {
+        data: {
+          authMethodTypes: [1], // 1 for password authentication
+        },
+      });
+    });
+    it("should redirect a user with password authentication to /password", () => {
+      cy.visit("/loginname?loginName=john%40zitadel.com&submit=true");
+      cy.url({ timeout: 10_000 }).should("include", Cypress.config().baseUrl + "/password");
+    });
+    describe("with passkey prompt", () => {
+      beforeEach(() => {
+        stub("zitadel.session.v2.SessionService", "SetSession", {
+          data: {
+            details: {
+              sequence: 859,
+              changeDate: "2023-07-04T07:58:20.126Z",
+              resourceOwner: "220516472055706145",
+            },
+            sessionToken: "SDMc7DlYXPgwRJ-Tb5NlLqynysHjEae3csWsKzoZWLplRji0AYY3HgAkrUEBqtLCvOayLJPMd0ax4Q",
+            challenges: undefined,
+          },
+        });
+      });
+      // it("should prompt a user to setup passwordless authentication if passkey is allowed in the login settings", () => {
+      //   cy.visit("/loginname?loginName=john%40zitadel.com&submit=true");
+      //   cy.location("pathname", { timeout: 10_000 }).should("eq", "/password");
+      //   cy.get('input[type="password"]').focus().type("MyStrongPassword!1");
+      //   cy.get('button[type="submit"]').click();
+      //   cy.location("pathname", { timeout: 10_000 }).should(
+      //     "eq",
+      //     "/passkey/set",
+      //   );
+      // });
+    });
+  });
+  describe("passkey login", () => {
+    beforeEach(() => {
+      stub("zitadel.user.v2.UserService", "ListUsers", {
+        data: {
+          details: {
+            totalResult: 1,
+          },
+          result: [
+            {
+              userId: "221394658884845598",
+              state: 1,
+              username: "john@zitadel.com",
+              loginNames: ["john@zitadel.com"],
+              preferredLoginName: "john@zitadel.com",
+              human: {
+                userId: "221394658884845598",
+                state: 1,
+                username: "john@zitadel.com",
+                loginNames: ["john@zitadel.com"],
+                preferredLoginName: "john@zitadel.com",
+                profile: {
+                  givenName: "John",
+                  familyName: "Doe",
+                  avatarUrl: "https://zitadel.com/avatar.jpg",
+                },
+                email: {
+                  email: "john@zitadel.com",
+                  isVerified: true,
+                },
+              },
+            },
+          ],
+        },
+      });
+      stub("zitadel.user.v2.UserService", "ListAuthenticationMethodTypes", {
+        data: {
+          authMethodTypes: [2], // 2 for passwordless authentication
+        },
+      });
+    });
+
+    it("should redirect a user with passwordless authentication to /passkey", () => {
+      cy.visit("/loginname?loginName=john%40zitadel.com&submit=true");
+      cy.url({ timeout: 10_000 }).should("include", Cypress.config().baseUrl + "/passkey");
+    });
+  });
+});
diff --git a/login/apps/login-test-integration/integration/register-idp.cy.ts b/login/apps/login-test-integration/integration/register-idp.cy.ts
new file mode 100644
index 0000000000..73a0c32e00
--- /dev/null
+++ b/login/apps/login-test-integration/integration/register-idp.cy.ts
@@ -0,0 +1,21 @@
+import { stub } from "../support/e2e";
+
+const IDP_URL = "https://example.com/idp/url";
+
+describe("register idps", () => {
+  beforeEach(() => {
+    stub("zitadel.user.v2.UserService", "StartIdentityProviderIntent", {
+      data: {
+        authUrl: IDP_URL,
+      },
+    });
+  });
+
+  it("should redirect the user to the correct url", () => {
+    cy.visit("/idp");
+    cy.get('button[e2e="google"]').click();
+    cy.origin(IDP_URL, { args: IDP_URL }, (url) => {
+      cy.location("href", { timeout: 10_000 }).should("eq", url);
+    });
+  });
+});
diff --git a/login/apps/login-test-integration/integration/register.cy.ts b/login/apps/login-test-integration/integration/register.cy.ts
new file mode 100644
index 0000000000..44c53647c1
--- /dev/null
+++ b/login/apps/login-test-integration/integration/register.cy.ts
@@ -0,0 +1,73 @@
+import { stub } from "../support/e2e";
+
+describe("register", () => {
+  beforeEach(() => {
+    stub("zitadel.org.v2.OrganizationService", "ListOrganizations", {
+      data: {
+        details: {
+          totalResult: 1,
+        },
+        result: [{ id: "256088834543534543" }],
+      },
+    });
+    stub("zitadel.settings.v2.SettingsService", "GetLoginSettings", {
+      data: {
+        settings: {
+          passkeysType: 1,
+          allowRegister: true,
+          allowUsernamePassword: true,
+          defaultRedirectUri: "",
+        },
+      },
+    });
+    stub("zitadel.user.v2.UserService", "AddHumanUser", {
+      data: {
+        userId: "221394658884845598",
+      },
+    });
+    stub("zitadel.session.v2.SessionService", "CreateSession", {
+      data: {
+        details: {
+          sequence: 859,
+          changeDate: new Date("2024-04-04T09:40:55.577Z"),
+          resourceOwner: "220516472055706145",
+        },
+        sessionId: "221394658884845598",
+        sessionToken: "SDMc7DlYXPgwRJ-Tb5NlLqynysHjEae3csWsKzoZWLplRji0AYY3HgAkrUEBqtLCvOayLJPMd0ax4Q",
+        challenges: undefined,
+      },
+    });
+
+    stub("zitadel.session.v2.SessionService", "GetSession", {
+      data: {
+        session: {
+          id: "221394658884845598",
+          creationDate: new Date("2024-04-04T09:40:55.577Z"),
+          changeDate: new Date("2024-04-04T09:40:55.577Z"),
+          sequence: 859,
+          factors: {
+            user: {
+              id: "221394658884845598",
+              loginName: "john@zitadel.com",
+            },
+            password: undefined,
+            webAuthN: undefined,
+            intent: undefined,
+          },
+          metadata: {},
+        },
+      },
+    });
+  });
+
+  it("should redirect a user who selects passwordless on register to /passkey/set", () => {
+    cy.visit("/register");
+    cy.get('input[data-testid="firstname-text-input"]').focus().type("John");
+    cy.get('input[data-testid="lastname-text-input"]').focus().type("Doe");
+    cy.get('input[data-testid="email-text-input"]').focus().type("john@zitadel.com");
+    cy.get('input[type="checkbox"][value="privacypolicy"]').check();
+    cy.get('input[type="checkbox"][value="tos"]').check();
+    cy.get('button[type="submit"]').click();
+    cy.url({ timeout: 10_000 }).should("include", Cypress.config().baseUrl + "/passkey/set");
+  });
+});
diff --git a/login/apps/login-test-integration/integration/verify.cy.ts b/login/apps/login-test-integration/integration/verify.cy.ts
new file mode 100644
index 0000000000..db80cea720
--- /dev/null
+++ b/login/apps/login-test-integration/integration/verify.cy.ts
@@ -0,0 +1,95 @@
+import { stub } from "../support/e2e";
+
+describe("verify email", () => {
+  beforeEach(() => {
+    stub("zitadel.org.v2.OrganizationService", "ListOrganizations", {
+      data: {
+        details: {
+          totalResult: 1,
+        },
+        result: [{ id: "256088834543534543" }],
+      },
+    });
+
+    stub("zitadel.user.v2.UserService", "ListAuthenticationMethodTypes", {
+      data: {
+        authMethodTypes: [1], // set one method such that we know that the user was not invited
+      },
+    });
+
+    stub("zitadel.user.v2.UserService", "SendEmailCode");
+
+    stub("zitadel.user.v2.UserService", "GetUserByID", {
+      data: {
+        user: {
+          userId: "221394658884845598",
+          state: 1,
+          username: "john@zitadel.com",
+          loginNames: ["john@zitadel.com"],
+          preferredLoginName: "john@zitadel.com",
+          human: {
+            userId: "221394658884845598",
+            state: 1,
+            username: "john@zitadel.com",
+            loginNames: ["john@zitadel.com"],
+            preferredLoginName: "john@zitadel.com",
+            profile: {
+              givenName: "John",
+              familyName: "Doe",
+              avatarUrl: "https://zitadel.com/avatar.jpg",
+            },
+            email: {
+              email: "john@zitadel.com",
+              isVerified: false, // email is not verified yet
+            },
+          },
+        },
+      },
+    });
+
+    stub("zitadel.session.v2.SessionService", "CreateSession", {
+      data: {
+        details: {
+          sequence: 859,
+          changeDate: new Date("2024-04-04T09:40:55.577Z"),
+          resourceOwner: "220516472055706145",
+        },
+        sessionId: "221394658884845598",
+        sessionToken: "SDMc7DlYXPgwRJ-Tb5NlLqynysHjEae3csWsKzoZWLplRji0AYY3HgAkrUEBqtLCvOayLJPMd0ax4Q",
+        challenges: undefined,
+      },
+    });
+
+    stub("zitadel.session.v2.SessionService", "GetSession", {
+      data: {
+        session: {
+          id: "221394658884845598",
+          creationDate: new Date("2024-04-04T09:40:55.577Z"),
+          changeDate: new Date("2024-04-04T09:40:55.577Z"),
+          sequence: 859,
+          factors: {
+            user: {
+              id: "221394658884845598",
+              loginName: "john@zitadel.com",
+            },
+            password: undefined,
+            webAuthN: undefined,
+            intent: undefined,
+          },
+          metadata: {},
+        },
+      },
+    });
+  });
+
+  it("shows an error if email code validation failed", () => {
+    stub("zitadel.user.v2.UserService", "VerifyEmail", {
+      code: 3,
+      error: "error validating code",
+    });
+    // TODO: Avoid uncaught exception in application
+    cy.once("uncaught:exception", () => false);
+    cy.visit("/verify?userId=221394658884845598&code=abc");
+    cy.contains("Could not verify email", { timeout: 10_000 });
+  });
+});
diff --git a/login/apps/login-test-integration/package.json b/login/apps/login-test-integration/package.json
new file mode 100644
index 0000000000..f45c5a3413
--- /dev/null
+++ b/login/apps/login-test-integration/package.json
@@ -0,0 +1,17 @@
+{
+  "name": "login-test-integration",
+  "private": true,
+  "scripts": {
+    "test:integration": "dotenv -e ../login/.env.test pnpm exec cypress",
+    "test:integration:setup": "cd ../.. && make login_test_integration_dev"
+  },
+  "devDependencies": {
+    "@types/node": "^22.14.1",
+    "concurrently": "^9.1.2",
+    "cypress": "^14.3.2",
+    "env-cmd": "^10.0.0",
+    "nodemon": "^3.1.9",
+    "start-server-and-test": "^2.0.11",
+    "typescript": "^5.8.3"
+  }
+}
diff --git a/login/apps/login-test-integration/support/e2e.ts b/login/apps/login-test-integration/support/e2e.ts
new file mode 100644
index 0000000000..58056c973e
--- /dev/null
+++ b/login/apps/login-test-integration/support/e2e.ts
@@ -0,0 +1,29 @@
+const url = Cypress.env("CORE_MOCK_STUBS_URL") || "http://localhost:22220/v1/stubs";
+
+function removeStub(service: string, method: string) {
+  return cy.request({
+    url,
+    method: "DELETE",
+    qs: {
+      service,
+      method,
+    },
+  });
+}
+
+export function stub(service: string, method: string, out?: any) {
+  removeStub(service, method);
+  return cy.request({
+    url,
+    method: "POST",
+    body: {
+      stubs: [
+        {
+          service,
+          method,
+          out,
+        },
+      ],
+    },
+  });
+}
diff --git a/login/apps/login-test-integration/tsconfig.json b/login/apps/login-test-integration/tsconfig.json
new file mode 100644
index 0000000000..18edb199ac
--- /dev/null
+++ b/login/apps/login-test-integration/tsconfig.json
@@ -0,0 +1,8 @@
+{
+  "compilerOptions": {
+    "target": "es5",
+    "lib": ["es5", "dom"],
+    "types": ["cypress", "node"]
+  },
+  "include": ["**/*.ts"]
+}
diff --git a/login/apps/login-test-integration/turbo.json b/login/apps/login-test-integration/turbo.json
new file mode 100644
index 0000000000..2e2c7cfb42
--- /dev/null
+++ b/login/apps/login-test-integration/turbo.json
@@ -0,0 +1,10 @@
+{
+  "extends": ["//"],
+  "tasks": {
+    "test:integration:setup": {
+      "interactive": true,
+      "cache": false,
+      "persistent": true
+    }
+  }
+}
diff --git a/login/apps/login/.env.test b/login/apps/login/.env.test
new file mode 100644
index 0000000000..ee70003348
--- /dev/null
+++ b/login/apps/login/.env.test
@@ -0,0 +1,5 @@
+NEXT_PUBLIC_BASE_PATH=""
+ZITADEL_API_URL=http://localhost:22222
+ZITADEL_SERVICE_USER_TOKEN="yolo"
+EMAIL_VERIFICATION=true
+DEBUG=true
diff --git a/login/apps/login/.eslintrc.cjs b/login/apps/login/.eslintrc.cjs
new file mode 100755
index 0000000000..f5383dd47a
--- /dev/null
+++ b/login/apps/login/.eslintrc.cjs
@@ -0,0 +1,12 @@
+module.exports = {
+  extends: ["next/core-web-vitals"],
+  ignorePatterns: ["external/**/*.ts"],
+  rules: {
+    "@next/next/no-html-link-for-pages": "off",
+  },
+  settings: {
+    react: {
+      version: "detect",
+    },
+  },
+};
diff --git a/login/apps/login/.gitignore b/login/apps/login/.gitignore
new file mode 100644
index 0000000000..caf3c1ec81
--- /dev/null
+++ b/login/apps/login/.gitignore
@@ -0,0 +1,3 @@
+custom-config.js
+.env*.local
+standalone
diff --git a/login/apps/login/.prettierignore b/login/apps/login/.prettierignore
new file mode 100644
index 0000000000..dbcbbd11d1
--- /dev/null
+++ b/login/apps/login/.prettierignore
@@ -0,0 +1,2 @@
+.next
+/external
\ No newline at end of file
diff --git a/login/apps/login/constants/csp.js b/login/apps/login/constants/csp.js
new file mode 100644
index 0000000000..5cc1e254f3
--- /dev/null
+++ b/login/apps/login/constants/csp.js
@@ -0,0 +1,2 @@
+export const DEFAULT_CSP =
+  "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com; connect-src 'self'; child-src; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; img-src 'self' https://vercel.com;";
diff --git a/login/apps/login/locales/de.json b/login/apps/login/locales/de.json
new file mode 100644
index 0000000000..75897a628e
--- /dev/null
+++ b/login/apps/login/locales/de.json
@@ -0,0 +1,250 @@
+{
+  "common": {
+    "back": "Zurück"
+  },
+  "accounts": {
+    "title": "Konten",
+    "description": "Wählen Sie das Konto aus, das Sie verwenden möchten.",
+    "addAnother": "Ein weiteres Konto hinzufügen",
+    "noResults": "Keine Konten gefunden"
+  },
+  "logout": {
+    "title": "Logout",
+    "description": "Wählen Sie den Account aus, das Sie entfernen möchten",
+    "noResults": "Keine Konten gefunden",
+    "clear": "Session beenden",
+    "verifiedAt": "Zuletzt aktiv: {time}",
+    "success": {
+      "title": "Logout erfolgreich",
+      "description": "Sie haben sich erfolgreich abgemeldet."
+    }
+  },
+  "loginname": {
+    "title": "Willkommen zurück!",
+    "description": "Geben Sie Ihre Anmeldedaten ein.",
+    "register": "Neuen Benutzer registrieren",
+    "submit": "Weiter"
+  },
+  "password": {
+    "verify": {
+      "title": "Passwort",
+      "description": "Geben Sie Ihr Passwort ein.",
+      "resetPassword": "Passwort zurücksetzen",
+      "submit": "Weiter"
+    },
+    "set": {
+      "title": "Passwort festlegen",
+      "description": "Legen Sie das Passwort für Ihr Konto fest",
+      "codeSent": "Ein Code wurde an Ihre E-Mail-Adresse gesendet.",
+      "noCodeReceived": "Keinen Code erhalten?",
+      "resend": "Erneut senden",
+      "submit": "Weiter"
+    },
+    "change": {
+      "title": "Passwort ändern",
+      "description": "Legen Sie das Passwort für Ihr Konto fest",
+      "submit": "Weiter"
+    }
+  },
+  "idp": {
+    "title": "Mit SSO anmelden",
+    "description": "Wählen Sie einen der folgenden Anbieter, um sich anzumelden",
+    "orSignInWith": "oder melden Sie sich an mit",
+    "signInWithApple": "Mit Apple anmelden",
+    "signInWithGoogle": "Mit Google anmelden",
+    "signInWithAzureAD": "Mit AzureAD anmelden",
+    "signInWithGithub": "Mit GitHub anmelden",
+    "signInWithGitlab": "Mit GitLab anmelden",
+    "loginSuccess": {
+      "title": "Anmeldung erfolgreich",
+      "description": "Sie haben sich erfolgreich angemeldet!"
+    },
+    "linkingSuccess": {
+      "title": "Konto verknüpft",
+      "description": "Sie haben Ihr Konto erfolgreich verknüpft!"
+    },
+    "registerSuccess": {
+      "title": "Registrierung erfolgreich",
+      "description": "Sie haben sich erfolgreich registriert!"
+    },
+    "loginError": {
+      "title": "Anmeldung fehlgeschlagen",
+      "description": "Beim Anmelden ist ein Fehler aufgetreten."
+    },
+    "linkingError": {
+      "title": "Konto-Verknüpfung fehlgeschlagen",
+      "description": "Beim Verknüpfen Ihres Kontos ist ein Fehler aufgetreten."
+    },
+    "completeRegister": {
+      "title": "Registrierung abschließen",
+      "description": "Bitte vervollständige die Registrierung, um dein Konto zu erstellen."
+    }
+  },
+  "ldap": {
+    "title": "LDAP Login",
+    "description": "Geben Sie Ihre LDAP-Anmeldedaten ein.",
+    "username": "Benutzername",
+    "password": "Passwort",
+    "submit": "Weiter"
+  },
+  "mfa": {
+    "verify": {
+      "title": "Bestätigen Sie Ihre Identität",
+      "description": "Wählen Sie einen der folgenden Faktoren.",
+      "noResults": "Keine zweiten Faktoren verfügbar, um sie einzurichten."
+    },
+    "set": {
+      "title": "2-Faktor einrichten",
+      "description": "Wählen Sie einen der folgenden zweiten Faktoren.",
+      "skip": "Überspringen"
+    }
+  },
+  "otp": {
+    "verify": {
+      "title": "2-Faktor bestätigen",
+      "totpDescription": "Geben Sie den Code aus Ihrer Authentifizierungs-App ein.",
+      "smsDescription": "Geben Sie den Code ein, den Sie per SMS erhalten haben.",
+      "emailDescription": "Geben Sie den Code ein, den Sie per E-Mail erhalten haben.",
+      "noCodeReceived": "Keinen Code erhalten?",
+      "resendCode": "Code erneut senden",
+      "submit": "Weiter"
+    },
+    "set": {
+      "title": "2-Faktor einrichten",
+      "totpDescription": "Scannen Sie den QR-Code mit Ihrer Authentifizierungs-App.",
+      "smsDescription": "Geben Sie Ihre Telefonnummer ein, um einen Code per SMS zu erhalten.",
+      "emailDescription": "Geben Sie Ihre E-Mail-Adresse ein, um einen Code per E-Mail zu erhalten.",
+      "totpRegisterDescription": "Scannen Sie den QR-Code oder navigieren Sie manuell zur URL.",
+      "submit": "Weiter"
+    }
+  },
+  "passkey": {
+    "verify": {
+      "title": "Mit einem Passkey authentifizieren",
+      "description": "Ihr Gerät wird nach Ihrem Fingerabdruck, Gesicht oder Bildschirmsperre fragen",
+      "usePassword": "Passwort verwenden",
+      "submit": "Weiter"
+    },
+    "set": {
+      "title": "Passkey einrichten",
+      "description": "Ihr Gerät wird nach Ihrem Fingerabdruck, Gesicht oder Bildschirmsperre fragen",
+      "info": {
+        "description": "Ein Passkey ist eine Authentifizierungsmethode auf einem Gerät wie Ihr Fingerabdruck, Apple FaceID oder ähnliches.",
+        "link": "Passwortlose Authentifizierung"
+      },
+      "skip": "Überspringen",
+      "submit": "Weiter"
+    }
+  },
+  "u2f": {
+    "verify": {
+      "title": "2-Faktor bestätigen",
+      "description": "Bestätigen Sie Ihr Konto mit Ihrem Gerät."
+    },
+    "set": {
+      "title": "2-Faktor einrichten",
+      "description": "Richten Sie ein Gerät als zweiten Faktor ein.",
+      "submit": "Weiter"
+    }
+  },
+  "register": {
+    "methods": {
+      "passkey": "Passkey",
+      "password": "Password"
+    },
+    "disabled": {
+      "title": "Registrierung deaktiviert",
+      "description": "Die Registrierung ist deaktiviert. Bitte wenden Sie sich an den Administrator."
+    },
+    "missingdata": {
+      "title": "Registrierung fehlgeschlagen",
+      "description": "Einige Daten fehlen. Bitte überprüfen Sie Ihre Eingaben."
+    },
+    "title": "Registrieren",
+    "description": "Erstellen Sie Ihr ZITADEL-Konto.",
+    "noMethodAvailableWarning": "Keine Authentifizierungsmethode verfügbar. Bitte wenden Sie sich an den Administrator.",
+    "selectMethod": "Wählen Sie die Methode, mit der Sie sich authentifizieren möchten",
+    "agreeTo": "Um sich zu registrieren, müssen Sie den Nutzungsbedingungen zustimmen",
+    "termsOfService": "Nutzungsbedingungen",
+    "privacyPolicy": "Datenschutzrichtlinie",
+    "submit": "Weiter",
+    "orUseIDP": "oder verwenden Sie einen Identitätsanbieter",
+    "password": {
+      "title": "Passwort festlegen",
+      "description": "Legen Sie das Passwort für Ihr Konto fest",
+      "submit": "Weiter"
+    }
+  },
+  "invite": {
+    "title": "Benutzer einladen",
+    "description": "Geben Sie die E-Mail-Adresse des Benutzers ein, den Sie einladen möchten.",
+    "info": "Der Benutzer erhält eine E-Mail mit einem Link, um sich zu registrieren.",
+    "notAllowed": "Sie haben keine Berechtigung, Benutzer einzuladen.",
+    "submit": "Einladen",
+    "success": {
+      "title": "Einladung erfolgreich",
+      "description": "Der Benutzer wurde erfolgreich eingeladen.",
+      "verified": "Der Benutzer wurde eingeladen und hat seine E-Mail bereits verifiziert.",
+      "notVerifiedYet": "Der Benutzer wurde eingeladen. Er erhält eine E-Mail mit weiteren Anweisungen.",
+      "submit": "Weiteren Benutzer einladen"
+    }
+  },
+  "signedin": {
+    "title": "Willkommen {user}!",
+    "description": "Sie sind angemeldet.",
+    "continue": "Weiter",
+    "error": {
+      "title": "Fehler",
+      "description": "Ein Fehler ist aufgetreten."
+    }
+  },
+  "verify": {
+    "userIdMissing": "Keine Benutzer-ID angegeben!",
+    "successTitle": "Benutzer verifiziert",
+    "successDescription": "Der Benutzer wurde erfolgreich verifiziert.",
+    "setupAuthenticator": "Authentifikator einrichten",
+    "verify": {
+      "title": "Benutzer verifizieren",
+      "description": "Geben Sie den Code ein, der in der Bestätigungs-E-Mail angegeben ist.",
+      "noCodeReceived": "Keinen Code erhalten?",
+      "resendCode": "Code erneut senden",
+      "codeSent": "Ein Code wurde gerade an Ihre E-Mail-Adresse gesendet.",
+      "submit": "Weiter"
+    }
+  },
+  "authenticator": {
+    "title": "Authentifizierungsmethode auswählen",
+    "description": "Wählen Sie die Methode, mit der Sie sich authentifizieren möchten.",
+    "noMethodsAvailable": "Keine Authentifizierungsmethoden verfügbar",
+    "allSetup": "Sie haben bereits einen Authentifikator eingerichtet!",
+    "linkWithIDP": "oder verknüpfe mit einem Identitätsanbieter"
+  },
+  "device": {
+    "usercode": {
+      "title": "Gerätecode",
+      "description": "Geben Sie den Code ein.",
+      "submit": "Weiter"
+    },
+    "request": {
+      "title": "{appName} möchte eine Verbindung herstellen:",
+      "disclaimer": "{appName} hat Zugriff auf:",
+      "description": "Durch Klicken auf Zulassen erlauben Sie {appName} und Zitadel, Ihre Informationen gemäß ihren jeweiligen Nutzungsbedingungen und Datenschutzrichtlinien zu verwenden. Sie können diesen Zugriff jederzeit widerrufen.",
+      "submit": "Zulassen",
+      "deny": "Ablehnen"
+    },
+    "scope": {
+      "openid": "Überprüfen Ihrer Identität.",
+      "email": "Zugriff auf Ihre E-Mail-Adresse.",
+      "profile": "Zugriff auf Ihre vollständigen Profilinformationen.",
+      "offline_access": "Erlauben Sie den Offline-Zugriff auf Ihr Konto."
+    }
+  },
+  "error": {
+    "noUserCode": "Kein Benutzercode angegeben!",
+    "noDeviceRequest": " Es wurde keine Geräteanforderung gefunden. Bitte überprüfen Sie die URL.",
+    "unknownContext": "Der Kontext des Benutzers konnte nicht ermittelt werden. Stellen Sie sicher, dass Sie zuerst den Benutzernamen eingeben oder einen loginName als Suchparameter angeben.",
+    "sessionExpired": "Ihre aktuelle Sitzung ist abgelaufen. Bitte melden Sie sich erneut an.",
+    "failedLoading": "Daten konnten nicht geladen werden. Bitte versuchen Sie es erneut.",
+    "tryagain": "Erneut versuchen"
+  }
+}
diff --git a/login/apps/login/locales/en.json b/login/apps/login/locales/en.json
new file mode 100644
index 0000000000..9f95403063
--- /dev/null
+++ b/login/apps/login/locales/en.json
@@ -0,0 +1,250 @@
+{
+  "common": {
+    "back": "Back"
+  },
+  "accounts": {
+    "title": "Accounts",
+    "description": "Select the account you want to use.",
+    "addAnother": "Add another account",
+    "noResults": "No accounts found"
+  },
+  "logout": {
+    "title": "Logout",
+    "description": "Click an account to end the session",
+    "noResults": "No accounts found",
+    "clear": "End Session",
+    "verifiedAt": "Last active: {time}",
+    "success": {
+      "title": "Logout successful",
+      "description": "You have successfully logged out."
+    }
+  },
+  "loginname": {
+    "title": "Welcome back!",
+    "description": "Enter your login data.",
+    "register": "Register new user",
+    "submit": "Continue"
+  },
+  "password": {
+    "verify": {
+      "title": "Password",
+      "description": "Enter your password.",
+      "resetPassword": "Reset Password",
+      "submit": "Continue"
+    },
+    "set": {
+      "title": "Set Password",
+      "description": "Set the password for your account",
+      "codeSent": "A code has been sent to your email address.",
+      "noCodeReceived": "Didn't receive a code?",
+      "resend": "Resend code",
+      "submit": "Continue"
+    },
+    "change": {
+      "title": "Change Password",
+      "description": "Set the password for your account",
+      "submit": "Continue"
+    }
+  },
+  "idp": {
+    "title": "Sign in with SSO",
+    "description": "Select one of the following providers to sign in",
+    "orSignInWith": "or sign in with",
+    "signInWithApple": "Sign in with Apple",
+    "signInWithGoogle": "Sign in with Google",
+    "signInWithAzureAD": "Sign in with AzureAD",
+    "signInWithGithub": "Sign in with GitHub",
+    "signInWithGitlab": "Sign in with GitLab",
+    "loginSuccess": {
+      "title": "Login successful",
+      "description": "You have successfully been loggedIn!"
+    },
+    "linkingSuccess": {
+      "title": "Account linked",
+      "description": "You have successfully linked your account!"
+    },
+    "registerSuccess": {
+      "title": "Registration successful",
+      "description": "You have successfully registered!"
+    },
+    "loginError": {
+      "title": "Login failed",
+      "description": "An error occurred while trying to login."
+    },
+    "linkingError": {
+      "title": "Account linking failed",
+      "description": "An error occurred while trying to link your account."
+    },
+    "completeRegister": {
+      "title": "Complete your data",
+      "description": "You need to complete your registration by providing your email address and name."
+    }
+  },
+  "ldap": {
+    "title": "LDAP Login",
+    "description": "Enter your LDAP credentials.",
+    "username": "Username",
+    "password": "Password",
+    "submit": "Continue"
+  },
+  "mfa": {
+    "verify": {
+      "title": "Verify your identity",
+      "description": "Choose one of the following factors.",
+      "noResults": "No second factors available to setup."
+    },
+    "set": {
+      "title": "Set up 2-Factor",
+      "description": "Choose one of the following second factors.",
+      "skip": "Skip"
+    }
+  },
+  "otp": {
+    "verify": {
+      "title": "Verify 2-Factor",
+      "totpDescription": "Enter the code from your authenticator app.",
+      "smsDescription": "Enter the code you received via SMS.",
+      "emailDescription": "Enter the code you received via email.",
+      "noCodeReceived": "Didn't receive a code?",
+      "resendCode": "Resend code",
+      "submit": "Continue"
+    },
+    "set": {
+      "title": "Set up 2-Factor",
+      "totpDescription": "Scan the QR code with your authenticator app.",
+      "smsDescription": "Enter your phone number to receive a code via SMS.",
+      "emailDescription": "Enter your email address to receive a code via email.",
+      "totpRegisterDescription": "Scan the QR Code or navigate to the URL manually.",
+      "submit": "Continue"
+    }
+  },
+  "passkey": {
+    "verify": {
+      "title": "Authenticate with a passkey",
+      "description": "Your device will ask for your fingerprint, face, or screen lock",
+      "usePassword": "Use password",
+      "submit": "Continue"
+    },
+    "set": {
+      "title": "Setup a passkey",
+      "description": "Your device will ask for your fingerprint, face, or screen lock",
+      "info": {
+        "description": "A passkey is an authentication method on a device like your fingerprint, Apple FaceID or similar. ",
+        "link": "Passwordless Authentication"
+      },
+      "skip": "Skip",
+      "submit": "Continue"
+    }
+  },
+  "u2f": {
+    "verify": {
+      "title": "Verify 2-Factor",
+      "description": "Verify your account with your device."
+    },
+    "set": {
+      "title": "Set up 2-Factor",
+      "description": "Set up a device as a second factor.",
+      "submit": "Continue"
+    }
+  },
+  "register": {
+    "methods": {
+      "passkey": "Passkey",
+      "password": "Password"
+    },
+    "disabled": {
+      "title": "Registration disabled",
+      "description": "The registration is disabled. Please contact your administrator."
+    },
+    "missingdata": {
+      "title": "Missing data",
+      "description": "Provide email, first and last name to register."
+    },
+    "title": "Register",
+    "description": "Create your ZITADEL account.",
+    "noMethodAvailableWarning": "No authentication method available. Please contact your administrator.",
+    "selectMethod": "Select the method you would like to authenticate",
+    "agreeTo": "To register you must agree to the terms and conditions",
+    "termsOfService": "Terms of Service",
+    "privacyPolicy": "Privacy Policy",
+    "submit": "Continue",
+    "orUseIDP": "or use an Identity Provider",
+    "password": {
+      "title": "Set Password",
+      "description": "Set the password for your account",
+      "submit": "Continue"
+    }
+  },
+  "invite": {
+    "title": "Invite User",
+    "description": "Provide the email address and the name of the user you want to invite.",
+    "info": "The user will receive an email with further instructions.",
+    "notAllowed": "Your settings do not allow you to invite users.",
+    "submit": "Continue",
+    "success": {
+      "title": "User invited",
+      "description": "The email has successfully been sent.",
+      "verified": "The user has been invited and has already verified his email.",
+      "notVerifiedYet": "The user has been invited. They will receive an email with further instructions.",
+      "submit": "Invite another user"
+    }
+  },
+  "signedin": {
+    "title": "Welcome {user}!",
+    "description": "You are signed in.",
+    "continue": "Continue",
+    "error": {
+      "title": "Error",
+      "description": "An error occurred while trying to sign in."
+    }
+  },
+  "verify": {
+    "userIdMissing": "No userId provided!",
+    "successTitle": "User verified",
+    "successDescription": "The user has been verified successfully.",
+    "setupAuthenticator": "Setup authenticator",
+    "verify": {
+      "title": "Verify user",
+      "description": "Enter the Code provided in the verification email.",
+      "noCodeReceived": "Didn't receive a code?",
+      "resendCode": "Resend code",
+      "codeSent": "A code has just been sent to your email address.",
+      "submit": "Continue"
+    }
+  },
+  "authenticator": {
+    "title": "Choose authentication method",
+    "description": "Select the method you would like to authenticate",
+    "noMethodsAvailable": "No authentication methods available",
+    "allSetup": "You have already setup an authenticator!",
+    "linkWithIDP": "or link with an Identity Provider"
+  },
+  "device": {
+    "usercode": {
+      "title": "Device code",
+      "description": "Enter the code displayed on your app or device.",
+      "submit": "Continue"
+    },
+    "request": {
+      "title": "{appName} would like to connect",
+      "description": "{appName} will have access to:",
+      "disclaimer": "By clicking Allow, you allow {appName} and Zitadel to use your information in accordance with their respective terms of service and privacy policies. You can revoke this access at any time.",
+      "submit": "Allow",
+      "deny": "Deny"
+    },
+    "scope": {
+      "openid": "Verify your identity.",
+      "email": "View your email address.",
+      "profile": "View your full profile information.",
+      "offline_access": "Allow offline access to your account."
+    }
+  },
+  "error": {
+    "noUserCode": "No user code provided!",
+    "noDeviceRequest": "No device request found.",
+    "unknownContext": "Could not get the context of the user. Make sure to enter the username first or provide a loginName as searchParam.",
+    "sessionExpired": "Your current session has expired. Please login again.",
+    "failedLoading": "Failed to load data. Please try again.",
+    "tryagain": "Try Again"
+  }
+}
diff --git a/login/apps/login/locales/es.json b/login/apps/login/locales/es.json
new file mode 100644
index 0000000000..fe88bb94c6
--- /dev/null
+++ b/login/apps/login/locales/es.json
@@ -0,0 +1,250 @@
+{
+  "common": {
+    "back": "Atrás"
+  },
+  "accounts": {
+    "title": "Cuentas",
+    "description": "Selecciona la cuenta que deseas usar.",
+    "addAnother": "Agregar otra cuenta",
+    "noResults": "No se encontraron cuentas"
+  },
+  "logout": {
+    "title": "Cerrar sesión",
+    "description": "Selecciona la cuenta que deseas eliminar",
+    "noResults": "No se encontraron cuentas",
+    "clear": "Eliminar sesión",
+    "verifiedAt": "Última actividad: {time}",
+    "success": {
+      "title": "Cierre de sesión exitoso",
+      "description": "Has cerrado sesión correctamente."
+    }
+  },
+  "loginname": {
+    "title": "¡Bienvenido de nuevo!",
+    "description": "Introduce tus datos de acceso.",
+    "register": "Registrar nuevo usuario",
+    "submit": "Continuar"
+  },
+  "password": {
+    "verify": {
+      "title": "Contraseña",
+      "description": "Introduce tu contraseña.",
+      "resetPassword": "Restablecer contraseña",
+      "submit": "Continuar"
+    },
+    "set": {
+      "title": "Establecer Contraseña",
+      "description": "Establece la contraseña para tu cuenta",
+      "codeSent": "Se ha enviado un código a su correo electrónico.",
+      "noCodeReceived": "¿No recibiste un código?",
+      "resend": "Reenviar código",
+      "submit": "Continuar"
+    },
+    "change": {
+      "title": "Cambiar Contraseña",
+      "description": "Establece la contraseña para tu cuenta",
+      "submit": "Continuar"
+    }
+  },
+  "idp": {
+    "title": "Iniciar sesión con SSO",
+    "description": "Selecciona uno de los siguientes proveedores para iniciar sesión",
+    "orSignInWith": "o iniciar sesión con",
+    "signInWithApple": "Iniciar sesión con Apple",
+    "signInWithGoogle": "Iniciar sesión con Google",
+    "signInWithAzureAD": "Iniciar sesión con AzureAD",
+    "signInWithGithub": "Iniciar sesión con GitHub",
+    "signInWithGitlab": "Iniciar sesión con GitLab",
+    "loginSuccess": {
+      "title": "Inicio de sesión exitoso",
+      "description": "¡Has iniciado sesión con éxito!"
+    },
+    "linkingSuccess": {
+      "title": "Cuenta vinculada",
+      "description": "¡Has vinculado tu cuenta con éxito!"
+    },
+    "registerSuccess": {
+      "title": "Registro exitoso",
+      "description": "¡Te has registrado con éxito!"
+    },
+    "loginError": {
+      "title": "Error de inicio de sesión",
+      "description": "Ocurrió un error al intentar iniciar sesión."
+    },
+    "linkingError": {
+      "title": "Error al vincular la cuenta",
+      "description": "Ocurrió un error al intentar vincular tu cuenta."
+    },
+    "completeRegister": {
+      "title": "Completar registro",
+      "description": "Para completar el registro, debes establecer una contraseña."
+    }
+  },
+  "ldap": {
+    "title": "Iniciar sesión con LDAP",
+    "description": "Introduce tus credenciales LDAP.",
+    "username": "Nombre de usuario",
+    "password": "Contraseña",
+    "submit": "Continuar"
+  },
+  "mfa": {
+    "verify": {
+      "title": "Verifica tu identidad",
+      "description": "Elige uno de los siguientes factores.",
+      "noResults": "No hay factores secundarios disponibles para configurar."
+    },
+    "set": {
+      "title": "Configurar autenticación de 2 factores",
+      "description": "Elige uno de los siguientes factores secundarios.",
+      "skip": "Omitir"
+    }
+  },
+  "otp": {
+    "verify": {
+      "title": "Verificar autenticación de 2 factores",
+      "totpDescription": "Introduce el código de tu aplicación de autenticación.",
+      "smsDescription": "Introduce el código que recibiste por SMS.",
+      "emailDescription": "Introduce el código que recibiste por correo electrónico.",
+      "noCodeReceived": "¿No recibiste un código?",
+      "resendCode": "Reenviar código",
+      "submit": "Continuar"
+    },
+    "set": {
+      "title": "Configurar autenticación de 2 factores",
+      "totpDescription": "Escanea el código QR con tu aplicación de autenticación.",
+      "smsDescription": "Introduce tu número de teléfono para recibir un código por SMS.",
+      "emailDescription": "Introduce tu dirección de correo electrónico para recibir un código por correo electrónico.",
+      "totpRegisterDescription": "Escanea el código QR o navega manualmente a la URL.",
+      "submit": "Continuar"
+    }
+  },
+  "passkey": {
+    "verify": {
+      "title": "Autenticar con una clave de acceso",
+      "description": "Tu dispositivo pedirá tu huella digital, rostro o bloqueo de pantalla",
+      "usePassword": "Usar contraseña",
+      "submit": "Continuar"
+    },
+    "set": {
+      "title": "Configurar una clave de acceso",
+      "description": "Tu dispositivo pedirá tu huella digital, rostro o bloqueo de pantalla",
+      "info": {
+        "description": "Una clave de acceso es un método de autenticación en un dispositivo como tu huella digital, Apple FaceID o similar.",
+        "link": "Autenticación sin contraseña"
+      },
+      "skip": "Omitir",
+      "submit": "Continuar"
+    }
+  },
+  "u2f": {
+    "verify": {
+      "title": "Verificar autenticación de 2 factores",
+      "description": "Verifica tu cuenta con tu dispositivo."
+    },
+    "set": {
+      "title": "Configurar autenticación de 2 factores",
+      "description": "Configura un dispositivo como segundo factor.",
+      "submit": "Continuar"
+    }
+  },
+  "register": {
+    "methods": {
+      "passkey": "Clave de acceso",
+      "password": "Contraseña"
+    },
+    "disabled": {
+      "title": "Registro deshabilitado",
+      "description": "Registrarse está deshabilitado en este momento."
+    },
+    "missingdata": {
+      "title": "Datos faltantes",
+      "description": "No se proporcionaron datos suficientes para el registro."
+    },
+    "title": "Registrarse",
+    "description": "Crea tu cuenta ZITADEL.",
+    "noMethodAvailableWarning": "No hay métodos de autenticación disponibles. Por favor, contacta a tu administrador.",
+    "selectMethod": "Selecciona el método con el que deseas autenticarte",
+    "agreeTo": "Para registrarte debes aceptar los términos y condiciones",
+    "termsOfService": "Términos de Servicio",
+    "privacyPolicy": "Política de Privacidad",
+    "submit": "Continuar",
+    "orUseIDP": "o usa un Proveedor de Identidad",
+    "password": {
+      "title": "Establecer Contraseña",
+      "description": "Establece la contraseña para tu cuenta",
+      "submit": "Continuar"
+    }
+  },
+  "invite": {
+    "title": "Invitar usuario",
+    "description": "Introduce el correo electrónico del usuario que deseas invitar.",
+    "info": "El usuario recibirá un correo electrónico con un enlace para completar el registro.",
+    "notAllowed": "No tienes permiso para invitar usuarios.",
+    "submit": "Invitar usuario",
+    "success": {
+      "title": "¡Usuario invitado!",
+      "description": "El usuario ha sido invitado.",
+      "verified": "El usuario ha sido invitado y ya ha verificado su correo electrónico.",
+      "notVerifiedYet": "El usuario ha sido invitado. Recibirá un correo electrónico con más instrucciones.",
+      "submit": "Invitar a otro usuario"
+    }
+  },
+  "signedin": {
+    "title": "¡Bienvenido {user}!",
+    "description": "Has iniciado sesión.",
+    "continue": "Continuar",
+    "error": {
+      "title": "Error",
+      "description": "Ocurrió un error al iniciar sesión."
+    }
+  },
+  "verify": {
+    "userIdMissing": "¡No se proporcionó userId!",
+    "successTitle": "Usuario verificado",
+    "successDescription": "El usuario ha sido verificado con éxito.",
+    "setupAuthenticator": "Configurar autenticador",
+    "verify": {
+      "title": "Verificar usuario",
+      "description": "Introduce el código proporcionado en el correo electrónico de verificación.",
+      "noCodeReceived": "¿No recibiste un código?",
+      "resendCode": "Reenviar código",
+      "codeSent": "Se ha enviado un código a tu dirección de correo electrónico.",
+      "submit": "Continuar"
+    }
+  },
+  "authenticator": {
+    "title": "Seleccionar método de autenticación",
+    "description": "Selecciona el método con el que deseas autenticarte",
+    "noMethodsAvailable": "No hay métodos de autenticación disponibles",
+    "allSetup": "¡Ya has configurado un autenticador!",
+    "linkWithIDP": "o vincúlalo con un proveedor de identidad"
+  },
+  "device": {
+    "usercode": {
+      "title": "Código del dispositivo",
+      "description": "Introduce el código.",
+      "submit": "Continuar"
+    },
+    "request": {
+      "title": "{appName} desea conectarse:",
+      "description": "{appName} tendrá acceso a:",
+      "disclaimer": "Al hacer clic en Permitir, autorizas a {appName} y a Zitadel a usar tu información de acuerdo con sus respectivos términos de servicio y políticas de privacidad. Puedes revocar este acceso en cualquier momento.",
+      "submit": "Permitir",
+      "deny": "Denegar"
+    },
+    "scope": {
+      "openid": "Verifica tu identidad.",
+      "email": "Accede a tu dirección de correo electrónico.",
+      "profile": "Accede a la información completa de tu perfil.",
+      "offline_access": "Permitir acceso sin conexión a tu cuenta."
+    }
+  },
+  "error": {
+    "noUserCode": "¡No se proporcionó código de usuario!",
+    "noDeviceRequest": "No se encontró ninguna solicitud de dispositivo.",
+    "unknownContext": "No se pudo obtener el contexto del usuario. Asegúrate de ingresar primero el nombre de usuario o proporcionar un loginName como parámetro de búsqueda.",
+    "sessionExpired": "Tu sesión actual ha expirado. Por favor, inicia sesión de nuevo.",
+    "failedLoading": "No se pudieron cargar los datos. Por favor, inténtalo de nuevo.",
+    "tryagain": "Intentar de nuevo"
+  }
+}
diff --git a/login/apps/login/locales/it.json b/login/apps/login/locales/it.json
new file mode 100644
index 0000000000..1229a1a4c0
--- /dev/null
+++ b/login/apps/login/locales/it.json
@@ -0,0 +1,250 @@
+{
+  "common": {
+    "back": "Indietro"
+  },
+  "accounts": {
+    "title": "Account",
+    "description": "Seleziona l'account che desideri utilizzare.",
+    "addAnother": "Aggiungi un altro account",
+    "noResults": "Nessun account trovato"
+  },
+  "logout": {
+    "title": "Esci",
+    "description": "Seleziona l'account che desideri uscire",
+    "noResults": "Nessun account trovato",
+    "clear": "Elimina sessione",
+    "verifiedAt": "Ultima attività: {time}",
+    "success": {
+      "title": "Uscita riuscita",
+      "description": "Hai effettuato l'uscita con successo."
+    }
+  },
+  "loginname": {
+    "title": "Bentornato!",
+    "description": "Inserisci i tuoi dati di accesso.",
+    "register": "Registrati come nuovo utente",
+    "submit": "Continua"
+  },
+  "password": {
+    "verify": {
+      "title": "Password",
+      "description": "Inserisci la tua password.",
+      "resetPassword": "Reimposta Password",
+      "submit": "Continua"
+    },
+    "set": {
+      "title": "Imposta Password",
+      "description": "Imposta la password per il tuo account",
+      "codeSent": "Un codice è stato inviato al tuo indirizzo email.",
+      "noCodeReceived": "Non hai ricevuto un codice?",
+      "resend": "Invia di nuovo",
+      "submit": "Continua"
+    },
+    "change": {
+      "title": "Cambia Password",
+      "description": "Imposta la password per il tuo account",
+      "submit": "Continua"
+    }
+  },
+  "idp": {
+    "title": "Accedi con SSO",
+    "description": "Seleziona uno dei seguenti provider per accedere",
+    "orSignInWith": "o accedi con",
+    "signInWithApple": "Accedi con Apple",
+    "signInWithGoogle": "Accedi con Google",
+    "signInWithAzureAD": "Accedi con AzureAD",
+    "signInWithGithub": "Accedi con GitHub",
+    "signInWithGitlab": "Accedi con GitLab",
+    "loginSuccess": {
+      "title": "Accesso riuscito",
+      "description": "Accesso effettuato con successo!"
+    },
+    "linkingSuccess": {
+      "title": "Account collegato",
+      "description": "Hai collegato con successo il tuo account!"
+    },
+    "registerSuccess": {
+      "title": "Registrazione riuscita",
+      "description": "Registrazione effettuata con successo!"
+    },
+    "loginError": {
+      "title": "Accesso fallito",
+      "description": "Si è verificato un errore durante il tentativo di accesso."
+    },
+    "linkingError": {
+      "title": "Collegamento account fallito",
+      "description": "Si è verificato un errore durante il tentativo di collegare il tuo account."
+    },
+    "completeRegister": {
+      "title": "Completa la registrazione",
+      "description": "Completa la registrazione del tuo account."
+    }
+  },
+  "ldap": {
+    "title": "Accedi con LDAP",
+    "description": "Inserisci le tue credenziali LDAP.",
+    "username": "Nome utente",
+    "password": "Password",
+    "submit": "Continua"
+  },
+  "mfa": {
+    "verify": {
+      "title": "Verifica la tua identità",
+      "description": "Scegli uno dei seguenti fattori.",
+      "noResults": "Nessun secondo fattore disponibile per la configurazione."
+    },
+    "set": {
+      "title": "Configura l'autenticazione a 2 fattori",
+      "description": "Scegli uno dei seguenti secondi fattori.",
+      "skip": "Salta"
+    }
+  },
+  "otp": {
+    "verify": {
+      "title": "Verifica l'autenticazione a 2 fattori",
+      "totpDescription": "Inserisci il codice dalla tua app di autenticazione.",
+      "smsDescription": "Inserisci il codice ricevuto via SMS.",
+      "emailDescription": "Inserisci il codice ricevuto via email.",
+      "noCodeReceived": "Non hai ricevuto un codice?",
+      "resendCode": "Invia di nuovo il codice",
+      "submit": "Continua"
+    },
+    "set": {
+      "title": "Configura l'autenticazione a 2 fattori",
+      "totpDescription": "Scansiona il codice QR con la tua app di autenticazione.",
+      "smsDescription": "Inserisci il tuo numero di telefono per ricevere un codice via SMS.",
+      "emailDescription": "Inserisci il tuo indirizzo email per ricevere un codice via email.",
+      "totpRegisterDescription": "Scansiona il codice QR o naviga manualmente all'URL.",
+      "submit": "Continua"
+    }
+  },
+  "passkey": {
+    "verify": {
+      "title": "Autenticati con una passkey",
+      "description": "Il tuo dispositivo chiederà la tua impronta digitale, il volto o il blocco schermo",
+      "usePassword": "Usa password",
+      "submit": "Continua"
+    },
+    "set": {
+      "title": "Configura una passkey",
+      "description": "Il tuo dispositivo chiederà la tua impronta digitale, il volto o il blocco schermo",
+      "info": {
+        "description": "Una passkey è un metodo di autenticazione su un dispositivo come la tua impronta digitale, Apple FaceID o simili.",
+        "link": "Autenticazione senza password"
+      },
+      "skip": "Salta",
+      "submit": "Continua"
+    }
+  },
+  "u2f": {
+    "verify": {
+      "title": "Verifica l'autenticazione a 2 fattori",
+      "description": "Verifica il tuo account con il tuo dispositivo."
+    },
+    "set": {
+      "title": "Configura l'autenticazione a 2 fattori",
+      "description": "Configura un dispositivo come secondo fattore.",
+      "submit": "Continua"
+    }
+  },
+  "register": {
+    "methods": {
+      "passkey": "Passkey",
+      "password": "Password"
+    },
+    "disabled": {
+      "title": "Registration disabled",
+      "description": "Registrazione disabilitata. Contatta l'amministratore di sistema per assistenza."
+    },
+    "missingdata": {
+      "title": "Registrazione",
+      "description": "Inserisci i tuoi dati per registrarti."
+    },
+    "title": "Registrati",
+    "description": "Crea il tuo account ZITADEL.",
+    "noMethodAvailableWarning": "Nessun metodo di autenticazione disponibile. Contatta l'amministratore di sistema per assistenza.",
+    "selectMethod": "Seleziona il metodo con cui desideri autenticarti",
+    "agreeTo": "Per registrarti devi accettare i termini e le condizioni",
+    "termsOfService": "Termini di Servizio",
+    "privacyPolicy": "Informativa sulla Privacy",
+    "submit": "Continua",
+    "orUseIDP": "o usa un Identity Provider",
+    "password": {
+      "title": "Imposta Password",
+      "description": "Imposta la password per il tuo account",
+      "submit": "Continua"
+    }
+  },
+  "invite": {
+    "title": "Invita Utente",
+    "description": "Inserisci l'indirizzo email dell'utente che desideri invitare.",
+    "info": "L'utente riceverà un'email con ulteriori istruzioni.",
+    "notAllowed": "Non hai i permessi per invitare un utente.",
+    "submit": "Invita Utente",
+    "success": {
+      "title": "Invito inviato",
+      "description": "L'utente è stato invitato con successo.",
+      "verified": "L'utente è stato invitato e ha già verificato la sua email.",
+      "notVerifiedYet": "L'utente è stato invitato. Riceverà un'email con ulteriori istruzioni.",
+      "submit": "Invita un altro utente"
+    }
+  },
+  "signedin": {
+    "title": "Benvenuto {user}!",
+    "description": "Sei connesso.",
+    "continue": "Continua",
+    "error": {
+      "title": "Errore",
+      "description": "Si è verificato un errore durante il tentativo di accesso."
+    }
+  },
+  "verify": {
+    "userIdMissing": "Nessun userId fornito!",
+    "successTitle": "Utente verificato",
+    "successDescription": "L'utente è stato verificato con successo.",
+    "setupAuthenticator": "Configura autenticatore",
+    "verify": {
+      "title": "Verifica utente",
+      "description": "Inserisci il codice fornito nell'email di verifica.",
+      "noCodeReceived": "Non hai ricevuto un codice?",
+      "resendCode": "Invia di nuovo il codice",
+      "codeSent": "Un codice è stato appena inviato al tuo indirizzo email.",
+      "submit": "Continua"
+    }
+  },
+  "authenticator": {
+    "title": "Seleziona metodo di autenticazione",
+    "description": "Seleziona il metodo con cui desideri autenticarti",
+    "noMethodsAvailable": "Nessun metodo di autenticazione disponibile",
+    "allSetup": "Hai già configurato un autenticatore!",
+    "linkWithIDP": "o collega con un Identity Provider"
+  },
+  "device": {
+    "usercode": {
+      "title": "Codice dispositivo",
+      "description": "Inserisci il codice.",
+      "submit": "Continua"
+    },
+    "request": {
+      "title": "{appName} desidera connettersi:",
+      "description": "{appName} avrà accesso a:",
+      "disclaimer": "Cliccando su Consenti, autorizzi {appName} e Zitadel a utilizzare le tue informazioni in conformità con i rispettivi termini di servizio e politiche sulla privacy. Puoi revocare questo accesso in qualsiasi momento.",
+      "submit": "Consenti",
+      "deny": "Nega"
+    },
+    "scope": {
+      "openid": "Verifica la tua identità.",
+      "email": "Accedi al tuo indirizzo email.",
+      "profile": "Accedi alle informazioni complete del tuo profilo.",
+      "offline_access": "Consenti l'accesso offline al tuo account."
+    }
+  },
+  "error": {
+    "noUserCode": "Nessun codice utente fornito!",
+    "noDeviceRequest": "Nessuna richiesta di dispositivo trovata.",
+    "unknownContext": "Impossibile ottenere il contesto dell'utente. Assicurati di inserire prima il nome utente o di fornire un loginName come parametro di ricerca.",
+    "sessionExpired": "La tua sessione attuale è scaduta. Effettua nuovamente l'accesso.",
+    "failedLoading": "Impossibile caricare i dati. Riprova.",
+    "tryagain": "Riprova"
+  }
+}
diff --git a/login/apps/login/locales/pl.json b/login/apps/login/locales/pl.json
new file mode 100644
index 0000000000..9fea6a19fa
--- /dev/null
+++ b/login/apps/login/locales/pl.json
@@ -0,0 +1,250 @@
+{
+  "common": {
+    "back": "Powrót"
+  },
+  "accounts": {
+    "title": "Konta",
+    "description": "Wybierz konto, którego chcesz użyć.",
+    "addAnother": "Dodaj kolejne konto",
+    "noResults": "Nie znaleziono kont"
+  },
+  "logout": {
+    "title": "Wyloguj się",
+    "description": "Wybierz konto, które chcesz usunąć",
+    "noResults": "Nie znaleziono kont",
+    "clear": "Usuń sesję",
+    "verifiedAt": "Ostatnia aktywność: {time}",
+    "success": {
+      "title": "Wylogowanie udane",
+      "description": "Pomyślnie się wylogowałeś."
+    }
+  },
+  "loginname": {
+    "title": "Witamy ponownie!",
+    "description": "Wprowadź dane logowania.",
+    "register": "Zarejestruj nowego użytkownika",
+    "submit": "Kontynuuj"
+  },
+  "password": {
+    "verify": {
+      "title": "Hasło",
+      "description": "Wprowadź swoje hasło.",
+      "resetPassword": "Zresetuj hasło",
+      "submit": "Kontynuuj"
+    },
+    "set": {
+      "title": "Ustaw hasło",
+      "description": "Ustaw hasło dla swojego konta",
+      "codeSent": "Kod został wysłany na twój adres e-mail.",
+      "noCodeReceived": "Nie otrzymałeś kodu?",
+      "resend": "Wyślij kod ponownie",
+      "submit": "Kontynuuj"
+    },
+    "change": {
+      "title": "Zmień hasło",
+      "description": "Ustaw nowe hasło dla swojego konta",
+      "submit": "Kontynuuj"
+    }
+  },
+  "idp": {
+    "title": "Zaloguj się za pomocą SSO",
+    "description": "Wybierz jednego z poniższych dostawców, aby się zalogować",
+    "orSignInWith": "lub zaloguj się przez",
+    "signInWithApple": "Zaloguj się przez Apple",
+    "signInWithGoogle": "Zaloguj się przez Google",
+    "signInWithAzureAD": "Zaloguj się przez AzureAD",
+    "signInWithGithub": "Zaloguj się przez GitHub",
+    "signInWithGitlab": "Zaloguj się przez GitLab",
+    "loginSuccess": {
+      "title": "Logowanie udane",
+      "description": "Zostałeś pomyślnie zalogowany!"
+    },
+    "linkingSuccess": {
+      "title": "Konto powiązane",
+      "description": "Pomyślnie powiązałeś swoje konto!"
+    },
+    "registerSuccess": {
+      "title": "Rejestracja udana",
+      "description": "Pomyślnie się zarejestrowałeś!"
+    },
+    "loginError": {
+      "title": "Logowanie nieudane",
+      "description": "Wystąpił błąd podczas próby logowania."
+    },
+    "linkingError": {
+      "title": "Powiązanie konta nie powiodło się",
+      "description": "Wystąpił błąd podczas próby powiązania konta."
+    },
+    "completeRegister": {
+      "title": "Ukończ rejestrację",
+      "description": "Ukończ rejestrację swojego konta."
+    }
+  },
+  "ldap": {
+    "title": "Zaloguj się przez LDAP",
+    "description": "Wprowadź swoje dane logowania LDAP.",
+    "username": "Nazwa użytkownika",
+    "password": "Hasło",
+    "submit": "Kontynuuj"
+  },
+  "mfa": {
+    "verify": {
+      "title": "Zweryfikuj swoją tożsamość",
+      "description": "Wybierz jeden z poniższych sposobów weryfikacji.",
+      "noResults": "Nie znaleziono dostępnych metod uwierzytelniania dwuskładnikowego."
+    },
+    "set": {
+      "title": "Skonfiguruj uwierzytelnianie dwuskładnikowe",
+      "description": "Wybierz jedną z poniższych metod drugiego czynnika.",
+      "skip": "Pomiń"
+    }
+  },
+  "otp": {
+    "verify": {
+      "title": "Zweryfikuj uwierzytelnianie dwuskładnikowe",
+      "totpDescription": "Wprowadź kod z aplikacji uwierzytelniającej.",
+      "smsDescription": "Wprowadź kod otrzymany SMS-em.",
+      "emailDescription": "Wprowadź kod otrzymany e-mailem.",
+      "noCodeReceived": "Nie otrzymałeś kodu?",
+      "resendCode": "Wyślij kod ponownie",
+      "submit": "Kontynuuj"
+    },
+    "set": {
+      "title": "Skonfiguruj uwierzytelnianie dwuskładnikowe",
+      "totpDescription": "Zeskanuj kod QR za pomocą aplikacji uwierzytelniającej.",
+      "smsDescription": "Wprowadź swój numer telefonu, aby otrzymać kod SMS-em.",
+      "emailDescription": "Wprowadź swój adres e-mail, aby otrzymać kod e-mailem.",
+      "totpRegisterDescription": "Zeskanuj kod QR lub otwórz adres URL ręcznie.",
+      "submit": "Kontynuuj"
+    }
+  },
+  "passkey": {
+    "verify": {
+      "title": "Uwierzytelnij się za pomocą klucza dostępu",
+      "description": "Twoje urządzenie poprosi o użycie odcisku palca, rozpoznawania twarzy lub blokady ekranu.",
+      "usePassword": "Użyj hasła",
+      "submit": "Kontynuuj"
+    },
+    "set": {
+      "title": "Skonfiguruj klucz dostępu",
+      "description": "Twoje urządzenie poprosi o użycie odcisku palca, rozpoznawania twarzy lub blokady ekranu.",
+      "info": {
+        "description": "Klucz dostępu to metoda uwierzytelniania na urządzeniu, wykorzystująca np. odcisk palca, Apple FaceID lub podobne rozwiązania.",
+        "link": "Uwierzytelnianie bez hasła"
+      },
+      "skip": "Pomiń",
+      "submit": "Kontynuuj"
+    }
+  },
+  "u2f": {
+    "verify": {
+      "title": "Zweryfikuj uwierzytelnianie dwuskładnikowe",
+      "description": "Zweryfikuj swoje konto za pomocą urządzenia."
+    },
+    "set": {
+      "title": "Skonfiguruj uwierzytelnianie dwuskładnikowe",
+      "description": "Skonfiguruj urządzenie jako dodatkowy czynnik uwierzytelniania.",
+      "submit": "Kontynuuj"
+    }
+  },
+  "register": {
+    "methods": {
+      "passkey": "Klucz dostępu",
+      "password": "Hasło"
+    },
+    "disabled": {
+      "title": "Rejestracja wyłączona",
+      "description": "Rejestracja jest wyłączona. Skontaktuj się z administratorem."
+    },
+    "missingdata": {
+      "title": "Brak danych",
+      "description": "Podaj e-mail, imię i nazwisko, aby się zarejestrować."
+    },
+    "title": "Rejestracja",
+    "description": "Utwórz konto ZITADEL.",
+    "noMethodAvailableWarning": "Brak dostępnych metod uwierzytelniania. Skontaktuj się z administratorem.",
+    "selectMethod": "Wybierz metodę uwierzytelniania, której chcesz użyć",
+    "agreeTo": "Aby się zarejestrować, musisz zaakceptować warunki korzystania",
+    "termsOfService": "Regulamin",
+    "privacyPolicy": "Polityka prywatności",
+    "submit": "Kontynuuj",
+    "orUseIDP": "lub użyj dostawcy tożsamości",
+    "password": {
+      "title": "Ustaw hasło",
+      "description": "Ustaw hasło dla swojego konta",
+      "submit": "Kontynuuj"
+    }
+  },
+  "invite": {
+    "title": "Zaproś użytkownika",
+    "description": "Podaj adres e-mail oraz imię i nazwisko użytkownika, którego chcesz zaprosić.",
+    "info": "Użytkownik otrzyma e-mail z dalszymi instrukcjami.",
+    "notAllowed": "Twoje ustawienia nie pozwalają na zapraszanie użytkowników.",
+    "submit": "Kontynuuj",
+    "success": {
+      "title": "Użytkownik zaproszony",
+      "description": "E-mail został pomyślnie wysłany.",
+      "verified": "Użytkownik został zaproszony i już zweryfikował swój e-mail.",
+      "notVerifiedYet": "Użytkownik został zaproszony. Otrzyma e-mail z dalszymi instrukcjami.",
+      "submit": "Zaproś kolejnego użytkownika"
+    }
+  },
+  "signedin": {
+    "title": "Witaj {user}!",
+    "description": "Jesteś zalogowany.",
+    "continue": "Kontynuuj",
+    "error": {
+      "title": "Błąd",
+      "description": "Nie można załadować danych. Sprawdź połączenie z internetem lub spróbuj ponownie później."
+    }
+  },
+  "verify": {
+    "userIdMissing": "Nie podano identyfikatora użytkownika!",
+    "successTitle": "Weryfikacja zakończona",
+    "successDescription": "Użytkownik został pomyślnie zweryfikowany.",
+    "setupAuthenticator": "Skonfiguruj uwierzytelnianie",
+    "verify": {
+      "title": "Zweryfikuj użytkownika",
+      "description": "Wprowadź kod z wiadomości weryfikacyjnej.",
+      "noCodeReceived": "Nie otrzymałeś kodu?",
+      "resendCode": "Wyślij kod ponownie",
+      "codeSent": "Kod został właśnie wysłany na twój adres e-mail.",
+      "submit": "Kontynuuj"
+    }
+  },
+  "authenticator": {
+    "title": "Wybierz metodę uwierzytelniania",
+    "description": "Wybierz metodę, której chcesz użyć do uwierzytelnienia.",
+    "noMethodsAvailable": "Brak dostępnych metod uwierzytelniania",
+    "allSetup": "Już skonfigurowałeś metodę uwierzytelniania!",
+    "linkWithIDP": "lub połącz z dostawcą tożsamości"
+  },
+  "device": {
+    "usercode": {
+      "title": "Kod urządzenia",
+      "description": "Wprowadź kod.",
+      "submit": "Kontynuuj"
+    },
+    "request": {
+      "title": "{appName} chce się połączyć:",
+      "description": "{appName} będzie miało dostęp do:",
+      "disclaimer": "Klikając Zezwól, pozwalasz tej aplikacji i Zitadel na korzystanie z Twoich informacji zgodnie z ich odpowiednimi warunkami użytkowania i politykami prywatności. Możesz cofnąć ten dostęp w dowolnym momencie.",
+      "submit": "Zezwól",
+      "deny": "Odmów"
+    },
+    "scope": {
+      "openid": "Zweryfikuj swoją tożsamość.",
+      "email": "Uzyskaj dostęp do swojego adresu e-mail.",
+      "profile": "Uzyskaj dostęp do pełnych informacji o swoim profilu.",
+      "offline_access": "Zezwól na dostęp offline do swojego konta."
+    }
+  },
+  "error": {
+    "noUserCode": "Nie podano kodu użytkownika!",
+    "noDeviceRequest": "Nie znaleziono żądania urządzenia.",
+    "unknownContext": "Nie udało się pobrać kontekstu użytkownika. Upewnij się, że najpierw wprowadziłeś nazwę użytkownika lub podałeś login jako parametr wyszukiwania.",
+    "sessionExpired": "Twoja sesja wygasła. Zaloguj się ponownie.",
+    "failedLoading": "Nie udało się załadować danych. Spróbuj ponownie.",
+    "tryagain": "Spróbuj ponownie"
+  }
+}
diff --git a/login/apps/login/locales/ru.json b/login/apps/login/locales/ru.json
new file mode 100644
index 0000000000..e745f1ae59
--- /dev/null
+++ b/login/apps/login/locales/ru.json
@@ -0,0 +1,250 @@
+{
+  "common": {
+    "back": "Назад"
+  },
+  "accounts": {
+    "title": "Аккаунты",
+    "description": "Выберите аккаунт, который хотите использовать.",
+    "addAnother": "Добавить другой аккаунт",
+    "noResults": "Аккаунты не найдены"
+  },
+  "logout": {
+    "title": "Выход",
+    "description": "Выберите аккаунт, который хотите удалить",
+    "noResults": "Аккаунты не найдены",
+    "clear": "Удалить сессию",
+    "verifiedAt": "Последняя активность: {time}",
+    "success": {
+      "title": "Выход выполнен успешно",
+      "description": "Вы успешно вышли из системы."
+    }
+  },
+  "loginname": {
+    "title": "С возвращением!",
+    "description": "Введите свои данные для входа.",
+    "register": "Зарегистрировать нового пользователя",
+    "submit": "Продолжить"
+  },
+  "password": {
+    "verify": {
+      "title": "Пароль",
+      "description": "Введите ваш пароль.",
+      "resetPassword": "Сбросить пароль",
+      "submit": "Продолжить"
+    },
+    "set": {
+      "title": "Установить пароль",
+      "description": "Установите пароль для вашего аккаунта",
+      "codeSent": "Код отправлен на ваш адрес электронной почты.",
+      "noCodeReceived": "Не получили код?",
+      "resend": "Отправить код повторно",
+      "submit": "Продолжить"
+    },
+    "change": {
+      "title": "Изменить пароль",
+      "description": "Установите пароль для вашего аккаунта",
+      "submit": "Продолжить"
+    }
+  },
+  "idp": {
+    "title": "Войти через SSO",
+    "description": "Выберите одного из провайдеров для входа",
+    "orSignInWith": "или войти через",
+    "signInWithApple": "Войти через Apple",
+    "signInWithGoogle": "Войти через Google",
+    "signInWithAzureAD": "Войти через AzureAD",
+    "signInWithGithub": "Войти через GitHub",
+    "signInWithGitlab": "Войти через GitLab",
+    "loginSuccess": {
+      "title": "Вход выполнен успешно",
+      "description": "Вы успешно вошли в систему!"
+    },
+    "linkingSuccess": {
+      "title": "Аккаунт привязан",
+      "description": "Аккаунт успешно привязан!"
+    },
+    "registerSuccess": {
+      "title": "Регистрация завершена",
+      "description": "Вы успешно зарегистрировались!"
+    },
+    "loginError": {
+      "title": "Ошибка входа",
+      "description": "Произошла ошибка при попытке входа."
+    },
+    "linkingError": {
+      "title": "Ошибка привязки аккаунта",
+      "description": "Произошла ошибка при попытке привязать аккаунт."
+    },
+    "completeRegister": {
+      "title": "Завершите регистрацию",
+      "description": "Завершите регистрацию вашего аккаунта."
+    }
+  },
+  "ldap": {
+    "title": "Войти через LDAP",
+    "description": "Введите ваши учетные данные LDAP.",
+    "username": "Имя пользователя",
+    "password": "Пароль",
+    "submit": "Продолжить"
+  },
+  "mfa": {
+    "verify": {
+      "title": "Подтвердите вашу личность",
+      "description": "Выберите один из следующих факторов.",
+      "noResults": "Нет доступных методов двухфакторной аутентификации"
+    },
+    "set": {
+      "title": "Настройка двухфакторной аутентификации",
+      "description": "Выберите один из следующих методов.",
+      "skip": "Пропустить"
+    }
+  },
+  "otp": {
+    "verify": {
+      "title": "Подтверждение 2FA",
+      "totpDescription": "Введите код из приложения-аутентификатора.",
+      "smsDescription": "Введите код, полученный по SMS.",
+      "emailDescription": "Введите код, полученный по email.",
+      "noCodeReceived": "Не получили код?",
+      "resendCode": "Отправить код повторно",
+      "submit": "Продолжить"
+    },
+    "set": {
+      "title": "Настройка двухфакторной аутентификации",
+      "totpDescription": "Отсканируйте QR-код в приложении-аутентификаторе.",
+      "smsDescription": "Введите номер телефона для получения кода по SMS.",
+      "emailDescription": "Введите email для получения кода.",
+      "totpRegisterDescription": "Отсканируйте QR-код или перейдите по ссылке вручную.",
+      "submit": "Продолжить"
+    }
+  },
+  "passkey": {
+    "verify": {
+      "title": "Аутентификация с помощью пасскей",
+      "description": "Устройство запросит отпечаток пальца, лицо или экранный замок",
+      "usePassword": "Использовать пароль",
+      "submit": "Продолжить"
+    },
+    "set": {
+      "title": "Настройка пасскей",
+      "description": "Устройство запросит отпечаток пальца, лицо или экранный замок",
+      "info": {
+        "description": "Пасскей — метод аутентификации через устройство (отпечаток пальца, Apple FaceID и аналоги).",
+        "link": "Аутентификация без пароля"
+      },
+      "skip": "Пропустить",
+      "submit": "Продолжить"
+    }
+  },
+  "u2f": {
+    "verify": {
+      "title": "Подтверждение 2FA",
+      "description": "Подтвердите аккаунт с помощью устройства."
+    },
+    "set": {
+      "title": "Настройка двухфакторной аутентификации",
+      "description": "Настройте устройство как второй фактор.",
+      "submit": "Продолжить"
+    }
+  },
+  "register": {
+    "methods": {
+      "passkey": "Пасскей",
+      "password": "Пароль"
+    },
+    "disabled": {
+      "title": "Регистрация отключена",
+      "description": "Регистрация недоступна. Обратитесь к администратору."
+    },
+    "missingdata": {
+      "title": "Недостаточно данных",
+      "description": "Укажите email, имя и фамилию для регистрации."
+    },
+    "title": "Регистрация",
+    "description": "Создайте свой аккаунт ZITADEL.",
+    "noMethodAvailableWarning": "Нет доступных методов аутентификации. Обратитесь к администратору.",
+    "selectMethod": "Выберите метод аутентификации",
+    "agreeTo": "Для регистрации необходимо принять условия:",
+    "termsOfService": "Условия использования",
+    "privacyPolicy": "Политика конфиденциальности",
+    "submit": "Продолжить",
+    "orUseIDP": "или используйте Identity Provider",
+    "password": {
+      "title": "Установить пароль",
+      "description": "Установите пароль для вашего аккаунта",
+      "submit": "Продолжить"
+    }
+  },
+  "invite": {
+    "title": "Пригласить пользователя",
+    "description": "Укажите email и имя пользователя для приглашения.",
+    "info": "Пользователь получит email с инструкциями.",
+    "notAllowed": "Ваши настройки не позволяют приглашать пользователей.",
+    "submit": "Продолжить",
+    "success": {
+      "title": "Пользователь приглашён",
+      "description": "Письмо успешно отправлено.",
+      "verified": "Пользователь приглашён и уже подтвердил email.",
+      "notVerifiedYet": "Пользователь приглашён. Он получит email с инструкциями.",
+      "submit": "Пригласить другого пользователя"
+    }
+  },
+  "signedin": {
+    "title": "Добро пожаловать, {user}!",
+    "description": "Вы вошли в систему.",
+    "continue": "Продолжить",
+    "error": {
+      "title": "Ошибка",
+      "description": "Не удалось войти в систему. Проверьте свои данные и попробуйте снова."
+    }
+  },
+  "verify": {
+    "userIdMissing": "Не указан userId!",
+    "successTitle": "Пользователь подтверждён",
+    "successDescription": "Пользователь успешно подтверждён.",
+    "setupAuthenticator": "Настроить аутентификатор",
+    "verify": {
+      "title": "Подтверждение пользователя",
+      "description": "Введите код из письма подтверждения.",
+      "noCodeReceived": "Не получили код?",
+      "resendCode": "Отправить код повторно",
+      "codeSent": "Код отправлен на ваш email.",
+      "submit": "Продолжить"
+    }
+  },
+  "authenticator": {
+    "title": "Выбор метода аутентификации",
+    "description": "Выберите предпочитаемый метод аутентификации",
+    "noMethodsAvailable": "Нет доступных методов аутентификации",
+    "allSetup": "Аутентификатор уже настроен!",
+    "linkWithIDP": "или привязать через Identity Provider"
+  },
+  "device": {
+    "usercode": {
+      "title": "Код устройства",
+      "description": "Введите код.",
+      "submit": "Продолжить"
+    },
+    "request": {
+      "title": "{appName} хочет подключиться:",
+      "description": "{appName} получит доступ к:",
+      "disclaimer": "Нажимая «Разрешить», вы разрешаете этому приложению и Zitadel использовать вашу информацию в соответствии с их условиями использования и политиками конфиденциальности. Вы можете отозвать этот доступ в любое время.",
+      "submit": "Разрешить",
+      "deny": "Запретить"
+    },
+    "scope": {
+      "openid": "Проверка вашей личности.",
+      "email": "Доступ к вашему адресу электронной почты.",
+      "profile": "Доступ к полной информации вашего профиля.",
+      "offline_access": "Разрешить офлайн-доступ к вашему аккаунту."
+    }
+  },
+  "error": {
+    "noUserCode": "Не указан код пользователя!",
+    "noDeviceRequest": "Не найдена ни одна заявка на устройство.",
+    "unknownContext": "Не удалось получить контекст пользователя. Укажите имя пользователя или loginName в параметрах поиска.",
+    "sessionExpired": "Ваша сессия истекла. Войдите снова.",
+    "failedLoading": "Ошибка загрузки данных. Попробуйте ещё раз.",
+    "tryagain": "Попробовать снова"
+  }
+}
diff --git a/login/apps/login/locales/zh.json b/login/apps/login/locales/zh.json
new file mode 100644
index 0000000000..5a9cb3a4eb
--- /dev/null
+++ b/login/apps/login/locales/zh.json
@@ -0,0 +1,250 @@
+{
+  "common": {
+    "back": "返回"
+  },
+  "accounts": {
+    "title": "账户",
+    "description": "选择您想使用的账户。",
+    "addAnother": "添加另一个账户",
+    "noResults": "未找到账户"
+  },
+  "logout": {
+    "title": "注销",
+    "description": "选择您想注销的账户",
+    "noResults": "未找到账户",
+    "clear": "注销会话",
+    "verifiedAt": "最后活动时间：{time}",
+    "success": {
+      "title": "注销成功",
+      "description": "您已成功注销。"
+    }
+  },
+  "loginname": {
+    "title": "欢迎回来！",
+    "description": "请输入您的登录信息。",
+    "register": "注册新用户",
+    "submit": "继续"
+  },
+  "password": {
+    "verify": {
+      "title": "密码",
+      "description": "请输入您的密码。",
+      "resetPassword": "重置密码",
+      "submit": "继续"
+    },
+    "set": {
+      "title": "设置密码",
+      "description": "为您的账户设置密码",
+      "codeSent": "验证码已发送到您的邮箱。",
+      "noCodeReceived": "没有收到验证码？",
+      "resend": "重发验证码",
+      "submit": "继续"
+    },
+    "change": {
+      "title": "更改密码",
+      "description": "为您的账户设置密码",
+      "submit": "继续"
+    }
+  },
+  "idp": {
+    "title": "使用 SSO 登录",
+    "description": "选择以下提供商中的一个进行登录",
+    "orSignInWith": "或使用以下方式登录",
+    "signInWithApple": "用 Apple 登录",
+    "signInWithGoogle": "用 Google 登录",
+    "signInWithAzureAD": "用 AzureAD 登录",
+    "signInWithGithub": "用 GitHub 登录",
+    "signInWithGitlab": "用 GitLab 登录",
+    "loginSuccess": {
+      "title": "登录成功",
+      "description": "您已成功登录！"
+    },
+    "linkingSuccess": {
+      "title": "账户已链接",
+      "description": "您已成功链接您的账户！"
+    },
+    "registerSuccess": {
+      "title": "注册成功",
+      "description": "您已成功注册！"
+    },
+    "loginError": {
+      "title": "登录失败",
+      "description": "登录时发生错误。"
+    },
+    "linkingError": {
+      "title": "账户链接失败",
+      "description": "链接账户时发生错误。"
+    },
+    "completeRegister": {
+      "title": "完成注册",
+      "description": "完成您的账户注册。"
+    }
+  },
+  "ldap": {
+    "title": "使用 LDAP 登录",
+    "description": "请输入您的 LDAP 凭据。",
+    "username": "用户名",
+    "password": "密码",
+    "submit": "继续"
+  },
+  "mfa": {
+    "verify": {
+      "title": "验证您的身份",
+      "description": "选择以下的一个因素。",
+      "noResults": "没有可设置的第二因素。"
+    },
+    "set": {
+      "title": "设置双因素认证",
+      "description": "选择以下的一个第二因素。",
+      "skip": "跳过"
+    }
+  },
+  "otp": {
+    "verify": {
+      "title": "验证双因素",
+      "totpDescription": "请输入认证应用程序中的验证码。",
+      "smsDescription": "输入通过短信收到的验证码。",
+      "emailDescription": "输入通过电子邮件收到的验证码。",
+      "noCodeReceived": "没有收到验证码？",
+      "resendCode": "重发验证码",
+      "submit": "继续"
+    },
+    "set": {
+      "title": "设置双因素认证",
+      "totpDescription": "使用认证应用程序扫描二维码。",
+      "smsDescription": "输入您的电话号码以接收短信验证码。",
+      "emailDescription": "输入您的电子邮箱地址以接收电子邮件验证码。",
+      "totpRegisterDescription": "扫描二维码或手动导航到URL。",
+      "submit": "继续"
+    }
+  },
+  "passkey": {
+    "verify": {
+      "title": "使用密钥认证",
+      "description": "您的设备将请求指纹、面部识别或屏幕锁",
+      "usePassword": "使用密码",
+      "submit": "继续"
+    },
+    "set": {
+      "title": "设置密钥",
+      "description": "您的设备将请求指纹、面部识别或屏幕锁",
+      "info": {
+        "description": "密钥是在设备上如指纹、Apple FaceID 或类似的认证方法。",
+        "link": "无密码认证"
+      },
+      "skip": "跳过",
+      "submit": "继续"
+    }
+  },
+  "u2f": {
+    "verify": {
+      "title": "验证双因素",
+      "description": "使用您的设备验证帐户。"
+    },
+    "set": {
+      "title": "设置双因素认证",
+      "description": "设置设备为第二因素。",
+      "submit": "继续"
+    }
+  },
+  "register": {
+    "methods": {
+      "passkey": "密钥",
+      "password": "密码"
+    },
+    "disabled": {
+      "title": "注册已禁用",
+      "description": "您的设置不允许注册新用户。"
+    },
+    "missingdata": {
+      "title": "缺少数据",
+      "description": "请提供所有必需的数据。"
+    },
+    "title": "注册",
+    "description": "创建您的 ZITADEL 账户。",
+    "noMethodAvailableWarning": "没有可用的认证方法。请联系您的系统管理员。",
+    "selectMethod": "选择您想使用的认证方法",
+    "agreeTo": "注册即表示您同意条款和条件",
+    "termsOfService": "服务条款",
+    "privacyPolicy": "隐私政策",
+    "submit": "继续",
+    "orUseIDP": "或使用身份提供者",
+    "password": {
+      "title": "设置密码",
+      "description": "为您的账户设置密码",
+      "submit": "继续"
+    }
+  },
+  "invite": {
+    "title": "邀请用户",
+    "description": "提供您想邀请的用户的电子邮箱地址和姓名。",
+    "info": "用户将收到一封包含进一步说明的电子邮件。",
+    "notAllowed": "您的设置不允许邀请用户。",
+    "submit": "继续",
+    "success": {
+      "title": "用户已邀请",
+      "description": "邮件已成功发送。",
+      "verified": "用户已被邀请并已验证其电子邮件。",
+      "notVerifiedYet": "用户已被邀请。他们将收到一封包含进一步说明的电子邮件。",
+      "submit": "邀请另一位用户"
+    }
+  },
+  "signedin": {
+    "title": "欢迎 {user}！",
+    "description": "您已登录。",
+    "continue": "继续",
+    "error": {
+      "title": "错误",
+      "description": "登录时发生错误。"
+    }
+  },
+  "verify": {
+    "userIdMissing": "未提供用户 ID！",
+    "successTitle": "用户已验证",
+    "successDescription": "用户已成功验证。",
+    "setupAuthenticator": "设置认证器",
+    "verify": {
+      "title": "验证用户",
+      "description": "输入验证邮件中的验证码。",
+      "noCodeReceived": "没有收到验证码？",
+      "resendCode": "重发验证码",
+      "codeSent": "刚刚发送了一封包含验证码的电子邮件。",
+      "submit": "继续"
+    }
+  },
+  "authenticator": {
+    "title": "选择认证方式",
+    "description": "选择您想使用的认证方法",
+    "noMethodsAvailable": "没有可用的认证方法",
+    "allSetup": "您已经设置好了一个认证器！",
+    "linkWithIDP": "或将其与身份提供者关联"
+  },
+  "device": {
+    "usercode": {
+      "title": "设备代码",
+      "description": "输入代码。",
+      "submit": "继续"
+    },
+    "request": {
+      "title": "{appName} 想要连接：",
+      "description": "{appName} 将访问：",
+      "disclaimer": "点击“允许”即表示您允许此应用程序和 Zitadel 根据其各自的服务条款和隐私政策使用您的信息。您可以随时撤销此访问权限。",
+      "submit": "允许",
+      "deny": "拒绝"
+    },
+    "scope": {
+      "openid": "验证您的身份。",
+      "email": "访问您的电子邮件地址。",
+      "profile": "访问您的完整个人资料信息。",
+      "offline_access": "允许离线访问您的账户。"
+    }
+  },
+  "error": {
+    "noUserCode": "未提供用户代码！",
+    "noDeviceRequest": "没有找到设备请求。",
+    "unknownContext": "无法获取用户的上下文。请先输入用户名或提供 loginName 作为搜索参数。",
+    "sessionExpired": "当前会话已过期，请重新登录。",
+    "failedLoading": "加载数据失败，请再试一次。",
+    "tryagain": "重试"
+  }
+}
diff --git a/login/apps/login/next-env-vars.d.ts b/login/apps/login/next-env-vars.d.ts
new file mode 100644
index 0000000000..b7a525858c
--- /dev/null
+++ b/login/apps/login/next-env-vars.d.ts
@@ -0,0 +1,33 @@
+declare namespace NodeJS {
+  interface ProcessEnv {
+    // Allow any environment variable that matches the pattern
+    [key: `${string}_AUDIENCE`]: string; // The system api url
+    [key: `${string}_SYSTEM_USER_ID`]: string; // The service user id
+    [key: `${string}_SYSTEM_USER_PRIVATE_KEY`]: string; // The service user private key
+
+    AUDIENCE: string; // The fallback system api url
+    SYSTEM_USER_ID: string; // The fallback service user id
+    SYSTEM_USER_PRIVATE_KEY: string; // The fallback service user private key
+
+    /**
+     * The Zitadel API url
+     */
+    ZITADEL_API_URL: string;
+
+    /**
+     * The service user token
+     */
+    ZITADEL_SERVICE_USER_TOKEN: string;
+
+    /**
+     * Optional: wheter a user must have verified email
+     */
+    EMAIL_VERIFICATION: string;
+
+    /**
+     * Optional: custom request headers to be added to every request
+     * Split by comma, key value pairs separated by colon
+     */
+    CUSTOM_REQUEST_HEADERS?: string;
+  }
+}
diff --git a/login/apps/login/next-env.d.ts b/login/apps/login/next-env.d.ts
new file mode 100755
index 0000000000..1b3be0840f
--- /dev/null
+++ b/login/apps/login/next-env.d.ts
@@ -0,0 +1,5 @@
+/// <reference types="next" />
+/// <reference types="next/image-types/global" />
+
+// NOTE: This file should not be edited
+// see https://nextjs.org/docs/app/api-reference/config/typescript for more information.
diff --git a/login/apps/login/next.config.mjs b/login/apps/login/next.config.mjs
new file mode 100755
index 0000000000..b84f11a230
--- /dev/null
+++ b/login/apps/login/next.config.mjs
@@ -0,0 +1,83 @@
+import createNextIntlPlugin from "next-intl/plugin";
+import { DEFAULT_CSP } from "./constants/csp.js";
+
+const withNextIntl = createNextIntlPlugin();
+
+/** @type {import('next').NextConfig} */
+
+const secureHeaders = [
+  {
+    key: "Strict-Transport-Security",
+    value: "max-age=63072000; includeSubDomains; preload",
+  },
+  {
+    key: "Referrer-Policy",
+    value: "origin-when-cross-origin",
+  },
+  {
+    key: "X-Frame-Options",
+    value: "SAMEORIGIN",
+  },
+  {
+    key: "X-Content-Type-Options",
+    value: "nosniff",
+  },
+  {
+    key: "X-XSS-Protection",
+    value: "1; mode=block",
+  },
+  {
+    key: "Content-Security-Policy",
+    value: `${DEFAULT_CSP} frame-ancestors 'none'`,
+  },
+  { key: "X-Frame-Options", value: "deny" },
+];
+
+const imageRemotePatterns = [
+  {
+    protocol: "http",
+    hostname: "localhost",
+    port: "8080",
+    pathname: "/**",
+  },
+  {
+    protocol: "https",
+    hostname: "*.zitadel.*",
+    port: "",
+    pathname: "/**",
+  },
+];
+
+if (process.env.ZITADEL_API_URL) {
+  imageRemotePatterns.push({
+    protocol: "https",
+    hostname: process.env.ZITADEL_API_URL?.replace("https://", "") || "",
+    port: "",
+    pathname: "/**",
+  });
+}
+
+const nextConfig = {
+  basePath: process.env.NEXT_PUBLIC_BASE_PATH,
+  output: process.env.NEXT_OUTPUT_MODE || undefined,
+  reactStrictMode: true, // Recommended for the `pages` directory, default in `app`.
+  experimental: {
+    dynamicIO: true,
+  },
+  images: {
+    remotePatterns: imageRemotePatterns,
+  },
+  eslint: {
+    ignoreDuringBuilds: true,
+  },
+  async headers() {
+    return [
+      {
+        source: "/:path*",
+        headers: secureHeaders,
+      },
+    ];
+  },
+};
+
+export default withNextIntl(nextConfig);
diff --git a/login/apps/login/package.json b/login/apps/login/package.json
new file mode 100644
index 0000000000..f498b912c2
--- /dev/null
+++ b/login/apps/login/package.json
@@ -0,0 +1,75 @@
+{
+  "name": "@zitadel/login",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "dev": "pnpm next dev --turbopack",
+    "test:unit": "pnpm vitest",
+    "test:unit:standalone": "pnpm test:unit",
+    "test:unit:watch": "pnpm test:unit --watch",
+    "lint": "pnpm exec next lint && pnpm exec prettier --check .",
+    "lint:fix": "pnpm exec prettier --write .",
+    "lint-staged": "lint-staged",
+    "build": "pnpm exec next build",
+    "build:login:standalone": "NEXT_PUBLIC_BASE_PATH=/ui/v2/login NEXT_OUTPUT_MODE=standalone pnpm build",
+    "start": "pnpm build && pnpm exec next start",
+    "start:built": "pnpm exec next start",
+    "clean": "pnpm mock:stop && rm -rf .turbo && rm -rf node_modules && rm -rf .next"
+  },
+  "git": {
+    "pre-commit": "lint-staged"
+  },
+  "lint-staged": {
+    "*": "prettier --write --ignore-unknown"
+  },
+  "dependencies": {
+    "@headlessui/react": "^2.1.9",
+    "@heroicons/react": "2.1.3",
+    "@tailwindcss/forms": "0.5.7",
+    "@vercel/analytics": "^1.2.2",
+    "@zitadel/client": "workspace:*",
+    "@zitadel/proto": "workspace:*",
+    "clsx": "1.2.1",
+    "copy-to-clipboard": "^3.3.3",
+    "deepmerge": "^4.3.1",
+    "lucide-react": "0.469.0",
+    "moment": "^2.29.4",
+    "next": "15.4.0-canary.86",
+    "next-intl": "^3.25.1",
+    "next-themes": "^0.2.1",
+    "nice-grpc": "2.0.1",
+    "qrcode.react": "^3.1.0",
+    "react": "19.1.0",
+    "react-dom": "19.1.0",
+    "react-hook-form": "7.39.5",
+    "tinycolor2": "1.4.2",
+    "uuid": "^11.1.0"
+  },
+  "devDependencies": {
+    "@bufbuild/buf": "^1.53.0",
+    "@testing-library/jest-dom": "^6.6.3",
+    "@testing-library/react": "^16.3.0",
+    "@types/ms": "2.1.0",
+    "@types/node": "^22.14.1",
+    "@types/react": "19.1.2",
+    "@types/react-dom": "19.1.2",
+    "@types/tinycolor2": "1.4.3",
+    "@types/uuid": "^10.0.0",
+    "@vercel/git-hooks": "1.0.0",
+    "@zitadel/eslint-config": "workspace:*",
+    "@zitadel/prettier-config": "workspace:*",
+    "@zitadel/tailwind-config": "workspace:*",
+    "@zitadel/tsconfig": "workspace:*",
+    "autoprefixer": "10.4.21",
+    "grpc-tools": "1.13.0",
+    "jsdom": "^26.1.0",
+    "lint-staged": "15.5.1",
+    "make-dir-cli": "4.0.0",
+    "postcss": "8.5.3",
+    "prettier-plugin-tailwindcss": "0.6.11",
+    "sass": "^1.87.0",
+    "tailwindcss": "3.4.14",
+    "ts-proto": "^2.7.0",
+    "typescript": "^5.8.3"
+  }
+}
diff --git a/login/apps/login/postcss.config.cjs b/login/apps/login/postcss.config.cjs
new file mode 100644
index 0000000000..12a703d900
--- /dev/null
+++ b/login/apps/login/postcss.config.cjs
@@ -0,0 +1,6 @@
+module.exports = {
+  plugins: {
+    tailwindcss: {},
+    autoprefixer: {},
+  },
+};
diff --git a/login/apps/login/prettier.config.mjs b/login/apps/login/prettier.config.mjs
new file mode 100644
index 0000000000..6df557c2fd
--- /dev/null
+++ b/login/apps/login/prettier.config.mjs
@@ -0,0 +1 @@
+export { default } from "@zitadel/prettier-config";
diff --git a/login/apps/login/public/checkbox.svg b/login/apps/login/public/checkbox.svg
new file mode 100644
index 0000000000..94a3298ae6
--- /dev/null
+++ b/login/apps/login/public/checkbox.svg
@@ -0,0 +1 @@
+<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='white'><path d='M12.207 4.793a1 1 0 010 1.414l-5 5a1 1 0 01-1.414 0l-2-2a1 1 0 011.414-1.414L6.5 9.086l4.293-4.293a1 1 0 011.414 0z' /></svg>
diff --git a/login/apps/login/public/favicon.ico b/login/apps/login/public/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..a901eddc34fa1384048e3f1242c82cd36483ecca
GIT binary patch
literal 15086
zcmdU#d$3hi9mhAK@s}h2IHUIPRvJ=LGz}O`1=UnKHPcKlo6@40CXt6c)E-iBQ&TCF
z@DXK_uO`%pjC?c!c_mUyr>2LBmUsz7Q6U0El*|40{hWQ)x%=+3_u2bAZor=Towd(e
z>-YP8e`~G1)^Dx#i=tuC@M!GV$Z1z}+sRQhK8m8QuIm4hQMA!{Bb`z{^~fl?%oR>?
z9kWDJOypOdlj5Y4zvrH)qfO&YGflUe9x**@+G{#cCEm%Sj5^eX=jcviDJ#o*hnq&3
z=9<=+wwd}&DoNCZ2VP_#Yj|1xt=6-SVWv|}i%tJF^_$9K&Z~!vO(tX_dswUZ8u3}~
zv8H(@aOYuZHy_#PIJOa%X3H#Zg6VfA#&f$Ei}=xjt_jWJOxL#z#`#&Mp=|R!d(esQ
zmc9$~9c7wr+G)zuG1U3!2E$S5wr%v^^=Wtb_LznmW08C?fTeUlxGw#M?M1RXT0Zsl
z(mAh_roN$0FIdiM)aIeg^(LB_&pL`NOJ2YW=JVbnEto9bFkQOzBeub|q<FwIG2qNf
zUCtc2HpQ2g)AE1X6|B(oH%Z@kw{*=Hq`SW_J+@BT`JD99PHE96<2o5Qz?M6=x{SHE
z6KhgzBX}7TuZ`RC!m-l#J|X@5V(HI!OV2+oy}D0>p3RR+7r0)=7(yo4=H;~g7?-s@
zZYpEKcu8l!H69DMTp<17HVJGm?;ZrV?$7$=b>k-8-(Vb*w88&}nOMKmbqoI|$HdH&
zrTOoZesqqs=6dO0f0A}@m--LX!OYC)@0YMO^j8BsV6FKXe#d|6ZBV~vM-ne%`0L}O
zC7+j8Et39mpS0r{sc(NKyu!@gFUI}Fm@B{n)={Ak{EiQp&666#=f7QA_;Km>`O?Fy
zr01UU7=F1BTB!>Ebbm4C&b7{5JOeoAg5UM<-&d#WSLR{2!>rNL#UGMxnj@|IskG_u
z(%xN$<G$|nv)W@WW8TcO1<YV)AAv7kt2g7#($!~6zx|=~<b%?#7o-CRI*oQf9^-zO
z$If+M%AGfB*b+Fw40iTHeTjTcd!w}ClFp5b0i*+O`}Rm%9+w`tL%Q{=9`~n9Gfx_5
z!z7-ZcQAvU{oG*tJpSl|UtS@-vUfmdJ8%16@qFJa{pDWi7ngdC`jm9xJEdt|@qEL0
zt;3PVRsSFC4`=Z)&oIBVYQup(uczCj$Ja~uTrFKYMY?E0+%91a&RL_Hu><T|v+$GG
ziVb^qNcZ0&Et?^Af53jtD7UZYfiNHB>1r__?3@kc+T5%Sd;crlJXiXP*Wk*Sa6dMZ
z-)0%u3-^T0+OX$8u?=lvD`Pj<3-N>F5VZm94aZNi4G%#Zz@Gd4Cb5V2L(B%SXU?Ai
zZ&rE;*#P$X^{c^r6zn-fYyf+m{}3=1r3cxD;6IEv&O!cL5$<I9L9`+GZ}^~f{&Nyz
z(R)iaoNwR9eqxdA2IUq1xw;3)-@laj7SPeG4fsaiIitEpm(-E6rLupi;xD~_OvxD3
ze$CkM;%4bv?`>+olGK&nKeoJoPuo-0hQF@1FWQ{HpTs|C|6c8bF~-vN`3d%vu>rrl
zMW4U!`~>_w);-VEk@KrYHtc&zT6|_p_;b&%s`xv4ewb&&)+eN|y({h~`l|_A>$<t;
zhgBOodVZT_!$T`unmZXc4bN}E&*OS$n>u!Wp0?p<^E`IEzp;+8RQmk9ihsCe&o*`J
z{sJ2~6IgESoR60{V+*!5eScB4q4W1g)x9KV4kg>3cBdVix<3LxkNM~a?qUwR`@7hJ
z_}BOk%lp%m4TtUhb+E(zfS)lG@dJ#{A&nmhHjr8u-^F1Uzmc>dyxR`;5A1>1$FZLy
zM&?-)X9JvXgfkBED5DN_;b}X5M(Q0QMNy6RMbU};-x)>6koH8;aMEta5s?DiKmDW&
zqNtB_QWTlZj8SAZGY+J^{2viTJ*2*YPN&`E`z9!zlHJLt8(|rGddSbf)l0r{r|k)L
z2D?K$xJfGQQfsH4YP*GY4DITQaa+gjPMlVkX|kynr!~@lT6jDjjx>!n%`mMnJz?5q
z3gd`(@+hMYbsaI*-eVbjkBrBqrl(E&O+{-Yb*Kvuyrtt4l4#9$yy*(l^QI!5dFAjT
z<M^cPqIcIHXS(0ii9G`{kTtGIFXgT`*|fowXH%>B$ei2=gUhkIeckq_YWL-X&*_n!
z*$&P>!9+W?WM4%eF%Z7f;BKS){nAg)i|=D+onn~-IM8uIvK{>Y2ovL^v~K*~aNjfC
z{_jPOxw!U=z7tyFyP@C5F&Fal;EK#W3A&C582o;ksqtA^(8vD3ekyll#B*?;$lV!t
zX!}z!6Wrx;2bi&^K-X#L2Z!kgraIe`eK_ZBKG*SGBJv)%-FJ+SIp)E4jg6k&I~tw^
zp%dNARU1te{h>`~I__rvB<cF8j#;=tdg>9!EbJ&Bvj8r5z)fET`H2*r=w`mG%xl~W
zUiBI2uEo-$J&rlp+Iq|Z_nP-yldBs%=tMVjb_HKM_rra!O53+ce_JEnxzOhjpOxm0
zvD|FiLwlf`btC@oy6okC_1)q-YVO^+8-Ma4-^VYNmVR0K=6h7RYYu&w)9yhxX;{Z<
zd0{`<2m`T9jQekY&~Xu?6LXEf{hBSorp77j=Ab)z_=_+QH^cop?c3s6RltevI{l?E
z_}l*DO2<UKBeox&76{$6K_+iuJG74>_$`_G!8ODfg3pwze~2;g{V@j=`c<XdAwNbg
zZDW{!2F<_Nn@2?$<mbK{9bZxI{vyo3x$93Bjv@@i<FP(w@uu=B>rZtJEM9*T?UILq
zc%hqpf0MD^rt#F)-^3c+wEvNwtC^24`LOjD&x3>fk1B?y{jX#@u>O>cQ>*j8(9h%k
zY1;n`7=C?a9Pi5iR6i&G=lY*9g4X<RbP{7pd}@RBw$T4hV4xk=nfe>plC-Pxo?|;Q
zO7A}s7}$R;H2vTAUkMBcZT}fCkh%?qZ2zsD$9S_cOg?W|;IoHG94BzJ(Cbr*9v?M8
z-9ADH6cs$79%)aNzt^&miEMPB3!UiZoPuMCE>rECqTuAf?J>f1x@oy-i;1-a;+;Io
ze9BV)IR7})64MS--59RsQAVBPk`nlDy3<t8=Wj6VS18Aquhy-|@cU~_$gJ@u_l&dH
zGdeDA*-WYDCdVFsuIAgp1MeB8?ZLNY?j`Q;x+&7V_VYKakK+RI4e?Je|5%NGdzE)N
z>mo72D=+h&?Kjd3n<VxL$%i$B{o|ZdW8cTT;H6DBXYCKDPb@ckowduPA5W9!O&qYX
z%D>s^e&#0bhF5v64Dt2EDBsZ?#{)Beuy)ZdRlbmh{*C=HWGotxL9FwYpRU;(c#<jn
zV5sDwr-CCPW821f@0Fn&9(ZYkn#?>Imw(ha>hZ%{>AyxY=nMAnDW5*{U)}gYR={!B
zRnjvX;xUo3p)!6L$F83_ev!eM1$#EukpxD@de%39%)#G}WhC@wem~(`GVcgeQ{V4C
Zp8@y!i|+AhUN`5hro1PVQx_h1{|6%=p(X$T

literal 0
HcmV?d00001

diff --git a/login/apps/login/public/favicon/android-chrome-192x192.png b/login/apps/login/public/favicon/android-chrome-192x192.png
new file mode 100644
index 0000000000000000000000000000000000000000..f22bd442e631e91a1941f4f9d8b37c1ea4181ed1
GIT binary patch
literal 17828
zcmV)sK$yRYP)<h;3K|Lk000e1NJLTq006)M006)U1^@s6Qrv6@002d6Nkl<Zc-rl~
zdAJ={b>{tBb<UkM50<RKmTZl-@eDYC864Z-;3jsO1i}zVAdM5k*w4q;kPbtF9W&Yv
z&~!o=Leeo`ut`D;_%ltCW)38IjAOtv20Y4=EX$g8hg$tdojPaN-fQowb9JSAudV$&
z(z&Oq_O#Z!)_T{jU3G+`Wl}}oJ0F+_Ok|LapxI)S<si#}<4`#PWF@c^l|^W_2xJk;
z2*>~`gJ?DY41naQjDn1zG6oz(v)!od1lftoV<1~mxew&$AX`w`ipq9i4|BGSGBy|a
zz-`klmRVP1x(6^@ie9-0@&N%|0IWi@6M#*qY(!-fWUEmYf-FR37^DRVDxeu?DeBI5
z=p2*kXZg2%egb41mEEX34)Q3P{RFrhmAgRhLFECEZG7ZAqrCkz<O4sNZqd!?a?}7K
zMgMpSpe<l2upZ=8RGx~;X&@(pECv}uMY`a&fUW@LX9@BQ6Xd3mWT8=1>SSe|aa8uA
z@(^$*$jxYW3o3VjJjloX%Rb)pN#uWgbGk)4qsmbO=oGzjQ30qdp98E#c`BMc2jraM
zyDS9BdSG-wYk6|$0o?_^>FKkG=XVUsJ=U#5bu8Vs%l@(h9qRNWknaHBCC_d{vquq~
zkU#y$=@$F6mnXFW=m!U3d_J@e%pq@`1adxb0dN{BD^O{Lz?L+1>3(8do28AxHyo(x
zqXC8L8leE}?og(GLFKDx_OHMrKrWy7>U67PTFR5o0Q3V3fN?+ufs;@<ALJrb&IUOK
zB`bg$<>5pri(jWPaGf?F;`y6^z9x^TMx6tw+zr_`P`--F_sFyDWQu(9E7Pr}BUYX?
z2B7bs1Bf8H4B<Jbycpy>R92!QU2&uU6?kfw&-=$402k5;aV3v1&H?0Z{}^=}8PYzK
zAA)=d&AyDv9ptTp4DLrhanp3G?y#08yaDJ3he5Q3W+wqJM&(lAR5Tk3KpO*SFVRdy
zfIg{83D`>8jxodxBb9q}ulJMgM6@X9SbSGhwt##cmFrOXI-2dIHHLiphUr%2VJS~o
z1JDl*gXl2I*{Hk%<d;!79?Df4--|OjuHS7V1+sn;U-$YZ*LZFE*EOPFnP&`u%07_q
zlV{h0+{i?03t6u6m)B3XYNxb3p$tGjGz8fMsEnZ5vw_!wT!?Z^bZIe}w8kQW&;9+n
z{xvbrZ$y#CQ6uK@ty}~vA@=0p)UV7<#(*E8@;Q*tL;e6{Dt~$1bgO$x$`i%_^g}}+
zIt2PGG<zM$#lXTiz_SRLYB;}1RiwYRqD!6-T`B7Ch8a<V3i?dVv+_BC%8x<*0+s8y
z|BQ!N{UhYszn*T@A5xk12B259N{;_@R9+AAB2<<HyuEKvTL-4HtrA3~IBTLua=DT|
zSA7U0P+tb^8eL=gjDy^Y%BRrmIz%63d;s~IznE?)OsdRU1JDl*!q^ZD?OTs#mjSN^
zSz!Y;ODL88JZNp52HPCW{2{esgVDAZF{}g{szw)e2AMIQS{gP6d>iCX(AL*L_si%0
za=KyBcbRntpdTIpnE+%7@N$sfL$i|sF+o~Uu9xg3dAjSh@qpz3sm|k?QNumo#Phr3
zO+}W}TxyKBX(aSzp|Ts~i>Q1QZQTr-%inxvx?$3|%qj!Wt6G4zK+Xku2XFx@gY}>@
zmIZx}olJBM@9qP)`?niyFn~*aTTQ_41Aa0F<oB5zr?-GmMxWjs?nmY0AfE==j*QO=
zS~M#RK(Ee#9FUbDzl+N6fE;UbaWl+ER!M5Pwo}KwK1Nv}OlG6o8X9<hbJ-Ldlzp`o
zo0Bs((Q1UV3@Mz`I4WNUc^~jiU|g>I^XZ09vdnk`(5qUY(jv<*0N#blGeKH?@%70h
zzCQS%k2a`AjVS$T;<cf|_bYApIhRA0OF5QE8$E;E27ChKW2kIJa^(6?OgEIwGGh%u
z{}kAlf#_n8*8^`sv*pFfn34&TzViCX0Hs?uc2^ccYLEh3Lqm!J)ks#839r*{DhF}T
zCFcUY$QLp8-uDSq{t3<g5cnRb%HRIa>4sHMW~2cWlxGMya2D_$kc&|nn6$^83a@R^
z1~4dsPmwIDknpgv8)W_D4KbsOM!D1&BJ?Lp{{myV50ww1@>xXp%HREu>4sOO%s2zk
zYXE4Y@~gn*ARFtwB{cJ<b>ZErn^>NNNbX@!C#17+4Vr;J5@D=yG~xV{mP-Q}2jdGO
z(E&8O7UYkB`<ZAVH(Wj4P%CFNb4myNi$LCt@>Y<=lj5|8!jGZe!#1K{^f!*WWYwoS
zjR2e46xYxg-M%YHG1MAFWvnR3H&J;9S@u2h9Qop(OgH3ah5_i+Qmi__I*`jzc?mGk
zzlZBLS@o%l;cXj5jl^S%lQG6gw~-icKL#DUu5X!|Pp#dH%DX_W2gc+du9{ZtO}hc;
z)dIADiKhYAfIPc6(Ll*TQrG~vbxCU9w2HX5tV_^qJ%632O&PK^H;4k&ubZTW2^lmq
zq@5t|2R;VulN&xfZTOp31JG-L7Q%$Q0Oe}nlyqp00M`26H+4zXaoTSLwm!XO9i^*l
z!<tV;4mA(eRGddS-#(UHD}7peGUt2%<j+vK9CU|#`GeDf!D%yq4((|HuR!HW;JC>F
zhU)QB;n2)W0{yLS_-zp9(~WYD@_4BZZ*$#b<k8pO9_M<?dGu8`HtuLHG7j<uRNfBU
zCtrEr5y#=Q7(gf49YE!E2$!R>q#5Tv1TPuQ8z$+k!Hzin0LO2uFWQl6tDm{`BXbCs
zcRd+|&lA{ss*d|6G<y?p59G*=R~|7e9&rQcfPV;hBP#C(76b`wQ*PVOwuYp)#8943
z5&WoOTz@D$Jum=k=Vt`Chw>JQK<55lramG-EGoD%#F<}JkN*tvMkK$TyoKEK-Xns?
z?9iKNUOM0(2L2!559xy67k1=MWJLiE_+q@+r$(+qx{8Q+D%`PTo}%6BGeU}#Fg`cQ
zbjJ}~>&k;jn_0D;vQBLCTp(*~Su4&pO$^AJhuePncc5GRIh>EmC&}BVBT9bJ6U+b{
z&;K@%ccL;cxy9E?(5!#1uqz%6;~L+iCk!m$=0-myIQ=~`sX0ZxE8aLgkXwe-HK?rE
zD>ytCp7C55nd=#lgx}ryRE(W?zky@Pdi^(*v&QC>0dg+z=bE=p6UoUh`oqJH%Ohd{
zUCs}0M&%uy7sU32U*};e9@9VO1I1CG>!kzgl2w7{D>?VQz0ptQxHqPh!B*OFB1ix>
zUyu<)$rXl1;Fo_LUh-;KwxTcyD_Ur(PY4afFwhu13?h>O{)!x{?Wqc?*)M>6T=Q%*
z2>A;RZzMSE2GHHwfc!4VJAt{)sDcs7WBYEbx<T0YJ!h%xEWFlCL`&~TsK{hQ$w&j9
zgd7|%?*q01{yA{z%izL`VbNk(yRJG;6NDr{YDH#03j6J2>n2LWs$<cLk!8<8vyYRv
z*H`X<ABJ*RTkn8hfLEiu7j-$mp$wBgWY~PTL5S{x0D{~5NkhsEpy0G`j5i7<oa?EM
zDP?ee!fP2zPT~14{dKtTKS8?<BCugIv<8TRKStA<<Q%d5BQV;8j;&-qkOvn4A3?L#
z`Gr@KKmU&p3q}u{0q8YdrM(Ea0%TEC$$4rku?sF&h<M7&3_v>xY^`!#1$ZI9+oq9=
z_~QuZ5xsCvhkE%mDe4`aek)_hdbH<~m-WD3mbE9syoFVROXWLB*+UhmHId7dhcB<{
znAF!%ug=A&{4pwvdK(F+wj7pLJDwjzp9%6|iq{V&Je)^Ee8KxPASL)1|4f444f~~{
zEwCG7t_6-2i6S03R<~QfG=vWLFMTOI-vd9uvgNR1RS_YAc0D;I_2Ne;h#OE%9upXJ
z0etOwd`m6@@=7%OeKZ@%&;P)bV|B_6KtJ4_^k(21luaR(z!Man5HP?_uZ?8*b_D9T
zTbFahIIKl|e5EE6PPd=T=$9&BVhJU9wC6=3_yI;nVEqP1#fE{IGPdUEduI%JN90hM
zmpd06&L4?@y>YaGH=**oOblfCc~iS@XzC+CO974n-iOLB*q*}JKjZV^vea!LiwfKS
zyKc$VQmVD~Z?qpI@1?R!CA!oHqi&?1;CTW%32y@YWm&%w28OH7fXEzt{Zz({^F0RE
zlzv<TD&|rFzZE^YbMB5~1mwRX`K4qz`7eHG%HTSs2GF5CgCK81<q}(|hPTuNpj-f0
zzzynxX>d*Y_YJgcD-|uGhJgnrn$5{FB+ZIt*{0wJShEHeF7DBwSe_Fzg5bO#xh%O^
z25$6WdV6};`ng*nyJJAEV4{5{+9H46)NG@kG6T?SfO7zNCCcyNKDgcmLBv~@V2KJf
z0^ET6<0;3RUMwd70%etBG81rX{H|f*%>$xd(ll(GzdQB))t<VtWC<L1Ji&dDI?f-=
zEpd~}1hru(&h=UsDNIA{V&fFZ-bbFTD1N=_(94t<KzGIG`*JQS?*W-#>*1ml#8`ri
z0oUc!rh<qoxtxArFcD8|wh@a085Qr}6#RZWNN=_0(w8;|Kfu5MY*<hFt$4l;uw~zf
z^INj6_N}gdHATm=a9q%-!$lzP02$7o`;kM&?$ktpVz4WK_kyggr5lyHrFEB}gJwXn
z#^5OnXb!fr9c-hDC5dJTHvrVc2=K<$B;ie!4eN`9xXu}<?+Dzn6OPgM^roY82jY5u
zs^if}U02T)S}KCdZ==~uK**o-(L;jnAsayPM3)SJ{8y0kYQt*Ttwk?f&?G5SLJ6rA
z7&BQlLa?ixl;K!+YDp=#&afRBbUpve`t$s5S-lFD9#gbcJDySpzATOV78WI{0Jy4`
zfc7NiU^$->Y~8l!q4Ebzv`;5*lRy7mlg95M8Gv5hD#v;Wa2YCDRJfK`G&z3a4sY<c
z0kn$Xe6Qut!16v#fJ@k?m5?{)+Rk|J6W&RJA7H@(Si8mscir47QLzTV8ke71*QJaw
z(4~KmsC&(3kawf9h`p;Ojp0L#017G_P<bb6-RUib=X#OM5U{bwC&p8|yDtre1WT-z
z_jWeIRp^+c>zdx$9WR7{u==o!(YY>H7#f~D?Qu)11sgX&)=tnaY_Fb-6#m$~NZ2{v
zpXZlKU31$?AX_d0`E7Ji@@M_oq(n4n11KJ8%m-0<3vgzdTN)u=rMd;8)=N6u34&!Z
zKUCHkkT2|nw=?;vN3%>N`&6kexzFsqJ%?J>od9#^B`BRgo`@5v)DM;@135=mdjdyC
z^<0cf*?JiO-UJg*MKdO21d}oVy_yohzXZH0DJ;_<%9c`q@Pu0t6x1fml{WF{7IvRW
z?`TCBs@DX@7#Uyg@1uA2_DqH6cgxCS;n?Lx`(~8&b0)m=F@vF3$Dt_2mS#UHM4V%(
zmnhw$iX)qTtp)yDkr(v8G&;Emplu*q4cXg47DhoI@Z`h<%}-+wdqrspkeP2OFa(+6
z?f$-^N*f*V)hWpGc-{6oe^(OTDFi>j+&M)QAfcaBWC{#ABUms1P<me9ZL9kkF@kOs
z@tjNWJsxdP`DJo>IqgyMbNc&jg1!wvuWEx#2=F@KnP#GyN-V9l?r1_)_UbBtUYku5
zx+c%eHlbkwaQwN|jl=Vx720zMt39bA0-M%ByWAe_$e=6RtbWdQl*n`}H59iy4r{-X
zC%5i(E*QJ*4@34=4$j$BG0Fy|{|KN0+BzF}EyZrVxYw=-C6Uw+nYeH1<&YaCtMou>
zw%LaPxnp)k*T@LVxf=;y`7p~RhY9>;IdKgvnBUnJVR+V<BMRo=8*y>GOMAL9_oIeu
zaCj6Lf>pw9JCP_}iOgLpc?v3*k+)m<)Bm!uX!<e$y=nl2VURb19B+GtauNmz8+k`R
z1o}dtS0~w~zv7c61nPf!3h=#9z;Ek}0Z#^0H?}?hFoGXo*%Da2qM8R-)HLd?y|Ft6
z6K-rvIJDG8ze*eBIRiJrIKf$&dL@!S6NUWgpKT<X{vtrp(S;~4jwX!(fJzV=lL@TZ
z7l0@HWd2|XEOu>ec(<aMBZFWMQC*u}B3RO%OQvwOCsl@rV8e-2cBBUKOBrxh)s3GY
z1#QH(U>j|vsIX~-ZXW34Oje-sX0$bzyqQcJ8$iMRbrC9W1X)lEq=2{AfzDA(#dD-q
z5vrlM8a)UBTuW8l{++*LUM=DktGS9dr!M$kcKAKNTQ;2tLqlm@#OR-yeB#g^gC6-g
zSU{1eelP#!v1n>U?@Dgh9pejuix4G0`*XEoX=DKU;lZ+l7Xr_#SgqT6MG(HA%SaGe
zV=h5r-BgK2nn+#WKrF8w6|zs6u*aLn+Q1vX@A*3qupdeA1FTsEix+v@qf-&UkAiOT
z*ZCndAP*lgXJIA2wN%mtXAni^fm}x3TG&J^4I_X8vKZvQpfYUo^}sTHt9J%(d7WT?
zP{M1Q`*DmY5^QX<giA!Yk@hRfG5`|D#`FCB?&_SXvScBwUFEzk#nV|{m&X*Jit!9@
zj0u=a*Zwl9VGI>LVqhV4w_iZzxgfs;kcYRfE2Y)|^g}}>AYKHV8xGdLF%$uA9nb3;
zi3g?_Z}-Ek8p6alZ&E2wxE0z3O@I+7)s=_q`KNlFziAn0!=@7;%OY~a8+WM#3v5)c
zucMR|zMjxO-ajjf2RbpwF@nnL&}=bheLg9c`Up_`aK#c-ew#cS3WZj=*aKcfc&6ap
zi5T9<Otvf`849&Hq#v;YujWp%;nJ&X$YuYP#~7!<^Sfo^S{NR&9fm2}o_w_PuQpk=
z9H6f!6EBe{?>`eAivS_@eKy*O0%u$w6-hG+q}c_)FErw5mUs3CA56L&N?FHhAA7=P
zAC^M>a~Rj*e0FwaYRjW;mU111y8p^uokwc5r>-1#EG%DAeOp98;h^Fa5bvc`3GjEL
zcou0p5h<eA682^N3mxnbn*9cOd!FsAyIPJH{m?LIHV2hgqS<h-ac2*UdAHBvh=x%7
z2QN}yDYh}H$wTw8@n8v^-gsihWJNmPINYVqBc1TZ%7VGD&V5YMmA|`W?Iiz{pN6bW
z=j1@D?mkJ3x>jguWMPAdKB`pw*}%Cd<Y(GZAZh^mfsyjhXM&s;Bqx=`)*66+91k?E
zu|$Lt6IzgT)+J@G5`BS#NspqrN5qia>)c(PGX?wrtqe|DTWpiAfD1!U8S3uuah+5E
zUgyS@MMDEDSWc|G#&b*+<23q@(XgW40#tqjZ4EMEZ<LEi00ERXDz5+*hV+FrQ2q1K
z{WuW-#y-p9b51Dwh^}Th6RSLyXY5*Zja{JD7)vnu;GYS!$1fX>gL!kSGB6U+%Eq?v
zhwh^FD#shi&37z#dT_>`WC(s+U432zoEd|9O%9N42Dz|0IG@AED2TOp1Va#+T_>76
zTe}3k&>Ky7%Nt~l$MMHx<qm<;ow{y2-6y%GakZzetXK*wm-UuIvGn7gGk_iitgrh-
zbWKsH80D;E2tnO!87jZR&>r$rzZi(aGywhJ2;^;0UWm%^AqVq-UF)@7tF-RyHW0kO
zLSqWE!8U1YH6d2V49C9FcK%KGI)BqLZv-|T7o`xr{rr|*-R;Ys*SBP4MGBK5c^GJ#
z|3z~&w=Dp<nEeY@Rh?u}><FL&GO+}>1UfrD-E(!19wsMTPCBwx*5q{96Rjkx<@k)~
z&=rI`ejn5+!;Q_W?8|+1$qe=UZaHaf@!FKGT#Xx3$y_SI$77M)^60^q6(YDI)O#J~
zs+c($<UA1aQ@&ggMT!Fb0-Bv&wSLC~R6DQ-?Un#Ur7)?VOt6L=39VN6j3r6#F45Rr
z{C09T!gR`^zPjW{mxE*QlZS#W5xp(VmN&)FOKdl1WZQJzB8T>IzM?M|N5n8Wh{}H^
zZw>oVAkdb+e;!PTkm-v+=9(VBN{Uh(&8=rW3YQFLR{yT&cNIYdz!=v>>NNE};N0Yz
zC7%D_7+m)axZ!&+p_GZc#^h9+$T~Wx<Pi`BeYZFOuH<A!WHu9ULL&(BQ=C5JTwoJ$
zt1FU7YOJe3o*Q`b6i<&)mS8g2e^(|$51^H&!o0hKDF6rgf^l74IIS3%I}YjZMYS`b
zl;Houx8dMK!EC$5F!+=ctJKNj@(gkbs6M0Nw;k!<{BA_<N`1G@&Q@tS4<JA3rtZuu
z2B7bsUryv4lns@E)dIy2Nf8=>H)$*JtV9RbyVTTe8mXdNtSv)<(BO3DY;R~%T=0)h
z;BtQTfvORCM0e?yGR6R-@2nzupMSoIZYvmwjHybU1kGMR-kRfzrWyfMAe+cgxd@zH
zpZ$X02W?=H3Cj))0kFJ--@YlR#MbK=-7=S0o#V4*wWll=_)B&B9ymoq{YOj9#fF;b
z>f#IxOn`|6KO$TCsFl2jZ9EOw>@u5>0_Clhz;mjU!?)xJkSlj&y~)*j+Ss|w7GyLu
z`s0o$G!Sac7@cV3KFl(!XwSC_@Jnw_l~<RfK<Cp*i-Y^RHkVL6#~52FiqbC<<MJ>Q
zchbj#JkM>@GXMe2PDkYg(*u|Tu!KR}gIb}nV#zrDy5q9i%HqN>6%$i7w({IEoe#52
zrc^wCPDy)uk7am{BnljVAHRg(W4i8Q!N*8b2k4Iv4|Ay<1X0KN98`w#O<x0?RUo}`
zQE?|z^ju($nWXrWs89_e=Y3E{fanXv;&P3{WCZ-CXNg_ojCUq&X>L+X+EWL*n$L=!
zybW(wyB56)^p~aE2=qhsx|IH`bH%YUQCSV#3w{I;=7T&d3QX($E!~}imN$qzxn<Is
zEI#?#M9D9XhYFPKDIgWiG@JQ*d;H>q-&yU6zpjuFC@xPAWJA@<r>JcO3t$_E(MGoq
zx76$z3#gFSU!m{SsGJFqum6Ud5oMsV4wX}SV25Z@XnB#81#3b;G4E7+4otB7QKDje
zv4?Fu!D&YK4)5W9Z_iW}bG4_KQyTm+K5jg=7{h|A3zI@Y8n^*ajlP<+;qFY$LcFL9
zfjpbmen6cYVZ{Y!BDyT(UqlA$)b0CSoiTuC_W8;+F+;#n7QN%W`FZ1rw2kz@f4JV*
zHr1sB|KC<=PyKs)ykgQoU-qt!4Emdj2u+e@vkjxqy1M4vGJvNsHh%%Is|}!6E{3r-
zw8qcIf5*QoyZ~HT)ku>3D`K&MaQm$5=ORtp2)LyiEpT2@K8wKb(w^>K{&H?v4Ir_v
zv92$#?H2JqA>iv3V~KhGlmXR@$&cpU`8fUc-p;qalLzc7j^r7%#uosmCqbuPM^Rdn
z#p|lrU~ZC>`6bxY266CvPZLFjewg0Ue7K4Ue$PQvWR?P7DI3qLTU5f*x!b-)hg?08
z(y<@G8!Xpa=c4x+vSXm2`dP0NSqZWs33?0swU+Em)&g-bfz<tm%=_oH-^7ztl<W0B
zo3}TNj`zS{`#5SteMNJ*Sfp?tt4v`haVOr);lRY7NwaX;jy-M2AS!2~LR;UvyhOrD
zD9dU)f^c%~vFHGyYK0N+QJG9E(zwM?Y~!%%jAypr;g#N<a}7LtojfYuu|@}pC|WsA
z;<`G$Wb~Ibr=o~u_!+<%sEoA9a>!dC`DTzId%_W6`FxBTp#?9h%8WLtnXuo6gp;ie
zkzO0KeVtzlz-YzU&=B<4&a6%cF-+7tv4~Sm=~ApVVtAou&fW2?1D3YY3`7OwBwGk1
z23dZOSge^eSsubVUjydKSn3kIgh9{tjcr}<dpS;{e5#ZIRAg%DqBg1<J3Jff(Yu%A
z)(z-OVm#e3*DbvQ$a0i5rMBmyvOe&V6(J<JbL<D-DigtL+Yo*ez`E@QR-aJ58HSnt
zH@Vb!PbboOc&A3DK{D#fkA(aP+o&8Tp~nO!>YP|$d`<~=?7HLf9CXp%LXZvZqG4SI
za$G2!EHc=#p^W0qaZxMtCQz1|kZ5|6y1HI}8tc1L^4aeBYaER$E0YKNk(sovqk781
zerxju8tUA~8;LeM=gk!+|N0DI0OYiG=imxdmNict{qR*Ya9_YNkK9#=<q-(4uN!Z-
zU$1WENv_!l{+>tEKpqAF0{Oe&Axb}+P$)~cb%}0e2aX@PiQvSk=hC#m0j6%!;Y1D*
z;G}lPvQ~o(^#%Uu<YFG*4@0RC?F!d7wnQII#{ERt+oMv5A@Ghw=1-L(1iGRDaE%CK
zZ9lQ{KXW{m&LhX8bAhDJt$9@q>i8lFMpsijI9%<>8dTCqQk1D2to0OT#B*4aPth$?
z5RTEz>eZfc+@;RALm{Cb!eddcUAG*Hhm%-zhgu`F#*s?eO&Uf7Ln)(VbrAuCRdF!K
zghc%M%H)jWQK9;ShUP00oxdd_s3ZNeM2A{Z>-@n(<d(;C<PgvV?DLiH8ak`kFX(jJ
za*Q%c!@PRY1r<x*WgC&XrXpCd(j|Z_X(KuStd4W&2>4ZO;JQ377TRhveBZM}s38A5
zk#W&^W83hN|5>8RmdcY{IpI3L1@MTBQ#?GnC80d-_R-{KCB$`%hZXE7V`9zKt;O-n
z>r>0|^!n@_%i3r*2zsn}Bg4Ak6!pvyE{Ty)f-$(R;C+zS<PWi=T!rdOt7a4UzYSy6
zgtsRjY@kG=s$0Lj&XAu;DKqT+!h5MzZO&+o&(U`t)2Z*ZiLe4{z;9!%jmjX!nrMV4
zS;EB|lobK$gzG9Z3+pD8<xk%7G97`;TFzgBznG8t(yGP_5{|x-M&ijY_?asgctplw
z=rj7N`N*3bh>gkDGvPHpC648k9m>`Q=FoismL-J9;DZOG39oOOJi9`&1QruaFb?PZ
ztmpj2oK>^Vj9j@TR>Q2Q8Us+Rej+liO;#a{8d><g*<0O0&tJ<Z+_8Fc@Y-yHEC5ET
zf=UcNYE?CYiJps1jJP1W;n%6#6>4YF!^3dNETcVt>o0Y7yuU9C6OiRGUq;q)b8NF2
zHJ_ILQ-F2*t78>DaO>JMB9cjko%W12+o;S38A<O3#GY_4pt?c3TK6Vgmf+1}HJ`ya
zbY}f5QC&%R{+>)abBk?nsN_n%L6pZ`Ah_oY@VWiQz#6awzphVjAdM5TuLTF(sqsc4
zk!vhQ4$($s1os|*EAU3#(&(T`c(U?{exBqqkLm2b$<+aH&rig{x&?ko0M^iHG#W#&
zg4Z;<yV&t@<S*UE9GP#Vsd4x$BB19H`8jR1fdQb^J81DsSBU;#=uJ-WI&2s{Djv+}
zJLavPFyJ4jObFEia2-XcTexVHi}^+XjU7)d8;GqYy2r}#x)?}|qv?1mP9Th+ZICuf
z%jS{^Ptm=u!5~d#`V)>BUTVT+-^|XpG#jfu6}bdTw2Z;gL(E(D3;JY~@PR9#-pqYE
z4d$X&+X>KP$sy5(FBgS2nhl`R3Qr~`?spOm$;8|0)-|qeM87)Ub7tuS?B8<U*jCI-
z1KFp5V9C}8K@$L%pQ*dJlZhf_n=#MtV<C3Gq2YMk`E=W}Kwtg4P4RZPR{azEIOpqD
z5qx0dT?5U)?g+#`2D5ip=igRua;fDtE3))G9g*V=?yQ>8qoMO6HV#KmmHuh2YhTAv
z05@R@#KB+6snbT=-0zX}zQ#&JG)#3SVkJAi*Gcth(J|HHSI;k*MYQMh-*A>XGvdy}
zG6(}K(XHbtZ%O1kn5#n-gTxpoURyqOOXwJ{ZY7H0op<{qtlJ$Mm^&CEOrniu<G@7W
ziaG<fl22Dq=D-c`n{Bv*f_epc9>z_0XWJXw+?Q5$A7hNkuYr70NoZg6NBXO4=4O%i
z!v^ysJsxXb$vo7UL+rR~EWIR{F<>J8Hr-fQr8+p%WB6e$=9MHp*vfvCSqlDOo!^sR
z>;aEM1*R!eXFt7vBe9~lhMzIRj76LZZrt;+JH1Ywvedm;w~5>+`2RR66KPLT6Y8Q#
zs;`*LZp*J%3H6SGX7zr4cViobNhdY3$55hMnt<P}r#Np)OGlT0cHmv>&ckqowVc1K
z13@0sm6c_{hTLMCG$YQvjmj9vggMwiz=<ufQR}YR7!^~jFTf|n-X6kt_9VPhRbE*L
z`e+iEpb?XbE|Dmbq`>}lDTDGHrgeR7<jL$dV@{)Uyp76!kkQbZ@g@@+T+EW)V}x~+
zbjVRUQar#uJlnya**Ce8Jl&!srECrPnc#PHQaMKa`pPw68eU)Y3+EbFw@`0rF;DMe
zwaI%=J)`VVAlVJFKbWX>>pGTXB&m_7FkjFn=XX3_d6R2agWvxt(iG?{&*^qB39s$e
ztH?MNfvm9-V!)bD)R4gjcMT>2eBh1GJy!RCKb5}QsO$pSZ?D&<gllwe8c3ah{Oi42
z;j@YM92o5^b$+L_&Tq`ImiGAG+Lvt#Ad-+dk>hnv$r>v)bxF*vJRaK{WXQmxjM2GZ
z&&8F$6G7U*K2-KL4`&hqzEjMw6%m@{@xXa+&n&sg1@IsD!Z&|dj6DZXklwcDcoJLZ
z6e8dZ78{)QDzfiGw-(4O?`vJ3G{VUD)RTpQVKjIHpc$<!{LzU3$SCl5pp4pN2!f@k
z#v$2KjMM*Ydudf!PG1M_c@^Bd1#Z6|?s^D)@G;nZ0LJrTZel4n;$Zw$vsxKjO7>)%
z%)KIB8)wWue~*D1um8XpjilA5Ot^JBZCNWtP4cP8+}pq?$Rmw8r5V!PNm#$|k_d%<
z8~H5T)#;XzL0Ge_`1iciVDACsp&fA7!|3e~!rfb7%P!bA3KK<i=o*9?faxn~w!EHO
zr^ZQj&-r>a`tSCGam?`U=3Q;D_X>G^`pm#hWa|>&*!Z3H+Kdm4kxe|<h_45kw9!E-
z@r@=_o$s@4Z%?WSFmD((t%6OfkQbf>kMD!~9)&v|MsIrve!2~|?}h#2g)B;g2*97%
zd*$mOw#rfgW+JLL$|rnJZx~>}<-N8|nn&12(vv&=2YG_~ckBiqc^k<=<)N@KLok65
zeS!7!mgaKuoi=7G?P*$C87!Gs{5x|kGCB^A?uDOjD~#c`N8sl>VCR9(E>Q}DXtKm-
z{Zy6dq4AEzA_4V!w6GA%`$)7^OTWY$x3!`q^>ecO+R=G8C=XIlp+UPbM|j=Pma<r5
zaPFYH^*WQ8&9rB-Wv~q^7sASg$g?)U{;`4{-Mtn4@fNs!D?Io(?C#JdKYs{hj3Zae
zIXPg8fgU=KT}~FT{+4D)uJ>ySYcV`IGKf-h_ZqKmwa$Yj(jEjkh;|Gh5UP>v#xiSD
z@Z~Z8jb=FS>YOEedk$9_8GsX)!ih_f3r~VQ2jPL8aQjyDM~}eW+hNOI*gFoYAbz5l
zdUsM50RkZ~`Ubz(hDDR>qD_(>W7lnz3t{wEam@F3UXRWeRJMW4ucs_AD|LlVbrROH
z7Cf;y|5TPtV8Jk)vI0(7fn1uy&i(My$KbZD=nuETy*pw1emIbK@&_pXbDa!cUSLp)
ziX%(CEiM&#B%Fiw8kFvLLSymsh7_gInsHctgr5rBQN9~=8^{Bwtg}N($}3p=gRDAK
z4QaN$rFl9_JA-597XO}p95OlqTld1<JJ26(gCB2$pY4X72Vty3mw@h13#C9DHHxM?
zLy1HlZ1C46;DmMR@=}xQ8|SN^V<<mtcRa>kl%D|44a1lfS{&h-$*?C>e;vE@{Ilf_
z?@TL$EjVrg9Jc^D?*!O41`q9qJ9ePAZim}<z=L~W*EmezM2Ai(^RJ}G#m*N3+T-7=
zu$(0kW5Z}O_B}#>+!9?aGbz*KAosLUAkP%hJIsX2+Im{~J*rrTgmt^%KkE6XtOzi7
z05&dxjZ2XKv>qNm2>0!VAMZf_V>{gSIBeMu`-<nDipbEZ+~l3B(Ul@=TQUs*>qZ2p
zt>o(#>!^@F_Q+esd+l!p?rW2`$`0-X4gy2fM*Imw)XJ?6P4GX-6W+sFGJ(az#lJI_
zAurts+Yi9KyU<%7g<BtkpX`Qh2aDy_(jY2E(ZE|*R`zJX*WK&f>%IF)v4~_Q>#^t(
zp+MEP?ge>N0QAl00&E8U5jf6V>P$}19iaaPuFl^s?U@a)D1V}s0~4@iAKbYMy=4dd
z=yCY@UU+N_#>@O6BiP8-WEI9d4#C~rO758A`d(dgwWsd6a^HZun7jhzUF}}y`Y^~n
zlm=jRK%Eg#9b6au(%aQ}6#Ua$hFfsLd^lk~@`BZ{XAJJ&2e&<r{@^jVeHYw+0QO82
z`2!SDrH&TWtsX)mN34q;b&*Bt+pb<S3fuz4ZqTAk4DX^fdMj{V@Dua3gA}6tt@{k`
zQSi^WBEb9sIAtN6vJiRk@$lFv{B$qe`Z)T7$KlRBuw@kX=Y=CH>5>gBqEWzF6>Ng1
zz^T&fw`?zoRj9t61%T}!x8b&`Z+tF@{w6A)L9@<#`s#j+%s=nZ9|cC{776bKFND@n
z@Xx9;nisjk-FpjT_>bLi&py~b2ICN49jbYCPTzFeXBZ8)-1u$u4Cz}aF9LQ|5vg(u
z$TpB;d&g)nSSRFEl4fA(GFZACcJ73Qi;hNs*;EEISUm!(N09T5DOQoT97I2PKV0_+
z@d!{h;5kRAI>~-ldn)^YNL-h|X>tDFX&>0d_(=IuT=>JMp9si4kPA^cF{D9tq0V`q
zP<dQ3*tHve@b7T*zrkI1!j4BF&tY%?1_qtghofc2mw^lx4<G{>+_a+?1x!r%uUnBC
z@Jqy7NB;S^GjZtk51?`o<QnpU+riBNG=pq>H+k#3Aivn?hC*~X)V&rM9fOCrz(Wti
zzx^AG%z<UgVeN^qaTA<y0xVw+BO^x*Vm6cwb7AEW{A7QD^V+uwig(YdNy1C~od4@G
z$pqYGBpE0V0=FQL?OReEmcIT15MGGN7l1j9@5IITTN@Tyayc!Ms#Y83Er1m(Vcm(a
zaU-lf9+obF!NKWP_0eLLF-6~c7kqg;WU&{j)g{Ie>SWzKwU*XX5BA55sKDvpA^Hkb
z4rcoo;}LQJ<yPQlsGO1<Y*_+pv%-{b$(?oPOp5yhkMD-ZcEjy=!NC71a)s5aVdHw(
zxDJk61&bCytHseW1ImCPXDvW)+z|(V?M_fXv32nQHpn3!DX8`b;TVd)zlCN8vjYnO
z@RML5dl>R>ft(UgGKg3rHC7H4<0y}n#-Lg8?CiE3u=P>+!H<hqpD$ffM1@W3VZ&Nj
zxg6%r?W|89Ez?rYm<RLPu&aEhn#Z}jw5NgR@ACA{+v<WFR}kFcP2GF)4WifIBOu>!
zrx8W~Gza-AD!&Ob90j;rr_l`!E5t=2iZ}_>!BKc%3*5g2zI!vwnG4I8!MfvN^Sa{m
z*d;JLbTofBl4ad6tQm$|_jR0?mw1}qJw=JY^zzWqfMU+N;;8=}xYM0RfEfLqi=g=B
z_?v)Jdr3#X{LXkmmdWp|HnLEV?hiBP6o0n{V8MJ?wH!9Bh0Q0x+Ldt3A{aQj+<I7x
zg1-HyaP4+zMUv0P;7@V>ew`_?z7*uGkbe|yksX{51QDQ9xi$U};{)FWIko@iIx#+-
z!FEgJ38ujMy$M0j<KzmD?Se;l!w>H*mR1)pgf%N+^IF)n29942i{=&2<Q^?kR|Mp#
z^U&)ag$W~yCp~it{6;%X49Fdreccw|>yUN94@Lw4(913ccp-2-Ds$tnI&q%?b=O+6
z8UtzYsGN1<q%IWZ9nX+c(5R7NIA$@dTLmYtfepvO>ZLGu_-Otx73IhK&{y3BTYK+6
z1rE{k1ARpgXtr^aFQD=&;6OIoGXR?>6bZ@qQMnm-PLO1{%bBq|aj|;_Ry%chgLP9Q
zc-d>`vrMRw;z9GDKLS773SYk!=FWkY$H2x_aPsl6VI>^92!@X?w@#|88G;k%z?MBd
zhte<SFFz~0Lw((Q-+hlC^c#$06!?3D1O5~uL|Gwk??Cb!fM){|CczB=T=D48%o{`u
z%1pvj!tI=wtdrYI@rJg?AAs8*K>z<Az{0t3{4!+oad7f#IB_{Fop&^UXj<mC;EcKO
z-M!R1F{tV^@$*hV{f$_!jdTujJMeXYY;;~_3Q-=QzkLb7Q-B*m)+EDMCDZmd#Q6hE
zZLqUEzeBf5Az4o@#eQzcPne+hrskZ^J3Ix324U%f!U#@YjhwU!)+~jEBS-UxRQbwI
z^bJ2RerG7E$A-I$qk1G<Kna#mNztG8(Hi~lObn5Y&aDhT?&>rH$?rt7e*|6|bmm8Z
ziseQI(``E<EPNp~d3Bx_5qz)X{pgzdeU_nnbOIjS3HR@WZ{35=87k<}#$%CFR>9^K
zuzC^99ZI;3Ct*2x1eOoN{bO_=!f%?i#@Iq#(hP);ReFZdyM7z+MGO3pG5`ef_Bil4
z&|d{v7`5I?PGD_#!Wrx&Xphec>nK!2h#C`k>3Q7zVedHHvmNf<j{fgEVBQEEzZf>J
zK%TM^HY|f<=fUv6bi!}?%c=p`JPbb{E0#l}NiN>sHH#Yo@F8kI>B#a`kXsxcRw+qe
zrmuN16nla`2Xbk2uqOYq=uZvk`^gRJR*+oJfb@QmvB_#eY-u;w;+larES>`=EJaRU
z0jI8j6PLi!5g2$9Zr8YGEBb-0P6WV_qyICx^q&V>x~-$p#oxP7c`2e_B_Af62&rss
zFxTJuH9%hi@>i$~n@d;aq+Gt<B-C}k_p#L3#E_i+wE}LZ{mCxTcDX8@{2?o%z_R(U
zVJULzv2e<AShEloK1r5azp)2>?ftMfr%Fv~Zd65?gjFXa>X_nsx)JzwU{5waVh+98
za)-)4fqWn2dC6oocu5x2g4ti{jQwn96Yy91b&F4>>L`;x4nt8Qovpwb9Grmr9*3Vj
zj{ft{iacS}0@!>Ea@uk@=@?iw59SU&G4qE_L$G=P?ilUeqzrPlQkD^!#`49$SyBW3
z?)ihjUjutmL$5c0!kg|u^wX$317xTIwB&EQ)`8v^OyXxd?d7d%U*6vuH4<M*5*jTj
zAscPE`NN(uxZ_c{Z3p_LpA?Z`%|bY(V-TAb!Lf5;=m|oXmbKxO5xA|B2nW31iJG<1
zz3wd$jU)B9ftvub@!{yu8~G!B^~(TV4Dtn3&hK^{eM@xB&8p}mCVM9_G?*m#lg5Cp
zh<@moKZo3r#bCS071k|APCEupTMFwI6vx`LI6QpnG4v0%+72s9Z5)}o3n)!w8;j7z
z-}`~rpnM(~A{&p(wIKxpXgvn{DUfHO3>V(o4^Qr-oXI!j>)p2c0l)8U)cZ}Y)G}P9
z_)1HR#jO+6cfDOlN$#5z#uOgf2M_E=zx{CWR_J5r!luQ@8B5_Qi($=tSU51d@`p2r
zVPOj%>-_RfAd_-4V-mOtdg^^f+W_F3sC2x4T851!tgm`Gz#=sJ8{ne8fEpaP2A_JJ
zcZBu?x6i4eJzyH78F{?K-1k`Jr<sGKcD?%b=|l)Ap01id2*=HZQ#uB5@<LcW2j;Z<
z(AG4R9TVuUKLj@)=sYFn$-2>#TwpG$Af4YWNMNET`#r#K0)L0(#FAfntu-(D8?OX-
z5h~Y$ENIT%Ql38{kXrCpg;&4S88L=N!cB#5KVn$pu;fE{K9|mRZ-I6TmJGoO^We0_
z$Qesu^L#jVxOij3OezZc|89lP>?#bPsb1^k(F9-BW7nhEYe4sAdHp?_{x-c7gZxL3
zzeDA>l0TSnD72@R<9q$k@%+iv0n6L?VYUzOCk>hiEsTxNspBToIk0sUw(NlKJ%$e7
z2g`<G<9y_dMR58eSU(q*3{HRkARtd4LI2mDVtaIID@#(g2A*muX}9hc;G;;sH~6iJ
z_^|sc`ifTrJQd{cQ8_+pnbAp-4u?@s>xR)D=rr|%4s{VgYdn9Fj>YETKj)B&8V!Ns
zww2R)Lt9onlDKjNPF{eVwGd974=2niHmOZV{&3qU`jUs?;k=jgbmwi!5v)iadVDY+
zmGqNi<SJC&4oo!h{?Km(pfdsFW|Yr>yc>{4UeZiHCH$B43gA96r*0cfy>=|**5wUR
z&tIPRo?WeLKN^v+kC)#w3h=8G@9(^GFWkNt{f9@2#CgpeIDG+f)&e+X9;_aMIY(%@
zbxj-A55a>6dQpssT>NNR`P&0_9fK&&-G=BV5S_>-ns0BPl$+3(zXo76D%Vl03eoeH
zO+9YxA)DsZrFNa);`~h#-q?7fZT4w|QEF$kK{(FXHM#VbTn95)It1(Iz!?jWv*y7`
zb71+vVa*@(j~;`ocg6Pwr5s$7>s%%PrCtsIZ${gnBpah21DNE-_Z;$p2SGmo@>giK
zuy@WMtOu5^vau)Hm1IId&?oqfegh+f{s0ShSog<^Hz)c4za;87@+^-_*10<^FfPSQ
zZ66$iZ|+7%T5#+ToHT-*H6PBL3mb-ENxSn*@6;4|+7LRD758BS2iPFWH;v%n(x5LP
z`u`#Qf!~#2-$h^gI)FjoDpcNB4O<bf-E<$nf4u`(tpiL&FrJr8{&IN}?^DCiqdA4u
zcjEo{(OhE^Kyg3I{2`Mfe>iRkPMw21bsn5C2i6S2g4Q9R0{GcD`YYSur!|jBcJ&1I
z^WibW51uXfImoX8|BfixM1Q+;56SfPrI!J^0nM%lIWuCN4K3PGTt(rX7gjgs_3n)q
zV;tts0r_C_DMn_`ukRHjCj!N|e(W=PT?r(MTKd50oG<B8y9Eo|ux<#>n1eiR4m@Q9
zR<&VHpLFS<qQA8RzP!J9kVqvQ%c0Q5sw~GqejkymQPnK(pU@oIvwzwG<sL+@K;=^)
zi>e`-J|^P<#7GV`CPcHJ&NZ>~0dSq`qy4zoLK2Yf`HDO|&)+?78C}`G+eV#n5I<KL
zx6plDGzT7?fNlHXd;8JPJ_g4Oz@}k1djxsf2y7mL<t-Sj@tH${oHK}i<zOgR%Sm<T
z9(j($#Z!<#%MGY}8bvdm9Fz|!0s!c*y&gmd(CiA7w-vuF5cA3j@Ry*7&<#y`2S<o8
z-rV>H;382axZdFZm2n&UR{Bl+V+K~Yd>f-*!TALJDsRXk#VXROL3qkwVGL&v!TJGM
z((3JBbjvpmqOW)ic6Fv;{gUKlJ%4Y!ccSuAkXt$CUb1Z)CWYTaHUI$q)i(gF0Io&l
z{3yL?lIR)AoqWO@>(}kWRZt_rHvn+ic4o{i(N@eU__FCIss<FVfdK_=(OY3^NpYWH
z?I4^!h@3MFXAHvH7R>KNlr1^>D?8wa6TQ`-SU%H4=E1!J*#r7}ApZ*$vW7RktTJ`4
zKhSIo=(|DIqq4RbXu`w96yO|JUx`hqlj~_>o-TSV9(D81xoy>QeNXWw1!!u(qybac
zR!>Jx-~O2V@w!Ed#JRk=^|-<hM&af$^xFNfB!dkDaP|;#&LEuBhRtobb)rgLd>N!}
zqMBm_5JmYknq7zJA%VYaeM*YH_)T#7E$|;_y$0kXsLXFhJHSi^Ezh6(K=$ind)j_}
z|8`Qzm=Dg>0)S70z+UC4duFy~PJX>f&#C5(3+2DObM278$~KGw4{NC3CWdV3v}Xu6
zA-o3IlI4efgKx?V06_oqTL2wIv-g6$4V9K1*0Nf`_xASGz4F5Fw8=0ZQAnj;>3t&W
z{F4D&KhB_gU95lKV7xgskyj(R2>sn3>0Do~mI=mqYuZdY1-T7)C2$L5WM;JLuT1GJ
zLHYZSK;9Zf<-@4lQ1ud7_0yl6Q!3OasZ4t3{cs)&@BXH>o^YKy5LJ}Pv9sR4pkF5%
zS=>Arvol|f%)KHk-vLk^OJy8};|b(q$uN;4S)XOq?l|1>HqobBr+a=o$UD*OmV)|B
zjqjfNd*b<AK(+(FkIMIL&W}e~dV<jC>(eb^NmW=C3gUl{)pfv|0$s}UTVRS&1*AH*
z3OJ0q=J<`MR|2Q<zE<DE6OP{nI^LL4FQoD}{B>oQg=5B$jcGuZ69H8AgIo#x1ENf3
zy+2l_+yLZDR}_QKTXzEg6}YQ5(d#Hr10frV_Njmg3`emlm`QOL@Gg)IrPa}zvVJ*4
z|6!T#STX}7##sD+v1k_a&}tkbLT!@V+~wdHZCY|MZhZL;rH7PI$9B8pz{gPj49E{P
z>GjKD*%c-Ka8)t*u{r;OW^V&|*i^bB%<j%k%ae8i>MM`lIoG2Hc}K$d0_7yY<|{GC
zAKdHIn~&4B+dmlJ{XTKz=6+hnf@6e+x3=;K-_iJvAW0>C=L9Cu0|#WujA}g<1-TaF
zeF*!f8vJmW3;;mB^g(EiLTmiXsJs){87jR{f(D`4QoLtCmInobO;@J(HumwSXiosJ
z2!JZaX@v4v-6$n63@?bDmSGcVg9u2ew&Qy3ItKxv>{9YGsi<d|J^9@T`~k4Db60N4
z%VB-4PQLtp7#~tZ{|c3Nqq56?eWF^SGwQjV#{JN4Q3IdTnug_qA)-jP&q`Es>cl*v
z<#mH`Gys3aLpx*c>%N2)LA?D#NJ1XQ0z#vl$1v7zJ-oiVbNeS$-h#@5nPyCOt3xeD
z4@;|F(Tm>+<O68yttjsSnX8SIT?d5Joz?PKg8y1dwiH<LST473utpx8Cn4}G+Lvt0
zYoo929_4k`Jrv?|Df<liZ`gOxml;jI1@byNzvq=5MwlMf2v8Qe@e0V>W2k%-<ozJ~
zlU^eb7Orrpcqvnm<*@|F{q_Q7XVrcxz@hhdU*N|ce=NUnjkyWkF(V=N*ecY~i%zK=
z$iJ>k@Sz%6Qf;}pS}2R}gS>$w0Dd?^1^^&8y%&&!z=u`k3Sdt(M7m0iDYLS^PRLv9
z!Ztn~@$2G@#q;!0&}Wfz&eC9atkzn+Q7>qho*e3u`-+FR0O`sDqYbc)fN)%<>|^62
zavk3RE<^Gk7T`R*;CD29<Vya6_W}$7Zvc4@>b+hiP>^6!g`~%I>RCV9VI{y7!=idk
zkbL8T*Kf-?AER82Ie)AV!x32YsE&#RZKh<6AtQqhS$)^d7ycP|BXBz^M+E$(c8_?;
zUvN3V0LtqiyBw7zHm5XbfW^(5C^rV!S_MJ)#$zHtz!+CQeWgI>9*b;|XvDQ$*(TaB
zW$etgGOnz@`G!vJCg4rLJx3D!rM9M}<j=nXvWXTG1Ft~kN|58yUeFS(!SP+t_Vq)}
zDG*s+u|fMu&zS-UhWGZ4b;px3hVpn~S8hM@sf>YiTS2a686o2!*Q4?d(EG9@$H=>7
z+6(|7zu^5K2+9jkxf<k@uJDB3rm8^Tv2C;%A=v|A?FtEA9}T>vNsFxUGzDGRS7v~@
zk2Wgw=n##-Z=>(J;*CcRfczP7Ik4k!+~jIfrquud^7B7XC|BfZs9b}}v+dQ6ly~y4
z@qlB7-h{Uf@&^dLR|FunGz{XvaocdlQO>WgHr)DsH~@{b=g(zQ;O~xMC&>GOj{*Cp
z3;Zwx3;-bi#Se7^r0YN~2YCs~K%6qT!h}k~nfqX;fs#`InuLeb2K^_a2a&n<6FnM6
zvATS!GB@I~PZ?0vknaWFh0687*mTeyx6B9wC`*3c)c}i7-VE|qR2Ii?7C|i#y2oN5
zg78QEEbu2hU=#>t+eE-^&<SgvvBWYOHGJ=n4eZ8|(1;?bDCI}pp5Z9)P2lZl_Wfd{
z(+|JtAAwi$=l%&4k81uZ$mOVPY@VETrqmB`x^*oeQ{!npfOpS3=Uf_Mdg(fkn=;x+
zn=u(A<q)GkHIc`aUnQDU#&ZCbYtihFfcuf0OlQWg<IFe%0LY*F5g6D9qjS#!c@LUh
zj53g3ArYD{$Cc-N&z=BHlJh(5)dB~?9L1w5-L@eKzQFjPKfZ3sG8K^;%qff__n~|c
zvd@C<ohiUC%ZxMtfczPM4g&{4Wijx2RNjJS%i{`&c+I9Bto(EVoCFhwaWse?G4NHQ
zM=ApJF{j4A$l?J#1;YCDS&3eUve!u_fPVtsL*Dv6lIu(ZKg?hQC`*3s$05sGOtjAj
z-i>C@1j1*H`|-v;NCN|?qdyj9F$}?P!yjX%{|5A^pX9lp)gF^dSvR|kv6XVG&Se|$
z35r#otsqRr1MG*R%y<I;$e;D6ply(em1y?6sQeDdvF5K-_PtW#UK61m(d5uEzSt@Y
zU~=s8c=9E?el)Q>vSGaatYF2QLO%x7o6|TdUx(~{sC*L`pUx%DCS_I_Kw0u<d=k(W
z$hm0t4&VY*2J4eDB9tbPEH|P|uHhK{#l~Z`nb&yoI?5Lq;biwu)yV)ts+WPv{lLe8
zPb2wuCfa1oOt0^jS!DnK`8l5fQGmrDFDI8bfSe2>rt)G-lHj~&$ODg=G^Y|=7i```
zHX2C|`&r+QQWtOR{nU-ooxVLkyCM4`Djz}R2MGC0r8`!cbp}wD{G7jl_85#0tVgrU
zP<b`Tia0;6@o4@2K7gAvMpud&fGL?YJN@`etp4?rHlPO7#y&R&d<*ypWM2dJ_xoz{
znNVh}0hA?w`ey-cq3x%m@_JNW1m*5h&kG+CMd*_sS5{SGG^Wox&XXR8du`dT*H-g3
z#!<Ny_!Mv*l0VA$@Qk>rHJLIyM{Sh+secW~5X!UA>~$a)qq49&&AK)E)KX&Las3q$
zC%5R<O8{Ms_R4y}`0&PVY!{Es$-l0S>!-g@pz>o>{sQDWCI%jwig$BPcX`4X06>1`
z-;`4t0ev=PuSMlT;203^2QECmZt`>&psu%UaHrWdq;B6d1a1w5E8DRsTt9Rsn4>wK
zG2lnQ=g{o)j1N6PYg}g|-Lc9O$^hJwpLrd?Fq)kWyaJV9M&<Y*S+1oSWfF_`cT>vJ
zxi)oU%BnXNv?n<y>WpJwXV1>HXm%sY76i@4ho@V$Q(B&|22hs#j4uGR$g`6`UX046
zAWuPMxW9xq1~MPeILA{Sw-4Z2e7(_5S)VpVC|vJTQP~3Wb>KSS>$DH<<iLU{eI4OU
zDo=O=C`<m78$d<K@?{{;LFL7$oCmTJl?K0c3`rxY-BVMO@CG1{Q6>xEp24LI$Ipj~
z>-K^C5S1H%uYlY^Hg=HFc~4m2m*q)g0A<NHe+}9PKxGivjLHRQ_5zTnqH+vKfw0uJ
z=)P!AAD-Xm{@rmHRO-;{9ss!;m2Utyfqb8Qa62+iHad5@)pW$llg<F#lAnAd<O3iR
zb5J=6<b2?KG&>z-1xV|VxVA}EYPMT+>sl12$(D)4ekPUOAU{FnyCDA?&HfeT5g^Y-
z=TEmfrlmZo4Ztn==C4uw1W-N)&DNswR8*b=at_K`$QGiVpH;M0V`^!K5UeJZ^-Uvi
z_xL~(^nP^e^>qN)ipmc`zJtnlQMnzJM?ogCgA1lx?9*P38bGAv8~z!D7Ai~7Y&~!q
znw^cx>8P9tvKSaD@&|uUeoa!Hx<j3!P?h@)LG&3%WiRj$$en0*Gs-O>w*wFIjQ_Kr
ze>tCQ|B~qz?Tji%4WMDk*L?%>wjjCy%~k;?pt1>MBgIo|t5I2mW(z@vQCh*0tGQxS
zbJMK)eF9{>LuDRE<xy0A(&6%V0rvn8K(>`LJ~zg{UPd-HGTow^(dDQCOtR!CocL`R
zAI=aR0T!d#a#WV1avaDBsH_B*qS+#f9}!;!GJ?tg$N(@%p0z=8kTF!oP#FbAL3X3E
z6U}x4J5bpM+z0Y=RJNe970tE-d&q}Ik#Vv;%col`v#$JKSM@d!yD-{400000NkvXX
Hu0mjftWRU2

literal 0
HcmV?d00001

diff --git a/login/apps/login/public/favicon/android-chrome-512x512.png b/login/apps/login/public/favicon/android-chrome-512x512.png
new file mode 100644
index 0000000000000000000000000000000000000000..6987ed11b45db3179879b2e0892a7afcdd891249
GIT binary patch
literal 137768
zcmXtebx@n%^L22S7MCI|?(R-;FHjtUQ{0P7u@)(mqJ`oVcP|dbCAhm=a1sb4{P=v|
zdH=}dnP)PSd(WOd_w3&Nrmd-jhfRqM008h*l;3{<0FYlEkpY<KFJHHQb1(n^DdLm7
zytdZ|B{@131$iM}Q6V8tJ}zDWfaQnJk9IW_S;81;qKKUcOk+bs)NiC#42qa5n2HS8
zvU2fT6)IfZ^ohG%Z>`vu(23tuSwtbwR<IYo<gt7)G%{pgaS%C7midxlWOul_d5+uO
z0K_Uujo&zmRu`&?dXgII+et1wPPG%O+Xm7V9G$%9A<wH0mYf0(il-Y@AlgE!1W6Z3
z92`h#4D>j;B{-=KK^06F*q>R;l-2J|{j`7LU~gsxG>*G5F^@f2*OTIFd?}V+`cb*<
zfXB|t`Hq8oC{v||HT5xr`%|3#;UNPg7Me%Ym#7uM+fV${kHSvfj+;vYcO+Kq;rs)F
zLv%#n=Hs%Abt(hvHE!%*rup61L<K{(Maw*o&n-0pR{wOXHx5u%<1B-2WoPk;aiXt+
zoyiA?YNh)1n}6ksf0@>r#?hbf$AoaUwpKe%OSY~>pEC;<D5xguuO%z@JW@1r%N=qy
za-;`-Tt2*g)t7axFI*c6fO~FqUE`RB*>C$B>WaQZ1<PI8$O{0#A^Puw1o)Lr4gk;r
zRNl+#`DLGV2G;tn>MuNu-<@;E>}7<Fs3`MT5hCqpzgMe!MdW}=|1Eh+!{m#vQwuh!
z2Kxqp%5D3#7rp4=J5*HlK1LY<BxD`BS8jOguN*%8WpglSTDN6kby2HxA=VjgSv-^8
z5FCUh*iQyes(5m3+D??41zteSoT^2Kvc2N%C9KEWetq{$DO}?#elE7SdEazLa|aPn
zftGSZmBpUdVY73qk|$$78%;NgH*)g2vO`-!(qY%AO?O;XCE(}#j`iX$Z_f1Y%8d}C
z8EzGD`t`*EsQdAH>;#<7;IeomUD}fSbEW&ot=Gfn_9xN1+3p`OP*cr=()00E^1RN=
zKVxu%uUvaxo`}mr2b4^I-a4z$G9HVbj474n<`nuqsQ<=;&(6UllXF<^ZZuA#=05K8
zor9m={g!sBm`nHTgM2n^XF2`$ybF6;FTV3egi8K?zR)mUxH9V8&eYK6>~4*SM0h#E
zEy`P<<=oPR3!4>px8^F(9qZ4!!Zb$TX!co@{7XFnVTIKDyex3`+@{hyi(()D@5a(p
z{>O!lIZ~=F!QWxW%Z{hVLA(k4xL{9z1Xse}BEk3o>1T7U7SK*_N!2f&lXNQgrFj3<
zFj<1#V6ny2L0UR`*~sP#6b4ggs56kE+EN;Z&T#Doc1d%60Y(2*`rUD-aeD4_eV4)M
zv3(K3{BGZ(@$@+fPjpo0`!!|?3V?c_CDHxZ;%?l6_3ltLAZIRz`R?$O<a)`%#YTb^
zxr@u-RXycm7sbrJC$zL5s5Y}dV0Wf9|8?k2H-f$Rl^f3i7OHWu@6($_LI>RF^^=6h
z`tNu^Q#8_g|Esequs!<DW<_p@@yUgbNvJXWmZt34yB$Fgiin^nc>zO{8v`IRsw34i
zV-W%pRG}^DlF;gu)N%=~hFwdPNm6Zq%@_97b4y}2%Jbtuer}ZgJe9ZS3BGPwhavuT
z`hvXIxM+Lu^zuRSL5YqhAgaTX+NKcQ4t*GsDMvkFFAEhiz?^LR>zlPF{yPYb%GJ&6
zheu|xQ|J>W^UKBw3aJ5GFOeZH?taSovyoHSEM?&cGH}Z+T97smZnHBuZwwqfiHIiH
zb-E21JfV<JybxZIDt)*QGV?{JJ4qYAcLiZHS$39!N1d9*mN#Y-)=O(_m@r>Y{Rxul
zCqfkr;xa-5hhhL67P{yykSt?6m;h5SHDj%3!>Z?uh1qt-&i3H-_UFw1k^^@i08kPg
zExPS~n!_o3{?kxrkyF#$C3AXglw96R6Hl3ZWH%?q3h7A82_gscRNFE5hc?^F)hU@2
zBryKzo;O(;kh=1(@b(8kWd(nQQBWT7Y@B`q83E5_zN9xvMW{q`sU5r(IpxLE|L1qx
z3bAMGH0kVod<yi}3WPs<K3v-My(GwE+W#n#3}cr%lb=uDWV$<41EZaQiRKrW=lw)+
zy}qT^w1;!fLH`D>-=0ZMav5<@qpx(@28<q#o<NNT3c>?uPhvbKGlCk#TKU7;Fn{on
zFDg#<CE$@K)qU*~a&^JXBZSjyvuvYAGbSx%+_{c?%|w}I@+ry=k$nLrAg~2??W!U@
z-Gxwk?tH;Tyz;*oeYQES2^v)ieyB3m;{Ir2!EsD97r>swo?z_Uh7-|6_bCzGr=$S%
zTr>7>i{JA5l{*2RX{vUKBl)b%TlyOEd!iiCZ&mgdChI#b&KoTek$zpFq&~Kf&4&VK
z=6OoFgV|w9t!`*CnC|;7$EhxKhF3+SPpf^{RW&DI<~gkkJ(Eq=<C2xd=i%}f(hB{L
zv~P4_?77$5j_|1emSiEN>k{l(e6l{f9^b83=0j<|`MEo%{IEkhxZCv?1~Bt^=3j>D
zz~vCB1awBFUky{GR?-CnW%Bh@tJ0e`D*6?L%Y3$&Oy~MHc;ZL}AS!oDIU6Lk^Q#I7
z=mw)>ljA9;J}=1RdGTayGZ`k%2zP&sem*|*e$mwE|9I2pq87RzW3CJ*Du!68aHqlC
zsufeO?8)Q8`3&Hj3E*+<S-%|V9{53L`yth0q~+Li4E)C0BDyL#=O?fZaer3cA1M|u
zjOV+o&$Il72S?>n0tLBTLXD0)hw3ERI;<PZ&y$@Y%<L0^A?m`|YflrhWA8#INw|Cy
zLbGa2ys1)pxoi7^_5nqyjdK(U@ZHlS6;W<+MO;P3tz#l>68wP6nNIsr(j*RVwp7_i
z+~i3saTU5p7BNP2n<PFpA;Qe*8qJTuR~3JKQ1oknR*@^gp#c;L(QL+hEyMHv$3RB_
z@;A8=wSl~AI{Jm5*Wp)O5sFD)cod{n#vY5tnDx>kJoB$go-p2NC8dvqKXw}2i6b`U
z1)mjX2-E^%0v^L58ljKUM=VNh3S<8*Z!8^A&b(Q*VgB~mOW5tXT0o9w*8Tud?;3c3
zglYH9kzgo`At6^K0Ew8X9X*-{sk+$1?kOwhNnddZgm(G9+jF8`dbb?@z`tO*BuSVe
zNo_41&O;H8m+{XZP2N|!Swf61!~dd-{q3rHnoT>i9D9i0hlNhFEXzcFd3+^_o3)nb
z(v1+A(*cwD1zN|=+m`3T7p|L>{>Sx}7p@0f|13gSH6hxJxuw)jv^dbM+B`P84sveC
zfw<AhBfbrW-VA`|b#Vsqq(RYmlQU|WgP=Ag@qM!;Ol#(#xV5w4jmt>?XqiUKX34ra
z&ak(Vk<?6Kg~PA!U<>l~ES4Ge<JexrVqvij>{p^jk*^Cbv(dt8`Ruiy<L~Grv_0|u
zHs<`7k9c<wp|Z}3;G6akl^1c+FvkbDr<nY?HQ0pHpN!!YBifS9%e&Ts_qW9?BklEq
zul!m98OVQpYcY_pBp!^LC3iz#BEnuL`V5ds6p`}U>T3-m=VYR(r)3oxYlLbmjP}69
z!mt;}LVx0gair<%CiP1VR%5$Cdltf8v3d%-_wiae3{g-^eFow*f_?zx>ZsnH42vT3
z7$6OH>soYK%&g8Wbgy?kxWVgR@XM<G4?kg_<C?BO9k<*+3(t80kIqeqly#YYH7cu~
zUqjpL5tA6d<NM4Zn>4Fjz%MG10Q`XppTC<qb)mIj+wOd;qkebvhHVPS_Hny9_8k`w
z3ZBm=2?>X!pXEq*+OoU_<OJO%XT}*}HAWfv)TpR6;;XUR??(sv$z4LUh9jLdhXVxx
z+W`JC1`eH}r%hFul#1I&lhDQ&1aW0wY(S!gD4<8jb#%re7}~%9r&r0XxncL*R@mJa
zjT((EIijH_IBAPDK9G8*mtV&Pd;*tNM3Th^Fn!%R)O<|m3@ZAQkjhfBE1EQAjsYEG
zw*B6TU~OSPx>}wLr!K+*Ywa2))AzH?08Liksml)L*J7s;)S0tvTDw>0H3wtray%~i
zmA>8d4_l`~sjv#`p~$6=pFWZ7gcGT_>78zFAWjJ26%ToDUKVQhzlHvqv49u-oHJ**
z<4#(!S6MMn6#v#6pl(ur%K`nRMuIyY@7tzW+O03Ywa8e@Qz)01HsYx%Z2!B8l9*DK
zG6bp^BSaw+d+PA@9Tqnc$#nNxIM0v7mOx4HVxa2)hfY0p4uff;JJt<ZfwT?hHUGS*
z`+QkA%}4jd+-qPrHl5?o01?tj9$*Z{<`TJ!h1SJveV6>{HTvEDMWZl0VRtIOP=f0}
z0rX!}3%&a(^`Ywdl}f1LOhep{!nY+#j4p%rh5!6n)G0-}QigEl{gU`WJ`Qw9G8N#~
zH5QkEeF1@@xst*5MX~;Sj#JTZ9=;kO%}rI=02Ymwohx$;lznPcze9<YC5kULJnnOK
zRF1UV(Qk(_-@^rtwy*4IX(OY%9oc~@zr5YIJuL)M=K(Z9r*^e$KRc4Y!-}rdV;ZPK
z6odT>=en9YkKa7Yy`+$};eRPKRD8P_G%Q#(rp6E)K4&h{)Fa`$NO1ZiW$@(Ms-%gL
zpLEqH+21ue8&5fj@BzSMC-5tO7(U-*gSXS>>Su=)D_@^`h)dqEHP~#^USU4;NZPUO
zMp^>m{0Tn!`;@UqKj@ZQr*&Q?-mt?B_s|OTGtb5fYoL;t<8iW{eDxT={H#zd05cfx
z#nmu$a9rX9Zrbu$cBkA%IKuHx#@bi1Hat3J?pYE8{v!d+?0+OEQH9AhA%^Bx`72@^
zqI-{b_{`c_S44`?c}?v+f7;~?%wzmAYd6q9NlFw}70G?|xD+Kt=#T-W2==lzOrGIz
z>O8~DnA$W__y?k`lnfHeAv0mIr+Z(Hfqb?99#zGbEP8s+c~e04^;S5C8sM9sw7m9t
z*Ut!$2S6v@jUSY~>l}~1ntlCGgb>I}n|GT<ALUXV54^CShb^iE$Oq1fhnT;>Td4Ox
zc#Hmnw?^MBRMr01v&tbsx?@p<l}mbI?@x6PZvAhE5ovHU$W>^-O;$_OR$$qJKO&EE
z?5=T9h4DNFL+6+uLZvtYss;txY@<Z7kV|t9Dg>G|TpaZ~GovnJjrxdO(3-oCoGAsW
zp1mQK>`lG+c*&U}U)tBPj|{7nM7entFJsy@{>%k}LR>%|Jg-KgZMifJi>}k;oa`;*
zoG0;}2hhb9_cxu|o+?hpPFGsG;P!{V|1-ju{}l-m<;C3x)mkYl>7^|ooz=#J@!4dy
z32FX3{tN%F2I5sU@PI^6I;iIIJ&2@ik8Y}!BsP8Z@bV2_D%B-2*SHCnVp0zC4&=<@
zfo72Hgu?tw;fmsy$O<WLk3euB!aql*vCUayj_dLGqu4wM6CWd!LtNS0j=7p5nh?Fc
zmb5_>#oxjwATM#El6Epuc{eWSDO0Ki<UCUx5Lgk=-W|LOMa(U=y*MEh_W$hrJ9C)R
zxmelV%WAoQtlThyN1Lbq=y{L5-|ibrQM69RUO0Z#KC<(sSWUFw3+B=Mp)1pGA*TFp
zNxvD2x7w}VM&R=ciPayMvU6>l0~v*c{wJ<aSR2cg5C0w-otf;ieV|Uz*uH*`(l2NG
zwT{zd1Hx#}H=PHsqj~a3uHQ5V)Pr09WG@`u5MI;k)A|tC9sv~t1IGeMt-4^ZCb^z7
zx_@4P7M~>VAjWt5X5iKCz%Sk}heeFVe@s!Tyj@(oV`xHP%%@9p-X)5Lu9OS^BGZa5
z*GsrPqoiEC^!5*O3DUH^7%{z_E5v<lvsE>kFKt~E1$;*Xy>{@0N)&>AqBhI+IAffH
zW^c!jh($GIuvdTClK^aNEp|n0`A=>~;Sv!^xq(acIMG;k-#nzGCIM4~F;7H$RlW&G
z3{0{MF=uz<avJ;m&Zo{yiN{_X&OcQ0$!F=Q!vliS)!d$AiWXJDoZ!_>UuyB76oUV`
z1X}Oon&7?~ZIkELh1uLRZ_t*GKZkeox@upO1Q?GdCvZ|8K8~$q7t$ORji!2EUga-A
z&6E*dId<}Uy8rBkBe7SW&>#xyPd)&W3*WxkrQq3#qW=Z~ruX44x#KG5g05eoYxyF3
zV=^QsWJbOouHJ(i+`fx#iMg9}2>l{}k;{4rWYK(AxTB6@gtnmZ@NbE?k`NHD^zQMr
zDA-^qGxI+E!!zaGe%4CXW<W>$5zB?ae_A57HFMGJR}k>{wu&tDqf0PMz+>#^YV3Ag
zQMb0=59cU(y|?J&41Zs%YTp$k?{w-&R({yp7YAG|iGrG#CnRqUVm)RN>l`UbBc4S4
z7R^L|k%k&NxEXJ2^(dxmMYLJM@IW>*G-W<oPu5fz0Bc-886t&$2}gQ=I$<MXbhSp7
zHdB~)Pr&^%n$0QtQrw~CKXOyFbL^hE_a9em&*)!a`PBVeGe$(EjTtydcGh)1RAIbx
zPl?h0k1Npj+eN8ut~&^tBOIgxH;Vf5r~WrsoExJe!`>w2=tHUxIUSR3)T=i~I^-v>
zt;tr9xFvTE<dxQE1$@7Ns5|uMPGe1Hj_?l2*sc)tr__v|BpDVz=6hs7VMgDoDwuT4
z1-S?m=ZU;|H_Vn$o2!hvugr!8<0@E3m3Lc*1Zfnl`1Vri2A1+DzGm##*Pb7{V$a)8
z+Pu~8`RQ3JYI*>ytg<OVWCjGb!LD7v;)s>Um-;|L`F|4bdtB4$t8sYq@cadKY(Sv8
z&=NYGRUiwsDgETzBpt*X73b%3zS#Yx**A){*HHeUy{@%rkviDjI_z|8`LW!)AyoQC
z&weCiGL1OGGqr9Cp)Oo1posbrA;C0?7Uo47i5`@9hu2D2nQHSs;BfF(q=zcDC95)q
z!d=P@;B~d;v~nB*U?>6GD^c3}#kn+mIEh-L{uf}yp4)$zTt~hXi_j{Dq<(m=h8(o)
za2mWQ`TwkD3<n$$hf`JZZ0r)8IU46Lq(JFmDZCZ0#qTk?dr*`jIVi5(anM9UNSE3&
zVU{{!-XZv}Ax=lwc*FW0*Wl9sgNAZ^GiikA753vlKlh5Ph?FD~Ecr%90edVvR(s)v
zgAu-v^E-1iIqc!-ob3z6-2BwB5uLsUYGh;~K4yN(5Fi`VxC|C&r1O`i>nncWQCSB{
z7ap0aTms#l<^^QR%QGYq>+k8*XyZN@<C8~ce2>zM!BNJcCV@8=xl^V}Z9o54ZrHw{
z->eKXZMtJ`G!HsU&Cz1>C|Qxkm<5cp7=+q)rW;wU%KRv-u1LPwF%||Cox+vZtlrzX
zWc!~5Zw?NgJ~2v`ZB4W`fErwq<>UR{9s*2nzuJGx^zRIBx#x;+5^()(9k@TZu=hGz
zlpvH(-Wb;_W?LX^Z&!)O@ZeiZgbR~(m^0$u6<tw6I?wc?{_Ek6e-5>n+Tb1>SDz!D
zBqOPeT#hXG+0|`VI{B7QWplCXroC1>(UUp-r5#{v3_}^anO{AfOW%B37BJLh#&M*|
zR%Vn;V_mYJ;8XpSE#*6v2fv}mb*H@GRx!6D#}3BXKgM`9a1&d14QWx~ctb4GvO@9>
z$mdDnmux&UsC_wO3W+yK7n;7me|DW3Z@rY->^iXgI#WW<Z+h`9IU;C>=G2MOx>lw#
zFzq%SidOrrDiev1$%IjjH=2G$5jY~cb6Pa~fh2n}Hs;$>G)2WW+(t@ixRCo<W+vBR
z^X`qbXy}p7dC`BTY08V@+$)!L8$0HHMug3E2xyp7Nh~%YNB0tSe>vy8QV*ykik&?^
zdCi<2d&TNuH+Jc(kZVo}!u`s2oT=LjHKU<XBnL!NJbA|E9Yk|&#xI_1Vui(1a_7<a
zaov)G{jaiaKRc_ir?mO+xGtdxc(`7QHq@$9a%Bq=%GCe6vD`D1qj@#?4HU$2yiHbk
z;$ziem;cpa7dZS|a4QHG$hKym_c?>#P?uMz4bp=exu*686^I^x{fKZ$MwmWUUp$3+
zr-(QISK1^Og**?eCwHj_KYUQpqL#Qfat=LU+@Eefn4SUn6{PD)wm7Hgc9zEq?v?-u
zbutVOa`cXI;(MH_O!D(Bl|Oi3Jl1_QnxY%G5mb{)*+Ob5zc2eYCKUwvtvDdL?1!Io
zfxeKy-Z{MN+uqtj&+%gyJvMMDF0rorBtAIc{-JH;q<rm5KEcWbMLoRb!j2xP4EgVl
zhWy6tZ|V{@+U9o$F3SV2?pBv<Q>!+pwwy89OPhs99qEotH@TGqq5|4CHm(nziwf5~
zUM%}(zhkI{K-sgDN=@2I0~Bmp%@bd)exY4Hs()}NHv&qz*H5Vkgcy+}G=M469fkhV
zQWGf(NcuDm{TztCj5=xZe*=h*pr@2OfA9V-cO3oruK9Vwrb9s4!R;HtYR0$~XwrO&
z4u8bQxlq8ZFd;vNvtR?$q;-W=op4`OaRAqE?gA?m4fQ^#zV506OR8l!Ctj_B&nCk%
z4QJ>2O77!8W@(wTI)aOz@8kYW*BIMM$KvBl`}D=ITLg}^Xi@s7tTw&G1fT0gp*G7m
z%uAX>KJX@g&@b1;wwU+xVUtLR_0AI#W+cXnjN`?}C2^0-2y{e|2M)S?WfV^3@V85v
z<%z*9@^_XzXXQOC4jJ6vue(n90r9OT2<mF2YI5+p8trvWs;0Gq34A45_-FfWIWCst
zipv%pji3K(SypueeZgRF-x3Ao7ZTf8(`j=%zyt<Sg<c)By%udzXEF%yTR1d%k7GjY
z6IQkJ#4KYB-sn@-nEXw*^lQY9ZD;`IczP+3j_8_uwh0`|+AJ(wd-Y#ffX4)liP{$C
z^vB(AKJBzR*!{~(dQxDXA&Iu%0V}Y2++gHO6gytp4St1AbU1FvzZ3Qg3))ZsH_Q%(
z06@66m1ONdnAnqJ4jgI<JCG?h7+KeEMS5L{6J41?0}_BXONl(V1MNXyuc$UGYrmVY
zk4ZYHsZ5<x4pHoiNAjveD!cv0k8~-a%ZBBn{Rsk(XX?1Jx|Zl%l>}MiYIfZ*3AlSz
zWHZ-YofBw09~9B6gUA2GWA5pKMhuG~=v5`%O9)uYlhd31W-bgsYlLbjQ1p`|9O`(=
zJ`bxY9c9CPlM<&#5}0q~fmdensd}zjPrH*1L=p8%@t0nMe{N2Z5QEwexl{^fzZx`-
zY`yPHf5O!WM$-s0UqeUNbva`@7sb9%h^{YPc-Z|TVrmGjS`dxYOq2Xvz|hzP6HahK
zrT~M7_r#%%#h$N=sO+HQk41R<W;g<#Y6&+=JDdAa{+mZ}LxZB4%jkfA6mi>hGs|U0
zB9&)sJakH++yROfqpoph@#+>(=35JSXD1{HtR#f=3+?6>+&+bZSHIWxxEQ~fk(iW_
z=VSA-PFWXt5he5IzdschBznpWnDIu3J{@IZkoz$Bg(>ZMUu`Y-0S2BCqDaVP9|g6m
zOsHa!J_Jt^9+KdW7QD^v?cq*hT)6?}z;Jo+&c@>dy2}YP2HZi-k5Om++Iu&ae#JWY
zK@0J{SDmM~+3@Tr=Uf4DUfLKxb5Xmt`7Wk=+4^FBG@EMGL5Y>UlE(=fi>{a}uHfEm
zPvBr3(2PU=9<x3^InOn76Xc$bx<$}Ke8bhETpen0dabl-vUwYN%F^;*pTWf(1}|x!
zTi`a3hKs5!zSml`4lgP;EBiZS@*1xGNt3GHKLl~I^2BA;LN<SIgH?=n5WcAs9`Jfq
zU^!7W!^3z_pf#O^Uk^nl!};zPSSlmDBIrFz!gt>MN(@yA8$blbZgvT@2^OC;OKfx7
z={ne~wmAXt=aREDU0Jel3$^?Kto$>$4(su6G(Bg&EH-U+N>@9+#?n_bs?Inaw{TB7
zwH|B6JMBMZ8Ut3E1X%#C`H(b#st_uWPuhE(=2e@aNAhN6?N(*SXB8JXc2&va>gtBO
z{7YZ<r5ozHJ98lo_kHQGScJ&uqZF6Nm)c~*q!x?#^s`@cnt#(><x5m4Y|%|Aps*X+
zDO;~D3<n6(Fi*67;8gW!4xZSZF<=3Gpxs?2O}lJG0EZ{oxrbhBg&BXd?<W)iTi~Wh
zMu0LY{%}-n2$RdCpvv-`-9jiHxo(ir$7SWqHV@E0IYB%CE_`iyZq#v?Iig*YDH?bO
z{~~htdG|isp#E~iWIUMJUkcsO?Ou{*$M7_(LlZi=-i?uGs<gL3d;VM&8WMP#6{7n8
zdb_UuGqi>|9LFza?QL0;)fOMG>im>{hsjDp(h$6?5qm(r27hC3zo`>HKz^omoddg}
z>78r>#_yt6b?;j%B<gz~!*NG*?ww^ibFY>EAcG2p14&XfY}Kq4tvj5(y`3Af{X=NR
z?5NbjxBqzD)KQUB`yrw}lrXnXFy`<L3z77{ite)D#GwpDZtT*#Oxksy7pE0L@T}4J
zvb@|ge)TZK16Yt~QY7=}phE@$tV7(e_0<p-qJI5`si-kKQqqDa9DXEp_7m$#nNdt=
zV^?_##vE*H#bon7PHdFZ>?OCdQV}wb94ecoApwxCtqC<Q;y)*!pSsBteAJD_)|Y<H
zSKlf!Zy@w<D{Rb(h|PJIT!KFOd7u?JqxU5S;q7h<a7r44rp3q<>15(R5SfIMLzIn-
zm=Jo3_o2hA4s1Q2MnC)u_Qgw>JmdMD%{}Nq9NVq0o$gZnS;|s}S|+7gn7pZ}IRUKZ
z|9A)>(CsPkx7ab4hGn9A@tmba<?f1Ds$(u)|E*NM3&smhH%qD55Z^LK5N`YekRzEY
z>reKR%M!fL@@;$8Z5oqa*?|4&t|(lqf06bUm1AgbPW3{!=FFk~yUK<-qnd$Kw*HL;
zUb_=sVA<ftr?UujAB8c(J|JP^B7dCj2PDw}@znrQu<tJs*pF32HL}bXkEnba&Dt#O
zP0inA3XUld84aqW?c)%6+#tKXiJozZsTpZXYkrabk;qmzO4s~D>>6*%f^R!?#JQmA
zV$&V|$=+?FqV|!#y!Grwe%0LPn-!pysw>tm1Q3*tiFdhzF&1;_e>{#$5s&QLyt&VT
zgrdaXBMV_52wlmsFz<Cf)%D!Es!B$vKc2fGT3#Y%@Deeq|I|>y5x&Y0d@m3YkoJ{{
zmBd#2yM(9j!KdHSQ_7jMgwtWIEnf^pPP<|`F)u`)bNoI${1Ib0Y27%!My4EB^NKQ`
zOk)m?l?q%{`&yjf*~QlUd;OSz>k;E-0Y_x30rs@vU~tv?@NuY`HOdrLY|Lz%YqIFz
z?0}2sFlhxnYk_4<i3oZpc_76KlumkQa$wlW6?(kMSv(DT$G$J)evl8sZ`vV$ABa-w
z9%no06G^D*7vV)@eM(p0<&4LImsitxYR?D{hpcbjzPmw^7@hb}<#EzO%xDYlZrPd;
z%#*aO9`y=pjnX#^MP^ud8wI{vTTcX1arR%jyjKK{p|jQMyCHn21H)N$-%bk?Zok@P
zB8s__)XFaC^_gcc|Nkt2&4S7LTWFr;_e;Y}ibT)@N7p~QOCU3xo96T%&(uBXu14XU
z9<ED3&b0X$(l;qwnSUMjl-YeNONYf4V@n?i(Au2u*Y){SjjDE`1BGtBr38KKth>b<
z7b-q9Tx{lIdpqVLvIfm9i~jwWW2y16dIz|fq8q#1A9qfFH{^_nm<`N`5K2KyDynKe
zSeP$#9a3$U6t2DgkDd<41RT(^mX^}HLwxi`a#ogy3gRvsoZO9xk29EDY^ou4k&~(M
zG=TvWin7-a{rISjpH9MwmclHRN%uT!e!6hf^Aw7R=ewvjnLPW02}d*hG9s>p?5y&}
zk%qCqI<gJ2;TkV9yX{`O@66DE{y3vQv@(w%0OZqS`=)!Qc|UyJ6_)+trEWNx!eYU!
zGMa()>yBRZHv4U8)N#nT`nlqFId6u?Pxj(M(s)(okQDha*XEJi9@y*EG}Qn)^{l9`
ze<Iq{7o7m)FqJYm0wNi@|2(7P3VSI+Oe$|NjDOw^&B2`J(%YN0ga@orIQjR=2qmUj
zt63?A_^j0!5kPc8baqKXyD;7Sf^&iF_zFjZKc5=M>87?+RyRdTe$xSY{)oV9BiZwC
z`Ki`A{pJrrUEJt^K`t9J+}{vhDi$Ylc0SzcP1binRdLBRecLB&pTsM+Xi7Rx8%eZR
zLCsNkf40UYOb0;}UIa#yp2XStEaokc)8%xBhz7;0Y--xFTEb$Q=!5{l8GfN}cer)8
z&11t9wP!y`awLCjkt(kDi)ZWZYec5$_CxBpFgP3f{}oJh!V8R_t;#~x9&_9nJViz|
zK2~G?eY0=J0souB+C-bYvRHhjbrHhv%}HGC-?2jK#6}&U@|y6e6>nIwM2}D)`#`^T
zsv%XVUq-&V$}Fpw4v2|Hd?vq8N1@rw?=WGv9ks0t#CUT_Jm%!v^8CARoxLFd9tsX-
znG4ulO&z6;F5A;B{q8|t!iUd<F<RWxQ2*Jkz;8+KygZsMm&gTO_w{00^H$e>^aM%R
zFY?1)uZ0bvnZ5q()e!Ox_Y2=N4$3>e&yjFe&}j6wxZmkODHRJo#rt)}P~bFB!2Wux
zp|k60Gn^T~iiFu2RBz{vX=OfOI@Uy6ZwjgVbW}K&cgOt6Y@@U*Nb6bB;#T0z{vXa4
z<Eb#(+<75+0#-PTib2by!A<F=vK%4hmC%yj`8>?<Cta*UoOlLXfl4)KnZ%zhR;_(f
zf*_hhj&~CFPG5oaZvV3#ONk|pUrCC52eMH7I}qLQri(#93j4*)wfjy@k$Xvw5bW26
zK*ugB_pAD_Gb8Rt+Bq+!H^nsViG#hpvEJ2AolChtLa92XG&BVgvloY;xPiD7rz?lr
zvCcY~xmOZ=I;euv+?4<NOnWlYt}+3qeaNqZ6a(u*md%mR=9^bN*V@ty$)Oixe&v=a
zedf;4{Y)%Flit|9V6s57$&>8x-a`kojali##NfZ*J$2LA8|QRf(`INLv?ONX;Lwbj
zUcL8Go{M{1KfyExz~C~Y0e)kP0QYz5AmGyX60hGLVVahBz%z!_J#MxkZ5u`!?7tE)
z4My{wqZj>>obm@*nZSVpp8)G9R1OE^D7B3IY#C7-mmFOhu^|Vn4e(&T>LS0Gse~r$
zq{Z0UDJ$>_Ok(QVgVxtI@`;7{!+LvN>EO4zn@oFC@^p&QQ){!c8fIV8i_S$@+qsAZ
z)>;QXa@>slXb9iAt@&dBZ)O08#g~xUE3BcOO*_Npr%$=^HU$#d{ar+t{=;R_^ycix
zpq7?UIQJ=wu*QpH)i8zm1gF5ReP1Ruc)J{OhA$~P;*CBmy6<t|ka9^E(%%ru4iX!2
zOEfspCM@S=KbQun8;~!}K>rjx?KF(DW(?=;Nv|z|<dsF=O8vS96WL1fZ~YppAomXV
z0*UwJ9&Ct2Gft&=<{q3q_|`xgb?ti@9<XCR8g$S!*+W+2k)#*_rZ{6AYJzO8PJz83
z1B=6ifBXK@yXSH27~5lKnDC-_NNvK6?|AKty?b+XY-U})&m8HZC+UX)?rws(hX{$@
zmm&+#ASNZQGk^4Cm^j3pg_>49=RhEf&t5MiW_cm8idrbp|Hs_s+hYTK8X1hL9N|b$
zZ&2VPhXlIo5PQt(?cYm`{-*d1pdWiCX4F!!M2xpBZ%Q7{a!ANvh`5FdwwMv_8PR94
znNIyp&wZ6B9XBLxYC05Pj<SN5M2>FqnEEjp%zvl%H#arj`)0K3!#gz8q}Recf`vWB
zqhH5gkE)U*S!+b7*YX#Z#o>0;5WPE(ULFd&aX9gjw?hqg{U-_CzqXQw&n#+|=@wSn
zRrV0p8$u58HpFZ_%6D~S=of#T{3T!b0y*@k#AJG#8x7Kw8Qe4fveT6)JM6i+epAB$
z-+%<yJidCf@9{F!(K@2qU9B*an|_;m0+x_ES5W@5WOk*!+;gO0wl7}Bh9um#YJcU7
zjD$f|9kia6?cW%ItfwzW0Es_xTO)dY+-A?A*ILQuE9_VafFu>Tu$E}BLKNf|LPlGb
zD~zfHZeZ74m-ySFY3|>7X%yPBK76j>DScR`qFu-N)9cRj3gj^=e8OFm-gFgvIN2wH
zszu{SA@Qk})W$!%>Z?=D^;cH4Xv*q>+fON-!IP0GqR8$?Ia2$QD3O!*BDGqi13kGh
zMmsdFpE-yn!_GNyhnl@lono6o;eXTbyvv$HGGU&b!Ox43t1pETA72h!VV&c}JIfRB
zM6&q@64i>hSahjWJW@e22aY|%>^Rm!9*Kt)BbHz&3_U8pv-&opv4wrr5oiUVYRxsL
zCE>G9jY<}BZ0+zQcR8-k(36$VFQ1TUZxQhucM6Wyv(Do<E$foEWFoTHvD-$|TDyJV
zwOLYnL*<aki+d|H+aHB1nJs`*LoAQI`|A0T>h#Gp967RpTjBxVXWCs{CKe%bqicxL
zAc<c9UyI4a0B_v$7*zA*@pc7mq=K8}0EgQoDiq0a7ku0(*1b}%?^D|(QG|)!5IZ%+
z7emcHTD(jUer!TKfFI4FIM&RG*M={{Zfgw17K>hton|vN;-NsymDIox;VaizUVVLX
zJ&A|Q%VAEti|BBdlLaoOd&#AW$n^?_ri}I4jHX5^d_KZruG<0G*rAn7XswLVWJfjq
zGB&!mq)G{t;_lny11<(dzxktnln!~=2Wkh@o)kLQow{fa-+VcQ--dTJxf3yztiNHw
zX*67lS{m>R)l=eVuy?y4T!F=zAlzW{^t+t=KZJ<k_4|Pod)lEOY=Cx#y1_;xX23>o
z9JA4k0|?iCl8D-Q-|d_u7yy7CCWUA1+ZW06SQ26r5yLSYaytbo0nPL+2efM7Zs*NV
zxQNJ+2MbZiHA|w;OG{^y`S|7TwnjWq#Zr6RI?376V>6Vc68ya6yPqOOLfo=AouRC6
z`IonV-YM9iwPXqUMm5w)m_(BjFTh$46JCjF;1?H!MUbjxl1k(7%Ax<WgBSVsj*7*P
zgh`2TIjz+S?>3Uy=v<fY1{e*Ax1{evXk0YfoZPg!N|0{dM;gNDC%g!pId1q-VrkT9
zWl#ZGF(ih$C<KtQDxY)(N<j>dUXGqt3v(0&*Z40lzY8lyH}W#2VsW>0);JH@Ou6F)
zp7zA7Vl+&&GRN~L(lf~<HvPWI+S;a+a%-QYi{Ovs7h3?x*tz*k5{FHAp!$JZ(+^qi
zjTwmuuT5R^%*HyCL+YQ&LQjgtMy<_P<Sjf?lqzmd|1uprF~C(+@=lpYB$7w1JZ%LE
zy^Bw<{<%RFzl}F|xZVr05kqZ`mS2619Fk!8vds^jip^W11vw^)anM}UUnYe&;OcD^
z$>01w^W{8NA2i7nQB0g()s>?aP&~tk=iir!*a_UqBue7;`=!0B^I1jR)X~%AYI4^+
zj1=^ic8PT!@vw@2TnD><?VuR=Q2!P>2w%rOZ~D{mHam<Ecc|||tGN<<onJDUoq+5f
zC51W`R@7G79`?xdr+il|jA#-I`E$4C<I+7Pj=!=#X;dcf?;U2x4@~=J*hFcO*4tQ3
z?NWhlb6o|UyNI!o2_=8xmxcsQ$;&wnExo%)y=5(==eu}(0wF#d%@MJs*A2+ZYJ0RD
z+Hd6tagiJNQ5Hdq;1o}i{0u?9kY!@~QGg38ZUj|eGsT_uHc7;1N|FU&t-dt3N)!@T
z8n0+2^<QLByLxKYP`{#quOB|%XAcq0(s_00k_yp01cf!8TfbLu0nGhelKXx|VGR|y
zOwsWBQWT5P!_QCL`kW7NG!<V(>J5kvu)G{S_4tjIUqYoQ4#1XsFK@2yH?bzU%V+FJ
z8xtSOUuzoC5Q6(H#2{>Mx${aiSNAoki$tu1hVUzQ&nGsPpmgKs4hVcPbR!1Ak{FcP
z+gK<u`jYxX$}rx$ecfyMLC@cB)7jZ{*<1uyv>)FlIFYd&peak0_R8i%VDb0AQ??7_
zj)j`Zy4P!ql(0cuA>_NoI&8!)evTp(obd|zUF&&9(k$#BMx0Hg+{!>${cl;1A4T|<
ztjiyz4`H+SRDOjX?jUIxVWTUL2+p7+cf>X>kPvhcmuybU0yYm#7aMmX$m6})lK;*a
zB-iG==@Do?sXH2kqQsc8Yi)P>HvAY1h>6ZAkBKU!1_ux3o@qAfA89E`7N4V?a=;qS
z!Ix7+nPIQ-Pwv_jxTk>fQuu?xnoPq2TiUo%`weG&cz>eem5|7O`j9#Ola<V+4Xr65
zE91U6=Y}UI&gszHz0@Q_t+%HEU9fBGSetHbz2h?AbQ{twnqJD3K8?{Po-aAgrr6;i
z6Rz`yJ$B*LiNJ!{qv(^~lQS)D><a0HG`R7^9U|4qaocXQ=$1Ql)ybY>%v;)8Gn}c8
zk+A+Dci)`U_N*S{;*Eab_dQg}!oHDx_2cB$g(5BVB=w=4P)?EF!ctRPGn>jrufX*n
zzV%fC@2EeZf6x4!<B2ybqG-S5`g6o<{VJbqB0po3h6x}Sb>m;1u8xmG^F%DmL*#MU
zi}>Zno!mpLCq;FeHc~id4EOJ8cVN_Bw~UY0r_Qakr!hkY7!k6fcJOA`LR^(}q*@rF
z0dy5Ozp8bc9x~!KtwS^a9}cy*7%PXWu=ZpKnN5*FJu53y<TQVQur2^OfgLZH{1XR4
z*>J3tF{N^7y<Zs(Zq)Z$8!^41=UCEdrWbt-7s;Cb3=$&2ll<M<)&KJ=BG)l%)RI|S
z2FaZAgl#nG7S6}}MA|O7UJ7IcL79O>=XeAqV06yGfVR1$2aBCClSeY$#@V`lzuH`C
zuP-&XHV-WV<a3`4m5KIijFoDMQQJIRkgSI7N-QU&2K>Y_8s)T_$YG_kFLyg-cgwz0
z&b#$gQuQ1=BJXpMWv>>h(N3RUbB9}r-$xJEpZ3RlBMq1PW1}Jmm1#lR!1YBNUwxBb
z?FIaV2u>a{$#j-lQ=Zm^DUO5ZK6#iAj+}=6S%DS887&}2Vxxs0gNkYQby(nke+4}9
zsnnEj0xkI<r{>?dtv*DDq?81b2C_F&z4h}>rWhAmP$*wa?V>909iH*ap!bjmZ`g*Q
z%cNYmevXO|lZ4W(3`aN~?W_5ctMz+nq@{#Lo5Z7G77jM=H&Cxd)_0UzQ(VVijRa_X
zvS0W6Lxo2we2)M29#@)KYNam_)9@O>qm4>^a7+MwFx3|f8?m7vSB1Rm7}l-Iy1L<`
zozAKMW7RPw%xA`kA3BqIF~xF&vpceuWHgDh=sP*E{Mpc6z3Wae!@46(P|RqR$;n$J
zt7kzi#YjC=L@UgNxzwYl{x0r;w6n_bl&q!u;g{Q#4$ajIIh5L*GZCA48(n!U3ZGo{
zc5dR!2KpLMYYgwt87EV4a#cvfV#P-FueQhHt^%Qoqh5jw9we(Wg*uvSKULov^M(lI
zSOW6$cKD?qIC6yl=>`UWY{rWZWB1&&+zuN}HK&A8>D#$h238EF(`Q`jHQ)z$epDJ>
zBiQ_LmPb2mMa~`1ikC=**&R(^HN&-l(RMH5g}4dfmTKPkoVZ<*F`fad>vC4AtQ&KB
zcVB2}LxXc@MWeaDm7NzP6m3v7%QM4U-5}-4$LPQc7+eJ`Pb|#ykm)}jSt}CucwrW}
z*qGAbI-KJL$^<{mKu~JTeO?A)UM{tC{wv<!9=jx)vy=^fs=1CYer0R155EZskkLC}
zv>YPFTn4aZ-PY?E_~+jL%bO&AI~@#(gUXOHF7}YHqyYV{BkU98qU0kKmj@5K2HgIv
z6(m%~sU%I4K@E%7#i@w>;-{IoA?#&01Gr5IX1DeSoHGp?53>z=;7wp<HKj0%2Nb&>
zfO|HMno?wsUuXy`@wW&%x7hDZgUT7g2i!f>Tk0g%GpLx6=_p5S8e~2-SWM$r=kw(<
zDYp5YjrmC;Rd;6r2f0N0`6G8qQPNgovJ2<9S8`KVgY*|oo0k_)BC9TSna7%UoM%^?
zOcCJ_;qC*nm)#frw|lmi-E$se%&*=s=tpT!xzykU{Q;UD-%vw}So00#rioDkq72^P
z)Umt{y5N?);<Q=j5++<|aTpRf%QNF`RhmQkb!2H9)NXkpV8f$(Z4mI6hif}in>9w5
z_!{W^8&2!+Ss4HH2(J!*W`A0k5;{W$UKHP-#Jxd%O~f5nU(A=oE6@A=Vd1@bMF8z5
zXrBbd(QXiVJi8PXIbTrdU!6w<I(|VL(-;RFTX0V)`S1iCi4b5L4YJ-FLp6h(Vg{K`
z$Le9d(R?)Ys8(nffy&V!Ip4=)(*DqA;o~JtwRTxGga<-aGjo=+srIBLprQJw+@GW`
z%R`F`gQf<|CJH5xUk=OQ<Pf=;o5{F5@CXm1;s&HB|NURXEj_|d#9R5QCU4?NpgPkv
z>SBDwA3FG08g1W{DRAxGONY)n2$MTD_wVc&xv>--F&kmAl<QTRJpSCtoh~_G71B-X
zX!c9fvjK?3jfk(PYh?~tPgbkzq915fsr_cp+=}8YkWdpxem@g9bU(;HV`z2`c4yT3
zST@zp`w@_ImF4Zf&~O$HxM4Syl7jY=N4~m=Y)nCtm=qYSswNtp&HSdW=QKzuJJ}^A
zLSRBJNNKr;<>!jDSV8r-&r=}vjiBl0F+9vL*xLiA8uYGOyFc~|x^T@eS23~&TG7NU
zUH0u-?dl+cp^FLsVc%a8lq;z(bEw2F&!D;0L?{SGE3K&XkoPjvL9;zmb4v8`QW^FY
z{Bj<3akm-*#<zSDf8o%zJUicA+45y(Izxv#8S6A2cYLB$_uoVhA3IUb)B{_bbS<gq
zhMRAHyCeZKO1<qja6vI{qhM!wi4an;snYjYX|D}4k&;sabK$kLSk^MdWY_)oJh%Ke
zs)4JyKRkc=nX#&oYZ$b;(%tw%0uS<gMLeHG@Mo$oMeS%-bNt-}TqUZeB)fJ*ttEE+
z9G0J`4)Q130LVzmm`Q7=dlI&9rmMs25C2~J4m}w`-n{KM5olv#c2Uk-fP(99k0KHr
zOBXk#j(UWKyw~@WgI#^T3*T}gWyeqCSJyubnPFyIW3`sDV`^Th3)*hX-~**qgCBAq
z<DUD1#YQpo|7WdZOkh5pGM(@w<Iw8|6gDinr{vViU?f5p`)xvhNi}^;O$-7LpfI5y
z)9H?n`WY)2>mPS&`ZIAcK8pEw5y6_zj%Q2&#uE<jjw#3=Ij8jAd`tI-4Cq-b3+qm%
zY_#WHtKIEqk?Z*ky3qugnn-zIE8n-1KAX)GKb>juDk&U=@f`?Ppj+thz$WU@V@Ch>
zR&$sn%BYdjDqfV$l@&5~MO;0db_d&cP+t<^sw{!@fm-B1Yg*B|44FG7A#bHmS^R8L
zE}uzZ-N#{Aw!rTSsq}j3!4E05I15Nf%8fqdp*xwThs~2qi$+VOLr;qLYS(vn&yHqN
z4V^dp&spEEky0a&{32hv2_S7Z>B@y%)6Q4Aes#5iMugk?Q(>sVA3J`4AIBS`lIaC0
zn9By>{1=zk1zgGjqVabnG0HMir^pG-wN+#LnzQL=chRTvth(F3W_Fr%>?M9yzVC2&
z|K&5Niz;vQP!kZNmuiO4s=@XlT#BLxLA0Y+8~9ra=6#c_5-wD8HS>OK!!cOY{Riz!
zVA*ATgVg!5n7c+cBrP)4+w%{mhimwMiUXx>LFnYH`PH@p2+>Ugjb01kTEiYBRhp^D
zI(7Fc=itm&hto4xm4Nq*#L+%|dpe{1)$i0k!W!l_CpoIfZcc;W=x*px9>m2A>@-vy
z!TYwhm+_gflLkd<IeCZL25%@&8X$UQ@J>W~_Y+!S-uG*F)xaaQ@7LNdDx=02+!7Gj
z_dw()*0p3sWtb0i2_Ki3TYFxEcFX^0h3b)hHkeq6sVn09?eAVKvEvr-gYh=3OI%QT
zE)kJB<11S9Duseb)<{$y7&|Q4b{(|AoG=!S?N+cgdOsbAk+)SH-72)-5^wJ3uc(_z
zrP-qBu@JtMe}?U!bd`PA&GXS!<ncUTG<CABSSR<+Wnu9;C}7lVo=0OaP959&iee@o
zBff3-3<r<s@n3WCI7|e+H#P+v<+4FAIc;~kGE~ST7&jvCvq;bzWNNWz8El1FUi%J{
z{e5nndJv~Ihp6-#?_W>$6VyDho;WcO^toV8s=f23;`#gc>yT6wKv2>P28SvzO_h@0
z=UsDon2hSqO4EM~k4QXtVO=+#RkPoM3sBLlXC2LQ+Rg-y$9LVeb#kPQE;SQ|ZtUwv
zT{F`8w69iHlNzD#uZXpZG)@FT((zs$SFTGGc`MQezlsFSm;|I!e3rY8=A727fd%no
z@gb&K3Zu_BUj6<!wF1T42KpCEhYWbx;X;%(nI~BN20d1$nt5M@2=a*|GeidCC5LWA
zrMQSj)A{y9_PnTYJF7L-C&a)vd}JH~<kl(y9Srb--zbFg-S%|vR^Dtrqz!$*<+1zP
zCmTN^6s9dqA(7EhmX#shkaI#h(R%O%<yHej8$XBKZN3yDzAwF03>}yc-16mme0Vy6
z?T262uX$1xbEQPNKWlm<s(#%MIsTO0O#uY1rn3NG?}vQt-V%d3c9EBcnBK5n>@@R@
z&~;ZP@8a54nsB`>T9et#hO2?9d2F~))Z}5?;zt@cMHfiNTV}vNBeMp?IB_MrjJ>==
z9u|<C-~PGAD$g*sF7Im3bOZO2LpqWM2KYkH?`py!t^?f58W{4Iwk5ksKSbUW)DY`*
zD_n6|$K!RA$_mR%w0?zNo&D7w-QQO#=4Akw7y`2zUF%g|{=@!g{^;{iB8qw(zWOcm
z;df%wNIM`UGn>iFsXU!0bR;7+srSU|DmviNZKb{Iq)KeGpRMc5_iG-t?rQFjZf>vb
zJ;@IQo@9Nt!GYLl4Xj1+Xft_oWg?|{SLp|;MdUcpoOGBlSz{x6r^J*^TmpWabbJzP
z&)Q(~-6x|8`jRgkdR!|^VE@<ErsQtftSO`^jNJxcYvf$*CkGQ7I6p$nT2XG{5a;AR
zdFCQ+RPA#q-Oc0IV~gG|DN+SFxZEzA?VcQPmvStxjgaAs@_$1@nd#Z>h_$7`gM1=s
z2NoMrBZMhV+XMj|TBHl1AL^KgOoiE52uCxo3^(!q>)15{QeU5i{EVWM(BG2~2upH>
zzx5(HW!jH2jd{zD%zoPv-vVN^l+4n7<uh=9NX>7?^y!y_VV|~5StHd6g%kPiM3T`o
zUIWCs>*DlO&e83d8>SZO&~ePt@Z!e_@@`LIo+>q2lqgI&qV?RW;vHw^WZwh*1*mmq
zZiLyESd9#X5Q;VGR)63AG1R<Y$*D76l`g!BhxpZ#grcI6;fN%N9Ubq;_F%q}A+b%+
zRzk)BaE1u^Nz}tynsZ&}oHBo#ro0}^%$?qi18W|R`l1k_|2vfV;S%ozKs9e~vJPJx
zrH=5NXj_6Hh?ABezQxqIXT|DBedtE6s)3i9O^cbJ=7(Rq7))REJiZr(e<Cmv31hqF
zqni+Yb@ST?_9;kUA;lvFXnB3)TrEoO-#jt&F8PgD!p%cUFo3(>kY}y$BKz|gzUOjv
zX?GZMrERr_^gZ)|!3l+U<R@N9eQE}MNd-|J0oga?n-*4q!0#p&MG#K7Lg;bgF$;ka
zKHxGWEyT>Cdc(Xfbn4_i*M?UOPPrdTGA7{{KK0wqbJbYv_~_)(7@VJRaf5VtZ>D@d
z4C$@-eZ2ZmTB=P(=EKxI?I(A<FOC-wyr9n^OAf+VB~^?_RvimVGnVX$wkA~NgE-Bi
zj9(Sk6=aXI|J0MT;O{7EcxN37RM@&|<7MI*-~Ac<-Nnn2R0vblK7)ni@S$G9W>BK>
zgY=+_N8xgnbX>Hk0?H|e{1xOeq$;;TX5nqaMO_Izr$jCHQl*qC$3+T9abY#rt!#H&
z@P0%TImtMq-hAJ9@H=|Td=ojJhP9J5mCH7a+y70lTT2aZx(S6E*k|bT{@E)k;cD7Y
zdZROr>+C2bQ^1s6mXPSwQ6Lr3(+`D{$Gby}j*#GO0~)$5`j;-)Mq>RmqJ||dlEyhm
zksv=4nPnh#)9NnL(@-YLQMe$PRhnN&uR3Z}w=-t+og~BHp87Yxui+btG%MS|-u=yn
zo4bFzhMfATCQyJ5#4Mo!qzC^8zd%60Wu%g!M@rd*qHEQVvQMp7+PWxZdSFn@tebOU
z0T7yb{;hBMA`9dN!$F0a9uirXE9m0*KKrJ9+>@$a_I5=n$4c9LPqv2h0dkoYpMx%g
zW^<#=-vD${IVG=n=#uVvhV-RhExq8=&i^|zP;zguj#v-p4)2X?OMXJDxe6KkmkI#Q
z{*ry!<{i(;C`Wz!T3V`cC0LDlyxdSZ<&og27)|S!N13N9001BWNkl<ZgA?XGWLs>$
z<^f>PBQejDX#g-Pb^4kOqu$S<8G>WVKIb5EDOy)AYhG$?ef|2GU-gG{lq<^t03K%P
z*Y!svz3%*vD+<3j3~Jl|cUmhwR-)g6VE5~|xTuu)JT4L%hTJ|V6-CX3o<@GsucFu;
z4D|ilzHISS8V^%813O`WBia?;m3U~|Wy=1pr`;IPi=$T>UdZ50hs<3mPU89TEGn$1
zD;1|JS~G3|W{TkrZ)Ur0y%>|IqHp<J%$ppi00%TaFpBX%8JLt`ug{?OSx!Lgwa%c-
za~=USGUUNIPmj5<Auuw<Be(jqU#fD8I-mAT=}W)r3<5sxUg_c*C}}(+b1qO%K6m>p
z!H}()G;lDKJf)D{{lM;UO<$oC2DZt@&<$sXlGa_WTxY%xomnJ6jsHu3Lzi`x*uS%j
zoXaHv*xPS?k2xTdRfcIW$N5Yt$FXnor*CcOeNpdCZMl5o`ogdHTpeXv4gl~lO24k(
zC+Q8<K+`**huX%46xYlsx84wE#PxAtPEnljV5zhneW%yD?7xfggV#Ru_@fL;Sk=IA
zp}V0A&nCP!L+69hq;jRg4KJd|4svg+(hDhv(YSF8zyJ@5<3eR#JmdgV1R3aKws|wY
z4wA@}#Al})O2e3d1>QTer`eanj5sg>5aT$z2b&5Q*Sfcx;gGGpmlt+;m7ti-kmNiy
z@I%=#B$V_wa|5*3$2R5jy9(GkZDEV2eYo^xUwJnEl62Qy(no)+8PjE#WnnbhPI-6C
zgKUEV#bKUtoe)^8`!mP_<QWhK28R3Mc^L1R7w>rm@te+tGb=MzXEts=4l(vjtPI*d
z6Iv(F^S(GBPf$Ghezuk|huQ{GTI**J5I|tPSk#yATwnN=FVRtkasYsbDE+!VThe#v
zyi)crsJuCWNjHZANl%vN{%c=I?p3UtH$5Z(X@3qCZPsav&KEMh_3*fYvQMNhRa#Z5
z#(~Ctsn=6cQU=8v-rAP=4t=Ei{Y{3Y&t`-qYd_k-nC(o7q+vI?N!quX!EnwJl$aAy
z=ySV{<G14Z#jD-g>aWvHxmfa5$_I0h^2q<qFg3`9Ml8qRgzHod=Ro<hZqAua{^eyc
zWF9u-ap`ZiB>0&WvLNa0wzJXyvtO|r|0ws~SI3b3DY79@!&)MJP8MlklR_qaG>rN8
zy4Oj0B+KIJxR1FH8B=ey?n1@ec&9hLtq<S6S^7^|;WM&?g9nfKnK>2Vj7)ULFt5;_
z*_i>Huc<>*AnKdETf5vCfT+8vopV|)Bz^b#8882xI!Y-A0C<qnuj?};y-j^N?G$L+
z7ojVbP#(F!wuKsdkrUm*yT}+T?jxO=Mgohy#0f)z(}=l}G9^Ud!Q6ptAM2WVv{>|f
zZ7Ac0@m#(TB-)hm%8oulN#u4R7*F>&X4G)@xv6YlbPubyJxjYV7<g9XGte*$TggJP
zVmw2pF`iVmWPyh9f(*E4y{&r)L^8#!U4af;zRa+tEVh0P?+=hY2lJ{>{%k|Y>WXs>
z=&8jV%9r|RZ%@|w5WmaZ1|WOdGppy%^6|e3&55~gvh0`x3BG!j4bPyMF=aFMCFU&W
zZ~)(o-&<YX<_q7F=_O_3Np@R18M4afOxm6G5x^O1K@d@Z+%^sb(ger*!=O9(Y=TnN
z^_T$3Kv?Pjxt+bA)cc~AVDb#Idal3aF17U?>t}xT^G8A6x#a)=SCoETpRB&TL(&r}
zn%zqLUyK3_I1N~OrZA{+o_lye-4{9jFDMxc**%6dt`i`@wlnU_eYdSE-ycAr5YLV4
zV+&i*#KmC4yFK4%lBMxN#xIL2+d^ZvUFHk6>UjvlDQ=JP`rn03L4WDJX0~&y@^he7
zDEeNXllRj5(q4zNF#)v5sIZOQ<{A}n_G4z$QJhj{JF*V|2M#dvddwwK$_e(G$)c+o
zA;>zJBVqikpK8+6pMJIRm!x0&>!c^$y|v3gQW-bOEDZMc!<-Dc46$~Yyvc9{*JJ^O
z7<&)v6uF{3`xhD*8E5}IOc>7yU_R3!949g}<<K9rV_Em@c**E(V^bU<X_&h-?%nE)
z>$#TG;n{&!FMtJdX=Gco?k8zI{m}ZEU;SG~LEo9>005KHuj>;e{h*{Lo<C^&M9lx;
zK^Lk%lnJxEVc=)mnetCpa#v*U5`nw2$~sM%F;1L}!UPx$^zl-kSFT^oql;(5BMO;h
z`{0G-R>5VLp~s(x{#f66Vp+&3<QVeEz0bx*FoeJ}56&O%^<_P$-4Huq8-NP?c~Su!
zGtfesJ?BY>j9RUucup|<>3zX_<MonlH^tZt<Dvb!+1zjtGbAA5nw)<DQkg{$8Rq?9
zHPR5Yz0K<9t$q(?{3WS1>DS+PzMd3(v@K-o>oDl(Qr8An3-bm*zFvS)GvIr=QS0Sg
z8W<`AdLjR|no-?A2f^WN$3x1U`3NyT3{Yho2z<~V*A1MX{5}~P0&CMtec8_2!1|(G
zQ@)$bjREZI#pdzv&+fVXb=mt}b?;Nu+Yhh5^DiH-64n6#hSIO=xsv{tdV6w>@6t%M
zeSwxkEG|{{&X&yP4h6!+-6xB0f|!H0buXY8&26%W63WCiQzq#RMKx4pu~=d+FAO1>
zgHAcXP}3`S&oLF}X{RL1_Nz@s+)d!hkqV245)q)$(~<ThG54%5c|XA&`qQZd<70TH
z#ba;#e8_8|IEyEV{^c1CkaIj=ss{-T0FCYKyA0C{he2gw27Unw+Cva!?pxhqPzo@H
z(RW708Jf0&*?_T1rUu3%Ws0$W`qR%_{T|HtN4fX8=X>*5;2V40GnR;kh_QKYYfI1o
z<5uWu7*&o}gv|211sdl|4Ph3p3vLU|`&Er4OJNUqjm^&-TL<2%>vK5w0O6?u-eO!i
z=WP6?ajut88rS76hu+&3=RYU@_1@Il<(349XF1asvN?z6o~qXW&iWZI{}|oj<p2OE
z{konl>0OeZdj0@Pfv?`>V)M7TWy}r}nqF}#Gb)at&NjnER3G(nfja%@i!&A#j|-09
z#WSGSjJRi(wkv7Y@8OUVs<8Xr5Rjsz7hSw;c;npn>-2HT%$`XD+m~%mF|Nsw0}UlS
zmZbb|?B5YQ6krsf1;8(5-s-jGnUELz6Lm_UQlY$q_26|b?|3FbO?)q5UNn;*3~UL_
z5X?q@LP>}5LR-pv>$S@?+w9{7P~iru^mDuJo@YF?=g)HQbGLe8{E(RF%v#LzT(3**
zZ*HTEH4`$&S}H~zYch|?ULf}v>qy3RYQEcVlM~O~2sxMIlTl{OUerxzhu0QBkI%~-
z?K{XWa>g9-5C-)RuZ?~sLq)K>sx6o4_4n=C-j{PCAOQ?n+IVi{Tb<YJhpV@Dt-tdX
z4|5XTp5*`lTj|&J6rE}Rk2rq<1C+lfsD7O(e)sx%RXU#Ko=UGlDQ||b(4a6xMd7G=
z1krv!Prm?&jyf$?N2={~W0yq=i~WKZoc&y?9H=A<gRqtGaOp`C$k4-00|LXt-4#?S
z-2NEyAT3CMMusE7h$UJIKWQkU`d&jJJVLf8KCmDhcQ=eYyTQRm-cLEea}{JK$}YUe
z%e}6kqf_=6AIdWG7COcjb1Q+2aKKc|+ct(WI93j5JxoTx<Xin7PI>0Dq^I43KB|sg
z$cOYiLA$dQk_I*|=T(Gm0K(%t=E{UjbKaY=o-siL;PjGX9E-7zwoFQbT(%kg5Y|`$
zJJC;LL1OMR92IM+=q)%;&RTeAtIRDhA5yXajpHKitR;aA*AC~~d5nLpdixver@!in
zb3xty<p2PZ`gL8C^fpP)!>9NY-kbzQx&0ImwC|H!ToAU9&J|Sy(V&=vhNr@jMnl1q
z<{T6h4>K0?R=;}=1F#^|5z2hxai(FgezkQspkxoEs_<w3M_Ddwf}kV%^g>8yZ|y0G
zRv0I?hn^M{kbAx*eh&bVAQ4_SWs&h>$c61mqudQpwTUsOv4N7$dI3n1v9jy<jL0uw
z|6<oeF?t;af@2A}tz?>_%@=qk=1vJA^!=Wkzil2zUze-5`aPWT@xM{IrX0K!4>i_@
zsYcS%QXT*J-T_=+?36|WdNhDTy}TAcVSnJ*Cf_C+Zy+t8XJTk`jG-$U+8uQh#E_{8
zhlTRY^%ZS`K1tvcV07KtE(v<ebnE8nCj(GItgDSduQKHtO`Wz#(kH5|-?@JJtL{i!
zct>`crC(Q*^j9Rk@ce-zQ}-0M(y(aKi;jhBaj}NQHlTeh$XG;NC^QnX`^wwXfad8j
z(Kt}47dm@YQBcJT2AX%d&@(UIA`Xp7FOVJ}Ku*ehQ34=(&beqAI%&I+EZ|GK5{zef
zT$4(m03dws8QDqU;`4~*rs4uHAS>duCck&3PUXlkAApy6fF&langcP!bpe8+l#?PC
zlXp`|?ptnDHjJ#zl?7u;89Eyi*ZDTrwr<(}U-f|*f9ZT40A&!r3v;nnV4TgzxW;`Y
zbbxUv3`)b=Ss-`LKY~WAm8-Uoa&6KBFKc&!tgQ_a<|Ef1^~YrHW*&-xZjN1HLtA|w
z*{4Ca3+~%~6C7H&Aie)&<fH;L2%tPcdCs7Ij@tS)x&zA{4*(?nSxKKirD_LyGZZYd
zQK7K8U`T<+et9m);+@fOo04)sGAJYAnOl4EGkQ>b=Q*zz+G+}n#SKcK^8qxn&GZJ5
z;5KV__VF~Kf0zB0tqma!8pSqII4s;%z)%dYElhxc1oqY0fNW>m@AdEaEY_dbq3xbk
zEqg}RNdp8%gM}c8^%fcTn(#OD3o@W_Y!ffNursTj5y8?%IfR^A-*R9Aj4jyb|8#x8
z<=*E?+LS-H;+1WAZI@#iON^V(-yF9S?jb;+9xy{p1Lok?!AaD`Yf|T6yvS~qkP!`^
z&ELjrRi8V3l{G*|$U#Er2TVlULK9?(1_sdd1=u*A?|<Isf7Ss#fxd%J%;Dl}2-icN
zp>x*LpIJZc)nBALtlZH6pkLSLNqS|akmAdj<R?u0_#X=?7XpxcED~;WiiPP&`uwo{
z`5vR3d0A6B5#A$}NqUid@sBHQD6uOItZEWdTwf?m>k}D@2no>3BSWx1OvM1x@D}y~
zN|efApy~-A!bm!}fkMlJTeg0aqAYRQUbl&5dxIHi^;uNbQ5R*)xG=}o0iW+IN!hD{
zmA>qT)PJ&XF{dW;ZWhuhUL3~A+s`(Yd4%WD5V<Exdj1(td;eqpv-0F8OCR~GRmLNZ
z<1NfgQ&|&5X6ycw>;G~ecY>{{p~L@$<%zxr&Az?NhiicIo#Q=oR1#PNBxFd@fN!>o
zdQAH~<H>yf)=3tQUD<=LU5D~H%%SP6<jnNcE9d*qG5=-zo8SU{XZVbu$l0!NG^9G$
z&&<T@*H3@t@75hu?pOfOuj>VpzI{6B2hWsL7GL!$C@d)dpt-oOn$K`=+v8F+s*G)M
zA(jQjd*MNNUl@~*@8X>U^jPBA?wuA-uGh27lLf&wJXy{ce2Ld>GH}^u8!yq8Sik@{
z#Q>UDBkfAMyxtTtVjGtC)&9qI`9h*?+%B)}^nbT@NTV$HU1UsOUYjf0=tqfbQeGGr
zf<w~i3@P#X+{TvMEzRhroOkbQ+K+DSiISk#!E38yJOgwwKU+U1{5{;Qeh;VI`x|$o
z89>I_vzTu~=r3f@Fpuo-Xg}lrId<_so>T6_^D-9$z_g4x)@w<WHLw}r*x%!jV>(&m
zY$w^uDKLW0NXE?Ck&csr7ADCOJa4kvjeb{a=btjKOP}co8R&ArTpYL1Yp0O;BDJ@!
zpZ4nCtUILKkpQ4y*T+iQPWgk;<!d}+(&BZKWkJ)EivKy;Xc!}to|CUEEGUUSnYfui
zc$MK|T+P0VI-;#qDrp!AI+k5&(7P+FK(ApCCMx<n0%&YmM<{)IK^}jNb{0Tn-Xdw$
z^gue~I*|oEr@|O4_4#>EjL-I*NX{(sB%^^jRSYJ9Wz2<jr&$w7#&b@1cH8eygTj{&
z_3;@o7V9#$H32KeIDl)B8w_8DbT0550E^alfD!iuU~{lQB~A}5<obbR`#)5<?>@8-
zMq|aC2ptexN6El&ol0l<yUg;e0F6m`K9_y24Tn)hy<xmN<QyRfK{rV`_6uG(mAWLr
zrah;`)6vIB_zS>V7!X@81+ey=NpmKzV@?jTI6wbv@b|D??)~5DXt7Otrt4B>&{ZL$
z+?fzEf$rVUU$|RpKd^rKt3GmG`R!HiH~`QeSe`EFht%77uRr&hN1362SF(dL*RD`W
z@$!Fy3y*&lWx(&Yi648ni&3l#r|esoOp(Jw$$GZ<7ronfUfEac&y|Xo!G0~INFm?!
zST^tG@|wm|{6fB`+IN=;7j>ZlqqxT!%86bU*&e|lL9xbn3);Ed!1hW5jZ6w1!V$|Z
zhXI^SfJlH%f{DR!(GbI^`}y)7@)6n*pZPqbmq_o5awM3{*W;p34F9<IS$4djTwXjn
z#$S>??$=9qA-VBN0N8f<)AJ@%5Pi)27B~#?Ip=e*Zv?6F+>lFQjG`TowI|*MKpa3+
zxAtlWBROZVZupzwi{gw-=1Q(V$Ta#(hOdk<bWG|SfQq<kYXgBmj8TtW2V__|4rS*B
zLbjg2RM;t&{w%GhA6$ROYd%!BdAXwiK)<eQYU}q(`sn=7W9{)b4dVGj`(FDZ;ev|^
zI0Y6RKVftchvI(R*aAl-Szcv}x}%M8vfa$PErNhS;me4MO!|0zw5e=Kr1!15pk@j-
zWa(Z<hDH#xq!&%E-S_Jk5F${hSo~$LJAuV^|19*8bwk;ey~aXP6qDi%l!P*L<;p(L
zBT5hK#+cMaqq7eXezxaD;%Q-=ppa)kF6)AkN@Fntl~S3T>?^6-sMEI#79hRV`%q{5
ze=z0RHR)qMuF8R4Ve#~%uP{=5+56;kp8Ng__&Zet=WCK4dNG&)p)ohgiI4%X47@u~
zps^jo0NTfRn3G&n2L6*hYI{41a};%LpfG+yH|9x`OTEWR^V1GfMrd2npWEj=04?-t
z$f@jp;fau7YtHStPrd!M^;2K#i|w{5cN73nZ?9EvpM3rYh*mNL3L{Go`&>sgu=Ggd
zd;ae%!R56pC;YDDRgFxc$fE6`q}Lr#P>IpF6xtn1jYvKf2Msmb*s*B4eP@PvU=E;c
znEb{*GQ2?4&$<XgnAILY$yu7kPABVaU+6SElmYWMQZ8UK*e{M(p->%gwaMSxvl;t$
zhT`%G*8f>OQ5VL{LFgso)aCi~cB4+n-1p2UeLIQk`g)?5$$Qv-H!u(9Z2u3o#Or}0
zp|ym%1bJgzi#NO0&jJ)mdp+4#Gm3dXjXN1Kf@y#bo+shs9Bm!?0K;EGNi3NAF=rAC
z0yLCoh5j&xp{#iW8PYxv%b6K`hPF5Q?ejC<@K@SHeZjubQ7YcODmdUFRb*pA|5ecR
zVzvG<-NxmP0Ra8Fe!p7(;(ZeJeQ}i-tCYr$KtNJbO7w=DqN9g;xhYT@zAR9f^!@|!
zb8$*Ynt}3-|DDbz1y4mhWbJETESdP!Yg}{i8euGEp6GhoPd^)86)ZC%Pz339OuUQ%
zz)*GuBv_bdQ9K7KE+}88dW)Av#snZ@$_g#@hlaNp@n!cIi|4tZT`}g9Hiz=0QI9xr
z@m~8b=alK@l@?>(Fn@i%;@R0>TwCT`tL=-iqY>fUUQh4e+5R6)x$i!-t4~0ks^O4q
zYz%}EG_sxq2zE-PuZN87Z?tyi0rdS%p`LG(hw*H6lx@kXYd+Rdjt~1x01*Izb4mN>
zSr3jnrvV@GJhX#oIspI^o$CjzN6)tGvTw8V11M`6^!Pk?^st>Ud1XALef*0~`HSnP
zzV;=$P0Jkt0Qz-3PtqF)+Doc*St?s8mEiyiw!dkFJkA}Tr($3Bd-+a*qTqpG^Cdn|
z;As>rqn8WCk#_=|X6*~(49{#ujzKZb+x2Civ-WGF-stBN3JQS8!vsYs(dffayV2|z
z4`)W4n&lYe-&7duc+GGv<Q_6`Z@N&mR5T{1_?$-`m$t<7%wx%W*V^~e--gf(#wiUf
zWEbtevX6cL%(qS@%VOh@`4KiRa$Gp3A?IFY_x_&k|G|{!JV(0w$q#ZttOXc3NmIiZ
za=5&}nqBMnH2gC_A!&NZm4m6vi|SxRTb%7H$L3;v4Bq_qH+Ql)vr{tYHzy^X0H62k
zUQgUl2Y>)@1Lm#u^!U4lhg!~$4HS5;1^+ILB^`=rBlVE!_|$QbHP^(s{_j{n_5R!P
z#X+|{0O;5CVUpgi-tcPQ#geyZT<PhW5%kFtB|SvhHAaDzg$-}qCtYL`hw%?4A=*(U
zvCNP*O#Zf`;1UDJeXf);dlwXPf)Fz#p<I|T%`E7m{6n4qA(z*xd`Zudbx9eUkx%wU
zmF{;rmo~tgp>Z9&=d7$M55^Md!4yN-MrG2QYLc9_Guj$s$T%r!S~3<%Sq2DQccn{K
zA-(ofecr4MjAwgDf~9S-+>Ey(-y-GG_i@Xg@P0SBJnh3j@Z)_ykkXoT@4Z`_-4N42
z<_(i;1S7hYI8&eiN*X`NW(q*Do}%!ai4)!)D8Z<0?aSRtVDHFY76S`?mGcGqj%<!5
z^Evx`F}ArdJLoS#BXXD;>T9j1r=N*_9s=Wwrn21}FO6;ApRo6Z4hr>J%+dN%w-1%{
z_VrWmzgxFixvc>}zph2ncdECK-VNBM$cjRv@!WpXVDlcQM&r8hs8iX7qJWWgFQ_kj
zERseh>W#_B#5z8cC_iaoTcqiIV(U*)Xz>21oZORSKiu<;%=mKRo*B`&mL5wa;ZSJ~
ziie=4p&hJWD$2Vk*{!X7&1wQ2JTDAic<GVAL>bYr#XXEKvaM;Dac|BM%F(?RfUlH8
z>1b8_#rs=!rCR`B-|r=`<@4CTV%*FqPC@V{-(<3E9#BpUAv{{y{ts2|yLWG&1i;fr
zqcB_33Fi79IxAiy=d7wh^_P1^VGd7}l7})&{6w3|7Ub<2%-(0%&=ZvTT;}<Bdy+Ba
zI@Dfg01;lFG9@#yeLb*lJ0nm)>s0pvWcZqInD41q5e}T`vl3!x8k~*3+^4?0as8C9
z^#yrLm)jZuNcxNF%}#cLN6VN{pDb8TB&jOR;(7I5Avk@W28VPS6n~yXHbK&nai7#L
zJqky?Xpgij<Gk0}A=SjJA#rDGAL;0h#a1Xe8XXv>0#sye4%x%wpn(W4g@%|kqbDNy
zK72l-btqnwTRi*nV&BT<UUGxs&IGH~aw^c)-t6_Lz2*)Oh=t)yCDaj80x;kh&~u$p
z&U~3shL|Y#wy`e+rUXwoq=jRV&*Aei{%lMBZngfn=IKv=Y(0OL`|h)Oig4JF`(S{F
zED((>cUdHu4&#kHkK&PYE-Z+dW6iBgtux!gHG$$_>#AIi^nw9WCCtON%cJP0w)e@w
zY3M<+m(*41_%NKf%eQyaO(}<ot|kDcd<v_Bv1)d>6ZK7b-^uoQVTcp3eV*F-C*}gZ
zHOp-a0Qz<PE=ezw1jW|tWORiUv}Tz|v0#a?+rHnOhNu`>Gj{aEQV~Fj3?QKI6EEsW
zn%dgJlAZ_*ds#Tz6&Z64@)>BaFZy^U4<jjFXg38$a6wN3i`vH`uUU3_GQ9FsvhLL^
z``^xTv=z$MWI%x6hd{9%jGI!nMc%3m0_Q+_j2h=vz5ohJD4&bp-Y3a&MV6g`@wuK#
z9OLD5{lEmlLyUffV(06Z<N0x2VGOu_(4R;8gunN<JpJj?hd-nCG3W8t2aaii(Y~`d
zECXvI?elT_n?R^f<de6Baoq~*O<*<yvY4NtHyFyH!HYZ{de3F7nE$b;o(Zze?efa!
z3DBV9v9+P+`rP$J@5{~va2@cJQ8)I5g^KxmGP#<*DNYph*({$zLdXO<N|O5Nwd<$6
z?myRUQf^BC(68&GC4HBAYsEvMmlUN?$}J~m$#xB3AVER5ed1+ZM7;Klyf(bLi5C^u
zW=9r$k87O<W7{99PJTxt!~M$9zx-|9M@eL)5uN~uLZ=y6*&AdF62K=6?(mWv?Xn-@
zgfOIm{%3}p_juTXUc}&e1Sl|egdn1IQzFgkMB7t=`m?rcOX!I8Bd#9og9FJ_s(2p)
z4VEi*2byIbun<fxR+m)fi?joy+~@y6yx8ZFDEEE*`FAjEd<8MzZC|MUW;r5egkwEO
zmJ}EU3?Vx14)EL%uIpqa0vI?54Ws9}VA(=!+gytfUCa|E|8WgdSB9>cg&;4t5L$rF
z%v&O0R?)k0s826>IRudgPN&qrMxDgD>A;(Sj(TAha$!h-OdscVTTfDd+xp30_p5Xp
zl-mvf^y_+(di!2UAGTA~+XBf27?ai#W8&{}R4SFeb|agMgo$gYi=hDbqPak3ab^b)
zT+Ai5+v@Y2;ow>4T+mJ>azPdLz|eGh+C<8ykva|egktj0iH8TsatwwU<5c?GYMmY{
zWINdY1SLyV=*7Ts%sYPgJ;ux#lvJpEZi75I*UZy2uPNtkDUf6K^`tW2=>hg8E$>qS
zLi7}UOzE*Y0EoVMoPXlomFuO=^Z%;H&+})w@43phCc6}&7@Nz|K6VS{U^#seh9<`W
zGRgX4?Ln?-XuHPsfqTk&is#wdWZ~|DNY-TNF6#ntEOB%iQZu@74aeRLa-8MA>!tJO
zZDRxSlt0cz>ef7e!wfwcF4twwppi+vl2w?<u=J}{Ff2Vot$)w@DPQ{p-Qwl80{~i2
z_p9~aIHk$T;tWq53zY_t6c#6>qyLiB;|89dKD|7zOM9JMY~?x2j#~4%SXg|yMxMTP
z8f8%G4CQ8F0`@t|u&}nz^85fA>|FZr001BWNkl<Z3IHGX1fz}>3XF=Uc)sX&86PVt
z>xq#n?@3T)a#Gnh!~n_Yz!M=rV;F|dDiou6+1#<fwhZ6^eTugj79|Q9^1eKx813eJ
zEc!_WB)L~fCV<M*Dg7{%vwRPZo450^IOOO3Dfj*cX+h{M+J6c9ok@5xw=M}rrKIKK
zGY7T4o~~qQFrK`2x_%`&czH0&JLW2NjspkJxYuO8bDgpdf(0;IjXGniXQ%wzzTZE=
zqf~SmK@c6K1Z)OMd=3&QFkgrDML&wOXJZ(p=)nHlr1sUi#mj940Qz;kRLkWT)`65M
zZ!EH+thT`|+42h}BNihOZ7KjWKAE_}MdA}4ZAq#LlQ<0$jA<%eJFJI`{&ZunCq3L{
z|A}^xZlm`ReJ5SUErC=#u6$Uh%SF-<ht57QUfC@9sX;#USm7}Y^mDV{TOpF?mc^Mu
zr)QMowN@DsC<UP4n8ZBr?CR*Zw~OQCz{eBKoSvS|cc)^{4c*4`vdWWvPCA!B7GvTe
z1Tq&w8`tG*^dHZd|E%17xAdG}V`JR+6BKET$&942i+R4yTY@b~`yn(mByE3Afb=*T
zw*ct4b`m<{x+;H9jA)d>5ZjuN_BJw!xSX0PlZWdajD26!6TF_~mM`=nn-*<h@@oK=
z0({!e%J_jm(RPA~7}H=)rFzQYjGZA{mU{Ly&imArizI#N`pIASX=8(KopRd%fc`*x
zmiqFh^M7V^gh^2pB^MSF>m22_zAxw)e1BO^dG1>4%SqQUxnTq%QO!dRG$0NX2G316
zti`-^4}(x9X?SBh6BZgh6Myw@9)1E)KniV0x?_J#X3grLQX}OW#wr;X^G^1ER173#
zTD(<&vTUO(-KIKk3@EJ}U)2OEwyhX*fRmEYx5+u*b_N+mdkf0}Kv=>SydH8d=PYPf
zaL!=G9Q9<s!bDKUFg^(&HaR@wp2siS|Dno#_nm*2b+)RoM0^!>&eIc&1LkT0=$Pke
zG@*}@d0OhpnRF6{#5&B$vX*<jrmg!ag3chsp;7rlE9jOe2@1EqmE*D3T_5D3U#NR~
zezX3z1Pz#<g*DsiF5wV>^W1GgAgg^`5|DP)*MD!aTJ5=BO8ZpVG<O(x5Y?pi=Jk_b
z|J1R<Tcg|-0H9yjqSn7n(mlnv)6*>Uu1^FQAPEarHOVUKO>{{_9TP2-0}Kwc<`)=Q
z8nH6Tub|^34fzRtA9(>Zwy@|?cz+WO3yDTR&MQtKOYfA5KNMsr6{2SCijfQojVV7%
zMF{y9$}|j2ymV!qD=`{AG8vRjvJhDKj7yT)NN|PFMJlTmecI%iN-St*CMP)<1$ZKm
zqBow5NZSoY$jup;>|;E0dq(Du5S*C@#5#&hCxEJWQyuN!48&8Pb@O@tEYJOTtU-Vu
z=7&%&xpguOG|uRkl(G)vH_*ze)HA_fTepx8#<O^$G<pCMGiOJ_8Zr-lJ?#m6&K}Xb
zr6ZI~pXxoA7yD7x%cbfY56}Im=lg2|2Wx#^0539f1RH#&{D%(C*4AJjLidtcWvDdQ
zh&1SmWNMfQyX@ndL(zVfq`$hp;OjX+w@kS$0Dz=FuD*O`QR1A)QJlsf6eko}Zu=qC
z9^T$XofsJdZ~LU>UhHz(mOq!V?>7D~?UOYT_T{)JxX3))HI+mh7aQyWP&yYHOFnlQ
zKPT`hG_onBA`i$h6ly42_p0}Y;cpnoWJ0vpSz?)7=-c1Eb+IHx3I7AA^`*w+d40;x
z+MECP-SDQ&cLh1dc%yAwJK}r-UK@ZS!4Go@(DxksUfbseFF;p<ux;Hi9`4Ktw@=Mz
z;-@`x^ZXy@Z2t!<ANw)V6V3;O4xT$%qFjHIgR7#1@yoh4Hi>hUECRtrjz<`vzTcO>
zac%KNO-C?4WxY_@0!!mX*26;vk{daEZXh-ccW>oIK6&}Z2J|8aTth=k`Ef3?5VV$c
z0DW9uumw;`J-`qsbtIh$GAKE2n>?xe*X6&G^xx?gEVn!W==YzVr}gwT=K;OkCjt#_
zDyxa-=^#PcJ#{9Iw7wtiQfMI|JOD*qP^0$y0z8mbD(!>E?xBRzPFuKckW*1#)ViJ0
zPAU`3LbjU<jR0ra7f(@!Fzz9P5?h34#KM@O$Nq{}k44Hw?0||uB$E_XWgGRU{3a}g
z$L&J~+&RE|oZipAsme0Pg&uWWi_e^ODhif>3%`rU1moczV#ul(BzXG;OlVj1$zH(=
zF2F{Q-wA*3Z@IXTe*MSpioUE>n^!reTVF|`6C{V++Nzx)Faw%^iwxva=Nv(IGF?j@
zlMcBPKufy^P3NS5YMWoab(YMg*GqXMo3)+ozn)5x-}$G4nLaykiDTgOKj*r$mCWC0
zw#Hbm+F5@W28`<ky0^5?KnY)mP9~<e*RRk2hFk7^0k<>&=nu3fs;zHPTc1$q*1W(C
zJG@0-TvDZr7_*OwQn!NaN+1*|4LK1#y(UiRG}cfqp|A`3ZB}ofU{hM8D;Lntvz&xN
zUtglFFm5TIP<RvIRN}<+Sg=sZoCJkU`K^l?V#tvTyio5j^aJ|<MV-%&>)O7^+1@B*
z3aBLG+5m@Hs4NYv5FnH|qK_lw6kyUl%~H21$x>SVw-^losI1pyMc|SE_XH1@K(nEa
zO-4_B=FJ=PpOrWkm|;GthP-n8Vmt$k+1N=+JrqYxM<Lt96DM;$`WCgN&YOHLfI>bO
z#xDVcd+_jJ6KH}B^WvT}*-);X0x<gK@!R@{-(<F&xr|U(>&P!6n07#BAeg!#^)+-E
z*L?JkZRB|YbdY?`Q^(RlP`g|G^j+)o{|d7oZ~Age0|2%DYDxFjw>>Qy_Kh=6e7^7e
zJ10sQq|G>!8s}NxZqWIgvFZd0Sa?yGHO~c6kZzw(SWeDz&OqC<iK(<{)U)3(o&!}W
zB-xmep!dm_CIyQ?kkL#zxF?zMNf>{6pUaI}zrS(Lfl<Cj6`&@<IF}cbai^kK_Vy3-
zFUJc;&c~m9OJL=og!l4)^V<1ZW`0K6vrxLG$kQ;vpl4Wv=d`zd-mr~Vg~`gh6fjrP
z8(XA%9^)7LJQC%(A795ajs9Ba0Yf%9Z!rIPe*vz70liV<=_QN=R*>s$=J^(O#`Hsc
zHYB6YfT;F4Q~Jf{bnT}fQin3kMo)jcm2D~WQT6!_c4Pj}l4;!=m(KIjx8%l)!BQ7H
zn8rBeccC|0{VCgB85W%AfVTctslRN}@SC=@hrZ<IEd7D@yQKDm`v>soorcZDyK3<4
zT$#lpEej(Sxg-AgAAll}IG?Y2?~vRA97ce_I^EdJ?qU3TxEAeRZq(2K6%k)|oA<Zc
z1_w~7R7{~o-RlXv3e4F0iDdb_wYHn>p!Y)WfJ&E?Xz`A4PXTj?sdG$27VLZUr|c8Q
zSTb{*9=KDC?%kCBE%kXhjwuYthVv40zeQpe!yYJ8PY!Y>=p*=y&%)3w>p9kcGbj8#
zSoy*~CH?%rJOAy5H^3#w*<}-j-gvTo1kbAV_?(}OXNGXrT`v{Gg*y4X@T9q32IEC0
z3GI&W%W=V`3yqm${J(7=wR0QcP{&f`675+qXJ>lHLAC2auKO!>rs<TpH{?WpKCpCc
ze~xb%J>SzMed_WLzVJtN3zS=u0q763XQ-dPwJxkkaDx%-n-Y}j;tfxXNISM)bq?&Z
z-^0a2lwS;m_Gi<RQ?Hrrr2gXifv(QV>O@YuxsCS)O-D5ECHk0gN-nBp-`+FCpXu$9
zqK7<5BS+mq=XGmy$*?y0I#pQcIDz3Y15b4C6llDxDV{fs0~8g%pCt`0H}D!<8pj0&
zn_v%KMuwrNkO5xTMJ1d15<o3~6SNU@5paak$N0_;KapxEi=P({mf%QLUQd1It!w-x
z>E7*F;4rY9$IJVa0BCrr64)Eg(E(6luCJ48v-DlY#lcWrqw##F?m1t{=rF`Ec>h=z
z(Ix_BhI?jVF-l~k|Idg0z+obA99XmHBl|<S_*z_QJCoJ0K2@W<Kf~KyK-xstb=<=p
z3MC9ET-%$}zhnLF-}qtU1vg*0B>{k>*Q;GVqf&7&)JZ4ZP<;nF7FbNYRO}b~B;y|1
zzNlo<&Wv@TYE>6vOuUj&9iL<J7i4Q*R-y3$B*K`KZHi|2Jv*7nXZbuJ|Gpp$pxqb`
zapX-Qa^bj4W(IMF{3(MW=|_A0$siEn_uA$hPbgZa8B;mOe2KnZ+A~cVE@)fv>N`Ab
z?R6GU56?W`s9o{I*qnCol?N1sLOY>-t=8#Eu_*aV81{+5VAvr4k65+6Y=}TO<a5t6
zZav!H%kvNhkSaSyqruRbROQLJ!g0?~99Taxg(W;@dL<Hu_X{-4Kh`ra0)2n}z*Jyu
zNc$Sib3bV030PXKL#ot&vPx~&52>f12TB3xCd(1)Y5*OrG8Od7V=ia^PF41<Z>bM6
zK^r<YZ2(x|c)o{A_woBk_0wx69lhzwEe8Pl1MQ_!`@Lsxb&C~C`=TfYXq$|_1&s?c
zt_?4Bfx^tm)N!xHxl3q4Dlgh7ls1hT3>pz;i80N*H2?|;hJtOiGCW7STtXT7Vxp{~
zj%Z_i=L^JH4SMyZ^ieJzIv8T|MrC`FQ79}@a|`ZI;{^lhfX3-j$}ieofCPYKD)d(G
z|Nq&0*I(VP>%4Ew_3lGT)}1_uq$Jm_Ey)sPla$>!zP5>*I<=72MiCV5Ek<m|ZGyB&
znp$?7rf@_#jvbk9^C@ZE6saAj2oUswqJKgE0P$0h2BOgqMS&VFngA&*k>_2rAKo>_
z{5{W{o7Z#5!{a@HjlK8#t~J-ZjLS2gG3Q)j$kLE=eC=6Dxn`SdjId^c<HlVoc|32n
znMRMmIGGU90|Q@W5Klu^7$s)gAGG6r-)wp2vk{RrJ5pdG+XjlN*c=v%u!qVvu9G*8
zBC_Rt=6wt*Bw#px>db<xF@IAKLAeDO5w;`ScE~%=ojB_2w(u|=e>--95D18k%W+Bh
zW_qNaK~QZrHJLL3T)WvVfS>w5+u&*6Hgu!{LASl;*wgv1*38g0)b;zH+Q09={-Jol
z%ex8y^cSu^6n*;}m;VxBLNSPzi<YC2WTa&IxiogEguV!<a@V`oldE~%$dmTYXFGzH
z)Ivto%qc<POZnRDBr0M?guptpO?j<Ti&M@lh1(Z?9iP`40y-fA47Ay!B#t?iT)@`x
z|M}K1!c_;DfV{53XpsT%=jZi__9sdgX&+}s#L;7{2o$SL2?lK;)5=H@%y9oUnHNTs
z>6oTS#pbHo1rTt01q($Dpk=h>3=%2Pis1U?t$y!j+MngIk3@Xz3F!SX<_r=d@L51t
zB1-4v<uy%NzoNqdK*=OD=wyOMMxSg$ggU>Jd2w8{HK|)|%)OVCspWc;%l$1E*CF-S
z_p5{M$F*D|kO1a%7x$rl$~6NdGH_mh-Y5NzF)po#z5&$j+i_i<?J+Tgv>^<hAQO$_
zY4bLMqhH^@?{B?#9_$CFysH2}wDVt$XdkPI6%-3+8KDlG)DyR|loB1raJ#E@Oh`4L
zyvNWH5sDx}Fx&}|2A0>t?x72g5PeO^v+GuwDUwcraW+TP27Q$)@Wt_)@nD;U!UWx&
z?au2G7}b4;63Kc10}a_`wq4%d6&HmS3bl>jD~g-rC3(Ldb=<B{n-&q}vxE)>*h<iN
z9W%lHNxc|jS#-5HaH+<a2FKbrrHGDFDU0L2GtQv!_N^k!YO~GLV;_BR-s*R+$}^uG
z<5_wikjZpPOuJyr7#%t-&nS~~K2hp1pG(nkU)C)-=mpSbeZB^TPKyDH1Mn4lcih+e
zsn~#qSA#c+q9NnuQ1N~QXDsXb!?rM$kmGV4c;US@cH4XnQzK#W&H1h%kn_m#0g&Q2
zG3dNJ^ApkAFU$>oaLT&|0Q6tmelVi_8JPr9X_u?iNr|y+Lm6o3X;?j?F8U~7Wbqv%
z#LWyw2^#@I8r|c09!2|>6~32zhXT_fRv%*28!?2ID17OV5?q*o`}I6bMi>DYFpm8O
zr<F$HbQkFnM3yV(Rnf>{sB)2}C|y@W;b{!caYa%z7JWEIGAI*kfjaB+!`LNgq`?@2
zHpYdHKF3Sa6b+6iWhW0Efx+~}ctVv1WH>==u5Ga>i7X5w#FPQj-<fLa?Q+P^yFKT>
zD$jg&0Z!qpT!+ZMWDzF~+L?~2?ls#W;D9V3o>_JP0F6N0+Yw>l0Q21OBhLuf#AdQF
zoOWxyUhA7tdas;6#!r|l1IPqG^)e-ZsEKjI-xVb6W8rfGWwHYjgyH^r5mtogX^v$+
zH;+PRDZl}HBF|=evHk4+{eSa2;{h%23INc5ZF^5d|Mkm%=5&bs0!kr!r_*8j7B>nM
zJ`-BLg%}0-4u~`zw5%V10@NG7=y+4;yZ)q7Z7?2bRJJpmqa#oljolX=!bx&pZ!LOc
zq=5U#k~j+H7;^kcpK+lK^UW(|=a|+U=3|KNF}^v50>BK=mBB#7pVtaVNMN?%x_-z_
z3&|xGXtR?ReJuf_zr2pCnRDC%ed1@H)0N034QpR~o^!K^;u#H9n^VpKx+0=hk8gX#
z6OTU}IsaAp_D@G_N9yJD%5V}9(2X|qu1eFnE(ZwxE@0e3<hb4~;2^{7K-OIajx+U>
z2S_dL$v&QyeOl%FucP9lA6xxew06Gi``>Sw+~qylOgyXDj0Bj;j(}02y>xpl>s|1S
zwCQ#5(ouf~K5`%v$N!}3J%VEtBlz0UMluI-Fj|Y)Z)uy$Zl6!lxBq7Up1*A<;=w5I
z3IGt%|6=s*GZNv^36x-CLd3~*6&mKyQ}Kij=Djq^5t@&RvEVF11;nZ0GN^t0EeLlT
z?a6D1z*nq5wG~c-kz#(v{32<sY@fgJtX8~kK-bv@Q)+iybm|gG(+B`9JLM?oIYQ^0
zKyL@Y;26ZHGdK^Z(~WpD`QV${gr!IW4_zjc5fKu-Ii+8q1?<t(=4>bB<Y=$&>8Bo$
zDdM<@VdEHajL9w~vvD5J+)oeYD}C=}dGC87KJhKHla~DP3T(x=hv}7m8f#d%c1Uy)
z0G|Na0dau}6i+vh!66e@#q~A-?qM@{FM^$1;3o(Ei1UUHCDX^?sZ-VfJnOs=1Z>$}
zj)4RG9Cv?RJHM}SVYQTVTc<?;RL&m&s=yZ3it)7738a^-d{?yo=i>n^4?F<qFPxr<
z{pvrv{6}L~S15HpQI{vndmi=B$uaVwqLUJhfHOurrfA=QM??sHUPgh>h60L%1~>@+
z8~qeY4~z0Lnx&)Rc0U@fzC|sZ5$Ddx{1|V}Lm4#~o*b*ZhSxc0q0#ZQKq_8dSI^zm
zDA1_oco#4<gDqnU!$D)rmGaqV0vo0Ysyze{eCZO#y*}R*bY{H*irNeyB%;Llkp)WN
z!F3B2xrWLj=eV2)Bi3Wip1A#RJO3=tJ{>w9G5#-*n05iOF7z_=lk7`}JVwlbtaRn9
zYXlO=<=G@z-)=f|sYIWb^>R+r{x}=S-~*p^351T?nIe!r9lvwMKT}-%KHJ5&AJ(gT
z^QUe?Kg?F<=ROy5?cy`Hl?Bk+i1>Lg$1_6D%}9_O5%pdSVNoKV@%;Y1zy67Mz{&#+
z0Qw83Q$+lFwEaqrKadtDkdYjn(du06`a4D)k{hOig#CS#-HdVc7{^d1s9+UzmWRWQ
zfRJrtfnF-P<gy4%&?X{SI!g9=#U?~M7Q@ka1spb=@2e<XIv6_r4MszN)27c#icTUc
zIOIa(IIfwitDR|Jd%1oiL7&ipO;J7T)Cw2Q63-?mkzFLnGjcrYZx}nKS{O;NExwg7
znWj2iC}jwHn<d3zV_##9@3@#V;*#_K!t)RITm9};dFE*aQ(2sjr`_=P(|5=S_2W_z
zoH6f7T>t}+49w|njH9yMaYHV%o#OlvsY~EM2Yb{bY{VfGhaSoHzrKxA|5j`WOR-Sb
zTuVD6demmdqxzRkY-7CK4sk4Gj0{{9g8(~IIsXJqS7SV?UtApCMp~9OGsm@_wY@j?
ztG~5>&)@dJe@Dv$4FDqIKa9S8k09&`A;y?Mp{8O?h%bck92x1`yr$mzWY4NM|Mi#_
z{^j@8&d~1#xX@4-y3E&Ema}Ui&e!W9TX6Y84L<=;DR#_tNP8VfH67!+whiT>f#jC9
zqRP^6czbOOh3NtCo8D7!TvH3DU|g%8?V!%jAu^Ed@Nwy8v~oQ2d3hh_RA|LM#_N0w
zfUYYWBd7A^c(ZSm5eIz$9<s2B?aeVG=z#+u<3a#K9eB6A)$d-FPkn2|dmkPDr%aWj
zp<MN~-bKV<iHzdU-wX_R^z3$b$QT#El1U?AlX(ryC4qw5p{78xY^&SU;W*oIO`Fa@
zSkz0#Awp%$?;(pQ_qDOO&w~p_*xbQHnPxzfQ90W{hoANO$)q{XwQJ1YDI$P9#&-ok
z2n3GjY<K_V=<QFg2l1UL4=e!aFI;^*qWzW2KPl{~go_i(+!$U4eB^uG;Ckeqznyj$
z^xkxvPMy}q95ca6)??4u=!|epZ^w%CHhxanu9nYoM^;J=l)Y0Kx;}&Lq4AfL#^PFG
zAC9)jLOrybV>daV4Zmq9PG%f)jG^!jgesrU2qV9{LLaPsJSQOKVYP3ckp!Ky^pE|v
zdlSeJR1lCB`0C>)$4}Bo3!s(tt=`f`u+(h+M1IhxiZt81@2!6KqMWvfr$2M~oAxB5
zaYlL(usabomQ3MgJrm=SP6?o~fI(Z^DxSA-Ewf{KD|&{KV7g@O($_8kBI-C_zTQ_D
zMlu1_SJ;yZZU|7E74UjsJ7_n&kJmB^wyvg5aYfw)_Az%J7<sCY0VwB;Yn!HY#kOc?
zdtv{B|LyH~K*|FP03!M?M{n;_V+Hh^|DRsDd@Wl7+q^p5BU(urv=HSYEnM_59P6c`
zVT?J!r1K+U<d;}iIxVy*>3+65qsQu(A%8k}$vZWroHPHNf<76s)3|PoKgNyyf$`$O
zAz9aE$|24z#=XUAz<4mtP=IS6U}it)?gCIWbPe|&eUkh>oNj&I7u0`_F`TJTsc8%#
zGt;6#%%_Yi3<jB``h8Ld?`#qsP|9iU;>doxyid$djBDjklNjUuux|BxJ>{9F$KNRr
z+_jPVo{J;p^|k?Los1XeI16*n<?IMJ=!o`F2bs-$me{Y*zsVH%Ggywc)j9sYT~=fs
zK&0f<><;^u?X76s0Fp4e9pjhwmuW}?*b{?_v7|$mAmgy31kuU7q~6j8<g?QLaQw;e
z_?abBd&-V{B>MKnc@o~4@<0NB{=(^dBig^GIcGReQbt^nxr(Z53m1@M+e5d9gbGnA
zj-Td7hg0a)hEPyz3soQ}guGvX0(m$Iz7xB^3KTP+;kj-%M5Gd>eNgZmTXC$YCn9Qr
zV25H90KzyhC(3y$AOS~R3Ue41H*k4PZK2FIH+9@K7BCRyXi3!(@WH8W05vkcN4<jb
zInE7ovd#7Kz?SSsMe!CP_ATl~O)ggxBa`hi$5Pi&W;{B~dGdFzACB(!6TiP`e=pBH
zt#j$ScPbZ89ZVTb;A@eskNtKx29RdX8rRnIu*#eibvfCl_m_UWiqnS!?+3`doancO
z=+NYFo66hyO4lh>%Bc;zvwW@t9M~L>u6F>bWMSNfWLr}g2~OmF7RR;p7Xl=X`8nOy
zI(phC{@=8ovae0sOusb1$DiK6`@ef89)R+|0f7E%ZHvDB^~-<eJXTb6MRL~|Os?K`
z3W|o-sd9-h0S+P{=$k$(l~NoVohhP-LiXldQh{*7mQZVqKHa$2-+gW~=}b|&{MsB3
z`x6n<f<_uSr_?wu%w49_k`uu!!tfj#8JPU6sCzu0uOB9;X;yC*<`+E@mgvVKKe7mU
zFcG5#j_0=PIOKvN8E44t#HIjPFq)Cveb+;3N(LbxtTz{_65M8cZa?wxo$&WY%g3LJ
zcr0J!1}6|PWNF(~-XeyRpzMtsL*_4!p%zvTGFm}R8*@wNEGeBBb12U_imb$M<NqUg
zYPM*t-stDDSPQKY*`Mx4y}YVqx<lt9CSXr_tA2&rzX$~h)A(k)&i1TruE)VwjzgvZ
z#r{N%OVuImv>?ve-W>l8HeKv+%0=HI`hU59_usL}di%=*2LPgP|87M5LHVo^UGF-X
zZg}&v6>wnjH=Pyb<VZhM$R>K*6pzlS&ZCYPThky!e2)OzMWE7g4UIY#O!~EJj(Lph
zrA_BsgZ-$*HA#10<9t1m$uSbf1&WsAManJNgXl4iTn;?%n5Q%_f~a96X!PjZGjeb`
z{&Mk1i6mI0bI*1QBNEz1Sqa_LP)O<lMy|#v0hvVv!u&8wh<OZ{d(C=DM-w!P@gXRR
znL*3)`<eFl^6a-=ei!g-8d0CY-lZHRqeoy*+fz&r=B4!ike>pKhs?;ygb^i2bw7YK
zpCt?E%*K=stB!MlUw0X;wx85)aK};>+P7i_@cM4190jN!dM_z4g6PAZR-3j^7Psr#
zDzbFdF@gu!8V6`OKK1T{26hg1oHm~0JH1WS?AFCM{gG(>N8=qX4-^3CFPz>V(SBKs
zVi`U-(mcQ+Kj*1U6mXB2vq+R4QFL6=cx^{6%M5cV1034QnRHX`yq9&kGh4mDW{EO!
zkF0t<zM~-__2sLV1=ZvGbf^+ppiSH>>nNGdCDR3@{`kV9DGJ8evJmVLU~n9rv8de#
z1ZRxq+x(2a4I|@JWnLrEwE+Rj08d%-{xAyS8j;JF^B9oTprfa;jR5#u%*QmA7{@!e
zBYysiH_kuHGfzk9Njf+JNXlQ?63R--S2~x7r94Gw`iZhy^LUK|bK4Rzm@GQ|l$+h0
z?jaL>KOLv~7Ac<q&p<H0NB{sJ07*naRGsQ*--dNN%_(_bQ&Q&>G}Mc}2qOjXLbiZ5
zwdzit1&9`%?&EWjcK|I}9LqKXSQQY6VgI|eKcC(9;qZN3Pu{m;X9)c3=Nz%0Uf93;
z?_k@>+g~0i01(ms(}?)kaFi*~%zYmSk_c9!T?inZ5UKDLJ>;hYrV^crGU;R>gmk1S
zltiO^J{2*YzN5ta-cu0ip!mP<iBAxb1}lvd50xQ0c4y|y0u4xx3+Zsu&ovkBaA+L(
zc^~&uf%rRr^7Oo^zyNSu^Sd%0=(|Mj2Cf9eq(R0!)EI)^C#{-eDQ|4FNTm87L$;l@
zdNp<>kB}7*Ltwa%IghZNE0%M9?5X3BpWg@j{9kW*_A?O;@{)@$X+tJPr-cLr*A+U%
zbe`gDA`}oDWm>}%DvxDfuGA*hvv~IX<r(8Gekz|GZ-wl+*pX?^4WNfdpeF;zfMNxD
zRw;q(PmZ|*hPuz}OGL=o6<qwA_e-F)1C(3vR=Rk6mfMFpj@dt+pAr$m#CkwBF*cF&
z_KAr2bMpYbedU1x0R4rle?I#5vr7S&d=es<S|#t-nE|CkkVqPnak{J55*d~v!kI-Z
z1ld-OGM6NsZNm|jLu#{;$$FOUKT2)g3UzD=3=#xMq}~SFt@b2}&1gLr-sN+Ml4B^+
zj=XkTIB6O@8a9a(aBVJ}J73vc19-?dHJvA60s!Q)kUl4<<Tfj=9T3^N#z_}QIgi(#
zveaTGf-7_I)h0wWjEcC%g)GFxX0-9UKxUq@X3zNjxYh6Vln;L};-CAd8Eli&`WyPb
z(T2E_0>xcySOVR{8C@#M8vyd!sAKj1kO+;G)22{%$<`h1Z`&)!9{<a8^Q?bi6;rp%
zo-}1CyXhsFixu;f^4KA#><1%w(Np}8QK<Q#-XG&pcF*P_;@DoD<HbM#w!L0^9@<`E
zdfRwLvCzpt00^;d+Md6(|AF6pa&F+;Qyv%q5WW4iX#1ms5`|!qYIFK0B19-66#em<
za&AdqLx^&VncPo`2+p^Ra-L#$9>PQ6PoXA#m?a$o`zcXmjf*-q-vTFV4gg4m6)|HG
z?b7z@FK9ePsG!jj`ET>s)Oajb{z~4CihQ)I9OKdc+V;n}?dml1f1>yNoGgeuH%5Pi
za%|&sMlO`IhSU(ha|0v?6%pj5++0KRJC#{;hWT`sA?I$|4PkwzTrfBN*hg=i|ErZ}
zKQo+dzAQ`f#I!9j^uVJ$0iSkaWBxrkf7qXLN|Yt&KJ)%%%M5hKSnaRRm}RHYfu=rj
zv7apZTY#fxOk)9S2g`7V#Uxl+Ewq-k3lYPv8la9CKt@=E1WeF>Za2*P<axAPc|X>H
z<UIvik_|b6uVNLN)_<w{1JTZZW$ygjQyvHa&|kRvL(%%bIRyA>4Cq9MVKCDuGN&!2
z4I%W;BZfg`k)u7$;SdN2O}&jaxRQF*TeNXT*o)}7D6MP;>M!Plc`ZZRc~5mWpK%7*
z06jOI1AwT6&R(L5UB`h2iu7H9BnrLFgO8Q8A-@91q7n0)WW-nmC4EBuWgN4AC#{>?
zc-*klxaU~rR>Em)ZC)hT4`V`SAgLD^43WvM^S5GBxL$(ec)mI!|1aJ+|5q!|e&!+v
z87T^2%Um&ls<V)n3svtWFo|(rT?-b<8BDIZiO@M^1Ui+A?P~3EpwBqeXB+>Q+_i)L
zKMlDTeTH5$m=ci7pek9s)FnD$*io{R*=Dilu-9ZU@|yFlwXCoH_65M~BUueU1-AOd
zac%=BNeU;%wfQ&4X}>k@zqH|}_V4<w?^;aWeJ}4g0O-GZ>l6|Hl^Q%6;SR$}huqY-
zpGhl4$U-w$3_8%)qEPettWz3q0wxaB41Zoj1e(twZC1HNL$Rc@TOX0^bj+`Vnl{Fg
zQ9lJY>3&)81D2r_9xMW*?rA(+=^6c7v`eEX+tpU-6)0;xvyFaNTiciqIYS`e7?I*|
zW5=jLqV%I)VMWeEo_1@aFb2oC)RDvlO#oHd=ZqlOFIj(qdJ`~uv^23`5pn0v5&7Tb
z{9m<v_EQm88=^x4gLKLw+gS+G2;M?<lsY5ts1M9DoR7amicBIGrqKZ%I(OOPcWFaK
z`UM=i$rI$L+C%4`|0np^2MCrUdJ|}yUJ$GYuFW*B050eSfA4s9wbk?`$AS5MVM7yW
z5R?$iY@=RhNBGVbo~-ELJwolIGsb;u(fVKC|G;n15xp(t9R~o>_J2G2_PL0Fv0pgt
zqIQYIQXx6Hi0+)OrJy90b*Wsxzg!g6CjL)HNg=P-=33q-LV-cmX>(14UCMYc4}3-m
zTMQvjYQ9#vpF<1>bAv@y?P@U6ArUEO+v%`stWTqz^_<=6!<dy)oiKMz$59-y8_it}
zYRwBH2#!C22F8;{wl^$dw0WV!r-2m5i?$IQ3EfE`a5xWN_~!to`U@TKMV$g*k9;TZ
z5mxMwlgFNl__^nABLCM@9(^R@)87&WOs5p%Ho$a54E+IsUj-J<0FbJ$-!6mD1-FlW
zKEK#d%1}oAt^RLqxAXlIR3KGBXI_`#*(G16A={$Q1{exV9XfSJ8j|Bd`IT|z*ug&L
zci9eM9$YWLE^Ei4fK0U)c3|3ajqT~xw#9sr32J??qG{7FpZ{R=?QP!{_>KaA{=(^2
z^wVFy{Bt<2qLuO@IHW|E{vGMi%FX2DGtwgJj3~p{%(&)vmxqK*EGLwdE+=(T+(jv;
zv8$p<du_2;uI^`a$iMUX%tMmq?`-!1*wp`MzZ@;w^%@!fuKjgNjfyAd@T2b&t3c(m
zIiyl&ohty7&(A)jB2W3)J`|df4%vw^MgV?fa=gtMvB_&kA;YUEvRIts?_{<nHlx`*
zp9d%)Aj)~abLXJ_ZzBKKU7mf~WSbFQ;5-Y+P}p_*N#!X5*Bmn9=}x8=;jqV#1s}AT
z1i;X#vAyqdrvEtd7e&~j<2M)MvIsL_GF|n7)ynV4z7kw}I|#a}T^5wNEh~FveW<?^
zxM2}vF|f(ton+i5J6dZ1Jcu*<Rr3N6&fuZm8Y?dN`Tbw`yKk#cerFkgzWqeB^Cu!g
z5n35C7+?`B2)rv+IR-{ym>i*Mprmb&=~a+L2LZ{6l4jJk$B4S~Stcl+(_2wf6YWMI
z0cTI;cS=0R&=pH^#%#xFe4k@j&kpNP!}l@TJTU-aM#G|MMzg)CQ_aE!mUQ%$La{VX
zel{6Qv~|gbU;z-BB^k4H<Yv%>GKBmRT;;e>UgR(ywy}jUFI=3&Xv!HAi9$k+PCEae
zyK(++xIFjig^sn5g>F)4tB$!MxXra9WlLZO=#VOq;3<GdS-vKBAF={n8Ato(8~s`|
zNqrqF|2<IQ*#rV4U>m4UlG3pLG_zZ>_>T_VY#Q0yDXj?y>r4mRoVr|&eT;_$CA+Z@
z?oW#SOyGwUAny|v?`VTBWX$WC<~`M0AfJuC{qcAk%R2@D`j;PlBwGJ3#CWDdBt4vi
zLsZOts8qHH6%-<}ypAi`N!b_bw6mrqCm!P&@|;a4*^LGbyBqw=A1X9d3`U??WJ{i*
zT{l*A(CKI^`USX=ZEEJ&Ct5!14s~MkCO@_r^Ha~EQd_^PKkZmBlRyQ}_qPz{XOfz+
z>xD^ZF%Fe7G%vEWaMC^o(Fgr03s_^^??ALDPGexi5y0ry%Y#Vm2ORy;Rz_F7T~7G>
z{eHafn=POGrik}{1MH81Exrh-97U)+GTO}7L+4geGF{?`)9KmbIOd?;X{S^1lu|{`
zy(0gh0~f%NI(M4oi1H}*ff0I)ajJmpXe*uOGI;Z-J)d>b>%>mLUT~Wt0ang~tjS25
zcQtIj&t27@&+Fsd2JVm`IGIulxHqq>F}5)pw(pDkcm0-8Gxx8&a|}T1KOOt&n~#6s
zxJ+<z&?tPe*s2Yu&53mf9brlqAxCjKfDmEN&-=K3R6Zt^&O$&$f)2}92^xjc=J^K8
zJRiV>ocM)EzECd=%4N(ie_xk3tbW^fJnScb6a7oH4F@dX3QEE?5y=Q_i)cq!3u810
zj*?cF)xZFaIi?bEU_4h8EZe|mR(}jIO$Gq~iqYUCCk{TE<wfCm91s$qFr}2gZ;tnU
zYo)b_Z~vry<~ix3xD$;~9VRQ2a_SDX<kK8HgP&s1V#tCqLLKens{c7^Mj*937sNnm
zQuvpP#<gN6Dc2~pM+{PGXOb;^_7r2)+2FKMAKyaC_Q`H3*g0Xz^4ZPokm<0@=RUWO
z>!k!38F=DL!tz-)KK<#4_HV`8RNfH)(7*iXdm`dL*XX6IfaKm&+2Ydex;7M2ga~NM
zbJKNSA40IAn6pg{k>f<SCQ3I&bmpPjVnD+wt`aCyayl=v9t04KlF0xFy#_>`b>(-A
zRwm;ElwK(h8z;_7Db8s)K3-2nEoYYfOn}g4L(6$`CE8Exyqf1mX*3wQ^FD%s^DVtT
z*{96y7YK52fk>u-ndsXvUQBiIUK&6jFEPw1Pd4Y#B5vO}|9euN`?Sgq0|1FOuK~fd
z4Gw&rF^hmcS)ong4j#7auqQ3gtv{&$I^d^Do9pY_p$l{g1fAQEdy&Nm(Koi=L3q7H
zDa?+sz;;OBf;Me;VaNJtNAAkWb_ihbKqXK=0?53!-U9$1LYsU}W|Dy@^ihIBbF&-t
zyT)RNuE#Iz-}&D!Q0Bca?+gRb_WvMy`}ic3j9$*S#-uRnjZlG*h!6K~=Sw8T?SXwU
z84(Mr8tp2>j|GZ!;yQ6aqA?=$%f+MZjzq~8h%%WY=7OSn?yhYTiV~5d7$+zO$EA)u
z4LG5E9vs|?f~@-wx#db)Ij$HHJ(Y)J!|_VclF#5+bNn*3BNSr(hT`*C94|M#WKRh0
zxZrYSsJR#~OQi(}AaQRoEM3RB+5%uGFMz=~G17SKsT<n=UX|xQ6E&_9h-6s+|NPs5
zZ~mtI(0({@PsilWhxzdZ8^^_cy_`3|Z2{1$@ob^XSu%jxRfg$cX}c(!9!%7MN)fVX
zTGqrcV8Le$I;cODdOP};b;&v&*V8utCLl`ylEH|x7rb8P!LIW|k!Vwv>)etl-aZwr
z|A}}T%G(YA`ma9nzKHmX8WDm*$vkR=4w&Tn7ZLC(x@IKpt2RlaPPyl!NG{%tcOiSf
zAMIY9we5#?RJ3c0@k;SiSr1l(eUvfEd!Za$<R*fNH5TPOvkg!zQ3#B)^b>$0+batd
z8y2~kGnEJ?=i;pWSOFv1f1hAx8~v@m!*IK^o}wZ?qv<uyUQ~{>jj^e5hcRY^$5SR*
zSB~rIIOox@G0ws`@VQ61q5bb|`RMJ-%aS67Ltw7GoVW!I1ngeO90-F0d2cRD%>s(h
zdjOnA)XzFnrvRwQDyAcM@G6C}<^c5gn?QyA$ogxo1i{Zf*FzgAl={(cKLdd65nn(%
zy^p`0ajw2#zKRibTkGvw1P{(qkX_}XLjj06X6J~${lfmazyC<w=kg9P0R7KK>rYGy
z<GE@6?G!nWVH9WEp)fG8+j+hE)ES5Z8eOklrV%!ca#J~}r1CmofCU;3mS)Ps)$$1v
zWHH;(Pg3Qp$kCOSk-vZ!0|_)B`B^%?x*kfA*PL>DRL3glP4An=Am<qCJDe@y*oe~g
zF+Qo-Jg=b8x-kwy$vUu!u{NRFvyU`|%pHLYfDYeU$!JYLnB@X#s3V5)CivnQ6o5G0
zIRE=qp8KRZWIG9vdhM(9>pnWa{G3t01s9T1LtP8TtnXJ9>Ff4B09lFR+h~gePzh8l
zdKG|-psZ{H<ey_fC+v*g>UFvV-Ss^F^br_2`$A@-`fto>e&$7h2*DWAZsilmFyQ<A
zOaeXFySj&CYCz;-&%Ze$erj&yy)ADm0O((S^aIhipVNai5D61~a$h%Bjz=gm6vd*D
zrSR^kBX7$=hf$_86(<S@od2_4L8~wZmy1@TFzTyS`2Z_)&JiOA%^Wk?kO{Du!xBTa
z05thL&r8ur<e2;OYAlbw7DWvp#G`=gZ0uOv&oQM!pv}^jW(#R(WE=XsFC2Y>LLA>4
zF`PZ0A%>&D87~aA$jNE6gJ~?MJZp77463jy27K9;>UYOhzZ>U&&&#u)9`i-plKLt#
z1{*{<%)^?5-iGs^ShlRY4@Rv3F7F)&`ds$<Uv#9E+`&fDDLH%TK~C!$;P|W0Bh02Y
z9iNonr2QF~dB1Z!s4s5EBVrtahOwyBUyQLO%RoCXpn!j;f5_+c!9<g>bOvyht}7i5
z8$akepT{xqprGx4Y5&~ce^1=U@^&)-e=Z^(j|k0WdL-(5t~sbx@?IjoqcA!rRYc*J
z1#hey&YM(OF60tJ9d<7!kLXl@h9SjtWGNV%wX+tZxbdM=2Ti_1;p%x%PTxB(5i{DA
z^`#<84iI%#T}13ay0Y&X^B^EF05A}xWL<RvB#dwx7mp772<ViB8q-amTkUVU#)8Hy
z4YK#WQY@=z4a`T4;UPQQU5p6;a6NO8wkbJ?VT>~s^4L>1&i{UvXTL3GQ)zlfCWrEM
zz6B?{&$3r_!9h9=EfhNK)8)Ax>{dVItkX`AQKPK#Z|Vo1T{?7k$felj7(iO=V@G>a
zx3Ue~dP^J0z{vs+2mHzE@~n(31O(0=R$8WEeBF@~NW|!m1fT{Cvi|zr^mEpo!AITO
z?Yi<UACK1m{kV_iZ36)P%a6V<w)0<*!Ocif=$@E!FA+0HxO}MJXDJk!NNkTu&{xqW
z^HpqPA$Xv-tf!a?qB)|^7~hjN63WUQG#s)!{9+t-yQV>?OvvT_Q0Eqb6vAqZV_eg%
zO*scl3&>gvI%%|n;LWMfiK^oqQL%cc;&bdn$G9S?)A-++4p%<O@x#D7TU28UMo3ts
z9%3l@7BZ%$QYJaa1TOX3Wkg@w9`X3iD}C>K`QZB^zU5<=zgISck)f|e5=ws?GRTzK
zN|tke^M7$t?Qr~;m-n=G#u2}$dkT!&tP8XS<xCsoj&%J2cp0(gsh)C7d#K~4K2K{5
zEIJoE3UE;UYnSJoZ)w`X)01R29P|_jX`{cTe+)ii+`9@woh=kvzmL9in{&=B`{PU>
z>+jpo-_NxGZyy8D_MeRX^pWATiD(`D!YK&i&4Eg1iN%6W$&!YXgBD=uSIj`TAei$Z
z=$MY1wMq3Hwa{9}Gq<}#xcvPDY4i)Quzom}YF`{^JQvbsbeWMgoJ@g%lWuv*ev;~*
z=F*P+%->w?pNi^WO!90{b{Tt%irJQ8H_Ta!^QY`^4vy#73sq7MR?LF~5mWx6NRKx0
zG{by8_XW3(!%B|+=1v!(R}Hw8V_D3@?I&&`|F^3=_vy=TM)So+1%4Y~obtnmuG2A*
zC5jj<UWc9^j`wny&*h$^`@5u@V0%(u$ogf_BCHi{afH}SVKpNrFtWi;=9;B?9k<yB
zG9cnuV_ci<_p?tJ#L<2+P}q(Gmabz<g>l1)uk6n%O+p_)7NOa*+y@k}f_-D3vftA@
zKz7>xvFO`<I~U+>0Ra84z4sK+{z3^U9btpelwm%N?_8m>q;N;f6mP`%odPSzJ@&<Y
zM4_AAA474fQ+Q5BYmE9UTBYNFK&6s6n$CM0>JveP(<E5PD6#U(r*UsmWkjE)On%Nm
z3OFN#Ehfh;>;nWl9hM&_%CV}srL)U<IE{8V%~$J0V5pqY5k>_Fohbs2JJSm#A36Rp
z#;N*g0BK?f&^LdPiW@@7`DMK@u+mOYsJ&fs{x@6w-oEm=PsMPCeU|^4=L6K&=ZttQ
zNLj7V$x?RmG~~ZsR`_Rrf1K}6pv%X>VX_US<B(12O#z5KWKEGos7)jOOi4LSp6w|1
z!|ZK2#uj3ivOT+vZ|PJI@g>42M(BG~5QKC%?`cb~2UK*@v=L};ggWh-#|~XK`z<mM
zsMGYmSjP6V`*Z(*j^v(|w}$~}`@a#reTx{pLZ`V`AI@*Ps}sY>tYJV&!6nj)nDat?
zi`x6j=wDD^wN(Yo5jCT_Y)|%s=gNDuDh{*{utVo4X^*D;&im-tvMnNj=-(7o(%EE{
zz9_Hh*j1#0`6<9t7nv~c_MJP|W4t(bWmL_%3$O!7VEr{-7IE<TG*s*>+wT+{`%_T|
z=F98hS^@TLqV^zDC5xn5VLVg*Q(pG%vfBS9@_&2FXTLS#)+0JsN$oPabc#G8CMO_r
zvdUirs5^TYF^=@@`gT9n8Kf`ioVZ4)o=NbDXJ)-C_DO=345*AnZ~$^0o5qwG&myUU
z{xdx+dTrw;fE@kdcnd&B-T6Q3tUx23d#12YI_C*m$Oudzt!e!X<T~3>&w3^zemL$!
zx$gj=|LP+x`u4MG=nOr|=}jjUh>UD&p$i;iA!j&OB5Dq(ujss7Jnog~w4)6cy(S27
zx~J-Ch_cxSpx+coIqv|Gv$P*m<S)(fJa;~;esiq$0ki~>Lnw<?fpL;HHm$SJx{WKr
z7$bdQXJAxv(Pt_@oj$?X3Yg?PPV_&391Yqk_eo&3I<9%gxCO?}LFpKP*~spYAF1Dr
z<20Up-ga^NKY!!=-}Z9rD&n)>tU2_3v$y577`f#H114i+JPE9wnTs%o>~h1un|@!B
z<MDmzdW3=!mX4n`>Zmpy-=$;o9XR<6GF5EP#H<GDI)^xHmd)BLtXYil?2G#IKI$p$
zwu5+Kg6&@KOV;NAj=oF)kJ~`D*T&cZ(4`IkN!*8W{~3V&^!*X>JyY(-k8!QRr(kmO
zARwf0qUl02=9zpzJwnU+80C^#h!{!`p$?}(VQ8#L4_7zPZ%66AD6Gzbha=0f-5q_X
zu{e#bf^^Ju&O%q2Gi5HYC^9(eOhtIk(CNHw*F2r4LR=B+JA6)bU*M#vQ)b(8jtLI?
zVt%vGDOc2zCp;eY)EH*pV|LC=JxO|l00-B*5#e}nr-?8IFhtp&+UI}sR=;<oJp1Y4
z{3%Df$zBBPPl7(kc!6C;wP_z=yC!?s?0}#BvIUT7(`=J~W0a2eh@*y+s>khmEx~^t
z#l5*5N&PSYK)Y2eUJtQZ3}XDPnAt|rkI;JDvActv^bqYXHgy49>Td=m9G|1?2WX;i
zBcoZrk1^$1B#yPrLHeQXkM7U?gJ<UsytQ)w0YK|N8xe|dYckr}C`UxC1#l{+97IOy
zSXE1>EwoQMuoM=)+@|YdGk5AjpPh!|tNUXJ5vllWQ{}G#G*(oT03@QsllIFO*N8%U
ze}QD3R_0NcF68;_iejLE#Z>Hwf)5b3n~}&m*$+muStlt|0;^T@<EfO2y6EW7kO8*A
z#9crc!B&DM=6M4E;pk_bd0_d*Vt6*3EkFlALj)t(&TG&SadG-LtNq{E^0`l4Bdcl4
z;E2k;VLK@2eg#YkUh#eJr`pzcarj;2xj;ePM|*0{s&C_XbTWLQ&lEdQ06m$7HuRqh
za1%6VU?QoDu61(Uvd_7WiUA=3dEV=QoPn2&|4|sMR9^u)GL>__!W<bGAfs9=usLe3
z_Lp|Usq?In3IG7I=!axI)E;pkSb+Nq0Q#5T^QnmVvCBVjP7*1G{SD+-=c*e(C}D{a
z!I1`<s22zm>8<FX`XNXjd0!q10W(zRTgF`YdmH&Ce=YC|EvGW2LeMZ2FbcHOqTLki
ziF(TG79c`O2RO)QGP*znob|fk=X}&I2ShYfRE`Cy%9=L-yu4<0m=GPaE3N~g1dyC}
zvJq3X&|r+f669_Rg3@&S&T3>^>USIW$ti`9os^Y3cW!9^2cdlH$09!TUd&s{4|HNm
zbwQ3+Cz5V(D6%^xQ0GN%5(IR}d0(w#BG4}<eaI!(vk=%%&s-GhKG#{LJUiG0Qz7Hv
zc1!MST5sAxv2#o{Sb)ZPq0_GUuwW@-*aG&CK|_tLgQ7M9pANm}`)4G;YibYJo}42t
zCKm>%M@0NP`!oN;$FHBDH(u^D1JM8D=&emgn5*d-sYQ%Q7Ye)$XH>=&s8kkL^f7s)
ziE<)K0Z8K-AlWRUq=Rv#t_a<QgHHTtTT<mjkk<)W1oG7j<@Wbv6S4C7R2*R{cr65a
zMMIPJDkfwbV_!@R5${nybCIlHKmiM)79VFS1l#M>Szb3q+xV^yUrGax=kkqbq!)RP
zK)wyI>I{_w_L;zfk%8<RC-Ce;R%)x?4ekGqm)0Vl&DR4Hv=hL=s7qAcAwL@;=#2Wh
z+<!UJ_v(1;cvfdbU3Lip##G1*#AugC<aF$mM`1b9KY|mnjR9N1pd+0!f-nL6F?<69
zo*KgjTM}@T*?!t|e=8_-x!P}YRJIsQB_n>?n_@sV1#~%nc@#S5$89xtYjOOG6^PNs
z+A-FyqV@l1n&P)m?i&E;Uw-sX^zA2Q5{qtzp<d-za~q92w-Sng@eZwzEAgdH6PO4U
zsC*8EFDapnhD*rOp%S4(`8=PuTGSy<3(kd3qpoK}fe1SL<)9=YiY2)Y!Acqeib3aF
zsghK3+{YA#tjuj%PbtqK2aIy)yd|B%dC2I2Akj|ID(8yN#krcHh_HS%)V0ljyPRcR
z(>R9y?{sh928Ajzy^pcs{5}5U%~rn$t$glNW~@ynyinH3eAc#S3kGN(BM$n1RWBVl
zf*S@{46dk01T2>?;RHRPAV@bkuRzTltOsu#8!nK}_VRp;`rVZ+r5$IqPur2#lE&xf
z`AqKQlHe-rdn>dzZ6EU~IsZ@wa8#@ZwUJGxZ!2bckvhKg<4^D3@jrcFZrqzI_m2VC
zPk$y_f6t&-EI&>`i5S9P4ikvZjX3LYia!OwX&wp!BgakwvO0tvXzEZq5UB|6QP?+9
ze6rv%+tbmOG#CH`6c$0N_FNhyUc)s6?r_;&I{j(~oY?Abf`e=?QMQ0QC~kgEW=BAb
z87dt*Hvj-207*naR1QWUObZB8vB=9sj7Uq)4X1+p_yoWn0U1C~j-gYATvw3o=QWZy
z&hdiLPuacM>i1xl=e{kX(SDc-EuH6X9u%^A1qh?`kK6icf#31JM$w^;Bd_5R==qzB
z9}D$Xa@<DQ(@y4h>4?v_bPT4$vCy`Pp3kT!nFj!dRa<k++&MFH_Y}e^&~*FDYttUp
z3(O2e&<BzFU)h`*w}oxy_s%Y?>@#gk#D}8wpI#5p8!z_-0Q4`v=h4{qKU)hd#3164
zh4dI9)2PRoFsF(<3N7K;hx1}2#%M2}lSQ`nz`1yoTsbs6i*z69tq45d`bprj%u~g<
zpKJx4VD@J}T^N(=P-g@4A?*pYH4!$bZ=VA?cwaexos+B+&5QvlgVbVf8vsPsBXePL
zv{Gg_e%U@o8f0^b#Ip@ts93rG>>mx#rfDcKsCf;dCAPV<|L4)(n-l&X-15XnBA&dh
zbD2dzG8w(&x^i;I=WQQAAwO;Vk>fwo03EtjHsUm#5E%sqKbH&Phyy^gkM_}Cu9yY^
zERb2Q*r!f%tFo|@XusQXarz6OJ*5O4oI{W3KiD5xfN4R6_>6tn+O%(EYn?e{eHFkm
zFoeza07qD#Y&+UrbJ@qUFZKTU{h9yKjOv>!_lE)4w;zj$C&somOfo5SMna6<9MQ@v
zHX-o!JVyNa9IU=|=Prss1RcXTXIse(<nu{y3B7w7_eyT>sAHp(Pr*Ptx(R7HP@u>a
z{m3XdpTiZTr28CfNxv8C3cMsO75&n_JbqJ9cN=Zx%K05*#pl+X#Aqu)03&S{0h0hT
zx!6kR&lvMrhR9wfL@G7wBui0qv}t>CJCvssnzz9Wa)Bt!&+R88zVM|R=l>v=&wXlM
zUy`yStX9g6*`~f#nzJ8Ka=y~H_fs?h;zu14SRi^%P%2R~KZ6Vl`vmarK^eh-FW7dQ
zM`kih+S=(|8F18O2@@#z`hx;A=G<u?R!nGKOTBky!NEQ42UCX*ie&3Afl2B-&NPUK
z0uXiT>^|R@^W}kE*m#Y=^P403JvkWY{s4g1f2I~Lu){QTPR}q`mL(^}U#mzb!~AoB
zgR9{@x4UC7SEzlo84dzYyO8f`2&tn>q0P-P)8Vdw44rK{j9OiOhESaKKCVe9r*`z~
zd=<5&%qdE?SLi9ARKB#PH*==uuu{=IrIGdXs9}$=owdk1>%4<wTm&V@sNd5p2~M)^
zh;c@O(5DTu2|0~poS7;S76I+)ZRF>QhJ@p%A(e;&h@O4kuP#pi3(wyy_<PXHbKf>(
zLa1HXD;jJ8#2Fxf9`9SUc8+$~xlYDR*1*u=9YIEIy=BxK!(Oo-%A^E1#%j^=mCZ^J
zg1)AsqJ0ve?hd!9J!DXjV8GKV!i>5dNZ-L@yW7xd0S2@g#>A$5C-BbzC;M17>uR)_
zOfZ8w0c+>+`NRTX+-Zv=Y&QVyX!*~diF;7)IRNOt{Qhr^h<`<lZ3LXmG1zVd8EyGn
zrMP&IPGs61LZ_S&?J2~W^4MV(p3N@^mk}JD93A~a+4#G*^D%dwLYKxMzuKa<CN?Tv
z_8)a}E1N{^$F-|93anEi3UkhxFDIK3F;nrC67c8jAr5gmB<OfvK8ITqrJYb3H$LYD
z)h3a64CN#vB+SRIhD_%CjL&u*dyWkwm*`q=UguF(_2+2oo!d9G|GT9;_lbyx+`Z?|
zCmji0e*$)_ap7m*=Cl2UJ=j%#lX*%Yz!aaK;m_Bvrz7V7{;Ya`NZLBHan+Bm@?QZR
z96A{Swo!mRb<+a0(n;zq0FS&oh7J^c;`n>Iwe_)GS!`5jos#CYz@=dxv(D@v!5#xh
zIjdw5An}<DR4()Rqx*OK&ril%Ecc!PX!}o#L1xEf!5AGVQ0#WTY@=v)KPMpqz#u{l
z@1+gLrERn$6(|)(*aJ*9^ZLG)K=Mw3zafk?_C$_VAEJcZ?Z6z|5}gNt(a|18wyVg3
zR5v3}iS~~+%L_+#Y$-BD)Op5y!b#^?5!5g>QgaBTF6o231j^}5O17UnJGeEmV}51c
z@_t*0l}?!dlPWEP32;_zY-22{P8d{2@&pbk!?*9;IRAH3dEa{?KJ~GoOI&lpR3Ep>
zx;}L*_-kFG{&J?sH&b@%nusB%p-!EkRnDuRgG>Or571wrcF}Hm3#fr?*IoWFaN+&g
zep$7@X`idDEC4VaeIOerV-z+=)zEP*83Wof1{D#|>D1>8rnvS3{VcGTfe;S+%KFmp
zO@(ubYcBJ77196X;-)uL?kNE1zw!-N5%H75;K5nS!U;HB3P&nXISfXTM0`YNn@%(*
z#Xrl*-{9!vjP{&V<b?9RH2#toB6#R}&(zOQWhjOAh_#P4NRB#&a#E-W8p<gi<0K#o
zPL{x+qS}3o&)J-u|GgSppA$yF0_0xJAaD$tJ<Grq9d73QEBg1kW7HuL2V}Ib<e)9a
zk46vwGx{MTlkc&JnDt@bBA&Q?lk<N!md|}Mg!(4vW7L^t!7#P9N8eA;4|`XO{s@#M
z@M&tt>gd_yObP<=x*txMPFsSsP4}}CY?RIJLyj3Zxjs`r$(oUMls@LyY#Vfx;G6yO
z{C>2H-Qw0tw#h+yMdAtg85m_yu?>5hsg}C84_hNSe+B>yjP{Y5=J;}c+;6dTj$h8*
z=}+z7{=Zyv!|N;emI2uIKNfxaXmwhmTbsaiauFIKa;5Bwa+;zw8*EbBsTf46T(ok&
zH3Uzb%|bZE5gDB)j@Zz!)N@U`VnVFP^LV%i(WtkL!c&4}=$KBZb`)4UC+f)&EF$CU
zjLP|zDntafCLy|Z1<kP)1Cb6NQHtjkD{XYLs3698lmW>)+o;FEg14Px&oOZdmEa-A
zkA`Q(U{%il#`(YN%6EP$D)J-aNcN5lB~qFFaG;&`jRB4?ZX<)(y4rwBIWQfXI!acd
zAq_y?it!n3O;P)>AqfJ|m&^U;IH?oW2M6v9k_bvx^~Gp!*;@cAv18PKXA>H>DMJ69
zwae#88sjMP;<{|Fui1#1eWd*?yAWe6C7tUw1VD_oJo+ai`X7$BQ0^@N*tegV4l`kA
zxLB;N0lkvQvgmCHP+tifh0}!BX>Ui94o(Dh9>0lH%Q;{IWt$@qVu69AijWH6wmH&A
zg5GnYkKdAm2V!TQOO&yVwp3aGeG>p<eRsM`oLY=~GN&%cIdFX&O79Aq*L6B<j5qt>
zb1Q9NJNH4&kpit}nS6w`y}-iN;u&U;#aQF{RoA9%tu|mh>cu`c&i`FmKJ!fxkG@BB
zPoitHC&%3P-j0{|T>fu|EH;ASk~2#|=C(iDn+WKQ>8ZEHSveM2|I|ZtpAI*!dk%E2
zY!w|N>LjZWG3>x9_fNZ8DGdfVp?WUqSf)`u=-cP#MO@O)K0dTX?t5~v`Q^gVUdjS(
zkwpGS`)gaZF&1Q;1=Nsbd~1sV?->B-zw*9sjEK)K9ehm`_K!0XByz5MpafE1*TE>n
zWYJqXR?m-3=nC!2&-tua2z^mZ1Q#)ciaDaH)1I5{PiI=+LBWe|I!e-8OpO%lV2F0L
z2BRER({`6Ib|BF}eH_Dd{$Lt7_F4Bt+bzJyw5B2u?I4oLdMib=={VKB1Ya~>P+rdg
zG7^x;h+t%!PaqQzl>Nh)`vOd|7<X=R{_py7b&7cAn=XG-$K-Gri)@c_q58LIt=Bq$
zF89Du7USe#8uApeh{(-3Ml9@BK>ioMX-6Uy9807cu%!#&O`Fm;02xI21jqyn(r34M
z=u_D!oI_AF|7keW95aH8>Jn^IK9|l~#^Y$492#`Ak+y^j_p<Ev4BF+YGb8^a;$H>A
zmwW#B{`CL)c)ZDS?-+o#|5WsCTQ{_atkjH9fz9H3YZ)ab@{?_U5$Ys1eQvgc$Wf3e
z5Vjyww#gzwMyeI%5hNs9#TGm|;wAbtr^UJ@>UCg{P7VT1#g{b}W{f04J=&B2gW!NG
zfol&eo|)~>IyojX-Zt;)OdWs`+|c=_6OO=Qm_Ft;0_;VC87%h8`-Jjqb02&RcYIIK
zQ%a3CR#Zcov+M5MxuN|Zmhy>j90t7Ju!s2<ThhzvUw*i)mofvpBtX3D9(3-~ks#@i
z!)E$U8?!@~d@&sZiwQ)Sjie1Bm{0Id-OTHyPUs8)ggZpJ*KLE1kp!Fo_pXOEE%+>{
zc=`x#`Qup9F&9hYL5bT5+9?D~Vy6gb`oS>3Zq3Z%BhmVwh&Nf<YhUu(rT@w|oTByL
zj{WMJ#L>9(;vfj+YiKYc<fJO*i-pog-4g|N)IYs`aT`bSUOpVxM+{15DSW6``h{nb
zx|vEF<3Myt13-a@7>co~n}#9<vgJ!^y4GRFNZOEv$2LdPwt0VjOnlyRLC(ao*mEma
z*4Ja>v>RW*Q44cu@BlVe3Yo@cGk})&a@_^N01FMTFbY{Pc6sf-MLhBN&4Ry&rM&o3
z#Fu^};_I)(MJ{bEK!nKM>OB8(>Yv+`w4Knsazu3O41}uItYp-~z`-44>Z$}YF>J`R
zKfdYx>?fUP>F7!Iq|yl1A7>^?ui-!&m{mID<!i`k0|Bziv7ZJ&nSxb3V?WJ4B-_0T
zVtGxL?L1Ns{=EkdGN=69p3R`Lw|^KB-?9C}e{JP-UbWmS2H=MyVmSYZ(5N#z8AA|r
zkc*C?Git}a%yWn{=$kDv>-u-zOX1=>p3}f{F<IY2R{c*Yfd!}#1!v#dOp`HMcF<An
zJjRNSI+c^#b+Uam9#|aY5k%G@jyysR%1L3*F{-{gAnT*wtW)SWjJrhk=$GuS*oJbs
z^UtyL+!|LuQ(jJY$2}2I=Rf2axpB)j)-<`S##ksRV~9DEI!tyQ%tk*J{M|VJhoZdr
zQp6X3E8=U%p;5JEZW}*G$zy#r*WV8M-=h485JyG;%2oQS#jq^>(6#yw&QzY$)ee*n
zQm&a+B|8R&jrOMPdgcdDz?0||_W!y?$&wa8P*OH))5V3NqX0l07uKD?E!)HED)8)M
zyxral)8Xd;z)s(NWY|KEBYh6-huD*VEj@nDey%`#Hv0B`@g~YW0s!qNq=6+w6e@FU
zg>Y&7p%9gC&g<fGP3^0u6Q$7hF<?9HFQn;FEhZvDCxg^XI?V_iD&dIE1vsgmjPM~u
z>=)1Kp5Oii;kPlWXT#B!P(gr*VDpTHyqDB^UF(W}(tDUo<GUV6B~lg$UR=0I`PI0=
z=@NN+8YdM~q6;cHsJ|6;>Ga{{k1-}w-j(tVW59W#5z2aQKN<1!U%YYt4?}tJrHC*6
z<|Xnkunjqft-4VDnhM}K|HIjDA-2x-JMBUQ<llA%h+GERk%d9a@qO91w$KTH0y-+L
zg69#wS-7T)?<#N*ori3Roul12+Q4@CqC)?jwouj}z`@dv%Hlc%9kltvD5Sk#1#dC0
z`61&{fn1;tw6(Sdw()lbt&j}{vGk#rHvUAsiPB#Cl2<SNSH9sJqHn(wt-miKMpTy$
zyo7}Gkmtv@n2x7)BwQ_q(=2KVlR<}42AK{haF3xfKBJo;7WHnzIXPWJp4EOw;4#{k
ze+v>n#z2rX9a6KukM`7A2S;?`lsKs{X@|8-7W&bsH0>`_G`V}jDR@aKWIfhD5yc!6
z7?a(`l>JG%PjYumEqMD=xgirNqu1WkVwMZ5)B9HY{GY#Z{trWW@ui68|L#HihsqJ1
z4`d{%{}J)K9GQG^&B;nnu9HExG1obFwvT^LHYcCQ<HTY6=-~1@21u0xw6+S}&eW!-
zJ$p>H!N-8(Ii)JM;cKQeW2i0lfP{3sw8z;7_!<9v#X#(+hpEkObG7nS?&~6S9azNg
zMsFY8{?X^}#v3SaodM|E=c8}$t9{tj;2xqJT)5>_dLF|_`h3b81)MDg`0|B1w5*HH
zr|wT?0?s$1Qja{@Mlu5wzA55fI3Pd$DeI^<8QLVe%fIF9a9=#<(JjU(=YY|&KU*S>
zqb<3bw%b^hfFFIRLy}HtH|8n@x`Z{2hb_>P`c9ZXIQ6{7sYGE&PIDV2#ln8t@xa_x
zDGP@<XKu_E#x2MAW}pAVQ!?^@<!eK>BSfD(&!7AJ)%hdcMAj~4IuEqk(vH*q?D`oU
zNHbl}Yk6jXJ3lVSUB!aFu#dr%T;GO`-;VxC02aee<n_5`iR~!o2VJemIDJYVDL{@3
z9lGl*?K+ud{-iDEdI#FaX%|@-a7jmw@vNOg2!L00r(LZ6+ev}x-^fBoKt_5*+iyq2
z56zSK>gBBifQTQTau}piTxiodO4QyKIafFO`-p=5UJ4HZ0wd5`0iF(ffv9+I!-Pob
z0}KcX?s#tKXX22yA@Gb^CCW6!Es+KUL@2X9oa{s^#yIIuz)2dT?9-9U^0f-7tXx<l
zYz7hY@i!Go#xmuATU`L)^6i4P;u+3<VpULz=Hr%1GjzN*A_RFyQxHP~!!fPvBZji$
z`6-LHpSaoQ|FD#d{D1EZmJ4>^_}wf@O!}Wk{$6C}H1wey800fg_+uo==$kql5&FWJ
zHp{B8hz6=9*l}A3dz!1!)83RrYr`S$r?H-h0ZjDatmxRe#w!AAhj<OaexMHYOIVC%
z_gVlm9n&1<oXu{gBd<9}uoVHHlAsH=gZ6~11*3oO7yDm+()>e$5uOx#x$ej3!Fu(w
zfPJsO^j~@3`=f8a6A|wfDu#|x(43(oS<Hfo;slg11qR5_XF5MR2p(-4KDqlC$aHSg
zw!MrB_o!8-PP6+EQu+F3^wT~-jyp9*6jc|U4V;YAMpFs{f<gvHKo1PkL;-rAHXUC<
z%edduBSOn>`n}MAHXa>gJ)O1SeLdP*J0Eg9Oj%Z`gPbew`rxxxQAN#X(|Zb79oOHi
z_J4RvF8F)p>zDsm`?@FKev!fMj!A46gPe4vr}2Ie%KQ|Bm@T5+6<ws=OPvEdkZq@I
z(=JXy3BbKG7kp0%#z3AyP(VE*KzF^8ZkxVF;N30^#t4?oudD!2wlPBcN|vIoY4iV6
zS|x4f!nRcK>hcovJo6f+4`dgcjLZKUy*;)4qtCw_ud}>02B2?$EZY9wVZh;-w!0D0
z#%fJE|Lo92g+vIw-M0}DX8o5QAHV#6GulO)0iorja`k5+I5>|&uc)8(=JQyH>WQ{}
zvMXKEl#<WS2_)zsIfl~$6}BT;6)Yqv_5^}o1`5Je#)O~&<ICUfh-utBH$H(J0~tyC
z%br-)2?Hmo20o){o1D@s^xpOFY)?h-1X{^b9AnBC5apb)Uw7`@IRA&Gy!cYY7ysTR
z=U=R*19k<MdX_(B&233nJ)#ZpU?5^)i(m`Ve)SE`F!i5pZR=;!A(zg$&4beso3)L1
zhcxR`v65BMrQX`fMX>Q2(XcyMNiEVo0W?j0?}J&Cx07~z8Bf}-leHt~)7a0+Mqzw~
zy;=DYw6zLkArM&PGfEBtpf1ekM<U{n#2YAY4FI(L$91(n9a0O~v(3pNP>|0fhS5!`
z1}o&<m{SOg3O|bHx;fAZPTav{dpu{v+<V?PIgqRaPL&9_l!HnKU_@kCPMI(EK|Zbk
z%09j$VrM_<t%EQ|4g#3V;z?R``1RV}!?4u6qW=Zl*x#;o38R6?MZl69Q7CUAb9eT}
zaCmy8#?+#pk|QV@>-E$ABmy};Pq6pI%`1H$nv%5t%U_2~nvNxKji?v-WE!9o$kz2H
zi_7mqZE5~5ELZ~cq=FYw{pCh;Ec`CPuIVpr3;{y2wh{pK@pCeYpFtP>LPhsi<N0nY
z(|3>xPe#{SV0j)LDWhr&YBDI5=b2t}oCs1@k$m-S({W?4K)aatNstvf7i?Pu01L)H
z$3{{)r#F-aXs><Ay7XUu{|Dnj|37;9V6zt`WM>^+(tra|(-|;gc4OcAvBDI&98r+K
zeN-^eQ%l+j6qh6L>!_QI2ssI!!=fOjQ_h1oM5(LcL&+xk3F9o$c4+^}AY_|!ta63!
z)Xu=QJ!F@Kv<Y>}k(L>q;~*lZ1bM1s85#DcX+CZ>hD(YQ1~7A#B1e=f2W1$W*5{WQ
z2@BFk-yF@~e&WXYKP=@dFGW26TM;k6tSKbQ-62o?up{l**4BM}lTiIfk%M<aWtX6I
zN}n;vN{82m^X1C_2sjz0<6v_p0PW!Wc;0Fieg5yDnb!!74~N?P*@sQ=1KzTJZZ%$k
z8rMtu4BE5Y+B^A+KAyeZh3(@r+svYJtT{ijlOx-=t^aT5MQRwfjcHK&7*9hFfBR3P
zZ%=Oj`@j12cpc>}FaYgekBCRhDO8jhv3{c;jcqO{3mr(IPwXcP_nz|vs00MQlG~$M
z5e$4@^>5k^--(d-kg}t~aJ9SBTB%Hx%h?q)5e;(}gSXeCUuj<t0Y5oTIad2=9v7n0
zY73%)95>mUYDR4W4u+(~K%gG3naCpj1G=pgPR<YVh-8k0Nl5wR34aY|IfTun^_z^0
z<WDglH_rdzDKCCC;unAO;{2z8#hhKg?DM~z=x2_9ihK{9k?nCu$<!BvCO*dtS-vc1
zfA>Ua#7t*)xp~NT@VRb>0hIk%+zRXrwCBCGZYY_+z8J&fe%S#AP@a8rRxW=}jAC5`
z0JQ1n9%M4A=6-%>JIbbJU}?dt1dqq}VowN;AR}Z-X=8T;x*Rk2NoB)(MBhFXt^d(@
zo#ib6fIg^(60n0_Ne9M-3xz@%MeZtKLaS$oAgDRm+;3Vr^=(`)LInrnQDB7S$(pt+
zVj<XxwsHbvOj=$q?|=vL^B0Be7_Ykacpia4KDSZentmsa_P92;6lK|vQmFcjWpHL8
z+st$JN%iM5mku0`n2KMZX2;yIG;J&8%UOj2c9!y4MGMXVMBuOz{PZ^WNx%o{{m92|
zod3g8GV=f0U3JEXzSrw}&C%o={>JNl>1bor!+T|oP&xvOj6EV02Vjnj(P8O)>QPtS
zVBH=VrQMaaIDOdijOv*l^dPFz1!?cFfH>lCYzP=x7pZayOwu>lc+|Z)o;+|TW?L_*
zNb@m#o&y5<gnEy{@m&Ix`u>{qsIZ2c_BCZ@qfgvXH+%yFwG8UY$F_+6`ga4g*S=&f
z{jYxT!_oTh#D2OpQ6cFpYPD<|4W+~9fMsVGwN2DEoKL0zxFVOdNY=HAmYx1#B%0ro
zN|V8k@jPi)pnryNg+}Z4d^+^wT0aybKPOF8PV`v(alWNTh0@8geNGML=hfb>pB0+{
zBwPx8);>#g5#xRyU?lxYgJup{QVZ5*ua6PN1b~<ZX!f`Fz3KBrS#wUvDjdHbf9l5h
zKP)AkKll05Vbv}nlkr3TyX)N)$wSswI#WT#$~GoQhm+#7^5s6<UYx(n+4`z+U-2K~
zo>iJFV$kucZF6!xzzSJkNu^ozO%^WVNLAXg?*+Wg24)~2RC@ORG}@fc<0^UqGZw6@
z(l?wlGSEx5A=dZNCwPEaV~jZvn}pAn>5z!%?Vm-&6Wc%j;on;~W|TL{0JI;A=(iLF
zdUORxmlOx{V@s5mzZ(YAjJ4#?LnpF&g)~6;1a8^}USH0ilVX39QuD<dE0itKsylp6
zqDA9bWX#B7KtQ;Hm3`&g!^GHtC8+P9VBG|D3FI~)PitQyYmW>{Xb%wKD7ZJ!jF@8w
zc{L6xS63L5(6&t5jcTA!KcXRt5JLM);PKc;Z=C<bQoiz1#4rBFWvibvh0ynoK%w`h
z`F`qk$;(NpZL*UU?ZaW^?xbRwAiHFsQcvhC<@p8@DlG?n&;HfB=;^=^1bI|Gy*nUa
zTMTR$n4v@6&_C#Zvc_rudEULOfiOQo1~A)~ps0KUnVA6V*GE0su57EP3~76^pA~d%
zc!oK2+DT6fZ~hLG90vnOSx^1YPWKq6=$1cwe{AQ^$LlC>4gj?M$Hd8H=O$-^fz3!w
zq9}Aq1T+PN2$aHyiDG@EaH}4)hYCU^DB(VhYnM?X>+R-H4o6hExZ`>r9Fo`RSn3!$
zUB`%mxjb>Eo23^}7$tkosrnAXLYhzJ*XwSoB*J1~UZ<@{*)9WN)n6k0ymoO6vjdVG
zXQy7%C~)gc*6;Kv7c4n7S^(uL;_)YM4*7Xl%8M^ua{gbxt2u6$|8BY;E!uYX0tBcZ
z-Hbg0n$|%d4=_>BT+!3{e=%>c2L%R@Hx|2uXL2F7ygvNU4IV0!RCM%V&sb=0X-8Lj
zGu@Z%=S#q1uoxT*0;#IQ12_w^{Lr2T`&ILo&%7G<G5yjy#v}hfnGNluKQeE$XW72&
zkNK#wxwxPC{A_Rag-lKU$#x?py<h!kypGad`w}hvmp|}G^!B?E@qy`(6-LLG4@YMs
zLQj&zpn6j%IHW%Wk@b-1&YhFfP(o8#yBzJOlC03&lIll9pDBvzxp)p022q8KlRMU_
z{V{}t=@u!8T=7zlqR=ru9J8#~DJwcb_NCgE&%>cSWfZPi>B?=Q4#e_Z2A-DS^GPc@
z#aO@xK&JqPgNbWWK4d=f^T(gOiTody^5R!7$NPTm9Ft8+!`)Ap9RKN+=;vF<Tm53D
z{Hs8ZCI=Z&z;oqTv(S!;-iOlf1ypG7QU?J_+zzq5q|qZZU`V~H`%c4gC$N{DU)#`s
z85i0b+FfJigsRW64A{3!J!ZAE(M{P2`i0#2M1WFlrp_-wOpO=ncROBwaA8x+F6Ufe
zUeo?@9JuN~Lfb~rSI@g9T@&$tM{gh7{_zj*{sqe$X8<m*9sEF$dX~uACY@28BfH7@
z(^#8B$|7llJ@n|>Ks}pYo6jNQ<g*wBim=*(8|Ky>;a1M+JSLWXbR@cRpb<mKnE#T+
zEen*HW5ar!(&BULkc*=}o~Bhy0Otxq$q1e8l(A|08L6ynAKw{X^&^Hv^8f%K07*na
zR36Vh-#YpYIV!-1vG@MvSd?OAe;0~bV`Y7HN-qDtS?&Mulsw!2Yxa^Yw-<3a;<uk4
zsZTp)J7Tsol<^34YRtcTip=Yf2-j?E-;nx(<0^;FI@5j}*X6P374f5P?l)(|9x={O
zDK_Ko5p8C=z+YI#zzThHVEt;$F>MFw{`{QGt=K<~B^@U0LF4i81{x|t2f#|kGslJL
z%A7Ni9{@_J&*qz}`lr6aZ)7R}-#{S0rx@JTqQ=N^dom)Pi`OV`0syqnm%|_fK&Q;y
zF@>NU&my`OzyMSv=oyY$90^v8r_)|VsCD);qr+{~MT)1KojLkdbe#R~sGrxC0xuLI
z1&-;5jMxPjWId@^D}WP2h#1vo{UyMMldilL#}|=<AG}d*2AGgN!VYAv0be;6e5r@C
zA4JLm92et4rItLMiFd;s)D98U!M-`rdi=?o6aF5SQfK?8v!fotSsuF3`-Se$m-;jT
zj|?EJF43)R=m>%I6d0WFw*g<Wc(kqcJgitRI{}+mK@PUniLHWdW3-!ViKu505jz&?
zP3erTpF7Cf%%<?(0$6$Q7wleL*T)L^YG00#k8|CG--iPg_L3<F+W)5aGO!i)6*jZ#
zOaKOuLpEkQV<F`U^CAIOL%RVmrZL_lT7S)T0B;-swEp>`RkBn00*Hv1@=N8sESlwD
zmjmvDqUHh)$rYV+&<jyD&D$}5mg@(&J%h?bhfy@wp<t<O<phl$iWu#sL-s>*$bwMO
z#$;V{Eewnc_2j%Moaf=psK7bSPAyU3(||~he;;+rp&I~EG!6tdbfh#C+iv;&MU*fV
zj7Nb@j2Dez&pFRNqYnfKGN#;?dHk*y``lTy=cc@?ioen~<+tQ?IPyz=f5=Au-I+Uf
z2h#cgw+<{4@Ji(0ha9Ia<oD(1^AT`t`FA=P+2Upnh=9M?E;y!D<Qg%8Jh44()*;%K
ze7*!$eQr+y_GA}Ub~P9F`BvQ+&n0~>Tb28$gFa&lJk5@i!IZi%j`fy53pD93XhS$>
z(_usy>rR=;u?4GIb8A3|K&m&k?==Cy%EDe-`Y(O><I&sySq_BTAQ-`AL*z+_etm0L
z<$QsLB4+1L#1%HMl4~*HtPYrA=MZ?VTpS`Mzn@~fuwxt7kj74G%=12M2Pc=4$meja
zLeWEA7Z&n97X<cW>T@3goc*7G3DK_$q!-pt<=e(e<LW!x1|uqn+UczZ;oj!<<^TTL
z%?KUiXd$N+`uF)e$L7xMh%fx&jq`sPN;?0q<x$`P{fvmdA;Je(Z@ZoF=ioVJn<F-j
z*TAmiGnhk;P-@@PQdtCOpY+*X+di0quJ^C(>UE%drKkBf^?6mN*pZlX^=@Oy$nlzN
zH+5B3`16`w$4JJM_j~#nHru!9acq2R;pDtAC)GaGvl{26e4*`i?`C%Jnl$acog>=q
z?W;fZPv(am-MH?HWoi9K^d$-@7-@vL$PbZM-H!+@tdoW4(f}XILL})?w+~iD;<mNL
z?}-S>?Np@NwZ84H3X;$+F;60qo1iwM0yDaH;8H8qIgV$n96m*yADR0m0=01H6`4Z;
z(?De*o4|Z{{$IZnysS`v&KHcO?Ay0FV_Sv#OJhiM+g0c}mXarJIvz!#_0bO+G`5wp
zw(Xb5{|jHbasCfOq4O8IA5n7~ukgKmcC7I4+hy@zr3k|uRE!9&oDzOBB}UyU=M23e
zjn5Qa+Q!nmKsyplbd}|Zke8h0=d@cZ8k-S2>tV`bS}%h(WnB^|wPDxkLnMG9bCBOz
z)Xx7IbTJj%`1b*ju6q@7`lPaP*g8!HCfl1^E^BuaSmzwe{g%xE9d-7}=77wsfG8|p
z?2s|GDcR0B^?ZuxKOC=8-WUMbw;$0+D+ec?hY4EcaM<{CEM}xH_0Ncoj;%VM&oT$^
z?cv_cY;OrU^F37ooJ1UTFjt)IN~Z%QU7fNQp+Z!Owy6-&L6uM@a^A+iRZ`xh#8ym)
ze8zsY%h}-@jEgv4jwiS30F0$#3sB&^aQrNl69Hpk28Mm+bp?>FVp6J{qt$7GrBF;u
zH61%Tft2gsj@ACp-{kxshEgx~Io^_5Ksy2CMOOL|@paMle!S=hjw}nAH>O1MJNYb)
zHP_W_BgjZOWImgbU&PSstdIIsC*d)@fcrdxuc+JZDJMk`fNSzOWw%m~@;TYIWG49e
z@!fPN4`2A!=ejUQVl&91Ok;#TPpl=|YtO0lP76r~=D2yF#lJH$uhcE%h3VXUF9F-a
zwx{E-`p&v2I${Qj1$+z$w*DjWDy6;Jmn{94K717szZ<=MNa<AMV6sX&6dB~uiC~_X
zs7+2oiXj-J+59-hTDa5JlP*kvEka~u8-aZOuI=}>pN&>x`*RY-`J)djBw7rHQII@=
zs~o#2DBH&fhX~ba`hgVJV^z_CMb}Q%r(oB@o_$=)@e@kal`xgaz9%I(jV0=E<h)`D
zs(%I++*sYY6Y+%`=l@WYue=oTrKJ5sou<*|N&oZrBs-G>%FhlNtQY-QG#9b3JKchS
z(E2*`#vNyb=??70^qsYv^fq-jUlJxxf1!Iaj&NEP^a1!YwL95<>LCHyVYi%xBvYF9
z{|p-|w!?r|Z;RuJ59fKlHBL+PF%%{-ZG8GIdtsXN17nn9EypQmFts=-b+Y3z=73w@
zY2O(DX*&J?iv9GB+e?3#LOd>AeYh;Ge_!mU4-J9nqp^;Tg{lGqB8A3*;)_}8t!%kC
z%n)$aMXD$Q(V=0QoJ6OEM3G|+He^L-jJ70b@s+H-js2#*MQw{=ySbId9Z_DB%I<=&
z?U(3Xj0O5tC;z!Kh4W69g{N)_LPvd6d<wcV4y|9>C3Idxn?R$b^6@$KJU1?8fXi6I
zaFH5ixlW1v8d912cH{gXrc#Ie91H$R2a>Ub(T03CU$YV^vmVVIHi9|r$sweT1nWQs
z&{7ck+@qWynNy-=|KRY-9=FBw$(S9_<u06JbQd<3OkS31zkzk?{*rFDXua+uTL1?q
zbbrH|qK?1O-(pj`KBJ=QtRHFB&Cf20F_+GYX5S-hk*3)!rZuYlG3FrIkLo{xMl!3M
z&-~7=CDWbT&&h1{?PC$`*|?^>egLp<pV!Ee(XtIfcC>yUNO!kME+yJR2C$r}IY}|{
zu5h8((OHn%q2i?QaH0ym!w6)X#aThHvfc<)XpRFxMZL|+CX)*X<rSC#<)wlzz}ThY
zG42k`>J5Z_&QTKZ)N|8VTv?s?O~vQE`)L3(MheZwooNIzO8LSNIq!QL2A8`OcFcA4
zVG*g3I;G;be&qaboc}{nzVcGU7x7{r8tY~+?m6VJwIR#B{twuhYk((HN0%GMeGc>m
zu)^7S<VjE~6n*NCMYv1357<DIw2u*U>Oz8n2sx9)?F)5PoIXH9f-SC`k1+59Kt?vw
zZ5Qog<=}JNX@|_-jLxxRu%iK6+Y}5f=KySNZfl=_SHNDUQzs}m{yyJ=4QwGG%!9Lz
zad&?cf%FCY+9Trn?SQWz07M&=kmBN5(kX=H$S{%Rh!-m>r&svOb4MNdKLsNvzi1hY
zxaIpCcmR-y;pCk1$={;H==*e>Z5z+1ev=MgIjLN)kP6Yq_|{kl+R#w%QECelK@>m@
z$GV1<2ILr%(<@Lwj2q{SeX4PSQIu_eG@xC_iDT<~ktf3&L(bA*trlXI!G+=q{n&>=
ziU7;hA|89{=6K(SrM!61{$GD($Wy*@_mJ;48QdY87w3PztOY2;oj}xWhv{{r{=#`>
zluJ;+!?y?`cnzHeos>8?=q&9NgRcnK!x*-kXXfYU612cMJHV-XlC?wtk)S~W8Mi;E
z)6Xc$!U#8FUhCrwP3uu-?5CZO#e#wMcpp%I`muZ=5&gjV*72-e?P0OYeSBWv33KM4
zu;h<EEoIMACBjIc&OG=`#yZ<^JpgFeeIaA~OCNqL`u6`E|Ajho2p<KEksawI4(4_&
zZt$F$501RqE$cbQq&%m)`g&bb&uIiAqK>AWaw!;GLD4W2mB%4sC;GQxT{=G#{uERP
zM%gb?XheR3lx<!-&zDjB)GnaU`p%HE&ztl!p9|skRla%c>RA+25l7BR-p}!Zp<z3{
ze_5vU2GG8nv;7~Q!hQbKiwKoP*aqhMdDu@+dH1wdmfiJaWdi{CX$w{nwde|;Rfhcd
z7dC*$Wfyq&C_0AD)b_RG8EG>KnBB2Sd(CCgvAGT4S}s`&u&{f423Y{=tOq&_1URn@
zmVANUYF(DkW33A~&vuzC1MAOcIQZkdiXVuW4n5<TQht0qmM@Ll^d9vWccY&^xc&CO
zIK3V4^)UdweZLrgaS#oiW>gt#ArwV|BJw)c5iy*#AXzRlIofl^%1GwKqTyvRG4kJ}
z>xrx*V$k%6IG2LEjY(_}R#DnMzGu2bqG}V4q`PGvEJCO;1EARMj<zRyE=9rfD<4PU
zM*r%0W>83F30q-vNhX2Mm$_%XUHc|XgSX2K@d<_y<Cvez!b8*%fkS?7od3JNy!cYY
zmww~o{9V7j^ey^+vW0%FQUmJz&4AZ#B{)BETnTE^@gu6O>tMuvabM|aKHC9I3_X#x
zIe1>B8o-P)z{>SPT(d-7tn?^87v>H&GoO)%`S8HC+7g-e6JzA#OV+ZFIpLg*-wk%0
zAmJ*;@$ClqJPll+=&bFS7A?ZgbM2Ja{Cvh1wJt>7Y?^H+J5Jjh7$fU5cWc$SBM6#U
zSK8JV5$!74{@t-CuM+@lKd8<f4qu$;$vQ?P24Qs?w+1F}vuC-Z;>4aQ1c4K!46SC~
z+uuSZk$FUIa}m_Z(uUIb$zG(I`i2}f6eh<>4jqcoPp8AHUUR5C54-x&h5`_|PJbt|
zhazSh<akU*99;!11z+Yc+q)r>aHXMPgp#u_boBYVDBC_?)ArEgTUqk@l%Y2Mzd76g
z;VG-L{XNJK`ZPw4zy3eRRA>trc{coizIDjC>p}(<(3v_UEQXG60M1VDW*hRE1m1Ki
z6%;`)XkYvsd$&FLn~}PXj@bq1l{0%h=DV5BG2QB8Lt4GYFb0rk@WS@fab^HiwuAKl
z(Qd9e<9291Gv~L~3H8xWI%KhPhn-FTMw_2=BEb~EOM)`8(%Dynj8$M%0VaIGoQnOy
z#iYJY0MPaym?`0-@w-LcM8nnit^*M<kk`ubmQl}vL}x_Fn$pc#uLySxp-Sh=`!5%S
zI6FFDe@@%yBRZqS^!@>l=<7KVHDTEwN2(MoI^1b}L=1K$`$@wj5d*;k4GZa~7IF+S
zODzV(f*0n?L@A+6Y>z}_kR7K^X*_d2lieZeEdXQlRmuUtPzRzM%JleCHw*qAmh$3P
zBfj|eB7X0zvdyRyGFV6Y!nt3le>i3?GK)~TcjsD%$1teK>u5(<AL`;lIY|$i{>ma<
z$bN!~3FzSYzNdXO9>3vWobk-h%h4RV#hm~I=?1oDhYz~HQUK`>I_e16DZ6i4CuMek
z3<$@?4-|72f#YBD6LY;4^<yD%w?1APrgM??`J%l72!}u69M`im6`l4NfiC@91-!+U
z|3ECtN+P86U;6N)v7i2FL_9if!C+0VemsijPO_myz*(Q<ZSZ-a9XN}8m1YTzGXtn^
zC2$-(t}b`V$orBDOLEPEJPX29c_U1e3tWUcVloZ2A2<8wZHv+NWqW%}{jQ^fF$UXR
ztiK3#;%QVQ3OSs1_M_h9=NJ<AtkOG0`)#Ann!`Q}-DZ*8gwQR0LnFn#vdl5&eYc;u
zIo|hSDU$Q2QzCfYC4%gSu4TSobjAZ6+2Uv4UH%vj$$_vN?&(P0KHI|HR8Q-<tl!ov
zMX0@_J*E@g4FoUO-UP-2k#gTuk0La;pE-Zm)s=lFt3p=8^_})jocO{?(<V>pz71oy
z4Ih$qug)iNyY7J#Bk__u^moaGGeF+eM^X+a5D1`EOzt-7=GfN!h1c;<BI5DwxBn%H
zB43*U=-YQiIsf_$2HZPqia=&SqCO7hfp{X66{u$cVNqdtL~cd6i1sBP;wxQ&Xp71=
zp^q3$MQ&$fBrb}Eh@QejDySk-13Qj{iQYu%j^8{HFUQ>JdZFKUrI$$Cu@1Je(iH4p
zL;H@oThW(%*;CDpqx6n;_0iT;$Z9L*yp)t<8W<zY>q-vW9`V>mZ;tnUSjtxp+W+O3
z;dG#L`Trp|eZPvnUlsM=OP-EGXPNis>T1>{EPw?XZm+UT=eg4c7`UesN+2wD0{}YZ
zzS3YZ+Ou-TLP<Lt+F=I~d@%h$hqb|p`SV7_HdZ+<>Bz`5kTHf$bVpiD3~Yc$-JRE(
zt&_ULY}$6s@21b?b5@afIrHp0K_*xO)+hIcjs*iQ3AzlNRzEo&JtE@6(YL2<a$Z*o
z;0K1|%DNFXj}K!w@;;(w-x^Z)qrtKuhDwRaPlOc#r-K2d!*j<=R7{0QWhGEaK~0J-
zBXXuOChFSyC13+*P_LL0QOKqW(NFr~pX~EWDL6Mo^|`=>>l1Qoj8JS8AUM>V%l!Yu
zcY^OazcnV1i(Cg0p+<;crs#U62twzp+6bj0WjjSNFgp4B_RVVlho<BSf4_IuR1}RT
zqqIY3+IDvw^?S&Z?Dr=iaJik{&X?elYX^Evr;_HiQz|U=fPe*&C>`8>8uf~CzsAvt
z^KS!a^ScUwV7H2S1K1Fol)8%g1#rREd-|5C$#nL0mPZSX!YyEEJ;t%gfjVPcN885(
zg3|uc{^Ye{A2Ao%XR*6Tf#fyxY2vp6^NR5*|ADq~+*WL^r#n38Vyc16k=w}aJf#6%
z8vyL5A1EP^ieZ?ENImMNbBh>G!znBxruy8JU~1dpz==*>DWn}%cf=u7Hc@_LV?$d@
zX|maH))8oLDlYetT3@)UAz~cTLt2byOFK=LWr{3Xh~Xem5uwLIL?UJ>5U{MPq99{S
z%Ha~F!vGZcf`W))d==yCbmycvM_comG_u?I67k>U{2z|;;#V)u|K*osII4i2M3ihD
zdfE3=?fq|*r{3^--w4%n7+wMDv?Wc~LGis4&iL{3Dr^g*d&>XHeo+6~sJ9%~uI=TU
zTkC%6YYVY6+2_2L(P#}7qixoALVlaUB7Fr|y|lAD5w`l`Oio0-vfa<qXWL{P+G3^u
zHhj^Utn|@FS)YdSC?<Hvp+pEer5!nzebEMdP9VhvqPe(~{-gq016`eSWbH10yuC31
z(0}pq7Tet)Kn3`A;Y?SKv5u#0i~Hf|Rw%KACx(C&nrnleV?<u{Swt)CdKD*3+MNm#
zG3uTczHBiTF`~`PS7n=+LXZ?jyY%sVOLLfXqGcc!LP6TE7Dnb6W6eV;D~0s<f4ht8
zySBd+mFI;U=#of^Q=K_j$bqy6k&7UI$cUsXSUScK0ERT*<4+wq{~PE3t}kDC>9XK2
zbN=%F^@jB}ke`V0eYArCAb>`6Oh;W?x|o6rO@T!WIb)PgyVddk2F8MEKRORd)1~vc
zJK8IDrj7bp4^xq3Yh~?Fs4ZAI4q3Gy!)fw3aR(esLAq1RI%=$&jzf-F+Tj9XIfuu5
z`7SC?`y{)N|8xC?_gB~vfUUY0?Jv97MsP?L!BahCyU9XGe|EKlIW8MMmqpJF^E>2v
z)bBp5#`=vi0PT~pU)`AoTCW+-D<71l&Yj0+g<jC`DUzhYM<;59f7j1R-RC`2%Bj6n
zN~?dOl6mW{3PHy=F$^yF==b?*7#E3f8}{E4-P6#J;b7YjkWgE2Y|K4cV9u}<@)Tps
z3k0nM8R-FG1ssXO*tt>3@8tlKBhA9CD@6B9H3%ppBXSr`zT&vI%L#u!_xw%H|6wRE
zz7+BNZ(W=}opJ%yi_YoW{2CVe9fcHkF@&Um8^A?B(q3T>*R~9nj!_?D=)5oXqdXUb
znE`>l0+uXhF3!zoR#4$g1+I}a9fFXoxBlL=4$r4oAb?<r&l2E3Jw;okT}M#IF?Uu%
z09@B~NzSH-&j4Gpov|g`z+cvx_b<0V#+auBH#}cO(%f82kn`U4`|=yc(g-Ns5%e<n
z;TU30rLAB;*ye~&?BDvoJ;h639RT$02SqsY^gS0qr)eD-OGBG=I#jW04Z-SFjF?nD
zp8{Fb%E}4CITOg#s&NAhSqBB3LgtI{WTFIl4dJQ?-6ovW4TXM+jInrRH4Z|TL&38x
z=_LC?NhGQ``YSK<0c+ssoeW1Qt0DhY*^hM&#aeW&TjUGRN<*<q1>{`cxqamPZ=C<T
zzP$L=%WD5uzJB?iAiRL%MIQJvpDubI^~&GlKRARwbb|TX2#vn-@3K$0_VkMCC2dnJ
z;yR7bD>@@!33cX9yOV)qz~T1JnKRn%j402yLJkc}Kv2%9>6ld22xzE_E2fTtlHZ%u
zzto5OB0^X~26&8yr$7kxoUg`w<#mkWIaXEN!G@+ixl1eW_kfk-;H>EcVCbxE%!@5r
zfB>ex9Xu3h#C%`cEG)pQ1Aw-Vi``+!L>lEl3S1nOqq;r@s3ry!S}_Y$VhBAKQ&j!9
z-q9EbYPEQc^odYgHlYm;yc8?&8x($)Y0(|fHH){YPC>jH&y3K+Ca6$Ve>#6doJ^Ta
zASl~u$bVugOi`Ty$T1ifVeEPcDsJ{&MfR9)$`iNvu?<3_^~>?TU-;4u?f)>8jQqcL
z9`=BN1Z+>|g4Lt6gB9wjOO!1EwQvxmTKSCBq5PraathXS*l8<e5%US{x8SPm84Wz!
z4+p`BPa^o^xjZSe90=%c+G=-{OBSQ6T_9KzTM0)?;FX2vtI&1}n~HX2ke79>0?%q9
z+Q$Act>eLogRf#FtxsYL(Prrju9Y{Sg66OBhHq@Rj-bH<QQ2{3!I}4MqzeQ9aP`Yv
z`u4qbb8SbV^Xu!A_{y0$Dvi;2vI3-v`)SZCRUZa3Fo{IbR16V>oR~lz5wSxk>sjZK
zX4s%iN&O2_?8BKlnv4L_?+~`5EgZ|L$C!s4cSpyo2u0Q<#CTQ;5RF)!W3WZUZgrZm
zVtXcbqlYM05Q!e(tEi|2(3ql%#WPbOyl)&M|GV{LpZ{OJasCfO$rJuwekCH{EF*^g
z9Xi)xbUU1J=L+w<k8inbW-r7L_fWeRri12ms1rO(zHbrz(2d>haT{3x9&H+5j{o<Q
z+DF$**`fzf5>_t(LT{Ikxez+XjP0u`NM|4SI@M1bvB6=HN-yA_0Ky$N0Dg@_gxDrJ
z--dakT_-Eu?S2m~WWM)fTuykr1uu~{kG{f!rhIOWT?dHr6jXzJrH`bY=9x3*eu{Mv
z7GsOp_U{W6lf+T_FFyXBi1yE-Z>Q1NoXDp6o2+V@Oc?oUJdo0McMQOIvKe<G!BAzC
zs4oZ8225Tk695m6l;cpSv;IwbtJ(%6D$(zz6Lr3Vf<j4ZqPKCz0B4Wry^!@b)(3D+
zh4(|igDv=>;UfaAdN3B}D?N-y6b}&sQK;9&c_-UL!<y|{876|SiAr3^Q*SqC`#(%2
z5Bd2T-tHEmfHtCJpi`bBE-&<v#a}5q4zL5CLk9_DrKBT2;SiaC99#4_*+K+R<p>vg
zbg5KzEf2AAyOMn*V_NzGolRY$Zs!;>;E?XZo(T|N^egp|fugVtX3PCG!7@e|>uiUo
z8oa*AwwR5ovA4*XK#AinzQ+L{#@Sz7#`ad*R>zfht&4uG+SF})60pIiP^Q`Tl&t|s
z|G#McgWLb{{d>f#r2zW&bo6!-DvD8By;FXXla?Hn)M*2H(uQBVIu@X!oG1kmPL*th
zqqzow?VLOeAd$1=`;PXCfVT1coVdz4WgQmjQW+?mo-%MjS#3)xB)jSTNjVYmMgSF}
z?_xw_D5JdQIo5!R!oSLaxpK<e2r&=L;ZDkqoauD0$<q^$-#Gt=rMUC=oF^U1A)~py
zuN|_|ow;&qmaJjf87xF)dQZ}cG45e|qFojYmP1B>H0f##J>;$*It;dtOaf2c%WHcJ
zS;Wle@s+;pYZeJ|=;RPA$$bD*q^L_z7hsD4LAQR%7}^+D{jf#3YeU9z<p3k(WkfX}
z=^X8u4d2l|%klDNgX>-of?!*jb}8S5z>RD%4<yQ;{c8O@9{fZ*@1T~px%Kx&#JA+v
z*8_m<{H!8nOhgR?l#;^3J(yAyv5V6=UtN?Z*8@z)D&{i-$_s%fg7qz7m;TH`SOa9}
z&*^S%@yjvbZ?<W}#FK84*I_a`hQbt*jPX3SBgcj4u=^Zj{S*i&zeGeQ)J^n$)W;nK
zG%l-?2)h9p8J8IK=Jjk>MGA}dcFr>ts5c#>J9ln!{trt@=l}A{Fl>E*>xdB0dC1Q=
z;~#RJrMHXRa+gT4m@(`D-z8r%+lO6B8^FbUH14^l+}}|`!*7cgB^vc8(496@lo8`P
zarkEY$T}9=2{6vooq%`zosLv=F&z=E_n<C=ARgjIx|?IqsK5NkBHFJu0I=n}p0PcU
zbI5?w+3aj<KEu~TZMZ(~;m(1qZ@X*$0e-7M41iuPu&!VeeklX4?HqEL9Q!}bG3{_4
z?W66z)c<VWc0B;tPtQ)1TaK}ZAYvlM8u*+@fCHaADky1V=~UJSXUP0N9k-yJj<yF5
zdw|oF^aLmQ1msI6j5gKt`r>mSyL4{3w{=p^(-;#*<r2A@Gxg}V+c;kSh*G48s27$9
zEtrb7jpuQ-YXTY{TR9O8^%q(-qe$T=-Jj!IeKjK`-x(MpP<ia;#Xb*B`N~Urwm*$7
zjd#g*!%Kbi`sOR&JxZf&SG0viganub4zz`&{8M*nV<yTs#x)Vc-q0qJSzyp1>j_{_
z{rZ5OORxebQ`E58sq7!ez5*9KKTH0-AxNTAi>~Xba=TTo0qp<)AOJ~3K~yjMUt_kZ
zZAd#Ji;&$89JV!2OeOI0t?8@aisMK>$Cou-E*Nd7KnL^7U{C^}1ZXL1U?K=;rJgpP
zwVy`2eH=I!boi_%x15uW?yUg8t1JS{i}FDjq>VX`u9a6Kt_I>R;c7N;N5{p9LOJp?
zq94-pR0duXn6%n@cMegUYO~RTHCaI9;+%R_EfbKrxzpV-HvE2?I0{w@y|EP8#_Bio
zY8YoaOko8;{n41Dg3H1Z7zXw`8GxdjZ0y<AY*Xd)Q)%{by@NOAtDIFRnTX4LtYocT
z>3g%)?_FPBJdXF}i+!le5o$0i>c9Nm+8!N@Qr~Zd*eHqi8d$A9s+6E5)c8t)9qBH+
zZP-gbkC8ZopVE`OHvWJ1-sRV}>^koobM0F!C5|MUb#E0JCK1WNi7bJPB_UEI*bM=J
z0QUkUaQZ<SX*rN>T1|_jdigJG$U**u^wNq$k;S?$y^^RZReXsh^I=gURlK*(UNeog
zzA=B}oAZ<vz;;x}djSV$@3q&Ok1@yN8)M8z6x~MPPdz~Iztr8L>{Gy$BcIE<!i*m#
z1eOSdMKuENWq)K)_1jjTqajSN!#Yrgf97&J&52TUHDc%&>amDA&#FXN5Jk$J2%#_a
z{%+%#yuiK%cmQBwHD5*dINyw5Lj5l3D}bNg&M{+D#>hsyN9X&9Qv5jpKyROl68=63
z&>D#4Om((`J2@qR*g6PHnIN}7p}bax=lD>=G&Hh)Za_peYz)6ABSYDgb^*0c-fCFb
z4+gcg8-hi;rY8WSnV#-G?iZ%f_yE~@c#R?XH1>LA5n1r`&9wRfv{JiuW_F>|IR*`(
zxe~&HF=x5iPV}eH@jA+R>6M%De<&Ao{w+qHJ7pw7yw!WlrF{pRpQrk{6TsAEi5OC6
z_4+#v86${caz)wkuyQfX<^%+)aJ@(nA(>C(tb1%X^`_P9kvC1a&T<TZ&`1zqM30DV
z=&+I|5P)iPUlcv07p=Cn9><J%ITt<3SUF%5ofA}?*J>$WrcsR!p6jPB<~_EzM0wB-
zI)U!Mx=u|JqYc#U1fgoX^nA9%cDF1}5WtGs6X3~0!(FMIPhphitAFm5S0dt_Dcr=4
zOhRJ@lAd28%55le8p{%%0IHb=P@grMveo-+quRks2Ci&`W6_DM{}Rhtn;8YU*8cEb
z0SFS*UKyz{V$6z(ZBN5Y;fVU3^}6AVh-pht?~{A}Y|o@z*+#2R?G@6U%7UWs`{EVm
z(pH{Q1U&y+*#856J$>U?>i0wCJ@={)lD`Je_P#}H*K_ILf}ixAay=bgjjM0}^6#EP
zDD~(vz_60HNfy*kc$!7`>9h4`YOeuxI#b@BbRMkU^m-X-IDw3BbDQOuUMV?tlBUCP
zafc5yD#nryla)<g$?_QyRk>|lPWH18J<h%rJ&SV6UMbuBe$qT<+LpO(&NsdGk$lZ9
zu9@p!$j0n=l5bi>zx0Us(e0~0|AVzewEn4kLr`VSzA-h?lRCxlhK%)Q;VC^^(AUXy
zMA-Q}m``CJ&($;RETZf-@NB!DiHK>YdkL-YAiRfYAh0FO*H9n9l*;J$m)qMojnHQz
zXGjX$>ar|Od~{(~n=_vk=a!k+IEWrZNn4OsrT|3S6bt~Ca+z@HJ%u1WtwB(jp8w7G
zf8ejDZ$^Cfe~x$;&IBi6LI3pL@=x;B(#wXDFM7-PHUd0px=sJndD-nb*HO@2EQ@)2
z{Z<aH=~aI8t^@93cy?@?yTzoJ*q%w=;8;<QN_WzjXMHd-YLn|bdhU~Rvs*j(jA$+0
z1EB9|fb@I;a9k%9-D|p2dN_0G1`re6n6pA&VxQ%myB^p6D$%SS*K-6)W}ifpQShj@
z%uQLeN$=7rCOvbET14AhME~iCdnW<*PnSly;!gudp|Fqy(Mb`M81JZKWnDWOpA5Ri
zIA!bnEeYa`auSK5?AGgqpE6$oa}>yE4d44#3Ca6Jt;GX2A@*Pkh1~&&Cba1Ceeu;l
zUYz~Owl9U_q<@}AfbXI?(+(@Irzk9&xWl;x+^LKnPk@iQwND@*85_p`!yk$GwVUyO
z5La&U^DHKhhv4z#kJk2abZ;EH{^f>0dXI7_UQQiz@?R>$J`4k8RWg&j3Zvn=gkG#0
z((KE1C|^1TMegPBC~6AuqxSl)s9fzpuhGGW>Y^-P&voP_N8HA9$Bn8Fy<fBosZRmq
z<e@ulXmrb|fsk|3H)+iJxB5Btl>w{#4aPIQV>pA${^&c}%l{=}vq%@Y-Q2+|2|5_f
z(b(A}Y1P5LI?$nmnoe;W<D9l5Y4hob`{n@j%ctviiv%!)PLxbknoL<yd}*+R$tOXS
z^|yV{tQqnWA%#{WW+Ybx+dS0*ARHZ%@xhp-F9sS^2R8;O6Z`~PAYdLYYkeq;!ce>x
z3P$%cgoOU<w|&uvf-a*fCDOi-9CTy;iW6;o-+~e`U|0Hho{F0aLC@WC{txF;&i~on
z0FEyI;K{yk$Hr)Vc>O(K7{rsCN6E;*#!nuuUv7LAL$T_<>j2kDG+3?2I1*g%<JB}w
zCWD*nfEYR`<$?f0?Yh><a*QxUjC-jEL>C!M&`LBZ-n|*g0=mxsOyOM3#H0=f*ho4E
z2<5|7hk7K34g~>EMtVh8@mE;1*mPb5=ALY|jwxzHp0FrNXFo)vR&8A|?s!IZwg6})
zN#G#gyLnQK-4C0}b0Bss1zbk}+Wx6xM06@vK}-l?(A(vC*c9SKQQIJN#Q5%E?Ly3`
zhBm#0hR=Eho<n|LpwRKcXrGuSpGEy-lCt%t`ql;wvLEQT?w3P%VlJP@hu#}floEg;
z<~rqqEJ+*W%QUuHio&Q(_VXUW^AMwlQ#B#eS8PmU(NPE63WnBukDuI(|3kT+z8Ue^
z-yF03x!Ft!^A0{}t)Iq!kKVVD2JoFk<?-usuuFrL5i>;9Qih?R=}r2qYSz<Dw%pn9
zu(-=`agqSmH^}njod<MH#MrEiWy0vYN4Yx1mGazMjN{1BRz_#1wzvAffELjo`n(ua
z7;=yJF5B7hJal8y&}g2~$$jRN63tcHJf%Q-uXyP?^k@m^Tl-Q+FXn|64<GW7_O*?<
zY_7A_PS5|BNOX&c_>{iYcR%;aqlotXX#0z$kWvYlAQ7i|j+_|hs8jE%gXO!*?^Osg
z-z^3=MC)O!30P2=)%JaUhK8S!4z`K)tUhO%Z46M!r!9cUG>C@HN>s%n25hq{k!;^S
zPrmeeig2NxiIMuE9w?oN$dw|D?(q55Spg-o5RvqL^7yvN&qKMMz8Ue^e{zQXDF-kT
zjAEVqAme|0hB0tCO+5hz#iL1{M|B{tvZ;J|#)*5W*#>t~^oZ-dR_kJ(dTMLTvR;6L
z47^7<+b}ZhBMsl=%~NOg`Mv{l*M+1H`^-5#iw&GcKUd}M<9^N&x*%FZAmrnEw#B#U
zb>pwP{$=*2J5MRXt@>@!IQLgc8wy*R<yyKY`z#&2&Gw}@c;wp!|K?Sm{cc1&o+AMJ
z<tL)I7qjAmik(<CfrFkfQJB115?!9~G<Z}BZPdjjEc(9N8S-qO%FF!BHtJ&AS*Hs`
z<_GD0pKU12*3iE;>dIUbJzor_XvX#uQF?#wV_Xev($s(j%gPNd03saO_Eza7dgL?B
z@@B?>rCe940p{(sPQUg?=fOTV<NqKodH(PH@c8aZjUHwG4#gd99QYFvxg^vh0OUW9
zq(v;0V$A$r+Msv)NHI)C8oJWGZ%zO%5rBQj8uP<6fGVdL*t4tx0s?wkfND1y)0=E#
zgC3UMQ63#RMqAX^2<Uc#v90PtMUW%T6+WgnN_4<<EJN-2-vC%fPob084?fEcen^Wf
zA7ebV1>;sC6c{(rBKmN)TxYX9MQ%CIs{k?G!+1}&6@Wv}`P_nH{Ch;ihoiRz0ND1A
zSHw#6DX$iYC@(XJZO0n?z&m32)3{QQ*yzHD5EMtFde(&{iNNsHNwgB4S6%!I^mVUg
z=75+XEqN*k!V1lEDGbl4c7w<^=fIwHoIIKn5UIcJO(;s!3KO6|CNvB~5tw*86SzQF
zR{bu0GsYzS2?SpL@NKsLL%B5J@4aV(kC_^pB0obB_7g1j{enq=@Wdi!8EYM(^QbcF
zS8q`^&Y}0D4QC{?zTbX{65M&g_-J#CRBy!4m1&UoVKgaon*p8@qVMBf0)gTn88D$v
zWy+Uy$Y-hB1scqmx!j%mee8oaDre>WHW<jZ$Jpb;9VFAWS|;pet6iC<Icbvs6Oja`
z$ttx$a8#UAjw!}6olXOObXq-PBU<=Mwgg1mct`cnA*WqZdujg&0F$rNssH#Q0<e8z
zMn&wjA(})VkLoiLp5kergw9;M8qW^dmYY5hdN&n^9^D6Vro0xIE!%Uc?{cz6`Llsi
z`83p-w}Ej@ViP1lz_fj(Pu5|`hatZyB7(lCkDSL)ev8qj!ch2K20xkik-bah5!UW7
zdI{}I5K%XgEa{gFd(!p8ABp(PZ`_RkL%3x8-@OixrG%%e6Cf|YCy*Qpz9%0oCZ?q<
z64-a+OX&i7%2eDclQIYgrSP-#lSe{ht(#o&Gp|j(N>7&Z=uta5DOrXcPhNCLjB-^k
z`&%NS3;id#=DPbSqN%ak?Om0(h>~X85N&4UIqNv<yMAc2Cmj*n+r@ceYHuGAQ}&H?
zanC(Lp&9o3(h3<V7N6PvHEc`KhkGr9AZ2Bbx#5zWJ*Pv&(8p>=>z|kbK*T48f~MjI
zvT^T|AtM^na$YgeZC_OjWaLI+I(#N<Ao^hZ;_095kul?Zgzc{Oh3KhxqA>a*b}2t9
z@qK_8{^#J6R*Cq5!gDDg4SbCDrohrLLwM9@=AqKSq8$-2R$a6@UNqDtI)l247Z;V`
za;s%dNC`ZPF=YtsrB}|SezysKANWhg|Ji%EX}}-OK`%=5@cO4Pd_?6leNROQ0}?Te
zPEpuU_%y_<zbs*uVr@~p%9Spo462{pI85c`fj$84`3#L-!)MS-Mo%<i=-Qnc_JifF
z`Y<_wy^aARyU~Y-yj=3DvFf8<y;qz9=yErJn$gZWi?QD@&!7+6!~bfFFHxr6Ogq4+
zFMwk9C90juR4-D)<vEPm3J4~hq$fG|4#0I~;MtF<Ox8nynG?pB0N~?;$Pm5^yEvkB
zqzvO-7$B-(7UU=dgmQ|9a6Th2;D(e(J{ANDCT2KIfS~{t%%T^g5Y?%zIcuJRq5c@N
zDQBhwFcM67E)R6^2_UKT+UR5Hk26;cWx$Y^dlwN0$e{4;W~fUvBgSv7kF9+j^s!G7
zr(j~{ZH~9b6#ck9x-Ip4NEbbSUGz>PVBim)(2>5=M8AkA^ME31s5YYNC5C}hdHehs
zc%jrOzRHIHcajg4)dpxU(LguAZG`ft6Hnc6vVAoEedsU;{+`yPu~R#It_5Yh7=E;e
zP6zv(`nHbi_$+%+f!(Mh@VVD^tF2tiPTF{MgAQE+gNx}xyq9zjGoTJ!95}Yx_H+yh
zGC<$rT#DYU{xAK9PF(R(+BWo6sTb0hbfvBxsn|sdp!H8AVVKiWxVkVb2i;JmX3b8X
zAq}*cUd)HtkfT9^83`^J^5+q}**4V`!wB*uCbm8E<-7H(&EXXf{p)${hwms?v`{pp
zw6)c?^h-=gn1b0a^ZI(OdoIc;#(N2r)IKs2ym~Tq?k)(xRA?JeDj4$;Iy3;0?;G<*
zJIZ?bal}9P+%4??5H9ZR&+S^p3n$;Uc6j+c<xUq2Zp2V{n)sVehXHEphWsuWgLhVR
z#KLgNP^-<o#gv}(&x$Il{i$p89nKAnKhGuMGb)?LiSuZv^SDbWC+JD;vn)g%2#)A@
zq)zU&4$*~R!VTF(Z<Iy7%2QAYFiIo=efAWt>S$=cw==;H=Vt}J!x>c>j0Tlxa2tKh
zl#4k=oDi8njKJ$reb3W34lwkaAEnF)g(4&+g~0JZq@V!67SZ-a1fXvpAE5=$liQ%E
zQh9^!ooaw+82nukA|lE%3Nm6MTPTCRt+yrSz~=yLgIHv~3{UR^AaJse29t)K2$X{5
zA)mkiad7FSdoJEj+$)iQz<^qxNlP)t1inBIhN>JmkyfcJt$d~x3R<Vq@bV#O1Y@G{
z<Co7PeQ%!s2maD*|L4y}^htUEQLYY;wVkrr3AUZD^?#}K4fsY>BUL<j=o5PVQnr*K
z^8V_S&s8K&QOXGDC5t4|Xb?0Lu$S@z@<u>?0+ZBf(zp73!z_F=<_XRLVDb!<7;Pwe
zJ4SnTFDEBnhNF{59Mce8#%FH!<oc<2yv^>%FpiAkW)v0ri}qnUypDCYxn8!5r>Z7U
z!81J8SG<-^lj+^<E-HUvLSnID>~A0TNPw4)o9vBGc$dv7<F<`0-~0CQA~pRV{s;d~
zwEkyvh|3s{IS+4mL8aYxf)auQ<E4=U5z>H=VcaNfBeYWhgBvS`wKeD@I2eMHTR3Q0
z7ur*vBg3L@(j|#}k3uPo7L|?@ZBVDigT|F@F3O1tz}iG$pt>mh`5MBn^e9{@k=Bfs
zFoL4rUV0_s*M9xx`9Fk<o`1wFo8|M6k$SAJo$g0KO<-H{!cge??gnJL8%BdlQF~TI
zK=JEm8F-H}0KiYtL30}Dfzd#$ywvmxbzkRz>@lS<m>P`J5S0`7ND~<1e4Tm~w9;?c
z2DG1`VA4@$FI0~1N#~a+>V8b>E9qQb)Fb!ku$68v?Ls>|t=qjmJlk7caS#ps=lb3I
z4t<xl&iUDF7WKQvQe~Dy(m>M)%ztR8PkLN^MOtDkO@CH<-}-+vQzO9aK#@~KK#f7T
z#XZH$fm<Fu3CICO9jwcRjf|EIX38QxaE9<s0@90Rh(*7vu4#s+2`%sU?L>tf^k#$C
z1{y5rpF*|OKhdUybl}Nw5>7r#TDGV{*oPtK5~E}k8(XGgNS^{~762~W)bZ@u-X~9P
z#{Z#QugUnsgS^N1_mv_$d8416cOLnB6ju43Mmt)4hM`?~i}Dz?)NBG4@*vwNCj#;y
zxr8hv?@MkS2ms7W7FR%nx{LBr9I*uuS3fnEC%51|>rhI<bxZz^NrUWTSwak;PUnNs
z%xoh-k@}T%fX-o^8KD5^$?<{1<<6R}qU&JfrEeO>P2RJQNimqHE8AcI&@ZKUGiAy&
z1@v!5B*ZJ1*={Lfb`gLExbdj2>*bP~uzqQNN^v5$7b^hh?GyQ#hERplJB&asfkqag
zmK9>-0Q;mpp`sG%!l3QO2*p5|(VL<Xdz1-;dT(kYn+xMy5LFxBcT+ZMD>uJj8wfbc
zBqq_W)$J++<G_K|_r78BQJ<gjD1=7^7?DYV?xP(ONb94nq{~^}v^-S(x@SBy?0+-<
zANcF(n-Rb9kB`~@Wg`{H8hHRpydLSh9frU4=(+j_#wNGQmbXYlx{`TD)sW{Fzf*^a
zx663~_jrlZoERFvR_l>b_E0VrwLnU)oDzt_hG{gQG-L!yoQ#&K1J?y=n?SjuhD=j5
z%k_g^oJn73fN|~KPZ~$H0eXl3vwwX&HwJZ-MH;5=>%;kyF{SQP8<=7(Dd|2uZKh=1
zMx<jVT`nH(Q6`kL{UvJdc1VC_A7itV7BSva|H%V60o~dwzINyCEY~^v6GPB0qmdm%
z%L;%_cM5?z2c~cVq(NDEhUIw(w>(u1KnZafy6tGcdk=cwLoe*R>TE_x3VIs(7Sq<Y
zjEuNvu70w;c@G220i%G@fG29+M;}Bt{x*dwyY(%iFbBssKnH~yIgv(}CXJ2|6DOPu
z8uoSz`#+@XHO%&>=S5jR@0Wf2&#O`PTE|jADlh1noJ&BZ+^Z}Vr^Sp#8v1=vUW2FA
zqHdrSQ4B?xJQw+a!JEL(>Y}cN=Q%~&EaH|cd|K7n5d*-tduUVo0~)dXG$3&7_Jtl|
zB$B#M0Hx&7t$dZs<Bs`$&J{7R$M&&b&KH4pu7FP3AJc<MzsPaSbaqF*HtqzCTwTR^
zA?_5dB0-uk9#NyS8L>q=Am;=C99&<h<>}%fQ`^-5K-)iFx4PscH-sN#^z;09Lq}<d
zjG)s1p*#;4tr$_0bx7>8a)3hWZSqMVG3xNJiYAP(-89O6j~+DF_R?E%^fiUTTD_mN
z5PeP|AlRZ1aAtAR<*ZX7!jkI)ILe7y1S2t?DGKKlB940kMUF)bdOIzjJh|=g_fW3a
zPS5{`cc(tsqpW`?fb3hecFo=VdT;07!ox0nx*<JBKn+77o-f`rlqREi*AJO@i+WV9
zw~5NOMB!Yv1y*2~iyi|Ypi{w9@>~aadlHcJp>rJg6A<js1&lhlvmyOT$AE38Z8$!l
z-uv{Mbl~}JMtuWqHT}zrD?UhX&U>21$_=W6HS1fJgSIinth#w96T|T(y((JW)pDAF
zn{<khR;9B<dicDE-mr;Wb_n)$2OWF03!Ed?Hv<6u^6~0fG8cXlh9MP(Z5Yl^0&kU2
zC6dsFfynw7Ub+xuIim402%2@Z@!RCd3dQNUX7dwbgmCt4F%c!e1lJK-a}OZf<O19<
zC_udW?>WP;{|qM)obW_Neb2BEcHwi7CZ(X?GwgI3Gg@;-KSFj|kGt|jn6{A6d7Zu8
zjQ>NrUVAg*^ETlxH-Fkpe;m9%miryN)2P@P@hf_!&4#IXe$YD+rUUR!mdW?<zkq7!
z7xxfHMfE?8YwjZ=Z}RMS8e@TGyrVi2K!x=;#&ZcoI%p0ZnC*f-X1gaZIgV%ZI9vc1
zMn=5<rC!q9-uInid8M=D2D=a4Ubak+VFNr&?mE<+6pxa)!FAh{;{-iU9{2QVdiL`E
zkt%YKL<ds#L12z2s_I!rb90G407{7h_qrd!4*tqWdiNAS|7Z;x>oyszp@9t*S}xhq
zpc{V<P8lcz1)7{w!gw8_Ikc;U=}jScPK4V)I&l-(Lhu#Fk#N%}m+;vZ<B+07e>6~M
z2&Q-nC0B>RN-xS%B01jx`Nd>fL~rN;yx%qLDAg8B>R=^6FQzF>*+$%Q{txMr@z;^Q
z5evPrCI4%ApEmj_d@*^sG{P~;=QhH{Bi>_p{q)RDm(i2sXE#={(nTuk{9Wg66i+VZ
zcM0^}b5*&W@_iY(YU)wYa?q@eK6pNO0wo40_?gSB-8d7R&>*IBvT)+mK3zF)fHZL(
zt8&2~theaG7`B9-ZfOf_K!VYgjy-i{zH8uM8C?KP_<QGl8@u9_2W;0?-ysb-2HqYA
zxM`zcE6Ee0SvrjeFtM82OGN-^tlda5TytND+nI@;JAZSgQfFAcyjV{kl<=09DTD@8
zSn?&PZxv?aXE)+24}&P4?Jg+)QopmV{e`H^k2*A<*%lKp=A{@OoWg4j%-%<vm~&E_
z$~MBNv(yg-$@SH#=+63{JidAU59NCL#xVZ$S|Uy(4L*oSSuA_}N8lb5vkbyTInGw)
zFJ)Js%`l|r$W44qu4#PAGUY%&E<>hMCe_Y`k<9n$;lXHA7RtdxQ0}E3dq$pThx|?{
zJEPCI88w|thXs0}c<Im)qH!^}XIT!A^e%x%f(-VjgZ>043!|I*6j2#>ydvrZ=i)HA
z!EUvz2<T1$g>L=BbE12$UO3AvXA4ABp5Dg268RzDg7-WER%k<Tqlm@@c5<(Ed71$<
zt(5NV@nlfT#u!^|ltO-mK$Z_7@}sbFCN2l1%%+4<nurlGAuEPiRyiECk9$jdPCY%@
zHVB*E!2;#8t*#t$@&}oy*S@n)&2ntXq-R?ay<Nud+%k3L=}(8I7&2Cy#Jq(;WAK3L
z)Z`MqUlcRS7CrXU_}`B7eHhnkZ$^CXH;=G?=9o9*2`bTuXg!zo_1<#RpR&v^4JG&|
ze=~!hip`w>Dn;{_%fz)s9c+W^i?a_2l%*p!q(0bwdghFd5|kW;Rs%}?ILR@<cZskx
z=uGNH(1hNm%E<n8lp*?TQS<<HdG;4$;*JlWEt|E;o<P5HEIIy3lZd+gd!KXVde-@n
zZ7=p<F>kFq{ZRho$cpY~6ev@uD5Kff>%B7OeT)tHdSf(;&X;JkS$h}b$FXLFhyCf>
z=yCst|6z;Xo=3!^VIW|r^Lrna6I~F&(u<|BpMFCF1u%SD!z5fR>aanX@?gD|FQPIu
z!tF9WETcgxC?11Z4w~q-on`yei<LtVWWuZgCGAyDdL<AT0w%SK3dU*Bw{t@j(g5XB
zvAQs(C-Ml(mG;rUDRmOJ+5Qjd;)Fl(xOM?`o<4c6_bm;+zRw<>F5`PDdpQ#HfRk6n
zukdaZcJ?_)en$HQU}Kb3(wgVwLbZR|?|rXc+oUH~28Z7X>Y-EokTdT`w%z)`lmmfI
z%K28?$}qiO)KQ`@X-)k_ec+Ct1Gz#Q(~qvh5)5qE@1R#6;aF-_mh*;;`flHgj>q_<
zF27XAG2daNQ!?Q5#5g9czAGo!PgqR)FmgZ}5tZ)c9za~Fv(>Q)MgaQuV-fAqK-EC<
zx-!=!!*ULGVa^kI?pQJr7+@i%Bu>Eiqm#Lj&V~jXGdS9jpcb@bNRepW&$HI=<I8BL
zn2JC`Wo7Oq23qsku8e#*vh*-eyBZKO=2UxpUj!mdrUOU=?S|%_dJ2%$sq(ttM_)@l
zpzD(-=c#@-<Ntxb<oRo<pPvYKxjX)wVLNv9J7lAa?@9_O>gP!bL&@uR$xt)-WEuQ(
zub+mGeJJ%)rXp~JYV~UMF8AWd_AKgQWHBO&r%tcZ^&I=N0c@0LCob&{R}5*Zw7uNf
z<X!1k0H!4%pkZYM;OrM^B`}u#HXxI<mrjG;EYVatj08Mvm*_nJ=Kw;M5@JNaqn)Jr
zb{)3pY7_d@UxFLX<7ho<D#vu^ZXh8QFXR9KAOJ~3K~!oc^lU5iZs{+c^VBbC<q@F9
zNr2nk<21C1989QoBi!W8OE8(QhcIN>W{{mAIY2P@Md*92F9{`3LZnGFy;b7SfET)(
z7hS?(?2iO<F`2`Wr9yxiLN_Bift0hI%xm#T(HsMeMIvbmt|?p9on96|o-2Z#Xwj5G
z{^kJT{QuG`x4r!z$|d9f{COm=<+9UL;iaeD&b9u-0Je5L*Z!YZ&RL;{(gu(&Ud+NE
zrB@4nkBE9au8ib1Ci?NnY0gEWLf5-#IH)VykPRwq%0e-8aD4JPH33mk>d)<N-0NsF
zqZV3Gu$f*`-{eFvqQ@|`Xd+!yq96b#*;e$8X-T!YTs_JjEF4d@kKTIP2m-@C%5wch
zAVgzV^l%$v&l3|TfZ8hHD7v~=UP@cTw(O(M1e@EaCmqs=I@aW&76p_hU$;uf0wT9X
zpFrPfJdLI)tGz@3UK)lH`LfANCX*Y=O#?z<(K|FYtv*w7+F<TtoD69I{y+i0mV1}l
z*<_IHTxIk?zlyQ8!F8sg0d#asROVr<3B4I8QrVs_VxQICk~g(>72u*VahjRJD4#X1
zm~2Spl<miFUT1HI$A6pf_b@K)@b})c^9H>SDxTwB2d~NKcX>%v`VEGn$YF<Uf_Gh}
zS00l<GI^6Ba4OoPkVr4BESW;|vH%ghN4c3!_@qvRK~fv@Kl>&i^=P!!Xq&Xrm0@sm
zj3OdW79|j(F<}IOG%ny@^<2!5#TcssJ{IFc(B*VV8q-<nk*lpreQ1-~S<)aHC(b#O
zJ%XWUyNkm}I{;c0Jx!a3-|2L!uZ%j-85ZqSM{%~*UIFCm(8Xmg8OBfV_~CU)69Eag
zGsiWiefI6~Xnd=a?}$pu0E);24KeO%Ac}#2QA|bPOwi7dT1SInIGYV1-z(@R29b(k
z#^*fbC+hE_g@@vT?FXXv{v`@0T8qg1P}Xb4H<jc*w@Wju3ko+7ko`yBvmgCv|0;h;
z25dM6I@;j7Y!m20FRt}-!r!mojQ>Npp1yH-{?D+deA@@>QR$^jMTlWq+j9=U$o<1m
zd1T8&zB#{W8}DciN<@rMtDZB^o$}enGp-+`TnWBQh<^qC(f8CB1o@|o@8|p3zi$16
z7e{@;vUn&A75)@aiE6;J@0?$?kI(L0Ilx(^Ij9RJrzWc5<bEaclrt>>JCYtM3?_A>
zY|D0y2<6IU^e*=Q(PI2y7u-|!ew6l+j?lRUFt|P0jAmyUyif2&dS;{-wsyaqJN}`Z
zu;)d0&LiOJlhQ|koQQ~i0RV{p(lGvx+AzS}V5WqD+}rJ@B!q%`Z5(sZ1&Kl6iKyCH
zRt}Q#*D(fS3Ohw5P+6Ks00R$Y6&aYo0ze2)WXilH$eU#bm=%bw^}(C_<)Ehnt=@)^
zaBPUmC3I9e%mp&al1kH-|EvH|0c-)m#yGzG__ogfp<GYTu>Z67%;?f{iTpec@VPtp
z@NdyizUc&z4#;VMDRTkuJ@dDhnhTcf`)X!-$=e>W)6l`oJ3frEOY{v2yF@SbJ3)yV
zf`}@AJG?l_54R5I+J8D(*?w~(R_#+)=y+va{UA}HIrSa%0}b*7IIIn2O!aynZ4c;%
zP@grf+?Xw*c+15;Z1q2*vIIDJo&m;1=?EVuwyk*U(6<CJ5wJISpL){ApHUyRi}Sil
z3Zo5BR%{{Z3|i7YPjk4U(obz^*59)al$^)INTZ_+spaWXBASOxHhi|If%1FT7i^-%
zec_Wn>UB@UjnB$Zv23B<h#27z5T9s1^N{DDaTc<NBKb^$7BGNM<l`x2IVfuPW;sxc
zh>$+Mw9wHz1v<m5+=^3l28bXs<lG7mLl)0R!g(|P59)gQ=CQZ`^XGM(BO;>PGNtol
z>&I;W;&DUq76l}ou+@1*snlsWO~+)o+}nls>78*N3uo~&e>-|H>S`v(Wf`FZ0_d#N
zfiy%YQ~k+fe*0+a^bY!yULfgv-rMf#JFYjo(LBddIuvvbjFr+OZY*g;=~ZhyX$*@Y
zqHZ(2L)$T4IIG=l!zS66n2jFicJQL!E4F2exV$%hD_}v!_d4iAhl=A&gY8B;VzfWI
zCf+oDA`sJaeH#-ITR&~6q6pxf$p+KT#CRTbAKc%!m!`=Gs+dNp7-uk6dhReP?5vng
z`-PXV(J7?cwF;@wP8!NU`Nk+2rfFcpv#sh21+XB-7=3cDM9S`J9uUjVzHsu4(MCC)
z44a!L(oTWQtsuEpwMS7n42w<&5IL$Bz`%2<csT}bw8>Fw8Q=5L81@Yl{%*$q1Aoc*
zzk3=zc|oiBDf^@7{gQ|G9Q*o@$$(YiK`}-Q+2FD~8nsk_$UhfD34WxZbI<B{ah4B{
z0PrH8(;?}QUD3on;YNMchMsBH@r;L|Jr$t7@?xJAmhLTLe<8}g2a{fon(t3~wP92y
z-HQJB*6QViJb)7!SglatSWSkx4P99FDWSJ-<rn=F)lLZ9X|94F;FPxEY`5%Mghh3w
zf7vD&cE6VZ3AWG2nC+n6E&K=GTsdWK5B&IKm$Q-<*T>VAW+d-;2LPZw9)pR-u@OFz
zr3hAxLCUa(A4dt}?CaO_c?>j>i^4n}rsE++nwd;PTI#0&g#AYJcO8r&g6gCyR~Q-6
zLO8FRz-8S)u&Yp)Hr$c$<Sto=T4bAD!8Sa5nH4HM04fTWM<z^#?LY?g?%Qph|3kX+
zR6p<yJ?QhVpFGMn{vG_@iUExg#`j2`ev3AuWyMfg6pRMts3`_e0J!CQ^oAPBDe{9d
zIN2>_j*1i!1m8=*pNSaDZspLZT?Nbp+7wmSmS`j7TR?z$^YY#vWw|e%AGMJN(v9pC
z83FKen#r+aTc-nT2qO0N=ZFD1xpa{Foo&{N3GYuiF*XK`Cc_M{lKa7IptbZL0l_7T
zUM#lI(pY{@LC(RrKnDxh^-3cGuj0YSuoJw;s7!h1GGy3SxI`-{fS0P5*`pwD&wmiP
z&~v1>kXs{SAk(AhqcJ69jfj9cM#McR6b0=kI+qeypi`DtE*j*02yBK}wvoQj^ZDvt
z%O`lD2Tg<PAvqzuJPz}uqp#8R9M>vj=&6lFrp{mxEJih^kpE_51p3})`#+qEIe%^^
zI)xI?9sJVxk1KckGcO}ORw+MSG_W+R^lqdNoL>X7pXIe7cQney8<l*r4g&MNwj-?n
zlwldY)C+Mu&oDY81?j}Z+@FjpvOk+eGi^+Yhs>x5!2HyIIuQXKzi<LLh7nQH0Zu<1
z)*}O6#z}M$fZ0Y}oCuxKS9r;u?pg5+0ack-V0MWSZhG3{$*b}0%HebHHjN$1_49Ik
ztm$yNGdrCQsXlDB2L}LI9zbOB;?JT@!y;_^Un+>J7-Thqgh&3O49r<k>*HiOXQs@d
zw3_GhFin;VLtIeir9PL-M-~D=w3ST0RisIvqH9N(%tMqE*xdMmp;9UsAVo3`>tRl4
z$^}9}mOb~u90{lZ0+=geyTZy08>5x*DQdG_52Jtc{2#{k^v#IR;b0#gz*W*_R9br;
z=c{|YfM)O)`Ec_7jNce#Djqm=#Uu~rZAP4H+%NO*#aN>qCEeBMJ?e`xh0F;E<WJNw
zxHl>G7|%Fhad~afJ;h6h{%}K;#`IF}r*nfSMMge4J_8Ur%{3O&Z2OazWuj)Y$Ok9e
zfv$?)7H{`_-^V7$zK?c#RA<udpo#Rd^jXpQ>NCbz<)zam4}Krd(l*dT=Qw#g{G`Ci
z?zzp;7z$)@{9`<usqo994A7`?65xJ$aiCP8N$%+66`+v{@ezeF%#jS#1}LCGcSbHq
zUxWjS(?E@$S0QxcScHR!RR66kJwv2b1lym-GxvpYmQ1i$n&p1{#(Y%5rT<h21}s(x
zz1>5TZe`|dWr4GEtTZF}@hdma|Djw@-;DVDKN<)7WW<MnaqxWaM+%_tmvNMDxgb}Z
zzoX?$)GrZ(uc;##MWlkIamcd4>l4s`-cmiefB!vlOTAUr++P-9?KWon)5!NzcRI*V
z;~Lg(yq9_csR)6XG`ibNOQvV{t<s<v;6<HTx9KmZP5yS$M;>!Y$>4tiBrRn-b&KX#
zWm^JsirN@gMr0<v3)+;=1RW?#_4(1srTu5$*k`wW`B`JspkFQe>pH)H3A8=m*$3aG
zE@ny!V5sm4Y;qcT>Uz+NGQD5Q9Dol^A%n>aml3w*ZKYFI2GP)lLFbInvOh5tKnYt3
zJ;oW1e^l#;fYJb}l*ininb3BkOSQLzkqiVCAwgY*b^t;Vbp=KKZUU2ivNB13GB1IV
z`on03lvoKFp?voyJVHZHC*mmUHrxN<T=M+iwbU8`IuvD|;+J3myg|9uC8McG-3A35
z0VN6V#Ep&QRWd1=$p7ZavTOo^a$bdb=jvzQ4mrI7EU&!HtP5UTp;trXko`oR?86kn
zfUeSW#e4M-yXjnapt!`aZ*{%}J;sO%oOE##H65`$oJ^pRAddNF==!!}%{u^vk4O0q
z{hNJ6U3^wFk~6hq+#^mN#M}tc&sSfS^5LZUd(@@ZM`PRzm_@k>4ly3&zam2h(j4$5
zj|hbLT!n@)*v43ZF9xOC{$i!DRj$tzSSJc+n-UfJncFJgQJaT(GN+G_l!wh6!Me~+
z%iglT<9|V%eUz_dc`KT@ai*6+<mHNk`LP0A(5Gm1zzQmba!BtS_c)iJ99#j06zC$8
zJCf#_UG@F(%QxfyP_CzM925TJ`Rk(bFwf{%>SvJw^11_dmPwDA9ubYEdpP7hm9Zhx
zm?<*?=?1;902NC|fYF81%iitxK)aG8Fa}iOC8eqQ(ML}amW%z4L0|TfhE8R3zkqB@
zi=q$RDan3pQT7*MI>2e3?Lw$O4H@)HV2pg6)h|wx+sQZXn8hel@8)i$d!?fT$c&!A
zP?oT`wZG7Wo<5$VK3D2idcCaPiaME`MxS#`T<^25YD*b&fVQ$P4BM)AjYl_}*-;_@
z5g#gysY09G%R!<LxA~be8+984k!75XO5;v+)uM#J=mlh2q1XDB;mD}UKt!Za(8y2i
z7o(iNl|9c{zO|9)U;i_NXv|F{tWXjeQIP`zj8S<MLtcct0c?O_^jpp)fRae%D}aE0
z-g5pA=X&}^#ApA>ajIX$P%3FuDf8p+*yFz)AfSMEf>0Rdh#K{a808h&WvUHEoH^16
zQ{pOaub*iYSH_siyLeKdfua>bd4M-vyi{`@O6tw#-;~_4fhN}%Qy&)kq?vwNoe((X
zfuojBkfd?l?w}7)))alTF`&~X`to<#f{Y+wr_>2p?v*Y9qraPNnA+LvJeG)gL#5QY
zic}bX6nn*pNmzuq!}yc`)NBGefseBdxfv3SKGQY@pn|W+L!?!XrvY$ow52&9=Qxcx
zdh0JvA(bRNk)8xN-y6>mENlqZcRWwvP|l#=MhEjA!bs%^+LZw&1F?;55G)aS8>o%<
z9Jp{G9r!d6w$BVgp=3mXp&-#9`wKwhv}B)hO!VCtx_AZ-iqw{K7c$lB8w(|KwPT^^
zlP5RN|Djwu()Zb3>;ZYR?~kI%2%Oj0(zli8+jc!?{Y%COY)z(Iu_o`*S-=i)8NQ5R
z;CO~dMAZjUY}_uE7ePylQOEU#({l?mIsyH5p3>K$OD1_ne<xtG!2reRgW9lKsZ{zX
zzz*eKoRiH&7~@flL)6bQmMw;Zk^lz!#v`O^S8tIM`$WGmx<m|}GwHc~l+~cKN{Cy}
zVhi&Giq}EM%#Cm6{Pgww4b^>p!N#f`<L!1W;vDy=^B)@8ywan3uaxi3V1w=HV<}{S
z-y9fGUT8y74rHGY9VU-%dzl3Ip-Ld35+a%o#s+hGXp9IfLly8~J)DsfLtxm7N8v|X
z8k4R(h!V~L!>MlOh`4)|2Fn>ag-l^b02nF_2^<mJ6b?I|z1-DyWq7LBI*)>DKYXk*
zEQ)eUYKG%^sbwdC*=pIXAE)_!=JPk>{}3)M^?MhfQ9J?Vlgs-cSFK&o4S(vI|4uI^
zVyy?LL+Fu8PWZm3(WcNRjf;3(_uTkGPjIzSD$tYfGev1~rT)nH91R=)r#`nq&*Ds>
z9lCr!jxu)wo3AmnOYgdbjEUp`hSWAWDQ?X4T!{dxA966-F!b81L=(B)YggYHrA_**
z4B-a)0`L@F-)b8@a^!8-{W6z}x{!{Nyl&9M`{f{yH1)j~A`m&kv!%aV9S_y9Uk-a9
zx|Q=9I{LAoH9=wWghflrIJ9ghXY;*SkfIZzgpWYf=7fR}7GSUvuom;RGTbc^u}2K=
z-8U1;&<4XfD9gh>{5=s@ROUNwMDC59o{=e{B0#;qTcQ>~cRq`j0wbhJI_P~N?cxD6
zgrJPB1z4$!9)-CRVfLY%9={y%na|#i^nD1IcKCbmc^sZrm;#hh9LAYP`c}ZLXWCGx
z8x8l#qufx8;p{x3^?W|lSm*!isSL01U>M#m@)eK;Dog07G_dX%m;qXOr$yEsaIk(p
zgXgBT=c18h5$_YA<f^7#%l2LBXgt%K7GMD#QnoFE8vdDv1fc6^_}QLSIsq3WLJ`B*
z`Gn+>8VVSB^+{kc=4V8UDav%VmAa7Nk6msoL*sCbGNa%5fQK`wj1q2#kx#o3QFME3
zb&UHqCZ8UHGkCFp-t#wt7WJ(FsD)lv$IB_W-RA&+`PJBhwqrEJJ5GdB!e3-S&mqw$
z-a#M@E&H0s;#suXP8SdnCsC=jD>w7NpnIPjsf`C_g(w>3c8yytD^8`U-_vuKqG%&G
zRy+X=`t?!Gr4{51z$JPVWp%ONp|r?APoCVC`aP6Ov;BXFQ~k=avBA^Fp+3j=W76Ld
z<!ZU9R}7^YQI~IVH_HU)5tF`Pgn^!VD(h3`<PoJ8iU<`WX8BzpW{<ioIUob{k_76N
zt^^<m$hyx(aBn&LgQdt^Le1^ZOK4qX!PvO`Q-1TPU;vhsc{3Pk$f3U+#HCSbFu0(t
z>lJ$PC4$&19hiz`etH#(XVgSx`8)#Bi!0Fb9-=-@4;o7GdPZqapi)xN7AbO1y_~v-
zjf1#-akc?%_sAF9q<(UX-vX)teEED?PPwqz1iiYyp=}Wb0K8a26yAZdy(|fO64JwH
z9!gQ;BCrevomquh3W6o$L4ebPkZ}iNE4N0);Gy&#;Vgm_3W<lGvdl}ZgGjt6q(1(1
zl`Tude$$r7SJVv!xa}i-pm%#49+RV1reTQk>D_RLvRlso;apGOIE?@E=f`&$JQ#uw
z-qzawetKX1<hxw=pPmfln~Js=7Ai#dK&6BMs0q?@5?3DvZ#+24)_2Ny%8Rv&O1SN2
z_|+c(0uNjB=wZryK10K<{B0kAsD!IU8#qB4pZsnP3)84_4yY%oBRmS2&ln&o&J&FA
z^lsEKNPP?1bCV&D5M;EXW9|U@?oNu^5$g0jIS^4NwO#3n)S;v^z(BrFV1sdSaOCu%
zGf9uTL}j*7M@G?`(OGSxEHwKcb06H!B(3)POnJW7zD}zE+_)A4#f^51=(@TQD-DYw
zQ68O}9w^EsQ+4~yLxsx06j2cw8IFp^z5EDlSsalwN6B>F&qSy_3d7%rptC&&s8T8U
zfOqQ~{@i1VfVXwF`=U)(4DfiEY;-8nFg&^C{2$Dvu)k*eOYw3KjjqXk3i;C@f$v*C
zqXPn!CjU9{t`GT)fPv{zlol0l8fh3fc`DZztS)-6kgse9b-<<mRum@m1HDhtY4yB2
z6MihKJ1zRWnE@#P>3rX}$W?nhTA(&l(d*ijLx$tv4io|0w1Z&`T6DCX%doQ@Fm!rP
zOU#O)+M<kagzZBRqd)0*F_K`;R{{;tJI|N7jPk`xTxz{q&PV4*zfJQL=%~7FA|1fb
z*=8HRDLvj06#<X0u5`*_mp4tW6pzV%?bePMAXI5+O98x?48%cc#yp%fr+dsT6i<K#
zaKX4~NS(3N0rSSyiH-pr)EUpL5d5|%i*1*n<h{#iM=D0Nv!G%1sShU1Xa^OZDV%Hz
z1SV;RP*v6e25`nC@XFm5BdRdPtbjR*^RN8-r{{mm`G4TA*R;Jamik>F-w}|<7`yt(
z&_|sAO{R|zRgUsE@IQgHu1>J4GOslqAtgB-T4lyF>o-uLo&HK10P;eeQYMK-Oin_F
zPM|KMx9>~BCc}IWU~y$$948nVr?DTmJ9*ls7fPf74hIisa($b*dW<K>%=@PHUtbvG
z5$H3+?rsy@St@;@!{U8L-?tt6pTwY%+m>ZI*BrUFV~&bIjE@_gL)Zp=CSb}w%Yo}r
z+Me61({r~74(&~elt7jWA9Z^MWtCMl6#%q?)HOgUoCu$lllDw0PysY_x}e$fIU38=
zWEl+vQK*MJN~9si0P4z#6%mEu@+eIGiHPQni1<YiRfi)!plUz)iN<~sP|%lcOh#;@
zPi3w`AOAhN(lCxh?-b04Gg`16JN(_&`9F;7wKpR^e}?^Oh)dYo`6G@<0F`xmz|aR&
zE(Dso=n<t{D>?wZF&PRe&u#XYBTNCBVvdGz{%M3fdbcu|D^O3vv<!XY^K|Si>Yemp
zMDak`XTDb)Fw+O@Z!td9t$3$+&*mICSfHU6uWZIAzR66{oo&#Ds|KVK2`0%ibZm;j
zjH<ixIOT1WL*SP4PSmb|t~9+{oXlS9QkvU6b=o%4UCtVfba9#yAt9Z)<S*+Fq}jm}
zNz==)OM16}D~zY=DCr#V`WZzTBT>BcK7^rcL<1zo2DnGyYdFhg0+*lrD4z<b5USU(
z6%|M-9GkF1WuiYJMn|0yhXP@!Eh6%aX(GK;X2#Go_$d@r5)gWoT@)+80_Qa7J5N(o
zdFd^jUQfvdLZGPNm}<H0@b_@8*UqJW&!3OnIYXg^hkJ(oM+%_j5x)^FPxy-nC~I8e
zrQ}&NNbokwcNrA-z`2@$ij)yK*HJW%y62!fqI!m`iw=MrUDfSQ0KGi|hN<5%o{<rA
zgQ@Z0@wO4ei0X402RL3HY4L~+!{0kWo4x0!_!aLFx@-b{G*tFm@*eeHjOSe+^1X@P
z0+E{?)&$#;_dt8SUu+D(N@+`sv2lRQWqRyG_7i0xx>oq2Z^QnOk4rl!7j#Img|dUU
zl#7MkWjc=kYXqS6VbImk>lh$;%nbiKQ+6<84(!DmE5m$O379i0P5AP+s<@8(mm&N_
zuNnZB%PWoar4sZcN-?gfQ1<bh`o~E`PLJXV03~M`0tQg3<+s4|&Y)W@*TFy$s8-9O
zAV)-e_#?O3{txAn=l|@z<2${r5-o$mPVfJE&iX&*188%Xvj2aFjJ5^eb;xN^j;_d6
zUK`J*=Lv5&+fGmB1o;fJrblE3RrN{UGb%@~G@=-%;shBeh(P3T)i>!P)LlZ!XiEuW
zpU-gOn#Ra?_bak*^@^VPxmO*YeI+meAY$7YVW8nJtB7DPGFnQH7KV@SkmkDYhRe(K
z@nMvut;&q?ezd633xGVf+jIYn=F;{NSduomFAViP<*W@r#4#&-;GDF}aRVqIuj@Id
zTX6>au#Fidt1`2puxDieg-Ym2llYDvX=oT)W4M~36Lvygxx#<!6zgLdE~x2Q5N)2F
zUgd;{>PrsMa$^jmco>r2G=;Qm`HO*3e@ciaq6!HHQFP^+V70p}%i>s=LM=H!GVylg
z`fp+XhjBeUjlY)qaYHEWqG{ppV`l#zy<ai{&?#SKCjI%B27^imMvFY{o=9F&qBL#<
z0X8Q<pZPyO!!aoHb^t<@LX;Bs!?C){xB=+&?g`vEfv!~@utDefQZLsPyze<+8XJ$Y
zF#4e~3W-mzKhvS75u}5WY0wzpXmo1OrrTKOe;JZC+RX5Db2{reI(g!&ZRq2`7#2{8
z`cns5x!HHn#ph*7N9uj;WLU!Q1YI0gGtNc#s_c_){7!p7P`6)3{Uu@pyFx&bAW?P_
z(e}P*cadE<x#x3~(C6btpd%U|{ho#RXEFc@$!A3z7+0>Xj2O(56VxdDJqnuh!FS}@
zA@I{Ap9P{TUOEIX+Z|{d2A>{=dnWAH@u3cIQ9ccSCv7vw#d!i?W=1DUdI4i1;glhG
z{PJzK|3kT+zIp8J&!v75WBiM9JAaz;xe-O_>pQ*CjJQ!bQ4v~-AWwax;)h|A{4i}s
z4|%&A1~+2#B@G3PKf}8SaSpE*a>0mQZ&1LLBhk_H0s%opHN;$ADY@p6$OKTXsNImP
zlsa|mGKUOWOi{=4JH5a%^lhX?3gEfcI?`y~<M9&=IK4{vTzy}7{VRRW6w-cKICh{<
zi5S3GlD4Jn80|~Y2*8}tpR--}rF{stN*yYrk8%i120`lADV%S>hyXJA7vt(c)1xtE
z4nVYL*$5Iw9p<D6dY%!no*WY6{X{G>-Zq#KXI=#8dxiYTY$+6Ik4GhnvWb}y3NgS4
zo-?5VopN-TgyEh)j|$E981gL!+<;AlF-fyLoegjbr6cbRZM;Oh^h(4(_}tC-KZNV)
zn-QP?M-lJ6TY0#IRSAk=9HZqP|IxSekRKTiC=Ggb5mgCMrljONT}BVLnUd2y1uAou
zQw##y-#3Kf=_Toc9^m}~5~w^6WmuFn%b`pa<!eg3c(x6O0$`^^JtVh%yqo30=&?Q7
zcdL_O@S-#6#I;(-%Ii;$6lEpALR6Uhh9uaz8{jG<0PHiy*1<s0W#k$Ey^VHepX}Yj
zb1lla7LQtdg`B%KS>r^#Ql?}95!if&{ak=79rQ+7Aix$M@_B-i>?6wrf6+dyqUf{_
z=YNX;ECz;#cFGTt=oZd%&pN#Xu2BW?WIW4hczhq7cXY+iLj2u`#wAEaVGu}oyP<SA
zP(|4Y)f@VxBHUjXzqQ2?ztM&O03ZNKL_t&lO|vxvNSo+(0dBk<{5^&7I=r{XFP}O8
z+fu&|{PpyWh|m6J#1Fa8dxHW8&^-B0hxs(ftMdGv-nZW0FPQ%WPkmD0=S2gRvcz=a
z`JOzud=8F+qI?Vqr|b}<@IBn;F|!dPbjvo=6L)=3jOoI-Oz%PNGCUlk3|*SZT?}?q
zy0Q;c;EdpuymlYIubhI^X$!-_2ubm}9f(8}BejeI^fB(7I9iMvK@IfgeGZI_Fm;*e
zkvzDMa?`;S-C>A%@+tW{BBniVc(kwT$t8oTpHT+UZUI<mH#6mYkL*m&HNF?xVN5(7
z#BpO3$=iDVHmKU$vw=jxG?O8v5eAZ?@=$IfJHqlb8x@GZ7+6ExtIiisnV}Fp;zR}-
zbt6gCUeLV_2E$2?>=?<&Q0A#LH)F06H9@~pQJ(c^O)dM$^9l+RAay_?$is$C<?;CC
zh+q5c&GUZ<*V8xZguh${^*)9<WboVkJ7tAD$!)mP$ilGeIT|Zhbg8JirL#;CQ;)c3
zMgZ<QqvVUT!=q19-tO6zC66$o9!;2Nr0@Iaujo*gih=G+JxXT-M$IEQ**+eMrgsDa
z_Hj>bQTg&DsdKkIrWI2Hd<0$&xOk;;Gy}+ud3uW|CrdV~4>@hx6VbPvF~Knq&q#06
zbH)Twg5ab*0VQ;P(ggs`=M!YVJ<1hBr>A2FdJ`~m9#&b#x8R)yx|g~jQ|^ps-H4{7
zd;kEI2teDPPbh{ASqvOdgd4+boS{PzQv*~GFoh0^g-1P>klqSCMI~~#GU+W4DHl{7
zqrXJF`n~nTFf-Z^ZEV3yf#$j44f&+DU_||vIXJZ&=&s~(`zW(`Acj=4jS=zTkKR20
zhjQsuzaQQWd7NeqS4G=<gZJN~@7!SzN+hBx8ealeJfBvd&G)?x@HBaLdMYF72W}A#
z!(V`cdyv#e1`Jj}C&FYNZJ45skgrtY06N8MrW~GSrxRm9MVl4vM!TZp>|W0Q;dtpY
z3|{uTRlO5^<oAoGNV;}g_Kj$Uz(N5#kE#KSs3}U#f0$A^GIjt@Dzijb=)Jc3=Mf;5
zum0x$d-%W&YdU!XtL|J9n8LQH964|-y8svRF?h~bqv#UoV;faABWP-G0xifTcik;c
z_0e|pu01QnN(9MAfIdse$}aa5rgHFp3IPUI4JSHuw3Yn;@i}<RUr{){9Z3u*D-Q_?
z08PvN8ukareGdMFngO1?exgk+Q!2A~xACVwm()WW0!+~M_{q)le<)XO?~4g%8LG69
zUqsAGC$Qx&yeTP(626D5`0`&W{fMd$#G~#Fli&R$&xo4a)_aq3be%&WU`jVk9*g|w
z-enj%(lFnHvEi~~dXapNZFi5(y;7efxiW_QTp}ua)gkE^5Fo*zm1T8pZg<%yfJPbs
z$h~Es`%wTBd9l@YuC^d1;G*YCJ}ma8jW&36w?v>f`;WG)=&b*{@yG;1tu5s7GFHZe
ztXEf=Q`4<H81Hn3;aoGKMhCH!P5uMjJ5vDBpQq7S<|kI2H&h{kWf^3cM4#t>-|=fg
z^HCX~gp$toP$)J4g+#H7FddDfBPK`nI^j(1EwgC*nIE<Mo8B#xuwu~7!4n6_8FUm_
z=}BPV`=3)7a<>1?^Z&qKWpDpJ0BLTDaxtExk>}?)o?GSWB`b`yr2%42UVLgmBBHLJ
zX8tpxdY;9Dqb@Pe@V@6GhWtmIa<Q3b4RDi&_oQD&CkS*N)$+4nt%jqiQ?@Hs09b!h
zcU`OQ%Q681xLi$6P#Ok+l=SvphZxYI(f6f~WqC9Cf`)#<Lo~JmpPVr-BUE-hgz;iT
zLce$Gi{^~5Z8^@?cLLsJbQN_ifvfn^KwmjWLNp-2&~qmklf%ZST8U(Mn_`s5)n)oG
z<6b}}FV>?mfemw8lh29Ij<(bYfRsQ%Kj<_=`M#}X7K4tvXI#SUfqK9s#W+HElc85k
z;KW%Bq;H-<Wm5=>ffcCGpOj0vK-_|Mo6*2RNos=>3Bx%V1z?C0!swujpVima&k28@
zyLtW(;nI=5@A@ROm;mFko*%qiWM-?fRTKu4RO@x8yaJRZldde!dff1AG+rvVS=sJA
zZ&Sa9(S@v1$t$!Tt!|m^hM=4jhc<9>o9=U7j+88&0!9W(1VcK|0Mka=#Q<;a`O&a1
zy*M~No}U*ONpJzZ<-C)C#iO3;zeN<ZJ02aW6>wqtV5OrtCaNQkLB7;U&}EJX44L<X
z^lqeojIuP2Wq*dS4VPfROZf&E$zPf%OM_oFgo5p(Eh@A@gehY1^8|beq-ZPqoT@3?
z$)C|K*bj2U^HLEJo<c<WZHI7i_Gt-g^xAPpYb%eLzpE2Pcpa2rFodp)5WBH#waiqK
zXa9=#6N3f?WYFMK8E$pJ)JGT6cGk55Cj<czIL83!PHiaZg|j`|-KgWkA32Tx&GY}j
zU-JAl;jbwFSrNAFdT!?%NA917i3+_LU(xH@Vbt9dOqsY;`HC2zLgnpHj;c@dXj+fD
zoQkr4t%illk;aXw2`W~Gz5Sx0Azc`HUgcw@pUTnaFoe`MEUR4s4$N5Vp86>|D7um%
zZuT*vc&Mx^qp+KKq%r8{&dB6J>-%2&7-1X2(X-xbn^SMWKxJRm9_hWyXm^5$v+X5f
z62rLW`=pn??$!sJ+$qN{VnkUy@?9bYD4#M{=4AEy&a%&DQ*(T2l*vzK<hdfEEX$8t
z9^1)7pYnd>y}=3l_H69JhXEzQ^F`dh&%>P%DHH<@YNCG(m<AyKV_<RyF9#G%%~|q1
zpSlR9wK-8K%JKHHFZAx|y-dqp+Mt&kZD+;}`%JH*8XnpeW3w*;F^^w9clf&*{}247
zrGD>9kikD5VLQG=-!C-^P(rXV<l4jW`d<ucL>@Vsd>zAh7w;s7Jmfh9Fz!=&QF1{i
z0YE|T<+CV9WfjE>9l|gwjSM}x$-$uBVt+s*O}^p=X)6PjdPE*Eb*9O90V}=Ip+sg{
zl=A}m#lTFf<ub+UV9x;z0fp;n*GC?b_Iy8Ad1TmL-J_?z0310BAL*tN{Um?|Frr@1
ziL21h`n&>#1?W1Ma6kw<k+esu#?u8E!2u1JzD?&EsoS(Iq%lA*+dyYB>$CP}AMLNz
z(*S>v54s^Lc^C^}O`&N+J7k7wE$0?>rfQq>k_9M44Gjr(Gt9_m)5D;GG@?>TvR^sj
zN70R~*6Bi%Z9QqR+N^{1lcqv+F32jE?IE4EJ0QigoLuLB3;TcIFKzGp?7bnAE6*J=
z*kQ0*+i|cDF7Z6Ky>_5YV5!id*0H;>D<`#u&9BKyV;CLih@9wZ;AEwU`I%l~X+QLq
z8_Z?~(fgTtOW|9}C=Kix#gH?QUV03}<py6gP=1^3r@ks)pA7${mYHMNYq&f;%03LK
zd3=*&LE}fDk#sggB%NN~R~d``(s=SWe$McFtKW;x3(zKF3YY8mvaF8nIiI^=1%}#~
zWg2bSPCvM+^)o^nnDcT)+6>Qi@($+d^ftf)qtH`dF?Jf03!;Ivk(1qoJ$J{ww_wuh
zJ7s2W5n@a-P^Co)0qKd6GW-QFA%bMX%xGsr0|K&-^7AZXfPwuI(K|W?B&dl_tY;eN
zRtXzKs2ayM1ox;oMwA5QWw@!K|1my0lAHihjNixrWv#3j>g+QoM!x(w;xjkn{~#{q
z{C|jDDU0$vc{`2XC3<hi62FtLJG}}i0H*J9`D%a{+u(UFWlfoms&HudDf9eY<?5tL
z$#N{b;SSkK;Em;h1nMO>9OHdn`wQcpY!eJqhmIkwQnyGB31Co{WSq2^qM;kgi2=OI
zNs9))a>rEkGsmY@TC1$<qY-VDhw5nn*Q>lzx1Mbgf0W6bJ<6CTzrZ7oeta*^mc|V{
zDLuMfYcg7P$oYWd=c!%(M!JOYmrqdF7-bz6Iq>KfQyuC%>mwjrMc7tRCXXb$4dz)E
z`8@eUwqs%JSvMWxQ*LO1zC9iMFn${axxhIBp`l8mm{3qLxZx)frLZTFX>2LXQ9DdQ
z<o_&}-6J9cLQ+VI?Ns?5G2oy$b2^gclEScld6@zO8#eXH=e7Y3Ui!%GNZ*HYakhV%
zQEz#{{6E(CA6xrMLB;WzA?CvSG$5wfB1Q_0dB*!ZR$n5QN{EJA#S9N*G({l(YKA0c
znO}LfYG1i`D!c>>o;Qur4mvIohlgK6@Mgr>ZqYXP2ob>PRgZXN)jim}=bkU>Dt$EI
zRQ4X(YYJ4)$l!WJlF=FcpQ6D0e7>X9B_jhGN7kGCcdZ7T@9h_W(q7xdtLVy=y^1=Y
z#iPDTF%<sl<5@rPQP&C-a!eV0ATQ9tEU9H51GW3)DV|=LktL)?81^srwbi=S@4iK`
z@vWo)`gca&#3s{tV?EqnLPravtaqm8&7%+NAPMitkMGdy_II-nr@*9Opp8pJECXv{
zes7<`fSi4q$^wQwnd@W{g^M`nViHEsG*b`ib{pSsVgHA7rROiew;g<<a3f_WA~*PH
z$&<$%04cSe6RVg5Z8eYWvYLEuze{$x_l3MQhI31Fi!vtwZgUDe94=W`grfkM^SdUz
zMpQ5{0sMyd%>$ym`Hr1sqSmQ*${Ft0+SceOqgA~iC0_KT47~#x>RlKb(Vu!ICrSbY
z6k`NX=cm(ol$83U=;WB&%?W5eAH(}W-Y5ph><f(?b+ba~WzJI{Z6eR`oiaCq^n=d#
zv=i-@p4TNFV;)|#aECYoGD3j2RT*5R)7f{Arm1ZNQ+zIE0Fj4jTw;{dc8dV;0r$Rn
z73LCgBnapP1(f?uyEl+%g&sT*u9RQ#VleOpt%6xg1fbVCk}-SawwS9m%4AlRm9sYc
zpatJy83o;K$Zz4y0|!y7vJ0q!Qhe!^o9F*fuGdcE|LncWf8>MwF9X$%BYin%WeJ4O
z-;@It|Ku4Q=H*IR%dnL_*3a_v8{aLHtV|9woGoR~4S1+?%==G|7RH9&X6lqSd$%Q8
z5o^O1QIEzgp!@7I4+|<GaOsq0ZNVk|<@x4PPC$p*xbfg4g0|H@4yAAOp8NPKde#Bm
zW&9Q~mLli)usk!Mv>WVii5kG*do&~MNgn{Lc*z}h2DD7i8qOh&Vt(JzRybFxGt<rN
zC+aN`IDtc^xM=^ZKeQvcT$SSidegRYj#s%1EEijYdiC8S<-J8*Unpk*d}jzN3i5nU
z7VIcGMuRB?iI~AaJ`;20wU>3ECOB#%L*zt&$t2mgC=5m>rXX*3)hp*9CtcbA3nYH#
z-oPX|Q3He9ZIH5DQ`(G<FsGA8Qf`>-e>46c`0ME#V|!mlyXYMhp1$NsemxB;!}tNC
z0REEEr$Y4bZYm2Zc{48hKP^YXRibii*Qxx;;{p$CbE7OmZc2DJs**1X(b}Zh)<wsi
z{Z_bDZDt6Tz$Lx<l`J=ei3#XMN9d{y4ew|_bPVZSj6PF<G;(Jd0viN8W!AaMzC_h?
z(EXg7MCYr3DH?wmN!{0k(cWs=^mwVKJL=6{U`bnl-)s+~0LiP}mMvn82$abyq@~*s
z>2F4?5+D#fVtmw&WeQAo46-4h>$FuQB+H<k?NwGt3xd;3Cycr<((&zqG$3SDF4;jx
zk|=b8hoOqEFQBt$S$>>n3JrvZ%1Xp>qnrey02^cTD*1kTR%T!)1|wPoLepRuq}Inh
zkDe$W$cY_}ny1JB7+ZaO^5kaxAIc@;|K77m9?GyPlo^#l^jz!TS|2HZt~mga-}7_C
zP+-My&~U=5;5$W;zYmCCMZu`BCnMKJKgHh!*DRyVvJO+yu7G1GOx|-ZHrv;SJgU9-
z&Z37hE;<mYn(`a!ApP0)qE7;H-)35?ZK-py3*pM~NoNYX4kpOzH5#d$J~x5lc$G+L
zA9b+5h1M~irEbf892U9yG-hzl^uHWc+ze;{EC~4Q1Udma?ZY+|U2i%+oyP?L=I0V&
zVp#yVs|byv<Kn&R3*(ubP$)VXkI=>vaHM>1kx{mW<*VT34TXIt4VRy4q<a!Vq2Szj
z2A;j%xjq_$#9ZPM^+3@n*LJ)BVSy)*p2u!Ppuumoj8t@{6jWA0OaVnf#<2-_e0~at
z#poxMhwAe*N?CRo<GzQs+I|@STh9MsTs+u^N{qX>xdA<8sGt0J%mX<1rfqk}gus-C
zh~ZsP7R0{*u1l|(UIb)|iX;O3e1`U29tt2g8Bsm-Y9q$3bLpLLwa(&684xJWf+_vf
zJp|`6OmGmW)R}fneFQI3^^|!60QQ&ntZgx9;B==0Qyi~=Uf|fmC>NfIQEmZt_)eoN
zI<Q@tYO?-u%tTA_Y~fXmH)%&OH+ite7aXJf4BNx)h!Z5^b2@kgc^yDx0o+)=3^1b|
z2`)hUDIJV{q=O64qexSR{^5{D$D9w0x9COtQ-C-6uJ=n6NFO_v0q&P?XZVWD=qOti
zZP&UMwuFKD$rszGyyQyG#_PV8ucTLQUN9Ahh>?S+b~Zc%<i?9ksP?<?an^r&29In5
z4k!pkGsL_^;JIwk?jMDWb}|ghknI?o!4QvMxh?g3DA#M}I)9z&7Xg7jpP?)qH;$h>
z{zFFlqy$bL+q4@UltbAcUf|dbhWL7qT&vaF_#EwIWwulNyIDVIsLy-T7T8rm9qm~3
zr^R8Mu3F}&=lf`18kEzJmHwdaT;|rtEcEj3KGP-wp=3lZcyZjW9~!`j`p_MORNBx9
zG;ChB^g^ycI-e`fo9Um7z{cR6$x+c~PLQUt1E5Mzmi;FnYh#%rBSpMKlQev*G*63Y
zC!dzRC%V~<v%XD++M+b2y#R0pq@b*f2mvHq?&gS5_V@gsAXI=TqAY18tu*Gct!X;|
zUOhU&=%D)Nw!`Nrbnrtj%K+m~V!zxCBZ~@Y3>os`zSfR}i&3>1wvKAj_<`^wkOL5J
zUwH=KODL%g2FuV>pZi(*E5dO-^kSl5eh11XK-i#6RCcC1wz*HK)UQJj_RDRl-$S~d
zz8Ucw|2X3LvzZSpgxDvK4n|xTJpo0ultODAp+y)Dm76(N^D<U|oRjcM2zxi4hSGAc
z)uRBO=P$;=fwRhSz#K5f^sw7#5AQKo&J#&X<c06R7*mdwCg7e5jM{MAs2kW%(T-6+
z|D6tl+Do11dp7W*GbP<a-Bh9p=27NWvM0#!XeOhu6Hvjk39M{9mtL{~7V<_qTU*uP
zY*&IY>Tt*m!BgsG8TqsS*GCmNjK*Nx0X7J1Xe$L)QnoHNHJmaASt)(lYrh$Z$|hav
zySYgc_+OW$^7EJWKfT_g?cYs;O>0p(z~{vSF-Sxj+=!8<$%;n<%0RI5CHKjY)LuKu
zD?=<8c%pt^5;75|#}om{zN4LFEDm;=dl2K<GT<hhDLnL$^z3C!E`0f=TiE|0U4Qat
z5&y+cNBr22*IC%QV944wA_To(&d@)W{-p;aem_5#iERjp(=dtW%4v3IIUAND%9G07
zCp&n(*XJW<Mdn~ROh(-+Eazg-8&-Q(@=sumXE~ubsB1O=oRzXiKc?sffCpFi6uq|B
za&&D5?9=mC>UCkTIO9Kzo&|6bXfRSiBTD08bZ3ONp{x=~x>R0K8@#`zA6_>MANiAG
z)2*E)IzV2*QcFf+NLzs!jf?Ajm7SY3L3TX!pDRtwh|^$mt_ct1QGFcClCBV6i4GR+
zD9b*<mz*40+Hn5&2xCM<zf_CfKlAC|jfkHrgSyHIPC{Xb#Q{JP0pS-fpG=h@H7Ew=
zT1Y(Rd&tNP*(uMGM59567eX(nge==oDh#POlB8F}_AA`#hx?R`JCMUtSz3bg(noH_
z{~=#*y%X`}|L2$t_&aZ(yZ;SCGB)>#GsHjSq_rMBH?4{BTSQfg>9u>PmNMgjANTeC
zb~h%C6<MIJFyNg<_O%?*doH2$g(taEWD23S9%BQVHe{N5Y4WfZz&k_gpou#vMGvkV
z1ZyXwCZ4~|wpd6#qUtW{!-!cIQJ-bGbe{TnCnqbm5ptgBFWN8q!anOawL7CkTWveH
zC#KF$!;bVzIav|okZsaOI(Ke!F13B^hs%rZrM&Ee_Vm)r>Inm&S@xN3qkdN(a(@B=
zQ-L`EV)nPBA{3DUh)Q`!-&xjfw6?2Kx%Kai!ojGccU2JD9R^AQ1j2M1sPq;Ly-Go~
zK4hLsA)@Ap5-gyTPAtwFD9G`w^Kw_)5fNj9615$~P4r8UV4%T6{ZxR=<EQa&qaIhH
z>dWI-Zm0S^^y?EJIsX3ZUy8W9M*QAaqks9WXs^8y@y0t5*Mo1$vcHIkIClWdkhpI5
z%2&~2od@kzc3f_#xXAxhPTZS=&#SIg-a5aZ?<${~-oAODGRWyAt{efhL0(fj9hjU<
z?^mGQ!_C>uKIp<eIiN@yZPmM<@~&*(KFaSca!v(xMDg6(FrW;j)9@A}r#hmRtF}>B
zrEx}7g?e@Zcu{Gbp6gi$qXeY+a*n_@SWeG00<p7ixf3Sd?c2$!;*~I)(@`engQ;u2
zk9Tuoxa{3t>FfX~+eQ7Y=g`6OUaNg7<H(El@-k?Aec?2>;_(GYa^p`&Aeu)2{<Hrj
zqW|qVR0km_MwtV$GGq<}KuDHJ&=E0=Ziy7AqkP`bX+{vPgHQ!wwJ1ipL>I^eXt#SU
z5-cszaBsjp|MWz_{LJfUP>R=o)_vRI?{<CvhY?TTig@kK=wE&-;t&5gios+4Fk*NX
z#W2tyLuMit{A~t>o+ANtge@s@?-cKp5Ib~;JfWg|P5HBpx?j=-EoQGMAjhVVsc3yZ
zLy0sJs6*lN@;-UF307#~*tWb;$HtA3>blSCW)zhCke(xGUM4<z+i2joalg>5-}4-P
z-%khYYWmHeb9#}NvJcSbjNJH|`~rkwJIeBG*c(PqBIa?M_IglXc`e2??aXTPERC6!
z$?;5Ew6I}rO9(baPftgQt{ZG8B1jei*xxR~UAE#hK}}&{XP5^8Ge?W!StrVNuY&|x
z2vB<43x=HpIOeiF`amXgl%IkqX3;y?M8ZRO1RA2p>Y|rIz@(7>ez_g&bGwe~-}{k>
zzwy^1{>EQBxayrhj(F{@=wE&_;^|k8xddtak^6KnK4nG!#dlDoKGVGzen!eHh38w3
z_S38D%3B9?g*?8q9s%C;lvOvLkzDVWNRLegmvDL;GUZ_Z`Up$>U^scv_){Md<kLgT
zw1}2DgKquQc_p$Eqn&!8OJU>t-l`H8omwButEI~_1kPFX1Y*)%y+$Uq^)BmZG15GY
zBIO}Yr@r(wK|>@(28bz!j{b9;MGrbw9(9eVW5Vc%cq46&I-zmfMwxonqbi~S+ppis
z9C;PrXQP{CIX{xW3>>FHhg>G_o&aP+guO(DoR`3dn`i<s!E&;!gRT_-?3cG|$e_<1
zA=05BlOd&C3c;=M%uP(jA4HqH{uqN@mWuQUoi0TWoJKqiJ3?_QM4G5ebU6n@%O1tB
zL|Yu#T=KF*fwm~hL-iIkde-~o$<6rRuJ!eizZ~(mekR)A`k8}W-uPz3m)|;~1HbpR
zh-arU;>nqp_skQQ@x80OpFG)yhnVslQ2}+g9BaexreO7c0T^wTANOX90}xnt$J{BS
z1Zrc9IuvHju=HN#u)7{IkBf#U%iHSnOe+*`9y+8LEqJ&-AE1QyVf<A`E<Z!NTaO4#
z;!F>6tKKokv=||UkVVIfwN<(u_mbvvUNDDgit3=xbmFEt53Kvt=Zq>(4yXVWBS5al
z(cU!b0C>48Cd*!pXT;2(`u$R$^MjC9<2Xgk)#vj!ZNKf&0bU-x_7qD3XDl%^@MAMA
z;;j)TSPWu0z7}Ce5!Q{UP`q#2!wxVE&wcV4&LMFebr<v)<DG(T!Klf!hD!5Y)LFbB
z>{TFS$l1jVXYD96*D2coC0Mwt0{7A_=YPBYoL7s8zxvULzxvT=|LreDJim+hov%fI
z_3emP-->wi+Yzy!O8}`XrTi|ljFaCBXzqi*BdQUT667(cX=o7@q!DqW91#_GTo*DM
zQI#gzPR}>%>h(L<SFfC!5<OJe)Oq(fF>bv3S!V892LsmnF(w{4Q9H8DXy5hG3F00N
zgDx8CawAC3QR7BWxuh6Cqe=f=tC20v4je0%$GHj#$_S{!-h+;A*NBc&C<_mXhwqMO
z2qu$eD$lNLpMk6L-{gS&sy43-HzOpSeT~6)49_nQJ~9x>cDeEIM$3p%b{Ri{3zLTy
z5q+za>VN;Q|EJOV|2Zj!Y^b4PRg%baMR=hTp#AhROkot{odv+SK7!%2{0E8Sq4@$-
zBm})OR`zADL|c`U-xsuT;Vnw64FKabia0(0&)<yy?fO@9eeciCbir35zVvp)AANrq
zgd(rT*To=0R$Z2+yzOaN-GgK}+M@<Eo>YRxQ>6!|_EKT0{@vuzJ$>}2$b3h;2sU6C
zU1k#mTw*fXKIx2xH2b@cHn|sA^p|<8rAz=cp9Ch_apecSenvV7eD2d<9H(i{gn7uL
z5u;4CY1LQvOiQ%X>DY%O>UL)}_a!$-f)mJaJg)?$Of^Gy7n;QQec~4zv-?2C)L-y!
zxs2aACL9O1ht7wk4M+Pb0Qh@9`y<i%yR&fPrE;GW;_krU8t`jO%Q+?@f<PszKq5NY
zw0uzs<3$ZYdDyc79sA&sQHo%o{tN-O;ZeM=aI(LBw9^IaHsSAf{p-HI{@sW#zkNgq
z{@GU}{`7g3XD)l93`~aJ!1(Ga^8!xqMR|B#WzUUP?|Yb4&v>+g%d;Zj2}Ml>PR59G
z81**?M8!D?yoWM8jgsN{eWVT@{7fP6wl;1>x7p-lHy$hJjD1@fp@?%luQ3@_(!;%f
zUd6dlGSBb;03ZNKL_t)cuEl(m0zg*uC2uKGu^OMKv?e$$#-G4~?Ohm1H@;I8Yy}3a
zA1hlm(QQFjwW)v?@RX-c*oX4`Ug^zx_}ifQvxyV>-~G8ijEIjeQ7tcqFE-106d^Fg
zwKB@|oZTyUKf+GP$eFO!NCDf&cfGz8EY9RSFNSfZHfAMJ&Q2im7Zau8+HS`GcKw^b
zdXM=1Z$`ZOcJx=j8u9zzIF=wr%u1wRVhw1+?n~DBTdU9aR+n_81K~58T_Hm@-KZ7W
zH)nwFmaUKjeKg%cN5p?uz3wd%6isQ0ZC&U4>YoKLnhX!UK&xxgvuz&3Dd!F#m?7t4
zFzOhTxetZl)^F=G+u*uzGOz}yxQ~E4s&v?<F<V4Zy7i}&vxrJCD&@eFV1)Z1cr=C4
zG&;*u^f_W`tI8mcl_TcQHkE_s3`ErQ*#9*HfWQAU|9eFI;^^S{@O?la(V7~>sDNh2
zs^dUr?DQ(ESZ3pz&@ya7rBNnWoP$!rV2^AkD=3*%Kn6BAc!f}8VhgcpfZR(e$oXv7
z?O>nV^%vp#;d>GP>}%1#^wo$jeI?@U@1A_?UQfg<uV!>2hRo~!eV!`ir6^)k{)#e2
zGtVp{^}~HmN|tr0&#Rs8>`a~;3_>n#lZU!6ph*iDq(Udt9j@G|%w6w{7e||=d%Ua+
zjho(O<iR62eH+nSZ|h1=ORx5JPEe$Q-lA-ZQ_eUz$AfK|cp!$|n7~G}cJ%vcHUW#k
zXWExm?|WE&0v_&6;y;&L77%Q9(g7UloU~qnOWI14L+|_XVJ<h?|2oI#_w6)&Wk6J2
z7w!y$bc1vw-6h@KB?8jj-3=n$t#pSpNY@b3El4*=cg|3E-tXS~<NQBs?-kFAy`Gw=
z$KMWdC>!0OHat=R-DF}n6PDQ2^!2|&OQO<JXGr1mub8Q`lka)Q1bn5(OdHT7;r9j^
zP_VJ_Mbe50D-Uhf+WX|kSIq$}*;l=W!LGFwzEnE|qC{r|qP_udQ<&67FJstbK6h2v
zo3DMYy&?M9{QrjX$?<YSxd;jh<3gxxuzd?Kg=rslN}Vkje8gxXP8r@a%#mn~;X2wf
zoy6Fbdw@j>Hv+^kMDVPX6-5pFEQGX4$cnWPYrP6?Tp+Hv9>DJm9-)8!URED!c{!H4
za?#)b>zWcr?0aG-zn3-9P0T9F-Nf9_j5xaUwDP+iKcSeg2}8|<r-N>mOK|DjGW=%G
zwZE0l<UPkAH`>n79ACQ$XI^-WOp0dh&eqyGKnWwy*vx`~p6AXrIJeH3&O8;kk^(|G
zdG2u%*HU!yT{&2w-E4B<BpqxvY@Ggm0pGuBmr1@&j%k^JAYANtJFlJuTb3aTlqzYe
zZ@=P?z6WEQul2vSp0Hov%^Al$rsv1pGmCi!1V0I38$-X`{-;PsLf99gVWvm{W!R^5
zeArU6_j*GE>5OzOrPu=b*>NTNGpHs}vr{Z2t8NFC;T6nZq$69i0t@MvBLdWh2KswX
zb=t_yHb?_e4#%PdWaj$Ocu5%^n2=T764Is>z)NX(BO;k&UCwZpaI_TG-I!bRtx+b&
zw01t7A@ECNQ|}8T*r<GFK4|gT=mS3%Xhly@uH|nY;pIQHbA9M52ad(LjJI4CP+Xg!
ztw1#068)0cke&8P?GwY~?tYLvPXh|>T89dLnU+K^c~cjkzASs0e~{}YcHl}(svDc7
z#8)d?yngmkz|_uI%S_jE<1_04P&q10E=WQ~O(L+GyTZZ_`&p;oxbr(F?|Tg?a!z*H
zWdfc{ZQdr06Wh+Qd!Ht`4KMGaHsAibI$OdcWhi;54slS^(KKCFT#FE@5!Wm4D+~`l
zvc6~VfJaB%%q%B5c&f=)@||2QFAp^C;2=Xj0&7jrhA|sebf4HJ3>~P5sUip;Tg%dF
zvhyb8MW`28$2Mpx?nA!YOw2}#|8OH+rbt8zZ~kFf*Yzg5;zpYp_kurrZfC(aZXwt=
zjCc25Xr>0^*nNqwx&4lCixVJ?Bzvfv5~+j16pA~vNweG-`&23$@!2-EI58Fp90a5L
z5NJRd@%K&OAwiOzoQlRGAHo^n?X0`TmXZIOlSyJ(SSXnkW%)f0@J*3gDhRItY<)X0
zE71Mbp^9_qKUf&)V%QR;7R<6zE{1=#DKm(fC)ag<cWC_lWzad0W+!`7G%b(BP!Krr
z@Gsn-mM4I?8eyRNpfaG;J*FWeXwIFXid3{%K)Ado%j#Up7iZprAsZ^K3iv~S%FarY
z*qxzIoyuW1pSljMd7B@0l$cIG$l5yyB%IR3^dJgm)@gboR7zkbW9mKt6iY|H-=7`&
z$n%PA{u}=k?+>N|pZk1S1tL@;tm+rSkzNquNG#!$qe6MzP=)rY40P!0J-jW?vEy*4
zJ7>^%gJf?))T92N!@J%m_cvGRF3zMhs*-*}<_J!4aFTR8eW(%Viimh$F?N+gu;}b?
zs6>m<X%n)?$<ovu8%BYg;FyS%OKUw0u(WPN4>l7YcVM~g(Fx3u2BIzkgSU^=@4lzR
zSD+X#mLyV-X^JKCmt`W+%F|?TyT`J$u|-93{ZKoLjf#V(TZ)`}h>G%`3fd43o&2SA
z^c7=yIvkr#z~Ybga?p&*^n1CX+n4LL2vIsna)e%M{K>rPp$d>Q5f8nHb%n@1`*ZIs
zhDCQn8Den@i@N|u+ktpU^1t_&OgDq#_OcC(puIcz>4KU%Hr-{qboaQ?ac;ol!rQaP
zua_t6tDRrZ<q??wWHU(xz1CN9k?6h&*r0-#$}SarXoqDaJY_+g<q**EFSYr4uCnG<
z>-L}>-Sc)d;^=5+Ip{`huzsD`qt_roFZRnqopjghWRzGeRWS3iTX^16+!9N$P8xZ*
z7DUS@+ma>Cr=`zBww?4BnB?Y@q^tM@l_}w7{4|qfKZk3yn~_z=zK}-zO=IwN8M;S9
z-upl@%JdvhmY&t_(cR6hJ=USL%^xHWHc5HfV(lVNF(0e0Y0P3MpSWh>3HE4OB9l!(
zk+gR%6o=ro3^&n1IB9Etf@GHq<CD$!4RZDZbLlr2EVH{kvmQo`KtL@zEDk05V#Di!
zZ`vQ*cipvMN5I-s?8vEPV;(wH#$ou$jQ=}!18->Z;@xaqt&e1S<h^u2_rrFg?DNWh
zD`U<&3@;36jDqQ*1ij=}zw6|lH#eh~o>&gL4mBWGt2$*5$^weMT+b5+7I*=+E^I<!
zTHGr9C)$74$Ju)eYfo`=8Cpb!9%w0b32lfq6H`>FoYRrNboSl5Ce1SLvkH%2=YdeY
zmoB@G{{?YXsrcRMRhlAdVp}n^3R=bCxJI{3FJyH&v;Yg@@25P2k2Z_HOySY$mVB5y
zLEPMThN4-ooaH{OueLb9t=^YYyuj!Y{d=Fiq@R{kf?c;YO)W_MUTD{xqGHKLxy(7N
zobQ%d=n>qT!s3<52<IOpECtu-$JHtB`=r|)u<s7QITwQ5Tn0^N*onrlJ?H;Ver#-Z
z1L~l2^I6!3{WicZ{XE(fr32H0)*e@7hUcM&;U-$)fHAiBY}US+q$0P8{`qqxzd>Oj
zYWgsg&ZfKygn<LTy%dpe*4%s~Gwh2fR&&t>7{Ahn-QdVYFJ`pkS~5nM$C9lLgk1!9
zUL1&XY5nu3lX|oi!!nmK{hq_gIpSE4g~$VELq%7ck1tdYa1xlvTISy}oLuyILfL`z
zWx_2IRXl3|Y@&BI$&4;)`pL46a(JV|)5HBfG^>>LrwP8WBT<e7Rs!o1XToR(2$i)$
zz%3j(W<B*>erNo_<I$cxC5y`=9b0Ov7}*?cUriXw9ViqB7nE8vA*}yq11LqGlmCMr
zttT(F6#kq$nPNm|nPM>P0Ye!_U)h6bb{3qa11@}d85r{~jfg}Fyx+6-XJ$a)S;!4`
z?W@Zn${tZH1|%A*4IR^e9@GAAz0%H?bJga|AG-e_EY%Gql@*)QjU*!eidynzd>K$p
zG9>ndKvrQ*m-VOZBg@4}vxAW>A$AR`CDZy`f=bjmY9hga4d9zeku*`QJ8Y4?i|ES+
zQ+od=Oh+}$OAscw(Hn^;5b|$+xM|{-!eT>;j90C5o!lBCi~<B&K`P+)Pr|1rNC}<=
zJ|1X2fO^v}rMA}(&Gi9bQ7a<96r%r(jgu&(99v~altNyrhE@haG;z`AU~heQgFBrT
z-xg2I#fYyO^5gDdkKCxTd*9Arz?23`@XE1s=PV;!{-COknaJT8AMzFLpCvyoHYZV7
zivNb$92Ew+aE&@0TmB**{(12!PT7O^AuV4v2mbd@3To3K3eIvRn&Rd$F$jl|^Y2zA
zXHte<;XmIN$c%G20|T{}YZ7VVm5h;b<QJn-B8`cJzb60Py?p*n@!i2Fgk&Y{Ek4nw
zrvHi7GR%vB1en$K!sH>Px1%Lnw&tWFH2qUWzq{2Ld$Nb(Hi+y~eb4LhbT27(@F&C>
zk@EyBgZWTK2pXsE{APJBBu>vFs{FFMunNa^sk*0yGAaEal`kfFbEc(<wMuLD(P$Ia
zx(+^TYK1MeKk<60>dJ#T2!DF0b0GJQl5y-~*oBONt&1(ZVIPfh4s`schjXJavVFpM
zKyUU-@YI_3bPb`&lbG)*QgIdAv4K<k3BtPjzLpb7phvgrFx#|!0gRye&ln};Sp6NW
zat+5+yBlTK`}vHvg85@qyQ`AWX~9Vv`8j|GNYg!SDS$O{i$3NNX23@1&CXo3(%+x&
z;>Im#fpPc~1CBRw2D4zE2Ab#;44tK50g6jYzb)j$eA&I?`=8?G>H>(;P20;hs=|!h
z37;?I=I>sjvv|ID<Cvv$>(xMXI#c)q$$4-T_MQ9(*CUS|jHr#^K;3WGN(ae3uxH<1
z>$Sl(i@lGgg9L9JPy$%HCb$dts>b~l{0qKz*nt7$)_Iv=2<Z%Er8>G7O`R@y))`(<
zv`*ij#6QlAJbW6{>JzdVeXzt*3)2_&CDtTn;zrf-S+?Cp$hzp8?Etg!bLg_6$|=&)
za5;&Y3?k153_aUv_owkCehF?FK;xGfWa84GmT{_|be;cA2LD6#>Oz@FWfsT{)%wKv
z^oY2cAG9YH-R6xUE`58}O0$zLS;AFmLXpb;S-{tCC^S^LIM)BP+6|BAIRQ@xRIb3g
z_Qgl?V!3s<s@Nl#-ui75SDV2$g+K0<_4Gfr@BML7_bfkH7r?br7jXUfntmY@u$?^{
ze3A=G+i|bx7pXSUb_p&ZDC;mZl(QPU&Q4{>*TS0cpaX%RadYoP$%nZ0V*@^vyZ(zo
z{F}eO!(@N0CZ!F~sM_~m(zV>fh`Ky)n#OM^Wn&pSdhROBgSWJ4y<izn63*pMr;?i$
z@m=_VOI?`n-dHGkii(+k)9%wuUU)<LCGHKj#wNfWt3y#JN;UjG>XKB<EJ)F~_aga5
z)0sd2rA4ua0`TkQ?(nP^Z9f2|amnGH20Mj!CVJ`jo?}<G{^1aVjy1A6<^1gXpBL6T
z0T5IzL|@8bJtHZhK+OWS2aK{&VrwBM)3;U6&eyl@pq*hF*jM~=mLIp|KX?%&w1av<
ziv4vH;x%}4Bar_{0NjUhSA~UO%LOEagoZeIykjTR#=sKHzZspiz3h*RCbEAqqAs8F
zY`F+o(d*I#V!0o$nNPgeba2mq$~s$?^+!d&^gq5oS&_GFpI>gPb1OssR$vIUhxd#^
zIk1g%jO&~pPSUxERC8_gdHs7Jcr7|7N&C%twv5I2m%!#^1(F2KhO7Rn*(FJ49u87I
z<SptU5zv)~&fX5s77Ub<0hogMt#?C6qeq&!YrHNy;%EG&=hu?p!;Auj^7(iwrg7c5
z{2CV1(G!f`NskbgOpYh2O}|+^J1?F=QC%HbceK=~MejbW1iw{AiFL;M+$AO)g2i5n
zqgvmVNRumMI|u`gm>Bl_Zw4;s6m8b>)DTN$qWPuc_8ltCH|Ui`N@-`yKlyUep=l31
z){Na%$ZtGAbbNvrGPp*cx_So~ptg0TA{Few*jWx5L3ktsGh~j>svj)AMZAO=sb%97
zCy<9F2=^t9-!=v|hBy8|-M!E_w0)O5CSzPy@o^|@AJVc!V|aA{0La0caE#f7<?Xx!
zky+EABNK>I_Ju9hG-sn<SRl#4J2V^QFG*4+!C{nW(=}lIHkS2mubf@KYEm!j|0KPs
zW+d=%-y8n&Ke7E^Iuog1{|y(tOeT_T_THUGVFYaJV{iIJ1S+eF>{7j+%gzdWOnpzZ
zy2*jg1P9?5ma&1xFVC;qV#&i)7hXZP@};OpX|ujraTd~?Oyqr&mwerZL>CCt#M9$G
z?(}l&2juX7x>$*iD?Z9&l&B4A83racDlwBSR`yuENURdcl=V$Dm;{T*+Hw_6%8hVp
z;bkSGwU`dH{Un`T3`w!sN^mCc7;M1=nDFkb_ueRp;nW0+`E{m^(lbr`XreTt7WVt|
zQDe~h7k)|D8*KpoZtDk*r0>&W^1Ho@{#qE7i=`jmv2sI0UVCoG93y*Sx=!AIH}s$?
zekq4t2W!HtKbWobvDSs>6|tGe^ttb1P%0Alqi6e`R9*-RHY{A1J_h!rpC3ru6ZTA)
z?|%Ceka*|RJe5++XFcA1f1MDL?)%umr!rT}8pYsMQi8U2#M1$>5Kmz3hM?V%pwmIa
zYQNkinMe0js0vp8(uQNofzQ8hn$BOpq7A$N#Se3fMMY7p_Pkw_H>W|4-*(wwRd4VA
z+^|1rC#c%Pjq*VHLcblXPrCSb3+RB|#js?%4>V#O=%WUs!;DmYgGeOTp#s|%H~(cZ
z9fp`^9ji1(Z>qP!&}o{UOVz=Pm)NMc%x=E;mD8V7pnUhuiz*Fm&B~uVN;VlYapE@8
zaKc+ledq{bL}=eeLkgpHR^rzcx-!VD@7z9H^C~<Pt&S^@?pg{ZtaI`k4W0d3RRBpY
znSkRE289)D;3j`wbe9LObx!-<yWhWj(*CLEU8h~u^ALC;@(>3D>&s6$op_ilw+VUw
zhE1g>CCoVbi1tne@Ta>UtQVP)82TwcnAoP%{VfsmMnK&xr$$)n$>ti&%CVlp55wX8
zq#{%zd_arq6Qim<e=m2T>#~ci&_!}mno!Wlw1Ox+wUQ6brh{@unR&?qwU4_&<AGZn
zzF<dI%eB8EE^~MH^G8@<_3hOVkII|1_xtHkTqZL*@!1b*;<3Lwzsn>la?f^SAajk8
z<eQ?xP=MJay#&8s%&u%B|Jqkt^*`~RYo0ilH@(6nZ+cb&_?D%h+KqURJEtvc_IKn<
zpy!3$k=AwOH81+hJ485hZ27|UaI5KJs*}H4U6M(S{|0UDb7~A)TMZ@APWgEYb)hxZ
zAtsy1hxJ^i0;gvgg9-(QFW1U&Ty+2NtUiH$n&M|#Ol~T1<=w^7Sv)Wk_K#I8TAS%E
zJ$C+ib@M;OZW{P|afmed{fy{hkrc`5H?QjEJOwKu^T%J#!!1iDzz-NUUjn%l<%RDk
zcGwIk042{7d$%1>J$j?-kueQwb75mfBBdVpFjY!0LKLn!AzIosJg-~IJNTESO|QVh
zHGW_?t~PwM6_fqLIix12Y2w-<W%qOFL0-b`8fWm<DkiXXU4RST8}uM5c#QR_uKJL*
z)I}m9yp~ZliAeMvx?vS=B*m78$*5s{eVNanuE-vwm&rm9m?ZBP{51;EZvzR5u|D4$
z3wXn8KHA?6T4le)C_2m`MCeEb*M<{o(62VH4qHRQ2kBqR^Mc0haHCj{PHA24CnzyP
zPbyR!7s6K!hQcI9bz8`YY6=}g`VVfELGP8^BXEJC@O!rs=c0M<;`dsOgMn@jz8C1Y
zbLJ(DYg@BwkRZ=$7RQ(R1e=PO5tnkPo(9Pu5;pRTZMq1rpu!&NW2Qwv?%yeYOl}Xp
zzp*q;^k26>g{=0(J{MlVQFJ5vI82gg$YrOR+F?+0o3H2u63p%GTHk5rVi^7!Qom`#
zGg*32k;m&fO~G?SaMy^ZqX3%+uPS)w%vkkb1(p5bJ~Ai3Y4PH2VsYGU<n0Yv-Pt+4
zyn2ZE*IFM<hpOmLi049*cH~k=M|V$sYF;U%o@?cwpdgS>KcYw2Bh>8g^58wD=2$n|
z^!h}C<K~U1xp8J2+Z>Z;U_&`l9k*lh1EGUb$exrP<G7%#cvcmS1Te+8wHeEq8Lo*>
z>pVQ#jH@Nqvv8qfwJSEx(xg0YE^^t>ne5z+`Z$vdJ|G8hkzM?hjkMj}0j8?X1$-!*
zT(01^j-rKF1MW67>5%=i%0R`Ly{-mXYU(g@GWP}p{ln$j?oZZ}(MXPH%S0+(^UoZm
z>q=<3XV@#EtW(up4hd)3f;|{XL<99nd+G?r666R?^1{Z|fwb)LXCK~FUo_4x&ep>^
zr^^$JC;$NQpjDM%_!5H0G3=tPgc;ll18d98N4LMfswhc$|DXx06mc~4<G-hv{=Q=0
zHlU=B6u4>vl*;wa<)OIdhDmhVx%NPKx!sv0#sl}&SyWO#Z&b^QX)zpQDU8p2K#=3<
zDTbV`Km(1q${(tV?w1zuF9kYMFFiezYd9q@c`AEt$rQqAHE2X>@$loU{w&-9uRUHR
zh@japmALt=7UTNoj?t2R=alb;MalSg-FEZdL;nwoFJF7&N%hIOA7bph%#=2}I{jT1
ztJ?h+r-6jzw-N=xq0>brD4p<#5~M3gGMqW1qXK}xzK0xxH%CHK$P5uih~nTdkwkMI
zTC}7<LqNW;uFc!><22Ve%M$~=10c_vc<x4(L^Sw?YU?kj!R5Ap$i+ovg2pELaddob
z^btc@9}vxTx93>zqn#d_-XKHU_ot$T@={Vkq44EcO))P1(iMw<JL2J$#xQH+<N=%D
zgHOBL;k>ZHGL>J-UK|GZ({3%|&{l<@3E0A7x;=2TS84pbahH2_4m%Z^{E<{=-f;RE
zZCF()MgE~m(&Txo8G+$*zG7a+b4zxu+*oT1XK{!XBUxG??Rzq~_g75m3jjn*+%id^
z<iO!F+&h6<_*~o%`2cg+X5NXR;0&1WyqvS%`m+gg>PCe~d4ni=F@4g~1&-L>`yUY>
zXul8p)5-$c+8xL`y11?$X>*%`TLth=;ZL!02482Cf7gFUyzR?zNghmN;ZQT7dI+7f
zMhO^<Xoy$GFEusC*@qGHm8`O+XLwT~0vWNj%%fxQgS@8^(|<eKjdfPTEU3Kn;cq7F
z-#@|~`H$G{a*Wu|+sq?!<>K;|L@T9H%xGTExh9-9D%s*>AND8`2!f>#<PTN{H$3NZ
z&i=C+QbAt}<bXZ$J<JXCfJ3&e8_Zvv=J(Jd1KRuJV&Ty3{=WeH0fA$$h1e`iz~i;y
zntsJ2LxkZ67dRU8O1vPvJch*|57YPMsRxRN^QPMWzTD7dsYe6Iz@RKE<!`J9j;Eh7
zhwGDaS>xmfp)TDu(>Q=N#JyaYkr;m7-h~4IMx47LFY=JG7H&t)xgM28Q)!i>&er&$
z16VF7KHwdo#VHlY#jk-@1!Vg6Oq%|6`&;k-)u%|U^B}agyYo=8$E|g+_q~r{#nV*m
zLvM)th~&owG_iEkUV_|F!K@{X_4axv9MaY7PrbVx?=K7QK1B4>+O9S&j}siI=c=pX
zp<!;Ba+D@8N0LxeO2q+IKj=^#Q>c)C`Y3$^W1p%Ih`4xyQv@KERc}Jm#m>lAAm&)U
z&!hmrVFrctxzo>Z96O+T1$JPiq(rJYC<m$L!l-W)Bw{q4>+JeIyP8oWE<9gq)BQDM
zpUnlQh^j4@e)`vc-q`KY@&I8AQcf-MHotvyh6zW}K>`VTfD87dxD5F{AeTGroMO%h
zO%zc<>sTO*;8ye~qNMjDNKC&U<s&*hZEI-Y%bnT~rInEFF&YCX2kUR(Kff3(YN{3V
zkk*n+{<Y~W;=^ggZuY`+&ND(cc9@5kGJP?G{#XY7EasXgPSL<$JJYQ{u^BhTS<QrQ
zCl5UGUIm*t1I5opLvl8@d-o9HG1V+|QDerxWIX)!O-Yj`SYM%xs#f@x)TU_qUNf*z
zO`=Z|^L%E#^8okN>W5_pjn>pEN>1zhqjYO@Io#kKe-L3C3{v1efb8`=vXCRu4=viw
zCemmpwFy8Q=HA<gR=!lz(l7DxsYEAm45#k3lm$xwH+ZUQM@Hs)Y^NtmrjYH&*A$$Q
zcH=L{U9Z!59sZN-&r{r!r3{O4oxnBE6dka5f4Kg)LWUO`edX=(h68N~08U{xlL_KD
zEr<<XFQsM^l}^J}!hIt|OcJ@g-f;B6G-Q0^3T<4IiVMk3sw@Im?#Xmc(cPY}--yDX
z(2xDYG(_0+%7x79mIxT}9Mtn{f(m~-Vj|u(nt(QjM63vBy5-Sc!tK+&ddff;&)a)6
zW6^!BDAG<^u!7TGo5L*L-+R*IYb8TiQh`|8jvipa>5PgtuxQb`HX31|b}ofrdWq3=
zFV|$q!E<CkV(b4fGZlFk*$p#=q)or^;Us9)$|Am%7}klUaE6?!h7=EMJ(86bfx+(%
zFR*TP)7eEtPrt*nHSD;}m3nR%Tu!<{QkMtbKumo%gRRnkpG3@gRoU`{W4L)vJ?Wsz
zg==n@W}s046FZVIkv*4=gD6LZm#y{8TrA1ElNL|&=%=f}l|i0fLXV(?hzwYOh%*Am
zobznmw*|gRknyVxG*_vwUiy+DkF38figfK}6i`Kd;iG~CUVTQBHOArNA|5RiImhC9
zL}zLi25~>HbJWLy(KOKcd`kwea@KsqrsZ7z!JjU@3pm~d=Wh1F6rXEcgT34VK4=H8
zBpC8(E7A*nlXg5?vpD@Yl;@cZu)0bv;0Z`K@A%^B|5LEV*hdx^6(5Y_uW_uhRlpb~
zV)96U#aKM?F*H7Sd04G{Q=#nt&jO$|49$=CUJ=n&x=6gFRH#%ey7&9073ku?Lw+o;
z)-Y&bU4E<&5aYsR1g&2OeoyKi2NLE%MFG8stz^2zhub*}OGLay@*Ih~3Rh`vGjP8@
z<GoyhzsOxdCQT=zkH=E;>LC5r5y63or=rL{$LU~89YCf5hJ%RHMW+oc7W~*pO7$4P
z*n8M8><+yDX1MdkDOkyOrXiMh#ZNZQu5fJ>KrkGK<~e-ztg)0m`AoL;9niwd2FbY~
z@K4tA?=O1Ya3K0Hy-};tvU+SH#8&NCYw+kLJDP&#5!b*`FsQ6t)<G<!u|!mb|8SGl
zS~cLD3NSI21TX{6CC?Km&Mkh@3XZp<_RypaT$NoX)fycjNDv<}(J5dP`@7XlHc!Q=
z-&x`zFm$|g`6mFj%mif`0S$bx>l-n@+y3wOUB<o1WrF@jhSFL;$aVY>_5xF^SgoEv
z)>NZ27vy=V8#TQ5=tYGn+VqX>C<hB6mG8axXbvb4<*wo^zjq6)aU^YWKE+zawQDk0
z64%FN#G4x(FDw#<uZleL*@d=$yTgco@z^{{h`MD3SbJbzV14=hFleL@H17TeSYL^4
zFmRmq|2yVJ>$7R@A&F~@nuR5-_oKyo^xMvICYsKPfs~SmU|M#PA#0sF{Uw?GL$wnE
zTL+-+_Bxb`|Ag^rF7Q9)Vu_Tw#tg=5%XI_u+>-*~l%{rZ->oMA!M}^nxaq&FCLcpt
zRCzuXm#$vSrJzyLV_P*KPp~CDZ15+-u`ER~hgHXguc~4kiJiB;BmJ&hXS5c{W-1D~
zS0TgsbZm7h?C6a6Y6!F1MN`T9h1?hJTW0oJ>wOZGU0sZT@^)6DG(sF|u1|X-4Gi&D
zc(>NmV?CtfBOZA#MXENPpQnLa>Y+~d@F60YpnT|u%TYDZqln4s73?<RLblwt26La5
za{sRs;!eWA#~qr1&EMvR!^v<z-G5nd_mR6rcC-d{B^n3dhFe2~fkBAMqclm~_pp@Y
z8^s8xy-}s|1n7WPcipp-s^pc;J2Y1Z0qHt$v#=|*Z;a8iQO>)W0`1e4yAnlm1ADcS
znx%L1>r{&-Mf;@!wCS$wcMm7P`8D)U@--jnU4PU}_s0~$T=ce8^U+@9pPvSiqmnaH
z-<|25P72{6NIL4$kMoMVld?0NDfdjIg`}#H^?@zHw3&cxz6+&?DcDssk&;4!&t-#l
z59A{g%<_wCY}phrD`e%mmMU58^=eHU+;WG-jy;EwDqLw?%qHL$Ti2u>@HtG_lW;R6
z6F;*}pRahsxgbe-Q%kq}oM(sh==_sft!ha+89dt;j`Nc1#{t)#Z<9SVV=^_b@Qpfm
z@8jy$8feVEuaJlvyyam$jv4}cEo|KsWDshU@#8s5P0U@gOamN2AHZh0Iv8P;bd)h9
zGKX!qlr$Py%CYZU?%QE8>y&Hj>rLdve<4i|qgl93x(6x+CNFEHp`01LD6X{%+pl=q
zBV#Qqx^wWyRjG|-@WGd}O?C1Hd>xl%%}4K^yGMbuvz}=>^aGKNrx%ELT=-R^pn_0T
zhxSfTDXBl2j4ABr#P&G_75E<xS~p|XHeL`pzU&0bLt?UoGnr*(Ep%~+xnc&5e2)eX
zy^bx)+_>!Mi4>cohx8H$2EJl==5qb@SKz_B5HGN1oc#1t2~WLnP#xQD6WET}<MVWR
zA#wry=mgC3!**FN1yS<v-UgmSVeZK?<0YjAbt~o!ycvL*Cqm|F*ej{Ox-`%_5H>NA
z!e-f${^M`TbJ+n3JjUk+BEu)cN>s5}bnXS?d{gq^21FDjhFh>WEe?h@%Q6xu{_5b&
zJH#91y@4fGHp_iD?g!R1lj(R2rk#%YocPhx;M71wK)XLhh<Do1a+s1E0u^3DZ>B<e
zK>3|C@XEj8{g3nr&4dsQ9b06%i^E#Lc@EBIkqnqB8fO(H&i_k-ipkH3JZq#SgxHnY
z8epO@T)?SwXkwt*qtoy`F<aX+&epfx2VaK&UDEv*Cqdxj;Y-B^V;MTvNQl7aOfsRl
zL}(GQ$$YSbuAUl>7M8}*XNt^qQNi4tG#epQgFIk!&DF<AjG4{XnVhQ&j39rC=HIj(
zT9DsHr7I4#{&F8jq3L9X-r_Tg?~u;h$W0g1Rj#O#VGo|3$l-j(-F1@xtdFd>tRNFj
zHuS7jD98WWgd9rCd{P!kw?K;Vlx~2SMb((gIcTW@OZY$A#`#>w#gR3pw8hSS!q|V;
zkZYuF4hiZi9|zl712V-tO_12y376WgT!+p6^Td{Q`!o+Uy*>eCT}Q2E%A=P}h`I5O
zhM$X(k_wfKHuaZfQ%Qu>Hx?y_5{cmB_d9dyVVjRO{O=BzRnhqRma$r}Rggk9tWY06
zNKE##-+BJHzZP291X7C@*4<3&be61ALIku5Q~Fz~0hPTV#{9n`9%e~4;)dNDiCQU}
z&tY%KBkU}>hel!Y3>vtyistGU`YDBMSAj+91_$f`yN=*aUSh2ICt`~#d2YqLB>rS4
z!#zLxEJ}>Dy%qetHEi_;(=9H1k`UA>gxWUvwp*O7XZMf<jjjJhf6*~68sj^i0e{ev
zE_e1(e@j{Bh)t7}_3E>al20m<YBkeVZcAfWoJfFshAgr%9}6@io=wQ(H`X6(=0DA@
z&mv>`fA++yTF>`ePn1L;kih_cgs>-MO*yxu^y33gZhZ@(n-1D~gLj&5`s+0GT~=;v
zagDv@D_sO&)Ny)|!9LiCb4DJ5uqEKD$(kzg+=DBxR=G68g6r61mHX5v*5CCzl^M<H
z_mLDpYJhS@feh9-ST-+2Mk1>nBg@MFABL_dLcsYA*xCv4GC#B?J47iD#lZCni;e$o
zZ<r|Wzw5(KmVv7k0Y1k1|Ez7oa_AM0=FZ#`yf09Bh}mYfKIgu%6U-CwosD*QW>rS>
z7hMLR3-FgC+qmKJ^AzkKwMexH$j%ao7b=5*gs3OSdc4ScNeO{VU6uGfT?|A$x9ClT
zNKj082Ai%3!I!HI<>(i4z{af<J>UqVWIqBrWuCBK(dwA@>w{E%rjfAY)tq71yNcA9
z@xzy`kMknwqj&II2~1uLyu+YkP6h<#IB61id7CC>c{@<1UWBY|K?AFhH&Dj_-XMt4
z1tJ5!cYNZG`!6V^s=U6mCI>^92R3OV*iMT;fYW5FE5%}Uwyr);7S3fj0x!zQ*yYel
z+?%n@9UDQxyyHG9009bMAwC34oRYrTvg4p3h%R^9Va(zc@J45eAJTmL0J7=dT1i+F
z0qmuA$f??Fyp}f_0|0>Q?4ZX)pm1*x)$O<9uj+_@-%G~t;X+V4%%C}4?k@=%<x*cp
z-<<BUd6ok29+k4ArW&ld2KrK$_i1N}+@^ug)H@vE^>i_U%@>*o*C>~1+#$^Dq)VYn
zQ;45+$`PGlcIJCMMnEC^T9~M_+iMWc%{KPsnB;^9&3=(;9REDQ!vy182T?7)Y35+!
zurXo3i`f!=9s<{u+Xzj!aBP%vNE@*5u*1}PN+p6K{5+%-Mt2vI<AnHq4?W=Uy~(+L
zx$uCsF!wi<BkA4hUoL1^^Dk20D*D)nKtWvfoP5M6;)S9-?#Av&)y0Iq_;jJ?ttSGb
zVVLZV-;m2%v(6~nHx4RF4NiV41fQr(1Zjj~(I{guavbmaWEU^a=`N5z9xsN}1(5k%
zyrEXt0tj*u4Sca(Aiu%w)<D}{*Ny*DOqNkdcBs}zz~%;bg!1AH@h=UQJhV8$gdAc^
z^pInu9~i8k_>U-pt}rg}{*-j4h33Us2u#1zerpi5juG>A6%KAAQgycGd?h8Hc@FRQ
zN#fRBvC|(54`dk1CBgwQekzB<yR9a4t>)eAlRPpAIu7n7%hAn40@ag&bHz6fAJVU7
z8W*NK*}kL=GDPi)&Y}i=k71wIO7zo+5B|1BD9-<Fc;x--E7Hhi=Pw%ken<aVQEIRS
zo<5Nc+{YJ`=j^<1@1iSe(n1~eL&s$~T=sv16>eOA|5v}wcusUee673ilbiUxFL0B8
zxA(YwWd7H-ABlmtF3!F^qjpzNV0S|Sa_MOTvhmcw)N>TC<PK*}^R@Kv@0`({w`wy0
z6?DloSRAHG9fOnk>z>y;P8-cX^&pm{cFMJi#B?Xo?-Bpwd%3J9p)BdFya70ytm_R)
z=7Y$8R9@}X_i4@&B3YISaya$ZV-pa|F=i@&`+5HG7xqhNyY&A`zfI+$yI-?n|M_Ay
z$}Y^ArpNKmL}S(Mx;B)oZKo2vPXHKp)U*EfzeG-T!=2z-tSj(YTyW0u3e-g|y}<26
z(LwmcxLc9-F|!=8emT(Lw%tK47vu<62#k7Xwu=eD(B`vWqMo?fSqEJ%au1M(*T09i
z?Fn0Tl?WvL{p=V=sO&kuc}%`>MSNN++~B?X@BAV852`)&s+&XFr#Vl&k@`kXW7;vB
zZ6QiYC-j+m;MOw;Tqr183tOT!`KY|`)bc%bJYwM^XEBFpDsT#~(c)f0OlWtqf_-tb
zZAw^A;2U_=&JA(Rl>nB0g5Dk+!Ej&!Yjg-m#|YjafUUj=Z~i|OR323s9uUwWHuH?0
zGuz6gvG)5i=3Qu_grkF~@MG!9&s=jofr)vshdMXY4=`k)3z-nEVkP$cK<}|S9zc!1
z#5seSpKrC(PsQj{wh&7yVE(E4Or?>c36GlUhAUy#&9m+(xYNCt_H81OG;)43I;f#t
zLQA<1KptodXH?kY-aYLohrLpqMjy<)uvsA3zCk5Zl-uDd3FJ{=iA`IMLcXoCX%cM{
z4Kp`7FO`{hHW1tR(jP4_LD?1_yMn(;K^%_BKWjN4yOrXO2-CoD@N&5+%ykIde|Q_A
z51AJIcgGO&ca%EvL(x-lz4`8kcr-@!T%m5UYZvWlE6!gk#mWSVZ~`ahBFa%G{az7L
zjrV%EcfZaw<U5~-CPF!IP7B%%oo-LfQd5?wGq-%$lT?q$*Y9;#1sa5@U|tYn4I2l5
zgU}l$e{T3!pTqD`T3&q?GZHvo!MUJ0R&+q{DLp_yfi8vEuFBiy)>l%KWPa-gvY2BG
zm_Io9gz4<UL$ok3`)t;wq)F+4GkE59MPo+KqZY=kqQ;NW_8hSFGd84(4c=>N_&uyj
z+dv7?>4ke9@&-u>Q3a$hk(4n|O$oS~p%s_dc5agXNQtLdPyi?ra%oTdKl8OO5Pvd;
ztrfDEnWqA9CZ6EIvGK(_YRPT3lg92z4H@L6^9o;VdL@#+L0jC*_r(Dr1i;6EGA&<m
z$5?r__&>wUzw3q%vIt16yk&7!v-o|<sJJ$!uxI&mcq$aUvp9d^R#Ec(^iDgQM*6c)
zFw)I}4R#sH!m{_sGOM)aU>yHy3@AS%4gtR>fGw0obXflOUkc8U_68N%(+Q;dxRq1>
zX{wGuaqShMODpBKt!CJesfM@VwO@^^-_jx1jLAz*H}+x@b1O~B(x1WFTFM`}B0;!T
zDI~-5c?x&YaqUfvANEURQ1zl%NyZ+x&u7oxO1pi(<naT1b`za|*SRC>pVi`Ze?uya
zx!9cQ#QgV)sTzC7y*s!mO%TUKe$>V`K84zO9Cbv%QQJk}@&n-TV3l_Gu`^1cu{=6m
zcm_ASU~ln(*Aj#1{y3Y6bNHm$12nR2dN#FlH;WtoZG1A9*JW_}0Z6SA&~{k8-T9w*
zBbkx@d(5IJgnHHFU5;{AV?;J0db~x|TEI_r-+T0H0kI+s2Tyz~oHK`PcRm7L1z_=9
zQqkt=+%F7M7Peu6O}J;DtU5^ts^Vg1?lg4uf27QL?;b>TGpMe@iT9w&mwP2T>D!a=
zu&NRM*TL9Ld}VX<`!Oz$iKz-8JqFnw@aA$!O!Is~(;1B8BmrLqS&{SH%+c1kd<?4P
z^stYOUcKhSK+9)H@8sVY#2r5KDuBw3@NjMY%~!1Bg#h&Oq&9+Z$8ls#?wAUcjxBqg
zmjMQT<Sq;Ez<;I?r-YIJgBi)pkkWjR(^HR{-5*v5Y|9OP2hsryVSh@m+ed%TEEHU1
zJnIiAO&R{*6?l<P!(Psfn0pfjEcSU4GQLsdNZ^+zBr<!oM3Kq|wKzG?cj!JYa&Po*
zh;+QDEXnzrbpjM~q28eN@v(!sQIRYM)w?pooNyt#?YdD9Wfv)W;H$iux^Kl$#;(L@
zj~bYZUkg0e_#k$3lHgmERj5+Y4!Rd3QPKZ&&t$6fdE2^Fm}fRzVW`I(LCTn+5H$n$
z)q_4HkWa?mm4f}<VEZMU2r9DAA?FrNKEf-sX~0>i6|?Ybc`l}bCwaZOXsu6%Ucv_j
zKC;B;Ld0$-4#WPsYRf<i!I)gasm`5T{ohE9Afz`w>z&T$54<B*Si_A5nm4)`M>d%n
z6ht1D0l&8!pv>7P$6cR+(wu7^B>~4(+*bSPCyl`gch(K*hK}VC9%m4?xV+G{ZjvV|
z#2BD10HP!hsn)z=P+->@1}<Fka9$c**v?dbBSI<CjENYtO@O2OFk<q}9Zxb%DXOlk
zRiMBFPla!k%WHCp-co67ZjsgdRo=3yllI8dzPT<^(iVutt)X7*z-K`T#wF5RMA%0)
zA5e(9cTiP71?2c%BO$N>*u)T*_$hRRVbvLJ(R<2kR8j8d8UYQugl?GyseLjg%G@#x
z!<38RYya+`=blkyEVXviR1MFWPcOdSIxmf{qx5JW(P}sb5+=2uD2Fz~1Kgi{+Zr}@
zp(L*=?FRY(>f7NdgAridV#TZJf<XoXl>Y%plAzN}z_Z&EsQ5>SmlH!E_lgCNuTsR2
zHsFZxqq357)a`PX>(8r_QI~H8jSQ7xiQHaMb#(}9L9PC$O|d^_Kg?b#%ANf=`0l!R
zk#5Btr9TuZg~!G=97q{kd)vDw6#}KPG-*IFaDyg^x!gg(;pPALLNOX{#e1%I!4D6g
zUizV5<1r{BG$gC5jniEhu;>m5Y<+Y+qdR3C0htPSo>WR#&m=GLU%VJ&J@S{ac>5=B
z7-ogsWDNsL^M(iye!br1>~868=bylWg6e4`DL>#6+8d1E_Mlzj%0tRU6E?QG3)m#w
z%aWcQ)ED2M`5Vbta=5dVWcY4*F<!()d?stq@$t<p#Iw<DF(tE(yj4i_J2n%I)cw+S
zojF!f1$T_vQSCdKRl2{yq~=YF1UL7jHJKojPnihc)H{<xc0U4iau5vyr(oGl;QzE0
zBYcl92>G$eU&A9TPyHwC!G-b>^VT{BHTb9`NTN=ZAh#wiG<Gs}w_m)7V_5Pjo6Y%_
zBYgmxkxSuJ{!&(b=$3v8xYN?|a(b!>L0w+Z9>ct~EXfA8I44qhmwP6XdGp;%VN|T9
zZ(f=Qe_eagC5-&c-f~sDa1x;`iGYs0Ep7e*ad5HX;aD6zHn^qB8Jg@k!^Y&Z-Ld*I
zTPPMIs+8Zy{;hI!d*`Y0EFa1BrW?D_`xkLE_wBq6ah?YJ1yq`m{bXRfwaXuIZs7o+
zlaFZN$yWdWgo}B;_f8JJB01}DNcch@_LHZDt16&d07t<C<)o0!%x)6dz_p_=gI#d&
zc)VR>tTy9mUh3lcAOaidSYH(N#W>Fvf?1JYZ0Ib$5c^r@VFT32{+WVcXQX#gq~mOV
zNljn|u+=MdzOjqe?gcLnV!`A7^BcWeWE&_qG(vmKi5mJPuPR>^fbFfh^;MPaLvenp
zMI=|Q3{l~L)T&#1u9maz9@Neu`l(r>`?;ItHX^Y8Re`rqgORmURu6;BTlMp&nfDx+
z0^ahKa&(s|9cVfJDA#|c<os4(^<HZr35N3dF-w#1(LQq`_2%u5zsdEizZ3Rp5XVIM
zU?f#8%N(6|><*@ktKSWOE%JH<UN7nqVHb~@6wR;3pb{E|2%pskPF`6MrJOnM^A9)O
zKzYX^w@%t#G%%#k^HxP#?${gh-AsVsll<PVIXw|hzCXDICo{wYJxspMn}6yc!Q!AK
z!wnq%QA4*sDE2dwduhkg`iIYbdrkpgiwZF6$#7+Q(GJ1E{o3?8u>TB(nW2gO#5s3k
zXUv=o3Wu|P?XIZ!<^%Y;>*2%>E%k?izVL8FKh(XB|00;wo4#+`t4^lkC*Z$G0}01k
z|JWa;g+SFn#+x+smq$VVl((->+B_Hp{!3+%EPJ*?)8Xz4?7*5Hlh2xWHqyVFaIK;b
z#H)fy4iY6%*x<Wu>P%nuk8@W9-*=PN7uB+Na88V!p`OaW<2RNbBY*`-RN-IUsi0cH
zo0I&v>EzD0N@X}1ZgEGRNDzO}0A4KdcP<UOxTz1??-Kvv&Dy3ERJ8)W&gsG-elbpH
zxN&a_>QMRi6g}|n9FGA=*Yofqw@!Q{$#tu&<Y8L32^~ECay*4329Qlv;26YjBczTw
za9-SNK(hjkZLa(~(+_2ymi2=QNMZDi{x2VDWKRixwFh6Uqvz|>I+#g0rpk>WOuwjf
zD2qHWB&&LwRhsC$E#}bFX0ISkzK<oewv=mkQg!}`u`h^})DUEc^G5-*5uM31d2`&o
zf~;2bh@fM*<&`)ugwzLc*+C&juzr0{*Y4<sYHZgn&9}@%cDl(>>cNMZL}<eMi~%3j
zT3ewGQ~<vJ`md-sq5ZrxEJYbVFCf(0u;rO`yXi}~mwP*A3hmFlmOGl>!wOS=7_YM1
zJ_KDTEaS{{(CI<06GL{Ig3^52vtHR?YTxB<OguAG%L`5?F=Xp!IbeA5f8ey^I{!i@
zXgu@x3|n`e+f>+hbgyrxLFsgrLZjW)z28*|tQ)Z@P)fPr5SyOSJMzY<i>pk><}eT>
zG%1?p5|A7G`B~~Or(1)7!jyAeEk%**?teo(WFMCP3aw0S_zP_P7c%UPFO8F~F$HOk
z;^@#Z=tcNF<Qkkp5H{kT`n@MyXovz;!6OSJ=`6FV2mvg7*U!a-E$aiga~hJ$f2@rW
zFs-;HDgzAhRDyNa481gUDcn*N)0RdkZJ7E}o;DT?@x%2)&`OYWXZiPoJa3_LW5Mux
zdOtGYz;KC!A(?^yu#}HOe*xHpiQ1qBCFNr8+HTQIXw_B!m+$&7Ce=NEn2Dv*LX_gZ
z0CLXLnOQ(e?POpRkH@C2V?6eo9;&{(jEk#dO?J`UNK#3Z-BF&$)#AXO$tj8L1FH)k
z+d02o1B5Lkfaa?jEKVBDe-7H*+p^FqeI@|})t7>YqYIrs60=>V{yvXpa3}eOz_BE)
zWg@=#(f_i>01jgmEk2$5uSlP>!i4SPWZtyCZnerism$CY7)9O1d4QOHP!dyvI?ZTB
z>LmyLO4E>sQR@cPF0zmI1~9;@vOdIx+f2oJ(nLnKh<O`SsdfkD&W{<1kxO+|3~q4S
z)<=eC#l3950OWUrAl}aJJ~{zvh0W#Z0-(#__D+s*7B#<R7=v63(c@#Dor&W*U4he;
z(tzN321EIRK%KA&A~Y)W*LQxR(IV8zqau3=`wnExq|}`RS8oFJH_r)jEJtJJZSHG`
z{~}_pSV4_2_n+>Gy`p1TQPKoQBU3)chyL3dQS+I^-cS%FB6BWOM7#$VnI3|{T^HY~
z0w_(*U=HH?an*bQZEzoB3;>QXQ6ZLQ+lc4rutX&8N}i(A6RCS^YNe&g|KeAVcLK7v
z{|&>;ib}Fv1dXfaEkbIz5p+Gwgm|*Hh~hCuct#1I+rCL;9eVwu|ML`KL-Mcm!35C$
z;eob>`vpJm#>Cvgz0ymQ3^%@&Xg5_SVw`*#6!17c(i-U57Ia{>_0v5$&lUeNt{fng
zH~{nKjQbI|A!=*bhaCFBL{t2n^6CTG;#(#jNIBbK-ZOYEF5jCEk!Auf1^Zr{$bTL2
zL)RO!$L|06iA8d1kuTs1Nd~flJbK-0M?%fYM>$6=4%TK*NioD<x&>v7WmKPT|MoH>
zKPG}`AkFNLw1D0<%I|d8i5e<8?}JTIeJCm{PMG5de-yRfjJhMRRg<T379a~MO(!JK
zHTkzEg{0C=IRh9*U3;Y)NPeGTv~2zKJo~2kFDx`lpXa+z<vTmF?51Wp*XSTwTSm&0
z0Am4^deu`0MEkZ%`CWZU#@kMROt?SkE1xCzsY(&y1OZbk$ObQXCFS|(!e`1RHvtA$
zENVEuZ!aV4FN*6yH3EQ;#pH>K#@8m+IW~hzKkaUF&Yg2T=!@>h{NG}wi|fvm;!=wh
zJ)TqOcc3u%DhjRp=Ky>6RORn`!R85!!OD8bi+pAFPcX!_+F?xpR!OQ1s7Gyo5)4ss
z3VBriH?np8jVaI1MJ;ufG4ChJ0WnA5DIKQP1COqkGwv=vR^J7y&6wE?hpKQ;P+@2k
z^47_FkF-5O2y0RDnwh*LWVMMf88vs2g{gF8Z196KI1FQBWtixtQa?fO?KZ%O|J~r#
zRX@$hm)d^Lci7+OA9GrU??@)A7T^s$h%e)s5F)lxv_j7dSTkWYh^}j0*`VX{P&pr=
zdct4VB7hr%%&G<54(WYlOnou?jnBI?QCIUE4V|hU_@Iy-Eb!aZMVSP3w;cw(5Eh(n
z)-(I#MT}^%*R9=FG1>bs5g@`%sq?ARzaQ5VVOF4Byua9UX*hB;31AS-+rkhx85qQK
zzUh#<FWBzYf%eX5{=6KeSqODcVfdFb+w~}CzOOL_B%#hzo>2dO8Kh-@)A6Jx^tRl9
zYtRfZ;cT1nTJlL_(TQD{rPhuXwlBN9<*9bPniqMkCdD%$e3FcnNLTK~p_rJzMGX5{
z+bDS+uBu2@^tG~vB!qcd(hsT!=CuY|pV>UYS|kZ(qhfcoTQ62RLwCPT0hxDsOjy=r
zl~>FEe-=P32PoNA)@BgIPhvlp9>9LUyey)+SZ~gd5ao{{pl3&u)qw~YGOXKdYGRto
z6|DNKdSu+_ji8FB4Cws}Lox&|A$wbJA;Fip1c1lRYtk|s0aPy3qNbnWzgm4;Em)M$
zveG()ss#UZ&y5OG)eI2Dw=2kmIgvBuXJXDj&6Aw{1^aIrl1xU)>02zhw8N9>sVnZP
zY2H_y9UvP8(eTua7)TLj8E>n10gwUh#ys>d>4GPuGvVcN=<IDaLaH7$_Pvz$swI0q
z`Q%TwckA8gK2WWsJXeIvTkcTYgWVWwfw6r<Z|b*WG6s8^{VeMedznP!kM}8kf+x(W
zQ40=|-W8S{Hmy(TKfQ-CJ*m1x>pQaY_Hkdo8^!}rn^FVXh*ycNYIEa9Swk46v?<pp
zO3{f9J9#N{*J~W1Rsp*`;}Y*+GbzS5MPhJss9oC^Tk(X?0K7fC!86F0kBZ$4zM?~a
zIRWCFPM<#yqJ8t<9rkNO7`s!vljhM>usc1r_E(kWtCV2%+=*rzNj47R@kHp=7lw@w
zEVB$EX})9!QPFNgtt%eH-wyot*g?2KY!@C|e@3&gKzA~`jx*GDlH6S6@1)@^?a#j&
z*`w^|tb@6yq&xm8Z~goe68|6SA+@|7jZ6;SLmk*8{>WpRB|3r05ms}s!A&D*G(C}<
zfz8>OfZoCtx>Io^^zM|e1>0aaE&3f^U|G9;4(|S72#|9~Lte7!wfOmiryofR+{O9d
zkG;f*>KLK`pEFcv>CM1`AnX}RyAl4LI*)qpqTNlcx*Kg2`l71jEn}^TbTv<~Pf|?e
z50Q>Ivpd=r7Bry$@^P|Un$Y6!TJ4y123NUBjpcVaSWUo3E>b93nH)TxO<#uAOGWQX
zq3CiZF14>6b7E67r_u|F3H6O^BKhAW^apH8#RLKdk*WX-E3;=uPoRMx(;TlgV45Gd
z&F3LUjAJ~RooFO87{5(!BgQUR&eiL+#%Gn;NKQ5_xWt}jV2U$X<)0OO!bx$+Cg=N{
zdVWCyFN6BVp)muF>_WfLAE5~Ky8gc-^z`Y^K*Czdoy?uhD#5WJhDZRQi?Yyo4W;B{
zO_~$lCae$T*L;F7f2juAd&XQ`M*Gr^_sdM^&iMjTx!p#cVq8n5ELQ-}#*7OsnWFIX
zb5Pn6q=kp9=8zC~lwLTRF`sg*;ky~l5~|L$zk~hV{kvH^inKF{{{z@SC%;`y^kXR@
z9R*aTXmT~~Tz&+8ngmL;N{SbHVRWqjsogdX(J7PeEQ<xOeFeDsETm_g4m|S=;Pmb7
z_{}oQ5g_?ZUkBd%{qfVN%Ze@>*MjBUn0}3%f~hy(0iutS=%Mksrn?&BzR<$pjI~>@
z8v3JWD2wdQQz2bz&sK-Y^gOc&P1ZlLjjrAkZRTgUVU<7c);2${?aU`8hr}((uX)jn
zf%FGWES+O48WIS-Pw@~f7Ud*BmXWsz_<@N$LckkNPKsePr-l`PJ1?K>q5!}nJb6aB
zas1B=3$;OyQMR_Yqb03hg2~q84@f=Cs1@Vi`LVOU<*@|ZvA#eW4*+67BV(Y5I-~;y
zaM}IQZ&p`5JShsJG|8s&e4`gx3EDF_@5I2YjuD4~0N~W^z%$Mm8G_S*<LBdwXE{RT
zckf01N8f@oQZCm@GX6EB3y`j$H4oIki>?pCaYF&)e;u5WWJZ9!?S@&THO!z~8A}!i
zVsdpboCC%N8@|oa_V&hMQzzEi-@|P+bZ6L@q~~>OoBsT9$8R6yPyv7ifG+?zr!n+p
zf(3Mo8tch;Q!t_IIz3cD6}(RF$kTR4o&kmZy{u(3vYnc^JV_c*G(o{f^`DgFy-+P{
zD(Nl)Wi1kwdQ_uo-hP<qrxc<x18&R|v;-)>IebJy1ulGm_{;;Hi^bsU?u!Zfl5-QB
z(i{8Nwird@YICSdzy-SoK=8~nfGbZPLI|_WayaB0dyudFTwRA@$QG^h#OqOaDm97E
z5$h=HQ9b{ni+Wj~Xzf9{kJ`Z7`>Z@`M{#t5qlDE#an7FTNXHWJ-waBG6<{XQ3_shX
zp+7%~esN{D+$i4T6PH5*001Dr=0$Hs?*6xi*0&h^RNMw=jRio+YY`9L6kr%`_TNPl
zt_T|+F}^%0G(n^!`Vm@<p4%8wx>pUJvInIu$<zG>^)mY)263vN8_!yhFyE^apZYgb
z-=}WrUhO;nQ2Vyou|eb6#M1~^l|EIfPXLC3gekDe&uNZWrn>Pi1Kw_`6e3fowpEJf
zlL1cteNzWqc?!}qPY13!4Y+V8W|`$sO1|Oqz?awf8^31US{6nRptU1<vwaeZPAu$#
zh3NtovtbPaHkpklhY*yxY}%60?kIq_4Vnm8oI2V)){D;8db=Ee345;F&XHf;t!;ky
zL?=EWIg|ikD~5xCc2tC@-kx1d-r{mRjm;hZ%IGxL<PczDl0;M!8z7>H^?l5oXjhDV
z6b8ute>F;FawMtq_*wg;sVnLvV>GO26^M~JQ%@TE*8_>l`3DQMi>9`@()^W4v6uPO
zV|@)|Fdz$9Ajd{5;0`j<oe1SRnZCRTITo)W3yuRiPX+Ziog<~6s4WeU6M*2#;Jzd8
zfs;gCe~fa%X5gBWhj76&PX|ufidkkkn38|-Tfo1+kG>#XqaiNUdjJai<v;_?b^gA@
z`iWssV-D13>#hU^`mEb*4KnN6u*;-B-I*Xg(681yF!R8mfO8d=D}(*W32w`Gq<b4?
zh4iBjwSEgJpVRHx^4MMt-ag790{{S!U;UDQ0^pwwA84?Y*5QG6bO?zJq{U|4-~+xx
zd2$J|W5ZlLMD_mYd5(TAm8tEpXOyHictgf*S8ChJa#XPyjO5FAh6VL`R@PKvB_ncv
z$25mP`2LW6p=21UM?K|l-0$!95K~(jQEONwtak*qq!0LIK~dc~Jmc~`1bnQQXHe=Y
zfD7>TYFH$oVPHaPR6w19jRHJ6;LPKIYtBTv_B7z>Cj-ZAXrDF9EKfw<cR%v$zFOC1
zWZ=zdVHVGY@j6KqwD~XkIRX#>twFvo03Lk3H=O<$b+a*iI;e}i2MLROAQ9UtV_Z$N
z-K@jeA&gjUc5s%fW506S(%ZYWP5*jthi+fx5Cedp+=kqJ8L8h{(IouIe_?VRO+<a;
zUP;cPBtJHw?A=Z&auYr~0HBFN34Mla`Sd+!5YbMiDN5RYbBQ9L2}elSor!?@o9kd&
z95%6X2fxQ1sKzbTK8+|Zm)ygXH(t1W+^_fisjr$vD~mfy5^~p}UZ=FZ{_R31!sOWR
zQC~8H(->syqu!%@1t}5pv0lBS@RB<%lflB+mK6XO?*g8A8q&3=0+;WeUw1sq6PNGz
z$WQ${U<p4TSug3C_3RX>aUQ-L{+rT^R=&MtP1jn)jyl~$WwE2CjDgdArn~98Ci!pT
zIc%`)cMUN{It=i7$lA-VHLuV727n8?wM~ya{-Euj98v%P0Qog9{vXjVer<Sqpn%yM
zv?}s<jaLXVUK1Xhn@rhL#9;<F4;mY~z);zJN?}Dg1x?~d02H|X+MYtw%i9C>HMtID
zv!|)(S%6l#fBcOP;h}owyg=&K-1p^hAMJPTOTZ`3g^7hU4vpbQZ4aY<j<+*FV}>L3
z9&9;~NuEwApF98-4z*0?73jE5%va5IDED;I|54JW<jibd1)g>?(lbv3t~~`f?*z;;
z%l=6Iu`dH3CA$-CnPa`p>!695k4^~dJZ85{G;R)f{h>KC^~TD8a!!td2gkq>E33}q
zdMstRxA(fIbR5}|oaj)t?0-{Tz~$C{eRH?A>HnM<q5~p_9ss=hC0miZF9A3SirgA6
zD*3GyA+khkC^?D3jIG`m4oHA7n`4FHjWJM_vy0CM20F@9h$w$6lM~2l#i<Ti3@H3{
z4W-8IPPObX4m|-7_%~q817L&P4=g~GKTwk0#2}U`lgG~WvU}AaD}X8rgvP35>OPJ~
z9(pXnoG5)Mib6qX*tXy(=+d9mw|o{wGxvh=X0Vm1uTR_tT)TT<2d+I8*tNO6ca~WK
z$^Y|rfp^~R9hu0G0%+IK__@q^pvmb0T74d^9equ%mcxLZ-&?X+^C!W&#*r>GX%1L3
zok4ouv8u{kLiCz|2?iq(qhRa4o?r46r2e9AZSz5i{g);k%)+N6zv`uL2huw|LPKnv
zRJk?B*G7{M@*VthxU)6Z%XE-ZL&{Vry41sG0I#s4iKy{tZlluoOru-B6eF&H1{20z
z`rJg1$qZQ#YOggR0%Vb~Vua3pqh2_BwY<=@&YXNR#UeDyORgzi33)b5{iR%$NCdXl
zn;Z5!x2@jj>tWw<UpD|0b*#(lu8Gws&*gbb(q-T&JAi9XMY{InA%9@Yd|dG?6LRZA
z$S?eQ{cL*4ovD%FW9k9()x^D%<m)IKD0<hGq2PV|&gxSfK+V4A`j8PWIa&m6fV!TQ
zwVcv7s`H~ATMg6E$)REFYyn95wcVaAzlnn^hY0}u)FvQ*5lE-kFUj!msc;&H<^+@o
zI1Gis#hv%YxJ4dm`JIrdDt(7UK@*ycT}$nFFrwaVxtEeu3X`Co9vf5g#)~i#<y-<W
zRyHY}N8Q){8Qbk%=L<}n_D7SM5x>>XjRlVz{PWc)^TLkaZ&3O(K>b{|C>c-ZSIHn=
z^L@z7i0gm-J}~^ez}XYXDXwosNorp!Gr>xzfJtua*srS{aM@0zYfk~LI|aDx#QC`5
zS*q;G$QOSect9PgV7{s6-T+@(zwEF8kF)+qQE!`154Ae6VYhOpp3#7Pb~XgOE2GQo
zhGYF$@A7(9yTWZvzP<%eExv%%U(&5@;=Py$MGo7F&p-XLHv@QASPi9Gb%Hqhovv|%
z-o<69r>q0zyw2>O=O%+rRGLWTjOng@p1Vcb5^XaJ841+n5few78<-fk<8ay9UfwUO
ziH)NX<O6;Hj9dM<9jqLTwGic?Z}Z}9km`w-@lpdQ;}eYq*QE*n7?7eZN)8Z-vDNL7
z3|#nGr9aUsi^<%O&i6?vPv$Xu`TYvqdn+8Mq%{zNAOW7khx+~2jlea#kghu!c;+d<
z+1oJ7lUwr3zYhGxgTsgB#cX6S)!^IiB6e;x2{<yUfY+hQXcdQUorLJZRIK>=0rh)k
z9m~4u{QUqqF0yWU-EsR%y(3_dP);Uovi)tHmb$#MTW<KB{TZ`;mBR@DHURiM`o&Y~
z8Soj6vScdMQMokWCZS<QRf<zt{y;T&>baNeG8#n<R8Q2d<M-7wZRVcIsG0`9w3m`>
z>^{pB)$MLBWFUq(0v_z479&W&Luo8Q_gRt(3mc%%cFz*D&i!h}Sdn&UY^~21G#_|=
z5DTKu(Jhb4AgNbU7zaY{tmvA!JOMQa8Uh7alnfc`D49r;MWcKa742v3L++~*w(2~{
z=+=Ofwh#FO*PRSpcM`B;WBj~Xj$Qfndy#)>d_8c(nvx-8R#lCvUBl;MG)`F8>dFvk
zC;yBl&nSD{$ztETyaCdMx^JIZhLEW=fY0Gt(G_9dSZbXit|RhifOJK-+`tFl95gv>
z0002;tA6Tr$lbpQV?w~RK?ee5FWwVRD86U-WBhO7KfCM1t70(1loQ|qh9;q@k&kF-
zey+y4O=0WS7+nleTXHnf*l3#Z6%@-0TC(tSzd-7i05To-3m>O;%nItlV~;o||2zl2
zs0<h4P(UI5$_83#!^lYMcxnzu1VE-(ru8U)Wiuw}el3dtMo})*2K$_H^(x$WbD7cn
zwKmDTb2}(9kQTrN+kxwMkNE?;fQ`Ze&2sF?XCFnr<*W6x^YmqIt0%8IS%G=PQbh*8
zSu5)pP}S86)VUqJjscnT@F7O0s{>uGd1OvkiNny;UF(=%(yeX&0~{hbya3=8uUy4q
z?Xy^}oL6XQpnAFX>c`@ZQRf426GXi@K+qNc-TBG39)c~Dc9bv(&j6I?jEiHr3jfB#
z?CZ<d+u!V&F(`7Lv4A3-^p1w3$*x)WHnI7I9#%I&yv;U0eZKW8OBgyyaOdQgGI%@A
zD14$}=q>AbNxQ7v;ST{f<9F&Em->u#E+>0MbBh*vq|_WJGmt23P2&Mr-_e|NeM<_*
z)twX?8~gHnD}w=}dOQ?9Y7`yn+}yYTt~haE2d+N}xa5SxtVw1$SduUM5^x76nzBKp
zwP*TH*J|YCG!ByfE&zVLxgG%k7g8X-qD+A~ICh=W&6)I%tdqzwbU;9L6<09=71nP2
zEmD43x3)<X;lY!`zHIX=U-3!+zwMM(8DLiIEMjn2u_AlgwDIn3D+y6WoMmqms46`+
zMvbAPiLR5zzAJI5WvxSRF>smeT&5m;6fzuCh9c@oPf!qT11>Td{c3zX2*`EIUnxu4
z?Y?It9pni_)L|JnYCnJH*owedh5f1wM306k;y56C%(}q29IX#~Oi{dFJ*qlzzRpqK
zD)@CEEc@fJ8xgQ$^(hK&6h35&m6-uXYwPi=z%x%mx^6dc{chll`MBa^Me<v|1N`Cl
zTfGGMwZ=!aN4k>NPWjCo7BcAN!2!@v7EsyMNSB$O)WhP+x@CYMz?|2oeb;*IWK$TV
zqdtTCgx3!1$Kn1LbjywJ4Tj;M$>9e8KmGCra{35zx~hGbx+qjdS)35X)Ttir>ta2N
zdcBjeY^APL(GC@>b>nz{xhB^E=KpzOs@Dkkg)@~Y+k`bpne#+$7KRu>cecQAP3{-P
z;JYJz$NT(2Kg^7XFrDxEOX%>32DARK1VPKGm|{T6BIPlW-51)2E;NvQ*<mbR=OF#Y
z{n;oB>I?Q_+?F7r;<a4$Xml(iMkWkF36r2<p~lmvJ}GtPxil(0?bF;10O0zaNY|eP
zT(=9@zKU6nQuz<}BfsqqKgX4g0{prR*A(a;(0Y<`bp7yLjGUQr%{nZtvTViqV0}c=
z*pIPZPM?f`zj@;)OVB6HK}TinzaOc;rCV+gBy@1)umb=9$S;4@&FGf@ZTP_6nIvIF
zv`bNzgzlJ@=WNhO=|LveP>Fg?dBH<O@$x+ZA~fnhQsCSkz2E+Jr&~##9gQmr+;y(7
z0`^_X;ZA}91enJ=l;@82RU@o@;ubuOjV|6&7e>!Cb`kB*3!W8-3;$@pP#w#&lmFc%
z6bYN)6p=7<MjJM{3jtUt_XyBvybn@5E(ws<f+nllcjl=VHbN2~L*|A0OUr8NB#fKY
zO?R*GxOV_9-T~aO8|k`Tz||)XTM%bCI^;WR$X9;J1LHEcQ0EfRdj1?HRimu>D$-r5
zFI;Ggb*Qb`Ab+Y{qoA6~XZ^&w%Q+W5`MCiaYLD!DUaR(7*$Ggdosk#M==znv2|D4R
z$`Jto03g5OmH!dIPrBH@^R{?kQ~RB}j+MVoj@15M=y<fo3~0UaCibJxHc73rbRINK
zuJE9osGSL+LFM|`BwolHxg4^s9-H&{yR`}eAjY5Tq?4WvK||^DJ>)4qp6ANcx^B%W
zV;3a*alf*`cSejo3sERhm?vtJ_6r+9%i)OTQW;8_56og&`3f$$pP7B)@rYuy+@Fqi
zHNdJdS5o5T&=OIO)~6+Gwy5o}&*qs~85>uCt9K&ZuyY6(Ts&_#JkllK_%-13dxj61
zJljz9Xv1A*2qzi2Xs(WPlh;vBlCPB7`jkqu-Y4U0zv)gG4Q({6uiZ;Jrkpq{&OteW
zko6P%-`)xOw_U&T`n?;C11m=o05}`K=a3h}ej|+$HC`KNQc#?nldM9IkPL+yYgeuf
z>UfV$M3;aDIB#DKQ7JkwQp3&l+13u;?$-z-Oe%-7`E60~33d)h*u?Y`bU5IrqH}w(
z4}kHleu1~G2R5;XZtZ68(Czi-K1Qv3bK(|{dxp!O;IcH1-;65*0&a)qitqwo_#{rd
zkK1UXOaYIFNwh0PX-4;(Y%${9GE9jo8xjIjP`{6Bqsbdd6Y~!KzL23~P(bVn)3-LR
zR{wqh>|7ng1-pP7b^)hsnt1*!hfDH5{x0zA_tV(tz-T6Ks7=%h*3gp8O=YljZZ>N>
zp*a&{DrvZ31+xF1w-xiVqB&m5k+K<J>l}A$rqi<S2XH~R+;GR^jl;o^BL)BfKz_wf
z|0<CGaYcr#L`lH`qO>GbpdO5)Q^mtC9-vl67>A;~Mnm?vG%=&w@i%@wFi^t__Fc52
zAo9L-a%;vogBH6+&nGBearMgiZGOfGcp$?DiRtj<mAo<oF1tMdc1nwD66RFw-5GcB
z2%L~{a^R3ex4t>H2vUBaQ1mwj52>$|A3u-ZSAkSLX{PJ>KAjsKDLw9M2ER&6mbDSZ
zOR239Wm@K<fjMPLs1G9Jul3HIkD(#~XKw|r-!(7<*PaL*Hy>Ag*yYb3LVm@!#t)GL
zgLRB-^7lmZiuI^&d7iq5U*oHD-0B%p_UurgIx!B2WIunoj!oE@0E^ioJ)^{d9n!}`
z8Sm(p8~(*Qy?;>U$N~T_fAw)l{of&Xr;Xph4X%szj-tlj6)5p#fF`FXOExMTm*to=
z$Ko66E6ZSuF?7$)esVZet@#RK?49w-aPeC!KSJ8pR}GjL+G7lW+uNTLQn##G{@hPZ
zZUr0az<}~p(`3wuZgXDvQp!i|8v}OEJCy}T?F`=<7ACc6-wP1sHaS280ut2k&e#$d
zwa?CI3L~NGAnFTlv&%?E{o8@LT-#l)llu3xKDdsBd7{I)nh-?i8H?zA45z#qJdEvI
z$-rehfE#up-LM0A+6lnoh*DWk4tcOgKL2aLo(!Mc1UM#89k#~%7F`%Jr!<#2i8xyK
zp*|E3n{|!pMiV|*O+j+0V=vz^&{qcmXmpMP*!0~{uiKIGrQLGFqfMV5B01t#Q-0ZN
zej45K-3~3OH(k6%c)C2xL}Z2Q;?F|Es^KyuI+=W@iWF@Un8s91Nvapkpg|9}QKM26
zE!A0*Od2#xjD%wi*n4BjpO^qg^Vy;nkKPP8d!xMQRH<{nN9di=@f6*t%3#V^@-ysu
z1wiVp+L%tU7$vMhN<d?K4LFRRO=asfu3gj?>lY5IL~A2rO*99^g~Z_NAMM6*{mVk_
zP*%XoD*Yk`pqUT4mbm;pyu9d|9Y{Cs1g<|3xM1FHc&H@*{ci%dJu35)M8j#S-*hdo
zfp*4~9U{{4e9)B>0mjT8y7fD*)##-@PA8I%RHnl@Y~pxW{hKg|tWOV2UeNWchjiPY
z%8|#fb<5vDPH#m{&m2;Sqd{k{w(|qnOOuL`0T~3;NvM=@QTAj^OQMNhBVJwkn><Ni
zoFL{2@!RDVat*hQm9%|MLph}#*&F<h>yXK~a32mJB=>ber8JbE^Z1<HA)~K#D&As3
zN$BD}2Rs#>DMx@0!->2^rQ6(*&$JLTwW;r>+r|c?WGd5wbUQ>Abu5(00Z_aYGi;85
zA|tN%x$p@0A&q5P0(qrAN3UIu{npW3>UFNM^66?3_ACdYscgrd5bI>ht5=UKnD17W
zZhuU9Tx--n4P{Jqw(-^kSOE2v*yD2_S_A&;UC4iV&+z;1O~8#i26o`a6M@|uFv~%b
zo3{)Apv)!GUmQMC;0gG-;2a48vrL)0t-r=9WSJW_x09cTtZ&?ImaeT6>*1Wns&y#3
z+RAB|fU%9KAC#vuT`mVf*n(Q0zX0&Z`#ul{R?_2Na_A+${MFY1_)y~+YR0Aw;8L<N
znE{AmGpe|lI@i<p0Pm4FB~Qvty-4RBvd1@00#4Gi`>l@lOpP(IVX`c1=p@!f0<_A!
z8~6Ax%h~>QzrT8gVkoR$7OS(9@|+=*xO7DGK5mWze19rapkwFSi>j0?hR#e;6Psj&
zuM5_c6SFU<zm>ja27o;h312wRm*+~LI2{9!YCG(V1O+^imr($jBoy*J$~@#WjH}ya
zU?DU1><nN@D9x=ez#S9q`cLMx1I0FXxX%d)HSc~%zy+Iu8+IbyxC6NM1YmQN6gta(
z$zMN${P(`?bujD90<gKy8KB!-Cq3a9DjL%=4|0301C%3>Zh$5~-~P0)6oJZK=3c2E
zyzXz>qkx=1w%P|}oQLQ2K)$l;S3iZrEJq{&0D%0mfAHH#%U3$(8Y*x$GJ?*S-UUPv
z2THHRvy{exe-=+PM`cIKos_X%llix?T;1-)=+&_c1_<a79+!MJVZ<eN?Ox%lZM22O
zlrE!uhuXVwU+YROLutLz9~o}3nb@|T;{9`80|7ZTFik(pd{7FV%Vh9a`jtR|+b=KA
zEP!R<%W{C#=2z#x=e{o2%DgS$aH1a@CX4zP@CM(?=Q>+^%UB94R;t*yb5ftx02JAU
z<JO9-xhZhVi~<`Q4F_@C9nkK8RRC9QN4oJu;HDFRE4B}W;w<|oOCVqHRp9%5)iJ6I
zqwrh#KL`<+IL9fN=Z#UOH~MMl&gCny{?C4nHFiLr<<=+L5YjXJS#{gwT+cx2-_@;c
z`q_OQf`cJPG5|Oo$bSc<A<)O33LpwyJ$}FqQe%|pI`!@u8QQ%7DZ?z!9tYUPW#K0S
zd(Zm1$R<|IZ9qJ^qhaF-=eFHc;F0r?)Mw9YK|o+MotGPofifIwh=xDn@=M*<15RQj
zqCPZlQo&*Ya#Fs|3sp!3G=YAjx<_rWx~k{m-cH5}M}Q47+%6UVjcIyUNBWzUtmY_K
z|8U}A18}Jvz$@$maz;?-Kpc62dSWBjv#EQ6o9Eom$|9(-V0swY=bx1F$LCwWY+D7c
z+m3Y84&a6zz&V>S%f3l|<sHEL9;PqUIZ++SHw(DrIihiS2fUd<gxB{9_<6o^{p@e9
zw_~h&nR`^8dwnok0L^WibUL~H`Cb4QcKzyId)w~^Q;t{w008;r1#BJ^001BWNkl<Z
zuYNoF#XB2H5ugE7M45umh$o~O5>7TzgTa##AZ5J@|4so~1Wa>kPC`xr9o_kfsLH#c
zsAQtLoe-w*BctYxY|Z@FJ|ZK>^|S@S^<d96+ViS_sd=m6_*|ySIo_;@+SStxE&TUx
z=LVf&plwqS$<Ne9&GmJ_Pdyn?F3rn-gppC^pfRR_0WIwyaUha@)3&%cyLi;eKuGV6
zFqfnC<vGf8%q8bWY?gteaSa*kQu+wK{beml`MmC|KAKBleZuqS)Xl(+$0OZz!oU#h
zIP%h=jyU;^`;p&q5B%KIHEBWsI+~a2MVIwLV2;^S1+Q!q!cgJ(nGdmY9yyEYx{2i4
zDV9O?=9Kfvb2#;{?UoyV6Gw;~*#O{WuUQ~>A4JO60+5(<<kd}hXCWf(XmU*C2RKT&
z_s>w{7J7`R-$iv&!`;wd6k~N>B^i_^?ph~n&K=U2D`02%r!i)hHF>L{m9@Ts2d*@)
zf`EuBW+sHeQA4w#-tP=iKZ38(bJr6b^{}0FJ?H?nTR-qNLEf8h!l9PtHPF_MAa_JP
z83tOBSE0;^wOJEXnLVh9Ms<w!G(QbbaQLOLBAm;?WfMRv>_CoVqAs+e27nYJgU^U6
zX2l)NQ+<va1$S14ts_gc1aRRt;91)TK=90Mz(zG_v)~JRkgxqV>YN14!A0B0Ixaws
z_3Q7dH}vH?x;}00xh=h-BiR9%0<(@SRs92mI-Z$OP5R?Q=`;j_{1-_1hYt05|Le&S
z4FCWjzw9-aA$K1`$}1(=4<O}ZoeOy5E0Yiq!-D!9)2`~hy8GZ2i%#}>5tTjRL6+w?
z6p{a)MH6nybs5b<6bibY<~M+VJbHR%@4xngYbSf$WBVHKnM4(ENv@=}6@x*2rF~qC
zR0OgDFM;dbcojq~a(`JrxkI94{LJ7gC9U8h0AZ!SO8+T<6yq57tMsukCQ5s=g48~Z
z!Vl|>nbNN183E0yG2y8-)G#E%x-{cJbpt#@*MNl4Xq2&9Y1_nYFM32kL*EUrJATG-
zNH-l1+;lu}+18^#Qyv=0mwf~H_L^TO<wpaMa-Ie=e9c&p-cwMnPM9)&_Pa8M#aS8W
zcyqF9Ft^kJYv!c_1X<JT*_J^^JPhFSu3x=<FS_}V$x$(_^Gjd%D@ggDHt{9)IN58<
ziH^s$2?;o$p!X@=s<EdjL_0;%o3RTgj!srKy5mGQDz-?fUL4R;TW;UISNu%%Gv)7$
zzda*NJhP^9{|JaJuR0DE8ZSsi-+(t<yq%{x@)z~{0t_JiOa06-bT_7KSlQzh!>(<2
zb*FYl)W3SzJfGBnTX}5Y)a!OeN^((Lm@CWk#(G8xv<{Hb^$s+TOq4re5VcHIy4L>;
zM9N%XWvPl%pHD_WlMfx`D&;AFDh!3Lv+;WM3LDlb0Xr7J4cn2Pbv*E_?Z6ou@nn_!
zw!4Afc_3KlVw{x;HDf<@Fw_(%*0mi1M@W6xaTq@Xa-Kl)|2I2jh|V{A;l$cwySAd!
zVH1^;f4*C8{9o4T+QTA82>^KgMgSiNaIvGJS=rXBz42rk2_OTRD*dw*ucLU0K`dJ1
z$5T|MCZt%oDbuz^yO)#>Frk#-6(iTxQDC*Le7YaM*0*+5fOsQst2|phOfonC8p@bo
z9;04q@c@`Q<bD%CFvSKa1K_+|39-0WhVpNy<u~o3@#AEr;=RCMr*pw2EYdZRfzv~+
z9GFPHj;<UAmJ46zRAQ1TFU_q9sruxf+W;1t$K9H*kFB#QcEO3vZwD%P+@&Af`pCY2
zb$%$w1=@Uz+QEJt?B26B12>+4^sH^bjoX3a)i@l(@`n#1|IBwqFX=qQ@VUJ4&Hy|c
zQvnST1J#5QWbM1TD}d6#hGUEfKwG^En6U43D<bOO&biY0$?IR*mioUzzqq!`cJBL;
zBS!@Q0D%0`*WZMk-amXG<*i1kC>=v&76YXO52r*KZ3bSyt3<#&a5*kc-h0KOiGsyr
z9^0ZGqY2agC4N4(m4Sry3sIx3;TNM>zEkv$Af`<q#f+;eY3@g7zykwT3{te9$(Y%g
zHj0>X2$-fr5^%+1$3W4(XBu4;8s8hT4BTdIV*pZg9;lMyvk;i^h(Z>PM-3W(X}fDj
zUx9A}T-8_tZq720;CeRwMdKFr5tm!a76q%%x9c>2WD+D;yGU1PS>bbZy^3yd^F0G;
z6}Ws8aMSSvAh_l@VD+d`tNSkBT_QjA8^Dr*YUFIm+-v}EipSf&FK?J6U1OqaO!bV3
z#^?EdXAj76vG;e_OWExE2t07eidiGhlNspeYr1~rWBb|T2UU)$nVMhnhIavYv!}fI
ztbbPUtaL|18ye)m(_@9G9;>4&I|?<3_X&6-p`d}OO5IxGP^)=sJzUHj@W0DYW@=kK
z;+Ls#P`{0BwlD)T6~*X)?xBS@sX&d*Af?-6_)1+|e-SI7hP4S9=(E(TFe65Dg~vYS
z3K&bB$N)#4zf(e}&sA^R^_g8G^F!IE&{Iyn40lch-)|sPz#-Q|-(VTVS{nnH{rb@y
zgy8{|eN!se%@;Bb%#!GHxWCH*NC>upautMKDNGRLxim%%aFFt%ztuanI&bNKYqldj
z>p0-%ZNO8Hz3qniS>FaewMJ`KL3HvVC;d(J=<wtCe+1s>o)XfNac5B4=r}8v$}$ki
z`rEO?RDWhOU1D#da_Kj}=6<cqi(lA_Zapk=bOC^uzW#XR^l2cS-gxOwi4j^;k89nS
z(ju5RY(RSWZGFj4h6vfJQ7?^AZ$uVGsUs;YE)SS60`>XjWIr;Tg%OC986e3rENu9w
zUixAkW-1(OAc~*+z`ZJzjlA?3*D>06&SMVvP*Ah;fUj3$P0z5uBZIFY8~d(da#*Rc
zp$n1<&4}uYb~vu7OcsB~pWTa(<hrg0);3U`$v|`8>u+U@xjvd>W6h>;P6UA5T1>S~
z9Aa3~dTSU2n_s+sc;1k1h|UzSauj?qfGzE1CQ)c-_bO~@+pZ13joXlJ-VWS+9B_)f
z74j&Q{7>%#{`Us}29ufB2z)<GCE)RO{F^hZ5g_3E1!ypHsSb*U#u%I`iwF4i6NLzy
z^0T(*b^w=m{R$nPaAe6*1pojbzvK-+4&c3hvH*S%8PSW;Dfb9cbV+xS*VMI>CW=W~
zP66L<6Do?w@|KY)ikuS`O$n)YYmduD`^&;AN<7M#C8g)Q=)fxqLCkm^8)jxKa`H#Z
zD&-t`V~wE`U}b$*nkapdrQSfRKp5CX3%D_OsTw6UUQU6Sr$UE_lrbc))*0?J@l5h)
zePg^4Tu+H{84TD$)&agOo_|&^H+Kv$arlP&PsWAES?imn4H0w3K*%Lh64>B*u7;Vz
zbJo@=qY`}=g)s_?$K}X1_SLzYfSb1>-MkIB;W*&9DZqUM%U?W#{NlUd)@jj?h{L1m
zu<80#5Np>myV<Z|qI+$9vg6Q<6){^Hg0R0!$Tg#3U8kHMWw!=-Zr88;<+^=&nB}Mg
z0059*^2XmsPA?fg5kj0o==xhkxkr>`qZow#afX|XsANp@<g<HqQY&z2-V6wDq?kfW
zJ#xPoss8a&HDuhr@_nGJi^z467q3Q_`_}F&?|x5yT&%z7WJ2!=lE;=)jm_ETQno1a
zLg$bD<_xHSKJ^Y5lo^oI%>2ouzQC}l6vZSUq*0av4BUJ%?}H6z*V5)(zwlX^;+Mg-
zrBC7MQ1zg=AJyY8<7;D((9*gLEFz<C*K!%Uo@i{j-c~NJnI>VDt}jZR!a>Gx<j!Bq
zb6wY!lW{IH>tlvvH3L^|25#Plbn|h*)tiBpqd+A;l98YC9pJHL{f_m3o;jhv11RI{
zbhE4(1%72dDs#r6P{5660Vhk8^FzuSCE#D`sk%*_EY=~Svx>vA0CM^_U0%H5@jLVI
z%26=eTFEbY<4MTrlSuibIMIU^I2!=x!S(I$M)8|>qldo$bPaoDqR=$6S}CM*54@p^
zURCLoRjb5?!+wT+{nhiYeKGvDsQ0V4Ro(zciDAqZG{`o?83MqAo^raPQu<_s-C&x6
zC2-~p30kA8Moxi%10vRc!NOHfz>VE_pJoEv-&S`Xf2&XJ7(d=lNm<)fk)XZDT~A5|
z82XO0t(7_8I<dD_fTz%yrBCUwmQsd+Gx4(dUN)cwP_aQJ0H$FcHvH<jHEUYHyGgXA
zSLe)nV4wR=Px0iwEOpDlyF-FG?)ngQ&hhnIR)HI~Al<wbxOppZ;gP%DF#q^>f%lKE
zv1fqHY-d?#JjOZbC!5dN&rj9^jSdiIC}hYec`(xVtSd~90K(>^T9%co<+R~}uOa0t
zyME=q{pi|5Dn}&%0D%0GH~u~3?oWpgVjT2uAc#YW7Zy?8tV|nEovz`(^|Uo0FqRA;
z<eB_je#;>nWmZ<)e!w5=+vF2a+f|9G;bIV@+v$ccy@3yDKk+yngOR<lXYgg9fIUp6
z+?Y9VhOVQsC>ysqHz4p{qr^03E}Y_^e&jxLN+C#MG{xdh4#b3_;!urxDxz>Auir5?
zG^YBFh*Ab6NV+$(v3JE_iWw1FYifX9h^hB|V)wZ@A>$NzU;NqTP1$~k+74$#l4o-q
zxFQg!Z7krG!)^g^P&#@&5Tizp$B{wi$s2*2HxKN<&0Bzzj-ca;|K<J2zxq9Zjbrp8
zHSQ190nyxc-Z%VMm9UfPN6x310Lx91crb_Tx%_O~k;CVaxI^ejN3m|rsR!`vE-&8y
z1bg_9$WaRb03g5k&HoxHzb!P#Oc^580WH5}9k}{kbiAbV(8ljrQChiHhlZ6HpQCiu
zy3~JZl&?$qx*9J__^aFga-F;YT!L1VneX~1NQP8}&V9xxn%nA{5cD;-L(6U2oBblx
zmxeG<Qk1XWry3P!{F5j#dVX_gkc<Vl-^Igo8<wzVvw>s<!~LdUt_gP~e?8!1lTBFy
zvebLyzGk+})y<3<gHln3Tp#O`i1CV&S=nINbCuz6pozyl`99Rpgu9;%Hv>kUhYo;Q
zUnU80Wq*&(L6;;+UT>|auRnvv1mNOLz|C8bZrKXlum#wB7}fXRJcj%Oclx<A`A(Gy
zaOAw_9Q-CspgJsi!lxTwE+a@D910x1Z}M|!9+fdjbzW$)H`ldW{_}3R;h!9Y9zQ5@
zlmmdbYzFdQBjrn**fRh(NPr+q8r+o8C<(h?Q7f0J$x$I-2o``df(#~X(n<KC7=Yp0
zA>KbIy=v^q69(WZHBrj;%#zGThL!<}wmV`-oCi)y&;bUj3%_ip@uJ}kg!M%UF|a}*
zao~Zy3JL`@9yBonN_98NBrqP);&**){gc`;u>M*vfoSUarEGa_Gsa^(Ig{S{-}=nm
zC--u~W}~nTu&lvt`)jrZ0>yJyCaWmlm0C|tZf(}?IL402puR1@Vys8>T5khdu21>?
z1h)%=K?~=ESl?N_B{b*C)KFq%@GLpe`rd^iBp(78&KkI8)4&egvIV$m6AtO?jx&(Y
z`xbByf5&=_zEekN3V>@k3Giz%0uUO0<@w^~2kTYP{3n3v&f%~|2H-*8@M-1si@!$7
zH+KEXp2zFHBSnsC0002_#c#O+ssAhVi;XU!EZTaalcOn&Xrn>_g5u*enG5A9UZ$0!
zo<{I`-tppEN1oJ<4&;04Vi_|2bNRcrfvDEfHZnA>?$SqACpBnck`5t$J-~()yhH8`
zRCrw25K0}mz7CMkbxaXz+&+x|%Ja>GQ7==e#VHE0v;+QgNCl&oUyeH#57?DsV@3*z
z4Tg>Fa@B*J$SYRG$8~WY50%0F9C^eF4zv&5Gi6Mi7e^r6ongR0nEH$RXI)@U?F{FG
z0?SMwfS3v$SIs|Ckm*<&?(>B9*x3p2rTx!N43EhU05@z!x@8OS?9ISA2Y<U^e$_p|
zA3yBZTjP+(94t5MTu*-d8yzS*01!O@G;3VXq)^=vF`)&lCa=4q^1XxfAds)>^5Tn6
zpi2+A9Q6PI0P>69{B|I{vrVE~XYn-NQ*bTdljEYd2LiGnB}0|P;*~5sp_xWwlvyTl
zKPLNCZ=f9a>nLAFuChQFys+Zq#iwD4DLTI_goIWxEu=1}&uWa4Dr;7#z3&$`z-&Z|
zCqH529C*{XtBgU^PsR9*uYqPZgN+J}RWShS?KSjxG%nHjP#c=@5HMv2oB->9AS%m@
zF?-C-*bu;*8aKCo0wc)t)b7`#xQoc#a?DWn&(ihAV9o(31(Dq6T>pvCO5<U&k)wB4
zGzQ1!egH^ZAELI0^H7-a;PGUA#_RaZ72uXFNH=c=ZrKc+7&tsnRQ}yV$p7&B@f;}z
zRlo{gYhzLX@WNlqP8Z+PlWvRFAJDFS*7eQnwgqUpb<v>-^Q!khl>gce={KKnpB`d4
zMgYKDI^^`H0G?OBRHKBdJQjQ8oa#{ubtv&<cWf%^1XLzrJujiq;2al(#6N>@MKN%T
z(bx})G}AG-DfQ#)eMRv^v?A9@UtrNt%<{c@omNi<TV+8i2(m?$d>ySGs&K8&&D#&f
zXxiVykMvCaj+8KX+*n}|lc4k;e;0Y^rlc9Xun~4(6QaP!I`BN<JPcNnTz^(}E?yrP
z&XS2wb#_M4082;p>)^&P3OP&}(+F%cxG2{dz~lM}NaMCJlNABe2t?@F96INiHBu0x
z2SRb(OL<~+xO{ak)VMT#88{BwW;S$uKZ6_Y+tdM<ZUCOW1?kzFfa^8^8xMf$|MC*~
zsykafsOvj-@CODFIA)+&uGi$-EMuE|pSd+|bzptQhFSoCmBIBdc3=%n-Ufpedrf%i
z{}6fck}h{NC`X4J6951J@{8YcDsuW;<g{z}LKHb0*UU;zjeInjXwfk<;AkyXZtV4r
zzn6Dmqm~~f&hSDI%HQrSTmJF_savDd{TR(s-HVX7!hKQt%oMN0xr!ppJ_gI>GIeTw
zWc|z%dj83S6jovpCFs0jX@@<tIWIo&LRe8a+ER@gQ@H^E;I^>=bHGfDv+Ez4ckW(h
zW^C@+oEf(OYMw*`rcA*`U@q6b&mA4u1UTi(o~N}_S)bCTR6nbcGX=bqut(FERxbuZ
z(kAuFl+kb@Dah|!F4a$|cm=%C*g57*`iehmUO@v^s4cGF7yziT?EGh!t<K;B6{v4Y
z!1b#GJMiqyz!e+z+Y;o<?*hJRI*scl0HsMR7BFOe+3c7iUCn)D<tm%SJB4^1xE!kh
zP&7FP44hHRRzRBiZ=zpZ(IIg*#8D&13;+Ot{Gy-zapd&gkTNVnXgmS}<r?x9fmTtu
zZCtFl$#aYn@z`5yo(2D0@(z8xpOi<blhlRd#EmiKPNT)sP?yqQDUbC|)w@+=9(u_F
zNbEZ+L-R4TZIKc*ufpn8+77QA)i5~kp_evDXn?_EqwtfoS>{<}{36Pkw+nJv+;3`p
zm^$UTqkzeQod6sH0%T=vI1el+yP2m5`YP4$*pqGmVCgtjuzt=ez;a9%0}v4gKWd=E
z>)CKF<RnWfPs=FtNB~U3h7h>ozMArKBmLAcoZ1#K$o-=I4H?+E0G_pZU<aPF2{?1_
z!v*>6-v@r{ftDSK0Amr>b&&b5*N&gv`7J59E&zVoH_U*l0~5_br_%$ca2SLi=yLa$
zZO<GXa!dgL0LVY_*8c-YZz_{Zsdm5{DCaHZIvG=6vwoZ8GcKDI@RZS0<SrhryLb3L
z=Tr{y8D8m|O6EUC5KzMbfih#|p)pu@SWiH~GWFji_yA4cvWHoaGAk_UD>c9o_3yl<
z4$XL(617ZpN7bYCysf=P)7x{L;^wml5*&DNUbre&VsY%*>=82!YP4Z_X7<l>FKl8X
zq~0#wubz<o22h)5Zrk(9b6HtuG{&ivXLS@~XY;2R`emCjuc0EXhqlMY+9~k`n!VRL
zrabRlIoz*^$CLYm%d+n{CLe)X?njrez##zviY~m6e4Di{I-d+c_7dK3tN=S7s_u1-
zj?Fq}0o<|~={XyLn>PZ-%QY;2^a%26?v;=SybfXTV|7&>#5*@i-%I_Yuvug5Cv@^u
zKLT|wn7DoyFzxH~FS@*V$8_f$`Em>bfVXV{a4V3ngnG)2CkZ&?6&ZG?pc0x1W@Us3
zkqji~7uYlSOnIOxRHhRFqW)3u&DsvoLSt`YtZ%qqS^CB5?GkdRk2ndkd{6ahz|kn2
zET#SBs7>pG+{WYiH@%+AiI|HBpsAu_ual`n2SBKOjwR^O0L;Z6A9vQiX*{>_dp&kG
z>9`St<iN;;(QwbF{%{Jm6OV`#YV(^YUS(G_<W;;bVKoZ7LZ?778x{32Q`~OMWS!c*
z0Ier!695;Jo_e)(1P-R=0{5qzpWJSeX6Fpz`KSz`^RSiS;`UiPWZq4NK1BcJ1+V~c
z)dt|%n~<Kf0l0Ppz#9zi?UB#D6Icrvqf(bF235XSuib^ZNVh21XF%G#iI2uib+HrG
zQ`G0|Y&48+cN>6Py4*d6qgakP0002_C*FD<^5P=^P6#QSCYDJCPdz{Tj+HU*Bc7zy
zflz^{0-vH^X+h?GWncpeYanQrmA|6b#*2thuPSxaYXDM^w2&LtL6nqZ6<DE5n1r9B
zb&tS->*s}xiHwt5z-V&}TtDQvU!8I8{oFA_k)&VjH=b{NvYt~k<Fzv8O)S*v=uQ!o
z@|kvaBJ;xfg3H&P0_<V(JYXXd0WJnl%2v3xO1o07`3zHawy+0#i~!NY1c>aJj!j{}
zG67^5a6}+24DF2d)v;|H4XP9GxKNLl``q*e;8_GSQ0)Cj43*VWK_Qo~I>F{rba>d7
z1l+h0={c*wb2b8(t{~rh5Ag9lRKE3P@1Fz2<I6iCY!2${&w0$I*g+c~eqN#bxgJ)I
zFv1*KGu^E0!f@T4$lcXl?!JkmT#iWq008-gZ~svs{|SK97&1-9QZLFT9#h#$OEwf~
z;1#nn*O!cxYg^BS>Hf?Uzbsa&J9`MK)C*u>%8)&+@wX-xPTq{wpF;={^Wc;$sxmQf
zRT88q2HIq2Q=dk(v}0JhS|%HmM)`>%W_H2Gla;sK!{u>UXs<m_21oY2&W$AB@pS=^
zX}r1QpW}cOd3gmWkT=f;sDK?ZR<8d+?Tnr~{-)by?LIXMQCr<J<T?BsgD5?A+X3EC
zam!fI_!Mx+z=qaHxrafh=nd`{ZYTGnzHYngEAYu(HU18ijo&+PCu=$Mo<Zeszq9Tj
zDIvkW8bL0{g>lB`oIJ7w-yHiRq|ODX6w$t?v7Tzzl#Ws$V81b=qu{w=K>@$^sZVM`
z_7bW8fv#WqZ$X2OI_Vz&lA}}7AN{L81@Oydp(H`Htd#l{zlbfNh>brRN`MR!O;jfe
zDwsm$`>P?z{X$~>!}S*HA10+J9H)e-Y&A?kRb<ZiMT&rckQog}af%WG>UYJEP<{BB
z1sITm<Jh_V&h1i9j6DYH7pDlu=X0OCu_W~G6c#BLM?ITIl;j@%EOlWvqWrTtLiH_m
z=5~$!zFeXCDGExBFF%Llt0r#W^Z40*FQAymn8BJDYzHoKZJX7X4YPW;I)AMU9%r5-
zZv0c7H#TRK>a}~^4iEtn(b{Ns;f&*-mi3;75uocGosIgNV~kMehnqt(7oc@ifCe~S
zl=zS_s)O|rGdG#%0Y8`4a+%BhPzHkv(~UOgzmtJ)5<qvll)mHjW@Bjm+C}rsbfbi&
z3LwjMY}sfR2Eh*VVST_(j<ACT<kMQ#u^X=aAC48{4;;e)0058|{|v}~;`ZRH5iN$D
z7O_#S_ML9sQ;$Uz3Qxo`p}euz$(!>6sav{4ztW7d_;alj8=O*yT-#)e3Td3&361h&
zZ(J9V)x+qsvTs%l02_~{?G##JrD63|g_)#m1yNjn83!?p3`$ISS=~EQ=4?#3{k(<B
zDN8cA)*nvMf%?+Q*CS_3BdCdVFZZL>qwD>(&3rP0PTQ4ATd4iTBOm`}h3A+CjC~R?
zTJG8K<6_rX|CD~Wbp#sQ+_ohGr#3cLwkhx~m?Mz+#OqwQ#X0X<>g<>Xs%QC)*Y((U
zdQJ!fJzxYwxqdc)qAW_2lR%&*@>m;h-R5$t{ncdtQ=9EtHi!nC9V5n|#(>R=?;B8m
z*geXEm9|fW%^Gl)hPc1Z3)Wfc?3B4KeWl=ixmxSXY=s+R*3lVA`9A>oS2%_wJ^m#}
zx8xW6+zCMb2vR=JQJn64dZXwyZb^zZqV09^74Jjix3Yi$GLAzX>|mdg+0T>G?zK8G
zNN@|BCavCM?J{H5<Q`brvS1(!fel9P+V(LJU~kGji`u2s9vg?EjLA50I3T3tJ88pM
zCl@D%|4lt2=jnB|y?TO}c^aA@p<b)@NiDqgiN@`jy48EiSO!U*ZvF=Ca0Z6!#dEYM
zJbyp0AFFc#R`e`>izO>qp8w5Bmo$zVdT^`+)!DHOpnGI2n>h-qM^JXNrudC=sQ2+W
zD8S?Lqy6VxXI&%C&`aOheA7BbYuCUJvlTqwO_%6FT+S0mJfE6pvRBRHD6DDp4hJ`{
ztWFemb54Njhp7G3PMs%Z-N@W5_b%iBuQC>&LQdCpdGR2QAvv}g008Md|Lc7KegZi?
zTqX}IPMeGzZ~p(=d-LGimaD$++xz_9d(o312FYO*K@`|AAQ><SfdnK1Bm_dZNMeBl
zgfha;U<?JA!3v2S85|7QKw&3XVo*{g1TMrRA_*f1!()mK6-iVj!G#=ffCA(oG=QG&
zZ+HGUd#(Lh-|llYzUkiGRk!Z%oU?cD?$zCEeb;xb?j2?3*|}2PpR`}MfI5pwN+nS4
z-6!n%K%X!eSPYUX4GrT*B`wuO<%WEA-TA}*To>Y~001BWNkl<Zc^%u8pJxEa<s(%E
z!{4KRdMfK__ogXd0;L8@+dYAJUbd0mp`g6XP?F^+;TZ#Ti^XKa`^>OND3EoRcY2)w
zYc3PYINHWAL3oXW(v7wtpM(Z8x5QaL2n^GEwEBGuBFAL#;#-wLG9%2Rm>Av+vw&4|
z?~L9yW$mGyXtPt?<(d9BygSM#=U0pc*PqSHG`!L7Yt&`NzJwE-u`5!J@sPNwz5nGa
z$RI;FSX*Qaq`LM9B>0xl;sq0AfgL5VWW5Q-qi$Qje0~7~oS$o5r_^f%D(8zwd5~!;
z_bqnbN*mkaVXoY!3r9nGoqGH1Tg~`Ow*df<r1rz#`bzcXSw-0u8rwb2R+CmrhWTa)
z0)<Oei53r2K$bB%dwups`?ligwe8R!?aCrit9eG@6-0@N&v3`gFb>L5dmoDjI8m&r
z9Q$Z|Xs8ps1hqT?EDXE2(aJW);=I;W(Qw?dS}HOaIvQ%8ap2S_`<==K$}snXQ<esR
zB7V&K9Vq0O0SslELO!59<9d#3@v2~q2_}jm(EfRWC%N3H;~#ya@u$}n?JM%`RZcTQ
z<cy0Ob}IYmdtuek4tlQfTLCr%UYKKi(MuQ*8qP2RB@BVFqQ_g-NYLjKM<LfG!fQR~
za01on^Oeb^YfPr2QRf=!Dr>E5Ym{_-Cw|8>qwP7D2;L32@WfAg-nnkN_00fqGKm=f
zm_wd3MPNzbv0NkEDTIl(wzaMu*fJEf^&zi?K8tbL0qo~3{q!5U1<P##03@mX$Ul6c
z)V_UJSPLl3b)PurtF<pIdK;$r+&hbFGTFoo!Uc-C=fATu>3z%or#D7QE9)?&Farb8
zR!KD;57g~-4|E{CQ<I4s`GKm}zId5XG<aZ>unGUMPu{OW@kX0zQ~*XCm}LC`41Cd(
z$NGyG-6w6_<kj1zcs8)uPt}+duj6`rHo#!<hSP}heHAdWCHs3KtE{8%&k04GtOC95
zHjZgG*@pZQ3__NrFMY2=s`EDHV}hq%soUkc&KVZYQG(xGBN+Rfivi9shd3@dN6agZ
zv0C1Ov26SL2^J*c(5uZE*8|x$Fare?pzZ=97sxsQwuLST<Q<d|l*YX@!ez$^>Ky7<
z9UGT_0!H-1>HAW5hg?E#$YG)bwc1>alE#1CuTMSMc6o4orF}kD@bTQGpI)L{wA?lT
z;9UAws`a1CMNyPDjP-EaqOyqMy5iw9cwM2`K`(_tC|<WcD-SNhLUn~)68-G`1s?y;
zMIX5aU@YiatXELBZS=P2#T7#W0}`LP*pu$<W4+-mNgGXPEI=v>cm?^a@XSssvZ6vP
zU=4jPUXooC*IirIa{TW~iyke<lL|aSHy)Fw49P@f7Im)%E9$4m&arR+5%LRzRhX$5
zqji5yBwJ;_2ogD`%pkI)M~C*8xr4drGK}$Y+0!d^gX@JrsDLH|GJ`?JcPVSZAOq-h
z{N_wv0Pp~&Kv}<Jv^aN|_(s46wu}r><SBUwi$JT-=0KmUGtN`?6<}4ut^vxH#&UAP
zC+kX3Y{0PS&5%<t4aV3oq*KB*HfMZSONNVJ?8~mArOG$JK<E)?h|cxBRMOwoEnFrV
z@YXK<v%dUMl73O^>4PO<Q4kB!BgG`6Au9CbGEekL)L9Yyp76&P{7^BV9>$$Z{hN}_
z7s7Zy2pWXNGE8zTR_*ok-t!MtHXhF_&&RX<`GdDIQ_LsC;-D-YXoSH@DmRSF1O#+b
z80Frsnw33~_3T9;X*>zUJf<4JjCm)fkX>$`lvJ(>vDslUoSUIwbN<}q;Hp8cXcy-$
zK}sm)IF*kHTa?4#&0+22oWXo7AsKw8Jh<+%4*+JxxNY}FU6<Afzhg`|#%+I4ZTm3)
z`&_o(rkn?86Z=uX3gpG-vfko#TYr50c)w`S+iGnyIdg9E=wJ8P`8@Aqo+gU9E7i4D
z0Ke&@X<gyqbeZ=Kxk`f$%I5=EWjJkpwfgd;MeTLEh0ARR03@k@)>nLpq+imyyl174
ziEhnf^Y7h2(qQmD2NQ8`0s#XUebIj2`8GLo+ss7q`2s2nX|{kh-X9CKWOJKhjs;$f
zAW=OGOx8~W<$z&g6x?9)a~=T;`8xF)F~M?#D7z11Ut|)VnQ9yJGeOfP8-IZbLq^_L
z%A*(<_sHxT|Gk`rKk>pG9I}7emsWpEgRqR_7=5I-<zRu&O_|3tCNfOJb;)3}zmVbS
z#@;s?vu<rGUMS`%z2n#svRvD9Or`^C(oM!1`_v%=zM`3INV$Gn?**7%*sYT55r(e-
zDU5f>WyqaCJEHhI8p@n7r^kPfXI=u#!)teKt>-f_w+N0LNDv4)V4vx?O8~-I5bE2$
z{H~-YENZ`{Tf8i9{gPX+v>*AF-%xL#rDeT$P&V#4#sWwh3X_Wai(^7IT$78EhX4F`
z_pO3%IH}ar$RSQws6%*CG|F5M1^u@%ww(&rj1f!RUu2@)pi;p^AA(wo{~7ZPnYc0y
znGtj_8(*r_b|zfGJ0Sf^qdQBwivLpqm_eO-Wvcga%;FmNSoj<1Rvu~-bTN%dUsM1Q
z`!^h(B*+l=7mwKHMaJS!Xv4CP!RdxdIKjQ?Qa|QU8G9Iw8OY+ecawMavyJy=&I=5D
z87uUaF<x%_4W@)413sJbA}bXo`d{96(D&z*kc+GjFxF~w<A2f7fL`)3NV#s;5ah9+
zG{_|{f(D&z0iQ83xYGGP9ty?&Ov4PCoV9}b9LSw4T;-sqtV#SUg>xwYYL}!ps;y7I
z9gM$pn*snyYCrnTKd*K9&(9ys1Ed0#lo|L=YttZx5-Ic?m2c0p{LAsaQHsIT_^fE>
z`Qr2MRDO(C#scQz2*Y=c13Y*z&h?h4mY`-+q`pVEwAU!xlq32T296#{#+K3EV(i%F
z?b*!ACcs!>wAA+gO{sG?_6-VJdw-)1gZIK54FWXmPLR+?^miCP?d^|OEXQ|jV}PGo
zo=46<4-xS`?eYql=J<v;jk(W0W;@!R+!iN8PL*!k+YtR_{Uz4{^R?8m?ANeQQHlXu
z>i0Ylhlk4)V*|N5i%=L0Rl`AG%f94xO#?lYXS8nyFr!T#V(~4nPEk7$At=axnjs8;
zF=NM~Pn5|3j!_6+vMpw?*%v-z7-!BKn=?Lsc|zu*l3>a3SGI3f4BVzubdsc1YR_Ey
z=~pk@e9M*F763?6`>}6&k<`9+oZwghMC&oBsJzNHp<b`!L>7#HB2F_VQdN$mGFk7k
zDSh9fl=s*ImZ}lrF`319Un2=kFy=)4f&zor<}xdapG-v<p+2_Jl}J(W(ataceV0SX
zn(ZpDjiqw2XN0FhW$Q^tQNMf6`P`){IfA!5xCQed$9PksuDsiI&17Z>C=|F;no;)(
z<>u$kE5?{1DUNNo`nFQ84_Wm6IX-_0ifQx+^y09Uxc=I5FgV@?7>2w+5f@|G_c{}F
zVtm}YZ(So0kao}y*=3jv25uPNXnQ=zf!(sVEw1Hn90NC?JY31=9|1}MaaI>WzqdKs
zTNpAVFY+2eUKyIhd@5^*K*63#a6ULjTU)NL=5v|-a>t{{7HvvB(RP{bq1Z23`tswt
zjmm8e0JidtlAb3C$_gGq8XImy;sV0N&&2>^()VqBZBy!vUT2g-yV7vNxJJpW`K=7-
z99~CK{!oCaY^j8{#V~l3YgH-*)CdX)ikrrk3p~ByzTd~^M3yl^B?aLZPj*2v9Vv99
znfHcPgA;}0O0UH|Q)h*84qWebCP)hzwB2|+*zptEXz&7rF?la#PtYX`e?S4}c$$G>
zW;uUzWgP~ONvL_mDnTth`R%v$YCCEbvLdi8_hGz;x4%hySi%j@EL5kOuTbLRTi?ny
z%eDitoEMmP%MF{?1{}f@Ro~<C1S$kbWj<lvmn69j*tpX%c+##ruwHYH0|do0$zqj6
zJOGEd){SxM0Lv+e`4VSHxV{Mnuz&;31<EPf69C3a$9#%<DAS?`qFw-l+=bQlKJR+`
zTNbr{GCuUyE)yx=ex-lL*WRJle@tzCYA#4$m{MI#@x4=)>ig?^*VC5i-;nVSL*(@o
z4{23NW^=D$ph1D4V^Wvh2`hFB5V%AWLNUO@DT+XKkrf5eDngHYBO%WzJ^xI_k$oXc
zA{9@VG;}WFNthz)CoNw3PEaBhW$y-i7-yMmq7R@^i=sn4*%x|<m<t7jv~fp7%nQ=W
z!}u(F{glx#_jqkrHO%&V$S{ve1#m207!00|P1&M`v5(&hD6u)}A%~=H`#5Gvn*;RF
z>n(pTH8jPY90VI&qq9D+&m2<+BphGLtn6r6uvN~S1D|&TD5GI>U50k|<s47<WWqem
z2=DobznL>a`TN=%fEdBdqH>fm$2(X^dh2wm*mug>bqL35(6w7K?Y<@T2i2Fqved+n
z+oBu*U@QIUU;XY<`#JUYxbqh_fo7-JmC03&cx>-$n7n;P1N!2or#>AXEGBwG`7;+k
z%IvkN=?y_a`a)%U*)Cq6^`pJ+eH3rZJ=Mu?ROHupR%7SehzboTT~-2=rz<S5CT_Hg
z7k%2VVG?L6$Zluh$Mb2B3;-2bx4j-Jw;7NqayG-8tklE<9pr2V%;T`L*G%VJ<#-w(
zE(YDky|6$We_`xlD2HvBKKENSI&ocQ;#<2D97X>vWJK1-ccf7E*LUoH=eU^M2{bsy
zS-0x<1;~V60MOrW*q>L%o8Wc(ZAjFW%G^tR<nsw~_I^ksXybe@0E&Q7`*X{@)V{XZ
zw&lj&{$w1$p!qH(2ZV$35uuJ%T2H?u>B)=QpXfF$2LM3nPyd?tm-Nf(%llR%MWxer
zubPT&Qxd(Owio*B2Dtko^@&)#XeiRbOTLhNmBt0J!g2<77)^_VvaZ2MZubpL0NR@8
zoI5%<*?HTkxT!#9hA`UV%G-^68sumn6rOvk?5oQq?+IWN-jnx9c8z;S0AM*+G|G5j
z88|jKF~oz>mMMSEHyT-!nTIxJUh)7QP04Z&aNf*-RFvVxOq4<N&(1H%YXHKs-p$Ab
z>qL+^1AE1o8Ca%_98e9w18sIzp;kB=L^65O4k9m|S>UV=>34d~?s@z8l|C|Ld0{PQ
zo6S)u-7_6|k=X&bqW*CJ=4JZgr>>f$T%E8%PmXQ=O-UcOsQv!<z}utvEWNEud&&Rs
zZ`7Ahlk{&T!N|1gxiN99&|uOT1YB4kIobPp(K5Ej*e<uuM10I?Hd4fibXOQdvRTpo
z?V4e~f8X0OFbA`E91PN+=<J%L73uBuJ#lNG)Y<1i_zM(1yu}8kOg5u17K^H)Aw^El
zYLh|n3@Ji0+|lmhfnL?`LKza=BuFDA&G{0~!I;EnpBM3c$`mgM@?3%FbB>87hKQb$
z%b@LJcJZA7@H}Y*V(hMQI$I=gat?&Yp8c~7`T|&K$Ow3Zac%o`(Ka$?*;ih(sN^-|
zOSl$zreJ7_x19}wED4ZI2e41!)#ff27)nVcED_JhcCfvD>~p-FEQfN_C(8|$oRD0n
z24n^b-uf6N^kM?m(}V@mKIda@ME^3o|D-bi26hp$FJh;j09Z>oVm<Ztdy+owb~gUf
z0RV>5e*7C=CF!Y>USDWTzSXOEi17GYS8L}N`^5SFlJH`mWuK7OcbF10Z(OoH#Jye<
z#;O>g35`t;IKJmrx<PR-d)@iB8N0rmV~3<=3xmMFVIcU1JhCJ+;E~j27>K9~{iFdZ
zUI+T?hA@mzfDp>N#8~b7R7R)$|Khn?|NW@a!sskpK8A%GvY*=LN&tnaoTvmtUOdmd
zO^m~7H^T8uXJ%-SnJ5-YHQuFO+5m%8Se~{&`*dR;kM*<zmXz5QWXid-efAJ74~F76
z6jmevsDZXfIL#!`R^?ynngL@2jwwsrlSa}2Ufu`59?y%p>Ffw;YmOJ^Ccyzima#r(
zVWg70$J~c@mJvPv8SB9|`j*-R)RY~8QLD~R>YBdGWnjI0PGGIad}ke{y`h8jT1lU}
zsNIq;_<4JZL)W8hrGNUfpCsug)R%|lB49j@-iajjmQ;TLfcU<6l{5-W=AzefzH$35
zj$<X$KqCRe<FP_g<;8Qt0wY>49>%5soXVHoH_+3ZQt0bI314Ur!xyA7XLNDYGZ=xz
z`WL_f#+Wh0sJBq4t=8|<D=9}0dqjPOF#xseo^!~mP|V%Fv$~v4C4HI-(E-Q>b|b;z
z6%r09-^~+t5L2jJ9}5_+=x@@ss`KfRM@NI_V<p)*$^J%``E<OwKCK>aj~l=tSuy$x
zV>AH231FhkXfVr3m3G~w5JUNF>n_?XVGA(U#%ehdIo>Cg`OepJlfh!>vdD1R>q>{|
zwD&W{mGxy8F3h8nJnQRE^`62AM4Q?l>m2j{mpaM;0B%<LXMF9aYQ1`i)bFedoQvhG
z93sIlvi@sDZX6AncAKy>B`s+<XP$KzuYENS)$4=d$VEzO+zg7eE2;2M!h@X|%K-$O
zpakF{7CO`Vlgb6OKNWK*n8-+<fr|ok%#aj=Y``oGER{IxX1uZ_16teT*=ZDJMm+BG
z@s7T`a?}3ZB_rTl-Eti4v$VILO4!+;;r;+r=Dp>Xx^*s_FvJcPov~s&*V8`6Zq!27
zF)yzz9_)Z5$38N^wg1lN=K8_9$Ua)z2M{3DHQ@6Kz$EVpW7+oHg#tv|g?c7+Tm(fN
zceK-43!nQpyElsOXqnBA0$?_sFavUz<XJp_++SD@Fj&6*_I%x&)Z0@QwR?0FNe2LU
ztEGSXv!5a9#agdUyBAcw!H&h!wh7<)W<M^fVu-ZUX1VCi3oVr2#JHZHs-ggxh3=G_
zFXFhz<BNh4aE~+Y&1SIOroi*siBaCAw)d5uy8rIqdAxg?y}#^9VZA{n1VK>BrESgR
z!oGk7a8}0+)X+}@O_XEY6UOFr11AMK^B^<Q(lAF{dHNhI;Kx{ukcl63<LpCW1_){d
z17je|nXDmKA;#6b*<gnvrp>wH0KsL=bu}0`0wQ>~WG)IjV=|htbKb5JV%nZLfKciT
z=m}EY&P;HP&p>_j>muMc(2yXA?=iqy8$xH4Ir>Vy<@2Y^1(em>10a}sisQ-kt9oCu
z7)_GiEa@{AwO5P}y?x680N#eupZ4E;j?`W#^;Q+zInLiU4<(ZSG6dir-*lfZjTQ|0
zY;hEnk42eY+yq2OP+V)RpN4%v_icP`{1#pc&ng%^(#dxN2<djccG*D2)yTSHvG7WH
zCceM)_A!<SxlqX@C^=2!83uyX{&r7cFDAg_B5i5PEq55eo1uKA-T1_*bkPPf9{F9X
ziHNgv5GcEW+BT3??lT}7zj0h#b_K||XN!IWFr0!b2ND6y)*Za${Ev2=_G@^S00Bk-
z7tSXKodpcBpA#_eWd>N2HEOlp!&vmu5XW=)_D~1zab0;n=lUi`&byhcSAgcYhwMuU
z_t<)lbz4G-7v`(Wh--=KjcpqN-wjEhy{P?|j#A3Z${fW?d+FbMk^1ti@&X$vss3JK
zb}Ed(_6-(vGmmsz46fvf-X$1M?Gry62t(W^9)4Uy#hZ%@N{;kzBoevTL!*CvhwU~H
z6m+zMAZUAbw5Rk7&x?BacNkN8hi-J^eFjebB{l7yTQ+)^SMicIMK)sqc+NhRB#&Ax
zo|@`2+{h`$WgDA33b^m>C{3Ptb15S;TBSX0uaomE4OrWad<iQNbjH~9dS5&*+D-$t
zB161*!CP5yFiXSSnf1G29u)cZI<NRrrSkoveTyLgN3^dbUM_o^b4`YfZGFY{A-kCe
z9L7~J)M3>6QWGpozbG>p$Y>i+Ys|J8@J!ibe&=)WJ?p;4{OA1QHEP=ndfM2=A{&C%
zW#82jptOMQkUc_7g(*UR;(5*_o$FpDecoaG=j8wZZ)0gM`@7#Q^)EetqL+D|aQSw>
zn1o4L^@?JttciqEF>G~E@eSSsl)*rkPp&VZVA+l1*h}pT3C4`|c3czZ%J<D^xQ9xE
z>d&F)M~^?g<1_PZbra7q+qKjLrzrGrXZx!Y5J5&I?t1~?M7#Y!qVg)@@PtfhIm5&A
z{Z}a49IH*%F1s1nqJa(hFY#`HZudcUWQClLFJs7g6N<j$pY}0`w+B*=WOVWwr@fD*
zPklEsvw2PflmHu{w*&+LAoNsY2SC)}+s_<`(<64^m-9LDHUy)sUB>J;*|YHS3GC?c
zlMyOww^#WP%yYga`+@%5jDgCp&0td&`MkCtPo97gJDB)VFV4~RWbNGAK|R8}rx;((
zwIT;RW3S^`i`w_=DARHPfVZQxm;LwO-uv=*cBLm3LnocT=Ueq6rdR+1(Q)4wXZaq9
zTu#H$TQ8m>VwdSD(bzySxfh$trtS5(!g7z>J&B~_Cowsq|Axe{FiteuX*lBfkahWA
z<L7KkALT~xC)>Aup2an37~?krma@N^ZR}Mh^vKevQ6U=0hy+XZeIC#-x)(>K=n6cP
zGsmfH?Nj}mea?Aio)t?_=*}huD@Epu<Hxz3bNw_)UR|p3$!)B&vE*6=Fi_vNy9x4&
zdjRCaBOSJ8YM&!C#%^TSE0x2GG6`~P2VY9GH^BPQt4<)OiRb1~%r+l6k7HhS$k5rW
zXnRQ-g<J|)(B9wl*a>O?Bzb*d?reURGar^J2eNo{h6pS?gfxI<eaWKsJvz$8asYt0
zvn(%v&fk~%-|3uqq@fsJqgNRJr_siu$%V8{Tz}naD37R@l%E@?T=d9dCMxFwEXQja
zIAEw?20U0?2^Vn0%y2WP^jzq*O8XJ34z4mbNzerO(<4g5d#ZJD?{}eR;XN=WNg4KL
zM-ev|DD<0b1C4yryaYx9o6xGvb3R?|?W01KARj1bmS``HtM|JkdtI0h^k~`k+4x0!
z(mN!;fN@R`ust{SrL!M{;WV&Zz?ZE<Ut@)NG9VH1DaXv(i?^ciwYmj(#C+^n$J*x&
z8I4%Or1Cusl8i~zEf_`sEHYUsw^(~=5Mgw+_m}bfFuZ(Qqce1F<elN;-14vk$BXP!
zfc_GyX_NbHelbK)ays-Si`sXL19udb_SP>s%B-wUea@Fi`gTdS089xc1-a~sxOi|Y
z{)h4L#a`lKFogNtx+^PsF#`>$eW7uYkz%AlDZpZ>hJl`%R1FmA^Z-LVJ3sHEF`$7v
zRoO%-^d_k3R64x^8+sD{Ot#Yvmm8Vzw8)yQRMsKi_#4KhumQ^s4rYmzd_LRGXSkfA
zui1P81oWl6T&m;Dh0RF#Jib)_C7FdWiGDJK<S*nY#$ZxkSqDCbcpeMuoy~cluW{Wl
z_VK5MuY9f*h7M~enHlu407BXNoaljU2XsX_6JIumAYb>QeeJqj{Jf0Fr*UR3`(^WS
z0A$+N{Z!t|d^;%n%Q-QOYpjoT?CUw^|E$CFf7{9d0N#nRKIOT8O>KR?q&65vU)1Fd
zS3y%j{M?T%RmH;3zD>pzO|l8G0B6PoN{Y`7FGboFBNZT(L|o%koKug9(#@!+*VJo0
z^uQgAuq3q^Ucy9Kr#H7~P}<p_kQ?Q03{3Hk30C6vlj<A$*bf5?etIHh#<}3*71z0e
zbM_+ITV%9U&yNQ!6(bMXQZ~$Eh(5)eB@2jHtDLjV69ALO$$>{a17nrpGy)})1;J%{
z`vz{=znlXTAYA4+<`Ipy%dIdn+y5o8t&eN6fV0!ieiYArVm#>?$DHE3Kin}OP+@zf
zXJ_c#ruDRKLA_)Dj@OkrqB{S|yv01H%tJohxe}~NJad`M4FXK|@!anlT2G&M#Qfj(
zasYsLvaC;e?&nDTe^KjKWpd6aWA_?n=y_0}C~nB8Kn9d=hPf!giSc!6clIh$Qj+<M
zS=+X23hhtOpwUR2e^fb}+?5I`PR3W`+F3j4u@uh=vd;Ro8(%8X*~?Vu;kX<Jqig`h
z!I!fi4kC*IHpT0w#<@pV4)~dPurp9p3|`wmhfEV3(RgtiDu7~{FKjBV<8j*DA(P)R
zgk$6A299G}o`dlSdHcafWMTa5eU5k3*{*Bb325STIg;08!LtK8`ZM!>T`uv=Jo96+
zRy64w!O0~SuK)}H;lc<IG!t}KpD6p(D_)0PUmT{k*IQl=6<{m%-kT-;r$@H`+gA<%
z@GdCpQ=a<_N&if7Vqh_LT+D`urTur(#qqnJq?R=Qc0CvTj9yJ|A6uRB`3(!KRXW;F
zRV&^m7Og)k+kwSe`iOQ@Mgz;B`kO1zq!2CRJMJ&kV*n%^3Nm903L5~W#}WoEo=xi4
zpLYp}Nd^Y&IoW=b8BbGm@0x!*laLCRMmXdOro#csz&yA-d|n7+iMi|^?reX!uMx6R
z2~Z||@HNBrG0pJ^khhGWyf9aozXVjA<58c3_0k^uEde7#TTNvRT&gcWUoi5KM^I$7
z$tVG&%gceQu_4iB4@s6J%Vn?Qe8K*A0ZpwwH|m;&GTmvJ>4(ZPyh*)%)}r>4I?CHs
z4gl~jD(h38`>B$CSn7AzEr6!vlG^TdvAIX@9&;#i0tv|$361=M1=#j1=t4niuS43~
zJ5Z)rkPA`xTHAAxo?dEynmu~}DsKGXak|V%sXLg;;?H)kt5@YLsnEMj&h!3}IpFgs
z8v=@GL!mOwb1z0F43b@201W1i&#SBh^Mt_f5(_nx-ONi&`57x9U7klN2b0arbDX|$
z(v6_Wynrs$?FMfqBdNBF0E-@Je8+WGn1+xG!7>4agG9>3Jae{n1{k@%W@~O{kY}Jc
zeseFqj0r)6&9m&g1G+1GwmO^zh_+u^6T=+pf2`g<{W#wD9V@=Fj`9wc<tM)GpKD#7
zDz(=a<)u~^KPR$#5JSu?77V^CRK57@GXMY}07*naR4f-v{7)kYqm|pIw%=GtGqN2D
zZ$kU`sU+>Z`AcoiS0`UE{A4Xk(pS{y+4OxpsHGUdb-ym|5sW@P(!qn-{$=JjJeKsZ
zmi;>SR08y|<O@}--|S-=60#7jf{M5&|JG<2IPbzJ^EJ>hUViRGF+fZ0XW2Qj$)wr8
zVQbsgHoiP&#XLwL=eY-HTg)428}sW5eA>E$T4yjq?v!WD|Cu+*9Xp)+c@4)4bH2z7
zK&P#n;akSsgaNz(;1tl0xfykrxfOF2>$=P>uH~*WSIV|O_Bq<bHKV#l2iC)`WgP@S
z0oJ3Pp&!<(`uuoyVJVhvSAy%A_1~(uCm+WD9WU*zUviYUr>vjy^&hQeeYw`tdzJ}Y
zN_bB2dRNBsBn2%`CZQ-0TX4mjQ&r5a9A_R!8V%5$Q>q+Bnr$v#ts8`{vYqOZ5-CiG
zY8&|M>Dm71mwUCvW8dm8G5oE~ZbbQ>2KOr68!UYSpu4^rY4~7Lm;;dY8_P4y9mpl+
z?@W?x&X|JFt(3jW%Dv7~(EkLqt@gQq!=QEvnkJqfy-%m=J=`?xP(j;giJI>D_BO`R
zXV3F~We&#{8d$kS)x6&sg+DNJF|RC)M6cTGp0#zx&al7E4(u1$+G^u&6z<v}!1b}7
zF;Wbzlrc3>p7%KTu>O~Eh`G1?p3blIef21$qr9!<008$vSwH3LKU}T9OufC|NNc;2
zYxetg&FnxA-Zv=w3&x&jo=Y{u)(<@K?LbZ;4xqq{029_|#G*f$Ti~9BD@^vA3J+~z
zVxGq-OLE-|Y-m@+Ogb$4z?WS)<_mdL`&PEdxzVJ-gQE3N0F@i>8|Y;i?3r?Oc{rG4
z+oqsYqk(0=2n-j-$8E0hb;3Tjt8FbKknoVq418vPRr^nmJV6K61LM$cY$6MNkTcul
z;}h+n@t+u4ug60K&PMRsY#U@1nfZAJ1&lP?c(a_Jc>W9=lu(W)edl#{QmN~s0rUe9
za&B{7a2*bE5w2feBk8G&+HdG6?^Ky+fup>$W%<cxzgoRLL29quzolU{<4<KmWgGV;
zWftBi6nN04Or*)|Tuas~C_QomjJk|=&6HG}*Pit6YHc~y<5lUA@z9e1B!1LzJUi;}
zP{(@OX>EE(o;XCWx=^!z&uLfuNsmUHyjPj9PqQSp!X5<ex&6Lki`MzZU4D5ekpM0x
zo?m#3#Yh+xO(QV?M#zD*ENS;tu%~)2b6OU!M=FO-`M&XfQXU572jh^^<w<?%c{aNi
zj9Ajt!kk0SOWd2=*g{4t{)N1G+Tsk5fQ8EEnpYoQbcTW2-WCt-4FC++rVPLege=>-
zA0n0G)%Ni!;R>wx0+ui@C|?O+j&q-D#^*QJm$LxSNv(szKkYIs+av)_r16wMX$vDQ
zzbxqqhw*>clmh_VM`iiRXa5`Z<r5^mym}2=aW5woF%5jH_ek2e!UQ_s7NKtkqvH3v
zXkd84VDXManV1JBnQ;NIiDzZpe|v5iZ6-vnS1M=V2e660kQ&ZsnfF#02q-VcdgJ)h
zLa&nYjpz0~ULN%)Yr@y@f~|=?{>A9P&<)Bln3(O__3Et9eM{DQRb@N?CA6U!m95R!
z1~_OWLeBX=4KC%f?Em=cUH4M^vKw!oyHc%tn9DGtx#K0CecAy{QqTZiX{=$G<M|;^
z#^9UD%o(8+EoEhLbzsJ%+`$75S+8|2MSBxO8z^PGekcGvT&v4l_B;!=d#B6m^J7i&
zT@C)cG9NImls!WYWLbF1VLWr?8iHQQwRft|i{r3sIPt}jp1i32{zN!Oc?Ze?0Pe%G
zyy9#ASZ)1GN&j^J)|7}Fob<FdW$22f8){D49o`!~fiyNteWu4AJ=R_fmV2ZP3l<<G
zsmpaYT*EP<+UupllK^b`4kWVQt?v7GmckV&?@2FzV&J568+lx9X$uT`F*Y#zlo1Vl
z)L-5&k2W%2Bl;BM6YVVFAY4liIFFbn%Yxt2(9e{;8!aodxx?I)5;~H_o|h`~X`kb_
zuCm27ymC+e3;ADUL(tE%U3059!N>`Q7V_}ZDhpe;mGx>5X}PRI2GL(8n+{<>1Leu)
zneonk)9Z&}=etKZwga04UBKtXdUeCherFC#tNAR{PaG@XqT5y^ZC)xdb{%7$p!r*L
z-sk_Ow^GSb-i|VZnMZjSm-UnXev{hYR$soc#O&y`(8#a0pc!i(_Sj1U8t1~J0vxD7
z7+a4KGKN}|%2F3+sRO0dAF<)9`iy8h@5$edMlW@fZpQQ7s6_qV)=*-MRR&mzWGH&x
zp3s)cnTpU^n2_VvR=&)Jef1Y7B{1_uO4LWiKG4b&c7SpVnYbr8T!T5|d%0Vm96-}|
zd6dvoGnoOX&|otB;d8UhTaI&pj;m1~K4+sZo>wy4BhP1fNj3s&t8D2M>RMIi$dn1(
z?&Axl3Y&pA`rr(34z}8cVa)=Vx~#Y^a~`A4xF*LRb2&hovseY#*tnKC1|VNTC8^U^
zNq=im`^V#89Oa!Y2LQMq%lhPRe5TZ1AoaVHG@Qjd8<mH7P+Z7TUF>B)yi@={Io{Vi
za|Z#^Zd{ieI%hn?t752t35~8e^BJ!6Cf<!x_@y7LA0B7k2QXE>i@vGWLwUt_tMxsf
zxxV#whA}*CFHZ^Z#<7iSXlQ7J6Vw^dE6hu?=T4M84K44R8CD+`2c~&Dfn|V?iK3<_
z-4_**nt%bJgwmcIAdK$>9CNO^cOP}F%lKV_tz~R`$^g&yXZq35*<1%1SP#V@&j70S
z_Aq48&_8DYN;@WXa$OYgY=Cd}(kTZA!>$ZG?-J06&s?KY1wsW38ZgU4oN_I^NzyZy
zzPv<7xlhUj;vVI`D$7rO_4li{PnPsrN&7-6i!f+u_W;|j9CAU1N41@w?M9pwHxqoE
z(xnk7Nq2a;5a~(xXhM->jJWUgeR^#)xKLCB)u;WpC?`;do)tYX5B8aLc9RV~ts%@I
zfE^k{umbVC@-BrNyMhfSfjI=lkX*vw05du6ru2uf0F52)Qy)*0Eb>6#xs!ysBMD?y
zRe1npo-5qz<f~_?^aleAU_rn;GbCh)SdSY*hSG|B*l+ybz_#T*tA@Fr@{+9~ure_p
z3Sd`lYs}l?=>znHoTf&!&1K~t_YC}IXaa_P#@u<>B(BYMZb_tkMqZ2YATvb0lwcz2
z0dVQ<ch%NUIE?>&TMhtlKbPgF|MopvPamh={?+b@nsVYoDqe-4z+ue7>m*H0s**9q
zsLKse@up9<fZb4<hgm!i)xVj%72k(K&U)jB+okq1u3I68A>nErpOXr|TVfPE)iBO8
zdYH+W9Ft5)!?pb18G>Ql!hpe0W{edF<rEK}h9s_a00-k#<_u&S#*@aHGK<{<Y0%^P
zW%o>ZK0A%^01PJM9@m%esD9kr-DJeq1Gg|Dz1G>=4mg)}lqC&uj-LS|XCkJokL)__
z@=mJTSR=Ama=G;ix=Q<)OM*GUc|edx088NG;hVB0(%6GCrvdo57Wv!)B%<#V$EAb{
z4b%+bswVa2)oT3-%X;;zI?8=oF1a8_xsS{G<bUuet;-Ke?GuY}oxL`-D6mkpSdd)Y
zG(;sHXUIR^AQsQ%8S11klhWQ4Z^VA1o<ajdd5}sj29gF2@yp_snbIh9FqJVC%ftg3
z=*ci-FaqvjQU-2#ok}NQ@LUPDd5{U)W=10wKfFrzm)DeCBWO<v(X?96r9JxbTL98x
zFl>yRPR|%Jf!)Nn;PbLQS7W~jVtniz6gzdE@p;T)8e<=$q?@t!vLD7qun#kE?xC@4
zJ9Z0rXv5oAJmj^?#}9qV_S|HQr5YAtf1Jj5y^(!#&`)69C+&tV%YJ~pNPU9*f?Yqn
zOnv#BMeTJu%6(oA2H*iI%TImPA4>WZssE#?Q7L8OO;X`SaYQavh1J^@Dro!uXd3%Q
z#n<=68g1jLb_5&4t60&-_&e%NgJ^UlOIwj)ZOUmT4|<3mKQ3O@W*GQtT=$#?56fbg
zY-1Wncw9yPmy99DF6t!UbHlvUdam!-Jl?*yxp-fgPboY6JqvmC#m2GWINp$F%sYfX
zNZtB2GzUNn=NRT$%%Ng{wO<?ZA!y3+X|`v))xIYS(9UcEz34(c%dTH4`{AqyWl5Q4
z-5Xo9Ua7niI_}Huw^s&2G5$lgJ&gZA-?#c*hFk!4`(!@we!kf-`-k-)Z88C%DaM~|
zgMp`RE5KvHylYZlo~yn*{V@LbU-4ORln0=!pY#tuS8C5!yS}@4aHQ4fK{!+39zZCu
z^2R*v_YR)4sxr<x{hIALaWY;WAF5IDlxIO9GY(GXBMfzE$K?6>4Ev4rG~<`Uv$pTU
zgZ5-a%7e6Q`Tv3kmu&>-;yc~b7*N5pKQzj12N@xw>pQlS;7<6BUb9r^iOgtVT-cv%
z1D?t63-v!6XYGbK`r&yV>tw$9^U1upEGgeGBuV>kIWRny+Q%e~_{1=I{iR^;&}&Wk
z0nkjDBGe;Uk|OE$zK?Zb8C1bkVb%IRCT?6kq0nDS=3c#n3uoYRhm3^^q&lx>dZjR2
zef->)KUQy_zo`AFj&i@20{}co%K9IE%VQ<ISbh26qEu2To>UU)25OFqD86d-yBR=8
zZ{NI-;(5?m+Iza=nlu{ClmV6T)|TbQ`FTUeHtI`-v`*?LZ3^#VmK9Er5j!G$2ZW?)
z*1apZkP+KWn!G4vf)KC>EFNN@L62ug0wKLm-+ssw4H;4(2y<qn<R2{9jk1j3BB|);
zkFh8b1}X9=9ko6H#FAxlk2Y^7xX?ZyIo901ne5mkYo2na!F1qLw$B<6EZY`s{BleP
zJlFbn0hDftTcyaEIOlWA=Xe=g)ipyF%PIQ-2=#g&x7(Jn*}x&0BLbPMn^kYm+>bea
zwfgee$H{&VOmS}VC=XCs{<p7qm3sRaNk3K$K+xMv?vqrMYAD2{irc6hgzFeXma4&z
zlC<Xbdma`7&yN&sC{(@yE)|PiQw-STx!irgc9P~Cs9q?yP?Ux4pJ3gY*T!cs)R9KK
z?Xn5aws@4$PPPxqmma$tHG+og$fDowFa4nLju<hX<<||K{{$HF#X&S$1Ox8<uBScW
zuE;c4optYf^r4&&-}W(^F)%dr1Q|3iVVnZQ<jH@Y521QYbvz^b8z<GJfkJ<CKEq4C
z#156e@tm1)oEd+%p^UAqmjn~7o_5IO)=MlJ=WC2>yT-GmGH*j}%Qh!smxHt)@yq&W
zxeA3H2zl#8Qag_IeE`b=03JkT`I#^OBlY%|)!Wx;z3PQ_bVEtcB?^spq4ME*IDMC(
zf{OckSHAQh+o~Z>ELHE4hK>fVw4Yug+MI7{gV7l1P*Ty`wGH<L09mg0=dUy#^xnfj
zF*92GZ!{F~KMhZb4@Y}wpdq6K8csoDJUv$;`ow&QG|W5<s;PjglDJ1XQNaViuu$Hi
z#7l@_LSYXe5bem%o6={D*q@uRYRu0JV=dKy#y`GGA-2MnIfM1UZKH$X?)&pNXUck7
zCig)$CGQ3GMgIr_xMp(907gqOqfBSOjl93@aL6fYwI3mq06^}!6I5roFXjY+Ip%F1
z8NO7R?{!~G{mZ5HSC_uLQAc^e%ET=?%7dY-pY)GDO?`Qx)Zb%Yv@ifHR4!EN#gItV
zAjMaqP}~T@P!z)l#m6||KzXVvNtt3V20av#gB(x5qen%9xhbSnc2J5l;847%FyOZP
zB4q)kTs#`>$~=uJn2T~|0=*wu-RK|VtR91P`gNdfwfE190~u+5R@NnzF&OCh$yn34
z5J-49fn!n(k^v-!aS9s&dCuAzeJsqzL^jU$<h<F!I|RxZRsc}Vx{SdpUOi-2`qTC?
z9>&$=K;uiAo#2M+^CECio%0-1cL)eX0$7z@CY%p3M-ZN1f3xkX>)@<oeqX))l|}7m
z#>O7y{w@aqco3KM6Tj^-l3pzJkEk9H4ByP~yHfJxrM61fckX}tG>CZrpxoQOFWX=1
zJFp9A+bmX@?KETHu~iy(e{HK9B$j-JDY)F4WXX7*IOm2rlJAOffuSn>TvX!E+)By!
z3Pk(LUT_$I0#KmDX|Q5U7^kJjH5d%YW;S+NCh{ymg7N_fB2dhF<9Fr~Y=$?V)hk0l
zW+=wb=TG#}w;@Iu3^PFh00x2bbndFkW+tx$Bmfj4hZ53rnOpvd&%p#*t%8*7JAgZ7
zS3q;Czq=zbjIFHS4pL(L96(MO!)WJu&i|5n`%f0N|5rzOP?U+gaFhp2S$_6QU!&eW
zUVZtFT&xX?kqb8sz@}W>V<1JnZg1KOW1e(AlweZapmigL>(n<Dzn?l6G@w+U!4Lus
zR>qp`cRv&T`~!?Bl{M~l3bI{S<3IC)ywDIVVQ8dXIiC<Cj(=3l>%8s+Opqnp?^Jsj
z+En7kh|FTj^uVPZaIw8Hr;-9@Tg~7Wk3D`fBbz`JAdT{xu}<YplQ4+Bo1n-q=7WW^
zax5|5I0pyA&3@Y4;m(wj+kkrp85nE87g8nFZooSXeEw}9GyY~SNWS$EvTz_qdOojR
ztDFc77@l)R$j5+kc6P5OM|Sn)n<RbGVf-Il<$}gL%7d+}pZIN`p}u^Nq(3`7<YY<_
zqr?k&iopc!J)@cZO@8hj6mKoO8Gkm~NgC8+y@Qv#j?d#Wi*bv#6Er}X2e2r~g)&;%
zl=#eJ9>Ns<T=TTfH;v;!&(0}g%AMB~Pml^0<H$bIz(yf(^K<#5e`GI;tT8U0$mZ-r
z0WM%doZ2qq#kO)D+I+|yfMA5;{D2MAh4I?6%#|ML^n85-n>o&C2gfsI1W;FY#}LF3
zXxMr!b+-EAshkS|#>|+zth=>8Whcmd-Rq`o%k^HTjrTDBwac6#x@_wrssE1J`uWRx
z$4}`f54v(N01uI}{Op(hxYQr3-d?&Zc&BV>D3LhEh3xTVF7!en!bs3tNM!|&p_w<A
zi=Rpc%7IENytA2?>wR?ZE@Gnt%@6O1)N6V(ZTv2Q0pu9otb>)j)j<{&w|PqO{}k}F
z{aJi1ae|gsjdEduFkS=bV1Las%=bfJ9N5k@rep-Vz0|0wY!8%1gH$}v0E(C+1RXB3
z!sx*8a(*y;kYKOZgRZ<^*_OWdF+S5^CSyj!scQWDf@g)C5ej35e%$NEGJzJ_Qi`vs
z?YjWeAy4=ESvL>)8RGLc{`q=oe+d$S8P-VwE7U{%#gZO(82<-vaoBj22YFea_>Y^G
z>;GDP`DXQY*ECTn_l4VQJqz7Q76B-Jh|$v{nKfvVv~{z1^SR<t(H1Wp_t4{;#Us<B
z+Ukk+#=FU{5mzq9zM7YPv$o9+JBt1|jURPnpUwEYVe|W#<KR062-M2H{L|hy#=<?f
z!FNFT-u_a|_<HQUgdoh=41Ei*$)rxp7x8#K>zFbk+vhSj@%)TK_gWw43&*1L8w`ds
zFL@c*CznNGI-(xTYiG8?`{!$Uv(3hy#P!z*C6uv4e|fxjq4}j@y!)bjWjEQA+5DO@
za}^}KQEGon>ff`hcU({$M|m)m0{}ck%lgEB^5I&pU#N9?Y)J;18PS;%E(!~tsVmJ{
zf?P?&+n(vMM5nj2Ez7w7-RmfAo^_s?#uKl{>G-&3cy7o9Mx$+~%B7)%mpHH*?Xp5F
zlqqEAVGwUi8o8@_Z!t=O0b8K3t<P=U0T5&AMZs%)wo}&y_{`Xc#p(ornvF$_2R}2Z
z)QxExbAT<%%?<9b*Iv6}<Ext`jam7)hg3NGHO%#1+nQ}-v2k^oWk{o2od8J@Ziz#W
z%B#dDb8$-hN0|ZXtzB`_C)-`vr8cQE<@di!`p=g2>e$==5GY3o;2~O;d;Y6eYh4~M
zwQsEos@r1SzK@LSb`9kPWh!k-Y2tBaT~u^&-KpMB<v2Uf-<3%ir(^=mn<?J-)~<5)
zJLqbsvLm4|?=dh^lC(CXOyl2|N`o^&F-l2rjKcQ7lgj%IfGw!kJ$)K}(%B_cG4Vu$
zuFtN*+nl{2F~*LGZ&9zyd!5X$FkViN&x|CERM6(-;GKqNXau1Qd1RlPhPhdi()xaU
zb?HO&gNAOCZJsOOz%TCU^_bm~`;h|P?<HfzF^M)3h&ZbfMxMtVXM*B(eL0lL*V5Kz
zhJK<AoM$|RFxMr<&ddJ1F7<CvZ%;go|3jx-aIuc^P%7)k|4&bq^u21=?>#L1fm$~O
zQ<AD8foiSPe?j|Q6+o=>Ixc##_FO6;Dz!rEV(Z@U*1~AocKvlEW6|(-4IU?D<6)4f
zk6tokqBHg)K9@e3{F$I8p)R)3k|`Z<c%q#rGSU+*Mg&GV!w9&SiF5-4fajNxlNSK8
zV(e~WIKnW~>ts@0%E@HwM^a~A!h*5myjPWTl=ZYfn{$}px5&yuNh#9+7&!Qczs<r|
zv+z?1P1t&4y|c3icsLYUn*d8e@e`zHc%Y4KB(oIq8^RP#QvYrB)8{XJ`I&K`kMdwH
z2Lo^ml;s!xi<e7!oci*8#ZxRwP%6eW7Ik=D>(zeL=St-UPm>11<G5i!-Oywm+cV?Z
zP&#>(Xsh=`ds7KI{cB$2dIF6chO_T-pptV1n+o!JuWyz>w_f4i=u$t+rFi#bO;A@b
z4aLZ!ZfQ3xA*13sLypmwly$FOEe&H);;M!;?xo==hIQTBA?+cAJPwxNVq%mymY(Pr
z?R29&gl5c>7ycEH!0l@Wo;+MYwxH~sh;?B*A&L<`?e(ecvM=+8|GEYsSKdg8HI{P>
zV>`4N;}LR75C;HD;1}=T;JwK*VJyfbl^l`nyCRp9)R*s8U;g4@{2!WS0?m)|P%i7o
zedlMW_5V@Qqs#U&$>R3HcjmQvd|#>tms^$!Mcp(S0Q11}JM#`pY<uE8h4)W`D4jt|
zcwW9;ZWbSQ+LeYgl;iB}fP;6*I>CfERXngH^z;oZ4c@YWg~9W*EPdaxkRF}(@A+LZ
zs1wgW#$)DfmwGG-wX^}CD+(D4KCi_7mtE%NP%7W%=i}{tw((|R8=N&sFiNl7!Jma~
zoUx%t?Q&)P{LFcquj1CYe%S89OkpgYC5w4JoYdIHF(E)La?AUEQ_^2w)~i?OC=c0k
zFaWn$S$^?v{J8q^VOme$q1OApfZ;9i&>*RL6;xuy8-d3a+nxqRWC~{iV-Ox=#^s?<
z)8nSs2QU)Mg&Xt1lZDrxipttpV!ABuWovIsfE{m}%wS~(zIOShF|+5ToF*RK0IDFf
zyw_yGqkWxLj<J+f_T^_@#8UenMui54^%YOp07X2D@oDz4039>X5higXoB0$lngl4t
zV}|D)e@9+JJl{h>*)M<)f;;Ay5TwLmSuuaPJvQew0bz_YjBNH5^OpVcb;|saXeST5
znt`~8{V(f<<DaoEqF>nt0M|2ET-DZZlJwZa_&@ZEYr&)3LS=oz^FChE^CkU-;w7eG
zhLUuzRjLNov#@7|lJV2@UYgZmY(r@<6_3;X0Z^6;o~{4}nnptd&-wfi?Z%H@l>r8N
zMhT$k5xW;_ASl{T83g_7@?d|8?7+tGTE=TjJxzn`_r{>ltpb9OJsFh}2X^K`d%V5?
z$J2i36lE}s$)aICBw&gzGq2>Wc&T20$T<75YC7lpsXi;i0jE(u@x0ltn*dH8H!s^c
zm;JgKOXaLYf}ZHFu{UL#EI}_lcdYeth6jNKivg_E9j9ND^sJ?yepN@gCCb47+`?t~
zr7!*kwf>Qko};$DW$@AmWosTdy$WVlGhR#PAP%iL-Pr#w4T@uURXvVq%aCOc?=)ik
z18ojvRg9t0(o~$jU9Dt+GpoPBy9)3Tr_WJ#2A&w_r+1ceZM$JA9v~ETDDlD$2w;Hi
z*Y1gyGYgDa=uKMh*!#+Hh(1K7d>EGDj0s#@!V@uWn=#@W;nL6pNX)?C5JH0dbKJsP
zH3O?w$Gkju*=58M3`XQ|l%&rS`mxEYoJRoJW*9{kK;#%1U>-oiR>$>Z%?uR0#`zSo
zDn|*Ut(->z)>4Mv57q0>VDC@W+gD3^{9*iWt#U8`w@Fz)_Pahz((@#JoFsUP@SGU$
zP1+rvrsooP26{1s@Dhun59NHS^?F+*C~$hGcT7B<NMa01o5^6&9(#U#=P_hnpP>uw
z3e!Dy_uiewNYK?(6?2p@5Rrwyedm;S>HoU7?fQ;=E81*Kvp+P{7@q?A$UX@FFC!D+
zXAkf>F+P4gE&*M6>mlU;50*53DF#mY?AaL;&g8gvJ9|a|13wcY>T@Q7z-(Y|V%%*#
z6oz4w0Yf>`&c=A#qm*PlL7p<8)b@FjZ6JU}pQ7*Qu-i{d`s+(S{VN^imMaGXaGR9n
zm%r%O)z&9T`kRv8Fwn(}ThgGX=Z~yqZjYkpw_l*5?Bf6QQmE|VEqdIZ33|aWFwS3M
zlTv!<aXmB7-N?`ASH|>9te4CKJ$rx$D)Pc&kVR;F-wN39#6JEHCC>fuY0%8Dr5A_4
zW1Py-u9VqQ83clr!O();NKlApF|T0n;NHf8%>W21*H4}uvhX>=KF;Fx87KEV4hLio
z5V_+)+8GIe$&v@sFh&^9va2STF92YUNgVPM<52Qte9jXj0w^;%GQxc&yn%L-iK}4h
zk0gDO+WN_d@xOJ8L+hj524(%&?|L8g<r~!2FC6H6o|rep2J^z*<DBiUk8&}#2*noO
zZ|qU#eVO1kiJ`L2xQE`R$5SO__e0ULE%cVcpwkPFXB3Z1`*&d!^0YQk(%BcwsE<C8
ziJ&}vKYRQho}zovj6;*zDaMapC!WLHkc^#QVQe<znDx`B!6-WQ&M*yu)o_gU%o`8D
z)FI=L8Ga*}b9S&x{Qv+Li%CR5R2gPf6971S&g=|{c;=8`DNX02%a$xremBYO;JQk{
z7HvX%k_9ssiolw&f6jx_U&!WM$13TcO8viG);s=S?95SarE&m(+qkSB^Ma32TfbGk
zeY~WqM9yFAM(_F#P?J<bP+9|(3<EG#+}eM4x|`pVT_}o<UX*!DRIW_gVn~6%&%zHZ
zB{n_jLwJV%mOaww0W3=W(f2U6_7=O4cU)Uy=j&*kBqg<64sBsS3EVI)1Mrv_6NVYQ
zq>=J*fFW8|lgY%0GYr5tR`PGkz_&vZY!raRc4{)-R!4?d08VEzaqw2a9T@}MpU;eT
z8gMO41=k~)7-<Y00T8SJ4P`Axc0ZE~B}qT6zI@rTUcFLBxh={80B-ZLKK{F#)ILYj
zKTu!ZU(&7&X(&AYogN}7<%tJYJVh#ZRRcCq*m3=)_?H{itId1RR>pS2;0|Y|3*Nu>
z>!Os`*Dke<MTtB32$|eCUy`w7GrD{wEo0>lC@6z6VDKhO{G8WvJV-M~+n3!K5AP(1
zDs1etJu^?zpXqJKZ+ruxGZdxGG9#$bxW$&f!dQUOqHJ8I1@OUu7a%kPjuVjKeVqcE
z$#}(mxmGY23!s>>aR!zgoRxVt%hwSBz;CLzuT)=tc<HAJb#jzjwHyH8D3YZ0@!x&7
z)~m0Q^i@)O*i-?zvYUYdSFFVYp>e08CVOzf!=%D>W!peqOE7TowzGZByf=-C(P`|N
zXGgl7G5A5z_gx{oq0hFch82oJH)cW_*#)*cDEnXw*j^g{cp=WzAou#&pW#L`WGwA~
z#$}xSjW%$M3?xN8k}`A=Cq{a5sf3*i2v7L4DcdPX=;+ge5DVueyy#0npyWR|sO@K9
zIJ}HVBlA-ZIr7i}z;(#VLs;3h345~V1iV45f4!t{U9Ru^(@|JQxz)=70FF}1`Z3@8
zXi49we)`-J*QNI+?cYhG@pR=#<KR^CdfFAD8;b!z2!`oYKL>qI1KizEN`rx(8EhIb
zPad3|l30udm(<1-cwC;q#ZObrFaZoWjYtW(Ogz@&?OQtv&5m|1FfNpPJg)$<t$i8d
z2@tbAW43QT+8b^6HcxXcD3c3wD%)n@lpZkeD`Aplr}*iCFB34y?D?s@FMvnSry<bH
zXQ_^Lw3S9aj`5u_3%vejc_D>mQJ3_+QhWAtedq7$D7S4n0KieEW&P;?`H52dHmU!m
z-S}^%B((AEf>6FvrT0DQuY6`K)C}S!Z{70^N+O=Bkxb)bN;ZrcWAB64ABK7ox4o3h
zaQ>iF)Wsm1A@eXs$Zf{943xMr5`|%LPac%L8>leKP8&~iEG!H&8yB{ZW9oSZ1#GnX
zEE;R}FFofIynf_esMS6ViJ=&a9OnsJ!S*|-yeYH8|5fYt<UInIGS|^=$|1v1Z5#u#
zAsHH({NCF=YU`IRHy-vcbd=k^xT|oKqezmLfAIzPsJF*!J$<fv`@e<@)<`~TyXQ#5
z!YxM;OHHp4bbOTbv?s>@e8K*GN#Z)~zq#>`@0eu8XE=C>-*d|xyj`!a7^96cj=D1>
zKrb2Id4dv9==4m7T>{(n%XO6#x6x5<lu3McdN_@88)d+@QYIYBQZV-E<<E@2<zmcY
z+fk3dG0|Cwd>PT!K92eIq#qu72pP_Hyd_<UBh&96$CN^(<c=gqrHzPuSrj>vV<KNS
zxk{L$9AoC2t8(9|47nxBm>fgS9Jv`bR<WGhTr+0lH~s#C&+~cSuh;widLPg8M7sdv
zJT#i3cK+Bav1L)|j0NB012IgG1ZBSX-vaoNxHa`Q;No<PoD<6jpo@;0b&wAdyls#<
zFB|QZ7;D?A!-~l<ggljhrqsl|A4gCHY7u?&V}Aq!PsUWVre2Y{j<Y(aqARp5IJ+v*
zY*iZI&+IBv3vaQ}$4H494^?@W76yCiTX5(^y7+kbP00~nDX${-=9(jDhQ{IpfgX<w
zmHs*LW8vvrIG>10oASD~V0I<-<O5XjaS~bSz-|`Vl+tiwDITSyyRVv*Q;#sO9@Lo%
ze=FCO_WT#>*oCnQ?<*pE+QmB(<%cLD9rz)kP=YnxV-Sk#r$a!^x}(AspPWjm+e=&Z
zKI#L=T1zcsj_6{KKk4n)kO(&3D;vdEI{1i-`xMW6fgWqi#7qoU^`T(rAD5oN=n%Qf
z+ht}iAmln9)rBZ&6ye`IaT&8SZXt!BFkB4@_w@_Lck0bc{RVeU*!g{>52ijSf^6P`
z+jax>X$nTPrE=`7z>l`EuQiTl0YA=5_;{YKF%hOCNjU=LY6y=#wzX9bzjtjh1>&UZ
z+kW<y(i}@IjFO^7L)fnXxV-7cKYfs++0Me|S$Afc@Lcg6vbaUd&Ig{?-<RTVE;3;(
zxnwy#BnZsVysgJ@sG%3U^bF;KyuSS_B2eL1jr-uaJ&VKyfVATn9jOg@M2N3LSRAj$
zw!P}9!I;XuI@NOnH<kL&B5nCHw0mSr?v0>L0LVF^&_@Hw7LE@d;tfs;`z-GU-xPH#
zQB7U$oR?fM0U^-D5sH6`ew*@>C@FpujW7nH`yW3(L7iqsR?*@;=COXN19SwE6p;RR
z;T`VG@512w7-qKDDz*%SP(%31l27`o#N2mXIcW_SHRD!1=^OvrGvjzrzo{qF^8L2?
zgD>qDG8~Sr>&J~T1~i`~C$$zQ3{RdRpm!Fi+k$2j&cgsCsrDryJdeSaweEnQzmBXC
zU^}J~8kW>voMK?7UKq~hHsN(g-dJ>~<aS9$YTT14F7+AC%8aMIfF(Hq34TJz#pWX;
zppv6@lltvA@ZFcovWlE-O#m!m1V)D$5$fy-RFCsS1*q<kcbZ$SiCCb4@4)xorM29F
zhmLDGULnPDNb+B1+<Dcs7#-rPK*%S|MwVE6y;gB8W<O2W+e6PJl?|1Xr1kkyWNdgv
zxgAE|sNa4q>iBGq=iwuvykz>ckVh|J{JXfFd2`=M2h#N|@De}-a$_4c%uUS00+fJD
zv<wZ4T$#ZOKicra(AY{PE*w=fB_o9$vx80^>f(H8($4+1K3Fd5@_wBI%Ki{JNfe);
z2LquEtjqCVCk15m|K&h-CRHZlr^^b7XPj<bR?nYWd$q$n4U>4!-a^?FDWMkbdD0Vb
zPP4GOiM!4Wa5uTmd*WhD*f*Jku&kSS*%kDsD1UfploVe?>Xqk?ZtCoM({dzIg4#mh
z?iD*@wS}$1*=EA2;$&7?-u$w@0O^_r_wjBE-_&=`8&J>Zu`<y<_hUODTv9dr>^H;t
z?w2!pyn9s(1oBzILp|v78^sqI+JiI;!!k4lD+@;zQS5xR*4B5EH~BIFY!XBV$I0Z~
z|L%@@uFzMm*4b+tooW8~(P7yM7o=d+^zAisVD+)Y>&4btYhHQX(`WhP^&jV3FHe8t
zN&MXhK1-By48O(StrSx`e)d-l$Y=D{c!yg{J4d9(y72kT2yvM+aIv-%X<~5PTX{kB
zbA-tkfLhYLA28y3EK-RVR@*O{#j%oQi!ByjI-Rl6rN90AJZB1V-CyqOhMtAR_8RWT
z<{b(Af(Xr_d$G}pRn11t&^L+Q9THs<EaX@pA%{Fxb89E=*28|PwIMxu0%z0IwTy_U
z$<O1WAkkNQ9^vOB%Dsi(Lpq9Jv$~l<uJ+A?Jadi(H5=h#C%M#h$vW>uIK)6(_s4W>
zgtS%_dnC7P);}|An@5LCN?aJ8mfDFJ6}hzBTF=<Px3$8R?N2TuMBw}*18A83tmNAZ
zfsk&uM<HCF&s^ZqxPZb($5YH-Hck=P^w~7rlm;)X+K$GL)9V#!w;0%G8HLU9EZxUy
z%4SggwRdlOG5c$QPDPUx$+Btb-g`|PCKXe>wa?VfV3jNytokrJV^x;%kY6Zp=Y^1&
zT^y!<OIIIYGXH1s0<Y@M4tT$#{q(U@Re3MfExN3HWrrR;>U?lZ^$**{goYv0-6oOt
z-ftrABC#petfPW}b(`U&=hf-VK0JH6^!|NwBlI@}=;WtLex2)YxDX8%38h2v_<wjB
zqAO`P)?wv{Qu-#T-;R7h`oeCY(Wl9p{r1b)ud7UkZ-iBV5V}6hGv%1%OIsIb&)ONd
znm5BPCsvD>AG<fXj5UsJ%R3)K8&&}xAO1HXKi5+-NYZ6h6)kEb=Hk)cvzik+7*UH`
z-cIP{I+b)u&r@vbU>e=48iGURn3?}3i=3r|-O}uyx6HfSnA^QQitf57LmE=ZKXDxx
z$Tp6^8$Xo&W2T{;Qpvw{O_ihmYxfpk4OrzI9%1K2D49dHHWSHM6X4B0$eiq7a_aQa
zr=%KnF<=KTC&lHl+NN@`NA(3|qNPE7me&D=^z)hER@&~>^s%qW7(9>rEs-xuYO0Z{
zg9>BV4afD#c^iSK(%U=succFmPnm68H&~xHdPa1=B^2a`j)~Rm5ZnnUY*)(%tGj}<
z@Mo!^XmE!hXEcw~P4}&WNX_lM0#Q%j4-57hR&5$jDT=g5c}-Z0uvf4!q%C4PfYOoN
z5tbB?mwiM;cF<}ZbBXJ5!@*PA>J~#E_@P${cI3pL;PlQ<kA4=rylx5zraTWCWbSpZ
zobL(dJmzBgzM@tCw@kG=6CiV2&e<b!7}PSV9(c8umTcrNi~n%4|1^nb9mP~@ZdYsm
znd8z49eginewOy1z=lse>T@C>`cav?k2(~7f=j><ZF{JS;N&$;WtD%t#f{k^@kKjg
z<=Rf45R}b7!TaY~uA1h0L^w%Rcjjj)&GJuXR#2zPmhci=?L?#p!3-5>`+R-)*K#NW
zJ_UD1WEZo$X6Y-MZjL=RKVDcbdcM4dC;Z`tCFwmImmWFBBhLyGh|Y0&osi>X1r1I4
zZ>L3Zb+<{rsX^e{{_?ah1-pZY)(iQ0mT>vDP3G6uMfdH#%FabqG8@lIAN-)0;O6{@
zG4MTXDK;?ng35pY#>3_=)=6d2w~BUN6X)V^9mxS1`=v)I34dQr#FFux!6!rkEG%n=
zetTkSc$ME>Qj-2qOVniM+&`C}kyV^rLR4}Tcf8YQ&=MT9-^Km0*|BBsO`MS>J%nkl
z?#BK-%AeUDDtTInTdUEV?Q)Au;I~gP+3mn=w-k8I`zUEd2fGygXKcu%liXoLHuB41
zjy32zAmNVO@v3>1hvJ(26A8TChu7*B%R!)j$?#pNB?W`f$fFEnGatAb*Ww0oI*_TO
z@{DJ<R-#+NOb$M%hki3Oo+ylO1vj5A4hfP};SyJhzUYC~_fHmfyqRba6doYdA}&p#
zC^k7(Y>ND*j99|R#wM`&298-WO)F+C-SX6`-mRj2m7X>??QJ91N^n&m46ffQtfY5Z
zWiOYS?Kcpk{CbtAFpzmzUN2?g<e1;Wz;9+X`Q)=UkE`nM=H=8J#2iuy5U3esb;uGr
zlrkgp=N?k9VdO`P`#}BBxx)F4`Km{?g)ISck<OQX=(g784!V9npktpz=!o;{iv6A!
z!*$N`Y#zimqxU%!HwKRH5OjsK?EZ_14RSsoeef|UbMd6#{U@DV0N={{y<1A_B_#n~
zg~?pFLGzcYa(d*=Lsuj1OUqp2*?IP4cqfJ>*CeC=GTShVsvWZ2QM99KG?cOZj7lUk
zt#8_NY_xh9+Ti!!iKc;*;_0FK?1>Kbu-==)pOqi}0MqqzdPZ6XqMY+UvOAf&o?3`}
zn^w=Y-b>gQ3HQPmdxHR7zCRULUOMo?AsTwGTm^r<v`Lc_&0U?Iqx1MEyn4ecU%>Al
z;C?B9j}{v~BYuhbavY)K1#+5W`1Wix8-x!3<+8NXr1s%v+$t{zvV2n8VI?>-oUOO{
zu|=oLR~_6?+M0-mg0u4-`9*=opzuoh3;OMLB3awRSg*+W9|2b*<HT8E>&Lpl_9Y*9
zq9<Ufa*~#2rgKG#Dy-bV<<nNCbRoUP+;k1={ZTfZDdG1c;M|A9{=_d1*+J<_!LE4I
zJ-OU^GQ5?(IZB)}kO0kV^yyX{8MEHf=8$35{I1B;5Y{aO+*P>|JJ+rIG~}(FTlbh@
zHphGyh8%h=YaIXhvEjq*r!Ufg%AuXVjOAJvIrR2{Z2aoJsOWExv!hr~q{%Oz6KYEr
zmtK8@cd6VPjGLC$lSXKpmxhpCI+g$UpVDO?3~`%P18Ui9zV}?Wb#TJi`!FHp7`MGK
z1TFE%h98b>*x=qzUp&~$v_&-2H&v-DOCrh@0ue;0a)P0dV)suuRoFE56mU)P-yoUX
z<K^#0bi=qOTIw>5{Co|;K_+O|EJgL%zF^d89dTUm*0FncJQ%*?jjAw)Bv7IBK>EGX
zEU5tVDI#RdFDS|jhic`#gXNTQ7_BY?fimgFvdn&>+2Me{;Sj|4)sd3MtGP2%tQlb|
z{SPK^W8;&h_h3USb!n!K2B+INYwkSgFb^G_GD$xu+5oeoVxg_dYi$eY0Fu=WGyqVr
za*Zpht<lr5)st?#72Uel)E`i;Pq&A_^%>w{N_wuCE{<c0jcp-`ODvR24wE#N^J*7h
z1bVOvvVv-VVf2PI2ZirKk~W7yTx>V{d~7E950=x%wQU#m+DpsplT)kX0)V&9FnxEp
zoyC^Yd<d~CrH&EPV4aTp$u@s5GG~!Z=Pm&_k9+s+?RaO!2zbN>7-r#TgpOxJT@z+G
zM>+4C%)MWlrVskw{HUxMlN<^-fBmX=%<mj*T7=E0@er~l!e=j?c9U;Wqwkv2QMfNO
zwAEhnBsloMUyLKm=8#2`+7CxNp4NzfA0)<c-}SF<7$#;7>r<>MplXV*UJI{yU`9-7
zUp-YZ(582>x&r{IGY1T3DV`hA3EUx{r<ysF9jw%*7u~)06^)d>@kKcKzBi+P3_Ve8
z?GyolHyHR}3`Rj9C~QHTrIhd<NBGd_E2>Q1+q-%Vi-2Ij5P0Z^8TutE5kAz41}i5^
zZmvn}FZa8c-y3l9n9?$>VxoFR<Nfvim5z+3*yrCyy7!|_wTww4t%HO_9-Jm^qPV$T
ze>v_i+|{)>CT}C$CV~^fPTD6DMq!NxqhQ-A$_NZLu~}ju>CY&{@BDuOIP=LKMtJ%*
z<s(()!V+nIoF3=pKpt>w)tV=0d6T=Oc1r9NevRVTjo}sDA>au>X!{lwv$C9Hu-0nr
znpb+Js`2XsR&=>IPh%4*mO7!5lDi%rwYGR^Ayrcv9kg+-dCk?1P&tWk7zI7XG#ZfT
zNa869702R8(sfqzn<aE9&NkZX!enzO!gO>VjYtL`5+tuZQT^%OB>IHHXNyotLH<;a
zJ|}WDFOuU{58|r4wAfuUC5Q+cp~O>~9g0$6A5_CX!@lVK;Z)ZI6<{EWc39VyW_n?(
zGiE-H<DiPrkZN%#e4CZf6dw7BzXSDv2qJhK7x(c~@&h}mQtFDo7qg@I;DnJY-u}8*
zQ%5ALja%N032UzWGsBAtT{>u-RoJdIUV5>}vpWYT)QCu@^2igvke%i34RS0qckR=}
zoj}W(Ud+sue%3dyPS8JQV_RvfbJJf~f9kt<L_Y~)gu*Hpqc31kdP%BmQmU{eJb#j?
zY&+TW*x{D>Cv96yZa0SZJ%Oh5LVhw-2%K0OC&xIZJsOP^ZtF6dc#8dQ%RBHwb~N~D
zhveYbf*_{dN-5$R6>CVxuJrF6PC6A*x10J`31Kz->k3Dz_Q7A6Yn|w$N3_CZ>uA<?
zLqGHDd&;OihA<G72w5Se+Ez&w&yj%{8a(W`!*>Yqr!LcHPMnrb)XDdLHU36kNeh}<
zq<)XYKQW1|sMpSzp%kY=nKxGYpN?k}Y#eD3Ts{aEn1}w4CEc=0%05EtJ_c;zm2BxG
zS&T-0yS<v6wrxn=Va=o)lYrEq(ivDOJs`VCQ#SXILIT!B95g$2EmpPQuTs^GNsi@&
zkCTMTIkJ^D#%2_gHkg;ay0yp}Y#WuTsK@#q9u^dB5xlCcpw$isOMruIc7btLnINOy
c_5d-|a$_RN7R7o+f{o4SuBl$t9p@MS1B7tGYybcN

literal 0
HcmV?d00001

diff --git a/login/apps/login/public/favicon/apple-touch-icon.png b/login/apps/login/public/favicon/apple-touch-icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..481610201581ee936684e3deb1b286d307803892
GIT binary patch
literal 18112
zcmV)(K#RYLP)<h;3K|Lk000e1NJLTq006WA006WI1^@s6J<SF(00004XF*Lt006O%
z3;baP00001b5ch_0Itp)=>Px#AY({UO#lFTCIA3{ga82g0001h=l}q9FaQARU;qF*
zm;eA5aGbhPJOBUy24YJ`L;(K){{a7>y{D4^000SaNLh0L01FcU01FcV0GgZ_002ZY
zNkl<Zc-rl~d9-IqRp<NJ@%!C5GjGoGSo1(xRWwKe1y%u7qJUsytKImVa6pl_?Dv-I
zJ$;Mr*7s~%1f&JUv4PhuPeBAhTfqsbVvtehg36k*=E};-IrENZzdz17zZ)lFN1StS
z4)<nJu~z2q{?6~jwBs9lfA@|!afGK50Q#%zyl(<3ux1F3&-Ex=4;Vsa1eMj`Hll0+
z*^0_8ke$FLRMw#~32qW)0%Qo4Vbl!)eUJi`8IZZ^a|)GXs2oMz5s*WuJOpw8<Y81E
zMddM6j)I&*Wfo)(m}lN8;>vca0D`>jpO#yU%bsMp8?c;7e{FK%OCi88Fw+MaM%@@H
z>wxXx_5k}(*@wzra9dE;fUHJk7^H`aE5YSTbRnP)Kx)8wpW66);ZsqWuK<4%m17`>
zQFj2i2bH@~cP}ar00%)%qHY>=mSRZDP6-qaw1@oOhnHK#=RJMP0b1WMUJbaT!kti1
zX<pe3>;t(Rm8(&?9App3I*<`m1eFS`(gbP@+J!oR_+9`{!-n@Z!0!MQWEPbZl@{NR
z%2!eM_3H13K#qc*Li_U+g9!!jEd%av2|(+wPk3JhrZ>az;}akofjz*Ls9cY_>wt?&
z%`E)^sC*zcfa^eM{vCnZD8mFk-nII>SEgNVfx45ZJP7ht;Pa^aQmM)1k&>$P=Ib`f
zAN<ed9*T3Gp45QWUt0yPD0^9I#W7U2fLw&i^&mF@*P^l$m9Ypksn1rxwtzbVZVTYU
zJhg^z)F%M*s5=PUfy$>*_Ze_^pgf4`5$I{1U;gNW%RM~jBt0nst#1~X8!f*SPH?&j
zl}kaMiORE4uB)iTNOvvj-_sSa;U_d`#$xg>x{ac!JPPh>CAj${$X7rfr07o%wDvpR
zzud!hR@0LT(E6qkD5wW^7}$%-(}5d7Zm2l%szn1OcW)PszL>I;zojOTq2=Sxc~lOd
z@;TJq4)V{a+yU+gMakXeo$p=l;X5noNdahmvxE7ea=@LAQMfBXo(J4q0$O%@&fJ-6
zLJQDmRE|d@q6y=?vRFI?ifD>E3VaQf+fnxqsC*uk$Lc)tuJ<hWaGp`RpaHFK90TSm
zEu|A6*8#Vn@*N=8pt8XRR6^Tz0j$YsvF}L%Rt-QWqalelceMyn-a7IjQ>fdI$|r%p
zMdfy;Cmv>Ky8QLO|9{Ipyh}<KETHvGJ*t5lMddn>mw~(pxB`_m<xPIHpane9r<cz%
z?_JATEWHS|b3IH;qANaM$Nn8=D?0KCa32CbN-=a0RX~tG{_o2@)Qd_N9H0k4mZFck
zYf$-KkXuoA<p9WGyf*~qk~wb;kXm$$q!L{@uSGMKWMS(2S}a8QIa@B^$nB`SAC->+
zN6}K=^6qyo_t1Ar7Yv|FAlGe{-6fFuK9HxOGPz_;nB}8w;LH4;1Z5C*%eL7EB(cS*
z#nEXJr6xy2O{S}r$-f18H|jpiyi6lK<WK%+xna<nE(k#Dn;akltOafb`61Lj3)t9j
z_8>zOG9c(0Uv8rrXBv%&?sLt44MKkzjht;;3z+M?WjQBNxfA4lsJw@ww;!aCKmEhy
zhC?>3Xh7?m9i@b22$gF<UJbkim2K5E79EX9@zMx58K4aQcFpob&@C3!g%4sO0&u6v
zAVxc_{F%PiRsoc9<J4zR`9p9YLFFigQ$&#WzJ0kN5~URhXniwO0(GF9Kwgf@t1Egj
zK4^NRja#&IE8VE8w6tyjkggP^t7f(=iuu_B=K7wn&!Hb6TKyfaJepQ$4s{Qq^5-D$
zK;`Q=W|<p8-uJfUhD#%@I6&*0YxAcgz_q|@P<aW+MpWG5O=-u^vynfm{kvF?V6t>=
zM`37Mza4E+kbxx#q9V<{DadJ5J_r0R>i!1p9Y#@Rhma5b=5j-)Zt==VC72OlJ;-+f
zKTEkVGTh|KX9>)fbC<dwnkG7>S<keM5ufc~VY2n77Hz^Mc!;c1-G-)&3Xlg;_dig1
z7b<syn?)V+{<kbQgjNQi^*5`gD1G1(;734Sh00D4u|Yx1V;7}aTk=QRk_6{WP?D~W
zSmfkI&e@qy*jxn0q8r`l)k%=QL*;i+_i>byAjk*avaDEIc0donjE<sm1Mpgq?=HD=
z+dvV6axpX^=QO5hz}bu{n3G_Maq6YkAJU7?JYPUjRK5)Ew}B5ZyWuf<N07gG^RnS-
zSpltYmXiPV=GT=V=CvTtS`=5#anW<dmCu;7TU$U|CeLE~VN#G5YLyKQ`g^~lIvzsh
zognW*bU*X`0zf|a#`BJ;WdpRnMW6@FvIF=bke>uD?ruVfIc;anOp`-)je_|3mJI3y
zn3u%;7pvKq+HPYBJ*G1!Q278Vzm4c;m>-%4kiY!(^NOqU4rr~N;XeXiEtjJFH1NY9
zn>umch{v`p1D~lzwE$VSWyv(7o{)<HbEqN1g`y5}sLM%d;nqnQj76M(4&?7q`Ay&-
zDTZc1k-z%2^M<efd8>&E%qlRX!mGI+<#oU-DIYdvX`nQK5t?tT0m=-1l%Jq29l>B~
zxmp?>mZKvo5CW0J^~7Wv)Yq~7(QhoY*OpZum0M6*3vN9WA4G>vo==RqGcRHZb<WCj
zK>h>B527t#wn9x71<7hA;z_V5hcRPvyYg8dfEGBiV8#Y!Tm4<ZnAOa6{b9ddYCK%!
z2fZHL4}-4J?|S`t1DBk65#3TnH5_mgD*q>N6Ub2aJq{hfm&<1Yt;1xXLpfc{ywAZ+
zlW$zNv~(z|R(cc4HrO$kokU)nqIOENJ$C-PQF$xKJ5hH;{^pm@InK@tpgl0(0{kK>
z&mr845mEu)@$)%kj>mSH07bYjBa=T@{!$#bE>2;qlScs9MOceYTst@6Am;8?y^URh
z_o43XAb+4LPq+{Nr*n$6b51!tFy9LDdQ_f^T3`-MvM*e>@V%jRg29c1n_Ag(oEex~
z;@%cLYV?t2xwxRMK?KJCZE^$by%c&wF_pq=o8?Dns1yt!lBn00dHuKM`a2l2Js__I
zUIVNzZvB;WinsH?p+zX4?fWH^XMyyyW<D};z7a77C}*a9!8bO!6W3c<+AIKXga5Wn
zgs2YJ1ZvpdMqBIe!Ngm)310lYaPx~{e0BLiuvNdNCLFPBQgR=(C*;b8G8kO*IrqZv
zs<Knny$0mRK_-h^{_{CQ+c}GJc$)b}kY5CDz(2fYQRdRo$*F1l^TJ$>IJ5V+rGd!-
zAqbsWnlZH}Vo(O@{#)&<^Q_wl-}!QQ-V5QeM_}V-c;c{aHT(&cm8a2H6YLO81i!4P
z9tLgDGLKL`sQg+~W<cLryztkK0l2^a#j}dLbE2U=Fh2w3|3G=Z$(emYWdZI1DisBZ
zG!>q}a|4p7pG+H*K*4J-F&NrHYlWrR1=emT!F=P*FggmWCt=%87A8)|{Vb6@Ynj$s
z*rRw2_sY=x__D>Qk3fD1${yf#!1n{=%#NLP?45N$S6~+4a^UBI7uXJ<RA<bkw3Ma6
z0>P!ic+s}VoJP!Ci>L&d{N8Va!OmEbRG%BPfeOs8fE!-`W7Sshi3!-T8%9Q}iEFg0
ztCI=~6VTMi;k^kN;k9ExH3GU)ZZx|Hb*}@yi~jU*aq}BiE}%Uy?*jQ*R9;5;RCaz4
zBP~lXu(`o71~CWTl!nhagel9A0uNyyj5?zBh7*F4X1w_2@H`L90K>zuZ9A-42Zc8C
z3}n)ATR@7sS&E|-;BEk99ayAD4i1&4q3-8_8-adt)7jheah5f-1K0rk7|Oo|S!D{l
zp>fFz6zDt{DM6FDH(W5VCfK07Ou5O&u@a!NCQALUV1YB=7=XD>8#lt{EeR@6$<<N@
z(F9IC%$u@IMw`9->TCG4MRLG%Q2F;D*MPd>`Df<=fwKnaQakH7@CsCZ9Ara0%M$|_
zt>kqCV;1N+&2DI)C}d>~m_-XbXRzj@;iR(KI-pyDObTGb<~*1ICMRLr4sd<SGc-s8
z&7=v&ilfz5lMZ>;y|No%&S~~iRu1G=RDK5BZkUted2d-6fYvt)2z}uBWdmh*+I(9Y
zViCLMTFqlD=sZ8JK}f8TTIm7{_ck=6rP&P2<40lC!91{G3*7oW@Z1cT0mdg_$4(fV
zXol~Snzf$fL1--}zv%C94B93G%}LQv0zi3K{P&^qDr9IK!^6uD=<2a4M<G{N`<buL
zYNpgIUkvw6nev7p>6YKprfrj;a4mi6SdQP;LSfSuxb<c5+?!!M17?6;54LWFwd<Pn
zBHIo+$d-h>>S&0egs8Q%q0I{qz>x)Ypl%(wpG0{HvooW`^WM6=fUa7)1^5Y&7hyg7
zmyISsmL7C2Co_pG?nq()+a^J1rbEXz+kP)Z=KnTdf%%q~!E<gZwQrZSaRY4G5(B1H
zZUMNu%66djX<S#I;x)=Nw)*;$xR$-L2ju5a_Y7R&is$~$@&LL#H^YsAyaMD0P#J9%
zCM^P93U^Lv?gnS|0qD97rpYIB;BEo4)wX$sO<NbhJh7_#08CE8_U$k<OggIKht6F5
zTav;Vdp2qSdi_>^3>$RK;?F@Fn_C;6j>^w4-`@o)#dDT+=Esr&U4oe&a0BpDsBFrE
zIT-jQnddXOo^pzE?TKhcxVNN(X0Pii>WRxj+vZt1n4w%`*}koeOD~*@Z3ET>WkSh>
zlfwdP1I$K$V<*tVfxjoGmWS(8K1=#4a1&5aJbUp+k1Yw%jd-)l&!F<OcFi1k^-JN(
zCRjU!rlN^OxB4x<yV%KT)=3FKpJpr;%m5-Kk6yo?#{QCqoQXk6>bw8X171T3V1wCG
z6iJ0fv#!D7kXwt&kD>Ac=sB1<KY*@sjiU1Xl)LEqSuktrU&rV3a=`BL*pX>cJAm5f
zf+<R3nesN8QitYlsT{zifVoZ^H<a;c>8GtvqpvOvy67KGt7L(>0Zc!7LQ{UBA7NR{
zvb=r3Por*MNdV3<p!H3Cm~*b&ImeGcaPnu0n>MsWA_i(s27=!^#+SQr;7*euv;Q|Y
zsZuf68qBwTPZiDR=m4hD<Qmwq4TeWN0FvliVv|?S`gw9xt-w6s<w1C_q4@&`upujg
z`Wj=}L*==Y4^A(7v&RxSwA%{qr$8=AYrxz!(x5c?SjW8?DK1Cio-EA?7D-IAoNGVL
zL9c&XziA=Pe5POq80wdRUhQosZS*x*32c>_7+_>UD-URlSC$4EI9zOM_#TdkcE-<1
zu0iDoDCGIYx4+}u0b1WQ1ZW?41?8(BhO?YCrvZ|J#V9KS;#N?lCQ2^9v)i7eJsE4{
z_s3t(Zi_Q7CT-gS8`cp$89t~x^K?rRjDaky$v!xxG@+0}YSEYwmeQyvfCwrVgZpt{
zNAb*eof|+`0=g1-6)NjHY2!96X?4`}z*{y5MZB$xrN~UG1|U1e$#WBS?MAq@WjTAP
zY2$j>vbkJrF*$Uutq_GW%W;NklaWTU1#{vyqBzh9<@xk6_prlYtlcmw&qw8@fGe)=
z_Rg2ifUZu^9|!qCkZYiNw{^~xXXyoTzEnrM&=g-2g&Z$uJsQ6m`+dX5zmnQ6GvU^5
zgcrXe-Zgi&(&`D=xwYI*T8Hl%S~`$*D6fHRYcQ7g#CtO=@Da!);P8I_lqHXR4(iFV
ziE{7sRea$G&n}>Gg#b68yc`YQ^_LP{R<jxVh1>Xa1Zr%-3<T0rc5a~RGQy4O$vj|A
z#sST^`P_gRKm>MfFL|`-h_z^GYtoudwV`kZl+bVxLz)te1vIb_9#pBWN4b^al|233
zqs4W9a&`c%Z|p<STZ_sMQodGL;z7+dxD8AeFmsc@5Ja2F?*!%q2%vcnskVB*`CCBG
zm1g$S_RS^rXmwT%xkpYJ9?kISi`T#UH>=D+xgnUHjhU1~T2hpCATL4m8Elwt6+=f2
zJqIc`0yjbRPV5G`mqdg8hPOEnfd_0_fItgJf)01hb@)sP*KcDX>EEn254M25;@og%
zD{WW{+cragD6#u4h%|(+z8Iu1&g{!G1R%6dbgcV=?;7+a((vvIke6|IcvW$IUQ4$E
zx_n{J&<4uaLhQ0RSZJ2Qj@5-(U=BM<0zA(C9tt=zg()y&<WKCkh)l0>eE??l;><Ul
zA20)qj==71<#Kq)=^Gl-&(!R{Vmvlw`4^_*F+y^YvheDRFp=^>9H^{D-3vjU!PMxP
z0h-}LK%R%n^Pzg2D$7d)L1np{G&c>I&O*!gR9&qaI@}7GnM~oQ|16{rka>lTThHF2
z$zs#)ZLnswF=34{N%}bf*u#6k17jE+vBt>7^_mY;__D9-Zzz~6P`;ay>B%z#^wjWr
zR9=F5oAw(fDiBsz2Q1QZ<N->ej4n=IL?J>=LQrN)h%me#sWuvItM+Cr1DFA}ZGuhf
z!S$*q$XkF~0j7KgFhvQ2MXjVoBvFSiGZzDVaDTW9GW3g>K;>pst}U+pv!n>JfY#p_
z1$ECr<=G%3vDX?df3}$G6foNWnsREg_oOsOsEsj9Y4BT{vpTOOm|yhLYNOFIfEi%z
z>N0%SA8Pi=+PXS;pw-aejr&OVJEe%C@n@l|X#8AUS6b^|0df<N6mVWci>?7)R7Ez(
z{>z#EXr^{7r_GFIO`T=hG8^H|iIU=>A(*$qEiWxO^O<ZkI@8qe!M^P<HcAZ2(D9~v
z6fp#qFS{_}kcjJ>{*F&2JV$gec|vWS0rNr~t12yhd2!7L76)j3!#EV~X%&ASOLF8c
zpD8ddC4WR!G6HB!9=z`ft1?K2HjB8VRF6%a!G7j*k@jpYHMKQf-uD5;7=RUHth`Ab
zMw*iTQLxBjmI)D%+pw{~2(ClrMo`l`%xUORkmpuv-tOR1z?jm2S<ad=hsMkfqZr8n
zup%@h>h)6%W?;kCv$F;CY^KfYVavvnM_YZ!`6r>aZh$Qqe={0ljX}5z&uCAh+*T~C
z1$PrFJBus-GU~nwX#MqZP<Ep{7nL=g_-_ihNm>yuk>>JSt5db`Ye8V-w>)g=c7N(j
zWEF1<=*yNTnvqMZ#$fMO==Tko*IPg#cJMq(7CFp@109~WWbNu}P>FD?gKY(EPI%)w
z{|e+93%@B1Ex@%P*HJ(88g{&^W;P=l#-vDnw?H`nBTa#)w0Dkcw?<XM<zUYK7SOYq
zoRmCze9Y^s5g$(aI4R8>Ozsd95k_bNG8aYZq!{b529O=7+=$clt$^15G7hkT@*L-#
z5#4Be&xXa@OrS%z$v|8lp@1O*eFK=jr|;73k0w&E5TSDJwt$|kG(8IkkHBovkjKKV
zxy%G^C@hSza*6vhio%=}ma_53gyz`C<@PFk?kleR>qhr&4Xti3xMza&BJI>hH&R-)
z2nE&xW{Z=V+?#a%#y!~gCpo+42-d%?-PnGj(Q>BgS@@?f!C!qEj!z9_tzo|+W#eoR
zMqJsGqe%;(G3HUsIlxHDi4TuL4wvi8e^;V%J<xCt4M58f$kTw!n<gVOt1U2C+SV$s
zF)K0dvv^hllsQe&#gPp)MqN)0<`=(W<%9XXx50yl!!eCz*8o=C*YN(F4<ZYTH;u4h
z$_mr0)1;V&^=$m@)q`6Nas%kP;_?p<y3jcAT;DJOg<FsEOz<}FcX0qCM+;jJ*7YPU
z@$XOMGd*=f(}#lUdJmkREud$Tre@${Uxq)s4IVtyu&8R9bicpYK-56?Im_9K1wa08
zS?9zU`&I$MdIjWP0lR@myq<W;&4bD=kY|9kMYQeH-xraY3^^w)6&BQ>^KEn`5=sL6
z77wi3(B%}+<xW#Ga9aiD`w!u3T=fA;Fis5_c;$uGP+P_>;<^w=km~Qb4M={}gJzpU
zYq9WoF)G*L(T*md=Z1!WD?u*pWWp`dZyn&*iL+)jY=ghMbp4&Rc5YW)C6cbEfG%e`
zJp;FWr2_NgjltKHtdcKSvcMTAkQAK=R|S(8!Kf!J-=dbuwU3FCcF3CIl79fgcdV#e
zgK{m%+J%CMfoF20#64}3p)O-FPF`dc=vY@!N6O3=S}vN@yXICZm~XGZeBa|B<wDAW
zvJGTePu4a|7HLD{+CYAIb@+9<=4a#KU4q{vxNc0A6c)<+zYSz7@R(mJ`m5_fWh2P7
zgioZToPyM2R5|k=O^P-lw_WoD-sU7GtpN-74Yq*3tlXQi5<_zhFdw8mKip6T4F}Fx
z0jxh8_gZBI;o2@S?Ro-)=U|80IQI<VAfAmqhGm)iP`QjsIs25uf!m8#OWo!SH$Y|m
zGx<?!QY-?@ISLb*tIRzX&{cxH88@%IMUxgVYf>(47SIFh;4|2DXdU#Jq?vWfjGcdv
z+3s-vjMv6y`zKMk9%QVz_~RbsP#FWg8e~hvHT{Yg1HO>pcg|A_wk@AWH&XYfJnFE_
zXrs{z1oKn~=89%S=h|78s2=B#PK5GEL_AWmOv$=PTyNkau&@@r2`zC%Pn|=#9%K!@
zp<{gj{eLz9jH7ZjFq8yi7ch5m^4j8!tvuLuYg^ZPSK_WY3(U0xcwj*@FYIS_0Z_Wg
zIRtZROrbd`2+9ron1*KUI2qck@}Q4?{R4%2Dadx_rXO;H8(}?gS$8KdvErAdB*6m#
zU8qEg=CleTXkX(|d0&&T^1(bkTgI8+TY)(|ZOHcn!c$(Y2Vx@!(AZdHTFlJYG|EU&
zOy4R*?K0|(#v7wtK;354T|&7ft1ex30DD_O6alGALqZd039ZB82i|>MCPBkg5u3RJ
z*tlh33+PJZ%=HRj9h#G1Pf9enU@974whbx~jE7qHLlm0x$G%Qk&FstH_-<}J4aP8}
znF|0PN98JDxB|2c1DBv|Oq2M8RvZW>lcy8lN#7Hho-TFxgKG$9C2s+(Q)4;%PzC1d
zX%mY!G&FN!Vw>O&l!|HggZyE=*<EuOU<~SQQ%r;UjCxfZ$W_3qekGj|;1ZCLPG&xw
z<w>rb((p!{GnGF}O-Q$|At+Cv_1}#xperymH$4j<{bIG8eRu!{^(U(@e-q5!J!*_u
zN>({JM|Gwqk(bPJEHFbnc~bczYp@U4*w?oW!C@Hz_Tj(qCkdo*3#p?$8sPzXkZO~W
z&<d8I8p3h5fGt6V+;OGv&8Wfr-rL}z!vk409-A_?YeJ(oXqTahO>^&!QEIP8&LU8a
zZR4d-1m&d0$g%|9gB%f<5s*zNyZfA&0F_B#cdKSKXNy;<<#04Qkq~lf_Jth_9fXvI
z*NjuLcKyl+bIq9_Iy~rie40^Wxmk^|YREC%3T%KmHP(?;c8Tl3m|HX_+Oq>qA1mnB
z;P*%~*MCofT+(ND$N`%{w%R;61f>TWQLtvG#j}YT(88<zo~807%Jm(Ufp92a1pnd{
zyf?$z0vb-}M&BeoaT{RAE=zL`oDVu|`VvJQ65k`B`x6iv7_r8<%jPB+0lBJ=_Ijvn
z1J<Sa7>3}81!59;TJABv=bX$o=fM|}f9*opHRo>u^{AXi{jdAyg8?FC5P>=XL7M|+
zjbFp^hE~*|l%WPsab}+iHGU6hR^&qr>T|%QeG2IVTd5C{iL?OSK$HVqG*QUk6H$o7
zL}_zGkusXG{sI8=VAtFskh1+6%0Bd61_NrzAOt{Q?z2ul2`w6E?Z*9v;!9ctzun>F
z2>Zjr@0Ox#@MyQQ57MLDt<?S|t5(gJ%NNXEi`pcu!4m2pfO+%E=FI-yj6s~)8)R$c
z&y)=|1;{zeNg2`vqdz_o-Kal<%}*AMX!{<~ouKTLqASZ0l&yV`KCopWBkkac8WQAd
z%x2O+O*wgsp&N|};|ZnE@<s5sTqs*W4>rK8;Q|r~C#ubYg)(XY)l1>)B*MCr!2)mG
z{5+|Us!5;l`V{P!%hF0OuQ~x%_kl4~w$OM&g*=!wHCwHF+a^a&Lj;<|D$kl2{&IGg
z7r`$_YJmAMqK!tOhBckClw2z?gj6A^wZn<xGIe3x?<+Ez<)rAOwH?*MQO=6^{VK0X
zA9bTB>zkRpn<H?M0Iy*Z7efysha}gDpl!ZD24H^a;$8%QK2xZfT`#t75pX08jwo3g
zvIdYpM!AP0LfNL;1j(_=PB?3lq}r0w@L|6leads|CYol<wNwHoHHjM9K{H1UOqnT+
z{4@u(s7?W`!MqYT8ckU=qwJS9CbBVM>(ns086}g|egxokMtNZrBh;=IHWKRxmX!zM
zg*qcoRDUq(y?gs0tAMdaA%o0DgO}o*MFI{R(y}qhbOu<+tAJ`#Gp|%I-xhDqZyubO
zo5<dv4z6Q>*)4!HMGqp48H~00B$1Urv1dM_BL<ctN6@P`>KlPfh})-SWMh(&M@uK5
zhT3D%K&Lr7{l<mBO`4m)f)uQL&0KE*{j=NQerrE-JwRc!hvooVhbiJ|;jC4|`^3J_
zvIvcQE?-X@&B*#p#&*)AvupG7J}ToNBk?k6MpIgRwk>~hM$&OIB%WeWVB_ZMeCC^1
zCTDJJ0X;<hQg#hxnpF%55Dl~!3HgL_uR&Rt8G<pvnFoJEgo)4zG&#P}9&4f|%M0+8
zkX0WTDJATikVK<RzFTQaG46>3WtCfZ2C`r_O|qWd7r~#46m9{n`k|Hs-7x=&!EeaW
z%HQQl5f<_$!7K)tLm*|I6&>X9aAI<0NbJo>w<F~*P;%%#S^+wm`H2}p)d)-Qre-#r
zi^fhYh=h_GkUFj3d;x6%eIk&nKaifx!<Dl^3PIw@tQE{)hW)x|=19?4k*}^Gr1|N$
zIr5kMeka;xSfoDchEVA>1eBbK#D%xgg~S%n=po6JW~SMZ`tJ*E3#g}&HIgv~r~=uf
zOz!{yDF+Y_I9}c^nmIW+QoH*sFo&Ai|J`-SZ&;#K8!F1t2V6Ra96pfRLJv~jDRjtZ
zSp*i!smoe>0f4#Y%n#R^x#G-bNYopkMhdMW*bcd~!7z|rVv_g@C(?{w+ZtmSD6>}Z
zTb4Ox$rIKi2j)Od{pM05=|WOKYinFXV6{LxObSbr0Ib`vvNsw{&%#H)<UMJU7-Y*+
zw}24&543=p#CJRmjZrp6*^mWkj%GxFtLskTg*abobu@(+Edf0T6rfG;nT<;|)|y4Z
zj1L3(T{Ltf9~aIR(D(VLfD$`^t>zm0H~)G{Gn;h70zm4qsgzRk!DZki2mZR;&<|3p
zevEc|`BVPEf>X#WFy9nTW}(BJO~wFaW>GgV`=44q1Gv(`eA`#5ICHfHlzMN550r4j
z79C|EaXGCV7n)Sk-^I6>v7m_!lR}1=2=bV|Ky`ne!ZY!*`EAS42bn{ePdk7vZg_U1
zkQL;&_PT}w@EYltcfoA|^_H`N*cq$k7RK&b_${TiTEXn+QJU`s^v2Ev7I8a#iyZP_
zYwQ~B_uHGY`iaNL8Zydj<j?`_qcRQ5H=P2*T;#TbwmJZik8LNmpVnJIFPKw64}vTE
z933+d_1Bk~A+I_`^2#`XSuPy{vaYvfL1WOy#I=Za)Tzxf8<<EsemTudqs@I(P65;D
znHFl6OyQwcG98Ujn-k2qN^t)1To=R^(1rcX+1CxHmaZEE42_AM1#|ry23QkdHk~zZ
zta1QPa$abTX<)G<FdKk1`F0M>0r*P}Ek{vKqoO783xR9^(Qj}_OF|Dha%?gar~Z2Y
z=9jMAQ$SBm!R=p#_uU?BH1Ysqfw=(!U(5NxvIa8u3}9$kY5rcgM44b}=tdh8d9#)P
zufG8v)WQHk`x6Qw<rEHNS!(DLsGK$n=<K)!gOFV;F(!&X*bOk>v@%Ztot=X(-VN{n
z1l;v#Ni&=$gK&_|0S~~P8#D`O=6HqUAZb9hjb%tF8nmLtdRzT9{RC)ktRk*AiJw3Q
zRe61s)4<6kgW2T7ZTXB<E2v%szruIT)oIl@eEa3FZ9}=N{rGY8<P6MJh7QWl)YBi9
zlijMBL%_xZYJxeZ*&{8Pc^b)d=4r=GcwZy`VwGpAujThX$P~yEi!a=w85y8Ac(XA;
z;gcpS8O%d{xN0|Cv<;4)gvXD;gHIs$9YpUvST3kMaSEp9peRZ@A_)LxAB{>lfDu<V
z0G2#SDY&=39*rX&P>Acdjt9$O$FC>47dl~Y(2hV>2(^XpgFB7NqbQ|nSt`w_3(c(v
zSpx#q!HFyU6womB988Rq|F*A(t9HT3Y2@fBc<d+~cmnP@h~D!!JaQC{PQk2}eXrj(
z?E@w{-`RSgHPo1v_9vm4Nl-!JF%HMKP7RA<Y2RQO-5PUqqK24A;Vh8Vpznk4+NW@H
zz@yEK3Df5nFc7e>v5m$@ov4LV<u7#Qp90z?^?NWmUjEy?5w6({Cufi&C*hG}aPQ;j
z{>R{+!|>Q~I5`XRRGK?<o-CRXMn_y?z%yeInR|>e4mEMAJc2eZatmmV3MCytqnw4w
zp(w}usLWHoxNr_+IO~*XrePM3vz(gHT&~{)x4wMkhUS)<Muy6N>nC8(M!0S_a%!fe
zBKIGL{Rh!IABO`+;EB^PU6ht8j95fZanO`!l21#V54?y6*a|0=KeJE1E9bS&+6y&v
z(g6%`6ZczDd87}_0gr%8qZOcYjmtjn1FbX7|Gv_<fS#??b1*(!{@b_;F4_P$>_bjY
z!(%7l?nCG|9*6yh;NjzNbQb1{fRfPkTg(H<L!giV4jsW9<nI~)7^FmbU7}zq3^hW6
zjdB#^fj+`KDi5P_7-V(3+9#n6T-*`UoK+24=`Vsmm#N<?|4mc?zkD<Df_XSL1rHpB
zI}f3EJP!99g@dQy<a`-Du_#F`?~o2Ou2+AXj(k8fOh?X78A}YdW=%zDa*>O${zjk7
z30MGk_UX?R%#1t+Jc7#Z)|ryx)!}D7i~QYk^=~Wv6wvdToRsHs3{?Q%x*D$Ej!ezL
z<EP-BBj`7tfNvav`%l2(X*fM!+Et&Tgc>*+M;5O84rpssp)M=&bayLW@XBf16a^9B
z>%K+4T9khp<!gOborFW9M}Y$%-)=WF@sxL#GY1XyX~wNjf!Rz#=_J+wUo`@I)*?6V
zfs-@v&<WUo82$QTxa$Z!e5#};(}f4{dQ*~5PwG$0bmwSBxQb~3%$hV9<#o`|Daw*v
zDj$3v1=-)1*Y8Jve&aMM_mt8IPw_WGBw3ym&ZO#|3*i*dm6mFN4+{*B!rD=|Y6J4(
z0uE2Xf#dLvBj`7dz`e)e;1nF6gQ*JO5%p+W<nb+Oxckk!o&=#^zJI^phM>&FP!9`d
zRQy@xAaJ03$4cR*f&IWV$Y`XQAt;12h#Q@*8Zy`d`aMs9`Am{j|Bduu>qPnQnOl+5
zbMWXX^zLKujia#tINW~<9-l4&KCNYla8QV)QE84D5G|^h8=Qi?DW57yQ?LLUgS|Bx
z!acy_^;@uJC;|OADmx>ZVVWeP&@kEo-lEA0-U50dCjrL$ux|~rZw=hM1CGwXgQw8_
z$KlT7aL);N@H9L=1IOoKM$2&#VX%Uk<lY%DhfZbqKtX*^6hnusg=lDagTlt`D}b*7
zCrUue)`H^E2Z4J*c1B^6)XXr|zt^BbVPmy7<HnnwTyf@=nw-G85m+~ZJZ&A!6mV!7
z4xB{qIsyAnz`dv7q3IIfCyFwH0zd%p6qqA=LU4b5Jp^;0^pbP~uimf@jP}VXN<hz4
zl;iJ#Yn}kUiOP-bCr;)xw3lz|4tU{9;5pxM;jRE)=xNx&wlUZ?hCFK{oScJ4r{KO*
z=v^n_u2XRD=@Q_FD*oM2V8%llA=kAc6(*RgENUzkMRX%vEe+by+)MHp$bOKyK7hRS
z2>Losq4HIbSzu^TN#_Sz{h6mQG6q*)2iHF1DKM|3G|`8PR>4K9kmqX|C3$!nz3((~
z_bK$_hv8pNl(fWJf^Us@)b|-mF}GNf4gZl35yG7)4{@p}`h$+DoCf(SDvzQS?Pxm$
zCK-;Q<Y@QY4S(}N*t!$8ZHLWUVeMKN9$xNYeJTO;1lAA3`eEei)i7NkyT;JF?}dZ2
z*bW#p!JK%2HPqUj;@!}$JcE0nK;;V{#~3bH05n=qxO+kFfZ8$4fH{hGK*Maz%)<UV
z;huY7bOI*Vm4_;B+XmZr!HylUX%nnjUB+FXO3R-{9DLgv*g8@HnwEHV7cd9TX6iQ_
z6fM4*O?{4{d;#IKo7uPkXnEUh=+D03agZ;fypYsZQtQcItHD}181o9pkHfJO@W6xc
z)vv<Xs!~&L+5+3R!>(PhV>@iz@RZ}Y+-dVLTs#h6J5|N9t$o!j{N31V(p5uS_jWkD
zB*a|#`#qrFM41D84Gkd2Q28Qo1eJAJ&Ad>cS4rZZ>n(I@W)7x~!r`NE--9sp)$%c`
zwd-KZ7TC2D_UwWk+hFY^3=b{$5Pxf>F^62W8vXF$a{sm&QcE01mWv}p^EWfx8v>qY
zJtimTOQ?GUDHK9L7j72#I&dfTGI*oGcn!7A>&TdiL1*iyHz;}b)O7ju^y5e1p8MhR
zUxx8juwi`(>b<*R&koqS306&%JJ&>bDxISw0#{AInxS&Jy}TGZdk|>XjME3?-=vk%
z=!5z#MJgvzJ_T~jon8-wfEERH_oI9k<e3B7VI85`=qMR5yI>Lo_leiwIfdCNI5`am
z55t}J!N?b2)oR$h33hLXi*}Wt8`r|<Ncn)O@D#|;RuW+EDC`=Ahv#Tto^IV^QQq2h
zVMQ%~r?4e=0sjIrRX4u@XnFhJp|82+3Fv(W_yLp+QCP0E;&4|M#&s_>mf3?DIa|Q&
zX*fO&k30ci-Cu?S*RFx>Tj1iIux}^q*aT}=m(Th+S1v9*m6o11^x^Ue_{^z=9ev?S
zuyzEq8LtK#sATf{^$Ml-<#Qkh@R)qSp#fzUm9GHb0C`Rnb8PJZ&Bpo5=s^6A4v)(C
z9rr0p{rhYIGpFGA>GG|spSuIb#$e+**t4w!_}*=>Wj(AKEdl-%MOl363v$gkI_BVb
z#iQ%gnPy0=*al^EJyI7he{}zG;8Vb1H@#+|>2{CgUf?sRJd64;^pNwUUR{w}IW*72
zBhfh@=vEyHGxIQg5{{gL{STKXf399t9xZUucDQ&u?Ai?LSHt)S3|9buD&><CxO^No
z48ie=M>qCpEJibDxO4Iv3A)l)tob_d1z^f=dIV_sy}w0&<~t8DJM?kj6{zfKJnoVT
zaQibiBK!oODFOITK0~Yxh=J{U&NK6H@M!te^_T92kr7xw3A;DJ#oJ)t*76DM$q5)6
zhLQeL+S^J3>==Q4<8aU1!gX^wJ4G)bt=tTYZiWPtz@G;`4&39WS2vn&YiLmg`64CZ
z-d&zNn9#&gEHMCb@<6^Em_sccPK?Cw^_ss_*G|vE1CPUjL+GdOgo!cOycXHJ1uohG
zdp5!5HLzy9JdR-KsRf=vTJ7Lz<M2<%%dMv-nCqKEE9?W3446Yq5M#*3%Y(q}z!PD!
zO+d@<d<1><_Z$E|4ssL7WVc3D1vDPJ^1+wV>;{;liD8u2#@{P&tCP~XIeHonpGLp&
z2n-Fu<f>9*@7sjz+YCF`m(Tc3j+FraR(39Xf;?>uo#?~Sf*4#7y(7is+8NDk(u^R#
z&C5Rre3{B+^;3dF12Bd5J`Q>Z$g>tSFo{ZXf7gwKG?;z9WNBtEujMHZzI*M1<_mg|
z3Zzml8a#F!9ytzQxE~!Gfeou+*Lq~{CfK_Hwy%Ya6D7dMzQq=JdIFb>!nWb^=@?0X
zGZ%YKDxL&h8l0I_z9Ya#fd|}7yy-0oX!)ZLqCfV^uYleLd>bmw*C&UZx$&EeXIqv-
z(ac}Apt@H79SYDouee#Zwh3NbIdCd)Y7R~uhI<dApS%xNkHY3j*tHJXvmSP@hwW=%
z(<+!8h5nP=xfEbiA1)t-uT96}6@_xW>#g)Mrv&TrlIQaM3&`zAF=aJ7r=bBohRWZ8
zd>3$aHb!WIInyaWoTn`v?gVD%0U4raAx-Mz4TeY=0Z~drc6bU7O~Ka>q9gtCM5HZ~
z$nLf1p7qG?N!YOlHci0lk!3{QIZR_c<lDy4zdTVLW0o0HOF89eLzmy;&l9NpBP!o;
z^Y)hHETH8be~$j>D?bZ-5|v9pMv~y{5{fegV4U8ct;2eHf~JGwe-G)+zybu@UmG5J
zMNMimJEQQ(33&J<`lUx<d>CCf4qMm2?n&6Y4%xF7cC3btV`cQ@$&iMCD@S2n4<4B>
zEn4#IJdf^WUzuTyb(ip8`FRKMQAAIsn%pk=d3^%s{tA`v0J$_>xwRR*%glu2OwEEB
zvkVQ(vz*8U0eN|?7`ZI`)~g0mffI9Z>=@j496tXDOpKuG$6?!Q*fR<H)*<^QVaF<1
zH+tbZmpy?!!?1e<9y(q2L#@8lG6rz@anAuZuLMt`{3Gy1H#e4Sayy`%D9CN#K8CUj
z^QrKFVkBo`0yMd|Zuy`}Ql1*jIcj5R1>)~ko5ONN763j+dHBnr8Q6aeKK&@H8bLRV
zmw?{47P(|C>{|odCScVC=3K7rAy<u}pPEi6lX|Raj?qB2!M&|YD>)hN0RAUBdo<VF
zRzS<U-iN;G2M*!nFF>A;a%rT|tZ0S_=7d>-md++<hF8C)1Yy3R72*j&dZPLFH1hfY
zulhD!!0FTQ*ff0eD172Ebj>hq9EV-2;gYq;Ws|UXHEbM((G?#19&_-tQ5ZW8r(t0s
zDo_@AFm}`0$^0A#{vMUjB6)?-jqLRll-p7HD6lh%cvyTW3+4cj0|6P!>6+lW9#GR@
z4(kalg*h;I-$@TZ%36q2Z^EK<E>F(FiFtT<3chv}{^`*Y;9JIF-)iKFwQ$)a?3#ed
zp@rzlN?|EO0+)@z<{`LewxS(%13PKf1vwAKB9wg&@PN8IfDf_rffMe&i?hw`EH?e&
z9~6q-&8Ykq$W^F+!cvYhw47_41xyI$_~{AN1n^QXf=8+&WyAV|^RFZA5wyM0KCk}5
za+s>R3coy8f_J1}9y_pe0xn&HT(uT1T@71DVXR+LoBDwC<x2O@p}+7LeE5{N7bZi=
zG|~U)0HVw*GZy|n4Dw%5`E`^jr)NV$1LX<-d<x_*P}z;T)q{qm9Kq<x-xiu-{*65W
zpybTi(45%yVYJn6U#kO?inF&I{{Rb-6Qzuv%*?^D0uD^Urw^lJ55cBU*tZI~at&O$
zrrcApegsA;YIDAw%ry?VdIbHusRTefS}!XQkd1=LJmm(Y_fhnxT!&e`D9Px*`ys$x
z1M<75+<-b~4qQq@W|zNH+A`FHt{KT_)y!f2nYz2aZWyuq5>41#<j0D^`xC{LNA9i}
zf~{k4*(&7fHE{VV*f|Po`sJA${qvx`XB9qp68(k8;YfA-VQXm4cotCuYaRAEdb2E#
zfcz)m511b+x&V4{0aF1~zK+TtgIoq|OwtUKNBIQ>|I9)41ypI}#&v_DbTWOZ$<U^m
zy+NqIFV+D9ue=1X>+drP2WQ~m9DMmW`k}{Q-7xGKhpSd2SFb7`Xx%&v6TR}O?fyAH
z_mIH8A=o}#Mss={4oFY^-D>p)<1~ZH#}NGx&<V`2gt@K%_QwFWqw+?OSK^=gZ)#`)
z&1el^Lc<z#Asd=&w85w^<n?|#8g0pKd|HfVPYrmOkGO4?b5!$ArPPw+eb_Pr7f&Ep
zt%57ZVb2JxAA(gCz|YnS{eyGp>kq@9ohrG1S0~w0R+dZ}yY!r*atHA55&f{6?|zQU
z(w4Le_XzO&AlIVqszJm3Rlmp?BL<NbvN59|m3D69YbkAEnt4cr*V4?XCvAfEn)Mo!
zBKIb!&?4ZqRR)7zo=bOp3cfjw{_W9{hU^?cE*pod#^KU2*f9+2`mnlJ9?QGbH0hA5
zhtUsC!JI!<w9Bun1Gw=081Scverz#d_NBF`r2popKy(av9V)*BGT8)-v%wo_VsD_r
zdp!`U2@b1VW9Od5cUw6(3C>Icj8;DDyJxZ5@+CE2V8Q&~3l<J*8R?Zzoa`Mzt{8_a
z#$ewFY#W00y;6fOCImhY{Pk({e>)716jf-_QcQLKps55}6vx8f^T3Be{#TH@T(P(~
z{n9kFD4<i|-UIRsaNmnce__CD<Xf88>-eCfVW+(T&4M}9n#5Wyv<|7sfEf4t0~D4i
z>He7-Ib%t%9H^YdF#3SdSm2pacwiRppG7}@8peCDbqFpRL9Q5sOGjYuFl_C^h8~Q!
zaFZUerw@CE;K3O$T9c7mExR@<*6iOsAioFPgBC0{E!hU?_x}XwP!D)M%9~NS&V2P(
zYX^K#$8lW^ffqS)T_Y!{-(310A8;C83$%8W-?LT&5T@eWDNT(1z3mONmTU@v`Re+R
zgULSZ7=nvOkjqEll40081l#(s&XtZ}m>!vjUp<b#<8;N%4NKEzMa*c(;PVK`Z=mv9
zsGOjuxcS9t=p_RhK>y8aK;0Pdqp18cDw`sXnFLipGmQJYapu%EQGX&>{I?Cnxe1q;
zKq<=AW^x;#c9@QI>%{cS>0sXHS)eClz4GXST|>ylLvYz}3Gh9A*xrN5sx31Le|QT0
z<r8p{h0RK}Y#Np_6LD(DXmEWFcn>PSgvtR#)#>851)LF}fpWd&l|Q$w;?h5X%4jDI
znbE9~R!(wW=%k^ehinroeijwT4G`X7s@10C;AQB9p_#jYImOY<G4Ll!RoA?f0PhK`
z>cgfU>>7fL`*8UXa@i2<>%$jk(f{iN+%@lo?-tX?gglW?1OGcxe1gIiO93-1l|%dK
zl|KiCJc`I4qOup{C8!gVv!=9j#J>VChCmsVJD61ojYhNVP-}+e41P<s+s{{*?Q5yv
zS_q<O!qEI4apa68v2;=73uF|EUw_TLYmIxXfWr#koQK;Sta0e(KJ2X)bEd(3B&!pc
z{c#(}`aYDmq4HUrEE&w+XrEcqfBkb%^!f-dLgiOMp593_8=k#329osNh{%C7%zRF>
zM>N4R_qixY2u#x-uzm-V9+^+O*Y$esY4kaqq$wGvWEQr|Z>!P%`l)Xx<&*IR)ioF7
zgEWW})(bg|%A0_<qw<71!@&7j3A@XmzYRp^Q27`tZ%5@oQ^UFhIGUP5HMo}4YzeJk
zX{QE1C!fC+%zl3Y?TNDiV>zFpX7^+F^}PgrZO{dpZD`bQIAlpjGHiF^o}Q~VB}vJn
z=YsNlI+vnS12E&~n?dEzK>irzFum}#T+0M#0D1p!fs<1p9{~Aps2obtjQZ32T~khk
zsad^dho&qX+$i4d|CShtoMyIwlGNZdulsF|fakpS8Jex3rE6`7ac|HTYoa&WVNGa=
zCq)GpG3sbg$CTA_Vf_Uv9|3tg$N>ahY(&FKXZPW^`2rk=m>+rvDjQMxQIJ(lfdzwH
zFPx+XCj>|`s^JY@iu)$ZGzK8&xCt?3icB}@{3f4IwbeJ(7{DP-B_b;#8JQWf?ds$;
zfSQ?L3zM@z<rBbf0$&C_Bi`(%v!<Z|<S+g!s8is6RDK8KL#Rwe^uz1qV6%}X?uop2
z0<ctC%`&r*!(~jCEY}XSS=iQwLm8GWnQ{`^Q#<^_=vNz$ZfIFUK0e(D>51Prg1$y&
zxwQNj@)oFk1>`N1rytEZJ$o=btAGZO5Bw&8f_wvYZvpuSRA!rlS_)f3C!)c{0u$UA
zAfNZqH0`EVvbK7rOrvE^GYbX2f6(BIM!u{`Zqw4z?5|ZveXRyvb7TVfCV-ox6QO0v
zYhgo9PEmI^$XkKGhWVMZ31&D4fCi8cz7a}a__L_|Iw~JSne|PYMq0rTWJ3ei*Ajyt
zId{HLy}^$*{8V}BXv&~2yvac@8A9;7c<@r1G_)+K=Ox4FMhYb6gbcN<wUH_@G5uuL
zVOcTD$`Rh9Aol@pMddxfsk6;^{gFLqNniR4!u;q9Q2ryxvlZzlxmfFtECP@jrrPAd
z8Bkc7c`&ekNG-8}s?%=0mc^1b&S|Yck}~i9qz-`ER&Q8`MZbz*vYP%uluuE4fb#LZ
zKLCz)-QT>}bWSvMBTd|;sQe?ye+Kzy)XkX!4NYcr@T1TKl|eyBfIVeCt;sM*p{5V>
zyEH)j`px!03<~d>MIjpH1uK(b`D(Q<;~-j=#XS0<Wud1r293Ty0P?#a|BZ79W;hRk
zmOuS-DCx&XROSB$ZXa-JwFbyAWu`MnKqH_5w8#-N2DAtU-2{d#<R45TUvrZfSQacp
zk{TGAK6Jhs^n_RzQAjMXOoR3j<O|x~$tlGsC!s(V^4$mgHt@T^6Xz1lwZzU#(ii^+
zbbiDk^WOpTi>Ta$%8*SHFwC?iuyD1|&?b!m3;}A<j4(ggJkq~E+$++i#f;yg`r9-k
zabIZZPb)R@CgWn9<Ybw0H}F>AoxqW^?EqToya5`Zxb;^+dk%_cgZl;4eJ9H3!k|EG
zP7RF&fo3%T+ZgDuoP<S)xU#`rt%yWdT0;(07@&vjBxtlVR0cu*tYWBTWW}LfOP?f`
zM_KpRt7yg_1INw>nBiQwnb{<O7BKt?wD=WN4x{o)kkx5Hkr(XX_h4|tdK(^ikl!?&
zG`~Z$>?9AZ?<4p<jAj^Z%Q|TZ5JoF-_4T^!E?`b*|5h;j^$dP1fX`5#rSU;TPo6I@
z!})Lu{mMS_dg#ppv&!>+@$;3V`1`0FG=)1DpcK$)f+!m=Ho%;t4rY`jrHwLl!!-Am
z=+&#M)d`iB`mNtHlOaiYXtud+5;Q039Pqaw{}Ff}aI)zWocnZsYx7d^!v6v?1@jX-
zQ28N{p9Hzsq#F^RqbbxVlms!bQh<c$0e~b|Pnr2(5;P`;BRw%__AOa<Y69lk;bQRR
zXqFoC%Wcw+>CFkseLTMne1>vA9_Ld#*Q35{sd&K~pjW``&^nOsMtLpBvry+E;5I;O
z4T51R>+dGOs_sW%&VVZ##15J=NhPca12#~x?+N4Nnv;zIMoWvEoI12tk!F4fcn9z<
zRPRDu0p}mgu*`r4C~o?VT0o;9H=y!bRK6QzJkrh)cTPBxDF8?1VF0HdtSWEe53YBA
z1Qx$6e?>Ay3CMuiYiCL`o0>fWTHMD)`zMyBAIMTs`EsR|KL9)iaJDuYEhQ~GpaF^(
zyt#VDt=C7m1eG5F_bOC&qSZkZrq&7v1Dcw~iWd0yw1CNU&cFmyH1WWu8xT*5piTZg
z(Imp?M{43j-YE?0ZJ{L1vQL8i9m?;Z?&I|4PEz!i70j?g09~iz`EP;wp5R!I%6Fmi
zv#2~B+%W!Wrxr-NIDn041+k`1g1{?3NeNmsq!kTmr8k++l=GX?#5qf6Z8=ESUw}La
z{14z=D0hR*qK<RDXwoGue+z<CJny%lKL@kJBdEI;m7hl4OM#6b&ellKzPBL+4jC=n
zMiW}JxL-%ok%SnODbAY6=ld3I(Fl_plLvF%r}9%#ISukT%2mI=29A_ZN%wH)Ihv75
zE29-bDsFsR^+(SEo6z3NQF%4U(@@5fo84Q(a^b*-%gI)FEyZhz%dz+<1Y94Zjj8_l
zbwZNTba75Cs#X~J?EG`UL#X^YxOael9he1h#mag?(uxFhor>qY9S}j?5GvQ8?$y9c
zP}v6FvN=*6CLSz&Sb#U3tBg60wq7QdgLCC1%{$~*Ed#Jy&Tf~eO3tCoIgp^JJBrF@
zfIkF20`4eoPAPgT4$QE^0bQr!hTo@koLNwlR}{xT0vNVJ#jsXctg?iXoe%;_61JiO
z0fH!2B#<wQ7=j@X33doDQUt5m5^yW4LQoqm5ZRPsD}_c7FsK!w;;<BuMGy-SEd6jg
zQ|e3~?%ap_JO6Xey$^Th&OHbAXH@<Hr;+rs<IU5*Y^V?B4Q@Dh^Sd_GfLC9kxeTjC
zgB{yK<1^Ee&X#NzXPaXJG$Al?W|}QB-C#gBsv#EqabY|YAW-J6dm~rrj&{wVnrKGL
zjm!24xQ(`MJLjAzl<=^{<+6tC$Fruh%1M*EmjKc>)uB!yu`YhhzlFyz25hx{hc<I;
zS)GGQ)2Z0q6ti~b&z@69jowfd)zU9rCKWpSwJpay%8n|#>{WA5jR9Uy)>}MQE6kXy
zvqHqc-x!TBd$0Hp*2*_iMpK5~70jx4Mm_&yEb<mxq1J_ulg+x9(&Oo;!)y>593xss
zsC%>0tnY&LLjJ97wD=c`Q=aUVxA=aqc23e`2eU^x{oKq{bCR?vq;%ds|IAM-cl&7#
z8pD^$Zm0}fD_5{OJl|FXyuPFFtMD0gZ52zu@OeS}tsgav+3%9kxKH8jY~6R6zfpdo
zlH$Ir)=8pn;26l>wK_VxBL<C=Ou`F*=qc*3%l3mkQbqXD!8GS0>n&V?(ZVhU^g+I>
zp#7WaeL2hny+-;Jy~^s4`8h<-D}@+Hl20hLBX||gN1M;U4rw=Tk);C~ub&-l;@D=0
zJBH>R$&xUjDY)%TIxN|V*W!NariH933;HO{shAN?W(mkVqAlfoMB6qou|X27T|cMU
ztZOw87hIg0uPr}rzC`Nq))vzjPTLtwCMH>!D?h*DXjb}?;q`hD;}(^2!_tB!*@P@A
zpWmZ;(t8kIV<9{1a7ViItJUo6i0WW$e7tJT=)S&EBAgg>btuX7%2hp)LKi3kc}UAf
z=ez<OWjhq6H9R;h34=jFnx#jeD$w`J+UZX-oAT)59UULFD&@~k;@H{sQISJ>m-aM`
z!hO^}Df-^<rJ4s&#Xd}2I?v1Rrndx5Qhm?R`>O0!-x{ywtPROUq&L3u({(Uzoy&7{
zTKsCte-z13pewcuHzHrsC)!`!=p^2kSfv7N@7n>p30vzvcCK>EeTcAg%z%e#43H&o
z4GyY-_M-KA=XQ3P&;;shMQKhCQr{K=btSnje^su;0q2T=PZ2fNtWC&eio%IHqo9CL
zhlUs(vug7c;OvM?SLdU91?us57P=cYq*PVOJIjTzV|py_$(E=cr<!a>?DH!SGl;NG
z^ricuk8rO?;P~T)u>O!XGu!B%CO_r=0Lhm<%)YN9E=W8(iVen>kx~H_G)=xn%?_1B
zBmCq=!@DVkxYHW`H0iKztY2tfS5{}4&~(IdH0vImGUM!qUWA!QJ#$on29;&*d2*sW
z*C2u2CCpp8T_xaAma7}4W-W}1GfWY+K0Rui9v@JT1$EM}`y{kpSN6Sp3ikA*3Tma1
zanTnvWtFS&Iz|yL7yXo5-4D2O_sB|<142DAh4P1WaC)kxEP!g`;=>nSRpH^CCJve6
z4aJ^HW@B5!)Wj<Msx){A8ClQ@^%U7I^4lk3F-0IbP6$F1fWzQ0t{9Rl9?QUD$v6y|
zKy<-i$QTT~)G+@)27CeZ+?@LV1}X1qKZ6YX*E}Q%*dj4g2m*n8CI<{+a(Hp^c0`mr
zisb5Hhr?hAt{690EY2<zOSI#PM2TcHS}Yc$cxyB?AQ~kQat5-eAwj@$O_9M(=EsuB
zzJj=9KA0dPlj#te1YoOHo6#RI?|qWVT#(1%iU6z!&IAyifEbH)I{z?{JeG*NhN!RG
z>p_UsIwXk42SurgAn-mabYcR>yJm0j2RcCvhyt)~9wd@Gjzl2F`2HY+5R-K};XDZl
zU}&_0@|{!A(%yAT5n+J<n|B0+(ns?XL`MW1G@F^iixVUyq5nM?bZjihjKkpA1Of@q
qX5v8{iwVZEm?XSAi4e;quu+f&3W~3QY2O5S00RAjeHFBr%)bF2w-mbo

literal 0
HcmV?d00001

diff --git a/login/apps/login/public/favicon/browserconfig.xml b/login/apps/login/public/favicon/browserconfig.xml
new file mode 100644
index 0000000000..75efb24254
--- /dev/null
+++ b/login/apps/login/public/favicon/browserconfig.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<browserconfig>
+    <msapplication>
+        <tile>
+            <square150x150logo src="/static/favicons/mstile-150x150.png"/>
+            <TileColor>#000000</TileColor>
+        </tile>
+    </msapplication>
+</browserconfig>
diff --git a/login/apps/login/public/favicon/favicon-16x16.png b/login/apps/login/public/favicon/favicon-16x16.png
new file mode 100644
index 0000000000000000000000000000000000000000..4f45702ca9479bc35c6aeac617199db27bfad7c9
GIT binary patch
literal 1551
zcmZ{i4Nz276oBsnqJRhjDk>RfIw~#i?XtkKVZ^%VlI#l03OQ)(54+2zz`FZZ0?8;N
z`BN}a971FiHI+<DEv=crDVqwNkPuWFOHKSi{-#1@Ij6hm6gtzLx$nO7?svX(-g~zs
zQMuIHbA~4&#5-OtQ_<DeIVZT%>wLaXGF{wEv5Htij#qd&wBu;Zv#FL!$<YfzcW4l-
zm#Y+n<j*6d@O?ra(MN^139++;+|>{w*+s}SOYNDYXhK}3Cnl)lD1cksFl`l9(HmDx
zw4l<CTU}uBW>nb0Wf&G0Lu?tiJ_3ReUJtGhv4V%C9#}LP3uj{fT;y2Hibj(hHELX$
zj$3(H=8l^uVcKd`n@4RtEO*CZZ<KEYX(?6`EE|uTy&<{^MEkJRlfq6jdkBmCV8KbM
zg*nZbKMy$pHG}VUG|IuN$LUX74IX{q{wHQ6jLL1`HUusXTyA|V2e${nb2xjZa_Xco
z1$ZM6xtsc7;Yn(Spca_gNww7JRJ}VLH@t{;2D2q-l%X~WIR@9fhNT6l)#C~iDsA|t
z91qvwty`G=4l171!b7$AU<gM>uw);`6~N0o@X&6g<4zx1>)_R5X9G+lZrBg8B{2UB
z?C!<<24IfB3ukE$IPAc>uOXoVgnNL01cENmt}t^6?%jbyLkNHae`9+$9&U%XzK6Ib
zm_xJ9!<5UYSK)?@Sl@`>Uc{UC@!>GG3_$2b2<QZ#o0x3Ggmt*A5K^jP-3hE|#qaLm
z?FZ-p{A&c1H(=rokd}a?3iyYCIStYlFkQo%en{yB_db|$9{f6CV*gCFKhVRG!l{(b
zQ}^^3C*Aw|u;W&v(j%bc-ayTB{s-XnEY~8~?XjqPFs1s`rQZJjOTE>noYCmxQQ$HA
zZ|<Uo4ms8Gbjy~?ES+R6M*|Owe5H*LFMsFck($~-3XphNtU9nwuhD1%0{o^<p5k9!
zS*6p_(70{qHgB(r;_}j++fy|Ly(U$yn&eecQof~Zxm=y}hbA$(gA8o{Fj>`hF-&wa
z@Pxg|(bCvc+f^RDdXf9vY)s6N`ePr9KW+G>u-W$<6Ec1<q&%>EPLt!uh4lsYI0b)`
z$FB6$Yn2_H>ZG==vzjYcF1?ZXbL-{yU)!#B#59*T7hG@nA^CtZgm^0V2y8pYZQ9@7
z6J_f@pMK2JdVTJ)>Xld7&MTJ>GU=^fTHEi2uj%+C*OKuYXI;<x=o{^gM#a(WRTI0S
zduP?{pAtUeZ_LXZ?jPih{M2`^`+48MfFQrS^P8Foku6Be6c3(r&<`}1i+i2R&~gTe
z-fEx=5wb#-&x-kB0<}OO5wa3dL<q}DSay89SLIU)SveVIW8VKKtRMOOC7Q6rS;3ZL
z<Z`uE1BuVlnhXl9$*f-!91$8BD&|K83t54P&xZ2_!r&x9L~tg@StJaTo0}VIcG7fG
zIyA>>>iXb56_P-wQJrbe(n%z;9KAiukj+UXi4?UF!9o0rd4?ISDUoCv%%)6^2%>~O
z#9Bm|X=6N3m{fBHm+3^>8fQ<S$n-IY!klH`@+<~2+7)BTHpP6FqI|}qP*aKs!lT6E
zNTFC1p^+WmK@p!Zo@8^rfv{3()!tWn=vK;@tre<xVl=Nc(AQ_OvbnW6CdQ~;Z`S8z
z+nE1;45QN-w0c%(6p6%PMs1iun4vZ3GPL5bNU=z#6&XWmMkwvCN;~@utw7@Al(M5z
H&3pd<%Q?MT

literal 0
HcmV?d00001

diff --git a/login/apps/login/public/favicon/favicon-32x32.png b/login/apps/login/public/favicon/favicon-32x32.png
new file mode 100644
index 0000000000000000000000000000000000000000..a598da05ebaac026fa3c1ca01fcf3accc4efe813
GIT binary patch
literal 2050
zcmZ{k2~gA57Kd*@LSzY>hQ&e>6sSs80wEE>U}O=45RpYwHGypGny_0ogGAK&EGP((
zts>T11VKS|NB}K}P<gIUg;o|pffjj4(Y!yMH}ia*d2{F7GxwbD{LZ;^XYMIKUr&7<
z3mpJ}zPA^X4SCF}A>hz1NlspX+!`T+#Q>n@obC!&3p&FjY)^Mk)&IrRDjDj<W&x0F
z3qZOIfMqC@J_$e^5r8*G0H7BDU>d7v^ml<0aGsAR6R1~LX-j1;6j>YV6(RvZ*JRaT
zpip53fL5G0lMxWCJewaPy1Z*$Pud?}J4kYeuY?rhPhE}T)y3DaDB-)h&R#@CeN`>*
zvg^vuas5)hgjr(W&}DGY0jdg}E!GG8bOLkO>o}s@LqGZ)2*2UTs_?FTaA|(D$@^W)
z-Ip!q4SmBOF21A*KS{=q=jh;E4r<lxI};Q)_TE;-IaLs^l49;yk#uU5^0&%oO8LmS
zr+W>X(68-=BDVFm9<Int2^}am>*eH}o9&o>FP~!G@X(X9Qt>g0K5fPJjIdVsKBQvg
z?C&PwJx#S#%tCj1N%oV2^UJO(`z`4?upof@V($h=c`X{dNVEQ6DfCCT<wfsEw3;(A
z3^W?6oKME}cdy4JsZWnzeRtc<dhsag)2-8OjegteA5t*QpaFr1Kn(UKO2lKY?OhV!
z*D@QBCplBoymQz^E^1}v=;W;J^Y?4OVBTh57}o}yOj_^yPt%s+gALIeBcJNI=FTRi
zUO{P*9%la<RMpe7G@VkZk7zL}wOBjv)I8<=et3P>lS^w7M?4y$bfy2=5hbybHX7V-
z&=;2Q>Qc4(ZQ-&*`X=Uc^B?7{wCyup#V-^S^_%A2SQNOSQE}}u{D9ZJG>=GAo)x#Q
z^{2!0wnoM~?R!mbS0bvGf@YHLIE8qGmcDMzOxgK;g=7)$UWXzv?_X)%FlbtlJ(7p`
z6PGo2Ki*$k^=zd&-#7*(tS8bd4`|{NYmtNNhl-1~YHORtzrr!fcW)C~y0!-X`hc}G
z`R(uFB{s)r8HqvzF4JcD%Wn>i-ihp-{=u>QX3zASa+SYE^j78JkC_8*dRT`?8SKX0
zdeyk4MAY2b+UzC@)|8NachAOgmu5Vy{(=@&ORX44!)w=16+ax>f5Kx==o|V2oljkq
zX3o=nNWx`3>F#8lrh0sbhWby=F=XC0yG{IG4qB@e_@YBT9bL-y5ci#$0Z%$)8Km3=
zw&0`Cj6cxOx3>9RVPhHlDQpbk^dn=W+5)N8_3Sr9B0Kk1jxL#<>Gq~0X|PI*ioFr4
zmHn8`h{yTa6X@S0*UNs;Z+z}o4|jIdXe-W8DrF`8oe9d=9G8tb7w=D_$Lvz*5%U7g
zev9U;2Gp|ls~Ot807e|VT%N<)e9f`?3bJvc{4tKnx1TXDL?+dEG^Yk_6i|7K8wL8j
zSM4R$Hx0@yL>%DryetmO8Ae{l4fy4@Z@C@Z;dpky1@zc{=U1(zjTodBj*jOR41Og)
zbRrl5uO?b4PpMx`!sgNp`_2vA0?!ZnpPo=&51bUqZg^A6ahkp3?PW%#!KKT8sDKS-
ze7h>rqwkhRO`>kFJ24iY`4T>wk9D6s5ou|EN&7A9S_NxhyXo_AOm00Vkm0E>-{i{@
zwquVkxDv0Q*E=($K53b18B@%NRJ5^lz8O+55;af2KAFo}cCLvtE)3_2P3oSMHNGj`
zsyne^XuYGX&sneNH=3|x+EO;@6X2EebL>Q*Un?v>Nt2YYN9n`A#lCR#-7>R^YA$-v
z`IG%n$kIT^4uwhahYZ6J&Cw_Kikhz{KKib7g{=5mvnD93PWe5PyxISxUH6`XO{TK@
z#{COM<tf;i?g;CEL;GDW+MIc8$?V(7=&R?CiYpF$3e-gf*rHR{q20V5o!`6^M!(cw
zO^x<U(m!wSIpd@lkv$cmDi18@vo+L6w3~-~5$u~YhwpJpd%v~xxC3vt>zTG;Q^QOL
z+mB|-K{FR#$d-2Hx#g`Z%epsoW-R3w4Tq~{539PLJ&?Cp3JHq&qjZyZlBtgl%(QfB
zihrt$aZ%x5uT$IDKDnZEf1LF=Tm`|sMk$QZiMzCu1+zxA1~=P0W?b`1<lVLWmuk16
z7bPN?nbmFRSGJMv3YLa(rF?qmF+St~nMfw$h|V|%QUHlWCll!ur>#UHok-L!)&0l+
z6hy^@i3Lgjzaai&tvyuWvD!frBakL=kMV(b6j#V+afRa02#gb+ig(7*Fk~W$f+ITO
zNMwvZ$q6HpN@M8+LPA0UUc5>}2GRJKW5VH+Zy`ZowyGE)ii_gW>CBkWxF~+Kluq}9
zPzfMas+$OZWB%$%r;GSvp-2iyG_nCWmIX1UpXvOE2@;1%MXSi88(0K{n16<_#8G@{
zQY;_*H5DN?TIhBw(D!dTtN@4tBuARFGnMR2aXP}Rxd0&spXuxqC-VW(-94||bp}cW
zewNzL_67oRBp<pyAu3uL86zYJxbfo9m}m*%zYjy;@%Y?OB3VG8I6DZq4t#PLm(L61
hIy+FEDLgJkfQKsZ(0qAZY$MbGc<=IMR=FR^{5Qy5U#0*6

literal 0
HcmV?d00001

diff --git a/login/apps/login/public/favicon/favicon.ico b/login/apps/login/public/favicon/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..af98450595e8b8efd9e505cddc5ed705b665a4d8
GIT binary patch
literal 15086
zcmdU$XN*<H702)H0t+@}>0PW5y#)gXL_h{3FkJ#<n(5ex76J+I1p+HTAPgVyg6Ksw
z84!pfge5T96#+}2&_7TO8;HPJ5lT#1Ij|?^H@tbd@A{Sd-rHR#Bb|5eojK)yXXehF
zIWy03Qk*oWZCgjLna<wEj?>X`oXpI?bB5#G)w~S7Qa+`W<1AB#X3C=?&UhvAO=|S+
zQpCR%R9`2h-z)7_x}fw(>6KDpfVd}*GI-!c2H9UDrKwS>=#NU@Ddj7@Q4*g7FEYrY
z16}AW?v$zq+9+i!-B+T1{bG*9hmHqIUn`*-8^w`osM0?vVJi}rWb@IzKnYt#l~PpE
zZ<TVD-YO-FF{*rOYU<lkrAp<bq@-XI+sPyy4V<w`#aZXU_eo1jlPXoJNTo`Zq)eGI
z5A+?d4TeNgX%+f|(sQMtjpDl3dY8I&>q^t6O{HGFdQ!P^WzlxPHW<JXPvV`Cd!bb9
z*s%fTu3fuIhYlU2dGqE{ty(qF`o}gHz!Fb8&~7DC?`lVC)~qQ52M&}00|v+^pL`-M
zTehVCxa$opVDgi?DidR)TfW%tD^{#1pMCb3eDTE>GIHcd>D{}x={sTUg9&WW6602m
zQnBH6>!yx}4jn2B7A%n2vuDesNt2{;<Hpf!gDu+F%J^RBwozR7^zA-<`pD|lt7XNC
z6|!*QLeqB`gQD038yLf--)Lru^_!1A`bf5I+a^19?2z^A*UOh*ekt$2|9&*=whWA5
zb*EH)_*%*G6zlba4?ZxsPn<X*hYlT*l`B_D{rdIeu?bc%+tgfd;;Q=*BSy%^jT>dd
zh7B@$^l0C<Gcqz{-MV#h_3Bmm{`>Fc@ZrPKrArsz@`@AQzbS#)CVarSbb!I8ty{PH
zk}X}jv}9#v$)iV)<cA-Akjs}Zn{Sr6D_;A`4`vcRIDTwgIugN8J3W8?Twc9;C66CJ
zmNjeENcr;R<Ff0*31+afj`)Ww-<Q64@ptOfN$%dgYn#mU9lnEj?Yj8EY}ZY1T=~9q
z#)BWfCMPE+i2dQihi0sd*QSRb%y!M^3$t6^FaC1n%9(H6f~W6HojTR{HuQVO`vm(x
zn0G6&CM_2H%uzFE&Xj_J0t;W(u3al-%a%3%4Zbpj4-xRy;>Gb-#m>4qUO6)cT2PV3
zpI*Is$&Ww&XxZfC$&*s6RxM+zLWK&_s8J(BjQt6=fsGRsIez?@ix)2jvEROZTiUm8
zAGA}oYE|jjv7_)^<8Q|B8-jA4x_+h43HdwG`akQZ{rmR^u|IqEOoj~`7J{KpojS(<
z>D#xjnZI<c5>oEL8L15HMT(z#WR80C=8eJ6m1l4LW@cu}s8OTj^Upsw@4?*W6SJES
z?6iS9&)0pV`lp_$Z=3e*+h^9ZUK>rCG?5uIW|;4L`0(N0^@=YH0qjNg{kCh@PHx@0
zWueQ33l}2#^Q~LAHa;_LgYTK1p6(a3o6pAd+<Ct4-Sxj^%NDZ+#GkYYABXYBTkrOn
zZyDb|J3CwE%$Z}xR9hCum9d{WAflZ}Wp4btckebh3JVJj{MWBvo4yfkOvmTkxpSxN
z*|SF$FJ3I~z4u<+7y{UtgOl<f7~@~OcwwvF%ni)Dk=~vB?%lh~v17;N+i$-$?cj6m
z;?`;Xhot?tAaK1ob?TJVu3g)0C+t1zbo~Ew=g!IY?b{RaL#_XowEt}J-??+g#BZY2
zyDcMLa^uDgLFVAWgTj1l%Y0tHQ$Dbhl3KrjAHSaXhwAc0#7v$(eJVfw^po*T@qzrx
z2KemyMIX&tj5V2W9d`Z5cgz}c^5n@9&m2UYjj;!RZtmQ<66<^MU}LT8UO$%T`rU)Y
zcb&Q9yz6%@GBJs`*6=QUiC{=n28`bL3HV7R7Qa$kiQvcIi4?yAe@&$vr9^a>gv_56
zTeSG07MmF9|6)G^Q&#}`NMn_Um~~0isUI6)0h8ZU;`<j0EYf?}{fjie-~)Umx_=Y_
zKlPr-{*irE+JSZ}k^MWh<8A|NVjB#}q!QgfRiJN`a+Qi=|5Vik6XO<RZ*jH-y0H;!
zj8v9{QmRU^$ItwYtwJStn<sLQ4#vi8rQ$q4pz4DuP4E66&u;`@z;%NUZsWkLMOl;D
zxEOT{5#z9HZFpGoA!Ge_y-h5M<fV(YdXNenrvcB;9H$c3Ts_#rHA@d8aK()N0LoeP
zZsF;C>^Lf>f{vqND)`@P9?$9TK1fc;<nrvgX7Q{eg!f8zQKl@Eg|U-Mz6+0i&LdxO
zd*8>tCyQ6!+t!2dtUtke$_><;tw&q0@ECem?{wl!rS3|>b6OetkXT}@W?k_+rGrYh
zl>Vi}m<VxC9%VC>;6*0c#P>*l+@N$%>EBBFmQe{Fc#%OC9f_nmD)f~S=dohhj8vYl
zv6`=x&=pVWsLX#+q8mig9W$TUxvt*}bzk7L-lNk`>Y+?Gm163T#zTyXvm=~)sb0N0
zaaweuJ6Zx`(zaEHG-%L3KK=Al6T>DZPhLQGq<Wx@P6zlbe?nK{MB~PdlkwxnOWU?>
zy?Yqg@b-sP&7-d+WX~-}jDPy{>9TCuG9i8(A^wLgY}(XWZ-_f3WuJ2&?4j-5yH}Ph
zSrTpU9$VNX@qMmWifEgC6yB+S|Ng&-_q*kY6P-PKR*oJ$D&4wui>NOkgH3F=P`Ve$
z3oFArk%&op&JP9oiCbR3eqHX}yJupw-hGKM`tJs8Gp0rz*J9ak*s!6TKY!j}B<@Qe
z2xHHihfO=4d&@$equD1uh)vR!D_5jhvt}W(F>o+n#QfeP*=Ky4KYza26Uxue7xt`(
zwGs1UFEoa2%CXJd6_q!V{lS9=%abQh<maD%Hs_oe^J>(nAuU?8F#8U%^agA*f5vUU
zO`A5Rzftd-H*XGp=j=}sgJvHomR>El^LJEU_xn@7oB=$3{5YoN^y$-PoVT`!UrwAj
z(d>cRyeL=eJNUAXP0n?!TD8j9&dbY_&Ye4l$oA~n)9gP*+v9QJq3wP5KkQGLGDTj#
zd};PI#*Q5uVjI0fh76HSn>LxVdoDY_;0u&tn{OaexyiTnfB*h{;fw|QLCcpf4;xpW
zFkyme8_o^J(yQeMlzfjrrqcE2$dM!Fd_g$<vu4dQXQ0?S3s>&SWBkEa^gaG!|Jt={
z=KFH#39++i(IT_Yx^(H%ko++GcKr1<|Ih~0rcI04uj!BQ`Z)V#=O2Y;=E9`s-!ShO
zsSe!pFZPSf|L}>y>wkcu$o#Ju7{d8q*e4a4|Eapd)ji*PB>xlpq$2UZRgc#`wqyC<
z*e8K8>Gg-|00V0nbj5maWeG|22l`3AlJ{NwJ|l|`ufMHXz7k^tYsg<?{pki6&-$D3
zyt$IE^|w5$B$AaP+DMBu_V96mMq3Ci<Y|;5SN&rsOG5~joEXXSam@|L=cz7qq8l67
z!X~zfQxKNOR0_r^Vk6fGiqltVuhQR@m`fn;$)gOOaH*DNW-C2a3fqs=uY9WOrfl_f
z;B_aSk0^zeBOf0Sf1GnjdJnJFQAY2v8&Q_BR;^mem@#9Fj}_oW23g+epMgB{Uw{uk
z{E+{W1oh$jarV`-_CW^OZ>%g=)+?N8;M_9LtdS2KI3UcQZk+)cWFG|X4L^R?nKNgM
zJp7#1#y{fx7<J(04am|y!F;zoYh}(9u~z2nA7>Zcyn1ijH<*t+zGuIF{p8Z6OUCbF
zJuqm{AfqFUd<gy?J$lH^n>USJ))2_z+s>OeFWelDY)Ji4$N2uccI^tDkzj4ezJD0s
z6WNgVqu%*n4eJGq6%4dL{<Y21t8G7D{l_I|b=dx+MW!!C?Y|y*cmGA66!ZI09=<K?
o+P<&1At_y-s1M)YZ$Sgc$y2FZ9g(wA-cg7~*MlvG7a3&#0|$9^=Kufz

literal 0
HcmV?d00001

diff --git a/login/apps/login/public/favicon/mstile-150x150.png b/login/apps/login/public/favicon/mstile-150x150.png
new file mode 100644
index 0000000000000000000000000000000000000000..ab518480e61be1a08fec9d736f64593926abe563
GIT binary patch
literal 13206
zcmZ|01yCGK*fqM#;_gmxTii8hupn7raYC@gEm&|C4-$NFhmeIpa1XFR2xQUV8c6V<
zA-Lt|{pwcT@BUS{rh2-%`#h(gd8Vs-y828!L{EbVpB^6o01#<uJ~MdCv;IrC*pGL4
z;Ok$H8K$GMt}+17kV0^0gY{Sj`WR@a06vW~?mZS*>@*E@0e~Pb0015h0NgxQ!FK@w
zKVbmiw>1DDn*#vQcolT&%Re??+iGh(1N{5%D(U`^@mPcBrD^5^01#08mw<r00$Kn-
z1W)UkGBjZ6urM$aW)ym?*c*CWTlKNCx+|z+$D^c_fs|F;1)vtWU4@+BCeM%`v%oX^
zbd`=c_pRk{$aVacn!}R1m#amQp7Zu9i9;Ijg56fUHI|hX7oFq_diutML}KM{aCm`S
zLDPiiv5&_KqjyIwF0-{3J4H>G$Cs;XYnPYHw?*uq;rU@+%G*K_&rn*0Ux>;_HCEZY
zK9m+<H<BYHSVkab@J{_yeJD1>x#SaYMt>eNR~<&bi5t%dXd^*9Wtk{F;!XXaWzW#=
zjyzCWj2p(Be#cu7DGLE&UYB<{EbDMrd~<uV9w2pp_<fWa<2lHl(H<+_0>>MBST@y&
zqY-0;4Z2+_iff>%HZ{>PBl#PEvlJ#!`}g^!gr3DQuVy5gY=-F>OzL-Qg#0`722vj5
zl=gQ|3R*AyhU^*Z>k^607e_hnf0^3+(I9O_`MPrzO&|*~ErxO0u*|w3ret{|HUhT(
zRf(R-tAeGBfR;esJ(hJyGS}51ndI)>Xh|dUVf~USvJ0oZ_{-A>H0F|1<-Fz)d-%ik
zqU5oDn<2I7jhyPblZ^0d2m{b8sxvWSL}^@`PHVe-Y8b=;DqC4oNX4)=od5l7`+i*}
zbh7pKzyTr!luzu$QR-1=dlk1-jyzIz9lLPcwEHK$ynWPB=#84%zhS9r=~9HFWm5%^
zmdWTWN=w4X3~AHPm*v)}3B>{+j}yy;PAzC_>CrOFE9GnKb`8zn6g;WYn{^6e%iDD;
zdU)1*e(#Rl-iS>eSO6^FqN!N2OB-dVmMI7HaiOf-*|CG^Co~vFyG@H5oyAXaPle-e
z>4&o+i_h66ly&9G{#CvhYqcnI9|wITsQwaRk%Z=C@qD(WVUcUeeylURoA;!@7+761
zKrt_o9klZTA5}v8!0(m#eO~9^EGNo;#$9c-78ybZW6<i3$JM!Dm0A;D78G4Bz{;{Z
zUV@XS-#D{mM_ERBiwsNuwq#|bqGkI6rR*b{(&GZC%nLUTv5X+#GHc9gt6}R;W<u!^
z%VeRE4(0K(n-t+<%SYg589e@bO`^)%Qjr!y1RvzmAvL?av1Fe|9&$ZigCG62JZim$
z)+4HPzWo!)352@(2rz6svl@v$bh_7qAYR;^yLAc7Zxhy^u^&Rja2cN{uf9huD+y}A
z;t$)&an3XEJKmPF)7jQ5QmY2S_pa$XE-%ZD_EBq*T~R+@b}e)fl5TGI=D5EZC$io<
zXBwDSo&W{Pfjt3ch1C3ZKlvy`!D0w34pr#wPLgcF@at02z|35ihwdGNZEt4wv|8uy
zRGWt3k{=Zc{T}U!odDA#`ho1jEy#jtUfXoCA%${|CzEJ22CK~{75SQ2Mk{RN_~Pke
z9#WYXXXbdnAKleOhNP!`8(L6|UODA%+MYK98KVsVQ#hX~uVkQBiJe%8e!abe<H2vG
z6XYb>h~Loe=mq?FKE{kfdk>7wV*P8MRH3vP;?l^F?G(Mva7QfDmyib1P5RU~CEmo~
zPczQe6Bh<?6gWmaw~2*Kq950t!E80T*Gas)d=Xb7P=(~qe6P6PiBa5BlHPEG(2%K!
z_fohV($QlmIpt64FdMHu(0n!Pb?hgkVYR5ni;@JFqV#>`K;@RuC!N-OeBqR?ffUFP
zpr2HwpKxy4#E+|f%&Z>(B}K3a;25JL(^ose-5O<I>0})Drl@g7VI=m6G)3a-aMO#{
z6r<dR59fm@+DJZ}#f_Jd=unpV@|A=+uFbjqSJJ2{28$*VCQu+BxEIsyz#)XQ6Itzb
zQD}*)8ao|C6b}0-fgAKTa_n~;A_q!5Ad@dobov1qQc%@*IOCAItPtV?()Pr30C10J
zsjju4(p`wFNc(GUQjM{mkK`JWN7Ew9bjW`*K=T+CGO}WAqB^GSF3L|Y*FV|)YSy3)
zd2+qtS)BLi1iT9SOt&}!-4)SR=22ny*_t}*J5*~}U!?w-5){GuJXZ<)*|Xlx>rgnO
zfMdKz-O1qET0GZWX_aGm2Xf6)eVKN~eHwFFZ2rgvP*WOL3lIX=fv|t+umnPk$bMrH
z**fQ%QhiprYAUcmv#A5y60Cmj(X-aa9DqwiqdMy%KQq^^zU$<Yg@^o^PyYCCpPLZM
zf=g5OnPh90#V`0Ib7H$F2Q4c9#}4glVRjKeYtmWle#vUu(srZ!x&R@L_?LGlohs`k
z0|p^`NX|y8GsZUFMQn_l2B{Jlpa)T&rKiuQx;Kl6;VT9jlc<Qr9p((vrbY8gGJM`%
zI%>NlW7gY|a~dzARC*n$fqTA%N{(_O-6SvtR87AFXC;{Gh^0zmm8tjjir0GbJ>?T5
zV~Hi^sq$1IUJH-cD8B%u0fw8MLwb=R?)}7K2?hf+EKM@=lsmU)9%sEjyWeaF_URB~
z<6C4AYT-^H5KsF<_}A!NJyES*5*B8aRm9u53_eBiOZY5)c<S&qOK<$CH|acG#RTT}
zDHWv;l#SBaQl>n2X6s)7#k0MP+SfItS8h8iO5G%_mKdHl&eF#!PG>vw3O;rxO3CF@
z90U<OnN_V}P%NWBvfn>641#4K+MlEqa(}%BK91U%EI`5P6jafeFuYXwXYcWcF=J_b
z=loVxrarHTpB0VX(Stl#aSTJVx9erv>*t;koZ2>9F0@6=Bzp}9LPM=qn#nOIk=@H1
zq>wb@=s;%l;0$rb=hFpO%ON33$>LW;ci>^yPL-#|cfPSvOX5#(X+%(89K3>&)KP=g
zzn;OjqlQVM&J`BCc|ZT8H~lPr*gplU56E4;1arnf0xO|3)Q4p<4wP}|5y&->L#(9O
zqT(&eB?hI25-LAkgV0wJ;}T1=g~`Q^(AT+J6W-g^7vOO;070+goDQ0DFX`V=LQP(-
zVo{-nLrhz^sQ%E~c9ZTlQA8d6t6pdym?54$8+uDiyoq2rF7<SAKTX(oATbqy5CQ*z
z5XHb;6I>#uuTCJ&Z6rQDTku1{AAX2E$^ke(W$<v_R60v}T{N&C>h=A7?MWNIXMGUU
z+^4vnu<~AOjBJ2r4W9K}cjvuf(`H%({5c5m5C1d~6>xgGrg;6hNMc3P5AQ<)xrZ?<
z#2u8Wr_>Y-)skzyi6{b$X^Cb_<ORw~!|biNG0q=sul_Dq8wrOizy52h(^hrfBe4yL
zGB52$?H2kFmYqs^DdNedTKfC0%Tj+OCtr*_6-<>-W@Qw8?tD1p?QLvvRmwuTjr;jk
zs~#O1dB^!d@`^sReycIFN~HvYmN{<PIAG%=ZM6@}AGgWeq}q-2yFV_XEmY5$kQUKs
zp;F8EU45HPq(Y_#w*%G52n$V4ay1VdU+v)5vw+<kczxTM2I(2+eLb2P4DocWmKsvV
z5*7yR&#Bbvc?`S)w!<=5)4v4p*TjV39Ax6G?jb)XR<!b7e@{twd)SS~GA4jVv3TMH
z3V_dl!Nr<*vi!`FC<(%iiL}^vNSv#!@vVT+jtTO4sPV^nn=yJ?#>i-LFS*-$r#^8K
zN{L(dm~RJb&5Qdm<Q>MYw4H%Ms~yldk^Yrhr$%Ve7}S1uLC7ukH}q?uxWfUt9hTz0
zOa}SDP<jG55A8CN)mJviTOUcGln`n(V2pWVYz_WL&&dbaJH`f^L|N*puy<T-aATX^
zkm1D3fe>%X8qt))W~?sbY;3F}j+wZ~=Mgl)iupg48+LauOT|7WoxJh$e2ghW3>BX_
zEY8$atl##7;-Os$YLm-wP^J60&T`i>8a=`8&8k%^>TZOc6;?qkOn65*%(-W7*cz2P
z&JnTjQbv4GB_BAvB0`E&k^K~F{-81RJlT~-@nfuFFA-6Hp3&Z^o-k#nSNJF=cpd{v
zXQ+0tM^oG7FGsVrgM1;N(|Wh{2g^7J>kaSli}cD0W&CmHR8dF_+<ve1;$H?opTSdK
z^>ajB6@N*ZS>>L{-B!(!^(;Ou-Cpd#LIwVBG=F)7gKBy1WOPD(MCw9|29uvBN7_fy
zS|fT}MAR8O5gdkULDmT2`l!ST_vbNFkD#%7l;ujwaHU7yvJTKSJ!LFf*73{yp8%tN
zsr|@Vz7STT<a<hK%&h_##HNV&yK^r_d}L1ECepE6X@_IXM^F=Csb+qfy^_Q$V2$0M
zMUp^D%inpC`^{dJ&5a(+?{K^RuJlK>A=A6c#-&Jo(~g4iQ@wgZ2yykCU`%^Reg7+B
z>G7+=Sr1~U6`>`Fkdr3l*8+S{hZ&X2<Ea4?S2Rs15tcycYw%8MFA|QA!jtB?+QnF#
zDAZNwTNt&$GeVu1R^jL0oxvZ^FZ-7M3$U_ibbr9>QFB0gDZ~9No*~liYH;g5^#|Z;
z40(t9MXE3h^igv9MV@z0yEJ>vN!ER_RBAsz9<2ypf0_!FOwBSOz7Tv`tPF9#r8HYC
zI{ODVJj|j?bk>Y|I>)s%HQ(2WJg<g`f1PW*H5^G>(@3`Rf~BQlGxEg~ruwr^1&9nz
z0BG1+N*;o#hU>+8NI^c^ezz7sBo8CZ05xmuz*L?Nee!MU-Jp87YxO1Lx3E0WAh)hw
z+4PNo(X-zTrbkHb%Jzz7RFleL&CEgqiNF@AdXCi~?eIG0Dg0X_q#N7o+{0Fwb5Q)W
zEX^OrA06rrlGpq+wJaIMv!(TBX2@6mAp^y0v2oU`&q;fe9lk|;y3b6iOo&7WKAgG)
zn5}1Jg?KBxia|?ojJ~is+xr1mv%}A9f&{YfP1DKmIFJ@jiyAv*0b^Ul?Wp$}DXk>M
z1U6vfWR@Cd$(~KG{dabLQDB1Mc~L|kOT$^@on=Q0FHCgPnE4v)->bn}YV3JvZJ8?C
z_Ch4UG}8;y?Dds5^elDCTL+9~s{M=@>$rr%?UOFwJ%`_N#z3hi>9^;yFN)3>cV!y#
z(4K7dE_D2iBQ%I6mSf>IKKyf1!`#y^0fmX!S#DkpuKcR2`8ig?26U!3T_Bc5YCn^R
zv)rGYe|Bd^pOw@{dOC!&F1@3Is+LXLO*4u)oaN0POCqZe45Y2xf8J4A#t4PC6C!y$
zrV>S{D3z&dHellK>nuuXjXE!CBR*pw{$}_nS`eA;ou%?cjD`7074%($&QNcG(cqfd
zZ<hQ(2Hdz(egjqP?Jt>>)y<_q(_RdhcYuMmEGPWLEi2z)j8gFdAF6v&@Lsc9LAxLF
zPI}jxxBhHE6>fol`U)atX`c(JWe>JYDLI|6gC)`fHF@qFxTC6Gu6!d25BoT8edtYF
zl)ZQe$DvK!61Zr9lWAKv`c>z65O82?GPj$QH3}|<STLHl(?P;8-DhiMSvf>0@PG2L
zWHk{>OuJ%WC(ue%w2b0+9+P&Ch}S79bH;!Vn+NNCOSAp7d&)c--ws*J{JZiO^=+hj
zC>yconv^O%dY}4Al^=tzYK%Qpa4g+Y5`kHeyI&zO{dt3YLbyXu1F*Lr@i+-N`1&)R
ztKYz;K7LYYSbT*r_T0QFCJ0wnZ~P(UX1XO0y()g`TS#&WhEj7lz9}}&0%e5-U^cgM
zt;+1u{~5Q)+)uo16qo+UG~D}2eJmRL5aSr;DsAr{X6558fmriDj9c!(OY!*7?O|$J
z*>JGq_<CGg0R$et)nk9ab6AM2oBr2}>BnGp_mshOPyf_5^Ib>VU62vw&xp|qmaEXL
zrsh1X>fu}14T%AhSbiQFXLjsO-{B>y)Olju*z}T?9jQy?PaGk{Gb2Fc8vXNZVT&dE
z^e(s1D+ebFE&RC6Ecefe->tOz73x)KL;H=d9$U?op8_4duTJtRL^{oVN8xJ5<mY&>
zjd!ITd&^g<MB-;C{p+vZf_J?TphS4LEI7N=<1>K2+c|ZvDeYCH>^FfrC|<Z(tr0fd
zdN_g6g4WV3*16!rypTcxvei{_#an9SH3?(x5ujws|5x$=KkDi`r<V@@FQp%!3gg7#
zy2Kc7OO6;*b-(Ss8V4mh-ePXbL+6GZRVsW~nGkkT7$7MZKCCExap@;w)gw_1z}cg)
z>P6!4E|Q9$$H~F#Cxj5~E(U=xhjW`by@>wimLy{}Tl?Hq{I<$5Iei!zn1(f8=^{By
zw+dvT$^5ynuVC|q)2jRX^@CyS=Qy<APWf4A44nSmZPH{qO57dBS(umPxlQ$q7@7tQ
zSy^m>2F9_LpWWGp+I<^R`uRt!aDos(Q{n-v?;_y$ON0|dnBVF3Q(?Oi3q#-Xm2c0j
z>$p2QgHB_s&c~Q^{YF;3hPru?<{JjnPt-dqo;xKfK&P8vKmUH+Jim8dm1wv%hsY4v
z`!yaNtr9CK3KN4F;6zM2(9$u{>O)^HgVl4aUXrgl7w87|>o7;pAW0MP*}}sUnvQ*K
z<;YBDefFrt8?>Sz`zggl&qI)x48x~qTRM4D#4-58i@s09o$>tSm8=U^h94Ritrph_
zO2kmKog*(V<l~!<-g`M;cT?(NBRzWf#vYP&q5}ND#b)Rn@Q2r*@v?MF@WW2r>43~+
zy|L*P%`fa&9QCJrsOv2icezsgylm3hkZ9^ORdtaT6+pYWC@NBH_eY7{r|4cu<Q)t#
z-d;=U5Tj_PRc-LLV)%qL9Lp2;Kn+KGq<Thq9D~jksQp!6CgVV$si_nRwKKD|>ckeD
zcF3x%Ha9rIS+uImrBGQF;<aC>hT2*$4C1Ink43@x@iMr?%q2;vKS;s(^&;N$vxc&T
zJVb9>-_1WIt|X%ONmbuXA`-rA+unyZF+C{wnIu=utW=R94RdWK=jAp-NxM=)+(d8Y
zQ*++M7`)mrE~)vnk3*xxHlj~AG3fM<fv+&QF?*D)crOI5j>9PTmEOz3K0WMZ=%-A|
zN3ymGrLk$~T+V%`;jr`E+F@#rfV|yuof0wC!4vyd$tU>Qx^_sp@?;idP2|NJY|uJS
zaOG>LP8P6|$hJRL*pZA*S0e5?elCpuoQ|vWoagHewU5O*`#&qQ;Y7Wa8j_Qcy^Yep
z9l+G4eev5H{Wf~qglUIwjaot^Y5ew#0_AbyD#Y*~I%A=KY_bN5>#FeGh`5AxB+D^;
z^!v8w@YPvvat56f#raSCLN?4%-cc+g)A9?7rNC-Z3CDNT1@GoqEEKiY?@J)uO<JDB
zaIl4elfbku)2!?#?w^bxgoLskq2~2DIS7ep3JYI_7|$!mDp8wY81a1GN}>fC>78ge
zSP1epiW)lXB$62OWm3ARF*sv=z;d^Z01GQem7JbszYo;bX2>-+l{v|pQ;zNGUnRA7
z(7Eh47F=y{aIlYOlTsBR&5$zp&-h_v^5I2DjsyfY@Jih<CWkwZ2ozm_hgE+@{t$wJ
zB!q%W-j{fnh(ftn%{y6^_Ero#KQF@Y?yO{)(9g(C<Rw|De$%|f@XP`IJkIJm`1N68
zg(+V>`t^wd?ZQs;oq<+CcEm)2W_NLKa;J^cp;Ns>TJh_vo1u9OL`)DS)S;}z$1z*Q
z!f^GqkdD8yQK+JknK*6?7xT03NN|(K{$+Urvw*=jHSpfur>G>1)wmDQPSX<r+ayEk
zhZ@SIiHn)rE`gby$jTevu8MUk#W6y#r2p}iXsL(nVt&%qg^!wrG5H;5n7B6C>fafC
zI?$dFb(bvx+DLXgqV6EArNOr?Yw^ACvd-*}_g-HBMwGNYVf=hn*!_kOThlPSvjMh*
zN3Oj=eq_d|Ye_O%e#tdj#Ku_dL~ZR7hXQ2OTJ|F+m@{TTjHNbRWk#>zJ@vp7qX<$9
z{3bMDag&GosrPb9NP4OCpD|1w+0uFvMBX>~uvU}2+yI`VQ8raK@;%G0vL79Cf82zo
z4@QJ%31e!79Hd>E-u`6Kp2n0gQiGV~-+13}V}i3Uol6xXe)k?*coO<SZ#0>Csg=Cm
z<_Un`d|m%zH3Yt*W8d-!l1$7$^FNBR=*h!BA2>YxLJa`ho4G@brl1Qf;6(nx7C8{q
zs#cg%3tg7NdnbqTCaS3p_TZu|Od0%>gGzBwnf&&!JteB^pYeqACkrhX;Wn<`3jR-$
zk*{RkCcnEHMbohK5{liKOeUr!f%g=uo(MB&e;5-`)BHo{l|j1;F&xdqn=^j$ZnYuN
z=(Utmst<AO;g{CXW;ZgMrYX18B^{+~ds!)5Yzkza=$v>eWq&Thz!+$8+m4LI6_{@B
zU)$eKs6-zb@YpQFBluu%>4RUEmRZG*Vblqvvj2HNz`;Z@!ZFXuQ!dG{!6OfiOKjp|
zJ6D1+)<4Ch^xo>VTVD}~AVm5If;TbdpVzo5aVo`f=~PvGEB=^_rUdI!aJ>Ih^eaZ^
z#3p3i^fvzxmUoe@)g-6bBql8zco&a(kxj2s{N6s&d>=^$QOl^A+=oAm+%uz<W{G2P
zlpV@!n>RV$4-KlQg(f>yk7sKw=T#fu7ZpFqz8Y!}Dg7bXjrl2!z|g%!9quS<#AW^k
z?jksSwNcgSn_1LG+(?7?hC%*uH+DTeMZ~r7t8;kkTn<B?%TP~qMXE(*Lk_x81DRuq
z4W8ITh#PVE8eN-PLQ>2g&Xr%Z`1sNCrG>I&%r-vt+_sM}P_I+sHZ&Mp`RkLF>k@?B
zb1oe6*CxkhyG6&p25W<!UaX=|wl>>|6upkS+@7hgqGoVv*XU7h?a~7nmVnjZrABR)
zG(wnU1d$Uta&n457m0Q!c7ChWA9n|7hr82VHuIQ_1(D8&zwuv3tCr#vL_Xz-EU*5u
z3(xv|7_lz7;l#CTvi$PT-J-@N;(T@-AEpQnE`z!ePvKI0!N%a;5@G9><gO18zwbEl
zl@^be?<FZ(iC4H`l<%P^S_H|FRJum%x<?Q$%ZT{L?|ou1yxxb0{n~sfM<7l?NS*JH
z@=Z`qAE4vwmfJI@<wAk_l>9oxpO-NGNDEx62t&3iX!Kk>0WF>=-86;qdheOlUy{nV
zF&8bxD0G6JECScoaBh=PnL$5);ONX5V;lZlZh!Xgj681?*WgKi=Y4}QEr#2wP5bzt
zxZg-d4F3hfXAK!<0BpHEP<n^qhu`mKUF)4V?iZUeWJHN>Nd_+NPj-pVN_T#KUp=`~
z&dG`0tMJo4oIAOH=ZDDZe~z+q2w$w<rBLEuq2~i(T3Kkz%cQ-yXy5r=64&Rh!3lgF
zQ%m9CPYE>2BHt;ilwIONS+n1p$uf^yMCgp8j-pP!JURPWcrq*);G%dSjY%OUJe~0G
zSAt$$W1OzGn?;o*Rhlqn@*XF{Sm83TjOE2_mB_awc`R>S#7|-C6D1g)p<VEp<ur8Y
zql}hvt1Y2%606Wl0vs-zTVQ~<&`tN#lieo)zX1o*gmDzheGkTYq7bUH9LHnY{p)Y)
zvqad4G6NhEypuxNgt8-NYvx04{T%Z?M7h*Fo!;2Vo8~dRB;pE1M*(%K@6p{F>m5-i
z3sz^Pt0$}7C--;@QW*~U@xBq?tL_K!Kfn&4twqjPJox=!ZH1VPWO#@M;4J%<w*puy
zqF{ctgn2QNtWb>(;@)w91A@W?zMm-&-*Wxj1D#AhIqQ3RvH%P?(xjK<7K?{B1C7h7
zW=QJDFD!tR<H1R<sUT*2gg=786L8D?AMRYQCqQdB<6_EG2}6D9D*p(??wH(tFrv=S
z92e!=y?DI?u!|Iv6k3^|Ea9v@1-#Hh`D6%xkEZJc@YTlHh#8j_Si@_**~liLF@H}9
zPoTFCrd^P0!4vRQzM~Oo+MI}ekIqfj;=SmerH7ui6=+T()$i|5Dn9FD4mU-@6kXH+
z&Sc!>07abjjxX9FzCvjqz-#<PlKM94cGXU2i)~)a_svbO2HEO&+ZucFDn(pIY$*dB
zHPvO|#zL-c#3V^VrEF0xm#{+WLqQXOSSsy)y8h4$zY*tRK$YTTl;gm&pK_32@T+9$
zyis&e=`W$cl5PAZQILFeXE$&CGeA!i`UzCsd$4P=I^^gnoZhVmV0Bx`9QoUH*;?Rn
zZ~=tqRez+Sj(7v^NN<WMPS!D3-T;bn@rTouqIt25obb3Ysy{z06UbwR8cM*|R&K<P
zmm59k{j#HK2na4}OwVMuU4+F64Go1w((vbkp1yRW-s`JYbnD>4Aj0{}P#=WbVNKa#
z&uT!k5X3TT8=$}&J(%P{9NP;){8+QvAh=rT=pi_L%@HW+Q~YKz9^D&Z8T-7}tMrS8
zPi%+R9{tiA=2#78ZD6aH2)`ncab1jrtIeWlj-ujy(K<<l|JfMcXx)ICUH!?TxIDJD
zqFEa8Sy`3vgQM~7@=!wADQUmq(R%-A25&Uo;{n_j%icScer_T^C}tks!7@oO32Ng7
zYR+?D5|`hc@S}0x&3SzgRZ_~pXXV}fe0P(=JoiCB4MXII4|^e;WBjO#vZ@lLC)RQO
zH5bo;L7440=}%KbH@~T5GMyeH<*~hc7U>e7)Ly<X>}&T;nch@b=w|M@lwP^76Aq`$
z5{i@fXmjXd+C%x3rXr=TRwir#+?+<=7>Iel1XRT_T9F_V@M??Lj^H!78McioM1~Of
z;nP`v^9;ob9YQQCJy0QN(iFb)W*KJ@eg)YxIA!Ptgh|PFF&u^CV#isB*x)zM@>!4J
zn>J8>9kMPtj<XS)xnXq6!x`{fm_Nv3vyB;>8g#Og3p7i!wAhbAgIGv9+3l3F8UWFF
z<k$4WFG@tIbzj<*OyNqjN#v$Jg#QvgSi?^7jH@L<eGcTEH0F;X`e=Rs+_VQ*J+?&u
zAM50jE}ST;-VNZ-te4xfBWpyWAmQ0OANUj$LS=8#73^2nmCzZi{J4u+(0QrN+l-zf
zS^XEUja7v|DsD3YTzCphkq7-dWp)m*lqKFbM(usHo=x{P{Bc5hHhUf6q0QiR!y+G0
zL8~8Rep^njA5D!mY6ZPvXCL#Q_by6H`4Rtc=UVh^YafM$6hB>Wn6$Eay@Z+H;<hPz
zqhsBf8^-CngDHO{ezrzn_t$32*0hUpP9TnIqu!oU9XtGF!L2#DKq5NqHM5TDkL#zO
z?g!84qMODuc^;?&Xt`ux^66c#5|D_t9v4Tnl{B)^gxj4HDIUQ344#iohSEx_DYX`7
zc?HlDA4MJ?$9g`^b3kmA@1oV}J?I*3=xWR{HwJj~yC);&NEf6r%ZUQQV*3p_gMPdx
z#ZOCSA)T&0e8bW?#6-8}TZ>!6IWe$_YKsU~HU<D2b{t8lQkl&?!EQ&M%&z==GFtOv
z<ko98zQ<$%zBqRymy<u0O~vtDvr)MtX++vK*G`?Y?Y-Y?(?6#!#fF*wAerFWn}Q6R
z^yy+gd5!!Rb|GfE6GVE2Jvr(>BHr?Fu+Q}S2QWmsU4!7;vCp{C8$7r36Nl&iT+KK(
z#=#b{D3IerV7Ptq8|T^Z2YJ&5fJ`WFK?A07%0T*0-w9~<SAsHK@$Z-NpyD5i9hW@`
z@_3HH*iBpGGFaYBCqOBQW3N^V*7N+5BfWKZq$MM9IAq1~-S_Vh8{(Ar7$8A=LBW5`
zmj@z;bxyi`2hz9`%+HROv7_$mooI~(qt6pli4v{PF-#>fRNrOdy%?0Ni!Bg~e%Ju!
zZ~$U)7pg;4<@oKM;PkxRwdu9ss(;i6ynPtWF9KY?Kqcz$@j=)r<#2$?nhhB+zjRc(
z!8IsFv;;BQLaa9s@wjMMU41p&{TxB*^pS?mQ7}@BrY}!~mI2<gR0R?TN|N-OGPMSu
z^ZVp-5wuQ<7XDdeL*^kvu-YedNvJxh#^>{=r`sPUqPjYbgj>Ykj>lLqRYN!Wi+J_v
z$4wjg-?!f6@wozmlTk-nS3jPded0D`YIVcZW7Zfq$NV4!hYbk#l3;HKnAwFg*BnK;
zYw&nDIxi=+zY8Y2*b6MiQcztxi|}Rr46b(}f?Se<i?J5pqTzT+yV#;UqqwefUyw3?
z%jqXcWB!s#C3FhrS5?^fT#_xw;E^1t+&+oJimDHyl(AziXaLM5_cyZA?!QnwwR9oa
zuXiTxk)Z<MwZ0tjrHy{ero839p06V@DySw<;TcYV>>@=ds%}NDQ<(5MgK2g@H>LbZ
zo_^jx6B9v6`5{82MeK!1RA6Ym{gav^k`F1Y3`5rUA*P}^NBMb&^|=74W7Y8UK<OEO
z*RMVC0dViud(|-Br8}+lod~(rQMma_aLe0=%eIU1BNO;5HQ3~58d%kjKWm-@Um8!c
z8_UO_kUT7`y&rtPsc&-jEEue{_zEO{3zQJ`-H_Q&V@SIa8c#$uDD1vz0yW<zm&_{=
zq`-cgF}b@e%JC@=FAL)7d^tPj0*7ON#`)gu;ea~O>j;2I;jKiXKk8pL7VSfgpK{Rl
z{z(V!IfTF0e*V>X@p;nTKH0?Zp-xj4QNCflD}7HBbN7ZB?OvSGU+WE?MrTSrX07=X
z>SnmV=#n#$bT{)8XaC#0`&RE=AmkxH0v`+sq}|NmXq<OuUnump?x1s$>>)VfN*zNo
z)IO*U!Nu-L9h|@d-RkyZQ^%@2hs2y5m^bqe7UtH5TG<Bvx_!yc?T(7F?M&1}s3n`t
zB%1|k42JDKXOOVD;%hg_HP)T8@_)yg==z6j9<UZjxcBYS(<9*%=k?|GFMRRa7Vq_c
zzql87a+d*zC!rbixnJwTCSB_*CV#7^3xt?sSDD`N&5}~l30=JLcbk*QuU+%Q86Ywh
z1-QnoA3VlXxIlq~TFQD|I#w4;A(%AuQg8tQ_es-&MSP4@FuIoQZ$U+UqFXC53xwWe
z6;oNBZmd6$!lJsb3f^r&>|^j%o@U)sHIAhxHU5nmMX3bBLaFh}wH&;WJEN@%t|{I6
z+Ltc`nBih^X+Ck&PmTC)t!sd)pKwxW4;3pXUoBu=zGxGjujvMDywytjOymzd#(wz9
z`Od-2q?*RbMVGT`mFV;hGFVF3iJh^m@Pcp8Y)BOg5}2efL+Gez!FfkFlv~pHpmF&$
zyW>K<z6-C5xDTW;8NLJ}ps)7_$hcaWi%Q#(8lUwAJbh_@^uEwIN{s&GSZpxf^~fAa
zOEfbED8_og`)&YHPWh`^cWnk~BSR=+UfLlwf5=#mU*Ovql>g-M2|-M$Q`MhWFE=Ls
z;zHUMzpM9~x_OPE>Swxy<BGFhqr4#gwqTKjk6zedMA2o^MR$_nV&M1*Tx($4NHy&H
z!)4?h#!Sy1xjwkLDBfhvyH?fJr1TVr<zrOSntiekvib3BNy!L4xgioW=_Fzh&y^@@
zWTZhiuWP=et9fhkM%dtm)L(a6xDQV1Uu<htX8!8;H>2hn|9+93(OmX7J$IA~klcUg
z9>KeS0v=!n3Jnh_RlYQcJ!)neGgrg##u<K9a>|Fyr=j}Z(aT=aXevP2k1o)}q-;14
zZytqWgLUF)Gx#y9=Uz`?B+BNHEfiMJ?L<wV#6<0CG8v!uZHH~D-Fx{n*VGII5XG8H
zE}6bqTP|8H#@c@N*5x^%QrSa!i~8Azmj<C4niEM_B__R~^d%Q)7|EtCawbI`X)^vG
zTLK=j4?>PJkDcp4I$V;$A=n$VJOU)mW^HSIW!N>IEcrLqKFn@zsCHFFabWS;Jdt*P
zi2vv+o*&KbKg=gARX>B^Bl<uBrL`-)zK-k?Z}#7<Uw{zC9P{-i)AtF)2{89L$0##>
zf5O9umLJ-L)cCQP>29;Kt!R$FLo05;TCOT=3-h@1b8*5SYX@0R@!Ot}=)xI6ijnAl
zDyut;>63PHH?ZKi^!8d7X5jTpYh956{N36)Ja47bra={4LZcJaK?PTb8yn&}5=thw
zNZyO3z#&7Tvr@kWm3U4ug?ap9aDBG;MhNodKte%VQf*pcRqVE&W)QZ~NSDU^rdT*(
znJ(0WU7+CT+gQ&RTAh($b6)$vb@7NiPRnmm6{BxEIt}3xwl}!PJ{_bg4?b8su>F@0
zfhz01gO^SBnbbb<zBGkR7g{x8n%_N!ZJ-bIo5yhW<nm?b;29J~YWNihuF4XQcWT0d
z(*+nFZA@YvZRw4q;1hl}uAE!^g$xI=H9UG7fBEL^xoxC;_OoWODF9Ch+?05J*zxYc
z!t7Pw*RRo<%F^%9itszu`jNfwo@)wR*1+LfDR`sUtodoUzLfiZ+~^#Q;k5K$F-cN3
ziHe+z+R07FqK2fD$#cfnld(DCsFk@Z0z02Suitz%pk|US(t%uy4#znSQ|P4-(GL;U
zoblt+tX@$54#U~}iyXa*noW&}^5avD%2lr^VMUvMC>dLFO9W;m{Az=ynB9MUsHq}h
zpXbqLOVG(KIofCG#X2q4F{+MG&u9Egw{#J{TBqcWU5PWUvDK#h>Dl|NX=tTByV(;?
z^>+?>SsR~Kss_VKyETm#zk)S59&R6nUPYE7@m_8)Dy%lDD?eyYq|;y1Mf_wMJD~S+
zoH8YHH4gnxeM@kVv+qNOKQ`_kI@le@B19>=>hl2)?RF3r;+%ft#*CC<iTlstPuH)*
z=OMaOIsr+&e^c(en72ZaD_D#)5GIqys5#c*kZZcEVO&4<^6Yl6mUW#a&<iv7tC;O_
z8m&5i^dzC7S(#C&@i$okfF&W$$9XAN8P0hr?KT?_o}J3g0p;`OHGeClp5IEPUcy)K
zM$ZfYPpcl^^F%nnvP?|u+_UV|mF1NZ>?@<MazSgK?RR;~LOMIJ#vk>&Pgj8jKc$CV
zYar6q>3xAZR8!%~Oxry01b}tOQ}f9>Itc3;;96pxxFk?sdG_KLp7XblYdGc<nLgi_
zg7pKL?0fepM5~)#WoNOob&eG^4EFl;cSq{|QDxv9dghnM*PsUfGbYlU;{GCOC2*;Y
zF-Xx%Y7(>0kL#Ebhg#{h`cicY^H34Axrz+tJM0prdFBd$vMQZ#dV%;CFPmznUaM1a
z-zG<~?XrK<I=DxdR0{(;@AEOQ8HaHo9n9Z11DvZf@cH4JXp#!-7dKhur+Uy&SZ3r{
zDm)>GNHBwBt=lNRE}d6SGMAV8ap&Q;w9tglfqIGu*eW%~hjBnni?d^#>)_P=$tsPK
z-VbV9GB}T932Q*gymun0ZIO56@ot#h-En!iNN>6#EIkmskC5NM?|4ftS)b)9iOxnn
z!~NsJH{hdKwitsMXO%daVi3wrWy%Ea{v`{UC-KGtAFHgsPwnW)r&Ax6t4eVA79+!q
z`yfNqZNifoi!wY7OSNfQbciNuVr^}HaJ*nwUJXT^qiRuK8u+J2&8&eOLcLEM=#$MG
z>HLnLZMi_HV}TUk9zsf&uIK7LAeP_<(Y$WlSWSw2P-Zm@gX*fr`)c$|ti9%9Kp7%!
z?QLhRrl?P&k^~<LLsPJejDA{Jrk%7s_DeTtMF!a}jbx)Ut@_I2lgWv?Pt84~=sp)(
zBGG<jY_Dm7RKyM;Y>%(FCKUG?>TP^fe_^Fs-r!Uz=eH=VzenE6q|TQ$qUJ;!g2;2L
z1BGM-AVIiP78LtAnpYp$W(Kfyz!BiJ6ug;xv6CHCHe8iQ`swwXkz5Ju7K_uyf2ubv
zJ72x0ga)h<y@}h^TTZw;gt{({kkzB40B6oI6VCjmeoq*L6B&%zj`#S@)H39yYbhGs
z_A1ZsznI+eI1!PX;K<M*ij`LxG<&f)^r;gN;Ib|NhTDQeWh(MWVs(OxtlJ@cwtvls
zrLFu(2+|Ydg~@2ttLsy?Q~-D!d+CZ;F3!q`9<rI23Fu|bV$Ies_9fQH_+2rc?<z+;
zeRR`mWDuCD8{(Je<#BgKo9;i0R5`DAFU6<jN;)d^Jx(ZA9wo1h0*j~Fyirva>TD+P
z&vbr58ZaQKbqoM0OUD>n{#-(vWz^^!RCOruz+~Z`1$Hk7M;k*ufF3wSm@^W$j?3;H
zlH3uGkv%ivZO@Yc$`Bz&`d+FAHLboT-@$($#WG-8iXSDD<o(PjE}ILRN&-Qo`9Ct=
z)E61;%lem?>Egg`dZaZm=;LZSfkK*plbO#tb(Cd#Lddng7oW4@({cmwF_pXk#AuA;
zBc*1!n<=k2H_{DfF#%o6@(O!3w$mY~2m6zZ)Jtip;H{R;yL>IOpHp@6y7Sa<%eS3;
zkPb?O59(c3Ts=9r$t-lcL*?h3Z7Dx$d8lp8r^K6d(+1jueadOgcfz>T>8WCnpTUoC
z|A6@z7ny(5PIFVAT-^Z(Kct)TmiLVNf0FLAK3SNW28HHRO4D-0-vvhkxA(|=%*9xA
zTSQ&S5d(^yr4VPPy(+ND{Q-TL2{P{D%=di%x2C{B7m`cjp{pJBGPd(C#4N36%_@ce
zQJ3XJ0K~st;6OoTh`1lMnrKY$M5O$r?T5PZQ=WPfzp>UtJx-;TWnO|Be{IRttR5#h
zIcI5WT!azFQGvKUdYd{!Kv!&pa1uX=dqmg>p8efpZZ2DJ*a5Pb(z&BlgwYe#8T>fa
zAh`8&QDfqJnfRDeG6rL~KJ|sCs8b8?hcT}Jo8O~n$$do7ugb=$kNSuLU?VZY2x$Qn
zO-2j<#@6aJn)!idf3MO_!0+B|3?)xxN6NiL9~lP((<6qIAJxa@JQMH(K<;R)tCWoF
z^0u7EAr?-JoA&sXcUoY25EG2nUICmqWe_Vz<j1FP7KIi~#X>Tu!7_d2{6H1Tzg#NX
z%8Qg&DTU+Fz?nnP;&gSS;w;9L<cvFLF#@eHwTf*hql9rZdF7VB7v21i<U4M5+SWD5
z`|(c+PG2=sUwa#0n5>;Q>@fp~3X2L02ullyi9kg}WJQH##U=TKg=K|>aY_hM|33!q
zp7zcTf&c#o{`XD%j|S@h_2A>_;QPkL8wSvFw{e8&+BiDfxw1$KN(o8}$gqeCi--#d
zO9+UFvgnIQvN-wrddUh2y?OIS(D^^~V|qjjdU`vq#2!8p0%-qZggW`T+sev5^R)AG
zhk5wQ%0eEYJ^+yq|GI?!FU<e+DJ$y)b9Qv{1&GLqk^sD89x*iki|7Brm^j<}I{gQk
zu3^P}gwXvjh_16c%s0>r2KXPZguFZ)6&sE9{x2R~=pzasA|WF!EhQ=~E@}O&0r3bS
z`CmMS&OtDMu!>4%nZm(ilkxv*GBVHtI5@k(9v@%G-NV<-(^1I5#^2e_)5AyT|9vq+
zwze=EJ7G}=adBxe2OBY%sJ#u$*4{>1OiEhZ)<)bx@X<o>(Z5U^*3QQs09tB#&pxSG
GNB$oz!j~ri

literal 0
HcmV?d00001

diff --git a/login/apps/login/public/favicon/site.webmanifest b/login/apps/login/public/favicon/site.webmanifest
new file mode 100644
index 0000000000..567c2c6549
--- /dev/null
+++ b/login/apps/login/public/favicon/site.webmanifest
@@ -0,0 +1,19 @@
+{
+  "name": "ZITADEL Login",
+  "short_name": "ZITADEL Login",
+  "icons": [
+    {
+      "src": "/favicon/android-chrome-192x192.png",
+      "sizes": "192x192",
+      "type": "image/png"
+    },
+    {
+      "src": "/favicon/android-chrome-512x512.png",
+      "sizes": "512x512",
+      "type": "image/png"
+    }
+  ],
+  "theme_color": "#000000",
+  "background_color": "#000000",
+  "display": "standalone"
+}
diff --git a/login/apps/login/public/grid-dark.svg b/login/apps/login/public/grid-dark.svg
new file mode 100644
index 0000000000..d467ad6de0
--- /dev/null
+++ b/login/apps/login/public/grid-dark.svg
@@ -0,0 +1,5 @@
+
+<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100" viewBox="0 0 100 100">
+  <path d="M96,95h4v1H96v4H95V96H86v4H85V96H76v4H75V96H66v4H65V96H56v4H55V96H46v4H45V96H36v4H35V96H26v4H25V96H16v4H15V96H0V95H15V86H0V85H15V76H0V75H15V66H0V65H15V56H0V55H15V46H0V45H15V36H0V35H15V26H0V25H15V16H0V15H15V0h1V15h9V0h1V15h9V0h1V15h9V0h1V15h9V0h1V15h9V0h1V15h9V0h1V15h9V0h1V15h9V0h1V15h4v1H96v9h4v1H96v9h4v1H96v9h4v1H96v9h4v1H96v9h4v1H96v9h4v1H96v9h4v1H96Zm-1,0V86H86v9ZM85,95V86H76v9ZM75,95V86H66v9ZM65,95V86H56v9ZM55,95V86H46v9ZM45,95V86H36v9ZM35,95V86H26v9ZM25,95V86H16v9ZM16,85h9V76H16Zm10,0h9V76H26Zm10,0h9V76H36Zm10,0h9V76H46Zm10,0h9V76H56Zm10,0h9V76H66Zm10,0h9V76H76Zm10,0h9V76H86Zm9-10V66H86v9ZM85,75V66H76v9ZM75,75V66H66v9ZM65,75V66H56v9ZM55,75V66H46v9ZM45,75V66H36v9ZM35,75V66H26v9ZM25,75V66H16v9ZM16,65h9V56H16Zm10,0h9V56H26Zm10,0h9V56H36Zm10,0h9V56H46Zm10,0h9V56H56Zm10,0h9V56H66Zm10,0h9V56H76Zm10,0h9V56H86Zm9-10V46H86v9ZM85,55V46H76v9ZM75,55V46H66v9ZM65,55V46H56v9ZM55,55V46H46v9ZM45,55V46H36v9ZM35,55V46H26v9ZM25,55V46H16v9ZM16,45h9V36H16Zm10,0h9V36H26Zm10,0h9V36H36Zm10,0h9V36H46Zm10,0h9V36H56Zm10,0h9V36H66Zm10,0h9V36H76Zm10,0h9V36H86Zm9-10V26H86v9ZM85,35V26H76v9ZM75,35V26H66v9ZM65,35V26H56v9ZM55,35V26H46v9ZM45,35V26H36v9ZM35,35V26H26v9ZM25,35V26H16v9ZM16,25h9V16H16Zm10,0h9V16H26Zm10,0h9V16H36Zm10,0h9V16H46Zm10,0h9V16H56Zm10,0h9V16H66Zm10,0h9V16H76Zm10,0h9V16H86Z" fill="rgba(255,255,255,0.2)" fill-rule="evenodd" opacity="0.2"/>
+  <path d="M6,5V0H5V5H0V6H5v94H6V6h94V5Z" fill="rgba(255,255,255,0.075)" fill-rule="evenodd"/>
+</svg>
diff --git a/login/apps/login/public/grid-light.svg b/login/apps/login/public/grid-light.svg
new file mode 100644
index 0000000000..114c1186fe
--- /dev/null
+++ b/login/apps/login/public/grid-light.svg
@@ -0,0 +1,5 @@
+
+<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100" viewBox="0 0 100 100">
+  <path d="M96,95h4v1H96v4H95V96H86v4H85V96H76v4H75V96H66v4H65V96H56v4H55V96H46v4H45V96H36v4H35V96H26v4H25V96H16v4H15V96H0V95H15V86H0V85H15V76H0V75H15V66H0V65H15V56H0V55H15V46H0V45H15V36H0V35H15V26H0V25H15V16H0V15H15V0h1V15h9V0h1V15h9V0h1V15h9V0h1V15h9V0h1V15h9V0h1V15h9V0h1V15h9V0h1V15h9V0h1V15h4v1H96v9h4v1H96v9h4v1H96v9h4v1H96v9h4v1H96v9h4v1H96v9h4v1H96v9h4v1H96Zm-1,0V86H86v9ZM85,95V86H76v9ZM75,95V86H66v9ZM65,95V86H56v9ZM55,95V86H46v9ZM45,95V86H36v9ZM35,95V86H26v9ZM25,95V86H16v9ZM16,85h9V76H16Zm10,0h9V76H26Zm10,0h9V76H36Zm10,0h9V76H46Zm10,0h9V76H56Zm10,0h9V76H66Zm10,0h9V76H76Zm10,0h9V76H86Zm9-10V66H86v9ZM85,75V66H76v9ZM75,75V66H66v9ZM65,75V66H56v9ZM55,75V66H46v9ZM45,75V66H36v9ZM35,75V66H26v9ZM25,75V66H16v9ZM16,65h9V56H16Zm10,0h9V56H26Zm10,0h9V56H36Zm10,0h9V56H46Zm10,0h9V56H56Zm10,0h9V56H66Zm10,0h9V56H76Zm10,0h9V56H86Zm9-10V46H86v9ZM85,55V46H76v9ZM75,55V46H66v9ZM65,55V46H56v9ZM55,55V46H46v9ZM45,55V46H36v9ZM35,55V46H26v9ZM25,55V46H16v9ZM16,45h9V36H16Zm10,0h9V36H26Zm10,0h9V36H36Zm10,0h9V36H46Zm10,0h9V36H56Zm10,0h9V36H66Zm10,0h9V36H76Zm10,0h9V36H86Zm9-10V26H86v9ZM85,35V26H76v9ZM75,35V26H66v9ZM65,35V26H56v9ZM55,35V26H46v9ZM45,35V26H36v9ZM35,35V26H26v9ZM25,35V26H16v9ZM16,25h9V16H16Zm10,0h9V16H26Zm10,0h9V16H36Zm10,0h9V16H46Zm10,0h9V16H56Zm10,0h9V16H66Zm10,0h9V16H76Zm10,0h9V16H86Z" fill="rgba(0,0,0,0.2)" fill-rule="evenodd" opacity="0.2"/>
+  <path d="M6,5V0H5V5H0V6H5v94H6V6h94V5Z" fill="rgba(0,0,0,0.075)" fill-rule="evenodd"/>
+</svg>
diff --git a/login/apps/login/public/logo/zitadel-logo-solo-darkdesign.svg b/login/apps/login/public/logo/zitadel-logo-solo-darkdesign.svg
new file mode 100644
index 0000000000..4a4e8be71b
--- /dev/null
+++ b/login/apps/login/public/logo/zitadel-logo-solo-darkdesign.svg
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 467 467" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;strokeLinejoin:round;stroke-miterlimit:2;">
+    <g id="zitadel-logo-solo-darkdesign" transform="matrix(0.564847,0,0,0.659318,-1282.85,0)">
+        <rect x="2271.15" y="0" width="826.773" height="708.241" style="fill:none;"/>
+        <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5923.46,-2258.26)">
+            <path d="M1493.5,1056.38L1493.5,1037L1496.5,1037L1496.5,1061.62L1426.02,1020.38L1496.5,979.392L1496.5,1004L1493.5,1004L1493.5,984.608L1431.98,1020.39L1493.5,1056.38Z" style="fill:white;"/>
+        </g>
+        <g transform="matrix(31.0036,0,0,15.0393,-397275,-666.457)">
+            <g transform="matrix(-0.0429306,-0.282967,0.160219,-0.0758207,12884.5,137.392)">
+                <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear1);"/>
+            </g>
+            <g transform="matrix(0.160219,0.0758207,-0.0429306,0.282967,12878.9,10.8747)">
+                <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear2);"/>
+            </g>
+            <g transform="matrix(-0.117289,0.207146,-0.117289,-0.207146,12943.8,65.7)">
+                <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear3);"/>
+            </g>
+            <g transform="matrix(-0.160219,-0.0758207,0.0429306,-0.282967,12917.4,132.195)">
+                <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear4);"/>
+            </g>
+            <g transform="matrix(-0.117289,0.207146,0.117289,0.207146,12897.8,5.87512)">
+                <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear5);"/>
+            </g>
+            <g transform="matrix(-0.0429306,-0.282967,-0.160219,0.0758207,12936.8,97.6441)">
+                <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear6);"/>
+            </g>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5928.43,-2257.12)">
+            <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5884.5,-2116.69)">
+            <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5855.22,-2023.06)">
+            <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-6234.47,-2112.14)">
+            <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5957.71,-2350.75)">
+            <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5477.99,-831.33)">
+            <path d="M1499.26,757.787C1499.26,757.787 1497.37,756.489 1497,755.2C1496.71,754.182 1496.57,750.662 1496.54,750C1496.41,747.303 1499.21,745.644 1499.21,745.644L1490.01,745.835C1490.01,745.835 1493.15,745.713 1493.46,750C1493.51,750.661 1493.23,753.476 1493,755.2C1492.91,756.447 1491.2,757.668 1491.2,757.668L1499.26,757.787Z" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5404.79,-597.271)">
+            <path d="M1495,760L1495,744" style="fill:none;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5404.79,-597.271)">
+            <path d="M1498.27,757.077C1498.27,757.077 1496.71,756.46 1496.65,754.8C1496.65,753.658 1496.64,753.281 1496.65,752.016C1496.62,751.334 1496.59,750.608 1496.65,749.949C1496.78,746.836 1498.5,746.156 1498.5,746.156L1491.46,745.931C1491.46,745.931 1493.37,746.719 1493.65,749.83C1493.71,750.489 1493.69,751.528 1493.65,752.209C1493.64,753.331 1493.64,753.413 1493.65,754.518C1493.68,756.334 1492.58,756.827 1492.58,756.827L1498.27,757.077Z" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5770.62,-677.495)">
+            <path d="M1496.17,759.473L1555.54,720.014" style="fill:none;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5770.62,-677.495)">
+            <path d="M1500.86,762.056C1500.86,762.056 1499.86,760.4 1503.09,757.456C1504.91,755.797 1507.33,754.151 1509.98,752.255C1514.82,748.79 1520.68,744.94 1526.52,741.049C1531.45,737.766 1536.38,734.479 1540.82,731.68C1544.52,729.349 1547.85,727.296 1550.54,725.8C1551.07,725.506 1551.6,725.329 1552.05,725.029C1554.73,723.257 1556.85,724.968 1556.85,724.968L1552.23,716.282C1552.23,716.282 1551.99,719.454 1550,720.997C1549.57,721.333 1549.15,721.741 1548.67,722.12C1546.2,724.053 1542.99,726.344 1539.39,728.867C1535.06,731.898 1530.13,735.166 1525.19,738.438C1519.35,742.314 1513.52,746.234 1508.49,749.329C1505.74,751.023 1503.28,752.577 1501.13,753.598C1497.99,755.086 1495.28,753.617 1495.28,753.617L1500.86,762.056Z" style="fill:white;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,-1.16463,-3.72366,-3997,4993.28)">
+            <path d="M1496.17,759.473L1555.54,720.014" style="fill:none;"/>
+        </g>
+        <g transform="matrix(4.96737,-1.14029,-1.16463,-3.72366,-3997,4993.28)">
+            <path d="M1496.1,754.362C1496.1,754.362 1497.2,755.607 1501.13,753.598C1503.25,752.509 1505.74,751.023 1508.49,749.329C1513.52,746.234 1519.35,742.314 1525.19,738.438C1530.13,735.166 1534.94,731.832 1539.27,728.802C1542.87,726.279 1549.36,722.059 1549.81,721.75C1552.75,719.73 1552.18,718.196 1552.18,718.196L1555.28,724.152C1555.28,724.152 1553.77,722.905 1551.37,724.681C1550.93,725.006 1544.52,729.349 1540.82,731.68C1536.38,734.479 1531.45,737.766 1526.52,741.049C1520.68,744.94 1514.82,748.79 1509.98,752.255C1507.33,754.151 1504.89,755.771 1503.09,757.456C1499.47,760.841 1501.26,763.283 1501.26,763.283L1496.1,754.362Z" style="fill:white;"/>
+        </g>
+    </g>
+    <defs>
+        <linearGradient id="_Linear1" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-41.5984,155.247,-155.247,-41.5984,201.516,76.8392)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear2" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(155.247,-41.5984,41.5984,155.247,110.08,195.509)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear3" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-113.649,-113.649,113.649,-113.649,258.31,215.618)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear4" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-155.247,41.5984,-41.5984,-155.247,220.914,144.546)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear5" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-113.649,113.649,113.649,113.649,206.837,124.661)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear6" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-41.5984,-155.247,-155.247,41.5984,152.054,262.8)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+    </defs>
+</svg>
diff --git a/login/apps/login/public/logo/zitadel-logo-solo-lightdesign.svg b/login/apps/login/public/logo/zitadel-logo-solo-lightdesign.svg
new file mode 100644
index 0000000000..33ea6b583b
--- /dev/null
+++ b/login/apps/login/public/logo/zitadel-logo-solo-lightdesign.svg
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 467 468" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;strokeLinejoin:round;stroke-miterlimit:2;">
+    <g transform="matrix(1,0,0,1,0,-492)">
+        <g id="zitadel-logo-solo-lightdesign" transform="matrix(0.564847,0,0,0.659318,-1282.85,492.925)">
+            <rect x="2271.15" y="0" width="826.773" height="708.241" style="fill:none;"/>
+            <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5923.46,-2258.26)">
+                <path d="M1493.5,1056.38L1493.5,1037L1496.5,1037L1496.5,1061.62L1426.02,1020.38L1496.5,979.392L1496.5,1004L1493.5,1004L1493.5,984.608L1431.98,1020.39L1493.5,1056.38Z" style="fill:rgb(35,35,35);"/>
+            </g>
+            <g transform="matrix(31.0036,0,0,15.0393,-397275,-666.457)">
+                <g transform="matrix(-0.0429306,-0.282967,0.160219,-0.0758207,12884.5,137.392)">
+                    <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear1);"/>
+                </g>
+                <g transform="matrix(0.160219,0.0758207,-0.0429306,0.282967,12878.9,10.8747)">
+                    <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear2);"/>
+                </g>
+                <g transform="matrix(-0.117289,0.207146,-0.117289,-0.207146,12943.8,65.7)">
+                    <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear3);"/>
+                </g>
+                <g transform="matrix(-0.160219,-0.0758207,0.0429306,-0.282967,12917.4,132.195)">
+                    <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear4);"/>
+                </g>
+                <g transform="matrix(-0.117289,0.207146,0.117289,0.207146,12897.8,5.87512)">
+                    <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear5);"/>
+                </g>
+                <g transform="matrix(-0.0429306,-0.282967,-0.160219,0.0758207,12936.8,97.6441)">
+                    <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear6);"/>
+                </g>
+            </g>
+            <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5928.43,-2257.12)">
+                <circle cx="1496" cy="1004" r="7" style="fill:rgb(35,35,35);"/>
+            </g>
+            <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5884.5,-2116.69)">
+                <circle cx="1496" cy="1004" r="7" style="fill:rgb(35,35,35);"/>
+            </g>
+            <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5855.22,-2023.06)">
+                <circle cx="1496" cy="1004" r="7" style="fill:rgb(35,35,35);"/>
+            </g>
+            <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-6234.47,-2112.14)">
+                <circle cx="1496" cy="1004" r="7" style="fill:rgb(35,35,35);"/>
+            </g>
+            <g transform="matrix(4.96737,-1.14029,1.331,4.25561,-5957.71,-2350.75)">
+                <circle cx="1496" cy="1004" r="7" style="fill:rgb(35,35,35);"/>
+            </g>
+            <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5477.99,-831.33)">
+                <path d="M1499.26,757.787C1499.26,757.787 1497.37,756.489 1497,755.2C1496.71,754.182 1496.57,750.662 1496.54,750C1496.41,747.303 1499.21,745.644 1499.21,745.644L1490.01,745.835C1490.01,745.835 1493.15,745.713 1493.46,750C1493.51,750.661 1493.23,753.476 1493,755.2C1492.91,756.447 1491.2,757.668 1491.2,757.668L1499.26,757.787Z" style="fill:rgb(35,35,35);"/>
+            </g>
+            <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5404.79,-597.271)">
+                <path d="M1495,760L1495,744" style="fill:none;"/>
+            </g>
+            <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5404.79,-597.271)">
+                <path d="M1498.27,757.077C1498.27,757.077 1496.71,756.46 1496.65,754.8C1496.65,753.658 1496.64,753.281 1496.65,752.016C1496.62,751.334 1496.59,750.608 1496.65,749.949C1496.78,746.836 1498.5,746.156 1498.5,746.156L1491.46,745.931C1491.46,745.931 1493.37,746.719 1493.65,749.83C1493.71,750.489 1493.69,751.528 1493.65,752.209C1493.64,753.331 1493.64,753.413 1493.65,754.518C1493.68,756.334 1492.58,756.827 1492.58,756.827L1498.27,757.077Z" style="fill:rgb(35,35,35);"/>
+            </g>
+            <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5770.62,-677.495)">
+                <path d="M1496.17,759.473L1555.54,720.014" style="fill:none;"/>
+            </g>
+            <g transform="matrix(4.96737,-1.14029,1.16463,3.72366,-5770.62,-677.495)">
+                <path d="M1500.86,762.056C1500.86,762.056 1499.86,760.4 1503.09,757.456C1504.91,755.797 1507.33,754.151 1509.98,752.255C1514.82,748.79 1520.68,744.94 1526.52,741.049C1531.45,737.766 1536.38,734.479 1540.82,731.68C1544.52,729.349 1547.85,727.296 1550.54,725.8C1551.07,725.506 1551.6,725.329 1552.05,725.029C1554.73,723.257 1556.85,724.968 1556.85,724.968L1552.23,716.282C1552.23,716.282 1551.99,719.454 1550,720.997C1549.57,721.333 1549.15,721.741 1548.67,722.12C1546.2,724.053 1542.99,726.344 1539.39,728.867C1535.06,731.898 1530.13,735.166 1525.19,738.438C1519.35,742.314 1513.52,746.234 1508.49,749.329C1505.74,751.023 1503.28,752.577 1501.13,753.598C1497.99,755.086 1495.28,753.617 1495.28,753.617L1500.86,762.056Z" style="fill:rgb(35,35,35);"/>
+            </g>
+            <g transform="matrix(4.96737,-1.14029,-1.16463,-3.72366,-3997,4993.28)">
+                <path d="M1496.17,759.473L1555.54,720.014" style="fill:none;"/>
+            </g>
+            <g transform="matrix(4.96737,-1.14029,-1.16463,-3.72366,-3997,4993.28)">
+                <path d="M1496.1,754.362C1496.1,754.362 1497.2,755.607 1501.13,753.598C1503.25,752.509 1505.74,751.023 1508.49,749.329C1513.52,746.234 1519.35,742.314 1525.19,738.438C1530.13,735.166 1534.94,731.832 1539.27,728.802C1542.87,726.279 1549.36,722.059 1549.81,721.75C1552.75,719.73 1552.18,718.196 1552.18,718.196L1555.28,724.152C1555.28,724.152 1553.77,722.905 1551.37,724.681C1550.93,725.006 1544.52,729.349 1540.82,731.68C1536.38,734.479 1531.45,737.766 1526.52,741.049C1520.68,744.94 1514.82,748.79 1509.98,752.255C1507.33,754.151 1504.89,755.771 1503.09,757.456C1499.47,760.841 1501.26,763.283 1501.26,763.283L1496.1,754.362Z" style="fill:rgb(35,35,35);"/>
+            </g>
+        </g>
+    </g>
+    <defs>
+        <linearGradient id="_Linear1" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-41.5984,155.247,-155.247,-41.5984,201.516,76.8392)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear2" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(155.247,-41.5984,41.5984,155.247,110.08,195.509)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear3" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-113.649,-113.649,113.649,-113.649,258.31,215.618)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear4" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-155.247,41.5984,-41.5984,-155.247,220.914,144.546)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear5" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-113.649,113.649,113.649,113.649,206.837,124.661)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear6" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-41.5984,-155.247,-155.247,41.5984,152.054,262.8)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+    </defs>
+</svg>
diff --git a/login/apps/login/public/zitadel-logo-dark.svg b/login/apps/login/public/zitadel-logo-dark.svg
new file mode 100644
index 0000000000..6dcfe06e6d
--- /dev/null
+++ b/login/apps/login/public/zitadel-logo-dark.svg
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 295 81" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;strokeLinejoin:round;stroke-miterlimit:2;">
+    <g transform="matrix(1,0,0,1,0,-107)">
+        <g id="zitadel-logo-dark" transform="matrix(1,0,0,1,-20.9181,18.2562)">
+            <rect x="20.918" y="89.57" width="294.943" height="79.632" style="fill:none;"/>
+            <g transform="matrix(2.73916,0,0,1.55095,-35271.3,23.6234)">
+                <g transform="matrix(0.160219,-0.0758207,0.0429306,0.282967,12622.8,-105.843)">
+                    <path d="M1493.5,1056.38L1493.5,1037L1496.5,1037L1496.5,1061.62L1426.02,1020.38L1496.5,979.392L1496.5,1004L1493.5,1004L1493.5,984.608L1431.98,1020.39L1493.5,1056.38Z" style="fill:rgb(16,16,16);"/>
+                </g>
+                <g>
+                    <g transform="matrix(-0.0429306,-0.282967,0.160219,-0.0758207,12884.5,137.392)">
+                        <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear1);"/>
+                    </g>
+                    <g transform="matrix(0.160219,0.0758207,-0.0429306,0.282967,12878.9,10.8747)">
+                        <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear2);"/>
+                    </g>
+                    <g transform="matrix(-0.117289,0.207146,-0.117289,-0.207146,12943.8,65.7)">
+                        <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear3);"/>
+                    </g>
+                    <g transform="matrix(-0.160219,-0.0758207,0.0429306,-0.282967,12917.4,132.195)">
+                        <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear4);"/>
+                    </g>
+                    <g transform="matrix(-0.117289,0.207146,0.117289,0.207146,12897.8,5.87512)">
+                        <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear5);"/>
+                    </g>
+                    <g transform="matrix(-0.0429306,-0.282967,-0.160219,0.0758207,12936.8,97.6441)">
+                        <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear6);"/>
+                    </g>
+                </g>
+                <g transform="matrix(0.160219,-0.0758207,0.0429306,0.282967,12622.6,-105.767)">
+                    <circle cx="1496" cy="1004" r="7" style="fill:rgb(16,16,16);"/>
+                </g>
+                <g transform="matrix(0.160219,-0.0758207,0.0429306,0.282967,12624.1,-96.4295)">
+                    <circle cx="1496" cy="1004" r="7" style="fill:rgb(16,16,16);"/>
+                </g>
+                <g transform="matrix(0.160219,-0.0758207,0.0429306,0.282967,12625,-90.2042)">
+                    <circle cx="1496" cy="1004" r="7" style="fill:rgb(16,16,16);"/>
+                </g>
+                <g transform="matrix(0.160219,-0.0758207,0.0429306,0.282967,12612.8,-96.1272)">
+                    <circle cx="1496" cy="1004" r="7" style="fill:rgb(16,16,16);"/>
+                </g>
+                <g transform="matrix(0.160219,-0.0758207,0.0429306,0.282967,12621.7,-111.993)">
+                    <circle cx="1496" cy="1004" r="7" style="fill:rgb(16,16,16);"/>
+                </g>
+                <g transform="matrix(0.160219,-0.0758207,0.0375643,0.247596,12637.2,-10.9628)">
+                    <path d="M1499.26,757.787C1499.26,757.787 1497.37,756.489 1497,755.2C1496.71,754.182 1496.57,750.662 1496.54,750C1496.41,747.303 1499.21,745.644 1499.21,745.644L1490.01,745.835C1490.01,745.835 1493.15,745.713 1493.46,750C1493.51,750.661 1493.23,753.476 1493,755.2C1492.91,756.447 1491.2,757.668 1491.2,757.668L1499.26,757.787Z" style="fill:rgb(16,16,16);"/>
+                </g>
+                <g transform="matrix(0.160219,-0.0758207,0.0375643,0.247596,12639.5,4.60032)">
+                    <path d="M1495,760L1495,744" style="fill:none;"/>
+                </g>
+                <g transform="matrix(0.160219,-0.0758207,0.0375643,0.247596,12639.5,4.60032)">
+                    <path d="M1498.27,757.077C1498.27,757.077 1496.71,756.46 1496.65,754.8C1496.65,753.658 1496.64,753.281 1496.65,752.016C1496.62,751.334 1496.59,750.608 1496.65,749.949C1496.78,746.836 1498.5,746.156 1498.5,746.156L1491.46,745.931C1491.46,745.931 1493.37,746.719 1493.65,749.83C1493.71,750.489 1493.69,751.528 1493.65,752.209C1493.64,753.331 1493.64,753.413 1493.65,754.518C1493.68,756.334 1492.58,756.827 1492.58,756.827L1498.27,757.077Z" style="fill:rgb(16,16,16);"/>
+                </g>
+                <g transform="matrix(0.160219,-0.0758207,0.0375643,0.247596,12627.7,-0.733956)">
+                    <path d="M1496.17,759.473L1555.54,720.014" style="fill:none;"/>
+                </g>
+                <g transform="matrix(0.160219,-0.0758207,0.0375643,0.247596,12627.7,-0.733956)">
+                    <path d="M1500.86,762.056C1500.86,762.056 1499.86,760.4 1503.09,757.456C1504.91,755.797 1507.33,754.151 1509.98,752.255C1514.82,748.79 1520.68,744.94 1526.52,741.049C1531.45,737.766 1536.38,734.479 1540.82,731.68C1544.52,729.349 1547.85,727.296 1550.54,725.8C1551.07,725.506 1551.6,725.329 1552.05,725.029C1554.73,723.257 1556.85,724.968 1556.85,724.968L1552.23,716.282C1552.23,716.282 1551.99,719.454 1550,720.997C1549.57,721.333 1549.15,721.741 1548.67,722.12C1546.2,724.053 1542.99,726.344 1539.39,728.867C1535.06,731.898 1530.13,735.166 1525.19,738.438C1519.35,742.314 1513.52,746.234 1508.49,749.329C1505.74,751.023 1503.28,752.577 1501.13,753.598C1497.99,755.086 1495.28,753.617 1495.28,753.617L1500.86,762.056Z" style="fill:rgb(16,16,16);"/>
+                </g>
+                <g transform="matrix(0.160219,-0.0758207,-0.0375643,-0.247596,12684.9,376.33)">
+                    <path d="M1496.17,759.473L1555.54,720.014" style="fill:none;"/>
+                </g>
+                <g transform="matrix(0.160219,-0.0758207,-0.0375643,-0.247596,12684.9,376.33)">
+                    <path d="M1496.1,754.362C1496.1,754.362 1497.2,755.607 1501.13,753.598C1503.25,752.509 1505.74,751.023 1508.49,749.329C1513.52,746.234 1519.35,742.314 1525.19,738.438C1530.13,735.166 1534.94,731.832 1539.27,728.802C1542.87,726.279 1549.36,722.059 1549.81,721.75C1552.75,719.73 1552.18,718.196 1552.18,718.196L1555.28,724.152C1555.28,724.152 1553.77,722.905 1551.37,724.681C1550.93,725.006 1544.52,729.349 1540.82,731.68C1536.38,734.479 1531.45,737.766 1526.52,741.049C1520.68,744.94 1514.82,748.79 1509.98,752.255C1507.33,754.151 1504.89,755.771 1503.09,757.456C1499.47,760.841 1501.26,763.283 1501.26,763.283L1496.1,754.362Z" style="fill:rgb(16,16,16);"/>
+                </g>
+                <g transform="matrix(0.156811,0,0,0.230771,12477,-400.567)">
+                    <g transform="matrix(94.7456,0,0,94.7456,2811.73,2063)">
+                        <path d="M0.449,-0.7L0.177,-0.7C0.185,-0.682 0.197,-0.654 0.2,-0.648C0.205,-0.639 0.216,-0.628 0.239,-0.628L0.32,-0.628C0.332,-0.628 0.336,-0.62 0.334,-0.611L0.128,-0L0.389,-0C0.412,-0 0.422,-0.01 0.427,-0.02L0.45,-0.071L0.255,-0.071C0.245,-0.071 0.239,-0.078 0.242,-0.09L0.449,-0.7Z" style="fill:rgb(16,16,16);fill-rule:nonzero;"/>
+                    </g>
+                    <g transform="matrix(94.7456,0,0,94.7456,2882.79,2063)">
+                        <path d="M0.214,-0.7L0.214,-0.015C0.215,-0.01 0.218,-0 0.235,-0L0.286,-0L0.286,-0.672C0.286,-0.684 0.278,-0.7 0.257,-0.7L0.214,-0.7Z" style="fill:rgb(16,16,16);fill-rule:nonzero;"/>
+                    </g>
+                    <g transform="matrix(94.7456,0,0,94.7456,2944.37,2063)">
+                        <path d="M0.441,-0.7L0.155,-0.7C0.143,-0.7 0.133,-0.69 0.133,-0.678L0.133,-0.629L0.234,-0.629L0.234,-0.015C0.234,-0.01 0.237,-0 0.254,-0L0.305,-0L0.305,-0.612C0.306,-0.621 0.313,-0.629 0.323,-0.629L0.379,-0.629C0.402,-0.629 0.413,-0.639 0.417,-0.648L0.441,-0.7Z" style="fill:rgb(16,16,16);fill-rule:nonzero;"/>
+                    </g>
+                    <g transform="matrix(94.7456,0,0,94.7456,3010.69,2063)">
+                        <path d="M0.422,-0L0.343,-0L0.28,-0.482L0.217,-0L0.138,-0L0.244,-0.7L0.283,-0.7C0.313,-0.7 0.318,-0.681 0.321,-0.662L0.422,-0Z" style="fill:rgb(16,16,16);fill-rule:nonzero;"/>
+                    </g>
+                    <g transform="matrix(94.7456,0,0,94.7456,3077.96,2063)">
+                        <path d="M0.186,-0.7L0.186,-0L0.325,-0C0.374,-0 0.413,-0.039 0.414,-0.088L0.414,-0.612C0.413,-0.661 0.374,-0.7 0.325,-0.7L0.186,-0.7ZM0.343,-0.108C0.343,-0.081 0.325,-0.071 0.305,-0.071L0.258,-0.071L0.258,-0.628L0.305,-0.628C0.325,-0.628 0.343,-0.618 0.343,-0.592L0.343,-0.108Z" style="fill:rgb(16,16,16);fill-rule:nonzero;"/>
+                    </g>
+                    <g transform="matrix(94.7456,0,0,94.7456,3149.02,2063)">
+                        <path d="M0.291,-0.071L0.291,-0.314C0.291,-0.323 0.299,-0.331 0.308,-0.331L0.338,-0.331C0.361,-0.331 0.371,-0.341 0.376,-0.35C0.379,-0.356 0.391,-0.385 0.399,-0.403L0.291,-0.403L0.291,-0.611C0.291,-0.621 0.298,-0.628 0.308,-0.628L0.366,-0.628C0.389,-0.628 0.4,-0.639 0.404,-0.648L0.428,-0.7L0.241,-0.7C0.229,-0.7 0.22,-0.691 0.219,-0.68L0.219,-0L0.379,-0C0.402,-0 0.413,-0.01 0.418,-0.019C0.421,-0.025 0.433,-0.053 0.441,-0.071L0.291,-0.071Z" style="fill:rgb(16,16,16);fill-rule:nonzero;"/>
+                    </g>
+                    <g transform="matrix(94.7456,0,0,94.7456,3220.08,2063)">
+                        <path d="M0.283,-0.071L0.283,-0.678C0.283,-0.69 0.273,-0.699 0.261,-0.7L0.211,-0.7L0.211,-0L0.383,-0C0.406,-0 0.417,-0.01 0.422,-0.019C0.425,-0.025 0.437,-0.053 0.445,-0.071L0.283,-0.071Z" style="fill:rgb(16,16,16);fill-rule:nonzero;"/>
+                    </g>
+                </g>
+            </g>
+        </g>
+    </g>
+    <defs>
+        <linearGradient id="_Linear1" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-41.5984,155.247,-155.247,-41.5984,201.516,76.8392)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear2" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(155.247,-41.5984,41.5984,155.247,110.08,195.509)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear3" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-113.649,-113.649,113.649,-113.649,258.31,215.618)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear4" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-155.247,41.5984,-41.5984,-155.247,220.914,144.546)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear5" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-113.649,113.649,113.649,113.649,206.837,124.661)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear6" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-41.5984,-155.247,-155.247,41.5984,152.054,262.8)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+    </defs>
+</svg>
diff --git a/login/apps/login/public/zitadel-logo-light.svg b/login/apps/login/public/zitadel-logo-light.svg
new file mode 100644
index 0000000000..d48a5eeb94
--- /dev/null
+++ b/login/apps/login/public/zitadel-logo-light.svg
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 295 80" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;strokeLinejoin:round;stroke-miterlimit:2;">
+    <g id="zitadel-logo-light" transform="matrix(1,0,0,1,-20.9181,-89.5699)">
+        <rect x="20.918" y="89.57" width="294.943" height="79.632" style="fill:none;"/>
+        <g transform="matrix(2.73883,0,0,1.55076,-35267,23.6366)">
+            <g transform="matrix(0.160219,-0.0758207,0.0429306,0.282967,12622.8,-105.843)">
+                <path d="M1493.5,1056.38L1493.5,1037L1496.5,1037L1496.5,1061.62L1426.02,1020.38L1496.5,979.392L1496.5,1004L1493.5,1004L1493.5,984.608L1431.98,1020.39L1493.5,1056.38Z" style="fill:white;"/>
+            </g>
+            <g>
+                <g transform="matrix(-0.0429306,-0.282967,0.160219,-0.0758207,12884.5,137.392)">
+                    <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear1);"/>
+                </g>
+                <g transform="matrix(0.160219,0.0758207,-0.0429306,0.282967,12878.9,10.8747)">
+                    <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear2);"/>
+                </g>
+                <g transform="matrix(-0.117289,0.207146,-0.117289,-0.207146,12943.8,65.7)">
+                    <path d="M212.517,110L200.392,110L190,92L179.608,110L167.483,110L190,71L212.517,110Z" style="fill:url(#_Linear3);"/>
+                </g>
+                <g transform="matrix(-0.160219,-0.0758207,0.0429306,-0.282967,12917.4,132.195)">
+                    <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear4);"/>
+                </g>
+                <g transform="matrix(-0.117289,0.207146,0.117289,0.207146,12897.8,5.87512)">
+                    <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear5);"/>
+                </g>
+                <g transform="matrix(-0.0429306,-0.282967,-0.160219,0.0758207,12936.8,97.6441)">
+                    <path d="M139.622,117L149,142L130.244,142L139.622,117Z" style="fill:url(#_Linear6);"/>
+                </g>
+            </g>
+            <g transform="matrix(0.160219,-0.0758207,0.0429306,0.282967,12622.6,-105.767)">
+                <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+            </g>
+            <g transform="matrix(0.160219,-0.0758207,0.0429306,0.282967,12624.1,-96.4295)">
+                <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+            </g>
+            <g transform="matrix(0.160219,-0.0758207,0.0429306,0.282967,12625,-90.2042)">
+                <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+            </g>
+            <g transform="matrix(0.160219,-0.0758207,0.0429306,0.282967,12612.8,-96.1272)">
+                <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+            </g>
+            <g transform="matrix(0.160219,-0.0758207,0.0429306,0.282967,12621.7,-111.993)">
+                <circle cx="1496" cy="1004" r="7" style="fill:white;"/>
+            </g>
+            <g transform="matrix(0.160219,-0.0758207,0.0375643,0.247596,12637.2,-10.9628)">
+                <path d="M1499.26,757.787C1499.26,757.787 1497.37,756.489 1497,755.2C1496.71,754.182 1496.57,750.662 1496.54,750C1496.41,747.303 1499.21,745.644 1499.21,745.644L1490.01,745.835C1490.01,745.835 1493.15,745.713 1493.46,750C1493.51,750.661 1493.23,753.476 1493,755.2C1492.91,756.447 1491.2,757.668 1491.2,757.668L1499.26,757.787Z" style="fill:white;"/>
+            </g>
+            <g transform="matrix(0.160219,-0.0758207,0.0375643,0.247596,12639.5,4.60032)">
+                <path d="M1495,760L1495,744" style="fill:none;"/>
+            </g>
+            <g transform="matrix(0.160219,-0.0758207,0.0375643,0.247596,12639.5,4.60032)">
+                <path d="M1498.27,757.077C1498.27,757.077 1496.71,756.46 1496.65,754.8C1496.65,753.658 1496.64,753.281 1496.65,752.016C1496.62,751.334 1496.59,750.608 1496.65,749.949C1496.78,746.836 1498.5,746.156 1498.5,746.156L1491.46,745.931C1491.46,745.931 1493.37,746.719 1493.65,749.83C1493.71,750.489 1493.69,751.528 1493.65,752.209C1493.64,753.331 1493.64,753.413 1493.65,754.518C1493.68,756.334 1492.58,756.827 1492.58,756.827L1498.27,757.077Z" style="fill:white;"/>
+            </g>
+            <g transform="matrix(0.160219,-0.0758207,0.0375643,0.247596,12627.7,-0.733956)">
+                <path d="M1496.17,759.473L1555.54,720.014" style="fill:none;"/>
+            </g>
+            <g transform="matrix(0.160219,-0.0758207,0.0375643,0.247596,12627.7,-0.733956)">
+                <path d="M1500.86,762.056C1500.86,762.056 1499.86,760.4 1503.09,757.456C1504.91,755.797 1507.33,754.151 1509.98,752.255C1514.82,748.79 1520.68,744.94 1526.52,741.049C1531.45,737.766 1536.38,734.479 1540.82,731.68C1544.52,729.349 1547.85,727.296 1550.54,725.8C1551.07,725.506 1551.6,725.329 1552.05,725.029C1554.73,723.257 1556.85,724.968 1556.85,724.968L1552.23,716.282C1552.23,716.282 1551.99,719.454 1550,720.997C1549.57,721.333 1549.15,721.741 1548.67,722.12C1546.2,724.053 1542.99,726.344 1539.39,728.867C1535.06,731.898 1530.13,735.166 1525.19,738.438C1519.35,742.314 1513.52,746.234 1508.49,749.329C1505.74,751.023 1503.28,752.577 1501.13,753.598C1497.99,755.086 1495.28,753.617 1495.28,753.617L1500.86,762.056Z" style="fill:white;"/>
+            </g>
+            <g transform="matrix(0.160219,-0.0758207,-0.0375643,-0.247596,12684.9,376.33)">
+                <path d="M1496.17,759.473L1555.54,720.014" style="fill:none;"/>
+            </g>
+            <g transform="matrix(0.160219,-0.0758207,-0.0375643,-0.247596,12684.9,376.33)">
+                <path d="M1496.1,754.362C1496.1,754.362 1497.2,755.607 1501.13,753.598C1503.25,752.509 1505.74,751.023 1508.49,749.329C1513.52,746.234 1519.35,742.314 1525.19,738.438C1530.13,735.166 1534.94,731.832 1539.27,728.802C1542.87,726.279 1549.36,722.059 1549.81,721.75C1552.75,719.73 1552.18,718.196 1552.18,718.196L1555.28,724.152C1555.28,724.152 1553.77,722.905 1551.37,724.681C1550.93,725.006 1544.52,729.349 1540.82,731.68C1536.38,734.479 1531.45,737.766 1526.52,741.049C1520.68,744.94 1514.82,748.79 1509.98,752.255C1507.33,754.151 1504.89,755.771 1503.09,757.456C1499.47,760.841 1501.26,763.283 1501.26,763.283L1496.1,754.362Z" style="fill:white;"/>
+            </g>
+            <g transform="matrix(0.156811,0,0,0.230771,12477,-400.567)">
+                <g transform="matrix(94.7456,0,0,94.7456,2811.73,2063)">
+                    <path d="M0.449,-0.7L0.177,-0.7C0.185,-0.682 0.197,-0.654 0.2,-0.648C0.205,-0.639 0.216,-0.628 0.239,-0.628L0.32,-0.628C0.332,-0.628 0.336,-0.62 0.334,-0.611L0.128,-0L0.389,-0C0.412,-0 0.422,-0.01 0.427,-0.02L0.45,-0.071L0.255,-0.071C0.245,-0.071 0.239,-0.078 0.242,-0.09L0.449,-0.7Z" style="fill:white;fill-rule:nonzero;"/>
+                </g>
+                <g transform="matrix(94.7456,0,0,94.7456,2882.79,2063)">
+                    <path d="M0.214,-0.7L0.214,-0.015C0.215,-0.01 0.218,-0 0.235,-0L0.286,-0L0.286,-0.672C0.286,-0.684 0.278,-0.7 0.257,-0.7L0.214,-0.7Z" style="fill:white;fill-rule:nonzero;"/>
+                </g>
+                <g transform="matrix(94.7456,0,0,94.7456,2944.37,2063)">
+                    <path d="M0.441,-0.7L0.155,-0.7C0.143,-0.7 0.133,-0.69 0.133,-0.678L0.133,-0.629L0.234,-0.629L0.234,-0.015C0.234,-0.01 0.237,-0 0.254,-0L0.305,-0L0.305,-0.612C0.306,-0.621 0.313,-0.629 0.323,-0.629L0.379,-0.629C0.402,-0.629 0.413,-0.639 0.417,-0.648L0.441,-0.7Z" style="fill:white;fill-rule:nonzero;"/>
+                </g>
+                <g transform="matrix(94.7456,0,0,94.7456,3010.69,2063)">
+                    <path d="M0.422,-0L0.343,-0L0.28,-0.482L0.217,-0L0.138,-0L0.244,-0.7L0.283,-0.7C0.313,-0.7 0.318,-0.681 0.321,-0.662L0.422,-0Z" style="fill:white;fill-rule:nonzero;"/>
+                </g>
+                <g transform="matrix(94.7456,0,0,94.7456,3077.96,2063)">
+                    <path d="M0.186,-0.7L0.186,-0L0.325,-0C0.374,-0 0.413,-0.039 0.414,-0.088L0.414,-0.612C0.413,-0.661 0.374,-0.7 0.325,-0.7L0.186,-0.7ZM0.343,-0.108C0.343,-0.081 0.325,-0.071 0.305,-0.071L0.258,-0.071L0.258,-0.628L0.305,-0.628C0.325,-0.628 0.343,-0.618 0.343,-0.592L0.343,-0.108Z" style="fill:white;fill-rule:nonzero;"/>
+                </g>
+                <g transform="matrix(94.7456,0,0,94.7456,3149.02,2063)">
+                    <path d="M0.291,-0.071L0.291,-0.314C0.291,-0.323 0.299,-0.331 0.308,-0.331L0.338,-0.331C0.361,-0.331 0.371,-0.341 0.376,-0.35C0.379,-0.356 0.391,-0.385 0.399,-0.403L0.291,-0.403L0.291,-0.611C0.291,-0.621 0.298,-0.628 0.308,-0.628L0.366,-0.628C0.389,-0.628 0.4,-0.639 0.404,-0.648L0.428,-0.7L0.241,-0.7C0.229,-0.7 0.22,-0.691 0.219,-0.68L0.219,-0L0.379,-0C0.402,-0 0.413,-0.01 0.418,-0.019C0.421,-0.025 0.433,-0.053 0.441,-0.071L0.291,-0.071Z" style="fill:white;fill-rule:nonzero;"/>
+                </g>
+                <g transform="matrix(94.7456,0,0,94.7456,3220.08,2063)">
+                    <path d="M0.283,-0.071L0.283,-0.678C0.283,-0.69 0.273,-0.699 0.261,-0.7L0.211,-0.7L0.211,-0L0.383,-0C0.406,-0 0.417,-0.01 0.422,-0.019C0.425,-0.025 0.437,-0.053 0.445,-0.071L0.283,-0.071Z" style="fill:white;fill-rule:nonzero;"/>
+                </g>
+            </g>
+        </g>
+    </g>
+    <defs>
+        <linearGradient id="_Linear1" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-41.5984,155.247,-155.247,-41.5984,201.516,76.8392)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear2" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(155.247,-41.5984,41.5984,155.247,110.08,195.509)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear3" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-113.649,-113.649,113.649,-113.649,258.31,215.618)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear4" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-155.247,41.5984,-41.5984,-155.247,220.914,144.546)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear5" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-113.649,113.649,113.649,113.649,206.837,124.661)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+        <linearGradient id="_Linear6" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(-41.5984,-155.247,-155.247,41.5984,152.054,262.8)"><stop offset="0" style="stop-color:rgb(255,143,0);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(254,0,255);stop-opacity:1"/></linearGradient>
+    </defs>
+</svg>
diff --git a/login/apps/login/readme.md b/login/apps/login/readme.md
new file mode 100644
index 0000000000..ca7070a901
--- /dev/null
+++ b/login/apps/login/readme.md
@@ -0,0 +1,394 @@
+# ZITADEL Login UI
+
+This is going to be our next UI for the hosted login. It's based on Next.js 13 and its introduced `app/` directory.
+
+## Flow Diagram
+
+This diagram shows the available pages and flows.
+
+> Note that back navigation or retries are not displayed.
+
+```mermaid
+    flowchart TD
+    A[Start] --> register
+    A[Start] --> accounts
+    A[Start] --> loginname
+    loginname -- signInWithIDP --> idp-success
+    loginname -- signInWithIDP --> idp-failure
+    idp-success --> B[signedin]
+    loginname --> password
+    loginname -- hasPasskey --> passkey
+    loginname -- allowRegister --> register
+    passkey-add --passwordAllowed --> password
+    passkey -- hasPassword --> password
+    passkey --> B[signedin]
+    password -- hasMFA --> mfa
+    password -- allowPasskeys --> passkey-add
+    password -- reset --> password-set
+    email -- reset --> password-set
+    password-set --> B[signedin]
+    password-change --> B[signedin]
+    password -- userstate=initial --> password-change
+
+    mfa --> otp
+    otp --> B[signedin]
+    mfa--> u2f
+    u2f -->B[signedin]
+    register -- password/passkey --> B[signedin]
+    password --> B[signedin]
+    password-- forceMFA -->mfaset
+    mfaset --> u2fset
+    mfaset --> otpset
+    u2fset --> B[signedin]
+    otpset --> B[signedin]
+    accounts--> loginname
+    password -- not verified yet -->verify
+    register-- withpassword -->verify
+    passkey-- notVerified --> verify
+    verify --> B[signedin]
+```
+
+### /loginname
+
+This page shows a loginname field and Identity Providers to login or register.
+If `loginSettings(org?).allowRegister` is `true`, it also shows a link to jump to /register
+
+<img src="./screenshots/loginname.png" alt="/loginame" width="400px" />
+
+Requests to the APIs made:
+
+- `getLoginSettings(org?)`
+- `getLegalAndSupportSettings(org?)`
+- `getIdentityProviders(org?)`
+- `getBrandingSettings(org?)`
+- `getActiveIdentityProviders(org?)`
+- `startIdentityProviderFlow`
+- `listUsers(org?)`
+- `listAuthenticationMethodTypes`
+- `getOrgsByDomain`
+- `createSession()`
+- `getSession()`
+
+After a loginname is entered, a `listUsers` request is made using the loginName query to identify already registered users.
+
+**USER FOUND:** If only one user is found, we query `listAuthenticationMethodTypes` to identify future steps.
+If no authentication methods are found, we render an error stating: _User has no available authentication methods._ (exception see below.)
+Now if only one method is found, we continue with the corresponding step (/password, /passkey).
+If multiple methods are set, we prefer passkeys over any other method, so we redirect to /passkey, second option is IDP, and third is password.
+If password is the next step, we check `loginSettings.passkeysType` for PasskeysType.ALLOWED, and prompt the user to setup passkeys afterwards.
+
+**NO USER FOUND:** If no user is found, we check whether registering is allowed using `loginSettings.allowRegister`.
+If `loginSettings?.allowUsernamePassword` is not allowed we continue to check for available IDPs. If a single IDP is available, we directly redirect the user to signup.
+
+If no single IDP is set, we check for `loginSettings.allowUsernamePassword` and if no organization is set as context, we check whether we can discover a organization from the loginname of the user (using: `getOrgsByDomain`). Then if an organization is found, we check whether domainDiscovery is allowed on it and redirect the user to /register page including the discovered domain or without.
+
+If no previous condition is met we throw an error stating the user was not found.
+
+**EXCEPTIONS:** If the outcome after this order produces a no authentication methods found, or user not found, we check whether `loginSettings?.ignoreUnknownUsernames` is set to `true` as in this case we redirect to the /password page regardless (to prevent username guessing).
+
+> NOTE: This page at this stage beeing ignores local sessions and executes a reauthentication. This is a feature which is not implemented yet.
+
+> NOTE: We ignore `loginSettings.allowExternalIdp` as the information whether IDPs are available comes as response from `getActiveIdentityProviders(org?)`. If a user has a cookie for the same loginname, a new session is created regardless and overwrites the old session. The old session is not deleted from the login as for now.
+
+> NOTE: `listAuthenticationMethodTypes()` does not consider different domains for u2f methods or passkeys. The check whether a user should be redirected to one of the pages `/passkey` or `/u2f`, should be extended to use a domain filter (https://github.com/zitadel/zitadel/issues/8615)
+
+### /password
+
+This page shows a password field to hydrate the current session with password as a factor.
+Below the password field, a reset password link is shown which allows to send a reset email.
+
+<img src="./screenshots/password.png" alt="/password" width="400px" />
+
+Requests to the APIs made:
+
+- `getLoginSettings(org?)`
+- `getBrandingSettings(org?)`
+- `listAuthenticationMethodTypes`
+- `getSession()`
+- `updateSession()`
+- `listUsers()`
+- `getUserById()`
+
+**MFA AVAILABLE:** After the password has been submitted, additional authentication methods are loaded.
+If the user has set up an additional **single** second factor, it is redirected to add the next factor. Depending on the available method he is redirected to `/otp/time-based`,`/otp/sms?`, `/otp/email?` or `/u2f?`. If the user has multiple second factors, he is redirected to `/mfa` to select his preferred method to continue.
+
+**NO MFA, USER STATE INITIAL** If the user has no MFA methods and is in an initial state, we redirect to `/password/change` where a new password can be set.
+
+**NO MFA, FORCE MFA:** If no MFA method is available, and the settings force MFA, the user is sent to `/mfa/set` which prompts to setup a second factor.
+
+**PROMPT PASSKEY** If the settings do not enforce MFA, we check if passkeys are allowed with `loginSettings?.passkeysType == PasskeysType.ALLOWED` and redirect the user to `/passkey/set` if no passkeys are setup. This step can be skipped.
+
+If none of the previous conditions apply, we continue to sign in.
+
+> NOTE: `listAuthenticationMethodTypes()` does not consider different domains for u2f methods or passkeys. The check whether a user should be redirected to one of the pages `/passkey` or `/u2f`, should be extended to use a domain filter (https://github.com/zitadel/zitadel/issues/8615)
+
+### /password/change
+
+This page allows to change the password. It is used after a user is in an initial state and is required to change the password, or it can be directly invoked with an active session.
+
+<img src="./screenshots/password_change.png" alt="/password/change" width="400px" />
+
+Requests to the APIs made:
+
+- `getLoginSettings(org?)`
+- `getPasswordComplexitySettings(user?)`
+- `getBrandingSettings(org?)`
+- `getSession()`
+- `setPassword()`
+
+> NOTE: The request to change the password is using the session of the user itself not the service user, therefore no code is required.
+
+### /password/set
+
+This page allows to set a password. It is used after a user has requested to reset the password on the `/password` page.
+
+<img src="./screenshots/password_set.png" alt="/password/set" width="400px" />
+
+Requests to the APIs made:
+
+- `getLoginSettings(org?)`
+- `getPasswordComplexitySettings(user?)`
+- `getBrandingSettings(org?)`
+- `getUserByID()`
+- `setPassword()`
+
+The page allows to enter a code or be invoked directly from a email link which prefills the code. The user can enter a new password and submit.
+
+### /otp/[method]
+
+This page shows a code field to check an otp method. The session of the user is then hydrated with the respective factor. Supported methods are `time-based`, `sms` and `email`.
+
+<img src="./screenshots/otp.png" alt="/otp/[method]" width="400px" />
+
+Requests to the APIs made:
+
+- `getBrandingSettings(org?)`
+- `getSession()`
+- `updateSession()`
+
+If `email` or `sms` is requested as method, the current session of the user is updated to request the challenge. This will trigger an email or sms which can be entered in the code field.
+The `time-based` (TOTP) method does not require a trigger, therefore no `updateSession()` is performed and no resendLink under the code field is shown.
+
+The submission of the code updates the session and continues to sign in the user.
+
+### /u2f
+
+This page requests a webAuthN challenge for the user and updates the session afterwards.
+
+<img src="./screenshots/u2f.png" alt="/u2f" width="400px" />
+
+Requests to the APIs made:
+
+- `getBrandingSettings(org?)`
+- `getSession()`
+- `updateSession()`
+
+When updating the session for the webAuthN challenge, we set `userVerificationRequirement` to `UserVerificationRequirement.DISCOURAGED` as this will request the webAuthN method as second factor and not as primary method.
+After updating the session, the user is **always** signed in. :warning: required as this page is a follow up for setting up a u2f method.
+
+### /passkey
+
+This page requests a webAuthN challenge for the user and updates the session afterwards.
+It is invoked directly after setting up a passkey `/passkey/set` or when loggin in a user after `/loginname`.
+
+<img src="./screenshots/passkey.png" alt="/passkey" width="400px" />
+
+Requests to the APIs made:
+
+- `getBrandingSettings(org?)`
+- `getSession()`
+- `updateSession()`
+
+When updating the session for the webAuthN challenge, we set `userVerificationRequirement` to `UserVerificationRequirement.REQUIRED` as this will request the webAuthN method as primary method to login.
+After updating the session, the user is **always** signed in. :warning: required as this page is a follow up for setting up a passkey
+
+> NOTE: This page currently does not check whether a user contains passkeys. If this method is not available, this page should not be used.
+
+### /mfa/set
+
+This page loads login settings and the authentication methods for a user and shows setup options.
+
+<img src="./screenshots/mfaset.png" alt="/mfa/set" width="400px" />
+
+Requests to the APIs made:
+
+- `getBrandingSettings(org?)`
+- `getLoginSettings(user.org)` :warning: context taken from session
+- `getSession()`
+- `listAuthenticationMethodTypes()`
+- `getUserByID()`
+
+If a user has already setup a certain method, a checkbox is shown alongside the button and the button is disabled.
+OTP Email and OTP SMS only show up if the user has verified email or phone.
+If the user chooses a method he is redirected to one of `/otp/time-based/set`, `/u2f/set`, `/otp/email/set`, or `/otp/sms/set`.
+At the moment, U2F methods are hidden if a method is already added on the users resource. Reasoning is that the page should only be invoked for prompts. A self service page which shows up multiple u2f factors is implemented at a later stage.
+
+> NOTE: The session and therefore the user factor defines which login settings are checked for available options.
+
+> NOTE: `listAuthenticationMethodTypes()` does not consider different domains for u2f or passkeys. The check whether a user should be redirected to one of the pages `/passkey/set` or `/u2f/set`, should be extended to use a domain filter (https://github.com/zitadel/zitadel/issues/8615)
+
+### /passkey/set
+
+This page sets a passkey method for a user. This page can be either enforced, or optional depending on the Login Settings.
+
+<!-- screen is the same -->
+<img src="./screenshots/u2fset.png" alt="/passkey/set" width="400px" />
+
+Requests to the APIs made:
+
+- `getBrandingSettings(org?)`
+- `getSession()`
+- `createPasskeyRegistrationLink()` TODO: check if this can be used with the session token (mfa required (AUTHZ-Kl3p0))
+- `registerPasskey()`
+- `verifyPasskey()`
+
+If the loginname decides to redirect the user to this page, a button to skip appears which will sign the user in afterwards.
+After a passkey is registered, we redirect the user to `/passkey` to verify it again and sign in with the new method. The `createPasskeyRegistrationLink()` uses the token of the session which is determined by the flow.
+
+> NOTE: this page allows passkeys to be created only if the current session is valid (self service), or no authentication method is set (register). TODO: to be implemented.
+
+> NOTE: Redirecting the user to `/passkey` will not be required in future and the currently used session will be hydrated directly after registering. (https://github.com/zitadel/zitadel/issues/8611)
+
+### /otp/time-based/set
+
+This page registers a time based OTP method for a user.
+
+<img src="./screenshots/otpset.png" alt="/otp/time-based/set" width="400px" />
+
+Requests to the APIs made:
+
+- `getBrandingSettings(org?)`
+- `getSession()`
+- `registerTOTP()`
+- `verifyTOTP()`
+
+After the setup is done, the user is redirected to verify the TOTP method on `/otp/time-based`.
+
+> NOTE: Redirecting the user to `/otp/time-based` will not be required in future and the currently used session will be hydrated directly. (https://github.com/zitadel/zitadel/issues/8611)
+
+### /otp/email/set /otp/sms/set
+
+This page registers either an Email OTP method or SMS OTP method for a user.
+
+Requests to the APIs made:
+
+- `getBrandingSettings(org?)`
+- `getSession()`
+- `addOTPEmail()` / `addOTPSMS()`
+
+This page directly calls `addOTPEmail()` or `addOTPSMS()` when invoked and shows a success message.
+Right afterwards, redirects to verify the method.
+
+### /u2f/set
+
+This page registers a U2F method for a user.
+
+<img src="./screenshots/u2fset.png" alt="/u2f/set" width="400px" />
+
+Requests to the APIs made:
+
+- `getBrandingSettings(org?)`
+- `getSession()`
+- `registerU2F()` :warning: TODO: check if this can be used with the session token (mfa required (AUTHZ-Kl3p0))
+- `verifyU2FRegistration()`
+
+After a u2f method is registered, we redirect the user to `/passkey` to verify it again and sign in with the new method. The `createPasskeyRegistrationLink()` uses the token of the session which is determined by the flow.
+
+> NOTE: Redirecting the user to `/passkey` will not be required in future and the currently used session will be hydrated directly after registering. (https://github.com/zitadel/zitadel/issues/8611)
+
+### /register
+
+This page shows a register page, which gets firstname and lastname of a user as well as the email. It offers to setup a user, using password or passkeys.
+
+<img src="./screenshots/register.png" alt="/register" width="400px" />
+
+<img src="./screenshots/register_password.png" alt="register with password" width="400px" />
+
+Requests to the APIs made:
+
+- `listOrganizations()` :warning: TODO: determine the default organization if no context is set
+- `getLegalAndSupportSettings(org)`
+- `getPasswordComplexitySettings()`
+- `getBrandingSettings()`
+- `addHumanUser()`
+- `createSession()`
+- `getSession()`
+
+To register a user, the organization where the resource will be created is determined first. If no context is provided via url, we fall back to the default organization of the instance.
+
+**PASSWORD:** If a password is set, the user is created as a resource, then a session using the password check is created immediately. After creating the session, the user is directly logged in and eventually redirected back to the application.
+
+**PASSKEY:** If passkey is selected, the user is created as a resource first, then a session using the userId is created immediately. This session does not yet contain a check, we therefore redirect the user to setup a passkey at `/passkey/set`. As the passkey set page verifies the passkey right afterwards, the process ends with a signed in user.
+
+> NOTE: https://github.com/zitadel/zitadel/issues/8616 to determine the default organization of an instance must be implemented in order to correctly use the legal-, login-, branding- and complexitysettings.
+
+> NOTE: TODO: check which methods are allowed in the login settings, loginSettings.allowUsernamePassword / check for passkey
+
+### /idp
+
+This page doubles as /loginname but limits it to choose from IDPs
+
+<img src="./screenshots/idp.png" alt="/idp" width="400px" />
+
+Requests to the APIs made:
+
+- `getBrandingSettings(org?)`
+- `getActiveIdentityProviders(org?)`
+- `startIdentityProviderFlow()`
+
+### /idp/[method]/success /idp/[method]/failure
+
+Both /success and /failure pages are designed to intercept the responses from the IDPs and decide on how to continue with the process.
+
+### /verify
+
+This page verifies the email to be valid. It page of the login can also be invoked without an active session.
+The context of the user is taken from the url and is set in the email template.
+
+<img src="./screenshots/accounts.png" alt="/accounts" width="400px" />
+
+Requests to the APIs made:
+
+- `getBrandingSettings(org?)`
+- `getLoginSettings(org?)`
+- `verifyEmail()`
+
+If the page is invoked with an active session (right after a register with password), the user is signed in or redirected to the loginname if no context is known.
+
+> NOTE: This page will be extended to support invitations. In such case, authentication methods of the user are loaded and if none available, shown as possible next step (`/passkey/set`, `password/set`).
+
+### /accounts
+
+This page shows an overview of all current sessions.
+Sessions with invalid token show a red dot on the right side, Valid session a green dot, and its last verified date.
+
+<img src="./screenshots/accounts.png" alt="/accounts" width="400px" />
+
+This page is a starting point for self management, reauthentication, or can be used to clear local sessions.
+This page is also shown if used with OIDC and `prompt: select_account`.
+
+On all pages, where the current user is shown, you can jump to this page. This way, a session can quickly be reused if valid.
+
+<img src="./screenshots/accounts_jumpto.png" alt="jump to accounts" width="250px" />
+
+### /signedin
+
+This is a success page which shows a completed login flow for a user, which did navigate to the login without a OIDC auth requrest. From here device authorization flows are completed. It checks if the requestId param of starts with `device_` and then executes the `authorizeOrDenyDeviceAuthorization` command.
+
+<img src="./screenshots/signedin.png" alt="/signedin" width="400px" />
+
+In future, self service options to jump to are shown below, like:
+
+- change password
+- setup passkeys
+- setup mfa
+- change profile
+- logout
+
+> NOTE: This page has to be explicitly enabled or act as a fallback if no default redirect is set.
+
+## Currently NOT Supported
+
+- forceMFA on login settings is not checked for IDPs
+
+Also note that IDP logins are considered as valid MFA. An additional MFA check will be implemented in future if enforced.
diff --git a/login/apps/login/screenshots/accounts.png b/login/apps/login/screenshots/accounts.png
new file mode 100644
index 0000000000000000000000000000000000000000..a8591141c6d36b0ea77e56038d9d68d98ed24de5
GIT binary patch
literal 159830
zcmeFZ1yq$=+b&Ea2q+~Xu~ZZR0YL?65D<`*?(UTC78H;W1QaBs7PScJRuB-8?(Xhx
zICG(H#qB=dyU#dh{No?vWei}!dY<{rIq$yiYc4-22_bAuQcMH{1Z)vu0civT6k!Ae
zG|qEq;6IlXN^c?{U}hTe^Gk{F^FySpEcA^`^$-w*{lX*BrDWzVd7L<R@IMfFkc96P
zHjE^U@eWlg1c&7T9^}=<2VVZzxR$8hUjFCgZNd{ql@XNAU-kD9%+Xd05#&=MI?p0I
zjOv?HW-;u%(fswz#*lT3d-L8&$;sCegplwOZA;QjEZ$OKT8xby{ZF6jn4WkeAm2qq
zRYcHXU=;m|iH(i+Tx_7K@tHG1R8A2+wbjwV!3iy`3*V&+2sa7FP~0vtl8?zeublL|
zE{z~{fLrxZI?cgr;9`nM2paD4o6#g1irCSoA`iVAUO&IhQhgU;m5M<j6a~T0bC;yA
zoQmo~!+EXCxEePfD89%Ma&khW9Gf^7eU<5X@ZFbjZ&o8YMcf<TKw286ZZtR=GlqHX
z;OhHz6gQr<Oze(?#@>j|(t2@|MhWktuOg<EK35tEpVg)7U(dhMzv9m978<69__E_`
zqjtUcowx;jDvf9sMu#YTA2%{b3L0wdC{(4&v5s2}=fZj(y~<JQ_!|DTGd%g>m!k%x
zAWnA)D}l|s2Imu}#jWLy9a_b(RF)$@S5F?D7dRfiV|z5|EZMT(=;lMVr)*>;;Nh||
z_~sb(YPVQ(Cb6T1i)ZkPm{=00`mL>q9z3YemkCs(V=H%gyJ8m@!5+k*+xJV$ZJ*1;
z>`fln%)F!tcpnfxeh#~UApMbf?$g6wlJO}#E$R2KK0Yvi?eP(JEmQx_qUj<T!t3H}
znYbE`{YkE;vpohbj*<vZg2^c<c{nD{KWv`pgdltxBZ(8CN0{6|P*rOQ6L}AH3A4vQ
ze$I>0>cQTMi1vX%5s70IWzd6Y71a}hBH*EzL%hn%EG)#Xfhq4*5RX9MNw0~16aC-=
zpA>44Cw@HcTU4TtginxdJj+ILXHk(y35gLYKM<qv-G7et_=>GC5wq7V2*+~_N8U=Q
z+XQH}57wmcsJwJr9~qL%qJ;BKwIZgH?vt=1t3A!)8)`*Py+G<U{6IsKK+MZ1hs6|2
zrAF*ED*8v<)vNb0nx9&ax;WsgqA64hjiK#cbwRE?zf+w(`j~*1CVuuN*Q@LPe%gr-
zq%2bfUZE6_$~~tQluMYGYD%^1G?QgCCf*_m6qISh%D>)^P3{pSu+jQvwrf_~hOHEH
z$itj}<l)Xcq1F*5-4~bYkS6@cG_`MwyiR_NBt|oRd;0D)^E87#!UkeMZF}wwMFUd=
zmP^rIYM%6U%OAUSRC0!T-4<`+Jd>$c8XdH}a-TuMpYFp_HF>SthoNfhQSLFq)lvtJ
za!PI-#_E|d(Y1TK8@npIM7vC0%paeRK00@06{8U&8spiyrl-+Q5vz$G`xrj3p?-K#
z=DCTV-Y52Py>Xp!4pdZBS5zXOJ<JC_sy@s<6POBw`vlx!H>s@gqVq$ju9;mWzfurF
z5i<O;L09KJ5nIr$>lRlP!Wdu1h4Roy6T%4C{9S7A`4jqM`xg;t(BZy%@k;SgK)BVb
zN8u8*L$ajuH*Q|0%L_00k`Ye#s^#X00)^bW^xpKRsYw|G8J(%BG9*c(H|q#AFylfc
z*@R03=Aa3wXtFHfLTW->0u^H9@mfYV?&8q<$O~{hTu2H`m6j!!O_YsHlTVG6SxQcv
zt+T=53aotN=H(WAtQWC;tNYf+%)q>P{h_F>$Ko<gqT=!Lsq)!&3QGa({6h*{a;_Op
ziTn82`MxD}E`iCU&i5EhuuR(T4&8N(@`<9pOKJR3d0JUZnJyp4*w!%6c){?%B%r|F
zNTZ#i``v=WT+*y*4_o$~B+;&|R>FDno{IQ`(05-nnc9i<Ua-_XkBw0Gh!tD$P=^k`
zuJm(Da*K7VIL1d#K<t3DX_oP2e0=^cYfQB!+_%8@Lg2ZFVu`wmF%Op>QU;2@NDO2p
zW+lB4mHOt1n3b5ZI7M`*IG6YxaXRsp*IG@l_0#m7zm|U0vKHFV-N4+4zLet==F_Sj
zEVyI()ikm%p)WjdMJ4o>Qbb=wL4>QkO@?L$XU4;fo^Ic6%Wf6e0IX`@et%LQ*?UJ_
z(Om5OraZGkR}%yC`n-&sG9AgnojeVl5#5uzkJWsmIX&;{U(Vm}vGmr-m|&$gp!SoA
z=?KYtXI;KwK64;OdgqnW*YbHU%QZWt39Ig@yo|7n&aI~lapn=`Y3BFLy{*Nj&rOp>
zb*yBqG~4ow4ljIMeZJGX(zcK`)3BAf=`yW1TD!x(xaFl+_ehIeuVTA!Ey5vg`}nh+
zUbc48ZoJE(E2b;ED^2Cg%Bf1pqs^nxL*t`|hvY{JyG1CPNM1;VXoE9`)(&rtn}y@8
zN7FwPLZqb}q#RrGG&eLwo@}T(n2!#cSyQ&$iK33`Ax3&||H{CF*r!oX^?i?-DLHs-
z+-eVJv<kK8YWi!^#zd=4s(Az)giM1R2#iQ+0!#y?{gsL3$hVmKsY|I!S?k#K<-P_g
z1}bWq%8)TI&@Mk2oJATz<+y}(%SKf(XLa~$m|){2HI>ZV`(|q;*B^-%i%Qh#j3-W*
zj8|Fl7l#kFp-5COKgFepE(+W6U#T5wro<~g{|JQ<ZwOx$4?S!!tnfPab>|zAH!hs-
ztF{`8e&zAXm4;G=UphD`2r3Bef=+ZybhJFbnIQXE#aE*4{R{J4pJLv@=((tpYt{mI
zRBUfi_2|DChqi}&Oy$?7RbgCc-2R;P`8fZs@mzx*ZKFUVdqgzjNb#XykVdm4T`Qdf
zowC9_OttL21))ioXIJa|(=M0^R`+B!$>*&Wn6jv9bm?{vXLNaJ`OZQ@&%GIwnVIRG
z>>Ujam3T!6O>xynvzkiER-SY2vxA0JmOXVVK8Mu{f-Hi`f*JviwLR|nN4bmjYvO*<
z?5rGS!)2&tg85U!@+~mA>$KO|t{)9do164D_o^2k9R*$I$O>nFwLBm)NHfr<a!Iv2
zzwt>=gqlWUSmTPkgF@#@cYlTDPCeHlSJAf95^Mlkk!?5<c~pJGg?@P9t}LlS1jQ$c
zuiU$bQl0O%<6iT~QFh-~wb>oOZF@PKo|9f^JTpH}3X5tgcmm6`o1LvrRI7Ihy4R)D
zO`ZzvAtFbw*Q?h!COg@vz~`e@mSmRfj$vjmIJmoIqlMg=Q?8Z7RFYdnQ<!!jHu|Pp
zzi7InO7X~QGIO}k-#UGUC5}3_g@?!O%1pIkK(XGgc6;q{_jOn>L#=9Q2TK)f!>V;E
zL*Xz>)!3jwqj=tJYw=!>i9yz#Y}Vl?rERTay_Wk5^%|1)?6xd}HkEyyQ|(=YT+o9<
z`W6);i-W;Rt7q0TbwiH!Wh;Wi3nf*nZWb4+3|9I2y;(2hQ3i2+aed*ax+}0JGA9Fr
zhF85gk{?;<bk1slW=|;X<_R5@A1hQD939(2PT2Mw=gtoib$Q!)8$3JoEmdc5U|W53
zXlz<MdLf+0u8PIgbzU-?hvT94L$qPx;TKi(ZqVc9&(6<wV2SS%C3%wEi4PQaMUG^;
z45nwc8QV0}U(g@<A1H4(Evjtn#IFR`chuL{s$$q%5%6BYq`rZ)x_yqB`V$iG(u3(|
zs4^RyNxU*A2w^D4_>xV7VdE&g<k~mtuG*bPsK>q6ENFGD1^?RPr$io0OH=Gz2NKP5
z_+Em?irWWbt=?t<Rv&qEjeSo<M^5rJuVx_cLXU`=qtNSWu=RUD`s%NzD55Vejz9}u
zpF==FBt<|4uMojEH{#{LUOz;<iGY0ie<TEiXGRDp->;DXzu{jY;2VC=x8KO2z6j{x
zFFf$=5RdfZY82sk<R7omIKg`ed@}qZBH*`-j+LICxwWB%jYB4u3-|}d6JaH5kXv7e
ze<O-WQ>}vWdyQljZ4|}D*mW$-7_@XPwDlMq%$~r<LEv;?2QSU^Y_uQ_W~S!W><(O4
zPp@DHui^h@yb3wJ#Kwf{s-n0Qgx|tS55mH5o8k6VZcGRS!fB<e&n_+S@cZrHFRrVG
zHa1V#85!;E?HTOvFj!a_Ffy^Ru`%9eW@Kij2UpNrJDS^QInbM1U;8%5k8uR_taYr6
zp4b>!m_y*>YH3^8+HhUH3V+aFU*G1b=V0{nN#@qymjxEc2!Dr>iQzWmUt@z?IpP0h
zmojqDGgT5WG6Q=Cp25v@kBx=%^oGB^_4ARx+^YD?t+&tK`pa9t-zsOVXT@(}1|Dj|
z{ZnAypZn{Z-*4n(gs=UVz4*4#r~d^z&5g;)_?OhUF<q~`#RY;SGZK)L1;2rs!M~6x
zzz<Mf!GD8qL{=KFU5GjY0xyDy0H3S_;^GkcTPnf5lePXU);T$3)Q`$huIlrB@>ql3
zoZh_l9HsWf>pKbKl1u@b@+f?Kk8j6oH(&L~9qRJop}i^`a`TCwx4Zj6YTvv;+?yDw
zvJU$VBaPv&ow7Zh<<8qdd*)jm*Az5dx0XDy5m7GkBAod_tnG=56ncewzufk3@7+W_
zC%g-RcpxC1`}N0%*7Fxbu#SX4{rLN65Xjh_-!Df%;%DULW!|JjMEL!3UJs9_Ex(Np
z{=}+4Kx}ArM*;hDX0G5*Bs^~9Gn0YeeR~rLg^K?KZ2a$+qksiq{W|y4hy8Z}KR4>X
z5;)b@|EkbWTl=pOpL&e{dZC~0`oC`UH0b;{ko}DK|Bb}(tmyx0Dxpihi<PPFs?vI5
zQFXNaWWcN_az%KjV`=+|GcnDv!GKO&#FF5%m*Xc+Zn~2}M*#x~SC;!bV0IdJ#F&?(
z6y}XM%Q`xDWwNd7&)4~CN3O?QFS2{pOexBrSZlVwAX#DRGSZ>JGvYGNId1k=W2116
z=U(<_rlr-04&!AdETb6`%6f%`6P8M4va~r84OjVT$`PTAf&0<N783_1!|W^66we$u
z0=XovNw9J=SWJA*W#V3*W?5dS<aK$UIIx?ZYwa>vPQUzVr*EF6@?_Tq{1xb3R<ssA
z9tNYR-&QxD=sj|-eL23A-$#I*%-{CTrC_(X$;{@xTT}g7?Yd+Yv132S^E)dOg*zDa
zeV=g0C#KCTsUt0Hg0t@}S#J2bEq{7b&on;qw#agEjxuDIHn%>%UXZ^icFmf^BHDay
zYRSxHjjbeR8z(@a0DpXK@o;d$-{f#F8a8l|H1K7sVm2;|qWe+KnD6DMfh_$wyBuP1
zT!mV=5Qvg!a6VFiiiH~fi&^@7tovUqBIc!B6ZKAZSH#w3H?l7;_0)DBBB>0%p-8&V
zc(<mv$&ujbOGTJv^n~QWg-{YSvyIKop0Wv^S%2#8Lv-a03Df6yM9l}vc_Ss8IO8Vu
zdJy{1W-KGaW)luN*W$+gPP8stWIUs*tl7P~W?44STXfJOGnm)4l&?TfI$o|aBtIgV
z@lxj?U*Tr#^OeLdv%#X1f!%q_q}^gil|iE|Zt&Jz-N*6G37wt7y+^fqme0&BhCDfp
zUu08oNIH{^xW83%8LVA;VL?~vAX(I*Pi7FcRtWVA=V-cLHcM=9nbO{pqls05)$PUj
z#I2$`m5I9&rNx2x3vShxEc6y-Px5(Mwk<nKcIN81%8JeQn*Es)6pD)0rY79h);fC{
zdzqKI5)E9o;Np9mvNf4|d~o-H#1V(Lf>x+Y>}qP!Gq)htVTZ(=xs>RqTRj@tuWt>M
zGVt=gzeF(xc3JJ|wT#9$kteGJJFo1_-#63=ekpm}tLcsXg>v*^V(z6%j+7T?%7U*k
zALhF<YSQI0s^9C;Rnr#@;+dDPrD*FNn}uVTmd@2_Z8Xiu^*iJ&V_Xc$6s(uc;FgCe
z4{-)Qlo`?V-m1}$ZaTj)ZB}}z0zbw7%*dSzqooVx=X%tg)f6kWYomO)Yrjys?vRoX
zz38Ia;xct@dEt>{QC&j9TOcS8E8Pl`G3xF_>a%KWyIMPFYJTHG#@X_M|HhN1dp*8%
zS;eIeJtoa0mucjegUw1DON`w=-}D_{!VAeneWpYwB%dXF|GobEM+`;%#-eUFd%Se&
z32=YrV7!`3mlP{q9E%s<(|zfp`XVCxMbp&uRXCN&j+U)~B=7k9&Wy)n!sYBu4=<Zt
zoNgIOKYW+jbL$QEnNlss95Yp-f#<|g>2ad2(jHpRh-Ss@s@>#!1Etq_d8Icd(zG)(
z6o`oC=p%v+r#^e3ZeR!*yM294@#`p=&PbRd$7{i&HU0?<e)2ml(M2MUFN7+GEVRG8
z0ZChHlfC&~yB22ub#*(ZiRJu#SV~=eK-!gG%D@k$^zj{L43)c~<KkIqBFyf`5pRw2
zaLBEYLZc|ee6AG@JE`P4={8Lz7xq3tRVvAp6~92#@!)5Xg5Y@t*YJ`#IfhnPAS-PZ
zH1Gw%h2Cx_M5ItsiU&T|`p4&SW0VuSu9^N;8hR5I?~c1aooZBgg|C#OdFv+R3Khwr
z<(xel3e^#&{vZ$9HBzf4Jy(Uu#Na@)$8SgKO3X;oNHEWok+Vvt8gg>HLpbHfqVmH0
z5=*~f&9oxQb#ecKWgJ8iaU3PmAj3y%o20PLe)F=jPTdGG<TFF?@*=tKH44@;7Aiaw
zXX$fLW<z-pTCj2F0k5?8gnkXKxY1O4*Vy)e`GsinQjuQ&Mxn0Jn@p%bgDrTa`DpZg
z<1u+w)p6araiWe+qKxFAWpIctsmRjhbHZpY&&!_($SBLWPj264DZCEt!P+HWTR*cO
z9)zt%ERh;+f`)e=R(Goe_dy%$pHeZ1nq9^aMsqM!_PG`%eXF&!iABZQXatesnmXy3
zMXaKXUw4<gr1jAYR?eVz`HF~WR6iFVFLOM9I|EtUs|ZF7xn|R{rDavB&_Kkd&`7~w
z<Oc>?MUl@|CqLfr3GjzLtd3dkWQVj>KBbD)Jn9G2e<G%jDReh^icX%8NB^4E!4gd?
zy9fU#(W}3x5dzX3%oo9um&Sw+2&pVDJ_x<}ctiy$6p<`C2q~09K4dYcrV#n{6-K`^
z1`fF$=7EG~b_WJ|Oo@a?)9HK-@@8V9L*#w}cRF7JmDRx#hVb<6#Wkxld&Mh+G=X1>
z8JYm~&$q+#uxW=T5~Xxxp1T<G6*Gg!kb3O-_6tP6<vcF|%(F_zdxTO~f1)gAoOH9j
zUx_!to>y49YJ%86fEVxj^k{^KE>4Ie##zAzp=e`=N+^UFDx*+Y+dOe{AVCVHXm#pK
z?sy`gldZ&;kkR`h$191*ber$YmQM3Rx*>D=sD3Ge!p!LC&}Wel$Q&YUK&=#8sMCGw
zOV?E66Myld{!O8?w>^YpLEiAVH!^R|-q@W@Ss5(9tnLFQ#*I9LLRB<mr^0rP&`7Qz
zj@-W297q4N=vfDM&W7%yNr-91R>V|R;KRg;E9ZpSQ=;;MP^j|6hQ#kDROa%~3G45D
zxXt;i6M?isc}u+n_-Vd9(;`krZwCjUGwi(cP*E&SebQ^&0Yy`oq1sS#dtKB9F+0xS
zGg8EQ0M_b9C#*e+Yhe&213l6weKxZJ#4%}U%JvA0Q`xR~!mpQcI7?OOtv3J5?l-*-
z6lb)T`1Oa~Pf4`bP`V&(mym-UR9Fi45<A??d`Ht>0Q882X-SG{F=uJpvY&C-0M$=!
zoaxN;r5F)ays5A`+YgrXhm5N1bXHX<fcxPLTE5A&_#{q@w8L$UTTmGvvV2x!?-8sT
zhkP=!BXzOqXAEjwS_JXwYp59(yFTggc0jNaA9EO4%e6B~?oDVY=S|g|-mwbiXQ^s#
zAmrhpYo{8mkod-Em-zW7w>2h25rVNxXO@==<t-zmin4@$6oMYjr{yev_4m+?2-3r1
z@5f%*dK`V6?IFNJrCOU318MoyH6tK-<3GPA3<5~P;qf#oxq5VrCAI4!H)k`z>_SKK
zXS%LMJ;D-}&r(%ue&L~e3FjjJ*#(lIjAMqv3g;OiZL;S?n8`x8p8+kzZygv?A<;f4
zn70O5Y`B^dpLVUo*^u5T3MATwiDwr0uqH;6dQ6Dgb?~Fn*BjumfmX)x@?-U~!T0C{
z+w0fdu!I%)@C1v`I+S^u+uTef5B<}OQ2khtLPND+N8a!Wss(vaT{0Rnf-V_o`C|R%
z3tF>zmAwUYa6>lf*n5vKg!MnVr+6fFZ5Ri)So$~JA|v({IAbf!m`V49?`BGb8QG?b
zWo+M%c@rCaR2;(vME|vrY1EL_G=rN3(ng#KF`{m;KI1_?jG~xghq@u*Rh)ki`jNb`
z{bW8PyV5mBMzKh}LT>kEWuv^SDQ^NLPL_7q7fZ^s(hTNpCZuvwK%w&HD$Im5ERN6~
z3TxCY;17(`-xHQ*T0W~WTlhKmgtb55T6B;&o6T*Mj)+i}T?pO)sy3N-OUNHlC__ty
zi*jIs9#Mpjum9I91HsejoCBTk-8^|dp^WWabA2c7?Fl<OV3^EhbsmXbIk4E^rL_o;
zq;Sa6nbq-fp_G$SMJZ*(C(1dyu-@UKJh0^8fE$vUPH~(0XL(m`=kn_iBk1SfcLlYM
z`bLc~Qy{FcKjEzy*8Oo<j8?{Wz6P~x`|)54H4uNxdq=-vJN`NZs->{P+JnZ(Y}&G0
zs>S^M;Rk2tfPi!l7nq7b$A%Y9c2i}z#D1@<!&_i2RKYsHC$RQo&uxhe*l3(+lvvra
zVMXqlLH{lz;Cgd&+n6tk)C6w2y?xhnDK4NWX4B8Lq=^nprR@$jyE68|w_$>zy}%8J
zQ=Q$351Oc83|Qe+2+88h&l~e7RE}hgkK5zH=BdZ!i|=fm5Y}Si#WdDohRTQLpB0=p
zp(bjB=8<(3JEF+Lw!5>dzGho4{aFY5z=d-1_5Z|Qz$?%FbDv15VzMA@Uk%uO^iyUQ
zHkNxT-dqgP<xDYZ9m5`&-^*9q*>Xq1lMG=w6JX-Gk%mrh!{pU>s^ngA8;Zt26sgmR
zLL(mr0+t-G)i|Mstf3h3pV9sKYprJ3cug)T2)ciK*iqqtIi3CWKivo{Q>i<sQ_eL1
z9%<n8q%tZwtbZctR7s*WfPBJ?NUico+ZS{Ow0YmV?4>g+P13T!?i!s9RA_V|z(a_&
zdk6$q<kXnRjMywBN%qGbI0E%tzaIgu{d)HmHh<?xVXengLaIAP>t`d*ZAH&~G(Y_Z
zyv)55Z7Ui0z~&w5k6FMbZ|(OM5{KN<urw)=4Ire7r7}CCS06@E+ktLlBQ}f%i}2h5
z?o5cWuLq61L8hrpopRt3GM;?M-M(V)GXbho+Jlg)fb$lYq`ya!LFs%D%WNul+4Rev
zdieB6sbV2#AHwU3lFBC?r}I+h1_~7$K>(8}km15st{D?V3)PQW`10BCLy0IK(mA6z
z`5H(Lr&b&5vW-KHldGu;+%=A4wELc&i;xE?)fU?&Hn8|m{#@c3xS)T`+`%jVYyjB8
zC60T2i!qCdg+*Dy|0-;Yjiuu2Q;#H~dj^!3ZSJcLUaVavLdJtZ+6oQZf`+AjyZs!N
zB6u1yH^Li@SPv@vRBZNgtqSf!dNiucKdA;UcIZA?0NI@@kcM}PFSNXIEEKbY%>ocb
zO1yM+sctD3d$SUp-6;el<V*2r4IUSGrz5E$4JgKc-GlK*D*-mjU4OM+?3}RG%}YAH
z@imvbPZjL}_Ma@H6Oz`F`<V$JDU{5=miVW3<am9;PdeK#OASV#6P~xeWd(MJ>X|l^
z@BiUa|2*v%l48Cuwb?;pKb1rp_)yR4TCET3;&j1Qd;N0F#4%{a?X%tz%Hey)n)ywq
zfa3nAI%UM0plf+0a&PPAZ#Is`0Oa9G>6M8Ofi!$F`o6QG$asOd|3cO<l90^e0?x?5
zKiZNaAM>tGh&3p=-rP0&uH;P~x_jwX=j1~iLVr^yZz3S;(O|x265!d|^S>`Q84=^2
zFsI;e9?|I>kTpg9m7ZH5UWxR7mo)GfIzW11ze$g{9O0fYnmd+NGu#2C{E!_s+<<6)
zHz0mZ7wz|%<ZN)0NNqEey^*qFW4F=oG^evOW_bd_+|lKTYd=)$Up){;8uEewu>t2l
zwIgsnSd8^=i%Inci<y5yu-@be7L)vaF)+Lkf|(3@<<FRSEum*)fMzRFCWK@Y_w&I%
zkOSurIfQ#85yPF+-#uXJAEbst6-##3HbJ$c$R}N;)86s|=x3Ygb^)Idz{|3LhT?|Y
zE&1I?Dg#eZz|E;98RU^<!t9O?yjVp!cVVE%r?AA|Y%LC?>$=1=Dfi$a$byT2O}aBY
zKf0$|6rS815COM5l0)|KFV_~T*C>yAbnCJAe=2!2DtKlAveh-J->rfXSj9(5@3+AB
zHzfVAiU7oh_g5ip+P6T2{e5>=kvbtHhfJT@kdZ>gqW(|4NMi)-mT?HE^*(w3E^kjD
zZ{sHynI(X{@&8iZfAFy%F#qghF%)wD5as{LBmbkDiXiGCzI>UUy36n`ZJ10SN|~cs
z#b)loYOy;=i;uAzaes!g$Jn6>=R_3C4TUUjo;6-X6tr95$%vF5Ul}ENLoqu45+sPO
ze~3}>Xd<pbf<YkPnUuO!_kZRF|7~dfLP%8$2_RaT#1=dojy*njpaKIKMGo1U!VqTm
z{NZ}Ed8;x16l600A;@GZ@ky)J>N5ek-1=Py>A~*sQF@kVgWYN9_#bu$L~yKYwKjEi
z4;w{5%JpUP;loW++l~Hot_QP8!9&mLj{s$3(?T&w^Jnk`4)yOTrj+-ef@ca+sGOiN
zadm>=TkQ#@-<%~D+^W5~ksLMRfG>i6_eEy35G5s?k8-A*B4-8f`SHAzx9(~^WCja(
zZKEGs7lqicu8k_fbPmMyzu%GL^~XDyfvWia7C>xqfvTtl3B)?W!GX6vq*Qc`Uur=S
zW#d7NcBabud<z)L*LY+KP%(BO=Fst-CNA(G_IED_a<xBtIdN2YQH@bgem3Lw1?W+j
z-qL4KT3Fcul!UnvS1qd3R6Tl5I#yhBz=87s#E>^Hez;+o)9}Xs+eVe11JYm+y4u1C
z&v%<2VTWF2!3rQ+dTr#3bvF5ggvbCHu-!xFxr8W^qNAzcb($Ss27Af&+o1axU{JUE
zq&N~#1Sdu=ns^6IrcJAX91KMLnCLn=(<qn0vpAFSb+Av$<Uy6x{Jia~V^N4d>>H#N
zOqUpk8!r2w4K@g#h;SKyK!<EJ;)m!W6?~84a>$_xXbsxNAr2A03C;TwD1_pJd53#I
zhBx`c<7S-tH?rR>V;%x5gPqLB#Ts~L-M_9y0fMO0`Q2~&d<!G`%pi<3LqQmsPA(1o
z$4E|#2ow<5#orb1Pbz!v-|X%+h>?{g`WgL8Er2_9SBKJAGDMLc-D4aOH=G<nQhyIJ
zM#~a=?YB@%4iB}@5<@I-fa=`(p*mfs#l_#R1q%DOYyUrv-^>XH8PPrROSlhC5vFBO
z2`0JMSfTu^Wz0+T^w#+Ku<=@6p4F&$91vjBY94=PMF#;k;%9)prBe8wOnYrSru?1Z
z+4A)waSqsCG#3QsDo#X^8&bbKg$4<azV7OO9{2wo3IG3FXPgP(mr2@^S=0YVx%jxz
zR^u^jEIj_*`>VpMKOPh%ICA6nKgFqkisAxv!ugrTOu%0~`psW?!ad38GsprQld}8~
zE&gqweRWUR--<^xV)6f3D1SnD`470uzp5_buIe%Im8bBaAq@{2Y-$cQ=ISbpa6I-8
z*3#Vx!4Sj__4!XriGN#?|KCU#|8E$HKJR-|Jtb_%U#$E!vggtE0OMQhX0~tz<s41E
z*KglqEo4`@CC8wD$8v7FfQm<{D2NS2#EBnK!UT<~DD$Q-F-?{>KkxXrOy+ChhvZ0g
zQoBJ*p&h+u?t{hEr_`JuU4tHe59!1dh{hqAD)mtyOIZ6+kp6<{d>F(ipCDg3Cq!=h
z>cA`5{cxg&wQ>!6hm92Xwa6%)#@?gd-g@p!@b1@iQ#4WK@m6+A{`qg9f2S<G&{W;y
zfrqCY5T5kenVF>>Gtt$fmpV^T+`kt(cp!d$!*HyxJz0Pi`7RX>FsRyg$<b@9hKe#6
zl~gB9NpO1dUdfq>b@tt8;i<~+b=hdD31l69ejbi0eNd(a5wu|QL&0knM3M8a&7(mu
zSy}<ulMJHBWACJMm(%#hMNaMfYnI1+&|=w2rJ2U0nT4~;{r%a*f$cF76i&~!wzk!g
zlj9;6e~(Z23GnJo(HTHm@3+Y^B=jHgw);t=yMjbvY5a6tKjV<6Aof?UNAR4Yn$r@a
zG?I>wcKdrOySGtSY@i%IjSOWkv|(o94(*t#_CvN>8L&cQ7W|OAG^bT$W;lodN^}=g
z8b$C!@{{J4F@QsNc6K!#kcB7REvJ~LW+5urU3VXHyWV%}%=>r;pM|)slno!`c4OjS
zV82*A>UF-lV#ReuUlJ+w2C6+ARV{$yb|zC=CTvDXp%Hh7xZseK1xSaYG2zGn$+vAN
z^iX)aCCKRX*kRS1k_?A^HvUT^&zhfP(g%IPr|5SuQXvarafg%otiO&+`p0oWnkC1O
zg62mp0<S4<b0ER|^NuH}c`$a$XSnE~4?mGeW!`)AWWetO2KC#EL7eNK^%Z^{_0O|~
zLpC68ek)8h?NG|cGXsbiafsAx9=GZp;BfDbKABI0%ByqQ=gJ?IJvrLyd3JI*!!s6T
zl7$g%`d*~hX#rN_g?hf)_p-U7<B~aLrebaanS#Ph+tJ>}Or%b5V4y9BY;x7{QoHIs
z12&jy$$PdLK<ub$w>NW*@4o`t%8tc=>`~pGEGk;2KHNyBzUKdA(6auXeG_3w>g>YE
z@ph5bV2u4R8=z~XH1&+)oT}m?NJn+IP0^W{L5#Nj9;1Os0a*84q%5dlEh}z2Wi=)m
z2mR}Mz`iJ-32~0&hSN;ab~_C_&iHglaL~J~1!$N$I%>tVTYo@Ae|oetQdQipWSN$S
z!{YkxWYK^}rCV}uc&Bn^`Q61?k`{-Dt!V=1i5P4S90D<4HQ%3j@nrgq0ZaB5?E|i@
zG)e6J6Hjys;%*fSu7l0|`l`Jqi)y!nB?Y6CQFI>S*v%wrxqfA?R+?LwSH@F3rmf=+
zREtlJRw$#Rij<jbddh|i_7pRoR<8OmJ_Tl1Y<e)mb3!7)K9{uG7VKuz&(vnwW2DgH
zx@=uDL3y$}O*~BQBSb2C!ZZC^ry9Q2N32aP0|Y@_OGc6#v9tq~>*3i?C0*xb#)_(r
zmh$)JUN7g?Q;Z>AaNu?LcwYS?@GCu5WU;68ky$n1QkZ8oCgEY^;!y%*sN6lfqR@tN
zXyuQUAkg#Fzw|r;=(${W@-}cOSuRRP<P~6R!_DS6E7t-ozV2RUTZ$XjC@_|DSWp=u
z9o}oUPiZn+;n{Bs#)&)Lgw_OcEcX_Uthk>XFpHI}R-Yf(7LDs9GIyP`*rC){7Jt_v
zpzN9}Ss$=Nc;l_r7n<6%!~mTz=M2Up7J}Um=-g5mT!Z8*hKE2ed0_Hi>v@jXn5l9O
z8iupJ>>ck^QBrKB3WXQwwJTq-8`;c7A|bCL&P-~dagg@tY)rX0{e>?3ZD9sxMdhL%
z<9W<Q_P)Xqw*zKj$3-2=0TKKC(=N8n72x?8a=N{;Kn{%)`U5wEV{*{mzmfx9eMHxf
zt{u_CvLsz})lQ4K^}fKP2j1DvurXZYg$i&kD79cJbG0{aziDx~L1x#h)nV6FMNfIW
z`i!oCA;s3XBd3M?;3>W&XD$g=vKk@8u$f&P8Yw<u+zdl{&4*5f`P_!KNo9CFB5OD{
z%ZlpqL1np|NDR&*Dix82i)AtJPy<%A5@orBE;Ncdr)lkHYA|t^2wP%55QQH9fIsAr
z;lUv2w3sSERVFkznpdb&E*XEWzSAzsXscjuqmpTBWyQQ$x{zfy@<rWwiBLB2frh`1
ztDg-z46D^;aeJJo>b?uuqP(W2`hH1hSgQW#y_vWXQ^}RoZvP77U?TOT1H-JHk`~u$
z;O%#eGECdu*qbJsEZnU7JIhxp>Qu8JMiQR}OGb{Ci8k5V<^$yidMdXIjG#zdCwnc7
z3KseOP_+YwvPHa2HoxfkI?h?X3sH9dL9snF0wAzBE9FfC6A&WlPGt}&ox4j7%hCGZ
ztT-9b&+UBe4^+Xk97)|$-nCD`LsRl&D;>`mhUB@C!)aE!FvFeXs`j-YboM|2Esr6J
zo#J}bF0PV+q2){MNYMR+Ot~xj?t^Z?XS~vQJ)tu+pHJ%gW{0KgYM=dxYa>$nnxpGn
zH)p=~)mZ<;C{lwsS3A9XpPE=lRAVV7U}TRy-pPmnsXx1KTD;wFQggv=)qCBB{6J7G
zh9JRVOJbfNWDzvS_yipaLJboGS!hS1AK-P-IBw^~4Y_2m1?``#1-oaGv6iIKA0Gh2
z;c@MskB&Q9G_ZXB1?EDaUn>s1+t<^z0gZEWa`?<ofmaq@MEfd3$6>Qg=$W6NUwqfi
zeN#ZSDGYbx{ATl#Ac!69b(vX!>PYC*53uM2c|Jnrr*Zpw5XqM>+h(6%aq1}>jNGXF
zv~Ye_FH%i@&uVd5_3r%nHGazdRwK!UPI6TGCI2_adoAub1~InsCEC1N{zI}n6VG@K
zwUU)=dGbrgz?KRnbGgRH3uxqTQRE}ls`ov#l_t296#ak-RnU2*!oFX%BwJGmRbFQo
zFV1E9PMp#uhrr+om;uLgLMlvV3GThgoId^N+B7+H71YP2RQdL%6V0L#x6(4vLdSs9
zB#tw8K4_1u%*P8!%d3ub9$HYR-|28SI0ONnz9vI{C3&iu(-YqJx}69LJ$)+W40g~m
zU|0Q792%bnk<&sF0_DvZ&)kQV$y+)^SEH!e^<=%6O;XG_j_paiv)vg%1U$8wWWd_A
z)&POLp>4pB%@-g4#_iHM0!p?1Zu2`nh`Ci+!{Zf|US!U4@$4v6m|j8b^Qr5hwQF1s
zMaoTD=eyGDzF5a@kYzjfbxZOl$QZWMjpno0rcVWIpuhtiuN`RM=~9!=dH~0>`-kG4
zR{}BnenwXD`bOMI`BLL-dlm2k&UCKj30dJdwchd>LIe-K+V~K0M7S=(C>kEW-ssA9
zvvoK*7}0QK^Wm&IoMNOiTcRLynteAl<=er{9xn7wx)hro@|ZqY<7B^Q?v?WJ4pJIx
z`53lYws5B;uhmZ3NCl_bjhNOh1r0SeJzCeGZ|(IwIQrek8r!G<N59R!1BMwWRG`+l
z9^iZu7{`kKtw>8jk(JbLOAze9^pCY^7va;G9WZ0>67-Q+O6kHgqQ^Nnq~_UcFp7N3
zH5tPHrGw3M#GEoXC`dx3E1`pK87QG0NGVR>37Ju?NCi@1c+6L1Le{SPb{)xf9m;gx
zIKrhEZgBe$=cq{TO5<O1-N6rWxYAJrJnfTyBdAZ=;1t8!^>4(G*ZiJqehs&!%ZGb=
z4foPP{j@&6J+JT7Zj!Ossr9Fxfjow=KVQTxrP=TBE-xBf1io_O=em4f8x2^ua6w~e
z@5toJTimOAV-QOsi=G@OF8Fw+B~F8+S{*fcUH91q^WrhzoT&&Ei3M0kKq<^9w~1vy
zj81AFSjs!Rx0&LIeg;{MN9p&?GGK8Ylh-Ksgzt|(zm|dxYe}E4n_X`>^401<gCfFl
zp?DZj<NozbTS+{i#=3t}<4AaTj?_E)M9tmSCYn0@Y3v!L`Wy$C;tJ+{_GEsj-DaNA
z3v|v=#PBQSGK#e1><&-b1c^{l>F2t|wc2c|(79JV$I3UFMWekQq}OwA=Qb4<&_EuC
z6xLo+xjU1^kw+48Go+1{tgFeWAWd@tq&!6Vp?Whh_U2uIcJO-0Qw*fx4Jb-sTA&;!
zKlcMvxd(4r&zv@`L-=_WOhg#pk=A#1ne?lLU*GOnvh7i0U3#BkY@v`T2Oa5UEQY6x
zBT(U4%)96m4)N-hB}N4wLAu-OGT2CtN{Y$SE*^<{yky}X&0=e#p)uG3^0P-8F%(uH
zwYxiTPB@BSnH*5ma=Rs1y4oH08Z{_v1Y;#4tnHa^xSp05>2SEnDRU_pK1;qo&hi6Y
zbCiy1U|W`A#*Uy|fmFX*e^HoY#SGU92Bv-cQoJ_~CN$Q`xW9Aj2%gc5!4o$<9yRq{
zm63h<WLOwFqjO(l^;$ip#$0+AyK(_O$o+4&?Qeq;4C8%gax_PuEOb&PZvU0@^#qA+
z=!H`+U;?~AexcIkIMDvK>HLAC0t^p;&Zih2Zxy^A*yb=Vb<fa-sq<RZ5-Ol{&CD8X
z%*&8DPQDxiE?SDG#uq3jtKszrrMA||kv3J{7q}giH4_np_#_6;2`7B|T2v~#NdtW=
ztxo<~-Ku{X)+L?3qrK4C>&E#I&heO)0HDo~V^;+$D2}h`emC)JkhRHE5N#dP<zQe0
zM;VnVdSCz~?oT=&3yC{ps3ggdTXjPAs);J4*yIE!rc(hmaddFW+`i*U6Rd}n>Vo5E
z{%S@LRj2QlCWhaf%Y{JFR&6#lr@n-bL3xghN)jgXK$y#?BdO(!-S33@<~6g^aZjEy
z*&yDaxy}sfHarJH82S&!!b9HihBi34VUlpwKQFy_DiI`svFe7}+E-m>I7ZSI2htTY
zi11wIL^Uv59O~}S9@rmz;2^wFFK1d#S72yfG-xH-s~aX>8kJ&Ccp2u^s}sx>HQ|8R
zZ~#hy)pUi5^gifNOpE*RMmQnO`~e8dF8#^jU0I@77QnDe2L?+^zOJYe8JS7EZz3lr
zQX`zZ&gkfO`PEIaKEPJ*fAK-)6m1xSBlVYI`#aZxSYP}iR?u4gCRQG}So_1VhRS{Y
zGtB|Xvcqo8zrZPS&lOCa9mZ0h|54wtcsj}i5OXcKV3ETsAc5e3RYaqyv2RzOXUtq&
zPozA$nOZ0ag-fJpynRbF#a5%xRH@ftA~1RhWMB3*0K4dL$>hj(sHLlhTlyoF4D=d`
z5CNhtnl?h)$yjsRb*GVoVOFzo?o(}~gm)>ll6u`uP4mf;0s8Q8LjtzdPs>4gf&Gu2
zZf#zxjV3yOO3c5q&ZBc=&WpKYffg=0de7xExM*Ya9adjKIrWs=zQUdVScb-tv0h7F
z3pWSnoQPz4{v2Nrgg?@w0+iykI`;SsvUXw=H$UvHKI3_t|8zb7wK-;i6RL8B=(vQ0
zgs+<YP{F!#tWGljI^aNJ)*NJ-BzNdgY`jjB7(7i9XGMV`yRLPa8vw0&_E+MA9I9fj
z^cW{sx8cE$zN6DcL%FwG^cIey@ZzPv=DAFnVZrk(bsbif%&qBY3mka4te|Eqm%L!2
zz7Z8q*S48Q^GWKpRuM4%k+Ej`$~?2>-P{L6K8$t?HutJQ&?F~#&?gS{nze!2bohsg
zvku)g!%TO)S`SVqyl*$Bys0Z4gB?>CW^T(}`*5Svpt^F#=D1>*XKymBM(Y{5eBTi~
z@9i}LLB{NR8m9(UQ!&tG3E&Aaq1qp59CB!MfQNu+0q8fJHYPlWQ9!C+F`E#uUx|`F
zuQdDU3d`=Qe?hF<{@mCH<O^@NZ*XtCX%RbkV8Rgt5VA3lF}aeE8Wsrb>nT_l*K;j1
zE!hyO`Aj!z99s>9OoEdCoP|Tp<uCh$q#AUR?cxfb*v6jXx2G`AKEACRP@EEzRlfdZ
z^{WB*okLJai$*tg@PLe$Qnr8G8z3!L4i_{|{4X>Pym^qh(agbUnC!RJ(`<_=TrS65
zs+wJto{A*JDdmbw?ylxH{qBORVNPSQnR{8f2wzyxoyI~KK`>w>dJcnzYI~U)`3@B@
zA=w`$^h?LKH4X&7E{>+e9tB5Gni0UuPkFl?iIKLEElm2&<Y99mGD`u6dX8b-heADX
z8_D8;+)gNlx3cVgB;D4-a%pC*$}lMacRx`-TA_wt(wIUycP$>BD|NkAIm4JB)(};c
z^iir}dZlK)c&#!KgX-+1W6p^ecfNGpF`|Fjm7x&1A~~&YxCT5~8kY6=?i{Q-L??*t
zh8gV&-G{bEarrs(AkGmH+)67H&45WDHXx#tU9_ovXCu=@Sb^T<-)0;NFBJH+hJ`@M
z96$ci(z!b?mQaEt!7HZl$7ca7<*&cv=BcN2cPWM!RB`6R^RJEXg>nbar4UNM^SF*1
z-^ibvG@vQRjc8KH0bDq;_TSsOU`K(LbQuT1p^zQVFs_Py5~qH;?(`1c?Lq4n-Ie*F
zA-e$>7H>YSKxBW{+^u02Zf=TB)}ee-z5<DI@r-i>p^L>6L3~h^L*N%}kY5<^9Q2L7
zl95QmvK;rL_N}?VQ{EoI-5O~NGY3ai_VNj@8CAWRPf&F~+L}5%2AiK!7QS=O9hINf
zKSO69ByCTWDF>vW9s(bOksuafaq@R+cVP8Z`(4@9`wQ8W%BUKcy97D6l=D-uD#2lq
z@p#dr`7e*`8gr$;1U2Y@>_f8`D9L+sS0s2;m;4dcf1$u_GK>;tc1A9N(>GU5j?iQF
zH6^Ky<aA{-?&7dbhD;NUn~%g0l^bHgwxvSetvUB?`W$5DHCw4kaBX!)M20L)77$#V
zC5U~)aL*Y)SK=H^1}SS3v~MbQhRfOuBoO`N=Vl2KB#Oc$*lFO2_E_}Dp?>Rp7;&sk
zsrw?db#m1ELePbhQ=al?Dj*-Rkb5M)pkVj>QLz648}nMgLqd91-81gZcf)9Axji%7
zJ0<a5M0RDH?V^pO*9+A&UU!`U6eQO*eM%=r{awfH{LqA<?Kw$zcFq;Y7Ly*merpTo
zfr07;^_|i$MjVA<m?`PI2Gkj><CSHL??oM*J};N8P(<sOcg+bf0-#8L5sHH;Sh<<Z
z=wnvcmx2Xp@9+V&s$o`)FAsY&yYE^$H*H~tPGU%UhxofTAi(1%t$gUVrRR@Mld95-
zpnXH6Xu=2ZNHO$=zuePL!bSy#1GIAXe1W_OI3Lhmf!(jo=)<H;h-V`B$$Uv->TyMo
zq{}!yp8|QVf~MbrNkL-=z>QX`P7bQ3uG{Gxh!wGO%?z!$*(<pxb<HEY;*P+paXIS!
z2SW`h?%6h&LGwnl?YXeRitYZ4a_J^f^>sXZ!ABWK+6Qp}&3s?^xnw4GAuCoYFbH1J
zO$|<@6A;#M0nB>hB7H#q7gtl$OlEUdTXy+OMcnpMIw!uEtYjUojug^snAz<R>gB}S
zB3ttL<27`j_5qxmgtgrdyVxEcy2<7;MW;c+GGLl_|8CJ~#D4>)F*gR7ya<G)k?Wrf
zZ)55>o7pMH`~wf>9l(1}v*VoQ^RuDF%4P}GDf_J2AH7iZo+n0K+2$!NZIgPExKBW;
zpuqfiG$B{6Q73@Da8^In$W=~J*7_KvDEP8Gy2Is;Q*UkMC{Zu6u_&opHC&$}bdvob
zf1+;eQj!Ua9`>G3RdpEiNgfKlF8YNIsUbT|95Jw($5r1(Ih=v8+-9!*{cCgO;-awJ
z*;58VYc!}ioUAhz)InJq^x_98?jLwXpf3C)ck|Ev(LYm3{%z-O&}C!&;=_m4?bpv&
z{O2v+Ka*k!|A7?yS3~7gw5LC|;4G4VK{)zGYLEG=byxB-!PIN0yigs^Ngu32KomLg
zojUiUrXvo4HzX+wl0}J}_)qiOU(VRv)&%_~tX%|MH%DM+@jvhRGbI)90RKoy1#E~v
z5Lo}|>OXRIfd~7uy#EDt=-<lw-!1Zw)BbiYWbQ>^U__YlUDEJ|z!$T9^V0=#&QDwa
zsi*cYIA`}jb}9c#WHR($XyhG8iK8RaCt<}>n|J?$-~7jY{->7e`xG>hoAM#I)_qUA
zalf7={Q$~gl2yddhwH%1d4Hf!-@1J_9mIb0jegSqHCN$u(Z3NI(@x1ISAHX=sKJ@+
zk=I@tP{7YV<i%<8V}tnMt92SQe*ExM!h_Syv$@$ptF!V!Vq0o?`*Vr&x1)RXO9>3{
z#YS4T$1L3dflw^P?)vjnj<cLXh?Mt#NPPu#GvH$ley7b70aNOn5}tg6jwnJ=zX<Jp
zLKyw0sR7RMt&cc{is139KOUb8IK+QrrNSBD_G0^Qa1lj#oEj=wW`$#ohvDZ5(mVtd
za^Ine;0JU3^djIDZxeiX@{rqSYyd+R<we;*{Ix=85n$u95Q61V6-=DgVt?`XrC8xi
z|E1@ftdxLEc^Kt95TCdwU{wz&>?uef(o)$Bo;?R;4DSr|lZRH`5a4Ym8tH6inSJe~
zKOYMyxPY9N33(GbappKLM2hDdP$p&q%D%U%KoVkBx&kfotl6;sYfn!P(frL}0l@==
z;(srAgBj*3!Tw^KhH9}py2Rg`=ijx^^DP`UN@Ls2g{N-FWq6-XN%_D{e=F~Qy1!0I
zPy=mo+&KFB+#`vyLRaIm4VC1*6>!$!v?~~TgACrbh2v%4et42%0)y~HPY$L5gf`E}
zWn=H4%@T)^Z~J8&BEV{X_P`T6CJ0PHLdiR9;Cgd~K0sLsr(SUw1#Rjsk0g*^{@FqS
zKkaWP5CA{z-8tb)j{m6(PxH_fv|L-b3a58bTt90?A3ne{imd{AxZAQe0&a^fkU-%^
z!9Nk6PqpXMo!|Lx0U(~wTT!il^@g8<`jK}2+9&#{owo3Njy&i=B^$ua-~V7X{L5>B
z<NVft`gL4Q)IW~<$7}y#4u8D%|JAtP=(7TF`t00YK%dS3pXsv=;;f8}?yV6FYX5>#
zWMz#TVhCWi|BP_{7asRR*AY?X;l{pC9_FSGj6GQWeKt0GC^X6*oVNkz1b|-q{Z2&H
z2Yx)Q4{^>KG%Z|_>W0i(aR)k7PEXu`6BW{Ie>+JC#Bme^PCZ@y`>7}6e|72!H^jl}
zH<srX{y&W_j}4m8?Vl!2NdZ57;hk@u>Z=jlQz-#Y_4UdB<f({525mal$DesM9y-Al
zlXnJ*Nc9Qd?oQQ-+VU#sGT(j?l(ko1Hgqmh%}!|-bX!#I`pnCgs=1aegYAYK&2doN
zHWMj*!s!&YHy;JNOkS%&yKE}8>|BG*`V_z$+2uU$$A>xf6wY_+563RJ6NAs0=yDlc
zimB(EW?FXtdITD(=U9hqWY`8lC9{(QXi6>jH{q?*Cu2TDg^NXNb(f#T*!8E8nE(=o
zMIWQ<RnY!$E;}e&E;ZR>&u!VM+^L9nhfeL~Jmb2R2|gNOEzPvZ{b)g>=6a;6bWjm!
z&HFkJZ^ZW1=|fHt`9rvCwP62@3z+D01Aja2G%G&}XYTB77geb(+rfL;pf@pg2gkCR
zZRRP!FH#nFI-%V6%C`%$V=O7zzh-@aW2{da>5DcuukK4%fgWA>0UV6uzrdAW?hd#O
z_ujg!H%uJ?MC92s&dDoNN9re17q#6@wm}g_%?VgBrZ{OkYwjmI?oIWuWjHYdtDf9m
zH3Lew<V5MbRG@Glw1cW|M4L)GGPuT%j^)(gh=L;Z1i-PhoD(E1hTAfqiHqQ%yB4T-
z*0ds2j#xh)AFNQq8<G(dfq{WO*<eH7bzHpJNY%Z@2R;d;j@fh&Fj#ul?7s}~BY2kJ
zfq<?m($cg5JeyVF&ofgQy{FVE-XcK19`f(XbI%4vJpvqqHO^Xmz2Gqk;0+AQgWh`D
zRCph`Mqb5C&M5CfDTeTPrBgN>B&$9xscDNUP^hvUn@p-ZVz=|B@8^++9D=$W6OJTD
zXG1wadG1_2?7X68G{I+qq%2Mp3?-V~Vxe`u;_)E|&S)IkM}aphWB;DrmlA@LE%KSM
zN7=>W{_%1Ycg*0uy&8Bmu3rQPkf!GSds}HCZB>FW2_v?H#k?BOoKnJh*I|gmx%%P0
z>V`ZWD<HGgPwNb|RT(II+H}b&$n^(<zSC-^0ar%5K4lVOgG}uDtLgN}-W7nnTyO_y
zfAz_M`w64VR)z*FGwbn(Q5b;;GG5abGUYBWS=Q82%(4x1dQN2i?f}@Zo}0XnSS$3Y
zt;Ki7DjA;~@69~B7R>qHCDh{+YXTu6N+}U=)I0jN!ypKCwB`QX{_n>iTVbFcD$+Kw
zaQ8vOWXuAZzb-y28yH!!s29%KNefA{VZP8V2WbInUJY-mcGS4<0vwsP9Bc$*oC}<S
zwdo@pE${T!vW}!fqMjzMd?NTR<nikSspPJd4u@d?hChQN0!<8YdtVKzhnDS%z;1{j
zhbD_g`pQUh6|B2ZU(mk;X-lI7`zOhU9iwaw+6io6e0LhkINNTeF$Vh*QEHha$;*f_
zSxGY31-K#kp5rv2b@B-0Cu){mm3IK{#{Z*r5`g%l298$&IjnhYck}Un(Igyr-35A~
zT<IwoaLEUb8=2;}Jq%~P8;RI(d1SXPe*ArZKGFk?b)Dyy)fm*Wn4jctC~?l-03VIv
zbg}|k9B?XOpw&%Oh|`JDQcx*6mB#UUWORmmEMN;nLa(^a@>9}|w174sMeM=gOvKJ!
zqCH~Fa`Fc-Z;_RtMR5FG4&;-vT;1D3@CrZvZxz0$Ija6ONZW`E0QXwFDoq!RFPAbm
z!{LJrvs6v}3~`0}$ALZp45c?`E3+OXFuqUEj?W0qAIJh2%ygti%=RiEHx{bxtj4Uk
zP^&slg==+)v%(1aIwjKi<1;o5DQJDu2(hD{WnCIq)0(O}IkMROqEIPa8Jktzo?hou
zIhr1lF2U*u_yK)y<N7z>GW6{1*7H;zj?)!oyDphbEo8Jp{b#txaf1z)JC?{}^b_O=
zEDr!hi1HGnIvFL4#SAS(Bp}cD-cyN=$M+L13Jrih$*lgB(do%hjv+Lvez`c@y*lw)
zA6tLP!FjTf*(%ib@l0rpoidyh8I5XQM$?@xM-AXFy+;|+n{2H!&MjO!rhC>YarJ;|
zVHGFJSdq`E_K2rrKeLEdpS_1isPz5I<KebPq^@rHa|Vj;(Ag7AWP89vTc7#dUEJ37
zW^?BwyuB13F5WM}x%NrlEEbz}Fz1jX)5Qx;e)MF3L*3UEo65l12zK5-d4SL4A+w?{
zF}3E;zb;Bs{}iBcIKJMf=A!PNJ$HUYh<p8IuWX4N@7gqL726<qR8~Ipf~-4#Eujuq
z0GuU8&&ZR>=v$iL$D;OT3bfZP95pst)5zC~*7Xwi_@N<WE~_8I!_m{N-;K<gbP$T$
z=;2#9uZP8{HcP(y3U@L3k#}#krenH(bOxTW-$mVibE;sdoHnKj*@u4Lik#JXD!eyq
zpafI6y~E1pQIP7^b-9o7<)o5j+A!c3o!r^Yrhybvm(iSS-?F1q8ClA!$*aU!m|?yG
zKz!V*9Ru3#bWxgxykig|ixw?TT3h<yY^X1K-Uj=9oy34iE87d8zi6%Mc())Ml6lsO
zIq|81eK?En_|||Ey_2+7s674<08D8P7&I!&6IU%+vL4Awc!2%Yj3N4#&XtjYLuw-#
z6$#O9eA=M6iR8AUq}Tx;Ytde%#pd<h5X4W$-igx*Z-y0av<rSGQj=p$VhIyS&jy%h
z2E>zIz=Xiz!e*|W!S|XeH<B3{;n=FR+rD%nBWpha#cX3Y;7xw%q8{1rE{Zy`DIl~!
z6<P$$KbLnTS2;maabAeh)y5^=DuXf9vbG*Hj478vXp3ygsA6!uTm<K}@Ie!1S*NQG
zhE}w#m7d?B_kVK-^4KGZF^7rjIU~DFOki)zFs)51lb>g}v2LocNyf=)6zB+@1SQuh
zbxfp(EW-JRdn^Qaj;I=2y4i>#q<2#<X4Ltq#2|;}-_JnuE5>^W^(+TKJHv?Ae6b<w
z)1o1u{CYQ2!y%R(27K?HbB|bdJ*`HL@g+E!P|FVYb=-f`N{iK%Co(Wa9I%QrKXVgX
zc-*-Y=5-N9D}&gr=q|J(<Bo19=XX3T{UL3KAg;%4KFoao?R2H7H9PkXF0bYgAqc^x
zwx%E{`4dz>gbDVzo$)m$+vXJQ(bZ$n)GSoJo&!FH>mKxt+s87{{7^X7w+9%gA$MHR
zo(DQ7gv@@>vT0_KJZ3&2BlVNG#^!WO93^E$krAcqJC38xjz&grqmNRqOwtJN7qZG&
zcDe{3+dO)B=#@6YTQ8$-g+{f8O1PQ|fl7$9x4XN(95T&o8t)(<F)k3e#ge`%LZ_Q4
z!rrTjLX}n!<XCDY+`NX#;?x53FW4pxnLVGw9c?Lt{mNlqeqX7>0HS7#e^9Ryqn^N9
zZJzfy=^lM^dXLQQcRFcHpnZ!i>C_$;rLm|2K2+ZypD?8>rR9}GQNMn)*_Zl#erV|2
zT}IewpIOn+m+eh|1}8356U#0i_E`gwdIRubDcJkv#-hPXswZT99s+bv^Q&(h4;rF2
z1*mT(=u2g2ZevI~JYZYdeFnNG9+9L}k9|}?P*MOv=?Js?f6?|9P*tv7*RXVmG>GH|
zwt$kNqI7LwBOr>>-I7W-xIvMS+8`Z*grsyME#1;egLFwteAl+m^PX?K&-ah<kKq~P
zoHNe3_kCZr)|zv!d0BV?0Hfs>c@B&Uej=M7-{HqVJ_d1KeAevidv|BMao{l6&TZ;?
z*MYa6+p6HKjWvl@1f*^eMB@pL$%K`bx$le3+<>-}XKnkPS#rm4&ANj)J72L`nzuRC
zBMW87LkHPnYRNcH=G?=p=i2E)+2;I%=L2^SS{{3Tjcd;o(9oXp$W(lh6!;X%*$sBa
z`w|!9$lD=1a^~5FeHLOV!*I!$_Vbd|p-mOVm4o<HSSF5gE!_@xq>o|-%`^(`%DJzh
zr1bMy9Kw46C1YdkS^NE2)^OSfWiRMmAKA@^p}#^ACrbnCC*r5HKo%I>gW_%Ph-Kqt
z?{%Y6T-)`dDpnn-EAL}=ie$t{m4QqM;fXqW-|5xtfi^RHq5sJ;+OvmVhsY}G-h2AG
zU|{n0ctu(^|5yTjC^lJTJFM#3Zrl@(t-kb0z3kp4R8=4{G?`J*o94-!N5OJ6I<{Lf
z<KtWUJK3Bk=xK7^%MV}2qxmnSDW6-q8mnSwHk_x7<N9tZ0^wM4zu(405F)#hyI6B|
zGl2c}jF7$7#8$9V1QA#>Yd0Z%OXLD;?AE4<E+!S|5+PP%DTgIv#paDVOzIwXIMAa`
zb14Oa4Uxk(MHTaBi#OLyb<kQt`kRr_z7|z`Z0ro!3U#3NiWIC=wzj|1eRkY)7Gbrf
zvYje;;Rv;r$%EgrgndSFY$$@~RhQXG@(B0IAq&L+>L;eBK!cJ4SyIi{`GyKm^nU^r
zK;ync%9Rvw4CGF6nBy#}0i%okWooUgYAy){&)~(<@+(hzGnq8jtyf;8*2}Dl4p_0W
zKiHXP)8SIlEoL}um5FRzCQo7xzMWG2j$4-7rA@B=Tcv<ZH7v_qaPi}7l{gjsMY$5b
zg!i^6r2<$e6(63w9;6ijvc$^8hfISW1>(<cbz6d<682FgIq2?lKUKy)+8Sla8f++_
zM{BRD65pxC%s}(cTP9Uh*pAmInJ0wz_ug;0@8H-!Fa$<=xfLbU-A=|YNN2oPi7u6`
zNRI3*PJ8}RP#ajVB)z$d4qC}0Z=Q*4;xmwicJ8!Ixquxeg`(!)4mtr;PQK;C|KPsB
z4$CS@p79wQ)BX&lyH$hkk51yj9~ftDPixnCZQA=hm!CqHria-8((y!EBW_uA(LS);
zthq%#4n0BbVTtnO&PP&;S1&WZq$VTY-}vD2mdAo)(G^Hcp9AIiVXiNi4|YQTYfj&r
z{HmdIxbS`os@RO+D0~aY!Y&iB6t7y4(`@hG&FmK%NGaDT7}CK&qNw=l8H#soSNgN-
z-zEp6$!f$avupHM-ky&upAGrgk@rFAGrf!1%G?e1-GNs&GnqnH^|II%yNbaY@q22N
z&fN4BXe-%3`bcoc(@`f1H1}rzNgqG{F!uoI<3kzAU94i^lO@H+IwWsC-$orXlGT+j
zxz1-b1TUr6W{`(2nsZD7y8f!F(S6($fpeAM#wczJmPeB@-v0K-G3zTET|32?xrrm@
z*|`m5Ne4}~s)I^?8|oL9qD<a#i66NNG|M1-N`ZEVPYBf9?*{Qnt0W{44~6F0JQ#A<
zdrZWTl$(~jM><tb0WzrYhg>2j$mI*r{EUv=iFkFp<?dsL=aGWo6^xxIOoO7ZRGee-
zy3KCtRE}NMzC4swJBD*&2LP4z#Z6k^KCc9(+UH}>*%-)}<$r<Yf0PLJ?5~XvZLs{7
zeHQ~ws~%jlKU7bkCb7_b`!p*Lko*t2a1uUj<~h}5SA+y;F3YL9It0HEUez~FQkk_M
z&l}*~8F#W0NE2hHcvveQ$9bHo%<ZZ;X6dZN$Ku6CthD(?A?nTGpnN|N$?EqjUu(;o
z7s{(#&f3O@E?rg{sH8o~f%H)*6dzsIc`m7X(ubey+%{y-^<xx#$&Qd*RgQ7y1+8*%
z_!jH$zpZzzgNzKM-5c!ejF!S7l~_=LSL`~as!^RoJ@6_8_KY1btE((I15(9l?1DQ*
zdCI!it!zUwW}GupoWBvFRzj2DRTPdwhxvo!3PW*R0(+Cj8y{tX>r&Le1IFKBm_h@;
zFoV$@rXLy{L@?&Vm-n$)Dcm1@%{xXCrgFbxO|VxQO;v^*DeM9p%LqrCjf`FCer4(`
z1yWr>N?`|_#X_6I?RoKC*vyE4u=u_*nH0NP|JmF8=Yq<H#sH#--wP<^ldgtYQa=H5
z8-2CM0~fnTL1H0Sv3znBwm4^gc}dHZ9U>dF<61e>C;$ABGKZ>uB%fwZ$@o*4?u7E&
z8$&Hy%Sj(OA+qmq-@IneeXNucE!s~FIU0T0tTA91t1~vXs^jwZYzY3&`QtMFgQdGZ
zr~FJ1*$`}y<h;I%k{J&4EqZbN(-Gtk>9r^Y(Y8uHAp-J)!bfJ+M}cDiFH+8{>&@~n
zPs6%r8228xCrPxHRBW-Lc+pT}1vcveRH9d$hL`cQ_ilP<3n$m^KeSh#mdvImm_N4=
z0(uIrxgQNA<rSMd$OsLxc+4Ekh7h5I;-jhDJy{R*y&B)7<P<!~Xb4t&Q|}q`l3i}*
zz*VOnd3U!jeUoV)9|^iDLZ(4>s_)*m4a5vw9b=!Sg9VqO%yJ3(@sndpi&+#ZZ5cmv
zb9RrJ^(oS1Ef#ZmYz+^Yi7~ki8ucyRvl*bOB;Nta3}syVxBwPN?uTxyzLg(w3H7~N
zpqA}@Ub|40J)t-)sw`M?vG(ReCm34$Omkqz!VYpY#O>28_=i1HiTVr)m0Xp6zSg8S
zv}pe5Gist&Y8vhzE*zkYGZ*iJ9Vpx|Xb&Wn@;JW^+w`-M0nncQ-L&BKMYNNe6!yxd
zY`sSW9#;k^G|2CuiqCnwtzv57catV7Wn)W}wXYWgOFj&oq8bBx({3u4!F1o3EOiv-
zk)|lrccA1sJ2akFW2(DwN-ixb;Blv($d$tG)YK90xE;4@`+A1x8<u80th)H|D%s-_
z0a&t(mQBhN@eDL8puL~ZB6<$j*nO=q`!+v!IkrimgsylS7B?{-CPS~DH_;nq?NJbt
zA+mV*2_yk|vFuy+<TW2ap`I6a>DF^hvmoRsE_~<kPGHfp+>ZQn$Jr(diKW0QzL@2r
z6wV9qhnBnIM6UNn>Cbvil{YSXjs~sapL@7Ce0~hL%_MmZ&c&EL;CVe9qFLE4DXvvD
zFlaya(i`XTgM+s{S$qjs-%MqObJiFrXygng>Of_%kQ(~-ZI`1WqDoQyaoV1IC08x&
z?Tdx5?zV8A$}iTK)uM!4T6SGG=f7xVh?@mQP14Wx+&}&%^VQ5DW-<nN)aeY$i6=HF
z4XRXtmWK{KS;Hcfjnropn*z*R_fZLz`~OU+cCNnWCe&a|=2p9I^=+fp%jIhD$##YS
ziGWAi=Y?FJ-p8fNNlb~Sz2;sX`hAz3*YLwtP6iXPFYW~hI*OhQ>C9$``>eg;?xwa2
z5#D<%^lC`=t&mNN55PJ^=I>B>==Xrkv%K$Ol@1?;m_o>*B_^ua#Iim@w^n5;j;&fA
z{$BMY-3=^BN0ZI=u&VODm76;9r18SqgZbGT5F5eUK}+Ur!U@>WyZd*-FY;#jfK;BR
zTZgHN_ulpt0LR`v<1#B4vM*67l$*~pk6^RZd|b2J?noz?TN%J8oA#BC$o?oC-5>OZ
zR9jy9*mECvNzgUEAHI9nuJGF?6<ExnfHEA)?Lqsy4HdveKdIf<x(HN<=5a#~H~&%q
ziATZU<7$fF#SYJG1@_Ai-#}|t-yUV{y?F1w21H2fdF(1VY>MKCK#%oFi<4Av`PTH2
zLY}8)(h#A4Pg#|M7jw>}<K#S-li4tk_KRiA$GfdpysDGd?cP1o@P0R$=N6X-dGmn3
ze?M;!8sgl<+};p<H8S&wRHRt~(mqX&TS{X<8DpY)tOV2^*&e7qN85{ZkG0W^(>aBk
zKd__6>SUD;Ub&mABbo7H@grkGd$K}?0zjm#89DXF%yqSATmY(mC9r<^dbYCcT50i!
zb(QCm-Jboc;`F;?Jynwcw!8!NxLceV94t{~%{ORu|Af+NkF?G9qwzZcMBtwoWu04E
zcdGqX9M%8jf#LFo@6HBhOqOR@8NPJJ=g!@p`_$IO8saHqup^g`3lvF%UUo~@)6ZHI
z5b1XXKQ6~uH;k5xepl$+L=8HC8UOVD{=w)V8Fc`WxyMzcTHk*#K7F@kcv4wa%SOs2
z_N9dXUHpm<1-qA}Gj=Tt+gRo^MQS{+^sTIrqgmBp62-ny3FlDDe;qFuKPg{^?^c`w
z`{uC1H!va;B1VXI;;!R)IFACYyDGU7US{XRROOUfhnKFtF4_75w;OUBoD_C__Zhn=
zL9HKHLHNpmuAP;k0v1#)@+Z%@q6)gvR14HATYva!=q+OPPo}m|<4J~~|Dr}ZGXc-H
z5aBkY`x5v875qudehVUoa6bWIuzr%q-W7($8&S@?m)w8RNQesZ9|+0$;GkT7so}i3
zuPT`?R*v2OyLw3)k{g&zO_()b_uFx<6XjyDpyBSQ8v-&!KuCReQ2~}<pQ@|nnWAh1
zf@Dygt^^fNx!7~EXF%1>H@)~K#M)&Z$!I#W_R|otjst~?M<TvBJA*TS>Q~KSB4#@P
zvIx*Q+zk@W|JozxUj;n?lm2%>&;NrtUl&RMLI0mTxE0EoBTh2Rm<bcAPG!mnqzFJ(
z-^lZa5(R%(w+ck!z{eHmCU6;Hars4o&*1+m(tph@iVOeY$@fDnaW@O)es$}A?F&cV
zya|`Ep@?h#Z~XvJ7Ck!9Kt>Mjc4JRrx&JU;5Jyc&uMA{k1yq6Czt~|QDd-4bln$VP
z0yB~Sq_AIu>Y8_vIdp#)pgu0Yyc%NBP(}i{|KZ|d&J5H=W3&MrWS|wI;kM>?@kDy#
ze+(LEn==2?Hnnz#_`6%6MINNWAI#c+&Vx2;9)1f^e10y)|4JHij5?8d=`Q*H)B46l
z2GyTmUM!7^^5r{^;)c%$E%v9Hd>xaInh8iB*e?Q>qu(tpGqv$%z8g3WQb564{qJ0B
zK=W<n%GFx^FKL1Qt$_)UL8MTlycPfJUnma<`WImgP?`J|#vDs&JO<`V>5~63{B=2~
zHLIeA!^Z~Jtn05e3u+Vah2;M+qsxq7MqO!NXcd9JG3YPHg}>YA|5ACN%4r9FQkMmB
zF=UGk<z19?=HGrExFVWQd!g*cS{?&U#PFp{eMN&^7TJ4jT#uGlO}}m4MrrF<9{hT>
z|0hKWFxt6<C%94lwnFruq7p!~Gyl8T@u%d&?f*gY;bJqRP7=ytjOB0oz2*Op*)z{0
zRB?TTJLlm64!z%8AQ0OCp7MY3wMu(n`Bogcw8=w&YUTKSc7$q!m@+DhBLD%T;`#q+
zRQ|6z8!#7H_C~0=FdYWgZ$-4f=c4_-z_-z#p3!Z;oZS8!g$gs+bo{*k{Dk~c)S|QE
zS4!v#f0}wd<C5FxE64;PP)vOQ=4!$JVGQJnD#0eNEtyJ#5^VAEx3SmEE?F+aK>m}3
zI(N)w{?l|R2IOPrj$%jgz_~x^sf`njebe3!${{ohO%@j{hTC-B|I=pp;A}Mk$DOu$
zw<XC)9T{h-UTXZZ{(>c0-P5xjQgd98n@Ql+ILWhq?DfWge#DeG-}S6l;X-|~p-&yQ
zVO@E<N&&P3d0ab5TQo)^EbCNRQ&ltYScJjCX|ntM=*jw{nr{Pfw>rg1ku)T|X7?a?
zxT);+kE}}s@;Fr>`k4M7!uUubX#e<wi-9H``fQpD(}|EAj&87oPZz718*C9s0jCmA
zu_-QHSTHeDn_vrKSAjoxP^9MQC>jM7L;w4aKUv+w5-cp?)O=ILD_mD2=!IRO>#1?H
z^|a6mhc{P3G3`aQlO^r42W_nOm}^TZ2ab8YVY9gUsgCL%Fk1Dzwe%oN_|w1sK*Z3S
zrKI}H6uI#)<3ErNWxH260z*Jw$9?(x<z{Si9zP0Qjx|oKc$<IEb&rDw->JtN9WmA=
z@sHPo_TEH4pjYqvXv9>kn)3)b9~6}M2I=XMs%leE)<r=g9XhAN{aTE)_r(4=VOOq7
zOGz_6^d)4=PD@3V!JjtsI?J=eUG61zVkxzMyya6&CCPJ4vdRiUH*S?hV;}7;aeBD!
z-%&7BUwlOZRd*f`xNVFNrK^)QiUM=cV(y?7M*%lylC<1rx_diNAtF`O7BkDC_I=G|
zZlY)Z<I%F`COK}FICz5_P^FQ@{R<p?xg56oLFlq#PJI*tH_9~VhE1?Y7a(Sr{o<Je
zuSQWzZs-up92Kw6QR9W4`|FRG2JXXQuJEIyw{YG^Q|A_-{`X8VWi={w#;B9UNQuo=
z7kfW}chk%fYrrLal9QEp6HonGPI^wUD6>p)w-n7^k2;5!8h!4)HYK;Zx$ii{hTXT?
zX}<wX@*oD=-;-Q`j%OEo@J0q(x`||gw$GK)>hIM84W&nKl~t-JZolz?4GG6=dx;-T
zom^bp#ACx6)Z35#h;M(r`9X`Y?|2*8YcZsd<ZS)#??uMO!U>V^fS~n6pC%TQX8D^K
zI6K4n{nG!O@K9-VVmKs%N1xqy#GQgMi4_A!2_kEFQC|H4SmF{ZKUYx^y6g=cJS^m8
z<-z`uatT)%UgP~hqfQgXe{PUg4n!=R3t0*NYG_DQ8WX)rV6^v=cUZtK)F{~Fszy2(
zMdhEP2xb^HwNnkva+vbi5j){2DH0dh|M~r5=w{H~{OW5+)_iH6c%vukX4IO5x(~pn
zeeZ_symTKT>zlZtrn<Pfwygp-ZWlf@zL_P!>a?NR1dB+=Nhk>?lKme83LePZOM8g1
zkkZP)d%qngDlPXj4_^~5l4s&oUJ@A=GOs9*zn?<D!11&&8Eisu5)dNUZm@^i@8i51
zN_xcn_xB>?Nv7OfBZR=mW#Oc!YvV)FY#e^>3w6XZes~Jz;nbij=|8_IR2|)2F=QJo
zER%2gy}1t{cz$nx9z5Xv!KYnr1wR%3A3xPeiux&0@KdD>*q;TkkWc+8C0;D3WY3O)
z)kq7y@9n;6F6{r$Bde7I?R|#Kp<>c~l9)Nw)Z&PNW0O)D>;dq<>)j6c|My3)<NWLQ
zy@dFa&iSaW$QFnFW9OORZ3+vwC-K91$BBHb6Tseu{W=Iyr?G4VgrQnPG3B49AFtfg
zjivjiFClG~q6C!=VEjq`j6Ws`v~};gV^?2nwzc7`Puch<a~-z7cBmL7YW8+auHnd1
zI*i@E`wCr_HgqO)2A^*1+K&@MIuwStU7x)R9s9>&1}VZkNTi?d!9{lNHNMu&0BidG
zpEVur1HBVUq?60q_s^XcbGdGRhs|r@U*Gi^$^SNih)!H34GjZ=!^6XCw^+D|+zbOv
z0&_{)N?+4{8Jc$7#01Am)5qVtpETSDI%Bk|wg5rv*seFGR{G~BJjLV{dx|bgj@p;6
zzozBOf}yMbGj#vU>-=A)7PWLowCSrA*kRPvDtDMqZ|0F(-ny9^5or?kiv0}-v2oO-
zWa?{(BED+?Ipu<^zD**z%&C6d^S{E`Q_Oy;*HzUSP9MVg;R4JN+TTzyu~zG6O#HDF
z^teQwS5{Q+Xj|<tz`~61n~)P8Z_ZqItp&TUU78e%{KxaO&?}A;*L5sp#$Q5~{O<0p
zy#e7%*zTX()NZYQyq`&_rdY~6Qkq$+*b|v^!9cba%|(e9q8m?pzpZj%>mTQc9`4+j
zo2%+$cDqpfS6a72P!IL6`SVcJd{%5vJ?AO3w+ZCPwcPUUeB=Rz)A-I2P(^cNw6jHE
zw!M1)_p*Z7&I=2Vy0zgVjqrR|oWX>ACi=6g<S}LEFq~Fn<D0QLid-n;vMzHfRlIGU
zBkMbo%Cc(J<b87Q{SJ3ff-T43TEEvaUPM%soQFq^*&@KmA};WaKz4%)vHs*Te#9V%
zuVHtJBQ<MLsZ3>3UT<>6;Bq-1dnk`L^bSuPLv>JxYJ18dr?(cfK3l5-?^_{V{J`ip
zP=bACKf6}R=w9x5&;cI`u5@d)ww3)8RIXeO?b=up_l^;HBe5y10@m!O1wq44CmR-}
z+Fd65qsBrGmfBoC%wh;AB=XO%e*E}RN^7odq~Il3v6g`l@x-v_UzujjCDgEqx^5lH
zN;sPfrD5V7oXw_+At6F4tiKLoc)&R<B%8<rL^g}&`MMrz+(`e78x>fS(LqEL&F51p
zq>Dv}DQRrOBQ8vb#^rws$xFlm=RI=P=J(9Dk+y!=-!XcpE||y<zj1Zc0yV8Qf320G
z5g4AyxR2B6CzH%v!j@3#T%sc@54r7BcQvRup4<>Ah{7dh!K`<Gj)%G;WPD=a0aiRe
zTuF-Wx+hr7O`rd4Qq%!sGT`Ghq1aWJ!y?#3GA{aUrz1Q$TM1eqRA?oOfR3+I^+f$#
z&$chb_-ZmTkOItbCD~gi?@<r?^ygs<;AHKL#Cgmo6<qES9tPzKTOCaoLkjN)nBMvM
zIu+6oP4GHh3E*`UZr7Zmo-qFB3Ey9*(dQP8ZSbR$zQ-Mr@le!#a^M<}dwi4bcB2;W
zYC11>#`8az@cd@wG8=Sj4z#020O6ht->4DUC~)jCnrjU^?XWC51^8+Q0BtWPc^+i~
z;VSDkXo&52hDT-u^tVxOf(7pI1X;VKWoF7Ix^K%K0@*41K!##eY%H}paG~qkLV14~
zeJZzEPF7Y{-rj5^>HrUCxo*-Knv%k#4#40}m)TfsLfW_V8JA{B;MCOAb3oCEbosh)
z>0<Pf$=S(%h|P;Hgz0#vfT_9A$l!S(uA**CaouXuaomcP=5e)+{0XqWlb^b{hU)n*
z98}S4UUj+^8y7bZ1Q2fk+E_<xH>7Ur&^jcXIR1NmOf!dG*jQS6{Q(zgfA6j?4XOxO
z`<)?yOb&+Uds0ucFlt^bG7`o~V^XFLq_;tDpRTBtTE>6|U}0Nec$O74_)b^U1^gW*
z!+~}E#%By7AqZfTDoOZ0os4|g0-$^JD)0-ja`f72zG%Cc{DL~{O;@)rK{$&75)7=a
z>+bTr@*&`;&7NKKyP_c;SDp?Y(Tj_xL06l59gzyiLR=~C>P>Hcg3~h~w#L0Z#_P1M
z#Se_m=78&BVLD$2uozRwt5~338ZUb{>I4MJ?H>D|O^2q*8f0v2zy*sr)Bdc9p%{d>
z>#{@ma=A5M$o)Dz5UWhYd;2@~eMW>x`>?x;f?yD4R{snFGst=xkEg7(-Ya<?<f&H;
zs#|DUJtVrq(ICG*&EbhKinA&W%Y2aG${IlApy2!zg1WBIbvG+Jdmh+-Ab}TGUy;6X
zYbc|VuI}UqoRllRL=5YLQkbnx{$%q&L9=VQsjH&GqU(8R{PF~>xmUt_BaI&=?XiQu
zUi7;q?79=WKj|f!t_>?CpcDA0tE{~NhlqdtKq5oS7$UUo=d@aEHedvF<vXP$HbnqM
z|4<x+8+*<016)e#Iji*ax%d@uW03hXnthGl5A`?<tA`G%y}mW7z>Xym)nsi=VIBS}
zaWT4t;Hk~XAe-O0MB!cbrN5taz|zxmRX*%=|E8NxY}a~Ghx77Cr53gfh_zxIf8{eE
zr>y4@b^g+A7I{>;dZ#^WSFSc!bwlV<sjG8%=@AyG+XT3~PS*%XxFf*Y?82oTk#6$g
z1ftz+`54}2>pR-o2`{N{w!?($oOcIRJAjP~#0UEVuLI9RQ=p{WfnmVp>M}Tic<aR%
zhLm=|#nF?6p%q{>%I0tEjX&OJ66bNp_Qu2aoe~0#y3!Bp_W~%`J4Ik2w6?8`EbW+k
z-2rE!-9#b>V&K2S>UkBeD5B1yn7CT;RIFfkNYibc_#Th_!kZ8gUOvBDV7zNDF&VK>
zYw*y10bTSr(t%&zV-{O%8qYqAwG@wBy#o?o;Za_TA&yJJuEn3{kiP;nL=NxSp|EfQ
zJjMr_Q2bz$5~Q_MRX@{OAw+8F1Y4Lz-e`>|wBcwfSEHXPaG~r`8UKovPy5$2FSDF&
zy2!xo^H4u3ahOjW1I8Cuz)rV<HL;e!w;c%SdBK_Fby~sixKXpO@-^ZUSmCyyhdy?h
zSOBQl9uwU}M+CK(1Ib1zHLv?GFMuH8>9tk8wA9olGVM=am!|Rwol00kwe0((Y(F~;
zyR=9^yzk9%qgn&zL7)D0mV8(f?sjnbJU}DDIZH<xqE9#y-PZY;p`%Bw%_*PH6Bv5m
zdxk!Z*O>UHY%NR@Q=1$ZP>AG*_bUjMtlbACz`I}BI2qi0nTcx~<Zk#-J#~?CdC6E3
zO=wb@yJ)tohOLEtPz$dpsTi+;JmPjAV&YUj?*I#l!{FXaz}VMqy40T*#?zwoSd~cv
zn=tmeY4A&`YYl?*jpmRiuUE?^J-0tTP>gYa+Dd(t5^ClSouZ<Rv+Tnpg%&pRP-+5>
z+ABJq#c`aA(L}HHLOU?mAZKP96>zKoUQ6x3HqL@C?6J}2RJ}K}1P-%!L2bstGuLL@
zSnpRVK8JVyS86S`2WnB$nin9sIPn<u!Xk$s-$1H4f!yd7zzcrXMU4kjxmqJka+F_8
zcKp`L(u@yzpFBB8fghu{&4!3hnD9}$ovN)Dc5vw=hQYq-OwHDs_9P}&y?cMu9`|a2
z$m_rd)p9){0!yx|747ja8z}SE7kgK|9bhVsJ`A29k~z)diNJhMa>?hCfn|MY0?Mn!
zaX@p1-{%u+=`rYO2=>n}aI6yg5^pDjm;)A>TTFLQu2*fq!N(vwCdT&o`kCG%q}7>f
z?a?bpMebRA4MxRpuq4z0v*92y5zh~l9+<lyOF*QCl>SL(cyMGR^hW5b{pe#(6dpiZ
zd>micwNS>?C`;#Ede4T0VUqe0?N7M9tGLqo22DJz#(Ppwp5b^vQ8dP#CfayDHT>>&
z);BCt`KZ8Y0l(DEi%?tP<ITn{V%qo&%}@+jV4~P5VW*!@jKz#>=koq|*vJ#mZUCre
zt(kZ0xrPF>VazhF<Ni4ZUqc~<CUsBICZ>VL)9R%&=H2LSDl7xM?TY;0xW^neBEKfX
zG~g;I1p?g7$I?JKqxvg>Vh!cN@fW8m#o6d@r&O<ol)aI$oaCfIa${iovIjs(5OXtu
z+?4M5Zy+zQnHY|-t`F(GB}kv}I9kd$sT#{Mbd24aZE@SXbloI6!~=S55Z~4cvhe}j
z$wpuF4LBa&auL<CX;zVV*ajT&SZdt%OVbIX=<uM?iBxNc%u+em339i-oENtabH1am
zpFC|GUOz(xivr#0T?<bR#3fW=lLvNDkQTgWY0mH16Yccreg~;eQrvMj*YrmqnSC(#
zV1Nr8EakuIWg%2)PSB7q?Cf<=s!mN~C*(dC)vc)(&6*u#P3N1uyJSC3N&+WF^G;@F
zqr%2uY@#IC9Rapn<1mDtsEL|*p;DY32A?VfaiKOF<RX!f6!g9;>*S4_UxDU_o8=;Y
za3hBR{7Jy9j`K8Dv_U%%JwRG%`oj+Ni8hDD4b=UJK_oA%3K~HfO*xM{V(lK|sbA#O
znCp6LxYAVBlyk!(r@&YB1n5H}z@arf_rm31`bE$QO3)@ty`sE;|9h_u{rFBXUL4u<
z){K9JAR2e3nj_vvkCh2h$R7q~dNnG6k2~gvA2Td6cpVqStPkN+w+3y2UKbr;uZY9l
zgPS+ZEpqT;<Pist!bS&ottISSZNB#v#0kH^C&O#7d5{?p`%yVw)&5xjv5LkrAE8;(
zReDCdcB9r$q5@p=TwNKh;S7?P&C<01Q8NxEeN=W>#Xda`tdeG>rY%bbRnWtlk^+tP
zR!6VNJ|?q%it~FlJ_{C$o*1}}XL|G!|N6H_W@a~%z209RK%9AWC1#iueOu*C6e#72
zswV+Q46)p=Wl8}@Roy)DL^=ey^~7;`5fnjP{r4u{(vQ87dB3x+nYv!|Au{rn(u3zQ
zK`CkFs>$ROWh^8mj#aSWh{`cvc!cDQG4QVym(<ntoLXv{h-nB)@Z|heA(?r3lyjH`
zOt|UA!XSI<G^X{~>DvZ&KhX}bNC;Ar=4kp%G4nd2X<OV@)ennm%-cI2N+i4!`uX!Z
zDG6;kpWw~{(1Vf1o0>Lz1*<^n`Ne3rS)UDddjUq4Oc1sR{8J-P%??EiW1mCdvAJav
zW8)#0tT<-7w`-koY<`!<kZjy%OTxn8Q{Y3xcYGelfrLW-S3;4CF6%MJJ;G#>$FE^G
zXl1GIy2*0A+GI>qx5MLB?Wc7QpQ&r^pc%dP)V%PsHCd`^l3IN#07$jmKlw~-#aZ9d
z2^R9ec|2ardzNw8c08>|+GH$qx3gC8F>6e@)Cv#oV;NR<eHxS5i*SM1tNTE0{pxy;
z&_I;{0Y-i3MRFLQ8e>Y0ndvoxbj2i*iLKbWsWp2Qo}3mIXW^|TGUM&Jw!0TR$YeFF
zm_~st{~=H~Kx$HYvhbiIHO^ZG>L9DCc^gq+*b;li<K)4*1o;+Gi@1TtSw4;Kb(`EH
zvce-G=dWG2=7(!fOD3Bfe(!Nw2yy!Uj{FQrMCJR5-dlmv@7ga6qXZx7N7)))V0b0;
zsqx_y?*+3lOMpwfPa6C<zb8NjKMrP$q;;PeD%|3m6|$=a1E~E*%WH3z*K1vAV`Ob#
zO?OYwQSPx|-zySB{M6Scdaq!gFDp-Sht~Ch>4HX!4C@ltOfx8<7tDadV>|05&8@rd
zPme5$f@m+jpmU5aBVzyhrRUZF4!Bc(Jn?gq52{qU(P)4&h30!OJG1Wux?#3cZXFM-
z8n9hBj(^gCcdb#e7uTd$9hiR#O=HXI4Qp6%zB}1d86$(=V<>77E6&Gq5r0Cs7Y&56
zm-<=*q~O&@t;``!b7b`eB_$;+)2l$;ZbDiJ(vONE<4)4B+kVkoQFvr5t)RA8zGai}
ztBj1S+YWe_YO=i2zu9csf5R)WqT72rS*f}kbE&M$QRznB&1p9-F;ol>1Tp-4O~o!X
zTWE11+`J2vilzV>TfhS_>jwxyhfi6lNm}Pw=E|Xr76OwA-qY|1{bOvFYi?C5)-5^+
z^U%v~F47P&@AvjS3_1~t6K6wTZ&^1y;a}SphKlmO%*al2AEfUu)4jbNT8@sFhsSW*
zI$Yp>Xe++0>?9q_Z@172#HkC~r>Nwe&xOrI72)hn<kD%5Q9qv^XT9yaFyfOV=G{t)
z%fY9M>x<NbUr7IQ0^$l56MBl$y{T_;kKbQ2X#JApWj&U^cfI>|BTV@<p}XOoiO01;
z6J@}TM;f^E-n40XN1f44#O_#U`C{ZCTZ~w|UsV&#s(`o%rDiBQrlj66mUka;^R;+J
z4(rw{52@9=I;Y?0d#GSilbl>Xcd5Yp{7X8i!(tmTjGqUy(KUpW)8yrw+_fXq6g%TK
zrkCs+HUx9R6$Bf%6BEr$K-#cFhg<3amh9FqCdCEaKc-oli3DnRL-q3qN>ItqH$=9E
zzKZ0sbHYM0-yPTC8yBHw?Ct-=B<fMCmgu=De7GIXP|c^JZuMHr@e8AgAU$GkQt?<Z
z@kDc_xG2roV}53w5GisJAe^MFeuc9m3gJ`5m2aQcwHMrniQHRe!of4~M;uIZA1rQg
z2w<d~$Hd1aU{isJD=E)m+elH>dR3i*_#XR+)DmoLZD8j_Og5;$Zy_fi9*9d3?<SOX
z9f2tV@k7-`iGsJ5v9B-CdL3_B!5BBrP2!uNOH4%Wwa-WCT9bAgh-U0rg^;fOD5Wc;
z^(K_VQ%}P~W-4=ZRum(WqjX4AKj*9BcYvVH4-nb(4YB++6f~akGcV3n21q<94_I?f
zI#5?5b!b3pb{aFH=}2oLUm{QB<i7ficVn@0>9q{39!HdNrs!=uAq%YuszP7rUc8dC
z7F1KAi#hI16$x7mOAcd0@{rexc@upDt%<SI3{*&i^V?Q>BNs%5I@)(uyg<D$2NLC*
zMa?6#`As}zo#+?{qxOg^h2Pez;y(LfZYdg{-@*uE8Aw;KVCE3RtpFB+DCA>7?Hfkh
zgRmq_SxuYxS}}RChj_m4^n@p7F2Z?IvBMaw#jA)NcrdZCPD!w49^)L!0E1@U`g|tA
z<JO~k4$;;S?-)<)3)Dtk%iF*+ahK_C=njR;-CuPBBnq#IjDJSQD-VWzHZS~nK5pGg
zIy5!T*?b(pRK&VJgP~@&n9@ZXz$favY@Xh(Qjffq3T8CPW%<3++@PuGR%H*r*NEze
zoRT{)(D5)|S#%%BbaL>wB-IvK=DYCp$w)Q3@VXlvfTG|=Nuwmsj`2cgj0u~9nOSDb
zyCRCY(>n5EDJdzF5x6P((-orHT4I__qDJS?xsTi$<-2Qqu=CJhDf-a+Z=_|JzF2ys
zn)}-|R3Pw3#|Wu-AbIILtF59DZFFPgQDiDiKOj5=2h-DdW;^bFJ39x*OO1Io*H-LM
zA6RpJD08BR7MjTtuXBb18Ga!xUoiofcMZ33dn!S=NH(@A@s09~KcpT@^rY8qd;38y
zW2~umRY*?7UcMt1^25A>ZKI1~t76ebH*M=-j9bXhgriO4cOBDY5Us5@nM5V-9g{#k
z5m3yGp*6*N(FhzDMS9?_Xx;Pd+z)uxHcm`6MTR3x%Z~}K!>!UdHWO9vhlyIq%@OHb
zULgM@WIM*tb0f~}bnBx{$h6}&fa0M&z0Oa5qQNdGijV3Um<~_PK4_R8f-A}y6A980
z+Y|nfj(GL+HICNqi)u^bwW>4-quf^eI>EKt<m#Qd7re8x{5mIiG(ku*uCdEVQRed0
ztY~Z3o!j_OdZRp`4^O^($`%c}AZ1EN3<CLfAN{1O5n4=}vze^z0TrSSOGsBjO=aK7
ztuI`3G?6|HsN;to9P3Mh#FpPsqxy@)wm>COm;|U%-Bl)?W)53fl!u5zTfcgFiJCZH
zK<4PUP2R8Tm4;lC{(`d|qz4DLl;c&tyrhVLK1#2cBRW)D-KiyGy?evo#BS-xne!)T
z_L?NxqfV!=u)?B<c42psk(t3u+Ai*9X?}HvDK!<SIgSW1$3;MT?))n~*FaIVXpQ+o
z&OVfI6^83-z9H1K{&&=`$Xy(6ccS=eXzMpMrdVO=r2g$pTJI(o0&}<fy|u3TtZKI2
z&0Yxv^j<vwd}qSM#RqJLS$dQ|(}h+CbaHr#WOWD5itLu%$?5otAt9+8)2&D_29+T{
zOSe)L1fV|js3;N8MMgf2v(0fHcaxq*zFqls4!#qnMr-gYAEnjAcUtG2=&qjN>}>@r
zI9`^Qv|O(}^UTc2xe-+iJm{k_Gum_*LKK7RdPL7SP@t0yuk)rJb8xxg<8TXv%uoDC
z>^9yLzYAETJMutN@O8f^+f)jXnmrdktCie1YQ+cWOmOCjWBRv_6x4UZ4C0NaL-KK<
z;;d#?8!9j3c(nHT&F$1ZIzywc=7|+9InK_v4mgF5En`<K9kUvreoE6hDOkz5nxR{f
zF}L5kZ`qdf?24=f?{K}L>~H-51dcA>e+Pki;?EEFKF)2g=0?Hi7=N84A?lvStFdox
zq9PJ%RLndXpB$U}40d^}e$IenU*HTw_{gQ2CW|CkyP@OJcAj_^XgQ3%x#odhG@{2B
z2e}iSet2QVb<yV+<nt8M8&YQmfbiE0*Sw*Alj)lWAk*lr`L$a>;?^mS?yFA%UpV>5
z(P3UG5~N@%t5I?~Q|15-eLaEmfPL;%^!<z|th?Hk`%=~VCY7ct-_du}e7QkE^>~Zw
zSAvK}+Dd`0?a$Qq{EDZ|8EWM(y>Ft0#=OU<F9oX>lK9uG^TX?SIEW_NpK}%(*#tUj
z&K9O=K<Z_M1YEMJcQ?4JzltX!<u-1^^5xSbBIjjNG`%n7g?GAas{Q#fTxNuessi#z
zQ6ymHqie3{eP10{DJ_Raohuw0OEC*KJfyME&(Z*SA0H4G$Vr5E5}z^}f0a~`ZlB7U
zRS_VB+XO*4e}*1#x_VR~39tgu&Jz{wF4Lj61$<zsSn|#=>dtvSVP-(pb0yqSaT!gM
z-k*Mn#-B<5Z#KRcL<?CYdl+-1nA*g^+M$to8~Apnq*zB3>Oc4s^&h$#3bPG`wT~2l
zQ74Q^6v;7r-nw5D`{b(j)g@y16NA77<&K-C$IK?}Q#B!<v>ZQ~8bo!|-~>@UfM5w%
zx!)#&{vu)^2y5|k{Icfh@3}7My0a*J{Ssrr#l~>8c||_dbKH_uYWBkyavXeU-#B;?
z{=wYmpoG~U`12k--r)4vnL3#sH!-tZ)u2b(<3aWIMvFI$wg<WO2HC&p)V_O3UmH+H
zw*k<A#2miZLz$WRX4l{7JhWH)N0HPC;KY9^lE5+iR6m-&I`Cp~Ykzy*JmcZw=NQ|K
z3uk+k&3&dP(tH!H@nxS!?<mjnR!l8^t1;JHFE6Ea-7cLdt=ire6-8z+xc6L-irjt0
zzQM1Bk55V_h)vKLRmj*WI)j+|U6TWJ_$lM}%4C96I@Ad1xoL$;WHSFsWH9lle3$Aq
zb<30%x|dw(NplsSede>=rSH$a^)=+#iOAORA7&8p8M9$0F>&2uzpRB8>PbCXdl$%i
z+!lW#?!S)hy(tBg=%69i2FuyaSe{9`#J|KSMv-D8ps1GeA^Fz@@O|L-rkYVz?-C)F
zqy<lt@9)C%`&prduJ5Mk)WfYk4k8Cv|B~4YFn95P%Fpj33-B&Z5-X#<TMC7R78M#L
z)+Bdm(k&P&Ob~Mq81Uv#re*&y{$lBP&(?&69|)!Qyd@@pb8~WD%Lv`57W*>YJa#3v
zE0gKpLn$~M06o~qBjU_{v9uN0TtO$Lq!G!Df%AZ_&ojjAZ*d0h7dKay_46RWc)Ko-
zrGf-W^Vi<W5ks;XwgeApInZcQVUfbZen6`?bS*rMQsPJqsf3XVwMG{%Tqv9k7DOTK
zz}!Zm5O~bnFYROlnqny<iBjmr-e)J>D_8taFQ>|ND?RB2I0*+h`*Tni?brgeCgb(<
z18r|7W8*aW*c-BrlOFpAME2%0v0RmlOiQ1u%H$ISZjzQr>Gz8_DSSUe5TT^Fv*4ZY
zf$W#%ZAP8~IEo8?m9s!)1wfk*kMb&mICF?50Q+0`$kSRnjNocd)M?r=ydzz=5R`>&
zpftC-dk8uxqSneLMWzSNK<E2>@xa}1P)kJ{f~!Hi+EL(J6oXL9`=e#{L*T122dYD4
zdOFJ`UL(JkwERj#x?Ubjear<*X(iG$G&IJb^4@n8Z&kM{8LYM{J^_3()fSYlp&Pit
zSTMsAJoZLyH|ufSzJx8d*PiZjSF9Fxbn1iFH!lqRSBw1lB0no4`{yXkyULccjkb{%
z+SYr1vH%r%S^u2DP~JcVqw=wln=%%t&+H`9`3_gvW$NA0m0#;XYGWcP;38+ocKpE1
zxeKSZX4@H)ROsC)_^A$1Tw6Bbx#f8IxB3BBlzx~yIVI(h)8*ocPoFr(t*dgKf{7_1
z4I{R|4hTRl)dt<hxg|q|3lW@GLQ@Gi>3)P{BfKAc4kI(XUsiC}3WduT{IzXS^~YDA
zGMmFYhtpM`s7;H;-qI_nedG&^7)mmedwI@t82C(+A>jF-S%=l}32R9>30%kP#DRaK
z`s-M6Z;Y5XA9wAsEs8nqEC7ZEfxrh>fY<Zbd1){^3c_SOl%u}gD@k<ezTwVdpDnm$
ztUX`9ajcl)-8A66ZZ_Uyxf}n8>A`UeXdBXJ3BWP{$%7~eLqF&!F>_oLmvU1z$IY0K
zG(oOZ1Dx~rUw$bkz6;Hsoz!arjRR$OM^G}K&x-}QwsVBJeV$G}`HZzKfEhKlRj3B^
zj(GWwyS*~x5I}-lsGFaH7;ve8_fn3Q`&P3_6*B^pUlH6obekDIRSvi^0bbfCIZh&{
z6k7WLtYk&`+H{5{fGY+dmn#%3VL0F=J$}FBGVZezVPOYV`jr?G6vyom2u>2G-k(u`
z5~vSwWch@gFLFN$OM5lSiA1R-j3pa5gWUnAyA3+I+Cj@TtKo;2VKLWD+X3$Z0R%D2
z8FmUb4;{6yK{cq*y!Dwu#}2W39kZF4o68l?(?ipkYlgm;n3NtoFm!(m&_`4@wlPfQ
zf5XDUBCWh!%@JH{!RLR25gkH`QCkac=JL-0&7Ttmj+b>1O*MD57?>1AP7e$RPTzU%
zvX2@BavInw+p~l|eE6_+XKA1-6POm&hIyVG#q5Ill!FXemX4aB*rFI(CV+Ppj}C{4
zc~>e5??znOw(Yt(9Q~HcEn$uGUFGuCa6O7P-D|YiSo=g_EOf7K4yj49$VcmC9Ro)E
zI=_-HA>HykGeYgU+n%L3CSH5Vu#Uw#<IuHg(^twW^;xPY#0iaPj(usgD1*eYS2Q3X
zpjzPc)${WgsrPi<x1RgIymZSt{<RmR=R9(zG|C5)|Ni^qZ8`Ce=iT3dqLoDy|0uN9
z{xS~U(WQ0PJhb89_xNXiIeos@k`<Ff-f$u7ysxBqw0CrzWEc$Tx-MP*D!2nYBUB=}
zb-DC{PhS|80;m6t{YRkpW_!%yUE8M$yRLhz$2v@t1V7jyv3<txgn2m)h#Q3MOBOz0
zwsZc(4Ou9TZ0ZxrxMp8TfYB8Ztb`oe#if-B2!0LQ;cN@v)}QVX+y)3lJ7BG^660<r
zI|6dE$^L~TAwLXU*fohKa>U4T&{2oLm{;^V3P1EKc7&2PZ-xM#v?I3qvPcfNPyqX@
z_<3ehZwXwn`W9i4?UQ*x!{3xt=<Noa=8^~OXr+lgbYul}`5lUPL4w};mX0d@6Grtb
zDSSDL17Tv@eKHJf;2eES*lfwJ_sH~4J-@!F$UzvKB1Op*-9HyYx<}~i%c)qadYlpp
z$mX@+WWGI5@tiSW_Fx3OhSBTsTC{;_Fv|;nVI56SD4f~?@1{6y6{AsbO_31*M+*T6
zTK~e`4U0suJcLayitFaeqjAo)3ug%DXQy+NT4b0w<f;%fjGYo0dY2~QPFU~M`)OxQ
zQVKX^1d_P|`0SkXkNsE5x7*pfcvz`yxPXgG+0qxC%ai!sCjhJ7Il^$%e@nhj;;YTr
zfGg{CGXMOd4$sLPpc6LZx&+*(oe)35{cAUrEU2bu!1N)+AvGdW+VrewL%sCk6p^!a
zpQU!@EPdnJ9Ns;MY+~}()Ial&qNRGljSLfYm2hn)*(6UFUi-n#K<35sD!1zd@L{CK
z&BrJqlA`Fz#}U2}Jq+exF|j(&)y7T;8!;`<$Hvna&)lh~_7L7zG;KIc4C-$bvK>5q
zaqb-Bx!Me1$dC@y5P~L?5mz2y-X~x?CDQWa1R9Qlf+|rk2&-Gsve<31Tf?4n-|`tg
z5Yw#6n1fn`iE7opocKKPVPD@%UX^39@inPX$Odj61H;TgbSV}IB~{|A=RLz(3fOx2
zETIdCVKs)6ZX3dikMce9VMgdF%=fI{ADTS&rB{X2ck-2oL|g9<s_Nd{CAnbuH6F5U
zG_37()3Ni0p@)QgBf)Jj+oe;q_jt||j}>CYGu}&vTv`>!p)*=XOHqX6jLzUgRX7??
zf%V%57-+p-1UJcDKOsNCJI*Pe-w;jcGI*e?%MF0rj0&9t83r*C8d#su+3{E3dBE)J
zJ(F0KIm_4TeL?&gGueFkV<rprc?U?MI@*PCKq&}#;y|*dsgAiI2H3SSi>&3r!04gD
zkEfh(Rk8w%o3MT#)xnSY3u20AG~niX^)b3#Xe!eB$ODy_R{V@`DAhY5($a0y<N;K+
z6c#)(dAU~17F=K$8*_hE#64AlKztNjp)iLcUq2g*jD+r^H;dln@WloZ;w%(($skMS
z7tn6Xoe^&vkQuUwfqS0qphK8RW|I*YZ2_okuJgI4HaMc>EF{ejgOBTa>CQH8`EI->
zYzM*^)5tv;adE^g=D;(7Fjb5cU%FGo7Yq^CYw<W(4%ezB$lyFp7)32ppCHszv$`~%
z`aNhJ-I$~>sGc)Xz?mU^L*FISc>PsktkoNh<vOsNLO}Url2lU)dbj)Lcu<%{IU_0B
zmo<i9AM-ph1EOZ0NR+z85_Kvzx@;0jw7eGgSxsi~#%;J1Kw<l2vX1aR6BU;O2s<sX
zc8COC-yJqjMAM{GUil2ZV!XI8!HI-Dp}T><y3ak3ngN5b+E(CxW@;DD4txDrY^sqM
z;-^<Wgz_LvUk4fEI-W7llok(pTL5A)MCD;2fV*k>SXFSJ@fdyMc864AS|zJ(5v>qE
zWKoEHru+l7K+v*=T5T+4R?>mv^J-ztmK>;B*H4L(_q2Yh&}pHg2UA_X@zBvwyQUN2
zLWbe|SxNE~Z%#kQIvj?8Z_|rs(Q9lCjYkc-vm_qgGx*p1Eb|+MH_={Ru|_F_s7TKB
zv3a63uv{qd6x3kyY66lD^Q?n+WDP!XMd%D8VEzIqo&aqBPz~I@#YSfK^b@h3_cT|+
zD=_wRg-;(L7@7D2&?P<q9Nl=V@QaTlgb$^axYiIRybmN1<8s(5qO7p1kXW=YXe`8~
zIk%s=w&6lg9gkO9-yxnAu@T=PcJPLi!Qx*}88R@OSQqRMbBB&(`jWUH*hsv*>b4^B
zQeLgs?CZ?(k|3H&mja%ySLlx?o=?#w)}E0j<kTo`of{C>#=SyZdM`(8CP3|=7Oz6%
zNiC3@(UKn`9?`%)LmDu>Nq@$pbuyH|@8Ks3AQ!|M>^wx(1#Z9Uf^3wIS}!`6Xo9E5
zIy|>%@ZdRyDrC!Rgjoaa{`t}=A3}ymHb0K~7GoK#MykyMzYrrBi5PV2;+$8VOl~cN
z6ib%l1dE?`s)LdMM;xh64zoWv-+fWi`JO=K-Bp?O2$Y~An?)4cH}C+9REwPnFH{Dd
z2_xm)>Jvh{dpM%Uv?Yvud=d?!)j0QYiMfssMS3x9OCbh0MRS1T#wYchX{719NQFNW
z3DUvOWICakj!k|f*OZkQLm|Al_hD?082ZFdGeg4cB;`!ZoAGPK3Q=ejw2&BHoUCHE
z(0PpnN|k6}${PT_O2(|bG0p&TQi$-Qh7BETywW6+pn<XbF>U(yCyIG{0D3C+67m_N
znM&w0I;<IHOcq$;NNdC*{ppW_zf~E1^eB;j=R^-vwikANB?LtF<6n_o1rVp1*V{Zl
z1k=5#SmrCW^xWj*(!B!IJ8%!}+uO*U<pfrggeU*4Rmxk-#d~ykIMIC=2H5z>)L>fv
z{v2@U9a9qsZyJz07!_;~zbOn#?*PtNF>j+J&oC^0#?XV}A_LJUCk!oP*XXn}avzI!
zujSL%iW#iv`CoDhCBHGzA0uY)!b&e1AK8)uF~>|H7m41Qe(C*%YE0Ui81{K*V{&pN
zEPLhy&Ep&10Th=zgIkF{VX%`PdW@c^v9O0uO^6?heI!cJ=OGI`^VCFOHrn$%!*3Ri
zXr=Nz)ZakpLPkM5d(GAIo;3<TTs{Lf9Ry}dR6-_>i>hTr_z?DiCgKAF-ONx4|D9tJ
zMxbb*l72pUF;`cAk;wPleTdB!yEqgeW*a5OSDOL;C&22$V`KKEP?i0!$XbLhs{n(9
z`N100Eh%Xt^pl#Ut0sq3N>Zh+UMzvj6_unq#W1wh3w&4pb}2q?L@OH#d(uk*(sMWu
zM;!}A^F2&xHOv#={p0Mc4jDYu4edV3sW)b1;|rqwxUn3Z%b|}LYJo_GgxXI_ocAHQ
zJ0^1gBoQ@oZ#a)7VXF`8PvIm`5vgK?E`h|v`A#?n34Y2s=W+C8bP^(B_D|K!rG$}S
zH}f4eA4%F@cy`0@7V#k1h3NG-4MYKaop_E45QLiV=`&9UATUhP$N=f|+zSRzVgdyT
zl%%No?b|)-{4Za6oWMYlFv2GSVw~==g_cK@D}2|h_R^!_L+|sxgqXd1VU&St3D`$5
zkf?T^AB94mkTbJa@2j*xO(Qd7IjBv>kf3+jycD`rsD+W3x~CC!&(ulAxM3(do@WoJ
zZf;#C!15B7!Ne7bwknV$(n2&P5s>%M+-3!*2LVq+bHY&9Q6n!K0#jDr>Mj8d381_4
zYENCSf5JKx)p41pu*2so^F4Df-UVkLtq;*-a%gk&OEF+O8!qb@sIJEo*mZpP6-!pU
z9%~-ttGtJb#Qfe`RC<9#cA7j!xRTbrrIAieLyd*m=y>V0rA#C+0zWw1I&g-;+Zc=V
zZ0G%H)BA;|x}Iui4GiMm4p019W&Cz2-ie_j@FcJU;_L^Hwz;o8!;`H1l&n}vc)C$f
zAW9YRTwlXczz`oAN&K_ZEP<r;)&5R*UQy9Wr+ELR<kc|%b-w;K|1(|t-l~SQAkx9T
z+^VQlWS@3}FJ1b|6^_nuPmJwUBQa}S<~^q?a72?Ra|;NajBlia3cI4y5=e)DT1=AO
zU-8;UG=^=sQovhGK@LoQnN|6#*SbAN7X!q+^;xZLl?5ZvtgYq(*hBRwFL`lM%r%M4
z1yW!YfA!&{2kTOu2ZkjHtD6RTL_UTQ&m<}nH1P()2L<0Cv|6Bv|C+xk<DHRb?=&XJ
z+&Ch)aG`MG09f*=!HYde3f6;9N6$Ijbni{#L$8~5-zfTAx4^ReyvwT#tl(iZ1~!da
zUcq>VH9Y7+?YRMrZ(m!~rV0CQMZ0`RdOKo6bKNaGQl^<Os=?+oo`oE)h5W?w9k+ZG
zB9>Q^QRbA8Fq+ZxmM4?sj+~sl@|hbp!GRA_^M<DCa(T-WK^MRsAWa_$mH+OzQPQSs
z6DK{?rtYAHVjJ@j74#jUTed1FsnVQ8<*1?GPj#AH6rH1PYbH$<n+d@zU})C!b-#?#
zV@~-{1Ld9G5DCox^+9+clM+Tz_-p$eM2MN^HFr#J85s~nhAaA{X=2PgaR{jN(g{9@
zK>ek*6f=Ne;;qj#J+T|{WyGi@ByVSRl&tC_ieL8wQo-lAh<LJSI;<A`Axggs(OB60
zSD$nfKiOmqc9{Dz0+zpF6CQzX!2m{Clv9&e3K%G2Ql3V9e3Ml1XSm&fyy%qIT}hg6
zy*nRR>6a+B6RME7vT>e@=_^QHV)Z4ctbG<Q$lJY)hu;3Mz_oQAN}NWV?7eu&4_3}X
zFfLKgFY)#OTuEh~9yS3iqh4y0!RxkwZu{0g5uVSQeU0aR41)n6P-F7=1{`)U45*m`
zAT#1`CErsNBfip#dRC8`zCh^1sh<hQvyx&;t`-)3x(B&d_FVJ_5IO?^?E?6KrI=ad
zP=AO*j&F7RJPN*d_W6^pauH3WQykn5fxVj2g%)CtD=4rlOpppfal9{W`;(K;$%@a>
zTug!M+vv=_+v>B*?U_e*anqI;jX+~T21vm(>(?df9U?&vyEx@TN^<eQxftC)A(7JI
z)AWV6FU+iSanTr?Pdd<o1IrHH4bc01MK~LZwyWxTI50bo2+@P#yghMtKZwW_R(TM3
z6773o*x-B$=PG$4)m=<VHfL$ZEOZGp-*!k=GCP(h#C*iUoICRhCSx3VnJ@x#EeWLl
z+aMT4KR|FFl(fl&g;LCr<Et6m?gcJBUGlu8TziLD$PkgER(XB`!GKzNOq_i0I>0O6
zBdQLo8}ia_web1GUV0!!qyX8PydM9KV(Q5;xEPBydb))YmzG#^wWje#+rf*Oq#&H}
z&F2OyGqI3ZL^vlooCA;R2OlKB+^an?AUIn`3r!$t&pSb(bGpCKIW-h7hH5a&bQ?Qv
zKnNE3d9}*R6pcWLuv4h+@w`ND6y`DdKsiTR-*T2B75FmrDQ48c$_cp6`%${Q6giqm
z%9`%@n$5veDJUNP_LC8#SVu1=xibf*OROdw1q{Onb<GhK2P>jXIF?{(-I{bSB00Az
z!f_%iLvjI8O<p>pMeV4mIrf&Iibz&DtPu-~;oH<4Ay%Qo8Yw!_vvhwlR%$X6;)aOI
z1d2FQtlga3Pg`T#!dY8r1N=z*DE4L<a)=WQnz{Y3HjVdZ^;QK@2;$}&P)<XoA@!%+
z?++Si4Zq>0NI>!+c<jh2Chrdv@F%p}`BU#}0HTz54_)wxsEOsw;oG<1wc*<`?3HE%
zI}#6FrVu#tNzZi2VYrMNehD=!<`h5%7T*CX@@hM@IFuY1S1T<otu#x03|2Jd{cV}M
zTxCve=@BIjxRvHH$4@bYB4}dkbL&JkhYq7KyWbta-!Z$*?+s|)(5E5yk4qRT=#LNS
zy)BtZbU`s9-9B~918bCi37z3qcG#*HHtUCyNg;@=apkD)dh63ZfBrmOoq$3-f)Lp(
zQQqJHQG6k4z}Wh=@hjQ?q3+GYsa)Ie;SxJkrpU~~G9*$$naQ-2A!W!MQDjJFg+gYs
zEFu({hs;w*RE9|AG7ly5kO-N5*P}G-cklN*-rx88=R1zQ_g~wyp69-=`?{~;JkM+B
zfDgI(ie@hJi8+)f;g}_xiHPXlhbL`Y?2~Wb*<H=D|3to?hz04|js2^m+)pwS?&-@j
z?w?4{$l%{#jZI@GynX3%s=g2DPIq;j8zCCjANNdpBF^>jH55+AD}Fi4U-ZOcJ&wmj
zXrt!_u8%MKFreiZsR@N?+=uvR4&C*;i;P$#A|h~S*855BAtXhfJ4;}Py_>4~*A4L8
zo{wqfKK{7O3XsnF4n@y4N=k?by(IDWk!a`sIO+M`>lG{V*sptt&a(tuy7-39B9kS?
zy3G81skWuA9&QK1f7ff*V0+>>4|4R!@et`p1ki}a>@=b?rOxXgjH=-nx?9l2BgAEQ
z;}CsTNQ*pPHy8Fx_Rn61y(H3D{ss&m+b6S-PmjC*`ukUeI4)@k=b~6y-J=JkJ`*Vs
z1wEwjdv)nopU&eL!s}efR*F+I+RW8Q7=G3UxnfFk6O@gk>gFf+M(Kw1z64qk1)1uP
zJOy~O|3@4{G@bM-7NLJ<iT)Q>-~Vkw>IqMD!N#%i4zPCF-#Cj1gXw?gh60!3`x^h&
z@d7-lNd&U9>$K9iZg(2{DR5`3lfUc+VX6EVZZ66H0kv~$;siIEFJI?BS(+^W+~kFg
zB$M_WEWB~~HPYB=lyKe~c|Tw+cS4BFIsR8y69fdvSn-yxXqPzq3nv1ZlSQOpA&wX-
zIB_oAx=04A|EFb;ks2I3JY&e}?JX{t`6ta5Sm~iJ=4+|)3p0AwcOSf6H{Ik7hCB87
z?}m#IiqEo=4%F7|DY+gu(3a}N_fOpH+{|o)Ymx7xBrgq-M)j9M@!q;00k!r2W~>MW
z&y2aEM$WsfGAYjI{+|?Ol!pLCT1IxL&qy#dnePfi>!oY1t%VW}B5H>T@`K>q*w~n#
zW}B{fUR|@t@aDpJe0=hsbYKkX0R9*E3TMUpA4IRTyx85pxdF$rt!1LE3m=|$>9^+*
z;xs)q-WQR3-z=r1T)=uH?@@{v?|82FdkYcJG?={}_e15mBYEzpq+9{Lh5%XTZ^{Y<
z@z&5vjjs?Vien(a-3^`C3%*YC><$$>3*U;8i0An&s<V|9ZaPl3e}73{{A<@D74_Y`
z%mZ85)P|w96OkQREDr?UyFI^x8hLCr#ShVj+O8)hb$;lF^kNa@Pk(iWp*4%5!vE5U
zcO$97sPu+mTTaLV_fZwO3)*9L0G~ei(LjezSu-Xsj@j-&&q<&Q3v=a@|0CQ0EK!LB
z=NES46VhT#Zsf46srlw7=8P>Yy4vh%UGGW#JtN!EvY0@%lo)$os(ZGf@^KoM_YV5)
z5emiE5w}mW<Nc<+e96J(_@{Mbg`(5c$P{~e3PAHBh>#uZvQck(HMH=j7lz{s|Jchv
zE-jVQl$9kXWD7nLjbGJoWi;%^-dY9#U(G|Mx$=<6JlpAeZ~J~T{6rzKB#X%RG1XZ!
zokL8&z!(S;$^%7+VzC&McwV*<BuIC56xEt$l7py1d~5oBna%JoTalePwk7h;%A~D$
z+SuYo;4iQWvf3zeyt+gWTJ%1)&>pa2N_mkxuL*G^A51<TMNC~_=k#sVT_vFiM*Ye5
zM@}yj9#ErWZ;@9=fy#)dakcM{iYw6lgHWx6f0tyC!u!bbf)MwmFA&vq7f+Fll1*Z#
zi>HZ#8jee-wq>pDA^KqU|M)4aIsDXrV!L3m*f0W~fA<AgDQ7~scvwO!EzX*o`wJf)
zzCIUOE;b#^8_iqngAsG+yIk@}43hBr69P=XULif(;Lwdw&QG<+J!LN|{^@lQ#~Z!t
zpI}|vni>D&>O8EGXT$u*58U;IAGkYafd3Eiz`uPa@Ib`AvHG0=84vs#zu$<}54>dm
z|ML^bX1Rp69|pJt=Y8Z{+q$@P(L<VQc_7sJUouq)zUZX?&i==s#PA`A_@^b|#J+n+
z%WgZ}bv*jWfBYHf1}NPDjRw~}c-FCSlB9Mjez6cMUDXSsSMd1XOyb{O4la#<J}_^k
z6Uc*#1W%qkTQx6lu9tT@Iy$;0KQOC?_iu+^mJroyCM`{Rc)I&SKp=6lLI{&T!$8&~
zFlDU!t^c^AHtKS&kWd_m&y%J}*VkkwSBQA3>nr+)qXpO+%Q-!DwA<Q3!nuSGCiwn%
z?19Qij^y$qM-oy+0LlmA-<=e|I5hHKH&io<UzpauMEN<EfM7`F$%w`u5Fzk*QmOb~
z#Pbu<>t)SyF1Df@=;@zdKC`+QYEV-%AfzP=`}6eXZn(ET?_i*}<w4paKIE6JVumpS
zF1)YSS0fjw{8)cv5<g>xbe3JANf{~f(J{J8d*GELB%a?&PRZk05OI_Dj&dtRKxog`
z_V$*SmkVhnclVw7XSmHaSI?Mel}+KX&bO&v-Q^ZP)9OFh8AGt!wcy>mjwmzh<*R7L
zBc`CTV;Z{80$G{Bo$OK5Bk3sXF25kg26OjNI}^2$^InBce12?h0_A^qNl92KhZ+9#
zoa@JU_tTxaBdo}ZhIQ~}Jh~?vf<^ot?mWQOP|fnOh`l9cly#s@YI39V+ctw3T1BY;
zbc$GGyk$r2a+7pgYp?1on)!i#zyu9zk|LnPpCU#8(Y=~?oN%L+Z4cWJq1`<*@xVW$
z6b$L^VRX8ljw#(`N^qrZ?Ne=?#IQ9NcR~svt40HI)a+n^aZ0quo>hyBf1r_&P=akY
zA)4&WgIp@SdM)yK7k(R5SYb-uzLd<vV2trQNS`10$Fmt3$$2-t7w(z7`Al8^;O{a`
zpdlj|s)u%ff8jPwF1)QyQ#Va(n(YAcA`ENlg-XyU%J{YX2&lEhW{zTa*lzZXq_nhi
zRcHR@Ri)^N1bD88XH3$)3@`R-IMd!`yBuvyg8R}RX42$`r^vtH`WkNb>yb}0Koutz
z>6G~Nu6qYIQh>~k$_-K;t-l?YHu=ZG^LyXQg-V(vgp(dUtNYBz(rh&-pl%m^Xxn*`
zJfcq<iVF_`DSamM(JH*DMmva4Y#$-77GiY&24uaQf4U#k1$>ZQVFyHb)TBqcc_g?W
zy&d<Hg=B(vSpHoi25!awNCSRA=l-`e0O0kY{dDZVq$vQhoAH%?3Mf5P!k=64Kc-Ot
zgqHuWAN5bVH{T(0GTTY#pL_fxA%a-#KXNZPP6!C_-&Z0I#60F%pCl)<*J6=-=kok~
z?#W`a;x4*>N9y^Z$N_zFpi$##-rUPxD{Dc%@ZaJpR3IS;{@g5p(;X;c#gKZ&15JXN
zQwIr^85)pOgT0w#%{P)o(Td6=ls4BdjxoB8``CYiO#$4?is&c}@PNrDsL;PoKacX?
zb6!jX;uKMN2*tm{$o~%(VlNTR|0eo_m;^Kq|M%SmnEQWuzkkYHf0*nuU|yMfV`Qq%
zm{(WU-uIkINx9$F#*=SrT6ogPCwHBRm4LwIe9MKT++(W5fnSqO&6D>2c}HN6;`JjG
zi`ai^68!iTyOnK->g2V=EmQ#d0xDwRGyO*A6Q|zNj<C7L-(chrBfntBHq1_ZE^;gs
z2b?npGrSJP1zt%>$&{N+n{T#@8UGTY{DAxG-TG2o=%>zS6&jt~iXqR6LtA)VY`ZQM
z8@|7edTixkrUjGg4;7Q|*PIVhxOZAChWlKr-uo+XB6jyv|7zt@KzaV~r`q6F1my{h
zB9<T?{XW*SM|8_sPNY}(lReoB(B0jplxNO2MsNN?#6OmhtUSD<1@LUUmtrzYZ-+&n
zJ*M}1J4xOtYkfbRMn}b*pF|X5MiLH%sme}Krx&wauYV!E(pD)T)W`RJCgs%@05gYS
zoJ7bCeRXxTu63zt+ehDmtIZJrV55tJa`=5{3l}z~-(Kpznt$mf-eqQ}hVN&VC|7<Y
zyI)yZc^)R($;~$kL{|Ya3?<{UU$I(FXR=~zbM3sYZm+d&mCu1Ngl&^!@VqDMvQy^8
zywd}&UzMMAU+D&w5!&O%cR>q?(@nMaRI10$`9s;@m41n3!lxWX@)2iONK3{Ie*3T{
z<2^pz-!(iAHC`tNnLHV3Yn=4R3ZNYw8BA!J_+ssx0pvR3$9C^a#sEO_Y=QB8tJgnU
zYT@GLV8Nu6lv)On8$+@y&;sZ!d8zOWnz<%Y=U(o0(`rak3>yXv<^o9^ziGfU(CP*p
zFKPmCRovs$J8h3k_H``2buMF%I89AWuPw5lji>{7*L$~Ya?e&p&PV9i40cLr+8goD
zVt&c8u%NajhlVcWD`Evs%p#D&Z!dnNct2cQ!Q#t6F}8hUa<%X8=I&>TzCIsz_scsG
zadu#FW99%X`v%}2BI24)Yyb;b&*;?maV9_kB|U<O#2|=|*%DbzAVOVcWnX`7@=VG&
zhv3_uSIr3IM0o%~CNK%yTrewzTCpjxKXW;L)YRclJbfCaJJ{}33)pSxgN>PzV5W13
z76PK3_~Whz2#0<-D%wJJYL8JK%Spv<>@>aYCt~ymqR>wOn>kBk1=1v!N`fi@srG?}
zknu@YarD-gk`8DGm?0%-<H;*tQg}kQW}iQG8n}P|zWl>iSWbHV%T5x&zRe$WU+Y#b
zuqVI)B*KvFu&3wP2cV@`u0LOBJ6k)t<>B|}_~kMu2@XlppCC;dLK8qDbC&=?gG&9x
zSQxD5^lvvU8*n9hnaaP837xfaIOX%s%&q16lrD~Qq>7d3On#af9+AoxLK|muw0G2o
zQGX#~FevKydqByMNUqzs007AN-mK*(P-!?+_%Xtg3<Cq(WTV7f@^4M%1NpObEcRB=
zIa4QA+%TX^DTcZ7YN#+wZVPI{<Bz?jt*;a1jm$Ujg_v8woGL5`$(#Y$kXFbqnZGFZ
zZO}|Y4N%8eV`wWO6dn5fZ)i2fA-|b8x7CsQ7L5W0w7Dv(8!)UR@CpTy?<eN_odyMo
z4Eh873DKt<dkW3-f!$ta-P1pC<2B>ReJum?0?8QAYB_!zhC?7zEc0UIKio+(K3fj3
zz**vpi24Wu@pU};O9qsd1FH;>9$7(%#8Fj-kanAMNJ<Kw5hcBFRz$8qSmQzA00Axq
zAv1e8{<0GU_HO9{(5zv<-jfA~aY@iM>RdoTm(bZ8Gcbs;T5qzdSQ+)C)#*bzg5!iS
z?;OBT_)ip6e~s%y(CLUMOFu`W<55Divtw5N8}0#{7zCb#*IFGR3o!V{nMEBsOExa+
zbFT@iY<F0Pcko|HZ;M7L2mXU-6mq)YzP$3MXq3Ch@SQy*$ErkQ-IlcN4%c0s0|=#J
z2os}1wb<gj3&&TE9}^n}VWyKXVGx5*r=*$4b&)xvwZo&ij$0J%tH$yVKr@2otC|9%
zsqKUE&DE(Zx(6{Zb5vft#3r8H4gl7C=4NJCkf)L{a9h-HS(|xkI^Gg5Z?gi^?Zz4x
zJVg*t<{hFGKA#5#@aOwjwaReg?<512Z^>A$cb3Art_$R=FjJyA1Q5Ad=Vu40FfTGe
zV`N}%v%2Jg_81J*iJ_#Xj=7urfHAeAVnFH9exXZuL7YD30fyyEphERL-KU?F56I;5
zKZ-wZ4<vjH$U6L8$7PQ~HP8OUPR#_uQ{>Q0Bgi7n#Ko8QEW3|A3x+0nE#>V54L@o!
z=AI*Uk#jI^^9_2B+#?v4`CgWN9R@22`Bt-G0d-An3j-cq{56la6W<L<NJv<U7IfH1
zAf_lE5)-Asbbz>r>N)8R&||xJOrVa}FGI?{CPZ@6EQQ$mx{d)M1LjIhU16y|F<Nw{
zFsuvxM0y{(?yToTs2W!EFBzM2sE5dyw|v0K7m2bTPeE0HHc7J6?7%3^<_|_8q%W~j
zU4!jmm9Lh?pvvp|Fh3a)>-il18$2FiwXD4CEpbg=|Ds>u_@tnt_&Y$}@uA7ZqjhkI
zZ%rQ;{`&UB2zYzJ)KeyPWKn_^5eqZDTH>ZBRcjISL_s&28yg-TUI#RV&qW?ffEcw0
zVS@8oTATnynD>d@R^kB=bsfkUF+Y_W`ZmTqba}?F=M<nNFXQ9o+FXr%8D6_7#<H}$
z6anYfZ&?cM%jkYL-F*v2T;9w+7>tr`A{T8q@Nk*UVI3H-89hBcLY<R>>kV(f5O|Pr
zR(dC%{)`C9FsQe)6Z+*zM;Sr&>!{Jb8EGW975p=@ry1Ql+b7(3-Y`;MQM<@};^`tF
zoT@Zuo&5qT-OD-!Jxp2?<UB)6){NXi^5a1o-nYIl9umgYggFC%={`bj;2ckzjZ1@b
zOCl@qn3vM;5D-Qlh2Otl+V}=(<C4i)ipzTK2MVo`he=|v5C!Zhao|T*ko0**?%Vel
z^44!)28y{4ozcxcL=0@dc>YZDBhjb&yXzP4`$^e?;uTG3?W#?p3;5wLdVTQJ=O0DB
ztN<*x4tiroeV{kfI{?}Nhd~kN-kpO9E+|(PTl}hQ%WZWw1aAAga1#-pk-MtuP(Fo3
zxG;u7{?O#MtnID88T?PGN}yv*!GI7*2(CufUKu25kTb_4YMP1AwGJ(4mgp5#-hWct
z;l0Llt4yh+I~P4X#{&RPtGNo`dQ%U4&;1fzR^flKYTGbvdJ<9%6X(@1zYN9T6XBX!
zpAz1sxji?weut5@2AuX(j&Z^nlzkV@4?`9r)z;O;1yE?Gw*r+PMBP^HX$8!%R+>W)
zia38XFv0}!0{DiDHbw!EX2<l17W>WbkZXIU`(!y6&sMCx0eHB1|1V)fEWSr>MJneF
zMSYQQa<u-dLp@%|5x4l;7YC6J)R{2OZ)9?q*Jrf~8bmgR;A4Y;EZ4N(6cKAG<iw(c
zC!#H~&F5`CtbchKMEI93S&_#$xh_y~B=}mnaW@^=J@G5ZvOLzQi!Y7dhmw4^a@eO~
zuuXwp>uk^t!Yy5~DTQH+!^2^!OFdqwJvUzQ0wH2<J{!^UvW3}lr5f+7fZk4f>z?o^
zO%BuD_?*hk9`rr$u3^3hZ@QF;r-;#*AP5j+qN=|1d8I7^MgPq{zVZ)5bX`PhgsrFt
zEUyn$O7Xic+pNF@XtoUv>P2iSpgvyCeLm5-`kQ>$aXceeRn=)?&-6wH^h=xlfz(J8
z?(b|+_MN?IgimCxOv7A$f1j>N{ZL;JQ(h&>w$xMZ=1cP_6XR|`8rr#lCKvvR-Y$gQ
zL5#~zkUEBdu^UBjh3*hk8Wc+N<N1q<9`JENwe2BbUfjgb&#oiCE9KdJ?U>9y;=6Yz
zC$ANJ-h9C$M8>;~*cP73Ea>B&EH*@`9XTcca8H8SdO~Ox0I)j-S}77JJ`1OqE>Xks
zh}4O;8@#k{()5#l^ybYOD5_fJh|K(~q21V~V?9h|GAn|{9zN|lAcKMozl8`1;dKnA
zUHLlu`sTkD$TJMCxVP2@2i_~~TzA;3`%?*OIH#plSrRvN`nwL)J$#DwqaS7Hn5(&Z
zEenGEt(W0a6pzPuL{G}TQqjecV?KO>y%B1k(YbvgRpmaS4)Zo26fh`<YhJjlY*p<)
zje41TaDRcc^e`bSrZ68!I&~lrc-_%x_0sU9Un-gvd&#f0hT1T5)JR$vykW_qw<=y-
z2e;HKmmVGji6eb}+hNSDG+Nuj&t+3Ld-Z-crpM_JRVb$!Zk%L*Fkqi(I7kt<NB_g^
zflR2n0zS^qnue&8c^l#hYD$rs#dSjjrHtanqFUWpSK4F8^wiLReLOV__lfGU=b5}0
zQk0JSE6=<us2iDs*rmJwN)*5aIX5S)$csQ{bn`2s^YYwCta#4yAjU>~Gd&<MFpxmT
z>6nbFi%aSAOvlJ<DO<o2*2+4fZtx~Zf62MMwK=o;@*XH^4YSORS-1LZ*>}-6{cJ3y
z;lEmn&5kvp3xWdBUv=h|o)F9C?!>Zrc>eH*P-6jwnBoF2v!DxBYuoJ8w{u@Y4N-><
zjn-dFWFt~MtqzJYHW?3!2&%LT=RxC1b#r!WlkbWa8CWKJR;35TiTa4@TV;Lb)fg#6
zWbVyyeORxaLit}>C`B}NK(9P2UOlPgI@t;KubgqNtbReixVo5oyFkEH5)jGR%-%C*
z$O$6<mB%8L1)7w-d?^bx?<)G!FTF8T+Mtg>LOfSWN0EzLF3boSEY5q-XAy-@u`K-Y
z?!jSrm6z9)URoZlyESx(7(K@s=+Mp1iY*bwWMpI{C80&+yA~U)cIxFG%S4E@&}IQi
z1qU0(^J=tW2yAu2?5}3|wyx#G%fNU+8smf4&GiPLR;~G95|jTf)$j(o`+T{A!jxc^
z8Aut*H!BR{jGLv;Hk{GcZ2w@jrj;;5#r~*|NXGKmI}RRp00EBOMCdPvuWyV6M`<2o
zsOFU>LQ8I~7et-!n5|4q+Xo}}$T7!?PNW==pWspr+^YB~T!VRRhi7zCb#~qIf|eHq
zqpyVy#v%xUoucp$B-s9Tuam7G1^FZwL&ZQ5!a%F*N+*%+hq=n7Vo_a>7q;)sL+TP-
zvQC8Qt&CNfe&KFi-+zCf#qiK4rs<Z($;*E!;IbkbNN!nuVC?+3yQwMnKmiCry|f`w
zn$iUVS@t;ahpgBhbe%nL2IWy{kzFc(v~-waN(XUPLJ9u;iXLbh5B&D^rdV-Z$O%Om
zGPAQ)5F*#&9<&>RCYs^>@Jj#@?$MiYkMiRr;8sy&+kbx#vi~GI`@h}!2IUALIXr35
zE=ua}aJ0&n@(hUVzu}jezxu*4WNy}ZF)CyveQj_t#-uHd<bHfr;)U>9HtaI#fKl_J
zX<Xt{%&82M>IZm-$0xppmo7RJP(1ty2rD*_gv+8Gu&t%NnpP11*Z@$nDH}C=Px&}V
zg-0DT!izq)4^+bODPHtLV%hj5UBYeEIrDh<C}i~CuFSq90nlvIPLcp^=m;%WcEJmV
zkv@D9VJRzLl@1b&$Rs;IB5J!HGm~W2x2!G@b3D$-MYWmcjv?I@P;46XxYUbCXYU{d
zepJ!6DesMEqP8v=uP6w3m^@dOulJ{($#4jv(bb=^J;>O0j+xQmvXdhRc42C;K|L!y
z<Ed{o&o@cyBi+{DswvbXa(ZM|m(JQ)o>O}A(h59ab?-GSo?^LG0uur513tx<>gkgY
zno2S=mAH=_83D0Ks{K#$3EIg9Z5wzU!**m&3Bz9`Je$QuM;cDIT&-kuijd}9uc#8~
zE<Ayd`L77M$;+91Rts%wGrL!?zTWk5f@byep~jB;BA<`<sl>v89;T%u{mofw@Sa%V
zJ{8z#?8V<+(4~IVGL${=Q?sOJSO-2uSMzgsLt1fns?1{D*tNCWBQ>v6i@FCxf2ukh
zdz~4iR9Il57K|bu2|gTGvt0VQBGFVzd&;oqvLiSBclE?+FN5@mLm**)@ht$_5`c$$
zw6;sl{Q%)!$oI?Boq%=vMtJPu!Kt)Iyl<E0yRWuxwyR0pcO(fpo_g&Ny@02=>kK$K
z`P<!6D$$U6>ktzY7xwQoXr#{LkLn95PD-wD9c6yr5yvIN_nbAm%qRzjP2BW_D(<wn
zVBXh6DI86XqXl$DG}U(C5Ne)az)gX&Av}Syq3H7<X9eOj0S~|Wy7f9}Xp|})J+<oY
za2rzQtq*I~?%FBO7mKcnOyKlQU&$wy&opVS$|flI$R}W4oda=5NC?@#4d&RL8P-cx
zj^RMUQel&!YJVhnC>Dl(mfj(ri<hPWAsh~xu7&AgX+}@`9m62Ne#szY`i8RGp|h(l
z0b*|5D{mhdEnSYjq(nUp!Hy>(@!JoHR6uwFq1QJcyqBqAaTzY<#<w;s(-`10WMv7S
z_OU|OnY*W|JmLn<bXoc8<P$&!wwi$GXgFYAHJAFIZVaBhC9#7plhPtY1bbE+?_+Qv
zck;}&{W*k56CANUOAtC%cmAkQeaEt2WGa_zvcC5gb1(?>vRXqibK`NTZ*=+G;~nBj
zU_=BPW_|DNrI$|pE79Y=r>1W)RYXk}4sNYHu`e-Df5=&-;3I>Y_##_c&`V}^J=#!A
zb?j{v8*tdKWL)LFVe!<X`bX^?BfNW<A?j9Zss6RAT}3CaxTzrT<}~pazB3u5u7oG>
zvyr&=;7(kdho=Z_w#aqEj3T@GL%Q&q1y_X>?Tm$WF8g$agBHTTM!;}tcjbOsIw7f}
z&%Tn?&ytJUo4)Kz=ATHaba{I9(E)`w)LSt#R!;1mCab=K4Ue?seYIY+GWlAwiZbVh
zjujN#X9`s#V(a|Sa<}Q!joYh)5F{tf?(d@bK^^zAXTMo(+u+TGys2(Vln(zth&ukj
z2>npmshffYB+a80D3m1;zCmBQF+V0ot?;n;xn=Q&&VZ2SrtPQ7kt(Mvbh<ZkP7AN(
z_YaTm+nRVk5g;}H&TY2tNwfRV%Bi_m`rv*PZuLIOLgl<0zd?x+`Bc3zfhd=|Wp;mm
zJE=8%cd<oT?c?84myX!yrjF%mm@YHk{`^>e*~uFO-P@DkXtX<_x|ZOks@_q%*tw}d
z%&J3+$R|WrWsnM!UA9J8y4ZF#X{dm?vBs!2%3{+tX@MswfYj~^FLtWwX5W;^8uPRJ
zi1rI2c-0)?Cxs_{wMUoAc8fR1`Ss<I$y*`Ve3n+8-s7SoT{I`4LBH3z<VYjv5hc-{
ziun$0I!E+Y;u4>B_roq8-wri{5GMZlxvSGxG>>izlR5vBFd2vs0Dc9eNY3Hae;ee%
zN<M7o_MCQl8<D>eI~DWUb}i}ZNQ0{Tu_;Y4?PE{5tv&ExXRe){e{U+d$bWV8Roz?B
zqT~8EUb}I=8Bnlfx*T{FSioZ87diEj7Yh{V{T_6V`+?WAc`MZ2Dt_iQBImw$WT8kJ
znrIz6sWyO+g)y&KvG~WU{~||oeLhAf8~Qe?=$!Sl%*7l+$K?aI5!Lk435&v&R?{L+
z-lRv)vJi+LJX`XHMaVrsk93bmKmhT}w~|~kz9jc$NW}&Ar`FhguWyWB!9P{)gGW@h
z4$4jxw4q0nlUoUAz^^lSxj08T23)br_*XOxG9Tn62=ml)n9Gq+9Kn|OUknv+SXHny
z>4=n!2|W6Z-R8h)lyvVc=F(Ej+-|ziy;&V6M2n9rTD*2G*^zd~JibM738zVn9$$e#
zRksq+yZS?u9}$$jh>tT#U0K|RF3ErW+2w3X#h0iK<>Bf;$NP&yw5CfC;RRi^^Rui}
zurE<DLg&=KVA(KfY1wRh;uPPbQZBFZm7ec#$4`LUxC;KMMm~@qa)Jh0*5FMf?%27D
z0S}gu5gBzZ>&B;!7Nmg!KkXtZ*pMGxos!pzE9{}yDl&=Evw61xlDhZkPO3LOcbDXA
zV<Y!4X`iWW2u+>+utIz-S+!D(w(Od5m96Ks824ZOVbojvG734|z6<L^v7qxM-o63R
z9KYLMPpdeH&c$}3^B=Pwz~eyr$V#NDTiDx^odxOxdzD=l_PBgxX0B$q-643ZAv#o#
zrTDHi>bt_-<=5wXzJB@{Vco$m6aA^nvri^xk@HQ<*&M$o)?G)o&*wv$f5uB~$Gjsi
zb?N<?qL}?z6_bGQ|E^Q;jofQ7)Pcp|+L@lMlc!ZmEx$eBc!k1-D<mka!X32}5N)fb
z*yGK~;)c%vgpDlXoBb^ba9sba(uxd=K!Ut1vK4pDFh||qA_ora2PyOwx65x*&#UWk
zVLEzlUy7r-ZA6BV4?67k*7cyBPTzOa{r+DYLKLTB<Gaq}kAcle=9^*#PanIcQRbYG
zUbQNCL>Wv!%MjWhgG65fav(|bACg-;&hzG%%`a930z$QMzGx;7*(pwU-4p`ct5;&$
zRsvr`mS>4Nf7ZodJ0EyeFYO*h<)LjaL(uzp?Kf!Nwg@~L%VW?2Ew@k2GV?uladlz0
z-CpYvrhI<xI&Y-&bi74q_BFe0P5td}lS-@Y@%;AA>D}2GLFk*}WrD3!5u(|=zOm(5
zS||PP@80t@*^=;U2>wf)#BXL4`CaWt4<YV^S%gPKJZP_L4smm8YOoMh*DomTB>Ok8
zBlu)QEp}kF>^{Gfim?l(&>gE>Z1m)tpVGm;rTAFo&KGvSx0(rK5mj2R%Cco~*uwS9
z{CEze_=)?4<7*|PAcq5%z4HDb<CVlkFU!0e&dSAohhsT^Tw(x>ONs*z$7Khu?e^eV
z(?BH2`ZZn&3dEqB|NlXSXPdnZo=DtTm$j#E`g*j9={l(JWRu;b_c?P<uR!V{OL)BG
z^;p!e7s5*2Bt&F*#I^d1spPSRrnp8(7kBrI|42W;4ItoMnp#AP@{o4^si%pUGY#{m
zA1=v<m{q>s2@L_tw2R2*5Pk1nun1gTFgvm~iNDqcE)RAZc@KOw^kDNfTm(a7XEbxv
zd#7p|<SA8!p;EW-xw*L!C4}<^21l<xyy3Gj`ToiCjKfbs<bQ-8iQ0f5KGJrUZ^ri4
zzC%1%eaG$^hOG}?q;H^z&~IuehTU##qP`K{of8*77!I9tqRDg%q;F;UcW=U6u5nh!
zq;<V7h?Q17mT%)Mt$4x)NqfX2eE0P^1w=ZBpdllJ8>toUrx#KZ>M>&jxgIAJwL_aC
zXFV`Gf^rnYIO?HV_j#qp&JD=;{Fh$riaK>8;i~HUHw4srsGN$`49n+>9kx)*a4L-|
zwHtc_g>R#Kl~4sS^*SIlp3ldGL0Z{c%>z*{>eV!EEiYthbJCv1pziMai+{IvEGoZ#
z-(#MDI#xecQBrb~P&rCUa+l2cS4UBSJV!~%DVb0p2TWW?fw^Qtl+R%jQ*RQ-p3}r@
zt-Sb1^o00{_x<n12S*|&GA=w-(Qy0bsJ1w3*X%8|LXMfTyBV(-=9Sb^{q>d@KJM-^
zKzf?9a_(6GKvWoW+S9yZZZf=5WbwK%)uT48)TLyp#|(t!&?uaT*2J0Eo0I9*d<q12
zW<h%+zn0FzUY9fSfM$4084PX6L-LJQYeWWt!TEznJ`9+s-&$|pl3jA;?Xr_b)l(a-
zpWcN>cIOTS=BwRJ7G1N^OnIWVZ;EbikAy9~!>aib>o*<_K?4jODe_q&ll0*(y!sd0
zNz_NXsqI`MfgHW6Z1I4<d+b_ESDWi6{UY0<@{`ZXYrB>D9-qH<?b$%}US;2gPu`PG
z`i4NTx<-?MRcM;jnN8#lLZ)nwVtTEfK0@TD+ge&K`MhvlXjR~dMk=e6RD1#f!!S^z
z6q%H}A#oyDX}b%##pga3s7)%!-7=m_kB@WzWU4?Y1s{Q7@eq(qrKX@3#t<utZoyCh
zMMNlQxo>rQf)3UTjef91KRc8{5_K|F%%>-a(U8R<kyhu^+Gh?U-E!wVf9{sZIVc42
z6GbkM`@E2&)<;8GX*T%F4L|`jP*;2*xZb$5<j8hy{oC!Wr`?;ttkX$RiW<riB}<GA
zj6H}~FU6J5hmYE|n=mO@swb{}Uritb+M8AX!6y_JUENJ3;%e=-Jw&fgnu3DIn|{_a
zL^R3V$UG38*qMesZjr3Zu=1^Pi+5{%Owtr-q^i12UYH+^x&8(U@)ovd#?N^|Yc<+%
zW-<92(h4gFagny39&UQ;l6a*UA?3-*SGfw`o~5_q7hGw?A#FI|Jp|1*-`@Pn?>OC+
zHVFY1`fLPGD2t3w9hg74((Q+hXKF$~59giiQP<CQabciLEW6g@tw(@M%J~YDHYiOI
zebt6H_m7Mq((s`?VVtTF(1|}j#DBGk!DTp9LH4T((xdeG3XKDE)j`*zy2VPH@BuOF
zjEKh5+&5?%A%*NqUFP)Dxm6^gs?Y4!83gpywJii1Vag;My;WgoJpn%e6LkAsGgM9E
zWi;f2>DZZFzj$<Ch4wz8#S}(*8El}TM?tGFt4ZvuQu|*g`)p)1MIF=E{XarEoSN!9
z0#;~Eqp&ix;%ofWdZG0uBHZz=qa)hx{ie2t2Gz(+%i7v2?|mZ~PqJ}PJ?WIqbKP1S
z4ABEo;j$}+7A=>#RYwwM9*-ruoEI8!zO2hWb)i>A_;47=(bC;eNHn$gQ&knlj5fwl
zGb*gr0$@UEA!zi9f8^#UDoXrTaXGX<M@2IRX=f~=E0ZcJBt8%D9En3j_ANR#)5j7*
zC3^V!a0^aVi_Ie2HnI>bbyzI*+f2Z!Rty7r<5NV(b21FYHCh;)SGu@8<&I^qA|_Ye
zy4+6EGLk*;><Q+2zp|hpUCs>`1t#YYyHBva=7_O0HkgJ^!fIwt_sPl?<&~VRRX*X7
z@C(CGV1C<^vcjGXnqrxe*~P^|rJy2}Xhbu|DDXzckY5A8#r9jjQ(!Rv@<-C!T*yfJ
z^0J3eFhgW+qr?uadd?iYY)gf~Rj54jmc7c>N^KX6Jr~bnfb>MzILrr#pSr@pjgy^M
zX1F=JhZ8H;`e%chp|#U#EfmL1q8umDPk6!6OWgPD(NbA;o;e~?>j9FHtiBMCte}-}
zErA&WR2}*YF4g1;ejEx#p6};J8iL7^UU@WeB@TJ=-n{<)qd;_~Mvb7p)|^s}Al0Qp
zeV7<zgh-hwZJnPRwJ=<Z?tk8^YQ;y@o>`YbwFQGRFre%<zKGO;uRmP_;#y_!Y7()f
z$XZbBGhLNaAMu630Q2A8bmx3ze?D^QT}3u)aB(T$UVoB3BH#M#3S1`wmRx4`ICjt#
zEoz{&i>}=#_j3OlGdTWPTW(`(TtO1o@7T+m|HN#eJ#JG#CxmZ&zu2mNNAXkkiCLe;
z2F~x>8X}br+d4aGI~Yia>(jn}S{a<WPW|6be=_~-L((2o^Rwpu=qiOPChK<>0@-@#
zryD{ytj!m^nh58s531H7h>f?aM~VX2KwaXwOZ|JR)%*;(!~@nKXvcN(ZUrF#NoKCZ
zR1{8BfDx3fPpIDJ7jkPw#9zz|7#44>KA&~tJF}F2A?+HaSHyB)-e~#w(GWR90*X&!
z%O_f<3Wx5lwp*O{kYTe}=vgq;D>W+&u6V(8b3C4dTh?%LCa_Fi@?t#KQEZxIzXBWA
zLZ^E$P44tiD2)!EJ4so#j6vZHly*?aK&oh^R_alx;q>z8dJKmtr??4-$kkva*FTbm
z9<zb!vI1ZKl6UW;0ZldzbxLQLvy}O4{DNE%NYr!}W{nc%txYaIAvBq-cid}wwOKny
zSB_IW)mbtZuikKLRqK<Mq(*LTc_tr~ll>KXM%!fLJBNa?J<u;z#&6Jf>NjOQ_s$(I
zk|?gj`qtO3@vCtc2P3$agQf{XkpV~P?#BaMrBHwIW|3K3=WXucw35_U{)aa1Spqua
zN@)(BKNYdV)tRTOs)-f?31{VwZ`_-(Jf$<8%ckGqM=l--qdTH!^W7^8&D^L?Tj9!*
zW+B90_t*s+?%{rrD|u|e-Oz+Y6z7HBi(ywM@Ic4c+Io}3=^Da}Q|4L#y;1NK(O*9-
zhYN?qW8-Lz;k`b?cc49{&K7Q_@3vC$<<-6!>rrYe<*sx&Hj3$UByKD1)R){|cE+<5
zuY;7{$%5$dn_?N#hWUcFvW90g?v$?2H^^DhnLaKCctMvRS4T(y(cJ7)lEGFHo#}?O
ztS6PrQ@MwD6%A9VI0f=Q0iG-H?xWh;+Hu!~lDTzy&9`dLh`B|qvLZ^P5;g_S$fPzD
z$r(1y6y`@S*y|iCR16f~tM4d>rqV>@#rx581SZ~|B~rG1H(u8x4eiNsX7Nfd5|KJT
z5;}qezRgt%fU(@}-CtF<G8z;7CDCE5>CutB3^sSn*{Du0&>-U|qBP{a@fmT6uR@;-
zDUW76EIUG1pAf2`qn_5v!lL7f=ig1Xp4WP~e+1Q9w@-W&l;ooY*MgU5#jo<-e2(az
zXm^-#J(uTw3hHK>ZH83F0=P3ZIC%ZeGSE|@A(;~rRPmJ5Job)|_m-O*ImSM%`S@#w
z%Y74bMZ80DzWqV8Cu(K25NR4hwbkdXQ|-ka!!^Yh<Ii?}!n@cuc;J?p1Pff;Qjc%r
zpP3PUep{=1%|I5r(3BQ_4KD9@I&;+VpY?u55=j>WP7a)hDX_%C3VpL`>mwMs{Zv$z
zt%f~|a%awp4M}$jCde9g6_)Ug)sC-g=NWsijOaFIlO+m^G@bgizrdH|K#MB_-TlXW
z6Li58x9i&@jn?*6+W8%QLg)W@$TK1-r#;{xqV9)`wrI^;G)TnriM_m@+@;wv?gLP)
zCc*<trhNf~I<H@!x5JF@KRS6rLhN;{7n5Og6)$&y8Kt*;teNgL=%vY*bbWgLt=)*h
z@r@p1aU$PfMCodq*#Tam3~6ujV7&7za&lpOFxHA=zQ(rmRvt;cTKt(B62n#u*<w8V
z=1}(39$3q*&jD6@8+mO3UPafc>`iJ~4t<Jx;g`7#PnT0xf^RD<ME5f=NBFPagno;%
z;paf9gsQ6xYmbe?<nL5h?t`GbSuV1u|C3zr>E5$;d1f(bWU1gY<<}qZ$ROdT)F4s#
zkloF}ocwR%b<%C3iRUvsq;TgfO8<<6lW%@f{yHs`ETXHd%BLVAEBjT=tQ6!x^XCo6
z1CuIFS+v&SK3@?yPUR^X{rYqw)xwC<SBW$X1z+^rb~ld>45hLxEnoCk8Mp2PHN5ER
z3xO5WwSmMuOEsbsh$lRP9iLML)Z177%qsfK7beYT3CI|&<3m{;$CdO@t?{HHO0~R8
z-V#i_t?k0&n>QK6V-Hc8s#oXYDLRoe-uQTyjY)u8Hf*Z4Su5=3wRa&Eg%<DbaqNF@
zOgn{THGM4CtH9=E?-$5;`m&Jgyh4t?9P^Co<b}l3L+s3W{v>0qu19-P9cTgqZ0Lv*
zW|C{D%%@jC@jZCF)jdP*;DKjyVMW(S4)HFDzN7XSrXO7PS!wEGIg`D$Tt=+RZBx_B
zU7;UowbfqS&c)1I+;87ar5IMeH|;j@_ghKjv3gwlt;+n0_YZ`hsPVr%y13|YMIna1
z@n)Wk+)SDKs^#2FX~&IkMs6SQ$uNI4ZA+zp_h1Cb+)|si7VJjb$XDH_;`0@A**c{<
zqs=qek%qR=NR#p0piJTH)7P#o9x}L@oEpjYsHTb|?;ScFBt_iqJ?8w#v{0>)L#eSh
z&j|2K5s)jN%HVrZ4BytcMMkY{>%yXb+p#M^UT8s}@p@Zlci5?T;gbuii{2}sFjo+1
zC6V)dNvBo&(hy%>DG1x(P)t<qumLXxm;=Ns<R{G9-VNa6oGCQiK6YUCP+^ADxT3$E
zuEEo4$z_fFe6{9;=&%_8ckTn`??|9GG2FwlhOZXO?CT;%JNzQi_!NvO^U&gt(KZKA
z?{lt5Kc?5jXpx3snEc%K2s3gJW2rmkE>tET*`L6QBi0nDQZdBGAzlBHws=7y<Az16
z&a7k9AtZUd)2Z$uGv|aG*^}yZ!ZxkDF3%BxN7;q9!FKLV^Tft8<1K?>7|VTF;|QMO
zX<nEGF7dQtdp`0oiijwpD)_03nlI18K^DfD3WLzwx^h@AhhV`YChBf-o1_u1+0Yxd
zNqo2IW-eWIXpN_e-g7!t<b9<5M)CkB)-0Q3LqpPFfxys^>lU|{94e1*XfASa0L&+-
zg@H!L(nRVyo}wP*1r~)=Gz{9<2&zj~l-78WTV*p8%6h}&$k7yio0kL}sTi@@AggBQ
z0rEjCS=LE14_P@eFmb|`1Uw&ukfwWyuYx&9i}C!MUL{tk7B2e;r}uMW)4Cpa_Ug;t
z`#cs=L5QY%pD-A8-EB%Y!R>LXv7EqQ%h6|X9Lev+By}v?dg10=y6C!{b4qOyhF96$
z+{zZa#b=8(`O38@hy+R?JGzr5!F<&(GPkQJSux=wC3%-!F=uNJCEdcN5HPkC=CakX
zoO{qtB7fL#l#W(Bh4q1H;<49n$JB7H!fmrrqt{#RMy%pMWMb>o5l*j)bIs9$Prxm;
zS3~6NG0HFaF(Wptf^yQ5KH8-HKzh(un*DhG1I+^DX#pzHH19_(CX`Wm#uzc3nx3*-
z@gd*#>T4c<S>gQTSpHlseW1#tCo+%T<pk)k$p;;4f725ctRCL_QH9$kT`Ga~ZpDMw
zRR*`-h*Df1^dLk>Lx$uyZbK1l-D=m?ZCcoMH&YX3Zfz}8&^Iom9BYxP-{GJO_ur$J
z@-@_tifUJ%t}RQfv0{;-9rAT8MrSGxM}6AVXlWx%j%}(bt|XCcXOYwyva<FTm^yj%
zL5(+G|G)*xsQx(B?JRg)bT>W@ODl|79dK$Z-wTG8_34+P$zt!~H_X&NIqg5nX>P8=
zI4o8da{l~<u+Y%N6X#EsiQOe%(?2smQb&?{ZcwB@Z8XP^I!2X+NxH40<BE^ac+QH*
z+tXhS#?MAKGA8g1X^Q!;<u{CQU`y(47DeI!R|<N6h2w=~+(Bk}+igM91jnGcFv*C(
z>{{O=-PFUMafR2KXc^}dLM0*hh$9y)R9+bAEB3CSf$<&#+A<mor?^j#uhaxq_&vEq
z5qJM;(?j7DWrwc&O`1usWSrQkJ*qjG#>EF!4rHmJMXEUsrl<KeQLR=&v{}l1bU8U<
z4utner~{jg4>q^Pdp^$poV5T2PwjkJ==IYP@oLto#m#lQxxQ{e=L&rb6rEO{a_Z#7
zmG50{+DE^Wl$DA@QZ^}SaZtLgK7k<u$;ssYmXkfaULGA|(vABvC{;s2CFc`NxMiLl
zYRjWo!BE2{z2L25s8=+;uc(PKp|aS*e;>MXeS|M@!tj%#HUMDXa`~G$Rq?%xRO!wr
zJ+_eC#v!ipOcz(KvS?L9WQfxgWk`_}#;8ANiF68n*OEYfa#EG;nt-v4A#O%VW{IIN
zmgCU-C~FAXrmltibLhRNi1X<tMqlgnV`3!H(AVdUCYALy=(?LI5`%5RB#wZm;`dh<
z<d;q)TwrkEzVfI@?qG37T`qvtqR|!H*5>o7R2BB88X&E+p4X#Mc*$I3aWpt~{$5wv
zYIm5F@z+u_@y5V}6Xj;F3>u>nYKWP*SIy8qhc<3|sW@49KZFphRAC`5B1}c(Fr97U
ztHEaXr4wPQ3QubYDD<C(vX^BpE<_7XDjqDnmJ}o}JrUl?jWVB5LFKh_(aj~a?+54J
zlfpYA@QPaqQDkkUtOJdZ6#o`PB)48L(JE&{jn+)p98dcQMPr=gAo@j-+iBXg+q{am
zPX=AsL<&E5q$-KRp?qcd80(e9SJ-Aq4FR~&&j6f&f)%Q0UL&==9T|LM((3-3`&iG~
zKhLr%s@FC49UjNhHgcZVxF4EvjmRLM|NIH`!MAV8v)5Mjgu4-6LVdbX%jj!J7iO<A
zHoX;Zbtsi@7ECVkwwq#S0$-9ZgDvK+=2SPe%%k0M-r=!6J+h*X1=wMSNtVo0p@mY$
zs)mL(f_bU7xpD-%V+t==Eip_x4oYxmn{5*74&nJ1rGJR8O0et(a)mN$^Rf-ODBHaN
z1MZ}1--fOY+m#?yxhIQ@5Bn2NV;^ypaC)Gb@+iL<)d*8b+ea|+iheFhjLKg|Dl;4H
z26lQVwT``v_U8`SO=&e>kRzdD*7J~MGZuKIka*UzHK};cfw3*ARhnDg0d5R5qK<B<
zSM9q}O*<|>l33&3T&OJYI&g_vIseI+aqop@U0<nghyLbZd&Sjf@vk3$U+OKQ{Sjje
z1BB$#ZS?VNJ@+6?yY;s)t<Tv_+}x&Th)+StJdvIJ_U@U(TX!}yviRQXENEFZZakK`
zV%e(4Dw3768IV;aut4qR=HEV{FE}}D7q|A1_7(YUmQFW83TZY)xM36@91z}ATorNP
z@~(J%&BXH&ad+&S^wijE6kbb|(iF|R$w7iIM=RC)y}653EA@v9D#CJzTDk>)9PCm#
zuZV!mw}Ju!bCL(3qA3!sT>IIKfP(5#VWa(W5S7tFvVm_?n%PKz+Fbm(vN(fJ%X6Qy
zbZ1isoUQ^AfmLZ*{l%Og%dCpWaf!<+<)kGW7ru4+1v?L8o9-rMs_$xLVW-nhY-KM_
zD|vikEbUVKif!NB6sU$DJF(G48>)V(3$$64M4x<!m$?XA;bsvYZV<CnP(l-5RclWZ
zIx5ggNX^?%gq~wyjV>^4OHxd!*i<{N_VsxeAz4xSbw-h-%}+B$_7msB%rxy1y6jq~
zT7)`h<AYVsGwa|st?wGF?E4;Iu)naoiMa<=q#5anK2k7$N8s%3L~n@sBYQ%mi^E??
z)-~*ynw)%FiFS*O$tjUCPJQs6g^!zS;*0-s!}ax^ED##JxFC@#V<;cO)Nfj*_bd)V
zDwy?=W#4tLSVL9La9S|`Wku4Hx+0j<OD8RpNLk2ZSfMux8DBK1jBikyU($++dUd^)
z+6|2N0Y-jfIltvR^<ym->Y<n3KIo&k@C22F7nnbN@Af*)oT)hT$m0v+lgHQ27xI~j
zj#pG9j3p=dax}j;3m*s|k#4tZUEK&?otUAq^xe+3O^CicWSV~nA*}r!$n%z6hc>sm
zzHJG{HCjE=n=Dz&m9W7hMDO`73-@~!eR~1u@dIRDaAJpTIkKg24H6O_=*SIA#^;gO
zs$W92ms0M@xDca6vKpn3r<@fxiJ3rv{He4SsqH);Ne!Lw#8Q2OAVIlhcsQAk5KUAR
z@vFW}23h`a?bMWF7wQ}XUNRbc@id)&eAQKZzi^T#Hv#7pghFbZVQezKzGnIA%CTp6
zo{QRkZf2b{?pEAk?`Y(?(8SuQTmSi75p+!x&1K&%_yi%+fF{{QA_=?0)Ot1^QAC^)
z)f|x<X?wOU0-T}|AuN?G$6iIFRo(b|o>Dk6^WUy9Pc*tNxU(}XSNgFtzJQb8A;yd$
zjwdspGl9DQcA=b2;hw;W2liTg)}1WJqQer4i;FuSvdwK=^g*@(S&U=&&MKtB2c^$H
z*wjo*gdABGbW(OAH$MnyZ9gq8qAkhp{P+WK)Lch*$F|FC4x<iRODe67!-tXs!}>qW
z^!rV`?QVAA2b{e#wt$r+N7u~wDl#*Apjm*wyVHC)jjxEo(&yxG8hQQtl{->5wvB{y
zui}k0qc#Nv=mVtv<9Z_Bf!rVPx99Yby<NZBbS+#d_oAWURY>Qlv=4;Uk9SND6_|FC
z)hFM3Mmn{J^Ntk1jZdxDujdJz<Rj8ENs2ehZ+`zc@5U!a0p&*T?Ev@tD}|H6M_1Ld
z?o}jm=wVQy@_-sqDMG0olz`x$mjZK$Pw>oe_+diy8{59F;}S_-+w1$|y>@x9l1ZV6
z;-No8_=qpWR~Ds6nEm6&i!ms3gKK(Z()llJq)>B<Tz@V$2@(j33S$D=x8@zxA+)ah
zTVv_Rk@)TB{`+E+;INOM&)s9Zz-Rr6jrsB)zjjB;ooHONp_~Aw6aIB8>7+1bzPFQj
z2HCHno&93<xC^?B@dM8H6*tmE($mwIjB5V+wFR&nl-L(<G_u;>m3OV*NtZMs8HEjY
zDUyI7b_OP5ZD&icV0F^QWJigu%b$4CfARZRWwM+bFOm7TRl}pWSY}zuqh0oP=Sd{E
z`D<>l3O#`L*)db34^wz@kflhFKf^kS^oY<;d)PMdJNVJmPwN8iKUpR}aY@2XGZ9o8
zDkLZa`U-bNDW#lkShloI{;y7FW@d)}wo%yl0b`{NE>Lq^i2wTs-?<|Z$9M4^&ni>F
zC|%;-jjzJcy=s{tb|!>ZMYNH&eHaL3Mf{a;r!M?(m|ON=_p@B)a8mIGhcz_r=gV)H
zCAN@o@6zM>elEY;&3UOy4mKqFs09^ub)W4|&pN<bu8{O0GvF369KNGlNg;4=ld0{v
zgBx%)2?(IDU0f6+$1TUnXoZbSj-LO`E}+bbM`5O&uO7i`Xmk&=fFX=!Kod;gAvi?|
zdxHfxH`bxGJw_U|ukj;uF0usbM$mm~VJVVF8|fJcv330ZFf1wFYE!~c-8|Ki;I*>Q
zD${W+%gQPB`W3Wi(r|R<>x1&B33AoX^zhiHsXKkpGKxYXU5B%#a^8wPI{NzWi&zi+
zv00!8^h8Hj&bPex8|9VAx3y<LHJvHB!Uy7$eLwB~WbEjrXhU19eKJi5x;0A!@){s2
zq!Zo6MMqydL4B+9dG3xw`0g7@0k=1c?U15WGcwVzh#9wW()DA=LyJiIqb5w$NX{a@
zI$`HHLL@8!m&5&}fuu+teQS!Rj{N}y-`&d(PlLhT;V@x5?mGTBF0b}=I0IUOJJ~`8
zrI<DY<Hde0p@e6*5Y-v`O$Uvqf?>rlg*j00k8gd<htKW#aazR7M42pIJgN9Eqolpg
zC$0)cYYR<HO)2r3Qu9@m`%CD$GV3?}v)fw3sgh7IOaFO<cj33m+yN{k^dp<_J<vn}
z9;7=K@(5`~yYA1E-f>Ick1b~3Zd+_pGCNL~6kt%NMx{~O6c4pQLy)M5)cW@=hwn!#
z!?P6+@@7kdWiLMqMSVZc0Vr(-SuDN^G*YMSybt`bT;P}kl<pAXSWim5@&z|exZ}nV
z&&T0e{hI8Ls{*XFkPNj~QAdY0>Z=q=(dROgPZzX(<5ON9`2BFe|5r|i@<j7p3>>8d
z2en|0_S-&YY@XE$B!7S80y#W#wZ{Z?^{x~@+08sR{dl(G!#WGlp$nBd4FX;C`+mRU
z;GNqrm!ORvCYoPS(e%&&<}!AeU*V6|=6|+q*)8ZfAtJU`>Tpptb{8BSrJbWAx4poG
z|FOUakOfXTOd(8;kCQz{479ExKl(q6VHaNVX;|6hw)3TrIPny%AKuIwk@sA7`~oj1
zi(Rh!<7$K}2`hm&j8Zg=**_cvb-vSl#W3W)T1YMsE~BgqD5FC$gbaWGpz|2m1WKVd
zyHtogOm=-4dRBH?!8JyI34Y-bUOn#8(;xu>rQ&B_zgN3{TaCl4QY1J^L3zAX2tRho
zI)Fyx_O8PZvHZ*Sd7^oFL*KeUJW+L=6px4;O(b~W4^yJpLv?%CE}<GlS!s1Jt6}e5
zaMySinW>OtC{EA9mv8s`Suw7|xqr7-W{;=>I<IO%R;YcB4g<U;Uxh!cHLJVkYC|?T
zTKCKJScj3g3&f8^$jIXDxCGP?&G7v}yjy6#^wlBo2G=90j%d|qbZDAeSWq{Rocir+
zA?Dg58b9l<p^^MfU8@1xLkBK@y0U<OFpL2`^8N+lEI>8r`wOn&2K&m@?F!FSQQ`{A
zcr<9V^X*+w_cHBI=8^nyC!&=uVXU%(Xe21(tE=uapqaSXEdkn)Hn-z49Ej0SRXna&
zVeHLgO;nwzdd5mQSY1nt*85pm#+g2>kZ#EL(hw5oAdU#)*j0(Po{lT5g&<a7GLoUu
zs^Y-r+t9)yli+YjwodxI!Sh{^LoC4%+?_=@78u-MGm$?cJzU3sx#L)+ngg4x9QpU!
z@{Y^IGUIXM1fCY+SM`d%-7UYLnWM`0Kx6aEGc8BR(d=Dj;t%=p6iIDX^O0WY8uU_%
zRgj3_hR<9bxki@4JsSC;gj1-9?KaF0KZE6jtD-I6Bx?Lb=^<7{5ow5n!sLW`SfC{n
zuoG8^5K!1+FZx8=nQXq|C=jts3t+37;rQOp+3{B%c;pvBZ-~c`DFAJeeLVUhdbblR
zhWOnIu{{m=BdOnRS_m&_h4>7NDe@<CqmM5pg2TVGeD}xNA<vWAO*H<j!BbB8N=Yz>
z^?R0Cujf#BD8Gpu=$~;4V&Z%K`GXWfGRgheh8gA-dH(RWT>E!7D(2^=cQXWW;ZU9?
znu#hB++deJ{-Wlx9ErLGfz1*6Y!6!A6~yWKE)EkR2og}`+>TsyQ^E02n1Zg+q>`XT
z5YtFiz@Ltj3$>dHqt3-*^n@hOMI03uD%c@~I(&)xZErl3vrYrRZRZ#grRH0iJ(#u=
zG_wqhrf$g4$l~Xz3m50Fd!W3No_t@zfU}R;>*Vrz>f~Tz6YpZ;X`{y_SJlfCVMCm!
zzuqu`MNHedXCYjvlTO$_#(NR{#>BoK133M;e+cy;uu5{d5jbvx%ey?e&v|%(F#v8K
zi!hIe<N&1^uUT^NzSosv)(VluwvDUV*p2ZXTVJT1x;Ga1BLByo`opRzgQRYK*)zKS
z!B>g*Q|-OOT{qgDQLLa_$-N=TiI3YXXg~tLd?EMzA;2wdn+z8a=Jqc^`XKp-kCe(o
z5+@v_4|z8)x!((fNJ;CDdoY~kq=BL8tKUOck0FW=!s5fK`2U%5d^hqp|5KXs|MoX=
z!cUGr7}iRvh&6W)>}3lR76CCRhMGUk<41b8a{`cqUxMUpE3joH8^<OR*&t{8n@Ro8
ze}nJO|0C)BZ99G>Q}xp4``jNaw1Q(sR9=6Y94p52rR9MO9BX<9=;%)lNVmV!<N9?!
zOA(R7Qd;t`V$P(skJ@AqqJ^d2BnN=sT$<ayaNth(zq^{8p8vca{|DcO9Ql7;4@fTG
zy$e16pUEX*o7&AKyQ$n*F-Y0&KKShz`JvQ&{xwa5)UKB_Oak`)wCqkC@%^Cu&wnF}
z<*IsV`$@l>qb=XKh)2IvC*o;#1XUJm*36USEd8X*4qY+ap5x^iXF@061no~hM62^C
z^kWe%tuUIcNTY(u_YeQG!gB0lZ2PT51rpo<;r$Lr_^2LGhX3iiU}1U20Esv9#Pns`
z`?f;MA|BmEf8wF3Q^H+7?@de=a)W|sV?)d0^<N8*e(>b}{f@1Rk`k6o9ox^6hQU`f
zG)t~L3ZHK^{L8#pJY{JkdV`-nmoZVX^L6dxw^6I^eElxPxL$|t1i!nwxB8Vaze#KA
z>EE9^e$d1Amdb2<&1-Jxb^evO{}34MHQC>eJs4fCo^?5QP<dsVjD+Q+pU>OnRSZsu
z5m(SOPOSZuDITquz3lnxn&65XTkt4mCr9sLe~`U_Jnr{s8hIQ8J}$)5FVu<J9;1uG
zQ6{PrsG+BV)3HTfeiUcii5@z1Xd@l>Xs?GiYH1Uu`tMU6(X4|(imXsFkA4eGMnroE
z!36>KFYB59nO7uUI5Q3vitjP>u}gR(Umi+aBJ|i}i$zNx7neXf8T<bBN#W4RuyI&g
zCow0n4Ni&=BDM{)%)R2RI34Zt_3&%EQ-CBh0m}bq+dc86iz_vJ?jN7OML?0ZP}!`9
z(ULitGlnZ~v=DY{eg6F(;{9i`YEBt`4^WW?-#pUb>#FR0s~wy`y9>!qyaNKJnb}W7
zWv}dZ6Y9Km)S=JqBJ(LQe2;BC)15RZDc!|?B|%WYau~Urp!5IeS&7WRdI^Sw?fJsJ
zdJB!ZlCo)fC%$L7!U}k$etQtOU?w2>^u=IU&3Tpohqbqk%4*x<h80Nx2?+tEL=cfs
zTBSs~L{vnOk`9qZQbbaLhi*|CB^0Df1e8WXI+R9Ay5XH0<$&IE-*4RS`^LC`oH5S1
z4|}gY*P3(9`3u1{9e#jx6`8P{If5shn!~5O_e?m!Kj4`%JIk2(B{$Wizxu!pv2MSE
zEoI4xd>az8VoL6~0`V3#E?#f(pzDEWP|x@tA}UBAOZ4DaT3oehULPY^l6wNgkkR3y
z*gU2iz3bT9UqR)HcKmGB*rFpXbbSO<$eN%ozY1bKzuxWl7EQDn+Un@Fi6F1Pu5?t_
zgrl|L)6hAY?>A*ePg)XT{rK@CAu+K^E$HYO@KbzPqo%>ebkt4ltRmL0uX}wRfvE^+
zRMv<DvS(GzAz8}y?{E8{IJ3zx3`0g*^yIrO%X+WpT+b!I-w|`YD~gZ9c1Ddt$l1{<
z9E=Guhi*;AFIn7qEW-buzT@{vJ{}{?45Kh-?yXD_bg7-LL~{k$$anX$4B*grVXPqt
zu*omqDM*qyOme5g;W(DM^O|lK5I5tG<PYo^h~lt+c=?pdUun02dl-Asbr&D^J#hUN
zRI^(jL%U;;z>HK=w{qMA$MVQB_u9$OjY*pI6}MRgo(D)NB2%JR{vAAAjwUHbF(Z&7
z$5GDM07O6uF<Pf)Uju?*Flc%;T{Lb#{|M%Z39nv>@bs8)ayHD!U!HE8E=^BQN31++
z0JzTN0@%gG)Ksb5ZX=e3S=E8{&`ppcS#H$ky#EQ0GfiASoqxXiw69Bp&^);H>6|j|
z%{RaJXny#-sx1r0xF4R)-X-j)$V-wJt+?f`*nwBCv-Mtpm(iX+a2!EKklpa*Z2;%0
zbxnob8xeh@h*zzg)jEi!*gEhdG9$<azn9C)%Ueezagq*^#|SfRfB4}rRyADy89_S1
zk2|7iZDFjgqioyy5g??qr)+egrA$W3cayJ~ICj()2$G?nX<T|c9o8)olopuc^(m2N
z<71Z4$D!>d*GG(~<*~&p8qUMez9I6-x&xQw6pFv%65!@+aQ>^?XZCfpoiXmQ&`!k5
zoW7*&aF=bop0g<!mo1-m(u#}tJ}CRlg9D>}*DZ7)>^fzcoO=j=`BZ?Mm@l(Zl9znR
z#z$QCYc{7CEhZAf#3w<%BLl(z&I4Rmg6CeRPLSL+_v0&_g{*9-XuCmg<fwaH@Hwt^
zQ$AL(<ntwtaUue$y}Q6!!d+}Pwkv-<a*`-CA?THoIC_VqYT2a8?3||27nc9+B!Mdi
zT{+i)oyOM7dy!#bw{P6mD0|)`j^9w7%#^@uXsq^)Z}Vrx2$s;QD-qu!rC!quQ~E1b
ztItC5d3&!@Qc)$oeqEbZwmSGs58F=#XS)|Bb$Wb$_grAf!BZy#1+;A?z+*D10GfT8
z@whbt%RhH_r>n`C5fCr0iS*jWsZ~v($JRm4dRHe-5<a`oJ#H~i?5}NYowtD1{UqgE
ztCFjTf>q~UNh$maJ7JB#<T~CWAN1=OrZ;JDp-=H?@4}NN+|rvSYVw3aoYJCB;@f3)
z{>~Qrp{<kx(f$`5ipRW))G9pgv*=7KcGcR3NsC=Hc>f7-bJ}tIxqx3~)1L!GcBC4;
zjoavEC%9eK{{Z}#3_n;A*Uy)3%&>szW>|Xr&=`Ps*g)XI_s96pC}g;MHxD=RxQ@TT
z^3P-M-dXoDq`$eH9tiETBK~BB6T?rvrS}r*aD?#P*wzKdu6w;uYT^b4@*oI0$GxY|
z!XU;$5BxdOIA+Gt*<v?jN?;W*HeeW(JKrXeaPEtEu6mjDxz^Nx#qMb)`REh)?gb#L
zrwbmVTpI=t{1KXio{DF?!L=Ij;k92{0eGYaLiSfO1M^^FU#@04fzp-^3bl1$+xty+
zYknivI`zA&<eGq!Fvl-2VO(ED0|NW6ZeFrRjvkf+=O({ouok6R@s9czx>@#fO4h?c
zenk(Q++``1B9BU4q5I*>+kc{gGTvK`+uw^d%B-|tb1_*cgxzUEMx{b+%4VYg0mgw^
znf`4=B&h(RW;%&2){sb2^Gl*3$3Hh^4p%P0WF|*%{({p_7?@<wDB-|;JL$m4+5&(Y
ztu{kn#{=~B^Q0smB~nkc++%s7cB9ASI;A2*WRGZ2nlp&~>D8)}a#$Joh5`pb1aSk*
z?uC4G&gRPMH#fb$?dE72@ceyw((z|`oYLm)+j?V~Yi-Gbqz&N^tR2<1r3<HujKi9=
zaTqwpTS!jqwd|@nUEd2NkF8l0St}e1e9#;`j0s17Bp7`i?3~N?_^!CoS`5d)^_3%d
z$qhRYM}$GD+s9d-8i3ks6*Swlh`bqitt9p+wZTY<#>wjaJ$H1{3xhby@xJ9x8l~em
zOv<*FKc&S<Uy-P$*;$oX`=MM$IdI0f;5r%(Ue?=ewBNlDVIu4VfMsH1*VB2^GLx-s
zo`fMkUB-c!f<D>wr;Wj)=`5355uW~zEss3E>I@6D*ZC#=T$;Svjm)*`IT3ljunHq*
z6!3+-8E@spd4thxj9x?J8AP?I7j)YcONoo*gsd5(5r|j#pi<h_jBObw=Sbz`r!ZVP
z)CXGmXx+WD-$#trv}vMh5V~C20ZmQjP~{CCxalCb0ohhxTXT-YS(fs)QnyqSGTAj%
za@nmYkGN)<)+D(ggdfn_{OSUNaGe5OLGk*xt!qZ|0r1s6w0RS}o0y?|;j;ax89iez
zC2;jTFSw<oro4>Pg__J_zJ|$mtoB;6!70`mt}-L4@$)<!*L_I#9<D{0Rt_F+_=4r_
z`y4ANk_e~A7m6?Jsa1c|<tt7+MGelQH$JzIaPlK9uXlUh9z9UHOF9#XQ)*bRo&DkE
zNnV@h1coA}*<-fVo^myKnTE6Ds6?6D*Tyt%-J+;Zxj~h_qN~-F6#^I`=3YFS3k>0|
zj2oYN$zA3OC!c4a@Y`iSDfgPWgqoEs-9`ZT^%)3X<;rsB{VWivv^M{$>{@v#e?0El
zFmeQ|z~mR$S&<`v2U0~mCbJzO%<DiA%fxnKK4KP|_=J^+-{HL-O-}^Vv2r+OBu{ZD
zc#1)fIBl=P#)8_V{3KDC1y&fpu(R;!wOWXce{e&YSC%cxSuNHbpY*Q$c0YHP-CS06
zM}Wi>-A+O4X!E)-SqoSFDAWnuqS}l0R?88H8kU10g0<KLlrv|Kg*WXxc|_o@3y~st
zeUt;<EL3G1VNoE-Je`roW%J$hQ<r(*#JsdM3;YtwGgb`}=s0-iP5<dio#k=m5=bTw
z!hl<xl+fCJxQzeP-+|I9yo!+_Jd|p-mIuy8oNb1i&K8ZV^NnQ{*cg-ZZL>~tJOhrR
zMUkyz&ne965?g2MUl)~Q8rSjb(*){LRoAvpDodGu6~4ldJqup7w95CaL(G#nTT@nv
z*jbb_xQJ-O?%Am5_>Iv<@S43)v!6)Rdp(fpIKrZMstCdA*Qw~o=-w_{YcQ)t9ObjG
zfYr5Pc_mq&@<LeKS9h&oBV}{3Dk4$^lNwK9v?DTMzZ;Cg>)2@~c=Im>wo}sVtUca0
z#N3yEYt(B;F+b6uJN*7$f{nE3y1e}%{b0b599FwZUj&eOqUWjR&>p_71X`zi6MG^^
z+3$Pp#@JO@eJw9}zFY0)RqiP}qBT4vOlw|uTh)|-$=Oz;qjzYXRJjk~OHtkXu{qUS
zp<Ci@Z2fNKGl#BYVjBNdiQ8mAX$^%t)5S~PAStM@+-s@8$vP{vJx6fbxpTtFG%;Uz
z-q*}gl&j`-s9|eTM3*U}!V44P!hWC@%s<oE{5Zqte`Vflmq%B4EFByY8+lYALpB7L
zU*fqLf6GKY*uYbhjs{Mv!KW&}hvNyJA2ug50zy4Mo;2u-`C8q#9L!zjq-Gl>)A#~j
zT-)vRlY~xI)YKeuUhEAvK}Q~efhLW7+L+Ze8dz~-b`Cn5w=)``8QJY(fA1bOUN(h*
z{Zrd0<2FHy8yv--luK8u(uY+CdcWqSHsxBor8+ZVC~cD!A=R?rMpu(Kj*`<@Hoz6@
z!13$sxfcciL_=icC?bb?*dMgo3$4{C3^E?4K*UJJL~W7Qm__}C&(#PJOs`8(Nf4d*
z#A@~Z-;;Hcun*C(Th~I%7O%=PU9hTas$Qkp;Yuzv%tXGWwk6zj-l@`d4Iy!SV8V(3
z0gzX+Cltt{^`fURP|10HOP+7S2r%&><~e=2QPrF-1p1PS6&(c8j2hjRQPIaNceZv=
zJ6l`F75nlt=|qi&YwP^OA|rnoIJl61LT^5eFG3<kSz9z)%7Q3<AT_5-ay-!~rWbZ`
z<AlK&xMbCBsY-G>UgBy7i=M2PFy8vmfbODQ`@<7`r4`36hpU~Atf*AB!uB5(fCzU!
zE{C7SIbo3C?ZXsFGh9I+6pRq&7zw-;XbnwF@QB%MJvspX;1lEY*;Y0dA5-w$-mJNb
z4ka_}<)Al0EEO0!W))`kssoY}*W4yGKyc_v_mWc@GA2T4-hEKaUeduPqkK$__R(mB
zipBKO4!N~IO^o&1Udvg|azfucU(>11W{VoJ9nyNuwgnW~G;eb3oJ<67X3bPyS28ck
zX{Ae~QDAntdga~csWZTLk$T@h;0}G5E(`5T=)?~AtgNhY1tK>!zfgc%_=ImnUxzcB
zTK;uJdl)j!bJ<9)RE4YVqm<3jj3E0p(dxY1DdqT)7RP7xcN=vv_VMV+wV(B^8zY)A
z3+&8m(F}%<<Y$$SFytSH;nULyG-b#Y+)wroS-?MVvr$s+cJox>9h)$4?kb-_#V>8*
zI-mC4u^)J^an|GH=^eXe?zO6%?_61h-#ztDl3b&(iYevkABSE>hMJvuxPs{PIS&)6
zYw^*}pOyj)F6s_hkJQsRbC#->g&M!UCP>9#l(<(u!3EWdcwAx8tFP!}oMg*<^n(bp
zNlTcyHOImLv;uvbl(b8<)k$b@&17b6?8fIl&n4I6!n728qC@3>l`wU_D-n6!3HKi#
zW}tC;FYNqq)K{^i)1|Dbu3w`|{&t2*$bG*U>MpqRE3GYG(C}+_!tJ={5_@H<zTTkK
zy5q%pQ6pnnu3DOzbz_~fpHJd-r{_R2cuOS(duFxA>8NXh&{XH|EBhhW`7=MaaXw2=
zdeSUTqP^*epq*5IWLmZ?S0@i^%+5n#fg&lw2oyl@4j{O&*9qCZzrbO*vpo8tLShDc
z-o2N682{Z!;4?oQ56|a3Z+QC`A75GPP@ZBeSg$><Q|a}p+1^pBCUC@J6GvG*scClA
zkbgaeJ;M5wg=P0jrho4A(unEE<IHK2^c7oZ<6tvv>3(+JtKNf|Ty2l_O5Dy{F$=Ab
z)lE!u`Aj22DSP)t>ofd-lMGc4Ty^~Yq1&LaS2f>;SsqYpAz2Ay1m@-fKelr?jmnfu
z#Mx@JT#?t@v;O3KI(s#_&6ezYfzqF066&a)2Rkx4mxeYp!sL?VecFdA?6_3k_^{r(
zb)=5&i7@eZ-M##N82bd&Cb)Q>V8?~`gIWXuaX2IG#J`UiF<Odo!l<#GHTHt}*NqxD
zewQp1x+WH)#QG9WpD43zS;+{kdKN~}^VIrN_1ccpO?Z-rqbj_$STr6xqOadjF@`A!
zsh_htS<fVPT9J#sD)e|+Q6{jG#cgt$V)5Qha9*_88=q+s5^8$kqj}p{(o5D(*6ku7
z_gc0<+1^cE06~*$v7cDH93Nq{SX;X0d#@1h)uXAouwh@`OP}Ap*orr+NfykJzpV^1
z-2~ZsuYs$cHdP?8{Qkow^fBHtC$4TYV5$czm969$lw{&E7*4ZX__52Cfes_b32amX
zsq3{30E^U4_WZXeh#0lq-qhn?TAXye7bns4-cYrg$aDI|t+7!JfwTTXa~7ejVIeZ?
zYq@C!qbX{yZBm0i89En5GhpsjkhIq|(PS3@HGj_!I}pufZr+g(*8b4mtPH%6l@^FO
z@7)v?-SHG(ZG6>c0v8?i*j6^&&_y%KD532M!-5Teg(cjroQ~-8qMq&HPGRgC%%7=k
zAC+xR6*c)~H7V!Kc9h;1*GbUY{9qBjIQd};{ddKG2>piqOCd#u5ss=%9vLM3`ov%~
zIYlP9yb4Fq+<v*bi|;ionA>&`@r3SdMMs)IclYH>!^5-pj*pNvC!|VHzmv$@;NmG|
z^1rgK{a)b3n_+Jz{c1Vh9scgzNwyt2I18V*_hF<P2Yock2&_w@VG3z1o|+LXU9z5J
z(P;^vTI+RM+8-yomP=|jHaXMRY1q>x%g_{#=<96yyF@DWy;qj5v$TK5-w^%Pz_~Lc
zGm|s<#`h~``WIsg(54I4O>CmJ>J$Ca>+~&vV?(TcAoWMOT`MzG@}|9T_F2p+2WLWo
zmJ`<k7IW&u=W-3UiBxR{OpSwFDl>{=8yaLrDuXip>Y)Rc8*RBvr?(YtX%^I#E##AX
z&wOnTfJ}DpXV?s=1F>lA1uq&?6E{e-bX+{+MXkc=MgQu+5xR;qOe}SSE#P!03@#;~
zoMgzA2>y(8DyKm+WOrBtB?&?pXx$wQ%x_*Uj};7M$tXlrp?Tv<8rN!GWtFcF#aj=2
z)D0Ur!(O_m_kN<-(jWD;+(k%mLpfktC^z~%Q|x<<_cN;DTa73A$CC5JqjLN0@AH3O
zb&6Y3BS-G~MsF<A<plnTISxJ?1NlH`W`&SuHllJ1Eb*ScHXqWhPUZ~@XtfFGX2#dW
zU}S}hjR!z{wDW|sJ|h6Xf9C2eD2``xk{oip{p16tVY+WDnndGF?T~sYbZ)2v^^A?L
zJHuvUt#`rK;_FuzpIqZM?@&9gYFq!E*N!%m%!)BHWR0ue@qyj`(O_YuoFl3^UgFwh
z2`k>4nrfFciS2-XzIS{5gu~c)JZOgY^6ZQbaC8Sb&wmz&M@ik!jR<xVxd1|ceeEst
z$`uBeN5dEe)5~SyxXrz%cdXmOuEq1&v!th+&M)i~D5<+_^%-c~d%JdxlCnLhRemk<
zrt%7P`z!4_d|pAqX@_w-4U&d?fyOHOR_-Qm8P_B%M#K&*+#T$M3I3AsdZ<Adw}$<F
z;gD83a7Y8099fpCI^{YRnneKu?@ab!AJc4{kQ=<go2L_7)T4h9n2``UOR{@A`4Q>#
z87{H@(i7cCqvY~|Uqg=kTq-jS&#u*Vk<`u;>PqKWs~-J>dvyJHT(ZZ~{yWZ72|#t-
z8D6kdgQFw=z&W`qZBaDmOenjwA<r=~t9f=3OKC$MJ8AV`o)-oWi`+4*mCd6$^2Y+N
z2C&te!;=h7{S~1$&_#Oxt5q^naM$S`-BPZP=FJ8ks+&@0)+K-R_#EFK;8)SYFD`0x
ze7WBk{q^i6+7bk&b5%@i`G^%`t95>1lb(&=R!yRO+NEbWaJ!VkPT2pTyEn>DRI_E!
z>{xM=476aI#0)qc^aPvu4=98qddq6`%;hG>9su>4eRN+!5~kVy>Vd8dd}4r<P;%vR
z_1kg#46oUCC#1`A2fh|2@3MD_lb8ydf<Z$lh(=%cz^7saxx6SS-fA8U9{+vwh1k1`
zX6Pu-E`A@t2PfJVY-M4AJO5tbk~!zLUOKZT76o^mig%=0%V*)YZCBws9gOgI)B1rw
z?rPAb$@`nChExHVtgi0`lgSH3;J7syToa&%Gr{q%dIagG;wNpI9!uJ0O}=<8yk(^o
z8XUp$kga3R-`O97g$hT;wodbt4F>&7dwlQ8v-YXTYQ*T#M2U@tQdpX4op;E^;#_0;
z)WDLL=<+9B84i2p?<L=tQ@fo})LR%XOLngbk-@V)|LfV_57>>d&7gRN*!*Ad1a-Vd
znOozfo0k<~Gq4f0?{$<PKbAxkI=+fuLy`DcY5BRq7t-JVLc7unBoB&zbv+VU1JgJQ
zukzf<=Bf;+dPZIcN{r{sisw9#-UQOcsL>bNQ0cN8@^#X<{AfC-V;JTXfdqo9!tHmB
zS-T!q;Oj=2<_16uifw7Yev<Xk+DMr1ET~A=fVc;nwYBvy?ZnliNA~*kZZLVdl1v`w
z3m*Wx*8MUjyky#6FL?v<o$-UBdSm7WM~3?#ATVT}7+^aLn*Je{jr<a!tg7uJEH)o;
zn5uz-K-RTXWL1tqUJaVKr@E$|_?(00^$Qaa&i|BPZI=HXvjEiiO+&^lL1ZIHS^ZH}
zT2KP_$B+LE4&0)Vnax;HgkGZ&$*Gs>Fv31|OEF+8{yyxO)k5gL>;JdzdnH_Iqh(`i
zxypXSn^Ut&1e5QPoo8kZ(AgbHvE!Q$BcmH&ZdAQrBU3e@gE8J41Fjn2^`F5dXXCPo
z@vsF+A3c@nu~?T<6~V<XqPmmmd7-1DdWh4;FpN_mE#+U$9dLHYzUNNF;+HZju+pn!
zWNa)~;z{G&+14zC%|LXNY_Gj}Vi?lz$79g7n_s6#debldx~ir2*~x&NLomI>d)~CW
zInvO=xzuIVDhJaT8}CwWxMgKQHzCS8#&6|)t2}2Nh{j|gCJI@gCR7K*kW*hfFnon6
zcud0IrRF0N{t+YWj^A+^vl5V5!ep$fS;<!~=ECQ~aU^H=>TY2G@#PYrK&<JkKQd_R
zZr;DDAl;xlMrhtIteJ-ym=mK<m(B(nZ#3GLo`$w~v<aLJyMy9}OT(b6@Zv&+K?abj
zBniz|N`M_bJot>AN6+_C^LO64tAXu&`1=SeVab;y(5Y{>8K$kl`Z~A<=yI=;KTo?m
zuX+2qnjR=U$o~31H@6nl-^JYhJUlRukGv`wgK<>OyUBUP#u@ZO$`B12z;VVUrEG!#
zOxOT)PA_VGL|+5743e&CG&Jus<@+gSoZ<TGrimD3R6Q{fL(N0kXXNnGcR%jG^zL+V
zgle`W<c%Dc)WW>g@EHnjuKRkgDb#zo6@xR&lD;m(gsB=VOV|);QCNHSTA{cxDssv0
zo*uC(f5b;aB`m91oT>&fsX^3e-o?VCiLs*^I!L-6KXq;$yG<ymMxVA<SRXp<(b*{|
ze2iEo?usBXvX}VlL<j~wek?(w8Px93K0psG<0!FVCU4T!cIuEA#hw=$sg4=o_0xE1
z@;suTUe9cNEC5C?H$M5DV)6C$od+c=eelCBym<|gQy+m*SQw(15{Zb?T%@moNM?fp
zOSpkWJBX-W=zc&>2ww32^b8*hGr3yW$<G!?ZnFdb%EiX8_c+WAZXe+KAajE{pt@0e
zot|a?fg*^yln^g`_zbDYOQ6ZB<dt4MC!<PrAx0#5WvgswLx@vNJSfAcG@!QjA?6E2
zUiLxhnqH<b@eZ3Hc*HPzzhN}&0~J--tG7?Rh_5iWI?)IcLL`|FLWv{`Y0LK^KM86t
zTCuu=hiNI!mRn6jw!7|dpqq!J`VpI<Td#EF2^Htf>x@)#&k0G_yp4RG#(nYhkegS4
z1)=zRrtuYRI3+K{T#c7phJ)&@o8$Zn=vO_{3vZ6lvp>f(R_%9r=4{~rNQN*Yjn=La
zP>BeHRCdL9W!0*@UOUL$gLJQs#JsSJ=rB{-P4bVCB%hy>QoXHvF=*maai6}Wf2_<Y
zTbgz(`9rQc-|&2~{`%5D@qFgi%YYl25t^iXgk0t(35CG<)Av2}6WFS`Z}{m#!~SCH
z0=0Q1kp+0OM9H+xHbKXl1+*D5RQ$(i6}5&ynFA$yjQ<+&s7!O&)r;>Sf+U=6FlX~4
z+DhiRZ2HrK>cQDCb^BD=Xg)<Um<>8=fF=%+JbEBD#y=2TJPWju&FKEHq%&Cm33vIO
zK#%=u6o-<&5j$SQW_FL2<*wM>9%UI-2SR~4sh8fzB2tfv2j5iI(~-=n{_^9w!N;!w
zq8D$dj!c@5=qeE*;EfC9iOn=%SP%e5Y`+(+ae7XuBfM8LVHC(8)w*ntxriTnzm1|3
zmA!cTlzM!Hp;bE-OLQ+x`I{F%6b6m*HrwBYek6M>^v_HnI`A-mQ8Rb(Fdm(bEm)At
z)HRSX(!sksvd2%JNAu1s)2w5B89<F3@W7RI@#YzCD+Xy1&M#9SDT5fiRKqyNDAxsM
z-*E*}FC6D<B&WXMpR<d8_z@=yw%avlE0L-&<IIwFY}Uez=Ci=$&pQbdbPG_Z0$;0Q
zV*H`z>3>Eev>f3GMJQJgxj(BuM#A+#;RH8$kq5=4FSzneDNkiR{C*YAIz@(p;71Fi
zQpUz_p3?}a_nN<&*#;%83rR$$#q*=?{KhsQr87W9n<nT$`M-9O1rf10_{+#f_@Cfh
zVD^a}h@$;p@P+_tM5@&P3CRZohyN>M3%CW+99;=*9UT;IQL}7&m}$De|JxS&-w=-o
zmq|Og+QY-wF$2>V#4%qQ8nKc5Q|t=Ae2SnldC2(x9TpfM+(IJHeaZS9ns?SoUY@)O
zHK*Rc!1Oi5Fe-Wk1BWi>TP9`*82j;`sqVin8Iaum1IYM$>-|q8H!>V(@n66$m|M3e
z{)1{n5{AT#3;n+U`gVx{cvq2leEJ8-t_tCNR>wj|?%#-U&~W~*Q6u!5$yC~S0>Qvj
zG6vP?q)+-Zjoz;PceV%%ii<l3o$cbs^E|kCwE)(wD(PB1u{Rm`-BOsB5gt$(Wxb<w
z>|&>W6a$u&^Typ*B?!i}_jgWLWq`=6q-~?hyqHRJi;0{2>%Y;q3SQrej3keu;aKvl
zFIPiOjr84ovbRB>p#$3c#M5U_sAgY(!@Q!s%0VG$lJYOytxz^qHknX1P9e=71QBip
z2t@lX%|Tc@2tFg}a=O7*($x3)YpRL=gi*VWR<UMjkDPO^#0!Tg_~57fSQN15=m)g?
zBE8^~_Vo1V0{A?r+Ti~i(QEhRu3<-!v*VEb2)S|V7PE1iKaWaWyzlt~og4T^47#_M
z_-a3j$-&f>4SLXS*t0|!{0|}tfH4=Tnmjw^A>3lC*DnAh0p%J1P(v6IF%Vs)5{vWD
z67{UECaQ=x{p%;)>AqwELSD7><H_ga0Vsrs*1B@kngot)$^Die@PM*#*fic<CCfX{
z{pppck+0;(-fvyc@BG2Q6vQ6C{LJTcopKu2%%u3SuvelU!$a54j3G_><KNXaXc*t5
zLpCnN9JmZP_Z+3S|Mes>G%^BurOuBw<XlK>U^MyqEEDg+mB{xwg@s1fv%basbD@J&
za~=B+5?B(n4E}`#MlIJ8S>uHe-YQi-otA1-CuJ~A&&UXk6g~^2L>|j`pC_~N{^>#@
zmxf{amn9{lcaJDua}T(cZW>q7XG&*L892TPVb1i-;ts;cAl<v5f$qT)0Ophf?Ss^_
ztO}%hyRBLN;;KoZMWU=Lf4*{a{zOTmWPw^u3C_TW(9E^`&A5P*qF#GQG+bBd70lU{
ztyMV<Rc%y4?)-_#U%w{2U@(ps$Ssnv3~ZC90o3DA79NQv?tKc0C;lH$Bl{W<M2IT)
z&_%y7s<Z;=(4BaZD>*1jC>i+j#OlL+x(Dpje<fEPWaqHMeS{KbLPoT`f5s-EWH@kg
zh%xW#*dnu{$5c3jyJDen*s$ML3AGPK3Ooyn5^XoXtffGHiLh+hWSt9aPL+y5WJjM+
z$Q8}}Co2b*M~>C?86FXXAZl+Iw|9?9cnp91#usdy7ie&8=GglxzgaT>u?VclB7}xY
zj$VO9_#W<g5?Y=NZCv?(t~4!*99UB|xb1QL2*#k~|M``!9iVNE-jCFvhlQg2d!eck
z{@gHzadR|1is5O$FZ$fB@}nZU6b#$`m2L-&h8E(QXwY@JcoLwWgc5)M<XKX9Q09=(
z+UYAqk`_a4#;m-=m3eMJqkKjWfXzWs7+vfw)$V5#Ho~rlK3K#zlOL0l_58PP-qeXv
z-6Nog{ukX>de;PRU@v<7$KoSwto<ik;HX5%fPXQ#kPY>}u(l8iT&5hRg*Z%AUXk~J
zMT2%!oET{90XYjgtgiR>r$xWs=qL`MNZ?0tiVw_mD7-`JjzHh=GRv;}#c+du=16;=
zzJo(i+MNRF+c~+?K#{#;)A#lBpS-I@dEw)}w{P8&mb1<Q1}$8XYWr;|6S$F#g#SlI
z%4T1alLM;ViPv)O0cT{wum-DZXI^U_s0pEaMNH3;kb4_QQ9joPze}NeV@cygZPOe&
zw6mj_ezb1S+;%DkE4;Vut4EWGt*S#G3#LhL%7s_xSD7A*dVUdQdU{Og%;I%X{0o{K
zC6rgkSr<ozX@fO6?0D1e-~Z5=pJ&}QqcISp<~usmw>0%!kD<YN<<U=R2?>c7hn%bH
zfPJ_R?G!Z@6N=+^ifsB$m<lGP7Zj+()Me>%H#UVor!G<aG#09GxV^2t)+h4T%$bnT
zU`ccH01{GCX>-K@5)zX9o_t|MBzgaTUj)%ssSOQGf<Jv?1n<Y-!gYII;YWFFEvaes
z_r{)pAZO0UFWLG9>xRz$mD=yf!cBNunMr9ZX)^TXX~kU`EWNxmkDkg+;h|{-rJdVH
zox{X^<Amc>GVYd$-_E$3ej67TH__pd@)@7;=}oBve;6L(8~b4|hB{-TgjD8j&)$rC
zmt?{kV>SgOpT^(1ee1GII~gFQV3_#8N+AZ#`x$*UhSK<3vFx?*+^51HVXQA|Hi~_7
z^1;2!m(gy>aJLr`gdNmT2TAjbOpnb%BSYR`%nlpWGe~iyr)_>x@y6klB$kaUzUEq)
z+|TKLO!ZEbzaj8|S>_xV<0C`{Q@+Y&8Pr^Ke{ad;b^4x(o#8*){=Y=wtLa@40%0V#
zc|d|~6ZMm{8NYsxN=%nLT}&zGUK|oh#~%{#obEY$&)M*B%_roBs&X>*hmv!JoR-(z
zzANmxMC}@HSJNGKEIO}VD2t!R%))w0v>#l6uT%SQOJ40_HH;;}2z=jsX4c^7sT$QG
z<6p~s#|^!$xa+jQDRXr9J6-$Y?Yjc`Pv{;;f=Do{GL}A>RIwxrr{t3Y@@(^)M;Qba
zx%c0<9&EDjg_ClAU7Tv}^9bSj<B@1xPZB>CMtk)XLzNEo7E|h&SxFj=51O}vm)xrg
zvi8yY-Na}(#;C{NTSizwDp%yv<&dl*e$wp!c$PEQhuY{>rrYS5nVCa<X6Cw7p9sW%
z^J}DJD1X=VDS#QZdhIL8B@-<OWmY;AhZ{N`Ih*=9&6fD$D3G4-eA^=aXUL#L(Q>Sp
zvK+;HA(|y))k*oUSganaqGb3!86?~2g(k(gcx5B<s;7QXk-@?RQykZ)+>(bLY=5ls
zp`k9eJCq%;E2|F5>c9SnF7vWx?Z_zo7(s-=*81YnWgRp@d)*MuXTFxlqN^Cc`Td;u
z311Y=5JLRzueC>s49YHCwtvcc)AOC7YeKw`-DO$Ng{ucck6z^Q?8MvyZTvvV-VEkg
z28_U9#T@V;JH=!6E7s)kiIaV)O9GJJ02g<y!bo!I1Mf*lhj_5tk{P3}jVH-{zsZbB
zIK)g!4pB9IfA6I}pa|4^Vy^vZMvpE7f7pCGO@w&LX?&#_S>3k%)dewmj$yYB8>Z$z
z7qy)Dn}dC{5X4Cd!ImH}>telN1zFP?KEFSMPTUT0B4}r7OKiG-Xu#ejJb$<}`SV&f
zrqtV&R|68s!h^>Z4}?ACu5<gee4Ou|JNB>GJo8~?k<UdBh3-JJ?qmfaNpv72(?rlb
z9DjDtFm(SB(zJJw<yg?i57e9$E%TQL39-1OFIu?9yKAA7SQ(9zBjG!Eo=3CB(Am_M
z<gW+CJA9PEd?w`9*FnczDKW8vix4>s){=NM*5cV+c;sWMZ%3Sy2s*ZygyDyi_J0^6
z=l{hbzr{q1?v0Cr4E{JbTs3ii3J5gDa{vFh$b&j4zKTZiY)tQ~HIxjwmwo=+!`L2R
zjKF6LYi+rsJDCDuOmDm&#&Cq-t$oYsllsGN044kuef0(PSQG5eeoto_ICmAU{ki4o
zXo_<$d;j&PLJtkJ4sAyKd)y&QViSxt+r4gYsGcJoshk;_larH`TPokq!&Tj##27F-
zx;i~9OF_nRKKPFLyGm*4Gq-OuV#HjQ5eZ{!wD+D4jsG)@vaY_2FHX+Hr8Y*TJ-hxs
zSBZ8mwM_PplSxZZ$Sz8`U9vSxx8=QK0kN3LitKA1uQTp_MKW6c)HlB5sJ<?0_WvU~
zTj)_uvlG*YZ>ZezZ3(!csF-2H@^Cw4!t~vVTt?m~)~*U>3B#_Y#qWhXV6wAXd0=lL
z?>O4yMovK|_l!(>C{B#x8GWt;9{fSE5(gQrS;2Ed3EV>62Tut}+Iwhg%P(HAVYSmr
zg{kqa#0w89m4*MY^C}!4{k(d@Fq&6^lDu94FXCMvgLC)ErNR_5A?6<gu~)rg)hM1F
zcn4au{#MRu>2}(hV9oqx*px~x2Yyfw^;k;~o52^COme8VKwcm~yvH=aS~cyhqz~pX
ztIEJq6`|WGtnf*W?ZsAwugrKff@(ZnI>$BSvCQARevQz`kY-w!rW-zBl!&q>lA@%^
zlecjXoIzIC(AIvwn2{)Zhv`j2QgPf3;>SsAKkC9^hbub&<jGVyji2p;8jZ~F)GcDN
zFk~5Tm-F#VW5S5JG&28|pT8XdfV$8~M`8G#aJT8w4XfeqPz!2)H^xsPv}+3vjpVnV
zCPsf2gND^GG-Ly=Cfl(cd=LgSMQ4ST?AUOTL8gXp_Z1;R2o6LDCm2V+Cg>MWZj`K8
z8R&W7_QAAD)bkRz^g6mTwR6k|ggY_x$yerRSgP<mbf~LAot~AO*-I5c<6nW+`uT*A
zwj=w_p4GN!icShEMH+Y9D$U}`Kf$*=?sDKf#3SZ-KIoSB{c~3f-#{ui@!;*Y%vcfv
zYT`jo+37X}CcOqch=Gs%$6a+IIJ3V1?J3@)ZTy2LwS5Y)R^eq%46XbI;4XwSyg*Eb
zEozyQ4Q#g=cIyYEE^#epBCJ|jG_g9$DVZh0ogWU{UEA!hg?ISb-n4!@GW7gAYnO2o
zcL4|K8cZsWnc^G#bek{KK)X*m<?Wh2JxUD>LM&hiTBwE0IuY;oKI`+s*ScWT9C9a)
zmy3tTBE{FEJocZ2@JNByXm+CO2O$I=S(oPE4ca;HB4(@3kKK;4s#j^XU~`C1l&cC^
zCULQ<8cnW$=|1XkQxf<euLOj8ywlB%iV&;p`8Fkmf+(1Usfx%EdQlieU^7&lqy}(n
zx(_E<2!P9;Wn0!-6R@PtmqDjmjniY~`APnkdt+$(<}1UTu4hY<^|NWty?K3R^yJI9
zIJHwrA0nh$dbBT?$UWdu&GLM>nv26A0Tg#fG}GS;1a>@$bw+LM-Q&%tO<rAk&U%iZ
z|E#WGIIlw6MJWhB@`x*svK%O26q%3kGK^9hz&#*X;GQcw{pa!K_`Xh=Xp@)VgJs)S
z^!Rze;GlK~dif~K4$M0W4%FIfvb5)5m1d5>D)D^p{e<L9v)?ho!-_hu`U#1Wk8Zq2
zxg|_i;ycI^BN-6jx7wqTkROY5Pc=_T3+M&a+@vk%DrGO*%&L#%mI0emEN)J}u%H4p
zb@iEc`d!;!ZTy2f0Ub@zPN7Lm2+BCNvtu(SkjU73aVXi5L{PE)4S&IeJJ;bYtLja?
zJdx2)z{+D6^}q{&kw{MogAh6~@13K#;WzSQm8Ndzf%Bmn48-0juLbR&J@b)>mANGb
zq&N$)OT3?7!Q1KoxdZSP-153o-4&H@8BYGF?w0;+avnCk*!-p?D@rz;Lj;++g^?zq
z&vfU!DQd*nuSl!)5o7G8Gmy-N18tW5#UN9E+RM~;X|?bJ`N}zj>?V_xWwI9(qZQIW
zFk9WdL?7ucZpn-i#zWi+XrG}^gBo!V!Y^F2V)=P@zr=Vchy1$PLZwrGH6?@K5q!Rr
zPy=21@Vj!7!)1Viis?i<mRbCQRxif}mMX7A|LrR}0?a>pcr7{tWLzs9&OeU4Y@2~t
ziCfg$ef(!*Fre5FgX?4mfr**Vc!5?m?v_GO^ejC)usQIFIq-(uY)zGd+MKp>(oBus
zTU!pBzWYee+-IfaO-d&I<8E=BSYdW&f<^i0mq-{;$sfD&^TSP>M1lixkMGJ+nv8Wg
z3<`{wFG}tsJ23q}{z#ry<4MElm7w%z3!iScxjZHzpd?A1tZ^4cEF)?FdN6HKlSDW~
z{S<fq4G6CycGLuDO1iglDx;4m-wb|Jao<MF>{-=Y?t(6p8fyB~)$omn0+whbk{9(;
z==buCp{veB3*}hYRh`9gqTK7JK9S{Ov1dsbl|`Ow>5U$6`gWzWj;H6!4HbqiGRYUt
z>xTRQ3+QteLI}%XJ-HbhCUf91PI(J=f>)F_6ec18O^xPI+E(se9N+`hg=%@p)e}kb
zWV!#~$OX41s<EaZ4;q&#!p&z`1fg-xTc<74yGSHoJQ}6oA4Z9)kyX<_8h_=Pz@c4%
z>c#zb-~`c;q&1nHpir0ZE`s8=d;Ds_X^4ixs=Yc|1&%YRPU_;EkX9X2)AV$Qg+?+K
zmY^(OUhjHqT^ZU(;59P>P9DB>-@(*13}{MHii!coLkIqZ6&IS8g93q%kTD8fOz`sO
zMA$0I2et|n&tOh$wopr%`X(dS+O)r0TEZ{*Nk$*Nxl<RR<n_l(;L>E1NmB=6=TAw<
z$%}Z{{<+bhge4dVlU5dK*Ero6B-giTq96s!?v-%wg+Ed<m_O07|H-q-r%E~2lxJ=F
zDc7U$l1lbDHXqWkVCm$HdmR+VSEL&P&tzGBM`Je660qlYza?|o`tF$XwE5W|9SS~J
z1cps)u50V8s4F|03%lOv9oaw+J?haN92}hg=hK|oeVUEO5SR(GJMWMWw^ujq?JRiL
zT#t_P_c$~d`yQ5@-)0u%Y#hBjbrvherf{0<My|cSSJUUrGR7Up39(ewY{nY1FK@Lj
z&V&!?RAamNY=|3%`^KWxfJF_8%X&87d<eaZLD!G4>fkMhFhh2hcEgQ=L8N76rxQ5>
zjrNk`dE|l%R(v^2OE)%_lye_6RP#8jTS=TOV3Qg*kfBw{HVWyrT}#XeZ|N>y+32gu
z8p$Zi$t}3IoF&H_bO$|)ag$h5-EmHg|J&muYT{+<Uo+d@Qd-vXbd;-n;4%@gU;G)F
zFS~cW`%;eGcFW~7chEpcx1k2V%IAf)ukqiUx)`IR@?va5S_0zdeI)NdsC(2xsINRO
z`;4Rsg}<T$Y$ID+5^wBG%c|xjnQpAd`wvIp<mGghal4|g)DH3X(e7-`*CjaF<DZ~y
zkZX7%OJa6;A#|?A;hS(KbNWaizNeIynAqJ7J>z6R3yBG?4F@IsJezbEl#fghn1yiX
zmvoshHVdE<Wm>jJ0K`EVj8g=(aFh-S!GF7s+Hd82am7Ags2|r>ymmKAx!2U+yk%o0
zIcMT{qAxh(5k#uMvB3%CHMn?PB3<w|S{04#GRd`atar+P!4EgH2+o^Cdv)1fbb@Ig
z*sS_442o)+IQ39dt#8sa39!rxEWEeQYex@^E!~ixDP6s48~Z)VEW=~aig}jJYi)a>
zsisIlXyn1b5=vAz*^L-Oybpg`?W~1S6dZGHjU`!=&NBsLwIC4NV-33ZVKR>%ZMvwX
zPv?XE1a@VZRkx=8-Qlim{p4(xm46)Dy*OMSb*Rx9mqrJ+kXm(Xr!AIkz7BS*m>~&W
zS$xU=4pZujz_-~sB&u8g$`|mBw(28593wSdwa3(9rtz}Q4<Vt4E23Jr%vb~9J!+Z+
zgBV^%+m2mhp6#mhb#oZ=2$Fwz-*<hjX~b)R?O|SW(e=*wtJ2Zkj9NwrUZNKeOw*Un
z9A%jPD5k%c9bHMV69W0QJ!-;a5hvFuN6QlEt`so7=o^Bf*E{of5{M#`3}t(xn0hx}
zVnfNK)kaY9tveVouEd@*R4?f!*J<j%AX2*iGxpqVu>t3K)v^0KW<xvlxGtNDU3ZU5
zo)g;cq)=aQPkX4Bv9<<&QsL=&hUS9D*^7locYeBMWsb=<I}C;>=lwLyeD%^&pZSzP
zQb|#B?7{Njkda?~2}6mHIDYZWXmtkzPMw4O7hVcD1N)9_Q^&$Fb!GpU$})j}@mLFN
zDswdCLUQo&b03)IrMDB^RWF>SPNo(Qcz$_?Z=yFRs@J^y5!7<+)-RJji5IMo$E)SN
zE1EjD5xePNE70c-*U4bh+((5)mO^_Ac9^(Y25mye-+*upB}NP$k_}ubvGqWqakTM+
zRL+#~S7Gt?id~1}_vb9u9&dHttkIzyx0*fWn>%{?lqzqQSBux=lafd#$NDz#;T<_}
z3JVgg&eba=Xw5{wXG^vFMoV$!`^@`g{5tvFU4ixQZ~g0Ve)KbAZF3-(ZK)wNRXEFD
z*SFWa|527vm4&r@ikwBGX`YOhVgUPCr(s>}2C=8eej!7vf$eBJemE;Pl{vi*Du>#2
zg%VVIsa6;B`Pm7P1<n6^u!ds<itCRz9nb4M&zU4|ZB}%jy+D?y*GkD&pcMl)D)I34
zKUKk+_+zvh?XQVj>kN$e)p>&QBldUP7)Yg?=b-FU(unwdi8VypZ-eNfr%_L>yyUVM
zlyOO%VwUI1dR1qXC8*Do_1X&A3JhT!dslOUZh!HHX$~KI_e%IlQDN5WyK)(da1Vbl
zk2coV)ua6`-1Zi0k4ci!Il)muwWet3aMV-0#{T<@VKX?B8Rqm+P2jzA<(vQ5XM0AD
zqPXPr^QrIfZ+OTImx37Y|I-N^#yw1Cm?-?jA%a_SeuVdu^C?IVKlV;sD9j-}M1xH%
zu~70F{N^;NWH6saQ{TlUx0Sw!syjvmYfE!XUIRv)$!pd`mah9DuZ9*q8it1R0JELe
z+~v%?wkw2qA9MkCJBdjc#CoVo91k(t)L4F{$WYcC>o@GV%V3XTK0H=5&9)J37dShJ
z&6e?2!aW#|YP8P!BKCoD@3^Z~mgKyakH(@Fk}OJNVfn|Yf3B>;vk&fdEBF4!NO=#3
zz8_cPMooKqY3B`6Nt40qCYx@R<;!a;+J3f+BbCv#Vp~{}b1y}l-S3|~uu)jh7BUL1
zwmb5lNi_cPzUt0|%i1mGHIKgCfU?y7_kgOW^*)YQ=ay$UaU*rdCMjLj>0Kf{s<Sdc
zL|*SRwZzu#$f!uwXo*?ZBZ<ZOO=Qc<l+rvW8Qn=qr~7>OLyX~z794C+f$R~d3zfh|
zIirawB^C;ClC`OmVX%^F`-jCxJgEPXZQ9-;Gu@%lRmjcSQ#SBORnIxZOL=L6=|MEx
zNT2R_isH<AxqdXWSXI?LWX$R^b%(Dx$ypC4MExbDR8-Doq^}2?7Dhn(>26;m{y(t}
z|3IH2b%S&5UTVy82v=ilGKyqrl3h2-gt5=2|CY1_WB=^Dt1|K#^lI<|Upjmk7=nhB
zck=$p8;;x`pvo~F;ZjjmHJ<FY>EYO@C*KK=ZgCD1*i0cIA*=l=k>_F)xfAu!b8)<n
zDRHPXTH7!GM(!MAuG}9jIx9^yEqeumEGqco|5o22Yrz2puygeECbwp3x-sOQxqb(o
zT8G)B_X8vTf{eydQ6t?$eo{39lfkLNH-0rD2Jvfj_dh(e6f^_cclwS%+mzTcl;vD)
zNL3oHL6laD9;aFA&Hs|UpWqR1Cizkbd?b5a(fN@9#g&<6euL@FWjqHpgNf<@r03>Y
zsHc8@KaNo!3UQuJ2sriWM+p$XwV1kxmL6HV!oSuo7b`Qi!o*}nGTh{(`thXxZv_XA
z+WcL+)w7rWOK|KKybeF(zTK|y7wRtLoi(X)!@@oK?A<>n0P<UprI50JbZx{a=3g$b
za0+m^G01b65cKEB$=%radXp%bQBpnc2^w>ciKRDxmDZn=j}Hulxhqx+n-)2Zc!6pG
zjSc2Vzp(4C3IQBoE28;Z_-2_@$;W)tQ+5t9Q*)g)%kU(>x>qjlPRWp~-G+mEs@Q$}
zz&1Xys%H@X0=j=4By;7@&IcA|mWAfX`Q|?GD`vfYhaoZQLG4rk;gU{}Wm5@wlx1mG
z9qoEhG_8}MbR{pH2ZVAWF6#Phu9kh*MC`jk5$QIjyX>MpFxN)Fe(>g)4Z!vCtff>2
za>2{0I`E9lu3!o@gm|ZizDFXe9TU9;*|IOLsMJd@8)A+6{oXZ%7k^zEiD0Pk_jMF1
z5eQv*jx>V)PZ+ofTFV5;<EGnH+uvx*GaJr4t-+?*5Xo(Ubo~&Xx3!cD*x~7d%tW@j
zI^4LBDrg>TYgO`M0Y&&^r~T_swRM2u>$In-T*RVK^7U=$C}2V?1iG}Ju_k=+e5Jg!
zv?M*%JT||%&{T(_^JY#278@J<zr9V~H;ZSLV^SI9rEMWRWZk77UoH9{jn#mRPr$M{
zq7fiM^XmKNmS)Iu%|nUb8w5sxaH-dy3rv5d;#TQ%CQBUd^wu$d#q21SS>K|OVTO6q
z{l@s)U(%z3{R}Q&rt@dxT?_-s0_`;fznl8{wMA17tLrde9D@;Eu3B3qCS2?;MnXA6
zg(>8eD?Xv>F}`nycwg8aZi?;DaJk1Q7s&wsp-V|ruda^xNszF5^4vc#khr72A48`K
zA-YQke<&p+qy0Dz6XT{DXcsaes8+=6vpYH`mP9hkBh>X*Cwe|uI2@Wb-o=n<wHpt^
zKL4uKFx7kqPc<m2A#{o^(8s@kpo0@eBMg=v=br4p;qDi#C+OE3W8bj86_T6bmzHi-
z|LMk;R3)7zp?W62fhA~B-S9pNFzC5U3QM4J7Q)%cCrZZGCEed1DLfD1RSi-wmq+ZO
zm09i0^kRJ5pEQE#^C{bCT1NC^I`QE<t@psdQCJgEg1Y$}Oawc2VWcUF@d-he3Yz(i
z^%0yS(6hJ|_X)w_=JngZ!8^(K#le31?x!`)6SbZ1?%&e$u^j_PR77;`s%s^#d);1q
z(*J5GF~XU1W_pSS*-_8`PAEclROGC|9<yb6*0#eYRq`=Das5v8w*89yT5SYfu&g1%
za{vI(d(<84vRzPn()I0Oks&Zq4Ny`LxHa7xDQvMZoyRhVW-Wd_vyw#E$`lV>M7-wl
z;Um44!l4MFJ;CFv@M=ETj_N`?ea2=MEn^5ATZ3V%$s%T`kARz!SbSxh{CK8DQXTm{
ztAOII<sRs=VAO2=9wgAppnu$c@glMA0Z}No<Xu|t_q#=g{{Gp}4#^mLioZI~E~V*p
zr|+}u-r<>k2tA#vEVF%j78?uE!9jePuX{n`Ux>8rb*Eu+4D@Z9rAa<~@g)%2yk2T^
zbb^PA3tMp27PiN2p+T4R2`28R7^2cf(R4~)B|yuUj1|OrhduZatY#C_(q!SaGRfR|
z=_rfAf3|U|sUfR@r{~VISGf|jYhb*44lL_5+E77YAglEC+v-}AOGaTL++M9EP+}J!
z^zwB9uU6HH&L{WB`sr#kg!?{exwX_$2U;F)Jc<#YOliaMdYB5tA5EhMbsUSiD)KjX
zs<A~vWmVH1R%Q^=26LDT7{ty4qFHihd#lf$VO&V30dYt*>H%xP(+I?P-gDe-dolOs
zdedYX%r>eFyWbn0<HW=;YaZZB&NV{4q^<)k0h$nZrMq`u8^yo;$vT5$CX<YbGZR%?
zE6trY0V)PcE7V4rwAr6{p5v6^p0L5tNSHeYqZ8eYMN4P@hUHIGX4v6y^L%kbS(!=G
zPw=B4;wIEL@C@L{HHd$%<yhmbl~c}5*Udck#$0z#6S}V~wm0@ETsB6nN^!2<L2A+?
z`_1CrYy@5Eb(I0>AkHJ=B&u3XFK%Rs%uDE>$Q%O5br6`ts5x~GRm^}Xn%pJ1w$u-V
z$J^2#U;kz*5M%uG%VU4}zUy`*SIaBCkLT2Ed8gr%T&}|6pgihzl~361#398GJ#6{k
z(73rUK7-bQey_iLrh)@H@f9q=)o(}6U@na}i@K|X2@eW{no_8osm2p=3y;qhq-8h-
zu2<)jFa+~4`+kZDIIUZyW@Ox^89HHfL<?h+PH=0Kw@gtR6P;mdOu)lWYx|l9u3m;n
zD?K6!at0Bu$~tBBMMV09B1@>tPgno;7u&5`r~<c*3X^=sdt+7STaIGp+tS{Rz^CBS
z{6QMk%>olk*YPEw>_mJIIbpT*Rr!sUe5aQsVl>_6)bp|H!na<6%TsR|4iktb((-MA
z#tRAt2x_E#OEVjA=AOMkL~&V9^n7oR$?u~<^E6?|id9d+hT(lo?^rH3q}iM-$nhIE
z(TczxDshl$#%!Cu!QI@p_N7-jq{}HNVy64_N1>y&t~M9oSN1mk#V43yg{%RuEP`0#
zdNfJTJA6*>m#++%Jv_!=K`HC1MQ;#3NV=gtO13qZA+$;t`fY`z>ISr@UCz0XTor3S
z61n1b0y3Dx5$9<l$!})4vgpLoLg)-SHQ(-2e?&bfe9IzOId>tQ>f(8}lEoG>nzqgi
z45E8X*JhvL5qq)giEa_!yFxbhO6+Kq@DoAA;ked7<fP8?mu6oI`Nf_phGC=&Y+<=z
z6WWIp`;>#?)AuLOalM4psgs1`s@N;}zCS&F^EO77H(>RptOvetf5<T`uW=AcGbW>|
zzy2O1y^1ib==fd<`m&|rHjjesb&0B~IKkzQ1us9aW`)q+eC3Cm_2x@`gwK27C#Lzy
z7u+u_yN0_zr`S{%W~i{HRmGym%fRpXGLt`aO!@3h%x%%%HP6mz!bF&4*-#pzbb=nt
z+(+ucg8j_1TTAC)nFU{ziVNhAa|tU(s{zhbs@{#}o}Y?ulFR#`JQ;zE@Fl7Zi~5Jo
z%SXw9Ro9;&LRLnSM?J>ImqGKch~|4Wy+|J+*JdJ3#Oc+CPY+pw7zZ<zppn+)A1U#{
zUU5U3<DM%kR28-$!zEv#dh=#5m)kSH?^_Yx!iceN$|Xjxv8``apMQcHT;{Q%t#D65
zt498@vzM<O7GS^}BPbsPkE0tsR<SS7o;M2bq!j!#*X-y2Q0M1Mc8+Tp4UDMq6ZW?w
z+V$QUD(t+X;aE6^j-~VV3beqbA};o$<*CC=fnCk|>#dpVG|{I$(rFhkFU%bmee$LI
zG^*ESXA5zDezR4)g?40H<52lA(Z?LOI6Q)4Y`P6=SEjO?Zf9esl8(_t<LYfT4^q#t
z-@BrW%aH#-C)PlV;3KM(h6t<c3?Eq}*}_{qkrB|q`#`@pF=8O{>UOYisoBT}h!u^N
z2Q3LQ3n|~AYr886;FVwT&n!MyPURlSpqRq1y-hvgZ{9ig{ivb{ufUn}?F|HSv!BgW
zDX1@zZQJ`#9p_T=67ltb=InLT3M|f~$}QlWC0;wCBWO1%HcsF;QtanKds4X4;7uY6
z%1$V)q>GA=%t%FeaZWEpc&eQ1gG@BteRWq!@<&TYMF_D_)(?R(_}b)n&)VeRyH1Zw
zOrkN`9}0EpVLe9`RCnksN4-w_UC&tU{47z{W##e+gBULvQb}HL_>=QQW;@z04d@hX
zh;`l3E^60nG_52{^_CTdg5)}7FRR(E9XC^bZxHa>{|MDn5^Pn2yR;X?&Tp1s<~;f`
z(7&yGnSY122UCT&n#1*F<z9E0(e-R;a#Y8+&zIn&7P)Zc0#y2K<og{7Z+(=Pl3j~n
z&{I}t!S1+qn6yptD8{5Gv4Wsr^M~0(SyaXDSLP0T5h!x$gnqmKKHWo$U^Tx|f;;ON
zZJ-_153z5jJ9|*xPvXM*Jt7Ib5>=g?N-pCKl9#Qz^Sp`W)4=;~_$Ki*%C10ou>jnA
z6Z7*s1)evegvp*~h`63d$0o0ib`_4JGI~pUM1OO2?sW?DR0`G;0<$*f^6P}zul#&U
z*>w0c&j#h`iqgJYqVd>zDfH#KWyS6Ko6ktq;Tc8CzmW8NVI~Q8mwfu2*<LU1CI+!t
zs0Vf2u<m^}8gQC^Eu5B@DNEyZi;u>O-pd=RyC<glG1j4uaCvyG@kOW~^8%4*OELHT
z;+}%NKKSmid<=&3yv>@seaf=^9ll#z)*`j#P(IuaTBh*Qu|-)P{@^7cP*FG<eKkta
z#1w}i{4lyUCZ$h826(3%QS8`p9+h=PkHhc?`X);K1Y6LKE@fQrxFpbMLm9GOdZ7D!
z&UiCHpgsF}v2c0rfmx>TAgM$ySP^qGR7abO>4&|f{tPZ`na8jc(dmPfzkIO7$zGv-
zgRa6A?v06`bB?x9c>Kc@f4_%{;!j0_7yS_riUlK%GNdjKz$CbBX{fXR)wO=hcQ_1@
z{F`6Q(z(5`FC961%N4ys-+7~F;58~GIW9ZY<ntjH)-QJ1qOuzI;wz(wT0(`NXx+@;
zY0fKroayKNO6UaIHP>s$_uzp+!odTr4aPM(F%%3DUvLLXks9FmehskOmlC{UM+N_$
zGRB_VIEvCVPpo}+bV$i}-6y(j^DJ)}265Zl4;)YUEl1CuKT-G?EuzF><u?7H%0rM9
z?&4R+{p2AjK6%CNZAY6nKXj|0nu1aMkCPntSbS2u1%E0kV|?_m^};rCrltBA#r)*_
z5gjVKs#9$xd@x1}PC-{Zv}tAhX2xr|yb1X0%ZoJVG%@%`L_U!CJY?f>MIR)eA?RfS
zWheUH_Acl=UH2jr4f?{7nB8b$G<|4&vv^5fRwIV!$zXc;BP?GuZz=D|UwPP>sM>SI
zO6U%UTP1<dcW)6$!lnC3*t?e2{K<2Q3OXLmu1p1Xs+Q``_DeKDzKt4fROIy%OI5wm
zwj!>leHMf0^>ahQ6*FmhnZAL|Gl}F+hg|6Qr%Wi!b=c@Uwo5+LE=mf4ll`8S1r0xk
z@1Z>54O)(uhxA-4ioqNVUI04_4^`m0PLxv90!+Gg`MNC*i2&95p9^C`J1V4^eNZXi
zycYo4uDCu=1}`=D+YRBDTa{Ix6k)}C`_Z!?@6n{+OF_J(ikuuPjKJmPSX+Ayvsdb~
z{Dy}=UarKf`xYqeOL&R}LIv&kQ#`Kh@z;JMTi$fC;i;cat|vJC+zEscylP)-|6NWJ
zNiMqIkdL2H2)0YHQF~}5hScN=TtDY{|Ey3DFw#}2);RZ;agv*AlO#tP#Gi$PNCgC8
zD0UVpsAHdw41kuqEv7$6aNXtU)I8#JV(B=BKm#QM&|J^491%TDo1|%Ur|st#Zl3Ey
zSD!ISm2c+-;<}=X`l6-}nd`KrC|Y#fvrSDkHyw*NO?mg^YW4~GCzFwaPKA-gcg#L3
z;AIO><JR{MnGzn$D4wrPc#b!V$JeiQsefzH;v5=ICAk+ze|!IS)P?&Vk?rIc>OU5}
zeU#b7f_mvsxBRke=6Fu|YBDQKvkoPlYgdvpraRWf8~*5%s$C~`6c<%cx}Og<oBLKV
zx7=A&I75N_Ztd`m+|}{_Q1=#4S*`oKs3P4UDIgyu1}%*=(v5<2homToln6)*e1L=q
z2uKSO(w$0ohe)Y(NauMcf{JVHea`=md(Rkmj5XF+V{iTDoNxT{d7huMf<h$5P04OL
z;`Rf`5;Om{#K$lJ7YKcn83L4DZ}+UtkOt7<-bRlt#r5KMk`x}WE*xQA;}it;?Fy>E
zGgd3+OLO6R-00>O@s2koS!B@i#5&7wt22YL2ghr)1uJ72FpQ{oQfSjFE{Je1Y1ob*
zlfZ8b4CmEY@Scph8kJ#@HVPyKvP^>XuHp&wcEOe05i%P&h1<|tgFJTWq6&~G*8ySn
zRfbYmT}ctkOH|6qdmne83|>n8=I2rxE5eI?^y9!tB+zo>^ePAwVR~Q4(kf9Fe?gMq
zA8yWiz3;FN_f@(|YKFcDiM8hfmh7V!(X@@Q?$L5^kt+?Nu<}e{_`)ma`PgGHp8Esn
zl8_um)?N~a`?LoJ6CCiZ6<DTcL4IJxYR_Ds(!x|GTl#o0BgIEto4mJ`r=9e=m&NTx
zGIG%X-N6(edtnk!MV}vHHM+jqP7!42w7b?*CqU*ZwCNwtPR{p0JIvY4YaA-ix*DC$
zK^Lxq(wTg2=hwUMl7@C#1leTz`v;nay^&L`rBn<ggKoN95H&VvXQ0guRd&Cs{DmNh
z;eodTsKr_qY3U4si_21e{^rZ?yENOrVy^)jXZKt~Cf)X6FW|7W6A65MfV!=(q2*FM
zIYlfYtto1SOB3!LybUBlN9-GHI~7sH209_Z;yVZEsC-dW;%?Jrd<A)5D2O~wvGcCO
z2nO>wG|==p=F`nK#5Kn*=7_{z%r8X5w;98&?;7x?62LVZ?s4Ppe|b%1dOA$uW1{)z
zsK&zc<4E!quxud&2~?4*dhddR4-`|8kzDQTG9^g*p9ALutB1r<hqe8b0hC5*9u#jX
zq7U!cJg+{_Dz?SduKuRTf%EeAl)&wtN^UL!wT2wlv8!-1{FC157cTdpwYW+q>*E@1
z%ym$MeYbNt?WRP9ttIF3V}{g8!=<{7Ry0LeQ%r(C1j2_9%An>CrToV@UwhftYA{w)
z>Q(F#GZ3}+wh8rLxa6&^_XO3u^}DwQH7*7bk7zuL5wbew_6k2x_Po=NkcSP=jX&be
z-f{*-K%`f+W)Qzw(?!Kb;ae)#&E$fEkd0L!t(lJF%(#~Sb-uva;!br?D^9PGaNQ??
z_hhe_tT=qxaDxCmXuedxbey?zyH>l15k@AWQ1Y(9J*#k78Vh9&Xbw>tAmvHgi4vi<
zV<9MI95{fv^Ydd!8|rY!ggtU~s<Z+ReJMz|u{oX<34h@QFGJM*uON}P^THpr6^the
zY!~uqb7p?BtfDQ7h=7WI;FPNAowf!L7w?=gSvz5c`jq_6a--KhCf{>M0)yYmPmD^3
zs|R}k=rLw$8!E)nNGLf!IJIt=XXbMRV6_t)5S~WBQ4j)_9<<`V#^Nmk){(%*o3pXW
zPvrIMH;5}#K?~2;)*f!Wd6WB=0E2Q=P0Q8`Uvs4fD*?4misi-IX*W`7l82s|uR(E2
zMlKc8I<04-?cT~>G%>SIrndkV2}^bKt1$VaiE<?sWY^E1k&$tI;0=i-N%$AkWdsk_
z!`9~qn5D>9mjbBxTVkmk(xeOyH=5>CBdMl^&ANJ+Eco0)e?r-Xm{0+}SRS;n9@-Yo
zoCSIPc_aYzdx+{8&N|SfS2Rw368sG3F{a=uXREB|i|0Uc<Ab({I~VeA9z`MqC||7v
zb?5J&>k4nCg4v>>-ff_aO=T&NasuCIM9DtJdFRRKEsd6#Z)5ro8F0Q?t~%0j+L%jD
znQzE>IZ@}+0<>{oD@TYv?s(bt3kB;z4Z*=30Yupz#pGKt)Vn%`W&HKhC&~FSn(hRz
z4qB-H0Fj@h=l=zOP5Lju<`dk({}6iq6L%*3pRw_3s&{2t)icw4JAzEx#fSs+EgpUt
z3gs75US-{yaQX@$#76Ckw|@sU$CZWu^6LMF9WOy>%Da>-7IgV%(`Eb1B8zq#2Hh`Q
z=y`l!TnMPo7r-G&ZP%0XAcH_s`PoZ<2!OVkyA#E!22<B~EAoO=)EyDFyD@7lDt&qn
zPC6_?=fI2BCjczeIWAoy94XKtFaGUQCm1+wJ^stW{R=(dq@xP^&p2{*Pujt~&gHjI
z=AU+Y_ilhbte?o~Vf)?meun7rpGgIeAZw_Ey5U)*kd4lo+M36ja#~_L`2|=R;!0cI
zgH>gFc#zHwIEQ4ObM_4HF$v=J*)I0#7o;%%r5R;qWy`vMED|<aZy#4<-pq|&N|sfh
z)}T><KkZw1OGr3_?ztl|c8{SSA-K(iH~GKWY^}LlPv&D$9t<$WCd+)2=gd6Q_XFE8
z4X@7VvjFqH`sQ$=wna@OtTTl}bt@D=Y<$Rm68@cjaa~bnzF29b!w3E3zrWZAF(NxH
zWVqDn5U)ocU`2S!S06sO3Jjev=h+{59UX1d6>983@Ii-gEIB8q(>vlU?jO*EaI5!r
zCX-u`##t+zH@~kee*>@N`I^bcCmz6-EYBn>9$&z~ND8k~d4QBnHoc9*@sT+<T;|W4
z4gR|XmebGE2;jI$xw%r!(lW7_%kN9LEz^Q)Fhdm`6v`BW5TwdNh8)1Pc^wHDD#s85
zd_;R9G=^BdaH*pA+W2H8Vt=&HfXRSgMBo6FtvQZ@xqGdb{b&G_Bxcl!hYuB$HWW{H
zxdf{0(NbxtXx_MCu6j)~HBXr?G$-#7KK1+Gy+&Ycg;Y_$yhfUAj2`ACtSZ+ep1q?Q
z5pH;!@#;;<#C}7oH_Sjob0?`B0w?kT`15P%+)80QFV(xjNkBx9mYCJhaGP=83<7Qc
z@z08nkgKStUSrvz{KP_NlNPuFuOxa0pa|CU^tSER)Lo+G^q5TR_mjncLcnudGaw)!
zxgJkiTH3!)YhjcB{-5_A{Q5m&_mmWq`wztMP-!->0zD>{N?9L?g-PybW@e~z;NQ4D
z*+W6h?bf)#so7uF_H_)U<v&3=0gS^Eaf<U+lG=NXx9CNMOAU;F?b}maA>n>N;j`Z+
zwXkFWZ834WQclQu{%VV<!E8+m!+{##ph(wO+-Hg&I|B*UZ$k@BB)I?jt=Wr0M2IGE
z23xj*7HOHQFY?_(IV6XlU96FVGGO-8Lv;|+fr(Ehe3mQ(XhyJGh@gaU%XQ+@D@E9<
zXX3@WlfG*kp(J-eAQshGf)F?$xR($B07y=4`yn-WLQNEs`|}Tj+r2k2PivCDUT}!2
z`V#HX#HBkBoi2pyrtmR!t*s4a3o)f~m6HCtY|jvDg`bhqPJBnHYWDzPG3{xS2}I}y
zAc3XM;*9wFn!|-Up%3^6oZ~Ax03sWRO8#Y_&!Ii{76K?c?yz8K2xUj#dT!c^6%&Ic
zy3M4R`z@NrlIiY)F*g9u{SA5qKP98aO=Zvu%XR<fD~kvLw5CWWnm`-^xFLFH$Y8mw
z|NQf{BH+*0c3(V<K|#WI<K7i)V>ZoQO*bX+{tbrtX>RjG!Jo{l<48NEBiWdE98&~d
zzZM4J7U%PSE`%8>Xmqe^Pqg@fokV(TMCA!iqRZSR?_U7DlS|~DiK~YdnyH7ya233A
z=j&In<7oJ+37lKhQnC2Sx|#eB3qz@YEFGd8*qwjCEIG4<JV*>bD#CJe|M|5ZSHKbY
z=U-6+Fm!w}k$;{>c0}L{8l?6k{rv%g3keBH>KjpA&bhZkmfit3qvQXLeD+=_?<Kf#
zn16FmVeUE5XXdOw7yJe)B9uYuSGxgBRKOmq?u?E4X{LbPQO!XndI^r*_cmGFW1=hQ
zX#~cM_4oGD0ve_Acqc3{P%d$3sN!$aA?bC_+YjOmO922~c!Z?BzW((xdr3;rFU__-
z<`tcuirL`(<d}w!-ikx87nxcGAMqsSG&UxX&saCuc{fz>E7HKTU441)0h?z%0$uGD
zaD(jQPTV`h5&_Fs#{r08i6-G?>G?@w{s93mYqhoR(3&XG4ut#xNk5JP=V_lUhj@P!
z4^J5D?7V8fv9TmDGgc~@n#bl4i$M)JMu+p@DD0lXG6B651Q1OR`sO&~zc!j1i%08j
zt-VK3dj8jqh4CT6LK(8tLxAbDe|ADj&U=)DDh>#~h<sUrDk(zU$T6FiY+l$Sl_2B#
zN+^kI*ct_4+}pplk-M9ZWm%ZYyY@{iA?UFD0d*0=1(AmGhld4UV#xzv(fa9tokR?9
zxt9nKbIhl!3F_6duKZ5yplV01o^SL@WVqyFeFzh0`QLZLD5M&UUo>iqE|%;rGsWqr
zwY>-8&43?6S3u0+U(Pcv=pD=poiU6f5=(@pE-0cAI`wtOw9YO}Fy}cPJ<s5tT(<v`
z%RMue-=N;(73QIRW)s;U6PZ52d3DsEYMG(}<o8d<&O=7{6dnht*vd3;>Q8nnnD{oE
zk_r;!`fYe4vA54&v}x~i=AjJgg<2FZ)M>AF&jI4%xK%5xsqG+g@h!O7emQ>}13(s<
ztIdo`PcaQ%`nMPeQ1Mae7zQs9OFpYKRRGw*3C5@bQGj(t`-AWR;!?e0yB+lOY#VsH
zeDZ>|e1qlRv5OvBFL!~YDqn#laG=SF&RQg>n=d^0cmZa`@J%2M6n$o#eJ>`h@;lW@
z5{_Kg7#VZ_EwC~l^nST~ss%7VXT0NoNm#gBpyK+&C(|nwfYMz%K>sQR4=GgkyW=Kc
zzII%3=sG1+pBvrx3Lq4`^`y<elj+_ci2maYZ~BE$*bkJ}+wGKWT_8>m|1jmfDg>OC
zVRn+6Jb`4lX=FYCoY7kCkNf}R?V7;P0i+G@E+G60{zdo|#)AmIw-E8!L8;(}?`{>e
zqrxX{6(ZOFSN85v^L0}qGSiR`gNV+8yY>)?H{>+>1U!0(SN@-KqW{1bp6rF$4o9&b
zldl4CK4bUvl`H;XLEKTHH!lAGyrKw~6?&?)J1vrAdNH7ySW*6DRR2GEYOT8Ee`EN9
z)!h_W-}??$hx#-v1%xSx!}wn^o_}X4|8K~|{}&&1TumZ^5Pb>p@vwBmU%WWUf5+6K
zxg(O&MtyZi`oBw7|NnwV4Hz;1$SZ$39+u<s<OWuExl>@Kw#p3)i+Lj}*NRLl%a;Xm
zZPab;Zf5c|srM3o=qiPPnk22N>h)ZCW9810un#)qTN72k;zQ^^;1>`mX82vTuc~_*
zX+KXafJoE_r*OR!#@&ydnvwE{1?<eaRB{|Q!mk>XnJO0uGhAEfzl&ZPDI+}4p1vgh
z2V@<DIg$ZF0#&I+D5y6jhedDfA9sUj&R*Im2OJ%Gnk3s*{QDYt42DYekArJc>O<rB
zlhV`_@aU)h@^$-H;10{P_Yr_l0eg*?9T((~U;JV505h%iH45|d5Tt-4+lk3~IO&Mo
zWNI5}s7h~YB*Dg_TtdCV`xm$WNVedDfI78ld`uN10gmXpvilG0rQiJNowupRf;~R-
zhZmvrQ01?;$3c+lsio`YwsBWcNNRelX*32g!V?c&lXHT@lxidHA{>h?0;V9v6c7$2
z$Smpy60tKtPBH{ckP(E&29mOy!67+SNZz%mP=<EF2-nYgQtGry_7QPyf}h_IRsLK*
z$P5gg7y##!&V0&0`Kf84|B|x&YVk0OX&igDmT?)yL+cyghj06%Y^Zr@KYF@?{jeI0
zA5{AoOqu<D6KLLs0I}N^rx|Eu5QN2JbKPA}S_F`%?DF+)8L7gwEVyv5(~EC1C#y7z
z=ey?Y<fLXf4k|JWT8UsN#-vKeDPSHrW+QmL(a&h&BT*lq`AjBvvp8E{-AjMcD0FS%
zE?)DafL*C%YHWahlR(C~JUXddW<P%gnhT@ly3xm2c)LjmS!s?j?#4;zk)#02Se~8L
z&2?1(3CbhCjBs!q`A-pIC-zLqWrdShohGB-ckv3UpIqM++dQekeLA>5_XE(xZ2=0R
zDcG1wM%_tLd0;-8)cyPERrD7X+1XH0Z{eJN8PAnt1~Lqw!a38BiNnBS7EZIBla=kg
zT#hw<bX86!a->wyuCUgBN%>a3@fFeU^6Vn?Fa5a{b#$0GIBd@oh%_llP!J~E(Ar85
zttln#@;pf-*4%}9KlglShyhu|ZO*9UilOyM<@@wg0Jp6*no+K0sx~6)sLt%hf(}yy
z87A6P`t7xtemd;dH-fsmTM9-?4C;CH=}+Qx>tY*Wp+!sz(I?LsmV-$H6@bd(#|zb%
zp^vNmpWOhl6K~T=5_ud)0zUIh4Owz4-jB~lSNx=C4>s)mE~uo+hcgxq*785w*;}^u
zT|pofEB^6h?!-29Vk0OyD%gCYOP&EC`+a?kMc}qw=A!Qi*nwK=Pw^A&i(V);1m;1R
z^PIsNa-n_i)LH;YjUJc0a(_+6)Tu!Fn0vo4nEMcj&$a-}>*ud@RRD<t$<oT)y&DeA
zlob!WL<bESi#BlpU`k8-aiI0<2myKlaxM%~v<5BlE1K3N$-B!%RR>uR*SlZcvT}Fs
z21h3Hhki(p^SZ!Xa5=#5Nqw3d$bJK40B$w)52KUji+evlb;|BqxW2W{PE6c)fKrc&
zg>M+4)_ZI<MMb#X;3;@?LUus^U&InX)mSFty<(La5G&0;W@`#Qsk@~q=WG+2)@uC&
z06NjoV*%5=C`)G&3~+=2;*);BVoM}*B+v=g0khP0h(_`!0J%B@h%nzp#wJgboBNh{
zJ75}&rVIl_HLj-jYM?<zh06_#0ob3NF`)Tuv^L$;{JCEc8qx-hf3zw|vogw&7qk0S
zf@x%P&#6i^-B}x3$rPSUYzzR57XkaXC&uuYJY@_5Q}3Ocvd3~+y>~nE?d^@Ml4*RT
zGF8;gI*vkRm_mSNfWYiN+^;KLg<d^JPdJo<y74>;Io!yzdKIF!bNXJQkq9D?t>80m
zCKw3Pr!E?O7*KWyx*ClDM8qt3xc%0mt~QF*5V6+J(bDn<IxU2v0L19?UpdKAb|}EG
z*Vh6@omVbf|Kj~O;<>X_rG7(o=f$-67iu(+zxgouOh1aUeB)+i*w^rPmf95Rn!*E2
z%4{wNopDuaU$_DMYC181Nf`k}{s{n3U$47Rr`yRn`al%m_97A!sS6GPQa6o?+q_}t
z8-Q6U)!DA^f>ox6rtP&xv5ErhrSR-nS<&aDJb7qppu<75#rqIwR2SM!mgrC3Z8zY0
zuCv|A*8`^GJ+W&u%t@&4C@Uwb8F$7DBh;j3i6dKeP5g??-L>#gK_~G&$ro;r!O08{
z2@-+3NAgGB0%=&>qb!%hh?K00d1E<7?x?vMe_nYo)%0rig`rEwEu*i4U<{yU%vApU
zo;!?q73VnwIfu<?3Y^AWx0--Zd1eI8tra0h0LjePd@WeD^OX$D<;tJ;oZtdePz%f6
z6DwXc0#l9huyeZvOhWp1cb%>=G4;Pz*_A@Rrk{B6G^G=YKzqKy&)*U`Mt$q%f5hHm
z&UhB3tIuVmv;d(Kh&T?pv~E@!G4wDD+1oR<-k7A5*j|nRxM&Op)Xw!PjZD3`*{;|^
zqT%@>v^|zD`$yj4ijQC;(4ffN-`!li(a2r{zpQDojL9^MN?SM;&B?~%_aOGP&{A!K
zkl>=QwMVVu`{@$xH6edE24uWiPK?({%Z3Cn52h3_l57t}elibqDX(4X<O&^_V)Wew
z({hVHe2mYzHs|}jaLD9!(_J-fI%raKn0Lwd#occ}Sehoge9d2@;)@5yG*EEveyy>O
z86YHr%vkFEJMVvk_I#Cp?3;}2HS(L1%C!Wf^w5n8KO0_Pj(H9=T~5!+B)V^1Xm5Ks
z7&F_{%z2sAj{(1TQz)bl3=+(^=1irhXNENlNfJOK!ZfTcEeU)nAoYHYfus1ZpAvj7
zUzeb;f2rp`E<*45aRkg;_}U(I({@sf2S~bCybg=-#FuP@rIQu^qE&zpEx}o#qlRMy
zy9QLAu6Gqc0wK$P1p<KO4YX3Erbc%Pm)iI=yQ-fm_i`zvu`>|+j=zFhdU39s>X70>
zQp%OXG6O!rUJ9Psq_9yrTzr_p6O8wzWU)xC(w?rM^~GoGoi>?;w+88*1I+mH7~Opy
zH3T$LTK#Y6zYf$n#M;fc%jXd68=EuC{di<R0A*fLy(9XzsKH<`depMe2q)w}ac}aB
zn$W*RB2Zek>#p)Wz!>o?T6#^IS6KL7bX_tt^NzFx7EWIQ6PPU5cIyWi5Ld{}+>1iW
zYnK+EmO&&Z>n^r@=k8rPNV*)FQjw*WSTsRzQo94evSmLX@c{6oo660ZC$1GOCAgA}
z0F-x%q!&UE#zP%(c2Xn<$=TJlAs!}h-ilAl87Bn5y7ezsIwcx&rmcC$Y<6!O7?SpY
zb|X9SIru>?FcvLpx~|FCJ_)Rle)K}_r_0i<ojp5=DUCo7I>n`2)KY`*6NKgVKzRQ-
z6Mvb33(yL3g%pL!1fQ12fN=>~Udlt)R)hfs&x^4~-Lml<!EZiJtq@EW&>z=8xdk@6
z=Vl3xAuC9|Pj%lQ(J6=z-~Ng|5QBK6v~aA@BsHQ5$i|Hxpa-BQXUaH<h%ILHb@xU^
zDW$3a+xevjll``<lT=sy;gTbA$;$V)!Oh^6-^uIOVR1n!_6h*KUqO`G3(#{Y#bAEl
z3}j&6HHyCy6cl)A4j=(xk-AUShk^lx6%rv>XJUM6!sq!MQv;Uzi#`a09n-vkWoH15
zPO0&uV;pSyU)QI{bD(2_L$~t4y_|OyZ;NxbyW(|>;}PQ`5hpBPmV5S=dciFvAH(II
zpzt<_@tVNcCXp!bA@WD9tmcxK?@>N<?5_s9<?9SX1B7=#^SrO{4x6MM91K!y0v9_&
zm8!ZmhDU`_*JZWgA^12mF5uVP!3cp*+5;F-hYldneuPnKLId8N-Rid*4QjMd6kx*{
zftJlbR{W$x>pfFbR#+)Kmoa(s?ci=<MIlN@mH1cJJ=bn)AMMA5m}F!}LJGs3ADdgR
z>9&Loe2$oA)!W{ExGxt;H^ioXjpC+=0bRqZ=PSnJH#=^rKp0{|jGH||`zwW|rM%(i
z9|FW@sfi6%D431j4D|aGQ+9zMy{k55#e*^XfhI8ABSRIq3Q0#Gk>0nKsr~`c!_Rt<
zctfVSWy-5q&!-r{7ID(g8i*}43iZsK%JrdAx|f=#Vh>L{BtITj>*jWg<E;VG63Lcf
zZAl~TWzw^aN)vpunC({q-Ii3#gSjjZ*^ik-^x|_63TvOLAe}U}j|q}P==Zm+3n6;=
zYr%OG$1mmYG#9uYz6Rl)S872{k@1twkABJrO)rU<=nrPlXUh)ZM4NV)4e~Lym(f^Z
zu_R9yJQEn{V;*>r%>lMWIG9J0e%}!g^e@sq{XXkj5T*v>ne?SWysg@$*n;?B1QK*2
zv~vZHZyF55=q@{EA3(D@%7PL&f^UU3Zj%BaU^E*El2%Ao;(TH;A2$ZH1l2N8r`H|#
zGD5)8tE(I~A1&ew9;=RRlF(PUjaNEU^c#59T!uLD>Y!r(kJiOW)?2ss#cKb)`;W+H
zUJ##qF$*OQ-l608sdQX@>qxzHb3uR1<dPbb`jw(Lc9r*4=QS5AUhmJ<(`1eeTQJNG
zNcbbKTP<5x?q%y#Xh3t{i}W%U&(Vm#fP<k1cVKbxj!2<EDqb0@EqC!-LCrD%Hm^kA
zF=-S=p_s-VlN#Qx3J+5dP={uSa<pK}9)Fs6+-dNE8c|(t@gB~hTe$BTzL?2t#j3ii
z`!w82W!e(rY+oY(H_rA+Vgq>USRYJede(}~jOR!0SYg?3JRCv$CVddCQPA>{&ypsb
z(q(d~a-Ov+#0qDyMcc+=V(Oc2qys(wROu7LaJ%baA1L<&2qGhjM|!lc9%n4uVS%Ab
zJl_uhE+3@?^0WX?-hE}`A}IwF73!fjPc{S?1B%Y|n~0>ujfb6BD(6J^qi#7q?0!IE
z2}F|??`GlkvgC4LP6&^MLGF90w>nA+<<%8j1w~3DfYitXoSigYT2A+*(ozlaK<T6b
zK=AR6bN%#K_H`hp<(*RjJ9oWffq^*nN~6%{GyG%Iuje<8{S!)7ny;xAF;LTsMPLhR
zGx?A_^<NN4(1EXXN?|`z=*`)%$|$_Q?8d-67M&Jr+iFkT;?uFOttf+-<r9`=J6At%
zq>Upt%H<II*pFdPSGC1k(~^OYyt3-n!!G-!^aY1@sl2A3k<$5DCIW5)nWjel*`>Jf
z19Nk8!~$U$i{3|4RN8q1lQ@X5X!P*~Y4<xdX5j10%ATY5UJ{lI3!#xHv=ID3&ZbW9
zDf``4_av!lj5(GlnD)p=_(P&VgW}7SJje-XT5+F4rF!~51#Xm$ZqysSP=S4*DFXcC
z`RnhDtwaq!YO~Jfkr_YkbGu9KOO?uFAlc{hrU}EXWFXMBw~x57Q%<~ezR+tq)s-gr
zXtiVM3Y|Ci(AA6liA``;vZk&9o$tFzWw<w(Lc0S;1m4&g{wZDHdmRwJCDseRiV{fy
z#xX}v{L?&SDaGjzkF<bavpw}|JqS(s5-?%5{wP+8y*hRVoX^AAhcw-zmh=5DtpdKa
zhB>#Fw{DEj`d%>F6Wt8)9_B6CY3$M7yTWI6V=vY<w9H!b$!y`C@vxx4W3Jev0lws<
z%-$w($J>Xi1K+gwmg%)_R3L9S4D@I`=tgYeB#Z5TKk9cHgFZuC3$G3~jibhT^exHW
zvEc$r(-$;{)B>A(kI^B`hg<*F+yrK^-QXfU2~f>gj0`VivWi@+km_izic`45C1^jn
zq1;s!?7!L^i__BUa5(#MuS&u?Tz;&ybpEp!2geQL{oHTGDQ%C(bT)aWo)iR8aa~lX
z7#!OS@ch`sRK-82t>BQ*N?KcY3fey|)4^885>SBtV9N6Z3Ypwm5%r^V;^AD0Z7sky
zzsybwP)YwHOaW@+KtIQE#pF7iou}^6M@okv%^3TYw26n{7?%|J@fewOj8o8Q28}d~
zEopD>7i>)j?p=0}lhCoR%&fYfxRUBXg5zHxVtI|>`on`B^?0FBY>uU0eP(zEK-(~=
zj*Vn1WV<YVwbvm75{DO+lE@(>fc7a8;6(DO6P1<}J2(CCiT^F<9<i;$!M*h<qaS1V
zACfcey_ZLyP6E{kN0-gS&!Wi9O-0&^yUxT*{CmN9W}8~Zb5NwPQO$_|<4%kC6?8Ub
zJHGAO9;0ba!wvI2w}-xRd#`M9er5aR^wm_H1d<QJKnb<#X&;a~>3#Fp%jBTaz9PEs
zx;8vA`pW!)aoL*(QFff(owANolxtI5H%B$U4U#d12-9%d4dk+z?iNV_<yi{e!B<32
zI%wbYwd2MVQMz;&V3C!jlRq9BT5@tGzL!)`QU6`xw7l4fhngb^N-?7l#6-7h@y|BY
zZ<U5n*_0jaO1+R#M`;7@z{SrwLr)7o1+gu?Gz{gea2j~KHlw*rKcuYAbFf5~<UIa4
zy|{1%ZHm2$Q9kr{?t<UQdS3pAj5}hH7AR##YrO?Ba%1jDajn)Q2CT9bA;+Qk-oL1Z
zo@@+Qi(_~2P_|<9aI+&-Ct~Yp(_qiRZj*aC7fpG%By70IdgD^bOp$2{q3Nf(tw`O=
zr8XLSM30#xC$YSf3YZ<Je}O~XU9Q08iKGN%R|5pFp!>5${BNG<5AmGCe4$IRqz1zy
zKxo0ZR?2Uf`fBv<d{2-SN9#iK?Ap%!a>+<VfpiKKHnOeaIgCU&FH(zgUY>aW8Y7#x
za>K$roU}l?z5Iyi+EoUYvHlXB-t1rktnX#=g1o=`%s^<0WjXqWQCp;na_PFf=8N#d
zNZs&Io59#x=>E|6!_Z1m_W1=sKJes^e1P=l{o!QPq{13+E3~(GUHD3+lBk!m%WB@$
zjjoK+ElS5~^-*8m4CFyeHqX}$L{8b1%4P|!`&i7Rl8%>*v_D;8?oO7t72d(&MD+RT
zcd4EAnIbKWIl$JGa@Jhk6-~+soXY3Ae9DrAFd^f=#3Yu%>-{$|iIWTdKFbDPnlTIF
zl%CCnz>CSdVfDHMK~+0!q%4*PoLi2&yJ&0U9Vw*(^nq2%MvEFHN2B$+WSqn1k9ejh
z3w=iR*?;gke)q5#<9_=zH<{e7CVj~%10&f`Trx9>`>w<8Z}kBoA6lT;e5wfb>eCMb
z&%dHd#|An`!9^5wp#M#7=vZ*0$Fr#YmA;9URcw|;R$;hIMAIUD?6UPdPtKc|ho9bz
zZuApX?hJfe8*Os{B8#8DshRKeRMF=N!|a4s?x~gSy^t|(8r^wM2ITiNy2iA12Sk3R
zjk=L!MPWZdrpN!bV>wPt@cI8GEjgw3%K~aY&kxWuFwh*(uzFLq8CPyQK4ng39=!1A
z<LWiPOMzHeYttM>&09SgW3IXJ^M06PMoHw4cX*WVlrLps`!c#!O;I_F^D78QE0)pr
zsY3k*thqNCd<TC5|9DZ|St?Rd{9^t^)(iNPV||s`<33AoN0jmWFwktn92Y__ecV1W
zKjrm%1J0o(NkBQ`thT$LGf*xSB(KBwf~w?y$Lt`hu7G4HgzrEy6yb4`jwg);2yn54
z_I#0_e+zL^0>G;xqCVVH!h3ToAs*(~-*{RQ{m*=QxUk1~e&DB*iYSopAZ7>^SC9*K
zS@NY$HIY^t|GeYkSAH6*LS;*L_T%TZwKP8A0;miU{WJuqnZb8j!#J@A3C=5=95PnP
zDr89|L;VdqhL2t@=LJ&OzGqPfdIA{J;lD5RIW!{?nBDU1D=k^%JrGqOuZR>Mm%dN6
z@6J|_V$w&5hD*6^EN>s|N_IV~bbQ2L4hkQ??ACd=;|kFD4OvD&<xKi`?Ya(Rvag*q
zeNH7cUV@fYK+=2jQlNa8_fz>$1mt%fLo^}FO`F=)pwM^&QbDy_8dZm+4}egGmF}~1
z6_A7jR6qsEn>ZvKNy=s<sb@Mx{|S@^lpsAppdX<<4Qk}r3(-&XPTngA4|T@5bW!Ys
zr6ICZ#QAUBw}5qec3NIMtyb)QvC=3OyYzM6X#Q*Ch(8JzyjFmp#*L!<*(M$+&w7)C
znA|)SqUnQTdtc?btS8xEW*k&Pe+5J!p$0>#!!pys?nc;~g9X#>qHIBRX;68OhsK1(
z)<E?$Ai8GUJtX^z?KT)2Mhn_T5~2KLH=aH${~B#E4GOL=A)x$H>HK@k7$(Eh=G8D_
z?QUG$CQ@<<4OmY!rlc~cXl3}vh97Ic03A$I7y7mvYD1;Gd4(SDwUdmtcSHEy;-2gx
z?(gS(QinQ6#)-FnwBF2$>jgryG^TNmCLawjgKR;HpEgAfG({hRS(CIBk3a+ACDep~
zgehp9IaT+kCEaPs`0Jy7_B5VC#oAKcfhcKm6L^xyHC_Q|gKzxa;A4gws6JZ^^h#@Q
z$ZD!d^sDkdjH>4izrDF%=Q6pieYDoXoSc*-#tC>+ov|5jC^w-_-V7+GD<#%LvJQYC
z{{deZA}Fbs+NDDcjzdtgXav&=v$^%|wE`Z07-!fO)8Y}3_$7J|E&x8hc@!L5RYm2k
zcbXn(y{6Qj>eRw{pkle{Q~PuYPz&l+zg+|Ms4D&-svKL4gPM{2C+Y01aTfDSjYIxE
zm@jK}2t)Xm(_&b>qZh!Q%uQ)yT+rurs6q_o8h26gqbV+g(n@*m3B+q)9Fxu*pj2Il
zREqBuLY0Q=kYsQl^TjDpz|w{C@jIwMO$$C<dD0ky%fc3xXPZo4R}>tlRTGd3hcJ4~
z5UhfcsIGt7<O7|vZ_<AQ4nz75w(Ym>YZVXn&xGU>Zp_l%_T2T^bpgF0=N%w=Vhs8}
zk@|JsXae6?-2)L~`4;oTUR>taI0!}@LZp1Uo!|nb6}me+VZ5FRKyX5k@dq`e?*PO}
z@LeQnM$Y9r0GZj@p48xZ|KP*$8*0+(>aU==ZU%?JIFp~ilFzpujxvyNvYB<l9CRx>
zb=(mTds5_7zIp9ZfJ#hU#%)%E=PE)2X534VdT(D}A0&V>6L5(dqCZWL>c;XsN|BA_
zz1twpkGt)zV8J1&92hLX3$%9ogqNz0o<d44nV+^URqU1TueGr0Ri7&$C8Yv$S9J!6
zS|Gtfp!}f-^@97<bnlKRb>=5hGp)N%fHE8%#JU;Y1gxD>R;R6{thod;QA5MGrKS%k
zA^luHQJ{mS<^dUL`Lg`&A)O%9X9)snO`wfyr(S6J3iI-<!HU$j3rRQYO(tr+l-1SK
zCp}wMChCmC<T#bKo|96J*fJHHETBY?S>=b6QliHiw0-ve@f56QI8JdLWtH2Y16Tpo
zEfZVY++n0Dg>8!Z<ts~?+f(#EAyPt5@s1m5z5p5X4|(1bCkA?rBP$2N-T8JUStFu0
zH!{C7HHf149NyA(UgRhN3(_Ys4^{9=K<zQCeFvzWyo5$~J_LoHW@25Jko+vuj<|<l
zVr)jRV8waL`e1?GG|f?!k=2VgOCU9!xjO9m4#A`HX1i)gmu12K+&u}=wg9M-`GCB)
zF2|1*2oS&u<2$bkNVj=MQvl1CY4K6ws^#`o4l?coa3Ak{^RjwUDOAidq(1@`4iOO;
zoCER;=>^)SfN)D>Gr91lZ;`OC$1~3(nAn6N`8OY&Z=l(t>PJ${R4>$HFIvvpYTQc!
zNlo89KL}J#6s#(Npy-|R_gMDpC=d0PCf^&9nJfy|NgP7mh;f%6fo0mvLJx!^FucWQ
zBd{eFFjyx+l{FLzgXp{Bk^&|xFDU)r4!|4)XYqKJFPM!v95}08z5Ef-|Ce=85bGhj
zoAL6KgB(me{H-?*oUnCDZ{`Frv)0}^0?x*LBm{Q`vj?X^@&34cGQ4nzSO+LFJ*Rrp
zLhEQ^GyMD`NdT)o^867Qq+nQn+VDQ{zDlRfXtlvof&9W+Kp!X<exQ<Ai1LC+a$R7%
z_%h$)%nW09OH}sO7og_ow(;q4Z^<?|t-YM6=b{$HQg49a#97j))#9zz9<HnIFVsal
zVUNp!mXkC?&GPKg!T1pxpeG&xJ)p?LgDFz3My+S4?%uENtPI#`%G`z3tdRNMGTT-h
z1KLiAdjeadk3gdU-}n=Id1I8YXcmr9u~0A1!Fo^MdU@Ka`>g)Aw%4hfqJ@Z;p5rkF
z!8U=IYEpjw9f95NG~xFXVq)CN5u`F!-9Sl-=X<>8%P*^-h1_<4o1LAlriI&MiCgd>
zt5hD<q@e2+3^y9CuU`mk!wARhQz7rbYjD_2B+9u)_U<j8c5C5tt&csO5o9+OIJpJ9
zcb?HLU636Lcnq{<O6u%#;;=tKZr~xn9vC{%T_LycRl44Tq%N`>-KxO=&SIR?+%>v6
zDuKL|2d<4CwYD|q2cGYdZgJ$PRbR%Mui9y|x%0Ih)O%CKum>k_YLX>_FW(~sm|lCM
z=>0jhDrFbjqXhlJSilRD9lPK|{?L~fJI}+;lQQVj&jJCQ5;1W-E>3O|WSVlNCBbrl
z^z!wOd>0Y~1Xu>8W?Db#ufB)cYv{BlL`VX9RNnDaZ-qL{JT~~2ibbJzC_{!U?tz-E
z%bh9F%hc{fWM4cJuA9c#A_Hg#{hW8azT|m<oRGfr=aJp6`Cw5-=1h1JQ~O(Q$FCng
z6-9i8b4lP<1r`VI`pY6*0&trz-)+20Nmi*LR?X&J8v|P59us0D-Jag9?vOkZV8MS;
z_n^8S%WJR9nT>l+96&X!l&x@$dPYGxuo);oEczXR?p|8DSq0_JAmuAs+^Z{H*zfhQ
z9+SLZJ*G21Xb`qtYRr6gZ>p_dk$%0(4N`lFWX&VV&(Xgqx&9P4;!8lk1{S`r6iJX*
z<@#kZP<qT4iolqRPp-prwFRxPjC&+cfyjrAHc|G~&33-!Vo^6h`-a5}<JP!t2k7pL
zKm%$y$Yo=5e&D2Ve{}WAq!<mOkF^V(yBLGP=3iddR9;|KeSwtO3`k(KX4G`jkzd5x
zVy$OHWib1$FnZAp;@G|RO2pjvIj%Rsx)Bq>5Cz6T04Mz=J-;QIRsjD+hExH{`#@7&
zDpB!K{XRd~D_quc%Bau5dZ^TCj`3t{(k$iYva&F77K2MM8wG@KdXc!4>pYq8GAHvk
z`a(k~D!sCbqg1nJ8{3SFN7%T7;uh!zK6KsuoggdX1-FDx5-ZQqE+W=FUoS9l(nP&&
z;z~f#`da^-j)@%VvQI9N<nTpGb@s-?m9>FSVkyXj7P%%z2U}{Qd|-6D6_@CFunp+t
z_LA!*Q}hCzwt=|kVR!V?!mNS10B_LFMN$cF8+Ie=1SX%#D}%~2zOn@TF(_L&c{f^9
zUI~$pfcdR`Ux6Tlk+;x_NS*8Rz4U^w{E_{L0g%Sf5)0`;8Gt9lg*_J-$I4liUP9BZ
zdtTphB{|qb)c*?5OSVO}KU+?)VZ_AkxHv56$YW*HG$a9hmh<mO?pSXq1LreKhxNt2
zA@gB;$rZJy`vsI(lsUKzc6BHm_2}%{A4F_E9B6$o35<3`vcFc&!J3~<gs{&0l=>o4
z0}D9EOt>;!`$&|xO}bzYo{+T<ymp-&ONk7bU;*m>_O5AL@jjVQGjFMr(uKs(7uCN%
zaXX`kO7p@uzs&ReFB;3nuE6!2Ggj>jk;L$0u{<$xjI^Ez4sZArUPBkI_lWY+m%Zve
zZ&m!*C^7y`E+v}>3%g{IB`WO`BGKv^T$=o*FnXDR_u6;+Wt@4O<`ZChjjC^v4ahD9
z`6Ni2rK8g}?h7O17SB^jUw<}3sfCgk+*$5AW4~ddL^Wdky)!|Ilr}}k<0x4F30Cyh
zzP)U(ns6XFs;Guu@5uH~9eh|RV&ZPx5|^zBd|Qrv@Ck^9Cr@WEoV0yjta&;tMr+)E
zU{ZWvr=<BY-}I<zXF&h~-_5>yUOG3Iulr)%xAZg-&`cIPy<|c@196M_GKp1_=TQh~
zVi+!P!|%w5c)eZE;uBxX!GyIjF_pTo+;${Z2ki^)Sirw?tE9*(QO*=|_7b>v#sl_m
z%?g@q$h!vO#S2Q`Azc{Cq8$CG3*LM%zVqtnCKhrqDGmW|xZc&k_cz@qBuFZa(Ai4i
zX%3S3h`7BP?&tLPss|9xwGTxUO!x?SMAJ3mB7gvHKlk>kG9x^xZWZ`awMn9OT^#<J
zysQI3XHx`vDW#c-?{RT)Wj-dwGnKFKgl{PZX+J0-P!gKK@4rAuc#kl|5Rd0}h@sMB
z+%7^wBmzPlTs5r*Bt+qmI#N=3LP8!B?~-im!F>s<JH`#=OX+j|bIo&ylUuLfH-ntd
z<SCxE%FZ$|Gi|lk>fLuj_$g88K|%h#*!^oN=_0DK3vVbf449SZQ8m{Bk?@Cf4(8P6
z8;GCsgHZBdZ-vI!6qVK;H5(eBCywm?7-*;Ep`;0ihMLS9g0Y};p7*}z)M^OiGNRHN
z!C#^VJ;(Wc`0Z;+rQ5A}o#r{#{6u@B9)wcPdmVx54vVTW0z*717_?4l{V&5IeWAlk
z8v|QFs*IbEz0Wfb5lsfxB)H)Hx`zOTae(*UySuQEc$ylT-aB0v3L;wW#-e7Odn=OX
z=q~oH_nWV(WC(YHv6W|3qG9;?c*8nrzU%E7PE@unf&@O-IBQZPwly{+hWPaTec6y-
z^1wR?y1r?qH6#$;srAf%ulWikp-`GTTL&eBFLdkv9T?h%iij*4mWK6{rck<>r>F=`
zirn6ND*H9&na_Xt3}_(XXK}yvC~)kj65o&34UtlbW~dSOGK8YWJyDJ}$rd3Rcs=cq
z_c=t^Iroqie*W9c?a}<7?2X)=oSj{YpOikj2ZOmWwM2|(Zxw9Uf65u-K93msk#rX|
zw^QG%z{NllSJDM5l%eqj>4<uQc%W6i%gSce_uV+x&l~()YJE3-Qjd7~VzW8&bP7G1
zqS_~TOfPnXD#N;#U-@ffT>TDO%&y43mzhK{R1gf@X>~1xNpVZB_~ALlN3h@?`H)P`
z7O1+@-dZp(z%jmP#v5d=n|42a62y2;9PahY`$v=+WQjgsfap-CrU!1qEDyc|ff~+&
zEtxE=X%CwKVC;Qn9yQPrDBUIU5W8%A`FXmqL8j#kkW`LWU4JCeBU|gw$D67;p|ps-
z*g}lirW^d3iyEHx)o-pT?b=0AQek2CMq&~yXjP>L(UF{f^aSopq3kHV6H2@$k#Ufi
z63xAn>@l^{EQ>C~f@8<HGtLo67)Xj38bv#DJiC#_pfZ(fFuWIbA6KsiTLLE4OZ9u<
z8e!M)$ZaXh@uk1EKRWoK^MILAS05|P+lpf9Qwgg@_DpGtF)0m=5DA*l8je-M1EWE;
zWrElH7v8C|KzWkL)gvbmxb9x#0!OR%*<r?eOl-ev(HZgcs0E@PEQ*9zi<AO{6335n
zWOMQ)?<mlY*LK(2B1?UyFIS_$kRw&b3V9nWFr3YRueyb%e!fO6dq<=Q`u~~BgQt9W
zSu`9ahG@;NCuO{da8c<GGIutU4ttL3N9lAo@a2Q$HDa4SI?}WyNdc2AgeHhm9_>q*
zk_wITo)Jl<di>P>6%1~Mu2w;QHvsa3TU!}@PWh9Hj8-srv3D0|kAf86(J@a;-ocQ$
ztof}`0WWMj$(F2$Mf<vL528D5N<AkylIKxh6fe(;E-0JBG4Zs7aYVravi@GcdkraK
z4`|(1DvO__JKNTX3{;uf)*1K_-%gQz9IN82^=-O)ExMn?(o_==3ErULn=|+ZrWBdk
zlQ3##L=a2f8KLT3Y9u!9>xIKZ^!q-oxaU!7q^P~iHlrhcCuzQd@oqfLx(-Ss+IC|U
zQ$(NSU?cbmFw;hxIR)3hg!90OpVc<=3&$%75qecjhswl6+=>%)s|;quPC#-`irY4z
z?-EnzDZP@Vm3WESfG$K-MfFaL$h)OmKv`eDCls1d@uueOE=|VWP@B@rev0Ovwta^+
zi1>cg`gaL)6|*qW(4E4oad#DNEShD=H6nC#$lOBf3HK0UBM2%LN3*4RCn55>{*9uU
zD#Dv~#>b%6l$_m=Xvp9$rjnko{6gbP<|<yqQurY4d5O$EyMyLi-3Mlv3bDL>Ro=Oo
z&My@c8R#}5i{Ewh+EvVvaUkLcyHg$?S~v|$C;%H;KMJ%-7tRwGvzh^e*VD=j66(+`
zcIpdZaJaBCHMfSq6J3px=89swS1S5y#u4Q&`P0f@9v~egGfXAjqN9J!))Qj<+|JIv
zBxuQ+UP%l|jgMZwvG9|IsI}OTGCJ*nIzI`2tIsaY?z_t9%O2rf@z;=?axf93(o(4?
z2?hASMj5X6bM2%@cn7Jt;_yHB_F4F%((z6VmyqplSR;$oF#FcX_+h{9yTin6pYJgE
zbgInv=z{f(=jeoScYD@jI)I+z%>2&oK-Cfwtm@_-9vgRl1;{lcKJa@8DckIS$+l2R
z@hZ@e;oj2Ac04chv{e4xEV%(&lu)89fpI~aTW>ADOcJDy=c07aSUb({U5Xa};r3MJ
z7t1eMu9wKJQ@>MXmY{gcnz~EZER7~7!}t!>x|q|phadw+qz>v)*Jj@gLx_a@JK51}
z4`1%!8O#cBf%+DGgt>qEeQx{)c5(KgA6~8ng8KrEy15N>t#0BlJi<%I=YAUPMa1&#
zj&tGXFku6w`?_QZQi+uTUf4G>XD*I-2#H{Y;sZs3tPplyD@S))9aow+tgM6AIU(`T
z5dbCT7wQ{TtiX|bg(g=ZCVy*H?5Hy%9i@3vakFN^hjNLM9b~_1N5q?o7iq~OnQQOM
z1)@DID8DW`0rX;4dVq@FWu3cRA~!nI9{XRO6n*Ta8l+?*cBrq0^C|iYtvfvtF>U2l
z8DWutXtDEhO`Yg8&9aIq!nl(8RiC#Z=zbXh6}v|G&%H^j{uUjLh~|f*e}B@Y|C8P)
zbJ?_Wi+TutL28A~K!-~gJK4Ga;fLl+U8Xr=Suoy4sn#IgxvL!tm~?FQNOJQtX~n#e
zZ0>jVL_NgK@C|6Y)8(aXY;0J{I$XZqtZaNA(Rly_(!MV`a$cfOXb*S{fRqEK$Wky2
z5x<Y^an4J#pKPBpd_TGb_S4q}SBXH>P-a8FR+=|2-RrL3y3P<2{)Hb|5qB-?*OS8J
zn<+m!qe6pe%?!aHLT3BRfQ<YEmn<?!$UunH{~8f*CP{>XB?g4%qXSw98Z>B{(g@Ax
zy6TehD7>Rr;cHGJ3|aAs7CoX_d6NCT>q7}uYZk+jjE4cl%$roAs$v=2&GMb=6ogiH
z!?vlFOh2@7-q4MV*yy`Zq$<;8cg2sTIil-jhzW-rrBaug@%?*SnFq~Z6*q&$BJUxR
zeJ`DxA({N{f<eUaU~Fvc>99=Bz*+_`b+aUC+MA6df5e<?Dk+&);OeV&6*BP|8<kny
zKZpM6*+HbL^r|KpsruAqcUmR4k0L&V{cC<!!mtEnDL)|4&@Wkw>^^xBm>grP=?@oa
zHzlh>R>EvFc*MPorVL6PDL;#XWdX4iOpyUvnhg{VNq-I|vWiQHq2g$VN2|YWGUU{N
zD9t6QL0IQy#5+f#E!)zxU4n8qy3iS}Uw`KoeV7YK6MMYWi?$M4bjN2MEV(<FD=0&2
z(iS(xn^#m(!T%X|AQ5Au9DxhqfA$YGTqg|&tz*t1NKIk7KK~uM_5OYqa23ZRg~2O!
zYCx~Jnu;uC@kxK~0~l;ieF=j?^<E2oAu!7?g%dp-k7E_UKU3=I8@+n^4!F;R$c|U)
zLz-~6xM!ia4AAU9ugu5<K90ihm*E4-6da*B!YAtiJvY7pD9PwdDqw~72i5hO0xvJd
z4h~Ds&%?qYDUApQFpA@I{(3|3m-3-WiZc66u=|VLvaXL2L&d}l&)C=hKR(9v_x^Pb
z4XO9BQcw(QjxlH!_&oYg!Q&st<^OC8!;wOFFe>nQTz4O<rYRYMfm*$G99-ysY`-|P
z8*>ci@cgd$tO;d2N%LoS0%REM?tQu^kekH-Z`J%R+8X69M2$NyKW}ea8r?ub_WKM#
z2S^LS$;8om$;B;nV<5JFG>q^TFNY-hXJLDt%Lr1j)yNNny|7z4eqEq=fhP?~4(7r0
zOP4M58_o`I$E1O#2$v8OF|4~)_foP+JfiV5GTIOT=KS!*8FOB<Gla6-yl~;kT9Ti2
zcRd=Bs^#&GJ6)D)7W{j8cCR$cjna=Uq#VL|qRBWU#Z{NV`JU@Ixf9^)6g}%{Fexji
zKG~P0^Q$mqo*n${u1}kzH$h$G(ja~4`-+v`(})D+GfND*J1ySy+22@LUUul{aIRr~
z#F6EYK?Zc0y@<{(6ALEd`hm;RK9YO~>wIQKf7;Pgd8|-<61%!5=-@o({65c$o=GAP
zYHAx^iB#0u+XvcOY`vdR+e%-Up*XYdEaZqf&GKwEhZyg(v&RD|xtLm3;%<?rGOqJL
zmf?+ple3IU;G`EFFE6iZ+0zyxzP`zely#4%5OF0hnSQ6K|I@5_=`~V^7*9T5wQio4
z3Xd&6JImhNt2(hkX0+S5<)EbT@-?bd<fa_V3Vl8_1S#s?Q)8wMnMcA}<Ce%WuYiar
zBhOc-$|XHAG`xJV{=CZUUeDsxX@eLvD{DV3zhY~WBN42;_RYK~9z^{`m&x{>@FbDH
zsr>j1))zY;WK7V{HkqS})~GI$^bE}g6b4a@6hu=Z|M{CjFf8}*cd9&cjyN6HGMUud
z!Y|SG-5Peq0OlL#)O=5Prrz<aFPZHr`XCahp(zk1hFhAKm}U4W$bRgVV)qz-e|Cd_
z`NV^%KhKdFT*&Px!20eLe@PPcl8lb~rOswXL5TR_YHX6%8N_S(z}8ie{IZwNFVPa!
zgvwEN2ShUb@X|!tG{8BtXK;^a=y~#S?E1ag_Y8BBko|5ayIP^r`t35ESil<?w7sxg
zT-71kmu3g{=_46Q6oYqpa?k(1u;76A-WIx%YlhUc#GvB5Uu^w6MEHA%FdJ$N=cpHm
zJbO+f&lR`=cmVF%V|dPe5;q=M%66B!AshxzijQjW{o`KY2f)tQUEm}ds8}pE$p=ET
z<!x+&tF9W4Proi$OEGSteET0$+(uX~s=?V41XCnO0RBf_H>nsOF_eJd1Ig*J(Sgl2
zCP}L1=1TtkS2~@*U%Br}nN*GdR+;_uf|Ls-lH4@OY0YlH|NGNaFM>~d=L}oi!IQ*a
zJvA832x#vH@1f@Y>4bnkx{7(8O%lC_P>Km8P-q{&%I0<@hX{wJd7@r8v)V#1*7N3Y
zTIAu$2VkdoVeN>yP%R`YMwrb;U$rC(Y`Mf)+j9=lU+5WTDD}EXsf7?ss-Ep+b6YTI
z{e{7n{Nug*q4%EOgUt}a;IxUPC&wuq3Ev$4Z}07{{^46O!|M3P=H|A=+`>X;X(6^8
zhHtcSfL7iR;yX&>y`0!M;QpyoP8V4n_NoYm(FGok^pA%lK<D8+FVzGcc(}*u!|x(O
z56Aq+qM?JeAV{X~)<Qv$x)gMJY>&ST3qOGN@6(e-F9iJjmT>b8un=N5p@q0kR?B;;
z1ps_L_^X))fRlUH5eUVTAOdG6E|^pbSx4H_&G!efJbnPx-;cRX1s;>QE*3ox9#fZl
zO~tYi<i0%5-Jwd&@7?S~L@<K0pEt)4r3Rl$Y3gxLpYhG0Y7<QTyD0Dk)arQ~TU%u_
zH&jc3H7TjAd`dis<$~z^=TDq-=fLY!F3{FC)Y=-%wFcLZ%cM1mgM!U`O9i+pd;ULN
zRjue@xg+>G)|Ya%jgxdOY_>)XLQI2Hf4tH;cQM3|!DQdAC`3O~G+2q@a1NSpTmUiM
z)9m_Wm-){8XKCt%jSc^9x(VGOgHv~6a$h<G&M!SS{Pft-%h^&bGC&aC98`XG1^Ok0
zI%wYQ?z(tyX54kPZfFjlF?33ieR%O>Ftg2%k38n^7nw>>`YQN)!9(S8o9aK39-B?+
z5g<X8*BX+1_&NM5SAl6>*j16U7d={3h`Pz+c0eA(67c~V_^R($<YGEw!V2{7fDl7J
z73*OWDy?UAx~UozVnFvu8rI|iT%H))8y@ODr{-zDq*!%N%rjRT|6=FO7T|$mE5qJ}
zNGYF}#R^3a2wA}f=AHS}ygRx-ziTN?aQD&ljwACnR(hXu*8M*%`LpU3d_~TpywbjY
zb!SHNP$Tk2*lL}A{XRG`z2T=9<u>HR^osQ+40PcIWzL!Nu^QK(5^S#i5ix<y!=!ZI
z!5}IHEq~*8BQJiaeD+yxZMbz2MEOI^q7~N>LlZ&+f&#pP%!<Y#7Y6;PU%b}>-d)?c
zE8)Bu=vKBL&mMPnpJ$bCI%2D;XL-CC@Yy7zZ#HWX6M`^f?=;MSR_Vp&CE5g*cd8lc
z&ROaI67WQA)gq)$W)WC2qS1;}Z4NX1;CmsOb3auCCiR^2w+#ZK5===ea;@gUvI(2M
z9GPdLbG>_L3>xM2jM{~xtVjYEB~3cICf~j<B6c^rhoT=Q?=2LHY6*7k_}<`2rU_Gf
zceKSW*BfQUU9%o7w#K+|_G;>ppfTv?b~D~9ZnQV)83*wp-wRWw&*^Ex%H;z0r~N@F
zk`T!UUhZL8vki0?kAL$)$1SdbA3Z490?*Fwp^ydIx~W^Wi@=^}%JA;Iyv1Te{`Nwq
zLC++%q>B?U6hf!x_PRSQ2HP+I<GCB<yRB$Up`AHU8n=OfBi$OlWG{G;$*v_q;4e1x
zPQDA&y1@V11QUkkiW8jqoP2L!RsHx#X|qV(+IVjO3!C@n!SRDe+y~O0aRz3LKxZ&=
zTg5Y}V2Wj92s{Tb@WkN)xnB;+dLWx=L974gB?2G0!e3GU2J@c@(mQ;~JQ(n!g!hg8
z1341U>|8tt2<)Us(}laER|hgb01HP=cH&89AWs4pHVC9S`)(YdI<1V;dR)S`advht
zr_yo!Ac|wJ^uaPD;9Uc~fcN4@G#H${y;I^eO8DQs^d;IX3ZL|jAfZrSv$N;qxCC%^
z7a$o;x<laP|B=-}+XpN?a6yKD?VQv(_aw15;4$Q0vmJrpG57!6HW6e$j-a#4(g!UI
zzYquvBn*asfcSs%jF0oB`kB!G_7dmZ`|&{uz)uj2j^V>rc|!s2Vb|$Bqy{O280P;d
zL;ZjKTYd&)6^o0DtKRMH?HTW9J4Lm788oLS%~$<`^~-D#z%=`t>v*Su;IY$WJt;H%
z;d}l|>VNG1|A$NS(~tv?)PJw`PxI!kiZ2Aa)&(jIHzf3TAAub(IIS@J_k#%+?w$*Y
z+S~_W*OOB-f9&!Mj?;bd?8S|2Fz<=OA_8S4(8i^X0t~!i^tA1f<0^R@#M}JF4Zx^u
ztM<m0H6Am1#%_ZlJ`Oic+t-;Wx2sV`0ix$tlylD(VLHz1ryoGI<k(rTctCfrx1<+T
ze>}<mtp1#Nuoa-sSZ^*2U9NVh{6Vo5<WT<Bn8mt$Ronp(7k7Wyl*~jdfl9c|Pyy!S
z$zaz7!zG|z{ey`TaF$yPn)E)gKhh1^&3UyYW%)CWsg|S%lCR1*VZv;A;=F%`5E+P}
z45%EyAQ=QEcbVVluH!&x>J--x*?nN<P_1<8;Cz8yx=*eM0+0g%5XJq<a2c7waeWRf
z40)i5X2|9Dc#__n_yN5>qGcC?JWgUGA?SWg>Gd!0yr*#<85x<vij9p;rZ_tKKeq&d
zI;TI5{f{39)rCta&~jGcK#9(A2nfQycc>uI!2^;=peXBPb=#>}97a0K&7e$)y@<_?
z{&O?Vorelc|Mp!cLBsJ`yOdQ(&96lR$Fw3KO2_eej6#lda+jZ>!r(7Io(Fk<|MG=D
z7j+G?yxU(2K6aTEs^bi}ZP!tbQaFrGES3L|=Q3?4=K?UdBEY{bbEuft9@6Uk-1h()
zpR%+!epFdxQ?^*R<htxUZZ1$0PiOlEke#c*3^9pPwaT?{{m2i9p$!4VWdMEG1~`@4
zOJJ@?0U3ZZjR4&3C;+)m9fjkxSL}d+KeLcXfQ{o6+4%QOpf*1Gxp{<6CZZU$`ah8Y
z9hK#F?kP+z;8gwV&Mjx&wLCoBsw&exT#J-vc>3e@cyS=t=Rw_XBcC@pivVRUD#XrO
z+jAI=KIRK27?9qx4Cvnv2ecjqju-W*YL-j|@x5=(mUO*muWxx;`BNkY<{zJlO>*uM
zr<a2`2!n3_)0-uAS+odh$=vG<ts>TX;EpDSa{#qN#{g4Oqu>b4o3p1p+Wu6r2mmy8
zT;Rcdhx_7(E<gf5mJeV$o68K{#YP|~ku$)CGz;u-K~(jyFWqBfv0P<f9C+IjfFf^l
zF5(QR&b+jO=4M-iRbzbp20)pZEni|?DEC7Ot=JrHp#bpP3s3mA`m&$)Rea-LR=0Ai
zRE!b}AE?|cc(>EI0^o4}i?#QT=dyj@z)Mof2q9#@E3zUhve#P(2^mo$grs4QWG8!6
zWF~uLZz?M!o9yh6z4!0Djh=d*=kxu3e!t)M-{;liec#u8UDtV@$9Wvb*?^pX`-tof
zvv9+t^@gH@FZPc|i#QT!WLszw4D+(Qh+r$EKL2MBhF!eX&lme1sAWN!0-ppsP&YvJ
z&G<_5BBuYtnQn>+Yu3V_9Ls(_wy4ozS7n+6KC>Kl@T@RZ&oWSKO+}VP@GZ*J7;+?^
zv}KaayGyri?Q`~%{rE5h!b}Fiz1^2Ar*rTOTKmuN=NX3$l$2UfLkX?H`@p6&v$M0C
z0^+Y3xOAwKHA;})9J&gFsprfu9`<*_<NF+DJ)STHtCAhD6^%nGSBI@+fI=Hs*A7(&
z)V5y)4M2ZPK_%Q$VI8BjIHk_r^7eB?4q+k;jn}C==2Bi`NGGjbaBwJc+q(@S1tEBx
z(SoHi?LOH<fdD8Kdq5Fn*yPavzcFaQ*)<0p8`F)IDxoDVDV?(+qKFLIa=v7JYQlag
zGa~3_$Qj=^Fd%Cx875i)k(4n)#uVlK6KFPiq4(bX1oGhUWIqY|x`Tw0<A8Yuv1%T;
zn3Nc6!DPFM@$vJfJYqD4PpE@Uy?K6pLOF>0&c=V<Qp(KpeNmtAYDtz{+SP5Jv89c{
ziAU-D8Q=R2R=?j|8jzWC*?QR>{qu=g>7!aL>*|!xz01WznmJ>kRE32Z@_lAul=nqr
z!{xr>C}k`gc~$3Rwl_A+VN@@+Yfs||Z9JIIQMMVPoVIl9i&IA>wiBpd#3W2=ljM!i
z$^{>TWnh<D1{`}uWw+2c+*8KrYx_ft`XQlc@)AUyLND&l_#zplfShkSo^$3~LSxq<
zwdiph4jshZuTP&4onq;0ZpU;bM;XzzXssg&DN-W+mT1$jI$3C)b-!FVF0rf``;7T(
zxvymBkSvWFkCJ>FMb}u{SIhvvPIzSGYiArK>`SBiuDx8)9#pqhd<=gj<pjESA(kf}
zOl~T)>tO(wnh@?e&F%-sP)Jzn0s4DcLXuVmL&PSbegUREA48CE)3{(V#s{ol&q#2p
zy03ZSpa`zNwE=M-DQphv{mr3_Ax#3?gFXq%gF|%7--FIUV^yat+MTOXH{ixx#?;kZ
z!?VE*gSx0}^~3%^{r<qVNHJAhTH5FGxJu<H3Xw8sliX;3t88%<9Nr%omZ`@)x!@>H
z8b~UV^>_}f8MI2iZj|(&K)b%hujQ$t*oXhd&ps8tCMt>RU*L8%3LmNE1okg6Ed)9I
zTutM5VXnN!emPF|6sSL4-!b~>&dV}%WY~OhC%6LjhxUj?Bn}~NP0>+k6*HH{zQNp$
zJ`FiYV7w`XCEbO0d;SvvT9$c{0?Lc$x1hPPn^K*|rY>^$D()wxx=^TGhI&zc$JF?2
zpz+1~FS?kCWIBs!eW9t36IX+AZ@KSCD)rvqy@EmCZ)1JTzJ*3wB%PQ21bk_UKfm<k
z#>YYi8RFGDXJ33#UPB-3%rY*i!+Wj3@y^RAFop!3JZwCFGf1cp;>)Nv?|}Q<6sS8I
z4aZ+}hCI(|<EuEU<)3Gp@w0BeUTC`QX6`ABYLNL)n#0YyF&xyl4aO;t!Rh{eUryf8
zYdjUFm^MakuZ7#I(N_D&mv9ee=c<i$4-fz6gSx&r7;(532oET0KMUTg*+J}dIY`fI
z<F?fehe~qXl+0q=jZ?YOp?3pfEb|~zmHrf*al~K2v#em!>R+G{RH%(eQ^Tm{?_0fU
zF`3=ICbLq0POx8aIlun(%jSEIF>!HKEb3XGwL^ndRm{|qaNUIc6Y*0fs`j%<VH4z&
zyn*Vh%hHgP4eC7s;@?Z0EPbr%vey^pbkF*p%s27FMs?|nN*87q-C}R~=@bFn+56yi
z!_v0~44Ch+SHskM@l2^4Hq4f5R7*0Lk8#S-T$)JE?1mwE6Y@#X@rj$av#B?KNKK`f
z+8J5B3}$U3tTehuz5cDL8)ErL4>@B~0dT%~Q;gr5FLmhi-?ZpnureP{h~v}y6wk%v
zgi@xiY_H!XW<bo%CW0(DJp=%r=7OU;O*;~-qo{eVUaU+PyZ%-_)}MpfR`7m=>3<f8
z?|TF-sc*DRZ-u8^YsNEqYaA3Bb~fuJ+Fz6gW<_odfK(;(A*r-*9&joWj|Gk&)NIxf
zt#p19dd8Pw3jD&9OTwo?V=)EZP>iM%7e%>vkob`yXX>g!a|tXWx`8@AoOZh=kZ}qu
zSe7x+dGRpOrvS{&+HN{*E`Ds`bc8nvW()l7E{^OeiEFoW;-UiBja($#1L?PW?}xM9
z67hYQpyjki=XCg(5xyDfMg3wSUk@u$mlR5x*7ry6e6xC1F%WU{58?5CsEZKl>j6IZ
z6vU5!{6sDp8nqJJ{I0v9Cfx{ucW%}D(#WY&+1WRj9wFf?AkprlVcubXwamNuFM-h6
zzp%A9NWGocb;}928>lsd_8>A*!M^g)Kn2S~C+>$>Mbtj@dw~;UazVh(z~V-iB7`_E
zr9w+&Unl&1UjtO7G=jd&-NhJy3KEVUy9ha7s11DNJEw;yiR3Rg>Id2OAJ?AAxr>cD
z7M|9nSn~8o9f&L@SxYzOGAu84V|cKRLbQ8?*mOPC3#wae)2P4ssE+GC!tJTNdkn?6
z_Wt4UuQp4h77}%J;E^nbPIghl#k#%Up4o}IlYSyicwAD+v#)ZqW#s$;0uMQTgz~Y%
z7I)3`AhE)N4RQS-j9>qReJ+pUeqNOAn_dIuKqPsc0{0Tck0cbKIc#oGZ+t(Z%q2XR
z^es8z+r+J;Z_WWsM#E0j8<B+|YjCQTe((+S2i-7)bx3P5QFXPGD(=n0=Y2va9mUD0
zK{H`?$$sN(Jvv+AI?<W?A);?}GFD%_1P*=MB<RtmzFe$dXy1tCDX#7T0<O^)B!*Wm
zSN`n;&^g5{u{Yy|Lp5NHumq6C?`}0v7VR)YVwFv9goAh2XtdP?t1yjga$;iQQH|t{
zbRCya7@`E(fqFBoTu-TS2gfqJ+xn;Unhy;3njgo&N&I3`vO1z%i=R7S?b+s*a_hsT
zz2vJ*F7iiTvzsUM;axo!X5Jiuihgweo9|Zio^a*HZ=bQK@)t}>>T1iWiecr^doli?
z`FHU5!Uab<2YKq1#O7&QCzL?5iljK8+Cuv;u?NoF$Mv@fUdqq6V^h1?laph3lX5DX
zNF!9FF=r<4!G7GLx$qpRPWVD0W*Rm8-j&>`*<$j@P!3wF(V@jfed8lJxpLG(l_qUH
z9ZSm}arg6gsN^|)5I|}&x#Q8Bxikd8iOS4evw2)nsqq8%f6j_-69`!baX#!CP`=;#
z`3e;yen)!8xecv=ssiTM&inW6PEHsgOi&sZO4_MQ&xH=bv3ykq4~s#yckS-t1jrww
zR%@K5(w>cOt)Q>WY0bNuJDJB$KVqLp@av5aIA&o!Ul9<Pq--PcB1dJL-TU(jSH?!E
zoq+BFq!1ZW_I`Rkx{GR3kCnpOcwqKz^!lsNzd$mt69}U47E7A`ZM<a_KwaYjd!KW6
z^(@Iy^19hlBQIbu<m{^+)+C9HGudbzX5)Qg2CSVf5=+XUPvf^Z@i)jDkSBKL&Lh*4
zp6lHMq*9h^pSSUQt06(GuTD0&v&nkruP1pMCfryOmzyXAEQs@Sb(h!x6inUEKz4xN
zQzT=Mw{fS9@W`wsr&6Zp+&uRrKbx!1_4ieFJncwlCtrWF?S1JPC*5y;Jd4h7K4$h&
zkG<@wB0*&C0eALDwefQ~0h8HJ5_%Rat6XMtF>^VKcUPPAQq!ilC0@zCe05pxN=FJL
zS1cMCSw#Xlg<W10La9Y2#cCM_>BsLF%eJ55xji6WYa-l5(s43$GBbgj^RLfz@aPbL
zet`xGPAH-Co!dx9Ll6f)%E=`Yuxuo$l1}G9yK)qdysbK|N<~OvT9UxOT6D3dt1Z;@
zrd4*~^4G%JLP4wQ)%#(KZHry<f@^u}8~G7T)9WvJrl;}vHX7h@M*^xMem+BA%-4U;
z?=Vsk-1U?@wgboAm2yAf7ru2J37Ai|cQ$tlvbjYZPS)k(3A9MmWk|55l0>YW%Aq*-
zRJe&(jGA`;4DP@RWzn`XthM9b-NCKY3AtR%zM8h-8v2`y8-^MXe9CR~o}ka_E}{*7
z{ni1DLqwLw{Q*<n`cvi(w*3Ul-E*VGg9U@_X8g(7DP4Cq+w)Uwa!##$=k8VtoE}S&
zl*08_Sr+~`Jn^=opk;*CVsxQ{T4`&FQ>WxJ;f#4__WNb&tyfkedFrnITImZlM{Oq?
zCwkZ-O6(d6du_@Dz%lTWjzWZaryBAjcOk9)=a1~2lDAmZ^h|3#gG}Q|LecCOpsSiv
z`J}+4O3|%+E$p}U0;|12tc}6e&k*6C-}rmNiUw!7R!MrW9b;O=07za#r%bP%K#vb{
zMOr`(>b={LLprrs)pj!LJs0g@+>BajQu8DSf#dIg_`{F03Nj;TS%Vl|f7mS6!8rbw
z&biCnuvxbDiFbR600VWA#ogL<)-S=UDY;(GIR4?rulss3hwXpI_K7hPFFowtTqOR0
zFBOqLUu~it5W~>de5hHa_?lCU@=)j_ElBq?_u>8B{F}Mv$TS;C%0n34EhSlgGSp1X
zu8l{Q%m~-;FP!^U3*k!V+jhMtQd6gzHm8gGsni7g>D?Y1E8?B6Szb_?r*VpD74ZEN
zW!yh+@gj4XE=ii3XVg{GL>@L>iqjB#Yh1XLn3fO9^U%4ab4N5PMm}uzIJ!}4E@k)H
zj+ZNutB<I%bLHPHrNSiiWc$@VkYsaInii<qywi~>hVlNR^J2G4+9e}&70ECSVDR$L
z0Arx%sCxn}`TigKxNQ+aTpZB#?e@n;i5adka*JKEzu*|tYZ+h@n>VkI$AY`ybriKY
zK$Wo#^vy>WorZC%gTUFm-`?6<G$!XpY5od<UAmDm^1X|x7PzY+p0?kg9X{TD=B4HU
z7@m%7P4;conZN*fmcnkN3IqV`>mx*(x?U}B-_-ErG|Vxb0u7}nKVskq$z-bnGu|%!
zJ&M3`dh%Ss*30oU#kfqbu^*4Md*<h&!t!XOXd$lYK&8$qlV^@3x(yv_#cOxmsK%r3
zcF>Wkddl14ba}zyHhdH1bK=iH0%wN+ObOHN<3ev24hL&=gSqCI7>@>xRdZ<X5MnI2
z{1M;2p?KPE+Ng38hx`$!Pp4oy{A0*)`+C6iY!LGL@iuJ-J0z)Z@;vH9r8)RD&3-Xy
z3bDQFH3jIb2gYLGd@=-p-YEE{T0!QruG|rtKHD>G-);x!#bT5L3@7D&{Jg<pr!uzb
zTkmz%F}tu+2IF`^#AW9wc5Aa4^Nz-n<_nf^cZP;3>HbIC+nLXW{dJyuP3hN8<}}tm
z1)o6snv@$QMMVzpaR~LClXLsA^t31Hh#pa~gt~=@d^#D*@#(hJMIZ<wiis&O3pFFe
z!McaIkkuP^fKKhm!-VQ^(lZDWvFssl8$F)quoma=Q067;6R%?=$|6U;eb$zFJ1Ry)
zc7Wq9a>JCNpE7bEMUmeJ?6p$6;5IKYM5fRCkts;n|1ezS?1GkzO;@ly7Wr@b$dyhk
z_c@eKOig{YPt(V-{DCG#BMx%Q)7x9qT7lmnrR&kMnH)wvGfuA{xxclsItAWa4@=it
z)4JhbY+Fmh;N-OJwX{QX>doF;TlN+puU=>5hCJ0bl-EpW)mOrkBp=3hcA4^=zY*w!
zH;3h@dxG~Tf<rgBVlp(TzkoZBiVxaBPw-;|gy3<*_aApB>X>n$Z;a$xJ-LwF7vyKq
z{MetTs2_Lhpupt~jpa-Jhy4*(0j<-Gb`IYUQO_ueVI`(NtQT0$lLyWD)sC|uFLdRH
z;jGM>xE+AfC|V5py(5McfLyftBN7KB&m0V1m7r<-a1KGy*M85)Qub0rj*5|zcbikM
zOV&Ie40~qXFItVA8k+z5-c_<=DTOJ`e7V=k!pi17Blq^)$Yzg-8?`!eC(Nw`P-s=$
z-AuijTPrS?WoWWKAF=(@ez~wO9|lubn`F1DOo310BWrgRg0Bu+qYmaUnB9r(?z<O`
zpz?1PfZ^BoTN9O8br}~H0*~oeSj-}jQb(pfzW_7STj6vNugd3wDMIkg#apGIALjwt
zn8k;KNAmJkg3EohHwH+rmX?N)&t<$UPPR3+ym;Ml$c0qv0b=&L6ak)*hD|7k2&iu~
zj!tMRCoAEvAdILQfA=nc<fiV(hF{K4Y?FKy8%2&vyc6}vy-R3o7QbF@R8geSR;kWg
zXmd>d{#!5ZhiNuF6LW<dHm!1sa(-aT+C2#^kKxVn(%j-n6Z>^0?bYX9;4xggj%6Jn
zG*TtBmEQHB47WImLsTXC27ANp-c+MzF4p?kWS3|0H6&w`lZ)%E)ZiwXwEjh3a1aEw
zlcp~RQ!>Bul~7%|u&}sj#Y#>uFSr^L%54&YR0f{wv@1rZ<LePySWA)`Z>u^Zt--44
zTU=<)Rw*tuDyt!aIQu@BJ6by^P>z=tH9Zc=RQIF$RY4V7vks^}d!U$pm^&65>iT|I
zb+SGCNBEOBH|_)Lc#1g9(uLw;?Am;!T50I8XFmekIbskYVMSkNvsbH~c&fNRyo0b*
zs^y6+L73;9Kyj-v<b&f>Xd8QoT9^MBwRS_dWSnruZmK+fgwDv8r;CJxY2g+ED&zqK
zoH!n+UOfmB=2Gp}K^P=&*IEMR0$p`)E;S2%ccHZYv02GeqR9H4?5A}r=Zku~sYiMT
zzgJS2E_C2@B7-AeQZHnu#1@bsn#ZuOZw*fdpSpO`aR{`8X8K{-YlKhNe`fmd1LR)I
z)a~4=_?SiIY`L%!|0l5}{@z)<WoTTqA{~rliuVT|jJ<nVpbAG_uPaV)k&%rTeR|~+
zX^BFP8;`o96w@p^t7)7)%JALk3RMvP4u^^-!eHeU2f~Df3#o!_PV37h%K~gV20@e+
z3df&_&9M(G6VjDS>(puV&XJU^!@_5<9bjUg0Oh3zKBK8ogvyFyfN-R}<x0O>?Rpsn
zHfznp#;k+}RE&pT(3zM7aoVfh@`Uu|S0x?|#xhD$uQj+89RLux1jJ;kjXw56UjYVq
zVA+~vZ`wN_z8p9$M%QspXjM9*SZVl`2|Dt6RM*Bm;RFYs!ABXm&@77lf%z*<VtrKA
zJ2o{$>62ES`{Sy_YIyIxtGd2f1xK2~p)M!*#U0&)z)mID$fsF1_LL^~jkk%I(9=5U
zj$+^GcD=)Yq`1ES8yVH7Px%W6Qg9BpCN*eJv}Ub&loJRP8I>+=LI-Ge-MrgODvnt0
zlfU81o93_Ak*?6P;b9`mBsWzL+<S!l_A^e@mg(Z9aR}`6W?VnM2aE~sJK<hA{4gji
z@`w&sO7L7~dr4cVj{}YbjUtW*ruB*T>nE|f=11!0qZSX?fFt_)vKN@(p_jy-J>%^G
z7+}~&8Owtgli(Huh6jgc7IVtfFc_t?RjKDce5X&cMyu(jb;i;VyG!95s+2PolUnaa
z`D6`K8gr;9H3&60s8WlU)FWI@R$l#lU-3YSIX#{ZrAlt&Dp#FUw4bGsm2S3=!^YsS
zAzx?kw-cCr9;a#;)H8HFnpc8mPN-|qtO8W?V+YWYp{qfVz=*MEoWKY2W-P%#;Fz`@
z<=2{N#tu|`x31(G_>~E-;M`(*Wl@IAr;LxC$k6bqixz=g3()xO(SEyeCNDX=P2HY<
zaXJ>i1|JD~CX$iCvi^Slmk0~6fGF^c9Ccg##S2w9g`4{{&7G$6Nx0@aJlXQQNS4)l
z_~K1aM^QF%QxA#wRJBX(8YoOZeccdy#R1Q8B82MN8Q1tRS|Qmx4NJ)VT##lrX=FWd
z*mdTmsQ~Z9?M>)Czm3Qlpv<5Sp+hj36*)b>`1|f5v1C7J)thNhA8fbgBbK=Zgll5m
z)IAuY7@6p{*Hezzt;Ub_bM&F?ofDW>*IOQw=@Gx6;Q3m}G$DasY5k!6&<27iO~S{s
z{vLEIFoJL%?t;FX4?Z3iwAWf8doDbuy}hVC1?utWTA?AM^MM@FD1{$UH@|SnUC~60
zRth}XO1_akXg!R{{vA&96E)3Q(%^M7Fp+<`I#J;C{x&wM|NVx*$YIa-+G#x951b+r
z-`V5Q`TeZP^ZicSC}r02*sef|%Y$FUpdqK6MvvOXjQnd{{RRRJRyDOS>wOuT$Y3Cn
zNN<5v*^0Zoc<zFl5|)SaC2TtKw`mTW6Fo?`D(?B}(++$Vvt%QX#Z@K++o(kRQ0F8*
zFVrgA-09659Z1MZMIL%@l|6L8qWQ@15#(~^Mn#68EG|FFT^~H|lQ$YHG(CN*XLcfw
zvaPdiGJR{JyG=kNtN$jhEs)91aA)4FH(QJCMq1ai*MH7b<zJTm7YXL-ktjz|gm6aZ
z%l!G%V_%UuO?D1+OI)r#M)iO!Lqc43p)kiKBFUvMnErHG@b$%CY>4S@iKsq9mvFmo
zg`|~^Ck<0C94R>0s->{xp}z4x?g;qT3$#u*XB`*#Y}DyaH4}8$&*5pR9=SVy;HH9!
z+eB*NSJRPcrF3OgRNwWBV)%`OT%S0-B@g=}{n#%IZzdqUHA9SW`dSh%)*MizcrHxn
zUA-*#`JQjXTl?1+Za?$cZp$rcm7i?j4D*emaTHz-NfR3g+un97XJF}PA`qqvc6M(d
zCq|3DSyApl7u@I4V@zOmiybjo^Dbw-X{4D{7BU_q8+aj1>W)lv*Z|2Z+c6pKhiTTW
zNgGq3chz$>;0q3^d{x;g%;LZj(y7;)*%-*A7Z&f*SGMsAH|K$OU}-4r*&SstjRFp!
zl<(|;F3MhcCou_{E#mvsRsishzw^o4WeJjN_yJ_C)jJ)osisW{Xl2G~n?`|8xUzK~
zRs5krx)gn_HA5bgo+m}?O7dGBH|G+Xv={WgZGS)1L(#Vs>?mqwQ-YpQH(D;p6x!|(
z*&Gbhcx+KHS(RI|<(_Kv-tEHX8EuC~Rj_u$^lVsYU``ihX?b^aJ-J=4HhA^fyF>xM
zG#dijvNHQ`ZAl!8*Jn8T7Tzb{h#E^<IM0z3TRJovn#!Xafny%QcUD_QRO$9YyNl#u
zLSjSZ5#jDYmndUmJ&Ph>jVu+GZMG{pp>#D2_^y2p#7>{bpCsg4PzWb|@wn-NiG<Rd
z>kK@7*WFcLGmszRyV@a2J1A*icLKd|iRGZwC%;a>MMth5P^I&aC90tFvZ%4YfgxQ&
z_579kq7kY*Vb~=R*1y$5F@@3$zv7<Vg+aHeL2x)(vYE3BvZ&L)Asr9Eex2*2#YM2#
z+G)=^wh=KjLCM+#Uw~;WPKXCm<X;ruy^J1`<dMbFA^XgjEko|M8wR9ZsR0Guop%B`
zzpZh<dJx&F`YDh?!1><cpoTdz+H_&MMp68pkZ@WNar|7u>!O*MgsmkFoZ$@%?VC_d
zT{Om9;R_^3&1w%4Yre*=(NZ)b1-&Gi(?l%kU_z=(ER*5AfLJqhH#UpA(CXL~LgB4p
z?X8OAC)y6#pEz(*tm9b7oWCg}{847bC0|Td;>^~jvemP<MaTrAwq6`d91kA^1if#q
zEw|fYqsqZjwc=E=^qXUM(m=*6E2QK_Nt{5LERDu?u@FNv>=AeAwLSRiR(f94*Y2Xq
zClLTNK^~zKrgwZMruF3%WwQW+;*fbzADs1FG>{j@HlD-N3z6f^>Cy7!ESCIvO~`rd
zqZ)oj|7}%=+Y#Vh)=ZdYeM)7-`Hb%nwSic~J#wdDUCLyyyN=@7nt>fevF-+HdMRK0
zL0_(~9be(cCd{NL@tP>njv#{qW7Kin+j-O4<oaLw@*6IyVgi1?B7`dIij|(REERQx
z=uex~7VpWK%##0-nVTiQ57SQBmzj%k`^AzOcJ#HBhW1-qx**`IqYi?BE#i}*DyZTX
zwJ0&9i_5WQ5Is#D=xKH-NjI|ad(UMsazDyQ;C>rr@=`9PgCkT&DKL1BR<>0Cyk^1~
z<!s~k9Ks6+$U>-k7f(<hN3D|M);w(Bl14X*Wm0VoMr+cBYlSlUI)6DHR%QJ@o9fFj
z1yzO{M}=f}pxFr?qt|^i-zkIZi8B?%mDP?S)??Z^my++&Z=E-{hJMDns@|eOh(~!+
z1L8rp(n;C*lI;}vl3TkZroU~DHwSwl%Smx3Tah*z-_t;p5hRjsc1|9ConqfGR~cn#
zYG0t3x8<lM)|ZliPKrI9u;dw{+<caL8=65(Y#%Q-WDhyui%BZ<lIRQIauqT;+}t}1
zI)n_Ja2OP!2v7RVGg<_AY2H3w`q#>oBuh@Pk)%EBFb*Z?;Y=FA1%x|Q=S%8rvXY?l
zF!hz}E7c?##)_>G{USVUz6OWMHitE34$8>-@kY9RRNzNl-cUVUW5TIKQ{C=@blAFu
zw&#ULzy93F@}Rlv+^RHmf+}Nz0G&ndm2tl1e(|D8>FJcd&-OzTjz7pBv)qf4e4&DQ
zjoTySSi<;<t&*e<=)wzjb>Xegxo@vM-)JSRX*%_XF#N-B!tfmD`1b{}C(zG$V~n82
z-kN^cuSWT{-dyjIv!Q4d_4T+tvG^7*l!0Z8Sa!H}q{mTAD#<fRjn3*UR<u$|k9+5W
z9VbYJ<9rexBv(G}{`5G(RxSXp_1V>LyHL)+?n?SWXXYP3+b((0f1rg1+ivaibNl6$
z=WEZiUGH=aKS?qRyWeG2!SI#*)jQjxwffJT`Hu1Vj0YjJbEZISoFinSMWeWhrRNbp
z?3r<I&27s+^=|8j8Gg`>kEmAggP6EvO7a`E){#Q_)uBvsK;88|{cu#1OL}8){<-*R
zy?X`;DsraSESFyy@n6<$r}rIFoof`!I`;k^<2R)4M9`}FY{`@SY`*SE$6k%|Wxsi^
zf_-h1)GY8bBw2}iQLS#_wsX>Pj56vHQflWDg`(BZti}o+e^!6%%abpls}(1}#<{2N
zC#j^1V)&tqA@)NfC5v8>LHFob$eD2WH1!kcx!I*23+=cB(SWmZ59I|G1F89=z9mA8
zb`mduHnPH9wolR<*e-X29HSn2_5`VFjTxnXW?Q(aMPmi2x1HndN&Gj94zf22R6lu*
z&$wrYq&kdzd0m3fSrP|8)kL7PS*p!-Y9lVHzqIAqA1j&3P*em$JBofZ5_9jr111A`
zFKqE&1Uk@708Fce<*}x$hRW4bLnTQXkW_zTHquRdrsv~sQ{(m?FqrKRRO3FFW+M0n
zHR=kqiUOCh98oP_8lKn=(NmjMoqqJ9ckOJc6TaX#>fGk5{HsU4%+OHUj$2Xw6eO-9
zMC-OYrNusQCYciH>M|`YuD5Mm-*B?B{G2L9L%`1>k@PGl%EcJp#7Ke)TLD}ZmM++d
zwZEIlQZe%D3sKkV_D}n2!WAZ_hUbKhsu5RI@m$kn>2~9A$$IFMArSZ^>Z~iFG17l$
z!(hx2Kb}qF`=dD6we5OvgQ%>@Gyp|Y(A|C47c_l@eG_;Bids2pc;~s-!MN{bnp}4(
z7)xf{IJw5k=BxRnRoOn#-@9IZUQyDULuhU}|05Q~ioJgtCWBmAhi-se5jvioN=5V7
zdfD{z9AXX4tY`k6x9*TQmeUXH<eLNttGFcv5=mgYtErgy@Rau*D%*a!Dsro1Zhf)j
zf9y5b&um>vlHjm$Zlil0-b&SxESxR%Y5Lk0Ewk2bdLcbY{K`<%5-Z*>LNknaL?*$G
zZ4N)dI<1wLb67;_uBZ|Vfx!3ikJp=z2U12IX@Idu-9oa6$K_Vqk2O#0lHubf;bxU&
zNc+BeI(1_6)^dXI>L#s|xcR1wHW?OerYN^S3pH4QO>w1JdDUw*9(uU-QIm^n;kyk?
zad`Psy3H)g#cjsNe&OvDjO4((TR#e_^?2(@Qi_U3PTW>}kOWcMBK18C6>0Nis7Y0D
ztmopwCR7)-0K2~B)KzA$kKV-R^m1^{`u?!gOF|5`h81*ni4I;r=G9&k6H<u=e5Z{i
ztY46SCRZ}$8B4}^T-wZuhL)SK6&Xm7Nqtgd)PLn&Cp96bXuyfL_6lMCy}iA+mKGIS
zEI^Q7FS$uHUi2dp=Gv?=%ByEHYQA*#gA%^E>hp2AH3zgBi+ZK%GHD1VU8@^5(-@|W
zy=?4C5007Devo7sUtZ{sg?35*+1~DXXz35^Q{VR*lzu{%(`ucgBj>|(F|!TT8vWX@
z{v;Q%$Qsd51VfcmL5&w$l3lqX^j0n}kVU)Q7MQtbEp;(e{PpVmXd#UK$WKk>@}ZE+
zR=i0Fa&#pD9OBv@NX~3=I#3r3$Zn+sM<-lWr@DdhGWG>$(wN}&1!XmI!aD=8n}l@>
zq_iHa>B1!IMj8>5I&UpOj2>M3lsnAy<FmtCymB@Panh03B%iO9-z#9%D*^9Qy$?S_
zH_ZBb&nUD$>|4EKg}=jQr4JSMD~-cHX9eCK=O#xYK-x$!xZlFw!y+sp&*@{WIiKB|
z9>Zqr?cOeM_DMctV#5_DVIu5!71s>zxejc?$Jdv|o++0w)=G3RnbGzX;ZN^V6i?YB
zEQApNjJML;zg&d2YV`gx?$*rwPU3bO*ST9q@ac6E>uNI-xI#}pxaYN4=$x{N9lzxk
zJR5|Lb_h|4CceSlYk6l|zFEk;&(1<yDrR#!m>&_uL*MnqW#mQ^gf^$HmkCmr|4G-o
z&2Kv+_y!v#e^*qRKbM8$w(hzt%`XB6!d{Og!I%V+cJR7EiyJx0i;%f(7P%Pd|7-!8
zuYR|?rB=GWp15>Unwz|9%sk{Nug>Pz-&Kb1v9oHIAFq!$t5wrTS7jXaL%3L?`&_Iu
zzPciiSayT+HFaNZR-Zs~yB1yb+Rd>0FFoAp&9rx*qkY~uV)R2u4IfAFYNrV_fupJR
zyI?zH<IZzVs09mtJ%8Uzgw|fFzgmC?9IcUFt9u=2FbqAMdV8r%8xk#6+oIeG{x{v1
z&NpxBqDh4S=MeffQ-)uSCP*69v9ku37u2UysD$qMwumLIlpyQF@VE8Z{LV5r&Yi4s
zXVd)mHHmi<F0_|V8>KRueTOB@64+UF1n4N*f8+U0LR~a9FR{s%FO>Sj;?cU+bBk<U
z8+BE;uG`(Gc=W!E8``tv(_H;cHnmTu!}ZUh{50Z1@B8Y;I1iGqeS}PQm*f&E;y=AD
zq%U(oC<OaVl6p+Qi@F706W9Tn#*Es#Mjw0JhigdxUlHYmsxUZz6$dtv9l;-cq<-}3
zcV)tABBu482#$1=3^Q49this@MMd4(DRx#Fsz3G<4Vj}KK(>k?tT7C{mF|uB4pHxS
z9(G&!-dXrs*k>Hn7NgfS&IU5ur(e2KJ@gfCIYahT$7ADjpWGKc-EsFx>###_W6)39
ztSLD9if~+iSaBH<s+H~&diHvYlNwIt<cF-fikO3jI%JuxSe4|+iDgjFlSAKmB){~a
zGg7*P@_D`dTZ>wb2B?nDuHgEg#YrV`1?CCnKJ#QJ7a+4DL$&4kny3ZK&553U#ayFB
zx~$*DRy?GlI~`=^Z?eXHc0D11V~~SgSCpIgtiCH_$9gu0h_2`oUsD$h0~#2qkI<es
zDH&!lH48W=pW5LN@4Xhb+4Qnx=x%-Zq&Lh30;X#rF4xJbeLB?v#~fOCrtw4&r1IJk
zP45a)#tR%Mt>ZlrIjSa$;4Hf_&sB)7X0C$2PS&n)3=sqwKJN4uTr)tZJngpgLTima
z-I5e0*E6>jD3Oj{A;8|7TQdmk4b2@PihJ>{-p%?|NM+roZp4xcW~H1bJ)QP1u%{nF
zj>63#?hYhca>mJQgh=JEzjJ>VaKueQH}C-=J(khxrbVw+90l;~Z%s)r2`qiPGv!Y2
zJ(G@*=$8R+6O!(>cDg)UPBaCB6d!Fb$Zrp^7B4he<5%s`IpIcX*-?{e0(;Bo+sR%s
z_)*gRAKm-d^tqr*l6;RF_8~*Bwp*ibO@+s__ww?TMQK+UOqLYGR~hv~hSBuU`&=G?
zsfVSvtJTw4r@i^79v}=v0yOiUI|*DjXk;~=p(w9*Q;|6Ym-Hv<-#L)GGB0jNqtyIL
zI|O&+=c<!vzA33x*zZcw4V@o%VU7^KFq@sw3C<e6P(Wh~lA%~mJInEM0iqE9=hokq
zw6QxP(gdE8S+DyrwQ%a@wDn7VSd=?26DN`0pZVtICPHnqfXd?m(yHl!v2@cpz1Bv#
zNHZfm{F+}1fWp*M2!7h#w+%D0fMvha|C)p(UO7E03L~TDR)<*?We@Nfm3kwDe2$qU
zxYob~qoJ*(+|qp5piQKYmAh@5*$b${jFM7vYNqF=k-u4}3|d{JH*r<T8iIH7>+OyD
z?Z=(ViK@jlVGnB<hX)}R4JIZ?uDw_VmB9ClT938Ch51pJNp6_X*Yj9QKwIP0`@8`|
z-OP#3%FeXMJX%;<3a)4W78(~}-%0u&DBV&$FiLY{)@CX{P6NDv>dJtSEa+f|xC29L
zGrH@x8)Y~Ar>TO10$GQi(kZD~;4PM}ku#51sTK_omtBi#FJjn}BRDDwgBs!8)mS8@
z|M`1L|C=VpndR&Q7=Bpz`l7ydCMK4^0)E>Lc^lYyZO5?@z@+Gw-!cqo3@!FGgTDW8
z-PR^zRU|m;A%DF?tOy@8EmP1XH?`7!k3hlZpv?#<1U#~4eL)iA>9`B}=TSK>an!<o
zAs~C<rFPjCg52A;zVT!&_-qGQJL|MhpC-JoUZdo)ZJU~YK6DRw%;$CLkS0(r*vkhl
zZz5!3@KDyW;xB4^;^{SI8rjy~J_;Mfl(*H}Bh-7ldsJ{#3!$M~jD=S$g62c6<8HCv
z(<fj=zj_lIv~NlUv3bpuuo}VOXj*H%v%Ru#w=RWHPje7aPty2{_}{uf%zz1D_3OS6
z@i)=L8DnCMnk&3B9}X4AM+V)$?si9x<tXV~v(o}%D3!^9G*MP~YcLgK-Kd5DGT(01
ze~or-5GxAF;F`l<rtKBR@DO5HPY2`M6=ovrlZj-}u{eZbxrK#YrbiCOs5lP6kz7t+
zIDb&QJ=r*<L2w}oe>M5o&2=Ci{LGYlTn}QP^==TdOjSg&+0T0RZo$Xzy$NOTR)g)V
z+RXs(*3qDHci=48OntlK^W?dJLV){hovD5Ew2DbEA{!EPl8p8YNflX6nNa43p~bdX
zFLIu+&bBsHpN9tMwdN;?f&120VETMcZgEPH{HGv}+ksZmj~Ha6<d&C0+KVbnN0CBi
zCsjm55P>(YIiY%9ofkzxa4g;@S^OrqYsG}0P0Is&_$CTugQ(~UU$;@oc@{Yfec~^6
z2uMs}{NAze63C&Jzgm=J{*3=gDDXImMKiCVxF6SaX8KG#0}*}J2~#kr!`~#tnX8>1
z|G149V$lZb5pYnB6Qe(Iy|G^#n}V@_l<%=TzRn`rokFAqi|AUg-K_mYj`yPM_Pqd>
zBbQv*Y(MG;{OH{t6xu2~&Kpv25w!IgrRBji#(`dq6mos};QLwpD$0-}3ejT?V-(cT
z5h%%7bV8f5SmukuvoEEaU8Spbt6Rn6iAis^62?k6-<{=LY=wJeG_J?sd_ac5Ts!r~
zF1QAZb?XO00{r>QN$DM9Cy3va6;c?#1gDHg8o&J?3cnrgnlsCZ2B(?OzKy#P9cC?x
zQuzT_`51qaFK`_tN4U0jXC)rAP4^+Ri9xvt!5(=6?Dd7j7ub3Z3}xcY)}qH}2i(?g
zwU@1dvTW=76qvM&y=J?I+^AD{0t*V;C2APb?n%tS^`NTR(p;sESpA}Jdl#M8hIChk
zjs0&ZR8y-?uMgM0T<2rsyPB<Y{i39jo@kql{S{x^xdD&z_X>y3cKfVtgUM;Ik@7lx
zfniQuX%+{~AR>zW)B@)<qD=Y`FTycId;RkvP@X(N{C|E^p6t4J(M10A0WMIjy^_nd
zBj-2BHp+}nu<AI9uLq?>CLfkNj!j0@pXcim^(EkfviQ1aks~JI#AUv#qY947EYivE
zJX$|FIix5VZ-{jGe1vg|cwsVf61ph^Y3IEY6PQCj(WUFcq+P9|nIn2ac$bDwl*%7g
zr>L%MXgSqtsHoU#E7J2p^!25h25dQdDJrX&KIFoliaU;w$F)6QjK6(g+JCC}e60j?
z>vavtVXQnI>UTPV$ZIy8Km@%&U~PI47cDLV2_DgYl-tG4K@XUm?p&9@A@)$9gI<Re
z6IUir0hg%t$ffU3583+FUpA5(R^%2f#6~3!N2#BW!sQl_Toe*L>#ZEa)xu_l^d$#Q
zHk}YEO4ZEI(4>|StwNM~4=G7khYtG}eLLfK55mpjGp|>pE)<k;YZs=i>TMR<j_W3x
z>SWV!OWXP%mDuN$(oiC$gv>qP7z(Aoaf=W_7`Ou@n>nY53%gt^UCK^d^@`XSI#;41
znPMy%Dop1nvYZ@SK)I^UV5F0C>mx>KOZs@|kZNgTAgx>#S$qPPM=Z)kC*iy#|D8%4
zZF)(Wb4=hX>H8y7LG5DObIzI*mtf9rcZ_tv#u$Q}A<EXWQhY9@fr$ov!}tmR`Ua29
zU$^ru1LX8{e+K2|3gfsUgfi>1e-s(JN5llC>h18}Y4G@eUMSTx6}bMK+1EMYY>h83
zI0UK|ruY&Q1h3-aImx9rj>_Js9)`9Wi|6tFZ|d4RI>74;^b%?e+v}y<MpTLQ?5$XS
z7v8F~BI7x%5^hsQ8k1CfK8~vCR9x~NFErqyTTBl&LhRvtKtQ1Kgi0?K(VO*}*D%KM
zdO79^fUWy*0-yRZD}b21Z~l6j$b*Ov+DG6NA99L+>V|NN1NZCe-$dUz8-y7!-Xc>2
zq!AO(uIYl8sC%rh!D0~7xmI3&cgC1&Q3^5b{N$K%ejxT)JcQ5od$q@^?2S6ND%k85
zNn#Mk@<$<Z_FR#`)&FP$WGdy`%1WqI5yE?=@mucVKG;NOuTv74qQ$L%|Ih=21IA0B
z9hGWMxvG4hQyJYH{foF7Ll3fHLKzNplUD+rIQTrY9RHVn%^6~{N-WP=CrU=Jm_v6Q
zrM|{}l)k1&K~mbnB3Fq(S?*$E%gO8;(7sU2lCO|`@@3k7nLl?l+@@w|hc=_mat~&)
zxcLx2?>yfnnp9;#)>F$?+RbKS3n?Ez%XE^S&zZJ(Ly6ajbk*<*0Ev@BTN9;QwOxbM
z^5CX;DT!X_uq4wrhAp7+m^h#Xolp*aoe7MWU^M)qgc=V_p^h7PuYQ}MMZU4vg;8+4
z9{xn#bhCc^u_af%S8o2dPxj&OI>bVROGfhFa?qM3`FNRwy(VhB_;>ENGY%oBoz1&o
z#K<_pRPYhOpMiD0-Ghcr7jIrA%#<20oEReRe}kr4-(<*f=<xH6rs6rjqfxO57or&X
zr7)hCAMrSG@BFhwW=g#r=MXw4mM|t-iCU5)+OsOalj^edQ|Xb?bV6xcw(?U5p<2*^
z0NOn7V@j7;J{dA~&VdcVN<(3E2dVlq{N2teJa!CHDGl)Mcq#2l_w(HC{u@r@jz0l;
zaSljHK2E~4da9?fFBlHpW|#z7QWCVxynNo1Uva1J??-ar$fR%O&Dx?xmaqG6<$irT
ze>h4qn}<^m#o0Q_3v{0_4)&HnuBe~btBi%>1LDlSpQj=HPExnOk(@;*cS3Y%{<{<Y
z8nZV<qvg&8mU7bi_n7a4tCb15L+=+PTzRbEbwbXK%wYJ{iFu%`%`Zn9UWghywHO+E
z%#d6zK9jJV;HDcUIg3P*K_gu*aM6|_w_Z^{$J1;17XPhm07BTKjVT02!_6z)2m!4l
z){sXhsnrPb<{I<fePM&IHxiJT6GZ&)%M#NPLe{6XpY{E2KS9BQi6S&mui=|WR+`r)
zK%I~OkicQYS$8)www|0ND7l_S?{T@q<Y(%*3Eycf3gZg~UpCnLi#a4vISUI5D-IvS
z9dJK+XQ*WHdAEwrs>@yE1A3s!qsC3NEYQ!M3|9GQn+W~#8Ee|{gg6Hw#5+kv3bEEb
z^e;!v85e`zL->ZHl#&f=$;v=$hTwG^m5xjI&VMd|Tz!3cV-Exqj(oC{d4O9-0sFTX
z7lCdV{colSrwlPU<wl%|uFmAX8xsb_4U|cj8v`RD5pSPfZ*UVF@`jq#&wRam&uA=?
z1;LXFym0(;PL~|g;>4(aYB1gf=tx`RFP+WqwG2<{^8xY*BMZ>quDr7uEL4*7!-rfM
z5y_=kB`ThFGTFze{)d;}1xWUcPfq1yBDpVL%Fx?qMM#mQKA_6<14o5kZ>Z_}*S-9-
z;tb+-&<D1--RyjUOh8#Z#x?lr#*Yh{w(RBKsHjx|c>CId=nO93{dGMfIGb=1@^02o
z!Tf{D!?4~5%s=$^5|tg#mj7t}@w;IL??m>V!^!dH=XYqzvcN;+=;MFMcm7+elK(I6
z8oL~Ru$&^7`NMIr;R=Glt^p7=%pmJ<A98oueeU32vHv%q=>SFwqJJF+Co^>c!sb62
zYQIIT-_XHdW}2||I?Z0KAr+|mpMBH+Y^M1yCZT((oxpp($^0qp6*70#Ui{58tnN&t
ze(>nX*X46+4n2l-0%{-Mf*sCx%Il-Uw7xCa#x%=te{V2HeB1em0~<%uUM*amH0$ZP
z!}2eFj5@>Tmp?so*}{LdCN^SlAL0H`l060B)Q5KK?fw7eLhax9>13g|bnvoOlQ@sz
z0Or4W7O53{VbRKH**>V`@cDEdsFmoGmJvzz{(jr_DRS*Evp^icvh|<45dX1XXfC|K
zBw^MZ3QoIGP0fB0!PF}qd2kRbCd^CwITE55ds~bp?ch*qW8ZsRu)<h<`a0N&ojT6)
z#|IO>b?WGk_0{gx<8Q+6fO}Pn;`Zhna#Y!cAFi_};q%?9`dy)a=J|0F)~_eWiBpq|
zUT73run1Mv4|x8uX-*hWIljzjm>((qzP7g3vtl-wfiqoQ$FCMDe%2{QjxVvYR-7h*
zpe3XmSnYGUdlpvGw@ziCvjogOS@P)3#k}|Y4aG)EsaHq$jiVyGe)<tU1}wb!J4I|W
zL}(1k-_hA2GFFX}ZWhg~^3by{s7ECT&-0IB&r<ybpB})dqm9%j@u05_PMbORW6vb=
z(mA8dcwl0xxux_!BtW+vh;QqG8<<ib<k(1;8gY9Xy5#ySCBtj%=YoVrmG@*#;mjX@
z_5>PzYdBH)s#0&+qhm=jDrJChbNQI}A&HaI{%yYU{WT95`@L%Uzp{#K2Xu6W+@rYo
z-LN-*rVtF@3tGJ2F<14&?mwfWI$#<1%SCeTBi>G7zhAJ$&_+H>4mc-wYLTh!1}B*G
z|K0I=CrUEAT7^0jrj)Wi(Fn>qRQOw;XD0?Zt{r7KF3N;9*MHp!_NVkOaGv>)qnth%
zmfeIc#mBO@Nsr^NhUmPN{4c%z_T@wA48OM&klzFDn6B^1x762e9tMoje}A!eqDRF)
zJSw9RPeMg&y1xlxcCOlgb^rVAUw;GJo<eSLY#gWgw4YJz0wX8TvJg8w9CLV2Lr#I`
zeo<scd|IoI*uX~r4&d)Z8}_5S&R8#-fLX|fW;!se@n2jo|Ep(W-D{ly53h@{rZ0aS
z!`>I%@3zL^aT&2ec6X+(tqR$bN6gN;?^sU<;rJ(`joQEk$nPIUiHn#(HD41%TOEe)
zX0U&g?{rj1B>vJt?KY~Oi-6!!XF=>A>^*QDJ@t=ob`tUIydocykB8~cc^dLDclz6V
zL41ENW*vvv)A=s$Ug1?t|4!bNMkesb#Cs1{#u+Eb(MiPq@dTpq4J5`qINKeC{ax=U
zae%jxfBd7rn{Gy8V<M<bMupT(@E!H(1%u=#!T&+~x9`a5F9PN9ziy8|%pu88{&f1X
zeXNbdgjl~{I>;+sBZQ52B_zcMaZ<$}kUg>EAb*|=xEBBG`h+6C?=K!Ec4|Lu+FL6*
z8euGHqR5;JDA@Wde|^*c#$i*g8cBqrztZCD!+X0c?|AkE2-mO`G)@shCwPOGsC;MI
zz!fY&GMHWeNGf3SpL96@=7dc|hN*`fQMgsHy0GI>ilZm~_Wr^|$d;G#*iOyOt&*As
zXHh<x|FGr%^3DWr!~g97e+$HccSVh#{`-M6zyLeZe>3F#|M^G3LGeJg3oS(Kk3M^+
zJPCQ{a-Dyia>b*F_D;ZWgzp5p>4EXi0unyK`};oUbUZ+Yl6%_u$rn!9_o~-4I}Yi}
z$nMo)|HqkRfHQe5FdY4e@+iuXmwV?Zc<{Mh*grLU_fm*3V!L%^!va)tg4X)_`mJif
zFD2!wCCSfIxBcD4{r~Ly!pr{OZyGRa!;ELa@qkR){tdRy&ZL|F-^c$mjUh(MUZ3;-
z^$7=Wm4CH=g>+GIpmYKnm5u!T{7GM%{zIev|LXg~UH6|h&1pmK#oR40oLyJ-I$}~a
zD9UJlrTussxFyYYnH}px50-8I9=;+!BYSG7H(|RI^t$?YfgjeOe)X?_n^P*MgVxrL
z*d|@GiMKf87?YG#yB%O4x(_Sv-v6#Xu#L;Ata-nJXwm)QUfDxJ^=h>4Eu7=`H%-Pz
zp`W(u5apxP=UMKbey3{9;pCGmaxX1^-@7-$;672&Z~97tv=>PCvO5>IQLA}iqN;ry
z+#!PBHX_0p?*o_AHHR{*Y9PK`-9B-}HGppvk^Jq2<WnZ#^Gl{C0EUr&na=K{b9b;X
zJSs9MjYUp*tXt-#-W))~|2*;L&5_^l?6)59Ad)JkJ90gBs%Ky!x>H3!L~*_JV(r1|
z+;GXv_=Skh%VGBdUQi45l0M<0ydb)}7<<nkMu*ggXSNEVh;Xnia);q6CLIF-?f>eQ
zzSBh}DU0s9t}i}-CI}TLY-RX^O>h9i5N;H>WdDXU?`AshKj#oLso>b8_*q*S)YQQs
z$#DT3hd<)Q2O42q!b4XmLV=9(L~Fk=-6f;w_%VmesnOR^8M?(X6Y2#t>@VYPN>_>8
zW$gA6{N&Js_Sq*K?4|-0109Is7xMk*7Pp-=6;)MVhF-Y+iH2%NfVuZI;Lo&)Lx#Xb
za4&5WF1j_Q{aOXl)u*2#scXCXnx37XLt2OKcP|BDunmLuw~uOLF;XQd>_0Wq=+|Lq
z_D`X_=bh|9$|c<<?!Ni^MmqHh_T!;U!zuyzHS7JPbI;~99i7vwGSqr+{9V~N_ab50
zUmbTi7-!%I$<*i%A}#(ulb(vUt`;eoU}nQj7gW(R>43BOmUT<c{n-1qfXL=^B#_>9
zJS@yazPiJ##rS_nF8;OvA9Eg$U2E^_({`4THphj-YDRSKsw|0*@E>o53ul!h!y2Ii
z{Cc>(ouksFlBzj&-6n=?61s{O&{EdFDB6DVQFor%RW9jY$nMV32frgY^AvIBvq(0m
zw4XHZwk$j(GPt-GgJRpt?b<%K!hn|uGmCCBw*X#$Q|Mb4G?(@pUm0w^PSLdbw<Bku
z4@+k_+N-hINdSkK10}<PU$=jekX=*doQ!NqYCCQD-7yK9ezpRp%GQ;ID1S=iHp739
zsO9z#kE0_t@LMi~ns+<F;cfpz0PT4@$#^^tj1bT97jsB0$jdd~18N2Swmi(px*gHW
zruj-Pm%NhOYECx;?dr!9_uGwNpp86UUrA=_X~*(t4onT$OtgRw?3CO(?8ZSXdXs)d
zyc`YJLyCMbPwM&OsJ<nse&9E9`L|Cnc@=iC`Si!}2`QR{5%!@JfEX~;ez{GT(_Px&
zZl%JuYyQzu))K;nO>O0;%bSVL;(UG2?{A0dBV^>d4+JN35Wh2@ePTyHt!;0SO9$tX
z(OCJuug6?WPGK8JYqLy-CN3@nwxOvRY*25cTr|$a#^YMB5VEW$y>s~8?%>4J4<B|D
z+$!$&E{!$sG$HPh(Ch=x{s&|Iy&Hr$C$K_of>_`lvC_3ihHg43Axn?JeJ{{-Gtvp~
zp`&UCuQLyHvXi@@1+wWUb=u6i5SpRm&*|7Fz@%=W>I>*cDIa}de?lqL^alFxnijJa
zr0ZS4I4#Ub&Lg9rB*~}V|HzVv_5F+FuLvb7Vt@Pn^&HJck2m{i?d8;Ht=RS68x!fh
zj{j^_qvzOlJERVgd@ciXqxdo^wP@}NY|W~mT(`9mkYfjQ!92E&ekp3Ztiq8Hqw!;l
z&<oFGer`L=q-_R#5#yUxxdEBti9iP}fGIt^#LL;8$Xv11yn$n-6NuU$=E%Msb~Onk
ze8poL9&of6s4d>tFuHd&AzA$J&{;P4D%zkS=klR7MZVc*V43ZaaY(BBGZTbRzA?s(
zfEY*wa$&PB_BxIGmNPzEtTc$-2DSYtF!|f&7`0}ftL7o{tRjIHo};Mjfb|bY1izPn
zp0@BfYu+tkM?A+E^YFKI7q<&z6JAJc6_J_Pm2K`s7vV|d=<+9-&j3-YMP`5P5FxvV
zgqfuYxH{hN$k3CP4`D0eQ@D%PS~->c%BYtuTbSeaCrmJK2wLb>I=o)GG=<rglf-&@
z+dlUY%bddk$q9Rj6=kwxEFJ^ND2C@B39i41Ry<9EXNDnxiznQI>2>It*%fg=hI=ob
zorpVi7^9pv-lIe+0_XV+SL$o(22l+p+slPrPwESjCc16D3K&giPEF{an+|)_22JWG
zf)gd}Q`75H(}=_9<;y>B;}_OGa9Fl*;IXaLx2?R{*>3omty9<cH0!cj#G;zmtK+_>
zr*utken)iwZfq;h*iKm-^KJ3UBBT+1D!h%sfnL*o`{XWzaE5mqtzE6KREklGd`Hev
zUs#)qZwgcNHvMd;7(G#)bZEld&*C&-EQE+F-Ht}bOuqk66?o7;e8P9*htJjzOGPS4
zdF!SCSH$s)zP&koDJ$E^6*anWUf3VyZSU1pfmqEQ^*t^3PD+C2zKEw#W;(X-^{1Q!
z@FX8RPAE7Hi8D9X1e~N%dp$nmtrz*Wt*|Z5SOXIcaf|G04@n2TpG1>&?I8*`uVUsh
z6lH)940AlQs6EP+Aw}mIlgl!$)eU=^lI_bKXlC|p3tXP_^XcB+C|NEx&HI^A>n&h%
z(7*Ku-39;gvClMWb+Tzr81>d|nM+O|F;GWLZ0Urb9&ikxr*Rq@N^U)Wk(fqJ!q7z!
zp2HjsOJYtVoWTRMHLmK_&VkvIS)nN<lhsM?)k}1tLsIrbQkBX6MFIj#Jf@yB(#B@8
zB_`^5TvYQEKI@Yv>p+$m><7P&Io=e@nlCciYfb%QaLQ(2RJ4QfI?!DfY46=Roqf}0
zGP}%3Yd(ZFJo(|E7Y|;<Ms>tx+o@6esTnisWiuvXLoeBgyy7A1t$u1(8P<H=l|cE`
zz<$rt6;HQP=)MZ6__eKE0-3)S&jxh&CT8k^X(e_UtN?thTV`HWUB0_*R=;ZT{D1_^
zvwL=9Hf<(d1!3D{N4PA2cdf%px%@_X|MAk9<8JZw55FzR1DmdlqIbrX_IW(g;G~M+
zB&xWM2%Wt@#?O7*UX9o$yBJn7z*M5sy%^TF8djETKao3SVe?sxDq}gmuxIv>n$u7}
zP@OD|zf~;T0?X%er$b%4ZQThqnc5r%EQ*osIks&M@|$KA#DmMvr%8=e?!(A;$}M2=
zJ$6^;V|R-;omF*MR24h9jL@9~spcvBW+?~rYwy(7-zIbT+SFOz*A=lK9l>eaNNU$O
z^FvCg;HUlfd62CK&+4N_Ho@!6(0!UZ$H%67&~*hbdy=<G{1%&i@LRlkWX13!X0RhJ
zq&jqC1%=lHMlfM`%<7-X$zx#|QR*7dXSQ$qG;32bYO_>mJU37J+A1BZZ?mUQU;`v{
z!@PGl@};@ZQ)WIk3?qeXleh;lFpn;<0y;6xl-0X|iEf)$?<~Z5+``wk7HDGiR2<ho
zWT40dXkN_<sf{Nux_hSOt$0RC8tc8M@0>ICTPdo^kyequY-86EAgyv~`MTZQK(b=Y
zA}F>tETbq7dVf=4Y+I`>-Kagnx-^$BdE$IGH0EeLlB16vEn2By`-<P?Kz-2b=;QL7
zaV6vE*cu*(d7f$NT%m7argWAw(WJ!&MQFM8-dS%89DLjFhpK!O85V;z?yIeZ4XjK0
zMt0L(Sa_j-`OfLWZqkUsF;0Z2BVaqMYCpU+HF|mUQrV-3_3q93Y#xGcnOu+IgZ?jz
zf9jPXTLgc5#b?{{Wtre)v!IFlcU6{e1QP^4SG_&wI!XG3!bwgFWg2=)3A<?+6X2{n
z39UHwchuXPcM6nLp1zanW}<j*kfNlYqVlP7N?!&$-S@?LP;iyuZ_nVj<56_MhO#%Z
ztWgTj5SkvOntw)GbW5{J@7!}Kma65VAJLvmh2j^OF$~frA_st+)W21-QRhUp5XmmX
zWKTk;5STN#wIR`P=^2ZZ$!z9pjzI5mBO&BNo%j~};dSPy>xz(XPfzn8=d}+)b&T8F
z0cD*{B@62OtdsM6VNVZ8(|0MeMjP4H<VZXnsw{pT<}cD@VCT*MCF6L;pm*+=nHf8Y
zW1y`@un3`DlZ$<?L)fyJVoP%{slM0ou@%+%&yPJ=IC$xZ=yF!te;`Xm-S@IIh;)UZ
z!TtM{?nENevel562mM#($<)qPU#|3idPP^Z2#9%?XRe2R%f0e+2<SkIymuFTShj|@
zFAB|Htdfe5%n|FPW0)lpnk5<=^wo}>;+ZPWUmH)7^89?%gZX)u#9fhaX~K`CdBXM+
z8hw1`9@*XpZeG66l|kvR_j98oVzZ<FHB1})#>P56sKbvTk>6Tn|Fg<_eK2==vv-;@
z`l_t4)l*&Ly!l+V^$a$Oi&)n-Um0wTr)`b*Bj05H{viFc`R`wO><4+gbFUZAhfSY$
z;xWXVwH!XG8^eO{EABg>Z$F~nl)Blz!>oL1KlXCUfwixE`Rk$61m*dVPgKf=m9B=C
zc1%-E*W$cL+w4pen7KJH%3MUhes<fNpeP^Gp~`gcN3xjS_S?%24i2nl;VWeB#zCsZ
z<I3xkev@<h4omv$5gJ(Nr6WByk6P-ryE9&$rjt2uvRW^nRk3jx?eDFMeB~c%;C~se
zs=t|!?VD_>A`p$7$5uFxo(DYOE-%aPYN}}O9=*9}Yo$_swu7$rYrDqNp(>ENx<#xd
zM3Bc(Y@er!XeP-$Ud}?4UctgWw&a*4q(z@1bbk!3p(*ars%oda#*0Nc@JZnCk(vY2
zn9SF<k2aJa*6(KZ%K=IM;vfsl*y!D$1Jd11gz`fk8hQifuAke`+jA!ldgsx|YrF`}
zu!jFn^OYo)WWhIYV`tOtrT?eBFOP=0{r^TIN{gi|*(N3`TPY%9+*uPs$riF^8N0G?
zl{I^ovXyLwFqW}%XBj&;l3m#*G}*^8hUXfkxX<_bp7VRodH(sG`pY?e=JUC(_w`<0
z@Aa}__guQ-<sdFjMpeBeRvqPc3L9wx@!+WCsFrWDF$sD+f-6R`<^>PlNt%Dc{cJo(
z`!VdQ+$#>GMi*Tq2b@~SxGRR@2nS`P_4UBy`jV%xRm$?lvq8axK6ZzjDBJ{T<mHDD
zF%HToUrXXH%h(MRJr+Mvy1Nsn1Tf|W@g`7yNaN$>#B&zU;|GBvD6~9Mn3hpcSE0Aw
zd^Z%ulXlF`P0`o`NM7%m;>|$*EVigzsqA~3;!_Ud4pXi3pc%|gk`gE9wJe86WfUC?
z&&Dq?jEefkor^!~sn^}%@vVSp^?|wNcy+KzLF?_usdI4T%kGHEX1E;ITRRzvg?k&@
zPz%XhL@pJjQ4ODKk3&)?tyW+{YSEaIBCcUmy4)fi#A4}CA{orYu9v8R7y*iH_6RNc
zTCus<vMM<WhS$^*$50VE7PthNyK*2AA*$tfU>$1b4!~&K12&H3rwzI_9PhWWQ*1`L
zx1gT!WkKXqjNDO;PZatu^xIMhUf?L;9Hx(;kmtAr6AT{vaCMX;iVLY~7);eyVi1Z2
zfLzR$rv=QPu4dO{6dPLCNs^)wl2yw)^AN*;$vP<C%p2zTK67{xP!%(drff|e;8I=U
zAfwBlWLPz-O{}g@_Q{N<)q&)7Vc{m;FzZ^E8TDjWjA~YO9pC99ZSjRitDI~L0fc1#
z&ACPK_-U1`2^Bv9U@|2apP)s#d}Yolo+aa@X+4L^T%mQ6Hw>=1)$=y+`EU$rq?6ZH
z7Yh)BCp%&w(nMwvo-pyTe0GRj{=0>JcFd+%XzbBjv+Bh_k(VTH&1B8VSLz9;<IKs^
zDZ}f???Gh7oT9OL-2FrXyU1QQ=HIN>->kp4Ry7@8W$xUhs3%zbDX3_Q;rX2Fr*c1H
zb>t%^PV2#Sa1d+x*N%tRVM*S4L70j2%MjHMr6uGcq-q*9??@vz*A_jDqoqRv`WAz+
z;&8Qcp)(uk>Sj4vnGI28uTkk@)v}@qP)UaO2jA0w_We=+;wyDyG3kZQLRM}#EyJWs
zgVL#4A}H{m+ju{BN^<Liz~%={$14)j7tV$T^7+cU91Y30n?seDa2CnQ-YhHP21-d-
z?!*Cvhk%VSUE1KQG0Zq|x|3!GC;8L|UNVcKn!7K(Dr6C1PGL=-xQ=^Hj;F7>Ksl_>
z1P=)D9e~YlZGN0O^BDHl`OFT_ash~#n$!1X=_FKi$ZWE5`onnM0gD|Y0gQYtFJ|CV
znY?8Wb)f!aj9F+8PJk-%CKEI;xXDpWPIMIE9-0xI%B?4T)W75`52~c?%aX+0Qo|Hd
z(^A(vZSd;Y!zU%z-W2mug-`S|+F8mN2lW(dfI}h)y&1+R@UbI6n@%-@qxcRP>>q(@
z5oLzgs^ZHOUh@=2tJFd=De!MdzL~7lt7lXxg_ADO>a>t3AhN~h^R28++&r08*`Vvu
z`s>m8dDi{gBFW=(Un%|S2Ba@=5pJf}To-@Aee%fG2JjTVJOVC7n0T9AXkZ3+eYcrm
z@Jg_gZt<j(K?;8p#=RZWN(&8K@A2H~5<fl|yRkzTQnE@akmtf5&bcB<8o5#tgX2HI
zS`=C&VKT@82QA=jw%?0m!q)j7bGG=hO^d}4I0Mvp%1#l+a6toAmwWB>#`P;LQS>Zk
z*-BweHg19WDVnBO1x6Z@#!C*1hB<bm%qkP|Xf(MgLWdq2_*wcy-7~Bf!0&69V}S2@
zG`uc{)=rf@EL}<HR`Y@mx%}8U@oJo9weT@^hBZ~RQ9nHjk?NZoag=67%`l5x$iirX
z0n;KVZ($_kr*h(%l8zqxnWE@iJH_@eLSI-&TMij);gKU`gu{*7!adbM)#dvMXrSk`
zaB`+gr1fhaJSI8J;pWy7<LElK*CO}Q>Ejh)I<M4Bm4>)Zq7>UAq-di=cq#4sst)Ma
zP!KH<v@;(BJVF^TjOuhy(SzF9aKX-ei{!<U1Ei6aQozMgX#Yg7G85p{G~(Fun3d*h
zK!!KV9er40fq1bK6qcCb9%2=ImSvz8fQx%(5-$0@z}Km)C0=u}FfUjRV|UQ<hLJH4
zJ+OxNlJf^7FKiBV5Oh8Jw(w2|z*gWr*A>XsyWw_&(h$d#-W%`Sy3WICNt4z}gZOgS
zBia+Irx^0r5eh}GWIc6Vy@p5>k{0NkZl}O!uj&MoC>V#=BQBp)gtfCf>2b)PK)sa~
zmM!x*M=rm}n|}5b3+gy)5i2IHq@FkFCf(qDltTTMd!>3JJ!xck{tr#xM&1MMAIi(1
zfykfAk!AXtc~oad`_KX%AGB2L0dDwUvt+lj@7)xRGtq*|g(Oobgf@$dT4di@)puX0
z$D`D<U0Y8On#Zzfbk7GzOkqO2dkersIYN4crsX>+8noQ7|3EP>965uao;@hP_*rG>
zC5;LuFe4@P$cs($bKpSN<A|4N`_JL4=CV|uAr>+}Qj$G4Ri}_2n{YWAxmJELXSA!y
zR7@B!(`Xw2O3BxxBf9&>9=>S2705lBs#BE0XjAs_JlOQjv`i0LWjO@U!ZUx1gKh&>
z|InJ@7Cjs?Eh7-kzC8l4REea?0x-2U_+lGoc7=P)P+!N3)%JudrS&|C+{dfZ2CKUy
za*3P)|C~yhAnIn_$HQ8BcNM!VGP(HHs%YEmZBg{-qiBiAixM{c!22xyBJ$TR-T260
zpmFdB#yU6{+sM&xjE@vpk0cCAaNvzTwni)_<TRW^-@}O_<+`4JMoKsoV(PUxz32Tv
zd0%6<ENRzs^C$+(w&22as(Sl8=dPAFY%7`hq5@qTz{HwuUo5dJmlGEh@s*#9k+fdR
z<jAp8jSI?@mFf^#1#>Cw4I0Jc{sCUSWIxRMuJ*(7e~3P7zMjm@uNT8yTAg|Bz8qo!
zdj5liz^(Wx+rHU!(#W$P;tx0TXDz5w0n&bPQSDt^Xe<(C$HXCJ70=V^gnAL(T`*v)
z-xG`^92FnA8cQKEHZ8ocq&o<aw>UpQq>^{dUjWQKtzVy4_D=ohe2h=%K;Ay>q8V25
zO5}U5;L;lzuI8(woPvzalxtVfsF`>MGeXGdTF4i36}N$i>lh){#X<8FE@|;H;bKZp
z>G{)P?da;~a%~}wii&K|K%+&u{NAa>nY-1lty=+A`K%|QO^^ABbIs9m{Udf0tkq~4
zTgai5vj{7|R5WpcUX?0E%8Pb$B1;#f35j_sLiac>aZN=QJ7-%N%hx^BJov%RCO^=Q
zI4V8N=Y=ynX=+JZx<)XJOo9gLJVuwycn^)}1~O)xiav^d<2UX$p_3rsn>cND#`ED=
zaeN;KCx%?W`R_G}!)RI3kKzw##SGgc>YvY4vjCC%$dj}|rz1Z7bq8oKnh6WOSBn^3
zE1;7^<wr}s5Hw(v<g}Z;+anN&2m&KupRdn?ULU*7Ol)Kln~?BY2no?0N}vXp@F+L_
zl_R1=8hP?{=#0j}s}=;J<MUfR4FYK{<eyCvJs!?mo@SJIQJucY&gP@miY^VK0?K(u
zIu{2i4L6;Uid(r~TH2XVvh|#I)ja|l!vk&xIxos^TDlNjm!1p>r;5yHRK3or*1Buy
zIY)q{<Nb#_$VdV>)65-oe@86ZmCBLJ8$NTSQmhCIt}n^q+|mm$s5wsPJdV|eH*ATA
zN0^cDy0u!c6nqo*6Ay-M)IW7J9s!L^t4!d^^eZDXQDkQ$uF>|xTxxhX#K&mD0<NQj
zF=w}!RIa&#vG5|mpY34kV8#m{3a?vmiILS!^|v#omGSFl9$jlV-5!s8st39Q<|q_^
zF3=^0WjNW_8{<CAgI+3k-rLNi;cNXtu9s=T8@)6ZNr*R)Nb0&wM&l*DRCy+tI-DCc
z%V9GmM6Y}#SBduh0%lzVU57Oy)^4tL(4hvThodMj*SU}3k}0j~=^xs-cE{t`@311)
zjq*9e8C9;7jRo;E@aBjJpTsDkF<$<NjU@&n+4-|=0@n9~lA|+MX=Nh<O*jD>AtmFM
z0#Xr`cO$Dq)!W!9>$)2d3~da6(0um-^t}l9)h!b@Mlg%v-N3B@(-VEE#}sD0WoNxx
z1RL~b!X{QkV}_^lzKKora{!aFb{BWnqSPvws=ygy4Y>>alFckv@g^?*DoY*RCk-;D
z2?9jmL7ZfW_WtXXK!dzb;)7sbzs7*T8~|V&g4bE2Bj|k6L~M+0Cv=Qa(jno_8_K1V
zsJ{@Wpn+p$G%y!%(S&N!R1K!2CM=^hl{ZxB04%?k*wu#qD|=dca-c4G?nFY<0dU2-
zwNwyU?z(omUDxa<kKs>87bwR{+Rhh`v(RY?FMP#_Y$N%Q)&N)-%T4MqdAF|C<0*&g
zyrMX48AdCeykYup7Kid<-clk;JIsC<;3!~#lQfK$N-4vwtVKd^0T!<%#%6x{f{4QU
zr)opiwh4U51BRA&G=-|$Oru=6<UC@XD{Nd8YgExU^Fh^h_4ZosvYj10(<$P_hPx6<
zx|=fFjy|XA^#sbkrYx)xyT!(hRK|;a`wTZr7(+P{B4}t)&nmvk2)rA)O6w&%9`m#$
zPl+KdB6{%&xA=XQOH(YE5FG)%#mLxaQZWlKMbBXP^%K!bD8W?gg^3u-q&hyv>E5K0
zSI>gK_h}FqHqjEed_1bDuERcwoOZm9^Z7VU9&ujSF=J`za8CXT&ZYZWd@nP*X;8y3
zG@}6jJI-L3FL!<pEwm|ljP}?9CT)o0&1v7e5$lmQUrvxdZ}e-NMNKe_=4&iG7<WQ7
z8VBg;ckwAtuQm1sqGx1d?zlQSX3K49j(ufDfXKlm{}R@79m0p+H0lP4#ts6ESR-SM
zts6Zw9h1y>#aDa5fk{Qa4ESIz>LJNS1WtMS+2mqMVVQ?_vTJu@pXXFun&VueKb<pQ
zSYp^F1Sc=7MHjCXFscl@fIhbonTW5K1%4PtgBKt@-(sw6T27+y#)${u$@@QoF~nfn
zm*Rm?hj=Bn)&Qy$CpN4OKI!6!r9OUufG$uz37wwAy?iM(Tdeu1q%)YRX&mxoEai&e
zvo4uMuBBkRu|rpBE(B6xO&AK}6UH-*#)ZQg`vL~9t6iARG#Z=BBVN#B1U=8fQ6fA^
zFY)DsWCqQ%m*X0Fl*oEf&Vuv4_tBzen+e1#F~&P?Fr{iwIVBiz#4-CkbHXsyXL4pT
zGKrjfW71!tjY21km;2dl9+`CV(N1o0-m&+uiU23}rVO&Gc&A2q?b>u!%J6ST0Y59*
zZxuI61W@%kp`J@chAM6gCh4i;@8{Amx`0`ksATf+jRwZqXHlVIGb?PXC2}j%ymG8&
zKcZSYPIY-apc>{=5LNhP?GC|CRpw$4M{hYmL<}cT-So3yK;@Mjk43>*PIf5r#@M-I
z=8AKiiZIW5dUUK#u+?+>)=h^K1Iq#>r2(ru>m{lg$PAfTdlED5hTL}(gAqGRj~C~(
z@!K=nI-(orJ(`W&M|6S5?oey@WcPzV1NYVih$zFHi*pq<Gj>(z9-oLfb%A=Vu<>!m
z9iiM&VGh7?5JasNV(6ge6FUDE%i?-%nYJMNw%$Z_$PGiW^NO&La&v6t<#yFvnzYb?
z!zmx-6#7+m*0=+vjsa8Fo|_CIjg*}&ZI*G^4c=c7l0U_F>&^X8onYhW?u<cm4s~PZ
z_yNwrTaT1?*Wwe!OAJWpRhGBk^PYImg|;{cm`;l5+=&yN7$rMAVxjJ-v+m4#VLhF0
zy5~mY`ov^85uNPVQEEz3CP4ZQAHc6Gy!-j}{&7UUtX)<c_+^feiPYPrY5Y3>Z~CT#
z42bdJkJylN@UF%x5U29XSvd!6E)gL6RTdI?t(Mqh-Qp<x5)ELOpswRTGRz@g40hK}
zO7=)@=j-qG9lRJdw4a$MFUIVMc!`hc{x)CU3SG<g75%m7gxf^pKhyjX!v|M;q*Y!7
zK7KG0e0*^yNLF7pz!3~XDkzW9YjH+gGyGw8egIeJ9i~vmvX+&*xw5<h7Z~84G-~U(
z;O=ZZN3T_sdXqFw`HfS8B#N-r@4V8teC%~F64sX3aVJug=1?~Ofy!S|pwe;LQ)~z6
z{h+0YHn41OLX_2xgQLv4^Dn;88&p=~3T%zg^9pJW{_z7Ml0K9P#=vWQn_oW+5?=+2
zBY+*n@&Nz;CPOlU`!!eKOHPliZ*eDgV!=dg*>nOVpp4%SBDJW(d84!nDghCW<?bQE
zpsQzDNXExyLV?l4U#G^c0zcT)q*G99$_uxTYd?i2#;-bo@kP);RUfCCI@1mq9vzQ~
zCpH`fPwRonphg#akp{OJqAnf!eQw;EV54*u&e3nF!f)RS?Y<4RYSi=FGDY>^z@2u+
z0s51tI#yUy7M+IF=&G%LEdoMW$N&nwMjYcg4~Jjw(x2og`MKeEaCu1x{R73?x{Y*r
zQ-Zp@4^0?Fy!vqIFDiexCPs$zdHCU753YgqAEJ+l9F7yyf9m2d5c%z@$uQ3}A!~xt
z82wA<zmzs<8O?Jn#ec8;(Mb^p+>otBuFIp<<&uJmoJ!pGWKpsG#DC_182+T(YCWR%
zUhkwYQm_W?S_^lz=f*vA*QnM$PzkVj$>h*5@16=c)+KPDg2^i^X0%ZARNY-3nD$-Y
znEeRyf=M=r{E-D7U#^8ylE<fow%^l8g&N4ah8W1Z^K<sBUmT(PC7RF+IY2LVZ?s=4
z1A+a8T|E^XJl@wp(ln9<S_u3{e-Q@!(U}OIALeV4rK5%R2iVxzGJVzjrd5%(%M?^%
zbNe2T2U>kZ!?<7_;EO4gmm|~HzR`%vx4Tj-c-7|6FPZzVZ{HDmdi#+b&-o`UUP%Jk
zCge16T>^`d77!~w;%Hos8ztfw3No0R+&d{`2WBS+wfl`ST2O10HQDDZNCso38@UMI
zH8hhuIwk0bQ}t7FI{kOjA?j}G{lnL;DQCJj8;d_h4p|`3)9P&FOH*WIuz2QB&gc7`
zu3LLg3gSuwJ{TMQ;1ZBm;n3^5pZn>n7VX;&15i1xT7kk#)KK$r5hW1pwFY&j+R)nF
z)e|ZEDjys`h!jdZ0jN{*vzMfP;5C<n#Mr$IVvhh&f4vSWc-dz=E$GQ$A+TLW{wal-
zKb)MOudbv7VXBrJg)jU`6qwQG*7^NB&hFrDD500H@9#ZN_^UK<pfN88*%g7mdFuHK
z=uh-<ut_hXw^9i(ajNidL4Z(N=>svw=1R3NQ35girTu>x4%L06+Mp&%O<wGp<hSoh
zY}|zf1r7#=8DlB$`z#PLvG@P0)Bj%xnF;ROk=sW?5Ly5VQBA|5$mMW&_LQS>t{`3N
zLpV_vH|}Vt|3(`HFnt$lUMS*sddIxI|Nc(|2?>vfg0$4_AGEK5fC2(8`0!Xbp!$5v
z&G4Td`D3EJdA*M~%OKLPAi(pFDH|CK!NT1H4YY6kr0a3#4bv&VUG2SNL$wcsy3)6$
zgnVM4Nb1EQwH^4PW4u$5&?EcH&V%fM9;634ZE|Ly^}2Uz$T*A%Ae_tEEc^CvK<0DF
ztV3pOJCA6fJj~26HCoE`GWYU74g~Sn{tLO#rT(x||6|JhqJ~BIP4BY$)8z7}zQq3K
z7b3e}-_NcxfK~J~Qrg5J@&h8ukx~F#ys5u<WRK#5a8ZNeEz%i!{}WL2C;FzoKLG)8
zmpw=R3loSa5alC;9(`f2fW*OprGjMYu&8;b(s=$M>mRa0faU++#;tFTM9PN#R98QR
zQh_G?KPy1cNXM12&oU4WHA1Itl!RYIkTh|*_UD_t;v6j6{^>m>85XGg%fQkB)HNJw
zb@?=DWXKvlMXXO~eNuh-5A?TiBK~Q@qrDRNRi#GVYC|VV$rJ`h2I@VuV*1+n5L^8N
z<wsU><Yf4Ld6|_vAUVRk*Q!u|l>??t(()feE;1P3iPeU)yKco!XzqQftaqyE+kN{O
zqzA6VAWtW56R2hJU1RtY)$LcI5|H+UYYc(gwco!_+x-P9?kTt)p68zl%IVc`WYYM5
zwf)^ghG0y?n~(by+5j;>w2M*&cCC5v5#rw608$lF*ry}=s(|$$)PEdv31Ea&tzGE%
zqmm|Nzi~MYT5ZCd9tcqZPa*PO-p2k7@3R?ifSzPIdVQ}=iQ*t;_p*B|mOvp|+jOIz
z377m%Mj8=8RMKt#4e~@0ja1hIyCeJFc!)^iE8niUJN5x+6<P&s{b%0)o2~z!DQ23W
zim92bQ*E95R6Vp)4Oo}|1YG_Yq8%^vkA43Gn~3hkekbG)Z2E&n_qm4ua)17S{6D_a
zAK&SZOG=Cu|8Ml2{sd5V!;ycG!2c&CpwI(#sk?KWmA~Y(uWZ5Pec>+3Lh2F%ZqVN{
z*JEjf&P=>M{i)e;BM?c|ehNaCyMeh<aI5llwnZ<0(EgGtoUqRer0$EX0U0vE3NT!f
zxdRM$Wm_swGkM^u4V=P+U8gXH40dH`-sd9E<hJgD_x)9*+b6&7y-`I{G9B6y(5~h`
zJF@WpKBlMLw%=s+lvzG8L@S)ZQJK0EqOHt+Ue0zGw@_M1>=NkSO(rOkMuGx?sV`uj
z;VAwwZu=<cv^ZJxrEqWT+q)(P^1l3g;&q4uf5rTVFU!+mOlGIy$h7(gj>M&g?^!As
zQR?rnBeD7A;;HpUIf?B5uw&+2kM8+@1|_fRx=vqf(7$+;G?I@`_DwfP1^GU^-)tZ!
zx{M^axE&4$gM?AXt_&}~whQ1H6OO-!>VKXju_rwOH((|M)r29nVmRyEKrE;d!q|ew
z!_c`Uk|yM!aZFLzfp3I|JzG5;mTsh^k$&keAglL{`0fgo>hGD?1;3p%uSCy>`|D~k
ztL=++Q?~NX$DlSb^Is~TZTF?{{sj^0%Do(I;uC6um1B*?xg{#Yy;EN!*g#caxs}&Q
zk}s#-CWWMPi){<vg8%oPd2fm#o01L>{@kNk`vM&hQ(EUaw_J8`ck(vsQL(z)cAUq8
zZHL>)LXRqG<O_O(58Z%)>e`4AlUQuW;1Vdqw{`%%m{=K(aa`hkf#5n$FU$A)G9efI
z;o<|UV07Q0vqv!lI}?BTY9($qlrp?EpR79xM4DgQuzl6s;l~)zlE_HB+Y+t6AYolp
zy4Xx{ltI^4%KcyGeUprMh4Fmy_Bu|iVAKCVy_V5o7ed6EZaHWUruSGvL`%4M%?%!+
z3@<DYN6K3!ygTC8Gq6aaupDNX1LklK#wplOUlU+u+k8cFIP$XYmFs)?>GK62%Fqe|
z_S4ZTUh~%@L<A)UR>9#d!>OgcCocRQl@F>6zFht2%RV^|%H?!Gf!nxEITrWj0Q=hK
z#J{7rhg)E!#?IhM-V0SR<M^9<f+3`2SjbrM%h~sC7`>@RIov_Q=tXr{lCHy-rxcg)
z<njYAY%F1b6Bdaa>j-iR^vO%blyO5<tM1r%o2}0If5NurJe6pl>R5i*N8?Ue=wT$W
zqpZJNVvyNJz{%Jw7e0Y@Z%uP!B8X8~zdbh_R@ZNdYVH|me(}C5L%aba3^Gs%7PRW(
zs|Mu#*p;TiaSyBmL~g7}I6^hDI8)JneX<+`u`1Q0b}HU~W&Qf#pFQTv?Mk*bR<WO$
z17C9(!ICr!3e>$)ZP@x6M={-+y;au971gU)2nfY%g>p{%gbZ}H;9{|p2;pgmWqhNY
zH8T||J!7zL_N}^D?R59*0RDhmN4{n!xH~abSph-1@3f(G0UI2|+3Ac&O4p~3e~-RW
zV&3|>BNsKso-R<e_JNQczWDIv;t~?xh{Rn^e1psI)XSg&5w36A2d_4NiNy*Gs>5Nd
z$zGvVb}dTAkwbRuy31vkFfFr5GS8L9{{FkeN0MTTZGP3enqu?X=Q&cZ<7;j;qX*&%
z*KC{4FoeC}v{O`Kt2ldrV-izgqnne4(89mNt4ro~Qvy+V$OlB>i=~GJ!sQmMp-ED1
zdzr_&GSEPwLUws66jyoR`{tZfko!i38FF=%Gwhn*w`w|Z=QWr4)wFGiwYkUJ5*ynG
zwk1DrQ)q8)!#6~4<W73&tGT&iEw)Fz4yRN#w(CJBd=sf~z8tDX#&$ePY<*`RpPs~2
zzCH#~A9Ju;XM9vRw6c0<V`$|pUk;$Sw!(<0GGC`^lA%^I^4jr$I>tv3iLqu}DBo!E
z91r@O<fl*-M2>!JV)=^8Gr8ZqS<^%p#|gbfW$@&-%lBnby>9&1Sa$vIJgaETX5U&u
zu?g1PtKxkZ_uQO^4p3IbNk-J;nWtmPk2d4h+;8i!!2*|JlHcSAD;H+uh|5{5-uV4$
z(3NuDRx|H3?jsKKclg@KI%eQv%YcPx(NZ*FCnD+~2HyBE2G7ZQ(pIy$x|a>%;^tcY
zO^8eNyCR(;cG_XxwPy=i-LWtDtMoY&dc9QALpgWBqYH16`&MNjnYm{`ZM#B$-Lv1$
zL^3&pjvD%+=3z9v7AaxkwvnJ`R5tCg{<7*uVTQ+BzDj;e6@2&XJA#_mkJ_l83+{`l
zdH45I6GBSmP^?63?gFbNSj}|!Ml5z6b7y0MP-!Cog@dT8xh;p}M<j`K&NWcwZeH;~
z1+S)4F@<Ou!4U4cB!?B;@bcK3{Or785C#3q^BZ#2JSkstj*hsim!VDg350(UhR{{w
z62H21m@@q4=gJ$@_qCF>-9}<YGCo}<EQ?mgfM>U~ac!$Ezl(A}vTjN0b6(B$QUO4L
zX?#Y<w9vrPs!26?zIP+tW7;WN;%)9HbHEW?w)ceQ^Ro4GuGuKgbz5#6p2YO%@eIAh
zrF}9%rxWz{=Fn}`AR32+C&)FI=I*e?OJscd8egq~?j49(Q9@7TwuE-zoh5TX4T^MC
z7K9~cMXRWieob?wueJ(@ym(BkL1J&5-Adgck)#$`RfH1^SDU39bsNSFS@h?-u+L>M
zfP-mt{s^r_dKTeK5G@0i`Z>L*-nqPDdLtI$Dv!MfeU@AsLK73BY8eK2FsnW1p}UKf
zyIzq#Rul0<!>}=$e}sOxPq4uEnrE%Fal7<vRpjoev!bLH2_%yvXE*f9>EJ>%y%m-n
zh^>A<ARyU*#{nIPRa%wP6(Y&c9=(d4T^>$0z?t?hXff<7EwJT)XdD&coxN+BTSVSa
zhCTBcIo{$ap#nHT@b$twDgW9HzCq%DrsY2BtLn+Xxekq67@6-W?D2*x`iviBI41VK
zIJcL6)JO}jino7U+t7%2kpzgRsjeaGAmg!Fl+|b%b~=k6^h@rSpe4ZW@H!-6w%C6V
zX>_Ce4n7*aE*=7YdHFs5&HGc&MBa@O|94L1Tl<xkPyzh<Uc2KH#g%74VyIQ^G#J%^
z9Pip%F0-ia8J#Tz`|sX3HVc7*Inq|!NZgu*KUN3#G0dSAnP0dM${h0<hcF)#GwrW3
z!A^^@6-llHe{$NGLc2)*SOkUaJ?_u8w?}Jn?8O3Hjy+okqO8~M>tGOTCy&Vd)&+1Q
z9|So?=+(LV_~U~N;&RxIL!YMO*)ar1;!^s*hgB$h8$?(6uZUWWZau+`WE0QHZ7*9T
zNc-G*Oyj>IW~DEvl}5Y<*Qi372OLDs+}77w2ux$z?RN4T+?)!pn?r&TvbK`gW3-zF
zuIVN3J*1Y}#OBnhiZ@EQvytsu)zdLs0X}}oHJ8p?GtDMTVwN`Be#8mgll<#v;1B;p
z*>v6_RtfH-=Z%VIqT0)woq>G0kVE86m-VjX<yma^5=>!s=l3qP^?aU%cZyT>@|nA=
zS5{W9CWGU0?;U@kanv-`Jg3_$vFhSh8KFC&f;c;1_hX>IAe%W{Gh_RzN3G@X7I*!c
z`-=>cCVCC~;hMT0f+b`&sX*9oA5L#Q-N`YZ_nlFFHMzD;^cYYhEX#3|-FA<U&$6Mc
zx3#J&qJEZY><HE?PM=aT*4d;C&Xn@D+YtHU!XETdy;hH*80UnT-DMEh6LpB?isr>t
zyC_n|lJiiwn#qfdg_6HR<A%A=#Uh?;rvb?RwQTR2DKhj?tJF(2_M2Sj^d+}MIZ(gI
zhDkG<7V6BOu88rxzqb?(+No*q4qBH!Ztd!B#8u0B8Va|Ebh4D|KsdFZT|_@}I<}XP
z%lw@jdH)zb8%b<Otse?^M5gc^VBtg0JV9UHt79*`g|~Riw&ZgWx(-T0!5h7e%GuK?
zt!`eNdKjIMxOZy^NIIqQ&5Ne-HkQxd03{hpJMdxa+~ZT~p_Sz4Ghlo7)l8;-P#~Sf
zZBig}Toy12^McZ&`5~WYr5#ri6C(C#&ysSgR@Uq|y!)fomBbl5Rrt*_gAa6lf@Q<^
zB~al;q&^W1uXNayy^UL_@|vf~6*N@4{P(VI=@4aTtJ$?rFCg+$k=C|sK9L6l{PysO
zcg;aEGEU~tPM(=03K*(FD_7q$Eynu<_EnDeD|wv`Jvln)w3CTOLM*%~=vLWYm}{T}
z)*<w_vhyR-NV+QT^<{EJ`=fJv_5;nU@_yC0VTx&?A%kIBZt$<O`En^5T;8J>Y*7r<
zM@k2`DOpIUp`tZ*t835)_N$s^qmjS2<MY(ppz*_p@-pDq4NqG4pSQI~=|0qd`Rj=q
zmordmdp$l(w!W;lv4%DGUcE_t%Jl>_blUDtYv8Y+{P-j84q&lA&;Oy%Pc8I^AAabq
zKl1WNKkOo&Kl<}G^!cM7{^*Cju4UXE5O-Nj4jR2;Xpl_;{wc^POTYii!1w<E0Iav4

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/accounts_jumpto.png b/login/apps/login/screenshots/accounts_jumpto.png
new file mode 100644
index 0000000000000000000000000000000000000000..0fd126bf4cb9d5b03283223226d5fdcb38a3f98c
GIT binary patch
literal 15180
zcmeIY^;=!N5-^HuDemsDad&rj*tira?i6=-*A{m#?k+7}+@ZK@al4yW&N<J$f582I
z`1X^mWUnNXjASyCH4(~+Qb-7R2w-4fNHWsms$gIc08l*;4hHo6yt$1F28K{+DJG^Y
zBPK?o>|}3lX=4TkCLNKI2CJ-gh~@w0H6tb}BU*^=nY0ce4W9?C9RHD16pbVqMKmxH
z3DpsLJ}?qa(<LQ;QwK~Nkt{MqqSiz|UP4408<A6e9XhnO-G1HcdSWc&dd+##Z{p#t
z^=+&bEIy^x#1XIZgK(QP0RH;Ud|+UR#UTg`k{uix2=<AQNp1`Q2?-`#ex-Xf%nK~D
zwwZz2>E-F^4FK>K!9oV3!T1g3i^W9vTP?h6CxTKHO!*15yH~Z$J#Yo3SSB6@^(<qv
zkd`QWGgwA4=x2I3GiM(=*aZcnRw5KwM8G}nQU?VE@=ru#d{jdkQDAhfl&2>Q@$YT8
zEHakxIQE2`jEgjW8NbmClF6UDR6jken34kTP|YJ|T1MX{x9>L+v#GMGjiYI3wb4*Q
zfe23K0%f=&PFR#<h#BUjeyqNUNoL>)Gh?GB!wPIU$LJJ>S)5Gnndl+D1Rg}R)FzqG
z+FieA=zqc`EyyO<YR`<NjLoJLNsheygox$$Q*;vl!)}3Cu&3axY2`j8|3UXG?ML6v
z3!?bzI-Bduj+fHp<EU>4!Gn&aleoY4`D(^1G}*lTL?w=gy>~#|xx9QKzXAPC>H=Cx
z$jCOd<*SpQrdx}56~+UJ#eC?<By$Kp4)3@>600y?K3Wf0?~f#8Fx6hx!vV=f+^t<S
zW7WFkUQxSr|6bI~N^`aon-c=C^p+a6oPNH?9f9D31q*KvB`}9LLSkYezHLOwiS1bu
zuz}yWIWi1jJJ(=(`jbgAbtT?OU*I9bh2f|Cd8fc(dN6<xe49|K{@54L0VGi3{=izC
z3t?7iDPBVa&A`T7FpK~OBUl>Prydby=-2@CT-2}7*u9tzkS+o3o2UoSkeiq|;KV&R
zP$JynA5=(PrLkE9=}Gv);XQ=Al$kML21PHG(I^5<r({19szap+?@oc2;yvQ>Lh1)s
zi>ysSmLlT?u8SHPVaNws)^gf>(CwE`hlcG%y&&U;p9pr|^ma$rgVE}f`VDhW<_+0}
zc-L36se&O)n|nYbkW3jFVNxKf>{u$E4AqFI5e|^h$UjmZFLj%>RcEroxxtN*Q2X_v
zfpQs%&_7oEdMe{!?!d%_rww7v-%e~p@-9zmYJ<fz8fyq*JMy=Y3A0RkQ96V??H=<U
z`yT5aqdC|$c+}wZcPgNT4Hzd@R-k?W!_Zmp{3qSowME|(nvY>>!`hpxj-=d-ijj0Z
zr+tKj`aNrXNSlJcF)!NO`8tRNKQi_0|CYPtxWB&Fy~n<131saJ-;{+Ty?`Hu&w>ww
z8xPJ32JgdB3HdDQLM@4+7H%D3Ho&`Ow)JU?4;mWU2O2x%0YNlGFN8H@8$k>65koME
zhQb*wt0A6(+?I@xv@xD2em&u*>8Cnuo>+QHdorygri7eCAzD?;Dh!@T??H}8%t)lj
zW(-3*)a2-7plno%Q?hJ|B4AA&Pm_uUpRPWob)+JNE_sq>LyJfwuY9pQxU{eWqhhvH
zPYt(llV%9R5FsZ~iATCs{IDdy6h@shMM_^vK)h3)FxS|Uiv1%)h^9E7<Z)q4sj51m
zdVzXcnPzFW+G$b2!H~;Gftaog-$38ESF_Yx`g!`^%9#2i^R>(y6$Q0%IfY!!Qq3AS
zt<xx8u{A9L4WA0nf=6_uhS1g_@0cPyFAhfQ57yJ{YwRAGA(_<d#8$mJdpgECbPXS^
zTtCNH9e;kZj%xg3X*f+ZpLgtjSa@Kwz*ECkC^vUAg?VJR(3$&`m^Wg?GL2&v%{dgF
zooe8pEr0HBP_mxh72#Xxo9)~AiVm3%K11@$s9mI@H$1QUw_blrXk#dH44kBVfoZ`v
z$x}(<7=`G97%m(xJmk#M3<r59c`F5?tV9I?1vUjbh4Xad@pSVtbFZ<sF=J<`Ytw6l
z>nyC=kfe|)lQ@Yxn=zZTrTnFo`g7exdhOJu)W%dFO_vIz3jPYoiiP>mdB=I(s+Fql
z74GH2C4xE+Q@QU*4deB;O+MBZcEj}*we6pjn(pciKW&)44fXbkY}PL14JRCNFE|E$
zs@UeDwxEts`!*9_pXc0hZMXj<kH?m*J=Sp)=y>U-z3nu=TVIh>F?$nyoMV@2S7ygy
z7vwCz2e(I%IdfipKH(~~xqjSx5q`IL{_D7G|L0BRAMZW0&A~g~lbb-ZAz5QWv(DS5
z%T)KA+t(j%W;G_w_qpEBJ_tU%KD1p4UAtXMFMnPVpRHabp9x>I?wg^EAOazpU{?1(
zJG+0invl+Q-YoBFB2iU#SN52yH@Y^Gak$oVx7%E`btax<%cRa+z=06uCS4KD4$cfV
z4}E1N<`Z)99emz5ZZf9pU+ypaE!St=CnWAJWfSX;VTnf@WfP+sse_|Ic*C+x-A2*I
zHN<PKF%|=i0UFz=5il|W&Ky<`AU2@+us+bc=mBdl*2$72MzQpDE5CEwUba%o%C*QT
z4t?4x*tXv4b`onzS^Wj2*mo9;N|e={bQgI(xG_PD)`BPt#e}woE{6u2w3^gJiA3o|
zl}3e(xYXzLJ1f~g*@u=`O-wbeFt$XZWUgd;W_xBboF-pgMK@G&s4m*>dq|7$YSv+9
zE4i~c8U@c+XfuWptHkN}-cm7hfG*SV=<Sc{AFmDUR);^$0Hflgys24C8!gWgv4#^$
zbW?QhbUIo`ReJ4p_L$al0drGF!E;sCALe&zaDUuPR_Vy;WwqTd@Mm=-cHAB3FL3Nz
z@9*#3)!Z2x>gEDTXj{5_ZTq{3r-b1A4pu*RJ1z{JhdlQkOK?gQNf<_X3@-RJynH_y
zzEp_F;^pGAU2lhOmuT2s*PN`<paf9zP`<3}*;y}6EE=@Dyu?!SRj2SKpRLHO(ylD&
zV(HB{j5;i&>Kl$Gjh<_|Yt5d|FLyfL4GTOAG~arjR;`qD)_mSbd+B=-fPF@0SI5&z
zB^n?a6TE*`p3S?>Nf*)}p6AwcxnDv3m9So3Ti#@~e{_Ubl{wz%P*v%6aL`wvKkOaL
zF{eFGSX#1xO$a+|Hf;Dx@OIsaE<&xN#Huv^jg`0YiT%dK7;?6@!?=*8^?NgIQ`wXJ
zX2!gE^WIE1@WpATa(yY%xqP29hdO&wNXVCTzwdKYi`l)&^x*3}WmO#GpkCVyXLr@L
z)6{N-)^oL<l|`dr%aQNR3CDu9MKxOu*SbU7uc_aQj*nWyhDu*}T{%}>x|U{lr{`7$
zN}iq>CUvpxpH{n^!kqVq);zwnpG&MCw{~Cn+9P*cT!<_OaUs_e#|n)2M0@Dni$BO5
zs#TSwbZ5M1ZXC~gRZo`GY-``wOTBcwYIR$@yt<OS@jQ4OBCcW21-S)TgguA088Eu@
zT*y9K*|cmTrwF-qbNcukDb)z^Nt#H)tV^#)cQg2wyq^8=3cIT+$SY71D)hs70^ZBK
zsLfgI?cXx}GBk*0c!_+{xg9^zy}rvmj~kvD9v;+#|KfxpOo~8F1#xi;$4Wf_A$%&j
z7Y40%{ije^?F}pm>J?pSd^KqcN|?}uYKY7Y5o{QhV?x4-d=i~pB^cZP^mLb3;7M`f
z5Is=h6?pq3KNVyf<<u)=Y8Cn>xAE3sL{<TLU-E)IkqJB0k7T|8GG8OjfHLL^3SjRB
zEgTpWI35@@s0I$og5dc7sY`;>fI<HC9s&$3%n}UhpFWD9^8FVN%I{<TE+G>`!C*oE
z&_LNe7vkUE5P)3Bf9qg@pf)fOH8B|(P^tFG$;`~o`Ln&t3Rvp<D0l~HZD%krEXwx`
zE~83u0fIkosSb1jD#-JGvbSY4Hnle~V|2H5c!vYV@6HRV+M2l-lepX3*g5mM3y}TQ
zgBMhPf6YWj@>drZYXLH#f-;Giy^|RUCnGZ>GnpU)2?+_mlc_ncs<`Ao!$JQ9$UeKc
zIPfwtefjc*@e3QHy^{qK3l9$u6EiClD=P!22ZOVRor|$MgPk+^-$4F_BW~vW$;r~e
z#nRr6<Q=ZDiM^|f02$f)MF08yy-qWC%m2<~=ll;^AOxA-TbNiFnVJ3r8#I*v{VlJu
zrMsDpwz#D&h-RQU1X<Xa`Ty$w|7rQ}jQ=wd_}`Hn9PIx)@_$<X-y=1g&78#SZ9!AI
z2>zE{{|x@$#(xI#GreQ}Ka}{J%zwQF(OD3IpXon56GU*`OKS$Pk-$=1NgY&zgzT@M
z2<S-z%I_s8W62J~m`H+3EE#bTb$9TSZ?Fyo5^cjPiA5T~pLI4oM)|)#aKaG7JWInQ
zW&h+6ly`@2LHK~NIh^3!1zBzokjJfxYLHL>FVPbAbICN?afymsE;Z%a>g=hxdf!|s
z%lu0x-uP>G`L9C7>tlm)E<?XHfdMoX3^Wq(f6@hM0I9mVH;|4V4L%<1ujEf9ED?ef
z0444JSL$hoDlNTlvH~*yXA}Tn14$ta@ptN?6qXol*60sR_<J}Qyt0Zh{(mQ600#iN
zs_?L){{`qDiLml-*LZ(>Q1?sQxmu(D0903Bg!yM~e<*J`|Hw%Dico0se^;EF-^cmy
z+!UL-5TMoTa?s=ayLvE8%%*?4l7MfZ<>qg#lpFW{2ViMwEz&=Tg2CUXg1T>LA|Xot
zgA4@-b=$x320j1JLp@Oh|KR9Ib8T&{yre{`DLhh~th~8di&IWJHAQ43TJ|qAn1S#g
za9PDMF^uSxLqbBV4wP-gG*na)0E~=ym2n(KyT$oi-~!1Bv9TZLmX?aR0OUlQEHr=f
zJ`fEZ0rR-3uuz<iWgsyf3^QfG`_EcalUoQ9LZn(`<RiQ3NgjikGb0VXGW0acFC5yx
z`Su_MM*O{Vk*srh`eTLH7cNfVZ?AlRVM|&%x;fohr0hkI5G~T=BTr4~=;&xzTW7I1
z82F%%NXb}Arv!@v)X`K!Oy&#zVT^D&6xkNh)Y7jqUS2cn^M*AjgkAFHjt=>d{@v#(
z*WSYXEr>uh8k+HOhUEpQ{R1^|NB{#vgq85=R@5}gclG)cT{79mD5n|PVS%k|vJxGH
z-E(D@>fpleI(3Y1wR)xT+vTD>X#ydCi6n^-{AN%~XQ!ASO8-78#71glWUVIfDoOUO
z1VkvKX;K|KHMM%%OghvG8E!o)p9oSu^-db9<2Emis?X#M`N^ha#+LCM`Ge5_fbv{^
zi}K&Hc9kSt0tD*lEDs>psX_Y7iI|y%^m);2ghY;X>j;1Plw?Q29RdxFS7k|38~@BW
z@^hqmJvt@H9qFU&Xv-EvV=E0qZO^~3;=nL4fq!B`povHOLpAn@;fB%oJM$s-i$g=H
z+Es*us!C}V!gF)!k0VPBB}7ogWEG)8Qy3(SaSiGFmr84Qf_d0T-*-hf>SsH<IV|5~
zMB+&ejTBG!`i+r{sH>gE{J^eWBz(L^Hgr6Q2F(-F?g*#4Lbm)i=fd0;x_0U0WT6m*
zIjsDK|1PK!P<#6+u9u)c40)z2@j;Tz9uqTqFMtv{FwgiiSiCvQH+nQ^Gl4N$!FW^?
z%?ug@IcOiCw=zCG#Ji;JWP=HovPi%{rDA?K`$7FvP6E2X6AwSjRiGccsE)NV?hS=*
z1ewshBepxUcPCM_5x0u&wHzZg^qpl+;<;sI5>M46?Z*9pD=T&7by|R;Tx5Nn9~QJ(
zD-FOmwMtxNNf84J;V+>UenoZgHQi4#qpZQeyf2(x;5wK;Rafn@jVsk)Ew^C)LB$IA
zEK8e`(yOdRPYxe1%nWa&-&|eI*m+ZRGheXa!8TgnlLK}9Y&7I#GdMWt*?+Q|5vitK
zR$V=Un3K|>qR!k_($r+YH^JNPh1Dc6yPVydSC|eX==nJyQzz9Ui0jZ%>93s`pALrg
z)z-S7pPEodM23L(R-c9*xKUDBDNo1xU5v8Zsx2TFWo}j-)|Xv*od(d@c-*+(FyrXP
ztgX7Lkd}(cg_@lNQk}xL@I9W>)6-=2!%gNKmseL#mu&FI99z>ei`<JQg;omV;Vy|d
z?2cEWDlAE@JajJ1_k|SJ5`VO1B*X7yK#GmT2V#7De5+@f>w@e>9c{R>v}aWxGXiq3
z)mpG8NRU=<6BBdns@eAiMt^*YH?Q*E!$s-qEzTXQ6y%^pKmPlckH-RUL15?PEM6Pj
z=1_BiN5bbEbH@I-rxj2Kfy-jjB9PU#@ccp~co8|$=IZKsO2oEJzbErh%i)<}+pVQq
zcXg^En0#GH5j61h7dVK3+grB`xQ6p>&X7%QBv$Wx2gg{3o8;n*UMy?K7(9+?wbfoU
z?y1Pg%UCzJ2k-Uy?W~`xb#v0pw5ttuc}udfhws`$*Z|F+Nmfm5Lp&D}I=8M)^{LwZ
z=Y|V7k5s*9#Q9xqfQCA=yv=x~E34^Poq|a^)*E$>;z6pVSO&#)g+tqmJT0pr2uc^)
zMNp#2qL+qdbd*>Cy&a$V7>&SMmkb@;Qx5<D^g$DAsfA#DJYyz*4NN@)*KN1>#D!If
z#7?d^5b}YG^K&tX-zeM=kV|Xm$i)kGB=;tw#=Y{#>4D_ZXg~?*`DE!rtr!9xy%15-
zo2bf-`UYo*@wBbRJX=D5GP<cg$v=W?1@*YMSgyd}5Gyt}J6m{Sw6e5Rc67w~!(ku7
zR^z9m3YV2zfVz6EJNi&M{ssn6?bWc7c1sHXb8lP7)30*01Kz!U(6MZqCakZoKOuSN
z&cGuH8AFiK7F2nu(M#5z&PGpzCM{7^U2Wj%=5~mgprSoGz-8tr?4!1d<fwb8fjc>f
zxCV4re3#xAxE+)1WZw+Wj!m;{%<BXq1d-md+w>&AAXr6}!@~sH%Y}I>i~R4Op1wv3
zem+!T*iz3zM#HiwKQxX78wqRMV@m{sFH{0!o2b@r=X`;3!g2m{@QZfbC`yE)LaSy*
zZZMiipZxd(bU!AELu4dwqMnXsetDQyndjm81HI98F~yV5bJ$pgYK-r{^pS^1pJG^<
z*%}_BLBwWR6Ql~3lQ`mHFTHL02yaN*|8-O?V(W=HKutY*zy7e`npZ=x;pBFnvwbVF
zFpimmJPb{yBAS`C!W=6SMi+pni2IAqCX%`-0qrod&nok>P>aBSg}_=CLvH<`<PVu|
zrVjB(1Fkifq{r8%^Euj*ulcb;ukK87iOeTRT&uZfE!!Un_mY$ZRaWe~efln1yF7MN
zw94DhyL2tu9e#^8j&rW;w83>v+V75}9A#Qp|FSOAb6YaAD*5JirJr%PY|V7D_GROz
zCxFB1aJopFc7yM{qac=N59iyw{+G3)3Etz%%ED1`RdRo5n1xF1BpsuiU_3T+d09l<
z%rj!PtvTw!$x<8;wwhHs6)B-C)2C`Qqc&crx7uB%Wse*9uU2AfZ?zdm7wAu~d5hTk
zuv+5}#B<ZL%|zlYb)swRHRrn#MsMyn3LI~T*e5vk``IN_FCMT@t3Jwf1u1r2J62Cu
z4ToN(Z<#)AKG`DyIc<J><5?vWeCPb_i}zAOzR&JY{7FGP&U>X^=bc*A0oXr3@(t`~
z$_O3~4UX>Tg%M5v@_T)-XgqCNDb7-#*qWQ4FE{ji(HI-9Fay59ak!lT8<)(piukX3
ztVQDZ&bV)$uP2W`XW6xtJ#NPdJyNO|BIndA>Zkg0IXi$)cAE?$bP~xmQ9*iv2tAu1
zMN}q-EU}v(#W>QN#EdA`qvTwi&Pusb!rLqhC7bT@W@NUjz=`{feo4epNI5c6`>scx
za+T4S7I8pmFbYaUrT2OQMJPq}QVaKU>*G;Hqr_k`WNL_w4~Loxi#pp%jZUMi!2M>>
zGB2hzI4Ae@H{ZuY&lR&Yeb&)2Os~7OFIqXik7YiXhHdw-)=;uDn!2_{O2()3@o{l_
zh?psQ=o|MB4<3a|9VK_H5I^V%Kg~BsrR^ED646K$X|&nk;bs1*rFVI$JUi3aXprKc
zlTgM;5lX`<|1Qz`R&o~F>3(U_c(?9V;d(q@7KAJa{4K|-vXI8-o9_$&L>y3bhhe{s
zb8S>scit|S_SCwIWQaG9#R<LQG<u#uW9#MGweDht2wvO#KxFF3jTN{Be#01X8pPBR
zr;K7ughb|7HY~_T3kjvRL=)!2qgQM=laik+!<uo<MJz2ZSM{xUbCYl=;Q~%T7L|hZ
zzKr3QtW)vi2?~1=74>KK2VEtlxWEVB*-{nl7ky<F8Da}Du^`^lhMC#thig|dud~*Y
zw#y;>#z0jK4a^kgO1zf4i+<$eW4^PNg2&AuWK)>2ky3}l?4CT-B)isY3D4R;Uwv+u
zcr5{dLo{=K>Hrt>yw2+hK36p7{Rvm9lv|cIeq)6{nFi(cbD1KPza26<kn6Ac6rPOh
zQCL9Cbu8o<)n~FnA8#FAv1tIUQ4*O!S#30sg`L5GuOuHWPJZk7z<}qZwtp7iz9SEE
z-S_GAXe)|I(dtmNneb~~8iQ`C>oKqct-sIdxT^VRMO}SMWy_TbY8v+xauDL<lQLtr
z*BKAf(hZ{Zbf5i1MSkMZ0df7Uk}`o6h(hVUttxf19M9^4iN-$_h)N2OBJ)*g`;+dH
zjYl9E?o~tUNhBo{zH<L^BXLPXG(5eRx;Sm#C^z(dkl<TY%wUyx`xMTlGgMV7pUy1e
zbN@SRdH?ruO}A#2eOGHHuWLE)?_l)Dn6H6MFa$o|3wgU1M@<Xo&%58M8K9*h6_b9v
z<pzCJttA;qYHH%VIcq;JpA>r2BUQR*BT<SzXxT}WOXQvDTmG}|b$+Nq>F!2@`U81I
z@ad!=%`ZHStGb^DceU$b55G#-rg_bc_Y75vATNhjb9Ke8T|wXXVfS%firA;{cJWgj
zu-C*ONC^H_Ta3u>*^$F~p5Et!#SC?}yC^aBQ$47E87`aofzfChla`XuOM_rGk8|;9
zH`Km1_k17f6G&WV?}VOC*jA*VM@<HtvP0E4FaWiBb*2$^Ql)W8io7!OFMwZ%1CK$~
zV6)^`!W}=8sOj#v34H$ivKnP*mOqj|ZX{xLEtc^8>|FXK8QYea|90(*p=0hU#XNbr
zi|?nq4ZrTOt4@(`-d8`Zq8OT#9T23x5YSs~2Dx?J%<HZ^_&i?@BdmG+KrAR!rWy#L
z>|v_&eepc~dfLb@+51CW`zJe6gBN!zb<)`x(V<<<%(+MhGHmA$L<;6Q&l?@<!N@sH
zC5rr<Lt+K}`Qw=NCJ#f#Ix2$8ja#>gjU3s`p;>M0#ovx6W6o!9<IU%!YkccZfTJ!p
z`dDK94l=-VWw$^)a|d4+&v5;d$bcmh+v(vcXkVObQFy56=KokUmIv+|gp%sAj<p-E
zI!_8L#NJKIF=@A-wN?0>MaLaqO-DsCy<)p9!V<anBpMIgwz4tCp11C2m$vMQW8ljf
z1hQ=Zgu{~a7C7;`LS7fIzsrx;zM5|8Z@I=a8%)HmAzb$WvonE@z{mC&9UZ`xAdWII
z8b-C2=zeM;At$3(@ukOAF#{bxu8$8AdEeuycOH*x7A$kU^MQxfaOaGE9nP1|zZ@_2
zchd};w(|&u3+aAzVKE`;r7?XXB=Rey8_g8(a$9w$spyzGy_kSh!C-L2iN)1={&aE-
zx1H*8Ogit}J`?MjO)uo&v6CQm;wgd`o^)nE)?ln6?aCLfL7ZQ!b0vb7*6s43ldnGL
z`4zmCsy~t8`E_PVT;|s)xL3_3TZHwM=#m<02jnH=03Qn+8ckFrZe}#8HV)5)W>V!j
zc{e@N^klx%fxPPhycDJUR_66v;?>1YJyUi8m0|_~m%s<5uA6D=)2G7^N|L57kIxon
z3Ew7!2{(@iD>X<XBi)K!Q=tuYl>}~*ec-#$lBg7>4I>b-=xb~GQSWXR44Wq%HycX1
z?MaBEKPIFF_~7beP4Zty`@|+NZV$!OPmY6Mt$XZ$o6|D%DFU4t)Xv&|dHo~CP?yG?
z%mt>Ke)Su^Paw0-%Jx^UR;Su(f0D6JZ(0}XKv)WR>`<*vuGb)3mjO#!n3@r#=k1ck
z4J8`@b~4DD$mfp=A5B-&H!NE236ob`?y*;p=q%@(LiF>x92TVkRK~`NN?$<MNYzK~
zO|accH6UXTv}ME=4(7T?panA-ld9_wuEoI&FcsS4yOlMTq<IhgO8Ck!{3MJJZm`I=
z-f~EA<YYF2kJi@FGM^s*93H*gZE*cOe9^V<EHe7Z0x=3juU!k(=VUZJ;8S=^l>OCC
zV8GK(EmZsoU5THioN)UNVw4!jv(jAOX?BGl)Htw&rNY_ZEH8Kq(zHkUfukYV2Bk0Q
z4&dDyK;@pvT39V^bBoag1B<VF#2-4-(!OMVPmvu4Br1LdLJxQ$slia7^AoR!1>oir
zK-rG+L$XWTNJhK%j;`CPIO=Gr@+g|C$WS6#q`NQx+|7lg$)Y0D|D4unc)R*M?53$m
zq^21rYluFE7M$@h0IvGyuwcBGaJ3sgCwvn;<Ez5E7wzS!j|fC_B{s~n$o44qd7D*J
z;`n*=^01#{zmbIfjdG$-<?g)wT=1!j&;GKpb_e>?Mw;K13Ksbel64p@ekJ(CzUR%H
z)~Q$iD$wWz!-3sVg_FEi7UbP-cwPOZ9yjX@YZNh{a^uI1C}5!8|LPp;Gj7={>_dvo
zaxGPaek_hb&4=U>q3!NV{*xY2kuHNRJ0eb?l6TYp>PI+*Z34?((MlhLP`_BRp|hMW
zp7Qx#HjQP|99%%*(@(UJkuGF6MVV%zc*(kbx4loX5-QOEM0ycL5&U52lkdYs^-LCz
z_-t61%n(w~cF{c}=8GAfG=Y0flnAyMPwLB&gdXHXILG2tUQF|-OvY-oYUQ6-&->N4
zA6WEq=>c?Fx8v;GcB?oKYcw~ZK=qEumHaIZ-#Yk>j^eax3Frrc6Xz%d^F$6!L~ozd
z?zh*M3vM4WW>TDI=`ntM#VCYla^~wQ-H$vwC@Yp2KKmCu{@e_JTDTr2Xv0v&fNqFq
zT9Vp^%_x+>8k_rkoZj$apwC4u9?o&-H6r#dvzXJRM0Cd|_~%d2exV)S$ux4jI8?Dg
z#K=3%8@@AL+>Zm7uwp(nZASnfXf_8EAUQqCeO*X6S_y+Fcc|fq(D;5sXiY?5{+M(B
zFD$m9wo#8+6{$l993=3P9{0dU4mKEaTcE*ayAef(nelRi<xvz<*HkY$&&(DsGolN<
z5C$;Y=)u27C)f?LSKRr2I;15>$uL>yN=esPQW*#{CHNI9#pM{>lG@8IsoNR3BH{aN
zZ)O0mG*!my5U2@wN}#w@(|Mc82t!pBB$TQ4^@K%?!`zzabFaM+eqv+_MGCXQDB2|K
z&u_6$J_lVw=@W18U|?@=rYrrRj}q9y?>EG!-{5TsB)W#^n$TAw(3ALnQwjTD_-jC+
z@`nct`=i8#3HONA^1Bm^w(32#P}rsN#mUig#fj;S(gHCipoxOBdJw<B@xYNb6Y@1}
zlM{Kp8D^AM9m-Gs8B5;I&aNrUIIONNuYT0Hn_bX&D<_(zQ=}YV&~FpX<Ib|<H9*2+
zm+t)T)+xKI-4t@YSHV}^x-?Xd&!QKT#oc>mu?%GXl6@n2FZ5;>y7u-&S5wjbas%Bi
z<ksiT(cv4shHU5J>Q+t}g{6CLIrFAL_!NeI;yW873-7)e-m4OHr`r-53d3POhV$(e
z<SCRJ_&%6*cAAglaahgLbPAY_VBCNVq|m*;cvC+qI5V6^ubt1iV#C(yGp}t?_U>lc
z`++u}Rhqur5=jim;FS92v6r#@Hm_^1v7h7DwQkVnQl_w9S`e!W(#~Trj%sDecsx#p
zR+g5(hR3R|Kq{%6JeFJZ>D!lekE5m)yA={fenp;LjGHMj<ik%w&lf?<#$kkiZU?aq
zEA6^k&+)u|hhWeC4kNC92{L@=EicG9XuQL<_?kC*<ixiVFE&e8(}5OUd?)mJ|EY1o
z!0Yf7WWOsZ<Ou3_f{c$Nf5?whzQ+qSS{fP}o=+e^n$+K164zn&L2jVF{q}JWB(l1F
z*F$mJQF+B|ik5-pOG3`OXQl6RGj|k8S6%yhCaJ5NCA#JVaz2)yK+0L`>7+gmU)&Hm
zjL<Fp*7<lC%ITQsMny%%_@l(@VB>d?L3Vgi>h~4);|gfow69NSBJ0|G59xE|0^PSX
zx}E9}cBOj?L$n~*rRe4iJoI@SA0IbP7Rn^ef*grb0G(r67#~+$$oeM`pemhOBN3gY
zH8um6UlK>Dx^}+|TEZNdTF>6?)OQ2rwvWU743=wbXx*U6Cc}=}`|I5g@;G&3pFas*
z3n1gUwSl6ZP!2JD_~UY81UmIzbif;+Aq+0=wsz+m1`UhdQXOWeTq^zXsbY~!#%oto
z#TRpD-<)pmSD*78zc;2Qp6%BX=VF$dyZyzBMYqX^66#m;IMOxTH!i-@7JRIgxC#A4
ztk=6{{&)^==B_2FrR`148UrNKN+B|Jn^eJv9rR<rtq5wJH+g(AcALd78$Js#jxR+l
zb+2bbARO$r4g6kiZl`LxU#(ttC+8kvxj+^#GQJ|7tPk)ty()+Os+Y#?Z6`^o>9=?(
z&<_=7-fz9bV_vA`_nza1&)r<uuF|g|4n5}=+3nnIL6B_lGLG!<qB1QD0g;dAtLpbX
z_rHBvrRgmG03xn?W_LR|Qc{fHb_`cr*vYLNQ>STvxPR@dIXSwYGyOshT#<q0lvj@D
z5v|upR3K+&xbSgK6%pr#w=<z)aAb_GyZ}jp-fk21qwO|Gb=7(ZfEF7R#&-79GAxc^
ztL%1Xx}fJAGoA)#d>6lN06O#ph&VRzDYlkAJzVW}wlsVD>;wp>p>|V^%lqyDS-O9C
zVT5s_*pe;}P;k?X4zys>X&#Oo9_iGKvRAnJtjBn(1|y6R!D3UXuMTb3jWUjA&K*~`
zPrNQ=NMfVH$d-NuSvs6TD5A!U@}=oQesIzA^YgU_ozut0lWcaY+=PnR%az1i{Xz>;
zp5iWgwPFMweF}Wkct-cI5@B>#QwR79b8|(L5!~-S^`+vI59kE55hR6+{vn4*!Pkm+
z;vGB^iAm>q-gaDV0LP?8we#zxMU>J?z!VKII17oh1Nai3^yhxjNjgsN!ePjV_%7Xe
zCzAcnw1`IiB1b(M_yc1Blj_W^xOVWK^jw8tSr`tpAwtF>0u4~1#dS1dX@5TD%GO@h
zZWHnkng%{M8c)M?{nXm^o*?ULxfbM7bs+I6i|z&@GS)sMFnVX@Y)YmpJK`I%R~sv~
zJ)L?`DP>m%{fv*j8Kt}kJS3|r{&jY6&@Ppkl~tAVfxJk9=kcK6hJ{_T+6!dXH3~tY
zdFlr$hF;oa!qq$Nju@e|=T!8%X@^7*QtTCf8VUC<phh6x-bcWM<J@KvOXgJSjgc2E
zO811@<5E*nWk$B|erXz~3wFZT-zJjFSGKgWx?)r(5sVh@<p?=7fsz60?FdAQ;lt$x
za<afPs)!bqm1%1!%E@i09j(S*VFGBp2=vmG9}Y`$PKaxw=PbqnZP5xrTOTh!BrCUq
zd~aLdGtjv{)e#1d`Qdx|)mXLwAA8rL+oFTHI|5R91YHwDo+BF}$`d;N!tUp3G04T4
znSz2grEL`agSCKu6!=@z{Qy{^Dc>_}&+q}FzHE#6O6{}XNKN_y31z*pWa_IhxJs`$
zvFLnIUW|7-&LIfZd}?mBADuITWm#_guR$zjX6k;viW;Z$jLzq7UIpnP84Li*g0W~W
z(2sxMPnxvII;#MVX&crQjA&`Df_$J{va+SE?M%wd;$jJJnp@FGlN7XBTo58U;H(w~
zFRHf0j$b5w2&(%GWk47nlcl)PgB5}d-Fk*Rz`LCjU?Oe3UC>N3rtfvy$oUngZrSLp
zHWbH0=S>ga$ZktC9Op|PJoVzWuxUCG930w=^rw56z8?cZ2f0C>EKnFODkrL|+#pG%
z5gpw9`g4B3wpKrnY^b4W)g<}UeAF%|1J#_S{rCgoti9lkKf6=PiU4xcudJPQSfRIP
zXXYO;Pl9LPDG*Z5&dz+%0fPwN^ez+bXg=DK1S5d<WQ#a_%ESbtK99Mcoql=Af21^?
z>kHiON&V!+=VAX#_iI?6qq34>Ov~J0gb&N|*%$9Fci}D~ADj7@G~zY_=G`IArSS!>
z3$v&TzGyRe*I{v%%`%GYw{PEi4?6F~f^r{0S8y}2gnrMLyl1mzYPS6Bb!W_QS5Uoy
zLnyZlcG}-#V2EOjrX(8W9JhC^YC-3ly_au>&z5B4N--=o4TU_|VpTe8izu|1{tz(|
zYv{6G*l(5#4&%T>Y&GPi5hQXTvt*Y(i~9u6{$fWi5gUgN^Ofsqab)LkB8|H8aD`?S
zfaiN4zm)5c0lKXT+A0Z#sNKK-H=Be<-+*IzUA}1N#&VU8S3Wiiw}8i+AD=YgBe9Q~
zN<WFd+q_@Je4~#V&{;w0wLfP<Q_Z*eH@i;KZTT+UoGZ40otp;fOwus`rtHwwM@`9A
z6tV%8Qvi1<VI8e;H&u7}usgk)wjbFl%eLv)j0myE4k{%~Ht+tlG>v8D-2LU-S1W8Y
z&#U*#qn$&;64H9#<Ud9Sr!+H3sLVE=Cm<KR!W2%rB%~vPS>^qbOQ*yAd$uRQjo>l;
z!KsA0A9*H;MFIEYWzjFS_sg+t-zSg@4X{k6$Nny%GTolvza<wOkvOESgg@97{xO7^
z@3bLFFqC#Eoz=D&np`Q}1Tn0vINb?hUy&gdM#UIV#{cWEtV7qfG38?rlYGpe3n<RX
zic)~U>R>AGHhoF>!NGT%S!1q>ZaZ!RWZ`JX5DDmb?PeC!A=P!ln8GRNO%#!8l3~q(
zY>AQ?ZqQ}+Ea)n`tXYK`F356hIw{|@No6@1hzf9%ZU5kWNP8NJo*wB~nyrY8Mb>fB
z;7$?i34ypBSr%67G&+?b7{?P9j;T*{!o|s1Ue&z5Y=E8K#waRo+x>EzIb0AYSk6pH
zJRvW`bW1eKA%MG3l#v~Kc>Z+W-7VPtfcCut<UG%AfP6^fk4Ohh-0iMBxfv1eSE%HY
zrEP6(U-Q(Q^qCBsSb5ZvRJJHe8Ja%~<u+ASP5wB4x_v%TKYM!fu$&2cyYHUdJxOsa
zp;qF%3~ac-esML|@oe_vrao=SP_*$4nn`-Q_9Gg@TOV-tQ`u{2u@M0L*oGzcHVVUb
z;4y#9Jr<am9S%5B5$XCRfe5)E{}4hPO3&E+?Bun2sv_deUsZrjOW$=FCJ@E98q(t6
zyf^mK(-)oiR$$1XiOJl)hW+BUqn8L9ood7I3so}Dm&F?EhO8<Ja1WH;PuF<z_IqO)
zyjd-rfy3hJK%oz289vQY&<RB%&BK9~M#OHCL#fb~Q2Kc{D4KSE>{=h-@G=XU2a*So
z_U(wB$5=YatZX!+T89&t3j*^R^!n)?`Lf5;S2de#a!=(FNf|~`x${h-!}0JI4%(~_
zCj9P)ZU4wQ;+w@rjZ&(|D~<7sXnm>uJ)A><ms*R9s}dZ^r<)(|s&1OczTyD&MiXxj
z2jBd=2L<6ok%Vz7JmZsbKNgP866l1n;b!L!4;sQ0<60v4aLjx?{K2Os26LVVq{CTa
zU1tJ_ZRF+M4}E0tO&t2omxnF_|8N%)Iw1usv>A6lz+vv($bO%6oPo%}w`(C)@He(<
z{7%VY?D%4I57n=ZZQ!1#2)V_4KtiShOGV_{OC0!7(G&28W%1b5DP&eGUAdQIZx5P`
z{9wvo)E{Ov${N#Sd<UU(_zD$(;v+&Wkd{h!lD4&D^oGU7f|g3W!%;4_0-I+-l_DO4
zz3&i#|9E(&NQ;{@vu1#9b`MK;z03DZ?x#+9yv2S38E!&h9R{|VV%ZNin$v}b|B*5#
z5RcOa2&@G@j3QM}4aQV!*Du?3;fmv3Q5O~FP4^qO*j+nrhLRGwAjv@%hkn3K<lqhM
zVy+|;RSfH|g$=D?o;3?KTZO6}DXZMg3u~{Pu3$H^dVPMdi}ziVe2BM5M(hV>-1`&a
zkkxz|j!nVj;Toq?GP%wh4gUROd3m{GE3@ZeJ}6@Um5dmtsc#BbQ*vUjM?5&)9L;rZ
zUA1Glj)mqAPBpeRQ7*_{;vlLH(W65p7rQ6crs@~GClvCntQ7p_bF&qr6HcZGk_QMZ
z)@SlhH~LOV3#0CyRXS611$%CVkv;0XDql*=)RRJYy2sr8Ql=VFMf$@X{o347dUBR#
zl!U4-@W9|?w+n|wS4M^18T49|S70(0;7C4*k5H!R<r|{L%P^<A+{-~YQu`k-cQ$RO
z8?MIPi#s0AH%2MjV|mq)npkrHWRnx&lBDxY0M<X^d#_A6bX?{3w^ypJ)`?w2sTMUx
z#O{4vgETaJk+)wY#Y2gbU4GGZY(sy9DRAe4)9--Gh24tfJ5wh1z0c#!9RD*MV}RGe
z1o}FzICEagat<G<C6kVi_9MstgAyH1((tc5SjRE@bJ?iGZjB1OLXZ<7=9$c0ghG`d
z3cZ;&dXk}DE(P!?%&xllWFb3#enK0<OUoU%qN!E-bMEr+$T_F!Qk+E14v`3t76*ZR
zPXVlx4)onY!^EN>ERPwoR6X?f6(c=)vH<vpZ$D=@fKELqdz-z#3>c%dKZCwyCXnVM
za2WTs08>k*<S8{v!$}k5g{(C=IObUQ1Xb_KJLozAkEgUD(~*uHz0*;3_R*ed{v&Xh
z9lO}}WovfrrzZ08+MtLh8ZC&^Qyf-p^op&1L0V$nvd~bD@`3_2o82SRQkpyVJs>8h
zlsOumI`eC+0cHk!ZU_R@=%h)-mA<I0Msc|9h$c&&La%F>E3rd8Zg1kY&W`bW5El+J
zgrklw<xwUr3>FkZuxv<WUdVcK;mbaiW@#>j*@MyC>M9u<^rMZ&=G|eN-5gj!3RLSa
zlVn!g&-_^KawwWupvalrF}MMd${jjYWr-oqqAuT-v1huNrNjq4od_%d*mtL0tBkG%
zhBf2buSCT<1Nm;6x?cpNO^Drcj5Vyd=`9ccj*^KaV~+0^e)xEoo6EppYqB>*)<myS
z$KIQsKSH$dBLW*xEcXG^A6NK5|3M<uzf0x^%2fA{_(?1l{HuuL!3pp8pfh0%2<F-p
zi7U=!8<MfJvYMJW8*b|ne_X)>g@7OiDtUs$12iUeWy|q#YcrhB`pYO&$YknRkw&y;
z%`tGvgc7Awe}}H!Q`fT0YyY(PmTUw+9<QXori{u<9vFsRZ-^xd-Dn2DK<qIl<!<3Q
zrEPTav5ZVnfYmBpv!YdXk+_O_4@-HB0Mo1uIYlTwesW2_ic2XhsN~K%>;NtzS%<cA
zrf2j~_SV=0%WmjBNOm?b7uy*lV6S2yo8s=CO{39mR{&;b^Dt;-TEMko&`1KNN&K5_
zw{IY?5+?)0f|&=@)YJ+#go$oaU^5Pk4w2}41C|6pI%CA^2aQ^$<1HP2UZCt}`}26(
zdWAMYz2gJbBW+_P*{}B0dodth5y0i9L02qo1$|-r4M`eg#<B?tz7($wWD`W8xyM-c
z+G6FX*Z$3AHA_`DFB{{<ov>m?sjeJ!g<vx`+n}jcOs6T^YaYT$8_@x)P4g~7;o?1*
zv{^Q+qMFg5En-jx3*gHOL~y2CA%uy%wjr4~qrK6Md7uWx90l~jr~f7@+!Qp$&New5
zpqI-FJaY8X)PvNmtiS5)z@}l0>N93({<iZXphsQgVh7kuekZ0k8gpp9bp2OP)err3
zn4oChEKEHx9IfD8_Tn$Uu|JNUPNMg+DxbsjwR<&T2cR{ZU2+ik{>{ffeBhNyfx8?R
zi0#;8KnB>XWRk@?EP#K&l5nkdZwQ!$X6+!S=Ca{bifWX2gS6DBq$AMC&03q-Y&u?+
z@*Azo-yv;g(mj>jQTf~8cmlL48--ul^~{*m<wG(heve6juVB`X5JQccXxr~<q0(1f
zCHB8MxL&cAjf>~n&>j~k=l+2;E|z%@o4BO*pPOa5S>)%Z_F-wJ;SkN+QtpEe{6e+4
zChUL$Xpt_jcx$D1EO4o+#Q0SwJ1h4+A9~BQvNX|=Oi}VuUqDg8A?ckUBT>Q@79|EE
zgr_J3>uW(ozSli^2JF*va(RgpV&}%1C>XYr_MOxRZvE`c(MWAIlXhv_3S@dZJIx%F
zoJ=Oi)3hrG0SWr2we<L&(&ZA#vm-d4zPW!$J5>-*pB-T${5w?21I^!u!iJKiwf|49
zx^%lg(F;WvbnBE(u`)bq7$RICG`2EeuGxt}Tvoxhu{?n&)#}i;EE(G8;P34$O#%o=
zrvI=&+et+@9W?!G-4Z*ZqOx)dc>smx4AODdC5a$blv4C`%Ln1!#m%iKL~?;3I_n~8
z4)*(zQHY)mCfR5AyrR6VkMFBVMgr$QxZNa2ZUqiv(Jk~9f+cZ9TLuKE=nIIa&eqHk
zZx3&{Kwtn4`RmSHzm)v(A|e4^^bSf({S|8^450$QNs6@vMci>$QXYA3J30uO8at1E
zn57slWc98(ELn5HeFM@)m&T;df1C7Os->C1!%-JAH+_T-EW>a_YWO@i$944K8N2TC
zRZ88ZMxfq<r~XRbsJY6Q5{ZAs9Q_r{>P{`3w?#;cPVpXQ_ns~!{6z<`Ws1fASq;VJ
zH?WY%FNN~)|A3J0!3IabG^EJ*3)%PJCI2rVY}ON4Mg9Rn0&WOJqwbwx%KNuOf}ZQ}
i%KvvE|Nl_r4U8?>o=1<{mhC;3TSh`ryjs*K@c#j2tMEJk

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/collage.png b/login/apps/login/screenshots/collage.png
new file mode 100644
index 0000000000000000000000000000000000000000..9d5a9c35c866d41201d5f2e5e7e7635875671cce
GIT binary patch
literal 288519
zcmeEuWmr^O8|W}FqzIA%B4Z#WpeP_cNGUDd-Q67n2r5WON|(~zol2*4k0Q+w(tU?g
z&bjA{dw+lWIJ0N(wcho1t+jn8DK3PKNs0*o0I*-a;FkgbFxCJ7WHxkE#GU8Fp4$Kb
zW|kozpX5tEKCq;fxt^hkE&%Z2U04K~r1Sz2^u)Q3@A=E;pYWYRCV?+75<!wd*IAz9
zfkSbhd-`JEumlZy`l8F(geAe00E$?5eZ2+pv{Zuxcom7USY#$aK6#bqlg=Am9g!Oo
z*4^%1dne^59p!+auyQR+(yVKciWjsP8#{VmzBE0y@B$z|MFJ@Rv>6yhIxw-ZQQwM=
z)waKJ21MnR(o<O-9UPp{(z@^x;Q*)!zN5GiF_M3mep~bN9i<dN^58~oy;Qn`=NN9v
z%OKPnE0M5IG`HhmuU`s!wSIj2h^65vVC_DGd@u^&oyRW8NY(xOIIUQkWH;2QpDVo2
z6LNAwrT9LL9)0)m+rXzE;v?50IA6NAM}oUsXCAaV8Zm}=?%dFO*H_kl(mlO96&&{<
zI!E(8HH{)3u8#tyl^$0*39l6qWd~NI-W_))x8M+6qz`=^?OM%ZPvV#G@2f|%Fgirx
zd%N9oyiG%;6$MhP`QG=i6+L7~I5bbOuOqCZKkTz$+fgepfYV*vihuK|K34Lqn6;dd
zLyzb+<&}t*hMz}R{Ku0|Y>$3AOLXtIyLsQ*Q!=#Thq|neM;?Rj4vKbV-E=f}@d#WM
z75&7i_HZkF2rt#UZ5m{FY~?OzSLTvUum{#3^l9sU<V|*yy%UPf1R+hrs{_=xgx~<A
z>X{b42o96{n8DMODhREAZuSvce`7sM@5!>s@-4u}vRvu-MvncTT(9Sc^j#b!02YDd
z6cjuh(^!IC)BRw;m+vI;FX;h4HvlTC-61avQe8sqF_7OvFnXZuJxHi^1PVY77|J-5
zcn#zMM&XAl<lS6@Fuf3BSI3m|EKUFrc+hL0QKKEy@k)XMJn$24#DIwF2`!LqJSt%~
z=0V6X!kb7GbvIFXpS`{I>W=LTVkXarV2-yKj*uG3M+B%}pRY^e-S^b#5jG%~K?#G*
z^dO~??vt=1tG>?Ro#;VM!y)yYe6FrRAnIwD$6|6#xl!~Z2(A9c+TCXuU9YWSE)MuA
zsPYX$-%)q(x**qJ?KI@VUJ*cO66UG7LMeUUX(d0Gv`pg<MJXngeM>7Ko3tp|nP%5-
zD#K`WbBn}ZK)Ux@5#=a0IW&NOqbG8HU|!3HtpalbYQ{GuxRWT<Gxb>KJy8>I+V{JL
z)}xmnKYs*@(#$@ZeLBlD%b*9?K=S+gE&qXnz6pSZDB4rigT85{eo$LEZ(`VOnfm%0
z>1IXPxaFN^4C20Yb?^rAuc~zu4cIX5?}Td=4jfe!+}9Z!=Dv%pGw*KfD(@2SKK5j)
ze+v^vzq5wXjuDOV2EFrj^lPMso3FeLp4(6f;!3|Yey96|{fF)k?H?Q<5Xcoo?7fHi
z+*`$)$$J`8o^YRlJB0eaHC}X4(EWR+cggP*2i*>u{LreST|mqh@Q~8{u6zjNhxlL~
z8Y#kT0ybZlugt!LzSzE{1nP7*Lf?lf2>XRug$jp>(@w~c$~~Yaqbm$6Z_5m$3+<+!
zlD{pRm@%C3I_*;?L1urNiZsb57<ChYI%a&Z1lx;p{)N<}G*lUuFd<bTF8*p!@&rx8
z2T!lld&}{22rhl{Pm_`%mr0h1NS8~ClZJmzo^P_b&gEYd>E`Jcc&r<~{c!MMeU^XW
zqTWQ*)+;gTP7$#Lxiq<4J9)StJKuynm#k~1Q}RAOc9BnclZ*dnQfFoc<7>v>o=!Y<
zjPj16dP-qbuQaQqsYF+F-N@F!-)PC;z}T<Y-cbG9?ZLz)hlNk`CPQqwPd<qZZ1oT>
znhjMa90Vt}X*~XRQ};bf)7!XkHE5jZDpW0X@?*_Aw@+?yZq>*5$Vo_j;9iYN-pu;9
zi8<d@8pC{weQ^BI1x1r}l4Awof)xH@@00ymZ?cl&M5RSqh+2sniQSG47UL3oB1R{+
z`cbp<qh7k6b4NvornS(9&Iaa2G*O;+h<A@xpumnvhe^ap(nwh0s&eo{#qg2v;&4|v
zn@o*N&P>6~p+TQP%R%MrvFzHhXQQ7+ZWTD{h~#4zbrzbIxEkx5H5X>)RccF=>=deN
zPwAXA)i?0M@`e(dKP)~Qvh>o<oMxrcr+OzH+ZR-rXkE2oHg_OO`Xp4bqiWI9a@|gG
z+G=p7Ff$~xf9v&9yji$ex*4;Xm$m3D`s}T!zSW%7E?XYh<Wl|G+nwRn-lg=p)~&2f
zmswrd*B$odEl=GhVNG(~>g|&CaEJKq;}$#JT&>dG1eZfsOjmYSnwk$aGc^)Nn@7Qi
zMn{5&<VW(mr6?LePhbh^_?&^YLyS?^iv(*}MqLS5O432nv8PaDL*u2zhKhq3Y~0kE
zqWeh{Rn*W;;PYp9#-7K$j(V-<bIe4+!DHk0^>9wJM3b&@v@!j=NP}?$55I$uNq_@^
zAt{ZYiNBPu(oI?Nt;eHO756Jxo7nYaJNy;=6*NtxZ!s{?u2_uE1E)Y7MAshLs3_#E
zP2LR=XeUxt&dPsgx?WBxEK(*S-lY8_dD{3#trcHc*my6Bc*Dx;8@HoNLw0;uzfN^g
z;FVzsqcGx4;EUj)g^Y)kP-0U$KZtmMgEi7%^*uTi8tO_zA<ZWh_$eS&Aax*hx^KF#
z`z>{n%qwLd@uq_JX8GP_kn!k+sPcQ({CM}-VnDj|ZAQW0g6h-w^k|hCm)f^ma$1gy
zo*FH*>e9CJx3h;wGftHq3IwQkNznDsInXJ|FJ`M$7MK$n4|ojpEWRGdHoi9aGnb@g
zt2<jsL?yandx$f-D!6KADQSp#&UkKab|-g7U0pdr0Zda?TW{J}L(#*7?mj<mP-{8V
zwCa7>uq41D@L53J&++S!d(lz;a`U>_yJ&V+4%5j>P^Cc8%%og*wk#zrB^%|@*sPiH
zaM!R}+0jt|B}Yyed+5s8%W;~q5oIEk!J>AHp>S38_K@~fIS2Xv)xptf%bjMfL$1<o
zCwTT)YIUx`RK!uk5f|Da&Qlpu`S9CcZg+6+9!mBnZpVM*k);@Xred=@cBA*hWJX>_
ziP7BRB58J1XR$?gmfie(L$YeKO91nL;vjii>JTwGTC;Am`thxkjcR;eDkTXfiNRPV
z_Tq!5TQ-`={drZIpB|Uzm(rA^ABe&t2lYy4`)U=AtbS%qj`&(<%(28%#dY)WxZRm+
zFz_qW-PQW`^>~mnJCNb4N<|+_ZT5y$&rGKLVUCKCezAJlqTALo^N_KA&XZi$NsEf!
zp6|n!`|{1|687x2EaNscBmFbq2FAHk4-V<Om5I#{#%rwJSkE<0INDdP3QR7Q*RHvl
z<J9V}@s4`2;uKN@aJ9L<cU0Ns-+Q?rot+w18+jx*wbbvN)18_-t+-n#bX0XLU#ov~
zYzsbN+jCsNnjjwVvh&h^bLdl{#^AuVCVXgQQU=2b<FTt{adlmk$mQV>)DlFUd@=dH
zmfkJ(c%{Yp%}#c5VzLC!C-<8N3cD|lqzCk8=e8Mp)z#k9ANd|AZFep!Z|o$j1~&IK
zH-A;Zu(u+B+`*)J09@NfXQKK7gutKAz5z*ZY<_}Bp8!Hoj`1Zr$3uRgK*+ToG~Kns
z0yN)X?h>%N*NuPg)oWrX96rO&bs*lgfbS`Atgw9`+T&&FXI0OmW8`xpGIdg<aW@lr
zH}#0PD+;Zt5nFEvk-j?UD!kMa69dp9uF(M?Bs>5z;tC1z7l1?x0G(X}0K!OQzptf`
zs4vC<0f0A#0F;X{N{Da7pZ;k8;7RB2Z(suOas<X&0`lcGGTZ6cBNYG*;tRv#g`zd$
zJL&Wv(p{(n0vTYQp^So!f|w|~wz(;TrjEImE`x)q1!4pM!0Et_xHQ$Z(F8k~nwVL$
zJ8<1S8^MmaKE2I&7koCv#+d7_f|w+j&)iBE%);=9;n7`gOfVSCX{DpbF2yf+F&*)X
z>#l)~jRiX+qrJU7gZ&c*b1Qwu$82nDjE|TYnV9GiBj~Li&1^Is=*_I}oddaq!>?<t
zZDnX-V`y#$K835PWo~Q3b@%S+Lcjl<<7s24_h%(D>kG0F1TvmJVSLQ+i1DAM={gwx
zi)p7%&ZnKxb-o<uDKK_LDP3!G6Wdd?xSu^`dB(=b^oZpVE9co#e|h=`(es&qCd!%_
z+Hf;nO!?dGzt2+m^ZXyyyZZF+GbOAHbrGyR!}RgRVps278GlMIyQHCmu89J_p{cH!
z^(l2MPgxN-{^O&6oT~U|>SLD2&#q3r^5|kJC*!G1ugLgZfzIwCG>99MlkvAUa$`<b
zX@mm+5Wq`*UKt0Z<q0$>fxzgSb$dmtE-<<$n-^x2bp5SIF>Lxbtn2XmNF=!*YZASB
zoR|QMtbU@+|LV(oYESgHD6MR8x2@d7HzOk>x_0{ZRGWSF?Omd&8S2HNy<6MLj!m8b
zAUYWOZ$E<MJVv*o2vUjxF}ILVa3O%xkAyZ*IAdgle05uQ8^(?EduI=Re<%djEsqqE
zRH+2s$ow<FN+dz`O{aC{^M2Idu)s7PMlVgj3jQZV{)VPxB2WjGDJg#4=K}rm2a?HZ
z(_MSvtl*(V0oMyme<Sn{NPc640Mz%#pm-N7fS_XioKwW7D_S8@;rG3S`)}|H`V16J
zjQ)%*l>djs|6<(&<%E3%bFd04F+*=(@*$1WBe&U2Tj;i}%S<fv-o3w(`wu@~%R#TX
zB$_(W2K-wA{%vNEI1+I8TY7i-{}am3=@6_kh>r99FYx-KP@klsfEt@cYqLwe`FGN|
zWSmD2CT<<^XiDmjf5Z8|5rz1<Kmdj^#_q?ET{83^1b(^1?;+qKAj+C|$wK<G|7ZtS
zR)nyF&|xB}+;f8e4Lz5Op=Se-{wJ<WHvUgsS8U>c)^({C2$TPxbzSi)|8s^{gTVh{
z*Oj35zu0v(X8$kMxRTub|E3xqiwm4=|5a84mi1_8Xpq6FKfbWfpw|#JH8nit{FjO-
z=rB4zqOrSIeEPpgP<38I?(60DWXN}yk}?}9xD^`-O7aRm#r8f^^A=tY;Lg`dr!6Dp
za;q>Ji@4QsUt=BME^Sxvy*vLIxQquBh-NgHrHQ>XR9azcq!@=aNk`qWfdo3<^j(qm
z0UwDMp)7e$wVH$&jKK<br&@0@Mw)s~KPWU6FqQ6|%bK62l<xNB)=!!S#eY2!PjP8A
z!N0{CX-a1ljkqg7!5HZzx5<W2&ba&V*q&)dL@ydv)@q{sYD{L6jc(tewZAZ_J96Hk
zUVptdghrid45e92Z_Ib}L8~?GTpWw-R8dJAXq{fEpd<XDq7kC^kMfJs$dAcQ5TH&{
zKm4cGx*82kh<mVy3K;9fNdeeu5l7U^9+$-recjWP@`;*AnM%~HCB?obY?U5J4ZUi9
zlU$aPwlQW0XubT{2;;GHq>NkJdDRDD!I)Q*DmHSId&1LgG?ZaRAN91z$<}Br#&JUx
zGDW&V@Ok(n%33z);X=KiZFMC-E9Ju8XNRMFj#ImXM1evFpWQ5@+pB!k>HTx_s+*R)
z10)qyFHGs-A<1@D`+P(OUaxbuU=-bH^&DDaR5F}XoSOXLI#Hf<V$plMHQw2^Ik#o2
zM#k8Wh~8|oaoE|9ch9TabB9ndYFB&VR{fr*ZM~z{_BA)OrH~VNV9~aPz|w8DY#u9%
zik~>jca-;yTL>Y#=;5#^8Aa{(m7#+MROJWz<TCf4X&pMl@lO=jxO>+db|RkwXVZQt
zCBgPT2)l6XxdPjUkx}Bq{Ftc4@~kcL5_D?r8_T1{gT_z}bQ)KG^;^5zO8mTWHakD~
z=;0v8Gc`lR)BDbc{9|EuE~XSQ_l6l9;^!4w-H2|{^{(T)hQFJ8+TNWzoANk&<w?@x
z*r-we&jl!(<h^CDT#dh_d1R}o8u&$IGZ9zL5g!eGKf!u;)cvUdv%&Jb6hn`M@bV_o
zTl2KbM-HTi>2Dbi6%5ixjlLh*Fd4{@)%hXv-3i?k5YLb?zyOp<zvVRsI*u25d?HBe
zl+2{(J$BD+>;>7p^cL#9F~KPTb^a3Cef>PCc){(B+;I{2PYKrLX0p8#B96r4u$~9U
zdZ8!aX9?V5#|gdkLpA7TpRzcF@&qgnVbxvIjv_xFu1K6T_z5hM#uP~TCVJ7*7<}^I
zY|x#y^HW2isIWDjYEr=)P5VZyT6#>;WZaJDOul4o@60WQs&25u-XOOy<I7V&`eQFp
zTYbsPc1TtycYce=k<9YCTEw3H^2jE;LdNzec9+t(RfE=XzZXZ^ZE$GPk{^tp$M%hw
zbYr;89qw)gq@(Ht8dRgoE?IxlL^zR-$${jfD_Jw`bI4AuTrPt}y>kVQo|y*M6xZX}
z)m4gJcg>umxlboM4jnvHUheOjCY2T39kotOm3|GnWfrpn4v&0W&?r|W+oEiDZjAFL
zorsI)+<JGNY?)-7riZ21`pfS9(b6A0(uSVF{K7<g_kTs2M;GhT<}Zdx%{qLBRim`I
zHN1$u>y$sF*}yK4q1JGeIDAhapwz5UL&)`ZXsL_tzzxsjy?f<6o(22Kxm+%5ih2Hn
zd!Lt6vA45Ar)bqBDPqA=YCEY1JzU#!-6V%xuvLyGv*hAl-+iv5?axOyV(50so!<^0
zc{c8E8OwihBciui_Rzu!@)^nxe}(-jhhF=O<wRpBtyUJiV#ysoIchoa#xU(hDnD2e
ziR-?k2AzD4g=@fPh9JhN#ldV-+wss8Cvug!*4zGYTxv1MkaX;5akgb6D#Nr|BE3pQ
z(}`>(uR7Xi!g$+rJJzX&ti@K^csswa=`>;ubHz5EEm-f|cfNg8L!iWJb8l<0KU->F
zX9wq96tl6?(SC83Ubd3l1Q+4Y6GFt^kZqMw5@EeAiAkpErecz*m#Ni(y-Z#8+76M-
z1hlc2-)j`_5sKB4nI1n2<|NfHrPI7EqgGcYxu-SNXk>RA7`G_P?wtVkG1=QA(J_?l
z^r0C=&uP?y2kdTnIa#&sN)ZLO<KZ`2t|Pfp<fxRlo%&BKVuk`X>)Fa^Bik%quL|z1
z{94u+a@oYtzc?me=xvRG>O7-?48>|E+anDpe^TZ{4JVq)e9X%-ojL@1`)1Ek(`S*0
z5l&YB(If#s)4gAWD{k6cCjiUH>rGAQp?4G9vYA%PRp?6$40-Q&m50I=y)PVb*u8|b
zfEfmSvtnI_x7}P-ue$x28I`KOe8v3Q>@3r@XAMtF#Dw{w&}G>X`z;MKn=UinW{6R#
z{FIJ!=2i=UA0XRKgH?`CqB-nyI-{7Ix$abslCqk?&~}2ku8&;}d=Nd%ET!U6{YmLT
zc#}Vw68#P?9oA)1BuN6q%=q?@V&AYoEwMB1sI+qKS@&$G`uvm60~xA?Oycd2`5q+X
zPgXD#YG*4ko7M*plr#yf-?)cc;0Iki3*I`R(C1s><)SXdMg$68`?jX}BDWi*xRE04
z7&t}NiYzx~#j<Lge|&^huN84I3!DZjYDMsrZlY;#QhBlY)Szyf>NL|YdKyRV!9PtQ
zMC_15r{0K5=^WU!rB`}-&w-In$^ZFzx)4MLte6_EuoW4zXk?M=q#RIy6|AS5H<YQE
z6`5BUCxUwijK{A%G22)1-1#;^8bfg|Hr6-E?Y@;R0v-ctajQ=l>0oi6mw|~Gus)t^
zHXoiEejApERkowuKF^-Pr6AI$X{+X0hDLt6?Q#};^rg|!qkkCtGY^`Q*XNb>p~Km~
zH7~Z&RBYfpw`$Sx@WCc4JMgE^(h&2Ama>1B9@yXs$pA8E4&{ZJRdDB|$WV@)qvYXx
zLlRP5iLL7$Zoap-M`+!Hdz+E~$pv$~55IY9abP38l5e<6hU5%?k54EF37cS(4VEI*
z&XSLw<}u6jKXD&ih~jym5!IAqIW4%-WJqmxqAPb#lJvqAzQv@@7wk*%H~s1x#_*(F
zm?=d-*Wnen2j`B3a9s3DpAPPs4Q<Br!L&k<zER_JL8oym<hf09&WXH!36Dz2(D2H*
zXqE`jg$)Q3NycXw_C0W;od7$Vwkj9?Y1Sf;ViEwC;iOC%tAs~8Z7r4=S{v&LuT!I4
z=-q3D1jWJ>IfQj7f7d(i`53!T_YnQlUC9LFx9!w~&$rLC1d{L^v^lU`8&9{H_MKg!
z3w7<Q-EmlOrJz6QN~%+tQpD)FHb`Fg7%etFATu%^%vwiUtA}W?UH{7P7mNN1{D7v|
ziEwh#U-f5gE+0X(kho+L?vrK8Wp5+7jMCcOVq8~q@r7UjSMJylT`;cY5z@|4hrErE
zX>bUV%X+NaL|K+vtYf%zrOfbI7ZLmrxZfoMtE}PCj@Vrt8n&&v+VJz(#Q3s3;Dx3b
zHsf>2IouWkkNvHs?9Li_TzV-JiU<357;zQiA-!XROJh-67wAa}09^!9QDYISzI%}&
zdvEZ`2dwyW{R?^lUG3zjb-B`fhRkAo!ErHe3r2XYz4#6~dddsc@W{jL&r$7@=W^Q~
z->nf<a80u(LAm*h9+@cmf_(zO6*mI)-gLz|6@dCna@V_D(v^}Iw7my@t>qHgkHb#B
zZhM6+@C5MP{v0nry`sHo@3KYgq2TeY0GVpB@5@TNF^VrbL9MB(4zu}1#R0|!GB^e1
z&i9X7GeC3sujho~87iD7rjRNq>d}vQAO9(zolDuAI?5n!k6^Tla*XgAx$hm9T*-h+
zv_Dt>EOSpTM+p4UGx8SCl7|-axn3FKNva1Pt2wS&(?S{7{o9`tL+if2iu3b2@AEg%
z1x2Kif#22g?Wtj}+VXZ@VvbN(zJwy~^1-kY?k7eNnoE>JfuG+G^}1us5WZ>>ZVuRK
zs$rPc{GD{uszGySL&dBgKyyC@xYC>uy&wrhKKEcjOF&BZ+HY9xTP3M(S4sL^kjP{~
z78Lu0D~J{IbzuhOcO>_VL&<DE5uFd#DFkS@>Y7%^V8BFV)|1Fx83OnPuZsJ3sT9No
z6j-$<q_@vw2!2&L&p!FvLq&pdH|3cUABNtEM)}d~I6b8=tx8RI&L}o&h>2^Pe^eim
zi-2vJlCRU+^>Y{V6QwLYJO*F+Hxz^v#F4hfylR}+IAUkMk6#i4c?tZyB`d5f|80Gj
z^F8qWflvNG`jb=Wi2V^<<#?;<pZoyzq%N2B?lL8*8l`7v7()y|zV5k7HWrVHsAc}K
zctJvGqYRpN(=NaMMf`FtMBAR&B7f^^<I=l6T9L+6zzc-e<G2~z(nD(~j4$%yQm6>5
z{x4fqB=;r1LG0HY<0_8`tGW`jqzNwbLXB*Q73-~qZi{*X!WSzQG!;0j7cx)C03EWH
z93&g42du8^jNPF^-qm9Cd9miffX?8n!-!eJcjj@ycO^F~pKKox-nj&MdOJ-CX@6RF
zsdMBK7!!)`gRum6X_6*3H_?d#1}Bmk2k-RT=Rz2{hwCCRx2~(2BiP;wsQH2C$l$_Q
zCgYnsgMSt1?`Dn_AJkc+yf>g9c;SI@Az)3<@TBfouh$p)5DA9W#P9ivXWuE{hB7Xs
zT7N`)R7~exea52a4{#T>vR9q$T$lKK1a1E)KW>_p$1wL^MI?1b)y){(OXx3z!ER*?
zC5-sa&|vPs37?@q@*ufexABRFm46UzE$jhguI4HE;JL;~Mggj`zS$_e`K_Q($OD8Y
z*!f!671_fOigW>77(by_D(d=@@C|CK1p-IuHu0=We?@!a?TJx<yE>(J%Sy;kgiBf{
zix`=JT<n2)Y@**^kzMDCjvIt!{Xq!*K2?zZVqu@Tgt%Y!CHFHxcvIF{i&7RfD!4GD
zO%(%y#WVZEB|_SVwiemQp{-FmKVcey2P0{dowK~*PTmSC`c(3F152ZKzi9|62exju
z7K<^B>6+2gkerJT{bvp2XPmZ6Jms+~O!C`Yy_4IU7YV~<?)f;+U-QbIv$qA}VawM}
zqENO>Ep@t_geVn*BV7sqnG!*OF7{UBS8|@9Y@nm#ICJM<N%C()0{~mmd#1z$-<h71
zm1cw___3Ywb})dO-EyXue;EIirQjF@ET6)O^b1dTYKJB0_uF3Je}PjfMbK|0#au88
z_d3!(-FJhzwlv*4r8#t7VcHitRTR{3e437(xgiK;jixE&S$97J;r5x&M~{G}Okv9V
zr_*0heg)-ohX(P%vY29TBzybgObuR3)d{Sw6UHjF&zS(!*M5qxaWFqPhXnzf00rVd
zP{R+3iflEdlWVTXP^JjNbOhHaNuRf}<h(S2gk|8hrSOUOT)r3t)wZf8%oG=^L!3}{
zeZ@Pu^pSU^v^C8y$DeWb@}ocmqF976+n&RcTy(zBYY}juB2U8rEKFMY2ZXLUEct?b
zU+Buq&jmaOq)09*C>KZtNrD5L@8eah-MK<|<ij8#A?}dqHwAy3<bC>}XV;)BX5XMD
zZ_gcF80Mp*7*bXwm-M}S)+@9BkSj|I39qJ|nbo<tB?$s<nr8smgv1lG`hM=VerWnc
zdiJRN9xQ1G@6F_#I3Zo-gG6+gpD2aYNa(GL6mlHz?KpaCHv6j!6+TlFD^+Oys*1Vh
z;vYlQ5DcKm0iLsoNf<g`9U6TPk!sS=Spxo<cl=Or%|k<K-*Y>F%%gaIm}ptm*?)-W
zaIp*0E~9uFV_dtO3T8z#^xFOHE+g1qRV0zv0y)yrapgqkKE}~!z=dIv&?InUddQQE
zJXMsZ-mg>~(jmBcrp%=vJXhvEIGuDfex3XS29_(C$E9QuDsK(Kn_%o5|0czBi3H+d
z+dT+B#Ib)E?ZVM8$s;zGJ50%hujER<?HUS+MER(fBdTKZ{`bA0Fd%11a9F2c;+X|o
z$wP<tL&sPUoQh(89mywEBX<$XT2OXZt|@v+tNvcy;}-7QYdUyeB9O&i5?(kV1WI^V
zxRnvZ-V)~?;YBL+N5MD8<6F<{se!wgs-IHb6#k6;=PNKdkTgr%fR+3go2_`0i**KD
z`n6M?f~=sgA*@W<=Ps0y`R;{*{o&Br6_^ZVaFUiX){f;Vk?y(Q0lx-fP9ng)##T?1
zP03VFjJb8~j9rLw#6p$xcHayCU_ed(;du@S@Q5KqB=}t{^n~ZJ?{5nreilf9t)`+N
zJy|B4nEt1n45~a$_RQz{qav;Vx)8}FjULx-C>&%xk(kzb;Vk)EkpLcTH^9vjGi6pX
z7mR%of!GpX2%f7tHx!*BNaABcUO`q|?|+5Qb6QA1d=Lxgz?tH-$RO23Nt=-XccmWu
z1e^o;nFNq{G^>><MfF>HSF!s>mGD7zg(Ib#C!(vvHdG}0rRoLNb?*V(msW)P0$it!
zhatI(es%68c?eykPe`C!;RufoB-chM3($JxaA8XOptso)<=BYh0g*wM8KWO?v%o4}
zHXZ*TodtrWN5Jvgu49%@sAm+gQJ!XSoi73EZLe>gOT<HkAR!{mFIzbF4+>YVUc^IJ
z*zg>}xKD1eJ&BMEczS=}yn)V)RFfoa{0hOI4ebjzY9#~i#(ej^y|?7E(mBKaYR~AO
z_#llH<2IsiT*PBTM5t4vLfXzo{Co>tnmzUW%6N4VQ54Sq=^#j*6X<D{h*|g+Q$BAx
z&{5_2=lwjqb6vE-K<IW9=T#5NMpx$_6l1DH`_INqigE_)Y292uO(ffcKS=pPmwxoN
zi)24Wq|=>&=h@H|&iu}>{_lGp7MMY9j5BsP0s!?yzm5Cfp3E3~Ux@5?F8?>)fF;F|
z{0ARbD2sF2(cP_UF~4zr@?r>N5bHI<R+p6DVV>U!LPbis`vRFg_1rT5W?Eo<(8uSj
z`q3qAbb?@mun_C#=h`Za4=$;B8vAL``yNz+7?W5;iWr6LPc-^FK4*wZt|NTNy|s)V
zs*Mi(sBVqJi~SdE1r;K6A%HqVDcJU3+0zAIz|)|Xx`=hLP-f75+^5D-zMf~X^EKaT
z9W=(qkL1Gn?!&Kv2BiO+kAE`|4;u_za1euIm*1J+g|q@0?)&A=2RjBU;`;(>s;W5q
za4vgP_ZjQt^?%8k{7J|D!uTb84a|uxjC^hkB&(A99$y}u>#IyP08!FLzPStSe&2q-
zxc&8ilKKk)NGr?DLJ@%=S5-R-s}c*63kf*_R}LZ(b!!ymeS|LF`4`drij{l<*QJ?Z
zIxLf-6W}3}O0J!sHS&0m2cu&zo<$b`#Isv@Z_Y|pN?jD$Hb56!pPbh8NB?O0VN?ik
zGb26=EhwHo>BZ@1B^)BTD|5SzppaP(5k(GV8^VG|!x|>9VDXPiaC&UQ1x($WuwVl0
zI`h;}$YUhpkguiIkHeT;aRUI{s+1};x)qOx&m-|N(8bc{2s7bw1Me@aN0-S$xRhYa
zWG%5qr>8l|c_o}%=N?xQ$tPUe?4t$Bn&Sg@D;jnBa~B2X2Reo~%j>@#jm|hvyZ#Cf
zEI9(K_}(&arc3u`dRIm0yMg{i77lShc}`F#B*efO!F=9Be4&cyf%Idu0soO{==>lD
zjc3C3elno4k5Ys>?iX&p<)H^IXib-h^E2<6t$_<cWk|szaK43q)Y%p$q&SkU0@U`O
zKdc_>S}jSkoWk+IJx%VclJV;znC_rmv<rz(0sTwoi<q=b3>F3-j0KUNN#<uLfUli~
zl?su7;agoKU{<dXUU$J@Myv5kSn{|<O#SIz{4~Aj);WqTdPox%_t$8nl^@}^#Whog
zVst`C&L2_Jo|S(L!cv3wC~IM|@8Rb;2f8<)*E!KZkM@rZ1$hC-89M6)KMSAh48n2m
z(~R49d}tC?W_D1cG~J9j(*S^n6li`XtgUb|46(}>@fQ1hCG=!~mz$=E?c$Zh=?JKE
zzx8*3LjRcsD7|G}VwhQ^r6MHT*4cVK^M&wvZ4fH+j_gLA{9SCi3y7rvWcTl8?nZ&X
zQ?V<`0rAER3jh3^jnDZ}PI3<m7opIp_*zWPLKnr=&~*;&-?;QsSA-~+K23>~PaxvK
z?+AQlwX+n41nBMUJ$u~!yQQF$0A;6nzoMtnsH6E|eoap^`IXL@I;arAGTCMZDWQzI
z&##|@ftX=FnvaNv3ttwafA#Dy0->HeHz&jbU2|f?AU!I^uNJ+|J>f9o&>+?UA>`;>
za(|`6N)XJ**gbxtcuAy32Yy0eu%l^kG38x^M~)8gJPWu#QvgR*p<`iynotb3e_|&9
z7<mWs0N!DMCVaU!jDhmDTo~FQG=mQoPH-_>zTB#aq(z+ROewiGbEVb%hnR#8ptsx$
z0`<s&;mgt<!CelN7M56YI6uu95zimMZuf($xQkh+5NRq8B2D!mK#|K*_|P!9><a*f
z(IbL-8`13UKRU11FCjF$H%GCh{p1Bz9pyeV$*}3MU}Vuy=M7}azxh?4?dkcP&SEP!
zOBb;Vl0tFYH}j!pKy)84$4{tWreCSd$*8grQGe+~)#Yh6E^l=6lr9bo9nEEn3&KZ>
zO{e`?OR`HRN7-!`b+(p<B$Rt)<EY{s8sc1jy&SXY6NBeet`y96MyF<TUYNt*0@=k+
zT4hMR^EJ3!iB%Ux{LP*i^B)-*8gcDfc_t%P6xSlwVpfz8P3EWp3+<e}y@83PO?8({
z6_{Gz1OMz-$v)f76n!d@Dhf6M`r49plfGeet{SSzKG@laPB)ADG4P~D4z47}#lxey
zL3xnalx^!mpRH74p}oAv;=Fx};!EnbJ}<!IC+OQrsm?Fm&M)*s0=qg|3)F~IGE@<^
zHKfi8S`RCt&NKI;FUgy%b{>n=k5l}n7q-8brC69{K2^h_+eUD(T-crEyt87rzmOWS
z6yt>XBTQZ`U%-!O<Q-L<L9x*Q?U3a##^1>I7{_gC-$RNSH=r`Q=;fk=ZVq5;Cd)q$
zdxw;b(r<Cw3b8L{=hoeqWgJ0{??aSp!>j6k%r?QjXHw+40S_#3Sl7x_EYus#Bd99X
zPBn$sAf4!&vKW~1`2^&-9j&f==*?jNI6d2u9>;7vn5UFu7P%cilp&j$<sl+$JxD?|
z%AjgrFqo~p_ldbL^+Z=XMZ7TeO_fINA$xDBh~tl&UZT!ax12wb4^D%}O#1v|`LGYZ
zH^;*>jLo+_T=r;C(ZgpvdzWobcL8i=z<02Kij=TpU~5q=UqM?pVK|`1#Q1TWU!4<*
zXFxJ=gy7~-+N*n0>rt%caYy@0xh$^xHU|r-@yl6-T~-od4-2sv$~3ryvUUe(mAz20
zlhAVHbJaF&71a;-=Hdr4<r#UNS$?@8gj**s2PqLsAVB1Q)Sx%ASCn5T3v!25^ht>+
z_099xc86F)hV>^g<f}|ACoempwO&B5F)&jux1f4^{|&j@Jkn>m?7()w4t$4aq_cF=
zaMgY79hsk~1a7=1;#>@8BfDv>KjW${@lMguluLV)%aLk15KF!SR_3}h(zm@(^2YVo
zf`RkF#0Tz5)%2UPWl~!cwsWz|IUM^+bH%o5_WNDOGw+%ybW0~$>f&7X9p$$R-qcW6
zs@K*G4SQF2so5Ls2uJQN_UA}{mR`ts*nG?OBfLnPifp?<WV^3S-M6Dm{u8u{7t9B8
zkh@pxLvt{tl^%PVh9~%<kX8^h;Bc-%<CEl4`|&ZYXFKwFy-*cv-Hr|q#>{Icj`zCV
zM^VX4Bn3YE#-vzIH`Uw<<T)<0T^S!CaFCzWo$ZKZv0qU!?n@DK#HmO0+Jhvam4+CK
zyT99*h|p_-3p0!{F`#TaZ_b>0M8u}i3;BqHp_v5j2ozu&H}S(h6}i&LC;A75)?}45
zM#@D7dRwY^cw)&F+H-Id#4Fch>H0C|tM0q$-Ezds^0KvIy5{N8zgQIrU@6y}W?E}f
zPXaQ^r(>PB4ejQ650pY4h^ah+aggBGm5%C?jepWcbKdpfFxlv2S(jDIv-sf3VpNp7
z!N8Db?lnlCEwG_CSUXi~`s-)<cKw_9P@14urnM(E&ST~Jv9p1-HVaG#-R<UO@7-!g
zUQaz3c^_Fg-rp)40g@ORsm+C(Mw^V+*H|MZPr2>jBe~Rn?OI*Nwdi$r;Yb~nL0S7e
z+dPSmD4T<}<-M~I{zimueAKLJU698XjxWKfiC|sfl-oge8}hD99M|@6<H@`&Z9C%C
z12KvFY1T?%v1u}G9X04WZ=fj?Z2`ej!WX&JUt<$)3n~)!l2zYhG9}uL_Ozw9k32fe
zQ<rJKCkJwwdflebDxMJ4vR&*isjyvAD6O_DHO{RWk76}8!Y1o4b>FHPuGzK9k_eTG
zt1Fk`m&rMxaO#L+F<frn_+@N9S{Cn4FW;l8sp-LNI{Jmhs5X%?7&yyhh}fU^SG6<D
zHCUTOV=(x&xMY^UUVEr#j5)Y#wNtw_W#<rxteR3aIyk2uQD(O{inb%089u)A-jf1{
zQ-gxXHE(h9B<CReBo;@Z2J2JbW^vS3PR6K$_Jq+80?mCrg+e{C2h3=?ykIt@n(z>7
zT3tHeu5i63A#j8Nm#mIhIih-Ja*UuZwW}_aMp{c=K%G&ksHN#WiFQ<yTx^IPd~{?`
z+1#`<nl;c2|3vHCr<W{d<IfHbR%=~TQ~2IoA1pQ=dQC0_x_-RgOd(h6=346?NBdUw
zfq0Ao&&gpSBBZr*egD?LZntbOW>P5jAt1N_(}-PzKBN6T$rF>kUo+gXma*)%qKfF+
z#9|~_?CD*jYLRHR9sDHdwq^rd3Ow$|E(dFkI7b9u=#@)~%qA+rjBYrqsoe{TMYJ0V
z3MZ)l^oy_N35cNIBb!npx*g_sFf=lx7peYZrd@vcIV*QYhY1!DLlH0{W#vu0TS={6
zN0EL!={){BlUlgkV2PM<^fN=N{AB~u2zqJ@9)@RK*mC<FuB6)j6v+M&Js&@Bs}?>8
z&f_1WL#O9<5Pc{5Kq5|yD$XfRwmp}K1jn}CcwJ<9T`Q2#xr%uu277U+kcF)1SEW#!
z8mv7RClq$a&e=7^)Dym`+{}>e_Q9%5)ZKU~$yG)O1e0yg)Z1ftA+89RCI+pV_Sa;S
z7rEQl3P-LvsoQ$Bzh~_=8p_cf*vL3|@65VgJz=*};Z<xl@U3Lh>WT3z5HIzFxe;D?
zoaIOx?fG=9<XwkUs)<k3?Q+4bMPuZhA0mV#egXY=@KjQ_(XaWMSFhm5wyP7blxhtV
zf^XJN(Go*O^7)*N`|~`e9$O5$DdB-Ao6M$_nv_wS{mnVZ?-jTvnk$>83g}AbB@Cu>
z-)~=kc<2EcMRZL?$hfEk!LC3*V#a_t6`Bvz5jfntb^DtO(_Rx=L#E|3;dYJKtiuQm
zS>+(AX9sm|!N-QsKt{r28n5OwQe*83^g5&Vu0z?YaJV*uaC|FQYYvv{(I__Stube@
z;;1Fj7Q&Uy9*gCYIcGUB2yESXb4zPT)jk$sjIAr>bGOMj9rADr`u2+8+y~3k97KyI
zw_G=S?N+OIPzCaHYxdi6Di&!eUK1bnR1X^@`@5)iv(3fa_3)u>M5I)Q6(Qp6t>QdK
zHV4~d=E;@UNtnKfv(1FgJF9_%oPl3YdPALUKV5xo>t`ColQ-yAHqF50j*kf*EL@wV
zSk5OxmKdMcg=F%DqI?zjCOx{D)J+BEh#RK;#M&-v!-LAEE5UD`u4zYMI{2y**o3co
zE-Dopt$6-WQdW&H&>4;IQw78BMnBPyBlF5qdk7Yvjyw(OeRT+<>lrOIHWnFwnj@Wh
zv=IEcqxh>|#4h4hpwtSihtjCry57bE1>QV^OsughcUfo2P>j<>+h~WX$_qd&d15RJ
zFuahCJT~jO5tW_fht5&?Vi;1J$)=>)Vm?XJbkhl*qeTYQZNv|G1)qs2W+v34c75;W
zIr+6Etth)wCw4Gj%+yBn!o1#7phTw?FLS1?*0R~(q@A9nu=Y605dVSrFWYNv6fq(r
zNVai^(^iR#Pk!*^jyMok$=jQb6vYDf2>AClb}_i25@U;nyLK1>Bqx=6oun!Gb8-y3
z5`LpEx3cAPbIj>Lq-_wtfO4&`!V&p-`6BFn<6`j24=18?aUAAxnT=9I49tfm`R)ch
z#koMNfd_4NY1#<K^E7%U_&dtM!Z0RmsV6bk9GRRCo@Jc2J<4wUo~y)+J%CfW*hrJC
z0?c1LF^)L(SrDzbGHmUVGd8Tj3C}FS7M<%>hqXVLqc0i$67|%~gvXz36$sWRGTa&7
zUnBL{!tCi*X6)T(0YlAQpJxey{XjoBI5T|NUtn_gCBdo@(;8~8A4|f<XCl;B*s=Yx
zO~*<GtDWuRDOdX>c#0|94|~zF(?f_*au=}F`+iMYHj^LYqTRB9!VB6NxD(92yuHy2
zhS;Kym71$B8-{{2c%Gfa+D{rD?Qd<ESK2J#aSaMlxazR0Ap#xzgV61DiCStAjULTw
z?DV{IO61WRjz?QVu7F9-p?6ZK^+(%d-DrfgWK;9K$#73BhDYQgNN(%x`th!M2wTYT
zr{I~iHCf!f9%3RxOoU>koG{PBZC#nuf4+f!mLGfE!cX9c*TxpMJ+ISRZXoSbvwaI%
z$VTnX_%y_0qCZrY+ys`-eJA=jbEy8Kjz%K55S!IRdq~Ch9l7N&uUxJf7e!CWH;|&3
zHLn>m8keR74#^7gyeF6y<Yzd(?zthJXWh*`fObTKE*j6MSkXUuIOS}nVi$w+TAJj6
z=trI0n)UE#dQ+?eSayU9c+!ut){Lur6^>k36z{p_6z5tMJGJ!CxK>j+Q!z6o+YU*G
z6!~aXd39uB=X%l9gJZL?@`s+OF*aH7GCnGG@quaRQN@@sBhOr6BaOhAv;>bnpSr^c
z8aAzhXdhhddrA@4!t3O0%VZz3S{I7<DX?m)@sdE!?e`qrc=A3jJa(CN1ra_xrsOI;
zqq0MjCg#;ozO9rO=E7@NCu^2Tr(BI%Htg1ChV~)FbyBs=DV$xPX1M)YuUS@wzrUUI
zG_Av9JIhYk68ZhNz3T)v#QqNNC!Wm~#}swP9+?-3v8)&<o7KEi&t&IvP<NM>)M1t{
zrIAiiiZ?cY>`y;r3wN9~q#9mGje|7}uog$<xUiqJ$<o2wb8GUK%nx}EwkzXZVCojM
zVM2oXac-WfF7@Ty$r@XWn7{l`w*2k-9!=RbS8w-H#UB_#cdQwlmusx^Dpf5<_Usm0
zn+3e?9z1JYb-y`hDp#galU+JKo>N;=3Li7YA#RZ$GmV&=AbhyDoOi=+^~lQw692H+
zAe?<5QGIG@St8=|T8p-Lp=!l4EWq+}@t6g&`)$zUI0s>g1Dk#Wp4+$SuQB4jkgGeg
z=e?$0pzyBr9+WX3EB<cK7I2XhwcgYz={c`{?eTtQcj(SnV)fnqt>uwEF4r3iALqSV
zL#Pg}*^kQgEps1j_HpyY4$|ACClL<se8HC(M%09>UNEInGgE|3Y(%aVbqWxx{w$mX
z-8f2(bIRD7?``B#%&+U>J}_CDs;y-<>VFX}7?1i6o2lQC!g={|t(xL0foNJ+X84r*
z$%J6QEkm^14him4mG<UK1DO%3&hX-GMA}hFbxmocnZkV;`A}vjp^-(u>sIA#l(7q1
zruAGGcV-+DhS94M9uUQ(+X1}Bgf=q;V-PP?#KTWXhIJsdL_{FFYqX0acZq)wdl%Uw
z20y_s%vwy?`?C3gg!24;-MqtF(ksoxL_A5@H7uYkWdbxOhoQ%?P>f|eRc5x}D}$o&
zqkuG6$%Ng47BWRuBj~m5+L%F%)Y#KB^(lSh%FL6_lASo`VZ}MsMdZc98ip4uCCa&l
zeG+Wk1%c7DwoM%)Zc55<`-Xg>s0DrauYLEa{O^p_v%uwFuHnx>Ko-MsYEscOSn*PB
z`LL6^9dDkW$YMdiQF)dPW{q^6T50u(CdaB}0=%eko55nOW8TiGcN8?fK&8Na;!;GR
zFK3~Z3NI~rvr;*6H2FXQ{^TS*#&q1KVMx7iY<qHv!tU2XwF>T(7R7i<{*Qfz=-7fE
zw)S(fT=t{+(l+iOGFsf6I<yG^o`4$3go*BHcWcG(ZtJ|p>(VVbYSnEe6M7<JO}Ya8
zOxA-_CH)|7_CYD)5#kE%)nP~H2n>t9`4Zu4_aZbF%6fgw*e6_!7YfL^*%2PLaOZYC
z?TPZ-E6ML_C&L3iIOHZLoZB|>_2Nj@w3Q~PWzetMf!tLsZkXm7GeEkXQET}z*V4J=
z<qd{HKAg$!0FK$WcgIZ2_fi<jEL8VGJ0+V3w(Md!X30<Nle-s*D?@THboVQle{5up
zsW}gSuFfsYpK@9CTHoABVcJgTddjtKE3a<We7Nz5!h+;ha)5GbR$zTGxl5NhO55E!
zc^kzdUvm+Fx+Ok0FPI92K*w%SQD0Fz;+LF<QIwY5k1y|17R-ucoL9=Zcj-$CkkPIe
zA$kqvo88!^Jqf(MFfP;NZi4ykE{@f*{u=k;v{%W?X~_Y<cs(}ex_2aO=UsT$;<opi
zd5$#^IeTsO?hn7?g#fUF#1bC8`+-gUhXvQtQKL+QwYU=aaDMU$#<p~`crzC8&_+#c
zfXw~6F8s7L;6hZ7FpoM<7#Fz^d6=?!^}wXdhFH9+q%;~DqFQs@JUHCwW`(zVLdsA!
z2^7nWL`|=B|5`vu73<|azWwJ7HV+j-NeNx9Ucz!E+eKMRpvrSX{nih@=q{*R)R+Gk
z0QH?VE7p_@k*qpU|AIS*&19EZ^&V+FT#SqkYjU+#Vtr(gK=N~4#v7Gc7SO8U2~|AF
zEK_^6M!Ra$6MyCH@?TnGr3Z0#!-;6aG*q_{0_Oe_zwr}4z!!D(v}I%0xm7wW6Oo-8
z-riupGLl**>Xf?oc!<q9^t)MFwBYuZ0Z|1QIiW30U`|%9dSeK6=4c_M6K>tvxxK-N
z@3J=LcCc)C!ddXf^|8}?3aVpRWA`#%#2z9wGhJSOBEH?cYt&J?z1(wyyG(S;$^9o)
z&O_!Sg+=(0*;~}r>dnRIZ5UtR0gXOkf_<w17d*{<JCAE;_$vq$r+KtLHCI@_kig3(
zYwy3*WhY(f#=a<`{JklIS$ovjyhhb1g;jUsNuR{J05i|Q`;hTnbFSK7{wFo2?&S;G
zgtz2JlVC-kR}NESENg5nk-RZ=jE8cvapYVqU>dBb+yfB{fiz}OV<XmC?c%XX_0H2x
zCq{vs`=PE!TlR9@u{#yq5#@DXCtP9L<`Iuqv*IH5rHzHh-Bm3$pE{T)wnLx6CWV&0
zaCp{{Vi29h<Sov*Yxb^BEp_7z?I$*ZTxV5mvXTQh`zf?rtQ(W-?b}rx-EBPH?;rPX
zHrh}14xyPFHJ(%*`f#oHTeFxSKVQmw#X(V5-WM>YJSRS;bmDeWaxZ|pQz9(W)N5N3
zHw_2ZHr|zM+nJSX6UBI*33pNHK(~S4z0<&%2&L^I?D*GDx{3}X0Xr}>7ah$Uw}l)@
zcj{Cb{bc81UN|LKj8#3?*?tDyy|KCY-q2Tt9?>%`T<A+ZNT?k~PD4(kF$uFZZ+MO2
zCX1Vwdc@3SewdWyq}2aXbt>thQ`DgS%6K`8MjaqNM?P|w-DY0$M-Hz(A6eS9_4eU>
z?IR)f+P2h(uK9lKMq7&l?Do7z+C!xVy-5lQ+RILe615U&lW$dOntplS3US_n0jnpZ
zduH&n*?GH6rxNN!`vDqal8Z4Tkqn5CBwe>Y=%1*BFQl}oP9x7erCbq&kCk6Dt}NG~
z!FK)XzQ0FYX<f(HyDqEC$1(F$+qAIr?#Ld2fxY4Cl504pKTpoFqvz2gFlo|FyUg@^
ziV@erd+FuR5mQAAW|)0Bs`hKm{ll}^tW$dTc=kK=h58Pb%*r|um1IaadTGBdKxS=7
zD?*I%W{AHzC``MX%Pv4%AQN1e*r>iuvQ`Ag;W;)5yzVxL7D!VeIOqN|KXp0CYuj4a
z7iG<Lr!jE5jxSJgqF6h{jaEfId^&)Qlf8IJ+1y=2KhF9c4!X1=Cg$L<Bk^_#qS-le
zyVBNHx+Bg2nZmWHTZc$l5VU&4?dTh8+4XhXJNkNQ#h5(CeWQL0#a)#;Eyak_7Zos?
z$rn;KxY}0tht!`;JpC%6T!XXwgyMZ_LaCM?M`~NrLz~*e{b(_}dZ#ENc_bHM=o6b^
zk?qbMp4|?pqvL?fo|{GAO*#=Z*SREEry@gNd{?1fapr-5{Aemg)%U_ln#u&dH_{^|
zc8W;M^abIkEd#bWRkPgMy#Sul%7@Ei6mA9b>h5D`?&22Gq{dm!@39hO!t24%Rk%G*
zktSmmftU`yg6a(Ld6?s?_GGX4^}fT5qcGRiu~j!4-YE4kKSs{)OxMijp76!Z$Dr~s
z_nT83CK^l6Rqc2P!B1Aox``^Y-Z`#}@2l`e?{|7a96`Ij47n;gJQq7eOmdLe*U@Gb
zt)nHT#;b@1Tl~J9_dvu7FB-Yba=U!JDP~7s(tBG(FFep)^&3T7f2sh<l1%_2ncThR
z8Wk+>;eZKtLDbBmitr+v)yaty1~`sxU*!*9y5(;oj9amlOF5NY6w)(X`}4{0yvFN(
zb~3^o;>+v<0)7Rki_bpOw@KctEixJT#sk7TVOza{?gen&d{o3_`)B*VMGVQTY)-FI
zitfD4R-gi95DsV6&?AUH7>w+_UasJK`^~cX{yTM|avjRmz{7ss*2;n7L+gre$rK1j
zCnloj)iRu%65wh!?4BhK9~CHQqgfhn3FKZ!av`%f(I+$MX-g^B?zbB=d<Bh2>5`p&
z28uB3{RkJ`i3~q&&c#*~yXw{PzY{$aWS})KZ{H_+h*nw0DOP^kkUjWGg{dGNOoRv<
zF~ev^<%(@jCyeu`!MQ014_Uloo19J@9q!*7ZwsS?e;111^w7d4V?nno)Me;{1<k3g
zA-S{(mTk#JkG!D>^vxN<0)13HSaoCB&&=n>&1q?4s(GcM#u|}sRu^09ps!n5`D>BP
z^xJBPYY8MwaRk>H(aa_<H=zFD(p>T0x|{1HsdTWY9Mc7h2!wC6%_0UTdl(hvu<Msw
z4lM=NO2o1kyRJoh;tmL6qL@s&=({7{kLsC3^uM!ls!V!0gNFs-Yl9s3j&|+V>?6kK
zI%3TWRhueFjmK2Bc@LJxF^8oUJ+~z_3^`a;*Xz-im;6$ejC!=YckKr3KDZhU+eGxP
z<~PUZzo95=EZyKy6|Ak7z}{HWK9N-3TyhVbQXjgB1th!+I}S<CjEFitJaBpxkc3VW
z(dXk>DVsigT87wbN{TLY%g3hR9zQ;qI@y136?L7}?$sPkOF}8UWNaT=KD=yKU$WSr
z?lqh&gmdx%IKEPQ;<hwWm|DHwL^k+YgcuP`;i^#+Y}*6!>U*Z*Tw5~Iv$Z<mh;4|v
z(IUg?)T|@K&W_3V2Jf12+JiXf6~k`MjrX?mJ$EAc_DqQ$D!|<7G80mE>C?p*dkovA
zb_K>F#_t47Mg8R{{^_o!jwhto!&j90hVJjq?++~+0B?c{ux*@>;-hp9ay~xL64<U%
zQc20s7n`Ch+Y?RXAFpP!FyNLU1ycBmT0LM}uYx)HEeVpRY+f@cR}Nt#zB|X$M?va7
zuH`3o=uD~JTU6+67Q=iqM0QPP4qlqST65BBs;ptGB3D^ris;3#F3j&lJ~J%93YKOm
zw{6~}(?YZkMuaHbSAvr}?4QIkmrU5hwN{T-1)Md%(3u$x_HM7Ist+H6uw3&#HaUi<
z{@Tc_j2wyD?Ub#Zj8Hd-Q2*9mt!{r!_q#FTeWWSDdc9u`t6mbmF<Md4qzW^V7TUCa
zp5*rMiezl3-5f+_gS3NPG&JeZj8?fY%w#g<#>cUfC5;zn)GR(0or0uR<zU#bwNB9{
zQiBOqS;+Ao?cyEs0N##fF<s{A<E~I6EjKin`Lu!7{(_Y-Kj#kU=T`>Amf-l$x+PCE
z?IB7h)%g?=vuWV&Vugk{{nW{$E;Jlk^v8DT@KKGQ&G93ctb|3L{H)`7*;A`KQzvgH
zI^tZ-Uf1S$E>*P%Pl6@Ykapye?UUR5h(~hgrwG!?{Sf;sU@sH`hZIJA`bCv-gxPFQ
z*iVfx)*fovPr06InVH?s4?=<>S&Zw5_rnf$$jqzqClH&Ty|zov`8$)&m0d5K&sx?(
zn}~^95~R!jhpo4Oin3e(KuKvBKt$;hq(h|}R6;=M?vxt3yQM@xx{;9X?rxCol5UW$
zyZQ7x=lt)zOBRc@W}Mjj-B0}Dd24qH?Qf2{)QU74(uuQAi6wUwm=KY}05pPxh)Kxa
z-*|uLa{Vh(W_LTUs4`6?;E5AOdbu7QVQT5&mV?T+{0ytge|4#U3G*yeXxS?{HGk{>
z>X_scJ>dd3FBKDM-hFMJKj$|K=R3+z!8z@DcTlxgH9Lc}o8)vQeioMS)An-4O36IW
zN?GdrO!IU35!oTc^}U)draL=vj~6<DY`L_vGm=I1TUnlbGX(6$+Ew?97!&y_FR#s4
zsPgu_;f8oNUd_7hmDe*@=R)zBHCM_8YUXj7P^qs6q&jBmhNSF`?g<Ox&}vN=@^dw&
zb{OtYt^reXfjcx6ImCP5Q>j}v_?$QO`h!;hVRf!m!s}q5p*A)@@Yq%Txjr(aR2$-W
z#Oe+FmdASIBcZ)V!a^Z+yY-QLrx)-O3sO#bYYRw^rtjz7wIY@{LxY$n@@<%mS=@8i
zC#3H5B;s(YL_24dYR{(H?H3DziHkiPX6<(h@`d0LohB-snO?k9E-&!Dwco6FJB(;D
ze8p$}Be*c>jOi&ea<hDDZsB*;qba6pS)q_xLwSBgyidLJK@r^>#;o5Mq?kNeYvGx}
zq%H}7L+9ZbN_z`lAx4c`fZoWRV0w+I;SgYQ7PID6NhZB&jPZ??fU`IQ;K6JxtDYG^
zsQGa<*`7BY_tM|;ZzQ`ErX1VnUjI~T_W<PA=ge!Vb>$ZJZDcy!RQITP8M#gOi{*eu
zSK!}1hV^c#yehzy95xBMbqyf4KODV~j(^nyo`9saF?9+YR9;^ZSFTQ;TXz3zVEZTL
zbQ8gLvcAk_d?6l(@Jfsmup0u(IYMtRbg646BR5myTZGQ*UWKZ#_{pd5=?aY6YSngS
zda=*rn@$z$>~32(Gy-VcY%J$v<D4^c1;8NIxG{MOaG!EQQ=4dVc2--_n9KL)>x$Ik
zT8cWuh<8ZS6+7_;uF^_Pp$+-Lh6*DMinknTE(L2`Z&ikR&XDB`J-O*}k=W!do^d(b
zBM)y4gxU8N$}&M!whag4&C862N`jeeRL(UWdsSaqZfBb{9DhdJ>ujvTKQJx4rQcJF
z5jxO~$t`kL&#Dj<OrTx*<ee~~sB-?+jlXlSX_JnScT+QEt<a-s$44roDFB^VN5sET
znQBMN)?f||F%08=D35)A<H&x7wyTcqU^%O7e$H~dM1*H&@|>H4dTyl9R>)nP(PB<P
zWn&C!^tdWv|8(pn6N{8iLQZ($Re_a|Aui3WPK7DnK=}q{^v`sg{nC@LvtN4WHNI>S
zOAP@e&&)XHT<Zt}2AO3^3~H~J15)-<NxJZPj9%l5WeW--KHfgPdUDGnBze&1JngrU
zVh(f(f&1wp{$)n@=1j6bZ+Ue0qFUXrdGppfyMr0<eorcR^|j(NG-6CNVDO(cDU_v#
zM%5Gvu6>?mSJu*hw?Ovghv1yux9#QDYL8<luC^SJB<yZhScBfW{n{PZ0>BoT;cM7_
zj9_r1NwWQVFRXN^d4G3{JK+ve9e<=&u`F>_IR905lY)O!1m(M#2bK&pAz9|9bqv84
zVjVInv*jjoJ7c+#0wF&o>8qKQy)peQer|V~-lR7R%=;>ES=8;Zr(|)u6B=O3FX;|r
z2Wt(v{J;6m(l=z|EfHq9G;95QUb%AFGY?snn8)6BG{js-22dfg(L{XC<tZk*8KLZ@
z4~ZD*xWMw=Jk3u&%A`DvI(vISzZ6);WKJ~Q-(9o2UO-)z{qW5|BPG7q_Vzp4rk7^i
z-G;#ZQJGy-quqM`_-Ve1=-ZH|%Lg%?iwEzsGHaEbI`EWY3-<=tXZu0=uhO>%1{OAT
zK^;V(PjaL*5I?eIEFt?)0*4x_RP0I|gJ{`5b&zk_#4|so^NT1(b8OU^sI+Ov^sS+Q
z4g3$qCAK6+HG*deW>cw+eOK)BjZgU|9%KR~DMfQei>~Jxq%q@DS%ae%ZR~eTsE_1e
zQcE{)U+v?&+zvSGW{x^fe^*l9=z8r_GJHC&=%u&XDRU^~jH=CZ96NgZsus0<)OuUI
zYdVa_ECrhX>Tc?CP<JrVsS-M(+awXB<{rl~(nxe7RZ^SV_+xR(()|#Ngi3AU!iL(J
z`5>uoS6imG--Vd{(*}prZV<WsUeo;$A$2cxwe^}r0=KzyNs2($`?6_|A#vMy-;@IA
zGy<p+=dTtVE3g(41U$UvUGB+vwyR&ddM@1s5Sfy?U0v3?Y1Dn1bKOqycq<_1-}w2d
zha%s7EZb}6{6`k?8w5<oWfvTu(y%DTUk$7N_8hCPIr)mJ9P%U{AE*o1ALin{9SXu0
z3vX6X(pW1y+}gElIQ=#cScwsD<L#L?OrHKG4-o10fFR^p24lxRBbi`tvM6P*@p}I*
zD<`XLJRNg=Ie>IO1@88^kNI|Bh)JV1*4=)=$*5`X?)tz|29$8WX)&7gyagW1PZg+f
z@cbSYar>}T?{s3;;*HptSSz0W9l#Py7<QSXY3G309b*=7E9%YP_2QU=`ZSyj^4!@-
z;kmBI8C^}re^wIujLLZfg7zLL-(T}RD@bUI-+zFMf6pHM>&N|Hv8doUYPtFBgwgP5
zTM}xq%V7)BBw<K)OK}&8OFyU&Hmck}19XFqzC&MA`s?<<<NgFb#QB45QNx+)B9nMQ
z(Z`IpwsoRDK_k)iVya{luM$d!Ix0QPh`$zA&wdc{s1^8u6!ZGx$07r=egh1vlFFiQ
zoSfH+4t<;)yTn&CxQh8#RWevkEy={}txE6W7G90-WhK}i!b0Q2?7aHmZcjNDuTP0*
zERE;S7TOw^4o7q7C^ZiwQ?v#Y3+zX`Yb#JK)PO3$ylni5{RxKK+^g)0x!;u{`F(}g
zv+POd<w^GQLt$LY41`BNcla|j%u-rYa-swjYx|o}>*ZipC}KL!=g$R7ZJagsOE2DR
zr|#PF*e^^NO^oX3!tdcA#%(!9y5F~@e1z4@PIAphQ?-?Y=^B$NGQdT_VPLTCm;D?+
zMu&J{H(e6R$9EwVS@bOciO=M|_R6r&=9Ho5?Wt_s=X?3{)tR0|brPVeDyPH}Xt!+a
zMr2EN+;*}bXu6)BwcuV$>Ad|^W_Y_-=qCo%hrW+<+w&Ii`QDX=q|7+kdDPhZGvCBa
z(z%=R&c*;e@ow@xhecyIsj64(ta)9uN$<+ko7)Z%teK&qsO%xU@{7q374b=)Gv)fX
zK(F`vr1$-krncHwibtl7Ky0Z(3&~`g!1r)962$w7i-W2<3(7(_|N4hE8EKZ-^{}Ne
z0~C$t)nhI6Zo_ktGW;f2Bflw8Gts_j*iUz;mIr2{OjH)ARh<!|8}yFuJeT}-K`0UL
zuYa~X&9A%<1QKOHR->B2?{=f(ZT(2bZBs<b<{BvR60-b1K+}>d6*nYPOs1W83NoG{
z+#>CVTQDuj*vWEPG@L5lXV{^V$ae}!C0L&faMVeUF_5Nalkwdet3FPm*@Q8#7+1Ut
z+F7a&>c!7r{r|IB33i~q=+1o?PIC6ZkHGJ=Nb-5s0E#chkphte@ui4y1|GfQMF96H
zjIl`{AkGOj3K(4DSE3NT-aif`jtwK$A8Id^rAGLQL$*#wOU*9vR`4U7`iCB|5~)js
z-wk<WC2E$0+I6<`BkYT2xU)HKJauLFQUI*qxb}RYm}knEI4x2v?u$P$E%&@u(pWDY
zcC&1fj(v=wKkDGr6}GpRdRup`Er94?LO1q=G5(EDzBK>xQ;sZCcD;25QljcPsgob?
ztyVoQ2RyP$`lqIQR!lRGv=JS16PxNh>zd}Q9(QNk&<7`GAxxyxx_aE}eR>ruDcAEz
za<wz`*4ex$RXB99cPTeJV456hf5&HfkY~g8`eKyXYz$vZrK0|myOMcX%cFu_D1J^B
zx?4)<6&t6%M3Yjr)nbzU+=2{ieFWNq9B}|I2Vk|1*tLqL_`gbLo)XL!<RJ0uHwx`2
zTA;2OHj;P@#BR;X2zmWD0nD2D4kJgEdDTLx7@ui%fDb?6X*AZp>2zsL6MNXL5thsT
zWsJPUdF00IkGwv*Y9O!L`>wQ5e#xqL*wVs2pPAA0WNaU`evC`Oe{#XK4^ft6BYUr*
zTWZJUGWx#K4-NnFl<veZ!NSZa#R<5H^%_`K6dZ`_nwTkHk|PCdaKJ@VHcwjj76PZ-
zD!2G0_cDwM736(xDh!VlM}qOR>&d_a_Rs%RTFCw%DH*_V?7BbAb`n~efu^YR0lPWt
ze>rrq1;s<p*%E!F(8k(Dr1#LO=Tc_B8U0Cz{6TK+LFZ68XDvDTQF${(dt&rw?X+_r
zW7Sl95boah7)`)T*YzWfBX)tA1aSw(TgnfRlF3XYEc~O`ETWIiDcq`bMWx3Y?w4zC
zym!mP;ZEi84R8`)8igI~Zg=iC-JLRfkeH9wJK4D0U2eENX?{?p-d(I>EpC|%r+TH(
ztp!qs6@#-lZO6hfyzXwY*w|21w2ixnf?m1&|2YV8)Tv&iPY_BKmYU(Q%0YiOg4JjO
zBmI&g>PhqY0LS9v1V#Dtl;1EW;y#JJ5@|^9eBNMHY$pTw;xEn`1oO<jG&8NVDRzAR
z>Dns}yq&fCt11lAt7;SOG5E6`L)66D+d?GQ)P$@$H_$!LZMf8tHHGdCC<ROdwA%t`
zGEamoG-_=tal?6ffoMY~QsZ#WD}ZF<WqRn{r+l~jHkk>NYjanaxu(MEV&qu3&Gi~u
zwbzUVS;x0PteGLC@`l~k@^PTU5u(v_=%m(KR_N_02@&TMu}k8P9KP~o61U1wnapY3
zd#mZGw{^7cd38ue6V<C-(lm8NXu|c!r6+Ew3lRaNpOiFQ$`UXyOs|*PWXvu+H0?$Y
zNOt<Tbf>gkx{0+~{Ft)(E9Z1y^6W*eYCu>0ne+~YckG)Z3O)E~8v_lTi)!gvq~p%H
z?Tru471$fW;*9~U*s;V)En2Szjko@KAz(MjLBLwCW2aO%W~-f*(9~7+*@5A}-E54|
z8Yh4XcAG34Hi~=-3pHG{+|$gb?B}OS?I)XrI`7$9Dq2?Ew>9`Oe;>j-Oer$0t|;ks
zUI`A&JIqcGa<5Y5X%!Wkmx?3RZ4($g?zcg){`OWfm8^ctW1yH(J;}k|D{ez$c-B3I
zw`0Hlntaw{vB3?xEDn^Lj2gVn#mo04c!Sw-lI1o>ejC*c5yZDv3%5&p_+%IUv^h{a
z^{nR2AV)7jM6~LAA{AK(FshK^i=!$b*BK^xmJZWuO9!VPNvZ-q05U3*PJ?4Rdi+(A
zspNqpkQq%4lLb07SL(*8)vet179XVR@bX*xS@R7o`WG?+s6XYjQ`k1=L8;0=n>3ic
z25^Be!_{EM?9yG@)DJ2*cX!v8q+hbN+rL`WZYvulTKQwq$v3C4?I5=Jsp2zi8z;G)
z0sd7R@d@3FkJFd&uS{^vWPeq`!6_IrmaNg2Vgv5N%1ibRwdW{aj_-f!^-`78VJuXA
z8;ln&j)<=aeMly50KLKIO>$TdK-<q4KM{o~-->3zqb=;5UmUHvJ!$${y1lhL0@Qb-
z2k9>Ss08}|7)5gEU_-H@cr89Ed|%>KVQPk_S6T3kQ*aF>eI%LgOG5DS_Auk4{m^ar
z)TxrzGDpK*JpFE0N@rcJyuhJepwd~*2uXES(_X_yA%AL~N0SFqK*${!No8w!b54x^
z>q*>EzFQr;JF0?tsvx&PkLg@a+IX&77eOro6#>4&Srz>GfnkE>%*dI*FXfa_ncK<K
ze$c*6y2jv1_q=~xorP|8K0iP7t%kuJ(L#gIftS(QLvE2r{lk*0z?rHtBTizDvsvB1
zHw*OYw2p7r^)}LFBU)jnr*+>K=L^k3cUfW#id06a?c3~>uJk(Zj{vz{S!1(t+3!bZ
z#8OFk6Smlxc}~#QaPw313BrL1j}%({&LB^8dGNjKHtV~YgnPH5_W;?=0qV98QY=kC
z3N-vaCgd+mgFCu9ZJ3CW9HpOhkVB=1TJKf~0Jd-zZ(2+4fd8z$jQ?W)7jC%Kv)`Yl
z@Cx~l`iP89M`$u`n(S=vWZs5W#+4bW<$Yt!5AFNJdFaKHQI}}jIx<mo&u1YqmutWL
z+-<jT*0M5`$3p*luPpmM$fEkJ10daH{FA>=vECxyl}uK#v6qs4Sccm#T>;+q@ec@x
zR?(UE5ycK?DD4g`5_v*qNObNzb~j_o^d=+t4Ot+N*!^fYn=!QqB|QGDri}1Tj}as2
zK20NN;w9;g8k|qx3-mC7$?6mJr;Oa$-e{3367*VZ*JT+0ZzGZdW2#4A?R^;;uoTBL
zE_=db20l8xy;u!rcRJP=&=Ym_Td!;B(!NsX6a8_`7muR5_4E4~I2qqK84F9Vwpu<i
zqCRC{Y)h#efk}UYQLoThYBtR#aH#t8J;C!Nxi#5ut@33^y{2v((uN6Ndvikqa=(>i
z>h%fA`E507tHg8!<GVO$*sQ78Vr<3d0M^^d-iQ=Im?2dfRiuu*5r!^v`?npvZ-fsg
zY^aTN3jaKHjfqi(G3u=LC*}K=8G+w!9tXGKssW)hv-@@Sr`Jigtsj|A7T(=eu<a0g
z9CJNr`u7lG%!^D$I~7MyamQp-ma;e$zDxpgrYeFoyj1vHB>_WqR+5?5fY4&9v+?5C
zwC>ljsas{m`apbb$w=))jt;zl#=*Ff#`eouJ6kW+_*SK7%in4nR}o^CrS+;u@2~n&
zw2CaP<Zi?4yJ|1IZPc@BrCbG*3z(pBF!$vtUH6~P`44ka7T7oIer+g~)ts!)cEo6y
zSJgI`7gSDx-gVR{p5olSs-ZF>qI5XP{p=0X=z^7n^F*YZXIxmulF(^x=Phqbvi+&c
zMni-J!2%qIn`PrpB(seiij1w7&lO+KxtgAoq)UOv=ytVGT~wv{Zf$O1Vb7ziEuwA7
zd-fxTnBDIsjMf{G=DSnH+ng6$Y5b!raoH)qs`3sx3oG_w^cqWG&oO_)28Ux3EzOGD
zitI51HiUA)FGk%wC7eVL)qk$JqQ)B%Ee>t*_G3S8li3?-5!ubQTFr2q7MQcMJu;XC
zdY!Y%(3y(Uu8%JDxBFr)7E{5E2f2DpCkp}g-PklLDfG<Na=-Vt;Q8_DbB~9Tcoxlh
zS|9Q8x6dNo`$q(Ozk`=EkPIm>&8IBF7JK74`!RR3Mtfz<ekiQrGF#BT9QS)aKdjpp
zeO^*l<#^~vzUBOU_X5?5V-AjJr-KIriPY$9jg3)?9rN`k@gQvEqUIUjxMjrD_5ZOg
zJoJzXOvRI$E|;Fni0-s<3xMRseRN1Gxd@6Px64=X?YY^>+eXI2g1K<luQru{#-Czs
zlGSI|T{Z1iwbD#QpRhrtSlbJOn0rhhirX@|k7DJ~N_;JCuC2#T^=epIl06;Y^}7=I
zPB)+}61Z6P09KX8MAZVa+IjogfkCbfqFL)c#?`aH`rAH?pFqr7=8n1q>cuOecNh#7
zwOd*Cttd1X*VY7M!CL%x7kZ;+xTw}+A-M4kD?k=l5~JllJ*fa|kD55f*Qj0jxv1%G
z<`E{5F>3l41JO)2=(z1c=R0GVVE)A8GsS_x&7lY(n|@#@A;;iBUL0Tf5NPmCL6>Y+
z1Aq03vtSMQXO6m3*bF|CKDC^!EU?>|7#M_>+2$lks6Hsf+XAqvK(Bmx9X%s`I{w-L
z)OmGY<LPp#9VGAI$1Iy}D*<)Z4+=zlj*HqkBh`^h=ii$;*@@N?xf@}8iifI`o1U=n
zu1mQg1{vJNWM4+%Lblg!PZSl_sx37Xe%5#-*A|9bw+%Q<g}PD34gPjZF}_kj6vz#C
z8u_mDuB;c)OI7yA$Bf#8lR3K~K@PiZ+=(nH)4Ywah8e^_DLc7Cx>%_e-QNDn*4qWW
z^CUMQglX6tyxyxj@UV7k;V$&RacWLYO&$Km<UDkW!cif~%q^2}$>6e$W+JgTf5tuK
z_H_e(^YP=XH*U@M4Y!SG`&ZpEc6qrPcns`Y=RNM96s58WwKy8?XQW14E<R?*m(J6o
zrFic@sZABRb;xoy8F4ardC`*wgdq60zYBmp%g&AtItn}VdrcEG_yX>CGmV?P_>T5t
zRz?@@<!9qxb5gdI+Hcbuw-lIM)K%d7ZAngfB2{e71_T|v`V6xtg`T~hH!I$>F_0#L
zE>f~z<fctD&inJn%E-+Q#<I?idsH-$oGly#ZnCBu4yLgb4JW(XSMv$n;4LonYI0gG
zz+Ky1X)!fh)&v_dhdesiN+fXb*h#|L6~W)EiR-IX=4-0Gy_%(3bf=U2!uSEJ=w{8E
zi@9ONIR)i|`Fyhh!i~!y@A)M<DQ}Ls56}XsF%5+~c4#^tDKwm(j-PgW1CwL*{aDa|
zgp}?4qF^p@zyo!Y2^XX3oLf|5akaG`?XHV&usMoR%<py;Ymrs*zp%|e@_oTI6yqhG
zy$i9mBwtF(4?%FC<hJrjHa7##19$B$A1wZ2y)dq<sb`BW2Mxydyoeu&ZHI;24Ff@X
zm<DbC#=*x9q!~n5FYee!EtovJ#k%l5@lxpy2Mg@hzq)ld<j)#GZ8r<5UNb(IGX}O7
zie{?_q{d51u#UAd?0TIcx@s?q-@_WZU7ww{1eV0D-JLhxPd}&);R#k9#>$(4D!Sfd
z_zd(~zuik_Uj#2FST=46d=08p^3>f;A9^5;NS~eq&&1^wZJ*9=dUHL#mg~{|G!Itu
ziyxI}O}-yQgg1$W52PMre_6oJ%z2R$s8OPggoySTV{C}@4R(jOa)}qkXR^;zFo<|U
z&Ib@=l*})Oizohd@4rQ1)S;*i-Zt798d<pQKj-1GIjfJ)25{`4TrJi|as(4x8fkeN
zQKLs8dwW%jiXQ=i#ZL>)pl$M*G3o6y4vR$Iqjub9$0EOiNU<q}yG@H44AqUc4LCiP
znql#nq?377{2ZQ1$8$hj2a|Y|vSd<{b15l%GlrNOFVgv49he{77;9J&`if}@^L>KF
z4gk3A18T7E*<?_&>C*2m?2R;DOO&bjwDL!Yi|y8;RFElzd`J4ak4rNnsMBAD8qnKK
z{Llh&b1<Yoo$>YxzBlMlx<EtLNs?-Cv5j~x=^oQgg?l^^*fET`{bMnw5wP8wWgX9S
zNE1i%VVG{OHQ&aeZ&&O)LmY%QjoxT&!fVDor|0y^BfScN=CS|!@ls&hdkM>_(tI&O
z$8~z#l8bZa*mg0YG`Z5tb-E&wf4`Nk)mM$=*q?TYrR{eV3{x3*c|JB63bsC=HgKLW
zU?}~8>3t%Qq-v4Z`V=2p;?7Jx9;+#~`PFYUiR&(Zyf|~Zb<4Ix?M7_4N0h80kaTLD
zf>2M<EXiARn8t$Ws!6F21`Es}K#y2IjlFor?^=DQY6~Ps-h|&T-dGZ!>}buo{s331
zvB=7%xF>?x|KATU1q2W8Ik@aU!jhs2zW0a9V^ga~OF^vNK(e@ca#?4$Lp^o2H>>m@
z!4sF3o-oGVhvN_IUMdVg*mxaflZA-(BnN7-*y!e54culkF{K85KX8eOrpVT70ag0@
zraOW%siSPZtF07?)b&G$IpmmpdEr^>1w}mKel9t}VWs)(uP~nd59Ch=DO(0G2VI}y
z%Yyl#<qTI9U|1sF!tye4yJ-%51RI@VevZ=->2)#w^(MSyIwo=_8C9A3hkXD6$6yKE
z4Es)TXPUnP%3BS%Wlbb6l9{$}yJZsOb#`)I0`*O@Op#Wu>MO5ha2^qb`xWvOb6rS;
z$Gx7b-&#kKc-&YeHCeCq=DJY0bE4zFMP_fo7v|+;6*e}WSArPgcaeFDwu+2UOT~+U
zDU)`)fQP6%!wU0>mC5JWP;HAv!XTi6vWmh<a&oLB(`<WhVuyW(+WR`<toH7vRXyRq
zB>ipDAIo|?A$~+M0plC7iI0ndAOOodJ@A4X<&M?H*Ga^4=Y?f;siGxHY*&`b=d}+U
z?G{bUw<47XQ_rE&b(j9j1m7I?>kstj{X^lDnkP1rC>uhGi`1vtW|E9(q}V3|d3f)R
zkP&np*QnQQZ&&i^=~+`>$`tRdIyqWAtqB+4iO6u#ERT+EW-hB=_}$mQ-$(;ngnXDW
zP4D`G2nVhat}{96lWx%@Dm|H(8Ol<Y(Z*oXX|(y<WGYx3WC$EhKeHEHX5KC}$`_db
z`y==P+w<kZPEk{#p7)e#&)4U4kIH=1>p_cOGL>(++=#?V@D=Y+=f01*Nxp<Y7&`6y
zrG#BbeH}doEo~wroS#my-oXb24{h>w;4d@pzz6EFb40%``9ZVsd2aV|w-VAU7033b
zt%!WFVp22DPO#nx7r_{^vrM7}F7{Ivb@=5AqYfA3WwdM#9z*@sYO*VlCNeRXt?x0?
zHo0Zyg7uTxGNc&cXxM}}qNY#reeDBFy<RyUYCB!7#VDu;o<nm8S#^EypbuMqrD4^9
z$N3#4%w4e_Nr+&5XzOj2$Gv;a^?se5>n5eL;QQDFgrnz)_rve#?cwpq5QT_DLm(?H
zYmk!wU!-^lc54atei)Q>ccGzf2bOaJ$2}HZhe9++nM1@M-O3J)p}-L<U9`AsZu*P<
z63V0~C%Y~tuaoEJ#>T@|w3)Z>--q-ka*e(wQED?p!m><Sk=$r}NqR0$R*byV!(_?*
zXd>~_)UqTj=kej>v`$kgH4OP=a>Mnn8N&T98`NPjS)qgyWm%yh<$nsmzLbjNp7&jI
z8_h69KR<Srfuj<Hqk<?SSkp9M=9h3es|hyka$`bc{*4S|YH;-t-xx_Aww&z0KOWDu
z5lC-X!<wWquh(c{IonjMo)N7qeOiB?;(8p^=$D!cO1(m)c=MTZt2f@tRTfFLBh%LG
z<%MooN5lxS>~5e^qg!gd1}eO~=3d%`wj)ep?rvZgDWQivp~x(xK@nhjr#wyhF3k80
zxUKujO-9vMIMv>Dg%K-UJYprj^0$VL`}7gvfKBh@>Tu!Yhb{?XXqW<PShn;yq?L0c
z`2$kB{Ws=8${QBPDFmHWUld%n-&pAa$n+6QWXO%|EzwYr(64}Xdgb`{sEiThU>QMq
zr5cY~I0u=gc8-ekr7#1yf?foFunNTd+2r9-K==B!!in}gnHQz-zVK9lov)R$G^Yn(
z9e=Q3UyDJ1mZ4Y#Y6tl`vz&9x+sgSLLw9_Nv6sDC*z@!!XXIq~o&y3P(a^^cS69R#
zTTBh9cj|*9=lWcgQ}uJNW=g>kg{6VGrnA@;K98hlXY@vJ)lV+hstkUfucTSeOF8uN
zycGDl7(%}oe?QT8(03OVcQEwTW#2>D`HYa_KH(<5c5B)+DACji^Phe45_}H9!F1*3
zst-dOd)@0E`OgVW#Dlw8;-#OOe(`_KtE2c*6j4v#XXQkMK?*NAg&#RjKkZBu%%E{r
z67xCBlVQ#_xKv5%8&C>Q6{ZulJ3!@v!^0<w3m~WDx4=?Iko@Etk~6*P818#m!!DG$
zhMw^$To3Jtn50(Nb^UP(*Gct($dZ3?p%_%dYpEZX<8{chGzD|vCJIW*y;*d%YAoRk
zWJPG5&ni*k;hbEXKL%o&(LAp3+RPYWnsb5O)NN;`^>#m$V`2ClQYEAv7|;X#HCt*B
zO!AITadU&t(K;Ih>YwRv(D0~Qk02Cc4y@@e&o-`sYzB3^n?XnviAJ~|?Fz1nf2UYE
zQw+N$wp0T6LTyl}_c*_tr+D09*FDnH)%^uZs{S9Sj49*d)yK=H9{1-S1cvyREaAxK
z=vgYyiz`k-Uk6yRL<lzHF8N6`%cR|-!vqJN7vCE3Pesn*c(UAgM>t+CtupIR7-@-D
z*Su{v5-2P>^zn^a?HVY7TGfhgRAQ{tfK%k<`n-9Ex5z3W%riW=W2d7P^-m%e4uTQj
z6fvpfQv9F8=CwrbiNx>78X-uATRi9t(bwTCQm>H}Sr;bq|4<Ij+4!;$x?-8(0J;eA
zE8{P&0CaKQ4Q6iq0uUF;&v^7%I*tXagxk4lRTlo%fGjWC;S;qn-l%qhZol801Z$)|
zXaykl5x4A&gqKb8@2a&3;qY6lciZ(V(JLV<D(8IV7)Z_eIPIapgR2BfdYrG-#6Ozv
zNS3H#U5oMd-8&;_T-jw`6s?|v0$D&U*?XUEAmrC`#!Tn+{aTT)f!L49$*55)kJZuH
z`Ke|O`J!~2hfXwBofr9CU7h_Nj&J2Dm5!SZ`X=EzvW}zqOtn?Uyu#VwQJu77aT&NL
zMa}7innH2Fosb|G0DbU$*5!$8ynHLSnqzPold+KDoI_i$!(dsJ?&idq$UTyY&lvF$
zpl(WI<ik~qtA{>V^|23&OO}cptM>6G@XVr9ShzU=i{~ah=-(jMEC=VfxnZKYPU*Fa
zGDV1`E<0_rqVne)Ej`z^)MWi7bvVfS?kybEk_#NN9cmgbf(<fX9WWw#9b%?gnAhGM
z_w5y$2D6kyO?<wfQ}9;j2yJozPrVY!*q-YP)GBu0sfsO-4=d}YEned08Ysf(a#wGW
zM>A=tN<_VgP^laZ6KXbUl2OQ4W|dSDRD&>CvA3LJrCA(lPeuN^39;Vi>EjO9TWkyv
z9HE9jG{kNRYfp6RcM+Uap7gIE_*y`!g{qOx-ykE*cO-E>N~4~@A$oRyeIT$0A7;cJ
z!)b{-M?CbZK)HlMgwqI_5u18C5+O#MDkL0}HyNTwa!=z)ueU&ceD8F8LSl__d5KWs
z@{kz>;mF0C)z^<GXX@gxP+(IiRwRxrz8AmxCwvG7Vi$+UiI`0h70RG23CXp1>rnU0
ze5BQ#LvQVOucYr=XdC#Hkg#B&5WqKB%Z5{|UOHpgzc<Y@vG$B6fj-J<x<u_svYB~Y
zer58Q&WS#Fn#GAzX@x=QjI(UOK%@fkS@pn1&&0Q$Pdnno>@tdWQ>)<qvubM8c?C3f
zQ@kqUI^naf|9yd2?!ydZ<i}sXetk~M^`_&o;-Pk#mE=De4$2M7Syllk`RDZsd@hyh
z);-VJEEjkO(7USpiMD{!mge^QJVr^&P2qmMRSHW-j67Y~dzPSei5u6~g1x23Vt1+}
zJE&>bsjg$u9vRifdQrsPH@E_h6&Z=|mdF!674MMT^@p6T@%8c?H=^dImIZ?AptE(I
z<#nJnfIGh~w*?rfAzmS3uhwiNCzv<RCHG6@BcCZ_A*)<(q<A>1Gqz{2ueC3%_n8I1
z4k}?%uO3#%qUr(g2^}u=`!Ar1Hu%QZ#_IdFGad}0|3RN<;g9Yr0tfpJ25SeJHXsUT
zB;9P>9rvGd{^kpeKzc($)G+p;Q&-UU|E=_`g<!BUCEiAV=?+}E`a;_wYQmk|3$>^b
z?9TtQ<3hq@4Edgq>6Hc3Gui_=!upmek8o0;V|qt#zi2P997i|PD&@PHe+!N93`bew
zK}<Z(w;^d=2k@r`XbQ3!fp65w8(O}PLQx3J@;xAR%M0FuN-w8-@bhn``a|Jd&@cMy
zLL!Bx0ua0uCJQyb16=3XvE#`jrcaP7A+blSq;nU%R?9v+@p#uDl(gYxvFA0K%~lTB
zq3-+Hzc2LRUnptiD>uOHjE{Sn&X=O37Px2jRO>gAbby$)8)yl4W?Ec)<@_o2Kz#WH
z$cmWQ*r#|7VMJU%@z$SSen}*^S@w6#LNT=fqc4t|?r&uPn3S={d-*HU`!#xto_#Ku
zpW*#bk7L2|PJCZ|d)U7*{S1Y&E0K8LEc$QMD1ENYbmSNv!<a@S<L~b|G`CyA!EH^|
zivDL6!EcFXS68+O!9tWJSWFU}Xj%o?&-nCoK|Llo4h*j~>H}sRPm@iv82&kC4}B_B
z%1?=$awYhM>WALwAol%oKdQ42iM1z)XPZ+l_f*>Mua;AY^@_yECJ~mJk+2EdRUpMu
ziJT+POSeZd-hG3s0Lw4=T_Rfl`fTrbQp>|+N`98J-3emFh1+fimN*)~Y(F+F0YuJ^
zcPL~W$WFfWkVJQ9DkOVjm=AV^v#z`0v7a5&(9raO@%yEAk8J&2{q)q_zk}sVLgRcy
zA<Eb~^;T5$m(s}$rtotgY@ALKJcFnc>XuW?K^HMFO(;f5)9KCJB&Mi)9G^grTz1&E
zHV=q3{wfddN2*@3`UAJ~c^c&G8<1$lbam4OUm?E}&*!856KTPKVYeM%wD>pobqm0O
za2;kB>(Bw8VGFxZfgTd1%lw~987>)Sj;S{~j2$ccvxIu9RS-`+9c`x*77G5pVtX^A
z3KZkdKi^)0W+O5pimzatrN~k4*DtZuA3L{bYpHw@>vdrH-#ZC<R#G{^L@Oj?zyYKp
z3QUzZ9fkPqO_#kpCm*Z@cD1rySwB>~U%<#bd=h{~`VBbXHu;4k?02VFN3DTF+J^Wc
zAh&mR)&imLXr?%>keGHRC|$dO7-HvR^ivvy0QQEvs~!9Eaz+G0<blr!Lg~c!CeKcm
zU|QQ0b7kL{`hVF6VvZpnMd)7C<to_?NFjX4yI;ua%itOxyxVyG7Yi;23QF%But|DV
z0^S;R0S%s>==q!95a9!NV7(q3B{|6OKsE_sseh2B3u=ExXn7&(s*F4Roc?`36V^}!
zsQ(1Tu!oC2-Z0_G+6=aQ{ih(j5P&_g3r!hZkdhNazNi+fSEFK(`X^%kb5$lonnh52
z2N;1srM-hRMvrz&NheM~_bBu2I{BYw;GsAf5^-hgB!txx*8LF`67qqA+SQ%y;r(Dx
z^rcgQ8R;2<89TnHBP%QGnR(VMVD)#)SHW#|A{7f%lkAC*zBD<VtUF^eS%bJ?lts~)
z#N*HluxW;>IqP8hM9VBZZcJf>2e}`L`=Rge8PlR3U`7Ac9npx^C0LFYfj@UecH!OJ
z=bz)pf{AIpkCJ9X>byy=<N;2>4o*<b#z63SG`-S<d%6Yk_;3uE#*{SiSa=SA!Z8H8
z__K3a;BDWrTQ0b&vieF^p0;d3Z1mnZLnq5nTHl@{yc6}UM6^5~148GLR_VY^mIGzN
zec(rQ|4Ls}FKalIyyw1Meh!s)Jp~lZa>~X~O3|Qe918LXjqlu>oJB8qq#y9BCV0m%
zC<sKb>et88ADg8TwCrPdx|y^6k|_RJL}U%P`i`yBxd1U_4P0(tj`jvk5P<&)Gi2qU
z9e-KAK07<2+who8$17bzwEH8agl8YbGQ&wSdhO3~@Q#4tCk-dS)=E2s!y#4?7TG+i
zrGIJ^uLs`X5DykPCfRvA7yaA;U=mT^2@}lm_f3$$qkc>Tpw~G+qiZ3bQlUDR6Hu`K
z0u~$v><7&!f`v7JC*|L91P*~YW8@HZ^Z8nZ;57HZab9uIwnm&UdT8}^b#(Lq%LF4B
zIrK4`x4NSM)TMwkco`#>2iAFpz0(Rz-RRB~kEEid6@L&T6=Z-oM4<VU$pS!<e)$@8
zigmDFPdg*xlm{Z+lTAnh*U2Q*E6w8kQTz|h50_egf(C$Atup`25`YM$V9b?W-SzGH
zA|m-$$rz?Rt4K(1O9aFYq!2X$k&jr_LY#rV?5sxYX>JL{VUTZ6!@QsdH|q(O2rB|C
z{S02qfSz6hCe+EBSdV=2eC)Acmg<KYG5ztcCCMJQ^RLrqA9jNvIl)p36tWTig#Kj|
z>I9Z`dzI+(f^|TZT23M|8xau!hfN7`13Rob#>tk2_E1{W@8q3sEkp0y|8&TQ7+%AW
z!y|%0jy%7L|Dq#;-w>pYr_^a7)bAok+nyN2MbrFE*<|e~nQ=!V?MiIvUmi25Pa(s6
zwSJuL%gKf*poGxxbHvd4e*Fi5AvLT3IS}5!d&OdqzmEX$*XBn@WnbGjPp5$lXX^D=
zfa=$ry_|i<qV4$}V5ua)XO1x$%x+${f5~IFovF*ZakT3$8g|(5fTzv@EkUVv3mo1m
zc@&c-bfygM)fk6vdmy^B7vz@^*~3&WyilQH{}>nH&8Z+<8an0;E~BQz>l#p+xf3z#
zw6-+?|BN+gYr6sNO>=Z~bPVQ~m}2`j+Et<nJq&+P__Ch=vdm2l6I8o2ci_QZ*0TB-
zb?YGB`<s(z(mI1B{=h<z(b`8}SS|d<2O>i8p6$whTtTU)YSBH<#$vWCnk?ic(Fw#I
z-@*-I$$vg)qdFLezZ&48YinEn#4g!pf7ZFgoeWd7A@&*+N#gUhb}s|5=0$e)7n>HJ
zY<xq2i-Gy=@}6o57w)mo6#^yw->?O%g}r2#JW177Ur0_y_d=UUyIK`a_s5j@zkQdN
z=kpKcVmji|;x8>wZ%##<r73u%{|Ss=m=T}>6wgn6WA7!gDVM+zTf|{O3kD?Ro8Fm0
zI#}ckrp621puoUke4;@z`94~qSicXY&?*rX&cta*jY{;JXPiAko)3~`JUt;}jH9QT
z5Tnzr(RUidkijRdEJm$Pvoe9lbGYr=kOe+~mJ<l$rP)PbrP+PN+_xZgJ@k5?#I2yQ
zW9G!-_yAUgJjh$Uo<eSgRK~o9n-!lTW2d_aztEj!rf0Dk@?k#|=KnRskjAHm)p|Aa
zrJ0>sc(4@%LQx9_<C*YPrsUvuJ-DIpSQZ>tLrH27W*YSdm$i{2v_XTc025xz>YnJ6
zgQ+XVNy{w<FxX!}i#S^0Sxfe9w$7o5d(rM-L4ze6TH!NF+4-n)AEi|=9|f7d1<Mpp
zud7nn57inZr#_&%m2VEv6Z?i+8CN1q(mxG6;;)zy{PeoQqJ5CCR-&>%<zjlF9)i1C
zd%2#lM{6NY21Pj}cn;kdJa8WD_~jtiiuos_fV1TICbhZI?HcY3m8MLqa9VG0uS8GW
z`6NxfhE20YSLg2zBICiSRhn^7<jdQvUX4k)@OBH9s?h}Zhj9%d9p4=b+(p6q_#+%c
zj=vvNpZ$<e%O{dSi}B5Tb!SVVl~acOrz8=i_Do<M!A5*edlb7H&PSy~Q&a)x^uBTb
zx^iG^naoYYGIiYOz>4d7&%M8~>uhsG6fadiUwJ{r_nHbajPNxwa@-5k$5T5`xkQ&F
z6iJtHNB0r-<97LE>Khlf^Fad;xCoB%7G3BSeq`>O=g^lS#PI&cLoqjq#@fJs>o8ks
zPB-NZ#T@j8X7v@K_olfc4+BLgCGt)%q#Wcld#)z(a2E-2@sBM8VMZN8aWwRbgP<+a
zo0S$5`vUUl4_qx()%Ykn1&I!enmG6|gE;?yfE_+}A|Bh#FQq*0H`QTCX(8le{Y>P{
zb0^IhC^jfDZ~JD$81qVIYd@0c#4);z`IOYqlq2B_Qw3hJ;XYa+nwSR7OiAAL(*U`f
zpprt>3W<%Ut#7DtkiiWj9V+ej-co+*SbT?o%yX-$r+EIfjGLsJw{+X3BGy?Y3AJT4
z?A;WN!;wRo_4nhiv9cd<A_w@oe;YjZHsjR)yK{%kaO;$+67T%-MxBIPN92YgHB!b4
ziSM_oQ+`vkl2-}_B42zBCH6qEfzK>YNj2j58$z3#Pz0MDRzyEJi;YEURB-g}PH=hu
z*>8SC*W>{bi)5kZ7*}5Pup=Pr9*zzElVLLfu&o${efXV<5Oz@r^@2?e{qf;<xvVte
zXaCLuXtDd|Vl7~}s3!@V!ovta@_#=m65JMCBgWfid=ms$DD8Jo<}#-=&mr*+D`Hn`
z{K+~6x)_dgQrab(uPgk20k=eRxQiSn+-FQkdU^v`-7l8<_FM&<@hQk{Wj2c@t<eH6
z|5M<CuVwwN*-DMk0WmJ&U#J3<1<e5n7kP%Ht@;Z8=`{E$Jxw1k@Et!JgcQ7pT&(ha
zfr9z(f4K>UDLSrC2#0`H5b6K6g8yk3#mHok4+j;KwGF=i=QY6}?qZ%ztcPvlD9ub(
z#E46oC4GM$6_RP5TmAK}+@b6}Y>LB;a{S*<=lu=FqvvV4T%Xr}4l6jX2z;<~B0lb)
zxdi_`nxb&^qA2YuCr$h|#FvYS#qa*UsW$Q<02&Mg|Idp)d`L2QSj}Xk<`#~>Py9j&
z>u$du82IeJ-{4QZ^gq9EVqo^p>yrslFY4cR|HaqD$eyAc3R$xZep(3YDSW1xw!vsL
z@h7Z9Y!QBEjJk(Cn&0Fk`};xvq;n{w*^c>un9CD-9)fbnGxjV)Pw4Lxy1|$V<Fk0W
zzr5SuPA&uiRSb4P60I|6AcK{ws5j}_X^bfE`Jb!CE0v;oXfQQi8q@!O_LPheu6nt9
zXVDDiD5?v=@nl9%zF+L$IvfH)XoXLY*`@jyv=!vXT?#FCeMBNUaP-y;B1Ih_{BLU7
z^`TMsn7(y2i48?~4O{p<HCYog?C%@FMZ++EgtJ?}DPFAi*b9iXo~W~3X-8=Z20$2D
z5lUu)=i^jdF-;%L{41xVjZ@c;%^R<U75{uGLAVw%PbHNW&OE1=)aQg0`v)gk3KJ54
zKVplBXG&7b%b2@YIEC~c@fc@*|9-b6Dp<{QDD6cE%)XY5&?UN&r=os`GX&c&AV6{?
z{Y@q`O}LiyNvEJMEO)_fB`Gcoj*7UHRAf}tV{r+IZ@+#~osf70%f#krx)yGB$;Ak0
ztag=7CekjQ5RlXVt+u?hshachwG+p0p5a<1uVEQg{#gykD+KA-A!$y8%}{A|pCf;x
z;eJM>KM(!;ov4;<;Kl+kh)kLljQw0XK0k^6`keAP8=EXDJ`+P%c(&N~k-WI1<V&rx
zQR%RqUk+wWiJl2Y_EY!Bf|&tI$}QeF7MfEsVw`jVt1F-*aXhg+tR~5b9lBp<YI1I`
zi(iPy@*LuEXCM|u0CNnV0|V<<&^(F(&q5|>esJ*c@I)zp?|pz;-GFwz2SBmEeWoTX
z1il<e#ynwE6%#sHZUB0<T-ooRf#FW%p$-TAr@fmarNDM88vYp2-A6sbATYKA;{52f
zzL<yRKT|r1yAowSD=X`hMz<dGm}Jz8w7n=sHO1Kq#197m=^F5B!*&s?dVx<&%m@J8
z7?6Os9gDSo$mgP8Uic#jN5b5h`>%I%ZO=iV3^<d8rZgOQtjvEeJzoY`n{m8Sy^ZD*
ze;6hC1*k#6-y<mq*GT3`kH<fAirDj^(C55B#NkY12%eH66Xa!C0Bee~VrmEIV&w+D
z7_Z*{?uQqJ>v)#qVcNe)6nIItEh)}c6lLqUUhkItto9X`H4f)XI32{+5KrcQPK_r~
z6mLF@_2h`<%9qqP>JBt@z$58CpT1GcKwFPH!q}8u#|b~rtWN;ZyMDFnr;s3wcLP{Z
z4bYwyeCzcKsj#-TE)_(#2mS|1pqM(|rP$9aYW#^+3GgXIBJsc#!~WQ`6<!vRQvAA-
zk`mdh_s^W}Z_met9e!_)u<3V0o^e@czE5D60<0COP@JvHJe8h_hWs=QHMIorWc&hy
z0>`eNFsbKUL&kN&pxD~D$NZ;ba;17*n70NPVIt$<?hoUiEShfZO{R*|47-l-H64Wj
zNiA?9nfR5dg>=Sp{6{n|sBTNajNqgLFdjq_<bLy)LKPaN`ax!(^D3-f`J76Ck0b&h
zXiEer?zfoDJ9heAtbg{!Qvi1f{=G+XlHe|(l04ZU!S(yU2Qy9B^E_18AnU|7v3_Yl
zuKrGytK9|2xxRkJ>m`K$CKkj)M3cZ_89_xkMla8%iaMENoJ{#7(z`RL2qv*b+JBf&
zCz&v7`7+Jv%!QX#NEWk0;xj9OxTM5;hgJ?<et_I~&0#m6Tx4d-V`R8Y-Ka6>hq$GO
z5E|B$8jQU#8d`Ac<fT!huekD>t7x9{lJNBS*pR^WXPaQ9VJM1O^*VF<X6+_5XaFeq
zx@qbK4RrMy=sOh-?MB|<*Z7(=lI(-6WCRp@q~PPj78T36YAZVXa?*O}JbV=x(3K~K
zE^S}uaG>aZro<Y~cNY6i=<@Pp1JDt2`T(?jXdu1vNPHv3Ad>??QL>>20GnelPpcad
zU;T>?>X&S(1oq=@%J3X07N!fJK_Y<oPO8Hja6k7nQt_{>#wS7R?*xPo8gTr-dp^UJ
zSawCEMUXj{fo2qsSGE~nG_p7Cza1V(cjU0OUlEowt;POxGQb~X&Dpi;NR4F8i<sBm
zx`N|gMvjm@g#uaeuQ-wVZT<saWsAQ&&Xd)UcoXxjSlG{w_e_PV6-}txNG_HYuO;t`
z(<7Dg_lS50&pY;G+UM)2PNzPyD(bM)SAo|i!6_aZFX2m$&l+?I!0Zsu{W&6ABa3*_
zFCc8cKevaPx1&?h|D+qCf8*r?C@lEz@-KnWfYD(1n8tqNwMEU<cAiECtwwG6D~mbh
zH#)@*^JPZip9dk2p6KX>6Z2#(>*x%G1PdYelga0)*OY=ABF-vc*)JVd>9jqHc}diI
zEF2v+Tn0hyY;W%d<@uN&6NsaI6bt}fG(}YN4P(@5boJ*Zmlvtl^1ZC^=Fk@t6B}NA
z0k2edapAZ}c%=sB#A3*p(hH}cCTOLRsk7j;+i?2dk%ur|`CdWJp6I>RTJlw@ceGOT
ztDUY{h)n{GdT#)!`wKw$M*?_x&Z)N|{IHVU>m@(9mUB{>U5L~|?txfJUWpg^5)2@B
zi1)<0WRdo5c_Zw$$((pj*6j-90Kb5#$<}YwPZ?{_vr&x4VPAei8D5!Q5jn7ywMpCS
zHSD)o8dF?!hj-A<+8oV>+D0=EC<q&Nwd}<c#q4ISt{IpiSSUM~r`k6_Kr(*Cvd9^}
zYD{Po_BzPd21+m5I@bz2Vm<0}gN33m+<bGQ{|EE=le@b0;Oa}FyF5jToloo{{=-Lk
zBHToJYUUhfWq3$qy1aqA6NedU>-|Q{7#%`pe30BwdJnCCTp+I^p^&4Wc-E?rv+;Px
zfctZ#*4O-I=6+sg2F=_bk7+fe!}jN>gIvyI16*>q!d&ANn|;95G7ZjaI~;X6(_QG^
zqJtpLO1MPDkLZDy#{@v8W4}6PRL^!f%*x~2VigwSs5wOWr?&Bufbp&XP~=B&15kRP
zrZdTED^92PoxBC+cKN4gJv1rC)k?nMeoxVL)XAYfHj99@{|>l#I%MCrIiT_(JE%Vi
zlYAe*3vBH_D}e@-B!hdA7P@>5qTqKhGMx>ml`z(>z+k-`ZOBS7NJ_oL4s+yyJFz}x
zWnz-vuRGw!;BeVUa;Ob!0)*f(7^7g4kf&7i4F#7vX9}{y7F7d0^a?qFR(v;yZFCGS
zV7NjB?;P@S&SZ(+y9W+&oER&e%Qxd;l!tuvc`tpD7?>@tzQ^T2hEu+8j~uu2xSZ>R
z>zv$Hq*QH#EAWg=nh3xss3_#<zDp&t-z5gkoXNi|dpg1E%q_L}7=U>qs$iB^G?~6=
z!zO8aSS%?rVGB0}h47+J8(2wsN0hV$KYYy`vnuo1tV^<DpD)<LwE+Bl4^*_&80Nt>
zf`MwtT-g3k!@elvLZtWs`QZF8-+VGnaF@gV#!;gwmczH}O{`8J3dluTb}YUk<i`(F
z*lPVD!cSWpObct?p6~&IZewe!GpK`wlbU-1+Uwb|PW_sX{?h#@u(vnuMzoqYEPS}W
z46D+fJKaghi+>&jG3x>YRz2r%@{#*XV%T}?!VJ%3ek>j=)(?KDYniS!rKNU#>_Ia0
zWX}oNBMw)vlTpq~KXr`-*S3X>i0cn<%f6_MqB3JMWC-fo?2N&CNkRjQg(4ULGvCq~
znlSM4noc&)5Mx@uRfC4${Qc((Uf*sra!F6P#xF_Em_%Xv5cvn92rf<C9tGbDdHM4m
zP&g~(BYm6#ZWuCp#rzL39M$=^0PM2{Q*?i%<{1qo)3tizssjy@!rVW)KQMX!RXx3^
zGsl8s1{tYvyzmWT1hH^`D;^dc&u>#e?aTl@bK<J?iccOvYmcxpr`Z$>o=?jN)&YQq
z^FZXl!mkP-aTY_=hLAJ@1{VhxH-kdt#XLEj4RyT$XpTu*kzREAGl~X4NLxo3^AL`f
zetwrkTrFj?Qdt|=;uN)lysord)YP~mv+#vjgL1Z)F8i1hONaUj1VH;BR=u~5TAa^?
zkprB3jUlc}^?^3Y)KT!1P(LWvid6q4P^hJP_nM4m^?)dq-zx39>nDag=<ou*W$qiJ
z8Uh6`i?9b2)~CjE6ANzm9@vDpXOO-b!+UpNQ@%AOarj8Jjz+;p6@pUe0Vu>qRCFt%
zm8OT%0Z2C#IDv%8#&yXHY0Pb8l=Y?7CJsyA=OBbqa_AKt*R2?PhtubOOLRdL{kzMc
z49DsoKqCs0oxHJogja(6Z?6Hal6aUR8#k#}wmWU-&owU|o!qR}C;_ddLVcCNi6WPw
z@cP?HQ!>QRO{RBUd@?Pu?8DL{vId#jX%yD_w*=yR@q*YX**CG_2&H76M!$2{<F39H
z@Qej9XT7zX)<$qs4EXYfl?2lk?ne2{`O&lCc~jqfvJWUr-sluGoZxOoWXZKav@kA(
z!DI_fd>93o2|!M|dT(R2^k#4>b3M`QT6^|^jp}1IzpvdJO<!R@9@5riVXrWjEXXeT
z4Sj2;@R$Oa7lh~kaIXR9o5STc=fN{vQfDZJ=nD<x`7ckHHS={WMo5H*gkL?>h^F&U
zR3f09+;2<6La|#~d%xcW(Z!ecfPQI<ok!HKWN3vv0H16?a)ehhy=qkJmq65RmV<?&
z%Ztpo(I1x~%r3KysCQTa#}U=SuYPcLuvnx99WeK%CyTXZlMasE0mXezHMZ`Du_ge&
z)@-H+N2vgOd%U6qXfz0ZK1r{CP_Fp8ae`Yk&|`3flxiaz@#f=>&4TeoTf=ES4C>V%
zI{cqX+Mgimkgs0?N<;ycY~pddEA-lD7)w~NpHwtW*=1iR&Zf`n|KJHAOt^}WtyZxu
zj`gStCwR^(-46S=jQlqsJcIpQcw;6ESIr}jf^hh2ZOV?fEtF*>mrmgY^K7L>Ooq;~
zY^j9^%F7{JH|hnO-*9$M*oN-Yhu@YUXJAN$ldX5RYJi$h9jDpGoVRJA(k+``q)7F-
zUQ~m+V%IJe1P6h)DhU;Zh)Dkhw&&`DBsAV<hKC2Az2U>F%cL}A@;h%Ef_5cv;*-&c
zeLu4IGx+L0Fa`c{ZwSF<EjRLnjnbDHhrilP*c};_e9q^Z7>9oj46exVW=_CTLvC2g
zKLar|Z--<?h`;)zB^Q%|#n+?)>`ZlI8b%0Gj|Rl>L^s%7NPd%~bRrJv8rmoFbUD5=
z$r7}0(-T{o>}BW1_{%2b&1K60BQl&@<n_D9Ykl9rIORCJ0cbz!Hj7aX?hQ8P)54$y
z>Ohtj;<Qh!;o6_?S`o1+_=}-35GvhJgLP?S{~V;9k+`Mpz~U<8+5d;DvjD34+upt)
zagaKINXG#M1SFO2Mo>VIkdp51u0u#mBP9qTf^>IxOP6$aH}B>b_ul_IgCj8G2<N-c
z+AE&tv(Ql{`v|%hYBg1yBcKgZj`c-lSFXNy|MsH)X(n)OAstT>y>~bAAfNcR!*rh}
z__$LxZq2!SlhVJD#~{vQ4_i}RSZIf2eK6p*W>F3&6@(47>t{a5FiCN*PbAO_3}T+)
zLl4i>Q~`fpm^`NmPITFA7ejn%y^6HIO+2tsVetp%ur=~drO)FEYx%tQs#jgVs|2Lx
zY<2B&2x;RGHQ}$g-tt&)joA%*2lwyQ-TW4Gl~Sb{&$nwrzEO6HIFGAaR;`p4Lmg&8
z=I%<GZ)VM(#OHEoGFE7<T!MyWYP<&S>o_2dooGq4RImht9AZN-Ak%)I{R*xl?ps4L
z^8j{Tj7AY|od#N?8R2M4P62~$ZbsVjSRTSvdAR)z$HOwkX5&nWV6e*5Xb?O8d+GkJ
z2R%>Ia}9=i(aCT!Uelm?K$E8T^B(ArDDezp5WG27G=LyvkUhLiQnWRiPo?nXfoJ#=
zLKi|{Q6xZmo{w31lrEUyb_VD6soZPydAOU6v=TW(hM<5A{|@F=?+?=K>I+Y8H_Z%}
z`a;J|$QJ*43|tQpC8*p{vQ**!M$G#r+&B{7`R3LZjT*&&Bc-#15VO*`{W!a7Z!A87
z>Ca*+JiZQ4iTu*7tGmK}tzRecZcr?t8-0!6N!R$BwNmNh+z)SXIeu|wUz~NP;QWae
zvP7Gow70bl9>UvZ<?(;C>T-@VO1GcrU@46v<av}3>Gi5EDO<4{wzsKcf(wyCgnn!~
zxrd(Ii&-3^MU6Ee!>JypYKdGn8Q}~i*pZ!`QkZFvXgRowVZt9zK-ptlsRU=b0r$nS
z4=Q;iNYZ40y!7eQr<F)PKk$4TCni+!9iP$AJR%*R|8jOe&Cwb`Qy^$Q%E)u`T_W$U
z1?~BFHI5eGUbTC9?~fnt!uBZ1D7eoIDZ~BDC~)Bx)<|MkP*(s5up)LOcx#(V!?lu*
zX$}91=_`DN*ugHHfO?Fu*a7HmqHVU&-UZ~(&)SRJ&Mf=<E*J6w%lDgAp#t~Q?%4Y|
zutmizO<P!7IsX1+ZF$6mZw<Q-dus$lE;Rm%3yMOp0tiD4DQ^RY+T2*goIgOASyA9D
z623L$-AX^?g+&PmQu)<WF0HX#2DKshI9eAa0|LJ}Y_QT}7BVM_4P@~5bm{@u{)b+N
z3m1;%WN}*?LWk{Z=yiGl6jwLogcEoTc0}JAxTOBiga4ln<A0iuwbb4n)z>&boG{eB
z2&$s(zLKxBhCMgKkaHv{l1ndM3HzF_UmtYFIErVI^R84w{JB!GQYz2w<S9^o%2Phj
z6x&X3k*J7#y3!qo<_`<pCUl8in;i)ZeMmtN?1cVIRfc-zMRS7yn3-*6prF>SuN&iQ
z3X7o(5#owjD`&3g+ki_e_lT?<l7x;xBvL0bgA5~Ro)jSkx?4?$2ET{o&BIjqtPM|m
z)-ltq?k=~O@gL5CiQQ&>pg<TQt4I&EIU`)fde4s}iCvfl#fB2@>v4IkFht%j$_P0i
zPQI|l!m@(yfywQg%d@?L_s3w%lSBmhi*?@1#{>klkP<UwFXiRf#1IntMpY24#WAUC
z!M&yi^xnY})>yvW@O`kZIL}!257+HOVX}TTAF^|ydB-MXg5)P}pR}>G13$v^5?}>U
zZgVp}`(l<qRIWgP6k$ySKgT_pKq{I7>9qd&{zATI#?ALPN!?(ITZZk7O(422k|vLG
z6nx<=3d5bFrkK#VnUJrGBWZ?+3V~r3=TAE9Bb8qtUM0RXiJEa)OF5j-i|7IYD?5Wf
zh!3P(?hXpAA6mFW(RKOZjuPCplAF^N1>WqNfgohKf&spbL@{H^kv}*5!4P?is^Izj
z!xiKv+DnA9MxYVNg}kJd6toDsLwk<6>iXq>YPbI!i~oG$F7`lf%lY?^B#USTF;n{2
z6t^pPR_^BtxbMPcx`N+p3{)Q44eB7Hzb@*2|7=ByRNVanE!6_~6#`$uT!~YIQi1aO
z(;dOD0qny3^YWz07w)T|_l~FC2r)!do;DPJ{ub#p!Om@4HR_RVckH(><6Xg5*$|;~
z|H5C^nSSdzV6_E(qn{8u8WmTvU(h2eP9xuaOe!`=8RfNa3mKAv6tu626>F;qIF9J2
z{M=^ltCqC|TvXJT8j*{tz|4EhMS3$I6lk3bMQ{Yr!=C+8h$cF1EkKf(u50|7U-lXl
zNS>lx^xens<$!CIq4{#uQhtCZ0Z&WPsCYh5clgQ|(fuhglH)h*nRqd?G3W&881%Zb
z!dfeeC@g@YE#9|3f9Z*K>Kci-8B<uaxLEJa)ot>i20&rew58y5|Djt0rV!IBXmL7!
zZDRwNU2eXH1d1ieTLLH}@zmI)9BJSLcE6{!W~&BlfeZIgWCU&D+wVlE-9r_A2px_H
zkpZigwdfRRY2>598{0mBvK$SHrWf#yO5=7rS=ENJ)w|*PFyxUGt7jfjXxDepT3xSh
zoPfR~-0@{jCWN8167LRu3(V~WOS6<9K`xE8e)y}1c7bKy4m<$Kj*pb_f(F+b7etks
z3(iQ>F&Bk#oh=E|ihMjn+7i9~BcIxa>j*)E#;-6RJ~-cI%@XeL_V*O2=x+QTnc)L#
zY1y~zW>gVh49fm#8bO~T^^RkH3Z|obE-h(r*QAQZ09|#A525%z%~60EHF;`D*uPg)
zPIIPr%3m%SL9^*J7`!?a`aj3;+W$dn9Z*;d@pS~T2)^yG3qIb`T=NiLt1tPZM&`7N
z7I$OHdg5z9CqO9KeiiWpI$jgY5F6hb<6Dcm@v!+;899_@b1dhXTc2IIUK{nZVhOUP
z`gqr|YNCo$ZD|2#q0ryKa+lsGAu5&_uZ|P5swT--mq>Pvh6&PyI>n!@Q%4mDKHQ#A
zD4=y%<M3h%Aaqs3JgP3!UEcrfjOSn}mw)>LPM+6D!g|{l7mlGq{R0mFmVN6{Woc9G
zh-hVfF}TzUpFo6B&xf#3B^*B9Uuh}U#k-JxfG7wr@bAQe8U3YpY*ay_oCgj1&=7)b
z?+C>DJmvT8B*u^T4cb0+{4+_Tv_q`KeuJRBYQC-T=zLguBJfEZdiie0www9?8O=p{
zH$deP{_ueRF~gg=hWmb!N4s<*ncQ?@8QZ<GqRNKs{`Or{VMNsnB774n`}c7UBplM8
zF2kPjH797y_t;^f;gr42Oo;@I>ygNo`ieIBGc>(99Ay^SN5n1Ya$@Spp~ia?x3jnn
z{nv%PsEgdk2s?3fI55dYJU-hTk=srwyjP5`-YnwbZd<z-hq1I%FDxKG>xbkFR@6#C
zDabkP9v;9#-|;P2UilQag}OWv0ylM4_oA~UQe?Tn_*f`@J3WpeIVFn-ye#=L>w-Es
zX>Y3IDcXf*tPO1i5{nl;Lrgr~k(EbFd!I}BsqHlL>KP`&_4DU=_)Ms8o=QGCw;gzl
zDDbDV&F&9}%zb~r`+>%MMn;DIJ?rI1*!zFloZifk<-T|i?c-2~f4}2}J8zWj)h{!D
zN*|G0hr|RuP5$@JZ1jSx`#;LUzGa8`Oh$t<=o#^-ce1B?9QqlCILeCm>P_(DXy3MB
zYIOrmsv8Wd_bJo2h(vtX?@T6YbDq*ZlQ|k&>-1(|j=fdEh`SX<?GYD6dA%0mD)rlL
zKmkGf=ksVq5wAz_bkB8ydgJQXZRw+SE|jP>s*g@d^beZ3hkqUUN11C#m&ib2aZF?{
zLI`@}RJ2onWW3Tw+j%GJyr`n}g)XH2N(0&iwYXptUJj@S#ka&%vQzj-uDUw)j81Qk
zL}-GdNa}Fb>#jWP?>*TRb<aMx|LA&j23m3{-{zTWF7cwHGW7z>i)}Z~hQGPd;-ebI
z3wAB<jc3=aHkhtw(Rk@PPP#CmB0^=_6QyiG|NR{-t6<C?tMAa>6Ne?<`P%*z>oiC8
z%iQSFT~^h*Yp?K$77aWh<5@5@+Ca9*M=$wXPAB6{kvzG$&}9ypr(qnI<M4L=w~C*E
z>?3?9f!6;sW&A5~g?vD)wR&8tn6&qB=|i{Evdavm#%S=97gUm19nuLlyy)z2U1<5B
zaaoCczrwr=ET#?FYUC9_^Zd_pGRIn%|11-WE-P!lRW?s*jI)UHuXA;QByO2<t2tfL
z_2SR32@yW1e$K#EW)v9?rR<wl8a$^j6R3y<x0U$jcrLZw+KbMj*Og;H<K8Xy`cSqv
zLC-%NV`%8vvu?;zt!;_jNT6m=5hcp@pNi}m)<cvW?S}BjtcX%Ud%D<UaRBqJLDRt3
zx80F~k+rMb)K$@`-F>|0PTl%a*fPva$7ZtP&ii;{@;$lRGQ!5NUL+6h>T+_t+K#g=
z!U1726rF^&J{h+(sV$h`_ce~8=A}q)qGFQK72mliA^KWVGGU7*ff>YXG#Y*x725fP
zs!z8q_{+^xxnNdoG&qKjxj?LMh|h(3qZp#FBqcM`gfA8@>U|9r0Kzhrr(-ItMxI&X
zK<h`rgYdM!PC8`;()nbfx^8b8KY~_=(LkWl{|@qfeI7JOBDXM3u?n3d7ePg;$=P+Q
zM4t65zotXR!MWb1<na}Ps0W?hYSq79b-zx0bh63ugPFkIl=j63&S<uk?ykFbL24Tb
zrMPJC7c)U?;S@aU9)y}lwJZH@<WW;)rk#ShW9!bWo{+iuAk?A9mskoq=_1)rNx85D
zI`!J#a$p~dLSmDn@^oL0I9xmb9Mg08(Ec%FCs~T!A`5+I`0HD{r%9+g{)yJD3kw@|
zx+R%s)Z){PtiAF0E(@fWm&;4oU7bk<vHpMVo>oK<Q}a6R4&T~u4)zCK=Epk{l*Z|d
z&rqRax0~KR?o|u;T1p#A$Ov?N(@ZJV*fG}B7}GUY4gDrPac|y0c3vBjKBq@y(8w$d
zSQD?|GMv3>#J(v;TU)pdlyChQWJ8rcz)>~e7oFB;R8bx}yU5j!U?i!eHV8MBaH%Pe
zVdzi6IMV3sEy9n;u!5GR53CDb>Z}nskaHe|FALC2mlsrYbv+-hw=grA%=lD$I5pkf
z8QxO&0{*z(-dZq6zCKyjLoeW?M(Wdj9>Zh|*nCJBzxh}oZB_y;B_#Qh79To$((%^y
zw4js1tzY0jLWX4+f|kJwY-axFWoeeLm3lTAMn0?E%YUxxc}2u<-q>@9L+yzPdtT_j
zvG3nv!8hQ+o-j(EQYtA#Oio7!`B@hvC>Z}moUn!ijh;Up9ZW!r<Cj{2NYN{X+t2ti
z@jabGPST?ZuZP<zTl-wizCUJq_q1md7RjKRry93rXNTCF*Nx90wHCf(aCMr3OW-6H
z6|I;B)>+vei1TOJd_$pk^ke_CCv&HSlkkhex8~?WS>!DZhP8c;apKV^C)-^Oh0^|L
zp)i?UZ9Kp&G4}obr7p>BJ^!`W{SHs9#?mjiiL%>tq%c*(QQ9j<xh$CRc0&bUjvLto
z+W5+1SPJEMFUw`@*B`nx4_1{ii-{N}td}As*3@|<gAHI?)Qr|6;_<SA`rEfp+#6Ic
zsLXdelO%pPTg`lv>sfwYki^=aL}!b$Np(ITXtq4PS06u_R?i^E$MM0k`a}!wOL<_a
z)gK9QGeU+|b7;uTb<f^m-?g~yE_dJi>k88oui-p3YLnlW8fffW`ukr!ZAaiAZULWK
ze<1b7x3Jpd%AS2qJ*RSiNzSkbR}ocXfijhW2>+QM>S-*;S{g%Ah57r_xEJMJ-}hdb
zDaD8MO(YSbsLQ5;h$AwVRJ0b;2))@gM+$~?p?9=q$=pRwYI`yOwNBYhJLZ;*AbW>{
z>39q#31=69T|G`H+G6YGXm0l)%y0SkKtt3~zlDwls(P1-UBl>s)6R$%3TCa;Men74
zIOBywj_p8>++1=;Lkk(NQ_pX_cIo#e$`XRdmC9>Oi@c883Hj5s6ch|jb2lIJkt*n&
zUz*|WhHeZ*IaBv0aqCUaQwbqxTldjQf*J5%0tNx9Ms!08AB-kbx;gYF>9xqeBMxwb
z54<hdFJk#`V<J*$9y<S`qcM@8Veff^<i*Y7m0~|Ar0E1xq=F^T?E_P8SEMG{PG|`c
zlJdl#YR_m!PO2aEes0pCIEwfjFk3l7NuJ~$dVeAU9_{OoH<d&xNk{5k9!?Q4S-^=n
zdiN{ZGKIHuOHn(rJC@!wNEOm&*>K|OGEw=k{(Si54sP<&e8A~shgHrXBU>>XqsF~(
z=BknU&`aW}N`>PKmwg`v+ml$)%u<}QrpdfeoX;nF<LXT0_Oa$OrE1mo)$-rv+!VTF
zUr^UL?tQMWt3hvW+MTK!A8j9PVT%4FCurIlEgs4{2V2T>ESj;uu_kg^dq})Xu=6(Y
zIuxV2vcQ}jQH-UgJH|(TFI_T~Eu*2^c8|ZJ>x#mIW}xBx=VR7g=d)RlTn&BTR|}Oo
zh_vA)b=XrSx@&!!_)+7M-0KjTdmJ*BU$trLFwjC8%Se=kC;-`ea&sOs<2ijI!KXR_
zL2HP*d-H{ofY6ic>=;k4>`y#qomTJ{?&O;d42y?4j^Eyp#cOj2<ySjqx?haCx0L(V
zo^GNevT9Us{Xtv#hM#bkNqE-mXffTB^!rw>JD!1Bz1&hofI6R?UbLWI+Eev9r0>hd
zldY2>o3pMT(^l_J17)4(dzi^6JusGJ@+;qpM@OfU7l^d`6$OSy7N*VE{w_1TC66Q8
z^JIJ<_HBOsYB!Rkpy30u$GMaBg~7x3d@c%mmQe{Y8G6LFT@Q$Ot_{@+_a*TV37acw
zrRQr*j+BYmwozQX+Lc^Rb0n8<StB;wr@d$;!<_ftv4_+4@y)p1wH%&Qp!Zcj-?Ry&
zocAj%u0(s&`&b{T_*Riv|6yOv0(?bt^j3+TY0(+BCdb}f|97@{&Wqq_d3l9#VRh&1
zzuREflKOX$J*NetuFJJrB+G){I_tkpA%EpD`*Mh`>CIc(cge{@TlnJ&U;7fWZ{Dj^
zBDzrP(0y!GKn?3;cs3bS8LFDAH2IEr?B#TQB3u1yXbwz=L`UREq!VRmE_Qr|{>=x+
z$bNnl;)4+mBD*^}6V(Pw*K?&KCp=3hy><Z@=9ltlgm^7IQ##6cO&<9SDr)3rp-g_a
zGwE?Hzc;DnY$qp9naZ*b8>8P!x`=5a1l${9f`TG@3aS;pq)n?;pH(SojzJMQ`(h$k
zckLh^Ns*CXJ&bMNq7qqmjp8a~RPwRj3O`q%5(&^`Rc&*V<G;$7=hFh~Akxu7-26s<
zDawG&e{=?6*88u1JAU}^^HGDm<5GLyVUkTIfSJ_?vwK}w<OCxnahTA_@tyd-v>ehR
z=CEQWz$E>iZVSV5?+QXhC&8f=xfNOWFQ|l4Gij8Hg_Fs|a1fl1oqBPKNaYc5onn%B
zhP>oB!KgNebJN()zEUxrm}CgRP&$}9uJ{xE{TI&{Xt$<*`xONPyFQ~XlDAx9Q41!P
z#+S5laUO>nRb;a>5}lOqjP-gg4uuv;b}QxT`O)|ccb^@}uDZF`oZdUK8+z&^MQ0gY
zQ|rk(&pzJZ+<(p9LGZdkxJ9Y({QR3<rn|o_k3cCxMeC{NWmgq}eLOJT^hC-q#c}?*
zXzX1>W?KxHeqZXe^QuK7-RU=P9OvB&jmpSsVO`B~3%gXl+x3Uv({c>8<RGnXH(_)~
z&#C9!tY`2J{cZeu!<+|B36BhseNG80goP+WycmR8irq<k_XKPXfAts*L+?+b6V0;f
z-_kouCA57zb|s^^E1RQ7vu*)-K7VI&z;jUoJQqpd{+mqu$kTYch1cF<uHer{7afh2
z$+29TJ)__BL1bW#%HibWn}O@RpzM<FT8)h=fm32%B951T0JU!NlQ#ypz7)$#a%(?+
zm`zeJEXR(|z09bW;=Zf3Q(8x@coo!QSbJ7vqbCy;>vi)jUDK>xDf->ev#<xOnvc2k
zRs)OeFVZCD9ed$kHyRsF$OT1cDbu}he{rcvZkjv>B%2>rDK^w_7M3oS^}$_thrJ}8
z9Wu;6A$*Xqt6S7G>6_}ZH>%@t!>7JuAB-3^mP671w9%OFEwtFU=B41clo^jrR6@vK
z-l#w0uXc#rlEjFXBzKd@XU(@E;V_SRh^jX_i?t{|f-S6*VS~;`=r(Z-lO`u}YY0dq
za~Kfad=My~-*4Xv7nMlRhBOQ^k=_(G*o|8fdCu+}4$*2$xi>4QSt0pNJ8c7Bl_|-1
zjTF(#d8$vZEMz?|9JtM!pX>=*H*y_$<i5}T{$2VFwY|B?s?JvV&bwK7D48LW7nHzq
zuKLXf4l^oX7~-JnTI$bFp5olm{@AY78HAbUVOgA~Rq|F7x8d%<2%H|_5}L5A*DJw?
zLwN%$yi3XPQBm}NUYskmtTa0msr_!x-*2MmyA)9_(8>)}E>O$WyRzMN=eB*S^@RE2
z4YI>YsM*soD{{szMLnLXKnGNscx{(&Xjks(IQrr2SbiP)LJeAn*Ck6U<V%!XJ$ciM
zMufUNv&U=^w<&2H#N?fvh^t456hm`ESf8QQw8s(2PCx#mjRn?j0bWs)TGHG-$oye)
zNQV=j8s1+ww9r1@{I6g0X-n5+Ivhi3hZWT3VgDzAJoJ5F#lMO?TB1b@*R(ztfegG{
zQdO4c!{{<0*H@)2$csaPYdQN9DX3ynC$kgNO&XDIVNr0=Ewo!O*4Q^6w~a?VhMW^~
z<`wjTYg4_sH=Yar7L#+q^^63E^xaZBCdk2_Y<Paz;1$z_7Lp03(i8<^5jj=7YuDHt
zxk0j4w8;oQjQZU}lnQ~VcfxUQt#(|=1XW>a_?=ma(B>ftNYL?GcSG23br`|GidTN*
zmO+BjPgP;<=Mv7S1YBI(iL&&q>gDcP0W*Lao1gjR2)fi{!7L!q1oyf5Ko!QIeU_gR
zCNuYL(p;p3!(>FWr`ZPU#yerJ33c~nMnm}FzMfo9tyP1H3g1rTlHhtp%G$AY&jzAk
z9tjtwme<bvcLPC~-$KuE^yX>}lEQ}qFav&I=X-WWuu|!e1HDSl$=DBtH{>kgZa+xS
zc3rKpWM%lv>W|?|g8s73e^5@gHb39%31_S&D9XsFvCMT>p(X>V9`6Q2@nIQ7vlh*S
z)UQ~R=c$4oTdrc;1ra2p4sjO3WvJ%#1bdTv1~RGYcX*c{EzO*-mUgkN{dUSSl*O#F
z>iu@umTc9}g~UXN&q!#QjP`q$`p8b!oM8`5|HO%FPaP}#iHI0*q8BJqd~9NMAVvNs
zUt4|#?#I<<nq&WC!~+SRi+Cg7w9fykhbVo%KKocoAuBBPz|xpLpN;B=($evJE;f2~
zKXSMyza{+5O0H5IfC-bZMoPJBXrL&Nh`Dw8DU~|2noMW;m734K#*N78vR#sjk9HU8
zA(7<O&MqwUEuMu3iw83*h;)Q`K$e2>WeAuor{g@yJ5tcLC=h>a*Pp4SlaxcaLzeBg
z{EV^kK1ZUyb(R{%km-Gh8?M40ZZ8GR-eJpNXK65=m;ZgHNng*a)9M91@lRx_du6Hw
zB(~o&GjOhiAK#-GfEPHxe#<t!)Oc=!YsuoB&+J6tZtRN0am8wb1O43A@0yw!hmJnB
zj>^Tl<8FKWaRW|{V^oihnWrSeOY;aGE3sX821z*UbvON2-_zVy(ubUKjd5HkTSJ2A
zEJ^QP|JcVdh>nJJKc@c9K(`f!2Wx*+v>dDQhp{b;oifT{wq=6yr`>mZn8D9SR24)%
zB=3NVLqir;5BB;@4-beZ@Vu~MVbobAMO*MyXmDej9fEtpbV5|#YP>9oxbquqR`27=
zuXoIpWr2OBa9dQP?oBppb!!`_d=`pK)veFYX=rbxfsKAii_rhW>B#m{8)<LzXnL6T
zuKvQ}Zi4ln$?rZV;`R1%1(A-|e?|uPpHLbh)`kxx;@JJuWqW{@{0!0kr(0Yjs!EBG
zXe+J;(v8(i=&{f-T!j_y^wl#M`Ohpy-bXshN&N)fK?<B*C*LeTzkbiqneHd4zq02=
ztPtm*g11zzqL@$Yk`h{ZWLUL#5V%}y#>B~Fg1oXOF4$F^=Bdb8%1FZPLIpOMnqNgJ
zUi9_{1_pLD(8z9*FCk9k=(#PajyH1UJ(Jm3HzqP}{!R6QeZjh^EeYwY{BA5Ou)xAh
zq)wSlM;%saHdOn`COr2=j`cV8e0#6FbM@Jq08N`uXnG{Sntz%~Ja%b|Y$CoqEoiul
z1>(6}y1l6dl>`eNYE$&+M=L!hbhAK?y#n^m=g8-~jbjmeo;5c49c~0#bsI0`pWOzg
zy>_Bby}ntq$_m1<ob?<h#D6lDt0GC$u%8(aSZ8(oO=2+K_1%xSi-O_Chxr}`J#oqi
zgm8ONCNfI@H(n@OJQ}HA_LCVeE}R^GJ><;GZn#r>F`E0HHF=s?LG$M$BIeyc>P5{K
z*o&o@G~1SEOk`OW>UcC0l!1B+RckNfPb~%nF$FIt`j=}?zMIKX$T~0K-x;U&1Y$(#
ziignG5Rc}*Uc=haU-^@(L^@exq=GL=g~WCVI)q02x7iC=IOz?vp>}7fb%5{kO}`wi
zWg8?g;blK`kZp3}WoDE+el<W@?(Es`#<!Tsj_*9-K@ZdJ<dEF{V+{C@jQ!tF=5Xg9
zzOh0p=KHtw6H3JyM91GldhRmDsSHHH*2-u?=Kd_{P}DZ^;CQ@M4@0y?ey)r%zB>)>
z0t>sPLPrr@Y|<#XKQ~gRyE9oZ`Ol~e&OI^A4ER4|#!Yb}Xu3}Ork4Y)2)YYG;s`lQ
zUaC}%^iDMuy<CFEx%NWN-IE^?j+gnN>aBdDO^d#BTX>#$wh{=+cYoWrA%?_`Cn<>(
zUBiOPuVcIM!%EZ@@PoN)9;m$JsuvzK6s@O1%6$Xr3PB>M1t|O+y{QxGfUX(lIhCRh
zTSp&=C95IQT&}XBM<P<EW1-l~D0l&<(**)?23~oQr#n+peF>(A=h4wf3r2sw9Hbxb
zjZedC>SU(0tm|`}YV295Uc-OvI1EA6Zr8MF@;3R1?mCS(hV3Hl*IkQBO($iQZ_8dg
z?oR#E^Q)m0X(wmT4_FsGq~hD#e6_WF(9yomHFQ+*=SJRB`!f5q;Rg`|ZhN)Gl_UOc
z-A#Lsgfk%%cBqF&%Jt>(CQU?mot*MbjRd7gDC>f?)Aodc$mREL605$Lxw`7^$4kRb
z8}lJqmMLEleaLWIy$>W84X)wRhwUQ-2D{s5VM043WQv^BTpGtq%)?%Tu}tmI7rHxd
zoVSI!J3=uLn=AUNuWkdMv5i2^p<0e7U+yx!{-hRrtXXbMd;O42J*=K_I<q*OtyMc*
zl53C(bR>}K`!Z@UjLzIcgZHjdxsRCk%GUIj@~7AzsO>mS@5<zL{@$*L@s$IOIs_3G
z)ynhn5gTH5oOvWB<6QtA8=?R`|B;nK(X;<!in$l2{Lcs1G!hhR8*Bp{+t=9jX!6s9
z7nlO2yFjJA;J}$0-Z|KWsSk9zwr8_WH6q>yV6<;ko`hNg#K(2^U`F&)r69GYnR|Jz
z+9CJe-B|6k#{}k%-7ro$piNrF1XQ#Yyqa1a64NqUGUVw{(XaTR=cTzA`YMGK(ABKr
z8}^DXU=+=tJ&#vqFNT5+!fBp%HhG|i2JL+fPJIhciR7kmr#Uhj=-EG`>4OLG6Q_OE
zaYX;gMSmsaj~vRY{`y*ndXas>K<?3Et&V3i<k5n&ks^$G*!Ap2E>!iPP=ouJ&19<b
z^Y*ltP&@x+j4ZpJs4v5xZRRzip;;Qg1$giT%c+06@P0$t*60o<lc!yS8YM{>AqEu#
z<PwV{oU7b%76reX|8Roc7EDl0jNne6KjW|+RK+iU+=guo=hTtDqN-<6+-<Uv>-M^{
zh!m)+kuLd8v-}I~#npD}T{O0lM>>@V1dF+5(Ur)d1GBxUAm=3~lPAO7rR40%Eyu3=
z`Sk4|wOrSA6-7^c+CWU8tcTs2M>dn0j>P%t)?UxZ#a=$IWeix~`t**lXjXV>IMDM6
z+mS-KtO*%)JDEwVKeWT6;^XK3=b(T*J{gYT46V%1tCGm0R}W>e*_*o|cC5(5!4bJu
zt$1tUa#p9tqgiI!W*ju#)^2jpuD%;*mR~QDaut^_*mV}+A}fJGLC+i3nQvUAOFva}
z-A$t3`bsp+yEwgi=}nS===Zm7sIv<30>^f<mtm{3X!wg{GO|$(D!&vYTehsKWp*of
zTunT*7)+)zKldix)jc{}42xc7kJgHMlT_Y4FMN|(wNPzy^u*=#qKgf%h8<)RP)F)?
zmY$4X3k!XE<+?u)OCc#dZy)*Og|3R~lU(R2BN5AD#wo6Se%AX~3<=TA<+4re@dQ|R
z->BQWjUB_kI@9dQ-rV|%*-GhD_Mfh<5F$6;UlU#2WK+)_<&oG)Eve~WTky%Q?SvyB
zX=c7#k|Sa<mZHRlMO=Cw;vO#3^j+%~*|r@<+4E`OM*nuVk)w{d>@)pm6woLLnNKxS
z5)+n|=Apmp3)^QoLU(_Y?-mc-jqCer>uu$IW&<L*x8s?09V^?3SFBg$({Q92R0bye
zzA_>_G&qkBSdr9uFJZuDT-aQc?P^!Zl8&ZfGw6Q&T&+0sNU8h^>T?575<sU);E|AM
zu}aDB(n03bx!4wBaC?2RD*VH0uSyUYO@LOqV7)esh`l`<DV|A_9*}eij_-g~{<Lxz
z=<&&{08c9Obu2x3yq*M*poJn)3aQpOe!EB_N$=++&K}ganNzXf<&`mVm`S8nJ<V+!
zL61v6|40h#ou|r~Rdc^Ia%!J`f4s~uMFBmnpr;hdRnLywo~lxe%6KiKU-reenJ*iV
zxgc;AgzEvWST$On<u;ouvM#kJUNXrS$zT&Nr_0jVuejx#tJcRnJNA}XUzz>itWVtW
za|$zY!n9E_iPC);xi+39HH29QGk~s2n>{oLpGl+jrJ7L3gOrDt7#%!G`_%Yc7|lai
zdT(Cpvcb#zp;&iH))*^;G;pgNiQ0sim>=W$(3XX2LMHEt3@mG53K*f-6^?|EQ>(_^
zV+@8L4igPc8%&?Nrk;>4gcF|e1Rb$pJ%z8eU5Al*#2@ec)&%lj12M-dqya3@E*iD4
zOtLwu(HkMevvtZjMfY%!%O;%)bsj!OWrD9ioa#XT<21w}7ReR9bqSK-n1`yF5wv}w
zzY>&F^a1E{5=)~w?21GnI+(B@!XAnwOf(@TL2Q%Ajmjw%ioT}!E}Vg6Uo2_;A?cwt
z>6!zU>}^KCClig774zBo;9H&g!965ut~Phw(DiJy{NC%P_k;T5<>A@n<B_$Fbs2x8
z5(<Rm%EBsfcO!V^cnnc4ohR-Tk-!^6(qG2hJWp*)(jjb1ZT!XC@%|i<89N*)*`OCt
zHY|6INBJ&mSpOyzf6XEPlaK!W2^<N5FZo`_7hIm4p0;1e$iwr2LVgvcwb>ti1<)L$
zz=0IhM|O9%{uEg5yuQ8#s2a7zoR-^LKjj3jnSNqx*eTu{Gz{*AY(V)A=FktrUGCpA
zlyYdvO2;cEBzb(m+$-d;Zk-(ST>V4&_7ro@3WH1n&YPT{UBB3&9BMYv(>aV0HETVa
z{4-}!OIR}9>8b@lPV{gwH#b1@=VIOayIWeXo122*9qSiai=5xQ{OEe04~udqGi&i_
z!UN7YKn8-BZw12;Exw~~Y;)+PGo?g<Ct&KbK?bZ}tfdadSx_9wUuT~8C1P8o3vOhT
z#{6#8heGq!D-`nU4&IuKmzPl@SuIImzF#hPJ^3(MWEOF~zl2Mz1g~V#JYLKD<MBr`
zFW~gRcW|)l!PUo5*2;L{6y=XWp6aR4BW}g&iK570D30$$IEC+1mX@CHEY#+$PG}6b
z53QCZZ=`Un!}${J!(rR(Xm;k}{<LyiANXIXY)Hb|8L5aa^f{Q+CBK?Cq3X4r1?@~b
zx!&x(ly4_{cXNC*-V)gy*pzxHgSRYNL7^%vAd408f4U3*r{n;yIdE+9(FF$wzw6-B
z7Md(Gix+V2*>1{a-o!rP0qY8>oma%0AO2yNwz09<Y+iJicc(ci#6XMmhBczrXrKTm
za$9S5gFwrMBtA^ZERp9`Rsv26*>sKKYo!nyv~P#GNwo7HE9`2LSwuL#u^m>c1vOBb
zyXjxE)8uU<PF7fXp$HQadk-=cL}yzp$6&9OY+AyWr~*sZ1Jeu^&Y)HPW?Dek`vPb2
zC4)Qf?*l`cncnRLw;S#-^b6Qr&+{xJZhq~zCu{Zs*^Yh-?#Otoc;jQA+KVFje03za
zQMB<OL<ni9US=MBaVP(o?frk}`R^~24G^IRO$SsA2;;!;z5+nTpMkY92M<Z(biVot
z9v(H2OT|9Ir#G(5ZMeOZX<4H>9tEI-kvg!^)Ab!t-jOZb-dwE!hf*Y{Z8jd}*!6Qu
z`umNUEP*sBPTT9|Jqk8CBd~U)jUk{uf?tS}NUiq(I0-W_a>j#yY2;iP5~yi?SF#p)
z?_!Gi<9XFrscIe%g0gf^+=~@}BeLd)s#n=&F@7kOx@S(1VRuvB0NPctZrh`K0*F$+
zhT4{Doog8eDVIDDHPGCrTWBlFB0#+RBtis(g4a>j^ZG!ti7<kco2txgJnkMK1(@~2
zBzzaza0-dpb>?;iT2VMlyQqrw3_wNo0tcPAyYoG)ne0fMKr_?sK|Lf)Bl|7c#%ON*
z*ynVF4wBFtK*t#_XORPDRGz+#hr7=SnYDnMQ8BQNoZl64*x~{7Xs>v(of{$jfmme2
z9IO@V?9HO-a`$M$02#Bn+N$I2$=`785c^|z4Y-M!5I5i2SFblYr1CzUM?+wO$<ZO}
zle^DR*>5yWw7g5#b(t)62)y?@JxYwshmNjD`d-Zy-MBsFKJ}Jsbz5hjnT4`BE?^6$
zVDu1Q<6=TilDjrOuJQHX3{rj-{K+=n(H4v!pHjmS*#1@2CPqSKAi{W$M&MkKECzeA
z+%CttLfE~a_+J))(mx$N$`MGyUiW`9h5w`sPoc+1lw3*NcHi9r`+_EOTmf?fd1w}p
z@pBgQfMKx*h;Bi3lq%o!gk0ziNOnby0Igri-v~&QV*taX3y2Hf3k43=fhCMT;=F*3
z>6Ow5*eR{w9rK+2wci64R#tv@0K{$42wgZl1(M!%bSf@Lv$?PQHc-CDgA=5UT?f##
zhXCc1qlzKI9W*%Sd1XPwrXMr|G6#AVzn~o;#f}9}!2r4s+XJkh(gNsy`WqJSLM&2B
zXE?+HXf1(9lT!B~34~(E2y(azs75D$0K03r#>r}j84d^Fj`#I|3Ka=<fxcxysU*5L
z{Q=M$a57@@(2P7ppg^*-syzq@eh6C?P1}EP4sew6tjhodBuiJSsMF2J5Q?B<1w%5P
zD$NN-gcaKJczE9dac=Gr#(`dy?TS4{LK0Yp`t}OR@gs84oKc#`cd9|aibcP~wxL)h
z)Exk>XDQ(6Jw>N#zjyF-m|V5I05Ry9H%Ykto06B6{Gx~&B1RA<>)@T~ih-aLGwI27
zI_^S~I<ax9r^vl)4KDL(*?!*6dzBaI?L)uR-RH18r4})MZ62Yh!qCp2Be*;HZt2F-
z<F9~@!zEd#%bVToS;LBcxOY`=&ve7E(Qr;9JsuUJ0Q>Xvw?HKF->3g?DgNK@K-rM?
z3m=1Dm!$+dnDT9|c0;`e01CTebf5#5In)_YRbG>gSYsd-PL>$;L_L!k+1Xi&5R3y@
z^Y`NJ_v^HHs)gNAipb$wP}>FPT;*Re%o;a<==6MJ>{n9bC?*w4DLc?0`WR#HdKzb&
zj{eNQ@TR5!21nv6kkDx$3RE_wlO8s|!nX7_&IRidcsPOv<_7~$DT8@|D=!o5qowB(
zO){QNY((~`kfjXv3n8BZdw!ELqiv|g$Sao(;`fEHmac)Id-Ru8YY@%{EG$2eLPnh8
zSUOk}!iAt7KJv^oG!p)y#^^h>VDAh4wWvq`ZHCu6Nvj(G+AB1{R6{8QwZNimN+?~k
z&0r!+#78`x8CROO$v;9V^IKReNv7bAlpL+eTCN*eQ%vnXj^K1=QSm{LhOBy-k-h-?
z#prE@9MnamlGF9r*km~K6AubMu<ag#lic+zUL&Jfc>2k`7xwRuRGda5uh-o+lSLlc
zBR{m>hg;6k+mMV)E2Uf_`e<r>I+u6)iE~CVS*bjX8*$O=F;JqwPJo8QjBr!0m{t5V
z$!py0%<x+H&3^b7YHA;L>c|82tHe<p!YsNIj8K>VfzbW`mnXPC8zqtU8zIdvxq5-)
zRYM!v(Zq_a%bG;lTmxv%uSOU(_9-*Brpj_3%~1A=@>{$5L9v*FTK0V*=4ZRJo27x)
zg{%?@DC2~+_cS1$px#ITGWG*HUgJEVdVL2Bk-u9V?%C`<FpX__&S8-0myyGx!otJH
z_G_%s;SaE|T%k*`&lM#ozlz@B^gltfaQy-;#u6z9miG@=@3UUx<L4T@CnuFh33qs9
zHWqX5BNVszh&WzzZ%!n;**?c6?!XKs+I3YX1z|=Me=U7L?HRmkM<2-_)a_$Muu|sL
zN9mzXyE85TnT8@kHwWCe8Y!r-@|GE4u?^YvJ7Da~xoOw%)d9c*`)zBDR*lIrZ(Cr-
zO50&*$AH0*f(hAY5McWcqXA-!E9oCNiZ?Tw^X<@TkFuJI0B+-n%*<!!$%;Q3ysb*{
zA{~p*EL*&6o837`@Y4p|GWy+CU0E$>iMc(WhA;A`;Tig;%YL=Z3SK3yuDsAHR3z&a
zO%xxDn02qamr9qAQenAQ;@E8(hB|frcOv8Gy~HhHjFIr||FW&`8ygTFL~Aoq=Sj{#
z?nf_KztmJ>iZBOVZrf}Lpq_D@EkC{!77Ji&xH(P2Am^KShSACzgqpGfd*sKf<%p)s
z4mp|s9w=W3UAcFh`+LsTIE`mO@kLlx?e|*Hf_CQ}fhCl~L&&frO4F_14*G3{rmdr+
z2UuE^T35-tp8yhpIM`wxa|X<ArkzuE1N<su`I-#(`sCnMO79+~baEqKRU8A#T6;Nb
z4LEQI@)|XN0M(Q^>JWukJY7g+cLMDQLV9|NS&hS(58wU8O3BC8d?P{^%%)bh!r0^S
zSM$b){b{3QJ&2Np!3)HOz^i{*^`XQtv?_IiDsVhM?#Glv*2m8o;6+Edq7tr+Cv{R?
zeDh;&1nwMs=8h2S0Ov!vO8IFT`x<a8o+X7w(|9gNP4Cgbu-P6U+;d!{d(MB2*Hr)K
z^_HSEhV0`q7=LH`gW6mcz1KNO`S<+G8*kpo$XkxG2GGc%lpt8rWur>$BEC2~Q^Uj;
zVT06zXrGyH*YE!0q0WcT<{nUwm6-YFK>12=C8YoW^4m5a>vPd{?abtM-K`36-2X(^
zPgd`6FqD_SnGOV2I#aGiqf{3O0JeS#y%Sz`x?je<Dq_4<uC6YrytiXx&PrfC?ibmg
zXzsPm8gwTBw$ixl)t$X$hDRhY1ntcnO|kXAn89Iv0y)o1z|{%8R~{Dw<c_v$iN0je
z8u*G0ccRLyA`=L@6TYz0<n3Z{mtIml*ZLLkm_hRiftV4^GOvqff}y}s#O@sI6K{nK
zv1g%9KE*wmxRyFH&awG=kVfODQog=MVMy2N3w7lFg;Wh~w{bR^GzY}m)+5(PbO3px
zv&+!PeDQH_uXe+m<Pn&ND)xBId=#Sd`6vU4^^SysjO$T(x(%O;>;ul<`&%m4o09=Q
zI+th$fN1LGBtAf;DNL3Im&*;wIo9EH0@bxgmG?0f(j{Z@-QQsocm>BbFQk(!KxPc5
zLEvMwC9rdmK|HgwXyzv!X}I^ae)?1tST~i?4=nIq_qOi)eIHJo@QSjXMXf{7Wf(QV
z&UfQz!o*(CRxdNna)B|45zR#Rhrq4N*BL~{7MqfP`(rnA1T8Q|1MapOrM263QAeiz
z#xQ-Hom1D5IE4b|lmm9b)^2d1d^dCLzVGqos0;{vS!YWu0r$v7aqnG^qV1gn;6a!6
zyt{F70l4c|walt5tT<<<_pfI$RpXU}+UJFX8Ql4sju~9^<!eBJW!=^6dRJv?@F|#=
zs)oZVvbD}FQ#Gsm9anKCoSW3H@8NlG;D-lZUi*GnpI;u$upaCSOV5-khIdd%5A0Qz
z_tYYi12sTrxKQ<JmbaLsB+-GExb(|ALr(J<#!sKRR<9tpH>}9~K8&~5C^wZJT#b>?
z{lu@RD2aF13JJi(HgAY*`IK@&C2VMD=+dkX5G<9fm}J4mFb8%C_LY5#8PX38o^|${
zBhLeqFT8j-IFy0i$8HkzLn%uU#M}X$c;GI)unlB5EKdMhGzR2-8XroH7e=|POKdL=
zSB8PRqCxSJny=$NS%Puyn`zH9wlY^-gdi1sPxc>3cp!q3Vx#i}!vwKb1bbs+ZT|0`
zRKNEFLEeD}#3A=Zk5E2@68-{iu}dWYH)y-*o_Wd;&~igR5<-y#$_HiFv)y~r<7Z&k
z*${x68{2_d*)XtCnE)h*<(HvaK-T!p1H(1@{XJ|<k6{DYC3=DXO7!89Cxe*%)!Ch(
zn-OAx;z`|sL0lqRjLTaQgH(~MPr)=VP1+0C3|{*iXG)vwroGOpdi)tCrttEUeyTxg
zH{Z>;Q{CxF^=z)2X1rTLnPC2z$H1f!_Q2d)vPbGsUfEdUxIpviSb_GRVyfeBX-gdu
z1kHPfT~Ted7qFN27!bPMAORO?$vd3JCYJ_~7~lWMU8(#vE?ItS8Ja!=Ekf}uCEp~%
z*!UXPL80{$Ya8qX5X|6cbr>WvO4bQzoENQJ{QZ`<uW|z<@fVTXrKowv+Mt`(H-8IO
z@8IxliHA@%MHFe38h=*$snpf%rIXozV0|5mxmX9ZEfdbD*q-~h&gY`?F2Kps;jGJ-
ziF4b6V-0|ylJgK8@7hzN9BL%yQL=Wo;*%}T3Bb-!M3<gqduHHwJ6C9(Z{8Cl&bHP^
zn`pNdi{UExHl8&a?XnpiOJrwPWsUpl{Y-<?n&V`d$+w%G+45Ixfx~1kyQLf&o&Css
zmO>v4JiIoLM=%dh=FSwljo!KVI9rWbY`DWSy|!4l#3!ZY@l#|T4&Bdsd4u3v4vbc>
zK^CG%gT9P&&~OjFBqX?F<;B}a79Iw#<hxAoh<yYoDai8inxTAPmnz!&XCoUVEUE{S
z$W?)~^_etMO#qWQ64aI%=TI6EI0Hu_2S#d_pYDJys!{7yDtvl~>m&5K#*HRpBlU!f
zdVYD*hWtUn+~2PT<tS`^D_@CIf9|7XBaYN7$UYmIfC*SWZwq>uq{EhC$}8Qm(V#Xa
zx$})g$71Jcl3w`y;!E^T07!Dtyicl#bg462+(=fK0YE#nRPbUM??^1r+v;ewZ&)&{
z9A{sFcBSnUi9pln*l9|oK#L!5QxjyIfzB18k0;74)Lp>Bu~0>c%mD8Qo&(Abn@qq<
zN@~Qg@&GtWus3m7nubo)KBzEMAZnf3f|{q-D+^>qALgvL!4eXN5~Bg&Ebw@LznBcM
z9;^;jXXST2W_g=HAs+mg6=9(_k-e|+32Bg$XwrHQ*ym(*BB}SdowB~@6M7Hm;7WlX
za^+XWToi}JlvKKizpMr-t=uC6ocef=Anb)P*8COhra6!!Ff!jMkT*+S2B!0na;9DZ
zKa$}z3m=Uwg#0eS?&;K<AONR8O>!>0&lZ7Gb9(KL8!_CQdLBZGi3A?OOL^Hh2K%?>
zSEpq3KeVZ;PEuSw@gJ@9#jBKC%+e%rSjAZ6-bLNe&ncoKWBMlv-yN%w*nAE+nrSeq
z*q$y@Y+2sCNwJtZu>X+y40B+s3p_d8@CUwA^9y`-tFlotWt5<P8&PEbCU9l`d4)lF
z<AZCq%d8#kE3}SRZ<g(Y*}GbtMIh(zrf|d2@pbw0DD-F<pR|YyWTNUrGC)7%eg$0#
z;Wh9N!>vmr5iyBhvNVHD@188p1^~wN#IwTv;*eE*X$Kp<8LTr)y7Ghsf&^(i2m--k
z<njU+f*GDxS0Qn$@8fhleWVV(vY=;+U<(l=DI)wK5;EGmK#n1;LvZz6_!=`mmBPLh
zo^-}f0y~3+>|Jb;aQz;jA5~f&M&|Y^tm2D3JHi-_sNx4(2TD#2c<lttsg+RI9<5P|
zX-a`^%r6VS_2gG(aXY!{75QpLqT8UDAMI{oBe9LUkkx`n_iq5S!{p4Wd%C++4UfZS
zYp+ufZ~yy#&VKg(*!9Ta$mqzpm_F`OV3o`PAvL4cCZPU2n>x}S>D|;U`v(6ZZa6-o
zfKxdBuvP?kd|Zg(LLY=1_fkv@p4L%-CmMMOrK~jreR?dMB!A^*6DqovLgHKeCIa88
zbtKdga4-lh13kbllIVj9c&I;mn+!SH?FQh_vq!kV!~L=SokW~bRmA84@+Vd$Lk#We
zM*FVmnF7|_ysu=PH3lD%MUx%b466by=r}#IR<myRk@Tab*54US7k%>)LOTkU86uE`
zYAl3FgXHQv+Ij~6fPb~F*YFd#mG$IPu3~V<jWl=Y8oy1#AzX}Q30j@60;>S&?r9xp
zXd5K8<hlY=oQ~V7CPNwi-k2f+0-}@Vv`?+=5v>mW55Juq+<-Gs&NjceA3k2~VCM6i
z9CR>FV);U`aRgbu`^P_&X-^XPD2qWMov{m|`hb{cjCjMomQ><Ax(fCjoXheDj;)s0
zjl&Y*!dZU(rRmbtw+mN>kvqHlxC^2S72*%1Yc={$l;5jcS}qNviKWcPoIEB+lb9EH
z(4R0;CSp1Fw$bSn)Kkwm2`N!*=o@MlF3XRSAGJr{znPvRCW~zRHjqz|M$y#Et&qX*
zu~cb^2TY=zNJp8_g=n`~-goeuN<1<j`^%4MrYfAm>reQDbkvV&O|Q2nM-7a86f;W5
zEB3&cvl#Uf^n^M}eNa8fZzluf*NZyHqe12ITk7$tFhq!4h>jmve<d)4aba*j#->GV
z8{8+cP&%k6Ob0XgBLo*krU{L>90AeqaL((_ql6ePFN`E!=?@YC<@?o#)V5qG8JocJ
z&4CEn5`7~1J6o=T2M7NhXEP04F%o~d$&PS`hV==lAHE*iGc8Ecd>4)s1|nQLV8(4T
zCtDZ(ZQ&fO+$J0%=zQI31uD;?Doj?iPr<RTmY*Tr?{_nKQUQ@ivjQy*6?jG_pamG>
z^wb*l>n2`<sqdExfjomE%2iT5UKcJooC1I^{VgRe#obTVsoMXl^R-kbK<y{SzIw{E
z@R~~yr&9!D@iT5z^y7Z~ep;mJ$oy1NpC$jssAoM6Z+Az{T;QSEWD5&i?h+L*@-2q0
z6pzl*Ja5InXiieSa)KpJd45E5nb%AEK%c7o!+U$?Tk0dno!=KxvZJm=e}%yN_YkqL
zw-Z`bu~FnKZ$(!%CQ0lA{*N~lcGzJTQ4+4n=a!7>e4GcUSxwZ49r&|l6VuIB0u`3C
zu*qVhXhjE$)%$?=juR2Id~@$T#kPQekQm=EGLr<LEQEmps@MWd`w)0mn;)4jPc5t+
z%P#rL)wYEb5~+_UPLQ*h=2v$vE!Pp=II*#s1y`Zn^}Qj<jtYJrxepgwrLF0@ho!>>
z)LR`0i=X`-;^%D5HfQ5U?$oexp}OdQ{hsr!*-kzHV`GP(ckg@2=2cbbCR%7@YU+I=
zu};;<UE#DR@VkU^Ml`TQ67$>XhBk{Qcl9e*lN>aJ%Km6OgBVQW&-S^ll3{8MZSu*i
z+V2!A!qwEB%x4pJ;roqFz0fxw#e)u@C1qBB=E57N_Q4LpSa6LH3Hv+<Z>3#uyfO|#
zhTA?x@>C^=qG-~Vavo~w#uZl3KtmUVi^NRksxaS!2h?7s0<aH_b#wRQbQ}wSTxpPH
z=@dT&mi||)xE+gq+hBzvONdgd(#WTep9&FF>46+`HV+%E?LpOJ5kxp1`*nD(M|~d-
z*E=LimLf+(OX_^l`CuV@m?mJPti-8X7I~z*!@sM}wL9dqsNl4La;>Gj^W*JO?A~Gs
zGsh5Fh6-ayQKtCBJ(-Nxh&vnS0QTL0cd_<t&TZf)hH{Pb6t(-KC;i~P%5gvrD>;~Q
z0#<a@IqQ5%#^Ys3CK8gWF}Mr<iV}Y%X^r>UiO)!&w_-+)Rc~!uxR5#0KJ*-fC*rfm
z7I|d6+NKv_XS|`Etodz?$<TUuLK|gr{0_X@;Xuoj=#3SK>5q|Av$!@A9wXhTCd0TM
zg$p71>}y%11$2o^wQ568xFzo6c`Zb&U$A-Or-}eUFAeiVPL_QNx@XASsgEg8#QK=>
z$QDKNx#p>I3zCu`I)#kZ1_|7#0O$kZTFC(5ivJQ6vH!q%Y6%b9CFsGDdSoH?kTw+M
z&||XLz!5{M9?HI;6CwXK@+q8&@^f0Tv@_EZuZSS7Zw}edpQ)Tyss4jE>)#@J)hP)~
z`67lS<-!|_gdPl$Qt^t+-7h0qeYJ)aSF3tFXWfGNgaav^B6YX9s@Z6}4QUOUuGs9j
z%0G7})q4T0|6-BMko-`mAC=jaw8V0j2d~MNR7Z*{dp|+C2J%Zr6%Y61yh>O8-0L|m
zg0^l}r_O=IKj{g0Z{BAq|NNB<g+Qx(jGvS7*hhloDDzUF<uh#V>ad47EFu+baItYv
z(R7F<N@%J3@1w$nKj4v<3m0NU@=aiNZ=c!`B)gCF)=1$9h~RZ3?xcl#?|BpKX2KjE
zM@T$H(op~)&O63faf#AF2(y#(Db>sliB+x6B2^G}H{XmeoJ}OSKg5W?IYhVZQvx<j
z+dfzzd}l#bK-w9U1aK9>`sjUm$I5b5n!5oUE<_~XLMBqss8_}-#r^rjDheWta|jEj
z)@Op*ACPuc-J>1xj{UhwYx3l2sA?ibv^1{pp16XH_6a?YTq@sc5gU*8aTRVq_G#cA
zx9u{EjadXae{XYwhiAUGZ+1+GH*?Xu-3jNO|L<V_{VNWGhSe|7l$HCkNuzZZ6xWnS
z``5329~y#itf!Bt1NyP;|2@=Em<V-(S1))>)>ENPe-ty2U>~-l6JTQIfeDZ%G950E
z8e0V78Giiz{Y|mUk>S-<0UOSQ#bmK~dl(6=GffR(1^PqNAnCYYpweJv(GcHfkApUX
z)uIRsP<~aEKP@F4Sc5!8LV#O4mjkX}*r$W@`|W@JX6;D^AkFRD(%d(eBvfDJPCegO
z{^T72Hx3^hfj6w|HQ*XpTjEUl4UVcJi+-h9)ewFx#q~#{%C-v>yymHA>)30L(hK;x
z5ufA#KgQlNsIH}J*A4_r2p%9f3wL*ScMq<?J-7vT_h1PU+}+(RxVyW%oymT7^1SEN
zS8sj4s0vipT-~#~M~`ve*8od<e%<)~S)Bj>e|X;_o!$(b8N{}6lLkPyK={}eRe)gD
zX-oW6%gQ28%A5T_xBOoNXW`G}0Z3SJ63_=_AP9+Y6JRXG1IX5X07ZbU=zeG?fD;sj
z$O1&CeFEr+4Cs`7QJDu3OJ6(*`3Q=vfb(K=&Nw3;z|#ygK_dH90U&grL<V3{jq%|R
zbpsce6tT$qUc6;eO4Sl7;M!b?SQ~VK*dP6Rby&VRMGP*h2KpP+Gz0eESN!N}gro`F
zO~y;KI2T5|&eAA{j3Tgr3ZMTh+|GMTe1H3dleNcnPV!Vr=hXwC%iwFl51{WDKCrC-
z!J82-yQS~T&Yz|Ae=js546yX%Sj`~xzf14+kYvDbBOpG$G3b{|Mo<2QbP8$x9asA#
z_0RgW0Vjx(Y39wDN0mVw6^hiDMSH3TU_x-k$%2AixF2(c@$8FQH-taPBdpiXz8lr8
z;s)T4=RnJd*CZ!A(oLB)P;%QwI-CUB;$?^BNG1*dmB$<alI|ng5(Ql4t+mg6e!!2q
zIU^8;(Jns%XjPM=cEMSoSA&6`7<+;v8ii6Hgt)~@jb)1eoRN;E(fS&d;x8!@oArrU
zLYpeYwnE%xk~2+=5z7H!_bLMrl!M!J_ASn5>nyCv3!54(?)5I;g_JP2d3$Z)>2v2~
zW|yLpE{3#(yomg~CWq?>*gNYxo{@<q)arvE=SE!y>pNU<JUr#0aIYDFN{b@N)iZE`
zbJUjiN}&4O2gC$owlGwmD>O&5nq7JOF(+#9Rp2t{IWHwO7cy^hw@-MV9z&TLD}>FC
z1sJNI+K|uNdRv|zHmd|64R_MRDhy_L(op)9iqQ}L%uzNH1fts3KsvwU$s)-C;KaDx
zgNG0gst@dO7boPFac51SPEWb@9bZKn8*TsTR$lAB;%>F{9w9+GLlM^R@Okgge*{cs
zo2}@#8+rR38l@7h#`D8l^xz_=ESGK|@_>u5cKe!Mb>3_eY-gH7Df$ynzO?M0uwz1o
z8lThA*arTb4F6F0?;9fu3j`AG^$gz~^$(^kp;vHvU&Dw9m3Y&FR2&V~Uz{Ka_l24x
z#3r4bk6=3AzY8y8{AYoBGX=i^2cUS@5;YbytM*_z?uuMxU!tFARznd;SC0QYZCCg=
z*xU6UV%I|0TLKdZTWuzm*RKZrl}LXp=idW@PePy#()}G49Qvv7##c5l9aq%TBPYUj
zle)*ozpp4Zk`0*7c$;XOQ(F_KDdgSQ|2$s)exv{OANkG+SGC<^@C-`ZUqgV`T}BK7
z+|yhJLe19L0ZeDH?pEc0-GK0w3BFBL{@scH-K+4a38F?I!A)(|nq~j}{Cpg+t;|QX
zv?~6uz(b#2Wc_<`{eN$8-XHzG72YWP)^%3=?;orpLa6257A^_mpWy|Iw1q1p!zJVW
zUDVhp5UJ4;m_rz`j?VjR969Rxz@m@@qVZS`zDpGj@OMJ^0P`mXC<sAp%V^dBGu00?
zU^Z&yO(TY98%<kB>Wd?fJxv@}kZAV$#gy8_{r?Oc-+%yq+O0Z|QFu^o&!54vfdB^&
zx_O+k;_Kv%L<F1ph6}RsO!_lJQDHE<Pjl8|;+;1@0*V+eGt2Apc&TwKlJ_|Zcn%mJ
zBH%1n=YOMz1Kt9h0OG)wL2NvdDq3s~kl-pWzVt@mI4);j)FO$(Y0&Q85`J?owOQ*>
z06N)tjBQJ%Z155+ga5Cy^PjlxWAHa~KE=&4=d8bD*(ywG319b(*7TP6-h}J;3E&Y|
zIGt#-9~4ze?Z)j2JiZadha~)F+|O>m4UCK8D|0&r$jTDcqLm+9?oH$f1tSB<>++9#
z`BeRBm*6rc5CCS1?6qF>+QsY`4zT<F%=LBpH|_Pm9bx#m5Q|VexVr9@e}>J53rX%O
zy)j>W{!Qv@T=>z_9?1XtK$ojmn~B$0%t`enR)H?FaJ=LE-(1`Suv3<H9Dx=f8$gop
z9i&B`3v7Z4KLsE!T6RERV<GbKQacd&id4&V`GF+FuUGNyYpn_L{YNpRVkz;P(T`w3
ztOVXLbso~--scv7X1xsz;&FLTam|FVOvjzttBU^W{O{=fGv*5K!K157ctvyK&Q2Zw
zuC{=01vih!sa5q+Jf?vUW5L3@KoMh`f2i9nSa{?j7Yzb&1|;^Hkg%971N9S30mXY*
zFQBSn2L#f|5X&P%pf+}2IcA{rNV2KX?COviA=@(4(j~!TG2z;8r4u_XI{WbNIcHOa
zbn3P<CNeqr7EEXKf$M)n@^L|L%s=Y9{OXDp_pm&7iM#I^(m4FH1+jq#3jUK2B~l##
zu+qT(UV&{T<(@$pwU5LX6$iYSSp;<pwbmJH(d586fWJzMukf^a3f~p_rbBfEOQ1M6
zEKa7ojy#KaIb<^6n@*wPLXeBwpForq-1CHMnK0^l-<bL&^sb7vWSQ{KJBm+@--g*e
z(`u?m6zPTMj*Ig`e~R{Z=;UE;i`n0Y5k9#7lRe|IMH-KmR^g>^0NGUS+>O!DI{e%#
z=9Whk`+UKbv&1bM_c;pfevdYEqJzv8@87wJAb$P$1QR!{KlAuE;*LT?Jl)Bwq6=Au
z{_{L-NNhoTJ-#|mDSuwQ*WCmRjFb-?`8in)Lh~_Mt&8i$i||_;MrqUI(Nyc@zB1YC
zF2W-S_3*qxoXW=DX8Zz{S{H*QqnqO;8q?-^vK%D3>4%*G5_G+}k3;;y6-j6V^ZHN_
z@GrI>5ob?u4<o@twEh13iA2!gMILERQt*bdO$<-$`(0S}C*}Y7HD8EGTcWc#E-v~h
zF@^x`-(@5g3d05#gC=@4dl`({Fq&cDdlf7{c)a9Br1&dLq3$$ap^VRyT&Je0NUK&G
zjar*xP_-z|>v`@MsIL+ml@1XmCPL}ZQ3=!5&mX^Pq250CBb6GT%t)dtz<V)jMW>Jf
zFyXP%DXfyyRKcCW46+>Lg`2!vn-H~TPXXZ-4hJ;`B<mYyzPizIn7zZ8$3Xt|8GK@g
zuL6Iy$h4wu-=E{Z2N^Pw%`#c=oBK6-m|M*d?~c~L^Gyy0=Ea<}DGwZCF`!HEKdZ~T
zD(GA5sbpxDtHu2$<)wk|1@P5Mv>J2V?-<VcB4x&JAE9EX7sTm1%79EvKf;7(^vud9
z0v&hufu=KJ)OaozyA&9Ui*4%s0sAo^>m=Rf+-u1?kXE}wL>z(|{b4^Xs>*m&JDL6h
z!R34peX~&Bz@UZ{qA)Gw>@IwN@HePb$SCsV`9}oO)-gP{VV@hGc!E#}WEO?k<jjZt
z&vdfOTonM!@9rU^IGAIakrSL88m!gnS8BPKB=wm~e1gct!}_14mW>0Umeuv5ne2GK
z$1Sb`;r^bOvPrw{&)nMx{pWlT_0t^U7ex~#-#%43?`9uVVvt*w`p--19q0Q-uU0|E
zyongdap<Jy{u-0$w-k<Yxc+QB5Hz|H|0Pj}08rI1o-G5H#-cfZSe9__U_Ovi%1di`
zY(l+Id&0JUyy|kY8GF$`E1%JKJC-5-{77m(JKHR(xm?bLNb7>ZXc)JX;Ubmpyva|l
zRZ$mwS!20C1A`C1G4Xd&mBp7m4Wg<n#xx!C5?dfhn-Ny0XkIlhUKmAE1L04BCN?Yd
zO)mI!MT(6LQYj1~+8%qRu;r<%EiNLW_`;yon~{&q*ru8Ebia5?$GhZQN&n6?Qy{QS
zk>X4&mf;@2-+knm4s!GOvu^o(5KlF}`sjwR#=5PBqGPVC{TbBMKA2nBRuq@Z=936M
z3BEVp+8NM|pJz4aFOD|z&)Wkt`ZI|or#dy|>vuaYHY-TbzqeT&)MWcxbW1K_<R&to
z0rA^{GGZcVs!0au;+tF5yg^dGT`*`l3q#Gd+dX46nRG@WF+^Fr{55UyYiBh{+rdI%
zqdTwBcPgz0F8TD^4)-Kxw+JrQ-6`h?X=Ct)GnCeesNUobQ2#@|1>clCg=G3-J(Y#c
zxyp9VKOtRI1LEnF`#vVEb@896|0itW>p-&6i1#xPmI>n(lt}DogSC__aU{-ujM@>S
z4{5_{zcsn)oX<9hPslg`KNf|pr1K=dx-hw6RY)I+b|!iEkW~(M1?`@B<8SHS!$ae$
zqkfBP1M?L5#7TX5=6nN6CwFN|i8tGK0w7Wt6xMlvKHSCvDad-w%R*zV8c0pF1qZ#+
zz8+C2wY{3`#5EmvQq1XgaO&$BP9drc=_HYQ)LzE8FK4RHE)STcrpEK+k`k=>5`jX2
z+i_MFNLqiYi_1y4d=0=W3{q~6meAd9=pUptOks~cfNT&{*`Ef|ICC{u_Av)*Oeen7
zZ(UzAYz6Mwjf;Oa+N(evw^C>AFPhbyS(hM>dij{Inj6r>?iGC;={L)*c~^c@tag_8
z!P7kN{pEVk_ebF6W+*biYqZAOD4V&aM|&r(ci5N0;}PJ6q_CJPL#sL+0v_r|a;|W_
zwk_mtWJ~4I9|d~8`?ylxvh+`e%OLR0auq^LHmBp2tMs2Y?e&CsL<cXDf1En@`nmal
z5c!SP0U=U$c95~%YHPOQOTT_VS|d{o*cc{|r};!HiWVUqAv=#UJbcEjQ4<T%IiH3}
zPvEMfaFCmEDngp}H6~ti6P}ILxp4Lh&~xGa7z$-?LST!29^{)kH-m_#GV}XDE6!VU
zG7G|p>m)GijwWH_?+NQe0U`HCC&Vj68qgSy@r<{&`QwJy^rRaEQ%|I48VpZ#CGdOB
z^S`$buTMJ4wy03uLAQT0A=-X-<=2oon7#aApjAOfjD_?F4V%8>OZo*$2{*@Qzxce3
z%$pqllhnf0i%;Ew<^o@~8rYrKbGeC;z|xeW=Q6tNWL7)1+MK`<TAcnFr2mm=5DSJm
zTy7RMQ{m+d;7j_Uy~JX%NXBkwSi3FogI@-qe3)QdZ)x{`XEy%;LcSM-(MImw97tAV
zv0SF|i{E04K!A9E=a@Is>;oxV^LS{CCA88KM)9cF(HX?G;I`|vx#Y%oik|TUmVmF)
z)Wa@_>}1tZTT{r-&F>x1TqLtXYoXrk3X>2HUKCA$;v==)_f&gFV)NPDPLaOI39pFu
z{vhn(3jhJ|{ad6IB<v=yJ_C3=mKt7(^mNqQ7jFc%U$Pl8K-Y9r@D3mmI(QF<^#Mg}
zq7HczhoBw+s{<8C$is*E>VvSlE>41{`Fi`r@QM6fv<d?KeFZ(7cQGOEAaB%*_c0tg
zEltyb!zs0WfIf4Bs1P6Xn&NC=_V-E98{3SJWHuq2L(zf>rJAM>C=?<ej!tF&8(#bk
z$z&`b2u9mTS)i8PMDg#CzL9#P*Pr?XjOXcTkt>z`K&)PCJn<?cL+=&*ltAd_IQP?i
zWV!j2=OHY^<tg6Su*0vPVKo_ji)bq~=KHm2EB#3E=O=9TLJ8q~&H7Bk;Z$MIjH|#$
z9{U>i+-UOEr#7e$1<J())TNds73*JPv}=JL!&-nik&5?;LD2Kb@=H@sMx5<H|6R6c
zv$~z@U4=r6CdOQuUe+Uv!7ogL7qU=hA2BA{_}`wOdCpRP?!CFJEUv4=(DSR^vv=ET
z$m+dkBhZQJO=^034qoWVj7}{d+@F<EzC)E<i_PaUu!QHuj0t%!Fewa1lQ@gs_7!VH
zHhtJ1NuW*{rrmy*s-MnPzv*v`mpEs?Es^0V`#tJXY@x3{jnNq1)N2N(;>)nQ%hnZ$
z12Du&5)K*2sFpg`e3%rYkW4J06THJJZImcf(#r^$aV$`?Z13nkzbI`Tq`il}c8lw5
z5i3PU*P0dMdES(~^W6WsAs<<lMt;V2dz)h2B#)`{Tg;W`wCwTvfvUdXGfMqc0#>$S
zBJ?IgI8UtHGAHpht#DPaQF<;B$VMOVdS()t#@x35&y50zUfSq|`DRYk+WE!!@cI05
z6p>I>I+M#nrn(%dGz~~2_!k|ln!nqPYB@<Hj}wP6c{}reWW6oE*}R|?nLk4$i^8Zj
zOC?0tarQ=q6u*!=!6i8y_|Y|5Dxu%>Q+r2WV?+TOVmHg<q;{iWc}7(HH(va=;HqFp
zzWXNbTVe8F1e{GUj*X?INO&&in+b{O2ei3qDq^^Jr>RE=4lm8~+w(E3vbZP()S6Xn
z71rknXRhdeFq-9d@l`EHR_xVs{CE0YGxS%`nt-g5wo$1LEiJ+y6+0Wjz~L%hdaEHp
zRT2=E5Y>j<);w2AKablwZ&kByRq7GK&6xN^*p~iS3*)S|CN$2_`W)GBbn&KqDajUP
zvpW%bfsMs-Ty3O8q5pim7MVDt|6-Kq*9K-X77&<8^tdz13;#$Sw!<7cv2sd@xNzC8
zrb`TFNJfcL9&J7?kmC5pXz4u!HrigwZN1^J^7g4}r21U0)JnvepNv-i{GcRa$?$j)
z^6WiV7X8i1|1%-~3GwmUQ1V-=F6wQV5ZTZUd&W$5&dA?-FCNuu(z32hDkRXp3_=(w
zQ>1~UX)UQDukgt5^7)_%dkvyZVC6wjT+5>DNi&A?mpW3P0_6>X1DrYpf=gWi<*Myq
zX}%#|)6IdAkxZ+~Ir&UrxYUH8SY4BNqsPnKr`+Lyo@UAVakSpSyuS%DG|ZYp?#H*u
zLM=rr6Nl=i%XtmVs|{FGQ5@Id4!$b&smeH~CasYoIqhk)&!LG_v5GS6pXaOVmDQ`8
zB%rvM#d;z#J{qI~(UWP)t|0DK$@)4sil)r_kv_JxUr_bNN@T`dB-+SMmUH@=N6{=;
z={2U6J$Bkz_vgA9y;~VxHS^e#QZ7M9R!zs4`6@?LdyCbH?@xnbVv>+A;d3_v-yG(X
z-sg?okzw%Ig<)VAV5dt8J2|I@EkdKHT79+J|CUmepL%VEdfNOrzcAJqK0~EiQ#Dzv
z)k%=wW{*adq?1)K8Iv=p+Q$$+YZsCp>0qXuh*i}pxcv0H?!@DJsnlLfkL=6k#fPmz
zFSai;L4q7nL%ei9Mq@bx(^D`ko9I+_oGgxclT)G{LuK!CxQ_H=+tP7TIPJl)VlCzr
z&V<$=736kFdoT&Gd!?gzU-KiP-!6#mx2zAJNwyz@J&Il&A!L*wF4@~&i_~o3y^vr*
z5#+p&h5}q-g@fNUvjyrOHkGT%G%LQ=bIS?3cU^m;^|g%P%!@^q;P^qG?<%!uni7M|
z#FscuByQ3@j25mf$D1YHszt02W5XLXG(CiePV4~v)Pe8H)CzQSeR(W1%cemNBc<B1
zyUWF+`O@(G<{^bK1-Y_Zjm6!<^+XRKdnuS{8rU8#z6z%v)~`?*E>MxVMHqE8-Yb7;
z%uR8pcdx>|u(o!HlZA<r<$aOR@h0QXPVzGjl!M=#xRcQKud-T#BBbj)>GB+Z{$_t@
z(5e2x;yo%Ae&luIO3^2T{zM(AAyq+cs%=&M3nOB|cgg%68hAdfy?A>$5N6(j@RSO-
zO8L$rE~a*S{^QprH0SGW&t~~)q$CIiVEkC)0dOh6HD}|pT8^XhEEx<TMcH8%k0%)g
zZhs~r7rKRLl;@`4D*T!L#7v2IaC`QscKL^c>hD&&wXz@>ImmR+!Z7cy*LxdZh#-En
zHKu~*Lo@$>*I*P2l5Y6Atb(b%MWjQiJ56^W+exQH!OxAYL@g>t<0n&}U#%*|(H&-D
zuI(;YMm=Gl=@$`~fA_U|z3_PSCM>hnwo!u~+xbw^Ns)gND2C<IMzk;B^b}sFaZ&X7
zs=_|Xnc(@bhN;13I2PbUCf4K2WLY?W8kprbk#FY0&kl|VK)Mbj`&51t=xRbM&^*mr
z6}QLxLQ&d!7D1&})x~v=w6?aLqMjF6E`ru^8BLlV|Agu6eP7*v-k+;8@H>)+wR4`4
zGM$FI(SZ(W1=!AvCVmZ1v+f6f@<5Bi)jA%_LxK#SAsC%^I4B;Dr%;LdB~8PmhdKrl
zyA0phh5ppN%`^uu0@PBN%Rw%0X;i*F_nrWgX#3u!!`PzfbVMXgPjmIXco?H5_77tP
z-_76J*JA;?se?{sJI+EGW9}BaSoYo<7+wlQ1kkMr@tJ<7UCwM4xv4t=;VFiLD_$DO
zmt!_%^?6A0aZVEy#oGJX@SS`M0`D)rJ$Jms(<lp^Zw(i^T&uH#G%MBy-M84NBiXUI
zTZ`zP5HtZtjZr%4U5oK3k0lUqU4V>Cw9B%dznPNxUV{=SwTprbr{#)SW)O4*9y(`F
zxu5IdmxUn5T-ng8N@lP8u5}M_Ro9*G`FO@XyIImi#4s2geLlGE!Sxq%Ir^U)ZMIn9
zZ0#4)sAipxRp|SRV6oe1=JA$Pbk@*Ce!`k>|3tT374PA9B3(N3aT{Xnvsl%a(rqKF
zF_sSLK!aHXZ3~0N_Lyy7ha}N3YFsY*9|%c8+rw5^6M`jL-<>i>a>TIUM>O`k^LTy2
zYWCW!_j8vHVeJDgv*|{&4#E%5UU0m#BHMnd4rl4KBql*X)SVv6q5lHRXDtEk10cYI
zRT(N<H`}Aigq{o7k|cq?Iypd(9Y;+8nyRz-odqC)81W|57ZMh&uP>U=0IfQel<Iw1
zLcWrCbEQ&HljaV|KjN={ud50y;D|gI+q5xASv}w1e4tkbz!yWVj*ng95(VLM1jnqf
z($T{GQGD1(N|`4G+tN8Y84pFi7w9xG&$93_#AcA8{u^nvwF#0m9J0r9{L@vYyn`Ai
z?qsyB9BP7)k0goA%|at`qt->J+IWu<G4>i^LG2W593S|Z><}S9!d?gqw;v2en0{ss
z#w8u0Gh3O=t+>6QT#4PpPq|!3&%9eW<GK0myEM$XxblS^6U2G=?d{9i&>JXQ;(LW6
z6C~7btuKv8CmvaP;uR*lQH0{F*w6ZScu!#hI->>dB4N&vQH0h_cO_KH0LM9asj-Gt
za?DD?G2(7p0}Jo8^V~5iAQt}vMAxbto;yKjJYPphjbm|vUFdp@WJV~A|5)Wr=l9m8
z*NYzeXMcC+J~#8e2a#ny4ulu8uwqDiv)fJnw|I#Z@f7N@qLIn?Cm){r1oV_t1~0Dn
zbLg#?7teJ^-HgUEbIx00s-pxhp~qoDRZg>3f<#|Z8Ak<nX%rRAThxuABcsaCPFMcf
ze6V#OE<MjqG<wb~6}YNpQ&@&e%8k<;5|A#=3^_B0Upw8Ewmz$4GMV55iFM9QhDZGW
zD>C<v3*n2>$)3E%X>|m_6LbKlZ9GXKI(3s3C`sdP#>_>ro(_V)Nm7JLSq+W^YqFGB
z_<hEg#R0$I71I{wo=8;rjd528GqK=xVWXq@tMjYbvkJQ{vn}m$$>s)T|EM}%vexO{
z#Ri3jueMv_2_~0*!95EQCGeh*gwkQ8NLxxOf@<^NC$*B@3?OBmix03jp=4$i0Y9GZ
zYFCQWnpS!QH3W;ZLhPhr+DP0VngbeAu{xm@ptuxlEsZJRa2li@9{M&$lT@1!$=~wi
zu4IjpLC2|LW~|87*W{m9+X;c%OZ{)ob${PJ+E;UjQ+@9eK~44-N>`!&jzuDL*d~d$
zh`8pY>`fNSEJW|Mr|bvOQ-!y&GS6HnP7^N0-<t2%*%N*}lHr)~RRL`a3@dqUUx!0P
z7k!wKLFVov!{QTxLg&GJoi$0n-PSLC*fF*Ur>s@D6XB;;GTNKYNZy5{n3tH)k=i~|
zuaPuT)q>Tt?AVI$wQQM6zrWlH-8NQGd@<lEEUe`p(1+Khl3Xw)G*VS6H=u@74ZCT-
zyFedM)$ua8s%<IHf1YkJ6G9#!Ity~m37|BR3B%wVBPeN`TW?16Hqj1G2ZJY;_!u3Y
z@|+ON0iQC3k6AtgT<fShB+}-ma$=^%d0UmS-@Uw#>|M;uTNn3Jy-X9s^%Dg;+%@7R
zPH|n(-_ZGOrzX*x*9_Cn=M0xKP^8;7q!x(GCZo2B!0nqYr=cOc6rM-T0TM2#@lWWT
zS28cA0a6cp=m)U&K7OaLV0ymy4pO=*BE2C|RnASmGjRDaBUcxg)3r68oGu~L-al9v
zw%vi=K3WB7DD)K1p8HI9pSvS;(e~eMVfT|7or*%lS)&Gu0K#V=n`efL$8HVC4tAKQ
zTgFQKG41XJw#t!K_5E55cHpsg#&bdj^{>9YYaL~KgYt>K)=Y`B_jZ=|Imuv=&PR6S
z=|Dr<G;^bPp=R(7?qH6cQ91lE_xUz9{EppNnIY?TwDptGMN~Ouj=T=0>GBCP*YzRq
z&iCJyMXt!3sgwYQ&>s<(`AgF~+l>Rft<%8Unl|#>K4Z*g=x}&75N1(9z^(FVex}GJ
zq14v_HkS}+@4h|6QJIxgL<r5cM8voVMO>L@py%qKmeUe3;F4|7beuDCoY>HJuIuVH
z1atrl9`|3h#EQ8n&@Vfub{+ujTlkxufysQu9H1aq)7SqCmK>SZ>2ufCcwiimg?!a&
zTiT9fj{hgv`)A!}YeJ}v+O>NAn8}iG-=rV+n_l-n>NzN>Ze8(w5nNVjpKio+r{Iip
zUrT!2_b*Oyoh0OE(Vp0MOwLK@iBc?j*D?WpN6Ujj;M~}F5ixxp>{^1weXK#8*dq?e
zucX?bqc4WqR1Je;(30bHGZ%HaCF(^v`MIt=HpwyaKtk6Ppl?qrCdB1DPr7AHY_$>U
zo(XY<lax!8nDAf%)IWot1!k{Z%0hJ=q+NlEo@4?IW26(8;%`+dr1Gc_!S|p7@OF%v
zi{P0yy$~HuBFK%YdJWpod4_nsUYw={mvwlwft;JMqXC0Jk2zFH`f;ej<%dQmCWL^g
z_(%K?)NAiK%w{#a+_GCDdB|mXA7Vy)gZxiS;4&WCMLWYjKG`3;C!al7z;Q=U2&@yV
zY7{)V?naXi&nM>Qz_8cp2zycMcex2JKZtQSxcr_D3Zu;4hy+sT2+JN*AAU7B)-Q;y
zGE2M{A-#X7M&@>M*aa0%>T?t9b}72LdQFEw4ZIeq`Q8hxzIjOXQU9o;sO`K4=?1z1
z3<V3u?spM}4}b-B6KHvu2&CQzf#x=jM8dc9{|y#xCXrTyk5(CX<!P5;xx5i|adDnK
z_TEACfV8^l(4uE_3TKjbO_~Fog@xYcmg_W!wA<s47dXloF`5h&uc^;i&zcYrLueh%
zJE02LI5yr`p)5RAI;3FAZpYgzCrxfV2X2)r7fQ<o)*&F6!9cG4_^!1qbgF%m=UNN<
zu6zQh0vH~BD>Pd!%Ab;*9Vr!wVCL5j-&a<)P+X#cW1q6A3=X(Ey6Kx>&>O!&YyNrj
zq$PD(DNxVzfx1+#eXMe{nShXq%M`I}ETfV#!*mRj=gGYek%RTSsPE4GYtNyBu@$wd
zuz`3AGLj7eMmU5IV&b{^xqN<hO$LkSH@x(V2%4B%O3M5T1<VJAle=d<ivBEo?!xw8
zs`j?AH2T74bj<bpk2q`0VK!igZ|j^^NDY6wLi<5?!m4-Lo5SjPAh98tp<3Ijr{M(J
z<TYZpqfyy}gqvo?9`tWX(<<<<Pf+Nln65L<!?ncq)}?8b*4Wvm3?0lft7`qU#4(O0
zMbu`l-vnm|dNE1|sT2T>brJ%DERLHXdveFDgxsngGGRw!3HG^>yiuXbU|1WkoyGhe
zG^mh!q*<#FyHuQ&v!vrEztyw`Ac)8b>+BTdSyzt;-Zob%yHC{%YA`mW6|FZqIxSlq
zVdnPqbSqKacV#t0z}tuGr*JyS)T?lJj^&Q+GaonK@Ww;CIs!RoBk4MS=c<0<@Nif^
z)x!&2R!be+3nnKZeUhhZQ8+wRU68n&)2pn^zc>(IXc1xX2nbC|^FNtq2k)M`tKoa`
z?>+IU!sdtR(FJU-zCrK1y*^qR-o}Sov5A;5S!fxz-#6WgG9~2N0F*^jFt;40`2-5v
z19v-Vg#y2!e4G!{oOl_UC@FdTV!n96hhulDUGB}Su$kA5xpCGo(l72$Az7Wjzsh7+
zsy~^5Zp|f3{fdP5NDVc(7!aH;(6@-QP%GMmUqHtS3a(*f54KaxRbl3qb)3};!}yuA
z)<CJu)ybu$?YJjwmk{B0(((j1+PJWk`ALh$>%c{r9k@9%t@oqIw*093l7KeDr26)`
z&jE)YZ-+D5B^~#+qUmMLnB@g=k6>3L*8uh!Rfd+dwz@^e<@o447V~k%W@(D07I7Iw
zk`2cU<dkj>+yaVSsY5B-KQnr!BGfKUO4JlOpZG=w&Rx+qazNJYc-2bMG|PChSP*I5
zY{C#xg43)@syN4Lv!T0F!3wD5?;_8kqg8hK5&dBSfNTCZ^l`x#oW)f-T4OA6$L_`J
zl_Oc{-vI<c(lCDP%RuK*zylE8d}(akY%)gR0`!~B_Ii0HIe!&09zj}OVk6jRJooU3
zf<pyzt_a}1{8i{-duIi{LD*A+s%=`6G5uxOeRY58;TSJL4_-=Pc6X=r(jr2%<Y)}-
zVX~6vQ_Hv|RqaRQaeKByv9E4LP=2a8?ECl|frlPU$M#AJ5ckU`vs(Y;4hy_u?A0$0
zW~M{y?@#l*vrK3@zh6*6?_fnn^Q1Lldkf)C)X_vxC26A1jll2f6)9t<HCT99R&JL3
zus-N(@WJO)Y_`%3nvewqE$9>15ppw#q!TDjpWzahXX5-rnjR~wWm82`A7&x!UJ4B3
z(q~#!1CeiCIQqn`nuaPF=`<RDMhvir&{1l%j6U0^fAF-=<H;~&6A}v|rVD0a&>ma+
zpjJr#Wo#o!M$od#3~BF01kMTkms--fJL-6sxMEdl7V}EH2zWY>>b_HGz7Zx3>KR#b
z#ajE6QQNuu`225*9)AtS##*dI>6J?Xv~+S=l`P?C()@3DD@FxQ(;z{mpUw*pktCA7
zF8uArXi)W;_yq1rXnt`_-Kz19<0@!M$usr2QrPSEE^+0G`!h@Zfmbbt&V-^rwU8{?
z5A9{T<;99Eybak^>y}T?)xtz3p54S0H1`>=4KU!CMUy@S_93At8$y>t(gL=U69b{7
zTP^O?wPg7A1r%8xYuvFCmA6y9P#>7AZJgsf32{VnxKLix$os=5=vO={g7;U)CAbs&
z$u_V^=$ZIJdN#^793Hrb6t(7G!%u!anh4<U2e5V;;IAZ7Y1zW?e*6ZW_<8><wBaJJ
zmX)hE8ZlA%cOGJ5;Z5-&ML~lccPQw+>(NVqkdTe~7qPi2&--RgI4_{_<_SsX^Qkxv
z;NfV%w@E2pe!*3g-vDwV*?OG~<4?<OMNdn|2bAbc0-Fvcn8ltnrKWv4O!<~47R5im
z(K2fyf|flGu1L}kCUX+k)Qi;gT(<i?G2_=M4iHY5;od%FBUHT%*RITnq2if6j1Rud
zFY9kT@m$Da<ckd1I1-1TN3R%<Bv{>W6QxXQ;9#5ml1di5IMO2bc+luvSRN~BeaF@4
z*fRLRbZrE23e+K>8Boix+<W~y2rH<;A|-?jiDaGL@>Vs=l54;47NG=T4U38toV`p`
zNu||_nz@LE^liEeKhMm0(D<0n4hqzwul6Hvf4;p@O9&XR9MX)^6-m(VlVmUtWhU3)
zulw_o$0|RUVr97u-FM%5;8xZEFfEp}2Wn+Q6)oYMx6*7$+z;XuyN#+=4K4ms@}pKk
zkb9)qms&@Sg>@yhE?P~68y@p5%`DF^=Ju77O0>St8jnihar9CxqN6xmGv4G)1nwa9
zh<0m)DTWydRaAN8j^y7}Fc862Fvj9K8SeM~eVV0Oo!bmQOM1gIiXLx>Nn9UW+fU3U
zlMpPZIF=`RAiNEjefl%IB{$Nn>EAjf(N1b9K$;~on__RsmjUQwlCaK30(&z0;ImFf
zP&yg!^Vd4N%kZyOE0!XQX^q?_%QwfZrLmLpvd%_Rd>#RSBt&eRWCnHKcg-aW>gwti
z3A5g)-qN=cFn)e{BqA@>^UP3cH`sv1>=Vs!*Sm=6qaEV{UzvkymBy<fe;G}3XR+|}
zuW5NoIN0LY3N%;Zd_XKsDSvpsB1QBGBK>rwQyITW8qzE1GkqDUEBv|<o0V)JKVPX{
zaEf>!`2obz7I=#i+o`5|T{0qp1z;?^#>wGAN25s?3%1M#I?m0t_&~z;EaK0$2&0}a
zGWGRJC#|?l7TY;0m-NzvJ_7a-AWLE21n9%)hl|v!3p4>c-?q1PUlizk(SEf5EdrM=
zs|%Xsqn?9rtt8qrpp>dK$lBrEfrfq8aZ-lJBfPY8PQbw-E9L*(jU*-rLuA*S9^iVc
zWeX_&<9yx#Mp%;*vbEc>T%Cd|YjV>(&<E#TlCN*yDePNS`yAY@5^fjMRz01QB$Amb
ziBd}=s3RQDJUAnUA-RIXj`L1cd#W)88bof9`r#VRFE>NuS(=VELBbB}BV|^KMH7JY
z!+_3o4Bxwyg&a+`6ss>T8)$)w#CqM_FunQbij1kUPc2z7K4UhvLSF2!GKAY@PQ0&H
z!r^voD$dBPo%rR&^bz8r{G6mb{0dnm(N75UAt0E*L4zHxogYgrkUwesOGo){(Q(?=
zk*F#28FezW1)J5@t}qm|?#qq1SVHqgcKe;dqB;98xlo!|W?Vlea316?)HSCp6g^LL
zT5Wx8@T}Sgr++q11q$$f(qK*=Zf!t38=#@1|ELTM=8FUOt9zh@Ps3_--#FDa;LLDQ
zW3~3RNjM-OD+?%{a)Z_P?AW8xZkmlC*KVr&NUc73-B~FQzu*kU>~?KYcre5`TE!rE
zf;9gE;A?sa;{c;E_t(@fjjJ#~N$v-&u*AM(X!sX7F(J5lu$^nbO`?uRp;F`=#Fyqv
z&y#)p=z6mL>5q&uf^S~<Tl_%#&PvsS?8)Z}f~aY<rv5i*>-Dm&w*vzH+L;}gTwX{V
zX!MF1fzT#F<J1Zj&h!`$!w}(_blpPalFXAk9m0~~oOkkq8#0q})lHEy89ZqsvT7#S
zIO(^m_F=FJwu7V@9yx2$th1)v+T8ioswc)S7kQ#QTSfx&zi{W(%wum`#KWlwv1MgY
z1&v}%QM{&4n@|pMaB!=pOEj$IS>B@!(JC`7lHAqii!yiV1r;EQO({gG2OYMkB4r4V
z@G;q~jteZU0qnAjDh%8pWB;M#$|QQ~6{nMBqcuL-=DKp%#{vEH)AUcLss6rOpPt1w
zrE}E~k5S*Mc=jgFstOC{tRo?Sh;hM?T*Bo>_K>g4RK+`+(J0l`%*^5t!(@>7#$@MN
zpK^5!Aly&YZGJFL3gY69U^3?!G_5e8F3LkasOGPc8~Bv%a-l*fpf7hmPdjB)z16PP
zPW!%(RFW>7^n=%r$-{M360PLpnzp7q$*Mf>q#c@>i+YqRYYGTGb%swOfz0YcAAoi(
zr0P<w*%%j?RLc9hDyVUP^5ndOMjb7Vm89WW5%Tp*Al}>`9k?4#=axNBOT9tdWuRo?
zbihW;x12k#rBbUC%7U{Bvk4ubL>9QwgA0`!h@+1UZa&2fPGT@mpmO}MF@guKGyr5M
z8{e1jC$k}VvNL#Hf713V>wdeWgJw$TyH+K92JY44c<}{psnNK07@CWQM&m3|7)lTK
zWUOMv<-`C*M@8`@D2PCOb)b^KKGhGsR{H)p*&c}+YG-_i_saqMO)<AIGA_Doay|Sm
z6XNLjhy%yVnT4p%X=V@@qrGkmCW|5z`H=VnQm@xMq$CKB*NJjeQtfjSBZDg0L%*>$
z(@Cl!yvtD=#G|NZlYIonL$R<fNQ#l`Mz-~lgi#55;DSE0xq(7S$fo~>bs3k!jY(Dn
zb(A53k=ag$8Fd;}?j!~%hE=;jM26qegu1R6yu9yDzl){S!Ntk&or$mep7eQ#VP`g%
zQ&bEpEfzzGjzg=I9L99*2gbrJ^3Lyd;=wIWIO-wIVzr-5F87VMnHSWl=RwgM1T)`n
z-=7{KL0sBl@D9K$2p|G#GXXgXJ(oIs01Vc94#32)lKUi^0UNZ28e&lYE`+V~Aa!jY
zAPhRnT&c4)a9Ix~WeRx6-{!gAFDy*}+!FiX1i4Mm_Xi?qDnJWXT-RMt{i+Y_p$Mv0
zx|b7#0tYx%iP+dWhrm8EgYi%jz2h<>N3PsY0g**spq2gkm?+-d;2Xa(z*rH*<8eP5
zYB!*}#tz^u_hw2nfG5IJu>$0vLm{oMSNnmJvE$`u*MIFp`AA^XE$tO>qZX~hzkk=C
zxM!=R9u0eNdkAzvuf6g9s31?={vMs3`7!Ly?{T((cB_^$*=LtZ3%v7f*GHSUR+F1`
zsUlO8+;_K3U+F+^@jc-a@wX6{o=T<7_j1;R@mJ7jKa;Soct(1NxLuK~AV~BG1RSfv
zc1Izug1&}^`aKHP8jP8BnXs+4kwU;^i{ZzZ@OJe=V$y(*Z9!r(WIC4<Oh>|qyOn+8
z{*FExte09ICza7<J6CG7%}bn-nyr#T)WJ@7U5?Ua&QucRRK7xdG>%9SxaOpfzSsJX
zfRybRM#zf#Y*9DD?ErcCjnHao^Y!-+cs!aqDqA(iw@ng@263vtq%bz>VcG{Pc?j6U
zE(mBpO-Sa-q$yQpr~-yHo>wZvWQmprfL<bV-V*(K1MtEQB-5y`rB(nxZ~bPB<j`$3
zVE^eU2MPp(1D*KSnV~c>0PSP$>EzXgtqtalM{BH>D<=w&h{BAsEKki~&Zo`A@U$mi
zNi55*2h<**+Wrr=XCGdnzu(WOwmx7oiIK>rTR{24ywC{&vhxEFt^rEK_np6&9pJ4f
zl85K<{dGC*`k+7per8KfURm8+s%*n`u|peUJn0;N)23=tH}F#3tPC@F7anqi2t}<`
zGd}&h$o#Y91vF_KNKj<hDcT=wI5)GItDXQV$+?)2HrO4ecGU}pvq7af`E2Q0G;RA4
zzV{R(mh?TQMlT*2x-CYlEc=!riV5ht{<y(he;1RDw5fMZoF+~(nNp>wf(4aUg-zxs
z!g^+iajMmmNRv<;RD|eIpi^=1icGW>W<ibE+Jw|4B(Fak714Qx=ZnT&7XgKWucF4U
z%-&fp^g2TY%~MCHn>yie7jPLEL?ki-p01=T0Pm2DUgxFsLyR3sitrqcuKNx8a!H;D
za=kJ)`M4}HZttmGpWDzkuqJE*QXv~GrA0KZ59`cS1dfB2E^CXY4Yjr#Up8>sIZCpT
zg_lx~`TUTDEH$K9`RXq>K5i}1OwiT)krH3p@`P8k&l--T%3ncIPIWFZ!KJyE#L;Le
zP?&jL95_F(tU56jnL^yikzRS-JVl}<)O0R6eMj$`7)+G!EXZWo<Q5n$xFATg6Z+E5
z2zu0Kxr&1c6s>}{f&C;$;-h%WLpK`D*k~Iz0~CeB#^|{=Whsb+OaebKW(&3)oP`NL
zKj!xJ&zCAwRE654Vfc;BwRi-+qm@-0K?ACMr1MDg9mbmWY1b8L=ZKZ2%p@#bv#Dnm
z%T2*{Nfc;Pu6>M>kd{4qy{TYGwDy~jjd?U`s;do*Mj@%aL#pPn$Nfe2cZIYfd2CkM
ztJ39P^O4b19x_^Mdu%FH_y}GMc)sDxV9|A&z@L#`*w&_J5#0}^lB?x?W12WX%oJ<7
zNh=bNq0=48M0o-yd|vIn*k>kVkR?P%+YhEZT546bD~K(iOkp02TB)A0;ZF3wg(`fJ
zScO<7WFES90d%m$=xMoQYSZ7}*e<f7NHbxYc6!AF+Bh8PUcz!1z&TJJgtPOgnRiMM
zK!y;yl+HaB8=zf>PnE)C3P^F!{8QbI>*<TJ0SDK+vxcvG1c1*j7VymW(x?QzID5aw
zMHsABsnMY`+HS>KT^RuCt^R6SL%K?-jxIDc2%qAY+{-#lHUmT*J;3f&UsBF6)mNd~
zLMjJ5w$0~2YT-aXuO5H@6>E?t3FuU#q6tMYUEqT~=Zq4QR}p;Dux=Sgxd?$3&gjz&
zcojS&vMcUZhaLX4xHQ9@mW|?NL;7%c5PhUpn1!M5XcP$Y|Ed~z%pieR=SxOqv7?y(
z(Yt6avkS#=YfSB=M-*FVCMD^_FRm{Wg5VvjCKVk*VjiBX)6x7Q)oYpFM*Y_sm->=(
zuKz?(kGJvr4$W7=jn)F+BMuRF8x->IJ{+wZA<`Pib0SyH6-J@0E%vvCA{{Q8%bWVd
zY6P1E5L-i^?GM=@BoziKA@-144xsjfqWq$lL@!$tpmFsqOa)U7vXw<+X|Yi_yQ>(l
z;a`saqlk?vg2AtG1G+(H1JFXdWtW{~)kaZVm##1w9hWWCWB}7>YY1~nr`Fwx1C`I!
zX|Nk2Pf5^hgRqs}cEN*tL3eKO(22lH<qM6F0Du`6o}g(xf-dK4t!Zuaf!j(f0`KGR
zx@th<H}DF(1>6=1fERb38_Iy!*&mbH>=RnhCE^QcU(oLbu-AV7bP|AN6$RkZ7TJQ)
zb==3oppoF<aX2O+LaN@b;Wk0^CIH+v9R=;gqFdLs|E7gkVX{>q*2k=}r;mvw8xidA
zAL6kF%}!!O!;|rcmEQQXQg%tgm<1)3sS3Im=rC?b&-RpCTD9^wt5i>xHMW|}{zi%s
zZEgiUGZHIvQ3s6Pl?u&4FQ7Rcw~2!)I%ApdPD~d1{WM`b5LuBD;;vY@K<~=Y^uC=@
zsTF>KLv?{eai%|yaz^XR*DndhWSu;Dkb0B!{6<GOxo{E%OB*`FYt3QrMU8f^Xw4_l
z(WR|MktNts50P`@<}=!H+-Ys8S<;e;cCc$6ih+Dn59m$TgxcvN<cj}9beb7e0~pfJ
zkTe+;J*=lPPg5P=S(uRs+m0y5b0@{Ewcd1kLFHMdeedBc_l+_5)dqtHnf@GoX$UL7
z7YNSGXv7ewr+Ya1*@;BIFx8J*=$#u#SKw49Cu8CT1<(!j``otovaRnj8&#-NG#c}6
z4(K<iH?1ZlF)5uihPYNdc#RsuQJn+)Zq1uTur+_`WdOBqYmnrcr`wHNhfw@xVZl#l
zJg-gutB5-J7Hl4gX|ft%Sod^1erP{m@?z}(Fz#f%Deg4a`3pP`DC2FeS^qnfd1M~)
zw_!<ML6r8pNx}-*?%VM4ODubzjul3|ZF7=px~dgx<y(l;yn-e_;jzuRHD0mM#tu;q
ztfu<4!uv>VQ{LheabHdP_&7D*!J^G^>1pG;Q|puzVJ2BBmOSDW@9;6ZVr#>BDIi3?
z)p3?iAOBsI##zO<NdG1>O~01+S93XI&pl2Wt$VJP^U2{tVM<MLl}o>%U+4_~?Neut
zoJikWr(t$9j4wUxnFc?bF;E$szOjt4-yCg{Ge|TOA}f~y$ADia!b5+(NYI&%XNr+t
zY`x<bxy7Ea6q74CbbGQE7yH=`*|@Y+Pf`h;*!+wa4^ru0A<eU0gl&-T*O4laPxPXK
zqLPAc|G`mQ3cL400w;qwV*0C@`<0NR1*b}{k636(Ll^fM0FNw8=gQ&{(g7?{tBbB1
z0DXzu<l+bZG=U`64dYkFqTx_}1rVec*k1_~eXr25AveF`RGlELxt{vTRxhuIP4^9V
zfyI!Zgwv@E_w(Qk!hB~Q=ZP0A@4SV6FXL<M2)+;C&@&+Vl*dp)8weOa75<Rqc%z~X
zB!hAUb9rQaCMq0NiZK*q5Jg#xMx$eM42Qgz`LwySkHeQ>%)Uw+DFq(eF+5I?VW@UW
z?=s$sbx<}JrWJ%;IFt3Wz@5enZTY)U8!m@$q6-Teg9Zq^x<nmz-I-f(mQ-B)RnD~7
zoummppWd#e(LC~hg8V7?b@?=nrRxg)`l4Tr>j#nc#UL&78SYP_?@Wy{`%HC8-}jA6
zc_J}_(IUK~2$)1Z9Vkvx+Cib91z-oiWJ`7E@~K3Zfse!!=0<-V%i&KI!1wnvYN-4G
z2KU0{2y@$fF{|gHKlw3PKHp8-)_NluYt$uZ1#v<zZU!J6T|`9kQ;cpoFPj7H8T|XZ
zVR3t0{eE_L!Wcmuheq$Tq|)l}yr!%X&Cnwbf$+Z;og+?I``DXWqo#`CY%;JNj}{tc
zO%i~N#$&ui9!O+BTpP~dU16)Y$>=fA0sQn*LSi^gKN|N73bU2+6-d?zvriW5?Tbss
zvP7|Hp+{>i<`^z!1EG1FAYK157RE_l<G;Lj<6oegReQm~G6VvJF=UD(0*Vh88XNt+
z4b#5M3mY<<r&_K_?+m3`_oROco6ggos%fVLX#-GY1>w;2Uq9sz1{Ymmv&|!U&eudc
z4VQhoNt8H|(<zw}t{ma7B2cNFVIKfI&6f^)pfjGDL|$)o59S>IJMxWenA*=-_w4jO
zBoR47{`)S+8?r4?F~lJQPd5$>)^0GCFnX@@rvBLr%{O9Gm4$uTC%^iH;IOcVw`|>2
zt{hpVyQN=PZ?)iPHHG~7YCq3vI5$KgzIdFD?U3L%mP{$zbvmf_!nBiRc`kiFS9%G|
zPN=c&8R9*}$dd1DP*)|{I37r(&N`wfO`S4B(Q3a#l?N7YBBjA7<*K4|b1X;!+;<qW
z1eMkvZlu^;Pw5IITAP~)i0~wh;Ks1#MYM0(IuaFB!p)46PeZSf8LCa9CzRqY-TZQ;
z*6%tWJAO1oi!3_tEFo;Q2jV8uinv?qnNQ?~2H_y34BvXxoW&%vHp`93pSYm3KFP4p
zF~4AX3CYKarn_9AzvleNPrPoE{bh|t+LqEvk$C979^drEp6{Dm=R39T(P#G2vA83*
z6NU1$(jPa$rn5X5=PTSv!R2W5o<fjvkxq}hc=d5j9_d-3xT1RF?sU4M?yilMCAm6m
zF0Q&D4UHCSNHz;@$FbX^=k?YLa=*6=eY>8D*}*!AG!S8Bek-Hhu`r^DgbTHwSg=#u
zXS+A_)(8+T3~Ok8#n2V$+XvsTJ{eiCp1kuY!0Eg=vt+Fuzmu0BAzOBq4*O&+YW8-t
zh=S`;y1NAEMq7icD#zhqVy-Wgo+y~<neJ=w{4q3}h;0Rc&q-*(tvvx>D&^A^pal%8
z4YyiZ+sDWI8IG}liRtK68^9)_>vX?obi}n#C?L9xv}WBan@V-VeH!F`ey2*&p=J4i
zpz1iAJJHtRL5SSV_S6(`W%x@Z`%Zd?!2!@N?No%oXO+M2z2D)7NSa8Gzy`Z%bK0E6
zxge~^*9#7<rrk6OMkbc>AMHky)am0Fa%%E3zzRmpSk$eH68xm!9*P)DM?}^+H^L$&
z)MC%yBavL?dS&)-`GW0T<?|*1Is35TO;05*>ns|z`Yd~gPpth1yB6z}mM^xE)eite
zSfACXNwcDCV{skZAX=mk2at}=3$LyUn$90(-B7t8>be|Xkh+v{+e&QlNbV|YE_t2L
z*;KA?@`QI&8ba#5cb217EXej2FwyGZ!3ST+>{6j2ma}Tzg1S51&=XNA!zHmj>5V~>
z6jo4UyhwX+zwL^NGadTQ?mI0B^KCZxv5GL8LU|-EvZ@%QC$1sX&o7{bO)~~1_TgSQ
z+1>8&N&-B9g<7jXCF(3yWi!yQ87RhyxANR1=YUjVsY_Y~J@4;WQNWNDx?&Q*0=&60
zALV-6Sww8uZaHmNoPXhmi4npv^W6iI_WG@eYl@0RGjo~_GW^uAl0=r_`wiJj8tS5-
zq$9;TlFi{6G>i^dU0A_(cN1@^A$&a_Dd}6{LeaT{<o(iy!U@#3F;E9g$yPWpN!BT0
zC6NX;G4hQ<DT}GLd%{*;*s?8O3c6U?!25mpuu(XGf{TFcM~Lx`u#VG@){f52p)JO7
zWbz%y2BGM*HD%Q>SEnXUYyRl-_FN#7wT^Yku^Z2G-Ei4E$4GV?xjNbN*awJ5j8w2-
zw_$*rX9&*OaX@fr5Z-aNR=0btz@z8Z!K3}{H08AMu~@TyyyGn|z}y4KkYi3=zJK8t
z-c`YGDC3=RZ6>}1Hmmk~f0G7fh@J_i$jB&;YQof-P34&h&`;+X4aO;yT4Nc_CT0y)
zF7{@4l3SiMeNM;uEqj+@O5#VZSm5{dU`|#rpd`9d>DG@Aj(?IET}Ssod%A^)XAZad
z+Nd~<SaMtNmgT&{128AmkhJg%uCdIVCZH&}GXbD!gD#a#Sn_pCDeeeU96{bkP5;2D
zY|)wP`_EI$qf;fHhwE}0IWFmFo%F&Z+fPL2a|Qg*2XoL_6VRb}tVEiN*4|A88#lPX
zqW8D)mtySXMyV~BF!shErhA;<!LUoZw7}Au7;0`{S-0f6YY{1tW25;r@Y6PfoT{6J
zx!sn?i%TqN3a1FM*E#*{3TKL{?Q-*PI&4u$`lnR2zbqu0s?FU~JQ94}U7&FHCB))A
z<Fq`09M=-ONuS9}e;0LHP$S#9qk!Hs=y%gxssZhC9vsLtd5CZwQCSkwfC#g^azO8<
z)6a%am336zRw(HP`_#`Szay|E)e2Pq!qK_NKZ!<aweh&0KO(zPb>7->;jW$r1ggD{
z)^kCHBXA@@@QMq+;S*pc6!Xi%Vsz9WvPXLG{S9A@rDn0%^ci!ql+wX$s;rOPPcJQt
zU>s0IGFXS$6b+Zu39)yct6LLpJZu-1#o78jXf{~Xr>>N>Tpliu-Oh?;d?Ldu_)+ON
zywBmqA@<~2Ek&oIA#BLi>d<rp1{dEnFyEE-PCLp|x#VlWrQ(^nm50^A!>%I3=2GNW
z9wi3;!!Gfa1xEe1+_j#HkFAepReBgUgqZ^cQ|3k7s+x|$W~?JBmc8z%#GZP0;G#I^
zf%PNy>xmpZSNoGy_UBTl#wF_266Kt|0tilrcCC*;u}N{a#dII<PNM^a3A@saRpJ~l
zS=b}()?qZ)SXXfFgRfCam|W9EBXV2x2t@`zQ%E#jW?pQ)>O1WBJ&@N39O!asTTZ!P
z!w1#8PYgnK+_}B-Qa(Ol+Vmx<!~0c7n}hG5UKnPD1klQ#IO~R&oonKtbl?Osn4-I6
zDJGR#WB}{kuJdZfBxvy$8cjpe|Do%xqoQiR|8JV1L8QB+K^mlylJ0J#8>G8Yx<Nug
zQo6glyTPGby7M{S>ixODzqOvV_+u6fXXfm4#lCjDUm;0Ms+B>+W#lGB#^J#^y=<G8
zjAbenrjVD7?wKQfCo;rMD~6?0J})k1A5YDA%?69q-vx#6edAKV*oEfjUAnv&eRk&b
zFD6=jCi>*px$C;~mh9bO+1oL{ZsMP}(Fjn@?VFuFurQ7>;Es4)l+|1!oOmE<g|CSK
ziOa<5Z-9(~vc&U>5}RqFtxJs6L%aXrOO%kMs2@+H8(Pr~!~P4rj(tF4rkFmRYXZT6
z1RD_uJ-ucnI(vS93Dp%2J&N!|QwC(hutoaD;>|A}JQqbsD>Y=bz0ZCS62PFAvP8*x
z>q%?9^{cV)2O=({R10#-NYg-_cg&9dgCI&MuiU%D8S$g^lFd$_Z-&bO|B>W$X6{Oa
zr~_vc#_&CT!R3nb<2_yMWtc~Dl-qWfW9co{&VUWj81juHA`k=9L*Hx!Sy40qxl_p*
zs6bWH?rLTNq)xiHt=T&}SP5^?tYpH-Ks3#dy1CsQK+Qp-re$KX9wSsyrt*SF|73Dk
zE>Q0y8E*9%4-dXVtf8*fmUgbDc@Z^m)$6&-FpkP9i96i?#P2oxX(n-aU&9UuvWO`a
z$=F*_oSGvul&bf8judg7p9M!n;>%-eFb+zr>0C(30+zD^M2k&azf;)*1*W;u`Aw)D
zm`GAEDP;v))U#{ujytvGxYr+=<*^HLIn?^XPRc<&o%Pb!0+x@B-3;M-f(X*e4CY+c
z^EsmW&PZucnSpv<vL)75OXo_*@QwH%5f`B2W9ZdUsf2hx!!nu(B>)t9<e?$EU%FUt
z0S(4J)C0`Iyy==uG%r<LvLmV!gS98ZS||NA6Qq0hOu?OWCx!&3pf}j3LE|VPg=;BY
z-o2MHBrTE04-Vi>%nH(w3b%WT1SX?qK>MawTZ~)aJ*aJunVH)0fFF(72Oy<Y)ga%x
zWdTxre|1NyKslvUQlE)JswY@p#S2RJa3mFf!(cL8bsrFmOfVa=gNrrpm3@6|>gN46
z{j${~ZmBpHe3GNq;3yWZc543YkFR%yCS2_@bvgIl-v$~h)+Q-g-&>i#FOiLmI3UfP
zu9zH#Hh_Az)}A+P{sa*&8heD7tU2{!1uej!ymN1h!J5ISmfv#x697AYoG=~i2%klx
z%Uo!PcU{TW`>t*-IiWYH1S{4vgGpj#5@glYiko{pJV&C0=DhB=fq>;D`?yAp`I>xr
zgU8?12Wzb0tKNj824x5qJ-Tgf-7ZSlu3E8<4P0}Ae-;CoI6|OyvAN-peErfYZ3L$m
zhh?#QIK{(GVKAbkoHvt3t5Gh(p#Tx5$kQE?ywl!R#nV{o>JCE>PV7?gg74tYqDzD=
z3-;aC99WjprN;zE`(_?UbPgafw~-}tG>nTTX*#Ei1HNUD7vTE#yRp>2-j^tr&<@P1
z{D?FYu03~u*AG;L*%A_p4{n+it6P$MygF_A)bykjg$2DnKV~>g{n}5kTiP%O9E)_V
z)st49Gvs_2_HerVReg)qM){onv-y+B*^S>0j9sAU+brZKTvs=p{j@gokCAN7Cpuj3
zx}eyi`z1UPT$d`q(Ae9T3Cd@MDP>WPdFlo2r(W*&8E7NQo2gjzl6#Z6$U9{m>k<ek
zB;ocLKf8fO$nVA(JwdK+w#!*gVIEDFUNmrM`{XcZW?ka=68+6cv@JfqJ1x<&-MvnW
z<c!c8KTU?z=x`RacMRAv(8OePZU)NNST7#Oic2D#B!`_NK4O@60x@S?G#^|7dBs=;
z9abCCQ)|h2)9kF*E}&%(ft#?^1&pV2nT)d4yG4SxA4(ZNVH`U!m^`$Y6kT}V(55=v
zT4SxNvNK;;&6Os`4rcj&)nh{tmTmC7I;^AN7(VZjPFie!zs&Ot*K*<8I|rya^}DIU
z#A2%C)a$cs@lkgS9W8_lKXmvwKBV)UTN8LOJH^QNekk>z+SFOQF&P}7@X+}-VIStf
zD#`PNM8L&P?ENDk*uw{TnnzillkSW3=kJ+VJgx;pr6->-c0kMb0$Y&g;BWGLMNUUb
z&I+np*z~n_d&}n8PB1L5&Yj1l%cR4L(%wzI!l8w4)yi}~GC?Wwjyhe7;F@cD2bSlM
z`vMMH%slydeU;{OTIb#8Lclf(T}q|HjA8opHJx?GUDOw|qYn^vAQEl28-lOk?z9^P
z5s}&Vt-oeMPjglb3Rh=vY0$ucg9)$$a^#`x{zyFl@5dxdq#SuW`}o(KCbzBPNd|ok
z?`sBRx+G86dyGZPf#si8;}!=<kcYW-SAuSUTuRBVH4E4{{JpWu4UPoq427R-jtUsz
zxZOdxowy`QdPL7+QP|+PwdGa%+xBGjw_mOrpY`^ZD@rg#V{F6PMeZy&HQXh{Jki;k
z$9-MK>Gv&4N)c{KRnPJpLn2auim;#b*=ps93A<!ilgUqEkEB=?;y@)uqK(<e<GRyh
zBww*=)pyN>6%R8BZT+e|5N&*%bJbG{{kJ~3n4-^I0LeFeAo)uRecNaXZ7Q3o(y^eK
zHVy17VyGuZ^vuujF@CaNy@i}bSVpyn3psfq4t@rPvVyCHJCS~2^vF!2ONk@QiJ>I>
z7Pl4z&SU}5`STyIo(pE%)a&Y1YYPon8U-uPiTCWnqOqjbN76Z#Kr#%p;Jdb+nQ`+*
ze8mKn^&2m$Wkezo7)2bIxz)N*{3O+c>26Ec>67ajBrqYB`Bf@>OPthT?5Miox^x*+
zOv`;O9xY9Ncp}f?Mjd0b6h}?vVeT3)Fa%U<E*|ARrlSp0P-KtF3wlj;d!wi4W78F=
z)x_TVIbQ%3TV*Ckve-JsYfoP&(3zp&%NS2hPl*6MQ3+DcXxMAj3L~*w0Fm-bppvD6
z7(If3YqZ-lD0Pc!xj^yTCg2})3Imd$$Y*gB4!#t_M?g8OZRW#q{RV2$_Rl(S6vhv#
zJiWVcP;7bo#YYf?`?<JCqj9seH<11tylnm(3l{n$(XOwXdqXD0k8&~a609Mt52$;i
zz(u%OZ?v!=u)NUw4kaIq!Dv)zsPAI~g;k%8yf2I#Wx8F=v;C1-BFdU>a><l<P2A@(
z@}n<nk#cGl{`yM+R5T-d4ax}eLbh5Q#v5v6r%bOas!IXaxKD@V>wL4#x{ZSGP1YkL
zMR7HP3@-c~&FRTMhmv^q)(b`n=k%HFh7!503cB&nF1q;;eCy<zU49@Fu`Zqv@DLoA
zCElOWB|bb)d0_D@Mc4!NNqs4Z7WD<B^eE6Se3rS%?<5<5QXeGMn5%B(K$)9RTr?Jn
zY^6@DK(ddn4`q*FUX0~xuLxOM!Ribj83n@`pufcG5l@x7dMZdO440N-^IkYu4=kUW
z_v5-Ub*D_XiT#UF*C}wxYWme4+%A7bY~Pav=9arWLs4Jj>+s6?ry6{LXk4D{c3jc@
zl*b(%Eaj_;D~cZvQm`M4PqPca4%waD(Q3?|v5n*t3h3v~>d{e$Z(*?NCCLju?48EU
z$kS*AxesHA=7+VQH*TrEwQj~S;%gD3@I-dIgN^(i+tuwcj2UDSyF=GpYofHath48$
zuYW&EIFR%Bm3hK#Tz{KKZyTx>Qn2<hZ@sm2k!jGl7}xBMO<hdCg?Qi230(#Q*>sw3
zV!cHH)y89EBnul3_bBOM`m+74e98ouNnHPR0U}?Qju`<|wHaKi_2rZcat%h`MCSa*
z##Cmzw(G2?j~;%*rZ#y3fUhpR(pG4GZp)DnGM1<F;ymVbZ|Zm;<rME5-*vy@hLO5S
zn}sV)yaQpjkp#DMZ{i#DRMxy|`U{M)OptI#j7^wa=s|O~cLcrny~i-jQs4Z={?fBP
zF8}lT!6&S9)^#4o$<0F6+a?lc2G*q-1mm0I*5`>uA<E?Ad>Jl`*W!269T`T`DR#xj
z3m1<aeP2+y{3*6N>Y@n*2ex_Z$I(WUwKzs&0oF5J{zKMB_Nw;-?~T@vuCHgDXx3+9
z9L|9<T=-vQxTq@e8n1BRU*H_g>HDs<esSo<yVCrwLW|_i3-ExD@&QFZ_oXL5oU#9x
z{1%|5U5mb<0XS<P!-O=tgU&%{9%0u&qRmM3i6WZMs2u31=)(rR4MC1ADpSK*ZEU9m
z5M0xI#}!{-U4hP*E#N{4z<FGyw3+pVUgUZBcq7mw#U`>c#uYgFEbRok*=HL;*<(3~
zDHD#uo3^MXC!Rg+o!!slbaZXf-g<S}9*V=;sgPcZHcDor`eN%Du8jivi|<UgJ346j
zxuV$Gy(?ofU!BXMRIQvU9H*+yo{+q4K+27Ox~$EBXOM-jxQ*??*trcXI+(yzn8k@W
zPtsRjYapms`kZkkecUQvfFVm(^S#(~?Hx!_q%*D>*z5|aTdRhZ*n<Khb$ee><z1Pl
zfe;8Y+P|uU`x0qx`uC%M;IzKQ*8Oquf<m~HQxfxOT{>)I7i~7fpFNzJdFk87=6X^8
zis)P!2LCT!+pvW>Ys83!>do|@^{jn2gNMDoUVocC!l!eLC|)4Xj0AdnB}(m9<cNQ|
zwrOJF07*iT(4aT7C16s!R(_QdLyDAfU%o@tIR(NPRt*QBi5XxUidTQJC)cocJ-QL3
zcrIs%mWycwJ(1dy*^#pCN#L^8-g+?OvpoA;{G;2|H!Us02s&{z+#XJy1ZdDH$&eaH
z`X4659Orah-vL~q9H1jcsm4+jbDV6q>9m(Xm0N#OFU0Tzyz4KeVLXyvrw2gl+=}>T
zyI*BNU^l)Wcw+8i*T&jR5NHlvs^>ac$5bS;5uyp(;qP|cL^J6X$lR!B4u14HOA~zI
zy*FJLe~A_CL--6N|N2dmbzcGLSu^tx-~VYh{UeNm1bJiSn{<c6ph$pzaDp@2bs{{0
za0ERX*!>w>QB5+;Q&QMIFRs0ONMLQ~0!)TrdqnvdPOqu!A%q?u%vZ70eKp^Vy>-^7
z_4(4-?F#^He|)DKdnI<0PDJMzu+h=ard_+U<!fV?7<FB(=(EqV1;^EWA~><tPTez8
zyUUlQYi;aJ(zF8f!<MhSj^cpZL^$R+rNrqaZQgh<NE<=*NKJ$qIL>qe6+Zt6f?}el
z$$TylbRjS@4%m%-gZ?9!)p!g6Myui=e{k1@Mc|vbF9nd`dZ*{PXVFol#e{YFtAVyh
z6%%%C_Z_uKg>iq8ZY7AZA}tDnxs>Ncq{N~7QyFVD7=DPmzwGnsvCwVxqy3HYtDPC!
zOM7_JX?a9rD?!u;oNe)W>{MpWVw96ipbyz=4bv;|hQrae=M62|`ydK_+OD?97UO6O
zoekpsPmg%__~`t3WOnTW4{$i85}?;_!Pz@9I=I0NSc9M)q??e2o?DC;M#8-@R_gr(
zR}Ot)AQ`mn=p(j1MKFiDzM)}YpV!;@oiI0?Vsf&Nr;|8R7h}F;tMd;?aox7u+`O2c
zIXm*$Fx<DiA9f9huhfdP$AHY!sHg}48LJ6LVa_J@xiPF7Zn;?x&jrAZ;u@{D+iBYw
zz<Z9W2ynSbl{6B9dmW9@xLj);PNSbjYVBoi-ltJZkmgdLZ_}??_ePW0jr6QThd%@(
z;Yb11?wbSDUlIWJ(0qCsps@D~cMXS(OA3gt)Y{hrI2D%3HlN2kQ^m2!M$hY`0HG^D
zF*`ZUwsBxoVpLl44nU49@IiJ9getvJ`yn7fY6#-KjeVWYH`j(?e|88?xk>6KZ|{1{
zlhq!EiW!IHDEdP2i*sLAe|sU&s*PRH<i$52JJmKX3W2sA^s4@w4Yj*^u%4M3pYGg1
z?CV+}Oo=I?=v9_f(=-jm%Ga$7x2bS$r6oNj&8%X_jdhXx;8@kz4V9F<S3G4*O?;AU
zIUlCR^@A3tK)v1(A8{i=S#H)idBBzKMLMf<<IHo9J<3qIhb}TLzV4_|$xfymf6iyb
z#}o8q`Cv$=?a|}`OCIjGB^1W-FDLp$l$!4rwOQ5Pex+m=)_eFin-)X&oLK(wcv+V^
zxn0U6E@R-0toEEpdQy&P>nKKV;Ux@Bn@@&vwb%G*95G1g=CV$+whf4j&h`m`L{KqV
zZ(N9)LUv|jtG=tmWsAvI#n1$4wlCg{@tmVbETVC0Sm?QIU2Z3q)qmmugd`aS3wyYn
zC=!tTFE`nk2Z3HqgzOF=6+ma0rYq(>v?Y&Xbvn{LU|NAEX>}K-aT4W{QQS67boHnX
z_HLuFe-C=NzIA)Qb*D&82jwv^lkjHte5Od9i-mCPVy%I=^b?MOTQ3Q_c?{m-BT(78
zZ$sY1|BcILar$T|><ayGjpd6x@=XXD2@~#q27sf$9?1rj@UIZaao0}M97VEGYu5(+
zfimjwm$WZjv>QNB7>G&|K#%qo09Rwl{0b10Cd>2%&j<S|is`wDH<n`h0}TyMJUYWO
zwQ4K}_VSDFHDulJa-xB8TN;A@+3GsOs;otg34n+x1pRLnvp|NNrD=VVH4gMhZ;XF4
z+ti1U{`R{p2>zvhX8le1TSWQI=$rj_k}MLA41F+&$Q|Pa6B{$qt7F(wTy9*_k}J=N
z)MPgIWqi*yUpOf#<$>hNS%~qA`*%d|N<w!EqS-guveXf#(s^B(&iS~2kR!}-SaTrC
zIeN$9+T_}zW4-r;2{99R?Mf`U<GOp3AHVNaZtMId^^V=5`;DTE#?R1$vKb7yhafDo
z25!`jAMY>Eu6vRxMo9U>QU~no-(V_6nmNOuh6}xk49>7r=MJ+n$}eZU!vxxX9bgef
z^_F`Cwl$tI*)8HQLSjOM-{b7><m|i(y8H>Kc1BbOZXPUD<zsjVQ+9_JR2cUSw);af
zQqpjhEY?`1)v&Hp-U%3X!c-{$s-$%~&NHgw0ddE_WbETGgkKP|GqqeO(JE#K0SGwm
zS7U%*!U!ntB?9$yU{RThCA`I7VLmU=>tqM{hsSF$fd#Q%W^eMd{SuG@C0EXu`=zYk
z<7vD}bpRBvM)vRUA?zS7k^Nw<UxmU13)hEwr=vB$G&nk!pwX4|YSs|x$E^L_Aisoh
z#edq3$?C8!>iJQjK!MC+rLiV)fMw0Ysov*CKw`BG-JtXlD3pBlqT{^tR8BgHVXmP?
zU7ww(dJrLe>I844x4u^FSbhZTdv}Xt;bIa#y&U}B^4{Nh-ap#={(8V-zs7ne6S>kj
zIn+Sz)wq1W(e>ei)wT7}fq#x6!Sz|!$M5xm$J5Er=un$f4tDbSWTM<mr3cuVCszfR
z#7S<?V?W&6B~(AyJj9GclU@7>M<gc=1AQXG^6ZKtg2j6I685E-s8|K5L0?Gg8SN(&
zUeG*x3>|69H9l!VOwci3)i3~6<4QZUb#%SP^BMZVdMQ}d;It!fO=wM`#sW!Pz4LPJ
zz1yZB2zB)ZB-ahikaCoSK}Z8U%=-dCY(xjtYpS+~*Ls$-#kN5{$-2(*6*8e#kdqWB
z>)QTVRSaO8O`9FA)*Z)1<^V4JKyyIG(PGhMd{@Yt;ILu2Rgw83QFr&GdT4_c(i?hq
z7YW>uy~n%tu`yewejJwTBHT`A8WI`xK(HC*z`bdv>qnhWW^yv$We2xVX6U7zx}0~!
zoA!NjTb?yNxNK3l7a%Ukh_X#eqB{7g_e)W_y|Q7nT}^R&D<Ibi#dz?ds&sZ<X>75%
z+;w_u-=RS3b>2_)IhEWQk>Wl&Ysv$)6!$I>qD3S~!l$H-<2#^XnC=%;)qQQ$ql9Mo
zO{Mie6hBA+&;AT><*f(eu;@l5S+8By`gfXlTx_3{SzC!e&z0^}FdbX_KG>3Iy21ES
zq@_I16zGYe5_aO}^d%ZToEZ+CzlBITdL30hx_fLV=W}NAc^owF%v%g=YD%PeKXb`_
zrD(2``sNtMU=PEW1gb^j%eBr1MevhFBI1D92vQRIJ5S%XA5?P3;$9E~#`I`8KN&=j
zyxfDZ2X<2!R<qdw#LEUfG1}pY3v<AE7GW)!WG6Kv<48`$QL!~&GZCNbkq#SV2h=O5
zRzrW}j@B7uGLir`)Z*CNJdW5K5`_8$h+gL9gLb-HyK=O{)BDOcwC)Z&2sA&#l^5Yp
zH;ikMZiH`j?$d<u8SdK7M|s6HV3o%Q1_rj*-kg=UQGp#B<e?_yA-F0gz=*Y9UxN&w
zMmv;oH;rp#!rF=<hHF`<F_QVs+8msAty~1Tgwvfv{rFxpqj4IvuD#^rJqWeg@sV@S
zW*B~Zh+<=Vn&B=4fg{<!8<F<qCs1^0QKIb=V7Fw`^m;CUbo2|&=tag<ZrC2uGt?Wi
zd+1AoJ1`HNS6^aPWI<p}(k9=i&5JN(NG3h85UYpneLTeq!O~x78h0Q=7}4_pEC>TY
z_1N%`yX&$;XhU=~7^6KY{x@;mFC3x!>19vPiE+NA$Iz${)a|QPcj1&k8ZZP!!t49S
zjA!R|5Z0LWyLRdJ#_dbuRq+#;3wiqIM!0DD{FIj`TcWu!(Zc93>J6;{6lOKW=mYBY
zW*el80<9hD)|*YyH&2sy+dbYd>@gvIH#qZIY!4#Yuj*hbik-l{9d(g`p`+->WMe|N
zZ>Aj6V6u}T@--%wT#I=C=I#=L5TPk})d_KMS<i0vH(Q+aGl;O|)l1nLw7gO`$jkbT
zsQ6zxB7n$y<d)B2*8wc_U!J_5^gs8NyJ}pd#l!a$Q36-V@f$`+iJl9?J%d!TL9>b!
zso$*xPmda~8s-l`;XgoiJS3r0r?_R!h4B2#?(U|847*;nbse<xmAbT4HQ5GNU7A2f
z_Z({2uq}!G1BO+=g<0PSP6swf1OenfpYjhf)<Kk1Ag|G3I?I~wH<D5YU19G9^F-Dq
zC9GH0sj=msnHHuA^+621N_Qv(ASAvdhpb;(sWL13&~{C>k%yDyb9#mv<o)-;=%`Sc
zuKc&1X51RAX#dVsd(3vi;On-vJbc&N)Iz46CWpCW>(~E$s9zJp?#pQPo$<ynsMhft
z7LLC*`aJ?55H?eVOilB&ehj_t<o|Si77>jA;12(vpX@k@Zcndjf<)b&MkyzThEiz_
zvVT832BgrA^FrX&D`3s|?~i{ork{CqXG^n_G2%ae@n1%8i)a*&Hc9KUWPQ!Sp*lG^
z3A6O~&V-;kFlf|@Q*v^0B!QxZ0O{2bjR`g}2WZAwGE&G<0_gR%cYi*B#vH1dJya$g
zsx=0K75dLF!(^enT(Hv~2h{*8{_pug`|oOS@VlLS1^Rv^YVE+pXc?WHalhXoq=B%S
z`#S9AGf+V5yg!X#^#fyw;Y}V5hLr#tDmA3mDiXEq_V0%bJWz!j7$d#*zGQbq-<S%x
z|32vdzJ`5Es-@TcPF_BFZz_KXfHG{&8%HMsrJPbmMn)Y%Mznv&Av6pyaH#=LISB|X
zq|S;)hB3p<S0UJv3UL$=c=$X2wIws;r>bU}vnGslsMd!7!#Dre$p0~Tm^jn~>H04U
z!Qn!c1VD75Poz_gi-?FY7ae)?XTl3*VMt0z#Q}k`U%Cq>0B-P?YBw!FImnu!t`8t<
zT%TH5)nHLGfU0iCNkJR?YbZ#}ueAd2R}si|+L6y>AWTQ_BuQrxf;`hhdD}F0#;(Mu
zA*0TB54mPP|DT})bjNN<%crKMRszr*0O(kuQmhfX&Oe7jsuuRo8%gm&glauLA|e6P
z0BW&*as}xAc&U<>T|~1>Ij0^Qt*HwZD<=Itd(vOn-#R87cv5Y{df8&SW7De**TXqH
z_8Y*yBZYxNCnMr>8?SFgP>l(K1;K3MSn83ne|-0jbRDLAHN-)$y1+AH!;y?~ePtBt
z|BP<ZLzvgmuJ-{JYHCS2xw-FvvlYy>$p1#=Er4XDV>s<VBq=Q^MYH{qQ%_7v4}wY;
za3uUQ%KVTJcKM>|`LZs<JyoExYPx(alUI;c%Jg&rop16Qt2s_C6`h<5urnW~H_Rb{
zuLiqD<A*}`Z~+z;mYfivc7E|e4R|6{vT2-Hn<GL{72*(W@xZxp0Kj8LEQM=Wku1Ia
ze_7yiP#S`(pHt#Nb-#(5zt%5B2b(SBm2uwBJoV2uSXUT-W<fVCWb!~&b}5dLe)~>k
zn*Xn|Vqinq1gMk=+aqbxj*gDgDEMkAFb^1h!OZ|W88>zx5R%vm!jwC~;n>|MZ=WmH
zWJ?wBZp1hSjv{0A(4aTa;*^ldnC+eTL7u-jz$!&*vcOq%^9;YrgEEEyGFi6Ov50Bx
z-$94DT2nRNMA}OS5l&ex^};w~aQojG3cPrb@T*gJu2{wX^Ns6+A!ffVD<#vENDL$0
zEN?%dm11bu*)oP>GsfMX?+gL(-Ruv$<%^UtY>=QMQW=}M(u{TwJ#G;oo|X$3PJ9*S
zl)mI7IFRn#9tjep?_g5^;L+J_m*-VWvv0@87{5_2?)zU`af?OQ>KS|gwjg3W1Xz|)
z=B`4MbH}J+q0AcVul=APhn2aXBZD*F6Z~)FkP<-3omQ^(kI4aF@eG=3(t>o_?~*_4
znw6E6T$k{i+8>Gv0#YAX$vX93iFyH=^T`(%9}sUk<&yERUqRBZcGdX%!x#lZkl^--
z3sz$NUKU^_{N}<3L*@Qz0gMJ16ERac^swuBeE#_dDDA&X;pdLH(>5_@XIsqD7faw7
z>`eZ59q1SIuUAB>cfeOK)?jIb8hM^K8RVvf$Wo^4_IC)2lYQk+3aURH#1pN-1Bwgk
z(GLRT46uIRRrV){9yP@oT}1^=w{P}o5}#<=d+Gix0KmQk11aZ?6yTVi(81Bqy=TrD
z|9b*!flekI`}q^m9Z{La+8duY`2B}?Kh045^M&m3{K>s`cPfcLX71aE5c7NYeExmG
z`ap=XjHBJq`9fF;mBR}vZIM3%oJGP9Gco00veOD3UU{v;Y~bIuHI@|p97+Hwa*A6z
z0Q`3mMTXSl3C!x|=D}FC!sJn0WBIc>p2+*n$vs=Uy#n;AY}D>WtXe18{?3QrBd<Oa
z;`p1+|5g_-jMZG8&8H{=NRmFOe&b-g-*4;20zP5mdsEk<#wWq9Pw}b0H<xZmNIl+-
zukj0_|6PvXLOAJ{@;bf_68{PcRWOH0{ks~H3k&7DH;abCaoWOobzYu~iz6!ko*dnH
zkb2x3#a&(VI&x!Opm@zc*N6Re{p>WP%Gf*6cr*^A7u-YtK4VZO#CEHWD{>}|@wTYn
zY@Sngr|}<y0DBbo5K;*muu+-eFrYc{^Hs-oPXGR+1Msa@Y<o1Ls~Y|_D)6F0*iYJ^
zVj|ia_V0M7gp^Y;s?<hmRwR^wjY^08y9t!ST-*&ye<)3W5)X5S)Nh|Xr~LCT|DDW#
z?1m1hMfovn^u6+*DMLC78fTC$zBFH}4&5lQudh=1W4Zod2<C|fh`}v(Sg!_%b&LNR
z^#8mLBZdmKkmdDw6V3rZlmBjyFZwAU54;(p2XHg~Zat)NFe)t)NM2cxQSOjmybn^K
zsjB_|TH#c}4~gt_ZpWJC|M$C#MnN1_o_y5Zyy=w~%`|JPKE)(y8BzOf22m8qjP=uf
zLM^+VX1}rUP>P=L0D}M8^S`evq`roon51j`)UFNx^X;-Tez{TxI6qr<qwbVJ`%yjy
zjDJkD3IdiC5n@CZ=G7{sBtm+!Xe`rz97#%aGnitmC2lLuH0l4d5lqPXjj?`fde-p#
zV~;QssPz19$75{!rJKz<KmRK3zlQP$Vg7n(LANY_-}~Ew_9*^c-<wAU2U$tLQYNOR
z+iuHT#Mf1rpl)_gnXyd4C!QXZZQP`9=W*2QrlzLuRlS^1V&oc}vHiSSXWhq$gb%Pw
zu8`R`(t{hn?mWg9>dtK7SwHW=Y$)M>ra)(flv5HB??+~U{4UIh;PYo^fI#Sm^H0G!
zIn^WOgrn0I{?E;=et{4bfk!2Lc{3#aj+WYFka7T6_9=A*(Q&9=y^;cA^f@|?jzSf&
z&o9=`k-Iewv?@g0-^np~zJ#G4t)%{BzAOb)I*2_6QKUT7pzcncZ7EmNH89Ij*aAi7
zlw@SWf?_!UWnM`yI+)i$Cy_x@<XrCK5=$^xHFAIE7dl*m1>(!wP}br4jvHDnc9tBb
z6Cx`zliqINrW}O)5L>x--*d+P9ddp!>*)|*Ao^}049<UVC(Gib*L^s)MHL78n83O<
zhPy^N>P!)h_3tbO%nw5HkBC6VI!uh!ZqlP4Lq1}*Yq`sgz!y+~L*1pw&zw{%sW6cm
z!JpY0QDl~!BWUU;iyVvLg#_gRP<P7c%LB&aXkuD<)I%##2Tm#&Ei4rk^%6@giXS2m
zaa7WSF&)tF+bOOICMef8xkzmam8f!e_+9&Vx%84^nFZ--x8h`d?}jifJeHlqBi!~h
zDF~(2I<|+H`Kb7hTiA-#ZWK_vt<bI;<n>4{o2QGkc@0_~X1G2_o4tSkx%C+gUpB;J
zmhlQ6EzisfwK{1|->ISbb{~oLZX|gtXd^oQ;^OVXI!qJv4=nm5br#dDZ$SYa+Z}Fz
z{Z1uGpXa{1<@9j=I}TpHgdA49`B3-Oyw8P)P@-a`&6?<+2`U7LS1GCV>#DJD66$0^
z_Js}chW*)Heh=V&F5rYln(0yOOTyE-$5QEdsg=rORg0ls!`l#<?s<iGw!1Ob|JnH<
z7hu$QET2E2!U+2pHv~HpTVOa2g3||bt&zGmztI&44ORH>?-h!#y1>!VzYUJA`{7lR
z?(X4v3;h4)7uaW0%#N(XAJ?up7ae~7^3oMXJ(R)++9EvpB-{p-qa~>R`(H9Mnbh^&
zKYnP~SGwI#BYEFD%oA5@*QPGI%WOCOt=@;hx5;kFvJFK)mmo+{Fs=JO(kIBdO(|De
zDm7=)Qn$1Kai}?eBxGfb)>nRkCmO?y$$$OU3J}F8@ZQ#uG(ITDnDnpMb2VA}poTD%
zT%w&pdhODtoA+>)FLQe-uUTW7F^8yc+XfA8?26Mr)?0}bYx55b@i?!r>EW837jPx6
zTWWQOi|@_b;sUtr>@UXKq<J18qk8koNB^CxEaIg1kIE4oQ6sc8Q2yBAh~H5eLjR6)
zQeH>~2@}E27QPq1Ruhc#50t)Wd1w7`6Mx;%JkUw1zKk<90cIc!X+N!AcKwI812qc|
zYfQYyAJ3Z`&je-UW!`x;GexS2RinG4&kQ;_N$Z0I{%FPB!uD!Xx?fC9I(l}<C|X6J
zHbb3=v-GohLT}K`79bA1#b(a%qdF?TyhE!<5f{?&k}}UAEe(Je+34k1ll+nTx$e_4
zJO3zI`=>NJA)-$O_v&HeF(k!F9ghXd=|LVs455wL#DEn)vZoe=W_E#DG{mbexf_dR
zFyU{xhbm9;xvWW%a2R9N#al`)<zgmtrBao{ko-xO^Gm_y!b4*pKnJMONl<>fhym}W
z34V%c+Yq#)bTUulIZF^&KiVwxR{@<DmBu?v?(W@bai1Ht<5U<zeMG#b7p7X@ZZB1K
zyL(xmtVn3VT)<`%iLOL6>B{Rm5I3X07AKvq0%sa)<}sRsSM&ARofj)j((0neiM#u_
zg@l%DmRQ-UM6Jy3;C5E8c-WNhUp$ultbp8Ot75IXB<qFQw-~h`ifywI+&4dnxchcV
zmB8GZ@e^7($Ki^ro~(uX<%EwaQX(SU?KcK6ILrji#k?r~GFC?BnQ$s67BAFT;6XI+
znO`DqD2ZhQ|2E6(p0_>4ewN66mG7*k4KsqPUie3=asB{-!%3PD;WXsw1nOpFeG=DM
zZ)*wLWNJl`1+tS#kb`v}#V8xF`FEp2-X}A<Xmuz3>lJhZzN3;+HUUx#M*W)EzdN@*
z5u{%B+k?30%--N6v_B5fpMUauv3k+`H3U+Wi~7rl><@?Iaz3BgRe!j74r6qrNO;v4
zPMNx22R^fjWB|)N{+isUPku+rMFxPIov7QSWKxXylqdVV)a}2!1L$EYyM86gO>eZ+
zZGN8`aeruatKLS28gTR7CQZ$8foi8{rtM9o`;gl0(fvnOi!-~pLXqrBleo?AL(Fkg
za#qZts_g9Ey$rY34_uYbOD?p!jR_wb&b;>KD_SV`u8J4VH+`S48?09vS2k@@vt-c)
zbPI3U`HyfHnq13dQtv{&IM(1-<l=iH@%xGDR%pOp_uni$i;}4OU)k)ylXx33Y?6Jc
zq)TXAuSCiXY(xu@Jc<^~A9{|wR{}_C2Ut>M#6j|aY;=54X}x5Wol81~z|+&ce%>h6
zjPp;FIXzm{X%kve)9A}%Mu4&sgC<C9)~#Tl;i<Uelv~+2A3T0A;e*ysSL1W@7#$x`
zfVic%w8hHvSgjn9vTs%L9CYl%=?yV4gGa>M--F|<gj1}_v4W3xKj5b9djUE6HpN{c
z`JhHmR<$~b2JPbT)&2C{58h*6>oe#bm!ER1MpESu7w2Ur8@(fW&l8-!kT#{-`L$<z
z42;_BTu>}0c-OaFA*x{b<HTS3qJ3H<VRQR4B__+qPd8J{XFt*6Bg`u=KQeBH9F)e*
zfxYBETaeUPOeuw+5@fj(#R*u(+K(>#et1YotQtEs7md*Ox-5CPIe%}HOjCxquXcrK
zG1Zv3_FSZuzm#nZ;eFmT3vJT}UmD2Vv<bzAO(t^hIjd9htyb~=4K3}v()#MEbQeqB
zuBWoSs`rQa`u(FBg^Pz>bl;1=Z|oTHRG2vN<gBw-9}kta0tax{{hPwFNAC)DE05y6
zW3W%!tBp$?twn+O(tF*y{xQt_{)#^KNpSywRvEwe%ln<`Q~<OQ9;n3}QNkuKICHVp
ze2b(~oSKNjwIBV&(>A3^N6b$%r|TK4WB;^p)-wk_a09<e*7a)rFb=lXboS&o-ez!r
z?vjt-#@w@<DK_ji9>VS;SlgS{e^y{(OWZ0{sxoyxZ#tZ-%P-cc5f^wi3cwp9mdhvb
z2gjKVnLH$e2OoT~Q}2GboL_ExE__OKJdd2iy<UhGc&gTtm0>-qCg8Fx(5W4|UaZ6P
zy`8D1)i$nI_JeWz$sjcEpq%ieY54ElB!#@jSS9T7_I?q}F{%9l?ynmOS%)$1P7K5_
zoj>jD>6yFN^VZ;zxuI_!SysCI*+N!1p_*M9OC+*$1=2Hd-pkJvYmR8F-yMa1ac)gB
zf#KKa?uMTol=_~_Z>5Wz)bl3O<5RVY;Z$evv(!&54pp~V?fsb|;~+JDmFA0a=<9wT
z=jS)BKLD^{=P9f8E-4l-k#V<ieuhUSG7+o7)C?;WpT;9TdwH48HzvKQnZXrCE?xS%
z4=r-o%zEFAs>K{XAr9kn7MrnWw0N#ixjHv#&Xz10bZejsp}5`nl<2>sn1^Bu8;au3
zt7!gel9>ZlcKghbFbyCBe-OJC`2A#>D#*!EqWfgU41F(114MHY#GaXAO-G^<A*1<7
zx8mX>K{kMwH6%Ny&p4D+7Slji4$S0mK##K#&w)TxDUSimMYx&EdKc4CD>UB3|7;#$
ze=V0dAKtI>zd{XiFaHWJ?TjuUk`Us@Kw4g;-&Tsa`y%3Nsn@Mz0NO=Sxl4$P&}yCI
zjOA2oYs+!s)z3xT30%>*RX8N`w&&C2iuLQ^RmjP5VSZy26qEOb8ZXF&q7z$1m3=B}
znH#J%-PbEZBm8VL8pZU!2b3T&b4z3rou#OJS0Vcffpqy@^IId|^{~+1hfzGbaUDw-
zhux|^xQircI?llQGdkxbZ7D{SY(Y6ChaZ}Y>O0PFl$W%oLG4W3$JSU!9I-#?!rne-
z>rzQ2ye=l)^}Ol0k2o*|3B|_`?LW1AmZvvXJSN++?{MEK=(lSv)~o6b8}#_$lpocx
zXkKd=?BUX||6<RjPqxx%i!PPlthKO@MHb&Of_$=WjNj2}&I)B|!RaYhS_M6nm6R2b
znF-+Izfo)eLMTuZi&C<_r@=d^Ec)uYvS^+zF&HjP3PlO%<s#+R3dcv=TuNFc1hqUB
zxyXbkUmM$Ovf5&)7P)3d>~bLQ#7nL_sBEuo>%P-Cr{Q_t@MF>MSG+gJx6eVDXUf}v
z^G0T2=tX0Yx>B%8U2QS!dc`I{rqUw4gm7vMfCXg)1DNMa)RLQ$^(HlaC2U}vnH8IZ
zl2oTRRe=+T@-k7~57J*w^J=AQ)RQThDACm+=A=|lYIzK(bgm%gA~w_mzn0hKFebr~
z_N<_B+16#bLVUU2^O~6AbvGFC{{D69c^lNLb}KVT=;*+8`<8Q^^YyP4*5v;=uL`AO
ztTsBQJ9Gaz52ACx)Z=4msZT)Zn?I!djXL}~R{jc8ja99Mt;%J8a>wT^u<Pb67f{QQ
zTy=FKW&d25Gz^FArPX8E1eB7N#=?{AW@YDMi-)-ki0uraS<>39e$DFrX-;1Q#d)@6
zw)v(erPk|~u0f2^%|;Q)2<_5S1c+N&F|4%kS(ocLU7DONkxb<lB0h53E|P!K^X=0J
zEK(`Vt`M3nUSOHLZFT~<Cg6DW%WqOlSP-Mh9rAqSeMCzdu-@k?1$m|KRqJ7`+{$NN
z0TfAe7)<y(z=7Se#7gvLJ)*~Y({X8rQNzmFu~}yahHS{cXPo?bm6qG6rAPlw4Ps2e
z9~@(*9~a&0V>|6qG{gF%WyMZ8+;_udp%P1c7uG6Z&ZR-6M`laL)8`(DV~Sh>smzAc
zJEpUr*YTTsSzR?gvhTr9kCXRV{^I>+!IlJEwz1Tq&7{VC&16WbqVxI3LRb}v34pJG
zJAuv6LpD;0RkWE9uRTQ1EWnumT>(9SO`|N0?U=-UwZp%+lQbxdq~-ZD;?gK*sbl!}
z7)0_~#j-Yf4oelb>`KUJ!EXUoD~=6XxmLbs?^qAF6j`@@zZ9<0Ni*?16XLNJw52=u
z7A|g&Jw(-i!1|z@t@dnbnHi1jCgr166p2nF0^>5aQddZ@-J3^3#%krEV_fr<Tl-*H
z&c(7p7N1LL&D7a>C(W{WZbV6uh~c%!32au1@=cBPt<>Jkjv@sr-}%KA>q9Wv<XMoZ
zI3+^SCrsZ|@@T=+;+M)3-~#nbj_jsu0bHw~m~uyWGGZ8C?HR^nE4ya1;t@jz;Z2u3
zEqlKE;i*kk{-<8;<D$va@&VUXKY`vxy#qDsf~B>)vuQSFeCZG6=AdwZ+k1?zQ5yL5
zq(dSzMljF9w}`Z2uEjOw=>|9-ne;{J(mC@moKHiM-5e?i??iIxn7}wv@7akG(C%b-
z<~`(K-x1F|`B`nd*vKbv=@FU2RAKXpdg2ygIWsI5c=NB%Ot8xLI0OAINssq^MPhAZ
zs$c7tK}!0bCIyuirI&OR$(G>h5@l&(l81Den=9(`G{10DjdF(kjf<ai`YNvT;ah7@
zfwFBxWu2;FjJ}`Qdmc;;X)A9}`vy*MLi<tX^l5#IOvEo_@vvUCK5gGy=Gr%ZVxP)2
zIX88b*?`L<9&5Y!K7fQxH9>r0M#BK?eAw9TN&k(~D2&6rzTRq)5LPyG|M!qZiS7WE
zz8)Nr@+*b4%^wIf!l#5fkHYJ^jVm{~*qpD@9rM7+IS7>$0Q@@@d@ft-voCL)zZ3dC
zobJCUmZ}XZe^Y7Hg9wyqIM;40ll>D83zLBIiXn_{A<pD94jDbgBu?^o8c>SG2{J;b
z#XHb!un*-n>k5gqG(7%_0q&Tg6;-5~R?^5=tdSuWluftpmb4FT0{Ws-OOhs6Cu>D|
z&XlAXuht#_WhGe;PzdSS8{r;JpmZ&%?dfx&+EnA<0Yzw`Nm-i;442}$hT)`H;muxp
zl|0vMw*ney&0qmlZO3#t-I$?ISO#9&teg)H>HRw`_<GU|7N^=qa7%an^rL#oz2T3D
zM&Zp67rXiL1#5Lh*V-DZnb%2^OidReJo>>lAbT7woswh@1?j+YRFFR|LuyCj;dc(J
z$niq!1xk}x+kHoyWcnPj^SrY;jJZx4v{L1c1-LMfVy%RI$a!u=4PUy1S3TUX^NZFn
zuu^Q!;;vDg6%?zTk)CzgZPsACmDO3sZ1*tO8pNtXSmVQnz?8+yomMgwSIRSlP;Z<v
z8)m^?QNU&>vr!(hEKkr-YIt+ZV(smKJbSqs;8umWVQK|_s{lvu$@Y|K)vay6boUtD
zhD-0Td+vMybmZJ!szh7`SB$#^u=>Yfl2@S#5Ejkepb}Bt&}HiwWZ2G?>gN5VulZTN
zt5I#9eW=P+Q)qcv>QVE3Qk3zfh_$A!F34`ae&FI`3H=>bsm<|Eho%Vpr{YgPO;ajh
z>dIv!umlv5eDeu}DJK)uu2#_;^fKN6E>xX#-ghg#YP3ffNW#0q)<$o=!lO@SW2t7#
zbDy7PYxSKjw;Tfy!LOdq(mvMxco0WTVG&U05uS$&4@cL^Caj+i9z_wE(k*OqJ|up;
zMm1iF!nycn_CWc4rbSh$MvAHi$}LVsf!@RZT1TW$QM0C4L!!ZUqV-mGg}Y1k^`M^t
zws*33aU%N$5tM+&Wm;)lw2ZT6Wb>15^RNb7kh5&UN50zc2WIs%`~_{7F#P4>j9jDo
zCuJBvI468E3q(eN@S*LQ-;7*HC%K;$H8es{JVfuyK2`3ItjvEMQGa`kcEYXQ`vUu|
zQLpun5Pgb#mz+yd|3nbcVPV`XP#fZ(JQ1-R)oe$<hPk_~CE-Wmb4WcsoXgh?Dom)*
zN|V$Bspft_vgjL{<B1S+^FKwwRc7*dEJi^XJ1BUpqQu@86V_0zWvzEovjqf2fbTb$
z&f~OMImC26%iLUJX#0CUPYAc`&W-LG^lEv4>_hYvC?K6A>vMv`kZcXizT>`o-6VL{
zOuVypHP!Gss$MU-k?uz)&jqfi4d{OI>Y$kih(uB<PaT1eG4wk;NG6Gt)H7-!4&SDm
z=w7y7uThKpedxF~BdDvvaTbs#CO*l**bxr87~0e~`KZ+%=!P25id=(Q>p1h7qO-26
zcO7>*C@(iR^-Pfj6vbM_Isy;HPN1MaJpo6r)#adZcE8s5j!tOFJjj>^Nu+1X5(SOP
z0s|*$=LNfM9xFF8WD+OI&k%Ygjh(<<sc&1nekdAmBSL)2FQ-Hz%8}OF1)tI_79&Ii
z9>Dn_L_tPRP~8sbkwhXHmtQQNVt0r`r&-Bhv}xG#4eslM5FyEQsw_^u=OZv{rt<>c
zfJB}ZT|4c4Bc7PEZ@uqs=ft@|6L>*}ys9bOc2DFr2I>s?*)l}d{KIu?8lru(0(e|c
zR?eYbb<J<qdDv_X@QzDd1=xql&fW@<_+0gHiMzpbb>m9d2ZmR`bdc>|ZmEOuCdhk<
zVLouT+E2XLD>g>!R8zjD=z`wpj=+gP`KccP4>JXR!!#~v5C8L)$_*yv`B9ve-#g#p
zlcmSWVwG#zJ1f?KE?=6RGihFFAl#bb05T*K&BrZU4MJPiF>YS+GnU*TP?(FurPnG8
zq|50!hJoBbwvl+FQ6nnk@%pvNE|(5G8vaAGj?2JpZ>JGh;Cc`U1vWezzrCQUVjo%9
z@L8hV_Jx&fXJbMt7sAFugNb?|iU`fCjQn?JP!#oZN}$<is8h!Z{CKTodz`CLL^7*a
zjtW}_&r`C{t>w9pxl3U%CsM%~#-RwD%lvoA(W#*XK78_g<xp5y=s3*MCkfR4Hh+Wl
z6(U;?7d4+PPUQon=L78cJ}?%d9i2e*;o);y)1YJ9{%F<&j#~NH3~?Fx4YI$djw{Tv
z(@F&Ig(BF1DHBTt2V0e85fDI$OysR^3mzISY?GT>N9(F8XnZBBcwJ%>rBTm&$7KU+
zk4|r+Os|WcR%5Xuk~earUB?zt4`O=1hV7cKrLxpwR#p)MpM}e?(Xp>SwK3gO+*kqR
z`l~8bIFG^+&bGL~MZp!dteXQ*y-N5%vRw(cTUhYnB)q~j1eOWZd-79LlE!HHuJcY)
znGtig+n@*4h$F1mK=@d{X3*>)9dm=hnYu{@HXyggr`+fI5e+jkO^u<rBXZZ*<YOUy
zu{_CKPK8R5me{OCgNB!tLR)EqQn)z)Xcn++O;=7WKs$p+^MXeVL*lA0M-Rnue<lCe
zHH{F!3OcuMG7_`q*@8Y@P^#f`3;xu;s)eP7NVfbvNA1yI;dtrT_l1Vo@JEbw|7T#M
z+~ltDfv5K~fUO{3z5rCWdNnwfTRfv1*)!?qik3DVEwPS{HJu`Yn`xDOlhc~?ie_J?
zrTCm^j12h*#wuq#^X5TuW7&3cFa;$T3*y=7V2(|)gjXczJQ_pq1L!W{TaV7@-m@PA
z)EP8yzxc?E@;$2DN-*|OeIG}Iss(CtHSclAIa&6mR7k__x;`5Q!Z}Bph=d*49|t}O
z`*PXN3w>8DEVfy+W&m+cyP;b#={GEb5N(JK>r4<%DH%XU$VA{n?ppxum{^tKVA<ot
zDJut-gdYlQIXcJ_Sz0(-M*0S0?0vEkjaxz4OT28Lu2SSx{u0DOE}B<<1K&XfHTc#~
zOo$zS_JMRZxTf1~dW)%7@ixH`2wb3a8Ad<p**wOM!VzkJQ)AaBK22(7@rbxMbjU}v
zWlk`5)){{Aj8ai?ZRAzmOjg!PgKwh{UX_HGAh+7a%ZIrD5Uq2$+^}7y|H~P0Lb6G$
zJ=B#qk#P>9HKSq@*u1A-7KO;>cYD{~xU)yJR3s7qS-6Cxu@I$L`VdocsZM@Xb#v!k
z+y2mb(MWi=&QAEFkE<*aPY+T9{kmlPPUb{_U>th?Oo1ZB9BR;gVcXN4^!{8~S!s?>
ze53P$R46LZdjRjX4`p3Z4UqHX_%Bu1g#C(^0d1oJpgBK+stu5o(jQD_wi^{L4-GYa
zB4+69IRZLHiqNF$K8GgL)B$YNhS_M0-x)unL_g2cv<fM1m!+Pbs(^iM4U(m7r@A_E
zUs7md_x3RVS4H$PVNR=^RW?hry(atZ)R~HPsl?LWty~8w6xhsa%k=>1*EdV2q|}n^
zL9@lQMaQj!r<dv{(9dfvs#fkX`&g=-Gxq3O#L*&{BNlGzIE$CRXVm^uv*=cEx+(Nf
zEjio1ORGc+OBuetOSjfKcUXaJe&sW^5pDg9O_r@I**5-Nr=%vrX#!%2!8??sbAvsb
z_O6y`#3h)*tnB<Hy9T}OQT?ykc|H4%b*-sOZ<hRRs-b5uO-C}Bk)CzwT0EVT9k=2l
zo51l)nFZwey{wxH$<yA4vlM$`t#{k-7SAf$?m5TaXM1M)(yBEfE&x=ke{zdn^()6z
z*j`Ls6~j^;H{3x;d8S&M9zRyIu0^+Qyzk>w_q8l^EY9{ix=mIjm!5Cp#le!YZi`&J
z7DthEzSCHOoodi!?ks}08T45N6id#tv@Uj;dU6NaMYD9UrHN{}s}N(Ou5q`0+mpaZ
zw{xDbfTUgY<HflO;{n6o^U0&-rCmDWc--cdwp{{NW6Jq;vAg);RnhETqZQMf%S>#v
zAd%f7$Mu)syr*(pt~-8>;lM=hv}0cp0T67oZBt)11x(T|b-iqB?tydf2vhHT+cOhe
z((Nk#d|pf4z0GzeOlS4rz9TkM@?4RaSQv3x<GRtFi>LYq6K-cyEp<)YHr;oEv%?|Q
zwWcp0mNSctt3w-a9|eij#kMM?nH9)Z$IcdZ!2RV}ftx@yVUW9q4z%`aUbz1z8S!it
z4*#;sx!im8Hu9x%Q6N$cYT5;tW5sRcD&s6YbDJdN`C8K5u2o)WLnun7eAYAR`(Rb+
zAgi)QnO}i8LInr1QSaw2O66-H7(iw`{n?~&l4@&G`pr<XzHiwqz8S8A>9>%}t;Hhd
z*bi6_9f{1#J9>EztAjW{>opj$IcK@$(YzPJ*c4rPeH32Zp*$GE+D~qRr?-xju;SGe
z9I`+0UUGSDIIDk8Y!83mKb|~Yb4F;)h`EQ07yy)nzzV0D{F^oaUex<T9DU(_c77`_
z>Py6(l--8*Egu&C5_Sk6Y7MPY6Hi>GyO^TTdRUHq?j?fMJzuVN4>!<#&Q%9E3Kl1o
zuYrnCzk7u4SidoTE*Q5IfK3XB4!59%eOE8DC6>8GO$8DLLtljhH*Yqg)vXXYwyMSi
z*hu&`X^YfY?yi2)%ky6*q&toBoUMhD4F00*bYsdVL<>G?tiHJh+Ap}&E`PCjj4#W8
z>d#iO6z}@sm0FuL0ipXj5Y!{Wqod4l;P0KCMY5fLZUi@oU_*9&T~pZQwT`dIG)%Zt
z-HKO6#rDi85RIQP(HQmg8dsor5ok{Bd~I9i267HkEmy&MGJr%(TFUf3!UEzRCB2jQ
z%Y(#{f(2@gKVC!egN_Am52dl(u#%B@UE`+Y4-D9)1s~Yo>G_^R$Kxzd==tmg_sW`!
zh-7~%^ig90Q#wnhF}?lbD|Q5&B@pLI)rPz+1!a45;`7a0W`gOKtI37xImKY@$J)51
zY#Xz}`R*j`_|-+R3+(MSi@vF{=N|E^BEaH&wRg6H-j6m$r(W|snPTquzFsDCUG@l^
z9om?Mf+|(188z+EMAsL7c{%LFTx5Ry1`GLz-Jn(;c>w^3E4n@8WRkr84xn%mMrpq;
zllTId_tHkuh85F&R7et?;!gZ@YBz?9pFdjE8L^JIL`tqzHQ)?q+%raBfJhbdgMk37
z7+v0(uB0&jGy&A>Fv2;YM=&tcL(bzvo36)-XFgA>F5?hC&n7IEF(cP41q#E&!fi9-
z5{PhTI6hys-))JJtDgex2RunnrRAj--tD3}g{>%w(0dS)ed3JNDmzwf2ja40%@wEF
zkr%~RopSq+g@W@U5g`s+jM60!Kd0*WZ2VNY!-h__sTpWHJC~=yPbyhke8!BWszck8
zElVSoMD}G7MAx|q<EIhq_h^U7L#in*u~9WJx;l3j>+f&n`X*Z+?<3LA^=t%1{cyYN
zd5{z-7n@yHJe;0NdF_%yYrG367`UE_vgNAJ7j{AcceIoxKs|y{gPkz<F{9BeT163(
zL_^!3Xb}P__$IO)_8j#QK*9`Ky{T<{7u{sb@yO>esiF*5oW4|Hvec^o|IzgpP*rVh
zxG>$ZX^;*<r6i=g6$urQ?vU>8?nXiyML=ngj!id6NOyO4-igO^{_ox~{xKXnELeN3
zHRpWa=Y3*3w6Zma`HEm^sF>k~$~a^4jlAjXE3VBuItRwtn~QH9u}i5g_gy1=6#MnN
zQk&;px8E$#30b&k_$zjenSb<tO8g#trhIuDwRu!{*BIDv0b;YRm1{%;oG$v8oY>q~
zQrJa1`S*wf^>vG@ycD@Bu$Pok5X&n(h&yG<MXv=VnJ*TXOHsOAymxzjFNM?))Sj=F
z;s4vs{Q)olt+#r7;if7xzf;47OpI+j$I=oq7C<$3y^t2;OQZ!jr;kt;R#!be-13KV
z@kyQ^n3M-@)_Ia(?&^?#3HO#ib`HTR91P8C|Cy(mT!kH)in7CY9l`A~Jbd<Jx}fYz
z@mnm1X_ke!{W&oFe^sdV^ELTFr|rQ)vy=|Eeh0?#9O`LMuX^>nT40N7I8mZIT<c)w
za=lv>p}0SyApC;xsMcw}h*17}H*k}*^mnyxMMo#-$_3Fo>_&aW$B;tlD2gLsSpMBG
z<U2@uCZfIJzdad2kAOx0hZ=3o?eqJ`_@=+mJIbZR6Xj9)z1^yFf6Ep7J{O_SRrl#R
zgpozn^q*58S+$hOVicFY4uy|Q9d>o3-Vk^iZYBjQmiBQ;!zFQu^&ywO&k0=xH7-i<
zLMXl%1xhegi(eOJm^{kGY{J{~>>zfm`~}w5RKMOK+f^lKoYJdy2mS~MCTR8ap7y<2
zoU8P$o%EkTZJ|La(s99DUmzq(*m3-BZIW9X+RhgITc;2!n-?WWhZoDYbyNvuONV-|
zsp=j=>G1m1D|S6rMqghMv|SO6>hIp9Z`#DYOTZKyCC0k1%$t9Ru5b`!$VIeses#Dj
zJW6<9TcM<Ag#5k@rI|n@A)5&yKIc6<i%LIirx)=R@tO*T=tP-Aif;V7N7Xg~A8}5R
zr2WgbDhc<jbPpjcvTv-S_;u~3Zi0jmy>jy~4xi6UQ)bFpccbg7m(n^^no#vfJju5?
zygsScB3Mq~d8v6uBdCEdUVuVWUfC}LPfdAL>Ecb$5p|ptfz0Ssf)LCz;J8#zuJ5Ka
z;j}5ap8vBo-FBq#oETO+d#nmTdPig1tUdhuw+eH&3;G;^%`arHOAF3434Wq9s<(SU
z27O3-s`OFC$_>cFtefl95uJI0j-bdaE{u69zd}iv)$Ilpyl5Nl=VbyfXBTQePQ1_4
zY0Lgd)CMsAtbQ(?dLl-(K9z~`Ch}42WyGesQ&Mh{#+O&>@WySTLKm2#8z_mL7ZHoZ
z9f;LXOx6yZ8QJLzo}hVxse1iR7JWJFG2S<Xo<tB48m|*<xFd1x#PREnl@)d=mEf{p
zo+p$ujK%ZSF-U9}g<bbSmM`UB#fu}KcXN@iqe@2J2%cz(H;~2@hs(;U)R~6Jnkkq3
zE^E>?&i_Xvv^SgUl@U97EdJgY_k+c<>-DVDeD~Ab)a>!rS99B6emv{$`Fk#l#6zGS
zu<5+b8{$8d3pLcuW~NzH%f$9|WBVTYtQSq$?SEv9a7#}0ZCd7Sk2ur+x&0#KjNZTW
zF5OKvZZSr#&&f=wm<Ac^u`MQh_}Aq30|+H|zAq9FGa8Fo4J!M1aie0rdr?oeX0;o>
z-wYN!t*ifDpcRh?&8Zce%$C|mphcd$OmT8upA9}rkotCoJnTpqLW=Hgx=zcEe;mVT
z`L;xaR|g7XWh(GQG6`U&b5JHW^u&_bAyCvGd*}EH(TRD(V56rv=Y=Q&sMX^l*|ZW&
zDQKGR@9O%}3yXe^6?1o%Q1$%7yc2<QVOU7tHk#WWz^8+F0ZNO{bL50R#~+dvG|%9g
zKXXe+ps1MpCZRUZaq2eXB@FGbF<pp<SBW#%is~Sbr$~m;e?GpzhNDE7aTc`?WQQ;u
zb}jK8wbvNBDJQcRWTKfwV{gGw6Bg_(lKGo7!n$NKL;Ra_7|JR;Aw(_)b%!JRAGxP=
zrwvuj-!D=~IHZ@|nFTSAtf3Qq+a9wJ_|DW;-ol$wB^PGp_5+og(AR-7<=rC`9GvK=
zRg|h6NctkN(84|`Re`v5Le!aPFjAQ1St`N4?mRbUn+F#~BiIibF-f`IqG%P2OZ0@*
zSsFc}s2kT+YO6f|St*dlLXCzF6ar-7yWpF<b?t8ry9y?Zq}&#S)%QPlkw2K{ZaQl=
z+I~umS~cp#?Z9bEZoJ(l5uUsrU9%Xt+}zjkqP>2P5mai@(TLOO!o;bj{E-{ZzwBaS
z`C=?15ob>q{#1(MLUV~sD37vZ@bl062oH59YadeGh_#3)I~|NtrZ%@V?rmae;%Ssh
ztO=<{6%HwCuJhjsC(>>X>eR~})2dh@84vm$HPne8N)=-nr~m0tfUYL>Tbubfp+T#)
zRi6kPq9}}+b=sh?^i=9ZHdUxT2^|Cn&dI6neTUa++M%`IsW=jDFdb}U$*&C~ueW$=
zS}Y2?MOkp$NCdx`KUr-6xuy$>-?H;BIPN+W=PqAwWX=IA^W`jbdPvDq6%aUV&eW9S
zT!AFcLDG4;C9l7b4ulidNt4^Jh>JEBcsrKRkTYH!O6m^sM_p62Htw?-yPGe&XR^bk
z^)g$jC*+2w-eaxC2ko=%TvL?0Tzk@L>FFI9UVaPu$zj};ui@2sQ(AVp8jrPZE%1vs
zWv;_vZ(9Fuc>0((r+ZgL-erkc>-A@Tt1N+ubDNrloATedE|_-r?3;<&tG!l@i4o7}
zPY7^m(u9S065pv-dZt(0U30SD?y5&x%{8v4Ih0JFssAYS9fvNrb9<!_&fiHCyX3<k
ziQc3RJNF2w$%Jw~=pu$Bp~tw4+Fc<<TKX3M^1kFzl8iNY=Zo7>VYxUk5F!PhVT#N5
z`69sKK{+mt`O`iv^SxS#7m$V9qyCkr>tSLe#&KzQwBG?A;%3_Mxs41~Gjz#R>0`qq
zfMqq1SWn)Hd{&#8_(q6bK!uIxeYDz3%BCfc{SMB7V`=}*HaSonhv6JHzu5Cf#S34>
zO-W=19Ih(()n2=QZu_Aej2QgCtOXQgSd{_wl8>c*$yHFZ7##FH$oXaHdCMD$;|Icn
zk25{g#9iQAXj=X+0o9VhI~k2~x3(csLt9wh8Hi9y---$}S<O_77H|gb2ET(l7=HId
z>cw(5y*y6IB%+LW;>ItX&Jb@_PMJk{%x$+g28DzNwY>r6wku>mf{b^#y3--SxR6SP
zI(@dv=D7_t*L<>U7$o_T2)S23xcXF2$h~~YHWZD74bZNcN|%F_e>r#ms<CLmM-mJ@
zrIAa%`~!hdhS*{J*DF;g|50dduTg}C){<a83CMgi^np#W8@D~IU4(JM-<csgZ@UcR
zVeZ7&zWke)v&ZIGmU$^VX1K~qy9Pi<WvVTHZcl<Q+{J-U+$xY3pVv+cg7B0aAU_6a
z$|iU}fsa5(0}F*eCK->Sa<P_$hTQK$^$%~~y?e~dJK5&8p62vbEC6k7M%}7m6=b_o
zod10_{=NRcEN5>Z^z&Yi;h_wdw!$u3`*)S}B0QJ28G^4<ks?2~SXK$WWN~~6zgaf<
zn7rBap%Ki0$#teaf0K%GfwjHs?Iwlp@5&o;YP%(ea{OJna7z$zF`Zz4Q3t4Z>eoYw
zSc{C@N!`w=C(5&4eR}5jE_Hg&Z{}Ze3ng4V+bL{|=KocE2BX2@?@LN@m&X2kMNtSm
zav_~sQHm+E$1~hwm<E+^#1?*Ki4XrY`!ETfoX=>rc9W-V2Z=Gldu3PG+8Oub{<&Jw
z4478Y2SUUqP|eT+e~;YxdU@en`_1{LrukzRL7y^3qmnFz458utcMMi1ofK}bzbRzw
z%~FD?1E<L_uwt8;0KBooz-p^`A-ihOR~|h$k5~oplsF&iZ31OEH!8*xkYv+UcMqOY
zuPkfB%B=KkaqZT#{ksy~))gS=J=((t(~GGJljYf_^>jCb$uh&aTNz9H?J>Ec`lB8h
z!sdGLY|w&5z}<|ew?aevC{s%Of8C9LZxvV^Ei~2>^&zdup99)6R{u%?U{DdLbk?2%
z8oM_{0Z|TSIoNJ4(}qp24aLCFup6WoQ1LtMg{zPZgi{k@aAjITvcXH$OXs6YMOF?=
zQ$^`@Gqgu>y36^@eze=2EC~qd3sg#JHsXPeyF+F5LvBTe*WILBUuCZwv=ml%wQAmz
z5yD0TBvrG{(oApL>@dZ=c&9C+rkSWX?bC&i`#5%=9s}jlj`_OV>DH&+8z96tX!b>%
zjFdD*rXVAcff69_0FaLqS8RY<jeUWPMa?zz^sk=gPw(;nePCGJE>>8Uq_sq{k^h8*
z5~(os&%md(=_}QOS+6UdYkf1`2q@NsDrtClc*jZ!<(2~$21|@;$Nj`}_bns^t4%t`
zCl)`fJaBPuWHo<r8M~!TKbhw)1lz1(t64S&J`k_fxG8zMSeRAz9aS%@R|(J?+vB28
zK8Oo&$sftzd;J#c9XHH(NV5J~U7(;s{{Q!Qtnm(*d~B$hW;Bv1|A!&sEsLTEzZDy)
z^CH_vL`o{K>hpwSXoI_?>0Gch7dr=s2X;Wkeu1nf`%z(3=au^aZ&upCQS{i;DLYGA
z<Xl6so%K(0nYC2H;6x;X1Im@Lk;$Bvtku<}QNGt$bykbE<9p(^3kzOGrkWVh@BdNz
z1jE2OhkO6r`#K!*maE$%afLRajrNzV(aXQP>feR+Z(;S{Z(SIm4%_t{`k}tGiokJc
zx%T(?lDena!9&zuC#Ba8w@a1ftU*UO$=vaBM?@TmgZk{D;*%oaQU*<9Y5_J1IpRTB
za~{>70vJ`is2@LmJe~hwy8xDIIXQa8F|bdQ-5x7!c++^b#mH;D;5{h}<e>I@Gpdd|
z6N`cw(;YvG8%?KlmS2G7XZZ+rPLfEI4iG>%I~VSV_8etDJu^J3vY4i4NO#V*`4R^I
zu=d8zc<t6?K>hn#<EF~v+Hv1ep7g=^38YIoE2yr`!AD{S!!o>1q5=bR2eSVAHDJuf
z0@6MPypUeMgo~lc9IT(s?Fm)Vr;RJV9)-g($*l|Qp7S6%8oD?w`#7n^n?#|t>MC)-
z_U_Mf_X);1NIH~{uVj9^@_pcU&d2P!B2^qS9*#&|IQJ&{K>kFzzmEU~=!R&0KPCUS
zP#^ZrD40Z{*>Q$9Dzx>)gCcO2k735YTTE4S8*Q@0*RIiDsa1T85pg$a1!~pZZ#Ka0
zQk7$0sLi(As2|s?n}wNKPOZ{>^WjDTxnTLHPwMU{NNI~e)_S^^jn!!Rv4P>%T*Q8z
z6$&>uQ)6cc0!-*%y?q;tv!Y793Q+Sh)H5BQ!O64J?eX<|3!t;barZ@a#+t~MM9&BG
zq31((5qL88$!2;|R6wM%@R*MiYD2SNH~4(AO88x1Q~BFa0%n@?dF2n^m7d|KVYC0E
zU=~rrgUYpkceq~t!phYZnYL*=9^vqq&4*F-&1}AnwoAD7d0)d)BR|SN#}5@6iuE25
zVjBMY_a_3s?9bgXu%915+s5VIDESx}{ynLnj}b~5gQJT1MG}=*-Cp!b1RT%rC{`yL
z!;y)(NOd3}O2c?Xjf{-6(l3<j@p~~_*S1NL&6r)Hm$ZGTceW{|5uUHO8=hRQsrmHt
zaK|Zg8+Qv%c@bmaOo!A^1(tGVlW$)%&E`#z%zTO(WANg~;*l5DJV*KzbPz7MtGKg!
zq9^7#ZT3>&(~DCEp2J1Yzd76v-z{Tc7N^+%E%WNrYsG*%{;f~*XV3p?Bk~YJWy<Ld
zbJhzTRyW@;u4H&Q$%cJf73=3@+H7^-$4}s6i~C3gt&!tA!QGbmvkVvLAK01s+$xE_
z)ZWO#t399Mz+5}9KSHs2G&SdMJ>gx4A`)I=JV@cgD5ebpdcNluVp43|-kF&k@Mj?O
zL6&%W7zF7Vb>JZRtCH3MP1`OwJ<XwMBe9xPuo+e(Z@6<yFie2XI(RA-PHdg)NK6nu
z<ODLG+*Ix!Ox8+HC11gG5W#K^oDH>;KL*K#@ibbT%LP^PN_s6M5S`Wh?o>^;YT_BR
zNkPz%d{EBu1&z_#P%qexP$l0ge784G0eR{qB$nS*Kf;IP|MT#U6sTxvWxu~?d0O~6
z;nO7gTTPmU<rmNH1t0A{t$~p4(|YeR{MqTd7-1VzK7Y^)r%dwhT=1>yB%p|d&i<-*
zISvmlHtPSpri)BLwYr)mt%D1y)qggrQdy`L2erI+uZV_v>*{A#$NW;mQb}*K=+fUA
zrPH4Y7?rz7j8k#!;p-fCpMiY<mG4fP(!)SvhD+3v#mPdzomIW^b*iPw^iMN}49}~4
z?jBIKeg$yR+--x~xocG^+s9v2HNX+7oZN1Ys<7#}IugiO`$+`9S_Gqd-JX6ZR>5`H
z{gvehm3s~+5ij4IW~FPK;Zd1cY);JYSRionOWg51Zy%(XD0W1Ut_uno^(AFq^8$&z
zywIhA)ogw8#pDJs9}A}toElW603A~BW4J#zG<LNSUiIxa&JsI45?Nuo%7BNevqd!1
zK3`(8k%N{@HGmqMTT`(07n#u;Z-ggzfGNxr`lm9bqDMKHBEg&8sFkYr(h!AKxt&`k
z3%XTacKFe&2tfVF{;j^Le4q$a&htOb5}C9cXH<yzHowMw1^G}uc!x}=ZTPSQB>La^
z^{d%RDk?!DT&8+8h*Zj4rqKhh<}v;}2}w4W@hq3c)QSM}_1SK(qtNur*?h$;-_h^y
zd(TUpD94`~-_7CSOj)B%>ZTDIs>5nqO1AtiDrW{y1tZA-{GZ7wqgh<!*Y+!P{{AIW
z*p1Ep!1@gdFTzG9^8oc=n9P>4Ex>z_Lw<%@0;>K?BM8G~<{wvq;FoaKLe2$-)mbhj
z?u&u0C0Ik!Fz`X;CmY+`V@ZGRLgoRA_3(S=9sL@E^C(6YG}F2Ins^X4I#!^nUqFsf
z77XcaXs`TRNQii%h?IQDc}4Ibg{Na+SZ4_HRam}z`l^{jH{_BI`l8F-SHBF7KKcXt
za<xLJQWvw;eC^fV^%!GSV)4-u+61@N&bqRvyvYvRD6`^a&8*v1WxvyWqM_FIqddz>
z%(Lk#Cb!fFacrqH6$^rUJ!No%PcPv=-(BJ}OmTV)Jz3r5yLzHJkKTm8e;f$LE-{Ob
znrd9N$RZ+b0)oiEMx6+}ib%Ib52ww{fg8skw}h267>W()wBLdpZx(Cy=iE}BM$$vb
zk7vJZ_tVlrwBSliu^7F$0Hww`zzmYsjFwLDquDg|T`&?3$<p+~Ol2pWN2?t3(FxJQ
znqd4wig4Rj$<!WeW+89~SmUhbnGQ9hpE3?`T<uL9Ou*bi`{BXmoj-!6o&Ppx=jnr9
z@PZclG+mfolrjn(mNEj0AV@*{ulz0&vH*t?B<6{#19)$7+ODsq|Eya`6hd_^K~%#4
zmobB4#m6_zK>#QCdmN0RTF*WibE{sM>MT{VE>Mk4LDg`YbzpbcQnDh*RmfoJBzH>v
zQz$^&ufVa_FN9zL)QATi7NdDFeW|=7bs0oItYtW@7eq(|oJ+VH_NBCDdak~;-}zw+
zJ-NL)Jx&L#z0_3D0L*!;Bl)|5K@)e8i4B>BLv3EWtp4#@Kb~3tKvf|ggFJ8msC6!X
zh_^HZ{NlOWJiI<PvjI%pCn9j}oW$%q7b+ynYR+Bo|7ns*VYLL73p*#Z{--GPnV`y)
z+U2wsq9kqTR{pz>|9Nm1xCebs9#OU#2upD=5~d|e#(qC5jn8ccT;?b`x!cSQd*W><
zdPcYqd@m%PU94FZZeKF8GBY#lsKeK!40d&OB@h}0v~*~byQCuMrNMmoBDTF)4LKkQ
zo2fv+o08GpN}~5heKaRw{TVlM6RF$=yndn(=)6BwHXGW*yF*63kSwbc<R!rKM23nL
zp<o;9IxVpx{LkKchkD?;lYu$-zt=0l0b8UlZMR>#w@AOhXlkdH;8!;(vMuK`kd@x3
z2elp-oVmO#JLsp}EhW5gAH1X(+)b{ra-YAcR)Dj4De~J*BLb~(eOU}xbwrAj(!D0X
zMgWB#_48Zx?@IX-R!r*PAcWAtHqzqIJ&~gIseY`3;5OxY^Ye)s=TP6{k|+L>*$9nj
z<W<YQn1iG~1qH3KG0D`Mn?Ze~y^gw^RfwbYpIRoshdh+>#^(Hg9z!q(oJMVAIhL^<
zJWif^Rgw8j^$@8ccpYk$w`07azM52TNC&`S(3e6u7-BY7usIvl&R0G8lNxN*VD~e1
zin=NSHIc{<2k@6eFG_BVj&lF?0<e$6GSfcY`pse1Ep2GO0tN062IqUTck+}DWDY+E
zYfC$jh^ie6`?=XQP>a>82HczhyKr(U)IHU_9w*A2N(c-?p+gAHAwr*DYDKmMd9$)g
z5GNumg~QO>Ja~*T7FCPw0q0<!5S{<FZdlv{X{f%*ehJRbV}`^}D`kfEb=9gEJw1I#
zDkndCVC|~D-EaD0{PUGdR6-QQ^nB5@@eJ<oZewfRqJR;}2arT(Fz}|&iIbb+AD-%e
ztyZuyTuE=s3*V2sg5#qpYaSXS1O+mSc*Gn=uPa|YP+iM(ntjbXZ+5}Cp#fIYj-bcY
zW^V6FcU;4D8ov{vyE!qh?bjKnd5?#~Z?QE<7UUL2@>ybYT1+W{#2N!f;8XVWp__d0
zNgR>(n0K7EI0AX46b=Hp@Xq-&s!k|7RF)?UFsUGII@SHCd#-?`@j_1(xN|spooozE
zPB<%A`yt3cg<%_nj&XM>6`mU}i9y$E2o^9!pTqmwfCV+j4uu!{bHA){Gv_*9`b~pZ
zgUXwm5cCaCKQVrYWq<k7R%Sk_jizg@|N60byL1p9?&IE@L+FgUrj4;tk8Ya2!8c0$
z_ZKcyrUFI3-4qYJaJ_k0*{DTvPjfymwTH=0mc4u{>81U^y#>#y_snAYv8I=}eQ$H=
zzpe@3TR!}NkRk|dBbE*kR{H+C(Shv_D(fA~#2R{I2~IiIChMd~grxxQpEo$HyN3M#
zK{Q8FFv{mtRNu84J}W)RpfPbf?*Tp`t2!|fPnC;O@qcKD7an|y_t$IB32xl|$Q)>>
z3Ok?W7hCES1(LW}g3fjhgD*Kjw@3v`(6P18_^!Rgnz~Hdi!ueT>eVFsOQ|R7LXTA|
z%_r%nopw0$cC5l?9(H0X2yA08UNF|+f1Nhi2-=Wfr!GPwJi~95bu?eFQY$H#WD%Qp
z?;^h4{yeVj7D~Xlwja;CS3o**zGOHi0;_!5LQwK;&0O2kFzAPd*Jb8yGZI6U&d75L
zRD3j_`r8`D_-C~Zif9)a6XMm*6X-HpEW<K>Vc1MxRvg$N7)WlqVM=$+qtvW6sd2&e
z)_t-hj!V%d%smJ(Ji;cvT?udgo*56<O9QyvjGDC-qXnvR_LWb~l#4&Xhe+lq71qYS
zE%K$yTYZkeao^?}@42Iaf80s)_?3)r=yhl!GegdIWp22}TXn8iSCPB;N0MJVlT0{q
zp;m~n^B1=}uV!iMen(h_q8a@7Q2fkr^!;hzDe0=BRNx0H(uiGywErH{|6Gay!pD9#
z0kUM-uc$hjKY?$pDA5RDD1gd|W@h!<w{NZ^oMvOM!JBVzR$6p@KJVq$P$H@`4n~^A
zSi19#9_+>gWL9d`X}4gQS%2L~Do<42xLy)ft5m4=BKO@I@yxYaVohG}gY)t0WOmPG
z0Dcbb*VLzbbJxy$-Ott)Ra!5$2pGaT)xR(sJNX74ZgQi2U3*<dBIZY8KF6IW3zV-v
z&egj-A0h_wVJak)ha!vCJPNCZLBjb#|3WPuC<A7&UyTRT*Jw;BeXmIEAOX$DH^A7u
z4_RpXnC97WVzFT44Fd=j_P9EU0WGxFfZ+K|$(mKKO(@YW+chRqb0z9&yW~BvI!^#V
zm=d4Up84?9O^kx&Yl|9QkCdRHE9*j#AF#G`1u~#f=^yzVNlad!?<dynH%^~yf+?`&
z91}`BeQudc_``}p3-w;VQdP_;B?B)qH!f7*F>g)5Xujq<$K9F7DNbKsg_ypelMHZ1
z<(uaVCz3wFd!8gr4>_e)#(A2Mnw?=A+h`WFqh2?qvNqEF2Fm0di?9?SBIYaot4iF<
z$;8CO)k;PD5oaF559Q(*Kje{yu!zHsfL-8bff5O`e%NfI$MnA^`bSV-4SIY@e!fjX
z0SEeKwwBU^6-Rp(P^WyTydh%MVp2v3{;3%}Pyi{?YY(MoNmr%)vsJz@UFo+6+R@=G
zapZkZEp7_89k%99ZEu)g3CK3oTku0VqW+kqTwVFO>7Vzr_nPiKn>z!it(r7JkSTdx
zO74D{VQ&v`s*ca)41W!_6-tDQuYHEM;pp`7dm#0zOaORAO7$7DX8U|c6P*O5q9G`E
z*TjsOc@SR3CE9gix3st%uO)}MS077jW^x5VEp9FjZCf$99}pA3LnD;(<^~4aBP_Y^
z8$?c}ZyypJUA7CW3|6{g=$}b=Jox-fTh{egz+Pts0-MGjkaIv#Q37cZJ;Aw3YH3j1
z<PiK9>k^?u)hT+bT<G~b|D7zC)f7$2+mWy4ao=K<z9e+MQn73i^!mhK;49o;Cvh1X
z>uzrMR4YI93eqo$u))eo!Qey807I>Pl_g$g`}>hyu~L&3c_RY;vd6&M|87aqBIbDB
z8$HJ@Z_TUX3d00oBfoTU7@-b{K*tFRMrHwPhA%@}e|od_g`i-ANXmvf_k1nUN5dnP
zq~fY3od~SeQer6vpACAbtX<bFku+T61~Ic@ig@+eK`S;XqdUPfrROX*77F5h$T*~J
z#*H+5j56iE!aLVt#v@AtN988wyl2ztosALtO%`M;hRc`f<u>N7>Q3u6=F2=v=OFX7
zwA2(Ct7^tJY{q^>PRe5*n7H!pR*V<`pKJP}e(cpNPetU{B2=Sw01mD<bsoj@tpg~n
zqT~LY#f2(XrI5^aab&RH#hE~*t^;dsw`8V!G*X5LtP8T<=V_PtC>|6p%DN~kU=IJ=
zZ~ebL2%LUvZ$WUnQm@;yx#?<ENAjNdc>T|>hQ5BCVctUw!AQ8q4JG(ghM6MMZTkD^
z5_&A@mv&0nzWGyzr)J|8ire$ZU$thZj3W0nyd#94{lAVZBKEjYJ9IVquz^N9g~BL-
zJ6nYS6+B#P2$WAAbOmJ6V$*FLnt>Y(kO8)sI4<fd)KWw?V6@{rl+|O)y32DFMoG?%
z04d7(`jz;&OxZsGnWK6_JQ(r(Wr_cXGJ}`2=B;en?NtOp&15V`-o-8}KJ|w_&X|T&
z%tvDB;N<3VnW~S*qD(4mM|PQTPivi&e*{XjX9wg_?z(5c69THaSmVR$V^5k{UoTDZ
zbit3ov(_JoJ^fIWdIQ*GwmnaCdBSj#eg+WlhcXsLcgHcvf;!M}f39JT8MdSpc2}ZK
z5m{y5Z7tdOp&S0jL?+EUQPnJT(!#r<KdlY|*YlO~V@nH+mow8B$}MO4M!o^Ec1oGK
z)<vZSFbIs=nW=gADv`zFNL1YqGhq|B$;r)oqY91f77I36Ompc6&@!w6LU<qt%fbd}
zz1*8GQkd_wSKzTe+JQh#-$KIW|K9L69N0b+)3LlFOFO5Y0r<^lb7u6YN#dfC_ygW9
zMG2pjs<I3=$sT)56E?JleQ^qJ>5g@2=Y*X(T4*$wy}}&M^wi8({ux>@U&8inx~~I#
z-IWY){baiPWPHU}^?AI&?)I1)%WM5Pa`U56n@(~D&<qXQFh3jpgF@ExOlOM1yR5`W
zmlfg#eC8hckKhZ60f}^x>cm_cZT$p@0>VN4O`L*I_Yll$PaY=KGCJYzqfbbK9lDC0
zNCJ2nZ2Ez-1T*4`mvxxWQ_F!ms*aH%%|7-4C#bszTRmF3F)}GAYStX?!#EF2t3c9W
zQ+E~#^w=3eV0|B;BQ9JS@8AT=J6(P-dQ0g6o-eN?<~7^Qw&!6xkrX9PWZxorv=4&D
zOBl0>q5_o@rDveUP7jbJXMO{r`VK4`!X7$Eqf*<pU>qYHyzC!fn(@0jAVAm^Wfbg@
z4DiTU@!+f#Qtt)sYxLk<@wM4SgC&x%dLS7BG@utGL9YUBNgV%v{fNc^0CE^0p+E~S
z6^KRt3?LR<Vr)qz9-BFd27O6v^b|Kklx{nvlRZAs<{;^Xen0<R?jv2Dhn#^9Qmc3n
z**#v@g;rHPD0rS~6A@OKMFB47C-gf7OTtG|!q?PvH>-)-Ujg3rEfo}&B#Bj!FU`*u
z!69HVCE$Kx-MrpTq>W!a*1p8T;{K6Q2$JIg#!bF2MF-Ob<>sF3gDRS92@0x?ZjfqV
z-qUejST$#=v4us-^}6x)Or6%!ZvtGh<q;GfI|-fl$`G7JM<A;j?LzN9oMYhm5)Wfu
zD<Y*>%?B+PNuj$7{mFWla-1Pem(@?~fV?rXXAWaGA*!|Ug(1WJExml|$15a<nzhen
zuQh+|Z+N95+r54Ty#bNriH#saLNe*0eF66?h0F7x8Chy$yw1t02DH;TABwdCIpXh#
zG^~B{S*Ke6RLPA9*_+K7R<kwQNeDcGtgo*YpYStomw?%l<hqKa!EvN!?9A6>x~*Q?
zk|d&-%wwM5i=Htvx_rLGo{6;3DjJ%%_#BUYKGJ(%W7ZQR;ApoZU5Ulb3FmxsWeStF
zt5b1;Ec}dHrm9ECHj$9a5YkL{UP6V3Vf~>O(N+7tMGbkZeTVN&^^-+d{IORHr%QyV
zcis-4X5c73>oOymu`;Aui&+l2r2kL-4(zP5mt(BxP@h{7;dzUu0LSgI_7^AGFJ`vg
z?=IKpP_#WxKWVsb=FEARFJIPUI!E4tJ2S0$Om-V9%W}Av;c+&}ZZb@_?`cW;U;#T`
zPO&uSFs^w7(qpdVkd}qfiC9k3wQFp1MuEE@m_K^!rXMbMx?zI|-X`eYu5|{w1rj`J
z8~h))j#be5yFes6j~-L>K<96S?{D<mR3?H%EV`npkHEgy%e$VcU(nM`L(UScVt)fj
zvN^h~fm-c65*`qDU08hI3J@Fr3XB8$X=snqLEnW_DT+A%MH-uy*dK~T#0yj%)K<ST
zMcJJXba=%jO{*_j^rk^cSQf!W<_Ck};G>B3{o1PWQi{TLgW3**$XX+simbJrfJjv%
zkJ{hQPyl5Uf@~46brZoo_dKkuq##Ig2!Jr1Oy6j{RAyQO@O}B)+&~+-I{HrG^fOhU
z^*$(#iBNDs_=9PiAEb&|r34zhL#4>SmZTq^hhwD%jJ1dJW)2Bqh{YFB#%rzX(6g5A
z@6Lsfxw!npRGv$zA4b&bloE#3X?tGg;BeDuulQhVQ0m(}#P%ct=iou$4-<fL_;XzA
z`0Nc=w6x=|!4jC@m$Oz)w?@ucQBZWTSHXPE7^mLW!|XvSIJbz+nY*;XH@}D=F22GO
z-cP4cwtW|{OIN^(HlA2B&}7TyJ0kuUlaq%TIo?QeTAfR{2=hs#dDT2@cZsk1Q;nJE
z!w>3q`#lKTVY+0&Dm^|U{mY-*-FxlmG}`IRiSu+2Lj>!=Qm=d1NkG3VZK;ypPs94L
zkw86#YHh+e<@U?rG%8yd{VYJNekJ6TumF`=twQD?_Ay0~jvzW~l3qWZMixM**K+z@
zuXH+1$Y~VsRAjGDMidaS<B9((5FRS(WD)#+C-h|eFa{q19H^a#vG)s6;}TZ&N&Uv_
z#zT+e^359$@y-Q|#!LP|UD7~bb7;fkvHlyxZIWMe>Mbxh09p`9Lftq`1`La&ju^nO
zP()0AL_~!0eJ21(j~O)ZDt^B(;rJ0yep79^-ky%Hf>-Wb87JX{YD&x-mxAW`la*44
zDXRvERp&&{vhEKpG3tNxB`+vhy?P{IqZkyb^jI1dGz$^N!3XBvDj2UE0pGC@3l@&2
zx<xXLO0PA50H{T|{C*1{sI>Y)Fs=Aok0|=;vl}1`OId6P!N9?I7JN%q<8+sArBcBa
zig(NXh)L4{#Gq_OS()=V*VK0ycy_ysNNf>kSoZ+YC$MOmZiU-YyGlS2NwZrYyxq+b
zhzgo9_uQ$I{9thCU3E19BV&(aQ^y2Ch_35^eW}kzwA*2$f-WJV-V9R!rQGuLf<0|l
z$As)R>rqMsaOuF3w(tkTQXBZc=l}!Jlo1ty4jz%@2_aCa_aE{(Y$e_KNw$z$RyVJN
z-TCtB1AX5MArukn6F);?elGLmo4=$fpBtQo69KQ8nYiz^tD$R)m(Bj!ZyQY`;P6I7
z=~U`9LgVu^-eZ|-C@{M3k>D1D^r9>@>UKt^y=`>oeOi2OI$ddj{iCGaus<Sh3rq(X
z$oq|us9>xxRlHh|v-#?oLS7_NdR{d5$y(2mlyJqz#ON+fpHi;72s~+#jaAw9&Ji^B
z4$~?yT*Z$@+Lp)*;?OQYU3AVQq5^jD`dU5A+Kuj&6*56TX;p|NJW2usklzIxH}Fl=
zQc)}|NWMpClPuYGGU_~}Jd#R_iHgIaNKGc<7`^u8$kZTX1*ZDPCHdG%&FX#}6Uf$i
zb(k_yL7FO6_G|jvzRP!8VfHF`ZBySk6nas1rCgmip~$y7suM?-e}!?op!GjxEeSpw
zE4@P$7s-{ypj&tbm$Xc%1oepKxIi0vUUf!fUA&lj%)h=Ovz(G>rP}C%Tq}I^0eRg<
z+cGZ${2LgL^E4Z~X{osZHvxvA)Zwd2L2kAzD~d)YkHH{2;bI4L<H^1-1b0+}dxGoq
zRZmL<05|1szj{MXh0&V*8w{om2&=7|p)F+o7S4DiMS5wldqz0cI0413Os_2;utvmA
zYOPki&;96@&Yh9uW`vTZJSf`^kOkeWz7A0>l(Qw&renoQ@rA&4ehtpjyfHvi)+d0p
zh%;#|@l;Yrm%E5cAk80@d<>FQ4DP2Q(*RvPPIL1VmBwJp5qV_uEi>Ga^yNq49trh>
zW|w$aAAPFvXJ;*uh;I-^kzon%Al7W{G|vkrvn;^j|6&!2MnO+)Ep6W0{uRllBq^l5
z9gNM1ODWo-OVonH9&e#CdM|h{*ECFG%DPmNjdqR=%G3NBS8)z38A=DbZOOZx^1<+*
zLQK|vs8?7Xfmhk-*6m^X5S*#wE_90y|Ms&V-AVTkWvn-D@Yyy4e`yJdjw{7#Tycxo
zhptt<0q+_>vV6&BrOKFNI`)Z%uQR0jR8YF^P0-tCj|8ga)^(C6iN25xRlkI@QGhu|
zovzxCM>A!%TOZIg8lXH^%zgxuSeadWt#Vlcfs#Q<s4QF6P{yoM*Gr@V6G?S*u(#O`
zQh)vU!1@sE!+i;WNMkK%n`|n|L5nvLNz6DXq0F`1+olL27ZH^aoY}q4(d!LDn@Uv}
zT4cWi1e0qF1_&INofmPp&7C(-0Yve_WU&l29qXXw@z{Pe>sSE5J2dPlw%?!6xfKH>
zMtZDR+e*v2eF{%Yq@6F0V*ycf1v!eu*#&P`l4rZ1d?kb-y^CH-BJIGIX$y;*TuZ7Q
z{fCNvt897+G0JwpnWRGSxnk5qy@!qY{<{*JOY6IKIqq45dLAfg5T?p_OIZC!ZY`De
z-V78KZvS(Xc>P(`W@f@3G4)a{q<uo?7{W0uoCCdQR~Dc;HtNS@O=<Z_s3p=dMY82x
z_A5$dyG^!`2WjpMQ8^Ch{x2f|7EXgZ)JLA_gx>jE<m7r(fYwuGDofM_61KInv(*$C
zKWMM~fVW!;0BoJH-xsJ1)$P{7Hk0l76dYikE6FblRwvpZ#jgrPt@jKhW*wLdG{K(3
zIyXicZ*VOn|K#uz_~4Xam9aj3;d0p_NW5pZb8J0BgoyS_o~PFmV85AQX64sR`4JwC
zMuZe90#`(pIU=ByCcYg43Ymbwyn}b@hiRHB;t^C(-zVtkpH*(`kbaa^qNkpTt%U0b
zn4cv@_*n&yL)=*pp5VdSlsF^DP_m4wB$XR3))QQbX0F$7=#d^CG{Z6a2SVa>VF|`o
zpEoz_F>E1;K579(CtU=ivlhPqA*PkA**xrF=ramJ=28_jUDB<<FwYWL7jHJgM~j3+
zcuZvC*Hq^43g%y4Kd-X*X(7rR9K?en6ZX<uP`g-5uskU|Kn@K3RH`h~7B{cImGz^q
zm+FLaf3gsa&e&z-SGLA*XQJKtGOws$%tt2OwVAYzasSW2o64sin5hXAx6R;EhGlf~
z4R-OwvmiefecSU1`&E5nj$IX#Tq<DsocPtG+F9xvJe6Lfb{yEO>hF@K93vWc8E<Ch
zWB7d|hM8n$lpi((Xiv^WAK_L}&%df^axkFdv$C$25F<6_yt*}Rpl98*3q!wq0^@FH
zxYLDU*ACy4n>V1{YBG!DLbE?Cr0h;6>Bh|_Ead!r_5^!v2%{MXT2FCK_Wp+wmu2yY
zJuDZi2c^c-@b}gau2ei@hi`C;^oIy{;OW%&6@)I^>PJI@D8}#*+svIq@U=*&idv_-
z!TD(=fB`s^@&i1}7{_|F!wXh4jfXHB4d-(lglh-S(bCDRHSa*XQ@_oV#0XeLf)7C_
zajX=$&FZkj)I#+n6E7&;^^5eif!V>lSN|hIEyV_qxY)-xp2VgfE{);r;GKuH^rFCc
zQI|wOJ9AD&zihY6qJvu^2t43Ycc2h4+QrzUentj3e5!G-XOqTq_B-M?V_#q5jSK*5
z4`McQEt=cA>wQGC;D?MBR6KfTMEAVy``h{Z<n7K1laX+5tYlI5bD$n2EzRz}>GJx>
zu%xTmSM*{D-yfLhdsqh(Ssmg&pICq;TJy2?!k~VP;Jy%X=bH&hf40Dkuqt?S&}!5O
zGeo`gP;pBonXH4;w1tlhR8N0qfZ*qq*D!HfbF!;_fzs%)FzGK_`L%Qr>jm)5p=z<G
zoI#uqlcjV1yJ65mct}O@ICpnFnmtUUpIEL&ws$3#;Bzkbi=ia7ZW;&l$2!ts?mgP$
zBU?qFh(*Y_2?Wfcb?&DlF(N0p3x>Qajp$md__l8X5=A*#H26$JO9B`0w-$Xc31MtX
zO@3wiaJb4$s~D8S)dL{FxVJZS34%Nwd=3oBld8g~q2<k?T{>^DDG{n28@9gxFpoE%
zS2<~eqbJ;^LTVGEB79qVzY?eLIpEFfC)PWluI8{>oI(^}l3Icb=FTg%4v}os@%5-S
zqy+5-jzx1ygR}S}Y}^=zqgDjCupcVHZP_ftzOchn?g!q(-|r5;`89Q;Pc4!%eIS$8
z&Q8;@(!9yWxPFdjs1t*)CzG2w63Vixa>(p={V-vPc7lWWt_Tvmi}rriK>%mGImCl|
zkfI>Z@`aUSCnkHVhf8!_q(*hVl`PLSP3<kqV^yw#=_hWEIj;(@93H<cywGj*AA%8`
z@$tAe%&om_6By(@?+(FR6Ke1M@Lc)AmM<ewA5!U1w@jb^p{f$Y?eP6%%9{3y!Fn~T
z0C!iPc!tX!0S80HaYKFlb~w6}ACgdkd2i3Mg3x-J0^jnA6aQ@&yaNiW?52QgVq>tc
z{^Q?h*lXW?;I`i9>mhC)i#P#m)FOAjJ;o94BxL=)<atN&@bUdDt+%<3a+|YGnIy<}
zTd-`<<Xop{{{4+-t<v>Ry?~G6HBw0vr@$Sh4=}_<Xb}uAY%o21+T?Mj9Xaz%04~*@
zfZ}?BNtM;>4N(c9?+faBB~(T%NQr1FIIe{EPf@Ykbv|L5iJnp8Qb3_o2nCaAS#Uxq
zqW~;JFgROPbf$9_D;#egMqsLMo`z={Q$6I9u<JVZMQ1rsbAzhkjcF}(!(c~H9kjN7
zubOl1HG7X0t@{)Uj;r8zs^gSNpc|kEB8-t7WIsi)uclu%d>y<9ID!w^dby=6AIDu&
z(+mT`0Xvivy9k1u&IpBT5mM=Dtp%u)-|M==r5_f^OuM2_kYVRR>q-kek8CKI7MnjW
zJ~U`;Zo$|>CEh{aiK?XojsPC#{h?QhLo`mb{sL)Q-qY*;whHQsc!i8T13|(f+mM4_
zq!7yEh@_>WD7ahnA$QK2RZ;hUAv$`V6-2?#ipk&m0`>BLXqwKb5{qBQ)txM(z4=j8
zu&tZNkhVi&FdC2VbuzA{%jEn1kigMmMKn+@&~QJ}_4xk4u1`iM%2ydJYhh+8S;W*1
zUWOd}VjJ~FXZ6>w*3pl#0z+S;Qd~X0_#mBLpDnU5UzM&l^>Sz8u=f6;FVZPh!4I8o
zq;8Du#lfNx_3u#l(gie88bYE&E;hmsrFp31bSlpSt|+Yp#7~fIC>u+Yf+gkM6_J@#
zmio0uiHbybd=06Pst=a4zIxaZhvh-`njM&@yb;9^sxJamuwhL~6hpa#N}(a`x=fjR
zG5A)x%Mm&&A)YNQEU&MZBCM;GL;=Z0#r!9WY@cYS*8+y)Lt{pnw2wFvC(qYSCOtQj
ztB{B%&(j=?4&?V{%_$p>IHcJk^|KK|t#CG985APF+X3%+s&A+VqPDM{fK?RHl{;Pb
zZ~Zk-RD9;odD!}4KVGbPyseji(R7%~z&?!Kjrc)>hJ4VJ@ryP&?K|L-P}Hz1Wn!;E
z%MmpEG;Tmn;w*<eJ_ntscRV9J@prFs5^p32<@%ZK&x8*JugmE0ndwzcF%>y%)3IDh
z?Xr)au7)QS*si`hI^`Db*5)wUgx9;T5-Fi^27Yv#z4-hqlk3t+yt(@=Z+;P2O9&K?
zB*(_4GARh&X5%0SerA{oL@dC{O{LScs+Wqi7*+{@eOacvY?RD?>g2NTS6cRdT2X^C
z@ERR5l{We<XU1clnceD6?DFEiBZYTQ|JJQH``&n;X(5NHQOI+{GH2O0kLp=vaGv*s
zkMA8D3W2#2ejU0f+j9t$L`wn@fg}RHl89)tvdE*a$HSKcPSzC0luqXzbLe&F>Boyl
zqixCaeR~{0VzYk3`)<zDsrodOh|#Oydc$D}Rc>`b3Rw+KyTE>CzSM7?!eMoXL!Pba
zg;Y=5%eZ4YAM9-MRvy};XSc7^go2WBJn?Y8m!^`aheYQ0jpmxz;=y`2t<l%2Ihs<z
zz*=sN<|kwZb@+d5pVmm@b1;W5;a(gnD!3f*TUl*c)*Ek*n++%7D6jw{<Rz|nTlo`Y
z1Z?LagcQ=swBn|_DO}i6IbGzIj%5%Svt%xr`i`PanCqL~xeck+P)NOhTsu6~_{8rL
z0*CD}=83N_Npx+vxOa3S7lJ%6NXgoyxZH8|5@{Xj%pEM>ghe#gV^fX38Gk^cC!&8v
zL{~aLHJ_@;x0v1-`m)=hbJEgE`G&o$PL#O7gtn52D_zXMUtj~ljZ$nLA__06P*jR6
z=4~MUYy$W5#Y2AMtvTM7SEx5lCdw1IKfkm|z_`WSC4{0z2`M75`@kGu6a-&45HKnv
zK{oC^X%sG8s#C39tI{duiMFSlc-mZ)cMNYFWhK~6)oBdPv?QqvAzgEC<$E}-6rMbC
zJ2h1pEpjjjh6&^k*LKeK8x3@-E+62NMaj7W2;S6eCCgnc$3y_CM*YkT`Tz-B+TzgD
zg`-%kR;oH3fJqt3e)GdeQjOrl`5>gV_8b9lQd>w}^<K9x^hD~2#VJxsa5%C6kn8P$
z(6zZ46&cW@%&La@5H6_$GGhS_9y{eARe^4NKm}4r^sidT((_E3ji@St7B8JP_pSWg
z0%;<9TK`UfClYOJPDu%c#}G5rIqh3Apzg4Aj8HhdVO<qx@rQI4StSw;Qw7S*K)|MX
zJ_dun85M$1dl2-7gqGHDMA?!3xU4fNbm&vsKr~4+v4#q?bt7CiX}tmmo>A9(@;ByO
z^aV6sbBb613?OY~=imo{=f-5Eo_+hoD`8I4(XNF3s}wH&MXd|Z3OAMp3IbS3swUdZ
zj;I?UxUzZA7wLwSbq$GeHK^%Ij*rBCJK_mdeJsUwY>Xv|=<4N0l5Qh!BEK)Zxtyl#
zFtdBid(zeV^>8TY)$G;j*L`3gzO(7oPR&6w=n+`|;g`AmM9pvWye@hlZ1~YBhfUko
zey5ax>t{#Tlp}I!b>bE5POb0AL&Z1j<}80@T#~PFt@+foZY~*q`&bg(_&b^qr)Mek
zlHt-rkBZvukgHmM9g9>g=?H~!yO--rYo%8Y+B(Cm<2&KO=8^HC#p_=lRo$oKj%-@n
z-+B(BgknxkNr7{H&+zKe+3;S=aZc;%cz4E#@f4y%Zn?G>i1WeBviWS!t#!24m&S^S
zP7LQi`F!MV34QhVc+f=UyJA{w5hgpk?rh00i4)3ntSaAR6IO?zv;LHO3szeFy0kDc
z0}cv8InNJ8DOPn~ifPv?5*w!)$(g#<M=L{&b)w{T-se&2diPgfb{@!3ibK9)s)q}?
zbFg*bTsb4(8g-Dk*uML<{1q>Xqse5fr-IT8)gER1B|lK<m<!-?#p$*RmoBr?($Wq#
z*XXs2RSM@Zei2x7J>^q{C~hm4o%nB+o<pjSdKfJ@;RR-Nmlv<e23_P!hD6Tvno+PV
z_B^`m8s|$95AVPW5b@JkSG+Y4J|DB#YC@K(LJ|+fS<v;Qgp2%0XT;R9{t~AawN8mi
z6=Wh6;?0(LT((?qE%;$amdO1Em5KBHrOB7HIwzLF3rk~hrhUQ2?L(^I2Qk)E9vPud
z2mObxU=$phiC{D~oLE{e9<DU8>efBPp{R2<1mPVy66TIcu`f5sPovN9#uE8TvGwp;
zEu}Rfq(c$?4SRxeY<*r6J7~%kJ~c3H!shnR{_YSiB(R>;TQ}US=LhL#)0X_B=|2?A
z-XdhvLdnPnXNIy%BnNTsS+?f@yo!knNDS7ret7ko*QBOPk2_VdaQ4_4&7Xxb+{{7i
zYU9QV)u-oC_CB9l9f(~BLThUkYQM}{;t`oZY06vnAE%yH&*M$pFU1_0ju%<fpcdWi
zSbns<ylhxbrMAJ=Sk$1}=pgnv_7*u?cKTla9@pluw3DKI@B$mdvUc;^!Xsk|cq9yz
zq7+UOTpzOo5e0m(s8(?l;k0obsRMcMQem;+3H>>>D(f#M3VVq7&Y!F4{i0)*UN0P6
z%^|}GBxb6S78=(1WoN=uMw)z0d{S+c$Wa%NjK4sQHB6;zH2Jh|z+hNMV1<{JPAuj1
zXU^_MMI_8ebcq_aAusA-S@96He4V>#XOKIZ0XQ&mKub(86!V<)VW{_bL=Z^p#~3rV
zAD!r&?`hyg`bCpEZ}{B=R-xJ(iJbr_rDnwune!@(VUS#CW_zOa3m~zy@2M53lxBO_
zl=Tu7I}w{vx*v$v*?qRdNFgTd4$1<5w$a@Nf0JY&LWMv%1??qrcg{Zw_oNXH>?_i&
zQ-h=78=)Lfr?TKbo6xst64`52LG$#7Jov?(Vg>u0pN?x+83>iM;w=MHIsJ?gLajR;
z+38;dx}EHJl)1uJytWw}3AK({+#O1Z+%Rwd+|CTz%)knFA()EGOAOdGSjoN{(_Ctu
zUH0P$F;JYn#wv?|vy0jctmoca9{l?8P>=oUi^A&gkK$;026EbUO?RJq9f2V><dDaR
zePrLGldJZ)*4tivI`ojyHXAD{r(;I3Ly@RxC8ad4Z+lT{*Ml1OO$Ap&R2<6=uI5K1
zDyF+_7+yHh2JX>e?w5$%j7cNQ_agF^CN0Y(=AJi~+`Pvp%5T58z9-@K^nHD~D9u0E
zj`DuMpHuL*!p@+{)x=2G<8%M|0)m-6&rz`WYMYVVjsPw>J?Xx8-zgLePRtJ;J6f4J
zW%BZp8?Q0$C4D^;-HY^Dm+6SW`f*juhGke6{f)X<%PEzajhB>-H&Z$!oSDV-cRhBt
zJ;_9BM|zASSV7#U?>egjFSvm@wk(r+jp@(k?C4~1F3zw!f*fF!$W^gxs;~4}&^SGf
zfx_-&acr5=t}o_GM^ACnElG3-%A#Axr7@ViJFKRJ#96qJCsb;2#D9JvsQj72DL(m!
zRV)tDV9l|k6_)L0Hu+`~?&Hv2liZ4EaV*OxVTnwihV+}*Ni7p5OVyhDa@3RWCcx?S
z+U0n++_3ipF}ogY+#S_Jr{;b=i*0+BoQraM-+aFa`!SLFY2}M1obTOV_Zt(78`BNe
z`-Zj#L)<Ew!Y2=}?f0d>ZbvwEjelb`iDL~%o?>6fF*aPPij$+X;?SpFCjWIpOQ+C*
zc)N~~={f0I^iWrbe5dl(M8l<UB;g7vGa)Fpo@jvVyl1i%xoFu=b1Oa!-xt4w>`<Fi
zJdS5Ur<(vYeb@blbEFtt^Oj#;6G{^+A^nKz<3J!-@IjbMKY{TBOT6oOPF>V&5DGzk
zXW9iHZ)`1pEvG7P?b+L+V-^`1wcyY_l2zUm>~$tbT{FF9hB>%W)UscGX??Suje&Da
z1?{mV4PC{40uyD>t6^EzpA$n)6KJJAqFrr5oj0)jDNRq-^d<b!+pNMGvhJV$QyHy@
zA~+ix&(B38!w%6KlERY9P6o<ztUZD2J65gge+oyrdVwJ1X|`a`P~NhZ+J}2FK^L&c
z`<Um84Mp`+Jcbu{QqMfGt80V@scS9~gf3ui45cq-#p0oTXrwh0&`<AL_GPpeUX=t!
z9q<Ru%Pd43T%(j_(H<0PHSlFqPROj`T^#J~o#QoWPYUE@qtKB9F|2I0>=B|5>+cTK
zaBDF?p4dc=cpM==VGJGjtUAbR%dBqz4(6(7!b3F1Z$m*g!CIt{;uEMk%(gb+(XweL
z;KFBJztQ#gF9=*0#xRv9svoG~j1TeoWM9&vTUwXMWRg0!(iz-IDIs>^Smz2duMknA
z5(y9lF+v}*x~Vx2f|1Kp)0zP}Z0w+?4PKwgFetz^pHfVxx^UEwjnJL#&KH|c!~L+`
zF_8;NZYq*3R&%<DX$yKy?e&#9l@+curW^6p=jqk+{H3VMw~cnmvVs-U0qE4&bX|b)
zG3j1k@Upc5NY`2(3BO!kUw<TS0Vepn$IsU`y!R|)7f!P80lmP~!STFW$2{{Ggo=}$
zB+7mL`@8}<$>Bpq8pXX`(CsKcIw1Dd)X1Q~uenE`qowc;e8Wsx8Nn8c7mqY&`nmo4
z(@`K@rQT*)u%uBF`x*n{>pO|?tGp=b>L0a9h?mL?-PF>lbii{jes8wu6TfA{(7?z?
zD^c<It!XQ7ffE_4>;6u6^CnjZgSLY#F3zV2jVvGRqa70+V<^AfF(qn@DyuzWH37`I
z(v=3lI_ingERJO?u2B_w#P$ksSB$#tI=KZq`lg+Nw){#YRn*)G-Ws1<juYd~$r({p
zk{Sj3C<sq$Q+RE;Z08sIQ6~wWZFnR^{~x-}I;yI*UHghC3u#cg5fJI_21!8#>Fx%}
zMRy2D3(|rhNOw2VjnduS-QTnJ-oE=iXPoa32Sbc8nQPAbx$F8}K?1<$rGam1+bn6V
z`F4By>gvo(OWS?Z(EyUmz^UbxRnGRJ;b^s|$Bo4OMb-RiWZ2yaKk%6uKAZc7Hfyw&
z$GhuZQN4+^7K)a5R>=OOrE!p-Y`<Pm^QwXE?Hu7rG&AY*IGH!MIF<Y=bN5XVs~t)E
zQJo}pgG&&#u$yshkDBs*hm^2u*NopRySwA(QrtBztkc@5pV{C;FOje(8L|qA(dH>r
zKAAK-c2MXuvobd9Z4HcECR!h@R@>ZIM{t=8)D8+fUtPsXi;nwl8SEAI11#9}s;%qj
zw>?6GUaE256pQ9dG-Rxu4?8SRmV|Bw(I|RG#>jEW5xXv+CJ1_^Gpj4dVHy*A29jyA
zRK7$jr4Z}au&&d2Qh)gU8Rw<F=$9b0d(+I8%<7h_4>ceUZ%nw*I&gy=Y1h~p^?h+s
zHXcZ{66F+~6CLb>%ppi6PM##tDE@-QEMg&2dmS>V(YKA~7(3FiRg`k`QEAc~JrY1q
zSVTS|9!6SAL`ek?KS#rL#5wJJfF%PFm+jXXu&6yY7I51UFyv@vK=kpZ*?96Vqw%^O
zmhCKSuuKvsxp8zcUuD@NhK8MGJdjL-K;#f96PG8!@mXJ#{M8e9fw>B~WUXKeOI<oo
zVW|HzDSs4l`2%a1KBpo=Plf#I(a+9eUAL78^eQ@Xk)NW)&NX*O$844pZ!Zk6Xp>YX
z52Sgn(6uJfd#T>*KnDnw#4+B&g9Jzj_Qi*eEYkOQmaak`E1M85pL_k8&tOz7A!O0Q
zS#WIl-UFSsKecx7wV@87ptoDT*L73Tjf2|~-;_;aaz5t_S{R1J!m@MGywiwX|GxUq
zL-b^UaIB@mG9D^T0sdETHR0Yag4?t_%(3?s2QQT6?AGNhcRxf_d}1`=s}=saOc`Oq
zalYD*!x8Fyb7;5RSm*RqKXW<t8hBf~JiKHi8;Kl?x7Bv;M|volm`AHAuv+U@Z>q(k
zgP`L)!j*w<mSP(o6+twB-hZGkfvZ(N2Q&6|3SxMo>4c(Es5x2LIl8;$ATh42QZ%oe
zde|8{%rAj(G@{()R=7K3Z&brJvz)cD^)&l~kzHD){xe52EsYdZO+_5&+p1qN>njh>
zRWDuSv`U!Hw}X|7yarRY75=(qlJFNL=q?gPuq4uk;%#$e*UtJ}AL}e3Tedo~l(ol|
z>o!ec4x)sHNmDJA=Kfy5RgU9VzXXDH`1mi}*t@N|4mTe<yKc{C%<I2;&`J=E_xPW(
zhmN<smaHNuWYKn3S0$fdz`Cn+*n9^#l|_<m9i6=uS~g{we8FyAsH|vysvPDgs@yvp
z*midTDRg){uSGNbn4qC#5RtjMb)U}6VZHv$H+8*6r&|@q)+$4RZv2}+zaKR>RCRx0
zY+||8kY4^KS4zCOSAF_K)R$Ly>-%V2r<=gbm{04Cq7mi{D5zGiijZ;X&=UC^&Bvp$
z5{WDvH_nfQwrTcns}NM}z{1Bp4WL`cE+-Pw&&%HqLo+pW`5>t;@6Q({xo>c{%ot3P
z-AWeHQHxytKCKH#TJ+I`CSGpXG|9(@@@g7QUx+k~Tc#58r!gN7lT-D}iQ2liMw8O`
zxsPkv*I4~xS8*&|X}BiYGCJfbvXan1*rlxBZr>e<w<xTabrqPCz$YA03b!2Tfr@L=
z@)Or;JWb%Xr6Y4#u&UCuX&@Eh;9CjC%4+|y-fi(HNIgS$5C9y$`QfWB8TyGvaMtQr
zb%)8Hd#Z+f;pUoqfs}N4vi_|p)(?$Wc(3|ekNdbhX7%lIchRbuRi;{KnNfSl`;M5!
z=kH2HE_E4*Wzxj<L>CCJ2AD(#+~l;~8>`rO?^FpgaErVn&!04$`S!7jwI$g!44z3S
z3wWK77)Rx=NM+I|s(>fw9lX!8v`zz()+gmI$Ho>E6!}<{Ou>2+y%YZ2)-zm}VEj{%
zvQd9LP_`JfLA1j^p?V-^J1mYP1x6G8>rloEupDlQ5ZJ_uNQPvF7LB)`1}sE1t_h<E
zf?xVn2T<+2gRUB|QrQ81g*yL_Ad?Lq0Q2I$zd5G=7|FJHRUNM-+yttUiBI2tJA?HS
zjXFH5jq#$iQ*y~$h!bUSBoLic%)w9khom4r6t#?8F~Bls!z6MotBLb$)_|`LBjkQJ
zRb^u%<zA=-9orts3ca~G9>f;x@}-kqWQWtB-UQloixPa(uFqf(tK5uCZHe8N>D^*G
zeO~5W_MeUtESS>4zjJRS$WwFG!3Yj~5bjk<j^3Vp!26_A$W5kItn8pZZQkZ1r0IPr
zty(*K9w_}HSC%<*uWx^{uX|3b?ax~+FaJ<A5vdz=x<_Md#z|{hm>;(nC&fb_QgP64
zKzD0@QDVpL%z?g;6>#_gAS1@QoL4`qyw;LDYHBW1coSD@m{r)9`6)gy9*r>{4AI8#
z^kQG|zZNr*TnTtq6xPQv5Vd-95}TAz${G`BhxH~t;U+<9xr%v=o42q<<G;e^5hL7z
z_XJTpbM_jpKw_Z&GfVXeLq7cd!hZS1l=WiN@*t-a)A~~8^}S2~L#MNGLbp5rLsw_L
zX?r>a%abpMPWJ8lO@oo~+C+wkraB(1QV?dh17Vb1*0nr;uHECCUSnbR8ql_b_qw;Q
zRmxWqezjj0kvwwrf*|p1RRuv~WC4EJ%4#gRhDywwyG+U;sGNVFu1*RJ&(o@2@G2(r
z&0V`-g`XR8@6WJi{@hsNfZv~~InFdXUVg(h;TxwKoW3q5dSmWxN|9hKGCz>Yu9CWO
z>dnUWwUJG5l~1%MiSfSfYXu_0jUSCyHf7CcR^m&JM3=dn0Iz9*T_Z`G)&9WG11ioj
z0Ua?~t3B879w;q``%Uo^a;jy<1(dPEhVVt!RdY6bq9@Z08-f;Rnxe!LI<NK>rKXad
zE6wg@v1*-z3oPmprLK<|y}qDVqU;df8Tug@);cT~WPdW_wZ9Ypo*E;^CwG>o(W&jm
zZzG?O7tgL2Oh&p?b1;dcU3n`ZD4TLtmO1)^o*o&)?gU4tJF-fEDM>wqAY+Mo<SO~s
zYP6Hpi~dN`mIs^XJp`q?i~0$=BG)Xa9Ukn%(9OGcpcS={jJ5i7SI#<%E^DuNAkFoA
z<LSU{>NdTK&b*c<bEZry(O?3vjy3ZNzht?dsPSu_$GrIc7s?8-LzMJ6hAk4t-p15}
zAILUP^h?q`7*yePR`V|+1tdTt(35hct6ebL0}EwUYVnLZ4Cwm@?>fmLq3>bR0NCdG
z>o8ohdC%*D3jRg$a0n8_khQ)IBQB(!0o!L{0no1H6NipITjE>32hfGes8_+t!nggO
zaCk)qF+VQ>*+aCVJpbsHn5P5z)I(o-q$C+*?BE$VC8%&<{lGC1f$+z`mIg4>)M#+=
z@+O-*(G1qw5?D{RUrBY_E7>Ozlx5I9JRpU*FlYzA5|PIE^hjhSl(Es2Us&j=zt{#g
zT!|4XiNMTK8yt}<CMupC#W9s+q^{fYC(fsf^^%W>p`T5GV=+G_ONjeKw$h)Z0+w5J
zK^|Jtyb2L2CHFo*05FLO7e=1a?x23!$>$evAdA<JybZw7E^e~$B}m7rcQ|%?qUSL?
zP8oY57|%7j3FbStBqpM<@mem&{hW_IQi>Bg5jjfbQg|M7eMozw3X_b>9Hmh-4SU`k
zb}k4IlxS-BB_;4JR-q?-Vxjf_$qz^>22|M*lMhxiZRQ(G$1L?<7fXSjNh^P8lgETo
zKm*QV6-E>1<*h$@!643+9$5NpDR_*8Ew&-|OpKf`_a&Sg(L;l8W3Y%4DF|_=VUcDk
z$H0akw8uqOs}6b1CX?SA!^_FYWK!-Js&dz`GA6)YVG!oHGcmjuHej<%&+aB$p$vaU
z2xktNv{$uw6C%Vy>Mg++2LBlGxTi)95>DMWd_i$TJ3}_m*2=$zGhJ!<InmKV25;HQ
z^7uP_X*1NDR*B20noXlJfq)>ORowWxHu&&`^McRy^y6jVz%0`t>MT-*DShUBdtRld
zZ1$LE{|vvOjV|1#Vx=&nJp{f<V0h3)p%UpRsVcFaGBclf=zWp0cq6W0OPo(s7<YkS
zQTv0kfynkXJTw>oZ{mP|tXn^_i~0r-W$~*r&0-8z7G9%RX=5LD;+9U07}3%_jNoy`
zBZ?5%vc<E31S&S&D=;*!z{$8?Z^S6P8;*PoBwytFXxCln51ifhs4Vv{3kKO19Z6yt
zKY1<^6`wRrv-vg3Ij^mC5;}fCnRbINiz4G?e1Xx-Ne`opNko?jSe@!AHx?7nG^-=1
z+dyq3$&M8s$y9=V>y+r`K$8v?#N+PJ-$quf9KOFnxO@LbfR9Ly)t|o$3WXDcDvyUz
z9%z>uexz(rAelSEX5<+E4p)yW5+?@vtT7SBz84c;+@VPUriPVbjix*k@Z2{fi(lpm
z&PsNFtzVy%!bk0UT_{*L9Jg3ToxdH_?_ckON-6z$&2>L~fBgxcW5rzcUc13nEyB(^
zyyY5^1>dk1XnIB&0@2T~N7VZh*>~APWq>RJv%ZzvXJf3v%~|iE(bdT&2mjnzPaM5P
z458=6;#eN>8CQMZBBGDmCwz80aaEQ%@I)Jn4j&PYB)P@IcACd}Nftdo5^IL&KnIMq
zL?+ZB){#$HqXCoZJp)i@Bz0zG&4L||CQXmiQDH7!$q)PWVB@<wiQOWuB5RagdyjPO
zl9&^sCNoQiESzf(r>*+{aZtz5Zg4j0ZFM98Vh~ad>VEL=hj(;PGCDpY`#xqTG87vx
zu>n&sK%!)>wIjV%K*bfkFz^W}ZNW<?0aCeJOUA|;*OQ#T&+^Epkb^wlb<gc=k<j;@
z$r7X?h_BXZhcTb~Sdurt&Hy4@@~(cHFfoX`1d(Ix!MguErKM~LrKRT4W1A_<x$ZFc
z^I2yM_(s>$EyR`Lou^6OU_Bm}o%c-6^U+1?{wFBBz?1;cJCpW;yvKUH%8x*e%LmeB
zT+;Wn32hnUf^?{4xEHa><Z|}e8&bw2w*kbakCP|QWG-&k&f7qZWlVuzdlE!w7mRs9
zi0eAD4Y_gtY+95T`|jxq8l28kN5t3Mnz=lf8c%<uF6Z(*vI@t^fBc%XS!9iUT+?8G
zvpUrKHRGR%=Hu@70G_JV1)E7v9_dR>i<~Grt>Ic`;AfoYkJik1QGVnG9)4A>(<WLT
zHHy#IshW$<Y{irQ@_6c&fISk4R~zUjvEvS@GR<nq@|gEOQPzcZRuTnr#mAJ+Ms}^?
z%bTG0soKsr8q__TshOtL#VbP>9K`)qiMuQX#d~OZ5z5Z#IQRy0d)7GRkXX@WUOMh~
zFj>gu=U$m9$3Q+vR34b3l)A6J(r^O4bD8Cn&1G|R8G~Og<E_p_BhKRVNZenF%fywY
zx{<18Tz{lyi=v1yrCX(q<2<!0)7}{nSZAx*4o}Mbf*9)j^{~r%_kH{%Qx%1T2bsnj
zok|w%gT02by87$8pppB}!g0T!BrwErHE<HNwvh#jUCe1b>KhnBIdY#@2|I6US~(;}
zQ)Toiw<sfPS#&A>g7`^RgIS2V$^U_LYCy*}#@q#isdE6GTICGp?oRSAUEvLFh-u?n
z>XoKd(1+A-R$so%$<Ufkm%Zz%8-o6xE_Do5%6Z!oF1lwkUD>7?UnS}^oIz>#*3V1o
zspsX157zz6Z0{~b>IDFuQpn8tc~5>*A>n<p<Uy>z34e#KXx4Phg-cs7r}Ecnt%i}K
zm>qtA^G5X|q*ADL3EoT3M|Z8h6@wwZourZWa7sc|1zVi-7c&}!@u_fegmSzN!VC7h
z3`EC6@Nejj8|KAjmiL5B?K3%?BPd?97c((>OX3dt5xX29<6_V8T9OZhDdj2C>z4%c
z>5Y)A{0xJHM4lW#aNm%g82NjZySvK&U3`PQVS!U^Xa3ud3Gz|3zrIKE(9>^WH;J1e
z`j__i0<HccrUCBcN9(J+a-|CjT=X2RV*c}VYEfY$b#IgkWp^ScKj*LYOI8(ko@R8&
zC8?#S;c_Nayw^uMp`@6-DF?mQl~-{0iF5W9iS?S$o%dz+Gg~ig2y}*Cg*2y%d3S3o
zQ@Ojn<1CQ*`+{KI06UV0VUKX}@~K(7>;nm(_v#k6K{<G*{4*L(hwHMoQ)V+=3tpAl
z?vW=P_U^x%z%_a*0>>u!TTWnGY4h%2cH}m_E_2$WN~XU&_vrY%sn?{9+}Y=@%8{yU
zSa01JOQfGd<CarvY)>?A%jpjbV290q=VJ`jwCp&p@3a8b3*uDg!kw8G%;iSr)SUy%
zbCM@IRC#)2?g?ZmfNQ^R_j55w`WP!wJpu}C;LTa|F)plVTe{vfF`yeRlvzJ}H;g{e
zgGW@WIXnmLrJ(`vwXB<~X@_mfLbs~zm4yz3q@g;a)eQ=QUQjHW@LlZ~G^~&2s%ZgM
zaVcXXn-HY;a7)HxWqRK;(ivHJzuknSD&3b?$G)sDnSC1lW@M!%n<S=PCQhnoZcvTU
z=Q(mzvrBsDSUm`0>Wt2xUnw(bKOj&o@;w*)Eu#%R6IW|+EkMDs{1g@V@^JS2*UFb~
z5yfP|y|FY_tr%$*g=kf(BCnFTHhHHxAc3QxR^~gy*gAXl%Q&sx<c3>)MCTls*(KT3
zPq~UG>-Pw(ECh}W_&;GV4fZs1H1BpC*VOAxHE&%=oyx6A9@%=a++R`*>QP+o?J&ia
z!A;gM=VtB?(>MkFZb#aP2C>&CWhF<z^}woPl59UJN}zc=okFwYs&B8m(oE~Gq2A6L
zc+%j-bQ@4K*@47LBf{R_wH*mg&jBcN-ft6G+ic}H(*E55|7SyB<r!RUT%w|+IX8Fc
zgEKsdxo;~>n{?l%SjgijrE^17yuLu<OtsW1TmrVywi6*z44T-PH8ZhHcr4mlYLqU4
z<0l1gc(os2$zn_>LN@Za^)inG5E|il-eMBJRR3oaLFi6Y=yK(<Xt1LFlHg%$^3igW
zKjL;RjYq*VS{&N)R)!y@!G@z2@8ju{D)HaV6#;Wix6)x~L|a#>{^nB}BfcrJ=V6>l
zDS=^}$LE4ZQ!6BfBk?-Das724eM^QIbX%va+2?MY@G<q|&@X1zzASZ!&ZsKh_ZFeV
z<sqBxuV7QFqd9>a-s9FmF?A3jp(Z~8?WD*r#9H<mbnT;6(63TJXni)f=3e@2kaR&0
zI4_KBkDOG0Gn%L?BG|VN-Mu}fGGs72;5zT_8fG!=s)J3u?WSnx3)b1P+d9+2S<+28
zyW03uV~GQAxIWBevyA&sS?P-07iu@W?r^{S6n1Z(5yrG=lD2mnob0mKKC<HfD=T(#
zm>2BR<f(w9W5otbIu5;V!!wWUZgifpKXBK>WFs%o(99Dqk@13e&r{Vn>1{`OJcrNq
zE5*)}gtC<oIh<+Rx@Fm%S(DUV#=K9|^#bzzui~9+e?lvHn*%Ggz<jEG|MBwYedw>b
z^Evnaa%X2rKFQR`-=@crRe{}LzDloEv}+mcW-?J+fv}@97zj^%bcQfSL86L7_jU*q
zpQQTS>D!##<-zh`m~*X3=3zQQZ{BTMRFZYIy7_31al;GG)BY;Eb^eI1NT1u4m_?f&
z&>^ZyMQGVTwNGQJVOU`Z6qz$2BtyQc(~<HU7inVDYFa;IrtmW~-l}?{$GXP^DLv-M
zdp+FuJKgNBlUkAz{zAJRwrN>C{b9L7ZG?FK+TX)`vNX%ZYd1!^UqK6OQ~cHU{QJui
z`PVtZ<<@U#=lE~{Q&Q3-HPbN)undWB>e3Ld(3MZ)G^`N|4|6=`J<cDGgRJi90Qcr}
zRgwF}Vo(czy}Axi`L#G+_?rL-4$^$M>l^4iAmG3c=1h+}f}Br*-xUFmg^NtKfYCBH
zSF5hF;juyqP#RLfbtaNZ0c#_eOuWSrpifrIf5{;g0xl^%t#Ur3FwOl)N(~5mZFkdR
zS%&4nTmwInMrs^zHtWdZ8~_I3G)5+d>dgx9azNd~C_LZHPD3p$bA<^G)xcVH{}YT-
zfS#gS>augwnwl6GMkzXm_z&h!P=m&`<`12w#{OO}Xrc;8ZGGx}gc?Z?XuKG0kd>_h
z{@wh6^=bCV9(0?fkPU#ke}0TXhmtpMG|Zf<d3thVF|8|;u@SR%#G1{&EG5u3K;bFo
zFsbOq5eh0)nc~H(z^5Zz%kT5!gsP`&U9%2bO++5zj=U%LMc~>xKJ~d^ckScaRtq=r
zy5kmo{Rz*eJ2c?U^j=L-kR`{Wo0$yR@*AdEbS$#E60Fi<sr#vBPL!xUTEF+Tl(JFT
zD*Gn%h~X(o-}=jrr<{sk2teNJ5R~H0oo|g5SaqB5I`2e-Z4dd^?pHOZ3@StD>!e>l
z5nCLT!}lzW?63M9Ez39cC`b?+*YCZLerSXInXxfhSJD-U?#E%F8%b2vlO{R?2@hRF
zr?iCPpJrwibb2;|SYsF6+Gsr|c&wl1BD$#4!sF6DsR&J#5?s$Vg|B_FZG|G&-*xaB
z-oc690WNwpd=XpfwVYr@0427k9>h=Z?j}!j<PaY#@Eks=$);(X4!c5jVjeEgf%9;h
z=6eHC!MNbm(W(DFJe&>~?-mFnzcUz5+KY@3AU5O25YfC|j=;kfmEE0}O{U|VwTqCw
zJv1S(!^yA0KU%Xh2%9!+Jx=w~qZW0rv~DF<j%m8rCSOMO`7pLqQ@K+%(Dc*wE>F84
z7n$%RPKe9jJD9qe+1R~Mt!x0Qr>^($Q|O&G9p{{T{0+Ckm>^d$vdghY0-sAR^F%w^
zW^xy9Uw{1xb$UDw!ws)~*t&6wdgWiw$PaHJ<JOw*BD_ix|NTNe^MOJ(wtzp^$>f~q
z1N|u==*M{Zw#r%yW<KDz4LpM$uO|b6s+Ju0YHYCE-DCeIQ0gO8k#4lh$d`xr^#J8C
zMNdaejSdGqThm@&904uS-0-AsfbJtyH)>#6_x)fUc$8nK@m6%Up$YOWT~$t7#{du=
z%~EPzv)r~@E=7Kcyqv@4Oo{nuE{2s(J+#CvwqO}VD}t!OsMG51*JZ2&Ty55Y5t6ap
zq4@0PxEf}kWWSFYhBOn4J@9Li7J;lF!ResBo|A@H_UHds*AjLXy`Y8bOBlz0r!J1g
zQPCA{Rf@vszDlbuZ>^WYT%6B7H$d94SkpgrL>|pm<h)0<Nm^_4l4@4YU}dV-^?mEy
zd8O4n6}>!<ww$SJK4tEr9(pTYtvio-KB68^M@}1K&uj;Ims8}~oaer1()a2^u`YfQ
z*81DMgN3>3A}Uo8;<?qANSLD%6aqotO&bOljrQwkei@E9&nNNfrz!Tv{t%p6N8cos
z@zk&1I9!J>^86hnWS4ZYdme`@A-R+ic%%9g*NGI}_k?_TazFW)fql`CF(#>2o3hGr
z-`vsXrBqB8Z%^cvY1_I%r-n!h{ls-q&X1zVA2!VdHj}nxb^O1cm;Y?}@yoN4Cxf=u
zopn(|My!1D%_a0KiODSFv{<4^q%rBJt$cQu9-{ZouoTe?>2*0G`RYN$>%^wP9oAO7
z<x{l$yJP`HPmaZSGeOleuT_+!K-bH*qy?EGRF>6er7zx|I2f2U9`a1wuX0)nKr*1e
zDbS9#ZM>f9ISu>Rwm@;*jhf#k#XEGpVB&z68IM0R4!P-6rB^A;Cn_UAsfjJg$$))m
z%}tOE{k105jf8(g+6x@GKE;!B8M{-dT=O=r5f_`>Gi}cix2pc#dF-IJX5(ky$0lnv
z5%IFnrj4{3O*@PEyC-Kfr^2@EHd)+Grsc#whB?eO;Bh-`>RH~zE~3|zk4}2sI_&Yy
zj3pz>AVm$?(5{yYrryahg4q{MfOlgY)?T4(eg>sxr#7Sa<5EKmhvACPhMOp(qOhdf
zXGO&OT$H7uEE<Vu^ffI1CU_Wzi;K#UgkJR=nc4I*x}7S_I^fGFPpMiT{3KM@QMCl@
z{PBm0QxZ_#BpKx$W;h>;TV;xMFWK$;@uP5m(9(V8!-p+HYJce~cgG)Qy{6+Y6nkvM
zDQw9p)i-;N!s0$3bX@JQhg*Prj%=V_J4tpuu{_v=#E2Rh^7+*SdMQ-j?;y@v<V@dC
zM8#s`>E?FNq9jC1$DM!nwmAL6`K{NqM5?X8Jw9^VYu26x6MU<~Pk!i^?!sPPLFN}~
zs$S=OnheYA$=G2;34^OLpDA{K7<N@c(SAa{5Ttb~wTPT5fgjrxvXKF0Q#wiguaD*t
zoOG>pptht7kwb0Lk=B<qd~~Y704pwm5?XwQ#r4H)Q<odJLrL336Fsdm^>`hda{DHM
zd1738E91R@)6?UNx$_whj-MUTwrY!&LC1kbZMXP&#0^D|6-W4!=P9aa>)@?sv09_i
zDviw7YMMP!$1Hh@MIf4}@pt({8icOeq!)x3fV0{DDkx+?nHgPH>6uSH#aH{}e1kYm
z?zp7lTrdrbeQ&?kv-Z9>3!2rV&~UI?KK2-y%&ZR4sCW_`!Ct>praPK4OJdMuC5l*H
z4b5F3oi5vPo?un)*%I2m#rC>QB#;dzY>S)`&(9A_IlGA}7O-YxGz+Pwi@0E&Rp+31
zAq&5w9K{%NHpxBzx>fYQ;tyy_qCdPvtUzcP%PkEN3V8bbuM8qk33w=i3DV0o04WHA
zT=Tdbtpu+Nw|dF(IBcLtH9GB1ExuqbI)sh`HfV5vnWuj1`4yQd;CihJ#{H7xrC+)P
zZ6(SE*VCsXGobfm2Zm0M#}{J;Qh0koi-}}L;C#m3ueb(%MY(`QK@~F+2ofYX@TN`K
zeCRf+f+EX2HQHQ2bBo|Z-kT&2m~SKedG7l>>}2~9AcwC39yES#fDVc+a>YYtX$Ppf
zvqm$^z-4X)7*ZkDpAfljqyv%s!WS2Ti-kunAh+^c-)P}dP=G(<f$NYhDBAexO6G-r
z5p5bv=wj+}X*t7UHk=tvX|^*FCDud95yw{b_md>Vfv($~auAG!V-s!Gl-<i7Ki2)4
zCQ%$ik_sMol&4ARJ8^di1G>+c%>?Q8m`$Yl`&YfbkB_q?H;>*$Mt-Z=B>(+e=3*QL
z2?+G)Kf29->wo;lbe>WsUabQ0ags`aKpW}mzHWb>)u_`U^Ndjgk#e58T3nGT4UmYI
zWxi>r8pU{vX`Fkmd$d_(U$U}|H7fb{(*;X8ohX|5#Mhg6@G(V&&Pyl*)7A#G;1B4W
z0WIW7Cby&^;1AfpHQOA?dh8n)1M~v4OEq=-;bIjBzv`|Nxb-EjfTGKQD&PjYXa{%*
zAbH7A$$nXo+r?nftG_89jo<v0eI1XOwhzod5*YmY2M!%jaFj~)#TOal05?SD!oJjD
zb0pYv#*`!1M443mYNa)dBclkg$}<WnW#SAgU%knOtnk3`^vWPF-3TwpAb%t5pWVp`
zIXbr4UilbrEK^sOEA`1dYO&I;oP}QYpSR`*hAyVT#VZzrv)3+eKlQn<hU`W*yji3Q
z%3ftd48yz`a81G#j<Qut4S)QeXMEFx!}!X=WH8e1nllzIa>35;=Xu1a<8nq#spD#h
zzv%kahWQ2@2@3xpEkp^lszD$erd26WKGN3SRHAHLPe_$b4a})wbGZ^>|En$g_X>j~
z{Fm&U-IthH4LxAxKrgi?7d25EBRHrT*!RG}>2R@GK(Va3lq{-e!cwWD1@dL8^A8-W
z=@++cuWY|e9vp`iD$;C;O`xVk?cE*Q&V@nT7f;l7JHu?p*F%IVF_;wjQdW%!_>&Y6
z-9IkIug<iGV8>eUeDAI!VT@Lp*D{=`#gtR|XDUc4NZ$P7NzD6%5%HB5%Lx^ZdAZye
z>@1yMl|&`Og%bv!z7w^~b>`~uE6}Lw$q<*xblSx)b)18fN@Er6`OQzdF6ACquOh^8
z$FIY|pczS#Zm&q>H45gW0nKu4S4HZMIy73fu{Z1%;kxjrpFB#AHgA=Lgu0b~49Wb+
z`j#l8nAfDF@h2lA6(n1r%eef}Kcx(t$k;#@6#Aobi_5Oy$OfAbCI@l4)S!p<m~w!D
zLSg11f|I&-(HmwMi#q-5Z1>&{uhpNw@V3(5(I*(Y2z81$;%nD2bTw!iw}{Wu^f36t
zVrAg9PvzC_U`_$v<PI(cD!~bZa=xnfV}ni`=js&QwWFiHPZhR24PXkw1!uk_i+kkN
zbc@9xjnqX4M;Y=wRu1QPG!kb*{8VL1LjU*8e|oJ)FX7rlaiW(37YZ^UD=6>|EnJKz
z6i-4NH#bY6-7KO@d6dU%gYgxt_mQR7M5F;>U`LU8?gd@sd7tg1F5kYDI+x($QuzaM
z(jszig>aj(SMSfFJYKzzt~p*KpqS&J++Y2HI__+ex;2n#8m2BAlR=<__~(uZVFdd=
zIDVFL|N7x;8za1jL=tL&vaCB8@XCdnG@w=gbcaLWA?jl)`BXZfGDLD93oBqG;&F&1
z=68j!N_E}(5q#3(=OqVYC71!%0$aD=ISO!ObgY;WL$B|E>{G0;;cV(_4&c%vtS8Ta
zj`|U>;e$U1SuZsh%E{T@0@MbQScPdRSP(E9$^3|p$`Lo?dA)lyB#QPp0s*WP0}&>2
z;Vo8|BdGdWlSXhZtNiR+XEEU>sCl2D^><H{7_0(j3YxW+!?5@fm>xbE2YRtsFabmu
zALKg@(}XStw465kJPP38{-Ie@%6mKb0U%85y2ygyYr(~e0*=n}%xka!ynJ@)vYtX+
zW-^F65)YOvxyG@;U6Qndk8Q5Pxh^vNDAJl1^5+DPbcf_Td~td8;yoMe0Y6cC?OG~h
zyV~=9Y(gnp&Pwg(Twm>az35%8Q{ppvm0?59d929~qh>u>JG%rNxJPsKvwHS;9AngG
zuhlofB;SkdflJZX%X%etJ$u?%Mw_m3B*WV)6dxZ(uk@&R4T~oDW4lKcR{yP3`O}VK
zf;0E)(-W$wCKP!fZw>CSbKl58K6a?#>+itH49TB?8vVg?*143y%0~%8dn4nsYS1XC
zb`%v`9z@*qm;_^(o8Dl1+hFnU_J}awiyLml7@}DZXZUkfRil-x@Y36QfPS-UpIQbC
zD~ePbrb;WFR|#*b5}tQ-0mP->3iQ|UH6g#dmaqSPvQWs$ub{N;3i9G{^r5U(|8x~N
zomO=7hkq_yNL%cI?;CB)_)3~{j3GSNJ%jpnb8pis{dVceMyom{R``sO4yF?5ne3!y
zWpZr3vf|TtI-_nV$8TXimNc5q0F;RmqcThFMkNkLEjr#wAG7+~AF#^(1>D$n>Lm}o
zTB-l<e1(2bPk>K@c^wT5RpY5eYiB)yyV{fe<S9)_?<kw~&gMtqf3E0G#M>nVpXgX6
zZC%;IaUe;f%e+QS;(^H6Ty&VEt=qezFiE>c22U>ad(V1%6P@tSRNA+At0>F3awH7A
z?nE-#eKXnCmOh08JGwCmu56#c6Y@e3PI^J+PT(ENpYDrKgSR)n&>7r@OQ!VfZK4DZ
zi|La<KXzm4)s8m=Spa8Msx!+|+T-u5%74ol^)4$*wO#sMrYtv&YIX3lmrABp=?|Y2
zU*b<zSY)GA)mdC~Og4V-v(%~(sZ5*=;YIm4_(JJO+q*RNC0rfGL=BcfiX=D*jdaRn
zYAh#NjH!=#)Jh$G>`aufGOf^PyP!OrOZlT|_|JXt6!NYqnj$(Dm0$NHaHLxm=uj6m
zMsIcs$>x@*_3aC);;37keD+{C4>-jzhqeMMCs)@4LU~(HRkfqeW5Xb7E<t`rZaX}l
zub~vUBF~m<<iRg2k*%vm)leKpVg=6H0RF+6dcwnw_3b6W<(YB%o3L##@s#?AN$D%G
zfJqB)6Zx_O(F)j!=nst*2l4R{1U6h>a`^?!#}zxb0Cku+A6lNmoY=@qO)fVj!mTq$
z#CW1H`Y;Wy25nk6H{^%xAE=NW&l=e=3zd=nYvFI@wUCKg_pD%U3VE>!M)N|6<2FYE
zuXAH8tAB>a`K-h%<=mIszs7r~vb<!jd@sqxL#2E&A}{*n!+h6xf8qu^;fZzuDY((~
z+M7~~X=UcIjM<<3xYE#_WqEOou64-4Wvh3{hYGN~_O4MApu_1HfCEJw2);?nR2G&F
z9i#53@f<q;=0*R6{df2ecOIBK%Wg8rK3R2yP>M3<px%=TUHk&LIRt-xNgdc)WXbvt
zDzyfH2qbV=sms;}qLDBF-8EV&8Zn<LkhG>O)B+NH2Nf@8HEJ5rqQ3?y68cOki%|&J
zh8)rs_2j+U_-6ED5;p{0`y4p2AW7N*Bz-&~Ahw<1-2?citN`!{TDZzD8wkm{&WhKL
z1_T;}!8Yn~9j^u$k8p9i<rL-#gFp<`wIvd$0Z^n>pj<<>)^XddfFquag5f5C$nO;(
zQI|}n-1dJy1)MZ#&>fu3N(QF`hLs0cXP^W~YN%Y7j!yGpIPczpjd-#b_^#cAUXb`q
z?@l|01R+Mc4A(rsijq5Q1Dl)~+cuO%L)QYxjthJro4n5O$Cg6)#-9hjX8!ZE5{nB-
zvAdKTRH(r+7TcBditQ1j6tX>Gw%oVr^`||c4;IN`GiNF3sbSQ4MpW7heOd+=Rb;48
z=27~k=69O)<P#m%H8ptBz2^*?l1yhuoqO{r9nEzPlXfyQ-xl}E;!T8y0>SFL5CiGg
z{Ta;%??XW)_fId?hfo;Aj42{}_?{chVAS-RnQN)ZGeB2(;<}hMfMY2Ll?<hX)*KrF
zrcP^GOxO|d+h|zgwsB(+9GtOtb{Lf0o=4gaN8p|h)hyAUfEpnAw?K)HTWbSkGTcdM
z`TC7iinA5sbW(Mct9NzxvL8E>5C}4^f2?HJO!Z1pNDFdAib1+9J<-IN_yySj+onH1
zH^<|8{weK1=JO5m>}{v2OSuW`{$xP7SQKi>4iAIInOZ$C=e~X+BYn;s80U+A4%=WM
z6@_QQww|uk8X31K_HWqrPnwg<(WKlnf}~RY`x^aM8@VeUa*(73iVS7=;?Gy`d^qZy
zagBKV&Xp6Ymt{wM$zuVRjz%V#NIy%GpK+94VHOJJr=@YYqwaaSoCw$72rx&LwoVv|
zaUhSAG={4<bJ05nZKGu$7PZwHWid1n@~gnx5k9n>;?_33d&NY8aS^+n&=go%sr*k0
z&J2Ijknq<}+jR}$`Udypk%+tXMDyOe+r6%9{v!H56!@9-kKZtL?H}pUE5fqCjccx^
z)9OmtO5$H1p(GJVpf^UWw@y^-%xh(`>$)eIFO_J!6z$jg5W5UOyZJL%8-!2YF#nxH
z#%kOL8PdaY0K8jY3y}t5+vbO$0}j7$?s*3~Zjbf!+RVyaKXvjp?Uk382a}Kd`eg*5
zel7g>eASyN{*D^Ox<395S2ZgW&5-Ompgne$0bt)}$tG)tcQ=<DuaM136vhiQI1e%;
zHZ;?0A?XpGb}VjZmd^O6phgaWSY}X#*t71aG0VLp7&Qhxc4jH}ESY!?1>0N%aev3&
zSJuM9t{`uOgS!fmL;me9w(yGt{v*os{(^s&7Mjq9&W-Q3Y^(~%BXQwyHTwi9u4bcf
zqyK$c{^y6>)eF((9Lk!lpJ{W;v@-XcqF}P1Ob~tGs|8GD;4-FxY?c=2DxTvg<LG0H
zu~P%=ov-`psLI|um{%6r8@igq4g!j!CQt;!%IbFM)U0dJ3)Pval?W%Kftg7;B*2)!
z_qY3A!Z1F6@5SM=pT#}A@AS`)ShpH#0$}c4;0~0g93;dSAUmT3{M?V~1FZo_FdSXn
z1`fOM#@b^XP12iPM4w>DCTm=|^{hGwjl_IU3`o`&e84H_M(~ie{TEneN&&UH9M&&!
z`+tXcLYQR5NntT!Pk;RHGtiqn5)uBlW+GxF+s8kN-dD&DNXZjRIo}StIjW=PU<w~=
zcbbR(8^l=$e^uG*^XL4}0QFyz;(rpg|Km#}23&1!5{AeX-!I5Z0=8do&06_G9z;n)
z-fU-@4rlEBCcZ5$#6Z*6M9&zH2U`1!_<Qd2ZBew7?m|N)mFgK=*LtigOzY5lx+!kG
z4<0SOsf=nZ(Y0->mqr-+oSa6zarBc60$~=FNF!k&az>s&R=%OvO3mZse*O2y`#-Mh
zKWgZI|4c{|o?Pn9hnOu<aa}a>2WD0?)gMHHRs9cg8uQi4{yujAqyL@Q#cxo|^a6Uk
z-@5-2|J}v1-!^#O;n#=dz=OjJLrr`5GaLpRfHN`{$Uq;r!z?#YxmO|=5^Ha2{ScVt
zT5E~G`Lq<X1MJ_PQ>^bz`x9#e3y8???w3axr&v$MJAv1TqwrK1a7leh=Fb=|zQhY$
zR477J0sQ?2B=Ri{<>hQYfP@B|SeIax#=p^Vr22yas3Xf8{Kcfc81;lvC2`us0h}2b
zR0+^p4^Mx94JWa>mKx97D`8iD1^DPE4?WnaXP$#J4p)T!KLfO`B#1wU(`x@~^SnQ2
z!Ji|6FQ}OTMJ;;$N{JxzPZMk9IlSs*e<Np3y{~U21vR=ZA&nv_b>wdrJM4#&njoNr
zsBHjNvthR;gD_YnHUe0Oy?1kfs0@3B{I+4#>_*@$v%vE$28QB~eE~()L)A}+Sq|rw
z1FJ(D3|ZhKK4YwoYR7UI42ishO~p!)fyW;R6IhyHNU+HQBG>{CEj2Kwh$(8kdi6_9
z;O0QI=4va??*vvR0bVI9NF9bubleZcZQTGG%I>#<#H0lu0u0C5Qg(p&^CtkHh919#
zd>q+7#-MmDcJj+8UW*Ex`L5Ntpwb2XS8wmYq5elHIdA@FAo<_FBZRA^+lw6f_V1$y
z`qQ8ZT6iaEWEEQ<-_wv?dmkzkMJ|5Vz+|$>R1*ICdDP1whSo*L+k-l8CGofr8cnW|
zbEOFlZQLZf=c(;K7i+<p8H!}E?naE9jiM9O@FH-U2sNF6n04{!L>*(o0+Pf0N^b+4
zj!gc4X6yf-H#3qBlGDzn<|=af?{)j2!|}X9e3%hGDItWQcvkW&nfp^SAi$Pt8Gd<*
zP30LN<uqB?Wr)0uM->7zzw}W{SOWxwf??vgdA0%m-TgF^jUH}d3X9vpL2Kj`nA%((
z_1m^}Z7aee6nQV<q&|AvZDZ}lN#fhLwwwK@MEd_+-~WCm{n3X4X3<Gq6NuoSzI0~f
zEjCNl6nOv;6qQy$1~IB&q1xox0E3Jwq<ydlCk>0`MDYSQ8Faeb3`;XRJ6nQJ5MVN4
z6xo(zC^h<=9Pch0jdp$Y8|6m#O9+}5u<!}Z$pfz-hGRQzl1UJe(-*)PWt8M_IWi<8
z%#Xp6=TiW*Bob$uZxRvMQ+{6w$UcNVr^V(I1Uw^(6Y!#|`3r!R-=`yi@&`&6Uiar-
zrGShWNFv@)2rPigO^3<1Sgm1{8IgE^eCd$webkDg_&o*;qicWBk*MUWVhmd|opy?W
zv2Us7cjLG4XArox+kDU)jbtbWp&&MeLBbwyd#~nO7lT@pXAH1nkp>Yc8CU(^ldX#y
z(w9{A7PN!OD5ZDq^d!n=<rtk$(u17_y;6JD!74S?dWBhh&zmmF+4}^MJNt<mi)^JL
zb#V2JbV*fvY|E7Kxug33sp9y2y-Vn2Cf@}ZPRD&J)gLvdQC&zQMQq_^<LaiMA8=*G
z?n{X}m33k2Y~m>NBEV@}FXaB7Z4(R19O=`o_xJr@P5xxCu#b7i2>u|S&7i{)kf&px
z(fE2r%^qvb7jC3oZ*|n}XLr-CSB#)`(Z1>Sae~TB3_LSis~gRGAJ;$q^alzH0{R&F
z5`}kAtxXd#4Fd67LC;n$c^o=bQs4;|9z%XK47U0x0Ja**8vOY0ug-P}G+|W(5Hyfz
ziV|Lfo(b&GT_S!_&0^GZQDu-SpU5Va$YF(l>~hfpRL~S4$Rb$-K99NpC?XbILG>6n
zv1Xl_mDLTJ>N8n@;{5Y~GZ!AT&B2y(Hz4w~R@tvy0gZkfKvz&o^hlRSs+Adc19q0p
z*h>9AU(pcwUlj!|SFrZw#^mdq>J+uzZr{+Tv8>lWGuA@tj~d6&g;$|d1Z)mY%L&|k
z+WX!uMGcdB=3<vNa}%QQc)B9KUoDX;uJ5MP|3uiAaNS`-CnO2o`6XN5|9o>t3;txb
z#`$nCv|^tn@V<V6!7Aq8ppz*8C;QH!f#LM}17np?(2(}tg8~6s2(Wu$rtPLA6kvBJ
zLd{N8SR~-E?0PA6z?YY<7W#|^b7l3X%auK68<`DoCfOv$TgRZhqdbRqrjT#Fq)4N3
zTHTITm8wbO4YS`H&tZQF2SSF<@MLFr^1bE0Tt51rbnHK`@y=_Z>~$W@KgWnqKH1m(
zf&9g+AFO`fuA&3T(uuGE**|}L#s}Bu;h5c$+Q}a=nj`u$!qIfjT2A?+zFsM|_5%+P
zX6n3Xz?yGJ^%*0mdI*2zC8Z6di01Z&TrApj<BVAWpyY>8TEGpQS;t$ANaFSjI<)O2
zwFnmsyuj_fCjLAe0XEmANp<H2K^B>xeV~vcFBT*%uxV=b{qH*`gi7{Ro7WD~<*pJo
zP;;aeZ{hdPTY)JiG@pV9mos_q=N&C_|LEh~e=Zvg{Dg$EX}X8ea$$=WE4XlxeJ~<+
z3EwWgRxO*1<1L^Lk2HDRlgfk1j(>5j96p;VXz`Z-DD>aep*>FILyu^}%nF#}1fBj2
z;LK<$yUhT;(@LzO9OB;X)ppSlz*xhN8+3$yB;6$f**Qk-SnhjTNdf_%o%5wo#txKy
z4UoA89|_!^C<4u-=UXLMj06iVD4?xak2s>d{yvha6_5+07EU8<8ynH5oWYjLT|w|M
z?3@MWHH0%1mWKf0=(i1}_V;Nz8Ij2XqXmvh;Np{S?H?ymeRe%DcXD^Uy?O?qa%9V$
z5oquH9g&DPK9Uz_V+^@yw+63MfIgV&e}eqwgNL5gu)L`!o{_O;GnMx;{dd61%KkUQ
z(MY`7@HE3+qS1fW6iM+g09%9QEM)6HX~kbzStJr9r~4(2P=As5mTpfGf12fPVDK0K
zyh+K+4`Pgx8egvD<7h*Li9s&)#mE`3b=Jxb{6K8zd9R}Nypibm3b;Ui2Kmn8L9psJ
z3W1vkxd3SXU4j=l6AZQXSoScEra<;Y%-K(1Q%?rcPvjAhX!H0sBQT&4a3H5%Q|F(i
zM^GHRFVy7r#RXVqcK`~q+pQQ6v_TjLD34&$g9dP~Fs#rpJGi(3^WhO3iQcC=hfU1P
zeC2|~8!+B!aePf3i2!nmD^fL}ZKiPe&rMUY|Ldlu;s3-UrvK;Yc6sIl_?O*5B%Y>T
z(0t9Bkv%6p6HH#`3m>~NH4`b&tv)i{Hek>5p8WW1I{_@fE|Gm@J%Mg)u>R?GFMuI=
z-Eq^G4Wd8a`A=&17WTK3f|t|34W7}#L6v)H;B-`vZ6UJ<$N8Geh~Z2%2`D54s2`IQ
zUXI&d<!@lqTTLkHR=Wq=miXTtw2k;ucmXj*SYnp#;zfA^Ahf(*q1dr94k*2K-9+Gn
zt7R7bV&t&uY5aoFm^)v?xMzqBmXRkze%@0_%cZ=h{c}O2o#?vGLrFG`G_tm60vEb<
zyul<))$AsnNQ1Usp0keQ-9SZx%iKM{Oc`BDswFAcV=aZ4^&1+8Ih!f{>hDd(7Z`8}
ztV2{$t+~=86ve%`_c7X1@8A9#PL3#HA@DAVu}+|qpa5%*Fh~ihj{|OdylBvAE{x^s
zXHnRQ@d;tHs&Tg)-sk7LE?;zU<gg-aapZa(xuoNczpsx3B6{w5mQ!$1`5IO4g>{8B
zqAtKm4I=7&x@8u<SnZ2Gf7uo==eQc+Xn%g11KIfi?+_BtwDLdFX|NHj>l?a#2)J-E
z!2N{|j1_{v2-R_D*>zL;CRxuI04FRtV0tWl{xX8ZG469GuWHhNtLnh*i^mw+bl2X~
zvP$|B-y>TgOi~I<@1HvBV*V&Jp!vu{p_Aw9Tmh_=)k~%2dg)BLk`CHdFyEa8Q-niG
z&v&O)fCL#&a~?F)-hq9$g(*QAjmms2oKW%dYv4SvV=pLQe+=eoJ&4rF=r6dpa=!T<
zn^H#zT;-r+(3XkR-BkVqVA>&dQ&(5FO&#tA)5_KFN!Cw;?Lg%UmRTFQjVr0%Bz6G?
z@H0Le;J0Es(EVIRlMMLOY1&3a)_UC>O4xb;6BX&d)D%CZT4#7>$S?&?e=9yrk35xb
zN-6JcLVbF>z5-?^u|Qe`Uv(=0vEG8!sF^R|E`6Ij<$Vk<xeow?5{Xf;@r&NOHbQ3x
z4Q}OJrS8TJOg(RE7R-1$HS)F~w0K}qCIzwrEE?(KS8yLNbU7c!gi=KCy#x7Qd9~T;
zq8G*&AgHK6o3e27t>zTWljXV8Ykg4;B62G{bfQ?#ZbXV&%I^uvU0!t!AZcK?Y!hL<
zrTVNk`5v>P*>aAM%`~ze@cWNI7*Q{Bdse2~0_Or`54-1VS30&Wk2xIntg2>>y$<Rx
zmO|fw5-6AiGMO*%xRkOtiS_Z<chCRiT7T-QOp&kNR~1sZcW;gUoRy$uCG=q6a|n4P
zDV(v(d(eo&hgaR+2h)zi&0in_`ed%dM<>fK5U>~q!w8>yC61~Xq0K=!)!+ja00#qD
z_p*zFxPxcHHEt@L;#0n4wp@yT1s^roo~}s-_8)sJG7^Lid|(Mcn3&wIo#KGVX+kgV
z0LKuL0_$pmo*r1@l0d((C0r_s0e%XNrNFZyDLGgdD&pXdp5Zf^qtN!8GKkpKR1=P*
z_Bi`5UWKul8t7!6N`vh~X31!yukJvS8b{iR!)j@+x>hYkIl#U5=Cbs!l9_SmXD#P;
zjSKVn)@Uy#5-a&**qn?7s9Ucy246C`kFj@aaNB;HZu0WdBVTUHSIqh>cz5xQ>CpRU
ztQH=VuJ;a@inquiOKO6{C?2HL##LRx?y^%~E*9wN1tDTJFq38Q#8;^#Ass@OetsOu
zQJ~0!(M(r>puB3{#5!N}fEQ@-vcRl}1Ens&6)bA*XfIwf?7+Fnvq9iiXp8E}$F<!G
zlD+OOE2Sl~pp(nTu3(V?$qL5Q;R71nGkdp5qxi{v%MKQJ@y4p-$`{}hw)vJ{p!g@N
z`S<huuPA(k0#|FoHSgeP&GGx<`CA2e@Qv`5ReVD27#IfJ%`jr|1Ott=y2~7@HRfus
z*t#9GI8^fS_ij-6CuKS1?WaM<M*YKxspmJIz68FVud4<idtAINW>2G|tP3^4nvztI
zx0?E2Dz|7xh&yt$mK2MUZT1wX)UGMRrd3prH9;-h-ipJ^IC~JvS;8=&Zmn5(wmr`1
zTSJoP5A)Arxia&Uc8AwJ74`PZj}1A38I-IHh=JLoKnd}bCZ4PqX=xy}&Yp{MM5IAm
z%(wiwDCy11)R)Tn6WSElJoy`fSHm7Q!aZ#=DHPknfqt5ZWCK#5W}~MGpQYj+y)WG9
zBNhaUAu_~{^PMY?<Y!FAfxAPhXtDA5Z(t=r4PK`-dQid_#Q_>^7qHn*M(fI0>;F-f
z--k*Awi^EJ+Q5noa2W8!%V!L{eg8l2w;le&S+~?*!R9VfVM1SCthW~PeD=t|J-4lo
z(n2gMGyXgjKkI6+inNVo?UwI8Swq5*blRUUiJMovr$!_5>lNIOFz?0;tnCJO;RS=p
z7rjD0TD!PoKNBQ$)qt1ZRO&Gaqd#atNWt9vX0t^6L2(H^m`Pa>4vBXHr9}ZXt2Q05
zCMaG#jBd7=0^L2MrrWc!6+E2pm}eX-ymvV``Y1fYtv<~nxH{o-r1&srj7m+-BavF4
z$k(3rPe5s#cBTd*2pwL~N4V5HY({O%?T+?*gHK=vdakT<(qVz4$EoEGJ?U(>0oClP
z_aju>(P<vih+(;z&Q?k4XUwaL)E8fQeN}{doC^KSXw4?AY+++zBRi3tK9DI%tE(qc
zW<RHS_j5}m75G+kxK3qQu79)z&S=<!2I1VVB}36sUBG|sTc;l^iS7w>ZU`XziuXh1
z>8gAbD4_Zw;w}f&x+v|N=iEla`y0~y<;NiF`b5e(i~xdu5R>%=>s9cF65wi}!BFdq
zr58!2KO!$XqB&taL-{RRFi!vU`4w0C8-UfU%J=Gkvnm2wo?XSOv=Sb#J9nSh0MtdT
zhvi-a$=ptT3uI`0xCYh;km^NzC`iOO7<boL7Y)H<<wR%yvv=ADfp~*>lENxevqv|(
z739&Dp6lkgGk6i8Nm%AG%cZ;Y6Ka^xoZ1AsbiCRhWco~kTyZHj<i6;%e)oNJ`yejt
z5$9g>!yUYsFzTKIK~Xuq`n4z$*~7|BzTfE-9=#?;dowjo^`HeP9u5jdZ(IpHFiEe3
z0txV3^z&Jhsn7c)W{e(S2i(<cqBz|uTV{~;>eF5JEuRGL^+xAJI*A#U)whBfd*4RI
z@3I(I{*|?ME^>8;xm{coj4Sftx@{NfS|?a(kIsoUdRDo)-ac9N<!&|c6VRLaHCP_X
zGt|4-w@#dr6SV*IYLef6wT|Ly=o}=#dc}1CCSl@1kH>$vu%|IohrMxVyVjdKKl?&w
zBNx;NqYeI7^Z~C3DI-O()wI*3zGsmYyOX~dcFGaU>nV;uf6IHcu(cyxE#DNw;GPbD
zVp0(S&j~qimf7)&R*D@6TBN3!bFm@CYr$oZv5XAF?Fg_>=2b4Cu&?Df`kv!etQ)Qq
zwx}TuxeoUaupiIce-u^Gn=Tsk<PwvH_T`HX#0zgMXglWEvb%@s`q|@kg8UTnd|p8y
z?kyb@xW15L@fb+_rh{|yRA<ip_)Ux2CoDqGV&eT3@bMN~#P0DV&(Ds3Bah6+VA?nF
z5T_n%1KB}5u2@a{G#&+6KbOx!y9~h+`U*#(3-?hLiKkRJA@>O8IrJfn!QJzj)&!A0
z(j2NMY`z48witKo!szvsI*UZxpc1J3Nfa!W8MGntQcByuo-Pfz;}C2)fTrb{QKuo?
zy9HR805e2_o&RIs2y0<ERosl|7pbj!;9W-7jcPZWSJY^(qYbmNu_8}rBO4c5^2Hqm
z$BuWi1RS5%u+!2cuP;IB=+G@depl)R(U6co^Jg9rDR$dP52E`KQh8)~u+W0~E(vW!
zElt3~*DYBH`{y*Ns|dR9@86|HGShOBV&%JFr{Qxav70O~j4~EAYrMa^2F))f8G(#2
zkhVz<?aw;TSNzNXdD$dp-bP)#wyRY2ccR!9F@LuWJCKFFmaQZ;80n0BNG8oZ$p!BG
z<C!nELnbh_=`JgilLsL8amtW?YZ@Xd(hZ}PG(;~3H5P_Un4dp9Gx`!?x(pdrKf4&S
zZ2<b_`6#S_62^xOH7PYRB!KXtz|;THlXXzTOq@|(k|m1_WXNqfi%jn|UR%q&c*IM^
z39jb{sI#WF?!eD6>4x4ogmFaaC=%=Y`yAv{Q}zxfVZw>E0J5lc7>6r`e}!z>LP$RI
zEkeM&+uc328GeL_OcBvQ79XPH?`p*IlnnW{CHe5DAx<=&N5_P2J<L+bcbr4O<YbU0
zJ6YdxncD!<j)ctjGK|e;ZszR6*G%rk;~r>+7BtUouV&p+a>;&xyHjpsuXdXuDNTyQ
zU;QfRpjsETBy8}>ZZ^>gy%_sB(b9Mu_dJ5GB=-rs!F{4dVN@tXtz_fH64LeM8eZ)I
zUdAlU;BGXu^8fMm)=^b<?e;LSfsNFrL26SHQUcPoX#`0{lr8}&0qKy~bV?)LA<|va
zt+XH@-6D;&{uWQX=RM~e<NL#bjKLu8d#x+xHRrsfW6_lrqqfk0sd!LMd)ZM6dKthS
zc~j)bU&{(%8A>|@(4WhYtnrDP^}~KR*MM%%C5@-D6`<j^qLy>Fp6kz#*uBxMqUtgo
zdMOhvhg|P^uO1)>I*-QB^1yRhc;k(dl5#zU^jU9?-j8vUo;#rJx9B8?rpHKk1h)Z#
z<^Rrse|^?3fhIa^|Lf!g4-nD1uMN2L@?z-kRcL6DpH)YfZ2U9!?f(GX<=y{mJLlSe
z8JW6kxUJc1B};+@8<_K1*#A=&%3PjN@|>4ZU8*p2U|#&fK=3ObSUOEXjFskU7TDhR
zp5$#MvbHLXC~bF_ZIiULvJyXdB1Xp%*s%6aVbP*T$);7vr|YB9MH#Qu(kSr6oTpWA
z?GvBtB>knwu3cji!8{`L<G!$Pig5s7o^@-A0}_I9u^mKZR{`Ntl#_UlbZS{d>;}9E
z5WL@S2=jvv^9cL81w3m4<;g;<K76YcOym;#(M{<XbT+@F+gd(T6pJw#?Q)-7=?PWf
zhnmEg!MPAn|19)FoapB<LvX{xO-0A8fFzy}4H%lcm9UzpTbaKv2I}D1SIlB;UgApt
z7!F7%BmsWFsE0vU?)TfmKIME8+bZJHib@utC>OJ5^6q_(w~o<irt{b5iD`ifQaeG{
z7=$s7@Q2c~0qx`;Z1!YafF>cH`5~gF%ZWlqItGoqUm+$GPN^ZW#%8#seBf8n(~aiO
zY{nO2mlxPF1=eETZtP(G(y<fFgh_Zunyg#0BFGGbE%b65{T?xlj{YIy8r}6IS0C0t
z`u&tNV|wfUV4%)6#F1%6dMAe?#A|CvIPamN)fZhFQ&I-9)t<<wJ3*{ie!I8p+itB<
zh~(*!nv&}X2oe{Qo@j+Kj<e-L10V2fR)6A0(97^<q*=)Jin|w4`BNe_cY1Rf&9tDd
zOVWl?vw6`ePab4!tv)dAoq6!46Prb+ladzw!qg@<vkLxb+~CC61dlNCf#bz`(%fOc
zTVUE9JJ|5K4H6@k<ED>d^Ei+eCV4UMhnjI@$(ZTgGU3N)8ZA~6c=eZSX551XOk4`1
zQ|NS;j@!`y3%bdDCJ_mi$^8t()><E`DULMrBBxuuDMN%^4Bxh^OBGKU1^4Y<E1G~9
z^~0m{P8{x;He+1h=s%6C)UnhC2V1&r-0+=4VaJS%>l3#Y<T<qR6xiF;pHCFlpto9b
zuOHILX7aRI{gFDRnXWWd2p9AoIwPR>GClR{3L8N)9XVs)%5Ydq=}J1<<};*lx<*;O
z;%k<KTpz_=%;RE_{+lrWlU)^sA$O7&U5c|$qS8gpKF_|XM!ZUjzppiW?ZSC?CQmaL
zqa^>|Hon3Y=6fE~W}I8f$8@eQ>PqS9vi81fVT_%)wxFMynV55o$&(P(v{NugcC>W{
z<ApOdM90E3@?GtvWv58WpdCb~FhXJJc$z5Jc*AtSqij`BRylP`oIK%k0(v>(mbxkp
zO?J;{OP5JD1G}opCajP2WKp8kk%qRwnwD7>(cou>+~n?OgL!!^W8GD83o(W{8U?M^
zhVjI@ZFllf(~iJr)X8M2Hy^Nba(<2tJV?f*3`~mfJUr(XgmSF~==9*kd$5L+vv0do
zN>6qTQRmTxJew5%;)arICuX8SYYvCy!XYl(<2^)moshf9JFvEcZj4Y&HE*NwGJVk>
zfjHC$44CdX;s=))sL|?~F`jVgi_0swz!A30x@tbZP>>gA(XesGX}YNoGOfk3>Eo$B
z+U#kNxhF>;Vvstag@{Wmn{+`$)Fd|j0Qn_41A})z-|GUEmbAtrCG?G$Bt1&KxF|-5
z!2Ff83F8RZFlhcGxLwImDmKUagb>0K75{KAv&|$eX5=(sg20BA&Zam?KuX=zYxy(2
zCaX6hv&MGrYmkUJhmdhZOmr1nxYIae1Xf5IGS*xLVS;Q4@<FZ#x&e<`GkL1>2&uH3
z$EvL4v3F0iSk`5}cIDFA<`5j@$oq(0BZ3$uw~OgCsb!TyDkkwV@|Gps={tD8Y*F=l
zs$kNGW@Fu;BVaZZ)kt$@Z@}13^XMQPU%K7TbC`P*!3lLXQld&m9(@b;#U_jS&YHv@
zbDvTdkfiEuoke6*sfo%ctJVS9V%%48m3Gj`fXhjH<R-7nh9%7mQMn|}{&~WNls{QY
zYr{}`v(6XtOstpHO=f(RZ(l9PiU6%Qg1l^-_%cW=M7c}Y`Pe=CW>QI{|D9K6cC|H&
znZkIs;Q2vHA%UWr`w8kIdF7>V6D&jPo;Sr~3QyQM9QU{}N5YUIb8YiD?=O+g|DNqh
z9nr@yY-k=|&Ar2CPvo}t@gxmD|CsF6P$K{Dlt}6b?)$UW>l?4;AnXi&L>MH&%p_O9
z#^z_<_RR52M7Av$fvPA1&VF~Ok^#wE+vs1FQ7QVy;yhnP((g}vWNZ3yFg8Mf)%j5}
zF6yZ3^76ugIyS^CPq)G5txA^Qr7(86%su}P_qC$K+6@p=o9@_M8PP=@1ClS`9}WWX
zH2TT=AHbd-kYPRV$0kMr|941>3AzIOm|9>5KxgtSS3Z)%0b`tWq57ZzO9Mlbq?^K!
z6`j8HUdHT!Sg-Ov*aK0qM)yVkuEKn_UB4tO3O*?;3^)Ot&qGhHdyc`jB77o>g?hOC
zvIAZfp1Bkp4NLK9n=kpA{BJkHK2OT4i+N!Y#<kVJtxvD%CmMe>o{SA{G84RuiRnW=
zVxDBr_yzUDc`$6e9#zKSnuo9W5;UB}Jp}2BLxgB^R)y&=Tf+(OkrCa!39sj80a;~L
z*qF#y6*hU@hH@X6IM!NvW4IHVJlE;;kXiFr@0~dbJlbX)Jj)cu?OKnS7GF(skkf7G
zb6bH@et!3?gEp;eIZvO`=fbG_q1k=KkI;)$DuMvmxTWMp=jy;c{yz`KoK|`R4JFLS
zw8gN9Or`>ZAM?p7w|u@Zz-0^mwWLI7@4eO)jJ)gmuNQzP)oM8J_vE7=W-Gl;dx#Ju
z$Hv>=W0LQe^zo$`k>eEy-yo)cL<2<NN76{A)2p9(lF35;q)Y~Fx!0BQw83v1B+B%k
z?`;)2{4B7$ME#yNs;&5TYxn5#G$wI`eU)01&P-JAnJXCo>Cp+5XO^kB=84DrhGPX?
zh4R-Bdc#@diBB+OBFx<NhY$X?efdwY1~VK#5?MIu#*uEF9p9(zI^_$;{76pt{-3r-
z9maX=|IlgjP|)&~6Zq+!>r+2Zr{)z^o{FSe-zh3%XGg<k$m;z8L7m)fM56p~msNAJ
zw!<Ogs8GFc@-$e6Ea$noHYhJ?sfvg5S(-?H=#L?t`M+|1e@|~6Cxm01&ilS1NTvG$
z3&5|)JI6)n<GJ5`POGSUTqDFHo7aVS#L>|KorfS#72b4RgcIjX5GsAa*7z2}w22Hc
z5xV2(&xiljknk&!Lt@t@Pp1g`k8i3v^|bt!>QW+RH{Yhe=Q}B+r7X#^C5nOBrof9-
zPyBjR1)eeFsch#>)$fqk-5p_!giS@xT-;HXE8836jf@%xORtLnvLdy^7!wWk8d!V|
zdj!viWsH;eGsM`y*O7rq@6=v7a2ttzJ0!xzu_{LAHjKv}z>TGy9)si%L)sd9acGvs
zuo)jIDvQO?UsJr{c)hb>9<ESp`C!FeBj_|zn}zn!ZTZ*!;-bgWDn{=R6)%Cv)x!6F
z0s}Fp5%+Bkf~Jd0xexbe#g9Y|M^e^CF*AkMp<;OfBoK%2P=dThKw<gD)1YEAAN?{o
z;r=2`N(77{0ahPFYQ>0TdM0VkS1E;cPeG;Ei->gnd=;f-%c2vPuMr!EiTh3T)U)N2
zt>xKvzKS3ta1Ai3s84wlbCpVeHP@82Qh#^rykb~b;$`%?fJrt2_D$`n3FVi4y=PYq
zffMJ`s)B!LH<zThOe?ytXoz(?7gxpz(_kU-Ds6|X159_K17fsNN_&WQR-=zPh>3Dj
zXWsQiw!Zdx9bnnVL~WAF9rGnQp3l8Ui?Ndc+KVnLODCB$vfc4;HHJU_CsQKrUZZF)
zd+KJ4$KiFqY{Fr{DCWJdTf5QXSEJXPXILYL3s_?bN*@=oes?dfuY2Bcq+7V$`cq+t
zMg7`0{Y~?}R#G%0(gNIYrpSV%Ozn~XPs4wE=1mwY2CgMIHS=Of`0DWgt9Aj+L4L$X
zpU+Kitb<?T(KiO3lAop}&U?qR&pwFytv{kn`tj*VOEk)2mk_Z-=Uq=RddIIolCa7g
z>Lw4lZy1vH5NuHXqut%8_H~t7f&cg2)XbTW=}n$7^IqR|7R_iDvByTPH^D+Vm*^Z?
zddP|q)HpKo)M3#byIa9f$8~)~2~6PUi^YSmoxlXH=3PGn(T!7w2fcNpDj=eeWj6!K
zlyR`~UYlr;GtM!&o=8+p!s%O<rCa95+*w`oCf)PCQ-{+`InlH9-?E-%XC!{&LB6Vo
zL_tkPoy>Vss49z^#&@tnF{EkMU}s1E2k2v10`44|@rxL4YpWRTI3t0S>&m~YM<l8<
z=HMSx(nY3-{NO^%-|;pi4a#x`Zs|*{#rgU9-(DBPw&0BPEjI9KsSQ6A$Tti}IvaQC
zBnGjr57Z0ColKOe@WHpcDndZ_QK}$vkLZgiyy=Lcx0%LZ3no3KDUm18FBcPA6kaD&
za|JMUoAa^Z*od4W;`tRhJoJoEm=F<daz#x|xa6ChPwlAO!ET{Wd#^k09FZagc^uC4
zmyxhQ{z>2%@Ph_l&1XwZ0vSr)Fkx|hNWE){eR1ndCleP176ioB6vcTY$7HSE(vHWT
zxqU`g9>m8%vh+VGE2p%8Wywd=+Ftpd)MSR<&7eKp+Q2!NA_=e=P=)qCFSGR#aaEn8
zr_&_M)3_G`g&;b&gXUD9gP)N@wMyB^xB#IKXc~BM1|Ex<i<n4y4oz`fos>jCY2W!;
zw8M{j0vpP3w<I&0EGkizYkrW+XyYuU=cVmrTrUZ4E+U%KDSZsadF2n}vA(Va7s<OB
zx_lWG^pba%&pi0<YoQ=EmaSH*Bzi_qs3l<<CSmNa<n|NDD|L>_%7aBWs}&3`F{vpO
zmR+<27u{>3+X@MQkLD|upD_CGu2J_VB*&v`0(rVlP#5I&>CU&WopxAA1Q)#{zE$|%
z2e6=_W#1fFA$>({Qu!a1%YWDkw}I~$Z0T$YOu`s*;AZ7apY#6*XPz+vksYr4x%uHm
z;KS%AI+e;kOiyKK6htsJ(NQy{$RDqkmKg_6^fB61yX=(@IDBc<A>z8Pmt;t0jx6um
z?m87>p`BNV<`F0*?2U7?ZZ35XIz1a&5iHuDWL}tMyjYSolUvy);|g}^`w{&5GNSBx
z-#=CkzCQ2IOeBwDeIr&4<h?2v0dd?Bz~j2y`ffS_&IAs-O+U)62$n<0aW34Kg_h-%
zUi3eV$H2aWM#qgN=8K^AZ^6jM-Zz9jg)btaZuhy{(8M^7Mv4J~YUKs}jg*jo4aOmk
zU+Ebbi|DGojoCYxbe(uC`21!Jm6rxdGaEdo({hb436~dfyliH~byJiFBRrfI^rM{a
zuJ7msVn*Uqegr?eohS@G!}>L1Mva!V=w_r|-cdtQ3^$PQ$veFY;5Ul+vV=MS<t4Pe
z9hBMnw2b<36BC6bA{9SAE6-qtBV3$BQAcab4ugW8Nhqo}9Q5cW6N}xuW$xGMx0ror
z>N=HqPp>YGpEqKO!{IZlkV(Jw_=Vwt9@fACAm7xRNxu$mcL5CDxi(X;rI*6<&)jyM
z7QX4Z-@269(utB&;7lr0ZQ)2K=HTS<_M+P2tBoGy1PLnW5m#5E9}z>?Pkyl|mJu{4
zyj`U^>cFC_Da-GOsl1~UK3WiA$})*19C^gudZIap1thO^Wsz2^fMH<n%p`ff2c}Tk
z&vpo+6$%5c^fa-oy!Ks<9veth$1Lu(o*C#$h{(J|H(flY`ng$+o&rNFy4pQ*&*%7k
zK0mgvsz)=4^X~B0`T#H*M~Q|kxxHn*fmhDRIpBM60BKp?sNt?&w!Kgxox|B~2BI6;
z9dssA{{wkQnqlThAYPR8oiCzzh^u+nr)~?Y7kL#S+^VlT8hqGs*0t0TU@Orwt&#D=
zbKYvTHg2B^+GK?DAhxpmjILX4@4|cK5*v3Lecn-v;07lpejoCQz$-$Cg)@VglI0}&
zlW9oPYrzE|eF(9M`C#a=&3q-^y$J~M|3iHFcY3)d>-*Slpg3jXjxyONx^NP%HM{M<
zJeB|cf~rs{u=M3~^QWb^Ha*`sxLm85FQ}Pasmk*=InZzm-cBnx)!A@9CR8+l=zKWt
zF%&)CR}i(Z{cO08TZo-R8Vyr0sQ<D#=wKbNC*t+SI&@xvAak^@H6p~4GJ&q#Ha?RS
zyZqD3JY9L63+GKH_Yv-ABcy(<QGe<5(U=dIagBfB`1&4$ecI1?-`&S3w}r_bBnI}e
z_j9`?Ib{p!i$u8<cg;OHSEkJ&rWZSG3KSF(JJY~qq6)Ey(S`R3NBiUjyhaL&D#{}>
zyPYVxABVgU3zm{;6br5ilIrw3M;m~Z>&4VJ_#F0-+tT(s&*$1f{Z;P3wH&w^9cag)
zZ+CFIKL8HOb8g2x1dF1QY9W|&jsz{F0|m=eW>X3-QoK&%p7Ha6{S#Dz&hG{J`4~?P
zz;rIr5=$xM%?bI!0sPG}C!r(B0;W5DCAL0%_K>I#hXV2lvODmjWpP<!jC^IBj~1?-
zLp;Jpt`D3?ja%aoK91h<S8!H@UQVQ%*ddbUzE6tL?S}go(cx}_rYk4|c>eU#-adw7
zWG98?ot-+l_VoDD_X5r_2njXGOcNfc1M_s{y*DD4=IVkossIGrL0nPP!%)1*yJI>$
zPPPcQLfQb?wuDA4X8&AF3V!;Xt=R)A8S&#~$m_LS0ty1R15?~%_Z+X;{&z~OdD@q~
z<b(3hLb6p4(y%&)9=C0gOPEG@idnQBbmDwPr#AN=0heyKYL>A{YPiRg5ve9&xE17S
zE-?o?gqLU66GNk8hJ>Vx0*0a4q@@?squRZwBVGQ}gMe1~B0bs2F{%tID_(Y3HXutT
zPBElP@hrlEWea~hT0&uT8SG%Jh6rB1Z(FP0yLY;TjTkkSy4%ZQoKMN;6)Yr1!58uY
zoqUAP;!BN?%=q=&UuEb#B_`nuBp&-T())5TQT)Yd<AfUT!_e4^NDw_oPhoNh1O$UE
zCrh#1pLHBeE16F2qCv)gixa<ezp8qeTBWpi^R~KNMf`Z}^MbHb87=yCJ=W3v%a3>?
z+&t*`tXQTf%(5yAwvm2cEUq!J3B%%`&mtxK!L^n0b`z*s{&e=O+Tz0ltiu}M9dw!K
zg@fkr3x`9Y|Mg)h5NwBtF6NHI>xQ5rq+l=z_|WbI!R68)!3iHBiv7aRETIuoB`&uF
z%Ai7KB_Bll55jg4igWbY3e|>JQ|#U)3@zKvj(YPoR&hk{E17txjegSoxO(Y8oDQ+J
z@2#rD-0iO@v%+0`rFUGLK+s9)p-*fb0Okzk2^3ggXCi}6B}`K`9_pLED77`gBe_PU
z_{s@19v06(@fXxON1Qr@kXv=Vs3OF1ntLO1gNI7qsvTwx$R|~$KLQy2Sl!<ng(#Z!
z)->VXMAp9IOOjgb68tI<nH?B;wx$D9d;&SY;V8Epk#7&i7FKd;ig>#_Tu{DkzuN}I
zZY=L-aX;#2x|edya^?g(mum8_B89$$iy{v1aFfO~MiBdUccMY4S%3P~Mhh%sWW@di
zt2>{_4t4}!-9Nh9i@ORvBJ0oS4OM>Bt8~c)?Z!mCKI69<XObK3A|Ngz^k==J3BNZA
zf4dTZ{T86e+W?2DfeD*x8EOtX{jz}*mop~AZ*)}k<3vyED<$j7DEC>`SJRtaw3_ip
znAf?wwdUwPchP#w$;)Z}ZfV>`G|&Y~L>zfcCAp!=g^}LAsoNK(Cy&AvIZS!Yy4#`O
z<g!ZkJVb>|Eor@doi|Rm^VlMaxt^=1L^9f2FS<IleA~%uvC%1s9Kl=h3BJFIYv4jM
z@Uz9^C#Lzx`#{0ke49_vNqCX`3V$C2cqqf`)vvZk7EcR?Q*s1NJWT~FHk@{6*cP&)
zAOCdwqcGwc=_9vVSxNA#jB0`@X;m6EKUVqKN)}y^v(eA6HFvY$UX5)0xDx$}hlpO(
zK~1DL1Rh&yeshOipS>VC=tl3WD|`lxC_?}`?5k6N_oH3sZIy*imp?38Kz3JJR>&3}
zgz%D~QgpsL+kaLF(?YEAlzKLr!2e8r)Sb4|lr;}%SJI=Dm4dw+%0R?G-%XpC!r4qd
z5_Gcj$bLn`R#Tu4I0$*ig!L{O@Xd5e0Au%kn6zc%(gy0+Lwa^}^ydU<60i>rJup(3
zzw|Gg-Uv$em6SFDLV9S2P?g}qU3sm-o8C5m%j|m!R_hsXm@ed?<V(gtCam~q@4IKT
zTmT1`>JY-_gW}f<>HUQhB}!UeF}5IKgDTpmEa?F`-@iAzlA_`czEuD1&pQpa?zQ^2
z1aFvbqEKvs^sjojCcfmC4olX%285L`OC%8LYv#v`q{f{2#w5dGo)Fke^0-;RhAM(h
zC8zxu5W9D%o*^4zSj5wGiO%xt<GVC}DMthf@#_>f=A^NBpMNek69jFg<q<SKAOGJA
z{rA1LmqL+XO!?!{rO31{z(m<IkcV4U^W7T8^I<(jX6t>|%zK$nO%sGp&-d1x1%KXL
zojpa0D?lWi7QYvxqtSZgrry68UUnDnAUw6o$ts&GiY+StcIBd7&(bjSL8}Z0&A}f<
z?bs}FlQNdgzdbk;T?3e@WRNJX`cvF$w({Gs&@%BOx4-3*xHfi3DJ1LBl=1I9Qhm?7
z92j-bqW&B0g2>eJexBp_ZhFlN*a1GIf)SezIp5n&PM>sW&&X7zb@WM2J&=$XGOr*-
zOMUhrj{2W)#zuwe?pm;W7@fH=l=Jd>i9P?$|Ae?gXn(Jo8e#l(%f<&E>4AM#cd}Sa
zw3obzDNMo6h6*q5`3r~ZVVR@}KsTf)dY_`(x4%odT4DWo|4gdN$t<dKSY*)R2W`Aw
zq|W>4-xU&;{Axc05~CkXEIUOycmJB17dYl4opWT)gfBfn6Z;%jUv0r!07c8RfH9BE
zC*umG!kDy2DxKO}JmHnIE00e-j+5PqRmaH??Zl9iw-zb9=0|xH1NWhMuOTgCghRT*
z2OkhR#cbE#;`czfmI{-Tvb{NRr>^Vx;j4~!(xj~va2ufIAVQ^yJvsyWDt}+p+ZRj?
zhie&PE%kGr!4Bl<@;t?3CI`?_S?lSW;_iL%<CzAe9p(5&K%~_KlU2_2o(r&H&_r0F
z=xHv!qXFQ9awNeX4kptY8_`fo?_y$L6f?m~Kc@<gm}lQXw({3a=|wmGv}Bp3qCzLn
zvKYxAp{BMG^t2hOdkT;L4QPQ@hj`frriQnJ?hiIlPn#Bd=ZQdKq|!pGXZ<5=W+~)W
zt-^}T92uA1mUQu$(yiO^lmIk71RMO7M^aJ%B{HSXC;#sR<%W&6Q2Pl}GV10=OXCuk
zlJ)WINtIH&at4uA&|hf`I~2v`-r^_MXWk5qj2vHPkv0LVO)WpZZ#R5&d<LEf!+xN8
zzn}OC{D3166GOB6^aC|x5P8gnq&b~I>G9*FjO*&ntcZ1X%}ZX=0d5(2)W`qxH2KkZ
zPp1_7>-(VnU26}Jno?<Sl*}$=?p9e55)OtBw+`ZDXmkuCenJI6&0_nc`sHKqyQ|G$
zCk;RF+8H_(TyP7xRVNKKRtEre)pO>7G~w!eTWvv`G~l=rek-?KRXxcMC1%l#rWNNn
z1Eg~*Ycx8N9iU1!V!Pi)0Nfo*paD&^F$=%;zJE|N^%Ark^*spvn80nAaVu~d@cB9W
zaPS>t@cO*l>+Nx7(6qlBqJImR_=@M?p&A7Hw!9aojU_>VK{#Gjk;(r&*(G)~jaPVs
zQ<Jf(Ft-Tbvt1tycW$i>j`)WPTy_}*fq`-`7uhhP#nrJ`#=jy+tSH(6M&6^isBw#7
zS;A%GH#a-xcUs?$40%CT$`$uUj7?6|kin}I&Y1jbOA<|$CaB^<o?)F_m>ML1Qi*!P
zoy9(T*`UzUX~#9B2+&-Z535kJKh3pytgF?eY2GhbyLzA#jq}gX`cD<o2X%`k7<Uj|
zw|gW72ZVL9Sn4R6L!#mA7oX3QyRz?gwY{GZ5e;6^#ax&v8wmU|E*idIfuH?@W38<E
zlIXZiG&|6ALe=yFnjQYS;}_J+b$=o9F=^~=W{agq0}(0-x9@Qi)4$bFHy>K>(;~OB
zM`7fU6;#xiGhT}U`EO3^*)cJmDqo@bMT+?OI94PN{tl^rB!MW@n-UUj@ei~-2Gh&o
z`mH2+ljqdJlUgKF<Ilkty$)&rE_1at>;LVI{XTve3hK;sbbr!Y?!&&|r;NLlP@iSN
z@`;ac6SexkJdQ7Z={=}dC}CcrJ!e4H$o22<l!pRYN+SGZdWT{QvXygwPK07s%s>Wh
zpN^66_GlKS`7U#huVci^u6{|VA-fA@?*1TU$B2Q1eM?46gNNy#{Kx)MEg&d}MH`c%
zW%j`yq5gXYq#R|XsNn++PqZFoN-Zd-i*T9`y-Rf^XE0m2+0u``UiC|Qu5|}@T<xC(
zf{v!4@s7mn3O}xyPvciw<F?7D@I4oWyPEyk@R$}@j1);mv;`!1p{@2MhW>>uyBrb{
z7o912abD<{YxMBqiF@b%e75d~B+Y}3+W6+H5Ah$3ok(9zM|Lt5|67m7sK9&;<*%a#
z%y@_!sg5|9k5Cj(U0}ZBvmk8_WQcq()+#J@OyqbT3!GC-8?}LJ;Lrnnm?n9N&n(au
z$OCErR3WW52u$g~ZP%PF*X?j6(Uh86)FmR3OaE14opBfDQ04twDj60ACgzLS9Ii=h
znXP3utpZka5oI(MEHDNu1XT1FnzuTMHy20d&iH_d$1C4&q?^dBOy+E8zaa}<yrs6q
zl6c?BZrA6%DgeiSw$e2CqH4WGCK#Ut1~U?l9ti-sa{?HEa6W}k+JjP+W7821Wx9*T
z+jC6eL4V+mn@#ecDx66HvV;P1S}YeDG@Xi;7Lk1>O%ueS*d!jG_)opw5RQ^oL$9*?
zC4-SFIA-}kprd}BW|=D_)&QnR4;6!oDI<vGCvLj1+_0ebs1D%`<it#L1}gq?M<xsT
zN~YVtnm!eeE=99FjnaESJVg4>J4L{S8R1-gYhq2<(}M0%MEKUl1GW%pX=zJ9T;|$D
zKimOah`LnTyoX*j`mG)hzd(VGY~4vm5NZt=&Erp-Z^Qw`7EnQ(nGJ!30VhNPc}M;m
zT&(F8^P~6*hJ#3I;n=_86h2ypIGQ2g-F<|5Uj6!+3z$>7M*>#k-SmF@pq|b<T<y~x
zPbC2AxdbCf8!*4ojT|b{$VIkW(87e(_#tbgKPgYf78pkc4=(39I;GW3z~lN)n0Q9G
zB$a!#^M;f|Y116)oAoZSi$n_3P<q4T+mfQwUtgwZ24N6R6G`i~nlM*fOH@4dm%3(v
zYhBE&QhEF$NxyQ0d>3sH6nVlm!nr!!P+Ao7T6=M*Jx}V}Ga8GAM~HtejS?1WN*+^s
z<<UmspwrstTt-_bVpP_#M$-eU?gTlJP?e?qWqUHG2BV@i%Fjg{mMwPsGxM~j7d}2d
zW?YLp_?NGC?JX^f4h4W9{mah0*9wPMMWgM;wS&8zwkz^|Rx*5v6k2g5YcQ4(iF6AS
z>r!+4Pro)m;wPk+_ox7>RNq353Om0R>VEFlP_*y9&#E-^_ut3?ky^spR2Km7RX&qb
zM)zIpV!;eTShQ6s3VyRoAlj$jbmBtZ;}}!on3R9|a>#?X>yo3ngXelWpA5e>%<1f6
z)%sXiv^2-qADtl8^Pk82*I}7gfODNaYcOnHgF#FfP^MauynOCMiY9#Z^tQ7#v~sks
z<zIQ8A7nQ^`ru?!A^5&hjC!%vbJ}fgyYhh~Q9#XRiQl{h)46&7(n7DQlVRGF^)8j-
zd-<a*VeUQ3o}&4WLwXr$IB21vQYvbSCUy6=r#K;Pd4ey;P5wQre;2UiFrMFA&h(8;
zgnz$(aQbCG(RHWCO9$yTu|XRG+XLzPG`5OO*Ww1>`J-BkRqq7a&%RkpdO(~%n2<CM
zA+e~HFbuoXsz$(_RyfMXf^F7nneqDMlVDiOvs^AxuOI02`;8CTV|D(n1K{rT@Knp#
zX}5c-_Dqf{D@$Cpv+^i|*2FBTHB@(g0qMdC@YtRGVzasfbiY<$U7Nt3tRaX`aZ{~;
zfEaPKIb!epIMY|i<?5HM_s+=`7<OpWJF8`gStS&LqF@s6?}uueoPWHCayS51AmhMN
zk8>KxJ5+AL!L(=^(Zre~8iD1vfCRIq*k}jZ6SH0J@sSk1KFtLX4>|h2;Fsw&O5frq
zfukW#uDd|)l68laU8hPVQzHGg#t;^ygSYGhe(t0>a3EakH&!(f9*JX#?o=(e@V!2p
zwJv|Y$2e*K=l2cgZIE)~L>s%JZmn}y$~L|&;?pUrs2JJAqQ>R_c@y^1QVZz|{C7bC
z`}aHf_d`1#1ev>osWYZzU#2fd-(1Jz&YkeRMWY2}V~CwBWrx4O=J5;lpz-wq7U#S7
zYb9W(dzm7t^v(4XQ;UUs-?(2SFaV>o_&=wvq}wBQ7>+XkmST#(phmH1M48EdWeQNy
z7PYqmIfM&X|8wnL5A_1j##1w{W{mfC9QsX@Z<v1-`uX|c|0vVU4`b-~_Q4ngty}%<
zkZsKV?RH>cZtYTvbP4ZSM_OuXuq)TRDlL@&?2#~*TheWG%oh$F+H~EU&jz#cf%TIO
zB(Qy9@&fFQy3h1}<sia~6i@6Ar|@Y3LM6vG(2C04G9A}}#&bh@sXB`u%OKMCJV%T+
z1C(9i@=6(G(V1jy|NBAx@6Q030^?5hlsSR3#&D@p%aG6-yOO_tA`8jCua)8GvZMO^
z)z@lWzv#E@j|@xFF3r4hF!j^<9<v>hde}4N584?zci8#;*TVvn7ba%m$d?Rfav@ov
zVknxe;n4YJ*O8w1v4LTF$M1u?#wHf@R$V%w^Y8MN;(B-LguA(<FJH+B&4U(Ol<5G0
z7}e#JnA?B~+V{xJGJ{gYAwcR5!@+<ommMu7o7}&z<u9P<|NJefgfSH+dy%SJp-<N`
zCGf;?@tEl(sfN+Cr-t;7+1PoEC@##u>^LrOD<|Y%+vDad;`_xHs1qg~D@p%*jNsoG
zvhJ}7EYuFvb&Xe^%b<+BE4}HZYtwYpqc>vu_>Fx+1tQZhh2(Y8hffJt_4g|()DO%j
zfl-!jzTk8cy$t4utBp7;0@`HmZ{pEQc+W&2oJ7kM*_LrRDWNeh^**1)nb75b9w0$=
z=kye-xIN>G=o%VF0qv`Wa(DjuqZBou{W*qVckQ-I|1D4c$=5LqgdrXjDiYh;T3-{5
z-#EF;-)W}pG=75@{!-&ze6f!f`{-NPg?R<t!T_yXan&YMr^0`AXcVaQ`U9r0XHcjz
zyeuZ(QA`G<<jt+q!1osSiI)iA>75;jLq6LQ9B%O?EgPJ!=X*(PTD`^|%AE>WjPem#
zpsoNqv^PF`^THpR$_+o+C6t2!Ge01J4%Gs^l5T$eyxW`63S*g_vE1PGBS2iYJlPsc
zbeb&0V|Pjyab{qo{0J(fNze+WBQXhRRrH(QRHnVX+%Bwf+Eg97NPb{iBpXV!GvC)2
z?6~>GwlV2}sXXbIX%(Ld>?k@(yD33${aeAnB0m_^dOrdLBgYxn+g}b;1UYdmY9)NE
zRH_+bDUKTvzx64Ih;pPir2R${0qcKghmt3H0>F{B=5f{_qsHLE6v1|vEr-}pJzh71
ze4Kwv)Bg)l{`KIc(&%9>o-Bce&5FOjd9!-XO_EgIm;5g3mM}z6Sk%w@D1n8J)Xf`u
zk?&fHPiTR6l;dBK3_L>-ojFWoL_mYABvSen?4h*;wEHKm9?m5%YG1X~T>=Xgu&0yV
z14#3WjXL}fUnDiY<|w%VbD$>;uZ>^LH&kBKO$n2Yw_P78zZ%QIsI{8t-O2dCqSKFi
z=S~iY1{$wl^Q;fV1+zaZQxSG#vO70F!3!@3Q!OX!<?$&WWf5?!6_ubyA5|fOn&TmT
zhK7N-ci+xD8rXxQJQabRfR|^^rz<6e;@AIjgp5NcE9B*+53m#{0s-f8a{COJy`&dZ
zCM|)ypzWMGVT^BMqikf9)pY`JrTRzFjfY^YJ={~`#JcejC_Hy=yZBP57r^Nu%el5d
z*Psn)1D-KjKreh^`@tT`U^i8gF!gYC0QBUMg%6?-ZMvXoT=%%uh4htCXW1uDSW}6*
zlu9rSUjR|k2t`<+2m;ivTR{9ZURVR%(e47d)Vdx%1hrgFs=$qwAktX0xX;|(9rdWj
z?E*#V_<z?8|K~G5h#dTSR=X^E078v7D5*?gZtE7wJ3TZ!@6S)t(_OneQlsXuCXOue
zkHrcx1s0gv;g&+ZE9u&2=Rm$v3>J0qzg_}sS#-Vb#tRy}y>SL)*e71vrq#PsAD(IL
zFSG*hdY?CkD{={#$X;MuI_igxReI#RCg89l+Z-OR9r~E1{WVY&zVfTG`Bru33_Sg@
z2{p;bLUaN)6yPQd#NS_5t<<>!*5RYTZ#C|9!lTExM^%Ne{Y5&|j%lLfaf97JtbM03
z=fg&%Z|-Qde4wyyV9MtB22XX}5k<K$j<vPQkG;x9+g@00-5_rvR_GU+<1^P%adR$7
ze*Veym5<{hI3w0};TQ8IV8MIu=s-VCpp>nU%gJ!ELv<lT(NLT{qTL#{#I~@?^4<DH
zLf+k#bHfg%DN>8b1UkqUSnSpR-#r;XK|M@v;t$bScHLgi{}bYsiyD3>xL(+w_es;^
zHmmWm8`D5G-GG;>Lt)Z&X2=Vmwon5UcS-~*dUq`@B`@m~7VFqY!%rFP+NDL4=dhd-
zP?T$jYp8aF$)VMlf-1jcLC5TjRoM>>BmR<B@eQyncxp~xGXs{wDT4S@uX#Nh{&53C
z&;qaBpZfK!wc3k*ndAzfEzm4bN!bFO96!+F<og7xzkv26P>{{FG0W@btAbl{;0TEw
zyBZ&Qr@HVtj(KrSyiKXXRsBh|#mx0`|1hLwP4=tfS679GnI?;S2aU=le2FO{&aYOj
zB21n1H;ySNRmdYoAia|+K5yjV{A3nB@)2jRckSkeFV^*7A$$<G3>Gj17*!#JNC=I_
z#u0z6rcavx&!e=4_BT&FOk+x*L`}&^C4A@fZ#HUwfOfR^CL(%1k`(PorxBvN)(Q^`
zTj~*5jixi|i)eYnyr)@r53gTR*QL<>J8o!Rg6O`+Ru}7soV1txOi&Aq_QJvZeBQu$
ztzsS$LY811MQKaDm??mkDS<9Pd);Mk{`tE;m^=>VLkVP<a{+4(k>~kl>)C>qGmEVL
zMgfD@6zGly8rlJPAx^p=0AP@fwMvmp0An-kC$K*a16HFdKwn<N4z_wOXfR12p~Qdn
zM(_bfl&{T})l3)0D!cd;g?6Fe$%+kO?HiFmJ|4dNZtAvd1XW=jN+2GOy1-Y=9&;P*
zu|yU%TJNH^PZt|h4<)C`|D1sxZW9HMPm8<khm9*KnSdu1{={}_v+I5Vunhg775#}2
zQ$R>)=B4oY_c4%Dn%s{IK3_H5-qr~qFy%bEI@y*1D*wuLFJKbz2GncLdz+huo#P-V
zJxdQpBGsE+er^F5y~LAV^m$jae%)eCW@Vxq(SFB{fezqX@bYQB9eI^;F1~=gl?m-+
zS!HOS%F)Err8B=n%CYHFS73j0k`2aMp;5lOQwKIsutRl(FNCT7e`oC<P$Lhn`@MI|
z`}<k%;B4wAMqf|VjVgUsrOidQeYwB*&pBYjKy|RqkAIiw<3W$65jDx<)i0>8k#zUQ
zH{t5{taB#U_Yk<DVNzAMBE&eVBBV%`<>33Lx0zDv=)!n|p7H@l8FgT@=_v3%C<c*b
zG7Ew3OgTsd>_Brs%1o+I55*`4E8+;r9ui8IfFv81r48JaoNt%uu+Q57)0twBP@c4T
zx$Cz~oq>QqmBUI_tKJK;){};B0Ma0Qf<n%vSJe5<-zJ1#{WITPp!&+8xlIHy_?5}Q
zG4=2-elbNq!H<X3B2I9!11j6YFhpZ0)Y3)rcVu30yyh}!(OE{;c&JAAbb%jL><Nkt
z`WO`O3QEX!-q2i98M}W1DwL@LaOC>n`}8zqdX+j>bzre1dnw^p3h&-d9x~tB7a6Lb
z0F+WI72=Zsz!>28P&%8pzj`&_=u`vb%d^d{<*!%<*|bZOU&!J@p%o{eld<|(RMXT=
zfx?Zp(}Yi&Yr5p=P@2jYjN9=Q58P;o&!mAf*xwfi%1T>=v&|F=kAXpr_5v?5#JjE?
zfa30#-G{~uMt_<O-QMeG<p#C7i5Hl&+J&k#07Fi_Nc`;dn6=uSkBoc>NU{XUcX;h$
zD-&R^CVSfgS}fA6O>*%zvS%acoe$?A$40L4dvAo#d-rj@OssnsRX2FEsG$iCw(pTe
zBcB&3BuzhkJ_8Zs;2y-xd9->A25|gyCA)va!QbWXeTbO{zEFkkUPnN1%Xxy|t0(2M
zJz*pTy!qi;W4``7mmhUI-rQ_(&em?iZ*E59@8Eg2hr1O2<cfHX;9&XZunpjXk;T1g
z)Py}IdPt`ojR}TCVjCaT$hw!CMvtU2<uOg_W)?%<uj6d~;^Y%@WwcDm&1OPs>_f>6
z;@Q%B2(Fg{v2uj<zkbds02rUQ70gpl05hQ{xzHas$P>C<g6(zd*aZrLNACutE-!)8
z7w2*sD0}iJ`Lf_>{zjl#-3G>E>_3;gf=Me0cJ8V(J(vTn=o7#T@M{l-)v41WbRX=?
zyThrZTW>d!hY49cX=v|U0uY%c5K2C&ef9JdK?A1(7*G7DHVhApy-Q0lzY(kl7(uJx
z<5|)01H`&1C_>n2;*YaRHCo&p<nquR2-y8B(fi#jiOKNC%0L7nB2gSKR4YH)k%WIS
z)*xRG;NL8{0qWJ0ue$bQfa*tbNEq%z2Uzx}d*5~65h0ShbGCqnTzR!OQp*;V-X7pe
z>@<o2=$N?bQ+_s3G)A&u1lnzR2K<v$zk{X4={u<(56s}g(ljtxMdWp0SU>2(NnJuo
zcc!0SGo^!2!E_HT`Rd+EIM;(_F6TZPv?FK_O`@h|3!{<tMpprm>#!IBpZ(X@+KHkN
z0Vmz`gr5W6HA5LIX<XCuu1-ZdtKP#sr$Kkq>71NgFUyaaPwF4c+euGzo?@dpgrQth
zI=nC%yw8!ym7j+}LTz}9&HpFy{J2d#&ZSKGgdp*B9imtu=Dt4Op0--G?ATR0IVIoM
z$XpoFh?93Nei|-+B0XKlpJk}_UgAReJ)bFc>*djLDRjkNaMGX9SeWb|NW>0&OTNa)
zq7#;FIE>U~u51E!ES&iyg{X}0S`E?feeZx-FH*o-`V(OlnXE8u9^__u^`=yQt60sc
ziIkHS3bH{X_*+DAnNr-n8s{I{3FNW@93{7|f>J{0*|_1B@DM*%%oPf0gdaz+b+5Wf
z6Rp<|xkopVO$hY>kMBSTSulA9`swT^*LC)bs`sCj@xNrL0TTMClHVYfz1TyD6JS2<
z0OwVWCg3#|13k%4shuv9yJXLuB@t4S5D8XaUoWg4L{R~pdlu859{O5+OQtyktUQuC
z>1zB2x{G2iQqC8Xn!&=67u1iK(6R8J<cUp2*2%a-b^_p}zd_x~jstZ8sZyiFNBx1U
z$Pyj{U5IP@9RcgF91nfqdj4w-wsQi~4F*L#V9$*_+h8)e6M_O#Nw|vQzYcs!p)+XJ
zfT{T;@*}(6@4rT>Fm%*mZ{jOk@>~r^`eOPlT6*`W*x8EwykDJ?HrGZ`me&;f%QNpN
zkC$g`zU-y`aCF%#6+8A`ZEUpt@+H#U0hh0iV6&HBNbvn(#uvJzvq;+qbW}e&Dyy$H
zPWCcVhXga4brbWz+yM{u_sGoQC(A=^rz$oblJnTl>W>uuyNW)*1i|O`fw55QSiPvX
z(Dmbo@Ot~j?1$EZ<JpWX+mqW)YpXwGE{->{ACW$qn85p?-YPORRk#uNbSw2xYwO@0
zu_}OxyA+kF{`syecR(EKC5_dLf-iBQwOJh-$+5l^Xv3^}ZnpLCXb1*7_7T%RTy@V8
z)B%^C^c@aFjJ3}11aw08^5Iwv86VYk)JvMZuj&|HZ-bZ-4`Of<LkImXF;Czt%rZo_
zYVa^XUDEF`;yjh)kp1?;i*MEcKnJ>r6DVv8gzdRtNBP7%MuijRAwj4WoIpBs9}w1_
zn8}`C4?0)~4Rb1b0)&yi2-P2V8n~bNUsBJS@)w<~52tA9OJ@QA&Z6b>;B59IN&?$4
z%ykLaMHG!_!E9;ys;H2VPP+8tQ5%rnG+(*5qw8dUlnKJkZgkol2Sd&6A?{B#@xd;B
z>d<lK5Kq9!i@lW31X`d+a9rasM1@ShNd$B6U5Gp@0~%uy<_h}Cy+MDIERAon^@Mri
zMOf1Bc;IlUVmJfMCEmI;4AWMeMdZ^hzeehge7mTDGn*Sqtk(1)&+|`(aa#L%+)CuA
z!{OOwUVnajPlbZr7DUpmuS8!jp@0;snW+hK+|>MxW5*jFlWu6ZBd^{1K-VW@+#uof
zGMprhj52~9CusHu!CZ=}Z(^lSies6%iHu}|$C_OC%LWAv_-Iq-Uba|B^vc7KeGf}^
zjB_Ihsft8oPIXh=_aYlVX&9^h!AE!uM_2k`enJ?{`1&uhT(*E^OF+Xa=1lN*_|dmy
zCjzj?*>TYen6i_8P*&#_O!Ql%N%rguyaCPrWWBv%vz#$H*~T9ef2kZsc)59WFc{d<
z%CKVmhf6d7LYO&opT^^4iG01yl!a5wO=Cd**xvX!SMz${)q4qRS{iYeFos+h5neO*
zb2%jWvX{G`K$arn)wfdm)3>K`9(7X_)OPi}t%qL}YJ9p}4Dy_~)1*5i$|o8A9*Dut
zp#AJG=S|s}@1T{@FRdnVy>GW*uqvK^r=hacyz>I#5EE7y7BAS$Jwm*iRUyQRmdC-N
zV?1U9c8Y{SFfr<Z56J|;L`)`q0|mUYUQO3nY2_Q80Z$0l1Th-2XK~9}mKIFgequoc
z{q{QT)p8W!8uW%d!E`dI8eGyl@A1Oj;YEIKK|KOUC}y@@PZ;T|4w7ZV?5toXj-6V|
zu}(eYx*qrCw*63~0@nNFqH>u-{2=w}mjUDSxQ~2Z23*p0;+kp@*~&G{0|wCq`1f@D
z7OXXAdr|}g&Iz)`l>U0ba*sG1cSPQ-0HZn9i0n12fV&L6Z-7VT$-L9Z7)Y2TN-%R^
z!>nUbefgD13HkG8w|a!*?1Um<nC;$Q&*?E_Qgm9`z(s(Hl{^j~ZRL}yh-pIAi?9oh
z4LcDI_KiXhK8%<K;4EcD`Z7%>boQO`ama#{$$foLgMQ>PMGqDj{#^0A=c&x|-n#e4
z#uK3*BUv`yl%=63p=5lb!keM2><GH6@Do*dJOk0%%=$sknr~zb0e|!47iif_XLE)s
z&+wdI=PuVj)_bm~7}8be%g=uMn+>4*#Uqxw>`}`v#bI)(E(>{hbM~XPR0K2<O36M2
z%0HCNmCbTC@EkRMaTL=OB&GhFCZ*=#C`xAyY)X#^A)07tuY=mzVjh@!Xwx>z<n~@m
zN&Xf~{eori#MAHQ+AEYHq?4hOG<0NoQSGOfnCBi^WF~)rfZaExMW0jp1Wx_5dr>#>
zBCVr_?|vh@lZY~Cw{!oeTVNssA<*d?^T7pDAx7<hEC-D<U4X!;W3+;`=?{vN^wq#2
z)&0jMd8fKKIQk%)X*2P#mLO`sBqAd5Wx0?J0Jiz~Vn&Ab8`${3I-c@?;Gk0>^-#yq
zX?-qDEt6`%uZg-S>ehgl5I36@s%ZkuF`l|TXB|a6KxcOcN-<^*2*a+e&EtBR&FRg$
zSqy(_lKrgfU>6E<BkRec?9Oo@TX|aCU}=)er4~%`^>m5)rn{3x0#30quPvfC0g)}*
z_?#vj2e^##z!yRTqPTViz%1<5S3~^nMD!lkQzhn<YA1y2A}?@jpJwQRR?#mWi9#I}
zy@<+Iyg5GIATO1X-yr{FFkBQ8am>B?;MJ%TkA7;#>b8^Gr&GNL0_(|hcT;&=9uf%r
zp!iIwnoQtnQn&H@*Pv74*KZ9%L-yqcV0zsxj8;{)`yh`kpnX$L5|hF0Y%g<&YjmD8
z=^W$p&VBqekHoR{Mc%7u<mg^N{dW4ZFpUL0E6)0r6%^t?urB-Q&kf|s$9E}o<m-KP
zxcxWMzsTw74^}$Di83oHc-Bce!)w8FNK_}R{K!IoY;5rZbc*suKR*G#^;geID}8pe
z^cx+S_1nBsK!fnX<?8*qZ{)VPaBqWJG7sYCZ#mr-^Lg>@IAAyn@oNBsa4Uz<g7}1M
z!uIR6$Tsoq^$h)@5vne$zOozYrX|1k&0<~@^6rl7OM&fPPl~-LeKrdUR#`?y{bc&K
zR`T!1C%Ve*&Amm=y0}Lc{5fZyDt?}@KsTFtiAUWb`mn2XQYlt4c3kGadk7+Y)K70N
zCiRp#7bskKjEgsXc1~*egz&^kfBTM~OKMkEOf?N}dl!4I;=U1#$M(Xf{tCbNI79hJ
z(4W!d9K!f*B!RirB3!m^c4P11d3e?x6Q<Z~+#<tvfZ2X*`}|glLMFKw_-(T>(0RG5
zXYd8J^KL3_IU#vvSUHi&f$!n{LFx-qtemhZ&|VfQda3WAH;$wT>nb`W(w(8Bp*;}=
zxMD#k^ev#+C)%(|g0r+k+0)6Dp|w=<ATX1VNzzvRMvB7ZoFqE~YpMgd8Yu)eeFjt%
z)q=_2S<qZkC0Gf0_B`wb`D*Z}A(ZVUe#%QWUxKU^tbjjXXE2>L{w}MQV5sNRG%Xx7
z8wud96QUj(QjNu!?jul+9}Wwj24N{UvDe)7F=yrM`^w|$lwcE7XM7B8Gfuvm(+vG;
zi@N=pBIB9i^kTB|51$=thl|Lj$eAU<(02#Wb=zzFO7o4j*+-@=FZVv=`Y>izx23+l
zk7BW8JCs#n!GAI^V?X@;u(>^B;O-}Jv$ZC8%n6vKLnQVu9#m|$KYo8UZSFFD0mCV8
zu=)L4;?4Dm_@%8e49~5Yb<;WUV)Mlzl+v$Z%k6=&s~M1W>J3qh6vJpu0Jb<dfDFY-
z3w9$67!4vPOw&$|p9I{u3|%6@9!8rU;OUurk7(xb1B*h_37`rU>kn+{0w`vZ>lu>Z
zdF`tN$Cm9k4ySk=mC9sho#2qO>8+O7u>HkZK}TCS-c!N1d_)&3h_-wk&;*M+Uf7xo
z7;r0oE-vg*jj`b=rk~x5_hVFHA1_Oj8Lc#p4MAQ$n(QDs?%(ravISFe5DV`r%_rp&
z@1ebBrij>_|I2HU=ycR5@(6JRxvc_YWE6p^`*NvRK>FdYJ*tTv(-TTn48x4_f|Wpd
zd%<Bg89LbyCWTJE566w$B6^(PO1`BXYDkS{fyl!HOj;%?!lD{~QdC2WWM*FhLyfM1
zv_5Uk#=n!&ZJYHF;x)ceF!^n0B4EgqQ_ug&e5hz~^=P;5#r9SYaeQ;XQb~M$T34C*
z(iY|Ck^<LcOhJMSZ$+oy%|jB|$x03%RXVyeMd`bDfpwc2@L0=l^S;u|5Obg0cv1Aj
zcnrIZQ#a^>?#Y@I1G*J16CdkA`f`ju^z^PF)f3y=o`r|V*pE+&iEaQo_39AN;9jz`
z^@j;%2-;`7za5Z%F(BM&GJuOatRRn`cGkbVCnmzt{+jqsFrC){>TMas9$$X>xZOBh
zgO-ey5Z@X!pm&sq<qoYD+r+(rI~k<P5CH$hz|*G`%}3XEvPa$$`6qCM#IzRR=9hrr
z`P3uke92JG;3QkCP_={^x=2M$T{?-SVF8ZK)8u7eUzEV4z4GjD?7LjOZ-C9%Z9mUO
zDlxy<?8<HXtxB$TjFc#^QsuVO^NaUKG4L07>s>&Cl9%Za<SVA^fSFH1QV2Er;=I;R
zxV|sfQMaMldj}W_sV2Mjd<Cq#q7BosH3ilM;AG8uL^%$IzQA7o=SzTl7i*T(B^iN1
z(aGTb@|otJho`_mw5YL)%Mvu#lb}fQegukejhjk69%^4%Y<wi+N-BNh`{+-Aa-XQY
z#3sZ$Tzr^1kU=SfXNpgd_A^i!)0m*m!WQ6!bsqQL^IPTkJlnq7uphnwyn=G6r9;zQ
z($7j^k&0gB>i$_9oNA9qY`;6D(r{|Tzwa^^;=2}&d|O(1j-#9~n1oN=EHiB{ktZg+
zsv1bZBwW#5$s=moi(5{Au-t?BP^4n)L8CjENP%@oN+)0uM=?!HyZrud=b(JS`CxQ@
z9-bJ0u@+M&^$G+A1&xOgGEVMI0V*&n3yn)#=Kz`E7p~oN-!3BOzGpPO5`&e0AJdlg
z?<te7<9-#$LKu?Qeo0UNis!U`Ioo;$`#Im5iEW^chhON5*&-c)*^;;M+z*kY<Gj!M
z$&*g~8!vP5n}HmDmlLeXECal|LTg%bN0J`9BsXHFT#?siJkFkb&+nbx^sH53g-MZ4
z&zSHbDt-Nta$OUJBU(r+EV!aBa~Szr-PKs}#HO3-#_T5?#l_^Q$6R_%Dp&+`&vd$-
z=T=L^hFP+GXPV4SYrPJpcbo-WZT+tk*-SCnpH||&waAMr9B~Y(9(q-_hu`?1Z1$&}
zFx=#8*#(63{tM(++nGUAr@(7kCBIccg`FqApA_jB|86Bb-lWfno2w6C3%Rmh5Z<v9
zjiJS7t6_N<r=R|ZA?z{UU%a`$ddAlTsGq2xhI0LUx}X2#dO?&VCF-T&kj&;@)g5^=
z$mhl888*L>gu91dzPp{H1|I%~9v2v>bUB)z7NQB8wuS4niE>T&R$%2&O>V(dNgvt4
zz5ODvOn?FR%@gMr;%H!7j8{1D-ldmK0uFg}B$bZ~Z@uWls{ATy)T?+tJU3DevOduG
z##<EIUekm*ZfaU0EWXnv{{5cQ^W-7lnxKQmnQq)8D%=u!06?V>gue%jqIxqqcbyi#
zuNaODUa?y&{mz!6*9jhFd2=6d#(ws8rgH{pE`#+<*f{aPJ&c7zMVf}7O%yrRBTcts
z4c0@?!t?;zm7gf+b^f}xlCpvEeILNTrx-TCrmUwAXDV6&P6Dpnj8Vioz)q)D=#EV2
zVVM5RWI|&}0Q;RLx`BKm24238z~<&qbA*PeZjn0uttZ_UfaO?N$)p<z>b$R9{vTa$
z6;{>O{tZi)bcxggl<sa8B_%1H0@5Je-5m-@H%Lo&cXxMpcf&i`d;9#qlkd9Lfd?wA
zIp?_N7{9DKdyf>eZmAg6OZ<wAl7R%Ehk|;YX#qMY2~Y=B!MDc2+8e1LU(lG(2Nfsm
zq(=0&xnV;K7td}NrNqPWm?l|A9Of<0E_c9^W(lRIhVGx2{^-_zV7%$pTvoDmBw$nt
zM2jp8aF{nMtb1Fz6pzE%@FlK}mkSpf<1K`TzyQrWOC{zC&8FIe*5DCeWZ%%LabR>s
zfW9{t!|kD(!q^d7<JZiNqva;zJ{huwVIm`g`T9uDNA&S3pyQ%n5ZJD^e{4m_LS``H
z%qaCO2PoD4SFbFAI)!YiA`dgL{S<voa&t+z1hBj%VgAEfm}p`YQqF`hOo*sCU<_tC
zY`5!91N=3O68Ggw?>itVYi3o>r?G^c6Bb=~tG4=Y7Qi*+6$ut>vT7-SFQJLs&RQVu
zV9xH(3L@Dz0DEvMINW=fKpjAqtF%xm1+hl4DkpOLwuxpP06Z&!@X0ECYztA(tIba}
zP%E?fZzw=kqIk33A<U};9rm0HaySlEdOan-q`Qw*IfctQ)J|soFWwSokz~X4d+P>5
z2<f$YZ2>q#Oa*$jKo}B%f!vd@Kv+Za$m#G7kOfRdyE^NKiCznI$ZqhT`qh&VSj|Hq
z7!e<5ELjc1Ktu1EpVPgbhETkXw@Saw(CtNm(0brkwGugG>0QdqDkXa^)h>2rdigwF
z9u%qyu=8FD87R+}i?~8}3(KPS&SMWGVdz||X(zKZT;H?T5?7f`giZfhkgV9Dmp66w
zd};UrdwC)e8&3;l(^JjYTcAcCt}7qWk&^zj`8FcN;&Gq2a)6hoc0gqJ)Ga;0Lww<z
z%vC-%N&Kmho$qN7sgV)Sl+CCV=3{Sg%6v^War0Bma58e{wU*8XzfQ$qzWJ8KpxL_?
zKm#)#FMmR%FgI_nF-v7PQjmt~+;*F=jl8!c=$`-WjI@BECVsTqWI*Qrz9HXkw-=#=
z97qWclN!P0mU}Qt`cg6zFkW|o+Z%~s$H?g?8AmPIGD1*-_2ElS!11X5#ah}TjmnEy
z(?he=-h^{?FuW5ky`onLiyGRk_oiubApakwi2pDwUa{6If5edk$@!1j{d4h;<3nq4
z>%!_7YCmzbnq}AIZ-RYw<**p62peo-*puf!Uxm!6{I-JeUZNl#ZFvw%5Fut^lO3Xz
z#UbvG{dlHTb;>3P1HERoChI$b@Qowt25_nAp7pi0z%nP3e}5H+`t4$X+PvQe`in$8
z%b~Cr3oZQt2%3I4IGyBcHVEX~yVWF-gz9ZrK=<&){`IWx4Tp`Kr<JbtN!TN1gEE^&
zk$Y9cml&g2+TzsqRm?<fSH!ePyYJH?^ROC4<kt!GbZXxTF~#{Pzy(FBYC@BPCh?HJ
z@oI|ky9V&KqKdq#Bx$B_Xi3{W;gw$NF600(g6{UMUM#;~9n3L&5)#H&K+-k!&cu^i
zJQk$ulLwbZ(GA5v1mLg*)^Dcej-jY9XVANGoySmb#pH=5AHd_nyWcJ$o@Fd{Iqolk
z4HnInXv|GFzGa>`L&SZ-#lS14mJN6|6V}gML=Z&<>yJnvzgyYx7D<!?&W}hhYa#;N
zoTQx*my4j{a%<FQE{kq`_n{Qarif!1BH8i8hy9@RK-cc;wb@x67Mbnxl&T5&rRwwU
ztJ;ME;Xi=V-^<G>ix=O&^9Ip*+GECMgX%1V!e7Ffp7jGMWQOijp4bDVVwNQPdx0m`
zBVMZ{;V4np+eLR0PDlhqM|g{|3M1LB+Q3B`tW_ZSDZSi#Y^llBQB>QP3~m@7ZDX~u
z{kz=ZdNQwbxeds>2+rp{ysZ<0!@;!lQ9U%mTa<JFgDkKCqll=&bEdW8!08?Vl(rm3
z<7}PD3C!;Y3%5ESt02NGD?`DjO+cuptP7H32gZ&G;`s98-G!1T_(Nwdz%@`eLTh)=
zW`ryiTiLZSA^apE2sJ(d*os1jl1y26V(&)djW`_-2@v&r<b8ju)V97r4?(8Wx}DT4
zfF+gZTJgdSa<vNaegk*K!wJ&0dI!shhr-#G57z@C@cbm~>V=t{60hiGjBvQt3bltK
z!$Odyxf*#X?rZH;A)R!LIsSa&`SK+~RUE!!lws3b7>n~Y*?`&&E;-YQ+zYcC6Iyif
zg1qa~lEB@6bO9PP1_lIWa4ao4xGw(CArZl>@I|deagZ?$kGC{Z!6J#rldI|FOyzP_
zH(uRJs_Q2W35nxg1F>P=#hUNK#He7&xF>$~*jC}puI4I?vc$qCE$(VP|Hk%8gN0+K
zJ&gHy7FT7-feVf_v5=AO5Gw(*UxSS%ZT2~=F}62ElV6BNk5+lGx{(qWCG^X*o!{D!
zc8{Bb;`!97GD$!9#MJ3cscYXhc6IiTf8ICChEMQa!IyXr%izEdcth>OSYb;Y0uZqF
zuzo|XVIAezFL^`4^#Z#$*C}HKKkwDeTfEO`_!{zz8srDQ+o4N(@mgX7kjE?S7=#Ml
z`0|8L+!P_5;6d<-gIAv<5#K3#8u}stW?dXDa@BW*l9n`#+%i>it*CpZRHSKEQSgRH
zWc;Va4do_L=I2>z(h$=a8L9lH&M!zU#BQdyvn*(p;Nb~a1%honQ0AVM{HddfPnxp6
zZ+Y6>s+ezL3ZJhI3b6$xQZ`dXTW$bycf{Lg0sRL1c}N&U%2=@bpO&?>j%}l?wK^}I
z(L;Pz{mhH6ETzTVSME>9=LBw6+*r7784)-bf`b#(F7<COIJTWnkJj}E(oX}8Nls1n
zrMphO+gpOqpajt`*z%a?_o3k3KPjXYb8ja818_~luYNqhMsk=Q`dN|f@AcU}dfMsZ
z#kAgVK$Szq$dGmo$-W-ecv;-=vb}kKYrs3#0Ow-)s^NH)3m&lxDSdSU{jBh^ViFP(
zziTsL4G_8hNGU?+FA&Q3LOb%avA(-%Wc3VgjQ8CEaF()q*HMZSS#2T@g5Uf4q;Y|K
zxybRUTMRd9B+mt|s)ff<HD@UT5S33!R^hjhr5h9C3-go7f^WLC)#6(=IFjQ*QM>S`
zShBBLXrH)Rf8GNTg<irVtFk49N5wHz=3dvm@jLk!+)z1b@{_jl-`5*)!7>^2XT<vS
z?n6zMl?c$K05?z=h3<q0u0r;!01k=;afk$*AU|)n0Ky{Bsdq0NhAMD^i+zu;?I9Q9
z3rV2;=#;Vg3^)lU*$xA`kdW^Hv29k60U-DPZFAgu<{Jzdb6X09)5%TP+^%McLd^f!
zvgr!P9Vq_U_q|+kyFdn18?KW;^qc5zhZNx&F<?3<XrEXY4b>_FkpoPab`GD-X3%^B
zk{&76_9)yTrT>N%5YK5!K|>BNhv9dz4-n|e{a$&v1rD#0()n;+K()k%_vSljJ!1s`
zxT+CXm|QN6MKL<FTRC;TSu7rJ&q5}HDqpElJ|NwI`ZJ8fOeSh=Ksg|~@TFE-@M0Nn
z`w`IhKFAFK7L`PVFQIk-242}uBsq=SUh-%g#u~N3>g?@TW@zCTu%;VOMPLjxycW2_
zH$mi5I=s<0V(LxFLk-x0nDxDUw}22tE&eZR^D4-bcn2}qJ1!U-mTTJfSrtkUAqg1~
zyH^UkKUQyiSvZk-168@iwe@5`F^0y-;VJ^T-b$h=(DT8aDR9LicN~{CUd2D9i}j?v
ziv}_F+(1e$CN#rLABrsIHY|y3&|o$7?AaHNfHeG}KnVImFI71lmI^(IYW&pA2AKw)
z-D1Lbiuagt?&x>>hvXes5afGgRlx+9+OPD!)n2E#SH`$`446F%7X%VKu|zXRvT|J=
zys$@L56)h2b?By9JX_MmI??#<gU6zF%+X-f&Yg@!4B}c(ny1(X`R9)U$40;3?&ZrI
znc6*enqd3jZoQ$Hf?e`R)hGE-oN7iAZc1^pFfR5bardG1jVumUZSg?sQ{W<QC1KBP
zo*j8n6i*m}Yi*=H8g=+a9y8wa8>x5j_D`@8avKGf8z|y#t$5pSrDAf%8T%l*?$2j8
z=33*^`Q%oFRgJUT;(tpdbz=<A6qpl<3+M>=XL!Ie9{+euPNxHX(Bnl%oP9LU59ohA
z9Q<q3R)T&UA5B>&9_`jo`ym@sg~1Tg+Ca;C$S=Lbo$`3MwD|{PWr*j{Qv*+kCxUO&
z(RA>W?tYX&puiM;68ZMf2Rj%<cYwCf20~hC((p-*TXkUlIRTL30@D^1f)CDyA<i|w
z3>*?fF1H1hfa;+qvZdPOQWatdxxy5K{C^&S5+Trh_?nXR&+cqZ==8*}s;_9Bnq}Pf
z`+4G~f3mA$VGG70*o(o9Vh{I&cT6pQX~Rk#<cWY>RQ;!Z%6qemd45A(!XmB(7Wn(g
z5}lQ8i=rvvO4v>g3qYHepyUq3i^%IS-#6dkQ%_vqBj%WxmyTug1YLq3#YW1mYU)0_
zN31Z!BbfotxA=9EUE2!|_M0O0s(u?hQt{Wwg000As7<IeL3}3^!z*id)D^T{rijq9
zR01SOgmACMOg`boE6)tRLNS{KFt|86-=B(Ddp1lFNz-KFUVi1fKejXKfrBj$+}Lze
zjnfYlsUOy6a#~Qj$dcBe=rtI)Dt15aR(np%()bX6VaClfWJrQuL-9!4O~Ln+H+ymz
zvkAet%<%eh%^i9q<3cH@_C%ak;3l^+GF(#!N+<>s+Fg>t;zDTtN_3QuQ3v2KUl_o8
ziTeZ?0~H%i&k32o!Lymq$}RN}H#r55z5}IZEP*C<YbYH)wlXGw@4ilK_`}-}1bNRE
zhXiBa>$5ic{lMuIX&QLfV8CPzafeJoA%{B;MR3Z5e;>Zo4@hC<YXO)_%Kr^43F<fT
zRcOf6W14$pG0J2!W7PftmsE6t&p4%Ico{w!qk+M1$qlQMe}mTBM&X+91!ZX&=b##h
zKM0^v=)Pk?dmOdoC4RLPMm?gfdMbAUFV<EB$hFUu)Y_G$lJ>`LXiK%uNh<>c&$PHS
z%B7ieT~aD{Pwo+Dzpy^!mFYyt6}S+lo=6Ge(oam8aqM>XO<>8@zKNyL@?p1F?lX02
zwhIroEER&e$mjCnmgp3?9rLg2*05~uJbC_lZ*)YyKidqWRH)$nU>)p{&=iD1%=Ksc
z1Bi;0_jHYn!enSZ{BqbUZtpSyoXGs-80rfx(nLWWn{~W2KL)^|TubESOxs!47D-?1
zQTX06uM~K)k18npLZOG}3SP3$xSwcK(rH&Gz9Ot4Ovms?_XCIiF&vIEE@yYwiupn&
z%dyUp&(Dr5PhB^x@<ozcHj}>%^r@A~^ArRg^`8-QY=S(vDw4UfIHoikJbXzrNvZfo
z_C`JYxUX+6R5lQqNrljBJgf1hij|axYO24l2zw4{bW8e?xE<%h8{M66E1RUcP4*xs
zIgI|?GNZhe2_ogjq3?WW6~90ohP+*u#N~G0-sNeny4`>X<!5l*dqeTe8cMA~EnA$(
zA-7qDT{u0qp5w`q5svr9ytPDPqyEyoFqccwhF!hInrB2l<)ppyU9N!;VNgQ#+w3}u
zf|#u8;zR`m6pAn--Q~=d-Igm2#WbdoPk0u!%enZI+d~X<yR&B#td4CqS1UsL&C2zP
zOp-nL67}{bS*3He25^`pBY9l+(Nol86(hXT5Tc0Z$8-3VHbbzY@K<YaZ!CoJOuw=k
z%%5B;MAB0aURD#jnzUypFl_@o7sJedCpl;cS9s`e44<#mv@GwQa}Iq&C9*HB&I~Yg
zD5V!~$%?tkQn{5)g}2UQ^lZ|QKP_iT4zIk;9@?oM|MjJ3@BGf_jxbmpsYu40*?jv*
zm4k0<B(-v>GRO<!1)aT<RFnSE?X-r(2MPyojRNa}AA0qqBS1?8#(Ny}m~pD1$Apbv
zh8`^Z{}JrJKGIB(v)N&hG_Wst)ARaf+ia$`T*qjagU&-cc>}7%oDiQnl8K331F9^<
z43Rj<*t_d3VmI<iD0@`-Z;@(YS8`|q>X%HA`Z@TahVPH_kd3qIzU$9zHzq!OZKmJx
z0sD}x&U<PjEEi=f>W*K({rE9k+M??LF}u-YDOB$G(8RcXkj3t*TX?^x-_^draH9)2
zkV2X~>%^%kk$R+F0u>8dP2%aJzvpg21#AA0fynS~Agd~i1!b=JbXB<6Ccw0pUs}0~
zF}}WK{K3k5)*g@`TnPo%r+5hJ)>r`gu$W4EZRV&s|4icJ4N<?+8qgIN%ab0AH!>zn
zFNUuOY{vi=32{1P(1CH1yy=W;wa3_64y;XzHHMd)G4AQ^RAC$<3y=G~ooE2mm?hAO
zXew4fkNSa|ay}vD2M9Vb$CZtUyW|XiQ-G80tnJnd8vdg|CDfMi5t^hoC6s&MJ~4p>
zr`Q9KiDgVH!?iG~9d*m-VaySO0`O2p<7?2HVyj<|p^kNLpsd86Tu5Ol4gt_jKM$R>
z>0d+8>-@n$Ykj~K$PQ(^Lvh$Pk0K?xD`!ShygU6KaE_;V`&AXbP@#<0U?@@TM?R!4
zJr(J!FWlHLVexRNjWFk1I@%`W@s|1@qn=LRL!RwSXMQ4<*RQU6m&gTN?kV<88OjQX
zO5+QNYPmK`h()BV*Xa@MPc+a3VlIPipEV`z%>?p;R5Tn9Gqf5|&)t0c!ZfE>Ywkw@
z?ak=P#jh_W<kLg9duG&1q+S3?{Y~>J!EM^_{baF>Z$PAiWH+dqB%7gEmo0u5rlIvi
zuen;qD8rW?g|71)TIV0v6JwaWNhiO@4@w+zQCD1}acA8V7@bqj8Rtr{qwnsK-?e>f
zZ6PELz8gt(56l;xfMs>F63D5BQy|5{kS7vPh{w+uJn3<7-)u77C)$oHR%gvLl-{2h
zcv{}NJF%eFss8YE`$S3I*U1qz(Vp-vkl)96=3t8Cmt2!S($>ys<4jCH(LIF1>Vc)Z
zc<yj=?)b-$F)0F{>hCEO*xu-CZnjKqrAndQ`*rsw^8{0A91qvoHvyL$T%=S=P4jGp
z1!wIQTfN|)!tk5o<QO6vm&usf{82Z{t2TkiF49Yo8R&i@mupoV0_g@cFKg1EJ>y9V
z;oUp>k#TpA>ynjP3D6PWi>3zPocu<v+gzkbd3LaEPp+HE*YU|s!WC}=qU1)|LS_Kp
zAM7@iN*Ah-`{=w)%)0KWPX(!qlvW^Uk!sQo-E;m5#ZRF;*06tXXZ83~#4#&Uqx1Z~
zgor<6qs>BQ+zwluDa{TF`K^hzLct8l9ec;9^TL7j$GJ9l)C$eC&iQu3>oF|C?EQ)C
zG%2+niQfa4e<QWU86PARW4Q^$@5sr=urYW(*co*hlAqoARYZQg*BUV6RphJ@;8RM)
zPKox`6)xiQ5C1mW^liZ(@E=eSlRbvT_q=z{?yH^{fAy7%^Fps1)zO^Yld(~dLe4w>
z2$GH}fbkZC-vxYvZ_e!g7?7JKjA)to%IIHX@3Vb%UwJ$VVl<KowPjfwN&Zwab#O4e
zKeMNK_h}^zP+{&ECl7LxHjNEh*#24$D=wpTj2yC0xB$dL%?z)DhXhn&7?~l12hINo
zI&CM0IlRdty_=BtZrs~FiVGR9N<z(7?<zW^BuO0FY=Qxu+})iHbZ%Hj$iIQNWHB6+
zGqre?P5H<8<1&16w4YV-lkJicESwO8d`F^)4%=bejSDxqfM!H^HVqU8nSTBqkue|8
z^_{ZaJAM1l9xhRkvlEH?AhlyuD;s{VA)|`6di`gu0RA41`TIVKG|Ig>pv0a^h<G^s
zyweydC=_6_eq(%;%+vEim`@+EPpC)P;5hcq&W$~>Dp@0&0)Hl#;~xj_jlR3kj>~w+
zYq_#VgV6T4GY~ZuancosdZqqXs_z5r7-O_Y;W&@OaL~}w=K&Y;humm7eg1z)we0XW
zFBN33e5DN9o3ecIwMXiyy^5WzmFUM68A0;;4oI~W6kABYr@^5DH~1^(r*66&$iO?Q
zbKg-oUl-!#2f5XOu6_eXN+2hkHctfM7LG)Af<+f`-$BQXFM(dGSu#t2P*RJhCWAaY
zHPam~BA*Lsn=U?Xv7YdA%dnaVaTA9Z_G#+xlm^t&jStEF*2b&%_GY8iDG#dNcW<Qc
z){sP(@z0kj0WDQ3>8U%*z59Oun%Rqb#gA<U%|3h)q5QXnHG)rn99wj;`td(S5b*VF
zwz-5fay-R3v)(rSKpY9UG8@b2=$Ufz60f#8qgFcp!v~k|o@5weK9hT6TiJ`?J(3pe
z*Ya5Hwa=nfgc7~l9rpf@BIe7J<we#xij@GF3HT*7r155|HZ7i&6Bvm|ew7(d*v{66
zerZ!oy{?$#FPTC9jo1NTk48c_3YTWCbqnRV0a;?tXS!Dk%<`wW6mgS4RH~6VTv>?j
zOO1fxIQTMR`t9DtmlFUFp1;!AqaweMPJ6_@a?imh`CtqF0m&MK@GGuFbH}QdcoawZ
z%=dhC^MpUQ+#qDZUHvq9dpI_wJB%RWHx-oN8CD^M%)^!}(M+J}TO2wq(P+<9VK@|`
zoQTi6$)`g-MIN)irZ8sY%!u@(Zon>X8!3@kd!@|L%7WT{iR;wLlNyXWaH8agT}LhL
zBBHz-Q)xvaC#ddP{#wUp!(ZoXo#8OCkjAo4J}I0Wr<m~30MKr^`VaWA(t_B52@PR^
zob=GRSj2P|qpx<Bn<f9CE>y@634;wh>s&0~a{tKMWtTh$lSlZL8nF)!JQC#}A0aP_
zx{ipAx8#pAt&QkVUGRU6<&PRByW8kU;!dANLP8OcYMyJ!NKQ~!IGu92WPB@6M;e?P
zFzG#Y!<>yxT90SOB})L!t0gCstSnXh`ZCN$lSAo=Kbie71!qze2lCnx-)_`qemDLW
z3R2aKL8rOV;0yG$HY$)HB7qJN(4^yP^tH}jY?_3E$ZGcAI5|S)`^wf9RdM|E(C9`|
zNtlzzqWD$*Xm(2}_W;IP<t-9wB51R(@s2`|a6WwVAR<f^SWl8$WWb@KBr4QuIP*sf
zN5|FWy5#*GjG-n_a%(sh1N0SX=o;X30$B@TN;+X?&&n`e>z#}2w&-X&7_TCvO>b~N
z=yVOvJ8o!g6{->Uy~M<JYA!@msQeF~y(zeU*E8wmj;zpkhjQT$0Fw?_pJkL~ZTo(H
zd@Zh)gg6Fhv|NCC$!9FLQV?RZ1P(Zg4GtENbtAt>mR`jI|KKMrr+|Wv%4PvThPc9%
zQB23PgB8~Cfda0?)>Q-GkZGb0^lh7ls)-IO6V@u1X!A|McG|rFS(Z~wLXD)!bmC^#
zWwYUNJpF!|p!>yodo%3kj?dk~s#>4r0AEMWJmfj4;t4ojI7rVZ0If!@0?H6*Y?7m9
zArp&G3~>UTuXTk5zjbK$=?t_5s71e%DHR?2*%<)5&vPJYq$k(C7SaKtV^pbdNSA7@
zH?VY3NgM?a4`$2A+yNO5tJCS%_F7$`8z3=((q1qRrav>k0{z!tI~bt89E3~fRAvQn
z`yGel6Y$6F2-a$Y1cb8Dwd!2Lajg?td(sHF%Bc;S!OG#n@hX(H-eJ|QCxY1g*PDAR
zn>!=A@J{^kA8qYwC%%$9cI9%}CeXChXF$NCzWrFuv?7xMkjiI|oq@lH?!TblN@CG;
zhK>?Ew?*}(JyhsTd49G!5Iu_L43x`N`J<gXUGy$4q|e%Rn_d@Y%`Ifm@me#A)QwHA
ztNJv^iadyrV%=o_i+#ZuanWXA9bxIyw@t^-yBclw)|49LP}3#2OQFDdBzK;m+2O^T
z3=pimPqO<QmCWME6n(l)Bg&avqF#|YTyd}aU3qBWCso#ad|}*TlngAVi)oAfIU`1z
z7CvbU4GxmLIs3iY5OsD-aVS{#OmVyL_mlF}u5c)XS%3qykU1iivl!k{4pwA#Hdj^p
z^tO-X@~TF_+IS^U(%*^*6BFH|M%Ooyn&1ovrGdw!-;%dx-6i4ic50S5_NUGTIWnbK
z^<cpZrQ7l2R;3?;HJ%!b^~JQ7-DxiZwF<clro>f2ET@RY`+Mgx$*Jnk1oMs~%fg=v
zcy?o2;}XtxuQIPJeV3ANX1I{3!g|c^OFV5TH?4AL5w;qp!nTSR9OGG4gM_aPb5IB%
z@vhmT-;I%1T5?2_*Vx8uL@8M=)pv}@a?;>^D!;!lP^M|@gbuLEDTw=p_f}v?qo5n^
zh_my~d#bWeN1<U_+N7_X?HAX{J53`6l2iztZfb0vPk-T?L3mErfuxB6F0?%Lbmpeh
z&5O&0h&im`54;*5_`?;c1yXNHN&MVJZlPRyi3e3q&s;?oCrqgN<4E`Tm!w!CZLn*l
z<Dil*v?CNJ8%$tL??qgsn7RHlQUg&t0+8`pPIEq5=Wu)p*K(;@-?&R9nl)5AmVn@p
z`O?r~fRY&}z4oz1+bmEn4(U*xOXjkL_o1=Y1>{jm+3Z@=_g4o?rufsXKy*l9MbB*j
zH%I@Z17Ph1Jh#c*{_sO9o;(o|nHOE#_<F+K^(6IBK$=`w8(^Ti%2&XEYa2=Rj`WJ;
ztDs2NXK3P?X~VXfWOwZUSqVhrkb?eDMy^TY(GWVxHJ<988QC{!!JUjcPRNY4#)XvG
zjs$MgwSYsPn=>QkR&W_$`&1f5PJg-pZfX5Vc_8mev<Qj{MOP)`8P>iQ_-&~miOJvR
zNXEX}y;SI&^me=wMg!um02AsiplQzr7Oo~$gE#aI&{UL<FaQ+6fB`9v;s@T+y%L=r
zD?@_oYM{c0X+Dbqyp3}-8gN<(AY{LRywChT=w5I5E5ulE9%81nagtiBOqxE47XJM8
zsk{@9Ce$anNhp)=XX{-dyYP*G!8z*~8IM`SNNHskYTn0V!#}dL+89aP8Bp7QF_9zR
zXVUji`nsjh5r85Q+U$b`S5D*r*V-LPTmo+g8Ww~=&#)7`hVn*rZ||9<hz))LH8KSS
z0)ZEb7GrC7R>ZgIX^fMovHX`7fO;sTHBbuybnM-F10)+#eiZV%6vcbTLU^o#4f6bZ
zqW8uMc+;yt!fGkf1&LVZbEGt1Wz^#0xsjrop~;%Ce^`ek>5iHqk&y`7;m$|=#>8Z>
zmWtJ5{jKP}<WPT$Q`$~nidIfjC!#?kVo}7#J?cDKw?$v;1))Z>?V#^?c3XSp97#xN
zLG$NFqjD1bn6s~Y2}LkMX=9}umz((&mm~AiMbpzh`%J+{!2USz%fm0pV5_ZyD#d0^
z6Vc=Tkqk${>2mY-)oT*yGQ^$!u1vn0+CTa|vecv>#5Lq3pOb{I{;X7{1ba-G^ev_t
zzqIMInq5QQ>pwG#vik{XZ%G=&3TX%HiRM8Ut^y~fk{w@qYEcn=R|`UYnE?LbZy%cl
zc1qIqJ}VO3Ul*Dly58(&E8?IZvynw}wcuZ5nC4OkE)Wloh`+<U1Q7Jx_7hker`4#2
zo4fcehgq<x@EpwfmQsh?^CJxQJP9_<-D;q^crPEf<1;Ddo6v%ALd|UEFv8SWV+FFY
zrKkpKPgC+aY&r$GoVjMR7DSaW%rNXz+i$xRSY#Q8xc*wA=1!N#%Sc;BEQwKG&t8<l
za&4{USeTeBM*ZnAID-5`2`mloD?s!V$TcvqndJP8yd3w|-DUI8?FNtnvuDvpN-b8&
z{Q|KHv%)%|*mMLbI2^NpwmLrsw1m8Xo}%%8r>bl8)`lwSI-J8#ml<jco&bVVJ7iVA
zjX`^Xdx2bNOPsoMH)@}z6vMQlwlBBFW~!vs>#B^_7yQqr=|AB&J=q)Lm^q^@8$$_7
z_)Z!~)gAv83`3NzeUq;Fl0y@&>hlG4qv}{09pAKt9|=!C{ycrRQPev;(IprqS`s^>
z=_ZouqXKsGXMx~LNy*396T**TXCH>8wyj*oq@kj@V^NQ|+yb9(j+mM^g>#`!%JfG)
zW*2LBVYMRw&7ZeIQ3w5-3PCLkU`^Qpi3_42;d>yLMg6CD>r|bs5x2wPJHQen_2V?1
z(}=ZqMJ9pSU)%MFjT@kONZkZsYk&YMYBhkD$A+*1oYO!F_D7#e8pXrbfEptpE<pj&
z9heza9|Sp9V3FUC0#V`cKRYN}0K@gZ2Y|{L1LV{%+Z2R-pRbF)dGJtp$eSWros3wI
z@0pVbkM2)9Q1b!4*-r~%7dPf5%*4J9ki955zxu8=odo-##^e`(($UNqWDBadu+Y$>
z07)IIw*vSdrXURfRYL51+AwO7pjGGhH)s&@?Bb4$XiPwjJb0>5jHY>)_udr{1BNuh
zVGCw?Pr_lOv7@2M!*%np(Ik5D#`C$ddcWECY=sE%i{JeE_R4Ah@gG6UKQ}EK3mV)z
z(AoKsvaHRJS@#fNc>0;X1YvI#DCegy#~rYL|MHDbXE{&4#DOjLnv<r2q>&11kddR4
z9Fp?P#2+`+g-K1oMaB=U@=Q06%ungf2vY_vD$Q6dEgl$`K}-39bTUw`7zoNxSTi1B
z%75F>eEpe6`;aSg_1)c3WLHS*4Q=79ARBUqp3x(B8iIZtSECt||5(J*L%!_G+9GV!
zLM9e_-o<j$Lr9Uo{-mzmqZcE5Sb7v3v%v+qEC7^c3An~#hgML2tW|O07b8aT{4!L+
zZe=`;S>&Vg+b-DnJPAnv1C9ON6?h7TlfclRwr1r?lj;mx|4KBBZ2L=Gg8AH@|MO?w
zP;&N9HF1inv!+Tk>#XX!W11AGu;KxXd3|a_H_pjm#V|buBi3eRM<t@iHYd}G4KM4q
zm#?+IQ@(Jg+~MzysrV6fUlb!7_!<X3mNY#!BHD+ZgA;k3_rnk)3nxewS-asjc^|8-
zr$z<d5g75F|1!U|ggo+*%oqzB@j9yqxQ+i7k+nbgz-B04@pzrp;((UhWsk9CK|yWX
zG<DMZv_4_n@OQ*vi-{Wf{K~q7^Uv4N#QzQMn4mXq*nr_jK@j|~zh2NZEN+`RxiRQz
zOuwLIlPUkLTk}`3ZPne(H1a<h-{s&p4cA-PM{}duZy||Oe~Nf0Wa6@`Ie*mp+?&zq
z$bH)UUV>nOh4%Ef^hO7g#xY$`!a&CW;J`E79#GzaHw#6DcYudNqSB7)NWX{u$eA}t
zLeCrI3M`<CeluP{BG+u@sMU0k(TLp1XofHyqP6O12OLs%cV9$vgpCzp=<02EJCV3C
zCx;BDxmJ%Kgh?qGBy3nIi%{W220@b?Jnf;hc$kHt^Cu+%ciFgnYUal_79VbVzId;_
z>)mhlZ<Fx{X55+evo7|Y<IBJ;nYd=e(YK?pd?Z2w;qGk96IZ^cuX>o>f=!KouM!BT
zI*xaXPR?l6B$L_>Q%vpnMf!nuat_QZ>@=4+RVYWVObV58avRLDIkK-W_o+~mikr6;
zIL%KkVu=fSb7@SQ+ih&qHNz_X5~t^2QTp>P<+`;k%eq|EoCs-<(C1_^C#7gyIi=6w
z>7fzK<8W-$RntIC6|-iA3|&yX;6M{wI|(0&k0ku!X#GyfPtQWN1qYi-6O2CXkyi8h
z$K5cq;OYJpK0vB~Mtt2AjkP^fLm`N<-^b?mjM<tj#Og=5#VH+mtTEmC2gd*}Xz_~Q
z9>UW2Gg&KKm-M}^g18J{O8A9$PsgH*)*aIvEDExP4&T@6u_N_xa+qkwb?m}Upmc{&
zB!n!+bI8g}T~8Q6nw&HXV|9vj{`?3@X%t~jO*nZr`bRPUk<<MH46IiA0s%_hx3f&>
zoHj7Z8q!bvZitGPSF!4D6Fjw6Ij4cax#4LF+7&I9QEUULDB>xLgD@2<cRR#4J~Y7*
z#?(^vM}lFEQXzk<?nQdDY2#QP`-x%V7}P3$GH+A~CSvHZ^Cps~giB{{ZMQuO?(Pxx
z?p*mN?tLzZo(tZU!gkZZt^Sy73!ZBxSQ9J~R9n?}a;!|EN^Hc?H`GBd8s19ziUA&}
zco{){s7@$48Ez)_PpfPC%C-vs7#8{vAs$01UeTfD0C0Zt$6epw!p3Xf2A3<rS9W}x
z)FTp)P8)QOHh(lev>aq+f<N8lyoX@hyQ3z|m#a4J(wvd{5%b@g^Z_#qwmxI1GVi6^
zk&&Qzjfj3m6Q_m;nI>gjS-~%Xc}4L_+xHkN?i0@ze#wQM@poFF$)mugf!b&5C6fmd
zSaOv#7_=LWKc4G<Pa=!(DwDo<0?xdWAn`Pwhk#i*JvAUCCWJlj0FEKkcr5ci2I$F=
z6%-WwWqSeP7m6l7@=Ldg5K?sBC<NZ`V7j;>R#6K|pyQno?iglOZ{*TvAWusC?SGjW
zUXgv|7e%}$gW(CualBNq{RY`rJeK*}?>uukNsmqBI@&Yy%!4mu$TTXc5q`C<FQnH8
z_zwV0*i`;JpPAFY0<RTD(dE#QdqETc^fY*jq2V@7WzY}_2102TM?P=?;|3%FYJEgx
z5(MGEueP223|664KQYCj%+YFch+ZbRM9`{pND&@bQP^b3JHLWC3&(Z9rPCOiv80}=
zaw90O(yLPlS*`h@v<i0fnV%c2xi1aTF>|p!75f~sfP|8UIF`s_#4d{1;IvmjJuu}^
z7mbqLp3m}}K23-JWdqiJH&Um2;;>H2=@?rkg{Lwb_R4hJo*YLe{xOu)&g2|;$Ut=B
zUXJlm*E{Xlmv>^md8E<hXpr_V5P7V*+aB7Pbx6M^4od8E5mwwjuRJk+@i#AS|Iqy>
zMPou`!y_|iU}m-m$HHPZ9mn2yA`A>K0vL}U+PLg*cM(J%eT9~R#SP*25_nq2r?cDo
ztuoW@nwCeE;E@MzT>VVX-{gL?WYX<6*TmL%;F|BysZSj0;YOLnH?H_G?)zeGagdLW
z8+T0e(>~ezr=btzk4wrKvA`y?{pQzb<QJm}Kog}<vy+;`phkH5Kx~x%Y<Dsrft~v0
z!uC=?z08F!vTK6%Ji6_Yh6d-i{?<;7_DN3rkx(1j2U%W~h_@qC$4zhun>9NCWGP&P
z<3!IGG+*hIsLonka=%8|(&Rcul0H!o)zV5J;>Vm5QbDSt(w{=ZlVV7l72kFP5T=vm
zYQpc?^U_EOQn~Q+;4@Ry@@;k>bViBDt%Y(J#IDUJ%T1u_J4k#SPx#Wi|2W>rEN&Y)
zza1I7)_TCou$@hB-fu}*dC|l<s9rdT*2INwM1p{OdFQMmoWmx8=)EaGEETlY8^sOP
zBv*x`)UT520CSX6Y~(oFmE^sjau_s-D?K0jjnwm<!9bL6$T!q<2W$=bJ6;1y?83X?
z|M~E#a3H!Gf8JS!5Wdvz*YXNk`)9{Qzk&C%ssXgZ4QzC3<$h?^G8(U0B|z!RRPJ}r
zo82*AnG|k=KF76o7;Nido3=KH%o4nX5O@dU$Z7!683i&1uJRXFUX%G2oH1xRfc^{k
z9|x7Mp_l=v#D8QFc5Jr?%Yf)PKpOOibSa@^g8&@?fZ6ihW;uJ_t#Lt6bo?Sg)B#d~
z>1tfA4<%k(t&<15L95d6y)^R`W8wg8FGgdVy0)YI{V_?S!PH^Chs5?}!66hp@7o{5
z(jhRlrrS6gONVW55gUhlruxH=fgHLFa_|%=1Mvg89Wo|&TSwt&cu8o1pBfXRy@}u*
zJV^pfw|{1olK^D3=QkJ6h9$F%)Hd%{7`8IS&jAesBqj??KZ=Cr6aa4CmBnyKh1v|n
z+q77LWH1=-?QqNwma~A81o89D<X4d<W79@OvWp%of5=n#7;?rt7O6B(Utp8j@uPl*
zUq!)pGk{xr{|2x{I5AE+m6zY|Ho~D2=0<*s(9fxw7?X5zgYx4kUM-w3QR3ti>wLtS
z2@7%O)P9~(f8XxcRiwr|@hIv^r6d4oCb;o$o>)<~l6<+VJOlPwtmPKQHgflX=2_GA
z(E5q<9%C!h&A!-Zbz5U?KbB_ai)zG_hL=^QMAj`1>;k8?pGu~h%JhkU=3&~GV3Y@a
z`$2Clqz7yl8CR_I$NIe?4VrX`J^K7An=e1D5bgVl<T;WDzJZ0n@Z(1#h6=&TR&lYH
z-}kHs<uPjOVUU-?mNB5x+yE9U9rq~Mknk1R)cj_#M@!m5$lpfediYmk2A>}c=$~#c
z%>6O@y}iMvtYHX@GF`+`o88j!pM3EEJLCI|pMqzWNB49^zf?4?X5w*s?l}+`s}1Dj
zdF^gLtT|gwWuh0Wu}kq~#c^U?B9KcP4#&vz;l5bRN@lgBiU8>*{^XuF2|1L0Kbwa#
zA~G23+@{pY$*;-Lh;(1@*|e)}jvNKDM((&CH+^ep@6z2kA2&)=hb&9>lRUa<5jFuX
ziXA>X%+aVEkA6=)L?oRQ^Y+xa`jMsbXpx@V`3Wnf$vSm-B~00G)K>U$=I~%cDq+GP
z<1yhvKAcomAwRi`66E>=D>%tc{qK%4DEQ5CBJ)dlaHys=5`?qgqK_1YD+grIA469C
zZ>$^kDv=X8QbrPqzkqz%mEx^Td^qbRc8&s>%WQQ*S&q)bIJ@7byT)YfZUb^lP(M%|
z(#X0wnU651O;(X`FrgbU{`D_Z{Ez@#d?VnHhDB9^%N&(@oJ=?8@zGyeHGADhyHUjv
z`{L2_agwm#GL4cpv&Xxb&)a7<MA^me*3XHw735a_O;7r(uVR9v8bB|UFtsY0EY=EN
zHps+{0hp?~gUN&oYP;_U%GL*qYj`jVmpVIT`?Ff2@db(*Z?}e$LWPgCe-CLm7FNoc
z<!iI4FFC9{lTl||++Rkf&_|RxzR+(wx!w@|#&u~C#jfM?N8DD?)fp+xoF_ri2pKI-
zoWyR69(9cW2179_O8(pX8$6W6(VaGw5~XeooDb<RK#b-DS&KtabW{PdnY&adwJt6e
zi=ESgL@=BYtk7yR+of${o32$TGdjKS{bkX9_nOHKvEEkQLeZzV0N54|h5T`E#oPnf
zXFzgNptvJx8#Du`Y{mh{5w`sK{uMrT=Ta%U&bWed3k{B35Tx3XC1&9Z#6+XB4V3|Z
z)UL}7VL`6}5HXXYehW0QXE^`Jb*md!%$DPyTCpYgjYHxMR5m;?J*R~|{=%Vs4h59y
zpSd_==*PhZXt(M7U+?zuPvom8sLSg$A*L93$$(Y=1$tB}u4J6%Dd0<N|5k14qh!X}
zU>#Tqbsn;O!}D`HRJB~SuMg>;j<t)ioejlZ13xe<`HFP1%s~RH%Fn)Z_@xHR7hUW>
zfb@9W&Z{pRlx*4&pW@7Fcq1&V<b0p{91ybJQOfw9*X;uxK-q+k)wPCJdQ7m3E(@!E
z<(+vKcNT3p-m)kY21lT=GYogeNo1I-nCJ4V`-M?BML3q(rRbW4-vrPUN!xASc_{ud
zmw?Q;I*&Cg>UIo>AmAwuO1ia#5|PbA&wMfLiTz#(Btb}ELP$SJBo@ahyV5|OYj*YY
zev^ueO^o|KD9Z7hQF*4};gntrsqTA%z-m)6%@-NTgS1~Oq0gH=B#wWf*}o^TSHW^=
z;2SsFPp-W`*c!VAKd=EYG*v8NPr=K2pY*b5ESRG=2X}@`-#9DakDI2k{8{7VduXXj
zSTH1iNjNzFZ6tCd*bD>V?^T=0>w#9Z0#AgyQw-w-H-h={PVCdUK(EPD{+EHq$wm(p
zMAvs~Xsne41vGf$cNcoe#G+On#ZhaFS&LYIPlmiAUNfnk(B7(`sB<C$+DRe*qXP#1
zbRn4Y@okHSy(G(A%5n7eO$YOtpM6RRyKiXbNw8=ESLW^hcm{TKslwR4CwqZaom}QX
z0v`(|MBzm;Q^>F9D^$Td+Gb?G5;SF0%^KY#C8a!#=o>4jr^R~rlKW3YM|QQ2C;U%O
zC!fd%?x^(M1!;EM>Sr`u6DY2!OuRea;NNZ-+d5g3Yj>qp1G7SXDz#wW@3!Y;j3`rB
z`H@9oUEtsZA?5bfcx2tcv%=`Z{qGjf%0#x9jq%g(T|q%XyUiEw$@s|b&|{|nBpG7<
zd!W_+YdW$Fw%awMJaQ+$1&~ZN%0Uo#eo^YMgyXKUHMW&b4Da6HvEiWpLJ70)U6A^`
z6dKjP1IdubZ-znE5Bo>{aj^A=AMdUCN?ls)!FB%6$J*~vr;PNi6T8p~BoV~nc;^XB
zqv2ieU~DNjMWs~mOD|PO{Lrs)?9B*J2zdLm+sL>NUgmgEPpJ!vkr_aj)S2*^nVGXZ
z*FIXMYf20_hm_R&C3+_+B~3SwnyzA4Jj&*?U69mWKC^;RL?A!UWn|anx49p<DEg>Y
zJW@A5&lwy!o<t`c-Wk%(z}?HP^9XY4rafwAYKgcCz(Edu6yDnQzo`#Oaq@pG=Y?--
z%uZ`YaSs7MV^TJo89hfPxPTzHh1RMOpxqxSgT3H`{(dIeA)bhp7CNW2uiyvcnL1LP
zw-d7cfdENavcqE81&f-L6}vP*r~JeH;Yi@X99ssKr{Snt<Mih(;#tSk{0m^HFuy%r
z(^Z>~_zgf*3qTbd8efb}gGSBwX&@$#5tYO_S2peV+L<e^v{XJrBi_2NyY~l~MY|uu
zSqH+68W|zCo$+br?V;ZeU^F|NHpWbSi}IQSbPb%>{c=}a4vMXk!hx_u0Vk%Xw3nyu
z2ttiDH#ei+D3WOa$a9Rp+5u1qf3;I{P9QV1^kmT6SdSnxxr~on%wbkH(AdEu)C(R9
z%{$SPR25uWK88&cVlAa+DUT+TCAtxVi?~8$fRo#`-sE}h4qUH)uL`&t!5HGhf=FmC
zKSL8$D$z!Q`9nBI4O@d<wS=Jfyi`f!N2fi#3_A7N-f2yJC7$cNWt8q#S7KW|W<LWh
zWu30-1;YyPDBDP?%eDc9>iSR}QG-3I(7r?I*~*i#evb#SOJbo(B78}vUemWD=Q6cR
z-kaZk=~q<ECy^Hkd5r?Hb>G&@><qGqw%pvGS=3e_(>Uov%{U}>RdwLjSs1_<Js9pT
zWxAQR1j2s5LTtG;(8kz|Pf^WQWHKEv%OWD883v3Bm_oOu`fY+aM|Q#kV@`YSK2M3^
z94k0a>nGzUKKqBCPda3voxWV)N_tL4E`rj52I6;cY9x@PpuZnE7U&R5<Z?sKg6Tx^
zQy_F_7ATVZQJL^szd9i+kaGE$F6e8%+UhMa(gGMF)i6)P@mR=nic6ZV6VJZP`R!T^
z(AB)HD5+U?$?%Gd^F9Go_K2yw?O{^v057Cs0-@uK#uxDD`E;eym?(J!xC?uz9-e3Q
zBk=@crEzuKtjCLj-j=bc-2)w&)U)G&Nyv50ANQxhj5T^MA*6apzY}f9=APIwZNNoq
z2(jX7_ScH>U>nK*zJMGLbglN3jFf54C_L5*A@_Q|yiOQ`pKA>)(LR5TtN{KI?--lq
z^5C=U+1~VTdo<?j35FD0&UO@9S`A}&lzoGvUlwMVkRt~AJ?^-hmS}$Ov{u_2naKip
zpMFZ;nI$46sT;G1JfTCNqd}kt{j<!Hy{;>yz%0}ayh=%bR~VQb!3t<5=rPBjTdud8
z(P-39)8X6kpH-wHB4SJBhz;aE|LuauuB}r4WIipb;glFkF5)oer&4cBIk(GIUHIOo
z27sEUa87gZ18Xg+>eBWN_U0>vEr2yV$?Hvuemce5TTl&R(pCzlYWe4ff{!ppA;pi*
z>9eO*{pkMOb+|8uB~%<uHyk@=NS~E{qMW=K;U05X^eAlQdnVwyDjF!Nv`a;rslSNO
zSoq<NVx?<VQhV+2;ClagCm}+vI1<@;nEdH6sp+ymC?<6t(WE<%;oocQ;+4-8r3INN
zKev@XF9L@C_fsyBemfmrE+K0#ieOAHYGT~*9YLg{`jc>uo|0xIPEBQHC96kXyN4#U
z%G$S5Uy26f5G2?n4of0Ft-^&pb78AE>aMwOUwUzNfH3w6#ov>Abp?oc2a~F7+KbSY
zpxCopsn$3qA*H|1slPbbQO%#TVE@YyI*7FZRkq%0P3U0MgKNPc*Fwt|{-GI(_Xynw
zTh{d{f@>D-0GaT*9NG1FYL%{|D-^16jr03sB>VlrnV?oUZS$;x?R25x>n(l#c(;=Q
z>!Kb1%a!<lU+(oQzJUxO$a0R7f>xa%1R`~ZfT@|_Pf1733V1bAc+v*9k=bWKb5xFv
zK&{0zaCXdgUiNsfcmS$g+AjcF5T$0IzyA<$BFd^a1Hiw-q`a8_-3C68iBQ#aJx{~S
zYdT5kx)ILN{&WlLOtmoq_}<Nd1Wu2c^=d8GqbeNiGmDm|Ye4p2!}!wtaBK#&<-WZ^
zuzlEy(+PM0q!495u3+FpKD&C&cZ(hZ+py3WasF<2cK+9#1CI&7s`Pwcz3{z3i4$kZ
z8OWv&kLut*0_rPYr)f*lIp*0a-_4@_1r)`bU<II6^)N~p1wnSrpUKqBNw4n{&^}}V
z)PjZ+PdCF)@_V<|1S)4SchE!V7(Obh|96cLW5CwVax|lYiZ%N|Z$jC>{C>80Y1+RA
zeg2M*|JWKW(->H4c{Qb6VNtV43s20ra{T@=FP62)i6^2rlKA7_iw}WL`3;hGcfG6D
zTvzRMHGBO@j^swe9rM3ilL#sWlHoNJn|t?TcYl~jpDLx)iGkwJB}t=Lpy8Wb#zb*H
zRvFc8{i-<l(?Gv>XGif`E%Nw53i$5DuYMl{S+doK5zpu7Qvx^@ZRf2RNPZDr`2{!>
zf_Q~i$3^R&xn<WA!s?nSWep`X+yDw6<i>t2o4$`@!VYr=aY|^XK&auu?HPjLQejE+
zzGHZ^igIgU6f?EY!+I!#c~&?(;z5X|dBqSr_C1k+0B~avA)BLR`R86=OHS2(50_8g
za75zNs~U7p0ccy#z(1N#bv;ffrAGmNnOKa|k2zVGRnp+N-N7I;e_9p~YP$ahGmIn{
z$pePFbYGbcy_Ia`%Shul+Dwk`i?dC5gL=b}0y5=hmhX*QWK;FBdcvwcwIzA{or%Db
ziE@XmYx&kMg@n|Pqkara-T$1I_vyb&o`(R5G%!%itLiz5<jp3iV!!<Xf=+8^v$Qv_
zo&*i`iv~8$xc`jkn|Ht%sTi|0A4%b<X(yTPD*QQq^>KeL%EkFdb9t~__v39I$KL%<
zdUK0Mx5ktFL()O!5#*mA2_QtiG!_FxZNfTqX9jqF-g&Ry7fIO}+J%a=#yz5bHN5@5
zXDAkYy8VYf&7Zq=Uxg0cn82?soC0Ukvev%zf-`#8jko1m^zXnCNiTptU*jh_aSg|3
zE3eDR@m@_&I6L?K`M((qY;Dq7TCoQs;cjU;_v>|<ekkWhc}*7!W6h&^e}?ZAH3AUW
zf$aL6{^0}`qkR2*lx)n$uA^|IB{U$58vdryDUx^ZUj6-JNg{PumtX$5@|C7i-AAM@
zjVXs%9q4kw*SkcC6YRynBL2VI)FlQ+GU?*j-nX_uHy+P6wIrJUrDZDicaWrm;Wzt=
z-6mS`JCf^i*loAX&6Wy8y<1f{{+p!f4hVxfa)vBML)AD#iR!-K<fw;Wd~Ck?p(pEp
z3#6-KvG0+xWom(O^|r%YJ@EPJ_`!@-fKWhc9*e}5$Kf#k((Mx3r&d3bkDd1tz`pz!
z=4NXFzcQU#O3?5s@B;@+^TmjqJAoQ#!ee6R%^#mAHPVLpAIy0+ql6#-6gS`Rud%N;
z0?TEnF$fi%;L3GuCC&5M#Qovgo?-fn@%d(-t{OZ0qLnbuUUqc5J}|(LYv$fDe+xn;
z=I7<T1~NeX7lPU0;U0m_Lfsc9#K!dynj&E0iPleX{mlXhE`P843kX3yAFT%F7r!pQ
zrxmchtN>EH7f<GKG|bVzn+Zej$AGOu<0zyQ>_e!OHbhBRCs-xe5bR|ByObE{qe9}O
z)ZFBMH!lCY8S13Jo>8kFm-tUv%B`qZ8yij-4VJsKu_WOPLCLx~lkoN)oyFPz`y%TS
z{;Cb~h)0KC!)K!{1M-uwWP7G2GAT-DH!A(oMFr4ppx<b(0#vV}8Duk|!z@XTSBY#I
zfAzd+p;E{&pa%Jxn`|SQbFNG=@w$Y|XLI7T)dgE`#>9y61o$nQ@3yg_-2f|bgFw|J
zh4wNk_ip+rCuCbFeLW@CDG3$<ualJ%e{<P>K_R!d&SUM0Cy)re$ocSOmlnx?pXYut
z#GzXa1Y|MfdzAo6Ic&ce-HZ?T2gNnok{Z!i6T0Ym&X8>iF@J^=bm=jGQ5^NZW%R$7
z^8ft-)Bv3bt$mAARS9-u95@Aus4f8tIQ5R7uo*Yrht+w1U*w<`1X@ki?|`<y)cJ8R
z>EusRu|{<iJbz1|(zHtG8-^lraydFX>KJ=SKmB4lRJV^G^S20>H#7~n6X-vi8|>$O
zCpy%uR1Ht646$>UR%hh&hHJLF5*z60IQukGrZvTQ1$-6cLf|0wHah40+{VbPfOo9i
z$z2fx82q0h^IzI=4b!G*{_kz@-#hu=@elkRamY|&{q2#C!QayF;e47flK71N3?&JS
zZ2vk3<$?k~r2zlYKQHkjv{eXC3ABh3gV616`^s|E$BOY<YIN^pl63s;WIRMXg<R-$
zAHL47vC@0z)7h=4-Wv4>DjTc*C7KdWmxYoc5lB7_ih4r4W4Ze177e-`0b^Pgq2Ob*
z(HyRgGD-}HG(*X57E$bf&s1215PYmO^&~2R|2Lq((1_k(B6{CgXrdeS8dF_fuzGFh
z1DNEk|NY-x44YuON7MZ@2wqetHt>l}SL|wk^V7#V+|2!{e1$FvFwt#@?V@c9P{vqO
z4XBdTt2>P*uYh9`#nCMwptJ;1z7R%$?h~#>nVPbG>O!Cfs^h1jhIJQqbZX%sLVI@v
zur=3J=3RabLqZt2^PSOlE#`Z^-SC+4?_9E*knVVbfP$U%L%>|*C#?k@)rDU=9(Sj1
z>>R*W-H7L;(N=W}5JH(-HlBT|C0?lo-l^@+x(hY~bhslJ$1lKcrWz>C@te8&qt!6a
zHlvA|8fn=GL=0U63eLbl;3+m<a9nZkaJK+1(k8>}zIE&5O`pyG@7>L#_3rxNe16f!
ziOPN}|KFViZn`2Qh8FgI@3cqD`Dt<Nd|)=tf!CY%CMXn65SG4yX*;l4Qcy0tn%2nW
zP22w#ibMDR*m?`7DA)FTSP*p(kr_~s?odkU&Y`44rAtJlyE`PMm2Oa!ZibZZ6p`*6
zx;x~%M?L3v-f#U~E|+VZ!<l)W`?+H8eeEmBib**|uJ7CFa^ewKF8s3QJ<xJZp6sGF
z65!w8`34%7BOvBH9drOCm;c1rw3=bEeF%B#b4>EiQm~`>JkMAdY~3*L7d+OAvjp$C
zTY+aTm&7x0vTK}Zj@V5+yXRd^8<8rjWZ%s+T&>dbTBMBee*)3}HB|rH>;HQtA{XN`
zZpTpMLx&njG!b@c!b6;<!e!I07y_}GtDB-HCr0mw`>Vze<brQCCOjSRQ2rA70rzwx
z=MMc+_6_tO!-jX%(d$BBIq3hnklvn<mAjYZ_~ZYa|1RkF@=~^_sDD$>KZ%nB&G?uD
z22WFfe8$U<j*V3<GHvv^asP;Y${3s<zegGKl4jxp>QhnK^e2_(*&DxSj0f>I2?!UO
zTAk+X7I6Cu-C<cW=+$sT$qMPk$^^Q2dAw-+-_IR`Bzmy8<$eABA!HB4YDW3eGm70*
zGxP65K|zjb)JsJ!#T;v{bI~JqtY0M{St9>WZUi5Y;yQZuQ17*r_rqLhV##2OV$F|U
z)RuJzu)1D_&l4DAY=X3cy)V4iL5+&Te&@<#4>(PtlC7FB^&)|x{um3$Dppr%@9vf`
zS4^@^hFby^Pi9lP=)0R^z(=%6KMExeo)Xeo29O7#=G%CKru~W;j~c;~*>`guZVQVa
z6%kzK<Gumlytru^XGTv7O&{~wtw2+PE$uc&2U1+tvcJpD0NW~aDROtaxXsOq8HF+K
zaiN3n;>{Pk*lm<1nip<%<lfUj6xk%sSWuY(q<u7H*pf<pU^$yd*RvL&^085i<pMVV
z6GJu$TtqH(klecOe0T~li+>TCmoXw+lPM!#x-YtZC<*-uY1Q-*t|I}HRSv_KD;+*&
zu<v<Y_%cJ(|C~F}luc%?+=$s=W3C%Nn0MX{brw2~v#JKJ;(D1iMRWedDtxSj;QDmm
zK9us)Q_f-NxBw7~Y8KXjCP%sD%=AgNnFi=J7~hx!W1q_Kc7C{t(!d0WDNXx9T)!ch
z$3BgrT;o|y#c%lK6F9Od-UkO{Cv%x=_|>(qj{(W{e88iPcJo{-wq6CWg@AF?zx~@v
zlDb9Jl36e_Li$CpLa>Mh^t-ms+l4e}b^PuN<Nu!E+Zb!Vj!0Bb4GggIK7ZDewAg2~
zljZ;O*xV4kwyV?p0aufxEpw|-Jve>&J?V`nEo*QQuUiR+2d}hjMgKWQ6!e%@+qtUP
zHa13k9a(oW-YhGz8knR*v({vNX&VzHl%EUOnJP~NBkto+6BqI)RPasgLM!%>{e{ou
zmBky|#Cuh;m=NL<1JL?ig#K9UxI96dLpHiHkC(X;*RIFVn+fH|FVrO{1ifeR6&;;d
zpJa9^l{1RuB-orKeUVYX2?y3lsIS!_gRTMT?9}VL{%P%3U9hJE@+QklVug`G?OYbk
z-+Pwgg|`E04?@rWy#Slp(yhW|-fN<C{~m(>{^gA{1<T9e;JpkggwqQp7$I`rzIFfW
zM0iDSLWppiVaD0zshvGNANi)H9lw%Jn8ZX=jL}sw=Oh0Rix*tu1V@9Jm4X9^PZM=1
zD^JGX#~2D*gtLBCgk`-zcah@Nzd#+qxEG<yMMZ9%V(uk}F2}<h1km0iB4P|>rr)17
z!b_wC>xEAq9}W6_$j{5fpBMXlz>t5qMA_7IxHh{tg;VP4yUGLVP1L6r*@eA=#jJ~W
zt1#!AHP(u(2=WIMV4r!`pS=C-^5^IM8y6!8(eiZ-+Y~dgqD8=B)jTjDP~hqt<PJ)m
z5NO_KFoH08mw)3`W@e^^@GnM>3)D_-&S5p`l>8s(;R1Woe%}khCKK-MQww0uIt&0K
z0>p^wC~!a~7WSx}kw32j6{x@S&UD2>82>n^I_JYEof0`2PrDO+AB7<fK^B{^ZYL!e
zcAWLTH6E?1L%79Svr#g~MLeQq8>;Oz=XXDhcA}B1@(Ro`u*d@S#U=<e#b6;ujk^G;
z<PB$H%UbIj6JU5pU5~`&c*|T>%UYsj*-i^%EzFChm#~x-RA&~<{;{_*zHtl3z20^g
z82Tco9bp5FUyvsnsVJ{0D-v|PJ>OMfn#5MG@DCd409hO^2V<Jgnajl~xVOFo3kFM1
z`Cn7x<=aNsYurU+rO3*PpBa_|Lw9k?sea#~XCoL+lwnW~W(`Eq*&+TIdHv;F0p>vK
zKy~>O?t*0dZjpS$j}5OC#}ib?-sDvOUv(&gVG}AcRS!=xg}(`hh|D5WJ@1MZ;p1Y<
zc5`Kv-@tmlj^}m*SWzH=%hB|<$|*Y;=~pn&p+`E3+JQF?R(Un+`@YvUFCS{U%&~Zt
zOR$s47+m>ed>DjQ&2$J=&C2O*`gf%8NSz0S!m&oeL}3rMT~LdxK+#RtWnw)6oI76V
zk$}P^+;_?D8OQ@ynD;<m<%rMR-Gx8a+%H$6SE$Hk!92(}tZ8$_JJ-&8v{b>q8KSRR
zu0Wb#V80BLx&$@2waGc20uSYCD^+f&N_t5EnM=o%Tv`Xxr>)f;wB)5=$wy|MA92*x
z1yUG=h7dkF)sn6?e(bQJ=BVG&Om!wEyrO9E12|=E0^9~6cr@Cqz_&_s4xq>lu;8G=
z^KxAm0ct4aFSnOa5TN%{+y+^B+R{gfke3t@#KDGIhKBtKgb)r7gh7n<^f=1|omw7)
zZtbf`{tEy59maohaoSA?#>l%5HxKhYc3$u~BIFa<c%3F(b^N#!P1A-RsbnV>JVJkQ
z^c1SbG@lD^BkA%9@O5q+@4vWVfM6I^`L`^RhI^e)-1K$??pyRqVUt2_86jJqwyq(2
zt$fToOWo3)ebv+rwudX-!Ddq8rNd<g1BeClbj1z?GX(!5t<HwxkPZi&+5XKS?3%sQ
zdiXYd=@@zV#D|>Jx)33du=hTS?A5<M9ZOBBI2$bdGQMvqhw#S^l-F^#CB`_V|0Tc;
zy}EpTJxp^-&@0Pr^(U`XDA7{OtBYM-V6&1m%WNMsF6av8U?xCaxem9``VL(NSd^|q
z8=)c3E|JLvd=<5=6eMQe<H{<k+4GsJUxt;lsH$|zFSX*@O1HXU@=}ZcDof>Lj~m$c
zg&5W_tzuz!03c4GtsfJbZiafAKFAJ3^w0c)Umg-G$-uId(3zl6Dr=opxap6wcuwOV
zOi(MDI?F62@t0M9VA5pVI88*uQ)EvuSO8dk)%={9VkA4=L<^$??sfPjCy&=4d(1?&
z+2tpyJ$LQXI=0G2%b0LEJT$8xhbx1l396K|2u!Of_>K@g#Is}HH>NjH<7cko)^ReY
z6lS4~XVPAySZ}7=1KKgQa|}rLT59q_XXxXS=|SQNr<nb8o869pSiw{VWOMbI{(xfA
z=1IxGf=8l5#t4mNfH3)$*-(!1gXgifS_^M`;$Z#wTim9@J=*6@*B^4Jof{8iNHDzm
ztP8XyIL8YTpGbJ5bUz_Dz)a*Fc@ow{qtvt7V{xHkzh56tK3jN_=}{ux--mZ6y^?24
zU@K?Vh($<H<YF8c@#-hx?ihp=J-W|S5?&u?;k_R_+Z11?Wfgk+=cqRkNwIFkH>FQ!
zN4<`v?}}=G>R}1D=B2#u`VU?*w;fT(^jV+x5AKB9S4CAC<rlXR9f6XHzcdiX6Wpbm
z(LF(z1FI(scw@3m&hzc4?qpz<kGCzfE5Wp2^{grMx;rn}#J!o5TTn9PI5UNq@i;GY
zc%tyj-w;&WWiV<<H87Ai81v#LDv4$hp)r3}4vn=zK0+&~*h=5oQ0JoG>G&F-oJ&nx
z^ZRBjLoi}}D0XqD=2H_)WjKRHSYRFD$}hGCzx2luLSXo6`)}p*jdz~;7LB;+M*kc1
zaPb-jMAa#7#_=-lJQj5SQf@Iu1*sTeuzpK=-&>3(O|w;uMEUTcEQXHz;m~(j4_FvE
zS&9V7sB(Ow+|*FlZPyPANKJrjZY)OAf)LSjWZN%Du+`3e^DfCs%0PSg`6Yl~rU3l7
z<d|>J9W&?Pc3qT2!89XfwV>|IWF43X37A%1fsi**P_sp}^>ti?<`{+Ma?Mf%MpRzl
zBrvo#-xfX^)xWQ%<+7UDNBKOXBq(h6PU?}2z=$VEj(K1ukOlef^m3vl*?aoceX#P4
z=ofj&_0%k#>y0`bf@dqAxXeb2cD@_LYQF`02yu?fDbejEDNbBgagzz%F;CbQRF{4X
z8pbH+^fZZ7s^UV9Rg6Yj=oAwPv}*C|1qCZOAoOgOdYNlka$h<>(i0QZyt~WS(P~`3
z+eWNid%DsJ<NO8uk@W#SRE2d~4bp2hR>xDu{5N=Xaz(%ud<Ze+pjiX<hG-|bh}9Gn
zHQiPixB`eL5kb7Nih8Sd5%1O@*q65nzO@4tf*CQ|R2h-EC(?c+`i2&Z1^7DEFbx8w
z8M;KX*Wjy`rwF?8DY}E%JUesiIqG4-UF5Fa@xh?t1PTuy-5dnF%91;_fzIC1@}AXh
z%LF+$$4`Q9#-dX~zy#Ehy%GEF(OwMNDW+ZxD1pySHUTXAWPSi(+x$C6gERtL+|T+3
zRnKhJvcD1$Xt4A^PAWxbm)G9m2w7Q*Qo!Z#UlWA83195Ivj=^^ldm4rWL}KiHxBOi
zyG=$}iA$bn7jDsSgIZv&Z5yEHGOJv1wI~F(RZ^rvt(9xuZ(8>l%2OHsy@%x>QswI3
zbLd1CxseVp7!Y+5>6qlo*Ldm_Vfv2R_0PZC#9ULrA-W-KK2e5PWjCx!MI36X%QU+=
zEe2SL<+AhgSM9YHwVWlo73(;>7YW5R8vGK<T-w7{fbFX*z?}k?j!huPIFLI%QdE{4
zbMUs<P_pBR?AravTdX$OUFR+*Z@!UPdJVK(6;BVZSl5#hl$<UE31!y<ye{34A8reh
zynGbr94HtO+~7&}J^er$VuP%f*A*l_TK#%_MnHZm<?8FaSC}{Got-5PoDUwNmy1zU
zwhq$rvHuVixScsp?RAa$GKyKVlEKPV=k+DdwwY>b4Z^%qg;DbvKEp{<R9)C((}Yk0
z9j8V>04s_&IIN@x@QIGUP!zl$GvDM5!5-rBsnN9jHpDe<L_Oh*Oiq4`BRT;>j-_wb
zx5W>#A<$y2XIXe?lMlZpy+-Z%MPZkSvA4wZS)Xivo(B#=3sB>j4vUded_&ca_lb$1
zV^%oRu^anet`S(X)H)UO@3!D=RxX6u9!>(dLcxs3c3F-eJUyX8Hq<uL&d9O*s#>sN
zY3HV$Y5Ngvh10NzyGms4VjC6REH$H`otxjY6_vUO_`VBJmWlv!k5Lc@$*JYGuP$e<
z#z-9}VZ+_6Ne-|FE{e``owUSSaqbzcwb~7>@g*TQz);(*c~V&8qCEH1VyWs09GGJ(
zNsT31)~$vqCUA6u=O2e3{E<u%!A%O?q%3=r1h#;Z#9W<k*K2DYaGNN`i4ucjCZX^O
z*w-OCU|HvXI;OvWMigS~%~tWSKJH^qwq(}ih;?GsMaFOZ>DEE<uW$i%nxVe9=uva}
z#>dHIurT@AXy6GgRkEBc#rGwKAdzX%ICU#4h1(6SzBzE_>-YTB@3n9~P+Jz=H|+GQ
z(mj5htejJa`#hTj%~~jjT?B)moZcm@R#|@ajI5Bg3zt6wQAE0FYM1DeVX$yWH(qG+
z3vRy>2YD0h#WD~d*%L5g&9<%=7PX9Hm_huMHEah7-7Ys#dQDG0Fvg`*VGp(7hNQ3m
zN)1x9|J4{oo~vP4#RH~-1r;I!0=QouqO=P9{;&FL3R;87$WEX|a|0HDswxNX7;zXk
zrboJOfgZOaA2Hq)v>c=Dp#GIY>dr9$wRl*qoZ|JB@WY)(v>lVN++D|wzw*K;sJL-6
zc;Mavqz-X-XA-VWHzI={i3ysuy_iCkBLeG`CC%a#&O0v00EL?Xt%D`NGwmO_oME^M
zEK|M_j|=!-1fX&*P*Ebi??w{4XI^?<ozEZuHdVu?=TnJ8P|iK$RthLTQ-wQ$k74Pg
zm(*pfKD@rx2ZS)PrW&9=?ec5QymZQ7g=|+o7>ot@9M86M<%L91fb2AVic?b%l~RB6
znhzF>m5;Q*rUc&Q7cx&h!0xRlBZUQa25@R`Qq|J5uuwe}qe%s*NI`uFqkcd;{5Qd-
zmLT$WBrbD(5cZ$G8&$_@P)FSAZ$-xRVUacb#A#Y)Ir{a?)a+-(Up(R-6fFf-W;ER6
zJh#9rmtlxoH8j<eYQCi6`9@wFy3?<+o?%}85M7z}dzKQlCg8CcwL=WY<7qNVII#+_
zXj0gv{7lX8#(Jf~sV#F_Y~PZ5#JZsb0Dc=vIF3ou$n<c-ORd}wv`PJ+p9+lpTK$^Z
z#03BKu29kHsJ|yj8d<^He^?9*i|_l|)oEoY9^6vi9VIB#Z@sU2=i3UUfZXx{y-t{W
z8$F-l&M&E#5~(|O5ZBcClslK!Kn#<Q2eH`Sd&QeGT>LUq6!RoUjIrCfs?iMU+e!O!
zORH)A=6T?;0%nUV@s0U!B_$FL+aHC;+I8h|SRRcLJg0D?#$fj00`+SPtO|Iz_M=!`
zdM$BCyF}~NV0)`y?XRY=w6J~1eju^pe3Ptm7mCN*YV*RPAs~QT`r0hbR|B+>fA_&5
zW#B@9t<zdC-T3lb^kR~$kRNmtpnnalae_UH;p!LIm!lUsFv#Xk*x3sR5E0m$qYRIz
z*P4aWeK?wSwLA_&3QdmN%r$=^-GrIody~%#;&NXnwx~>>XgepT5^8w|$VO{(3Mv{;
zfdK+|glT@c$|ymLJ&0%(Sc)OX%>bVryvs9tP4!;CcSt)BacD_v3y{)1wMwstFz=2A
zIEA-hCscfNS>bk1Cx;Nc@I%V~3=8|OYUp1$Vv)=HRS?CT?B}XC<(gQxhi%+ezG#)m
zBmTZYqz*Pqh}{o%CU2)MEn1K}4J+@C$#0E6>b8jyIU<i=Hd8fF`-P`wKcuY9QQdV!
z^N26kEZ#^cMcr0@2UF2bh_X%7amxO(z!gEVMKd}Ze?}QVf}1iI@63_@q`^8waTRXD
z(|ZcqardK4p@qYCb`sm3C-=`#P%lrr_~Iw?1573NYa>#rDjLSL$b+`+ujeff?+#q$
zB&N6@jeSOZ&i!Z<2!DJKRDCq#=~=%{brVGS<T;Nowsd*Y#8eSC(625IJH-qn)LMl-
z%ikC6+m9KP8H5rKm0t0iC~MYf>(?wzlW&CAFKb>ktEe+gV+rgE^4NXA_H=#E$&ejy
z{0rcSH>n!gkkRHqvb04tzmU0bBP@93Cb8LUQx%zY3rt~_3o!olkJrH>+`w?G*DuH9
zNn13e#`<_Y2S&k4HnWfNT-MW@&`BkKPr9lIsz7nCidKA0-@`L(vle|aD(*dN@1?ix
z^@6ke0O+*wV4pLru$Y>ZAYpZcEY`->fSPK0shxPbd_-p*9?GnVu*(p&cwKZ~l$@X&
z9`vjM6e`7dV|rHr-9xpuij@#~-J*|m6h0e2vp?doQ901;E~8tjz%BE3*4llJP-eGt
zPLudNeL(l%ydRvZ?+N4xrGU%o2<6s+!7RVr-cQWBOA4Sb1{U<ltKIjx3v2oR2WNtl
zu_)-Bpf1~mk54wi3Mi&fDx8-k$`xyWq%=_P*VG~q?UZKtH>Uf<*AFW?AUxPvfQ92)
zbDq#nIhFK#!#NdcH{z3(#+uA5;HnUvYO1JwCaImhCTplzYpGOBW-y2e$$gzW!u`4Q
z;n=Aif`+ku_arH3<i2of4ofngw+1bgNn&*^iEtOiLo8>|Qq?(hWB8QamESDWS1HXN
zBp7uuMQ}8&2<`l&ah>b!?Bmy!R}1eRxkcvG;GEa|E~#FPDogz5At>4TiwP(-VSaN%
z*t?|DYrt(<sgacV#p9g7_FU3=0SpK3X{Uwf>~=s}S0F&P4T(==QR05x0L~u0!EhFK
z5SxwC)<i{NvQ5`Rhr=P&nuuB{Qv0ax_g}vO6~>?+IvJl`);^unchOr_(9%GpRpU8m
zoNGM276@co9NWn~Yja~2TRffE<f1Ag)c}Ug^vEk@xtWw@&KHJ##=Ycmx<o*5y8;z3
zqs|6wes+gqEO6>I`L1MJ5mU|rs~)ph3`_AH{~KgbXDo4<e}L0}2!h{Tl@+9D`krS*
zWbU`_gLLVFBUy*PkwC;8uOpSf+Br`XPw|^cV&!<QD|!!gC&row$s5t6Yx6lqY9lA7
zIa}?iva027%6siMY*sNW56T}soVdEmEG>M5Xx(o+$DavD7On|JV!DeFMCAP9;VxX?
zSvq`(&MPhwyA%?TA&ucy#r>i(r8imC;$3Roo3CWw670=pS}u8Zrz2?RzcuXZ+%I&E
zPJy!4on)Z)gK$~RHe~u*J5^GXY<vnAGC_3@bM`nmPQD$q)8{}^l$2%}t*jz5PDXZa
z74Hf(YNKFR!B!KJDx`UzSgdvvG113TIg5_$4Yw){>`U=DGv;T5*d}J_;HSV=T3MgT
zU`yNhAV4m^LNQ(XC_TwsbT|jFd_~TM9bxjyroxC^3O$?(#aE;~t@?wn-4z1(Q<nYK
z<XBaHrb5#oiaJ>Sc1Fwgt`2^~WkBGk)B|lXoK(9XG719DtC_KU{I4XdUSe{$0rag7
zbjI$Il~drc8?ed^wu-EyV4|7a1w7XzeUtQm#4`U!k9wn1KPyKv+!%JY|CjQiaKyCw
z_`$V*!zMPCNmfB*pMjS+Ia?N8p!*WEN!m0Bv(a79q$+18*bl3>yDf63<O2Yf&#f+G
zKMqtZtgHJD9O&@8edEbWYak-p%Of=85b6c`4>1o<fie2i7nz_keq#K&3cgea+B_52
zRP*WDs{Ha{4ZU*sLNH&aC|>dEmqdRgY*Jz@4Mz<~Xqxwx$3&v405QjZODO7{Y1x*O
zHjqaZyuwm&i2^6@_D7LO$cc^Z&QqeFr2`9Z$3oxLR}7vP;A=6hk1h0HzHXk0$E{4v
z=iMdCF`LgQ1n|Q!81c@WwR$oiFuLXRzB!k8`T$xEmTC=RPV7i?+bl|}#za)@a@WAB
zLP`0DS!#F0=wlW#{BM)#5v7(Xrf55iwQ5gh5xC+yFE&qS-4?WXY;G&G<sH5-3RJ__
z^hjUVCR$W?LJ7|*@GI5FOmg$J&L@**CBi+<9f}VD)9E;03DR)mA%QE5{zIk6LT}jj
zN)$OX*<zKNh<KUfgy9c4+5y>iG+au&4ShL~zPNKllzg>fn>s^S;09GnEzoC7VH4`P
zhYKF58D4jv0R2j`NGb5=N!K3#O=iO}e1xC;N6+&cJ3o~cIo><vF)301`vkxDy2ky`
zWiSnLvl_pe;fWEmhzi~iMMJ4pQpZo_rgQ~>t7z{F2ycN1AI#J44F=f9!RL(P*w_RR
zohjfo)t?Vq-?Ih6g8=0D@wTO5lC@-I>S~+u*W|ZgTWgjbCmaV}|123kmSuDo$vpsZ
z5!k*0nXV}Z6fZru&3=LH)A8X41aET|Z{BqPh0^9@?l6BS2AwRNGi3Y&Q)*bSNHX4c
zW}P;13gBr1$yE{6x-*caCwRVGqwdfdx-iKvRsTz=n#arnTfsuBXx<N-(~%0t%r^vh
zss^HL{1sOGJ3_G#ieNpUEy3fLE0AVr0Suoj;n@zg82?t~LXrllYNOM*_&q7H3og+0
z)4x9l0CiG;FiTV!sUnbU6ycT7?$=c`-XtCcTGKhPCduxMA5wM%?s#7Nfsk)s1yfUZ
zN($?LRb%OP_uff4eKu{|NTVn0!)HMRsR))5gL?{5<^b>J{tzsNOSzcJxQ`<N?V-p|
z;ZAgmKEfUsPR9;6H!0?+8wpuGf!&7f`J~r?R4w&~2Z~}8sgBdmTW{}#2Y~dB;BPM+
zD>bZ1j07Zh!&H$Uec69Sxc_n^&mLg-aAv+*mHJPVwu$(Cn<;MHqQjB@A<)$<`mwWI
zq=DZ%JsTc5#S_DHkmvZ|V^2>dd-6*?-H$_&YfjZi3kKglrJU?`ZL|}%*h5y&@cVV+
zxjruG^%${kJ?=#IztyZ$Kq;XY>CiAwOpLYguOfBdFek8vk|?^>|59ILYTVZ;@jWS&
z`FQ4ilIsyc>s<F{>C&3zty7|G^fTxEeIWcHM6b>*sO|!r+%{1DPL>m9rJ;EKln=xi
zVwot(f^T<ZoLbE!cHI>?NuN9>Fx|#x)wnfLB=M@fwHGOGpY+RCY569t%cn+b*1S(F
zEFVbrH-FqkR!Q50?FFvy&;>sD-Cu)?*pAvQOYask(J8c)-98e}5Z*5}Q6`>x(Hpa!
zE4+OC$vu2r=Bfw}#~Z@xygm<l>0(sp<os;W91R}r`&_c+Ujpubd*vC7och;MGnX-k
z|9!m`?p31`bn@P~#kQ(2Gc!1Kf5bm@z;Lciilf5lz0mox(@(^TLs`g7SnOf@C4GO=
zr-yaqf~v{pR|2&q1`F<mX1sf?-ECEWv)<E*-P#qj6PcJFtG7Qy4_d>r?9n^FTIVNz
zD8y#Tr|TX`S@fGaG+Q{-7@r`&BE5hWoN(E_6KRQM>D7H^vF>PY(akc*(9yM_s7t4v
zyxNxvst5&=fIu7^JKq>u3`Q0+Jm+m$RbA!21t8z^RQ{%>ni(p$|C&0es2ru@Vu^%x
zBs<Lq#j7L_?FG_St)78}gUJM<z5#$54lc#p_DE9wM?|mz{Z8uQz>|ajyI=I4r%W?7
z+zqkcJc#1_de8K#T;EsYZ~cbqB7HGTkYg%MU+jxsK`=bnqTm#UklB+=Af(^|+lV!a
zgCZ&i%7D5;6L4tF;seOzX|ATT4}k~%*W=#=L9767EbTB3q-D*wk)w*y^<v9UH}a~M
z6QVl~6=ML5Qalbry2a_~5-V+HxKrA^;(&Rxx(Jb>Jx-{|nSkGTbC(ux*BnScmGhsU
zN~Bo;lEqLvgI!$L5@^<(Yn~^qgvSXl3&W~GYH0VP(AM)?V*eDaw<;0bW&X>@@2I|=
zevENjzWnCly85M^V|>rfD_{Jm=!x6ioCvh`JTq+-bHWR>LZm>Ifzk8m_n(-K$<}gS
zK8ydOZP*KIXbBR&HIm>5<gqeF{A5Bhzt{yL7u62jge*PJ#u(NQ3#U&f{fJ83JDC?h
zgzwD?ebu)r<Sfi<d5Vm^wg1^aLAm_zse49&0aYtEnQp-ENz{MwMFDI0)((RF^9~V_
z1(T4DZ$14bPXWaBn_cXc`obAf>mqIjY1<Zp+Qw5lD=Hb_d3$kG#rYL-@!^Yn^Tgps
zjgQl;eZ_N;ynlYYv-GRAnZbM-s6m;@7?oi@l5nundghkc$7R`qE7?L$It|Cq;+<hg
zGeh>rW|@7;ctvl%za+b-U9uCH>G6=QGJIoH&zVvCyNGFo^JAY=3#vXPAtxm5diC2_
zx9#^EtTyQM$u42ob;psf@<l*QaeMUB=(y@-g}M6cK!EY5?Dt=4R<;mY{LCUf)o@<j
zFg`33Q_1~A;QNX>+fs_GC<D}a9g-egQ(qJqWlcpF+78Wol@rIN`7275RZYm8o|jUD
zm~JXs1Rejl8_o7_PkJ)M5&3U5ltts+A)fs-<{8)j0v(_`(LgW13M?~H%3Xj2O8gNG
zq&>&*p;fr-%)6KUIi6-#_C4J>y^}bk-#L^x8sl~C5u%%``)11F57wUx**Gv=8JX*v
zYC81_Ev{o<(~15{TTqqDwF>0ww&m^8?X~E?ozKevuNXv*xV*s!yjir5WNfs^Pwf8<
zEzSxevf<7`UZ?s(FY@iCFD{;_#k?26MK{3eDpQE?4ZUj^i$ckEqkzWLLz!h0?pE;9
z-So%jNY3n*>su6RTe#UKP#bRO{{4@+JCClb{1zTSz4Krcd5Iq&FO$9K6o%rneg9Bj
z)_6b>RM{?k{%s_rOK31>SWQF2gjzDhsukdi;W_xK9{+o>yh$jE7$Cvi9v8=mMwj(P
zFHSa5j2x*~q7>8TOCvM+fVvyX70HCBm0%o%*%-*s_Nof65+-NC&;z&EMheLTcXmFv
zE50ieKBPLOoz9KaQ_B4JyQ@>D@gL-+zm)j%iiDWRNFNp9%J}-*wAsOKp7H?x@gEu2
zE`Y|`1cdLZO(5Mq0+g(zqN(P8+7${@jDzu~!_RUuK4WxUN1N#`tc6{8W}e2}`=GEW
z;Ju4iSJ7Wjf(Lgsi`z$ZH3-nB2}cv+ycz%nrg;HHOYWLt+o$~7f1&ua9~k(Z$qt$7
z4?q2H--_$4rFo;9mW$K08<e|x-&_t$P%s_%Wd@qJ!m*pmHGltuMN+h_7YFFF)7Y8{
zM0w6pADf@Ql8lau8kJ?Ow;*@lbM`)zn|erx?l|p^l5{d#J<6<4Y~|QmGxfk_AVN$1
zMY4p%h#vZLP3$E^RQsx_3LXAEVW<yE!H!<bk)V$KNZTGAWqG7+)p&!;u#ZHw5^R4*
z$wgJaQAPiK4!nKn8sy*Wa51b<7L@lHlMNBAQCS2Uxd2UU8JeNC(ahE3;y{_K_0y-b
zeXd)jQYjBifR9nv2usJ78&z6)R)|zC%>vQhXY{GIrB0Dfx&J#JS!n3Kyw9@U5naoD
zg!*_CIFQ-PlttnFhBxsH=<%@cKE`h^a+F+vAj1K)HYyCx;7UyZ%3X6V&f)L%{@ret
zNO&dc2wwK$%MX1_68R*Ft$i}k9KK~4tK(L%Su~|GoF+POBK`EPq@hhhLt*`;-tqKR
z;FQ~hph{hlz)sy)-o(M{DhzF_B}u!|_@Q2fDRi=JAO96);-P8t1RIxORTb)#jeM5T
zH=V2u`lZCY*r+n|`&wdp`(Y7i7_Vw23VSxrztXmmkMWJVOK=Bms%zxz*)PB?9Rab4
z@8(u<JDCF*RJw(8MC9B4Kb2YpDf(F~3qOgn>=Gu&-P&09(;@ER^Y3-T=B1(e=SP}j
zPZ{lhXxJ{n9vL#jfD;qK{dDPp>t?T`*?fx(YHwQapvLRMxA=J9`7`5teKTM?%sQF<
zcVhk#gNf`yzcZ_VoI7`PZ&znQq;jP0a&Nd+ogL}iiFJ0nVq`7;&(ke|F3K=4D{`8#
zN3qd+C-DM#kCBn_BX`~Vh%!|#44(;#ObwbHpm`hv)vXC2ElPl*S<eA56^w8t<~`LH
z|2~?n5+cXdt(?<UKPLRKWkU!sX56>0yV|zYsOadVFn;O03xi-n-F*l;;|gyl62Bgh
zG>1X(^~y=22{*u}Uwz9`8kF(l&rfTW^s@TYI&64Y5doq2X^J0sq@q*xaUGSYCeefO
zRc;$c4H2MDRn{GEm&U}l!%5<H^9d$>@NAUJ2w!f%-J&1n3s6O*V%SlqZdxyp;d)O;
zP>Q2l-qh6q8`#a?VRIE}J5CJ&V=p5h*$GDJJ%@9Y869!XK(H7G!)qHYO^IeDLHPi1
zM=66$0e_B=f8qZ3%SIStR4NVxH#>6~RT&n1dA1cQ6RGCQb36R)KjV^2s8Ni}_?Ju4
zAZQ$1i70>Z+xx4~@v<o9xV4ukA|n%IuaT`!G0s?_&Ti;$+RRk)ch>SA0UCS?7>SjF
z^_6O%=E)atzv~@n`P^FcnPqT@$gK183ITQEeIU7Q?c+s~xXuUB`#hW6XZ%?+Y16Ha
z8oB|z6_C)J_kvA?Ccs{dy$S#H05l)fz1ZB7--q_W?kIjsu?N5djvi9OG4KsCnEis@
z6mWpsG3PaBK!>g#%c6~<iRX3`M&ke*h^Ij14;N5R#AIaz&_Xe4hw34x@&v%*V^K@Z
z5P(LQkR&#bdSv>;Rx3A7Hk5clrq=z3+ZdmyCeT;`gt2<8dL4+uO_ak?$L=%5?*Jo>
zCjIr1xX6pF|L9FkVnwXnhXD<^c*xF}BAi(c=BD*&W&Z>-n|EGhXG?879q)7SM6w3H
z$eW6{aP#lfekI_|>3c?tdN|X*Lnvn3-VOJN{G2M0ur&ptWY%0w_NgCN-&#22P2#ob
zBNR903fRIJ-0gwk#m<kL0NN@8i-X4f2y~3VlHVMP>EQ8w@C1(nVAw2H$HllWU}AoI
z0kqeKsH}qLK)E&Uv=F*kHmG2m0$Cja{N48G!TLyH+d2EIhHL8sp8~W2NUij_yd>1H
zb;@C)7i@K3XiJo=N_or;b(9=L=|BPDR|%9t`UB0%<C51Z!Mn!#fOPuhrE*TzhxqtX
z6tstzs!|eI^8din8-8HWbZI2W+z-D8qSt$^DDD5IH$_Z}A4WqtnZ1n3hD*U+`(*@d
zf6^bt1V*LMtV~d<O1_44L#%m2jv~hGkZaS(Fy7?{#DXq%Dz5$~!KqpbI08Ffc=nVo
zLWe(JB=cAU1gsbZW;j!|I0&>f27X`UWDca`*acz)ZKwJ1<zc|zAk8Bj5;=_L6H?g>
z-s7<f0jcf%p55uXhcA*}s;Ip6)kX0$W&qlxTwnXCJjQmo&gvo1(5?9YhbR7KF)5L&
z_z_aq^8bqdo?XXqvT74At!lh3aRtr4nV=N?=iScI*CH|JFo`+Ay1?P?H?S-LG~T#8
zf!sH|w{XbJz%EXil0jvm=`_*n^j_;T^_~hdpQxy6fFdYaZ3`Ut^8AYF@x#NY7YfDT
zv6*n5U${oL3c}ni0*#oup*JWZCOM)=zdej|Os=VV*B_KNPN<OZpe`2L31r5u3@fr~
zMMSrNhl?o?qa>k_EYP~V6sG|F5<Oq>8_t{;|4?TPR_J?KI<wdFw*K7KMPfAV1a`7w
z5Ce_p*cPfX{?--mL%a%-CAem9j7&9jKM!-|ddRc5_M2E+#6%O&9V#r0yX(xR#a60;
zQTAGc*(_2F^)zA=aWL4>l*;Qo60Hn)z&N7&xN)6~Y#GS&o!7_9O-HRU%zzc?onynE
zI6c&poL}0<huErK_ix9fJ_pCI(yA0FL{hMBb$4?fB<?JseBbk{*K!I_Z0L;8#g4e9
zp5J|~xN(Qgalb=2x5uwjLlmr`rM=iHDK=qIHXzxjfH1BAj)etewdj&BjE%EVs`)<6
z*)aYsBOR;2v~%E!%2|tL0jPF8*qLJTfhoxGj_HxHnijnDZ<9DpW7fHSc0g6aixYZa
z8Ok{f=?2bH-+|=sEoxSH|4TqJ|7O{X@nU+WU0`;Y+%E3xChmWy7~IYN=)-7gvI7L@
z8at=mkG1JJHYck}*Ihvj)mE9g)n*2Q0oUsmNaABXAM?sN{{kU1xo9XfjD+`xGrAT~
zZEF#ZGNNva$TBLxe{)(UQEr}h{(P>}i}6np<K0C0j03%{iID9O{-0;=cUAIlh4KLg
zA$z}G<;2Dl&8Gkv1d%%PxijNOOwlnAQAh#<2m%=M<>ITm#49xfrYN0i4t~gPf~vt0
zy`oYO#O-|4uwWnGI#Uf8@|iTQ#ZLj0Gz;7ctT|0?FpoEgu}<%<02&$8g!4uZd%xZE
zCDe~{*>pHBexIuXB(n*if-ngDF&|{(ySH=!05wC@HdYi3>6{}T6<UeoP0>^bqSg#h
zC<-B;^pCuIwGAfd%M^t#e`4O;wE{4hBsr9biiU>ianNG~0P%|2$y|HDi0wk#T}3yP
zY*qmFTzD14bX%SKu+wh<^_6^};cFeZMCP(WX-GfM3wK7QxE7#BAX&m0NzVO@?7)=3
zaJu*{f|OX^eUy9&=xEeM8>EDM)5<#4z5#7b-#JfH6A;EvkI9ibVGFFJz1si{hCKqb
z{+9j`FxN2QUrseZj-HhE<gNciCM$iaTZuc^2#o+j-Eq{g8RWq>_(Zo6G>>vo3O}ld
z6o7c)YG)!pldNJIk!2cwCi$Dep9N!-;YUB&nAGL$stnHg-@EtkZ3KULAK*1C$4+e8
z;tI(uiQah|@U_}aI&cb_O{rD06r-6mQbQds@I%M*(w-i^@7{1d`D*Tg&K?RZMh4yO
zxAmQnnDwWxM#%`wsS)BvQbw;^90D<51C$KsE1$wQfCdW;l$;!F?yTZDP;qG5_Hrh_
zx~pgp8HJuw-U*?D+dE}6n^Ndpxe)<w2af=^dYHUj(%0_56Q~dDeJVg5%BMuN)CZ;x
zKq1qub)P=j?!&(SF@Wh42_F5xcNZ%Pa=)NJ)BxeYCg_Ux<XI0-!JQrjzT-&*f-T{w
zIWzsBK-Ncee&k}Ja39D?7P+Ex*{yw`oZ-w%tfR<*e_k=C+yKVt0Qh{;Lon5lI}1YQ
zW*fFp**j_Iv{NKpAp0L(dX=b%V{O%wyCq_OAB`C32~yXAG8=^s=3pwc{`b;?Njy@Q
z|4ia_Vy=wGCx!OC48PWtvljg_yA=aMp3v)S$laoH`T=|aR`FW<2DDo|1H|dtj$;M{
z;vKPa4SrrYtd^+W3ecH9_#C&)q)4oNvBHC6zX1w!!k!#PhR!L_4JeldNE<|)A1v0R
zznyo7UZ7Kn?8*3-L<<w3Cao(CFA4Isaowu=y6+XpEsXnG2=3|IpK0#t2DY;+^o)Fx
z!lCcl&k$E-IPrTB9#KgncE=J3gAtu{i9G$T2PofIg^0ik!KR^k^__<6ICk^xPxRX=
zZGt=~(cu@j^l^Lc3SU^!e@2yRlTWU&!aYVsX7uD|3agfh==oYqUvV6+4z@f0YK}pv
z*)XB7g*o{MUy8>G(DgazZ4h4_UW?V9D&6gW@1!j^6ksGcjuPT{FJe^6WS>;fJL@FF
zylF5v{62UM==}{;S(>Opn>Jnax}KBlvj23ZA~(>h1q;2z|4v9yMZ|zaV+?!v4)T-D
zdv)-uVR<V+m?xqhz9`W!lvhOnc^+RR>FY|A;<k7k#gT#eXM?6Muno#1RJp9RqUCGm
z<SV{YvDd{|!#4d<=Odkb9#F~Z2}V)F8IyJ#RO8{=z#!i$WzNk*Y>rA=mcs+Gz4JXl
zKIsZj$eVx)sQ?2nO_)17UQ)^6<aeNWg}U)fAp$0~*|6y7XlDB`zMVD#`9P#}(8fFu
zq89w0B-Q3X4k9E&I|YL}!FZ%pv+qI`18?s_13UWZ#c)2RT2+)S_&GD?75Vhf3&G@`
zAAy2Pnjr=bmuc#r1u9aaU$feg2jK2kD_){-OYb$j*=bcvqL-<uPx;Uj#1bHXV?~53
zXoCa*BuE_dq31nPadouY_f)@<>Hc5TgpUfKo21_T=WlJ7js#RUI?mCQZ~ZywCP`ie
z>YQO}*nuMVF)6gV-cpgU`Y^SqpT<C=NrCnN%;j?<gL+*pf{(AKKgcLV6`>0Jn{PHJ
zDjZXGpuNd}U%Ox8N~wF0Mvx>Co;mR)#ptQ>EuACiQYb{M$piG3ecd{!mIl~mIAl}+
zRpnsauQOAEVS*==I>?+v=%~btM>QRQ6+GtccXzs4pZ->ZH>`A%lF}Zq%7%S!`%V`L
zCD$b%$avJ^oh?{vLh3c^J=|mI`@*Y@KbFuZS^3~$oC!ox!hBSJQweO;4Ko&Sx2IIk
z+|e~E3WWHh@BO_D2{dUnwLL4Kn`UK~`**Gxbq$~KqEDu%x<#l|*^KpMw$7UUc&YvS
z^-7GjGnb`K6XWiW-whEEBL#z}xWxoMnUyEm)ra$;cl+&pHG2bm1F>!n_}=0Ns~K=*
zqo6L%h1Qp6hwQaKlffvnLJz^=z1S=>b5e0PNuCA3flfQuP8g=T-+`f$+m;zAk5!sG
zFmh*MVotXoq-8acjb$Bj7GQskqjSzuy^`_RjMV^Qe~zm5L38xVcXX2swlm;R<}Pr6
zlK%~Z?GKuOf1E-TQjZJig&FoG87K2Q7Cf6qHiC&#8MRj@zq>Y(Bh1C7YNaFBOd``*
z5xHjFn$TR%e`|&o44=$lEp>BwvsYW>+81kDTNClce%0~a57Hm~0bLl_(5oHr$Gi;l
zYwX=!bw)M~u|Gfh1E*)*N3XJ)>bOB{asxq>Esy?V#{lkH4jd7{X7aZ$rD`8fuL3vf
z@{_rw38@DEky?~|7-+!f;30v{z`wzT{-UWyC&O3T8YEyzHFfwKP4n_-5D+5@oP4|e
z;DJ*p5_jv{u?}kCM)I-XM$^JPC<V>l-NHendYpBFSL>seUA7$#LZf7^AglbK`kerR
z#?7BE6w9f@c$&ia))<a$Pv!#nm1f>E7OafohCNUs7xpbl<}iM4M6VYHLjwEkTroAh
z+S@TPG1YE?k9LpRg(yGBOgE=YV0xH?A#R0Q=U&c{Q7|a7g;R4BR}TixF~g0;{~r~W
z7`jIAZKaov;$$Z|vITd$caK=HBs_|<5c0d0<We(xdFI49KXl|ryXWzRPn*&n)qYr#
zZ-<dB>cO6*Jdc)FX3<d;+WNZYDs&{pg_@ibaY45~r7OpPuC`0@{&{R|!o5@~Y%JyW
zrZQ$zq$?x{vFE!O3(cI8&VgcpJ%?Vy3G{RR6j-d5AY~XHyi_o!9u|M#@I!_kCEL_P
zWfT-qegyL5*tlt-IS^4h9+jksYgAgLpSN^RzfClMi&AibH(PJTT@3+*0bGKKq!DiT
zn+rIez4e`4-HgQ%6<~CKL4s_bxL1gU<KsJkQmy6zX|2K=X|meeRB5ietpxeN?*#$$
zq`ne(<q~Ro!v?TkN*nzY0n}U~pI)uIWyRG&bg3se$u(0#?q?^>_l02MWOm<06-0u*
z3f0cfk-{tktY|SFHwlh^RYVP@`|SljItIy>zK8nWHjqOi&(<W~Pt#elr@sS+l5a-H
zQZOF|8(9K<l0pM7V9Duy^1cWD2ItbAVpMvp{Hl1`5ygv%Hnl^C_Nn=A41LCpVQ1VI
z=Q`j7#>HO7FwSnagHC!3rJSgEzy*XbPs<;Jh6$xuo$`5}dHZu`OVa}^rB2*no`F{O
zX$HZC5cbJL*&QE?f4l&4I=g-@S)bvS6KJAz@hEL}sR_P5p!tvn<$YR(8$dAb!1QtK
z6!>zC=>?E3PrnRX))N5HmE(Ast6lvijc?b^T(dR;C_cu&Y0I62$>9Zu0*~au>YNus
z1IGppUT9mJ%WFSX$Jll~O22!6QPOcBq<Ew$(FHX8hf(qN&;RFi?uCi$T?OqIFtVuu
zV3QF8Dm?_R)EtJRv~v|?(sAQja!xa-!In)RL$!a+g`t@@mgI4^dIWMH@ieAPZz6XE
z@PcUwY8&+g*yje&nsNwKxP!Ic3OmP5SgfN@+DR6MpMWRCgWjbXYucaKLT#?~P1884
z=^6%*%<cB<*fMY#Y7h{1*}c;dHGS-gZBNR&PZk&sow#IcMd#neaq=T@o=k$O(*l?|
zyt%O*TqeOY26QRxc^~%jR&hO!QLAd?plB|1*4v@JWtlywneE}mn`DPjIX3#8YjI3K
z@ePs|{dgj1)bRK%s#m|DCZfgwUA|QbfaOMueC$XA4pOIC?*d_z>SY7mXX}N)Q50~^
zLX0kIwhlbK)iyw!DEcjsdj4h-pj2yhI1mUS^>2krM~H}a-AR1>(xYTk3>u8ya#*C`
z-(y4pFk%KG9JfZ<NZyYZR1bo=Y6oObyiwZeZ$Z^yyx?mY-jkm#L3rk%Re89tyi9{7
z#8ijMq9}VYUkQtEhbk4)ZB$UqbZ9ya#5*!L=mx`?J*dk3mksvKjddUDJ#uQsZ+xZg
zEOvnSIZW^VmXb~V^^;>Do+>**=Lm@_&DSWmkx<X`0NHbj>apeCFVIF6BzX>Ut6#2$
z4Q_e<+9y9gvX*Bm`D&WFk0W>xff`;?DC(%Ys)Me5{_=r98aVEZFh3u>i!Ow(Y+T`b
zyhX@)3EINS3Zx}qAw$-b=G<r+W-8puG=ImZKf}Euv=Hf1RZQuw4>K4Xo$RFbU|mQR
z!JZmU=UXbbhXYtp%w-d*&rDP-xYHv$1q6zatvUeA?L0OWobG-F7OFHa0Byc~y78`u
z)VxHWlUP~+&tr8lv-WVsysvejd-LGFfY<svJysT*B`BXjN~9eFnbX<S4&IYl@ZCwa
zN|l~Je+{6p>}1bhrxr|O^t8Fe;T}QbaE^99>uUHnClQ+B<z@}&yl4}VE)Zc_%<PAb
zv?j3XcXorVSWX<U;qUW^C)_aXy#=Ic$=SlDu`cTA`GGe}CJ`LA%KK2t1-*JkzF+!p
z2nPSQ7bJpWTnwH;4=DClK_kB}?Vp7?het(--~Q+$E;Hig7cBvtU=+Y9yXw6SP}@7r
zGADauCNm?ky^0%4y#q!~(`NMe%O)AqW)tzfXDgODLauZ{7@<-7SiVerxOL6-_C32V
z4^<F2kP~2F!U%4hLH8Sea!a;$0**oJ?w>cOe}2)%w{)KmwSFKqlX8U2Ig^P?N`N-1
z4BcHS#6s7Q&c#|YVaG#{l&I-=OUId$_Xkw>#`}Jl(QvCWuBQE4?G}<f87;6S(5JE6
zXH3q?kRM=brRoNu!_m^Uv00+SRFGS;m8!nFdHwQnj~gW@)D5DQH^5YzW5#P|_dDBe
z_K|AW=L4jndAY448AY8^TDwa3ahI|~Hl6TM_7_m^4P0;$x#!0WH1f)gS?;fQ<j(wg
zUU;91$SM)y$icv6G>s`T^06ua=_6f=Z8~leByh$%%OLozO`p-c*#zz>dYTqh1`J*~
z5l==N7bZ~?DJ@R5Lr=8_p1~kiAgq#}gG${T1=dg!X2n9k1g1dT&%o)gv4ZNnY@H~t
z)$Y<vuDx*%QYDY2x6YeDX)I#QPmP-KzGgefqVO{(JO{8e6ajFJO0ESgA)wxJu#7Kh
zXrK7v#4-UAO|oM>XfX#41D-u_-6)ni`NA5k2%=pbs!+9vGy%92qL*u;=bJ>=M23?K
zHPa2tO)4ERCdt=N)<K10&ozKdb{Ov*)^^l(4Ab?^djR%*?Xv`qpa_dbXV!hfS5ne<
zeC1Hd8Ow6+hOrRN!WqC$DkI42v~{`j^n8(GEh-0StnX{5CIojP+DOtY4-%pH)9*-v
zt!v|ZGM?-=(4Soaf!!FWwhU16{Q#JE(>?!DN%ykgk>5hVUc9qFqmL3VM^B50obX!k
zXt>y>X_kAzr!)7(4+^H@#gSTj$DbEJVNJIfOg}v-VT4IdUO=4?P!)6%Qq@D;6{r(W
z4ghEyTXQg<V4p6SVXy;6;jVotYUCO%5s~x3-oKwxOQ}E_1b<g1uL(h0#hR175b&lA
zPVOPay`&YmV;PNy@a0Y?#5-%znyV>8jXu_fNF1E|AVuM|Lc3hTOrAjGc`W$45AVp2
z3yi+<5;XY<9K7?h?c3+}b(V1=I_uV)cbi!uH<<JL*29du|FM=Sr2^pnkf4R;Y3Pr{
zJvSVPLGuh0Kb^O42JPzDXS>J{InhQ<?`avw9}@qZ68P(AP=>x$I`qp<)U5E7@Y793
zbxPhBv}st<zrvE46oLLs9JBc4;cTQR&rr=)b@yex)=)|3UaEB);j(xmUH8ZEcCgxh
zVfeX4{iOr{oG%{On`lax$CwO6kN7x_iQ(=&HxktYXnn9ub%Jy<4!KIW;6_@*;V2;>
z>UY{KWJRZ9*8e5xp9-4c8hYbi4j{xs^)EpOC%!s~OF`kaI$oZOccKM=deqnj{g0pz
zwcB;)T1J{pkyLVg$CI|^z^!nAX^ty{yJ>dMpYb(0hEO}HV^S!&@br>sh+WT<b{-hi
ze(ut8XSR_gsRiV<WS-l_#O74P`<Rs9fw$#s?R6?dHENJ;DlkQjL9E9P)VMs61g~?i
z&g-wR2-sm*d;V-bbY`#TfLq07As*rB*(sdKZnJ!(T0)@3W7Gu<msD{l0;JZOAOl~L
zd&=%3-X}_*Y5;<1Io<A};-kJ`-K2iy0%nv#cJczVAeq5w!Q4v41WyKU5NOR}$dDM$
zK`BX%0qPz`xP)5H36N6j9=8r`xU26XZO<<7wwQFra1s*m&!su>o5hSdz;t!<;T48#
z^7Nm4*KKh)z;@W7i^PGYDnk0Us*q&#1^ewMEn$EN{DC<)8o*Ae!0QhQ!5}|^sZmbz
zEk(W1awRbgDOvzjij^}=XxeSRS5N&e8#iX_oVhJw>_t-nh|`mx@uK1m3mhyG?4!|W
zv!pI*R_TJ{`S7;5sOq|xC-w(6j(#O=`tbc$TMVyH8b<<@SO`>xVb|UD>!_Oa`=B=y
z*h08xvH@+~?{_yHXTVoF)V7EB0hNN_>Eg$!Bua8yT<<T6QHCkbXrvQS?`UV}F(MCw
zPTMQn>scYQ(x0Tl9rQ)X&QK5>QShnL^5;;1Zm6SdLI5^qXFsUe$9`)C&*8~T(YtM?
zkXJXP>S}1(lK3oYHo54dmTGRkSWDAh=Dsvg*wbE`!`Og^Qw6r*FAL9Ln`K~&VOpoS
zk+i#BTZ+CN1jxSI#vEAntX1~)1Q*6-Hw+H*%=82k$=ym)1#ZxHzcc-CrT#KSAh+*d
zK}w)VCIsV{Alp*pk#aCwyz6OL`PVfU)?oHU13rPDU`@*aFxH&Yxp%bgPz!eg2eLBO
z6|1=4et=%57F8{hj=V${(h*tClp7ZLJ+?|w0V$Hsuy3Cv`Y2FFx1^y-b|gjj*E2+f
z5(=@{wF~MqqX=%huFI0IN%fg>gSM&kYl=&kGt~m~(3Uqn7d`^IPU+7Jkgche5{7q9
zh5&Tc?J|9k!QLVp=u~^m*uoPS1f`w=!w?q5u*Q3qI#ey`<^qkB44;xgZ(^2R@oM)(
zG9HLACdyq82Bi2kcX|Rk0xP&-G;^I;>14s8PQd+#z~^DD-6@nh@C&M;j16B9qO=g>
z7(!uhuf$$KZeiG?M!45;(77?pYpY}hcd7yIOTxI8p1Rojg6K87nBDAdc-^^gAWoqX
zWPJxW(6K=rNARa}Y_mAgYg#i=hJX<cxP0IQl%F!h_X$>b;3o!Q$1N@TjrUj$P($3i
z7>$JUWhkW9*|(XP*phhgCOW+KT-$B8)nb<*k_270MG11Mwh<CM%Y%Q69}vsg7U9Pu
zuunM(|16;^e7cB-gkhr*pEKR1F8IXU^2%vSd?(-}thfn}+?;|VnB~HGSN$N)@cpxU
zyX0bQ^*eG?kDtb7g&$?j&?9*7+WH!W4521gsnHAVfVXb2lLpO`uiID{HV56V_KUsx
z7^b(#-HPzm=d2@qPwqS+H;X5x+4!>E(+Zl%0n!D6OT(lSg;}M$Fs<$BZ=0azbhLeM
zEyKYz8m20s*5p%>n4P*<&-ydK-A(r-h2oCyoY48kLYH-lN8}0FcbwYu-Q)nQIs3Td
z+VpTifcIN1gm8<5?Q$<A+4fndT+6;bKzF&jzZ^uLV$~kE(BoX!9EiQ!7w}cgY@dv5
z^_HjYZ-6sKf+Ub$NEp%cu#Vs$Ucao-5nW|ejyF?`vPioB;<f?9P`CzdgP@^|j39p<
zQeeU*AJ^63r<m*Bls}iHXpum&kvm_9Zv6s6rR2w!iVzZqk@)!8?6QMPM3rd%cz)aO
z;BJIjloPeGZ99Oj)Q%P4MdyHM`#@j_W>ffd=z^|N)sHFOi&D}LyWvV`F)Rv=yq&qI
z)~M#{Y#)#K?eVurhPI`2V8nggMqAJHw6ZNmS3BZg1ziM28Bz3D5x%z<>+vs`2#vo8
zrqZ1`)7>?{**kN0ru(4H6z>-VFb7D5oqYBwMb&*NPoJeaRf(%LTMM{ShKOhRa~GBN
z3rz$acZ9!c5BNzV-04}J+`;Nef}=U$dlFE=1EY?FVkps1uR|l}ZiM^s3Aic6ke~Th
z6lHmZmyE89M<Gmxx`KW{M%G#be})?2P~J<|$i@;SA={AN5z`7lvWm5Sm_MQ_)8vFs
z?}}5wS<-zUVyUi4I3b&F>EB8>h6Oc-TZ=F)cT>C3U_dD47lI-Rqx9uqJH-vbn~-wo
z7-iq<#8x@n=?9pUAr-=Kdk?LJ!?xqO;52MSlfa5Nsh@sXIB1iAGeV9_Ci&$<E}`Y8
z5mjaNAUE<g-fxm-J$PU7(Jb{0>U*>?#@^F38B&U)_+>P$Kd=S*jnWOCwcP3g+2OeY
zsI~tzdc3Y10d&+EjeO|*bWNDo{}$ge9i^$em`LYq-kwkBLgTwl!UCFX!qE1)ClOH=
zW^OgsH{EohhZ6OyMGNOmZX#ywZc@^+q-F0qVxG0rtWi%E;S@GM_+e>A^Z#-6mQii3
zTiY<!5(>qO6o=qept!piDTU$=r8pD_5Zv9RxVuAfcXxMpcjpUd@1FB~@2`wO7%WEC
z%Dm?#^O|?|Pr2N+n{hS2TPOjncYF~zmLm1Q_T6(Ys~D?Af6P0B<#D4%{^tgON_U_=
z8k1tT^YgC{2P)97&KPK<jCy%^IIP&28kU=6WB8+4np?7_-f7L^ls^`H3l@aRdhexa
zmcOdr@tBsahfaf@T4}|aR;$5tkob)#L-V#gQ!@q5W$+bmkr#<l6r|r46(YXIu9I*o
zw!lJxUJ^ENE`lT}*%40*7ew8*+(7_5(u`rjSHJ#$3%!6K>ZrMtAd<eO11ZQX<FA53
z8g2^bc~A-IRo+WM+ID7GrKs#P%pMfT<gYSGqmZ|c0Fno;5HmU{zPBa70u}boyX@^6
zMmk3QuRZj4=BVZo*l0xjfc1*x4140+Ga-_BVSiuZUPSL7coBr8St5NiqHcLTGap8R
ztN?4cq(DXvuNg>;z<#Gga|(#_I&+-@OV;IXd|a_-wDQ^zt(W9cxKXr0OMZ7m`~Y(B
zi%edYx;+gz)(Z;+oSH$L|JH<vka;fkn{C?l;vYglAFB82idXz<zUH0AWH2ap0Hm{h
zUv{?bHu5-)_0C9dqb@JJCs9-^w+Gy|Ol;G;XG(n{OT0C*r&A%3VM={;M!c097$(Sy
z%I$Eu*`b>@#1Y8g*aq(S!r=wQy-0L-yvPbi&Pa4N%2}raYFH3JXw64{6jA2sF*q)N
z(Dj#vSPLWA?YA*#b%Xl^<0(58949e$9&B92-z-xh*WG0+5$y+$3QF(1Aa55i3k)@F
zM7oabLDYS6Jk-<=VSOxl%`XvwSb#S>-QEV7RWh{E+Y>L-(yC)>_zgMPn_`02)pb@L
zCs&EkRv^q^iM6_EnN8TLQK>7{tZA9d=}k*kz#D843z!4nOtt?sy&2@KJ|b?;LH4&(
z)@Txf?k|pK7GdJxX}#}^YOk!a8n!7@(GglPjO9a7&uKe3V^T%Q7=&NJrf+qglN$^E
z@^^Y_4Wl>UPhxwI#wqV)i}@S=&i%B1pr$MOC^=W9HSI@e?Gm0B5gD%?`je2LwGO=R
z5L}!L@->H(0l{3fr|+U}XohWeiTDSDdxw7TRa43)Y&MRQ06V-iDmJ^!`i65c>>Q!7
zTr#z_+;@ecC<|+7dQ3VHVa{@Ve=wz>eux;KI~Y))B>mi}0h$k@Xh)ww5sHiSv&tOv
z_NP`Al9%|g@@nGuc_PPWL^uI~NV6Ec6Zx3<{OOwD1y9aGE`mdL4lW+#8tZlO5PLy<
zB2)mkPEE+<O1wI-yMf4)DRd(DhfuB0C!`UtOFze+_6oUtj(f+QH}=s1frDUzm?x1>
z_L9Urz|K!vOQ+jCFttRsJfzBEW$?6c7JO|<Z*1e8pvh9!cOitzk_+2SfP2VjH{cUO
zxr}SO!b5p?Hx*HBcaQIr(&CTaxU~mQP?Tf$%`+r%AzufDd+a)c(uH75f6Vn^V{?N;
zkNcUh6GOk7N3=|$*R-<*qIWy=fR{n3faHNB-C>G~xwr{qUDVzfQ)AsxCB~mo0-7an
z;OluG&i&p@8)oMS#$msKxe={yuXuk{cARa04688{w|m}?4Yzz#uinROx{%?M9dtIy
zSne~?oftC|11e>s41SH^gV>Di9Gj@rcK2%mn@k?V$=nT8Xs?Ly;L~I2(7ep&SEIT`
z+)HHus1?yp<j1O;$^V_|@}NVrdKui~ucsSRV*QshgE$R6oa9t?2IZeKfAtj+#*_e|
z8_P(X1oJxa>OgW0+X<#gaqMv4LCfvV1U-QCJ|Utt1<Th?cRL`+>r_OH00M==5bpxQ
z4<M9~{hFAn#G*lz>>(tN*eYG}jKkNDX_&14OskqIOcQ{Z*@yUm8h_T&u1^{f&gg{$
zkhAmN@65#3S}RMvf91Eb;S8EJ4EfL$$^reJJCJeH<9(sp+t)Cy)i$r>TO{W@!93sM
zy>>^^w2bCg>l9=z`a_RzS<x#M0LjGbyn=<sS@U$X{b+x>wFp@bAna=Wfc8YP?)(~q
z`rV@OteXLGLrN2}c+;j4Erz6-49NyEoQAL7Ux6ANj}$QnLGVZOGM&lnO}H!R!hZEN
zjgAv|XvCKG{7;t?!-aU}k*K`rDOe{qRghTR?>(;p)~r}*xa@Ey{xyIhsa;hO_p`fg
z8bsIf+u+p`$P9$TGAzPaKbxHr<=q`<TGf~{oowybZ*CB-!6Dk!+WRoh`*CT;y6VQV
z;hLV=jq=cwAxLm$k|sD8mGgCcxP(WKubI}LcOyd?bU~0V3-_~;RgU-B8A`hQUFf7O
zMA%d27{OU<3w4V38f-CmEc<=e;}BkR`5#dDG2u=;(YuqPs`4fDo{!=lh_b@l+!0K>
zv9p5+$s;v32*&wZ8yQ#UlNUzRs9ypJ*AIQo8c}GoxbJibss9}p%%q!kH;hV?U<=U6
zFRf4aM!%Bod2O?ZwGk#!o&_B@kI)mjGU;xe@ekol);w(%95aooyAlkm%aUGnJj3^f
zxW4yEHM~s>YAWUmlWVh|Lm64fsNfXL?=sYUV|N>58qktruz<8Ly83-4pW@;Bf=gk3
zdBKru9`AqDF^@q2oXSa>XMIbz(R9!v{SX(*0f+UO)}-F_hwrI#kk5yFImmOY`d<ON
z);W6d`^BivCO7m@CYVTYj`5!aGaa}p%$PHGWjXUG>&h;5XubT``KW*r-}iXig#POu
zL8$mzyLJ$}%sj*uVEQU+UgY@7BalR5ql*$TlMZr1LWz^8P)OpivtL~@0iZAZProQZ
z8yF-Q?J3Jm&fFfz%hl6b&gKme={ebfWu9EARBqPiG{^}J?RtM|z!4Z!eR6TH4~YH3
zd!^I>aXcNpHqOgksNdFPL(b2<o5rGd)5&^Jsn$f18FkAzA#gUiHsBmWbom`%gI~R7
zlt8Ziyi5)4(>$@jnS-M(d^<FXn~DJj+Z0qZ2NJBqm6nzbZ+12j-PbwKi}<%S#~wFq
zo!~xn(lUq<X57c=YV8Xeq9XjdOgGZnhif8;yj%^j;M5lYvV&LAMl3-b5Ij=TT>I3l
z*?j=fu^c?P`1w(DNB|Hch&#z;=LJy)OC#*KIGhP!8}-K;G_sLDFIox7ZU-z-NFp_3
zkZr+?<zON=?0_tz1wvsjyfTImLzbG5dZuAM;~1ZQ@C<ji$1}@tFp<71B>I%=0ZjB;
zS}SY&sDqZwg%BdcV$d*`z!Urm*F*<hH$YrUnvVUeN9T}8iagZVI4;!k@>|!}Fb!^i
z>A=m@$QZ=-GZL^GzcSnB;D^ff%+t>1od^-k{0JcF(_cRK+$3NUwfuN_O^c=U+;H9%
zo+WKI485y3JAdX#1<`iKzGlC;^xQ2o+0SkbyjlvbAsL{YBxFL;&AGuOE7XKspD0lm
znZ?hX{A+}@V^1*kk>s|K=*~*|9*yzVQeIrw&lLWnc?Tv7NP3B~UGKcTKJ0b0-?SL=
zZ0XT}A58dMU<v#DO|NGe9rT@E(;#Gqqxa+IgIeG(3xW41&Tg)HTT%S)tMRts#7f9D
zxS#B3V?OaFw@soku2h*|P$H$W7+ZjNWmV*Ib~fzGT5g}y6s-6;9P%H6WafivVk9+V
zsMQHCvjsnCA!0LIsCAYgv23AvghK^M-_Lt<R7JeNeNMh`Lz;s9S7)ZufLYAn-LqH=
zwKTt`tJy|75cq4ZlwW{bAJP2T;PNL<6Xwb@9NE!XJYv_Vm*^t(k?fQ0c2X;gYLGxy
z)vwv9!}TJtIjBzvs>4g6v1Cn_J^}D2aMjl;)j#vJL`-PVkCIu)lJxXEV6-0eEVSwk
zMd^fGjz!pZ8t*F~RO9Z_j@)RhKqQn_OBGlFTF%hw<n~YfL1ay|PK55#syv@X=oajB
z7VkTYKoX6uU5C`hc$m)6xVXj{%5>qfiWBgRVGk!5h26eJ9%Az;ga7f?I~-6>kRf;|
zT6GH{QtKx8QZ3=F)jwl0y14rpqdn=XsHyEYqK^B0Q_-9XflWCqqg7}hc;%CgA?k~~
zPdPE;Qx3g|S8(x3VJUo=Q7|?s&Ac8_cS_Aj59Nl}r?6&{XHq8d(*m&-@OLc-(%Y`2
z4(BB7pG+xZ-npWUtxPNNl(PXYWyWSY>zs<mJp!wK;_Uo8IN0}_J%K!@-Gql76y0wV
zpYU_s%CeC8#p6eUD^uBLMF=iKPNaV={^+3W2SY@^61TDo7%{U>HV$SZ*OYsk=O{2}
zSUA{^14aF}aWn6sj@hao6)PXxY|rDy#0dZ4mm8OKm+veyxGeqcsLs?Y6^7E31;A7y
zZIRe#=TObdg%MosP^PRRIoHsOo43or^YyDRCY{AK;l$vE9r4sX+Kld99s~T}Ur%+4
zc5@ZiP~$lwP6pd`z>w8(>Bi3|885-tY-8oSci`pc%Swgm1MQ}ZIz(23he-8aa-uB{
zmAX(`I?IcGsiI%5tGXr1srV{YKHUxWnk=<p@p~fOtZ>98f3`e0={-w_lb^8X>I*+3
zJliu?m%4g6*>8mB+rR8A6<x&|t2YT$_1INtHQg&W>r@XtoRX@4e%M(Zm?kz^`eWyL
zFvMl*@COo%z+9V}Xf(5A)iCt_*stJ0b0?v~3bM$-!H@~@9ukL?WZZCA)pW(V4tlU(
zbZE27-Cm(@N4^((csy-sr=}z{Z8)mWeA+obFx!MDQqLroV?%!ul<E0Xo%2<7PKf((
z6xM8Ds9{e1q|rEx_e{o$F(TP@vg)Wn8}4T!)XG!WP4Shd^X^IV>C_ymR!w`zNA?hY
z;o=1Nl+K-@a_Y8~`TMr3v=X!Yvti{*4@v&eLZiNRn(EtxZ{>1l`mU)XxGY8uFB4pL
z_r^_GdVBRN!XQ4!ekId|9J}I0*h!Z#LyvzCut_?Pd^fq8$kjX1!dUvB)#*q-jhkE+
zZ%>Nt3SS55f=-$;P2Z0l{rK7!Dt>|4e=U_fLl<3QkWLgd6QLn0%~rQ^gu`<}uQ{5A
zJWU*TjDCG;7Q;%JQg@bAn4(pr@i98|AAo5PBj9*?2we=||6yQ5Vx4cXP|>-EZ1g%u
zcaddP$GX`2#@2S&cYJPQ|AUA72n@;SVG;(UqcRH@R3&o<ATs(vlA>BJ*5m#Jev5eh
z=O;-a9=>M}dgv8?IvR_+Z<Sr*2VYuMtVzOnvFr{MTj3+d?~EQSI9C|>E3#wgznkex
z60bhkkMnRp4@DIhEnO>Hj`6^kYI)_bojjyhpC&pFef(_GvwyE*vd7bK-5+$M-Gt?g
zz_)dIap)7LT}i=o=ElX1Hejdf@~vSb*7UI7)S_Z$8ASPg&}_5QmR-}K?x=bIxq8Jz
zd^X;)duq4CnGpTgf*D!Ec?&jVj@KbHgn+$`zJyfB?Xs=Ge2AfN?mhd8Va+mUZ-OC}
zgm~Eu1*m+h?cuoWfe1WE=mO4DZ<XySsNXRuHD6%6UL5r+K4LaMyy1UFiYGL2gNJ#!
z9pIcY7v6&8I08<s$p5&9El&^YDe45mflVml;J`u9OqLteu7f8R)X>^Vv42-iq@5yc
zhPYd55U-ljLu(h{Lf(x2vdIVPqqu1ZdIP@lx?<M~4%seUGB;~;6b%yK82E^EAcyD`
zNB7j^c%+s&{o0K|jHm(b*kSBc2yjOp7e0`Ik*Poy52fHbCCGZ4K>2-J!0pfFA<>_B
zKab1^mRqLOh^FK%P+Q4x(>2gessDn=Gc<p?q7TwLdp1Q2AuyCqmf+>y<vYDl^BO@G
z_07gp`U-1Xu6Ygh?vM0nC#qK5%~stG%Fh!6R486f=pfSz!rwmwAhMP6o!fN@Oj$w2
z`xc0*7-AtJRiD++@CJyaBp@j0RtDRkjtScd1^b3tPzqH<-XyERmhOAc3(v|@-D1dl
z9J=G`8?Oe4@}%8(a^aHOe37(652@kRKlGLt*AqLI>g}V+2bA?-#*HXs*VHv1Ya5((
zBG1RC*eGcwUCXIQ$pu2{(xPeA=c%B(x_W+J0adxa7*)ukj{%@pzJGZ#;;m8bcdYXJ
zS*Ki)zepZ$Gl-3iZOK;d64Z(%Znt=Dm~FPFNOj;_kDeyKLxatz70teUkGk1h&+N8l
zxxVEnnH=BTbuq-skz6m!Cg42FhH+$VTS;wPu2EN!y}6y(FKs2C*4a*YZ!p*XcwKQC
z_YR?GMT$*(FRY=>yBY(91~#YL$MDuyGxypY$uZ0vn^9Rwjm;8RX~ftHJSTUXrNA)H
zeo+!Ja0vxf@+|DsUzUB2*(DMcK<hPtQ%n|NuCp)xf+i1#2@Uzt|6V*A{h)R-Y_7Ee
z(Za!C7n#oDyk066xowV>n43>3VgLSi5&|@ztyPaL9L5kMhlEgi@8HfG6JGINtOncb
zsw8>_BRjIV6tJP4G^a*OXbk?bJ9rWdS!UuxBpc{Xng*bPf$V@2A>N@Jsd(?8r9%oV
zN~|fY1&y9WQ&S9!y57!+_Qy$wLs_yTgxN<h*4V+d(J3zKGx)1}5X-PoNVfO=(b4q@
z3^InIk#L!Mmx0%QkPs~^!iU~8U;UH8$GYQYBI%9dQ!LGRz35kAiG`*ccam0X<_e{J
zbj1P@YwwmhN?lMx5W7#wEo2L42WqFiF0UoAWxiTpyxh0?adK&>3LwJ!_my|vEx^2p
zQ{}zwcYp~zGWD9HPnN-|S!~NzSYo#h7B|-n#65CJo}SBmYl()ynGcN0IBUm2y|KkF
zlAp{<6!$1**J)mkX32Mi-B}RaZa-D=U>wlA;nv&GOIO6Ea7Go1O5f~g?>G|a#HmuP
z05R3&3vpru#+n~{oB;PCW_^u9Ds&`oNBHyst6$}tSvuLxiZl!BO$M-|YA=7o^`I{D
zRMPQ(5IojbMc+my;G+=_C1f#Fr9!1~`p_Q-jm$0RiWI*8tuX$yE3w+F1>ymJ68O+&
zp~)3rpYtV^gzOlfl-K!J1Z3GXP9*TbCtf9A1MNFy?{d?Ff*U7w7+XeW#(Rq~CZ?Ph
zf5dN(Y?ez5qVM1{2Zy?^2^y|@_gHqA=^M+S#a|$I(;XHjE>#$xZ9juFTo(@HVtvOd
z>RUJldE=kE{rX}64b%8#>|lisicR}lKz=B`Y*N@6$|?K)G0Bdw;^53CjtQwa+F198
ze;!C180eHRJ$=0`@S&sdI<0rz)5XqkqVXF}T@=PMn_J9eG7Dp)%scm1V`o6Z1h(z(
zITN+GzgG(<0PNPWaLW$|na`Fqoo5*5yVyXx75z9MrdH}xL8@VRKQlsJ*DJlF**QWf
z7<yDEimXXRV!>dIPUNVj(ey68A85@uC$kvH-hIAR!^S||O749eb*s4|fiB_JE>`(z
z4xqbC>~6;fY_v3fq$*Ztje;0!RGh93JwMf+;K2}myOzMj1FKusy|jsMvFBYlIywbn
zxBG%GmraSgeFoBWZ~6)udCAPx*jTanA4h-S+P(nhY8?}UUsk>n$IMM09OE%*s0kjG
z>IkCah(3RRisQMTL?oWl{KTG+%v~MhM}$xRfhL-Dfh;q_pxc4J?}5lA6xCyGJYN_O
zH|*$Zt{ZKW^RJjla>)V=@2w?r3_|B&@8~C^c>`gwjeB-&7vw97{(b(LzTI++O%G$D
zDA%U?ekwY~7nhJTOP!XK^VVHwfePAg(snlEmkNPp&;uC)osxvul0z<J-?t!GFh!pW
zwCm4vHW*Z)JHh7op3mXu%6t(K7s&ncV4}kt;JVrt;G1>RE1a3-Fj7*Re$C=I?2f~J
zbnu(m{9Xp*=a#bfz01Xv<oPlD*DSeG3*W<@;3KY^DE%I}EcpYnxeB9@pNchKWQD<x
zw-bBg1%@mplV#0Hg-(@b3(W(!!sDyL`eL4Nju`DYFAPr)*U?ao<ik~ZTOS?If5&a&
zNCeiP?9)OPo5xxjJyR_;{E8mWmQLUSn($pM(pDh2h(~5nyp}>UxN!~-1A7cL?Pj6X
zbJ{@gRx?-OYkm6X!Tk~fRjPD(Ka<};g^dH>EEGyUoXlj#pq(cpyF9>@S*80=?eqW#
zxr^eXAR@AOzI#KGCC~<wQffoGB~!?`W-?u65_A#GYRCPpnDaAV@;g{ovHx3ci^PfD
zc$keOG+z4o6f-2lF{zN&)zbVxZ#19JknQ8XGqQ7Hq0>E}EPCQmc^kapW@Ea}0E(pc
zWF*$!Mx(R8*sSlXTvvnz$(fu{Eh#M0Tno<_J{6+`INF)cM1QPN^6^}<m}|DJq0_3s
zw?yyppqf$k^n8c=hBGu1MoUX<Z<r~GekN*lYi&>0U%!Pxja11}U+wyV=)5m?!eIGP
zGza;hyF&j#nR(+O)o>Fwtas(bA`)u|Pg)ywpA^k03wiQ!8ES2qzg6z}X19|0a(Ik*
zt~l2D_#@5J!!P!I7o|J>yjg{tWopysd-Y?2r?SD{H4+6Xg`^wZp`S_YjGuT^@&LV;
zEdHQWFq<aUQ?-mndfv_(evSNbztIY%2eRL%U6OMCEvcnEFXxFiH!diB?b>k=^XQhY
zLu8ftl7^H00dPRMHB@24;5^zy9+i#^qdUw8CcThOt#L4XZ+80Ljjg|D_8D>BU<t*m
zk=?A<T>fGKWqm{B_vx*z(4Uq7lrWExrNN5A!Xd2rFITNZt_id&PaNt(QI@T$r7?M{
z;*ms5@ijW-3eZX1Cn{bpD6^2!j4ox;Wy68!NN5*lyo%L4CJdzC74HEFH(`y^>rui_
z_iZN;H;W{uGcU9^OD}*^HL4ieZ_z!Jp)44aoOT<Qcj+sE0?Q)AZb{r1Mk}0!D)?Wy
zN|OFKOfvjEjfu6%(&DJ@>K|B!?(p%&leEt|q<=?5L{LZHFb}a8OZ<I^YLVeUuJ6R7
zNyHdP$9TlI&&~j}@N#1_9tjs8`rzMzhvDnhvi|o(L#`@Hd?0Bw>`tJKe8#YDax5mX
z-Job=EgNYIUmzh=#160|K4n@nq9HjCu2t|s0XEYv%aGR#6*Kz#$cz;|3UlW*iwn)l
zRqjY33C$lbIgg@l<Ymodn2_DQ5n=M}|6^9&Oy6*uNEA7@?OCK!^M&3-zO<T7yZjxA
z<4#amO%2IF9q>U|Z@JM&T7gG$I0Z2xwK<XIJ>Db+(F!iJl>m`2X435~P!*t;gx72C
zhh|ajx-@Tt7rowme+}P2kSh0}tmU%7E9pLu-{({nlWyj?!L{))rwEDl$%oIbp93H^
zBCOdrHS);1#6CT4*RKh~|7KQ7O5}A&N5GT*!>89?zwJ&euD3j_=`2_q#I)}<G^%Xq
zoo7h3>WJtTrN(L*K@oxndCtwk`%+y^+E0~Bm2vwWcsD!yzA_s<>f5Y$ng|>4fH&j8
zyml2x1k6w%`f3cITnZ1p!y=1vXuCE$y930eAp3wd3_M}lq(|^UdTB7Yld9UFmX0ls
zj38#Q|1qP+_ppxVjfPwvhy$};`@)OBy!BHO=1b>!LuoF~RP$<@Ktt7Y53ySF*|5Q7
zcu<k%4GJLnTNZLzk!lkSc*WqcT%`aJQl-KX02+5ZkqGa9e7Hk~Cir?+GBEXTRe}~J
zt|3l~qpr)&O<EYn|0rHvN7e`k<RnGE<&evg{QCe|VZq%F5_8eadxOG+l+u$VIDZ8W
zBdAnn4S~~IbFt-AnQf{R|E+U8VNkVn378%S0>o|_&UN+m61yo90byTIRZvh5(>7zb
zd&ne(Mxw(na%rT{&w=%|3w$Lh=y9l&<xJ@?SVSD)J(trQOed1HODAhdWKL&-WE)x0
zb!%IdY8eyM_5=@9Ea<LQVZ~+*6KV~P?`)RKKlgXXnkq@ERI_Rdzsa!j74$MGtcB{@
zfA!NL_Xz3aEZ7wl5y64clGh>0bXP%K)BTOp?(lqQX?QHB-Ip7+600YQn0Q(py6*<;
zWZL|M;Q88!PZ$pea?fuY&;*!Uw5A3e;c@H81sVXrT7W<53d5-_I_+H*3^bRju2!CG
zr0W@nvvoaHE1T2z0J24FT{~DLhBvS<GKsMxk4EZ1LM&Rf&e>|m0eeo{Z62XwP*7=U
z*rEG4iKGjp35&@%4Pu{@sWcjiA`=fwtl5%SmQG$zi|;w@77fCTbz?VU&64uP4Gjp0
z(Uj+<(=71*Y(74khnY~(>XH5ng^&wLF)LTz#F8-@DlFsuv_ggflk<Wf3K46qqcgUE
z3sc2W3&bCEB-_7k9X~JkR1DZefjjT1V{yC8t_1Bp>i1WSa-DD@+WhqUZ)b#uw#w^-
zj=8}~4Qaxs$yzycI7A90WF!XfyQ|*(xA=GgtoT-V3fn7#&E%#H<f_?|96mNaO3E*v
z$?_`vKbWE7Ewt5mhFoXAN9q?T0Z}6BtIlM}f;yY$UmdcFZHUK;j9?6aykxssR;4KU
zj%?r@1N<;n^e6}wdcw&Ro5nr>`&wdsuSHa&@_L+?gimX}>L-n$hsWE>(p=eQB<_O#
zZ;kmp08MTdS(H)IhH|Eh?FwBK%5+!nnyxG=;SmPa>jrNhAN_`-92OE1Ee3Dj->0>)
z%;}<|4THN#CB)R9VBo~?(uubSAd7c=yu7v|&Tgb<zL<w(5Lo&@Jw3@nW@DKpYgh;5
zBFVlsriW16vf&G(bE998mWPUrRiP6NhimkFs*^daVJqI&h>cmZ!&SpB;(lNoKrUI`
zhm+x`)MP}(EAHe8r56`pSf17gY5zqz!(r|rKiu|aPl~V_$cm)#{SV$GO$q#w{`=MI
zB?p{p#q7AHs3-HEee605ow%b{Moj+TkyN+5)rhteTsx8-zhbQ%|Myt%0DD1=NS{F%
zJrWpKP;>vZ?YH5igbSq?qoc0^xt>zuL0|3sK4$(??pHSfyN(lm+!8~!Z{a?zfX@V?
z@7!G+a6K5Y8WdFABH#lx%P{hgo{&_Fu{U^$tJx@lUviS9QEM)@OZzIAH=8b*7ddc}
ze$lOd6Og#oOL!i-v4QIcVa?GpFeoQ{HUSdMS4V5{*7tS~EeygsY#XW`bR>3MM#lK9
zsK_z+*4DhN>O%GrL?h5QaB?2f5A+BbhGOKzx~P;g{>JwYp7shEIFwM%Lxg221D$1v
zr5|G|JxU-2!?!UrFbs!pr?_1!n9St($RzW1cuy?BerRCibCmnIqIOcjw7P4H*^b5%
z!>IDs%{+b#OAf^n0U0^cc1IY9zwbKz{?C>9yX<@6tET&_pOQ;zteczp6X#nhEMxF-
z%;ihY;z&_WcBWE8A8UGjLlTeh=EMgF5^sdwzyhf_Myp)TCvk1Rjs#cp^gRWxuz#Zp
zYauQc6W_3$4iTR4fByIJueFA=X-iMo;Vg&?&r5~-Hcy*;V}XxaEcoA>y8!51<6}f)
zcjBqxa$ENa?08>vfmejZMGwRIId=5W&{pb8P{hZae{NRz3TjzurcK+Tyz4=t=@~ox
zFO1TzqQOD^CBQCVNJi<;zm0)MW2ieKVaApn(G<TZF$OB}K`7BNV`IgaXW$w)RB8V&
z`b`S3zHj0k6GB|>w58a>F6t@?Yh$`VM-rgid9Ej>|Ht)sUyQ*qcAv?W03_n@PsQO|
z5=h<)#enhGmI%3ASMvw(S%}Qtp>!r_h7j0H>f>dw@(kPU|Mto>@wD6mG|{3ygG}6f
zmkn4Fj{F$a(n18VsxB+PPL!zJI_Kwk77?Da*eaOX_IUR8>ygMu?+TI9lusA3d1!4O
zuQ&WE+}+T4xn(*_C}}AJnU%oQMty_R&i02uL1C=oe#CA&y=Qa*-rvCk#&=h_Zd{hR
z%#HDufbMF4lG(ea?`sZ8)hQdba+ZIz(5>o#T+j3#i}2}NQs8L{?*nS{wf`r&PYCX2
ziI#2e31@pIA5MISD54o=H0jHWQvk+?$Xks>ZV9wRt~^(Y+UX-d78dV<f}fJPs@SAF
z42~j#B_8MvTS&Yfa5W@D4RExBP*q{G_^-c_wr^Dn#xFxU1EzHQn?vq!A@b9o_WO|F
zqt|=wkt7JEa{hzEw3L9kgM}!GEFTUJSJJcg6<_?ztJD(0p<B7(5TXS<7|L1uCDcz)
z?zD(lI{~Hy5TOt5O0U#g{zbhIeuY>ZZS<fK&o^}h<3e&Au?{>wwx9D)`4-3_PTLuh
z@lc@cs{vS{e3Ty*rEwH&df!P+fl@X;tsNYfX)QU<KPs$8+|fhtN(^;Py-Ty8XVzl7
zPT2Dy>ha0RfgP@-tA)PD>rx_9z!+(V$lG+O&a~8QrCfS{vcRI(cEC-W9woR@{rID6
z!)Ft4;jQQCx1#T8!pIlr747Bqy`jksGOQSct^#5!&bfz6Zt}-&Rv8MT8*jzC2pFP7
zx<~5>0ef5zaoX9M3)AD(cD8qR%MLcXrwY`n8S&9nS~6G+S`@S@FNT!Ks+%kmIL~Fs
zzS-os;XiF5#~M?jR>GyX{QHyC_lX9ZPhqnNCP)s0gtzMhxZ}Ii_sqYn+)S3MBD}pd
z!hcTDNW)E@`L0~Kn=Lg9LzpkRlg7J@Bt94Ad3OmM)Kx~{r+QCfac;=)uKxT-J_BN*
zqiTqoVx&Krth?XTvYFAckxP=I<)yxDVgdqKffSC%PbmCRBH=iBbiL8@M3v}n>ub_?
zHrd(gamZrSmUDsMe1jz#i!cwi8CvL7NgOgQ^9m$V^GGGY+HPB_xQ-_TX?C@}L+mQy
zEXE@qP`8}i?KBJ>0$OHM8Pwp=@PcnNzbhaaTRusi^F#;%34fV10*^&&`Vm`7$tyH$
zviB>a@H6Phxn#!hsz+b{p0hUi&;_}EzQTP3v8PE1w2H^IGJPN93nK9ExYB;%{}-%6
zT6@7(bI2h1$QFUa_%)D?4VmVnmi*JHEVoz5x4(Z3(*qOW?d!YY5ScvN9)i`^eQ!?}
zKF!s0ROfit84z{8bW>?li8!an9U%AY+8h}UXjc<b4CMoFf#{I3KVwAF|K^FKCkC<$
zCD$ajWjm$i`PD*We<4@=O8*YgGF37<WK43rv*%4GFM7Ax+AnEPZU5M;2q$JxV;o3n
zHsLBj%8HOUgw<qG9+}MSxN47OixdE+j#<@^0nD)&597k9eE;rEr&%ra44WRd$x1Ut
z03~?L8$N1(v`l6^k{rh>Um-0a6aLyw=_3Sa8w(hy!>un}zu0>mV$)$WiXjBJuMr29
zuSonL;|v4V*|}MU<9JW0*Mnn7FeB5%L>o4G%H^Ip)cNjj5iz9LIjH1$<SnjJ-R3%;
z$L%8#!U(xZT1xLHCS5jXtx=c2X%edpi={jC-|3vMkNjXXnS^&Ap2Ggv5bByim^;G{
z{vN;$1)tD<0k`58l@zx<*||T)rH4?QjIAr${m~4D5}}o@DYPpu9O4?I+x_26k;YCw
zfw#S)VOq&Ih4ScB>xHVHYQExF+?=?vCpcs1LDI)b+=}j`Q=HfA=G;!hNubBYU6o5!
zjR8SQL$)$NvWg=`a_Qc6@`0_Hu7RU0ep;eFx7<+`Lit_&*#!db8wszsc3E_j@cBg&
z__HUSw_R~7B5sFlI0{o`$nEFD3B20F$%tq~+C+2JF1d{lZJ4U32a1_8KmNP|QVX$G
zF_0a!AUj;o;-;5HpuS}wk?MXyTrO>IgEczB8~KN;=qASpq1gG=!5DrXiz1f9ovLb4
z@ty=*nvt>L6dr5WohfulFi#KeTbS#C=oymXW1solzv$C|2&OSEvmN|PhVGbJaJhqA
zUoh#SIIgW?Br>>0gw=7`6pLy#AZ{8|YTB^;M;qQY#Lgw9;Qn$tw?CHBwfW*0-myKb
z=ocw*EA~YgCkwm@DV7eM?J^U8$UxDdT(SB;<(BvYb+xW<W=16=BO_QxpgN`Sv~>VJ
z14{u!(UvE7U48U5>Dp(|mIGx9lL(u)Zws<b4Qvrli(#pxNNJjUC3`Li0%hT5k)K+9
ziTc|$rvWqwJcI!k@!q2W%koPVk#^~ZF6sw&$^U+FR^H=fJFIxr&H2z(@ZNFJ-36ty
zNn<h6Fr5)2dHBZ;gH5q!*R6Q{MW5F}MT$OwCTrF3ZK|XDF$KYXXd8$P5<8y9=!h}A
z6mn(fu82W#HN*1&7g!jL%@Q34;S4=whgt9^HbFw}2r4vxjzo+aCZH2}`!dX%#&MS)
z!+vm$XX{?jkw>+I%+1735#Br7`$p|0=W2^Nt~+|*&8!?o34Np>X`v)+p@;CKIH+$N
zJ=fnub<OTZQx1M}w2fffXt<{nS@1BfL-Ws+yP!|~@H+A#2*X67%Sf;2xi8wl8TiC#
zsYOPXDYMj#JS$?y#h_l`07M<#hIxZ3hP9=qr;kd3v*w?M*=asVgt`iEqY>P>nvQT3
zA_t|50u*Ja)Vvo@HBkqHlQioXkURP21!G7G_PR(?DJNkF7L1ZF8JplgRRx%HuN&Y?
zUHLiwU_=Q0%I74l#%4+fAqC&$pU0D&DVRivP*e*qrn>CA+4PKhobO^pZ65rt1aeUI
zhI7u9R*6TEhGV0a5n$(iStorESkJ!Ck)%d$q;@s<y}+R);m#PU&lF*U1*fMHH(6~E
zMxeT_L!kuTTs@Y_Bfn8;vrgp7)-rzDcKGqbo0FZz3~V9E#G!qTKVnOUQM&UBrI)@b
z*PiAdX3&5Vrjcg#E@ek*+3Wrmv-X#4VzRG>xOyWt#KV({Nw*v3tl<0bC;5nA=L10;
zL863ZlYUBLg+>l|t8rb5;&#o7AgQtUOuIrvAt2OtV4G87p&8pBTXKVmA1f4F;9{b7
z(0h22=HD}-0vb9cF%Xj;rrh%abiFE&G2mP6Sb%))z|JUZ8`|TVQYCjfi(S!{us9=f
z*@YShMirX*2siC;d_eW*``;d<*A-5pzVBK2k0^u|AQL#(dV-N0$6}|p?%U)YXA&w~
zi<3`uXoN~7hy}g}qi2Pp_~Z5Vd}{d6w3y{(nem9zZPhRr1~;`{5}UW%9TrnmR$LzM
zotvSd7Qk+zv_fVb0%Q$}?nbTgd<hM3bW!wqvIgd>cCr;BQJSl!e#`xnvVsLYs@CHa
zOi(sOnpw`%XZyK}Y3xh0!q8C(F><7tF}cNtpEvuw=^wAO7G<mlFU*3|@<#nx)dGU^
zj(SOa8;88a4`s)bIJ2~0w9*(=20DtWLXLp$r^X$9Lq+;65pWVj1W`U@eZhxvkuT#1
zDm^y!MSm;LA{C4laiFs!*5?^So);jww)oPICN-`9em2ekf&A&Au0@se<xe-{UqHKA
z`o{<Cl$9Lt+e1l69{8+&&Q_#aqgw;j_TL_m)H)rhhYQa-I`0ZahC4Wm26SS6$1YV2
z8DT%?ur5Qv$mTwMT9_T-6i~-)Y?Tc!Q5-htCb}PfRCY9Nx{}p6L<mxDxVFp3l6jsy
z%BAVy`8?9j|LsHFI^{#ap4hNYk=JQXsC(oD)OY<)l@C3K#*j=!Ww+u-{KVhp16O)x
z3)*Ik%p5_oGY8UI^l{VajHUMpA6zw^?qfgvF-`uzk_)6Y5a1JX$DksBO;h$wR4X`9
z#URm64vOLhgqfmU=rJ*UdJxK(eCshH1w6N7+@%O2TPJ6xcE}&r7%<Q@T9nUak1*5)
z(XZf^Z%8?o8rtkiZIxCXsXf+C^O*T<SS{7N0qH)=w70jvm;7Y+U?GpaSY{oB2|;2@
z&L}wT+WR~+^Euo9_A$MxaArLxi=2i((Uxqn1kE-7e){ro6-XY7jscN|RzJFC0-*XN
z@8}{%ZRu?lRH3E!t9eh)O-Kfbn9gCzY&1q5(RNaC^u_`s1y=&~G;yNe-;L8vT-`cn
zc2dTo&?!OoEs#n{{EDt^SR-HjEU=Xx%t(8&MHZQUTk%PohoY`mWZs>BFGe2^j5{xN
z8O8X59yaMGp?461ZBEaYHdWF_P<MA;LiU`0p>AG=uYH=0&bZ7J@!u=}dK9hdZf5ho
z;sAaBYd;NutVi3Q`;KNB98{=7-YxtL(o+W`;Iwc92b%`kl=ntQd05Hx+W{=3Q}!`U
zj-2nYcIURd58hLR0~h3W{QTNF_Rt&bYZYfkTU+cGEc?i0gBq<#6#?N<PVQV-z3Yba
z7+w-w(5=2gaM)<76z6);do6SpYK0>JnAs3!W4V5bOh?*M^xJb~w*vP6|9$5S7SOdh
zk33Pt`RL#vlkrH{_o*%pi7dhrb~_{1n_R*e^;z!|btk5~OdOR<-1$KysTCPOe(EHM
zv4s_bQR9p0crQi)7|~Ue<^ucKh{B7GwHePuW#HfPw}}bErJ3-x*R<h(SGD>8cgeg(
z1GQ%)N=y#3Xt;QqVHMHtBgkAIe&kJy?)wfKITn#vGUBxB2L=SqMRHc=49u{&M!)dh
zYxn{_1EHr1)uoMIPP2nkPpby+9aDbi*1K&cpZDIvXPJ%&+HCGx3+s?F1!W}%10(At
z-hDRU7#uJHj@6uR_4hw=uJmJ1G)FKSO5th~NLqY`%#vl%tX6D~v~1?@XvHi;SPEf%
z@qT9_nTU|Y>VD%?hyxLW%-Q`jJh}=G-*J3c<@RPM5kJWWB_F-<h;M5n(DA(7db~oE
z<!&`|WHZh&2njdbzS1mUz006~v&Q?vJ~*$9v#D}tc!PXVmI8R^DLN2b3PuaGhwN!o
zB22suCn22QzBaq9tF7&CeuCc`cJ7wC$f@aPk&_L-L&WOyBa*AEi9;*0VP@=sb9pdd
z3$wZHwPrCY0#M_Y2W@P2+-Sw5EOAL5y)E7X_xj*b^jZ_?c1EFh1xe*Al5bAtSK1uT
zTG!zil6h$zZC!GB?=)wt8Q%Te7q75;K(2F`1XZGhukN9&6Fl%0J1&`?B|a~+>&5fj
zT*B>*Ua`$p87AVY?8Rg=q6F8gcZW2|y+y%$rKkHxn^Ux!W-3!$j$ujH$`&35(mY(U
z^?c4NOb+bt9)n7^Y9N`wE(cEgQ_QOF0^P_BsyYJ4rOfR6rpBmO!O62M-|LK2{(_Bj
zIvCu>mZ3_HJpDicG1S%0K{@&9p!OPUiWyRY!9+(s=s>4w=g8`L5D|u-9b!BB)~C(e
z#t3YOmGcW9xPV^6eP`S@@r!MIm?Yrl=5!2&<E<Fg#bWP566a2O^}pp^hotoY?O_3K
zTIxyp?}h(8InOa+wlmn}9HV1dfMZoZ$CP3p@1rp3aKek>_zK)uE$1bkzw@aSDA&!Q
z-b!SVs0Q|H%m^o}yYx4a`6kpu`fhl|1a8bWu)(B@gQt9zCff$fd5Z4&(4|}_9*uhF
zW?j{3`81QZjt+@xHK_X6kCpyOOY?^56A)G8)xm^pASOcW2ih4NMbrTIPLI?du3o^I
zENfVk@x12W`axaw@3saKR=&}we8y;9UVbBwbzvHBTqvJj^x1S=Udn5*E4(Avea(}T
ztNBsZQ)_NK+r7sMqJowLyZuml$4pReq)DI19!nEr$rh-uL_qsBCyR$|jpX<J+{5`$
z9FcS#bM_kJ6ck3bQXl${6J=`c=3tU*%?jR+*W!t6(y??FW(Dds*Q^`P#W+Uxe0l;a
ziea$BmiKq}dchz~hp5pi76Wedj*`#XPW11~7&&vf_LsR0t^)6F>B1q34Fzr7a0I^!
zee@YI$Vsn=WhF*YNY68xPC<r7r5<5(EWrrr9Ou({%G&u=Ri7`CQ}(&ayqH@)o5U5D
zFtE{An5u{9!r9R&<B}D#HWHe>ECi>@bV*~``N44Z*!Riy&*waqg+tgHwj$$6Xv;Jw
z`T_vQ2benv55^s2nlDouKZF0*o4+1&u_OX9O@9<fN0R-c^lHcX{C@zP(YV-)gDkd}
zLd@logX7-55gG0ZDyk9nugw6v#Nw8Ip#3ZJ{;!Jt$D0CCRk8u6sst1wpQ&NkgQ0p9
zmO<CjKGmSe=t%VU5&l2TkCoKD{E)t?7aG}R?uw!#BB%n_toQ>%LYVH*1sA0xT02Rn
z>%54?ve{@AzJ(I`dXsw$b}V&luG#x$8sMtCRHG~PN<*G+j6iL(2BrLU#VQG1;WWJk
z;9`VQmx$trZ!2^*G5QM{;uYxHRDZNEw@wtZrKD<xkG2|!j0XC?=F0LCEY!p%(nLo=
zmQ9R3mS{C4D6Hzot4_;ZF`*ZIr)1Kh`i}j$5tJ88LttJgUlJVsrf%px9MSx-6#m&7
z^N|iI7LfFe{o4`UI+n}%%}tc9utn5|meN;ABEo#ZVb1?cPFDPAbLL4yNBGtAokJxA
zE9Sl(kj|pR&MQui)_U?y*HY1cc<EkY412aLYP>o&_<cQfBleq-&_&c)a(aJ0y9pD9
z>0&aUMX}Q9n+e#|<?bnrKN|{cR8gh{5twaecu^=Y2%oY<0y555pKf}?+n%;IP_*J)
zy^dqc%B-BV<>yWVa<#t*0;;b33VBh=C1|scxrLFvi#x|x{f>7yh<y)<(BaMX2bRKT
z=^D(l+Tk`}`+_?YUAmdXDu5lx>QC)#5FQV2`Zl}CQ1A=*;E&|n7XFv}o+{Hh8M9km
z?!&JP>QDQDXYHsxi`{2O9B=3Nj%p4KIIFv?J$1=TcDd)fnY&9it>rvZzWF|hqvLmw
zSJELArwUP*({^76pSZT)rs%hyJL$L`u9W7=fNr7lwOc|L+3$6|aLpk*lexx9SWRDI
zr;nUTc&<dhviCT5ytR|v{a&5uy)s=(8EW*hT@L%QsF3nASUJPIv-OahIFs3J-#|!k
zf^bz}rMTIUPjBPa+?C^T&Hgx-O&e!D?#bAhGil)m-h#nPnZ<k$pHYR`hIPlLpeqB0
z@ip2FN`o8@_dvOJ^~tz)wZ#I7vDG0CM_Jh5<Neos^#<R^^7~Ru{iQY$%|Q#e^KKK)
z1_kM{<!oM#uKmVKVN1AkMau%lf4>ZKegfxz9IsjP=&4~G;h@<yTrFVG!fI9<3ARoy
z(Q8t>HToFW;_+LVg%5rz{y$~+-|7o_A+{uK4M1_JPh@{!YiR1n+wd3pP*8Psuq69)
zx>oc{5|7VlP75wNO5YcywV%ju*dhboUZ2qGuC4j@3Pld{I-o?9Hs7`7RbCyA&7pc3
zx$>(&!$JGQ0V9{b8=s^kXWMK^*_^JD-0d$A8IGj5_<}k|;|=Is9{1wxGlo|e?j@!Q
z*as+6UC7xC>wI(c8|?OorwWuJ`O^}_+e!L3f%BKgbD~ab7-7{$V0QKCrzYr4R>9sC
z9cmQA`s9Xd2{?ZVVE@<*1Hpn66u@+4<i0CM0=~u9)4SSX1^Vt`C1kwPnbPE!DX;Kn
zeC9l&_5|PF@hvy^BrGG$>-+0{Bg|7$w8&pwfm0PaV~Sr-hCU1oxIgoT6b~h`G6OS;
z7aT~<4x#g=c>PaPTks+`iNjsreW0TX!eWd|byL-`$~FgzMMy}b5;>p0nG_bnk@U}z
zs%#RwqRC<KC3Shs#|8p{lc=#~oJB2?zPmlzz?v~*ipUAl^b}+6=Q9o}#nBaQUu0Zj
zN&zvaqpO>(r5Y``*kr@0gqG3jzQ}cyBa-7a99WW8!@=5~Y!0ErYSRfJr(XwD6U|8`
zBbEU5T}XOI3>|vn6?d`aG*R%UPN49yU}_RS5oz+6u@V%}$m{Jj+tVkAqi3$%HcTPO
zbgU6UXpS(Zl&N}l1s}U8*F16CceLB8;$ZrPmgN(hTq+-8<R(=9*M@p9g3t!UNG4GG
zD@IQ=sP`%JIP&P_D4NKv!snY20W|S9MTIlJ)E%ky)B{GA-=CJ|(?XHzno=R)BDPCf
zxp%}COXBk>1%oEnAJO>Ld}8Gkr~rC|2jOpZ1RFowN~Kpv-hCxnc$J?P?Rs?bJ)R6V
za_GyBxG~u3Vf?d|rqul(@gF+FrNT1PaU4%ab%iI%rWyHeYJZu{sQE53Ng2JI7w$bk
zWO!=t#wacD*H~Sok>@k%Ij0wZ<5dWX{4;Vs%s1&sB2J3$@Hbs`7ubEV^e=5Y(>M)&
zNF~MTt*Wq_Um_QdKl1e+nzlSw3keB#cyBaAtWb&#%61bf6D`kLY?e<Wo8;x8aJ_9c
zS8ow+vBDME6Rl>u_cr<QGwrN{_a+Jp7nPcm%%C}s)lpI9k~sF_>4yx_PbG8?L-ghF
z@-`xrZn>jru}O<;K_cE~`Q+VVH6=%5Euw~qLd(O?hUtg=R)CH1Zy(u;$c`4Oqd8lH
zHfqe~#+ff5UY@5FJf8<w<IAPGi=81R3q)|n{bv0Y-r%hbJav?}JO$wn<nVJu@Bj;}
z4oEL$H~)`jezitzzJ<#xaVQSx<Sj+oY?*dqP5s|-yeS7~hGKHLPU?2u>{R?0f^%@f
zI0dY45=18sZs<sPZAAxZ5StWfE?}LHIhT@LnplS$eUVHTdh=d)_bzTZntkQ&yOz^4
zf(f+H#{gkDUcO}zc*mcK_{4kQ7G7NPrI}au$I_2HQw8c$?UQ4hkvu=aFNutqf;>(e
zQ<7qDg7(dt1VRtS^P4Vlt^AU>T*QuvINMRp`BJZo6*kBsic$Q%3FiO6w3+1d+_pB2
z=j-En?Z%Ih1?x?BV5G#t`i0`?shtpNX1S#j`YL^|veJz{Vt9JHYzXizZ8<MmbiR@Q
z4=_-mI#AVhkc?DoxF(vba!e$#_*S5VW?mJ;zWh9zHz9ksOCKKWiFCJ9XH3!S6aFc@
z-aa6#hP{3N%UjjL5`{uC>)l~pug%2Ym7CAyVf|kE$1%D!D@Kqs$+ViwqY2F%S5Dz&
z*AtBNqmFdQ;O-xw)Ek(Mh5H-k^dA9C=9xcn0yLekA-t$f6A7x?K9~*zb(PYx<t&4w
zCStW_yR;=l)+B#cRfN-3-R?B8rP%!N0r^NxIz+v|v+DE0tu@N&M~<|x#;0S-95+Q2
z!)aZYT{k7AD)4oeif`WZt6G;<*&p62DJtk%iPWboraRmpKFodqe*PWs7O~*%7myjc
zKZt&_8LeY8o#`f>0gZohq1*+J3iB8Wx-ce**WrtkN2h3{aj9#^R_~bp`Tf91uM6Pe
zBf3o+RsPlCvg${63#yJ2aBDb<_>yz(Wd66W_sESH-kku)=Q{ECf_Aq{`h(x$a)*N#
zs8Ct+iNzZvlCqpg0@Q&)5n$zwSQ=)BYj)qx4^TpzP<cxb1Fndc>y{=<=-e<5svZgv
z-_Kr~Kc-WywJihT#BQ2poq2QRa<1`bZ`wQO%k~kO)d@BmE>g;UC%Yea1c47OQ)<F8
zKu$X(e~{ZtlVo!W6Jol?LGLI81PzonQSv|YXiH(z23qx!Wy=;~$xG2uh=<}wJsi7z
zr;z(?WVQ7?jo(>4O`m|X#YtmX@g+x-Sb&h*Rgn;vUF}(|Mo_s#jVvm?>^l~mFgmKX
z^PUOD$GZ``7m4DJQ)vS1qBt<|E&}Ml08rCC3O0?%Gz1Pe-yZVj2f7^2o?(n5t(8gA
zRH65*LZC^n=`JnJDuH+daA@f*68w82YHq<%8ODgq-qCspZ#r@L<alX|d2fsgXuUjX
zJCj=lu?~AX8MQ=!WEPI=oa5VKMEFCWdeGiET{bxgJ~2YyI!h9Tqvco4{ITWE)cKC&
zGM8)2zBg}LM&f6~6NS0(=PP$5KOv`+Mr`pdY+!oI-tU5gN<8S41lA=~7_e5}f6YYy
z3ZA_{IGdYJRSJ)^ssGjuTmgZRWLzle%700Of8W?Ng1a1NXTM3AnEisTU?B(e`9QbJ
zIKp$sPYu&mx#qx6%z980Nl{$iU$XSD86e&xh+F7OB0~SYwlh2|q2`FBX42v<=~$|-
zl^Bx5;QpLLo>KALWVpA)JgIe{cg+Sdoa@<E&A8{*epUF67FZa9P9)VlI7H4dVhR-t
zRpx}WNPp4y@+x6CzjTZsO~P6bk;IsOW-G8OO8lvVodzXVAwQKcWU!7A6|6SDM7&#<
z;g#2Gzdgvw3Ac`kplFt>(BUL6Q1~{xS@jlTDB%DiM(A7*G-@ks$5#pM%A?0W!#eIx
zQzU0u2MvoQhj~*)-n@!C`3j}klNPh{d5#KAmZ+HB-9jP9ODH)w>XdwZk~B->5?YQ=
zyci`><}AT9eLtptvclr-+RqZcQ=BJ|f1)v*yuxX(`Rd1(Gi)oLtlz6bi&n^#c@k?R
z`|%_5EH?35C$Gj|WC8CCV)a((@&+Pyt3iD>7+kg5sU<Ta)np|*!(POGOaj@Ww3l>8
zAK^$>Q)#h#`?GBgrq1gCl@GoMjM93GG3W<80MBicOM(ZleGoo|#>>E?cJ{~a6?Z{0
zAfVp{=!D#blkfZN_Rth2i(^ng8L1;mx*1g3NPm_1D?H&!t&fyy<7#&vO)C6@;qaoU
zeAk1}NA>~~p&9u-_zLnV@|MSY?#vVi+pc%Mo%gMI+*@qnOmp^r_VioORF@%dtV`6U
z`nxGA5b||yHdz>@?SfBAc;WGE7TjH%x;h3rR)w@B*(xJt_d*|rvQPgY`8-@C-6=K*
z;^{N?WxJ$ZelIXUa3%=7Qzdc%G8B~>26g*-bHMIfd&oN^@m&e$-7O)L&eP;!9!KsI
z<3_HEeP|yCkZ9)oqQ<pe5jMhC$)6Ju3;V6p8$kQ=-E{JVLs^yo0J#p8W@zD;cq)FE
zwQi|W{*=;3w!I&{_Da990u6GHYyLm3-YTHYb?e$L6bcj%#hnDFcyWi~S}5*X+={!q
zySo*4cXxMpclSSQueJ7mzyIht36O+a=NRLf*zY0{X+-=)2T_4TZYD22Kt!i=@FgZz
z^;T`TREkp|$R^K=1j4tKF;8NsT1JX~r_X;u@qVt(&?End2>p{hAubKVqZH#oB)=P?
zQ$%pUElzEMbJ+55<YtckoQ!QA&wvjIOCGU8<@k)Pt~Q>Nj|=HDmHy0UZoZxzM9GkZ
zvdE={waViUKCFY85j>aP3T10T1l<l+R+$L?He_P{3g|oT58w;AaGK=-eooeb!vaD4
zyutyE2iqCSC$`>x9U6|1q$CTNm9dWn2a*A#Ky*!xXZ_sRz5nUQf7|n?g!t&jr+vRG
z{dYDWl4S0W{mz<1ocHrImwuQM3_kuN1P^wZ{cWZG=OG=;r@6rg@=TQn{BZ#_jc8OT
z8}c`X_@?1=It<@fwtd_j8Ach(MhT84Hccwjx4YEMO;hNxgLi+GQUunJ50Cj|V-0%P
zp{B=fQWRygg6$%i>b3Kc)}kMDv;Uxr$tlUxgTw-MzL8O7R+>luN?ci4L0PiTD}g)=
z%+kPQ$R$^J8;YYg{c@U51Z8<$w`zbR5cLB;#Ek`t$^hK_jTJ-^PtFhk^_A+^=~DIj
zLeE44NOY3We*{6~LE{hLM{7u16qiT}SVLvVWr!|(68J{n*EyG%h^1F-z*(8AyU5Dq
z&V0+*bAepF2QJk0=HUs10+a-uA)}6;3HKKSZKq^(`QjSkz@Fo(6>BGiEZZV=Vegq+
zGF?ZsE;5HtI#$#I@o!#{jR>5>C^d4jKTcMwn~5Db0OM08!-*eC%pBY+VBSl$j69jT
zvn*EY<XM2A<F}76gARgCS8gP;u<K49pG7lPz2<2sH#9oVj#t2yOF47I3*cY`)MT%O
zN5Zd-R+C#*J(9RBtfwR$(+syayPWs|>uTgp$E0BNuVw=o<?XjwW>9h#TR^=X9|z4S
z#FRR()JOjwa0tq(qP*oHx8-Syi4h6JJSUP(_7h*reUq|!JW^ell*j*MH*v!eTw82D
z5m{Iy`R>io7m`nOnAA7@u<iZoxzjSg{(`d2I#Re>`fdd5%ZBfoUW?V$lF&$1mWQj<
zTwNlfA&7J%`ntxcOA&jYJje~~9|X!~!6Ua*yc0{(_nYF0I-Pv9)RycWfye9`S#W>!
zBOhfWydQ`$T#5d0oXEy=`V3XE<KFpd1boR`+S9^X23eo=@qF<*jk9PI3x?dchn0C=
zM<S4MXI@4If6K1DRPx^<cxz1*nf|2tvxU&F-mln!3o^f}i4j?vYTM-QBrOqaTIzg{
zfY#)4U=ES(9@h2nOK%n4k@INs8r2%nll#SHfxly-uPZ{>3;7J|@q97q?ofOs;e3Nu
zI=h3W{n?^vU^{5yDzSqnABS)-6rDOYV3kN(cinWZCQB{>&*>dlh2-}ACr^O{8(EX%
zQ=nSb)E0rl+#MW^kKLNpHo$4-@MH|+Q|1~wm@9l`^$kaW71^Pz=^x+N-(jjduvdJ4
zF`}`q@bBYxWHai7t<l*TZ|#3IuK(=J8%wAgwU**GU9}0bslj}VkWSjLQCNC@)%t8|
z04vcy*O0^qAHL)z4kgf;267H+;*$I{*~0ROk?gK2*?tI$A-YhY-yw@GFH~mvu&G;=
zh@o5<Srja8uE<>j<c>zVR(`}wz(3W|0HLKJ!$A+y4J~xKrS>$*7mOvYgC1icDvOQk
zrT>Z&>`-($H8nO7Gh69VB4=;P%gW~9B&gZI%J)Al(k@eYqqO3(SU?|ADsXwCF0XiO
zpa|FsV*$P_OPUworreSezfcTgrDg`#V(L?q0cu4-c%HI75(#Co+(gNZKti;jnBEXf
zh^P}v`FL?dP#O9M;tSy)W@e$ppdVi=!33i!?J-F`nCB=v)<P{@V)f$Tp;-@&N^HP*
zFo_w}>1vHZF);@Ow7lV(_xGy-Un8%$uoWQy9^B9H#9Srz{-{}paHkPAK{e2#96tl<
zBaNg+7R7*2l|I)A)z3e^awB?)+PqqXkw>3XPC+e=+2=C4W|AK-&t4rgS&rM2E`3tD
zoN#nv-9o$chwZr$RcaUqeyvNs3#I#AZMph(k#=5yt>$E|#gu`(1RY>hbi0t}g$mZ@
zuhmsiugcNdT-LVItC#$2Q2(b_;?2k)amOgRy4{;2qQ&qmmoQy|K3BJ!Rn5r9_)_Js
z=*0>EDuDEx{vUNH_Q)MYsv|k6h|`PfIaApX--zzBCPJtdw~B2W#$>&W#h2d<&or-X
zwhMeYcS_lga(Xb8hFd({vXh_%e*wyvHY)@xZnXQslu26oTa%x;6kU??=27kh9qzY;
zu^*=;Xe4eYs)*X7=|x9^2+gZ&x5?`H>>`8SRF?}moVIqv^ghCsz;%QKxnrF$(281+
z8prn|ZwUe{An%lvXsTIN=DmCZ40sg8iq6Csb8ShL;apc<LINEYpSBb;Gb2GJxWQu4
zDEMTP{q<riPI%jmJWd{Vw1gHDI41#hITMI;F%cpAA0abNH%bIa2_tOm{t*~Anou?n
zBgnoJZNplD*&tfjbfu*K7O1>l0z5T;@3!-dt45g5Up88*U+O@RpKJrRMnBe-d>1qQ
zuaaRy4M|%UaN!s@8nE0*ci19#cFaUx!-g!$9sPjz=?8KQohU1){lb|IsV6RbP`?1|
zWzyvqBd8OaEtwG_i8daAF>sQkK-y)9HYB0dj8)Qd6&EH+J;S3YaJ!f^B3g-!#w6#~
z36w60qK~!`gr@#8S4j|EKP7GkW*0Wxq+>_I?u#<(YAE~xZc=>$rSfod;_|lp<6s48
zOA1;N5<O=o-f@0u{!#o(<uu81;fpmx7X{4I(-Y1u<D5*YGVd$|J~nWr&*nvW@G9(B
z)Dg%Y9b}*;;8vpEICZsCO^5w1Mo~4ybAKa*R%Le;TXcmc;1{hehL<?i-DM`Zk9-P?
zfB@xH-rVUjy?1)&++YqaA0Qr@9z-r@^3?Td!k_9i*YSKng-vwy$z(rj;|we9nII9W
zL}9r5ggu6;G)!LnLoKcDQm+&k6>MK|4hBMrEQ;zY2F0$|P=Dy@A#8ia({U>v+MjNV
z%Y$8BYPUr8<v%qwlY$~H7TqMm{zNGD1p08l#x1!g&>E(bAeOn@XqrK6?c_Nj%o*Wz
zBStC~t`z<a06i@pt~aqX7CFvx0zkZ+P|aAY{}}+(<l&K(7Tn^9#w;}lC7*Iy@u}9E
z(L$rPv7qksc650E$Z<w*MC?%sm(yKB&?zP);9ZJDiAZD98Df(B+TGjsIHvD=q4BG)
zD$gn@-rOw4t=n=h<>KO(lk1kFO0|7j%jI1F7FrMy6p!Un&KCZlr5Di|fXPB{U0KK4
zI3{m^{j@mg>ZH0nxIUvCJnD(gfEbr!lNjOfcZ6tS>9r_;6p-A~cU?oSv)#orVib*}
z&qOmdb}PD#0<a8{oYLuBKm$~9wo-jut-42qV!9GnP?r0BHyv#Kiw_*D6mKe7CoiUh
z3_XCmw^@?g+WI=Ouv=Cnv=>XnrdRonN)d7SNc;z+0KG^mKaEi&Rv2=l<=dWkgBHh?
zCS`(!1oB@s9*J=~jq-nMHUGJqMLxnF>^kk~{rUE<>T3>lvyxQ*tkl|!0hN78<cVwo
zxTN={v|GqDEfT!`??vwsY*(TDy5)&Uko@ee5Lq1P>U4~4=Z<9~eYky#Qjj`|3Xqph
z;~^Ib$4?-T&DR@PG=D$!{h^t8bF|o-ID8RBt5DZP7abogX#Vx{Cev3xdP6Fes@w-J
zN3;;D7<1Kc(2FI}BR(8)#UZ$&wi^0qU9m_6&KW(KE3$=l442U<e-stC^w@@%z<ymF
zx?;sP>>-t(h@E{qOit$W`=Fu6Cudw;%z6z<xyG}2lej$7eS0#6Q)3iVOWcWhl&Lyk
zF8OPb>aL-0zBwgb`yJBEvp^^Zo*17bSD#$k*!Vb%Zzh{ryXQnkF{)}^2snd=m*wrj
z)ZfZqe~S@at@weQ%v2o;1_qn)%X}p*z+aqL-MT26bcaU3PB9?D2c;>&#2MzoN&n>|
zkq*89w<!XD#BO1s{XM>q!9b?_L4wBBTR?_HmZzsgzZzR7SLO%C=WpcE?W*-9A@r5?
z1F4PeLmKy7uq34P{+A#P2K9@jIC!atonZ7~TmUXLIdO!L3^MYcxW**en!j$*g;*>C
zqFX=n$BQhCNU2IudHs{V!QDlx3uouYiJs*+rz%0Hv4;=B`kIxg7iIrGo|1MKQa1X7
zX9$X#m}`)8^NlN|{41JwCPJa2bR)MfeR?w6^P&C{Hf*_qAKz)~Facrl=Cxic-YDHs
zxi8#fY9}WH?7$f?<B{hcTXik5&1~&r#%O3yWw%{3J6tI$rBSaLL1{~7G1i{bFvUmk
z8s<4(XhRfWkzqKp3d5a613VQTiB>Hq^Ufz#PUXsdMDuRcd!DP(-=tY=e)oKQy%5at
z%cupnQhAZEOlBD50tLLa9mxo800+Y#3M`cXPwVp(#x`8nSoHcAAK0Bw5^s(i0({eX
z>CBgE8GWVZx+kU)ik4A=J#SI+T~^m|bAR-v<f_d}_jv%;?SUXWWyc0Mz1P<gEy)LM
z01y}GN*hP}zS__mUSbEXty(%%TS~v$<eM!vNpU!s`CRn9?({0H^}2t87O05}M5#P}
zU(_B#YAKB%K8Ti8Z`U+8p4(BZUO)AlGMMhGYpY<jL4?QC;<8XEb*^^hye1dy$ZKa$
zwhFcO+R8Dy{IhkY^rhd7&iWcDG6ZH`V&!mkp*}{;zk`&ROyGsO)}KR*yYTY6XjiW-
z!1l9AfEeieUIk$iGzqd%(oZFxQgT9+2dfIEG}Gr4nP-*N|LWn4p&!aP!I7VNuMc$N
zb{Fa}R;oh(*d^CVGUe4C>yE2uE>~>0<3T#8Q2=ag^R9JA7nh{^*R&(4Cz@08QuTlB
zIs;gcER3HOd@oQ^kbA_4D6uvyMG>)!DFbZw<0WG8yhT!4S)k0W=Net;qa0lTS$tX^
z*B_ns!!Y$b>6rL>R4Kpl(H6_K{&BtE##4Eo=M`Q(x`@j0Utv0(zR%p+p`vTMsl(&3
z8HscgouXDO2~35=E_aznvVquS1h-t3V0U_A9^fYD`%+9h&dWK8(rs}(Km0+`2D4k?
z?Pb_iu<q$%bzXlv-hAo{RBmRbfT7_$G*lr7MS3g)nZaPq?V9vjDz6+&W?nvKfFJZI
ztou&#gGN;MKB7tD42xsJ*YOpiZ3aTe{4e|Ym-)zcaLL|3vvy;il+B$qW~3s$Cl~Cp
z_3W5aZA)iSapjlBbMB{b+JBYFg^s<-cYAB2c`}ENZGp^1R~TinSfXNTdmf~ylFJG+
ze(}i(ZCbXJP#WMQ(vU+91?7LgZWqB?8=WE$Dj+J%Yke33H~-ux$G>=vn_rKMoRD3K
z`9g1^iy-#YmD|r3ZyRT0AU@c#xQ+!#GydR#75<w;p(9=Jms0ddB8>t6HSjT_c8o+d
zMwtcD#8%SQUFFvdTv2X+EELHU`^IaxO#47XB`^;cHnN>oQ>V`Ect!I~z41d2map0O
zhp8?i%IJoggZf>@%b<NyB%Z7KS)@vGu@Ms1$p{T1v)dESne+m1p?#{v8h8<6W(yc$
zvR}~?{u*&)-PzfBwb9Uj`nv5HA)JjVmZn%$7bWC)v4I-oU!^lod%AnLPmrL7DqQzb
zR7nz)VRtqm{01`x8Z=cn*lu!fbs4Z)7;*FL5mqbIP(m}g7xPutM25tHa}6KFu?#<E
zdow$3MPLDo%%PzTda$t<!2?pPaWTQ@Ln$XEA^Y-m-EB2iTf)WoPYw9Fs((mWOqXO0
z-M{tv3YyEd#}f<xa0+*F7d+UNQhO6D+%3qnjo_bZkwPwlz1rn{w_w~f5DSFwe{=>5
zR2#)o>{nq*>E9k6y<+bV`z=%Gs}%mYypG;mTjCk_5zi7N1&%{#FO^BzK0ZFvNj)rW
z0{gJK=(>Nj-(5`$$Jw9^*x*Tk4E;TCo_6P%c1M-S2a%b0654g(XRk`=mqxl}YtGwv
zzl%a?v^la=ys!FRo6l6FyE2^O3O-d=5b-FCyC4fmoVhetl!Fz_--qFM<UEWRJ1tGJ
zZ!JXJ%?{DuLlTBp@42D!S{4OTs1zy4!E^}&(IOBJ591~F$$ni$^UXL8r+Qsq+$`bC
z9?zgVNhj-vdCv3p>*!b!wyk%*PntmtJ?88wnMc^lil4uf3-{4WcEUgzvu5yFZ*p*Y
zAq(+3$k?jeSziN?+ab45Wz_-OIizPJJUhccTOTW+Lq?jdJ#(d9eGnQsPr|jKekruR
zjqN_En%4hom6lyOxc=1F#AgK8AF?;|O?ml8`8a$#Siz!PcjKj|YlzO{xsc-bkSqj&
znl?rUQd`$I9BI_q79_`V-{(~0yRzc`@n*0wK-L9(q)nVaXw1Ee(@m%8ji9;h8AjVQ
z2I!IkVwUfYDP6Ab{Ag-Blc+r$SCoxd#*NKG!o$DC+@-GA-~GPSjm3V4cx!8jzhOX*
zIeGT3#x1}5Z%vBb^TT+I>%u5X1hi<Z*AYe#8|W(=57aosblDP!uq}fV6LQKsjNWSz
zDBpLva^7&FtmAx)f4vj8>#+7pRNfG6;Qp|^#K1F&ZX0<R@O$)6A9h!iUQ%uaE`9>Y
zA<DDPdKyD894tcCq;k7x=DYG}tT`S7r$3!*Ie5~bA?T(de_6N#?$8K^IqPP$e++g8
z@#Bj)%Egn4?GGAhM*l2+XS99hbU2Ob`tF^_-^#Ja{s>Rk{#BuSxy7KF*w#Ft3QsWc
z6Euu~+=z%FI7#33v<HKBWpf#gZo|Mh<V(Bj2L1C5$)|x8bJG#n1<a)oxGmFYCiv{J
zJX#r`983H2N1f%mj_9{uzQn75Cfq@n?tnG_#w8-Bn?cObWNbI5`_hC=(Ytc69yD*i
zg$t%<B>l1M&15+^+=T$l2vaz|Qa0b62)3Fc92Ox6SdwW&I*+yZ`M31RcJDyQ%0<|A
z)+GFKgXc%$ve{|iV!q?iZb8fvp2zj;e1$<CT!vM9I-Duz2Q?FlTiNY`x$=<{6IR>s
z$3&9{d%>(p_Si_wAdrG|1~;|QSUOV%xQgKYt3iz=^W59VTe~=+(sF$5)!rNLm=Ym7
z6Fz*ATJc5agc=r|mulR6@h-#lau-3b{9E{g6nfh<EKmZy(`sXcC$GK7mq(62a%Yrx
zt_1q=NZtt%N;bNdEq+0hKl0g?U!2SH1@uvsrFtD1pNB*up`7^@@BuJqvEY0(W6W;7
z75j+C>;B{I%_xUm`uStG6P6Jt{}V8Y0SQ!<NAxF+$E{CWp-xiFmzRfPcmp#iy$y?(
zzv3~1cW%gJL(-t33M&RNv#IZ*e!Tr5-$}cJBl%k^`j92&?x9$D;$0)JIW$4)IC<w~
zh6ig3!+@=-!f$5RSNNeAxqJ=N_C1!R3iRz$<WPr@2IXuaId+>HtQi8OVV#@hIdjfj
zqOJi9I@JY~wsg0*Z}Q{GwH`jcbuiCTVsMBdC;%~R&G>P);11-#<H4%kV$Vf6rcdl|
z5?|=ZHgz_;UITNNUN7G13Xh_Gi+e8>x|~PS%HpgbFrIw&We)EMF}XQqOQ-wk^=I=h
zPX_lhQZf&jm;<uHLG~u$bGX|$@+Gg^Qwi~|MMtIAAGZ>pO^Zeu`Vxj9FA!pxAF>yg
z7TEI1tdq1Zl4usKym)^+XW4<ZOx#~FZsS43U~%@MwadLj+-c1an4yEE1tLFNs9i>R
zrXng~?q9hnZ%;txO*fgr!G>gm(56RV>=(%sXHBYnVCoXf5Q1IJBYK^DizW@;PVRx<
z8TPvxGCjvO;0;HNep)E+wQ5-a2VJ;sPpGe`VH-}$1z^98(2s+VY+M=5EC-`|D>Cp{
zwuid%+4=~rRU(iXKGWjCE^q12ojCbdq;AjiV7)_&E1=awz8Pv&gvoKK-NIu;c#|TE
zMF??&pFQ2}6bt4od2&-L>QGq$+-{(|6@JrSMnkOD*}A}pbA`2?^ApK6%`!tX+l;Du
zbJotb$TYIu<hrfxZ1P6%k(g{gn#hSnJgvlTj<r6(PlFi~gH-&BM4E=j|IBH8IItJ_
zv8<nXc<Sog6MLH`s@m{F@@mJdT`V-;9J+-MSLZP_iCCYb9_z@p0!TgNa9TkY`MO)H
zq#W_A&`ImMOW!!uk#(cm*$9diib7L%tgii4mv(=b{w>+_xeIyPLc4Bs1^7MR>FDCe
zw2|epS>`=N8PHpc13TuWwsc8$X~@9D@_L)o(Phl4kxxeD4+H$ZxRd$>J-Pm!)@vcl
zCF?Iph+*`bapDQINll6Jui^cI^|p>EdjSD@2>p5gM;~Mi|A6iydUSDf;S0#H4N<<}
zrxm=5(%#zS@1<J4E!%F%-mU`T9F{ta#3;oN$CjrmsSiT&{uq0%6wo}6hY};_K!WmG
zI3c~LGzS=Nq5fdv;#%R+a?c5muIYR2#-yte5@G0}jP2y}x0XuR-gPI4I0Y?!Ct@Z;
z6D*+Byzp_Qe`IpH=<Fwj6>1fYOnne&%ll;nD^{_H>`M!<O)T8|-i3(XaDXhv2)dEQ
z4t><f5*B_h-1)AHkbyeEqggKES=iHLtON=qCOA_dYR+}HLmkp-Dc@!CTUc<M7M7GO
zK>$ZjBW*-6wsNf*7M9S1Z9)>>EJXP+9*3|3c@b2^=NB;s<)DATE7H4?9dC1UciS-%
z28k)i>SgmHph_@eYejEc0wV3r)u=(ByOVFqko;u9!US{u_Rlv*p9%P(U<Hd2X!Emo
zngR>pEKN%#Z>8Rg1VmhQb@_8Y1x<9V4T(p88%zhWTH~5m9T_~V*Mys&00HwWsPQom
z(V~M4n~8zdxUuh8B=eO>x<c<$;wLix8WAB9eCY=@RUI&NoOd@N+rEiY$W&P>Zr^oL
z)ER_C6!jM+Nl49gv7aQKgXo?EUwbQsaksbR=lWd)mxMCF)a)r{MyI@QYc$Y;W#Izt
z*X(|NUn|M?@R&AXktLT866D5xN_&#-tVWdCszP_^?$MV<?Y;zWy@_ZY&|OaxlAUpa
zrlg$j<b3_jVF8=gf|)z1Xx$_+IaNB_irCzS-iw&O1XcAyu&OiIgcrv0p0+2&qp{Cx
zyq=*3(`&-0S`d;X+8e|12b|5G1xtzo>ZXKQH*j$=O)qpfM+DUlkYDxMuavc0zib5h
z*>PDh*eZ$jNyl$XK!IAS-0y(T<9|~0qW(mw_q!$Od4sVD0n75?)XVO}JO%`&9-9r<
z!uUZI33rzcBtOqC(zfC39~8_CVV%X4$3(Lu;21DTb@!)2zcia@&Z$B9j$gx;;sw0z
zo}Y+w(LzBtq$K1o?t^n@WZ;a>aIX5S^j{gBSk;`yp%>F{b4`xZomQoR#$Y7;-#08z
zv|o#kQU#v>TLAtM(D=xRBh|{bA1iuBM|-(8hC%bSIRE|-(K<1ojVGZ(V^`J<S_I6Y
zLWT8NkC7c^5XG2zx$1rk>`q#xkU$9W4F4h3*DJuiEh|a~7Dq}ChG0!M2N__2i(i^#
z(hr2wuMZ3jB0gjXoR)Bb6eAaUszC6K&C3I#iU-nrK-2)1s6@f+usEzICOZ<i;2<a@
z0G!xcjut}RppZ-A7@xrfldtsdCAcdq((n{nN=FB2hG_m)!19CntPxc&A(&gN%Z4!p
zt`%e>_KY%N6N>P<r&mwR^mBy=**$J8IM)iPndJ`FP-22Y!SR|F$)e}MlHU)4l6aT9
z3~#Dv)|cJntwLy6SM%eqS8uj7f+r>J^toJ-t9UV|y#o@aKbA+V#XQV?C6*g>xFszt
z((^rN<JwqK@UCqa|GG=y54x&b){12(#jWG8)<pD(V{I$@QR>C%5p3<AA$hA_y(N&?
zULnstp7(ua)V_c<hJ@5Qj3&*+=n{?z6d@hS5s~48xU#$+33K|2JM|~z_(ueHG2KCc
z+Y9KNx21f~o>Pvh@yGI;_AyM^)`GST-tmYYKJEeG>D5h3Pm$Q_Jr@D}qNwYM1gjpk
zbyZv|v$S%3ZMk)Gjtq-B9bs|NbA+ApZo~aW{b^#SUVOFIIac9K#9u_UDPC`*1}dYk
zo<5<ct_LNba15E&t%$l8n-Z;5^=9e66LrHjY-D%Ls$X1mC1G-~CO2e6PL9L#wqbXo
zwSr6Eti&Dg5}KgvzIzkQBli7-GbQ$b)_?u;|9GA=VZkY>1hQ4jn*0)q@n^?BI2T?Y
z$T$Dug#0rAJ8pq|=oIPFMX}pRjN$U++^3v&_dB%PS8Fe~vt=P)zw_{DEjVmsa)ECn
zXkGC-Mbp&7dOqLl#L7LUsgD!iRj=6g_N#u9-7=w+Ie_5uY4?>`a+dLitMH>!`a)e0
zbR=cG3We+%V_}E^8O$2td?u;1<JPy|N`Op9jm{EE<5Af5%FkNPrI%~*LQ4K?yRWpf
zXAfx~ezH)JsR}jT3~8CWIrAvzHr)&rDAC%z6+iaB9L~nAITwc&o7Z1y4A+}uN;eW}
zNwAN`NWuP^U!k9P+%DP4{pbgC2|jsV=R+Yc=}TTC!bpKdY5~s`j_4DL1U#?$5A0*F
zuWr-agIc2wLxl1cN#rik87-}J?Hg^X_)Qw91IAE}FXRxnTfG#adNOdHJ-4&8Rn_Z;
z<lIh%yeLcA|Fg#ZU05wfso);^eFl?U6Mp|4Ve@||9$6?01c+!Sb&XXki`pWoRb_J(
z^`%BSxvB-HQXX5>jTgH&JXzOxE3o_I@z)S@&RKjiQ9>iz{@T(5UR2K>UH&M&i3aoq
z4Ub27;>vPB<ETwIJK#Im19=oqS$|0PohX7h6J`<jY~qD~!?w$-3*J96lD@l+R)Ip)
zfXC92!W4Qe%roKP@ewC(5NyF_ccA?X7G{uG0bT|!9-p7F8;?iyPdHiKO*AwGJ?GD3
z-N+i_wx3QGQL1J1{RIs6bas8o$46|XP5=Ln;450l#)BVgi25J@Wut%xm6aZ>Y?yz>
zi@0GE!%fZaG9kWoZr1VnlE}=)D&*?HUpyi;0^xhv%eiI(A}RmDZV<(wZhSK)Q%YL@
zGmL3tDJE^d-Sw~oI*)3RE0pz&zQ0=5Oo(_j7?{}D;FBb45O8Cp5foK#!GgQe45b_o
zF(*AYfaMuI$%SobZuV)w{MB{n@9WE<!uAVuVLP{@NF|u>Gt`eYB;|HM48S_fAf`wr
zO2gw{qmm0$p=@+wVme2V9ogVLJ>`dg=f%J4GX_xyoJi~57^L>KQXGe6TKkh)>p#AU
zfp4$}luvz4R9Ywx76{oRbfXoGAjZeXM}7BQ)f^HqswL796AMdw=79v5Q#PpjC)O`O
zBvYNAcvB3VYMn<RN=gaZ%t|9aB#pnm@l%bKgNp9p3G>%24hTqRVhm2(`;SmXR1WNT
zMqQH^`Yx>LObNCP@7-FAd%PVcj(ND15&U;UY5WACS$F`(^dHiaf1Al?JIw6^fAoJp
z1&=UaL9Ru~^)-ywc+eU2*47q+H6>BUd7rbi1T|zM7KD<L651zL5|XRrFa3$*@C+hi
zuCuwYJ3pZuHMIi|Zf3QsmTg;mhAet&TSo*vq1xavX#<rY=me)kr-C*|J}Uh^IEXNT
z9oIeu1qBTo?jU9wz2J?;1@mv*gd~|tSC19bvj+d&+Q1MiOsc;iR!h=hc-u3pIeq^u
zNjpkV9m6&xCW>Vzey;o*)vZCBcn;8$la-Fz8)Z7Sw!3H9!bW6}(0qS3h*OW8mBd{K
zFmQ3H!BLyCSgCqS$VLJPIy#wDTy;`1vN>bdNmlH%eCnA<1QI^GJn-<(F~LSbAv!Co
zlWpQE`1Q|-9`Jxo-1cB}8ed=68cS!Vo}6Sz`0{W?2s*MR5aFY9x^jdmcKPpj2@ce&
z7qazVH?1J#ES3FVd1ab7Gr^H{g%n5W#GiOX8Cqdu8}}Vd)_Mv5@blpzC?rHAu=^(N
zwotgw#rfy@@Hvpo<6+#5n1w|euJ|#hd3Kma$nzdHh|LL)(^(RH=%$4J2rp(P8A|M{
z6~>nCXJ|b8&zoTP^!%z{7T~yL04Jkvng-z%L0C4=o`-jUV*cablJ0-J0Yn+Vj$$jf
zPR0ymZ%G?ok5C|w(w;424p~O8<%+yycbR&|3Wmq^+ag1+c6!|Sec6rKID>~FEgC$J
zQp;~VYcKq>K7u+yFDNCYvgVgY;JzOk05HO`be?E-+Xt8W%@(G}&3<I~4h?O(Ea1^>
z8LhI1A$f|&LWb^g5#=&}!N&mkv;jkt-}!O+sQqTCJ^gm>;kQG(dP|^ke?NJqDlXEO
z3T>YL9-bf(9tYO?;X3v`+dTtaNxX+NO&eR={svnny>1+zkzpGpaa!84yZ!BwwK?hR
z&LPA^b}~~0wzBPq?X%&_bQ~8`yn+$S=ia79<Vx=0wVCHoJ@(}`JL8e&=4ON9MD)|#
z_nJp>dyb`4=cHFmAHB>=?pZdeG$ju$2(KFlAL=htQsJ<<T;d!SgG|F?-^2j`K>2e=
zlu?rqK6qN9ZupVQ6e@`a1;M%o#_ZjuTa_!+TgXGDB0_}QY9jnK_`QyWI&_d0?8C*t
z9E)&qu<4n!LN?R!`5}<{T>0Pqc840wQANi`|4JTC$a++ADARMyPNIc~V5j*1{?}ko
zHkdeD&&D7&uC-&3(7c=`IGcoi453BvfWmOU#a3<;_H*r9qxF(guk5;A{e|S|4c^^N
z0*4~6i7^qZBgQWtR=S+i_xJays|}^&5K~x&nPN0!Afc=1oG}Kqq2Zq-?#uA=oT`P1
zj(Z2d%|J*cluDu}Cg?B0sUdPgT=M4olb9sl5r$lPc<T7mg|^z7Uu(*SuJ_eoZrZZ+
zuj~kL=kRzrFbwf8d`Ho=5zeeT07AZiV&p40kSEmSa7>})ew$`I9EJ6rQMELAHdia-
z><5?!_m?(s)m@?mqT%Aw5Qw=&xH)Ad6AJ>6?yN;^htkEQCj~y;4>c3I+V>je*0d{6
zl3Z=&_8T16z3+5K6yQ{g{i%AQttCvlOu4N$UlmxYH>Dg_dhv395afyul1UAqRL!kG
zIG7hanl1h6a*rQ*?vV<7z9X#J9=j@4WsaM?U!{yGkc|0RJik<L;P1952lEVWF#lIn
z@-qyKpu)x!lO<T;ZD?#71am#~JF^X@3XCv~7b?;vpH0ZJKQ#_s=zKJPW|j`4F%5%m
zvpM?Qwe7xfJ6q4YrQFf>JIdvpfMj<#p?Bd~^Nx`17omJlmGkW%MlkNkCBrs@+x-P}
zH~V#Oq4Ir$m~vy+;Ld<R?dk4}?DlvTLXuLf2~<(4d7bd`GAyvL{L{j(b$#T4A6$xC
z&m%zu=*|7i`|<rSgh4CsYP8CFT9Ii_CY8gS5Lsmrv&ZpaVma4sS@8-ipXr9;cd?0!
zS+uA=bMeH|sj2cjZG2OCS+;r9zEbdUc)AWyDweCKhMbS!;~~0e+|U;BObr=uc-6=!
z{g+qdb;93a|2C3dSA+hY$P}eQ116o<LsLLNU}Ut)X?NtZX~I3|m(~D|e2wDY3%ZvX
zACZ&IDo=lUi)TnOR15xikSu0GsMMB$&*YLX_^8AN0U5N3Nuv`Os^+5?QtUw-Bo-*@
zE;i|o(p1+J$<4r^>B<Gai52$)ZfA*VLj8Yht$^pgSennE6!%_B-QKIUkgj;C>TI6f
zFd5*3jcPP8jKSM2$ugV(R16$4uXgrFsgGW#JBLgFye|}lZTHEpJh!HgZo3)&zl5q(
zQ|3lNEVLN9PzeL#D%{edu+%?5qHT#+>BJM@eHklzN~0TQc**X4prV<;b4jg*3yknZ
z>3oYm=i8_rg;*#XRcTY3zq8q|=&aJ~w^*#Y<>geN;ouPVM>?b1Cd4sVd2raqP<h?w
zxU>l@>~Bi6T!@6YI+BptHn{XAGI*tY&!P?K5FwEd*^|=myNU41sZWLU2S@Y|XOQkz
z=_ZNr^1s6h%=!n;R%mKa!q_N6KIK@XB{Mo|Yq2}<2=P2QCd(B`6w@G*H5N~n-sXC&
z6HEbiy1=tE9(;unEhk7bfPEo(yzcU&7Ze>TanGic!ex!M+@!92J=}l1`@^0d?AgM)
zeM~u(sc9bBA1;=msj(Zb<CE*qu2ZEqPw;STQPEK9A#*s@nC9!f@xXa8Vjk4?^!z;B
z0pXSl&NJRk<3>p1Ie}UjqdFeZV69udx;@>w4e<MD&@n~UnDE##u|7w_4)nZ%@=wmg
zQtF37&y6G$6k=xzH4*jBv2zAQqF3Ju+@xJyTTTs3<{Q2f;Mis~lD9fCOkr(E@P9<H
z0&5ARbZuAhuE>m(ezsc`<u~WcX!;9CWG1NQmE;S8HYX$J9`S2Lcx#`2Z0vnq-f2&B
zp#@${&MnoN3`8*TCTwgFu{&MW+(0l?koT=^=m2-Y?mqkItkyS4b)vVG`Mwp82nA>-
ztHrCIM6GAz^j;DDib)t=EB~?pc=7a7Sj|B&NCf_VipZM9m37-AwR_S@=fXqzC4-di
zy9^FCkkepi#W0+5t<=AVnZNG%SJaR#jn-xQE-0U`K3TXrF`Xo4UMIWirJ4BXk!k!R
z*@Dr4+VKM~4vAlFAdJWB05KWHTnAPI$+pr*>=gSI<0)USAw2U#iBVczV$>hbKH>>7
z!V(O0rW;U8Tzo7as>`u8IF34JRR1m@5WS+_5>`{l#iJ)|YVq$IAz~$o?36dR_$_BX
zMhnH3c-7acKte{d&6l|uVg%Y_1N4hV>L@D%21<moapsvA^z}_@DfdW|MuI=@A0Fxq
z@QsX{Bg75csIw3Q`7hw0i7jpx;C{3y%jLxPJs*JW&0;bXqoWz^3$d5tWLT2~buw27
zV&)|Q<`ed0W1T;O#-@EYps?ZGC&>Xp4e4#ssXdJ94qt;ls|dm%)9<uK@V@?7a{}jH
zxCKAm`j}`i5NC~J>XV6>{g@x-Nc>eF*MJ9mrCUy*5h{bw&#5n~mBVMao8?h+9c7)f
z>$gu(tyoYPKrI%G15bkb6VBxZo5aIA_jV^|duQ^Uo8oKM3+wqjsW8OoA5ZfbHiKhw
z%t(@Lgs~ojS6*DO5TO-0O$5>RkvF8JzYXYLHkkF(81p$gx3_@2^>c5Xpv{?jV5gUU
zTUpxjaDzxXbDNX%lBlg>^G%3ez%EmCptYFx+a_muCNlS5vHyXlc2=w_@?+x0a*2XE
z|CalQX}Td8LN{=9tuD^8J(<K|jX{|p{UJ2%=3&rCYcRd_*<i3Lj<PS}JB0*y8++Me
z8@g)zo7(mQelDM>)&|F16h~?mHX+4$&!usgikkZ}*zX#}CeI$R8Co8z{Kh33?`GLN
zT{GGmD?)aLDfsC=#wh(ILoWB(^{5`)V7~J%>0llZIlA=w;4AILrmlW2*Ygb2p+xp}
zAcG;{jxquq+&6uW@TfPp<`g&oXXKw0U{A65XYbT+Wd$DBtu0qi&wcFx(qQpcj#~W{
zAK-4zy;j0TSLf9nCt->p`Mo?D0K!A9=?7P<*|z7MmS=Vz@_<KttKw?DXE)&*PejA9
zeWaU@J~-L)7hjsu@CH`U#(eEYF$r3?z>nb>3ExQJvBX-kw{K=U!k&Sysnbkiwcus+
z)vKSlZk#uQ=dER?NCQ8yOb8qIHOOsf`^#~4AOF!dV!d^0Pw%n-^z^r3BN*25rbH}4
z+gUDSBhL@tA%|6g<frOQEFQ#}P;D=>>qr08zW=`SsDyqvPj>8%N;|w_kuTe%14Xk%
zV~$!T8b@(}C=KAMHU5LR2X9R~Bv4j(4qSc9360vX6>W5-)<`gPi@SJth3Jj=5YoR*
zhp-^U94Rmyc0M2>VXqKA(sz)52x}DmtzMXl#2K?mwZ*?djW&W}Fn@Q!sF!a1-`UtP
zh(eD^h0V3jkpyoNjz$z2;ExhS<K_2R>=mOnPv|lmjK5$|X}z<2)-W@v5o;*cEd8ud
z{wF4k{M~FJR5m#PLCilFV@~8}8Clp7F60{cn6(QgiY1{`gX$iho&@;I8_j%&QawD|
znJsOKQ`ww`3Nsi=P8fVwLZOlZb5ruAa1!@IFc9OxlsfEefEa@$s1529Myx$-mTE_{
z=Zg;u5+0YXsAQgaTx7~nLQFe2&WU(5AO9DNjL>v0$toR8F^CmLJQjEC`ChnE8o;Pt
zNNgL$tcQ9c`4P$E7i*9L_%KSJ+h}Px!e~A@o}lS6AGsy^P&qS(7p!R)bqY>9q3Kv!
zMr9a|Ck(||#7h&U#DV2WX%Z+3YwcAqp^;&yb@oE<w5eUHL8pHxC>S?T`R%QZh}RD?
zVs!6bBttTecfKsZd-3i|k7TreFb143+iVkHW1oE4;iL);axnt6!-#2Sek`q?(vPWy
zYF?iBB>%I)WX5LIr)^(zYi{&;7PAGCf^p9am<%lG#0GLuk3{e1ccXL3j?&a7wzlMb
zr%Vz`zi}=Rir^6dWmYsX6KZs}X#S__Kmotc*o*;^*fA<3xuVI;<F}>jO{d$f1-8dy
z_o*)P&gm}WoF_V`?`zNabI<Fhr`iiI+z#paY8F}M$m|avD9h7_-CqtdZ-pOT^X>Da
z(y~uKFW*2Y`@RJv)`2^Zi=DUCQ(BbwaCNFUL+5}=9ChrE+jOCU-!9XTcVg|+4CXRC
zdad}*+xN%fESXQvwT_6T9T1Q4nPVw+)WGrSH)+Fz2ih`n;;7U1^)-w#bZ_ij{()d^
zcZK0S7G$E20#n}f;)QxsUfj-1hH#fn`)AEZcb|Y_*~lQqzA>+7LX-XrVK^RJbh^IN
zV03D|Q<glEcOo?skGF5+_OX{!g*qSE3v5MH@?UM-&fk{kuET^d04f=WT+jUbcwmA%
zGzrnwHC=m=QNQsIfm`oFI9kVUu0vlvgFV7(Npdb>fbi4ezGjtsWoXJ9zhN5pGac|b
ziok~4_OjO~Blavoi=w=RMXv29axDKu*l)Qi60Gd)Ip5#D!G;93h@PRaURKG@Dld1<
z#tb$D57Q35nQz8VbQnX<FrxwWEp++$qv%K5PjxxYSu0B1vH~a1;@y|h^E`g3a5|VI
zC*wHb*jJhot>FwZu&Z2x-Efu@4o{>K@yTl=5LbjNzj+s}1D-GdsmB|Th*5}#Uv!XI
zOlCTcwwlD&=-cY&&VKLzJhux$KR3Cpc~!~Pq@*>)d{t?9aN&5b=dqb0KH#*5)wllA
zyL+c0(t&CPg$MEPg9sneSUB}}z?E%4y^k*y$kAL@KueNF%bPg}KE&V}@$c7pdGir<
z-a1zcUczkMZ{MyhJwDttHWD@x?iyBV#sfFNO*J4i=CTNLPmV<~Y#3ZZii|!%L8iNx
zS42qI6UDqgd^*}`mGs^n{O1pUhJfU9c)qqIJ{a&e7a+zKKnV^vSrquRV&enYv1gPd
z#^Ant_;pycHt#4M`q?*Tn2uY<Sz}(~55*&rO2dH`Fpp2+$nnlk*bv8c{_B*wU?T=~
z`dvEbPceFK=euuRE40nb@eDZugN}&%PM!c0oRf;yC<i1n`_L6vd70bfx_V~r6XnLE
zA^1Fr0whI|3{CD5>6Sdi#(QF*%IRHu+HM+aKW<W_kjJmY8QW%!EFA;h_-$r=vvr<%
zoX(TLy#TDJPtkKRz<$wj)AGn<922z1lj|Z3Rg7#r-=5X?`VjnxcM;L$^R|q9sM7UY
zr)Sv4ix+9(I<K0KUa(ctv1U+{@N`ykfT^ROzAsYOY#3iNtg?+VoSN{Rb$6JAcaGP~
z6Y$&=;GN8R<b}gYgwB+-Jm^-zz2s4H=@ONie_@;XFlSk|&)O4|2zATPsx66<;$X;o
zqh{$$`ZW=CO-A^}x1OIZGt-!;reIP#6~;Pa_*B3|RleQbGDDpLuNrk{Hc#M3T$VdH
zpG*qpSQxtIXh@Cuxx5p9>#Z;E=Ix6N6&7T~rHf;^Sg*uXMF7x<3&K3k#1=ERk7khe
zu{Mn#fcIEYh+J5f$UI!?Piu^_NDI7Sc$n)fcX0BOzvQ@*?S9fZqYNA*(A^@F5T?Ih
zgbH&$rer-kg1DYXrgw(R+crtXf{Ze-I!$x7KIj(L$b@rLHFEua*VyZ{=qk1p3%Dy7
zz<+&CRQmpedZoUucJ`%(cFp-3(Pk4mEiAQvC6V2<uEx|Oe5*|^9s4$ri~fe8@oA}T
z528|d^ax|^z7?4#Dm<+zN!mBCPmrWXW*|QDlZ(1T3|G0W4)1A16p$d+s4px*QG_|+
zv|b6az~6_vWLIoTa?sVTZq<-Ux#OIhw10F}=mrD<Mb9<Q08_tSR(6QwRhAm9epp;c
zZz%X+@C3JlVzuMQ7QouR*H1ta=CCAp=BAw(DnF&!e^)THh`&7efT_6{`dhd$@@uyi
zC20x2z3Z7DoQ*{S)2^>xM0An(3!(t$!Thh+$;U5Kq)!HCQav%+*M?Kl{Vy9X1o5+^
z^8?E<Jj|ik*S*1csJxABGbM7Pu)&W0G;-Mus845jzcUb8p82866I0i3X&SSP91ssR
zq^^VL=`0k+qaEp2H1~TB$o+?oEn7`<xdQ7^l<v6;<D9ly%K8navVY>HAS1@{i4`7i
z&!B<Wh<K$kbY8g+Un5SOC(mZkcE^@2f;A$Dh)ImMr&*ZpWlldFV~j_kw|mf%7SBX&
zkxE$FpGqrF2;V9+>6ZZ>40TXM6G5cNCh}Vr8kCEn-U>~kC=XM8uEaPG(CoS`7XPd!
zBtCpP&W1FMY4KkWcaw^V2quBI7E7UcgCDSe2!SkEOR+CufQN3=f3H-T8z^9y1-skU
zf~Hx{Msk#*?GzX&!RPoI?g?Ib*dYIT_z^&u3BSFl9W=8?;3_Mh%tdM;Sv0jfedlZ*
z?%jJm%jcONfZk6p)vQ{Jp4ar?^xttNwL2|LpLf>ssC~KY&zP!nF`_IG%7ytxv&T|v
zD$)MtFc_UDv3uEn7AKfYKva)_1+pwQqT*6nW!Ml#%y0^*F<YGrR40v_m?}FBVtkCD
z+ev>WjPg5*`@DrpP)w8<N2jGo;QU}+q+S&52hsYT)xV=bx&syQ8)X)@{P`eI&gO7;
zK1qa^t4hOp(&=i9Q+!44N)GzAW3FNoX=<|sK3B06$L796&0qunb?1;_Tx~IpvzC={
zQjENYWeS<#Y)t-2n#&mVgT-7Ozkusg(*7*`B7<-P=iWiQFcmJlb7%|GArN>Og(3M~
zZ;IAvG*Noe=g4pzTWJ5QI^Uk=1!%sVhLd<-ckb~Z#=Yy7l|F?rU^h>bFlJ;IS&;5D
zChCBaf>G#Dqth)igfl9y${-GMlt|%vv?ax|k7~9!r?!nHx*N+yW@a|VE>g{_nwh%D
zYo~%kim*-%XqkV`hY)rKt(c!5mow_38pxAF(YE;U3v)g8=;h}4!@Iu>8tE_S0S&<I
zBBKHbv2vlBEDa_$V7`78A`R3IdDqZ|nox_w`Yd;`B~c#t{r%09VDgM$W_`fL$i8ht
z)FGfqglQlHceYzAB_=#>T85LIpU_M}cSY)`^xWw7ZN5V^5vApB!CcAdwzt5bEj+_0
z!$WM)<m1;B>ZWZk^S2j2n>BW$!I7lu-Lq!`7W`of3{DEvV@pKD7MtB6tj1s#LGjb+
zYpUY+9{DlGG&RajWIA)0B9XRXI`;9F{#EB^l%g!5ioF1Q5{XzM6_r**;X$id^t(<d
zn<ebiWeT`kaeR;M-L?RNZvs1+oR;zY;x*3)G0YJOD4OGkzx`1qVAiiA?;ZuNgB{))
z(_%O3_YE6L=G-4ovx`Tn^@-XyvCE!!F-41k$gH}{9|c8nugwB1RN?^Q2b>av&M2H(
zKhK@y+n=Nd8#0nvg}Fqw@~kAf@G-l#zT8g0dRda+a@5Q13qJVU2Kl#e^9vgIpzEFG
zC1^3F)+-pY1xWM$xfkU+zCE=~3wvZ3Z~Fxj7x*OTn_4ta{glkp8AHCEJ!+g5JEJW8
zY1Jv@re*K5({`zt_);;IPpu3Q#Qmv9!KlF)e^2){DRDlrUHa0VqfVRV{IMY}&~_$7
z54K;5&|B%<eSSEoAKze}RWzLQbVl~LNrk}aS0vurl|C+$I`E>YUp?`4AFnq*=Ql^O
z+g+QP@$yAi{h8KnenK4JCONBQ?t@X*<847ps-3|Wr{vhs&C35f>%U`oc@v!*Ah6KE
zzZ=K8(`~D#j6J0EDH2~n{pW=sUdThby~F$H@6YdN3WM2E$D99KGXC?59Yjc#n$evw
zfTl?>Ffwo_E?CNYL<m-Sz=1lxRQAWHGq4r)32ke37;P=^8~l{|D#x-oDdO$p-17Ml
zC)#?9uDF8J?n3<xP*ntIWL}VEnqn-vf~n=MVbOf83G{L+0kvv;+o8?vaJyfehGqHk
z8Lm(xpiJCTg{F5FO%eJQ=TlGw?|`V*u~SzR$-4V<j#DdD0Wpm!6<pXwE_h;As^{gF
zZHXs(X+y*P5<#3*Ep?tvENB*q`{iH2JKzeYhs1RwoBruZ^}2#5rk^iiVMKMhkY@S4
zfW~;YnBXg0Dd+VChCdXgK+CjnzOEnxsL`C7<y)s0H!{EUMl`1ZHWue|670fCxeST*
ze-B}Jw%Q#+pT_rb^(Chd6l7iJki{6wpv$0?L*4@JWW3JcZi?XSB}`=3#Jpt_0^oW|
z!;iQv20GrvKRpe1k?_7PxPft7xAWvfi1Ql6X=7$|Ff68}`q`f_R39$MGgz)jcHIg<
z6iYQe&O!))r;k&B1|TqlfIJ5M*|P0@vIUP;vq~sPMaz_s6>c%K;#21_A?aWgCbDNF
z-Qj#NjzE%L9JAT^xyML6-I?2hsCSL|L?q1Uw2CVsUrREphgWomxH9hX?5bkhR7DMP
z(LT?B^}Yl5vS^5}MeAn%@<{b|pw4}A0cRJ}`c!>Ez8cWy44X;{c}1p=n@PPX-J>!3
zO|y<i(0WPr2V5>XRXi(zM2Lnf-|gz~3w{Q8@jgYq>33QCOzQLcFgY&#L{+R;r8-+v
zCoil3>5g}7bBDcGdb%l+5$lA*7;nw^aye;pz5y|%FzAKy8E*P%yC!3oISn(kaRaX0
zC1OojG-NCLZP|{dq@KPxQWF){?JE+m5chyao=(yGB*WtPKtf)v#v=L!xQkC+WBl{s
zzWmPWJx}yE@pvCD3AV*Lb7^|O{@f6Gjrj$A0){|*V|u(PZ!2x$y+kYbbeVB*=WuyT
zV=YOo%=}R0(dOA?mS89sf;;k>LxGcutL}_4sh~Z5)&AyDFN%!Q2r;Z}g4QhcSN)p1
z&N^^o(R(Cp?Oe4onb6v-Zee8#>l@trm5{mnNK5jz(s?fKh<?EqDw|a=E7(Wo8t7~$
zsL7byr4Nd%tF8ryVifvZSeo<OHpZ)e{4`~#R1*)^I5hi1T_y)Y99?`n0@4=&z-<F+
zqs^h**LZg_jIzC55!2L;1VRchD&ha^>tC>;K2M?G7I9W35j<T$?v<k+T3>Si=N$1F
z2)UV@k!gM?owqC&$ySbx{`=Kwm4}XZ9rc1Z?mW`P?|;82QVi;aoiv8esp>0<tY}{p
zYIv-ZHzsqSeyz!Ds9&z1EIK+@vD@=0@>O@lbl&M;KQ3IEdZW#hCU-t+-*4~@aVK<I
zrjmyDov|BME;5D4^tCD|uzsCK{PPQS*cVYYc~O<P85b3<%OC-93Q9N|1W5j(k|VS`
z;z^V_v^mMfs$H5<NK&piB{#`)DKi`a+xVY!>c=;j+1UD^mNkATUkYDYUYou{^Ibf|
zQ5>1bZnX^!pL3<?QFz6>nv8s0mGXCUpWTD_uR9pGHPBuNQzYpFM9Z!3n*~#C+l|5x
z0!sR|{&e`ijd+2aRmj-I;=4mf)@6vzQzwx=G-h9yXNwiT2_O?3@+h90ZJ-Tpy0%P=
zfqTUdm>*GwMrM>oSki_4elH>q7((klSE^b<x0&#I9(E;#p;c>J;UfF-NfY{z@X1;N
zMECUOf=Dd6$Q|dYAQP1OTxj&Yt7&VpLLun}iXj<6jM~xfBib=culvqH<=&{p!N-qb
zA0EK8&H*=ME)#-*3s1)*N^*-i7+;Rl9H9b-8Tjo<5qx8vlx7XrTK~S+xucGlZIN?n
zSw<!5M!k*Ksq?<$T(NCo8~^B%U)v1@{>7NJxaikm!gxZ2uonEh71}PF+23u>Un5N3
zOu@GnVH~emcMoMjRvAT-UE6K)LU-~3RxQbBWM-OESW>?5pO%&>{<ytnWRcCkIH6?s
zx*sZmy0=$$AI7a5MTLkgq>`R$oz#34a9};%W~uiyT~2k}4B&1Fb3S(wq{Dp`s_@oq
zw*Pv~sG@j%*Opx%nerCm^aSrzbv^vRra2fgg1xt7{%ToK8OSO!mS%Hh9lS{2YkP(f
zqE%p9F1GC-@83A&h@|(Vdz;O^`Tw!?)=^P*-TS!UAVUvG=O7^s0@67&s0b+CB@NQu
z-Hk{|2+|GG4MTS$-67reyM5lr_x*g=`u#PqW?;=Z_u2dGeeG*sdy?Dock~lmDnROW
z-MR`9w#M#s{H@k?P@VU?)+Z{0DA!d=m*w>N^P4hR^#TG|`zXuAXRMlupuFY;SIk3q
zO)Riq_<p_IbBwNq8MdBEL&y!d-FTA0l(OTv>T+fMklB#iLp=FR46^C)79(T8`R4PS
zJz86MdRM&W<vF*oYQ-<7rAd1u0hl7@#<I@@jT1z=VR!SLnnZd03(@8Iv493T$NJjY
zzi0s*9nte~09`iS*bWpMOxTm+TTr?4^4;VSag6v)x9N7nzs3e|Ts7Ao`!jw^ck@3Q
z!Kay92sRiOBr@5(qFGU!_ATxIf)9$%5!~L%T#BTBJ+LW8!$)unkUhBk!KwHK{#r$g
zNw8jr!E5kZLnz}U;r@3fD9%}tjJy|WBgk>#Qg@x3KGt%0o@iVUJLS5>(;EEBUtIzm
zKy*@=!Td`eZ4|6VFAbgWzh}M=tjIFW0)4X)5YmEzKMPp|E!n%A#j<T3wrr#vdIq~3
zqHUR?fuLX>^LRS{c!rPd!Mx7b1!{$X3;C43D3@sYU{S1gOV}#Pc??0jQgn5F)Yj|v
z8J2OjqT)!N0fCaw=~b!1Z+k7oCd?OvoimiO-b=!6JTB${S-~GA+B=ePYhv2VOF&i2
z9i#MS<ld?GXCB3C*u;U;FLUjYtn>v~GK3)eCSdIjmV0w{%DRyqC7fgsX_mQ2bjf8q
zX+R}Oa*Y`koQxf8_gvdUPB3XO`r_bS;*?Zvd{{$Tc4yZ?j?%Q;#NMn9(M6j+MkQKr
zSz>Iqv3b3)@qPZ{T^~uem)Vtqv>s%g*zC)e-)sNV+NFEC!zOOEhmWh9vs;?f@=@;M
zy`MZd{ZCz89{r*=_-UxSpXVMOaof+V5w|;rraJD*$bv0Q^#Tg>gTxzWwVZceZzjar
zltQ#q$ZWr1Pd_NLLt&3WufQl6nUBX0J;z=Xr`o5=FYP!F+<eIW+^<UmNf*6Zn)G+F
zJ7JhZSLaTrh|+V=c(gXlu0A|R6ThixxhAIH^>PMiO#)VT{gSR2JC&zlLm%URPKk!p
zO*Dz!yUHq0vW=?~-iFUV+bu7@UP11U<0D|lk*;)Zvv3i&lRE+K#Ywj<FI-A+P526%
zO1rh>#^=<Vl>G^5M~kv1fl^AdmiMgD;T>r4GuKD=PbV3deo5Yuak<B9rzn&7uqwE8
zaSt-WQ=Gx#(_FI8?$)AaO&8C9$VD-0)w}`f^3NH4g-|`n_<xX0vC5*0XB|K-^T$jr
zbC<X*n5+%F_ZXbn8`|1v2q5p-#!EWu-Ya7>ueQvpZ6h3IDsDH-kZk`a<ctmjUwLp4
zv@z*R9M>yFue~gJc-wFXO)&=s^a+_K-(~zKofScaLYmU^RJea7+w<>?<1J__GJLeL
zaUQJm_KwQed@>sLKLF21K-7CHez2IsMKOUu9gZ!1P!2*c?s;~;absRO5&iR!-e*_w
z`qPC4??JfZ*v${Bcz2v>4?at%ZCd^ois<}hV#E4US6Br2d|JnAuTBvkp8#j(;r8G;
z+H2I~gD1bFpy2MfxK%TmS`wH{;>i0Z=fOF;ohHOwxl}(gm^F@B5~MzadeBdk=sevi
zaNx^vL*vC%!|tqkQ+(<BcNYt5UWrD@IPQo<!B3-|+I41X{Zk%3mo(vIA2B$4915M>
zq#Q~U(R`zHMrk+>Ec{*>IL?XnX*V-+q}U(5Yo36bih5t^*$Q`z<s>6{4wS{tpgWwq
z^pkTA)$m0A?q~TB@i6=cb5qKC43gvc4a*4|<kQxlqVssHkVs5R$LPQZ3l{k(GFG6K
z^J^^e<LhDTiT<B(>1}JcnzOi{E^^3DPljh=dee>hmyO%?2$gQ>u+1P<@P>lCAY+v9
z^_%vrqatbkydSkaYY75D+}!OP<5M1&i%Pp@s#@SLj{_P|#*cY`jE^bL0&2z4lGg?a
zMw|P_BsaW&O=_O!Ua@JRSiN{nraYM7tSfsd$4NNegERbW-df-#@_tL{s*dP<xw@p_
zeUU&upX1(?T5rr#ON*AH6LaM^*@66DlO&}b+R#WoifrDV*Ctm4MJCWjIK=`J;pgGO
z5b)mAukJ<;$zE;IJT}i~3!kH~r`nHaN*y`0kHKB&l(B40I&ZGkOLk`Er%a?b&Six#
za2izt?+5N+aKZ0`#}!K1WXw4S3Daj>!w&1;@BFalbONy&q=xoq-U+^nj9Lj1I^&*3
zY`<GosMxAj`H?s5$3)F(ASj#eUqpPa-?Pk|=|Psj7T9it^5(cehGMEjYrK1S&cS@c
z=-glC$6*j>Jj=;F)_9S{W)yABgAcgx9OND~3TcE_nVK%5%1>VWt~h-sdBRleue5n~
zF+a^=?U881_z12Ov|bcQQS$%QrL@v6@koq0h$Yx*>-Es}fvQ;X(W>D$lXc@Y3jsP>
zlbkQ8!<Mo7X2%|EAyhn`c9B+0743OpDcF?ve+=Y>kBBoaD^A3@Bt9RAuqB2&0B&W-
zAzGNdCKM|yDl5GHAKQFC0v0cwCEAN+`B+bOV&Mo~^SukFidF<)*}ai<NMhXkn>FIn
zgPh+TZymju+;Ewinef`|G9c8W-lM-Zy?i`i;%9W(=q7O`)c1K0%0ywchrEIMtOOjk
z-d`qScZ@aGF)R8`u<laszdQfUC4r(3X&l<ODG2w}{}JoCSa#HC`Fel5(`m65QW<R!
zEiT@ys^v<qKegbssWw+RY{BYwSltkKbg!-L>5#SaJcEMOtBZPYTxUe^F7T#^OnKEy
z#pgXHb=6f_TS_dkix~-qylZh_RB`6wjCRIV$z860Q8)kVcxB>TyRqB2jkw`l0NoBn
zaX{PfuW$9}A#;j;9?7pRhBcf>5O42)S!$Cm)Yd=-YIfX3!Ibxcq(%zfNY5IlsE>UJ
zae{yDA^%Q3vP&Yf;}<2AK(FIz;NOBBwP28GaGWEpItxspB+fkWaXTDgt4BjB4N+=&
zm=Y)yMNEBtD{q>u7eje`pKmw-T@HBHb!Od$h|y9=KE160yJgX;7!c_5$W6btYIb-(
z;Fj@yiBlQsjs0-tdX66CRP|CaLLpWSIUf+3c0u*GziiP;f#cGoiC&?K_rCYKV-;_Y
z3GJd+7hbbouwzxb_NQdgX>Jra8ZlsZ`Yk|oyAZZHYdsN+yzw1Hc3Ux4(;TA-t<AjI
zm7{StGz?Vga!L0}@#AYBuyVDm5z+0L0r81Tpa8FHDygfqQoee1C=QZv-2KI`4uPu(
zw+keyt7?nc_F!eD=DR)t&eijyABjP78QLnQ8p;|x#?oftqHMt6?Vf?`B?Bz17^$GB
ziJL8y^t+=k)0-3THa#Nj@4C<^l{s)4YhGdAUhWx@lOC7M=ydQUDZ-fb2bIWLQCD^8
zg!#B(v!iy)qBFbW@?8es;78cmox%0r$KYR6y*AE6B$ov%TsSD1m~wPM!vT{8$~AQ&
zI^4?gE)bTMscSdOQcqbc4ZTx-h&^k=x&ZI7fA)9@$JdPLLF>2f^0&Hg-YhY)wv2Q;
z62=WAAvi5kmC|1y@X)NR7@Z7;#0_K{?I}wU##B~CHfi7`)!A)n%umzrloss1{vfuF
z)0ccbdeAtOJ8g*Z@xDJ?r+SI6PZy(K4!pS|{Kz0x#q$AE>4kQZ9c#j@*I=)WXHd;I
zibYBaH}@({$77e1^))Q`DY2`|p`a50Io8&e4MTFBezY_#j8rygE3t5_GI<Ovz;MnZ
z(vG|$MT98dQ-j@CRx{+kxW4|I+KEt#=o;*A<U=^SQ{Gc!FQ4=1!^8IH!t8D;Q6Q-K
zIH@OM|9(^^s?}KKxR^rvhO5puQe+c*#-jC;P+^`uXcf}xhp<RuHdRD)`$G&T^8RAp
z`UcyM<W`k9iCM+zT9?m!ipg~3n~%!_e6pQGVFno0R2=czY+^>=OrXX6bdbB^m*c$5
z{mpsp7cSS>C=+*^!ko+{b}G4vd5PHyBZEcdL{^;=3d+YsAm_^6M}8@!J)F$Zb5jcp
zg+m$}PHtNq2ViUwD`=~oY^Qb{iG(YW1g_5nxg6vzSj}~M`F1@PZ8!miRe&Ze9{1_>
zjx$XlvsV2AoFk00ih9MtMVn`R`RPQ%M@ypn0lSmt*eSEg0(xZfpBbq+;yDEgjQt8d
z)s;5&{;7he;Y#1H^^jANcp4J{0Q1-GxkYtg_5##v_+APeLM;D*5}m=2BV7)d8Aeq~
zr*;_6^%DMYyHD@-yE$xu!>ie40hSRUD~@(e`Fv0Tri^l)({o`vnZTFGs**L58+GOn
zzf(ft5fHPrh=|4Bx)Yp+t7wq4>Pjps&1X<~l(fixHA~SjnODvysQA>~1iiPa8*jIV
zE&Huk>9+X}hUUC$oXR9fN23(QQFJ~VUz-q{&az*5M@hAcy}zNdST#~`KKXP;e%vdD
z19!Y5h0Mb8TdGn5;cUr)4Eq}ty=d_8fnxyr_R>7~Lk}abO&!i}Z4ZO2g)C450KSR+
zZY(ZEZ{EY_Ef!PR@pPadvfmoq)Wc|B9yds@EvtkuwM7ekV>Ln3hC^SiG#yUOBll-`
zJusi|PL{h4jYk)RQ-Kw>I|;Ljqo=z~k^#&}Wr%N$GdZu57oN7{S-N<{vPWwmiB)-$
z`{r8mXkQY(QtT4qXL$YFjiMKcn3#}#<2ylGp~`8*6!%uDS90UYoH&)<qU$__#3^k^
z;1_HehIw~0Pq9AMUmDkvfXla^Nr_0gPl8b?ccp%&UA*3!AluksFmGxp|6z5#SN2Nd
zr9pQS-Q|Mt8!>8?cqG1((s5TghF2EJLs3E=$aJ6W3S3SbZsvq+d%T--pC4ixq<bhh
zjvv7xnsNomy{z%uPE))Da!ZTT@Qox*T{|@PeFNF>Te0K9Eb+D$+(WO|P3=jhYIz=j
zlO@q0t9n}c6>_t>(E~_hA9s>ck!h26EI^s(!>SK?K2d5rq)#YVM>hOkm}wlv&Z@CU
zt|++l>RajhEkk1jgYnxudQ6-yxcBR1OTOm4&RKhdv`Io4b-To+O8!xiLHzyA=cdiH
z78!zeX=M3CQR_{>-LFfz+Rx=HJe^gO@m~4eWVoZ~qPuNV*LZtgakr^$TNSH;CAbd7
zpl?(ZO1;aExVEg#XTC&l{&;gyC)u;FLoDRtHzbJBRkYqcZ+%d_-mTA-4unI~C3r16
z=c@xl1jGm@3oM`JoO1-=QNnL-)e1gLT^GADkC@AUXtfH#Q6GIC%W)quEnXt5)nFg*
zhdDDG*^+Zw_vkIUnP&afHB<bu*`wrj1^t1``wpF2fr`4sYEJb=>rZ$-kAWu2cCI&X
z!MI9PZ@!q*BcpPcIivKnvu?S-^WSIs0#j4ox}Uf&WpG<(?kWyx9&Ea8XlGJI8-i`t
zK1oPPIAo{B94*V%Th<mQDBuYH2ICTgoZ;(TMe5ZINQ=429G~{WR$W6%SWsDUSGWrd
zvkXR0^BV;>`t!$fEpI<q!N_--cX%zvu?qWltu!>0OBv}4r*wmRv&||s_cw>b%DD%B
zR^a4>%dPy)+IvGq0&CO!U*eDtT;}SH{m{(xFVbp)sjRRnX5Zx|EWSF|C%G=ssQAFM
zce&G>CF`?`UHutJVl^tj!xI=~om-Q4BKx9%B=+SmR*H<xL7g8f?gd|_1AUckuD1^1
zz73^o{W6IkW`7)78#yh?nOzdGP&{&dpnbe^t{>4#rnmTY6H#I9H#KHf>zOQ*Zf#2Y
z_A9mDGmO{_&zoMM*4HK@BJTvxKkUp^7rM+4@;er3I!t~Xt9LMWIa6r-WQfsF#JOI-
zR}vRPB_$h0E?6{Fv_5D$Cogm@&S$^<O`F*<Ng-P@e>%88nVLfB`U;Qc*V}XfwXd(u
zX`5WnV>PUsUXOnqFToPNdtcIYp>8@~bAW&9b6%#`fqt1{-8?&%?r|}D^1I=%FU@I@
zo{ZmdLI1%}fY)L7L&tu@VYAY$2U$m*OdRb60v<{4RB&AH4DEC;HXRs*zZ>)zD{Jes
z9$kc}Mi9jZu#;x&ALSdI#1AP)4@~&k`N-cYsn*n5kK~kb(h$sHmrq&Ft-BE5%okL5
zO+HI*2^-08`085aTUGf1g@TtXDZYooKV^5afQUE18U)a`KgOyOhoC9q<&ZTyER9|A
z?UZ!piAC`!00e3S`b=@cV9gBoqx#tEE!orTxtU5jqmy3|?8oud9|(xHDXD6{ajdia
zF29qYndoxj?eo49Q-|rpT>Z|1lGwmJ+XS#)#b@b@N8H^4teK|ZwmR)z&b?}M>iD;G
z@2KBmz0J-^cNSz4_4SI65ZdTZP&(1apkZQ;HmZ+C(1IR7L+sHcL_zCVP5Bv?aK#Y+
z3p;XaLr8Dyi(-tF#d)e^#Kd?xK)JbK-YKE(ae#YlU9#ib7qV>h-A*~uB`Fy>Le2IV
z+sGT}xWqC2cgx%L4({*~C&N7@!>*HrU0C^-)Lc+|xx65Q6MCZxin^0V#&h2!NCCLT
z-Mqb$tX@PFRCuy$i7xM3s9daoGmUsE)N@Z&>Fc>+{|d$92|b!VnLlTlRBLDpgF5TM
zZBTszo8;pw&uy^>uH8$2&i0S=w?-+KouRvfSocsj=CPwZ@V%&ZUr~uRA*K0B45YCw
zv@tx)GM@7pWn6h*C7%mV&^K=FgMuA?6SXey;||!Dk<xA4u3>hgRSJjq-HFuU*fuOB
zUQ@~>1dki~=me}KTrVc$F2-2cjD%t{?wu*g(iyq8UCQP)v6>>cc~tXrBnvehFmUF`
zF0xyWZzPAmTjsf78Ci+273X@ipCYfJBhsX!j1n}~aY0TlzaM8CN}a2^_($qp9G{@%
z<1_g#R;6*N<ZDVSRWkGmkY)5InmJoc&TnQX;&~m2QVbmvl%W|whNHtp!LD*uq&A_G
z-_MmlG@#UT3=zsR#UdJ=$r~Zus_$0gX1%72eIAk4Xhu=HyPF`(kQ+7@^Akh0(Ejvu
zs!Dy1eqCWAD?`mjp$tP!pM&FHc#qUaQv|9{+8Z#|2$lj$_{#xMD*>q`>=$`iL1^!E
zO8*5Gp*>)WW8dbkINp*uG#gOtQy=)#ceZrv>N$jn&tJZa=dzreL5}Xg<R1`16|Jb>
zujt=bz5M-aGORu0;&QLFWe)lK5hXS2*HC1E#>)HS9tszQJN*9C(sbh=8Cb3>YZU8E
zRFOQeA;C+{y46rd{p;)Z{zu1jj3@V(OZ|Bno(xTHmx=hy>L#j{yC{{954V7L_3wo`
zNqe-A?WZ?ur7aJrL5iD6QMm+K_A!B0DK7{#ZG5nywZ9xSZnxd0)IQD5xc#o%Qp^=B
z`SFJbg@`~yD01={7|I>_WR0#m!;SLeQP6WVxVX<Z#9n3y3p5An%$IUAS$iW;p`Gr$
zFLb(zgs}V5KwZswYLOd*Z49fE7X+Iu+VJWQW_5i3D0=0i`@9dU=NiKyz|QCH>~=ty
zN$?hKMzaK^B%4>zC(mhe`0UV`l$INm`1BcWG|H>7q}+~<rP!rJA_YhqSH2Mq^%yfQ
z27Sm@-8UzD{v4E+92Dx@XrU@f;KvnrXY%fOvICAW>^@6H$SS#4PSAw-wKI$VH<=}|
z*7oOQTLxDqG~3q~4Tl<6^W3!I375imGpYD#_Av8PPj2G{Imy5*ow{Z-$LC-@$SllR
zcX#;}-V2gUzkFn}O4wrd@>oiG*yEjD<ZlH@;?V(yNiS0m#Raf}bDiIa4Brh_NYCqV
zss6kz%G<#aNH3&=2On>);(f1jJkimnz`SmcYBkr6r@P?xV7bX7D6PFQc$J{oNp8OJ
zX^vjT=K?m#DOgE(c$*0(f9-M0amYJ}U`({|S0PfYtMZH(@+v`XcH-e2v~whnwbMXO
zy?qhyj?<SjaRe_IU}Sfr_`xnl{fXskk3VWfx(&7&`F}iaV`=9@^;S(;U4{5w`g&4Q
z+!Ln_18Ir?Si$l(JnyY*3>H~i(&qt}-CT4_k=#<5OwY#%X!Km|hO`)})i{bfQc%<M
z{$H$s`W0fbhvmCf+Mi~TBIrJB>CYPl{gukA>SLg4XI0kx|Dmo>V<U!?tf5Ty+qe7I
z-G8HsRtH}>%NIY$vRGa}dF_0pd;g_ew!<poRjHc^IOHIJK$~sYdOyQy(S<nCjN5eK
zOSFQExqkEQ?}owCCE!JF@|r=4%ptxJ$YWrtD(zq@|GxW`APU>JQAaCBK=_6`M=Y?{
zrQ#hV2zQf)cU)|bW^Zg|cqQh(O{qvxM07bm9Tu)VK5Ko7)oG7x(5(qv#QHt%9Y7@j
z6%A1!@8`<*vNL1RYO!m)09nLYYEA~(cPR7D6<?2bHO8(N<Z{N<$Z{l3jU^>-cD9Jd
znxrU_?|QdnrLUuM#Du`?A=L3iUM!=>;v0tXEb7|sU#~pIX!-D&sYYuYnrfIKL962y
z#RJ>d+m7zM`#l*^OY-qS24|mMgbWXRhTuG6Y>w1KbLVVbH>zZ47<Gp)ZG4$x4mfIb
z9(TLAPTFY8q%!O-<%l4~JCX2uz7wl#y;_bv*zo;eAYSyV_&x3%UY~qb1|7wYWr=_I
z=ayr>t|U3zNE$x!p)S1SonPU7;jAKsD%YjM*;{M3ONzNh!L;)h{OV5jZk7I@k=f%M
z<!&Uy<T!_TD0aQwFNYc^;AcA=;hLmyw^8<XE(d%xY=-u>w=J2CKRaqtwn=-~>oH^L
zAKbIpaV9r<YP_G^*9MGxn(cwtiye&i&bQ=Hn`m)SMs46QRb<ufg#kcljt+x_D?ZI}
zj(&Jfeml6d`9}8U^3d8!;<V@m>kKxW3ZyC;DH<JwY&B4HVl)KGwjlqQa@b}2c6+|I
z)S~77!uH{MYs>9kTaV#|_wB=niFv>$*Z7M#JIwSgWA@g3h|jS5kB^o{0NwefBc`o0
z@FB|hdkaxnZM^!-VRWv=f3w=jkGlv^TxX~%v_C7G!PV!wh{-YJo%r|5{HlPF=ZVSp
zKWcfwhCph>acjU7V+CPAR>a?k4jQRc@VUZ=+f;rU#+NpCPMx<K795Wm%W?suNoZ|w
zGU5Ba4AAksme`#xwWhQ{0dRhYy{XrVdYr8D&K^(<${6C;X7Rtp#%h;5%_-ICg~1f!
zGA)B#^Iu9*fq`@|9%kqEj)%}op1FSHLO|oVb4bjj6H{#V@$NKg_ESDL6{Y1yU&6uK
zm_d{vZ5qE5mtgiz+rds=2A4;oNpN-5=eR_~Un4PWdI~=NDCJng?o}IJkGC1$+fLDX
z%qI(sHaxC3k~UYOg<7p}{T+QdGV>f4UAFu)Ek@Dy3r&NCz-cqt*}f$c5?8c0Xek<3
z!Ovu@Z_aiC@y>l|4zif+pYca>B({=-i!GXvH6Q$oES^E=`W*L?Xd5X3v8955Ty*U`
z=ZoOj+pxu8x&`J<wdYZxeurcXe!pF$Z<~t*u}&8eOrH-MvqXxpQ?(NQcIy{8XRm83
z(IUcrh^@mY(b&X>f0dv<-M~+X520U{_<kNxl(yu48j)(-M-OxMvHDft3#`~GFd37K
z55DB}nD(+bjngz1orG&Z^I=m4N&5#?bPssJX~|=(#!>^#4YnOe6(yi}vFK*)a<vk4
z`g8M+ncRR)a#=;k<Fyy##hfA`!sBvUd)iikH6B8@)78A0zWl$$yJ&W>zq#AhTcR#4
z1)wNTX97B7v?*6K%2C}Zy2n$2eF@oID*N0N&!C{#^d`P<Oy_G}JdPUe!v>yVbQ^R+
zw68s~%zkIg|D#@zz}bix&F<@i>S=8bR+}Djw<7!92^mb@bx38o$ZCgnNUGfsud!d<
z=2vr2lxtqPYXPa})yi18ffUB!xpjMecO;p)LlfWy9n)>fXGB<=uk@)JGJASoW>~DK
z0A{p1xF0_w&f|GDDn)Y5@&PuZye|UTym~^up8P4jd~HThjqO*KL>QsVaUWx8RlN+q
zZtIg-hiR=rM#@abYiG<hbVMo#0Pj<L$Fl<By;}Ag9Kxmf6;OXg^Wk|;_g+cEP_Q}R
zDMQn_d`TQe34nS^6E=~lQuOU%%hDXC9vl2qhKKRF68Fs5yEz0kEJdx`i-Y234Xe7Y
zGqGV^wCq8qha9iDYV(&pq;}!hOgnoJGc>Jw`yKuBvAmb*&ROT@fa@mx5Dj?h#qOso
zf#pgR_9LQG@*KtkWt>c$G)x@6PNLvI0LD#Sa9)exq8(WSvX%0+RD*%K|B@sFpOm^w
zytjcN=(RMmnCUj;u>8>V@r%1eebn_n@+auFy?7`eg~e37{h~=A1;vBV0h)0UI+wOd
zs7(n^$r74W#H~kppD=q&#qKzHuqI%)f;*SUoPeI%43C;(3wIzA%8`m9uTiwUI$Eh)
z6d=d#*qzp7T|l!3ogg5D=geEyrs>8T(XdK(YB#wiBg7<h5c;6`>53SCceyj$Zy({Z
z_WP#@rXl9NMHNnZXLPYaiKl{MIe};44j<p_ZVa`+AQ3+Nd%^y*E~sM7F?q$H!{req
zL69fZGCpmOl=0l0bNod`jW+Qx(T3dpRui)u>bf?|{xe9W(9Jd#Rg-8s|HIW<#L;Aq
zOq{9&qz<~U5`gJr5fCJ_&%|`mbxSV()9tWnT3R!D-C4P7Z%&T2$#8M*cl{nqzEWPK
z0Py$$A?4vdfFVEwM39k_*jz`!Qd-W7Vst^SA?Sz-k$27^eovf+1uqFdW4us>2wagl
zFZ-NqrdXqP)&M&;`c7fX7YU6i3k93_V#&*^vRGgK`_SfK$~^0OqX>)tNFZ`U5V<QH
z?ozB#%XR4DoG!*{!Kxc*iEm5H2YAp8Tfk6==`q@MULeTh>$O}iy0Pnbg3*Y=h2TLH
zo+ei!zW$`MdGZ<d65jMTNVa6@81!gZj>{pI=2Jy#l0Vi6J)U}QhtxIzLVRDH1i+qW
z6rIv#bw}-J5v|B-hc)w7aln!%1ju1Sog~Z8<puN%K)z7IriYuoS50M=X`j1^lnFY8
z1$I6c>9lxCDjKG^jwZi?{m_^8pV^c~!$$C>SeLf}Y3w_(0Ql>BFa*9?Tmz|ENQq7X
ze_3I{D|V_w_KnlE#p?gS*n2B9={j)k01Aa5-lVEj9S-px?qvZjO8Tsz1cs079oU%!
zs#>8v%;<E4>Cky>U+;u(gwmKi%TLgfAb~iU*s8@c+KtfxM_B%vSF2&H;kdz>`JdOi
zDf^9EinP1f@L`4!S|1xif9mf-=xqMKHVAw_d{C7M$+St*ax9<x27r8Z@15MiK_=u&
zjv(96CyY7f6F>CU(w5r%kW)sl{IG=Bs9ttP9X8(%wFl}lEm*hQhl5~EMI*+kLuvfe
z?cQZCcmxD0)ze-L?m8$lb8ySZsmAHr8<MkAfSum{f&=X;MMCXyY{;()Jnzq^xgOaP
zr7$)p+7@U*C^zgnnEd-}g>h>GQtk1&AS_oknulR*I0$j}-Z3F0OE82gItq+CzGsbe
z|4n76QP1$UoUIpN<zXRGP%I>}Xp~&~y`Ft|NR3Kc`^fv33>_(w4vk*NVsRPUOvS4&
z(q~rt=~4WK^&)sGkfMrA7B}uI4P#%oK5;WcA*-U99i4KPMa^#HZcNHNq_AvwW%giP
zUbtEq?g*(rihQQVJVOY(%GU9^pWLVAUa;|t=@~)JBBd4rt3j%udXzJK+AbS-R8Hks
z*H-QRD3UoH&z|>flHy!+u=bSYiS+rI1U4aEAJi^|?+0LT$S$vulHdM`X&e<BhxOcC
z9`7#)=b<&YyFqN+pN2@=#wl)aVv_>WnL^PIET)Q*UE2LxkykJd?L<u|Hf+%k14Ng4
z<6e@KLr4@PK|&|`QAjPdi?03nCVpgyE|FXA`;9Z2ZFCHxweKmeTYZHL^qe4#%cJ-f
z9e0YfMq*s(z9kSsO4PB(9I+9SM&MC8@}3TG1dP;yL9!OwdMP?{z67FYIp|~1WeJ`I
z0N$C0`)#E;rJpN7T_npp(WniD_l=^3wSZQZZxBk|=`stAPpH_C#rRaJRvuX|`2m+?
zZQuV(Oh*b5iGd#BRjc?oQ(->ij?@!qgZh@Eijfq)q?~L5EDlj2I3dp8=f}swM4~q7
zr`K3nWP!}mUPYlsU9?7;Hf>1dF(l~Xq&;B27}QwoLV;N;pcYYVvO!qLpW(VoukpPX
zbxh>h-A0m5xHB%gkAJf+p2cLrM`jS)M%n6g7d9LX^o2t73x_D18BXj?oV?I0F@``*
z^zd*yuq`2h8W{#<6yDIE{I(cE`vy*vq^TdMEA2V(vRkOI?G;lCU{c0+0VC4|9~m{i
zM~>p^A=wS53r5^=+iku<V}7a-<z8fx_ihXZ_W)S*8^E{VVrOC;mht<XcB5*ELFoiI
z{pxFZHGf7REB>=-bkNpHEQ%Dfi66$(^G0$B6S<45S<|=e{!fP+AY=Urtc<S<R5);!
zVrlx%vi0=LzSnmBB_Y{>*n_-<pBQ51Jt}&fUlJ4D^~OG88rq^^!u-r=jC2dlD)cVU
zDy*hX)m|Q1j%-cUOUdqNmGl}GU&o<aTl?1<=|R`I+6!S|Kf^@0+#=V!g+Zr)1(qK6
zE3|-P^q>gD6{0j@e7?Yd2+|%Z(hF&e1c6fIF~Ti&oUw8Ud-SC=G6EI}%|)lPUK@=#
z2dpBCA}qp`BvYeYsTs(&jE7eQs2c&uqLTo7KIkY26y;t1yk7Jch;}Kc4nMQZ=pQN8
z(qwA3V~SOY<pJ8YUu%W&jl~KUfN<3ih$D&cvG*$>NXH=Q?fD<#pS!}K8+xY^s24hO
zB8w)j7WMu>Up^gW`0=~oTCv7Mg=YZ%LzY5}CZjeosIMgLrQo9)@)korcxD<gaQivl
z%@ZHP?N#8a48TB0S4y@22<V#W&MC32nRMJ#eM+!dV*XO&R{Y;Wnm))ms?y22`t|y4
zQ-QA4V2F?OXtsoJtI9;TjH*LOror9SvGIOeaJ!i@x@wWO;Uqof^GKdmFcFW<H=-5j
zlAZ~XplcP;z!B;*7fg2SXH?3%zbl7@VA3ez4x(SK2m`=DHvP=CaF5GhFQX61UDmOQ
z*bRdNKIu-<uG1>3<E#>7Ki~RMSQ;oM@*^k=rBI0esUL+nHC&3&ftb@ocL$)yL=%8P
z+0^2^(mCPg${!7+JA=_>N&sY+tK`)O14I8e+*S)b{KzO+Ypjf|l>6oS#KSR=>n~xz
zb@{z`!5HbXxOUNuvHrNTC)5tT2XgZTjgT)tEMc&S%WA%+*k#h-{542jIq`WPh&7?e
zT}oa#QEaaDTVz`*-tTRK@cnHB1nj3az(C&ht}jRIWC&8wYV743)h6|i9yJh;&1CCo
z;Yd8?6&I&!&$CsmL$~OwpA^hG%`YBx#!wmIi!A?Xe)-dRM^^<tVyd=vm|_kVFfSQx
zS^esjEo5$`nN6u(c?0itZI56)*HPv$OBBGz$HehW5C&_^+#U@j2DeU&960)iHeGL~
zL@WnjAn_yBKw1&k|7rnX!S*DPZYhQf+VDH<_|Sq6sGfc^R+Of|>w`;|X~Fs$c5+jg
za1hZLu-hA9JRL%PSsUDo&K=S|Gt!le$2CdJJ9x!@7v5d3r!@^`upJ57gmBMu2nL`3
zqGdG_!Oc0$x|lcNtC2ybor%lxEk?`NYH&O&vox^tHR)MZw&?d~G1jARxx;?<1!)GH
zeo-c`AoT%ph25VzGX2!@@9LrE;G_Nc2Q{eqb!F05H@z-d)5YMm42cSrtS#HW;Gr!t
z!f!ce%dIrdhbB%Zvm?b5VuXFU0PWC?$5Ra--O!k4C*<VK(95!l_{j?YaZ)y2Zz6B#
z;R+?XB54kJyV<)GuE8^-bH>GbRntB$Ndj7DwyMUnF*(G#kjX^KGiC>vs&Di}p$e-;
zNZ2PK7EDU<XU}-SGX75_Skd+FDpqYfgR$`$oPgTx$$FeTAZw&GAOZ?89nF%EH1o9w
zk3zDe!l<I>!MZ>EHTxJWyJ@IDN;^a=yn4^^I}nS4<!uVr>lYLt0soKdgksnNA6G?V
z8;h8XwRNNYN06@*TsqzLSwxLDkPfq>gxC#UpQ8FQKU0L41GCUyRWNl5_W55;=gCu~
zltNIFTL@#s2=R75HH&;Pa^U3Cb(YKn(3z!8OvbTeZ4`tN>nZ4FtQzP{@%Jj&@Tre4
z1&=@wguT`<Ki2iFrr|J+W(ryZpmTn-a9rxiR;XF0xSwsJXWdXc{KuvGOh|rPK1|Dx
z$S^+yuVW$#uo&;LstZP?sxfz-yle@%fKx?r@=G6m!MAjrq2*-Zk`gG@yY&tZ{KUT>
zr4hGq^`yC)-Q;PFl0}^J&kp6M3K;q?hDVrK0%w9E=)}=yV;7S>dS<?AA3Jyxprsz?
z^iYIxa-cSm49W>^gG^()a(u!G-U6q~qtR+z0?Hv7U_aAd_8D89uuW3pvBD(2tbRE(
zuNx?4t4$E#M;V+($R0%oN1%n23V%&J7|<up7`_C|@J~Z)C?ewZBYBrc$R|qA{`g-4
zMIH(wzvln)?i#^1UcOPSO$8!62my~An(0oSCmKPv2)=h-{{2YbD;31q>Pc-{5hNEH
zZgvZiO0}Y6{<s_(9L)HHG9a4%8RPA{#S*UK-{!q-HzxCvNG;d{?&9D76M&-)w?{H1
zF;P2Tpi)yXGN25iVefW6m#=bV8xs|8SMB6|07r?;_$4xHs1r8^>!HJ>!Udy$fH6Wv
z1YX=BGP=G}PXq8{fSjVqzx7D!vmoy6(h(8<`B%QuOOiZ7^W$$lSCWe!ms&dub(Jw!
zY+ql5f8Hcs=Tpu&1RxT`x~Rr=s&Md%E*(JyQ~Jwfc_3VA2uSh-as!Jl?(R3c`jM~;
zsv=JE>n~0KG?X$a@g?>LBoxV(qJ5B{!-Vq;eO*OaLrfaIePRBq0%y*-&Of_p8z|By
zoOv3ns4X+q4@gf}*bmLcxz?FJ_9YbV*XvA0gyc{Al#~NO4z4H&^<hyBBzj2;pqV1i
zz>qAw6jC(IY<Amq>B{r+nO8BoPyHJuII;HqnAm7>M4<jOeQ`@Y;LNZHB*Bmip97>>
zm#s8Q?3WjEu$EOV7H8yz*vRAcD(3HleZ1*gYIK8$W)`x^$IVjLZNEEK6@_NR3A}7Q
zyTgg_$G)6!;OtVZAAfmeFtAAiT+j(ebwJWqi+xqbp||ydnbKEnA)-fkzjkI8Dyp~y
zRPu;I%bY5K3u9Kuu#Xvq@1&NdeLL~wmKRvHv_6Qv8AMY)R-$hE;ys&Rh&4N-N>P=Y
z?p0uX>eWx>fA2{N6of_O5V%^S_~!<B%bh0HVH<je&LV-Q@2Q)j?gWZ{h=j3x`ScUf
zl>Pa0Dvh2<GVVf(EC_l15ixKpuHj}9vi*emw|fhS&#1#4Q#;C#RxqC`0|ku;^k9TY
z6f9GeL)X{lQ}G1a&TWmsqE_v#LCC_pZ6hFF)|e`j(ROKhKV+;LHlhhXY_MK63!|Rb
z)e3SU^03duQ<Od+(t8Uc>?pdSv0&k@cGf$8ovE!V6RrZZz*xjZLFgd*$9y58IPE(L
zD%z$7<njrJEsxCswKUZBKs;wDBzodE5kwjPvA;+*C?`}(wtd?Z=*+8;|3Re8MRm-W
zJL*$LBl_iX`?<euve&2$HN*mKU6L&R<j<L*gMo4Hp7TvNDDHY#_l}({l83&3N!aFg
z@U?pLdjebipCs@PWYilj(ze7OM?^Nw%n!c$(uZl5{u0CIpUlF2tvjNU4$=AM6E@}T
z%!{LX`~(r=j$B_4KYPeknHc1iHyCL~v@8RHns`PjUqvbu_>%A4R~v!5K!efy_xL?H
zWLp9?I4`Jl!*ZA@-&h5U`;sA_5M7M_=-k7%U<U?m)HuREGyp;d201NPHyxf=5s8Cb
zJ!``&8<7F&jq@OD2TGkrp<|b}+fgZs>ate3B$n!Jba6?_0p<%<{CwJixRV_*d{u*f
z-{oM8aEYvaKa6Wi?ur=_5_Y|~@-?CRvvJ9z&Svyvgs~N%Fvaq#-k}nVH<KAM!tS`Q
zdg@Gw?}PlS!`g&uk@PrHnk@RM+IpymRg~ZbSmtgTaAAsg2u+*$UV|Sd7ti0}fX*&d
zb=#YWaD<0>nKYN(FfLy`J}ByHt>XPtHF&>{y(|P0_J$nF;j_MakQe=xgnERpMb|AF
zbJY4$V!*0*w?`ZXM}n<m5_7`QU;Asf%8|zrbYQIrQJ$8^CVosO)oFIGgUme<n}{Tq
z1+GTcYP|Sp1V0;5@9iE`S+F<c4kB=k9q9xlbT#sP;VeZq5<i1=&r$?jDjET>LD}(V
z^m6jyu<&CQTdOmV-#RXgN!9pq3(zJ(3?B?vKGS#ZZus>SOF)<Wf(-^s>`)ECj!)Q0
zJp@Yl5iZ^ITgmeAGTU04&)eO_pnI>HQAh^O?ESA1U9fPLO!Lx=d)Q?4al2D=R3`^D
z+o+&M&~0+o^)|Lp1zak|)33J4D#>c1<T~kx|LjKeYf$Xkv4Fr5u2DAIW$-GJ>FB^*
z>+!@thYnW{cym$BpZ^<#>sQYQ%KZs<bDZ_p`<OGd!R$7-2etG1T40qKeCQeF48hUQ
zXY`nDn?VQI8Wc70D;+^{j}P~jpAW^b1gWVc!`bu+{Dn>=0xGVaL~_@P`(nfhxYJ3M
z4VGaYvoJ7K<)nU7I@6p9T##H;E>=egd+9e~1vc=Xv>f>+%46Z6U|hw54}HFhUqPjS
zS5^zsz%~-I50f3qSQ3Xdw9(8+h!F>W_F*E7^udcE%(@xT-o@aecu^$6Vi<F|7A0(j
z)>JO4W!p=GUya0%eNNL(Vqx8Iz*R}{Sb`>}Ruo~0-*9wwyf(-c$O54>l?Q^BeZqBt
ztU6E%epr1uN~NwFJetxttlN)5FChqn1b<Ji40d@XQ4Jwfd-Kj@Eyb$7w_D`}iE3+?
z*Pq}v0kX_%WS8Q|P~Gal><q$j$M1FeZu70xqtZ2ExBQm)lA%H8Rp<TitD{%T2CY5b
zQ9c5sPgl}A+^7#7KNfy`ZG{!{u)4&2dO({W<-$2ja|`~7+`Mm)WY7BwSF{t2{CpM9
zV&P}`M7~mwvJedYE3aLyNN0ygyB}@f%XVMbT{53TL4YtcwG9BLUp#$=9&J4MbvEZy
z7i}gjB%BTs296U|)fTv1`4v@v)x|cRDTaJng<KBt#bM+?+3-$vKk2POObSCy@AX9|
z<rxY0DDqF^_!L>JOWBzJPwd7PNLgTP2ol&Y>+rX!B`m0${Zl?JpZwtb%Yf!prai9|
z54LiAWdy;S%@=wWltb*B8b79G{B0TrB$TlX2qoDpVlN6yn?uPuY}^3|BPB?97rH+X
zPp@RbQn5?uLk%Yl-yKfvhK6D%xK9MI#P__N2OKmLB44}~sgDJ8IcjV6$zbKb$SkfY
z=x$Lhr(ucY5KK*pII|Ya<lW@+;|XNuYK_VP0?Qdn7v#TaBgV3rA*MW7F=YkUNPw-K
z^F*P@FMPs#xWr%M-|5S@+37Tjyx`v}s?_gnd?s7gF@*y*rxd(+2e*e@v*XMKE<$>;
z4)i{=`wN^%o*tHUU^)t@6ZrE6e|8QO)7fWE?O7C?Jr-{Q4x5njrx#7CxDju;(>oLC
zn8oV>CJw#Ud<a;SI>E#fUu^s(6K5AbD4#X8C-AI`K!<Q~)G^=&imVL~b0oVB_2^Vb
z9~CrJRYRGRJdIMlMFl7!0_k24E@)kH#N86{&e9$b`saFq+A}p}Dh9W{a6<WT^qZT~
z|KKJf*y2!>{VDf2t)DiT9||;O3O<$^XKtvJs#~^<9=?_+b877U_d>b$escJxQ6-5!
zrRKfGaZA|2uaL`K-+15RCa6X_zk{_Ec5j+(Tw(kReY7PY^Bj~T^v@ReZ3{_=DoWgF
z!+Aj#m;k_kv&vQ#e2J5>kWIGqGX2<7$njTBQ~f|r7LY%7S8x!-*5{_ZPg!|ZKimf#
ztPsrBP}+DBijDZn1nAt`CIAL-YxhE_0@!(^$OtD?>%tH)4h^e@fv0T=f-b*mUd0H`
zB!{g|mFnm~OJM#T2ISgD7YlasfJkE|WbEm1Tw`=OJK-A5ynlk{`J_t3QBZk3kXjit
zeb+><D-!B~_b$KyAL`weO<~v!9T2;qL_1**ZYGrRYtBox4aGKA<0Zob`_EgqGzA=Y
z!RK<{l5p_w`>=+_{wXnwEJ9n?T(DiP`beHMefTH7BlUR^<egFzs+r{GN9Kbo@+4ch
zCeYbU>^&KY-WlmAiYhhAPAH^kMlN_8p%(+o+__oISCA^cgVg~jl#X@A?Lrs3;<}_$
zMvvcPwq$CJ8tC!IU=k(te%@zM2<f3t?Vu&@Vj#t8QAjc2NgTC);ZerX75A)HUIW0M
z>(mr9I`|DmO0T#A?e4}{A(vPE(jx>>K6f;+#d=Tc#{UcU%%J;FvkBS?Z)iaLLlVBL
z%yE<dPP+(SEp<+DNT&Fg;t$sXaaqln<Q#AGC(bwUgth<V#{02-&x>L;ii9fqj*&ID
zkWLA|L!6PYz5EDG1W2)_k#kXHn`deBoHuwL8(q*Qp&#G%TAHrV*lOyA5{P_35eNtJ
zw?Vi9{UWJ~a2S|LwM-f#{JW*6alFI9oI}03b4*Eh$$xoyiA-w7pgkZ*!F5hC9!f2K
z7JM#S^1yl~?|g*TqCoSUEG%7q<A7f0T>_Woe4g#|6Y0yhQPC-$TowyZhuUK1!s&$Q
zkLFyvVKAVM8=_AX<?tcNYm<3|;EMxNfgJ6`U>vmonu<!&j&8Z`N|vwJ=l(cl*UW!T
ze-0O-Ykp!Mo-BNBvft<dhSBoDBJNY+j38%C%pAs`&qbwYM!MfZz)SOqZaj57FQ)y|
z2Iph;YQco0gPOuWWWB>@lXi=D0g6p#cr*xjcQ>mtmCF5=hpa>F?*`T+tL1t<q&~()
zv|z?nbENyePN=q>vW}1CC#C=HbP!kVE|chbyxKKZYprv7!v$n8<B?G_&U$;J*+CL3
z((DOZWd9sCR6Inq1o01wy^{%yG?-H9=n*us<7Yc9480BQxwl?(f*fWl;Z{-(L)*@r
zZ}nyun?>ic9^1##Q>zW)R$^dWmM4uGweKv|s_{vv4Fggqqe<#IDtXqb=prT;T8H}o
zo&zDo1+Oc)L^rH|NJ?LyXKw&1t9dH>+GO)^&up~MLm&GI@ED!Z)F_|Lq|_LJ5?Qp&
zC>@WFf<AF1-HAbO*kin^UEc!x8f^wXdi5uk=0g<lzFqF+vr7L%efWc1ZogRWF3g(0
zbeXjE!tZA^Y+4A%Ze3f9rW6}^N};DRU99m*Pi1eacrR0)BXDr|AK(5SguTq$mEjep
z+p{Ga7q^wnEt?8nS~~gGrk(Q_B`zaE9CaHpet9p_N4X4Yj^C?j&t@yM>4~DSrhJVm
zUl?0T)5ruF<GI5Y;%yXx%=y_6;8SRISVE@S|7$J(?!$jy6p0WX>C*d}l6LFGX4U{_
z^zS>;;ohuwZ^FYU2Kf+$5-TE;xBmMlClH_Ym8mT~s?(b77qI2inAqA5I=AmhOlpb%
zSR2zckj|(C1}3#C0&I4x^(K+Iu!=G@41hstW~YOiT<U&(LTsGp`}~?cpyZ`32$dfZ
zi3G8_EPL-jjtq1pUI*|7=>Le;EZQmANuL+0l$P6^ECl_*(f?mbs{i*lC<pkec4^?-
zy6OKu2z7waz4%?@zVUe%U1pk-8{++?)@B8E>-Q~4WFai}ay3fyg=&Ri2w=Lc(jJMu
zk3d~S1Y5H8Fiqm;Y12*$#Jf?Y-d<*B<^k8#5$=QkjH$MDrCFm?n{3DZVy8l@slL5A
z?C-<*KN2(l-Z}rg7(PR&)%o;{Mt<#YF>;**(bIhB)r5q9>sBF~t$<>qcf6?X!CbZE
zLdUK4i?PK-VwfxJ0QNxD^5>u98vVKQ<K33#(*vI@n)fF#zU&CZj6q}F&Pu<US|{c-
zPq1j2CU58+xkc`41~~ZUXAcK|;N1Uxi}yC*GH0p=FH?0TZ!4o}NPlDIGV$-%|HQ<9
z3-tQn?K~!e|821}7ifZZwRStzK^7Y&bFYK?Q%9#=9x9^qp<0zmjL2%(Wlhp7SG09U
zAjS!hAF2}p6sbWAW%;c?Kr$*qixYmq@3U@05(H^?02(NJU+W&TLEg_O-5X0Y_RCzR
z*6Nq*y>^2_$3bFQbi=4@omA=cZQ)Hvbz>@;_GP;@PmO3l-N%Yxfm|uklmCK(t=MoH
zkZw$!Ariu(Cqw-34c{jZi#S;$t|tBjx|dyjiBuq%asmGAw*cH}_wI*&{l%im_56Ra
zA5tG`5$`SBmL(cdshlcQ0l)v1yCX$nDZfQIdxj0EW#GoJ`U$<U<$5FFQ~)h=K3*k_
zxrFgQ4T(CDO<*t*_qQ4P6ZU@l0bRZv${HJA92%e$alVO_Eto&>;wMo!Od@I_QY!`i
z&hZdvzNp$?$nlA1RZ)KUa-K9W9eqaXHxlGD57h5v0D+J%1T9OR8AMcv66QJ$j%m4t
z^gu}?Zt2rd-(+;tsH^+@Uuy&?Rs4t#3Ic_KjZ%Y(>{SluMaJ{-p4qr6@UTfiZCNY3
zc=CSChg~1*><2u?n73pCDSyvpGy~Ws!@j|w;7oaJH#x1RIL9)aar5u_z$FLW;ipwL
zGra%_QPA>|(5Ca_K~&520|J@`OSYP>xD+uB0|0?JX+QvBRsOd5&w+FWg{rOR!Is`w
z10*yQ&{Y0qBQ5{y*rap{dMQq8<Hf6VB5rM~Z4MD-6ZrN0<-D9#;|j5<>xd^HlTCCD
zw3qKJX4kr(9TO<NY1vHo`mJWWBe5lu9f-kne@o&1B1vnOgDk|lI&kY(?GE|LRrY27
zlHFqr<|i%PPGPX`Ux?t}<LweAa&B99H1LtH0o2-PnUeJT@6rGZ5Xls4<^2{=BG)AP
z@5ck4BD6?s6;ar=@g;B|3Dg4XStmtkyk*j;VUj{x`AC;e{UpR1sEVbuBW?b09{w*!
zFNX;cGIu%a<^&WdlgBm|<N%$S!+zehp=ge|S_SqcGv49@nN8l(o@#EQSEbrbd}D{X
z>G-h^ookValuqYKE~f-=-YqR!LAPHPl=g+nh5C!vPXgG9xvl8_^j6CzG0;zIFUg~v
z$#FNZ<}rDf{QUa>|9>4zv>afsjQ_8_#y4&K$6k+HlQ^P7&8&o!OSKx5fyUFMJcx);
zKXd8ly5j9b`?Uqx^LjC70k}01z57*OOGOx!B|zw*$N>(xtjG^CD%_D=fLx}^kMe!5
z!U071TsL9bz}GY6rKXiu!<|gIw&2GEx)`2)thM;}u>iSzn8K(rk(6>dFq*V&D;W(N
z-~<a@cWcD0k1>`KG#<ab-*n@xniZ8?aC2W*t=rk;KS(z1&GM?A>{|bk9U0$oc6Tv9
znJ_+|R&+V~aqM8V&}dG+h0w)%Vtg3TDlh!5=SPPA{ZB`tP?PJ7N26Gt)k$@t4$wLR
z^Z&;E-wW%%*VF&}Kj1FNKxe0^p|@APWSmX7f4v(t3G)6TeJRZ@@Vnb`Kar<Q@-0B%
zjRkl^Qt8gCAxt~9_B)E#03pY~MKYX_@(-)VB_M=sVC7j(t?<JY)#j+>N_&89JIYHq
zfXshAi2XG9)d*B+K@bh7Rt-Dsj7i*_?|q_&z8OsA<-q^_8z5ID0Hn!20PaZ_MY(n&
zgyGH@OZ6o(GiG>PBv+YFzY9bsij8(g5@l=H_#~C*3+Di!pgrsEPs-~6a)R4VKovc%
zUTsDL$nOuxVr#tZUr6Qn^p5Elz?#cjkIpu{*q<#oP@DBOgg5r0U0<z5Z2*XTJg}y@
zP(Vu;C<K%j07xhmKol{tAn$s275LBDk_mqTy8gbqljx?mA&Y0U*m!+X=(;xl4#hP(
zU+u^S(Azv|ed^RZQ%<%1?de5%)p>2{C+a4(%E$PY&4C0|ygtTPrA651q2?yPB2u)C
zZY~?NFXm3YY%iO{HY$hn_*_^+dVCB2>uPeIA<kA}<w(wJ%Kd#10Gw(Gw8?&6V#@y&
z)SJ~5m2J3#GW~BD)r!pqS|CkW^8rE~U~Z&4k^n&8I{_Bg4^RYHAYSZ@kc(%Sq=a(s
z7OzjYdM@k?3;;&<7=Vbc5VR=~taCh6P`OJBpHC=l0C0Ezy9?&cOba2nn6{Ylz!$yx
zp!e0=n6FT>bVN~IjR}OMK^g8RA@&DzlVBu>Fg+_nG`<O=SHQ>Zjz66p(xt-!r*Cpo
z>fEmZXVZ@Mr@JY9!w1xVynqY#xxc-P!jtjh;G#q~mip6@0#FKv-c1#6ik2Qpts;{<
zivT?#&8k9WEA_Ej)-mP2|Bz%!eGp;Zx76v%j6YtECNQeZpIfvtH?99sSMj{vr(t@h
zTBaL=JAJza^q&|d2uUsPaP5x9?s0G6&Ks6_UX8xoh*I;CtwpPsj_ZyvwB#y1L;{7V
z{I>y_2T>--+iT!WJ<I2S|CxmDbAXwf^Z0CKga>g}thGns!sb--f006T5tzq^Rn3hy
z#Z`3QCwLkl{{6Y`-=y-qQpVA4Kf=cct4CYRY!S2>;JZM7uUKOGV(5un!v!qoIORwf
zEykabw>AS+$1lk2m||vr`$(f0`oCgn<n(7fAMc$`iEEsX_4}0ym6=bQk@H!>{~uj{
z9TsKRy#d1lLy5FVr-X>oA>Ad&C@P4g(%m_vAfX^gcStJTor-jKcXz{3?;g1C`}cgu
z`@R2+9OKM2*R}Uvd#!bz=UUtO=MIpm;rMMv?f2p*c#A>O6x+Q?e5Nr3B!9tyLO`N_
zl#QzKM<Sa1SD>E3(l3Bwyu=6^(Xb6#l4jcfPK|4TVSM^X6jXv^iIW$Ugq<DY);2!D
zr~RT!`dRIBjbAyp9L!AgY%#0|=>3@J*S+K$c#~oy@`q{wzB}x<HBrt-puMUct|P?7
z_Nm~7$HREtc#glMNr%!TglXqM<gcsCuxJ>Fmv;(edf0w}^knUSI&|$eUo#%~b0|?R
zS`K6ct&Js%d%q*adhn#+3?Ew6oT_s{aS4Q#fl{*0uaHe1Jsj71oV=5oh{pd{$Uj5(
zih~*#XcZ5{Du7JreVr9H#sQaxDoOEbAw#fV`1O#gcJpqAR@8;Gm|qgWpRgf!XBy_-
zYsd@lSO;kreoWsiKA|e==oV~~rS^EtW2zGMwc0)cQ6q^??H+HpF|6qx%{!Hd`@lqQ
z%2@O=C&g|<jcR{?vd}gxA?@SmyM>0q0faLHyEP*}%j@8rtKBzFxt2Opct9@|Md+Vs
z7UUN%Pq!18M^N(${$FkgR9w^<F*FNw4%y%Gu#Yw|PILKNgg0;OR0Gu&NGE07tB;1&
z)142NWxg$>av_5tS~oZd|BL(i7N7B0Q96DA8a5d{Tg~pL8bGDl0J5wNm`L`A>Bl7E
zn92h{YRQaFVdW`wJgTemKx-|p4sP<0K-0RJNToYU+ueADwf@2eOWLKKIkOc31J7~N
z@{4;eQ20;^)oH@EN@ZM|2uHuN)fqX{3gMH5!%w|OWi_FqmnGb$!=0@L=#+LLrC3db
zi(EoeFNe=ok}Ma0uMK2&07TzBvG38sCoEPuS>;%OVGrR;gc5wa-;ba6coArwA^_wy
z-6~gN4Rnh#b{k{Gncq=+o-N!v7)Ha#oF}LHOQT5TIBD&RPM>uVDYYnY=-rFicNZ%D
z3Ug5yo&q{W$)I`H5Z7SK3>0;d++BEdrSV}jGZ<HBSFCa=Qaw<oT|?aHK$=*S-f_xa
zH7Dj|#-l!ztBUmJCRnh=9F5QT0cIDdqbeg$?6jw=$R0)V)hi8+G-%IlubCL@;LF(^
zT3kBv1;4#X0CNHw`g4%F9F-3bW6chzT_cK%!(*e}6aOOF8^EDh>66bOoF>u!a0(#;
zK9W$>uR#D`8GN)wv=_ddS>>>kZ56Z;Z<@e#mi(Ijzi!WlrGG2D)+T`oyBvlHZdd#k
zdYcHq(+3u0LfWt`o@~M=b*J-Kaa^muN}%%X{xTO_7Vw8!=NP35!oZc*2U3fQ#QrHq
zK*m4uAGtzTHPC}aGa>>>g%y48)kw?St5yvdQdlg+Pu;3CsU$c!o`OO7%N1nZ44f6m
z<DCMXXIWlXg$rG@5|$Z#=*;@Sx%;hdfAqIw$DfhJ2uWOicA41xmxZ4cqjxh7H$0*!
zY!AQNjBN2Ss}(q<)SWOM;W;ebY=f<iz@%!qW@r!Z{+k&5msuwJ)6Qb0e0k>wv;Ft~
zyd;7>2~Y2;5fcg!OLVeUZ+=`X2h%d+Z_7=H>soBk^~LR;?=wgt2Af7mFi?RT@?Y%!
zUP|$!D&l+=%*W<01L!KQPxv2%Xg>?@{UMaOm?Qp#vnU{E7vj9Dd;*r9dMmW)3`E)S
zpyr!w?<YWrIDw+L5=clp!?3k3cH!u1cR${*?-4oA`JS8=7rczuVNtUu^N_?Q&|GLn
zoa|Gej9SP8TB!Kq@8TIBOhO+xtzZxt&*R|%Kp1DPAp*Pc!YD15wpJOh0!RRUk2gY%
z&q=H`d^~Q-_K^J5_H3i~5`x&N!ONi$zyb2_T_-?y1euX!KS|<kc%;>UjvE+KV#M-{
z)~g1+GP}n2TDNnvu!V{gWY8T?&Cc=EXj{Y$5FkB;>uw{*kH_ZC*%b7BG<b9|vP0Rb
z<s7()2$gdX)?efUZ|6JA*mTrB{e7vjaV-q%qXu#2W@em#!e*<#C~}tfnUskM9CE*e
zk2!t1kA)er*Fpi?ZA5<|TC>ODNNYfV9OG;?^j4L$4O@cQHilmkmI#z>*|<&X!Y7jt
zbKjS8Dt`d=_2zlyAgB^Kokj6VCc|(9^39mifWlz*I-1=dT)I@9jK(C>d^4`EA4Q!h
zsDmng(TAzC(jj)8&7ht_{(ZTHd6gu=(z7+%vsY9;((6G?b@TiL`*b73>x_S_Wgr8+
zd{+oJ+xAIpjw8_;1~Ax!nycYzn{&;Rb^!(wYL`~={WU}FcG85ZHq{x|{AoF2g%hgU
zE-vlhY}P{4<t5dlBB5-R{66j(`E#zGs9@0qx-MKnsrA7z6*wq$W~>!e+wDC8og+Iy
zPY-$LTEEGYSzXT4#1v)23G*X(rEcJC)Dz(imw%G{MIz+SE7LKm7|xZSiM<LQ<?NRA
zs{a>vEeazGy;wH{Cz*idU2x`DNQdUhhhP$K%t4M7a^cL~a`}q0g~16)-usRZmCzXe
zeuPyNSVWwk9?;Wah~s^v$w2iA2W{$z-u_gU{@pOdy-#gSL$?KLX=Sz_KBX$AsTMc*
zl;gd^+mt6!@sQ$?)}P%R>Gw76;`CCx5R5r=2{j;j4-}KBM3iyhe)LI|#BKeA7r9$f
zx&T^<XvukCXjSz3+0a15b?6S6CKfYu7islasSatF#d)P@SS4OIsgog^C&XBUl<j_#
zae5^bFlUbqHNpF}dx5TX(MRQPv6$Kw67pCj#|SPVBf*Ceb|GGZ?00eh5XIXml~1d)
z;q#T(GqhK@!CylJ`eJxz-LNHexdTn;rcfRPfb&^7<n#hx6nvbXP2cw=w<sw58;z_!
zPVHm<?Xz{usCj={0R9_N+}WV0zu+diih!hBM5avFopYGv1aBA*!#GfNe<bVGZ;YJP
zSJe*YYeU&l&TYTBbP!zwCtFCcBx)~e_x_ScQWsHFedoi_7ZdaGZ_)VR&fZi0_9Moh
z-!G|j6Ze`%8zdR%n@PD0NM3P-`=QqYpneLYG2~+$uer%VNG0l6#9084?$@j~SES{F
zfUyitLqw<Z$NDb~vI?FK?U5G}a#@syO@JnKL(m3jM(<{zl}EEyg~)@89(wNOSP7-u
zK2@)@iLeu33W}Dkc4B;&*Ykkk=>1!n9qQKCJwj|fK}kC2U!$H3nI^X`K)>~wnv<$)
z?9MGh_50Do(m$TvjZ{4pa?S+jU&Rj|KY8(b{Hnt5a19nmI@Q*3H26;{h7fMn0(c&X
z3_`Ef0$=r1&%Ae&T~urRpH!_V_|6O(@49vX!A~pb5(4)u2Kd$h-Y)GTO5=Y^Qv`B&
zwTVb+zj_dLf;256j=k7v;5Up?O7LDvhz&?-bf-&BF@hkR%BR>t1yMqmRun`c^pc#P
zHYJ@Gy*yFou!_c~VLRr3IOLuKsYHr%YAVG#HUaibyLEe7U{;zNjkfX9LJHgCG(R7I
zL$O1#UhjpJ#9gca49*90Qsh9}W8904{PGRW!+BJ&IdaVj<MmTR<XRQ*KvV10Z?cV9
zK5pZhc#Cue3n-%IxNd>&I)R45a*>+hPwYXBLu?dp4XwfF8uac%VUN!*NLrj)Br!?@
zdy_&$FnPWj3XW4Z^9WcrJ;Pb(x!db8_v}1Swq1v+Fepl)HJM@p6yBIqy`q+&MoWRp
zd(+3p%{}{IN4q3_G(QRIPdd4l5XDbvA{fq2MObGNW1s;RM6mlc@fJfGTUtGhSr{5L
zBD{^_lN=Tj0W#h63C+3qr@*^MFAd&2Lo@iG(Y(=JnIh>I%hv(2eo~HSA}>mWX1WC-
zc8@ARW*|m$SuDkSSMJx7PH&r~{zTE2fu?UNU-Uc_e<dPdYp(wDgvj4<uc;W%V`Dg9
z!Ld#X^8se~SB4chd7}MCbhm$ja15H47265Y$-kA81KO@>dThZFOzC<r;)57a8|;bx
zbFpcXchsBFN)@auU%1a97DHHlQmBR`wS@e%cwXXd04nxMx&hRbY&bLRF5Rn7Ys1Dj
zUTppT;9Ka+B3CKjU5QgAiL7}|95yXH``wVwh8#lE;wpC+)5LzYWxa}D!3`b1zB&=b
z>iBY!L$lh@V%#sq;7)BrD8)!Wh~0=zM@hAfAxU0yB912kZStPK%(h+WUS`<zAyo1o
zl05U$P{~xH#7g=)lK+iT@I7UGFcV%WP}$TF%*X70VaW@jbQl$<fzK5NZaFn25v5)C
z3Wpqi+Mc7R-!l(N?C3Dxy+>bQBpmXWMs?0OIHb}kGIeLHC5*-`k~HO_NiMkwDBTHZ
zYvzN#StDD2v))@x4Q>b7k44%WiDk48S5oJRLLV-qgZ&OaT+G?yaFQ*yvGcZdI152#
z7~ClesTojxOAax0iEtf!e)y937aD-tw*B4TxE-Ko<;fq`6lct^E^GQaSAUpOolnIV
zVkMtKe1`9ySZN|n2B{sjC)1`Q1nYC~CU?3NR=ak&d3)L^z_tgulGuIn8LxKS={oGr
zQUu*4o*|<KiOuo;VXPYVe%8VzK<uJtx*{oX{cjpzf<Z4j_ABeiznsql?@{J)x^%Y6
z2A%&<mDtAvX}q)4&m;fA(twh}I{`%rtm$e(S-hZz2(f8=n$W{LcSxNP9nM#`bZ87^
zDBii}{khTA^doEae{eQ)fM>r?=;DKf(A|_0(XLFhk#yCIF20#?077da)WQ#wKNlZu
zjPP+zg1oGA;2j7GI&B~LBrw0uAdzRnGr|!$)p4HnLJwS&txyx;l$HMwVnuUD0-0`b
z6GTso{tv&g&rg6B4?2I6fC5Y{<`wi~NGtNI98f3{No{H6W5F=V1|*q!o04MmZ&+Q#
z<EwxR3p|7r23sZjoYPM-!o}d;R**(qOIx3=<~S{&nOXt}3}25Pwfkwx)&j>93@N6X
zfLaiJJ>ZO32npL|90s*J?^>&p$yfS__lH65W1Kj!JBlXq>f>8(Vds4X8lrt2YUrCZ
zclf6=iSgfGKM)`NMR&&S<YIY6r)qFO4-@!{JB>kWG4ICl{AJDRkFS9ZveEhyEfV`_
zGo)cYIoK%)d(UJ~jk_i9_?)8WHL^S;VLv8ia%$7nkoa+dsDvSrJ5}@l8K}FgvMRd%
zK{W8G&=H5<817ucZw)h`dH#Mxvra%qx<3Jw50+9YO`4Jwzgej0rN;x<BboCh{cvQ)
zO=s$A?@^0PE_3ONq5biuK0w;n##^rfUe7$Q*I}6|4V*oZW#+>xHSsA^$u1g5EHqr!
z(j$Ej#ODWW<9EYDWVAtXNL-5(evsBz2`$8;^3s#05&kZ!R%%!KFM#2-C=S?}wgKWi
zd3U;(zuw3{+y)@KqWMcY{h_kC|CZM?<QUmI6YKNoCaPNX;=kVfiarZW?8le0h8z+;
z_rjX-daRO_JmX8IfIv<v-O=I46Vyv5F&?YM=GK?X;m&taW^~zBT_P`z&!0H&c(-w6
z;-gN>ss6_}wbCKWTYc^R@wY9a#wRoZ&KUK)GQVqm$TaAlGBc)@j!MouV~ftz5Bj#L
z%})5<{&wTWnduMdUOA-71O;w7fc#kfR7uVXuZX5fJj=VnuSGzp6#o-3|8lf$V1@Tc
z0RRjCw$o32@S`+H;iTn#^?+)h#z%bp;l<NGk1%Az{lsK`P#ylpqVZwc->kpBiu}es
zSP1G0)K}H}ul76GWX4k!n-1sqf_WumHl}N<ohg4SP{YMC-~en1Op{T6g!QQ(fP*G_
zk82VVKs6|bGS$%@`#mJge(Eh9>K(Tb-)@m}vw<)>ybL2O0c)yDT3#SFRCJgy=j%YH
zD#4ul9CH{_x&N9bDTU><H_|BuN@K~1*30vp{VSAwDszV<dp166(rA3sEMKGY`MI>}
zedcXa%;?a(kIi>U8QO-e*>wT|(#9jxiiPS$G`)Y?+(BO-$nkds)RfSH>?926!FpRw
zoy-;~5_d_64^h`hdNANzRHVNt3_C9Yo;i#j!c6;(E@YUdaV~{T=S77k{Ocb2TF^pg
z7bpxSp$$1CIz+_}4)4@FoF##%En~0kHMKeUg!|{Mg629j@nE0$&Z`>paP{sOn@<GJ
znxgn+%Y{r2XtPCXP(t*C<Nz3CnO-2NoZHjE4hCb|V1me4^M3ZoXjsY9lCTYYmk?Ye
z%kg_0(R=8H#690Tw<hZx-hY-qv^-kpap-!Yx?OLTfSNu%->jfWEb<E#)9r!#Z)^8|
zIDUTHt4PDYLUHXcT8XEIp!sk5O^@K%4BT&?%(Wb(kNZThQ}yXria1)Ev&d-@JdTE<
zS4MiGp7b>d$sS-T<^M&5N1&f)vf|o2ywN@($6qU3_oR1JCUG#~?q@CgCH<et2K{TT
zFjU&Z$EtbZc2&(RK7ROS4>}_A3r>RP;e}x<4?G+KWZVB0MN@cP<IPT28f*zL>^vPZ
zY&&x4$&V(`sxIh5Xd3FF5h|aQt<7JKA6OjLQBPgvH-DZuCNXE4kle0gy9(K9p?&#N
z8C9)Zy#6au2zDrc#Y`Qn?L}?=cZbYG`t$8tKZ=TL5t}A!S%sm;5liRP8EYq1_A%}m
zOX?jjYGEX6JKzKs2V`vxkMq2LT>TfC<Y0%T_WOJ*qE;Lqd+a#~4b2`(lZDrt<f&Kx
z(k=w3Qu-52f**1<KDu*J2SBXBw+~GaFs9Ew6*{W~aG(UkWcX`N1+rHRq8rCmclnU<
zP9HpZrz2H2+RUEUMiJZ{R55_*Nc$A+<J%?(|FhN(ml)3Ua=C8xY+sCi^J?>4ior!S
zO0PjNowiW@<Go*qeoA?}-~@<>(-N&6)$8w=ze^b|WFi#pp16oalxMo~za1|zPXaUg
zaEedZ&m2BhVC_9PRaTaxrK+rw%lxjNVxjQc`hHIh>htKo?;>UK=&cJUcd}KpP1xkH
z9<ai9q?rTk9foeUxkn}#I{$T6y6TyB11N1gHidioYqm(ewpu;`5^_b3Xq=3(3`Zs(
zG6I^AT~u(SF9!V~0nH(S0KE?ZJ0>Q*kA>Mipdp^sVo*@o>F3*NWl7R&dpzP`dA*U8
zQ$3Y17Grp9p<2DueLrT$1Y4u%^@er!(dQYX_Z!tVV@<;&?(ThkGkaSr{5waE#>SOy
zqo%99jfpw~oEz*_@ZHaK!{pIO2fr&=5{*Re2HZi$puyAkTFx*y*wqVL?X4ukNYdZt
zbJkzgsQq4THAiq@<x=MSQc!2{eYc}`J_}ksPR5p*`>w#=zRPH9WH-lrx=6~<!&Q+2
zTju`Fb8qycs8|<5nwP|ve*X5N)Amsbi;?6Wx-wYV;pbFNiVvP@eeC{#Vsn~;-U_gb
z#coj%9jg9cyd&@~!y#9#7phFh<MH3p(pRbk)-KSv4)a(C&U%C|LrD3zxGL9%tIcK6
zzzS!`MJr$&?`FR^<S&rB@IySqEHjd=e`K9osF~lph-LAv;RTfqhVEhF#9yi<chz63
zg%+f%Cm5OYFiv0!G=6P69(#oRomlSq^P<`~V_dI<7u~3r-I3@$Ble|^<#MPysFq(x
zz(r+{z9m?g5w-gue!}zSMQj9lx{Br(u^pFUPowcNQoVq!<Qv$1lQKSm>O5xC+fU63
zA`RFkh}_R_gf%`ibZQard0nx+ns97mE1z1=w&qs+hU-T!zhROE^|Q+5adQ2uDD8<?
z8Fu;ZtA&|cuGswpTJXQ$NE!U7grx7@g~uM%eJ{U0&s&u<kA-@X8n0#j^o#EE^X;hV
zS)Q=#7Op`HbBIcC441?i@0rd#Pg;xES%8X^uD$oBot)$j$3}wSiQPehxG>Cy-4U_W
ztk`_35Q>5HFuBnI{zgenZ7kA%S*vxG8Z%Z^Nof;?v?0AG|LG3$2mIa-*-fGNF*JCD
zNNxn0Nm@gh9}}3Wbd^I$EVyYo8b#K~f72Bh-(DO~EO`RiC6((b&(M{fAU+G-?P!4^
zJAFd~_eyrz$pOVyn<Wd!``hQ#Z5R0uO12=sHNFnY=gTUMSyET7uZVKg9!7wpZpjzt
zzjjBUWNxz5!?&nAv-n7DE=yIx8OM@KScG?+z!4U0o>!M<!7zLKBd|BMv_e_y#OgFF
z-aUTIvN&$)&U!L^omF$#{$zkK32L!*ZkL}i4rb3Y6SX3r!sg&?@e%c9SVf4s?>)TL
zbTJ2qGVJLA(YqzEtwf=qR1eox`1nC0+RhQZIonqSP6(b=?wuB;5ngQ64P~)lLwkGs
z(8$QgJUl#_dDOuytJu5Y;rE%R-aH5%N>%!Ijr`wgxr1Eyz+W2I^<!Q+!<ZJkf<hNh
zISy;ehFj$m!o`!?n9TMn`;8?-)vMuq3>ES?0y;$(SMY58^*Qtjn4{o!L4w9v$HrnU
zu3<;A7s_JFxdm5l49yuhJUD(Q>BA?K`bceUSlFAm6eqUJK4+U@Ql<`d%X(8}_^(d(
z8Y#I`myyi<o13y`LCn39-n;{D#z)G#tJLT}mwz7h_bZb(%tDs!D~e)%cGy4Xo!U0N
zL-Tw2J<gS6!wNEmpj#b^Qx)7rBReN2@}jPC*)hUxeF!SP_WoLAOwC}m(%|RMTn3t%
z0T|b3S+K%xmf8Qj7(K*GRTvTY_(E4Qm79k*Myzge7-rh2Kd@orc3`95nT5X}MXde3
zsfmt!_hjgkWqO5ESRn5K7iYizUT8X}<1}%onadyxD=P;s?MSQ{C}`%Aw6Q&JU2Tv%
z8_?t%+i)3M7D&QL$W0Amr@dKlv+t1zZ3t2&OHAcm-m@n`cI|gDq@d~VsF8v(jo7u^
z-RlNp$xq-u-;SlypjWHGT*mC)iMysz6J#Y(k&y<8lk#>C4#<%pu1^~Z2S&Pf_S!f0
zUcjca^YXqU9}JrG{hjZUTyv@UIQ7KcK_$bj-%;1vIvBRFwaobLUo+Eq+E7`O9p~5d
z&mEZ}2}9?G^YR_Ntlo(DW>&vlc3D{G+0dKcUP$-2MkWuBijUXxJ|iP1Pftl{^qDIS
zbQsd3$}?XROVv-ZEIU~tFf$~pO1xUN?~Js6uXAYssS=977hALQF9#;86}UEd#!cfQ
z-X7Kwf1C0Xx*2{tdL0}`4k0PoEakqgVJ0Nk3l6-gsV}*e(qhmHo<~p*ZY$_DNiUFI
z%X=SjI|XMtP~f{i^lW&5RBKhRM46Ab8|z7hqQDyw%cNqPrd{v)lY@AKJ2{`@QOK03
z{kV$rkr`hbWXI4TLm?Ein~hh}c5ra8?|izf_nq(UE;)JEit>p?T;!L3M!^{|3O`a;
z;yC^iu}58g<XjUj?ccX?J{wZASt5#R)sNDk!4-v<n6cMxGBBX(CDk5>YdTD8B|2YO
z7TJy6jd^BWbI9}1$L!JMBN#MRM_{TojEF^LEV<^Aap$SvRz<BVr(vR+C7)odugY`3
z)~DPX!6YJ`Xm=wcBRXcqQRpWEYlbFk(!IY$-zj)?yHcz0{QGFDzA8H#7DACvPjwpv
ztLYhn!ac7(d=CvJ__^6ej0Bli^3*k)<oO9@d84fSc<AjAV?nO|DW=;e9xW!yCP}}}
zr@X}QcqXTX(!4>e|F;E*H6$Syy6$So*7qmw!Q;?<p`u4pV}?7z`T?Xkd|VGDWn$*6
zXRdatm9?~(p+ZMB7yG|D5NEQ50FW?lwk`mG(Fgj&qSxlg`)KXVOq5LZmq*uad^4<}
zuO7<EC5gCg3JX!bS^&rHL?m4<%G%5bmq(Xm>w#+aaBT9sOTV%`3}vR~y)-?xj|R!W
z{q1^sR+e^7E%lDKfo1W>*|#h%1o6IDg9otp%aP?hHC;D4RqydbS=iFolQx{<59@1w
zRexdX%A&WU=EByn)IUA(o#3CRrDI86Vczp_V=VGrr0UR=JJG7Wa=88tZI7=^>cE)@
z=BnLXl2=oU5jy@;yg%1s+htXbz26O^mY*Z4k8C^NG^Tpe9qvcv_WbIg``qA9;Cr?G
zDbC9M^$opxx0BF6e<03l5o-N>Y^skRKYp>}y0#z8cm2>*B|l6)%z;n%K)-{<;7oAG
zU2d1ES_I*xJvUIFbztQNxDqrFlM(#HN4P$`-BeH9j|mr}IdwV3NuS0p-l%GCcfPrK
z@H<`>m{ye~>WVr4dU+1Kf;lM1C~I6G3(|Sb^G&MveH)hYUY@R;CtPP%#~SBVDTS|)
z4Hj{?QrPf}NRbw^QD@qT59)cvT>|<C2aRB(10w=s`r7X1)sOp+;$maBP%4?3+Z@ge
zwOyHQSKKW2pNGnXm3KS#j}x8Z-VS3qX7oVKC}qNwZ(sF3Uc-nWpRzqo@8F;wl(o`&
z5(%dm&%fYKQauJrnDBq02*T24Ns(BiTrz$>dUX4C9bxameJb8v&0^WKrb1k_Asyk%
zzP2+;jiJRf`o5&dpZdav&J+6GlTYg>mbVrQ_4)H}H*BkfJ5i|;7NL>s*CEBUC=jWe
zetLiihDoPDgEicahHSccMn;+BT_P|8@OFQCI*f>b?wHQ-wM@6iVx{<E4VuXDDb?A+
zkFalM;T-juLsflHjf#ZD7g%odBevW7yTbQ(>y7ZpS*Xpppd{LPs(5+(^Sg0(XwThE
z_b`SLCApztVFMdabKVs;9nWSq$|+*d^tvH!9oYZ{qVk(JgO^e{0b+cRQ-N(Xf^0jQ
zhR>roFQY%-Y&;FT5R9^MG@P&h<A%iUc;P@Q(8iGN7T><>51#dzWEqnuo1TQD-plvz
zO}uA7ZT`UfWH{V~nS~|n;=)zX60m>3Dp`R_GE9s{XXUMm$~e_dyd7};KSV1lE0xvN
zSz={XR3dXUtA`z~HD12#jjgZC%FYgZo2?>W?|w<o!&AzmZI})$`FZFXl?$j4`r+kF
zrZZS>Im5eQK3*c<-`~FoD6FVIf26AG!rZ%Jd45QGgO*N%G5Q`Gy!KO|H%WO+4>`nz
zF8RECduMEH%wZ-cFRv^qcvk4pHZ_UuauVX`wcSZA;_9>^GSS;h(-FlMRZ}BWon$I7
zb<M@aWgb~2Jmq`fJm98&;(_ft)RX4EY?n0B<4<@myY{upn>V8;u}O8qms;M(+-#a2
zvkhLy2boEjjKI`sj*%hrEp^zBkZ$I)9P-S;CA+rf<@;l1wh{t;sT+R}wl|l=rYTL2
zGB*;_tw_zRO8L&N9(I+$oZFGc5T|MUb2pmgQ}m1F5R%`yEji<Jlk7;YbAy2&v;YHJ
z^m}A|2MGmjG;}qjgscJ4OsCb-{eawgA&AfHj`H*8Ul5Isiols^W671xUx_=Ct}hJZ
zmcdaLQGz=)uMuUlXEWDVOt>Pa$wr?2SZp;kh~7$*9@m$-rSXD}c^a;J&AhEp@1VMi
zeT6Z=l5gz;Ub6#%R($^anODpT)b*6>pH83D8T!F%5WOc|zCL&wTHGz5Kn2_6a0dM@
z%+D+;=Fs|Pvy!e3GkKxdv1D8Zfm3B@Y{qpPBl*PGk>h}`S<HyDAjl;oL>4A`2P#^o
zdj1AevmsE!sr+vua3h37VADM}DGs#sYeB0s!TY(L2|tH=z{7;#tEr*izkfKX1y#uJ
ze*OBjh~RU@?aAyM8&Qcz-L5S?&f{tT;>atu1Ne~HwJ-nm0*C+|vYuaE?s!bljHzll
zH@k}**`DWnTz25l=88L!y>SB2RU4uZ)Y}lKH6*I@MFES=`%b0f5L_t0{TsKH3d$9C
z)(~dr)=!j;haiBOBkCQnW!3mR5<Yn|fAi{|3hH}Pb%j}!=Wm`2jxpXEF@~M2=Z4JG
ztB(n+kdJO_ue^^HJ*7Sx)IpSsb;+Ofp%Q()*>x{ydnezq1-)hH*HAV7rck(X$TaL{
zlwZz^<f>)a*tI0O+kmnpD+>QE1Y|xo%|xoBT9w=ltKVg*@UdC@JyTZ_VM;PVWDND!
zmpkUYlQqr<dcYWqKr=BF)GchY#!slnwP^U4NBJHRi0)?GyGDnreYqRPJ#L6*E`cN*
z5*Br52IQx9e@P8Tm&OOCfjUDEC5C$!3cCa<hy^{+Nb5fKA`q{fF9Kw$yf)O>nP=B{
zvclQ{<K@;ClnGk{4m4}hD3K+O+}IBWr`t=uRc!$vZhBc%_wT(ipk6U^k5z&}23?HZ
z$p-)UG?YQ?Jo*~=vD*jSG)~;GIfZ9EQ5HiaaSG*ml6i!MHNS~oIgy*4eAT{aLL0x_
zcB~J3t;8>F(35Bm8>|Lh&&+n5$Z|4&%bVglj|17!4@9j{(S${H0NTM?T@F&wK*o#W
z^Fp*qljIH1pnhr6wx{&GX!*>W`l10XPbr2|8o`_QiA~I09hV<-WhM;(vU39M_qyQ{
zAS6qX{FOB8ui&QS_p*~vZcH4G9G@sV6aVxkTXRzP)XglP=m|<UOtR6<eu?-5!pL7D
zLbnen$Dey4AIB;~jw_-<;vXAJI!1}Tr#808T6(qI8yhxwlV*U!VcErDm|pjPs$B<h
z-)9ScftSSJyzqpr<S)G^8@K34+Au8-kEaq0qxxdM!+bUYC);`Om23do3BT}+u@{f0
zr5~k32x#j3=a?!((p4br_-g4M;V&;IGDv2lN2=ni_HLT+ig9lU8m0y4&w4D2vS!z>
zL%&6-h!R|)DvYhyPt{g3!m;&qXIR~`6iL470w`q4YW>%E6U<F#XF)BWNk`>~7Hmw2
z=M)M%8W7?xXkX)ac`$tE2{y){e3U8FOZ0rKXVYO*@k%n85NXPT+vrfW9v(5(!qch*
z4#%C_2E0;%@Sd@!v9)!fVl;ar+NrT+u)vej?P{_Hmp}NjqaSQ|@Sw2DL8@aVfi-&a
z`&q_*_eej&iU+q=4HpJqLn9D^j_npiVfNP2KF~v!B?)frLA_B+TiSp=Y7AVEJtgu0
zzL6gV`uL0uOO>bU_j`(5Zf?Ng&Li@$DMS}Na}ly<S!W!yz3NEC8{i)-q$%qP<4LS%
zp*H};sfuS9>kO~kpU2%IL>%uqWp0x*FFe!=i~DpmZ9$$6p2Tr&X3sci)*dp-+v<A1
zdE%}bYtpXh)%mi@=gFT8`O(KW+de*f3lm{YR6L&|r|;%to@FsL?V=`%*dH^5+MPIk
z)<x820h3?C?w(bWjSD8Al^M?lA8R;v^RJBF5yoC6<u-cB5`^QJEiNaZn2UzC2J$Vu
z1TNz{+8}V18nF~L#?^_H)zZ>Bmo76D>XJn{x3RU|vY}kJ9no|w6@P(F?OK3+F+gj@
z^KJ)pTrlgB?D!!LCEH!Ohr0P>(BA$GIM12b{9$LH60uhKUZ~qLuGPoA8i47weRuV0
zSyAALg}r_0R#zXXgeuHyF!?Q|i7Lu`iJ|;f3>4NjFnwO)sDO<;=%(VWVo$P)=<jzd
z^;7triOx@V942U@*}%mjlW3v%FJoilBCtt}YjN^4uss`9LfHpGNpf|ZsU4n|Ju%!)
zP`_^T>#;$t$M#nUMV4ri5_?|Qw;5m(Vs?;c!olCT)Ws1q;7<+kq`iU2LC9^;cWYpD
ztOZMD27ma53{aM-6m71o<Q1QP-`^1lUxq&>q`>!=_mqmW*+aYeir2EtPqz0@c;tVE
z_It#0hv#$E{uz$beRCf-cA3ENe))qabEP}l6g(T<f;(m~>}t^1$vppKW`aX(?$o0J
zSR&4tGmzknooKu6eWvtPfz8E<deq$~A}W1sq!WU+%^y}boSb|dhDK~GmVmRt4>~;b
z=?HCUDvpfklfC11J+&fl7!=9HA%y>?zIuspsWBpME^!U?Q;}$w#yuY0?5VL@egZ?z
zvE>#}zg6r+ZcSt3pV(xBbM`TKt9hQ=#Y%UQwj}}Ti+{OkgqMT1Y`o(HC#{<Ogk{DS
z5}S{<Z)_O_s;k04<0ORS+5#3jIG3G}1h(jj?aXo0MBv$eADFyMLfczAE@A2f4cW&o
zHBq2EY*S^&8JXt?vea($u+2h0qY!N?Qv37q>?E|R_1zJ&hF^_dL_|bYt!TSbK*xB@
zbB)ML3-Nmg4xX+M6f&czOW(#b3dkDc`^u)ysX6gqol_GYG2D7Q_xm8M?)JDG-T#nV
zEIbv|%x_r?DY~1MHwcj)jF}Z4Ag3n0{p2<t`-&>2ys~zUL_eCDp)ZV&0}b0g100vW
z!x{Ibxo?c}YK|EdL_pSdFIW+N3gP^Cty<R#H?FUCuFZ62K=)rGSk^$p!!063KP*j9
z&@l-PAmL5U^SHipIE7+I4#;~4a?8ni`;9}%dedqrH31uE1Nu}4;0#rQ8Y%wOWN))O
zeTWdJ{^}@SAB2?-6|b<Z1kN{$m(FLd>x^(+$BUEDc7=ie%~cy29{zG=wBsfK$%|C?
zI~mdu+iFzw+ZdXa+FDcW$gNF4(4A$QWQ%EM8&*|hFPnYD98tMX-<;@D-bJ)qDiR)9
z+pR=Y%T8SzB0O2?MThp)N59X*VuF+z?@#QpKMuLQ@f#V^Iw?`@09vmB94H{JVH0$#
zD~cy`AXpyzU~7LZ0*bU35j_b_^D6)5r6yr^=`MH1l*zV(18K(HG(@xEF;*_=cI#<g
zZXhrxysR;`nvLhTMMMOYXcGd)r$J(t5P?(p&I{hO8)LiiT_E(&x+}FeZ}w)R`R}be
z6KgmJF>BG0Fw@S+S28JW8s2kd2^zIn(-KM4<Av37e)XHsb~Hmw;!^-Id+qkxeeXG2
zb>7bF6pT}P&mK{xSE#6{KSV(s;J)E*4e020a?2W8gx+&&NFmDD@*|m?9njddBf4N+
zpSFmah4lT#6*cpY<}N&jWYjL9;%=<z{rYXUZdJ=SWfx{t@EylH+u1l#U=1$?JPjeX
zOMgRMn38}zLhBy2hL<kD{qq=7fpA;S@EL^86-GWVLS~jFylw14`AgMrcIbmAPw#US
zLSWU>6X!|G2%kDO-36#f18-CwVM637qFy)W_HgEXKmt!pQ|?qO;E+?eEXNqO?=Jy~
z!?cp%7JabLzCU*8z=u?xJ5cXS?uw&C*mhxKPL;N4$QlT-9m&(+14&nd55)auhCJV3
z2X2kzCnaQhxsXL?dcg#YJ!e2ONqR7^`9MgBUX}?k3fI?m)nxaxlF+y8!7d5Cyf^8x
zk-HCclM@Z2pvC4mXiRJmrfn7Zir>N4LK^2Lg!q5G^rqkGA+?kLb9ahp7H;pD{_Zwo
z_R7MrGQx@BZ@dRvSNr?T#n*P3zy57jPEP+l<~U>I1~i|04@}TLe{K$qiD4xrT}v@2
zee052jJCX15KDHk02weZrQ^c03TXHn#E{YQ_x}0WW{%v^5jLZL?jJ~LDWu-MOv`fF
z1EjY_K)=}vWIKAGV^nS1CvFU%x5+s<O~>xBQBj1$uCTDN{iW>A*JMG<P7%YgLXAR|
zDPafI_To$jpQ2!AN0ZQ%HfyH%^`*yBS(|ZCTE1%&6N}JBlye1h$<V<;o|sE|i8u!J
zTVF6QB?c4R4kHbLk3VL9%=%qwrEPRr*J$JGv!B*I*@b}LNo4x+`+nm{Mf`ec(n`(9
zOnN%e^7w1tdz1pBY6%FJbBn)qqONajyzs-Fi9sLdV&GRhCmw^p*OeWiES*j03U*GX
zd+GV%Vfk0FJgqL9gU_;0>i~Tdzk@?HsBN;2(pQf*Hb}FU%A_EvA267A)^smrBh1~V
zrt18q1-Q?KU}OWQllX+-(Drod=dXt{vX1{`jtHC|%ZDOxvz(l9o2y}$fa0Ui)an@>
z0wZrCpQ-v)Ym6+gKoVx1YZxaUyX)(xzj^bf^{uL=^zL+7@;l!K1Ej4pCBLxY4^}aN
zOQ;p&LVC9)?-YFVH2;5IW|5IRCeQ7WxTSCHJQ;@kXT`q9nB4S?-lUlt_8cVULSVz2
zFtT_+>nT>?i9>j~o}G`@GtYyJQF8ZmVRY=hrq(~Bg}6Q*AM#{pU|dET-R&6uN$^a}
zw3_1Bj^$w_>c8|qn2rXWuWx5bfMB*@^854PWrkxT^ParU#QCv|)Y+TwaS+Uol0J0e
z{rZ3REas0qc^?-)WbvQL!Q(*slt(ACks3(&Z0hKh>Fc*QS7pPr^2f<71+Z0%1;Mz5
zgvrgj*O*qDhuU$kb#H(9pDpY*oI`@pJ!)WR!I+0LZ5Sj9JG$v^$kx`?X_=Uq_;@Oe
z@DZaTcCx02I&~NPQhqXPfB|p_>vbShMx=Ter_f}z3cUGxmCV2YuA2Y5XYiMlqUVG?
ze(KTNzmQK=b(PtsruyR?ua_K0u9Saen`&xn-StO&9*+tMr!R#cPVX5!MPD-IbDIcU
z5zdaT)${&;TpECM9jF)(duNmYZeHH@(L&wD29)FCd`)ege=b_($uDB-j}z1fK*|)*
zGW>tzrT@mj62q!;kbFyu`9F*=F>`mefLc9K;2fHqk|J(mx^bauZ4!uh+P9vsYeLjT
zm=`Hp{~f(~Wg0KS+zK<*$G6zg&ExDK$G5h?uwMUzcGe)!O(C<{sbkyMZMCJ;0R54-
zwJoM+WPC2cL_A$OQgu8~HjJyKdSGd0R<u`$RE+(iJXgNs#{?DxIU%y8?e*8{+#@rs
z_o4@>6GI>hLM&I;N3*$-#Vq9hcSKZqu|7-udqXvk8%V2E)xX)?Owga_0D8_@9Amu=
zEWjj*g`+xk)3nd-)$s2?yiI5{R8%tb(lQl{)hY*vhRlh$GsWH9&X?swG2I91@k$+n
z7^nUQHJ1@r4-SUope%4><d>DH+`YT6-{5)0=%1&ilCQ=R#~bk+z%2AkmXvpsg%{E@
zGTM{HQOvKlI#Q9G$8EKgl&DFCj64TN_*#DrnWhbg3l1%k3Jr~nOjO;Y5|V@K>9_g*
zpc^Ylkt^v2INi<m)63<R8$2$o(1YOJZbmf|d3nc<5#mBSoAA}JHj6_3b`t$P?>KTi
z^n4!qe=E@9{;W$Xxq5S|{{G+YG%qu-b=&MvTYgV)92dXZpYO2wO})+DXy2B*4d}n3
zo@rPs^-e_}WRju$(7`ZrI8Lm3$aJ{PFv)`!SNOsQ`-j5waU0Y6zmRQgO3rtzXMJa!
z`qysyi>)8ZygQ`7)`v07JdHr7a@AONg~xOaj76i(VRIQ<RIUk-)^Bv%96O6fLYF&D
zHD$d|xTAObzxIHnOh~DWoKMD1P}}_|=wfgCd`a7~cHq4O_B46@1na(sXtflh5(yjX
znKK|Ro}aDMPls;g)i)pSu9!vryFvGsHbkbnj%*a6{WrOHkTo%!7UtE6BXl@!-+Xl+
z>?P7>y#Kd4!C+d`&IbAU^R$}x2p>l*WKf$A^@yIF@2~1YJA9jd3{xF(w?bhv19wER
zlh2nYq#ZQ3N_S>aPQm~=ters(3y-&f<LdRzr-z2$XRkdS>cDKFWC5H)1gFKOQMLPr
zJ{e{%;R|CC*o)XlT%Eigu5Cn&M!P#@Om(rb@5jtX5*B-cr&$Ee>Jwh1)*`R-Cj3lE
zd39xVnZFoHtxYrjdd82s>$@vqbf*63#G-Q%^KXyqlRC=Bjw6~5q4gry75B)VH9+pM
zhK(h4a!n-Ah+eh@)3foZK45*{&uD2#esPnj`oBg>e1%i_fl#vB>)wCn4#6`bn!Q&W
z@rn3$wb&^D`zVio_Y)mi-J;=$20!~h()ktMO}L(VhjJv2o$`;fiNL|(Ycppan!F^^
zb%%9)ztKB2v(KMNcDt9`RZ<8XIq@(0FX-jB`L(&DQ!vcLid7Wq%CzCud1O$ss(K?k
zPP)fW!bZAyoj^OsmG%#eUE44!n%6iYG7b~EUoNixPUsh|1>|RCjiUAO@bb1bqHi(v
zh#q8NPXpq#C=M5AdLX$$9;Ot6)h#%I(+C?ZWa<bc><&l4;aAzN-NA3`><qE(i81zD
z9!i0EST8MsAF4yA4!gt=dj3sx?FqlbUt@zf@)uTf9GqsWI==nb7J6EUJz|elN9jPw
z!QVmiD_+A&6=RCnzlP))g<A1pb7?qr^X8pGJg}6oj!vf;qZAgZ-F{Nut}v|!H{(=0
z`N`rD?4_Tz#UrIm{a(*nj#SyU4}MgS#s#M-J!*RLV1RU2aB+F>S36)VrU?vhIf?Ad
z=$PVcLcyba4ej2lrAwVc$YPq_+0oE7Q)MOp{*_<x(x2D$h90VK-pK2}jkq5>eQ8m#
zhr{mz|G8g(BEl_v$<Q7`i?Y<`xBdP5L*KR?%PL7N_obuU_Nl?aN0Ml`_p$LV7HV;0
zOQ_{v+kz;0=D@?bEw8?s6tF%#Z;OhH^pcr_j~_S<<a&gEX@7p+=Dsq8Ypzz*xzC|1
z!xgx#(%y;KYv<oJ#4lS%62Cv^^sz8<7gkEpp~Av+k4<SI4Y}j>jIg)oPZ^_Tjwrlx
z&1A}a={F~&hNi)N`?JcAKuxUG6M@WCO~Jx{tn^z$*)^lh@I2rD7;Pf)?BK}3i`6f8
zo%BRa*lP!kEn%pDpkGp*37Ocbf_6VUq93!|*D5+c)!Ymz20W0t+!2-6v4x>WT#7v*
z0ipixthhr0B5=yijR+ug2-E#0Fo`y<>GAuivW5m7z#i21F(I3~HA_oG4q57&1@4z<
zl?TBmakLH{i-k;y5!E{t)*bLT?ey4&n(MlQItus2z5S^oB3|f9orZ%$q-M6>03-Qe
zrnvix<|&~ux3~v`!8zt~5*i$v2V^%Pb#Rxx&>cOXAel4~ycsh*e{G~-iXWO2cObjc
zmByi=$UmSO?6k9vNS6ze)ezihQTj3-hFDRhLtGzUUm1C&WfoI)l_v*vV!FECTkg|O
zdDiIahMzX4QRETQIQ7`Sknp;(VhvWnsxM(n?fsukH!(E)w5*`NObA9leprhh8S|ZX
zMsS0BLZzpEmyelS+^(l?_lJh{S+mVJGZScg-^I}}j<%bgme%U9@OQK&)i1iCc5UEW
zIAO4;3ebr?0vvK0easSBZ<OA46wnXLEPEWi$UM1!cooYPGv7LOBBF<k5=Y-Q8HJ^_
zoRfMo-~IyXa!~)CMqXaNtXwqLZ@NYB1f6TkB)`k$HDDaKc%xX=Emjy9(e#>56P9MZ
zGh6#)sXn-zk+bqm+xU@gmuvlvqdJeic_LRjoo_r;&!noWIQ)GBY!1@W)1x!VAFsZ6
z(!Ooh?S@R&`U}Z*D~Z)aTlw;#gojDjYiY=C>ByX$5a#M@pe(_j7ixO|wNGVrC+uA@
zeI|XPp8Z-I5%__lhMjnM?hE(-x5ELe_N<50?9Muyn<r4P>uZl0w`?s<NGmK(orrRu
zR46an6W(!blU|9VI{X$gv0bA&oIBB*u_tqn`mwEuOLdo!+rcPdPpc|cU1_78H#&9+
zX!Y@q0Xu_9C^M=im!LE*<zykgn`iu~iCdhJ6=7I8gvdmgwQ3jrMsg$ZI+!WRJ*89^
z2YY|u!tR{-`V^UeDUFmjNxwsNlnNbJ^e{P+w(Py_3M#@@#A>jtBDhK(Fai*`o+@*g
ziOKF4kW>T)9#Um8AtCS4y#)04IHjX3^sFRb*TBFRK~*U_4qGNAo?tkMC;#}-E;1BJ
zaoA#=(~%2Z;<yzR+=LdMo+FTF-%s9ueWi69B40cN5!>YW5fmnyk@0jScgn4s9D~07
zP&b%!<N}3rBZx1(z$!H@GZO>}JyAU?9?Y;8<B~vn<Kes>Lp)9s5pEU=+wu5=_SZP`
z0SfxP5aSjq<`M04g|_zg@C^@-xF_0${TXdNJz<`0^_3Y6{&_ECXzThKgs`UtuPRcz
z%JL(F45BBgHElivW^j6P!nATEH?DV9cq?b24xK83tpuDXK|2u4ubk*SFMihJF%!l(
zV2yMGA9+F{oy>{V!QI=I=*Xu(CS}N6(`s3a*<4*d4Git3ykez_lcaf!{Pr!6vSs4k
z$B$Mga<|gc)1SY6TWZv+t)%2o-d{j~tVPf(>cdk|Z8@XCMif`{|FdRTP%D_X+YM4)
z{^KZgAcsPq)vGt}&f!_@)TO0vfiq+V@3{$fsT_6=KqE;9zTt08DWNQ&;cObN^ayRd
zalT?>i}~)n{$Bj<*DvNFiFui#K|wEUE&@}RJ{wX;D6rLuB|5D;gMhG?m7Leie{pGX
z6xJ=Cx>UA2G(il<9C}r#Bw+13>9J$pud{C3eHPUUqjr6=W^Bx>jy;~8ogF1bm=*m|
zfFYX8F|o!n(sXv-wnykOmtt=U8nruo44m_UwsvD}HH;0+TCGnbNo;WRdUcW9nj}y{
zc`cq4iYp3tdqOar-X#|mjbCuQGC<yg+X;HUO`7dHGBq*LAIRW5=MMJ6d?bKu4za5r
z&Rj1l=BlPpu6iLc{XYre?dn2Aui!5&f?0kPw$jLsj`itBNaPm|P26oA9T81Gf*e-I
zntsr!X;+Bz-Y1GpE;~E+x)NsEW`!wIupKetb;l485^iEx2+&1*Q;PWhozYh0QW5Mc
z3?q;Y{Wz^t&_t32i`auHhLqH%PkJR5X2@f{9cMh7gf_Bv;p>aWv|({MTvEE6*c{LT
zjY7Y+^OFywS&2W<JzI&hl#eBStH9J{yE)po-x-G69+R11<b7%PO!H~Jg=623W(VP|
zKdC?4YPa;T+B|M2yh5&lNqDz%XHg7>&%y@f7I%#^V^2!-Tq_75%lhLZR)bk06!4mf
ztR@pmwY0oEdRfPGG-&bn;J`M$q(tLOC!rkN&-3`>PmlY+AMhYuDuToyx<@MF(z^_r
zByx;v?KmV^J>{qxa4Q4&XZSGwlzR>g$hnRbotF-5_-L?f))AZ1d5RrE4#y+i4Y`_S
z#DcK}#>1GH9LS-(ae`P|-BhQC=dVysz9m`b=vQyU<CdVfLIy5*rXaP6Da~l9WumIq
zRuWxuiV@j*1Snt;qpfJ=0n>s+VK&~{x9hbFy1^n%-?qyvrqF(Jr@qZquNSwdU!Zbs
zfQ%;C9>)|pbO|``&WR#Yr&{!=#6(tE3WpF^%VlGmo+PT!u_RZMo%FR!{;ii{<#Ui@
z<AM*RZLdXRe=;*KyGtivP7A7RSFfnpQddj3pDuI&XKx_?Yt0!NWh|CB&9^#}-!QmG
z5>vA?opDmzv$b34@{UBvD0#Dfrmk!ot4>YN53kJfR{245b)!loKd0YsPJn$mE=xm_
zBWp;h{lY<uw}U)>pr@s!l+VU$RFH_n@$2{6I(rR#?1Mx@2eQk(-ppQZu_3oG!Qg~#
z+aFT@81&7u#rx$sEtQj#!!7*%%><RuVeJePc6Tp%nenoLF#tx~wj2r90kl#`)T=`P
zPFq9I$<78Mx7TJ0)S~Jm3z9$<yOp9q9X^7e6pgo==_!~hPEJOq-=9dRKkqZO`LewD
zYR|HblTsOiKE=z&*H+wf)r_{A;IhAGGw{^0^f-B>-otCs<-nfT6Pn)}Ou?_5K`l7M
zyLX8z%xJ1upyj*fyu-#;_ZVGq4B9PpNnd$YmA&Lcn9;#xD^gm!9YiiD^G#%*J#HDh
z_%hhAr_{@BB8dE<tdj8HHyl3qa?Q>C*PX{qAVUESe4|FXs>q&XHNwWm)DS{3et6cy
z#fq**f3iwd3z^ZXzVMUU6VXt^r0ckN_jODMr<o}21P1$3dz%VOiujThi1Wyk>sjwH
zK=6cZI{YigfmA)%mA{iD2%Rr+KE%xp50CGH3UbF1a<aa3sGTVCEr%Q$H$cwqpwAM?
zMubXEfXD_2y2+2Y7N&bD%E!O-%P7#$()OWkp<ee<<(fNs2)gD~SvJT1&m>jIH>j`d
z3zVn=BC+;obWDt~_Yg7?pUC3<Dc)f*(ygVmA3vI|7NcngN=_VZ*xCokaJLeNEf>ND
zRekU0hc0Zd%^-)T$w=YwkZOl}edU&khdW6-DOBo5LZ2_0cwx{Q^S37tPZCZ{*c=Vx
z9YUMk+aRT&Ji<L2odY0sTLl$Bj083+5=&T-dYx;;i`3tXTJQy|aqi)H28E?UQPHQk
zLWhPhZSkEjp6D$No3RL9qn$4u9#04zXNInxVb-5He7{((B9}%vEwR0KNtI+&W)Gyg
zg4v@p#EBkdmzT{K`HP}EHB7{b*C>ERG+)^&+fe!;x|Ip?^S*E4M{yfhIs(7sBM83<
z%9PyeKAdr!j_PoCiJ)*8Z8S$FPFVUcA3ULq6h_|y2-e9pN3u8tGc(oJ{-kZSFzPpA
zq{~!qe7l8oo}Yf_kV%hCyChPE{~#5BR$?Ph^GA))R^P?KGH0^|4PVOnh^J^)BRP$B
zU@j<cy-xxDVHTpRrIo1uMV23YfeD%Hu<&EEiQwiBv>=}aTJxk{>6}<4L8IW(&!44_
z#ZQ1P$0^NxlGKi<@Gsp$D@MhsovQ3q<=(R3QeO2=R4JnqbVs-JdU_DnB%rt*!^MWT
zC0`7J@PT5@&zr^9`0CDUE3UfM0XbT=!|`01Wy?hD&a0f10;=AJzBrV0sWLd_GeayY
zc?6fhjlNV?^h~fxkDjx>K3kqB+6j-GzThT#$CPO%P?C2{<#a}*Izc6})r503VAr9V
zQ>3p}?cf~`Yh=i%b8H>uNHsU4A~UO4tky5GUXbB$Kb&s4(Yeh&M6zwL-lH8S#GV7g
zDj_Uf$fqoK6G9PVa>p_K(tJbl1<1hvZ^c?OB=b>}t_Wi*vpjlaRO?Kl8gWlj|1jeh
zAmc1sScHXz@9~Er!oA*7Pc)Mp_43BUQx#Jbt}3NQvc3ns3*KnXhI(o8T3Qw*d@~1I
z)~e+z25F=38=6OQd7kYEa#7@dtH`K*?#O#Lm{q;lAtC2|tqg&^@PXRZem1K5$dHeO
zQGO;Rc2sVX#}*P41ywayjfL9%Fd!(tx5lozsx!uJ>P31wBT2z%%+PW<>xhmdC2x6l
z-+X-XpR_d3t%#!yRIH`!{QAO6+V!$h3;DJ-^Zk`uv6?7E!`1&-3I*^x!SxtI|1%O+
zn|7~sU*7*8^mSe-`PZ-ZW0JvqZP8CBRee=zYHB}(A4JBI=aU^~@u?voJ})_}H!3PI
zA8c7Lr@wOB`JXY-)5lKdJ@0(EF~)1f_-B(YF21_z`_Ym7wuLBme*-W6<=AnWmj!%5
zv90!=i)m7DnD+S$+2DwpSW2;lW5;$*{z_U~TY?|CRrk8w9uO$w?Rt6g_bfb@Hrncp
z&P_S{|A0s#E{|TSsTsRqwd;&dQdJn^X-i6a4~~qS&=B3ACAGwlSXjzyS&l@|m1Pu?
z%gU6vXG1ZOL^0TH0{Pxo78dr2c+Lm)D?h)<LaZ=$b7YLZKz2Vb%ihA%ka?AcEhy*T
zr$R)M|Du>cI!2FlqRl!qXS=b!-uY7J9_mC`hJ%Yft!F-yNe)29Q!s#B*f%u3<kfv6
z6O+i;*w{xFh2?Sm2lwFyYq?Zwc)Q@Na{eBV^_cqBN@5KYs`0t_8I~;>egO1(g+QJ)
zV+BA79j7zRTh+pD)M+=%)bkox|L;)`bBUlEK=}V*?5m@qYP<GnX+}{%kx)vcLpm)$
zViZ(5q#LARfFT4_Bm|KTr9`^BL8K8xnxPwpt|7jAK%d9={l4E?zkgVB)(q#IJ9gZA
zU;EmlXbkt*>U49j>-5_UybWBkt8)()O(Tb{Ze~SWn|xO6-i54Zd+jDP&0O&|HnX(c
zlzIU)=aw!R|Az~2zkANiJ?#BtpZWExLU)n~vFI^Dd3p9NYOuc{0+^(oH&g(=l=sHf
ze?3OaixYQOD2Q~<4<|h|m^L_?j_J%<zW)kQodB-T&KNTp5$tB&o$m>z&HCCTQ+;%Q
zkTwem7&nk(_WB&>+s&OtDxI{(Vw3w>l#FEqj-0@mEY@5Eq4n6bw9kJe(+dG^x`U#H
zd^;@U^Sc=S2YRRN6}1{lLNGxT9r{-gtpwlJzoywo_58m9kjuct`GeYp{|K-T-mF7B
z(PVcy4?KDi;k?c!E5C^U|8=Ky7OWK&@gMryzeVPC8pxwST&^f?l#NnUKGqUoi#Sux
z>ophw3q8Z37&SddvO)h$QO`rKzAb_4Rp%+(BzXXs(7u#^mkf6>-3|ZS((f@t?wnzg
ze80SGS@s|Fn<_TSphRmb5cTRXqXqZ9_V<0IMhO{h5nR?I0tHv5x5Wx-W`fbrgP;-5
z)47Tn7t#NE_6AY`SXwqKp?=Zg<gaHPm*@O7<P?;6aE(pY)HCx1&_9!E!i|Y#;$c<n
z;Ci3-?X^u#GKsCjifk%s3x8s{<_d6X{|v=}wQkWh@_yFuJ5z&^SP8lOyBQ$0SYnlz
zYOSc7V}|Np-LlSgR3UiN`?x|W%-&yC|6u|_u&Jqb6VdrJ>fcVf&@%T>ZdLMm%yMQ*
zM$T|kjEwMgg+Pc34$?-f74<9$@6RCqyuiOZ^X!v@E<FTaR{t}>cQaFN@d(?>e3V_*
z8!srX!T_9Pb~*LaXIWmEHIDvF$w>b;eQIv$5O;|&mM`d0PY`+=%gHK5{`C0~7ALA;
z{=CbIfH%YmgRc8lK$RfmFFAlDVriAW>vl?g{_opta84jGUJ2XJeb;tAeq!7uCJ%Z_
zy?!mQ3v#M6hs!phfS5@s7y$BKTL*TWNv<1LlC+yrQbKrOjc(oq^-$gm-<9%t+OUKK
zB}k$#`40pdb2|3=5{h|CEpBV6W`zAt=A7J;7Y(DqKCQ7csVsZI_Ku>x%2~S3+lp|Z
z@mA+fzjE~yxmnh&qLy?kX1z~rxcC$HMum@W{obd);R3(qz>Q%789RmWD18b@YUGBj
zO0^ki>j3eoi0jlF$#yTyV}gn0&YVZrz(3OyVqN=EYTj?odi!?R#<X*xv>O5Qa9Tlu
zvT^5OK$d!;lCp}55nv1a`0d-bTOYn7V@(OXHY>4q$O5FYc9{yt=9n|IQ4v3_w3rFx
zSea!T5c7yhQ^n1*7s7v%l<_2H`D@3mik*C-@xTX`9<ME}<=244-o0G9>hj@CaO+mV
zP97V-`{6g3{Cr3y6g`s=N08e&GJ=v2{$Ldr9y*yjPir|7m?{MAJ_K-pLZentY4f6C
zEnC`+l{JIcw1=M0-8y+2iAWsZ``qu)B>X^r_`=AW*&T~QhFC5t>RV4#7qKnAp5^`~
z2r$JDf_C%D6TCK*ZZN=^+OJR?J(zfFoCG;re%ed26ZO($#S{<D(KTllLN8E?-Nx9O
z^+A@d8S>G2%4qF!57Lyx=huWt{5G4Wt^hzzQ>aBQyJ`NC%WL;Vl)4WHj_mM%n)|fH
zPp8dQKU!yLX&Khr%PS`@e}(0{X5<B|H+I8jEF+HO<k-8;^5qV(90xcy?X4=M(>S&l
zB1;PowEOS%9hfU?`S<KR3zx|$aLY+YsSvXqZ|cK?Uts^PVpAosy~;c@2Rwh>chHHu
z*37);yMlfg%x^MB*X~)|;rtJN2!^VH=5_L!!tS|NKv%{{EpWLF;A)vz65YcLO-xF8
z(FC63F4H8@qI)VC+1cTs$K+#lV_7*U)J8k~i)r#z{g)rrO>%%aZU<NkRy1%Kcr1>o
zNt6{`(;=rr#I0oy0gg)xG*Of7QPw$AEg<n2h3vxvJbgAsi@inwpl)5Ga^X7=A9~O>
zroh|znrW%s>}`OI^DFQ?b_1D(4}h+z6#(T}SXqtB9+4NRJblVuXad)-McfI=t<|At
zVu}R~j_P?|PT>F^wUAEO#uO8C2nk3*ghS^BY4-tD3&+91!Dpo7koN^zy<oCvC!sL_
zi5PVsfbyHMStfuCV%zJBjfQ(;E%M-S$*LO;u&D!<@Z{?bJ(y1W+E&kwPfquzp$Z|M
zBu+v)Bvd~qs;8#()q!NI*SPz+(uJ;;P_qFzclc^`KLKQWKxfh?i4E@EVqzsc7W9uU
z8K>Yb{Rr~dzg|fYOc)3fSP9+$seGXGPXRLhFt-z?ZZP)j_1+2-ZR`08nX=Tes)<6z
zca`c8EG8ukm$CN%kzG50EZuf>^+^5v`7W*dx~J=McImA5g|$LVs#6rA(r$N1G88Z!
zwSqPqM$_MJf@<@C8OqxI)T1@$fg!1o2Z0o=!t-%#$m+cubrYYNnVBee+Az>N<i3vQ
z0n<pK3QC}2E(Y;ENbp43^JI%H)do?sO1VXg_Sk@1T-5*TR~rDz+)nfq>Gq_XpPg;}
z3}Uv)A;z)D*=Sz#pR%rdV|z1nr!IYXhgU9NmUY}A1l=>q6d_~QyawMK$Sot80H;tG
zfRPWRad2?l@%Cs<qpUV2uR8Vv<r2z3yQ+XjRGff%R23DUQ@vb$w24T~$x%`g-!Y`-
z-*2YeQnVc_6~N~f6qEr6qR#v&Nr4F^*lM4bHOY6>(H5724%^HJ6(wG8XE|P*aT8<e
zOv{R&Kc9}IUHc&9yk^3DszEIk6%k>EeK`@fhC6~iu|C<j%Bz@(>Cb1ZP-wKP3rPgH
ziCzomYbVRqUbRqX81mtn_XyAm>~%Lp`1L?lUViMW|E@dwN%fBlLN9?+#+tLLrlZ3Q
z72iowh~aO=QTh;*6l#y|;~d7<B{a63<Xl7&6UA=^EeAkiON>OkgLvD9H+BFw+KNjV
z$92v0<yL1Yx=k)U;Pgw618pe;Fbq$QxQqaIK}ieKs-GMSiR_O>05~f(1I%!C<tK-T
zq49_ntdlc8HV+)NGsH*Dx}B$6kmkM{{IWS&Sx<}7t9*Ri)r-xGs}ANg=S2DY-JRjx
zyKU*x&Y;Kma@u?)v=dd&9D1lH`ZNb`HX<UTb)yAZTD=8oN20x|YoijjYIwXo0*%0H
z@*uV%zaQ^OvR_Mb2JPH|pz$v#VQ&?Qb>&rPNOeNtUo$fm^TywR&O%fGQu6_*m51A?
z(>m<*sOiSM>|Wu{%*IV~&zOMS6%mVHk_r&lRCgrIB&O=y@Hn8qL^#jrp1O_fHVFdV
zULvOC20xmUdkinKH?%O5(EpRDpAf*bcb|jMXe1YDX%ljgk);?5Zb&gaxqoIsR0$ZP
z0^jD`hWPyrsKdmmxNLh8{DZ#AmsI3CY2}xCT1wp`1Gz_!1gaOSO|}L>HH1QFi@kAF
zqlYD#JfL*r^Je5zK+5i<sis~@lc@<3z&G5SIi3xZ=PWq@DUxWfI&mXVev>T?i;2cF
z6FXXG_*{*Q_t+iUL?IAT>pGDf&4j=S5yWKSUTf#7EoqFVa~k|)Of@1lk{rKVAn3YT
z11c!2v5{?UZAO3zF%0m%3?o%&PTZG%Hd;Zy4BIE-A<R67VPiR!YwVz^qdsRKSJ#{7
zZRyvq!=#C^A3hjvcH}LagBV+LrewV|Y;{CBpkWLc{rkSlpcDy|X?lWYXZU@Uy5Xxk
zxyOez)dNSWxjI%p7YDur=$xs)3LX2iXA!{8vx%<c`7W$i5K(d#%r4#X(CVIc($*5R
zDY`u$2bjWPmVX@W3YNO;*)?Iul8;cgiRG-rj{mEER*F6Wr%dZ>c1FEZeV@}v5MT9L
z>fnT!Ne!M^N4%&iz~8d5a&ng3TQTqPBSn6ZcE59{pZS*IlmM1EKj95MHz&6`9OI|a
z7$NVOU65|nkOfQMa{z)S&Nj>$U=2$I#a6AL2n+gPyeTuUIJ}{3-P-YOyO^7R7bf4^
zts)B?0P&EEc}0gFnkp)NF&UmV%XTKWhC4cl!=duFi8(VJ&N>%rZ8}rNh)76(ZWdWq
zwi3TdFlkQ{$8<93-5y3+fQ+E~PXE9zi%|SrvSZJVyWr4wHo9LU&LlLGgoQ*8sG?TR
z;X4a{Uc$NakTIgtBu1Qd+!yPA3JigZ#g8ee10z*@cMdKBN?)oB7fj6ORcw9@EFOol
z5ieZbDwq64b)@nE&|xXiL`%@A^c?^;Tal)j5{&lL5t1-3y7%g}G7E2h&tM*8R7~*L
zy~<~a?At6%JTBT|WJhmtclMr3S@ReR8;{^V*xj+6d(Q2f!9F8#uJwqG`rJE4s6CEy
zzg;*=EPhYPRisTDo2WRwj#Xv1uzuoD#HII>??^Y14sC7jNU7`5uMaT~9@lw7ap2DP
zZ8Z)5oN&g-xzk;*$5+bq4{3~4VD+nCn>z#h06Rv8gWt3%%@9!ecJ6ki>-TtY=39N_
zdFDuMu<8XzyNx<nW3-qsWjwP)?~1i+LKnq=keHOnRD&vluCAKx-u9X45R-OavT+-?
ziCC^e<7#F=o#wqr^0j`qf*<q_r>+9+mq$4z(mRdIzR}Fqpw=RMJ3^}mw6-h`PzYV3
zasJ%1#SkD$Nns2mwb#_pFb=pqaKk!Y&+K^o7rg~d!E@Lb&0_Ni8XeWh<$}#kyDgO$
zFya1*(gY>Vl5i^JZs!=No!#42kbWDoV0G4y^|B$k*4^1zY&2Gs@f2`A(>Df?g}-R@
zN4pFwP-$rdXE2v|_9xX}16!A?T|frn3)YIvC&Dna#RRAQJVIOH+lES5`*)ccvCsWl
zv~|Do#l|vhCIyGHu|V|voYO;sNit4^b1Aj{x@0s2Ki8|)##n^xX7$dmkpkei%U2q<
zUMgSCksN;E7y??_QYV$_)nk!M@!Un1XZ^sqr0oovrZZzC8x1!5_+SB8dkny_qR^bx
zBcDj`OzZ;hEfml}KmM9oO6)P%^Oy^See8f25JewUZ?~8#Ib>eev|hqfjz0a5llLGW
z(~P?Z(3C_L6xg|fpFQv$aTo@{ypyd&X9egNY9m0o36$0i&~qu8UA^F^r-|zG=WPJ5
zU7}bD3Vvdct5Re>2n{R@$AvLaA74pAb6XpG!;R0Z;^dfU<>e&sIExxFEDk`cdjk;g
z%O+U>sjUyvzIek))dyR(MVQk-AvulpXAZQ1@~INQk^fn-N7trps*``IYfRgwB!1*k
zr{_!w#V4_|9R`lWF&Ot2{QnN@TrFU<W|M7h;7p>dE9`i%E2W<d34}Q5@SXvrUo&7<
z_kS?=8OJ72)VHB0KcSV$mVc(tF+nWz#rv{KI<1+T+Y$><gkgZvs})qSQH#F&L>dTd
zx)=~UzDFC{NR|lvuyRn&#Y?UBL|4}YzARFE(0M1#xrS@@bD*c?FONZ-gp{{<`hdb(
z8aOuXI1xpoLcbC|I}8H||Lj`j=`BFz?Gp#M-#4cM;Sqom?_12PRkS$eT<l3$1pLFF
z*>$S!gYqf^-$6UO!$FLixjAOOxPx0LKF6g=<}ZhIn+wVCkC@npau59Q5LaSop{0?n
z;d}WzKahIICxG45QblsiziR*?vglm8>n3P3J}*$av}C?D27i5Z*a<HBDm!O+`}Io7
z*z<&Id!>Mxx;;*KOX2ZeKmp)OvX@Xb>0adJ?OnCt(6qBFxbFD#sq0+yeCNi*73zuf
z#%znc&mSk7$O{$A{YzOZxyH9St$Qi?pBAKJ;rQ-8eYbP27^UjQu)IOt<9w~7^Tm5y
z+E!N8DJdzkPEOAkqTgem$1WrwJ)ab|r;O}2KdQm!TMg%(x$nuG<Bx}nmuJf7Pto|}
z?3JLoDHo?S5EEjQwGxNcKO{*YISW_0C`kp}TL_P4+;QAdHuv|jSgkGTB<U2e5mRlk
zy}X|useLKf(mgT&&u_^wPr{=>ThsYiGdU}(V^<@+8sTRT>J|m0sc!;bs}i`x-<SF=
z3_(qfz`YS222kT*ZDAu5&VsZMh}DA`^iGnQbj5)t!n0hK^xx|*&{+nE{+y6p^@GCR
z^|}`pp4TXh+BWWhqJzAAvp!~FP(o+P9q`KlROT7KZhB$t@?EhcpcYWP`4zhTQfyDQ
z>OhCI?`tHLl{I;C`EON(c)~%_JUTj>8HqPyF!ud@qtUl_X1s>q^{AhwH+BYJ7jD3t
zG_!F6NTmV*S#Jd;hc5zB`=?*ySq^~HSQJmPqK&ifiX%IRiS6TJQiDvy1~%Sy>9R$)
zM+|bUGDNWYC^fdOj?liUgU8!jbP)OMSZ82D{Frm#h0UEL=+@7JVf#&BunSu#IJ!aa
zpcOk0jOVbCSczjbQ88P9+GOpcs;r?6D9XvmXk|t)!-#t;6l0y<#UpX9`X|%$-(Q}Y
zL+NQCf~W(n9;dpA+*`y$>elD_YKz3uRVh_f)l7F)PN&|!m?`7rl*Z4`6gA$_sne9G
zc+sBuH&ED(Q7^c4G2=~1y16*iMjUP-{=Bqi;Yo?7dikfCxnZ2GpJ67*oFzKORTh(k
zEzQWth-Wc@=FxK@Uocly=l|50JJ9F3AKbRTSnxw@U*1A{Db7^5R+BP{lBSbLXKi-C
zUNWAgCEoUHWG3WO!G-t$E6*Xrgpb{Kpj~^Ns|-dFLCRJ>`$9A!5Xqsl!>h}4DYDq1
z#W!IIVf4#{fmUSfZwTD5`xLB5<E+Mu*!PA`*&;c%)q_NHtk>^wngs1`#qAwd78Nz%
zJTQz(K;VgHR<4zf*Xfqqr4j^FnfhE))>f4eq%;LRKbS+A2Jj#i<#A}bo2h$xKRzQZ
z*EPy=QKp`UJ*M)|v`*$c4n6D@AM9cNbtO3eV<>z%B{$w6VfVw=>QS@0_&(IvoaANm
zaZm!_6y4S5xFa*r&+m5c$<~hn5yYY&R5v|^G4`mWO9i{jQB(=(UO}U+J8vd&sEJq(
z35U0rkavXEw(g3={!-ogAr|NE5O1qsuKKuVpntFar_p2sQUPL^X2mc+Bj|EU=t;BE
zJ9ISRI5oSI_kN^V{#nE0knCK^B@^fMq!VQoy3iOAk^+)O<L_9%&qQ}Ade*Z6xe<{2
z`?uLLOGZVl(d&uts<{y*t!N~7*M;t7kPOq(9|i-EgW<rej?&P0&S^G0EpJ@G_&k=r
zW|;Yhw1p4{lHvy2nb0@odyTt2;=j<8Rdl~qfkgJDSvkr0R$u3LA#0tl=R6)5SmKZ#
zj5v`#@{NxftK4NGl0x4(gz~!OlDCQmhIUnKMNFb|G9}%{XSaLO+xe5&U3wkO%_}0)
z3*#rm?s%YDuP&+1TO>VM-yO+qhv7g#gj*W+Z-o2vZM`nXa!RTgAprCKD~AE-1rq!(
zh~rv}FRsIfiF7|*)n`Fyz3b+cc4w6%P&V_~zjiIQvu~C8!3d*7aq>CL*z;0Pto&j4
z#}BuzGP`hv4qE!`wHbyV{GhJMZk#WXp0rb?CjA%S@d9G&h9tW8JX?L65t{R+s9*yN
zq!#ws{hDO-&;5*>%yk@fJ*Gfec82_RJe#sHK(fQC&%ah*I^X@;>m+C#r8WOOtY3z*
zi7V`_o&5KPqXK$5WqIZT`u5fZF@(>yec3Z9viELESGcv2Oi^{tt4wJ<+s`$%RSbOh
zhCjqcRsR$2M#slq-^1*3oz4SEC#KzGs-!}>^OvcBaF?D6-FJTRvsoW&zXC)5H%1uk
z3nOvb*lwp56lf?bhcO8Y%K^m6h*6Pn6cjFOvP09n=UCJcJwHPg$LXTJ?yfzcP9cVf
zp7*aRB32r@%P~;0xnvn#Xr-N_Vtdsm61RI`C(fvTE8ew2E4}L@`qHOQxZP*ITsU{4
z05@_dBY<-tqY(VUQJh74-Q6VN&t>(5Ls!9st92J!nPt6^)6%DQ$0bYj1H0uY!2{F(
zTyhD;7qYt~#BLFCYT8D}yDiwoi)d1a=?>WU;&waFE&jPAQkrKcN|>LkDzbDMR@MvB
zwlOy^YHaEs5Tx>-%l6%iGdy}o&yLk~frUN#J;Avd1YV2;CQ5Jqqy6l<k%Cgqr3r@t
z)lNmDGecU%0KyMNB{$K9$mb;x=W+3yN!1%>p?8B8tz==>mP`v+wnoH~ZLYeh_TlXj
z4%IN!o=t;ToWp<2%70y+Pm-T#?!=K#>9nP0<nqs<f{BBQgm6xm8b0WsOC2CE>g!^H
z^H;P=CU`}6dS*o&OW0j%a^_Qr5|ABze=aHGy1+7Zce>(6a+Gx_i93`l#d8oP<Sq*@
z`pk=NonIbWw@YGRNMXp`mwpPq!cDga>t%1RQ*T7XS*St=R@4M6+_IZe#l%6E*gu!`
zi|7T`k5-j;6)B%IHFhpYF{+UpJqRt=U^7`_r!*0+y}0nm%i{~%jgP<2CQ?}dCT0{%
z>7)OQyX4=}7RXyPXULC2v%ix}uc6+%f^E}<AAjB+#p1xmDXE57_+HUq;MOSl;_V^A
zWG;J8m1T!!_1(y$zCI&y?b=jAn#d6{SF>Z$OcRr><Ot@t5u~C{e1CY=)3oUfhS=aa
z;S5+|Rv~|U=YW-CNmk)OwH*0!l?a=?P1|gGRory+uX5j3;hM#p;>^Ql)M?qvMOm$<
zzrET&>6o!grm*9DO*u7!-zxPcOWh}7LrrurD*aVedgwXJMK?N@m{ku`*A9{$tjfiy
z9yK=3&L@t)&*xCI?0AtqzjHMoa(*(ACBmWUb)yNT{2-GOD1Y)F&-2>D-46K@%*p6h
zYy9(1Ui63+&B2xP3T3~S_Ur8D)s)<&iNfx?3ElIocU*3iUHDA<G7quyIxymV!?N|f
z%%i(-7g=(P37O%w+dB%<rhSGrI<@7=2^k(7cV{n3(f48z5WIOmj&l&8D3v?wI-%8z
z{eW0AJoL#cT>SAsZtkJ;CG6qD?Amgh>#rY{I9Lu0FC!gJP(OcV%X?l1^8&VNKOfRB
zysPSLPZG5Hb)FUnK2;IH_;hG1=|v~Zy~K74FKOV#f=Uy=>fMdF7a)_It)m<UO=u0C
z|CVBn?{c61&Yd9!rqrl6ZwSI-Vx~Otso!-G<e{kBh?oo|H}A4NdHDMTw@~8+7?*_J
zET3@J|Hj080W52~zB+_Bt0GoD<ZjV4zoWRX1-%7YT9T%j=XE!J_2y?mV`<nv;x0Oj
zT&qLFwm?zu-CVnPUaR7yii+XgoDX4B-WWmIkGhFL!1c2faJ3E+cJ*72Rp+GW>7%2s
z(tasRNY7JoP5PvzeV@xgV9{KP@QgsvONtSVy+q~8KKMK}+1__fnpLCiA9of_KDq&t
z$#kpNb2OYhAB{81-q4C=pgSLp*zKOVvcZGNzU1QMLHun6dOp5B(odQ?I^%_}B(y6*
zK^BNhF|x7AUn2LglN(64QY^k`8xDx)K7!y^4ALTpygWmDIPyV2N_T531y<Ea`?`b<
zE<Stkz{gabvo%Vf;2sb;$h=WRvEABFoAWl{zk{crehHZ-61ZiQmk>P1cjQYs4<^<5
zV!5$f+KX8_XU!ZuB@?*)fK*)yn5WLp2+;m?C}IC@7k4mU&nJH(BBBQYU7cNB!P7Cy
zcL3#Gtd}Q}nCdaTx71DXjq>c50+FEp1sr5jlag}f<z@3Buf6J?!=VrKs145;B!QHP
zQ%pd{3<?AY!iK8?M+BQ(ftgh1LC=skJ^{b|3xT@@8}Zo*F*XuNyRKeML`erX?72Jn
zW6|?T9406t80|Ca;wf;f&IV1iCvib>LsGrzHJ8U)S|GUgti-t-grUiAU3$Iu)mdGV
zMnerY2C6HHFoT!E5)+|Fn08w}78d?1%_Ma2N93ttXN=<<EaM09td)`pRW0vmhj>@_
zRUaK#5e=_llBr%53$v1k_z#5~F2+boZN&Y{XJTC!fHk+@0nCKco*V`p{Nn!#Q%`=)
zUlWy1U+Bsya(!+K!LE0o<YhVE2&Du#bV!Z%x$ESbCJTY2CMD{=g8187^b1;9^KX(9
zZnCh*@Czxzruw8L(kL)VI(jg!9zS6qabnc-ug1p2(Pv5m-VJLjAUM*;4!jeZTVBrk
zym{l;=}wRK2m?!c2*Fy{*7J!<8q^1SJp{7p1{UPrb-?9ten@;BiecjVsUDQ!aq%<$
zwr&$Ln4GWn^ZOg0nTS8Iah@(~RJVf85-bo!N*<h<zWXXkje6C)xTdi0BUMF>(W@$(
zwB9=SE;fiq^77%{*caZCUIDB^da&8$2hG#B-{375<Cv!OEbC|$vqwnRRbm}#i#sgP
zgXC5rVqn<!Ho&7fm`?xvd0Di`&GHeX?fH&a>e!v+#{~@8T)39kZ=v3EjU+reQ%Gh1
zlx2YQaSYvWnl5y@P2}>zgin?|S9v(!zBR6tLm7whnHNPrp^P~{So&;3L_4oPrbDU@
zip9#xnkMt<vgEVq3iMAB$b0H|j$feR1^R3~^~EiN6tA<-)!&4Tx6<120d=ZLF^gBO
ziB8s^cpUJQtuR@HK8>kY@`(y1I%VQ;p({ku(~|&MSlIuSHldx<V{G-W<9Mz$9hmEy
zo4O36{uHQ=U#9o!j$M8DdmyjNq}oASSOhWkx}TJ79VitX@KN3HBZxQ)ovepoTo67j
zx^w5Rv?zx60{#L*JzmS?of76C;ctHihsc(IUoBZR7v!6-P`^1-MQ4B9Sb9!~6Ns#;
z?HRA2f9nOq9j03z)l_~&k&6|l+icOU%ylkVRa^iMAIAl&r5SsS-Q_ygL-+ynw+(Dy
zk;2g3XK(#u6G7o^3zoKa(X75!h@9M+>4d!S&I#7OI4(BC01B~DrvCsMFtB(of#RW@
zohE$AE`j!%%O)g`9M4{@it`MYEsLT1{naO<9?NemmZqkVW13u*yLWvUnV8<37~jS4
z-oJP&^GkSdfg1qc2q0c;sN|aVGx9uP<lvAa+*D?SaNB^I3P8cqMJM9@;tYE6zi<tp
z$kguB>2Tb&^BtvIcRdlEA5=i&lPHy!-o7RLk(id2Rz@}<&;R~5h}Z41F!Enw@RC}=
z;eXVPGevP_;5+r{7`^>`WUGIeo7tCv1@W8vZlm1a3ZTYP56PgB85b^prv=13?4wt{
z%ZxgPXhz_iFaLSW@oa|v{CR(Q!s$MvV=Ee*1(co+k?rfXJMoHO8caQ_A7xjs0#haD
z;ZcoF8PZ1eDj?;(b!KP%?hiNW0g{pr5fO5Via|5;^L^Bbl-GiJZ$cQ85SrIIiWe$*
z%ja7o3iK6&7^8Eu0U_R2GTS96T~q&Rq|uciW=MgSgzn=TEVM(qN@C`r8wxX`1tUIL
zX9@a0@AmggPq1LpitVXbsHmRpk8b=ZFlxNJ791ePy0!dl2~;BS%@`&F3S#;k?7i#P
zX(R+iMKyVOc~kQ89v7W>pmrV4C^E(9li(0a>#X;ciE1}82l^kG69yn``D5`U%^@jH
z*82@vI{>h8tB;h%P=x;{-}QHmFBEA1dXaso*L*x69Q>2`%f(-CB^(g1?$xm7NY{}t
zc}ibeLOP2UW)Vo9?x-8GZ<MN^E{&UzN|kRaU7YjV@UOV3p?eNg7W1W9_!EJ4fdl>h
zav<ty<Fn`ES{y08>R|(tPXb9?!otEXJRq=LSB&NM#p<IVg5$$8a6)8?CSsqoz8%!B
z(l2;Y_=FkyJ>sZladP~A?xsaKq&G8#@h=o9hIbUfx}avq!Vvdw(R8?RR%fz`^`?33
zlAi7o1^L;jI-kPSI_y;nzg!#5%~lV*NBZUz((W%T!{@$fm}RklJXFl=M1JlRw%5M(
zuIWi<8*nq$4h*Dx_Z+@!)#BxvRTrOtv|(6mEOmc;d=RKyN8+}%Ezk6EwF{C(j-cFS
zhsvesL+SmP95)XHjqJY96m`b0H*ey!i??)j^{f2{VDqoZrk{|+%+W>Vc4mNcql;1<
z4idLulgZ;d4uRoJ6qV=k+8j!>YBh>e?y758uk$MaMga}#YI&Q68FY!)c>0QN2xbF^
zO+U}xsh7XFxEOFM47Do5JCqa^BS1J5{`8~9O$a4cr}FbBTz<_vm$)0Nc^@d%z02Wb
zd%nDvoG{rmEb?n4B#uw`Tpj-(`_e^SDp!}Bbz+tx1(Ym8=CQ6-MGmR*K3riUXuZmu
z)-j4>^w!Hum|}RO?M>J)JZ^O?&v=LO;vlK|!+Uis*b0^NI5|W2udpnry^%;LI$5d%
zv5+-NTZv3iozmN*S0S{!H=x=?tx$Vyd1*TXU(j7<Y2)_PGh^((XX!uRYx{8>$v_WG
z&G0$epK=Fv^vUGdVIroKatf{7rQ!hE>E0(eLf`t+=SkQHzWa<6nBk+Uq~*~bpoBl+
z(q_V40Lhxr#3Y%r$2xEigzUVntdBD=`57Bea&FMho(7@7v^Mtld#~_Yx6@+*c9I6i
z7W}$HZuwmXIsuVqpe8mKKMK|^7kv;G*B_a%_j$~i;7wSV<S5SLZ+hI%Ic5AthtZ%2
zD1j>!P&Y!>OEIdAA7&qqk+Zkv^O*;A`TxE-7zPAC6GM=%u}#kS_rM_!(O9|)11jm`
z=qu@!Czj6Uz&MUy?3uJLJdEBvWW3(0$dSBjCTu)7#c$u1nq2e1c?v=kQwo*fSz-RP
z%A9gmv%8)M9Qe~>;XA*%rhc24e;=&HDMkFHo%;3E4KFVwu0jhpLF-~#pZ40FhcMlq
zVEs#B%1k$S@IL9Km7|sT6pv|f58-I#&lTosdxmop2gh}w(mnl^5cB`sL}gGf7sy^Q
z!5RMB2X|%lf&QM4+~-4$kZ|UATwg~V1Sn#&MKt$LY|cOkE^yV<bJ*OEE1*6WWJUf&
zz5dsx=!w7}OK@gtvO71b`t*7?1sAEA`JKUy{QU2qqhXPNSb3}1QL%ThiPhIx^L^Og
zFDkW%yFZeSdY<*iWBzdk*iYK)!8yX3f3UM~!utn@kaU+DNMmqY1*%G79k)dz*VW>I
z1|2VuY(qCcnE@<jq_A;Aw1U5{ECpJ^Ete7>e?{{3k{d03z`80zuNV_^vwUa2J@ym+
z)PKMmz36bt^p^sjrv;yn&qYP5TjjGm-%#x14;Av5yUCny)c*JeVoXvPiRm$!RxfNS
z7MaUIqm+>@;>OA#YQZ)#xXb%0(6i#j_aJt(sawD|&C_wy_}n2>RlD6vIH*_c?{7Th
zd^h1}J?p*Qub1~;c@-@b;hu9~og=Ey8}YAC^mbTcMVEv%?ant(5+zpCuRW}6t4mn>
z!)`81+8P=$3(&H39P&wEQf`1!&B?BqBlHc}dJO#w`x7>o6uq=jIvXpze6`6&*Fpg;
zO-Xun=kkI@{59%WqoxUmgYh?wjBE@;RW@Pw?LTN%RVhmx6{$%?Y3lcxomAw6r*(Z`
zaB<Pr&KV&{aBxMr);rp^LE`)Y3H*QRgugB!1l}bB>kRq0n`cfPdN`k1rCvSfFJ{Qg
z28^Nh$Dnm=3c%ic3#O@jHZj%~k%=~;pjY5+V3#aZ-p0gSQ?GEySd6$Wjc)PV3IORJ
zMQs4?!w4PF4ta5r;F?28qYa1&!ohK2IX0ZV5ifPft76vTYid?iy}L8hU{Xy@xg76L
z_P+O*pJ!#fS2R{HQ2!WZT9f`TrTwepov^St`ec7&S#6JS_tJu4ya6-%iBNA2=}wOV
zY$xi7J3+?B8m<S4%SQKJX15loAI_%Anm_uSrJ-xk7Rq_xDpz3a5ue5OH6lgIXS-8T
zK$5k<-LaTtyKkZj^B^NE;%aDwg~dt<e-sxNi=2O~SG{pzL+`VG<tIa?%Md7ste(DD
zF|*@;f=B*c_NfP6lTp*DOrU-r=t*Pm;R-i`C|ZNCFpVj@QLSH5kwINA?^$D^Q@`)D
z@!q__R4=uzj&uB_5G@WX`S9^$t0zkFBMNyMzKxWu!<#!^QmqXOkvwU_iHpLBnqe#l
zJJfKv$gHHtrh2DD%XRiyftku1f_DV6($Y0zo8KFI)1iq15ug??Oa&^gxVgExvMIZL
zIAH7xz{lQYS9)}o(^iI5yZ9T2cH5!(J6fu0Y$0N$S`yK^%mHh$T<M+M?T6OtyDROP
zv*LX)of?7_)X;%};bPmPtGx7`pgnV7tI{~iFnM%q-pH=^2e#4S3v9~-RW0ssc!;r+
z@6O6ke%z|9)W6`mKV-ByJmP0}ScD~Pn&^Ju_R?=9Up^QVy3;qO?riq(wa<<TGl8CI
z^}IV?C!1T6?i?11L;RuZ`x)3q-D7sM1En4enF<iZ2e~xT7BZfCILEA(nGb}Hdy$ee
zyP)3x<%ri);=d(Mj9%~L_1Qt`Y&o=8(XPyxqfwtr#^aT{I_4a0Z-I7kxhsWyAt)d)
z9CeK&&&e(<?s{m3ic|O<>PItMxb2DxB-nA*g*-u50~V|Z9m_+-v*d5?<s?0+N%Rna
zJ`ADdKsRj#^sUI*;sKpV(2BX=^HWEnr0&~5`5Ayb2nUp<au0*AGev6es{9z=2Cy|_
ztkW)DY1eX4+0)%d#3jZ8Ady7`+ZLADwgASez4wl<tH|32zTZg4$ikBDD9i=k-a7%G
zKk9`=3vu@cIygM#=`+FaBzx>(7D$a-TeTd8-Yz2{T^|CCgFh&yI@%qN5v^{z^)-%%
zbQ~HyG>meLVG_S1&Ab-IhV)dvSzEC~9gS*c7S_vk2d%w>t3+YR?)<rf6pKTu&)Yqq
zoQ3sH!<vaFI0{HNH&<D>1sUuZmDUy?;>qGHQSg)(tN?2Zu>kb(>(zKDY@v_#G)@kY
zp2|Fo{Pm-RG}$m{kzjo(w)VXRQp*&!CVE;l85T{O=lHVstf1pxb@;lb?qjXd=US_h
zf1G$rd7!DcZ*!1i-N4Ty^7E2WK09RWVu=iEc<OwNyW>$%P8Vm1ykIffF*DZEdR!aB
zx_7dvz{jikk$=(FRw14!s!xpcNBow934!>!qfBe+G8%UZ`XqA!Fj_XpWQrWDP4e`B
z%N4bH8dX<$8z3Mmj$gio18iCwV5Bn)=<_(<Q7>t!fg!790BlaQvJI#=YdDu~%_wO`
zrQPhKgGn+j-h1;oA8U_Sb9t>t)mYd7r#w0`WXg-_eqnWFVE6Ife&8u$Jl;#w?q|TK
z+)9KxQxF9X;a#d5pI$S`MhQVE47ew{r7lU~u(;}7iq(q?tt)hO-QA)T-PrT7vb;pC
zZ#nTvZ{6OI#h52HKA?m2V@L3NDJ+s}*@awt<I$DXUu#tOJi5i_$L-UQc1nA>wKfhF
znVDZRJ^N$UgpVcrodYy$ofvb-0&+c<)zseAn#*F^F5amS{N|y1{A)w)RNp;y?e6~G
z>F(0{&t)!r_+~yze|^lB-C3v#iH*|7fgcvkpRD^rg(S5uo2;PrO~_tVPGws5g|)#?
z#}{v^A#bFc9Exs<4E8yb+5};GvceyozE9Vp$|-Y)RUKRt-5MVK{JHN`&b2r3U@(9#
z*h6;p=qDxFH>swBss3`^{msessd-6$Jlx;_Wb@Fzzd>k{9|k5C4nBll%Im*AsOfs&
z(5=no`Z5f@<)+6n`&f0^GBO7{yKpjfdz<A!C`q%NhW{hVz?<T`JgKuHz4tkVyH{4+
zUA~3qke)6gs`!r%=4-AhDa5lgyB(YyUuaadMtSZJJFk(lq)ls%OcgF(Zi)={m~(kh
z-S{B((zLRhIbtaAS=Y$$+*4I^J98Of_*aw1k%iT?KWQzkDsk7Xvf-)8>8C%OR|fO5
zf-`g69QL=<C9i-pc*E}MNFzt-=r!w##k4$U<haoCcyCbxi;{vL0RHl6f$q?gpU6BG
z3N~F03=J8pcCu}VP<xV8Cc7x;Bu|K|!uV`B82&sX1S#2Yk24OxMXAHD8kH8PI`9qk
zUSD17I-#nVJ50#VLEyTW7&Uw>)QQ;7<K@Rn2L?w^;w)-5;~x1wN-he%@zm&TWejbd
zhtoliAIZ0?5$DMluBFB%D9IC&UZ<mbyW?l;V9wc96WJCQA626LV|#BcVXNhBY;9!q
zdO;|%T6z2eX&mv^9n|Cl+C(M)UV?uYW<kc==`?1s#mSufe8qaiyd4tl4&^839Cbnl
z<n)S>#{-LyuQ$L-dP`iA?KbIq=Q6)Ke$i<yikJo3>5qLO<chZg>pBPSgrdSbio%&x
zlh}aZID9_7!e%zxzB>#N(II3nLug~)cE>qWjK~BlHA_`T3z@acK0zdN!e!sH;0^_S
zQ;Vh|rCJ+>!Chv#Y8Vt+DvV9$-&Tn_E4*q9fL@mNq125U*D0r>9fk9=f5T2Mu|!B*
zOjHSJGT=}Y38!LV`PMiyqbB4eCcdY0E5ReZTby#`w(*gur@n{;L!!vm;kd+SWI1ci
z`=w}0bxch6b|E|)1{vJ>k95Lzj4Q*%mG~>L7SZvmo*R^>x$6d!y9SfO-L6h$z=3Q8
zFg03it%nU=@uH0z(=AiF4))~>1>M`8NWrSfoynZaU4H~<2pC`@iIQmm9N)F<AtYe$
zZ{N1Pjn|o~zE@&HO(GN0l2lG*8;P~q+u8S&_%k&f;yKQIGwkD3B%vAnFrukdWs66M
z^W^jA+4guPOyi82ZIj~Eqdk*l)rT45H}$yt$wOj&@PWj3#A&b(Z?SFc)S}4ZZ)2VI
zE_>L=%0Mq%%yF_r{Vi~LFR`*u8-~glGNONrU{9=61yp@HaAf@Uhsrlt*3Pj)ONR<x
zQulC`*T-dvzry<46KHjIM_B@7bevuaIc&S^7eYPnRLzo|h~aJ0kU-szk{hT`O6UET
zb6oFVydP=YiCUFB(w$U+?_^I6ZBm~eg!l#MICz%LQX@E)_BA8d2y{`qW0Q)=L)rap
zj#58em(IWj`9ymUcWd$M;|J}z#OeA{6Y!&IGCxs$48*BRdo3Z|@yb9W*YUh0>41)h
z>pt9bmZg!-V>`FOAlF^ZWsXdT+}J>G^7QD`n#9JfC1ARVkEJp9BoqF$Xd|&|V|CIc
zu9XXy^rWL5&UiFEf2`-y2|w~(PqlI9!n<fqc6yk2V(L=gmk8k$gPW8sCmc_%!Z#x)
z(?Z<yO&jY-9jlt{-{c6mnWSI)`aGmplRgwnZmsszn@U_v<+^zF<}UPf`*^ZqIf077
zg{3hTaTNPtVytp}CwTp<YV~cjM%dtbeK5t9%_6>dxNkmM*%%;s^q!9cTDVCgWSfNl
zSPp(s$Kl6=NkPx)fvHUUT+&>ZW~e_3;KBfg9cavjXY?l#S86;*^7rL^CfE0JL?u(A
z$}WG{TVQi~705{yD9A4JR{bCcwz76}pK}%dONEn@a~rmoT037+JA)h+R_<sRu%I@`
z(i5_?%)zI1AMLN4%4Pj%JPO;t$6^4Z46K!`b*qSn!Z#B>AF~)do^q}H)^JC4jlFHh
zP2u1#%|M@5gGKu`H#Z%vsnOEELoU0=ItK5q^lW*il8y6rM0>BQ_?k*QPz_QSy!p4r
zposO3b@^P+7w(=_R42=diTHvDH`xA<bS-L5_=4Z$g{cl#<Y7c2F|=xK)3z`1^qC7H
zK$0%UttoYKwRZdMy7P(CyAbs#GRlNf1~F8?iIdBYeBxD!<5`;)_tMMtp0!7OT!fX*
zR%9({Y125I^5nW><u>sBt}z}wmaa`f5rIp-8=Qoc$RTxwU0xmm4V?L7Iv)D<Fd@`<
zrR09Jt+RXQTINZ8Ujs=u+>R$4!JzN;!dx}RkBci(r$|)nsF$cQcr~2IjOS>n*7GHJ
zc)~@Atq9~R-P#R?$@PuJb-?a>Lu|U0hn^dcjCAFa&4yNdW>CV_{jUdBW{doa3z4-)
zskV(ITttBP)M|g?g5=YVFMEdrrz1D<k$}jNG;zPF^8r1g#sk&RB6%{u0pA}IYVUV&
zS+h^1)>-$Vd^J$BYckE|EU9vT^JFN|qb$k_*$O?W=N9+)>;m@t10)jg?fRLBFUvGo
z=xoK<P6r`LLC4hbUQbaWOe|m4P~$XIM|MC1AAF%<ot&$JU2Eq%O><|LV~D8a(T@we
zeq^V!zLRFq8t$si)W`r9E%Nm1!ITFqIxwC6xzZ3nz^qK)H7t0E`CH_Lxzwb(qLk=E
z<@K>o4Dy1il3U$5ui<o@ulB0px;*kaZQ*Gg!F!I)#BejwNX6yFh{}w$A3~xN*}9^a
zbT*Fy{31{G8yk`hsOffI$2VKp2Nv)k=4<U3#kOK)8c1HA7OSojUYKHopLP{jHohU>
znvC?^D!GZleF90LkY6hN%Z2ckCKoy;OO>`L*}Zh`QjkEvUaWDjtdp|2OBpX8>$L&_
z!ZWDs%?}%EG{6|E-Isxec-sXuw8KxF8*5Oc{u@-X&OZ{yCMPDRCnMpzbl)(l<0o~G
zP|g8+r_CG>U^XY2BMm{dhuw`9ryFDeiAR!1p{=yy#KT$YMqSUz*arvlT%$AzR{-6$
z-G=LAr_JeOm+jd||8|4Wv07BNBq?e-%aeRM8F&QcNnf~XGdLs#j|-t5Oh+ql7pOb4
z*p&pk<NnEewObYIDOBwHT|&MHElc~Dr<v}h;q8fUrF{k@*Pcw$i7i*GpL%WwP8QeN
z8Mu>=-rcu>A4ac7OYZxvzok5>UVqaKH<0gSqp2EQe01ebX&y!mCM}AxW*v7@_oQ95
zMRk&vj1D!}V(@r8#9y^$Gh!0-db0eHdAg}PerbF=O*c^5JrO?yel!i(uqROsih^U8
zcUQ{kYtrn*s=&%Z#t*ujDKOnxA0tcQD9M0%air_y!jEJgHKd7tbjy_;E&EP`w*^So
zZdk)!jq^bCHfCC%0~St+6g_TF>cCvhqB9b|`*c#i;Yy?x5z90`OmMtN(0z*NLSu#s
z(c}Oe8N5E4u6v#KV14xg(dojyy;mWlM^Z=4cinf^1|RPSLM0(<!-CpXB?7oBG?F}&
z5*y{m4~A!&WXtY!1@E!Yl?!UQ9_$KvY-*M5d51SITdO2^>~+6-lRs&Tie~{n8)|wb
z74-krB`iVp3I>0Rts0sV%IMG>ca(8)BW50z5LUi!kMQ7|+!$C1R-x-|ky`Lu*F+v#
z14X5M*%#vMPvjKj-#u=}eUuBOyLG4<IZ@3a^x%5fe|fThd|QVb^pBE=7}e4KY!4O@
zPuXgLJm)PPJ``%>N+B7okeeGtB_wf~Hn1DU(unXlB5P{Z3iit#EfK6)wE7%Xwp0lB
zfR!QZ-rF`ea=v}ZW6+$!!}{79S$*NH7|ZmETPb2k>SCSXbrbiivDYQ}490h@re7*Y
zzghToAQEo8D0)#hveLe##CGEQ2DiOk3I5INbb&2xPdu$==JoXu$#gH}^5@N<?ha)K
z-{6!iNmqkyyfyJDb@SM?uIX-Bn3YJ~!`c@)?Y{H9@zh>&uQt)_Bvbde&*aw@x+OI2
z_~9=^YizR#>6$#XsPh_eE^KW1t>ml%Y<Gpg1~#JEE;kw7?f!7XME&!b*K;e>xJ};M
z5qUCQ8R%72F7!etj*=^fjIwZnMqGk!e9s&9c4$+%f6>_dXuBq3(QjQBQCT`DNb7sh
z8@A-uURk61GXm?Vm(2!&I)S~tx&yq$O8!C}w=tKt@HXJ}U6(i>2x#ck6;rEf6I`W!
z!$$?*4o5|%Nzl@9E*&;RhP>J~5n79l)pT=QGdVr9Jt}UtjZ3w;rO?g(DptZ>_s7Sd
z>6hK3f+Kz{7qWB4rshc;_mcm6RB@#IGQX$iNO$L$;q2(riPkfYhor?<lYb>vE6l$~
zjh|en&b}$-Rd<M=qE_~Pn_iGJAViUiD46=Kw~g6mR6Nh%TGMt0HyxtmBVf*f5T&X9
zNE;YTi{7?V7?X{=!NtL<+oj34y`T8LucfPb&LHW9j&k+l(g&Tr5o@{bw7$)g*xKtg
z2V=0Q*y)eM4!2A8>Zx8wp+<5n5$PO`*~r+TZW2pbj6}ZFMCe^B2B{=<tc`>;`~>+u
z4)W;?q{(Tp5=uFAbZB;^#zB%#_{n&wgMG2prlm$(IM&X`C5hOCt(5J{rjaKfB2&HU
z3e8xlxH;r^*s~+sQ>JH}(!{b?Zx4u<Et`nrm6B;F{d0axdV{q#d+sr!1p)6K{aAVt
zJV~5tb)fC!qAl%Cx0)#d_(I?zJ?=v4z|XXa5`Kd*WYr$m+kw6`0zGBO*!Is1+mXFB
zl5Uq?gNB4H=Wl|AH1DK68Yf>wuCW?7Rj%fs8uH2eZgduu{tB~CQJqMLi4XF2l=t?v
zh+soPRnva{(tc@Nv;7uvfsB?-=Y8zq`;R|MP`h-jzf`;su+x_G2A8;Fu1@}_L%z#f
zik#wNT$}sQEu5~0f<G&e)>G!<RU$H8by9>5FLNEbjx};CDl^h!#pXxfb8svSm!}?)
z{yW@>INZ_pM80^R^HXdc9#IPF!_jMZU$WH07$Tt%bBVeN8Q>HNQIFZ~ckQhaB_3}&
zH;{=>KAB9nc6sPx3eMyzxwW^e4uZJIByF4THNa2zvtQap{#gH}DlRFu#-sWw({tj*
zB&FwJiveWJaKElocS(b%`kR3Gmd7{(Zt1eCLPyD2zF#%9YNf3j%KI&;s<wP9A<s&m
zy=q^0AVB6MJFrpG<A+LPh~zQBjm};{9)U|W>k*<2tNGB}cZ<0$t$Ym(be?i9!{NCE
zwHHxa-TK3$qwdgvmCTNs;ICrWjVCe{zF?hg{>L(yx?VqDKHYiqN6RG<px2wb?NIh?
z3*f1M^>(QcjWQUJ%+5iEETLM|<blfTA;Vg9EKE0^Z-Bd?E;KN~PUQBR6Wyd;#-L*9
z_+9dR$kgZ^iQSA`f5b6TFd)&hwXcz^MXHQHR-14E)*T>0J-+v;o04xaRdq2<eSLG;
zLItszX`wQ_uwc92L|J=9XLE(cPw+T4l0q9kZ8LURVs|K)ayi3YV{<26OjNg`F#2_i
ze2W6#LiPN;M51n3Tk&Ku7wox9e_#Sd?>o<oY-q*qTYbD5gO>Eh?%LV3^*O;R_Nv)=
zU0M_TIMzdZeoxQY5+r5I)xp#I#0c4E)Ybkt>jy1T#eMh9&{JcY;ALU5^-U|}Z`b%t
zH=uV$4+86@4+9bU=*)j#j~}mljKZWCc0i4wr9~~YH{6@bG(*10{d7E6iX;sPR%li~
z^lvylhS3qj58rV4v2j-B;V)G#kNZw8r~6JmoXWI?ua41?)SgO8ULkE#9R`X+>0OAQ
zbM0v#j}(%6G66+Kk(+(|ou&4YwUC3D*yamZ!#D~AhK@S5dG@U(M%V3YscFR=*jEN6
zuGYYj-ukHV3uIRuiAhKTu=6`eBu{s_LDcOFs;hF1jLWleq``4O>*6<qk=osOkI8y$
znFfQLDt7nfU?EXmccV29-D<w7nH?LV0j+~P+k<<YuXpIUe2&&CU~ppQmE->EV~5*i
z_f@Hbz?8k&%5sXirHI}vo#a%H_{25Oj}2#01u7v-!A)#I!)pp>o9P-u=$eXHp+$$S
z%~P59yVOjXI$#2~Q|r{?#@5!~Pfv0I9!-<sNS)kR<1YF3$HY_em@wU1D`fO>a`MZE
zReb}2Bl;7g`tA$SKGVJLV65w$xa}U!NNkf{<@)a9oz;zQ<txHS6PxPnTj9o&^3rZ*
zqPUo8)9JG_8RhHET=2^8;cY3Bd*3kX$i^$5J`vGrJ1y6=k+jeHndlo3;s^bB7;cQO
zV06LlO{pvAkN$^wH!$7%Lq9P8v+n<V;HJW=;iP%@viH%M9QE7>(UYkbJjLq=j;n<#
zrrN^K9s(^P4Uv_$U4*6^S!UU<YgX2kUG|FfUAK#8&C79YHEV`K^tpA$yAG5?^(-_h
zD*^%{2dbaL?T&qS7cXgBHHjon_AfoF@Rf@BY%ifyJT$|!BPpzg523p5ou5CM=P{CZ
zbx6SFd#}fQj`jv#*H|Z>d}hKQIrfr@$361>+?AYZbEeAl@^Ig_AbiJgvswNOLXCA|
zFNICfP2pnQ0E1fpN_cqq3v=_Y=6A5QJ>A?y7%zbRjeQeRt1?96+s0Yxz~0dbgA~0_
z7LX9QOndygH4hTq_n}R*dRv;jB&KfTUqK;Gs{3`SsgLo4|91>x@G^ROMCTMg<s3`L
z$rRJ+(=dX!@UFjPYnCIXgSCH~eD`@h2)hMd-4CXd9M`OmnNd2{QB%Wjt-tFfbxM>%
zU(mc?a%dIKFp1Qy6(w##s#0jX3mQ%+b#nT%aV6rbirc}CV7=I-B+}1W&-UIQKkc8G
z*H5WB=Y=~|_qBh2^9W>X9#O^S$LP?&K=(2baUu&y!`(<dN%KrU$=&tb?4-KTLNApB
z^S=4o<|X6N7)u;wg4<Xyw`i$a2V}s5#4d-4o7#7eQv}XfwO<aK%6!{`nnTLg$5;f#
z9iQ6|^lBVFsmskdeEGEKw~m#?T9kM&5n=yA9A|VZC*ZTlnZVRl5R^4%DhO+o<6YTi
z4>d^?by#>T^m6Jx54ASoO6D@JprC4%fQzT6#L7@1i{(g3c8+#G7gq5VS?SX7@aahw
z9T&N{AY}b|tESSc=x8CqMCYvM*S4DVJsTmw=gwc>q(hL?+Rx_fANTj}cv&%N`2D+J
z{AzWAX(Y7n+UI-2gA>Rpj?T^jJ&EjAoIEz~;}|(~yvUs|zZkpLA%dS!Q<SipP8&lP
zX}qj_6L&*VLE$o{dtYB)vxVb8>XbwlBQDF@V1Dwh_gfFyTsfRy59o2jt`r&v2m6gx
zmik53uHTqEY@sF6J^c2x3{|5tX&5Ko)eGWO+K=)>C|77n2DF4PCb+Dw<<0w8y>KxU
zOR43<MefY83jSY9i%mZvyoo`qd@A^(3hP+%p$0Hr-p%DIkP=zF7oGy_oE<hNKMcNm
zX;z!BV1YCHv)l1L{7%Sm?W2sR?;F5E4eEJcZxX!byYKJs-&m{~<ey1b%-7M~*)p*B
zEi>OadshH!gWBH#J3I%QAvt-&p8Z5FQNA9AweL3lA@(1E`}c!4CS+Z69g`~M#O8C$
z#q&3kYQ&wg?<vplebJyh80&d6WqyB)B_yD^JbYs?_PP=!+5Gd|;ZUN9%(--aFi4;(
zecF`0)MJ8dZg_Ns_%-LJwy%Gt&P(X_or%U~2sb-qu+24ji2Ika{cFP~$zjD_59wjl
z@L&QSs~bKLpYmj~R|nAsFAVKe<1QG#5dZp2Mi6V`U@PMu3WVS?xG%GW46QUXRmAMi
zg{T$p-agalnzurIyLwFs=i0qt2lhm<0=5BN^=?B&bfS=ep}YV1h+cJd1pC!nbtKVv
z<mk8X{)V4|x~wZAU|c5nHQCx(@X_;XFwJUo-c)s^LW1PRYpB?~<BJ27HqKk@t{$eU
znMS5Aj2*Pqk{z`B*01?mvOYQ*>^3hK$~)ZA02=rRt%0Q&aNFulf^d4y%=4eYZfAQ1
zOnHd%UjynEJ#AcQ3o~qWWQK8ey~M?R*|(K+m86fs;KhhhNMK=oP_w3&A76OmPddFq
zx3cYTrOo@;Z-xv|jX%dV8>fyeW$WEzYxYIH@|I)Nw7t50{-B-9>&7!~!I?T2|2+5~
zwE`Kugh}R9`l>qN!WDdt?w9>+SU5{JL&rCZsr(x=E+Fx@R00~Bm{k4W(@^?N=C=wl
zBvSkAT$}ehDCdT6su6$upT@2;tcmRFLkLwA6a_3uTszWSEEIvDB8pO^Y9It;=~a3a
zvM5*qrGyTv0wN}$G!saOA{IgukRXvN0YV5R^rF6#0_yJi-<MDGkePeWJ>_@GJ#(i@
zBSU=x|67pKsd2RB%*e+-fI@Y;=$Q9+1o@|sx9o)sKE8Z{a9PIig{<MDJ5%N=!0I21
zJWTED?`gZd=lKGlXd|Hr(G&KRWXJwnCAAmZ^=uC|xT<PMT-t~bI`QCOfD-?>$K4{5
z4^?Lq(K6MT|9{N~P*AJ}x(`0`=Hq$b+E~|i|8=EPj7>$221v(SC9URiX60z8Xy?}L
zDkXMS=`ZwInM(Te7wQUS$t<~)+t@yxcc^c#II-r3#S9w|=WOx8@7THq7IM!53e_L)
zU$i??ln`6GA4EIm(^I*>Z5^O!$U4yec%`p+{HP?cr!VOuD$1e=<GPmgy290=LB1!R
zN6SfH#mEcK^3+IQDR0KHK#kqs@y$IqGIRmm7U<4))==BSEO&(b;(B}*tq^|+D$iQF
zGVp1i-({!QTfhGrbj!)i^3il+yiMe%$XacIEy{0k>~NSa*V~E3WXN%n#Ge?}?8j^5
zpMFK)$=PpG;r@8VSUJ|#2``AQ(7OR{PznSRUv-Tcht8+5*parkxASAwL9#uE9=58k
z@MY`1-hwfK{v(fE5%8nV#r{dG2Lw(*Y_j3^3-4F}S^M&>oKBbfER+yBWMq4Aez*P9
zDflnqR5ED$((KHH^EUR~mc-q-&W@wIB8@VfejVtJ?C7Ppgxr2$!>RwOivY&lqtSl(
zkE10<Ck+2;7zmJO)7_j2t!nVSF&6vS6az$p{v!mS9<;KI)eHX(6aFrlr%Vy-U!Zt!
zOZZLMt!-}Sj#eK%>lJ%>y9c3aC%e3dGza&4WED=yX~9P~5Xt=a*m8ja8R(UF9k0%l
zo&II?t-E>y1-61IuUs?F8Eo?p=Y(qhlHx?mq4yt-{>u}qgnfb7!ji8@UrQ@}@y;v(
z*~Y44h(Ed&dDfSDcjN!lA{=`u+nn?`k_I0+3+3r?JfpFW#cOeCWu$I(qIB{4R_pIn
zoFU$+n&OIk*b>mf-zFX-^qh)2sab)=ug|)%R5oW8<T)uP_Vfq%S*4kE(X0d_9Au#G
zHm~E1n_~{7XhK!4=1;>FL1V#9x(1usKNQ=s#%UG#p6#&}@~5#l|FPI4?pr1omkAe9
zjl*5NcZa2MLhkpWRa%uNEvF=jmJLQff$n$g<Dy~v24xiz?D%Zp&fa4qr_OBW%ufRW
zG4xyh3G*paw$=-^S=hd9+U2TIuFgU0zv&86XX6BZ1`?Zggylt`65wMn%#k{l$KKCH
zh#x1;i32ZpW8(x)m~w_eIskE1?Sn3dT}MJBFZfkbN>Vxeu?0Nu%tyepJ>wy`UeRZJ
zD7J)Fp?r8JuUPGpv+^Ns?fJqUwikh)x)jA`1ps)0ya+w>?Yg{SNy6qFrj6|HMctm+
zW{C%iLfpGnFN$}AwvT!WhiZz+iI--5er(BNx^gi{u^}l2_~fC(@l8Lj<e!f}jufmc
zWOjVK73th;Q#t@Ran=lrh#WSIG=Iy#FUhhPXoT?dfLU^o^V*-+v$`<u#iB9PJ)ElJ
z!mb`MQ}45Lf9DjUv9!;Edq)agapiHS3}Bthzz3yeaQA@|K3GIT?|>bL1}}NF#6^eG
zE<CX7dWo6mU6kzCVB-(q7I;Cxv5meG6}&^Sa%}Z&2VpYHw%cT`g5)DKabm(-^{|H2
z;2?PNLqNR$Z8pPzG@*X_U5D$7P(D?^@XkMmOtRPAc4T>2s3|`n`(sS@$d(J|&hxS;
zJamp&R$|A8sa#dz!|SDGWY*>zW{K=I%8MD0<On>H*uF;owIJ?IoUB;Q&KkR*pnVTL
z)*yX1O$?^^CYi>vCwI?*hLw)ed=B@p@_y9+$ooei%IfMHDxXRNAG@}W85`!~aLbqv
z3B0rKz5L2d8t6uku4$$TJz2)Wq$=N)z=D@X_Ck0{uh>7<W6^3X#%qKsykiew_p4wF
z4Fh&Ui5wK3-|hZWg#nmpgY50NxVV@HdU2Z~Mw<7Ab0sKXX?yUL6{9BtB44j`^~R0K
z7mVx4b8(Sx2wzkrVVp?p8T59y?~O+3q1lhXfs(#8=WqU9Edj<>3qLt5(J(L&H0g?4
z8jpZvs2`?yHIO+L3(e6139j2Fsu#OW;m^6(uTOo})L+70Y{yl*h^JyOyPLmmgcT-o
zQyZW(2Gjufeu)m@yW?#hRC-WOss{TU8KneziS}!Juw=AKbA*($83a`GM8uAHLvG)`
z9nGNZO?&TxXJv(KQJ*JHhbHL(8ODmOAVWk%vF{%b5l1$yYO4o-oeKHk#d#C)o*M-P
z6J6t1s#6vm?d<+44<{ewP7?uc5hVupgd07d>lQq|7<-U^e65(0<~{kIqG_XBWq(Y7
z>nBx$?DJ~bf^y?U4c66Yu#&KUv(VxlAli<=e9HzZU-Hzz%yjCX^DQ;Zf`Zg}@h{!;
z6Jb^zWo~-F7sB+UWo2)b^xYni3*&BFfg3MEx(e$X8?L3&0Hv9~;XT?hsjQ)4`N_+j
za)dCNwX^HN1tBx3(?fSpBS&IgS1eZ-c<H73_SFD3HApRq>phjM9fuX9k@iMTPQI6Z
zRe=t=t|cS;*vP=(P0X<1XLr?_gW)vZkcDn-ZPO-~V2y)*3CU9rm$B|eF4zqFJxJd`
zcgtiC9bCWl*vvKuO83EBM^YGu$_Q{|wD@2H{Qc7hQ_i?jdt}^E*35;cX?l&VjZfj7
zuKu~pSi%P;^%!Hs3snw-TV1Yi`&wIjE#7en4)iF^ZK;_Q<fFXo=r~;^D_)Fx{pwja
zh)`wYb$*5&IV1H!o(po5xi48M|KooEACRmJiVURA!s1|tMkV99g0u$@cIp<}r1>j(
zG&MCziIHQXB|q29)~X-_3NXhg2(@^K?1S`D>njBqYv!m^pnpa~HW{}c#msUe_$myg
z1Yd2uQVuKkv^+>Je`22{6X)50Yp8f%z7-x(c}0D&H%saD)TcL|v@3SO3jtY-*68Fe
zjfc48OViPph}|us)igcOS(=l!DSW?z5_KkHFabITqFHZvMaH8txcFGT1~^Q0Zheau
z7kqv+I!&R6g8gdoibYDAyAWyXheqo|X@5D1^lMlJD^?_$bY4C}dhABUSu{8U9~NPa
zSL^`FRmE-ZEZ!J~ikk6x;TQMRFZ-_3mHLI`h{0toVY5xD6;l->=aaZa9E(lY5jzyR
zzM#`cjpktR1o}^VsTK41P6!e$`Bo>Wu<Sv`UhR`cFM@*c)<=M&%;uA46&lhK_~z;s
zd|}v87=8OA4DjwN`+4beNT%lTF&#Ap^bpX6sOA+MVQ7@ChR-O6g}7-^8a7Ns-F3WE
z(alnCVx-WkVSIOlfI1|c^3YMFm$J(_h8q+8psSGLR1nQBXx&Sa*z2i)5WJ_2Q8s$X
zRKvH^vHasx&W*^glFoST(-cNa9o`w0U)7_I%mO+XTP0BSY<An0fUWNro>@(kfq)Gi
znX2NdQTjckFqS}0D<2c=%T-LOm<m}ucXnM1iMAhIl~vwq(pa6?U(FF54{|p$EZcbY
zw6@4TB{d_ulUkfVC<&O%^oEfgM;JSRk8z9w(Ypl?;;?q^_jF>_{@hccA*wd(`VSo4
zHBJ(1_9bLwG4p1a0gBnA0S40vlb_+3$q~b&7^3SO4|RL_-~q4vnRbSCc}7+XtU`lI
zqG<_dd<_>7;^I{kxSnX~0R{gUH9-ivq#v{GNa2Suy$sN(y5_c~V5_;I>3}Y;28v?b
zA?_GgK$&B_CLzIy{F%iY!|yGG<ioufBs#h{@ErS&=JSwK<5=~;HkxY;4*`?%$G?Rz
z{vevpysM5sH92Xj9FrebkhN@!uc|JKWd>BdQA9oE?wN>|LkWlrXeo4X9fdk$_69~N
zlzF2CBJsCu(|!p~PVeB1ZMCoWnf2ysAbx2~tUD(1@h%UK)C}t^0H>QGEYauK0a3%+
zt=?VSSO<uod63i1m2e0=fBI8y`xi#JX?K7>ivE_awIT@GmHYnt^OMM?gmy;zGb+P|
znM}IqbuV(fDE(09qCOj4(jd)%Gfet+-T7tj$WFFus|F&cJ8$_ap?CdYDOLyKWy6MY
zs!B7-rX<)Ls<lo*3AI1pifd<SJLAW<s?R+4{|2KJWVIj597#6J!AEYM@2ot{q1b9y
zFV@Flo)t`NIz?5{WvA24%Dm*p=(W$sR=j|a=yPa@P`6?SCL>EW5j90EZTsRAGPrNN
z$%VTtq~jVtoVGKn+XE))fzlqIIs*}&@56GFhUve6s6{@ysPp+D;Oo9FCcjK5S*2&O
zG75iZZh298(WeT-1(<9~pt>Pek<P^}6)<dE0v6ik8Btl<?o%#2Emu5TF@(SO&WO#p
zBf3DYxWyL;Su*x~FqB|xe@-wUq=v1&nyUrzM^Vra<L)g%DA_Djt1oQKHyB~)){xK|
zzOvwZ(EQMAhP1+@i*ATcuN}rh^9-y6l5G>y*_;GpYjU4!tzd3x>mSCa^flNaBm!)$
zvE;C;bS3--0+&Lft5~gRx8aiMB6ieGli<PCbu4J%%B8Z<n}+I{bq|*d8FaJk>1dI8
zM(_zin+o<|J^TP<+=*v(>u~c3SGi(oC&nWevfr&$kc6%Ux11OYC>f+;sDN=X{YsR`
zpIL33Y*<c)5-Nrhz0hAW>(1<LHiUEwaJM;-S0t`CB>|cF+M7R3&?{M($5&{@g&JU#
zMxlo>wC#_w`--`ioDoHY&24aF0Q+)#n$!*%+)Wda|1$BZsL4&e3a87GL6n@htU{%_
z<<_cb029`p;pAY=CwZ&?aPNOaXH|UIs7Ztf55#ma96yr2ybW#%$Pc3)!&)ztm|}gl
zuLxU{za3{Z+(!2#`KK4PUVeDg9P)(+o&q)1LsYZP2`a-6p7`+NM&PP*&N&F8y$C$2
z6F?Ol=o)B>r242eaNQL&$2^A|8f`OGvAroEfge16ICy%7jd+X3#9S;hN9b3{XVmU^
z*_62rZ;xKkY=d#u0bn~bTvzFh2I_Zwo03--Kd|Vz_3hg1Uz-o{@`f2~z5In^ZEz9!
z#oUu9lV{)SaUCJZW$`L<WR*3hOc3AR3hO??VUV#l(r|7qe%eoSWSAPnY&R#O$o?`H
zzp#J_$-C+F)0t$}R)E~(e$Fn{k1h+E69HzPn0(9|gw6U&OHJk?f0SbH*GtWM#o3)+
z0)#7D)_QQfoeq#?B>(~2O3b<<AdVIdD<PL7t6U+7h#7r1uDjFO_;zl0R7Zfv*a=>h
z<>|g0=MC(KgkAuJnv2aTJX#0~3yt%fguzkxA$>5u@`>YG9NX`*hix;-Stfp(voG6r
zDU$=W;ropVf;5tVYg?~KN}rSW8$%M?4hW!0?6b3eWqmRji!gD0rRcuCzkmpI$bIwG
zzLrxgE_e7KuU)$aoVF{)H-B=%W5L#$tN$!c`ENWuH$OH-UT<d3RXY*hxvd9I?|M=a
zS%fBUHuGoy+cpz?>>@_s;?m~%e(-TSpg+34zWyq3CbRPI>Lv!~I67?Xi%i&SR7;%u
zsC@9C#Z=bF_ElCP9Yy>^`c+OKRGI|Y<vgH~`nP7<m453HlW3?Ci1x9Fo23t{AcMjK
zfUeCwWtqsLWwDs2Pw%QGG>57BOgkS|;J9ljA9$Ut))uc~$y+@0pSqa-hx4gTA7-h?
zR-Fhy^l${y&kOOj^_xQb@l{o<n-e04eUkTovl7UNUXP^B$%&aUoO;h5-wC9ZVPW#4
zJrT-48?nmmJE`X%F;gF~6YEF0#I`m+Rli~Hl#GmhHaZBB;mF3-_3?t>!a=G%n-b1(
zxCn4KUC}l++hA`Xls$QITIAU&S9Lg}kRcj|om;r|+JmyEpUyM%Qgg0bN>Xxg$}^iQ
z02icRX4O%fy)mD=UJMMVN^yu^HQbep<`_`k0<A{p{VvV~)<kLu_RSWnGT>eFFNoWB
zvs@$zG8%hoChhmW?8Yy>e3!77ob!~kv2jSR_tlL8Z!)|`OhqN1)fs=2?5L2p<`Gv2
ztC`5k#dK2SIA+OJ^-wfNcOJ<%U$-32V<l<FL+*IO^70&C23A)d1x`6$=&PCvcs+gN
zH)7GVJa!ZiN#qf(2jYBQMvR#3TAERn^=r!pFELgUpv06fU+|5@<rS>*?WYT4E99Zv
zIN;o{bw#l(P$2dSr+5@GQ`Y+NAlB8>b?w~U4+-oQjY&-?>Fa%QqObX{nuEr6W;_U`
z>r9rjf+~PbczQm4vR+QJKX~rk?ON^6lQY;8wWFbB!#Rel5#LW2#7Gf8p%w{<a?a<1
zk1T48-H_6j<G|kSRYCR0A~>0(6CR9TPOTFa6N~Xku($hN;6QytLkwVK^G=vYm}MN1
z8B%FqW~8y?7N_DyJJ~RolCLdw*2&XGGojjS@@9DEi2gPE!3=Hl_pqLu;T|LUn>Ko#
zI~Iex`8nHD@A8BRyg>6nZ1x5tCC2R9vbLm=dQS$k$ih;N5+G_Q`yhX@9gFeoGBLG6
zeHvpDEGmv=6}UHMx04*y$AC9#%pi(bLOZT=jBaKrx9vckf9^B%47!7yhcVL`qu*RE
zXlW(g3}2Yf*S-~n8qu${NPL&%-$7OvC}>0<3p6F)+>LoM^i8n#xqn~4;5=4lQYAfk
zt_(+=JXh=UwbVwj^)jNqt-PoJYV8w__Al!q7hud(EfVSa4pwxlr$q+vf<HfzH!Yav
z=A)Pds$PSd#kX_hmq6pe#wQgXlot8Y{T}<n9SGKn;e*ephq$inJ0fvS%GMOjoEuH|
zQ5NJ{DsKJ0?YgKey+G4bSyT|8ED;3~#tE06)d>Z98{K<fcqd+vw~=`MT(#;+Z2Kat
z0wvMO0nRT6yk~J0ZLdq=SBG<(T92OB?W8d>k}>IB@@f%BgQ+V>@RJSz^q7NNd@1ky
z4SqLwJ<s0l0Jge}khv9Axi{Qk`BfL29<)_rkYc@bhai)99j%LXyn@u}((0<r5v8Gq
zH>8;X4~{|G7V>w(i|Rb;mMGzarHR$8A*<2aKUb~7FZp>uzNEz0&W92tq>>)|#~aQn
z!0N&eQ}FNass`8hA5Tfo9#1q_+yW{S?LCVWR3l>iHA4rW_$qiKs>NsGIA-q<DLXi#
zdlooA1K{VPdCp8)Qn@ee>p71m8nx6XTRj&wb%7fM|Ku21_ix>;9L_ZBDD%~m-YO%K
z@7VfEeyjhk8E)(c7k=e7InZIez6v;#A#_m9&(gs`eWx*rhoFL|7vJL(uhR*m&iFj_
z>Gr|-vyrKJ9JH{dy|XbROS|=JKvBKIxEH#H>%~_p9xFH_-f<2&-#V?VsVU(&<XF@A
z?yh%`r&i-TC$5yr^&#+>y_Y7s2j;z1{RV<A0L=t7Cu*!dWFWOXcY@|kc#dbCQ7Wof
zqwg&B3Ps8#MptPy@5D^9%{UYpc85epSHZ`E^y!H<jZWMwZgujN3-<zOnuF3Qp@-w8
zLqkI^?@B|w-(QouDwA-lZ@&Iz@{xuYoaoAw^{z$7gmFii$00)hl_T3U1MV}XhVmAt
zJI7(*iQM$EZ4cvlVXbwPV9kiU-(3I!VfGd+amry)ka&!f%e!o}hhlzUNp}Ip=VQBl
z$7&3|LJL<d=?d`#lvY6h$&?gnvC2TtIK<T$<xNrZgFvrbi0rv=4r)U6kT>Slmoh1*
z`c-JxioZ4A{q1e{)aO`hx3NdMJUwanW0^ZL_o+226%8fiXJpYyKn-cAfx>Z{#2lg0
z%IKt4b#(sMq`9^F5oIfZ^53L10yL&Ct9cK5U$|f`I>hK)|5`7mrtRG|Z`XhwdA08r
zO$692R6yN>06J)*W%yhw`g2729kFW+iJg}R@z@C>vc@jNF)t`D!zQrW#|2gXyJf4X
zs{|4C=bBFbPv~R|MbmYLZyoAfy0Z3R-76NToT4*cD1%g1U>)JMU{m1>M^k-pM!)cl
z#bZE3@r_2Tx^(yy4d_Y?Qvu#939bx`?xMV@S$^rgEYY9Mbo2Lp;WGh!ye~gLc`#f}
zGncxL=*dhX4K3DDeZw=E)M+2!+^iw{WYW+~RgpC!SaXQvv2Xl95s=_b`*h(GoBWeV
z6;@3PkJ~dzC^{+p?NUoXFrG4-aW>Vb3%h)(6djfkK&RRd&Xh47Dtri^VycupP-Ne(
zp?l-jb){}r*tK6;%0D#*c#xJ%tO~az((CB75;CsD3iE)>Tu7lZgEhww%#~GTO;L{|
z&Lxpa3qB#(F@Ppq9hHI}3NxoSQb{vZt$}ct%BpUU(8k<zOE^>S?zg9x6YkGT4t+l0
z8y8cf7k3Sd#U@F-92m@hEDslM+Y?!2>SY?K<7Nz3QxJqCP7Rb=I{_&keflG;+*FIk
z)+JjNutlX}*_c~b_w89Vfgd6rj;e96YuEz9FD9QQY%A3Fs?97VE9*v4o6N0<Juin(
zha@3xZ+Uxp-HC(VJKiYzg^Dk5qvPGk{*aJaT*&VN@3L=}j5WO4Jm+ZNYlG_@bgE}K
z_3(W}L(!o5mNV~xd>S6&2Gja$gSDFsHN5L(9nho6!n5-^t%uR@kjm1wd_&ro4ul66
zBmV|vNS#e@&j)2vvI#|oyy2~v_YexC-&QbZu$d3$Lf%oZ{IhK10yd~llRI*E*W!x^
z84dCF1E2XmH#XgFazx-^p(x=txk#m%C(qAV1y_7HqA3XRlPD&qIi<22q=9WaCji_k
zU?mo$Ru@G6^oLk`*<Y~gf)cVFh?nrRO1er90(EJY=^l<Q0a2$NJmiwBl07+DahpMo
zK|Fi`c9CG1b;ipy&r{y&V|FM11Ufp^s}mMA=@TMH!6}g~8xvYNMQDKf3yie#PJ+&8
zA$y07BbXoIg9usk&>7i!*FX1zd8nC)vZ{n%vx%+q)5QJbZV8Ej3miNuliCLt)PQSi
zZ1!tJJT5i0qg{h4@Xeb{=;TAI+UVOdniY+@$st!tNtCoV9QYoVLK>1w3>ox2fFo7^
zp!6#|eS(6DY~0thuFV(UFC4PRloP_1N?eevsu*3wxj%rPciD}E0Uy==nhS|4`*X|(
z@)EY-6TbUsAx9T``I-LS=vcpWFLcQ0ul!aL*hD_kvdiK(vlOm!Y9sr;y0t8pJ)%TL
zB^FVt=w$W7oPsr4!n=#29;)~6aEr77cQ*BwxWCS}d7Oaa40b^Z=|JvxK+zqx(tV!b
zEKMkz=b6M@o@<_t9cLFP{3?D{M`W8g8T9Z`WB|Fsvoi=o#T8g_cVRe-{vpa}#zS33
z@D7EW5V@3az5$LD!1|!fs5$-ACjkn^OFV>KclpE{cS|dw7%($-G6yl{<0V&b5xuYY
z!${xpIR^t$&<QI@ztxSlBEN4}V&Nl@Q8~N_J<#bmi{G>hzUvTh`lv=?)cVHVDXX=R
zw(~h*nNRG$O|Lc#|4gmG#hi_0DBROat?pq_$8eqODq+-);@^Uds=9Ha)(=4Qb(hpm
z>p&0}Yt>o$f5-rW5KC|O;wJV#LIz7SSxURU43*cdQ8JJNDw)jO@sv|P0b0rs_DyEx
zzj=G<zD#{$(Jtxi&V$IKZF~+XR$9Z>R3uKw4>$NBH)2ueXChau-$2}1;uQ+lwI^Q5
zO=y_3f#cnvfuIAR*}7VbS0m`t`-aN9uR%Za&8u$~_8H!_^H++?<+0WN<_)h<Y4_{}
z^^sxNYiJ!I(BiY(9OqNKt2qR1-FL63q-*@bUDM-EKt&_dWAs;1C6^OO!p66E!3yg`
z)zm7m4uSeMDyMg#W;o$mntXGJ0o?AXWAvuoyGo_RiR5lwxnF?FikVO2q3gCgOBA3w
zvjX#H)?I8-<ho#S{yK6)EClW_a-lOe2`GqIq@DgR+K?OGz5o}Vq*3MhJ}BMclxDs_
zdVj;+eE^B{+Uft{U-s>P5=HvHW<{cHQVzkuJ@o{~;9jhE4%C#%XcvQ><)2vFdEG_n
zzg7e(wh;f5r+T}x1B(JAQtAR7r#d0C?fE*P-mTAfwA%i{_pcbk1#MoWDBY=G59hud
zOJtwTnzx)X=!&ZRT`zy4$qZn<WtZ{V|9R7oR+z(*y=KDx6$(~_^W!}~@d^AG*kvm8
zd?fH6OZh%fb4er*A?w}7@BjI)$vyxTK=Y$!-0kiEx*J&Q@I|23)%1tRuc`hU_mCr?
aZ`#Mx=-b9M?1((T-x*!QlbGYSfBqlGz++(m

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/idp.png b/login/apps/login/screenshots/idp.png
new file mode 100644
index 0000000000000000000000000000000000000000..9bf58c69b056c63d3c5cdc3b07c2bf2948c6400f
GIT binary patch
literal 86616
zcmeFZcUY6#_AVL_q=|}D>552@rqZMbY0^P@N01IdA@m}kpmaex0uhuVz4xksg7n^d
z@4X3}8P{HWi_7)9d*6G{`R8n&2NIIZZ+>%*G2ZcxGUKZtCxMSkjthZ6@FgFJK7>Fp
z6d;guU$D=ES5Am8y@fz<Gt5Lp6eLANXccU%jm<2LAdm;X;gMJhN(&?&r!HM0_a*PY
zCv<)@iv9rS9j3zTi(L1w(1u;U@8yS2@D#Jx%MV)>5uP}%3DLm2?&mF*W1#a|Ojv^y
zk4t$J(<i6gdemjB^;`7Th;7@m)`Qd1({H7a*WslGPsuYbz{(!n!r9t0{`|S&&Xebm
za~x=x>JUR#HtBD;`1t2v$qZFDzjT4b<P@_o*c=}no!+|TDok<-0wtQja3^7-noxRG
zHSJ6P5TbBIP+j{l&CzS<a<b&>^8~BW<L?=%<Huh}ia-Av_3AcP9S3Cn2CG^q2E^BM
z|LQ=+jT@J~;yt1u(1YGr56F>lc0NxtF@+s_{m!dkj*x`t^+<lnXU);HZC__@eswZu
zd*ii7VC>sf(tO%BwLcabe=|1gQ2>-t<H}_pbzB=`fwZf_HYD`l@S=^cJ-h23`o;(?
zr0ZL=L8B~t!V=*Py;v?b#~4CycS<K}Mh1fzOpU6EF6OV;Z~COdax}WWg@5Y~{~+FU
z{1rWj|CyYP=r)H5Uec_rt*W_WyUYcx)yOY()5mzCC!_3k$I~wIZHLY7-joNLW;UW8
zu4}{5Cz#iJWm+@HoUC0vgV$ta-t+4+??m)nN%3x)!ZbUvd8TS#;+jcxKx@+L)6{m`
zn}UqD#RLB?j6Cs54W#zVn@f;~wRaaji}zohoVoJoVP076eRz~dEx|^HG5fORG9@Ic
zBwH!r6W`&qz>E1l6IUmB$dh0y8X6(KDLnDkscu@x=ZUKck}QzvEr_;G+Z)Ne6xTNn
zIOkr$aN0e1+tJR~5UHc{jbjXZkgj8T(qf2usOONa!|pzi;MK!b^(sU{h&);Jv7lH-
zHNpy*L7s$2g14BYwZu=(Aw0{+3Fa}+jT4ih(bSM(2;X~kLGha11Jb)*%(Q&3aGYRO
z3b%>Q*WcezxN^hmal4c$l`=*+Y^EJ8mHhB3?>U_pS;8aj=Ta|`dyU@L(<hSgGRxtz
zyrA_-CJGa)mSFw*J)G7Tw&SjjgxcrT>Le!4?_YO4SB1A%mp!gX1Y<<bLj}U<{d^6Q
z?khY^6%E5EBv*NLOH3tkQK2Q(zS~Nf&75rKYM_`>$Atp=L3}EYAknS%==q*`0|ZYQ
z?uZ9mWK4YTokaWCoyP$r4d_#T6Z!_XC8It>q02DN-k#-{y*tZl4B0~SukXygscvEk
z;UbCk((z<zSgq|f)XEv@cVC8He5ur^F+TkC+C5e|Kc<?MI;wh|nvpvEalr}V^)g4k
z3L3$SY;|)J(i@!nTl-r3r2BWg?$*8<m%_fbj?;`2i}Mn@<wfiZv^p|HZ`1n-2Jy>E
zuPl6xKJ!i*O&U(}VPaysVUl_u;NJJv_P*;qg{ww<NF?|Mdc*cgY{BarbXM1?t`)wf
zemxrU^|4_dDNhhHz4djqH*6sZp+bxgi8G0K{9Nlf{fPbW{fde7m<YlG!qlbw!)?N(
z!sTv_D3hz+gi<i&hnF^`hckt>LC4gnRo;E<|M(*HeL7KkcdEA1)%WAj1|mJ&giv{&
z2c@D5DT%4)mAS$tbR+~sD`lvVkIZgzTx9W973C9OdLNkjP?<_ONjWl2H8oyo<wMeZ
z1LC4UU{$ocmwWJuQN%8DFLP~1VE&@<NX(9+tWt}#EK)U9HQQco#h+JXL`^`&E!{ck
zkPyGXr?kN}@B_IEC#%H;i%yOa4yPFJ7zPd+^IFYW%}1I{1sBcjOaslAOph%53mwe#
zI;nf#Ejcc{pSSGe$!32q-Lun9ya?~BL>`5{Ytp~dNoEwl)$l4lLf0c+X3ax4Wi+bF
z*ZsYFynE#d;kiV#F4_+La^dvaSMRbWv_FOW6#85W#1@xHdYlv|z9LQ&C>xLz$W6vg
zekmq3`iYE<jJYgzY^bb&EW0d|>{`^LmMG&iW0!Ab-yYdYY(3t>-HIj2@qXjoZV)WC
zXZg)Cav*UaJbz6qlvyKUAfhnBO%;)@pU$5yp5E8%)BChnD|0Bbdg$KZ`vJ;4r^nK{
z_ysNbRz+?WCh*4m^qg`-`J%miJ;Slbrwz4r!s9u8?;1lE@AW->ZkRsB&0xads}$Gu
zI{%$*#TI<-NQRs}OygU{qSw<6dyOfZ-kJRLH|gCwFP0ME5%4rPC;Yjs%q;dSWlYyv
z)>^Bb(D>+5?fR>|{<V&!w7IW48QZS2M&tE+yvsXYMh#MrsEjIii#8%06LwF&*c)XV
z6z?Nlzq{eO@wzcqg;dQ{$scbYhkiFd7XMClthQf_p^xr`UUYtV&eYcNt$FJMr0w{}
znj+eV3XTd+?fLp!`jSt!v>oB&!&bI5ZR{}&F@0p{_wQXBx*z`{=7q7($z2*gA%uJV
z_qj(!kC;9UeoC8=uCu5U5_OcY400qgBWLut41DOPNv1-zb7zpD>_!=P1Fx~lw?Oqk
z^+%RUl&q|`R-X*dqmN<okz8O#XshR}k6wQx)=Z+Km63bTYNM21O1eZ^uEB6JY06@<
z+D4=#e7FNcu5R@O0d;Kgn?1j^`mt7;D<ybR7;INY2&J!Jy%~N}M2}DJax?PgCA@(;
zn~B&kk1#hz8YPj3!S91o#8P@vrn;uO+Fn5ul@+yo<Qnn<;JMx<u;JK+m{K}h(JME2
z-eMZDG?|BXzOGFbF}|h6w$!})CF{#c0f+g*SEF0aqRqS!v20@{-^GITTIHGAnH-rk
z)fO|g%k!*>EqXkA+81B+WLjM4ozA}cWv4AuQ(8N=Y`2d;wj#7*Zz-{lbIxLJZgwww
zPft$^sZPsSQeA8Hsfwmu2>aRmuxa(vzJ@jL?{!OJTw))@^!%Ob`<@jX=PoyH$oj_e
za`Rb@mSdKS70isPwq>f&-=gQCKOUNeTlBZ~>y{iJ2hsCoh4Y534oMC(4h?9LX!jO0
zKk19m(QAIwyr$}?*1gs{Sow6XQQ*5k@vieq=1@vyw&_^paow>1*7r*s%H(Ph)Ss!p
z3GRPa=zh1G5GABS(|b=Fu|Gu65i<HQ=VOui+~Oj6W=u=rlgteJ`T4peokrIn&K`|k
zs??M|QYx%Qqei_G%G0e%LSY6?`MdJHad&wOk2rP^kIr@HR6Kfrr!=>iu_*0GW<0vr
zxOld!TK(8&I%9Oe&-UXSR{}$Pn~;$EwYfS|{}Q8pgU<SsUi!>n)_U!-F0Sg#Et~e4
zbhYnU+U6#OdL@hQJIkDX7A9Hj+1#T~$~xL7`kx-EHR{Pb@Y-<=BdP|vXF7X^1yYW_
zv$ScES|1Hp*}Sx!YZ!5IC|?sBT`H|!celP&ZL%&r_?-JvK24B7lUsn3_P*$W<bqOW
zN_chjvFg}Tw@X%AO7@h-e!j$U#fe(A$?=ID?J3WJ(*oWIY0q=}=O!<|`;_UjI`XVb
zeK)r(8NU=RWM9qY=C&xGEyO2oAbx)I!Dv7=i+jq+>KB)ndzne^lH`TnKO;L*-<LdA
z>M@y}+hyy}(+yxb_B+ztZCTdZ+C#1dH+D5P)@$Q9*bu?4;WFGrU*E;P%kUW;wsL>=
zC8pBW_IsGpDdY{t388$;@S8~t7?r`zhU@ltkVXQ|Rxum8HbOeZ7o;95D>J+TM{=zT
zgkEAN>bplW?a!_JZEA%coBNzfkDV6iUr#@`pK?sv8iUpF3E#L6&{sbrbxC7cS;#H$
z92<gxMh?LQ&(OfHAR5I#pNpeGA?JR)jt+smG=pIL<1=#L5%u#L{G!JE@pvxO2Z9Cu
zy8?b4k?4PZ8bbkj?$77vzJT{2!b&2NlHgIv(8kCJZfk0dAp3Ad2fTpu<bj4Q1VTcO
z`bCp`cw-%0zt2or9ic8O!)s`5#ro*6wSf_<qtz4Cbs+qXyx^&o5#kZ8qm?Dxme*0>
z`j1cWg6F80*{;+6_z1#6;JUi30<DO(jS(#u>uuKC*9CEDX=(Xw9vkyM6czu+aPXhN
zbyEc52`?L)gM$OB13Rm=jS1Tw9v&XH+jrUS-em!wV6k<ABOW=jz-{UNxX7Q^5jC<k
zv@v^vFtdi!qOSYMz}gNWaQ!-JqJRGUai2zxX8)QAZu^gAfd#Um-eJ4LdYkQ^*9JrR
zQLpkUm^m6*YKWRyfjt9r2=Z{<<Nxvbzr6FW8Gjn7{;!dD?%d}1dFW4X{W?^|*2qT0
z+6v5x5d4?C{xSIHH~%q^pAEJ2pSI$Ueg5$(*l0mqezt!KO%S*2qxv|IBc++ByfSzM
zT88>Tn+AWNe>|d|=iBZ!!9^et7(`N3SlJP6c?9e24Y7mMjX`fZmmCZ<VH^h!H029W
z163L9RI=OGX$`KE!4zenxJ~lP%CKWbKQzp9iP-z>2KPlzeFW|)!n}|Sp+R^zPPeR5
z2VzVT;#Z^7;ub283fSI8FD@>|IP8715>h(u?oSl+KcP^+41=Iy{PIT%vjH0!HkgC{
zmv=5hF|d(OuG4xz(6P_{Ax6hgxaFZ9_?I`ZFT*A%e>2G~a3y6(F8N>Qp!KNZ`RfGO
z%HT?A5ChI%XU3+5LA-7Mx{AxGmuWp7qJ1|1b$ORz9uVBQzuqXV!ZjG=1Ny6;UzUdY
z7mcX(uQv)q-uHk=VO~xr`0M)6p>NOq^*S(b2wE5}tt#DL*N35S59=2>fPX!4(a@p9
zunh6Pt`7*};#nE|nD4)WIJ=Ag6~w=k^S>5x*6#ibP5(l{|3cGQfd8+L_{nen*IA$S
zwEven>n5ou7l)nZbc9cj_o`3v9Y%J>CaIR3%D!`d=ME@5F=;l8>)cfJ&h34sDa2*p
zwwu|gDm+|}En(&Ez%E(tu$Gp+yDYA>BEK>hPu1Ynd$XQTn%atKM^9QLv)<_NB*mU$
zY;XH`Zb^Pw!ZqO7La69C<&c;snQAmqYlTHicF?_{@2T~3p@z!(h{5=$YwVq;`+`l>
zhSukw1*~Ns&sQWkQcg~B?DhxtkL;H@2Cy{N?UzM1mSmPcFUjjQ9Ja`y)GMaZlAk<c
zb_rM$$_maN3eJ7HcW0F`i`j*$`N%22>e4E)mS1p}bJr~>r6#doWqqFxb<&$1i|Qc0
z=CNbd=B`oU<pW6YvBSOHn?;v@T+QY{e6J+iEPIIQywepI>Y-QJwt@{sDG9Vs*>W2S
z`ZB$A1*V*?(hR|$?(N=Lb%h3ZjXtu-E)uDTk8TslDrsmNlM(Q_EhtFRpmz0=t*Q=Z
zM$zEgoWsTR!m3Y*)!Ynbz^ql<=`uYUs2ql=?saG}<9iUP#eZzaQS1&ry-1(_5uHV{
zCn#kFZ@Bl(f+vZI1eKQjvpXvmcg%`MP6~w7lZ%y#A0M8q9z4%3oLm(eACxx`PG8us
znlv1#ROw4!4IVizV6pUGjJv2{xVSIB@ma`q%8)^A*?QQ_b!6pEFIAv}E6qmk*74`6
zZ~=Q4y^Z7k#=IhDwqTcFt%kmp#@;vkRZY~=W7f;|mcwqAYiWgC@b;yop(mMjC41^l
zgG>7-hHH~c)YMF4s>4otV0S59Vm5NKgNP|qc3F8FMjQGB_~o_&M*>q6UE^kQH>v6!
zIzJgMtFKW7RWiCQ*WPijN=k8~YBsb^sf1^LIe5PvS7?8w(%CKG*ng<LPbo4X_wnFp
zlF6`(>&VO<`!45A&1VVXU(%kLteZ#Qm?NZa*=?V54CGY3WRY2DtZvt%q8VqT(SeDL
z%<z!d58_+BP+WY%bi&*&B$FxD(aG7TokUEpBk(PnJ!Rh`I5>E$GW1m9ECGLlxmuBL
z=Vo`b@@S!R=F!(s`ia?C(qi%5u^vT-%)(ymy|TVRDx(VZ4G`vJz#5g4#NpM)t-Dsd
z&K9<_8RWehCM!9+gBF>vwXkBZe|cf>EI@ADhXRg!deDadXkc?@g(k~xh0|e`H$eRA
z$fM{D0YX^x)5(ctSg9<$d?l#&mC(%HQkMtQ&Py#;V#0k_<*@qk&V)!gp*Y&lj-S=p
z^|6>&E|srIQdk6jPf%aetxr7-4>0)PSPt~d<5NZmgV_3X{E!{d0r>dNetQ<AF{1bk
zUuq#yFS67qnT=WU>wx+tK~?HLf7TXH<T%RN>ET0%y5(|OB+X=oFgO$%4=7$q>QU8V
zu`HQ5tbbXgQTd+xOf*#E$B5)-RMT~mWs+#>oW#%KH3`oVUXrkiAeQ!kG%*XsOOd4y
z*cX^ie-)>&f~`M}piwFd{&}DB<zd2MOj#wjn5}2TI+&F#vMY_5Xy{9!CSxJYYj@DX
zY+@U-OVfAKw5yhP?S;5U9g_?MH|^2n&xQvWJ~xp=PA9v?)y2CG4sv1mT<XDEPCm&(
zTYT3&?rt@(=V8qVbbKKc;}K!9S}t1}^?#AeeqA={%xYk6p7sU<s(#*_ed?7_qmD8M
zB<jYMAk@=v#3ttN$Xkx@V6dJ2h7)U<*TL+{fVg^wY5*Mp^D}AoSv31|7j=jeX1azO
z)<0t!<<lu0B>)#eR2Ytn>aZrWR2>HyJdQFR)^M>}&5RX$8JczdCjr&qGC%o*&+QF%
zBC90CWTbTIMUR?Z<}v(gU}tiaojf-3Tc}9HdHL>{A?xaVyCXS^*|?3%Tw}|E`O`Y>
zvOl@|%P{?!%O(4h(po~UV^@2%Z38E{;<t4OMI||n+icOH`Qz#X<Gy9CvB|7eOVwh=
zb31(rQJ8C9tUuol1f40k2G|k>ykcY4ps3r|x3p{Yo^Y7ijX*Y9kIr?GX-xTUqZy$N
zUQGEY^7IL;kkxBHuSSXiIplb<5xi8lzpvi^MC4S$+6$V$Q~<_~PpOdbD@I1LlxOao
z8hWPrQ@BDF$bZ)Qi~{thQiifM`5od*k-V2h89$f}<Dx?Y`EEEkq-w2;az?PKKt6<@
zKHiemB4|;)PDFBM`4G<rY~bkPCPJlIt#(Y9hmS^Q(1`4!Xr&A<YV`$OhAlL)$AqiY
z67JkOudwP+-6Gy4x$F0{dScVItLWR<JYu@n>4qU?=|L+MX1Yp;7IvOGmKQCIUOKXP
zGRn{sB6aQ(t<L>3*rJJ!i!@Cm_e|u)P<Y?I><y9n6eJ%v?z;%}%^*RC;`4bRu+HdD
ziG;q5umy(HQfcUyUYyt6Y3Ekw0qO*_x(~)LVaOMREY@o|7WEr!nXM@Nw85ymz3uGz
z^{cdI9GL}uNG2&vF&HN?;G`sc2c$KkzhO7I;3Mas*JFnfP(tl}&#bQd@+%&N#UPmC
z8w>^WnxIr%v@n9&p^;wvcvC)cq`H9a*$hVuA^5oSRnJ5R;maSK8uRY4`jfC6TC<lI
zZEk<;18Zxfgbvr`Z@y)yQ2JRAQ99^PF`CX(WT;_?IpYLuKXkB9`!+gy7yScTV^$=j
zNylMCWxM2yXJ?tWiL?!pV;s8^^XKs}{W91$&%6nrC1R$=#>N!2Ta4E{9-_0?8K6Vy
zKKEt0;KZlGGuprkY3|vdfftZ&dQYdItRftui%wVBojH%2&JGe#Up?+UAiP8Sutz+D
zlxB*VUkmOu_EA>j>`>a<=$=vM=!0OsXd(ORJs-+;J`O%|qXwBAC(0u@{dv)k<ga!n
zlhC1uw?oc-kP6y4112@57&l3oEoBWTy=;)CKQ2LJe^6bvQ^ryIF#wQ(y9T?1$`^c;
zts;B<+ajSJorA9lpeoK8XI+#yoxUydJzB`NQ}Jj|W?v?L?+gL0M`&YiwyMGH_vTXt
zx~{D({3_<Z4r3ahf%yu2q##SvVk>H%`i65E7R@u1#nK3S&?l7{UZm^Vf*p2?r}wOY
zlZc_so>yE{xbHnI*0qdmj0SVvWzP!FY=Avb5z}I;GRBY!r(8OdDD&*VMNoJq#`oX{
zbZ2r8I+RbY#X*{01wFm+0x?vnCSi2Qb~A(?ONv{#_h(>$peLcUiK}0K<huGK=KYGh
zLsPtV%Ul($Y%mCYwV9E>uKwqtFX^P`pv@5@x|a7L^>30coUs_PN*JYQ-pS!}OoeSZ
zY@qUvS729b@2sQK6;T-3t(GliCElV_$RNu;d%wmwpDCfhFpXSYhgbCD#vjD-!l#Ig
z3Bk4o=DCX))rJ&!=keb0sKX9Z_MbZ=RM-|us22<~;bs_qz=|<HWgH6u9lVD?jbbvg
zGl0<F3>h&`Kl%{6L3!q8VaRLfW*3R<d?8XI7iAJg0RAxy)5eBlN*Kf%EvZoVu~^N(
z6mPttgenF~oKb$H25R7rOz}k6h@X-w^_XJMp?Yv*G`QirwngyfJCMn&ij<rTISGi-
zf|Zz+I1=&ZG1bp7N_(3ZE%uzzYlz<{rf^sXRde05jzqCjDl1aetjb7CiHBglRA@xv
z$oG%=&#E6e!)sd%zfnrGunuYiapZ-8YUX>P_Mg%Tn<wdb6dvA*KdV12ggHD429O(q
z$pX7gojcCDDM2GXeFp%>rt>p;9$xSWQ(@JjX`Z6%B8$X%7<2}UI7DhtY7~xnzo}`e
zJWZ2kY2zL{uoL5k!h#+$2xGcJkzholgg7$nHzS*WKeES)^Ssb-_#RP2kMGPz2my42
zNaN+1Sp#(SZEEWbcDr}_^or+YE_i&F82XgAS)d!oYvvX|hf<2Ryu1%&-{)03(%(eX
z&jr91lE3ht5s>~ix)F~;H#^(q$?yRO#UE>SLaq5}Mvv45cSQPfk7V<<_9=@+OI?z;
zSwOj2-o-PzK^6z#?e3jB#n@5rYlF9)mfxw7^wl@=+8O9jZ{Y&CS{f)U<hcCs$1N<B
zp3r$by!n9VjD*`S0IV`P-oZg~Ouf3$i-!(<ey~$uM~=-n)DG_Z?*^fXgU{caUc^KT
z(+=evlstD$cPDShtTcY9`h&E!H9p!D33Xe@-80KY;-KHbk{Tg^F5336@Tx4uu2-pb
z3tom@oeYsZcWo5j+?z7voOMd(If?Vo=gekvNFe*bFeep{_vUW4qsM-Igy>Ka{$w-S
z&qG!NhXvYgJ2Z3({K8FV$ergb_IAuUF@bE{*UFjJt>t<f&i5fkuNpb<UpSVtXeC69
z+4bqvCkMbbFc?M7_~012+ok%COpSE0W4tAr_xBw)Qcs!iUWA1=;-~jEI`hwx0`ZP@
zTiwC;Dk0YN)}_)SIR}-F9PJ%6V79E>Ic|zc`o)O#U;Hp)I^a<YNiS?PDRb*Ac1td8
z@dpE%$R8A**$;bF?5WlmQ4hiW?MmJQMPWjRw(xKrZ@+*@37NZD8iGwH{A2FluHp48
zOfef9$uZZz-39jRICUpC5G-BR(auui0`fL`J>mPaxM&&#p;L&lWwt@haIv1;3UyPy
zKW?gNgihf;6IK(6u2R@pG{z24_n?H*2|}VB<RSFzrW&?fmnVC+7W?zkAWbWoFGQ|c
z77|N77Lfi$IEr|;(T%z#XxC0~kkdQNRxRi6SNMU|a1p~gnEAniD1Q|SE$m|0O-gT9
zw;#4;Ar0nH*#-01LyR;4|4AnhM>>Z7a(79jQQA2<CGgm&C@qA~jl3kGo6omFghA^p
zU}*uAE*Z?&dlAWOgyCoM;Obe+AVLF_V&=j00@hg(*<mPXN-7lH#PXAnJUisJ4Hy#e
z{qo}#Ak~bwGl2uJS8849hRwX_&`j|t@5VR3>^NB^ghxUA*#(<jK)K{vSglY4dj1#y
zwt(!HEg-*EgB>PL>0=r9!{@k&ptc&d1woL%TRtsT(|oXSD>VRvw1E#S6xbUdo$V~I
zq7lgl{bHR?=m9XZ(K}b)OJFFR?^t@I1wPBQv)F$Z9U4z*^s74qq^rX4?t@@#<b}k(
zPetHHtQLE6jpES4dI2pOYqRh>dwGZ_0iF!2I$49JTNIGR_G4GqiX;ic%!&y6ji$pi
z!{UjZaRA!qxifmafRa);{ZLY74I8a?lR!#n{Ef4BP&1GD#q;i=;p==X3<Vo=d$VSs
zJ|F*Sh^idI!0rFLn{5Cwl4SBotkuO(;FtVGO*`;jpEKHSq&2w&aJhTAGXmV4N+oX*
z^Ld5e0+j~=uu&2ofHd?k4Fb6=0YZHS@&r?S4V}rPgi2j6_wFM)yBG*M9SM-rt4pxi
z5klD43!1%e!7Mu!|1W0o)^Pj{48A`1fv54hggjV+LPm!VxOnXU00K4BUf%W7G=zk<
z{&IoA!43#Hv#ZOK;X6u=@J~y%AZ>C1uAYvG(vD4_dY~G8F|7R%+8Qfyk*F>7tkm_p
z(WhZocL=_eKLhMnKw2x`^Ky3L{{VCU*_{I8`8{0y9z$=V|IIcG3!u{%*dQ$zIK|Ey
zv`5V=l%7qVd+oFbnD_GtP7?sS0@*<<7FY@qqpFW>N1ZJ~zc@$y3OgkF7)`0cu+d{6
z&n1n)7_jBUKx;CnV2s8Sk1+h^egzv06xd8ar<cy5g}FxPXyt*8$^#o!cn%7H0Q*-U
z_~D?Q&eeSWJe(*$H8n-$MnOTb<d{jS8=a~AgGfBb1D<s_M->lcn$y5ESAKYw`@iUS
z12)+5J1?(GOJE}(KgxiA26n^(G%thBqtj2dmF|Bh$Rz_*)Ns@+ZoY#T%<wCeIs=Lk
za6&e{jD{BWHb!R<wILtDhR9+nM3Bk?@AYq+H}5$pFubjz^_ax7{tl-98DQSk4YV&6
zF6hu`;pP~Wdd7oE?9MBE@toxOm4*ldPbYg1_uvpj8VN>y5x}|uN6R$=9N2i`H)#EX
zMSRG*fHI|%0ANbn7BappEtBEVw=!L$x{CAd9OLu=^1CY)ivfGOg#tYZ$cG+mo_`;R
z0w8`25@)rxogbx4Yf%?E=>VOZ-^s~DS^VF^{`7BQKd%*no4@WD^owT8Ue?EuA`H4;
z1&G^MlYv5d)P1}B0PA7rrA^gIS{vkV2GL^u%^+rtyb4pV8+pG0c(T6(_~IgTXiSM8
zSomL+2Ke9KD9zuoD&UdSzpo1b20h;mXr9DeLs(=jvu<=+r_|hSH$JVGeFp&Vrn&93
z3V>#W{sCM-IDciD|676UKfL(glDN!bRtwHMB(rT}oxk(Xz|(!kqTO1>K|VguV$lka
z!1;fmmw<}QQu<R0T=NJO$rYzS!OSGEg*zS(0gsT?;e0k4@gI;yG8jNbhF?*U((@}O
zo|Z4^eH3Rvn4>s@tzjlj{mTE~j;>+-<~k^Ym{Xsg$3Y9D^y3`N@w{wJ_zx6kX1gA}
zRpQ;4^ebH`MR7BC>^ys5p{lK$4Jd10_yb6RVZ8XoFaimHjvHPSiva1tuXXApuYk>I
z{o!R_pZm|KHjl#nD4}Oe*^Fng8Vy678BkyX8jo+~3?89Z3o>|s@ht+-7*Gbu%yS>Y
zbE1FClzwkWfM{#<nj2(rq8my7`%`J~dDJoUQ(rsFU|@!*{06hJd>o3~nW5xlZCI9B
z^TU+NC>|Z!7hTNW0v_qB^<t4JaG~^nY`&j{<9~v)N@!s-WzQMDB@}=7_c@g1EssP>
zloS281B$dC$mjEmfMp2)@+k$0#=C=MOsNm}0RdA00fWu=CV<BOx+6*$fFg&{g{076
zC~V$SEiwSn#(7k<aTWH6-0(NCF|e9C#V>tW=+Fb^@}kFJlZ?P7EnPqY^|Ad$H%+}z
z)aMD&<_^dq3pQu5pyGxBz%zkM{Z==1^;gFw29g!`W#h?j-kc@TA*Z2Pn;-0t>a}Op
z)i4R{eUZ`nJMqNgqGo3Qb!I=*%r-YRx1U3#s2iJ9Q4F^R6|tOyPX7mc47>}#QHiq}
z?s*f%MsOsq>Cphx&0ii21$!Kh;!W%zt48#1Z<;?^SbZ@oQz$`8LUs7RuPK1j!>uqC
z3NFJoZu~;H#MuDcb<jM2D*z%drF>~E0Cy_?d2mGZTjz)hQ6E&^MtPxDlou*)XlUTo
zUGi2lX6pId$Vhj%$+Pn?<LPgy)8Bf*|MR}<Z%MZ)hF>0m75jgJbN_ML0;OaBUwt(y
z9BQh#j53|LAEq<>Pt#H5!ZP_iNobm^m)4RE@U|)f?#Sd<nqrPh6C7esj|icKRm6YD
zL|Jdgk0=p^B(%R^t1Svi-WrA^F@R7P+H3j=IA+;Df<ur}ApF%pgZ}@DivDz4Hn_u}
zu=r@A&U@l;DchP}FczD_GDo=IGQXvccPXQ*3r@nKNz{68D&R?vikdeT|2WzNCYz(M
zx?v!vv$>&IHa`!~)mFiy<($V~Lvy<1_`FR7x1yO2wc<DSxN*Ctf`tSrZNJ^2T3cDt
zJ9T!fBaClX><uH8j%3A;)O9x780enUOxTd+9w~7AHqiL&`xFhTE{9V*Vz1Rvv}-$d
zG|CNX^$c@x-a*YOSEr4U4{J2X4o54+q(`IR#y^1yGSRACwu@c&944yhr37NqXvTq#
z0%?fRgH>S2E4^p-{`RYy$$I}!I1FzuyYHmydE>E`(0&KEW)tf&NtmFnJzl*To_%4j
zYOivHH+Mbz*|CLV|0ik^c<D@pIuZ5vajchm-zP~0unY$AGxX)Fb~3HK=LFWAsMgFu
z-^`_i<7E@RCPzg*edXjem$9R|^3k2FprCk{)zS$wc^6HIfmGdj>sM^g4w@(4+P30U
zAFo({(mUBCEoQppI)3icYWW(q?qO%750!m?ZDv>Ix*t;(v`X52uYAngpS3J?YAXT0
zH#{fEy`0-f{b;Rnul0)ZaaY0#(KNWwv-15Q$vvY4>&l&8;Ul%2&D>x&OLe!M9xLJ>
zB|8laGS5)&+&h6FcI<qIVoAkk7@(&+CPLV*1`X>)dUjP=%FWTk-eR9(aEp&ths#rD
z^C_zL>)9@*#M#HNT%_5r!Kx#WpuCgmYQ)s;aOk|0Ij5_C@_kO|Qu%UTbCdYp^&_ee
zW^c|x$z_w<_7CO~#@=k;>Fw7&+3t{dd9XF726t$ra(E%{zWHXNUF1?`My#p=t*U*t
zb5FWg+$ejd+V1zr>hDJPzOR2`dVbSr$l~-+ZqOvbt?pxbmZoZ;4M;vC*?^^O*Z1}Z
zf~>_tJ1U>41)Qoss%GKn1spsq8=bs2tK(uyyt8?BY|)Z+`AX5mH}<v*puy>Q$Y{gY
zXTe4Is<`?v3t}c*&4;C^|GJGG|6)|dvJu-7bV{tS2AM2DWv9HqApcBr`9bk$KLP!S
zb9*<$PdtLkb-i|^Ot(}n;b|ZVqt-T0--C~MY!x{fQbq?r+*jpzX2Pzgs%w<0On{OT
zUbf4~l9xE;jQX~Y{pME&tiU`&VUU%!!TBR?7APw-d~EmzpC~xc%xZ2j+^!e<og7s;
zel`|JM&B)Ylu3f}#9w}B^2{m$^cpbF-hUAALX7R^%@7G{jdXai)FI|x!s++9f?JoK
z?SFdivoYiiX&SlCJ%UhLsK1Uz<kH*iBJgUVg?o&$7t~jGgTk^Ucw`n?WiKGVFPjK8
zM?4ohcvukvJsg_8+U6*}Uwg@2A@XBEJRJW!5UpOBU{?DIZ<}*({xHNUqiby{Md*0J
zpg^vAC?8c?dX4+~9DPsJaT^Yh2if31<N>G#vxOLy$kL_g%!*_vDj9zZ)BW^ljPyXV
z!tV~Zr+bJB`hZ1N=}l<DSGB55;yn_NPZ#-^UFSt;VtTt71UG!2v<qX&GM!FbdPWxi
zeVRd@N$)D&c6#M8rVbA4j83?rvC;O&t@tC(<E@0#;gBuEA}ob4mj?$j6^i;zVu*21
ztn+RS;gp9$rw8);Lt`f-Cu^rCZB!x2+Tu;IlgE=zlfDcjbix&eNkdN5$MX`To{^~j
z7N}5DJ*l2{z;+4H=wvG!(AVQ_B6Kv+)zsxhbGqLcK1S2@G_OzBg?LR~($LN#Xf%nr
zm2a(L{Y}F68&)=hwj=STgy{0=qG(`m6huIJf%CPoA~7g#@T&g_On}m%TuGrg67Ujc
zz)L*MJzw%qUz-Si_T5mT9tf(U#Bq`9g^tL!9bXNAqov&<a;fT#28v?6Mh1sbCzBAN
ziIS-xrcGBU?RrSC>-z_CSC=xDgJV|a@vR+22;PQzvnuc4m58t9Y%{cHFQAYu$bWBu
z8s@YWJErYAnvr;g$f0@f-PQcjt@yncZEmZ!E3%x@VcdLS#{G(r23FkHi~RB2*6}(j
z6}=A6Ln{|a-bUpdf~g*d)C}Tveimn~{=SJ^%i_3Wr=21(W7%P)cFDQ@dFP~An_bXb
zM5m<K#S}B9HOBU%F^4g?W>qCrg|GVx2&h<+HI#fIO|LJ8114Aw2p7oq&-C_UhpEy5
zMvr1?p105fp^7=5Sz|mUs!7yX%Jw@fsmD%F_Wb#&fH7<J$!?E)z>DABeU(L#@q#Hl
zSo{<;XlXJ{lqW<N52vSHLEefYjs%NUT(1k-RJg6=8O{q1n9bYAtQ3z4R?M(iKjl6c
z?5k4!miQ)18L6Bk)2sLFxS-$7eJYTf#MdNzS`{a)Qd{b&h-`VrRojXo^g{W-Y3FZ-
z)P(7M&dTfJ#rO;5-?R#{LHk~Z){p$6f;7ky7e*P&(xU{e{HLG?0c$1qybrRdsKQw)
zNltZvg}++$VNX412h2?K1Wi-=5|-a)0k)|3Lww*C9o_Zm8F^Ag=k|+=D_JOAmUF3A
z7F2~=YQkL<y~Z4>k4Cy;daNEaRoj54)`Mldn79R%yM@{Kr$^PNe3@l%&&~&xZ;iX`
z?*sMAXa{alBljX3TG%xzc@S9IFM(KB2@OSAQK1k_z!Qau6LD*<CK5)+of&!t8kf~I
zFypu0&JnRo)$a+#o`dRcs*e;UX~1n*<()g<B+n2sN^|jjaVNgq8K5$n$p-+3#>=Mc
zLLT&0Vh9)R?SYv9_EzX-TEEQ??_&qN&qE2b-R^51ci$Ttp=yGF`-Aum#r<ES_Jjf1
zaWmoIn+fkNZns&SmaN1f0#!Y?oyqDW;PD={aP}=bUgFUMIi(xW>QCTq*N|>zQnT>V
zt2V2A5?W=n6`<$NKTS70%s$qti1CWqtf`Bbm538N3A1{;y9+yrhyj6ks?A~BBSS?o
zVqlU|>;6?*_u;T}pZoKx@s3L2dNyC_9|5&$Za-8eG-CH*eCY?TY{~_Wng<?FifIyt
z7?Kl+F-$1%1pQA{fQhMQ7|H;e(bxq@+XzU({S+-K$ivuYO(T2}9pCuIzRz-ZC3+^X
zX%$&&-j!&{*#Mq7BhSk1G|p)@dg2A49Ci#9{mmE|?rs*GY^N5BIwsu>Ty9@0O>RNJ
z6!fUw!5<Q~aBku1FOB{J$7Pv#@|cm9@t8XEw}b+c<$Au|FZJ18GU%Fp-I0mQ=C&Yh
z7|BO%mzyeDq1g+F8nQ!_*Iskm`m;mTRvhxiyE55kR;kW|{YD|diYcl!sIgk!(o$7#
zCaV;LoOFcu-POpCR~#A+o4DU;)A^IKvHIB$7)7r4WV;t)2h{V9P>0`8F6CYYsFOG-
z$G4(vNmHC=@ljh4*Ff88CVXP;+38V%HuWa&^lK4=e5znAtHPcFSBjD3JG}=PZIR;6
zEz`Naamt}{aSo$ARm{|O7cFj*w>)@b(Xm}W7w-a>u;nGyJw5Dm2*cmJKeq#z1-I3<
z?`W{`#ZG3vQW7^Ir^dPOTWxHc+0%oUR%ktHnttTVL&|Lo4B#8dR=0bPo;EP$8`v%O
zTR94pfMQ)OzD1!vP&jcwcR*qU<f49*1G@>KM;|!%#Jt3xW>oGDQpGtBPf?R1T!f3o
z&@Sq{Phmesq-WdV`Z)S0tIHAU4{BWuQxawmnoo3T6WBw%TpzOM{PZO)C0;W?CU?o%
zEz``<VZ^R4sAcqMbdQAH7eO?-Rj2!&X@4DfC4SQvL0%#;=Znl0(I1UOtfxu{eEj&a
zTo*0o+{JrH!#HChMTMl+#H&7*9*Y!X`{M1}pH%$CU-iQRgS5!o(=2$u&?J<N$kx6_
z<Ti>g5os%Um{cF{#&YS{m07t8&gc5B47+Z%z&mG84-!sstev}J4GKMJ!uNNc(|p&L
z;A@ghO!MKiVQNg&LQo&Jzm&6BoT51`;gdZq@Dm_{MrTHTQ5_@DJqf3dNxlW(;{6|R
z!T$?fgc*qu$`~$7qB0OF=xTayc2A}K)YweWzqq4As}EYN536$aMuRKYbJ2(}sp0_<
zA+05}KFZ6}u6FOM><>Q9Azi?wG%E@#t4-(+qDCRcdCcd|ItYu`4o@?*lvIJPWVI}C
zF<YB!jldI;$~}n?82M!-H>=3etcQIFGBlzQ=fvsv_FQj2?hUNvN)GK9Pjnn|S8W6e
zC$-xIi1MrybPd1A<z;IFe%PRCqCozbU+83iY6KZvrDr_JC5XAnktAPc$`M)>i#i_Z
zsS7GVo$2cNON4+EZ{+@i6aTCvq|ow`hj?WwV$~0s(q`ZC*e-ILo9~jt6srgVS=Zrx
z1J6#6{k5z(TC(BA?YECO^t=b`jy}N62Hf^WhO(_7A1dqkJF@3v>^10=Dn5sQWTn$-
zzm(SvcH<}qEleFw!x<`kx==T=rF{HSU>O8rcx=l|#n0iGov%J14myI}iKd6F7|Y3e
zxnh!4i|OsOI09GL+&BD#ZuRLsb88G>x09{>PDO?9;Pg)GHNr)sjAN$%v!I!A^cy)|
z#;Rq<?$URPy5y2cLxzVsKRmV8LK8`#OsADXr5xMaqPY>(t<MaCxnwh;z0Et?jXUGd
zFU9x16?bZhbJ@H6-HeG5b;L{xM5&;)PTC*E>}o(n`-5r!ltfy@(|%HmDTaJML~=;1
zQF@Q#zKAff%NV>E2(%C4=TN)1ogyRvt<8)}R6bw}yEF|re_Ss<exaH!A*L{*{6QH4
z4{56W6-#j46ZtsyDXzNPrDmy%qfjr<2Amj0bz?+=t!+tnxsfZKwbM>9qvH0~Tw8D~
zM&P}Nlln8%xy^mmCp*Z;X_c&bYL~C+Aj-qUxe!`mkx9$F%scWtoJ}N{UR<M&Q$anv
zLI`QivTjb5&~ZnZ?DEwzvx~TQq1^t(fOTDByi$|A6k}s)kicOZcm=t*@1VuuEHUQ+
zr(ZG=ZIlo?>@ZN4E_O5J)eqc#SQQ^-o2qq;h?8ASw;O@mN*Axp9auj*8bT5<*el*H
z?5i5$as-EFnG!(f1#lH|f8#3JV{7g-QW6H;n|!57v0$)SbM6xJm7+m?agB48=M|Py
z$uOTFIzS_kVv+x3oh<2-g+#ph6#f}TGsPn(4TxARNuaspxl1d7n(`dDVoS@W7j-yj
zoTfv}dg9|zMi&^N13)N=@<yBMEW2S(ki_xPyADVbXDI9ONoe-x^cYnx9gZu)k^;>U
z=~-pwnzYQB={0S>4DnGUcKoNEkyXmtFH*dv_K!ZQRo-I3t&A}@%(mt+o=_b6B*-;r
zq8&yf;q-EmHKxaS%xw=p*zq&nBK+YEwq7U!8*Gj<ar{M<^t6_V=*z`^MSTzelKQP(
z&psAzu7Jf2c7I6`7Vo?;$W|l)@f=_T`R@Uz;U;HU$OoC5wxxg+wxEhnCJ>_xPL>(f
zf5tl;c)mXSLm?O{6l;Zjy7ie%yXb@PK52+p@gvZa?n5Q(3V<a(Vl6T0{*pKRC^!EJ
z6#0<L#Sb*Wp1elcPB^J;lhGr#-ktQaq7{dQ9fL7EBy>MXEBvE7RrUU)|8sHl_x@hW
zF}}$OVqX>Q@D$1rN8zIsg`x0tm`JgP0TG1vc)P1h)-NrFd*Jb#pgdjK!VMWr1#vse
zhnJn8(1)B?=tsnh9n6ZDNA9YabgZyQL66ep-9F0g*i*Hf-)(iMvenF6P!}Fk)XgGs
zvCz#(nA#{Bg4>$Bi23R^JI`%J>j7iOB=hY2Hq~hj+I+T|`ljpwm9$y~v<<XjwBsVf
z#vGPco}()AHG~Rs1oROFzJ!%!X3^-xF<IT^HHwwG=uoK_A3H8D*z69NL<XfkSXw9w
zLOg!O+Qd=Tpj83!GiL6ncj-ygx;~jHkh_ZfO7BwHzlRQ0DX#ilwb&7hma=*zKh$B%
z_AcG#tz)rDT2)KzCg7r0gHLb8;z%7RhMnHjX);DE_9$DmDnpEv8*kcmZfRLpa?TI)
z?DiY3e9X$`y!D{C(2fE#f(xlgPF}y+D0Fg%W%W=yX^12AOSzl0=T$Zd={Q$D9S6<a
zPU+j)dq=5>X5a*Mjnqw`48%(wKVTV@=YFIr04$re)Uo&CBEOjcAC5}AZ8ISKzo617
z_4P8}@D+O=7VC?#p%Ljg4(OG)@o#<0X{2^hwtGj$6MAt&ZC&(ulZ4G9&v9e2Q?JH~
zV%HuWQ<unN{vR4(`f)f#V8yJkY&>wXog=p?yklt-z)B(Um$78S{5&nMFzd(pEnG{f
z>07ew@$Zw=!#>Rb610?>LK@Q{b|BX|Lzu8HN>C%+yj`KDWW^2&8j4gDl?>J$rH3un
z?(A!_g*X5FE&$V8=CJ{N>DhN>!!yl%T_mBIW*<5ELdC5<B(&tYr4HjMK>I?9$JRjR
z=Ml(-E%j=TErCNO_6}T(U_^&GGicd?v7x`gBU#MLBz{%Jhf~<XFo$VbdAGdnN5d?&
zHfV$z_bJpw<$35pTI46N-o%+FeT=W6cBSRx0KAFS*ck`u$iulz^m(*=EBSFRCV~w#
zbmJhQPN~OsI;2h@4Dsu$Y|7JR+r`31n&Rs7*(waA1~;`9-*Tib!*2{ySGcY}Q~AoD
zwJAK|Q)^RF2R1M1GK~)w6+%Iw=7x^4Jo`fb2e2b!p!00i&`@XD!p%NxPr~V``}%X5
z{vN9AOG4k*<0Z0F(J<){Z+CPO89Tc|45;`_D-~{Uwmm!9D&XhgGEG}S484UX#QGY6
zHdW!`q5-irkvSIBd6;&8z{Q<A%-wZRA(!}{A=kf(7M|bH4?i3N#^cx?z%rVMM>Err
z!|u3!1*UlUJ{{3ArfLr}cMO#Tsqw<3PEF&^^B~y9ru(;Kh+pXWp`qCGILP_kAO}E|
zLy8@@jdwe+qqnc?DAnKE3kq!={9H+@gHXIvZ)2%^x@%RokW4ivUaXa3YyqL)%k_1)
zqvnixfa5B(84?_(dJ5EFs#Q*@%v0l?zMuG0QyL@oJ7&th=y?m1Ep=Nbd)3bdog(4v
zU$#&&F4df#r8LirRluhkBl%IsFA7m^*x#&I8601EFY;#$1?ne%#+6Y#Xfuo`<}q^Z
zAm*@3?&>f=#mZiylHFbkdI5o%Fr{Rjk_A-^StE0{eGa@pI3`pJ6k~u?Ki6F3TW+td
zY!f^pYGfvHuAXOFlY86pb=D}CE*Qc0N}!m-Z&udYS!r0T5gc{67!<E-s_X|3-xQCt
zYqsv{lG6-d`I3Zip?K}un;*|<<wGM|nlV&nY@m2ud&WLby0|7Iv)KZm6)h@BB$YuH
zjG^FzptJ&Mt;|1qGC;@GkDd&6CghMBV#r4)Y)Kz*+$HELr$?gbJ2vMI|2hqmxSoz6
z-FYuFkO98b9LdIJY_51kl223Y)9NW;7^R=q44;FN+<ArRj|0z6HY2M=Cnr?{5L{H4
zH5_;{+NkW#OTFVowGE@E7O$=}HHfkIF>9CHuDU>Og^bqhoavNii{rAP&tmYnLVxI@
zoHv~!xRWOAnU1)MXh<ty5h$J$)3!FT*+ftOn7-zP$`ZjNRuspC?F-_J={vtbQAbUX
zYM{Gi`&RGrA!>=PsLUN|iS>{s7XL_+udn`W6*ShYDX(e&MiG<DrQ-}lpoPEnY=%jX
zXQk+E!ARbmoedGFMbf~WK=PL=h<7nH=u_fQ74=qBBax9khG(3yCh50Jjy30ai{#l7
zSFnlcD^w<j^1zXjXqn^9H}Zl!rsv}k10a0z*UIY56OLc9CU40xeDiHktA?XYw%Bq&
zjD4@)tllb4S5MFVU`BYYi!~<kU_L3hsJ;UAl@zxCHGU|`k$wx6E}j4#I)A2%{k71D
zWIq8U1jR@VR4BmCv|ifg#=2a6dP2qLREwv3dqr&sL<Hu_)!TxT1i|yB)kAnYV#Qni
z8oCu$K;JGQ9gF)Z0Y|AXC>`x?D|;|v)6BwmF}TI{og&stD*LF|VHMK6G9(L7&akiD
zY<tG)<cJ1F>oxM8%@1sDX@=qOcTOu7dPA&TECMlt!{;@-X-0632}z2%m#2KWrNd*Q
z7tG!q&EJXz;UP09?KUy<C~%fbLO$H=M)m-KShRsu>QDF(O?nSF^yjP`oijRX&T0go
zA2c80AWh4<8H5hLnz2t9vAJj{z|YSZwOa|21A-b<W`|0UHWW}&Qc=W`0*%8`*tQPe
zjGiZ}7b~^6$-v<6KZPg?%bU)&w|}QDpL9VNC|#qmzr>7=V$BCja8Tu@QuT1GJ#Xt<
z<?8Uom?q9d56Lp<Ko0zx6e;~J)jET6=%t`Im8RabBTb%o4*X&rgmiT4jEb60Pu3*r
zdr}lobV({vL&X!7L5ut|g9b{kpv4$fdexuBBx3Hsv@Yv^v<J?gL1r2#teIIqcj?81
zGl}r9+pzq&YlLOkr|Evf;FWtakvjGoj#Ct4WUat)+Lwl&eEi1Rq?1&mUS=9&5GdNN
zT>dooK+(YI@BxIrXMU~JBvs=Lhs(oOBM`~QbJ4Yd^I(Llwh2dwW$}ZcA7ndk|GuY+
z3!b{R+MZ&PHX=PLE>U|Z!Fe%F>~b+&s~eRHeu!!U@$be%bx}=jY-}Lx$o`*t-R^h*
zZ2?VRnQi2t0*LDAL`uPMcsWJ&iWLz@^kWthz7*jK9j%=cI-j@6VH<G#vX!EtIuN>5
zWNoX6LyU|;hf#zo>8FKFkl1$~oF|agTAqn&x8Is=!NV>4EXHHEYzb{DPSkKNV;QZl
zhHpF^&$cXG{FpwNk6zC^YGw8`ZqHPrBek`3E}nwJ+cu7Vj-#Q>ZZTc&*gV8k4JXRw
zSmX$>_zS%53yFPLluuxqM4--*fZ--i1A=dR+0o(L4gogjO4%=XooS42G>l)0zTS*=
zEKg%D-)iOazZ%D(Qm%u@T09EvU{Lkx1Hx7V*<-s8#u5T34=4Ahhckf8tWrWjV=GGD
z$Z`*33B~anL7R@K%<c^dZBY6tw{~pPT)QrxUICNHMk8t|NW7}nDRv-xk$0ZfVK$*a
zcVrG6rnu>m=&uk+{=h`MGvmR+(#L2S%e$I0C9mep_^X<V^QMCM8X{K>vmk!(xpo#K
zyU1h=h3(?!$=7=`Z)+044kk&f)%j}HkJp|FK{v8>mQ8cEz_+CFgY$jXYF&bzLxqD(
zZyCrpuIbTJ$VI}tUN31Yz~3VpQc6~4W38#Hjz-pYzYDxmw3ZS*3bb~m<LcRnx+$`%
zUW<nU(`4Y=&F{B_nxnuJ`7bd2vkMd%<N^1+xA6WA@5jYnU&A1t<Sz^lcclxxt~GIv
zAN!$-2KP{j-UU-7Hh{9O05<SkK;^8!UK#1X08%wo_0Lch&nP|zxMI;laxAJ2l(;Xy
zmSkQ4PQFD0=TAmu^W|FY5wYG<0j0z6Q(?67yn1Qz*xnwoJopkLpM>EE06X10t-=&Y
zJE|TTyL#9k25B-&i6hYk#X^T|l>{34*`5n(78$wXjb;1ypV`i{r@m$9dQvz9FDFLx
zQ&-D3GVAuG^4$fQ&f+iL1)%=%`C}Kgoqv!`WPh5MO2>J#<%ZD!Su-k3?Qs1P%P^&k
za=>DdX??^6g=?I>9i<uLKd8{{S75u&cUX)Tp|(rrH`^tJ)S^bSO8*=ubuk?ybI3AZ
zR^2FE#ZT)NYt{bb<RrK374p3gikPI@PdxcPSN1`gP?^?2()6dN3rVb3>?TtEQ{(Ih
z8FhNxK|DK)4lRolsWS41542nH8u_2J<bO5oDzkQ5((;GtY0e6)F?b}}6NTlIc9B2*
zfRPN2uiA&)P)mB8Ref@}?#<?UEdxa0ROQxEkos2BF#Cr|UPPiQt(RxsbS!g~xh(*9
z%z}<<FZy6u)sqSH_S7b*a`Hjd9~RB;G6ddMOq|Os8ob4<Rg}^HGWkYP(l-MNJHk5i
z_g_(URBl@uVj1uS!~*_%ASk3D@l*+{>T-w@pEV7WEf!O{$5d*il9Q!Hk%5At8=wP(
zc!?hr+ul!^{UbO1Qx~`$h8+LK=k>C_$}G7aO}mrzmqIeqCs(<b0X11^1$A;%obmbQ
zp}X=4mNf?+P#ZjCm@Ietb9HbOm%rV}iM6209C6<=X$;tqM28jQXyW*!H>qyF?g!Bl
zsaLVAvN*`^fUPi#zZuY180^!HPjKD*+GR5^A0aR!2}+4d&SoDAvcyTv5WeUtb|jcq
zI|3o2*Hul*dF`6SyL$#ActJqmK}?I~M;twpjmpyO|Cy!vsUE6>c6@l4NLpz+n7v|G
ztR@h+tI+y<j(?8lL+lPYtn^?u)?Y8h4(*L$hxfKp{AO5CGB{VP4H0V}Wihzbw?c<<
z&GGg+6^{!BVRQ^xAZe;^!nRJn#O<*ODhDZKh2w<_;R{}Rbj*{TVGzH=qz>RMA6e)6
zx@8`vPM1qiJH21Zs#X*Pbwv_7#A4B0kJ1xaI_IJ>cNc3rvuN@9<?^+v36N${G>g+!
zg}zD}qOdE!f};4ZQB{@F8?hZ1Q7K8RKPwoh^LRw^sOrJI7>tJovC$=;bHDh@yqEf?
z({h$d3<bnQ242-R=?p5bR4;SA$u`m71XF!G{Sb5<5FyHgn>cRK-fS*#+koQ$+2^B$
z0sPH=pl=@R4JU{edRD~}zpHuLy5N{H=Xs0DdH&tR{#0;+>KM~Jw?|?T(Pfzwo!vpT
z0r#U7wP_4ZP<S6yi6Me1ri7)4ItgAxMK#YqfO@#}{x=grB@1W$mWN40>5C<WxvNfz
z6;fC<t~oAv$V{zW%|@*wwTp4?B$&^G1rO&9eBR}KzkOWL%!QIFApLm;aabsW=Kqr~
z|EuQ}NrQImmyVavB`;LDz3bh-s_U{sJi6|~O;n0+piwNb77^4au=;cYR4z3djX~c9
zi@Td#N{$;SeOwVd8ffzYZaY6IYwx}%Ip%XqI3}h(U@v@JAcL#J&zK^nvN_QIB_H%P
z7&LY7YYs6XyR5TbfJm^?AAuRd!6z9fMw-Djksa_j+^~bAPpT|tR4}oES4vLPK@llh
zn~hL(4`<+?z%f%?*wU5l@<FtkA3nyktPu0`HVhWvn(tth72v|<U+gVGVaA92md|^M
z74+GT^-Oi3r(`OK*LSBv0`qnlg;?WYEF%LvsYA5QWpvArKvLza?i80w@Zr&XqCYF{
z+*@0@j+Y<x{SMbbp}IQC>cLv+YNm+FvAzJ%9(~L|4rtbabL#cC_(D66j%u0mS9<@h
z{|a<3MOYP&4F1ta3;GN&(Sb92MpS*W)CW#e_XxF1)un0?FP^{ZJW`r`xu;%6n<z}d
zKsxq4dls7uD*Gh3qGoy|pjpH+gZ&=8Y2)d^OeAS>-Mo`bMg`yz$vws+wwO$uctPU(
z%$fzMWGhJ!f8(M~>}zhjHq0PxF7*7Q%RTJv9%vn4+RX*r03mzht>KutNdB_v7<pRq
zUfLSFTkwJq=01mWkbkiDV8L?;`Ut9(NY-RGlMYp3Q=Ply_-8i+$l2ynU|c5it5KAo
zBIYQU)aKxO1;?AWb6Pf}q3F~QwFiX@q?Xh_zcJ8L5%lUA5iPP8%cDctO@=!1@LwP@
zD(1X@#4%EL&_8gJSPof%knKkRkS`58zzR#fs}nXRTCLir!(kw%G@jfHvYJZM;t!e~
z|9PhKf;8YUpF*iy-9gJnBhO!3Hfk)1+fxYwsU;(^g!XIe=R*RyNAI!NCs-6TDJ2|s
zKiTO~bI4GmegW#Oxk&+}e;!==U&Os-Se0AXHY^B8DIp;uA%ZMg6eK03MY>BtkVd+@
zK|o;<f^>IxsgweOw6v74NP$JyH!s}oy7zvL=YEg(J-&bZV6AmsbB;0Qi1R$>yAm*6
zyvvN3Sq;3<`QmN)C3(wQL#g~l13*ye-!$L?z@T!}PWIFZG?UrBnvRi%@0<{N=8E+F
z+|~$yc5!(<EyP0%KSqL4O#|Q2d8hZq$D4tzMotgG>2S_G3}6KbcWPAc(iN<fZrFzM
zoCEEr!T8+gV5roN31?tSy6N>Ugf7M8C78-DGFwUCLr;A10ZU^njo|0!K`x^Q6^2YB
z-D?nFrRGm>4+sVjP0@RlH3bpIDO<utnAzhxfJ-ASp8uM@+`S6UyAcaTc!)Up#T>#r
zAMGQ@fG$U4$d1M|m_8c)gp2{a?K!=Y$;T^;>H!#reAw)uq5=a@`4tw17dEW~5`Ivl
zybTU?T+#@^mz{s(offE(R7J?<2f-A-4gi>92W2C}P-9tmm?qouVCnb|mluHH?n^#w
z`X2mP*x!CE(yQr=wQea*pLec{wVqkq1(7+UcXp_@Nm4y#nt#V?s^O03=`jsg2<3>T
zSs^iEZCm$zML~^%jt{s|*e~#-ssZcbecY#PD7EbZ#Thg&mkE{pejm)66#j;IeW?ws
z=$0Uw1|Rqk({pD7@S!2(IeY-3Nd0eFFyMUuwO+sM2&^xM#J{q<`~d*_e~aG(gYABR
z;gnu{bcIOn@5Cu2#7sG1|2TRP6~@C^UjaHfx+*_=bj&6I!(TP&VD|qbYFoq%t&{(M
z|NGF?8?4O#79$P1xDage?`(j7BV+<f5C}8>33>**B+EnSd?<W@F2cZ&37CMzx1X4X
zFzEaL*BmT}a%4&}SF#3K+IckllQF#11V585fa<&l=&!}kP0Ya0s6dtmP~@P@76oP3
zukZj(6SE+MGlK+;oFHg&SQnVL0cW`koCO#I)S-j&lt2A{3d4E-w%z+29NZ6qgGbui
zE2?ZaJ9*72EX7|`{R4&QPY{DY>3s<O8z3EOnJ);Lu#8*E{1*hie_eCHkoxB}2LTNC
zZ>Z{c8jw?G-3aDC0jTPZ(lTO@wB7&lU#}hLZr&BYLWK7>A4)-i7_IMwKYm3=g^{t>
zb3#6(1AGWz>S4jF|E2kYsPUhB`4gI#_y%I9oU<Ox3=A~KYn==eIYn~*jW1by5JT5?
z35W{(1Lx^qNv+itfGk%7v=jIx|7KAbkVT<fx@kZP7<{d(!*I~&vHyvg|JC#TvqfQn
zx&6No4FIX`ABYBkP4o{$1JGCao}k4euXzvvBINnF|IbdL3&L-@AO?>s2*24zu~neT
z%!l~F?2wh8XXAf<CLU;`dP+a`0h&4wky*u4P+r~sjVtkAa3%kZwFfCR3{T|VeDtWB
zrS6`9z*Ju$`-0(}P&K2xihiC)(>=p8_8#EyI*^?t0oijt#FqTG2L+4w4-X3H|Bj17
zGykZ0@XyQrN67^p*uVVrGejb?4HpYf0)5?7_4Lb-Lu>+v0Q4vl%K!DcfyV*pxc^i&
z0NKeuQ?~w_P5Hm{<sh91C{=a*Cs;lHzvdGhsA63X<Da+xiOC7_xPM@Bf-300;{Xud
zlGjXctQwC2{z>;&B>uY`hzz`Z>y_gfXpFkVR2hMQBK9kTKF1UPbu$5B=$|+9zu~C;
zo2C3e{c=D_xl{4|6!Q-fxTX0cGd|Mdf^u=pe}+u~yWpC3Gs_PyEtzyU@B80(LrF}4
z&}knQV)ZDCYGy+qUBf`AA!81}@=rrqsxWt{LWNzNX8cJ5svFlV#I6S3u#p74<_8!i
z;TGh#Ux2=G0EC#IfnfGEK$_>n?F4heq*G*eAm|BtT--zM6nnbY%ty*VRD`QgTiScP
zYv|phrbXW?yf9|<l9c^NN$$I&6gulwMd|vYy2qfQiw(_pv^@PD`vGVbbwTx%%Vor9
z=SUbdOPv9LWfP}w7pbo4ZicA&si<mX()(S+<1g8NxuTwA-A?wvLT2F<9pi!J$wqB8
z%R#~3cd<1ipc0Td+L1jnMIeMwDd;@}NdV^@2qSA?q9YR``Mv5qN4@{do2j_rt{a$X
z;+}1sod`PiLgN_-B~MT_YDDhnUhKb^?CAkP+Cx7R35|j-q^kvunY;VrGf;N;f!01J
z)D6=Z*B!lH53r0ad{dj@FE-mq9UFGi!+9BjLR}Gs;ci=hrc6s=^_1ofUmn}<Ux(UO
z76Gt%Cf=+F3rHZU?t_Ns(lD9B4E09sV?Dqvh$SV>%R2(S={$od%N1V6```S19?7|m
z4Sa~ClL?txZ8}<?0c|zci!N1L_QLOF6Zx#qM@~tbFQ2!@R#NUw*!Dt1h<t_QHcbjg
z#?LXH7j15EEv`Lhn=MaDgkwnj3vm&!32n9~J%#Q<bZ+xF)aw>opi^8k%nG$Qe$3Mg
z)~ZfgM#qx~@qnLb0abm{Ie#R=ebr#HuBVO_^{|N#`9-wF%40hrEym-G2Ox(~0cj}T
z9|g}JFqwlj)v3C2Q}<OOXqC+Xq<V=~wFwGbc)I-Pw(QetYN=}btT(TlmA#lxPQTPz
z1I9#ngC3K?CDxj6KC|W5r|Si(p_$@rmuAG~_E^Rfqrz~$Xrr!X6rS*e?cH+HO^x2i
z(!T$Lc*A+|aNiu|L^|Us(z@bZ3*~OfkNA;>+uaFVY{rQmYrLQU3mIo0tS)w6Gt;na
zG1k1Wa4-4b(LU(%0$HYaSAT%vwym{5?i(<lV14T}8w{ab3x<}<47)x=B_T7?*3Gd~
zaJQ1o-d8Z%<3!qNsa2mm9X<khErO=w1vb+9V}RkLq&)a2am99Tb%oM<p({4f7f*ou
z7<4PnNi4oi7k9pPmC>Nf|9mqowhpIPb#B9#`V7XiumF9_MB-V=DVXqe7w-;3IrP#W
z$79)3oQxLl#olB+G=c^#dU*N6W*CBW?uN_&D(rfb2dHuhgvfq;Tb^<YQ|wn<j7hX}
z1f%Nd@oJmTSwMtkgU9`BGRYBo?2*FH3Ptr$d(n-xv%K{#FUpC#4UjV=ayCBvWL*h8
z-9R&nFJ<-9Bx|?fz}(MGMv5TExR=X!Tm^cWpC*38*8+<Ihgrm{vYR+=;Fs7~?JBkC
z(%nES>n@y<gT<?C+T(~g{Y8!c^O6=S&o&jN>wW1HJod4m7#*1bqXh#6_xtGb7|y-+
z7Io-Sb%puk0z3Fi5>LdiQ+`+p2|m9tPF=Ev38ZV<c!&SeZUaIMAm|Y&0w3RSTjUel
zQeWEzgGdvn7V@btYIyKLC9*xXMr1$D`)s4NzMvSW<MuR+b2x6;XcBaMSu|^2Jl&jT
zsh&`*a0U-9$iJ)*vCO+O4p8WnP&1k6L?M|&_ATMJWx>fTqU<oGyE2~%)5qhG+N8&z
z>8f7e+&Pm<_H3ECZUF&++V0llQM<XlO_u(VzPpI9)xMV!Wnb+EWXG{oD+`%-l08z@
zlI_j90HI57>~f<X-GyOh=|j1reh0qw8iTJ6;}$a2D^()v@oVDgaQG9)6+j)I>J<gE
zDU*BIu!wMRm^&B)Vgl~fUWm~&U<}yL^Y`KMgXaBih0ZeHCiq^wX+RG800kcXMp^ZO
zy)?9DP4g>6Cm(Y6inL6Mnhuxszrz;f`gr;+5Ib)xEp`AsgGZub+EO^uaz#Jcb+kCV
zQhdm`Z!vY1B!RmtvS$*ajajQvMASWa*dd-yZa0C{Nf}`rNyGWUVNy;wzkKZZQIt~g
zID6a0#-=Q%cw3=5ZfUp#!ojUCN?9y7o-RoUGL9+Ote#7gHXVGQ!IE<lDJ@(c)M)7a
zZWybh>Q=mDTSR6?iA=fV53t9zbNmq&0IfHDg_p~oGOrgR$ykT4+{-isD-ILa9(`lA
z?6Hn?&*^<h(%8&V{Yb(1bOT_)83>zt68X45*Swcun9-}rxG!ziHH-NyxF-;zXmMXT
zbVIlbO~03Oo4wis#-S6Pv}KJRJ+nM1o}zZ$5NtZ7DId?JH=gXVR7bQL1MA_cS)+I<
z!d1<Ea4)H6GVe9#$tihCYu{LLk6PmM&W(%>7YeX2y0N-bqC?gzi}&z*)##juo1M#s
z7nRS#cefhjn>OB@7GxjI@}S;h0eRpX5=zS>V8HVhe~dDIk5+wI-@HlaP?aB}>JSa;
z*a<+G1FU2~tC^HVN-XeAAN0)X!wTgAT)x4{dLJ04_JnGbC28_X+C$P&a;pYwW>dlC
zh*8JJ6&<lJnL2U&edrNc@~RKQ>JU{+sEW53@*o^x-nCD+<gEIrhNTtry`<}wMC9%b
z8y|ciZNhIl-6^iVh;Q-$-3Bz}@zBuORuy+V>`PM-;*CNv7Ba<##SiN?X~u^8oYM^Q
zaB^yvZZNuTl=eWBJ<81>iPqRPi5(VQ`D&ccQ4wzQx7z&kLIy5$1_~fk_3vkM=gZWM
z0`XiDh`si>{>%E_TiNm9ZQW_x=Eb1hAr{Ggi^Qrm`(}t>Xg!l>Q3;dR_w~FloRJk(
zb#M=9mCQOg$IMbE_V_)jdx!CL0~QB(zjX(N8rqCqIKow|Lk<PKe#zFko4w=Fc(zX<
zFW1hSA0(9ttfg`$8g5A*_oK@f3d(yJw}jhv5C$$D?ORSsrbgtljfEyY_VthImR#>(
zV7Q)4Aox9IaP-vC3WkiTkCm~<putC55wUS_^{7fBU)=?8<V{Z`aWbsci?6gj>$9o6
zr@wQ=Bh!mQK}A;$as3k3dEE{Nl37uSu}d1kgpTdRQDi#yut@DryVjs(@fpUFJHoY2
ztIXP+Yssm@U}cRjW@nqSj-uK_@FL=%4vee(s=-)v-J0!4H*AC6{q3h-mpZDXTX%5J
z2lAsz^nemuU;ch{zeRhDw3u0^c=4Yz!z@p?%5yTQ`B&6Be3#ww<jKvzelUbkIW98>
zbAl$stRCrgO{7GHk>;pzdRT}aD!>@6?%vK$_HgMawwVOO_;%H5Lc|A|P!DT2(2&+b
zyI_}EsDW8w{IDgq37Hul$`_{IC%;+)`;nq>4FoIQO&rsPYXfZG#{yZeATOD_JWaQl
zP1Dn~w;r_UqbfLBEtjhgsTv8os>8fIVtay09t*J0xwqorx*2V}E`wC3b<`^BZ@zL>
z=Igy3Xdu`<VJyk$BbDZW8JvU^i8UivMAA(A4pIbr43h01ab6c{-d&CzUdndh(3DD#
zsetvBh$k6WNNZPEjH$^+6;`dLz54>8)OL>sUFr+Ba$CR29E%ECNZi*fe$5QXIU8g7
z9Pvxey{@`Pl}Sj~9tVzom%c7n%K0089`!nR?6pQVJQfP|YAay`^DR`TKW3een<0M`
zyKt{*_wB&3G<F8;T3Tk0SoAXDMvynV`{_<co)3?;)I}7=0ZcrdiuR4m=vF&sb-I9*
zCTLkrTs^Y*Fu9{lP<Nm=tEYIMXVBq#TWYTZvr@t#t90|dIp^!XN!a25;hG0ABNYZW
z79R^oMR*|7#mHSYpj>4@ry`l@+6h3bl{>MVap&cX*BU%`?b|DClHsIzI4#qs5w@&8
zdO^B5xg01&)i3LD^sm$yx8I=f<&eq^e|^fLl%oEAf_t*MY0jRxL2S_&*dvVl3~&)r
zCg1j4Iw8*#GCZ727jhqJrZCM&-jjEjz&OBd-L5=o*OYTP(3PzY?R~ynPC33v;QbWf
z#SG)d?lrT4NraX5D%61fjca2lwSrgu<+{<>L1@JYt0880#ybezJ3Df_9`8gUM=#;L
zl(@__@ulbr!U6l*k_b0Nc=G9TF3!<@VAJ(w5}|{^Y=NQEbd7X+<ch_iOp?diaB;7u
zE)e)8_I$QdD_|Bc3=21spSFJ*tJ}JQ=c#jyAQeGZsmN%~+5_r?$<K8vTHQ^rHK5{@
zHft8^$#B*^3}uZ!=YH0tjUdG0bytSb(0KuKkfM=U+&AasTHF`0U{=D4oHez^WtBBD
z_$tu=Hm*s?S0@?S<DsgrHS=f6^i$&L26=jpI}&!<tN!Hy?%C;HcEZ=E^Nqd*lSWt{
zSw<kL>}^tVSafP~BkI(HL#K*6D{?kWsI6Yv-mkKv8t`!4aQ<TZ@QA7Y$#RwDs}oRA
z30hp5XwW*+|M1y3^;@*~wahM3z~<E_xgAa6dAvCTXa;trb?ai$j4S2E48wC4tR`ts
z3*{tqmb70g(Toe2DSyV%{o%7K)-2$tQZ72$n?-26GRrd+khO8SQT2yhs85*-1*xlW
z9*)K2R@ygz%ZM*~k(QqQ{Tqwx0Cr?PEs)vkV`*QS?oaf}V_7L#b5%l^E-Wdi`E5+1
z8n2`7Zdq*Q#ge@2jp3Ta6U$PN#S1()xgeIPO098r<)hxBxA^jst8#TNtRze9J%zhf
zE|qm(ZQ6zHqWbkQ0nb_9BlW#$FOHmy4H9%oqGu7ImYckw${I&8K1sOtoFvq~zr$l%
zbkv%B{@$yk;zp0+tPKWt0j1;}J1TyOC+eVSMizs7u`7DPkh`a?O=GCYyyW4I#hcSR
zeL(Kj$NS7I$jgIgfXdZ+-g_<P^vMAJ4`iC?dmnD)DP75qHDcy3Z6zc+U)%X94N-_r
z@^bqKHO)&>VGWCC9IKiw#XEuJtZ5Y)o)u<VIv+a(_cunn-E)pQ%B!uf%YQ*vbSthZ
z3INw{-mCi<!gH%XltV|G;hTXc!N}Uh!)V3O?xC0%J1w0XO$b>l#?FDWfwlnt9hs(p
zqYm0alf-@PT6_*WKGy33o`7P^)MPHW9J}k(730H$z1*6~7>B>&3|Y%Xn8UNEv7t5{
zUM)B(j2)BXBhSi?hM`Gw<Au%?a4sr1ydSifq&|`ryjr&;F!%CaMZUgNc0!EV4gXXE
zCU#hE2s=Y|V@a{ALZ;RfQA1^D&o+0Rkhk)}r!Q$2^c&WgFBi0~+1I}!JT>jxi`)V!
ze}8W*t55U*J%-J!1HiI2pHtiQNU9@Sdmp(7Gm5%fHjFP}oJ=sNU-Qklz7Rd7nH`Q8
zzU5wR)>qMnE!md2+Rz`A2(iz_D$6!FPb|`@E5n;FgKCJU9EHgJj3GN%2kuK7&RYJS
zNvnF<-lfSAC(Ue7|HhD-gN(k5R)LS;VRfHJcE>65h_W+$oI2SX>9)4x%GpG9#I2NU
zUr(hA&N?tj!xeRQIs&tQTC-oE0-&XKE&&uKFVq~s085?ev)=a@qd2))i1R$G=nGrU
zb;@FpPdZ>7rjKa#3*H_G?JBz<eI2dTb2WP{Ti8D?U3hIp&5Fg4RL_Kb(|J-b$>0R3
zKv{REKT@|l(;ms6_*C2z$t0gf*C@Gd=_{WIsQ|PUzjrCp)8@RPC&P;z{~ifroY?l<
z^cf(hdo?VxHXtOcDbYJ%V8vFH?}JrUhy=8+#0w#f#xmp5R#ZXvO`4B*o)7E}ESfYA
z*zymPA#W(~8InE%n%#BNgLf`V8n=q^d)j+v^ybEJ+=;^=vC~T4ifqjU4&O+3+p<_o
zVfOjASE5%;<lGadveGtUxv`loV?BmBG;dPy;ICvvn4FaLW-Xhw#)+>QD}1?s+u|{s
zq<y$kb+Ji;u%M&#eb8}f)|4g2G8=g9!RQJS%F(8s9*o+~9;QlyivyEQBSddizVMwe
zUpeHF0g?dj*;-KzZ5Yz_O^nkoAFNMRRTcC!qacp@mmV!FF=*-kkY9<;(W$O<k!jvY
zU9GviMHaMZ=E7`|Jh0)n-)Op$Q4CIpq;=m#OfXO;_+y~#JSItKRefJQ?OcoxG*v;V
z7=XEi$EO2BoZ4RY4VO9gy?^;-t3ALC%rQ-QD3S<CUA(2T*0!@b%i8!#A+i&cXm?c+
zhw6(Fi)9#aV>wbG%?7=-SqB7qre#=PTVV_@sfpo9sQ2rdh&%~bzR<#A93Ln0c8Gp|
zTxY)0I<gsI(HM@x40LI4=R6*bwB$3s&}L@##kT74FJIF-_qCKGm83u?nGo>@3^`eJ
z;Z8wVF$U8d%k)zs>948T6><qrOz#)f;JPS8Pl*#WM+`a~YLqP&pHiq6g>u`_J$P==
zylOC}TMg{)<D+S_<Ck{z)I$QcZtMN83F5I<1omp>HXY#Qk|;zhQ?M|n)e3>JCFjG*
z{x#RnI4QX2yI?5Hv7-<wK5XnKtBs_{R*>n8C_mX9j}1Q#+L<#Lbu`y5?m)*O@jKa@
zZie-LBu_LjlsTldlgYE`fU}%51eVRkB$YRMU@X5ap4u}VJyJY)<UU-#7G;mw4F@1J
zBWVYYH6XnmS^o=~3T9@YTPxZbPnV*=PzMX~%xG7@Mc`ZQa8J?n74B`gZ@7+s!s!B#
zvTSY7l8($goym=2z%g7Aav?|!ZH|+mty0-N-x-TJszl9Vkl$#%?YHQ6og5GnKfGi$
zDyFG%*8g-%<?(W;2U&IV<81fAHodnbDm(D%Ec4)Md6PyP#tBf)vgBoXK5>2TSGKF1
zWXX3GoHo6qWlh;9yHndxF#NSaLu-1SRH<|x>%{6q#m9AY%or;D+Vs-2d0yUx?d^WW
zHgZ-vZ*oH!WyzSc<0h1y@7c}d^+urbTHhwsL1S{1A5vT_&%NKDQoN<Nq{`3I*Uab@
zIcFRDz3Gc<DCr@>zhUnUBVV!p^o~HCd$BWk3c=?l$@vhX?$Mc1t7r1ybd51Q$R`L}
zU5&+Xx)kAHBBW4V-mV}Bh5fVJK)XWbutiuqSzvejw+QFdU7uKta7=U*$lQ>DGAPTv
z7BjQ}NLcnM49^OPRRuizRT6@kqz%;19d`dp`+A3&!7N;e*M;WPI+F}GD<(Na6*a}j
zfRmCzdP{|Lvr6aWI>qxkSl1{0>b@0TPkz_&TxN>A#P4JKXRC=gHMC;R%`40$I9+8<
zUiJ!DDL$?w%BmM11`EH_!hEQ3rcDFOxrq;dXwdoujaXr`D7YPs4b~n+>KC^k6hfo>
z<&v@xcRtQFq02tnd+i^}<_~&{+v9U{PwM1)AIZt}c5C&PKhJ6|D$4W7ud6=d(sPgg
zK7x~t+RE5wtrgOcVOYs_8qK{yM{glBT%~*3LX^W_?M^|J?094Rw#U1wR=<Ke!-$B_
zuG||t!p+m{2}8Rzlfyh61ukT_^0-#~8LafkcBBV!gcXUeO5lp#ppeZ}z#r7Itj#1=
z6K&37QZL}Y0O$BFDx_y+d`vbk6Ww~XZ67m#&yTkyJF6E_CuQ))?_~4&Ycr*TxzmV?
zJfvjVyiG4xSV`(>v!vy}NNdj|MR6|BnrXM~mdu8Y#ov|@LhSLbhznt@DKN8EZUc;?
zMcV@QQGwarRh(pvy{{#D$(tPA4GiI(<a@cqvEt7CgP(a?Pp-ON$?euH_NJNRq+D^{
zTY6#X+b}Fj;U<#8h}tTY8)C<~L!F}B;#{7~ty-C@p2nYB$ddBSTc5pERS>mw?_rR0
zs$QLlmjt@?AdVv!gN#t{9Me3Dpve&NS)|td3@cn=euigWR<OkmV{{u;sh#c3=2pI#
zZhzTWHsbzM$|k>v2YVCuEOgbzLn2ZZ%%Xi9g;h~p*au`x@drhk_EG9ThRSe1PTnka
zJ{ei@^=LM@Z)tY?z_QxD=Omn9D0=S$yt4SE%N+Yn>u;S*#dezLOpm6qZuoG)8<Z+$
zLp=`ELeTwRIlf|3!6wZAic3g9<hrmsZnbA%2TJvACQgm_lA`tfy)+|P;lXOOW%?-@
zBa)hO-8CaCj}6;5*=R*zHD+<*#IEhFJI})szxu+gcr)lykgkb4G%2l%8M*iCxG>l!
z2{&ht50mU8!nPUS)vZ5}-n6UamfNR{2(E1~{=mMusJ-}V$ciz2#4Kgx$aG>Ic|={j
zQ^8tw^NulUIg=Wv$8Jo=j=r8souoH0^H^Et8gnH5gMhVDEb0_wZ;3osF1|j+vjr&&
z3luR*Ska7kS)dBheN1H$p=Q;S!;$7)%N`A`O{d4M$9JylrVV{*5ON+4euf3xyqh^$
zkde+yghTg8p|2$cEsiGlV~edSPie<XABs+#c4=(Q+)U}{Sq8N84Wa*jXs;wSKujcG
zo=mi7d+2i`HlH-=MG^v=!ZsMong_AB|5X?hmRFq2o>0YQ-mzAN2KVR)TK?qvv~x^N
zym9kxZHQjRCgTkA<sZy_GzBlxV@-pZrMECKyG~t1=Xz6g^JYmWEPW&c9Ws-}iavkc
z7VYRzx)j>*YB}z15nr?|=-t);X(wI1lfit@Q%tXHaG79Dp4sy(YwrP#n46C8(Mk8U
zHI#7Z3e3=H%!rdbipo9Ei8wX8R0D_J=tne9C+`|j0bA!bI2QF;H4&P6#YJ%yK~(k1
zs;IZY_TzH3M-gP`O(P4F=`FRFmo@Pgwz0e!vGBp28e_i2I4FicUb<ff%dKK|zT68Q
zpTAjmCA}k}45h1jfAwpHNtE7<P}f~kd(sor20KK5c*sW6k!7|M=~G0zlR&kH2F`o=
z1(noTk~Z4lsP_5>>58`o4a;INUTFq9Oy=raTq~rbJ1Zkc*Kh#SD0v)Ux!s~&o&t*Q
zEzKdO3q=p(xDmn{UG<bN-l156|JbXaHPl$tbhyhZGfgLi@Mq89rj#r}sQm!bt}4z#
z>MNb<^K>jLGrD-od3=x5_CX7O28?)$<t<i}WDKQ|Ut~TXA8c#wB0~?Q2Ly<m6s5YV
zIuocL>t{0Dm>HQwigBJtvYG;<>;8hW!-)@*6$aDJcFJ^bT;&+exc1`2#x(^B4Yo(l
zN1Zup3o>z0i&AeZ3Q8OLL;xi%!HvA7N}${$lWI^#<;J`cB`id&3_!JN+CoWP2_$54
zRu04GN?X@tn>$9b)+4r-G)kTbOH?^!-U`NgiqJD;y!$x1_~pvu1z6iaRXoWe&&P{x
z(i(G&x@3|k%y?YR{eBth+;zKck_<a#h(##2X*9Z2M({;Xjm)Y)5aXu}J*C2r(Ag<o
z_eT_e!M>h<<_fp-RDH4CFxbWOY)4CQMCkSA_30ISFnEo2pOf^u2Adno$Al5@JZJP%
zAJTMI)Y1}qf3ZzJsE`*`Q%3@C!n$83|KX(*(*hIvrwlR+udBUvLs~ATQz{Z$2{pSg
zuxM3vGf;-8Hun`jXVh!f$JnF`mx-iLF=lmA-xOWQleOtkYd}At@c^1;2bsQfH*yMH
zYVfA+ZL-bqs_Me9X>&=bK7SsOsT-?5J3Zn%>AbFZ9Gcs}q*|ap<0<CZAC)wCv(xW*
z^Z9XE3TZG@$`=w-BlAmqZeYB=6-IisIRl8OB+#YgTrNFou9D;5d`Oj}#`cQP61kGC
zuL8?0{t#I{_2f9%^YVzL^N{f;y<pj`D}>Y3B^h(V2XmKJEzybEEaY)7(}mGl!(q4C
zFoJo;EvgfzM|yod1PzAOERPv%dQM&vsJz+vz%kO~v7&Nd?WJguZ^fa*BAcq`^FRhI
zR8NF6X?~4J@pbHCfr=9?CZyhFiT?VsVODb8ZslFssZJR0?WX&cg_}hy!h6*~Fk!%T
z5^;#bpnD=-_3joismSSm`Sc1aJbDW6nVMd1ZvmXM2>I4#!n&h!eKI69%{A1=-b};3
zZ7W#qxlC_q@=C$SYhP;7tZ*h*KnH|~%28si1_*i_6K<qhm96J9M9`dF%1EnxD1v3L
zxg+V5IV-FK1Xr4jE5-C{{pt$_SN>`WWiG@=HH6d{olZN<sM2C5Z?JEwR;nfq4wJ|S
zou6tfD2?Be!OS)ReM&|v_0o&a*%6-hs+1>N%*8~(l+FmiNh{LZWp~P%$AU3Ru(9Q_
zVd7~RGEvWiY<+aBP>*m&rd0LfCux@wl>$7hi#HoV25Nh#GAZqXKN2dc+TZ1)i(MX$
z*I|N?aXx5m_Ud3W(ZD-&Mh#h~cX@UBy`HEJBD+Up5%$!$h)C{oXJ>w_Zt!)4QxH{2
zJ+b^eLppV`YCn#zZY2EB{mX`Zx8_=8;YXgmd*aFx!#D%lM~8)K3mw84l~C<8=BkWv
zeaj&xt289ii7mhjLor+%s}vxKDq^5(R5x>xQjLtu%d{+4bh9v8z;Y;5&Wc5F6O(0I
zpL!J4%ZIOf*7f=w8BHnkQ$%qU%^TiE;e`_~V<vCayx#Lu)#^W?Yh2uQNhAi3CFOL8
z$PWA-m#q0fTErRu<nyCuE|L?$Z(z2(eHJTq=ackx*F!<^oyAPu-kbT;hqV|XFGu!u
z1HB?g%2&xHP@Pg<suk0uC=Vw85q#0{h(d2xEn_XEYBj@k0PAQSM7A}jCozG64T2DJ
zu{)ZnV$9cve);Jgrv$(9SCXlh?y&@uH$1GcVnq>iMlu!ae((eYDZAsmf<XHd&72x4
z4dI(RGATU_PBJ<CjjJ+3+z0bfS_2->)cSq1XM;Z)+@f6=>6#V3L_zeZHhJsi>sL3q
zmVfl8R+%nG@|*UPG82;kAH;%{x;iiOT)m#5S0V@y+<Xrv0_!T}7E_)yFJF8xNGc0y
zmNeY?0TlEq=IE3~;<I)>CbVgOqTRg^zk)tw+6ABu>w5gNwqI~kTcdu+SiZh=QbRH9
z>%nF)Y+7t?tz(;L%VzM<{#oOl&y{jV(JqD6&K0)wiFT0@*{Pca@7fT`f(ua{@$LSR
zMSJ)WAIZ}MPq1NiR7-Wrk=1bxBFMA6<(OAYas<J}Pfe4Hs2Z16rZN~Do(@Ge#ECKT
zHQncomVd8M+3kpL*eb&IQQu%PFyy7u(A8|+;`*AG+%?EI&yx^W9w5IsId<$dSZBVR
z&HYyK6w7$Dg1IE7df4vMx6QO%g`4YPTYiIG_NvN4;D~6jD^@z|yu}c-n<}f3Jb6r&
z!jMrnt!v#zOd&|Q<dI)m%$}NSAg0K+_+&?``M1DaaAfMz<Xba5!22~oNChp(Tag%H
zx-2Y|8?bGZk5C`V(huIssH*bn4+5%F%m%CMKeENqICezwnq00;0JdJe=^I^Djx~KC
z%(Th2Dn_NdnD-E`I;11b<c143>sDx5=b$o8VlMzBxFv)P-XeYB{MPRpgDpkW`Uof6
zro>2{E{DMk>@#1G#Slv|u{HL9?qRM3Teu6#5K*3GhbY?)qk8(`BNG59x$hsZ+xeN-
zNZ#OnzQAZ8r+9#h6=mq%U8()(J9!y;pY}$dQ<bY@*%InS_s7v8P)fZBLlfe~b8PG$
z;BJi-9oEV83Qi4k<|1y_C1+YcnRRoXzT}=L^|k+upzb-q>cff|YLAefvRr4EmKx^6
z6p?3f4V_0kfx_Asoh=Nh&~Arapah54+&>*&mr?P(E}&6=xs2lc?(@F(g$wuSr5*|^
zzcpD-isZjGi*UB)*}RK@#CwkIVx2sXAAlTv`v(Q8{mnZ;W+|+T;(XNdm!Mo<lnp+D
zfd=1F{~iMeQPGG=&eRMCR`9`qy%hrmQ|JOJ{!+j@Kw$WuZRTe%A4WqUHsCb>;3gi5
zY%flJIt-SlUp4Q{NS%Tf?-q{g4IVxH#Z(0WstQ4zPOWrk_WcIegn?~EIpeNdeIUnW
z`L`VR-0$z7|DKmnH5yTcs?17HG~g1bQ6-Bhz1Si|m8PWF9eOP^IwC~T`})4{6LnxZ
zcbT_*b4gJQ?`U%|aT1H%@A`5_9USo4UU$WCiEwCteP1jZ(JQ4cR;H9neFwh`Cm|rA
znau~9y6(7eWNgbTwo~PAI?lN;2BEc^fj0;@zVo4(N~Lt0rNq!nrc>Xc1<OQ6xR0U|
z>UEd8#H2JAKXQGfDw@919vg;DQ-7Y8L+b?g!-X~_mk-;cV8~`Rv&EG;yoLIX4O$I`
zcu|+}i!dnRY)>2z9l)1&@fz;B34&hq)ANkeU&V<z;4AfopX&|nEBJHJAMCz8BG_ik
z+e`6E2ak-DKmN*vpWD+aRC-O{_viop_S4kzq|kQC$iWA$puugpdo-j$zH{m4a){s(
zh2HvYHGcn;J+;>*X$qIrhWpeh@Q%CH8OoTYceT!!?_d632p7(a6mhl?5@Lujw3Grb
zU|4nTtI+@7{EzRyd8ghcI>D5~$i=19O0h0}d=S3taJy^xO-n6}bHBmY_2dhv(r36h
z(XX&?4hw_hm;?<zlt047dYxaMIs8A?!}|ie{PGu^g-R5ZO#YZ!x=fLv=+VxoF(0oo
zqcES3gcsXpgMM?1Un?m@fe9A<N~63kIlg?S!5b|_uqJN`K{=}g<$(V;{{Ne|VxTUp
z_%bGJp|qQYfmo!V`}|Fa^i$N)N`-&g#jmZ+!9&qc8O&zuG{!=eCL_XuzXor9^MCw*
ze);7AQo{-~luX<Z^iD}&1NguOa8Ns!#ql**oGQ&nDODBzzE(m{K0@9xe+5?Sf(DQD
zHX@D%zAbS6L2ODGiLm*3^!T+*7toePpExWqp0(^Dk^0j)&fDMZIV?@31w$R7?Mg4D
z%(vE#4_w;<wJE%JkeMC4<)i=cssHUQ;aQikm7M;o&GoqyB8E?X?h?OD{et%)J~f84
z`(fJ481O{Gr9x!D7Af?BGYJdb#Q4Yme|Ircz+FLH2G~K0ddf>+>sLyF?NX<FyeQTe
zWTfujArkyI>v{JDxUAulj=bqbe0k}%H#+LTdU$~KuwcS~2V(w*2U3BQ=D*wBe_N-2
zu^#Wy=zJpQ_p)+qyJ7KMR=N^%Sy>g;_cW?{ZiE?MX}30^tm>lo@=_E~DsP3nSp#@8
zzPuYQT>R#}d#>tYPyZG(E_mO(3bNu?d@1wG1oF}t@haNj6%Pvjr&k0)MotgjM~DW$
z3nPKu0;VAP^Z&t_LGbI$_$`JBr3gR=d~y>koemRbD9<b}4!%DS3QG9$KmH#tAqXNq
ze|L<*KoC@S5TSQ9eY_Mg+E5KMM1t&tKrBZ`@xS(uegW#ofBt{y#G?Lt%-i`D^PWR7
zZ?M66oA){wXJ%vKr!xERFN!3Skk_h?zz+2bwusO{zy0d};I}K$;G8Rsk+uJ&>ziT0
z@<)znjEwN*nPdLGFt`aIx&};MTo{h<Qe^Gz?pM6o+G+fM<WL2=jYSHr@Ro~hH2>jI
zKOm3Vcb7N90e+bAMoATzg9a3j=~D17wu$^l{I<XZ@in0cmU$Bsmigpu{VQPA;U&Ot
zW4yqbgYz_SZ6=V)0gu0?&%$l#X0^#c3v0>B$5xELgo`i4C@gLD3o%+X2U->jRl0Yk
zElS%+bSMO+-UNH!)ol#(QdIEF5(!c%gf@c!>^RB$EZGmA>UPMl&wlb9ee?C=UruJY
z$deUxoQX7xYGFxs<DMez1vR<EB;D0LX}6Gp!9nE)M6*^Ehtg|)1iLvP`=Dfc2KY-u
zk(>Hw0A>e<*<<1K4W-)1!q%T=LH&+r)3|9qOQT5BP>fa`GQcp_hxliH_gjQ6!CZ2m
zPnAt*2;39Jv#`OlocP*V<y3Dmd0)$Fa_oDkEyz%c6@cUa@g9}v@SVr{3uT7P1~=4;
znmt8Zw&y*X8Mr>Ik+Rtk%1Zv_0C@KVQ}UrkqeG$V{><4nXh%AvjyufU_sum&lcB@t
z#B|Vn97P~+^9^3h1pK`W+Ax-s5^TBdJG=a^mm4S3{4aZ(*gDqiUuzQm%ZYb#^$TCu
znEjrs)r;r=dg%lPcKI>p_8D?egg3_hD#8in)%~;m<=N%d>lOu?8()wI(~no}ZleEX
z333A7#oMn;23*G5?{pZOA!vPQ@(RTC_);|$5RQpoKlaDZ*MzboVC9=aSh#A%8jBa(
zO~-n|2gc`|3E%y|`qLhIV`D8%F08w5Y!5gSsjDh2(?1}%Xb7Zg{-ZfS6HvPM>B{9z
zzc~8gj~{-^h|i;&w<#v<cISh=!rkZ@f1gXzoase%n)vdJ`iZ~Ziv)x?f);#kRi?Go
zA3<v@1%Guq@DP$huV0A>jb?e#Ao*6`-EAkn^4?p;-|Oz3ibV8m5y{1=?=iq6E78Dl
z;AFg41X#+JZXa39A0AE>5o{)){ppQRFmYqwjfpeEkH|~q!M#15vR2bXR|3Y<W`+bn
z7B<jNGBAJ%YgzH%G8O-8_IB<`5kGqBH|+Jdg4)Jw(Q&?OssAl=AtrSC_CCyVC%)2h
zs=?XvQ}_V!uy%7Ei0#b+h-@)T*vXfb*{{%{TKOv>WN(=3sed3n8E5Z%`>$zG3*C<w
zbC-JRuM65Svgnk}y&%6gKc?aT{3C_D%?>7v?&4=gR$yjsAj3Fs(9i@33%x;-mvbhS
z{P~MO1>p49Dl!%*I^n`^M<|?y0{h4N<;RuiMEvrtufV4w|N5yK=u=xA7Y%FXN>;}R
z<U4Q2E9inSGzw0!^C<^Sz(ic(YrnrF11)s#Y+a%RL5SqL(p5x(l4+hswg4rdpFsjT
zhT7?p{i5ey*KSEj{55i}@4*Pu$3%Zv?-M`FA8)5tnfc|#jlYl>GonhPNE$u^>3sep
z$Y60`PANe*xs1$c|8hLPdw~T$H7|z?p9ya%Gm{WvNH7+6hH~!m-<Np4-8_u;FS*<`
zR+J=A^F3E9>TgBideHclygynr`}ZW_6XriB30gw0!KFmlz1>Nw3Rey0+WFaaJ_n2Z
z;mR-Zp|4F8!-W%EuRxCv@lw2?NTvbK2*!c)1(3dlA${v}H~vMj8|v-qM1P4cIp7*{
zxRD@8#3|=W3sgbECT0_E1D!9HKdYZ>F#V5Vqt~U{%vXw=+q-MluByd3y!>;3f=PQV
zB5yP3rw~!Fr@zKS$xQQ*{^jpDAQvMLwd@|29GkdZI)B>Uyi+dQM=QfG6#<VcTbp8<
z5OJp|$Z+}^@O$Nh|B)JO=T%%v7}>>V4?lzOVGrd!zcq(J0(s5Gph{eE;P&hJo?g#R
zD<a}YWin>#&hvfr`)o4dCLZ?-kNyAnHZLK1Xm$8O!-9uZ+#Lrz9_6FIKVCva2K8Gw
zUA(!juPr763GttI&HF+xLYB}e#gBlUG8wA&4gUT#mJu0@eo+n<pRF(%7znCv{*k#q
z1S|8M8)|Lp;Qg&pVB(a*5rdno(ay-P&x6SSG2#3^dt$>wP^aU%mT#4m<WtSw6b2=M
z-_OcxKzJYaxhWnL?!^|CAc5fm?1SR;tACh}n($l=2j2L?RZsyY=W6JK$9(hCZNSds
z(x0^R;}%~vTkXuEE|<A3g8km89P?@5?+X<r`lLU3KveGPMY>nlBIMBEA%{>UVfynp
zIsb-(c7Aj44Y*waT+$?DtH0a86C2D&TedC}U9CdFCNEDNq0ip=<FntqX#%2L42trd
z(ga>#>Rh)vN@<GxRdj)9eH;ERLm)eQQWh5u|7dJ=3-la4fhYYo@Bx_|``cFXd$Ymz
zJ5T<UA?IB6mU4Ssy+7xzuRx{)omuWs8TDJ^7>eyu_3XEj)YY#1DGl_lBZ#Y5L^7YY
z3Vouv7w-T)Da+rU)XqTl-B+z1r!Y>t084|ho-g%Y7=P3@ngnqfi%9+-PAT(!WR337
zrfU3Q5AUIcMzr%Eeef-KI#AA15K|7>_y_Tc$Rl!8S;>{>#ny!8A+)VgH1Lmq<Sn;D
z-_btEUff}3m)}}?IVAu+7W3a8%f^7!Y&l%@<7;)o)~jYW+V2nLBkOy)1W&}bo^OOU
zMX7)F`+YC*<LpqQw%!V;3HE~gC+qr~tZdSw0-$=e!u`xt+LbTLaHV@j``=QaPWSwg
z0~~83Bf0#X;8NKSVYRrM8Pl2m<zp#B4k01zSMR}i6n-{?pkMS3K1j7KD!Pr)sqH6j
zCI}tU(Z6j3)H1k?l9|d^_vX!mg0$Q1_d#VXsN_g%$!y}32&c1Y6~UhU)T(Xt7WTWH
zFU7y3<<BPd7Quznz{TnDppE_YeZveXH343r=2U0ZDNFaao40U$>lj|Y!W4_Nqdaj*
ze5S%kkeOg2q_Obi55va4rg!c+AXRb-vxb)T-XBW~*>%TBd&6$t$bFxB)-}zCWN;__
zFs(la0DMWTmq)fPE=?NaPASh`lgaWy?-=v@JA(6{11o$x%z5C!NDb#@6fuOi-um47
ziBYMFHNITDfp7Ego^k=T<<^~^Uc{t49fmYl#d0z!2uA|Hq9qP0HoJU0TE{^<^F~zQ
zbsA~Oz25azRnLv;rvt|i`PoaK{Ar7G;@)u!W;^;4;=wJAhXmQ6b%J_?=MKOC5_ZG4
zR^5AUC*M8?d{X5rc;Tp1Gd$V6ob`G4)4RwIw_`fP>K+$29hz3#EJ&YOfqtzups7`B
zHM!LS@%lI8`k^emV@RM8U02>KFb=K|v0n#-K6{|-^Q_~P*Fqb#k=KC^ShMT=Eh+>A
z!LOr}i5bjw_8+$ae4$!EkodR;WCGWzPG_hlVzewZ_P@T`1b}%P2>o;N9o$+XI^FS9
zZ!{T?|A$vSxaLC3!1UyB#}eE+V*`YALS5VMCCxYhq2aRp8>Y_S2BBQnzEIuy@s!Qo
zSkHr4Q4752^JG?N53T)xr;+@6s}LeU^<*2GSV;U4JwV;4&t1gz-RUr#Q?-EMfm5=2
zMqYKHW@Tq0U}3F;n|qQp4uGo9qQGuxL@i(#W>=owqB;n21y=@5j-4*Bc_JwHYC0;b
zR<;ZWvScj*W8{U|NYRe03&6f11i+|aBon;zCJ@dk@I3?67BZk4)?t66*?Lagac|NQ
zTrx1;!vd6F4D`M_4dv@DoG$2{wprzM(?38+JykPFzAl&j)+Xd=x4Jn|>pM_BQQnKG
zZfH9J;_l9tO$wt2(Zz0Ujo;AOeteGh+8P_VpM5V}`pAU-++AL7*t%4^^VQp^7_2ET
zLOw3K_&H%jq4ifQ?|<kG!H?FpMrw?I2$89w&?Pn*gvBa9e1FuMrd+rN$Ue2>fCGfB
zatMUGQWs2Y+R2_f;lW>glk+@O+Jk5F)0q!{SJK5RjY}b&2xV)kxxdCV_R7j_j(i;g
zzcU>HNf$6^^gOCAv~WMjZ$4yVvugzR54<>M0yLGdOQI~K22yS%32cQUZa2=;v00z(
zTAdB|$xYtSi*3LJja95M6p%lsIHJxSzMWzr&`+_GDVRDSkY`*@26=2Al*dv78_$$_
zp>5SYjHEE@KAs+XFhP;r*f-;@-<Lald*dZwg}&3VA5v+W1tijsjR1SOr;9a4kLM5F
zz_c!Swk>#a3f=MK!5eXZ-tYyuJ*IB@WZiKcD3;s1IIkK?2eUc7^8^<kaO@@RHFS(@
z0hs*21E8ct`66tAwE1ZZ#@^dS{*IGxmjr((J>fVJS9&^&1PJU&pgk&R(}FK=m#lWA
zUwl>eO(cCtgEnnHi+0VI2-3<;aH)Y+7++!wxb$V!fohZC0VZtIc%Bc6rG2z_ia>bS
z#bB4Oqf^~DhRzqcU*`)xREkNxxM9_8D?44<-gBk5zWXj|m5%31`v>Q)kNd5Y-(wXX
z6?O(?`|}@sl5<egb<Wf(dGg-KLfJgfer34!RycQ>LGr^G&|>fCAVGXpXt`XeWUYg=
zQjS_LBrG73pbe8sx7BQLDoxJgz(rXAgiw1h<Wj_01Du?1jS5-W*;-Zmp*><BCcu4H
zte$VTB3wkk&Crw?Cs2rs`*5`#G%8SoH}@Y3<>pW+-E7SpKJNj83M`5mHN+O1xqi}v
zsw6=9={S09u`Q`vHJMuW4`KIb{6~fZmJ<(&+WMSEyL7(;{P)rdK<5i!S})zfg0+XD
z5oP9~!-0t2=g-~U6|>#2qE89nwvDH=*Q6&gVWRIJXF?AkO?M}}7twg(!^KQe)13zx
zAh<R`nLJc_{tB*}?GuHUI$_wbjvF<FeBa+VJbAn_b`3qjCzsKwpdY%sY;WDMx&B4D
zXakPUhGs53TJKAoSAm^?phD*eSerHEmNoBPtD$?j)*<&$x}d<sK+@j0H??v)%Xaz!
zIK1U)eO4jFTXY0evnV~z?-6JF5tD!+roHlFU>6XcM@;A_=@K`>`PRR7?o}4Mf7Wqb
ztMpL0R*0KE<Ub#r&PzNZHt=k47?6QGKPM+|_-EwGLp(e;FAnDw<DE2)2Vg$34k#og
zS^$2*2kzf+Yc!#>@C2fqwtxnmKkmGksPm)e)wi8ya7oNm=<RS%n-LvHXMx!~<cR0V
z$U1SclmA(fAh>&Ij$HU#d=j+@E*w(tI#rj=?_+!f$jN3i+n0&`zA}xeQqO?IzllSR
zDhwT+OO+~D8y!vc&Kxn5Y7Hc!or?7)dAS8*v3T%~0kNi;j)*KGlfyUs&RhN977_|a
zAc(~$t20pZg(&^`gB1+{k}yu4!W^$O>of-h2=9}N^Cvrjo`9yI?X$A5gLwochPX-Z
zxCOHJM8dAY8s+mh*dZ^F{lg1>2$>Mx=pf$?NDx@Kf4ns?jL&W{&VTAu{h5+J?kMDX
z{;m+21d15j=a7WdjA$()s`-f1r3h?$Z&g<;wiHb<F}4Wn{;qwXS~ce%^_8+Izlqx<
zBurO&r|b-h3LgGsEEn_3TCjPoJ%X_bwZ0Q_+P&mAt6&U?)YSzsUGGfC(<dcmcL`mG
z#!uILAR{^mBI#O@IMVizZu75}v`l!O?Rj?8pEx$cslfGNr}eEEg}U(DiOt-w+y{AT
zQXjmtbQt`P3K||%aM<c9%8x+zwFt;?>si3!iu9-au5nwFiS=;J$I8=sKa#SzEb{p4
z^vWV#toCfU;Hi_K#V1BlndhF!bgDJ{RuKU#WzRiF&qV>?@)$}T*@s8aF=944<MbT=
z2gJea_#VEoxgU*5uK*3<^@I1%!1a3)5*klMg?%`QrD;g8&a2@7(I+>O2V8FkUy^1U
zTz18U5{j#oU$*n0iuPx)wE>|=O!ZrEN8fBaGLeOR!0Av*1qT-2ly1U52PYbthv+4N
zLa8aq^g!0|ZP)mBEEov5-q5``l(BxOg%xRQ(A{b20)}6@vKw%bE3WwR`aRg<j8<Xe
zR?U-AUYJr{o1NqOMamC_6v$i{uIPvPk+Y1FqAr;>>wc{yR8Z}2Tvv#2QC{)aGi+nJ
zfZ%oxKOPV~QOd_OW0-LYHf}WUBA56?C=agZ;-~k1C~PD;9<A0ba+uJ3K)wgLp~pQE
z`41jIeXWW2@eU)mx#Y5|b1*WYKaLSw1cCq^8OC#Be5hUKuZ&dI&Tg+%mkLr;Z0@X=
zbiZYlqfQ+)65UWNqDa;0x&$=hnj54#0B?=W9t5VsJ#1_P-g&hX!W3E;07NkxF4&x6
zn{i5vh|AY@=0h(PrxXT0sB`n_oeFQc^Yj@O@zcx$|3@>whZ<sU|1w|=BKAXbQ7*Fr
z-5>J{)*#O~AnoN4P4c4Y#SgwCjTlV1MCtTy4QSP}Sc|dMy9DDhkjNvq4i9=gr;4|(
z?sl1d1Nltt^k7$hmSJ~v2sQxA2+J<i;%6Bf9|mN>{E3Pm5}9u<n&};BX43^kBMB+X
zhmaIls@Q1ck^Dka`|Vr-vS+ynsVxk}$mfsaJPfd40!njo4c*p#*I>L=)7xPe3G$n1
ziI53{+1GCg)AkM0g|)nzzi9)4C9kswED;C-Q=}<3v{tFc^j`}>r*r<)0Npg$c95(1
ze#OASVfevjupIJe-akE8?<w=r*<I(>V{pk;{d6%xlW<q0^Qt_pO>kvodr*^A<&f%(
zeDiTdmIy;4xVC8>x&zIOO7Fa^OyNbH+kZQS(+CDK6UuY%5C|hT&XXJ>db7@4!_bJn
zy?+~U{><d(!pKnC>UhOFvh<L82c2qF9;I?xMX@}M@OBZ2B(Jox4}(}TFPz55r@jNF
zibr~3vr4U-^7<%{?y_CT8$$ZFw68#oTkCeCc?VlZAw^$o8fu8{%N_lsEWx94L9@n!
zUQRJF_It?wB3c3|rAH$DT{R6B@IfOih7ixxeaf3sH!!D&5F9CG=<vHed!c&AX%Tqo
zyJw%0kAsyO-gqdjW~M)>h|hv&4Z1SEByI}|j&%%2&#A$6PC|PvvZ)X5(UaSsw0>gP
zhS{$kt~Ak1*g31tp@ACG@c8r_-swBi^wZ%uytGH!RkQiVWX8^^#&2E_o+p&ba_1o+
zRT3Ajn=`a`4Jwvy|5hx4J}&53V1>_xITPxqyqqIS+K*R#r`Fhj$kb$eZPFil2B<Q_
zheP~wLVX-5)Hlp0YD(=N!IZoWIVr>u;68{_ycDusbQHSY1Ys1No!KIII|tT6YqA(R
zkr{7TXJ75oTR4%77$us9)D1eXkFFv#pTHF>T7txq2WQ|KzbOc`we77+Cy6e1y-m1}
zgFaLJ)feOqXB2<sDlf(M1IEXnKu)=w5EmkxIys|s#+A|h#NR!Bm{yLE4qf^3fH{YS
z8KOV)rdCHbzoUqGEVvK!9fdoxk99Z4<+GXYoWKth*UDn`oDhS)k6L1-u5elmDWZ_5
zLnYmZ(u`X6esH=J7)f~63M}_*Vdh!pUc=&p^@@SV+x4_WB*7a7(Y`-hk}mY;DaaQv
z0sTFSM*UGL@<a9AW;;I?Y9}|w>&haNQRG%utbpvjpo=e;4ONr~;9F>LegdJrOU|l(
z2-5ie@+a?6^|DTh2;_-+MF*7O6})mkmVaQ($u*-&_aWF*P1_6)z>%)jOvZ0+M}@no
zfShF`F!~fpCm^@_DaA0;*NYA>`jrG(KB0Ua&orc%;!#QKNfRbW_^RrwerU<)W^Pk2
zp}fzXOq0j&`9x8br-%xj-X_`)YfQ;Vqx$<XW-5Cv8$U9*^^$Y6g?livJHol!z)dw+
zjq%pw(vPV%4?+qF6=S>zsjhDI?3g%PezwOwI&Xlbc>Z)kV*M1PNMTb4fUFO4{VL3a
z!GIs+?%+6?#D*~&nCr;ylp_q)2jo8>G1^?^CoX03qlgXMMwU^b8c8!deZQBC;8+t;
za-Bz{J(KOlWUF)r=nGQdbF-`Ey}Kydl^izeGccz~KXrOSFIqGc6JwTA=8fpM%D|z0
zC6Eg20p#v<6LIlFZ!M~$uN?umt#)%$8i0Odb~Tf_DP|5i8r-QaG=||6XsXm`kiDli
zdN2CWTeny6%#BK!J4g+?JHC3tKJIS%Rz=9G*&-N2kU1u0!9p!@tJ<cta+1$Dqe*<s
z>>ygHL=`iNn6TR!sNXa++~UnT-|)-LdtVKGKBF#hzAR5l(Aqb78cFq?{&87eUkXVh
zU`aL+$k1Gn^|1g8l(1ggURcZMs_8pa%*VfRw@dr0>JB4+)Vw#LqsVcn8?z}mY<P9q
zK43p2NA+$uT&{26KyKY=_UaV4f*O*=ViNp3u^#ocG(XmWEK#zkE;)7@D0SVt{okd|
z7R2u33yRUalcG<gr7ctj3l+xq<K4v*M(IOJR|XS4wzdIJA1@lCP*Sdo!zRbD95dCB
zh*-(ZR6O^bHjR#M;$rdqLo~d6r@UAECA3Ax_BWVvBLF3-w-%CJFmR0V+5)oM)s_9d
z+G&p^yv@(sXhI7=S0D&f?EaeW5dd74V+9({e<~HeaZkk&$QR@r@SAUmVCDO_mePDD
zlqaH9eXqY`R<FuhyECkHVpG-?!?MkO?}IcwL#8#TwjPIAr4jqWiM}dN(Gx~<pfk3v
z1<jejp5&qtp>tjC@KXm89{Wn5+$HfD9ENBg2AXolo`+;O)WSjvlx_T2OvH$@h=QOK
z>&B;2W*{s!FtjP9H{3k9l`8Hd%Z$qynib3Nq9juPt#N^w>Ff4&luI|hB>`EZBX>kH
z*!Fz(2WJPpd!vHKGkAO~bh19@-7y!!YaNS7UCBA`ew@lfN?$MrnFh1vpW{qut}W{`
z=VH*bxN=EL^x3`fb}_jZi$&v~S@d}4!nHTkKJTg-E)DxGtj5anp+{0=XOOxS>Za)p
zmg_1)31BUBG3#jsaf6ER{pc<5qGFfx7oQa(XK~n1Uxs=SUb>?4MIH-HdQ1GZnzZD5
zS5aZ{%B_%x@H?6G^H|CD#PW6#BhF|Mm(inDQoi})kOpKWBx|5bH!QzyeJOY{AjlaZ
zxc|*JQT3H#9kO4haYT||*LN?X_tmk2m%1#IlC<+Bl*QJoa^|w5QdhXR%7Gg(n4^yk
zA>S5ovm3p?_A?UP{aM8e{c{!n&AXo#YSGYG%MY_W=x!9yEZf=cuxc6$<?O+D$~SA_
zXs5E;_WUc8x1EY)*j=Wn_7GyGiOy)I6YQH*KoLh%rZB+BRMR)>E-WHaKh^k?8VDYA
z;d?jnh-AeS+^`BCr|X><4wMxQ<LuU8!uF;;Jv+*J^-1KW`>G=O=@ldVn0tdkxIz73
zo3wpHFDqs$S|T)BId)mOQ`4V5d?xKlBj{VysVE1^8axA9vX-Osg~-ufk70)J;AoE1
z9-hUw!#2aEm!z2=N}?%DP&fy-GU!@Jbe%FLh3E%<RC=gn`+-s5seRJE`cBwGGIVd1
z5V5AObJ9l~Lyz)N87PC>i`q-t*OABy2gi(>$;|^;)baq5BGYb%(#rf;<NxFBz2mul
z+c)4ynPq1bvOmbmDmx`1GP29ePD_OBk&#jMCNm+~6;fvQ-cdq!_AET-n+ARR{_f|#
zU(f6LKcC*$b)DCFo#QypBiG2U2$ZTyJY^>wNalYuO5GT@%LGbM&<%J@M!EHoFSR4(
z%%@D6ffHJqH~+1$>l5J8in_LTM?c<cq?J)f^MX_-e;ABzO4#Txy7@YD==<hJQO;vN
zWHN;V%tJ5Tv-QQsBzfdPy*WCLDIrW{!|XZP+M`9b4FJmytdAfMeO<P8{K#Nn*kW0h
z^NV-H;<nY2;w`UGt53B*owb9JIiDomUSu{QQ+aMc?CU4T!A4*X@#;)SL<EJ7|N15U
zt^~=4_Oq?Xgo?~J)WOaPK11U?gYG1FD=e36eQ4Bh_|sLa7;d0MrNdJai_<<4+<$W6
zxGl_b`D!q6;hMs%svIFMiys@&{U@k^6geu#)j?75tW&0yvBzJST&X+C=*Z=(CV^v>
z6z9{FFfKB$gw1kE-20o<nia?}wZQQBuP}^^W9CfaxK<=cnS~(Y#BFRR+N*a8Y{3XV
zpeC3cH4>1i7wYA#M7Z(0`ot@uaAk;=22JurwVZg%X+yc8SMR4M-?Ypcy=dhsR(MUS
zP{rpw)uE;{?SJ|UxtK-8M3nA*pu|tSfqD2gx9Pj#rH7Jh*Zmli2n|Nt=nBrdC%&_3
zA*!yaWv8%VR>mE`uRmzJYnP4BHkaq?#~DeN>>#6`nH-QA%pCvTQsSFip@O~rl`qE+
zkaXC#$qCqUCV%QDETo?-5;h_sW74)df7^iJq&thCMs-S=?0aVXX!Q?R%d5%*>_jga
zmOU8!HMynQo(B)}1v6t*4KM)Sy|#5J-ZJDuU>M1jwRYu84RvLr+ldM}0W=Aj)b-=>
zOq>s;sY6)!Hubj)Q?c2uSx4JFNm91X;J%y>2K3pxSJ;2<l7x<lpqn=N$khZxy`eCn
z4Wj2dHTh-IuQla?e>3T@Hb0W7PEDj;b{C@~S*LF)Fe~g_Wub!4{`4b+3d3jO86SnT
z8`%;LCwG;6waO%Cm@n=DWnrzJhgdj3%Z|`dRmUWaX-z2Br%(-kES^M8o1N-5k21ya
z4jojn>na);L5g=<A{#->@u-=lE}a>Fk!5u;KIUWThK?Pjf~uyEMvqRk^F|_qd5#xN
z1=T{IT6XJsp0>U3ZgYBYbvEse=z2?lT~p`_P5))-M?qsrj0w4}glusY$81kYyL%rH
z#+H$yamXW+ZoTbL%aXb(sN#w7__&R!AvJrG!$O0=w^a@z`QXo|*etP8wVZkvloNPU
z^!3hbpY`Ep$O<jCRH9(m+2CU?w;knY9#BHr?}^G5lt4+B6n_^ypm)h|s!`yJx_EZV
zl)Ax%0#?ajff%Q(qRmb}4LR=Vp(9%r!Zja{=4&=SICQkQP+HxAnbYa@CD#Yqy&=OM
zv%bc{^bMa24Q|tN8hP4sRb51Xy=7)aGuPn56J$H<Y;7VeU9a%zGB${2B054v&*Wlh
zHT$L7ob@k-BzRo-{%9<fg-2t^4hr;+y+O6@!L;lmF(D)~l4XzFkI2bRFxDu`-hM!G
zNpeK}vnJ=r9lY&qVo_c<I<Bqg2^9bSwbijvm0>EZ_PYAj!i^dEq^A<+#w)*FyOKJi
z-epO_&)%QTXdjYC<X4QBLBct0hcp(5<xjn<eQ*dpgz(Y(MBQqcdGtVmM<FDI=h1!6
zvHEHG>Fi`OzL+kzo#Z)tWh=y4WXyQyX(9T&^gH^bJt!0O>E*|8wSi5`mCmfva!L-%
z-h(U&i*&J1-wg>n7&jgsr*%s?Rl&`;DEkK8Mij<)&9fzqjVyp_=k=0kR`O9&wJU=n
zxOPwd&mLD`MYElDPve84M@~Tbe0Q~IC%gKKxA!Aa&Y3B<Jy_1*EK{aPh4d2OZ1*o+
zo)D0)j4mc9%>DbfF?<Mb0tid)A=>0HUM#}oFjFBjp#kQS#rTD~F4lcxSESR^O%9OC
zr5`^Ne;6b0SdRY0`yvKTQ`W%G-%M=ve{2H2i?oeAXR8)$f`sYac_ai^`(qQ}Kl(N&
zfjyL=Ln~?V$ZH|lobwJ(z^VGH-*Vl~ws?p!vn)&Np$_nv306R1VX{On@5IduK1=aB
zQ#vqMah24Jgv<@YMUYV8dLVQM+C&L%sDD+T4l+qd6XLXahilKJZ4tDcl<O8_T`aS-
zdrS>)R;?W0NqK-t_OzY4s;u1G7jZ(%`0%LDuylZ4krOoQHh4~4mH_j|+<{1Ln?H-d
z7sq0S&)J=skLU)^B}h-8wPkv_u1J5t-EdIbr*L4l9e1?M1NR%7Zz8P%E!u`tN;cb*
zOYgL$x0`QV0~kyrryZVaGyJtpxt;jSxB9(0LCEM^QgToGYba;TT-5q=h9|?L_r8}o
z;rC_w4a*A9;S4Zi3-fP>H3<IVZ8$N~4laJqa8QOirlrplqPsXip8SaJ4&Vnfy_0^;
z9mX9}O?hvl*E&M5V`ILv|K!7W-x!Dw3H@q<zwIX4{vG-M>vxK{o#rArzp?Oju2Q71
z*Bw1DcP+d`qW@QOQP&28Y5KItLtbi>#<lZp{_riOe|}3bcYu$VtBwBEk>7Bqx7P^5
zD@O088+-q=m3{;RfI5*F%u7{Q)Cdh%q)u204BYY(GTUM<GKhWkp7P7@pMgfc^L8Wu
z>O)K!nQM84NVlf+_j|b==hX;&dF_M3xp4o>!hp%4+q>JW#1guJacx5!Ob2By8Z4F~
zFaXcr#){;NfEThf%xX07Ye*=#5hl%{$+7lp2lru|e+WR0hD`uSfO)+^%<BOHmA*Ut
zvm5q*0NbG%)`!xsW!HI=s?uK3{gPXt$gX<;H81$sCZ}sA>}+f}+WXyzn{WiCqz_n>
z)57OFAudqt`nl17?6W%5(ef&S0)r&`%Ij-VxZ~$~^6KZV4}A=KUh=ecp=vTo>BHsU
zShe%6fNRT*0zf!XdHyYWLIs?}2~GrJl8hMtiTI~@!U|uPQG^P;^fCh|8Mh-!1oFN0
zYrlWsc(XJTrMQu!VutkF3jyRd@$UDoBR#ThoK<f@PU<q3N@_#s&0iL?54{IjNY1<c
zjQ4$gKU2fQZub)ou??d(B|<<<Nevcyb^*(Gha%|So%3F0qTcVcYu|B*KAkSX_8~_d
zz^wPWb{4X^#Glz*FVfK7fqD7#Fg&})==#p+@w>ynk#P#{2)IVZCZ2?XJuzr>YyZA|
zTU#9yp0|I>XHLanhF_EHC^a{-)D6`T_r(awBPUcOI8aa6<{5|1s;^p)qkmpfk;~o)
zt+Lvk&ZzRlan?<_r(B8YD1B93%fst4I#<)bfurfaXZ`i=$FGi)w$`s_UZqNusyM6+
z=%~d|z5>ahP2vkY@}I=E#(jGhvI~&emf4x<s+kY7FsbrB`WBYdl75F~gZ{$u2ZKUZ
zfuMptK)0t@x8h>0Rw^pySB=J7vsVQL1$%i9pFe*-(%<S+PlhrfO_b-*I59cE<U}jz
z7}aSj>W0?TwXOnnmSZg4`jZP5O5fZ0vma{rWgr+k1R<C2w~FEU)erol{?4sYkJWEv
z0*_(-x<(|ags@aob?*dv?X&!Ry7TBf3gIrF{TTQD03-4Pn-vu|&2A$9!tOL>UHVak
zoM9oGBjGhV1>XRN)gYcGcSi3Z4!Vy(=pHCud>96S!pU{bvcyq-qxi);yrF6W=rXn^
z`a-XH5HunC^uW0ckA!=;Z0Zk`+Za3A*ESx2*o;q~I#C1|n;h=~R1*$uY}BZM#UV5g
z3P6;3^c<Dm?K+M(YoUKgHU1vq(%N@h-Fh1E=)@L^v9M49SSTer4iDH7Zmz&yxL|xC
z#>-1htHk@03xC1|dlQ7&+-+{e2ITW$kQf1UkId-iUg)0qO>8)@Ipc#eH>>q}^65dp
zDNoW?6>IK;Fpar67OEbgLwEHC3<~FTS1zxR8|=ayL5tBS)Hzn;#!FMfjB8CI)=@pR
ztlEOy3akTXl&@2x*OItQXB3f26yN#vQ)jP+S6;KPQ3usAe^1iAOo?Vm^r*t?htgHE
zyv1%!csA<E69?sAwK3b*?P1Jy9t~Y4Y`q1CRy+UKVg_q_J#1yC(MxPv%3hcZqT{pe
z!ZsoO@`o6mH@nF@Gd~hIeQL*#DUSxXqFxf<+?u?ZC*h@*xqSeJS04r2HoJVYl|1Cf
zel>cuDe7pb@AOIDxF~#_-&b>=%QGVN5+jT5JX>6`JDq}F<R}%YWT7q&jNq6d{*f!N
zVK}q)8JV>4T!5h|y!ny(#+7VVUteGM{;Du{NLy`9{(z}oJs$sUAxic6VLSgGhw<lU
zot)(Hf;sSBbEvvFw=#Ca4?bJk{y~EMjNDgBjIPQJ4jeOTiX{#8pP}p`Pq8fCg?WTh
zQa|l%oF*Te>T{gF0t@_w(T4N}0-X;rK5SQTc@$VboEB=~g>Q8(;L*q+_#860ZSQ&q
zW%R?1o{ZTHx~}PkRX%KG(f;+AZ<lL02-S;jICQ_bt(@W4!%T4(Y8IxmR%w(N!5l6H
zzqSy{HntCr3RvKncRmkDIj}G)Nhn!ow+C41{I;H`ndf0ekY5ykwNI6`2Fa27II-N2
zW$E#H@$n#k*6xcK!LIQslSUo{S;9Y!{6sm4g6gtHVj}m`sp!+WnMbR4IcoxEacPW#
z>;05@NunaDFNBPEASL5n7+ax-uUm=-yE7A^F_$GvQAzi5`OID4bgpHsCqF*N@=HCo
zrMX1yhgX)LwHLKT_xK5Cabxtp!Y!fenchr9^6=|N1gtK+3bzfsz^l#76jn{{H#F2^
z-I$n9W4BNf#W&M4Z@c)$E1;o#ZV?Da7vuDv5W)5u&TpTb$w3*5qeE`XD?XHFQThoP
zTBY0vL#fON>}`JI#n7<sx;Ud(acJl1j@|n(r$D^FGO@LkA6Y`ok0rn@%qK_X-)%kv
zMyi)i_~=o>#%QuX8<CAZ=CR$sB(6J(ZF0oJ`fapU)VPS#z!mo(ew4RM>p^*%SPAiQ
zrBn^tiu6wKRSf7En!q{?_y-S8g%)^o&lb;}o(9yUr$Mz6vX~vaet{cM{SR)_GXmX%
zGAecn(bfQ!EzdS!0kb`6Bih+X0A%&gzi64@DYl=;cvggB6B3I`r2^l5Yf9Y*mWa1=
zp#e6I_s10>c#4B&6n{CHxz-dDUFP&Lp-_Df0#3Ibze$dwKD+nm_F+7e078VyFCL<Q
zGV;89+BS8FPX6}!;o(=P&zt#C(9k@TYdw5^jrU|iZbMBj-+gz5is~<eHtXQ_Q;-oS
z$ii$zJ3}#oL%=C5stAq6Z<HkLc_WYzSUdosPFDX!hg+ybgVPoRdk%EYF(c(x5dH^u
z^0EhjM4q)0kL2w~OFrgLC7Uhb74~lDLE#Youhyvd_ci|gh(foK`v0W;9R}Lp<z2Kt
zJ=pSxu;tPSTTSX87BGQWfYmN`8*Eh0|Cbiv;$1VMm(&?PH<#U=)Y8(DlH%t(cHMIR
zdIL2r2~6EN6)Or)`#9uCu3$_T!I&7)3`c77^Eu_PAYds~gGn^M0INF=eT*B{xcG9v
z%yVkA<ZJPnKDiJ9jDndEDX3<)62(4_bk2$U@BXgaqnf_^dfyv|`|v`@cIQ}`cNbXP
zzc3Y9a%#Kq{p%%3kr1y_K-~D3#t7ms@YonNMDm49ogI<I3w}3o1G)F9KV28yzM@$h
z44x?WAgf7%&WfOh%$QTZVY0}L0(#G8v8~=*!T~In!*WLPrxez^-Qj&}gcWVSZ#$>P
z<qmGwgU`IH>r!KskU)I|j}YsyrBTyieiP;X#{zqusua2%b<b-Ht?0oLtI2{FwsoO)
zvDsITcz|E;3a}+c=T<mqPI5f{Zkkvor~*xHZ=07(4*k2Oqx_vlvDdwrdHrtHbbmhH
z;=Y&lQICh_4YaQ3hY$y=`eNtRc8y5Oz?U^VC_`hd8O1~&pXZ|dg#}_3!~4i(Lo!j~
z`X+?9Q}@~9`gDh{7ya(jtj9tV$<4T0NZWW&?LhrGQ(Z`x+$xV3p9OEnsrl2}A<(!p
zz}Z2bWXdBPk8E<D-VVICchzcG85)J6(57YS%>UMU)!SQ%o}2qsalt(^tf3);#}5y&
zaQ$=*?aKyM^BOe%Kj@2v=iqbYx9tud!b7g<T^SG24DzoV7tS$WxkzbZgZb<50n+xI
zusOF*j!ms{L>T8pI^$A#EE1H^L(U?*VG3`b=C-c@xUa9S<8n=Fq>V&9@y%;{*cRgV
z5H^pGO1gnzy@Vn`PcL3@F9Wer{9WVk4R;|?;gMS{9nt!=c&`17^x^2$W~njBMI3W4
z{$PT>z95e7<4%HJYlQC8%z3qzD3;^!JBoB1G{dT9ezNNxkG|ygJl?+k5G+((ADQ6O
zs|(H4(_?R4;mG&;xKptE<=+c2Iy?2BTz^_A5g~L>o?Iso8?(ehamEb7%bD&bgucLY
zrh}yoht^*fUKMt12rp}}25z<09%m}@pC<a!5H+b+xht6i6TkcTZAyby*#w`t8+yvu
z>^>VZ^XJ+s!0gnHyNIxP+MWn_6eCW@Zrfmt;;&(B*_O-A`Ek_qC*)U??+r4!axn_J
z96uFjFP}|qjlDm`pBti5d>0;>Vz-oTVT@oF^gfMyaGoRJ!od8HUkh?RIR#;}@ZK}X
zLh_u)JA@uzsnRV;usHnR7Kd#5zlQb9Oy)(i?E^Wumu^-YXdp4SWX{>su!avvz=G~$
z6h9XAate809#mC%*qXeK+#QNGOCe#t;6rkh1Fs1#FDY8`zNC{^kf3gS`!0sN1QPz2
zX$ayaWX}JW83iMfyHK3rs2{knmuxmb^hs1?s0lB4;1?O_;XHibtDX0ge1Ed)`y4}H
z!pK?=&Yj=uo)<w^U8X7qAV3sOJSuGHwHF`rjli}>`+IKRFvchsqOvm>kNu_y6p9Hw
z_7I;+Xq}w{ZzGvZ)yIn+KF%kVugSeq#o|sKdh+A_`d`*a{(r1djQf?aZ~K6MK!9ZV
z*qDiOweNp?n!rW;`<?-T>aTkSZtxn$E3W(W*n6zmPS*L`qAxJL?0zx5*lUru?8~+x
zd<MU8J<AX_3x!QL`PYnE2>zC5)99HhMsNh3d2POg*J&#JZ6kzI#YxvI;U#~N%SssE
zI@ndkQJ_kwJPo^`sK(!NWCX%W%Z2Uh3`7#FJ9^9KiT1p?i=q2g#wncO&9y!jdKLHr
zJ?FH7jUjJtKw?qw&Oh$TNG}I~-ERTD+P&+|a{l00VgN_sEty>@C;0^=FYd2}w~}%I
z3w3qk65Q2}-!~uGqqJjv2v`;soz%(@{~iiTJF(|>bjFPQxjR%)O_LU((+iJn*w4on
zNvd~N%qyZ5c{`!YUP8R4?UTr^zZOFN`Ysbwm}l<*jh?;z3Ci<QQc*Adb3F3vqV(EE
zoeKi7?ke_AF#pgHJ3#gz{qO(48QI+P?&L7FcyWarNqC`7u$}OB90*o1PYkpr=p&a3
zzHTt(_cX1qm!-%0gnY@}JG-JAJY0x{GE#vmtWFQHjqHZT@L(Hk@@wauI~Ld1aty!S
z8z;V;OUY3`vh>i;Hjp!7M97x1co#in>>OfK1l$UOe!-i9+qp8-M}EZ;KW>n9W2f0N
z_UD?$IR>&{-%oCY>`w_?{CDd|{t+PTIHe@`?gr6pgIg2HLHl>n4!aR|x^xPOEr#il
z*y5qEI~=Pj8RQW}_x*7#Pw#&j;w<s0`_8Ho&hP(`ANe0e8WD3?+ieaze@BRzVr#pF
z^;%<#6b)70U8$@+@72W+#4fq@<1bnbU+$wp_RC<;6MP&gm&o-qp)q<hVlgX^N*(?k
ze7J0{Rv4_Ix?j1vx;jDc?%h1>;0;=3W)Usr6jxDx{OUHK&!2PvM)eDb>1(!)J>$x&
z6xE6gx@56YbTS3p1GmpzweB$-^yO*vVqVlnuR)Y*1M;t>UJWb_oKIa5jFq97XWms|
z!(&EH_#<+{L)%~cGiabhukDRINl|tNGutm)oi3jDd^>mbu{H)f-bUWiwu{8c3@H~-
zHMkrN1Dk|Gi>p^&{3;)~=)q?O`t5^;W~TrQEcqRX%tI4Y_aI!1R`tMrbaP2$-nzLB
z?MoshAm&>(JbdkYq3%1^TeI&lyD*yE$^ZaD0MTqmupV%$wsmJ-f;3h+B47d7?w2VG
zDuReg6ZydAa-nBb|CEv9tv;9&_^iFS%;ME2SKMt~m0Qqp^av~cKBBig)#I_iRE-F?
z4ubxOw<iGj4X1|gKA-B^R?iYBU6VV3aAFQg9lL$5M<rNu0GXRT8(uBU6q+_SpO-3<
z**?#Lw{2z5pm)tUNe`)wQ-*x92Np{C3Ev?da2}HID1o(fdoa@tmqq(AG|)-sN)=~!
z96Aarw6@Ta9RzJHJCONeyE1hTR1L}jOiuO{#BjQrN>@r|4gp_9W@8l*r+GPTaZ^j|
zd2N(MUx7!mY}kW*^R6l;k)^athY<ZMl}NRhRHf@3S&^$wp!R^v9BZSmya^Ng+@o&1
zW|@MygnDzIE9FL8-yz~Dvu{>PIH{l2BU)JFm(#M=oj$$YkB^6p%r<yMlm+rurS2eu
z6|8wF!oy))RtE=>1TlC_q@cZ+Ko+7QY`ASQ;xq*C6i+fh#qynQj07>ELdrgK!RHWZ
z)FKrM4#f4svX6bf6QkWAToYhWDfQUvWc@hoxs`=#ca8)WqHnu?F-Q$Q{Psba+Eq~O
z68^CC{GOa=i0#!<M~9&Bc+6o=`$60gQ=OIv_8{MZhi}*HHt`kF3o1v3=dWiE2oF&-
zc}a9d4J@YIf-!6YF|wHbL<+o<qu{31p7Fl{@d6z@kmk4^lqrLWg;JR~)Qb)=bG!f&
z=)8n_rohn66f;Tj2$r0bD{SuJZF9}r`7w-DI5Sjs<%CS3z(8#tZLE8I4~3@cTu|J1
zh6K_eo+e?QMw#Z*4GK2ZLIZ@0pVE^?$Tb@ilQh@>ljTqbc9k{z$WxeMY|zp;G`OP7
zXtgOVHI}jwWIELA3g0Yc-h$G%(*yGprK^5N1s-4ue?l8XxI8bHGH+7leLtVIc6W8q
z(~|}WE>CdKYZ2x6*~bC)3?GY6$#c9K4rI~_IZUANto>*nG9EzuCgS4$H9WCJlZ=2&
z-~-eGUI1u3r>F3A>4{<ad#{yOLDcFPM8;t;^&2YJy@0vmAtf@Qc-oxlZH9U_UDXj&
zLB)6bx0x$hIzi8Yxq@5@D*e_m9zQ?7%4C_6BMKFEFirMhc>Y~ufb2Yfco%_QcN@n!
ze17$80}yAL0nOBiXX{5C0XOqOnU(5+i_pnA8FbguP>Yt~-m^`lY*g%A#vxoU&XOZ#
z@8I0<_NY-TZ#=7i6(ZSXqM+LnRy@q;7gRjShVC;*hbEcUg)Sp1+6W^=k1QivY9NAk
zsz46itXGbWl64UiEm<Pwj53nME_y-CchFJ)j_p&6SjwvE-1`raJfC{*>nP$$d(Zsn
z8Hhv607j7@HJxDyaL$TrD6{FiQ=kO!X7GYp>qWDN+KzUW>nn4q90*Xc1LDlK7|xN+
zF|EQIenNd-sn!$H?*tYOm{2rVlIa{ntgb>gA+rAt0BA&o0orgF5$YSr-`oVn4qf$E
zcMNUHh+_$iImSvtw+SrxUE238KJcB-=A&MHi`ltw*KPrDxSS{^&p^?ekyKBH5D}3<
za9)O|=HJr~iA{4PMVxvDl%l+g=PevQ3{jJPX^crf!5$PU;V>%n(OUpBGBYStXoTnb
z$2TH?pq;@^SIasKUd6#6W^G}7!-Gtl{CVl-`YpIt!qInIrCUzCn?ytdqa}j^obC+y
z37khbEK|l}LeU@wH&?Rx;j49FdjCGZYJ;Qu4YxK{0&MdarHZ(w^SiV?#BP?jemLsq
zX+PWT?d`3;!hX}XZmfePJYyQ)kLR`u%`?Bk*BzOzu9TCx92z+cYL;HPHyH*@LLaZ&
z4wiWgBJkt-`@moE1kIPYL7;{CeV74)8~;eh8AUY7>6Y&1Qk8Vo0}TVO`})5gF=)SK
z@N&N@9+G9R`@jKrUWFD&x?W#)HWrGCFk}c2El6bYz*(v9Kq8YNhmgtE9m?+1WV{8B
zS6%2hviBlOdF_s?e86Lz{*bVG9B79kkujRbObf}_85Qj+=&1>5L>HdhkppRmM(3jk
zqm%rMijJshkEj0AF}*E>QTajdeBb+LQ+aOk13C$=6`}G859Upb{H#?JTg$Vk6O?6K
zU3)Eo!&HH3DMH?t<hk7B@YPbNf~w}*h^^?99zHGtcb`uk`u4rEzc>Fv5m`@C6X#(W
zBAm-vf!1eQbJ&va#<0)Fw1!qAQhf$*7HzHKbzl3~(lhast`+kK_%FOOU{pe>J`60t
z>^xF0GwoWFvYaNi32HSDs)1q2J$AP~{2TqCl>G|OJzlHmdt)47^mcoAgxyEtN<Zz&
zd97QepGmV!))_N`oawU9O@9ONzzDXqIn^_cO)!)iCBc_byn~@|q~oez8DDdxJ17%-
zeydapl2MwJql?xZ@VY@QHr$0SwA^0r>rz%Ou;xD+Rr0meI~R-30b!3>cv7Qj;$?}2
z5SrxZ*E?ZF6&B_yiSDj2=2(>431p2do?RN{OFXBAGPh?ylUxqwH9wQf2TV^VUJ($_
z)NUvk3--Z6v7W`B_V#c;DyJrgcGqeX)V^?gy`QSI=6^j>_)-$YRA@pB3yC}HA0zr%
zOLWDV?hCTIi!Yw{oRW!kz5`>EF|ZkMPDb@|=y1!914YBp1{kFj_(9^28<V?Y){0qf
zZt~Fxt6IqB8oz-z^noY9N?Y<nUM2;tEt@U}6o{%S?Yru2$jZ#<Pz4y!OG__Bz@v_m
zaGsYgx@a02Y#kjL9euH<922y+X6ub%DDVe)acIlPMQ;T6CZ4RkNatt7hRDBpja=w{
z1z`&=_WdOv+ns7#2<`Un$^(l1*Y5sI^`Y&@A*_F@p6rV@F3S44oq=8V^)<}C@5WvG
z6Q~_w1a1WiXSiwH0k)UtEJGQpC;3bizlBfk!B)4Y=Z=ZErv#HJFqj~kR{lkWNejI_
zlKA5?b{9HxeC5-C7j|c0KD4mHhRRfmc3L>eb0&CRh>%fhb4ilZPO<q&xeOw7Iho+%
zpKmYas$%ydOpZsKmzXXtPgpwFC773onZ0xlBRH6|v;iTd)C%=CMNM>>i`r!PGYUS%
z56L5ua=oxVmFZgZ<p9Y@o3SlK5|m%+BNEGB`pWW%@XAV!1Fi0sgYfVHl9-@d%z9_*
zs)83cy6S_viofv9sZT4OPMfkuutwQRN;H!Wwaf_Dj;!!;=eOKOK{nJf?hcu1J>V_Z
z$JEjL4=GT#lp9+}X5yeethaOjp>1l_&!qzp=hurPG5UO(s`DUEl)tH9mOH68+mYpH
z71Z1!FRrKo18e6oJOzpe4=s6iBO##NoWeYMEh2EbUVhUoNIw`_N@7&!(HO=05*+DP
zQl2``gPjUT-zvj?72VSZ6S|*ptNQroMKe`W_PonBQph-TfK@fnYY~K6#NKqpeV-5I
zJu5NCL*mBBSZS~E`mU*P9uHsb5rx{-;<SFdhNfsmJR)}E8s-Mq$Hx<rlBKk{dWxMB
z4AqF(uD7-(wqyESO5{#L4m8%Q5WV|L(56%C)YCi?nL6hRjkFNB!!!JaujCdLozmVg
zypSAn+JX@mE4T>F*3IaNNz~09pwc3Zi{6_{O)E!W{sHg$mI#svHvjH?0$z3Sg?9MT
zBS%nUvnhXS&M(AYq<Wj?a*}hF-D=y}eAkfPBtw26iJNYyt-$GoqA?EY0y=z2IPKzr
z(2hIg$#Ec!#J$g05Qa@QTxrHT$jK5vi3kze)K>A%eSe698n{CllG>Eel+-@)L^L*I
zgHQ_lxTZY)<KY>nt@~GSk`^MR=L!l-*c*Kx9S<>TMIH8`UJY4%wYU~MFROd^3PM2{
zRVfNy?0;QO^;JQKF42%33DT|SOPv^5QExK>yHUrVlhVzj%cL)lP^4!pmNep`rbD$@
zyk-_+SA-4y>e5=jse)l0Vee8@+DfMKNT6LA1$M(>M7k^Q!WbJ-9CKJq;dTvI0S&#}
zF78GP&;ClH@fiaotJitWVxbnZ(<p)l`{@j_FRWN7qJ6DX&elVA-A&_zm+<{GQy$@S
zJrhsTtc`D%7dK@_A6t*t`JUhB6BxQ^axWHfYikjBy)jas<%@W)q9u>bhqoWBG*q-d
zl+0UxzUv(cjijtKZ?1lT$g-EH=6sNKM@vDg^xM`uVZ-#*H?UF48^vZ?j@Eugx+Y&9
z3k*#m>LkAR5`~FQ1adtwNTx&g`96Ol5BIUPDl2RJ@Bu<^S|Z6{O>C5{9)sYK)uD!B
z)<=iPwiC`VZWq0hONHG4N%H=qG5~#j#311Qlwh*nywVVS2+h#!+LCN(=o9;~vot;w
zr0-Sw7FqL&6-aQ;;=g2R^saD4RCQ4U-l5ATDGvk5+V2ry1Q+jn5`L7(K9BECFASW0
zEuAgTuumFGDVhKqEwUugm`bl>b69f!{g{R>4c>z?=@itGbu!bfh$k_^H`UVNl)fNW
z!=V^h^3*v{M>RP<Gjc=evUtr*Xi|@;Pi|tnjJP7f0FpknNI40zQ?%6+PY(x^l}<$b
z^sr3Z9@al1{L1qNW%JwJRS6m{OA9qcsVmplgza?p_TrWg_Wy_gq2on<7zr52<QhaD
zdr7d$AKy}l)KP5%e=$yUiNuS)l;`3b)rQvQ8@$%o)yJ_=ngvPhu}eMqR4*!s8w6YM
zs1I;-G;*(V4DS!{S%4U)Zyk@N=&WzIii&tmwMEU!?Z+#<&uoyWx#$R~!eODQ7wc1~
z?6#@c@9GwX?#!G7F?VWNtZpZTINt&6dxh?Mvn1D6nN_;&{OheQ5&4&Ii}nFT`x!4K
zZhb^58~8uFCIC076i-VwtV8<4lzrPCaQ$Yu`4O33i*vUHNwUtS1vw|g$djB<E$tKo
zI_u#s9Vdqmk4K#MANDGmFsX75J9tLCWwf^Gy+Q^)EdOZ|qXLmqFqmc0JSxU%b4^j)
zc2esjWk3jX%)<x0anEp2z4Dr6o`D#NNCGkEkS-Qk8Eixw1H;6ZoXh4pS>t{E{5mR6
zZ_p%~%R)?-K{~7|O{bkoj_Q>ghj|x%n?7-YqUOA_nA<t^L7#1}E))pu|DRsn<VXEv
z2cvQ;oU<N>E-J2U#xE_Rz_#wZ(d))%p;?%A({~diPG?qRs@75UVxx#OT065dt?f)J
zuPI=V95p`s&Nzhks3hH485SlleHYaGXGTww7)5HBOH@_FPXhyE@|^)EBv>gHsmgr|
zS!*K~`NOXhqDgi=B6%d(FsryGc_6sriY>{*QA8ejpx{bbq79QNoB4EE;>hV-qXr+_
z)t!gkO;R^}rfoq)8ZTJbZ_^2>c8UH*hIm}HsX$iH`}%U}sTDy&T*eBUqrHt*ckY}#
zINyFG&osTWU2F@YIoATC5QJ>89fZS6UnzQAY$2iv4`^0^z&Ou?x!9cX`UuAr^19kB
z3KBHK@&||H`a~yrzJ$#rHATmjJifjbpHq|4WsP3DUBPh16h8ji{HSR|&a4ul3teeN
z@>OBdkT`s5^GbrO&1-cJIo5P@)|O*zzeL;~SFTM|yB+cgCXlF|%SHbh3xho79JIv=
z&8IQ)AYZAp9KWR9-RjHgt!hf4k<KVwn=S~!!Z_88jg$>&agu)=-7@JyS!5#&eJ9VJ
zv$kRbJEKIbu<;fg?B1wBKOwbcYX+X@c2B4r{6M83Fc;6Yvgoam?xUCb^9~hxCG=a7
zNYTYD9)IR}w^Fbr>#N<POVYV?9Hrmq*EwgVfsJ#vqudnCq4q_V-6u6?l>^~&rf}X4
zu?W|G5TR+Wn+yVp5Z5@yN_9j1=H~ZNv6<ONTM+BfB0`~Zj)Er4@xz5!s$0@iFqYxA
z?+oqW$t5f8coe-?Mg`@8gQ~4LnF;8oj%<VWTs`*RE~nHweI|}0uVnU<?s!6RT&8#0
zSYJPZ!x;%@!r~LDtVx=!hpPN;7u2L{FR{k>j02t-4;cf{rdLOSy7PXaBl``TW@G^<
zcVbMVGoZ=VWs$6$&%KPKj(O1?$=`R%iBFk!9&D`t<H6Pm*J3A~tLnPg_rT$F6NsLZ
z(j3pfo^(|Z#ub!Fl3gWXxRC^}kfMSjcqQv98M{Xvp~ac4A!^zb$QY5THaCX&EB14h
zXWm^@ZoTs~kN8r~_|j}SKE7ZoLuc=Lw=8UM<+GMGUM*Cdn2wQleE4%`eYa|})9RY9
zL$W^JcLME_irWxPBbJkFIgpMa*uW$$Yd&mnfP_;gN7}1pMXWSkyodr-n>u&mOsb0R
z@MUY!=Q25SJ1D4)GrHX~ZOWY7`xzgT`>G+2Y~qj7`45zsUMZIv?O_?m6KtEF)Jcni
zzS6REd6MZyVJ2+--^-skN_S;V^;Yq*TVC*mM{fPi<P-kN`A4&Xu1}tEY-nbA+KXIc
z-E>zHePKq3HnNoE<S@lEq7ua?lycP$l&*=C@Q50UPlGV}<kvOKWmQ*KBQ{ely<~Y=
z&4~kD1769YCs?G9w+04&-+y0N@mu04?nuKYi!eQgF&cQ*b0r(_Bs`ws>$(Dv`9b&i
zrpK)ag|@r2HvRIKQDj63WwmFm$aqpv*#WXE@r533vO4Rnr_P?E$ZPXkXZa}FFwv}(
zl;yaTzH~b+`81@L<pyHD0RaLXArS6e5djjRACKxh`ja=Klud}HXw>{fJY;P&2UbKj
z7TbnyXs=PIMlL0?KhDofRdK#HvQyI)&&S65=3qBLr612g<TmF64#;tr1A@@y)D(m+
z>_gH9z5YGdXsXnvLlZ|16P;}RDx^Gk{0wAWGCs<;fg1C=XW_F%Q8?8NBVTrGlN09m
zXyz<PjZ+N2;6%U2MM*ce8n<>fEsQqd!?Y9QI#o?H$<HyZ>r0bEcTP5F_C#>^Ka*&9
zs~CM8`*ft?h_^xJy#97mz{QM+eEHjAJ6pZDG{eCmXg11js1HAB-Ok*R$eoJp3&FkS
zv85Zr<L10mbv8tvIoe|Lj{_>$?Nwq!)lqLe!sfNg&AzxAaXmWz2^%GumPe%E^Q9Vp
zr}z&I5B`JUP|W^#U^nz($E413)YD!zJ>o-^HE^n0HTtbp*HyCp?^BNTN=wRe+_?Qv
z%YC}9usS{s$pwa#NY_qi6`c4woO7)vFxaDumI-R_6){ax$T}cIghoNkTfAT#yegt7
zm_ABZZ!Jk``(p72P|Jrp{IH4I^xL?hvS_Q@r20>|zFjkVb0ZEEYbLbn3ewLMJvA{`
zpS~vH>Wp<fp6l=qoGA<`P>$u|UgDI}TeE^bZc{ruU=(A6enp<|Jx(8$RtfjeuYM*_
zl|6mT1ttmcN5dJM$(74vzbWHG`ouW}m=bqBJTdCb&=@DlBEW*Wob~F5QBg8!L>8E>
zI6dH`iE$iM%K5*9h^IT3{^()6y^ItTTl5dsUOq3k<be2RDM@M$=-$EZRfsEg-PXH-
z_er}^LT_0*k;Z5}rl7myxkzu?HK^wBT%{WMHT~2jh7OM50gM+B;<IOs!iF=x`m+!6
z6KiU@aACp&pz^IBFpur(M!*MDy#-V*my!@UK&Y6C+CIGZYUF2b>YO5!_<Pw7Fg6)i
zh)aR*`idptgJnR!aMD@h$x0<^q4S=H1!>54>;lSy;<}jV-<u<7X%E&OKAVV4Ex$VP
zh7LdC2f|0jDE{f>ORkwy&N`r5>%r4_%AlH<M^|sT22VWs!mmCJ*S_s;`D1d_ey(s!
z8Z<OUOarEmNcLX0W5bZWZ#U{`@18w(MtH8rVAr%nD4zQPROnx>rWe4Jlj=LA&z)W$
zOH533Ct##v3upy8Aa&lc_p<ZK)Fr#;`W^p72tStycjo5Z#VnWuC+h$$&|P?s?Pe2S
zAA`>Y0%=p$&r;e7ikoS}a!WrP@OG-hWsj_8J(?Wl#<z@|c-)T{8K4yZXYUm{0DtMd
zK0qcD{|}gDWD4fLVU__U>G`;~58zrR<Wy7^6XA~uV=UxjGkfUW>He)Jrk<U$oQ$p4
zle540e}X)yK5ySaZI!CEH+R3}!k1H9II|1My6y#yJ`H2S{mB6bEnHIQ;z^t@KX?ew
z*U6n;chT(s&|Zg@(Z54H{*K%Zg#8Zo-9G5OXp$WeHWc3f0>YL>XaoPh_u~HsM~9>B
zT9!ZbtMe^rbnTpRRFJXx^3&<+iQ!z)V_^tI)IQ~gH<)EKpuPdjq7Pseo7w;MWWD|u
zFpC~p?EkRIKimI%r|JH`06e7NE>IWwVIF-{W8k|7kU|iyfo^B?YA_`vJ5Xe$+ro$~
z-DVt+OE#Et*|yMv#3;!9iuB^<enFuo%1$s1$ySvCHd*-35zHJ!-NlCH>iKqZ-(8f&
z?jE)T&#${Aid2UHP_+#c07wqNOWuX#<1U2u9<ZBB@X%{1J3y_v7bh!DhMn>81vkKv
zX*b`d(Fl5;hJn&A?Dlk%1A)x|5VY5)n&JcmPEhn!miz2o+8CWnhk54%xv0WfdSkz}
z?Kj{)6-|>n!%=J9pJsve<gd_Za8}$0WilVR;fuayGc&o~S9lX&;JG>}=kX#xPHaff
zC?lI1F?ac4XYmfKvCZ!(A?a?h2G%;SC!0UUL0iy_{;u6L5J{*@%U(fNZ3vI~Hl)my
z;7`0f=|Gjnz^-=->2)0kygcKdczHiFwyT)HVCWZ7zHtn_Hu&-Mm4nbFPTqloSr3{L
zT+CItrtwnOvD<Jip-TFXAH7QZ!n%L`h2Bt#I$7?elf%&RsBNCq1VMqT5*EL_J#4L!
z>rcFV)iz$<!^)+>cMnwb?L~rLfcekWKLGQ@Doa-*05D&~Vcw^U5nNzXD}?m_ul)oK
zQeme!=Lqtc-{n0R62oJ>?C-C>9jPGTmu*1564v#e*L)_@4tDZ-_v(!@D#T5{w9H5$
zZ|j+#P#TVl_2P3_4<aY}!@cPO{t20Pl+W1twI8@fappfD^Lf#tj7G5xM1E>U@x1DI
zWkN`3m+%{C12AaU2syGjK($uA&B-kJ6V!S}9L<1?Q<G~^=&Q{MZ<o)C<2o?WHf+7|
zx0zF*sNWeyxsyzbaavt@{Fb=Lh|_=XO4A6)Gugws4u@Ns^OOLq<KeB=g9BiuFJ;G8
zSJfAZitOh<^V=2JQ<rdlHdweN>;O#5He>at7_bcyi0h&QT(<B(R2eRNB5>_pGA9VM
zqY^?1hWKkd3KHrCQ~R>^a+i>eZ#DqIoAKM2!B?P~TO+PTilCpGw*QK2e<l4tv;?dW
zEf~Sy8X$P^Q5xI+6yAcreiYBYeAIvS^Xa%Kwyp}3#tQMd3xD85k2l{(2g7rq3GP7$
zIStbSmO2P@(;?8cLNlz4RIhl4Nqnx;;7=6=@hk)n-zB1OV`DE{3wa7j0{$UN(Lu`v
zn7Zf3kZ97665<E55AWY!Xv;n<9A(A&_j5v?$G>jL-_NNS%J5LJqL$w46hRQ_5|9T<
zX53C{L3+T{z;B4a+JJ(?&IznTU?(vA$xav(L15%>@N2IFIVpm-FW3+cwPVK=xDgK8
z?SDv&;9!KiD0%$U;JL092<!mkAD8#9y8(2JiA6~Y_A}xvZu%}K5jqC)T5tk#qcZUy
zX2XZYwLh71LqU}dBrE88o*V<S`3mv!$N`d&GqBx1Ri=JH;!2p|KNwg!6TuFAk07I{
z90aDhgS%3F?)}X>7dJqPXb<KPAj|{A2x}s)ud2FQ-vB|tQSv1i9$>QNA0qNu?G`?E
z3AB=G7b%XgzJvS91gisPo=*ob^I%I{zGqo{Tb|Zy`@*hQ*O{r;S1?VRZ64&Iyw{^(
zq7$M00g~^at)7jAvC6tj+YOOlPadK8nQMrTz&o?8f?@u-#^@s&+b@V1a{Cl0UDg)9
zcvL<-ay;qOIrzuo;|9dwPy~O%>vr}h*eLLaQ_ea%+7NRT8evqV^QUu-F@+4De|>-S
zS5AQ>C-L-XA_3R?3)mZH2VPrg!P6`&($vlIu*`LBVY0dy+XV^HaR_#Y=$ya}OOE)w
ze(0z<&n5nIi7A8}6k5j^A|LH_ToJU#2@RKe^Yb-6ZTXX)(9YvJq4`qRh;_1D38G5R
zn9h_MER@BkVB1>Q-X1vJ?H0f=#TVn)3rhora}wxmBWQEfzw@Yl=sf4dn@*T_Szx_p
zR?}ya+0V<ZKzZWeAQkL^-7ZcYWI7LgZ0`*DsLb6OME7R?D<3Qu_+T%&i51})X5&^g
z`vBjR{H`n643>(~`@=#1*iQo0EDbUcw&-cRF(eyq`}q*Zo;w$=hi+&6%5>z}%V;SV
z!~7)2Zej%ghp`7bsEt6A3x?z)9dh!RVhI*1j%w@;O{vg*ymRzJ$_}}|JrN90c!Vud
zr4QiDli5+4zGF`s8Jdi)thRKckGCR_O7Wk-_?_J6qKiR(TVw0hFq=PRB(5?XN0XEQ
z9DKg}r~uzQz23MIJY#>w#zV`+?~Ui+CqqmdAQ4*pj~ID~{{MoJ&y*HVBRx6At$?sB
z34*RxTVn&dZt0&eeqFdy`KLV0-9po+{sT&W8&p{)cJn1mLc2%LbLPc=(mLNR_u@wj
zbUKb*?u8WHs36BD3{aLn_nJwfJVCKeS7`DE#2v@razljxSj{k&w%k!~xr%r%@Ye?c
zSlWV@G{b1TSOVz(aw|`zOoAM@vkkv!S>*o;82)?G%7g~^@fX$NgZ~}X7DnTd1KnV*
zig52IMk3gh{lr0a`L<@{G{#4Vv;%5RPJo2PE`JNOPGmIte~G|8i!i4CeRY3_LnEt$
zI&zMMZ;way(Y<PE%|{_dp|}TsX!O0|awcr2WM{Cs2Z5y^H3ES~juj~{9NU{)W&ttr
znh2D>v;!*cOv1v#jO$v#&!2|B+2-ldJ@{9gH#~^{#CiXx-2is=U-0Nb&Pr?mZHCaI
z>JM~yAe_MYIQXxQd5m;{z>%o(FG>wK5`FNRl}DxaUV3xb2o3y;7di0h^9zBW)4~Nb
z^L9RZyQe%gxfEf4=kEPjted0W!0gbB&DrG3eP!ie$?CpMi@nh@d!?=S?c?`1u@t+W
zySL7S<cr@H6Z%0+Bq3?N9Mn8yH-PZHUA5UU{9DbO^+XCc?7PMXZn0D{&0Sj=Ej=B&
z6rxjnvOdXcezqu@0tDH{`Egu+J-Q*xTw^Qal0pz}NJ=kx(jcL2%@5DXhm8UdzRSsO
zZUrDX+{D>st1i!o@ze_kf6f9B7q78HSjaSK%H}lawe2?3d4&*SyF!#$hv<wzYgE8L
zMc)9*gC>KxKSFinF$_kw+lK-rDRt3ll@>aZabOJFJgyysJ-qG_L4g_&IIwFY#5=I@
z)*b8=fyT}v^GxhJ@~&O_-3&r52j)hZuk&XI<=vFX%Q0``Kc<q603`e$+ZTxu3{^Pf
ziU@@I^s1LB2a`DN3Idc7GDiy?eEqND=Fd_W68r$7e&AH34|rbIyxCouB1#5uzVv*1
zc^SlIgd*(`!#%#TsK17g+x1ey@-wAex$f29QugR-2)djpy~J4y=K0UF+G)MVBhZz9
z9M!hneD`)y3cmcuF7LVsN{UBiZF~aDeiXyEi=M2=paIPa@rc@|X>UNsAZ-2p?^pH5
zWl+whjlbw|<jt=Al0<HK5=57GD;EDSsb8O|Q8x7V^8wz;KhEd3d1L*XF#r_wAI5+@
zR}k4lyljy6)Q?eEQhIO~|BZ_j@nGzLxHoLS{1N0HWF3B9r+MTZK?XM@rga17RsvV&
zcf942fNY8qIO*~W)6<Z?@%sAv^V1${IU6G#+wk&V3X3~0{INw`9$A~>n=(rl>#^D}
z0ACOKx0^5s{)|OI_q)M(x5GG?$8L#-^O>u*d3G1uTG{{#jQshV^$CCtF}n}>3q2pV
z4>|0(T2Au->CO%s2^49Z8uH~SqrN|-nEZwGMjdpF2t;Anp=bGFp%cY0{2D*kxQQcL
z;50IC8h<p}QeL=tzLw2^Ce>2tn;pz1^8gU%B=<L%pucbnKoK`neR^M8nXk5ny&>VZ
z=p_Lu*{<0ao+24((Pzf1Q}Fr9F@e*Mi%jP)M_N#~HkP_PVZ^%7F{kfyb3!8JD$2qT
z@VdNV*l{fI(ESHvmC3iL3**E`W)zhpqnr2_VaogcQ!~X2Wif!<USC@Q{P|$8vV0oN
z7J#Gh3rnUgCaYC!6EWZa3$opAU*p0S%z8Q^50JN%@1UB2O~eDthOielbDvWz$3Fq&
z`i9NNZv$lbDqo=aTz%IpRR_TrdYr`<$&1|r{5!4`mDS~qmt#=~#A}c*%T}&mWXq{0
ze$il~+-k6a23qa2fCA-!>FQ#p&!&I&Y9|X|`Z@-7LgC9w_6hz0gbhQkitgqZr=6#>
z`~J-fWMw`>`aOt=o<mGDkMfe_)QLeBiL{qZ$cenT-jgFi@t+~@v+t!uPXgv$=jp|7
zKK#Qldf&*V*^T-#j2##HNCB94vi5+bFBDBS=Sf}z=3T&}?UGo@_!Ysi2hMli(|Woi
zD-o*Kl(CrA-U6u$53T+QRk_sptuQ<pF@A@)6v6~TeqlEqCbhDUG`wl;?!tQ#Brll8
zVJ&kF8Tgjiv^?GC7Ly?2CYNM_+>sClaFtfLP_;TOeDAd)7D~wPh8e{IEceduupn3!
z?jwkSq0$;1*HyN>=>4B=Nx;BgDbGJ}@?ra)<{=Zxm(sQ(^X~u^f%!Yg0N~);zCZi9
z^<j*LQtPXbwv|&$?aJjn#&J}*t@}qn`DAOHtapTn|HcP$>RD$@cbe~?Fb6ve-&i%z
zA1(RP2EvEb&=aNc0F0zro0Qmk%WMU+DEG(Wf*GWD=ZQ#A$cZj*1)doLb3f&VNr_2`
zFGG}vU<a6JxmAGm;3VYFMnxabz>18$D8GoXIUJ0Duu{0goV}@Cf=qk(!;@cb3)MMt
zCsnAQrI9jR;O4+#zmBt=udOD_5~-J-rdSeb@NVdo-cS=si}9IEaN3BxYZ0QG|Ltp0
zQLa!`Rn=#uWB`p(5<{<-rVJ)C3Vx0a568OqvYg6#Hg_xRy&l2(ZBKl`{Rb=SPJ>Ll
zL5+2d{2M`b<F<JbMi^U6f#4|0WptZo+8!>maVz))PT-3nm9U_D3ufud+l@zfIKLl6
z9!~vI#tsqHV}6JbO12BmiS@v+;-uGp$%Ym`^d8_#%sllYizigFTKftRG|nLe`+09R
zdn;_}lk*cs7lbl*2F)!bFIwidZ}Fm!S}|QQ=)C)<5-12uK=|aMN5AbJz6HVC|1<7L
zd*6W6aOBWsGN+Npxc2S?E?JwDvstHaZg!1^l}s59X5Mr#&pjJOKOLSBW3lMaB`@NW
zr5j}Q6hR{ll9jGXuEOaY<t-WkQ+BX{Q>F?dRd=FtnsuYWV^e#McL`ARpZ#g=vJBZi
zf-@-xEc(%Vey?DNAt?f*x9hpuhj^QKsw=^Z=HG4<O{=ba>+O1T#Br@o=K+0y@X1YO
zE;*4~&*UquT24~1yC`rqzOo$cT(G@KlCdE4aZUb1!lhiRy!(&k>@GMo-5(%U&C;eq
zv}~#bGXwnj%*BgRlEO)Iq-WQ`jwy{>hKJ%l*bMnS4tU9Gdir9dL;Min)vfa_u&S5%
zyU9`CW=fsv(-~=cJxsGomRY~s8o1<(tsTz+DIQHcr6||sXC=sd&Y;P|SvaTe0|fJ2
z(Yi{}j6F!?_*H`mTW^GOs&B+MB{)T9C-ksK>LoKO;F57<6s5dT6Z4L#$|KjY8&AHC
zXGZpntYl0w8-F6g>?Vo8IoYSYH+Y|u3TvP_=3hHMRHQ-_gt+J1VQeAUfIq1ixudCM
z9o6?CMWx`>;YxL$s!f1NSIs!PZkb`n7}1Xe=~J?3`??A{fdr9vswmKoD!CthZy#Of
zK>ne>OMK~^-^~i;t(mQjQae177*6`Px1I&5Ar53i0=Z5gS+`i{#oj585v(7bGHnP~
z3LUQ0?qKq)cmz)7@|(3&*uAeL=gxe+9dJLdY4Kxj?=+)GvB+n_053qmP%O<pixFLP
z9%t+byJXj_f=4PcWj^j{9d6s(7JKBfwH<lWH#UNlUwHfqYDSSOqxXEJf5Guhv6=bD
z$-eJ`<D20QWZ93ft+fHPiL2SI(3&$xI!@<U@S<*(UC832=bk2j#dqkR)Fvx5@~=AL
zls9ra((sXJ))mr=YTP%cIM@Z%h8Jotv2eySG;#uZXXur65%u`i!Hyss+2H2R?o5ne
z>y4+i3^F34r<<@5{SJfv<p3Mm<BA_>k}D(}vgT6b(-E9*RF3oo*-fI-0pLJ+EcQem
z+qxgGLGxL}xG_4VP4i&t^qYK)I@!<5z~;y@H8*ph?pOlKTX!ANJ*~hC^FU2YaTKk5
zmv%H-;Inz5m-Pp_Cf@WKp#Y?}^7c3p64P4&4~9Ig1X?LZg}ujzex@|5^g;Qzg%=<W
zGK#&OLE9f+nBKVEz=mKe8)BT?(An#&ErorDqD<rZHr9HA7qY&84r${^zlsKFjicUH
z)W^aYS)DlLE5r?l-{X?l?Q`hNjqRB08U=)KWB&-pJ!~hqaC9^xFR78JVih!;t}8p-
zX|CUI@g!r*CdfGuGu?(VG7}Kh-{~(nUy$ybGb@lxZU6dCNaS2Pp2!8}BSbgu=FV1f
zI%aEszg<m5mPf3Zo@5?V;3|h-!&-NPIU|DJ4(pP%tJg-dSgB-Q#lD6rMHtdt`MP<3
zk!yWQL7f0i*q0yJ|J)gw&4pUdWCZ%3MXJ!wj9}?Xw)pn5lpe6GO^qNN&t)t?P&oHw
zwqg7q4#<2~mchA^F}GOsaf2gC<H+X(Dkoqgs*ouRXGQP;*F{UIb3MH(r{JBcl2*r;
zVBQ<~ZXvZz0kR$UYZ${A3TI(<G)tqa^u_{2G5iH8L+3`uRi<CVMBE9UYm5CPxr?^E
z{Cu)9L$bm!`BaA2@*>asV3I|R1R0{<Ysv%mQ#5{h4o!TPEPg6$Bh|kCORoqN&bh(_
z3_RlP6rwlm@3~V3cHl{T?Si2^>#V6W`M33`+heDjnv!)AmzvFjsPXvf&hngDY&KHf
zOCT__d)euxFWPLPE#Bf57b-mF!pkUfOmu|hlDDVbr?$WcJM4i)f=r!_Hh+m;+Y7S6
zO0_fRg0HWsv9BS_0iVgo#_1GzL>cq=nUQD-r%2Y4Mx;%@X*Bp=sJjUxqetp)T3+Ej
z=rb?BvhWO#E#Au|^oBHvV&H0WvfSFWY8N9`>AO7|XpA%qXJw!B7BQ8cIA3&LI=t0J
z6eM5tl{3PVMl{WeLUp8dTkr_jHxz3ZI$j2e-zhBWXOC^8IZ&o@B8<UiY(W;K*lMHj
zN+wb+uqw;H@OlrC<m>(T!Y`!ZD~O->XD^Dp$2}Gq5?rfxTJvl2h#HGDSKBFt*2BV@
zUxyg8FYr8qIYWfV`~ke9FlQ~7ni(p@e)fB?L_`W^9v}es!XVye2tz9$d#uZnJ^uo}
zQ$hZ^l{Wre+b4-JAY;**v;Wd9g<CBMvmu*O#D3C6AQ`~@I&Up5VppOf#GD-O1fa`o
zzRTIgEa1p}Z|HZEX1&=HVgQ9!H*+68qC;N-s8yHVrZW(ZLtNx!pC#r~o}hs%W0vbq
zA`;IQdS1q7Ezn4~+fdvP7iDO#o!>{Su(;(M`o=^fC@_>~B+SpG#%Enpn&%qmJZy5l
z`AC5#Nf)VKnbgkmRc1aHy%w3F{PiG%Q{~x+=xAS!{9~g)fY4!0*^JaFW8^;1bBQ-y
zMz#gG4)~H{Gv5?AKb78W-~4{0!<LYJCOv|A{RS(`7rAF=tFcfC;s`mO%L>WKcpxWp
zn7Vu#1}%lzRqxI?@ivKKXEsbNR|l4&iU*Y<r&U(8iRyai(|Kgr+Sp7wW2HPb?o*G%
zP@alHf5W=zM*WPGxr|9<mF=aG&vdiAc+0#q!?7{4<zVKJh`5;9wz$o_@v!d<@g~dO
zp@ufnXjc)eY=ts^iub6_W%0Stwx_}lM;w?KMOIULFj{msy%I49*t;HGm<N(=33d2F
zGN*$nA~$lx&0pq`3=bg*res}o@HY7%Pgp9~S&3CkoMmX?nFWm2zOSvI@JXpMyhXja
z8;PAKW&IhP83?Z%V~}`j5xoi~VORxfqTh_rMh)-}jHZVr*&FIxuLr5Jh$Wtt?Y?1^
zuH}I+S)v`+$GIOG4Ml@U!qVn)ZA}x-eFQukHe%zrX5C{Wh=ro&-Y#wng5GEiIrskL
z1@&=ee8dhzf5Rlx%_V)g_K!Sx7wbZYHsYuDG|QN&-#E*bmNWkP*60Y2vSMcYt9y3S
z%~&W~ugH-n6#F#?9;d8K7Nb9A9eAK5gq9qG6+h`_M3+QCrCIxgN=%8BE`FHiaK6x`
z$d1Q=t8F7yn6DG)6){P*Bi%o|pJr8D_#)5syHpqF6!Wf0(bYrBO6ZVRK|lR0(IPp>
zIhlgBM#>+!xGC$lTG%KvOVJx%q0JY(1b;;LnQd|gGSx!#@g{2Y2Xs{eZRiM-FVy0q
zGAkHD60b%m-7>`1Br4EMwvUMHv1(V8I#7gn(Kes{QRpdC3i-&}!L`BfnX=_-d`tkk
zoig*#f8k^D_j~S)!rn)+kkZA@UI8lSZ+ivvL6C|JeZ0-b;LSW!evi;6Ny%ty>PG<R
z%6_`J+!2S4En6Hv(C1!4vWRIaab;#R$H}!|YOKBn@fxvXs*2(@xCFf_=cgOQ+*36K
zSUSBijyoK-NK9uB<-5<=Bsez?0uOa%?Wr;o$`0}lhZ!3LYcS<QEWkAUvPkY#agZuS
zWGZP-A&_IY{x=YJ<7m2evP$bJJF$)54=M=i%%N#GCG*kS-m&sS%Zj*t@H~37>&Jq=
z94%Sz))kh@$BGndGg#<8Ufca0lI`HT5``*IvmlGroRYB~WRc0}bwoPvG(S4;oec5q
zIJ5}gzBv1GdlgcYshw-{XViQUA56vvK>7I&w}eokq!_7db<83RW&)8U8GJEEF<>2`
zd6l`MMFry_HVGQck?(>6{GKEqYqF{0`7A|dEV3_kl_m1sJn-Il^t`h+Q1MR(BlCx+
zZw)m(?*{jxg(>T+{Cc(wcWAk1F1|c20lgMs-P;`>vX(Wwe09ROq|0A<jr~Esav%nE
z{v2??i?2*by98Rv3yF=?jgeR~mtMP2bQ#fF%7!t1f|}b&csLPED!?P-R!HH!&N|}@
z&{mG0lO%rC;#)3X-=^X_=rl-3b6=dleMAr&g+r9CGr?E)spgX7oezxX(Cd-G0yO7m
zZg~p5^g~ulb20Z&p24F)S64G^uXBvv*nhAd6m=CCISI^4aZo-T*((G01-wm(x=4h(
za7@6IhmE~RH1tW)x;9Bj6-W}94)8ca#7uE-Robw-3&6p&CX=Sg*14K_<pCH;_QEkF
z70Zb<8z$cypZb2E=b-9KvUtGQK2j;Sc068P=@<f{M4gB5d5D)=Bg#eTejQ%0{?Px^
z-j&Bgy|#TcL|KcFEENY)l#pe{5((McZ6QteN|a$V)56JG5@nAhd-fa*=Ljc-$i9~b
z*~T`+Sl;_La?G5g=Q%xZ&->4N`m4{!Z+^dfz3%J2uJ8AIJsYxs=5^=lyh3VtyL>?4
z`2th$tX}dnJ+|rg&qs0ua!r2@pTw$ibsq0XhA29dY*By)F)<Y41aR>+KV64dt}4&M
zE{c6g3%QVR@uZGUyTy#3M8?m!cKcH~h7BPxpB`9{PN*7@xRyVGXpOd@i1UW1o*2bw
zFs*n{xzYp9o^`XyzF>#b;ZAWbU>tVESLbHg8N;_|LP4ghJk6Pwf`FNDT4knNY+Hc!
zZ(@nO5_1Hzh+jY97eTQS?(oXbQT#F#)(whl*1`_3f%?`WO@id*EBcpi9#NgZi8tkl
zcUPJNO6ivu$s5t|-tK<60z3QXVKA{u^>&=B;QJ@hn2_MvC%j^3{jz(!NfqZF&sUhq
zHR0iAtbUkmt8$-bPO<cIrCy>~ZzyhrRDWtyk{{s)jufK+7W$t~G{`kX)PGFe6|aWy
z(Y?>hKYH``XL8^a4a>Rc%Ue|9I$1wl3rJsw04KVrf>&@)A4Ka$+l2-_oL&wItGUP!
znlF5E&u_aFo0mRq;Lv4k$bWOz`GLV)qRw0wrV+>IQk-R%iVu|%q&cPj&YXa1d4VR)
z#3d>yo@`)_Twd&1);setwXy}gwO0)H`rMsruy5{b3GjM@oA0Xwpc+ik?)y+`msw`T
z0W4V00sL#cG;j9(m?G-vo20D<%KI6<G+v<@-4R0PTCG)jNrK0A-nKLvv+MGaH|S!_
z<GK0ivdoR}KZq0ytOpelqq*-thUKGT8)BCi23`OPNMiYy_93-=;N-MPfSPFM-exX6
zXw3s*xp5HmQ(_R)Lz`<He8fa6f>y2RzK3bvGa3N=A>iyj*dtOiU%yYjeeS3uRM=x2
zgaRb?xy|(nF7s3r?~*k30J6Y-i=o!@7sZ2b3o)^7A2^#K!f{x8K{iLCVz)N&B18Di
zcRFSD%l`Jkw>ch){{$|yu|rD6c;u7k$L`8lCkU0#EBlc`VB660vV0;^gJ4U>0LXQ7
z2YO+mO3O$a>mU-N^D~)D#Ulshe1f+ENA3s}=xr@Wv=SCS>DiN-@yi~D&c^Kf?w{`+
zW@X|wziNb*=bFn0B)BQ{9R1wrtPlZKVsGaja}WH(51^bWQW<`ft{PGW5d8Rlp!x9S
zc2@beX%vum*cffH#i3?!92~xyIXkW*YPMAm)P+A5=y$`N2nc%2X*fAL*-c0T1IDRx
zWY>wJr@XRKo^5ZeM;`8yoU~mW_f-kFsikCPXk)(L@Sv-%_TrUS99jpRHpWQFl(aC%
zhl;ix^nd<7?Csf)3A}r@NKOILZ%EG-<ycDs#Bf55n|TJ=KzH<8P-0{F3>5NWgy`Kj
z)(FVp2Dtx^D7Tx_*-de0HqFypn!bHz+1m6`sq3@;{zrIVv={hqqVu;HPNP)@<8BRQ
zDGL`rRZULO)#aVOm&tz}M2|8xrRU00G-06&84_Ksm0y5FQDDcW)GW=g+*fQTNV~(%
zW<M3i9@Q0@%z=TD7J`5~dW=S7^yC9;YmLKW24IAoTg+Vb4B1VXc8hnBx@UtHQ;T&p
zHEtz)TQr4NpGph&I@j136rTyoN-l4;!T#Q}WEo<4B!Tz1uK;S0wL<6Tkn8vIXCB_t
zU}0i`0^O0Yv|W;p^q_d)T^Up^r?`}|P8k$w<;-;=HYDmsX4`28y#mf*^=x1i=f-|e
zP}#31@7b|s_{*7ghrWSApsEs~arCZrL`nQ(IXU*s?Ecc-9@vKFot4O_%SRT%YwZ{U
z-RX=~Y9r;P9(zD(Bxz0<!y=;OqUe?lAXK_E4hadWv_+o!Q^pTUi6q`|ga~=>+*4QR
z7<MHv7I?0N_@NYQ$?M`$`*Qu;KHw{wBQP1I?Oj@4rWKFvqCGFw9?g9T?v(Kupi=o$
z2uyA7uf~p%n*Q6kQq;4~ah^Z(+wCxCkB?fZH&3RW=0JLnf_l?R#4g7Z86)$O?K+-g
zorRY>b2shj%3!XA@QggLl}L9m$o%|`Ow&+cthL(3&6Xmg8dD&_@Yd;fNNVR2s7P4p
z+Fnb1`au86qV$?DkTVBxW{(1-rRnYrB_hCO_)f9DPb#rbKfP<6z|a_J=+v^8vJVtc
zW+*)_ZBVo6ozzTw#tGdMp<#PXw{e<UgGy{&E|RiqU)TZp2$d`7Q6)soUd?>ndnJ$k
zV)pvV;r9NWWF2$(=+@XT8t;M-(G5!^f?#f+Z<z2Jq6Xm4$canbdbW2ZtG}AK^r?H+
z8$J-@=^W)0@8n@(th|YS2OPw8`&eb|Og~+XA&1Jy8Mk*5<UtRm3hJ(U`75_gkb>zx
zy~o~$$-v0CY2y9KjP^XOB2P)PmoF4q5=8#U+X-obU42W9IkYp52U7s~43L;4S<vi{
zY`$KF59R>Z*)M+#8Z9HI2#EOKw`S0(=Xn3EGnnjZ{7RvvXy~@mYM>Xl7K&bNHN+VC
z!{6qlgz21E$yU$FP;7`*9pSHF1#krqOpKQc8|M_cBe;gV0t6M1lgtI#?1x4sXiMlW
zbpPx3{v1@?>qUXq_k-eKNA;+a`?oJ?u(|yUjM-YcQt|_EJ}BV=Df;9X{3HO_7#S~q
z@P$ZLtDYzjV25g=4{~3CaS|eLQed3phRBvc49M2~)zkUvsPA8K)VIXMKOLt~se7~u
ztm*(j-+y+%K84^9u}W9JNA`Tn_X9+Ogl)TUyqFWX_StS54wH4LOE6P9LXq<Pbr+ap
zqNof&M46El(bjmw{{gJz-!MG@vU44EdMGQv4phP10jMO3GAj=7*kn+N1`vx5ZcNT&
z1Dx|>_x27DHc(rE8~$+A#*c-ltS^~Jk(vKd5EX#<YuTOEInQBOjc?072sU@nDq`>3
zV*Km#Kvr^FfD`vUdYh|PN@%72iP!*T4eP<D*5R)GaX<SOR*EtW?^g4(z|gTt$4Zg)
z<(O9#3aoySCIDF43+~;)`zb&z0GD#^0@L7QyierGN*$=8#N+g|kBQ*O`N)5;q94E<
zI9h9e0hm3Bs?})s{>D3Jj#Y*S+yPmjbx?aiu(<h!Ju%|Th9vL79sOX5{yKz)Y|pB!
zvIAtHnLU|-koW(ZCP4-*s2}AX0QgcL5u2j*+JmZTe_=PZ&HGc@ek6kq_eKlu6d=Y<
zcm4!W)~0kT04(-HC0D97d*Z(<84y&bQY6*oHb|%g;_i3US}OKH;7e%teJzdv0XcyT
zajJM{Wcf&2&TkD9<~E_jSA*7$FfxQy3ASXCdZD8F1O&si0z%SxydV9GOfKJX09wCy
zl#rqkKA7yS@7#YPQ>6f~Xm#i~F9R0DwD;Gl0n=gBI?q6{x7}^H+$S*7I`A#xbs3mU
z{|zrTp8!}R+Uyj7mnW-9lGhlE-zp8lXN3k)QqSi_EtvdxR~&NNT~Y8{(20Q2Y%$44
zDmR{`45wa!<oJ0f`})pEcR_MtGoE#lG3nwaqjBqUPRO9OiUY@JZEa&u6iJK!Zwd-<
zNkHQE|7k&i@b^h(Z<V!$w`T(K#S5O>K+V~FNOScLy>hZt2MKd+we6Y@-2Y-E2$=<8
z8p!+&GK|Z1i(y$S05dZ$1}O=c0Hn?F`4%5=$lz8*zsW-@P~oGe?l%(~u9$JO_pW*Q
zEo#B*vg1r*LB3R_0%!n~cfC>pry=P0_mm0%*mRq}VAD@P*z`ScBYh=+P5;oE#R+=M
zySk>pFLwWhIzWJ^1G8wu3!A|&p0+)c1i#2wJzlPJ{uz${oZ+ifd?+LpFH{lyI_Yn~
zz9xA7Omr~h0$hz`9fQ#Ktgz54hukGAz{X-&MY?{6fd5zTNI8Vk8G!-<(=mWUg6i35
zn-9PX$0D4nfp;)41SIVsu(O{Q2L<pB0u5sAA&q_6`6p>7L6rr~HK}OwiSR=@0N5kz
zR3P|)9ayQepa<1iU?I~wTK~qOv2H;KAmRA~3POB6>c5Kx@?De*@~QVjI>5VbMT;NU
zffX3-GoWTr!4L>=b+V3s!`1$deL(g-zr%oh4T=4Iwh9^f{L$zyY@6*6+a}OkER_os
zP`W>27zEfh*ZzZz{LKykQ1yDnQhs0uAhGHDXH6ig%`Gz3MlRl0@qu#WWhPB8M}eRu
zz_+!XXWsnq9H`RqRdwLU6h;ABck9)4Svj8k)*}UhUl2%fZ-Mf2sCJIt8GzO`TZNBI
zi2cRLvH&(&@)4ELrcIzC)=_sckaCPET9HloF&zLV^S|5yG8{Es9Kg@B)ByiqkA?4V
z;8DM0A3))Wbq`W-EdF;7QmE=qf?%~hJ)O=OVWm(Y22t0w>VE%-4*Z{b0&$Rc=o9#r
z3G@wB3NrM4y#hhs*azQR-)IHa|MC7`Y}72Mh}1wrh~>}&8`a=w0<y)*r+|$j-z=2<
z{_Hv&zeNMi>UuWYJUZG$$q@c(P%UU+jI4$WT!$ag0bnxME70`gI<TS_;!q7>+>Y;{
zstM&srVWuHNSS@>v&C0D_w^jgZ|nmomh~N8(N`kEx{Oyq+Fgh7y5e7JQbx%j_dG=n
z!z<P_=$m~Oi!t8zniUU}id|>F;yk}+BY(34z+|rDm;S&GoFjwJWNiU`PVOSmvro2K
z#h?8PO3e?c^R>QP_ca3b9o*YuGOu_Sb%=q6u1N@-)%Mee&!hvQtN(f5D}eJ-2uci*
zIYB?91M3$m`+*&Rh|vL!5eE>6ZF~nIy3>pQ!u4k9hUc}uzRJtpw2!pJgGQfc*QwFU
zA8Dttd)L3bY&ueTkzbfGDtO!7=vQHQHU+$)z-0wgc#&t6NY8`V4N-U;srJ$s@0l>~
z!bpGSCPsE4RSXR+9Sr>Eo@N=Z*ctcuIz^ZmdWR^|?$*7Fs*UfPgXluLglkpr3R69O
z2~CTPGrPft%235Lm`uGgb7J3;cLeU_#1nUDgNX6*-G97S6{E^ZYl#i95k#e{V;Xd?
zSjWgQ-fd5a$#-WojKXf=P2pH;gsPA~M#eCEL?hOX(Qy8der*H8&U(!Aq;!5dPGp>h
zk3H1V)mQ(%t5;&(XX(X?w85LTsovZ>Pgkp2xFj%bhNVeN>c3mqE+lLph-z<_Rt3WO
zPoE!I9SHDx><&7@jqwlt7Yaf<I;u$YP6Ztace+AL8)XHJ((T&bezvQ6sbZ;$xq|zU
z#tYuFos*cGcNhcex%_Sz_;ozVtvmyZ!iLz2&Ziy5G*n%_5(awCpaFLpWrs%T0QD$s
z10#CA?Ji=NJ#PAPR8%61dOWR>fvM6aL-z;Z=@6=?%ZT(**ei?h!9qG(9fO*!u6b%l
z8@Gd2SV65gYDCov1(+ATP7r!9ZxgMK)a$z*P|t%w&v!ySKTq9rNia&Uv$vv~cdCBw
zJEWk?cUxma{5R(+bKPe-<3@f0Zx&9b8q?v;hc@8nJ>R*~(}l)Fi1ypxy7ydm$j+gh
zrh-@Oe*E^8Ww<iAR~U<zfAx)w>@s$C5hQTub~y)cb2nKsZt>E{duA(>l*He+<V8zc
zJ?E2i;UZY5hG3zx()!65?m8?>Ud><E$a#)S3_4-agE_3UI)YWN&p>m<{+)9rrrM?l
zjj1u!n6_|VVyGt0#tm$OiNR$J-ZnApG;#o~@FBNCld2V;*vGlV6lR{Z?171u2#fZE
zt@RuZdhSc^`4g(1XETDiexpBq#+N2BxbKrB*jFq+e{-&Ibn889gvpM41;+F#)tfV<
zdYMCq32Jp*jD{%tm`AB#fi;7z#j*j~T7J}9Yv=gVMnPw1ciqAgbg|_-_agY&R=qi0
z^C^y|h_ITd8213u6g^CAfUh><33!hhv`}GUz)bu-qw+m-l|W-Fe;3TGHr1G#Spsv_
z(sL_D0&JH?<^89?LQMy);A4PV!AWJT?j0^W75Ayt*CG`>8xr*>3AA|T+eU>sR8pxP
z$xj!G2zro{t9JCD&^PDm%ck|7)uOF--U7xnglbG*;(%$(DBTD@C8YW}*~2;m7=yFG
z49YP>W>B2USPA)-kp#V77Pjrh&&*7Ct96XdT(pwMOS#o(9d|e@=Zb3IKUT-h9v9_u
z$iW9PDw^MERK8=b{y6~tIRMB9Kuj!lGIn`_5V?^}K;wNf<*|(^dkBkxd*;tIWiBCS
zx4JHH#z;7+%@%OQT@?)!bp-ZK0_-7ZUxWadOOIS;=@RN-G?jT`G}G?={5~l%7%@M(
z)Yaor6}%tUAa@mQN~?3KcH%X#+(QAV_OmR8h{b6_<m8B@_vBdr%xFRU=SB*jKuEP$
zhc4E8zNMzBbh+<>XHHk~;!MKgp8Sr{dVA;U@T7y}6C8cw&6~b<f!Rf1!xr_*c{{*~
z=tq7#D1B5X-{UpqI4kv0#i`qqAX<NwY8wk(62S(mER{dIEygB@=v4Mz0I!FMooWxz
zcac#23{#NR1Ey#Zn4(nL>Ib5h&N1F|cti~#o!;QkOQJjxY3WXF`I2e5INRTW>~ZeC
z-selYQGI~&RmccAX1l5YxL~sbW)i^4T|ng<|3yv}@t#W8;g0KP4Q46*p_e{oqOl8Z
zQ>3l}LTIp7aCc|%Ondp_uodROjME_-;v%eQ`7z3ZWJcNyoU6#7+C$9h@z1gb%26KX
z%O2jW)fcY)Ji>O(_w|xw1odGD+b20*uT|RSRY(fLP8tQ7i#^d=OxkBF$;g{(5SUtL
z-m;ZFE)7X)cv~*?Dbcs+x7I1E5+709g$JSr@&>VCH^g1!2slz*Bp_Bs8_%dwxLV{v
z0NAH&2()%>c1*r#Ifs;26X}9jPEMu^m2f&*1+Ai2Q4#h$w>3&^>U@b-7-L-Y0HADk
zh&&eYn%Et<+l2aP(1}|Z{Ajs6UqC929i4no)8PU~T^_qjgEuaE(M@7BY|cU3^;@w|
zHk1=KLGv^a7rN8ZYXZL%JNb*3L|vWt%=?;K8`-MU*(iMp_Luj{0Bu;Vbgl;UWgoVt
z{zH~6Q~8uZHF`Q-(I|bIRi%HLnN%_+3hX;lLE*`@t+_Nb9QxWCYR65!x>3N^SLa-L
zGy-r*Im<es^4(rGQ<*AggP*s2ptAqx=&@U37RIg#x*%>$YR>)kU@>@~_w-<3!aWU4
zHr>LVB+fW9_F{016$FtzSaDacshXS`K;QdRBy)Tzi=-3UA`djt$CkF2_)>4PX%4ZT
z{Hckm8?9*k>r+Kc%UR1h4<;X66F?|0)zSbriQrJXOSLf08#LL4ANWdFRMH-*;@ids
z{DERQcce?{VwJy)(GE#Irc_E35ErbfAUy*Zai!eI7{_ZHk1q{sxs2d;pYxpFt28<%
zitkErskm!DsxvU1YtuQ)LH2TG-$+mM@JTnzq=mQCqnQk<4f@3`?;ERB7m5*zU5kM8
zks4;kwC3`I?ahoeK+FyIOWm0JRN*0Nn=;8IiWePoESLzE6krf6Zz;D8XbPWMn+Jzy
zR^uEjJf7Xn9WH&zvx$V%OkA6wr0ESsgTn4kNBLkumG;HWi~UQ|2@ol^R{O4;DwU_V
z0ec1a8cbLTn=WE`;q};;+jTQNw9*TtlXEH=mY$;@{4@91m6|7&2yWJ?9CA}IsdI=O
zR-~f~bu-gKI^DXLe|f~iG!v`MuTm^kf;UA~pNdyrMie*Xkrb*(eF0_)p*HCYisQp&
znH!b`zM#tp8@vU_Ntm9E3y9uXtm_TI>wrx@W9eaxvqkba=VG-zRYvySFijP-Ar}7W
zQ_uGg-L)@&_w=nyvD6|lb}}6<a!kA>BnFX5VDOqH+3M+c5stav2<pwU;aTwT+sIZb
zu;Bf<lx>OBTN=FN)myh=N%>u0-3DTdQAz$XI+=*lBYMro-UI{S&K;`UifFy_6F%TU
zdBG6#tzbDxJHj;+{yTf|I4|ab>lPk!HwLDQm30!sF*J$cpWb@J3q9pmY<}PDi`9PI
z=OJyp)K6Nl`Qr5@Ejp<rxU%IeVYt<E)?09jVijFlhVA3v(V*43Z{JhY9qxcOpZDqO
zK#opbQQ2WSHe7YO1R>R;05A8>By9pV45bgGY^8aI?S}E*DRRt4)gRkQ#{T`{#QA!h
zR(jEvKdy>k-QYGwZQ5O(GdL$LDIPmJj@T}9(*JGztOKc^ydHr8o6d=XzdtUte?~ba
zy#0lRWw801T^&fb4|x`Zj^W0s{2n;v6(yVL*d6xKDU@X<ekwV$DkComA-G*5uU%!t
z!7@0|fz+7^?7*2i_pAL1YOhWkm}brr&vxhHoHO0j5-nnz&Xxo<4Nsw>J5G_zDHr&q
zz1YGJ<)<x^3+jf@o_k|$j`KB}`nLBp`_8(ed=@Qcf!8-JA02gB|BH0<)+UGalIA<1
zDD+7Oykc5liNH*q2RsU?Un)Rpxu&-q5<Slo#P4a|awdk&Q>Uc6phfXQt4vyS3L9yt
zxICgIoQplqtl4wf*;U;qE9N;Ot*M20R;2`V&Z(rEEz^lG{<wwmsJYGs)2H7$ngbpn
zPC-2zDsOSJEXiznUVumi6O`BD#t*J%iW#EFXue|sL`|YqIxeH-mq#<W=7d|e!#OB^
zKGWDgO%UT-rrkapU$LrWx;uhbH7I$RR~^aA>Q=mPou5x-WCCRlUik|yA*YT>xDwUh
zoN(^^SZn<qf<QpcW%~dmW&2(}D+{5qPLoe5P}6NRK@bv&Pnud=t%6&I!O_<&&)Q?<
z%(%aqyQ#|FhIrA+$ffaGO0!Ln$&@GM`HVdor}ewEoYrxvysY`oJk7q2EWEd~<-wEb
zv0#PA;^QCp`!FZX$0K#^jR@lp9-$B;#0bjU|E$ruJyBwH2{EqrP2v#=2tJE}8J4Q+
zT_AGM&~tSrz;%OP7EXjHQc^D}Er%F7K@~K)fGxznI&FD8*uLVNU5OhXU(ZaTCHQ4F
zZemdBEsKagF%a%QWR$*dtTCs3t2se&UxY4|-GbAPZAV0H=Z5>+<EMC14d8s+qatit
z2Z-~)HW332aOIseACLF6<|Gn-d6#vWSSUfcye(w0$#K>ra}B7=e0=XCYDXQa3N5w3
z=Yxhv&J6f)nV@az!katp1P8j1I=517G^V#KVwLk@&8c;*FXxLvpPRf}+<>DsJg;Ai
z6OMZ{#P5kXDdn$3bab4!#w#Niu1NXeeLF9OOMh&9l!de*&MWA{Gtu~8o?bgtJM0Dn
zuXwpH!cALff0O6XTr$%3SCcw!wDIPMOd@V`*z<>LV~^du*-S$D5vs?e&HygqWm4z+
zN*CqZS8QPbdJr=@@;DsE=!!BRMxo@)#yfEzcz_DxS|2V6()astCC%%@Q-5+rjWw87
zz08mRo4MuM%!n?Xze0%#+@vnyPLJ)egTYjXYlg@R;aATcqPEKri{Hv5A;(Bfh?Y0N
zQtcZ?Pj-QF)vhQ{VwBm{@k_NNhVoEKzx5IlD?(e*DgRgonHlrTGli)p3yNPdu(^^v
zXQLN{m4&}XHlXH~!M8o)J2yR+dfs&)eK8{(*f6tNRI^eIi_*|}-TCn8u(|M=7TH2-
zJIE->A{jO<^?9#_E{Whjk(#YftMgm5*><zEE<ujH=(>xn)ZUbOoR)Of)u23*)Q5g}
z5SYg*0r9c1?fR1Z1-UBpL7Ef;r`mgyE_{=E7_N?<skrGHSZ7a5Imfm;o1x5%5pQ-;
zHa!}w&I@L!&S(|24Fq8!)xxbEwhUde%;Kp^NXOubaE{4+lpFexWpBo>TId1S%2=6v
zT<NeaSPbEpaZ^R-S=4LITcXvNsRl+Jo2TyQIsm`6pw2Lg1QSpTD}FUDV5J$Xuy3Le
zMdjC>=N{znntrsq=zVHFg0>poRv$xqw61WBDb|*1;3TmzSgpFk+WDu<7NEgrUb%Jk
z%iau@?Jv#<xh6`{H&sEb?9CwA{*kG+2wNRh%mI<m@wtd6RS~YDPjiJS4RbO3X_?N`
zu4CM>817Wi%9D6=mr31?{NdiE#7}RJt+~l%v*x`GR+Wi81QM>)0lh>Qns;96VCK0#
z^>^JqYs;RNZZkbhbn~wv1)B{+T;4_DnT-0yKJTPxTNxg9TQoce*Qmr~xK9L)o#l9H
zM$=|WHHWt`y`NyU@EgLag#&zt^1ZC89|cft(fLh`dh@6Y(Rx7D1gV&=d#{11;UMK~
zU4+3zS$>!BmQeMmkiY)rGn0wWb_+@)ajp>a?tEce>H&4kWXi}VeigPS)%+irDGXrm
zLvHr4;z`ru!L6Kek{{>24{knz6C{n~P|S0$kdUOp>FZp;rdxA2sj9x%5+_FKOk~1f
zBD3~I#(Pg<LhO|!sRjx(_jfTN)z>d2nl;wOnLLzFx3I@OZD;kT95?6>2fz#+81s{*
z_yl=mlfha{&M&v7+|J++*Z{Ep1B$HmC`ShDTGc(Yv^puHFL)?d0+;}y1PqNxU&iUJ
zl-3Zu^B!12|1|%f(I+pje-;mUcl@(;|6f`j?DEEAY`tBli(G|iz&~wGeT@wDb2tA7
DHvilZ

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/loginname.png b/login/apps/login/screenshots/loginname.png
new file mode 100644
index 0000000000000000000000000000000000000000..342e60799e0be3dba78b14c066e5c738885f0ea2
GIT binary patch
literal 114853
zcmeFZ2T+tr_b!e|k{}`(1V#}71qO$tWJEwDDv~AVoO2u$RI-2|AVJBJB}!C~Bsu3H
zN{$jG`R^C^+g)6}_1n62>wl~6XB7g&^xNI1Pk7EbPtP-XSqTDMDqJ))Gy=&xx9_8&
zVd$fwVKU)hfmaryPaC44;bxhLipoohio)b=tqe`f4baf;JbMv^Ew3<7=KbBRTlALX
ztz=@?a1{ETGp{k_L(g*GIuDCDcgx40fXD{3&&MA}$^ONgaWynmyi5MRVtKk6p<*Jc
z<apc<P?&ys<yI)SjkcEPjZwRHueNXB-+ym;j~4pky{-*a7QS%VovUXyb__p#s=sdi
z2<<fIDNGeKJvO*h3oZcx)>G->>gFeIXfb&utc<pY`}^OoUUe5CBSd2&nZWQQgVRhX
zJgu63#&91^exIoN<NXY0pW$<<lA%~cE79Z0%(U_2k0r$)HNAYw&RxTawsx6KISd2s
z8FH6$u;TJ%!X`W&Y9cMBTPlHh60WXTbQ4oJv6rqt4dHyA5WN<~FX`1B4Qp@ua;3?|
z6dvxgLuB}@yR`Xx`_%4OSp1dP9GyTWX4UiO{8Vsl4FxhNMQq6!TJWL`FM1(7!@><t
zJ@0O5)@_jCNLVDktQE@*ca9<U^}OIh%gm@7gQ;3I(aq9?6W)I}B2Tru<wZ-+ixlzC
zhfV0g{9dxQw>LSB@RDX^?37HMJEZZ|SE3qgrVsIMAE7uL4yWDZ+V`40eJ^}dGqJtx
z?Y=q^eS~?bPr5CO!o|uR8L}!Zoy@PvvK85XKF#;@6sF0Mt(THxse3lbH<(eM-{*FA
zUup{8R&N4?Fx8v$AJ9HFh7+RQ|A?6XBtAen`Q^OM{dW-`Z&|+d{z$Z*WyrB)zH|ZY
zWofQLLM`9kw7}!Jej|4mIW+4K8ag^5z9~HMwy7Q%+NTN11W8u3=?%1p8tvhd@6z1E
zoz9$oDtxBHo44Z>)&~+5biQ$n5pVJ}Oe75Bwzo<i#hNhUjs&k3u98ntA{q&jRU4ZL
zd;f!oJZ3PGIFaZTCizEF>(lng@^PX$%+uqf6sPDuP+*AMc#41TqQf0>gbxdh@97yA
z;VOA{60Evg>+<I>`{;MvHKuuh@k01Z$EkFxJxbow8jo{CMmtWY6H@u0ZfR+gNc))N
zahv0-*Gj*{#QsRMcIn2Mw#Rnk?#{#yv6O2hCa`udxu34W+o{PNzegg>oH)lM5W(R8
zOgHJ4yiNM;2#g{s#iv)r6yGe!x28MxSUiB6QfyHMi79mA7cvYH(0B*m-sp&)>z&iJ
zzgdPm>TM}HCcg7pqGRm3ejr&r`jr2Kwl2Hm%aoVs(#$jLGn_Ms88$<-jZ*=2UHMm3
zjLgxv$zpvpkgWA9AN%yw^F{|emzd5zQD{&dAF;W3gH6`|+K1&DnmUaSqcsHMf)k``
zWzKvRbb@E$HM0{^>s-4VyXw2-yVrdXAD@oj#ksh4ruj_lnI|}{k7FO7s-d{&YkbR|
zQT&|3Q?q9VpLiz?CiN!yFflPbFv)$t;okCn=!@{3!c`{SBM}T|x@>nowlMTEy~QP(
zi$$Tdp{VCg`g-rkZw9k4SY1*Mhd)mU6JowknoV-k-@T5@pVXhgzl22V8c{@Ggv#B3
z7q$_1U&vk^eL$sjg^BuF!Hf5wGhbYbXlEKzrd53XcHr&f^yEyE%%1dz3Y5v?O!XvM
zxCvo$H}AZ^J)ia_9qR%23keMgf!meRG>JMUS2)kI`YPS#6JJaYO27Yr=0Vbfs0^j_
zc!lMZq`7+gvjRa?(Vjk@Ax8$0+bn%7AG3lA77RyYw(iL&v`Wb&Dy1vsIw~&*@QRKq
z3n+SIx+d)r6BPQruXhhhp>pG5Gs8FQ;vD64iSdnL<fJqGs5Yafqjs(Etf_->km;iF
zzF9z#lZjRrZQtuf=lSG0^ZuK;9LZ9>TOFhemi?89`(dv?YhUl8FbL$Xe;OaD=^Zb<
z>aCfEdRg_%GuboVv+{`e^qW)NuukoAk<5=zU*}9btbO5E<VP5UBQBk!pA;v)EKV0B
z6POglL%~Bu7?U1tEp01pDnlC^CL<ujA#+V;^`%bhOT!F9x0bRN9Xp8){SDlWSh76d
zaNiEy5V0Ne7W1gVH-j$<R@K8;R3ir?iy}Rg>@&49`7^~c`}_R*Z2Hu*hqJ4PZww_5
zUU=uCFO^SF*jivw>|thP*-(&~SFR^lyi=g1H>Ur+{$q{EcwYbOhUW`6`fVQRWlr%h
z8Zkaoi0ck5cx_j)VL7`mO~nzR+ETILW3%q4I%V7Ur64mrvuEq^VuEF)Wrih}<s&=k
z8Jw95G2N><t8ETK<EX`tYfpCuRy!9nW}CLMHr;0o#_M)?m$rNi>hJ2%7*uW-uSYs3
zY#%i`8szGh>?XP&c;I^QdN5Z#uliCYcer^Nc3^raen4}myjy~yjqZb9j5RWAZ0G#S
zwCzr!-T2!N#jyMG&hjoD1=<_hlGYm!oh`>lEbQpoIbs-N`YF(F-MBb>EB<lJV?)0q
z1RbA{y=UFQtWL4cwc4TDj0ve4vl^k>&JyOq&Lk#O%mL;>_x;r<6lu1u4>6WqF5{`^
zHB@W~QVCMgF;}?2#&&hZdSniL43m!xpT+*6O5PgkQn*+%nTC2+{tb)u_Y8NXN~L7$
z^(K?1%qFXCMN40dbYjTXtUM;7jV%e^@n5YQYoj|~igy<Setwi#>O6M%NO&;=0fXC>
zs4IkcgEh7ju@T-89?WzKqW43RgVV&)def%5r@GspGQD|lPu)+p{#~GDzHh1UNbG#f
zdwRRu=P%!Ug=xV0*)*&x^kcfH;Z=3`V)J%mPUBG_r|Eo?!PVy5&AgGZ@UhYZv0$w>
zxoaKQoUf@VFJwO~e`iH%){E@zSa{r<ZHC`BolDuc)t;>;^)R+<yPrR{BCKL(@l8M1
ztl8}B%ueo(mX>;=3XHk5`lCf{6<voAj@R6XakWi<{i^Rl&7v5$Sc;fdfJ<G!SK(p)
zQp38;vshjpJ_}SiX1Q457nD+awj#q-hMNqB!!wp<18oDErH6;X4175+cq3MZB}bTt
z2i3_Q_7yf;_eW}IHHSB^Dmg3nto996+Uzt490-(byDn!Br&Z<}k3}8U9136`5OO}C
zQjVnkMB5^`dm!KQdOP8zkRn~*jfeKT!$h6WQE&6!7Msp4EKp^~v=&)sXF1Nz)g);&
zxCe9fs`k;Or}dN5U^f^vXdPYnzEMdm!l)*Pkn4*>@D}ZJZrSUc?#ZjrNxuF*zl6Cs
zV_$kay3ep=rn_3@&~`ctHRx~mc9uJVF}__$$n)ZCjd4J!!LDvs-BBMyb_iSD!?JGf
z>g)~MjxU+Y2RRQ-jf%8N7d*F?xcbeEayW8%P}XIg9TNjKd&&)3a!$Ms+#~i?gFRom
zdPfA(_77Ow)yb{)N2+X}*v;0Dx;T}uilG+YSFd?m5mp<mi3~mBAuON^7WnKD=<;y)
z_BY9Sh3vE!)zODaV~ag*Iqhk=Q>wcK5{DH>%GE}PM-H&>H@~^e<BgK{K5~3y^yI*=
zOq0#|=Gxr@Q}fbs!WTl0)!ZH)3v#(aeB!#|Sg1Rwz-m^{w4;?qw<kN<Nw1USgp$1|
z_EmNz4;6ZiW@fkHom!fKtcU*lYTK<#>Ki+Wt04{D4Gnb<&p6qV2w%iyyn?>Aje}tP
zgf6^%Yvu{2!p3H@u)=q=aEv2jxz>^JNep2c-7EE%9P!W^h`8FsZ0XyH>F+%z_g-H9
z!Yi;Z+cr<^BX*>+y)WJI$Rfb@qmaI--*>68?}gfzGEeWO9g?@jVAt0Y81@7B>TjST
zX(%Iub`|`LgNAX63JnwdbP9Y4o}&KqXYo@^Xs3@~M@K_@VuFV8$9rVKcj#Xz_=3j#
z_<lOf4-Fgqb{>2=C!+u7-5C0br~mUaCKLD@nuvm^q$K#Rpl54fU}<M;Wq(kzTLxY@
zV|_=}4h@Zr0s1;6dH?bnc>aLN0~LD}8EIZUD+@LqeJfo9HfIZK=s9To&b;793j=!{
zn6rhsr5&%cz@_7N@PePAm*JOS$8WJW6S$-zBM%d`vNeElv$3<WUlPQH!C?Hh`i8vs
zZ;Ssi9Q-D5$=KfBnimdta&lsG;$X9~HG*HidGjWm9RWumSiw73?OZJFb(~o(?dX3z
z<Uh~3ZD6NoYhrD0Vr2<~o~xs4<zO#x=@K;2pZ|WW)4<u}ubC|E{@51SARPJ&{5l&u
z{Lg2Dq5RORyz(Z_2Ii`_O)P-Sz#M|tIS}mp#{>THr@yBB+fbFi4ZV)w{QJ<q{pshS
zigpIJqE;4QQhUL_4(yM?fB)kj1Nq_5-v1_xAA&x96-ZhTmmmJ;sR`n4%~w7J2YJEd
zw%h~o9jF=f4?P0>2UG?64t<Rly-+9y8Y7G*d0XUx^Qom#?1~GD-|E-x;E&1hN6>t_
z!a`w*Bx20m{sZzPc(`wHaNnfEl+F>c!2IuLF}=Cucus^!%>00~ysH9vhdA^~m%_zy
zuY_ktt1acL<_Uv?v17Z}%lB6XIgF|cc=Qw8W?C9GoJP0CKKP-b<G{R6{wE*v0S75<
z(zk?j3getG+KK<}VBqNQ!hRkB9>9Qit}z0?ZRO_yU_3gd;OT!%;w{{Sj)7o!RKWL-
zIfT81{n}41>3D_m@6eFaP2)>vPps&8fw0gCj-Pe`{Tjg{3{ybdC>K4s31|q|2L6Ay
z@#o?H_cZ>iRDYWKe{JK0yZWzf{MR=AYa9PBM{(ht5A-4YRGZ(wAMI36bV_`WE$lvA
zN^PK*j5YTdOse1hp2?Vt+q5VyezdbUWRX4Y(CsL*A8=Tw9+cZ>Gom-_;X=Swaihhc
zguu7QbJDXizATe#WsFj;c0Xw9Y02pFu$!V9*Zk;&@!H*bayPTN*W0%*7*zyWxK#(a
z1qk#COliigH%xrmA<`<(LUrgZWi(kVy)NA$mr(TbYTJKXo$#F?>8NymO}9P&p8H6X
zg}cRSiA`>P+TMOPX;_J(*|{-gl*PsrwVUM*cW`<_iOpE0m*!-;ZpgaLVX-5l&08+x
z{`NBQ_L1SzjU3CVJ5vEuQ=X{$D!!fIq^AO(8n%XqXcl`HZ0rM<C#Uu-MpS2OgL0R~
zi;rYYbD!}oZE>#%ZWGh-po&M_gxserm#vqk26A#s)@kZxr}QlMcU%In!-kit1J;>P
z^p86`pR<?M7{7cs>93RWBK7eLWzCH3F^s_i)>QxroA((%RCr-hNky^Y>25x-Obm11
zxcA5$TXKJQ$8{lNPl$1|>}>I~{yMM5zN-Y^5f;_8u3kk^mus_v7_oTPi`Rt?mUj~R
z-&KwEtVLA@`Q5spy1<>=-?q4A^9iNCQZ+%k{vu=e#@X2q4QWFaK)kKtA*$KKD!D?k
zL45m_u;Q#8`Eufh-jyFh<lGwWDV=H<Kyl;qoTaDqTw*4hnv%7gGJ}pLNT4@FF8kaQ
zv#|t^SNooNY0<-e0`&r0*3?etgy`07W=m}Bf#~9<59>SY8fZqu6XulY6jy7r9Y`gp
z+=4>f-UoRMo*HV%*Eq7cAZAWP*KcL!#Jgp&7Fg?FVq>&zleJ?{EkVoo?D(Ayg5#zA
z1EMSKR@ow5Zp)bKb}yZVi>*dXUY8K8vR8%ET26UWSE{eD?$uQ`fZ1lg)lYrg;2Mcw
zq;-DqZ6h&ZSW!v!W>)dgTb(*m<)>cnt;;Xqo@-=zf-SJh3fI`X<6OG^eU}hkq!3fS
z@HVsO{>Y2k2xf(_YIbo6iH)+v;FFkKp4fT%`Or@06S}hjWUOcK$l34-`Pr)-XFeuT
z#`Y?yGw{z`SK#2HWf6i-wLQPhBQ2))>soC{kDS!~T4n_${LEZIF6p>3wUtF@^phbb
z(F5tWS}8PQ*Iuc!9>%bx^?0$oztAL;Lp{}_Ua~t(*s$xu=M~h`K0lY;iInerTqc8R
zY-Tw(vm?85P#RAvaDRGS#)na-G2)fdsT{S~q4$nO#)ip`hBX5*A(Cx(jrVTFzj^@H
z7`|ZbxNXSEG4uKfNj-~OT-e}zcmFgT*+yX!bYkoFEP2lBlh%vbPL~S|BASg&p62J9
zv_#CS*g9(o!#FA$a%P`j3w)+5r{?m7Stq+FmC@_W=E!xLpYn}Dk`7)Do-ubbi=b#R
z$zjs8taE*D55rzrd^-mVRTT`jt1a(AuWDv9sWh*A>CmSdz@94d4E;~Y4lPMO%llTe
z*U?5~UUG3xV4LPkUWeWx*Z8b2s#&gFu8g4>^)^fnB)p0yO<_;W_Or4n752wm7jtS&
z?xxV5ay*&*N#o3IrYz=GXDF!@r?#k>WjAF=5%Y&{(;{1v1qzR-6(|bq=aZV2D2i0{
z2w2CP4f@<!-<||YH_^9zJtc0bIJ|ffzG^~GUxaNQuH+34i*~4<CzV}%IE+Ec%<G6J
znzX>u!V#bP#9q8VjAQ0hA0_ClPck$K_o*7OFoj->pggc)HpRd|h&3stk5POwzSGQR
zcX$U;mY>gMI?HHlsq1@|R8-_|`5p3$$~ekxm9S*YQ^Iz#i>h0R@LF!geT_%jsj}Bi
zR?am_$B52XKewkyB2#NoPGbq`%dx9I+6&pxx=nggYqVkL%32;4%jEMRj}?_QQgmF-
z+=@nC2&-|t3saz29_K682^3G3(pYRsfz(|(L6Cb_1c81spGB5^$Sy(Au9UALht3mU
z^8=c)<ys-iM9kp#JyO_kH{|vH*$Q@X0tW{MOhmU?fAOq6Lsamk6Ov(PKNVMOKWyQ2
z*@!EvviQ4{Jy-`#eAUWJ;ndt$y>l$^z|J|cess$0?!$qG9AYIkle=74ElfY<;^&dh
zXUsLUP2wC<XWyRtJl%!gN{oRJwM!qOHZEWn7husmu<q*ITg+9KdMGix7@>6HaM93H
zaQMGA(oe*g<zz3LC2t389tev+x){OyC6uI?7(KeixOufyks^txPS~)PfKKZOZIJ%N
zHoS$Ukn8I%MR_UT@S_LLyq1ojs8UCdp5QZlPj3kibxGgedoBzMZ*C+$G4TgsOp-=p
zGcHka3mpAq_E*%%7HirPzk4Ob_35oZp~CymH*%i4|0hB_-u2as?1ClSqN&{HSr>+7
z$Gc=>?^ayLdQJojZL-FnedJg}QOQvhkj7$B*tu8x&5)Ao#7fzlFzXv~Gb(GJ551{c
z#zaiQA}Ff}F_A56GzES{P9%+&l~pGrQm}60o>-}{7{(+OV!17}Gw+Q4RogXQ3M`~F
zwu++pkR?S@K8I+kzeMQuizn(7s>o75X+{qHp3|?T`|=k;aP;4LK8^{@?PeEWF7gZX
zyrU|bdWJ>r<e<|ePdW7a)XZ9^_thCiq!=x*cgY4FWPqVP6~c<cK!gbH8Gn_XdQ+8k
zk>e9~{A>EZP5B|2?5SB}R^@g~)BXh-8jJnI^NocvTx)(9h|@wCqXdcJ?BW)BZs^e~
z6)vPFgd!g)?CKY|oe`Q6o|qC|Y*5L#-OVHn>o!J^yr9S{q%t=rw~Fc^+sZz?fo<4W
z7&hf{!V<LE(QOE#Z-`#OVp%WlO&_x8e@hn+2i_r7Wvs?E<djq<%_qn8NJ>QZCuiCd
zhDee1VRyu(NGs_{BA0$)oi_vOO5GK&!r>fAa(+c0P!l@Sc!(0iS617KwIpAKYi3a*
zE}B=YV`Xc$ZJanCH1yNw^2{2OPe*PZ8j6~gXcP!K=ct@QkJk0Tn-}oAmdz_y60k$w
zFRS`C&ZCi8Dtqncm4tei_(@;5TP`A1zN}k45(x+Or79OWx4@5gGiA-ocVB|#Pyak9
zOBh9kuz9fT$GTh`aA>QZ1D5<A1!681nDO26q#h<>@3sEDF(n`VkP~qRUp#RTpE4+Y
zG%;n=@sUf^(hFh3M#0n9RZO_ebAwFxydL&Map}jL`Fi2RL9yQeN(DLa=a1o<d6T_M
zPlrwPv}&imf}+>wf)y7z&5lWjg(CXU_2l%Eiq%UD6f0G3l{K`Jk3J#;wH`!&DfHQS
zQR_uaR>uJs3tErO&SYi|{Va+QqQBc4()7$HE`3f>@!`3-biNOcHIa@(rEv-@55ehL
zPaZA9;O3I67jp@a(rVB4PaKJ`17`hfTc!pz4@PTfr#LK}UAjyNN8fKQbjFu;z9h8&
z3KnAhsuYKz`AbjAofDIu!nk@VR8v%3^ipU>BXWL&9Y=o;Urpc1MMrAH2(|IHVU`T8
z8gn_DWr4c4RP1jN;uOYP252CCw~2&H8ts?fDL&IJck>2|ZvX^*iFGP!ph)L*v(b!|
zhAEUU6>%Fja)wXeJgLmq=#B)@n&_03c(<ZI(li^oT?sWwRd_x7wI*`&+{Vy=u((iQ
zOQ>YC4c!S<P7f9qGHRUDAZmOtJCG`I3l`p&zIIrV#~`4eE0a~H-WMtv@bi#(Zw+8H
zSJ$}(baNv;HFtg-<|HPLzCX`OGp%l7SidT2BcImljQ&@QjKAAD8hY=!HN!?@eV31S
zH3h0-mD(E|M<TBQoy~FTcMCw?)x>sbZ*Z+(2yG%xK8fxgh<;E95^Ba%`ns?_TIecR
zJXQP<Sc+|B`H(ukLQLfiu-*pXy$${OpPW=$O>Os;is^;Y?zG(J_|U@pg4uK9E&F9-
z?cG+$A&aT7X?J_7bGIP4f_q-AqT0AqRPya-#mE?we=2eXP^(LDm333c&E>-U+zFd}
za7J}|+bKH~sho=~X5l&WRY%qOO<l><U@b8}uSFJ?bCH9aoAr!#m(JZi&kL`W1KR6`
z9fv*@k3`agl?2<#xk+MQbD?pu=;9jf|L*WP%<~+O<K>^^_=prZP3Z(#7{>tpy(QEc
zegCaxsnvOHhFsBHnX=UVJt2-?318b!nk!heGYJ;TtX4{RnD&S?x4dGu+X2iJF6Lpz
zp>NnW(6Q)Gb;5kTKX_yQ5k{=l<HC9tzMZQ6^2K%sglg-7?vMUFBY!+1`r_1?`zK4=
zZ|OVcfyby&9Pe8AwotME#pp6LEbH&XR7LBFlTSjw2NH?hK+s>6kW!hmnHwun3D3_p
z;(yGS#lD8J-iVj$rvrvRozfDzj*;<`#~`9e;DZPD_$6hsm{8Nu$XISkXy%0}hrrE`
zP09r_DOIPUH2d_heq?`rpDrvs>!QM<@k~q5*RrION(W;XMs89esKj|gJN4iX*G)}h
zQ9~x-mhFeSkhX6vzjva}a;9;$FwdrKWPxn^;r3AYPkX`FgjM<lii^THcJ=Om!U5yt
zm-Q03Ro2V4hX&LHLRA6C!Q{~Amoz=$hyeKPGHW#E#6Ua}x*`?`92ZWn;I;`kF|*vD
z>^fmTE`5HHlS70ZFkW6%h|{|_eFx0avn)CW&9Vt*!Pi&$m5{x;^xxXC_+L1Klzv|3
zF*l5LO*2Z9T3reoq1N~eJpZ3ddU+A-LcSjC;<NmU4juITui*K-q4(&rE>21QboyBE
z4^&|JSO(DY@xRb+>wx871Iw4eKon)N^s*VZ<5S9oom4k=XXN_(jj+tA;2;?(tlBqK
zzuG@|z(a#3j-N#RKn&WE?PY%&Y@~F4mB5ZAm`@bUXMi3(L=qj%!M$1b=A@><*tJjf
zg;K7aVln{=%^>1bP7RLq5OfV$i5q)(bqId3K4`$fbtXNK1sE{x<Pm}a8ZO5J*hTC0
zeqPfpZ%V|A8~DD2K2YpIIckG7@%&hm8Y9r)%Rg!GBXVtm=#O-d5aPfe_}LQf=Y90=
ze*rWVN1y-ZPY1pQ9e5>BtEVT`iV7LXC_!-2)5oKkH9lB<Npk%Xdi13S`vYkNN)<Vk
z+{NOssiu2BSuG>Gppzy=27#Hmxf-Ihv$L}WCSkhhGt`>t&|P2U*HCxnTqB9ma8$fS
z9u&Frizpgd)Hba<+S$w+ox^%g;C$pqyga{_@emP8df;|M-#_sf(5_qjY^G;+Jyf+~
zcOn@N{a?r!3lU(747^f8^sna8@e5?U^OHP+(Kvpo{Q=09H)4dn;Ecg2Y{{QSc|%eh
zhefbsphuq%bsO{rQmm@rE+#uoY1ruO^V8NBaM(ptc^lp|0{2CdG5n+olGpsPynw3w
z)9d}lAOn#2z(M@e+5u9LVyj1hctY7TH)m{Ut>#x_shJ(iz0JkXCJSut#&Ff9InXzS
zW0xV$p?_;x!mTeWs3PYlpoN340_MhYN4q;DfRvW(7+t9c&Oit_gWt`q@_%w;zjb4g
zt)XX%xb(TV|L1lLxn|EBs@ZNc(qvm(EI(TtnYLd`Vu<j~ea2AchWCq=ka9Kx<=hg!
z^8WLAAa;qLY>pHIY#mqP_3m|WrdA`}wC3PUXO7P_?^kLD<qA#F1bTYiVIo1n!G>5o
z2t=4m7Pe+9w`p3C2SG>xF|doaVz|ICn7ZfKE+DrPdeSY*(*U=V(U#9-3nHl4!uD$`
z$nAj8!%EZ0L~8JF{1i=NI$_Sc>3{33WqI_${(dqDiV9#xSYG&_DNZ4!DL)G=)dIay
z26_{VqfdLcO#7E3%o_2JC?c+-qemkm+y<UNjtH1g<QaWa1%1QTk;Y#k5D<CBPs?|$
zoYBAQv*O4DBG2ABh&)$9GaPDu6-0jLq-h$hUogl$|4Fz6P|UeyG2hM(8B+&jOxk<0
zMm)KFGSvH2wB(Gy7r(O5axDhFI0N|NE@a@|zuFstzNuMbi!K3W`_JLd7+UEj5tGq(
zfJ|;URgy!H0tzS8jlf6P{Txn2ARl2(;!k%PDZO4Vu>29o+X%?J84Ce|$%UWPTk#x#
ze5Ap**7bmnp-R&PAoXqmIyNZmM~R51=Q@!^B;uk2EaaOce?S4^3D1fNArLb!$R2(j
zPk{e)lJ=({LP`_8^;qf#3+V?70cqUyPu``M7=*M1n(#~Fw_ys8P3iUvff$Q`7~diB
zLBI(9$!lK432cue7dJgkNgW%BZ)9)J$&vM(NFa8!LakT~=LhVzfnfLGc8U>@Rvcsn
zSO`3F!3X;n^?`_gK3z=6bZYJ~dE$dX)H{XP&>%>}AexW~MA%<9>#NsPKDmlh7+5R-
zy_^<AV_1$CPQ5&5>7)ldDc!LrHPita=`{Dh3tYcMtKfJXg2kTGUkqiwUqa{sxqz-8
zp|R9j@?9wLFM*+osNq^eVjvM<xV#>z6@(nnm;Xgjp+xlFBohmMES!30RB+P*>_X~z
z7k-&6F8_>JdB0oHFN5f@cdJvWuTN!oL`6f>if^fZJIb`lQj>M~(&c950jdyeU^^T)
z_KUYcAX*hWjwpfPI1VZNWVk2Z^~W=u)IseIpo1K9^zv;-XY@bYthmA<9fUw8zW&Q!
zB^cn4e!aab(H9kBQN>LxATURsJY1v*gh_to_OFNja+|-!3XuN(@5=D^5C3J<|96oW
zN`BezQ@0Ha6za<-B_&0F4C-O)(fzGw(}fk7`$^-(nj>m|<%WUkeZWpk9wly!z!+V&
z1gf_+1yt{u@XYH(b_cSk%5A2fT+nF<&m!r3?qdNTifgySmk*3T92ox<^k@c2@_&PX
z7XUOH!jJwPZ2mRM+!8jt2;?aGQy5o-!uVB*Hv={xj4uw`twL%Ba;2f$uv#ia{Kb=6
znRpewB{bvnb0)_N$Lan^IS5*30ea>pg1q$qI1vGP3)nFJPa;x0PFhv>?I5_F48iRV
zar^m)1uk6O$&PiS_5Fj~{A_Xn&+#wjZ0iI2B?k8UyGH?OzrFBGw?PD^kY&|g33-$b
z;8CK5QzQK?5oUV1*G@_T6d}pLm{WA#VUBVzh4c0$<<JR*fD=L>rL)6jxT7Z=#7@Fs
zVeJo)mHr|i|9kNP&}8&8Hur~6_Ln;(d}pCrsN2dYh%HZk1UU%(0eJL_FlyL{zlRf1
z;0208ugXyY;DA6qr#O-T%6<RmVe~k${AUvPhZ!|NX2cJfkxfufRrla;6CzNmTYL=s
z>;E_z0s$Fh-2Y>+X%4H!{}+MocUXcFp?CwgE(9r@>O2*{4W*_WKLXsx8iuAx`G1qs
zgDwjc6+t@r3t)-=KhJ1^S-LhPKP4h+BzZm5AP8kl%fQ2c4Fj|MCt#Vfn`Mxa2?VtQ
zKMr2r7|OoJ#yd0lw9Z_^>2bfwgA70V3{fG95;SC0L1FD={ph#Zx9;)$u%FxlF9eu=
zU2!S>9QKQx6X^A<3dzm$AP0BY?<fIE$_Bj1zs?^2%ruykwc7=D@T<Qct}gOvxGfje
z0`>x>l8TP6YY<;^+J|7i6$;DJ3BSEqEt8ZNHLN8g_q|%;&b9HaR#>ln#5Q6AZz#1M
zM`9bA@<SDLKUIJ){l3i=2|1!iZ)an5bzxmY!A>N&iR8#|Il-G3>{_lzvuzLPg{<}F
zdUDM*>z53ZDnBGT%R857-OAN}S!1beF=rxn?7$FoflW&^u!fD6=C+5eRx`#1<jPCh
z-DfyzQ=&9uOsYWhI`8Y}YeuI0Dn}UHgZkmpF#1#bW1C;(81{p!H{w<wdu$IfD)4`a
zP^i&)LKB&>wfM2WYP-mK?)8(ta&?DZ#o8bq6orzyMG@FFD5D8iW4^rDZPjVIEdf(#
zow`q_$oCxw;Mijfp^*0FEIQ7nq_CFK*&E~DekhX0rRwiT1Y3@HG0baEgbprtA577G
zcXnQN8;i|w_&V;=?xtC~I~l+M9|W@_3KS7?WShVn!v-WfSdr3;k5n9Cb_eSXPm+Rp
zuX5x8(Q@!_=ZCcRI75A|O$8v)y$sdSD$q-FGY@+{s9i^$1H3EHD3G{7Y2M}~>joO9
z#|;82HUt_KO9pVf*?2cg(aJa<&wYNgzAV2~urozObIQasZrmM|o7GD}4_DD<InS@*
z6B?_o%A%Ex=uio-c9aJ!XG#LrJ@k|e2gZJY4y?oX`Oq*00MZrFP+*CrqU<aHZp%RZ
zafj?LQyTyPv_I+|lK2hAwyga~v+WtiG4U6SCu)2}y7&1;?WubB#=gn!81VYepOJI+
z*?(9td2{v^@%E5euHO~VqIMWCFKDG&5F_J<%c@?z@9w+@x)B~(IQnYToq$;3rv>TQ
zcZ%YTvpD)g_o%d?lA9=$&HV}SkeZl<p0yKC=ujQ4V&obm_A&Bl!^Ojv)JNMT)$ifm
z^QR?fU6R4XZ)7vO<`w5Hx@C9>HfCC-qVB#2K@4|8eg(kYEgkw$6N}q;80RQFp)Bi2
zZ=j727HT44;%xzt3qjq9WP9_f^>R@^mM^tq_pO&{@vd)Kc|6=l9r}H5+RaQC59$W6
z*6i*&uWX=*0ToC_R@oKU4~LxB_-Q&Ex^ImVh#~|n1jzYc?Sm;iM*huiJ#pqZ-*^G7
zi_YO5(0*jS(aPgwU-k7FWBh>a1nRxrtY0h77=J;oA))6^`IxT}{}d&GOrh}_u%<D2
zco_gzg==fua<J~b0iwo2?l+j|IQZ27R{loFVO;vA&7!UG0)Iffj-n6w4YbsPo39DE
zDvmy1%f(l>d~YBskej#Fr;c5jI=I~#;#oNHma%mRD!hy2N?MiO@@I3hAa9Z?VO|hK
zO5b}|I|c{3r+4Qs-2(vOpdl~L3AAK`yU>O~=1J{;Qtd^@;a=aQoQJyO`#O3V1=pXg
z#qU(4y<Q<Lj1SPzcIww~BB(z20_SMu)7by=OwL`mBP(WeySSv175I(>$*8;K;H;^(
zI+mY;v%dJZvj$M$`*rhKnsbeXNt_?J0krd*JWi0H-2d3(M1{TD=f3ts{5g)%`3JAZ
zfMP|fp&o^JEa^=gu6lXRnD}1Dl`~JY?NwCvWfYi~j4nn!qP8r(I46}e%Bx|mve<Dj
zEA;)0)2M^8iopxT8Y;6aBF^U2*z5#k%fYve@arb#Wf5OM*Yic7*+NgoD1P=46-|5j
zY89VLdyLp-hbW<MQNJc%RzVvtM1RUES)8TOh&hN<x0KxGvYTm{t}I;8`d-<6V~f{9
z&C7VJSJ`UoU2($dtc{gX+A<cR%xBP|WHj<Z!dAbQkU4Pi%l2bR)Y(P$vvE#WJm4yM
zu=f~;_0(1){e$|I?v`ithj;@yZ=oSCLU{b5khjIz1mRSfbP=us(84+UBOwGO0Vu-F
zMR}90ZyClhC3lj4Q;Lmi`uehg{|X>K2~0qau>-wgUM5Y#W9<>0bkxYc)@}`X&BZ4d
zy4FVChy{dc126SJ#4GA(99sy-D8a+ABTBfOIkYn?ak+Syt>SRmicn8aulU)1X}|DH
zYOE!$QM`-cE;xq-H`o5Nd`ssvkG@7Ru2zOy&oByoliWq^R7GuCkc$Lc%^1MlR6D+F
zZN&6HCRI|o7-?rkYMKmJ%uyJa&d`=>_c&bCB23upNu#>O^KId++Wu;_SFLB^?nV^Q
zqP1`BUV;NQZ82Qe<_;G(o};W*&{~PbXq*bDcXSGb#V-bq$O;{9CT@jv#d<1n#xAM0
zyDB*^s*eqQEr|2XUirSL^&NNYV1}nQ#B(#rdOjs;C@s7J_<B3%FW0mvQQ$8;7YKJS
zQwMU}E#SyNbWPUj?4s<+RJ7H}0C*dL$`&R6LVA+!#<UVru>@(JN>2;XuWmvvx|b{l
zr^riPT1ss|A!|#DqTHp(a%iA`t@H-ya88=<cNGAfAo~L+^!@0030Gry9&IE%nHAi5
zPcZ5+MLmYIzfx``DxlGUPl1V;XN^~y7U*9wkpc?mCf^u}BDp-*Y*Zk_p>rIckG{?F
zm??S5YPD5;eUbZ^ymC%#OAQsLi5|TQJWNxmInMJExGyoTRbjhftYI3He0RR7Q}+_1
zFY}N@!7}j6XRl=!-cN0Ud#(pu<{SjvxbSnZjbxX#uBa-`Gf#DQlbWLz5i`r?X>pEf
z&fT%7p6!}0G1?u+`dIQtCSiG;NT-{-_G7q7Z2~(Z`t@pME2I53{U*MQudID`3e^?X
zlJq*7vR-+5T9y;&du|sb_ySw|MzAVrChf6XOJ|wh00LgbIN2$T&m=&d5k=S~aP;Vp
zgC#{!K?r`LT!8dE!=n1`a`YL!T6B+jD1eOG^QhS?YXx=<=X!2sCXRhJ+sK);2S)ff
zyLjlT3u=D~iA{S)mi1k`309+~+p<CPR>R)pc3FRA&ctS>>!T}9oUx)DJi5-~T+3HN
zJDF)$og4USD2-lCI1Ikq&T*=|7EPH47>nG6ilM0=TH-DHI@r?^uQS7%_FG?p{iEGj
zt=OP4be&$hWZXHY7ku+dG^@iWB8h1(yTuqH9U~PNf&jr4l%Pc`p1$Ws>=*`S!1nCt
zD(*v-QxhQ|Osw^!336$)jr5y%Ehrc0@s4uRONeCTB=?zLo3tC2frUGzaJ8E6Z>9;2
zF0o!NC<It2;wdAMa3UIrg3M?|J{sp6AFL%NKhb~mV$*KD>JP6RonFt1jzhwbH|DwT
z3*6GR?#ikPlOSR~sY|1cSZwR|DW#gv$Ok^b=jT1UcDTw70P>WM3fqq%&6|la<L*&h
zt6Hk_;}wuh8_p_0xr(H<%t^)X7$_AW&I<01@4oXJmOV|GJ@$2)QRw|dM7({2x_Q1>
z2QM8j>!+L&;$aBA7G*BA1`~#ZHgk$X>{o7@Cl<wnS4Nztf>zvua=Y<QQ>WL>RtR4a
zjH>eZtPp>G6BDH=C{X-<I!vlYmT#GauFr}~R3c62OQjW81&Cd>z+LU`nJvX3g3CwK
zb_VeDD;%#sHFp$4_%f)8ntYC6CeS#Tm-8}pX>y_o0R{x0PkQ}GZDK3e%LAcM?<QOH
zMz92x&-(}PoH;8dz8779jI2@ceYVYsHhcz9PjCSBBoQAHtf<Qx2>qZnXv~Wav@qxd
zuun`tSL?sMC_TU`FkB~?2A3`yac~VtyH+;@Kt=7Ps=Z5|hg<y(R|raY6~z`Ul6m6Z
zt#v0HacaCB>kp)2#WgeXp9{z^tYjjQwAw4*4$wN#b#7Kig|T7#Qs9!3j5w>OAzO@u
z_6PNYsD`6Z)%7V{=3R@Qm=3y_8E_>hqdJJ?_^(&&kFK`a6Oo%2tttn}^3Equ-$<2{
z>U0(4?VSs<a@VUIvwwnXVc7EWIUB={Iwm6FV45+!J1<p6-7&smJIUd0p`%=Zj0Kc4
zuzT!nCPy0@n^azGP0o)M#N$;$DfQXxY+IPMqElkBxK{6dQ?n@Q4U4+E*+JUInItt4
zFiH{(P<w9Cm&+CJ(s15(0zVR;C6Z+GN#<0lCvEjswpHEzL#2I`<FLhINVk*!-iYJ*
zMy4CR84lYVIo;Kq3T#+a^ESi#DBY=r+&G7Pb1i;xkh2Vtf+}kH{o2uB;nc~7c95`G
z|1A2QF|TUA{pre8538>RgTql|bG_zKn=_a<9La))v^>9kA<zk42;u*F=Ut;E{^bYV
zsqim*wksCAq~cn0-RgW=BNbAfi&A-U%q08EmqR<FbXwi>SEqd8?mF+z$`<%O-b%Tr
zC$EyUV{U}r_;7n(Mkh?xp>s0NC6-O@C@iWXS?5ZC?CI{Phvi&&`fL?zHHkZu7Le}@
z&v$NTX20(|ZsCG=)9eC@eC=IuIggThGoF5-VHjC*FX@X48ReKRBgHhH6rM_1jwclg
zb6u<IA}NNBE=aYd_SnNna(mKm?=5&hgk{Q3(=*C9iOZxrT6<yvch6#1@bXIG@%3x<
z-0re?50Sa-=|R18G@W3~3`hT}XA6Xa`vD3DMY4%7{i2n>iam1y-aBGtgXU!W3_bBV
zB-klM!b>k+Y!3M0nkG2i^{aa2qGd{oFfSf7v{7!#u75q2S7OISnl1L4^3=S{#DiB`
z&vTs4H&(2AtV)q-$W&`;z2nkr#3S!ojv4K5x#YGNHndon2<dC9W(<Ftm?0_2pv>!!
zY~@Q~%(Iw?vI}K~@M#MO5{JWkwq06Py6jw5wF<;Hqu*(L`VL|_ci{V$Da)}ZI|D~7
z=|QMmLx-Z6=Qbekd<>v+#cTDrvNW_-%e@k0pH7#eALt<TrYfK|2c@iBqKe=Pc9|X}
z#Er(0FY68EycA?2;~r9Jq=^o$$(=G`^hj<kg+x_I{{cVRF~YAJ(8TIOUV{)k@dwjG
z<>8`k@^;7?<&UNTvI@so!|ya9f8J}jhfZPC#j2%u&0+9Y^Yz>IDZ3+M0A%VDMD41S
zxQK+v_UEVN7!y!na-mYSC6IEi`ygUQyt*5n^JTR9aC?}#kEw|-E@@O)JZdI5Ej4*3
z)`{wFnM~$BuZLt*jI33R%-a6gcR>wPS1mK^Ib7L!8Rh7*aUZ;{lyOYN@`@BPGL9yh
zlATv0V{p68sfy#3``4!EE2ykYM2MRq`%S_MVe!S%to(Yao4JjVm6`s`7v`t0-W{YZ
z2w7s`@{Q#Ea;*|*Q?I8QCW5NnvV58B2%y}wCofpgjsO5En~G*djTyxtjf`FyIM$yA
z-J?Va;QHo?tnX;b!W7m|8$2SlDm^ap|EDsZIEG#_>KMz1C#KBNDIK<%>Z@I(ZRNUA
zb)#W+nfz9-1G9E{RX|^IK3@ES{bjcWktJokVN>MrW~wS|p6fwZyUPwp1V&rbNL`}#
zErFV6TycyGF~lo!)%%?3B3QQYobCGP%1riQQvZ;`BiA$f6*k=a?w|4#z~zi4#f(Y4
z(S?95YSfyaJ+o>@Y1UNypiSFpcxe82nRXYG`$r(N>0zgyQOtE!>@Y~%&vz*pTbkz+
z^R(Qejlo3VJ|elx>?~=8YgvR-;wjEIS{V5pe`>~8e*LB;ApZeq0a{g2uLjw<i_JZ_
zsL|b&xi?K6`A_z!W*v`+el&<#)J3oK7&f*nHSf-00D49v@qkSO4K<rd#bQqRm4KT1
z{<+n+LEJ-3cBYc3`Mc{}s1|aKt{Vd7U!b&LFDUm}NsNx(>EPX0J7NRsgbc+ymfc!I
zn-w(5?lR@bz@0C9Agv(4rFI?s+V^dKh7+IqmdQg$jRZgpgrgZVGV#s6vZG?N$f<ke
z@NIQdX~srwm1nhzhZfXYD*E59#QF4^8>$pkRm>K87xl$RT5Uhb0|C$`K@*l#O<w31
zY$&ebzFwDaVw<UOmP=jStKYt0p0i?>fA;29)J*H=OrCL2S%Gz6Ln?84@|-=WL9ajR
zX%nge1td@@?*TdZnIgMIqX!3Z9Q+_FcRUq$RxfuUX(ys;y0C=8670Ei>TPDuU0H#r
zAr6_U^m}2nUW-ZB2x;s)MCPx&Pvg$$tntO;P-gyIk@o~U*SYSRkI$*{BI-tGzqj*J
zM)24YvO6W!TRT1_Q0SV#ggc9PJgvk)l$pQp6PC2%6<}G#RmzVu+@Hg9buB<j4>kx0
zL{{uqVj*}n8sbqs%lSciJ-wOsLlH;0los0y%G{yM3wG2EQ<#YLn{JsqIqdcES51bw
z+{}%9zGTOCXA#Cj)EQn<077N!{0abhqAn!%4_9GvDYTR7KV4a2FU+rG6pF&H6K|>S
zU4`4M^7d*2aO_Vws=iv7vgyjI_TfQwik#I@6r0wf#Wr44e`@TIndU~!^xZq#MIhh9
zrgOLM;N_l|(ekTo_D>rwEc*`Cs+jIbTB+UG&h<JpE9>byRIc9ZB~VuC`tp2d&?sSV
zF_Wq>!ee9+CbP0h)tJ6WA)V^fy|R>+nOnshU6-mV`!#<tFL^(3#{#C%Gt0e_8!ntW
zXt1K^m2K%z^lmdl79e{kB+O*^Kc5A#3&H0FgJWXw=4B8|1l9>!0|2|+GyOlYg!q`P
z0`*(u1HH*#8DAWLP_~E{eEzDy{I!WfUJd5pE<TI-M*0x^20AZyl{{^v+g7*~ypogu
za9%D%L*H^Er%^wbDct2=0Cr~9ySui`R(w*Ta5G^1Ea3rcWlRNWo)`#_5VSvHJB&ry
z&zorYlyxuX)t<#uqh_iclnPMh3T56eO$++EvIF|jvh>a6WiRVrD;yNczw3*BKjBCH
z)h|-L1k^1OhHrSw0@|#&vXC1{_NcT_>)A&+ceS`5F3Ot-T;+y5+?`W~fW4z0S9Jy=
z42?Vol?=1#<E9tXLx(y=OyVEZ^LYH&Vmft=OpHHj?SDa0NAnb1j4w`>7g-EW=2=!q
zyPHz|ASGd^Z?t2wn0GnlX*Tfj96D8?aBJk3*r4WJ8YL4DyHFUg*|*F~zrS3f)uEWs
z6<dk>K=E|+yAZb_rd7{eWMIzGl*ZYIQRoQ>gS&<$Z|B3-aS?8V=EtWO+=-{Z`3=ei
zU%Hc#Rt;tMGW1!v(LxN|M^KALgbry7ibQ~9+V2Lnc%B2?e+3=lE%|}=Xd(qt=x9Ae
zB#NgvmMz<T<^8N51Q|CT@BxrY?p$D1D5T-{Z6o2kyLsfu!uh6{Q=uiGI;J6l=apJ=
ziG0PJCv=@mez}1PftuIH&0hKv&`s;IQ@Qg-UYf&lQmI!sb!m!LAZB!%s?j-0Ye%qI
zO=uRXtghAI1<55~v)-=+^#MOh4#UgJGTjV~4$;=s9|na})7vfVH_)RMWN$JU7e}J{
zLFIbH`t1wPDtP(QJ3p!J2Eq3bm-_7$5Uk(QJlCxkg((D@jky+q4d(x}!BdCDV257r
zGxs}&!ac8f?aik-Ih5VMkg<0I)Ul^(r<JtGszE-izt>C54Qs4O-`1Y*N+Bq~?lD}S
ztke1OLb<rr&2!0@0#y}!bLM4YcR`nWrdUX~#m34aqRuS4NU64a4*}g(<L-$it?1S(
zTxnDQ1&O`pw|_T7XFP*dP;Z+6=Bs0vi+#abcz3A3Dl%gpNfy{QBvBSvQTgd@e1C=z
z_gW#OqUy_9>Yzf=4sJ?ii<n(9S&rIFwN`m;MI_Wce`pO6y62vNhS{cQ{+`FV#s>!!
z|EVy8{@pS{s^I<SFbRmZgL`hR>cf1=s+vA$WszIiefJ=zp|Jkkp%P-wrK<fE5oPSV
zR=|DahK&`cnH`pnS;D3?1f2s|i*d@jB6bYkhv&O+1oC=Rt6AMX<ugjgszy@iCp!YR
zX6$Z2yEE6hR17LQ$>Fl5rG+JITiMs7>nx5AzBS>$1kh)1ursS@)Nz<q!?JYskbhV>
zwXr=LtLJLyJ?hm${$4J(2CTbp3!q+%A~8Voy}@^`PXSIueUVk=5a?hI{ODlzH7yNt
zRQ@2Zd64f8wtJG<r-Uo1GXfQ@s(|ONzjw~;W-C-N$&^WxGs$n;Om$$k7ki^w8)BbO
z2KHmOGwSpNRNaQF_*I9+%|<rgF{5?srp;$}`+8JjdVpG9|1@w?o|zXKBV0zhuK@jR
zFFdqzMVUFcEP%M2u4DL=?R4&z;^a2SEK7Cb7;ZX8WrTpRybMTLo|as}j_8y{-K3xG
z>ln*T?%A-iwLx^#2daPrswl{NNKK8D{?39opAqNv81PR(fY2d`zIB!)?vl4~j<;-`
zi33$&pHqhk7D_kyJxzan2eTBfL&jigbN2$GD4RPD#qPGf<QL7i_ccw5Z^sUDh=N7l
ztAw6wk6Kn7c>QE$*4eCHnG8%Ld1~*peh0pqAuW^B#pG*5$&r8j8W~NFElgp?#>(LB
zY^Ctb(f%r-T6GEl#-a9C@4I%lkRO`Qb6fHjt<uwdyW{?H<f`+C=l(JW*S_%g;ts{y
zHlgnaEeei)f$=N=KvxYD==b!MW0Wjx7xMPTSi~4W;$t|KAzP~t#YBI=tds7n>74^*
zMyiI3P9&fTO9cS*@un%;p(-rNwY=4;eLpLYMfLZ5^PBc51D#L@3FH*9yB(FiuFRlN
zxMEkFu0Y9o8df<Uumrjc;Vj-UIc_^!Vu~CD_F{~OWS-^A#Tzk20;1yZzNinNR?oSa
zRHR?{VfF5{?4GrUEOS?HJ)!e-?#MR8130DqnH)pO6Ixf}-4-Lk@C=hv19)tuF!QQ!
zGtsVlALE=*lu#FA4Ro!pXq-hYQE;W(!jjfsIE)nKDuL3~-1#rO1nGlAjJ%`L1*uCJ
z-i!(EwxIZfdOnzKC_Zn*R>{0M4C<uaDJ>q^*eRY%Sy#Eff?l6c3AhFo!<8)NNqPe$
zWFL69+Sz8}EQwdmDl>U1=VjJ)5L0qq2{H+Sm6}t>7|QBY&byw!b+BF#C@sh(uRz3P
zY6wV03()tTc7iadE@qqH{?fERtBc!lA*3MTaH%3KwyzSNw~o1YDN`YJXtb~~Gv{j3
zAibkP-a3-dJ#j+nW!0L=#~uYa0WP~bDvwSDA+^mu%ea=%PO}i+1*V;@Pi6L7JXPyK
z(^qfIdl-w?nWV*$1>cx_>Z<y&>r0dtElKGo8J!n7iF(za7QcZk&rKxYV`{%oXOyi+
ze(w@?x%OMlBzUQuYgf2EPl2L9DDz^ek-RPKv`2i&kZI;x9o+M}D$7lQaOni0xUgjJ
zHp@MH6sYs)6!j`K^QR>6_>#=am=T-wJ+;W>wwrB}L4Q_p4dH?e1S!{Sak#MfR4E7-
zVX9i&9GPhAZvxm%c{$+l&0c10Tccy`I}fz)-n-s~DB)DKh9n(MZWR+_`D;JK2fC-T
z5aqz1xFhg+#n_caDLo$GK{{QP?Vq)q%se7nU()Z+3Nf4rt<O~8v!{wQJT*s>P$5%5
zrFk$(&ci=y0!wPXXBHWFc#D#+@1^6ANgBJuLJ!nFGW2;pAYNkh%0}F|mKqhx#!v+E
zLUsiyp^o``WtYNb1qwKHyOv2*Ohi<zGF@Rw*Q0Dk1OR&vPanLR$^xqP%*?l&hQIdR
zZ7Tm9SyQ$HI=eart=xEo0-N&ZXP90p7<Zb3cSE%i;CPpC&pVCSH29UQgU$(~`y_FK
zae9M~VW`QK=ur}DN4sd}VM6F?6p|l6@}}_UhYsk`{&aGnI#s)M%ylWa{P?*Vte^@1
z2Q5Tc2OaMG5pM+Uxc4q;kYUs^O2bjr_L=(X7SE`?!n?+doreW6ImO9hLL2CzhPgrQ
zaV|5_Iv{ZkAmk{C!$P>`8zvaDUT9UCGwd$A=(4!{3fvQJ%1}c|M>}q(NZFZjw}Bhn
zBQv$<8jZ)r=$yzKNGxClAF-$}PuxjM5c4H#?GxOalMtc`23H0PcKQhAZcIFGX}MN;
z2_D*MC+2Qheny{@3^Pn~ccA4nU!05wQR5vXbdn_C+J~IhuxXkGTwSz9Q~QIuL|f+I
z_2OUC)t?=cEsh~-g)oX#&h;k1q(h$16g4>bj`sSi>#xv^nJR_kTuRP+6E2e`asdb#
zw0<2MJydy+fxO){Z*T>d%HZ$$-U_^iZ>sgD_SV#ci_>=RU`wE*)oeIw5I=0+EfZdZ
zw2x6PuuuU2^U0+UH;$y;SBETSqhuPzYRXs57z4Z4`>2G~ttuUsx+;53)XJuJ>d3X0
z1g!%0_!lFX<9Jgr{kkVKK<q!<+_xLHfF<Q$ux-3Jfv2_Wvtq~{r&$W}LPJy6#LVjD
zcg<`B4%z*7D3@8T9%iVuaCjbIK2J%days;AQ#!gG`^$X#)KzmX5LGnmq8@=uAR2ld
z-T~Ct0DUbTLy1aI=i%GPp*rqmgU^>haL?~4rP0juEN*{B%%3Hdo@>q~EA!avPKfvX
zT$x*^VBy8fkUsb(dp_6`ym%!bbKz^9OKhK4XOuW=`YTQBE4h^mdscP*)kj;?SGikd
z6*{BrvgwmBLo2x?mIMp81Id(Ry`J^&7H-RC%5YFkC!j2WD&?VE7gMANcD4*ul`-yG
zxumTn4}aPhyRb9hR4{B0OH!qPy5j?&`4yIUM<l_gwNP(KN+d8RFPYK^mC~hGzL^~y
zkaH{b1EUpIuumd1dy{$W?(iUlAyrv;w^O*(Xm?5*>YltWIoumD)nE#`R>^$BW7$kA
zmhJtH!_~-Jl>5=9#i$7PuC%H7S&dbLnU?4kL8eQPP|ra^Wm2jpgba!P4?|Mp27&w!
zI!=eQF!Gr!vg=Dcm*_aSW-VK_dzC`PD9$0KvM_IUrad9y72BIkS`&9%0ielR%YN)G
zkGiQCN=9s@cH6y<h{2F5eGlN0`^mpM=BmBu-(l~~bR3x)VgpJj@s2G#IK1W@%?8Cw
z`-My|dZq{OkM<VBuj!hIhm$2Kjmv+^XZvb5Jnv>zQrTzNh0kz^Z!8WzOG0aTCCU*8
zmUn;)h>u@wmY|I772wt!SO0!T1_qS3U$JI?M<)9JftU;l{tsvVw@WAKJ`gQcCz(4G
z+-`5OUaDE9r+4KBT{ZK7b3?~hPbb0EQ~!cxsdk9<2RtEQ9?Za1UL9z+$G4_X2}qr!
z$bCq}1iZ%%iNsfjfcH2xvZV=fT?Z%y1ovLjF%d)HYR*6JO8uIp%LPco!9TIj1%PwT
zKwW3ny$w)g`gT6#pEcZ$BmI9u)rs9fgwbD6z`@OxgKvNzXSyh41IS1JWa|H#cMr%%
ze>4>VRQ>ZKA$o~G0R1&JdE%<nahv#WH*ORE7epv<XX8)f02cJe6!MrqDEBGPjw$zT
z5anKlUhPSZxn?V82CG)*F7L2k!xwPTD8gv8Hy#rBj~4!))Th6uPY;Ipg1_cf{d#MF
zj(#EF61eZGkZeh}2eJB7PEZs66ay$?{PyC-G2{N97Z86dw@!S@?6X`(+tUAng83Io
z=;V?N{}1jLI+(()+Yo68-xOlsm;TAVx7fm+btonXX@>5sw3lTHfK+qw(=m-ETFC2O
zcEEFXqqBe#{lCq({_S~!i!1-UWcphUI8>ndCua}%wO?JNfx_Z1Zm|B}^za{iF6$F?
z`*uT~+(-+eTYMHvX3h^^fy?|h#UAs6fHIqQq7V;qvj2Dy<O0rbX#SuP^l|dCNt}RN
zYCq{ovLhPu6vUeMCKQ$|2bZPJlnswUw@Dg)w2zM7sFBm_v|T{|6*c!aH(Y)vaQxp{
zCt!g7^E7|Mz!ZSIP6(7{{@rpYK`rmWj64bNIrQjTE^ezMKujS(Oqtlw;S>FIf%PiX
zEqig3#P=*<lgXn{d?mnBB>nIdzg!E%MpXtC{l6^d`STV%fi=_Od%ruLmUmp>THaNu
zf`4%-4_vMy>ksQbXV^aTFK$o(ZgxR>U)>!GKYV1M(a+(b5ctqv5vYI5a0exgo9F9-
zA3-0O5$^^`=Jk(y+i(0m6y$yZC!l)3FDc+4$o=9f@4uwI|5c3sEA)5^D`Fgf$b&z_
zV+bIGf{&Bp5T))+v1^^_l@1>wb)wcX8eS{q2ke`#S>;3F5c}pw2jgFI{R13&7uo-v
z!~d%w`*(YN3)!n;@a_Dm|Bt%&j>o$F-^Ux2)gU7>%gny4vLz%VA{j-v?3Ijck&!JV
zl##8>tTK!2mA#UTWM+g);rD#0?znI6_owgU{e65tzyEsNx9fGiuJb&f^EjTz34XV$
z@WWe#7Cru>2Mx6Ge-1am1m!(Y1~>(2&ZaT-9oKqCx;<jj5JLaQW0TOaEl8bxsP+fr
zRIsC9dZd3dy~oF4204Z;@EGFj#5YEZ%+P0l_&UYncbT8IO%Hw-c3Zc5`&p08Y5VWL
zSJ-h}>{#uubj<7WJEVK&3S1<9hrJKX3e<X_c_H9%Ai!Jc-He5+V}!s>b5;BI_bNR}
zG*x~0EMH=hc*w9lr!~!~B1Y<ET;}xb3eg&y+0xHmmw|&-cQoePn-5+m0#E70jc9)W
zpY>va4V+Iy4FfQZhikx{Z?GD`8d>Cv-a!UN3*PytiknI1b9(aYFLqNLSVyS9tGI?z
z?2Sh0<u_-ae~8H*_GR|s=~6wBLiAn?tK_3i7A|0^SD#KHnDp(VXY^yq{Hh5H5e8Dp
zJ52UFhxXra1n9vVA<Wg4@el{3Y4ukg5+Nsyl8@%+NiUjwygC`~0#U?Gnicx(($02M
z7C^d?S8Ni1L|PJ=Z2r9i9B=jvV4!B9$3Lkh`fdIrd(n9O_34}%FN6p95YXAx@ett^
zT7`VkF(5VRB3(2^*PBJ_lb6ej*6a@7^u<HVL-l_hxN6>oCGT15Oyk5#M3#LZg~WS+
zIIDjADf1Ex)WGw5%O@dY7C`hAeiveRS)%;Gy@m+^719jR9ScneCHsI<vaC^W=D@y`
zSQm#c^_R=eP`9(G`pi5g2Kk1kwB!!skA@KX>k9c~ZbHA9xdgy&6xIq~0CESZjoQ79
zW%#1k#$o85%i25r$?hYy)>SHR{UA4;>4hlxdxV3dWY2`C{_=G15YRhMt~QMm20>HK
z00WiOQ2186a}Q~N>Uwln5i4w-e)fHo*=pd*V0^9U*y$E~dDUmvX`oAd=$O#)TQ6u4
z+(z2zx{^hJD7~j*RWU4cHDdQL4)JsT1AZsbo=Coup#wvcPqJVh_FYY?ubXUVgf9-7
z@D*clYc-S1C4ou*{Q#1%{G98*jtm;f9(x<)Ki)e%*7=n6jNwkB$oALQ;z##8Hvckd
zw?~BIJi*WBtB+M$05@&!S&b0eI1X1|X6bU@b>Pa<t#^0YL%n>&wpZ^yLK5=7TXy{|
zpxk09dgE(j4=gD2gyr5;S65d6nn41DEsN5nu0)F&sn0f53{4;HyK-ZQRMhnDITYJT
z`L#aI=$pxFm)8auW++8u)#wX!E66CF=3a6DLpB?z@ZR}d>da+{(5AL<6)@DkR2p=@
zWRy;hM5WV+`@WWo{X*aU(rLXR&LDf)QmPrL79(=LH`m1@c+J#@k3T?Yy-T(e0{1l?
zjGiH7bQ?5MM`GxcCCpucXH92j+oSEBJ(2vNs~BPIRX{86Z~>6x<~$e#Y1GJ<_ltZH
zd(GKh09_dR+2Y<yzJ1u}B6|zVV22ESsa1f=WQB3nJJf2#W0Ojh?gCps)}#1i5%X#K
zi6z}dQhosALsn$8R@z2$uOp=0kC(4lN&p%vro+bItjRxMUNn(>9afPp<#1E1hzKV_
zc?<E+?Tjy5DfAGg;@4dNQX>*VDx9m|go6wS*j01Iv~q+YG&ZC4vd^XL_VTOcU#i$M
z3;VC#K7fj47kczLr6od`tIvB)D50eiXj~CruXG3uAq{5^X{5#tp;Y};fQ808*GUPm
z%dyyvREMjaxVGa)YoExNzQffGsR*x&aRBvzm(V)}oYs)fE@P1fUPu#os77SX^0sHi
zy^$ahVHg77t+RrDn3g+R+8a|P(S&@x;pFllgy`kj;{4GnC+zuE*VU!URw*iq0_gh4
zu7<{bM<ZNdDrA;pw4t2Xy>qR-|9;tG5^dbMZtL|*s<rD1yW(cdEF3j@ZVoz!ep?QL
zZa!nloF}`iJKc=bK2GvBy{gV2`P}&eV2$vUd@h|edsfi_7Q8n1L~He=eI3Hz&4w;N
zU&)o1ZQek7Pt06)oX(Ld4PdKEe{ufunmqu)Q7kwnHE|qrmkaCrfeSNG#y4}p@3bp4
zSkE<<tTu3(Bf}TB0}~2LI9Gw1npVD!G|a{$oF<iGeF4E1D7_fr9#c|An93;FK6X`a
zLTi2H@|RjE;Sda#NU`s;Zu&3B4Hz{gCK|NXZk!tN=PF5Fiememp~hwT4Gzx3D+6_u
zgI@%>Oye;Mp=~1w@xO85dYH*zqe*%6*V%=674J`1VT&9|evHLI1U(HA)NP1p+<-b%
zMPV+U^x#VT(Q?|8VXb%vns{4fcRMq6O^1Fd(ahqt?1!yE`Qc5;JlR8Sw(=CfzhZA_
z)G`>3RY1Htszr<-3UQ<umVR#jlv52Qh4O(FyPMQ=9>^!PF<t6gbU|pl@0u8&!&FQq
zSi#H0=suIKAl{~nU*Sl`yy>QjT7^KTL7RIC;oEjrVwKL$I(-m`<XmJ9_MuUISbAiC
zdvlbS{gC&{`1?|$M}3BgW!y?<xh_}N)JzR|O<KzAKWwjiem`p7rs&>tVVRY56UobO
z7Ec=*B>NvY$F0(IY6Uvu(N1MNTny&C!L9yL;s;OD3R4i0!4$y-S>ex|rtP6m@5JUJ
z=#CQ*r4OmUI5lu{#b5*>`t-Q2uZFsm&j(nb&z#4MjB-xs6`OcB55S3O4{#4dyXW>J
z77>Y91d3|F=d&a=m$qV^BRJoENQ~R!d_fzCL^!%Aw9xEn9sPln%ZZ?;WwT<ojxR-y
zucGC=lz1$<@6lj0^R3oo1v=-+D&WYw>)$anvF$Z!614+26P?#?bUex|p<QD*+=Yr?
z;zO8{JfKuu%-rJi<~S;g!bs>~81k*|nfCkoazE9T*nzm~5?Q$#MFH-<0KoGh#C+|n
z(&fjlX<frrD;1P{(U}QR@@Z|!1<0b0v_H~vlbu!&bC*wYfLV+1hmVu4$)-f{^e<Ed
zX%6=97oKyQ13u~T-uykei$(&#G)plwYR_3i5HhtAJ_}jiV8z1;4U$un+I@?IRzh8-
zC(NQ+3B~gg-+h0ipbISEbP+2+Av#5}P8!FqTxov5$8My%H*%cTB){MOL-f?F#L#Pm
z%HlA%qUM{6R+iNoF7Cy<f2v<LrHpA*`3oUm)5o@H7PF^~53UmTTlqnRm)!@2nygns
z&x#NXaqyBE;zESK{bNRm(kZ*ZOV(_a0TNSWe(yy#PU3BUm02;ZF&kq!2aqpv&@_3`
zBQaa{waH@Ns;%aOuJ5mz#4QoHbjlo{zEM5SxjW9U`m><tJA^Q47Zg(Ps(4J=xX_D<
z)d{2+Gv?4V&blq{*1C*Pt+BD%vO0@6qFz3dbL)^2S!o?zt7C|L_^={rzlGDtu}WZz
zM|8Bij;}Ju`Et>;<vOmA)*9-2>0f-+p4z5sXe+}0eSE3Z$Tn18k_kguRL6i~f{?k1
zx-FT5t(02#Z3L)E?BR7LZc7nLV{dxlQzPaUAn#^UFoBxmr|)ayifzkkWs=5e&+8SH
z<Z0T|{!ONQe`kJ@$OG^x-Jv|@;X>^$)CtReB<!|98EbM0bDV3_ujbf4-qwJE{~8ME
z_@V_L2h942CbuSDBtjPQ$1L10QK(9`YkNt*Ve+o7<)zLb19of>a;kXHgw?OA<k|!B
zYR65qzV#(8!hzs=XgBP$l+q6{Oz0>=-&i1PN_>4^)j}qA-zVV1J}T3cTamHIjohah
z`&bC%IqSZ)F`eu)jSKxKQc4^k&*a0!(6(E#O?vWBz$LBfe4~uJ2rJ<EV2kJ&1bP!y
z4TfH6Kaq`-sc~hn8uuADZAN#zjYggg@HM;c>F4&yt;==0zvSFyLZo20Pe!nbY4+&y
zjeALpecZOomx{U2(~fyT?Xf4CB3j>9^dh-x9Sh{Dbxzg{Z$YZlLxOG=;YTDwXao6)
zp8_u%30rbBkHoZqTuX2rE;`DSttrOu+xh*hIbD;y&c@389IY()(GHyx$xBz|g_b%-
z^>B_@8{grL{z#a`mSiKrEhF_{tsnnFWh+bYA{n3b?G7rV%0>0#6YOoJER#=ySz{=}
z`ph(LmWn1*&9YKFt5v!D!uP?RQ%!f;@W=qEtxoJtHmDuNL>Z?<vZ)_C_uznI$ng4_
z;b&*tBeml~ljjxH!%k-!g&iE>_5eCxz*Uz%?}}4PNiztG<mtzY3%5iz^74~VG=wg`
zh$@tz))jrc{2J<pFHpNCyLK4r{*<Tjx_a&C9#U49$JdXWPgKe2Hocv!7guMN&=A=Z
zxyVAXlqSP7^|VWUl&|@VbQXR>FL%-6Q{IdjOQ6dzd@dESmLB6P|JqciG+`qL<d4OX
z(j;+SOi3JRgg4F-_Js6Y5r0_01=p4KrI83iW7jaE+Qh+>(&5YGe&)!zX^?#RAk&!0
zKrZRq>s9zEtNjx9Ez5zzAHw4kA3Lz$&7Ww96Fh+AuLg0SQBDK#RAGvLpVAY(cb(~S
zJGD}NQBJS*V0zI6OJ{wve6f4K2ZFCt<Nyz>^<cij+|BZD1L(mhnoqu$OXACfz0Y7q
zAAH(&o|&#?D(q+mLqbNUI$e?VB0^2i>+G}|UVXd|wQ6VKkXy8;`;j+gREfpxp^W~7
z_R(n-6>6*X)z94|+UC5D>1xyou1bvl-=KPlvOl&WYiMay%9}ac2B4jq{!`!FYk4P}
zDIxc)MDxn77;9pnA}e12e>Nf!8Kjp!ly0wqf!dd7d<Y8rfR>Ghsv57jms0q~NH`o%
zKuiVaUhEwL>a&Y`NxQrN-R1g;vn5(?jWE+oKp0`ze*F0g!FOah&OY5!C;z&IgCB19
z<K^PPRkqKC79V0=T~>vXF2IRK6`k)u<|3>=*EvTo#P^E!b+`lxEuZ^174%GAru>51
z#lg}tK33}|%;zU?#O6_L{O=6`*_M~rx)^b<uuEFa&HwEO$Q@H3(7vk`n0W%foX1n=
zXo6Co_4%kwTf(g5uri#BfRnB@#oxNf6_{s~LC4CGPAX*i2+fMhShC2&ucgKN?zU@B
z=oJ_QrT@BnZLt4DaM~A3=)?0}*)oZC)YeTK3yn@^AGf6Gk}p?YW)5yWMHulNNh$_L
zam3V9#2*w^`|a_5W|*FNKCkki0Ik^!)dVxn1VM{BpM-`(G||-<wG^&iGX*!<EU>$?
zjKOWDcWnz%dm|U)%j~BP4P380pgrjPS<WlAtUhFI^)Sg{m0Kyy{8gmN^QFlYMcC-J
zZ!WEVnuOM;EsODMRq=sO_X3T~(ABwk+%E-_@ufm$ju1Q@P^8~3m17(@+*1R3_pcI2
zIx}_CWt3XwE$Mx+iv4z_O&+&^5>ifW7(gL)S#{3HKD&xA>6bnrfkU#UAEpr<28%-1
z2x45$OnJU)@Gz-%XIstaJvkxgS6>E09P;OnndK?oFq-^Q)`pAi=+`mX@N6Y$$}{Y=
zcyjmW<m+dKLV26W6|X-U;Wg{adv%UW5A>^}k#+#RS(|GZY3(>yN=pncg#o7SL`zCn
zWa|f-7~8NlmN$@7FCCVPok#NbRo;*%H;o1!o%&S04>h4w#QjOSrrUh|v+Ftu4CQ^M
z(~Fi&QB$0db9>aq;5#DY9jV?fIYq*>%L!_@dq31s-5w$OS_)KU1^Zz-mACU68B$hw
z{^+3ooPNeDhC;nn=easbQfC2B;2Cf`A75R;5u0c?Yje&k3c2X8?8hck+Qi$B(G=Bl
zqk*+D#_?mMb&}GRWuUk^e2HV9SHB>M`%)NYD(fy;5ng*GL&)5t25h9z?q#mvR@W2U
z$BuuL5_nBUqyDVBzl}?p@EJLjkabZgTw)e1@KdoUzg6P^vfk<$m`6O{mFg2@Q{*S#
z+s1SSp+Ah}8!PEkC#)_lylvwW=(zkgS?T)0)1$#FIm*STy`)!@7)t{K+=+x#7!&dX
zta~R<$(+|ka*&5>rZqD0Q(TEk{)DfuLNCZT+!QjYJMmBCjFf^?n7t>IQ*v8`1;z=V
zvljFmPZT+^;*@p)Q*Fgw(J;Bi#leX)xYcDz&A&g=AcmB8z`FfQ@J2vSMbgsLLt6c}
z8G?--7;_vzTt>x)%Ycse#(3+-k{W$3O>{jn7$i#XY#c~&TYdsAQ@sMKQg^@YOTSA$
zuW;9WyXYc(gQ!JVBw@B^@7%9L5=U2TV!K4a^P0q=X{@#4aZ>@<6w8saR|QR`9s1C%
zI*1dWcaNfWapA2s9?`oA-exl2ltelU`Xz7oGoFW)Qsm_x>+M7JJtDrLq8eUk<mIdX
z&G0*K@M$P<Dv-9)ip-K``>fLL2bunfP5V&D%ngBXQe}CMV#%wbwSah1{)v|R1Kw=q
znUSh}I@DJ4RU{0#&N{9z8F+?ZxvJ(3g2GoK5nWr@VJ0YAG}-xyTOJ5X@nQYVbL{pc
zUvclROJ<L=96K-ICcBcC_^b02IWQ5@M)j?y#+}WAf-mFwBTTECK%7uLZ+@RejbO3=
zJCa#Ns-1MWs3mAq@1-A^c!7E1CUwG+&hP{SGF%hdZic$eeQ0qI|0?CT3S4$s{e@R4
zMBIkN!TKi~VZ=0?tI#21&u-_mAg$3QPmPqwSEOfvqCFLQ?Syl$na#z~_%h4jfs(?-
z<Ike*CNZ-bnGr1|eNH8%z`<FH(fwlECe6@E(lf&Ygy-}I_HsdcT%42B?-fQIWd<J)
zAXKcyPw{d!qW3R#?<wjxFE%51&6Jv(Ld>Mxig(gkzx{!}vQfC7@DpSL_6C!wrxQO9
zYpD_a-9VE!SuyQ+s3!R+E(7_tMc^77R8L@xSs~QQDqHMThdJiS``3a@D2#T$2TNqn
z=}OZ9=7P$NB2_0=s6%hP;6NZC4yw}S8hPsWvQANT#GXCCo)-_DHTz59YW0W$2NWfr
zX}NT|RCNQwDVWEfe`*#8Z9he5{)&{7RjWsQ?<${IiaZnJYhfGXOAOySNvtsmfR*mx
zJa(bDvelmulep-ir2x&D;??CRSBq!mhCC_`nBfc&9<|eOa1JYx2q^6)Qfr^MiNi&B
z)b<9RHO}3@Z*563q0G`o84qpwR*TO*@(V1j2o+=(%5on6l-eFXeDC4Hazbn@tQV_k
z_RD<-{0@95_2Ne=J-nYn38FRC;j33o*30DA+vv-vvWR2-3TN_s%$~DqLKk+cL<*=W
zE{2v)kgpd;Xs-W|m!gNc=>uJ9ynWWswVN(#Psvg{cT!yqv|m}AFyGIA;GEyOaXXU?
z&cU7^IGiCJ<Z2ln^fjL_P(&huP+fXWL3Mc)Q4~6|q5H<7wTB;*mhBbUg>}_33<uZ3
zi6t5C_OmI|rqDDK%Z=yWE0G(-{fRNgJ)yzb#Ov1u1~Uj+AaK5N&<klDBPrm|fw;fG
z@P?olaD%|TM&DL}x6YpjkPb}g_mZ!|WlF0zRi;)9uSTmpATI6HDU5zd-1YcEj1&S!
zM7%+AmFGbgPB$@7it+J<$Q%Dn%@QuxD0(#yk_}-j<Byr;CQy~81GrZ#tB9l-KS7`5
zw3U&5Q&j6E4{J;&R)@wPTCAcBAg(lV*2JzK#!|oc{9-TvROUsu%Yj00?oS;&(ZW6I
z*Hrx4jB^mNk(_>WJBl9wpBoQ4Jm?UJ5LN{t)6&SO7VDn^^uOHaX29@I(f^<F!-&Z9
zPf^bQ0r!N`>AH4?A3kgk_22Yph!DOJ4!H+`7l=IUxxrqHsKMU<D}K(c_X?2MHKZ)8
zXIULBB=zR{=ySzjpF|NBjl@#>*+*y2CDA5be4fO7@{w|4unePzhw{mybIKPxWGOr@
zo-wzw`s}*;*<hyY?ci#oRr7SOqbs{X>}Q8ken;2X*-y@0eY5#v*2^`yF`ftZ9KN*+
zgL>C)EYV%?Pf;5z1rPwWy8GeWVe~>`|Lq<X)%i0H!d>AQq@b#UrE`1JAHzQtDE4#!
z=zeANGyz7W;KVX@0g*~ca7<7>otPIMX%IE<kH`M?p-vi6V4sW~Z@EidJ1SkcKPMx5
z*mKb-ofR9^5j_9D|M46q%jb@!9x$-8V?1bl{d%_E^}TzG`uhYmo=9QMeCaWG)*Q6U
zUDn0ak)RicSyQ2<rZ0qA9N_Bh76P~`jS?{@#DKqPen>|{y9#&WtEz^0aOAq3vN}{0
zLhOWpU%tbPk-K=%=VNZU7fA&(VOggPsA^aFjr{o7XI0i$q7l3Y#Hw|D{=Tif7^yT$
z%XozCBJQ%B4+TC}!P`;)>)ZWTwuuKbQvE=rx|q3ftsQNS7;?h?ItqswV|S6F-nWS1
zpAZdZa=$_148H~UJ^U7>;74BmHHVM=K9<Ob+#Vl}1FTg4_@E`6orc1xaX6ZLejH7B
zJjUN2pL)<uEmvxI;#p;-xTV7F+qYS7AA4P}zg_TwW!g-*>X*|~l{S_bhta;e1Bw^m
zQSNrgDUWnG5UC)bXXN}Ri~ol&+(n2^r5WLTweP3V{ali`lgK9Bi>$p#j)nTVFvDL2
zwsZ?@i3gJug%<Sc`O8Xwd_dU~*6&iJk5i2sbtwB_W&(1A#y8ea(F+gI<G_D>!VON(
zV-DP}LA%B1U8}DyUGpSjkNBW#Cbwa&G=D#Cmk?{+X2t(&Kj1}r?+NWV-iV>0N2d~B
zzI++}=m6fhxydKcU8l(#(TyGA7uf@AkuxKWW=^*g6QVLP!9g6w(SP_MBE%2X%Z>^h
z#E5kIYD+Ny2V4{mc$9nN2#;ExO2^I0r4og|FNkOy8a~HlzXxZMQY@MJb+oN6tVrO$
zt_aBRHJ&XS5e=@pZ_(Wf{tFZQR|Zq90%(Na`Mcd+!V3PwErkt29r+r#SBze(?5b2@
zg)hnLPdNq28(!p3HmLT`RtY&T+ng|DgZRn$@D3fSqB(HzU;&=lHPM?I4-8C}QYoHI
z2^u&*V+#a_XPGWASqCeAcw@!!NKusHrkhP2tp4$tTV&gw)+f|lhe3#-1^4f<XcxwL
zdeH-sAq;VGAMw#Rdj^d7z)Xk1OuJ6jdPGs@mXYB6%}4CU3X_Gep}Qa|HgKYr5TmHw
zJUx53YJOvbuGe4G`O?VM;(<&gYBoo3o<M5z36-=g5g1RbM22m$0o(8>{rtALBj@$$
zE$&A_a5oC=YoI9^goV;m(DE0CjTf5y>8xaRzI+)8^1fU;d1?LzLIT)NX?LyYQr{Ge
zVGwD~`(EZ=DMt_$=n=fB=CRmf$8Kv3@FUk^b)C;(MEbVmg3S+sQ-hzVATCM%gt1oe
z+jQ;_PnNx$-E>aTbz4Nu1g=-BdSJVCg+*ftsKt{nFmySwV36)jG`<gORs8{8@CkBs
zEYstu6D$XyX+H$wZMf`CL%7Vj0p~~JxBBEN#Km$xZ1{*NmOM?WdUhQi^5%!t<%6;w
zAkLjc=#tabTRoR7`JP<;AP={`8VX8EUn&QPi|;EB{W9cyR#dZ9m-o~#7IiIQO;JJ&
z><A|82!wpA4?@K2+E(=!Ke+q%APPQEr&0_dh?**7mX&Zr6qV+jJBbIAQnH;AAp$<<
zYOX<}Y@eA-8*d^I#d*`8k452rT^~B+iuL)8)df`$rl<gjvGdtF0G6ENUuOyjg@KTP
z)B2%H!y;fr)p@D260mB`BYnv{-<KrU5ORMHF#0PI(3;YI^lqF1_ZqZzcun(KCAAw^
z3r+3mucnUAYk_vr(RHM(f=c+nF^iI%sjM@vR<0luu$7>iN4iLA{``G-tsYQDu%WPX
z!gGWcqPIy_DKDZX<%7qand8g!WUw4$l7=#iKjOd{v<5}613Eb)df{sH2SP7z&Xg7@
zb{p3&4ulm^VTn~&U8G2WQ*qaRBR<*lh$Scch0rJ^ysisRg5hBfr;k>#xJU=`j1s4y
zAi40T$QBO-S!Ml9E9wLiJ7yi8M$aRkpITjPPe@Jpa#_<}&#q2JlR#eh>!?=^tT+i<
z`S%56VoMT1b-JJ3f9r&ZpMh-4<sv*p_U#KO&QQdxfBzu$O;L)X6aFAIJEyu7TD$a0
zgxY~Z%RL+@R9kiu-${O_M$Q@!=}>w)C1g(KFs0o)x4FAPPPA9-hCGJ=tGziA^VVto
z+hEY~;O=#p#u}T0y?a)r72k{uB^`b8UUEhUnv#LB(mDiNoayR0FznS+PjFr7F(N%9
zmFsmpi7c)|bj(L00)9;u5qh*71_&gF#9Cy|DM<RBC8JP^K8xkUNTAdaHgp$*K<{=5
zfIo*q87>^`zG5ZUNO-peM$*Z0g%K4S4sLEj%-9?ZQlW%oGOqf#=fFWoP*5uLx{fe>
z5DZn5UW|SqG~yB71G;e4<G!@@5sJ`g5GJ;T2E&&%=qn%OGHCXn<>B>Vtxs-^2uq7!
zessv05r{FA^QA7dVv@6TvJ+OqunS@mK9}ND-GiT+!Sw%gyRbrx`#>Q|q`Bw}korM(
z$KHlTJ5wog%d=nJv%8WGPGPX<wIUNl;~h+TUl;?=#)R2_DzC9~`<+VN64gR1S4(!}
zxCn-O<8l0ZQxMuMxPL4Uy7tb<Fb--%<O=CIrBLhTCVq|Jv(P*>9(P+uzYbi&v9QwP
zts~H&v^@o)IPniqdbFmA%g~M$(vJgGFbm&Ey1KGdJkqaBM<iO3lFz(A2FObQg&ZV(
zyZZ5F&1W?+$>R;sNGB^?8&58vMdns4kA-4{ay6eiA)G*kP%#LV0fa5g?zkw!GwsW)
zEm6@7^<+mjgP5d7HliO>HKS5w4}XD)eKHM32M3K!pAc|GGbSbHID=kD(5&mX{z1u?
zQY453KqVpzG_&%^Op&Y-Y3j@&4e||Az?+c+n?3gmk|nL8LUmmsGsyWG=F*MB{Pvb0
zm5Gcy#JngBlFPw}`lF6y&6MWnqB&5bizgj-odvtr@&t;Mpr%oAz*ByC!TDE=<|Qyg
z>>tVA>rLB-@SJeX<kZ8c6B;9s4p6Vcd?^N*-h|=9KJ&zIA~bi|H1CN4k+m-)mEcc^
zx#Yw0b5rTXBx2=eU~<KVFnUoK8$}>Pi<OjYlTw7L4{0S%K(v_#e6#9tfFSZfXP+E_
z2W_JvOMPA|F{^-n=aah%Tx8zi2cK=qp>Mr7MGN7>@{|z;9;sOJUPB3Cu!}5<pQ(K$
z{mUwRG;*7kWU|*}%Jj35z$Vdk$NK>(>P&qFpAx868Oh;)=GbLn_}y*#r3FwxpjU<Y
zmC;19KTi0|%R{`wtmlL6kyd%G0@<POvjHoLu86`D!m}dCfPI%TGMIW*E2fd5JSaJX
zKu8gny7Rqg!_MI;hH`}X9u1<et-Y|Mt!yP#;a?qLMsSmMfiYK7BcdaZ=zP^3y4oHG
z!J;hpn)=|@f+X9sv_j&Wi_8~x$3?vw?V>W8YkaBOPZytw$*TaZen`<WkPUpr$sA{>
z(F92C_)q|^S-W)qt+43$X}qi?mZ-dF$t68n4o2~_HhOOt!V57d)KXR$AJ@f)4^$^i
z$zzi0Rb2s%Q9rucS`oc=RWZr<S{T&%WOqIkWpOcpJU}tys@NE;ks-n%8d;_#I@HXo
zSH);T&s>YX5FRp)Qg>{&iaAo~6<|vxu=&hYGlTo~?~c?cu{=@BLYY-j3faPe7m&xP
zh<TBrhM%2smn}Fo3;eZF%2k$XWVCFAFs;DnEGdtk6}oW#tnQ3AN;D8|LA3jB^K>E~
z$Gs6c;uOjZ3_REhCh0knEa^`&E*RTmql~6Hckd@Z{B}O@W+KfT&ZdIG4O{$L*Yw@K
z-e)V#9E2jdYYFBBe<j!XpKPN)q#x?8!iUl;&_+r~4N8Y$NEQgtW6jR#%R#|-q?T96
z#UvT_L6o({FK11CFg6Nw5?tUpnUr+kck)xJOBmj>Pry4CEt_~G9IYgI2WNsUw-Gfl
zUv1LsF3W2osoOOn!=&^cqzdu8$#0w^H_>$WpPW0l*lPL4NZ``mgIn?-j@{6B(BC6_
zW9G#1T4kpgWWl;&!Dt~3N|wHE36A-myhIze_~ZS$mnNr~WFLDUZ>1~loOo!}jNP7c
z!Q$Yxu$y|gDCxtk*yn8h?&5r%Or*~*!HE3SB2un+g2B<_GvhN3@l6$I+$?-!@@#U)
zswftUEqwAQd}To6##ch77<x@5xHYGNf4JA={8T%(7?LR14Sst|a@CqJ*EoUE>a6J{
zK|Z4NCQ985GE_Z>wA>op{(0jl85s_upr;D-CtdocJfrpynF)<><-E%}ekeQeS$SS_
zw3ZW~XyI3bHpzw^jJgju#tJQ;P?WjC2ZOS;1~6Kmb3La(c_PA+NIrRUeik=~yz!uZ
z$GRXEO89=gDzZpF-Z+@1oi>699i_4!EsuS%owJialRqCifjkJdIDyiCG4265gepy6
zo{%&t-NaX~1p82Vy^!bAc#+nqu<Ce!N*_h&lp8z)aW(PfPh)hose=fYbm-2Bz&lmJ
zHqjm|L}c=2ik=anR9Txd`=b^ZwZWtoTwT3(_-OtSl^!KX8Tprgc65vgK&FVH5|K0I
z_Mc~CPDKE|0EWHNap&avBQ(GDbyuG$>rF^%U#8NlL$Dh$=gC(|Fzf9B<FT`1k(311
zi{BBQ*h&i5@AE?tQ~Xj;(eTVPzw5(33|^2$<-I3Ns&48#)|v7A`$B`Rw)WS@dO@XK
zwh2g-?rRU4UbU_d>1sye-unITw0FksJ|d#S)8*@HNFwGdCEt)4jx(?CN19@AWUmFT
zGQXY?%)1{L{Mvl8?Zo^NLI+;?uEVaMHlb<}K<7xNR8+&f+1OW*qIyM}m}HgoFq*h2
zRrwH<s<(e6xM=802;};ty$XY-W-Dtm1kKOY8GODjkm7hjSg?H*c#+rFBLLxxKKiCd
zrd+G4k*Ulq)t{aop)}ev*7ShHk7Ek`7!oR?ULNNyhvE7jbS+_EN!USr^!b->T~c7(
zV}5ti#&p|xW1*4}*ms#VT#j!bFDZc`#_qUzgJN~SeWAADM$FB>fto`bF+Uwy9(UQQ
z574@LdmXZVh>%dpy>v2-+Dl;{UBGJwyuTd!hKn++MAl~u3UG~>1D^^bjIjvMkd||I
zHhZ7lSpEz@i-KF;-rmF6GuT=DcCUC_x_pA1y{5iHEihVBz;G8%Fy_)<?Y}XD_B2t1
z!i%Uf56IiXKG;1h@O|I5rDEERbq7|QzM5YYuw_ALdK}AyXdoS&W>D+FVb-^z$!K~S
z|Fw@iK%O@h9;v7GBOdeh-R3k#bNK-R;w?R>qu$VS;X25Wahv8ut@W;qS}CYbmS#3Q
zAym+R)Q}`YQHpJ?$)M^LzXd}t+qC%z(Eq=9JQ6}U6pl5|%_)$F$s0Enxa}S=GmFXS
zJmF#MG|hG8gVZiDdXWMlA5-X?q;713qL+W);sm*4wBFab%0u3cAD=S_etCCW`=vYP
z%Y}xO1<EZOFdlfz!>ulq!5iewPp1RvR~ymP#hlJfNuy~uIKp3FBNj}GDSN4L25aw+
zwlWzCw`CgPMtp>L<Y{qja~ix01BWKNnSaUyK;`t{vTAXLj$qP5xgD!V@zF&F5hfU5
zn$a6|6sd7-9zh8R25pdk0}!9x1B`*&nns(w+bz*D3`!u6$H^`s=#p(7NWgd@TB3vU
zHPY4)<3oKWZ$x0BuI_34W(m(;{qbxR<dwORoRHkposm6qV0QEIRXFO_Z&6-KQy<Kv
zR3q;ttKE>*5qKDVzN&n@8LUBQXyfcbBanfSZVeK1Ka%!jIlo9wN{y{&OLPq*jMZu+
zfUi2R0GL+TT1t>ve9d}(a`6_mlBe2HT|96ISAJQsjXRUTKF(?l#Vs8$Xlg(Xs$Uy|
z?S>aQ+^t0_bi6i9%$aiqQmoHEcGHIxm4Boy`ND&q6qc)2O+4BVp4>9dzxA!y+yihM
z#!h63gfiWO!nWtpm)**#QpUB)hNv6lIPS86*B$ZupgAP_BPsQgjeduyfdm!AoVH5#
zCfwS>QP|`5B(vz`__^t;w!KLnZ=bZkhZfYM<-yiU<P3Jadv~qj-K*MvaU@nB*it=@
zVnI#-!41J!<Ie`qt88thhlz{2`}Z9K@wglN6z*!K(J0;ZskJ|fg*v_WBX0>5+jc+B
z8eSy77zU{Yo%ZI8RP;G?jVHguhd%PNJidt$8Gr6(PY`^F<Hv`T!Y48C(Ixjhw$!ih
z3BX-_O7W6?K9!yN79Z_<d_Y?Swy0vG?F<dxoj=4Np8Uo}Re2T*C2{v-HWi#R?O*lF
z&L8?;{!Otwj<k3kZx0?iBvFa%=_|Zn{h}QjzZ>P+pZ?sg!{{*~;(J|2?OmVG$Q?cA
z-sll&EX?>j^u0KB9Lyz_1xz_XqQ6Q3+{CTRuM%KiR*<ePO>N^<1zgU<$rq%8@f#w!
z3>?n=4Q8M_4BILWi;eA<<-rD__*U7etLoZSj$OZ!S9!>#w?9F3!Av(Ph&u(`Wfc<z
zrfa}Nj{d6K{`A=KV1PqA>w$%Odw#27-oU1=?f4qH?OFW~A5!{1Id;gt#smro3KAYb
zAeSRt92~E2WZ<^wNB7O=v|Nt{RjbJFJ<GID!CvBiIdmKMonCzVcK{F|s57h`+QuV2
zCOM-$CKeJ~Efg+MMo+#03vFIuF1idB>cg(@3Y$v#d7~4|^20%#sJ%ny?q3+6y(O=L
zJFZbS9|09GSS1=@c9(5^MUpE5HW%awUD?CvQ+iCt(G4MmAzMFn1^Lt(x;Cu%px-2g
zSTbW9#WI2=_(M!QAO?KD<7fWNkpSppTziKG-tP~-32+=Tl+GRMkqp``(Sq?lH0h&7
zc+mA%y(N|csg(#P4t~o4Y@r%XsTVYeBkvp*tJaX-8XeeRulUyiL^GDk@!<HqrEv*X
za-U4AlWd1SR<x*5W%``}8zP?yba)C+e6{h!BPO*TeM~aP>>knk9}v^8kmaEw{2lkN
zkwe{?c7d1&UELZ#qmv2&^ab;<A}q2q()uPuQ?{pdYp-wzmJ-VZmM;IpdG8WSZjL5H
zy-zQXca#Wbiu$6nY~V>WYxx6xfTqBXCbzxQhP9SgBM{$dgSNNRD0hDp;CQ$HY_T_h
z98M%65o|%*!eo#i6^j>nqgz|C6tD}4qDmLYMLmCD7k~xe{aH-e!01kR?PORjQ9|*R
zmPkzH#sgeOw(-TSj|C7_Clv**ciT6wT)#>VyFaXYvm+ENl^QJdKO9Ifm~EU{l)G$(
zmu!YyY*`tJaYfHzG<~D;Co!5|bc0<O)%fr=D`-V=eR9@5HZN%LV3r)G%!d|F3Runt
zF1hn+!4b%;jCTMi+}GNB6@iZtC|oIcD2#6B5AC$X!8ALs){brnI?sQ6Y@n$6QxpC7
zQ{%dkq&seQx^cxBO}Y6F9<KwpE4Kix{ICDo9W4umezlWtaW&r7U;c+(|1WMJ5qe+6
z;>48Wzj`TB)QDlLEvGU@B-=Zp`BX3mVFVH*LZ6Wf?tOvFqiu?XI->vhYuu*FVdM@t
zT<51yTLu!Fk%&tKPwdge4}!d4svZ2}e|b9*ByEiC&U$uT@N>cVhudb=h%1MJB`o{P
z`EdfVWQ=jY_9XZv1{(!J<C`dIrFMxl8mrR~Z^E}mHd!RHt$=x35fOLuZN+-kksy_=
zSGR5C*m-yVEk*$)WE-0%08gvL@P~nIqjxC3<KaVX8x1!)v^#mt|06$O&_tOQ9dN8-
zJ6~(Dy|1Mc({Fx=neXa>uBEQEW5(W6Bh}MExczY9z;>ZxgGZHiWXJfjy~iYgtR`*e
zh1%XqrGsh2lXw2m_N)6Jw&Z{JHzBD|h3L%8KQ|IYT7;KLGe1Eh6iU?}bG85yp^m=_
zfH`00Oe`I4t1;O_Ok0A!XdK2K0yHfd$jY<PEow%yffJ2>UTZ~*g|cs(5i^B^h-Sk;
zWrf7)Jto@u=Aek_=jpz31mwo33f|mk$c70Qxrmmg{hph_z)RSIz?mOHI`1$Tk1a5r
zEq=*ct@at%5Y||mfLJh-Gfp+-Eg}`cpFj~(lmBX|Fjk)nd$c(t-nHjF!82eDR{|73
zyfJP7I-d6gB0?OY?5R7Vpzs+Bh3WP&?-;zU<?q6j%H_+@b?D$#;XXx|T-r+RsKP&|
z<L~eW;K0g`G$p^O5_h4yG)ga}>$J~74K6yPcMhJF^Q(Cw=guS}8E({`?0JCiO}2gL
z%}tILD2p^0Z7Os&lD4uGr+LsgY7R*^-KmvU2>pe2!9(8usxdM!EZ{CB=!PFUn{bwt
zX}%-ONbeQV?@DkN#sW1pjbtRJ!=;Uj=YU0UPwMgr8$Gyx^Ll<V4tH6p9$&{=sM1<~
zJQFX{6I-84kGRYa^LJ_s07LDAU6Gs_9?-w4PteLbj6Nxx3#EtG)X&Dw2tJ+|j~>V{
z$IQLEeaH(Fm-y9*9Onz^TYpp`hIQW3XkBO}$QF=y!EIC6T3po&4>zi2e_*uDcR|(c
z=l7*|te1a>!b*}9wQ^rb*PY67#_}IrGaQ6#=BZZeiU<5Eu8)uR!&<%kwRwW>TM7Zl
z)|9;w<`@@=eISMy{e>c-J7!SZByRNkfU76<53b%M0!RN5&l6p%Y{0faj_ocRW9@jj
zAC~#tMllSPM2CB0M2_1ZkbO41;I_@%oxbJIIGQ^)Z-3BWu6sepJ8s|p{TloDIQ~5o
z+xboZlvcYvo0I^p<0Z>lY*uXz>|ND=u;zFHrwkL?TeTQOt%Ua>&=DyKYd8E>Fo-7o
z<IwN}*0TfIcZcRT+~FMQCn)7k9m+63`3iB1ZT}A+uir$8ou8|UMB<;F#C`j$3-j#@
zRDurg)SiGq{5AjZUhQhUKUzUAYOb4N%IYar)A`;6Tf#RmS=+Dy$6I7#MDM~vd0zWi
zas-U;E*PH)7RrkF)nP!5wj;|z^&WfsxFiIBjQ4CS*|3)Nze3EtcW^uEGawD92jnx)
zv|a&?j!J~o(WT|O%Ar>u=IK<=`w(C+1VO_^uzL{vJy8)N!=|<zJWjR6dyVe~qMO4m
zOL7kcUZDkG_$R#b$V-;_CBk$Vio1Q#n1}x|BJZ3qKJQLa^5VHh$pjFr4j_U#2_rBO
z!afZXPyti&Zw;H?z)-$+TcWgf(mj<)T8x$rp7~$VN{AZh3zVYd`)LqIDgDb)iUS2$
z7PrC{Gjj1Y47d?(0Nf32ny!e}269Dcz#4Lcpf^I=L%zlds3C#z%^(CZ8TW;IGnGm-
zjvRopu*%YLO=!B(mqo0?PjY+%E4R`2Aofrb8@sjlAQoKId8K3>q46O)8*iLGH4S+j
zk;ek`TVv!o(#bakQbxcO>aC#@fqZ89+REIU55frR>cD*dgB&M#FT5IZD_MU(>h=TD
zF<Zj%P4Knt6y@^^+<>kb)c;1;c+l$D`k0a8hlIGv0pH9xn9uA(g<O77G3&bi&2B@k
z`_%laBP0vVeQ~E<;5OF^BpigR>iA?94+5B2d9&;j1x941G{Gidd)J-;{D{BWaC_6L
z^#J(CL$i-K{(BcL1EU`wy?EBv?=|4HRLCuKh5IINGZXC(AAc2|Bpe|tyythgeDRDP
z;hhLMn;in?teNurQ&8L-^W3P}^~HiC_?=hwX{KTum|PBiJ`yNU;dRXX=vU<Sup#(q
z#SN3d6v9Df@hfB37E|Vs36c#F@BRmCv+HXXjjR&L02z#~;Z|(0dq7C&1aap8Xfaj7
zy=^>`RwqZl!Gi>1_Py^6iUcOpv+;Ppis|0mN<h;okR&B8{uSJ2rK<|+{bVEe2a!u9
zvO85YFiTx0WVFbTN$=`a;8D^Ef{>BPl@vamxQvS{=?DfM!Ko|xJsoZ#kWmFrUx>!Y
z5=a9mzP8PpXixD*v_}LH4p*$$aJcX~{R2}1WM(jXW%3DMOpXPD@Q*XIk%h*z7qD`6
zlQUI=4#>h>RCh_WaNmuAk3Dn>2#S*L%C&b0xtNRGQ6{dh3T)+={OR{$90tt~=N?}!
zJ&7o+bkS*=xbPINI9UMi=_-{orL$!IhUU$^ET^QY&-q!-tj(QBh5*tLCBZGoMY)Jp
z&s<^oD(m>ommoIsJ^Sm}gPP}s>o#;kCC^L>Nj^ocj1m2|_PBcx)Ya`5r-+bq+4b{W
zHsGLqId%8B`=82Vt{s<o?tzyN^696MS)Y05<r*Lr5MdJfkZB4alYfAYQ<c9ln0*rQ
z(Gl1YUoZtsF3f^H&(}p>Q!t$&L`kQl3)Jq-q??*Qx4?~majfV1+D7x)ohM}G{k|jA
zm+B7--_fC>pJ1Xn(^6y4D-zJQx&CFyo6oeDk08AaL}gfMWswV~{LTakw;-}regrby
zwY)yeh{AGL$AYF*u*~;XpNq2&-NnOK>`LhD&h@AorzNS!XuZji=?PXy;<XxU-1p7&
zwHC;H9~eS&=g8}J^>orog0jtEgO_1ROH9lXsMClbw<-lV!q;}d(R9Vkc?fD>BV7o;
z^DWQ;sxu4@=#DiZ*VQ6dN;1aiH9iW>@Av!K80hwSQ~D+coN}Y5;~#Efp@?Fyev|0m
z>_KfYNOK$qrZh=1%T^}8ASeH;9fmD$2<rSICQm-hZ1Ew~(;@iJ7fvC!`sg%#{SZs#
z88Ui*wSxV@Q-LtK6UAk;{kCweAjVP_ZxnTcDT&@$+DAHY1wv3SK7j#p4H;t_qUp84
zZ&0HnAd3OA8u7g3XC=pZKP_?>5I0M1m<ul~p}PXN{>-bpzW|vflCCROO%VY!H1zp^
zPYRi4iz$7P(Ryd2rPEAOHs?9oXLl*Q8j|&6-OF+W=%=;;mm--?R<Kyo@-+E)WSVNc
z$uarZ4KsoJj&VlA9VWbJ!GTF|$HtZPidB?Bnf}DsEXI%96Y!|AY?y1wL4YX-D__UY
zPaZ?5Afzi4rQSiikeD-G)Q+sD^7<wh?&gUdOq0tI>XJtd#2^)f^YRxl=-#_{3{tbD
z)1XI@5d4T?iSBa$)u&qZbVY_HAyF7OW+Sa#ksTj_>ha7|Qmep5t6v3DvymAfte$WJ
zg_eNXtdfQLIS>XH79uWWH|h_Gn(ShfVJIFza|5mIn#oj9lu)upMFS#?&qez*{v})h
zJJPe*sLF$;B}n2lmc4)FhV&cFqz@f1J1XLVNL0<22EIowBOxE0l3K<s$+Y1Qt4_-h
zJ$XKzRm6|K^dxiboumRZB7TKK^59jLHOup{^V3RG*3)DO5s!OMU#t!o6Mo>c2v=b6
zI!)_R$qZCqHhZ)JcNvlmG7B&^x%w&1#2*s_U8Wf9P<lCEniRPQ#E76&^~3tq8JVXu
zP*-Tz(cSlV8Au<{Y&0Op5ZQ!26CVes?HRn7v|B8BxZM~iqR)PHcG0Bzn551=mj({z
zOHny<`}_Onk>AW<|FUv17Q>rRibqgc{H)v_Pt-+Ipny#c+n(rUFI{ZQ23TC;KKRv)
zyE*X=920&w95i{(UhMKNyKZnniA*lIRV9Y2MUczu_5JIerfSL%4iwX^F`juO!EGIm
zk6shd3d3Sa6+cy3B<-9gvFq$nq;DC{OQ+W5x=tviVH>WdA1QebSW<lX@->-eR|#S}
z4g#g=Sre;fhYMWITJEDJSEM3Bpig@;O-0`LF>dHn7s>wRFsEXCG%Y3Ydx|*2P<aSP
zh0wO6+q}!1eax!E&2sNwPEZ!1(a8E^LRK|z5BVwI6{tF%y8G)uh9-|<uC+7OQ=<1W
zE;kgoQ;^jYP9z!T7V?zvsY~y)r*4oCFS$*J;=C=v(Y*JPq#Ol$<s5}@xIxdG^NCar
z;pKc2<$iQ}S0HtJW_Iv^7f?!9Po|pts4wGwNA7p6K3YR|zx2MHk^IwqC3vKn^vQbW
z-5C#Z{E9J%%r1wF$ESycr7gluX53xv_=6YV8i0Ulay>=5vA(xSoN3XJ&?OKrcCMOZ
zkY<#^jqB>#I-!gV+SM9Cbtw-JJCYrF_aEK;2Cj;vA*9Z3U0oqij(Q-;M*tbi$&e_N
zyn5_G8s@wn$Aqf}xg<~B{p3~Kq$Sd%&%Vxo$|m@d{+k}Zz+k<v;%by>J8vSw{p56H
z&@(~L7M`d@dxlTv>Xwr5%_}vyxZR%%9zgM^_)nLD2lTm0;M8Hg5;D19EnwRj|FxR0
z3}4q+qsvcoF+R>!DXq-EfYHb#R6g-yJ8_EjLTCTm<pR5?u<59V(FBwJB78I<^8<<`
z6YO&*KYmZ<D`g^P=rU4FvnjT9<cu|9DLL~y8_FX<QlWA7LKrc!JF&X|<><ZDVsjRa
zqWhYqAKHX8{TN{91wU0ya(<I=%-jE?<p5EUX;WU-Is{=##_w8Os1d?-E)>2}+!p@O
zv`e;+GB;Sani`+pY@!Yavwr0Z+<;126^2k=hz&X?1dShygvi^Ue<XPXZLO8Uk{0eO
zKb$jzXq_R9`hkmDi4?$n&RDDx&bJkQA|HHy<YN`d7kSJ`^O`kKOrwp#Not8fJ+xj>
z?i)_-V*zD%<EnEQAx9GvN-wJ$B{6=qk5|`;)GQ`KBdQZ~Z~@2*qQjSh&Q*D~FF!Hw
zhQrR~Y_7QpZBa)Gk9$((nl#`_^?$iiq#Yf}QrU_@`qc?;r8ULZE{S3|IT<xsW(qS6
zIdK-eE&{W3F^sqM@{(Dl>YcL9Si~gDf<)Hr1e3qI<Fa8PY6=Y_Cq15w<c7Ar4W#}A
zJaXP~uE){}{9_Ti>N;$b@g!RB1c=Z@6vYL5Gr;F6s!G?~VrG_P&`dj(BVW+wYWDgH
z1*l!(R{>}3*whT|?z5!4h{R;|tBwrnQ1>Tmcjc|x($v$&E)?A_xchUbWw-7$v>cd&
zTuRSC-O`9;qX;cbPE6m0^%dkfYx{4&TeI~#(4JiRh75;Lp7>r~Ga{pM6#qk&^j>9r
zb&51+pygF(@buv%urKgGm+HTl*JPN-%GT>L<77~i@|pkTxh0vl37MyQn8|R6qYoyU
z9?C}&LMKQg{AT-CTm9JQqH$0IfmdS{Nu~I!q~$Op?olM*B~B}j_A2?&j!WZ7t6g@W
zkFF-VeM$tp%p@_BS2xn#>G`ahZ{229KdP8<j3`{CJ*sO$*|?V{ZzF3X-T(5??~=yN
z6QSzS&^j9-1zH~4q+fy8EcBLOa8#oqI8BHPGH;^w(JDL(Mfiee;~fw4mZbW_^PHLb
zl@r8!v5f1_wsJPZ-8xXErB>gGDqv#jj~@tMMVWnY%sYz6F|f#|f9q|J>4R#Z@%3wk
zgo3~bWX=Xv*y%8jS*9c=xp!KB+Ch_40&dC9eY?->+X~!uNjNAor_d#94E+78gd(F4
z<R{N-M1-^$W)X}KC}m(~U}v!gQYU<f1(~UA=yz5t5D@dQ<!^Xou7mDWo6;v-eCkcV
zui%qJ|3<OK<&76P9mak>_^!pWq3%_aW3_PT9~I{4%|79ngT~<NQ^u#ij$c~RQSPvT
z18Ee2NF-KIW0HnZ<U*{GP?Yq%nIaoWz;$vFb3lN}03v*qIu&qEH*)tCX$xz?LgSv)
z0jT`6KQ-|M&0cauFO1gBJKN&QbE91t`$vGz7DTK!`_Ogmt9Dvac)guRTm}a+P7`bx
zS9CIMX&BcD@DV=UZi8CX`Pe#Lo5{44>OIwUQdzyn%higVvs_bp6PoUEhO)Y_6g=h%
z^Cj-bi$qion{}7REtc*M+_=|dKB+&mtRp=0;RD%UF-kN}9%f&T=+Yqx&|l2xpH>S8
z@#~Y|CxJZjGoamrMX>*3gSkQL{n1c)ekL52`tz?Rr1{OpVbI0*Bchur9+p#eTS@TS
zN>^bSPZzTq4EY=@1pm}VqGu+jm~mf@x0f~sE3x7QK}g$t(__aFA^Ot~#NzuH`7_md
z6cI5;$*Y8BITtN^lucEShpfC#lP^lqO<w9XXo;byNfV}ROii+!C?z68o21wPrIKrz
zn-^Q3VDw_>sU+R%Tsbw?Ui&tod3De$$u&<XYl*2(oM!Q{?VC(&kIvIO-`{@`>JNTn
z$J+;Z@94x;C+=x1g8sqh{Y2?1yx~z8C!)#jsi$m|GSx3O(QrkXp=<GvQU-V;=vp*s
z0dp<m)LGA)u8{q{s>zp-NEuI@KCDMS?w5fQuQpzBUj>((ox>`jAr;1%pnhUyA)Wr^
zD-*ao84BSb4GZhRBWP}UY(@gfYU7i%B_N!V_Y58M&iuJzaV=#x3#SC!N28kVEP1>Q
z>dwx?&WM#96O$Z)q;4Yj>Ww<O`P>u}J)xw~@DRByM9{PGPMf2T3V~9enY1ctlh&EY
zH6du!ELk=+Mhoy2Jx*?cK{Me#-PX*|7;7D6Ufh(8teD&?`;Et6jguo08zk7#6PwS(
z&z1%Op0eO2Gew5|X^c;tvY^fw&oVn9MQM+AigjVUJ%s47Igwtljh3f<DcO6-NT3di
z=7HL%jcFiykB>%~wDspOT1mcMaGq2;FfXnXD1YwaCk)cw{0xbzYxl5eb|3FwOn=Hi
zi`Sd%aQgAxgg#W75pMWo^E8x3b%a_r?xDivXK#fa2qlN^8R=W#k=N+P=VAsr!opC9
zjg2P+1vYY1`shC%3^9xL7ZS>{SERoiHKrVYjz8@r*s#X)Wq2dQl?sxw*Qx!XOQch!
zsBCT$>0M!2W3ujkT@U4(`z*>=hnEXXqe+Esb|^|!eaLgU7#fi>T&Zr*o1SW|mF1Uf
z`+g8g339ScO^XT)XaV}<i+FoaxjOchpU!nPNJ$Ywl7aqt>9Ufs3&3XGJQoej9cXM;
z#Po-y9e*iNe(Eypo}_cQsT2YC;(IkSptRyf!*w$GRZK)U!Z3h%Olz@yHAnN3z*$m~
z6@pAN?uk1eb7JmtB$%=B4=_bP<_<46egd_L@!N4f*LpItsmRA~o~-oHQ5vl&OBveP
z+2v$Q2S0~Nyy23pXT!c`BK^&MW&%e8H+e@2d<b(=J=Fu^NOg&V&S51GsDI8Mt9r3&
z6pL#;q<dp0Cq?`u5WG7}nmpDPBI4n3EvQc?2A?;%pfDm?0&vP;$e8c!FYb(>mtIfa
z%vl?ijy#@oy{N~B;?oH!#52fPPd)~HDi^*LLtNm!7;btafM8sYz)QKdSgcrMp?uCt
zXd#)!PoNtn`LppJjGePNrL1bFC?`cE^MW*EttLL^gYfT-fm6-l0;AGgE@O`$+&x}v
zEuMAD03Kq4C?Y5U&{(ajnk?sOKvzFLnqW$!qSsUc&ix?O%4_f8I%&PYyJee_9B8l(
zBZCsBy7ZPksFmnfc~>B@|9t0XZ%X0$N7D8*@!=en{^aAi{B;IEI7a%DdWXE%wmyXb
z8Q$KrNKkY(m}&RQu(c6zjMRRt(;rPZ?<fxdsp;8c8^ADm8$yD7{Z~7>Papfkb^-;!
z>ItJ!>VL|uEB?Prpa2vY@cu@PJe-OHPWjKK+5cO^^*g){kdpQ27by0-%a%D62bu$h
z6}NFJ5G&tiV*Mxky%E6+{<c9o-~}5bsclzcr>{;{5l`;YZ|r&TC-d)w$n?OUh#=sl
zu-O06{``pm$IfyP02ghm$?#_i0sm${KqB791=K`u?o+3FP<j7pJYj=c6tta=!XKVI
z@GmF1?#`Y9m7MqeHrC*VcSG&Ck#PLc_9H4e+r7?Cx*LDG?>jguxKnpq5etC*IR63r
zokXzWKhY)mb6F1=_r?UPu^QJNE`8H+&n*<@jhRL|B*1LTHE4Xe!Ck8KCk3+U7UmMt
z1Q4x5-hBasutUgQRxD0nrW$}{a`55mn2`!c5G(qhgQ7^n{Rf*Bj!?3<lcfR7b$h6L
zClGpDBt7HOhDr|p-?7D$2=Y#(PqWSmBUUZXo=_rk3!nbV5Vlb$X^axOC~%C=V;d2c
zf0+}dbhdVxp`wBFCAEcWj7WWmB2pg_p5JSL4kI#>>40FBKjsucB;~|EUSTKADbT=x
z^Y}mKE`aszpbZ1C|2BSK8d<^rd)$Q$a-1FcKceCu<N#<BFHr4umtFHOo_q;MlH+&!
z^$+TW=l_X0A$l(VH(4A(&5=|}gAlh~|3TaWlK>&3?Ouy?2cEzmotOVtk4N@ro+BKw
zpHxJ|=q13dc~_<?a@A6H8j}0dgNF=~{^KAW+}V@-;kn-WcwHZ&yj{B}u1cR3Q~ohg
zo_Y|;<hG^%z_{OIakGtlw1CXbAl8{zaDG&2C@m%SV2j`<({t0e_HLR=-;HH0FY0Lo
zu!&E02XF!+lkVflu;iTm@N(t5G)SI&#aN#mL7J0)wK-@{B2<+0e%e=!T61=C{`NPl
z89x4vLqL<=*e2u66nbAG!qPB=W<+#C{0Kmr44s>yc0qR<!L?UMv_F<$20V~q&sUD%
zHmXZ~cR~F|-L;@dlT!=(em7hobg0tqcBZmli8RpJx6*z=<VcLuWLh<sc*BK*4Q#ox
zBT;-b$iQs+p3R~?8wZe>{@J^n8k0!QpsHi%A6(HkJRgiDzIlEOm}WH8iu%nZ_W3t<
zud~~7=q=pPUbxXP*4}%{pWkHp&PllqU+nOW>dyXO{1kP#pl`c^U?a-p5j5&opS!2!
zQh(!nh_S?0TH6hpxLKA@V<N=4ot?WQQF4u&!O5THBhZkR@FEZED|GM?&pOWyNu6kW
zAAavBS8t`?*4nZ5?u$2HaVtPY7~fIVe$uxiEbT7Dn?T&mGmr4mC%H-ADx_z(Wd=F3
zA%cEJ1P{4xy0E-^Vs@VSK$fWfKW8C#JKwY)zbiGeOh>eG3ER!*Eik4zRe(FaWeS-G
zhU0AFFV+V}svpr!B^}9N*%ERXy>1!T3w|Ge*h8uY4IjeX$@*CkF#3M_s1*hfN*?}d
z>Q7=Q(P%{{a@$l938rs#vu=B^&jsJ*5O>qUM!7z@ONFJBa<QZE1)ZwhWuWMs&?-3y
z)u_;qxnM{r7{1g#d=6(k=3qnT$>;1^PsZi9?r=RFN0y4rSdKbtWKwt(q1WY9T>STe
zsU>fL;Ys=JxT9n+Q;6+;XGC`4_rT|uL2pWIou|XE7qlmm?k{Bjjjn}5JNGK|g6C<g
z51175CH3bkF_*8DX2RQ)p03k93zSiX8EskE&_}<2@9g@l_<Vp%>lBIb)_r8W{~|Yk
z{o2a48IgyNGYaa@zdx8f`W9g-o2lYx+eNU-&|Q$o1P!fG-@<S2U=fdR2<=6}eOtun
zgaF<}Afkd;1pNy83O3h}lftI<w58as^7g6rv%n6?xl&9?>n_`k_2~e}(PZ&KkVE7U
zVW`rj)$t#!<`;t#Hf!6Dk%UlJGRfGue~<tCkFgo#%XXf{L<Tr_{I2b%wUDepHk!J8
zy!0OvobP5A`FCKo|6oH0Yc2kB0B`Q5L$t`h(b{X-9sW5W_(h<!Id&(yHq=!|MoCKl
zIU4poTJwX*hDK#6qQ&Kfgd-o)qpt_L#(LF-&KTCz2v^#;z;xV#ZhvSk?5q1P0mTmN
z1;4i%(lfop-``)z92xyk{yJaxce@c%>0%6cCwX5o)J$f?{ERmMreAY^0;aI5zt$`-
zTW+{PH-DWq;u49r<PqKJPyz#bi-n5phno1tER>m>S}c+@$d+@!h_;^FVkF4d3?KOg
zNh9*1KesN;Jal|v(68BtWCn*LLF&n%noUq)4d0V#HP;M{uh^S{i<`<G<oAmmi0ray
z%>u(EidFmV;Lx?mPjnf&7v>S6>BE8h`S6|!e<{pO`LpP8<b8nLnMl++n1y^?>+c^g
zdmiF@SSPBqbC9M{_4t)ddLnmrxu$e???!|P%J=^xC`@8}mC*VyH;CJUedxP|V@P4a
zLV<LI_A#ZmVLpfc`U%yCcCX22wGaX2*r3Ul>mo*^`8d&BI?QRX{jh0Ll#Tn5RT5`X
zHO{wv_v9p8FQ;L15w24N9Jc+-0y!+PWEacZ+hvu+>F<uu!t|qWOBOr=QI*>WP?H!8
z3+yXTb9G91SdR6g67Ie{_}3fIA9VBie$&A=99#kRUY?ElutNtA>RWjKRarmVcI1y1
zQgtPUQ;M#wmoNFZrZbA`N9&eNvs!L;)JHsCoLv<dkZ0#Xv)o-Pkp%dv<QGl{LxRoU
zQ}dc5avmXrV)Vo84zD7xb4xZ&)m;1ksC&z}Dz|QZSP>OOQCbA)P5}V{0g-O$27^u|
zr3FEx1f->uZUpJHXrx10q@|>!;XiKJ+pW*D_c`Y|zw>^0KPzjk`<`=-IpT^T?5L;i
zY0jadP=-kz^do>lMD^kjSuGswXzO-1ze5a-9VLH&fzeT7r}fFjE(fKi)1E(j=B|=J
zvJ=RG?q~C4RlCp4U=1|MB7`R|h6v>yaZIj-xOHSbS{hE+3@)*iD#@44Sfjsv>}R|4
zr6MX#=jiM`4_aYECf+@p^RR1epfPv|q<~#}30a|8g1u~=l8p%2`eNHlofERU7bCKI
zTphD%Hj|5Q_a=CvzO=t|SB5X_`(N4xIR0-%w)tGMqf?%=sM~H&lOR`M=O6hC;6l5D
zebH!}Shsa8R65Zmu=So_9MAcXExVV=e_vsbQ#Xn<M*9cGy)o>+a+uqRI8k)&X{@I4
zjlmkYul7p;<Gbt#%>F}&!zDyKiQ>KQcmHaFyD}x>3PD__;!?YFOUH8@e_gXZ$=ejW
zaU-oQ3c{(ErN&23BhPF6FV8zh;L5EPP8E@@*z7kOZu}h2@WQ=H_u5~tSdpWTkpbQz
zw)~+^;3C2g4*Ks?WyiG+M*!e@C`FL?(e12<rR=l`uv~vw8&ow}AfZ*F!IoqP+0=t#
z{y_ZGe1El+ZyX?m`!;6KW^o8K5+wALi4Z$Eil~Jo{xKGo<v9naUf`HEyW#0i?d=C^
z<`4JaYlSsR2Q2q8|3=hMM>tRv-NE^cNrHKh=LqEex$jhi70$BjZ*vPzMf)7!PW7S^
z7SZlkYdoAtTZnV=x`-39{1?{b#!C_8b2j0Qdw_-i8MIbBUh~ZY9#r=%+>EdyX-uMC
zd%OO+{cQ4mBGKI>F-1;MHpA|nDLZ}_$M3#F`*}>sZe8(k+vjtAaO*kwn`?!2d928G
zY5je>>}(P2eNd~her3RJ@(ts|<H%NwpunO0c7DQZo&&Xtr3wdfh|%1W{x?ST2h4zX
zyb~(Rm0?h5ftxCyK!SiwBiQ)2CPK$P-wQeix>yMxMx2)}j{xeXWGJt*_Ru9Th1He*
z5NgJeuqC4oGV_^ND~s!`!N9?%nWcgWam7R=gwR0WPJghCramc1fERHZT3!J_=u?~6
z#r5rVU)p%Il2JG3d$P<Ra+eM0fU&YRSIf_aF&6K6=d!!zSfm3tz{86P881CJt7(Pc
z{G=|Qk2{RMZ@=QqOxJV~_?+U@$M@;oTo;9~GV~{G8Tx%dHv61cGxKIJyt3%4#T^R1
zI!cvF3w?d6N|<M0f^BBp;1*)mcfXF%=ukK0!2!4;X+8vz!qL)w@RuV2WOG%Woyy4d
z)fNs!p5)HRbv(TDcVH}e9?{gxVuwe5FqczO{9O=n69kL3u9aOx`V)~3c@3&WKA?<I
zI3!H~FoB)-kTqUn#alhe`cSC6=Z#uU+G9*!I&GN4-m7y#MAigAjMN7ZmyR+u%hsz1
zb;t^&6u;i5ZU7N2*PW?{go5LT_p-<S9_)bWh_lhP)La64$hNflbz4F?Wps|PLZ?xS
zRW*#9uP#YBdjas<W{9Kd;I}n^TUt`$OyMMKinIhvo*(&R?kyh~?x><FrW)H$Foght
z!U^>%PHZ*GyI~`8O<Y5N!LH4!c)mP3k$C?HtQHF~XlF8Sbc)7%wm`LXnIj~u>dm!<
z94l9|Yk+mroHBV3pXUd=RK?Kq0aCrq#NMdc_vxyozIpC%e*Pi+TLf9Qss*W$7hCSD
zTxc8aJ3nsN2Z*Ps#}tSogXr(DHUjpQz)bQ%fTe6^H#fqB9)QDwH=_D6asVI{0QJq@
z)VP3P5<rOZ^m{}!aLu4Fl=&*#{Z>ItAV%GPk52nh*A2Wvo?LbqVw)y$Cf#4ICp~{C
z?77~jM_RILToF>duRjQcAUw;;<+@u>$dX1^FX?eHifMfeqfcTY_H_fHP;G72OXC2(
z8&r4LJ`2<BzS7b6USy#<ft5bUbV~qzZEkedpN|NkhzyLC-T?)10bb}?W8b|YKK){<
zKR|ln<FI$a8v$(s(A0t9)#Y`4m`@;6tHUWI)*Zq9M7?f%YO4hq*M&BIo5A9m-SLcK
zSLd<K-D&0?|105sA;YKM014p9D4>*(5<=HFATyB7eSh~m0Ic#S<3(b8NZqdW8k&?T
zyu%1ovU{*rvpld?p@I_i?e*su0^2ge!r-Q+O6b`#o0dQ_vKqf}wY?e?ON08^KYaLb
zPU}aYfWKEYA|AWUvlX-f9ETC3;AP|(-fmXZJkcF2NwvL$2RFp3*{{$-P%)4}V_2)$
zm6l(LP#!GCaOV-!-po2_vEwlJaDMQKaE&i}rtk`);FzfJsxQc8f^zuo*RAJh>0-|y
zo+h4*2B<rCOB7p@LYlbU9f9=>`EZfMN=q#LrhD>j$kps5`jYfOZprH$r#|m1uKjo+
zhyk&G#Q-r;&eQ4StE2l_<ZntLxl#!3x2b5n)26oRtytwwH2yC2Yca!Ami^2tpC?e-
zRxjL1b0Xi~$PJBBWa~0NX3(w;L;NvtzEUa$r;)oqKAj>mzksMyz4Xl0Rbmc-(K^*U
z02;>-<208%3*JLyJM1Sc`IAnd=}7_}d3_IqDvE)gpe97ioH4taTi7Xeu7-4PMtlrJ
zKz-BpXC_GFNK$0T*E7nm4d5r|S5Goqp-VG!+DC*HyCIlyw##b$BD`@;#Ym4O*1C!Q
zPHQaB7-D-k-?u%pjo`45aQ+_5Vo4N#JVh;p!#m2>Osge01qkr~myaq7RZFf`4-v`E
z(YbmM*VU8e$u-LSe2E=V7-};m3X$vAgg7*~Uzzb(xk9XuVSX2!T~dsqB{VS@xN>+D
zwegHqAIu_fU_=^MM)=~oip?hYl#yH3R2=N@jBj_~Ggy=;rFN(<0Ek=kP`<QKMSkvX
z+(5=HgoT(rId0Jg7|;&hj?%Rn1ZPUew@}OK_8>r-VMCqcJwKAgZsEYi&5`;<X5TF5
z3_oCA?%>y5d<<kowWB5}(C0q~)y$CAjK_Z89IcsT#_B7c-`?>y;C@))oTqcI1N1)W
z0J&cJ?OFP)K1q+7V}G+Qs7lOSO<40*O`Di$HZGoR-UG8CLhq<-{wg*1{#0hs?dOck
zUt0N=0%*}@Ki{sEqop#~qgIrt)CiMEGz!~FQnKn^GuWhNb(D0;Bb9vF{&3A(FY!q=
z-C$~HDtNLkF)No)&qYpxc3sQ&$E3St&V1E<k-LZm^m5flj5s-i7=fB==_c2|smb2-
zDvr)b8GX|v)}b(Rj}xzd4>W>Fbvmbey#0u>3~yzUhXr=DPRoK#6jf=4Nw(xgsSQ5Y
zJp@z?fRvh2*=GM&NxjG(D?u}Fl=tj|B^bL8qz7uH=B%k5P((B#R*I{NMtujyE4*fw
zjtM$7*y~i-EP$Qbq}WH4?KJPEVBlHw_OklkJ%U=(`P>lPj~hXkWdG#^r3h};UrIfi
zke(&XpRd<jTZnxfrXwy~v>+wjTg+_N<%h3ds3SQTv7M2@(qa?88jJr<SXBKyV01-E
ze6B~3B{?_U-UPu@ya$pG+a-C+tJgZEwYEbaSGO==-0VLt8Qf^C`as<v6fvk0@)R@W
zt=8x#^EX{UWA}T-+Ap~qav>STKI3KnqV%zLNu?yty<Dw(ft;66JntIFKLo&>`4$+n
z4WNx(=8xl7)YcmbXHK3%XNMzVAN(aTvBqS61@BEa7-63GN_xi2pbMx@z=p)R=<=tz
zsbq6=eyS=^FSjVB3G_p;f?Q=;-73dpO=F$MPEoyBKF2Ko`RkNaN0lF;Q)2y^8t-H^
z?lfUa%i5&Rr-Ilc`-`=CkRT(Xk&h>S6VdrXZvUH}XM{*tK5BHC&2-&->{_KjP!wZs
zLH_g2q<|EJfntFkXma)lw0L6)ZEbvXHm)7I4Yb{LqZ~-R$?-?M`G-Km-lji^P~A=+
zn}E5Rj-ATGy*a&__S@^;3L11E3NF7(VRpF=TR*IfLP7kKrMD9(A|gDS&lk)9oT4YC
z1W2lFc9#xOf?B26PFDlY%JIufPb0V4vn}Z04Fk<1iQ-LDwuF{qp^m6lfnsy~)o}Cv
zKE!Z!M#7ZSHKVPd$DSJfHbYCy3wC7zu-Q&&-ppK3Z&FoMnz}V$If2gJk@17lnaRF_
zQ-968B!OG&qUI{~*sH-*o}NpRiT=f=CYMuF&qg3JgmfID3qW_Z#40NgFPNLSlJhG2
zMha6rqJ8P@uk}GuwJBTU&3lBj@=#vm=D@dzUeEm+8A3k9->x!m!36t^5|MOph%rsC
zsV1e9ph;))n(_5qZLOMaK)sb7(nS`Rk2<)1l<h(8X%07o&PL0n2i6!Nb)wOqi4g)O
z5j(rHOu+9Mu#tCf_jA~T*ATk6+0V>3tWVz3vwriwQ61plDLEAJj~*am)`%f+K2gs`
zLvLu~8FnO5z4a;DT!}ddbh}gUbVhE>M=sO_w#3*2g1V!Zz;zI0g!?$FcUeuPpP4?B
zK)n@8m%_}MG22{K;L&~65S=5FG;y0QL(*KLpTvGpDeq*ouFHr&YxT9>zK%`c%nZJC
z;vX(H#}Dy4VWt&f!BxSSgV*!9k>qqdUSR=S7-6W$`JO=@NJYmN%wL)HsCR0%7SHcW
zJ#6k>A(RbPP;CJ?Dc%R;>Y}O8hS0#A?W??8+8XS<s_{pHZM8Tv^)+35uO!a>S8r!e
z1So4kS`h^YsVa}u^iHi)>*z^Yga&_y6{=j;Td&8~FI=EU$CBq?S00bXRq}Q#+7m}y
z*8EP&c2!X|1cY0>LaD$;={A>*!lm6A$R!)MAXOxG#doFQ>`7F3^1)b^m^z)VLO8J*
zsVqv@CHIlL@B_mAQQuTWQEOULxJ+m<2WUXzfoI7~Dcw%Y4QpRlGh3UH9L~qMHs$K#
zTIPXOJJ*#w6QW3Voo?kXTo#O-Ttz@e_~cAwh@UcWjX?L|9VlM-Z*q;#36pN$x;9I7
zaJ3}+dw9-dlKG_`0maZ#su23Ys|iikic03|Ap^#q0jB6C&d*;==@F{y@&N<zJ!nJY
zTS-1NPZM}faQdiOWGi=+ZPdZsrzlDNCbM*jn`hGAfmI$_mC+m5l7BL;&~JE(BykC7
zo-%^?>+Acn&8e)9x3M!U@cKRTwpX%p2u$yxv)}VQv%UASC8%&%L@O#n*J<{mk|02F
zmCuU~S_5WYv5D9B)U<esr%c75hhkr**(&hJD0NfMlI@YmtQ!=HN+z~4WMyN!7DVIo
zKDmy5x9O#%fHjj;utsd#4#*pG#6Q6klvwaV%|HZFb&4xZ7Z*rv8_Cgi271E_#How}
zi>R3^TAvAQ&qUQyzY~5R`2w#{QE!$rhf^obE}gOxw9`M$P_W6c6)-ctNM8&w?Mem~
zQm8A<7R$GuW+ts}jv*xDJ?629ei-0x{X>9j=>v_YBtjx55MRk5b?;!!CHs)yH-4{d
zuDPgqIC+6MGxAkAA@W8BXegG+@UDb!eg|()3gZ~xVs?5Q@lS)#o>x-^g_A4U3DGbb
z69WQ1|7Gs8PB~ijl<b$vjAEY8y{Io!=Ter1>x3FyzSHBTtPtF>v;#7@uN0O<y=|fN
z8@@W>t*b({1!}Wag;@_R81BcSM$i8sxoqb8;T$&;E+yedCWF`M-x0Pxk^gmCHW_d0
zdR`KK3oOO!ao8#4oTd!lV*GgKt~ubTs8&Io&A-EGA*~dbKt<AsP_q)7XcJrtwC`$l
z<MSER(FxNr)}<IZ9+E>nT#jDPg{1#7{_h{Q753fMEQm)2qPGVUoTrK{L=y_GhOp}w
zga&`Q*x*M6ugFPPFI(l}H9W&lb=}SeAv4Vne_-Uy?~yea$3#3s?K4ulqwdQFJdGzI
z-(u*pMCdDwVjqY}cx%^cBtEL1$&yrl*ycQfGnz)Kf~$YE7_rlff1a|@&%~e;)Kf4R
z_neH<P*`|<%{Ye?um5t6K|<urGD1Uqr_sigIT9piAw_t*KS!bILa2IDS5RdtPdUQe
zgiLhA+WD%`)JGh7^Vo?(x{!2gGJ?Za+O2CIZo7O{I8UJ$=QXhDd<tnR8U9u@AV)<!
zczNG$%|}*)efDaUc}}1xIy=Ka*4L`0Q|*mck!<(t@&^!l4B`~;l;ny~6hvd+mdQMy
zg!8If*;uuo4LhT7lCg)sv6oWexCZ<wS4_NQkyPTVA4!>>GOFsG>VULdjIfX~+5N%E
zm<|&C0-1!Na*3S>?g7Q4*9Wb5QFJueHLXnhb8dIsc9Yl)ITnU@X)<xamSG}0^%9%r
z+<;U{Q3XgQ`yjRB$Qwa~=rPdCQZbJ`EDwCnmr3<Ua-z3nQT8?+oM@99j~;jG;KZ?G
z2M3AV(K~;NuFuDvj-?XqKQP;{9=Nx3txZIcr}P9C7S;uHl*H#}S^ZE&ulUm?k};ss
z`91n-cH<<j?iC78KhHB#*x#*=;aaX=@I7^*H1_fSw3@}IwQhcnK|b!TE{@flwrTsc
z1jq8sDJ@Rd;TqR(8P)Zq?z@7|6xC56A^HB{-qy!rq*B=DV9_p3UaM&P6kla<N6?1k
zvh(~htt$tIkxW}s+0a1L!J8`fq9UgiCWm*OpN8h60ccw6E}LqjIkpxT6H&f2RLNx1
zlkjl-<)HnW{OCQtcgsLrjoAVI>(?J(&C%D_XJo$xnPAZ%2p{h{=K%?F2uyo*4z|H_
z+ZM6ZaCe0oy&Sm*CRahyzovW|IKlgyM5CKe_;$a4XkI$E@fCP+#Yn9&97eA+^tIMs
zb^|FF7lAF4?7pN{vmK659L={+j-%7Yei7K|Z`=L=rmH2EK<_?lRR-TTytupCwo&g6
zjsnAoAIpmKSS^G_8@SkawuFnEL9g1U#B?8_@Xdb|o!nb;cQ4yR+B}Qkf_-PJ5`jt&
zgIVc_!$_s$B6P&o6T}l3S>X7r#%`x$>lwZIk&l<4*7wl$8MKXhHWu*m9(q@RLF>>*
zU!1)MIi!f$Oq`3#RRLIsO7}ew(eKoOs%yW<4QZ`x<c)(~M^R+Oavf3C78Gd?Q2Ulh
zx2ZkAx5`3T>6T#W``yZ9KiRP@mZu9c!UJoBh(COiK>K!_<-pqIYaq6}=RDhn*z%RF
z9gLV;japVL48aZ^6AQd#(CdM9*drd0eyO$8B`#&RI3yS;H*3?CdTvu`XJ;oX^YtPT
zvsRB}W`5nC;e7oA0n}|67aboqW?Vj3qY^ZUGsxiCqUf48JfDN5|FK{YH5zY2=d0@O
z`a!mdVli`ES<TKD(*0Wk`-?Fwj5V!0wOIoDpP#<ieMiqBKA~qj&1u$K3brgG=gysT
zWcvc0x95ZUp|Y9fdjJdH_R-!-cUdsgvw_;M&|OD9xI_3mkisaIHp0@b*H%F<!U4GW
z2D5_eCYHBvzimt{&OZGE8UYckdW$r&FD3}RNZVYdIEH~GtZm0Z!6rc=S&sOl*Z_Ul
zxr^qYJf4hF=q}g-ue$+TKcE6w<Gp-(PgK#^Gu3SLLB60vS}%S*+o%lbZdy*qIbfz{
zj=pdQugnO(^=_pqe&*ZB-sgN75N=83jmX?Dw1Qi{e9#7~H0jOOSOna@{k{5Uc5}Ts
zHoycACE#D1LMZwh2*uPjv+J|OM978I=lJLPa&_kF0tl6UxI;NUi<sP$5^@-BmSyo|
zm+@V@rv3w+wR2C-oun%72eh^l9Q%N+(+1`H5=L6MyY!>ocjw){K$Dep19)Ur=F>-F
z-V=xz^BsPN#mde-KgK<GAF|NV`Q{pGP~40TO0QK{2d0(FT`kdI@|$93E7orc#*(eR
zoroLi-`Gnsy|mZ1syiG(7aby2Psc8X#XhWzOP_eU&z1+IB4SCl@!}F|zDZw16IDRv
z9=285V%=E>O@8w^4{fY#>wc)Hq7_~eC%5eV$&%Vuo^V&b!$5J$v4&=xBNhdZl$!uB
zbS=ANxn*NqyxQ@#%oPl}g!qNTIym8s6bXut(=M9>*JcqzZ_^XrTUXP)VFn?wb9zp*
zDT}gJPN7S}o6Ep4>gI=#wc(n;YnKVPeSM|6^<=o(HeJ{k0*s5ZbcE<EM)8iRF&swE
zf?kvZNww+bv)0J=<$}m6CS?^oYRYjRfi-g05t#&mVc#x7qgVxe^Q(Dy%%S_uqYz`n
z9QqB`Ywxa$Ci*2B-^`$GNUj&(-_G^z0l%Qd_=jK7X@wR*)xusng6V-@V%c17MW$Cp
z`>C44f#%C1)be!!*W_-hhV%>M9E#R)lQ3@izU=3XmsJrVZ=Qw5E?w1G&WXiNVo)O5
zFeBWfS!^3V*s)iMYjG#sUZgQVIhe<GLvpd5pGIqV$#@VNz_XbAYqx4-Qb$fB1|>tl
zL0+tV{zXkbSmX6=k08G-@M@kO#=}aYCM#-!1Eu>cd4@(vtl1vXBUq{LwSIAdN0}=^
z*H|)YL<wsSQS;xo+f9lmOKQNZB2A3$oKBrHPa#X<S^}~OsVH8eeCJ;Jx+WHX!ghC>
z3$E1nE$FW<iu%8%qW?TTnjefaqULo=lL`IDnw97%ou}B>J9J;^u%w$?lyQ5M<<(`x
zE4p#?l_RUqZ)aocd<#dMG#2@n9Od~5Mh>wN9{3>oDfzbbGJ|MCm@YPXSE8?KuqhaO
zv0o@E$HHKYNH`2FGS)b}&Oey4GUM~@R=owDJ@<{I(|8=~5Y{45dvU#tXtmxezkTH#
z|09NNQOB#D=l!>(tM>ie!8xj|BT3vxX?ID}GoX5@DH6;2l|%!0F?B~I9;doA^NM2v
zT><qmNrOrO^cL=Kf_2Z--f9E64J3NkM4i(0Kao@F<#%H<<1r5_JPWs_dg7k6CM<0T
zE*ui>o4~&wh=aMsSWf0B?0cROaKRPOlW*Xl9F*2w!4|CMRig&wkD2N9b75}A{lOG6
zSJMhzav~%O;jZEnP4aRP9^3t{weAAlz#k#pelur8Q4&P55lXKmbf?cvt-DDRE22h-
z#1)d!c}O)!QI&sO-PT!hinLO)khqPGGLWf~H3aPQ;S=Yte_0)uc&Z>dok1uU98%*&
zGf9R$Uf7<LPBUq&*ezStmds0cm}Ir{q71tv2w<B|1QVj?w8CVBe)Dtfd%qr?X4+yE
z)M!P_XhrgjrO<d`Zn1{slZ0lz&kw%T1zi`74$>`uJG|O%nnX|}I~*aH`h(VP5fnSD
z8CA2tzn9>R6sxl7T#_UUL3^1<=L;n(^Pc^doo04=<Z7}D3M)HS`}zh{@@WK*O($m?
zl@)N}t|m}DqYKILIz4%hP|$7nsphSTrpM<6W(wyer-KS5WI~>%Q{OC_S}!nY-eqU)
z$)Q$6+?dU{l3aMOUr-Gh6RJ{*hUhnSCA(bBtjC_alo4rjNNa!j048eaeAW$D1$=mC
zWl*C%gH)Na)rX6Y;+#*wMf)9Z-R20l@%Tv=H(UKgagszC$_}>Sa_z=#0qzg>K$R~=
zXv@_M3s;lr(6Y3_A#4!@ZdR;xKpSB(J?UA&&}$(wZWQdmFc(cx1t~w(0>71g01Kt3
zJ7#T3A5L&R7RlNdHfA-%eTmsMB<+exJ!Rh2v*N2}FKP<p=TI~RL(8FJ@223|Ov2Et
z;7&59&Xb}d#V`|*00o~4$Fk1XCpsTJj<8L(v8L<1Q89LX!9;#lT4U|X4rCuSyRWk*
z(xER96Xat2l1I+th7vkmCLI&CQ$63v*y?AxcPph2#$Biau+NzFYpSE9OjO+AQCH%-
zX>ha$@KJ`{65{a~u>SFvIgj0R7n20`D7N7x`kV^}mo!q7t8p%OHK6g<4CmX25at?h
z5HAEL8BpP(;d(qOZtHE8p4FC8ttniS+6pO*<2;f-EBCp<I+SKa$ZXx9|EhaS07T(P
zKfs++ZUz~qADJ*FA=|t+#@-W=MlZ+WSMLM1$rNV%1hprNM~vM!d;}NqGFx{mBCYH7
zpFHnSXch$Daum{YHZWw1Y*WlVD~gL46}g?Jn8bT^<D~>@*x=*=NX59^{R-`$q#;h<
zE1H?M-`}0ynP}imJ%k6|aKM`J-dSU!6!Vh7mx^0@4DpyP;IDW*5sdXgx2)YtB2309
zH&8h$<N_rY&9ipG3_4+387Ew>`6BEBhF6&+w`t{KOYej~;6k;gdU?=x)q$FrVT<LD
zXO6j%H<Wgs+Ye6Ivs(_8NX&omuisJL&Mh5=Zetab)@uL8$a3NQx~Ay+<^+<RH}038
zHJ|SA4|&QiQZMrT+FxiJ9l4j0i(PZ)CWl@*=H^XYxpwW#@YlFwJKJlPcKPN#B&`O^
zzHMWrb^zqjtS_eLtbgyPl5rS5&+_Phd>zTM_DQ{5|5L@eBK|i^{EK<#EmYrJO1x*9
zICkzQPNcmE)oE6sYJ}{$a4JdMq9Y&~zT6|kU{rNrPWY^frQZO0xK;MA4n}m;wy8yW
zcTLiAR141nY(d<+_$P?x#tz!rfU6U8=R|OZXllhgvgmF9vgoxKu4zx%pR)Cq5dQ_X
znK_42^)SIQkcmg1iDB4C7(!E2-7lfZOU9&ZY(A%?F!LLsR-W#RKSPswb%*LA>qd2V
zm1Ww(&?{$|#c0QdUxg3TY1*?kW_xg@crHyxST}^l4>pkFgwE#PL&Ad5?_uG`ig$H-
zVgNR3Liwmq4*j!V;Bha-(biU6ot&OFl82^tRKdLej6iYz>$`S+E4~(ZLQja<?>2ak
zlo>8n>wo%`T^wSW6<4IY`-{p3um7=)*~W)h<Xsx8#T_FQ4OgXD(pK-@sWt8W<r4&=
zB^RDWC@2SfjN&;M78ran`YT?-$p`ri^-$qd?y2iYIN|v{oRqbz89pzrjn~?Cs3pzK
zylC@KR9OZy*aYP#0L1p<@x`vt<1u{7P2@^Wl9<t$F>fj7Sv*_NJSG=NV4Zi4@)9@)
z!YpfZZB(Mo>4ln6LQgdk`0;=4l4BlT@I%l~TQ{uLaihQ%87KaIi)hc}L@VcWI@9Aw
zhccKup8N%)5QF?Bk#$3NJmv5jCOm{V$6pU|0k#+Nw}sWrOh%o2l)kYc$C7TkT@3R0
zl?zUYem^1p5rvOT9eUT8C9=ET{<6Eg0xnv=Dlt^#iV=CC={-?d)NuQ-^>p+b8g4$?
zS@Xh%z-K5uy#wZxE@$uEsr{CFbWX4iSMkN~lIQKZC_`zqyN%>sBaTsObAYJ~v3wl|
z-<X;IGjT3!*W&nHkaa*B`659q_Juef$D(Isp#-z127MvYTspjG2`NC39HWXe^fz|O
z%PQ1TdHGFP;HuRtdA(TrD-^@G`Cyx=AQd^p%Re6OcbV|QNaUR!lnJkD>&;Gn`SOT+
zZDT|2oQz(=NDfOx&cKH<CV^!h;u6G^b?!4)$`t%|2IMjXYa%A?uQi|F7_}9^ks>14
zjwk%h3E{?RtS<umgiO{Aw(ZHok8&v*%#T%GmkWf)kcG!MDP%Zy^MCgs5cnr<T7CLm
zk=~dUb|=pMM6k)y^_DC<)aXhH?$2^?Mtjr`ugpKU$L}T@3)F92o!%#)MgM61P^l>%
z+~{xnc;O=izd%@2Pq<^Ey>6Gbw?zred_~p3zxOMU2>^^{=rhri%d`ZWVur0zBLj73
zboqGTY~PUm2576$8^xI~;B5^cD-9BS<e?Y3y>(?yrD2xl->Zjz_+1i}2V1?!DNw7_
zIRD^r#{T_*W^c6Uk&CWKq_O!u(y-9!%&0}OY=+Xx+J@4|z5Z8NuQk<c^Q|)_w*A%z
zr<L}`3L`Oi^qualAyKFG_o#D`<;Qq^pq<j`)W7>Vg%5qT%1k-kuQIbG@Lg?N4|h9{
zN%LMg*6>xH{E{j`v+BZ_Hh#h;@iQ$1Utnh*qlo;_aL7=Y(bzHYndn{7<6`)oBUDt{
zKKJHmO~*&owCe?@o|m&r5)1qm-PZbRsC{&!18ru1xACNZZ2Ud0_+o{&(FEAa#vFy5
zdqTk`=lW86E<v2Ag%E?`+4A07v!GiITfZ2hIfzZvN=u*FW#D#NqvN)?PnmaP1NWE!
z(_hFfF!8zZMKDF6MelWcj!s2uASrh)?mL09V^yYB1P$a}y8Hij$W979(TQL{6%Gqv
z!l4atP@<8~tZZcbD~LfrAR|DLj$pBAR?A+qz`7htM(ZQPqLjA~NY+s3iuTQc3}2PW
z>TsXKCuO4Ns+V;#>lU;S(FTxCixT##sB(No`x#mxzsMnbX@u{~#;BUR(sN!WdV(f^
zbkr}EH&>2ApVzYC(l?Nc75==!M-Krn0`60MR6^^9Z22oxn>~C<+dHn$M?qvRZ|Ujp
z%CW|0JbKJ}uccf-Yonic(+mtJX79OPzK#ZAmy+m@u#3-PI}x0ZR{oqp&o?Zjent`b
zsJha8>N|$>pV?SiO)dL8e-ZrwY{qM}Y^@Eel2oeq5>GX%40DvWAKiKyfKJ6w;~Sju
zdS(iMvL{K0VM`rmYGjbD)=@-#UQ2l2X~5``I69zP`8$K->f=Y)n{x42UrjqG7pOlM
zu1oB6<w7>T$)6h^IX?HWvH{_$QD$1CwiG_g|2pf(?=SGeMfBsMab`YU`6&`>%j0zv
zAG<xc9gO2gPukzV|JJz{Ye#iNx*4B4q?T5|XS^3`N0ZBgsolu!lY;E3L=?yz{*6k6
z>vN1p-;V=7XC8!P8E3g(Ey8nU7XERh?_vELxA7Wk1G!RczOjKkq*9V4=ypgdm2wnK
zyaGi3P1yG91u`F*2X%?z{IJcbhiSSm!w(8S+~#Mo*ztva4>`wB{e&N(MSl$tWpwr=
z>yj#$P3MCh!Em%ADE`9-cna(OFPs3fTf`_L4Y)>3n*BJa(W;#mH;0ic#00JovW5$=
z2>%BU9Ca8?$~hnj<?9(8)$1v%7O2wFVbUt{vC(k(YIDu<GN{Y<=37X8LcZJd@Vn`5
zijB_myfM;H`OTT-a4^J$1Me{AG+EjdmcBL0urUYxSr2mS{V#qpCZRvsZ%|D*o3-RO
zF#p4Mj>TR}=&$+%RVX#wHs+QCY-E+Az=)i+zj@~q!St=_g$1-|>^aGUUgeNiWOhPs
zCj_mvI*NZII6gqT@Q<79|K<VS9u^ASaqr$8AI;d`-_LAaU!NWRcDFy1KeqWRPQr%=
zb6~kw_{>7d^cmdfiieS|ZaSD=h25x?DT~3J8U^WDGOFd+XZ2-2Fzd^;@wj~dmz);n
zd3ER#$`|>a!ie|`1Be7IvxzuOmB+*FwxTD3XIGBzFV!PS{53c~hy8_<3go`Q4=jI}
zqee%ictxc&tA>4yQd!m_{sl7+Yb8r_#ck*sw__)&7vW<@9{sa)I>tBQb6);g3_xfn
zhI2Konyo#H&#Iy7W;66T-?AmDL-!pihf|@yFlzI&%3mFEkD)%HemNb&Y1X%mwg%1S
za+NH#$Tq?#_D0!@g4Hf97}Icv5WRsr@UL9<kMMlIe+4h4A!>5}oVTpp<*0e8_qTq3
z1-%!7>E0MOK36P%<i2x?M*hVNjcjcDi#p!dsu1_@w_loJ_mnx&zH*%!PI>X4abFon
zMjYr_3G9v(zPXuL4^aQgk&k&qTxjQLexB0oT3CLGOfl6nnwT9Ae|Yx{{Jf-}F(0`-
zl+hTBT5whgoIZR+$G%6SGBWX-dO2AzhDWV*WEmc#>UJ^Q$XGlEQdCca8x6h{Rbin<
z7oQi}!-Py}(&F%(ZK6eYVw%`Ue4E2(*8PUFX&T+R_AW!DPCXRkuNn>Bs;111HWqmn
z^_fUk`i?wBv^6Jk9~rBbW54A&N7<5$c)bjxFWW>wz9If^Cvrmg29LoMtM&vDrBo^|
zImgwu@cn0tAdh`L^kHbo&sZ`Z)Xo;nMM~LF=y>djnE>3!?nn1AF+2LZ;0855df7qa
zOmDp3ejiyd<)MY0#P=*}X?K>8C75H7H%weRX=8Oph{j=p((DSX#G5}?f(n&@NpoH`
zPj{Rqg1t<h-oQ5PuvhStA+SLGIyp?*(2+i}<#YbMp)cJcPmQgD2Ksn;^att%+9DuL
zPaeLZg~Yi#hc7Z%n1+0FGZZ5>%KYk;+CU=i-uHgL)RJ)h0%fjAB}>|oB=Q<_TQr;N
zmHG((K3uq^xM^}`u;7+T=gMzIZYiWUfAlI{VDh$yp))hS9`!d#Y&PTGyEWfVQaP2M
zX)G4p;4f+HpoEts(^8Rz@U;MGG~{&?!IEe&TkT_A>vj2!RqtVsr2FLZn9=s1-ntBm
z1~*1-Jk|1t*nsl$tqZZN^~(JIS3j`fug2uPWSpn(=;i=DOtk!+Jyf=tbw|<9N9N{#
zTIwJP2Msw?)PG-#O=Esyv~XG&`a(9STjC&ATnx2B@5=C(0VL+O|F6Hbfb7kEUo}lo
ztuj#Q;oxFf<LBu9jmCya0i_1JI>fe@k`>2wM1%W}J#>sklG+%!?HMuHF(Nh@rdou8
zvC!-_3Jibu7cBIF`s;lhG5bQayJLwTSt$21RxtqvWAE%yrcl8|jrt$fk%w^*{hyZv
z^KWaSCQoPxUBCGsE~Ehxb4kbvoXlu`yS;BXBjxyaNS*&~`Qfk72!sA{`EmZfsMbKP
zOv-;O5Jega9Z05ncs*rwlZnh};V_#r9j4Rv8d7LT@&9-Au{(wS0N?pl)5}6MtexkI
zabVFn{|7I=f~n|lzDpG!ve|K%CP1UX#sWN=llVaYdAMHS2V2Q>yfascwdpV1&lxGC
zgYZGhOGZs@X<Y!<v&Bim&)_MXD~F?PGXbu$$kJ!<6nDw-eZpXS#f8pZpz!NGbA=eG
zjc-Cv(K6Mxeg{d<kplE*dj7|0Au`0kV%v^mL1Q<$RQcp*2)mFjj<h3M4>N)_Ye=Sv
zwqdOM`hSoR7{2qYO<~v`isgBeo#|9p=UrVU%#3B2SM`IPu?oCW)eH2W|H?wSfP=)4
zo0!oL4Q;2{kS-M`EYKfKZzlST#MV#ofn<~sfFURezDq>z;UwjJoj_cjbMde@edGeh
zF9K6bLUW|SlnhQ@o7apSqmYh;W^ji%&CMxE!4))iqWzOkZR(QE^ve`qoXY#zeT1tX
zaa_4T;nQ-TBZY6|@X!BD9Kuf$+H0&Fy=ykDoSBOsqv{@7<NvHPXAF>)N`hEs<$`hH
z*J}Hh?H@R#%F0U<|Cll_j^mdlatcJcb5D`(oT0#Bcdl7D=cup5qknZmdnSfs*$kbX
zYQ+Lm&-5>nSCts7jQ&U8;Mu_F!&Whpiy`AdX$<zv$HWk=^QSr`ES9ZPK(MyUB;&c8
z(l1|1c0~~xcCcAD1lUg5rV1k8%lzm2W<tug!()^jGDy{cx_pw{aANn`ujHc_Nb4vF
zX&sr^Xmdk0e{OGYPvzxT!GLeF&8l{aVt?Bl$ob`yKiY%eY&q~dhDm3NP$NM``2(q$
zuVNL2J6;^A?%YEvyM_dmzml8w7^KBj2Vt;^?ci_v84ccUd(nlU&8Xr_H|I=+FZw<m
z^?}%XY0bBimER8ZPp59XJS6y8bgwZW{mc*uK2|O#ep@dSAu+pPVF+1wSR`+ST<m&w
zb7j=@+jjhj<8+**v2nve%#}NygFq)50)hBp;Bia>5JJW7Ju*_G6<9`h0O{-sKnx6B
zwr(I-St6MI0z@O5guQvAVWs#LT-Gn2fO;S?+&mNsFwM_8c0DSVX>s<}i2B&jOh*z&
z0ugcBwehnKfD+sO008abpa&20`fCtWO$CDbtsY=5{``Ic3>iLICT6VbfYje2XP#qV
zp3*9S{2is0=F->?dlhs7P)O+qKt;M+HV{ApjpN66G3JoqK@XR5%E@TOfuPP4BZtG$
z2e0IxXezLfm#64F4x$SUPT;nRcb?N4{RW!#_%?L9o9_wAF<2|xVFcU8SaSeGtwuof
z<WG(xxba1eHYe4sQaaXNz#*i{#!N*pX?(4)1-NUeKTCN!9Xu<@yDkT*?6OwOvpay+
zxN=;L)4J)#M5uf@keN!sv01H(027hJtypan93{<cMHG$4a#Htu4^ALM{fdndXV)t1
z4*<TYDT5Bh)uK2<)gMWudkvRCbF*3sogMHmE*x2DEQgOia|}6+k43y>PRsPt*kTE#
zqF>O`5QR*}LgTO@$i$-3A@0>O4i^FkI}LwOxSm*|3~MBUrb$_vh?PNOso7nzrfQ*2
zi~UNe|K1lwn0=f9T1twEvFhAkV4(8Vi=@;Yp!v9|?ize6fMXqkp}CvEMw{!R%_72#
z*ivT&nc))0v3Ued#0Si`tPzaUj_B-uQcj3&`iu1%caTmm2fkK%lWOt_)M$#pQ?AJA
zZYMzwrh|1uq0#>2FoUPe$Vc(dy71f6w0_S2%G!;Z-&=kvF&wyXFIH*oX++2_yqR_5
z+KCp9wlxJDCwVMfz?;N(JudW%NHE@d?w4q44-V!VK-p@p`ihr#-zmyMA3ZQHyH-%{
z`m%^aE6?<%Dkxm@mb3}%6qeRbsny)AJyQaZwsHh`#J?KdW~*tLJUR=W9~GsDi$X4%
zXG_fJuAu`AJ(DY@ryIdZO38q+^SGx>h}h$5Boj71k6b;A@RI-LNtl@%(lH@U+k44i
zMKFYX=HB8;i+qRZ{4c@?6>?w8Atyb%$zJtx+YINPEM1j#U>t3&PVWpcsaWBDzp<yR
zOT0JNooJSY`WoyC9#+Ky<><tT6K*D|6(<Sv;{{yH>$6j&5EBuNHD|zr4I$8rQO1Gu
z;NTjFwuijxU_m${UOYVdD+$gE#;{E;cZ;_hBCi^$*O?&-K0%8XkoDxkr?|)PJ=|vk
z(6LF}bRBbm2fO7Ms&-lQ29Gs>GzztXC8r5^XOlyRTB13I0qWp3%8g!dr{t;?T|0aq
z%DGcIhf7O?EbS&lO(|cRSR!JXMP}qS75iA8P-3n^8;)79`EmOG5HI|%oO^>|FOaOX
z`{$JBb2Gs<g-HF!)vgzPRd<!FwWwEBw!WMeoM{D;U<;}1rx%=V(-h0yax&zErsXK2
z?TE|5A}s1kqYj?yYV7p&`l{`oJbQ#YGf=d<4FcksT7dp={y;SHg_3biv)R@SRK?4{
zvZQV4O!5#Ft8;&I)AZSmukhyVn@kcD+lUgmZCyauxEwel=PhBaRu2lD!zjGFQ&+wk
zYXom^m-kh*243b<P3vaT++O$B+kHQ3PWOV2X-O*KwdFAH2GDalm^BL<s@76i*DX><
z&*#+u466ckYa951iDf5#*)EJ*`o<1|7D;mH+`5NgW!l8GRS?UBav*#T)bs`!3GVc#
z5M>Iv6Hf<6bDBj6s!7KcHunNx{KeL41d&8lyNd+vY8;<KuGJ1;Ey_18v6NX|CwXD?
zHIq%5G+{Zw=o)o&uTdPYooS}Qbkbw0Q}kz~#;-s4DzX9AARiK(0b5j7PvYFNP&)oB
zeg}9w+IG2^1!vg51x-EKXVxxlr!Sue%B4r!@`u1FCv`Stv(M0>RJkO?lh9c=B%9bS
znIT23MZ{?}h_!%@=wzX#&alI*VA={v;GsmHW!=1LY`QVP-0)gC!|B@kqpV6whJk4D
zEfvr#Cs5(*xz=eZpvjwL4f}T6r@t_ZWbr)zTKftM-|WVk=0b{pL>b-bz>kl2mTE?q
z$dWC5R2)8&(=V`w-2D3KK80_q!bFh$Cxwm=g(OYF=qTRX05I9uJnhPFTrW!THe5}&
zOm`%rQ18VwIBqPt0eCTO^haJ7dQK5zxP6+RKf*1NczCOVVPH}U5IOJdxSAcLwDjG-
zDJ85-d$(nspypO>C1dlIj%XuFNE)|g*YhQ5vP()_NG>uck*b=ge&v2C=rpNId)1Gk
zJiEL21n81qD<&hfB1WHYQoIury*r*P8Cv;T%^p@NVgbQsWbG?*$C6Pli|*}!lyG=v
z#)_h3Br6Q<Sxr^4D-SvM9&%u=9U6eoqt9#7%QXT@1a<wB)`q2Hd3{kw$r23V`r(M!
zAFN*#O5GmJuDs%>ErCIT5PXOD!1L!$iEu7$1CT%gFKA_xjZb|YagNyEM2@S9vy&bc
z>wvY^DkU0wflp%k8PU+|+cQZj=cfm%H9E*XgfoHubuiimbqO@Zhn5n?*&FA1CN8AK
zrJCaD%*FpGOxwE7x}u=7{G-dyd<z&@db#fhoOr7y#Lpl2;VS}*2f6Jf?<;hUwmWS3
zY0v?LG<K&!T;S{Z$6v5UFlvalD#wP_mf&5kGmC8Og7*7^)5P~5Ipk2Q&VI5zz>Q1J
zDNqS(SN|IG4P7*0dCZ5DWtv|KgWXAf%U-$AKPs`bFzGYsYhN37on+K|fY`h=*RP{S
z*ZLFe%w)Hd_Rt$*yW+~O1NFJ3kMh+FfD2oxa3hGOj?jL%Pj0Y|rlp<sAcp*Zc;^x{
zjPCu}FoN;@X9LNz&RaJ}Ern>}V|rs3IkmQhc=r0&-)8vCQa-!(-v2D@OMpWrHQ@R3
zGAt{mhcl{er$70An^8gHe9<d_1EEtPJkq_z>tn79LrFevc>K0zgiZIUv&fR15R&qa
z3+<hHx&@{bpRHS+e6lCCwl{z|yHrSB)YPM<r-M&!n>{Io{nqmqSqz0TZbk@;=Cc%I
zYCKU)?@6%;GMrXvEB`o7pMcik_BNt{KIA=Kmj2j&G1GW91U2G&zZvz0ECxHTe8S`j
z(#=Oi9EJgydj*`LiFAGvlYn}4auk5ySVc>I>!xo+W5&!*UPBacu6szc1T$&70XZ5n
zL#@hi>0TA)bff*4H^H_={rYzHn^x<lIAJ8PAM<FXY;WF}o$a8wNh6!&tOuUUF6M8p
zR~|ujE|4dYFHK^AY9L$9nkKe2q()(+*5kV0##X|V<T9}3zM->cN}q3Hh<LONP~pnm
zTf49+s~HkxG=l--wXf(Fh3TsJEOL3g-ba|VAvsB?$tqb_A5Xt}Inb&UlFjROhAS%w
zhQ5t6iISQ0Oqph{4HIElmWXeX3YC;Af)mSIr>u&l6}eA$@YMRV7Z|$&Pjl7h0hQ#N
zlhKAQBkfjua^gSeeEcJplKm5Hsa~fWXM~3jaWgj<M@N4QDmBhfxp-o7qk~vc5`!K4
z-bXET?=H~;L3$@froGMr+6Sr`)D05XhX8zA8B`~|aPnO%(ZSBWrK$~k1c)4$s9(r@
z{b)YL8+5qU#Qpz%s~sXmoL=<_AAmQLfo#%{`SMUp&KRb#1p34ED;Ykv)Iov%5qQJk
zl{K0E$jLJxg8wA>-SuxhlQuWwq}H+~1sMRBz2tJU`@8N1eO!%KXc$>^?-n<zH~0@!
zV{z(M+87$tn|+iM1pEa;rI<tB)@W>#Kf_iobdgAGMvQW5)+Co0JI6tTARuTc_$?lV
zYnZqgil?7Iq(Fj{Q)AGx80Lnn<Exo^4BM6#6${0a)IyqdZveqbW3|7LCUS;)R|SiR
zn(mo*U?G`Omb*z^CZkJUm#0kCq=8iCZu~~2c-r>ly)ipxA+f~32-*ze-S^KFMuN8=
zKn_-lBY(X^i;CE=(JG8LF7k-oa15o&DS;%3_9hKYXIwo}!1vt`)yhLUM}PzsX?SXY
zKw8KeByOQ~V60Es<<+G5Nb-A`YKZZUWnq6XoqZz3FO(Xe{&May1$JS~Grx!{CL1ZY
z0J%6Tfw53cm7lKLe@lpF&iZBh>B%AmH|+2W$CKx7H?SsAOZn}Bfz^|Z4(znoX3vYs
z&wEBiY@m|zOi?!ktgU8R&CZaDKBZ%C@_RZ6W<##kWO0<osn9O-sy0$IG_ZcUSs`OG
zot^C|qj@`|lp;hlC4wvzU$gSw6H--u^(S5TkB$x(&P>nF+C><j-=!FK3_ws%2v7hi
zW#Rb_kyX|0TIY>>D^0^e*+pL;&-bMPw;l)x?D|S&XIaFl!0~CKPCPvoOe^;F0|@z#
zg|UiBN8|b?-KEx8JS9ZKY)oh5i%MmYa@qd%83iG7wE$FVbm^uy6nBI=I8Ay<RA<FC
zy`JX1ndN#j6`X<R@w_Ovopn!+c2&hTwAiEA&#V8|S89y{BRu`i=7um4wGJK)@RGAs
z_Y+f$rwG^d40ulAK8B(9U0|DS2%AT=&NwZ%FiKS*`VV@F@lj?F1$kc~k0pK3@FQ-s
zq{p`Ti?hsH+r(9^|1wgs+RTxH9y5g9rwFR7y1itFB75edFMHTLYUlZ~SpyLOjrOpx
ziTQeT@f{><so?tB6Zu7E+dd{sGSD2r)=tnF6qgPFFc3vRn1m|diP?%^IaJ10sG+QQ
zJQ+uhOU(N*G$gN%B-dYSHnXs(LL69i-kf0vu(T47lk_~UYgl~NdIVF-$u!`*6*Cog
zW9x(Kjdnt;W}Nc#+vp~^M^%>G(Q_&Mn(;vL{0Cl=elnOooX5scLuEZ6Cz5pyjXjS0
z6CO2=eW*e_&Lp1#;7vQ^xTHq1j6J!lW@Qmb=nCJWIZ*E0`lv*&s;3a461wKvetc@3
zLdPpc5gy?p8Kt1$Mz~O(Yz;J2N1-VIQ2(gsrLCMkmjaMu{ldLcFI+tITX{}BS-W$Z
zg182FiOGn!mbItR7OdT=Q>U8lChP}w6v3@S*(=4HO`&kVl$d>hc@Dv7?l%eI2xM`8
zKk9On`yE|~&;LG3{joBP8CFh>o}6i#7H=XN3(G$x_Og21;3K5BPLEJmHFFdPRC=Q9
zXVcPNIf0@mTYoZ~X?g|r+jyeQ5`}2g6UquKc+^!YVKVCPab4aoC7xj)G=C$@6TO6#
zQbn?kGtS!%PFt$6L)-v_H<OUKKtd6$?5-+AbES``$zW|IvPPTLj739HAnNscnY~7*
zb+ST|*p|)a@x!jku;|OkrLHbY0Bc<hTyzbDbCv(gxtcGadQ#=`s!z3K+y7w&MwxzW
zn_A+6yU&v+E_YQdG>D6ToEu*S76q@xBqJ%_<Z~X#hW6&1JY{y@?m?|NYyoaAZX4vH
zTr=d_7P7I|I{L!*JD5FNRwkRXiqZRwWLVYCB=B6;!8V_zs(F_RK<DVWyqb}Pilyoi
zoxx{}XFf7$pa!iyk9XQKR(9u&wqnXvUpTF$`B9Q~Lv~{csbi(9-t%lT=VISNx)4^X
zC=*DkQ6q=Jem5sBo(p&b2fCXf_)WOW)L2YRF<C|WlGB;8%xa1}Ae=I^GqNFYz`G}0
z;b|hh2<ApcRWqrDq(|+(m!+sqTLS$23?jee>VNHAgwX)mPQre3F=xU`;d(h;(r{>)
z52eo9?JOU+Nk0YUM_wMcaEl&5oe)lW0-}$UT$aypa5r~1)<MLhmtG}On?zD2z#qGg
zsI3eEX(R4?$B-m#+(avA(5&R^UIzxlobRcPQTLj`yZ+3XySBIFgC(u#bCyFNayhQ(
zCy<KXG`=`j_@yHtxf<I&EL}sixx3&@?rct4SEFm!o>E-qK?7yb+TDn$<bhjWetz~g
zFTh<+;}%@bPI@RI_O}#0$6$E3X&e>gwwC179El`^i|xYa&-rjt>Q4kuW!-aCE5x+|
zZxV-rNl6InG4xi!iN-*5$bF$;#QR6*t(NLAtHFXf-3zgeY7iRS{QPH2R0WwMKE0Et
zH)F;em_MbKWl>e_G7H7h+WBNn8l}AX*B>w!SDINJu%!_K1YKiR;@!f%B0rLVB5#`<
z>z##?3g9L5*9^;gw&1C0kA-P-;W8hb;bT4-<F*8C2Dzn-r$xn0#c+9vmAS3CJvEd{
zNXX@2erTRfhC{pBvr_U}nR&Q+eH-$`ja7<Dg6BJ_I|L(d+@!xN6-uj1Q6;Dc=eJ^T
zq4RC;r#S?s6ObpZUQM9B&?BXM`J3Ey3ObkD;q>^1(S@1yowX}cA`Ph6!+S)?DEF7t
z_wc0Gv=fjA$vCkvy8Dr|tW^;BM?5l?))TEUo||0zkh<TQM|aF(hbY1hRjdet*64aL
z@gZNJ(WECL5gp+RsBG~mcluhsL1PE5<P%bkxGVuir!-w2AO&kTj3qX_1V&Z<d_4X!
zQ*>Ov)K0E$h7ZhR^lI8p<Pn;QDHQJ{rHwmL9w8(GM|<3pi7S6n2#!b?l%wDhReu>g
zvgHye!w};*Hy68HDGtFUkZt)k?emTQTYAz^ErDKkWOVasf$zsj-zDM{hKAJ94-1OM
z8PE10wDgtAZpGvinAhG0eE|Ca6)k9l-u#S+7m+H2;uEj)_qib50UfA>pWx_EB<VLJ
zY}C;l=F7)Z)2S?8<)p|IVXMx$oH^`?;{uj>G|i_2HV#?Ga1GM0t%f=0FR0hgbI{FT
z);eRu8~^6rh<{BH(enrgiHqnJjDcQ{QL%lGF@Pa07{W!TrPca5@yNG?vh`BEEXy8_
z`B<VFAOC`u;0q*JIH>HdG!}RQZo3b;K`i4%RlrF?Uk`@n2<Fx1X<U`AhS=PmmlR%M
zMw0J?6W=oB=k%6+KH}I!p*rme@CP&<PBv_>T#MShL%%QB>i4k3{8jaLK7aY|lMZv}
z0CR|6K2;PvN#1kVhXE?nzz?UabKlg`5?Z`Rwk|6UR1GRdiC0yd)89AlT>@#Uk5*gR
z+l9#@TSD2-N2Jt4@cdrCyzv%X4izCq*5@Y``~yh_J%3_=u2{Jc{MLW|3lmHs+W2v`
z=f(8r0vtqd$mQnf{U`QK9oV61{0k<Q!{v4Yz6%>Q2d*_&#RcHmm-*IZ;&?e@-!GBS
zJR<A*@VHGJ!LQyr>V*P`1x2QgxEyNe6BFl5D4HK<{v0uoXwQUdXn1J@aNN8BFY!ki
z!cc71!s`1WW#8DL`hFne3CeN6Ox+<loNwRYLk4&4&^zZdy5nX6bKCmzR}skE_T$f9
zRf9Jml0~0B_npq<tk35Z`vTlp8v^b79!ggOiXUK#mT`sM{sFhk555b5mpB<JYpu{q
zZCZKibsQ(d<39qYGs3ZtChlci3?}aknR_m(9`)@bApS8_u|p&-J{CJ=G-uqLKXR=#
zue?TpLWjJ7b36pwO&_g{!p?TEg+DM}XS8U{)`>2}`2>tftzqKzpNJ8UCur~(w<&#O
zguBwl<q(`m@LzluB({+gY=4XH##A`Pmg;o&+F#0l7hq7;a-2dR#dmQZxmK5dxmFPX
zG-@>b*|QYsW#XJgEb(8aQ&kek$fg?*!9;IJkvJ1O`RZt2!LSqg;p?>fCTVd~NYb)C
zYV6@X6NP^xMe2_Y1Fhkc$PDDvgT?mieQHiTe@<PJ2K&++viuFQe%xpAmv_Oe&w)W!
z7jLm_27>ecBbP+#Dg+`up-qx__HMu@l3xsuV3u<S69(tOGmE20eKGpyfba-8Owpju
zL7#t)wrL)i>mv&9{rsNUJ!_KX9-b)NZDd&K;@Orx%;f(V);tnLMuum2^t1ar{sqf-
z#1=f9SPsyHh@wc-QDP}|q6D^*HkQ5OKZ?glIei>$jRYCcuptAQmVX1n!u|Xo54;Wc
zJ!=Jcx?_2?kc2c4!?o=!Cn@gFfzXYYkCE+g7U?e;cUs<1!_wzErc08B+;*vOQas7t
z+&=za!MuI{34Dz3b^h_!0utnJX3Ixq-9L`Z5kzj<i;Kj>-=84pERWf_xh&pZ4+H<W
zf9M|rlI;H;OYzURb|6aq<1ih@8h<wyKVpa=`}04>Xp{Yi$b$doW&8uO0Cw*G`D3~N
z%Q-&L_1~RieAMWzRf5QBuhvh|Z^999b!q!X%dJ(RU#8f+PmgWf2{_~arxw6$<LwaP
z)W<Xnr)=?r3{QNSd|(QxuEh}|5d+`2QBe>0TK_BH3Wn!d1bp(r+pTU*h`{GSBj8_v
z?K#vhjUwt3w7(EV^W1YXBVv5G0AR<>W1JbzXza2m{h6i+k){3+cylK*#p@-@+FkZ*
zc5h*X00-~ipih}SW<&2q{r5;^)_uBkSwvvUKZA7IVqs8nNX0lp?SJv?^menG^%QjM
z6yY}cii*Mb8-(lznK(*wMBaVrNahXqD?Oxg&Sk+cdlx&5$bS-24ncfWs2^(Gc1!au
zzrDr%n-B5FXMF%5$El!H>M0Sxi7gL&#`TmT8Z$ECg}7^T1TC>{phE5Y0|9Tf!{vHE
z6QGV^-uVB5JUelGI6<)Nc1V{^OI;V&x2+u;>xPLdvuD~-J!OucdZkMMFKXq8djS(&
z@>1jF&gUpKO@So*O|nEo>4h7(zoWk!V&1w-oooFa_0F@zf}2|fZHV2~#xJ)EY#B$M
zCg)l0r4cmayTATNt_Sjc7ZdgMqp#hmjA3_FoRro5oxV_ZLA}5>TC4hQik1IN6e`Tq
ztfQSQtN{PIAbhLl1mt~=FuFVhkY&)6-kp>xdDzHq6??@kmcZavU>4!;7)DjVF#3Ot
z!edn1`gS@M7`$~sR-#Im)o39y|2-I<Lcf>xBKGdLIEB4EfyO16ulG58`~^Ay*U44y
zx8FF;VinQ6rg7~BbLylpqfJSMoxsuSd&r-+HwFQ(b%Q#pj%0YANK?Z-TYBW9?hSo@
zeucw+{vttMf1%mCGk*aR;8WF6dvkV5w3M*#P<_nSebY<tdV@}+4i!6mRHQ*!-FB4`
z83I}USy*0xeoj6b4cA`UYuo-a2{R?d1WUgI20xL#M6CvD$IRB{aHa?VaHQKNoI_gi
z2vQ7T(jD$fb<`{iY(v#t&4nIk1E=%znN`2$CV;aPyLm%ldSJ}foF3a1b}t&6-4`r!
zrPFc*Ro?Kt@BX9|0_y!AK<32%A%NM&XR54P(E(7HE@@w5BYIn3M=<Y;{MT@9iz#yh
z74P4VIQ;ejnMcIz79@{iUjQKo-8ShHLdZdMB9No~AHuVd)%=%$bb$`@xb=Ssaew-c
z@NA#|k1_rKM-MQC`N_sLW$`Q~=BC^_Fud$?{|6)<0Uw!+=N85NO_^tY4^^=53!{M;
zF>w7D4`&crD9(&n48l(%If8nk{fCPLc*p-gVB(Mcm!N*tL4@Rl97)wYjd8%iOruno
zvOfD2Z*|Ng<U)JzrzG(p>wEP94-oDZP@yh0&hk%6V*=aD@^=(8-chVTXOoW1q4Q<S
zGUZ#w{E0S05bEu?DDW9J5G`&*u^G2selfi*^#c(52e}`!ZD;4YDtc-QRGhCx{sZF$
zfpRi=w&omBld^ZGfS5K6k+aHE&~VL|K=0W92@pP->SkRTk4-VK1SJOxCK;td*qZl@
z)ILvido;>Xoc;aEGCp_Qm)#!(G3I*r2Dz^sUEW^3S9?8*fK`0rbdCoLWy95D%xy|Y
z(lB_KG(cX<`Oa29KzWNkloq>AE$}Jj&uR(Ts9ulaH6oaF7L$5<j)kz}wE(mDZ%In2
zH*fLWLr7{wG;+ZgIWksg@_t`DZ8Rp`@|GO+{LYf1<-))QdL;@WuYV$a0qWipl7n@0
zmm(RH|Hs~UMn#ov-F7QVR1gUw83ZINh~%J%ND|4CRgfS_BuTampn!lx$x4)1A~{v5
zh#)!VpddMiA{15B+oup)@3s58_kH)J@p_E@(W6IG=bXLQUVDW(=R$wh2Ivv1yFZXw
ze}fGYP4$g`IzWnD;ov~)kibj?0XFz49T*?J<hY091JRYZIpzK7spr-lr~TqjcQ^hF
zpY|d;nbC-O6zFAk;S&XGcuS6rFE5eMJoAHcX@K%-=-XYO^PH^5D7S8LrCHOf75y_^
zkmcOP_hiIAN6%fH%1|>Km}SVgwx9+;@4;T?hd>DCQvA*J#ytFdUm<X421H;VG&wi8
z(}EUuy8w_af|Zs76x67QJD>Oj$HV9(U4!W3V~LK;&ueTO?D7X=nHesGT92G8MBD_B
zYvJJ+G*H2y@%uaeE3o$=K=w28^+m@07r1wQAZpUfo9hJKFkQmMwM@S4zPiR!F7Gma
zzHR|NKW~k&gG<?0Ob3cjJtaFPy8CWsHti49S|t(^huIg#fJ}G>B5~@6#vpt3@|(_r
zkpN%<iieHN&tT>XqKC5a>uB$C0y=7t<JfRcbO_v6m5Hafhu9kdf5d`+nhO4!@%w*2
zQu|z}(w#c7S^<?$0xDIBe2uZ{KT^+GS_L4?(-stTE|flauz#3hk!+x+r(~EyzqptC
z*X4?D!S|mo)vvQ=fP1CXdIBN9V^w~Bh0D+@c!O<mqM7J9dtcQjhyE5src?&o5=CRK
zU3+!_Zz}&ba{t>A{oj(eT0=PcX2*XIrTz^IJe1Jsw&mb+T`e-bpL3zG1im<|=-b!n
zky~#ejY^B6`{9O{i-weS4n{Bt8K2F!@nRr|IesnR2IP}WK|}W22M_tYjAmK=FsWXg
zuA*g2X?9j-K?{+`Jc2sXqpUG;Z@vYL?p32Z%kxKB=n)rQ)P(RF$a(ep8F~(ZU_=W7
zzg?d1c;o--YH?l7pU6;rV`7(>P8~7NaUl62m4hW8om$^s%K;So@JMaTZB~#9Vt`x0
zr-JQ}_biw7C%YenQhT>6SGwCzcLvt*i3sGxQ^G~!Sou)v!?jUelpw;E2Oqe%U`g_R
z94g%<KTULb2Fk%FQUEWUt)+be1p;$-K0{3{5Z*t9Xy$x%d{^gs*qXm3=H=M)01e)v
zdQ;})_j`Ma2d|&v@)}U7l(P!3P~q2SuPlD^oW;%!(*s99NB^o5clOg%guc=j!awqj
zQ<RVu13{D^^KR!npnm_ZRsh&A1d!i_Dl!OlOC5g#I^-t`m+-2PyMJ4!3?T8W3J+Dg
z={ov+pz<Daue?{tk|ObV_rU1e5dlq?fAM+WVBB--q|%_u_v<|YRGZZ@SwccW3^#-f
z&sewalh@`m{5tw4H7e-ylQpTmFVsn0ei$SY{iYvUB$B;qIaoswKmp6NdM0miq9EPL
z8|o>z?kyhBi7#x>R8qYe%|SqCBXF~bwa%R55%c$zzxVbMpe&v!tYZ}p)9)xlK+90^
z<1*B-K439xO3MM<<DAr`A2=9*Sqw0upe%S%$VQ@v7Rtr|_XeMh0oU<3^m;Uh4b#&P
zK)#;RVDmfx0)D#?%{f4+Jrux!W`m|}Wuf5CbT1LyttA01p~O@~x9CqM)<*2S?d_op
zqzwMqKz2I=z4Npl1az};_kT#8UQ7{`gJuRVpsKtHoB4;Q8H8#ueub)6(3)O-6A{^2
zhgp-Z0vd2bt*xOr(d+LYw!68|i+ZlxmH@fiGSEZT(J8&v#k285-Ru1jz;!GvRg=5<
zgMkrU+X@npX#F5SVCv&V^b&l~)Am4nPGQDm0$~J+9A#za-2p&?@a<NAnXeZ^m=d-I
zKi>t@FiHUiv4?rsXM5f!sM_=Cjt|gA9D-Ev!9Pi8?Gk`a5Y_IA6|orv9ZU9-JD^I?
zc9FgeyD@^yO0=h|%_8p_eNbf6Qx4$;7XVH(#S<v(4+0?m1Q@+=3YTE-*r5$gKYGCq
z9n<QIhhu`{5$p?R?l(SuHtu;IEPgIjh1f;)(tY2vKCj89xXEF3cS$)A1FVty0+bnF
zRxG_I9Rd>zDp$6_FpucL{8}bMnH>NWn}PKFB0~aK&XcDC0F@KaZ(BB&n0RhBs6cD1
z9kFn8!Jp|>$3Fnwxg5>wBe?B>CY{dWqX*w*BmJ{hq0uCFv%ic0$=Jmqpgnz62KSNP
z!5Kj76}QA@1Ho60Ep%$B^H*fx1gE1M`Fu+mOr(G$<AMv^Ghut)!Pl^>zXXZ3a|25e
zWw$!n;zoHj34jqJ?eHwt)@-2Z6ZQ;>z#`Aqx<I#YE8tv<aG=+&&{8+hlts7>8sjQ^
z{l_ribl}@K?V{C1Jg-5(gEvw!$VfR<iV*xYg*ec2<grtb<<gq`FVXQIz>t7BpZ^Jb
zJdqGUCqLM3a_}iI(bk!IfZArpZTfqD6i(DY>7sFActhxYzdygjs|@t2y?6r-cMR$g
zbZ96t>d>fj^g}aZhAlyFOaSr4{yJ^uac~~xSa%QA)Q^X1I_`^sF;q`e2-TlEQDiS{
znQhR8dRR4p2dW4^rFMA@AYD<o`v^eGDi>~%>QGdhl2*794`!+Oe0m_$1tiHPS2PI~
zx**y11%QZ;_N?JG`4Sy_=FLM+as#f!yUCK1@lIY^9&$rKL4L)mIMXiYYW{l&0I>ju
zz_>utk_l1t({AN+pxeCwiJ97zu%yTsLpp_^xv%O5UzmlU0}H&STgs8@7+)pPAhRw)
z+b^&Q*u;YXf;VyY<(bOQ$<#~%2gJu@`q(+nD_=xGX4ruD2D80k@|?Vx&Fc`8db38f
zdRL2yqb`Dn)gRoAIb{)DAH&jeQvEhm1RwMPSx+zRYM}nrEvZ3nrxGpT0^w+~hQqB=
z#t)-sJ=+4&nU!Mbo=k-vUE*ty!YZA&(5X|Oqb;b<g|@|)LNclV*6UXTBqNPVfRo6Z
zq{W%C`P(0>Mafu^lGTekueB*|$BuC*PfrwjsW(vTP?)!y-#r9+Jv_k0ntz4bVk3Am
zaDj_3gBz5;;A0*>{ea2VOCd+hFDmC0BUeHz0qAk<u=1J*n6}dCI+1Yx=#^jwAjqpg
zVctnT{%~tbQ8p{urQsYQ<JUX{dIse+ic{%!dV3}OEkv`+AZX?>kV%)iqPw-^FFOa#
z|JW*_Fy}iDLPnSg!~hEtI|4XHt9Xu)zP;Zr6srz`aDw|zC5mLH=CX?*wr80f82AFf
zAYHC9#HG1@XlqtLBW$=h$1@%WvRUPoj*_?mQRp(DxZ1;wo)B+w5B3E8^Z96v4?7Y&
zV9vk{4d2zz!%Kdmn~c~00einTN{j5Rn!71ja9Pw&bi}Km<FGVOz`^G--X496{WfqH
zh&nO|c5DL2U6#pot!o#4ALVsYd<HO$8z%JyBcxD3{``^p)eI}P`ODNmJJbizPMia2
z`0ogMPpf#x<%a}QcfBxnJl{;-cj5&Wh{J7Y$V_8St4l3EoMg}AG1xhp%<hbtvy`of
zh;X<fXdEwZ0aQtMjQAbf1Pp=cSx>ag0`TW0E|fGNK6tf%4!xj{^#-$Vn2dV1a|zx;
z!m}kdMnx6v09|m@mjP$0>A=uIZNsppzovdfBmkj7@I1;3Acykjj(;>6JK-AJal;Gf
zCvJ+rGX5AWyK`6e;CQ&QV1%23%EvPfXW)^I2E@@t7cQ+<=pG4Q^x3HJp%w1R-<pWq
z9)}s6FZsk7*D2A|B7a)<!T><6O(6Fxf6U={5D=wIJN{4;!N@U$_!_2yF@y$IU>Jye
zjyrkNGP{30lJtBV+-5Ppvp6ggr`ODyvJv-eNxblr15`&yIR9c`v7;b(zxWRqtCz6t
zk2r>J_pzp`p+w6=*9i@uNZP6?g&2wKA+Pt<pl{DK<y4od-dX+H^-kOVY@JS%@~L<F
z;#Mb^tTF>#DLfhshex&D?v|==^PbN95clN*WkO0F^AklLkE`m7L{tPMDByq=mdPh5
zZ;U1rJpiL3?o?IsTO-e?+w}qDK28i<?3+Ntvc>`*${bB@5j@O8Nz$1Yz=TF!$)n6G
z0Nk?Jk@^988%!%rA1eu)mq{5<S^k}aH5E%!ReVW$K0MavIB)v^cG==cc1d>Rj>8p6
zSjmOMc4;Omp_!t=w^Z4BDuz)48({iULkS~}!hu+zJ}#B=s@0qbE`neK%yhZgWlcG8
zANipWQt1@%D(0!hF`eX5sH_E&w5Z}JthMJ|e({2U(yB@6#mxSCqa;N;Zy+^Xa(TJJ
zTFKeH$;L#>NA~Lx9{M2KQF;e%`%?Er)|q+_W+*9v*`L7Y4Yff;ATE;_fOO@?Xze#=
zT{?h!(7CUgDFig8d=JNrBN2$<!oJTNXJrJ4^Kr|@%zdBBXLL@@W_niWt9x5ZM+f_;
zyI-fO3Z;=+liLn<t2FCH2KO8_UmFHvP!=I#nY)Y!g$zI~VU_`^0-Lq|^+g?#U0H4}
z#RHb`gV|mu0yx3+IK>2lr&kKS3zE<I@uHZ%R?C;ov_5dZ#>#q0vKa#$3ZI^D9jm|C
z{286>DT9pM2i5W=GXW(@y5@mQGxE>gQYx~gmQY2PzOZ7YRteR}qaglG8BLEC7;!d9
z8Vi<e_WsKL$&CZ+K2EF5o+KJiPbzdgoWEr7jnqy+sIo&JW3$%Ri<`Ev`QHf{T0>b1
z?k?XzHbj5Oxe{S(usSX1yA?>P!7`f6m;iASY0SUE>k>hT)$yfs#i8k@U0hx=BCF-4
z)$lEUp{}IF=vy1HHhIMM3xG_pt|4*V3!2G=M%+q#C4<#PG6BrV9fA-<+zlF;kcsr<
z(lf{p!jG@sy70^{;I@_qrTvpL=SsuXCexj`tPjt6=GA4L(i@LX6qe|oJRf?57{Gv9
zRiNmjjT36&d;C=0G=Tci8;W&TR|yOqiKpP>9z?-`OlPPcC10YJCis~4Gm$`7I%oEs
zaKfetf8EqMO%<uNd-MTJXCaKrw!F05E#lf;7Qxz;yjKrjn?<-rwTI<=;}DcYm0GFX
zq8?XJD$sfOh~V{_{A)Jth+1~zLIz%2y_~wIuLtWW&ELCE+vNk~Z(A8X+FeJHukJA{
zDoe>+<Jt4{G^1(Cmi-EvN*}DX0mn<VjZ#<vmm2-MwcaUW<JcA`&|OsKyKL<qi_ROj
zptPlWnVfc+#~KmqMri~IF>h|H$v=4#Ny<fZ5{;oW(LTeh4G%~*evj!|p6SZ2nkoT$
z?|Q^e({|%U+c5}2>vtD4v|jpjrHtDd*wX|Mh&An}o`0P>uBLk=kb+eKG(ado{`;Z_
z%4OJPfWXn&TK=I2WOpCzT#6Jxvl|%k8M6OcvJHee+F8jVL@~7$lAu7s)f=ED=R4HX
z9=3FfZbP?izlWSEDHnt*rjF9Ty3a4HD$xU|yVFTG&i*bD0rEs-Ypu9=#Mn*D=JLBC
zQlV+Wt`+)BS^$G~@EW7{(N~($#^DJFT8Jam(nS77{KFL3)@nG@i$C}W^6s`&IxmxD
zRGzo(N8Wh`aS&M9*iF_uZO^6CCFx;{3Fxr0FVbWTKBgs)8&2O8GDuEw)X*SkfwVc%
zJx_^*D90mgxFWu+bQ2)2hC)2GrlG{Ia4#V+X>3QEU$!6Iwelk4Bhwr<lx|dXDREl-
zRluYX6WE+Z`Lg>s#1&kJVQhv%Ss|RwY;8zeqxnUvU+@w03oxizc<n1NS4s;&l;0Yh
z{vZtH=C}SxFD>%dj+HdUqmCLIxVUBKf-q53wz7T*(^?;Octp`usH+Ew4#_AfOwbVC
za89vUXlp+kpjk$_#N+G7)E;TcE<i~cF?Z(c$5&i+R^k^Z*r<M|XeM?^PvHU=*@%w9
zaRQ)UecHh91~o@77SduK32=IUbw?lQ=x&A1bXc}oYCa34NM@{L-6bnXDd5QpEq9VT
z$-O@BUx3&O>ic+Mycd*Dh6F{qWKKCvuVz|_hb2dxw=QPs2x`ej=-&^Tvxc32Vjh{I
z=ycA>GLXOcq+ov73(5;c7YXQ|+@x&Mjwsv$qraBm{@c%J%x4s+(-edhg1L{U>nbV6
zTYVZ9PFyB)1EZnJ!qsK^l9H`n0#5L2sbO8|=~qQyYL&MSUD$Z^f?j+G(YcRoeo%t?
zb_t3_z3=XOLipnqx|az@vS?*JWDpu+WMw}$akS**@hp*>8)~&>g)9XN`EdpvS2DZv
z2fTAE31ZG%P<VMV`CNnk`#T4#;2&Ps>m_Tdhh}o|Orc*~dP3otoW|SV#u34HUln~_
zt3vS6tMDs|7*BZs)4vnxLB8<Pc>Ky1P{$u7mnR6#d%%heiaM#(8H49GghlOf8`!Mw
zhcK*CnqNe_1H%1`lf+^`6q!=5#PWxuL*kS1DJ9tx5yA9F%nNNIDMzy|1wA_%o|bwb
z#$YsJrY+BqwXcXki1=oaa`|P2#Cec13Ye^?I~9$EM>$*fX*_;R;-Xv_em8?M@Xk9f
z%;6DQ#tfv&^dgZ;)INSZ^66M2r1SBZL8!VV(tb$}MC~W{u(oLj03Hoob97MV-yU;T
z!PBZw?JCK$<^y06+9*k%5VB^%KM+bk=P?b65_*(i8?hl@L6D|$_iYX>Yq(D@Uos$G
zoGG*kMaTKPBLBvK@IGu;k;7j`Z5(dFxaph>$OE^JYf(SVl*y3s4@kbz{>1jC&4ti5
z42iqvXqrY=fv!>@@DMT1D_<Z?@nw~TThzp^#~rA>9p0~x8BC-;ezlZvDG460fM$9e
zqHNHrB{b?`SZOn@y(#lZN-B#T%Lw#Mj)05dH<&GS)GlABGmjHYSb&<+NA{Z1-xweE
z$X52ct0NK3Mb?VP`75p{1)c!TX=~=4R)ggGW}!D}flLxb16M93(htub1Ult~g&d_a
z6~!)5$5LJ$Q#h996lgVFKQO$07S~pzPu|Ij3u3b!2A4b`-;Ns>Aaa%_XXP*k<xGVD
z%eNEZcT^t-10IV<?1z}iR@t*zRy&e*3gfSq4^y&<(0<g1gTXu=D!1kza=g3bT{)AL
z{Z&&y*(i4-;>>B|+S}rR?JB8-q<w(;>zzO(bh8kjd!J(4)k;42E4%+*0Rj`b(CN;3
zY8pbUgsKwiHMaqmWSu8WPJ_b1qazL@aEj8oxc?R}?lvGA4a8n42dNgJ)|rQ{4>dKy
zbot$%UE**&|2`;SrNOF)BNDLf>qv!^JF{+Zq|a*u)bwRg*Dm03ynG`ejIQ>+5&L~r
ziTfN4VM64kYv3bO7-U(?)}Tz??KX+a2PC;H=5|JIz0QonkQE^pvF5bb1=h?Z2tkY#
z&I05ywOYqEKn2-pzme%hVSYmsFTPcG5g#FIv@XEXjH8sxWczM%^X50NK}l!ncQ_@n
zP?~ZbD`?<DrMYKNTKWZhg2IZ6UEyYDf7Ypl=Q^J(im-VA>dlG$&CrG`$)IYM26)87
zgiLo|;GP?VC7ZwH35e3@R6W@rya{F;E+hJ5^)-a96KgFIBPDf0HE@x#6VPZ`<{Afj
zFkx7#vh6X86Chbe9F^yFf9)#YUffk32{Dl(v=bcdlUjo>L_Iy*f0Cj6W<yljlcQWw
zA-S~mX({m%Jgmu_*aXrey4__^=4DFqYGYI!)CP}KLp9`UccCII`<*&6S-tXi`$06C
za_o<4AoxU3x(vB^Lmtvd??=?@y#WJ7xBc~q2|cb2LxU+Uw^9;~zakpIraRpL3is_>
znpCVQX`-O=l%{Tyg`8>tGbsGKc4ttS6seWIO^@b1&<f_3AwoKdYSG5LJjoz9V&G7w
z%1*YcrFJxn<YT)aL3lapakz()w>)!UkV=DF;e#ucjCYsX7J+dSa|+&lN9uJUU}h8K
zoCYQ&>1NbeWa`cH0j=#c-8}kN@7A`5INz`$R_RYSYzS=Us5--2H4u*80AqHv?V1>y
zRk%(>y<P*1){$Jpl4fh}uwWgk-`AiK6!D|JHa=C*n2{TaWcf=mI-z}bB}0R`CBrkb
z+6d-(9|frV52_JR6qqEb9T3W0b>e(_1@h28VoV`5Z+vc@<Dk53+b^v|?mc}6=tOKj
z%r@A0k#PNdvi8=L;F9v;<80)BZ9(Z-Soul$TCBbLzWYoJkxQZxV8Pbh+a<}SH&eqe
zuNbn-x||G=T6sL++@V(e5@$U7t`w}=R4jP4{v`M}j>QHj^u6N>I%Jlh@X+cJ%TbvZ
z$tox6x_CgGk)`6K^~~huNgkz&W7d|u`QjUcPGCT%@nrNmRDCmHXnfDsS#tZ!dD+XX
zTwzfHN>{_~0d4JZYf1&}52nv7S(8+(6pvUalklCpgcHn?r8LmacrFE|&WtnGwrdDw
zY266vJvm(<6S6Wv@b2P>nnFYBf#jU~jbQet{=x>B&oH6D!$BE!jQ4sV6q$f{52^}x
zFQ4#N)zwUx_XiGh8B*8!fg-o(FmLoPRIXl5`c0?7d?u37wfCK|&(`?((4DV_>Y*CV
z6bdy~+cwnFwln7{b<2Ql4gtQ#+{gmwxd|{Ecqv(KbI_yi@BkO#4-^cx%Q@hZ(V+4h
zCT~-nUhQx>=qR_?Q}5WWe2#NSaMmRS5TiAB7@wG+0@!?HHs6t>2SxO+rp}fFk5ze3
zQ{Af5NbfM6LR6-e5j5pAYksW5#jhveHpwJGTynhMz<WcLSgLdEzn?J%4Et&RnU2X>
z6hwf!Y{7u6J&n%+Id*fvr@s=!R|c|!=MRJH5#Kc7P|;Vqx!TcAsGxE3y__MXKhbXq
zRbZyT*4Jd<3<f<u>4A$Kjc7@fu81d9IDh$)QFd{mvwSkl^=kQgzl}Fn2cD!cZS1nr
zyN(9)50?h6WEbd1Ep3wPpucl5<l8mKcAmDAE9jooJf~1`<WW2uAaH5`n(zS7+8K+`
z);+IsQqcXA3TAW02%OLlmt^7nq$pm!%Mu!PQ;OXqxK&x)m{Vq*><;oomF=Y?CO~(7
z%%e-WH|*Gv;`>n#E>IHFX2jo7j%0~?q%imvj3)B_@GQzC?U5=m8z9akb)209)#q#p
zHI>j4c~<TQ9=2aor6i!iGPpdQgtd_ekcNYAB2=YQ?u@8QpE|Cvuja`!ms@DbFdC_`
zvmZ9sI@C9C?>z&S+AgafuXP;zct99Gd}NIPs>MAAwYZ}lLr_C4ek|_#o~#gPBY@mN
zkv*TaF6d!*oj0?`6l=!3J4evNp~#Dxfq2%2vTim5H3$``QFjurPTt5?lj|{^A3lL7
zT3PFqsqh?rMzr#FKl$Brsz9tRfZ!s(xR(73rEt!hx6YS2N30o~_m9fbzoDEPFwv5<
z$lh^w#B0?L5mz)5X`G~B2oGVD>~4uOP(sXhz4L@RE#)u}GYJJ;sB^BiW!e#DsUvH7
zmCFQ$?U07tA03k@KK+r1;e76BzhW=lw#)KBI03o!1&%=9a%(+DxV2G;T?8fMo9OF*
z$mY8r!8aEfe$`y$ftrgSUgL|!-J)r3wgJkQCJV&C97S&-O%6Ss&iia6g;nsViB}*f
zsO1)|?ab8jB&1B*!<)m-Q{sQT^~o>#JWy4G@(v`y6sw|d$ERPfoaOBUrMn5Pw#V}t
zV?`RQ6>0h3z4#7hfVqMpw@McQaBe>F$yOo2WRXw$8A6yWHoVdgI2=H|wJGIUFNOKV
z^V!}A<%=Hg4$y8|9kUx_2v~7H`TJa(BJ;c(3(0_$|Hc-m$bS3jeg&v?C=2q;S>7rJ
z2Gz4%k3~6N-+8KEe3zl%FQrOAQEYd~i>+r(=j&643^^~y_YR!eT-)o9QANp>jAU3I
z0HT3^6n4H{rGWYh(G@_KSur#p!Tn=1Kj1Px-dF*|fPZ#{l;+Bjc<rWcqxxHBpEPwf
zH-A8?20a9}avspm{~(U+IZ@E{{mHgz5PPo)Rze@@C#8aJq=eaC0qURL)ACc;KXsX*
zQ5li4|8@9x?T2pTNeP%eQoW@fsFMHls{C{5{$FoY{uG+<d;NeHe?tk3=TZ|MKqd(K
zwUsZCNF>SiB&M0<8+~lFe*z%;BTg?c|AbEe<v0AwU4NfnB6u#nOF=`3XO^iVvrDZE
zq|H|D^k*O>(YGFIs}DYajy(0N72Hc46Tl(i`q4gEuKZW+eE_uDA)>QM{PC560y(tF
z>_9Q9&GMEL+MlI^A(%fKg6{YMjL0{8{8N|*IC#Gn>&KIb{!IAr{4d4&dCsM46N>};
zH*4bfN&nf33u;8m0PKr6>8cI=IZoN`Lq!0VuFJ6tTli+cKP^V9Js#`O`19u8vfAta
zmHr9n`+o)7A?Z(6>4)6lXGoPKv?XicCTiAyZaP3Dw3ToFDh>4Pc_2I%R6+zA+1*k<
zW8%JfLZTSgmJeS207C5VRGkY!h@b7T-Tr5$C;ZjWfnRG%>h7LZ)i8Mrh#KL*YI*wO
z4;T~(nivJ3iA=tCU=HRJLDRW*IiHJw0^sNUov90~b!Ujpv$G%v&ba5m#e84VhQG_)
zZx3|YX>@-wjC*py1iHB<V>AK=bGU0+0ETua2CuUH8$kTtC0k~Gw*9T$``6q3e_*x%
z@Z!No;ZFhJu<(daR63w>NI+x|=mrckX<;pZB%?lH9?6(H02HO@t<ICA{6FA-fUjU7
z+*dB^d*>Zn#^m#-8Frnk8<U{Rd%d0d1u>A_B0FCt0Lc_XLxT$O106>HVO{|8V#jFU
z4@e5&d#o5?xQMJo<h7TE6|M<Do7#x`zW1Hk<Flc$Kx;7+*8kQXjI&^QtD6MPJ@EvG
z5AO?!$-uyXV6Mx@7SmM|sfI^EBlZVp7J3xM0rZr|fu3^r<6xy1;qsgrpL!-NC?FVh
zwFonqSccrQ&~`GtU3uyWHNbsXO(u(}?RW_FN%uVCZ?Nt^I1&dBe&a}}nKA0}9uZ<Z
zd+m@bfT^6j?VdmbUJ#!nKo{eh2M_|N4gIWF{GBGzA@HNrCkUrvFI_{$iY(wt+ys}x
zj9jXwY!;Q?pNMHR=VEnu{P^*U7mDzcERSEXCBHrLJ8R_!c8>!|pTE4C((p1m=l&s^
z?bYT%6hmp9d@vEik<(ICN1B6zq#h`-EIthVWF7`H%=YUyu38!K^iX$k(LwF3PlnGe
z_`-L3W)^2uU2*9iF8$|U_#}-EsAo9NvkK4W=adi#?Kka{y80xY{^=(h6ti=W$#%>g
z_JQP5&`M$|>Mt&uh!G<GQhFzRWGqA$A@-8Y;<DJ6%^O8zw~UA=Smf^g_WM2pA_}py
zuxfu<y+H%NQ{0cmooDS7`ej}q#DvqMo?`|p9DIvv$NT%A!EwzaAr~xBibYDb>^&BA
z;j$m+7YGQ1hWeV*oS1ShsHL2Cx1+4<mFE;vEn1U()H3YsR0MKtvrgha9`!s#uK%rD
z&nGVXZ3pduGxMxRGx<!_ScI2EnjS=2mA5^wJWFgo$9k0RtPS^b@w*K#d8*VUt9o3U
zPUju{{=O`)MPSZRifF%%qxHgVZo^*)&NXs+t%vpzSUy>xtRwR}y?Tu!*8U79yzAw8
zbe(27c&9LJ_Px&qzaxj+w;np}dx+-repn-0gdqbvxo)y9czQP(^mOj5BY!+h?%J_^
z&7pK3C7h*6VX8gv`L`$EDR&AS5AWfG1xcH;$%{a1xcC2)DZFJ8lGlG?Kgk+8-Cg3c
z0e0v3MYEOu6QTM3s^+gQep_?s|A)OK5|g($$=fzB1(p$AypTx9t5I#GY7$3cUeCE6
z`s75{A3sdN(u%w%ZH_j5pwKACQb06LQ(N~S@|6zwN|F6^o^=-jZvF5Y6vzDD4tsA0
zM&9AEv8l)=PIGv5%S5+5u6&NN>kVrSpV>-n=}^Kwxpc{aGUsOSJJ#TL)b>HY<M;FL
z1b~P7y`daxmS^e6b(mdne@!V8^zmzv5{nsmOx=~IyC$^z`SM3z`!`<EO&)M3GA~Ej
z4M~Gl^@H}5x-LQutgF&b>-xg?ch9;t<iWt_Fgc4O_58ulz~^U!&$l@!1U{bXr;k5H
z_Pb>rnHghw;v>0qn=esVu*J7%fz^l0ePj}P_VPI1lE3YOAKNwZn3p*hN>(ZAoM#8h
zJ%M>1`olbbGKIHS2;y0VBO<3<nfArldmFm7fYrDTt;PYNn@7QVg#EN0Q>I{lvG8|n
z7A&Fq5AOt;eFetA1B@XSZwv}Q8-x6{MFh4+Sv<0+XsGL<uAW{7XK~nY=gsI>QHQwy
z@(BIoJI?+39sivj%alvEy+IyxN%N;Y!;<#Or{hGfejp<d3cO<P7z7N~K*4OqKo~OE
z)SnIZI%KfNW?NBw1VYB7C38t&$0{I$C4hE}?B^Y$0^3V=lcPMrUoPEnq<aY3v15O_
zW1q=>xnn$`+;RWy<LkLGFQ{9enUg!8$5~ijE+LX1xt1<aaiPfe(&>ihnA7%dTr8o}
z&8`9o&^sRg(|7#0tm;p8>_1^uZ|Q`pulna%0vBUYdJ_kBtRL*ypSYObU%QxJ?-)2^
zzt}M?m}=h#aLQ7DI%R0u*Z!(Fo7a!&h|FnT4vroJuAwLZxCRTzHC)p8$;_%LdcjSS
zuX*{Vot>M=%dW1j%qO|2qAq<LSvTba^gn(LajcO19j5A5>@*z@tg7QbV^x2$WB(DW
z`hWgX$j!^UtY*tmmDwPm!B4N*D8%U-G%!RAe0M>D$|SI=*gwCx{w=HewIBG8Sk-O6
z##7xdXZ68L)7baPf(ys>k09cw>*m@?aOcz2D?3Y)!&FNUxfRege(KM!ak^h#<Jv4*
zXMtZlk@?d_zH?xXwF7sY@5aG>F$yP3#4dshCpY=DdoCRm4{84F%uf-lFASLGL}=+7
z4j8LhxwyF8y1_fGX6*XpR$u6isMA|!gA14CSUM8sjU=FVJoD%8`0s=of3jo$iBRL7
zu(@CUVdIwbEFDF+8+IT+5cuzg2)kk5KkgVfW53w3^nEdJo`BFx>8IOvO%R;+ot|q)
zgemIy&X?7kUIEUW8aVSNe29?zlk@UpeeE`~b0aOje&Vq|{hk&;fB(X*^V!+iT1O3)
z9A@6AXgBy#6$E`^9&>fuw=ZVFcCuX@SXlah$ijZTd;bv&10hY2%ajMrzL>m6hU-vB
zWBi{9@W6TdUlriNs<zi@dB?T8yIu8;8W<ZV#P%wCXhj<*8=Osjep7YlSV_fE5YJgk
zMmIx2=+pm<h5gzm>{-|+_994MUF`N}Ime~X@7RoGy*8IVJ{an#cpJ<p831Kfy=6|8
zj$rn>PLF3&#BQnsdq&J4;ryx;OmRRiNw&Tm1rqo4eZr@PP7^Tzsr2zhTP|&6!F->S
zvLnFg23_y3YHVW?s(LMmd9g3%QMkkWJ@A3j65pfBnq(4Fd+=+cK*BkI@Kx~n&p;Yp
zV12HS{W)FDt(X%~?7PMvdjB~<Kc<tJ)fc=nCgQt#ttD}&CdM*R;5qSN0_)KieAksg
zqNVT;i54{Ro<FZ_A{JHQI^VAo59V%n;TSZ-7KMypYod3jqd&ztAj&SyUNwbOci3`M
zNOvP`3Q{Atp+hy}(Y_K0t;o0g4gdwjxjU=<(xg(OOXN4nW4^%Kq%2N`#`xdxmj)+M
zLVM2uzxqw*JO^5L2%ZelrRg~mR@J;S!2{g!O0)We!WoGkw~7+So>%Ep;!~s=Vk4I>
zk@1+*dV&l0f-ihNxett;zvx&indlRtF)(RwS!WwkL<4d@D0IW;eBa`BhG({kbWZ)&
z8Prgt=t9m}AsE!|DFt1uY<)>B3-dtBawuVHExRXdCc));&y4DJdLuzIlhDz?n+VQO
zy3Lu1cgkmm_VN+&<mYGSsxT`J+4S$9PeqC>7zjr|eb0Gr;f3)to=^_>JX{X_e9>PP
zvn=k?;rAAEV8OMdqE{>3d<Y-<>=*%m&k6^Z?sfRT68U5v0{xenTl+`WPNzB3JZe}W
zPW6Vh>tC@>84+$4GuujhVR-?cO%|WLJ)M^H2DV7kL}r>J*FUv^S#8muJ4bl;47ho3
zYe+l~lS|*<>0aCj{D9luHk_!Q=sOLG;7gk&({@vKwkHZj8@uYGRO2}c2uNqRp_EpR
z_jk+M!qL^w2S~(J(xv1r9Nhg>-6?~F&1p8@&wjbGFNUeL<W3z36_}t31azaDS1ht>
zIeeX+dp<>7WK@Laqoc<N^pty?g%<m@%kT7C_Ct;A=p(P+Ek2XuoKA9$4dFwr@)$L0
z91se0l$l6@5~`DXrXMg0`mQGrGf7=t`07(T3cA+;SG%Gve0~etU!$XEtTQ)QRv<Q;
zQxNr4-~Bi~|GhT5FWP8@d0f$*+!hOCI(O~eK2WC8HoE;TfyS%zI%6}4oee_rEZ9S*
zm0d4;LjgbZ>i9JB(^9*NApc=z8Kcco&9wl7JOgZg8l$9ZM3SP6Z&_lzrTp%Cv%L1j
zDF&|L6lnL!(~5!CWI)9THcvjuB4f3{Up1rhfwe#=U8ClQqn|)g<GbCTs0Qk1smYa}
z?~}4=7I7SXJ*-mvBJnVEoEXC8up;HPYuCuxfZ+T*qUJtWVa)y6>D&8a5<go?+k$u^
z1iDh89PZ5!?%wJ_X%7y5hb9lf#eNS9=)+G{+>^6#<z?Td?Oj;Zo57jPgNVc?zX1g2
z<(&!gi%?nz!a00e2lg+yr%kAbK&YXzJdqxHgGQb!$airrm5u~xs@`>2BVxrcs{X(d
zzlt}4q(Zh>F5PoXR}m^W=zq5#d56{%z4n#voQ;*dTuXdBR6t5(Zc!ri#usMCTsMck
zQbxp!xS5HIzL5d$Was(;ggf{U#_yRpoyP;Fs<5aMi>hchJ85D388Vh*5w3`Qh6TS=
zFKk|~Wgh>_@92lF$-V{Ox9)%O6Sf;0yeMBdDD~iqddES6Ydq8Z(ha-<KX?UvZ1#~(
zsBP9N#%5p4O%vl5e8yry{c7ZMlf<ytK5r5t=;@QQ4jQ#Ib$rU`V<F)nHHq6xO_cnG
zLBTI|JXe2l+}N-s2r7kG&{EVj+TS$C?SoSDH5|{J4~PjDo*FW;g2=&QFLDSct2!5A
zqSRnmFx*g4oJfb?0s)rLn4$W*odX0y&ES=Fda>Y@hv-Wr&VyHO0^y_`l(*P!$bPQ;
zi$5;j-i|~g^`M6v%-sPG7jT(ul>`ru0uRU6x5mg~rd$deMPQ9W@Vv?0jU(xFSh8Sr
zV1UUSDE4M4fJ@1z8~rx&rgJj;^|l$QdAX>)%R?w5_?~A9t^Jh=0t+(vZ+t$qWB;c<
zAHVpksFGLUvuQZIgKEJcex>%^>Z@6+&LM$Ve}Lr3*8N-7i%v<~RA6ezZ1PQ}3%TMw
zgi@bjH8@O?ulQqkMmtJ*gT<7lE-c<Nz2F7;t=^k(1a32Akq00_a9TU|ZW*I5$+1y4
zKo)Q(!^V)30wfF;DuU0S9fmHoFW}<bz0@FUIsrXfowc^Vf4Zw3fM88cD^a-)Pomr@
zicU8b5uZ&(**7=1K&Oc1^(F8u$$5wY1qg}NH2}|1eKFd^Lw|WC8n=V?CI<|e0Qhz}
z+!#4u-wmp`&7pn$ycY2(2S7!+1Z*_EqP*+RalebEicXo4h<`lOGvUh%K53%Thznm$
z4Wy!|W2jh%;3!7UZ4Nqze7?~76kk>H{LMVtdwVB$6W}<QXS)ccr(iV?m@zL<19`S;
z*D8>vnK;iP|Hf_;Q8RjeaMcEk|9I6p`l+r-#HMkE#wdI`hX0&Xsxb7S;Zv5PbNbi;
zr1z`4UD?52+MX$L6Rj@|14nk|qp87UBReRXqH4MOkvz)sT$02b*V)f~cH43mrr^>l
zld-W;Y_6-9-JyAOUxVLt^e;*dN`CSZW;aw>YoAZ_V;pW?njMOdp547%o`E#LtjA|k
zQcz%L!eOWQ)@u!x@C6KJGH?_S6ZxPBYJu5lyTB^g`{2OhvjLgVJ{$6w`K2scu$z(J
zLzM5k$*fg(I=$>H&XBI%Lv(Un0`dbCS5xoFP4pJwX5hnDFsrgi_^sFaEKYNZOLaza
zP-z7tk{?t8ZB*B<HcF%JnM?+z*$q*!S?gO_TDsP*5(vlC!}%5fvyvL3ZX`#`=}3BQ
z-gaEBS>#z?7&64nB6n;Y$0PM3XT4h3?5HqyBkOkbG6F-(`61qwn;E|7j8QNbKyLY2
zh*x3hzz`zUYc860Wb-LG9}s1aN7Y_*GDfbF>Os86m4RpzV<`F+8;{TmVBUmfOv=;v
zcwU;VTH;!~hhN3dr2FJa%>g~DcxEFQ%*&~~gi8(4jQ3m+ui2VR(({^*_OW)CG${wX
zDA|Cu77$`)Nzji2CK(SvV-1d~Aim~x#c*$>Kw&{8c7E|BU_)(=(j&h3bk#n|t6DFg
z>1D=F)ds9>t4S<?kxU^oy-l?l;wElGE;YDKW;iz(sKA?50ZpaIS!8t@bgb2>&0}88
zbF0dLLiQ{(X@JtoYUpZls~k(Hf$b*@fMfgN+?N5HVa7wk2R%8H4d-rO-5eD}sECAQ
z5=M!(i;AXA#tD$S*NIY3mu_*`@l?7kBC_HW8xj_rePmJxBQ_tqACKGV%QsUL!L3!8
zp4o9dM054~O<nMo)|lL%vTp4jB2pfNool^&VJF=>oscX_OIF9|?w3d7g2$4ohVI~|
zLUt}K2O>8s2e9g5*boe0o_bK%4KAF!`K2vnCvVivXELqk6IYUyiyMifK>3tt0GJnL
znK9Eu4@TB3QmK25KI#%=QY1Bp*nQLhApfA=G)o}c00W2wCd<HV)C-ISdk%n%MDiqL
zkz}ebd>)8Cv^I9EiL6P&eBupk@k*ESlq`*RYVNDq@M<y3Sie>VsAhqBNOVyR61VOD
zK#{6TPgQnCV?^JpOV4|}6We3zE5Do!SioKFdKx1hv$-_@f9$4ZHbc)nxB1b*OU^|Y
zJKipcZHITe*=??7_{<<_xDrbX%5gnD^9r-bYOs^CqNwMlTalBrgyh4TgQz@Hqn$^6
zJ=AcoaZ@VP;#3oio53BBzVvnwC1zC^Pvi!n4pAgYi${0Jqmi{WZ~#i~j?s^3OLI!M
zKm#OZL)7&E5iy`0qeCA%0u-@%n3f;=>%qD@_j{JJh5|pNE?D)5NtdPI%0ezPAGkvg
zgF93gcinfsXgw6T36BTEWa6>2p3xP9X{9|?3pzV38{swJr*}{liQ9uo+&<_G-&@#q
zFkXecMxI$hd_Sl3g3QKN|BQntU=tw?n4@LEDNE&&F2mGJh|HR`_nn!3K24Tj0SJe<
z=oN>o1zptO6mNOQLD!KL{t<&zwZ-;vXh;xCbFh*Va2gp~rTE?xOoqUZvd-wvC$7K|
z99Gtd>s5=8lCNV#bN?&(Sm%!o;YnWCMFg;jwfD4$RFX5Atai6O08>HNax7g~Z>BbN
zn`!CZb~G|v>V$EwK$Bd0URu)hUGB}T&I}pjRCr;YAmB-D=vdY>$Y9Dwdwj7qU5m2Q
zjbZ4pq=c1l*{!37B<3?R)0Q)l&8kYiN8C_ddhiic(+KACieMSyI@WbSZsKTCY3kh?
z-W{tdQwjRXK*ZF2q4@IL%~t<)xGYX^`%ML{`rY?q-L)up1(tB13={5_^f#FfN$~2t
z5dL2jx`i0p>DQz}%f=WNuT}!WcdksjHhhEEWI13orUmnCW`a9ojz<Q}VWO>YOVS)d
ztkm;1P>c`PG$(M;0PJC4prXvmkuE{*>1L{6ucjW1X;<kQ93;@mQjr^V`a%w#12_T1
zm?Wa0ToC02DLW^A^u(d^ff;)*8zNBy3M6+Emmb#Yp(c#9?yh#1AkwljOxY0F0cI1Q
zVsujW07RHHT8^K@^q@?<O~GDm*nQc=U(VhK{3z;D)f@!D(ad&WQ|5ive9(Pxj7cjo
z(h-AxpL*{z*nPQWK$puQGji2I0q*nD8qX2WuNy%i^Gn$rUi8+a{@6+Gf!oFv-EFer
z^gV(ylU=VKr|&D8S&#}<I@bs^15$ZfmG*-<aV^m!FV<*lcCa{;rw#|t>Ab}Bkec4r
zKxw2pdlpEWTZqeZqAtPO&6rk=yJ{Oc=AFwnN8M-vzJ5fzN9)R}lk7%E7itZD7N+W9
zx|B?d{fNdeZ`CdG`O0F{XR914=5M1gVBS@Tc2S1Z_>(SusoDJ=<!pa;dhor#;%(;J
zyN9P;kP!?Zs?i||gQHTIP{uW2X4*s+ragMcbvYtK%H8{tMA}*JgJRflQ=hq7pUS&i
z4ZbDN1QS|4%eSfYfE*;6ljOci>${vaDv4aZBo;1<aIX;WkqA}FAeTkAjTmEwMyjfg
zqmRlikBv`PA$z^9F825r4p*5y$G0wR4PmSVLd=-Y!*^t(^z>{(eHPu<3w*u2Wuu<b
zaAG+$NT_BSoDx^(R_3C@XX0jM!TXg^;g-m8SBEZJuFEVxQQSG7NmrL@wgdj#l`UF*
zMVTAgvYUW<dSRK+cd53kiK<s>QoJQ=G0Ue}GSq!S7`HguD7+}<668$N3`7)oXN!PO
zWi};G@PXGTMuEU?gBI>RKbwUxU8XiQky_6WF_FFKJ^mIJ7f4(A`B9hRD`4(|g4M|b
zA(^!TGn1~qNKM?v3|Wjq)hJp#ST3D;BPJx4khg9BUYcW3YFXFGs#w?zcW=V!?c7*S
zoymhVD#mfIeOZsYR`fTRtgnpL`eL}UJQynh@m@5FzBWOttDWu?^XA*_>Qh_}QG`Ok
zBut~7Jnk&}iB`TmjyBzC@a4vJ&(<hnYj_q1P<Bvv91XSU-yS2F5xwi(j4FbAdoLq4
zuqq;t7B_<(1Z6Fx#lziF+(qQ$Jx8{A0~U7{7D@bvojYKoTP--$3?e~t@ruufZSgLY
z1&h<W18xF{#qC6ct~i{s<tM2{cVs0ZLj{3rklG*P?Aq9Z!#KtHn<5is>LX>^BLzk_
zyw&;Jy*kp=Si+kblr1UJRQf~3ytTQ@E5SH5xC|olelpcDly@IKza@*gbELc5%RF<j
z=SFlbZJl$br2jBfy58+>JIVLmsG$>zHqz8ExqS{Jn_5?vZNPM=lX-uA2-u-2IOY<d
zE3bf4GgQNjZDXF0Pq)uNswt1$UCYwLy1U2D2WD;WY=+=oVK^q*x=KzBZ6Fk764y#=
zrHe82FZEQVT~p|r%F<6ykAXsli;f6JBgDhJOk<F_g=)^W6PaBum(Hv24HXoxsqT{}
zGWXeVGu6P<`WhMJV_V6kt1zU=1tH3tQ6-hRo7+g7|E<AlruEia@`F#Av>oE(7Sx%y
zl$fzG9HB~MqNK)WD+HyB5sfR)(wg?gfSc;jxTq-tek*#tMTt2{IT{>p#zO6<7MprI
zj+t~!?Vm!S1ir{$l}j)OCPH0DW_xaB8dPR{e9IZ})shKe?htMSCeba#z%H&obohm+
zd~j29sFD++RvJ-hkYZ)jFE|0_ZmN}4?3luRsklvBB|_bYW=-^boZcPHsz^fRB)vkE
zaWm5o**A+IWe*7Xu3P#_lopt^OM%l_7B{dPaBD!Ho`}QH<~guzkL(Pn({Lp?k7^|C
zWSgL(XHAbUNsp{PU$S{Q%Zc2I6Xf4$lw65c0MZfUQOu+gP6LEONOU$**QaK^iCTli
zFxXXmET|)p8U2!3tp9cMA}z?a(pPEweml$(O81t{_Ut1NQGbNGUVG(*L(_*mgugz%
zALY>`3!*|A(+!u6Tzi?(BOxbuFfFF~#_Bd$5Q(YOz;|X=XJ2-;cn*#=1OV|EBpJJm
zhW$P-^YCKu;oAc^#NFO%MAh+V8H+V~<Z@VMt-W)Kcuyw|&@8Tlk$X}Fo13+=CemM{
zeYc|PLlm*S7s(fMWl~WKhu*>PRxm(H#u{2Sl{}J#XgbY*(P?a`iDnW!_Ru&jA%nQh
z*9ye!vyyFt*$J~a%QvZ5>-K0CG5Lu)#b;q1Etp290Lj5Ght=M^Ga1>d4+-~1PZ@E7
zG>g>CO${p1YJw~m4<;d-4SHfxm#@#Vnl4(EIViPpx=ZCnnSUejR)MqE8}+=q^dd7R
zWlAvRwS?NH<IfM``jV>NZ0;=jdZ0=rLd$?+N4<lH*qx|Od8U=mqbRuSn>Irct8iZh
zC+w9iH6l}NmubPyE78g?C@3#fn=SFbt-vDuQ0EjOlmJZ`f_SrMQYzN6;*4xqL0|kZ
zDsO|z7u$o&KECpTQ2I4SdhA>mYRXg=w~ExB-`|0`+WO{zkn9S3%gJ_qzOC`0MIQ(E
z^tHIG6?tYfe+>|C_$s(!vKrf?J7N&I0KKOHN@QTm%>S+-3#f*$BEYaXE?8rw!sMVJ
zi1OC|DAV|ZG6#uxvda#*a}AckH51)syc<M&v>y$u_9v$W@&hK%5Uvt-&D+2s4G(zR
z$Whg$_EhH?E1o4%Ikd5eD_QYvb_+NxsWV`e2ho8WhBle?o~n(QECB_biou6@IIR23
zCvxkmS@A6;e1(yQ|I|ad2|I`Fij_Dz9KvIU-g``ap&fHDRoZi%3W{eZ<g*5*gFee{
zg|k~yB)RrmkJE{@<jgcs)M3U=5#^h*I7<hV7l=lXxtnM>vSps^EQvW75*Zi>&IvO2
zBR<;QIEra0@tmU|h4N9dWf$>9aboiceu+sR$Pb3>HCW8WK>ptp%KnHBnvxO-LbYjW
zpJ5O#(|{CEu~|aNOlIX-NQCKw((F?7Om-lsj09#yEA&^7N5U}$Gagv@8tMsmojVAk
zv?6DO&D)=Xy9dOnAZ^!0aY=nyRv>X-fj9ZIcn)i&I+&v;9DFW`<carSY!gASkITT6
z&zk0aOcQn)UWpQoP9jBO^)z+&(_rANxf}PB%B%5UEtm^*kAo_J@p4!+2082Gf$l)U
z#c-I_Zifus>5Zr0So!j6UMsNa`7}-^m?Vf?M<=hig{^G#uB_B4`Y0}on67qpq0pxO
zhZ%WH(Cs6}I5F*2`uK?>bzoo!Qr`#&c65C?D<RJ@)Yp}caPXeR3HT~{DY{^$;*td_
z=2linnRimf?k+{$Qe7pBnb0%HkQ7Cyr`hC{rDL9NE2<3Ov>ALc%Q{IiI1VT}N`fO5
z7!6qpPEMOiT?Q3CyB{ljerpG-=<cMV)Xp`4>A9E{8x~}-#P~Yn;->$K!~Mi6#2VnO
ztv0~fygs7m3z{V=B;+}%p^3T?zGf?^u8S>@0!Tv(v1~~xh~{!b><$V6wH0GJ%%B-I
ze*~R7Vt}a&!Q3v2!-3f{8kp&%9sT7B<hEy*8E)NS#3*sy135#RT2#cIQ8xhszo%(W
z@6W>D`iveG<TKe>iOyxNXn`t0GK>syP#9HQ@|I#>OyR!iF~w=KOQ>;H@~!lljS#AR
zUZY2&BYZPgyLqmHI=yg1)r`;U;~=5|Wrb>4OgNf#yfzJ|Mb|r6KxXR-Ud8d|a*6MD
zH|i~C0^@3mEIJ4!c>K8{%c`R9T1JhcEINN?(-c$V#?7?(*5Ty({C3IA#;aP{o&4F=
z8J^IswG8-49Gl&Wr;ddD1TS)Bxa;625UVO?NOhRU!c@zLFui)^2~55l6~5L*wU<dg
zY5o?Ks9v6mfEc@3v)(&4d$lRBJMR~uykoeu>j?0Tw`len$<@;G6P2sYyzM&z^u~!h
zYm0)oiSYwkzBbDZNDQw6Is=g^$L0Mn6Onr8UPlQ}nu>6!Qb~uP6s^hKFP)p(4kqn-
zwx-T)Dgj`CqDzMyr!*(FscS#e(p!|;LsQHsEw${@e#LdT^}5lT3#>7@hA{+MV84@~
zK0oVeKW!T&i|x?U`O<LFNy+nV>XpwX8|VNOYg5Q@4s8MNG`pI*d;OzvCSJ>&5#bQI
z3Gc=2=ur@cVLe(VB7we7MfUBJUF9U^nu`;)QSI}XFqz;r7`fMLo=LFF4ohG@t)sWo
zS4=)?{;SWIM<ZGbBAXm8nI%b3B}*@nRci*G%h+eZlB>4*W)H}wPtLPiK7b`6GDkZm
zZM}k8m)~I(VP8OKfKT=lrER*}5u?;dQ|zHOP&6&50eR}P4$Th6Y1;^BV#_#=CB#d|
zMP!o{r_8LP%uMa^j?^btU!di6nfmhJ<c=!JF$D}Rq|buCzig_4O~S3NjokGDGgo<_
zBs*QIV#1de1X5pZ*tAldFG2}WXQtWN$=D=TEoKaOR&`A^^A6+eyLPaCp7rpIN=t7y
zL0Kph_)QF7<)Aou0Hn~JflygYK(kI01T9@|3zhOk@F8}l<)xL46lqi|DoHQO)Eet2
zig9tAPK&0Vc6)(-<GHagI=rzHz~-(0E|{^y!N~HEdF;q<C{pB7ftG_&gH(!C!K9i(
ze?}T2RkRK$0rW)HV$zd$B&LgDs;hG^xn#HA&uqL$-<{srE+lLL)q>_3z8P(GCo#}q
z%o4r<ifnT;DaO<6%23_5-eD5ckA68TE32Dmy@uTBiOYr`gpV+%N``xqAluVFfre*2
zdQ%2&3u>Qm02%ed^3U`FV2Tp+m?LD$M}aA$m`i(1Kxxuk%ujS`+99Ofx?<YteSw$s
zb@WsRN3_?Q!KsbnQBZRe=vZTCRbPwkdlmIQhN?W?cW0{$_gVC~XfgU&x2J9TgbH+H
zjU7E^z@kN(J|f+|!#8a^sP8kG$?OK^f9WvyiDTC~97@Pdq%DSJI~FauKP&yN3YfZL
zO4o<|$+n>Z?X%3YvEw<9Un$KvHt_prg?J};t(;oN+B9oH<<5!O>-um~^Mi;tz_ipv
zL2D4|&VO>n?Qf=En~E%~6q&86w3&^8u7S66`{WOqTlgNlXwL<k-|<P?S?ppGYQW;_
zuTZlOUrooyI6>gzx617bR+D3KvbASYfIg#v1DrC$Jj?MuzU+H)pgGil?zfi_gsEzo
z-Rpt=`o{M@z+ZL0euuE2XkThq+5IrpjgPs(p`dM4@UOOwEPvfLf-tmD-uzcRrvWTh
z89R~<J)GZF96UU_+-WKSJiKAAo`|ol8%)H?S;Xk|I6;_bnEnBftQ7={2FoSw+dJk0
zZy_iQUAtbqs9;-(jY83cSv%@4OXh$1TDxWN9n(icEdbb5<(SP5b$R*rfK6d9MW@<$
zt=(<9J>7e{h4F9I2fAPdhID;Munz!nizKN?g8f4m5<n@#=XVI>|Kg9|?&ij~05Hfj
z(6|{qJZ*u&142~+;h<g2ZanMJs^F+H&QSe{F4Q3Coyc9&g}MznV^7&zGw@d6jo6`a
zu?5aJHDp-~3XPt84~?b{d8{cL49B8OhKo>*_`i1j9o9IfdvRTm1wzo`z&&CK(4{}#
zBfHJ!)?ZogzL>t;pgB`HC@lTedi|y8fBWO_4Hoe58Ug6xnr?@ypiVd4-X*30IWHQ2
za%KTgQm-5ZbG!rbeRTj-;RUhGn;W&kj8HKid7`Dh0|H|FzR!@h7l}(zK;x20VJ}Hj
zNAMBGVei<4W`{+@3R%nw5ri}!%K`WXMu&e1R47yly88hS2+3(cp`9@>{IUf14IM*D
zP;fs?1*OFKPLs`}V2ZFonB}<jZk02a6qGo9sgkgBuw2<zb_nItlNTO9Dp1;SKSUy@
zdVUD_wClN-L<^48Igd${<bmB13I4uYcY%Hy6;#2?x9Q0n1svZH{8s~+CvM*@jIHBL
zW(JMt`kekx4+Qv=8ZZ;Q3PtEa06Rb$?><2{ZW?dDIMUXk7}c(HsyS4DDbV4a|Is?W
zV_w<*4G$uxmZ1b<_rO{TIaHy#N5P;!xR|#sw}%eDV(w0<rpH;3H`qI3mTLuTkFN4T
zhI8*NfCqub$tI}#`H+RIQS1w(2F;cQ&G_5zi36pl-UeHc$H4e6DRzKwBanm_gKtAY
zC@4JMmOVhv)Y}CbxhSr}>7l`|lq(}S0l|ct#m0g-+;tNV;(JSCt}qorthRglZTF9b
zq%auCTwg)O;KpJ+tQiP|-tlW3&DoX$a1nJZT`+JQZSqi13b8uU&)Oz(e8<yxM<=PU
z+#Y)>N(1%X0A_^oJ7(mq5kWkMFzrP(398$!jYo_;>zp^)=&#to8t>7t$0{@BG)i##
z4&vz$9jE5`!<v&X(Y{pGvKZ`%yRO>LesZ4r>v?<<1V}Qa3+43nA@;t<31RPuL4&Ao
zJdt}Hqe2P}$Ga*i$(T^N^rPKd5O?I26Xcok9s%L6+L1r}S+uL2exq<X8~)y&<mseG
zzc6R6B}spK%|*nRzN9b*<oRkydOy464+pzC16ays`aXG!elvXs;vcUXJgnay-YccW
zITUw42FxGM?^jh7bMl0<>Sz*$Uq&K8+oR{f^E0xRAIYpE8z1ckYoAqPSo7-F<HLo`
z?2!we8<8V#w4=Nm+UM<}GTA`G^VS}==o@lgi+`RwygBa@J+?eZkHzkDT=Sikr^;i-
z^1@J~6;?x>itH?1skgCRs}Q@Rc#A0YkXMV;>Y5$ysq&#PRQ7tPe#X@q-hDAJK?jgY
zbo_yhd#$hXt`TZsfn%o2+VrK`KhCW}<`fK|TC~43G$%+x$4-et_%-S@Bb0g{^OqyB
z09dn+f|$e3uP#}>D5rQ{A}6uxHQ9VLYou>|PF#VafcUkv`Pp~+$rTX)sPV@p<bN9_
z{x_cYU!@NHjpxNXwB5^z;14|S-x%Kiilp`b8HV@2g%Ss}r0Y5IJp};1#y|MR7dY4X
zy&I8J=x1F26@ovZ{6N*Uf2P#|%=|BCb^j5P*4$7D@+x=6o8sb%*w&euna&S?Q~!3E
zssFfRe^dYdrvCj+{R8M>Du`bDH}&uT7e4sk)W5%}fBzAcf&Ztee}AV6f2Rs~KLAx#
z|J#Jpzf*<3RYG<PmlS`ig#4`%vidJ+&-_Wr;NMjVQAL-28Cu-or~$0xWY?b*Ygk&t
z--5DlAi4Jx`?!xFpjKHE)3{!RHNJlpGA{>u2rf`J%Yr4`0|4r2sU+PNg8DOm)IYi>
zr@oJnoQY2c-KHL)XbN}`P3Z_}{_69Gc|-MyR`Z!p0Lav32pCT&1bQoG%VjOT2(gX$
zf(FKljSKUg_}&Io7Ki@j1s7~K5Bahb^G2O^Ixh0Ew2PhyDd3rP+;H}~3RA6pYc~LO
z=LA7_ZboiGIH?TJUmExAtq265I<8w8Kk6?0zE7Ii$h9vcU>1&3g?cFv*H=>n$TX=3
zwk=;jAjG)8#17J^L4x*Y_Wqdtg!bI_W#dsd(o_u>mv6cS{^N(<VZsFd_8YaT(uH%{
z>id|{t^R@4N!vz_qs@|3U}Ba3EkLMGq)8d8CNY;dn5eidW%S9@-r2Xngiy%;@Q{Jm
zdVy#(e|-plf@g3D|M+wJA2h3WznoV#&v`4OA;lNbTQr+G`tWEl+@hV#T({jG`R-<l
zhxD4&M$Z_=C?0S*9lLA2QY}FHs&8t?LfROPQ`)YJ5N%NNUc6$zu&tn>@{{-h#nsnx
z{f!&fwx0Mo>r0{{R^p;`yK$KrZ!})N(ZE`TWG`+wEd%mW&HrfcO8=6~+Hg7cre%xM
z<cO#^nQ4t>X^AURQ`%xVrkUFq6G53Enbaf>8j~~DDB|R}Vp3wZAg1BCXUim1ifHDR
zA{ONWS#F4;=zEZQ!++rYlppoS{ha%pdpQsHbzRa4lNb3Y3(}Cg94<X$m|_~+^Wfp@
zo`*jiVsQjD=m^EYja~S8LOw{;cCEJHNc`}C*O5aecrXa~6U+=o*yU%ee7w-i9t=~_
zWO`Wiq3<;q*(Sh6Bl>i}VCkX0C$!Qjo{EX*vbNY#MaUE}Kk?3kB;R?qiwr4ahuUCM
z?G`PTkmr_{0jK>Cx$dA-B@(+OtdZxfZA-pM7|!6MFwA%rd-Wd8QxY-CFY}$v6Rdj=
z$iEZ0HkCfbXkHTaB};R+&m$LWsm7ZCpY0X%%14i310NAq)MOHzf+J@$h|W%{*4@5d
z%&)UXXNiCM5HdHFmd;J3RoE33R>%hbK3d8yO9d?7+C7#z{#}y|eY%)6!SlAAXqNma
z!)u0zsin}v3lR@b0Wwi4eKN;kb*0WRr}MDg`zZBDgQJ{KFz?=KueL0S=)}j@{n(2H
ziIU0)+F%o!A_B2p<%G`PF!8PCm)bhSHOYv4Vh4t?Ns#Dx_tFQ6WUq|BmuCW3K3zod
zw4A<hVnZ_Iu`Ld92@GM}J-`N43Jb2E?;Uz2SPd5vizd4I+|m#HeG9=k!4&QGpQp$(
zs=pgL5fV{*NE*$}qpbpvi%V}U4g78(a{rc0dQe9?L*2bMG6vLAVQe5379^@568^A)
zZtFVX$;m17C~Jn;4$#w|L+nDmGRGkKB`kU9jVpdYWvQb-Su&UHAKRf>(ISxbRo4Ld
zUiyr4ba@)>_RQYu-7ufMqMLsM(D1cAb`F=qJ>tU<>nhz^un<lYx}{1V)K9UKypV5Z
zak8dK8Ra_Levs@;btd+gnnRVQlabe^SJ*2(ssi72-(yXG^*Zk)`WDb*=tkHzY2DPU
zUsu0N9*?g8|41f*UPoJNQa*r;5K|d!#I>Q{jq^$OQ%k81uj0h5|6ZOJ@0lE=?ntFd
zWW=Piv91k*TEGA{kdo^?z)-ik$z9$jb2@(uCaS)|&8Ka?ZifL3G~X4&DW8hloV&eN
z$%wy_$N$^|^FH~9Mbv^6QFs#mz;Te=z3SvH0Lfk4&HJ?koSD%sbZ($s+#YgPS@VQ~
zG3K5BO+y}Iz0mcb*KxjaM;O;@`P;f$>BHC+QU-aPG$gt(YcnzXo7>`P#~#7L*yR(E
zD20GB7V|w>g5o8mj+pOpeztPmpuXMYiGy}lPybDy9{($3K&;oCj-?GmuPehs>>z_L
za{=Kq;c|FXww3?WAeBxY{Hu%?;@yp>-_QXjtXIjO8bM4Bj<pj*5i`3nGqc_O?W1m&
zlQfPraX(6b;m&U|*4~(Imko|_YI3;SU<^^Zh!GBl(Zk!)!5%6H`sT9hNFs1}O9Pu`
zyKg};XcIZ%Fm_t}2JnEmTm;`T3&xCMsOgm-!^M#K0Q<_l(x&o0q$aPgtJ=gB%M5(8
z+QbG1SF3daWW_-Dxo{7Mzz4-mN^jSeESW;#?$(_0<O7T0|I-~ppBwFLETS8)?m23+
zdi#4$Tyu|!C0EU4=6I3GOol8&F_XXDm&Jqg-nPL>!H9;zT0lEDAjH&rWLvbWICysm
zZEnqZ66vIX^ypTI=y02a0d0{^Ng13Z7H>)o)>Zd6N{u#lnVr2+x@3|p8=O8)O7dn0
z2uviyQTL*v)3)%33vGa?4-hM8^~kcQ2ey6hgaNC$b5@@Vuz04FKg<axjAvr1w`lD2
z%8Ya*y)k#Pom$v7>M4iw@<?Ro*#NhE$NYfKf^Or(a(rtr><_TThSJT=)>z$*_C~8(
z=>I54N>0v?DreiIoqWb*doNj2LJ^6AXxlG!8kv%G$^?qZwlXQ>R(Ev{jRhQL7R$&o
zK>+s!S{bYkR(6toSYvTh`OWTvmNqFvc5JlsjO)w(vYI<H6-{XAlydDHL`1#p2mabv
zU3eCB+@5iGrd@GXX-CC}+<`$`?2Url@+TviV86?|X`rIO<Y<J%dLhppjb(dmuPdMl
z-(AALKy!HIbC}0Z7YFhZoJC{%37oIs0^r`0x`Wtowmk_KnJ85Pu_^_}E#F*VbP~69
z(`|xp=S|c7E=EvlXMsJ<lrH-Prddx<Q=;Mwpt6gSTczIQ){0#;0f<$B(<V|upj@Tz
z17HGi0Y4=0xx3`}>jqRj;we)oGM1`YxgQ6OT&q(hMdm^nHPnZ7CD&9&=7U%WLvUra
zU@Zp6UCYe*M(1!_!@rlY6R9~p?lc;AzNpa?EzW<8q0|J4_eKcrpPVZE*u<~dogY2v
z1)iM7*@rWya!I}{%ljQ<Sw??fF=CVCy5_})61BuQETgzXoI8~pNHT@C(9RxdMsZB}
z5ruM<l%1fa<*(z*w%S9>n#e)yHm_q$UW<HwxMEg01P+1h31VB8QB70m4NjY4vpW-3
z1MQ^N=x`7EwrPi#<<$40ldiExp{@v6pS|Wza@TDR>j445ZVh8lLGwQ{n|&tOwObGa
zDvPqb3?cE;qA{t${u!zybc8M}Yf5oW<KbTHyP{bt6IME;odTzgBZ}N*3P;ny8B(yK
zBDI*$tElk@AgZJH`bZ^gZDS8;Rfm!;OwVa-de4xigm0Bf%c<+j_kQXw06FtOTd~AE
z>1-GOz35%d<LHtp`o1Eyp>x2{YkuF^$87DdIf+7CJyyPr(O4kPqD9PG4EmdlZPV?z
zF08y|9VgK-tyqShe&+%11+=NIq{`F<$I^;Dpphk0Ov|&@v`dQl9ma;jj$0!$rj2JX
zg$zZ#Ew)wMBAzx@XJz9_gCJcOEX4WFmLT#$j`1%nSE`ym|1n>%THx>Y(&lPHTF$7E
z5A2t;7@5CY{C9wp!gVUis`a~&7{C)m2eT{(9%@zw!=eWTlqc1^mbIL5Hg8G=l><tS
z8FhNtWnPjCc+9jPH-9F`<cQ#@mu4YM+=XH-eB#F?U~nTZB@@MlHd8K(Z1<Hs3R<?K
z(iGMdF3a#<G4GaRy#r;so#z)#bdAvuPufBU#m4@IccN2k5t>EoluUT{s5OY@Fj^o?
zdaa6XqA)C8rr77j?dxDw7CnuoF$F(A&4t0Y!biW;C>F>d3VNA`fwH_*&@ApV2MQQ8
z@zqM>u=2|}JL$Xz@$iM;wn8*lk6Ux9VEbO-UB0-}r4&)aP=Xe%kbQX9|HCrBmklht
z%~Tax=2K`S>k?O!N(MW}hdY{y97`aI;5C%s@XqBCEo#jFapW02P1AZm0XLtyko1J1
zRrOwGoHyUQ3XqtbduiFi=6UL|7MleN!0)ZSfXW9@9J@LSA?oK5n>dj=i$6aaM5UH?
zrOtuM{)z=l;@fwE;;-9qSJ;BN_#E>A6SP<m|2Y>ZZ@=!hwH~-DKh1tLkwZmde+_Fr
z$xT>(z<^xs=V0pj$sH9IXur0BNs_hV938N`&zON^UvNfm<01>RzeS`*6-GHP(K%Ym
zyS?;SDbFchaL{ViU8^}orH@&B6~6FiPr}$zw<09=)ti5vucEN$!j8IYgcr_c;r9CR
zzz<`%MYf#;KAg;bl(|2uYhKT*(AD|5*WK}%yH=+6rXYEWK|PW1PDj&-m&!=6d^%w1
zvD5lx1WU8*3X@A(nx&+4tyx^h*KMVS*2x_PbuP1(>+>@2-_pEnSjV3q!Z@}TOXmbH
z&p~D1KF2X@$9**p`lfcAO^6O}gIThppCgSPfc(+UE|sFO5ItYykZt4dkl_+-Tk{YX
zAI$_*odb70$hN-9%x#)W0}W{NQBXfFek;%vF;<;1B?819w;~+7U*l|4pH1`!0yeK}
z?bJFP{|iJUDjUQ~L?Jz3-dhTIw7J2`CyD2VJ?B*;uyR9yJ;i2Av8@_j%%KD?g4e7s
zF3ctQms8LP*DrzeIa9u*^QX)6mx}Z`D!vre&r$LJX>Aj;3v-w1Hf@TMj4l8_dv+bz
KS-1oB+kXMRX`qq-

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/mfa.png b/login/apps/login/screenshots/mfa.png
new file mode 100644
index 0000000000000000000000000000000000000000..1fd73f205c7c93d5f937db766f1e185d4b7a93be
GIT binary patch
literal 104053
zcmeFZbySvHw>}I=BO)OnEl5a93X)0+h)8!xr_v1~h_s}Hgn)EPcL@kccT0D7|JH-z
z7WO{ld-piw{PT^MG3aOAt7cqt&TBqi&z=gSBI6-LK|!I4iU>T1f`SzXpM{9<;4kcm
zT=h^;$QcHYA3qa){FvmKxtXqku?`fJh*#(bglEzV*sf;|-H#uMK1#&24<3UNLHY#u
z?EMY4M;Ig_Hy^oqqoTip>vQu)l(P(t|Dgn>h(hY^A(*43`d*M<5eJ1$W(@9aPMO)5
z!&ck(h^<kJc9*t;vy!v#B~b4}OSE3$WnAYg6`@Aj+SC2|wc-BDH&EADpy3ptUeGg$
zeMd$`g?}eLT-D;~02P^2L`P|Ua&&Y?P3_2!jRr-9H3934%|JLI{jPG_i~Kp%vm^AX
zn&+vuZo@Z|MBl@suSWbxyhjxC!(CM9O;h+gMz&fOsP((_@<FgrUa$9W50>A(i`Imq
ziI1*M^+>@tN7&vTo_JykF^cs5y8xEJ*ogHHT%s;55hU$RGZamBh77@Od+54e-Nh|u
z?Nj^XK`|6jS(?67_Y^U1zEwar*X2&V&2NrP{v9Pk_l^sbb5O7jbYS=Q7Oh4J=GZ07
zyXsMF47QP&9?k@IME5AQBH<J(C%S2y5QF=lgybl8e-HiM6Z%=G`J@TPpUdT`xxhAy
z9!kQjgoT`;ZHM@E<<$@0YNt<71Ww18txl#LB-;;LoIMB*lnl%TTpia&B2M8*`^4Ka
zaP7<-Uk9v-izjla(e8xxV<dYtPr(_Sn!CtZ7dvKR9gyhty=`u1^uWjEY;{Ft;=_x_
zsD`Tf7K{e<yoPDvtI)vh$r%jI=U+l<9+`%_)}U`>=rS)GFB3q87iUYy);&C&=60X&
z*K@R!gnAi3NKDN8a0*4JZK{U^>g&YqSW!Bt=`AP~)%IY~FUgL<Hb~dr@ga4%a&|z&
zS7Rx_Jp2JW;)=5l_nHJ&z*Qj!cb$((M3_?@S<bB>4hrivodyCG!cjH<GdTa(m~rSI
z;c#khy}V}my6gw~JlwS(w{W3}t8roZAH2IRb;n8shslkW<l#FcJHE<ij9BpXk2aoR
z+;!9Lc%n}z0~^XW(*d1=cX*rgnyPyi|7gdx6f``yu}A6}SmJI5Ic&z)mFvXA;Sg%j
z*GV5BwYgjTaJ0o#ftRlpo`Bycb-Y%IvR9k^Lkf%UUfettcL=$+msY}~XRlHOLSPH<
zWZzK>%Em7~YfZ84F_B>~#ND~=Cn(){J)e9CmC)5+V5=iyzIR^BlA{!P)YbIyxX|7w
z;g0e9+P>HgFjL+W8d{8^;h)1{#P7{A&a%uh&C=^aZ9)6gcjZzj=ov$?VMn>CzNTwf
zt?7HAoHIJ$yi9e&Q@T;{$H=QY59ptI(^Rk264t9$kJh68;F-9!UTXWWoS5eZL+#vz
z*aqwV*1qyS&i;KjrkZy@o*>>?M`}TeLh?jxb&qm~uEmw|(0^n}DRfi%ospN$SI$YD
z$rqCk;o#t$;BY(+kRN%dcrbZPA<N%7#Nr92x@&<EmH+-OnF%T3or3p7@5ch0v|oI|
z;qa#=HzSn~W(bT8;=T9$RwfpQw_`o4_bqQ!?;<R98uSp~5QQf`q2?h^LZ4EP%HYXS
zP~p?$g_bm@hth<!Q;o|L$$m;3NOMm~Ovg&^Nl}r$o%n;Q0ZSb@Hb{~~q(opLIX(qm
zhAmWBRhV0#LYy#8(}05I2AzkTz(b*>M8A~hGK4Y-G9OaqQevc6J}1mKSl;0FtBi1V
za}GGw3EQRZqpivC%UjePjoguvkZu)|h?7f^%eIzZ@!@<tD$gzJly0AJh>4p2wxq$)
z?=zkQE4|Tmqb`<F7Q0A~NJ<uB!y2VoB~2xo{2PW=`hJE>`bS1S1vUoiT||AKmTVUi
z=Z*V0vY8XbdUrZ*Et>XM#2p2FYSy^lg{$Ms*6=PSOwBb$e9cuYc`Urr%Q?|G#<}7Y
z^IAM~H%X^P8Gm}syH8mYDs`c63*MsnAqt5nXeUGqtq2kON%$uCvE#Dip+%-dyc9PV
zH<TcX3X<TKV3wefSPR!|4cAT8b@*QTUDHB%OM44>D+)WuBiN%uD?o71_`C6k!T7<@
zyfx(@TE(!zu!1lrIm>j7bgp!v^!~oLeXshIGlw&)h93+i4ibE^(-zA`&2P;!DReT@
zGi}UE&nbH$S-6*{{$gDFtf8is|3^;$r^dj=2mP<!yhxv7r_`hLl8)|vpZCe4e9Lt1
zNF0wjMDct1qT8ztYsD$^zL~uA;Pjpy_oZ0VFw<01R?{~Y;<Jde1d-iqS!-=pyg$a4
zYS!QF4Xkx8rOq|&WNbUm>inqR<6Pcx(`k63NvKn?TeuNs8@qe@%~~g0t7t#Y@z@F3
ziPPy`Wnkq@rR2%>Nzk$3iO@0OiTr*MtOkr5Od<TpoW6zaN5eLeIEx=?)rBO_pV>aM
z>&VmC(hz;QrDALPW5mRQxSctYGO`~R=Fx*Y!;fOzBi(i1o-z?X<h69JKc3Sp)TF5!
zs!N>^t2L_S6|faH_P50{z`N&T?DyPT30IbI=l&37>D^NH22Nes?|uq?3Yx~!1oZUO
zt1n09VaDMeVqd4VR8h!TA0rJGY{6Dl&d7aWvQa|*M66isX~T=jgejxRD)Yz1p(CBJ
zPit4*(TSppg7>`F>c`uNF^W;1z%pQrVv1oP1djw4lB1G4P<)_3Lm8|!pNI-^4RN|h
zEdBU-K%#%LU~+HrRQFVO`#Y+587bwrPaD4Yn&x^G^NmC;M3#_Q2w>dh_z0&%*K8Qn
z^}Z(Mu`abT!&1xcx2$ic`7DMDO*+&q0xg_jQ4Hh7$AbRqZIUz{G`2KK@{5@&Wnav0
z8TG#I?O1g0%{02+H=TX^+fI9?l9)<V>25z)RC!SO-co!&>zvWt-0WWVp1QhnoC3+c
z;;I^xx=P{>UPPDq5&f!H{S9j#$F)m>Y=WN!)qU*h`(5%+a+e!7B)p<H*&mvWmBEz>
z=Fg1DwP(tbQ<HO$pA65M8V$4!s1=`__>(`(3grx09TpwAH$13}t<sm@^0GfnRlOy+
zWlhdjzGtm(sN&ULBlj_P(XRbU=5TUFw*L5sliCw*gkv-o89ezgqOU~XdG?Q=^?cfm
z4d<05?t7qOxj&5F890`flU8Urx44Lx8QEI!GBd+^e!ezAwb9X^wO6r^FeSMkhY+Dr
zr&0Zs;B2b`lb=#al1Z{Jnu)XEh-Jr8^IA_%xn|=1lH8(ug{ep4KO*{ci)Op46i&>i
zGsXtJEz;)LVku+Vd3l}h%+>1q6zlA3b=9Btk!J?b*Q=CvvsGnonRm>j%O7W{80r<M
z7cV;REVK3->18ozvyZ(j?d+Hscy%b>s4i*4X~i~TSvlA<)73k|oqTjm*RG6Xb~I9H
z?rAaCFluL0wk9~XR8qC>Y=%~)x6VKGh8-=B*q^)E$=6P0U*JG=K{_)zv?}66ZhWc7
zA*($(drEOXPxz$#RK7~@<kX7fjN`y=0c8}Y_l@-%J<sE}rE2uH9P3Yx4ULO`poQ{U
zSFt%cElOtdJ`~atf*%tZ^R1$DPCi}z=HR)PneZt=k~h%>_ef!1^hCN>Z+32%p;KMW
zm+r*-NNKlqS$S(OZY`j(yRore1<A%7i|-CHB?Zj-E+P}<R~WvPN3))A(p%e!e9~u7
z!LX;8lC2}bldyb*S`-bW)+kVo=&Wsm=49=dWK!-pt}81uoZLrG+ZHh01Wy%qkHkCP
znE062@M;^rJrf&0%hw=HzqX%zg3}g>&`^h}+YjKYw~m6Su7m^>HTW433Kkj<3J&}P
z4L*6G@qhm;1Wg5X?fmaBP*9!*P_VyV^AvoCe7pyrkTE~MUkiE*g#doT0H3yTFc+_e
z6_302`{zRNKPZ0b$D*R(yYvfl9UW5(eKX7U!u!tP4@fUX6fK~ju*o5x(4x=pu7l?f
z7|1ACDoBWPzA!VP*VH!C(xJCCc?o$A6qhY0_|ZhiQj^5i#Msn=)0Ug`{1u$wXULx!
zNJ-9LVrj%psvz-<<guB#4hb7QBRwN24>Ab}375IHF6VOrp<lznZ``E%mX<F$85nGA
zZ0K#6>CMdb818d$a4;}3F)%UFfmhI3*qK^t+R~X?ko|nf#d8F7EMAx!ytFhhGbMpM
zS5wQ(%95Lu6f)88kDu$*u{HQ>CR2-F+X5S8fc%HyK0PDD?`MOdT#&zVJ~Ob@F;)~X
zFac)<=HR){#K^{VKHzWv`fJKRhAR9q^gbiwpF{un*VUo27CPpS%}l_gmOOu5*ssBV
z{`1#BE(XZn|2T`E2YvomaMC=;TnxW&jR$#BR@4YwB!Pi|qzw2D#0>HQqYS=K{rnF3
zd5$>U`}#*HC_X4r0e%@<=;cv_ast_dvkeOd_m1l&NQiEHh$Qc@9%3I43Ze_h&|<;W
zBM<P^_`^x<`?w;*P?K5<U<GR7z`+UT-o^0N_(Ub>&W8cBAG=mP_|a)MB2#azO@e0%
z#b$0ff?02z*&%OhIbzOt)UsRR422ev#1#tW$`{nv_hBedQDXk#U!S3%F`vT1-sFRV
zzVxLU@h0Pak_^(nKMYp<0m9#24h2odSN+vB$NO({gXc^TTzxv2%oj|2t(N-gQV~h`
zs@*NFEC%u`BMhwgb;R^5JA?cRjoEg2?dPNayMf<V_um`%DX;$(q2C7Jze@bm+WprG
z{WhroHKRYh$bTK#g-`zffhX4H;6zxh*sF{?JKd`~^Eg^PQa@<h=2AVyImK!4J{#Or
zNd8iu!YFqvU&$lKC0(|0-*lud!T#1TKFyF+*+#CXE_FJ+k&7bx+L~$Cn$THG%vU1W
z!ogM)zmtYO&ebd(5D;z-w8oUBcRw)B-Jv~cnbR8=^zrW=x5b^BI-!(vd_$-#PCc}T
z-v0vMnmf$q40l{|gfxqtD6gWbnH!7Y>z>pOZjoPh<4z4R{u=WxX{CA@QA>1V*lMGx
zRqyD)n_?-I_5<8uqT~C!)P*t!2XxdSW>o_u&NtGC64V{J!IP%i4(*K>Hm-5|_|^9#
z*!h}RSyjK7*}T8Xirui&@M0s;@*cJ2(rv=27j>Q1?OBaawVjO1gZFPRaW&kqcE0v%
z?UhgQm@RFLK(Z-uf?fu3KYqX~z34I=qZ{kE<D$m#hTLIW`_+`GP(BFn8YfX$h@>YS
z5j7nhX??R<h>|kP%@uS)4Kxq8Wt)vc_i<bsZwb4)HevDhA+wBFw4c1js0eL#^{g~_
zC{}iO0?XJ{-S}l?iue6f1Wqj0Q^k8RBWE6|8+Wm>=)Uewz3>zoE*}|CH!jezp<~r*
zoz88&Vego#V@7u(YOP#(5=Lk2LFCX;Y2PyT@wA?ybR)M@tN+BWk(Gx{33p#~*~K_z
z(~ZSWeZ$hIJa!;+9~Ym7c#6p0&KI>9wE^b{9Fw4<x}ed_*rfgD!0=JQsJDaf%&UqI
zjm0ZJh+bvq)}J55*QueE7yUd=R=m3zUmELCawnXLUktxGDjqv}v1~GR-@ZYuVTXul
zYS^bSp_67<wQMY9pe1-<t61Xvs#cG2_wbB<AAN`!Z&s0=@rJMI#{JdrS&f?+0UOa@
zg{BTk0&?k&;Jt};n~8lVms;qRUx?0(pT$2KRKo9XI5?;_RjfL*DM;HwC3b9X3A(py
z*J)R_nATmln4XO-r)KwgKlx4LEk4Lu^L*PIu`p9mI>tG>)2}SWVp-5DM;9O0U6*gr
z-Hf)qzrT;={K1m&5=zFctghI@?w1$)@K(?#%)M;2lxD>Fs8(zG)Jfu@n$wPK-5a8O
zA?e#RE!j}e!S`&9S-oE@bUEM`jn31FM-`eYShTX%;u&S|z>TA;3S9#1i<IlJXUFU#
z_De3cll5YFWKvcutS=fOec4jSCz{8|U?>JfJ%{7WgGVa1V;U5A;3Re1K1vC2^b@T5
z8(dzc0zaH-$xPqNDL?jGYp18m2#wx>Cz#B{GX9I|{GxL2iX^JFkqLF-gjXw%VwlF$
zN;ALBW+*Zrynp)Xg@`=*A906<Au_F6`2!W3Q9sR%Aab1%fmAdK3SGu7Z9}5AEPILS
zM4BXfnddoo+nkx54)Ylub~8xzkPbu_Us=w>U06g2q^4biX|~wht5TPrexN8**=x`(
zNA2=eZESqc`|uPoTs)908#a3nOB&t?He4tyBd^Waja+(qpi|<{_)5VU7K^21cgV$^
zyj}#e^)RmiFa6fR-6ryqV}c2tHFwu0CZ8dm?#u^bVYGCI^5Q=7T<SIzR<+di*B@LB
z@q!uRhApxx56$ZR*V+x39CpP`TO*F^7`M4G7;kfKXgqx8IvwM%in3>DDVm#65Qb6C
z<kzc_X6$z<R=ZBoAp-jlyVfxMDMNO5LxcCNuo)p&S5ZH-&u-*OETsaH@`^f23O1uw
zh9fUZ-(DJ<@c>3%-N}SwCTDDeb4eUa8Z997Eb{?O%icqBjpub!_}9o6BZJE6Rqf3N
zTfDpqypN`e*|Xky`qJO|9i))BRwGmWl$)1zelutzMwtb=;XF>EZ($N7@UWzJk)VSk
z2}@ZN;<M=Jf-1(8M}nBuzHe33z@w!qnl0S;^NL7vv`~&`804{eEywZYludfWwvk{Z
zl6Fh@s}qG9+u_A}SS83aHhbmOGsCkC<Ao|d)BJ`(KcCaDYV){wrEs`qP@IxNH{bOp
zi@}`;COBAeL-Uk!4X@Hdg}f=O12Ns!$flJCtQ>Nd*Dfj7JD5_sxx*zh+BIYa2a_{l
zQ#T4JBSUZ>sWlsE$YCi)J~&346VE6dWV__C|C9?psMm*xA=1~+cFaDB>?u(=XD;66
z52lVd48vr+y^(8xLo3yfO;=j>{Y!Zb{L(G-mJRg1uu-x<P7z#8BFx^HgIV$MCXG*g
z?)nde_9yCwc27GJJreuC4uouNIpM^53LeyI*P-?kYf28XUOGEhzR>D&I}~r?Qr3c(
zN3LFll={y<D^!`oP>^v^jKYeu)FvXzy!B%n(QxP1>A!MrvM|Wu`U@<z0#=COBASM@
zU^>f>rAT2ZZ9(LFA>7*TP48}Cl?h%l7o3P+(J7uB4oUDOMsX5aH?;(V9Dp{)`xSaH
zP#?e7r)b(ZADv7*gKX*2Y<z^Uv#n+2^9?7W>Sd^JEtRuxteFX}T!RiqCpd_?MgauG
zE#WKupGE-c^(w4Ap=P`sQn;nw!)7H|aSFw%VQ`=Ih{2*f50-CSy2bg&B(sc)deN(<
zO<rXr`WWPk2O?l$0b<!T7`*`;;>F~87-(2!k1p-T{$@CPRXBNa3a`WNck^ixhS%@a
z7I!<y({yi=Xaqs$4pZ18g^$>bJL%*#YsN36vJK6D8eM&Be`#w_Fu_zeEy6P@z$3D!
zrlwTaqFqJ%WrEcLU7PL(?qSeMjVi>VQv_SO4xnDTypCkP@0#)G6iQgI3*<Mu#723_
zzUexF9L&PC%vcF6sKoBVTs24EylLa|`()yrgBzTehBG3+4zIiG&*%mHet#fUa<p%$
z=SKG2EwJ$Zye|c~P^lT~)hOTrD&>jA<jMQQ9O9f!S08}~ZRYM}-(^CQIBcI_XG629
zh7>Mdn;TFQ@U-m7QvIAS<3eJ?<(sV5hcmtr%mNj}W7gkdx>R8FrhgOpCS%jmLLv4W
z;#D6}O(g~%N{t|>4XjHSl=6wM7ZKB{V3<#&Xvc7W_rowfI^*rlPkyh#T)8`woY28f
z&CC5S*(zVTIBHMPW!a*d_ohqr)^-G0z`aczvgwvB<VWF>c%6@;swKO0F3%)i+il@s
zMNmE#(Q6WQ7&_ma!7vwb3}o<N7+qtvaM`G>l}yr^R<(B9N7P}~8lx*WN`~={LtM9A
zE#3UdgsIz|(Vp9#$|`qk#HzL5d5)sE+m>xDvcgb^t==OG6{lHllDceSebs<0Mz9*?
zxO$Bt@dtMjw+~!{p^(x-3{WHax|)>M=Cn5|FQ?<~b?e1t51R7fmqau)Hjdt~#=O3e
z<UjntV-OB8T$@t0PeYbbThZ@X#ME8X@cC<Xh`};`bC(v*=LFk@PO*3kI{1(vir@ZG
zwf4=58^g0e&Dp0J7hGFgF1@<?9c&i?#Uc#QLBe<6%g8l?ZnKzVNmnN>T7@?D7n4)o
zn&G&7vb@j_YXxkOWJZ;wWr@aRllxzA6L~TK10d3H|3_!mK^iBl_)zKw-sMpY&{1{T
z@4;CB>u67)4ny&n^M-8AdrKQxV0aRra0y@1$wfLwvr{*7Yw6aY1P@oyiU9ed3NnqZ
zOqqb4G`Bkj%xcjJ*u*%%tRCkC*4+)Ay0S!KFxg%In_dA1k`-UJt+>~c{72vJ9D{`9
zW>gqmgR8LYmTY$8=Dx^{U~2y6%l5_|(UwEJCoip9Sk}&wJz6bb$M#&}?i~Cz?i=F2
z7`NY`AzYS}zW8->AB?m1F8`aH>>*-SkhxJL@Mgh^zkPXKD<?s<TP-@DmZu*vcrpQl
zZBV<;y7kI|x`K;KGY?OBsP?0dCQtR}4$C1sv=7Uyhs;>PX%G>!R7DO1H0sWR(L)Kf
z$Cu7ni1MazxVZRts%v)*a>$&B9Ogso`zK$pTWP5hd4iZ)8!^k^M?#ui_EV*#xx?&o
zay?^OV<t~@3fZub%l<0?3!*5kq#8`kQ|}$dVa3gTuvb364oI8*xdvXLa2cfMm$ka*
zvBuajoFJ*kO<c|A0aJnLIAEA4#Y*DqfW+dB{KcJomG&KV@x#(43VhbWIiyR{<O*b5
z>qfAtaCpjGv}wu0w!PEX$>uO7kg5lT20!YIDu0e2pCtA4A`P8p+_-!1%H|n5jBa4=
z6if3Zb}uEk^tZU6A%<U{z)gOQmVJ=c-)+v_@8Zk20efZGBH8({^7COkc6%*ml8|8o
zNxz0|9<7#TkA$F8#E|G*QnO!5*}K1Qn_wXej%Kr1^QY!e@>So>Gr`+VF&s*N(SipZ
zTrbw5`%UxtXVJ?-&8YO6#na0^2wpsY6^^%@saN8I>0;uJU5q@yd}{5RY>`hThJL(T
z9R9+h5s!uh41Mb66<>k(+L}zfhm2u;B6M)fM!M0o&YlMvhT?#>CCnHc+8CI>%hhX0
z!`+Kg^!B9#XS6?`99Wx9;$Q-9;9efzH>iW>3HpF1S;1LIiyF>Yo5<gYc?lWCS;K72
zGEnKUM~8<??fSWjuH2APCnVMA!cpE4Vq2f+-Ci7kES3#db5ivARjqI(015$LHxCUR
z{5=i4nsu!=R|i&{i=+8cE#vhe()+qZ=f=Cj0f^z#&%}pvUI$EnZjjFQrvnD#$K++f
zd1eG{9^P}fzCFqTL*dkYfIn32Dc=J2jTmlg9`Yx)g@W0^)NmI)@fY<cLT7CH6rQhn
zjkrn7FIkOH8T%TA4>ki`FhXEmV$Ib}%fU=DruI&J>$?r2CaN{FZ}2?jKo1IO;l;6W
zpfTyd7DTUXp%aC%R(rcq0~d0zioL%E__}&g3SYj4XS|T*uZ2&~qeBN1c#Gn*tp}F(
z*e;%*44w)X|0M-CJU60Dp|xMX`hJN8phV(?5Fg)2soz^(m&WQJuOIlr&iJwxG>oEY
z+n_7wk$^+u*)$(e!)OnY*fdl}+g1lFW5w&?@9Vx|CSJen=L4WP#1}1S&3D~hMW43D
z)8X&0NA7{^#%0t5(j{_bTf~rU%_&STgOK54q@eP}b>G*hMZ}bR&vaR=cwl@PQ`>XD
z4FY}VVD%}ykX@~60WxuKOFqrj5x?>zs>=$06E_zuNyriEZN38xMTDlwFM-#pcK=6h
z1y(8cMPME!uu6v5CWF<U{pIqFVfC(}9JPtzZicHAz&g-gu?|9Xd^dunh+j`E$GVE@
z%Kv}t`5d5lVLb{5+F@<z=vba=@uEK9hxJDDVd{$_P3~BLR2;)}#Qr)AbC(;z&!!m%
z2aLQg9|_cJbd>jX+FubgM9Ki_y509ngp3udwGEyznq!(aZBSiZEIn9kAhFvgOJF~A
z<t`Sh1C7}lRELP!9(Z|*xEm0;u9NyUjsT8N;^O!q_6k7pcyyuge-IcA_kR!=GL0|q
zz>(j%VjxvvfzkUw7Fa|K@nJV~lr(iDb=^g0uL)XQwxkr$LgCtOAZGw8&P06k;q$NO
zh6~t`s|c(|64;QPhZG$40@ZgtwYuJ-I^Jbqjj^{f9{l2plsC=t!`AH*((HK#@ku(X
zO<rENb=Cm<in32FgI}Hu-T6ml34;^=ra5{0iskAN1hZOkVAvh;SKrN^duAT)PAbP?
zvnmwf@Z|DNpkO$_o`W9eI-3CK>?po0f}U*$?A8mQA^*AJOF#!tIv15h0Rs&E?TP^w
zf@n%-&9{MDFci1%_l8{PEP!|V+CWPx{!=aaSLRWuI<cny%1Zhm(z7$MP-X!uewehy
zo(~*m7*Hry1o3e4MvJTF<4tw>0g88t#N%`2(1R$4@(V$=CuO!eCq22tIWdwzXn9(`
zkY9)`E@O#N=jaSV00BkJ-OG|yJrDOylj-mUqc0IS<_yDY#A;i=jJUU}7dFg)IzXuU
zYjDC9GZzanb2j4U+wWXOZ`3EE;_r*78FK9`4lsf8J^hvPeE~LbD4A%I<I%t~u}4>Z
z0@qPce(o7oOVfe$Pa{l*5l9AIRy>VuaCEm%?&AspgrY5101gf!BtFoX=Ha$(S8VhS
zI+()AU$89(Y&BIeU+1sQ{v(<JCg703=OgzWjUeef{g%I66;LOntAZ^I(T-2w5^sVm
zTu3w?F|pa=Ncbjgcs&iXtoQcy%;7=K3^d5a=qmqlElXMC{G#G)(Pg>)SeGvb3Wf|D
zxRiHj)$gq(tM4*rT!`m&fF}NpOX)<!M6J{MH%AAo)xS78og2ZVP8~^6L3LmAu1G3w
z0mQ2~!M@FN0cKJ4!Yuw<uYyD-&c%NP6&xZ0V8hc$ss|wEbPw&&m%ncQAD17_?!q4^
za>pHFypkcti!<4a>wh#}TGi91=oFuTW;Ff_Z!*2Ar8H5UUrTgF$M{eo*89yHMt6E3
zc)k}pR!FPyCDGUoSo<rl{~vU+4>6pUS|}XL?|XDher*i-WqGMify32gS|nrqc!J5;
zw0toM7&KB39M)BsKo2oFErH*L(O@X-xbxbBEc#Waft`J)e>rLNjk+2!IOAi1fv>CR
z>|;$~?{i#p8{Ei$4mFLC!?C)jji1~IeoHKQ8J}_@0n7YUm`q(ATw@-s^2IemhWIgx
z`Trei1OMiGihDf)0XVpH08r172OSCoXE9$9zZ4%RGVw+8yPLajAVI*LyG}Y`AHRFP
zo4ve-44Cgh!J&C<egMfjQeF5NWwu%Y=wMRMrX+j^i7VL)5=Je^GWMaa8|;B))LkqC
z*lXbPIIfxoeu&R|fP8QSfrhCUdMsV-u4v9BbVaU}5Wh!N#T7G<oJ*<;L{bk~<y5){
z>uHvfA#u7RB#KoGqq_iItZ?GqLcmJ|U)elv1w{8;uD|UBiIoW13*C#nMgamof-7)m
zkp$Q}P6Cf(CxEdBdwyBE3=Rmw{134XcrY-ce}6C#pT9jAp#9ZyBhd)1cmKvA+1&cS
z3lLf%4ufU=D&!GAhdk6C5UbIC4tXB1vGwI=-OBzhw|Jg5xq2P-u1(Q4*c{^C?b!c^
zQ39~$R~4EEqR{_{`~Mw;2eI-0+SvYIyIIYQ`8G({CJhPOqVe&&(_4My`&7u>O&14D
z6xtz4gIJxxpbJgA9zJ3>HyQ7hn=`0u@xP9JfGPjS*ysQB;DFBlJ=^l{@QEur#SRBH
zhr^@lyUDtpVSgP?2#5>srLYZK`u}e+2n3hbDs)Ew<z(6AjuB09vNK{it?~P|kbwKs
zQ!Lc}3wQ0!F(PT^wX$tQ#$N`Hd>UUN$Zi7~w`&zCT>I?>vNM7eUsZZ8M9n@EMi6in
z3{FFa9NfWuf&jpv?w><cR9K`yY-s#@i)1(VI|H1t=u7A08J!Nd*GJ}f*o})ut(|rz
z50|ph<W*h?7B8lygZg16cHw}Q&*a*PuIB9b2&V$}MZeY3rL6V-s#8{4mExS`=GiDS
zBHi{F?nTpFm!HA-TS)l$2{S+&;-&J2f5*ocGD6~6y^tJBq_!2=&%#;&(qf*Nl3e#Q
z$~T)OX5M5SZv?npKUyhL2Q{yjsK~?7HD`Hv#7JbLO7ry^1W!rFNlb|fuALs~IvVwZ
z=A<uap`St7J0XCFlfZd@V#5F7>dW+d?>FCja(#8mH1(+3uV;7?AjVL^a=aCLX1p-=
zhG;u(J-m@CX*;m<2~B3tb3FyP@uRW5T2NMvs5l6I%6YFG)EnE!=uyuJv*N12+li09
z=+Bx1$?JvfjYuFo61JDp8|H{q3ZGCE%RZVn-_wkB+Rd%MmTAO0q+V)Vwo*8O=Cc1-
zN#<y7YpxwF!1gQIi1V1;T(ss+ue^=AkB5B~G9Hy{k7>zHpR!NlE6kNN-(yy|svF$f
z9qVB4MN5@jhn)d88VM}KZJVWIx^~#!$Q<t$RS~KkPvW3;xtFaNBu8WK4jD1*u_B-6
ztL4N&&V)9$5tNx`r!Jrnz+2C!8Si0G2iJW)_m=RtY>%giiJiBi##vamiW|A<Rm_{n
zC3N0o$iV4t)0`No9}V$G#%!BZ?G|KvaPJP(jjplwt6%~#n5s;A<VVrD!UiGY&@6q$
z38PiSkW<tNEmkUPG;;(cV!xaRlkdoyHCl4UaiN39+}pXfzQ3$RqI7pyt6<N_ZNQrV
zwe-bIXhTT0m?j4xm9X|V0O)VMx{zCCY{omDUV4yp&@}q~Bu*9X?x@XpSOeCyZBGJG
z@AEOqn$x2-Vt?M#{V<8Mqw%x1x0zRC?Xzd<Be6d^td?jdM_ZdaB##hA89(Pv7<@Q>
z(Dt%NO1QwdtXEFiBid%H1ku+_$=*1>Q)og|(*C(vMJbkk$aga0gKw|PEG9f~Zk#yX
zpwZau&30xjpS+cgI}m4zng}g3`oszdXMd*8HUda%rDOt}Vd$U_zX-PZdS8jX@O3~R
z-W`Z^kZIJ?au7jM8Sh2;iUO(R-?n~!RSk{cF6p!=eQix}#hyP<Wd&`dh6uj{E)gSQ
zNQ$(ye%cL%KE+r<RJ9;l6^qYqNqIbyThDh?GHWNwtg_^KqFu=o>p`6l>;5+7WL(D+
zXlO>+71sMe8E>5)&+&SqIsUlDUxQx8wfzZ=&P)PtHd9!wTHv*7yW=c#;X~EzfPesm
znZwjA#JH?+-_(?L!((N@^!{<q^tJ@GP8WWTvW2f-Pk7-M#(gYrcbi<(-DnmMoiu&Z
zw_;4#=Xsux&b%<5WE#)gf-t=`M|!K2?2qCgCTw2r$BLPY!~QfS@8EOQ8faA()Gt)T
z&FShVi(wS>Wy@bG^}-AcjDt|HU^_Aes!n&ZTe#N>hfQZpt}kVknd(SZf<G1ciVRrw
ztJc|6ZbdhnEbiAvjcq4wRt!}}yPO_OaJ1X`)6w_utVLlURc-j08QYyaCO&*-3v{^u
zc}#jWN;uWCtpJx}vVQuoDC<+8^zMpzx~yYp(82I<5CHx<3j`!xx4J{pLGEYkPTsHB
z=}&>fOnIVx=)vGvQ=yvtfjjx}@szcsZ7pVPw)0MUF{chOt4EeD=Av$54Fd0e&C3Bz
zPu2=~IF-V2=cA-AoY{aW#XSROMezFOQCea)gKZ7Uq~T0L&?vQ{VJX+yK|7jWtdq4;
z$PNc|@G3{>y9d!kQLdtU);$6sMSB;R&Y3MP07MUpFMu_`_f(#cFi;r4Ws=zH?%31q
z^}N`VjMN(b;Hp!ggJ_Yr>gj1Fuahx247Sv=R~@uccq^Nhd|tpgNy0HIHt!U~@u1{A
zXp-RW&b+tl#40NyXIeb*Hs|zkiIV&iK@H1yuG_HUk;TJVR5j^B-1VTY7V-lfa-UBD
zdLQMGC;-)UCgS@Su{+2Ff;jUn$T0A!z3!Ie<u2d;%wS?*`F=VZfyh>4e><6Xv?qza
z*0g-1!M}Tr%_N^7V<3=CdP7S_8qo!q9Wze671MfywEb#tQ{^uQ>Xr_^rop!x9#tng
z$j;E(1DiB5pg|pz;McYV3zmWV8dwM+S01FYyC8)*_*V)Og6_^$OrEcMAS<tp)6YF1
z*J>tXo|1pI)&phqnDPm-{dAyk!|X86BKA%4+Z78*QMGC5S$KU)Mwx(4!CSn-_NF{V
z*%)wc7MT=NcN6ZpRk#<NEZ4z{CutG+QSxkf`IXZ#bs*jymD3I$D%g^W2_`;W_mq%z
z-tbX(C$t{;luFzGgb;?}(D)v7R@;jiBt^4|omy;VWAr46sIVmycqcj2ik&`l;!>R_
zH8;q|dR=HT^PkHf*$oemVf%B;h6|03KnD+-mSrAu88vG;^=X{}noB_gj|FewUZ}j<
z?T`_rgsAO^7#=74)zJ<jP<?rZ3{tuWT<E~j^JHBlfkCz}7l6E^3y}8(seF!m4T<<<
zURZf(iSodx*RuYDy0e{K?!cE|1mx|a_3zB>*YP&u1yZf0NFL)XBJ=6Pim@|is5oxa
zYX)%dQbj#)L!W7Va5$fUFR|43$);jSl|O-e`Aff=gGal|>6V1u6H6%ry_=kKA1xxs
zKA5VP%tjjFwHjCoapw8b3rRkhaBo;zz-(no*mG{Ut;gcsuVT>}hce`}JD4ohw}QFz
z*vkguLfF|j=HuSDxoK9=mUf&BkDp>^6;FDb7qY`~Z1dPF5^aSy!ulya!BOonEgaM}
zkSd%@Kn|aWQEgmz7(Y^b=8t36xnc;hac_8Rkl}Yr=kww%1kUVYZxtj@B@8D)fJU+O
zgQY^oXq-byB-@qTgUt_B%hqE2{x}u$f~!Ub6F{SqUoNI5hs7F5l&#Q3YChq3xjSrD
z#b_}rp8Z5D!mW6NIir1BQ_wl?L2I5$h`3@bM|AoEX~16PUIo9jV;+QzUjlLvLCX0=
zE09o{;G*;p2}2=B_C09oyo|*GXUU%jM6i%0)%7)dw}e=IVzqxthgiF919L4fT2qN~
zThb>m*@Jp%^o&tPp62;p7~RxRU8V;I?Jh(yyZOnivYpxM$dB~%Tkd!gbZtkfDwbLr
zbmvz^Qpn?cSlA4XJ-$nYCawZ;mT_@XygqJ^Vvk1VMg-DIqf<wXxyDY*kMA`<j7M2$
zQrTXMWFM+IoL%nLMi6J|dd&QIA%0}cUS_9~Wk>`XEs8iPt+IJXQR=1ubc87m+z8KR
zU;vA$r$dvNS{GKxQXye)H%FQjv#bvRP!h=yexEeXLKPF|6(e<;v!?_7%ZHx4#}n(|
zeygMiFh$1!sbMD5W99Via`BY^MEO>mk#P$o6-@F0_)v4vzI32N5dogRybB}`4}!7B
zz~pH>fO)u*FZ}@UBBSv7874lc*&9eJmfd<dER=DSY34*z4ltg7x<mjl#%Q%;4r`-3
zg1V)-LaJ2NKU96wV{jNdQ&3KrTmXDbmMGxb8#~ImMsavcrAU6h5cMd%TnNg5MZBnG
zr(d0zZ9wBq(qbuNul|RRMeZysaauD)RVOAKoK#MB!zM+jF8g)FUGW+1l*}6OFOmYq
z$3#Axj)k}pKU^!fXiP)qG~^wH*Y1L!Ym3IO+ziczg~L_buf?$@{3t%$v1JV%oSs#h
zMu21m;KfjDsZ!BvLNhXaMyU?b*jsQ2tdBBB<2%XOa3sqP&xrt*G!Ui(qnu0(C<B>l
znJE&|tm5T>SWl9$40Y)M_Hxqb5C3&tm=DKf3@aBo+?ILFw!*eWc?<*K;^L$amajig
z$Bbc>A6jwWNH!ZvQRrM@A2!aDh}h%D(JJjFuP7kzJ6qP{#aBB!>~HK%5@yhd*Um>E
zc*!TtZ6;WQ>xV1y!4!r<*5BZvZ2K+7PLpS)E7iNX{ThuEp2TYY)*^dWU(toPw_99F
zS4i3`0_mSH*)Qid-smzOHld`^h(9JM9sLGh+|_0RSgkW@NgKP^aLn6EWd!&uJT!*V
zbN+63d~g_UpkUL!d_#>F5f3%Bq_$W3a<hrjL3Kf4H^-AZ!+2b-hfdkTo9oUBwo{T-
z%k$7Tg}wUu5Ht5_@lh?Pf%^&N&&%aK^)W^7!s>?*Ecr|UAfCp~6n21kF@y^*HtQ-H
zSf`!Gp(cHvDp!PK2~i`%SkCSrrEux>=y*)D`95qq7nzBw-BlF}cffJ0Re3l0hcEpi
z(N2mmt4VxSC}oVTmhBY&_<&3nir@^*vqutTw$PZ$!d1^`V%_O?L#Q?xTn@wzV$C0L
z?W9VYq>V{b3*gW1LP>mf7`5sTP0(Ae&le)i0Io;E#7L0iwq+*(vZwv63vtKvrP1--
z&#h>!XgpvTf=lKnom%LMj0a~5`ql8+#%!m;HdWw)Z!t=_KAOu#odxVhQ=LlRMxNbV
zzu{6#lrG@yMfc<wXBwrdJC(NwpFgX2W|Ngq@W+A*)Va<ypJ!eJhZB-;Z!+aRp$!~0
zh~HG<=~zlBoyR-o8HNinHtl_QC=b662r`>29OwI(E_CbD-(EQGi~pMaLDgE(4nGEm
z%fMzh9EUOYsAv5BO3`>FSN{%&Ocv?PgcM`<Q!|qy9SC)4UKrqqlayW;e28ubULeO~
z7>l`RkTAOrGI6gbkZcn$@{3G^s$#5%3|6y?WN{kCWC}{Z_0&Hv&)FPHwQ=yo$TvK*
zUch2J7--~?Q%f|Yhym|gaE-!1S?%cuK_BeUytBleWeZj9#SdGSQbFRXh&D<gjr>Kb
ziDCq*@54}!N?>4{*R;$!ZR_yIo<;1l$;XxhHbbAtJ2f0QQnrzob<M49JV(npE%ap}
z*)%zy0!7dET+ZYb)k|K7%(JLsxp#=rnx!796qfbU6(%T;O=nB-yh;>vq~oD>k;3co
zA&Z_|iYBs3@5qbU$p|yVYb`iCJt_)mggH^|e1{fgBTz#)$~gyjYZy*EKN^F2X-(uh
zQN7c~J5Xc1E)9;Tu7^-{7zpR^MYIf(si4kso=mMn?|6r});|RfXed>$_pz!#j8&f^
zUG$C+;XJ8C(U>JO%%i;Nc`aI17V5gEa3k~@@rk)lI)+-9BA_uPES6hI64Yml0KO<3
z-A!8WrKPg&c{(h_R6Y+^-;?2njc<}K^_E+PUFsHN>R9{<&F;9NvhrM(X?y29yu(^)
zW;$Px&}bq*a&PB1l!v`pLL#;aq#<{AW*A&bOiHtN_+cpQ8I;W`tXeWykd3LJO_K%5
zc(K0a<_$Tnzach$vWhos05QO~XBspi90UqwkctVW<KZ|W1IgBs?hp4?+5pJ{Bv3&f
z`hc;M00z<W=K9;dCDI(#&Hgm)>`3!HyLJb)79!Rb4|>P0nZ)3y)SmOnI<oB*J|ccx
zQuJPysQ?WW#!Ln9@?;M6ZZ%yGPk9_!*-P=IX9cH}HPvv#O={F%Jk>BS)_i9;%2{s4
zdRvTl#b!wN%QcGV!x!rEH*g*b7MMzQ_H-@851NbtpZ-~JW`%>ZZAD0n)ucmH=e?__
zY+DQ@1S>yDuFGoqke);;&)87enC9wbUapUYiUL3xBQmfuzK@*tj{ry=9Qb=088^li
zgP!MTu-$Z!zic|&%;jjfW#syT5MFA$=FYC0uvIx<HBkS(!XoZOlckcR0f{Yos=03<
zFEJ>SNv#nd$TF6_D}n!zCYX>>iU?_~&)*s+ArfgiCBfftu|gMa(+x)=lqpL;O=rd<
z*Jsm2zcAL?$F#Ept9g_@a#qn!efjyGYg4B%@n}$rObx<AW&a>j8r=8vr8B~!UKVt3
zV8zRo8(D_^#?*^^Hmj)+#18HH3PCJk=4M`<=!3&3#V2p|&~I6Ec!C3L_q{Z@NDkJe
zZfwB9X{`On?ViHl<4>qijWd*aYfAR4wio!IgjDHfH1ltFJXu2PZ#le9GM}Me(CHKj
zx9nVZd1zRV5-w8_ke``02iYU9<&mGzdZLec6qSe$&YHqJHYMD<^6Jo0p2kD+4=T?o
zM)FO#ApsQ#?rk`C>mITjD=*mhX5w>Pqo|nO7CDmN8Hw6yKsmH)REH*qyKX_(SN>sd
zX=YyP`HNBPzLt2th}Or`GkhB`6u$Hef{~@*60d_xy#Cl~+XMrExa+?`-0%GU>j`9i
z3bZx15wX)WpYn>mv9iyP`_)~XIE?(A_;GfOGIHP25!tFTJ5eF&mI7zMkP~Fuy?Q_e
zYRP83^Mq@CZ^;6<n98RJ*Yx)azf>d*im>FpM~yK^Q}Byf53(JK9`><0Dpg%0*NFeo
z3DQJ*QS-%FKLmKmf{g1TD@01HS@45lIN9R#uTeCwO~93IbKlW>E^Ra>R{hm~yUXDe
z1cx%SthsAdqot+~yH<o3CjCS<VJJ>u^}9~i2_UhQ3?!|unW3+(r6n{NLbx$|(z@Gh
z%v<_DFiXDVgp&&sm$$MFfBjhv)X;}vAGHjQa+K{pF)R$V9MtqARMO?|oDYDcehdm4
zw$dCa{g9n_244hl*UAGNl$80w(^a&01$k@*zj-2lI%^^R1?ZPBN)~)<r*@0BbA>4~
zRS;)lly-NrqMNM(q}f^px(#?MDzmsA0tkuLa?ix7Z7B>LU*wC)kgJ!ebe=Q=@3JNu
zO0#;9Megh<y!iG>y&6`EdeNA@(W_3zPHCLb55jqrpM5@LgNdoXT7XQA4?vl}%VCo2
zpVCJ?Q2pnvAdD?>8si-WVW`(lSnF@U4Nqr-&?dHyZP>WGD-#kJOc+QyD2bIIr<o3Z
zhJTiE@m>HO9vW3XNpL*NId#no0^Mw3o`Av{z@C}0`JL(}I*#i5rQLUy5xxr!1-z|K
z<G+4kBZ=D*<alLYVk;MCGEwWXFsy&1Qj{^kg)>xLMy@vijk%+o;D}Xxw3F>JS~x!D
z!v^?oEJre>^A?}m<=Z}wgCo?xe^ikaRcYTSmIr0P7H0{H^M;UHT_gp0gHi&o@)M9b
z=+7gEaN?Z2axO@58eiZbx!!e<mMPIGS}<loAhdiYW-biJLtk~g*{lp-uBc)S5D8P2
zU`rc3t%4d11;Bq*&0P1x$f9L+s!n!MB2PI~DPBa%`o(lmk>S&J%H-mxyyWj^{+xKy
zwlPu$MXXybV8_BjTFbe;sb*aL72i)b8J*&=@=Mnfnu2n{wZ4k5CrNzWj>DaRWtLL-
zKdjtB1O%~@VIMhuF=F`ipy4dQtuDp+Y+8DWN>{)pq}hzTYV^2<#>F_AxKLtK);>~V
zQ3tv|Mr9Zpn>R5S13hqVcJ|~q5;+*#p?qB)%!~T=_CCfZ1BCh~vN-}cJCPH@9FK(x
z#C5B`Mv+rHjUyu(7A8or4JLj>G6cEJnH5em`|hYN!y0(;Q;>>w_hTDMN%fZt8U9*!
zE9tY=2e=b|MyV}k-S7HH822<v>#>zBOZJY^7y79EFvM_XY^65m|JWQT0RFxfW`}C+
ziCR)m(ZH|n1QZcySgjy`(hn1RvaI(8=B{;T_B_P;zj^z8cqUBQ6e&-)^-H~<6?x@H
zHWQ^6+&ofQ{tMm7jlHx1Ez;n8A+&XnGbl%$1|g79aD;ARr^jJVm~~AM<bkHO<C;75
zMmAqyDAW(TKGdeG?WBd#>&uZ4V)}I{0rah;#(T2e{U&;$30^$S)GqZ&%E*^sdK7r1
zaNE57c{W-zr3LHJLD1UJvh^S{A=Qgj@KxzeMp0H<z}2-vC-D?j^%od(1|^N92yTr>
zH-f(-Kq|{|deExA4hNJha5?5EAMIuV8?5rMH`}y?E-|(C8qM!8PR;PcUSg^i8V%Tr
zfSEGRCy<<yjD&p(G6r#qevs&2$gY=`(+~L?PbV!EGVH*xB+GM=q6y=i8u)9gn(M6~
zn3yEz?#pj4?J#36<7bD)yk`rI)C&Ju@sl~kld(jKcb_GR$&!xcKRs08m+=$Hm5w+A
zVZU(+9q{JVjXzDopB3_DXiVLvCP!BY2jCE+0}<1YMHGPD!OtHl*yy^qKnhcyKQG==
z$)9sEWxdU&GB0&#ifFHxNlLd(88xiP)k|n+8AP=breogp0~H3JDoQKD?scvO$80Bt
zX?VG@;HcStazGKyKKdr*0ysdCL<9aw_G4QyIBgtrAN|cf4ZAkgAP^H+a&_xKLQM$H
z9(EO1s_NbX7;EgPgZ3dFTpmcUSPxkpl-gu$*TxI_xM6T6qd*7Cya7D_XE?xh^~{J&
zuOL7Nm&XiVqu2`oIdsw4Isrf~>qu}-O6|2Qh{jg^dap^Jy`}2xWNp&Au2qS?H1xri
z4ugXtyM(2zo*hUw+IVcf8Bm|36XNYI9bzlrNz?E$57igKnVC;%nN)S3dwQ6rEXkrQ
zRZ4}MLL!_jSfaOVBC{JtQ1EFXl6CmKYPrE@lW5a^lWKwC(O;F0wE=fi{I2=;5YsAQ
z#S5Y#k83v`#HD5!3g$gD2urr~I<V_v;-=Kl5`<V{P6!cz1S<l|TdIV)d3Au;r5xQ;
zEy9Um^b*DE;jrIN?xmtRpdOsFk`ivN)9V}aKIJ)>X1bqBm#qW}1XFdOR4~5%#W|vH
z1-{*`%_6e7B6Q7puZ$lj`7rb>MEa>g#B=#!S~F<O3d(kgnO9Pzose|WE7swua=WeO
zd!{QU50Jz3wY^|8tduCoG$!GgEouDC&GMD8a0fw2Lpcq2dRhCEC3WJboC}FbhvxDf
zU!Rgk%RP6M5Do8*P3ApWnDJ#!&-n60>9gbN=x#!LKZ@GATUe=D&27Dp=xUomAM(q4
z?gg}UeHLp8e6|}#bV67RJfyPFnm(waDTUtyd22if>jxe|6Hyfy`P&y<U_dAMYwsyf
zj3ahG_ooVk7V(kEhj8@(v+ua(Fg|Qvlds(r^s-M;FO<1%o|K!u)K=ypB;`&^P5hzJ
z)$1ec^ICZNN&J4Q_rhG0=&x8?5_F$*Wy+25uzK?`Z|lqWoa|+cwy~Bqt2wOPA_57}
zqV&E!qhNGKsdz1hPfO~jn;&w3*(%&t6)L^e`t*!|Mh;FqEh)6mI?`Ic1_vLpGylgL
z0P=1a>kXf&!?(QU%fZ_n$(KTsLHyDuSyiWpGy0e_O&n|GTg|S~LcxReE!hd2Yc6L;
zErBd-I9-t1Q^*$8in_6M&8Pm#-GWyI3xTepm<TjL^f4i#Kh3AT3J<_&+^C}zgg*`;
z6a$jzx%3zD^<vfL@~g5KAv$OKB*pYvrpx-k+yN;*Cp#(oURim#Q6iZF+afC303ZY|
z5=D@#apAN1-S@=DKM?3<-eBp&2GE~c;mfXm{xDo@Kf0$4E8as1cd~4kijLt)WUtRb
zD$M*y6|_|9<V^UeA8QR4frzS82#?&ngC9ZGG~2ZgAPQ+BO7fW<)8VeUg$8^x<0hxg
zPiRh5plU<>a=34WPhQPVhfE=9$A_Wv!FfG&=a!5SPKxxS9~>65A<UZhBGPdjrQdK;
z(pPMEh3!tYA%+Ve5ux+NJ%#Wex;wx1<6P$K|3x-qq=qI(@6G-`7C%BhmffbNs+=@v
zzB{NF`<ninB==6wdb50G7h8qOSWp6cs`{K2v>^_IzV^~~sq>^4<y-dh3DgSHJ}ajq
zGmU<H>y!tI0NGOYe=?eBK~B+!6~=pK2!gzK83E4Q38An3o*wn2+-((@8Rh(ZOond?
z`WYzjvX`(QIO(p$^Lg`lF8E3mJ}tA7$jcaR>H`ARYzQk(ZD0!x4J$+iJSO@i+N*vL
z4NqBbeQpQA;W>Ldgj;{Bbun0gf%!J@o7GqtDTi>1RmMivANjHUw9a!}Pl11liL`5A
zjzPb{d%WHpVOQ>>IJ%hNljV$kf}E{B)h*b4OwB9MJ2~UBp?j7xG)5zDiaa{`{`5&U
zlsCPMypjRAS#V{`kRQ){S*P}6u-VNnK1oR8>Zv`>hHP{{6&l<pNJj51_udGz<4(G|
ziHr#jqgSY9x*rDF@ZIzctF;Z;Y<t<;#+@syvMu);38bHTsO;F&_FHz9qJArz5wT*y
zlPH2otuV#$`xfYBin^F@+cy{M;w*0$z**1=X{F<<0++cUpEWiN$s;?K9(2tC5<i6R
z{>#Z~Xh6fk8@EBjafJAgHpZi4G_S?E2g~~CdJTe7aP4Z@n%Yw{Wm(CYQq~%O$IeXD
z=9!N6_+ft*2jNmn(CdY#A%Q@Eqe?*i!K32yoyxJ+gw5h*P}G-@4ISC4zJ_K@-I5!x
zeq0v4lGuMT6H`DjT7^T4KYJP?Eu1%{Ur1usX_wOOm9*gBy<&(j@tEM6I`ZZ+NI;Fv
zO6UL*f%5)-BQFt_Mk?~hd5d@p$r_BK+xmvIic<a<GdDJdWE|G)`^%cq?^^GACVDkU
zAJF8)x0^e<_~8)S#*@U3W$U7J<u2%gm@HCrE;qo*m_14wQfkHZ1~s6!wVazmfDyq1
zdr|ec55ULIJ^%%D*bwn85LGJ|gABV{(3>&y7P=Y66Hr%Y0M%wr8W{fJz5TD0Jh?Nq
zDhZaLO?}Y%p&CJDbu0Tg!Fl;dByLNg=mQmQhY4R?KhdIvc^xWyNNgZLT_0l6$a(wp
zKF11<^M_anCWLOQvCQOPY-NE`_6ZA)B~74ixs>uD0Zp<GPu=2+GIR!~6<<F{u@N2g
zplA!MKOUn4mZ|!$RsZf@(5T1mNI9<~A@P%mvDCW5fz3jC-6_-|fm(Covl04-2_q$h
zUhHg1@=<_JQX&)>T{GC$r|D!1=x|KK7j;6wzN+=`@up~~os9xj{-1nQ1$4NOquQ}A
zGOT_p-t%=1KfC)uKmh2SgOkB|ydW_beZi0W%Urltd(*^Ke}nW}!^RQdf&$M|@b&?}
z*!GNeKtdz9mYPN|!KQ}(*c2_t&+aBLdcCy2g8rl9W|IUIau}6<?FFAc0f5IQ{SnU!
zc`&obKhAvb<;hOJCo0=O+(N5SSRhSyIn#i{=P2sji)TE(1=<Im*$MYO0P}DEHUEVu
z@M+Xz+3uB%6Z!)hLK6Ggf}{)Qa@E<Xgigk<cTK9EhLq6ED=3Z3z!8dFq}}RWf75MW
z-;(5$&TETgP5+q2R_WkJe=tRSHn3-zol6KTF1R01m|z6dkn6MZ{h1JvWcq6ze_SqB
z@!?{6U1rgkQsn_C=5ZK<QlREgz5xvd{2Jc*O~1y2v?&Q8kiC!x^}Me#(*N+B^XbmN
z#PL8nrx0HV+MH9Zzm(KBG;AAgO@^}eBYukdABaZ(g5aHj&RAmc>UQb~s0#eYY%$R4
zaUpn^|DyK=5Ip{&-$&?w==V8qaq(r0SYj2t+#>|~9U;;@d5tk~6tI7<8~tKf{f+YS
z2lEvWL_tOQZv@f*q;Es-RM|Y7oN^02p5v#Y{(3A)HiQAzJSYL)WFQ0;P%YS3G{lQg
ze{$f<P?d`EtQ5|BjK3FJC%!w!t*j7$?lpI{=LrFVW+ten*FgLG_oNGPXn}!{S0O3$
zUk2iQ-pi3c^BElnN@yJ@i$|bg0yp_*56d8=qr~rv94f@EJh))`{&PnOxPyOeB?D{l
zWi+VXfE4BbdOwboPY@Q2?K37zFIQ3culY!z*FoK<9dx!qx{O{uE1hX&AHHkacDWDR
zmCp|rv{EI!3CyJdI;fR)@1ijC7ro%m^<R!UIow@ApN=+<0E_3JFGAG51!yd<O|K(j
zVlp>dHv$In5b*^?GNE{|`cJzVNP6Dx(Eu9B{4aM_#5qF%)%g9UPVfdN99Y3@#y`mH
zQa5^jW~yIkZnZXPc0o;F=^!M7+}pf{_A)Ybuy43w^Itj9=Xae(9kc#ZhT+d1q;r17
zpL?@{ba4C*yTKdLe~-Dc`5skJOR(a7bg~oRD(Yeysyqm`C<t0YAbjp_WZ)Dmt`MbD
z-T*yVe2KNW_Zl>3NMGE*?0NAO!Z-Ot*g#YU4Al+cJ1)e)P_g|3Q|tFz(m|rp^Cq@E
zICsYT_Y;=8KzFNj|8G-8waWUk@GpJ15b^sO=8d(2pj8KO!~fn12@Lk%Iw2vgli26|
zF5XxBU2cLT1-Jj>RW*>LpuM2M^%49FjRU-B-KPJX)qN3${n3-w1F3)gGx7AFTO+|`
z{6lNxzqt;h8<1{*zu)sOdTJnqo@xVObC<II#uN9|)AFJ->kijJO<B9};$r_Fb$=OE
zW!JTj!-AloA`MDQgOo~0gLHQY($d}1A`JpcNO!li<dzcY?h*v)?oIvIY1}@)>$&bR
z-sj`{%`x2UeXeuOHP?*eIA#b!B=?rOvb*@7PSpQg*uTU20oXXD#rO69uPzM)wSOXp
zzlIL@(Ek->T)y~!A?N(xaKrz;eg6$N{C}e%{p(E!9T4BrbZ*E~$%caa!qLh?x`drs
z`?-B6#(yiv13eHh(ZOQB=6Bcnf9%Oybzp21eAk2~dBMH$@$aGfPgwN#FoQ7Szar)V
zE#ZGt)c@<2{3|^P@LK+zp7gK8G;mP=55zQ(ApScs?dJwo@t`m~FQYsMFvQzlpdi!r
z6HN6HWCZ>-_RIbN<iS6lH-3=p1u$m5Lg>5|?q}8>>zXYPIFUzwheVWi2Lca57^o%A
zT+=fM{=D-Bzh3tn$;j!8q_@ZCAFAuKIvyQ<EJ1tA>wDt^lNNz2=Tejnfb#|rJ5N92
z`F_9eUbD7I*<HjE@Bl3;YFaAN*SRno4~wi1hqFM3nc*D7qx4sdnm`q)89RB$cL$(v
zi*wj>-(ExPg4od?QVil60fRYD)PEV;#ns>WAINjc@)&l2_#H2i<FLX!1WlQ$P7BEg
zU?1MXib2UxSE!EK>;|feb{E9kuf$#rglG@H3Z+3gpx*&)1zsYzjZ&EeOHf56W{y8N
zhL37mqk-_+u3sdgdie0g<}t6^_P~b=0JlZic3<Z1()aL$Dmxtc6>dced7^R-^XEZw
z?&$**MeEbL&o7anroj%V(Qrc;hWU2>OItN-d4x)eu&3k@2v_FN8I&@=7^klKNvJEN
zTtYBiwo!G8m76F)DJj<d*9p+ChE71z6zSDL%UiAbGSC0UW3X-462Uf@*F#VE83QVb
zegj}1w7HWn9L+g=hk3<k=Q{!XJoVci+qV-e$|P!Jw3wgOc?u~PhJJ=1dpn?vkv5P5
zLHd?lvh6LGlbo%h+~j)sug)P1ryqFyT}Ff$by(Q)8re2yV~JDv<{R=&ZS%1ox!T;T
znUS5C)V5bS$*yL*+dC}_^x<9a1^5xLlhC1pJK-&;u-NRnUW5<fKzCNe_-hsT;^Y7#
zBis+FHO_}xyBoY(dZ@!0S7)SyLbmf7+UY(eaPR&_X@h3e&saUd43P`QM!wj5o7uua
zt0hGT6bOAm3$Cyp%@`yP^AJiO1`6xVQ1x)DR;sBP!(qLrOZ%v7&xM%zSy$Mumy+yH
zD6UI!-gi=Xe?T(;jBXUqwRF&=5H;@jF-zCH?jYN)Axv}<eD74^ICS)KY(V@e@-PIL
zMM558rDr1EWS_Xu^J>9fVbiti<30Ax;aQ>!z3TxE&K;<xW8k4Ir+qd#=FbmWus|Ei
z@!B{uqTkO&4FRU-|Ffti22K$Qurf-z1bRe*s=|=LPdvvpeQ33>-1>b;a6;lq9P3(k
z+et|eIA1~K%CE)%3K|p?jerCoAvt^cpAs}}Hmvw|ywQE3dYlrI?&Gg+RX1i`>r%z*
z#_Frq<g*oQtLHr3;-=E?UZkP7V1kEEClX-xSe5GPeY=N8RIuA^%vXM%=8Z|M>hFj|
z4H3X2jd|nT$bqiH)bB_QL=!*Rt?bcA2e*qvBU&*jKy}yo)lkCh@R%kUkf$Idyzku>
zf*$}?bPZPl+HP^@>T>St3EN}|)abbDb=swqt^E0A|M9f;;-%UYvdCn^sLa%`psqS%
z!wu=E&nG?Bp7s;Oyp0g1Ty?D0O6{r<^!5SbcFaOqn5+(jV`Y(}>7e8vhwk$SFY{YS
z!Ga!@)>c2!<y#ZFr;YqzhbQ)+3j(&*r``mPlEgfLO{>P!A4_dJh0n|B;|{uZq1vgP
zkuNykWr;JAPYza&$Y#8Xr+g+EK?_Z+e*<Mwwfww0_EE-k$q~p(HPx*0`zo1;@EO$Q
zd-GE_E9NY#CbAQgvdmgQp}5%HYceI-8UT6?b=Vl(LB+IavasyjpU{dnz^Z_E#x+#|
z&vkpP9l~OR=?B1hER}5TYJ1%O$>-<{*#&^n^6slrfK>W$yi<q9BOiO#aA3!P$MoXf
z!TLudlR*(byrl;c_Hnek8SV`t_*5LTuMGP8oq5&5h-b|3@Mny&d2VRfB^5|6=Gt!t
zKP;xb8mh_L-%tp5RaWC<gM0K{BvSl5uOXhU8-_5jL2_N+YdYx*qFjte0r0dUZ?6Wi
zs&hTH54gwU`W?U!$;=Aty_q!UIt_>}%?6}r<Ec|jpt4*N?L`P$f!LSZSC=KFNns6_
z*)l17yes;eDNWFwvSd5BJm1T`%@F?HNP1v7-)z8m8vyrd`F+-wxz-DnwsfBCt?+CZ
zDx`pND5;-$aZNVsFu+OS^^BJR_Drn|nw=G0O)lRRoG?Ak_uyD{TgB_DLdSY_shpsC
z>};SW;~3jIVTh0IN$BO!qm>`ljiQX&uB%x~FkHA>*2H+#v|ZOuMGh~cNt8H;gpPIX
zYPQXO4@Zm_cQ_w>r7WZqH=TW<473ko+8-6K*GEPg%?}u>w?97{os&d1pJJRLm~)!4
zT;jXSx%jS(lS)W#pJmm$mLp#2>aLdO>5}2xVut7HI4^*E-g#o&Yq6@qvmKqf2N0;9
zF5PTHNqjn7G0_&Pc#rNC-GFm4YdT3IAS#K2^Q5$*d)TjnNX@J3s06hqEPpZB{~W2K
zaf9$Zsd~8k$$S7hE3dIDW-UNT1po>IyE|ZTSkL$St&8!)2lhfzJQVP|Yk9?wUEM+&
z4<4o&kHlQ+fR6Oi5qx2tv37hw`hn9CjuuMey4E(m57n#_v-|w*uJ;_P_?j2QCu?dj
z0>1sYzE=rR-gl|mW~}Nqr^hVQCWkJLoQz^ClHVZIqV(TkSxr}XcFSqSiC(784M0OV
zMA5Pi4@5L{rY-yFj@<_M+<5U;nOjU#hL&sJaqhNa52f$b7&&t7e7>&PIfRHTA2lT`
z6=tu3{{T8?5Bu)-Jj<X{m_qJx_2~2YZHbX;{AU-Su#UwCjM035Z+yi%RLg-U%3f4z
zWD|Rp(Ff|obCS#A7jTVL0vy3zKqt4$I^ox1ZKvxwjB5nks05?opu>ZEQ&L?A+YJ#q
z56P4&GZC;uO(p@!pdkOlP|-SjX+BJ1_N{?WqGsolEKMrMM;nZ5>z-$uV-DI!@aLhM
z*(nrM8Y6Qh+E+gwe#`y-?NAM2NQ$W@b6P9sxt;!2`Z&k-E?bF<%<1f5JmM4RrtH%7
zS5u>S#=4$xeEnJV7bpa1S?0fTDLEC5yG(AsR(cCpcm#$3@fb2>;lg*}&QxeftA_{m
zUZCivb)$4+u9X$D>hkEoRXh9Q8z-WY0>BC>?dCdeJwb@<73CfI=#6e|0P@nI7%|45
zQ98I5YTvzDQ%ad!*#hm*C-Qu+54!9#1{Q)mF^5XZYjZ>K(Qd^<9pxqFccsOi^KK&r
z+PG?6jV8iD5u9dG!H9^q19wo^G17F>z%?G;PQR3U>w>%}q+sr1%Q=*Jak5%;&;%(6
zFVsYV>{*6h#Y(dVz8+lUEIovY-fLc|CMifrC;KqDaz(1pPJYE>O^x^Ym!*Rtxe}uL
zSnDea_;U~tg;3<yT@%%N$nS@*KGAj<o+GnCvM(>jGG=o;Lt&u(6<>9n?cRH#4d=vz
z<31PUMxH$2VR9w4eII0$@G->m!Kg@#XLR^->{{m38vgnU`$|o|y$F7%?Z5`%T0-xA
zWYUAKI=oPurw9E)29+P$wdeN9mc@VGal@;gM+G65u^1X&*P%A~hvSkl6}b>Tp-x_d
z$m+EPxeS$xmHNTJw*VHoB#M5X!Y9Rb^Ps?khtGAjVo27Uz%*T;!?vAxY+PAT71@Ms
zQWyr$34s@0vx<Mo>Y+uUi9;LQbnT+HWWwDcY^}UlEGc8|@~D~+;jLgVV`T=?C)){=
zjL^<~#f-b2;ErSGBZSwtE8M+sS2Z}><P#$(%?;T*aTz|V@Y-i?JXv^b`^rM@Vq}FO
zlx(nSbq?Wqb%Lt;RU>Wnhs#S*>&k>nH2II>SEfh?uIqWCySxjS;j~wtt@bigYjb`F
z_Qhq|Z&h?W2Iu_p`RL|40WvcqUvD5?M6kN;i`V)=^5OP00Csc@JX<|=29zpR<TW5p
zg?J8U$U0L#bKRaSPT5zSDkozZf$D-I;i+>#fuT`qE(;2#7yoB4O`e)I>9$#^HZdcs
zBU<MochptxnKsm>PZV6D(|aHl&tz4ZsWW*PH)u{kQY3<}2-n9KQ(SSBp~_G7!wY3S
z1%dMTr%!|LmOupFu#2n!OKj6gRnckbQOVZ1QJGteHDxw{JPgjUCZAfr5Uh6%k%EbU
zzWBB++I)D35zZj(UB+8$Cauz3W>l6+_(KrMZ+h56nwjVTSqJ~9_ESiR731L7*b@<r
zGpPX890Y9Qu5kB7ilvPQwr&?|1&<lc_|aAtJ(+!oZXe3wqt%L!kWb}f@)#oTd#zTj
zmgHq?3;_YT(e;{qofU)EJz?F0HR+$V&a<?Zi>z|YsxvQ&UHg2Je_fk|FJY@FRr|f%
zC96-;Kgaek>s?Q)?SBi)%%SiFGMBXS>0}8^Un*CugGOP;4cpP{wYcI44;bOqm(TlL
zRljcshUozon3Z)P0(a7Ng3^Ag0p-oz@{~&e>Ee=GEY|E^2;@90nzNUx_JjcYRtGa-
z$qKsa+hWy4rlf$&tk>VSmg=>CxGi@_n@&D;YJ0e3CDJpj_JV_+S4Zc#c8u+^DkhX~
z$7|PP{lkL`;xSIV<ATe~jI;xi@3fJgZ!5bh<lxT5W*YMjwH6n|{c{_v-}WJz6cOtE
zIjK8jX1r*ztz(W>+o0pT#F%v}f|e!IE8LBj*}#p59GJ?F9vzH>O)LF{OVaLzWxmFe
zgF2nMvJ(yWgQ}2{-KXvdAS4U@)2}$l621MCE1n%J05_~&!~do|D>a$yKW0wpb0J1a
zoL!O{m`ybr;fYyTyZP);Sx1Mja)n$>2c^;-a5NYKeAZpKHZ<042SoBbRYGC4ZSP5I
z-<<(IlDcX+KAWxPS?uNGWKUC>b-Gk+YtmADZBt%eIc5e&?$@IJ<092`tN3z^@I%$J
z&_>hGl#L}0Zd!?1E+m5k!ZmYUWbMy9wy0mdYpgzSskN*|h}7;IIpC4IZf(ksLo~dC
zm1GV_KDD%V(}de~?N`jHAVdoGz5kg8pq0%Xd?4iJJ&0*M$g&#_V)FfNtav7AP0?RO
zJ|Mf~swGv8fQ_trcz>90P=sO>hqXWbb+A>@Q2OgkJ}C_x8<lr#TEl&@^-3u@4#Jv1
z=TlAh$qgfi_XIxdyN+j1zt&`ZPPalBNS|tQD3HrB?C&$1oYUqPBj`vQ5YouM{IOma
zV?{Ac8=Z)Ny{Y7d%@*IG&9cfy70>tm?UMu66&@85JjRQA=5>IA(AkteMfW`&lYEsi
zwe&^%(;M#(x8p8*2K50h(irzjD`e_RyLMmKC*p7vX-80(l|H0cIZk;Uv_0qyiBO=q
z{FHj?NMCqEg>x0#dk84l-Ws<}Dny73({A5JlOcU60poG2_Q>6IP?m~!BfB8a*RdJW
z^c&>M!k3p!#*cJ06SpTSo@RQQHidYAtRAwZGgi_eDVwW9UP+6Q#vFHxOofr4D4jV&
zW3p!<;>Od8xqSAaqrngk>nqzE_Zpl46oU=x-j~-Bbs@JrN=F|Jrr&;kp`WtF-R`C^
z1<teOoXn2EVLjDM)zoW=lI8q8JKCKbDlS)#0b{9@N60W7By(_nj}WO>ZP$*8O!0B@
zTrK-A%vj?@@0ye%phT}b&hVv%sCigflCj80Cfz`+LyI-Zj1avxA#&yaP{Q=iaO->H
zRgr?dzLghMQg>Lgy<iqepGbV3X^gp~Vmia4VP^LirzNl0S4LxEzkM>(p(i~k=lVM5
z9$K$}At6-<J8kHVh`d3QFB%)gZMp9yNl<7n7xG5`(fD+D>7@9XGFvkx@oLOvZ0hC^
z)rIuhi(rYVq1Qo|#QjA=tGVqJp<s6$G?OV<q9G?89j@&-hZ?Iqb#NFAwkH%YXh9V`
zC?Y=;_n7i$PpP0<0B)Y|n(sDkdHGs<R**v{dFXb_!5h_<^g}-dDObIh$0?q4Z}C6C
zdA{67+t{RbI;#lZy>vi38^c(Ql@gp<Nmmw%J2Wp#ilavJ9X~1<oeF&s$M5B7U;^`$
z8DSJuk%D*SY=w?pTx!&!#;!O8ypoFabQ~+G1xG5i{n<7Zuh_yPRTmDaT1!{Y3Cp4V
zRC-;-5!E}s<Lm{a+)0s>OfxaZ$@Ym9DuS4su(e8}Gnu}g{XTwJeUB_E2OF1I2vZ_1
zOHh+sX!oRk2xF(F@xkp{QT*}OTdBa@IT}tz=8~TdlHCwyB@o8{P-{uSWNM>Q9iGV<
zqn~u3aLUR$NulMSP5&-Kb4{Nl>%<kd{Gl;}XH`OuKEV{9HS}!2Ags@<xK9D>OyqqQ
z1(s)mPeQrg@{_fGcIE#vP?rDzYMgDK^Doi*VaO^{=hCZ=OQQ-{+Xr)B@&)uPO2+md
zTeVXlDnTs-r3)1J1&!`P-GLTVI2Zb*iS;K?Tg5jzd=68tJUc8OIwM%@vWFwfZ??L9
z+2nI1ZS<TN!D1GUz9+AfUuiPg{d8UQx$dRhQ1BO1v!Q9^TO_L=ykmu^W~9%CiUbCz
zi6x6&S9yP|I<4A=Y7F3{&!#ViKMHtbm)APLq^*U_gLBd!aYHX%r!ItwSvTUWVeu(m
z(wm#fQVden#HybuwdKuIW{BLVPT#sP=<{zHOj?6aeJ9Gh6`aegQnEB|9Ut=`tRfgc
zfJ?{GHowoYy93+a$D~!AXkO0;yX8)7<|#4G(-BJnuHH4d^Qm;tg5>PH%?etVJUfL<
zRO#>R0IYmma8z;NW<{5qc@8|Bg<^l+P{j9guKQm50pKM!Vl~`My0Z06cLc?9&$kAe
zKvO%6XYcD{y5g#Vx!X&P`5F#x@e$Kz1Kq+<%|s3X+j6YSB@fPk!hjAG*q)Pw>94zi
z!h+dj`5?&dfm`|`n+US~Orf&xfgzq}{9j|155{I$Vg8#^@j?QyYwPJ$jOz|{&s?R#
zdl=LDDiNt`onOFw+vnkHK1{I=g#IK$=QooOiK?z<T_<y#gi0$dU8M#v#fTKBA1b@R
z5F)3ysoG0daCrL9iZli-18`X+#1JZOZ>by(Jd``zM3%PuX~u^+Kh4<KBS<OtOJ7~~
zRj3O?6ti$j!%2<oe#%NYhx1n1`$X^}zY1kkFQ8m6$_YWtSu@WOZd_$2Xv<b$aP@+U
zLqjp0i`@jA*_cch$(p8i(+BLK*~D?tL@6VJmp|Gy%Z3>*8Y(j^^_>GSSq7ZBkYP|k
z^;5#0!j<Pr6^qOhQZXXnC;7jW?gGcZI(Ot$O`F$qayqd8>b4m(1z^;Cu<GkNGvB{L
zk@kRG{e{6w1JM0R?!0CQMSM#j;``G)P2fT_#Zo=g2-+Ie@w#Z7{Y<8le0aOC@x*kX
zBm*8jtT`CRHmKJQcT|C0GaFF;{OEqZB}LLw`kLw;%M6`*NAC>g;!>?1#f(;esNCdI
z7q&(>7QA++EVEkFQIhgLGkqmL)m2Ej`2itI$A$KAiD0-$&NuHPh04q+ASaNnxBo~Y
z*J>gV^+5rASjOdl7_1j$uqBrl%E?%vCh{zcAX#SQ7n>|G@)=~E&=_p(yX9*(9PN1+
zju2Hgc>Ri_`*jf0hv=soDQ-*jgC-m^`Dp^aeAe)~3{5h)RuqQ1*ZQD>*dsF5uQj+=
zH*$4mX0<t2j2+*>P6LSS#9g?9;01Y!%iVDqIgDK_;H~D;Txe#H-ae=ap&$gszG=JG
zG%oDx)ULDPrB&<Hx)EDS6a=_DB^nL|xro}Ufz6(X)TU>fy<HU~eVDPGz?9=U#Y$?o
zk)-o2;jV2U`4<JrKWP5~q%&Y>D~SozTxVr?fiJ4z@IH?+$d>+FzH_?U>7gGZF*^^i
zZdMy?FTbOsA|0edLp3QbLRolMp^>L}&NbPo39qY*7N~++CXP=tYr$%I!P+jy1*h=T
zQ<-5sH3Jb&-_X?CiqOWVeTkgqhV~w5D(Rh{R-EEN<-PJnsLtXLb3c$dKd|Z;Fz1{L
znIt?=ceq7jLaHKFyZI53nroI|CL?QVLOdT%*fr$o2GmoR#Z}~mJ#t+c+dW4-<GYo;
ztR1`y?NzG3w|)~cBO8Ot`jZvsY`nd9Rq$|r?!@I~5+F4%iC;%n52(!a+Fvj!73?iy
zy{4B_TkMMN<EeV{G@<14bDl3MP3B2n1b&&{RO(=st7lR^*xG|?9$q1+Ubsj~JND5k
zsuBsbS2x!2WEf39XObFJzCX&NUp0qY%W(NsRmsIb?Sou2#?_5yJ~yNn`0Do`H-7o=
zP8$+UV}L}{eu{}rC}WDly7T%7A_|#9KwVy|OH=-xunr4!L}N;_bh>Yz?j_F3mH2=6
zm@vHwarZwiC%ds*MN42KXXCrW%kplsdNj%6hu%}Ld(H?S(V$>mXp3*O=uPIWGkn>J
ztM+0*eB%{BJF;aH$>cZ<Gxr7%JE><BeUiIK>Su1)163<VgVM8C0KXrN|K3%h30)?O
zAX5Gd+Taw@K|z7hbYK@5<e3cn4c==%b!+lDNp5Hd#a0eGz47~MgK(e3g4L)dGo=*2
zqN+)H%SQL&_qS?4DF}3Gznkcssb2<B?7=6K&I#80rgdXCW=duYtQ?05pR7j61`%`(
z#U<*;aV%KGB1EzxREoOO?PSBy09!}&zPPq=l4CO{nriT+l)_dsm`<#LYKz?&P?;Wz
zQ;$jzud%wpSv`o!1wT8g>GLQy)X=y<8{q^5ZY=kl_J$N#f{%OHAguk?3zG^}IEQAF
z`-RpBU&SIIrM+rhU5VxpQ`*Q535yfmy8ysArjQ}Xm6-{jKAS!N!4b2WRh<@%4D$8M
zhW;Y<M=_GMbLw(la|hNwVQF}$w45~`02!kpImS$<U6Awh0Y!^a@*WOuDH+QW7?_|V
zuU#zzWV+9+V8$*PkqwW}zSR9IjVJVV2Qh&jRxmSHf-BH-`y7QS9zfeJyDn87kxTFV
z8Ju?|S=2)2np^QE1NiF5stb46eB51B-B$hTCPz&$Hg&Er=xoyF&ur(kx85C$DIRL!
zo7B==fEwtXm=|^u6nYs)(bOX$7o+_an@UgmAnfYW*+|Uj39>3D8mndi9`|FhsY|b;
zUL@J#^xp4mPb8?9DY3(BPy&fig9{dF0)vAWLdWt$ZZZWI28JAm)&_RvuehcK(iCp3
zxu$)Z<p^$PN-Yk$vDg^?&VV{nIs)~~b3|3nacS<!%+Sb?bvEqqwEMvAN^SdU&12p1
z*bR0$1{<dKi?*Js>Y=mt@#Ixe6pX&jT;E@$UfRs8c{O;GiZ|EvB-~$2LRt|8<{7Gn
zNf;#JYH~XZw~6w&CRavj^Y-Rc;Hy;ELrJ1X89MrGN#*3oQTES-gp{A9nAgmfOxbb|
znnXW!*XF}PNXu;Ow9N=m6uC0dki!*G_6?x2X1Q!@&!@qvbPa7qZ|^~&E+SFODcJ62
z`7ZO+V`&p5g}4ciCN8=td1XYlNqB$?>kSS4nsHKi`t-tche40#Le*O8!_(A0iW#|;
zeeox0EBn%o4jwmltD?;xhNVWL*mlz8ym}y7Lmw3`>Z0e+{j@VJ`q=E@HiZ^8q&SkF
z@?JmV_<j01>qWiY^HqD+s26X7&f8Kj;afw-K5!8Q60E83i*tE4k8r<q24MM*ukcXb
zF*^z8YmYwQKq<D33YyF_k!lcQ<^5<>rEul9O(7CPyDjnRo4F{9=~1mTav#}FUMLPq
zHzfoGlxP@vrHLs`U_2t<qkQtwscbE?%C-r(emo(ICy}3*Vsy5=N(ZmQUy8s)*F+UL
zmeMNh_8CZBZN^F_;7g9_>8p5$4{h#+VXc{QiC-+>`A;Lc!Q=TDzO*0@*6L|-?7<J2
znV{Cnd8oDc-Fwy{G0`^#(Z%MyX=m}6&0{0iWLkC5)v)pg(}asqsLh17?BmRIav4Jd
zZ|19&)B~bJi5r^Vyljzn0sL<Na5r4VJv}{uqEalqM>uQ1-fD>;E?+m@soHMZX4Vu&
zdumGHLSaiy;*{N*>bfE)#f=>KbU}8z`dtgHrOzmv&nQrf;xmuz^U3TBJxQC(kG+d#
zu{1f@FDa6|dhwz}{9wemx>YM$b+(|WF&u|3?P~*>@7WEJE1b}@#?j##PGoEmKRQGj
zoYSzW)M@1hoYwTQ(tf4nTn>yk5qOEzO0cGIMQ|l~7#@xfs;!?@D>MmPLa*GfyCY&S
zd()5@(eMFadzBps&pMICE-tNl3C4CC(ud`Gni1jyF2Ljaa#ei{h_1Q{3uA2NqbC8G
zCwhXgYiltq7ptP|xYr13T*3mRGhvfA6>sT``s7YxSm`?o73eX-qh$y14})hD;D-Dc
zj*94fa9jlinq3RRrtoYNWzQ&OiviB{v2oW2U*Sutuqrxb?uPrL%syC;qn5J<Y-B`Q
zRz$Uf%ncrhHb<T3UW{5`g`!aJ7E-v5k1<Etc6cx;ZHAl>3~;u0Jo<h#s;T-$cF9*h
zN{n{F83=Ev8sm047Ommy9jbj@#U_<Y+groea*K>M>UGH<6My(7Xp(>AyTARIoAgjx
zzI0TMxDX|vHjwMcJ&B|3WMJe(!fq&O>AxY;yBY(BD%e|~bbA~S`HId~RRlc_ZV~m#
zW;H7Y&LcTrE`c6-Xveq8n|f2%BRiYiKVnAm&MgJ=OMwAcp0;MNO(a?B1F8oc(bH>B
z;Tt^jzSvHf`Pp#oo?X7d<wW5e7MbG7eA<Vo#=$7JF*$<S%_wu;!o{{7aYcM+gQ*zT
z<g_&58(|^EY$EO}_B7pO_~_hdjycUIVA9u-kjKKhz_WaE_rcZy(B8^O;nSWI+jaif
z8f_59`9-YAR9xi+0j_j~T=`g*`#NtyRW2!xrKtyc+os-qL_<g$=<$){y5%z#(<Hsn
z0Ogb1iIXwh0$H=6n9$CC3`}aTwl7@_RH=lSU;<dz3}7e4vK-VC=ad{Lk;or-4%vJV
z6$$9ao56V)?n`1+NSU9eeV%V%D(+_$2!;%8XZJowZvX)91oX;LAv=27wszB(&o6N-
z(-Tqkj{HTBx)f-RYoxQ7HF(icX=<HDj&GS-I}cRmi(?*ML{LdhdOY2RDUFHegiTrH
zVmTaqD@I`w@f?0=+dL?0jHiT@gmlM)X#?mN@CAtTUgde@k9`m(@$g?Smu|U3NSE}g
zBwvfG_++KrGhI(MG*KwSahL`k*8gq@lvX_?$pxOgJxr>yn&G+<dhHv)DmiFYZS*)&
zU|gD1!*gwdpn>Ty8Fu<3;i5r+;J#`fhZ9Ov=rv4g!}a$(n}RGIEv0KzxP1A9>B!)1
z{X8XDX$F{x7_YA(k+B${`kFeiEec|ytd^W`JqpUhQjHoDT!>Adp#Av)c?b+h=S3=$
z<%dG8l*Zn~m$##*Qu)irp<stRU`G+S2EOaFG{p{REVk2_sMg^cg3cbRubhGzJX+^e
zoR!M%t5o`8lH{eNH~7hG-h0?&&6(#OtkHPn;P6i(on<x$sEp)CPJTfKTAb>4N(G^B
zyoO{%fPhxg|5j8GBQE!1SNaL|hyfw^djymyAJA#<96+zp^wy1tGog1^-zwtDvwXqw
zpt)5)5bgKUuu*Aqe6SYjn{u&A{1=P4@Tp`~!2KJ}Kf4?i8?-Ez@Bn<3!$a>8^U>Pm
zg~gjUZ}PlhVRZhcx71l~k>>fzGE+9U%iI$Yg*q-SyE$NK_FtaxI)X?NEnTh=vV?W9
zam%UgUFf-MAs~Q}u^dJ0%dIhRB}{8NDo%aUEo-X-y$!eL#UFpK4_eC4mnRSap`crc
z`?FiX-`q&JMf$<**Ios(l-|?#f!^BhkAi>7<3U>@CAVmK^NoadG7~Nz!?9}8Fgp{3
zef!Vy|NMc#a}*3c#Sh6}r|u#}*7Hn}#bW41)P&gF{QHH_N68+7<nd+Oa{^<q+&c15
zoKoniHHq}dNf%j4#sB#X{Vs^Yu?~&slLLrIk=@El^DTDPBNCS1-=Jbb_ufy_`SS$V
zkUF1%x{BdyQ2nL=OGj5Znvh-abGu;F26SE^g!|YTck6#H5B%B72OnK~G<d6Onwk){
znUm-nbHp^wLktUw6nJhCoMkzxTazMypS2hg$LwlQp{c~w(|_M`<NsYysyl?FYvk(~
zAV-QM!l59|+rhNVXVL(RD$*Sk0uyd{@&56%Q4meKbA+@;!$&tFWKrh=*yYb%H$%pz
z^5Fey=l9#R{;rHm8mx?X>oq$uNfYIh@xPl5=?&g0UsR|3W6XbkYlR1aT$*d{=B5e4
z8wsO)aGGkWf1Rf1b`1XGe?A5sPVh5PkSTQzV!KQMOOG)oH0pT&lW;oY%l*rA{$m;w
zV4EY*4D*N{0ILgQRc!saA;Pihi~lq?T4=09REeBj1xgd;&9<*%^zOn5`5}KyDDzer
z@;|<tiW2O{r2dQ7_C7w>8yy=O8rX_9RtH8W^(V~CaSYJjUJP;-R)=2$3#$6FAhK8s
z0)ky@9;1$bwI0CoaVM?FKnB*9_vdiE(S59p0&w1?wEr|W`MZ$Gi}5d7A%ovY|MMFf
zO#s+S`m(0^AA5fdk(e6X7k8Zn67Gfrx}e2x4^gDbqW6I)gyOf)`p>&FBopwJxbOPF
zix5Nl@e>(8^q*FR-1KrN8)7Vz1_DP%`OiN}q5(hAdo0MU@ftWGv)@0#_;Ud$|7!sx
z;JifTFxyojHBr*^G^_pncz1*WX6ru|kjeuYZ*t?;2`r?@MAq9ne^v~gUj2XjxN6Ds
z^<e2+RyH=DIr6KktFvu+JImkUbbU~!8+@`+tD_Ncc!UW~UpM=2cY%il`C6oZnkOwf
zWE}tcpwTGU5sex|KmVfGhJxmg7Qk;)g*+MUb?C3t@b{__z;PJ*eH=6~q=6s%w|4?I
zRZeHo0`-lAY`kB|-;aO&_eBQ&myiGd!?!~l<Qn|r&fU8wqK8LEqpZb$oZ9>g3dcbY
z^**s{O_Zck+jM_7NF;V8sd}&9he7S1enB9$1z5=7{9Tiwc}(fYK7VZ%N<0Mrmjf08
zZfa>YB#{xs0}|ys(Z6q)+i!r*7{i-?etT2^<aLJdIW^ztMgRcK!@rM2{_h{h{P%AU
z>eEwv`n)CrJd>0K1}(R@<y2MO=2UeZF}D+rmw}aqMfd7OgZ=Uhnum7O#kmRTPp8K!
zCm=!O=5{!?4u`|16FK1t-+%Nbt^eprn5q{#0_MgADKippzo}vcuk6X_U%UBb2m&ss
z;y4qvjs=9oGe52dkDXjJWxIYl*3>&ll-UQzefwTOkM>w!^8Ta<AqYr<P%-o#KT3(K
z1^KUiAKRYIOK_J7{^XC}Z6-#V6xMzDGGr*lH{w%wlICffd<pze9!7a|bXYsP;2&$c
zps&av1gw9B1hIB|Di2ng#J4A}5I9x6E~gO0Z6+Yj^Zb*I_f^5f=Ud?RriWaait|hJ
zJ8vY|qj1Ikd9=OlF#6A&UcD-xs&~o!G(WRSNQL?G@{K143^sSzx9#j9@`(-kSBTS3
z>s_ip{$piSq1v(HWa_a7apQzq;ARLOqXSS9duC&eLw!ib5{mT8_P(P5+siQfs`a9f
zw39)zKKuh=UgQ>-bp;}vQ*~FlzYhZ92yzfcCDD+jy)-cyUnW;DXZ`VlqwF?bcgd;#
zl;R@&1dCHOA-#4$d*YO0AVWsmURYhyLsgH}hnIbHje2JxyBoJ}H5uCKsVg!tuRk0O
zQ3ERn*O>zi!VIa^MA^vg{m!7Q^l2I}751oE!dY>?@PRzU<E1l(RZP+&MXI7wpXD@*
zl}(gD7xo|jA+U^M!RUE7RbiS-@R%1CNdCP3mENP#de~%c-7W9MqfPD^Vn6!FF9Iow
zqT1R*cS-!>%a*6LtLri3e?_zXNl2n0fsym`@5$vxb8n`mC11ZTmDm^n{#Rfbioy0h
z`or+ZVqa#*|2-ifq5%hL<&JkKA;)Qg3b7U@70^eW&ZXC1gg>LKF`erDAQItfOtbrP
z&ZWWX>KTuM@U34PR2%*p30vf;e;{_ykyMPT|1}3vwBCD&OHc~CcOcUH0i>{*&rc-(
zbK&@ci-wFHMVc9bYJTdYp3>nDW!MVi^RllT&z^OROnsTI^pjUa`XDW(klMj}dwx-S
zKiHHOQ#RX=^ClEp%d;a22_<;6W=v9HdQFre@H5&@OiH+s^)n&`vcx6vhU!Mt==_P*
z1X(63Ozr2>+lyYfyj!{jBI|x5L;~(c&kIpz|22PQ*utvHQY~1ZokO=}3UwMK??{cG
zx}CUJ3U?}o-0%14frMk2z9QB@|7h{sH^mgGf-`ZOFBl-kvHO?k5S*yypN2IgBv3v_
zTP7@`#I+`>Y?zBeb*l6rs!-{b1Zt<1NNk6mpG}!B5e?M}T09hL>B3RP$H#_`=!01m
zu<U>(u{1#I(ViW0WCdYh=HC?os(}awA=0FrK>0U|>8Fe6nJ=iWUk|z1LlaT%Ag%U4
zwVa#_GYYdgIp?b;9iRs4U`)U+y`Kx|4rS}5ObOFeIILnB4aBkWb_I3g0DFw1;~jay
zjVT@foy~L;_!*~<AXfWx340%51yV>YB=qv*KkH!g(^dRor~4qbklq*jx3!act8dT@
zW}d-Qo@_Bdc?Mn(&I`=<FC?0$r!=`=YP9?q)St*!q?rjgbVtIF-YY#wR{R}FL*D1t
zTEql6rM7C#efR|!KAd}Y#n#otA{$djc?3Uq*s8uZ@RIrf*U}ek{<{PLhIj^@#<z*o
zH3;9)5gmULmSXQ)iL!J|d;dAy`MQr;7ot0b(5Y4n+OP<b?6CSRo&rd0jNA?ZdP|MP
z%kG&f1EWAH@AhEMhOI!qKx*%sB|npzAc1?y89F7$;|84N%MMD*_Qk{$z>dSxtk=E4
z74-ej6{La;h(o0q`aS}hD4^QS#XlsF_|1`8<U^)>Age^s$Gc!hQ{7N}g+InmScdaD
zttVqIOF!s;0N(a0#tAzq9&qX3{<`#Ep@8=}5-a2Pot?mx$4{r#dwmnBBHxqcbiDK(
zhrUkt2n&TD2~5TQD2}ArQNZHX_u+|;fHCmugU>HFxwt^gSoY@ykU?1z<lS6QEoQjZ
zMvFAJlO!1iN^A|2(Q+orjgJzIf)q%hjCO<Uqh*4BeDOX_`IME9)#dr+1OOl-BS}JV
zPpXZmJ2KB$I<7r(dVh;_x9X$C&-4d~DrSo3O5cqX2v<W{q_H{Mbgtc;a>h}*$!rUJ
zot=<@bDfUG?E5PL;)7Si>6}&)bHx)A+~bsY(SD{cLjt-cCgqTW`)csGeY0kHYsg0U
zE`s+KrGRh8#)dO6_lrNS38eDu_)M<TozavYmFnPq7a%oTAnxAVo(tQsS$CSA$zNC8
zgiR%q9KZ9kmmHxcxc=)Wgvjpn1Q~lJBvaVqpg2JBUUzRJWF#g3`yHXIcsQ>YRo5kP
zZ#z9uKCQLno{29qaJei0nE5z)ZuxHPm}Z&k0MXBU!Gyz`<)EUvx_z^9ELr5>F=oJ~
zQP|ZM1(eJ2*R6ijrP7hNw%+88IczMqpsNvG%RKv-3?&VGA7+*Q#={`~2ce<>32<dC
zBC&fPNrxDlgaxViiD$Q}`ij3r&==OUUF;5oEZ35c`y&2al9s4IO)X{OojVLn{wYjb
zWxzfk^h1RUQ~vL=L{KPt_}idB8V(3SP}O3QEOjNKv^2@;c;=>-mlv!~-=SNJt@cU4
z`XKyiE^Lf=a!zgXXn^I{($KvJ1{9o^lh(C#bV|Y>oAxQ}-16R{0`@;KaSU>pGq(Sg
zg%@GnyFaloS~91eB&t3@#m|&373>bsoV45P27!;`Mm)MZpgKUV7}?_E`$R9+02o}p
zgun?{^DPkCJw`TpqKgl<J1Oe-O;m7;T1doKVjiT-3=!jGERKlIvo0}Eh|?_deMDp{
zqOzRTSwhm(@O{^!_TpoS(w`?ycN80i9}k2)57QsU^uhO+kRGrkLEck#a>$the1G8|
z@2S%C68l&3ZsPYjjM!kSYHDjoV*6;eF5-M^VV>CPllbK%nxXCcgKf-^xJNmJ@OXR3
z?_gl}U;JRKp58jB)o&xQ>Lv0w`QonbFYpiwP;WKtZH0ha$NG<70~G=gae_Rz|CTpP
z^v)Z<{h7Tc!>wX{qF!tEZIia8w^PSyAwNDX5u^zHsumTK+l;}{th&Ccw&S#Djcg`v
zuwsxkza$`Y{)PeGd|J-m(hLYre}A)*z`d~jWqsOSwzhYPqFv+Tu~TI(nHnBj^)AI;
zo?ebK8sjgzzhciWd$cjT-o|4pRGq4_Oqf#beu2?>uK(gRk@Jv3zzHwNOpJZKJWcTj
zZhNv?MOvJl?juTLl}D^OcSM3vfUdtZ5XwCE+5+hC#<M!uS)D}>7eH%G17(rT3m};U
zvjaR2kFwL=`4ym3RdDuIjBh~;s45w5ee*%@op(|_h143Rf#|an2M^B%P<rR6xykbl
zA&VQ95ysVd0j4L|0Mb%G9hgT^R<R8vh11-AJV{yg@PI^9Abv;rNgFCs^T))~Hs=7N
zzzmRsxd69MiQZo30wVosig|An^6FoiJqU3zrK$vV>5%|c0ub#sRPMB|u5UW_+-<M<
z(OEDZ(EG~zus__Rvve!3uZU+{IkcmBN_&@!qu%tZCO$fYt#PuFOJK~r*c?2$ZbeF`
zU~9K*EO~9q<LXRxY{-v0cmfQYg%1_{2;f-|cRufu%`N6Alh4)zh-UjRZZNZ=pl9^@
za>JHm$(rlK+a<5s9!>+v)<@gV&?}A`tUZd0h>Y{k)*hS;rCe6bT|kTp%^JHUWi6R0
zPjEj4)B#9;$j3{~;DDl;X;84;1QON!0E01IRWU!&=UH_IUiX^E9H{%+Z~#qHruLe3
zrX@;(L(2)n@2vM6E+Iz6BbD_C{ro+d=V1^NWe70VY-eMTBGmw!==u2q5~2aObFF5G
z9w#p^uT_eN>NO-pjIYAFhw+ts#~{3UeLSu?ZSX~8yQV_DDsNcgSdSMfL%B0F<oxw6
zil?|POOl?B6_7(NN2;=%+G3UZ3}o7-ft2M|6^@IPr^X_)X?FLGCgEi_hxhF-1>g5&
z4nb(^V=#A&IJn{~uE=X$tlX+2S3qm1g9aw>X&9U2lApJcP~jwkK@ykSg6OXD^?6H6
zu!|{}BQ!{$!1LhZ-kh#vJtsiuUpR?)WpU(=5Kn!2tve|C>66uMZ=m%vWI5NE5g0t#
z(}y?q!RH$eqLwJQ$I8oFz~y~x{@ee88Y*4$Wyo?|bO6b(x(cg=uKlAZqZWS|Pc9L(
zjvB)=+2cA!0~wb%#y1@o_y;u&%cGa@0h~bT=&@q0b&}JsVzuDcW_W=twgcSIBmIFy
z4-sBd=6#L2(dcWtTh6el1|R^LJCTb*7NkMIRPK6ch95$Ebs%@Oc)6r=*~X|*k!zHa
zSL_b7wC(#`N6XK*%z%jV-Uk9Tg4#X67VMqEkT&c8i0EC51ib4CE35HDnfF2i7oTv&
z)?Evb9#TVoSpu`?>n-3P>KOl*XI7&6X!|{z9KTtdZDIyD!(c0a;LCo@%BOM>7S5lZ
zUnh)*n%il^hCsCxfB<AG&3i5|q@@|q?sHg-f73ol$FB)ts{J|!31V-}9u_;hq`jOd
zGi2k#SxU1^Iqf#Czp%diVLjc3ud{LE2EASfTXfFHvYM|G<sN583-iTCpX{=}#(-ff
z9d05lafmORI-Y$?+IG)5#@5z!gah*2B=4F+xLwV8)+TC4A3n3Tx;yC)mz3;wU1G$U
zUz^tck4*!?VjBp2vn9zW-Br@Lsp{)2GGp~$i8<e*e)!{{mICjC5KEkymuwa38xS;Y
zY{Kulf_W+nV93Pw$t_5lYT6tq#Y<3lu_j7NxB)uX+Qz^$C#j_Hr=07B<>y97k*-l6
zs}o)$g+Zc_TPqpiP7vEtgX_gk*4JVuRBFu-;qP!h%3X6Qt+rl_+y|hbh8Fg`9MlhL
z9{#yu{^R>uR1o#1tM+1O!#kKmR(&~ehi-8w8A<te2s|p<X$e{N<JQ9AOwIfNC*lFb
zko+K~At$<E!6!54Ku_Hn4CwKbyW<8so9Ux#7ipL<RBT%87eaT0hTXW!zU^X$O>e@k
zF1G?H!fYT~qEnoyc#Cw@JEx{M$b4_~^d6ND03z%*1<j&R2e0Ef4bMEPEGF(@=hv@+
zUa#SRI=k*5y;Rr#i0yjkI^f+%L^jgHe;D(h#ijU(EEjLzB$o4nBiF)Uu-UW*EeVIV
zO=s9y68>Y=B8{bEkIA8A)jKlfLc3RoI#(kNKtJ~A3{u{65F>F}^lcC1pq~qb3op%G
zUChk@5i~?tVP<a1)%o(p-peZzAn|>AQ*NXV=-f>M5Hc04tF)a&v&TAvvPAM)fo~Hu
zsptG?4j?B+h^QCzsZLe)bWpkVU6!KN;OpWSyI|x&$*Wh1+ZXCrfcC>a7tZB>#C^Wg
zlC)O|5p!*h!3St$;FA{o74Ziu?L%xio@#E6n;`)tUydh?N!M{^lxGc6fJ)Fb{BV5+
zdd51SQ}>z9rPN=7u36mOA&JzX|K#HW;Lo(0#zu!_J@*@?-sFDzbl=z<^_keibcws9
zM$6QqOUwhudS92LEsSsxF=7!xfGLeId1o9M6jx}n{@&KVT0Oe?NLGwSvG*TlFQGkI
zJbz_UM`$U_9LFYP2M;+H4}U(G948aMn&P-VS_7J4GuwN^Iea6_EJ4R=!=J&0s7E@F
zG4<V0hP05*cqmRozX_s^9-KbCT=u%8nH^z<Wbu#CZR7o@aHzPTZra5fBoAKgxUPB(
z$Vrbaid}$sI{%tOVa1B~CEzC4dI`u?ud2u2)fl)(Kgz)A+CTC!_UWqWhFE%#FpAVY
zjA}qZzSx2Yt@Tol&t1d;h1NZX&h~ry&53uyDyPq)I4Btj$TLh+sjkr-zlF<j%8&pG
zYHed9U(RKJ$#=69lJV$FHatZ|uhrVURQDAj(mf-or|(ck#KWRMg+Vm{+4L06`jrom
z)!!d%Id!a5Dc@CJm;x7~J*h4BvKgvu6#o*Kz2dD?Y19#C#;?9i9L71Y{<3|j5#r){
zyqSH+QyqOA+lrypg7t;cq3wybpOfU%NV2Tsz&0JBU5Ja#*??~BYAUj0VmN11;}>TK
zhr7;byDbslny}E!MfaX~_8KK}Vlc9D*;`k!D`Tk=+;2pn5c4;BmW~#PRa94^Thp6A
zOQ@>*q1Z^kDV^+I=(cB{%%>MQd)djs%2Tu>QR3pqz2O-!c9>)8*XR2E6;^Ma^h1Va
zg17r8-g~#H;fJS?TwHX3o#`|%?ju<ILnJ;Ns<#)=j3?C#bB5SfLdtFv_Gn05SEbxP
z;(W~OLd}sEPdfjLzF@m22!mFD9GqgcQBV9DwFtvX8aK{niAmVbyP|;RcAg)PtWNiq
zw0Y#CgkC5%3G4fklRg^&T6-F(wp4sbX(CgH=AQKKv}QlLbS}&0c)Rr}5X9Tx%VPx#
z$Ej1k>wnNB^rn;a>O_oG4|`2A_uVxL@2~V&ccHN*<ilPskZ!+NTnGAzrB3_oNkX))
zsa{|x%7z-_ynq5n@Ky~VlQigJA4%DNTbYg$6G;z)ODizZFQhp!Y1fa7<(SlUQjqMT
z(AZKk%>m`pBy!DX3Yq@oZaDX|#Dl*nO))mT%)ii0ayDrZF6r~wvNta_XwX3{IDv<i
zRIAP!2(koCWv;ug4rXluFICGC(gjpb=~I?PZ#1akDv*16H+-V^wkh`QvvtdMbD?i;
zS3WXbs&|;n+ZOUbe_Uzvka7Ya@jH}g^y;%SLOml0yz;wK`8!3Dj{YpeF|+0jj!nb)
zy7R53%!!D*9i~oKZP%ry<CYV(W;Xv53>I_Lv8Xf&x4Y<fAV;3)si3!D2_JkT3?})=
zT0t3j6HF^p%YTxeD@z}nSp&MDxq1R=t?2Lbbjj0%g-}(CU#u3atDQ#5@zro;{s6;=
z((1mwx&7v04s8%b`SH|3pT0UxxqAL&;~N+-<Ol`}bQK(aH(2KucyiP9>DyoucE~rX
zQkXbw09}AhPj&*!7<mc=8Xk*F5TRFx2llfEF)Wk;%~;bB{1LRFt9(m{8rPsj{(4Pf
zQNaxt7o!sp{qT>0Nbm%DK!nVbv6W9idbi*Vpw_ku+AxV9suu2`x9Df<J;cVf9ja)h
zca2r85R4^x^?3f<19X?b+X_MpSVtk@Ios;Itx~!}clf{zE)B=05fM|8*9PQ?aYqJf
zgU?rqd|0SU#Q}68U10(w9IzXFAVWAkR0fwb|JR9^%bV!2=OM;-6g68F#uR7?xH3!_
zgY;^(RWv-p+uj7J({0P#+sl~ez_M5%7nE#{3dZ7<qD9#ttWnk1G1RsK!#uLBdhKOl
z==Sh0_(-+yKd-Twv(=dHYVm)Q<G<j$rQq?1unW(6%<f-14u3nyN>uM=$;bh>p?MKJ
zpxhzYPoHp)4Fl&@_^aFi{~Fpp@lQ2@$k=FFE`T!+>$;S49gNKHkokVIN}XlECw1?`
z$^%xWPUAE^6nZRW%5S-}YXUWr&jx(bqB8^)a2`xj;7JdMu|yY>Jax1vp!JgcI`?4U
z0S}VYutG9^G+<o!E}KalkNI3p%^tB^gD>-@Sgd`w3vS-X@OJ}t4Bx~*DZZ3_Y8@m`
za5uV2N$9<@T+5p%mMZP{_tHF7-&>2M(^iYnMxx#XD4e}4`*)x9mgp2H!^j1d7v@z6
z()YoXkEyAl{rxWsDUGmWFg}j?Zq}O)<uk!X8t!eI^Ai<){lFKB4gql8vcWYs20ZD)
z^%osJR7838faiX68oa>Xw(&Fl8?A0+o8`%fA;f$}kT=AHvU;pn7v`gb;&A(CSta@Z
zDXZ8vy=<*huh}E(!UfI5R0+h*dl4Cd?|F}lg$swxdq>Pm3a#Q9nqP)DsD7f7dI*zM
zb`Hj?!tG$Pu0Mk38|DM`lhFEZA-e<fPyQvjt@^$klvfJ@MnSj_j>Q>bSJW&Xjs>Js
zG|OXBrHlxHqE>8Xi(~UVt~c2O$~$$aDNC;EDrHi*A_3=9unW!ctRIJ2%pRs}&#3UE
zaXL~1v7*&m^CoK46<!9CKUT&m+5`H7-8A3sOygjt(_SxVeWr9W!XG9tUm+2wK7bJi
z#ug6LDX@wK%D$fmQqlE&^Jx=2tcf%@m0}94SLc0K8yR|Ucs*5^a1ONszkT$_lc6SR
z_0VB%rsT`6EHoEtQB__DaAouYgAxvog5UshQe3Cb5>zs0bS8K+aiiWNBi&2#S)m>a
zeK6U3T|9EVbThUPTf!VT$?Z21?pwQpQ5-)!w%t-VOvT^LO4%wf5urxV*M5P>#_b8l
z=X=6$z6wuGdMv;T^~GiD=)S|IKw|vT>FDVji65S599`Hozd$T6%bhFjmYT3@UP2Xc
zGK7f6FduriLA9QpG|F`P;MRU2w+5`+6ua+&$F=2Hf&wT_K8eN>XJa-AZ<dmb_wk)s
z@LvzBYCnBiK@#KoM&i7{J>GzFmftGFf7XO+NF60;UACeyV0h<aK0DoM_DKMi@cRnV
zDvJq4;>mP_0<<(=`&|5q3|D5C4ykElzWw{K5ThTZSi`c^MC#{4gw$>-vL6zxYCF)4
z6-m&e$#_gT!}#KJNg0|lqdogeX}GONf}|4nf1G>|ch&*goC`fa?81)6U%u(61Bpq#
zu8~L(9pYMY8-oyiXw{TjvfveiUTc}mGTr+FM=n$QLMx~hF)=apj}jIRCUu+cr|1AI
zJ^j+w8{S5!EJZs{OUtAm649W98h0q9kL_R-q*1u;<f~CS_{v}I?3C0dVM#x8@S9A1
z@C1vfP*IKr6+Laz_|>aVTW?t;Jqe6%4BFtyco3pf3|yAUsUFxAQRZSXQ|hnadr_IA
zi3BO(ibMvJmX2qdyl0UqO;=*&kwoP^l(*{fOpjAyz5Y%zzM2xi1HqB*0U*b4|JNqD
z?~p<<?&FX$<4F^2-jrf7%_1e>-2T*~5tb28$s_SPzHsqXII`#=xip3}eFMgA$};hB
zH1g$_7sFwo1No%LhWpb(c^%aG<31w=p(*SS3<02!eif2HnzBAx#GD;K%!s9V7q8|H
ze8!Lh)WwLo6YOHBJv=s)!W`v1tPD>?c*U&U+SUn@sg?~(ct>W=E{}_rJ54_%I>Rmx
z){gS-c07NSGe%r0f8Cx-a}AYx*CsN^zcTkQ{_+TjbMDck-yC5f%2s;Q0nME>E55<I
zBZX2X$=gJUhd}ve7@POtGxH-Mk@B~NT6LpsE-KX6@q_GI4g(^5LB$*KqBWo~*e1lw
zS})cj^$hh%nF-2Qfd0qr=Ibc**Up`Z&wd3mpAk!qSO#l}7o0J=SZAo0BU=~8b8{tY
z2&&-pvr5xYQjRzh_;Z~G5AgqdlZ#wd);!7#Toyg)<nB@9s!OC-yQBp{ugvMG9&*ka
zpirX@qpJFtq|+ziNIAHBps$_D&-uXlGC={V2pdQmt>5Wd0d-gVl0Oid|3JGyyw7em
zt$eP}ulV**M^T!t_N&$-t{=q&o3c%dsh8T$CSESc*u1X;R;|Lhx1KtKaZ#h2PE__6
z;a4Z<FkTYZA-X1EAjSHDC>lgqeMt_35}uqFYH}>60bVCJ@r|?x-m>o=G?$`N8L4cc
zM!z!_3F2sZ`!qgDw1$I#@#+kAr5So7h|{04))hl78K<ay02ND=wL*kbjx`|+E0aF{
zI}kR>9OC>!)uWm2Ta~X<A`KkZf?@*^bty}#I7$yrhHs7JXg-#Xd8sZI)>wX+aPlir
zs)=W%plb;i^n@;ujU56S0?+C1B+JGy)Ty<GFU!0m$M@by@YYso)p&Xym8YD}+dGA>
zmfl6Tb|U1si#z9YJ7l{hc!i5s><2AI?9cXAk_S{c{ZG5@KhUaJdhebDv1xy_gy6L6
zw}W3MNzE`$IoHlv-Z$@@u?S+Rxq8D_eLOvz-P=GMy)F{l+9Kodg7<ZMd5&+D3H_8|
z*9Sipd~~$cC|z<}8tE)TUoe(F!w)0vfl}guip1k+1|<<r71qVC^zkZ-2SX1BL?u7v
z2Rw>q@fGc|#d=XBr`-BN0VnuHP!4XG@&0=O3U6V|`>shG*2(<-{v#$g2$u5tFXM~V
zF(2xEm49kQ;Ue`+s{wd3R`S@^#G)6Jr8XG1spDs8C^w?zGc8RqpHST&J&e061p**e
zyIE6ihdB%ymm&^s#d@7E=$%PB{9q{2fenPdwV>nUz8U<$>$b6MizywFBm}*p+DgQW
z_tzan<S_?GJCh38+PVK!_(Avz%5O8o&V>(27JlHMyVcb(f;I+dBn(8=O_0YDHM|Pb
z?AN4}ShLBaiOqe!+y6mHj(5ZZWMp;?4VC2K*%c$hRrJA&^1@=Yz`L=&r50w+WsIli
zkWM0;%wBbZc-ej<1WlA-c=E_Sub{y$%Iju==&kXGG>h|re%E?FVq@h>epJ}PL?yIU
zVD(2r6A?4vnv{=H6FwEe8QBA)K|8l|Rxqgq&{~v~)tWoN)KB6$b`jQAk@BuwG`$Z=
zABzU+snQy?X|Sb%^git|NK^*5?SR}?9W(@Dc7{11&t6H8LYW5?Srdzyqe1lL@JUj;
zAbp-26iBwsvOkb88Wj#I_jZP)N5HMKNU6E3m;4lb!&`%68a5176xM(~!v4S$vyjOw
z-<Hxq@;bX}lUS9n1w(6YcbbHijkQrv>w$Jj^#U)S^N*x!jQ#?ssD;|)s(Caaq>J<l
znyVL*funB|tR@yVHLNmaYth$FQ9xJQV3qfOWcq*W@|8Q<ZriKy;DGIr+f6S&VaO6N
zmj8d;y>~d5?f*YsQpjEnGwVeXvR9OmYzmPr*?Vu1EhOP(7ee;lBP%PiM^;u=$lmok
zFH$t__xt`F$M^I59^d<~j{9(3uk$*`bDfXJ<9U-&Q5l&kkOncB>A4SLFghXICK2vU
zytb^9=&0=i*@CChm4Yt3i1U*3IRm2b<QVxRL|oQO&bD#`EEcUPa;bw*IY;Qxm#4%8
zgu?KKb9{ydE<XI24t+Ic>IoNRSim)$h(*ZsO;tBfL_~Za(v)~Ist<{;UGX`w6IbLS
zDWj5gNv|WO*4{;c2ori|6?~|h=Amx2n_SyTNT%1luT1&ilzC2McAu?tYh@tmh`X#k
zUg0|@`VqOt7lwn87wGP4imn@qzgCPh588F4FW|;*y4w(9_IH>Pb+`Mcd17AX)aMB?
z0x?>tLY(YJ%0!(gGtU9g6Y#npDt*zLTr?x8)4+JV9JafHk`;j41cYE@TzK#IGG1!o
zzy;ma_Gm<JX-3*cfflgcgD?%+8Tk=lf?rZ=w;I67gfTUCJ~Mx{<Fsgf6w3c13gmQm
zTAlUs<pAvhM|@q%BTy?>4T^Q{S0#YEe#K(D{9O$IDUG1O!l~51-CC`w+ZtOKP;5}Z
z8dE>vX^>&D=(4kk<?|r+tJX%X&UK^eTeTu;VOL2l7kAq>(a!PhEnp6Ls3q_6U!_he
zn~_^++aZ$gRf||%(+IRLau^m<lP#>sAAJL`5Z$}2Qw%Z#FdXr`y=P+dW(0T0ToY8=
z+ps1X?LI#sRl55s*v%(#SMHgxke7l`wcE0;d%p`v)G-HqZ?vCU5)`U=h({LWi|2br
z#!{qw94Qv(A`5pwZGbf1D+|yTZ%1yD)rUfwKU!OjN-zpYuA$GLqYg`_CPEa(iHTW>
znsV=s=!H5>IiHDvTI4yOdtn<d=yi#X=46t2oi3;%$bK91V_5ew78vUD3T3UG2ArN%
z=EVdzp8~0T(%I-j#49Z~@I)i96q(Oo2feE@Vw954SMq{-=}NKg8Kf(Xyh?U~Wbj%o
zowqrjW4gC7P}Fp8xwJQhLvSnRq|6At%Wfjfc?8J-(c420u3_Y_!0|fIX7cpyLrLKX
zu1`N3S5<ErZ+&F4>Fpa@V2_L>3}yDH3DpntqK_C4-LP`z2zVh5gC_@&Uw9rXAV8^k
z@<t8i^D6?yJZTrj39!Y-`h}if5#$t*rL?7C_h=HdyA4&~x4rbc#exG;hJ0Dt-(4Sd
zRl2*bpLkKok*4~lfM{O&uqn<YVmsOm-?J#ZtLpUF0u>?fJXKJ__IvLFy4;b8l6T1w
zvY-j=c9^O;QD5e|8AL$qdkedng;eBANCoW&t);QLg)cRjnZ~}j{qp`+=OVDhyX1wc
zry1~;+TV!~5a79Al88>zMV%x-5$X*z#PO0<D}GQbDB>_4*Y5=gu6P?jPr67yv>{F}
zla=yT5R5v?)a^VI)R$L3I*T#HIhh(h{q=^x3w|XQqL~JYKs2xA%o1xz25HBUX=#fW
zXr_D-v8}OeU6Q=(6v#>ecTW!8EGir{7sH;+3S^JA9rIyr=QX<?x`JI~uy>~Lp_T#b
zmL2bVTellFAU*+C=`O!qrNgP}A?$QIR$q2JTy(R5dskp=xGsz6IvpD~T~f%njr|A{
zdObGk^)`=}7bBeSVfx~R1O;IydEMD-s?cqZ^GONSj^rH=u@DrwaaAKJ$g{~S4wbS=
zmv&Hg0{+gcNN?KT{mIibt2n3Cw)9c@(JJK{8J4u$BJwq+;kMt_=6ZK7+ObRs$>8Hq
zJQuer@okkdlFvAY&XBX|9ep7sUGx$WNf)6}{Ii7Fs9L^g+F}{fmi5Pz_vWAWC2mM~
z<7Ce^!e9f1CL7`%ORH<^;XaGm_ET=<p^tcljf*F(lX~&5tkW!`g-~>46@;YSRM*A<
zcc|Ly16t{~7{i}P2M?^BW>L)E2e%jw=Jiu!l2>anr5JkMus~cWTge~~t6}528{j#q
ztb*34sD#!s<C&9l!Pg=aBv*>Qo>(+ZH-#{#xASA}U?6N8-!Yd#-|?ov$E$kjNQ?6*
zqxcg+EH_NBGI<h5?D>;>ch4$S3vspv$lrLegX})avA4J4tIX3}ig`i@&6N!YgpY)y
z)@`f+wXyjVkzfc=VdU&g;PUt>xI9L1HSJ99KMAhZ0{G{4m%dovd(s--EfjA`l53k0
zc{iY)!#NZmon0md8J~&`y>q5@HUO?co#c(yBAuXop1>H_k7867FF#HzivZB>%Vy9x
zUy=Zr3jmnuhH|u=J8y1ll|e;x5g|7a5GisqrL1lp&5*z`1|X6#XuIGPt@RA}jiPh=
zsr8?6ig|qHR{fw{yg#*z(b{Ho-?#4pEq~Vd^eLgM%0O=CE=f)YO3aYGxKJcbW<9_(
z?tQ^)fivIr6t*&mH5<l~CZFM6R8|vb9a0i^sGz<9;7RX*Nq=@xS7Z<>(|P|^rkl9L
z$ikvbiA$W(iuZyhIQE<jY(PivdE+2?%EUB|P*^hNWA!-11V}q@s0u0gBUgRCKPCig
zxa`U(F!<)pn5O=0-Hdh**$LNkkZ<ovx^sbu=u1pTnapSmHSd#$euW0bL0mJuX;Tyc
z>KyoL;}DX7>el$yUkD?347B5gof9#{()E8dY~#z+U%awF?lbw~yky1|^YFCrSH<EB
zDiidaF9eIlx*R~8kT9wHjV(6}dYK#`+$7xlO;37!-4m@j6%&)dK>AT;8}j>xkKc4b
z8N2>qQ^k3Zvy&V_$sIsk8-y>3Un4RPZ&)!Awl1<d%N{QDu#jA@QQ%x_xR6fmYw(3&
zMdK0q7oNQm3&Uf6*z%;mj^H}`?9CT+kdyquiP&Q?3N99}!|s*>pihm^s7Bo!VvxoZ
z?X7eB>9O13F+0;;u6};L_$B$u90LF;44L`x5asIzD8)U=#M{S*Ow&TZJHOE+0po>1
z&bsGgr8eEg7CBgO2-EmG)Zzya&JM+0`k`I-6HZ^Y;+Gd9R_Ya*Sf;)J*n%?^p>J>@
z($WDg{M^YF@Azq)5XRN66feL*(2WMWGM$+&9tjw+@@GGxiU(lcr?GF|`bQ1|wA6Vq
z%82CMVl45D%kIJ9${2L+&*VJR`44~<3lvzMV*oVOc2(uRh+w}H9>)V@aR?41jyW~M
zdlnqOv7g890Cw)Wj)lw~ih7=&1}BJq4QXpH^qS4edidpt&&-9rLnbFRMI18DmGOg#
zr(t(pn`18t3cAY5hxoj-E)N5NITDPTx%As?K1o#qN%-Xt(7oV;??~GNteb%Pj<pB<
z$fU(ty(S@v@?`V=26(Aa{W}~9`FAr`!gPXkdhbKr?m=@t3Cq&!%pxQpSnmv4$gW=|
zcWE3nXNULPR6hsAuN&#61;_EQ#L;Nd;Q)HF{P5ss4&aCL6j=|Odo)u9(7&EoGDKj$
z+~MBvY+Z%a))T@|S|ezzv*%lEEk87_a@%@n!ZiQ*P1+?0#FVtU{rGXns0qY>n0hEN
zWz?^4O)F3E&mh`)sw}$|Zvf^D=DST7@y<O8HbJMinD1%>eZ)f;mLFAfD0&g-;~H9A
zoQIB(>kDy*<ZR@n&QvA%lE3E%7xSus+yr<9fXe~k`Y-kn0pifsRx(`Yy#`y<y4rc7
zlh8g_L~+;P&{v~d56dslLq*8-hu)(UDBp^7w6@`<&hNfI)rnp=i1cu%-G~WF2ln(V
z-=z<jZLG3rJ&XU$mQ+vNGcpyrdKv5a0laGH)+I{YZaZAX4x{q-TcO7&DM?c2IK!J|
ziDdS=0Hc6h92Vbbjhq+u$UI{Dmh57?-O8tJy^Cup<|@}Fzk~o-XSqO0;~+mNX9AWe
z22CPH;=v)^!0szBDjg^?3+_x^Cerm}HxIQOv3hec>@nCflha;<>43T*&hje^9pFG&
z90I^kdCERiSNBoM(F#(NfBGFLYkLPV1^{I*0ibLU0LpGFV=I5(`1F*FEP4G#A6O>d
zEAv;7i^0*8P#F*<i&-G65RuXF0ShrWjl%}wKqZZN@B2hqa`7mo;$`*y%B?y9%JjXm
z(NSy{!J#PH!p7aLJ!h5b#x;<IN1h$kvej{T9$Z&`-FSqbrr*VwfxnSuo!iR|+FLLL
zrNV&i%a0#>SK2P|lkO=bvUQw8wxj@*AZ?w@qkOTWnCIzRa+T8ny-~x?@8)AHzq50t
z+UJQ4{!3Wl`LRY~58sXyTk;^SK=LPA@A)YeB?F$dTJZ=&d$~;mAwE7{HLrK$X%m2;
zIMzPETHqe!!N7FQfXFNTb|?Vq{DYzfe)2omvK6<Djtju=jHlG%MexkxW(ZlWmB$+d
z`tKNyNF&n-)XjZ?TPXP|)5O>1kl*o@Q``3aMsUAV&6@(%*XjIuPpZ1*9R5p+(q(rJ
zQ1{#@(_f{F^Pao&2tHpuH-hSGs$5pY#FEF|Xxf8CLkb~dxrXu~c>3G5^`1{~zeP-e
zxvNTj=Tr$_<IXNe#6rxX#Gl59rdn{ZOb)FvTN;3Dgi)rQu8az@=RA18?WDB&ip}L_
zWu%&5)av<mYNy7qhr)#KsvxG{jTftkZ><+B<Av}Vd&uLo=0e+Nv*s%*R2klh(Ttu<
zSsl84s`M#zYIKr*S&8q{vWyKO`c~PwO41X}&W6k5@RqlRGuN-JtrZWCB^DN9$rp{L
z->ieczpfc%FLo-Tx3AQ$XJ=n4d{B?U*L7FqZOzm7C*mtzVmiClw;{0BB!pC1UYEFX
zRe({?BPQE~*71T|N+n+HK*t_9su;m=oMtQ<K38Jyw}SwwT5d|dMCoJ__6<#!>;O;y
z>`|?y59M|wka8j`F!%@qxN{nAV8Wl5dnNYpA_l)UOD(-efhi1fkA1>Vmr%<Y<afvj
z1Qr=;XlrvXYw`A;C2tg($0jW9Tr}fn!PzGk+=pF~5iGv_eEdd`7mg5~N3yrzWNjQ6
zFEbPlF=xIf(7Wa)Lh(EzxwGNaQ$WBw4e{M2-XziPk81x+gY9?16$9!+fb>GDh790U
z1SEgr-2XySLH-LY{x5(2H%`j|V*dy)3H-B300MGlB<Z#SB$vr^bG*8`2;%mfx*grW
z#Wn}zmHgR*Lk|TL&^PS^PO+vL!6aK2o%&#D3tX`JA;RT{V?X-0k8VJiyaXPnpj;|s
z7^mL3ibF6Y6m1Yefd3yew*U73$Pf7K&)r4rw#jwGu*A(f=o}9VFVF_srxX14=l{$;
z`0daC_Vxo$ayTXXv*Wr9t@xh@^XETTDA!J(yBxvH!SRu>dtgARvnYndDE(?^dV!~f
z|DQm1z)Z0j6VWTL7RjYz6evTbjN?PVfC|uF+%F`&gh4}`L%y3lzBrrFy69w62=YD|
z>BwS&e{xBHj6Hh6b)5)Y1u!3yc9rB9`-}QZFM+VZ=NIbd-{~TMAyoZ^A@#5LSKu3f
zDI)ugEyw}@y_Y5KX&E8AiO5G8L3aFEvDa@DUk0#eCngoonSflz;RnUn`;cjHd={6n
zpp}UovOK~lyndZ^?tZqR-m8DcZXaI|X%Y|v|AFQQF`|p5Nuqza)&J^*Wvi2urplAS
z73h9tE>5#RN3sOzgM}kFlFEliQmzUDOuPR^aq|S0?A45K8alwq`sNY~n0xx2TZgF8
zvA@k5)LV3dT#=p+$^j`3snM*}32=EhuuMX~vF&aG_>B3gz=Aw*udpL<eLzq9Pi*cj
zokpl_DG8vR9bb<!h{dHudB+r@cycey&!=<V2=qj!tjnR2^KCy<x)9c*QSJm-Buu#y
z6hixq@LS--VH_~#f1GL8WvGAc);6WEAFvkEPaG4fh4WsQ=<c%@z-CPOsBrvbT$1L8
z)=wizOBcsY<cxQ=pX{c0p~u4?S^`B&XAf-R;d3vZKylPtRlRZvP=aJmTY7qyl$G#X
ziRQs?{DmNn{8Q8;oNs3C7P&Z+4fb!uaL8Y#afpqhfuQzYLJ;{rPo4stPbe)q9Ke3w
zw*}GO|3v?WKuqo;_(Z73{{F;2(mKGzAh4_MM-e}F>GOSfg^E;r7NDt*lnoCLM`*9F
z>KYhj8|Je{8T_pnE(GT&)bAz>z4Gg}fx<PwfiXqOoB0BETGh|{$lw-_GzDbX70mzM
z-2KFI9Q#b51^`?U-SwbCVq}<|U4h1Z4M6)}ARqiilAu8pY~kM~I@KSt6?NFZ?kOh7
z=>Nu__D6-d+<)5efC~MJdb!|K6(z%aHnjZ>PygG7PlKu+_&Rz~P}RftkkD@C?vwag
zwULhVoanFf$0Z4Q_=v$SD3B~z1svPF*TR@qBH4x__`SEIElGP;AO>`Ohr?kh0gTZ1
zUw#p&cEqLKx60Zl%zY0AzVACrI0zoO22UDs@qlnO>o8nB)B-xT4!>(6h^U2AQCplJ
z#rS0(%LC&0@45^|?vUdM_|2-hf*~}up>7R8oOHdPpziPZ;NvDG2k<D4?uFYJod5ly
zOZ8#A3|1ol8L+OQzmCH)0zw|CEcJalgM{RG*WSUwAfl@?K0UuKr@O~A<B!E8Kxe|!
zfFhPZ(er`$%PRj@HegS+kJwY-46ps>43F1#2A<crgJxlW(n|n53Bsm3oPfkNNUWFO
zy|45DEOf)K5rs4_#NGdQdI`Wx;aH1$!oc2rbfNUNN1&~eLIKDm_cwzp;Xb48$YM0z
z2FLBs@-|>v{tLHZbbDJA^!xqODcUFho(%-b4Z|kjKmTuki?0rk7+JMe&0CFcZ<X?A
zvG()bpC%7-Bfo{dhS|6HPMm<%iwNG7J&*wb)KXxsJTj)`)42|=I*yuV5N-WYH3R5!
zjGe85D6mw&M#RyOoP*@X4Tk_A=Ma8`tngp#Yi+4*QH<b5Ze2h&Hv(*_0;7=y>(3V~
zZW=~7O6mV_jQc)p4VlJlCW_O^czCeb*!dezZ*T9tO#R-0MgS6FfFwuuB5wKai_Ki+
zSp^;C$Q80hXf6(yy}}Z^HFr-F^_b6o>hWgxt8<}kJAymzV;DB<%yUI`XtVhoT88^j
z)^xf4s#0Nzgh0rs=!YIYlbA?un}B<7rdq?tJM_vr_7uI2MN_l5Z7U7y#N3XE8-VRR
zI9*`W-E>OqT=D6Zse8SOrU8J^u|f-s+)pmw{*Jp`(?X%-+wctAL|)-zhijcAISR-W
zk1UEV=1CtIp_k`iU!SDQqdLEHB|@m@^QP39+vdPQ_A8c%CIltnbSalN^FMSyR$d*|
zVmXYrz}jbN6xjx2Y2a|Y4Whb}A4aFz;C1^^&6T5*^WpZ5_jCd^6p|Ygw1N>&YG7WC
z9De<I?f~(?{_{;_;Q!v7q$^&@Kp)OBb*+6SG)|}p6;gg0-b9Z#iK8vX&7r=!IXlY_
zCs-~g2iIubr!Uvz1HrKN#F4p1#x)x(((9wP?PiP`IunMYsHviS%y0qzv%R%qq4Q(X
zn0Ub~0`if04`@Em{yv|Y7lgy;7;16MLly3wJGNOt0d<n4*r4W?3u7EOxZyFW#@m5_
z1rcud-57&H9%w#>h32Emirc#UQ0!{ju`!%*)uX&rC0LDuqD}?hExt4|9?C#HGsmLp
zX2gdFKB)HagCHJj0>A0rTM6TVf_Y<&ARh;jprFWuirwMTT86%n4r<m)Xn4qEGOWyA
zlt+$dSs)b6%>^7)eMPh|fG3Kx|EQ{gt9L&|^Rv{c^2D0OvjhXgb3NSG6xp(B*EZhI
zMXY=hJQ@H=%OfZW7vkHU@rp`p8+uS!mBVIn{{wK3dR090NFb<w!t?XR{)CMh<er5?
z*{$(iNM>9~#dQ~s#}I9*2oLHoBW%FseM%aD8?2M0O$^@yk{K@3Bt%-bB^ygqUVkEk
zvv?RRH-Q<L*Z5vG7V%KW5--_%+*cBFOy=grUBn`(%%{{|B1su<)=AETq;BN<#mRn|
z>ke51QnnS<F;fo+!=|ySqf$WCMb+yMtl<Ryr<j^^qQ}H$Tw8HI@|IV}g5<FrW5CK1
zm<X*S`?va^o<aWq^>;vY{IBQWAD^iN74qJ@bQl;IwgSM<NYt<XhgjH6Jr49|Siw-T
z@}5jFFm%MSk+^3Ocer(dVP^I|u`v_UO77K&R-zlJOY0_rn?>*%`2QZ>gL)RZI4$DV
zrGgB~W1-+Q-N}W{E4!dcY5!c7iZCbwh#wXK_G@6W$jdhkRYZ;*yEa9H!K8be!8HlF
zy#T=*01oV-XwZJ;{U4se{eSFtGQkbt8lE2%FSJ4Rm}}Rsf4Hwir(}da^|z~zO(K{_
za191`t$8;q8?Se1Vk)Q1&zhF&MZrfqtD-tVHCks>@+4UBs}fKY{AGb&fB`AUA_1J2
zs=BsVE)`3>*1V3SRPpvNnLY8PN9uQ6C4rukvSX*|ZE(b%9ywxOA|97WYkNZ6k0pT7
zRBxQ@J@|l`b0995n+EAr<6%0rUspYQlh-@_3d%7f#3crXdDaD}bN%aQK;dDX%doc{
zR5^nWbrAMzqWEr(SW5SBj=2cSP_V7>zXJWVfBg(d4?kP=WyFK}H0)3%ZePRaAI<?}
zMeTj-K#poM4XOq+@V~`>|NHiF2^%J~+M|(*k*#dy?~gf_F{3Yu_cJb0KZ6a7YlkAZ
zLcMw32v<UgQ4c|$LJlnchkBsJ2i;`>`_Jx-Wm5Xdk=?%KG|8K&s-0rH4W6ns{LJ*{
zVwoRiTX#lpCEW`NyKbzwRG5b!_8IkOv7)UGv1EyNXx13u(`cDTJVEe*d3<N77dl~?
z6z{Sc*Kdz3ns2R=Zj!SvzQMK5X4m9cL?Rrr<Lk>3>qa7B8F3n$z%T8)b~Kz+XF?dV
zj#Ujr;uN0^3h%du!pE?mceU6se7B+1o61sjD7_uBg2DEhB42!Tac+M(Qch_@b2ToJ
ziuFdthT*n{7Y~5y&W6hIK;m;E=GaS8zMc}plmcsHnEBVr#p^HZ(T-``wILt828;w2
z$81puWz?lVm)je}BhYIa5pl8gZn1>Zl~5|jBg0$~kESX9IMazct3GfDAb@XSRRs2v
zS~?^&W-k?3&~vU?Ua96EBpnWZ;1(jTjN&q!R57fVz5uCwv_!=)^kh|SoZFGJt4@wE
zWEsngjRfwY1$90d3xHtO<}m0<QO_~!yAqNLm+y;L&aO8;*P-~(Pp3Y7x|YC)Nspz(
zz26*0-g4x$x!Qw@7_AnlM=hTHWeI?u0-<NQ-*>ZBV7zmw75^c>rATj?5XVpJ)rP&l
zh?oF)@~1`Q1Rkh#{xOH}bCh<fo>I&s2IYq2!SWM>F1iix47mY@;j7ru8xXMkn>Ts-
zSF1-q<amB!p$%n>Hhs}>BusuIi)=aWR8r>yii{!QCeTcH{hSGqDhFl}@_7^bGletT
z@)dqONt#^TCHb}1XrUvupr<bl-#kn~_GnbZBKm@GvGXb$xJZ`Ou0RJRG}1$(m;%W%
z@KhV`T{4zs@rf5F@Tb2?mpvTa3K)fa77(t85OgzT-*|+?^Cm+9XRfef?W)c0QvFU3
z5rDlebciur6=_b)ya<tk2LV}DvCwkn&Iaf?S~U+^1$5ecq37!mcc`?qvoYI-Jp2d#
z7fOqrci|I^B0lc|te~R-|9Ld_XLajwQ9oi9rG5Uem481V9rG1C0FqaC6Od6cgQ!_b
zMW!0v@&z7{BK<=6d&fkR9w08jU<0}{hNSx#8NIjaRhe1<)Moj>C3cq;_65M(bh3)}
zSjUF@EQYPOzhMS>1kmtkYuT7F%Y?k%dt)we3(*3u_m{MLJ3H^@X5cr6%Ip8JkmshJ
zqfsLb)RV4>wQ>dK5GLYFW`=9WiSurRC6%r?XOUTDH*>X9m0nspBSZ~#Wlinh1TqoB
z*MZ)AX0}BAKE`tc5N8I7E#6&QfI3GG3AD;rO`NaX^l+%VqB=@>|FWCb!eBA%v5E6a
z<N|2il-ghLu=yOj%hz23rKEeRfbLNOB=O%tEMsd(_nK=cimslabBC%KWfVvkfN4$?
zJW-Y4<`0^hlsJl3;({$mf28(R<FPzFm?8%VnV~~8@aZx_AEsjK&$l;*`C_KOT8gDd
zr0;bu19NhT)oQPVB<Eh5!l<Vw<(+^qz`Grl#9ZuDApxk$(tSp_2Brgir#sVGZsSX?
z9HU)t>G0$*XrZ>VGF)b7F+>v!`ar(DoCCuXLQYpL=SmA5v$C|zqx~4=ygjq<gt?VQ
zsPw*`VE-^fdKBsogdcfy!vH$DyFf$agOzMgImCAtKeT-3#3vpj2QT<D%6wzTdAQso
z7GM+kiD==gZLjKwSH@%|wYOI47@XVp_C~&y7t3INT#_cvy`vpp8wrF7$_-8jyKH*7
zn8xl5PVsd6AmYkxwg);-%+V_qyekJ<3N|~7fKZW1_l-q-7RYq0w*a975iqicGX@_{
z0_X995Zs!}+DAjF;VcL)f2P_8DcMuZF(0Ae*b!5PjkmEp-8Ec>lP?z{K%Wh<_hg}P
zg|elfK*xmA%`u=#B|;rN0eU-(6hq|3rMXO}d4nOK9irkg^-gJZ&Z!}?BOMziOl<Xh
zXOh8Xrcn|G*LoW}Gz5AyKiKH2=k3{v215%UX6WZe^V*M_+wh>!x5%4OZ#F0VS_qgl
z8@a<tJIFgH9@_$rblr%ZkCH>ZCg$9u^3b9I>i|p{@64Ns!SJ`6<`HFgFpD5*gF%Q<
zswQH`0+GoJ)m^U&`a3k`S^~Ct3FsZ&#XToqMJd>aTrGZHoaOO*AL^Lt9Sb&O*h7a(
z+pOLFTRGPN$bq}X0I|MO!~uJCaLjEF9qhgsK&>g86V^!HQX)CR1lL>#ysKb5z;CFv
zrFW-NdMoMPV6V#Nj+ckrH~Wv*F-;4f(4}Ty|MFsM;bA>pdNylr+@6ks-8kXM^e`ZQ
zZg-Z}UtbtyS!s&48J@9-aJTph7$bot0@kuqy_H|{L9^b9PpM*`ZD+*P2&{)D<=SZp
zjN{`pZfMMEO6WLtO0XAy13gczL5t&*k&Kr&K!fBMHH>c<JYQ}U0+!dN+!e3JFJH0%
zKz5KC$o~6C!R>3Yg*Op%M9H}oWeA-C53&@}9zYe|=HY@!_u4PEfFulep>8{Qrw7ib
zVbFhY0U%i|0g18GDH`fK!He`{S5I-u0`&hJi3Y+R;ASW5ZD0U}#w^gww)SO2foR@0
z{S{u##N122kI%Mq*<%eWGj4o#bIsR13+hn#b?~{noRPGHr7=Xn9DH+wD%Yvx8&EQk
z;!VA1i|3S}aeo%c%&8|gW)cW*?7S-Fn761wXD@Qu>vc)TV7Rl~3sG(pGq(8z@#+YB
z(iF#cr0SJRt<y&m#)md4Hmrn6o$>|%YkqvT`{9~PL+~=Zp6BiLQ4}dtP3W|D?*W>9
z(#ES5`IxA}vdOEghN+S;g@z?(pMhk`qOnZ26e+x!SAv!Hq`VLhzouiAH#?&gYDK_|
zgGz-G!>kkFvN&ts`Mkb~FRz}&Vbfp?w0^O|1RM-%4raFfO9|iw-+{>Eb(Bk=7jp0o
zP3v-U5Wc+s9==2x6Ung|URcirLE;vtct+U@!@{7N3uuWkqdk(u`E|Z;crl}B6UEq2
zcpi-$b$hBPT1>tqW|)%`W84X`>R|y2wcc`*%T}1n5_9-;LM%Xy7eVymue+p6-om!n
zRhbvQL9LfL(1&E~K=-=O5Pkk)K5Zhf9=wv6HMI7RoIp$6sW8H5wgtdVPUp2ua`Wkl
zU3#Kp+g`;j@wI$8By+XK4*)&G3}2_InpT}weaFat?iQ889%#xuPO_FPJb#CZHxp3*
zOCW&;NuG3ajoB+|TcRzeK6l2fv)Hr?omcEOFq{p81b^g|cz7ta@1{%B(Jaj>jcm(r
z08I=&wqCka2`(2D6tkdd%9jHClI7$wg8ck6VXF48_nS=1Q#<Yf$n|tBJzoCWJLdPR
zE>+s)wC0n*OfJz!Qog;+FH9v!Q^%<>M*Mujc4<u1^1fkaVbt6nPN9rX2$iph)^kQZ
zd=%OU?3qWW^l{~ZVos(tgecvkUw+yDJZ8HqY2jHJ=Vlk^K`Fgop1TBT<D3-(H>ahE
zO%o^}*f2Tdf~5f1D0y{)X*C@uvl3%}nNcqHd}OADeT$;;*OgO)C3BceDhuVkXA7OD
zYEjf%h^eo&7F@LMm<Z`rb14TVe2>Qi>aol_d+Aa*&6WWMXd!_<Lw9|&Z^?k}Y^|G!
zGBw>|@l;H=Zm4?asZV-I(dXn-GiL<yJ;`TWm4vWa%m!E<OVLKuy7|NzW)zM2rkJD>
z=ZLr?2c3e5_CwI&klT1&*p{ZA<Gg22suDl#QFQx~jF#}Aq|v>Fh)dQq2;+da=WDZa
zm)O8o-W%sEVfT5moLl7H<TnW}gB$9%z8Nx<;>xw6nnHs}A2Oz&Kq^szsoU14s{|3k
z62I-$yX@9SaNTcbqe?JJoUpG1LkVDLr<_P@FUcrhReo5y^p?;d?vZAdU~fuBXQMCq
zOI5%%l92bGKQQx`pt(&3u&M2-f~qRfJbh4bLBBcYb*))G_ilE_A1}M)P6wk$jOBSL
znlHfn-5Ptp+P>UbCZ(-mO*7D>EeP^&9+IoHd*@!-O2|{Y)~dpx5v|QmTRnkGeb2ev
z*m{Ji2eWe{#Yj)9A%K{BH_PjbI*-h9FOgd#kp3FO3xAm$%J?e7SursFa+l<FG_O&*
zQ1v*qKK%I?USGd{btY|zBSRl0Q^t&8A91vh&~hc`#v8@<B^R))Aj5eGSeCrYu-yoT
zn}S~__?{~;qOhS;cRa=Nksf=E9LQciBcYM&N2<zh^kHJ))oV9a9vB`9vDw!P`Ftb+
zOp5M40ZF=H(xCr)7^j319X7v^TNCJWkK*F&yDrluMU(9vuZyvDzu5fMNSd|2!)*+@
zll%fYEOdfGnr(m}R;G?ku0yGupc&%1ju-&NT6<U|i!U~loV(uf5qKuVk?}$XVK3{d
z3C&kMg(hIf&&wMi2B%~z*g_P)_(VJzpzs3vi+Fh|u--K<R|5<dqc+x8a{^;N876Cf
z3UzKzJ##&7)6e6g!tUS07EoC%Az2$r8NL4A@e^|@!jlZr@?JOTd;Naj_E#6sPLW~w
z=D?uM;>#`o<sqgGsqao4lDPNsxzM_bIacVnF~1N|nvqZMb$KA8{4))^<y0*;<>NY*
zRHaYdo>@{`k6eb#*ic|iug&^2yySvtkbFFIYbPP0p&ekgbxb-Q%a>1Nav}zsDx=#0
z`myTRy_%=KSy!DTfZRF0Q$6?aDA3>4PZ1sTUNM~R-F-SI5QN$!gX0+`{v0klRuBBc
z^~IgtmG?Fb_U(Qt^**O@eUNZa(q`b}FD320fv82L+S<$0J{V>J&l;aqNK(RYcS!@4
zi`s@#Aij`we}(oYwKuWGWApxLo;57eIHPK|^28uYUwP1(TVRYfM#gqJ*4xN_7zYzb
z6ZLj&b~FJQxATbArq_g;ri*UM=G1!o)K;iqNY_7I*?U$XQ>=*BjxU&2gt8=k)##pa
z@Yc!|&JeH`2+`WbqJDzuUOW?Iaw`zGDt0A7UmZftf(Th$J#i#SYO6MwxKZQTiEye^
zP%GkQ`l%U(1q#>9dyhE^)pJIB_6E^ibm{Cy2VGAokL-Rx%<8e~Pc{ORY_=@wLnf*~
z;5>uLvnuAedqSCE%itnnaHFRJ4HG#UU;C*tPm5$n5bIe<Iga7(nP10nez3$4Lw*l4
zm1|KN9CQJ8JSPqONqUqZbo;)0U4qJYMqdCqV*E18v{zzDF}obbItucuPdt5-9d`ys
zGIG!csAyTq;WYK44O`?IA3qpmru$y1x@Wsr`E7?UmWDO$icSD|g6y4Z{6U1GvV@2s
zSyH)~oFfc+gloLq(=Q&sgI(qqY%~y%!BG}ceGLo{`J?B(uT*_JSgB^at!^Jc#CuTQ
zt?sP$pvdxo%hL0W=3AhyKM0ic4>apjAb?q*X`&0(6v;D-I)*^2_{cB?D7TNPaPF-f
z*nC1>Dy!SUsFVnk48Et|Cjh@pErf$9kQ}ya1w)1re2P<Bk{hFZMW7vzB!$1%;nK=E
zwfS%^*4_1zbwWE?wtAd0<xADsDfY@O35h&U-o>#c&_E`bBSMH7(`kZ&R3x%<+1}B~
zal11%Lz0Y$h@BQr^R1D+VhO!6ayg*3#@j7(bIldg@kOlMEjAUGmza02RX4HY?&xW8
zZtPGQ#cOMyW#)S|-@b+|EM7MzO$U!MZ@P@DT1xPhDucG9H3S}ZaGR2j3!mATNykmL
zy;S{=vmm~0ztf#MXyn2<SdusU;S=45<`%{0)Qb&<BHIzL%r1s?f>2HT$vlp)o8zgG
zEHx55&xHxKK^>e2gP=Md=lz+4D3aLS3F`9la2Gwx+wovg5LrS@Xb3cMsBbl2hSwTx
zfAQk`%pxY8Dpbt6`Y4l!(N`g;?Hsuc@7ilAIj_4O<1Anfs>#v(wt;YoF-#wwcWrxj
zim#F@^~tuhoq}uxHpMOm`fl@{vtEI}8QyzHfiJdRs0E0`ZdISJkoHfxLm6WJ>A;1*
zutH$o<1M#Bz{i|mY!u2-c7|*bXczFK-3DZfJTb?JI?tMnl(eN^O~eN6o<F1w^jOIo
z%w3KX$FR8Wl;4Tj+Y@dpAz-Fz{q9auZ@=_d@`>m`lCN|4RGR)epR<;4zSF9jxGZHS
zDuE*dy0g@M0x{rP=NC_-Y>sO(?v0jbVP+G)=FU8Tfrrszv?&++J|brwaA#AbkO|dL
zU*n=kMUb%5`y<1eV&g8G35ehppK;ht(M1uGNG5VxZRah19U6&Gk@sGUYGdbBKO610
z+qW}P-5ba<rJ3D)%qOQK&>!Z!RNW^4fxAV<Yp(sKvAjzc*$P6CgWqzr<lP4*!GZ3l
zNqAZ#h^Ettv?M`jV&0op*;>K^%ir5gt+W~F&9vAUyc6z0F|09w-n-Lnw=+)~xwkxB
zP&(8Xvs3IvG_qTxY09SLjuR~vQN|SYAU;!mxi_2+zT3&Sch@S}_t_KL{%Kj!i>Gm0
zXcD|E@ULt?$XOZ8(s+Eg0(H_@#LxW|q{yWvbyE;@Z6Y68%Ih!-2wyGI*qaEJvKBQ@
zi5r#D5dEZG=lwBr*noSOp{3wjK!p!(0UHH8L568&!?=8<9#YIbfq;t(m)MxWjh(4g
z0=L^g#m~)8X&>UWX32TIqY1ah7YF^5?k$UpujLHQ7gHAv#cYhdUf?xY7fTB7W+@BC
zm%t>{_L5OS?`+4*dkHKFPBQJ54iL>ieN8&g+^uL16WhLTay!72qihU6^Gi!~+WcCp
z$oghk6OIPX``ML(!txd=YMyq^+5wi;TS0_NmhUnhhUNxAylTt$&;l+)-HQIehsj?M
zK3!yXrz5wOD^+`YvPeaPleds#Hcs&x`DW_Ihky++W}~jB>2K~EJ;9v=-&@NmP67hd
zQYcSalf1~ie{0Ng6RPp2?YDf<Gy_OF!m-h}OtmtZ75u~y-aLJ;noV^;3X+u{|DIv&
z<HdX~EZ_V*i0+|~^9oDi{$*rXtI<$Nx0DJ2IRcAQCW$%W<%m!q;hEH^hOhX72ZuJI
zN}xt^Hbg;z=CS&64e8gm%dV-uaXKtUb00sdmw)Qbub+}TS0#we{B7Oj+oyrS&jQP*
z&ntff&Fv8@GizyDdUC#fExlzri6j0zPqtW0mgUO3K<8D8O2fU*wbI3k9eFQbCy;S&
za7xG)Uc6SlOg!*m%~>zeKLTMVIX)nTO$?hMVoBuH#VSGmFi-i{WnVlP(k@DV^8cQf
zU*6Bl|6Ug&ni>3Fl}{hw^R^HSbN72SAQTKGAgn=TkkZ~D_^2<BbgFwfa0KwjCo;3A
zUl<WIX-KF!fco3Mh-o*{P$O`FwdbkK<R-kEWGTe)L|(q6x+&PPnjImO)Zam0r8QJy
z1u1k{MdAu;Lj+z)0Xcq|VVsudxV~}js~-n%`%nlxXBLnll5ejmBbk+h`7vfMk08d*
z<iCz0#<XvHT>UBHUdwv?OWBvToy%+#x7_#U$`g&6)|^EKY@tHMV@%#Y!?%ZN)Rs}n
z+Ymes!6>jvYtx}%KM}LV8#gzN{d!R`^R4|WEBMnJg(FEw921Nvl-j*lpsKC-_o^*`
ziwVNLH41^h^QQO7tP`mG8f=@N8ah4!)H3ap-}ANWCdZQuf^>O<Hq(}NY%a5M*bhS^
zo@C-VD&_iB8KJRTSTNaM9PtW}6LyI=5+*8lx4DDLSmLKDCNI#0EkX0C=Y?qN4|=S*
zy~#0&h`f8NoqKfGw)1&o&a#E6gBFs7U7P;F`Jxv%fX=5uVtDjzM(kWj1vDLoCO3>N
zA(pBeTtq`Yoe(U!ymuvWZ*R}}7V%`WbT)a=En(rktcw!OM7|+4g3K$3d?lY&-()fY
z*;yTZ6tuNshNT6lOfo`mcB4^k5tLfD*S;)9j_f9KgVJMlieIL{#k<$YmHE1fBNTLd
zA@>Q|O&Ua7(2Ol**pxSy10_i`SP~B<G^?p|APE`=QJ(QeXkpo_5*1Y6+feeX9PN6$
z{(iZ=m7L}4*Y6;n#7Sfp3DE7n^Aw{w91$mX4r;*Qa#)n!*9`I2V0XdF+!>o1EMbT?
zQ4wWj6ADOXxnD?V5uVW59RoU#N>*;N-yM6c+&PiC#I_~-6?HOP8qurP1Jp(h!vqxF
z8le_^0UTrA`YP8yis-h}kuH;|)e~7f8Ho{NY^S@5>G<(fszAVmvQgWqT*R~2Eycc|
zFo)=tx}T8fCKRQw5{&g)DpE6ZhSc3aW6)cCSIwg`1?ppNGq$e-DMYO>nz-|2A5VXE
zv`SM0qQ8=H;xtpSE){nz8=*qD&6p4MnOyFbcg)e|WvgpzcB8l56yTB^vN?#spxJeA
z9aQ>VbZHK~DoHL455K*a>g?^8n5UYrAHweA;$86crXgj|Ri%Qo5;59a;&P07Q(*2N
zaGa;gl*<ctr&n3L$<tviq~sI0>GkX^EJw_;<0(w&rMJJQR~`AQVP>e>^ceL3y81#0
zVaPF-B%Y$0GVz*2C{$8?c*L1k3!;^-JuV7=$w8(+;j6>*q2#l5w#Rm<A-v9$#cr~N
zedP1{ey21AJ1RGYm&6Z%jWdE8KF_Ang+A~>^W{R}7btT{&U}Ar@-|8hkK6UKw_8`u
zQDDnXpyBG)DBZ~BTlVUgvlXHo(gWif!o`TV#H+-MwqD#oGkKPTF9ye&sY+0?Vm&|8
zuAR!+v>+<hqLp(2ls=0W;{ny0)F<xcy*1xjI`pj|c$_8*3<rs2Fkv{mGua!G(Bvic
zL5%b9bw7!IQ^YGLL9<r&bg*@WS_hk?Weia3c*ObyMjY`F1%|s7K~vZ&xRZTw=`@Qw
z-Ltd$9GO%64tef_y>BN^ocQ*w+nMRwVSAg;(MV;Kav|Rq9dN_Hc*499e0>-n>-C1n
z$v$aLfm<N<vZluwD1SSfV{jrjIaQOtj;JRKE`R=1$r)+98bT-ElcyCuP~M$je#glD
zZClQv)Pz)WV{YTq`rPd7;+~`D0+-cnSNdYPitOI->$|vNYR+2=H=1v$Z!Gki+4J_S
zL#2a<v1}$4wC+AwJtStj1-t>8FZfg{UVdIbxwFXaI}~dZ`|V4|l&2A2scFwVrgPnl
zMqRq`y=|k-zMUG+z*yEfwjJJC_pHVESdLV+Xd(=bkB`1g@qH`iNjP6VEi?-1cxzFZ
zCP2M+^dzS3jm?g*3R&Zw7f9D>9D!1eQJu^#(E7UO2+prz|LSA~5NqZDjRC9ULFwuX
zkinz?N$>_uuYpos);y-mrhqLFmc^;qon){{1LD0g_)uQ%aVuWt1K&#cdv`D1)t8eS
z1B0K~M(g>$nt8dDT;khGg>2p^s70BTl&tMR2Z95fmm1&^u|U_m4>_6O%3u)Gcrl>e
zTmwW=2Xg8efTF6FLZ!1)vF&=lPFU1f$?9FFvZ48i6*=qZMHtK%SEU1F_va+JW)e)d
zXOgIUumXT7`vUHy$cUUbN3ZT&t0%&Rs(B&Jpa-rz6q75>buehAz#*A|8mchmj{8<C
zks~}rR$VfaB}zlH@>feMAPHJb2FFp<8c<^J!Pu!nA|;9emt;u(^`7X2)gST=#N;9C
zSq(HmYBAKVLdhEa&KhJ$^B2yr7v1ETe15kYIHbHRP-Y8NQ3Fz7IFi@bx=cax;|_Ii
zB%WKa?=1~|kYT4?7##oU#V311AbBg)XERb9%Z;?<knIHK*5zU=$M}<Fo8W*JaDwWW
zH<sMam%X{(GX>=OMkP$_@7g85w|&c89S?Lb%vJqt49B3{^Lp6?6$46P`MgnlxYWM4
z1M=3&nVnZFW@f_2>|uDlx_2j28XFri&O4;Xhs2~mi05_s%tkjw!3f%qVJ4C*j@I}s
zY$+%yF}Alf37TCCP$v%^r-UotMWzbFb89p-%H*dhHY0;4q^rGrNF)^eyz^3}8sK}6
z0@q?y1Qfh$O04DvBg>uFGb5MyzAgo7)cN9%YO|LrW_??kr+(|`WU2bB0T5<CWr3Qz
zJK^vb&lTQ)t@Tk*5XU&L=4fU&h{G02ufjDVO+0}AZ4ot0#agkb?y501kdW-pZdH0}
zx(d|P***^zGf$sUb`#+{&#6Zj-OCzE$Zkycz*~n;Vy8>_KIqNO0cs5AEHPF)E4MZk
zswTh%COQ&{t@=e#3)N<*bF)H)quu*2@{D!^1H<y$a~n_<)<Z5;KIB0+GxC*vAe?$2
zP`Y7R5@D1X&>=+(h6UO00-V_j$NkY7)W!WtDo&B54ZKv7Ajm1{CQ=zE9HD|UrBta1
zi|NC8@C5~g;p)<e_9!rmejWBIE&6L;JRoSJ>vh1g@0egOuV`SrT=7gJM`z`=z7jxu
zkYHbNv>m-pYG8m0Yq8wSH^5xs_xCp%l&p1lrh-E)R2he&2n)Ip3tCt31E9MiO~+>>
zP~&*>5#`B%l|6f0XJ;jiyu?$D4)iwf55V|iM&a|8eTfOo&p#a;=PA-|OQ}<)58quT
zYuP?Gyend)YAsSyF~Z^H^l5HJ+Y!Q{GD?HW)Tuf#Q)us?ih{dEpGX22D%bouL#S<_
zjM9%Uf9dISA)wQTLr42|tHQAITZqT5&I@kzJ_-06L2h3*_zj0j(gwjvefVk|bIBaY
zECZu|j0aaA?mfy8?Y;9_g(>U<g;uz2B|pG;y<tRAwrF9UR5I&A!hhdQ=<?}q+XhGk
z^^3k#qc#h)M+U5(AtTriE9mH4%}OK}g+kGSRV{DX5Q8`_JGa{F{P0S4L4i6yI_@>1
zBwRB-gnGlkv4oY35jtFwW|7xR#QQ~|{Q~w2QiO5K=wUx3R&o3Gi$hl61M6GQlB(Li
zumAAD4TV*_)-+18HWw^kBfZZ`CTTn9?A9@cd*lUb2QNUm2rHj{vcLsyzaHp#U^0|V
zJuot=awmXka!68-_1F4?5TbUAUFqGHH{&%nuzWuNuH$0rQ5l^M{!D)yf=H0Yow7EE
zd2BEHmv7&)8B>oLTZykv;J+CX#I1dny>-#-#gBJg;&wGFm0UbyYQOiycz{3tnp}yv
zq@;CGiguV$j1e!dH6c(+fyfa#PqdB?F@Rdr2c|#ZY_0KBI<5ft5C!Mf4ZdEyY&OT;
zG^Rw&&ps!ZM|iW2(3NgDAwL<nDq*+pVq8jo0^tl+F8n+b(9SR?U)Mg4i9!oI(K{pY
zwTtoM0uNEwFxZ{J`NvjkLhy6TahTr)`jZ)*k-M)om<H`QlFK1Tl)<r~H~92L9!L2x
zDkCT-v2O+c`$z89XceuPN;^Pc!k%NB;3;l4d+<?|#SQf$#3D(PW$HgaauKHa*Ma@z
zSN`b{smxdu+`8Ud4^mj51x0&T>)vC{_P%EZo1gDbt11J!KG_*;)hLy&Gct7b^>JVa
zwn$t2+$bjyC<GtPt$tFMsnK$W%@dXQsxu)e>=l6p9C!=P4h`IJSp0uy3DIz`{dLtF
z|FBVL;L<e-B7a?vB+o|EsnHkf5VkYzyQL9=j-iBGly`afar|Hn)f+4OV7`m6nrN@b
z9{_eoJ4b%=OSJ=UPtQ5=WKa_R>m#h<p4^y7`B0}Gt@JOW9vhBn=~uzX1kpIL9hi?J
z4n4)dRKvc_tTAiEZGO-d5Ag)PH^4O<-u9vOQ$N>r{^|O9;~MjW25q51X$P;ndKMPR
zW^~n=k}OTd0e)WJ&@jroUOSmndf%h(TMt)kaxi|2tYi%){$Ohi70_njRGPCg7?067
z@Jx8(Y$iPvoVXt9=E?t)=aba=JyEDNO<>3H({D^sOrwV<q|k#$TWfC46N4Ix;!ls&
z#fU8+SvxF#96mjY^O38(F&6FjNBkfY8-e(@NpsPMquG#P=r01Z+<0hR@W9e^Q2zCJ
z{ps9CLqEgumzDYBk0>$zqY3Mr)A6;5^lbZmHGMZ;aSbSvh9W_Y9+{QCPtE^<@BEV)
ziBr$fTj^oSH<<rWQzrf3!MGp~n?Q@}KGf#G-#o#B?CE16^kD3WJd0^sw?-oMwQ+q9
zOcO%j@xb$T%)saU^?3cs+{FP$8w{(mB_DPfxs`SLInUc;pz9N^RXA<en<oj`Lby5A
zzd0e5=K2aJd5Y8_>BbC!eihV3#*rZ6Tv>5U1AD%UQ4gofM?svxAhEjRl^D;jyouA4
zrt<;O8Y>}6O?<kun33ay4UDg+rlG*;-toC+$EO}6u0yfwZo=1?^ez9>o7Pwds^#vf
z-Tiv=u1g=$)GhR2`v6`LLzo?Ur2}Kb81p2IL5ZM8JbgXumzJ;Rp1uiDD)5}|UHBLn
zae4)u@yTW`0{=u)t!89#adBl6EuKiL*}t6c6pc8w;gV}EVyzh}rPcU^>`2j!>qcoP
zptIw0+pj<L=uyUdcEb{;X<qG0r*)E@ISYL_-J1l$YI+b<2^4;Jqx%Dv_|kOs9{$<&
ze2t|sA&uC#!>`;1RGZm<8V)E-BSZd7Z=GY-`N?$1s<e9fVY4sV7dh1I0nx?B1h5d2
z7&{w`Dy`w^U36eh?Cf}Z&Yi{`e%1-QkSngGnBBXaW#8SjE?RM%P>Ra0J|}n2%b>uB
zVMEAT1ecRl{G8V8)lEq-M2eq71i`6@>A?EDMsrW9*tlwQSV$bo`!y>jO_ZNu)d_^h
zmtHuW^Pw6jP*d`Zy<g7sIp1;Xk~OROHQ*JB$>vgPkYP?5vm=dXNryv0c)M@pd#Nv=
zzR_=qYi!Ix{``!}FLTlRI0LGIU%kFH`etB5{SMx+YQIki0W6wlHU}`0>?pt6@vAZ3
z4U9|3p8Va$IuQ*I%w!O)8=p~W=#fRysgxu*o-eDUl0QC`YzU>+dun}(-jq0^)}PDh
zr<XSS8t8l|Kg4Rm^Ax*g2*H+W&pWb0wG@4MGYL-J-2+YhSwrOt2QAwU!#L2h3?VaB
zet~t}q;^T+PEBn*(>5CvR_cBad}J8OYQQV>f=%N#D#iBXUoA9bbox;p9~3<z%&&fA
z&9mv15Nrc5kg!GV-$bhN-L0t0ZHLpA*U}rQ4hg*vHI850+w3z^Xx;Bi+syRryU(nP
z{F>t_f(>f7z>pk2&(Q8^Km<-_;^c+41rWqN{&`%UYK;Bfx0nn3@tx@GhJIYA&9R@t
zcOMIOls??{x8B6b7$94a)uA(A2cb4~3wh{IFOG&A_?wJIH`xtO5v#Z4I#T<(7@EM8
z?B`{Wm-shh3D))$K{n{Uv)cXOR~3jiStw66m_B1)c=r{2t;Nr;l?KZI<lzn%ZXXtY
z!wMM$C|nPMa;f)aK(c@Oa}X*2-X5740r-+?!S-kn+<oqvn9vfQg2D0%a_tHv1F^Q3
zvInxF4!Y+(q&#Zhcz$c=E9-TFRXm0H9H+y6J74VP?*S}ip8q^==)tp3gj!?v+mqJj
z{Met*FT#Y@d$@cn>}h`CXkcC70&9cjgnXt0KvUi+9G)1+Z2$4owEnV?1Td1{x)-Mi
zJR*Q~U-XN*4z8a?a=jn^*zLd*3xl>t`}x`-OVxE23#8otW}3SgU$-hueBSRuEkyU9
z=JL(zcDQs|Dg_I{-G@mqYHDsS_G>Tmqg!&V?A_Y}1BW~(4|;jhQT)#~Tn`S2&aQ?u
z<(J9#3H-L<+EAoxw5A0ZpJD(m^jqMa_tQzxETprCskX$*%kJf|Tm+hwH&3Bw8cs33
z7y{1l%wduw!#H}C^N*8__UG0AH+wpr3WU710>2%BhsaMg?u5T=_<#*bY$06&e?_^1
zjQuO=T@|5=v9URqwjC-9xVPXfL6P@4=D!`>#NPMMP1ucC5}PC?KoVqWtf?9IKoK>j
zg$pzZDb(ORXw%kw`+sI$UV+P^hI|9N^sIW&F!lIe)4+Y<*_b7)&bR|I!*|`^4;BEO
zT<b{}U|a%C;C>|Y`?i455PaFib!0T{Zy<0jJ{q|G(IkNo=3i{hKOgfuP?AIPn@UN_
z%|~d#`cDKFR3Vj;!=3b6J?;WHvbTR5xFa<1uNTnbkifuS9}b)r4(z(jZybCAL@@BT
z91{ztLFN?qecD6M!hCOn1N++~j^bXb(b{~#=uHAfl6W{0u%}mg7-bL@OGA6lI{YU0
za)Iq6lep(~gvb4S;5RZ3vommbj4tzwgHgHuHYx-}TQSMgXEaWzfJz72;bMJog9<4L
z(1!&5`iS}__>ez+HO(1TaURfx^CuA*`X^c}SOHJIGmocFf-$B1920OjzpM5zAwv5$
zpPJDBb&gbUa4@k`WZQ#NiFRz`cX*6U_vX_un;%1ho8jq)bumQ9Eh7JFdXv#0x2R2%
zV-4Kml~%0pZe>5~tbOp?5tM_x5G_SeAt|H)f+5H#bN;nPhtmt|`49L7YNZsP`-+*B
zZH6+i>Jk@}vd$dyVQ~LPBv(MwZ5f3UEfIwZLp_B&-FCysC-e6D@GgsK-~$6w4^OMf
zHoFmdP3;4kNcU%{8N>44RK3;~RR`dML%*m+p5@q|lchhYicF0m#UxHd!^#NANhE^b
zjWDQmD*0mJYQZl&9VjrtR4Py%%Ar>(VWCsZDUy8ynB_!<L9aq7)Q+u#t0Ky@v(}VV
zZ^*?#ZX4C}8AI9e`7K?uAsU&J%}ULVD6RyswW!ljJ@4lpXq2C!(iqy$jr2;lBaDQ!
z8(Al_uUs{4=}Ng2<bI&Tc{pq|&qsp6R|<`<=9GQQ9IQ$Sxl-MP?|`nYLvbMlEf||9
zkGJHBdIwTMaghQjoAex%96d#v7+dIqQp)YS&#LB!AdDR#681xb6NqO7Z*0&hWtPCE
zBb5EcgV}WTe-99$x@B;KG^<!fUs18La&}nlvk)`<qXk1?>=Cg0%)7fa1_}~&b4GX_
z?sg^s2)^?z%rovFj37F#M6RyMZ@?X?Gq*}Z!e&~K%S(qD0LkkW9PZY0;th;GXqkiN
za*7}20!Kd&DAY7kxQ!kuY=YYF?He2PgltCir0-?O6t0u=E%-xodh+<3LN!vx7W)1q
zEU{$8u@<^xEM0{Q2q}6wW-B3+tqn{v?Y-onaWXksjh4oz5&rqpAVJpqxd*hstvlUn
z3j65i+zkTED@XWUP{er><u+rGDgVj7M0N7jozFECoTwb9kt(i$IK=yV9P+&a!>&?H
z^|>#bIgN(aER&wryz}_J8O7<l-^Em%nEWuua^_i^LMPr?&w=>S`Djp{$R?eL0o%Lt
zFvJ6E0jglC6&iQ3g3FWSy+B(9dxc+4ChBeVoqX<UkOrQ?=NNJsd5f@6Y+njW?Q3r-
zg##h^C2>uKQ3}QG?b-e7g3J1FJOC@Hxjzs%9tPd;@fb#X8`aI2O;lZjbaD?1!|HvA
z*7z=MWpSG|i65Xlz|RY4R^PPXX!zgWScCG`#UBRaG%gcZg0rx3XY%z=xX0!V%@3-$
zF5`%IfttyLOxQPoswWZoIp_aWuW_+=S_+LCyJFIKal!FjIaKQs{5jJ!HG+W?L<=4S
zgoM;%*%$ROj#4_^kwJ}!h)y5=q%9#@;2yU4rxU59P<}pO`+uUg_LmCIWhQZ7uhE|L
z$*Y{2BJKA~Zv9fof-ZK7LAfYui+viR8^8?zyUOyPDlZ3j1^=pU@*f`gQzbJWN}0UL
z{#KOZ118`VwE(F56F?#B8SNiNph@u$MJZr+|7rbW3H~?gqJLRCvVSP0x`2@2UshlL
zul<$(L0OoP-RQE5?OYG>|K#wUI~^<$+3-(Q+CQ(ltyloK&{>EQf#4mYk9pr;-x%xx
zm(6<%lQw%(#x|u&b2|`3DZgUnSjD9nvILYO=)ua&Dfi8wK;P>y&e=CxPjStVafBiC
zKuGLxSwzcv=C|$4lcQQ}qG?Aoap0&>)iSSvF}ykLBC#5<L=TRpha$lrIbyvxWNET3
zq^o@h#(b!1n0|)vZ<JA<tXSDM`4Ye``)@mf5S}OWyBpjuL9n0%%=v7RY!nHPT%@um
z5*`z+^nViUEHa7&{LXiS+~)tLNHs}`L<_D!zNP>KRd@n^dQ#}7VBD5m{){(C)lx()
zb~lX=tJs*%s(-Z)Z)x4r%z|K3&B8#lO{kChVJLZn0b$%WdSU4W2$dhM8bL0#?bwZz
zDUnp|Fn90N71P>!lM)|ltw`HS*`vNS7yCl}oMm7mNK_eR(sV&u)D4A~#>4sLI&*!=
z3V*v*0C(h<p<4wdn<D5|01RA`S^U$L=Y1$R%#xaCL`z88DPL9X3s)cbB3I}Ao4$Gv
zkY9wfL$q=df$tu~&#f_0!k$tm4oe(k|C(A^s#d12VXr})_H9Bi@~<!IM}9JARWb?c
z5n>4>&CoZu|0q&aE14hM1L(as91;wM_`YO?H*$5ZKQ#EU3MX7spqm6vCXma|q7CIb
zlfge<tei74@(7&c#5=QJz}|n)oHKcVNzKJup2CARQK>jUAHD6z%!5T>By=rNOL}j;
zYj*u2EJ(1N7Yb>Ue%6_w+afDo>;dsWXJ($UajtEijX?_m<<O5W*{72)uNz7Xh_Hwd
z#)*hNUi{&%Paq5-cWrT%4_tGw2JyS>tr4I!V25_JM52e2w&K$#U$G#}m`(1-{yr`}
zHVt2jWhRN#jMVXHjh@<-3k>g}U?XEVYI^&U5ZG?=$9HVcnxLUaV1F$-3ZXq~7VlKY
z^J{T^+n;+3)f$*)Zk;_6bl#wp?wwn;b=-5lQ<I=}Cw|fk46E#DQ3?!e&Zkd1Y!yd5
z?Zs$IdcR@$n1Rv&X^yxyMU(xH$!8o!oVAbU?UjiJRm8FZ7AVpjv@|!*p>Qv6?Gb(7
zlPweb=ex+4o+82O#8R~}Cp4#SM)3_(FyBw2!|J}$p7ix~<GpVkC9p}~%H5<eWKGmJ
zt+1>Fv((i+2&w_GC!6Wh@8{DFE(O?pE_HygA)62(ak+A%d~s+yW~CYGfd;XrJk)l_
z&W{56G-^Gmi(~7T2j}O~O`HsD0paBi$p!`KR>PN=jWQioG^i<GKqF{<{P<I~gt2*W
z7RZQ}M<Q4aKH&%ZJ0jQ=H>*@jIWGsBPws$@tzX)_c)M&^dO#;|nq5GyWbWxd4;a$e
z0leGO{lrWEAA4^dR%N%X4;xr0N{UD+(jlR;XcUnU5NVJGL6MSfP?Qu{(o4EK1nCqJ
zknXORjzzO*7X0Reg>US=&)M(!&iSru|Hq|k&GkHUjydKSW8U{YzFxy|;v|h(Y=<4$
zt$KHvdNo=e4YXO=;8OX-L*}sWm1zl63mzQhdxgOqnl9(0W+up|LTTzm6n&qL-a5mS
zcO)%5bjVWf121Ucd>XV366#I=0iGIGwFl^wiw}5~KL_nc`RoG{yskCC8x8d}0~RqU
z+0u(sIYC=&uwxK^sebr%o}b1FV4T}OIGRzq-nRq@vFs4zK{dY^@Y6w`-2u>9dU3YW
zbMFj^&A9KKPXT>^EYrFK+9MZbdV~IN`>Z8ka_8$|7LW3cR1pyo4<rs?AxB=G!<e-W
z=ObtAV0m{Tch>k7FeI<-!orn<i<`%Yo2QZhI-&41Uc_`OToE^MT_rz%R6Nrwpa7oY
zum?fktpVFe$}$x&0}YMs`n%M-JEaDf%2Dym>6hz#XPP5UQxmfr(B8P<xK*#dZczfY
z1Fkd!4DK>}li3Fv11J0eeKM$5r|#J{=-^63IeoCHy(nH5sU|jCodXqVb<@tF^8ksk
z2{N)DRp2&C#eBRh0#@5ISIlY!mnTCFES<6~@C4F~Vf<A|&xk=9G9SwU^=rd|z{V+_
zIV<QsyozyFxQ+NGM8M_}(s|1>r+I;ayryt2yS}cbzYINZoZmIP)ns*kf0ci~{n2Fo
z?&)!CarsO&(g2e-$>ItuBWyKbksD)0SNLoV*!b>mL7lcWAHw&UzEr%&0|`yqnT~lb
zhq70quC?~Ha(3L{P#e?!QS-bCF1g<u(P%N;H^&oCQ_rl?D=7@>+ioPu>SZ3>4yw-R
z+mQ82dgfXS1jFkuQ{T98;||=GXW2tC?Q*s6Y_t6de^i3psa?Pd;SU3_J5A6+n6zfU
zbkTvCXI@W|;e#`ZSZe-CUj)vVtB8iRjnXH)O~q@c00$N@lxYI);E1neQvr<4`}Y{L
zmf?Kr0Oj$Hx$v1W<UH(u=REp7dN8jJ3VJxAOKfxv(bd_`wGr+&^Ddmt<-v5W709|2
zjBZe1@#QdW6Qv16n6ElioFIH%^@gyx$6T#zj2j~27n6+*oc1c#h*9{AEJ<_Kkk<N*
zA7r`ixJmsM+xBiR&-riprLF_vlXo>WKTZq*$gK=M_>9)ILm_E=?-C9_!&TP`vGP}2
zEk|QsMQ_JvrLL1!#67#lwz&tMpfyy94}cQ`NbQ@<BJdvYqfr%BLA(JN)vDmXvLNbm
z5F@turW82yW5uJ4x@T5N&ptym1gqrc15pkhzTbJ^c|ilDU(YgpH9@^xR&gc}r_H#;
z5v|3ay3Q$5A($&v2C&kvU!CWootA*r32j2lzXV)TYMTD?;G!dp#D1w_1PXTQxh~mK
zrFUO19QRv-aMUWf-D-BZ7|aAt5DHPf4{B}YCd@l4H8e@eUWz014(FL|yZd@Ld#Uag
z037N<x(2d*(lM*`=|&c*QC^<HJfk?8Kmj}14q2>bXTLQO>~{A&XB>}w`om$AW#lH8
z;+hoE<rR<lB4ox{Xv5=xhFB#l>6Es+)1cF>1?V)nQ(S)5joi`NymTn>nQKy}?T1zu
zLN&#*J_R%YUm7X!<(Y%dX)4CVM3W2%_eBUK$(FFa9++ug<vpA!mHB25xE=X*G{kIg
z$r>KLm`}TtnSUidtf;DE;Gs7@={~@aR=#)GSvR#Kz?2VvqsDrZkjmCGvRYZ&VLICF
zq+x2e{u`bAi#5ubLk^&MtV+>LZujh)YQbSSgsgV7u;^uPq5OyOs`n(SWL9tA(m)~F
zhxg`(gHBjd$?Bb7m{B%0=P|Q68`M1l0q@gh@TbCt;><pT4yLUUUo7qoal8P)+m5v=
z+SKf$aeH7rHqOe($fRQf$OR^(is1Zg>hqYw)sa{qu9S%npz%{i=G|^~u2ae7wsDdY
z<u>SQ^S$oETK$mF?eL_*)rgIApu@96-PUrlq(h3mn6Fmy@b<okT5I|$E_6S1n;+Un
zL(Qyqd<VBZSuw3oBUWiZjy5p2mMd?Y=i|MNI&{?&X9O#oG2$WDf8*@ICXTA-HdWmq
z_PS}QTHX!JPSVG6cZ@@Rka_*Xv&dKY;wZ}ih&?-T6`A=-LCr?T8oa;|!Amu#?F;)$
z7rK=rbyt#}#}5TWCxiyy90KoJ90B`Mv|LmxVbtcC8EWovDJ$LrH--r<`%-4DHMQ1P
z_sF!an3j(fBj}bL3?XrqUD3VGju%0UT$76tXs*6ooE@cxiXpTZcsm1Ig1G6szzv$w
zu?Y^NWWp%VCr`dHTqO`!TT4+0gt@UsY$A0X`6OTsMQ8RJjUC%9%t}jVAS&2<LMfBu
zIwZ8KQ40PV@wW8ru9)2r$!)$)k`-!n8#EebbtB9te{xM9utT#W-gFasIOA4PzOa_i
zYCKN9`SHqfjs69jFLyt2PKCA4BJI@~N&qqcwHpo3$Qj<6IS?yYaH^M%wIGwIE|ra7
z8868PvuCv}J`{M}M2araq~oRe{IRba@bK$a)N^biAx!T;h=>y)-Q2||p^6Y4=v-7P
z=kBLOfheRdL<wrQ@f+lnitOGxTml8vQ*k)v;JS+E>7bE)`yeQ8e9b6oJ7)yLhG>z~
zD8f6X9@YA%LFC+Pc$NwwVjyDdW8oj05bB*nw^OO>5Vv}zl(R2OTex7^+nB`MESCCe
zR5#Mq;y6L~@W^>9+Wk7x4MSts9P&Zh<YaffKFPHjPwE-095UrriHvSXASw~;&?S-Q
zb3-QvJr6iTBLMPk<A&x3$5K7<vnqeZxCR77=ph|hllM35&$B?uoX7Pr#|z2Z!lW+J
zQ_vOdivTJHuK|gnm-mLIw39>d^yA^KnEaW!56yf!U3ch7AU@Y=nn?R>ESv~HTXeh8
z%=4i#gH<N)Zo{+(!+ffDv0<@pV+hjYVjZqjmwO|&XwA<1%JXMu^n-3)G<i_X_az}K
zkLZ3K{T67;x-;Fi-7x?KaTcY^0hKHmcsf!dEMlS7V&d5~DO=<pjAF{!?gcEzdimw(
z8D%JD#k`8_V&E2YPH2++kc$etqK=kdGz~6RF(xzL@#X>GVq@L~yp2FiYA!2uefh4K
zHQ<SoDdh9zLPQq}{ddezgsyw-VImUM>yz6JO4xruqJG1NS#aT`eo;?@#l#}zmu{6t
z2dTp}<JI}AzA$~H)g|Z`03CgM0-2)IFbAJ|E&~CdDz^43n7DQBZ<!2d3VK6h&3&d_
zMc^IQE+T8wZ`u~e8dbN0Cm^B>(;a~wITM-Eqts>SdvKd+f>c&zA+Q7K04!W7HFO5c
z{N}9geXUO~Pmw7Oxid8F?>Oye@+?4{0Osym1$0*|ohMGH;N{NKtz5i5_*1cD9&c%}
z;dd$CveB*sr36!%GoH2+rsH&)qr8hYlIN5io4{#TJ)_O3*8(+&p5UM#OH_zf@Rp?i
zjb}Xz&QzGt|I{D?6-Sf%NsOalg2}k|QIKMsFigw8CC(7F>Blh-kkt_3_B<pwRL9yO
zQS=%6R&n}gOr7YbX&vU;`;)Np!m*NA##0{G^;WBQR2OX(wx(SLc^Y9l(oajY+qHRS
zWejGgaD+)(ulmfe=0UOa9r(NHeM4KGDG;UWdne|Rf&|HD2k%Y3>`cMvm{vK6sp@TT
z$l-WmyxD$x=O;25!+HV+ud#}+DoYGNu~ty|jWf<%Ld(8i;`XPIIAI)#Q~@(mNj;zM
z!=<YdhEv#7wc0s_dj)W>by8BymTb5%+g~kGS(KYd)@U=OFB4(02Xta3-2fHPRGI2H
zZ;CK<ZP&v5k_$kT?HVG;!DSD9EF{3i<NEWgX9Mswq&dX{V^<4vuz}-X(|yM0j|!Qj
z^jwr?X_ZI|wuvT|@8s~1fZd;Il;<LoXKB^uz{S?`?-}KF^&6sPaGiCU&P3PMJ#=tK
z%tW8VKZB_zLwcN7I@YpF>4^o;c`f583%pFn#F+b+Wnx-|`Br?}P~aHO9ov-QU)+JX
z5Gy!XStT<7@6Ss(XkA_IigZPRf0l8B0_LJDxnV<Bv7+OHOY{ts1TRKydE1twFE}Kr
z1bm@*DGV#go0;VD#45TId?kkZs(^{Mkeg%ZZ2ihay`j7G^S7*gKCv}716Xlu9)0p7
z3lyDtbj}a+QFgMtTb?%)sqq;M+`+cBR!La5Est1ZmqXS&_H~@BOLxsw;O&AH8fDI+
zb9cS^=Vd-c@dhzu6vTwB)?s+QQ<zz|EfKf4qt(7Ch;!HZK7Jf%J4p{Dcb=KgZ+2|j
zjz!mK$B6W#PN%-U?C~&5G{+Wbs}K?@M;2So)1N5gV8>nVnA+S7q(O)XI-rs2!=4p{
zP#U^=723sHBu)da=ln%t)FPpHu>EH|2%*rp0Gyma+;qp|@$Q?lvc=?wv6ti^$NQ8Y
zSEz(~SwQJh){HAV!5sj|?-N=hH?K^g#<}y!%g|QvHassWp6K}gn)-ext|Dbz(sO;7
z?_H%UAh|5fAiV2}I{B#HHjTQ}#GlEq?(;(|>|9xF5r@egRX94X>cQHk<RcL?NeurU
znoi-?#-|PR?(3*_z6Y_ydpYFv&qFRQis#EwOW51rgDv7Rc9a2Sl_0pKpgI9|*BBxC
z=Fa9D%qmL;X?l};Yeu6IMcMdmX)fj^au?#2D>Toru^ztzo2WB#m)P-vU$6+xZ-osG
zgT-f6%arUyE(!Xo^*;?~(;pp^O@96^B65uw?-gSChH^tenR<obE$M)(3Dls8k_`SG
zt+Y+L5h(##1BgmhZ$QSRTp_5W6T&>GRdwm00)g<p9iGwtgu6=(2~M{+P170BcCh^8
zcDQ$zG<@%JdO2->klI^)RoKf|;3?h9`XXoLp7!RUgw&AZ{pr=7gL(AzVD^)`s``i4
z**D&=5kL5F4s}T&#5B@0kBAx*p$mVi1b2u#=4CW$euFS{?{Wt5!`z(rakE0^$XI&<
znxWl3gO?~*d1t}2z?k`xgivE%F6>YvgdB|~A1sAcXtzUsCYVtPm#`j|_qm4VaRX@7
z`Wr5r><0nZ@-h>(NjTpc$HO#*nC+WD9L}lzQM!pwFFBL;%ESY!A{l+rwP)tyP`=%w
zBHb=wV81F_pH&llQ(sV<bU3KP&>zK$TbersPC}!?gt2tksVbXR)6IH94}lrPvkYX3
z?o<f|Kd)zddi+jmiiTg=OL2JP=bDr@#!!e$^^|0?Z<|0|T2r<>5yg7NIFf#w1ep?-
zYm}xDWA-*(dAzFffH1*+%%bQ)<h-I?I!$F9VR)-5lw{5QF3GC*;J~~%Q}SM$ygQz7
zHhThFTx(7(G7mnu-p^3|zB}GobUS$0aXWD6McuHE<aSV)8fb4TQN>EoD?96C0Qd{I
zrvrR(_lwd)DF+#=63RJ{%+1ei&k1HacuVBs51|*VYO2ck4fAf>-t9-8<XX6$nIq?V
zr$NKrvZ_;?A*)F&XJfmA^Wi&IT+h$HLDFQxS>mOmmJgjp`<Odbr6dA#*k5-sd=NCo
z*#hDPB(fT2d=l@D)rE*o1&}36HNqW3C!;V3Zw-EC5KB;KFKO9*7`kYUw8*p7F*2~l
z7o_kdSPszh<7>l3k3Hck2U&%Ph9^9rs$gge%h>wv1`Z7}wdTXkshh(Aw^l%Ik++s4
zOCJ#LpuijPgcqsA-jP<1#-z4ovalb&uT4rWfy{e_YUS|GC3_<C!P$dAv$(1fx|7xb
zb6p7Ln&XKw05JES_MWtb(r#Vjj01`c2n5anA5s(se8?U1j+w^1pm`Es3B&8Gp~|Q|
zV^Rz}yK~#TN)dy!N$f8${Znjm+1f(;?_g5*IfZ0J+n%AvPa&3JNa(4dK`Ee7C;2Z%
z%QmP<R0*tYxA(M#esaXXGfeb4r=u?NbSVVm=%7YIrht!QN@<L+Eo#%3jmP%Zj`hQ)
zb9lw-jpW|N+oa0&pYOt#;_gZA=%hR6*`kDvWkhTAGkP&?!|uc7l9S<iZ}sPlcRQ|K
zu4D9I(k*;iIJ~?-ji4>2b_fu0R$v?;-UxO~*a^+l$WF{8=(3SpyL)r7!%b0!YW~UY
z^(;~2YtmxPG$}-WWtcqM&Fj5z4XqoglnFDij#N=aIaamYn|HA*;s|eb0hFhmK-Bf_
z8M{xn`yU)|5uSicCf97D#F>5W`);HB5lk6xBGH?I>U^ts0Cv%k(=TCI^c7Jo-Ni!3
z&bRWVvK?D{qx3wDmK|Q^ot!bUQ(fB$gr%)Cj(z@5^AW91d6LD8QVlGvSYCU5WTAU2
z>G`#&c2t6&;%>WLaiahxb>4YTBQL7Ay_czqaPFUdJ<G(tjC1tN?V{vJNipN6!0YFb
zhnEK|#|R|#H4VMKzbnPsg38UajT3?Gvvc2D9(Rf*9!#<?_6+KTPVPN+qk$gVYaT&s
z3U=r<HCW%Wu1y(iaRwP#+FkL?X|PY5Y!z{(LcGz=?(N`%m={B%vAX0ZkX9wdXQ)BF
z49=w%$=knpeQ=ls!@n^U=H|vbr^!@7r$aR&*2`b_*mD&Iwtm*NMjlb^hIL-=R&d%q
z8~@B_50criTd|_Xh_-(34wPb`<Ev+<si{ux0SxH57q>|>+RZdTz4W|i=NmxAvk~7e
zR9gF4Upo)g*Kp9=kN8`&&Ga&426WTRQ?uB*3(n3MpCw;6^N-$3ew#Gw{5cd)8DEC)
zEFI#h(@d(QMQp0@ZL;kaw>&nMl6<o`<LPBV@~Zj7cvy}Zj(A&-E%#eY|FT)R%vo$6
z%4ynA0SQ=NN<4NUl9gU(5u#)+SkF-toFbg{4MQom5f5-AqIyIhJ(eRnsy82EzGF1p
zo<Ehu?w$?UsCv5I>37DeTCP!tbU(8d6o-3ObuC(3;fV)G`RVqU+uilaFL${pjsks>
zrxl~*M}65`e0bM;vcb`qDnTEW@JVFblCG3jwCcrFU)xrP7z^hlLfaYhXzGj={%}r*
zp_AS)=qw%3g^a@yFT#N~^&H(xE|tVZy5ojmOOxQI5`u;^s|b|Y2k5#TUmSpe%wEhs
z2Lar=xvXVFd-79<VvmdREVaH^S{s9@k$RD-C{Tx(CpC6#kqA>eo>D_@o11ebVYei-
z06gf;bx5vFc~Jh2^k7f5CEy31=;RRT2kE9v*@7JV;Au7c<tox%l4Rq|MfA|^4NshI
zQIWSTc*DD~A=JyukvA&^T(kn;je5&*!3ZC*NU;lq;Kas+IISr-5wyXErxmAUL}cJf
z(*@e?4E{1BSNlpOI~iLU;GH+S>SjfT`?T|YuSA8K<tFk>(4~uGFl}%T4PxMhGqj<!
zOWBo-#b&$O&^G0{M*VdDLYd6+p~mv?$)PheVGpYxp7eKoGNi3Fh~bZFE#)2<IX?na
zoS3y6C-{M@)C<2HeikJkZzK^Dn>`b=nKbP8EF|eF!aUX$u;Y4Uj#(5u7?wHN7jc=I
zlUAPjB!Dop&P+|V9gu?nfSV+WE6lyU!CUQ<E5RMXk4<n6!*)dWnrA98=Pk5cuCmx!
zU!h2&9Uo-s_SSZHIiMiAFdJA%!lnU_m3x5LgmY%C#FqG;L7iy}1FRkP;pw2jS!ymq
z65HwM^cZ*@=EL;UxkkO$wvmNoH1047wFGe@jiCKFSk7uAi>TGrJ^C-H37-P96!mP!
zE|GKJ&u_P45C;WV%CwoxjXK7*Yv)RbF8K{zsoDG7os~dzq{v1d9VE-~zD6r}p25E~
z?P{@viu{No!6_dm2ZsAORgybj#2frPkUOM{M$R6i(}8u%xecX5ecI}7B`wai%QfWW
z=DW|B?Rx8-*;q>wLKv4ff^-o*HG8tw@>+mv%C)$b7n74Gewl`#>M`Lks!=>Slj%`7
zX3A-5I=V6d>)<@oF~Y@r>H-_UgQRJAQMg#b_E%VGuZvhVuV-!|M~rqdt&2Y|pwy+J
zo$~hp)wrB?p8%GwJ-D~gtT5MAE@kWzl~uecrrTUe`v9-F-Kj4@SqzOTRhIFZ?q^V&
zrP)_28(fzou#;*qwYqAX<D*<7QzE6k0p+PH8;On=?+IBE#(Y^Aoh+@CEUS|6v!iXc
zX)=3MR;BK!8u`?#VNHo=8@q8Laq^Ce`s0)4X&=ts%W4fW9uSJGk_fUeWFpMOUFb<D
z@EuYuX^hL|bEGp`up)$;2BdlB>k67}y;}iD93P7zf#uWH3j$$u@A}sI^4IZp)KB9x
z5qgW|5W=#U>~>?!w3n%)g5dUVE>oLWY$*+(^12Au^trk$lsVQqWR&}96DIF0v-_Rj
z5U}r4b*CbAth#oIlrQ9N*8Vml8=)m3g}591BBthJD__#A;xA;qs*lf@r!iw%SbnC>
zzQNU{e`nvgHH&}<rx;uxs^@nR9uup{t7^2@SKXyh>$|@G0sDp}p%Op%>E1=_{xONE
zPAK2%;>%%vbxaEOT?@cltVoT!O~n)K9_gad)*7sKwkp*@xt|a)JXMM_7|2fPSG6E|
z<lXg(+lPy`l>lX>&_ngAPp;Ne@i&bAUE7=Y(#93sLyHM+7|xU^IBB)-@8kpiH=&qg
zRqUg52R)KE!XA&1W5EI_!>y!p7Y!1Hz{sKn_mVX|r$y2xM(EBNar|YGN@DZKTh;DJ
z^xV{hgK`O6Y;hhnIJB>4leZ(3KBdMxT)J(q=%*>Ia%<e6D)UL#b8y$>tJ&sZq7r}v
zWK%_T9UpwyNceAi*#UfYSNy|`O|B7tz!rBli0wlKJEA*bx{pwHB)0XhXYX4ZM&A(c
zaKj>IS6MW?X8ZVV<_YiIiw5dzryJ%${aN1oWO}#yZeU=X7lvV~u$313i!Nkm(oCqv
zb|XhiUfq#aeaAHs_YgAR_c?6CQ$4%OfLgH;L3c;&HQO=x-lvS9y<Byq?5lh5N7Lz?
z+x4Z{E_0VAX}43(9iQ)K&ysVMGVzrzTcc6U?Cznjq+rTUUDMitlHiFHh4tBam@tWn
zAgz(3SktlzB_~}|LxXs|I(&E9_brNJt&5_R?GgOgjCK3wXsWPUM@G?X%1RdF8jRi0
zE|GgMIW2LeUVSe+Py(mBCV%&{j>9_lP$`@E&BdGLqdX5)bOw{y-}p$FT~|$9dv-Ql
zlfu$vscpb!S-q6&5s`8VzuAz@RG^Dr6_cS}t3q!%DC(P+(5tW$%y%w6m{Mewr@n6h
z2@BNN%Ls+C^=rv^$CPdi6^HHDQOb;rBa-8UKjOm-SGsql+ZQ>))wfCM%tV*9+IQW{
zIeX2|Ljo^j&-fssc|+*O0<hvI-Ov4uOS|TUZVq|_BC!-;qlx+t6ok2_zi$<LKi%E!
zd4=NHlyX=kdjbYR4ZiewK4o_c2sTHjbprM8-Vh@;bG$)hZg?fOc*kN+lUtD7W9cet
zyWCM`!aK$dBF1$^TS#3gSh{{!nqDEw?sz&DO7YD$M?dn#L~1^EGK-FZZHexDU#>|j
zx}#s*eD#v?ZL`zVeZGQcc{2hrg^f;O#yXz0WvuM-^4$mb6~vxifn}afDY~v|i~4Y-
zDo;7MV5aUuCyK*gFfNcmA#VWn)Mv9sc<~WK1EB|~DW*9W<*k8rz`(1L&FUWW;cjvm
zlNw0m@N}?8&x4Zycaw4)rNtyAX58<Gh|xWP*Neh5@K8u@p(-}KSFNzc@yOOkLLW=X
zi7B;3e>+6?3~h?==$QvI>$u88K$6f+d1xgl8QjK_-h>(*n&Msx2IW5lV7syl#1@i)
z0HMI57)QeDD@_uj6T%KcD`LA*ZbF>urh0QSc$*ce+g?%XXvlV|@piB^shbfCbnBZv
zS-ZEhIK0{-T`|7Z?Br-O)@S$%H7R0zt<_OW3|TczEk7!hnP5PqbMA9OXo919VA?16
zlL#B#g5R9aav9B0V$W17!G2RiyP!@MDR{f|&^X*b*V<TuaoP?qx!he$wg6OmLX4yx
zyVa3_@zLdRi4w5flnROpL5jO+t5N3yQLZcw%HkmozSXnqs>Um=`p#68?jH;<=hFaL
zb{*dqbMf@ZAi3Suoc0H1Q|~Ycb*@YgXY16LG}eogdT5S@4>jofxVvoocJ+zAn%*Z)
z!Mi3^>yyi7iRzmSE<?qWR_V9T?~ocZAfA>7iTV1FcnUwNQ_!ffiPC<EBd23YYetR6
zn$GVPOA_CC7dxFgN_YIOg^z3`jbYvSw$#E~<bi`!nqoCkY50vy{gibP=53-nuIlu<
zB9~+&2-Ax@(~Wds48c?+$$SqUQ^sb8f_pgg4Op@P721_DuV>g3L7ysS9J#{QY~Wf;
zprF#aoMMpw>Jqd=P<J#)GTL`OVgo?+YmZM^fW|ba9i%bPwO1}}*?bWsj{JPB!Ogos
ze}L`A{M5<zgIEP(vyj7iR+bugNz<QO@Z;DW`=avNyKvL8{&JQ>OQUMOu)UD}x=MLI
z0LGlVpFa$gXX|QCO>STAK?;*#y=l5pRM<X7zBBhha;w10N;`1uX%2JzE;3TB(;iAF
zGT%6l_O?YCoH>JOt8!aA=dA=R&i1v4i&?JInnM{OebH3{W8RC=!dFXR`zWrw)XXw2
z{M`GKRd;r&PSg4e5V48{U!TuSeVH!9e>38lo=IQZL*IRov=-$Y$}rImUk$cl*6!WT
zU7XdM$CJ9FpOtIHF;ejcbt0LB^+*g8x1xtVJ$d@iu66_;Kv7PLMlE#DptD0G_U?^v
zNvUXGMWE^p@OL3Vg5UM?PxKG)2yyQ;W6C+MBHWP>u9SGlSJ~JFlk_(8(a)>-t26@d
z%Sr{Yk^QL`Sosdaj>jZ`6a*(=?<Y?!0&eSSfn~AD_bv2=Mb9r4fLnIN62dRc?7pi{
zeLXd*ztfs}LC<OP5E`7N3}e<loG(}^-nCZcskaX^q}VV!Mg4WH0A!u>wgoRvf7*Fc
z!_0>B&BIOM9P#bjM_RiYyQ}8|J#e*`AwiArDA|`qYKhGjj{!`EA**!>0(LzZG!prK
z4+AQ<<FmFD5n?CZMS2+D7P>Q(+E4Yt&G}Xj=|5=LpXpfRa>%%LAIrZGml(?lst0@*
zNBHV?HB==(>s=IKzH=8pE$M1#I4nCk-Xt_==pBQ+`^-gH^<g!LBgZHpxJ{wYbs}mr
zD)!5JP>C`*l33yZn*?sGK`!D*5%e*-Mx*G~&KIv;+cS(2<>A^hWzrRK3IpcEP^|a^
zQ*^MFJ}kGyx2bMDa)gFT?Uv9R2>fv(^a0o#?{aK#603p}j!(Zxj?|pms6<%JVKmWg
zjj+u2_SQ%UwIj>%TIf|bW}=D^8nE3baek5#K}b)@(L^(PbLUzU4YzuXYGhY=aDksu
z%^@HdIHUqUa;PUJrX^|mwIww}h+yqrq!9Z;9oT9?fO{;KESsThWj$ce$X~N2NOFU}
z?am_A3+p{gqxh`DW&q?*uCiow&jb<O5@+<aWrXOvHI7CPAlZ{M)WrD#ygVx+7<ex^
z0AKh9Trsy&>1bTAV$8Lx#c_ROqKiMUT(<`y46ks&WonDi-o`QLChj{&<SSqG;GJkg
z8mNN=%gvj5Z2~jK4q>B?V5|omywKbi7E!&9DQHfz=B7?|9(axeYYcOL5}C9v_vynK
z#t*`ukN;eoBgaY)i12r@{D)Q_%XUM+YR>P#>N5aXONRpqV6?3nvesi{jc*&g|6#UA
zPmj|;!UJ?f)LT>X1QgI$PyF$#|FU+*KaoU$R=#X72e?Zt2q1V|TfHgju<8#WpTKp9
z0FU-S^yDj>`_5mI`2PeR3MfB#cmPmXqwi8>I-tfd*GPUCsED0}3D|;@A`l_v2AeTI
zw)o1*xo;I^h%IC??t7Yg^o0fm=FOj58)(P80)z!K5<ngG-a-@;0_*qq&PNi1NNrRC
zfBB4mA~XQZs)Q<0@Gn&Z{tVN7K&iU={I6t802KcZ+5|wC6>x^w189>qM;mE>nT1Q|
z!7NZ)0siEZJuKTy@IGh0E9r<q;ho1{g2%xE;&}##y8e{^cuhvk()fWW_|KV$Vl2JZ
zIyhR+=lttyS(Yb%XGi{ETK)L|gNgI(seEIwg$;g!`VHu0tFXJ$$8tYu)n4Nq^7@^O
z1NLneJyQsmJ~<q<;R!fP@4sOt0eMdAVdd*{c*fU%#n`ieE*dvyz~mx6Jb%6eaI+2H
zbydLRo&${XvBqn^&JsIhD}X=9HusJLfd-CY@;g=RtD4S#X$AiY#Qx9J3?Notk|uzt
z{+C|mGWBDG_3CNjp8($@7_JBBB}DHPST=3{Ar%q*u0<kTFQTyk-&nkK&$7#Hq5{(7
z`7ts7<eC4R7U0ixM|#2+3G!xdZ*RQio^!WO9cnPeA^>UCoWFQWT<B?AQ#262Hha+t
zPX&u-2rwo<mC5r8NMgHKdLaRa8ACGdUzX&>M~ySn5fdv|p>^RT@Au1I4JuW|%2dXU
z9>3YV0MKK2D*27zwqgs21c2?_0UBETd-@GuX$h4QRUX#DCIV`?ruP&JwV3~e5TxSJ
znD@N1vpc}4rGuQkrckOfE+Q7Rj<ta#P!375jMZ9iWyfnac0BvDK?-&BdmQJ_?<Fa*
z0DCw}GjwbL6A+UOzB%NB*%?!-d<-e)d3uM|cR!o&SH!!>^k_V~>Q}-T<B_APk;Xmd
zIxP+jjyrR_>)lfwEJ`m#VXsvI<<ZsX8@Mm|Krf?;Azwv~wx`<_AmLmbF53k!a&Bz?
zj*od#Si=g(b}XTBqzGy0GEpByK=fPc$@~vE9z3Ov2_^h`H$&jmy@Yb&(+N#Cn{`#{
z_%A6F*PlI59?}1Ppg<%Kk8|2V9zhCoxjboVxojD~Ml9HhSB?Qr8kfokL%Tv)wpd6@
zvS#*ef8&={0O3hg@NJ79P*38{<r@x@<r$O~-JH+0SE36+#Wp0c{&KQ|AR+w4f)Ztr
zLBFG6;qo^^-V|Aqt1>tMTwgsR0S)GVDr}suh&#=;a7$d;C+kR>!5eCtdW!d;_tOK_
z-wpbh^1b#{Q<U)dm;<J9=G<#BEdK{&7D}MgE|1^$+et}52-_Z^d{z_Ct4beg>x<ox
zz|j1IfWvOjr;(2b+HT)Mt@myimh;=??>}IRQU=WR*r>LQEob>E;fm()*Rtq+NNR@x
zFBz+Mm>fiQx7WO_Y<AXA=W34;U(eyuj=bc-kp0b~v#zvy&zplx;*VhPZ=6j;A7$7y
zdQrMuE}1)9%;9%0+~ECU2o(d9z0Sl|2-HVBAGRGQC!*&4&1;DsJk6``5@X8=>hSR-
zDIi4f2NL-bL<s)_;TEz!JUGQKEHMz7bY5X8b)?4s${w;5>E+a09h#fzZ8Jobl9Lx>
z)o+17Yg}7N=(|k7fw~&}>hFh<yLubTKgCOM$Ps*eg6P{N=D$c%6=I>=7QymwIDU`g
za3BDl?j2yWQsRB_bb%tgE9^3#55T=4kemLqR{@F;x2msNF@vlJ?+}#_eE6R{FegIT
z)YG(HID?zVO!CYj{>N9^1}8X|{9b9TX@Tubh8IdVdf;TjHKp+#m@fb8RN(_JxlH@J
z&3@$}*4MK_<2FR*IDf!#HxPhXKwM$mKUIP_@RZA!{xA>$U~wnciHy&mau!vK03`bc
z|K~rFimyhW@&KqU$dN~HtzD>i>^M+lq;umQk1!;9M+E%EKOOUUEflg$-k~5leBuFF
zLoYz3u08!hAR5g51=nvZ;jSj|X^)yeXgH)`N4bj12~m8F2}wj;J?faq3l~7DPW8KS
zLCAastm=<zF@ps61Cc*VS3p1Ias53-Th;|4$+O|w?0`$O;HleeKvTfa=I!a<t>~3&
zFM(o@Ez1>1<)H&o<(kGTO1|;O$f{Qy=RkpB{v5>3KKDBYC=}oVZnh5P$~w4vVs3u<
z_(1UB${z#|gdo9#|Muj7H)XqkJMts>`N}4GObO;i2tk190uDZwziVCq>z?gX+Cy5%
z)o9+h_f<ghK$(H{_w4y7dPv?S(DzIK1q}ZZo>P8cSAuT|{(cV=oe|HBY<+b!8YCjI
z4}gG!VC1(z=(VH$f&A#VL`2u~tN!H^NL=EdGTSLDf$qV(Qy#xJa5h|ETmS!<7vNNI
zbX^1>V%52yP6hI9|IA&zh3xS$8Re&6b(pZfh-d%_NV0RMy{l!3EFg}~_G_bA@l}Ir
zD%3Ap8Q)zgH#Cc6cYlrhj$ot+Kwg5#qXZ2i)OxckkZ-8v5qS*(=e{%9z@Kk@!FK!m
z?d5-BUVs{g7YhSEi11c5dj76m4MKd>SFfD}W!SAW<}y!0p4_+|{p->Bj^eAV=)db>
zfiL^p?d5-DULGSJzgCKV2vXfsm4DZ+MyT<}o;nU`n+k=8h0VG1MTc^=^Msn5`Bld1
zzk2fgrE|slAF!AIiFvtFNqMaS(*+8MFa2G+8i*hf@m|8d?48Uu3n^2f&J1?Eo9y)x
z`;}Yzw;ejbm;LSb@;@;zM~JA2H05dWK_XM}{_on=;8tV0;ssPDkb;OIF_Pbsy5A|h
z{#}PL2&n&dd-)%km%olDS#lwqI;0h?2>?8IhOOrN0y8G<s!lUL%Ap0~F_etzWjtws
zLa?irb-j)Ba8A+S0Zy#R*ZPmc0QL7m;EysE6is?Y;|ph$tkgYU>r~h|uPE&Nu`ZCI
z5->!u9|&pXOjG_m`d$eCJZ1}R!7*ED_^-t4Y8IVxnw73t=|E{b9n)?;S3$AJTu-sY
z+N8cIcowH%p$Pd2wBP##gzcTHS@Rq=24PQ0^bQB`mu^8iO}RLr_sD5#w8?Bg5PKVP
z1$R3@<a^XNOu&oBbZ|s1DJzFA_3`Rt<3twnq;l^Wcgk2!0?LS|Jh9KSH-_wj$2dcT
z?`9s#U8@7Ztjuz*KsOEFMRS0lHN_WSVG4x1PKZ)Aq}Se=s$l1y<$dX8x^liN#K<hA
zZh!pwBz)lzg&6}<3c`ibB!zEv2r)>y;wD{66q0;@v&Qsj*5^>ASVOUU{>LxyybYm_
z<qboT{iv>c5r6=6mUH0ngB;YwC@LYCIpb1F&GP`4+o|M7JL9D;`eIfrfd12K+_!yB
z{}|$SR1g%G)@x$@VGu~Jh7&YL19CMIX_tFs+aY0iCirVc|I6oS-G0V3)vtj;uaP_j
zK`^9{dXNDCiE*6A1Nw;10-2A4t#72L<so!{D2=T*gYZuk$60X@Hm#AU9{%D%)dw5u
zaP2bRpYMj=80H72`Ki(~of;#fa5CgM#M7Io4|W5spQ5ORt27T?7j(RXJaOs3O^~Nd
zXhN|w$-<w<bKgoK-{gxy2V2peTz!S#Oh}A{I_ocz*DK{bmEzd^?G@7EISJNJL%z)f
zY6WpYmEaO=pb~o3vLEW@*2`6d!L%1R$FVQa<%QsAl<2cZk(~eW)g(@k`gEARs0HWF
z_p6t#s|fr%)upayU@b%9DVg5O8H+upkAK*2ln=BpHBwlQ5#wa?z&w`0wa<Zh0CBFy
zSgw9-@mZcClApEIByz|aU<q6lAS*d2TYlBEKhQ$?$G-un^L&s(m*sB<+B*lDzQ^Yq
z<F@-QEpGcT3I8nM&5D2!h|7oGS#(_r)C}^EgIpN0{nNL^X}4z^<BR&hV{v7Z5dM61
znuAwYv7w|{g_N@oY7+DyX@TnCWSzZ$#yZtH@iR5OjXn)BAfV%|c?&FK1(e^DjQ=ak
zIB?tUMsgW@b#a+?z3-1m|0Nfc;gAXk3Y%ubQ-B8}{i&_<kG}!h@9ZRj2kw6fRv9vA
z5c`9ie^Oc%=ulXYD*2rKv5PwV4?IE!kDvdKswxu!$fkiV5)3|TaF-={b=vf2+7RUk
zX~GR7X5FD1XQ;yb|Lsx%3AX>$rIIUpSq3%00LlU)oH?MWx9sM?RMWa^A#Pqyrd27D
zb%cL!3@>oH+aNrt&APcuq3iH{FXT1Cj{nhLy}u7@!M%Ff+o3+Xv^{*`5@3&*m1t(X
zHVoJfIhNXHorwNbW{d}%4u25kchiu@05uy6Aj;%-n)SYegcAb*Ct@AGaFz`RtDV9p
zu!<yiuH7xL7_7r2kB9|Ea!@p66ECspfMZp}k>B4u<eYA6G=s8O_LJR|qFW#!^3D1t
zB>J`gLYj1S1+52mY)3aLUpjvI!A{jL7s}Sa6^u#|IS_+yvVOmf{`So_EYv^zCQ#}9
zedB>|@0hEPFz9)I73#`z9wLrGZC-GV?E3p%W8r*U16xhPb}~^p0N%s^^-DS1-rj!D
zre<?Bl9{>MM)l#<Ua0T0YJR)t@a|;(2*hIEtd(@cy<RlkJ<@X5SjoWdaY6r}&ly-z
ztM{Y+^=pV-pt!&|6tSB8Uc1KUz3tlUQcfaoZZ7(L*%idOH#|EBJwLu87Z4YK+h}lm
zw3ZJQGlhO$go2u#rEBdQAY`#rP{VuOV9>U6&2=Yof2((dAk*3giVtdvK-U`B2p}0h
zqeGadZPtIPBwKG;^05m0+8X5%MLnQ|2R&b@WuAYZcoyoP{0TJJD_9Ai2NV#fjS9yk
zqS#H0xisgT$>h7mGjN-R*!Jglw|q3%@aN_ZOL#><x`nSjwEDrVqZbP&XD^Q4x7bEn
zt^Ln$8E`7;2X7}*2y&IdihCPB0kS)C2@wDIRIEo_(&YeyR2q`w7<jbTmA^-`iyqFu
zA(AsFB|LbQb^*{&BboS%!{q^Qx5iD<VYZ!#TqpKvWZiSoc|x_#*yo_RZ4hg5=`owJ
zYVVQ7y@j5o)yVxAFRSet<1|4_4=$PbWuuD8vp<|OKz$WK)kQ*<YoP08EzgTzPe!m$
z^PC|d7kLxk&W8zY4wI5$fOB`nleD)iEU;ZmSpp45=*1<{uLlFB6h9$Fjp3)22|E|S
zvqmj}rb#S<CmxMf%^UB-SjCqSO_85c<Qf_MGacrUBYPW8w;3iA0gd^2aPdIlL^0@d
zvjn;y@`}8$nbRhh>1!{$ud+3(&`dX9=UO<7_Bl(a^88NWZsxx2ee2dYd+`MNJ?bep
zhbna|_725nDU!fDbdtwzp|C3+^L5x70Ii5-2&e$vpn!_ovo03jODjO&As?S^PLUs|
z8DIfcv%>vVq9-N1Vb4D;GZA*4g^vHNOr72O;3=M|!Vy5*v???ovKeLqEAbrFYNe->
zVZS>@js+S-$?$B|>n^y_APoBRm>~6w3qbj)aDu(rZpf?>5T-G$b~K4_#9i-2pby1;
z4Uh=&<lXe`ekk_4b~yHvg;i2E_Py6e&qz8YBvGxrZrgPx<l!#?eU3g{Us&ND-pW`4
zyDn3O(8U*YLUSb^dau+VM??uwZ7vx-TE`z%jEkvnYqchhRRWIlR@)lbk)~336R0{~
zVh;^1VLzRp0sc#RAT}CT7kgvB3|vq~h8M>Z@bS<<)$N0pE|5Q!f9(!0?8(|2x!|P8
z!)7L~=lJ;=8Ceq-65SQAtpx9w_PzzWD%E@f-HEDA2T$=mmxpNe@@4m?9#}o&b6ial
z=4C4ZiYoIxdHn)?fc?50UC&%zV(tV89{7-$1d6J}{0%>?U0}7{!x|BlLl3tN8Ky%u
z8!s+~e}ItdA}~z>&;;yT&<0HN!9901BI?=IzFgrTnUAY7rG5|%bmXl1rWR6)7@%`B
zOhGp+H=x^+H8Bejz9&Mh(m*5k_0Ei7jTP`lNv6G2vrhu6`%Sfpew^jNX9t0RHb{gQ
zY6=IB{dPEmmN)mXLHYWFs|U^N&#e1kc`om*8!yUU2WlV}&XMo*2-huMMk<ty20~55
zB+QxkyEAwxNX%O*TojjzV?^fe#RK8~sfeA%=U@+I=FG5$<d;lHkoH?Di=4o#a;hXA
z!j9N#z^jCmEKL1nBpq~?H=E6h4Eb(yJJ+_fe9%5LH#T5yYI&l(KZ4f5?@oOOr5qqJ
zI_o$@z{EJ$LNLXcg4t_zbZ@&@Y=BlwE3Oz&AnSLLdBDjzu$Ezk#h}1G?79jjf)das
zB$@JoPE~xc+U4`SsHHYb(025O{esyOI~k-cduAp8$ct|x%gY?<H-Jk~DVXA2Y<-mR
zi4en|-s_mdfx^#M$2}bki9)kTalk<MM!n30FxmND525-{VMvZF@d71y^Iz|tQ_YXh
zdteW7>{s&h(1E=bNvi-gQ9Lba{b{T+1IYdZ(l<Wpkvf5K>2J=9gqehDLs^A1h^KsM
zk2-m_>TGl;r$(w_WhOP2Ljw6_j=%;^!>vEZ)=8ieB3GOFnMq8)Tvc<A?g0+t?$M7A
z4mk`VPp}n*o)v5_FglA4CvBU7<24_Gj(x>ZD8>^{%f5cw^L(Lj%JrJhQ(dRe%X>h{
zfqcO-U$@KE9-MVCQOzLRq8J#bhA|Dw-Ua08t>*)AyCon$b$%TLIq3;gK-l_pR&D9i
z(t3WRR39*w8VnB>+gm1mP5k@2QLtHvJw)HAr*6pJpqE&hVjaGe93RQ13fiDCKwZJ~
z3Zfk{+pI5O9pi?y6~5(Omx!SB_FZ&{j4+Une64T!1UM39D7=L-izH1`6OU|6CG6zW
z(GNsV+cfH{;rVdQp1(7;o^FhmwBB1)f4Hu&Z!@p2jt5ke-lb0*KVP8vPLratyUg-I
z!5Hb{rJH+G;Z|xKGjaZvR^>aTLB{k5gT9<(Y~8NBJitcMuKW;*PJ3RjJVdbzwgV<P
zpiWf+t-A=*{{6kh%-6tIO}}05#H5~0#jLGXI0yAOJG*Gx&8@scHVF(zv+c?7k96nA
zF*7P~Df$O+;Xy(;tBU{|>CT<Cdquh6$e<gs$h0$5%zi9dKhYs0d3KvH6oZgA1}_xz
z^K3fDGa%bMVb-+u4C+YVJ;H3)hr%3#+GcAmmToKnu2(4VoA_%oK6(W2c+n`BYa(yD
z5<iu9VaqU%_{9*8okL~&9=v0Z5p!osXN}$fqcu2uQ7d>37;UN9RMUH1iCB_8&;Y)H
zt#WMKU;Q$K>d$pm?j@15ZS%)8iQS_At;=)t4Oww(EDLn@Nt^jbo62%*jr-Tt=mD_w
z^@&v1wZ36Dp79D&M=1IL=l=uxY?(5$>*c#EU0gZ=kYdqX&yzldP)%GI)bWl0wC~$v
z8ksu9&%vLjoPRxotPc1wJK7^XbU)1F#YYhw;3Y(`6o$j^vCI(5IYDB4c|eEin*yxx
z$VuB8AJP%4^5O#82wVU62EA;?)7%EODwCscoYe81ORo=r7J-cP&tUfu=M$AKQbvg2
zbAq(^Rr+V%`h-9=Ud%C7y%*+(1j{w<fF1zZQ3Zs*_CWg?R9kC%GBE?}QVEa8&!qAS
ziy~ynjKiAupq^4g-!OIu?kv_<bJY7*-WCA=yd#I@IUh3r^U$@VW=xL-sB&9=)OGrc
zQs7}gg4P$T9GL&CzIF+cJCB6u$6O^{gOXGe*}LEZ=VyZcwY$;Zo+X01_OJDxf11!A
zu8@4gcm3n{z!Cq~lU)!3_{0L3nu9Fx$@3q7#7fW|u32&h=&4cU!&r0T2cURX^q_2`
zKvw&6st)ezLA#AmVT-)0hz=Wb&To*1kNd`pj`rj18OM*T%4ajwuJ<y~h-f7mzQ{S<
zx3}-)`T8{aWsbKBv5z5Vo{kcK*h1P}UzknF*nN0?VQ2pB?E0FKv87OdFFS+-#qHlv
z7z=|=E#dQI`o+A%`~$il3YXqKnFubLC8$cdIvB>fcFSiK17CcFapT?WC*c6T%Q7{t
z&K_jcRV~adt&(js)oB|u8R<0FZofEk^ccqJu$UKQ)QJTtWq$r;DHbEwitgM@@WDEP
z$1Cm`tsWH{8Q1QuwAikyEGhK$^Vl5sj`E5>Fp(n=Z&S#<ZZ8OPukOe?d%|B8mscFc
z;^7$d;8uc$X$k|f@HF<7gC9wxi*l>g%Sg=}r_9t>-E?mg)}HMt(1>vp?M8!SXilxf
zy47KKxn>ZMW3S0);o(^C?b>WCjZ`jFdlL^r@{V{m^zb|1e*enzx?`4zu*q3^#G&CH
zvb0vlU2+7m&Y(YyWDz7<Fc{8lMR73P?xxAc)>NcbzR}<;)U`M4i;T@V@a_lC_fqC!
zOXc`Y1%(Pq8&%{lGqwbZrVC`ewjHHA3&n##<?2$FXSn-Epe@+yurr@Oc#7P<rF4I9
zhh{~V?A5_+f)RfUI5Ee<+1M$^BC6J1w1g86|298<uu`|$4^NtlB>A=;H_zyEwn}#D
zecsL-3rO6Wj)fQH57{Dbk~PSDn>DaBIndG+mS9rXA|Da*#h_XdT<q5o)0!*(qmiII
zxBx_aKGaigM|1fqmKTqQTMf-X(sbd!z8ztK)&3o;Ji9OR>-PIep^cNDu0;l_&!#Bg
zr@ES(Rd;lAG~qpDsr@kUB;_o*)b>+xQer@lN1$BCRH>~Nhvq?t-_pH+4Lt14$x!1W
z=JH+BeM-yVu#e8R7~iJwBQYhkz}NGfMOTWtT;Q}0-%Y66H9r4duggO<PipOVNVJU#
zBOULv`<a)Szfb<rW8L>|U+_m}OS?77RE)D^G6;9Oz^9$TQxrdB>7}x1w?lZ5?wov2
zCGVJZ-TMw&rcyf^xmt)~q(drUYEHzrBG;6-Z%}<RX6#ECDBwdM%=m*xdG`HLK$~t`
z#BTbib)qPzGA2#F@$kZs<BnmKfBD2SdTCEe$w<EWGO&!nE`DrxxWz&qQTt#0J|M^K
zkLUf5zt3oWc*1|Y>X#W3bfuEF4G9=L6OWVDy+%NbrB;9a>OMu&n(EyfG~d2oGIPup
z*sA1<KTHiprAZq812TTc0bZMx$LfMM%cE7BInCZ@1`15H)kz91kn&bjO{6Y<)m=5_
z-**zmdBXRV<Ig`JpSyqo={vv8wJI%Q&Tm>1SJV^d>yA4xZ4C#oQM=S%QRzl$_@(_~
zK)669=+GyluwL42kefd#PBzG&+Bsv$9(op!o1wfzE|XRsYi80bInyMJ1`P6~uvzxI
z9Re*efEBFz@nqnS7EfTW>1l!sJow_Kyv5&bKN{NUk7>XA59oJa%7b;%)1fk*iq`N$
z7K&Fqh6(eE`w`yf`e_&#rzy`&Yx-gIDqaRte<In+Q*b7h)xw~pQt*Pmh?Lj&{RX)O
z!_z&QZPi?ln*}N;m2!YnI`||l*ebY0zrHB}n3G3J9s@SCh;iHNtASyvcPE^7x`(Nn
zWq<i?>@V2wD=F`0m6Cwnr!T#T?{VO@-UDza%3`CflF|?Vy9b5#>&I=d&S~W*#Tssd
zCxG1I!4s$euS6;R%O`IWAKO^qpSDy#H=WnNihj)=+UVjD{x57uL07GB9t(2Y*iWH-
zBQH;3MTSXT7-5T`w7W0--9th%+;sxXu!D=5p(7@B<|Mm~T&WD@<xAel+Lh;lZ>PA+
zdU&RDD5Bg%85n%IFP!jKX})I(CeE)!r0uYcT#*7BL9oG9nhrt9ECdF-PyVkC7GPPw
zzn)nx7Ljaz_zkYSy{h3R>Z)bOi7)Qg9XCXWd*CWH-N0ex8-3~EEx#G*Bb=7XxWK?K
z;cm{N8B-M8!1hGdC}$2E-&@+}i+itDs$Lj@WAVwL0Xt##U%9#Omeiy9&kXYmG*^Cv
zqQ961B_^01_uhx}kVi=Rw+HL_KReh!@qUy&YgE5c^M(=(nCaYKg&E-#U(XH5ZvOFx
z%Z4`Z_&q<L!@Ji5>>Wxi_JI4~1ZJK6w+FNQKRX!M__Sa5y+c={uG!TcrLFi3+k08h
zL|{+E9lXbQj-K%6sdq@QO%(YWw~>N_>mTm>H*=7OvGI*N?2K+hA)N;TD_$Dx60d)M
zFw+04gMBRBxll)Vya+@#krp3%RlYdNJ0_>9Nu^zGYb26UALEb&-niK`GWp;3Ex<ie
z=-y2Rj*2k$@L=q-Qn*KsTrCq7yd(SHa$3Lx{^`K~`-A<*ol;`{t-kp`?$iS$Zhxbr
z|BpM3dGUAp=Kp<n`oHh>{#Jkd9~b%`7kc#A-|Y4N<3j&lulFAp`j+-@^?Lv9!R}x1
z2Th_PivTr~vRVF@oEzJk^d%v)nt8d?68XfNql1=qWs<qQ2G`?w{-R9vtze^AS~;Fy
zj;>h%y)UG=eyMq2D~kSB>rXT2v^Pa=X~mCR7?NXA(j&T9nC>jf_PtE4sLo=8nhss4
zDc_CXnN}ztkYgBzw|N{cjJ)`G|Cl=OcG1rGNTO=5+)Bl%#f2xDZngK{_}VL<@PFL$
zy$)8Uu`<Q))XnR(r?qivv1Dg+O#R->=fgFO+Zt3a-7f5B+M%YK2bGNnr$OyC9L<O?
zF8|1DydTuNUwtoWuAT6&fjdn*ZjQJOT6MDzmhaZ{3;%I2Af-KAOvvmwXEeN5jNY%i
zd1$C0bBpEJvZ{_PlM-eGkHdD_&U*i%Sl2=<+;Kvm^HzfP;Q~<_<x;0Yapsu)%FM!o
z)69^=M)<;fzVX5nw(AJ-TSnoY8*tOkEyu8p32^mr@jWS2C6t+}SzamJSD(?&<{r4^
zfG%DDD<Kge{Y&Kz!-w%<NGV^h!?mcAJo1wKeFek&(b_6=mz>BXjp>Krg|qhjO*^K?
zFsaY>_(1jP<kc~2bw;{we#hN7yOr@7zE050W_6+R!lIDgFV)D~zlj`Ew_n!Tm`RLW
zT(m@X^@9rmespR=d<*M!OD}$SB0IrijfzDX`IG}ENW4!N)PQm-8q9~i3JaZjvkhu3
zf5)l2c<$!1<T>G#Uy5%WKDW0LU+*K!_w4p1UZ^_6+3lmP)YqBlTzpKjw0CWIij%GR
zCsS6@9E<g5Xc3GW+}G{J52{;baM9Xj^alUjzCszX6|yUR0o=;&Ko=b{GgW7Pl>WgV
z8b=Q-9<-R)-(6Ea;?#S~wsbAKSHEzuz)6(T2a{YX&5N{r(u)Yb!Kn`N++kE*Lgqw}
zg$bo6D0u7G>+NmN^{x&^7GxBg?O1Mr{tj6&wa1V&REG;|6fdP2w<7l)dU*F1c2uv%
zA&rJg3ia1*cLbyaD=7VnBUr)2bTQGpcI112YYdZ$IF<d~tv9Nz<0czp@Z!aZIkosR
zb2a4qrsZRg$(NjdsqejazrA(2snRWS!7^yKW8C5cXFq}1!ki~Hq17G(g7H)NeQ7Xy
z54dwNe*+5s3^iklbWs6L!#l-`5#Uq&3k)Igi5^1lec%653^c{K|Ee3H%Xf8}{Z=gA
zSq&AI_Ai$gE)j&`W|rTVArB_Hmt~vq^=5+r+-$53JRv6JOlXtzCaS5Qnl6}Qq1!io
z&}$+Miua4t0T~U@Ek|DeMxqhjgF_Y6qsLC2wqNV)9t>7@%<Y$3d2H3Wz|B!STwd4x
zysq3`#u5<_Q(f>Lhg3M9SRF5%Ig3*}A%mb92mGSRZYblJK+SO2z=?#W?&WQLPP7Tp
z25M$C@^Zx<YRYosRLX92pZV0(;=<mM;a(V-EiyeH#p!YJ_Ah(m+RL`c@!k(l1~-Z`
z2YB`tOg0)}!wXiM`?(LY_Z?Dm?pg25hcdq*TI)8R9ZQa>ku8aAlAGEw843okt@I`T
zx_w9fJ1+H_onxX-=*<EzCiPZ2ZixsUo4yOnzrLx*F&$y289C`P=Ns2`J5Km*Tk}}*
zg#WZ*Okl&~%3xFX3u?#o6o^Q#c){y8_nanDx#F#*hr}$*t)4k$%<*i^yy2cGm=iE*
z7|SHaMDuK}{<e7BiGN|QID3b6Y50^A`SwoBu-hIVY9o4|Y|imyUFuxlqMiRhiIQ!=
zIrUN^Lblma5r<uwj1~3XH<>0rZ=Sfua%#J_@-b0GX=J}Okljo&zI7|X2Y!~4N?85M
z%&K=Yyt&h6c5Hf^F9^+Nu{gK$<xm;?;~E}^(90|IPw|tthtMWAi~PYRV@Rag+LkF#
zSsuwoX0o+YSxGa|4YI{mHsE9G3l`p7R)~+Fr|4KVwU;wcxk<N?4i{srlNm*)mI;$@
z9G<q9Nc!hW%h6$Pn&5A)O%&GDwBC}*`odVG&TG_!*uGq|1qR$oV7{Ry_X5F1UL|Hg
zvdAx48Z6o|we7LCyjS2@K5NfA#Cmu;KEf+VnSL0#2;bRQ;XzL&Z#arOIT~PBZ7+|R
ztW6~&XH9&93BlU7SU(uid?ro`eUNQ_&kQ}pFYU20wXL|%N3htuv1nGaHdcyv=!Qpw
z>1AP+YqANIS|k#V+*t9FG9bw$-Cnk^x954%U|rID;HI8%E2Ui;Hch#LQ?;Xr9-3lU
z-cuoGSRCu=m|EWCjI6Pl^n$q_uG}ge%aoD5q|Uuo82N;gpA5{B33^EV2H6cC)r;hC
z<f@N0U*<Kia8Wy9F`qgRw0u5mkvkiEtlMLIr9K-qV;i<}n_<m|od(B=m-U!9YlV9S
zPK%M{{0qZk_Pd2--Q*jKtv!1x`+QHt`MY+qq2pk?iAhl0`_1T>;(npiB6&RD!kE;x
zgU?tPIt_6jp4N;vAHzl~3!;&mg|qrQ;J3X<ofa~^wPdt+^s5(Ty5TjO_9Wm4a0#En
zzmibh;4SR(wy;}meN%?>dT}-9F9#vrbCC+oX9oD0XBk=%D+6xTHS#juK41W-c<Yir
zb&)io`rdMKk1UVv=cfiY7qS(FeCk)Y4;kf=myfQ*Cb0xw^9=5hwO<&BK_d0*mj_H*
zbG5#j3?W++6VQ#k&SfRSc$qt5TyCmH+kyJ~jU;s2WPx9ha!IO5SX+&zi~Anuw%OQ5
z;aGL|W=Yr!=UUS|<{QmSBI4fMl#X9|g7HWk5JiqRKMNmz4VAMm3s1Nwn@I6^5_sJm
zyY*Yg+8Req4Y&yAbY2^v_^dOQ&~$H^wu^sKXKI_ZbthGga02(28gs(O)QiN|i?4GL
zR@Iq_S7ma+*b5kItizfQ2Ju@PaIS;~A-%jvZZli7S7LSe=fgri%DH$Xuew#g>F>Ce
zJ2POiX5n+-wYoNR)(fjVQmZAx`ETx-YB`}<EF5^7e%U1%p&tjFKX(+|9V>0_ut0C^
zIV==7mTZijrbUp{6mrL1G3o3{UX@v1aSsj;rLYdvPcZd3ycvGGbSzWazF;mS*-U16
zk0_IC7|yWh=0&PLwF+5Q{kGZ{N0FnWDOthc<#Q_UTI8mf#krO>(s!u&oMjIgE9KcV
zImUw7vV)I}6wdA<mfmKKA??-FZdW|E84I@Jh|^$sGN+?`oqNMnp!kAWjd$kqyTkjZ
zTk8KUA+PY!ro!oSU;94mshqm;uj##hV1_A@c|N_|a*2as`kT<?byok2k{0u?FFO08
zNFKR~uwmB$Mc3}SP2sV{SAR}QKR09N_t(cO<K2O_vwnBx5-L8H)@wN>>0B-U*-RVc
z{Gcan0Su(bc^`LLT5dk}<@?;p>*Zh9$^sLx=pBAtlQXjOZSz>AwyPi~xj>d@Vmh0S
zf8{qf&$qw#`y;D}PhbAN{g3ZFa<kv-d`#YG+Y|ee8hiEkNC70ULyxIlOoLCd{=|((
zr7wQGPO8cJ9AXez=*q7fqGM~f$l}YqKt7aKxs0>IVu8YpzNN?I51+M70y^o&Q;mz^
zx^6O6cNaeH|MVfx38{{5Y-8yQ{bBLNj#qGRVQ`>9WaY{DtuqSWyben%szy$5OSt!B
zeSCD|`cnHHEt`Q&)HFj~>ldNj@~L6#i*t{CJ$>o~O37~17_M9L#kgYb>-gul{{6ex
zuMLconD-}lZ;kp<aktXfZi6tgH$B86R%v|PRT=;NSBl!pG+=Fcrp4;mhMq?*Zhgr%
ztE-Wlbqh)xdz{?e`mW9OD+Nx?_O8uIJE&|Np6s*C8QEj5EJoZiGk1zrMtJH2YxA8`
z(&tY07O|RkVrO69ZXu+ST_HT7^UyIN%i{S_+g1a8woWMO<DW^ceX7OlJ)T`dcIA$s
zgp*0fChc5bW565)jJ_bt&y!_$Zzz28`)T({4`j>dv-HL8vH13P4KzP2OASBav3N=c
za?)MN#HG4&&RLaUgUmF|b@MtFoxJMihV0P?Gnl$mk6*ESw-=aFUe7HuZ=EdS=84?h
z`EUwo#(JOfT)hy3oo3#m{vjV#$^_wSIe?yY*w&!rxh>=NPZ6J6ar19(4z`%-o2r1E
zl=*}LG%Pz_r?6?ym~$qGkAG2xQN#}yWY2^P2B=huZoRzA?ckFw*NQ)7iUg`<&Or*n
z2fX3|GL?tx8Pw$B52i3Z^X1T9w1;!`8%d<RCc&-I*JE0<&&T256QjB2U*<TSlHT<}
zZZ<qb4sdd6^vt=CwC;-rmzws$-MYw*1g(u&2V4TOJ3BcIIYvN5xfig+8C5?TKG4!?
zG(A8v&S-vt6cnTBVKhA;)m5YQ1+>PcV)^i&U&Al|ukSr8Nd_SBboFyt=akR{0Dg(J
A5&!@I

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/mfaset.png b/login/apps/login/screenshots/mfaset.png
new file mode 100644
index 0000000000000000000000000000000000000000..c00ee4edf572b86ab49cedc8e530db94e11b0e7a
GIT binary patch
literal 116794
zcmeFZbySpJ_dYxzjUXi;Qqqmm5`rioigb6#&>@Yq64EH$AV{Z3H=-!rJ;Nx{APv&*
z8T~%r$MN&5_kGv;{r-GdYnZz4bMCXxj%#0g-xI2=C`W)tg$IE^2;?8!SA{?@93c=)
zSsX0z$pM1`90I{BvATCpS^nNVdSxdEsFkfb1o9v>J`r14ZH3(b!fWK7w7hgK>9bfk
z`UBi-Oyw9tA!!o&I3nriVFbiaF~^^W;b^+Vzd`6ibnqF%f@CU84Ps>O>QLYdslzdY
zD;gc(Uc3Fh$-6M;0l)sEi~5V+dPq!sz3Ee`lFL#J4>)jl522l%pKdw6fLszl!_<bD
z@$f$C#UmiVdZ{qe+7sdhNvWviW_3C{Il18A@V-la1;R%56~mXDm*%V5%a-q<%&HLO
z6XMo()k2TwGemjvF<8Vuk`cM=v>Av%dD$0Vl3v~v>JWfzG4W`<#(;zd{Jb{R#Kd&v
z3%<#9Vk0(b?T8AwXV0+czRu&MGTeF@E$}Kcc`H#|-mfQ_e&EXj%NI{;-q`1d#L&=@
zx}J-H`JZ#IGgwl~Od{CWbx4SUweg&w5{1|9I*~K?;wM9I`0@F^jx|SnHPYK-+Vz+}
zbB&bAC{>8pBZV}`m)et-oz*l2Q>W$Y2-g>!*olX66*?om@x7z*Z)LmBzMw~m`zboz
z-xILF&sluztZD5rsBl^DN8;y>?`Qb;&*A*8XWzY)29A4tgQ$;mt(@-rdvDGrpJOtN
zEA*F8dOCOqL~kl6<cb?|?I%o-<Og-nV_Ka%`Dwb<d6$wM(OZlMcMseQx=tzD=TE>V
zMfHZH4buKO_6kI`oo}U6cJkV{1rih0cX92~_DTNj#M>oM{&m}RYDiLDxmxB2vE%O&
zfy)yX-kwSj$7mWlI!Up4eA)i_QF=({*K3*b+>r0P5PgGzSowGP-m&humtIQY4*H7@
zqG7d>X`_oFFlPNJwlD+eG4A_oS5R(A@jZ|eHNw+;UY!LY3*a`!X2U*dyQ_>D6+oIr
zoQ6r!e%0}kOF$!ncp38&;wmK?T^l9FU6GfURc^RGpx}GXMKAUe*HfxR`6e0GN9k>4
z5~k-*1|M3|sAI%SEexU+P#s?ry<`wrb{95yso)CLbGWpTF`2@1s|q38%X%Lak}$E`
ziMJR;aQg$D5#Ao8`dC^Wa$m82GI(EV!9VOMN2riVv1cu_NyIUSg_`C_D?cr`ABRy*
zrSXzOM&r$@a$kYlsGT~mHRb-bNEx-E%kP<|326MI?(YsJFOMyoy4-HSgZbOvo0C1v
zmK&VA^(2D)6Z(AES7Xzg@=0%#&=uGhZ!QWf@-6Z}A-ibdABQVhv@L8QLgcB>4Fb47
z{b(OI)2o0@`mVDPhNyMvAZDN55aCe_<80gLp!sOf2J0X|-1&NStHDF8iS7;|Z^zQt
zN85rwcYo^rr1*L3IbZur#6z4LTev;Askk9HeSxWgXdRR)L6*`ktg=LEFKt52J4L^l
ze>3|ghKY&kgGmu|geM)OAH)|lkEeC@nCwn08<R6h>iZZbMmq+Y8`UwiG4NMko|wI(
zxE;mC?7*NE%lj(xwIsXh)l#zCVcs7F!>)!Agw>K6aT3Qx#A!bak9UfD7_Z0yQ>W5o
zVY|**6<^<79M2gyz&58vtC3waSrk~1TTE6wTA;6XEf>M|iOdKu^R?3L2le+?^4}C-
zsSCx+8OTZ8Z&skmGO=P2Amk3xye}rZmK#~1s!pSxqn=o(S&*T&@iu4qlMA6lWJ|K|
zbKmH5^MnJgajy1~$f{K+EM;Hiv0C4w$61;Mn&oa<8{wk&U|JFyKE=;+j!6mL2iJe{
zj(khyCCFoQ*=AS(Cg7P8l)@@NXWg#5sB5Cj`JT|))iTn0&GN)1yxQH$Xqa|9d(C4d
zciDF0b~%6Uqp|(LtE=`C%~>a}v%8IN4O5y&2z`2)kznYbp|I(1m=8~C3H8nO&G2nL
zC%yCrZG?Wvxbbdr`^)UIulgV2gR6tDMB>OQ<UGkqm)(%1i+miB6Ddq7Om!utAlXsD
zNx}LtZR+dC5|8;Gb3WcoGU-c#7DByx8+uKg<#wO!;_arAR|Lfd4Vp&F9NPBUCQiMX
zim%$#d(EYjFqKf9;G^kMY+Ni}EL%J=9z6bZT(5Mdv~@;gI(Lfto#&HBl?3nms_bff
zY%J`%s){Qb&6H{mtBlO%o?Lut@3@Pon8@yWwJI|4^o3dRyfCW;Yp7cKNK93>bJMQ<
z(uo2Uf1FNl)9Ul5+ip7ZPU8zz#j(Ys`+;kj_6hcd_JZ~=oD~*v7O7K4Hp@2qT_q9l
zwf3!-hm)H_YlTZ+_DlA>7tIkL4@KAapPPSrXhLJ&d{DEU;E{Q7{@KmE+_d&*miMU-
zo{y*xd&{eqg%+i=y|dS+)@QP(G-p~rYcY(`pQG1c%`RCwd!$+SKge=M6t&gRt15da
zdk$6^?;6WH?&^EkBWCTK=?3^ySW_k_(WOOh%t&VhrUXKR&-v)YBwc(zo-Ucxm~eiW
z{!sY!QHM>3<b4l0+b9n*D=PMI+ep<gT}lm_{ae$l4NMKfpG2V=y^-3H+9tMY)I2;K
zKOAS5(dRJ5$S-rb=xbMO!5Ly@ddLm*N-9O{w(FT6KB{}9_{r>B&b-aHR;PP)@v}o1
ziXA@!iD^@7V-LeNKhE{jk<{To#NZ`?kv<~9j-8FIVJ2YqVo7AVf<M*a^ffikKhB4p
zPVJs*bZ%6>O#WE@{K)*sz)Q9_>MDA{il5#^*jEPCNzJCNq|`Gy-zQ<ZorY=7-EIAP
zIHtYe9+X3mcdh5(bJ^$f_X5@{U(7jr?)Qi$r1H+yoytTR^(%1>a(Zy;YOR*)H@<VY
zYBLrvHn<u%R%&y3{CoMe&-(+Vx{vfz8xAJKQ=48l9j?8Z5L~iZT3S3TKQuDZ%hIN2
zuWN0$`_Mu+D2d~@JZstdbmG%y&}qk-jF8M*8KZE|j}w0H&nnluwjYP4iVBO_!5c9f
zW!^8qH3v#Hm^qklGoQ^Y+S^R_Pa4*pokcN=mBow3{g{!TWuKYSBiA2)-{UxuU|`e}
z+q0?Zp*6ZWKHdEEuuI}pqW0j~M(Ip`bGhYQ;#tR;1or6_0d*>^1lms8-a9`}l}ED=
zGLs}V=*C6#U4G6G550mHRTR}&FRiXpm8SGnJC>HXEiZTE7<73@36ANE(-h=SP|#p^
znRgkTQ(x>hlip?3RpL_`Pv;Y@J`vb=F}XBa(PWZ)tG=?9y{7O)0g*fotz8^x)jo6j
zUIL#Ab1qsE%4E$Lkd*YjvD9H1UT6N(bok@>ICE(<&qw`+5uw)7U8li?Vy)9MeQS$q
zqq<e!{dK_!8;dgja$&e*!_eT@$*0F!T}DdoqOL--E-h1|3&Ufx68R^m+yi<P4kxoM
zP9e@qpJ1Nujhiy?wffdAUxzEL7F&0xUkG2RqKlH~_KEP+|9SsNenqV`KfX2jOml8+
z)T?YDzkFWjXO-Mp)45iw#o4(l{l)Dg&lP+a#n=nC7ZxF>!3~By9=Eq1o?6@1A+E$r
zy0r@V_^c|GONz;w%3{GEz$03@ee=(MeD(@CEX~QzQIgE{qdd|6DSxImX0f<*z&m7Q
z7{PrOcA|UGx30H)n6(+*HPY4fQ6JaciA?GS9xDs_)&UM5YbUzYhV)_xrrPdau9VsZ
zBo^bGRH<(^_8W#2jVa3~1~+_27qMW!j1%JkDWggth5yFJf~draV*d*1bD4APgA;|p
z7k1%J?UGNdgD)P<UA#ADD8BSF|BRwP1^d$n0_X&QuVLoe^3cbRAspZ}4g>>@3W5n<
zp@GL8wCn%-S{98Ba_QIS=nzPV6$Imdj!^{9$iEoyK%Vpa`O@oP2sU^}0v;Y&=>Iwz
z!!hg9zg}a?g6|-A)$Ym5gJ(4}Cv$UqXG;f{q41u3@Byyl1081wgq#`qK$BNx+5+QG
zTB&QhXg^jEHFL1zF?r%(YR=<f=ZG8!BJLpyUfP+vn9zIJ+1fjcdPp$*Izkk@Mt;o8
zK>zCy7aIu%?Z?XW_Z*ze>4kW1^4w&&gGWzKFYfdNDyn*4_J2+X?<5#3U0fVRd3oL4
z-Fe*kc^sT9cyHaleVg|tA1@ytH#maZ+0)*|#Dm-3neq1^{~G7MxwDy*m7|N5gFQWR
zToY3VR~HEe2INHl`}g}g%{{FCJ(Ioj|11kEkQez4?=7C2y#G5kI8_|^si?A*hq<lJ
zeJeX4Gcd=UTl|7I#ebdfkFWkc<sYYN|8eRqexW~4{o|{@Pt|ZXce>|b2PSp7^Y0D&
zpOgRm@_$Yg=S8ml4_W*c^si5Wr0?K~^ZxIy-NB0p9-;>uNo{psNgX@`HADWP=YW4~
zzn_t>k6;$_S)CAw6h!|1U3Cw%br|+6qs&>?wkNG<$d$v{r~ad2B4OG@V&_*Y8Q5N8
zUT2e0A(lbAs(k+=UKr+mnY$Qdcct#Cv;|KRsgw*{!cN0^Kzx6iW@5mv#aXz1>dQJb
z);2>S!~0VrQ?hNc&j8EeI&W3$wT45u*M$We4!u7F{jYyt@GcX#$=5hoQvUr74!toZ
z4#JV)Kb#bbPt+#g^um(%pXW$HLYyIJ7(`O2{~qZ3LlnQ!+~58C3ve8|NZO^pt_r-B
z`i73-NU}+v67r90#vy9^O8wUa$hRaE^!~9P*hAv~m|n^sLb&wLap+^}AZTfwVlNkO
z{8KU*jw0CqyxM?HAQUF}U4bkATqM2!hui-g2ZxDA3c|Wg_{Q^}i-e$2_y2PoDf*{C
zD535|efLnMh+HJt62kv($)CIb-!1vCmHch-|Fx38J;#5o<iA$(Un}`{2>x$){~N0O
z7jgaHL|pV*##8SWWG^n}F3v3ycrP*y6bH;cj$avr<HGxk-Dd{Bxm8cQg#-t$w^%D#
z&lEP#)51EKY1d|UYxL$6ug}=jJZeqm6xytAY>~vCr%ko1K0S#%G5V<KFo0*mO5(}Y
z+6sLn>Q}43dl1z3RL^o@XrpwuE4X=_Ltl7NLTC$`GF0(#%b&3vh9xR#Gz*83!`6<?
zHss+?>yKyW!-WRyZo5anns>eK6m1XNsxIcen0znDP3@-^z0<do;KE(9Gi2wBerDbH
z-m7@HYIku$cR@cr)XQKYXU1(U`mvshUR%1mIUQ_ijN8aTWBFQ38Sms5Quq7z*MGRi
zN88UtVj~W|B{-I^MOU+qzpe2%m}%zmu-$TLbd9#R_-dmyzzC9u3RPndkIyAF)7H@a
zF)e<Zvie{hn^HlWIr-zAEc(F|fX>I8Sk8v=>bMLV7#wq6^x?OimLG&{D{uH6_$V=#
z!?{U#HdlM@So=^cKaDn@h~%E2G=6C}cV@mwYo^DcrFC)dT}>TK_XAxN!Bu<t&7ln&
zhUxi@aly$m8NK77>e}6|Mc+sY@%?7#^rrRo8f~u+^$l{hw)@fhy8|17!)HIFdnL$)
z2WX;gioIanIeN9b^X^`*dM>}#^`mZw);YRXeRtK%sl!gZVch+ES$DqXyWs?#jZ(=A
zo3~yDTg%>QnO+8dE@GSu3*`M?F5Ir0jT7nO4R)?@sR_JVnZt&2ZLilg<u>(RCACeO
zU%f?rTxQ&6o|a#ygTY~9KU~i$4{|k>+%p=w@<JBe;PG<qO!o7h<pw@tNGZeZZR~M>
zjX|<sT54ST>E!3AB1V7W`MG#W^MNiD<~mV%m*&u*jS;;M<PHL)R9T0KJO<DNz!Tp#
zl?k8Fv9POJ)U`<#oY4N@+kW}V6^n$gn5cQ3l&0|%pMeqgEqrn=zG!j2Iq|*0)9G}A
z2DnoIEL)ez!fv-f?(vth&zu-eV2<x?msP7}tJxgq?PG^4%PT*vLYw#VlGxS8X_)Y$
zuA<~S%PDPVhmw}(Cvzu#9YNum5lqDdZ-=WVK7W1|@o6RH`1{mNw6rfHiFP!h&xIZ(
za8<Kgyhp=y&Qqi*lnI!yvGFPiL{00Ixg6(wE(G1@d>njkz>aRZuI5;`rwOjQir=Lt
zqxUBbyF6%vX+zFysM+XOLw;az?I>Nyj>CxRk_(|@!M~#e4*lTufFOK|6tN$5GhDjw
zKc8onsb9^>VT|ZpdF;OT(GVB0CnM~d|0<k<w-hE+-Bh!kts9jp*o!rie{E;Rr7NYB
z0mZ*&`|o_8b(^87roJ6L3a5J4p1LxU9~{0-g~llbv5->2VCFK^O=XykY)ZamCfc5g
zCP5)$`)9mfPWOK<a&fw}vHwa$Ew4naNA4ldFns?(gBOc`to@uzsd<B|_0XHQoV6E{
zRYS7;b#_HI)3%f-(q<zc+)#I3g6kSR$Z^y(@~J+y$)KkPx#lG|S~ia=mldZfg&YTK
z^RxZ<iX^KwtaSl|Bk>=p7X2->#7U0=p`M@9Hs$8!Bf)#mpSL|kp6|lJ=8^MeNcdUH
zVv5b=knpAZZP};-_=4A)?)AtnZ2M!44?i?wJdcX*-Gx$3yMV1U$fy<A+#TE&(S@f^
z!mK_dP6bCql{w@oe1&(z_wc-AP_XPf^uxJ}toq%uM!T}%{RyLilIro4eN4(owS3A+
zRt!fL&xw=v>oi4=48`@szuPyg<ggwMIeYxMxBgOoxcYu)kKJkzuH!mSugA|ldoI%Q
z2_eDi&mVdsei^>3Ou=gib;#6phq?B?w^C3N4sFc5_h&X9aEGjJKB}?z(iL&_R7<EU
zzo_W2BL>D(ss~tk&msLx8>`w|vLOwYL$7rqU6TlcTBXOs{Yw>p5(-%knCo`x?r`(q
zkdQvC>k+ciFX$EH%!jo|+L8ke(kPmSvU&9DauYCmk_d#;OkydOIzBAL{5b+7pyjHg
zTG(2H-KPkv`mVb~tclR!mb(y(*RFOdVEQ6RRCivgy)9$I0p`VB6e$utkOuL|d@=aC
zeU06e<A+m76gmCN*!zi(wHd*7P`Vzvk8*kBkk>)_7gHUE&#)@7|I|h)NI(MSr%y{s
z(~z_dViEfsjHhXx-~E_?{Eq7sAQtV<KMFm31hF7-6%Tp-r-jBoG`3w2p5DGZrfNhM
z-8OWWv@KcPz{uk!h9jQm@lqdO`*rRr%OO=SWemsTd<QG`KV8w~gtkd-I}AlToT%57
ziMWGtI?xIX)}<jJFpM)@7LS|{qfQ6pMbi}R<f#s#xKU~M{!m`9e3ndqbP*1IXdFJm
zQs=pdYSL^F*sA3@O>~h6Fa%BijX#-{wp?;cSB$8eKpd-T9kkSFX?Hf~-vQNv`d}z-
z9FgnYM9&{+%vfan!_eE9t~%a!)V&tKi1%D1b}vxdQyZ+K&QFg3Zs{4>Hq;!K>Wr^J
zcPRc??vL#V_`-#dMJQz68N)Ky#qE9nZvBZ+T11yDBtP1#Iv&!$v(U5gszI-SGGL^O
zMrq_vlQdSvucH>ZZhLc#c4=$Nab=#_UoE9*lbp$a#ND9gO?xSZ!}}7w42WW;n@FGR
zpK}HfQ(iCclhzQ^jcij<QO=8RQ{e2GrrFADA)@ymp@5A}KA?!P@@CbWPjHS-33^Be
zl|?*B_XzrPH*s<q5Kf3XVi6vC08y%|)}8ulKAc$L0(!7m@?q^K%qJ<O2yl8tn-$Ba
z6I2s)z&xcEu@1%mT-OCH<!sci+Su~d1)SgTYP4$U)Al4N{z*^$5>-G>rH7t<rB2nD
zCmo72lgh$IHzA~!q@S1Mwbq?l2&-xL`q#|WpD@i*xYv1?GWgN+lc_fU+#(2i^VQGS
z19CLu33}rU%4+4h;d;bi#bKK0Jq=O{Re6Cu^%HJD$riY4pI|8R--G|TRcIK`Zp0*B
z>Z*Qg>zKFhWZx*B#|`McjdLr@bo@?%CSrBu=}fl>vphmkB*ny{EPyWenEQGXd!xQ-
zh?4W~P?@W{fqqM7Bb+-&^lT0${ShaP;V%47M*}8g1u|C1Y-u4F??k^<*--J(JOOv&
zt7`*NSR1Lq2_Mn<3Gl}_OnZpiLgiIZ`O;k0n?iTwoClJuMnv%u%b#(+<xaG2)Vzc!
zHabaY^O7gwroO7}MJm{vALJaeh(M>NKeYr6W0(jiG`Mne4-b*)3cmJazMlKSisnvW
z^4DvxPq7v-Elve@5}u+_+h^}odqkluIv08AmKafZXlZ-L1r*#2{v-JNLWju|Y1_hy
zwGsG;Nu7e=;9do2_RiE_r!p}jmfBQu0NFYsC}D?#mX@(oTeI7Qh?sc@KPhtGyoKIn
zwfz!xHg=+@wjn!Z&syn)u|`IlgBHE0u00T4a_8h~f_NZmqq9xsz|qkJsLg!tO-`k-
z3p+${r$E+BM2l@JO#V6d=wFWHM3s2dVmNYOZHzDOJm)_@-$}r|Byzm<x^psd{`Q}a
zi9RMuDxT5NMIG$O%8a6}G$fz28CPGJS7cuJMomO9(gL<W{<XqfRxsC7G|I!}S`p2q
z*7Bv_+xiT-t!uHC;rbAkV`wSgrjOPpEiU3au4**uYHxs@?Ycac@(r5p1V*8(;RA4Z
zV%?{fI@$_J&^P+6mO7&)J(JmD`ZWdxm$q$A`S&(li05Cb$w1T-kdwE7X}Yrt`zqiy
z$K7Q%jl7B<bTgt9-t5-aaK19Q1Rr|-gIA~m3xMNyIw1-)JOh%No?SfX=9=dn*xdsd
zFn5BLfZM4(F<7`MY?9A6-K)j;D~T9cG_eRRt<s<V3lb2Bu>*z(t&~zI;So>c>j_-j
z66FS%!fIdcy&%s|5+7%CbK7gJiUa!>GT{l+f;b2=s~yzJ!=M<NFuH|{ODC4?DI)x0
zw)&>#65Ki3JmG22PEsC7A_PvDM>r&jVm&{25$k;_A8|f2s#RWj@d(oOVIC#I(8t91
z_XP0UQK6*;HoRSWe8Ycam&Xzg0q54b{Jsi5+5fZ`Z8&KH$2Y1qf!s^w7&f*q-Fj7<
zs(7Q!RUZ;UEOP7aDvF{7xM1iLroCfy9NmG|J`nVhOwY+@_5>o|c|uZD&gcIDCoNDk
zA@9#<1VJYbsNBBowv+tsw&VLyC|U}1Q!eGMhAB9UWGzP9x#%*Y&Z^U*Z<?Wo6LmJA
z)?9<ugw%qyI{tZ6ClYs_xEV=<dJJx^A+M?o#NudY;ov5SEo<;67pOkE(m(T(+#|v(
zS0=PR<9B`^YrLA;yqPe6%K+@p%0Z-^P8A}OJdB%kydFZx2&y%XsMVTFyugNugX!9a
z*0gW3Xy%)rsY0*$d1mA@1D9EPZfW_L@}-q_mL{<tONlcYwJf3&qY%~i4HL702%z~1
z>G!r?c5{)IeOPlr>emRxP(olp(xh~yd50)Pn+b-ZLX0R1LZPQYlf;hF1s>JqI4_YK
z?Bt^}k`uy9w<<MEdjeheA^mUO3Z)(aKhPy4LxW<?{!-DHKpyji4_pp`bT=p`N^TO(
zuby>H@|hS&_*XfG8pP`qc;C%HjVmiSF_&1=TOJfLV>qg=Mn2H%kWzR;?1bo4E<jz?
zvAVIXcT}^pDNtEjv|8nTD>=<sTXd1DFEpF$i!O<LZ!2sFnMBob<x<FP$D;i-E<Hw2
z<Wh2D^v~&?{|?G<^HwMaUM>O0Vb!eRUrB=~-cZ_{TbG5%$;l9=!4J7Xr1~?2nxcPi
z3oTTZ1Jx<#tm{bmGr?C-3tL#a{=_1eU}yE%N)XmWmPp|S;<lkzx6oN5&);4})fF}=
z!ZhW;2@+6)`{_BD4(V6s_OJ5%CZ~v6^9yJvGsfsQKJco_VeubPDCpXBXGQ8etvhEU
zYM^z({2UPbh=0%lS!_IMBxx(`lNPjLLF(DFzx0gbw=0bD0RqKC=CDk069Qb74Q{^z
zr6|&ut%O@XY5-$wgi?#B*mI!zpbY$&OZiI%F;6amcr(RaOa-hW9&-TIX73WwWB1eV
zIjwa)faJSY;TpVv^anas@uO&6))ElviYEor6a-yF-mRxdmbgvFydCu*V<HU70Dhe2
z+2dOzZB{T_>4^eS|0?5lk{oZX?`_G0_D?KOWow1zgow+dD!{}ATLja<b|mM~H;qn0
zmQ<Bc#A|E}6qmmO0BQshP(QnXj-jPtRzsp#(ir_mPFmh#q7JO!Pc3rm>MB^ZFQGaO
z(u}^*pl+Bk0*Uh{>ELp5awQ)D#QgN+f#<E~B*pmTg>OeJ^?CJ!Csy#l7S%e~_7o8!
zxU?%K*>L+ct7;ycenwSI`kP5WIM;f89o$AS98+-jf1Uwlk7!$Y8uHEyRf?fNiBlj1
z%QMIt@XudI$v1sK9qw`yQq#}LUZNAVg}%#G({V+*+Lb+SZq!uA6g}eKYQFj_{EID?
z)=cwlGv=e#WZR7KVlG+SJZYX%Aq9wabpEiI5CKqr7ftsMRE1#yV_KmLWI2!`Ef5@4
zLK&cz8f480&3@Rl_Sbb5Ag}ZNd@8jNS{jQ~vv1=n(px@*<*cJ3S~haZ>zQW3*5MIR
zQInV<AtC&nmkCy2wxMI@i8u3l`M!!aDarxAE$TyTCqITp?S#0WTzDVFq+b)$V=M9*
zyi&ghwsedpGP3ZFe^oBIs~~io%RbwBG!N@f2SBvk3@+{295#Cm7&ff=TXo?vq~EmB
z72vTL&oC6Y!NdgYJ5ZD{I}hx20l(>EFfuUPBz{*^jp6{3k$=lNY>kbU_Wn30TW}29
z5%^Mn1yoWgCI-w*vKkSXA`M~9?tdxx7C0btT2^dDg;Z2Oo^=RDT=AjHokT|$VLu3)
z$g{_AeDCRm@c1l_$_$W@fW=Fvzfx8MiyysKnWs+Ib^}|nHyL$6`m4x5nkVF0agBzi
z@-Y=HZNI={ca1=1&53?g8Snp+arR#_CPB)Wf##JqKbU6xhKX|nY1_3Tm~^#F9j75`
zM8IL92U5cjz0uABq*kGJ%HqoEe~*xQE@=r>Y7c>7$QKF^Tj8UDaK$kFx(vh7`tXsx
zU^uaeisN72iWdKuPR1<%0PbM=R+)|gE@D)upG#daNe;z~=(&O4$Q`3Ad>;%^<dAqZ
zLWnMM`=&bTHO8s~7a#lHOiY{$U4#bR&C3;C1V#@1D_he=USP4LsuclRn))+_d>R-o
z;wHWZq3{^$LI!@Z0@=EpvT|~^dVtvgSgL42kl;~CS-N?Lt4DeifMdT_2#h)!AktQx
z&jF+hc_gTMS&!69IHtT1(974bcSR~lpEnAUcMM0(YrB_G4t^jHoEZDQtf<`$|5!z%
z`+7j5x}}*>BKl1$5KQ>38f$Vc0Y6A=bf^V_kB`~GAE`Ug_FN_a<Kmt%rq_Vo%IAH<
zT`20m`<bztTBO=rYgYQ||F6sZ98lGr@R$D%LmEY;*0VVlbdl!G7ainCUrSyjZ4XB^
z-)B5PT{7J7z9s-s^hs@rwK_0!SwzXZg=;9wiFwmD`IB0$$J+!c=3S(i`>0h7BeFVI
zpUYUU2vAMnC;lrzygu^|DQfX|pMhH**RxCh`Dz5UL&o?fQaDLx@bv;*z!0x)p8#q9
z!awGRsJlxF^hp4XYOod=hql2{ATj)~m=wgZ9fj&jZ&m<(xi(qGEAEIc5+vU2SM}TH
z&E>yG@mEA_B*qwuulf-!NEFgiF6wXQj2Im@v1=9t?%|(t9*75R<0nhVV@N)(a`{}D
zDAETR9<rUFLWeLA1=ZI13pPoBdtO31aeR&c5ZJ(~xALXPfR4p6r+5F3GJtc!MUgcT
zDe%f_kGxHKmzQ7qc!4yyDv2cz_dhB$rxPMcmoP1P=u8DQ#iAe71ESj-mmF&b5u@5d
zv!-|l(ho?o*F6H?LfyqtI(-5Ht^%ad=H~M?fV7SM`^s5rJhmgPj=C5dG<(%&U>F_M
z$dNiz*ON5?)_Qsw0Ev5qprt7drKPE@4Y&*ogi-(-us*g&qVZts0Ju_|8zw;=iv^68
zgy#yPt|WHR6~w3$Vw5By_7dxV*xv}${XK?6IU&Wo>6Ji^nzuX!EAKSGYEA%f#X@QU
zjT#vvyZ(xi4M>F+^V$M3eoF~Fa?ItGny}yM>~1DdM!^GcKQfb_5w0-@(pcwG2Nu;d
z^VcX9$Vgkai%*yiQAAV3b8rPHxq$Pwqw2E3G^(i!fJmP|6i8);gg)dh;JAD6XKTr!
zbhlBq0u2L84S1IqQ=5HJDG){eY}!^MA4rH!!L!-7>$E6thz;Oc#Tx@{E%HE<%gRA?
z<WdiHM;$HzjRNefe<tL12*A_WEb*&IKY!b?25#M>PWZ|VRd6^Sz-?^b^w0%;ZEE=s
zcICCuMXK*HV=JbdJuXJUra;1ugq<KS>QpBwD!zkMfxw2uzw$={bhCNqUgc6Z0FqmT
z#l_QfWcl$!{!gM_;X>O~3bjbKU^yx}BEta6CC!^Vfd$gUefc~Y5G+7y^r9CZRoiZW
z>jr@uS1<?y;x@6(Lw6(*8>*xB7l%a;+%nm-8_hz%Etf0tajz;Ok>0f@hN$ww#RZdO
z_dh6L2l~4jp{)i2GeESxDSyR(Of*?U?jZh3bpS;1na^u0m0#0-q2EPE+0X|Mz|P~k
z%1Q$kAXeF;Gi5j(iQ7!aM^U>4*>NHw2X5V~21Sdg$wg%Lks>IN>t4mInP||F^qbJ2
zK_<+5GVhsz;VnwO`|L|>+q~bqd|rU+|B057S>Cg?%vCrpB6pgfb4J4zvh+$9A_s`-
zhsLxhn;y`K6ti{+(=avY7Ie992=K`FFUqJak%A(Su|mJ^#$Evq!i8gUVILRaaxJM3
z6$6Cg-b81uB$Us+4J5bnvIz>}Q?g`h!lnF#%`m-!oz6m3|N4v*_zC!NeglwP;X!Y=
zn+6RMY5fNm3$hVZ7uzcx|I6)QX&}x|HiexRdv6`W+>Pw4dsX;-j$Nu&@={aw$MqbP
z<wbt5po?1Aw;VyMY^V6Del)C&%f7O=%Tq`me!>m^%~EFhfzUP5>NC-oK-#vFXOB7a
zJ0#$V20aEnq>s>d7yJ10)11QUk5`NP1Sj;(e$+2zEFU-iXegfYIfV70VN)9m%{qQq
z=2IsOZX164s1JN^(=WQl<-AcnkrG1ZTlck1c*d50_dBcP6!p_iVrZg)o0Ugv>Qy;9
zpZ7<@i7o0!Jm&|st;yWAv+s5`-rYs&c)&R_YM5Ck^IA)~MNWRY0<?nA^#3(+0=m0R
z2%@M0UqBCU>nyeRR{NsS#j(~SIk!<2x#Yvvi!<nxCm-p!xl4OHe7Lvf=`JRzeSdz1
zdV4qRJzcLFxU(2Ys(7;s+Q-qX$co>xX0XY}n(6Jtn)<TrB--!PtRw2iG~_pw{AZf*
zE0D^XSrbWRJquudl#nFcyz+Q4&AH#oYktPQv9$jC>qor@GY)eHLPfgUKj))`wG3S2
zVYAK|yVTCJPrEd#t!n0Rn|9MT1&mI=Q8cHFXBc`e#LF_)HyGd`-m~;B<qPsAAU6%<
z5!C%Jl0YCzdMND*?13^MR(WZd41=YztxNL!sq=bemz#HBL;Nb}oN(`&S$T5lio{-w
zj^Ek-TI!%>^rrWc*#3lgp)6u=M5#8XT68L<pCWQr#qce-`v}v~zIk7>>La-x&?M3p
zyE~Gkiv5JdQpT?VH)HYI<;lm8yO4a-!6IR;U)iF@A<@h|NPsdz$?rJUb2v7GOmk*}
z*YBvO&(LebT%bV~H)6AHo-j2{^GMNmzt~8yWEXzeGLh!-EtFuNRA(FP3QYWbJGy-H
zHAFG}%{$iC6WC^Nzt|=<EW>Gby>`y`AWg?>qq=XScFx{+H+7D3Av+Y7lJC6!CY)z=
zRpPu7(qEN%wjPD9eBHJppbzb;%<}xhJCZ)Lo&q$0x8newFJp(b(HULji(6k<FtD>^
zNx$sEGYuQ4g9QKY40f;_9h9kaj@FDWQmk4?`d8hG-puI5l^j%jAmndIa$oq-xG8kq
z?)@vTsn{;M^R1A@x4b@9K64n3t7P#KLnW%+7vB;=Lfp+p7X=TG$HXU3s%<^nSiC;>
zQ})A5>(7t85%#WYnxUAE@STL(q!C52QoY9YnT?&Jm6@`fub@_L2As@Z-6ay31X|jC
zu}^}<ztCP9S2XyJ04=gWrGkYkC1Ca1fQPI$Y)g0KzTcYO93L>GWE$7)*NIKJCdr{?
zBKxCiePZzKsAGGO&#-fNzDZ8Z*a~EQQnOzmC(&)mq-D7EiCf(7+`G}9^7QsfZtVKH
zx_x~S9WEk{VqsSe9>$CeLq;H-X~7yu2ffv-ua?bz<;hIbLjw2#@(e`h(`6r44`1QR
z(R$_{ty@UyZQei^aSeNz;k~Ms$=5~gtN_((Se{r;;aljy=M`8bZEZT=FRu-dYAx$t
z!f@=i**Ri&`1l&2Vt-zs$3`!f6#XGlu@Cktf328g!!jkPjfwc@WY-<&ouBPjpizsx
z`~w2m)Q(blWtoQS&4+L|A+8B1x`^VNlrC1uqc4jMYh^vQ>%h9p`(DKr_If_u?GsM5
ztC?ciEwgV;5p%cCE9<8CYwF*07Y7pj?{95YT(}8L%qVkf$X2OBlc6(+GdQTgt)%-D
zN@&rvRo-^AHo~m37~rb*BbNpSs7pL(nOg3%VUw)Uay(Y<7B?$cRY}5|z++&2zMFZG
z<h9v6!M0KgjTv6Qzmd>&=b+LJ%2<1zh2a=yCR^JH^IS@oy&z|&cm;ictdG;kbVXm0
zJgvBPO=ml#aAs0Pj>cSoBj0w&&b_$2<=KaCqE|Ha?5cy0IXF~t5T6zK->>LTls>`J
zwX0u9U^%_i8ar?B-trafT;g!nY)`++i+$=HNlYR)?DUk&sAYB*v~tu$ivIW*PBC-P
zmvoEqnPQxs^N`aq*R1P=fsj-|I6aK7Xh0_Zhs?>61O^c$HPFS&ibl0gxfqVRL#yrY
zez};D7m803aW2RBLnDSU>x=|A2i;pw3|fnJmX6C#fk|8N)FIHF;hsx^wnk`a`FHjU
z7p;`MQaqQ$=5##Jiv0a~A{-hwgmSFXjZUT~pf&j$%jkDBp?xXl8ArVqpWqxNBRI@{
z<U9sMNVgZX_S50cVf{e$hO27|F?+(S*5=v)ll!A2bbTtpw|ATtc6xY)@fyDHYktpG
z(G**+xVOHMutr8%2clmuh$E(Xis{xCIboPjc7(hy&JI(pM)J(zKMwYGoAD5q<J=1`
zkK3>K8e4qprrztOcu00$q}ANrv|;C9!|5;R02g;2*RhyVu>k6&WZGEK&ag2bbC2*A
zzeRs97e8?(-NNVNe)kqLi|cCioSH6*YZndaWw!L21P&fAjy4?pY=rZjRWfe~UrI+$
zF*@H#><f`RH6i_>)?UTyyB!|uL|&Q14OpL>w?K}UOu6Jc14xTbuae&ufUE&XW#TV?
z^8;bsK?DzzHDkZTLU2?|CHs{SHl4TQqEP;ujn!}Gz*{wZc@#7IWzZDU)TKwen3?)*
z)_#xoMdO)m%h6&odv!d<&+HIdCkG2!$>X8ul=&#JGQ&f^i$lM~iPrOKop(<{ACH$H
z9w$4kyiHuBO3-O7G6&90auSi&+6;4>>08!c*Gyi9L_Jr>i>l${Tk#z5${>(ho@LXE
z6VXL$xbDzYxz6F%2}_0V<sB=Z+xz-{&q`ixIqGvru+Qw@1QB%xD?Oz&SE>Md(^)2<
zdp=qc?pq^Jtdqnw!=2wnswmRlwCS_CTl}lA=Yk~2qJFY$bR#*-X+FQUt_0jQfnMz(
zVsI~qNZ-Az0ZajD`pxItv(5v8<zBEg4hiYU{G~>HuHkaUGVKW?N|McACywk5{THh%
z6Va$K-`m%H#oA4oX!`U$vhK4@Ejr%Um&HxyjT#sA13qOYpV*oE&w4HHjFcKo6Kf+w
zJ@f?jaJ*Ef;b77%TEU;EYW_I|-uKApXgQ1EU9FM1%T#yYARdUxpjGkri+r$cSjpR$
zQWTqE$MZkm%a;^9`O)a0m+4w9vmv(Cb_sum0?UysNfjc;I34y}c-of(?QwMw=;esL
zhvbWL=!);)p^IpQYc@6CBqE*hwoR_+#{{vQlr)zR4Wo!`aCE?vLM-Ls=}X3_n-6Up
zK2h1Yyw`(q#8VIr+bK5eo6JWF3q5oyo?#%<$LrB**}1wqUfUw5MiT}7(lqrwDDS%D
zLY!I(*Vs=t-b*6ZkvkrNcN)0w-&P`<#dWy09i5e$Q+#^XnXz`j39~21+Tv+gX4nnW
zYGSB)$m~igh`t0ubF=61NT%WBBCEuT{9*t$?dP-Jjn<2EHzvg)S%LXP`zzg?qLO=_
zsx9d@<;_A3led@B%mBubyxvAI@OByRRd>@swEYt2suE^V#?MaH>6xvtgHmIKq$e;3
zS;{ugsUAaU+#~s_H9^kf3@f1xpDMepJAgYtfNDb51frgl-hZBn#OE?7IYB=GUHEq?
zFzaCe=ym+WrmUteuzIgGk25+r!A=mZ!2Zf`@4c@<jXY4nB4~cPTlc!*Tqt->>6`l6
znvE|B<9Q<$&G~S84P6<yMfVS6V+~1X0DEqb4~YK&{YbJiw$*#0{`0kmKm)4PS{q-f
zzf-$I52Jn4#Aq^9YDwiY82)Bvj8JqrtGBEc=B6jMnrjP>?d@hZQc#D;<yg4b2QF-V
zxFQ@v`^=KXIBO=H3^MefwqjX`zwh8GXM^3t%v5a^9_q+*m2ak6WCChZ3-{=bmCrOe
z(=T=R<P6zp`1$HTU)-uHJ77zUZMipFUnJURd;kzmujQTs*H(f4BNI4nX+8;-qvj~|
zqIgJlm6Ul`Gm6V+ZpFELGtfT6c}jB&4`khUfs(x#>?x&V1TCO_EH05qCG-4C$;byw
z1(7kku#bcOjmk|2@A>N+mSKFHG(LMnLQ8?IB_s(PZOU;F;RIfp94vun^qTgqX9vMT
zu4d##>gXZ>Umo^lc>TDRQ*qlfZfkNNbDsPZL_k|!Q`lOlhx*)S?xqJ5K`u!i4XX#8
z=pqdjys46(9imC(IkS?rPMr--1`8^iAb~a611cVOC}8mY(<RBdQ}AzK-7u$|r~W(1
zZe5oIkJ@IdGQHe*N}&Ryhbh0B#`clQFe2LfJL7qoU5t8;sf&%8VKTo()D+Od)w?XU
z`a?^#Z2mbaK6vOM?IyJbv;fuw6oEuXt$O+UBrR~ZC$}zlcBWiMDVu^L1V|%!1Oyqf
z;&-~WT87hHhUMKvzc+zfnQP7tW-Q?21r)FjWtSW4nuA>G-G^Tjfjh1+5w&SH`iNQ3
zn%T4j@@4_+yP*!@Vdr*3r5t`|YexLxS25f9@HO|OaT8rD&r;`3S*m0rnTB4zd_!*t
z4H7Z}a<Q}TW@A%}bJV%;y;$J&yR}wYn?d6`ZY!BG^e89h^c#uBiR-g6`p=Jyj)yCz
zkrL)Qy)0A`qc*g%WbtFR9(u4oMWENZT2$Q2)3`pYOs8r2Jt<G~N;tZvs9(oxingH$
zn+5{sv;B!HT3-c$fei{G8GL9#&Hm63abvXOdnYanqY@rl<78Bd8R(22TaAMD61oVd
zEFx)|?tYbN>KovmhziuDYAKi9qMO(Ycij$-2K?Y~29idi2^^xn-0u{T-h&G2=G_MF
zFms`)C$YV6JZqC&o}r~o$+w3aVms=}-z+VRkH0+5i<f4#x*y8Xos;|hqpu2)5@UeC
zv)mbThD#zF)IDx9c8S+K8B!-po>UGAH|#&Cy`iZhdUo2hB(YhEX3)yru&}dQTz*iD
zm&tkSojvC6Be<QPCmJ<O^|lSUpYTzzxEv(l2eLAG^69J&8|3(hx|A<N1%<(iYB~I?
z3f!U_3Sq*M{59;zdVfF}&a(6my}9Frbf?LMM5`LcK6|oMA)PM@AN*r{tqymM1!fLp
zuiM3a$;`0|jgMvJN;mWmp6LOB2-1I5OW(wB?+wL*Ag@}haXWhI1*4jdSGJz@xW02=
zMZ?ZSCh&i~*mt%9f;Y~W<s`!tO*Y9#U3M$)xNU|+cR$^!F8Ar{1?bG1Qxsq0gETW|
zN@N>*eR8iUl?EvbT*E$TODO-<t5?B#gK_V5(Xu!m<^vd#fGg)^;Jy7(_DfI?d1?7Z
zpiE9(2jnT2|H#I*z799g9E(BZ2tdYD67geD!}X5D$P5Wc(k3+n_4{IU5qz6e%A&}&
z<ZClz$Rd=~1g6W~xB8sjnb}OGGR#7P4z>x!+D@=H8%UVj-&ES!{I!6VdvFEQ63U9n
zd(7^i^Wmj|wo)e>W?x*cH>b(%uYshtuNNxdex*~Py0|-5uqHjbBI<w~=k3$ofy314
z?cIBXw>#k-%MNT!+z-)c`uG+pV9(y_kri{Kd;7ZR&5stUT~B$FCfAT&5>J9<TW!zf
zpvL8&vnxB2qlVm~P;x;3-48$PItR2PT*-u<WqkH`Pr>d3WM3mAV87&50sBSDokh)p
z4CyXzjMXx=zRTljpi{L=XycU}?Jc!Dg~F!f?q=t&K@>u^wXyhv!I4+h_w*pFLLKvo
zt*7QDs#DKD@a}7_k8_t6Jei`3A1QGW^Uq<LmQhn*s#Zdij|^OSZ;26?M>=sa7KP7K
zM_={jrax)w8}ZHYH@(5S9z$Q2SQC0!H#IAukEa3N@7we}Z0t2fCTyPD;YMkN;h2t#
zeW?@in`ymKo&lhAavxN*N$+NN1BULD2?s>HMP$TVMN2!P3IJ?m5+m3l(5A!8Jhm?P
zHA33@Rc0p3rrS$Jz4POVRyh3IRr`Ff4o5wi@)K@<((7MexnI{EdYb6N%j=O7IBN8>
zgJOMetgmKl1EM&jpwu@#zIrlY<ky_ep_lVuFS+hu+9uVW;WFqoOY8S)Wn1~lo}czj
z%XP0Qb|4y^2e0X;jC|3>&o0Shjkg)Ci-P4=I3!&=cZl2AKYo!0NcJug$<i<1nE}<U
zPBE^3Iaj@_zv_p`#**b`DMQD_2>$+?*fcINcE+}&{%{-%nAL)%Kx9=O$2d+{g^Lp!
zm3{HDYb&N>T;_5osZuZXYv_UK-rzlcSB)l-ll7`Tz<AA7urtqS?5sL!Mg?PPX<9PL
z6xVWWw4D4Pz%8$?pX64D5h9lLN4cMf2EX&n^$x%3pL4DzdHi;Ds#Emn^b`ryc)h>k
zpDj*N%XPbsT8Hi@=3!`M9tA<7%G;g6g;qn5wdG4zKQbYJC{}gQpnO@_`c)znbm^4h
zfogVF4zlHmiG}Fot^RE#MTvd&nc+#YZx1btI`d#`>H7XP!x_H#h^FmG2Z5zDXT?RL
zc<pDK&4>M?uE)|RgDo99psA}p&2upsT0N$TKbI0SQRy#Li!K6M;f3gqKFd9Xv1qz%
znLy++*(2+=drU%TpmG97uIb{N-*<DY8U@eljWUi$^QkbO>Ty@@YAhw7Yx>^spSRhf
z280JU0MUkrQYj~_{;|;3QN62JrmGGfO302KVDW$sU-kfX=}=s65SxUlbiO9~98Bf=
zp1gpP49AW64!s|8Uh3a3=J0}l!L;OzT&{)mgOFm1q;AX!w*j#e?%6?_5mUJKJ;?rx
zY8DF@G7q-fVoSTrreBs?&dTARlctnHqfr0GROYrx90o|BeBUMCcFucTQ|v9;MdPl2
z&!77;BF!D{x#(K%WdN;WUuYY$)sFV;HRIc`5ytMX0_hIchshFi3`f4%CSddbsMea$
ze;PZ927ODf127o=^;-Z98puN5PdB8`e~%I8A((dKAw>>VK-N2#71b&Lo&^M+eeDQ>
zmR65j7i_+N4pG!suDZ>hA7MoMZ23m2%XGQTp{L=NY&+;IrW3=ShG~hdJywS-wOzU*
z(0xIgz!)Xcu~<H3m7o5mHfBY$hSz81QSw*^L~)(`Z5%W^tnc;PORCB}%z^{d#_i#g
z03Tf6i^~^ht|CWEyNt~XXu&RI8U86YQ-c?XL~ao_nv^e}?w^|hNM^5rq~lv?28g9V
z#TnD4W2H$@rjBRUV9G37A_5w--4m~6XypcT)oLwzy+nGo&2xGrV?5@iW=^Egr11;Y
zE@CY8Fj<bzTK&HD-@-W8A6#kW**xkKp0ll)f~NM)P+fgH)ltNTHyBu3W7*iCp}5qM
zVpFE`(Oz`=(|y27fS)>9rf5F@;ofRvxb>Xk=NQ324~8Qky;_!!T*02*-#r&t&%G~`
zpP9K)Gt)ooF&~*MQGKkV)k5F5cQpa<U6c#0JNRfwItO?u8&DqDYrr0!l|(iUzJ(Xv
zBvSMH;6(z^7H|kA7*TRvY5+lKOWn412`Hbr?V_j5DKkQElaRc<z1?g5Y-8@>_KK3<
zG%`2r;mVn%OsUSZm7eMC#^e=khHy{1ES73V5%$$EM)M(&LduamZur@oCsmSwM?5R4
z$>@U04hOr~49HLzjK-^IZV0$Apo>VJe!UWzXLA_de|87}gs;Y)XEG#86ELqd8(f;_
zvV@YSj=NI>zT@TAC!S!Tll6I>!=+4oQTt=N8HeIx;aVQX7>?4!pg}>37c(iSDDimZ
zM=C_I!N*LG9Lv<SFB13%b99k=_n-&k{ARyVlBJ$htvI-kCl6h6=QCp;U}v|7DPRC`
zM;wjj-x;g$V}82tkPHZOuio{ks<o4+oNW0auj#dPOewOcR&rDz8VSgp*?ajOUAOIy
z8Qn?JQ5*K1n8NVp!QT51_tq0N<q&L+Z)W-W!epmxo3=j@gr6a>B`tA;1h__X84_Y;
zirGY5zAz`g_nuLRg}Lszaj_}8lFUz93ShElf~1wA#^B=IMpiKSh`A}~;U+s#KE1p)
zC=`@gN`~|ZdcjtfSRJ6?ZDarPK_!$qf&bAO8|6=sCB88MT@D0H>HsxdLALtcI}LPy
z3}OA+uQCFf_Dbr3bv7tK@@rmARat!e-5xkt({>|-+O%aSzWm9!mZ~16xgj9BQ?qrq
zL^R_@zU9U$TGy4z^(;n;DEme`c3Wd|^E7RBsMeydeAAq1xi~-Bu$65HV%OX|e{VHH
z1y?1q`V?`EV1Gli)2U_I!@hoj9MnJdmZ5^C@>N(?92*tysoI8iQuddgMtkYk6&~AQ
zIv5^xYY8#E7+cN<*&|D>-`aIHkJl7UDisQhD&qjHKCfmyFAW7%z~`KO&|}>i+hotf
z#yQwc>4(yQXMWB6$Tl;imfh-r)hEHUT{Qm;@!|><roq+Aw~v=|B4vLBz6~3Q?%!5Z
zyv<x?#mv*XH~fg7ahDH&)Nt8*tTfT&-A2=pur3HI1)ps|pm~cdRTXCbXaS`vWLfrK
zXa-gUA-wHq8Vt&0QWofVmTW4PhC?zfuSp$1@+IUKmglEwAGTKB3in>*&$N2*vUp?p
z;07j^X%zu`awQZ##JguQ6!g8ai*|;{L#1v0WbUFRon<O>OzueUeR|V@jV7IN(dUgv
z6lGL2{N~+cGj5R?DvGbF`bB$6TF;N|D~F>m0HA+^c7r*7Y?<;xlfwtpZ1=|wg!nE*
zPSdNY+McduxJ_HRK^aOn!w&KbQ;qhEv}8_J02?bmlE!7PSJ|}-e$~l+FZ#6>=Uvxj
zx|t}We7$agR2{>u9;2G{B~s$HdXTJ8?TBswhFwTYl`HG59)Tbp+h*EJOh=dXhJ8Db
zTiX~9E=jj1Tin@APSzvcpHg#NYTop5SoHpk&*OT0ge!M&M4+LV3s_J7*dE!tT#@R-
zIM;o6gBBe8PW0@vKs}-0<1aBIE8{ttEl9GLzhkD;Ofur*YKIwHl|mh1`3Sgk;aATK
z39w=Oj{tIMVuH#(DL;~g5v6zu>mK={nfmxqsnNJ#x~t(3W`Vu%P=p}J)n|Bi9u9F!
zRkByX+{luKZH3BQUQ2!_&HQ=)2e(>-<HRzhPc5f#)N>=5w=hW5Ox{60Mme7K89;0O
z1X;@+7l6TZFRnf<z~4xBhu1Iccb8;AK7_JnXhVk*5|hFG1#m6}DxaP6!`3;hd#+yD
zvR3Rd+4o0fn0ftkTmf9;%^8p?S=Lu2vIys{smSrztB=5x6<9c#vdDy0gmT=Gv`Bjz
z><KC+vlVt)*^vC_u6PGQjP|p9&ukBlm;hYZ{{MgrQxHXN?Edv+I5`qA;HWcZO=ZW0
z<c$%Np2J<+3-H?k7e7-Tb!Xz7Pz2$>jA`x?^x&;*A6uxS;ZOlhpTBwyC<_wERxQ2P
z6<CXb_JkTxQ`oK1Y<h$wi@Fx6^iykz5+Ld}$Ruc82JbG8swwqF__FEVImqb0ib>a?
zGHO9#<o#4w$c}}<KPR|YNfJ~8YP>Hu*s0VC9=!$Wz40q_CMuZ`MHPCbDzlHWSQ`6B
zfPZpcw~O8Itz{dCQ#ke3{aQ)VhAZO{3GP`T15IbV`y()6&^~qYspfw%Y7Z82zny=P
zZp6y)a3$ZJSfMV3V!cs2UMfN29<kV3?hPf1(S|mgw`>%_uel`WuMJo>q&$~5QJtK8
zh-b}~8I8`dLB{L@1C$cJ9P!T?iQQg)I|yfQ_J}oL|ERwoh8vxB%z6KCUa-J*CR*Up
z-;y0#j(9%yuvzdLU_}h9q9qP)Hasp>7^*LsLBx4+G`SYC`Onw*9Ixc3zPNH{vYBhY
zU}iQ-bhV)4$%2NDuRUPWoe=@pDVgAg#<$aXK`z(7A<M1~^|m!6XlYRCCQ!sCWd~3&
zbo5825BPzirt&}BGHAarjX-*rkLV4Ps)O^-@p&w%Vw9cqBbii&r`^Ks(NyT)unoQm
zzimLoSzl<6&#vckqjZSnA<=cthsV!4a9JrO+;rdbVpa<9u_^GZ)s%+Ydag(tEP%S*
z``U1TEHB=b>k%N953XarzXP1fOm4epKpNms2C(eAF`8}frJTxny2e?&y)M%(g~`;Q
zatH9!LQJr-XXG3c_6sg5v`l@g3Bsa}7>y6+{QSg@`xYK38y$xRxkibDBi&N_d`5Bj
z(tB1Dn}&Eq2lj6d7tp|pCQH<hj)vy=sj~AsCuC|PSEw~;sWGX{7+;v$5rX?psM%{Z
zh6>Ur-F|hG7ZHJWldEB|4%d-%^9Z0iZ0rFR;~{M;v<n0RdW{rNErx(uBoDnST2Zn?
zT&K4D9>80dyc$*FDIRpccnWwLs>e4<RB##~BfbJTiuwF<^=XXVg*i(+?9N<6PFE9l
zmj;B*%*@=>8v4v*9}88g6(ly(M^@h;_Z|$|3I~M2@wa2)d!BCKE=v}#@Hn2+_)BkN
z&&GxOV{0%*S&uLGrHf7Y2JhWgje4U~1sx;NkE*HedlOIQGSsq{Jhr6Oe%Z%Y2<9?U
zL*i;<1h~V!qrn0}W;8#b8@8%Xea1oIy{asU%yS#r;;vi`0!|TmI`s^)170#1Fagd;
zCSdAUxQPPmg`mHnS7!0&$04Lf-dzsfvxB}T)&=;A!3+*!ufJt9<Aaof?OSBZE%d8<
z6`7X$x6y-Nl)4sZxJdb{jpf(?^nIMcU%;#Y0Q^y>Su=*@9vzXwz5c78<Q1}?1oUv@
zATCSuI!FAP=#1xgO^)zaPk&g?)5WMqwQv4IcMV{0xXFGIcWIux6w|!upgD@^*If@R
zt)M3UWv+|*2J+gaE|AR6#Yx3=IVni~^`fix{2(nAqWOL55oqZKH&rDu{ks0|ph1ZL
z=p>2pS2xMBAF>+jN9Q(=16n@rRd?6{QBCF{MTOyL>hxPqtl+NWt>ZMtUu_i2lE^cR
zG9TX$$3-XvI$@t6Gx*2IaPkh>0^3Rb>jJUv(v!E<?{stal{Nkl#R(a>_4^jzK?-DQ
z5N@BcB@6Dvble$tqXf~&23h{lhgiUyKu4Tz3#WZ{*e_}WN8$fr?X9D#?6&q{Ku|)Z
zMM)Kq5|AzlMOwO~MFi<?WCI2uDIi_a4bmMdCEZAOmo)6n-u%{$=bY#9dCzZr@A$s&
zkK<rGXOH{7*IaYWHP@WibuE|=Xjgxq1a*bjOH<%P(gmtuNjVGu1_&Q00Q=XMD!TOo
z8pU>^_Qb!JKHzx(kja1Hc>p-iAQ@BnJ2VB^dO|ZfVB-5k*Y@6R06yH0|G|d?QRM(m
z_x=WmDk)^R;{@PS1EE^Q-$(iv&PIjcUpNj3{b$t!@b8&g;vIp6pPuP`k!DSlTyUS`
ztW(eg5W+t)X~2g8DbSk>TVMFc#XtX@AOZ}NqVy-?=^zKVI=pP524aQiUEX%w|J}qi
z3;hB$82*B?_343`a~!QSs8j%`v!px#<A6|Spxg8}n5B;o*>lXEreq9dz)4V!a%8?h
zwF9O~2L0ck<t_HVVgvjSL=OPs{TI+A*sh+w7X(Me<V(LX9<F|W!cK3x{x0HXJ`faq
z!3sfG?}>}M^Xa^B8lw+l`ZK#xaf18^3qBNQWzrk49V!c9Z2kgk`AkD-zDiWiHo*Pm
z3YV7X{oh^*^@h)w2(W+>fU!(g320dg0BVSi_8%N&YzSCIteO%60E;VP7YJOs>A8Op
zWAs6T;*uBc6Ljp^Ct3qJ`Ts$#mR^G%Y5b2z<^ybc4>Mj;0pQ1!cHI5(>h~AE<QruC
zV=SN90OCUsOYtE9j8RJlD1xbCyb`jU209ib9`U?TjQeZOT0dU$E4_UWkf}1mmGpjp
z=ukB`)?bzZfB8f3wEmrK6A1Pv1i}8yO{I5C<nq~SpKMj0wg2J38UPhT`MX{Dcl-K4
zu*Lts9O!?Ex&_<Y|C0m#V>SVz_Ut{Nbb+(zfPnNrCg8RbSOf}*Zy1sQFa)2rB`Xpj
z@mRB|mOqY}P(Z{2J}U?u@t0q<`+OH504+RXRhjI<3r8VZ*NywrQJ!Ez+!!GSkehGT
ze*gYGHpAD~m$T^bt_B&Knn|oJm3|g2n4QE1|BCc=w4MM;{!CtsS9$*%+@B{}7J%Q~
z$OmxG|3dNsHvBuu=Mak02MwBL=zsGL?Asp!MkV2O{3Dnj@Z@>}Hwd^&v}5-tdFn0X
zagRhV&9?za>UQ{3D}c}y!Xp*14PSds{^xKpF#vm1%+(A4ap_=pf3qv*_5Q&ZYJwO@
zvkYQAbHq(Qd}K0e;LsvdS<@MZ>coG=u0IwT7y!gRTl&W$(}j3)Ir7w&z`*&<AoxnY
zlvc&NLa#w~UnM@Q%C6q_mVOox&|sKqC}st?*EB-Foh!yZyYlymB#>5ufSk^<81i?$
zBg7a;cv1k%<#C$QHgD-G(ygdJDXkC(7+8(^D?@`0h+ZyA|F=&A&%6Y~Sfms|PoRuZ
z%gw`wAg+-O8B~88BiP2Df;jOXh7}EzKl~Sqf$98TSq#+J{~eb8zkU{E*?aiBK+@!B
zYi@3?>&1V9uQ@T1)W{$Ffpv(bB~#b=543d^*rYC>VYUmrhG-=@YJkYc^%9iqG?@LQ
zh5lMd7k@njYt{AU!va7|&QVQ2O&3C^RK=UMj9f+^Wd7Tt19?>wL`L|BHA<B-1}e)g
z{V}Wl5N0*=F%_uT_xgY@gt(BMX8Q3Mfj3w=E2rJ_PC>oO@VpUVIb#Ycr^hWpwb}$E
zu^fi;d|S&vz=Q_^a851M&LFKzK?$p(+C@YB`THgasaIINOzv@=S!NdW@Lqw#YEg)r
ziijq|e9X*Yp^Gu4XXvl`kmA}e7eGm_-iL!-AkW>bn6O?35EFf}qi^?A30wif%^ZMN
zm$e7_m7z{e#ZbB^I7=*p<9$4`(h_tt`FdSjxw=%7;X_dsU%!Digd5m*xZL0+9kh46
zRWnS;Duw~#SirWXPu;Ra3Io&>;!i>S-wFb`kW`3~xq+5KsFqdv@Omc_G@bcqPMWT4
zZX7op*DsS6xk?~~lWzCrHi0zjRl~3M>@PJY90%p&^_$l`P!QTo3)Dn{*~VYc4?C1k
z8HG?8Jv+`bKz2Y?%hF-^S;J9zQ31Qkfxc(TyQI~}C{W+Zt&}cuvR1m6+|;Rm#Ocs0
zd>jKHSfghEN5|sijr+@UFCv*6^oX=fPC*xH>9AL9IT*(^g;)4w_N__BCniZze<d)%
z^H6};T}FP9f?Ap?0748+-GrGwj*oF?R4k~y%p}-%FwsZp7q=Tx@88@9P^Z4GxbnLn
zTyn`;GVuMeA_z}94Nxzpk18sMCrbBwgeLZ%u8c$NWp~fbA5bq-1e8nTvxK(*UFmk^
z>wpz=hPKU+ywzexY1IS$eqN8mY0XBsx)4U&)_Hzu4=03h_4on68m0`OTQ|pIa4M@e
zC&BI>HU?_N-Gj*}$Nh8$;T(O@Fhzh2Q;d~kt8S*WZ@;q~3@`^zw&OhScmo|A0K#Yf
z8wg*u(?^vBz@3#C20uk%9aQ)E$IhHB^Bp?z=pxmN+#_R!Ju2$0%!7GG9)Na2)&)Wt
z)O=r3yDbvd=37U)cU$NiC1<%R>x$k^I*4o{l%h23<>7%t;9IB#Bv*NEVStD`g&Jrs
z=m`oT)mIgiKW47hb510!8gr{Cp*J9Q8fO@*vXtMVOq)Jf<0Ceb#PZM+GUTG;UWp>c
z4ljEGcpFE&O@kZKsVM0JalGSoE`*+-?}Ubs_<Zm8k%k&#eoDn$7ppY?FXtJ+FZEkt
z{bGRG1@WUw6fwEGbjf}c)&bNgZ%xeWp)~5HT+YxM;UzFV;aUx^s|5f$Y2(xud-i3F
zYrjtuwa2C*dr#*iC+YSwz><7C-3|4cycmuEw|_kw?f^+W*@OnJ6FJXGpE&;5BqLLq
zAFrd-=V8D%k*)`g-HPC~C05mxRsbt_jre|r*7or&ecA_hV5^Gd-++x1L)bKcNA0Nt
zLOer{F9O+unSP-+?CXd$1z+kignDyBOw1(JzU~KS=>SL9qWq?B@A0}Fk`cPKC+EnS
z^VnWcsx;Ot@1%lCJ@Ad9ojf#!tTx@t*%$s4YgKv`V~WU>$2;xaq#u=Yj8zD=!Ew!~
zQ=VByWuBJ-X_GQo&vC(6gxR`a*NBWz2)G6jlPGG5FHrMS3j4U2pRk9zH;d<dDah%S
zt@ysa0BvKuwc=t9A!7fE+HT&7pMm=T1h`Zo+n9e2x(g*-p_5=aOD5}dduL2ke`*w~
zbRdlcaP^<2M}!4=T4j=wlAEydoi^cZyXrjiCt++aSGr=2Ua|JOkM98JxT_FCc{;#l
z(#}s<WJ|HPa?)OILgU(k0l+HnYjhSgf|~iJl82RIWq>J3K#1PfPs`Ho)D5Uv@67$C
z^YHfDMu3ZzbW;cadX1fND7t<lw!H4YdRaq5!}ET@K}((6eh^G}^r~r1yRtGhg(z7F
zQEUgFhGUo`fCW-a<$hl2=ug+Vq}Old)A2S%Ww<)GIbCqnx^7nz;guLK*b54@St<fr
z<HF0%Jz=T0<@-H)6hjL(k2_e3%8=DSWNN%l0>YUzG9h%)UoK(wzp?=j<_m=#q)|lm
zpMKug2?emqw{9J(NiQ7Zy8xcq3NiJ-VfkrkCtK~%sOrpykQL~qan_uSzWN1#K$Tkz
zp47{|$u<aSE}}JuNX>&W1i-SGiM};o3A)9#iQ-v^?D?({Fn$1{!O*0AC+mn(Th7jn
zZvV1=NeT(R;UCo*FRS5a8$wUGoYoK;ZMi$5TYMVYr};I9P7eiL93O7;N^PlfiLRZm
zzvY}cB_D>ir+$=9$_`7na}}s9#e)L=uqlarEL|&*>n;K%Y?M)>5Ll+Y<M)_HgDU1a
zE>l=ONA%Z^xG^wv+h_ECfomZ~Tr%FYNo3^j0v)R7$98}yFxJgf-I&}aH?vmUUkG<u
z1p-fBtRh0kGa5YRiIYtMuynkS+huygIW)R%k-nmrCn8<MKrlM;q1FvH{=#cz4*I;C
zF}Rp;i2UL?q(%G_0Huiir+Ny1lWBxJzY3aRUx1>?NX;)=LLr$8hwK3Wqp!3NzIpHr
z>`s>aN_x^>;C)}b{C#cKG4v}Pm^4AT_wExM^L@6*08B75c6jLLn!h?P$F=*elz8pi
zL5xvI@z?mD?f`yVNfo<zo>Cx+0$Yr(!+K6ut46U88NJ&y=ys*;_(hH<?eV<hVn6L<
z;!g=A>iz-{JE<zaBq|%t;<ljf*rBpI${zk*pNz<mAb;JcUqojM?>yR}u^Z)}_bd^(
z7A(@UP-}4dw8w>a2tkUw%E%WYOS+QF77zj|6O#^-r4P+;7XiR2uWj;&fC@=Ele?n+
z*5)w;t~s42Ys?<Dnpv&AcYhs!>AuR3+NqYt7C;jXEu+2cw43jsx1`nU9@Xt*WH5wE
z3p@b@{=tT!SMIy>EwQ)qChgrFC-yfET;7CNvxt4t1adTzueU&}(k+nuu-JN|6QK~$
zy*diK>7j8=xjNZOacTvGNbO08E`VuFIU{?+h^}lP@`iU_V~Gvp7auWuBS42_db@D!
zz8c$cq=nAruDp$Vgs^jcmRP@(C|sFB_XBGlAy=F_$I)9!tpyvvLV$1#{#Fh8SvwA7
zUo<k_)WG>>2jtib*cU{@-lFt&FR8lEi0(k}xQWl&CyA>J&NeG`2NM8Z09OX-Eb^zt
zlnocCjZwIi`2p4>5Io2hdRE<rQS-&E$0148rUhDtA$u|>UR|Sn+8(I}R}VMJ*-EA)
zg5L1YAf|yReVMfu5~Bt*#cHD~Sjp|u7SqXF($L<s#2M0E4O-QNL)co@7gC9<WFC5(
zU|~2N;$d#-&<1mVla!!^k=*Pzy+f+Ex{<2XcybQ#kL8Wtx%y;`sHc4J1^u@CRMFhX
z?@!ut41|r>I<UxeKML8mvZhI4T>`c7<e@y0{JwlST=N`cA){Fy;{DigHCl*AffQAi
zBnyN#k3BR}t<&_pzjg2)W~@n|>?11dBGEP%@RU1V?%4re4I2iJ`PW1v?N$TL##Nz8
zg<kbUmKs|ZiPDK|E5TPJSNq#BNrTa#p4!xlYoP_y4h$>O(7r6pQ<I2f#-1Ze*btfp
z`HTJc-3?FHtkm9*_GIsW_&agr_CI76EaHBVVTsmOShgn$zrRM=mwkCu)O`aGaef3f
zE6*-3Mkp2*<$f;0XeAF$QznEd$CD}@MJ&U2EEYpCG}-u5`tjk{`vr1)Yp9(<pmkPo
zMNLqkvW$w}(b*X4w5()E8lQobq0o!>z|AF1Y#c<WEi%s#?o`!B7{_iycD^&Gqq+{k
z%6DID4(SK$4`Q<vY<S_f*O-#qArYyQmT;8Q^mySp)#uqrR1skks^A;>62x~Hfq7Lq
z$ZxFAV4XV@)@THk*Nvy|yszVBGUx>)tIrbMZ?N!!tc{${N7iBvcP0<k2DeO^&(A#C
zgr>uADB<Xo$l1@m;f;z`25p6h;{xpEB3M2!P<K#hJbvynu85WeE{d@#zc`39Z;<m2
zT|&QBFauhOn@RCVJKapTIhuVqmMU4%_6QELB-?=8skmU?;K?c(tUhaQley;0AWfWg
z`iJS!p|7~9*`{<od=0z7@RlUs7zpTnDEjO$uoCfJzjNaVZFntOm6SE_NjG!NX9x<t
z<$z^)uu(3$;q80G^5C-$n{I!Q9{Eyg>g@<glG8NzGb;dR2kA$h4i9|Qpndg?xX)!h
z%bHZ3uiW<SNW&uJsrVccEd+ki0Z&Y9D=0E(Q3oJ+1bSv}XhuYX62g%%EzpE?Y&qDr
z1P}9kcl6N9>iUh&pr(G0f}}k1ud^7ixptmJ7F@cTFl<2^Cxnjj?nI(XS7H*a#G|;>
zW5KZ^(QiATBiH*{k|Y~%KjNK_mflHC*ku%UF3`5aon&0in)ME7kUM~15k2woEYPVW
z`K;1EgU#;x6>oipc3u43S#c_49>ZVo3U_K+c7hk`^su+#+%wC`F{xdz60?Tzy}3^9
zN|g1m+Y*a`mW>C0jkJ$BRj4)BkO(&dVEKj>8ut%(Lh&-0Y*Qxar}7`ntz>UDDx*%}
zQI&NWsHyGa2qEjK`HUUAL?i1)^H5Rkr){f}b7e;PNVwHNql4R^|3>XRpvsiV4<CCs
zlp@iF0M`IdNM(pB5YKeIoTkZcXJc|2^i?-mn{dY&l`_0Sb%fccj$EI7o`D+pJHkH`
zj{pTQ#KKr-3(!MBn&m`55vPQH9=cO!(5_?lu~B&HdP*2I?Dmt1J)1nGkF7}f`nh48
zOMKAC=pNkY8A!e1m(-U))|WulP_%-2;8yP}LG}YaJceXmlWbl6wns~I>aTaduHAma
zHx$(lo^0wRfE6>jB{KK^b7Mjhf~=;-Q=InIx73M_gTOBVu&EJPViEZAwxyz?z&oOf
z{-Wc#>qcwo>_f|(U$373JX=B47+>NCQ;c%kzJh^tW_*^@&nGx~fQOj#quFkp`Za0e
zqK}p}=#YMqXEGoTZNhM~-im^A-&QuIUQBIo`q9$NQHqX7LgM;igX|bu2u3~psyPj;
z-(LiaLycs%zu+S??#K1g^i;GjZyI3ALVBFqo=InfUMTzRYK#IlrSw1(vM2Tc!<m?%
zgX_2+MMXN*kfl=^7pWkc2lLQDQkta)N^0gTdai8P@J=1&C_hxcY+I)2$zWa<jW?Oy
zLrSmExSATcDVLblv5+<pQar*!+@yS+W(u_)AlY|Pxmn|WSd3@BF~fz7&j7IRPx#%)
z+T{_a(1N6BYhh}_RTpq<I`F`E&O&0^)+}g`Y5Y!#jj5V_@2QEUDNizz=&i15yio`^
zZ+pGTOJy}dbGWcl`0M<^2>T?eKo1swh9^k>)=|cs2XpEgJ3DUFD(`jVqr%j)EAVo?
zAH0Wh1pyee@H9>Ig1XfHhwz1G8KzNmqO+;UWvjuNBrlFz6OHkPGCQ8<h?ydWMMw06
z)IdsPN|A_4|NC-D?h{1e{Ijwx1^DBQXdDyM>Sw#7tQ1XVhq~(eWLS6A6O8g%;g)M$
zna>m6*h{q7xZL+%I99EN0{*?7dWGY>erIy66r#&d)QXOsYW>(U538?TihzYXi9XQc
z^-c@ZCBH*@BiK=SK#z>yo_7B%&~%A?pqlaq*{_4f#&5=x7G&uI7KvBL!?KkL+%h5@
zI?t{93S`*~U8Wn<X4YPnN9?=~mQ_=d%UBg^9M;M{doDALO<6nm=A03yqDPn%Yfbl8
zEtQegcN<mk-@WM4&lh}0jswqQhpHFv-T4KYiY{W6?x$&wkyd5y`tXfCN*~z2L};!&
z5UiQM0e|4V0VCND<@lRG-GAhifZET)vtMt<{i1+Ki6wIc*)K0E4WmffJ6)pv9gjYp
z8cjDU9kPGn3DWaw$~_@7pF<%<Ri@q-vb9bI-I?2ZGzW)K=)o>cWv1NOVk7e#>6a++
zP1+bevR!5neL!q2y5rQ}o&+#e@PeE0a;-|+CDQX~!zB%+2JA>q0FzFdw|+F3jfq^>
zJ1lk_ClkDJPHE?v59e$#7!_^&=7ik8&F&4F-()d3m9fV)V*)vcXPzw~)d3E4?9yq-
zm3qw<7}8-sfTi$Dr3AB2z9f6j>SKL$O0uBg_Hqa(Hocxsc$wUj@N$gMwOP|fR7+KZ
z$0W@jn^;;uXHDO*6>s6mSN*B&g_TYF&XdrNw$%Oyuzt6krf_Q?N4Kg;#8#3Hd}0}#
z9W$q%Die%uNrkGv*2sfXl6tNvzC@GyN{F?~%{++wJcohYx+$~+h7^q9;G>VE`0RzZ
z7l3%W=DB2|qT+r&(^}V*F`=KglA#kSh50|blOO{Fx)Y$TmjCu=-#gqBuO^E&IDOIT
z=$uLL#$u@3IlhWj+Y%-Aan8f*@FkrVy_+ok8K`#6e(q{(4GJB?GpRxBTC*JFBpI&B
z+70~Zw`~UUh`|D#o>m%o(b5?u7Rnvv5WL?1>1%Q7%S^T_e)hXn{bI$&q~6N6C0p=u
z1sYQWE1#idtsCW}vd3X@y<jWsF{so*r*!ct@{C&Zpf9kBy7U8D8mcV<;biIkc8eFb
zucNl6i>rM$e3~0*>{+O%z!0q?NxMFY9rNJXKsQ=QGR+eo-KmNUn1;usOW=6H5;v<;
zY3j?m4&!--MW+qMD<4BNCsfUjCsjVmoz|+6oT(7xYvs(B3KGtoPF<a4oCywjw9-iN
z^;S(anu1WPwGKeHF(kRB%J1bn9eAcpnz>0-5;L2X2AH76U+;J80AgLeMvok;;-lxB
z5LuY>;KgAZXuY}*%2qxDZ4s?(<}GU8kxS@a*!2`)1J+!Ez`@UXCVP8{Dq4CUr5Ln3
z5iX7L)YdmQVzG3|r+P<W@OKD*4#U_!!YzM9W?N$=845!MnV?61K^Bj~;sbnpEcDKA
ze7OK@oMx_1T$@$%ysv&BQTp6Bgs<pi!<of<AvBy3mv_0GLu02>=tfh{Jmn9(fox&7
z9ra=ZFAaJ=;}S%jMU74L6^T=mgE5C>3sJ8S5f8w&R8K67N2lC+k~T4k9Ryd<6j8pd
zX=N1^Gj5=mcE;Ty)#fs+u6b%R_Huz-D~nJJxGJpV)p<o+SI8SO;H5&~WK`LgqXloc
zCPiDl42jJ(Vvz<p;Jlq`IN0&CUZ@52fpuC=J+v$;qsl4Zy63g^t5KX*gPyR1$tljs
z4s6PTER~}=-D2)@iO=T{N&npQXD}_$S-m!lTd4*5c`ewWXQB2}!qWT=)>-<u@p2+Q
z>yjV$tjbd(M3)co%25RB{Y7nXQUQ&#Sc@~mdHA7L<Huan^_@CI7*gxyo^@hBFZW$B
zGF`a%xRqw97?bjfIKJ>po1y{xj^Q+8K_*mzWj9e;O`z_U;*a}Nn><^WZF5C#l;;gL
znBM5>6WI%Bv<9f<n(nXk^~0>ZY+pg`xMK*h6@q1(%P+O}hTGg=+CzO)^L(4RH(2sD
zBme$;_SauwA!P>L6&0Z7xRJ9<9Lw?`PuYx|bPhw%IVJLZ%>+$~Y)AH8VQ;;?o*DON
z>jLHHPm=jOcUGe!odbz<H)?xmB9}1Kz+Ss8B(}xuA!G@qP7V8^g6oVPh|ux8oQYRG
z2{~EUAT=y6wHQ=Ee<&GzvN|mJf-4=C(^`cVl2mDwe+Wp1XP)NGS#M5(8y_*Ft%O!t
zGI%f8G_KYiK;opx`=F}>+pga(2QATKOO`SFVW>x>Ho$6`?uXGKoML!Zqomp|Q4|iV
z$!Xk=%hV-+UmBoUp87$v54-&XDN8d^3F8>1nPEm*s-oCO<Fs0m_a<g~03p*H>i+9w
z1ZMoSR7CB;LT-9F1|cqKcfx<XLppVe9NXXx3c|%<>q9x$@;2}->Gho?Dn$$GkH(KO
zYQOwC|LoFP-3D;(?nNC&{YQdZfhJ$CZqfes_cYYVDnn#RDRQxVbolR6A$~Cx6UPzz
z>j+7*O+ig3#3wx8lgswPJ9YbIxl~rOCI+RX<>!uE-f26Ha_sd(A<arnl{ziwJq~GW
z-~e>y?H}^UC(|Tju-BYn<`j3aTBHXrbK`7~krit&pkd-{;ovQOF<mRU*&5L^0Aqc=
z2_VL6Hs4@ZHlnmiMZE_@iYw+Snb<!RpW6fzby;9)=bwQR4ez*bfT)LN7CL2R(NDLv
z=>@|7dS>YffErU!fL2n(JQHObM!R-rl%@z28;ry~NXq(Y>L9e6XK$m@DhSx3G;et~
zw>OR{Y(YsY9;j4Q!Ym?^PX-#%hG`mWo)6KSf&7k~UQVOG2u}WWo{jpjZ3i5uC?vNb
zX!GHd48U%G=^0??#jL5v=y~#;rqHHyOO*^4POqCZVbfTj7b24Mdhf?ks)h~o&9s~d
zJr(uJH(ok^u*i`h00RUfiSTEFpkne^<VKfm8zn%W+8PQ+%krm%HNIw8$rY8Ts>td6
zc3o(5)@E8{RQkG}C6m|<{oB5H(E`f~y@ZVh+%09vx|OR?{$n&;@F8ya2Rn+Sy>L32
zse8CZa?y#)dx1f1)Sn*<<8bN$fN)a$OyV%|jpen{{=PC;KI)~0HV@dEUp5ej?%TbN
z>602AkwZVKmqMQp98aueB~L%NR^A})q`>T*^6n7USh-(6_G6{}TtwrxMB3QdjwQ0{
z^N#wKcm|L^hl`)~s(o^iQ8h<McxHx$K;<+`aGEe{dq$z$5c~bQP?vRYqg9_q{#huh
zzOO);jV!d$pfaIh=D_AHTuDMiwxVc27A<RdUu8m5l+iB%cHj!=j0McN7@iDZg*9xH
z;Fy6c3UCaqy%;W9`hzfoFDBX;sE_ueoO+myOkeC3!QB-@3h0HRHKfhT{WL?k2UWK|
zgUv&KV*e7(c!gxA>3I#6tPjbQ_1qCvr|`mgTz<vI8)boOP&pC?($Z1lkLCujaOqL&
zYZ;>=Jf(vGFJm35>Gh;mG&_=5ymT)69c^@3;duH48o1cN^3$<+BO8lMW=9K|fhF&_
zDJ|mRQSz^E@?;@3dUBPeOjQ{=Y~0$9BzST4*X|BPDgYKQP2l*DwSnmrIF_(RYn~BG
zz%#T5D=p~W+efWxP?L_XxF;QNG|q(Ba))}=zO6_hyeq3xKq*rrJ+jIuzmS(o$gn-%
zt?>l4u*1S`I=m(@Z;)R})U@W<D5$HKP;)C|a*kyu5V39R1RHocyo5DZbE~O;l>#d>
zFaWOAmZt2Dy01PbXg$K87y*a%9fzT=_aBFukPjTkR%GlCVnqmn^-JiB8&HSbvZ?gB
zvm~f2LL0o^CxTSIod|7Klxqn;K_y^)Cak1?MLG?Cr6<wi6Q2A`8o0BessHF~2OBw&
zwR8C}Q1UC|$qqv){w1cZn-;#}E^?nj#C>F^3c<OQzStT4xfe;ucus#dJjhhgwwp2o
z<#0}Ib`ZR`TqWkkf}Wt!+xY-(10%$o7E~r6twGVlk!DDry;-ZWJnNzmW|l|sj0seX
zkZX!ZWWrci<4BR(d7_q1VY9LfUR@RxxOA(dFeIm*8h3pzjNYXZzuK4wnFkAVtdy>X
z|Kg}~J+#@uj&>??GE6a$LfQi<hzZeV<XRi@c*<d^zpo{(R?OjWF3nnQ&|U&n^Ha6&
ze%)bS1X{?r@?mk=1ev*9>~r6!P8NnlN0n`XMQg>41Kr`4tjrgq**>YMfjs3>kJ3|B
zj$(uaq{gq!W=|z<j#9b&WS3p02zjdVrM*#J>4P=tJ8U_=OZ+JRC!W)~*Ym$zb1%5H
zE&>MBHeKRYc2GZe<<1K{-%5LDd+RlgXTe>AD*{D~*abV*Sn=wDr}@rsfdOfvU`t0I
zw~5<3qT~gs4I^q};Lylzu0Z=qx4#0(%UBsJ$4hnDcAR6xpDeMH?eor2o)p$OPe&K&
zIj^85nMf-N2@YAxI@-eQ-<!-!={gNP+=9iJ|D|8W0eaRIGHht;<7A!5H}f1iYuh+G
ztBl>ADgqSNg`N}G>VVch-`9!>%g8Z&c7jz+bUiVqu-%iBs(RCXcKrjq92nEk`JtcF
z&5w-xZFOFOa{RepW6i3n*@A{IA4`>^nntXo;iRf*s(S%!Fz&rOXNMYOFW`~tY4&Gh
zmXprh^m%(5@4nJdmBI>oC^!oZDh@5ueMkJf5;me$u{1t0WN(UYle4Dd;nBZ1x+ISK
z$xO)H%d#R0BuZWy$>*<jp3W}Z?+_IkOPB90WBO!|V_%M?e4fpCH)-}mr7I0%z?IZ&
z|0~$IZx~bGyqWcR<2n;i>59il?LYn^Os8;wOKPx8X8arx{~#W^^Rv_~B5@P8vTt_m
zxsvFz?AF*@JLc(y=;9)xIlwD4*lUQ=_MDrctuYZD%d@emwxUl^S0I%5T6GuJM&tF`
zZn&^+TOIj=&8s>=3FR6$e!FpXnj$Y~CC;K=>fYVic9eFT(`eywOq8fb&ZiYwRqev6
zdE5yF7Az)Q_WN$w{O$&|IgA1KhsaJ@is}Xu+}CrQ`9I_k1*#wP<uwKq2|?mWV-Iz=
zZ6c_xJD08wdWhjK!sE#Um}RH$+jU4Bj``G`o7Y#8pfmbBR`u4k=5orjJE+`WO$()_
zPZ);lcQ1IRH#!h~oh<oTqONR8v`50RayOhLSY2M>?y1y{6RAWeV+X_iy{v6k<knH(
zHjhN}>Q0DGN`Lab&GC_MCsE+~0M*hngxI&jyPv;3S%sRd$~~N()ThZ`i9AC1=dme<
zvzTmQIT}s<0t@x*!<EyeB@!?tZu3ot_DVl1>~yFX!sMQT;=MCFG;@WNwOt45+eu7P
zTB2dVzg57H?xjFHK{J8*!L8`r<2>q^17p>}&|K0-39Rt&!iRM3RRQ!^&Rb`i!5K^s
z;BOj03o2+M?vS9t{m`6(yvXlJX?CwI$3zFoL@p)3H@VI@oDeM)UssfI!{F(GAl>5X
zbmR^XmSIWYwz|YX`!PV}CU4GJo*&jot@CWZ6pw78yYq<9Iv|Ki^9-|YxNtHHTO5ZO
zUi$^=j8k$i!SOdN>MQ94*KDd#QD)kvJQ>tG>SGypEmB?^Eb?-B%jCIMw8^Vnk5%7+
zhG1LVlMlNOMqZ8AIBjg=6B9lD#yAi&rOl-DX36#S&5bNwz4GIX>3vWruSBvDNcKc-
z#JgjsO9B(+xY1qnAg~?yC9cJ?cLTuERd4WIxs8U7Ery0M7~rj=p`)rsl0qmcu=;{-
zTXt1hpWuU2z)>3be+j(B;E<SEL+HBU9SjBG>`<ewIxNb&wyo&NnFQWwn74sWJPu&Y
z(-h;h8K<V&mZ?N%>M{o?Did_PN~7=7)2E<MQ|C0o1wTZ`PFM8CPB`#X!^b1EU4P_B
zX|&7=usN?Nf0^N4d<%hejCbaD)0PJeeQKP;20wCCghC!&d;~f45xz7kr5NZ8JfWCJ
zi>$K*KE!AyWZ(<IM?46|VPx<p5@9hcB*LkE*-}GCkD)O?7G1w-%**hDyW#0mKk%zQ
zM@;`FGr?$0r?1%j>V~-nX<#ToNU=9M=<4tH$5>(nbSQ`G6x0y22?&iD4T@fT_o5Uq
z;%TvEdJ=&x(Xq)i#&w_^B1F0WFBAUD4w(#JUMw*WhAXdbZhpD{SXrcE+$^6BQ%gSn
z7v<659dGZ55cbq4@Z|>w2gVC!F&T2lAt6%q7jL*QHDpb6?4f9Y-dXPy9quQzRXOZJ
zIxj(Eji~z0f&Y83zvqp>)E#uv&EPt>anaBj0)R{=7>q`WY+L0sjNgN~m>uxvZO8>U
zn1}8FY#9E9;r{Exp3HJ1SqZSby@^}G6^y|c0a|jGHR^9)2L0&|Y3v5!I$`sFn7QPJ
z$NyxOZrir&?e9<j*KgyJ&<OeEz3`r(-=2L^oUR&M35kckjBaCATRXWa_lMQcu}{F%
zE(|`OAQWq|1EL(=U<qR|C`%dL_|q^x2%P+9)g5IoClV8>Dl(NAKYcMX>+c^R%44xI
ze9B|>&Ecma!0IXpHu!6YS3*LIj3&%?{$;CwnSxFnSmH<3T_$k?+i?3fQzLsaTL5gO
zcLDq-YT=tazbEo9>nXVa6X(?8g>wTF%Txy4jI8w@9E^6FetbQFu-Wp$HUAp9bO4yR
zaC<4v*4wjm3jtMkfO&w9yF=!UKjzI_j2XD0ObfBun2&cvl&GXu#Kq?-`{(?7#vqpm
z&;3XOO0aZGAuod-HOaJ++KGeD1^Cx1@~r<b%@b_kApW#OT$j)pIQ-r%FS0?9w<ld9
z|M*=xq=V1oLT7XpLxHo<pW?Tj_+Od-!%pdspSN_VJ0H&W^jx=4Nl{|tD9FgjcxfO6
z?l@8Ye`)GHGF#qP9r+xHt;*xouh~9-+3jM~J~hO^v8MDsrlVu?%hVV*XP;puH01B!
zD0O7Q=)pFw_=ne|LsPkSa+h9?z*c2XvN>uJ^8Ns&Ox%AMTM#mK8yS<<8}Ep4zPlB`
zHb2#~pWg5(ReZ^v`;VuJeVzv1sA_|sE+B%T5C>z@j%<Wn>8>vCKYmFk4MG`aVz{>q
zHa`x3N;u9bG}$@L@kak}qIG%jp@&CeaSODw>1)xc>fnb@W=ZBs(Esu?$V+cO!eG%T
z?1)O@$Sf`WuC2*PBAaj7Kk)6*hhZ%F64DP+$z&CVqIwwE{A=)5?WjiYG^kAT41!cb
zVf;UD1<wJftv)84n0MY0-o(tY9~-?(wetMqGZ4i=uJqfKf3DTrO6-u2lbx2eNi@k!
zh~D!;_rp$T)(dg_&l4{Ka0E0x5i@AUY&7UuR{^YYAM(YB0Gr}Vf4%$SmqB3h|0mk8
zUxcpCe}*o5D0J;neC}GJo&AI!A?t*K!i~x<tMlK70v-p#4F-ecdqK>E<{h6iXyYMr
z5m^3n;mJd^1bNt{Pt~t66F8r%<n$OoSpaiG%k@7jgNDHYnRsCSD`a76HWFO=Zf$MH
zva;rNS)G@7L{dF?6JL_q&@mGnJ&jm9!9y?@?4pgR|5!wQi@-q!7x~0uJEfYKE&-uf
z;HUSmC}>2nO$kNHHUIOK1i!$VYkT|EBn-qRLWwwvi|J2aGs}M?=7d>cP4(c?rAsEZ
zwhs_|F9AfktHNrc#A`yH$BR9e;=RVj96U(GHkEyn0u(g|$H&db#}A4iL67fU2?9of
zdbkyj(J+p|<Xo?O90Xnw1f&~>AAW2Zf9K@hq`J0dNSga@GLVVjW`y^XI1~z2YTT)T
zV1I2BI);Aj!lggw;7CuJ*(95tcgOK`1_;Stdl%@}#C=B$vxnPmh$Q}lH&;tjn~*LK
zzC|&w;gr9(IA)Klr<e!!&|5Ks8Iv?GBI`3wqt;*Sx$eV7dGL(#KJ5qZH}M2z)?TYv
zii0Txm(jzgE9K99E5_QNN|;^0x|*EIdqqx6x(i6_R3J6&y{UlrGeKV4LG|P2TknV<
zmU-WIkDunN=gU9iy9<S~){lbN>0)9#6Vuc3CWDy`n|LR-LkUk}wMr+t^N*YdMe?S~
zF0&A%Kj-7Ua3HZ7Oy3g5O;)7N)AOj!nPt|NwTgn+6H%9KN-mpeT^O45sOPhhW+)wa
zv7%Y!h?#(EtHMu$%fS)<!s=TMA+!c=im%^RvcV8N(#ZR_766g8ySuv;8^u^^0v7y*
zu*Xq;IQz)k3BK5Zi4pKWzBr$)DM^I*1ftYHzcOyiq+MS!@JFh>wn^Mb)P1!E<HFef
z0Yj6D``lc3LO+r21}qDZfxN{$u~!ju%iYK$Ka3?cRpsr3)BP2#J6R$c9L$)v31|W8
z`6lT)NIe>_Jic?!#QG1j3<ZjL9p#z2xF~WodurS;2IEV(uldNMKOJRd(Y0*l64xz$
z{H#CI^|SA_4+5n+E*zzJweec-TX+tdm@fRQ4;!=MC80oly{A@EIqQ)<H&11nQA7U<
z0Tu>9wx|y&i)L(8R}i!n1ciS>(DOQpXsjfsZJCe1Tlta<*sKYTuL;ZPNM5`M{?m5&
z7<zhBN1dgu8qL8lbSHy^%2@P4A=ijCsv4(nsq)np5iwjvPV8JoRtBmM@>Ntqh!3If
zA&>ROq?GWk@ux)ke|i4(*Ciub1HRGAK0}a*uoM1pn+RqC+_uPlNXh?0;!O+Ukw{#A
zR+F`XdLun$5DTB8qti!DRu$Kt7;81U_9TmrhTNaa^!VkwIg>m8Df<VnjB26ac$D$^
zkyLxE<<A3rDE2C22n)wsKFRJH48_GGbN*@EPRv7Adb{rzwAg>K6|P|r+M0jkbz*q`
z_^IXMv-mHCYE2xm-ldB9EbAZxmbv$N@)8BF;}~5y{7t@rz+vtHmt)!(|A|d}uSs~f
zzjINY0N%uP?tPtT$xv0Ci+~+0FQ&{NaD6y0Q_Inr?MwAfazt)5@N!5q-wd8HtpScS
z6PJvFXmEjK%kP!<omq{;cj(b`W^7X@CW+~6QyfiC4h`kU^Vcqo#-gn9wqW(=@#@cB
z2)?3xNlY_3aibN=deMAx7(UaG!{NS-T+BpLGKXN+n}&#PW4tnVQ;hD1GFmmp=H{;8
za-0oGOt7ak-&DEc^W)xU^~{<Y_ss_#PJ{g%z1GLqrz}UVof((-73G{$nNTJywcpV$
zy62jJ35N4Lj(Bx@yS&=Y@fO~Vu2+${X4{Hg$uM9&F63)o(i^n1PqCJ8f(XG_3Lz&^
zK?gVhju0@G66}*OK2-GVwYQ^Vx_l8l*3?L5K805kkK7z3Xnu#kZtN3L5rPj~-3flx
zgHUQYIQ>4t9;68oZ+IFN#P8f2aR4hqlldZ0gb89ly^Ow8r_~5c+Zrdc8M&@&#CvT@
z<d*pI^vdLjaCZn7b)rY3Blg84tP%f`NRSA;5l+nD8Et6z7F;Bw@Rpx*rBkfw$1T(8
zDKOpn=f9^LYzD31;fwNOdGZBXrPKHBA7#lG+&W2Hqp0E9nY&lsC{R!v-@<i0eu!h0
z@?uXMpqtH9Whw^vvcPAF%<_DO>Te03728Le{V2=<JCME>$gHX#*VB9_%FD};cfF2S
zBM^gf6=gZF%tshUz}-t23N9`N6}ixs3aoY82E$?`zm&!81Sc>{by2?kt#raiYy@Pc
zI6rSW%lt@UGWO{dH?{<p_hN})<H=H(C8oK7&R};1jHGK4jHCyLUszc7#Zyd$AX+Da
z_6YAN!>z5YQn`1v>@|aTR=S^EZU4Y^<4(v$<krR5_WR(rzx?t;uwNPm`LTI5=l?vO
z{QJpZN&MSJ5}zBr0<|iw-)<?)2g3@Ux|Qeb>htBP21noAf>KTH%RU7<JUp(6^)Xb=
ztK6j~<$SI0?MMlvFYX?3l*PCQ&MLF-WbZ+{fYtBG1;@PwX)4UUyWkpGi|(eT=M`!v
zuerQXx}{DCNr&F3<fUOxBIM=(ikqv{*pR5=Ip)Q_{glclDM>!Fww9su?Vt%j7`Ek5
z#Dv}MdkMvUPCrezYH$>MldD+@qRAK`h$aFTuK5NSTNJ~({JN-A(|SQ82XaDVg-;qo
zxSRPthn$HB2fEw?^ou#pjPs6{T`DT%ALe~PjY*yejsWCS-^=xAFchpNGdJ_WW3N&E
z@mLxR_n9e=9Z!>qimlf7QO8%OOh@p~gp<*UHjMj&{9;cF<cLdg9WFNK=Os8*Ip5wt
z4jcnyff6iE$s%8_G2T8==tYG5!P|4=h4|=Myw<AD8ej=u4gpIz!Fw=~o?}F6b07oJ
zT$6eogCGVCm|*&Te%<IY=11?+?yE7i6}pBMRx^S=`h&vdeVl`vBdGhT54Z++h&q42
zRt1}JH2z&eNQm2*<D6Rr=jFu5pJPG%&5ErzK#ddHc9hD@OM^EC1zfyQ9C*`h;7xws
zsW!g86|qz<o7}*wOcrKE<ws{bUJELgMPpfAiFt2@FEb?A_2wcf{kZ$ZxbsG-^Va3T
zaqTb4{1H6Yk&i!XU7Yezzoy3o>gIL80(nFj_&RVnGU3yf+Tgv1en>|k<Cwk>m`$Go
zh}9&2x9szIOgNl3{u)J1K&LMYe7Og;6Tf9*I-kfeDIRFXQ`_s#rp%9nz#fFg`1A&P
zG+tJzgAYhTj$U39ZzM2<u6i+(tqgVR$L2S>n``qH%$*kT#T#DnWB4(tT?DMVm?MRH
zHWij*=9AGsx4%+!`F`DC7+5M3s4U$|$xO34H#1`Q1vwem)<rNUL&>(bxJp+CB~Be>
z*$KS8>47$}^*eC+Z^F&Uck9q@t_|FK1rsE;FEDf7HZ@~ky?#A*IB)dl$00rETMEmr
z$5F{KAgv(YaE(h4PRsbdIgSc4d%<e*`xW|_2cG*tDUr)vujFO1nT17no(0@TY!J%U
z2WJ4U6q{f9{+gOESp6lxS3fwB5~g3rAf}y-x}GfjDoSgp`hgDT>tL<=Lrvlh$GF7$
zm&<b|8iu>vrQ{A5=fdZym?JhnO?i(GDWXV{8D)C>#F)_U+RD0p;d=_s#k)dxz}~;y
z3NlUwC;~`=T<vL)x6X&}^2y^5Toc!*b$PZGz<ugnney>%p86J1L)P1M0>-_nFP7xv
z;Q?)jcxKbpxL{9??WuShU^L_){(-0W;r`S8A}?fT-PscR1*yV;YXuVd0(_vttsT$;
z<iL0DduzWT6dIx+utc(-qv+Y;d<dz2Z$g+|#|b4*NQQX1Y*2x#zP^50c*iYNVD&Ti
zwhql6Bz%PeJ;FF3T^tWc7Gt7n`$v!xQW8)-nAnHpe&R>#x1D&7TRsr{!l^P-0}+a%
zph+4WTKDci%sqZyZFW!r@!<a3$U#{Itbv%DKD9ggR^QuPdNLJdp5{2ghk$Ib*|gXC
zukXjMtTksWG)x{HHeL=uxP5<yiF!1=D7kKyq}E=#*!~R#lYCmuuWxwWyKOWEb$5l)
zfV$Uo3-W_y9RM2hLb^IuWbRF{UvFt1hHcx6YT_?N>)L<VItKKmP^}6}t!<;lskt~F
zi!K1ii<19d#o%!=@pZGLlWiFt-_;x3Uu_?iCAyxS*5%T`bq4zh$?O9taiel{8LZx3
z+p4%CNRS_kv<4-#Q^%zf=hm>c-Sdih8Q<$fd_Q63VVgEP`U+4XMv&;@h;v`^NwJ#f
zsvqNKF0d@!D3ptv3$K>Meu@J;BNKDKi~<wvI??~$8^EsfWVRU_<Q3yMmQ#Yy%W&I*
zZdpM>s@zce4C0Zps$V%SKYV!KAv!_Xxl2{?^yQKFYt0|KE)5$u_xt>o5w?vwh|;Gz
zos;2q>%|cEd>osSui~!qUO)+`9H}uJxkF7^0CeByjmyc(dZqS?h%H0}Zi?6;40UbJ
zULekKJxHUmf)sU0Yx`Ex8q)!@0W`lmsWsJft1K;cn`I`&nqr?+ISMmj0>#~eTQ_fZ
zrM5bM$>UJyxb2ARa}P?y?>V?eMhAMU(r3H#;JuHDp#rH{A~95!p#{5>Im721845n<
z2_~7i$HRP%ep+0%PV!XKaT2o$8sOj*ab2{zZaHQ}qOA@I$Rh{^0k5HAsfY7o4&NpW
z1ae__NdsR|nlG1abA++k3%CsDsxJePp@iz421FM`c1ml1TTxM=3zr1)&XPEHUnM$4
zxq&{U!9dvEbh;8V_rU;CmLT@^y2An+9vXO`U)N;yssGy<<hDyUp8hWkp$1EV)5Qom
z%YL;qNaDQWI(io7H6a2<x#!<~+0t^<K<@i;XLwK5z0<h~O6y2|XaD&X(197xOX-)_
zYg>l4^+}FnZF!2(sL=x`7_USS1wOu$xj2gy`fUsnpR`8I&ZuqTjQ~OLkOa({nwnBw
za?h5<V2Uf}W;K^JLrSC9<J&UD6ZiXxJC~cP&*Vh88&6Kv`_Z|BJ3N{Ed2ha2dQ)+!
z>sy6i(0=|8GZB7%Q|@aQ!n;mrm<i){){|BJb?fRyoSM2Elqp9sZ4X;tgJn_n4O~`_
zCnu;u5)|S&hiCBR5Z|p`ybDO{Uja$%8GS{%-8G?jUaO8&tji^S-2-;Rk$2yQ2p>J0
zV8KwhW-CBXh5>Q)EJe4SQWHgXKPZB>>e+(4KJxuh)l1ZV$!klz8;koQ*V>-bV01%e
z)$Zlp^+GcAEI|b)3sP`=6bIR@AOn<%LSb-7p^5&1#=NAwu{PJQw)?m%J>x?8w#)U$
zg**(2C;j0!c7&G>m%T5|zsb*ZsXvvc;YK2LHU<2s;a<z@dFRRx&*|AceFgSnL)o_#
z9gP$=woP_}zTX>{A6TKC9a^ULyezyQ+sh3#HLb2d3V&UYN<Rl}8aGm2Cff$cxKF0#
zbm)D!Yu_V+u=Kczo<&K&&Jgd789f7fKg&3Zu5UnKfpMkG=^6yQj=zsCmCOZyNEf#I
zPPgR;0V5RZh$uHF6`?4v^Y<wKJJw|<ddD9Zo$+<Nb?6;QjxU(t9hx?b<vP6W)_O%G
zQMf(CU%dDA2ys`S!QKJqtD6po>Z7rNBFMw}-N9+EgwwCbUdDxuFxU6_iO$+Ddypr!
zvU^@66r*1_O8d;5V^4?3d%BKEBs3Uh@=({efjo3ebHN;Az+RuM3ZyVuz1vD*mAc?3
za*!e^pwdw=O@hlW7tO{4CXB{PArjIS0~c0MFB{@}#JKeb>VI1DiP7Rr&%|Q-x(A5p
zR`1#p1RT1kTqX@^<%ayiht1C*TB0N&!;-9lL9*xPT0k!iZdGd_3C<z)RS;ZD=ZLt;
zBDe<B=@a#qq(=*TuLNg#!QVH4-DR?`LSH7OWsBzg#E(=Xirv7v*Asvd66NWG6cbM%
z+RZc|SB&o$)vPl+tfu&BP<|K9e$BJ@p<^l9z*>JdK=Y>+{V8%Uy3w+-4ZZ^;;fwLV
znY#cQRU9OpeDn#Dy>B^_metOG*DC9c1d#Sg>T~d~ZkG=&TXFiZtO;w1%zY3E&c_kb
zDAyly`r*P|JtfFyluo^S`C(dXpW78`*U!og$w1=PZP^F^^=ynxP}_#zhkG0&t~D!*
zE@OEf1`p}3ZvsuWVma>ex;CJW)f;n-f;T3*;UL2V@O`*tTMNvr0-A_urdAM}Tz9o0
z?Jmi|dG08Ut#En4%2Ee-k?-QW=nww<ZU=;bj+%4E2Y={zI{W7PCP-FzptIGrzPMQu
zP|HiC1Z%~?=whva#Qt~av<17}E!M#;jn6d>o%mgSN4xA;B2ic~$R76Y;|34o;;~Cd
zKU)&)T6Z&9iGw>Lxq7R9=4(6U32!#XiJq?|FMq>p(0;hIcwB#nSYS^pC8ylDVyxcN
zH8Or4&FSZ}O6$ZiNR+R=*L|ea5?u9n^@CyZ*&>4#roX|CjYYLBD+g8KyG6VU^=T^+
zh$zdB%5g>jEw&2$NbRL|Qu^&F2<N`N0&Wnv&zU<@x5R2==O?Gn4sIw&EB<!ZXAY8o
zC%yX3h+Hl;ELC0YMV`{ySDnF_Gr9(tD3KjqK=V6XI|OtE#WV=Xh%A!I$hKv$J#%Se
zOt8CuahCBRol33aGVK3!j}^i8NVYm~QFN)<4Nx^B3!+BirZ!&vtP?0v#CWs3gZQTK
z)1a#8q2NlgXaXMdy_eD?dH32BG&MEt$fGMDHgs$+?5K3k*4d!KygV=F<_SbblB7GW
zhUqeNH0}eM%fNQ4MoKQADs4C$X}D8aJWNEiu*3TAB{;j0-rJ*&;7{{-_Bin!pO=Kd
ztE_hqabCKIHlJ9mF9Hq`ZQAjiBRetS^LzH&uGQ6%+1fgICM${ii8X@yI;QwOlAwI3
zkmkxcvjGm$(XY1aK_X!3{YL^?PHZdZZ?UE(TsPT&&RRNkb$Hrvv5Uf{YtJVEru-ue
zKY2go>D6Z{Dl0pap2y_-+Yvpi8dQhhvSL;q9{;j5TP#?1YD>`0_v$jd63f@HMi1pl
zWicA1ZTVyh>4CaERB}!IMf>2Q9_g3i_QjO8P3XM2VyZWEl`$5fX}2D2fMbMsi9HSr
z$3p>aLq-jY^<KWl)9(2O_E{2^(rdv;uy7~OK*Gbtq8YNNsPe?`37V#3L#p1Scq6q+
z@<BR7EGQjlafmD5hT&jQexMDwYA3O>5$#Fu8g+C29SxOcnK)xJW9}-%P7|IgAfkUH
zyC7X<Cvi87UE6fr7xO00Ln!^S!VI@ynS1i)BWB*Su#ey(BdM3FT#`=&+9W(dbh0ZR
zv`j4gN{Vx}2#BR_SwC%8QVUN_28R#}EIJqc7;%}=%!dz&Vi&n2&~yC#HWT=4l7grE
z?INN3K_p)U8-SZ33~oxGs#2wINQf}mKMlKAs7Mux!(R@+<2=>lD_aEJ9U-@ERBu4Z
za*jIMsr*pamf*cGk&bx%^$pgt#|$E=;6`+1{gxH4VmR}GzIt=;iNMi(?z^9E^bd}=
zV%N8{-^FP6#I`%Fd1Q&;9}2Xq%oE@FQB80Y+CK<ySO$Zt#x29JMd*kc6!iB4V|HQ_
zppaQ80{Tee*2Wf+_M6yNeMrLC=%~#!VmtH|j$3U&q*NokdfA@=Uy+GP<1)DU2Cmp0
zT6khrd}K7HmXjE@`5dIbV>Yi;O(jz$+2CD>(ks0uL(wm;s9SFeu+VU1cg&@BpZOty
zzOI++$oFbYa$*14)GH$LSoSYkq1$xk10>9earq6|$b_5C$D>$K;#Q2a(pCLKp@8&0
zwj7}C`ki80DFNdUl5T&!CTC!;cS|A+x|XH{L4*de@gtuSSD(xWc0<=yyzua{^t^0p
z%qDN3(*J!22*;@gJs9{2T@|3WCDTSvDWhbM-v}KsteX8pWDW?Ushn>%B&%grSXbMO
zL4y2Ghc!Ma34Kr~(Nrcbgs8;J5QA}WR4pqqg?k$u2rSrYOrL!@pw*AMul0har{(Ej
z5HqRWAm<{pdzB`)uTH(u{W}X`p|8{Jl-1|wd-mG~U*$i+!hvbu*#P%YF)GlgmYCph
z#%X7y@{VgNd(}uX49V1~JPA(?Qme3@GT-rmP@3C*7zzb2rB_CJl~fN-dJV$lD*V&7
zX*IcrW%@0NRva61pB@M=<MF@9sFSe{h{}|c5!(yI<is&%mepmO`&L}EtiOwpb@O=m
zrptAF*{yqS#W2ZpkPI^}3=}T9R}YJeZlS-jlytHJH9-!ee`HO!&%VV~dOPe&%skLU
z+R>HFpI_Iup0=CM+bT*}%BSwKC#+iwenk>N#;yk!b67`6QEzG%){P~2j<lDBnq#Ke
z8@)fw!Q+QchynP$?)<`MzrKH$V~mYUGn461UC8u3!3fDDuLl91#tFrhv>WuIME@Lp
zfXw#bd2St_JL6H{UW)0se*h*mjx2LPhf*Ph=D}z3&fOG7VzO%sc>E>bSrZGcJP)Q~
z>1bToYm~;c!(Sqb{lp->1TLwltcHEtr+@NWu7SvquBu9xDYp*r$1O3#Dm)*_JdV2?
zJ?SJzGI&tlryx(IDkQ(4g0W~XG4FqtpV~m0lQzj%7)1Y4jdnJhUGFVs^s^)i31%i0
z$(H2nSxo9uR8F4?@QZpiOwQN#Jpihx;)Ocn?9lp^L*Wsp+FhjPhj_LUxqkM&ug{EA
zcQ_21K1{91`m)}UTLOWsw%cWCVzE>d$Ov{rI@~l#BNM~eT*GCt_p#?z=3WLvWsn<C
z8RUjy=#C(vZEKrFhmId89{ekI|K||*beSX<q@C^#b6Jvm!=_H54x-NCT3@~#q==TG
zio8xM1<va_1BZ(|kjh$^O<!9)k;1N>@x2}4%SYpa@+||O@;^ikWhpUfiwy>=y|$xs
zo<fP&H4{hIwt`7u@w%@WlqxkjL`|<cBAyw*KKpJkFX381-^T|FnKIRlOYW{3dm5w?
zy{`e0**5D_UBk9h5sTz6FspZkN$k?*17+zMUI_&xC^rWLq`E;6xruirA@O%jNZu2&
zz!b>INav(%O#?m#uJ(V*Gzt-Dbxt!SBdbpf$a=WM#Cs)3qqF~jMe}87YLJ2`(vgC7
zaUH3-G!V9<`%cc1`RB98zB>qeLVi?CvDFksoJsn8;MH*v0C%?Zq!*RWAM{+o<3}Nd
z^hHgZiVG*mmylWM<8c+~sn`@au52pp78)gM6VEn0x^VbW<%qY8JADutSSN!?*PZ=T
zqWTlv$J|xwT5zk|+4n(MZMc}~+Rv8;RVWRP_vR%`gI=ZoDj~DgKqX}Nn}q8y-M#AO
z^|OWX!puL4$dl2a(T-sGon`%`<R5eEjM`Gok%J&L>O?X5bgdgBR@^&oqiuo8+?*@T
zE)A`W7_ai}w*?Fs3%N5Y*u9oYyUv~m3>A4Du59{jR=m*M5k+=uO@|8yAj$z4ruiAm
zDkD>2z+H8^yPsGZlok|yb~ie~ut<pHi|q2))oEwjlVZGW!Oec-q?wMBy(_7njh~2Z
z&$8b?kP7x{uu035H9LJ_5VJd>F+L(*>fstCFME##RmdN9@8CO-u@6)Y<F2r@ZP632
zZf7X>*s?INfCN*1s+R4k-=Eui_E<8gvD7eMbLpTOl12E$x#Xj4_c*2kxtcEv^T**Q
z-hJCjy-_pV$`0#EhrmF~KtLqGi@zqZ&BO9O`pR3Hv**f9ffD^pk2ihBnDv>5$E_$7
z)6QQ!me03lX8%Cfswxv-9QPg+b>mtF7itwS6Lxpw_C`SIk?ZzFc^&|PI6$rVvol6S
zaZuHC5e=$urG$y$dmhdY!KJ!>wXEWfaUP1UiJ7Ch;<#WzR5OEc2j%|w9CoPkmArgu
z<6FD-0=A#3ehRBu<c3mXc9P<-Td%(-rX8x##|Q}&3A+|IPlryY(SgIio$_qu;OHny
z&rasY>!}W%I9Pf{A<|4#(BROBRCtpmr>L3a1M~l3?ybYB>bkd4K@_l%5+s$75<wc3
z5ZH9rMmnTH8l*u{WK+`JN_TfigLHSJgdp8;=0bfQ_4mHt`Mz_V>s;qQ{@AQF*O+6D
zIp-MneGkMt=}j$oFq)E#U;_S}w+15FqCJq#L8xyeI9`$Lsfo?qEb$Mx#qysj*<Ywu
z`B6Ui5vmQ~ip)<+Q^QhHoe$=TWtf&<@eFrk#^jN=nyBs=-A$^d@DRC4m@&UWV&&5Y
zo4zxB&9M&8M4mih#4B6pz>vug<GGyOGeIY&mR@~kDDlYbSaVzi3j6v&4FMpBdK>pg
zmR2DZN^$ajLmA8((@c79JDkAW{-)=};I-qP?d#Wb#N~{0cn&t!JBF$sMbABTUaf5R
zTg=3$qE{hvXbM*|O0%HnR2Mr~{UX(+h!&~Pp0*qPqv9eO_CC9;06khsvUVc{RUz{2
zhlHZ>9Uxb0n$`WfAgWp(q^*GH|NX_o_ZJf8Kj+DU-@(wmm=*-^(QjhG<qHvA=?WP>
zabf!RXXpx-Al{isf<lgN-`Ln#L7F4EoD~bPSf9J91s#cDTPILIUrjgdeJ&9aFrggk
z1UjTN>Wt#kt@}=KFd#LrH}5c1fF3^_ff5+~wAF4&h6)erve)F;Sv%OaPrc7wvV8a3
zPRg!*eW(d7vZz<2!sLDv`z>s-FqSK}n=k$EPNPWEtv<pOl31phG&nvzr5`b}AYA<t
z&y4{U?ixTAUVru)VIC^DMpY5~hig>#z(5R)Wm~t5Y*C+%vxD_V%0(#j6^U6_$&_u0
z{S?iYuxQ)GXH?-_q@~6pY9{&y22u7a8{}oC6x3C_!*~smqvfEL)qv_jyD_4<UX`=)
zqQZ;&29Im+n-F$#$t=(W^=3x9kw2}aH#>pyf==M#$?zEHNW1Q2)E{^rr^)VMnHL@g
zD<;Su00|;vkYE{3{kDJ-Jyf~K+LUGT0XOM*q2a_Y*g&aFOkOpXgfh^EPSS9PYT-p%
z@iEXXp%-l5Cz?2RM8DWpkmStcz|ZHKOh%*cr<fu8Ndr~^1aIS*%LQvZ?9GDXpM7f&
z$@93Tu}T|uu^EpRhbA#3JotigtEa-TV+WqODw$qUz}NX4rQ}C&ZRAdY<9L_m@)zvI
zjyu@rUD%2<#L9FQ)K6BjceviV$@#sgR4+?Bm%&)_+qfksH#Sz$YHhPKjC&pLKK?ED
z6uswy?!0rLdYWS4{5XJ)zcvD`iiU$7<bnBrX25^tMrxBKob~3K)=biySMRruzq)_8
z=m%0j%aM=9%WZ0-EjR5KCmjcGb-9lAkw(E7pX8O2jv1KJ4R7SsxP-`@62h(5+BG)B
zOCB#58SD6So_6TpS^@eac2<X|Q?lcv>rJz_JtH}@>U&V<xY)aP7f^^?9o{zu-I>mj
zoHyz29k`13z`CL-u1$^sNk}_L<<S^A9qeM&b-cPnS{|>wz-roq420#T0YWL$U?5gb
zife#G7FmmnD7}<MYIHZ~k#UVIrWGuLI=@*%a9o34>{S2?AuRK&&En?>+iMc9d#^~f
zStV{2Jt-q|7{_5?f5B>Rrm6x(6mW3akJc$Oak^WNXI|(KD#lAcBij6lOiwg2>xem8
zP(Fh+y=<-fhO^oCpj%-o&YyW0{P*yY{iLi9P0WV7bwLeB-}Uk1e40qBWd9kZD*#^#
z(rH>>`g>SVq91+A(fbNwO3aVC3<T473Sb(Kk-Q#&%4j<Y?O48N7jeh*uEb(CJ-okv
zhQ0b!ZYzn-<?)&oNQmk##;iYTiazsd?*JFW_1Odc=h~muBdF!loQ`$EB3Djb`14vl
zJ6)peYe_0__L>Xwe&(DvqM2w+!PZ9bISyfcywMy5iD7wUJTgExrq|6%6vl&9mdXM{
z_r<DOdji<j@QXAP{ix6(7og*`WGjY3#1qMPy)d!c<>(vSB;z_)ys-j(SaT!Zy~0-^
zVrch~M9PdQ3in|>v{*_wT!{-QYBK5s3n?=FT~KG-E;(yoti$pp0VBG*Us8BZ(uyQ7
z0h4@LBEK$6d%;g3YOkqiXhjLR6Dn+EgB+7%8`P>0<gXactSi2Sw%xdNYY3DT7+A_{
z<eiX&+BN8I7a)>VPJrAH^)peI_E37;CEJAo8T6yLccipxC7V}hkVR)(f!y+8qOdKH
zWgh-YHj+rW5W+i#XCt38&J%g-%O;b=Hdry_>3un+PUhZt>(T?(Q%iPll&%510RRv6
zGsoQ^Cj;ovk6^kY2>&S5X`_tG&OTnx4>F|3`8=WGqJ6p8&cC8BXv#76V2XIp=jaJK
zM-JC6^<(F@n9NE}Qm#FU5|!PZQR6dRZky9E@8-DO!ur*8g+>G|yI!GnxY}5pjP6RS
zsiH{jNU23qhs><N6^X5G780%xV)NZB<X+gc4lhIB<vni=OsoU3>ABk(BmGz*)4=9J
zdk2&OgrV<sulwwfo6CRUIbLz{lJ_LCe21G`IQu@?fb)S?HX-^|EF}tqRAC<(LJ6ea
zhxC`STd+!;N=yRZCnZ{KOJ~nAAXS4-tVxt{l#A5tpFu^=aO^7&Ix^PfU}hn7Z#AYl
z?bjy!Ltmtx_6GJ==NuPfsgAScit@ef43M5#L(0;oh@-REhAwwd-fj5B35{(e_eVA?
zWY!6>R+p2H8O|U#+lbXlMD>ts&WHIkki#)}23<z;@5g*gfOhNPiWihcgB;na=5?2L
z9SU;{Rg`;LC-4vmS)70do{dsa211lsjQ4I}JA*xjLrOdjUV<Ew%m<n>v`n=xSzQ7v
zjRjh15;gr}v?$RIj+#Cj5V+#W?*|=CZ4^~99f^d<Ac>Fv7Waxw_SNjNNcQYOsR(JY
z7L|cDOzly0AFRww{p>AX<ZIG{>4!(XZFfmeS|}TFbF8xiZ&wge>e!mQzV<8DO)mHr
zZxkhER3VD&cext0gZ53X70#uBvxEq7nuGQk-vjUM;FuRSlmv#-I^0vFu%^cFR#BtF
zG2i~4gGS6152uZs{D2lH%_39ilW5lFyM7q_HDMryqPjGZI+?w4=DIE1-r^XIcu21@
z2TSll_5N(S<W>-67&eot5Y{KCxmMXk;1HA(vV8-D_LkwcA@pbQ0yn9wsS`3SuNzL`
znfIT9FMBO9zB+p7Y@j0d3Cg~}i?3WFBF-7WSjbjEj#S*Yq!j<26;cO@sm~Ub*`BV5
zsc&LMwWk(XaoB$onAAbz;2v4Z%Sw}r<ono#frT%H5vR4Vedh;eJYsZ&Ga63ogYV}I
z_a1lySNRh(4&fkV&I`rSYiknE@aXkM@@F*obxt6}laIff*d&Kz=lz0ItAwSg;-<{W
z!;B3ZrVbT`2>a3q1*PZ)1s}@k7Gc;+>KgCl!u?ks$wkyd2+O(#MYMFm+70-+O!n=C
zXqkWuN#pluLpFz>tXcRMU>q3X-RlXNKs5BUDM?=F#+p!W6~TOnxX^=hhnSB2M2J(j
z@Kb1_o+>HU6^is!Gs;nVIGfp|$<`O@fIM$93sc?K$=AI!_7|k%L=cnG6yAtLn+B%O
z`g4a@G;n<ZOzjDzG=B@@z$?N#M3=1zTox2zSC-=FW|Kl%Swh;;<&<gFdZ^nJ<`8S7
z10tESjteAM*pvyo-imvVKu^Wbpgg>yT_iwCZ<RwMj%a{%eX?>lAqB<ZCe!{|PfKLK
zYEpx?$O2ej^9>+^#UAWDQ03SwLN($faJmDsWBx@VA15}yor)AyH-p!grjojjJFb;c
zc_ZJJJaqZ|usK+O|KQtjr+@9?b;6Ft>Qil|vtx&3Dl`^$0L*47IcrzrLYCxY^6H1K
z$eAF$nN1DA{m&@vmSjPJUkq$aSKaIC?iM)g5FB-vi?R8NV&oJ_CZ+2hJH!R`Zqwv-
zUrde?O<E}4nO08Q-r2d$ML~B(Yi<1S%lEYB8IO}|Hrk#geJFmI&{~wSoz9Kpd^bQ?
zOv5u#?4y;9_&AG#=qH32x9Sp+*M-Q~c@Ja>(q0xu%Img$QO8^CCc~QW%3d5wSd1`{
zjOBD1Z8`TyrYcY5jazf%w%XJxAved+Q3pm-Kh%`p+rS7D%qjNYIJ`TUv-*BNWzW|;
z(W^)<Cj8p9YfATKa_Sa3BmCC$EQk1<X^>8cK}UciAN8>N&!QL7jOa~k0YX-q8Cay>
zCp$q(pjKqO>X4TxqX7T{U`QzyUA96fol5eYH{3Tcl`3qVL$5y1Q1cS)OD#t=Ye|+>
z<EfTRHeBf}_Kfr^J_*WGm*d8{lt@;`+jA|L1?_8rNUJ5QM6>_Aw1@ZRhVc7x(1PA{
z?JgcMMLXprby;EPO@DM6Lseo$-uMHw(j_?vZlNma9f@%Pe$8D35{wn`c<fst2u5WO
zUEA1yL^GfPeh#-lFJ;IB-FI7Dyr$|*m@obZ%t$s(_-zrTGzA|PE@68?`QX$c`nVVm
zcYG~$YHb*u8x0(hEOeml%l{#jgpz&Gnu0Rw20Y&K+sii>P?m*wGZ>9n1;Z|8yM!__
zp%C~(pq(#$PqNXFs4x&g!$Ke<`t~P;24FnFN#;F<JCIppi1N#)Kf=xLTWlTX*q7>K
zEoF-9#QvuHbPP#PYm7fIuhYL%TD}<+BNVrAlAb?EN53Y+;<x$9WVEnVlByRW->3UX
z1-sN!%!4=B4J#=}t>UhVa<!%{;8z(C0#XF1!UHUit*x)qJ!Hw*$?KqwT?R_GYBCUR
z`r2K9<axs@C1n;$R8mrk<(X){Hfs51q}bW`!AZ)XNP=$iNY=@-R)MK^{@CWh(tDL#
zoy<p|U~V*=iwePB0J(yW(boENduU?Z(9NL+81EfQWP#}q^S;(5fXMJWzK!k*#E`fP
z@F-<ByN@JgIL3-iOT^NQL<V9L2s;klYrgcl8pYg?++bv`u`!g@%hITsyr*TuCn?*c
zbq#_xUcTEsRnsV3OM|0qvVGmvim)M1RZte-4ugUp2R^)vM0Fe9a2@?kxKhR+#fJk-
zb1_7PD#x<@&fwH@G4GsCv-c<tkpMdx`q@bvIaCw*2Y8GXDeOqE?$yDFsCA#tPIa1I
z!^@lD)KF1;WZ?DV$B#|mGi|O9XIK>RMrHn6#D)-+5c0tZ9cY-1nnX<0nZRNWo+%yt
zi(Gpw9OF3l@x)M1ul>^_mAdagaE}8h4i0R(eQz8;|HMi}FVEb@K$d`*4-#|B7HZVU
zou%dy&T|k>=_WW}`J!<+Kl4M=0Z??RL0lU!6*o{+4a&-aLm-*}>UJcPa9`|3)liK$
zz;Bu?7HzVBIE}4EhCuRiV!U*cG>3w^p2Uw#J4@1v+<NYGKY`G%PpV0}Ldd3lJQayY
zAsCSdFysq?+L2(J9_>*2xf!~qK!A#b#b;!Uf%L?)4M8%$HUNnd-<wXae48r9Lu}eE
z4&a<Nx1*k(qlx0HQO5hz0H`qh($%*qHvL0nf}YTY3RQCM(3TAT7Mx`q<jh|{D+8((
zAdqilNH^XD_7k}~UH!E)g88vnW<{-Ep6xV2f#KI(k=thZk7LHlQ${SBlBgW<4}U;j
zQP53(TqVMe83W=Y!cpAcLM5sCQl_D+PitFo^-p7<k`(kYAZA-*yJPDB_{P20wY6@1
z9Ycgwq(u$sp~?!+n7<44v0Hz6evQ-6xzliB;(n~f@P{3#=JOeP|G<51O}($LFG`}`
ztTp*EL)+%mXW=2G`>%QbE0PqL4y-XBu*SmgBS*3CMeVGxkFK2zJW7_MxDmh}WMkLO
z06F$Hdg%bJ?ouM`Y6qm6&Q5UkZubQUvv`3@@)PBqX>sKKCl%L#V^96S215`$=%M1s
zQEWRAzJwLuZdSizCbpb?zoo~te(mrr#3y1y(x`k^np+Q4k*Q2y=iNZQE&zP#`ut}i
zhD%6PLg7I@3c&77?|#@F#7Hy%N&A5Py$0o|FHKfG1~HI)@1$7s0^~8RSmu4n&*RVL
z`13F8;G+=u)FMJM@;~Z}hYDG6XuUj#wn`XY6U)pFWt-t#O#yumsE9QL=%K}!^uz2R
zCwWihjnR}6ydR__gM@4S8#b^B%_gdQOz=xPx6M?zyprHkJDH!b`Z(wAK(NjosvfL!
z*d@VRH!-Emt7MzWTH|eR#F;_PIzsP86qyyKc`}-HRy}lJiu>WIzsyaG+~$?U(B$CX
z8O>S$pgtWQ0>zl7I@c)Eu@cD;PRcnP0MvhDiW&(Jm}1K#=L{wH#XGq+D{f26%WMt<
z3<t_j1ESeGW*oDbxFEhl7Zr^XVA;IFqaD5ppv}oYrvij>z#U)=K`DF`VmbTuYQCsY
z^RY=tdYP?b)NRIz*X+;F6e9pTU{GS$l|FfZdPqWO>@-<Z>Dlvq`*X&jI}ZBxwh7b3
z1lJ(TNp5@#p<<M1kKAzoeP}`6k0qJ10SnT9D7fSXh}=kjI6x{Y(n;IM*qFZOV3_Vg
zQv_?q#F|*k5^-hg_KgXn%f%Q#|9!0KHa)SP`ii=q`dBp@yM6sf9%x4UJa}EtZdC}B
z9?57;R&ugEvW^V*kGN@|1cEn9rZJVZ78(ckC-ws>aN03x_+eZb6u{fjCIV?aF0`-S
z1uh#z`1pnOpz<2_Wp`KWu29Iy*kE|a*cwZe=UPN=IC+nr?aBi^TP-{0jNDR^u+QN?
z7SaWGdX?f~Qp|164@^3OQNCz4JQNg~WcPRhI|b}iX%iZ|vjBCPC^E+j95fT!G67T_
zU?#7DH&>w>grvvDsu!4!*%~9rEDKdLEHU=!u3URD^}P6nihl6EQUK>D>FA`{)?z6Q
zJQC}p6I&KN1SL}??-4}z(!XV!d$d!n_!BLEc(Z$te?ePL))~)2j=FFdt=oR<ZOZ0g
zGm{|L)A@igJOqaE0D`k&9YTnnUu{9;1^d`Tu#eGzeN2(huUZM?x@o~Zk;(|xiiyu{
zWR{}^U!w;#(OYp=n=V7fz9}45+g)s`Cw5D>FAg@oZ8oVL^tF9-aPZYh0`Di^GybRL
z@K?Gw4IV(%m<O(K$09V2fxvXR3h0#(P8qxsRAV5hem~mwjw#z=iLTfZLjH;cTvnv2
zxTr{1qqe{xYE|szU2KPa<k(2OJZN*S?FV01ZF(5yb;b`m3YwdDOLi#qI<dosp7l<0
z_W?@I*r}CGCBSPe{j4*5UIuK|Cfrw~8`@Jx+BP#G3jY~~`>zSou<(h9m`+Yk6k7tq
zv8zkuiU=#tVa0c@BRePs86>$D=;_KCk16*tUZVq{4gtJc4pXX+1UfqI3_Qt%$V=qN
zlEt$U_ZA+gluOORAvPMXkDKMKuXqY4<+K(;HHFJ3S>v2DN8GmDV50-Ut@|YkMK5)j
zuS){_d9nZj%#c=Fj&pz-eDXGg+gtilkd}*&q)$sNrRift(((^g1-<mO++XxZ@kih=
zEB<KKkP{H9W?w)sKj?S_ai4xHZHTW2A$%bmGhj9I0V<&UlYmfSG!DZ9onY34o6PA?
z75|u|KmLLD4lWcueq(@QUwN2B@ErHYOM(_^Tifz=LBE7M`+rh?-FUSjHsj~JUg3Zy
z^^UwP0%BCy{t*Cv4(jLlWT6`Te;r#UA1<`*olnlM?{Sw$13X(%Z`3G=@e`;RvE{88
zclE!9acDmS%m@H>`^_TY&ol_`LmMmHegh@C@c3a{r1ZPn19vi@t>qt*$^VH_e(rDo
zCtvq-MgE$m^YQ%;?(H9z|NrYtek}C=VJ<*sWTKCF2>8&0ANUfawUx!Z{X#>P)C{lc
zq#I(#*1LdqSb)O~>kkA$gZ0Nfqi>+9_4KY%vB}R}_fPA@K+(4IhOqTZlxP9sxzAVL
z;KSEzek8V+I#Hs<?N~t#an7!e?N6scLZjdVCkZbOvWLuoP-G=+AW7Ze(Og6d0u`WV
z-NQD2SL>Ar!sDN>tAbuPNg`|oh?^`YvW2ub+6dH2-(UN-pQoS1UvAY3@j*GmD70=O
zOJcpCHWL8bf$|@T_dh+P7xI5=r+`38G!7bja&0l{27$<a#y6nh3xwwX<@7&H3-H~T
z95gTQauEWvZHaing2(}qGX;g|@gKv!fPzH^p6U@D@SX;ce>utZM9=A~+R<r$ackdS
zfvyU=#;AmSBO_W8w19D%TvYhgz|d<Tq_|~}+%NhMPH%}@-#`(KV;>e^`;Yxinbn3i
zg5SuB!Qj^uRWud%EvG+BtC;-x*?*D-f#ieI8(Is`zp1R-&~akBgck>dIUKP^A@&e6
z`NN#b{lCcBfPn~3m;ZA9LF^iz3ICIK%)$kwME(>Izyt*CTVj7i7bLU>z*Wai;v)u;
zb&vO4WdO^L<8MZ<6m-S;LqGs5%}3RZSbw?0Iia_0@CMs|V)U+H{>A7$7YCWW(fs6(
zr^GKoUbtlDP7RR7)SwC1)-B+zBL9zd6u>n7Dat_hUvw1yB{l=)28h`FzhMSuB6pq7
z`MO8RRsny@JX}DAfwKvYOzsR&QrOV^Pzq!hfYlJ{P51uz-V4a&VBVQOy~@G_WODNR
zf#YrGh6#MpME%zfVGv)MiGD;~U*9u}4(AG}bQ=89T)^aEFsXMbha$|5Z_#}-Bq2<W
zL$Taw8hI~AlE0KO^Z@N8T5rc`VMVYu?Q_bS5HK;=^X<a4f9#<DY#o1{1%N~T@A}$*
z6RY^c$UsfuKZ#X<>i+4icgVc8UfLolOlA-P?Egi_h2oDl<zEp*8$~fwRaZIxA_(5Q
z=HRkqIM|z*^pR2#KKd#AFJ`S7QuAVMtDthV)700O^5?vt-^|AA47qRhu^cfm5|u*N
zxEcI^e^CKK>3{rC2)_Q4bN}C66D>Nq=2GH?o92m1y=kA%UFbiqP_PZlB-{W9a>qNs
zv_M;c_-}0iz*a*3YXO1;j-Oc`%3u414*+6l%ct_!iX4+bQa^y7{~v<dxn-HI0LzBL
zfMvCM{}+}8Q!VrPZ<`9gg@imTV6tz4kjH{wPZQ9Lur|vVT>}fxkHm-IuT^q0^)ZzE
zoVX-H05o1cs0jMBsnsrxK7XuHO@yTH!KCun-2aa~>3qV--lv`O;{M&`-`@mW8Z1je
zzGN_rd7p3^upHFXszw;;--5EIDIgyI`&;m5e;gR~^7?BWdO#xWp^KF$gI3SR*Zd!R
z<9`NmhYL!^eF?(3&sQr_cNN#9MGZ<xTpA_%>;2NMV9QCX!H_KkS9e&>OEw@x18Etw
z-}`g(cSkwr>}8XTgG~+!6O@X@g@wVZ##D-UZ0UbulFrqKup7nyQoV714k?q|hEwRG
zAxp}x;hT!DL4pv1{K=R9asfUNyMo>`V=;k*#a;ad@z(RfU$YXK=<a^MG?hPKLX6M&
z`ZYgbSDI2b|G32eW2Po4-afa{QRR-$x0yd@?nWdR71<oeu(aL=F&j(Be~Sqq-q20b
zqrN~Nno@~MIlld3G}?<@rHy?S4ScjzcRBrq3!HC61fI(O^Uyo*uev`2WXH+z5j0NB
zNP%gAcxhdTtdIWVW9{}APhI*Z3esNYIxmVdgX`_d8%;r#DD<GWxP*VHfcS{;%6z-{
z`Ze1pXHCs+lacbGmy*rLWqP}r&l;WCeD0#&uzUJT<>BBeM^ygmeA9iEVlzJYGYvVm
z9n(%Sv%^fxD|4#d54(g56aI;-=YtL6=OvSbOZnd>AdrMJngJ;UyUx|t+a?6NqCo4x
zdK4$z$Bp^Ydn%@e=V%=H`UjRML>Ax4%|0A<#j&TPFYH-A0D=I&oihOaBi6>j;b_&)
za)*zi6HUx=+9y}j*y94wYw@NiIsba*Sv|nTu5d}p3TIZC?HCVu{g-Nv9AA8eUC>Bn
z*_2<=T;iMghE`!n=I1#!l{naR7O;}74SEU@@eRwb?j0);BS+{R0p8tXu-$-_OMYX0
zd94WDo7L3Fv-8sNL&B%^e~1Pp`?$s051I}eqyQFno-6^2Bk=QrDWr`RAt1{mlFSCQ
zPKY=xvq_x`sIkpj?1Mhj```WT3nhekIV}dwR`cPKIDUcn`j{Ng-d_jGM*DiH=B;QP
zxYHlZsa=s$*efzale^sKu<(pOropb_eV8`-<2c4EhyC7-{H~`*Q$4cZi?=ZEaK3?l
zGsHB=XdvH7`?d&z3wZPhjO~b4p0K>UV=(KYo@D5fi%aN6?4MFj{b9UPp;uEF+TSo+
zEne#@(^M)=&4KL@#-K$X=1JK<M~M!u3K|IoB1JG1Kh<iziOV1-!d8&0Qw;<@BKFnX
z{t$IBa6&#&DUQruBT4e8^0xbGa(p%0{0&(07gD@100DdL7znOdPPZ&%3}qI?4x#dg
z_i$~fApfzqcfSWh8>C7@dOU^c_n%er^Q-F=;lWTOi#|kVKu5e&NQ(to=z$%wWPvLq
zh0D?JXHecC%xTBN+<MCCQ~+uUM?J&92BGU%@;o5<?QoD@^P1ZK{hZkyjItlgy}FA_
zSD=uZFQJ%V)K>Cz#9OeI#`~V{#q)TV=eO|suI~{c-S5$H8XLTa@w(;ozTKrUzYEBI
z<N;re&(G}hM%?&VRWlE-{_EKw<@BA)dH4jxgk|XIK;{K{I#_P=wE_AEn!<CZO;>*3
z0`{RniN7Y|I901FCU<k26Q($f1hPS33OZ2v6WO2W{dUh_VMVG=!KjD>yQd3ba22>`
z<s0;J0F55-^C#`7`~-XKioY-0TB_Q;Z7l*2$k(qF6C<Gz36b>-oeSaoFNO~CbvtA6
ztBnAI2McQYp_?=Rj2pkVv?dSv-!Hv@%nc2u?+&V;D?Ilb;PP=`c~vh$nmy$3t-AML
zulqmyeK|<DtuNKDX`Cw<utC)iXnQSV_(wwrU+&Ku$UMU|HF9(KLi?V#-_ZRKCq@?U
zlrqVGP3OKO06lS%47Jm`+&HCE5hXfJN3Bm7ifl|Htk~wE-&BIQd@Zp^uldf3Wd9~K
z6d!;F%~2GXqYo92YK%cj-+$r5b}%H?M8t`}cq>w-wuJNhmtvDac60)1;%?LaTq<(l
z-lIR=+X?vP+#h}^hXwiNm{+Y~+nDQT;9s|~Wt<7Y=e)ltM6&QYp?Z%s>0G(x=Q#{0
ztby;42PDvn$3IUekOYyRY9}iHEIaq_w;LA9^Z5rWHo5YoxzYe7`XS~($<rUsD8r4v
z?5M%~==c3q``o+U5OL&Hy#7Z930jr^b=dGs)sKy@C7?4qHQ0>z_<yAZyiK0Yw%BVC
z?)FiFgG#nprtY~@V=93)P_yy-g)^S!d<}d9_WjEO&pFNW^PLW=cdBw9`Ge1kA+G&V
zuKIZxd3O_9YB-kD0xxc)1DUZ|_MhKo$&D{+b`0?ji}`YDjwaR-V^D9h)#6h}K-kk5
zKdnXOmLAvpZIUk_+e7hzQN(h3-bRR3kq1QnBW4h@6;kKH(|iJytUw?8u_5Kj%b+>l
z(RDsa`gsm0$@z0u;)x(r2i-+Z87J-?-+}&{=SRf1XLe;2moG)1V#2bNziGwCwEEj@
z`h@W^yGrdn3%J;v^2d6<K~z@$j0Zn<zky1T*dl334$Co}USM8c3}O4vJ1-zFps}p%
zZNEpw<hYBu3xk-GM|Xa`)rFCoPf#vd8>a1RIbIsgzBW)~!{?{ozLQY=NQzJLW%Y_D
z{NLq)geFhc?K9P<^8`57uN(6ZN7>Xn)-*6Qylqo5L|a<AB)iZ+lxQKCko?=?j=zH3
zvCqZzRu?F_2~JId<+?fpl0?1tcPF?N;g+(+|8ubd?~ae!cwOgTo2F2TZYGNtFh^#6
zJok=+`+D(jDbn=2=c7{n52HHKH0KkWl#6z<XmJ(0JG;*^4Aq@}x(2>CZ-I*xMj1Hi
zQGBWf(T2i>6s#!_Y{EdWIrG(!Y=GFPI-9qAHcMhjetV<r9cb|~fPZ{b@$jGQ3~*k7
zX*BaBSH{wT<Yi2xxh7lo{02fV4xHa@=mU%IsY&s-Ia%Yt<nTku;RZ1@PVm*(`G2=`
z_#W5Y6#OJlh%}cBU)q7lofbz}nuUBJh(nT$uTQ)<T%I;;80KF8_qZqR$4l-i#bDQw
z=Kw0ZsnVWqLHk@k0=VjA3+Xj2y#phZXzA^=?c&sX=~VY-<#mKUT5w+e_X*wmC<F(N
zhc7DuFyf^FtCR|;B{;|Y*fAzkNw0zYap*8v0!++(#pVeNlXY1oXF=59stm`1unZ(u
z^fPNUjmEOPXKm*^P#t(NMOn6E09>*xT)+IVDEl%hKfbe^NG<xMQ02)hA%}3+1TKM@
ze!hqw$|BG+c(-mE^sg_??M#Exow%5-EC?A~ML=268q=j~uue&>RYai}y-SOS7*d_v
zCo>Y6MDA?LRzLF8JlH%*oMRQ!C3j(LK#8#2lQKaBIpt8_Ua08FI895<Iz6zrSam--
z%b;lUK=*CNayoXA8?6Q){m<9g$2BD)0ZEN>{yl#>+d5#(u%Df*yLx}~=a_vrYa2@l
z$u%UAo}`{P+Vgv|DZG^qucGZ*i^|Tq`k=Hn8d69v*8s4s2#D;@`Vc4&6>~o;v;5do
zmD^0>7=E%hHFc_ztNB#I*-|#T_Lthj=<6_bhctW84~o<bzkd=UR)NN_SB;t{W0>{*
zIJdj`n_mcDJ-04Cp1a_2Ecb&8d+hg6CF%PK&WNBXQe8tDXMYR;B;all#q}}68;!`_
zpaJ8pv_%d@sK+NnxV%x$9PPsZVLpF>Xr+Mf*!Ng&tal9Crwu?nzQsiE2l;wj^LH^G
z0{XJ^z&-VsGjA3_&rpWqxXcyTt*9vzh^d0td@zIIY7o1VsgJuif=}ws+{sa2O=TU5
z5)E;I=aw}ATyqh$9eW5kWy&L4u|Uv(5FG|kBX%QfM5(d0uSvG=kSB;QKrKk^0TWnu
zpf$(&n{fvopiZQZ9{S$kn7&Y;-FT%2VS4_tE$+PJE>by{u5y|iB@FI=0qb&Y&WL39
zXN3eDknNM48GVGPy}TF)-m$M`F->mq=cURv_z{v94Y5}(Ni5EKGZgE6q@8}Uoq$0v
zNZKNeelsQ3!N`a@#g_{k(|j;XMW37*w2*8{&)x%=(^9Cbr@Dd)K?qg%Dst!H&Wh=F
zOk#C4P%XHPE`Gjx`vQ2AoTYLGP{DCDL{%paEV5EpfJXc!eg=ZZTi@Nfn+Vzvl!y(1
z<%Tu(fj4t$+0l&H#q>jx&L5PMUjq&!wI9?gufr;KD_TC_p4pH9N;E`gUIfTihYbQ;
zt*uvhm9>&_<v>+r)w&@gyFC5n@k4)mp93&TrE&cvHe?{93{-vD5iM!St3XR+v1;Af
zj8!7#gKu(Kd0Gy{5$<>{F%%u>t#uO(s#da$?rkf_h@ePj%@Z6w0bX-L_%B8uI^}8t
zV|tK@a3WEezzq-OR@Jvw(tR`0lU}!tEbhgO7Bl#LAaDnm0-%_hsa(`%VAKg=68jk?
z=^Tx4&5u0|)V_OB#To$CJ4OW1t_f8=1G*qoTW{Gb>jWj1xDv<Zg1s<X_-k*kA318@
z`r^0?KA6&KyGLkD64QKBSIq2O{mY<meW|FI9QA)a%unK+0Ut(f^N#LkW)$a0*G9ZE
zz!_y!IO=;^8$o-kgGn+A*{>l|PLi`xI}ranAX9b}78Swrme%u=Rp`|#IUJ(fHZTor
zk-lvANwFVRWWI9KdH9_a$n{G6u+s#{EB_BWLF#)%9NNPMq}K)n>*dEJ6TL|;%Trt~
z%XLz*ICCAi!aPvCbtGv@2q^)JS91Z`5aolf5KWc!yQ!ID)IkFk_rrrGrdO1}x%?Dk
zD~>nY>93*?P2zwrx4zeHFx6+ga|t**<<RgK=$bS2M->;dUhqg0ZEMuy)NW6r=$lhQ
zifn^;(TT!X=Salp%JVB6Z3<R91MsK`+p!J<N*b8)I9Pg+M#}3BZ_5tWq3{X2sfj16
zS{McP@`Wfind3mYX)!47_yZS<<L+wWg_P&Xt_STJCMWfzr{-IrXC;TNgGh{`s_gtb
zgyLq;uuD(=GQcpdcL4Po{gew!>+PW9f&q@j<|n-BZm6BLnfmx3(-(kte+aOODOHNZ
z?@g7t+Ud{k6XMn-vSkDPph%$6GPVeUV}aU^P+ud-@igk#Ml8U$Mgc}^S#pwkh?QWm
z(LyeylweC^Hge#4w&!XaITA=ICK!{1P`*U8ak9u>V|Wy7S_8TTC!WAn(iUa_+EPPh
z><n}$Bv3ozK3diJHbkq#onq;{JSpu*tab)gnqA-2lvx*i)_6fAt>1GE=9N23<=Q?3
zBwyot${<Mf&eJlBn3|&gU8sfcn0Whm`>g|kG0{Rg4TEJVeSQ71Y?G?MZA8l2#f6)_
zg@r;~%Q9?Qg&xckud&tM(E8KJJ3BkGQH580DU=;hcl@T{gyB7*1Y7qs&Z!z?3hQbR
zjD9`^_?*}JdU|A5wd>zrUjzrkIGHs{yAx5LlNKTF{9%yu892;Pnlb%KbaFkgD)LoY
z;$G#X&f!r`jYM9eque@n2o=|o$fBW?V`LRi^;XRKutIHr*y`Yy)>f)GlWjXM=uRF_
zfb6@=RTXLMSM==sK6Jy{_QqKU12}JYd|DrRgr7mjnb!6P@P%gY&Kmm<g{}e%9kbmg
zHa)P59zTeDQPIPV|A}WX;VkC0oY|LE@ozRvmx!{sttaijjED{9EUKxgEv6><(R%Z?
z6W1)V=G?X!_qUcMQ_K=bO7x_usezhg&t9w`K>@@gf9*4@>lEpwvtLHcZB8?=cH5ei
zB=LCo_%K|t!nB7rA?XM}a+J!OI0b?LYz)8`y^;NSLdO(?he5;jwLnyXD%1y6+p<;w
z_OH}aU$mpqD54!=dHKypMWipQ1zp7$8QDA=VWrYyJr^rU+8~jU{1juGLLGmuK@W}P
zadbqB^mD<FWJnSRFF$byzdHbY9_ME+%UhsNdA_#R>dg3F$=ZrPkPK%dmHvFoD;R5u
zqNM@RkOVcp7Sxu{e6nue#SB-s*X<cp4#SK~1*wzykQ^snSRB+brFhSH^-<w*CCX=i
z=T)7&`eMn<ZSG*k#2Vs(OwGkJ33FoOOsMfYKr!SELCp4^Xl0-a6lZ~)+VI4y!+~eT
z8SfUl|JGv1)r=7cD|V9-iU>(~&tR0C=IL(z9ugpTXXj9cYB9A63Xwp$NKFlB`2?bK
z9385$OxTh;Gwx%oS$+ULctoZ0Ub$f>G1*SYqjO;K9DCYuS*LxSX=Xt9p(kk{AJw`l
zjg{ME*w<bp(cI4cNT!w8yE*F+Z`F*!y{}1lX}akKX(x*x$+&!Q@KA}|t_PXl8E=lE
zpu<<c5YT|8el*k5MJ=UEVD4LP{f$M?E|@y)40K%AB>g@R*FXomaRQW#=$F(pE}KqP
zmNiJSzBl;jsa?}gJ1s0AJ@2alC;}W?gC*5P+8^FesgGgReHwUQs63De^EQ!x%kUhM
z%VAjuVe`|2&nxPCkE~iL!-D(U^%0jXFs0TsOM~sptnltDF^USv;P@sQeL^Fcnu6q2
zPV<*H-&9b=Tu%?msYiPNn|K2HuG@4Va?05ukMi40A?W9?l?nDjc~bMPq#^6OvdvjV
zD#eg`01M)sY=f_cwHW~MrFg{o(K$#UXPk2TDje6K8)fV*gM%8|GB@=eiG3rTx=eKJ
zLeu6YqLXh9Llu*{5J#@Oz7bAbaj+QWePjZifx&%(+*yirMVXG63RRNwQHSF-Z~&fy
zu-K5&;kh1RN&q*0aAEI4M$d`N1NXc$w;bCAk65FzH2=y=cXuMRBWRJD)hZH2aBLD$
zH6Na~O1Ws0KaA#0e1|!3(730vpSw6k?!eoJld7bxCZW)4jlP$=bhhczhzrNLgyoy@
zyh>TCH7omrA*ZtJ2n>74U5)IiqoZSw_?i2p!t#vdY!hh7Wb_7UXDfEEvRQo(=(x~0
ziks?|Bx9vvz$pl5ntl8X55p@+S>M3O-c;Q1l0`6{i<G2caTGO_&(S2zg9Tf;GFUxG
zJN@;!D?!NAk`C#S(uxpFKtWXX{@MPk-gfm}ruG3Ip=!>>a2>>iSj({86sDH?Y)JBG
zDcOwJ7lZN$j_cR1g|7ov8=yZqrR*dKT=Zh5ohieT!ud$9ktS@wadx~VcDhD=MS$$R
zhW6<xMA}Ok6_)QmNfyRF7{isQ2$aZf>0D?J3wvi1X}kYfpS#aM`91d-OUyD5C%Ato
z_hpd3cH`u9*#wtEEi7shlCBv&`Xr%`BPQ{1bIQ{whnf<Ob3$PuxmSWHbzNkR%Ufqg
z4=xwn2>AN3%Si&<APPMmOQ>1FGFf&yaI4_B=<|rvMe0b=*;Isp#L2`FXg<FhiElA<
z)P$>1YhmLM;&zaTSJfgo4k;vrx+g2jLf1@rvG{=M6u4tYp6zdCr(Ys%<WNnaAs4vB
zv8R>V7+AE`n(-D}H$D2L5W2LNh`8jN$>g>#WD#*@f353q-QPOFyuuO5M)|ZJ*NZ35
zkpJ{`#i8^mK8&B*2zCHdrSKuMrZ8_nY-$=@32xI3Q&VJergDl8OTAO!9MHTjM>Ytr
zIaE-wsk?+1tXebmp!ft5w3AH3Y)9q(?w%C+_31F|>Q^NDo#g>aQ_#=j>r<6tPfXs^
z3l10H{XPuBWpk0Qwm_@%ku}lnfawpY-*dleO?i=GU8Cqu6~>pTc`yrGml$CJCxP6n
zbZ)7=5^=qS1h9S%jTLt_xhTMXw3)qXk}j8x7qfy`H$%ULg>*8P9YeCq8Y4;hnGi>i
z?2X)^DrtE$>q#p*J~%~nULG<lgQJJc6lJPa3{Gw#f-M6KPY)t*q*gLzx9~{H2h`4?
zFcHI9x}NFBEJTJ@w$(gzHFy++O;1PpFw~qv<}<FB!TQVQ$Kx+HYzz!quK0DbW8vx+
zL_NU6Hm6tyoT#!!?qMi9185O~hp`~<QDOBCi2lFaLBBJ-&w@1$!5O{sehR8Fi$gP&
zj%&X8f-3OA?9(x9T)%#yblr3mB46?ZzynIA7H!1k(mYBOr$iF^LhbsFBwm5SNSOMH
zHz*p=1|mphHh`Q)CiTAXungI(WukZDbBIkO<DB}*HGZf%`RM^hVEUFfnL;qXU?U#&
zF<a3K<H*psN_bz<aYHV+w?s>{<s^CP;MvS9pA4BF2BDx$-Jo3E3F<lgLfhLS!5$cX
z2MM+SCOISqF*izkw>Y_7UhdP9sHl_bgQe^Sk_9o#ME69F<J22dQ*9}758R7U$nX;G
z2JrTfW*eBWPh^ZcuZ$kfNeI+hoG3UbRELEN%PkQR%gqNwoi1KYJDt+6YHp~73HT1A
zJXX(gOCoxVh?fg^Nwd-J#gxskM|)TPQ#c*ZVUNE_VbCr=l8}sDxklU0!r?S7xZKw&
zp%5%N9x4qfFL7|1)Akrb3?#23?q7=mXf>jCGS&$mYJP{|sKvNs4Kb`~ZIIry&WxUx
zHGRA@Givl?;c<_Pl9Sfc=Kf+;zu52N^1CUbwKCbkR~af99Y!25j%4s7*=D5zzH@qF
zax8cIXZKVmFYUj2PeQw6zJy4;w9T72OC_o>8DPnlo^@z}F{j1y=FE-Wy<uUr$3Bnj
zA+H>lDmX=Kn)Gi@uL4bHgmyS+H#Sy8M^?7<ApJ9ctwoHOl1wMI*OeC`ckIM-BC8iR
zC#Y+B$VoQd&1xNtz?yOBs(gWbLQf;t!sA|6HR~Rj;9ektBz>ZdukkG|+i@zv!DyDC
z;u?<YsJ~+4A-Gv9nJgcv&{>roB@R!YUiXr(ma@rNSyz79CFa)OpJv%e%AkPMtT7|i
z7d_6x!E<E^T+rD!>tBi$A^S1(FQ3dyjUjx~C>9?u_{Y)F01g^E^=C)i75{Vmn+~SI
zhxH{LHRF$S0@Lz|eU;6Sy0SCCD4nY-i$diTmNwMa*wV*GWZPAb7kM~RA7CIg@2D-Y
z7UqqYh8(8u0m+UHa^m#7cGo+KN8LQ9wDKV+L@_JgHlhR>X#_wSWLh{^y20;gM+3vu
z;iVO<re!6}9#>+lhp8)@8m}2>Q*oB4>=@%q%<yQ!9pddS0*We3vlI;jp5wyW(XxPU
zxf7zk!!8}bkCojpy;iaQK;$%?GK)&AcH^7uB+0`3hL!i%QZlnb(JpxPCT@~PUJ(vV
zmO8zqCWYmaXqi|#eK{)Sg*0J#X&jl4iAQ{Uo}yW&gPQ}&WMH3|2r$4!AP@~3DR;_t
z*9K~8z?GHaWf_fI_SEo7=i_yvn7~`b1J;iwtjecw6s$Tqzu=@4AAE{2tJvhM0%}_5
z6$Dl_%7CHTT|r~HSrjFz^x}dmZIV;gk|%9~8#dz8!eJ80Pv>5MoSSpd0#qGgshs{$
zMt|?S7Q?R$0Z3+EBLum6Wf{StRi0yGo=PG46sA~i&#u&CS8_Ct8P=~SIGgu{o|aJt
z8^9?;jT>EuW5tn#=8iDw+e#7|N*ttbG{%^hdnb}O)zwidD8z*z0;i11bl}IH{YGF)
zQr_XhQiS*4;iBU>Oz(to+kFeJ5R%JfQ4_~x3=!psq3c46HdmeC*{oQ#ZIo#338v%m
zGAqgqiGL<nRHz)Vp0gonWpEgkT$k3;#P~3;V5rJS)R)Xm)k21MG-q%M@VQ~62XZwO
zwPgbRFP@wYkme{N=_j_oTUk%v?D|?Abo~L9zgfyy=>ErnYWd?Dsy5D~rPp)x185vt
z^UuP=IoOgt)G5OhH^`|m&9w_t0W@v%PB-;bA61(+NC_uXu6zIjBDT1K^M`T7FEW*4
z9xtkA7|xAuMv?$*^R|<$woI9)NzD(|A@JL4LB<{+)g|8@^2Wt(Ph@!T3~Oz)bm+Uk
zLm9W)QJ#8zUWyKiA4w{X?=*t!Vxh7eD~t}Q?0IqCKvJ@7E&A5iuTRxpsfEu8V(7Vi
zQpv(vNVXP!AJ`%-wn3Vkfosm<cj`hzChX;GqrNYF|DkBB>4|P8>m_k*0sN|@(|#Aw
zW-~7X&rk!}r+rIYP7Y@gJfm>=*NKGN)9WOY#<<wW3zItSJjRul3m+Mr(*oR5uvB8`
zo=B0sQEZh(Pgzq~S+_*)gf7)#0d_imJJnmw8J=zh7IT775-6V9jk98h_O4`)3}V}I
zFNa|o2s)8Q%<VlKES?hjNYT`mH*Zo3G6~H-`@L6QD07L!`lh!@<e%2&;X@$Za1><U
z?_69M_vdR{Uu)0pfX*(ZQW^Fyf86%~Y*@>a{S#{aOOF7fvA5p@=qkgSjzZDN9oiPY
z-Zra|8{rn8f7Ze8zbdD#x)5T4A*K}wFNzQa-gqEJyi%tkXA4Qw;*kSIxv70R%|-$0
z9Tf>+xMsk$cQ)RkryS)1t;fZHqL?^>O{V8{jim+0TI6o>*JN@(j>PAY!3>I$130v2
z%EzcL?4%4M-^Z~iVPd<ik)It~j-4*cx6vnkjWzNnwZ~axMC>HcJT1>rVEHH|cchy3
z!xP8%F@+Zt;}O2>13)@SR0Q7+J&aP1CUBWX${x{SIIrltc}YzpbpvkJxBOi61=r;4
zlvD^xbTikQg`iiK!Zx=hT|@|BSIIY!L!)~@>JO9_@PXQYtpGa9r@d`2rtX9PXt;vB
zjG?!)^cvL~vvBURMb=NKug|{IC?|9|ztS4BBon2cp2wue_ET$>oLUSnJ~}!QQ&jBX
z{}_5QU>zdbDD^$vHqWyy?Uwoc5p<`A6@+NQF-FftwFEhtjx85L;G+vM3Mr_4Q1?xW
z(MB^B!-`SVLs92a9V|AACuJc;!Pw0bL!0E%5Q*UNLyd#IMfs~7h{5mVZ-Xgz<6qxk
zI&G6JA5_MwH&XV=9>b*%Si5>Rn|n7snq7HT6;`d-?_EQy_|gyMiq|DtkeoJoD9e8|
za99xy`u5_wl$M5y3>iINK=7!qRw=GMfe{#%S%xSl#agcuJ8$<CW58Z6Ip2yJghR?E
z$|O$T>lR0ibBdgOztk9ABI4-^IK5>skZ%biOHI5UgP*<^XgQmDXF51ZkPGD4WFU`p
zPP}H#&1t?FKm5`eO6>L-k=Xu{U1VPUF1WAxom_<$oj!q@9C_wsX7aL2TzW=-4hd*?
zoMBZqOEqX?+UEPsFXhkyi1<VXNj^$5h(&qr%}~ujdo48}bZ*dyAsbv9#8waKNSB6z
zX%1C#r(BM3gTiTz_{s$3+h9Y~<-C17<NT`k16ynvn_N#X+GYXmq?@xjD1Ee|4a<S+
zhZy-UBEwx{i}@2MFpz}!;t~mQ>_5^_g(%K%kPgRiy*SW?@)uieXLDC?&lGta&0sC%
zrKW!eom~Z5L~XwzYL?$;Smn&%P~pMm{ov3#_dD#tT7GeRS2RQWO?#YFksDM(X#0Ao
z0O>g;35O`jNRsZkY>}IPGK>`caNok@Nn_1=5kYudRLgoZ-jX~+^=X^F%NQei1;cl;
z>HQB-8EccG8*Qp@Yx*gQBnb{-4hB>aQ0}OQx^V#gZV(_JSIThXQ*;XRrcosB%Umu$
z6ipN#W~=lcA8W*WL%Z{(gwWVz$Syr6vOFoo@>n;%NZU7bc#x?AVcvbQGSnnAH{R8y
zhd-)jwd64ySY=JuN!z07Lr4yf4MAN2^$1&%Ln}Bpo-(26NvYxondfh7<n4<vwmV7a
zwX#rE7IZgKaF<F?lMRhLy-(k3CZgTM&AMkZ=gU6&O<G?1BbjV)d%Xm?j2a22`Ef{P
ze~JJlrQ6OWOxUD>gHIe0M>G@m6#~Sn^rtySEWr!{k^9m(fhbpb@<qv_lG)3!yw!Vf
zC?y{E^;1~LLy1cAzM@hrv2?n+73ltV#T^Td!#XRqmp(W(vs12+%2J)(zA)TVoei&a
zdP;}GGj9JNQ1~cBlmwGQnRWTq)d#ut4VI{;Bl(Sz3cXWT;m1TA<$Cn!>kYIgTr#f=
z&|kV>(gEGF#mt6rpd;T{f9kwWm7};umt~&(juyAdj$*vLVS2M7vG@~i_4XdG$S1V`
zw{KH&XdHgmazI^c5`_Sq4g^4@Q9luda0{Tz8%~thkVemoH&#&hw)*)<fD^%yw%(bk
znpyjpn<a2p;^MmyWe<`aIgwQ_-yr1}l9$^VrQQN*gWOyVbPOVyAgcjd8cd`PIBnNb
z_cSgnqnQo_Q=%(8X!i75Nl=qf!J@X#PF5~Ml_nnI&#LK_1(Wj#j>+V3X8?x;S0bh-
zn1+5T6SWs8ht!1MSHwtGmJ!25qjh2N@Dp+B?Z?j&{n&CDCijLLoO=V5KIGMt6(eeU
zFXk{@NRJWV<qAF$Nm5w9iaa_5i1=zo2b&9^slk|~ZC|ss>WT0ZYZzZZ^7s9rG=;iC
zfy(3;OAay9@m39RGJjDsvz!<~Do3@RGAw+GZeb#;o_lMhDzNr%D@Dq#a4d5m+i_~S
z=YANHnlR2?&Ng9n`j8kNv5ZEP_ZVap-lBG$4#{pH46qrzB1MnC3BZP0@XY1yKn`3*
ztC4spBT#z9Ii+Sy`+i<q2<V@fIqxFZ5Jz^V8t}cye1^~QOe|N1%$&-}ur2m*$9r_;
zRJP}6xTa>CTlRU_q17d%<^brr(h|j6;3P%rO^C^%gK5+`2VGUF#_NmCZ2wtaLB^rr
z{9%wr5idW+hT|Z>QaLq#a(nmLgFQcE9%6Oeop_B}N)#W^+%gGO?F_#9J=y`l*y_5l
zlbm61sPhwKW#$ozA2vv_+KYzjGe{Caa!cAo_S?lO$!->k5stylDWePpp!Pe5NaWw0
za&;{sbRIBz>JV;&(Ey4-1j1y9<e>vT#eTO;S+ca`9uH2>esxSjAi=Gu&}xGFG{M04
zdt``{iVSrED3T-z-}O?q`qD{H(koB9VJAoFjr!`kmz=0a7D|s6*i*roekTp>F6?Ok
zl`Kan2ck-4%_02~5xO5%C~aP7OY*=f#agNdvfpyyd{qOB#!ES8r3aPY`5rrWpAoKn
zNxw2?tbwV2n!k!=9o%*Ap4-6}vE#DsUa^kqqqP-y(8Uyw%Yd`M8;cSNosvHTxc9Au
z#V3B?P%_odg@2^i{8Ox7KU|gB3DousB80~_-to;iFHJS~8LA8=Xw<NN<E=q>VuU(O
z_gK?Na4J>4v}hFDx)hBq^`wVeIP7tqt5Tm44?#07&(wR8bjo6RTEsnBfj4vx?=ox+
zttpwR<^w@H)#K18#XycHYz^pVpB_G2#<3fh#!Y{DKbvOKgKD^0G~Kd}p1s}u0=fsU
zEj-I&Y|d7t<*t(HiWRPI*+6e$4GD9ShG3Q}Ras+NWj9Wp=!1FK&F{;0!FbyeCB}y0
zn-6Av-d!bo7i`+f{p{f#vgW=NsfD?5F-7JU+FQ>IrK{)3R9-M(Aqfd!WMPxhy==SM
zziB9L`7|p-uFZ;mEOhMKeBLyf$yZa_k2&+-KzhrjXN)Q3qyLL`QxVI@K|@^v7Xon!
zHghUN1pPzoFmDM&V^4l8z2hvPBuu26mAt8Rn|)r97qiSHTNf7eBw6i67@haSu;!AE
z5?u2SYV8XX6?RKID?>Zv>qVq3cJC8w^EY9Nw?b-=4oun5Q*@)*Ev|+{ODU$dn5mN%
zWSO=sr@?d72To)ZYrMMeP1RLoN%&y~D810ZuB*U-3#0}`^5(CDo&^qvWp<ePAF2bH
z0%P(IS308D*UV%Uty;~58%U2-Fq89_C0;adDlU%Ta;#6)NTH&lT5WuX+LhGWplxf#
zPQGpL*$_GT9<lMV#&$>{*dddcu5oRoUt?-)Kb2v910XXR+FMlxOdq`DA~lvn@+9E6
zy<UuQE%r_UqB|e4p0B{lcDZa=)mCg!HD#(6gOuAT)y)5WIgVw8&@<HM7i%O}-Y=Zp
zE*lOWvmxPfke`~ISNmGTt@S#okg~+EmB*gtD2Pf*Swi+hr+4N(On3g}4Pn2*gTSlL
z%NE40JQX{_I<ldXv~<5;xxjX-OzpE{zG9!<V;&wUv#IK;Tc|S($Zyd2^0f_E2v}Kn
zns-Hr0;TL*&FE*v8nEp}W6<o$n7rJqCZfg8LQcs)x8ur6OsS0G3g#okUL+M11%(pR
zHH)0RpF-f!m*8D#_p84F$~n`?=q5)`s^}SvrVA+t7<f>krw>9~mvhu({fpAv>aRqL
zTScK>ri*T2e}VP<iR+kaA%^nQJ(;FMw#N7`Ux<Nee_@WMP>Stit3~zF+zYN`o$ixO
zqjc@$UtMA{>1rO8uhqIFd9S47;_JOI^)b@6(}K37diX|>1xurJQ~ht0DqdG~ldUJt
zA(^rl^>LL?Hej{ru`6tNRli0P{oRxpe>ENNpjd)V0}RJ*n@V;tOnQt-!*Mb><dMUJ
z$=|>;cXG3~wiTG$uS6?&?bMSZQN4@}Q@azU<;XpljC_O6oT&^vO!3)Wa*9>j2!)2&
zds7N?)JM!?|9sO0<P*vt&k()-?=!M)&b?VVP>Q<3ky+b{QevY?4R2*Zzt2~PxUXGs
zB51Nn+Z9FMLFbssSh!mG*NE<*6x+mB8`(Z{FQCnH*(V1^vWmK@@ykS#`@q}CN?T0D
zKyLdM)rK*a6ZpvHwqjAFl%>jrhv#kOepy^|?8}lVv-tJs;tz)lo^IGrrX=uM3Ch3d
zn9@$?B2&q&Y}HPCJ(M78Pe0{T^2fv!>71arXUMbo+oWAUc8*O68{v7xE%LgJkz{>n
zamHL}O`ZD9oyYAwiJhEyq@(*dYbKWgwiEmQT{a@RhT)UVk*z#7T=VCb{Enr*AAgUq
zOP?G*e8Twh%y8^f))r-DiefjoIqx^v&;@q|^lkfC_58%kk|M870Rk_H;#D=fnv!wL
z`LqVXr$1P~bCa7pI@)m8UTv(%_MxdU3A!_PFjlP)>-__(@$;jPp{{G<{sbH~ecr`;
zO2AvoOs(=(&u62*wiSJSrB?G&#Jvqc;k?6p`>r=V{^e>F`|xUfSz`0;ugw$KzYo|u
zul6p|HN2d0IQIrtbEZ0OjBB*B$D)-oHThj5E(&Wpg#Wtt1>_pB_^z$(Kw>&`Q34Y>
zfTg0u+^*`lRB&!@>5EiUk?u1?#FN~Qj^VGma=PB3{saF4V~<2<l<IOyb?+OOIxNQn
zp1An07lCo3+{UkrEi~v;;CRRGZIb&7=LGWl<4=$lmm+BB%wJTSnbzONG=HVvbLF9W
z>AB_juSbi&cduI!8UBSdgUr-T5B&=dt9ki1PZ<>e_>PPaQB{1m@oC2?Q{obl(e(3I
z*RH8cefkZTb;11wG{9qjKdIjMQ6m36<9c(BXfYq>;diUsCRV6L+j-63IU(C~l$n#~
z@%en2KR3C}_2^}at~j18$pJ#bi~MG?9e98#{%bJ9caT5#S>>m?7d(xz^-Um~&cxic
ziOlEovAc2Z@ClbC@3quU?@*Zhw&HGn4ZX0n{W*?+V`8^HHH&;&pyM;egMTMVDxvM%
zS{~PbpPUIS&Dhujxr-@dF8D<@DAB1A5e>R;@EKJ9?_Y%bUtR<};_2nfIaFG|QyY0p
zP{LF6Py1_^ib(}c0q@92@1Di8yG>Vz&KE_hdk{Jk<4Z1d!hehaW~7|5_6gUP{w2wh
z6Go#I(3gmr*{l8kvq}7{dB^dKMy%;1`A0VH|BJZyj_11n{>L*CAt75-gh~n7t0)>q
zvI%AHk(n(aGLn+<lBA4mvS(S5J+t@9Dtr5#C%G=VuIv4Izu&jd=llEbx^D6Gd_ErM
zan5<1bHCruBDr7%%wr~IBr~B0lR)wR3UeVRFx=V#Q})2MFTYWN-D7t)=(Fr3h|2VH
zA?9EY%ue{j_w8Ekf3goq5crQb9Q^b@?nA;q?1SRJ*oPRbzuyNW*8SsQI`<EUN&a6P
zra0FoV<DdoUUbRkYViRud$Ocm-%PA^?}r@`=O2JZIOvwQTprquI9obA$7&g|%~z-L
zDCxhefrZh|w>4`tM{_3Q=ieVeBnBbg<KN$hX!P2cbmd9`eut6p4_usB9zE|uS$>Tn
zNBl?16|nJ9Eols0H{K~qk!!_DbdwX8;55xpgV&Kbh-yk-JysV%*N6S2;?SVhD>^%$
z)V+pt0Npvr<!<`=XoSBNowJbOa=Pz9AwCYXM~tyiKaQI5qW5Mh!FjHDxa)YYP>?^a
zT<&+G^tI+s*yqX)xN;CJJFU=#JFVW`a+TYx?-(UJXSRyk816lerpps{)E*4-;P9^d
z#}tysDADG)+*M@5)tzTwQR2PNNgP$AbDc}>ZERm@TO~-C^=uU^0*^d8$+9(#&Hc6g
z@i$HI7);<XAUohNGkDC)JvrsqSh8`5Mt+}%aw(?7aadhHt?E!T<exxdA>WsfI%s?w
zF5#a7cb(3!N5E8y@eR+WRaU!0gP!962c%K{{ZZIo*4HEaBc9)_Sf6N6FNlbc!O+DI
zH^B(I47tyxKOG;3nGU9qqhS28&6)AVDV6bt<>b}zyXghL(TXNc{3!YmKtL<iR2QM3
zZ)%gJeA3zZc#Vh2;MnrJLO}}uxkRnSPv_h|-8<=2rxV_>{7rM28W|ssx|<!Kc(UAL
z7Ksw5rY4q_GgxsmQjtV{xrfCvXL{Oi5lr_6N~rDi)!Qq<!zZO)q}qHwZI!_-2CJ5m
zuMdmE9nuk{Uopp+p${dOh5z2t_S;OwlXDfOWMt!WujW<<!wb5VORv0?=gr>(LciQs
zNBGQ;l+d(L)ghUx-Pw$#yS;PG0^g)Q1TxDjmCBm2*xZJX9mAtx>%&XtQZw%q2Uw(_
z>x$mNrF=TvYNklW(bJwIU~z8`vjs2{+0y8*gq-Nl=)Y+@!++eGhK0jy<l&Dqz`Mce
zA>MUsn-#WIGO_%RUw#)-@uEAD75}yz;N$wTI6P4el4(n*T*gm3<1=>`AsaI(X*0}8
z_N^~A7d*ao7_T|tCD%=j#oEIt3fxQ`NHcVpg-wtM(Fm^^=OThnO>o~hFqB(&wD<ex
z@>}8G_D{p^!bUrz=&;oj-XmmQ<#q#~+W#;oWI2w-zv4v=CIoO>yjx+|JY>Br6Gca^
zpLWnzSltWL24|8WdRac>EAc(CmYYij-GrYdFa+iME)|deya3Otgn7w3u1Fa5`gKdp
z8!SIDqJ04iq)Dc6Zezr(QD5}|9KVLVcW}Z{naNNS$dw@Vi*;omF2~v%;oujZVEXw<
z-C6k2cL~zS{`OE*PoRZB*oKL*!z8N%4An$ql)TV&9Tu7g&i(d722YmmO+nx?asm&{
zpzraGYq6J)nhC$xWF<dW%53)zQjJdW;z%sNile{3B@<?>EAeUK)B#{Hzw~$4OE{X|
zcbfu&S{M$u`Ug5JFG_Bj8~YC&gk#3b_^4@%qpawds3%HiG}45{Qw?*+;jhTTU#WdT
zMYX%Tzw)qCME4F#mL^!z5~E8l@#y)$Uc5%qzU>PljqvZ!|9tcfmSnK(<HIlrPL`L{
zEmgSsZN-PI+tL^nnossSB$vy_&=ZQio_i^p!_~8@LiiFFOW$n_T{N~GsT{-|!*;@Z
zxMD+!d7BO0eb)KFfdgAxi)Rf#?ha?33_lc1FW2H>S~qg(R{9C16Q@#AaL+zL_x47k
zJM2v%eUwD@qMJ9xCm$Sk??)76KHg{~vX|H8ZtGfNKRUs5A<W`)QQ?Q2?v^a6rTOYb
z@$T1lGjo&HEpak(F+KM7@vEIOqw+9uV^&D)X;AUjCf9={MZw4^XrM|ao0oZWB;7GL
z>2+N4TMWg)+nbX?872e=5AR6MkZxGK{F)3NKp644&#p?7UHVFzO<!~{Yzfy<(f`$D
zAhh<>N^3<P)x2i7@;EcsC7qY&YT0?^$1a+wznjP#J#-8VXDQ*>?5Ql^r{%I}@Cu<z
ziWl53B|6ON@$}5><F%H9D2`Q|;`664Dulg$U+;cQEUf2vs399F3T}6sYqDr3`mVMd
zulWSBS?QkP?}?`sV7fcBwlwx;eXt8hanW$N4Yc}78|lnTU0sO9gg*M5I;O!a_LcEt
z3zAeT;{6r`k3MlfK*60lfAuc1w=J|14e&PtMKn?zgjImLi&3HR7h_;X%=wm7Daj#p
z$-5g3$0V3aFY(Z0{r~(YVB#zrt{f3w`t7p6|9I^_`lcr^*ys4+-_9o*_Azl6O74R;
zm*2&}J>;XNgJR^-!KoFg-7gwyPsQ6d?>|o52~PCpVy{H8fhUL182y~|D6TP;D*6RU
z>BZx6!_DpQ_Qe1;h1k3dHbuet(lwB^kvQV@X%@%W3aQ_aiu`^&HBMf}l4KSjRG`M@
zHeV2vxfFS{Y3La_b40y78Mro0*56I;1S#@L?->WYG0+&3Hubz2j%kEa6S)l&cYFuV
zHU^{qQ_`t$r&+Syv%32+rPo~WP}!?=L3&5cG{(J1%^wT<4C`!LID~<xC->!laK=*+
z$MGM&8HSrk(sN9i#KoAC3kwSzkLBa^3^mh@d}(T}28gFi?D!!94UFTmgAh(C>c9L(
zNQRg__UC1wW+Dtb`%l&l&bsU`&RP+1VL`8-oC9H`?A53<AdIB{;5y#U-rm5HoXs72
z>lor*rSX?T+kp86j{2biemLr=jXO_4EysZB0q(9<R7PqN{^ocrk&~qQ>M9|q<s9p-
z=Y0a7&wu`3Z837R|1&GXM=9E!O5%p~{q7&F2Xi1RPqKnzOuPUd{BI987M7=MZnIqc
zhW>TL6-LUP?dbT%tP&-5=Sa&pmihYvYQQ%7xhO%Y1UBEV{I4GMpZf_8#00aEKp8I-
z`WCbZ89Ynx?bzafyjfcR_uh`}?@bQxAJ_aDoZRY87~}Mv)2M5R)3|36CKZ3@&&wzH
zx_chC!+G%-w%*yvIGLF2@uujU5ccT2GcwUW(+5t^Mq^2O@!B7I<?X_LSn*o6hp-O`
za>nzqQ#B4!fFo(A?@Cb06C^a{%zW?(sh$2}qal|!uVN5Z=<4E0Kl%Xg_4b+k7T>aI
z8DE<05HI^NBULF=lwg$iC(hD+0UBhJ=iMo8z$QzA3D2R|&XUA8Ib)Na2N(L`W99-C
zXSQ5?TWgYY`TV#^$H%zwt)t>$ye;lq_gbly{!9sw&l077(@PhYWpsnRi_5fUfYYQy
zwll`LhnmZ9q`HF_w^ka%Q~DmL;-to2)xvcrKX(Z{??W_CJe1BO!?r{zHq+MkR4>YT
ziky=I^+fiEymC*MtEiXp3XDoWY+@LL`E)bG*zH@FQ3;3qp&Cjv`4I;j23et>F#UQ)
z_+&Y6(6&1SS22q>7s7RCW3(n*Lis+;(S55=&WOHRlV(@L8>9PxgU$T=n>be)-A{MI
z;rbDN?Zqv~01oQ!`p3H49H!ICnWt341#S)0P#1Yg?OpN9_a0#<D5tk3sz-Qn^BEN#
z=P)Ol*6I_l@0&<%f|%ZOA0Flo=>#W|P{l}^4S(R!|D;jCnem1<qB@M1GHAC-g)HdB
z`<U~c+T*h%;}f!HjS`+?X`40|pIO6BNu~t}8X{kgV;Tv?;5|pS%V(H#?OdIV1Na=K
z2?6f=5)5LI%N*uGiHaeweVD1)%ouc<7kZSAnw^?~A?vB1Gqxi?_(t;8&t;+d25VCz
zDvG~l4aC<kqx(IkK1`{L?pJSGB+&Fks_&@JrYtshfQ|HCw;+c1D*5g(r*X%m4&%$|
z(bFU|`uptsaw?`gV}@Dl=?t@IsfdvebL{<ZzdiBhTPyB+7Ed3OEKg|WJ>kAw>*GSK
z9&zdFvBRwRRGtdk--sIis=%0`hEn;c7iksS_$`Q8b-Gk5Z}Xu^xzG6f9Fq(C_~ofY
z-%`v2RdNh6CMG5<_%6hjQ;s|?y@rp%`P5~>c%|4Y|0~$X;WmiKYQ;*a!pXPgh|qLR
zCvLw_?atBCw@b`r9mBe^-}byur*NzgwB|kE(v$1duQ*tSCG(>_#Qj6xktg%>uoTul
z1m})v<O^(pwZH~n#FZ1R#pTv6VjZd=+-Go1p$F>5l?bjEOGjZzmb(?P!{H0?fBb7V
z!pO{m-Oti}@%==(zl3_58SQlw`=(akF}@?30(|I_2?FfY3cr@W2FXM!u^(uri0&`p
z9J}Q*I`0F8SMTGVsjs0p*!r5n58gAu3?k1j)5&2~q}yK|^gdl|VOJi3htjCHpP&nA
zQiiU_Ajr?1ySsB%p$B!v1h4h_{(7wj&JWb<pHRz69lY3@PS;o3!CqqS4lXMRaanN9
zMERWH!ZM`aU%gDlw3Vz|Ccry#+TswO0wfI{W+PoUuc=UlX&cU8AED!1+|J11IOaPB
zijp2?mCxSxP;ji-9(9o?1njRel@ayv2n<T$|L?v!mZa!2DmRYj`>T<P==?Fd>)<aY
zxqTKUvAI(htIh8IdB&f)1`-aH-}BvHOJ)j!?Wb^N`==dY`>#F=?_aEK;D7ak2LEJe
zT76oW|70@G_sqV?JufrJ5aIv@eGW_U_iqz@YtlIExZAv>vI!=B!t_b67?$emaQq&m
zIS7Nbzi^Fm#vw&g^$(XgP4M228|*#HZ#=QVsH{ji%<S~)CGSC<g&5nOIR<QTf_%pe
zDE`-N5lZ&o%*iL(0jW6^(x3gOr#Okh`2Xx+{!26Xua4M%_gUMC1G9YmMqFfaa&n~R
zSrTJoqoBlwk{n5g&u~>n%5?mW_eJ5V8x**G&I4PEZyZUp{V9yNQ*%uw2?dMDJz+rL
zDtM%Xbf|KQxLKn^DL3TuH%%Upx>l@!YbY2*8Xom1>3QK|!mr`hcki7n+h345b{Wbx
zZj$&YbS!lO6cHNZtmOZxWBSL#0~d#XHU@~)*3{*8)|e<odmZkiKYcrNV+ffCeeXBb
zkmdSvIkO(Tn6Y|*YeTRi?@Z-r=0~BfkDtPq=3Yuh7%&Q0=MB}Z8}rbw?NOO~5qy~<
zqA78j0i)vWBYgOJR?xcM>k+l{SQECI47-Dd+c@weDD3l#C3**!8SEK7=A1Gc!<W)Y
zB$5tI@iaM(426eIlJCnnh+NYIVzLIV;G^WVs*J(y=WmJp5hkHCCYmD7<sm=dOM6R`
z&|KMzYcu!>_iN0EJ)0YK@^<v-y!BnUR@^;p9t#zgtir-VtfgIlZk7ZyB57L(k$#Vq
zdT;=8`_%fC5HZpzMpKo1SLZLM<mBkI#pdQ+-YRfj>flk_n_pgL#H^Y}_4pm)FzaYI
zGXsUlF9?ldZ#?^IsY!mLm@uH>2{)Z~?=q{m%ixV4dvw?8&$zO|cWMgbqpU5f@{m<5
zB={q^G1e5{NSpfQkTTi2$zk$l^UpaNM<ub1tv793>2v@{@VnTL`DeEMj1KwgE^V&!
zcQ9gba6CYCOLC~>#9!X(OP!#$FRkeWJ#I|XB$ZCotnA9;KdNa*$?>;eYfu<Vl8<+|
z+rx$UA<*acM$dcgCV1UdpHHrpuVU>j291&KY@FynZ=4aAhly7IGe=FwwY@RSGVpTy
z>n4>{I*b^SkO!TFkQQ$J)mYz+mu`GZQ+xkiHvj&rnN+}@tk*U5DAS-tZW&ZHNlA>5
zM8@?mzaQDejEZYHl&y5gDfWJB_<9ImH?2uW{k?SgSVv9iPkYWcvNM7)Dn^L;ur2vO
zg|4Xvxt5x|^v>ku{MtGeaO@Muzsd)+3s^1B4h*H6@zxYx$xkf|uT^zg88!ie>3I1;
zT+(a|0{(hypHe%ZS7rl8meW@U#++L_1C{lZm(jrIWgvKsBSS5-SLR0Z+KM(8OtQMI
z!?FWkt&0~dI-YrGW4?k|d%62%rHCex;O1f+uapbh`5UN@?_|>wkWli<Js@NCwe@}w
zbDT`^I%9_M$Ai9S?(#48Z`1ODjGt}o0z(&a07fok0z(TqRE%(YS88p#SSzRlJ*;}y
zdfK{yNtf!*o%C}ZIER)?Fw5LvG#i-cGr(cYg=^HH*c-AUmO(K$I;2s-!~%Wrgc(Rh
zdS))?of9k87h`;6jHDuPx-vsu(jBbqo&Z=$+4HP#Vl|gXgI51tvq72ehe9f>1KB6m
z%0=Hz`obJ~416j?MIjFvOpl-GrMR+OAv6u+?xk`7y8hX5K8n`(VO8bXzI9-vo5!FY
zcn3a-#tYMLiVndmgqO>U@)yj#-w7HL-5_30Wppi>e`}@A2BEfhQ|O}lfd!lWwq(3&
zMRT>#a`+K9BI5@mle{j6L^RD6gKv!al*R~}T{o_-Qh-|v-ih$(x3w|9I%$s4<BkR;
z5?IY_O?XY4Zkagrwo<xnEp2w6w}>-dZ76Dz<jZM^XK!dO;hsz>L6tuCGV!--j_QI*
z-REq^B0X~vMTy~Y#&{QtRwdmWWQO**6-;Bv)Fy34=19JHI26Vfi-m=?Zg4DuipwMc
z=ccLSgi1Fb><rUDN6-n4wL+t>87as_2sCUXD%Uij7<)UdK3gJ(5unTs>0iyJhL?Ww
zXLbt7zvXlHxsh}JR`Jo(Gn=_ax`y9cjI?^2Z(m||00zHJo#V6xm66l6N0&ES&YIHJ
zNqOCXWpuuEt}h>~(30$~*%j~Xa2GmHz;ZG#berT&b&bbFOiw$`*vG7u&Aw7I>;$%b
zqZz|f7vj#P(?Nv{N01w-HvR3zQOn-Z=Hj39%hk|Ns%&~<#smK7C{k}ChLU37siE?|
zyL^PB-ksAEJwLw2yh|XRO0VzEcL?H`rylV2I?W+CK<IA<M<BUr_*MSU>1hDFTOnEq
zO$%)W(^k_UdZJ%o@hXcc?^9d%8AGhv5}L(}OP#%&oTvGoyEJL9s|s}i<r{Y?xPqTS
zU|I{ZDcJOa67CZ_o9>OI!57%fL^+IZ4#JJ^p~9}SGeBCMcOG|<ci?g}t}kCR(W~rw
z(K5|fXJON$>inKw2n)0`E`9%cpH+UN4-{m!Ce>h0Sd8R{k_Rw?Iaev&=zfCJyJ_Zb
zvl4uh{?7^1a!LoOBV6g<7F_7l^GE>9B<peNK)3}?tu=<59v9o0Es=^`9O%UGQK^1!
zDhp`AgCk-g+o3fchg+-f9X4Z=Z~x-UEJg~pt&bk%PcqNna+;b}vo~C=;M@AXx|TDe
zW)rI}A+(fTH$B}uk!hH6{Nt#&O(WqPl~I&Z!)9PcK|j8!8KREW^tBVXFX1|zxgf&R
z7|OjFTD01doas<@Q&2(OF=K5pt0+A8mcv6B7C&iYyeiA-ujYTJ$xy}V!vhI*m|B>X
zN4xpMbGlhZN+N5bC2_8nk41ISc`CJnW?F42S0UG+rC2FlM?zUhEW;uxf41u5fgc#O
z%f%m0q<Nq6Z$4H+qHwn#lxl?D3kPiqbU1HqgzMPa0S|Z_=1FSO2p@a{<D>>?R_i@;
zfg>FkSBL1feDrwc7o)9Ohjxg%&rfL6Rv}TI$}ei}I@4N(&}RP&*TK#@r^R%vpW;n<
zGkG(GP8PiG*;fy8ge#1iw$N9rTGViiXT-&(Xx!${%|!SgNkv7yT~^(>R{E^kHD>Q8
znG57&oQ}4^M8)xGGy>bpO->!7APHnK1Ga9M>=qaN6BHl1`r<d2C=^!k-Q3*tx5iO0
zHesA093fLj*bmXsj$5~Dzsk2aR@#`EnB)g8rZu8!hWh3-q0;+6eXXOdQFA<3PIp|w
z)J_JYv*St!v*qC0bARb;;brQqAEaL3#C&d9r4d~IL?Ee7*Su6pX#*k*HZr0bk#E~%
zVk9Ms@+eJ12ktJ!TX&gPSc>z*;CLHQ(zqUWPLp`Ys@;pV>?CQwF046z`Ma|heMpG|
zz)qNqCBFS0c_x+-g{v0ResVTiWG(JRSw^q>leQL!yIRltvd>qCvbJ;!n9?eYhjqB8
zYkB@auh$}e@L3}P`P!zCN0u#hcCG1MTtzE2$BIF|<cDnY7rjec8<7N#U&iImWzhNa
zH>y6UJY6GM611_{SvOvh6Y6wZXq2b!#;bELZ?5t*s)JTdjNz%vOnrJAAh4l)_K{)*
z!uAg+Ji_U?YH66h27)NT-seWjOJg5>ihy9%-S0`;GxWSD>E$_v+$B)ok>pQgh@1q)
zA(Q1Rj?L0yIkX^e5@hctvGJhc8d;0cO54L(BZDKAj}GI&dzxA!|2#JWGHCB6UZn(>
z5`Ci2zpiM|Lf?4(+m9(kw#B~Qjb=!p(+S*;vz5kZm<B?nY7*+vaXgzo`j}W!uY=zF
zHifu>pxZfh8KxpPZ|l17FzuP)sl=eX1;@&YSYhC!(A(W)$_T}zso~CCoAy2UO?@u3
zEgKQJ7{9>lp>xi@O6GN=tWOuMOs~w;PKD8RnlKozZoK==6)Z_ECdoogq+A#C=T#o5
z=A^Wl;u&%!S|zV;>Ptp+8`-RHT+W(r6{r#Eu^0{Sn$7DZyToZj{fWC>C*|<d)E>Ku
zL?nB-b!HucsAM`D|8wgypS+WOOlx$ggI^=~wnE6x%%V&7RIv08(k#Vlui1t<{V4n{
zmpmJvQTIcvQ0;i&fj7~3Q4U6-C(nW847y+1v!tTU)sECeZmmG30rqpRHzsxS5FM%v
zN9FTA^2JJp4i7^e-%a{C1m26Pe&vAbNa_$%bCC9^vhSIDy>2qzJYpAKt1G?Y`yDsp
zA-%L{2wV8ad>6X%D#1I^w+p>qmIgY|>gA;=fGQKquxe8_{M#pqCdVT9U*jJQ-kEX5
zvwF%|g)9$&;{EE$pdpREswPXmd^@sR99lPqfek3<+Y}JWRwl_e^)aC9+fGUPIMLX`
z==>2Di>qAV@2|?<gmKAV@&x|OkCDr6fs^L)qI%Ip;mYXb0;Qq2Pg$nP@ZxlIuR!ip
zQd7KrUZH+^=c<o&6q}i##e>D7wWw|`QD-65EDc<CU8t)+FN_{=j?Fr!(}j;V3Jxnv
zX2d(qY5iD775^9AFeb?j?xkc}C3HWwqc8AJ5o(nCQ0Qm+t6ll|*2M|C*Sz95eh68W
zgEW?pX%(trVO2aFpNjKc$PK~HE9ky{F@tMCWM=si$<E^>G+r75ad^R8g+G0r(!Xv6
zt7RC-QND`CYMT%*ykT3}Mtf&{rOi{cs<>h01^!Uy4aV@HOA<L(2{~~1BUY+)8z*Eq
zU!=Wt`1<r_m32evB231%Odn{rR-aUU^hC|7(U9MOC<aQXFAg&are7Dn$@F?$j=Aoq
z4}0x(^_-go&(_~NHCHR!8H-CKYrzb4mRsuSx9}^~?R>|^qWl-*@zEt~f|>bYoT5Z}
z)eCbApd3ZFMJf!4Hsvlj;vA$dd&Bzv=SfzvL6wbD@(*2aCeyBpb4>-pY~UmY56T%z
z|J<zaRtcJZJkbo;`s-tPBkm<eESuZ9fv&0B+nB0mlTDj`+x@B{GIr-n#g*L(Fas2|
z8Lxet;PT*7UFEcyOH)bczo^rB-q|5o#Zh4mFU)`~advgwH<{XJ<#7q0Bm<flhY~ax
zWJTUma@uV$_4fSqv&jaz7<P_vPxW|>^6sN%>kk*a8=t~dP|KDg^ua9mh)9>HQ#pvD
zQum89GL&~uXAVt#Wa|9X<}Iz`Y0$N-@VJAd<0bhVNIcOCEV`4ajj8>3MAlpjA4sor
z{bNeBdR<W{gLFSc8T~18<!9K>lg-)h5Dr?S`&}h18wg`F=vhdzS!wZ*!Vy<<_(>&;
zd!y})^e0`q72{PrcH<W{=`i$pRP~Oi+GD*6&U_Ou3PjC~%J2QlM3t;)ba&?hsgSF@
z$z(aq=I_Fnzga#a^)PW#|4c5|DMn$cCi~U%nRA9@ryP~;NOb~(0#o1hi_Odr?gxIc
z{_*KhTQ%+0az#@p4+jSB_Lcgg4tl{RN^k_1z?vR|@xW(;n^5|gb=|%2Lsn8P{PNV~
z0+mSCK@`bWdrkM^Xsx%o<V0_`L`b`0{Wr>2;T;TtE`coNXU#<q+Bz~k9*q=tUniKA
zFZ0nnY9?xTS~P@i)9NJ7VY>~{sm5C@R#FZF#7)EU)Q!HC>MLhb7Y3Eurc~658{#>u
zBvV5TdY7vSya=k!R%YG)@{JUY@mQZ_(#l+gS~VYSjJmvafZCMwT7$ontmb&ut)cH%
zi=};O)Y-2Km%#w!JH*=Ssq3Tao3pPz{zz6=s5!0uEY5x437d+nZ96W%Q$&N4_1qd!
zdF)I(GOyR;9Udi#=Ay*4@RuRcaQ0rDe4l$cQCV$FreEJzgmNbZ=W|tamh81gZzqIm
z()s6s6WnkCUDDlO6JK2QjqFUmt-94&k>_hTs#FqRDIdaCQloe~A~mM+{tJ&vHj;;m
zK61%%%OSDC^eb(m$|UU52hqfmPoMdE<-EG3Lh`k7&y-NMlY&3Jq~3jPRVO-|zf7c4
zH*}D?CGDqEzd6L?UJkAFvEDofv{948+$%=3HIoae{*KIex?yc|gM;gHb;%MG(*#{{
zE>WvIaJyS-?3T@9*y?yCB)>Tayw#h!#?K`N>z3{_`6(`V&sL0U<#hJGx+q%XFrq7u
zJJ_)NMfb&U*@t|Wx!G4m`BUFoChP`2M4KlGH(lCpKz*}DETwP?GmQ?wEj$up(nuX0
zDlZ-)qY+l?SYJo7R_Y`j@>wE&LgURVS&H)1VfSDU-;#6NmzCPt;rQnTXDbb{aT7&e
zmbbzYHX&u*oDo{Ivgyg*id}X3jtcK?=IM@8VOR1d_bgL<+3=?ANkVie6T+f34%B&8
zRb=-bzu-h)?2#vGId{I+Wxfx+7y;o)W=(JNaJnupiP?)Qk#TvBP3Nwxc%qO+3a%Ac
zx*MaEotY8G`4sa|3*jA6|HncR?elQeO<G(H6OxJnXMKC!&?sWHIi~t^$!74X1B5Y!
zu#6jyvAlu?QG{ZR$9b3IVWk?%gX<ow4lxRaw4&Yl7DZ@QIQufWIj#1Eest)qzbp~-
z-c;xr+su(BSl#ZmUA0&#e7)}DEhpwveNToZ`E=a*&nKmJ=Cb-OkKm_w-)1vj-r8)7
z9rJgXdP$F~8xSw9k1}x>+W1amXZ8IZ-3Xtfq(@L)X#K)<AH5b?MQ$NFKRKy)uMVOZ
zg;px@ubC(E(vyZkru=jKW2cjf8ngZ@SM~sO$xY`(S@sc%I$IBdtU;-bwS+Stia>es
z{XxGu&6E639$%F33^xtO=KfF=btc6T7nj)Hep9BMzUr(rlJAC)PPEMGl@U&{-<eok
z(*DT$!O53}G!ebG@Is3oCUuK)WAK9UJB7J?+MOa@{cEU9l>-E2s^W%H)+xww=6>Zk
znfWeJn$KL*FI{W@ita~?o0Xj3-JQQ4;bbKnq2MsVoAq$zj!ncuJ2TfxI9Io|VJ@#@
zmi=hW_-whvmW9epY8c=0w}vg-g+pP?pM8@UnajT?r#4B&2b;6tawj_spEFD*jnhl=
z9`$=)2I*$`1+Rk!^42h(F$c6SW9-g+*dXS_QH5)RJ@4!MSax|dv5HzLx`<@yW3Sti
zBS2$R@|u0id~RsOBgc;ePlVLs>wYd5`f!#zSl=l;@Dp^KFFs|;pUKR1n%wrBfAgK;
z{6`V=0t3>R>lo}JN2x5e8Fm--gtnZam}tBADc#=&_qD}mMVp9AYwk@q4Lha+LZjUl
z(^)DNlI8TP^m`%yI*cA4Y#bj%#`}3tFCw*8m;)k*eDdw_moGqd@ie~8yKgG0fs-o}
z-ls7bg$!F&dS-(xSASTyJ?o8Dc>kjPd4$sjFzzk<?YjmW&vb0~$gOk;2VHNzf#p{l
z#*(%Ms#G!ea~B-$I`KFguOz%^@TS|eO%$vcTw@C*U+@msO(dUle=A1UH)Pny4|f#n
zw!0P*@wdu%lB}o`(6hsOiieWM3nj`y_O^X@Z$pvZ+p&{eSfeJlO2Zbso}{10N2|y|
zG8`F_H6I*_wnW<Q@JkXUQ_j_%Wj-$-M)J}dgq{>j#>p^v7)ghPHaaS_l_PUSgF~B4
zKXk+(qvPy)(BisP*{MFJs4+x3k#bJY`J*#jS1l`OogH$MOId3?ENASwbhE8)6-yJU
zwG>J>CENnp2&G)3jrTwEpq$aHHnj%c4Aoj1Fr!yWIPvXar>&#9C~;JDzVo*d8hPAX
z6jwr}C5$gY@0qLMaLgjq%8L3IikiQu??guir2F;_fS=L*?Bh1VP_2HtTdm%PS!pOP
zQi*V-nXW4`=RL82>j;Nd?RMSD^SE_zMbjdCMBJ$g2iC!S?6<~t3+16ntI=U54-V1T
z-kb7Vx{h9ZUE`TI(YbU{;{*!ss!I*=m(`jZEgM4L8+<g*$3(rq^(uENtG7^_d!_oN
zl=EtnWHRYWbS_t@R~47G^th)3<M{}lsL*p&4^l%*4|?Gl&}sK6E(ET#mZZjovJlwS
zyRDCSNYzBYSLk*4DpevtX<j<h`<>k<P6Zr)Ih9HFr>TrKH63!X<5n-$KxponNfWt3
zfMG-clFDSN!d&?g)=Pu3uMx!~xuvdA!M6Fb9UO2J9a8*}dWuIa^{9>?ax{Kl>{rOj
zG(fu>GWUu%ShYiOuA07H0Y=?l3M(Tt`)!;;)X%p(C?ucw?2g;CdU{1TYwF(h>)${G
z&fvmIT!m@DLaQw1PpXBII~iKD6+vI<Qp<2p&t_nvKztzk{$UfLvNW~RIiLnd<uqmu
zf^*c7-0u}Wt1Wy`;HW-wT1WzI6SVI*!rgDQ<E_L+<elzY2X#6VZj-|0l*irzi{GN|
zE004C7K{k;#*q}ubyG@+BpRU{WXhXiaQpL*&SjR6u#fx5eaL#NqitZ^mCfo{bE7F`
zO{b-}p;}>+o6>^lM00C`Qef@lA&T$4j$U3+NU_RQ)o}Nw=!F~et+owyq>9nqAVxc-
zpz1_jMea@KwBBq@UiKNx?lXDWHJPr7P)B0_^jhAp1%t<DelW!Fav~)S!wFcla+`t)
z)oG+|V4O$#BGqCjK&(|~xiJUIg$Ac?yRo0!u}K4{1yisY^!eD0z0lac<selzq}Tqd
z>c%|hdw;x*#q1VKZaw8qd`|7wSgY?U<;vXs^Ub3u3qKjrQaxp-?;|O}=1yULajR!O
z$h^fP^E!@{P{Sm(ak#<KBD#=bPH3`|+0Eq!W?o(oKdVwgv3H%Yta_yH+>Y?ZE_w$a
zNg|)eP<!Nc^#IOoCx#QouP#Q$<v30RxkNb=%r$vGox@>7^&$7R_f2m`Ckn>8rZB0E
zi)O3Ng{37RW!iZ=t0X9xR^6bVo%)Q+Vp&zV0-C3NlKelfnp*2dIA+TDz5$fdJK-Qq
zULnV9n>6sjDx!k}&qR*g@Go-Ouw#_2s#|}*DJL`(7M;>-)9WY`xV&a`jG|O@px?UF
zSfTUuF|qQqeLka0r+pgKpL(;NqZ0odR-Q+e{!z7EZ-8#I&>h`xlIYX?;m|b8QqknO
z;cGIEy00M@SQYuz&FQ@Urn+wYp(XSvFNE-OKg2H(;uww4*7~v)qxQZ2GbBAyhC)TY
zb<0qmz1kzT-yPmpGR2E}XjP@#a(C;am{Lhn<;X@Dr?`fQqR#>>fZ0<1sDPMN*@s&L
zWyDj#WcTLnnnh?=>pK#}T3t`ujfqaW`>${IsBh84misxMujt&+Efl<&g-LyU4WyOC
z)rD4jmI_CuT4rU0Jv8cy7+TMxi7`5Y)bex>6#6syot+Mk1;9@aLB-ViEc&qX7nMU>
zAeP&&wwU(nz2ird?%Yc<V#!q*21IT1-a)0uIc|XvL1deoayVZ#WzK;2xkfuqqJ$0(
z91=TiCWi&4KUXug+sYs;daKn?sz2T`$fapoams)_qtoAbCpLy|_byKTUGG8_fwYqc
zEtJ=f$IIlsUbxR?zlG7*&l&0yo~GSD6!U_{Fq}*qORx28!E|J_g3^5GQ`6P^cHiS-
zIJGSG!Y~P1#_A_%ky>VBHEDZ>>82HVdovWRGv{BvUawY2yLI4>0I9kbH%p(7EK5ua
zvn;PkVcd!7mC=Y9SuT1OUZzfwftFk9t9R1<#NpOqD43|T)HreT5cM-(g>Z$f9`~)h
zchxVDl2-<Lsi0uN;izgd^-}r8e3!v=-F)Xw8F4Fd61v)_bauw0eQpGjSyM$@n=7h~
zct;A}zN6h-$%JxiG>2X@tzCvm!`o|T&S_7fo&g9=LIag%2gN++X3jGcqU~2dv=18Q
zF8jvIC*D*)bf;A&IOnvvlw+JZ>2%D7i1`q-U>@L-GD8J+*@C}_<-Sjq)*UomZQ<dy
zk$MpVi6Yw2jjy?_kWrng52cuftGnJ&p)w^UDZ7lD?q7BwQT3|m+K!S0X8@{8|2Y>(
z-d6>W>;esTe6-{W(A+{D+0PN0Sl_}#IZVhdpRvC($e(V)GVzjLdni`2YM|_C4Q)g?
zN@l=?&0VMNb$DUbvFJhT2R^B*W4))nXwH5~sP+uE>3LY)#@b5$LO)6=)v}vN8L(G^
zts)$gSz47uG0J?1aB&#Bu4D<P;Wgo)?*t%V%H!C516`7dS7~k7c-2PLF~_JqZJvCf
z{YDcHN096*v1BrdA@VW$!qnx*=#qlBu4}4IRGEbGSm<<?ctX-1+dRL~6t5483s&FH
z?cCLTXdw{!oaZnrH}zSV4L}-=1-q%YTJepZ%<G#rHrvRqDqGDl*~gW-y~}6~`lNoR
zH<vZHkNdrR?2p7|q87FC=(T!&u77l4kcMF?z~f`@i4=P|;6X=u8*lU-z4pV<Q4%(@
zpcm&bbX6b?2%eBFJ&9XEJV*=*QB2^diLZsuA%ID8XT)o3g4f<soG4>Qe1+kzugFE%
zF|5p;zL8DBU}zFf)mC;WHquMA78(@r7)9hUU&GQ7t{J%$y0*QfX&FHI|I$AHwWSZ)
z%yL6`nrbwaG${~VI&@Dj7gOMJEFvw4ql`!oPaR;iqsz>^XE9N4?e9IFgQm!^3H0!`
z@ly}9`z-IQ>0HV%{PH=q&>is4uBUMHysc|^-$!fIhe{hVAN;_QH_2uLxkGeCgSbX$
z<kOw@D)B9-9SjOw<bH9i(5zBCawF~}%Cb0gy*SOi;P0V1KnU1&2IJ-RUVUth@iHss
zZTh4~lBI{^_5$SVadx`a02=s9GaXnDEg$YrlCtB<?Y2T+8q=fcUTWu}5obJg1l=#D
zjB)!azl~eH90R~`wmU#%wJd${l>llTn@4`N<$=z?24bNAKL{udYS8Lk{>jzIT5;;|
zissy&#{O+JbZt9H)3&e8(Ep6d??f(mYr9saT6~}M?DkH|9Y-05%;vp(;%2Mqcxx}%
z(Ng%0QQdfA@H5vYZ}FTdq?+KoTi&|R_Y7q2wewl8mrAQ_wHby#rph>2$8&OndP05T
zx#szTvCs3tyycnL!kWIW8+&jS3<TRv?E*2t*CWKKFBLF0`%f&j7~VgDsr~_fx3d=i
zAsh`DEQlfh6C7>J_0vfSn#m6>o6YrYZEf|ee>B|1uNzI0t)|c*4QAUl24Cjgd<Nm9
z5Q_YVD8OBE0vXH4BXX2fTpo><9AtZVp7kOK8j$xXCAYvOJ;sZ&m?)gb0zonWBDBKW
zA!vXZ{O^AHKOpgdc=2C-AG9w2`2{Qg78bNkz4;erK*?R^SE5)4bZ5glyb6-trX(&m
z5EM>_xEm0r-}Zuv#f6k-dqE)pQ#gDACJSAmC8utz<J?A8A{C*Y*k9mp|Dl*Ssp?}T
zcKHY&V=C-Y+Mh>78p|)5u(yI&R^O<L{AN?jU8X(9lz<RAr4!5see?Bi!i#ScnlT(*
zRFs7GYGvJJbI^JGhsexrzS0x8qW(QR^dGQmJNLZ*5G%V)hWKxmyZK+(JLBJD2LFc_
z{Ck+#FVFi=VBW25wDi*!180M=i3!88;Qs+!^*<baVAKB{qWJ%0mHq)6{2l!W1-Hik
zt8LWk`)51*d$iwwy@E)@_@{#)bdh`LY^6p<M+D{S>MA8~^qq#*a-DWc0n|h(W0&WG
zEu#F>M5aRzsR)mfU?f1izXm1W+&T&3PqYZMa)qkI5BI}`^@@~BN3(Bl*MWZl<*r`6
zT%-gD`PZT!oBVK3c^eIg0Ex7eea4*~sS6>ThF>%UW_3wO_`jE*U}#y{Fj<|~C;gpP
zj!E<_TR&YT^?}?fZNjR5D;t+V-;10j6?H(M8*)k;;Xs6D+HuV~kwhiKmA?079=QFY
zW(2vD?5E#dbj55<QkiK@P<^#|D1I|4quQ5}TYGw=waw3^DOBQ^3X%g??GWYgs9EQ^
zJP|g`%Elb??<9O2`jiJP23hw988!ns?n`3TVjjt-;UxjsM)<CWoI`LVY>!m3Oss6q
zs|1k#RK6WP6D=O15&0XYRQv#%Km?0wVdJ<>^^s0fh1F3DgFf-%Hxr*^kYrH*&-L1+
zZFqeyYLE!$Ei+c{zHol}Zf_OQpZ*cyZV+N_zCvlW&ytvY4N5c_@u9fkvEJpyZQMM1
z0)z4U^ciMuOw{Lk8|wjZxr=~<-Z}ERW9eoe1?^kKxnLgX-;qnyfLx+d1S8SgxhO2*
z75~C4*|t;^f5|VtPIR;qyY9PFlJD<S=B4asHTqznZRiBpraP6C&yQ`)jby`5`jv#(
z%{+tK^f(oIi-CM~4j_K}PbKs+2PNK*(R%++&`p?mdUmCeH_P^?U~A+}{kem_RzGE)
zJCn;b+X7SQz1F8|d%5)YPGK8$<hRGYbKMI6JelI#44M>Q+%k|sszY=qcYDHH_upap
zU8_I+!C8P<j7BE#ZFy6)ghdnaNnJ3~3$poBQTO(!x`5p?qpM`~OmQ;4^?e*B5thaM
zlKqEoHI>xc%^UbAUfiJX5aYfxzrBlKg|F|B7?fg}AB9M81#lR)#kl*b*r)Cvs5*v)
zM#B7>Pgj0i7nP=X=kM^gz`*(>8ul24PsR0qi|@_N<=3iFWQN<fY(R)@=d{Io*i7-N
z?8TB&Y~8xG!G2~<STq#e#(ghrfw(;sPWvmE&z-^qLgS;q5E?~*(D-xyns@;Cf@UgF
zX0XI;?(NryiLerMYB#*eA(Prq_(A^uVFn<SemZ`1d>n3CQ{=SrOr^H=n@!t%7Xb3U
zrryU$fnOM)0|NT;D!s=O;DwI4bFw1HT!UZ8+=^3wp#}2;XW8@l5(5gsXukQZWPa`!
zE}ZTmS;^lL2e&CIso1}zC?}2*0KXpm9P2fh-XUX3o(g}sUl^Yn_wesjRDqkY7y=#U
zgVdbpwcHpzttB=vbsFw=_K!FADr~{h`>?=6eOP+c1VHIzNTAIaq1^`9aQE-m1bNR0
zt2FNEf^z_^qLj!#wG)X$Kj+T}Y;WD4$lMfQiSEL!>y6QLS7zlZNff#U%5dq59(>+U
z6FPBQ5?!nBMS8DTE)1Rvz$VEr*naFm8>Sd!!pW{-AYK9;dCLQ_@4}Gl@UjWQ;ql5Z
z!2t#1UydAk4<-Ru*H4i{1vsOSoxixIuC9&|xEt}W_mo}S2ZwDnMiZmpUVU}1sBG=3
z)9@atsqH`f1_c~cnOY~>@ehP%qNikkEN=hNGua|MAX2;M)eg84!Z+(;UOwH8K=UeK
zrNL~5j!W9^eKnWM<A@}~yht&oi;Jd)SH(A2XgrkdYS48qDa#wXS^)bVjE1cU%-P-B
zy5)cR-2c;OZKKxPZ$s}iYz;zk*FSL`8jaBy6I}yQ`b8UytaYBh5q%F}dY^{Fq_I-*
z2mT*cSqlP5|8M*8;`IRzvztPg;s>y~8G>wmx=8_<Ni5Y%gtLD$(4NB2F`xYg_gPvD
z_@OU<YbI!H|A)_N#6xM7=WHNXdHw=%`h8Y#0P{OyR(nX3JMWklhI4qIDZ5<uEr#Uv
z)@E-vFplFAA-rTt;O<^E@6YVLXC}a@;ecad_S^ZoDFt5OJuN!J0ZeM*Tm0p)v`Sch
z7Ed3#pM5RKK(sdvg44qTH2KO;_fka<pv8Ecs&(HvW9boIzrC0X=x^+8m*kyCz$~97
z8R-A=K&`%^dnt;bJ|`nWI4YclurEv7>#iRBlMaBKqhex^Fk$?pi!@wci$4Ckv$gjb
ziT5W82VALP+a6q0On|<8T;vmr$nDP_nACmy+x+)FIB6Auee6<D$C0A@JiPNIDS<dR
zzb&yJvc&Q96UhBwYGUH6u~pJ;W;wYb4BQJ4yCXL3eHUQ$Z=O9XaCjeND^>GtBWyu9
z__q^y`Hd)S2*)wzA;?#U?v-YLgP(8zFweHs2^F03O$LVFR<ODFKAs{(W9GAj?YY~_
z{I>S=z9FHoZ&<J@cuc|6;Jw}6Y%huE^bdg8<U**;kqG0;JFk+Ni?oY}!hh`XmGGY(
zM7K}&{6?kzxWF<ex<73lN9rM{ppCQrIyD^&Ubg9}?+K{(eVXg^(O@1;k1#%6Qei*W
zKs;)U!whU@8nhUy+mZ~{E35caT_0Ku4LfzjBc`Jz!a_F*K7EXnQROyPuL(G~@2l@!
zMXxgG&DXva+F$r^jx@`>DY`@OSJKtms$}Lz$?b#w6r?#wUp_I~HkGEXoPU=LotLPR
z{@|d+XtlM4P90@L;6k7DAuP|vb~j*qUt0Yk^a9YHO>#<^^>O<XxE<e1H{vkjE4%g3
zLYHq-+EA->r(F9h0G7MCI87v|rPq#!-1QYl@oF3NH7lja0z_X%mvFcdI66dzWGp(A
z<}LX-hV9-Tdv)uc+p;rOv0lEt*FywXW6CEgO|&N0T}2(w?DY%fzM%_>Qf&Uqsp?ed
zwcpw$zPug;VC0XDMUZvQF_2JBQB0ONA6v^frz0$SiE$gC{p);PrbF8pQOb3=w#xhR
zFjf4!EA3PqW>tddlQ2d;HRr14RHjQ{3#0{%5svAOr+RMBF@&C!I<e<%PSd{$<^C$4
zAfAju_|P|(Nyf&W6PodUmPN^IpJpw`aa=OP=(wq@F!j5KEOhqm<cZTKKotGRL0@QL
z3f#YA-f1dDs98v31$AI6Qt1o6o=BN(H0ZygL4zKdw<hge2q5LB!|5}B9yPP9)J}Fy
z*BXCd15?xTrdCIDDA=RL1P^2HOA!JiiamV8x~k;j!=tNv%&%C@s+)zKdxs@S#eKTx
zF@*2Yo$%e-Z*xH@^uk#A8!F6w6!D`>LB*{@LW(mtH>2c?fwOXqO8k>9)QxVcy?KzN
zJWTT8QQoN!O`v;-$kOcCP5HNNa`PpBZst9Udz8r!f%V%%O@RwbQ;;29vbrF!l#>SW
z<*32(qbtRX{C}>e>m3AhKVc0=^TD#eZ38wp-Kn#!_xUlYRi)bv`^+?%tnXS_|M~Ms
z?f~V%Sn!0D$9JM397ebl_rAXi-swxSgG0$+`Ncv99^SnHv|JeBKvPn1Yf=aVI@2PI
zvFr)-+BCUwl0er$5>^md7*ap5H_kATAf@;`pwoP~-}@6_4wgP2$SYt&VqL*&Xo#}w
z?!A0mwnzF0v}|S_{()&G*C05LR)`cgoDOsqfhUVZ{Mh4HZe9ofJpp&O7iK?f%qp?D
zk6%99_<jOepT_B-^4mkPBVBvfGX>#Pn^VA67{1yiVWKHsOP0f|NjrGqH#VImfS5Ab
zc%<C%P^Y!}f-#QJ?Ole$^iU1_1SJ?(w~GTZu$f&vhZEP(B|%8%R4W@Ua&`VU-c=jf
z9Rd!sqh{XJZK!=}q@+lT=P-v^LWAozGw~v9I|X1ANmf$!?fP>fAf)iV#zQ@KLKDq4
z!bA}sASuXML)M@<ri<L0rX5AQH>lMhn;r~_=0l@<H$JpqP)Zwec6svZ@)8nzW3zHt
zOZi5;_Q*WF$wz)+75>1i)1eMk9(3T-5gJj!G=o>y@ZndkUd+cq1epKG#_^H912r@a
z$Vn6MfGy+Yz~r-ikl7&NTHKqo-M#}`tyBSQ^&G9)dw<ka38fqSbKfXs7M~6Y$bMK<
z57irJIhS^F>1%Z((Sk0ei~JPr^1dhCMBppkKxDmhWQ&l65>5B&)iPd7^<t%$vVu3&
zB9-%{Qpx0hwCAuM>q0{zV|M;{T`WWhfT_8d73&a#H+h91R{6E!8y7+;k?VuwBr%M1
z-Oc1LuRu`Na)duJ>$@SD6pV+GWFi@3-#(7E?jMRz*2L|-In_UhY{kO^4;3Wxu9*ty
zo@`DdmlEk$7Mf2S`iN=vJQ-%v11}p~)=i#uv3x*a5fYM2)H@;<t?$w%cx8Tuwfpo)
zo+5q$+Hrpv#|3oB2Q|&x*NT7B><pj-BQq4d|A6QrQ{Cy<FLJ-DbW`0erahCJkGh~2
zbl%K7eEIQO3Jn3$yjcD0^KRS7FzwR1$ekAA)p<5@V2DhUl*Q3&I=~K~9fyfzW-(G5
zk$bO+#l*qPb>o|M<*QIhNPQmGwRRFx`J(N8jk*wl$K_#@KX`n)n!V1)0W*tWX3Eq#
zugR+Zk3E2GJAoe9&r?7p01q&^jdG{}3(J?PfK5vZq2w-5g-G~>Yct;S$$pwDoK|1B
zApTHIflXADJ(ac{Tu?poi;RJ`gGC1Wxwmh+z=+c}p$^^E>n5+@?*bhx`o*2?Yg_#8
zdu73dW+7IL!$;DKwm?=&wC#;T(R_$0!uE^v3Ow|g?T@`>I_awBC^=)TAPv&BR~Zqv
zcWS2Mmmw^D_dQu%7+^-%A4R5OdtR%5UW0{*{g2-ryRiMc7Y>eoDIVu+s5FP6%U{;a
z?_#2cLZQwR#$ootF|h9L_;3P=s+eF{?5ncaFIyBR|BMOs?8s*%fh=<!UONu{F*IFa
zbN@{($PVEA+pwFR{hoh!Ld#*OD@p}r)JA;#9{QhovH)cHj1wu)%8Fs!+La)f*IK4d
z^hF9-M;!O^)f+1bETNFn?YPuE{`1xOC@jCr^YCr!Vmy<&U=K#f(^(CK|GeA_TzR7q
z(Ugb(3RHj@czOIl-TI-B^(;pBPPG!uepao3_3@($Ej#y{8$^C8?RtC8?C{C@c;J^z
zpM<7<*w_#^4S3s)Z<Pef@D3c<+?5>A;ovgtgLXO#*(Ux|@`-qIzs@g3uk~$#K<V7o
zqM$xCzXAZJwwl)hod~L-(#A+A3*ZdaFRFN@+g4IM1*$jTCncq9V8UTG0Qhy@N*2_N
zt{~(r7;s3C4bt~{+dMv)U)njMX>I3Xn3PkVsQmItZ<NvZEm#Me7xpAGNi+S()UqX@
z)$t$ynrz=a(P$p-KdDq_7nBDx4P=^fMqf`za`!)8*9rRNJ2V-<R3oFXYJ)xN-}Mke
z-*$Rx=ujev0n8#kok0rA&%>0(n>)xh$`Gd_(I_<&As$ViH+}eY4aknYY^4Yn76_)N
zNN5(jEb4-sh%>IdZS3p2XP1k>>!*3@9@btBw+pL{GCz58Xmuhv`S>VIs<&Cng)v<d
zgE=Wc{d_;rrC0a!yFyV1GMJWT%EWyQnc{9qq~{Rmg3LBsZkeAW^tXMy2AHSt3kZzL
znlZxRL5a2eucN977o)%cIt<+eI=u%o$o6ho&$_kl-(CuCr{%@xPnvG#H)K2>Y*kkm
zkNEnE#U>`gDVGoCc8ZY%r5#fPjQh5NlR=RQ@6rdCbj$HOStUpKF1@K|*72luvUM}g
zm#<=g(QzyFo`SL^`ZY&AU1Um1(6^6~Wys}Z!5A9~5jNlD-arxguEkE7((Fzn`xQvH
z1D4bnh4gks!=f(Cv`~qhL#rSd3^pA2NNnP;-k-g&s3=&bpmfeo?yM1k(+{`qD~FB`
zjnqZVOlJ=sSwd!CS4t&sq5u`rpG2J56A!a(%3yl)@I2*9Q)HfW*M+>v0fmYMc9y;_
z0L<C=JIzP&@kXdA*~60c1el6Ts>6?U!_4R|<?G20YYZtdj~m0~wg3K3OwASFJ|{jW
z3C*4>#Xi@M4R-&~sb#;m{r2iRZ{G^jkJ>;bz7q5&DGOJ7A7~Gau?Mw!*+warm{Z+a
z_ZHzWA-!;SOg>pn6?cMWDO)VmYwj^4|0k%qXXvy&N*Yf4dcmSf=ZBT<d~S;y&HNjz
zBCosSa%f^cCb{F$^Bk`;4BK*HKvLxm>X2BV52yk6FBe%2Vyo}MwNa^S?R8F>@))B4
z$2I)m>gFPIz0K?nl4!n1TBcU)5Y||`#2f>#xuZlmQ~4}+>;P1%D7ga}F~m;!s+~?%
z#!Hs7I@`6pTw*>k#p-aD?n($w;Thsl;)vy|&s%c~xI!YrxJ<3pR~uh-0i9ZE3D8{)
z^C3){0Es3p`@$>Lj!FIWik=9<A>Rp=-KP)>q$U?<GkbmwpduV;3>Dib^$JO+`d#fc
zG1Z=UE{`81XBRB^0^Y?Mp{!ZGipX9iOf)Qh>+pA8*IatXC=f^5iokMhR)$}Rag@lO
z&*sF%hN|<&_Qx(wc!$tpLU2g8)9SG!+y1(?rOhAI5dNl4zSEbzpWH*Pj6+lPnP;w=
zT}5Z``WNYqATPbCQYx0NWo~6v|6ZDsm_k0dkmt$Nko3;qYzEq-P*KNAshT5JFxLyA
zxz^(2<G-%}iaBlYYq5>C8wIam{y9&L-vSJ}uH68}s};-(LD-Z}?8iiCLnSGa#%uVX
zyIm8?F-=yq?4GySVc5O3(Yy6N*;k)55#tDVu>g$DzVXoVK?8!0G*r5ERyd)}|Fc5P
z=fN?KbYv`+<3R~4_t(I>ioT$5*W5jC==rTi?Nn#r4AV}BCMBz6T{u255W9Q`3#*I9
zezL#x&VnAz50^v1YZ>g;w~8Asjok`jzOgnKC*}B|Gv&SrWqkBRtB)k#On$mO{KW{#
zz@$Q%z&e|vHC2QRS=asG>v>7`usB+<*oyb;sEns7oz1<WBWldew4ojw#TW$Q6=gpw
zXe0arevs!n>v?c!`^Uv$`LTVOg@jqkO?zig7`FF>0pmEpApQ(Bi1r&Iq(lj^^h9%U
z2sMY<XQ!ZNbFpFqRg?^I=a1c1=JmTT!q+eAnO@tCi|$t%y6*23|7L>Rti`%L+dPVI
zn@PzLl?u#qhfm>VpK;2As(}Q&QF+{|SsGthre_6VfhsqZw*AoO@LlF;yBkQFQbUGU
zODpy@lvDX&2oyy>OW;qO9YK-3Rt|5PdG`|)apA6vnc-QJ3>z5EK2F}47M)!<_V($=
zZ}s#pH@@kUt-(xdwIvU({K)%70rI)0`-a%xm;jpiMf&5+lp7yc%ee{z7Ka1GXq4h3
zkF6E}(a?%^V@ynfP*gamFp$VsnZrxj?z|bOG?<vRf7A~QW7QO`Sp;PUjvU=d1(h~*
zbV-aOJ0ASaQzVTCO@{G-H=$QO5kNS53GLW6gZnFz#)ddhaQA2HF-BXiWt{aAol0|N
z?k}(C#6_<a6PyjWgz>2&!N{wEe}vV^DopTnbS!x?%Y#XR=z%X)FMen|&7!sGGS?S4
zUNkNA(kiOjH)Z_LDn3_Ny(RUEl13E(<R31<4CL7UivTZIR2~&WmlnhwPe`x5nSO~9
z<xApqz8ApfP3P&fAD#KiAjFZKCbvG{Plv;8YS$Fjh43>yuwNu1^Mj+?i;+S1+}g#K
z9pxg$l@TiD9*&7^i}aU<D?G}tabt8;2rjbP0O)dr;FV7I^_0BL)d{LekcBW5p*4uo
zX}O~#>11b*iNZ2U*skLgV<HLwE`hG>pD>ceB$3D_wkyj8t#<&dq$mIumXJU5nqq2s
zh<2xZq~4`A&2Z;aM#*+9@m&z{Rrp$rv${v-MY5@;0MBSvh5b`P=$jPGZ_B#(=~44L
z3xtYjA++94P;hINw+2Agsw!=U7pjyib;HMAh9Ml7asLO7OD~5b#r^WHA3e;S)$3$m
zVs+epGF5V*1@N|te6P}609{<#kz0CFVx~JupCJiSg0~~HOGR7VQ|Wbr84K&5ae>Yk
zdii~u{e|qlM;#*pm?&gWy?(2=_3h|Js@~=Dj)x|ND>^Y#b^^Di3YQ8@S3^6lCtJL)
ztyBjHUOQ{#?V*kJm~t^ex3bPT3huOV5>}jxp&{bE2YuPKZQZAUsbw>8GGMrz%2Yi0
z+S{k0rL@|-HQ{_&nVkr8O*S~-N-9&2F8?5f2~g!F2m56rR%PABqE2-Z9dd-B+w{xZ
zf-bJ7u;;&9*kvj0OQHXS*C4<;$jR?BKN8~$xW+6?B^E*$rB8P}UA0wWlV3CE_4+1p
zDvAutQqb|$=j;k1&+lE=ZGTG0$i$0^e*-<q&_aX3bj5kMyCEc1%+k2&I<n~_KqEU$
z5ZEduo#{?yE)4WF8poBd>XJ(`0Xn`<9ppWP`ha&<C`;Xt`<Td!cPi9&oa8vm#T$yL
zn9sm;;;%42AA8p!Q0PnFr?&+oh3n5~jsci;A+JSnf%0~tNdUP=@{tyln|r<su@Res
z(0n98h%kV3AA%-GxVJgcy;+H}w3m*9odE3Llx?1ySjAJHkg17sBM{`CdG75*G<?Zk
z+4cy}NJYl#=2P``4P$3a6y;&k?d0pt0rY}ZRFAQ&)}HK`{8w+(@Tl2yH)uvZXe~}H
z_sojp^h<k?z!}>1p~H(S{4kfG$8BuLDwod9%2;Vbgr|LXlF4Eas2tyKa+^BMg>^%G
znVwg);}AV)P{2g|`b30ur19C2cpplRmeHTd?PD1s2%j{rd-WX43E=d3@osEvWT-M<
zDK?cge#v7o@-F@<8H?mo%r)agLAkHxPi2UR=`)v46*$pqzs(1pnbE^80CGE{tRn#E
ztTILN7I9$5r6vTG(PHGn!}*<CvVR^7onv*L4UDh^&6JxpmLOBX>+7Eq7yFT{Y}S!t
zHAA^guqy4248t=6+7*vK<%+HWJhU<vt_DvU$hLTpE@9M8CUAaRLGmsI_sYq_^T~1<
z#3q)04c=TGF=Uu1M4dyDf~0V~V(O!Q)B5*dAvw2e?6`3SfcCekGSY8*AvdTV_LG8U
zRc$m~i~iDhOPu_9_;ly_EttrBU48K9+L^WYs;&c`{6i;uTC6_PRVS?gedA@V_b|a*
z=j7S4r*iZwLxEC@VNG==*xU~ZWs*-1s~<AtR!VtJW`^W#FCv?hZd{*3SLtD?D|+b?
z#o9kHcYRVh<7{Q<rBI#7Rmi@AO!QwCXiv(s4^QCVIPv`U5EVM~OLowp$F9IdE=uqh
zKqhp9QDxbPR8Y*2<!jLK#7!GUK`YZB4P^e0ia+L0P_RznQT;>5^34Kri#x<MscYz<
zm}#xyQ&-;Lr2PN2_vPVG_HW-vAuXg*h;}Jbw=l9*QYlO&*-a(cvS&Az7Nt!R$~GZn
zFZ(*96d@yF>`U2=CHpdl_q=Gt{oMES{O;fTd;WNjw|_buM{`}*cRBa-bDpPJ=RVw9
zX7M_7yjHc(7E|XL(poAQ6(3V?rN@3dZ{2fg8}4Xmz|MekuXPYn+=&MWd*pup;2TdV
zpABSuuKDbV{UEOYy$!=LWD9lsY(or0n8)nv!L_G};Dgp*V-zsz9iW^3b)T~F-VEpN
z2!E0-v^#LA*m^%s{q6fwoGc+thgFZ=!cQ2}Kf>j0{NZ)T6Wx<Tcd)Y1*++E4bu-ju
zvt7b1dwfpaEK=7Daoq>}i|!WPn|fBg2q%Ku9Qh&=si>dsh}5q-Jp~d`N6)fKRZT+w
zMD(3w><r2rGOOmCO~BVUj!NX#--Ci!(=eabIip*TU-rvVmqC2Fmv@roi7Dgj4=h@}
z8cWH8g}q}@N#_o!JTu>+p9z!5a9U~CjXr%pSN_fU@)Z+|e)ohx=&rcv6H1%3Tu8gg
zn;hu33Adbj@`;s>v`>;Wcu4Nq%4KEXn$|U3s#xC~gKiDfovnoqOJA#UGQz`39Utwv
z4pod(c4!TO;veOsla8|A-lohTR`}89$<8_PYS19vg!C$LRslsRLc4qyj_T&1hhAFq
zJ?Hm4ne&ObH^TrSr5jc}2sYSd)lY0N;yxdR{3D(VMXK>uI`&vsXtNU8!#;d?6d(oo
z8IkkBFO(%>Iv#RvdavOYr`P2hhBQoRd{rk<-14QeDPV7dxYBSgl%!2mMV4J;c+9xA
z^!%&HV};c^b~+XK#sh6-iP4?SV`=G`Q1nHLTv;tK5>VsL#9MPC3m9L&Pm0=&wgX}k
z4jA*@8X>q%AMMcLqmy^8+(hXcub8JOQb|&=Ioi2zCu7i)b>z8=I=d4ImdZfHpXbhC
z2sd<_$1ChWy5S-nHldFK66?}?6z;9-`&FiKo!RuH)6u+hag$RbnreP0U5u~So~Vbh
z>nAf1U##0Kz*iwzB-I3Ic4Dltex1xtw>_=9aY7ZwEB3lJ<hVU8%VRMRJ@0WApZ2)f
zRZDiX&fis4(ULs6yH;6xv~uLj<%5mWlXWa8N7d6B3Jyn)ZI+MW2p7nr-uO1TIb`?n
zz6${^R4^JZuWm-1n<%v(hpzc5y|RU=laiPcW=O5xpU-#QbAtdPi3M`q2R7|kMNbbI
z)S|o4#&y!vrIzMLe<y+aGPqG{+C=rrD}7Pw0h#F^`4yU|=+FnQkH$xD?5mvi(%GVN
z=Xzr9Se;+;i94N*V0!Pp*Y<!930B#~V8bH?A^_!{WRYH%m2~2nMr-oPLyhS!PsmOo
z!iG@-xub{A$C6Ix6_p7_V5`P^hRxEEb|rmj^$E7>RZi!;yWYKfR~Z={CmNAj1)HuL
zfT{9my9&k2j=8;{BJC<J7jJDbRP4<eCiX+aBXdV;{Iw6oUPg>Tk)b!|o!pf>=fXKB
zpyQeuM=%eB`#p2`mR29uz&3T+rQ$4&YaP2CFMLv8{s>zUdt%-Bx(%!S29S!uk<p#G
zX<=7#q1sB%@!o^|S)Zh#JImnRGbTlQv_2S53Z$h{!4SEz_huZ@A0UcitdXc<bV49j
zV9kcLV?sFh9a=IwPQ5rV<&NXLJMB_G70o3cpnqCP)bc{%Nu}-Y5kJRo^agBE*!~@B
zkglA{aN@OyeeW<a`fX+68X^{E8Q(lETpID;Z%GUY(Y+a3wjE5El%FQdrg;;l)_bue
zp#j&ALW@TL>A;8qJ)<zwT(B7e+H=R7vi+8~YUENH2b3{Y8Ze`>?{1Rr(epz7;Fh+E
zUOqa5w|(R{8vM*{Tj+767d!S|<5_tOtc7vzl{`3?sqXIUr@NJlFzc>7mL5|l1gzX-
z?ogt|^?@^%7e-6J?k|PTLuVx)|DicoIIbx@8Ce^&^Xcp7$&W*OL(5a%n0Ym;y+9#F
zbQsgA>-;S_-!~+l(lCkQ%<Ym_{;r6hD;kvV+rc+^s#HqDq{T2Y8lqdespQX`55`V-
zIv1Z9(m2eF3RyK@E6uhH$pLW!AS2)Kq3{YuKu5jW76$#{Yfw2?eimdv{xHt+!tHo}
zMxH@1wq~9}#gR$;?aw2|z5%$H!vrcc0f?)Jm2u4dDDEj0ljvi<PH(KyuDSBn=8&Dw
zCL;Oj(wiJj@=Z>ydvGYwXXPeJ<f;I<wbF++1iHZ8iC-U<33c1yq|01B1tmv4A=7RA
zQG;=yMoUME3d6};xVWB@Uu(*kd>WWYCs5;U8=L%QVdGs@Z=uK4+YT3KE+SclJ+}pi
zbTR5qX}*kmsG3)<Fl2Mrm|t|`NI+1}iAg`#JEl@m>}6#E5pi*d7i;u6=EaS{kDS$i
zymZ!v<M`R%@#k^OL1Z-IE+)?^vWkS~cN+HT*CvHm&GvtY>MuQi9XzlrWbdsZXYa9y
zMa4pMfw>V0>?ufObhgEVdi{~tbJJXV=@^6Xn`Kky8jK{#amfwP8t(GO75Mp@HV68G
z!wE??7lLd-02tTBegAlp*Ws#Aco?*@-?LBt$^+c}hIJOtqK6Xfa!Ul7pxKPa{>-*@
z>4xQD-r9j_ohBs1@E*ZvGo@^jGL(=VTNm#vw1tdX7kFr&&xb9krtB7Rty*bNHCxq>
zgh)&)j)UAwO;i=y#`kb)GMtZUc=#Hdh13R_x#;HB74w#<Ex45n@$9!gd|kA?o%4r~
zcqr#`FI&u8U3|#C#GJ2KxI1*z@Yu&Y!__f@tCdRQrv#BMQ7$SKNl98Gw=`@2C@wBa
zzYFeC|8u>^3I@hQ$pY=^ly(pV`3eUzAk1o#=pe8ncW-#_`Yk6vdQzVaI_i*-{w~?#
z&brV^OF7X)$EHeEDeTDyzt+c+`>7&&1rI%_hjqML!W4Iw#jA>)p0Njq=T3mHjgNV;
z;#ac%;fr{I2VK62&iVm5uLMeVp}KQ+Y;Y#>?ZA~kP4`NPd-3s5{&RD9Cb0kss|*Gj
z<M#H($*B08vaL`OuS#p@e0;d)wWh6~Zk1&FGnJu0mA3<{&F$q>W~0k|H@u3j+qF05
z)7t`1UG@=EfNJh<PM-`o)5MPv>4xf2#lp<yf}fQ>m$VSUGL@#CoC@=fXsD*25ZkmB
z^!yUcqL4DvdlccBHk#zts$trgRn-XX(z>5Dfp@I%RXf%UT<lY_`4`j(=<G5WxEdu}
zH@eIb0@&uS^()L|2};dWEwjvBI#sc%^>sH)W1PZk!*^c&93t(cwN@g5awZ6=R1QX+
ze*VOb<8iX(>aAh7Os*Tp*m^qk$i96pX=iqvecj6WoW{!+pwS9$bD>K0mYo?2&>m8r
zo~2_KMw(o1M{G`ANMJ#dlZ4v)e&fuWHHD_^2Q8I<Wvt!5BMG=(sQWNmRp5M$G3dDy
zzh}G;U&<2lxtzqp>(l4BeYW%VuUzqwk$F?@5;C)G!IYy3U}T`f$yH9H1uv&|#przx
zG}d_i(o8tbS$gBgW`%9_x;e^M=9>1*qb9n7=IkezJHZZ5-77XnB{?8Dtkyprx?}PR
z2pT~Hp5)7$ZettY9Q^KEwDW}g!xz7jSx3--Q!2_r>T^V|^9#bTOBOllG!C1g)&|h;
zbMevKKzEL7@rD-!tmR*zrh4yO^E`WBtK!snvFHec!IfYAPIKon;i-_VQB&9mP?btH
z<;U!P+n@O8pRprSt31)f;E$i+^p2CZT}FknahO$SLG)`rUJ>VSzAB!PO-C&;P1j{Z
zoZ1Tx@r4xBJ?|sJvQc(E{9r38SP${Af~|<B*^0DqX7i@qK6B+?vA@c{+^y#N8<~xA
z!ISb<R$E}&%g_w%$)8pxlENCI%5FZ+^C8gLD`^p?8bY^A({)IQC4iO$ag<$F=(Vis
zLpiQQm>@+R83V7Zv*SnpS~R&4Fe)7(+ke4b4-6uKtPYqQFkM4l3fcd+D-jTC`G<98
zv>j6*qyN@z31B1_5cB+GX{Z1i+QUnzVYevoGF5vF-7iT;!O?(tJK!W%JQjVtxYg_t
z7?T9K^R>wIrPE33v<5W^(OoBXz6ffyeE;iF6!Qw?pVyfoVXc2!D7HxW>{>FSXAhDX
zKLPVU<sZMdFMBkPpQDA)=8{|hX)R#?b%l_CU$2Cm5#ZSF^Lko_z@%TIOSC+cCZw*;
zTn;w=93?Vu5%*}IyRrm8>dl5=VweG@@W<92tT5guX$?z0%to=uCefU@9oHH*9d}>U
zH<!*m18I{!%Cs3}`KUxa40>Be@N0fxho0Plze2_kbrSVkdL^e2<O&whIua{erNx)F
z*q@7;!b~WxlS^RfXAdEE5roX4!!sBH6cssuB+FG_`0I@OPMAl<PuuR_*WLVk^<95c
zK6T5@hX*7!jAknM(=Y@DB(4Cn0k)sKoYQ$C&okZp>!)8;*O1(SDKf3hOG;MmBgxHC
zfab}2eL$6Yxp5c}D#M_8Qk_S`O`1Hq{g_+MjPC8?F?{Z)=K9tHs(<_DC*F5p5R}H<
z+utBok)cDT$$oYbvsGb7er1?pIGOewa^)6`Xe!VbEC&e5R}P`?%y%}Gl!ADL-fmWG
z#vu3$xy~%Tl7GpW+_99T0}xkj*`M0Go6ts~W&Cw__j&RAPx<P<uRZ;{0<=Xw#-FBB
zAV8*a05W-pA84|MITHxZhNjDqI_WvHeCb#Sc_akx2(z!kPF@M>gx2QC7~^wyjwzbT
znJvuaI@W2v3TB05z1gb1M(Dw!<UP!4XJr3k?ziiVf0O|-`-9^K355nE7>W|n^%{^+
z{qF2UDCO|WrcuO)v*IfbMiU3@Ag7i5=E~wbreoawB(Fdzu<^cc?AO^#Rjw(1ncnUy
z9Zlv~C^(L<J^pqV6v4cNN=hV4$|T^lI_N)DR5hociIai(pEp-DPR}^}MX{GU%uK0&
zW63dF6mS3lfL6Y3$(p6N<KFbj$;<ZKyjIJ=`QKKHL)VI`#?<TbQ)_E(_Be~{7q4d(
zS|SyXTw-AEnsn|S@>M42+19vZf0adsi!!XxSsTIt`c|111DTVL_8$Ax;uY4<JTmL4
z6fmRo*hataOCMZR@eOiTah3b*t|*N(=R5UD`muo$dMBQ4leN2|%rmF~zMEy|`b}I6
z%I-fTC2YWUq9DVt5W+e?#)bNhlv_#tEVmN+x)`xT=MME{j-{IEW>k-nhgX}gwnV#&
zxG#HiR~e>=Iv6Yw{XOfe&1+gN#_I-hT`LXpzK_b`)a=Y(g7YqT;O3HiDo2BGS<mtQ
zjDvMU+zXLH@(pPl?LRCWW3qQI7*g<JoAoqtd3zQ1s9tT<$Y_N8qbQ|7uB^995LL*8
zr^wR4;L}_a%>q!j#_Y$1dL*S@g4j$l>u6$ahOa=s1Q{Xs+2Fe&rSjG5K?n*rj2!>;
zLIxYa8jIH|%v-ET=$UI6)68<~O_h&xvxo<ZnJbiRwuhNaQl3-%n*rh~SOvhgN{!>0
z5Y@T(1SHwd=zP?RSH|CwQB*?L8*(<VE?8p-YVC^>!(MeMJ7V0|GL-(o2&n5?&JFMv
zJz9hOIeS6xTwMLmw(B(+0@P-D)%WAQJ-mX8VOVqw;k#bO*_P5tN*CS0N$4GZuf*+!
zl&T440@A%_1D^d-RbR^WZvua9MhtKNkfi?~8`k%CW7dGO#z4!;|CiCF-;p|*37LDy
ze9uizyEs+$d}tG^+DJ2&ROAZh!5?$^It1wF-o^anA5M$=`+<O93;pG=yuX`V_8;BG
zoV~YB6`*+qBxo%F12z8zLGlkL_5H((UClt8O}86=m(;G0?Q+d7`)twi`SXif5ygX_
zAHIy(d8IgZgZaHxH^+^yJWSmAN!8(C!TD*qgmd3^M<^=lu$ku_tBiSlX=nL8;pii)
zghTJYWLbA>t35lJN8+3O7l~W>IS2A{wp{DDMCuV~%$=%6<0>erxYViSSc^m#QgW6n
zdHA|VcVez<c4h%D%KH@;Jp&^%+twp)bnpjB_|n>-(Xy?rD;ZInqrPgWZ253QS!r!}
zNET_eMX$R^g!TOI<{xms!64)AW42RZ<IX&VgC6Y<Uf+8DTBIl1B$=)dULCsR)k(}X
z%lJ!nTE)w``Izvs#zx<Ie#aw{ZL~5~!%c5((5JJHkOk0IqQU6Q@Ylc2q>K7bESz6C
zWUp3fOj^2^SG5?|qYhF=6+Su^AEsG#{$h7@;vmY)jgG%e@V#&4QN_yjf4j<FcOU(A
znWSxbMWSAJsw$6uJ|?Gf&#|XYFz+ps^3~TT=1%qJX$dln<rV$msZC~UX$vTPZ``x>
zT4<=iacLXV{dq<S@cW(7OMXAfTC>c6D)K3VfnK>F`UdF&)4^bsiu~762{y}koLUsS
zd1%*$d|+#^8@lBcx5EA9EEeY<UY^|EvvqgR!+*S#jV*9Ze_YtH=$?;kq{scQE<DfE
zC#v{ja!g-eYisJG6XBVnW~t^qF^R7)ran`3>@krd?%0}FB=W#wmkk?-s5~6lU$4@s
z<?4&$2{z0YR;7BEMQzxUzkFFA7Lp~#3Z%=iIfnfwk<Xph12<`lB*pF3hZ#|s9dF+R
z9KNSvXt?qmS|^azBESTGudw9zm#A=g8ndhZNI2r=W4Sk2wCbp0XXVHNAofOt*i{ZQ
zEzmCfaf-i%1J!-v>6N1lLF@I@@%Ikj^E?b(^beP^95t5bxvGlB6v!8z$mj9@uP)r;
zds}o;Rh+RCWy0Pxyxh?2kyc+|R?of|RUv)fkSQ*&VP<BFq0ig36}Eghu7n)e{3^3k
z0b7_M^&@XtI}G25kd|>8yFQ-MdX?eiV;%ucjI*VL<A|YzZEwv4s&<{w-34aPd(7DD
zp1dOgP*p8E`E1~&C65-UwuV&qrUM%C3XC_q&L(Xf<z?1}9{cUZ`x4i;ja<6ucZ$Ye
zY``o0wzVTMbo`U(Bea)jyH!YeN?Ua7LPi20(;1W>_+wlgG9koSvddrl{Qj)2Fr&t!
zGVT!LeI+&WMXvoF6Q5uo4?hO!ZE4im^<ZI{N19=o73rQ^h>puqcUyDFY9PS6Jb}FC
zC1YX@w9SJ7(7c@W;?sRm;<v?yPhcG?JtX?1_>U4*)pSHd3@{|~;9pdt30yU3&BnrP
zvEBE0DiDa@Mw*yOxIFG7j&u-28m(nTZ5hAN(&RKCWCw9b`%xLsii&NTVn2oDrCZD4
z_}=Bqmc_GL5O4W>y8xRvx&QM7i67oH4tJ2W%(uv{Z&JMAF`Uc&UE7s9I`&~R(XbK9
z5ayP1=?BPhkqP#Jo)ybc*;gcU9)Rp{YzIM8x*S#NQ?o4U8ImN*xok->QR$01<h&aF
zva$L#^_gn++d(}(O3k;%my+9Q5@XXVV67DrB<bd7bOvR&nJA3FwYi#=D%Dx^kEJb$
z)Q{0cQRa~RS>e=lTvmPA>r|)jK{8lJXMUMGB5v+k%YSNtJP+m|ltavQ(ebQYtg~|=
z&|*I^y-wVwO6@|dX7OI>QBmGbc95kn<TIYa@deOWy@E?wZ2wqyU>Co!dTLRW#dSle
zxXdhW+H0S{fr+$r_s=vjqO#K^pY0>VX3LSyGJsS~@qniJT7bJy%ml<=$y>d`?H5zs
zndj&lK)=E#y?BL?4yr4x)XZ+tsN>QnkPe%NZrHh+GXyo(Zz=XgwrmJn?qCS&P!Pke
z4T6YpM3A&o+Qew|{JIj)ZIQ5g)nMQHC_hWWPL4*%2TsvDwXCv=bHWSI6GK?mj<Fzj
zkxCQ#&xSnF&Q}yC0nB-DyDIl{H;1*?Uz*Xl>3{{$)aD5{I|nC*Af5MHNczY+%wQeY
zkfYa>Gw%w=z4}J_?39sgWAKv{-M6g-J#$Z`ks{4vF=l4}vg|C=!SV+*F&ia1;vqAo
zz-3mNb5~N!j;5hDg@L+RWf|i{;HM`xtzJ8_8CmCB8qHjv;zc!mIVr1<AOB+9!hlSq
z$uPO~Z<vT|QCZ_o>sopne;mPuuDKG%`M|M9Qyf(0V|2@L*^_b!EEXP8I^zr93Ypgs
z)>`%Tg@xkcpsvlVVzDY}SozeLh`6sRm{v<(dV1v$jobTxD_;xHOpy3c@sV=$R|}I4
z>4w@Y5gG-sAr$Z-x}O@th;kB_`eFcfOV`I=<l`vEN8PzP{aRCgaJ(c<6RtX!$BU8+
z>S-EKa7(t!UxxJnn$s18Pg&C|5APhy8#MS3j*AE-F{0#x<0v$CSfv7w<p+^<2Tr>s
ztG!!>$HRX8|EK*TXKNlwu{_BTL_I5&*NH4J;@@82oH_QlXW`87*Ow1QNyrCYL<70_
zd1!L9tg=b!r^&+uiU^fjCphKqqbKSvUpp~{9L9c{Hk5Japz^HF+>P)=BR5UT*fY!<
zU8bhye0<FfhKB;Oi{i(WbVfH+#rP$iMq?ipIxsS#9Imk^yn;iD{Kb<0jFRS!FO#m-
z*b$#Y4FS<f83VLl01j*I()u6%WZMJBkxl$934=l@<3%A|#7j6retZ}-#0@=*Lb^XH
zl|NUh%re0OApP7-zU#!e0Ldm)p4npm&NeBU343HWy!&dviICK#%96YS4zy^LB}i<2
zZ4>^QR2@vX*;g_!O_U5f81;J8C|>6Py|P;V!G-tOBDR-I=x7|;Etz-R7n2Gn!%DLx
zD!8sW$~8xweT6pZo3Yzfk&{ifQlv?eBU{(KVN!k-wmVN@Mg(DLtAF*eA1pzq<dxif
zrVU=g*V<3aTc`*zWCEG*yHJiEo2g<%Q4G3Y(Ab)BjV{nRlX*j-8e7XwoaRpryojk|
zD}m59?2`Va0LOOE+Zs|I$HoQ+IS|8-zrnb<QWbM9-dG@Zq_WyR=p>k11{=Sf2H|2%
zQ)<d4&$~G`pWA~dbiZc6WDC!>y5?jz0Q|YV1m9aytR&ueA!IBiFpSULvah!`xxH~<
z=9bm>51vDXuG59>D!8oN$yZhW&usPD5@)9pF^)P;-$9Kf4*_H|(HSs&f_#&oPL}wD
zjL4U!x`sQCs>y~U!*+1G-0?P!L*=)$%yUyG$rsG`td$-)i|FX$ao1Va9zQwPAfu+c
zF2lM{Xqw@r9cYH`#!qYX-!TNqU2dX20Dodck!Cg-trp1*O_cNIqn7gtA=9`@0LGAh
zpx<=}?eZoEK&?WYIycH2GNB4WuYEb-C{TGXBnP{08Ay}){4moWF?*n?b!|hp*vMop
zj+$vTTsrHV(1iUFP(6Lc0gz;p%4BjX$@L%^3NNlY6o|}tSxt>}52{QL3D1&;f}1C|
zG)8HaSVlS|F3)?gj%FW^oQAv1<*E)9y69$YSefk<3fvvC>zAl2%4AZu!()Cd$DGBF
zoFSx4PvT}BCi9qN4oKS!mkJBWj_JuB#!e^LQOAeIXPSCB#QJQ|4#mxTO>2hg2~=Dp
zcGRZN6F|$^#oSFl3XIScqu?>odNiF48Cna^VrJ?vPG2V^{QIh{0R`ntpx6--rn_-2
zhSSb4P7NJ3F`|^ciJo}l!<q&9bKDA^EAJ|!)o0eX#L;8<g*AZUQ{kL{a-0XA676S;
zuhw-kb*Kn*ahf(!@o^yZ+a&H2cK){ZF`usG$M$w4BQN1HeSfeOjqOoU>KY>WhMyD`
zk{uRF+}}JE-+X>IVMo1(0A_H*ETzpT027-PukA9KiT*YX<JGE%l$u9MD>|L?xtq@7
zdtyVx`f@4#*(HQ2HCasEkuHg{Nup(LHc71ag)>7GHRX%AbH2DAfa$2Mc-KK;mz?Qj
z*D-WdS!(|>dSVuT%P0%Yy|dj8-h^a%U63xl@{mULQN@&oU$XH<(-%8AZ?T}sTe9}!
zs6){P)XxSp`9o0AfYqM4gPE8d@|r2PQ_`xVUVF?V@yASA%0$<@wbU<b{j2d~{smq@
zC3ar2mn&p4x+4<<T#`D|UC83a;;zG)2Rh43-kUe3Dl-Hz@j1VdB5O2XoT+zp>YNDR
zoAl<}FFVK~%nGwK4p!t;>$lh}EO%-LT*b`io&#!o^CT4ebaF0&G(fY{j9b!y3ht>r
z>peTB3&dv%uL%cqdZBXxzP48w+da#jDpaWp^OF4dX1?)luI4{lY9M26p4p#e9mtW6
zdo$U>B+KR@JL*$qf~~Kgu}+R0*o(k)3gVk7xy|*x(ZfAAvg-{3>`Z$WL@1rRCb&$-
z>|R=6A`Ibf0WJG+!(t$i;IPiArLAF^!BDiHA<=c@q-*8${R)wSD41+yzK<}pZ&u7W
zkW`0pH=f;IX+B+G?x&X96ID2hp;lo8n#WAbxMqE0K!7(Sp21SmXEE)~(}C4WiIUAn
z#q*3Pb(rxin0!^}FE#w4S#ze5K&kS*`Eoe7;Ajv>3(xJC&Yd)i8MOzL1<$kV1e}_i
zkFyKdY(nBRRZ5*^ROUV=HCg1UH@$;xxpbe4I5KjnM5}oU7e(Mwoy}2X2olfjR%(~T
zw@S2D2s@U0J)BKaZRD0tSQcc4=5EQE8727jSBUp<Ek`vfNbIJ4_0#@&@hfPBxO&k(
z();<zO*HYVFgegO$|bG4e`}tGna_7cxWNaD<?m{&_<GNqFN!|TwxMTUP4^L~m4o@_
zlYZs`gvmgHjEtE9HOZfPeA0h*XoC-Fa2z1`4@#h3p{9Xc7^vhW`$vKjLl6{gj2Ac0
zQkoAWq!PwPtYybVtgH7sebF(YOe4_$;<eLxtR*;VE$)%9!(@qT*rZK7pQi0(UC)b-
zTro!B1y%Qj8xC;f+J(DWXX%NdRs+)?5o6Tj&rCAB9A)lQUms9<6DK{x-qr6u{M8?S
zovX=t(%;o#a*&UZiC`&(L8SI4Dgj=Zpo<@%=pMkEt!n`XB}=MX!4<1bsY|2=48Z_O
zBWLH(S&sNoIljZHGab#-_q!v26a!1Dol9pWutDFpR^*7-t1ny7<YutOwve){i~M;S
z{?qppwLn1W{|q?rL-c2MEN`-KcEYLHoJu0_%`)e7h!WI8VC<Q1vO$?2Igt>W;#!d1
z_;7+cFq_{|=E)aKIq1m{G}ifTsH6<blWZzu(}OPQ#5Q%7>TpWmV+cwch&RWYIE*C|
zu+9n;|CA;`;6LMsF*4;UaS^-oG+47achQKUCIXx`TNd#jC5)&dChecr!klaCGtPlB
zofstA;gg*QIdPO5pRYE#PTX}>$4|wUVPhitKv&9~uN#2+l#>qcIb>WLNc~5L$uKIc
zXjkiim(<WHqgy!foNtd>3w_WnDQk77zt2WZPnXTU&zK47bT%-O3mrpy+YylE`Hcx*
zqy`g)Q(K3U=%S=2ePkzRMO|g4+gtHtK1T-Z3+oY&tiY?9>dJ^BhqzVqFKoaQZ06qM
zCf4Ad7a8dMS952zd|hhlyU+V{2k(O&Hy!_#*rzivHP9|E>}cs^JUv>hh7W_Om$C;O
z)S-TgT!70nVkJ<r2likleK8t!lLQz_Dj@7oR61u(7@3RbO+xijBcnVzM3-WN8MkR?
za{V#8A2TA4QAc`?51A0griRWCMiL9FXMhdHhEk#$FJzg-yEew^m}DOuYD3?b9dIZU
zLTXGS6LX2T6o+-AZdEVvXV+c0lBt7H`MMEwoo_zcO*n#J(BWMoM$PtE<*ychX6qWD
zj{)mo+!r?$t>y={XZCeNL;kZ@jb=qAjhDR~Q;XS+>GLS;!vq@>vgnm56I%u*f`?#i
zgIxk4-i}Zwt1*)-OA%?0iA^|c?pC2Y{G!Y`vevb8bA^%*hT4PM4`x>9SaY{b=Vd;F
zfbq-C+0`_^h^-3;CqH6-?e5zv^u)`12EK_R%ojuR1n14@wNTogIaJ&?Xb4gf!|Te>
z(GdtHLvFKE^^JzUC>?yK6F!PXi%9Jr==SV*NfnJAQ}frIEXMWt1)_gQMKm}MpD7^B
zz*Jg{=uE};KHTIC(`?HNYb*{>i6vgtnll0Df$3^17*2^UOT}eOf<o@ktnN)nona)l
zy`P<wmDR=%aubZWjswVWKnOFm3-gCWuHOJdQ0g0}b3Z*pI(Hq!7xuSUMo<JvoVP?0
zXM$H#ni4OKgo#@DW{)Rt{=reK$2<I7-?YM!q7VYZtI7f&J>nBUfZMfAGMp=wxG$m%
z^Mk}*Weyf_mlz(>{C3|Zg&FRYKlYdG=bx9tJZ9!NO8$;fLZJD-5c~Xlr(D{?167sV
z>_cZT;K4Mt3i1Ed|84*Orwix+KH#;OGy(&7qoX6&7c6+DeW2)XjrNg~SuLKT6Mp&%
z@!SwXF66fe!-a3F24^@V!HGsItI(i{J;W=h89V5SE_--etPyMY{4Z-bH`L4JsfU)x
zz&9c(m=>?~*aM&0rff4XzB8{j`<uIr9B3oqg<u)!3-?qPzfp$hFmM0$#?3Tu^Bxk@
z`b#IDv*i%_%36r^9G5*K7Z0I^!y4oAKfR_+k-&5w64kj)zH|nOH<_HV$hSCw>C7NY
z!Gi;5__2pJIKvKE{j`L|0V#J5ezb3VM;ek%FgH8IRod8gkrJ6Ob>CR^j7CHhzMxeK
z&Q2<sS?xU2!E-AA_I)5>?|*#tb0Mf+cgV4H85q45r6-={C*x^$b3PJ|InbF^oekj_
z)gNw&i4bXMr$seeIZ)+g<xfl)g0`Wna~JLd32x^HcDpoq(;3LFU;9G>Vfg4@+V<aa
z*X>J$(w`xk4u;Q!YTqcAXOFEr!pQ5;=8d>4R&AfWtzeqqnzn?76*QHa_hdQvl%FaZ
zsktl`w&r$w)JQ;1VKkjuJ0fj?NMb9fm9v7D^nQAUkLBZxm$BQoxHA>Q^c>yCywaLT
zvFz$Uz4dPbgmY<^XI5p><Ij*<V=(>O+XGAzJk_gKY_~w1Q84!twE-E61gLpF>13{6
zkSp6*=VO`T8AvQM5Q$~l{%f&Jq&}e?iQrmKiN<tA8E;B0N<^pHSyM-={SiUGNxWk}
z?KT-#2mz}c^|GrL=g+GZZTzOK4vH`qao`csF}Px1xW(=nWq{BeWwCqfvT2#gky3qs
zor}Dbn!+_d)-<kLIN84sks;iZ)D3~s$BpQ3+St*m_WS!1?%7v4?nTOE{g67)97i0!
zyPHiY@TV92CKR0D+Ar@gEosY9oOGJw-C%>0IDRr!(2FbC;-@JBkH*g26S3~5oD<J6
z8b=wAA0DDH<<=uFg@KzZ{1vwJABN~VIk#0U7U-0P77<h7Ru(&CM(*RL+J<YnYUW(*
zDQvYZ3$zU}Jy7jZn~}k1oqT%XDjdKL`|M<YLm5H~)BH&IaW29!pHk{|Sr;YUyh6fX
z*U=~w>a}l6u&ak@a@Wz413@dq`-Yr{c9%a9yhHQxFP((N{nre}&*a0#UG>tIb!hVx
zZf;6X;*o3!q6_SGwTvN%q*&1cl95QJufmn#JB735!+xU}MDHMx#ktgy_xCu`3W>E+
zKaN0D`m=pF%o-^pDjz=0Zvi}Esct>eRc_T=bMT!~7K;Yk!UZZXR}PX=O$&H{$Ryz{
zk4{*l-~P^UBFWaj&K>^FaQ@D4{tp?>Kj&e2Q5w6wO|~!uX%DNbD{c88c<9g_ni4$j
zVZ2}_!5^QtgIpH$`INebUOB-*FfMY<m5p2h$9^V=xWE*7y5#rj1TaHLvbP@YV{5q@
zblO14h7D%lNJBb*E}}|&Mx>{4IwFO>vP>{4XL-L;e?rIqag(2L7zj1uKVHgQj%d4_
zC{0o#U%1K+!QlVRh0m+S*t#Ye8QpqF323$cE0)uLStUfe{S?|X@6z#COKrTU!gP>z
zwbC|_p#Kbs@*l#M{07DR2F3heqj`RVV*Uo^^8XSj=C{iDU(j{GRmNW<BY)#4f8!{B
z<0$_M()n9u01WN7m+{-n_zk`P4ZWwKeCBEfetQ}JKY1BJ)=n+XgP7ScB%RXLUAd4q
zK>oO-#9&YsA_POmPX?e%CK!nUC!UPyFGm@jv^Kj;%Y@EhT`?1P(1HMjeiWii%Yn_O
z;YmB8l<CD#xtGh8=^p4At@fI9$m5ytzB~m9zuGXUcd@-@i`3F6xLJ=kjz5-tJ3LW{
zsh*Z;_f6)vJiY*2ME)@0%%Jo;6?a#-YSdxP6S8`S1|0$DKKAyNIuzzC4srpIq|CWv
zX6VxngFsg{?Q?)EpZbfvMWJ1jQnnH0IWZR=V=Qa!H!uW=uHI2wveM$|>Q}nTTRv2F
z))ykFBSsX&+H0*kl5s-e@#h?%ZQgq6;3cI@%y9}WXxWi(Lz&6Aeg3*r&j(%W^qDP4
zhaO%<_A2(oP{L-D%DA9pb3B?M=q|5gMuT1Rt=6cF8ArkiRV~K_+zOnUyA6x;RK@r+
zEpuwgU<t-$@~u_TF3v|@+4RID+2!~+nM{AyVBE-Lh#I6T?8GX3ZEig`dTafr*Ezk3
z7d<1=#1xe|)1}8-asAr#WUztNLPf;fjgZ$(be)vdm8qXDI8LcDb1L`P?=!1NN)f!L
zagp%F#%CDc$q5L0+_{N;=Nt9yZUyL%D%e+qxVE^9Ko!Rr-%71^Xr3zs)etu0e-ti`
zXl}Lm!~jj4)h0^_(-($gv`R6n@UM6z0XegR)nbhUn<qxu&Bq?)6CuQExc>&;Ne3WN
zuE9M}Az|{g!FHC%^}O@<F3H6~OwzV5Gu=PDV1z*HxPg+3N<!AqP&ZzjA;?B?XQ#<Z
z3oD|&nQG(KYyHPNk3!&dH>D-TUwWd&pm5g6%ZnGQI0=xF9E7mPLWLKHFxgN$-I2T^
zbb%7)r3!iek?vrbeY<}~ysx!OEh0>_zMiTX5mi5c!U175D{j09byh#4hmC+isW!U?
z891+pvYyt^SkI4N>f4HK%C}=_*mOjix-Vlh%nu|?Jg8`&q44n#gtMUsZE?Fl<}l}1
zW{Wj+_$ahMUiZ5eNRw(>!O{@~29KANRa%47z%nlnS=TD(b)ANp-#o|#&EeH&Y1#5Q
z_@6tK-O$yvXQUe~hRbny?eLz!<@z;}TB5?Kb7(e@9WwHRyzi5lEgTPgM1XBPz+GdO
z>7*5h4a!^+6r9SQjoByhKYsLR$K@q)-Ci%qL=8eyRhh=&Yn3^hp`Y2Az~+0KN~y&c
za%Yt&J>`kV<Wn6Z=25t3fc8vyzZqwRo~ik=-hcE4xzBQB0(x-A4q_sWWxWApGX61h
zs;4h07u)`-ZOOGV_a1Gjz~Q4BY^tN8D2*xTDwpq()CVfz=cf7dv)`Q=&&YnLKN>uC
zgR-TQ186Z&AtTJ}$2w6#NlY~v6CNOCM&Whr@*XTGXhnZNB>eTdOVg|DaI5Kw_Vyb6
z!r};}*VfQ3s-B;p%WVmh9%ks95d+xC4^&*{><m*t-@bnC*%imfsTV1;C_>xQ2a&j#
zXjh#WmmI;@8W(YboyR))vG~r7u!NAZ8#Xp<BGQ9h?~;aXu<L3R69#0=oa!;r#y|!A
z;|J;!ItCtkh4VB^q<DwmmdP@?teGCqlVzH=Uh>b_RGB;AM>o3;MN)mE%`(n2iH)|J
znN!S6hf?G4J(CK!fz0Jlf7U6YqqF6MBKpRfu#nfJ)uweN*<STCMXq(2c;oz_F{eOY
zT&y^!)KnR{C`5u+e0M3K@Q2~1!?QAlx9;MYW^+aeYiGva&B{!TFPoKVX=a+H9HAKG
zr5C?uF@F5;@u5(q?84GswTP^DXSR?ky#i-dU$8pW751r(OAu8z&JOIAexMe870&)@
z;HRgf$B!yDX2nG%*ewejlOQe^>609=#xxE$T8|D_dWDnuQ>iof-qdl5jTGM^?xk{|
z9_DRdsjeA4mCEl`Kj71vmgt1VCdf3)^y}8kgg6VuqKWCvYTeyql0*Th=9BQhqZ+?X
zU6342?rUYO%G#!!{d~$&>p@6VJR09q{k#&p0PO-6JAzqG<n&1C3>$8I6PY{E-`W+R
zpZZDAF*nP6z9tQ-sD?_fcHiH>{+^&DUsb(kx{QSGSgy_mtXa|*1?*79j7#XS4Pl80
z`?T94l<k#_tb^2KQ&U-+eeJkHS(|h9))=L!Z0zV@61hjlYnT;YTxOW{UiIb^eQ6u)
zko{0D*1O1(icNA$laUaQR>BLz&d~V8I`QuDU|LET(O~3t>Y~%?q-qk`+NW@Ie2h0-
zGhJ6waf<9XKDbx9(WTG<?%u&5`Aw4QdoO+IbJ+8-1hj5OJesIv+&6A!T5Fl^>f72s
z9QQSmR^Kxx(<!^&_&*7E>Pu=ZI$S^87?LLApzVs&uITF~5!D99ltR+AtQ*jPb@l2<
zJN@Zx9Dj_RiBD_MI7>;}V4IT;PO9G}(J8x=hhvc;c!`;zll4RoEYxSfhk}y|aW*G6
zwq}{bcBOlQg94o~5e8q$PG<1d{>jhrW>uH2YG5u5kai=#=S<{7_mmeD_*nZ4lq3WP
zEj<P-yZWwG-DYPSaucWOieMdS=}uCaVlhJGVC@PjzIV#ZtJMWc3IXZXy;qIpxZh};
zrq|6Es)@n-524h@c#g&{pc0VNJ<r^`lTL%gT}6J$-(y5?t2q!Rl$}=Jnjs4ao0-qX
zIbT)fp6FxGVKq!Oq_;nC495>wjkQV;$ES%j{0d_1yxdsh^+d1M`uJ#C8n9wr7>u&6
zFN__Nua0S-lR`xfYAME_Eb;iR24&-O=62<rhnxFsmS}F7mD+oFjLJ?*J4Gu6g>^m;
zBD-Kx6P+Hl=D<>Nk~OlDRF^%~$4W*Iyb{;^kwgyHT_S?7Zd4a#(;#tHg=?C;sc`H|
z>z&FfYn?%kLL|2PwAyNUVs(12_609vpN~NU4X^m8@b%=d&hv}aL!QgZUa@IZvrT#C
zYf@8T($pQI&1&K}PoqpB6-whq3@%#l(-EbUz%(aWOU9!&ruAkOIW#XIwc#WV9CBw}
zzN>^dkkXVTlpQIilbVPpwl=^H8iqBpvQ+b*vW^N#5-J>Xzvx$2V|f=-%}aBJ*cCfV
zrffBF6N1@hRxU%>D!c+=fXW7+)>CGUZBRI3722fV>0eckY~lSCKB3-@0R6HE<wdrh
zdp=u@(k3gsiC?hRMO;Jc9U^+FZa}iTPq!154k~%vnV6jw%($JiN4j}(IM{^KK6JP<
z*Hb!3yPDj8xoH0ahIQ+a7PsZ34Z7N0Hf44*&YhYGtic0M`(LFy1-DMahNeX{v)%_Y
zZi*cVN$hm)%wp9>ZcA^mtuS)#Qq`L_XKbgW_(6>b1MyrR6K9ykK^Mhmt(jFE%(y#t
zME5mlits!A9RXbqOAP2Y``v?Y@9`1U?FwKGHpdzGhNxo9zjivw0-IBV>KkJ0);)>)
znvIdRexUvB-QL9P_Z5cQ<~VxZuF5NBkYqV^5&Km&#G2r^+eEW{a(6C%T;+&cMOkKP
zykpe6!Wb&0Q9Rvn?P9zAz*cwFWzVSnfous=IX*7U6#lJw-OZohZ%E`yQ{3OAFstlX
z-`Q+5dsPX)<nDwSBv&iiekJ%ckxZhf*n??A2YPy9&dEf+zC$R9t{G<QsKm|EcbDkY
zHFB3^Z+ZvI6doPt^9Za)ZGtD>WhAs~*l|DZ9mxtFOI)7+tBeHkDIPK0-SDAz#D;Y0
zd&Kyjt$DROE~S;&aVPMM+0-_~Es<+Z8){6STh&zejmqc{pq!8B*syj))sDL$<w0FZ
zD#eoO{@$L3n3<Eaz2SLgxBQFNjagB36M}Q_1JrducP6^~62(l|lB;dvSH1LJERdbn
zqh3F`npl=yO&<UBeMl5^28q#ilW;cQ<suiU!pjY@)r&-;+YwuLDzh%gjwDG9jNsNh
zPn{Jijb(J#WN{`3^2}~8esd>#O<A74ERHO7#&&Ns&}{dmF>4Jb_8guM*8QE*PWu<r
zSlpSGtvCH{*%NIh?He0m5w@MAlGrtW+>rRx*}p4Ie$g$xImp1YIf19m+WfQI3afC2
zAoo>PRrRRem+fyb=BiBC#Rhpzbl&B=0(Ys7lA~W-Gl1OlN0o<-Z~7hzf5W!;^PgFm
z%{ow0_7{%0CBKthc`Rr(FJ5bruH72p_G5Ru`gy_AZa!C5k#%lwHOQUOU831;a?38`
zgtOK@WtdN7wHCYHV&?zrINVcNm`zD1noBr0wv1R^XCfFLCBEZ!qLuX`KNM3rVv+p9
zx|yuQYB9DqgT5MGa_N)VqT6y`wt=mVXV1V1sZ2V99R)eF;sTYmt}11V+?%`ujJHMe
zpX;S%BbLi4uj(C@-Ge^_7p>G?hlSb1_G3qw4hU6S_l~E*EX=mH9T7BK8e+OTGu#Yt
z7O73yz+xe0`n`YAKIW{Ou3%t(yB*1w79Sx(*cDKz7${~rerAy*L!KA`SXo83x5k0F
z$A8h&8zZ<9rN9izB5^hMs3XF!jh_Uc|2o0BM{5oN3q&e4P#4Ow=KKMAhFs83BW71O
zF4jfJ6W0UW=nN`$_q!|>@5mOLfW{of|6pA}mj7Ipm=chH5r-XNF&V-C9T|YV<#NAR
zzK9a%<W%5pVBi$bY|Nhy1B%=jf|?$EzWL`bE5TB)*L`Rd{?lQ6kpx3x;Ka3efBJG>
zBrNs!HO!yN?`v43=6-X-qQm$tlorX8-$H58Vf@w&zYOZXRMDn~&(YD*Whxv$dSOoA
g{y(LzTU_a%IDg;K?-jfiHbJK#uY5e=*rl8Q2UTHYvj6}9

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/otp.png b/login/apps/login/screenshots/otp.png
new file mode 100644
index 0000000000000000000000000000000000000000..3818a5ad5faf73763cdc8a6cbf61e73ae41283cd
GIT binary patch
literal 84122
zcmeFZcRba9|38k%3K@rpcqj7+35ARl*<>8YUfJ23keLW&78w~4$DWxP5wce{**n>e
z@q3=?x~_QZbNjx(x8L{o`~GotyUB6R>-BoB$Gku8kMmSP?j8Xi6&@NI8iAz5T}3oB
zOc?mV#5oJzQSeWQK|{ksnBKXgAbIBwor0~Ek?BK2G&G5)k<r)+O7rB8kKDTNh)Rm4
zkh+GCVo2b=!BTim$SX=h7ja(HJCK0b2CL6I5C>)-nKZ7BriOnx&`&H^U+cNpZ8Zvf
zUgc3N|J-t`QMdKB&#%@;?Akrsc8}g4eSVMjJo3H14He>?NSOpH?)tV-eSO0<Yag^T
z+~`<vGy`@H>Cbos1ZM+ehN@ehxS_@5mRx1BJwPIlSXm$4CMQB;CY!+YAm^Z&PztD;
zddi@Prhp`_u2FpF>^*e;t>p8w#4E4HQ&=v=kNZlB`!u}_;N-34M*DV!T{R37?Wxxe
z<v_)iD@0BBdKZaxm_^~wa__mio~50b#EHFpEg+QpMZ&9Z(YGW$TVBz%H%&7(xtMW;
zdv6mPJ?$=SIclHW84HVNjLp`2#>}Eda^4?~XKN(*j`FrGIm2iCS4Mw%a(RS>8=}AH
z{@kM9D0@9&k@SjAEH8(145^<7waX<ICjA&JwW^73wkDkLeyNCDweHW6pL-%x#hVYB
zFhXv5%GuuC;5Nojo{_bKnK^gJoYPo|{!}}4fPeRJ^t!{rl$(6}UW<nx^{%?9?cK+Z
zR)=35VqNZ&X+vCav3lecx+)`+a!Z?SGpe5?&98Y9%k<FJ6Xsa@D2r^D&bZINxt-JR
z;syTJ#{^s=R7oTs&}u$~6QL>AaLw0?f1&(3O`@lmA5kM}`SNiM@fyPD`qINCYP6T7
zIZ6q20((<}zH|M?k6h%@tV3yNX@vzQ@x|LFd+5;WCnysnucA$@qiJfjhfC(CJqmZi
zJrf{;+wqvc1O4m=GB}37IOgzUif>q6beMM^!*efu6XBA$$FGA2^Dat6BlEhdi_MIU
z{BT<VE5wU5k@z(hMGeIIjJ;R+IPo0TnQ_PkblMLWFmK-sICuXq2MG!;Z#FuC09+T5
zDg{omvmZs*6iBXkKj@G$p;5++6q)WoPp8_W<Ugb3n|*tv<4igcmG`KqjxL#uw`nf#
z!*d#SGB2^PYly#HzKPrBYd8MLnN;(vYVEy=vpbg`ovFg#uFV<0PbR{WIL9m)!4UXV
zKUq}4CjD*%W)YQ20IQfv(t<*3x?_)pGKblPP0C;~rOtDO41)wTk3;URcf6YGozu7H
zE5jRkY<Xu)eEZG4j<IVGo{=|TOa@Nq>T^oIOnr$V!!pA;!#%?_!)}DOjvn-}D~}Ow
z{1A<oJl0#w>uSSFO`m~A?#LI9C1%1WN{wpc!#022WS0wseps%h`Ka|_q?TY@Xae%B
z%vqp<R)~<Jc6LH~jb~?lM`MR#=bATHO~AMm&R^efTX17>pWw9m#`>byUbydPB5Kbh
zeqJfS{Hb9*|5wAW244lRu&~^*DExNuMEx}VxcnyZR3Uq0LgCC;>_}n@pI@Q3xJ>g`
z(eq2sM_)8OFvzFi3t?lhx~v+`@ggBim_-qiMaCES=p#=cB#<DmgiHrY9PumyE)^7M
z8zB`b$2y`+1!H8s2rY<w-<%l<jc8{cQ@y0}CgV$nZ+c25S!PeVrV?e!ICBG;4qif-
zJfFn-yYp#D>1UOBBkyV56TDj~LzAdy%E(Q4)em-8KzuPJI9*YhMmbqI`W-AiUTHZs
zd9J~pP%yaam4~-S=%HcM7F!=%4I;Q;!Du9A^S-Q7tF&w)EFG5PsJa})e`iEhP{lpd
zHF=MepwRz)!=vC-DmNZ>^K<51+#}pBF@7;j+_Yvj>NDzk>d-<$GY6Akvqcl6c~Fs)
zsZQ6WzBh}`^C@!=`}uONr%3m1c0d*^`zsTXVQ-psuXSB8e8$@l5Fe%eI9_J;v3A<%
z%c`dyDIW12m4~EflF+;9I(5r$XVwI~$)3=xi}Ww@Ckn<9mq~t*94EdkP8%%yEIIhb
zg&R~vG3l?YWo%{4WG}^r$qLF|mxao%zSL`dY4py>?Q_{@J-d7B57zP4W65*<!u>k*
zL&dfqetsA|kTeiku&NQprWQ32RTSk8v(MDcyp<`Q+27~iXVa&VHI!97baOCefI8ph
zfpi{0VQYa!vAemkWn)2RZn=Sc@pgfZ!PtYNhML;j<GKBB8ec5j?6>hT$eg^vWX$wb
zDX#l@!5h1Zb<0_#4Au1rwa*m`-ZpEFYLm8o(*>E~nLV4niwTxdmhUWiEPd=`W^iVx
zW4c$fSKAzf$43`yz6ET5S?yeWH`}y{*myK!IR0^)e`(X(ut7?X#;|g$crD5~Ve9ad
zqhXGI$xh;<eRn)}es`9t7gf_$@&_9SVf$tW;`=lQsyii^x)|OV#b<|SP3)Xso3%+K
z+Kp#?D5g_Xa8_{XD9~Nkm9$>hbhaEHwy>jZzaGOB(|-X&^yXhfqVc{lzDE9sT(knh
z_8uSiXZ4Eppml?F?<S;c&1;44I^TO3;!I{r#S-)|STRujf(p&%wLzw`D`htt_>ELP
z2g8HmdJmPT+1XiFtcT|?#;^p)&#~ES!gIfkUJe&)A=lDC<lVGbd(R*xT`DctVDL40
z()??+?VZxd;Z97s+7(~oOR**4+kvYe$J%H~O7W#IIY>rGrAe^Ehr^2*2pHTLqZx_t
z2Wo96Vj~_$xU<kI-BAop2}u)6>rI>Np6qT9U`|rLui-D(kpIjw&#zQuICehfJ-yvs
zk}G_#u?(*^n}u~fuSvgS#Hzuu*s}F0`_o||x7mD?A#2Os7XGMMj<M2xu@Id$d1wdJ
z8LF<jkfm9kZv`>$_3G_d@a@eqKi4;vL-}d5Jxg6$Gq!B2|5j{8SjF~YQa{hE`Rwe>
zcFwkrjz%J!j-|A^#-gr@wnG@lb8gtA+NQr@)o;IcQH)nCRZJ(y<zv5R;X&R~<C^T#
zSpFLV7Ng}@<zj`?qp<cY6$VxYK8Ay#8B6moZC|uY4-P^Y1hOOfBUXkahgpUOG{`mk
z3R|rEqqKBd!dq5h&Z<4DeS?)Y+l_+zf+bt7%UMHdl{qG3(Fe5$g4p{++{#p{QJ3m3
zeHPl;SLk`OmGDwng|_derv1(kap#NCjNFW3v)P3Os;rpSBI_)K<J??rvR31x5T0JO
zKAQBjehM1wM#Dy(L+YdTO48d*>hfIjeQ{j;MM&;Vd%ZI~xfOaT*WTxquoS;T%8bA2
zGb)+su7)4jP9a7I0_`$pc@vo8+l7Ta{+g{d2`V+*(eL_r*vF6+%KlNatedwwYu&bE
zI#YE&Thq+ANT+ncV{?h8-`qI+dd`he>$1*{i7z&Ls*O7GPW%qM!}e7JJ=0yi!-8qZ
z{j2R76jsRLD%&S^vkfCIPUWj&ql@pWzj;^@RU3c1J?L|TsDL&^u-W~Yi{{SVUCDW+
zthC7LR|l}M#U8ip_OzTywVi@{2Nj2^)y4;h4s=I+yDsziBNV+pjy}du_WjGW*`4{m
zN$s0GEFC9`6n3oUb$4Ho&k+_7*B3uKDlz)3`l?6T;mRksC)-)cZ<6JOQ#>yq;X9HC
zO1;K2vs)aUI@-^!9t0xQw_2Ap*0&Q^LmRsr8$W8|I@ywm{DsHFi1BR;hl{BmLu6TW
z<_VV4`bLU~(h*uX<{_zk>u~s2Oc5G=#)iv|_-Kv9JZ)mO^zEed_kAfIFE3B?3nJy(
z=1IN94&hr!nGPR|Aln+@2WI|9(ql)3x|cK0?4%t~w8daI)Dal<gYY%b5H4vXD~rYo
zUgMx)qEn$^fmi6@M+p7mzh8@^GozjP@jeC`+7nYW%wN~Yf#0Zq&%qDso}a(Zg!!Xk
zgTF|?k8>i%zploFC7${BYt$3aZY$l9lmx$(3~UVzE$vLK>=!$uD!?1K))H!VXlUdN
zs2_Am#Vg;y^S_uX!|ma+GW-Ts7VLTttn>}poh__U&q2H8%nx2#7~1R6Ia@rmwBvUc
zy!_(|e()OgHpgYUAD7sh3tooHD$w1rvNfdRW#?q)yex!AM@M(d_JI+<;$87yw}Za~
zFPqrgTk~^pI5|17J6&hDvNh(o#>dCU!O6wJ#dQ^2an;Vn(q7N`s-+$M&xic$Id={1
z3~WuU?M<yL=}^zr)3<W47rcBKHPFBR{hX(vv*~|Evb6iPEU-Wh)F&L**f}}={cLdS
zE!4aG3Z~A657q9PT7W$RV+dX2<hpt5#|?k`=s!dLb}Rh1Td!T?{QcJ7K00};ik+eD
z9V-hksJ+mC4(!*>zkm4a##<bywg0vkKR5cvyI`k<@NRMZ`_zQ+Xs;!r@+)f7yYkB5
zHxM(_KMd4w=AXY&ughuO`)>i!5<!!^dt2EVeQ5-Hm|pClac$z}&5&ejrzhNAlT-nZ
zwb;_XV6j|=#Uy@V=FNqQiIE*%PV{~p81O~mzOo4TQ~A7@!fjU$#T3oy$H>`oP8Y`T
zF~-=q)&k_PdmjbktIut6qp?%*2S$#L@5@)p%%2+EMnlIuFLM093vgXN??|s!IQri|
z`-F)DbEc<zjD~@8{67XP9GFyX9@WYBap**HYu%0y@MAn?7Li;<l91k$qk|8<A){wb
zJRbZhB8l!D8D@>}|J&F&=Mmp7omd3wPbs|fhzMT;p1-Y7<gu>b_TL{vr=a*)H}wj2
z=3jqbA11T{`|nfr3d6vJGEBe;{=QRm@Cm`cKL#g)j1JC%+i3Rp^`X_^t^WNnB8e$z
zHByo{VR!z%hu|oPj-SGhr~daSPRPQ4kK%W^`ma`;P|N=ssNaqDe+|?LL;GJ}@w@;0
zuiHKuH~eq7?Wncw5A>n87B0CfA6;!a)X0DElqD>Zqu-U)mA|Ayg(q{=%<BDg6i6kl
zS_#P5l(*Ge#g=zNc89!!DSO2SX$RUSFK%FE7419jXLTwxC9N!nKJ2SrSy@JU><oon
zyaDT8*~&61u{bK#Ikf4gvcYdKFsNe)Dl1+=E|x6NVwW6Z3C&!zD$NudQw-G@^N(H+
z?Y1g+C9NPFJKE{1uG+F_x3sr-qcT(-l2jsigR>*N>V`+^)@<Fj+2j6Itw$Qm(Y@@s
zEB2cotoSDStQy^B1h=L?S|PWJA4fZVFBxU=SZW!n4APN9KE1uN;f|Hnu<zeIO4yaq
zR#xS-tg$-pHch)-x;YXmI23xoc+k?~w$u`Cc>rAt-f3hhsmj{H+WG!MqZ*>~mA1r6
z!-*>z=7-=pDs8lg&*9h}T5uiq(0}PPnDe>%vgMFKZM9CR`x21_bwfs-?PQeQWVFs`
zFl}{(hRsLFurDsus8P6X-{{Tq3<wjsjdh->%ahsO+W(d;_eRQtvkOmD{ir3L$h9~n
z5&@sClF}TDo*gMZ`fPIarl+b~{o_$xSc#*POSxdR<6_aCNaI*Yp@1`TMB@=6rE(+@
z8G7($SY_Oee0Zja-`S;{wraB~c2&JDhjN&3G_-<ezi)qCj4)!z%IBfeF8SH_n;Oz%
zV;-4RVn?O!LuHdh&%av==!9A|jTLK{L3R!aT^EO>sy8dwt`g)|?=P;pQdV7CFE$U#
zQa9A8)@dJBcvD+dX{z!`J8d=9b9l0^`gN61YFR?R!IAC3I%?w-X*Qt7B~=tvoZAPz
z8P6@UioBg#%C9ah-iWau+QfS#53SgwSy~+_xiQ+l-6ni#yboDy739?3FH^dV#5;gW
zgF{)|S}ET|r#?XT3w(zQzYJdDz4Z-lHcFILvRNMqvxVkVD3TZNSY5D;mIDEKs$KO=
zRmR64T1s5yOF2B*k=b&uOBJCiapN$!p5Ky>u;p;+Ft0Pl?-9s(kq<>7S(j{rC^#JP
z$=PhzXWN~KZgJiapr<QTbLo<@>{Vg(6C2iP2FXTLK26NFEqB=6H-U1yYb|)tXHJ=g
zLgV3#SxZ5sV#iIj#QD<ID&&aZ_I~?S^+M*0FH&E?CmTbZGP8>Dl2u7GV=Gu|q{6r5
z#N3r$e($(LWSq6D<iIGe-I`UlzzVVOGCC39i+Z`Oyzd{eY4p?(3ysrHFTj8$RAgx6
zIYgngbTNqJ=G!l~XR9XDO}}|^$+SH(={~E{TbVYw-T4d|^xs`7$XyIE@G02sOGaIv
zXp~yt=T&_<<F08C+)Mdh@s;&;s>^WG29FEs9OPGBch(dPC3&AT_q;Q|IU`R=b%TKZ
zShzxi5%XmFZLFn5YfU~K)N`qErB`6#o9;vW^N4552mJ-xM8f+Lj+?Y9T~C}^dD2KS
zHpnI=e>dPFiLU5=&>O?nc5YM6%~1J=txipv(Y@0B-Ir^m1Xu2iEf}n4uz4(fcgV`h
zD(Z_F*z9>yrN?`05;$}n42j*|*_B)Vuw4VY?74^DYm?Ed8TV?wkkY{^-H-^YP@bIT
zIwIk{FNTpLBsW|(do@UVZC!Gztd)-k=l;ykWlh{>wXz*v&M?Y7)be-fjnuHqVK&jD
zYyr8Ify*kT`?l(VTB)_o))HP8Wm><sn`|<p*opip`D)^QXv}9=ON@E;3oNKFG`W%@
zW8_keR8f3U(aaf$!v`Jhf%cn%rX;f~y~PG!IFFsrd7NRVv4ep~Z*B#{qF$J()`JHh
zw+b-XECR1NJkd3jS!ORU&`VFE3Zf7Wi#yA0Ic#fLx!ISennZS7tP{z-pxLFY$lH&;
z*5hh*^PbP{$(Ih}mC6mPS3PRBNl&^YxY1EJ@Wj3=<*8+J1kb|i6~W`%aoz-f*mZGv
z<q%10BC9Phnw8gJwruP9#QLN3vtSMH$h^FS&)Vv50$I&GAcARXZ}|v5r6iv}Hj8xG
zanGaju@T218aZQ1nOLKv3v#83Lo1Zdb(qjI;XDR@6$)aN>!kg*Pp6HRpsrrW9GWji
z*~WK={*jlEtoJh!-`<5FeW5he!R{itU0<}q$MUq_1oo-tj=y<0%_L+K2gBfJul_6k
z1d4FM!Ry{7mwGLiX`ZZQb{l!;+Mf6!Ce8V#?f@oS7**cIK&K>~^rR?qwue~Iti>d&
z+#1)97vC}-JCnyB(sB2ZV@Ia46XWVNQilPMG0Iv9N9Sj-3q~u^!`cu$*d^LL(cG|>
zPo&4BK_m;~Xs_Qhf0-1~Q+APc;AV{!!?WaWi5CiD4*S$lOlWd}&KJC6gK?%mrp?Qr
zi7_v|Os^Q&Ls>}FlOqnW0IJ3}C5l&+?=va4C*T!M_{&qfR)0CRUv!T@jAMib!_~fW
zyI6E~q?lCJxYbdy0MTV}O)g!btHGm(iQ6>hvK-ez-w%oOutHq#NRp1^T)diQX1X-X
zB$M={<p=bzO9=*k#L#!&5uwLMI(P3wd!FKkGTj(HY9C&MeVAFoFJSWVXU(WK>8w-x
zAeyTmrWkPSrXKe3dkC3WUcQS@xg>PCBt`~x=D0e5-S%Idy6qi#kJg>rjptCA4)um+
z*^}SzZ9zOvFfbe}<l*wMnQVX*1KdJ}hZTYg6Zd;REPfVOMY+G93C=Rxs(x(uKbYY9
zf~Cp&G5BCI`t;Cb^%o*6pXjF6xQ${n9F)y1?rLB`%Y@zc_6}gvF2{BS&5H^X91uT5
zB8W(8-=dlwlGUF>6E9Ce2ba7-t&T6mJYRyY(>}(fpPF!?{kUD+#DmkrdXkg8Bs*O<
ztC|fB7BQg&Bke+0=KCvi<EyL3*D^7#f%`6<ybq_|4&i%S(z#l7HL!27_iTGAFr_IM
z2~)9X!#2!sA!b)O;5!P7Wi25}UV9U3w~on;Lb%9i0K_59L|3s;Tb9G-)c{+K)ETED
zB8feRtJ$-(*TIO?Cr8AaYR&uVrozq5qTXK8VzCKir8kzbWbRCu2f@e9eFN`E58GSE
z&%OuRVO}5T3ghNvQO_AwEw{Id(@ph4_G4eEEHmo8|LSmE6>HEWnZT8&#_rf@pkeUf
z?(o6h%Ei6*V}^<7M}8c+s>r1Mq_G!ZW6F!KhGQTv;lb*gwYp-9oGw`m_b89AuNvqD
zm&3w>WKEzp?u1k&GF&%R`zSk0!%I?=C8sSpR47KpuwII-!Qj|QCaPh0gg~&M>J7mc
zjU96(OcYZ>25$OAf)Gr(7Oq9_@<y`MuYzAMH)-z~9Jjah_-eWD(NX6mX%mBRZS342
zsdwb<kN%p%9Nf4!VpSWlp&sAWXHLE8wSibAaHVZkl!Z)~P@h18_a53NUvI>2S2Q2k
z0ja{LhgDFO9NQm}0?e<(Q2sck)rj~C+oQle!PP|@0cxNi6QxmRz1Z}Xu(nLnvrv38
zM4>miIASAgitqSJg}j_YA|rIga=fimtK21X6%*Y1qt->kbM>|3IN^HrQp^qR$M0~#
zPzix|X41poS<wO$Wjt0iUD0s`VbZ&1co@Y86TP-_T(nzB17_iCH38KGZVw~<+7~@u
z@UQXT%KmAeq}11HB(x1&+L5-Nv09ezdq0VH_qUq|+8!GdXciWN7`h;*EfS`>q9a;8
z>n>=S3H0jSXrX<O(1j**x>XmQ6)VcTFeVAUV<OOT4&6KivdP9l*96_pc{{dVb*ZEm
zsED$adWINn;D$P1P6)?#$uszT>ZjwfCvt$H5(@8xUe<hPTup-LnH()rp$)VbBqoD9
z)N*+y5JS<aoQQw-e_m%%x{;Kvj{a1Iyc%)Y;j4r5Yj%;`FiW^3z7W}b?@JXXwr=->
z66?-7P0RNbSK5ywwLJJc#89QTh$t);J!X>8?UBOfeY?YA2^yW~p#>03W)#Snv7D3m
zPL;plYgm?Zv_BnnW6;E>;w|&N<B??gePC-va}_7$(oMQCp^)2ec}dS+aj{SX6CdgK
zd<JhKO`$&Kbxr)y=wUH=v>9_)HByj3NFnjrD=<5k_9xR|oC|sSxQfSdYi^V^=Q3<w
z@RP$*Y)8f|bg%BtRP3c@0?8#9NYE3}cVJoF&DGrAq^${LkT|ZE9n@a8?;+A>54^)Y
z+HcJEa%c(u1vmY4c<u~Iru45dabRq>n~w#wUNbo7_!|RVM>%fJZ$GlrKIrNNy5+yr
z&PkV77P0*ZemIvLYLrQWfO|(A-`7@R959^fWJ9pI6Z;QAfNr^s_D>e814S_tlrAFo
zr*|QMJABROgqsp*+FUoXR!O`i-+cUV`LSyGU_GIn@J<8hmAq!<8=8SVxQlkeT90)Z
zMmXR5-K5K-DqN^H1Xh8!bU2?u^7x_^szq{u2**L5!wuJ<EI+K6DX^WU9+3zd>?^Qj
zSX?RFIT+Y$mXmvZhYpwqLH&BE>s!*Vv_Vneex`FA7%ryd*Kpt_$rCsAaC``e+}pmb
zA_%lZitEjf>+`|&LU6TQU7O6O3|V|I-oluqbI0UBB+&?c2L8?kTe;N5I}-0&3oiuB
zO#sa8Gd5Hc@`)tn`1K|sD7h)%P;>*43@f~5&qhR_$F%op%cI=d0EqN+u48(f$cOPc
zuj{q@3zSt<uEFaI1t%_<DW^H(0}(&%+;r=u?6$<r<Z)n%SWvhyp#*|4i{IuI5saM8
znc3W%55^{WLP++oUK*qxx+|y<0euORF<}DtyhZ%Dhg;uJGV=xHMGIXXvEyg+Sfmx>
z*`HSZ44#L{a=d&IL;ryq+B!h-4#=$}1fhF?It<j=3jvFHinybTqf+;jEni&*m0a)5
z$;b6(T^Xd&ySgAyilQ?-Zqn^A!3y}0my3WZz4L}3Xu$!5g9AX&APQ&THqucy8FPxR
zoS4x91=y+sWMal8VA>d7b;waahs&w~iFVAbRq<jIJ+Vs-IGl}A299F3_i$igxZM{6
zz&VJ4bLb;P2_W$aS>hIdObiVkfHcv7<ub}x(SbcB2j`$BfLgBDN$tJ>B*^r0w!{if
zjTD!j>lq*tMJ7Nb#JwZ?sG%X?(C(d>4kHeyek!ipn;0Q5`^lF*QegJMsM){JoqmJB
zJ$=0)r;0Z{Dq>~3b7FwEr~z2qE?3fGLg)RPuGXVJ?M+l+V!w!sS}*0v^@=^_gT>@C
zbs=v9+x>D_6ikOe-Qg>jH$*z*ghaal!7&{bVi}_Mj?A}(WK)3C>ISFvO!s40@(Epu
zN3%n4TO~v+6W2(oy~pbh0=sSsc3nJIzv=!7`zjB%ymg4l(Cu!nA}qUh^DB^<K_D}J
zHO*lRZLP20zv(4AE;t}o!Uw0?Dv(&)N{UbpP%C~1#Bwn2e=<oxc^Ag8RW?Dcz}n>N
zh#I8%#~@PX9|B|fe1Lc|93Mqw1gNm$_N8=7B#8UeqAXc}F!%!nQ@emjCjd$ucEb2>
z;)AU}T_I=MJ=1&Z!+=n9XT4=Uu43oY)xaT`jiN&=<8@O-Kj+JS1ZNfk&TPG=*&7QF
zb#8no&+RtYG}$lsy&GPr+$RNwTF>Vnie^{^gwN3HbVErE-CXs_a0Lb3$OobVC<|uz
zKUgqu-fdM9%eXaC8M;`DjbK(OKWDYS8<fxZe{uvoRjmB~bEXLB<=;In5UA4)Ft>iH
zL(y~}h(J#DA>xRhiZiUkw`!#PUK+**0zs$wpUiv+$OVIX;z8zu2g~(9*)Ej2(IP-P
zsUH0Kbxi=ICG3RaSpuWlQ;D51Bvd2i5S6Nd8so2jJO;3jT`>k?;fT+#`9{nFkB@=o
z6@zslPjQ_v-Fh8FQTkC9tU%ZuQNk_&e^m_}5K!_H4l!K^i0x@Q1&n<rhT7jllRvt+
zmj)kC@wUK%oZ?A>F`>YnQ`;fnAt%&N_B<GXbW4=S9mD|**WN{<!juAF6M&%vm;0Z*
zoLDy`^6k>o4G&Zn$yjn8m@^+>&K_PtnR>&Mrk)Jt*$m}VwtbGrK!3EtjZ#WmcU^^X
zU|j^^8Yr)G`ybjrVg%gw#GG46!JKE7!}9@&hy|)T;fm5=iysaLG6T;$cfwW1Tn3TR
z=}T0biej^|>_g1MlunF+)58W_KF{i7yc_blihmgmyhYiT#visaaPTFcUD>JTSU+`!
zMqy$G7sgu8Hlz&Xdih^bCfud~gt$^C{L~;SdfC!aP{YQ7u_m*PDS%t9q8uS7{QgA{
zi2N_ReUQ3^K%`$Bm*+%ERQUDmKtYTH1V;)o59xt8&-`!LZeZ&<^*<_}5PgtC0O>Rk
zR_?_2j$|bx9YUQiA2?s~vrsdXE4gyQl^mdgE>BwJ-ZS2j8COULpMvXIeyDJy%Q|^c
z4E(E6>)@x;v=Z#nDH{t6#^;2bA3+uUiJ?d_FXVOkRw~HSf|c9Im@$BrH~b6>XIKFG
zrA`lft08;B3DYSQfEE2CL-wb5^`9v7pTa`0f`1Y^|H-C;lRL$({3(j(vKp;LJXI^;
z&HqQK0##nVZ_8DUXD8Gs7-fy<9q%y20c+%YE$aoaM(QYQ^ryfXM3SdETPa@s)ZR~s
zSEmOK#HVWNpZ4|ia2w=1pHItsQE}Nni2VPw092HEio4Z6E%FCb`6o#TeNA%`j8u9U
zp>|R2G?Au1HLL=mFu9TJ`BMY9#y_MMT-7}KhEL6d;jb+J*HbEx$9y(8)t7+1YL1s!
z#jcSm)3e1#S@EA~!#}j*r#q@YJ{-iXr+C5o(;O8q3CiwqowR#_D7$xx7sP}{QJ=6w
z>nJ-^;jUPG4-;xQ&8o=(?9f|~N>Kuo<OF!xaSN44oswFhd~pb*<z#Nng33fr-M>gb
zOOW^u{39I(P()7yn>QrrWZdP5io2@tSr-AX&oE;8A}a1;_@fgCc~psf^HzXvDniq5
z5f#E0f?$~*o;P(O-j87dUima9UaM;;X&x3iQ1Hs&WB!kwProxhY}f8Uq3!%8mQ&B$
ztv6G9I{te^TEs$wMajraHmHVz+F^g`Q&Og~;2Wc*4hyqvH(b6?DK7U`cJ1%3k2v&e
z&CayN#X1;nEe%*M^t^L$3R?aNT5{ThO{e5vOSgEeYuJ;%euE4IK(hbxVZZPOI<fJM
zZh0pwx1k~a80UjUomIJ;6PPzV_IE<Q_h3hBIldZlTdf?4RMj5n>=`@UDq)kDV}7{f
zbB5?vhx-J+&fMHIOWNzNTVD)9L-H%IQFY{dG!790OSyH!K14z$Fs1SQHvYwz?L1lE
zh&*@h%-A$BM3-t<zE90`%gipzaBH|8|6=!($?h~LT3$zZCmbvpTlQ-?WmW8w%HQg&
zoR_uAsL-Oiivk5NlmoG#EJw1h@YP7MDb`H_i(94(f}`3We)2Mq&*!X(3U{z8)@;8w
zF_jB$4_{}Ob44thxJ~4LB-beQ+@GY?yFa;l1d3UX@*dyATRqxhZ?tDsd~cqyt5V2O
zo$&U4tKCw$J-XNjHwe~NG4quBYv7*HcjE2tgu_B>o%q9zv~qy74_1z2aWGfNNqwX}
z+G(_$jdPMSt<~J_QIdBkUoMW_rS|)QgS5N_+QcS^1Qh~wBo|N*_7m}sm$H|!Fmhn!
zYY@kZ$&6aNYgGAMQV@T$;-x99n|r-S%T}IlQr*c_D^Ar&t&$e@@|Q!EhkJ`78}r?*
zv&!k6Ec~sr)kg<bmNZB8Nn%06fza$ZTHci{us)BjfM8Jdy@hY+e^849J4-4w`Rw}e
zS|jc1C6_7U8>U@XoMv7b6ZWAM0cg<65Dt8SbbA{U-1I}$GoS|2KVdSv*{k*_ltUZ@
zcZnEYRvzoImN}JM3ucmfpSt6>3bVg+VIfz_a|BjOC(B@!M~BD}v&^hMmC-5hf_9-H
z3$PnT6g(xL#4k>_KiPak<o=1qW$K02qGj3qTTAev-F4%(&$oEL=$_fGm=(;))K<dd
zUYL0&?`~%6#9lh?{ieE24+}cB+vYSJJGMXbz~?Q``LkL4ev4k%mrT?t=7|76-T_A$
zm!)jVQUgp-RaL1*VH_H{KRofPG~Lu9VCTY6+NOwQzZW?3Jz#e4i&gc(aCFs1YR^o8
zW7fBnjID5io4RNCJ9>N(Yw4tMgSLmev$Mr-n@o$eE0|4O#*m|`yRUiI95Y-WZI3t^
zd&TlZH*XDDtqSeb5S1|r&P!Sj7MiZK39Q;5?avC2)L_#tktNl)kS6TZFGZy5#eaW*
z1;sm8^*u7DeuQP;dAQU@&W@PJ<?j6n3R0CG<6cjS^N71QZ=u9|4~6d#bzE?b0a7CX
z{g2fAD+*4R8b3q3^BDP+qWVkkYf(%Z%~ZCSoarnpcXL(JXl+;1dFZ@74{tLT9=<(Z
zcLJEu!xn+%LM6w&dUf-x$f596_f<D7dTPgEn|s^g3Hw)^;uwYU+J%r0a(GsTI6QZy
zw*yrxF0;2?S{%C}8?X<AuY7S=-hDx71zi0=)kOshmYXCpI}>Y_ZAL0BD}Yj`;RqI`
z!5mOrl&zrwIBDW@Ao*naRHTtOFsj^GkYFr?0b_~p11SOtur$gLr;E~AiS}7Nn!Gq;
zD(ds_`mLf5Ioq#iZ#5pw%X@w&YFx@<zlz9Yf>6G<o_q78><%Gc%48Ai%K_V#s{+k2
z`{NT&Xxj)Y4g$`Osmf}X*AWWrJb7OdQ>YqV<=>L2b6~c;o^W)FEn@@Z)HZUm>D1c1
zuXR&PX?RdbI4-BY;k*kiU?J)1Gyp@6GWs(<k?-vsSUbY{&VQ%;l{7`-RP21@a0L3T
zeNW?E_?N?jRZpifJedl%AXR0T$%|ui9^ZUu?G=Cx7o?%b<d1(i?t{-!(II%W+rB#Y
zO77`X9o2h&<2B1AV=H}HP9upRS55Ng3k6{Two^NHOgbz%eP1;9E5i@|Odu|RD6XaD
zDFlI&cSC_uD0=}i0nWysK&<jr>%IB3@*5Qs1X`_cW%SE|zLkRmYoW1N&|MA@SebKE
z`x+7%<&C}eDK5{sBSRYMdAOdi`sHG!9Qs1~&d!-Qc1XK?a<{F$Ya1uIcjVWM7^Qi^
zRTp_Tzr3AG7EbX3z;1~UpmG^>cZt|5a7vOTx>m45McF@bAp?4trg^>8VI(8MLIDNy
zox7aag3NwD6SMpjdQcXll>GT_g57Kz&#ZCh)Z2U1HojI>vsrS2oe$nQjW|SWn5IS!
zFJ$Jd#DDW;+R$X0mW&&;TQ2H13ePqZD6`M!S+jg)QD4&xe?2?-zTMr@O`DR^<Zif}
zao2-vF^bl@?~6J|WyyQAhu^SEdSMz45h|OBxHW-78Zn<#R}ESX^0x-f%YmQ#l9gMF
zr&1}C*4_+^d91~qG&2^mPR!apE8u513gfnc(Odx~7R&xDe)xO9RLXBJV4p^`$E=Rk
zKP4R+LhOZ9<W%jMrAe0Ys7ocx<B~EeS5gk5U_CBiY}8ywaX@Y8OEie<9GZTBa{ofV
zInQ~80ync#kZ|x&wcC&}ueJQyI`E#aXp|i-rq(drDdKG!DCOu)xF^gjn7?(PS9;?G
z2e8<Ry{g`y=CA|~w<)IUHFHe=WO{Ol*^MlvD51U1Q2yYmfM`G?X>~_==$H4zuoKoG
z;lQsVLi$s?jk2o`_Z;o0mWj0`?_p;((t18Z?tTl&&PeV*Or||Z*Q#h{&Adsov+{m6
zemOtMsfS3G?oqewjUrXP@yBOgix%7_r#V07JQ=)_k(q5fD35n%ga52r{Ms|)o59|A
z6f`?+F+5PVj3p1Pnn1#-A|lVNf&{+S+Xh$pWmi%;+~0N2%DtIL4BGM<rQd7cL!=8X
z)5c|Q7ME1ERumS=-Rnk*9+_UAa2|Vv92(;-Pvx8{%5l%y)r32P!zfph<6}U|EZR=>
zB|*(hL*l`C4avse8p!BUd7Ins>A(3(D22!KMfHA>CO1o=kezFef6y(VwWsnowf0_P
zfv6x|9k?!)puT=UF>>EpzPd=e;SuyhS^+4u(LDu-4e3%M*h0Y5ESbsGcsm#-WCz~9
zeM|I?eB~4ahfVcvtChEUoYQ7dRd#W>6WyTNkYTbacTKi;n0Cvm=aE~<W}k+Wa%avS
z9+ca4rjGW|y3uaU=VK6slO~~BG*RDelhXaIl4^&Tv<42h<)Ub%Qe~t2&KqEnt*_6+
z((Z4T?L99NH20ur4N5w*(y6(z8pGpyc`GYlKA8q#G8K^Ro9eT@6OmTYpV}#nC;oNU
z{QE+tW&*^I0naj!9dAZx{Z)IRe4X3KqIN&=D8%C4=EkL7=GPTsggQI56#3TlIdYoW
zyw%8&RiiP|HM_M*dC$G>l|&yxGYTYb9<A%#o27^b?Xkad9!*0>_-0>sYe)Z3a}^Z&
z9r@s3`8=YhnkZjqZO?(8@V>GzK&3%Ow`ckt5G<5ga+iyT%78B~PnJB$_W;40eZ;2g
zc^$3#{(}i3&pF3Y7vrPc$t~6Dy~rW=?Gb$1XZ}!gvM1g+i-}sB2wkz{n;X(cz*}G7
z?R6M)U9Ka9ZDf|oEq2UbUd!31x}Va?BNjbmS>Boj7<n|k4rrO3*Hz*JyYjqVV|xN&
zFX$AX=+=0c=Z9<*J|rerarNZ(fh=DSewHsT1aY~KCs_<`u2O->nF)yb#OBseUN<W3
zmJ?`Y32<&T*H*e&e{QJbK)a@yr(ZKX7*RIvjsLY5PcY;Roq6g_`2Cxy?SZ0qgPj+P
zObVrLsVd~`-9iy>$RHrKzyEHgpB{umLa40ZS2*-5b@kH2of~f}v(NU1EaC~ngh!F1
z+hqo!g2j_8Gy$ezii=(Kdqtx}ldJG|n<8lk536=(1}ez-b-P)3Cs=r@K-1@*%66Mm
zRk!d`X^}TXHluvZ1L@FHaEZCF6UWz@g#<Ch=f6BPqMDo3onv2iXSnh9ofp8vv0W4-
zwp{#HM?`CK<#wrMv%C4!Ge&8_nU@BNG0X2)Ot7Fa!gtg7KHi3Zc`tiogxf8>B~~Ly
zlt{4Oobb7J0;K5Oc8F-WA3jAHDoQchNqWJKcX@0r#Hln~j=yO^YAm16Zsx&qBg7%&
z<;=DDqPgo?N~zze3$w*b;sF2B5)h%U#|HX9RJw2|<G%J;b-t4<+qi)bVlagw;O~{M
zs_VF6LN^CWN~p1~EHioks<i@M$#`iH8pa)pj`JSD)&ZUb9Q;qS2w(Q88OLQyT0_K5
zF8Mm&f6VE&wUoWgQr}rKh6*i1R5r9+YH^uLLF_w1GtHma^9V2I0=G6ommxb@r-En9
zj}VV%Vj7~V`Qjjrk5PLgiNZmdg9KrM6&IB#eQwNkF>Ao&^-iJ&{Y99z%XCQbrih*R
z-1yERa`ndS>yG{F{K3g%VI>?6cuz25IyLQ|S2r=n+FN}0zi4TF(Xvzz73U;F5X_%C
zkT(er90yI)9twpT17%$9Zn9tKrl{T#TPNdg9ZS~jQr{R*+#&JgRZ&fTNfz;`>k085
z;<e}D?!eqRVLVx+mRCd1JEa2aJIQ|gV;8Ap$xE`H`elhFkh&Xv6;mbeMqbypXMH37
zq)B4c>T1k~tuASfR=J}B(J1Y-Otl)R3R(9j55d+CxM?NaX-!RW@g{R^h&~AEpT36L
zc~n8uuqWm{A)q^LNrTW=3so9FB#L`)NAW=RbG%^PPt-Bd7Tr9;hgb0d$&iw~VDCQ9
z%~iC)GT$6RaR-HIq7MiPlQ>w?Q=_5-=XnamqZPY^7D6M3={J|9J9QZzw#3*O)p%nK
z^oG>BuDR1ZTZrDV?tGBIue(xW5|10VLd@<_C<^CYLgJBdAIUs2`&2%<nLUjAD03kk
zf=IUrMqIGJubT%_m)Yzs5SI;GR3B^&tmBDrcg_28JkqmtZ`De{)u<EG^AmSelOCPT
z?`LtWqKPwO@(iZ>PHzmTBd~R--$Vi}-*m#NQ>Idc_EvthgG%>YF0eTznZp!wZesKj
zUtR8#Va!JeLLV(b5GI1M=dxCbX}NYSY=H3LoKphT4F7imWfr7}XW1q1i$M0s`ZK;V
zsSli~o3?HFf$DOeLl4f)^$2F?dTQ}VQhQS#JJvYf#Yj~(>;5_Zm)$JFV&ckk86x~9
z_!Pn412|p`L*boMB{3$B&kccT(mEU{(+}~O_iR>*?<yGTOAU7DjdmteXcuR7?!s&D
zLDU8l@P0}3zB+Z|1qEU%rxW>VXKbOgc(k1Vszfrwo|eD5SGf3^ub%&4w?xPeNj;T~
zUT}WLgB&Z@?%1!E5w5RE5OYNjiwBIfR44AEB|UwFyh<gR^ns}=upMxp2d_zHS)~EH
zasOsa`4g0TykG%9j%UR?--_?$a@`uLy}FG|mL~XDTq&jJ%6j>+h#yAZa}OG}t(baV
zt1fk|K<8MC;`xQR?1eXHQmpyb>PZWf&eY~tAp2_GiszeT2U$1a!|eGxZ5nAPU{~!?
zCfPwEx+s`ws>hU;pMljXPc$=$UhDfHn^LxiM)b6b%dMEVGRT8I%4OYD9nY_`JdHAs
z<}KsMlcg=61ZB^xH_3Z&u{F!#cX_Pv<YyZA2@xrJM^^CptyCdbmI{-FV%y@|%I}to
z#_sUU03+uko@@&Tgc>h?6u*FQbK+sRuHnt>GeuO`SNfWNX08JPkudrKV~Ynr(L7Ev
zbXn@%@6pv2nakSYUpznx^=T#qN44t{1;K16(KF>nymP3eG(Jtk*J81XU68sB{|(=L
zM*y&dn7PyhiqF84(fDD!m!3K1Cb_U9l%!l~3KyE00K4|Vy;TRu73kDly7I&sEpPSp
zzWSh<Go8J`u2=ba?nXzkm(6|ekBMf~j=6-OcIdgUMVif;5|Bff(i8`w@(q&X>6&U*
zxyn)#=+GRKy^`FoYTtQ_Cx)JJ|Caek5J%M)(~ubJJZ}hAb;giYiozGdZB)X}imK+N
z8dX{lBYGASECm0aES%F28M_^0!X+g8msP|QIh~IBJR+eT-FyAqo=s1L_a{QQj_8D*
zE4`nAQ9kJW6l2|KioM2s0Sa$&qtVlF*}f+Lzb|Y*7%GnG7c`@N|0RT@ud3sn3SJoE
zF;u%cu#rN`{ywjb$#CC~Tni+IDOSRWZSi5)&dt?`7py*!w`Zwwk<m_LWzC@wLUp80
zO}O{RjHoY<p7)!#{*}`7%7K57E(oK@IsS@y2ssq4SJ+I~)gy-Hr3d&N&78`Mrhwmg
zX*(pV0bQ~&JXH8+K99<QQDET(0(7nS_59W)jCs8^<16K>qrF)m5V%?{rLgZyc*rCh
zLq@?Q+!ra!{mQr$UK0rU;Jdg{rgJY>e|IMMY`)yPn_mOyhp~lsYP2~r^JnchAzG3w
zgah`tTEPvujP$`bF40akwl{`i<HE?e;_TY^Y)IW{q4mtyYgsJes^(pqB4v9K-U&CI
zpZP#qh4r!Y_XOTFH>nw{-}a7lo_eXhJ{_$S-&#&meW)GkP!=xdhDTxU3rt}Iu5InI
zH7(Ff2~>=cp=;Oo19Cx?mrleOo##szv&%nAK5(FXprysASv+W#nVnf>!rg?*UUJou
z9;1)gmhl)?m-1WKR|>o37U6EDII!<>;kj}bJE^b7r0{AMa-_+|l9LlmduXR8b=%t;
zQqdqN)V})cdn}$KL2Q(Lm#bbrw^uQPzPFj<8K<?Ny6O^_L4qx36KexPkIApnitVqi
zHv(E0YxI{2liZ|g9YnX)O69h8NduMnxgN3Biz%66enC75=WC>x>jAma<WKnVe~Kc{
zq8{^b3&+=Q0c0X==+Sy>dD%w!*g=~G;PGosvwjj#xr_bGkV1=n_xT;dCiViV;yi9l
zsH<S#v?C8u2nK%j+y|{RL*Et?%|7^0cQ2g#wk0+7+(8nb+gZL(FuEH~E5qLmH!5<J
z48OYEEc6B$eXb8=QzO}*?AyU^yXVS))nXF}{VtXb!b<1tQrlG{r3Z8wtTxp4on&8B
zsUxLT1-p7fYyET?ddBTO$`JqSy8whRaJa>QuazAjoj*X)pk*xIe4-`!X>FdtB}W;!
zL1zXo1`5k{16lW2uc-58+!?}~iRNKaSXWfFT?|*=;q|GQ1Kg$Y;bCxgFatT;)tcrw
zr_oof2BdbrsxJlr)EdVgM8lqJv#S=|(2<^cQ@NADzFqiezgE>B7pe8peNn{yWliAB
zZU;`#7rp2GB-qftxopN@c;^_jg`@gWzjUD-<x&P2WbXUyn#oPUKIZq<f5CBiP_$mz
zKi9+6Uh-UX;{}uqHc(*pn!uYYH!W!81z&POL?OJJ$#XwrfyQkq&+_PCn@DxO)GE%1
z+o0i`6G+@0dosV)bdexF)#Az7H;o#E@HNc$1ie#Ab9_!<@Ze74S#_fCq7a(>#X#|x
z?v!klhg{5nPb|W$(=!Du3OmIIB6Aq!<6p-y76Jguw^x%IF$_e)(uaU|E<G7L#_c0N
zR$8Whjdwnvl<%XUMF=Acd<5jG_?8EGX8ftr$!)b_b{!@pOTVx4PZbZgPcbhA-TZ&n
zw?A}XRqgfW@ME#8CFx9it_A7bB<Kx|27zv)>?<w?c1z(t%y=jwR}`67o&5eTqs+^3
zT9|D)Hx}4(tiMK_#@q+ynO5D#ko=$Ru`bbc5Sh<IGG054y3EvntXl}`MaAP|dwnIt
z8l&H%vf1ZYB?g(OHhFBm)@RSk3m@21=nSwD0(~uNioH-~PLGAJ2-1lRG5&*=vSG)Z
zm8GJ7?E&OXM6xvRVpr>gXfBBv%5Z>^KlSf2_!qGJ01^E`<LC#a%K9R9x8`3QlM7Xk
z2?w)wui2YEXmz)4pft9(|B8YM`{$WyAeTJ<o!U*l(_YWFSEe4X=^{hS87}H>mQ){D
zJo$h^i|rw4D4bp^-l;dy(XU>hY#|84XQz-N_*U1v@M2bp_E+*QRoX1wk1-W$(RDDo
zj>Tp{F>eS9yv8rvBQ;Z3r6>gxN)`9E<?<8hQQum<xNlXpuwd(_9BYRlqsv>gzv~^T
z5P}3S?w<%4%esc_zj$!E_E_BdV)UxDhREfTcJ_peQS*lhhZ{_3nIASZLT-JR*ai@D
zdh%dF{3haIZ9A*H4SdiW5==4(ux9>Y1U7$e3463fFHNBgDY@{fOZy_83fYXNbq&_c
zJE)Ika^PMvF=8&iX>AT+Q9RHP=g_C-t|Qv1JN@Adk^Nx8&mw{}M`fY0HEG|flQ083
zPx}dQ=J$Cr5&2Tpvc~NiNGW+Xc<u*N{e|D<@lQMy(_lc-Rhv+z`+<mFxQeb-r5e4q
zTr#ICAD&9Cb_jsgGPMFD2b$OB7#%mN)`G=in3au9@nPI0{xcj;JqJRsHEXW$TGqL~
zrpPd1hiKJ^+XZkN<`MQ~##g}7D&`hsCXzZ7^dzdq>?Z5etUjh;yd%(RP*+tAq*$~a
zvWZIyodoR$t-p#O?y(*7QdAZIVJ)%mIp~V6ngSSiHL9*t7899m24VL&Ow5(p#)at<
zU!s33@+Ts~fCP##`=h9L!5w|^1JlY!Nv606*<7mVSwSICDHsM}-OyU0$9$hDVUF`h
zD1UPnwlIKw;|TS6%*Lm}<yXpja{JW4(N!|G$WD87`ljpbHmmN}HCrA5M`aj&7%YEu
zKRxLMD_(O<;WNNF^t;55C1K~Yp-z^#1Rk!X0+5HuQBXE0168EF<f>svc7600LMTf>
z_k*s5_8^`8uS<9WphHX_&QNX@XPMI8Pbjd|q0-N~(;4b9rM+F&?;zM~6`ufL9%K5<
zuS!oh1g+}`ZrBH(?K+DCD|^WTVz9F)=II$nQ86vR0Knl&eFZX#K~(a!tm_AACMcq6
z;#sc>T>iT3bFNQSS~C-0aK>QrXxm%wJ(YiywD`fSGf8aa^Y!-6*}lm>F4c2%O3R3%
zKJ_Z*axE$!2%q_s7`62dMfQCLRITcuPRi23kU8$Fp@mX1iM`n6;IOAhf{R5qTCzqZ
zBaU|Ru3h1-D$s*r6HI7~^+3$aEl>@zj(wOfsXAtuqBQ=sMIRaHQX@4wU0f8;eh=}S
zkx<6|{RRrHlq1DOGH`6TtjCTmajUawYJ<(@*TQfC!EdX0j>)A25CAdZZ*lWq)kf@k
zD$fFJsabrc-i}Ah^I%iXj?3?0-GcS5D}eV_XdQ=15cbyJ08&bYA}9GT1>lw4&Q(O$
zHzO50Ohgfjf9#H;6Ye4qAu$Y>XxLWk;<);qBWx{uNo_5EUaR}M`O{GvM%X$1ns&k6
zrjjl}4rcXT7Z7usi(G{OQ@%^#Cnvqzo8!@|60ev@d>aqfeh=2$LYEdwP`2EO1M6Y(
z^I1bG(z6SFe-ZkC{*gTvLc^+(2cMw|Kz&<}C_y+6>q-v?u9?os9ZM(Hs>-D}f%|=~
zL)l9qc_&a6=^tiG*y~9f24$Rw#aZ3Yv#a(N9Mj)60;FAMcxP==U;+AQ5i)10KRMr>
zW~_SHl~M?kNISb3Upf^gT{gIVksiKAG7R#na8!OG=|-Q$ahx3gTiHAPo=Etc1yytN
z&SBQRoG-AEQW;h3K~PT!CmfdNn<gu1yyR9d%MqD|F)y~z??IE^5CmcW=y2Bk(GP5-
za#71C8&>MEZ>2i{K`K)NLyWh&XMfdAy(UQ9*VjuWM^}u#LI^p~K694tp!nT=xw7w3
z4$V<B_te1IA$dAIz}FzoU%$wKr@6s*E=K{<Kfei&PUtgz*!@<vB}+UvOu7#A^eH3*
zdaYS~jx(wS!zao#`xEUG5c&LAM<f^0%i+9;?oAArYKg^YTP*@+!_M@8?W*m{6;KhS
zNq-exF~zWwTSwSZN%F#>BU9;_y*11T0IGWq!kYHG2CX_TO5p3=a8-dOjWO2#VM_j@
z%lo}Lw}S{xqIEo6%p<!DE5)xzSaQR!9p2z{W}QcQ)`b*@+=PCYV5<A@&6xg*hUK!w
z>=l8rUAc0z9NmwqT`WQ|<9zXKeZp2FRnu3knnWq%`oc@7-8VW17?RfGx2MZK7t0Cf
z%Q-001Y35qNSNi!B@qj8b+SkvkhknbSMM9Xae1{@)VhwUh^PV3p9R`qv5Bf?$p`M+
z{33Gz#-MIV7Z&Du985C0db`Wa=Q=ehRoJL(-t01Q+Zc@|Wqy4Ks+=ppXt_HMj8(X@
z_OlSLNl?WpzIo5s%*H<=sS3r7_NWPD4@I<GL5g9&h%u)ZimVmZnS!l<UMigop;6(H
zoClEA*nQZ?Gr@Gst`5<+OH?;iTx*v#-VAb<r15#$^U!J0G^uY0^~~Ol=Gcz@tB=3z
zRsqo`va`z|E9hIGF$5*c1SCNGR>|t8u-Nuq&sC-=FdUw<=O(|^LCqR7RBxuV?7opq
z+bW(y_WnxQKIFq(!IF+n?z^SzT9Ha^EgDJW+fVwSS1_sLdcyAK%b7~pC}bfJ$b^5b
zx^yxov?$lflABP1Kf!(J1;E~a<DyGfKW4<LTx+;E0_tDW+)eYKDjyzqDHm0#0idki
zJoel=UIKD>){*9ec~ARPQ#caQ)Llnj3d+hOAOwo_!*!)yEF||kE9T>K8=2PL1d3_#
z?&2UEd+sj8{j@*`YDj)Ski@6Qy(gI?7OmfhSr^VI%i8_An?<IqHgvFS7H-!zcO4<L
zMRi-r%mCpFu%MnRC<bH=kzN5N^o|HkVH2?2eW(tU-^iX`hH4_o)TpeB5F=Q*GXO&V
ztN#P|G=Qj7?dBFs<Z`hMpbrM0Au(406~x~uHSj1b?i=?WWhjqMyGI)`X$$=9<Vt1$
z11B>G?gP;M+*s)<IjD@P*MJHVV7&rx`6s_KN(CK@Io7hww6Ue1n#MTJ0d|j)=vV)c
z?gn7paJlx?jgr(f=lbCnf|iOt)}N}VHjbivw!L1FHdD7y`a#0awa2fRq*=9QinCX2
z3{p-{vi3uPLa0u!1ynlVI{YM0#XC|jo$!khfDSV?e(^I4j7bsjs2_~Cmaq>fDoP(P
zp&`+T%nVKU&ED)!D(d{OseiTBD>DL1-^^@o1-LO=TI1@;(&}~6du(7<DC*5uYVSy)
zj9bBA-`Nf@XpvtUhe7RjbWIdh@hV5*cgfGNfAx)UmVu%KSJ`OYFjY-6rvrX5Xea73
z`}Lr+APW4^BjaUwPb3-<$7Lwxh^upy!J|G6Qedb%rREsnzj_Lvqo%}N&6p*d+x57T
z7%*R=f09E%Ej9HA^*473R}++LRz}@cTeWw9RUa{mwU|MDRe~Xrx9T%6TcG%LC<Cr1
zaOI5vCKT6MB?|ydu=11B`L&@aKxz*K%Nz-%XJBJORU{b;Nx}6>Kd%RD`oDKWp_()P
z-KqA}0@cg$`b3@lx30WI4-{dknkZudy+%qU40joIeZ<eotPc@8NN%n_0Zhf8=k{wy
zK~Cy`>ZKTQODqFz*viIgWvM{gLEjyUsrX7@JMRa1<{$7`u^|XHn~+mEu%MuH%HsdX
z`2#GeQ>pU*s(1hPjcOg#zyzPppZtgP!_%3N;2i!z=hq+mCJX@I$5abq^7d2;_30fg
z|A9u1ulJ9QR;P3C|KH)r)>8kkcX5Gp1qo+L@2A%T*Ab^Rz5M^eU3K|Zv#UmGH}m<_
zW{y8L1P)L`vm{|NpHXzglRUxyp+5tV^8Y~_%S49ADLrz3Bt!qRhyM#3{oP>jp@@{H
zvW`(56Q^`={C_V+Acj<X&U4MU?OZ0y@fHGfOfzx-lAhKD26(~yh^KsZM(U@rf=?&9
zgNDGFV(~xPuG9JZ;HFCt{%>LU4*uwK@jXdICkC5zdIKb&>R&#|@O_42_!_BRaRMEj
zuQ)5cfHP1>rDgO0R)ni{m9d_W)+k2dfd6r8AXq>h#Az<%AGhA1RN$`@OkyPzlQ=@~
z#VC<?q<!5KDkw7RI1v>6ihsbY{)B*`U<Y8m{%?8sx(0=Yqoo0R$;106di#3VK@eE9
z>fOu_+Vm(5cl}Z8MbU^r5D2`}DJ`7GQ0IRket%pq2wDC~f9Rhc4w}hQd77FVF1DjA
zsh2q3uqR+mwF5?(i2KlkaM@u{DZkml-y$`QBJrUr5G~p(0O*-A`us8vQL#~*v+j-0
zZjDW2uK+tjA!tJn3uGr8lvqar!n*=!YeC?PZx@FF+SI?7J^E!CB#11s`Ro{}SX(1b
zI!@D(s%0uLwT}lIX~I`W<djq^KsjXiDO3C$IU9T&5RQp%7`MHC>lo?r*W(Xd%wS8U
z+vSe&SAX!nsX@mrGmClp<HOuB^PI}F3nS>*)Z-|ChoDd{r+H6i1c2_A`#Wovo4u;5
zDn)&><Q&>dWOrp_xSM2O-|Sp!IXW0SdQW>WcW=NBMSvdp{0cMcS`Q%7OcH|c5JK!2
z&>~+Bc_5c3StErHN4KkHL-=O?AKKnKkm|qvA1^7Z5FwkQaEuaV&qQQ%9P=0%*=6tS
zI9Ul%vXZ^`JlTcpEl%{7y|?4=d%kqv_xp3-pZoLs@B5!WoO52U>v`?#aXp^zB3(!I
z9mMwmTBsPxZnaob@0d*2dyMao6T|Y2@8_)dfqZ%xLLRR@Kp#fvX5|FSHInR(pG>X$
zCNu=y7Mmfe2$h%Hd#u^8NCR*<&<gyL^0IY|aVGDfaouw%3bElvn?Km+JiLm<>U)py
zJMm%6$3F?CY>?QAPNNwJ$?5i$HMAOn7#k9x<Lo{Kgh=ey^qLb8to!cQl_8A_ZV|z`
z<9bT_N#Q4(QGV5Kpq;R)A_o4)h2E}QeGlV0X*bF{Pl~5a1QnxeVDMBVIuk_sgIeF#
z<i2QpVB8H%u!A3Va!L{)9`|g}8_gtTF{Y~l>W!LDQ(nJF7-Im%7IZd(vpV(90^-7@
zy9A)MVtSAh|Fa2FYC#gz)Om^C_GhHXQg$QbNKuprx_QrVJUdm>!kJikFp$bGRjSx@
zrS*LHBT>ZR7Xpc&0EaDUE`B_eB{64ovXwyAr=NS{&bu$o!6Z{qZ_hR}QxL(qW#~Tb
zF<%qqyOWU^81TKSevT(l8jh%2kjQb26$n0ucLmxsZ*l88H+2(1d(H--4Yt`Q{;`*P
zfvmESc!;hPaw%-)%2b4bai9}h1E3QwLv@}TO$2pF+>%ZN8Qkb-AffhfdtNjkuDt52
z6#)#)Aqzm`_GDgY_qH9n#PzN}y+i#OlD(6Qub@dWW?km|!p?gzIc9q=|M}gtqczpk
z?Ur$o0?;s`gqG&QyfO_^2;rSI+O=>{ltqA|41hqzvLPrlK!QHj)x4NQo?pLP;NYTT
z@LVn<km@3r$h$tkTCiu&^xc^KIP(Y$x*7*_^tb`)K`PcC9NT*D{StvoFgY|y=rb{^
zNxA)RsjC`boX}nfium@mMwFLIF$HR9LkJoq|5@yVJoOE8Wom^hZ~!p$+y_JBrh>8_
zkyTA@&=9kB1L!@=Q{{Jen!bM&7p13@H1B*%N{sXO?O=2hx&j-;L9l3*?WzOw2*D9Y
zV0x8)V~xW>QP#-Gejmd$g$z5RjR2bJIJjPpVK3$oKmcZ$+<%_0f?9t%0sZ*pmLHx!
za+M<;9tZBC4EYXf1)&u?Rzbly&s(>`zYpMNLa@<e{+S;Ps@}7dQvke}Bu>*?l0KLx
z&=LBZu6ijq?+1i<-j!xmE*i`kk}t>_bq7PM+Gm5G&5JgLdp#lta}a^N)~ZEKRari)
zVB|H)?G|8&8#o3d)+s}$?}Fo=M{9#m>-E+FCfT$1B+u`}<!pJtlX-zltk-LL`v>}D
zw@4;-l*<+iJYy_w|7ReX#pEzmPC2uSc8XEgj~b`sLcDUT{&a3aO~Yhs>Yj@9$FjTA
z{a&iEW4Ye}5^PxI{!y^Lj&;rA=l7-G!T}6!d2f-?x6a&qwigwUqQqO%iUa*4m!-1G
z4Bw;u5TmL`PTyqECpPx)vcy-Pt<m<nhpazZE4W1(*Hr!dS81b7tIG5XFdwm`%wEFW
zTfMnzhJNdjT)P!JU8OgD{QE%_pgGj6@<cwHzQW^)4AqHvjO(_DkT~(1h@6)9T*m;1
zY!7vQr%@v8wrx~8m-9qCmg}Uuz>NPd1Iq^FPGdjYND%<%l^vDV&42VN-Bp!1{44)S
zR`UY3m#?<yacu=4a#|2wf^bZYup!k|oA15p`(8!nee1Hx)VEPtVso71eo3$3DUW?5
zzdpwB9p&p`)C0X~rh&Uz16b<swM^@njopLZnnq^xR9Ma;F00pn*N4|~R~xInY$cF1
z5);=v=t%3Fa^TWcKaaE2Uk?LgRAKCoMXskJ>`MTL-)-Oq5L?|N4!76gl+4QwslCxg
z8I4}MhkeItGxM!Q>s5>=qWO6#i=qh3%u$u{x+NHlksb6-!i+Y<S1<;4NH8T?{i<^c
zw*@qG<I7u<bJYGN(BdrM!E@OI8y$lg@$wM<w;2TPMP_@RGi;zut(0}~)+FX+#0Tt}
z^cww!mSZ4{cs1}!G=_Zotlxk)*4+n=OVCS&;0<;i?WfaFEF}#v7Mmyuo3l*^oyILH
z<k0gx$?KB9EG!5}W++e2{njq>j2mQEaamNw-DTn>4n01via3ElrVu8W3{|_9Cmvzi
zPjLwbA^xX8Q2D-+DrEGyNSRVfk2MU<P(u16Uyi`0_KgbKv8gEULJnj!<Nm39Bn|+Y
zty8r>?d8VMy71CqJ0>VrHDr0=i##Q%zK*!YyXUP}<*R|=!wfQgkOWdk8HOkqZI+9d
zA?yn^N4XC1+JcnkCE}c|cnGf2FfYFT%}WHPBPoy$Av5fei3+&>rpL$AujfxWmnnUX
zz}^L)d92{_xw{6}+84t$L=Ln8bi|*u&pF3B_?AZ(FeE3pF_Tbp)#aDDqsNbluRs&<
z{6YZ!^|R*0inPF*k5?=uy8@c>n|_{pMi?j_b{{D(_<UL?W)#pvO}B(H`&Mh-S)y4*
zfhn!HSGL3gvDL`zZJ8@Y3)=v8S%zz@98pi)^WO`mKBXHDk>F!K>I?1mDJWLOc7)oE
zcNUz&us#dujB-Ptlw7-uT$>br@>h-wv)8p6Zt+0d6O&o;hpRi-56f7CtT3*FJrrIR
z1iG#1Ar9PGk3m~creYsXa$-M{Nlt=5uwSP3csn#$si;4)@nd7%PVFzhjN@%M{Y<5*
z=&C?g?}x%53!WLTKFM_q>ga*SDbqsT;KT{aXy=AopEQBFPU+V23)B|`0E~1Zrktj5
zw-Af>X?Nd%#9aj1eggC~XGOa*O*TJ*2$_d>E%?&W&HhvW&yI5FOEx<Jq{hyD=}0Bq
zwjR>uIK7`}rYZHrc!W7x&si<C=H7^b(|22EX?Jozuv_59z<nr52S%t!ycRhEgojht
z!p|KL`MVxT1QAr5NMbfZ9#lhnRW<|6<w2{<ji;Ht%=Nh|?0g=Nv0rqeDi$=pTet9m
zOfTZSgpa4|M$wnfed)Az81hgN$+N!)M!wIfH4cbHtaMUS)qaEFli8$ErSG*!U)C$P
zlZI@D38`>PImpUgk{Tp5oOi|7J(AFJr=nZddCJH(1x9dd=_uZ<Jc}v-P(doXjhiQ|
zgmdMlB3I3`kcCw33pB<&65g-K?w8%xKh1)ba%lD4cfs(@_{Ih{7u-R308DV~MUm<8
zqO8CO+}<Rg*SlFtrgMjt!&#Q%%ev!)ToKXzH%{;Mirt%(JYskj6z;ow0<8JBPFFyY
z5#^?}z-!V@oK1hz#~-tD8SU4GtTs(z*Rtw+as%S{Q*?I?F`P$Fj(m#NNobehS-}VE
z3>ALIn;kZBwvPdjh#@qEQ!smV5!=H@3<G_1OA9jG{u@7)Do?%zj|gv~{R$WM%2G_|
zjN99zc?>hIG2;@B7a$oIoC^2d4-9AJH95vMQk*=j>WIk&Jxx=5_MSN{ippi&*>QM<
z&M*5oM5vH#lxyDS^JWXuJmUF$Kh3AiQMunljt)*a)vovnsa0q8-#A)X?jS^agIU(v
zb!94heTx%ZLGL!eR>b=_VEHT3R)f;qr@hqE;+Zr5sw&u60xkd7eqVX;%;2C~*}hV^
zyaZ?*X}&GcK;6d+XPYyB7>@)ESuVqO2oh7A`<JRt$Wf;pmrqj%MUFC-Z!#Y$c$LcF
zxN?wV$3<H+=j)f2cP?GLtT(HEUU%l#X_h*}QLqt;bZeJj8?1+%9F*~ja!i4op|pdp
z-*Km3zA6QEYBj|CUL<<RKR)DS`HOtUHBX)+*;8PQNO;>(TVD}9Q+f6i)<BiujV#*W
zSdOK`4dVx5Uq;VI`K}Hz5Bt^t|5k?dHP4yfRjQY~_-&NPVV9sJ<P-M7?Tfml8>o;v
zSbo2M#iRU%pK=&WPaofh-{>(1?c8b`86G>wP}w0M@)#w<8PT~}q)H$pl0A|xCDnvD
zAgEWFd6TiO$&k;{x<$a|$=BKIpl`Rd!w}4>=NvsJPxJI*`)TkxUxPz)AT?6ldEcD4
z{F=eyTSCU61s3}_ZTRE8FiAd7)#V}ni-sanLtoSHcn=Pn?~s&8vdf?!E;kg(rNusC
z*wJfNzqB><)!%(nXHKK0nZt)k6R_P}gf$ig`daL+mj~Plru3AA9q)u}y1kip5@}FW
zQY@au<`(z+NrZQor0?!{j5Oske^2N4xsN-a-}t^|Lud|rXHHZR$8}^l215{GoQ_^U
zb4Ci`DWA_!sTv>*2M}_t_bx{#gU@u18b{_W0NTSoYHT3q4)If5dT%0gMSAHCEZeR)
zvtMO}p^xO^_NR53Wc#etPoo_7B;ROeO)X&cBzX_!R?2#Nnzh6u(Ot84=#5~$?#2hV
zl#|{T6s}AAL~$GprmsH`-%~nvcq*1Fm%-%XB8Uz;wLj#yzk1yUTKKf_;zpzKVTboK
z_MU)rn7$G;D~>u4r~qh}`WmNAsnqrSo#m`%Ldo*U(JMgXwvWsOCFJB}V|Pj3Q!{2`
zU&=(aT)-GLg^z5bf5X%WPYHEI^_*W8U7+O=;n;Ml4e}FMI;V>sISkCtf8l=$^SpDF
zsr;`9E+W3uylAPGyb5oy==zoPmNSx|_vB51=L$^(e!qV@b#i-ZAgW%DHNYq@zCLit
zeQJXuXJ#R|`r}^OskW|P>N1%N&y24KC{@cgxQrf%8D9>his0?zq}H4La?4gWt7GBZ
z!wkM10^cHbZ@)Hzo4yS~h<>pPp-i6Hezm{u58pnnU(j*E)iUuWMg6vO@Y1hSAQ%+M
z-b0<>`Wtsrg6lQMym1E=xZe-Z-$-Y1+r&=J8@Z`Ull>gD7j<)r$~uiRS1jSD_a%=v
zS`4?d7b-%rtd|*<iQ%*Au1gtv5v0*Libk5|-tkmSC?`gJNvVImx!zdreApw6L-uv8
zyQkjnFv{R+xX{(cLI<B^eMYCrYeaAj%=V0zqR+@;I9T$P9mC1&3l4N2?Q@>2V3oe+
z^*c@;xyfcJ9TrbI2%PZt{ZN*8M|K*awUB9i+XyO*_ZH=dUpM#5J~w2#d50Q|SIoIr
zGEIHh5S+gShV(!}We2ew1viCH`~>v}RC&D$q{6*Os#=I@J)l|NAQQ2vuALab_XcxS
z{gM2T_ckY&(Ln@_5Jop{!B_|NsC$9T%BJ6&<wQ!m1&e!zKf@fcnF9mFZ@T?~VH;6c
z_v#9V2V&y4KX^&`<sZd}dk}QfnctA*Ns^Sx68($k#9GPID9c!v@_ff~h{==dN3FZf
zdA3%q!FvrMNy|IjJao!wQaq&NI|kD~=w^yGL^_Z+ee&5aFA3D%Tz6(Epl?Kn1H9s?
z&1q0ZTC>EbgY0DAl!T3jLMdtVM2C_)@vDzI4Mr#x$^N1#J%N-E6}K&=u@px(_|kGd
zKY|mRxLed;d*#C0JI<H8b{o?A+Vt{;;oc252sU$<(Fr>rHGi7(%rx#fVS?6U`2QT7
z+1bIdGvHX{BOLQh`z@ts%Bdq>63OQLu}|Ol9f!n6%6b?-&LY8MgT;H|V1+!t#&Oc)
zlr%3r-w%{DmdjRJaVdmVU%l>%DJxd;TSyyo1GX!3?)8SAM#_9=&!H_2P#UU$(h#ae
zH@=urD%;m@K7o3+R-YgXOtN7s+6E905;FT=8=pp<eBYZG&vqS6g=8^M9cGjuz2wMl
zg)@{R?1KFtqZ<$Af6e@8G^jfII52Ejz9Zt;#f5*G#kxl<RE|KWV{>PUQY4D|j$tC1
z3Mf2kWj0$L0A0EM4za9jjtlt|y3U8`txn#kuo`Pj*$^zu>fn^nLu2OUZgM-jz<4}v
zhFo)Be9OU;l&Ya~f2m?27v|eT6tUGWa`IBuBs_)eHpA7JBaxO1U+S+Cd8}V(i06_h
ziw}Er;Rjf!AI}Lq(IRBNoa;LnKm{XLz)5gp8Rx_c*7;5i+~3pW2c3UKx`X4WaGa7}
zgINto3}e5gJj%XG&*wGXHSrx0xq6!!9eea~eSbW%N@u6!q+QFZU^IJ_)sKhH@Uw7x
z`L(IaN0CcjaMZ0Qdl*4E2?vu@o!<_@wi(CFcvmREO!m_1>()Z@d^S9Ii6`)Pc7N!j
z&Sqk|gBRNY5U^*GwRdCal^8O)Gfh~l{Mup0-6BS$(T;KYiZtq0-cD?X^?Ny^jNkMd
z+noo#N0W{_uYTX@d!`{r?T}e}WG4P0i^V|la=?%d<6A(_jJ8jyDhlIlQKAoB223=|
z^}fNvzKfQrF<eK(!>88Eqa+S_q;L)Ip(0-bsTM+b`P9Y|M=f2<Erl!cZx*>UiDi%9
z9ErRKdkIdd{VXD1by#NR_cn_(tIT*1kN-&Td$=zR0PfR$n^B$7M9zBD9lLJX3#Noi
z$XjD-lVV0-l=+_;=dnJO+eWGeh3LC3M6MCs{R<x*12Dz*iN@@gi(K@IQpzXLdq%AF
zN7}dY$*|o%_(^P_DRyf$qP!6hJRNG6x<bv8Khkp4W>JbR{Y>&2z<3#m(pY8~*WEj$
z^5ssfRz{718z?2<Ibzx*xGsV=oUh5^uKlYd#gBdcEkzz~V<*iKU)Df}AUi1=fl66s
z6N?^r_-2zG<wFlN@IW3-+9*Kud`ZKl_|0s_=)n3<8vrjS9XRHsNg9;TFluIjiSbC`
zp7<my6T+MKGmK)XeW;I*pPb~1{!1LY?~IRfq(m~m`JopDDvWe0w<d=QPWA>oZ>M;_
zKzvAcUAP^(>qHiJ=4){hlZ?qd9;xfF@84(TGqaPLBX>uUlJv>x`}t%9UHGt>uZ)uF
z6_x6LVZLtE4f)O67*gZ6=Yl5x>tXTHDTjbK`&e~8h>qw2=(+uK6l+ua1wjZ0{TBbd
z%wU}K3`^meXr=*F+D`I=*<3RTpKVHEe~|-VvmGs%cM*K$&M#{tZW#P9w#&MogC@eY
zgxauutk-{5HHE0RX<hKVtx<8hgthNEo|&NZkv&v=Fu?`w55#Y0GbHv!59q+c_|-?m
z<i~TNf;IC@UMn$o+Y=bzCQHj8BpS+iL+yr2suSciR?6krt7?>Q!9;%(=Sa#@kw%n}
zvi)Jc8bFFIv;~Q!Ci~vd<hN$Hmv%;-VywQGP%sf<VV5&~nMWA&gKkbXd-%v8mm3Qo
z{g$Qj;d>^*<MSDpUAvJhY#tCdwC|1Xt=vs&=EvFPFkcZURYWz)3UaCIP;6nQOqhWv
z37EYdU4=a=m_u@aUCvOgzB7{x;5IV^sBbeLvdEnjWAoPZN-wDDZv{aLknjMQpLAyu
zFW9A~qP2Do+Ep^Vin-w@uxDc_5D>Q!HSNCD=8G%)IQlU2WT0WDC>Cyrq>iNP_pd_Z
z#rREQmd?o&i0C;}(SI*U?-Ir4U04)g`hLMwnL97<-9Z?c%ele}2%Z_{HIY!H-+{i)
z=~phAV{~p{+%;yG8cfq@aR8N_eirheE86CCL4cNLWH?g;Y3UxEw~?zpeu?=MZE^`#
zYg>^*K9U6E;6o72gVcafGC_IFVXEjJqJK}bk!+b1?tB!P;;es@8Qj;fzK8p;yv`kA
z+mAj^=klrRby4+fc)Ar|PLtx2S0l!<ZmR!-C}8JEo&=7v%+h6;ts(RmJ3FG^yuGDg
znz-7T$b(1jB;v9>-R@Bp>)O4jt5%RE3b^!Mp5_aPYx>TGgm}6jep+a)9b#|FU&M1E
zfF(T{K*A9O{2~i`lr|x*wat-*6RC1H*_=6l9i$qj$VGUni9%3DuU#PBO4$65nuA$X
za-mj6<|yAdCjk%C9K;ITW)!m;s}t;f<=a0bU6SH{C##Dwp?mmz_h{o@#onACP6R^t
z-S@~j`8iUQKEocRJr7nur0-vz8XYYd=|BIHthV`r4&$9e53>9)PEfd`-3&h80}vKh
zcUsG-QFHTO=AehKYy3&r`7_w7keu4AUNUAM&H_hqCos-&>v7bl{e)WyyXaTgt)bBz
zq8Bb6a30@>u@3rGBCm!R$b3&;9r#2aB@X9UC82IQv?>YtTML=WVOUSzitXNOEKT^R
zlbYS9iW+W|s1hL@PA}F<D65RWQPfXYl3uCNNT%7CQNEgv37*M8%nbJmcq(EjPl&BH
z<8sTd;F2>3M|T<o&Dvi__Q6k$7GCVkq~AARZ7FweRgCd@a~6<Du{KjWguEm?Bd^4L
z=540A{Ax7;X}Y1H%K7dfB1)0_lt#N8Cl9*OG!+3$&)C$ee}J*ZcpNT&-P`bn5o^TB
z_W`O7=NebwU;?1FakCNEh<retsfug?pw=Dv2MHMfx)5oMIQs*3Vd)Xjiu+O3m4ubq
zerd(I)$!Ebkse8<U>AgLv<?bVQSRewgW#9gfnvZM)1xB3NnlDxTzCloteUdM<hj6_
z1xr~lRw2;TyViG5bM2TpVnkXEUi0O2F-q4jy2#aenDvUZPIhWP9R!yeQCyN%IzWA@
z%y5)0()MG+^oige5j36TiqB{>ZW%QLVDR#>0mV^^8z`N>@s{KWBb;l4NYCwdybxlO
z6tmJ~9tzp3!sAO`%cv1PW**!8@Bm_dxG(>5J?i5q^I~q1njDtHVD`dNpYE=+S}yD|
z)D9nSiX&YblB~#5=Ml+lBc46J-@I=`1%TF5*HS>@2TX9uOXztv(|Q%gcNO_<SI9ua
z$WrJ?!EUMiN^*PFAYw<N&)>efbv<yX*H-9ADeL?qxK<+tTDDyg&*+Uo0z!E6nYo-@
zCe75`bE=rQB)0|7ea%A-1I4VA+!(dgNl6i1uOEa~bjLq|E_khVrEkpWJDU7Y-prqU
z<%3iDjWEF=KQ{7aC|)X;x#;*}#7q9B2G~nW@775ON7_{ki<~5b-hdzT&i=aq3&Yjl
z08eGJo*;zatX0*R-UcyfwP)@Jk>ow%w>wGB!_2ETy4L7Jbqnhoe29Lh+VpoI^~T5>
zDl53)*hhE0y*)qr@hu7Sc=lQc*x=~1em<Ps!yG1Uz|*qhH?Z1K1yTxg+=K$^5c;WF
zr*k*VIP-&krVT`?RQ+dj|BO*AiI*HqEU<JZn_7QGecOoQ14XJT{VQy$<RzRoa)%@f
z@5(94&|p+@q-K%s(W-p;fh3&^`A@(89T(K}5{>$I|JlIzj^d1B&m<^#atL_#F@An~
zHW`nmcl4aUWW8)b+TSZG4B&`h*hG`+?+(S2KHQP7rpB@Qt(0_#;BqlG{f;h%>CTyP
zaBH2x{WRXP{QckxE9M0$?bs~qFtTjz&n_-YZ%$>6%tz8MSbUf6vmwHGfs&k40w=)-
z7Tr%$8t(bWuH-IlBpZFUT-1&I#wJZ6!=Fe?fv<j^)n5VsVRL#b`FZIWIo7XqQvNT=
zAL<4Xnh0{RaPeNff+zjO7=cd}c!T_o=(y$b;>Wc`yLPN!OF^xVQ*K@DbYAY{Fb0RK
z&08Asng6&ymAmG7Dzg6rFe|lzR=9`Y(@kui#c_W!|2!wnc0<wb@!@<5l5%2TRC;_r
zzcs4dz0}BSMlf?U;AC&{IahvbSI{-f3AW=UmqHScWry&_sRY%$MTb|d$`uwpB{9Y6
zzw~ilh&>0bGCz`eO87NDZqtR5VYUM<Q59Nkz*?aj<3e-Pw$1rINYuP0JF{7_%t_<7
zAiB@1j?nfa(o=a+kUq%KMY&gfTuT~}qKZhgd}m7g+4@r}Pd&BSdl%#{n7#lv>l>@>
z*4q*#Bicxbg|2gS`0;q>`Qh=++=4VWn-!ftOiaM26!M$$C31KOVe<TNQmjLQYKehK
zpj15m&Wr)`9?jtF(5i*RllCqjZWB4BYg+TtldnQPuMqpZXL7A1ay8fExPnZ)n)4N`
zi5$Jmew`$QV)eEv=M4zJSlCy1OJjmMZUpm|I{TyTCM%oe?$Pi}C~D4srnU^f7Q&3v
zIIn9y6(kcfBWxb2(5FT%uV==x^VlJ-KLbS(rpWqB-iIxF;X-BQqe^d1(TB9GNA3Iu
z(cx+Fx{DW_k7mSP=b^)Dtp=*n6^nERx46Hf;?LPm*VkOv#M8~lq&WI=0szxRW3B=R
z(aaG=mv0-swF&zo!{fX9>{!i=O@g;D&xA)m4BNi1KU3C+Wv7PkM3huMQqku|C>#%X
zWsXx@(sS5Ja*MxPKY;gWp6rOI8Pf1bqmYs!MbUPjM?db0WY3CwfvGxmSIn%#VVhzR
zqt9~TXu^`U6?a(Mb4?4>$*ne;8c(zpZ8-n=@*U|!o`|L51w3SL=ytqAg9Cf+!fw$>
zw{W`)kId%8>`!K#_1wA%m0w2Ep?-CAak^$7=0UQ~hl`)OADf?B5_|#1FT*N20g?R4
z&HVWrK_|DkZ0;QU^lLoK`>b`(iNd>bD+#&K!06rUR_C>E578lPGa=6{tiP#zlJKhF
zNW!|anMjHCR|&f<$Gs<s5;GM===YwOZ=t(x_k4L2y9aI9dd>~lAiLyJ08vSIPH4t{
zb-YLLAxYxH?c|%i(kwK1Lx^wYw>mrgi#0x)JR{4IG8HaA`c%o1&tW!K>{f~!isjK6
zV>#!4kx;>Syv$NHCau(@CFG)~Xco#Ma|~vv%iJy-(iuPyzmU3*mN;Gtcub@Hyz&uI
z)fKYgwxCA4IJHkCrNtK>wOpWfm$`U(*F;~*CdrVb$SJ-r4eg?5M1_KrT-JHbZgQKu
zOD`L}TW>^TTF8DaX}<KLUBTVXvCa+7d-kx7##K89Cn$e;zR)4DS0ZCzGoqTfJ+v&p
zPHRU$`R#Df25z=2qgj;f$U3nitW+I+J*T_4I4En}Y<F5){6+=fo!Db?u}#_?v_-3&
zisx@Rr2Sq5tQbx<qlJRYifxzQYNw;aC|Ctk^llB=>aTow>+$^oeeAI6I#qJUN!DUT
zRUZb2K=k)mvzjShY@1W^Tc5|)F_OSo^EADw0<ZTzXnd#mYUnhptx-PTspFEr%2gJ#
zOwCV|lBCUwSXw@zfD;qmp+7b`gwTC;t5^0M9{EeDDnf-1BJ&@d!e{7tP)l&z*Cgi&
z%T-ciiU;!Ll@QPN5J%F+ITWewof^qCUhNUZFH~<aR(-+?qk1`fyW*lrFdd9q+Lrv~
zIeeDr3;ynwZ@DVBduBeoI*&(gRru=I8&IqK&S-IJP<;71ZaPsnDDLuae&8IU|M?&#
zgr<Suv*-NnDf?cWvn$Ef=P?<4k?M?^v+wwN0G`hV|108I1id_u15lL3<U@JHH)CE+
z|5oB}OR*CH#WE38D3<$#Qs7+{?w_Yh*J3poe$dYgiy$U*6IE#sJ%>-ND%IwyEd=MW
zHEg)fH({qL*R1{5-Ww%e-R`uV;4g33rP@2+B-eW3M;5;zV@rMjy_^4^cYFP>?}py*
z+<E9{4#`v76(yY1?^6WDmEyyMB&Za)6W}RB)In6%`3U?HX-KO7`fu{Dq338}huw1H
z3gqxkiu|7kS}Y|7dOjNZ<nX<9Nww;+M%=Y7sy{FAKR&j=f8ILZ*#nP@fypFO=3POp
z;zf$CsI#Za%r2RAbDVC(J^k;W<A>LZou?v=0-V9!aKlWzu(^)^l+@op^#AiVt`|%H
zaW-e~{pX0ufTQ0^M3u&{<iBM{G;IQFt@&fEY5>Fb>dL>p`%5Va{Opo9y#{Y1@J%wg
zn}{P-!CPd4w-^qJ>wi9<U1Dm|dg<?PhXl+*g7-B4>D?=F_`n|!wZBl&@NeC+*nMm#
zXkw10f!CKd7fMk-{-bbz4g`9zTGf|yu&I>5+#6DeobabalF)ONo_UdCShO5D{Xb9d
z&(ZjM6Gs2n=lVB&{`>2<SfwK3ynm<LvJt|}iQtajT+s;L0*Rag-h3<0=xrr`l}ZrZ
z{yy|G`TFxx0t4)#RGZl#gi$ry4r_x?`2xKMpJL!JfaDeSpYqx#QZviMI;m;n6T-A(
zxMywy<<bGl1*e3MQGJ#9U-G>VjN_XHmm)zxu?C%q2LX6(59m0Oic3>~^0NM?Ue!R#
z%X?2<f;1>@>#~xU0yvK}=sbcU<-PpBls6bCZ%y~ZLm{BN_qbPC!Q+HNk3$3hiYU4M
z$8!HZzi1Mmw14qa&i#@?aP}6LhXP$^fOK6Mk=7m_{J&1Y7CMFRT5m~#b_g_YkwQmp
zb#~N{SCRS8LoS6*!S-{yGYcUs^J=_XG%;Jee4eUx9tmvdzdsE>{6%8e)^nh%mWT;i
zAb!$6hX!PC`oCn!3+ZatlebY9Oftn<2AIIpynvp@#U%K@i;~5RJt2{UnV?zGBP3HC
zxQ)3!U}#It#I!JK+5dd_7tq5SSfqP15W?nY<M*J4m;LkbPyZiE-Vnk1-`^GJ&3_5H
zwZ$*KFz%_i+Df*)2>uV{1XlJ0SefC+m&Bp+h#Yc@yh7-}%+5q4M+*y`at)#)VgFB+
zGrTR;t~i>NT6&Hg&Lulun*o$UOcyAHA*2*-|4S(h2-W^CxeCI$LqI0*x59xx|B?ZL
z<$ucc;UYJ~xpN|ej~_~F{Vn7FLqYz#y8fR}2GsSxD+o~6|A!~;9TC^kvpV)Xe2(}(
z9NBq7=frb@|JC7}n#f61I>;kR5dUeWeRjabI(uEprDrzD6p82Yf?`Vy@B(ek;i`z|
zqU3Pyw__~P;{G`~&mM@2uUc4G9QWqGPfm96^kWur9<$6?oKpT1wC5ffw}n#`7O6`5
z6r$0XE0-56zg!_Dt&M{bB+!%g(BO$n1C<fK8`1WdCI9K2gzp9%|2%rdOM{Ap<W@;9
zTVn$W$ZEfR%bC6H<M3ehRpgnEF6JguaHgfx(>>1DtH>ocjAtiQp~F*p4IGk^ZS!v;
z8WVFSp=8h8L=*?GB9i9LufAv)xgcCb(C769|9GO;QK~{X1+}orpFd+9SX}ZPZti}6
ziu6la-e&%=JCpb)>U2fDl-Oq+=v_&>5v#5nF*tan9{;PGfrUbMBwyF?xZ5Lu0AwI=
z$T18%za_q8l6kGsnp6ddEAK26o1=rMFd&M>v|jRGqv*rB+OE75bu|9rcSk}C|7OY4
z;U(58YpbtU3g}+oB)-4@N2s%k|B{d774dK!VEnKnNf}#Vo`ExZi>z~vpl32d-NA4_
zIg(Bd1fG47W#v9uaPfe}m+#deaxPy7Z;A@0iZe0RVL`FoCv=W_i67VBUy=?FPwz`|
z_xWkq;5qz(te&zlzO!+>#eN7A`Ca6}45lyk<m9y<5*sSFypJaE-s+4-I-n;=?zK!8
z_h2w%>&#evy0ZYut%`T#Ep+#JG5LmenUZpa?nnVWFMj;o<KVIosgIBt=IhHTsG1dF
zLtGNKKrq<<6AXX|?gA0mUlm$F%l$z6mB;5cbXsO!CM(*snF+OKUEP%FG#m{5F=Zr9
zyM043@&1aWl*49j*WExL`!X6mt3M|$M)c(9a(qe2b7Y52>A6()&&#7lPDhdtfvSP{
z{yJ{0S6cfjOTLy|X;2E3MM0WG4uAA0lKbL~KfyGa{SJRA`amsDJuWTX;c^Rso_Xqz
zmA1F~S)_5)nsmu=597TGR-A6T$H>w03Y;a42w!|QP-*Z#Emrt}DK^1vU1*|}Ww{3x
zCAKn(L4m~@ct+ZxpMi59{hwKsbNtJ2qP58?^d2i5Ltdy~RY@ol(7CHww)TiG``}?*
zqyT&2j}8*<eZ$47`G>}fgie?IL4FWT@892lLGDuK?3*$4^Iu1%b-#bivM~{I(*Tp)
z>3MP!G7=EPgP#JgDvdA!=M0it=g5~MmFrWY8rR5%2y}d4+4>dl>)&k!e$#z0#VXA%
zzAVj`YfHc6cH1*1_+N@$3V*Adqfe!ZDSsxbzHD<C^Yb-ppAVEnpD<`qoo`muW>Y$N
z3{*MpOqHP+2mMsYOINJ==kTP;+93jXg?dWTmLXsE3cObF(ke$vW$7RZ_i}dAn<iUw
zJSb`Jq3okM_v;sB+m}uQ^}8-Wi~4jS=MwKGDldz8c6;iUPZnO7%ey~6@uyU<l03h9
zbdR53@A4--uH{iOntg{&T`r8o^}X$9ehetunH_E1+Vs;R?n|^jtiZ$XT=vIdJHjVm
zB57CXM@nqedb_!Amui79VV=`H)cpKLK6iKasyK*6bWr>SB|&>Ql<`d{vGiz#Nq+F{
zCE<GDZo)qA`i2JX>hAw95lJ0qo=b#vIh+XpTB87|THSFT1EWc%ViM00<PjtO?V*{^
z4{L$y6M0vPJJ;LBbY$wc8%~#a)g5iqcL9F0kUO~M#v@3fv?*V;#Q~xQ4W~@&F9(5A
z7l6c{owFcHx(eriR}R!x=1*E04eq=GCbLK0w<hU^X~^QxqUSq3{C$vL=VbBh6_<ba
zh`+>ss^BY_KS32_9`Tg^#oP)P?W%0YyX~dBo^1(_7D5G{%>s=1x=H4XPbjx{Alwn0
zIYVL)DFen>`k3&*SJ#c{vhr%xz2(=|;Cfp4>7n~&5I~I&$q6soRm4uk^T_k0P|iPL
z?PG^@gW}-+WmNINrEHW-A~D;@=AXib|Lp73#LwI52;aYNWShw#@sc+<iHjsA^>?RC
zkUJApNUl>5BCkUxf6;Dqe=Y2V1^L&Pz+2Nkk&$BsR*PTy`aO7k?>|-x(nnBSNLApI
zGJSBab6e;6ps3Yf<t4m+QZ`m*S(VyGks%2w*fh%>!A$nTI#jIiQns@FaBkYP(A^$9
zJX%nZDu%=km?{v$cmndailML8KXVBG`s%e>n}qitKW^%C6*(=B6u4xRg-#`qb!&+#
zBs3(KxPB>EM)uEfT!$Y19KMLMvGdN$NwnY4s4lHz2ZNJyR;Z;IAvgV*VQT${VS=Oz
zDt3mi64u>rwdq6OmH6e_%TQ<^eOZiAu((;={kznqm@^Xr5jsf<L2+%}b#(FibuzpL
z6%Y^`?zIrYXuHipM#}nc@({$|X{`GdS@$DNHq=ldrt#TQG`6Q{-1^ej?k*gBw~kV0
z&zzcS2C8;nO4Shsu^0LHz<!i;F#RgmCkOdjc07>y@Yc%b2SIW61E>9CfBTYuJ~H`r
zM#k;MezUeDCnA`lMvb-Ygz`STRPoA4>M4WI$VTe+H`qU1qXoW}(i6O{qumzY@#PJE
zQ7;u5yw%$vkKMbsHbh7WOTHoAD+GSQrQ)p8`iDwe6LRRAyY5Ac9xW)_TUmYe@q001
z_`oBZZa&dd*dx0)S!5{XnRC#^vovn?#vNhdMc37d<s&RMJU`AgA`nT)t#c;y?*9<F
z@SBnsW2<8&-_KH0tC%kb2SJl{Zl5X}N=vmH7s|A~rzSqy=OVEjrEpKrNMT{f9wP{Y
z^kDDr+d0~d<l7Hj5d|I!4^%1T=XeHX$$?3}``aWr%;ZKrL@QHFYnp)<EmtreEflwZ
z@uD-BEMXKo!8N*PWfym?-xX;y*Epp2xMbrxbO^nagh;N-R|<B<liquscneDtI==yD
zko;+Cx`Z4)(N)E{4kX0*$Df0Q7xGM<SKlQjx`6Jln|l2^Ky6;ztn;*Ok2t(h*_Cz$
zI~#0CS|;1~;+;*;Rp=L<NToagJm|bxlLh)!)&A$>L)yKo$^7|2IMxU;GU~ViVg~cy
z=lrkVAk^nBGAiq|n=bEP-CXu-^fmtcVUXQ*M|Om?`nw(t6jp(OnadgXPW#xK9;ccu
z&zTFZey}9~RoTG#uZ(nfCYiFS^YkFj=QsZG1AiJEsSN(b_hb;4cEr*63zyK>vd8a>
ziZ0(GeLY%BR%oyo0>3iMr0+(0!1$^eTaWRRt@iw$q*s-b!}(y&&6?0I4!JLJr%x#3
zuV}t%QQx0Z3v2MB5}l*#)PpKpO8%|~?9##lR9f|5a5!~(+<RJ`1t@3M68sJmU?j^C
z4&E7FfWO4(06Q_-_*(_=rFVMk%q$2Nc|>^a*I^8+j{wSQQAIe|JcSc%_B0F|I`_-j
z+uC+FKqytoO-jia*Tth>_j-g{aQl9zRg<OWXX{N|Ve^3RvL2g>Jj!eyWybY0*UXE}
z3&$O_5#cw#NYy^^3w3SH0KJ`IsDc(`aM}nce$&JqM3QwVQ*x&LARI}&5hL&)A^hPw
znH>D}c|P*e5N33qy6*Bq2(!UFug5Qao4^#G9<wRRkDh<wWm`O1tKSPQax}xrlPqr>
zxvb49MH#GgZ3L?tE*2iN&Q;v}xW7g61IOfkI`M0#XUg|M#slO*ZPH<rr9`**sz-0G
zxczSxl`enYh8+#Jri(N~%_G5!0BDJs_{HyL1UQFlA#RUg62pV()02prc-pLCGnW!?
zfW@T>^#lLrG+E`~Fs$7XSqE`A06Ol41j-+4e4UXmz-q{cy8VXr)k_2flN2q0k9zrJ
zZT+Nh17{|=XSNm(rWYMTUVGUV15dAZiGN&qDLsD*R;c<MOzL_ZW*X6NuAXi(pZ0^r
z5>+nm#|V!_C8S;$@`IG|ULUJlD3Y|?w2j#9cvJs8-g!c;haj~Jm$LYI$%H-dF=$A@
z*#0esi9lsYmf=<KC_nCYFs$D4HjK;j_K9mNHzJ2SH(DNw!18<=;_RzN8`fOp+7(~P
zCemx0v$N#m=g!$X)UDp%zwNhmTW+s+Vd1L(ojnfe8E}6Cd~;h<a#wRxGjsj4yZ87t
zw#pA%mBftm8@gy>Md6_$viNB>t@PVbJz`=pq<G-j>}#F)FNSWbF9rwiNpvk`o4VDP
zo(O@+;TQ?L`8Jo-e{D*ZtNeV4Y%X)aoS43U%yY5U=P0_)!qior)JqQG@pH-7?T7I^
zpN!_%sF7EJSL;ot8L(%^yI<WQ-n01r=rCR;v!i$ax{0}j2#MtFwAt?tzGYruhd?r`
zj6a;s_gP}k>B;(OEyDJ26?0;@k42wi?N=u%oFbp?HUV10HRyhlYoV}s3~maO{7X^E
zf(h)#(cBM;6Si_c=O2Q<x5oHfkD~nfFV9n>0zPFs_j9ViUy^`K$XxoN(&r1!ikCFw
zh}qx@|7QCxcsFlieF{Q0_4*svReNfeZ@n)nN{<0=^vAcql~0aKOr*`4V*oMq$#Sd>
zLs+q?)U$zd2aLpix243O;qx}CwyWTdk(R0V(>tGK)W*R!3<F;$UB46Hiw`BiMx7o+
z)#Vj6P81-~zA9)qGsA{p@aL>7oZQbJ&*xMV1$uqfoJd9qVFeVwt4r~x0o45(Z?m1Q
zpCq<Sa+&Gyt9)(lapq>wjkT5*o8!|K>*=h;>tZ2aUfcwcYdZ1yf3%?GBB;<8Rw5a%
z36z6M`HLx0P;&*>SXQ$ShGAcyua{fZ#C%yQ#j7t#EGVw6$E*x@6`sT{Se0@@0P#((
z0o3)A%~s}<8RpuAh81%X3yNp73E^Z&z}gdM$^1Q{_(Xx0+rgttpBM-<nPgu?NlNCc
zwvOQ(V1?)2=R4iv%e+L^_?B~o*JLi0?_J?(=(S=VL2ZW1{=%RFObj%8ED0&s5lC<U
z+424pMD%WxkHqCQhA-uNw>gy6V;rjL-;Ka%VaqtzF0%beUbi|<O6fM?T{p-1p5%&v
z<Yxw*;e9<4XH0hxGiCah)eB4;=d$P+B3uU_2ggBV!#)6P&TH*@JnDx_INKi#WZGc?
zacX|b%#xkQLEU6(I8TR$_NvXXipm3ww^K|QD>Iiy?xx?#yx%mZY=$~LGczA=IUqoD
z5Q@n0WT4X&Z8UJ72_~T~(!SrD02WG2M`@GmP9&|wa0~RSX=!PXWNBQfE>Kt56xMtu
z7js=1Q)j?}(PBSeSXsik<0j@~e{3@5FnRU>VntswA@drmH)~bRWeWfOa1~nUgzlwL
z|Dp4IRPuCNl5dS~XBmtPt)Bbm`abyK7zllpI>XjjheRdZPrl7s`zt&+st7D|&K^RG
zQ5AHsSyL(){Hhs|l<8q0^Kq&><1>jK$y0B?n3~)TGhFR<k0{Dx=(@-nbooy1?QInL
z0JR3~W(Ks`(1?<mqeiX88h#6`hwBviZ1%}v0TZ7?a=Oi&_?|zR_m|bFx=~zb(Q&va
zpyo{uzhmPO&mZ3^U$h;oDp7NP8lo4^nlq$Rs^j3i#aQ=jZ~&8hi|~edYaEyNka4e*
z{I2%S>760^_gOGi5P6iLls7gtUJB%Pmv3?YJw#a{ehQTmBSb%D+=dc&C#gai{Tqcu
zR&UW{<?VE9q_QGUx7C*?%3`}rEv)v}rl1=Ycu75)DL<+WA;O|`sGFIAyQZO~ED>)k
zvWu&ra;Uwh%$@JO6`R7n6nqREi<h_6^V2N9qbw9kd{u-piMVol*=V1O$#+4P`2_(P
zlQW-ZKdO1q$sPk3n}j0b?i(IJD^a|>e+|wH#8-ZUyM`uJz@m9yRWRJ<ou<RaRNp9R
zrXX)!1#rJm=rScLW{tWc5l&`cydNrwBj5A7%icwp2WA&Oo+uZPpEOhA(6D3po?=}n
z_7^MJa~uw*vYqBINtMF8qHTMh+Cal^(QNox4Pf;mE@Qu=kZ=7tr0eTf1v}w4YiMwn
zi!-!tJ2(^G5w2ZFrh8)weX@+ErWJe6llb%DuHngH%4v<e)hhAOk{Dv1vHiokYucvs
zO3KM%3UzRZ?A4$A>vzL$d0tVHie;f*-=La(`{mY*;`&t-I{uvRl4i;aPiEd-_@nEb
zPAjH0!O8w0kp&q!ybj-~q@<4-uK{XM8YMoShqBGCzq8GMWXmH&K?U&@ZJ&6#B&z%-
zcnX~h)XnBLqg<jS*S~FFa_L7IjqkX2_4<sHO!W|anC?rd)c5VmGeUYb#;wM?6jPrU
zx9~Y>4sZN^l7~LZn>frJ>A-=TU}p8*Gp9p8Hv>Pllhx8Pd!HIUdz<a2)&4ubgHXTh
z#EPJ~qSK=yn<z7rOp6^ifj!lezf=L;eDA3<wA*H_%6UPCW<G7v-8?i1_1sWQVo5#f
z#rp>iybmv#E4T7c!P)dUVs8jA7CAI)kLlcyBY(P6UwT2q|Dmps-}VDPO$H{{)flx;
z&)KqrZf)M8reu4ia6M*Y3tW^`_jQcOhuumcJ0|+6Akk&XeJ9EJgzH0XrC;P4p-odn
zDAoOBS*zNO(+VWEVm6Ka4hKqpT&B)-l`AOO(LgUle*UuvABCTQWoME)C0U!Wn3%!S
zx&@C4unh#7zG0K|68pkgPZImy9;Q8EHP_?3ck^IqJHB|}>~u}vt?z+ri<Ul&mQ3^c
zYabs)A|1@9&7=`wW&_LKEg@Id)<IMyDXRulXndSY8(&lRbNRJe`HE?DsALLr9bFhy
zv(~F_M3=vKlDIuEuY!{tI+d<8;FW!2#;OLDMk1(8Uow!%&_4MunG8rsGlUL|_C+eI
zaj$9M)RP05QYdj>cK~?X%ycMX-1}GV*MVvn%q>oT&XiD7Oo1F)O4n@;<BgUb41O11
zjvq7QaJuJUBl<O4l`H>Kg^cs_oH_ZlHk$W2#W$qol&)7gV2qqctBxTK02?I_-(4NQ
zVTd>EO5ul6-f5s7G*K=lCs0c56fas2mX6)fyZUJDW#*`Y)AJLYkGmX)oYes%YGXxw
zOhySGz#p0JGm7&`%gd-%bKoF9aHB=0_wnni2^o<hie#wIjVAg}+xEtLeJhKVxYZ=X
zq{DS|FQtKfd|Zkb*snx#x4cmn-L?7wuAgdY0E>CB+BVu7`c?Kkyh&|Oy3Bvu%zj=?
z8g}k4SP3q++mgX+0lwInrZl>hoq;AQ>$IeHEP*_W5oH8+Ge_g4a}<h#D0r@FXflh#
zV<nT#$ots1I0NN%g{?I;HQQ`{_MWWthIiyZC;oL@X5R4fyW?;-1r6@m>``?qz0!;o
zzAy{VhTJ%xDA4dm<nXE@tUsAcQn=0nv&M^0B8Dre5w5)VC}?eb(TKjD_Vlh#p4j}(
zsYzVp=0*QG1z^t8i7x+<MSvL&82zTY;4Kn74vMS42Zu_N3AqAZI>48^;`PM0zV%_3
zjTQkr_w!f5R6L0uM}sN8QNR3VXnfP)p9C9=L0{MKPHtg1FZ|bMPkOzR)LS!hGEqsT
z*R_<`1q`M11liukT`iRdUH#`lJRvS7xg`akk9gA>U$urgmT+&%yI2iDyy)riPdw}K
z10Wz}u<q=uplCIeY&*mvAlDwT)*%yx&ue}Zv>lJgG)Fx9pof>~s~7pHxhf**A<6f$
zByU)mT*U(!eFbByM~E1{<iH^EyvT5VueZAC)O^bW1F3-Su&Ov~UgtWF4|gg77G_AU
za#F$dk_irt7V29LHVYnhL=$D&Uj5!AQ?TO2O%2Z<tqEsQGS={dDu5x)aI^4nr1xgq
z8mQNlk9XcQVqO~$JV|ktRybv@v|%`wF+Lkmu6GN7<kJZ>p#E3#xr!kEbos4Wr0ART
zgB+#HML6lzoM3)<B|{w`7B6lbk!-j(hjKmHXn$|>8-5SIlkC-_<iE388~;7KEnUt;
z!MBZOltNI(?kzx4RL#P9D9rVP*txjU^H7o%2*l$AqTrdhewHRS?tLP^E*JH@^knPK
z`yTV67+TUqCoH)3Dl2}If&|w2S}i18k9)6McuZ35a~Qwa&|BOV;FPH1V56(%Y<Z|l
z0!LlU0fT2tF%B>Gr(dj|^?;j(R+=M9Wo0T+m!mwo&BEz!PBc91dL^SN*4cU3fWbE0
zsJk`xOMlq9|3~m^a+}A4GI+9L`w{%`*}DZ;Pdlrc*LvQYMc8%E(K=$R_cqH_<)S(S
zA`FQ}B@<k!?(?9LmP2bj(d}{=dK+`Ygy-qV!>QjtBFt=e#i@hh4u1TS)*3zAPBIzL
zU~5R2{j4WW!8^P|R|j~>XR{KHafd;%haYYB!<HSWl>8@@X-~T%KqI5!-mkM()q$Eg
zlH;rrh>M9SX&#Pboc!(d%?b1;V(~eQ^a<j;HuYAm(oM6iJ6HPJd@`s>I5ssR$EFn!
zVF@x;i3(#^vS>}@HW4&?5Dx{4(Qn7wfbU_{uMzMM=s8uJ)YguUyVl>LDm@}D##XO;
z@4MWk=e4Ga4SyBxXC*E6c;3X+G`;fEBQsb?U$d}4=QRy9<{$#&2-OTI*>cJlZ7Vlc
z|E5`HQ^W#X(99mNl$+AVExpdZ=&!i{%l7l(?<NX(XLn#b(A44E_Rp0+o^9p-Vm@_0
zF84r(?~lnecR~e8Qn7`3GH1q;gs%>Jg~cyk5xz8J{7chu5f8;{MXPLf?RwClctG@C
z1ZV&lfWZLO8_*~QfCe0a_s5d$#jz|zVKGS8P;6gZyIhQGY^xY(L?YZSYBWtamgKR+
zYNc$3*j@#(<4d!tVeE-utopKdt#TrRi1Gv};LUBhk+k&mHq{p*!>dD*qXB8IK3+$c
zj&uDAiJ)On-n+bqq+yJmENcDZeOl+>y23dM6ex{O38Kjdut~YDQmuDdH0vYwd=s3H
zM456jU9_94YYi2Q5wDBW-OG0#D!pa%4tkQ|UXMULb7kT-$?O&raGHMJUCV6w_;KnR
zwF<SoS#j#?f}IFygfKrzN%RdA{!f+=UIEorcVEw>)%eLKs+6wxXKHc!Zyii!1np*X
zxDEshPykibEYZqz!>Gf1(M1wx`>hJ<kRJ~^ET@w1g;LLP@ECdR2}il8x-Z3;Ge<Bq
zfF6jIr%vj8!!e#4nqV3o1Ise>pZ1<vw(hN}y=HY*e9`d`F4^0#0r;cAZ+(@Fg$kYx
zh^>3}p|do7{EV{_!UI$;MtSV4CQ<=0!*oQj5(G=hrx>9dCQ|94Nv_&8fX33$VBefo
znk!-v@a=MhpYJMM%?u3*F@PL%czHg1dGUpa_>Tr)$G*wnTG#L!vbKWN_c}#JhF&Ue
z)VX;SZiR}7FdY7AI5vn<g@b8HMu&$QUM|LQ4L-aqz+J*6@(6t<(625G4)qUt=v;dY
z%`fLj6-_vt{B{^2ChlE)D+Z8#A;oW`lIKmxb%rwEr-!$Xo=Tsk5ID(CKxgJ4_=i}F
zffzI_rTn|6_m4SHxr*`Ar|8~u*Y_(3M-B_%qqTo3@Pw@57h7s6qAnar6FHhC6Z)SJ
zr^neXfGuG<>Jy-7L34bJN;n3B>bIAgpi)?ciXAU-d5r!KRX?D2zPM4pso-Rb@<7%4
z)fX$W7cI2uWqF4D)z9}AUx;@7rEV8(G3j^Q;Wt#OWEz=vy_k1QyF)JOmn{Jihn_}8
z68D6-La<RB;})pCzAiHSiXYKdH!<3E7^0@QZhAFWJt7VvrDhTA+O9r>q)OICA#F;E
zDTp_6qgqql2{^}P%7Wtfw^`66$!^z0f3#nWg=l<e>Tp5xbW`o~Q%hc#O){?<P8RAt
zL;@C<aC0x$s2)T|J85-HjQXjcW5lVS`@;{b-Ctkh`A-8lm*RRi&;J!b2uNSo`C#|3
z>?C<U{ry+g_7-K=lETL2gjeET#}O2+xpiFG<5~JK*<YjHu2|nK_iIT;e46K0YdVkb
z1N$G>nQGl1D^>+jg-My9W?0;Z@LsP4y(UYXovq;7%SlhM&OJ=eRDlojaus<^#jLPX
zMGnio*F)51V4vSbihnE$t10DwOGN2V#jtL~#wsrp&M)R%_hPQo^fJ$Uf23$`M%u56
zh%$cTW{u1{_V--0Wsp<6Y<C21=C^(*(BmxmLQVpk_|9>SDL(bn{J<>>uK4^>%UXud
z!yZ<@>j#B)YFK&UlU5J1530GQ%?M$4`!k*V)~ByNkdT-;buHXix-!b0{3Yxf9xWv(
zCEH`mzV?yBsfqF#rvRRgt_2Lwtec_HQ4km%@k4DlxBaO)T-)?ZG>6!PGK0uUA>Di3
zw`ilQ@E$rQ$2=^Y`%F*(bzCybE=XhG=wAm)FaspU;I4u`&bkXJXdc2L%T^A&oL(bk
zDeE;<B{``+ap+k2l}(7hW5Y4Bn8K1dJJ8jAywcA8s*|CRO+tp+Z8qx5<r!)m_%IXs
z3U#)Zt;*w!6cTUk((F8CHK!<tCDr54HbrKI%rmm1Z4lHMjT8vz_O)vzoU%9UCzR#y
z1{nr7JAEI~Cc?SYMHjySl={_B1EGy|6zSI>y7(z}wgrVXQJT>@AY|kN?bEE$1U>G2
ztM|rKGunftX`mZn(Gx!z>l?~z_q?E%$2#YffBO!`BhNm9KZMO%3{cYNh3WA5ZlX}O
z3~lMvT0+9q`cHN2XnEF&UHm#5JILV=T^1|U9BjMdGmgEy9T$_&U6o~#1!Ik;LYzDy
zLB#_%s=3INz?8A-EO<cZD?*SzUh^-W+bZc`{B?wrI~q1Z&~D=?l@-tg#hLJBe^?BT
zW0>%6?rikIhSOb_7VCR)kw?D2t*jO7)x=n(en#nqk$|MSAQ=u6^ddR(FRuHm*UHU0
zNZq!-KcF#{uD(vz)J_X4ZKIhJF`Dg{1#B8Jhyl_&de+yfKUHWsH}TEL$^<4oq}c7(
zpcc>KiH!@pS}6>FLV*}^e$5*{JX`Q4>+|OimF;m~(<g4;{^)MnFOPOkD<p9peyW}}
zq1IYC(uC<hY*TtxzH2Y0^BhUUY9c)7jTaah^OD@?!i4rCr^0|Hu-X%f1>8_-)e#Bd
z&uF8M6jBFE*{M7tstzK8sc?Mp?o>iyi(se!ksBZspy7t@Rix&YUCAlduwbG~t_r8M
z`Or5F`V80RGdlEqKQX#CFU#mY?5vI9xXlDL5UeY7nyDwvF~9&!ZpHW5ja^kxI*OER
zJlTJ-_~Cqv42vo>+;=k43nMnkq_U=Bjs<g5um9O|R*RJ4FwV=AvN?W}y3Y9F|6}j1
zqpDoHwQ)s26afnmkx(q8L<Ce)5mXQmRJxHa73mUCP*6~Dky0ukx`;(L(n@!Sigb6w
zZ$4|`-r|P$-G1LW=Xc(3?BN*x#d@Cmx$k+;yskOTxUX`m>U4Qi8{ZvCd6#v%6C-J#
zVbgj&=#0s=J7djH1GrPUm83f`o$o8`+wI0XFJ+B+dr@Z09~rK#G3T1}p@^~TWuO}_
zcPQteo=y%rqo)<zf_c9%b#rfvZLV9;O22G&f5J<l3!-nrk1)Q++?{UHspzW~R~J@1
z_(3i#P8@x7^93{hT;ofTv9I0lY9;jMT4jZ6ohwecT(CpS=eS~6)oe~gKG6{2VX4EX
zwU&6H#TOgx`(e>nRlDbzr)8W9kS<r@r0(wDxpwb!V%T;AVar&a>6wOM$@egwm6Tbd
z4>cOz%wBoC=luO^2c_!bsygN5q*fpYn|8dBdcKhVo~l>?)aY&wo_@KV$vO+v&As;B
zNeP|Ox_at5L$&u{Vr6|f%cQ#r(g5bQOnJEYB{y$xE6;=I{98VSb}XB#rRldfutJ5a
zI7|rQr!Wp#Vqv$~xSgS-yunarezqpXe8BNqg2|NsP2-91r^Xe7>N8VY+!aZ0usRLX
zEj>%zVr=R#<Fom3{)Jq(`Qr>1ri2nsGf-?#;1x>by<w2wj0vMsKhiEPoOty{%|-Ft
zNBTPN%4Cmq?ees|cxNoiUT^G1K~yRE(2c#UrHLqvdA$_j<5NcyUJ6%mDipr<KhivQ
zS^j8_E9;jd=AV+cqq+3=?Aar1M?oG-B2O6_qft3dIYwNdmuEU3{MK-*mi;@%bYbQi
zYsOFq>kosduV2+IpgT)LkQ?!M{S%U5W)V3lbTPV0Quo`Nz}E?f8Hq%ir4^c}-#^^#
zuObk4<)XAhUDB>S<a8bZ=8D!i#42C1V2*8l>2A#gniTJE$4$GCTE#(2r1@SV|5pj7
ziOS1zRXtl+GPh%NscQ3Rr(;jvxbvZ5_#vf=Ty6T}iW!(v!0fio)hN2tS;5YeMMQ3!
z{Hd`Npfsgd_@Bu-$p;PQgS`0m&UD(F;ZF~?^&BlEt9MJ0?V*y~Dc6qmYbQL{__Yto
zjgkj#=VuwcnE=u#NQ@6)Fp3h3c4eijv^_ps`d;6~lsGEv;|dVEt3Y`8c-knj*o6cZ
z4D0b8gU-%Q3CfuHdV8o!Oqi8*pIv$?E54VUBN0DD8xKXM#dJBNiXta+U)(dYJ2fxp
zw$X<64%!y=ep4zj%q7V1&e1*V<yPRLb#83TW@ebhoW5F`T1)S8!ZoQz3C_S^4H*_H
z7K6CiM}hlJ$dF$krJO7)e5Vm}?%0@Q@-yT5B8{G$@egMX7x&riiIYIv$36Z$Ie9PV
zaFk?iuW#5at-(Fk#-81k9nWEMMoFLfKs`$qsWh#hyXl+nyYRh_B7Bza40$OAwA_tz
zhBX53ANnJT`XLIF+XkTz#odyLo%cT;A{uN?ENbxgJz-8*eK%xaNjk(}=|xCaWzxbC
z!I>#B$Gdt8X(8xsoXVdDS{xK;@h7vd2umln9xk`NCi191^YZbuuP)SX&0GfqM4pS?
zkdjh2N;KSd!0Hu^6d*Kq5tZC`agmu<I3M6cx2b#|p3z}QFmdG$#Tq<7k#0$L5hHk^
zz3{fE?g2SqwRZxXLJ#k2UYNO1Wi%0o%ATcfjR_MUoUGIIrYhdJY;6;y{czt+Su3Gb
z*o?XMMhK@NM{CU<OumE!6>anLD~V?kN{>-U<whPS77;c|M2iT!)X+Fy5HLQt$#HmB
zWwd284O{KL0hPl~cEJ2ttdGU`vyTM`Wf2@ESdbhaW{0q5qrW{{sW-kZ<@$BOD}Ffb
zbGLh=%r2n_yH~umJrXp<$EJA7wXad+BV&NarTrx0mC8FAZG_D(ksdg6joH15^t_ms
zeEr=Z?s7Y;J=e|;DyL7+v!pC6nvWJSo9uhVhu<s+ND8C-%}0EQn3VD8$O5(>9y9%#
zg*_&)r})OL7ee&$-n`MwI^Hj5q=T;&rPLKK6K-?bK&w(G@)b%d$*r4%i0Q=J`DlyG
zlEAy$r{2D|59}m^n)`jC2Q*{#F?7?4=44w409N4(ArJYMq1QYQP^`IRLJ@dZVvCYN
zX<>oTkDKn$;oSuIpM*S<D=E!%!5MCHyb|%O`eF;~g!<woTO-sSj`vZoQ(J+(B4x`#
z#C)@yEenfd{X*pEy!9BddRUB!@bjqL4kZ<;o$rDG(fMAdnZ=WcsqGNmQ~0i`>xt>e
z+xEyn&A+pdhA6>Vu+jQ#twPnlj(x#*(otE}LPN(@Z*=7t5L)*>IYW+xw&{8czKa5`
z%(-li#_C4#s3y}lbohWnULOIDr7s{ph%}x>TVjdHrE{GYXXJZo-ZZ31spd?VY}GzN
z^QNV|T#n~UedJvh95~pU9Ko{zI^-Sofdiw8QFNK;@<6YLg2#|R#w($Phay+hW{#_i
z52_W;IOzK-_WI^-BF5_RNE)Y?nRne)cTWz{%J06HriyoOq||%U&9e@(PFOg7z<u*g
z(n)R#a^w0l`P(-Wy+qu5d8fGpSS^K6HL%h55BNG9IFu*b8XGMSzQ3#_wGc!pV?2si
zB5i!k>b#aKrOYbQaFOW25kaU9wz`lE;I0-8a<xcvjVG=VF&PoIK3RZ7y$4d*Peb5j
z2uiv6JiYBE<#_Exws&cv`@Sjei62ht3uBBvAkf%D8@pdBj3$QM_5uKNJ_UYk&tx#R
zwbdx6Bus?~iaX_sp_C_I9M8>d{s5KAn>KzNwu2tG9Z&{9pp)i1eS>6*Cut*Q-Xy)Q
z^?s?}aUj^tqMVuK4zBvR|02pfLt=CrfM)0|@D^q~Qvvs>A-2Gx$h9zk!a3CydCfQ|
z@VM_0vF3P0Oq_e$(!sHjIs8LP5xBl!I?>gu2PPFajWD$qr5|GsD<wa5vw5ojBO3w*
zS={!ZZFp~AcNukCf8B?1GJm3jm0J)Ps^gW#Dn=}R_eV(j2PQtj>!ahAPUDWOrGlN9
zl(@b6(bukr1;*^KMaV^;0st&$*qYKFrJR0r<o;t)Jid!q^poG3+`%6h^`WCX9nL)U
zA?V6b+?l?TuyE7S0TJZ6-9#l0d({`i1haPSp~AOz$L1e`e|ZL#scWWJAWxD!Hv3|9
zc&AQuK7r9C9kTQhiSo2I4r>eZYy_J%bfDj2U|#l~z`jE`nuf<7qKEpNC;d*)6jj{c
zc^q(sVHPTYZu$wIr7R~^SgfABMZMqxP&SN?h4?ege|$gFTa0opFh`}`O#f_Bu(*XS
z_Nv7dRjSEz#a!U6_a@&6hmanu#5luAPR=0_k!hZ`XgSR5#wrj06D1>NAE|oIgD=F}
z9qM*`r_B2hx#~-R2OC~<O9Bsvv^m`{6{b_FtB+Cbu^>@UY?ZBE#hJ#<Ui1c>X?Saq
zJL8OU(}-={_SIW?5V@7cE6Y{iN{`GkU4Pi-;Qf`@@p`!nXqGrXw`xaVM2N_>pNIF+
zu3<#9(TA826crY_hfW=oNtBg|+JAypOfA(4fD3iR%$lyvZ(?`MMBSblcPifIY)5pW
z&2sa}qloP6AUeQ%Mjn8H`O9Cwatd>45r*!<!}sO{J8G>nk6<7FD1E_=0?rmtQ|`In
z=dbLi&h6{-JA}WDY5p3|>3bK|p5O75R8B2%XST3O3`2i9#IEHoDR#EdoiQLXv^q*p
zM+p%L<zoOFlYg`@FYuP@%$aMqt`RzB4{Y8IFv+t3?wTwo-UKC>)E_07KL{d%$=h@r
zLaM6REuc#<W3gIQlD9%jwApZ|_-xONRjAe~VA>$@>ik0S?J+X<`Vj|%D;3WurDPT~
zT{G1Kv$Ly+89yxj(0<1@+wtFsVk5s!Ms>n&dBy3}QCC+_<}1oUx6T+4eZK^!yV(7<
z?$J&eg(I?G@4)3rO~R=Z+y;CX6dY09#ytO#hsWj}(UsT5@9Tt&Q59-b<4w#<c6+_c
z)T0p|-TjZ!2T$7cJ`0$XXWVM%Qk?Vn^J~jAjggTNCVbm%CouQ3Z<M>AIaoP>%S%4_
z#ec&Qd+53G0H-S<;N^AQ^uqP`Np9Qv&DGRCI-DG~uv^Z%6HKW#tH!&PoD4Bb0D7En
zwYV&x@-i4e{~R0~1-q}4i;;<mZ+Q|LiZU+quPcy@y#qYKfANXm4A8Sjw(wXO$77jM
zrx;Fha14;r^2!l0@0PEgG1vaOn-m0RGtn&(!Pn{edzS#_U+g}va8eX-X?KxITC2{x
zx!IjE{yKF@L1ju8|KJU@93?K=*}G|T)Z+&3XY*Xruidl!Y8Mm};i-08bJdBkw(ryZ
z`}uq7MEfR6gi)W5k6o01T73IP87lykV<!RM7B|_AmdYn$div>JWqawvRU2YX(EnwU
zeJ^%dAY@on`X)zVNR|}8ey(M+2|>glIu$|0Y)par|A}<80Xb&>@A0?RT|BV37eoqQ
z@eH<>2evRHWZX3r9KnzhMDn_}y}NDs0JU8`ss98}0|a1`pzyG38&lR$qhqWF=2xa)
zNDE?Hrgz-n=Fb&1V^*Ag32`_Bmg0cQgL>M&zp&Aq5cTEjBI*PrKYY!z$KXO)#s7Sv
z{x~%3`cikU&(K;!8pYZG?4Qs57ZE#|(ct2|{tLZ~7WU{x5$}y%1i7N*d&TAv>RsRu
zXZ7z>?_f*q7Ca1-Gfa=QuqZPBx<|l)1>Wd7+@6h@jT^C9H{gE)Wr~ARi{ZQ+qgbp{
zCnOH<>S4JGtN3EvrCF5^;C}+oOoz2t1o(;GY6L|<2I#8(nMbkq#Qwz*;2`L01@AkO
zOIU}N3Gxbjul2~Q{~3$N6_bA`AlzO8kC<}<<}D6MvbyD~Bvg7j$Tj}fL4kCxL(~Pa
zS)T+AS1UO6IQ6z%@W#mxKoZAW43|O!^5ZHW{LjN0-+(_02erYsZp4|!f%{iKa&?EE
zk%7#w|E-AIHgc=S!w8$bSo^a|E!d*<Db^c&GbGLbONigU`4Ov#?loHXUon{1Kd}F*
z#e3XBA28>!2-3%*<k#L`<)dJ?StSJ@<}sje5XIk=1r0rigGcY>lp*C|LmT4UfwkYV
z5mEa0@9}D(Z0)M%5IeBGu;O?!e+nwHF3>9bH(=}o&kc}vfBU9waB#qH{jJrk>bMoM
zO`BF$IMO{Le~h{wY}@wgm2lw7nCJ!i@9<9$5AP7ZHhyb1lM_+gmxs?ah0k~0kiAD>
zvX_ik@XmPxEva2(N^GM}T`y5W1o^j*``mS*#``Yu=?ZE0$_>6+4!-Qgqketwhu;q`
zKVkFrQ*F3jQ8Qxg#L;nM#ro5$v!>QN=&lf0Ti0jfH}8|T`TCHubwV!X_LZ^JqQQ&_
zk1N5H$1bgzMzgb$05Zdl-yCT<>=)&@)p{#K?FdP!PQ9&|nWm09x|QVC6JD2*Jbag(
z(5<oX4CD`+U%`_<IH81vW2J9#LboJmE^^M*d47VpXFKNO&9pDv$2b)6+b<p+7A2C|
z&35@?-!>V%Q4N|CTXq|%7(GGX%-PN(bNYh*pTpIVDREqQT^{64C_{?FUoH@>`TIFF
zEh&s<!O`GBxvImF2k&F2%B}v_N6?6QVNar=48z=*Ki{{yCHPuA?CEn(I&`I`@SeBW
z`F(%<;5&n$C(5?|&?Kzu0s+GTHdv4-Zb5wOEoczv`;1O(FyqJfq%9uRGhGgS&0A61
zWqL8McS*0E?Gv{vq)3!YY?tjpe5RZSU-x{ve=$Icn!&)%ncNz!>rwmX<Q-(f-2r@9
zb>4~mR6-}z8ISYv$X{Q@{xvG-wbhVE^NqDX*o?oMI9Bt>7~Vx*z8ukurPdKIHb3U_
z<PxcWulA6ZY5&2s$3RcL*&KZ<es2yX^trsckKb{}<piok_Ba^=CSuBT#zxHRE59ti
zns_u?u&;r>o_r@d|HTg9OK{pZ;Is!wWV}-t&D*WE8l6~sUYqb9BU^8|`A|@h+L1%r
znb$wVM_l?BpWM6dC*O>{;7R`U*?!z;$5oMd_H+}EOq{&i7h;&Zeso8$AS~wzR``(J
ze6V(N91Zc|(Ph&3szf=WC)H>1PtjLt*A{+KFhL$&_UohF;n8>HACC^u%WdP{5p*6N
z{Q&o+ma_Eg{59VOe+|1x^~)~a-KAC}%F49Mo(4Kfy5w*m$9fHRBoiy}LTfirkQHwd
zX#PiXW1Q8Fw4Ssi1o_&7$QQSqdXby<Ws;vqNA3J1e4mCX6@78m46Y+JVFf*i?gbFt
zDMBW=6+3>p6{$p(K+{JNWs^FgZs&cWLT<&or_U4H)gIC?`G>}o1q*cWj(=k4h8dDv
z(E7%gire@VLImkwZh`@hrLpRHi<K^R_9cq#8ZanGO@e>!7Kc%Df=i(5<6Wy)9a$c|
zBnaB~RMsga@*Gh<{pX&~K`b*tEUleU1>q6CZw-2A5+lzgC0UMX03N@`w}dS_L)962
zYc<&}PXu#AdfzTvQ-e2lWqBb$tHj&S({50+do+*Cll_S4PlNoRw6U#HGwdOS0iTa(
zY#eQfHZSv*-9v~z0ts!z93nAE?V>O(W{gNtKD3NsydLgLW5Jvk0nOZsN`v@X1a1N1
z?{s{J{ld+TqGczwBT2_6e$peA3V4HZdQnpf4RyQGXt9VZo*>ISQP}SQfveqL{_1Q^
z#?p{UjOeu183fc+79L=%P&Y`4bp0*!(+SekF7wx7%^1DFp;!Hu-?M1ZMeRuVQPZE_
zVGYNvm&rLW;<im@-b+tI83Zp9E@eG6I##oQTHy^cM7nTT4nv1bxhO*hEYYb9OhB@)
zY`m+a%$HrW-kMq4ah>PF+Sh+>B|Nts+WmLG^^&;Tku_`<!x0f|pXQ)j8EjP30{GM5
z?oe0SQ&1Pou=*^fq7g0;sIM{|=QG9A03%n*Xe?UQhcjnX;$iS?x(_W3eNpKKp3B5J
z8+2oM8Z?5-wt^yXnFzJf_i_xdlmd1!h)mkB(*7hMn;h#A#W;Yjn~#2}re$|Q+)@d?
zoAJ-@4zinW>ISeqYGE3N5}finCOJ(;(m#QcRnbFc7rZYz0R2_F-_R|+qvF)R5nN=F
zF(xtrgJjYq%j`9&zqea-*hRAjG&FzghC-^nSy|%N7W$qN)#W&ztfcaWpG{1qHFC-u
z?-VUe8R&*t?G`4Hi}0*=pRH3(gr_=S*h?F`xoa_X`zRrY^`x#T3<9PW=mCht_6dN?
zR_vfUmH!l2Z_C~DDUBwEG2VHkJf(K_Fx;pNFbKrlh09_vP6P%OltRnd5n6$6U(HhE
z^dW6;R%LyA_+8q>(*tL#mF|8%LgEl9ZRTj}__KW@LAFmw&g-gZ?28APBUiKpt7odl
zd4Ak{jDCF&%(cn1`CJxcGpvWuR-T#%CO#yl^cN!It1VMk6`e%I*cR-d<Igx3Zhp+&
zt~973Xa;y_!7V6_4y#_6M-)nIzIYyZBoT8JD~pmdMn<t33m+RthFk{;;<d~6Pe2FH
zjxyw=WsA~t7KwjWO9~R8l~|H*EvcN$5zRhbW`ihdKiuK&<&&{~(${~YLsTvxW{>^{
znW$3>gYlj=?~~M{NSFv0)Gb_J-6^CRjzxADX^TJ1@lbgS^}WU{CcwV0=!3dAFf%1}
ziKeSC(02T@c5{NBod*Wm)fx;n!Vt6ahbMhhto4F7716?op@x(mHH)HGaNm>ixBhHO
z65eg%lTo<$^<~LXIjL*@%3wFm?Qy$jUL-16<^Cq#nS4OEL%S)fEpEu*?($rZLBarf
zj+Vu|=QBWadCbs5kH?`FpJ1I@6}+;jGXX&A`lpFGrQOhTv;K}k?A_U~t^t6z$Ss?A
zFPo_!r5R*9ekED6AnU*<!jraZl-R)bSj{lA1__n3Ic|HejAnva7OTV>s@!xutGwo*
zBiwEGyr|CId*`4l7%VXMSkf0}qsyjCB{;KY&1y^l!7`8U9x{B1_BeLP%?vV39nseH
z=dKdV43?l4T}dS87h*{)k;^?ZbJFZ*_e^*5W@~i9$3rBeySK>@64iZD2TNHF-V$OL
zXqnn8r@6;?ZUX&cxnwYXBx^Zzv)yvFPu4ADa=Y2E<y;q=gPy+gOJtNAr%sSnc)$wG
zYw?<=_^c57&7$D|U`M+70DN;l+VlLHd*_ebyE3zyXn!@~>w0&^K}Py;GJ+_mW}o^-
zpT<VAg<)P~3{+i6o~KW+(Q(Z@s&wakLgwaSuNp~#w#K02Ek?<Ksb8FkuMV{^w^&Rx
z!LW_*3HqKWFNt%XTS3cdXD>~2L<E{QD->N@qk^W9JG6j4k|RoJzzAmJMFLjqf<dXT
z<g#9Z1ML=_?&3n`XP4$b-ecgJ5)&0nB7&&CiHB^qIffZyg~M8c(_Mnoc`h_ulkb+~
zGAuDxozxw@qFZS#Ljo2MGYW%z-hQwH&dsT;=TQR2g-@uWzeX)(O)EPNww!bT`m0$U
zVj$v&l3LPY=3pG%pQ4cv3_eM-j`%j2Q*vV92Kc=FaVCi_B|dBxUtNqe3<L&;y`W89
z{UFQ;99FiMLCdMbC^>u0j;S8#$!e-8!8>+whO4B077&mp5ljJ3`LM*;Q!OBv4dCrt
znEpJSmxZtE&XROn)#1w)x|5(dlX<#f%$<J|Oam*Ms1Ps#T&@h(h$fpPZ82~rw+Wn%
z3Zw-4Zy4VS475Z`od{O$ju%J7N`WJ%We*gjebn{X5o%`3FbVF@FN$IWN4s8$d+7Z(
znbWAF4d8zSs^A<UKAE?nBu5cNMJe&A==+TMCHFSFZvvov?@T=Rw9QA%HOlZLXxiR>
z8^xDJt#^uOST~KCHfnmaD0XKBo-=z-EIDYKnB!(Q3Jv-=lD<aM8F<F08w`s1FBSm@
zRg-@<hiu+t4mW&ybyY0KKYE}jloIS&{nWzfe6_u`U`2|sB7Qmf*xMMp<SvcmEhfp#
zEHT;3)>wT)bHaYBJI%znPj>5&+S%{Vgi66Qu#s_y`LJ>VL?;MS)Ii7#@ND<9%d?$j
zq%g*zo_(g()YB$81Z3hPpSDHlVCGDFAy-5q+X7}u@m8$H)^dN&l2-^XQR_0l8pbSr
zpeu01HX_n)hF-B}%No5Zd7qXkDp`9;nLS6;;gmSK1pJXi@JDQ8<8B{>SVc%aK3#6G
z#H7%ZE`}=%)wwjYd?wxN)~9C&vsy=VY&>p$knt1eYI@tjzQm_ylhW8(^psl1g^aGf
z<7EGz$3#S5se#;041r=%7kEBfBIL;s&nE`w`LvT?=J+*&Is^x+By(u-95iMpan^YT
z{$42Vug%fAF26YDN=TSfBKkmeYmR7&`sfZ&H%GxS_a{RlsBOPE&*R7~<u}-6eFUE=
z)M=LopoqA_u%8TGy!fwPyeHh4ae4PjCI}G7pWMy>Rl4d_K-~8mtA=pm@2?tM;lc3U
z{${BFx3%%geL)RSt%p_aKZ-ae_xO?g$PM_^?keo3Qm`^RqXI3C%2hG{;-yC-0hBet
zx4>YvBSBhi97q6l87q@tl^su?|0P`DN5TaimJ2Zuj@~$#I|gqE$89FWEq`}^y0PJ?
zQ(-9*0L*>&(jIP2)$Xef6PfS3BqjV)e!$Th-(?4thRD<XT1O>b=_a*X8$g<1);e6T
zMY9)E%`YYfg)9Zq@07M+OreK6Et3ITzp_P}7WAdZB+`XA{j3hecQwLLx-#&3>R*~B
z=3Z&URB!)qI@aK@9F^~Np-YI!`K_KbD$A)RLXtaPr^38o+n%GoH0F&tjTLLns3t*o
zSwN4uhrsL?=i!T9N5xNp-Ph5SY(5lUqZuYlp})!JO6;jkZ$-!;95LtrvA|5HM4p?-
z$WuI&%Koeie|~I;9v+8w=}CSi^&ZjB<sPW;HhU6*T{)t8j~g72sQ;3#=B=`=Op|hq
z1V)l5WDccWe5VIbTHpzPmNkL5ZpQt#%)5Z+Oy4sEcb}%i6!zt5c8|Xq#QEA+Vmf)@
z&|DzKTYcJ+G5H1ZA&=KTWhn$F2n=I2wosTy?aPBP(j5*@&oShPzPYuPJqAQv2+SrN
zp*i}c6VgClKJM1zuSW!%X@q|Y79G2ZXO)@WT=L{X=HgAT(ZAuS);#j2fGA_H6H4&o
zK3C8s0oSo&rd}k<XbBw$Qj>24aT)oGi2n2#NI4KGS#_Zbv&bjTZ>4$pWpM7*3mT?5
zv~Vv9LeT9ZXH>wBzk~>E0*P)#bHvy(Ywga*zHXEHSqofdP;(|<xC7pBMC$#k<)WUb
zs}zTFwRWN}3hoHJ08g;};|b@T$cH4>?1jQ+CscJX4U^tTp05sEtVsDDB}D9T7poB?
zy?r-Y*JAh2XHdO;C;H{`q}&x7x<X!_9MP*~=X#J_$y2O+<$9o`pQ#C_d%gQ9GJ7U-
zUoC7>r%1GU;beEyHW>~5`m;W;*?Qn6tZp_wQ*+?OpEk!a0S})kOn^_Oy4{t%0)~EG
zk1tO}g6ucg)Keo36JNn$WuB3D;&tqtPACs~{h;H2m`8|ZVU6wuV35-E8cZYcnFcoN
z7v{l-l}BQK4o>3U!*W%_hkw=pZ^`N97?=7mFQ)mQSeZMaeErSJk3bS&{}1sFqt9_O
zKPL54T8chuQ;uj~g$F8OM!htC4?4dVZORJrT!WM6L6GNdG6_77f7WGs1Vl2T4%X<m
znPi$lfe>tJ2bv;!Ndzk}p&&4q;fSxSIbtT5z&szXd1T0L-^3t36FcX?D=|3P)BpBl
zX*W38-i=Ro@b^zPVxyC7&<rc`jgCe#6yYMV)$C$rd;U~`x(7k{?qWbyUEm(FW<{xK
z@d=h$%E5P?{qqw3rd&Xd?YB><%L5hkEllwGzgi?H<P8>S4Vq$uMe=MQyx<o9Pe>o4
zO@B-JZi4HBVdo3iRY`xtb+f3JNamb&q}A&`y&0CnAcw3JJTeNs;mQ?Z;LmJ*M@5Es
zP7!eV->Yez--X^whtK45&J||YrdF&CWvhwdQW}7FGdZJyW}=sSe1z(xCuo64oEB&&
zf4BEm(eGWb|AS8iSLf1iU9b;Mkf1tqVFT6qUwFYTcy6dV*S}!(+;U%syf-*v^K})B
zoimEIrjGMwz<W)7d?uRsT3)F?;#WtC-Jk#|-D#Ov?$t#1NN<y=-%|U;74hQ{V|FtZ
zLg=#_?ZdhzM1dU5Y*{Xz<AD+j%uCR#IW7IOzNLRA2xj3Te4A51%=w7Ja(X)l)xuHW
zP@qAYko=~x+p6v;^!P0epO}@iolgcvK>dBqi%pXMw+jX?VQ%nS@;5*Yg_eiwo74^E
zg5AY};M<UQqRkr9!-$w3JCKYF;?AG|wIk6w%JGQlxd_LbnNw_v?001I4VvqkMWRK_
zoRWM0h?qhi;=`oxg4ac&#BB)!sW+TZQ=2$D)xp&D{80z^ANZ`$qV2z9f+5jwRX(}b
z>t2m!fs{l5mpDV%PmbUwylwDNqW2)INSWJzPt*xTm_w?q0N+%ED-whjxpDrMMuPW2
zT!B8g{u(7c*K-qa#R$#~ypg7Ly%8u$Ov+(gHZVKu`b@aOME!5MW{@|B^wIv`@&K(7
z-&sy*18up!mN1Exo|Nlj4^Ovw|F6srWEs~pJO5{I1YIV-(JI%~>2P&(J;;Ak#z`Oy
z*C5$IL$B`wVk=o2iO~9<CWsIssvC&V`VK9&s<ojAZREL>s*b*5=PSHtAz2sR@4G+e
zx3mN#B`BC<d1S1w%2MXICB9lO9s&=c7aY*r6P&#-@tH`RXi5{nYxk)8k;0W1f+Wb_
zk4Hc@tbbD)v8fa3?JDL?T7~<^r0IVN9`|piMkDoz1NSP=>#@>%#Y5!h_3+VcDtxA0
zJB1>UY)$ZwKwEk=Z6KOM%$u1VB6e55lj=@|YvVuv<0nnpc}*dl4XAo^DPU=)Bm1#V
z`N$2Zikpb{XC87wS$7?xJq9s|KExoaw;mYUK2|XLN9mnL9y$NdRd4#Jk58yLN}b90
zb(7l672{is)59`-^L4;Vd?R>dY3+o1<U1vSgfz5&K5n9?f}6YD@=fQh1~+rrpM#qa
zD?I)i7@by|k<7B$vCaUC@f{WU9;h9ZVdY|n<RbU5b|cyC?s{wvrn|zST)e8St;r<W
zaMxlq`NEV3&#<m}qx#l`BXoaykdP0%xOrtay^W~(hnJ&JuKPyP_~rU8^yz(;^fibh
z`9~C_ngfaX0BAXz{+dMA@RURaDoe!H_0OD#AOpT(h=#@c#)@gp>bF<4EBIy%^CK0E
zCCt$YtuLl*a`2g!s!xw>26e83TcV|GNFsrOMKpTpIQbt=4_G+egiSm*=eI**Bjys5
z!zIYN^n+1MKa30epqi`JWZL!lSnz4no^nn|PMVn%pgrHZ{kfD)c%gXHET~I=W^x8R
zMj{XKHDL}3E6mt9p?1_uKvZ)?Z#6AZh5t*MY7QwT2PYC`?sh_5%ONU4@(0qZ`2#nY
zU-^d_Mlvd&E<r_T{UiaTE&qN_3##jXO%SU6R)Uaky#!&mGm3yX$n^R>Gx56cpOX#9
zhCP#m#XqK`{|11SLmKrwDDeNSeq;f3oqi5_0mNa8zz!-D9;j@~5q+ojpc7nCaa;hu
zF7yNv(Ca`?Aaw?3NdI#R1Ip@jkWKs^PZ25$_>B|$zFLBqT>p_aTIYOXf9rf`f9HJQ
zvag$ST=#r7O5kePpb<aE;=ggrA+%m+7Xh5G?k)mk;_pj2Sg+rZazHlyeJNiz4Ze|-
zgMnWs&AWk=lVg(`!^7Y(uNB*kp+vTb3-KFofbzg!0apKSNqI4n$ZKI4c`N>Nh80nG
z^cbis?`9Lsui1mXn2)wN0atVa@@jw%qu|xK>dEMY`i-rJ<b*vgIpKf!7gdl6@2QSC
zzivw6clMw5Z)=&20B#_c>j2y~!f)}dhu@mWaT~x$U#)H{NXOIjUMrZ6wNQ$>l8HA~
zE*ZPKB5v3Z$)`dg^nVSMk6-Q%KpNa=nc60Qr<Sw6`dC*9W0N`Sz}uiqv<|$D9Dz78
z{8FI1g+Lq)y${U-hSF(U-Z8}GdxLfPzFDIY9bBa;9RJI2-crEP_LD!duy;aPdYe@o
z1|RGY&cFEIBQ@36AqoozVBD3p4##B{P&u_sJ4Y7rnZ}q0g06rsa}k$${`(FGq=MGn
zOL+7;d$|$j(t172B~%bV75lzThs+hUrv2Hq6QoasDyDRdV8#R_=i|{fM?s0~`E5UJ
zqZ{~tkD!ETL&*~msYRmPu$N+M(qs1p^#S|$R>je>2P!i<@-tV#-9B3VyVc!|_HrZq
zDqKCHU;NW1#6JxPBg)$8gi^~L-3EH248V?{H&SSs3J$j^|EFHpNq|tL^<iGi|57QJ
zMzFwB+w*w@azuGc(sYpe*7Mb{?r$4#zyhzkm+<Jn?q%W$B!(CH)z=pRltL4;@aV&x
zX#71ck_aYM1gkd+rsNop_6@)O-Rqi@m53l05F{vc{@u4Q<<Ds_Px>VtjqgH2tqu4E
zW05EO)I~fF^ktRz<E8Gy-6jP=wXR~6cGc?ww&fiO)o7K>G=gY<F+)yA60XLOSwAD8
z8IG1ljAp3|wQ-}qWT;+)m?tV+ihJ=Q1o6jIRuGAy2?fXv?kjusxh~2l=suTEyQi0}
zX-V(kDD_6f52IPMJNA3_4W)xfAy1GHkL#KrpN+~GN2Mv15{XZx9-d~AvBptxf5DHh
znR$6+_P(TG*@eCpdmF9=>lJK<8UZ?2GRw#1mj-ahSQ}3ER%v%W<u+e=p8WY7-Q4!Z
zY^ivGy{xKPtx<2XtD*S4FWuuu;rl*otXj^YiOHIZells{kjHpl$4t}<pHjEvb96hL
zfM6k8WJ~4+CzPWo=j~SzwOq$(k!S?srWqCh;I8UnY5A1fp$qlPhm0+Fc7|I9*3TOX
zQKScP9gnAj!OxM374_B>N-VfC<x@&u4jmQDbuHsg$$YAv`$9gxy|SlFJ3xHjm)>bQ
zNO(`nYa)@O^v{uFACp}Ab*;tOG3`=ccDt>k%3|A@RWce8tbsBQkF3JoZK=A*i8&H(
zkG&q|m~xfo@W*nL3codaQXyep7N3a<9Rh0?10{l0$YF;P_-+Q-&+E<bg^CtbbE($4
zFabU^yhpSJ%`AzJb;B-x%(68vd~!)B{EHm^{u8lzq%BpZVLP<}G-(naE+G+HeZzR^
z7My_y><HGgk=|7v$kV|2K9Ow&lfHiz2Hv!A7Y&QXkr*A5c-3ex`Ap{lHhBI>PY`6?
zPqn{}wED@{GH5Yll-#Ue(j9a<FTP6iNS<)y#0w&s{s-<>zOd$0Tul(C=|9BVplgR^
z{7z|Y=ewCe{eeV3si(NqkE4x4y+M?k`MBg}?9wmaZ#!|`_CV{!&E`>1@_n4Fm?tS5
zTYdZ66c+Ek>xU5&J>L=Q-FBjxrcQ-3+u)%{(okYFFEw@}bBHTr%}2ElJQukyl2iz4
zuq?CTQT%T7=?iAhOp765q4Y!WE}b!`XO7n>aC<#5tF8V0)ARjIiCnwnk_`R)ICMOy
z*fkzB*-n(Te3u_PjZ50>%lO#oDIlM5(Y)yk*>@s*f98|clb7SmxD>hP&{lySv`kh}
zmp;`26rfl5oD7IT0<0HTjmnJ(vMxr;#}|&Cf&`U*jK9O#O28<(H4GTnsYrV0IIr$6
zKCR^!b<Gur=VbVIDI3+CNlI%YTYBvMNHRerPQOf!^xA_yjZzfwgAJC#?gn^|SU+HR
zke10)U^(SYE1=b(Zew)xqjhqV)A&8?+WU8pX1}X5JGu2><t;~v6+4Kq#k0Qdw>$?q
z^lzm1^ufv&{jjo(1arcQ>0Zsrh1SU<&Euum2N1Ff#-6&(Boa>9JBdJB`bKi(WCde)
zi=9%VMMCi(qV$dE-~O29|Ki65D^@fD_Ir}|3AvIE#UB@P+0i$Vxg_%8^Z6}Q44z*X
zPC|wHWcKk(NJ8cYHX#EJs@s*cbV%#6fZb@58j@v@)63@UqQb%*cBp(@dCfJ;a25|R
zBKNEz+yj7#>3RSYq-?zSI;!o;kfLU0i-nPuHa1DNg_2&5DutY(2Klx0vegiKXOX9w
zJ5<mnXKrP}4oSx-<#!@}d(;nY%J7}iXh=f8WB))~mO%*z7M-v!Wm8V^$EbaNDj_vU
zLjG;`R?T1dJ2+MR?|;0~gF=p{pb{#!KjXk~URMMZ#>G9!4X$_s%0@pMGQtZ{j1@%4
z?Nb}YTc%9Rq5Hgx=(K7`je{y+VJ1dWMFO9zg-OLZ`^thuhyHm3?W^jC-%dwi+K1AU
zcsa0l&k+j7J6heI_Ys`qlVe=TfK=;J;68hTwbTz><?a((b8}#A7H56BU4yp{w#swz
zHk_WLBKxUK!HBKE;ke>JR+xt8gpzx)c>>{$i2iYN|Lu>LE0`cg>~If7WOQx12n+!G
z6$?r}8T1i8C^)`fg1YKZayT!;s`{8!ttE6ge2Ko&)=`2Ch!oX}HqlZ#Q0#m;NZ*YV
zJKz10E`Fw(kjN8hXMna?h-RtSf!)L}0E5|*tZ~a4`E{{C4B&1Yj=89AUIX{T>hgkJ
z<L*i3#}ZARP8oM3cKP81Qt7^$))$#4SJ^825D-yyhchPnzS<G*TOSdmRQL}=P_V0e
z(tR31sH%*=Flsd$0>EqccnMpL_gQy^p+o@c@^@QgFNjk#BxbpP(#veHh~o9YDjC5y
zP(<5*q=jchb;UY<u1H{6e$g;F(W)k(UCo7*rg?#0l|&SgLaZP;ry0c^xC$xOI5>gT
z6f3wgeT>#<q)4aG4Fx9`^3Fo>+hXZGK{mbsLzhwPX4a3o7nP`n&y={|_9^n#%1A`E
zB<z+$D{KH;r#;orsXf>zUK<%?tsg#@LuRkU$7R&Kxw|gL{^k^)>JAB<{1ty0_IY(_
z5BLn{e)tUh;C6{J`qr>DN9~nKs7|b3mjA4mX%OQcgJa?7h6BQ9sd=Kij6)}QNtru`
zF~T+n3IMmFJ|mkl@j-Pd>HSFh2tR_2j>_tB&)J5%xnV`{Hh*61+gN|R4JWJr_HDp_
z$W9&29Y0dJM8L!(8-1!{q1{S*d2voVkA(Yl5#36ThU|FwRB%F`=OCz08m6I%t#GK$
zi7!E(uKZ~wUfEX}hsC}|MJG;Ih)N77+bH9<@4g@hRD$~(viidNy2%_;3dJi`V>Rdo
z8CC9P1CIzn2EWcOZcbO|&vq*3iTiPQQ4S->-nsnv8f>_}MjI|Q5XsCZf8B-1{$?;a
zU?sZj1J9~-g!!nbFE7uuw1q`6$$cJcR-E#OI}IA)Lwl-$DtAtC^HK2_L?kx-h>FA1
zBzX2E#O7vs%m5SU6pX95H&J_C(yz_Dr7WYHGltz}Xlnlu#qC5+gL=U5n{Xk};8c*8
z(!nNEx1$Bhg<Sb|69FBqBX_190Xbf~2+j975J<LFZ>TH4i8Ih=l3Fr`%@%xFl3U}>
z$)wl!=TK%_LjO8<3*xj-Xr<I@sHPO!e%Vs=`Jng;f5epWyjRZyTrDHx_%p@WIO{3>
z8PlRtKS}BZ&mqNAR^#5<AEFRqR4ZmyMKuj53)PJd;9gNB^W1W0;o`m?ewB;OrfJ$Z
z;t{Vt3=Zv{A22zc=Ss#MV>e{bT5_+uLiJ1e(rBLNzJ-aWd?vCD<-@IsMJ)zOv1*QU
zLndro75qFUe3R`nwAZKPn!ud5rY^C=Ad(M=GtJXrzc4gVGCTnt#clzTTU%x7y{!LO
zXHk00(A<y!6fZcYtuiLVT2cpkP1VMp+C>~(upKH|URVjh^q}aHtcLk!S_g`!Qw;&5
ze)n>fZSv`4%^?Ap31He_;xJuP7{hsf4{;zZ`lW+PAEr8AF<L$1keuGWp^wMBLG0dw
z8pDQ~9w#GI6SU;U5EjRQJNdf`$hM2sD-3(uPcn2fsh%~9TH#1sakT~1d8(RLl(SoI
zsB2c4?aD%rKLi0&R*f#~aM3!tzk6j@MyM>5S@pmq8msTShPM(~MUB%u39{;@iif81
z6aojz?p<G;EfP2dEx~yVBE-hcBnATU?|VUCBTy07h`#Sdm-=(IEH3s?`hqTzP!52D
z&drzzbe-yxinE=&Yg#4j<GYpaRVb}yNAv76A=1+^mIcOkw5ln$pPwB-$19g*5sbgT
z`Jt3<WwwW3bCH`X!Ln^&+PtGV`|y0ftmF*Y)WRI}HBV@=?A$dxW@6ik?$=4VF1e%;
ztO*V1IZEBgD*}d+9rVU1Rb#j)l|~IZ9YkVibcH-DG6zP#^<=8woVz42|Crdz@T*tw
zqVIh9#pKqz0jcA~A6nU`t%egDg6hVm-R0x8$-6114YEMEeVs}DyPYEVw;r7j$6EHo
zX=D3uD}dV-LTWCGxLpQNWLmkD-ipa>Vd<H4H#d@#O3y-w9e_erc3atFm)mO96Ids7
zEO^msBDKOUX@0qodPM^|f49>xPN%e4IG`3<e8gB&6ZRkTj3+x_R$Em-cAQdHb8wi#
zMj~A^Jjouw`FkBq6PyF$vy)wto;D*Ri1xR%mf715DC%fo6bn?uBnFIPT*+{1K$__L
zZZz-m?4E8g4#938N9JQ4Hs7+4nvE?O7CbxO%g}meVWQek$G(MNPm-F@%QEiZ@8(6#
zfrpp(Ei|^<jNDwj8kfCPZC6Xkl%*}uGSRfD2l#-T(@`&%itZF;Rtzc0$9EG<0B^2j
zX;IU{dX_9z@%#1Q`TP(kaskgJ!=5-E;X&1RWq~}&*1c0P9Wk>d?;B(~TnU+gmzi>Q
zWieQ0qN$A?s-@z)PDOFebgT$YEm}0|y|<c4CyOZzTYUXP0Wyx{p6NL%_qcQ4X?O6L
zKjR8l5R&M=uj^Y0E$*W<qCy)cHEDOpm9XAnTNxX$1GZDZ9*NmU3+AQ1RoXyV(e@HA
zOc~Ls2vUA<Fx`I_0~c4v@^o@(&Q`kb_KmS*&CfbfF^jU?<;w=sgYpFwO?MlLLHv$Q
z)F;#S(#D&rz&y8t>Bh|W7-CA+(;Z90GfznLk(m~$)<cQSI}1nTFakR=x>#!58faJA
zo-P2pNEgO=)zm3PW`o_nu6WxX>zI_2gKiGn8(XFfcZp{>&~(tOv5m@=ZrMY_Cx5g*
zZjfyr2y4lHTtoK{ouL})_ffSEOC3rY?|Jfg&oTd*jGp6^?`NHdGbUI~#|knXLMJhv
zb}5#rWoKq$cgPrq+#SSRN>wW)h2cj*-)J1{jUW&?&z;3pdFSCbRbVzH**x}KvRCGl
zA&k>3C|7q5waDl+8rEu=wpn1en`h~M|6%z{R+3{0W%lgZnZza8%dr{`Y-a}0E78#_
zU!2L9?fDmd^n)6%^KRNCFoKM_9<KWU3^f7GLZN8$Qua$}%A9rgFRI>~A3+?yd!3wL
z5+D;HNHh2njF(5lY7R|$J9s^CL)0BCQ|7w+SWBN7*nK)^!Xc|_m&g=sGdxoYY!_t`
zjN;89gIhxa<DD>aDFtyadW(}=PqhtQ#&jU2D9Su{alV1le+wD25QUZP&`e@OzcYC{
z%S@$Ehw<`a&p=zHr0uuPf~2OHT3YYLfmiiBX9+2>TB;I*cNU*%WwwY<IQxZr>;A@I
z8(<lA-pqcnOi{S3<w-)gSajuBpxhuARbO@#zpC9-VmF(^+=qqs;RL?%PvdMZ`amKo
zhjC&;1*(@(Y;9v(1?GD-yN?OX`7P8FvK<SYyt49a;Q)`^*{=^)PJ10Ss_!{qE?XKI
zVITG0uKzk+Ozs;xf{eYr(=8*XeU$F{1<Z7@jc~crnCqI6t`x*+m6SDP+lSleRkNnw
zqYSNR)?94Vwi}*Q3tOB3q`7vR$x~jk98m_dt!I+qM&!Ybz^1+KJUF}bI_e>L^EsGz
zu|gq0f1r!@+*rOO#Y&Nl8<$~JvsKU1N882D;M-<&A-prK-(H_@_Kw!Jc-v|>6R3Zj
z;h0y0b=}Quw&*@x(*knYlu%@#p41{sZF2p>mKU#*t2%lT+Mn7-mwMuyPzPiiVg0G8
zOVd29N3y1(Oc+(NTGQi`vIn9`G|k(ly1K#s2b{atSFP3kgd?kumYQAT&9|_cW2rF)
z&M2cKtH)Ly3m#@u%??e<Ob}ix)J<HRzVw(1-Pm?Qb$R@AVnj?<65I1QHdGuP3=hN<
z@W^H5+fyZI77TyK@K_JJ8f6%$;=Q#4h9p^Q$!o(en$E$sbYL!#Od`#`Uz6w1<YBHN
zmGRt?zzx_bmb~pN<NH(VfmCKQCLL&}GzXKR(&zdlS1yqv5ors}0x2J*%IpV?g?{;A
z42;r<C?I2SO|u|rHmw-f5^$xnmmA|g-7|AGDceLprp^Pyrsxk@2WtCI2e(p^RM~Td
z+z-#5qrO?8mq|T!z>gA%EjBq$ZTr3xy*TRH6L2ipwph8}mH(d77$u(~dL*tav0=Fi
zIDe|GDO*S_y$lwcJI-gFN87b#y)4Xnt4*KdMw1;qdP~`}Npq=4P-S~Uv|3kON%Zmd
zNSH&b)1q3K#r)ZR@wi%%8`;%G&ghYNTdL~$Lhk-C$QD4<9abdzW;nLHOf0sVcfcN7
z4+;6Xh5~i$eqRNNY~2PI^5rhh<_nDmFow-|<{4M{^z~Gjjp=SYnjNF^jiF~Orx*;I
z%)MrZWSd#Aq7Q5$4xW`+$eLE@>g19`7?sc4jDcr&HY)jErwz^``5*b>AZ1WLmoNeR
zSihTZYAbBJuS3e_X`;HFK5TQq`?JeD9do2pLywj=0}V7)STc2-%}(OXSLcEfqoZcF
zv3KYDI*zwDTct9@g?^sr2Lg{8|70i`+C(moZUpO+lVlh8n?tl2E;ZwD2n;g=E`No@
z{czyQ)H1q`k5wmtkWL3tN_&l+P38HmeyU6Tcr%I01JJDfLpP)%M}^wJ*tUPZ>KAu&
z*9l&k)9EY$&*#*-z;8Uc^}r|vcX^g=4-7tRvGW)j31~J*oCvn+_UoSQlsxIlKmU&B
zdqPc?LdIaP<`PX1I;h6_n9!GetOHBK_Dm=iI&F8DjqvMIzDdd%Orz+j7K=H)|GQ86
znfB=<=LTz@u4YXG3-88dmZT;D9+_gFS-A)psdPBLN`$)Zh1P-@MAcovvQU$;aVGti
zOC&?+Sobaz^lLeAG*;6KrG1n`&9NHFImN(dym|Vuooo7XGcDY&dDMv;Rs~EdQie8s
zsg?mbnQe+h%{keNT?E}rBLd|#J<cddn^7pwmMDt>%O*H=aXc>6k2=A_L9fBup(=G{
zWhq-$<`PU(?1IQ^IclEYmF=#=$N}CILY#fu`{|%uWSgDzg0zoW)Tc7;4t@KTg%wkw
z={AetZ#_@!+8Ua(vlhEz()bw@*^>2=)w&qy&bBuy9~tk2`JPPXtg2nbCe}67r7AWk
zhl3Vl1wJVj@^NIyxF|D|5oXV_u?1{A|Dsb_zJqfYy0(X6>NuRU7dT+pEa*2P(|KV<
zVx|N$`wE+O1N)_cjuh8&o{@#_cW*pS!#G}c$h5Lg4|y2vX@+@(Nr`E#203n-bRwSZ
zZ_kx&A#0Ug3?8hnn_04}>PS=po{;bi%#2h|YFUm-ZkIl-SVR40ira!=;B1ryL+~+E
z2CO}aWpzB@gc4XDt0>^v*8YVxKHK8m^NP@E8k<578Uy~h&z{8xhi%e@W_kqJEG9kZ
z1hN`;nL2$)7K$AY=uo<~JXc}UIswxf+YN!nHIukwo>;~>O)qUOk1qO7CxSeC-O-*M
zV`k{_5I%kpIsEUI7No=eaQHoS&#K_?C0_q14DktjqKpB4S8~99E{253@c5mjsfK_+
z^Zs=H<TmpFtG0n+WqR{cVA0>mSZdehuozaFc;RC>U`*W7`Q3@wzAtNfCC;QpXN#XZ
zYg!{}(Sv-U?C~-CV%rg$p0xS&jwM#jy!~_LWy$T<A21{Ilk*KDBZYM;A6k_s5@VKR
z$GA!&Qtz1eltNPl<qTu%q2vqqw)iiyIiZd^o1Vi82{XYWn?55O*l2?8mJa@iv<ICY
zHo-u9W~`f;CSI5*gh)=yaP*Y*<U5V6qLO3gB|4M>UN22@Z;$4faKa^B889s^MlqG8
z_AJL*`$-M)kQNZhWGxMi_|8rAq?=ABYv%JezUxkGP@akSrjt+IHkW9@<$rdf@7q%n
zdt({2W&6{}HjMOwO!0Kiayyl7dxlj(Nf8~Z;R@1Epta0vTs3fc0rED|?RIx6#AA0i
z#78$F*+1MSBSaG14a-#tB)M9Crt`_Sp{=T2NpbC#ovLoxerGWX^Dyc0$v2i!kC?0u
z+X<Fd4|2uXPP!PDWkO9d&4v|_bw-s-HgSIZOWpd0MzL{fIZlT@Hl?1MMrIAeI062_
zw2BH~)k4RN?9&2^Up-qf4N9hFn7~QS;jMvpI*X$sPRU_re2pFrbXd=QV(>gEFq>ml
zmwMg)d5v|%y)Ug;eG|w6`bI<cV-~t7E2GF^Fnc9CHCSMfZ30|y%P}90hSd9N6J^K9
zGh6w4UBIz<(+x8<dzPPl)B3a`jnAemJbJ1b3Feec%gk<$YFK=*oqSUyOERU2&jjO<
z*-G=s1iqE8RQnj~OgHr;c0<%)DsU-tK-u+XL)|;It|lEFa)*QU3#O<xOdL4+X(AuV
z_$F`DN!qXj%^4`<T{os}Y!+)HdD3W4a}CCw_qOAo&MUWpOhHP__2myW&Zu!D1t{I_
zj46j>_-mRP?s__x926wnFiX%M;LLE!45h=K@hN@>_uI{SsvOgFE9%Zv3)S>1>eOw`
z7MtVfkQcWvf4Q5#>(V5Z$v`3<Fu}nWZ_%z1=T_E<)$qhPcqKrqryFH=v!|lsOJQWh
zv_)iKe3L4;K4td9ugI`Qd^6iKu~-cYA2=V%w4DX20gHw<ZyQyIEt<Nz>Vy*6^djB9
z5idxGYI>Y~-FyBN#`>^G?A?VS3ttHFGW_GG-SbFo(uu7Mqoi`&0@D!&zRjGvYB%)Y
zSh=kQ-cJV!Yx-dE`)#qj^$sR&o@c%V3bSST%t^;p;C!2=D9WXLe5R@^TLnVF1EgBx
z0cPsgo!~GZJY%8U6TG51!_5UzCxK}mNte0g!u>WH?8vZLfwXa!7j0iCSF}`zHC3G^
zpxefqB&9*irnXnM<2`L9mMRne4Qa`0NhYp~BP;DQCiF-S0Eu0*8i&S@ap*|QO+PR{
zlrGfOsOdRmTHb7c;*nYWOlN!B1;Ur8n}U<c*=-6LEE+xzXFm6U^Sy1;F&qmmWap<N
za%1jD#8K#SWcdhx62C^iNc2d{`K{ti_Wb(?TxEiFC{4m_3&^v%CHXjO8iO4di;e~u
zY9J0}Ay*e2m*G3M^olJcGWs2u-j~<2t_@jYy!NJE#ME@Z*SIulRM*P&pwYBKma=D&
zyR)P4%xSPmWv0;SBPE!4Y1>f6Owy$?$k%)~=WI#KbouO+e2?cwQtMsfnHP);)xml-
zq{rLE$8RoI_D?Vrln1XYWPfN=lwRl{8+5L3bCF9rI|@x}-j6Y6Llp(*RTZb7EKl7g
z^X&{_*&!$vpF+}UE4R~dWqLasOWlbi(<pNLsw9U1&E&l1hAPtUMq`8JK1Fm6uXT0P
zn+-7q6xyvRr_fZT=bE1txExb7N<=LP^yeH1m}r!d8+o;q!iCkH(>sym-n8Lh1#ObU
z<2D+eXTesBQ*6p<wV8Xhb02Ion0h>+so{_$5Zn|}NXR&?6LnBXBUoK+f<-AM);hKJ
z**Uh{^0CDUrnZtuk*CFP*i?q%ah_A6g^+=RIOK@ue}duCGKJA+>l#={FVxG8Oe-q}
zQ6Xj2j~@x{lE@G)@7ULL1@Dj46zL2vG@|%$e6<n9YC!Vusx45fnVeDk6$SP;fBX$s
zoygp04b_RY+<F8RRF;f5`s=O$c9CR}NaWD7)f}~Gnho2uA8=&d>)C_hLNVf!41cp;
z1b+2A5BuWwwY>vydAWaEUH}l(GVK#H_yWw~E!{|?DbycHy?^^-tTXU7n^GtSGSO?<
z^MG*CcrlD)7Ijh%0athCqWnm?f=Ljz7Ji=<yzv^kFgHOJ<P0HRidkU)t`805CJ)gt
zfe<VFkrQ5D1i<+)F8DP0hXA}-me`REuJ_M<xv;>4e_!qTA1IZjmT|S{zO8M(3govk
zikA`CTJ1HT`zyjx(avXy9FG#?vKD&dBn=;H02;s3BIG&(jhDa{Adzy#zpYnc-SW5D
zd-9OO__^~L(pm2tQLuGCBhq+?L#udid=4SCF1oh)qS{n{opyJrpLS!cI;63a^u2Tn
zYH(d%pp-|(I~t2w$^NtzFO|44xFSNLjen-Zuy+ch85Wu$9{5TvEV6a}Gq@&C|12pX
z%{b6<m|P?y_V)|odfv?PT(euCgnE?t2`yio<>%#kaef1phzXujfP*)r)tYkRGflk{
z<`;nq;^dF2HG+ApYvPlkU{Sb5!K$Py;z?_C^r~+NM%rMHqt!$=xxhtMb_9h%#ba(5
zz{?awh{ItxBRGs80GbT{D8lPi=YL}p<XO<UXO2ES7jE#S4+>n5cq$_Seohmy3YQGq
ztCXmZvVv+s8+XQm%jqAQ-*l@I-U=@J{@JT+^lM&A=i@PEY!zhZJ0UE11|SpzXI=>H
z)Q$c~%44X*1;I5y9pVwFLp;H@6mZ)&WyrY#q#!_cwJ?ctyS>^xVo)LSV)F=bwxU+;
zJ1OmN`HzQY@U28}rHCEUUm_!d*xf1kxIeww=OH+OU+B^Hw%0vbYeK@e&krtjUvBLk
zd3+|bkOKaTuw{!s3Pd*^z*r6FZ(;&z$?JTDlu>N4NcG2I*>>h)V^sD0z-JEZ`9EU#
z7!6GnORLXp2G&Lrur^wuNe<{Jf0pQ1l7xqgcj8F-00u*R{^9ar%r_dN5t8%|IrclF
zEm8F=O4RQgY0oA3kp7^8T-(kp7yHig%4Ga)`e%V3zkgQrz0=wISclSuhN-D7$V_!-
zj%eGxF;XaKamD{AkR}q?F(@uPS|VuWI@87C+hDH$&}}GEqoIaSd)nD0F)CJHi2*rO
z!R?#(H-%s8c{Q**MBPZ02GB24x?Lkg(EEoEA~bC8pH(1|{jM1v*}+ZJu}BA^Xg!L9
z?xNn}RW6L?iWATh?t@@~$^o96aq@>)aafq^o6VzdrJba)lpnkyZ&THTiA%cj0f?rj
z<j(%`U;w1JwGF9JH;-4P;U!5$wVCDfY)Ty7f42*JYGr$39nP}bO!Mw<=JI^SQAgA$
zk_c@!dS@**y+0V4^|nY<xN2N=Csf-WtW#}!E#K@<B8Sv?phwZyER}d|aR;GD9r}}o
zjVCEzKiS8g`{cmc7lKEeIlu14%AkVeM?z+I3Ksh@oe)&vFj3bQ$3{H!W3!KTQKtnr
zL1-ux5=W|Lj`XJ~pgkn_SuF={vhs`7jsIVRcv~$K|7XH$5d|d--7;VN+zbL3F$%zl
ziIk;pp98N=zMjtuZ2sdPHvjK3Vm3q%!fpC1dJww90@(Dg-C?2o&0m|bLL-$wF>e2v
z@LF&_SfLBiKWO-0`^x--hToV&@edk)BUa)+Xn25u{uROf4;mhufqv!*bgFgw#$f~L
zb(jSZ?)`NyH?(K}#c24y$s_!4C$Fr+DE~8k104MEKa;$&TBG>S^bK&(yZ=n`%0I6B
z2ITe)Ro_3ZJT8y;k1M}kcY%Lg`F~vbe~7KnHDKexEbEdn|8eF2A0f8>eOErCQBx}-
zP(>REui@gC)^gni>7RcDMr`R8GTvL(ZWg8pJIsO{VTYM={#$m~&De1bPt;IyM<JwO
zF9dk3P4wLtJmd(JTVKHHwFW}p*Q!God0Ezu8bW%Hf8DK_9dt^IIKD4jGqLaIF1ko~
zb$GX2tlD$Hc<Ho}z7*%C>5O)QemWEkxq8q~hu%fvAe75+?U=h#d%XSYKFFqD(<*++
zvfh(?&rayY-~Orr6`;J*qXAFu%ASvXq04^gmABdvJdNJHka+H{!6Ie7SsdEY$Cs&~
z+TElVL6fk~vQkE}sDvF*l%+7M<d%p>>nCM`9MRVWj}UA+(IfWoX9pj@iq9@G7=U*0
zsdp2hud-i&#`t%Z(v&+;KCvF>!&PH&B@Oy#7d~d~=<SOLHjAL;v(}9N>XO&ikO+<1
zNpu%JEc9Tqik8ms7eT+?#{=>+hKW!lxZ>d1P(ReLOqU*2YTt-|Z(%6eOm%_{hxfzP
zVF2)$fJY{<=qnFpXYI>l*|2{@^XNvww_JN8m(r&7;nC~^Hm#nWrb@sZO9?Wokf8=Z
z*W`?)QJd?D=~=B38DBU-3e_oJmL%U>N3ZUS5f}SKenPI`0au6{h#C=R6eY(<qo=h5
zyV6sdf4ro6e&d&9a>-%Xh!qlaAKR!-9wOpw$$puvQm^z28NY1jyLOG#*(LO+o2|y=
zE8}$3k7`{GC8{>4C_0!4Xxn)%+_Ck5hQWXp8gA0x@?!ZY(#&}zUZY1&<#cS~N+Vf-
z3(_ZCSg1vP*k<ii0bo`ga6||-MYJ|?mN(DOEi@HUo7@@{SkBwZyllflU!`xKvBLX|
z-JUtP6M8J?$M5h*+CkhxN=hU$gPPFn%)%s7$yQI~X>%hGN%rQFllZK?2bG&PQ@`gO
z%P;-Lmg$o&yLSg&mLo>oz(5F^3lM(fz5{(2k7~pWApPA7kv@#DDW*U;FU%CWCQm0l
zsMJ&mXh^NGR9lu{bK12H6E@*}#hdOD;Lzb$g!+usRhf)do!*@s+Q6#KA+%Gy0-ItS
zco#Z_zntgn@!ou;OsLKWRvzEcP;VF#r(H&@-6tL3(Ol%#=hiT3gqhPmoe*_v4iAU3
zSrw&6OxHNy+hHQyNF<?kyHtjg+Pg>+>A`YTa~sq2iSIK@b>GPiiaxX3(y2o2HA_#K
zqu%A<l6Yl@Z?iR3P~+s=#nF!J(F>k75%lTK1r9Ka1sI+jorO=Qj_~6!eAqM!@*h4C
z6v;l724{!#M`%RE@%(@7UHLzh`yS6yQCEqJWEqlNH<3zYEOV6Q6m_X%X$Hd_Muw0E
z&6u&=I(0FIQ(9!nnK)q<%aL`M7NaaVlo{)c&V-m@ipJR8N6YQ$54gX1ew^n!@8|P*
zf8OuU_j$dZ@AvgRD}ruN+8;xGuIISu2VI6a+(=668ZA=a3*<GbA$ivid^@aZY6<cM
z4n|3cXrUo$`<G=Bq68@ej{{X-nWLOE#>ZW_Z)4`(zxf!@rJneGUH)Z&T>O3Q6k-#z
z>~2$dUAv7mhk)j2i0-ZQYHX?DSBKr`SF#+u-+$Gk9^QP)ut{vDJ<hl=Rt6E`8?>97
zwDe(R-3mR{W574NoFX8Mq0PoCbN%8;Z(!9^eRNQBN>+2m1UdeLBo+U9E^VuHV}kCS
zc*CmBaFg6pY~t#+_k5WZ==;@ydO6?PaDy%PW&ZYd)!ypVbO<`|7k$G}$Mfh|a+0UY
z(Fab~*qBIoJ#pLI(a68XVDkyV%gZgR9)(L9eb{$hn~W!;eHVLJO-)V$_cBWemM#QV
zGzi@wymBQMoR%aMhr-_Rm@UpfNmwdf+EHM?GPi*DURhch$mg#v_()GTPD`AZiF>FY
zW?mm6&p~mm_UQTLVd=m5+x_hk%MDAJor{-;$CC0l6Lse<&q?qsdk8^f54p9fZBoFl
zj^GoQ-1Dbfh!ghHXEy7GU+=a{SU$CITH#Dy8v{qqH&|Vj-pyWR9ISAFl~p)Ib?Gt_
z9}MBnzDno*aH7v3`DQO8k1^Iy=pW-P?1U3^n0N_Z<ea!cMpj-ySr3-T5-JYv*z+-&
zyt}6nn%8DAb<&sFn2Q-}i)KEuX<>B5wci%Hy7`KUxxmiP+>!Cz;N&arZcx8GDSINa
z@G#%*b~(>3$c9)Yz8>ZE1@jYlLkY{%#eEbvgT3z2SWldyX_6%EI59>T9NKS@$5l}9
z<XD*w1erbD*&$`OdE4qrDVX`|F{XAVY(Xt^s-s$xr??j2mq;_*kY+g{V}hgf5&U1o
zOQh^O3?&@O-Je?}rC`Hz$1w8p`?xiB4MJC#dCB<}U|eBwO$4JWQj=V}GgTO3Gb*r#
zYe?vyv;GVkcZ(JF5A%|Jf=Pr;HFuiCEXOrquP?+j5c7(Qg+mPBXg#XLhB@F03>qi3
zc;iV<ZE@|*-nASQWwDMp+Q>r}`6+#6at+f{F-H+HQAJsNSJ}?B2(rl=z)*`Z6XmoI
zb*8hlmO;Leo_B30Zo=)*o2L(pEd9vM1O%lZE*%5a?UYo}Xk&w_-%^GR>&QQnO^q?l
z6YSzcI-~XrBm}rdXVhd58-YNF{>H&FftoPKi*?X)sqVfJ4Z5j|HBOb2(P`2Zhk-jl
z(&6p(Dqy^y<bxej7R-uhO{KnC0AQ7bK%FF!LQ!r69U22O=)V@;%h@-%=;Rdl4pE%h
zfxEu-k^qYBBhDRz|CIs|&7qCy@~V`6UYr)|V`ytEM2A6h!U%Usxxh*xx`YrS?TZXN
z%hiIANNhYw8j8olQTt|l`}x{nvd$%`y?Gi!=EZ4hkveBNa6Yh0xf08)Vsk!=V<_lI
zd~b=cLq}8C!-3RV`g7}yz(MTWBD$&`)aVr*Y?6b+KSL05X~3o(e_&&|kFYkZx^Fn}
zZ0yfVF5zN1XCc0d{Yma$)#QUb@^EL5gpEfv55J2O9y!P7TyFG)m0hHXpVoK&q6WuO
zYI$)HCfWS#)NG!l3(I7t?Eq1UEM!p%o^k4UhzM$YOGtbK{YY;=g&v(iOGJ*G<DaST
z+@!jOK@oh=r(n&+C%)<!NFXUzwRh_Qry1v#)PWE;j5VA~pK0&|+{?SvmtLvQ_8SUW
zc^9`BK#_#!qQA3LHY+UByaZ~kYX@LLxP5gGW0|LbpmQh3bII}=_$tbLSKN6b=EBD)
zGF5XjDCbMMpID1kuu<^{qiJ@K*a9u-D20w7zvc)B85)4fEq&_*nfC)3F&H9-9{(qA
zshdncg6H5%)dxWW%5WX_DR{!eSC3YYZV~h13G&XNLhKY{hcXo*s0-s7JbvOj>Dj?S
zEdNl6mF$v!=QYQqK4nzt1&pa{aHwuE$%4*R1hi7=`)DRp4^<Sy2##o!29T-alc+Rs
z)SW6;Di@BE@tE1sHoHR>mEu%u?jqoIsZT!cRpxMDQOr*rUF7V`;x5}Buy>Frhg~Ae
zt4`ZmR*scq$BEmC?m}EXP#inqnF#A$F6|r!9V*FG2meQ}oE279UT5kOEG6N%__e24
znO$xRQ&2I3dL%q}Bue<h4tLQItie(RZKZ?huOY?z{hWpV&2u^nf2TI|8tW<@rqjhA
zbO`8(?I<t}HOG*S$f!%?QlU6<Cfy%cRpzg579|Y{iMlk@wQ!sDY7f{U>RSfYGPDVu
zPfq{Qa|Q6atTFrrrJ!X<SW!EE4a^dHqps4?DZkiRC@mkTXFI&GB>wOoV@Oo+WQwF%
z&*B(Zeo9Hsa+$r;?F)x6f@L~)D^Lc@Mv;<_+^>}c-%Y_Nu;dQQdR^5(OKs~L=UvGf
zfV)kfF;PM_eRhiN)SRan<cLIAOp;pC^Ay_(DDzB0a+al4N7m!#txR4b#|YHNVMs4z
zkaERE#t>W01Q3o%K>W&HFZtbGqWO4Z9q_>629}!4b2WV4ss~gAXl3?_U)W0Pfw!$p
z|1_U^5UKHZSXl)vS@?urbK8;Vjr&dqG|d*qZq|!!5}&iJ2Nn4J3)$Ff+Q82@I%i8F
zG^hx}dr1Ez=j3C5%7R(9mX*!g)|$Fa(bMnaaPWXSz5PV-ciqoc)*%a@BgUm7M@+|!
znw(kFZ{^<OK(yKU!R}AzH39Dl;>+}V{)RvIy*2+4T!J9kCpUv`p0`w?KCsOeYN?hX
zB1B5yl!_8zBhfE?%chT_ne&AXx7>7ZfNm@Iswo$VRG2|Y$dUbIY=^TVoMY90^_wD+
zq^iolHSq7+EjT7;Igi*~$}Jl?ww;ImM#dacM!$74WaZiKTRrz?+!Sq9K+KZPg80vX
z!xDd8jIW3>@_vCkxUd_f`nBhD1G4FcWNre_(QCbp3P_r2L@@)gvDSF?fT_xGdB^#T
zZ!vzN{P{oi*5TL5Sy#@NPP%R@pv|o}h4qg4`EC9GKb<7V9Y-_E{$up?<p$vT(ec!A
Ix&t!#zmcOTi~s-t

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/otpset.png b/login/apps/login/screenshots/otpset.png
new file mode 100644
index 0000000000000000000000000000000000000000..f75c2154c7f4f4c930167b6cd81458151919660d
GIT binary patch
literal 146885
zcmeFZc|6p87e73<5}`t5Z$T(CEw-^I`<^wDLH4Z}`>v1(kt~y?$TkMqvqwlO%NX0(
zWf{Ay4a4s{U02tYuI}f#ujlvtd3(JuW<LApocB5Bea=_7mWCn?6$=#z1fo$^x_$!$
zB8P!Mhqx#Y0q;n)i7$XaRQa}Ya$3rAa$H(2&Q`V#mLQN)cznWPEgjs+z<nRI+%@HE
zne^UqBcw`4UQlSo&<bBW!S(dmwctlI$L~?}20x<IhsVDhGXmYDKJzF<zR27pMqc(N
z6Sc7J2t{a7weyJ2+UJi+Ys0P`0iVC^zuEuz1{4$j#{3>j{!y7KCH^C8TUPJhwOqP;
zA4GPQgu)PHAqZCeNJT?)=%E_6zCFwblw4GCk=KQ=v$N07?<;$f4s@PjoZSB;n0;L5
zVcnN-?i(Pjo#XXyZ{&IgV~=Gi#~eDolr)yf$B{brKw05_TjE2AaN||b$~i%USaMK!
z(Dtc;nsevq+NjM~kDH#qW*Awd=<R)ob9|B#apuy)=&MiCl2#HVlmpt6xH{UVc-p+|
zz;VG_$F0KAmF@c-liQ=QsXT}Rv&i#&H%}Z3HKcN}lFU6N>vEF&BXyG1>43}rv2m6p
zPtYIR&0E#4q|MWxGero4J(KA}{Mo!X_;}5eDQ?z{qc5~k#`UQ@ExL*R82_;+{*}T9
zLK|t6M1Y3N_4TXP)EU$2uKISKooYvomlEDLej!j_-y6B&M)=~R*@18O4`KUeWb1N0
z(06$#X^-MeuiEE)W-n*opy*{awM>cI7dD>toyZRPFiBy%=MtdrUg?Ws_{L@38~ULG
z62i(1{S-)ZS%&51i3ZTy_i=Qf8*eY;-YN8-nwUCacBA;|+iOmVfp3qm=38A^a9Cgi
zB~}*dq&11-zeqlq?X&jv(gfX&X6NLT7N4Y6_&nLe1$sArDoyz!=*t@DmPtpPa&fkA
zoW~KehcZVx1EHNHhZ-0RNyW#=hXR>aD1x}iuLl|yF|Wv6R#JqTQt1bmrGprPF2W9<
zKfKc*t3?qNM4x{AIR(>O#=B(jpz5*XvlL`wjLamQ4b0@Sq7RR1pLSDXx*U9gOZ?#x
zFPS<m2*aV~YpYr(&IRA;RIy>#C6AYx>Lkfw!JmSXnLH?v9quH{p<@Xixn>GuPz$y#
z5_ULh+@zLBaro`=l{2D8K0k0B^Yx^^b;zJmas1Hs8DFwG>aE7YF>MAJzVzAil25rG
zg_~zw)4G>){V91Fi{3+idA*l&TAy;<dmMGacFY^69?R==9WCV^q+t(?y1v$#G>e%v
zhl^EF4F@{OjVf%tQ0yGNbSLs;3+d#eahN$oIq_8@sT$ujWcup#<!M1H&>BfZbN6c=
zLu&_+@JU3lNzlcXrMJBn#zn*Z{tM@6!*p72jt$*AEh?z-NT6Y{k-gcZVYrcIOlq8Q
zrOH#hhEs|b+&D9?x+=82wr#x4w0$Y~^4o`FDwL;Jj<g>^90{ZR^Z@aIq>))W#O4~D
zSK*k>L;G;cchCvT35yAF3JMB83Z{^6RM$dog<KAqq%vT{Gf2gqKj(S^Q5tjZtm7H>
z(`7LnF(Xgf?pPEviA7!Dc0OYe2Y!+kE6sO<5yc?($hTSO5#uA8M->dF0>__5J~dQ{
zh<ACa60gBOtjnU$bDmY8B>v3@WW2!Bj`O1i9C|PE`tu&-WFi@mJvp~@PGydrZ(%T{
zN{iJLQ+jh9m;Ey5kgjmNqKTs9^;$LdbTeC?tF#wG^skF6%x6B%xuMIho1vSKtDlpq
zv-m1wwgpZr`M560KiEHd&+^&kh29Hq^B<SYSq&#|XshddQdLja&(SY*H&~2-$_*Px
z>iHqPGw}2@rJ-+Hd>_AJ@evZVKWg87b@-}Ra!4}oRZhFNM$<-SMgpa@c5XJ0?dENE
z>?6uNY)!j4dSA?Y;xcC)`os#aWU68|IvMAj`fAg6VqbiKUFv4Gj1+EpnELE?V5-`3
z;O*>@#JX_*O#f8>+C6%*mn3MeE?BiJ^6kSH1>?7x;zP?q=^j%msAb&ANKsf+;C!qe
znekYJS%ifyIVb6^nv0s9ItL<FT~hsux`6s}qS>cJt6VFek5wPdTou>utWm8YP8Nm4
zg>;%n%WpY+bVwL@IS^m6Y#e*x=CgrkWzYQd;Yb)#0;z!P>kaL_*K3TzqUy1tgP8+t
z#a?$*U(=L+Dse3Lv$u9?EkPDlTWFSVm6%$L-q~+?+bBC$)c2zG$((54z55o(NfBOa
z-f*21bWF($*P1n_nH@EjD^G8JteFeGx9Wa#(xrE*1R00y*?2IY=Jd=d*Gb6fzN^|a
z<uqF|dbwcvvzzqT$o$)thg<#2UGup!Z5#RPzSEXt&0ElgjbO_b6*G3r+RgISXP#-B
zd+*&X3(YIG(|vdSsQjRQe05Lirs^~a>x9@{JA%S4JHcSPf*eK~Oj>?uXvW6X^SRw;
zrF7S^yoPeF8(N-PUY#YdHJI|<wOgJ}V?&OvoE=w^d6WB?Nw0~X#$HQ(ko>?Zbnh~!
zxHR0qd3VOF+)SWpuqk(3wb8y&`nsp0LzE|jEel_S!{Zx|jF|P<H!cnGR-LO7X@Oel
zeSB>A*wD;DhfPqBf9dYfEa@nP_{pOe;I|BmRz}Xm$+w?0G0uN2>bUxbTSc`}RinjX
zB4g5iqTWTWGJdFwT%&R6!Ep{mMcme-<>t}PoF^)&Rmj07hUryL9F7}`E9a)+_Tfq3
zp`#vXbQwoH4Sedy$EhQCBRVrGTRt0;J&B$~cRW1*QdiqJRHLOh(&=?brOXflm;C0e
z>-7`o#GX@FUi@Ge+a2>ZN6w1h7(Cy;`M%)&Ug=dkT$?3-`}KC{GX!|Fa#ude^s}Zw
zr+}w`k-;45R&}v6qdg`F(>eD5gR(!``=#*I`;88ik?Ji()n=arq9(RxYyM@Q(2V`e
z%=A{_mZ_<6x*-=|W&K;nraI0}Y07}vA)ESpeJ#r&yN&bm!t$@=O(VRT`vOV{uNPWZ
z)x!}`5pl<nYKm(4(y0;s4wN1@Kere+0Xywv-~YM)b|rxj#VuYC4}H3XRUYEQ4j7-j
z)mz$rx9^#WX?tAzvc9K5&vNfz?Y*s5$z92cP47h%HoLaaW;B7&NRT|dOLtY5#o!so
zJC2W1+q+slFE-N>rS&*_MQ_2kvB$ffjN}#NmD|nC&9R`8Kb74@<-5<$HfET#`bG(1
zZuYY0WcM+#A8xg5HQi&|U#q2;<u%g0tl67#8Cte;bpvij)>BktmU-#T>k7W|+#R*C
zq+Y9vX>`3I!R1T-$iO4lycyv%-qa3hY5&tRjW!XLmfPmt&3nDvsA$3FTUBV`deoXr
z=M>Ulx8RnYb(v}9od3pxP@lbZ!IeUhk-Jr0o#XxY@CL1>njTO$;URe4K+jY+W=Jx7
zXZK=<F_ZJoP@PMd>rBhAmq+!o{K)*9`W1g?x_avs*}?lFbS0cok{|pcy>4w^|E7%7
zL1o9+ClT~V=X-n#I<gBVZ*G?;5^DAg>a7WTZe06f-@I_t!%Ud_?)R<3c0;Rf3wnyJ
zsO;J~RF2WbOS{(#`}xgj7D|gNm@6C_Q5uP?zv!R6xAfj8Yzvj~B12O;Gk|%=a9f$6
zgR!2T*#vi)-j2LTc(h}*`Dwv;Z7Y2_x)t5p+I;JXhYN$uX)0bG(v?lh%e?PMWfreZ
zhf(OPt!K*U?1SRS_vkf04aH56%dngCw48CL2DKg+`Yi8qwuAnx_5-HC#l<P8<c`K?
z9DT6-p5f+>TIYSo2$#3gckDv<RY&(rVP}wJ+t~!B&&h{dnrN*00QdEgrJ=Hwx;ls-
zcuff+Ct(3m0Ix`hjx7o6U#}HN&V$IlzfTGRh1r70|7@cH{3d?I0N=zufBYtk4Fw$r
z{yG7Cd#02AXiW}FC;RdG5Et+nNLEKqSsD1PW8q?H>EvqT48QP5_9XDek-JJaT|uCe
z+{AAZ<s0W#fbsinbq(Q$>S|C6XGcM^JI>~of}W0diQ|AIJfXl#M@zUFm#3qHlPlCy
z^33-ZP~bK3ZSWbc?@i$Ll4lInwYcP*T`akT1tEfvGg4GsTwD?^cdVc{t}Fc69r#P~
zj13%q7YYV@cz6hUToH73u?Alf6B7eNE`u*$z6i9q=<4MJH}kyc<a+jxL4J&L-O|;<
z#r7`T*4c@RIIfwwvm0FU%o*ZDe|`P2PD@YQzh`oC{c~Hu2EoKnz?TFe;J?NOx=Ik=
zg=*P)S~}dkZtDn~88C;`B_Ux^iSHf$@zLK?{?yg*r>>VSLw@f1(?`E{)pNCUk#lwg
zCWTA=ePMrg{`tc{J4%3wd;jSy{y6CG?*b<+MI{0L>(->GzRC!A0T;<;dtFl(_zj2|
z@r&#j@Z<a+zk$~z=Uxji&WwUUG9cyavbvrm3&TgA-_lFkTSdqF*>@i?dvfu#8KbQB
zt<K|c-JW|)?AopDRtlZkhZ*-G$I>Aa!BoMMm61E|AMVrzPkeqz&2wTvwznws!mu)Q
zci9!8^Jb&h7^7$6mH^*h@=eTxy3M5;kLnC(rAlqplG*p>zmYCF9S9<&<U07{3lBsF
z6o<Gdt^gt-KPGeF#|;uvW+}>FdvFEHd?qD_h>?}}{MzA|Odu$<<DZjo#gu?Z)IK*X
zaQtJAV_bpbR}L=e`wG8Y0G4$HQmuGkMc)@l3EMvU%Pxq2icueH_;U2)((!|vAa((^
zLH56G{B<w?yN&+|)nBUqKixQhiT~4$|LMm6bmM<k{4Zlk^iBTfjQr21`r+&TfAMgW
zuB8Qab)jVUhXeKrX7jx}Xpe%OfyKSM0nAE!9p$Z37qM})WNiW7{;;v2KHdstIbYlZ
zr;V?#hwp5P3wJ-*v^Fhu+{d<f!5aEwYR>stCmB~KeCAY@^NBEC+s1}IUat1q-DB63
zi1K8OF7!9v8g;+*B*WGl-IP~<dEk}g=WWrb-W^A_i%YpnrxZJ;wkLON+*qTtwy@iK
za}}R=!q<*DBl;)J-ZedrMq?{y`k6UBTv<)$X^*8X%nC=bh_|+GV83YirlFiBccMFp
ze^t6}2}d!cIc$iQYkm=4s`e<X%=W~>uPV#U#lV#mBcicG3cT|M0c?lo_s4mCoV*XO
zzW1q2*(Pbt2={pyJzvq5;{Q!yOH>~{iKnj}3RmRVI?lPZ28{HL?1W;tWHJXY&9HY%
zhh+__x_Nxjk*y{Mo8^%hX-D_4_1o^y<RkmtZ|(EK4~!hSda^K$kvMeI$D}Kb`8Th`
zjhf*XUZ3u~9SF**?Qq}ECw+3!xFwjWHt89O3jUKGJIkocp!D9d;dCy(@Jek#1Zs~$
z><yZ&N0jVw$uj=lIYPIA^``M?09x9!Wxy7ZjcD~5<BV*hx7Y{ekA~B%zQ0`Icxd)(
z?rJpel?CP)$GaRJUdK$}qr&@G&k5=0la7<{W)J4W;nCRPmb&49)CmFOVd2NgSKm!K
zxnZ~cjTXhqMIOgU93NFgVz&oJoF`}RX|CQQ2){wk`L%3jH9Z!O2;=0euGn}IYduL_
zRqN(4q;0__>F(ssHX0yNwOtv3y*H}Q=6kI|U6C!iG`fNwTC^@d$zcMIRAlA!xQG41
zN+;qUIWbu`6txpIA&#36<}lnk%od$B<;WDZIWr(tAg;N4cT%9b((&8pSikFqPR^4n
zt8S~S<%NZ>U)iqDo>Ghk?yse(G*zOvUi0ji^8J*z0+-r+Q&)1z!~CPHJ5m{^Kc~=V
zX{J46yTD3X2O^1FzRYJ-;c!a5F`;X{Hgmt}*^rKrxb^3SbFWeutv)6`*$d9W*u_l{
zzViHKU5OeMR70+ysMs|93DMN@_^eq|D2>_Tpj%rKg)wU=LfpgMun2Zrj+O4%Lm=YR
zHa{_Jhxsu5DPsd2x!wzm$}!!M#su^g4<F%krZ^B=p4S{(s$Qn?7<Thu<~ViAIOl2p
zt!|IPw{O4Yhw?ca@rz$3QM1gpGC!O(D2Nbo_8Qa8cx`lnnu(T&Z(%olF~;DRV7ZjB
za_w_<BdVf686TOVBNFr63sQPl*1K00%k=fj(-T~QN!QV+crZek&-av%j>>JOi$?G1
z2<MV5MyP&vFm-ico}QvZa5M^M$2<k$-+)}b`d%f`PQ!ptQ68j2<s)^U-#6SqBw5H_
z!LY_t8!wmEVY9$^U~e*90_o68B13m|Zk)BU7?kj9DJ>HHmLbYYN?gXdG%`jkJG;8z
znUo6wT^|y-RZr5_sl~pTa{M`HZrD7Ver&pG-s$LBWfSI<6o~W4^GpujGSP~(Qy-U=
zj=;W_Ty*H5GEq<{mw=2A%w|#&?hb03;g3EzU>UDc&B8O0g>_Q4Y{(-eo~ze1<n7KS
z$3|1a%GYcSwu>#>d+%(t_fK`W_sddvyjd7<mqM{g{d^z}Go%}hHDsqhCP@kqQiUNg
z5->zDaNF3`9s%F3lLqy(J!et=W^xDJ((|TcbI3yKrlzyFpbIxIGcYt9YkVpVwqz$E
zQM>t7GLrQ^)1vu8F**Y`5*q5R^cnnRsFB0Qi|^-|xjIFHs+a3ThFscFxNs%$qo3(Y
ztUl#0Be=3OE?F)eYjCjENue=?&ssElRAlkZIaM!KrPQ+0G99>##39mvy|wr@&d-WX
z&&5g*ALNfUsx7^#SdId<Jks5M4GfTj5PqCxAeAicp<(!L>Jz_&4;#zR3sI8~LO4}%
z54m;>uG^K#$=z2ce*jTG7grtxvJy`+0{eEoh{goGkv>Xu@ymL~;vGRTwI9}qcq)ld
zQYZ~>8sSV+HYn47ul4lSWBSI*3vmTcfbNOi`r{F_k|)Q8y=K_otgpL664=fhnEYap
zr?Q<1$hIw3{^F>_X*Jbk<u!5=wdU+%lkJysoE#(1>+TP`W4V=e?HL0^*f@Uf%mpd?
zuD^^1w~}gbK}Bc{6d7|a@c=pwk*I~tc+{-OhZTSnq%*6RHAqING`Yh<f0iE|L)g>@
zOxsrZrU2{=-D$O_iM|!&5XMxr1{rg0h~%cHR><g)gIy@qOh_mogDu7+8B*ks8;Q?Z
zNz~+L%Hme!{dCC`l;@VJ=^J$6{9+dl9MJ@+fC0Av>;xI(_~JPjF0+GycUW*#ibRbf
z8wGR?lRVjwbLb;T0LCvG&359z7P*4r1qzk+_GNB7s3-v`6rO(Yr18rjCD1Z$m;z$l
z?a{!e#Q0o^_Q(OTP$D;{Nz^cCpnMFn`sxP<nhR&Ago2?C8|)m)k5-CFv&>80kN>QZ
zAW|%`kCT4GEam|Odz80Hk~ER(lX=B>1m1b@YH}T!euJ*f88L>RHzvb%_LxD#h1)d{
z8ojC``c*i@sn}{p2Cl%|&P+IcgTru@kfaOaIHr6iwfa@XuJnPvpdh;=?^qz>OO+7G
zA|q7qD#?ikxSHO#DBuc`UOF{0Z9FF2B++?t<O}2=XrCk<V1&%Q)Ov-0y+YJoqz#&;
zqCD213p)X)yrgw%`L21rXFFBm>O0SaeBXHkuHL|K0hoFE3FlVvDvh1T6`ZMH1Hew-
z+Q-jc(#jPnt)$;+#y(LuKHrFKd}MWCwdqvA9ilYqDnim(AcMp)&@ICIg=l|A_qRHX
z0FRj4aPA$%vPQ0LGh*u|$(2-=j<W}d#VM+O7RZ1Mw@>}Bw)<e=u#{)PEfUg17XrG=
zBJuLbi#t2bJLHhb+*OGK_penDXh6opp`HC!C7Uqe{|1!`aG7ncC+<I8rES`bh&}>q
ziJSB~xYS!g`a-Y?Z8w$z_#k*G0c&^USi@5Z&Pz(CmLU%H+le4639;0J)aD09n+j3|
z#a`Q@Zrgg7(Tf=s0GQiy>uC8Ly)j5Lv!RXH(*b30HcD;{p@s!LX%9%7O!~PXLo%z?
z3HI(~=i4z8Wdlu%nbCeU(a5thAf1U@o^Ky{h~BPeZg3z9(gRRSTn5d70nVFp6$IWa
z&8Yw>EI&AwwfpV)?D1m_YPtn<g=@i#)mVMMa;M>BcXneE`dCItH8$ZZ^MU>{>7=Bu
z4@K%X*dQ@>OWJNH3gF$X!(xwL0i^6xQ3_OJ{KDz7IeIc?{f0YbmC-+A0Hv-bY$^|9
z#wB(E71*T!io2}#W?vCl_0tL}gW|BBJk6sp^W!76o8}a1y^nVe@VGL1<i$cTxEeV`
zFDc19`aUSja5=QgC`9134sr&=k(NQ}+%s|Vz)EwnWXcakMrmaqFN4PC==u0sPfBv`
z+%uL0L?L$i+@bS}q0X4rLy*D40<b~luWScpAvF+1f>s4(c*s)fjNID140sV>Z^@c+
zy~@~OOQe)KiJHsh@!JgJpStgH9-KB(M%tiZR{eN`u9aOi^cZPkK_$NL4bYGM?L0kp
z;-V0&*nH@qNaXRt>>J*JxJRs_`|aDM3U^Z0Ul)$w`vzD??oYBuwTx&+=f3rGI3Ix-
z9qEobc&2g<06?C#XUr_Mi(a;>nX!;|LUIGL(CzyU^a`_rN{wDzb@%ji#mlMEB<jbO
z{;DdTz_DIO1wYkaTs4W@@?B_kEF-6csU$`-r<Sr->7@bF-XuY5JefI&3|}eq3yj!f
zyHm`%Ub1)J4<}KnDO2pvlf)LrNe%1`flUEre<1d7T)Fy1t<*rdr>Ov}^rA_XV)gLq
z!IKV@Q6@#%HO$_v;cB)o2^&%7++pEJ5CC=%9B@=~kY;hCtsGak$2w5Tt$gEf<xw|r
zwbX+?f(pY!Ay{bWA#?*bYwDflR=M@T3D?!~IH}j*3Jd@jd}bWQvMR`NU>(B4eF3Ws
z=kyy&V>8(gT-$fZx>@=Vlr@xe-UCjWcw)EYr%qI`r@nw$h(EV@P%Ph&<_Gfi)$?c2
zH#~*V4{$ZJ)?wBL+<|HG16Rpy4=yzC>@oWWcom@hQX_l{lai(>9vx4v1LAmId(2T-
zX*JYw!?)aIYlD*{l2?iKpggh%IRR4jzLnar#itIsoO(8#=qSHzz&gZC&|v4jIaDvr
zOOrBd#t0t-C@AT0Z(!GxXr?0Ia@|HG6;Du5!d_kvsvxel99Zin%D5s6%>BF77P(;N
zz6_R~p5<2>v@0|6M(+3VE7@W=Ohrf5UUODpjss`wDOh}31qs}7`Ncz!rX~cM)36}8
zM<vev;4*FnInXe(D+>p9S%B462YW=S-MV?PX**L?#~K(GobNL@dlp7JMvxp8fJw*>
z9u&1X$~*QAvpJNoyelH|97jmho(#4b5|3*O-(Sw$aCH81Pn(7z$)s}k0hfdFDL4j2
zl96#bkS{>vgD5F!Vlc)LIIQK3*N&G0%_x3z#w38@wHEv!aRO+&@ps!7hkn=A?ze6K
z&A7jB`!B`~ibv{aGijb;VNs)dbfyNAgg6uZ0F<S)c;^CZre~9npM&vHSShIjw%F3g
zyZYrpOCXbehr|vrRwRt4QbAc`;YG5KL~8n4%bP)=jF40=$Ag0IMxH~Wlk(>Lni3_9
zs<+~=wmc>zS0KlpT^w%0G9K&#BITymBFp-6B<KAKIfO#<0nLpXKnIC(@>|_#ph}$k
zD4(Qw4Wv_4_jlW#-$|wn&2QWOn{j{J_TP+4)DB1t+vm<sn73A$5o&zwP%JgF|C2pJ
z={tn+0uWYI`}aov`w3Ya&Yv>*V3{MS@{1;PQvjEMXV9Gh0hf?^=*JxcS|#=DA{PDM
z-hiVqsDyhKF00?*8C!ZV{GFmMBF)+r%V`9h0tN}{A6n)}@^Ko@1nl74FOc?uDgBVz
zH&?BYvqUU7NdzOJe$kMq6_Z<?5`szma|?#Q+kzY@Zs7qScIOVtkjyvI9zcC*^X`%Z
zBGeK5<1|?t?lPX!eDVv{u@L=6T4mg4Ak<Fe&_e0ki$eUeOAvj+Poy@5Bm^}9n*{Uu
z`P6=k8h{Xdok^!s1nzI;LO%eLBl8wmN|=P$FSjvw1Q2g;*BdRzk2f&nJN=1aX9HKi
z*!+U~yhOSBq<l*8Iv^5Ne{KSGDNwl}xYU8p+2EH;pnQ4(P=;9E^fOKLz%3mAaSJV=
zP!>q)*<X%`k*Jv=H_z`g6NQ58&+V}SHbn6k8zM=>H)j9~&-{#q<d9UhUxwTu4p}S4
zH~A14QvZjtA8+t<`DLXTdc!w%Zp=!w_BJ*U$x0x!xEn)8=3RboZIH$1LFXT~{8vR_
z6>-w=pUoke6#E6Rb!7utAbN=*U!#KnKoa{KkgNdzr7FU*eRJJi{@|VhW!i`m;zi1T
zS%O6EExp-amgHm0xxg-SA;2WY{vsy6MA(x)toPj{Sie2QH?ne@6MK^AvU&#py20Zx
z3N^RsmmkjpX2fvxueOPgSw&ujB>eaCV-9Mf`ki&o56u01>#5f{K)mO%f6Cf_YTNTK
z+7cruaO!2EBIptop)!cX#OT!@_fpCh;y8KF4R8dgQdxhf1JO|Me0xppv-}A_9@SrD
zy_kqRn@4pmd;!s!`F}ez026+5X1_n*f7A9q+{J4~$mv{?l7tF@gR3SXS2+m`-$t+X
zWc&!QSIQrIl?*&J@?0N%yFBttO)B><!aqQC>3k05T>?mhw`;IJ1qyi>g42ru?)$$M
zTB5H0(~1IKb4u!)?*R4Zy#xh?wtA114QTw~^m_q*9R>DpQIMngo!I<N6pBeAZ)n>6
z4$}dg`X{D4fHM4uDEi;2NBKn}T0MO(_#P1Be|FLTjYa`o2A(bj{~J`-B5TpfJm{w6
zgaTwu-X%IqP72^YuKc)<_CEqQ3FU)V9`uzcsC#U><CH|{rug&5vE|>P^YkxQtw;VN
zh#|sPCK0}DpvbpQx3Smp{e3Hy5`b?Wy!gWr#F8=tryKeULg*a_L`=`><<KNx0sDU-
zL@(f%p3CN1#4SELh(4g8SmFx5lIz~_1P14A{1Z}u4#4JJf8BgANC=h(p`PL-12*sa
zWApZuu-G+<t=lbB%pJepg#!TcPbJAP%xM6Idi}sqA#zBYMkQ4&uku0s)T#p}_>gv=
zpAFzs-<JF}!BN=n@tN^A_$>6@p=0~SGsxotj2{2TYu{Rlc9iXh9cB3rvr)eu;;}#N
z$Q|NEJSSd+A(^s?X0?|iJ<h_kY4R%&lTwxcutfiA#{d5<_v3%kDmke{DHY+hWIGO=
z<J=F64e&7im3$YcOSeXRy#9L!+{)ragAL$F{L|Y45b&Sg*8jZ)H-eh~Y{1EAqBk1s
zOH!b}Is0aiRa0o@A+@h1ANZ91TYv2k<p0`@|2MAre+VU5g(EYYlK{c~XQcRBpYK1}
z;osZr{~oCS)3`+Mm8@<2C=E^4VLc><h1Lls(;@71+t?yH=2=FOqeMXgz(~GzwfM`)
ziL`4tC+%+b?Q3m~N!P*XmrJV{P;Hgez(+?l0R_DNLjnKO<iE2h=AgKOK;>u1i=zkt
z#s6t20nh6nhVnnf@IYJvb=97J0>l;hKgIh%i15#NAFx-yYx`Sn;6IG}+qVB^-27W*
z(4*(VuKeUdeQD%(UmN7<ZmkP#odSqn28X{l^0A*P@z^u4>D+${`1*7(VJDTip4vA@
z%M^b_<tpOUr3I_75$_xQ1C;?EgjJ#2q=>X7?iV|8-W2ehr#fUAqks@+?B);D2SWMZ
zIw3#^_M1@tueLJ#<h}Vf=>=<68t+a%76~Pz73HcKqX1KuSa&Rqf)@BZi0L%(TW%OV
zGdTR}#}sjqTtvCVM}!D?>s~cGG4FZHYbxGsV-7R^S$z4Z&tjQDzsIOwQ>xF>DIk|T
zvbZ$+of+0T4Y=aEHkVZ-7yw(i`nRD?1OVm+1OY6b7!Yy=g-P#@;}WVgu1<eUqIVy#
zOt{-AdpLx!H7ZT`y4Bw*CA?6#vy@Wf+r811uqj6;d36YwZez=R<?Z3Hw0+<ypuOF1
z8^TMvs<8HF7suDq_I<Z|vZWXWYuCF&zeOnKb(H!GkE~~jgtSWUt-gNq6x$B2mtYIn
zT^)~A6};CfJ^p~c@y$%?yp-ZuA}!ajc^ZJ2MT^w0QYxg0H6fq&9AnH=H8{Qf9DedN
ziqvHS7VD>z?aPJK#zwRi*%>t?R^P2;@=Ds07LNFvx_rFU`T*=ZPOa`d_VG%`QQkCP
z7aeh$DQe&Sol!bx-$~Y{JUt{-iWy}GozE|61ahoUe|2dn|9R+S<dsJ3=-y^|wNJb8
zNGyjbRzo73$O~)P5>M3In@U`iG_f(K^-%GjObv#Nxghw<abm=ED#)K4a?b<ohf{6(
zHj~DA@`B+p1kc7IhtI<CJ$zriaBZtWJsvY|!MS6o<1<2&o#yYo-KOauOY8dXxZ(pH
zO-Z5U(-lZU{gPWDH7C9^jK}vQlL=f~^y~Yxyt{ZO(;U5vg#m>5R=)x9(Qlvce&EZF
z#5()Tt;84la{F#KacXE%qj50PeSBX<cGHX@P{$oqK%|pXZr8d4X2{PG2w3`C12ya+
zh(4>TbJlWK>pyRf-*Y4S0IAe}JMrWEN*qL&F6Q{GH7H|v@6+h6`u1m!I-NEamZXZ|
zglee#RB^kY{h+}ql8=LB_D!_n3tG}AQG?r~`-D;aWUjwrQ2*;z4lI3>hWO&sg6B7D
zJnw1l;J!4A48wKWb$0f~IrmPpd5#6))~I;buT)G%iMtnL7qdFfa(;Wiz7An8A~o@=
z8z7c9v|Rv9NSj1;O1%ha;%5}T8x1&i8brDaU~@Jy0S1w%<4O(GFgVpG3y!r!XpDbr
zju!5d$msKeZLQgr`<%P!do{Hg@rP!fyGA*t!lTQQuPtMor14$Rjr3{T*Rjv%C#4BE
z&GFN8UP^vPNfV*++n7Rs%!=2@rkav{jm^}vM+14D#gF)qp&iP+DPIblyq8?lSnJkb
zfv5JE<U>5uw%_p<hq36ID!mx=-&ySIlsd(El$N&FehtU~wVaxkJRKOwn0_ddF)0~H
zc2T8z{5b0G1k+#G)<6TRBP=?HWlJvFI=by`w@Qa@)os;|UrGBGiCqQ<d{gbWPV*a@
z;Ze;fNX}qkchNe18x<qEvry8cdi!f^<LE?1-3DqU(pn-zN{~b?rI8T1T)Q<Qy8&a6
z@y511W^J-J-5Fc~B(4~TivZV&&N38Ah=7?1_4_;ZrI5R+llo?(R6ao6g|0M!8&C?5
zV=}N40M}@BLeq)K`7tPqI^Q2&Ci|#D6X2AwCy8892ay-==Na?snm-p9?xQ7(rt=*m
zTQwu-XZy|;ZtIw#mv2!(26O@+`H#+|c--#9+?`MWUEz5lKxsRr<c?;-j}n$VE;c3f
zdl2v&ID5w@b6d5`ez*@w{e`0yQ~_|Yg@r5`UFifJGo4DG_ou^pM)`rQ1&dR1LBc5v
zNv?$RRzy@NfY22B(p7_8&Dd;!X?3KA0WP^Uk?MD#pA`xmD7Dq8Vv))Ax+5a^7=d}e
zzgNFEU!R3^o=_r(Se#h)?yF8NP<mCQf;5H>5Yd^dePMHgsb16<xaW4^jg30V6gBa_
zUAtEp-G1G>TLT^b?gZ3{h917k`ykRdL%>GFdAd}4+LJ>}U>g}ofQa$~Aj=pa-+BUX
z)@|J$DfrG@4WX}8-6T1Ctr~yLG1`AUqltK@!<GUvV`3d%8ry??b^4s)Agjnmfv3KG
zCLSR#Uc9K%s}?sfannQR!l8aRpkl*mt2i}vXUU@;3#WpKywKLXZ!p%pIj0F^oD&&n
zNl3_Dm;hgP=^eHiL?nmfevo3P1C`yc0U<9jtcj5+1hPiaX?yG0PU=T@s+Ij(vFj|D
zK*JI%^+7kl6qps(Zc=T!L{2Vd53e;fHH}xz7f>6QJ1B2eW1Xtwz40;n$4vn1Gd|+8
ztUhCL#$dn;(6i^aU+~r~`yYb1Q~?UzEvEg#D8=rTw}_V`tFVI-SrpLqBD*!N`<1Nx
z&FW#eQKH|l@hHAGUGGwgQ{LJYKm2;u(&Z#!M<X2{X%;x+>uf+PX{v9axEZOJELl&T
zI&vA)@yx%4Xr@Zjmm^PI@g8t&vKI=K5~vvU_v!TWd*&9Br9lQ>{FvI?-vLtCm#SL(
zERMG5S!N(C;I^M#xH<9JwF!Y3BO_>3Pdzj4?kE+EEZSMB4g*rcC58299#5N^qa@_~
z=K#o|QdbBM11NKdKd-5NjZ`_n?aI+424}~NAM0Nt#~*K)%~LY6jTx>Ybi;A460#`#
zz?Eac>+Qzwrd5Tii*}I#`0Rk>PCc0Jnw)8k-us^3_0B!FnnJHn_T5!NR9Bz_3}5=|
z_#f=NrSrc#lrZlJR|$_&q=+a%G(HCK^aASsYV`hgG%lfRVXdkVCS#iATsa<km$1<n
z##B2iPh+x<5BQc4U~3aW_w1taNm}XMmF>=2%zlCIlz{0G)7=TCCZ@WTkSwWHX16ym
zlOuU?;Qso(jl%mHqg`2AlgoQc%Pbm**tRy_G&TTamW3W?uZ&M}?t5x+^?k}ZHugcF
zP>rl0gqkVKK<+DPy#7upg&9V3*<_P2$iRRrMN|^T=>jO1y*hj*n%4Exc3LHu?$J1|
z22H2yy|u@@?%MU6WF56JJk4l|#1b8c-Nn&8N71RLIy?;53ydoSedl!2RJKOv=4_0F
z;OkwAVF7zH0kl*-3t3v%(<})dcwDxK$q1n&jgarBjQ9NfTx=YeD|P2qx%P`^1zfKL
z4BN0+c!&TYyTc}XJX!F_UWDoHnc);EQ~p7=LWL|NDbBr>uqL80&$=}A0-5vJU|~pH
z17I~^E>wT`pw5mqHVbsLn{=8~cNeG2)W7HZ+v$mP!^ofP0YJ3?Nva=6q6o?WE8@?@
z4o69ReSf!0p2-q1v;)+>(Jp(oig)i1(Q0G_Q-@He_&(7WU3K2ybbf(h61CpCXy7s1
zJ!DFlGnfZ=sXX>to5pa?M+KijQQDQ+S~g%uHp^E`_cu&YRaeXAV@L24$$s@IyBSDZ
zMY^js6O4tFfKlBap2NXI-Vu%JSL$lN7o<l_F5e7Nsb1uj{-)eHbEX>CzOwsmt*IJ-
z({v2qqOhNS@u5Zh=DZli9jcOIEYVAXCu`LUr+h9oZ+>)Sc`1XFV8g;;<&n+^O}6mc
z+(??ggZ^+dL@3&C!9pCDx~XlGwbBv#aM3+|QZHy}`;<N;19s;O*3&GJw6qV9Boo5!
zJRty&PNSt#Zo#ImJm4iaVH9w}59kN31D^|-FwTb5zFxj*ox(Ws^;yNcu%R=74Gch9
z<0Hd9NMdCZFob(Qu@``6`q2fTft~>jhD?BlY&R7pK}e(;r`q8uAggOC7vR`Cm*6Dg
z$EW`(&ctK5Y)W-wO4XpDE8&H|1Kxa-C?|DDCo*PKOXmlA6!V-rnm>dn0UPl=tL^p`
zJKFp1B$0xj@*yZRcyVC0%+!RChnXV*2X^He;J^A!g!5W?VBn_9`xW&BN1}JO9I(HG
zDDdoA4z487!gMDUqzy(?UTV~o8u9ojyDkgiJ;MB_H(aHjsGokOe-*bbZCsy&Ae2$V
z*4JLDHfnw;$+zfSt^FEbn15J)<lX>C;cYA_GsWx0MyADi#OUsH<%?G$Jb;r05d(Ou
zD`GQcSPyv+8f6$w0NnM(&p>Jfpmcx(AyPUGiA2QqUqg&OP?Vh0R)0Q;$?vp14M3MO
zdcG%pGfZmzg{>rmpVtkU3{~{tVhGsRtdmc5By03O-aH!|=Z<F7Uk~vI3^1+8sIRNh
zg-T2={XpL!cx3nxq`X{ysA8|1=x<1&<nE!>MJP<PKlpp0f#=$h27O@7npO@UHBm!5
zw-A1mzvy(L#e|vA5dTVdE@K|+%Q3ZV6VJE3MD0D4B0S}I8_<!}fp%-3LLKAk&K!)r
zx1#|p%ZPoGx`s4EL&FCL_eJS@eT_>SDvEuH?#mmUk>3A?uL1tIjU+DDdvh&rcr@rR
zN21iNGCRHUH~yw+ijpG0!<XKO+6<%;ZarBaAytU4$>C5#1`6#(i7r)62J1Jg-9ax?
z5pMOXXLpn#&ZfBJj9#Jw)ppz)N^4|5+1Zu>r(bV;H4QK}6-Kq0BL!(^344~rToQov
z%u<JeIw8L8Ur4|=e{y<C=?NeOH`aCT7XP3wCJD@I8;`1odyP)@nX`oh_-jt!9pq$>
zt)yLrY3PQ*Ube&(-&}W*msxNf1Ao!#T-xl@6BN*Lsds=6_wnlcCvh6GA9}fPJb~I>
zrkLBW5gPQ`esTHn{@L?XH}Y=Mlbzd<Vq|Lu4^)hJ+s7r1%<u1Z?Dvm%w}!E~C>gEs
z>;P2*_GsvtUIW>9{W6IKGrD$nI%rF@@0YW<T<rng^=AF-jPp6K5ljvJQcx$%S?!c#
zC>S1y%bxFL>%5N=ouI@@_O&J>3~J}}Xe?%_>l?%Mk-jWYk8d&p1`G|k9FZFAADp0W
zs@Zb`>O!RO=GTS-GH&6zbS-;odFA069$xRxa%k`8<DLqlR#r6#_=dw$oyDOs8sgnE
zjaXf31&RlH{lZRE#S9OhyARrK=)}XTlBKXlZLgq0c)#QOi(hwVr0a1ryFmCCUTt5A
znYo^pw2(#MyI!1TxgiF)vS_2LRFFxYEl$F$BF<KObH>z<q1%Sdxr8LLPZ8;-D`2-Y
z^v1T92Xn2vBi&zWZJW)jRR(bMbWH;pA(*s`Gf^?1EXt{m%)&}-5_<LXK+<%T^Af8t
zKvB@PvXdXXOTlxZVOBL&ANt&TE>}G$<j}X(=m56$=1k1A$&|e5OMf6p%r;QB-GKUO
zcQYj{B&hmzRqcLlpBIpuu&=G}1fpJPkEVoemgT}}e0R>7<dI%=kn4B|lW@p6Dnyj@
zo~Lu)Mmei<%_TzP(2}me1_1dBy^DG=8c<wjdNRX+y6K=^<yBT%%d|efLWM`9+$g6a
ztS3n%DKBQTEB@Jskvn<dPn*<l>aJpgTM1J7%QJFmvVJGU2jF%Q!E%oHZ(1>#jQS|y
z6uS)4o&j~~=*ug@6nF5aI-FP(v&lK&ow5Vdp*vLOU$SGArPEMUBG^&o;gjpnFhn<B
zBogI!eg%^&ixNg<di9p1>d}Rp*SkxrE|M~%Sag(Zo7yW)orsZRK0uWev*>IQvo)?i
z_!#@Y`D+W(&GslG0LVlR6EMO~RTCPw?!C|nTc2v*nJ>midnB3q9YIqiReGO|dJ$Y(
zE@SU2=rd1o3b4l&hytFM={!Dzu?4~}{U;qa-Jq|yj6Fqm@J^)6;IU3d)8c^ej-_hE
zPVFHGe&Wsk-j2x8TyQ>A{u(m21zW=+Q<Yg>OAfCFDaiZkIcHEI^h0MO%1Emhvh+BO
zYC8pEK5VAV5^j?*KSsVm<CLJ&mC!8A>MX%-Z?Pj&YP9Numb=cwaZFej71%_ujuSyh
z=}`xv^HQUvd={_ecn;x{)<+bPT5t3~8Kd{0>Y51-)<m#?5_6WkDslC6#3OO|lPvt@
zNHoBLP{Noc*ykqJBnOf;XL3h`@hD+vMk>M4&daoZdEN4o4~8*CVKr2w=EWXMh=e<1
zv*%ka-`7#n)!uTZFk{AmMV`Rbx%zb^rF9`mr2gdrv@txM$K*(E+~PB1rz3RUo%dO)
z>?|W|uX-Ut3I?9g{oOUz+osd^MQU;CxLmOT3oXiYMk6EKldaxpP!`rg_Yx6ZE5<FM
zn7KeQS{s`+{ra4hd<~uXKC1v;H~NO0#I>D~t-4UTE<PjZt3tH;M(BF=g=*YWK0?hP
z3OEHwyZBURU1}>p(a10WX_=>qgFuxrMMwRQ=;C|b&kQl(iagQ}7N@_bo$k_d%KEBF
zK_50jqq^%+IG_TyfDwod4qmWK(Ia<li99uMx?5nNA8bX#&f%Gk%*x5J9U3%osYHOL
z<I;BTpsDCmre82h-abAl>d#vNhyuTU9=fpDxB}^_+bLSD;bztH<9`A0s|Xq2Ng6hy
zfIzvM4~Y)+F?#J2nV;<EE-L7l5q_jYwvc`A)!Na8wavP@pq!P3SZ>t?ofnZHg)(j3
zJJ4z`1G(-z9v`D#pbq=^Cf2!rLDi?q`TODYGde&45Jjt$Ylxtpqx~1AO%4rH!yH~a
zRdaF>i~dp@KIkEvWWK%w3Rdu?CbhFBgiiaCou%KnlPAd%H<W3Z30z>)x}HC(N&<}^
zROp;UJ@2$Vi=xu?-s!SCjEQb@GJ5;6z018SSH{+zB65q#$tRx6=ZLNI1;Uap33?%y
znUF_<o>NVUl1uQ@r->pu-;=3=6YL&<#1I;hmvnbtA=D`%OAyoV3-VS;69L2BrRS%M
zc;}S&ID@o&Q5eHLw+S!S&n|lkR3FGA9Uo?~s6{Y=onSU@j4wkqOr(m^T7eSsl+E(H
z<BeHe49uU>r0a8QP43e$U<?G(9Uzkw5c~!B+D`uPy%nJFP>mhn$JA2ZIBjVhfeqrm
ztUL!q<1`RA0aZy1;~T_^y`cO+LUG0nt<?4y-tMHIR~PQwfYzD1+aXf*+s)we+FOnb
ztj>&=`v+N8-`sXuT$c6Wf3k_v<EXmohE&hi?ngV-=z&%@hVuivmZvhJrK)USDGwz$
z={d_I6?!xcZq2P1>erG(Mtt6Lpsz2_s|Xtn#|_tjTBz-c3;E{iDy}J8r1^erlSP`h
zV9Q%U3IfdxMzeN0rh8u#5Cx%k$e5R7*H9XtPIVxM*ET(FWRpaC*zRbU+D9u&2UM~7
zy6ZqT0d7+W`?Qy;YI`Drb+8v@Oni2xud{^=D9VFL04EU1dsQfv7pT}tU1XyCUV8VV
zY(=xde?Xhlrz+&pO6uLlBkBSMJqBg!aQwAwga?&ecA+DtV<+|%SQCFDez-?7o1Xyq
z{C;wkFSfGJ6t%K@+$#5Bc{scNNZ-JIwUOGyQa<71rZA&C2B$E95x*^6mfQQV05A(@
z%8%vwse?(>s^i7npF45*xcTL=G?Y@A!t;g>OK-mo?NAZ8pLZCNhh77CF|OGY-N|dJ
z;M!80?wOqtAaSijAyhb^UeDyPn7FV;{|3+iFX_<{|Jt-~?n2LN{N4!@qKc3WaJz|1
zt!(twnH3{c%%q8j&Ts&@5C+tX;EvhFdYlEeAN+%IeoS%{$V4a-!!9-A2_R`;Jz4m}
zRgWGLkVUEUS&8`-d2-p8){Ak)4V%R!gQiGt4x@3`?eVZ|gOY*Ddlr>nVpWH<t_R6h
z3uMDt8)g&Nr_?rF;B8YH!kF+b%Li%enY?8SBdVZDlwGGx?Z<E`uK61cRgrG)NORB{
zPBQ>nvpWUu;IQ&G4Y6eG9dKPiK&3j<y=upTsf{ET%jZAby1j_-PYKSnxKWu&+BedH
z^3h6CU~Q<`8D4fW;zrNKP9_b*{rdJa=B@^=Qu%s#Z(Q+-sba&6%{)hU=Buh;W1fMs
zf*u~G<m$W+BrCle5Z8gSPd?AfKhEG1F^2qJczTCoA%R_Th5}+&zd2}+W}z&n%&z0Y
zJ>sLH2JG4(6+UH(;>zSAGH#~!WqnGG28EBC&~ta}b<)Jj`uW0osafiRxpA9~cb<rX
ziI+wqBfY@3O@gb2UscquiaR2WKp99AFN4J!>Kq}r(OK&A>!^(~Q=obk1J^c$1?X3c
zX|Xmu_ZacQsZ=gV!8gvKPRz{^O#n;7Y;i~4#?xVd$Sq2bd5!%f9-^JbM4>V87{r5o
z>qmZURvsX^YG>6``%VCrQwe|PVS(g2JuzugOmqiQ?HL<p#W23FDGV?LI?lSfaQr&X
zyWho!$PR@H4bXbsrcgAPzWLf*zSZ>lh7?2HYy{TR7?9VY3jY9PWwza?+3t$lDE19K
zKV}M8m3P#z_YoL;gJV&=8n>PeJSGLj_9X1+QNb7l&)d94=<DDjHa*iUcB=fPmV^RV
z1v644r6?SX241zFL*6Z->YH0XXB^mn2y*+y2tOvU3m3duJdhG9a+7m-%TCX$p6LiI
zpDp^h4D2OPo060>^u?PUFzsu$f138cbT=IfQrPKa^pV<IjTTwd$R@#kP+BavmY6&>
z4lr2ya!ib`B_<x8Wf{b;jscGmY1kLsF-Xk0Tl6T}ZYr$tu-_5M+4TF}?Xz|vZ91u6
zpGJi(DT3nI)#|IkRkJVGABiWJxZm8&UH3=oL5K*(T`knVvU1m;IUYgVYn!72Li782
zy`{b#lUiT_He0HRzl8vf#VF;*tMo54&Yp5r*WMxdzEB{A16MUxbG!9oYLHiLU#`2(
z)y}xb&7yjAhMy}+OdO{HpAEDf8zUj5Tqo8LaIEljsS@dEwLj_TAEj-cr1VE%y@jTn
zx<lOpJV@}s;#^h@KoQY60}&`I?W?%4tZ@o<DXqkp^$V?wlFMG2qO0%dC!128ci0==
zk#+l*osdJC7b6~}<jv+1FR-+bNae|z;!6<0>1U%QE@OMv2>j%byfAakvt6v{ykm?e
zDPpcx9m^$s?CU2QJOxBbU#d12V^gO4ltHdQ*c!_2G4vX@xZy)Vbk;ucKO<~n3vpXF
zD$*=b*U*>x)i+-1j-IbR-f%~V_-sTi<sS@>I5SYe>tSIZ<5k~OE9`Uh_mw~;{sg73
zbOkZHa^|^zlsW~iM}$f)HXGYH=fZ^;Lm=*G+yw!H0(gB+ZlTAk6J_)K7poVFBbGKT
z*X$6px@mH>VwvEbK8>$buu^A}JY&<W5@V#Q@D@wM`9yDGB8i<}l0wzha-XEXGq?S)
z<zdK(p6~j}Qs@^|Q~ZrlgI#!=&azY&NFgEacBzfFpL7-4_V}O%Df6PHv~<;@8}9R)
zDmDXs-djF^Hcatj{609Pu)OQ@r1+kC2qnf!uT=>E3~9UtLY!G`KvyM6HDVKpRgO>o
zldb}Uy>`7mg_B!yM_=8h&=z<J@AnESK*d~)5UlXs`!-{Z@UGe?EC)!lx%Ft%>}UmP
zn4~BQh~u><&jReKkfClhPxXM#wFy@s=HJSx-}NXi%ZtlM=B#3Kt}nk##$4zhKGFxc
za$nX<1{eAG371zluXKT0#N~6)dZzrDNS&v}h%GPsjVq%aAk0omrk=-bLdL@CoIkQX
zZ~kdrnB;<4xewZ+kS7+(m+mvNmfF_?)ZT<YI0QVgmkvZHJd`4Bw-taK`~!ga|6WY`
zcMkqNm8YpYlm@n5t!Ng3!o4H}jFE9t;#G?)zVnuJezS6j)NY(I{)FfV#(JH5K4sb0
zx|0cC@);^X<lJlq6Eq@hJoI=l1)bc12^VgjICS_hdLJGD(AQ=il3Qx?jSEFhwCX#b
zgaNB`o}t?wZr9^!$}^Q6PcfjryhF?-mGjjuqkKE*sr1)V0lL?p9mspqn7GZghA`dk
z*EV6JaKaZCT68f!;Q01lQFuX>?gJIfC<IKEyFS3~ESNl^^qGd923DhIo06|#t4H4o
zq`1VqF>1xxocu#Q)~|;7%YBw>MV<pbjcww+Ze?B}zq+%?iVq5Dh1QbuH(#q_jZKo2
zv*#^E7@zG;i_{P3W{O~E%CSz=d1RUG-PRTQNYkD$5RX9f{}a9gN%24N9YChR=soj%
z@Ev@ya|JPuTe4M|oAFb=QC+tHFc6%!MuZomu0}!`GwaQeYFtFEfk(^EnFPOK&n-Qs
z>l@dir0_Ns_97%76@lE_dU3<x6Ag6tRCZawG6SdcMpWZ5%$SWHm;UM4+Al?Q3#l$2
z_{>IXyl}4yG{qN7;ha^2u`~&~ky`-o?1{#4LvQ<q_u(`**PlIk@?>SBFhH{Q=skD&
zxRJERGmMu%Ia!iJm~P#bHPYnuVOy=Uqs#3ta*ODwsKUhGzYS2aVa*Xt6?5G>JJ*2+
zC7GPLJBaD*B4Vh?9`~qsuIEZ&dO6gGByzB}BYRM2*@({t@JU2`3pNIBh-M6G4g~j`
ze*0k1=$g95R$FQ&4zOau*Gd+$Fb>3IV0Wi3(rjdZZ!2usf2$go_vSvGlqgnc){jqV
zV_MJ6pMk~N{!L_5R93cvT}Z^1&%)Psux3E3(9y3AWI$nU2#}*md<ggwJTHa6-IfC+
z{Q2)Be4VAi#x(CSG4ah;ja{$Xo6E2NAi!2+Tn$#9LpI1J1oxWu6xQ$I*Qsl_LR9=V
znwN%`{VSG)9jY#%^vz4XP2^^T=}P$(k**6Lo&(-K!O}0yZ_^e^i)!>*jWB)QJN~4L
zMr0_)KX+Z9;jsrahV=YS!p`=yFF690?@*XL%Gwd?;)(fniXH7}Z(Th1ejc)bY9v0{
z+?4THFC!4Db&;qcz2ychl4l9}X>Y=pz&lmpKz(7@wX5P_{LSu1ajg>5muv&GF=kX?
zsc&tXR$-1+qx^x|iYSHG@-HW8uclsOMxCo(s+tehukm^tDo9p<6dqVyM{CkiQP--w
zWf#<Z{ebU?<p5IN^-j=NS}$S?dVB5A^9<>HrFI*x8GYsWo8dd$f#D|r_F1No=%VV~
zb*Ujfm*G|V*RvKsp38_~oCPR;g6*s3B<s|qVK;A60VS!mq>ig)NZAk<H+)Rpc}=*^
zVxsG3v1}Z5;$9v~$1F;6vp;;PYTPZ4-J+hsouwh?{cF3&{pPJSWTjqQXKNGO5&AD}
z<khngjeI7TTAc7-3s-BvAIqJQtwv^R#R;|fINVDzW=vt%qc92Kn*ke0(@z$CIL2JK
zW!}QH-(GP?>rU!D--2NjDGLhH_SpwuJxKCMX;J1$@3R;$5~G)4bbYCc0x}Xhyk7F6
zBY$|^M==|tel<|<*trCK<mam#B$0YEmw*^e7of=K;}N$Ci7vX--|p#;=Vk6t;29fo
zgdfbw+%YhEchAUAwtEdKDVxxSVM=ilMiq21WhT^o;Z_Hu6O>SO?>Qp&_<_t+w&<|;
zJPMa9I^T<;w(l#T@ff<Nh;Lrg48ZFcWuM#OzPfZPTWl8mZ2*M^p8oAJ9o&#|<JS~H
z)Op&M$@99Yz@cFPolyZ$l7%YKmg9{fP6n8J+Jsd7w@EuMGquaDpWjpPT+iTKbYE=@
z(l>B-@#wU)sMeD;S<1`x(IaDKpA{cjjk-IRn=Q;<(wDBM4n=9Eu@f%%?X9I1de}2H
zywl*^>2Ix~6?2>GBW4`S4N|_^aW!8mslcaXSgdHgz9Eg`_W|-|r~G#(Ijv25H|zAX
zfIu<41$aE6g?<8fHg#4Pu&F63>PtY02SrEWpS;K4kK6#kt)Sa;)aZ+u(lhee$?$5v
z{>~3!oV#O(X~25hFX|I3s=vnAh1zgOXxOii9$VBhJ-LzKnzEM;jzn!{>#(j*U2;0i
z;R!RUFs~SPk5Iqpys@+HnznPxbJ5-uyPn|6Zcv_sYCMaPZ`%toG4R9#k<FmXz7a)+
zc^Q5_pn5Bp@fiMP9$FMS43{7#+R+$?iTMpnJ^2VXY+Kfw&Rn*|YwUhEF|YGHb2Y?m
zD{`NOqWbP_4p>)QXc=@eO_9hRl+06(ZOvi<D7UoMO&~>)g`3fox6~9Je-IUh?pP1!
zP3?DaOPZENqDzAvfWjY~{|1Xmv6z4A#wkA_Q7*oeXr%tCBR+r9elcP_2|aTiX|?V;
z)Ru+LEDgSBEW%T#ktU82?OtXrjJmOqZA?HYWkYdS>z4hNeFm~wmIOp~*_lzvxN|E#
z5sm=!=C)`jBy{vWF}CJ9`^Q5;5*#cn;*QuoCsyXplE;X?-u|<d2AQRPp10VE6~!|@
zihhYa%Y4{|4wL?c|HIo`hh>$;ZKHsIfFg*ZlyoSKl(dL+DIwAb(xtT2LkI}cAl=<4
zDUE<A-CZKx`Oxs3wHY1f%sAIK=X&4o{4>`zGqBlvt@Z2szSmFSSdtaW(P?_+Rr>W@
zj})vs*R5_JbSnomAAj+FkOa+>rd^EZM5{(=vE#`clIpt0D(}W?wGNIYn)hv(Yf6g2
zpOv791G-mR@At+dyrH%-<Gzd+Yo$Zz1I9fr`Bxrc$2@T#aL_Y`2QF_K$tmTEX|n<|
z_);P$&lOB$Da5Z`?Ix&RnO5O(wF3y#3yH54;Bxh(Dj{Wk*k#XUAYHP~>+<oCSKqDZ
zW7|Ex&uO|_oU)&S?{tym#eKD>m3=PHkF(thna2uT&Icu~DJ|XIkIESKp+@Zk2={#3
zUjHIw)h0igLcf@JG6wDt*yA+UW=~-B9mB|i+QiWEwfM8J2`-EA;TQ1mRqJ20Sz3Bf
z8Thu!77PLI4S(W4b4S`@H+z~yIr;QA%xZU%@YzR*?()JVGavra#yo|%0d=C~U8m3^
zEPp-XXDR_6@g#fr2%8uGfvqubwrOfgHH6lRH4$}Q6d{u`6_GLEn*^=Ib8de)6+nbp
zjpuR!*vBV!-9HhUGHMrS?<{~>ros=JPnbf|z<^uAVY^{QWUjz$ut)=d$i>|tyG2MS
zY5F9~z|YUd6=0++?mnjIWpUkl`)sttShlO@PlEd{^yOM;bYE7Wnn?U7MCY;&;3i-~
z@UAe;`<&V~oRs+MtG1v_ZuD4g9aiS7S&tn0lluD@IM~O!CR0$2jQI88S?K-+hRw>s
z=b(C>yO+kDcRGyOCbb?AXzuNo^vOvVlCVeTJ6Qhl#pI6)Kyup(FKk_ee9b@UeeT(m
zth~H2H#z}q!8+EYvV<KPgEc^t{0L^v(E{SGKe=ZvR{{RJ^vr@3qVb*%n3Q^-Ub(zD
z(%fNcx*BrAH2Erit#M`<NDo}+zxnHZf7bLFDfP-Kn)uLU&>O0~HLN>0r;k<&aR3wq
z6BIz_c%)tgz#l|RGOLvs(c^6;fD;Mvf0L*|H!K`g`@=J6HF5vBnm@i3T7D&Q;9Ccx
z-`<5dmO3u~n?DOiLjR-Z3b>81h5|xMt@Dq{@UPrvsT*J(@H-NWs!-gjE_vS54?lXm
ze<haxD|hp^KyJwG?Y09T(5Kxbz!Yx$gnjuk2mj!O!VbIT-}je45V2CIA{V#+f8Z<v
zkdkDB!ha{Yn4kCbME*t)$-w|4HhT8Q>o37+`jdGKptTxkEmVJl)n@sF<d&WtKb;f<
zSoO)zljn#OriJDUz^VU@iuV^t=$}>$8j;GV0EYW6`u6@k0BhX)No@d_Fr^DnqW9mP
ztu6pH?Zp4i7AJHE%wV6{@1@TmSbqk@r!c!vS&~0e&DBR!L20qGVn#-)A`XFtD}I87
z0YVh4?Q1Z`|LZw;2hm&fGgA6500LapPkIZ$n-F69DX9Dzw$6>|kAM6N!R0RymA{Cg
zJi>?Ys`|980#`s_gdhdy{82!)0ccgizw-k{f!|V&_O%KE`VTs=9|j05FIcaCa(h6y
z`N#4C9*pFi>2J@_Z;7woNVFp@e)w(w8D3w822mX@|D6m&2`t1!vziOS_WLM7*nV?z
zp8qYT5jCgI6Gr%drAGc`5cpT;_IvInSTA4~dVjZz*N|PXVW*P;{h&{ZKk?}hEh+xL
zQ_B98@&uSP|D-&f2e|)8zWX<R&=1P?SBSEG529?pM-Qz`_;*ZyCA@J7=Pnow{5O^v
zAlnbpA<IZmM&UC={Aa#Bcv)~_{)hA_;NkHNl27y?7WS22xz*2x{$DK)nt=Uxm4n|Y
zBK$cl874*LG9M-3vYaF-GaCs#;U)qaZ=SBT<rXzU!->ah)2A=|&(B!RrN!Rj(wMVc
zFOZLVE%m{tc3JhB{aLN&{U<N#-~inEN03Wk(G||RL1<8EI_)ellLHLtWOTrP`1%4v
z=IMQkHqdJ(ARGxlGlZ4VRqJWJf&3IJ4eIsI_83m~Q_H>85#xL8G?Vu%@!Z!mAgP&_
zQd1GAwL0aCGPs(NX#O`k*~V;J#JS*s!9?YBQsMyEHT)Af0-(54d3E^xGrevYmR8Z2
zKcOD1r$7I!GP}-ZFk|2W)8VJ}S(r`n@%M9iv-(-w?z-c$<+`4H&~48T9j{hJ7!S-w
zcynj78my1=EWxnlH-TrQrvZ7Jl&rY%MbIc={fjPu9;XhVsDaVbZT0&?<)AplSsAjF
zI76=C6d>`UFJ5TJDmLuEDmLiC>TA~)Y85nSJ{OP4DyuiLidp`;DM3Igc{X-WK}ge9
z4R5k5mYcghQ78zhZdCDWkL+Wx*)l!8+?KIO&2F=&-2gA>@CVr$_*alF0)jo37Jz4I
zs<nxVr&{m9ab`e+oBO2EK~G_2E}`eR(WParvIm!oHn~H>3f6W?L5<UAuC|THq+^&c
zpn)UJQzLhtq&*Y1f=!pqzO-sPCn2$NqU~-p1`zx7C24bhF3GlQ_dwg}BR4R~*(|u4
zl>xRohlfR!3?Dd;?>~bo!8xTLz_eSh5y+j<SJ<t&z-hi0hbc4fEOg0s4kRiIWmSdN
z&+T=nH^xxwt46+NsxjLMgBh_%_D07W^f#nX2mc`+7Zrm-)#4XryTV0n+bpJl6hF#)
z?<4sl%x4(nd(IF&@^|EK5EB6T`%z$h&3=I_Vk@_&^t&j`-5;?z;1@w0+C7&ctL}6~
zQ>}*2i><07&r2YTRgA#^JP~YdMuHnarPTW~=<bTU-LfNKIO2hGIDGl{gb`5Cptb*i
zLht9$C1ARO7#`3jxycw6N&4C&(v&N}dnNQ6jp~8I*9<RK=`eDGjp!DAX-r)#HbYz}
zXEj0DpC}j949TA9B}2QxOd`Xgr&&5P>wp_Y56y?@*(c6i@ajwUmyV0U>Y{I+%cT5~
zEW3Y4wOK!%u%C*(A>1$Y0<I!9VNxZCsaZfmh#h+gOKY_%A>=j7aeK^-J*fr)(BA`v
zTQ*&iGOJpAwmQB$8PO<3z9<)*8hl+i3pmjK6iWEBx9xYedmx}>TQrs#IR`duQpKXW
zyuCo}P@&kSP5+)rF5(kOFe=-ntgDLdBj0eLzw;e!*T(~!m@DIgDUH8hLoonYemGZj
zP>bT{;INa@>CnJbq{yDAF7rK?NBS40^!Cke<-qlt{aPFH0Y^fTxWvgiHdXj`=Cs3U
z%1Kaa?A0qV0!*u)Ork8lF1`gWM25({)O0Al^x3Yr-S9JH70DP5_BP@XEueu=T+^;p
z`$ZBdtkAM=(mc4gpThW$#r&g0bazH8V$d!^ys4qY)GCk#@CD1ZP$UBc^_w3D(Gg`t
zi1a<4!E%St#zzgP(pb@c*8^1=n18Px?z^Jo99j)&?x$UN-WVxlMuN>vr@}KzT6U2}
zMUwaV6^iyfRuvM6ebjB~ZiZ28)bqfkVV5}Sl%o3qC`*`hGM=&nbGr6ZhT=~e-dFMa
zDtv0i^945V)b>hJ+qnF_$I8serlrG2UO6(6@J8a&I=(nx2O4(=-q2-fM%AJ>xm2?0
zEekafw4kW%U1Z>71&{9grL6$uzp`Tb1Q{a!;Itmyes9nbzx0l}2+h7c^Bqfs$2-<1
zuOSppegD-rUaxHDYJoPTd^~q2pXmRg;JS}MvmxvPrkfTS6^M8=L26R#PbVxJwe|X3
zVlJv0WeevL<PflS0yU%cw`<iW2~p;-K<=i2$nlp0EohlvM8_YD%p(R?etx|5>Ya6)
zOf2o)p$2;GwX8Awu7QwB{8S+*hVXze)|*{wpJ54<)sk7A_VQY`njLOpC_Ms8iys$`
zcf}VZoHqa1GZ>mh9Y7kq+KHG|=)2SaoLqxT>b_56{#5Uju+-$(%)Bhlr3{({_M-Eo
zTIP=X@wz(MU_lK__62r<)sntI#pRkEgR8d{plFpta@E_r`AIBP{!S~0wfqYWoy|?P
z+(NJDt^4~fL6A5w8jB>UxI2`-S>@TT8+lJNUNLv3Wv`h%#F8M0OUh&Km>%fsDGa6N
zx5da4{K9K0wb`iHu}~DDYF5#(V5~+FCCZMMhu;wNEHM5m!n7FV=DKcC1K)dZyK+jw
z+)?Y=H~8Mfp+x9{k{Qdz&V(C#F(U^<QGT~5eE_`#(6Bu3^AD6gA;thDx8mY#;W`fq
zdeuW61&EoWAaD7_G7u?4FXzk#G_=cA{`f;G!rK6HlOzN=G-lO^8fF1HEoA>2H5%0x
z*2DZ2H|qL77*I242gM0dQNMlm!`nu=nZ)0D16g*Q1s}|>#%Yon<q-T4TG-6mGgMGU
z7`FU?#s8`4(M^V&?@D-Ug2-<C<!z8HFr4T==g<%+Diz`@T-1u_%JFhBl+9i2dHM7_
zU3rD+@9+N_$R+a0#6FQ$`83OU<ycfF2OKkloKEMNV_G-k-LI!1pu39vhoI3PMRAh7
zJ8)m#fE!uvI%1sfdib*Fh$g#^FPnQ{+J!P#hZat<GY@&XCnz6ow0C!3c?R->{K_7n
z=ynYk0M1dnX{V(jj+@dyPTB?vXw#`c*^g2V*|GQ{r{r4XKv>D%+ksJ*Y_wwTQXR%i
z03d+mF3Ez6IAAp$Y<~`4NRdRizVgJleg{}FWoa(o4PeE8ArC`{7r?z;lm(>7o)=^0
zroEJ}tJZm+_-}^Vsy9@o5o{<8&(nz#APfXm9>!o<cQ`!+$EXP9Xn&rme4Ny#YNu1W
zVRtDmGzLB`2xi%!uD)5*vZDrdID7xG1F`q3cX#6|iW^gsy`~Fht5dZLr+UZa%8ONm
zOeS~VODs@*_-Q0n>$P-d<E$hfso~)<c9Ukv=TYD&ascG*yr7nKn3LRC*3*g==$HGA
zOv9frmKw|^2H~c@paKawfl4kOwCp}}z*aTWs7s!7X$It>!BtiGm&tf|3x4GHuEUa9
zmO$(I&V2hZz``01*NCRHC=T1%&Xl*Td7y8qaL=Lf2>!t-D%xLwoyXgvOuyxh#4%ka
zrSdbyXJ74WcjBkPYz&9xRf}}PC9O@5+FOH5nTe#60I!&Fd_2bjBP0bq_I>lI)8U>w
znQ?efPs~OI!c#m2AQK@wzU(~+(e4G2EAs&DB+jN+a{3vL)6==hsTtD!kDGv)$_6|$
zwT26Pz=fw4q6|Pp6Rpa^;x0kH>Uqw>r8d_QOq4B-w2>Bs-6EEo83+|*Am;3TdFeED
z32Z$(L7h%1@gP9#LoqtaE|lM=z6sT$_OOiO@(2yjsgc_DkgtWjP~~20ZsSFHn7zwp
zolEoM>1deHo@n-@(fY~Q7M-`P>4voW0uD3A2EQfa^+%0CwTCsE0hekuV4q(i93R}<
zOvcF;DzhJ?R<Y!r>9EY@7TUJFg2N)XJ_r92Kc3xdECIFsL9_navQIwCdoUWdKYht!
z4*<yrFTgNAv#R^%tPg)$sVU2h%x>wC!YP0~^Sd1W1U&k#=e!@vS1qR10E*8o#+S>f
zwI^@*fX+DQDj=Oa18~g>lExl!vRe@CG5vVbWq+bEfO~S7qf^s9JEKp+kx^FuMt9Oa
z0^)vDlx%p+_U@S;-~A3zMK)Irh4>~SQKGnOw*p*7Sonl>Y*q$em|78qp5>e+U0l12
z0Wc|&z;C*EjCa~Y15ea{3_NL>-y8SMC*|I6k77G_@z3-W_UFE*ok??#J;%`5bq$hP
zu5XuI{uEwQvu17yxFJn5-BQ7>`Bvm^zBx4$lc4E(PQ9&+S*$&7_Gnrq#pj2xVe$wk
z0BR3$$yqoKdeyGiQ0NNJJ#yWx3mTal#`1)kn}US{#&#|Cr(Qgh6mBh7BQ+N&UmUO5
zzwU@Fr_L?Ak*RW_T_4xZum1Wqh}{yqdBZXiDFaPLs{>?-&0FVL;*Z3}_fnp`+^x!m
zgwmxsZd<Hgrr2`tDNB+y6Q3{|w^xgC#?OWb0~YA)(RwmFb5#nj1i?;b8rRCFNE7x-
zGSN=w>L%_yowzKG)EDr?S{scBnvC6BE9oOj=*Ob*dd@3gG}ro$g1EIB5WR2=6J8la
zaa(FNn$jM9YtufnasczN#9ECn+laF%gz4}*xdDiW5m$D#o}+sc$vpxEaJwzLvn3!6
zZ=u{VIbZWblmy`VUP3%e=AQ6HNN|MXmx9g@;U!w;7aKLEVQP59%bzbI?%pLTAYH0H
zdn=Z}h}^!dTKaw?&!pddq)1=7+n5>*^81?ThF;Mi`+N32>jTDmO>3_x(hDMGFENmU
zDV?`{^~^2f%_0Ch^{z3(_e(f#q7w`$BXi#T1aZbOJw5fjFo=2OzkNDNo9_Ye%P^L=
z0W&5lYSGr<pk_GHxJ4r|vn;)>hnQbBLR)1+@q*Ks@)+VIFCQ)rovm&)>Fz>#&e{HZ
zA)!pW%cNAS10W-1A21k))uFQ1N?YVZx&1cSHAkdk*L(RHHM*aNw@oZzpn-RP0p$Zy
zAr?*!(zHHtsI-D*bPRHPXP@bGcf|mP4sYV8bw?loynyet0`pAR@;7|F;k>|S+;`4_
z0xbA|s=JbzLD_G%Ifpd*_6KCPhF9~SG@X2borsUhAnDmUXoS0=gh9g^l2@}K(<yJ6
zmyL%%vgGr(F}M-RVb!g`aPBmX^(k%Xq7s27XJ0*=J{i=yhySegz#IR}V1RZB(3P-Z
z!0mEUIlVdHe)!7jaH+IKKdWkl7Dx+!n!Vc}B+D$WxtH+{oBnRjlqWQ5s@cpEV9qb<
ze&-L|pwR0&U>(NElK|aBoh2rbn|pBt$zaN5A6w{nq^mcEvJN058zAX{D+0USn+-Q>
z-!Dli@aBu5c`UR?hZVe!iq)uC_9nKFP_Z*2qc6+ZN<8Y%M9)7kDm5Q|PjUJHnlaKE
z$qZcTiK=YqfH+Yv-)@@NcFVhNhwakyIc^+HT@1)X?B3i~EjB16;x$)!tXFY*wqGaj
z83IWZxU3Z?!1HF6_!0e{_BAV-)3agna@q*McHt*+J(xEC@>MX~ktybyIpE$HHUOkm
z?{2MMzboL1$!-MgBS-;iDpULUz{aR)AvOdRISNe;<jv6{lMuC64pu>ns{@#~^ezZm
zP%z{c@>a!0^>Y;d^_Fdj8Yv_m69n-vTOxZ#mRze5_G9Md={s3$yOo|-cyDJ-c7WOK
z_<NhBUhqkFd^j~XrUx93+Kne|tB+ROM6}n*c9Sl?vSgE)HCzRpcZrXH%GC&AY5^>?
zFiE$Umq~^pX*RX%aC@$8W#$xckuiAlW%QPE9`n*dT>j%aBKga5j+oDmJ_PaF#q#AK
zQV;_E@a|EYxjSH34W-w&9>{K6Kuw?bzlPO+q*FTIQOapmaEWA@XGjX&c4v;cd_vZ@
zBPFe|dh^_I6F!nBG7Q<UivXOcArM2q)fdSRFc31P_0P2nm9YVdUak^_YAm6quuXOa
z@AIA%{|M52uJ);kTGwo^G)qS<M-6QFnNPYlmhHRvkJ+26K=nOB@MKY3h{)T=r*TDV
zzw*GQaSfuZC4E@Ua69KdA9+m)W`3|ae35^nXI>LcQajF;=usJlxt$Q!v+E`f!k*)R
zpRn%*@!Llt`!{j}+cE{=*-6s34Y^&|0!7VBD<9gbtY#>B*o?eDlggP$Jyev9LUc_=
z*H46o!z=164G0XX8o629-HJNwz93UQzL0v?BZ=U%7b;5DZ9hi8#U#d1jEATXQV7WX
zDE%&BGV7qCprqhlk9<Q+J$~t?{!IcMod`bbjnxc<i%XZvLi~RJQs07&ef$PL{CL8t
zGrM3eKeO_9<;Z?O9pbO&0s?e_0&H=uW;G0nJhLL3b*62nZccnYoyEoY+AYkhc%`EU
zQ5DNMxwLIbyQhR*4q|XWmFfnSp_7RGQS&=^J7=@<XKB$_!;dOIJeY;e;~+M1ViS9q
zB{YvIOv(qMkK<Glx6eikPt|5vN8$)stOF!9dUzO<WgAp0Q=>=jP{^S~7KFU1iy*CC
zlC{jSxmDowRP4Sg?MBMD8C}{;;8;PYpi`-|(9Ke>UEE;?)GH+X{dpS0BRpk!U3^~U
zP8Oq+x0wYBHq3hu_)kayq_Vw!wI&!(nJj(lC2c*)4zl6^yUvqh8q?=EFL8&dQOeLt
z%O?BDO3F1|^h%>HP1av*7peW=_?3z@=JP=unXA}}c@`N$Pe{q7C33>l;MJ)2k(W^I
z%JtGVu6}xrw?U-Uh0e%gmS14U<uIoPky;66fQ+5bugy47556$PU3b{AS9~ag7Pag4
znpA+GW*XZv>Y?dUyQ$VrOv{E6xH@7`TWMd#`Ll`=Y=;}Bc#GfRg_Q(5J;$5!q>~tP
zT~9mgyJQFT7oR{8lS<6!h8R&b64gr)c6P?wb(48*!XKJ0U$d~$D8{Z1PEi#obXhZv
zT`iLiL8Td>n*QwZFhR*C_yr}hC`t!JlrcaLPJg#aAuR5pc%Ay8^XU-G1z^Bbl-QZ+
zS0v>f6~gm<6^R)o$PXqrPABILsUI3W2{s_pbUmC4Kze>yjYCl?>uN-em)*s2NnDu!
z`9gMP!f1O!&r2_9=8Ck?;ZW~#kion&n0(qTgV({|+s@Rn`~I#iKb}tIo=Cq%F~vT>
z3kq5-^AEyx^Llsq1g0V?nq}N1&3j+D0@}1nq0_`ljM2+it%?b~2bc=43zRz?t_ta~
z6j&`*(_b9V77&4LP^Q_m6w6fYj%U~T9Pxd9(%%+L&4Ox&`R#&1<Y!u#h#TR@{h#|?
zg(9<dA;VQV04M4V^-J8RarJaUuT;a9-qtRz&hIdlA{85LN(bNQfGyYd<t)^#iiVk4
z!urUREKlO6Vo$VorB#r{;LeKEC^EbU1K-q8-lF&3;Lzz)Ai757x^EA&FVYL_bwF-D
zzS~2t)Rw@Q=BdC^FX7PB>w9{<&)vdl`ps9~`TKLs9(&lny-K0uKyF@^RPjC6^##|0
z!+hiu%hN$iS*Bu#!!~WL({DIu->6;G%Fob^3~w_b9(R9(X96ZZ9lNvAKEUe58I)7p
zirl0U{)%1*(cz}rhr8K)xxQN+k4<R_#U_=MX_lBdt*B3pHc2Zz;`J3PQYpT{c+x0z
zA_5Nv*|X|d`n@%oG)ERtiZ9=UZQYE0zT_VUK%=>Y8gHW`mS#OZ8WWqMVRv#8H%yXr
zUZVuKm}4cbTuBW^ZMDR+W~uAJI+?d(Abp&cZ3Z6Vh@_NsNi3<<DJ*(<bB<)$?_mb0
z#t}gc0Cm?LcL7qVm^|4-kr{G*^lWEzLTT|#+WvJY)Ay{MuO1Ot#$3@&obiQNZCZNS
zNK{X@iJwcym5fWEJR+igA-Sj!JY$ZD(_Gt85gMVqy)TOTPPDh6sN-y7n!YWA5yOlU
z*}2|Kw{WVm1B12Ppx4y@rb0?<3WuPDirc4)GEKqvFl=bPk=?th)0%*6-Q_fCeHU!r
zwlJWd<yQ)7j;81fZ1?H**(xH7N!!-0RMoCLIjlR3t$X#|jO!Ls28us=#P)HDusP8z
z&cin5>(t#6xC-5Q7>AA@lH3huXC4&un{i3e*MGe-=BRq%>A)?t!$dX&9Uhz6Bc>1u
zSF7uSdmn;0Yb~5zF)_Ow2a98jd~f5)w5z<KoC2^)Zgz)V0sPn0uZ`z}OVv{%B4Drh
zN_VA}N-j%XaW+KrC0;f}dzT-5cN<&xSpsg4nA>Aj6HnBzuU&5qu#7YO9#qE3NQaVw
z9EW?W)<yRDY2ukH06vZc49}uP6`Up&0W$Woybz7tXghs};A67(OXo{`Eq=jjo{>Uo
zS{$}3P7IUJmc4Tfv6lzrPnzV@e1?vkh@Yj)#?+D@)cLp!h*aPXUq?9rQjH0n<=2pD
zyA0>VA&bHV9`qWrw`MTq>n7nOc6Y%Da$~W!TN^fJVjYZ)g3gN@bUyPPZah1y#W{U)
zLS?QFp?40gMAn>l$%Kx!BxQyOSsi_}xACZJ@`tQ$c`1z>QI5lw$ThzE99l@C5!C1h
zIj0-#c{2rsu<Kys;VU3Fv&a`MbBa7@@MB^xa;iYDvl7fn8exDiFidUz3s4o@aydrH
ztw-ikhr?qD(d6uQI8KK~kN;J)j*LSu?E|l7ikz2y{`egpZywNVjO4wxLH9Cf9QG$-
z!gO5KBOAM(Izr3kBz6_Yb<>lW?DlBBXj>%XSJIB{SK#!IwGVzc*j223-fz#<NUbKt
zDgQ>|*mdx7R7vMzRVOx6ANY$XF0dA9t=^`EBVpax&MGB0$*w8UV`2PGQ+qw7?ZmhT
zrXxWf1|KEdilccYi?R!|12hZSuIcoaWxo5m(b;v<-o^1)4JF<54)!(;wY#G5!Y~5>
z=k9Kf!n!aSEA(8rHTLNv$l<cl+uQ+2>^fZeUuO0w>zgzj-<J9Sd78&WWZYMEVl;y{
zk;7(M*f1C$AkkG<l}On)<lfSl?N=6N7o|pN$I9*wWu}mvF~nqD!n@2Q|6u|)iose$
zhlixKn{tzrk7UVVx$9wFAFH&Rq#?Eg8I$o@zZer|?_PQK`_POIm!YH~^tvL+&PSi8
zJbW2z$pT3QcvV|dEA>6mOdIo}#ijNE<Lh*w@NBt|OSNQ2VV2b)0r%<_H}SknYi0+K
zd1x^>j5tZU9Tl9uv9y|{A@mTX{qAW}<wB{tac}U^<)hAxlg?!zTx9Eb@1)kx)GPsM
zr+PualCoa3c$h<EWgX6}fMvdBfmhfA3+cxDj6Fgfw|PY}wvx*WNl=F?J#%O6p<Bz2
z>fvLSw1@Z)jh)8}kUW9Mr+A6GDCK6JW#96y2-|k~J?8|PWT3tIqrCLHL|;3w@Z`*v
zJbW>w_#%+>iiMtgMqo(RziD7ZZbmO{1#qFE_VF$8P9yULI;N?fCoM}wgmWq<)k&W!
z<9ekohulsf#I#B<6%I7xZ2R)|PPRk(2xD1(sX><!PZUX>Nif-(MQZ%ZlEyHP{bODD
zvULLPhc`%6P9?LV(y7$J!|mxMwMuTrV>ls5#WF%A#`Y$~wVA~Q)XycmV{Sfq89<n-
z%C3W}69|7m|M9ligAcwLJ4e|;Gu)G3x%ypRq_=m_)?be5ScjPkp!kOnEcRWx^SBfo
zhH{4bZx?8FB}h;!@eWQF3bV?u)z;c^R4N{O-1~4eM#Zg?Sg{o0<+mf}K(@;?_0(mB
zDu{_YTDiN}b<sHAUf8igF;PR)W`iYOSt(sJSZj0FP(ILJ)5B(PYiuAgG0#h4##<Fd
zrm~v0++Tdqv}zU-YLOM;*esnB(!*qxcUe}Xt7WDpmw4(27LpbppE{=<?=kpylE>Z5
zcYUth%2BA}*m=!h*+)Ee(A=E;;d|-Y9zbV4O_x?LiIZ$IW*iRWQ`_E7#&P+YLY!Hr
zW<pt2nhyukRUAASEITK)X}&5n^=WfY4~vcq>}yPS6ffv{0sAkaw#Lof>5s7E#0*1F
zA{#`zKI+M?S?c|mHkw@+<4!H!h$XanL5TIGKmWV0r%yj~dLzvw8Mww^q*CkovE*pO
zF2eU8LH`IwLdIZ}M<QcwV;{dnLtcM*{H>ORZ%$C}!AD={OkqH0O6D6tix(JPC&_l9
ziF;xx>?8&Mv|?ExXme_S#k!F2QB(7UZUqP<yJZ5~<sdCofuzq2_p0Jn&gL!846OMz
zO*kTeI$2Q3rO*Zjtu4Q0(9m+;nLuz$yB*eU9M`tm4fX_zF4^@P6Iz8cOx?no&lC%M
zWd4O}O^|wu#=H@dT#+}(O(W^Z{(!!>&7L~7w2Fzzq}EE6$TrF(dBv1-Y&H^T>@bwF
zVNY(nCArLSn#T&f*XJBnK^=u;VRp`vYr!N0ZLbO*I2NR%`19aBA@UVl3RLwg#>Hf9
z+x2XXAF{|D6IA@tHMNO7)xB!*{ELB0#@f1L07ZR!3h|dVm0mK$78!RN+RXLFCN1lZ
z(g9_aTLp+K2^t6ie%kL>6xmDf>uliNd$IXQ*-}gW*qhHz_E7V1)zVms+)p}a#VM9U
z5U1`7fFH86IsvO45C>NK5DMR~q3}%$0IK3S429K|TJ$d!PA_inF86UyD%312c3gT_
zu3}I>ew;Rw!x#U)=F!-(1ivXdIFe#;llzJ5fqG>|D>Gvg>vns^Qjrb*H1!gUMfs7k
z1knUh&L0S={iNbITaB~hBI&=<1w=d*6|QRLKOXsFAku<dfNqaf_FQ60F|+9?{*rEi
zDrt;rn1x9E`XKcuagVnK{);<Y<rT7uJ`q=qeJBnOAGw-a<`Z(3J#1YzpV|N13mG{G
z*pfWrwHgW(l=wO&PGLNcA~w_X1m8r*39g*%w!HvpaIBpZ-|l!Y??im*v2u(h{ty9*
zjFgQ_t@g{$$^#)(;ww%IwT`|sEh~EWA|52^fH-{Tqcu7QHnPF};ha`r=<vT8IuKVP
z&h2tp-+?D>9yo3~_$)6nA(U!%Vq$O5TNGlj;@pEDET@^*<PvhX<LNwCt_)uQLTXm<
z-pJaLZOiZyw4$;HPr7BUb=>>F3XY||2v^mEG9y#{F_RIqzP)yNr_sLEg>a;>PJ>4%
zYev?fBP-v#{1$z9bfD!VDy_l8?$KSJGCa50D$xg$L>%f5QG5+7jgECMZMRV(7-MXA
zpkz~4u)`umL`^*~wFFNW64l`-Gj0|oDsc)nd#@S3`c%D+B|<B42Q>;bW?TmnPe&3t
zRRvF`aa8s{ei7(h?XU+gbBQ`)6H+Hg-;t&Oi|bMphsj`6(F@V5vh%+d7TQzy4Nh${
zq=JrN2AS1bg!ZkD`=JM0uj%-oQCev_E~R&@l8#VT%_8yQ>tAP?;#PZN;OZMu(~PV0
z(Du~hP=s%%eQapx0CQysiP8JMJL)E~qE4p24jw2VyMGlF{?7I9FDW#IKuM;K`r|~G
zOui>y%q>+ma?qkoO(-(VhcBVDXP0hTNix-k<65D#zf;i~Iap*35pJU{xh&>s=6hW&
zgX*QQu&1^!u3@}^YQUYJS^&0#X{x}B-X*_vxs7Yh-v%giJRw6Id?9}P34P7LjQ4`r
z%cXCchctIJowq&*Af?~3ENN=_=%CGlhfW<V5&S4PDuqMsL8{)Ulo~sq*|FgWHHDb)
zD~_xu66L|Q;E>Rp6Ed=i)jnRgE3e`--c3Z`B^qus^e0)5VV{)rIC?u8$voW?(PXTh
zZcGz3d^aZ!H<=%gXqBX!nRnTmN3eFas4YkPC|%pcPc|~k_%Nhb;%lGP9iCj-azQyX
zf>Wl5uljLKyP2-bnK^vp(^s(Ho@=#87f)OQKBY0wuI*0o@`ueGA;gZX)2@13LP=_H
z{LPqmX{!8q8%;CZt}_5=|IBP<OTUl}m0-meepqrVxFm17(|)o>yFmWZ`|BwBc=Z=$
zqEGLZC}Xf*xVHa5O35X>`O6v>=#Kaj;9Ydr$B3fRViM-9(DK`LU$H0<v=VU=Vof~w
z`XwjPrE@(r*b?Bhb1WT)%k^b}BbZ$Gk6)(KuB;Mi;hQ=VA6U_LS;elzdezIGsG#|x
zizQk$!M?$1>$EPzv45u4(BNpXUcjPQQ`2D#{I{=VaY(5%kb01oF{UqSq^hv=v)K#t
zP?@0=%7#W@ew8URHl_v-4HJJ`M7N6X6|$J8eMfK)65q`dehKz_)r-j^^f9M*b6pt}
zQ@reiLLGF4i{B&w4i=Zt+)dhe3O(Z+r{V9nwj=ARmCO1^HW(=yutJ03Z^Zc<T;*J9
z4?8R^?4CM;@^5l=JDfE9&9etyBq^;!fv%Y-{=Ic8nj0o0IO?M%mtBTJbAWhh^@wWA
zC05?aQZj>5buizJD*ARy$<#0h5>gE-Q?1<Hfv8Y3ZH9&mQ9A?r1#GBM;j50$L%mc?
z!VSn9j=MLX6yP8m)aS`-!;SBt$Ryf$76G%M#*Dmk=v;+znO%p{yGdAw5M|zZGcC+g
zJ^q7r)$%27gd#k0h`H>tarBY&SEnh(z{1XZ7AJG!x@_`pkBK_o2g9y0VM?N*F<lBN
zyn6V+*DlMLsy?mi%hw@4=Yrc3_d_gkyyD0r3r|N2&C!>n7UJt$EjnKJbjonK4c+J(
zm6Tvt;J6?nZDeCMxJ`Jd)N@5Xrc_toD2e6qL;beLt9dVW7kipv{v=zYj8~)?h)Y(*
zPO3eHPGx&nF*~RqcbgG@*gez8V?<<+ux2JWn%IICgsIhSTSk80xGnvw$YNzC8G&c2
zxMXYo>FJMX8I5zzJJ3T4Z(QPqU8nmXxise_E;IX(2YXa=8S0<F1MREz@R)kU#?nkN
zgAE!0Ni4|tbqMGJTnppaOP3Y`9(dO|iALMtZG^T9Tm@FDJm9=M?gGTfCJ$yL$DCSd
zB01zj%#SxX6o*XBt|B)ZOr*hG!T&BWd^TR;3so(AoWyrzzw8fOJ!rsJc_JR9!TnOK
zt}^rvCQ7U<$XsG45QC1W1XOI@nV>E<Nj<NND+=sfG+BgsH%K2pZW2a9xrH%qqgVsq
zH544W%)6n)BGUWKx<_B)Rt^)bv}9Wls_2D>>V7F}F`S$2UR2_NN<_0JH|oKZGE`cv
zoo!-fu2@t~l`1(aAemmIn2dVcXyrLeOgn?fcuBuR!yBHij=3Iktu`mKq{2CFH8GmZ
z@-qJ09k9>%Dja;w#=b!YE)wIx)?>*Yqja%zD`IWgl!Cf+-bKn+;?2KJ4T|yPE5|lX
zS>{ia`HLP?(5u)<RQK8H6+ca}@w*lV<cU5!`+iE-(OMihG@Mt4D<pe=KLjwgiaXls
zK|7;(uTQC2=BqKoA(}g!8f3}v)pBL^0Hk7*6zkTV2U6kuQZqAlXaolJ4=?+A))%2N
z*PUD{W$`DDi4QKhywnKCOA~=Bq{(6&ucV7F^h*azVXECtRwck9+BD@tPQHwCG)8S$
zs5T$knbv*z+F@!)(r!qQbJ|voUa|G_il&=9;)6H(LvR(uR^Fqa#EREPki|QEH#gB1
zGc+SbQoHO<3K~@z;vY?wI6z#9pYsaOI=USYG={IUiF}QX`U*-L-g}=%YiCKC<Q6$D
zo3%4B#JP@~y$M&;Y<KGw<+B0{g`_b?MaA1pXAMP!0}afN=kQh=z4cHz^d9m(YEgL;
zaWh@_En9CM5zoSa6)BJO9v`_XuOJ1I`xb`L&HHQUMuOeV#jj&1-tS|O+;adEv*i_2
z?Y?_LE3A$bS3keH`@6R3FYCrfWv*H+hFb-yFPFRV1th+~(SljSlUK(0W;DI9MIv9W
z`;HBu(M7P&@w;So=lMZeq4AN6mpiP&R{G2c4n-@#m>_oU-sn|h%?M9(tGb@O4qEar
zlabo4qBWd{cD8#X_Ty#*C8Q_<xWLupJQ{j0fg0t`*YP9o;by8g8&H?{4vHK}64VHa
z7YCc1rPf2Hw0y!wH`@7DR9U&#dsJEJ`U~|*A9b(ZgvVpDT45ZAMpmcsZdC6?EGcY1
zKtjQFtG|p=cHvvCOXi?@bRsVmeh;qOeHD;uElF8e&Ot3ip`Q`I53~?p@1Izwq`dJ&
zLX99#T9GT(v8b3!G|5ci3&7p^FnY87lfd$&`IOQ9wh655)0Bc^Fi`5gca@XEz;~UR
z0hJuo6z$|MCTxd>_&PNon_F6P7HfZ8=tL6b0MB#7iK6+omYfFyntcW^*yTSA_D3Tt
z&(F<V(!5qjX}v0FT**bN@7dm?k1lJwbAohabv|kj6`_aUPhvveIkf@})B(Qa{4eV-
z&Bw%eF~T3X5wfQ5Hhr`MWla0jKN80$lHZCGYpN$R;2DnMk$ua?BbiD*rt;M=$2Hm9
zJl)-*b^F$>0psm@X*VSB4ekMyV6jW#R%49=m~<rCmclTf0296dulit+DX~+pS*?IS
z_|dZZN2|RL<+7j-Wgv(M%BW^0WvzXI5;532zK(Z#kN3VRq&W>p2dyg%_ogbtZ_V95
z-x4#F(JhH$?dxXQYpeYv?qIPgfcfe#uEke_#o15)xj1U)T|SV2<%L2dA5Bf`ju0{D
z5RBAKcQv;|38tnz>yP40)f!JPv7%x?j~?bnDcfD_SClW16FMCp{1_|lenUiu0Bkp*
zxAjsfRON~Mtn!SJy$M;bihn16Z-TOy<hb2JHxT$t-qH`Y(G#01Kk+evvOQjYxS)2G
zx+zjQkuLlqSbm*b7#cs4_e?FuJkN<?40l@^@b0#26$7Kd^{6FSOGB=Q0=S-xbJs%x
zTu%<>xI=1&2`sr6p2fsls+`#{MOsmD)GoV1(-3ESVh5k2qpHn2B1z_lzGCG*bn9{U
z6|&llUJG$BAs1Ui%)Pc{B_^hLKZqKITs$~Yes|`o&J*t<O=0jgR-)&95Nl1vro)9P
zDtf<r;6*>929nkkOcEWoX7t;Xzp;(MY;2FjPrQEp{4)YDhSy#19{RIesKnd!nh$+-
zl<}%R!qY)-KiZq1XA*Z)rRlh#|B8a96%TX*fm5g=7X?1_ej;i?&7Oqq+&dL+<uuB6
z-h<bl7Nipm(Sc4O3hwRL`}DQr>vqREigG*^W}Y9epg6rjsv=)Y?$k)RgTX3YzY;nC
z4ksbh%VL7s7vDkq;)ps}uqmT0L~8Pu??m7cKh<qwV72#0P|Zd{@?^A0!_7Gdg>^P?
z!MjZ^wdt#QAQfM(x$+7aE&f&TZhs!WBukVfnW%oYjp<lKwj%-#8X$E`iAP+?%7^7b
zuDM5{*Mf58_$+dj9q~X^1b$(XQs;{O0KGx&YJP1x=ZXjjs4IOcE^2;AeRLB^W-Mu_
zl0+911t%9`Z|FoJ&%D|qMiIFhEKeXXyi8QnVJ>G>w$-26@MW1P2T^-N*MdaShbMVZ
zy|d6OvT8tG_S(6*>g-^Qzi12qC9|gHlHwKnQcp5LZLSUeq|f@eP{o|C@{Et~OPTZ3
zWP+<;ALp{j^&y&ouEvcm49Jove^|01O8c~FAlJ=pAlQBlUz7xuoD~UqEs#2q)v;cA
zxO}6;F)~dtW+Mi5XPOvf!fJ2X;7w7&9<-I?H8(UnD>_~(3mkeu-UA7RSmN8}v}tZ`
zq2PFl1`9gJj@LvW*XF~dmd}tAX47QLp#T;*^E2O$MzWS=s#hvSZDf|XD*2t9l@Yl{
zzj{6fAVeL9-&sZhS=gre^4C#8Qx4Mb7PU7O^AWD$QHtf|IV?F~9TMILY~D2+QY41F
ziY^8~?Z7*3^zA8p0~TswV0c51-21+c2sF<T;hW?nMs7x4I)+l2BdEpyr}6s>-^ZzS
zoN)lR5pWJjyY)0~_|lPH)4hJ^<w)OdXv#KkT}oe^M?lpx*X|h8cFVM9?y_^Wf6rV$
zCgd<NP=>T&E<1SlVLsR8?oA&Uh-K7Z+-{KYcdJLg1}1>$_O87)s8OiRxZ2=M4G{iu
zra+1dIW!rRQJN*NU^(h%ugcyUG#ORN=hw&&?U3dNX{%nk>$B2jYEh7rTFMf=va%7w
zrid_WcnL?SN!jQ!mBlF);s}-o-pfC8tx|izlYK`0hx0SQ>)uIr4r#el-Qh4&fM7O4
zpU=)DRmZA|es08x+DZky$@bCn%WuJn&shJFG_WJ1ld)bE{!ab~9a*y+Pj^=b0ENmq
z#3Y?7)+Fhkl;;~Z#Xao`<mu$mVQ93<`@@YZV2(StF%7`sjFBtLge*h1YFvw6HNN~}
z&i$b7b)?cFOX;m)G<R7l5SL_Ewm#Niu(Cx?>O#@*I#>i+$UrH9fwoe;nEl!#g(#>y
z^S(2~A*vyF75?gE>x&Ac_*JSY^w4tX0X9yzV%7mN<RSGi7ArPxoaTN$j<u|<s9eg3
zjY-e9I<k<~z;5=Xo6O)noDGYC-S|R>O8$rx6dB<|bb3!;gXWO!&*o6cc}th-CGPEz
zdRguX4S?^m4Zx*hYt|m48TFUNg}(056=dHXJk8yWvho^prb*LedSu{$;z5&GY9smC
zDv0aeJ82PIp7|i-0`?2S7IOPdj66c*{E;DI*_w&)d#T*<m9=wx&D#4wbg$j(Jn#jg
zQWt%VY_qG8QD&#2DKd&kGmvS`Bmj?oDui<J3Te)ML4Hnryi34VWo;jBhjZZfUjCy=
z+Fur1+u=qJJim+^kMn_%OAp%xgKrjTyyv0md{548FdxbbIdcT!aghzat;2tmw!qZd
zFJ4BGf%*;S2L*bg^Pi`IOcS$)wH6x+j_yB#V<#$sov<GU9^}s<fA-_YlSrU8QYK4t
z2`aLI&e4xxcki0cFxnkxH-9|ykDqt90#D3{t0m~e1F6@N69r9<;Q8x=oa7<s&i(bl
zNGNmAd+@lhWzc}%>igv)pawko%Rk@XkC$nMBD&R)u8cHvjyL{(j{o?wpT83hIp4Y6
z&ruP;?aBO1U<}Xm3J<7=`T2v;3*GjqclY$k$sdh_cH;5a*qCCox%twf&71ETib~4A
zX*b4UvL3kk{`aK<`T13lpa1oby4~l2x<qo?{>GRfo8SGJGt$<x{$VA5UstfjzggF3
z=)YZ89rWL=YvbkLt}8It->fT?%K-oI_jLt{;qTTJxVPV|E3lr{rMGNM!fu37wZD!T
zsGm@MK}P)7hd;XFe&HgHvU({GAKx)iYFT+XxaMQDw`U3WvutKo4wtbrscR6RDjDeP
z{W^ji7sRGLE_M3)QT}alkx<2G!Dof=B?T{E)j?m!_~8n`#({Rv|GyjezhDsmvT?sR
zh>U1t#f_(SpAJ_&u7CLZsjDA`GHyGZ@W(>n)SZ6&(~SOQyT8?c5>Y;#tR5X186qgH
zsS(g0AB+f;^SN!oE2>;7IkU6r1g^bjy-@tidaVyOLn`0oFMC{yLcaDteu00nV~{@n
z<_Lk|et6$aJ&@9|v%35rx4iwgZtZ`=R{!s9`HOGgl1*~C3=Ivn_4@br_QGGPtMl^S
zO8K~SU3uUyapPB}2bEI)(KIb6>ou%P9xHSSA>y)b|K0ZQ>pX|bo{9@t*&xh*3*7t>
zXJk>M8pW3>%W^I;-*@wU`uF&uV+Q?J)y38<GVoijKYuIwJSP9&@bX})4fc@Y?<fC0
zXi6e0%Bc98V1Sc<@YCO3J5Pij{QYCELjmNo&F3s{5J3F@QvivXFtxYa;}io$x;$Zd
zX(=aMT`1*VVwNmXqR-UK)%(B)*8K8;&cF46zdOKSB5hsrL@amtWM{;i7wTR7)o&uX
ze}K~6Rnpt3t{~(dfBIFdlVrag&SCzDgiNbj(ee^pt)dBc$8k<N0x&8Cm+#jSvn*i8
zV=54|(Kg6wJe3#dkaH8t!bOC3MX+N5b)eL-k$CbE^(D<62uhj*smBcn0aTFEkd~8q
z9}EKC+m=^N<nsdb{rsrQ!RGXG7m#kZd?%-<6$I!m%TPlT{#pCv^T3*geU*Cp64A?@
z4p2q`Kx_^U?4U7V4a%hT$~y%{Tw=$@GfaD==bRuwQ_Ws!p?T{;z|=uN#)LG!#QeLf
z4t=qcN~c?7h?lnD3JT?^9f7I7xL5{;IFBb%_xHmgV5Mv{jzj&0976!qWnhB!G!#_K
z$1Hc9t#-wjL8x%}oc7sVzF+rYMqLQjejVa87rKKY%sIExa@leN(uvI&-{}&ntH6<?
zpKdck1(1ZZ9LIU~#F2g&xa;J})Smei*9TFU;hH_>!hREL?J6NS*(2<l6-pwwIuQ-!
z4hF#G&_Ec1hi=bqreRDse>qJ=?7(uMN%sKsTEU;|&V~?`M<HZ~Atr`~bo{lQA>u)#
z=1qQm@<J{d5?cU&Tzxc4C!`t=^z8;9Fn3Cf6JT;ELjbTG=pHRF=EHkBv&pHw!#U8G
zc(%KoSKR4$t^Wg_C4}tl;<va6?$L5mhVHY-1(@oO18RD0k*+4>yO8LX<LQcaqS(~(
zak=YC`4ea_HR6F_eL3%-VH4~~9+bJ@`jTO#Exx)Pz5z{eLy%x@>S_ckH8X@*+oy)Z
zPJ$30dQXj4yXOUaeFBcu5#Y{+WZtub8HR~Q?<+f_E{AiGDwW>&q!8+m#o^N>Z?2a)
zwGf_v0J`LgR&J=IV2x`!7GS1w845n8NYY=`(k<~)p5WGRgKl%mc#8Q}=)hCRNO_Zo
z(j9^~53mDBc{2(oYmj4qD(xV2OI+A-7q~sCZrRXv-jMdo0gAgaRLj%fE`Sk2`E2qJ
zBLm)yql#P^emTlIHRa9NeH6=AZR$CRN7;!nV^+R65X?+#VvgB9I@T^8&ly5sQt_Ym
zvYaZwS<XJ!VaT#5yY=K<g-;}l_&lge{R*iIzC*tja-pp30w#mXoXxA$Q)oOnu#>P~
z-Qw2V8VkQOy&-hsgLt%rY@Y?D)7O_iFCVtmowP0Ak$=@n9acN$=7`7B5XrS4BG`W9
z3BGfg4z^8~dkl2a2OyxfV9wVFp27)$Ol#&|sr5y&Hhn_VL|z}>eJR%T0zj*jZ}dfg
z0S5>A0aV7d{_6dX_uuPqI1Jo42yAKhh3#0L$wH%^l**m>4Gm2|@fkpz)*;G|O0|zm
z4J6-A9-OX&n{e7yDObKeQf#eTU#Tr%bD2PmsyiL4Gmj8UALk@E0t?YA)fNcJ_b)@2
zru5k_b2~ZZ?&3HNH|9Whbr}!NJJHuKu5A{cv=(w~snMpDuY#+45Km9L5Qjp!_5ddz
zR*g8DLL9eTUzL15|JGpn1l;RzqJ)K=!~$-cYPMjq>`hvOuH?y?I$N7cXm2GtTBAg1
zSGtM6BO=|;K`g&dI}zpzuKRgq!qq_FT~-sc`z&@8kz03^n~K3|K3Zc8ut57D{0J5V
z&$T^tQ%#_tv7rM=(faD1f*f#$P7t=`FC*`d*)NG?>J~*=OkxUENg>3ErPl*#jkCp|
zv#c$&Vi@8~{g(E^8_0ITmYP<m>y2=aG^gO29Ywdd5GgE2DN@pG)U^+Vbw}k9yYli(
ziARugTZTZ|O4~|qA#ZlT*TNEcErhhdO++fttw%A56*du*f_+N}zrI82syV~kSlp8i
zdU}mhCmmBtVDfIA3(Y$p7ioRR)p7h(8TtUeFYA%g#9K$RAVvT5eQ?=+2-;iocN#-o
zkhgk_8pX9X$$?C3FBE4#_0Y}OwiPD<1KHrktWp$IOrhv`)=`3<<l)br<R8eB>E>o*
zfm#wZ`f6}9i&>nS1>WVu+QS~Q)1HhL@R^GN<&(|~My~>!aCtBiZl1Nl4q2`xGB_$8
z3!QyIM8)*<KXD70x_D^)p8Vpwow&JWQfk9y=n|wDGqrUZGS+R)$GZ33?tD;bEy-SU
zNyAy0d%FY_R1vpPWMb{8>R0!Us*h<=+L?1hYbol(`-x)>+d#p!oUgc>S6*mb4O_xx
zq6_-YU-6qH{|9sie89+<B67D30guTV9tTn|8Q$8rq>&q=pTsOt<|4@_m>OCKJCTXr
znAR8a^J+tvQZ47!F6YL`OB*JR-g<x|Y+u<IpJRF8ZE2K(INLzf9>EYB2u=iahoYk?
zd?$A9Apl8x>&G5uubkiL2(KKfDNxl-f2}5!dY5sr%J;(LMgP&;$5UXlIoqr_JViVj
zfP|ZN8>wq+NTFH8+EIa~Yts@$*5MKLO1nUGONFe=_Cb#71(UZtD+B&?r)Aww+#VnG
z-<d-kX(Mub11T#uL4Zs>@=ZMOmBiz@BKJ!E3gf{XaOyUFIJ!B6Trt?x88O&tw_>e?
zrEhao&42sk+41W3#m_PCQYRQ8Ah1QjH7y<;=MAT+vE9sJWADJ_2<z|tl7^k$yHOF2
z#!K%=I&uUmnIU#yhRoU^-r95hA@7JdW8-Mj&RM!SNc^>!A!4<=w_$vh^KkaDi}s$r
z_TWihd+LRYS2)_7Z8UQ)&%wGqNw1IUm<LZt6&96f$VwBwlOM{%v>9a+8;bWhqQl?L
zi`(7Fw{$TrzHB~K>k>9$Gh4n40KgjQE3OfUn@l~|q&s>cph=9=7Zukz6)u<5TQvq=
zqU*A6C&lyRwgyf`_61KB>z36HA`#o#-uprzU@a4!Lk6G=G&|rYG}_xV0b%CSRL{6Z
zYb>HyKDTP6O)Q<Z#%(T7X3{*byy;gyT3{+RB*&ch{Vck(VWknXaFo?_K4~<f%CbPg
zt>-W~J+o4*ghP2KvA}q3k!tGMk$P?&UuD5{jy`3W9^$AFQF%C)Wva3ee#B^BQ&KS>
zi*<G=#G^Sh)dgh+9f#S+?wx28;<jC1PnibRl`FgGjh1X|gu(^N!V)|02&fz+r4JpA
zneVIe6b`ybwS}arM!dyhRVy%MDYMy#+uv7pjVtj?K3PqN1=UQPOv*s1L%ZvKzL?wA
zL&vi<;Lj`n-~QaKn-LXF!0lwU>&&e9)JC0jv_(t{!HFh_)zeELfF#8s;S!qms&vQG
z&P_su*I_84K4xp{7{I%YL+7i|Z^cx6iyS<74NZ?@eFVu8&&~=F@H#G>Y(Hr<0;aj1
zKnz;lv{$6t!9GetXEUImeNjXc20@v5p2g4i*uM;ASI2f+KofW!gSa8E`ql?V70N)h
zW{sT%DaOi&mgDOvOyRUL#?FtBUrgR!N?~ogC~N(G4yK#4L%!gk<f#}hO`Dc3y5g?l
zg3rS`C{j$i&iPHTyI#Vxlq0L7>s6<9!_NIB>P6%I$TG|55_lB}y{Qf^8oV?vUn*Eq
z#L@h#9MjE`k;f6tl^Ls1f;6=zJSpf%yz+)Gd)!uq5DN%rhL^^ZflrDwtMVjYJg#f$
zQVPr;**i~gAspO%CiWy;q>9{lGmU)fHa1cBl3FMRCqq{JjS|MDI7=2sOSN6W6kZyn
z#cJP9zFR|A80fk23T!omJ)f^#j<~eU&=Fqzeig1ew`d(=2T&2{AMv7XECW1lzGmv6
z-$>NMV%=Gf&AqOpu>PHXOH?-lCr7cE4$dvgqTt+Jnrx~CQ}28Kl{0a^xGo)!ro^Rq
z+5EU%DR3CEk2sr>eL0%Uj3*6%vMS1t9LL<H>ugDv1i4pE`doyIJ!r<$o;^kudvH{D
zT8^;$UMI7!w?;yMhWQ@iX~u|%9P_+gr6}MB2k1_reDizY{dJaqwnR>+AKx2qcN@u>
z!iocp{c-QB-6A6p)>$$aj+EkqT$BEm)Pfdsg~ic2yM!yam#s!QEGp?!8n)Z+w~TUO
zqNGeuSo#pTaIroI!C+E@M_h^PXBB6!)4X2cdFrAw%4AVbee5`y?#C{UjRoAWVvmP0
zLZ^K~@w1P4O9eVoKfRxfVi*?D+nGs3C<^cvL~}TfSqQ5OtV}at#~dbe-OeK28t}hb
z6AuHIdhtshfx92=*7LAyG*2PGHEq!3StehD3|6aikNN@~|1_p776ScaJ`z>W0^mHq
zQWP7TP$@b2dT+`74DjJ#&8>$%9B)nmO`%cp0rvIXJ*9<&fmBaky3-5g=ybY<IA?>A
zj>L?}O*nxyNMT2E3b&?qWv7%TK=NoAcTt+4#EK@$8DNJ}L!XNr;TF6u5@*-iomU+)
zat!cwqVG>1@_y~RxOQAUVoqD1Wf7lfP=}6MX@LL~rH4K-!B`Z2-M0HRQ^z%7pS-sb
zxiENPj8)0Q&jr$&x!Zhc-F8WLUheO^ZtTbKBi6uHW@wy7(bO+)#5GZAj$svvx=^u+
zEci`2X9~y7J=b7QtQ?QMQ4?h3mP;dYgF{blA>WzTI5=}e1}o;nX1k$aU+BcL;`cE0
zffz|W=XVloAILKYmtNJi!*%sX7bw@{ypY-o<u!BhPHpp5tMChVR6I0^p1eYkD7r=4
zPnkJsrkNSI1brMU&5m{|yRNh^K4G{T(*tKh7H*Sb;@?fiF)v^^o|ua%uWmbG(tP69
zGbQE393oJ8wi}m97;JaNFJzr(DPkSCG<tOw;?+5~b>Yghl%$)yTvV(zUqp?4$Nt@;
zfi@7^`0PFG`BdT9CbW)4hx;`oRF1@^RhDn!Nz>-EA6_85<k&rM-Kb^>(4XGM7&%$z
zg0pzvC|HML;)=Sbd~9^;%o4d`9jCR(h3h*`DdjI6+bk_V!|TtOrnZ@+Vz7zYmy@3+
z2jCE-_g#oF2w40y;DJ8D7530GNl8i4FfU7!s5%YDeo5U`0JnCQhUJ59W0%dyQ|i6f
z(V-HuK~L(`x)t!RCCp>85=E_ix*Pv2IlpB9QIT}qGXy&wl1JZ*(N9KxI+WyNbS<Gt
z{X)mCM(=f}4u!kZ58BPk83wX<@v5#jX{hTaf?BG>@-*|Jt^k3$1X`4hPO7yqBQ>QO
z?i6(02+vJh4aN1oBBpqk<;gs2mA*}U>dOK^06L+4v}a2N2(X9k0LRHzu8({+`iKzk
zHb-#iy=)pfJYH+|a0O(sLz)O<zq)}CUiE>kaG#?m{||fb85UKxt&NfdQ4vL3P$Vcx
zlpH0aNRpr+l9M8t0ww2QLKMl8lae!1P)J5a1d0qrQAJWD7D>sOJ6EB0+uG;u-n;kr
zo%=lZNB?SEHP@IUyyG2VEni+#7Za#>H%q-;-d!cf&j{^>mZMSAxtUtp<1OMxVwk|c
zkIG4~uMrE{^VMpQA|-dRxz#U)9;K{f%m^(4V#sqZ4=oL*R>EePvW;$*w(zybIWL9o
z31Bbx$2LnYt#M>vBiWYN!;V~xsxr)#+`*&|OfJ3HET3hm#Rl@->9A|Dxcd1X>iUq>
z`$NXqLE(*~#&y@>^V6aWcT@6t$x{&#8a_%+2|Ddc5l}AM(#D0Zd=|cs=gBstW4uF_
z?u0Kqo>krI6v^D!q8<GFuwJ<(Uim>M7g3<uuw~4%2N6l{(kvY%HhaLh(+It}<tnJ_
z7@sEtn<LCVEYyBQ_Zd<=``(+?YJf~{(sEj@tPVy>m_R%K@i}2Y)tahazCW`_HcI9R
zh3_V#caP(T;*%Tsmc2sK@bg}{c+{eY1mn3>rTv{3(l>P!Tt6#`b<RBPYdv7e?;FB7
zDPtm_BzrFd>L9z`$*SP{vb3Y<9X9o~>sfUjcZy6F0(J|6$OV(|gOV&g3ewsFsl#fb
z(V(GmsiH-_gVw#|H3?VFoDLY}iHJ7&vfV}bMj+)4DUl>BZfIyNVMxTyWRk2i(uiMY
zkui_))WvD1R*Pfz&1kgS=gSlrJB$bJ7e|CfPAY0^e0~%3EUOghUaQsKNgEIize~bH
z5qMO9_Dw5slBAbMPHEPOtL&-hhu%3HDl<mRsYK1WI$~1GCQ?FWtXl_I2V_QM-fUK;
zI%R-9GG%7%*xp0Dof5L1zZK6ElbqT=DHt-yrhXXBEp^p!?Y>)Qcw+Zaro?iguJ+Nv
z)J>oq?EXG0bK3?iiINJ1on=`Yh4(oe4$XF9<`5tQLq9?N=7q3yai38V?_SIEP&&~W
z6HR5o+^(y=v<0^V9rYV#Mnr+L=cu%%=Sq8Vc9Diby+fV>K9fT{X^M0Ez0s9GEt>Sl
z>?Vtd0&z)BPcz1|wr3~l&7VIZNU5C6*V08~#N4%PA3D4xq1N6k(IRkKx)xMg1KEmV
zY9Mys<tx>TXUZZwtO&<82ZRx7F?BF{LWxI~*q0~Yq;)wyy-zA3<l2$^p7hW{I#O?2
zC~1;7lJpwZO!E|7WpnIO=wmV%TD|nRbf&k5Mfck!ps~)f17}maMwZgSH`Tj@_3dxx
zl3~xJ-t_ZnUz!vwES>z+QH#o0sS&Kw_vEmUdlFB0F7?2S>tfb%1*mx`!z|&_B!?=o
zl0#zdE1ehqX>DHV%3H=Q<8Zp0N9}^{ItBI32gP5_cwJNV><aJ}p9{zq8fuiA&bxnB
zo#|HQu6nBZ`HfsG*T5Y)rG7`cGvI#BE+|AS4BygKU6i1+XgoG&F6Sn|X{2=bsK8tK
zo0f4Q)rwm5qt_Lp-pKOT2xz}dGoGxHcI%Q<*h8~c6S_nFU_$gVnNBD{*RA+3L%AN|
zVWnlk7CLE{Ztkg&5|HZmVRf{04yt>nZ^2Z{;ZZe$v+J6TC^M=yGo4zyv_f`-IQPo6
zJ}sx6X+7VULb6E!0C|z~z+Yvc)fTB(s>ZH$2wUl$5T1(Fip}>?dL~>&%H;8kb(~o4
zy~Arm<<**V24Ip^zia>Tmcp0Rl#~0}B(y9Z2A<41!uWxl2YgTm(>w(6Hx=Lb8!cZE
zb!tCQ3uL-eK~k*bcb{fW9(=02w|I52<tZtAGVtzzI@YVJEK9UFCxCuJW%DH={IVih
z3>+lM_YT{s#Sz}0FLtvCY`Xm5H=~u@p@qmRY5Y9Qk0wvKhbAYmE|L!3^)%^K=i;ul
zK!lnJS-1soj(5Dxigb<#A7RkElyjvexyWG>N?Ed@M)AD)wM)7M&{t`<REi_jEswS4
zhV0vq*knmye-`)p2suwyAzzLv!(5cc>L>e)S*FMKbxfaCN;-I}i^Uz5PjSwq$Gpih
zk|3PRBy{fto#{r=Qo0VhII=fp=bpxS^>s(HhnqNy@!$54b1x&#4@Vt52`kL^WKWss
zSJ*H_TjP}E*Ssto?9>w{uq&o9g~OlBx0aQTr#Ql9-H?XdYE{S3=>wKY%~V7hhG!#j
z?(H^DC1;Z+lY2L6i=1VXCbyJ`EnBkTh1nZp?L^ABsB;F7t!6s;ea-6Fi(_=qW3hAV
zr5ZwurvO5UYgO9{KhJUaD)OaGWD0KPZ0(tXM6Ko;)$-}96?2x8>30pyGP(C2dbAf5
z^j{RY-GOec?Dt#4_n*Cr_VpB;P<dGufGAyaN9Oy>?x7ewhN;#aPp6j@IC9}08*Q)0
z{^h#_DRi`p?G~>iSuk@G*Tl{@1We{8rwPPz<sYKpGarS!@|I$hyydQlhP2xgE>NWU
ztIx=#ynb@G2hpc`M02*XO~XQa1eVRMbvKk^!Zcju=<?*En3KEZ8%^9IPwD-0RK_E>
zMV2_b)1_FPF{+ZGPlXsecmvqsgLl)1uZW)Kmh}yNm5#Y_BG=-B4g7egkOv{FMARt5
zyZa>?haP+Kw@?{tM5WKibs2MJwKwl;Q4jM?T|dff-1sqV&EN9$)DD1c5v5NLg>t1?
zIt*HD=qDtVwafYHEW0<NhSCR+dwIP2rM3ifIiHNT&?ps1d}&wC(eO1yc{u>S4Y<95
zxy_-(Me#T%!@P^W9g&Of%k5HC+J#X>mRlgXXfBOtx)K$g&Tq!DoT*AgavJIx=zR0Q
zT?ZsMx63209`4vW_t=_`ZKp&roOyhzfdnw2vjo4p!<6Gtq53=(^$`U!*JaYKcnrJ0
z^Zv_GQFUo2pP+m%*mc@OKDoKX=p0qipLS<EgX}cztC>B7tV=MSD;y1Xl!DW?W$RS=
z$!xMTV{Lm}TGk6qHK>j(GFsf|k-qr8%W`xbcK2a*DR~y$oWi$+IR!~9U4E3U^uB_S
z<?*H*!=>zcalQOBztVWRvlfaf<tK9jHpjt`mE4Nj5!z7&Q75_hF@q70^)aa>x)Ef%
z({q*s`zGTy7T4ni#hRl=eKPLKM;+&xq`i4gk9gmLOX`&F>-{{FodN+=x|)nWGCis_
zM{Ao}$$92s&xMg=-M#a@8Lbin@aE^4?_8>c*>`dYQ=a9uIg%=?S|}|vZw&5U45t0t
z#h~aDjFw%@dekF}2PShbw0QEG=S7-bUukgyQ|E>YAjxz0OP=ZL8fbSM>R9kUIgcyX
z&`u*rF~1{1T51rvs4guzXyaiMP`7;XT`Qa9sSs$!;IfHB4d}V)U-`zt84#u~6J8@j
zJP%T!qCTwPCD==F)++~VCUUn4C6a~N=Ps6?taCJ$j?svHnN`%Oxr~|wWave(M^z>@
zq!;~n1f)^K2`wi(iSy#)5ad~|DU05u3bu^T7ri$|Wu5uwk>n#IJ<ern7}z~*p3u2w
z4_6hJK)xFnke)UkgZ%(X_^KsLeyC~ba~N%Wuo&Mqb7rX{*xPaVQP2IW&%_V};Ripn
z?7eL93Vhy=jYuAA<h-Ncma3<sw6~MiQU#^euBxd^Ixd4Ho1|h+Q!;l|OzslQJbqx_
zA=Ti)3ydkUKTgA(_SD5~{pPaVORqr%#YiV=9}G+Y_(V;ym>b7Ab2HU0-r3Rc5ZH@u
zCV8MUuI=zSX-BE_Xb??4uDXm1f)Jb8B+-tIH?dl9&sqzSRL`q1pIOOfsD_(&Vwws~
z&44Lr*p@53h_qIU?y<LhprbkxcW;x-FBUWyoTvB^4T3pF&_Qt%aJ{;^sgrA=T`DFo
z{BmIAFv^^);D?AlwsgI^R$bBXgK{f(378&E_VpC2)R!X1jkZumf?{vA4LNhlz}NSt
z%~#iA+C0-S*WV4+$%>gY(<)3<pYC`Q>1y%tu9=K%g|4hz>Q;_$u&&{Y(%`aWSOm*S
z#fHvqy_%D?ViqMuotWPqciEF-*!xP9Wl#Oa7yD?W#xXsFR8F+*H+3~OtOzsv3lzGW
zJ76=rcUDmnzR8P`sfff`GzPutB~or;pT7~lk06v_;Wedqp?k9leOIw8|D<CgcKTVj
zlv?<Qq#YzVkI*CCI+0br71o$;xkv3K1v=XMviOHtUwrZb;x{dbinjzLc_2Yb`Nk_B
zE6X&q5q1TE?#^NhHUT<xkdM2XG4YBc8#kSnHgHD<;9umgnUX|z?_hFGb3qJ6SIs)L
zXm;VaF$Ly_7^VkbS`o@s-_b})kP#hUH1Lsf+L_}!(%siOSEU4Mr5>er)RxDInok#N
zhV%en9{T&F*{gs%leG%Oj9UxaY@O^MZl<QuLe+t|3x)Bwu!y>jV~<72N?LV^(clX+
z=2jnQCF*c3E0mkHl**fdsW)ZgE||r=el%y!c`DR5IoYoSF&g-WkMe1jZyI4u{0Xe;
zUd^cdD<ZhA#pV6nmF+L!Nm+-I?_=Mn+c_`Y9={jQemV6enKYeGi?yM{xi2Pz(ihkA
z%W>IetPk@Nf=N-AsrRfIwJ(=v(NQ@T!-{<N{&s}(S!b*C<$?<#Yx#;%hqLU84GN5?
z6S&+ilYR2u?<7GmwW)m1>};x7dn(xNz@$ux6ZJoxL?8QwNp9gjZw;q&H#fA2jen}~
zRoX@QIBO=D-lA6wi^7-!*r37*Q<_qsb8ZvW>NM4k)Z#Z{UX{BMN$}|%DJo-1QE71m
zZUQ*emOgW-URBvL**TS>f)+34ft$K+hTy|Xn$!l4q1CE;j+|r>ztrcR5g=H&QC_f7
z&U$vhN<t-N4yn&woxA7)Ozs?HauE!N5=z%;Gm~r7Vnf+##4JOIO(+&Q6G)q5t43TT
z^?twh?Z|Zg(9>V^FJ{jk?=hM`ZldI6xZWA1*;K$ts4Cgo86r8AtLv*KQ9d~8DM^v#
z^%(7z6(bRw$Hd#v7d<w*F$PuO#ulCO)AsU+h)SFU9m^WBzmHeh-qbHYDl>y7xa_ki
z$f7kKOd5ja>b<*iV;<UW5f00GHYQg6Ni6pG9$lram%(1SF}6FP!dJnrWtSvCQ<7)B
zRC|tr5h~)cBvI&Iu|-nmR-YoF$=gAzA9(=n%Md#}K~Wjcf%EGpwL*#uWP9B-p?r`n
z&%ttQ(r*fsB77E%E%>i33iWuJ(>$5Db}($z|J|mw_6g3(BEJD>sSXaTubGSZ@Z9l4
zh^!JX_5gFl&`K2zR{H9Dhf{RZx}xMXv7sr1A*2Z>?q3eMjK*0vy&}c!^XADhB|K4R
zO-(o25n)$Fe!bl-&%t17ma`Ik+trrjj2PF)%Uh?O%Z$Ic^i&{~C~&wdM*OT%P&TT7
zEz$L6TG~a?0vq!bA$T~*K0%i|%{(uY+GYMr#kZR3sD0>yIBQccCX*CFpM-l#!&-Cv
zMDF7U4|G6o%-hJVbiy9_(u|y^slZ;tkjsKGZ&VTC5jU%4FsG88G2>NNdTqQoUnXHk
zbVWc(NpI)uMB*1Fsd=WB6|gqpz~Pp}a<H&xVD(Ig{kec5uuFp*4uO5sJ<-*(Nm&jW
z)=9G$geFi<=19|-S2IKwH8Tz%DuQY0Aq7~Q<hhB#<S53_)f{oyE0=*imNC}eF*RwE
zPT4}Z^^Q(M&g)%6%;a}174`%<lEy|#A*mD0E}bn1!f+Uk&dK;HZpb)INY0fe_H3zp
zBd1?&KU|9vY`L)AcLw6bGiMVq+9c627V9EVb5i6kDIO#wtAG3TBJEJ7{_wISAvs0t
zF}r&eI-ET++wi2VX*1uLbVaftOV4$Kdqis-9mFZ5<ypqb{vpM-BIir|rVauAcKyUr
zxeNEiVGFs1%`z$T*6AU2RDH4vchuVNJx`Y}^_u8($|H<RH!Gz$!E7z0coch(IYQWL
zBhS0L>~@CO0Q=cx%{#;SenpYTTK1pSQ}U{wKUZUaHp}eAqw8lom02=<EN;JW_cW9^
zVEvglM~eBT7fQ<ub;~(|+E`$}!s$R5H*TtA=tQ%kcxZd{{u8$@A5|)qeA;P!qQW`+
za+K#&&e}`Fn8otQE<KoR-jpYB2^kYlYFd<^oCjlHpwI1Q+@SM03r&UD&5+xyr{vIT
zXpeB5r3ZtWgsyXjpC;EMP}m4yU$|J#@is#xYMj%dYSn%Qc!CV#HjAFS&z`m3ErMmv
zXdA6unW@j%keNLhN^v5@nl+Fl_Dn9WI%Xe_nuMh4iZOYKn#J3y90GW=V9oSUXa5@4
zK`M1vy3*O&OK|S4jfic{c(5|0Wq+t72@NLl@!Jmju5O0N&hhx7sq;7ZK_XzrzwTyu
z?y&LLVcjox01$l#O=ss5Kpku!S>I27yhiEm-e+D-9q3Pgeks{ltVY{&J<IciM)Wlq
zx~{i@W;Z5aTj1lGZHo31B$ms5M%l?^4zN3UerZ+Ddit)nq^nu*Hz;R(8XA{ei8=6w
z^;z5M3sZG>p34syDI8g<dvgPXD4$NYUhU{9vro*SJ2be~>Z0m=i6^{H%W2|ihS6ga
zOZy}$s>Q<eQbb1}wZv8Ifs+!BIL^2v+k*M)L8Phs7M#~QjI~rfRRpx}mo=d!6#1_&
zj;VLmT;sh&Y@Q$-d;LX1>}HT)QvviLB%!YI(F4LQ1<Q}qTG=_p0`AV^^t*G3r##46
zAv`e<UmE-R`KG84@?*+0I*?^2U4Po~prst9(v&$1Hb0Z{x-3#MS_Q|=nW9!>ksb_K
zSc;_gJGO8V#e3IhxKcmR*;xm~U82;BOc%frQ#=&lR~(Ovbe}w#G|D6Dq%MZ6xz}_Z
zu*$szaw`m8r5?c~TmfcO2kMZd7Fq3GOM{NhFS2!PMdl=LS~^u*h}^w&c*>ma2>+TW
z6<f)3mGhpfx0zl{i6fHjyS1R!8IJ5V{W15LvuD<L=e99&d#~OR%}@?mA_@#zaoRb0
z#K56^S%8+8qC7}Y2AsnvF)kg1kS;NiD^riE3qX~v`4abL#>z1t73Zq4s4czh8d`V5
zjwKUx&}=9b24<EOc`fJ4X3@>1f;!K&LU?jzEPFcU(z;&iXm_kvswhXQm?Si69geXV
z&EI&;Y0wkoUOv~n4=R$g@$)YY*VPm%cvZ-@CYnD}+8l)XJF5n2V0!)pU6I|7JHc$p
zSt0y<UbH)Dvu4%)&Na~Lscq{XPl`I>YQ_G5^z~qYTu^W;FQ;2*!2`E@WD@5sc~Z$F
zTMjlz^pD~6QM@I3N(4t2k2O1+>Rw-~J{cgZi%WHW^33P+(j@g(-i6?FO(oB(YdBg7
zZEO&)`$RWYu-n1g)Ojv3i}N3uLKTn&Hk0VnqXAiUb+T=21LsgHV@$U~MLF|Y84}v4
z+L*DN9+F7bHNvYk0rJ#ptv0l{YltSZ1Q*e9WpTRf?QXINPsJFMp-k_E8>hrr^wV#|
zcwCFxcof~}jOiS$6z*fGYp4m`9Eb<&u8v78z^9g|e(OyeP!oZDS}*s(I&m;?mj^Fy
zxg^6plvIS51q-a@(K*{eob$P-pKJRtIkll3f>tKG$n3VBzN8zl=YL&Xti96Cy*<or
zn5p8`s~m%$APIR0TN-*~!X3U@MlZo|=}xuaucrFeWwLIs@_ZfJEjZH7ctw)M2Jw(y
ze2MgW63O0NF+%e9h~il&&4AZ&ScTue0=V^8mXTqRFAqcAYm17E2_G|#`@tfqmn|tx
z3n)S3+n<MnEl;MeyC&J`f@)S21K@}FKM9j8ixO7pbWIaDtmb6(=yIi%j^Tfd(@4OF
z-n}n3jnKY1_qbUs-RX=Ex}+9LX~l~pn+t75D`qBApv9kuaBBe7d2tV?1By$TWN$GG
zP$5L>va=}EIEVhqCWApDFuBQfUU+xxDfmcxF-&B*gtKmxOh!*ABgkOoJW*_^JbA-$
z+>yl3_XF%6>9llHRZ>@e*n@gUZ6tn<{0r3Qt$9)UV!@1U>T#D?H+f%aJrLV0m8|SC
zpaDUjZ_S6_=b&m?54Ueg^AnB4Yh2hq_)wdyMlsNG>O9HFepzpWV&V`Ngj=h~xJHz|
zz2c`4&C>_K0D-Uc5DDl!8W&Xc8*Ni!2`>rzwhN#&kor#ZU@0uZND>-{7?PLKenh}e
zGMajjJC)g=)#%%lU^B@{BYZ2NaT`_p(1jWG)8^U8^REWrz7{n29>b&1Ot7p=n{hqp
zy??l_E&DB_wZu0~f=RbOb%%o<M;?~NH>*O>TpZc|>tBPX|NPem_-D)f^z4gJD>6zG
z*4)}!U7tELGsE76KsY*zUb@r8o}K;6Cd=p?N(M`=TVSd|;is-tPjDf}YbY-lLZt-5
z-@8&BUL7;G8h{TzT>m>Qu={sumOqb9kboaye@<OrN(g>L^4pK7?1!4r&;R*I$s|Oe
zBl)Ml{>w($U$^al9qaki#Q?4Qxo!XVk+~o4(T@u7dg=EKX@*E4yZBaR`Rl(1v%r~y
z6^LwS(EU1Q1G-;hN=njFx=uZgQ&pSuryW_aTr~h+K>^Qt^VP<{{25A%A&XlSOag#$
z#y?F05J6qA?fXCVfgZZs46gsq49Q=M_%AL5&yxLoeg9`K1QLt?ltBpYBG;=A{r`Fg
zb_^a~{i2r|>J}e+w+2~ECS)<65Qs%xum8zpX#VxSWH3tss&0iO?9kBVzoJ24{N`_s
ziTuS;fJ^(=d;EVry7U)4{-8hnKb^<<i#aD~G_&M-92^cW;I;Db@MwCK$4QrPP_5tb
zakf=>{rJZfSBSbb`+clQj^EgkWv=G$sli_iPW>%U0i5#R81Ui$<$%v$+}!_?=?utU
zVY6E>|N2Nv*Q#&UeoW2IKVg%<z6@wH;=eeh0p|36JwOEo`(Ieb-<nhdy&AuoRQt7M
zfb!3;CIJ7|q}t!Nj4?3Fo(Coymgl5)G1`yQd^9nD6qcLyy_hWzpcd1&odSP%u8unO
zS0jjjae04hRPJA&$N9f;(_kgC1`IVeJw0t5h#eeE<g>L_lFyJiDxB~l8=LyYZB>FE
z3gwu8YqS$TDs+Nn3C!$0{g-F<z%)hKy27=(?XA5$hn4<}3j-mHYO*4Id<m+#P=3Xn
zU_AA2`S`z~$*lMxQn1DJN3}ci5Ok(Io_wrE0frrEYQ9xN!9<l8%%D#50VrdGEyCZ1
zYIpx_JsZ%cFB{1u`=PSkp08!QzaB0H#Xl?Of`LEyt)8B4yRApVo-cmUI{nu&_|@EL
z1yOUT?(sY@#AQs2d&Kh7QK5AErAKn$I@EAM_Irg93OQi0;g2tN`4sqTb@!Y4V&KKb
zz6G_oy*ywf@n0Xz`noOlCpk<0LeAgU_x?CxoCbbhnO%Z6pAJw{3*TlG!O}0_6v5K3
zKTSGAi)-1_*y>A&K~LrOxAf)v^2Q(E@$o4LU1bkeBB0sG-ePDrvM&;Wa60waK@mrH
z$1b5Q<D-iRz9PH-o4i2BzGtllYI|#3R`&3pex87c30fb}KzCJP37ppD{x==^%Xb6C
z#{cl$4Dc&Uevxeb#r_uy(yyCY{&XpR(473lgD)_U0luRA=5xRA{`u2iKLDn3c{1S6
z3^Wt>-BkYWYwqrC`{@dysd|K!36zYmLZf&wi0{eB^<PmL;E=#0gY{!S9TL3KFAgc9
zj!Y~$GWfSV*!P{XKdR8L&E)rePCr<cG&?lEc=<}8H5r&+-24ND@VActbve*KZzlg^
z-j3b1l4!h@V82fgSDmsA`GuAIF0R^DlI1tVel;ukcddey@~iXLG;hGUQ*t=VJgb9b
zy(wEb(Ls_n>{->a>!!`cW!^MhT)2k>BtlU@AOA2eH8|$SxJwOU$&~2;aBv}*$|8a|
z6c3`Z3nm-t^(vEdRXK&M?^(2r(4IMkn5Yg^q`sul`_nc4W0BVK44{*7==2t!8CG8^
z(308-Y^RBXs-AIuE0)N^#_A`CJ?$2xp(WRNohO|T$_7_0dZ>ZogxFEx%g21?3?3X7
z;VN4%AJco#QXQC&7@1!aJ+>wxP^vGsUYM4;erz&|w`*+uhH^zFSXa}l4_pzZzxs+^
z5J7k+%?FP-vb(#LklsC(zP2g*z#bA}zy9QxGIvsLeOVd2P80emET_P_`g-p)a>7c9
zE2+RFbV$YlS&~AjcRAZG)cZI;ET5si_(?ff=hXr&7;2f>C?4I*!~T@8y3~#F5!h0T
zcLv0cwAX=h(Cr-|eM<M3mgNbM{hLQ8qx8KD7V_Sh8Odqs*{^xhJ=vs>)yt>z>Qz_w
zda{U&wshFyNjK=GAlz%i1=4pL+o24w^heS1z~`zK;tRW#KtQ-8_hkaHPe?NgTTEZ=
zKcll*<?@@{$g2_D6xe1ew82-74MUDkX^*V5_uJ1*yp0UQ>7^RgE5}Xw^Ul1m1<ODj
zK&P0Q!-gbG1Z+Mv@tuRw@7>+reuK1`U_kCSaHV9>mHH3MH4cL-<vIP2T&bk-_bZ(c
z1xH7z>y%?-kfjk9`1v+!h%JlaISm%lMmOfl_`I-)8V6XkR(<>O2oA{Kx>|q3!E|hX
zG{^}iliw^El=mdTt2luV+`|&n*KuwSXq<Z!jB{%+z3|XID*P;KyW<bT+|@1j)V~!|
zkH6ZV1(qFHC^D`{f0(o6d@{|Vqb26Bw$3B)p2J)T?O7%?($qYPq(hdRin{XtA%acI
zD4)(?VHBHmjz5aqCD)qP-gNnnjluME%1i`UXp_qTaj!;6OE-9llo>SmO%ZNa9|LW$
zBs9yxf|N%&@8n%T(C~=+IUPUgRKg!sK#AR+lh&1Qjm%%`oZni}kCBA+4V4KspEI%W
zuwNR*b_g2fZ<X;mtl7UWN1W0!V|d^5u2mAN8UuDDtse#<Zhc9I;TUKNxgdDWERHM<
zC^p!rlCA42!hP+WKg1*)xMFNTDsM2;JUVp`u_G4J6ADkWt}gc6k<d!N(zooAPqENM
zgH6=;Dsy&hiL&;|Z`QBwf0++!c!qiZ(&;5U7;%l2gt5>Y>^gvZd-eFg18rDWTOu%H
z7ufM`04zFb`Y?6~yw&O7-)j0lc`Inq)lYAQ_vGQPTTTJRy+ky{cOGYD&Sk{VyEWuj
z9Q1E$3;<S3Q*cQRIp4{9R_V<`l$XCRzq%JM10<|K(qnqN8`Y{`Eg1r-CY^|0`Ir)N
zWyryFy%^>*j^!x`d_L2NiUQ>U&$8ulys}JTAL_?=oz$Zi+prKb1#9l6K=Q;hg*Nxn
z4kYLzLn+6==p(-GP$Crpx8xVP*OBhz=)4o`agBfaDA4s$CFE!PujH&Iz~R70^En8)
z<Z)|_Rhk&U60~M>KN<A(f`fUL@hLS4KN+oDmBb1cs0Kl+z9#MgkG-B;?rjQ<FPfK;
zk@K_cUX^DpjWD!>uxRfh@9Grxq7S7Ca?;9N_u)?BxvmU@cXRnONK^vQZMz8sGBO`A
zh7A?#DR~N%2NiV=p6V%*2zKEYb89iYhcs(Zc9%vrSOuh5`eQ(fWo5tcaQ?~UBv%-3
zq=Qjz0LHZpykHKe;QPZmJ{<weVjf7(`qd6~smD32bvi!roYOVpGRohU#D?T>o0|jY
zXgX#yscV$q?DoDKD_YR6^S%P{GAE&I-QF}Z!tNN-?Tc5jongXBe_&JXWWe+mFF0*A
zT>`MF&7P9V>@u)(u(-zw6d}sZt0<PrA``AaTXSR&O_+Q}m)zK<kB#g?wH6=1n?l9o
zA%niC95F33uAz2V6sG~KrGyDG@d|8A4!4$>;+nm<!~1m$qkPFA2;YD&)B-7=t}q;h
zq-^v}%3!Y?kg^ygW&2$zi~grl2C>mA)S$o~$`%Ux@7<62y7o=dIFL38IB6Y{b(&2l
z*mFpA9835)-}<yYo9xOTc0n(X;#!}@AcY<KOqI0s9A+Bmrm*$-&SN;_GadEnlWqMk
zC9zRC!6pzmS_iKYUEPqcRR*=7YRz7Fqa4t=icfq@y1}df$z`VY_a6$ZX}2T<I5Tn*
zERSz{<SQpR|5j6h;MQ`1+{W`hF1>PWthM~CHd@HJgdcdz=CJuu*Ri0bj%t0clMp%G
zP7U3YtaDY9EV!qd-|y)jB~3~_w0G)+pCqY|LEpsOb4wAKJ`5_d+ia&Qn9qyOYp1p3
zg46gqyLn%wz4<6-RyEL+bNuM#{57*XiPS?S)%w+LPWC4uEW!W)9<a5gb4Q?Rf%Pt)
zz^|htot4W52hly$J9Y1s{)WBl=9ajMo_b7{fsAL{9kng5!p4%E)b+8KF{mJY$iIi$
zMLt~^-Y9hVpEV7i2=Ur_0)sa_{Po!qALqs`v0+WhGbe^Uf}Y^!?y2M(u%Lv4TXLO8
zz}ex!o^YFZ>LLGx1>DGaK>YeiLfb&UR{-AG0nmN@$bd)6t1RWE;6Em&-}Ft{7kmTC
zdg@8gai01hpx$7`R2dnO&lRP-)={M{&iN{905(Q#^rHA2U=yFT!6ByH4V%xoXaXox
z5Ddk)k}B(Jo%r#0z`aEMg*9Qt5AE77fE}-h@i9}yxPWrleg=7Aeq})brf8b(Oz}nH
zz3kG;YgTlA7%uL;nWmUM6h!2!b%a`<%)M>>{c1k{;cAc)3eoJq?E*r(g7LT@WH+6A
zr<X41=X;e^fBwgw&2Jod0<slLlI3+qE_AiN(dvd<EFzWfTE)ZF#7{5QH;lurwG@|H
zO!#x?ps+v9G{iwW{%+;Qc%`VwL68|GQ-YGx<UQQ_vj9*^NgAbRZjJ!a7Qg&W?kOaB
z0irnZM^o5keTIVuX069|gxRAIGcWZwG~^hZ5G5@cNK7mo-1r~@Q6r3LMFc89NvrWQ
zD6n3Rozgo7QW38xj}N@pKybj*RW#ql@!BlN1&xT(`2Ddb`JZ*jC%|9}llBO}Ffk>S
z=FQBhAmE%#osf6ZW&sRlZrIp*BuEf%4~^2h{(M>wufmv510^#o&tl;3c2t_uU>+Rr
zl}#7b%=P*_%j5Gz#5NknVb&WS;WIYKM~;w_&{PD@C?~b7+7whV`(4V&=<%UN+4lx%
zpc>w#Kdm)nuo-i8fq5tb@BPIm+}^T}9?5&{xK}r(M<|KQ+`6?@a^9^EyFGYItdH+B
z9i;Ww@n0w?xla8GkoxS-fYi@kov^#~i%3#y@->pI`tn*qww89dLE_M=hpv?emr<;3
z=$ye6aukV5vVL105o2wHh7_FlTD2su851rR2^TasXIQg$9t(mMC5UkS+98R54IFO|
ze0NAylD*AeX0gj*P0g6$9oErKghZrCI^TLGJP#&m(ApE9;5D*<DA}rNbVit7!mpIe
zVFu{pdZ+$S5yVGT^b-f;-8Mv>)@ObJSTRBlSdfrIWd))tmCpgOTBBH23=1BO&I**o
z*;vP2iP}AEB@E_cSCjxd9ty4Hsyz!WsCg!UF6Dq~fLtrz<<b0I9uuOyC(G#!W~P~p
z@@D`Jixo0gf+XYB9d*tj5oXXAox`tXhW1>*@=m#;*Dp5-=fJ$)xy;m5Pe0d(;-d&q
z^u`WMya^NtoMtaHehmcCgx>-|A=kZ>eCOp*ZnXcu_XDf{?H~C6{u|)A7aR%L;1+ue
zTBFyP@{4RnawYlJSA&QpOgXpqW@}u>8Te4by+<$XCN(A}`cc5(M$eB#kJ>aoixKOQ
z2bj?TF#$sK7_RvlMsTRoxf!gZuMV4UvC=d8Vz5!b?Qw=03Zg*(;n+J0jnhD$DZ%3^
z->zqhHsLqUwvr+W{D`;s`?ci<g37VL(d(nv07%Bhb6S?mR<Ec*zzyL9Gs$n&k1<$i
zv3?Ig>(n{+p<Kk$Z$l+J>qY+d&`C$2(HD7hhakwMpv%ZuzPgmxWZzthwC!z;*gW_&
zNX`We^1Vis6lc8Wnq*lVTa>B|wkJ#T^*i}4ZzozCH9DJsZKj1Tkde$S&z$Cz@zuHC
zv#%3@Ps;IF27Xud`Cj0xsfk4VUPSHlIMY4k(RJ2-hRNu%)ryA}*I6)cK0h;mrN(JA
zEK+TLMStTmg0>I%s469Z;{Vv0jo3}b@jV5<Iqs7MmQ!`8f&6HdMz75C?ZG(BP-})Y
zb@hs&3VStjgM~1=D4+Gbb5X^CVKw7et)hWmQo_B{1`sz<;Z>o4JY;<AdCA@4-6R~i
ze~?HfUpoV3_z$F2lPA*N(C=GX87zLRztIpChTR%`_T=(JY?NokW|y5oS*mHorUbe=
zY^Giagp@gGSMcCWpRDdf0{Gs%-%??__y^h=YPKig;$d*N+$8oyvfRHdU(KvpNxwdV
zm9LKIo?Xe;*SLtT9O)ZP@}6p9;Y=BsD_eeMBa8qc#RKAjmTiZ)I{8SVWi9d;VY@sE
zJ^-GZIQkfb2lrDUN6xrs75ZP?suIpSjh38GOLeYs8GS)jKE^V{wX>+F#btS%#iy;L
z;8w*;3c$@&K;Ml7MUs|2K>P~WL!SR-hlA`-p1=B=u%Yr{-|deN#wq%#ARNaS!d6I4
zzjw1r7<T8MQ4InjVyXsmVG;h#AwPZW^^-_U3_L9uxXUhoi84_K*f&Ce+l2!}lciCc
zk5Gq?p9)lfP>~`IDuH&hEhM)PU%}@efYkRB3&BAN6Ne(B@R`=%W_Avabmk9hx3<P}
zdX2=P6D6k`Q8CsgTt>6n`4nZIWhNl<W^$YF$7fkKq7VnPe*AVWsM!!Fk-_L)zu|)e
z{eBvF450{UnmhRxJ1&e-&cD3}@y%wEX{d5}@x~Qkd$bUF0H7GeV_-1yULtzuf#yjY
zcR}<|SDUZN49HJc#Vr<Uk9^%MYxd#b?p{<Sss@V34zeKiEi2AB9|`9-S7KNjE6Jer
zuy-26MkAxdBCTbhV}qEELt@_WLg6D$6(aMzNl#isYZ1pU#E~W9aT3^yNbJIh!lRQg
zY1^yu=de3;4QU4NUdAVg=&d&h7f5*ZhUf63>mdRHKyT>S&dX{>t;g^QSFa<8OPEFe
z584|b6OyFFihte(r7Z`d-KF6BSK#|QYYh~gAe<t47&`c#_5UpghnzWXWef!pWzu(m
zn>rdckx2JW#WdTe_z!y@?S8s~WI?|$pxhDyuuBZi&Ut{8ES3Oya!R#+%#&WBOIXQu
zN%NI<n{oumm+`sQx*tB7tB3a4^JYeAu|cjo%;WsepmK!NN~RA7lB_MSUQ7vKgFBZw
z=Bt81Zq0SG?~vuj#76vp415w>9iISk3{g{L_*<ZX$c6f3L&F3J9VpIztotcV457`W
zfaQQ}bZO;=IU3NkN`3H#6`&x`${xXFQfE@;9Godz(ycduqBe1`8|5?XD&zs+3y<G(
zcXNUgYPK@}BR^qFY1?F>;yjSI_kfhiU}`Fs8`gGu2-u3&*l7esC?dGJ4I?2C2UrYD
z48&KId4Is$CNDUv*#X=r3J={!=v99P!)1QhcEq}eg|5&49zpZ}QqaG{u>Yc<8Hh{t
zX}7%i@EHuqf){Uqia~q=3nt9^Eg$eE{ZlsU79K%5XzwNrrlc7F;BGWZbsjSAL%Yjo
zm&PGwZ&+S-Ua;JeT`4}(+Sz9wClDFg_JthZ()caXMd##~r`x{Pbo#-mhj=i4UMVh4
z)vp#vz_U}ZjS6Nxd!g~^>3e|7uwRQ5iM0M?Xx=5?=g?ffe66)L-xTCQDb@MTVUz&8
z_ySb%a6uX>8A7fC%3txtZ>*f+Kn>)f^C1^!e9$ldUW$IT{<Ce#7^S{tZAHY0O)CaN
z76nxmI2}09^;NCu!H9A24S|gK1OsF<<UtK)m>HlhEx^AX825v=!F$pd@ACd&(HyEo
z1#D~Ozb&s0avPo~Y4mF~z-p=cBsGHsEB8Nq2Yf;Mdk&sF_2Enuw^murl`)W#Xohi$
z#5p)GzfOZ{I>?jAk~;<P$&?upGlLCwb8|Ew_<w3fT4Ie*%#a2I$y+x@Xx}UpQy}Ia
z4?4calw#I)r`r+8sGR;GHV2TwookGYZvkQHLno-^RGS8kVqc*#iyg}+;rUw;aJY30
z6tW6(5=Nkq%m@tmqxd1Hx1sHx5G4u3szQrI`EOG~GHH+eDihm(OC~(OxYyTY&9xE=
z!1dRj1x)JsC6JlW`^>dK0uL4foR~SdTaGX;^Ko%KdpGKrr&PoWS_NS166VNuQ|A(v
zC~jEJ4#1CSz%p%unipdsH3T8KmvO_ei@rMX7<Cb>c>FgCL?>IU;Q-;@z)Q(fjQPQy
zA|wFpLAt{Lo3Ju(jYQ1oFdMYCx&Z~^x+xRuY?xq)UG!*;e2$z3#UvxF<_<t=`KIfl
ztDwRoZOo0&ec>K65Q*vrA^n!X*#fnGjr4W-Kdj5%5Taz;rAa{jWL6r2KAIO9R|-GO
zxmZ2`kQgGR5vzcdUg>xU7(N@zzC_v1(dl?|C9b*CLaCPHsF-w>nsJ-s<;{?4r-9CN
zhnXqe^n!asP{3S<KIS|9&d{JzWiQVYe!a8uasJ`ERkHlN>uuSfdQq7+eVQLaI;Y4T
z>FOX6+x|C1tPeivo4lVJtRT!bfy8{^@~)W69&UKpal!fk0sTA&00u0=Jk(J{Y#bAY
ztawCWiFI>Ix9pk|(R;`R(dC|&dZ3!JQ64!t^+6aqbd>@?B_1!esO^prH4isOHg$}B
zWCpCbGWd!~v--dVGjJ8mL<VGcyhf0xKCcYwV-bMtl>y}-L@@|5llIQ7aF!^S!?c~n
z3%Jdl=>)Z~K7}IFYx=&;_LKw5-5W+vZlxP&v~_P%#_*q!E5GYcNcNVHuWiGX<aGa>
zlT_$aqBq7@Y5VA}aiU@|x@QVz1nIB&=(J3HEF)oN^wVPgK+99`DtpSqp4dzRu5z47
zn5`=MJi?}Sl_FXNd83Ggx$ubJv`l}X_{Bp7RY%1{g;V@(5;Tw&Qr5$ntsW&;XJb!b
zdp#0iHXh0)8rEjk&nppVSLH2J!4&^-st{ii!%*KLU$=MH4Ti#Ld8T4uO*Ca9lke(Y
zPLT!<`C^J0S(T)Ty7so;)9n#3+z%IpFJ!vlPQ^vdj4OC!=x0X{&v}#;h$k6r;KX(B
z*>I*##zV)}A@L+OJBAtWbRtf7t&+1P@!-9aJK$SZ{6X0GF}1oFxxxo7Lih9Kah^<!
zhWqXA&qyj)U8BTQ+PsyYM=syy4t5<vdX274W3|RRPTaCSr83UUNJ!p%8vJv!P%kb6
z@D#N5h+HA{k@t}lG&O|RDt)nv(nN1bCO%qdGn3R?--woMW?xd3xV2F9l%bKk?`@U%
zuow5rvvIh!QG&d6NZtd1gm7OHW}YXtZALXitvjwWeH$Aqlux=Q7aOx(RHmMKT^3CW
ztgAcOw!-v*RGD`plol-5IH@OOyh*D3g~*DHko>@r=sPlp3Ld<Dca%(hu3JWkyKgXb
zvq+*J$uziPZ{#Lfv5aynCdKF~bcv8FNE5;Lf;-c>m868Gh#p=#QFeIxo0!=RFU|m|
zT_9S#EpX<GymsZW?ZdZ22yqGS4P&N#l3_*&e-F314a3=UZRY4|(cm6Nz5SM=;0OxF
z#|Uc(`JYTXOqK&77%~ap1=`^};Jdcb|5_N5OAsWN74r7C9b41hmnx4frz|t14QBb<
z7$QC~t(khfijuFK8?B!Abe_psu%IX^2}yT=)WYoWXIdV3gJe`bEzi3tL3^g&Cjllq
zHnp1t3$#4r^x(64+t>R8oS{FBCXhIJXKV)J%2`QQHg{lG>I3xuqtt!vYMW1Q=$G5p
z9xXsOJT>NK4cdYeE*K5@ew9TdNj5`vgPmN?7kA0GDX8XUEdz5shq+hf!Axr%x>pk-
z&?e%1a^4YFN}AhKb>pGCEF=T6fRinKa)V^S>PTD^(FqQXh7<&TdqInc%9Vm>k>^;!
zgW!qiP5S2yf@X_{B(MuMJ}4)I;7U-=#`!RYygevIH;H;ClM(qf4delp?05LP^EmXG
zB3dGop{)zto#1oYkhBP(4HdSvtEA0uT8w}`3+`=y3ocIbg~`0feedq*4w*%ZHu%<c
zG^VFtEPwWsf_L#T4YtuGn&7}thS6)B`~q3W@LD~6q1LW;`oflLA|wp*0bh=^#hb&u
zQnWnY#AdI@3P_kgpC*~O!C|<cp@VNt;-ZvQ^Ta9l;&IG&_LPnFES=WM9cC%r{n_F3
z?t$|44Z-tSk;h{-p5SkBnep=idM?<`rMkvvr%)<EHK}RBV84e+Qdlb+6EE-kg{{4>
z2(L9K+Db>NyYt?ePQuH|7%!{CM2<{{fvhZI{=Teec|5L4C1wECvA!tGsKmajlwW9h
z_6z&4F#4exr72Cm=&n8rYMeW~u4W=f*^wgA_J9A1|Kivb(GTKks6uKN4mC*LZkgaQ
zG}5C4;?{lY8joroligX47wCH>_@4ij{wBQK+RDx(Km`$*%Q{*jD20n&NA_Hd#gv0f
z@y3X@Kze%n6!7WWbo!9!H(hw_W!iVO^t<kp9ZDw4AZsWHdxS;{#o$saHJRwm1>tTT
zH4<zsLbfem4scQL<j%%o`?PO{=dt7{y1`n4Mbo!|@tPrQvrQiwAygM2hp7)d4$aO%
zE|Pv<_H8kmvQrbg9>=csDED(<yS2o?v3C)VXeriBS;r|msT<}T4u;2KDkp{#!_8<*
z$6QIHp7?0GsLa4PUN-iGp;9XmWAb#@e1K2m*AqtZz2(-+aD#jR7jXFXHTU)t0?)j2
zP|kKQq)p|7pMVA^WhMX>CLmh;ut>0Wo$AXvmh~DiU#q%Lxn@G#>!stVnEE`C#Mh(4
zNhpJB9<)j}MJ2Zc*$eX4)ZTX+A&zx6_o$RKe@6CLCPJZQKQQu7L$4qBf=Bz1F$t4=
z)h%F`EZwTW#t8`BZ@c?$o(*vIf`w<PHdzY}-_hicqu%Os=(PFNbF%G&{g*aeepb~}
z79osoQEUXdXEW0T#|>Pn*;Kl&*{bQ3z!f4OoCo;OP@Uj2G*sh5Ad;ZUP=nl=GU#$Q
zQQDjrqk`A1S4ctci#8s4m<%Ej@RZfS@!W?zE+ymb)VK%W1br!@>;<St?{!*i3>WR%
z6yZ<x9K`P--$~_Eq%R9a_TI8?v{E<JTSy7YssZ6MCNIt^=3`V|mpBwLsENFPCDjF=
z)|}PlW$<y+Z!UPAWa2e@K`b&5jn;hd-&7bzzv;JXLUx6@Qg4d9QEom*CC^Jcg<aa5
zJNORaFcO8bS@L+V(`I8>@X$0+AS!xrjzdVIfYSuCU6k1NhNUkFC`&E+6bR$ht-9AT
zY-<lCkUKC5Q+@XjM<Nv!fioo}nYh4d*ri)xW0>=D?EI8gLTP%2P$bUg(=czIS|F^g
zkvj*2TM2?EVk!+OkTjNDyj4RwHtvRc^+j8z5=jq~5K_Pb{0d}h|Kg`8qREk|sk@4q
ze5}AS&p@aErR@;El+&u$b&XcZ332C3bkCW3#Q6XJR{y8&>ce=!P?S&Q^32xOhJ05>
z*W|T@swr!`>1&;9x0qSST&o!%bHfDpD?kC#iFj<Dw0SM*`SzE&Vbx;Dv(}PKJY)oF
zllGshja{v0LP@&nfbS{MBV%&5%wPSPurVt~co^PuHoIPZf_~G%mjztCTR6k08fU7a
z+lZD#X_~(c*QnZ#{LRY}x2EEsD~iLtG2*}Dh(81wKKqpJZwTe9<G2Sb+4AaeaG@*b
zCew#{0#q2P^2QRcvUh}hNeJs`sL@h?Bz;j?g!~pm0Q*u%p2I`dFU{+w3z@$H6O9c|
z)d8{sa2W!vRCv%z1!BvE0I4^_C7*+RX^AzIG#4JC-t(-f(W5TLM#y`k9P|L{RHt9^
zVNUOsL9`x^t>d4HYDxKyu|QUEZ~cq-06=Qtp|ojVVbC}COT#Qpsd|sf=l(nEkKnpU
zGb3}yC~|^t%%_NFKM-IK-pn3HEQYkCiQ{$@lmQG);1>um@8OP<FFB9Lvy{N)nNi~2
zFF1nCK}F6s;=AA<M_mPZgK-Ff#CeL#n}-36^C9V{Nd_KVI9KvvWAJ?DvCdTS`JBYQ
zP8p%7`OF<A-Zc6mr`C4nM4cKNdeksJGm+Q}5F34W@c1N<NNiyLnI*g`)qf9(j39iR
zh*)I;cxz|xD_&_3i|n+$4*c)AV8}}BhFa_A=7yxEuVi#(@VTQa275D77aA3mo4<HU
z5dj<tXDCy{{VBa@Br)q(sI#`{BU&?E(A{!Xj^%Y;jCZF&J-Va8w${?{q~x7LHe3Cy
zo2t!nZq6IA3OS<~op<FErwGZrp=`h@H+XskNDUYG-2gW!q8E0yR=*T{H9#JJ>E#Pg
zvjfoWLXn$AZh79~tSvNR?y3@jR(0pI!#B-F-eHGDP)AHw#My*Adai#=Fi0tA&b?`{
z2rvW=%8x{Q<elxo)jR#s=DuD%pWpPo6VHAtcn;(Er{196XHS+Zc?obHtVbFoGu3py
zoWRzH8G%?3{66)#iF{j@zuHq8d8e?Uz)EdB@eKEy(~0ACW^LtXE8*6Q&tk6UKB1=y
zk)|UY^35{wy2S?kla~32+>2c};0<2npLjS(<le70s6zQcYs1q^e==!h))23&DMiDA
z#ZOskfahZfR^+b_O1wsya)LJq$6RyV?Iprhb*ZjbqAj2$(doLYIeOw8e~vb_1c;EL
zL;$n=_Z|);5VRDU0Pv?_LMUy(pPYp&0e}-UI`5}$(JFZZNT_l0TEa-u%&DoUJkuvb
zf%HkT4wQqX;sM9=xJL)(%Y_YRTngyNSpc#<<d;<AUE?K2RtXZDy<#A-dE<dD{)H6~
ze&;g2CYEG}qVK>D6@<fLM&#Y{<lgb36t^+-Mcx=)#A?gL7af6>4_?Ud=#F*uLCyk?
zPblvd+#N#z2MHh(xHLZ1Tm~>+4{1Yd1_1%HisGdU8cf2B-|@>I&~C)DV05FV|K^zj
zROb0~(MG90nI3LE<guFL5|U5G=qv5qsQ7h_nkq(}>?*Nyh7zrSXrW>R?(gA*XMzZX
zE8Ry(Q-8vhz`g3MxhB{+flN>L>0=XMRd9)0TSX-{U*bAG!7XNAZ$z^3rYxmZ>KU%o
z=WNZQK2-wTObBr&k6O_&4nQaK<ZY#Y1<?P^BUcm3I99jDL)o5$J@MC^`^Ri1*RxU;
zA^M+4{C6pT3pIG8-_!)OCr9RQY7a2iQ=&%Zt>955^kv_4<o6ihhx2Eer{!1!VR!~c
z{6|TL7-=r3k8>E@ylow1Rrbu`c*eG3_<Td~7zBsA@8PrV!~lp=OGm|O<<Rmh^g2J2
zw|((l+y?CjFG~|uK;Fi5KU+<%S>^JNf@$E+am#Xu<l=oLC|}awR2Fz`2LcxI4mveB
zaolS>9np5_YZTa11N8sQhNGz0*%}wGnV(s!xXf=n#qR)s_O7c6ZA2Z<{M$>>siGiq
z*4j25MJYbS(En?{4fqQ2E~}Ot6h*X~O+^!vu-f+=jLU)y<o5&Qw-~yM9)ufd@*8^S
z(aon+YNiZF<Cu4BC;^(T>=sdqqUn!K(X}1bug~&<qIODIu8|Y{(g%EuHivXI(XwO=
zg(GbiM;MHT{^2dCi|+yWHA_-NX@z+M(tzUyRe1;3)C_af?kGEj`5?&VkyeJd_%x*h
zwk>L$rS@E(x}_}D>DM~+dkRE@-EV^wF{G9sGUm2o-32QrVl(=_{P_kIja{$mNu0hP
zdja4K7a|N<iOolF-az!=4`xifW-7?-)Y{2HS~`{)sV5S32bTmP8w)Owr^rj-am<Gp
z2xsu;^;GH(_{O|P<cQlJL48Z}C+|96C8Fw00I`x&?>u<gr;<|CDJhVto(;-Uoo`!~
z_SR`pN`N~Cyv`HJ9@T6$jbCR|X=0L!MXp~TSEFnN2_}^*D{vKKF`CwfdA7C9CVkiG
z%L2Yee7jo53u0#o$){D5*Dr8RX;EaCtInqke)4fSgGgYK>I8&Bjf--5)v9TrI8feW
zGlSfg%fs^ZnUPFu*U=(xT4|u<^BG9#)5DhUR6))=E;R1>Pl^QCkn7_Vh=syJ8y^f&
zL$JW#{sjO_S!O=DLoQW_Nm%B)8tta?G|VAhAF^9%ZN_ih02$<-5C+Too!P54V)EX=
zBJ#ZFq8&ZHAZgsfSVuXrRYslD?}7u>IOXSa@*VCc@Iti2S@O-zrHz?B%x92N_|Hr_
zuHPD}P+hK<WJ$Opck^b@_{QPe#Ocvn4J}u}^>fnl_-w7r1@D~NS^YVuz*Y8C44>~a
zLI}+>spv9+>wpxuqB)dnG>i?>uu#^~j*}>R<{F%6K+ISA4Jh(*vbXpZ$erIBG0Vgg
z*3mnO!p5x|iFQ)nn>nwJ0P2^JoX2mPSj&mt<;yAt2=nqkBg|zt;<1^^T^1$_urRj)
zJoC#Dol~WyOln<@;=I49z`yO{f3r^nyi$`j$lX)>o*30PgbT3Sb<A#snQ?pH3bYal
zGjd8`nhp#F8P-)rVEh`LlKD}Px97L#|2cmtqSQyZ-J22T-~h5B0PFBphv*)|#=#o_
zB4my(+?Lz>IMWrNgt8SYO0iX|p}g6n3f?HEphA8*V4Kn`5SB{y(&vU`X7){HKal)>
z*4npZjX^}o0z?!XK(!J1*a&I~xwgh&flP?~L`Ih3bQ^=C)q_#78v9#JH<((cPx2zI
zV(~c!L?OW+3{H(eJaObMg|u5y8Qud?NHnZhw*XBX4txG@J|3h<7w4Spp%e)jN_!U=
z&IY&z@IFy$PzvKKy#%OYRRoKf^{Ez3Df(~*OLfCV8VNS3&SYIP3w2Jtv21G=DUd&E
zTB~ykM9l;Xz#Zy1a&`$YPLfU1=40*!;Zp#M>jw27+D(T4kimfH^%5WiWHVqMAqWmx
z`~<JNs(0!IJX?-vzK*`^T^He=+motm!PUoLX*T{yM{}2R(%TD}%%&Z>x~dAqmJq;u
zC5^bF+kb(r@N}Xn@mN94w&YH5>mT2b;=(`senoikQR6ef=&#~?@Xv`4Jig|x#<wC;
zHbeceQxT^CU<48CU!pe^!slPSpAcCKB}MVcgj-?wv<%Lz9lnNpsT*$fyv)WYH70?{
zOh*Mzx!OSF7NXrFK_60I`(0)*k|KI%8~p>k_)jhfM3z6_{~zU}MZ{14d3dP=R){TF
zGIS760U?DCIi|)LCDK_H6&J%csDTWuRNh*#2eqoMD#0t>P?Xe3{9d~Q`o&SymImpU
z`_ukgkbeF6{KeX5oE(4!Pq3=#@o4!H2*53p1Elc!V+t#Vwq}X0pu929w={%oT)ur}
zrAK^i0Kgb?x3KS}r61~GjSwqsN{m<FWQdi{Cz<d&r>9+6jSxk7=dHwkIt~JRq>fOq
zRatZBY*l}=_!q#_j+o+VqQYlBCeG%$%~t><);7=l>pCH83f}Gh?m{X636gJf15nX8
zjg68)>mc)P#cdrkz|xHJ$(OI#^Doo^8a6a4YsXL(l-|lq#~SBA6c$H@|4=ooPIw1V
z!`ktx8CNu`taX3ERQ*DD{I-1myD#U5x?gw)KrKk97R+ua4HYR3$lHmv5QTu+cFNw;
zodabLfa^HmfMBtYVH)r#i*XwUbbSM|+lQO2@2$ju-ol8>xpBV4QN>t1Zi$u!5#$fG
zKNY#%$O}>DUyHa!l=2b6HuOZF1d9_`YjBl_e8Kk`Y?HS<*jfsB<oh#srbR=?0!473
ztb3s4cvTMjZXtBYH%4~3%n|as1);Q2!0Y~4tp#vJZLrX7Zy>teId(I90bAY!^3Bxn
znFN8FHz)6;Y{RE6#qy73*4R+;3z#qFr|(v>f3${IU#$Uzzx_~QgGZThqgK}K?bs<E
zLzzCy`J7hkDP0GEL{$+kotyg{>YlE*<sY$ZjZWDvl4x#^@2H6VT3-FZ2JS#<>K|<Y
z!UNQ!6mkBwt`xA0#sblTJnI&atBPU<6&KDm9~Q<*Rj8(lm;|jOmw99y<mRkERzdY=
z;XYORg>d!%4dH%Gx1T`iM&Wr75^~+qjlT#9KfecI`Kd?fV$FzoEGUtI6sA&8qU0sm
zW=<U(;H1g#UO6msC&fGI0sB(a%#DYvFP-uDyaS?wQt}!km!R^b*GPTZt_6SB!W#gc
zb2ZTlQThSGMm5~X$xsg+3vyw{qN?yQt!O6OZXf3a1&8{R_{WX~4x%Cedf|Bj60=_@
z2>`mTgb)ez5GXfwK;4u9trDmUS>=j=*!dhEl69my`%`Lgl9@i)EXarRMI~41*8r@j
zG4DvF->p7B0MGs&_La&%>RkSMr^3d^thT}J$TLY(>T6h64wk%x;A?%X$vhJssMfKf
z!j_m?B-V3g@2zL(7TKHur6@r3BBbU$j;VZ2`1GK3;=9xDq-ayW{OxApSD|w4`4fch
zA71EwTFQUQ0-&5=&&hCx$*WM6IWm{Qa<;?BiJ@Bx6=o{q2AWKQH;cAHhu{|KyQxI)
zMPQOP&sRjtAcl!$;PY+;8u)xruoZ*~wkd~`$+)rw4d<}hQ1)Qb!n+oF5FZR1*F(qX
zx2~^T*t*84BNP#p_h7z(yN_W_;tA{5Y>pG^1=(MPZiIS4I42*Pvwy!#oy@g!gybim
z5=h)u%lqPvt_MiI<b-ulW3VG0#wqm#3#?2OlvCo8tQw1+SK4p_f*P~kFsCDsMTRe)
z{}^t=Y+dnnY#WU47f`f~g^IQvd%=~WP87JnH~`85)g%zl{jFl2E0)~aQg8^~&fZAg
z&WhxqZ31;#w-JD~HWOvTzov=Dh@^bByf>VWxq|POo^lXPkZfGa53hQ8MR7blG&=gz
znm1HgHM=4#jxTWo45>fpTeiu)CMC69mAV1mP2s~Kk|JRe@NPmf|CmON?NkviEHA&M
zh~AR~y<+&0WHLc3PD8f7UM5R~6DX#3Fszwxfon!I10G9)f4<1;Y67T0`T!!_5YY<$
z+pQ1(C_VcT(wsj9$}aMDncrd{e$Ior1#-ju>r6Yj45Oh#ks`WA+2(SF2+C~!oR}GI
zP$EF~#DM>P4N{FEn*EO;LX^-w^Yj8hsV2dxn4Xd`S2>@Nq@@(``941RDWxS4K$b5!
znF+$TOt*^MFrskqAHH~A_`vrMx;olGp}A`Z5Y>t|;q)WP{%83B^(M5e5DPN^v3*f~
zTSuyispkJ-?>)n!+Lo<h8<3zNNdzQI5|AJ{2SsuaRFDiJAX%aWo2ViJl5<oEA~}j=
z1<5%F1timeWRU1PS0n1)8_&JxyXSsC-sk-R`;pyi%{6OQjT$wox|`Lmu<~ZRf4K$K
zO%pY)VLi}wh|J;wKS#tDU=HiLE+aIaQ$+smJycEq4$1Z?>({SMuLus-QOXtoG+yyP
zXb_v1cAk7|^t>+;0r<kAH=@PNc()n!WAYu0!Ou~>@f$LLf*|v6sY!uR9QW2;N>Fet
z1al9AtkgamxK{u=K5kmm_u%OXq|Sq)uiG+>i>osAc-gf~z|UdVy%-P37+SLxO3;vw
zxqz)VBr*J+tmn{XUp#A>aL5l32{8r;IYGJ~?A{l++F;#Gp2gnFMaw>n(Hjk>Ya%zA
zr;X-Yz|Udt`&iF6{fFm^9WB{X4=P%by&19ZY+ofojU$fYjA9RD)(6g!@1h4O0i@YP
zXcV6V+RVs&yf9NFqR}jbs@2Hc`LXc$m3i?B6CS4aV}_(&#`+@%ZIFq)<qC4pCK|Kj
z>aFq-ilQ6~+_1<+p5{whr-6pDw4sy`Cckl)rx9pzMdep0ZC*GejTFR$&HR{1`#q0$
zD%KqV=mCq&A;y_p0H?6x@}Q?OU*x)OaX;WRtdLsOFXXJs)*ISO2jrK&)l<&3kNZ4b
z+RaoGkR|?K=cKOjkscudaHc~5;=)hzdE-<eWTpq%Vc7h?ZHM1j_;1e(+G8(}LqQ7Q
zY?*bJo)4)PV>C5`@6U_Kdc2n(v*p65+?3*y9|IJ_K}}tnz>*HZ>q{DnO?Jr4dI{>U
z{hZ93WiUKKV^9(!6A93j)~^%gJdj>w8AhEla&6@VzzFmx*NRZaDOC{-MWEGLu;v6w
zYu}@Iy#=OR1b)n+{gzqTOB-(=Wk2icOFetx9%u=^Cq!<3od2w{+q5a}Jg8gH0>)K<
zn5w%pDf{lGvRWw6&$OCZCh>_iF%TkPrsWv6Nc{Qk&(!pLR#jSw>FY~q1(P0^P3s0W
zA4<jFJiT4y@Noh>-nGC@VJ#Cd*Rs@mB_T{Jo_P1XNSdHD&mHXu`5xz5@Fnril454S
zVF_-_{}5GWq1KuzXst2&jyUA=Z8FV0<Rl=p6CMQ(Q;v@d(pI@Z&4qHzFB0fsg*ncX
zMbtW7bbcj@+t9*Q^p(<^$9qGiVD<!5kJ7FQSp{GUWXp_3xhbp74<3+kBObJ8*qZ4P
z!sB}~MZzzscpw=llOB|heFUzpPEh&i@J~dp0m7&DpfIyPHxs+A>+tQaxZr-5`U%n^
z$-vFH9dj_>as!u`Vm0{_M6}*QMC<J|f3s0Q{k?@?Gt#U<eke8r>A)(KvTM#okhWL$
zPej57^7MVsROSHL9w^|3vUXCs^Av$5Jp>{{c8DA>!=fOfZQl@To3Yln{;5ti-ttq-
z#HC0c%2#>PZ;T3!C!oCuhd?qoUF%FQ)X-a$`e`<RuRnAapzk$Js~7+}v@$eY7c%W%
z-X}!a{+b?)xAo|OCy#O|nGIr`Qk%(|dl!%*2u)dOu$c=>83uw0*Va0u4oU~~qT^Qi
zbvS^bhqu1^0Lu9BqPGF`t)$Lb4}=p`<iUVmdKH+by1a3}6L~IL-FC>y5A){*+I>#`
zb(HB5oiPE>WWllwq_zfgC#p9?*@5h5b^yn8q)KdhvcyV11}fl3b8EmKxmGoooP=LR
z%yuT+a0m7=M0|O974pEhsWZq?mOgTmcbO|B0V1lbuXxCyC>jd}T<N$~AnD+!G^Tle
z%CG<Wvv`rnMNh=b1JIlR-3R0C)~*y?PCHPHwJHQ`**;%?5WEPN!rdwnU<Wt$fCj-{
zt~pFY=RJQYNdZj#$$K5?mrvmu4pL%1+_RQE?8RjYBuw$iKTx!$&4X?l9Me}vKDTsX
zc-Nn@&z2kNh>0J?3n~;ZPn6Sc2<`Wkjcoi=UB!|3TatF952|Q<+TS4(+psClbHg1p
zh5%d@>>1CgvPZuI<-T!hovVQKPFcgI=qn%BPjQjp48(!(h26O=Xa}*>jfSI}{wy5J
z2%H}K<XPaNi5~F144{YfbdX9{V^hjf-v$qWn@-Cpnj0Qj#$4b$WSJx=;55(cZ4E%@
zN_99Q2eSUpb5%#lS>}jX^sKJ`E>)NZb+GDUCN$g%?EBYw34~rLb&;o=TDAlqu;o{@
z&l<2wPeAR-Lhz^x@)PrvWuU6v{G~7gMFlxJydXD5L|K;)-l6_&^eJeSgC5~+JK<*Q
zh_5jtQg?tF5kt$96(G<xdaZbiR3vli9@N6~i~!W9kh}709+d6H4(A3zw*SpJbiWu}
z8b<XD{2p-65cG9419<8oqh`-p(m6`SCkv={4@J@L>)drs?5xpzUI%p??_q&V6;anO
z;s^z)G;(t9kUt*=sS_q(YR~%1RIYZB_d4Cw1`U?9A5I5cueil%H%T*t$E4?q0$A`K
zTeCm6sg)G&<WbiB>l`>VM)UWZKlS_neDmK^dcfgO0<vg1EX|kkP}cE?a~`~Uk}U9M
z<#h>YJ}K{m+1p^MR`A<08ZgWvHS@ODkE24UraHAFNKLyw`BOF=@sPvLfyN%xIrs>5
z4tmQfkLesB+wq`t@Y4-(X~g+Xuek7;$;7-mANZ_!Q~aQZ3XIomcam?bj6}Qx^wYd(
z+F$c26Zm7RQFJgvYwN7%9<qr1M}Z1;%y&&tr>orE7m^QtbtQrTWwZf{Ag=re7s;s-
z6a3ch4q=2GB=z8+&C;;xE=gI+*xj5^u>tMD#2s3|q{U*u?_o|rcg?c;;#5vw2C??)
z-6gKB<aeYZL5aukA}~MxcOA(GFUhCGse+7$u2m&K`lFF6wL2nk57aF8p6^|>Zq^2c
zMUkeR6l-l5_~Uebi%jUW@w&L%5i9uX8v&qsi@&}RK=+FT>+scb<F_3$Q103X6P}*J
z`TIKD1z>insEd3faiiIck|{8%ll(G}X8tuz1f%Idy+3CGRq+_KLGb%c#rQd)8u4J_
z9~DeZajg!yQ93Ay1W6ZH`58mAM`|%ZO#-Beb_$;>hSs=850HSP1O83@`pIX08}`1>
z0i=yI3$hi#=w8z`Kt)-T1!!{?XTUHls`K65vU|pMOo3)80tm7B$X;Pp%FC|=?nr^R
zbNsjY^F6>Ilm<n|9XK<(r;S{bG$8{Gw}SyxjMawC2c0co_^VgWuE)I(G@_G*??~Cz
z`tLOV;=A9r=eO#sbaxL9_G`vL<2fIpv*hy6iE_@PN_=}h=Q~_!cXPVRtFQwpRh;rf
zfEIN8Lo^=?+?%IO+ZtTad|pe4)DCP45074>jg@z{v^0O7{yh`WLm6jtlHxq@1c&7A
zb~^;GH=(+RC@gU43joyf0Y@#6>7}*onc?9;sspZ`kMc(iulIA$7h30>;>$@(?p*kB
zUTTFx<Z>cGGXI_PI*!*mqE3g*0C7YFDUN`#aDJnCP;zD}fj7o@n$ZA;VJQYCvMC#A
z!G^fNhHkR7s(ja|%A5{feM;Jj&xK(BFBmTH2&gjQg%<Dz>PwoFqO0T_s7KPEhCPxx
zhpqzehzHy$QV??LeUq8jfe20TH_8oZXYQ?2+ONfs8VQ&JNB4KfAcp3`zEk)g3i?Qo
zOLaO4sa{f8;O#x-sR3rH0HG*bRpJlRG59_B4xA8ZZjK;l8jS|QtyOeR_eRG<A(K;0
zKU{YFKriXfftbGz^it~cP3ggs1od8sjVo2$(2Y1frL*^%vI&d>(h5CD{`v6g6;eOm
z!2s&3zX+wsW&tpNmlvc3%0Mtxb~r5j^%)LY(5Scz-y;N_SkwG@9PE%$@f}3a(GI?W
zsm!b=oI&F7oBf>EzasDu)<px~m7Pwq4URz4Lgg9I7F=`aixG4HBRC3CWbcq`xkK;x
zX?b)@RTcEy(O@oM=(BLpO#}XBjcA9Ktw(6e=-u^^kAa96+D)%S^X;VH(1Wr`#XU^g
zuGd`h$57)rq<k9xeP!tF*47f$IWXE9dTVKCh-^2^UX;|=S0G_Ydh9#Oi4)(yOGH=>
z9(~Ek0{mpurMG!Sj)u?S@jSIQQP^8gR+P!7iH(izzddd=@R>-eX|ailjvjQKAiK~1
z+^{6Ic5kzPZXS`9eyjf;cejX0f%NEGq0b1_bo*pA`Lq<o<B8`&R`eY9PpX@m?w8!)
z<o){nVCg$^tg_%-&$lu>UaL<z1)LnT7sSz?il0F_efo63onmG4v*cgAB1bXJ&?QBL
zD)!3lQAz#pk5BP=#aMK9aXLA=2v*p0lyYZ9vXS}YqgB}2TQ*}FoA|j*HLKl0n}HGE
zpi3Ztfm`-b=axUb>92+9x{&vxw78^%pE?wwcf$tNH>s1<T0<j2nacAd0mo;xD{a)Y
z^oA2^SW(^Mio_p0F+x1%iW#EG@TpO1@Rrfhij~PyS!PNj^^|tP{7up#6C>Hem6hV4
zf2$bDHIEI>&8>I6-|Q;XEmgVP7`)ZgS;Q)^`J8zo-1?@@1u@(b8I5o9Xirbz-@Bsk
z>@3e?t)+PZ*8Ql{<tZbq+lF-pn^TpO*DBoO%c-d689{^iunR%H9(*bV@EEnZly2Ks
z<gVM!E<1PqOwt~-vUvN*lg$YWrP;KyxTlMxlsIpPBi6f|x1CFz1b4&QSg3Nq_2Ou$
zo+mI#(6T+E(RcP6L(vrK9lqcw)rN)n2V`JHg-)D`iV9-UM-w>!mg*oz8;W`z9?`n_
z;+;!5=OiN6Hl_Hs$h#R`QemwjnMiXxbz9wSdCQ9*TbpxkrbV_jx7U2^9!#^>-F6DV
z#DiVnz(FfPF+Tr#i(Q$3gQDM;k01XA*iklv{w%7L{scR)qsY~y0AEd0d`qgBjCz)<
z*=JbP&HQ>pUB8CEFGvZnf5-cPekQ!C=ZWg4@;x~Rm$~viVQt}fxZDhwY6FI&M(Gy!
z5Y<ohbostY2W%Ga<V|>)9(iUYJ0AF-AoGe>;oUQQsit{l*k>BC(iD_Y(-b~*XJazK
z)o9tmlvXFZRj1K;ioNK?Sw8kE)p%V&b}?LHWs}4%=cx%E$OEgn@y1R?nI?@?3CmX7
zYcr0FNh-)T4wT$Nc_ONh#)mW&`=O~i{s*R-Mg3nlmA<px-YM0VC_RaoV~!uP*Z|UE
z?S~eV{2y2>3HQIWm>i>-E>mAYo2quXy`^?RJ4?JY*#^eG<?Mz%f-}HY`&sKn=a$$^
zpTY9*@F^M;N&QNEaM$hZ(NA5$9*x(`uGk8o`U1z*q6hwDeC5_v9!U>O1rnGwiurEg
zr_BBWC0truVs;&}{_@g|h4n6+f&!e1gf@dsZk?^B0Vy{{#}?IcpTSGv-o;2<m_>bJ
zc>*)YW3Gf^5}WS0(0fq`*Gz3{Qx{xsgzjw)-CMXtSg69jX2IfWPMTemh+=;QXK}Dz
zC`G~9B?DghsiZ9MP<XIx4+F9jD0KRQRv14Yx&$S4g88l^`2Tk=j458UOpHhmK~q4z
zPT7YetLe9i=qu=!=W7|@U3U@m8SJ+I%wkBk%`<peeudJw;O3bjIS4tDa7l_`)Z*Yy
zjzL^OGKXHtqA!?z#aJ4+J_E|gqpnTUXlB`J?h{i6pM#Q%?&Vkk^t7+>xBS2Afjy^M
zwLV;VWMFD~^<>@n`1py7=`-TYR@5rOjlp@QPNE`cGS&9}@HX)ahv<+Ej`>tH1watV
zq$|~A%LAfXSEm7}ZVq&t8riiE=ce2=$!=v5z$I%>=(1-bqsumr53xqPEnHyI5wOv9
z)7=p@m>z62hfdei1`jx<O-F2EAvob|dFvpW)a1JspO|5Gn#m$p2b{*-LgK2BesG}!
zhB9)udvkDzoIO6Gpguu~CDwK132O@Y<Q}C)=K-h9uvGa$Y8##Tu!lFQQjC=6ntaz*
z*SfZ_xZ0I;X;HvU{Jl@WtNp!4_LAuV;_0|}V;>=2_7B86fj>(Cv(7i&wXlqgRB9eH
zR89+T6|t^~P>p}bn>HzIA?zyGonjGGlI<W@nLgT;pJqQ*3o^yr?xScE#=|^OCjoG^
zPQu!)3naY~whD<SQ6V9DHW_Hx@M=t}J$mR#>_IjfEQA*qH_N9@E##$jH%%wJHIPql
z(~iAiOUauck}{{tE2G^nNI%+RZ8~_P)ONgluY4W;p`{@75WOd;tBE)!lK8|-A!Lml
zp}u;AtRM*?kyRY6RI)nOVn|eLc<MiXJXfhWyvW>rp**4kLXg)oF>7(P%T&O1VXiR$
z-Hhdc>Km^9>99DT025`?(l8u?{vxGDz6~wS&9Lk^es(c-cp}Hz!sKC=;K#gwvW0)P
zRap~Cb}4)fcu=xKrf-t>0m$R`WW!%(h%IjKb9A07j1$?k*Btz`#%sX@K3>UAuC1o7
zAdOq63Eg*IGi@?<hn3Y;P93m`#K=nJC}+pj^N_FVlcNEwBVV6pWW|blKHo)l_bC$-
zDcM`O>JAM5u{u4FuXY}b&)v;bPRWJm6lWDaOi;=irF<K#M<$r{`Q1#71=B}XzV9lN
zPX+~_u?4fT>ZP;lx+S#nc448XkE&{^mXZM6IDsF<fYKcMc5I>u3MeBepgaW957>zK
zf-WXZHVkkJCsIOaRyRUca`XWDCl&UvH|qB31r9A*A+ApeIMPyYHTY1K?(~h}3Eoxn
zt7%0-TMwgHQ%a_$#h!iQ(30+?&rg|RDf-yl-aRNK_?~)0%S>L5c;Ya*OG3%r*Uf#E
z0djRGRN^159yN=~@Fak2D|GVE6W38-*5f^=QMvrVu9Z|ZMU~U~tOJJ|a&Y4NzJ6LW
zC=MHsi2Z)iw#I_uT4X~+L{85+b}?lWvN<&G9_w^gCLModXekiFc08gP05gg`WJcOZ
zW`s;IQumRBW&cWbEdNGxm$A9UXa>D}^UPe&&Y}(3cF~LOp?Fu(mI&2Pwrf<^tfI1B
z%@PcDt%eVcPtD9((8lWr?XVWnr})_*5ySL?I2A{?WR;k6C=_1ho_<H+RpmujvJweE
z#f@f6F>c4mw15ZLFeGJa&E9N(vm{_|sKa!zO@zu=p2_OncHjlRmOd4GUklT1Im?yR
zHT&XVB@UVWh@p_KkNk(^1s@_WFGmy0p%5b;slIj;V!x4>a^D+Omn@6xHY+sq{|7F!
z4&zc>-wox1T=T;(&-l$XJ@{-8ktwZx1C{FX{}Z=hIo2(H=X_D&zTKGv8k%Lg+j0&=
zCLw*@Qf`{xU)QG;N2HSViUx135=N`ISCq~QinTkopUc5c0p&xv6q1gg25w+_dT_8y
z9wgSCRdmuja&mQbSp*#GFxuY^$0CtevDxHfo2q~LDj?gSA+aa7C|RniCEp!BgqTu)
z)1Bd$y|&ggHaH&s0ubcqhoEOklUwdAfBR`uWCZU`jZ187XYPh0mQ+FgF)sVuU$JIw
zjs_%j!-ZooH%SlE2^D2HO|g4bBd_2rZO%jR)H~+1RjNY4**$$-_9?|K5bsC4oZl<w
zbSic-y4X9Ha!6yvwJ<v{6to)JB6J~uiu?soFK~YV)cR=<Mt64$O*KVX93$>bh67r!
z?ru4$ZpPRZKBO6w-J^!2$U64%iR$S8KN}4Mj3tebmJ8&@dcS3gzqoPeVt1<PHaPcZ
z!RnQO%<mTk>!rubsGFIaf^(^WY6yo;2REpKDd!9W1=0!<R+CskrIN~e*F>Hj^4;cR
zVHNmpK75FqHIYb2{_<)Qbi7r(t1Lx?b8?ofit1(=k$UM$Ic%kE?JV9Ve(F!4TH-Ke
z7d{3lyYTUX#T=Bf;m*HO_HRYXGJ{gFa(9I5T;ZpS^(ouosbn8{S+!#H$mR-lLInXG
zWI<is>QZVF&8jb`FG%5zZ*vWs$X-Lf$}BBXX@2H1lFclEJftvc{+etTFdlEac=?~4
zXU8M`{S*wmsN#w~B||!Zl@qR0P#qaL-7i(Dvd|X3!LinKVqbUY)1Gwj+QNzjlOo?U
zOU>f>J^K;xs-d|QGJ5wWBw0=k09#ThL*EG&gDgg4LLGcW5A3xcw>$>`rhqnW5Ms8g
zt7D(@P}3@GqHAwRhVR+uclngYx}-^?^05#iCx|4lrp!s@DK<OCCqg??1?2SAq_PGQ
zybAGekCfA2lBA6Qp^^%PN>rFjaq>7i!N*W?(%2_6-B&#TQV+}=@%0zDzn99?xj#$g
z$Z7Q$tFyy}7N%~N$=!~Mh=B~P9PEZsc_F6VLdtf^_J}Tf!6lXFWo_2btJ1;QWhK@l
zvAU8LxE?&`h1CKrtQ)7zf$b-QpG8eYkHi2kT0iCK9F;s&sgAl3uG|c27wFie@`Tj;
zYFb!O*IiBRKu%~w9^2=O#ioPVYu(O)w%Xv>titw~kQzV~FA9Lq#q+b$2M~$$iSv{^
z#2jtlGDMt0z#g3VQ9iP77F``WD^^Y4sXUioGpGH0(Q&59CCb^z!;Rh2>flv_^QKdA
z7}9r!9o(QD$uF*V1%!whA!$yx6qHeQQ1=@Wf!#KauNl@jWQ*Xyk<~?6`I>AXgOPpw
zs;z;`m4n@}l+xPjepcYnV6O&Jjmp}TXGEH8fWb;tR?{vaNy-pJg$m7+sJ5Z(Mrn&q
zaL7@BW7gklSOB@bLGp(OUfXI)o01aPTwPl)H1LZ|e2|p|;&Q`cBRl+#Ca@0_QV&!5
zON$HU_vCC01d(pR0g)h*EAtbAknahY;DsOho;rYrBj1x_RMIVN$?ShRD0=g>69}j7
z9ckn;PDaaJMK;J~SXm93Qd1lu$h^c_7MX1>R0e`q=qCea`HcbFp{x9J6G`^tlPS$D
zE&)-CSBpF%^-Kk`+`|k3wFp#4hl;}?=Bw!=U7Qg=w$j#>?>dLvN_qa;aeR*Re`_oH
z&TA35ctn?2EnoLQVf0#l<3W0fr{oHqbY1F~?R7kASoh^k0q@tKo+d;wo|jEi<6Er@
z*nOZ)02PwpU5EHc!K*u_-2O0@<+=mz#71naf|98Or^SL2&}ES1tg}C>WuNT^K@6aF
zh*NRA9I~l30f`C*<Qdcu5GG&OaJPYcd@WAmCh&1Am|d6b?_Pc}p5J+nvp|>Dc=tN%
z*pzyV(md7F03e7H;qT@9>xzn-uD^L(=${f5F*FCVY(e3IZfW-7f}mK=!eIg@!2k)I
z6r*BW7E0iyEu@ku$Z`zueF}A&0>JgC2|c@fLnGO^=6UWE<MyKHx~0q&9;iI8*b^4f
zC57||^9<}17y0Jf&rE@9yQK)qH-Al;A8Ld0dE0SSU-RK+07>{4Tj@`;ADWh>a5dUm
zUB184<=hWQoBg<EdKQ2|CHBu8TJqVh#bL8o&*xz4g0N#@^)@j{S4usq`_zA{`=+rm
zL3yEs2{_MO2@0~39mH&Dx|@k31j-l*mR9BYsGd9%zepc-QTF%;Sv}{J8M6T`8Jqy3
zBu+umWT}a~uW0g0)7TUMe@H)#K-@hHFMdE2epNC?Z64I1W`5)WVJpj_3>i?JsZckR
z3+mYOg<X4v&%u_8ot&Mf*8T%q0u|HmDE@1u{QucXzZcDi#`|Adsd{yq)qsZiw&u|F
zbPa87^6Qa^tB|_<S9WKIjt20A5v`>!E3Gb;?GdPEmP+WL#0lObOFM>xX_1)91Ik1s
z8Q5U@d~vEZob}^S4LzSVQX@5Nm$%$lSh07R%d`yT-vUMCQuzDkoB;b2qveH5y^Z$B
z-1S#wqB#yGaTIU^UWIsAQTu{ySWrBG$&6pl6U_Xdb{=#r5=d}4k91Q~%rK=o&YQ|N
zlY4;AOX9R#H%`PClueHZrD|2iM3=48=0=vkVzG<S(hbs~+yb0<MSiXX$SxgVC=Axk
zP+IT`S)YY-U6(u3VSg!J1)Mg_Mcwj|Se>=C3tU%N*owMA_4&X-Tk}kNWo39?qgu`a
zocSu5WATduER#AyNEIKF^kC5+l6>H34<)Q@TXZ?(*#ND>UfUB%W-QQ*jmB?+gv3Uc
zjD<C1@<>g~EG_NE{1T$1kURknXE6-T(jDBr`GglJfhL4){)~`O3w<Ht=lgYG7Fobf
zVTT<Tv$g5K5IVdvgan1{m|4X=N}zfj?X@u#5Z>KUt7Fir$lprGwj3CI(#8-+s*J2q
z2!Wz#O89xOQxO8VCen)#z){1H07r`iI8;xKX#Q|O*_u5}US8NFeGv}$8z@%G1ld@9
zO!P*Z2JU94Z;FP$z!4hm7<|Mvf#e64P+e;IQb?#2qS@*Ks3}JR>o2X6gM}~+VrkKM
ziV7{Fw1wlULL%{+?&|d^Q_BnUTBNZS8%-l=oP`D^WP-8xjfElLPf|pS;IsA}&BlQQ
zh45A&D2O{ACn$)TB!z)weg)_m3iU*XTtTXu3~xY`Rm=3W7f9A~njGD?=DuhE^LO*4
zruczXTju__DxheJ_9oKEl9c(_d&lw{u|(%5ExHy7=xz_mq^%X#C$OriB}NXVJJ>rc
z3~HKPWwJ`yc0TMDn3BqMJA+!>#c1oOcCd!(s!_AMf}21)CfPb9ZdkB_jpQ2{DHddW
zUq@|ZqmW8twRDpGhbi;LO^C#O{g18&QYZ+GpG5Iu{C%T0OOh>{6@oW%9s<VeJZ#v0
zjwPdAez8ZeRB+RR74$pab|H(z!r<&e?3B6kRcFBpz)uc)HywOXMP$vxN#P0!r>=)Z
z#9xzu_}n8FA@4J2mZKR3>rMSqg7I%fHZAh<cglN|vR-8vw)d%$$=R^9LiG@6PRTW2
zk7;8`OzUPTJ1T|YR{<T}QKRk7^8s|U<dDYyEvJPkmE?2Hig$pm$p62sKw*?Fnvh>u
z_=3~Y#>S?)_NG|$GcuX8%C>hc&L=42!a#9vn278J@Y8_CNb1BXWRC&Br#J*1AQ&OZ
z8XxMV;KO2X*nrooXVR;x4yN6;h{FRCN9dIxq)7GG3l69OGVG`OnQC4E;>0>@a7dFV
zk`{pO<XNvn{p>GmtV1MhPFY8xn*c2F%Gx*V=H?-)s#hoD-6j9=B)?Wk5`!vNcf_5T
z2q=)?^2y2h%8dhH7bPeRkEstOLFnOsUa}8~)H^qby9*xy_nFnYKpzfA=C>Lm4kk2G
zBym05?~hAnaZvy}ODv5_r3VC5YLtK}eF1czfyZTg$kH?*6|*A~Aukbkhot?3o{!wD
zG=L%RM99b*B_i<&JnAWlI%H4vr&Xa#cDxVse@p>%L}t(tl{`MFO@W<WBH@eo`yu^i
z5w+?urIA9L?_tcx-0^937<5=n>f*}zP-FPo?f=d`0U8{)&z=9=K2NAuucxu4nqq+>
ztn;m;9P=)+cmPdNRZLDKkNM5vK=P&nRa>f<!(~Nz2vI73xt#VNT@G{yj&nJ{5C3B>
zcgcE$;M_|Ad3iGCSLcX{G5ob|SNFaTdPWw8N%MPc^y}nrit4`%QH<SGPQUX{Ck7oz
zQb<I$J-JTj3We6AU;7+ZtA3PgLyHx4HsY9gQ6Ph^bHrJvbqCk=d;hxb-ww%tVIM%l
zjtfapmHi<kL2f%PB!K|`r;ubhHY5Qx`BO;#!Bzhpl0eZuE+oOhoVzkm+kQPQ=@@v?
zM?k7XPeu|kI@IGmf9V&3sR#YZV?ho)&SOCr{SU!^qROl1-;29HYzEl<PfNi6-M9le
z18ZfN3E9i(fqFSMr%#s%lBn8v6VUvnoAV0~|81Q3_n(*L-^GbP$H5<P;@?kAe~yFy
zRBHMcaR54Qj~?G^>*{*a^!nq+kFbez=k7aj0JW3;O2cnW?22E=@Mq*aHd&jYOef!9
zVQ`qJ+rRPVu+jII^hk|z1E~*c!$cYrKt?4p_>r{L2|2Wsvu;`pNrFsFe@rI+o35z;
zE7@0hh5dm~{Nd341$Z6DC%~ftzwkPavW!68<%;xY>E|KJ^6iMSm_c(ps(8nxC^9HT
z@!h(7>ncc5*j2v_{b$#MdN~^#Ln$dZ;VOQ9eyDY<mo8z)P0$gUJpMzn|Fe%Bi?xc?
z9+y6s1Sh^wGHCoKL8&f;xPfWExY#Ph4MdK(fhh{QAg|>GSm=k4W5}E-Bx!eNd%8_3
zgZj}W_rH_8{{V%5w#>0E$PLw~OlObdW*87R3v`JpCW6F4*b)6xtQN-rCJQ<a(sv-G
zYJENl_Z$T2=YB!@pPdLA6uGkJWC_VLq(xx(PyZ82F;7&`Gp-AN$oCeXUF2@&0as$8
zKJKw$kS5_RH|vQ7JvQ2p#|G13(>)C?Pe8sGyBh!R96~o5wmk%<vd2)t)Ig}~QgvoW
z9|lO5`THMu4JPW8p0Vh^B!E)paZa)hHG${)C8#a|o!5r-$VqykX^v#-V=SA*2Nku}
zZ|=N#0&#J-U%P^0hvc}}A%+S@cAm>RLJ+<C89NO6N#5WRnPV>DfI~X|jzb5=X>f`5
z=_888gY*&1<BW|1jV0Wy6oOi(ysSXT9w_!u9*%)dZ^f^~yjz1bVG9E)f%+f+2wrVP
zNJ=<$<rr(aK$A4<sm!Tnn82D}jwmd$-Ouot<`|fRBMS~y!tNq(0FU2}3JxgP`pR%g
z#_Xn}O&%Ati3-KR+unWoWY>;!uHbCnKggbbKBm4_%XZs?%G`a&nbSfRRqz3udWyb%
zHBvwUEy!YTSwg<_j$9Q|Ub$i3mhOi#!cOpKfnba6rMWbp?sonHD)i1%pyc>V{Q;(1
z*OY{w=s1oDSP;ubZ;*fyOp(5wA<j?_4L{k8%aD;HknNHdCY6sLO0{8j2-ELb4aD#7
z`%qjctE@Q_Y&y!u`PJ{eU@?IJG~D=?1v)5EqB7!KzkdH1J~#7-tNmF<PrG1Q8#Y~w
zRoPe7#GFXf9S;q5p2f&eH2=W%+8j+#t3a9~(8cH5F|gGt;vOPQzr+o^pj{|mQwmlb
zWwIcS6yW?-(;XIg9qedrzF%Pnt~;b(*1!4W>O3?k-L)#q&gg~Y^&DOSR&&V9%8w8l
zc$s0vHxGgN1-lQjjESn-4<za<4Eoo67T=DtouvK8QO@F{nAGR(F{SONxdfjQyG%R)
zzq*cJAX>Kyg89`G{%bd&1n{#)VbJgM!zIalD6o<o%Cc&dHrrsng;SO?X84Z+KtyV6
z@`e(QNiFU@k4J+OC}lZ*;T*tcCF}8Npze!VU8($ubG*spa=(@9N0lHL<H@9=;$XB8
zd3UE-wlY~0=Wh>Qy+BP(hpkq$^saDsfkgKn6TJE?3ZF?M6h1GG!Y2c*C4Kol8E@;h
zdQk0`uP$>*Hx|AAmIU+@@Pddl=igsuhgY}UXl7+UjTL3P@JtmPR|*|+LN01s59XaE
z4W1?4>y-T2xi$J;v%gaY<I}Kjk39Wgk3=HbIQq4MK{OW+8Ef^0K+_ZG72tt<4;wFB
z-}NK}>D^Xl*SXp<D;?3&%CHa5`Im3CV4&P@^2?!JEbo49aCMKfs~jCnDfh=vWNFjs
zOVyZLm;wwsn~Ln?aE-F)U;pY(<$mX6cY>>=T3lj`5)bL$BHS}t@<ifm(J!@@8K2op
z`YFQ=N1`t^;Jund1z)BzKgkI~o@M9<fPzjyv^5onNo_bgV?7av&_XW!_Orxv!@sd3
zFoKFV;Ihi}C9|OIOd0gTkKr6^P=ryMJFIgCdyrBT<f#I5O}X^LhPp7?;Xp?}tw6^?
z=d`oh|3rc(_}{EQdD)wNddA&890UybglrZ~krBov!C`k(0|XDlk2`I`XcIc;9`g07
z{^Jy=U^aC^?RvsGBjqQla&YA3ht)RN0XE+J^Z_ON%#)j+k|g)2tuDlee{pt)8hti8
zM+pE#<yr*_`hni{&5AAUQ^lcj2KE2o7~qs!ET0P*m|tV4#%&Qs2M|@SNl~Eyj-}or
z^DH=JCV8X`Z(IqlCU^aWMI^bqP+@ZFpIQb724>4{NusF!bW*TV5+<EK!-?^W%phya
z#U3Kk!yJ$3t>^r=zW?1&^EjT)R9oE`EiUGrbE_d9vJ+jJkZ48v!@owsJu7IHdd2=8
zFfLd1N9y;rVFe?a_NC=?`duZ3=ga{+mHOGtJ$3bOjsphQg)m#hV0Je%{U7JnQ`&zJ
z63Vh&jR^6G7EaBU0&e&SXhw(4qq9%`{-l!nj(Ab-C=6~VncQZdf=TOm-oYm+boxW$
zy`84MVPW?U!4NR_5C7z>EoV^XJv}5WL7}=(*vNYcjEkVZd9DPOl>D!jbVV_?(}odd
zc(dpmrzsX2FkwaUUU#qu0Zku+G%hxzKA3jHm~L@V@hwrTw5a2q{uO>m0A}#0E)U#|
zj07Qq(t3CL7DTE}9nog+HVA0y4k>)ZY?nAMJvFKHx_#oW>45`=HVyyOo<pse6x`x@
z3KBqG{=jH34hvB~?0=+n0BX6Em?S;u0E(1iEoxK=I4qM8vxSm!a@<JgCjquRCLKpn
zp!K1`YI3Msm0T^Fp{r<ylllpmnDP#L7LaQA&m<16nofi|jDw~DiyCq$sUjAkF<_4b
zKU+!1&>PP|3H<}CsBc8c-$?1)PMSIn-6aG5V2XN6It^^^<?qh4LF}31wvq8g=|SlY
zqp=L#jW^3<7-A(3hQTwaRNty|Yt9Hg8vTB-WdNi>>UO&}0me_eBU@+mzI`D6kfFDa
zSWdzaxi_{`p0GDT^&RtV+2=)O1-JEARF8EW2k9Sfm5s78f2|83tGSiq(kr;gSGC=G
zVjmOwPtAzyk`9IY?(pat=+~Qx5O=<cImH^$-Gu^%IcUk{ENghivr*@n_<7!9sSZhU
zn_7H`rSRkpD|ITd*#`SbGS0+)&~;r550kxy$WO~2E?F!dX8W}N^+C=nKI;*3w-rCV
zn=|UAUEv?5*xk2x&f_w8R|i<xzgjLx+`qI?x%<_ysGh()HTr>Xg=MM))yjg2m{6SK
zkm(mwWmnCTrd!!v#*WuYb6h{qKhgWX(|?O<vtH~VPsT?vIng`k;S@{FRmxR77S631
zr?2DAYrq2hd-HnVPq}`5XTm?`f%<{f%Em8u*s81*zO7Nsjf|GYIaCIn@ALE#fRgc8
z{-`{W6R`@XYDDYfoyL8?v~aa!?|v<_PHerDkF&TwU>JxqY+VKCiIQX5Zjcrw`0Dt!
z>{jH+@)N#C(!%5TOnJT^zvvEHSM7i3l%}FcSPe^i6j`~RVs39p;MVRsQt<5iR@HZ%
z(34ST<6IEww=~2@3W-Xa>W6R_M%O_BS&PN+%Gz~!_`_AIo$D+S4hKDHqCDl3^z7+I
zOZR<*9x1~SH+r|h$CPZ}Z`K;g7p$8kM7w7C4G=;?4x0Qgd4X^X{=Maz`B~aPVNUI@
zwvid_v1iULGc(g_FMAPV_m|Z1pfovG%<Hr(!c^zE61V+X4A~K)lyqajV&CM@Lc55o
zzI{}Sn=!m_Ke|~v6+y_+DKvGqykVA2fosViMfhvU#D~Q1do%Z2F4y1Or%bp(TsH9W
zjVS!~P{{m)cg;E<>P0v6nCGssyL8f#@-CV%G~s$Z2(g^%PCT$L*<ZBQ3nxSK|FlF;
z(sn1N9sbo02Ioy^=1t0hf1cMR{t7+`en?(e51_pWtUw^!!*`>Bh+{tKvd}d;*n~%S
z9lc0{RTm_q1FBN&IgzS}!JQsE_sx0!>E+yto)orQy;viq!{H=cIvSndfT8!lh;F@8
zE*WgKI#;<j#m?y0%>(mp6lK`Ql%{aFx$&g+yyO17o|yg}+~H9WOMQ_>V*zjN``@)W
zAil{`*@p)f?@op)pCK-(KKbS%9{X)y?lZ78Puzz|40%a~tSHm2qr1BNvq|3eDj(br
z))I5)v&+uZihRLR#>{d0$bvqu%J>e=Uuie0UYMbL`7yi2LwO-)m?5Jhoj&)_BDr!X
zTD0*96ZiM+c6YU{0|OrlHT*U;^u@J<tt$782OAlBpLHqc_lEi_9lw3Sb-z7dJs>q2
z3U@M=`);w+Jv8g(y`fO8pE8$a<&bfnXY5%d-R<~i#FPZ8@CxmTrM(Lr))Q`8H=3K*
zVTPAA0%xGgzyV|gs5b(tOyl7iv+h)&=NOAxjR@YkB!n*D$q|T#9T7t1GW(+9f_`oh
z=43UFwNuS<fb~PeR*{wA(SzclJ6@-$&8_ZxlilR}zQ5#N1D^c=Q3ATj84urhy>_>T
z&ui7xP;TZjqu*_Lf<yKu{6syKdwGZ)RRVl-5T@n1tVRNxJeymib{<O+ttEn0i}{1(
z<Rr0{)m_qq6n6OBiI;8Y3N6{dd{5TmmmZ=<j%;K<xTV!%Plvv7yYIQ>E!~dL3V?R%
zJWP+dP2wHYc$liqVshY%=3nIXc2u)YS<kyKdsCt94JBcbj6Iwn8y$Ft9amF#T4(l(
z136aI`DcA+Qf0jqxU6w5CP+{dB(BBH%+7l3;%a&3irjN{cGg$*zjYe8uOFh)hT7nL
zBY>He`!hnL@8qzw5?1_8u<y;)aD}3^h==>by@(PAG<|120;Jiw9~%29`NHR1P7=!#
zhL~s;*LKE<tN0z=ZgOa0whWhyzN{)&pyD_ey5Xb*q!Z2GipE?NV;UuD+3Mun1+6$;
z18@lbK@@NenD?UOIQyhG)t-Jyy~x+RR9Stku4cW1RkN-YAF;g`ZoAKVIhW17I>3m)
zEz#mJk`pyK?`x<ImY3`JDm!%@+b_$wO>-q`G<wW>B*^QohM=0pU`D}c9K7Df=NDmW
zJse|U;L~1<>Bkn^Zd7KrxdcA8UU><)H1nuv0;OWLenw4Km+C8iH7A4Ni1L(cx`}&}
zjQtJfDCk<jR(7$&nZYX;WU8HJlXG4uQErvg-y()y;Dd@Q%)#oUyTC0QWID~76ldQh
z`^9amOt0eB89HW$N^0G^MsW>yh)!i!Oi(PnektyC=OeYuuq;}pK5Dx8+T*XH!d$Y|
z3NIrt96T&w!P&B|GWwZ*x6}aSwPz4Lxd+<ps!n)V2^vri_vY-z@Xy-baDYs@Q~X1X
z0(Cf)!VUB$mK~M%1X^few1i(O@i+#wzSlB}=ACcw^dB@$i${;Cn@da7#pjMHAB2B%
zT4QjNAEMJQZIUJ?zk3pK3ReHhg2kg?#9U`yvq-RPLx#=%TD8X>Ec($2#%gP~wOAHC
zR{r{A0*9H$Dwrg*osUS{zEoX_lbay-L~G$CFWn0a*BYPI$hm8tZxBP*z`ce}Nh0QP
zwpI-f?c2u>5h6mQ*=%pzqt4c_W9&I5S=aK$7?|E%eOZIt|JhqQHW&66PF(JHBxB(X
z!_tz_7s2DWFCtCFk;R=Dtpe!B#GCwI`-QqH2E#U5Z>_RMPTXlmDP~;AtEcRxTW(UX
zT&<qGxllb!`EYxxGtkYxA^=9H;apGv-bwp}Mf=OCaQ=o9mzqCDYLDR&4HM={Q?Z~d
zhZFO^`}l}-`24!$?bQ%H{)k$wrqR7=zFy*69Z&SB(A(146(4REBxW^vt>4GQjJ2q~
zOMK=Qey;HC_3G)WgN+>6?zRoKNy`0P78v0xdF^q6UehLw7G?LH?i0e505{a-hYc7b
zQkoG&owQX^76wz-nxul?i*UAVv#EXjG_Sk$Cgkaw4xZsaDauSCyVLvAZ_EdzP-5xy
zKj2E&2#)!kc}=DN$kB6eC6&Z|pzp3F1rHV8>3a|EpToYSQgxfhOSlt#C55~YL*XDr
z$8>jn<vj)!`N(R-+n%-u8$3%S4yVa$ZN}li*_RWx${C|2abFe@jwIjrzoY|u6~BZ+
zYmwo#rt?r16Q*@>ndnt22Qv&+#E0BgrU(bM{yvGXtCo;y0t3u@YX6?AqXWuv^&?VC
z3`<O{(Oi05t&H50ICKQX;j%*4v}*QYUT0X&de98zeY<gG(2^vj{eAJ}PbQcHULK;f
zMD|sWh%6ja!jnlOJ>DZ2*YlR8y~6L`yGp&he3G54Q1R7fc!v>I6x*8A!TpH+^)xXG
zpI*2LocR{<`2!f$`WohP<jE=x%z@`miA)4w`)7+EUD%sbc0Wb6)8X^Ra9@FRDq4eH
zbct$55AWKn_m>-J!|CEJFBfm4=%&@!5pAI+T$S-TINLrbG_vyiRxH`{BVs-24-vHh
zV<K;Te@b+FcDIu_xme=)JSzJ3mwAZ>+|935-w%38P_||svp+P@Dcm7piPoph-Tu7f
zrf%SELW)?+kF2m@O~YNV!$9LMer#X?d)Q%}BqCqUMLygVM4Yfo(w|hdqIOPBbMIx2
z=Y)x{dB;rBcjMc7KMJRgli3~`daW*&rmyOEi4GimB;qEsuy_4XJ&AUSG2XE3uq!pF
zFB5MOsJYwNibQ_V`!4Es(j9(kCF_e^oPAbp8PhiLC|-7LqqwCl`E|M}iyeNfH(j;x
zt)hq8ZWRQK5*zOn39-Dw`3K*ug&>Jzc7P4h^QV1P!OO4LB!=Z4^N(d4>62X{_wTjo
z6BP&y&CvV|(DsX_Xr;4`b2TdE^+Z2mH&2^5yxzG<YNcG3ZJFxK+V{zlIokn*&6?Kh
zYx&cH7sk;tLVW2I;5y@ltegA<r;3EnjO#nnD={PXG9QvZ&8hW$FCL?^=1b@+=N`A5
zSqrl_+^@r`k&DB`olH?4uPrU+B9Pzd>X`WE{8i9$9iC4R>BE=mJ8WmB;it~5qMfeV
zT+b@Q6wG52Y;jvc2(NrXvN*(7@9LY0@z{NyIr~S+A9IrX`)|}&tIv>O<-+oYM>dNc
z4s5_z$rr_ieskUwgo9S3Qiz<?XyOXX1=P89xR2{OOVvn<dK-ebwsoW?nYFUB;@gGV
zpYn?d8f##m`ALh~eOY`Edp0?V_dj5n+t)R^v3hS(F&dfQr9+t@$>YlQ2%fFedzW}U
z5F+Sg&3<nt+7U;e1#rL=0z-9?+m%z{Y%Qn#qB3z-J@Tn6YE?;2$6F}^_|!W<22TyC
z(#fb_Xw+^LS#oaAuusBiT*FxP`kp%~6Vtc-anZ}6wB%IYGpdbfU&&d&$-$r|s$!{^
zFWc0qBnis$4kpanhC~aA$ULwT4AX`2eM+C-eXLj<!n}3<g=B5+UJ%IP+ij(~Nhqcs
zmZ1SpA;MNg0N2fGR2gDU5W0uKL^1ndTrON{&&FLk|6YI<8BA!y=|l-<rWo1||JTI3
ztmMv<DmEjIH+g(&ZfmtK-nW=>=cnSeu61aeDvNDaMw#cpqVEaTn-kzuK};9$%`(Hh
z$()<%cAx0ZA+)5)N6~Sx#mC8F%&I-GA`^n<uuh^g1YM1zEFaVUo`Ojdk1oiuT%XfN
zsBVVc6HS5bwO5_QkR3%T<0I>HCMEP#5G=~yT+1MlO-tM1hDi#eS1Eavef`@oRF@>$
z%JiJ>J1D8$9(eaob(|bbZ3N$2^pd4=JF~Yo2Zl3ng0v@#4VNL8V0^ew6Zb9+u~<O`
zimEhvPDmi-)4-U(UV3NG+1$HlR;^E!;>gFEhxD%4Om&G1T&7vOLX6f@HoE_HDD_)-
z#1Q#<ftLW{3}I<1we7c7di^Ap%B-BV6TE^7eje{D*rp_edT1O*CD0eo*7_yaB$Kc3
z*TX5)1+r>;Pi;8V)?1orZp2{Svr6<941L%sJ?A0V?dW-S6{U{mrTJMDsje~NDXA)h
z=F=Ch_;gjO+H-$y)|sTBNKxm1kN)}X2VQ+jb<;k6GmHD!AviF0lF9Qs?vF~k@)72p
zqp1gylvUK2bjeSjsw75}aJ|Tqqb!+`kbJc$r&U+fQ$Q`)m)$LaZpoG{oRtu*$(SvX
zgX8q&<=RO%r}r<0d9$@v8E;u-2su2j)LE@z-#L&LT@CK#lCG~0XLhi4KG)=sEJ121
z)ZcC@8)ue5B7Z`!6GJ;;Bh#dJro-Fqnjx;XN{%9|{X!NYJNNjxFAO$y?UzyDWLwJT
z&G0zBg*wN@kETp}2-r!teO#LvhgUxX6(@^_t<}q(Ruk*%?`+<o7<cIy7Krx1(9d(u
zR%=mFa5&dgU(K#p?nN~B<|R<4j9j=XljGsZhV8LFhGR{>QY^Rno?4~qT}U_;Np)?O
z2rBO^77MzbpubRh$0X*+dES#k__ZFYImy+haP}P!7OmY~0X3dU`Si`w#oMoxKp>M^
z?qsIF2ljIK+Y-$)rPnajOp;L$*F&i~v1Y|}#sU)hyln?1URREU;jR{=8kD_3o4Ld8
zwsAsxm~G$={Z*@{S{CR-q9f06PwU`uxbz0c+t2$xqsJ~>JYN9lP)|{Ek<&dC^w8>W
zy-{^lXR*{uQKYuSX3gz$w{$*D-+t?wx!kew*!G23M=g<BxvaAU%KY`AnK9k|Q0`2&
zFub>$J=+E;qq!VsVBT(@N0h0tlFM^dd~9~*;Oq~g`4R|Mu?zMuBwUVJzCxPUMK2hi
zZPQ_S3&Co|*V#cAxM7E3c~fln2|m6+yTbbD6^1e0?!`V)WqUEt1C6Q<C&Z0J&74&U
ziTir9M5NV9J|#q1b?Dpk;W<GyYwAOIm|7H1!nK;4E@N_ZVrb>sN@J|+&H9ZOcL-_{
zD!k?rVyO1R{7fmf(;3)jYLk@nWzciQ7cFS{PT(HmR>tjKhITS-YcrO5a=RAs;j)b^
z>&5Kxu)S@eM5wAIRIdUWokcLcB_1!GzHyv~z-l=e_^RbE;byz|f)k=>mtrF%r1mUK
zy6A%NIIACLGAIR6n{cFKkzl)tGYojZ(kKV?sb70jdLW#VyS**omY-y=VZl%dsIR%z
z<`DGWHhh_ZiXMOaOu+m61iX8svVo<!*3L8-50ew_4wfkePLSV`w0?C0zx(XE8I}lt
zTPudG3-zbM4LM~^&p;d(dFk~<19ryt%d(vrY2q%o37EpKE6*-Y^3sbT&e4@SNABVe
z%*s-%&-?nQ^Swl^dWFXURl111PD+OkH2=OtLG*V<SD9dh`)rwG2_F#57Jl6lgd9#<
zmZ)k`_jZ>rh+_;txYtE&OAkNOh2`vBep#YcB!I~D&S^wjF`vcb6L~4$*X7U()!{hx
zj*kN>6D`DW$}SCNtdP9TiBlW7N9dI?5|QqEx5x9V-pi^e=70*H$%8uh*yGunS8ar)
zD+F>r29lC(T!cH<pQI8ImM+d`Ia8CN;cAKI;V)7;UOm%}O|f3E4iqTA%9~W)!ePSe
z1rKk(Ge3!--pNmQfR7U<URRI7<$0g1ZiP7OvP+^nJ8P0}m63jcf7dq*x1EZNds9*J
z4MX$g;(YkK-o~|UDgCclQMB&OL>v_D6~olm>w0AYH<tok-&Z31J3aXG?*l1i1_`ds
zJlXJ=d`kPAq$G|jss|05fk;te_np(Cx!y2cF@vr$<+}dudc()JnD0>$j-yIV%3+d}
z73$f)*L#MI;E1N6*I#DvuKOl1bXQg9j7VPB2LUvNy+;m~Cf&m#v$e5sCft#W^Fg72
zJt#O5Bst72UXP+4^zao}5Z7wMVRs#DHX9D+6};Fg$4tnbZ0haN`RF2pFRy+V8zJL>
zhp#^KSj=7u14%mf(;8k>SqyE5Tr_M%=A3es$~lS@H2-AfeT46IMCH}N6yba3=}EHB
zXVJLnL;SnpeqZe*Zxi}dt6J~NOufRA$P<`RU#+oj+fQ!Jz>?QV2&uHybe<<V8`JYF
zF*18zH<FOw7x!#g(`iX6j(X<k)DwD~F(*2-IOtnBE?k(2W-5(w<I%{FMX7k!I$xC{
zf~Zs<Wv8Zz@nYaxM+6y674L{E$dO6!!Y+$mx<|J7h9_2Sf}G+^f22>*En&ltZ0nbK
zXHA^DBMj!!q~U$T<xZkhnCqsWM$uoc!)kijd!K!_Atg_x%A!$B@E9x(%L-6>i7U9<
zg>RTk>y3?lt~`lRaDX}4n{tx7Vycl|f9%r@i}Ta>&N>@Jvqw<P_ma3I@qA6b13qmd
zn=K%V+&ry%rJ0>TWZCa+e6^C$C<WeAMuFO=Zo82#er$pc@k3d90^8#4xt<(%*FDHs
zlI=VC$BBd1Q|cxX_ZLhY$WV11H<S!NIK5CrsS_OSUA#R^*LKCgb&vcVaL#6tM|%2U
zWb1v8)T?%SQ5(5o-6@14FxnR1uaT-~*lLBC=M*zwV|-WcuAe#;ddnfEdqzeuGodpB
ziw@U9NA@Hh`m)i>?|0>Cx?V2Mne!L3e760Xmg;Kv2|AHxUQS^jd%Td3*#sXD66vQi
z<+>zxD!)z9Qi$BojCV|vQN_fiy<nRVjT-%iu#hElr}Oy&4=nrbg7f}^XC9rk&-A$$
z)UDGf)U0m#gQPJ(Vke*0oiSwb*-U`ECeVK%=dCG@d4`LSz1d?NwJF~bhO)=W1^cgy
zf@fG*s181fsV8j3jAnh>?-Y|i_%gJ*6cZobj`9Rfy7l%k5qQ51uXTcYf+q_o<5ROl
zjW4)BClu>}eIfT`&1t7*#{Anm*;m{2Rh9cHh&WtMJf$xe)W^CUu~|ctgq>8&u%E%0
zJ)y*GD;sJ+C=o`h9?4cf-fTM^R&%YPS|eFsp90_S%pR{|WubrFxn%Jh)x*Y(-2_hH
zq;e)xMn4SgU0(_b3<n=cHF{gGTl7KZ83AeM^<<Lg<kDD{1RO(YXicY8SvD9685>Rn
z_Be9CKMkSaj_$dcWUqD?I(@kva_}b?p{G6SZCY-fDitcv9G(`spfL3>g0SeZw|+jX
zuEb)EccQvJq@aWk&${t!MS!yPWmFBujB_!SR;c;s1XoP<D`!hdq$Fo|Gv`tOxS2^=
zTt<08XGB0Y3FekmaZ9E*M!N!MMSF|Y$1X1@ZxPlsu^NTwWp)H}CKpFOi#zD8?FQ<u
z0^GE9<uvFJXjU;iL!;GkjCUeH!``t9Yt?$3yr!K~Pq}gji?pH5Y__?iigm99<q4Vs
zk8ZTOaeB^F%=#(t7BSNdKk^>G_O_-mlL1xTiqDenR)pv6&_jW)NlET~FZjgjl^k2o
z&m_VI!&nSYT=WI4(XfkAWkfU>L%jkm9#mI%k#+DXR!ZW!Ily@>jlANl#He}f8yYcI
zYtTOgb=HQrN{?_(3yy}fqE{0V2B|b)4RkR;HMksnW-m2v1!4crs7LF3knX7T#a$O#
zeYst7{l_O>o_v&^eVW|donn|S_B$9*_$Xza*Q0e!Y=2I<pQNT9$7^Kh4%`<jI-pV-
zWBbB+OrNvq0xe5^eLVh8JK&l9dgdZs&-LHp6%eFhkt|BHZjjpNab2sv=dM}PfYbTP
zy{N*`AtEBwu>4XG=j7%WmrHlx>At$#y;^Bsh7~^K&a}~Ck~I2NwPN~Tsl+7Z%Ajl6
zgQm&4`vqJg9c@lxt5<VxeG@6^N_&2L<eLFra(s_QRBpvpbUDX#_cndbNDt?Etx?Sx
zT2X!d$b`5%jqGYov-<}w^N$kv5pPSSso;gIY7QgZx%JmXw%hklg?yCeZ0)6AU1doe
zLvIX=AsJ)M#=Bk<Cq0cvdtTn6-}KbLDSFEf*=9|R7%o0Ik7&FtX+m%@@vvNqZg!KI
z2Y<{-AQw;EA9@mDDQM;A(K(5MAh5Qo5L<EewoO*MhNb(hl}7)5U?Z7Ua-JR^jB?)B
zgEXx@xcC*td9Brf;qw>fR)knlQj>F9-bKdlJhs^}{q`Vu^UNqY0o@rwSLfonUP7nM
zMlQ4sn)WNg-WJtz1T?NM`gilmx)7BN*CZ!}xp+D~M85zz*Q97l&BA+>ndudSzCBfM
zp$?HCz%op-PTzLM!1GVShY{Tw_bX;Hl+v2B5-~KTo?liATAeMvoS7BkfsZ!4`!V7I
z&8=lWOBqF2zpYWMy@F7s^27me?${|Xh@W1^q65C9WWEG(`b3S|`!U7ReeZ7d{kJ=$
zX26kOc`MBI?0&pFW`4@W)_6;D2AjbSi)6p<_Cn{ddCcZR^Dc2hj@#F0QF9sesNf9x
z%ja~^n-mX33-?E!5%pMhqsjD_IbQeUd#d=Q<0@`eUXfnMk-1;N6YjY_dX%e$8&rp0
zC`OasK`A%#^-5a8CxtGo9LLJog0obTacqGObu5;YRW+C-<(`o_A7n~<&>o85b4;uY
z+++NPovrWdE5cChQbxYlIcaeX5#mAm_Q>F?=)M=WymV=tzVD7!Wupc$u3}$>%OpOV
zp?Zogi~F+04eRtq^u*RlTY^K*tC8;Q7<OTS8~+6si3X0Zy&^lRM>L+&#j-PAC%fiN
z(j!a-Db=iE&%gseF@Ce$L4+t_3_HYxp;|N;%D;)|9&UY7bc=xF{7NH*w@h%A3Rd`8
zEbkJH6`TUlZVlq#4D7ZOA|KwSYV&C&vx&D`7`)&Jpo2x9VXO9@#EnG3J0kiYlJJJ*
zEUF2tNE`G|H$<Bx2vA>W)1wKEDUrBM$U(A~imo{XV@H=+btFhk4coiXyww?OUPbBB
z@$_wANMClBhfdVJMty8s7gM2Z!w!ZygSX|fA9*P1HelXFcqIH2S?>-OULSn$iN7m<
zkS}<#J`s!jft<7Wr(`cT7A%e3IlW|0!Yd-z-x5BGdzd6`Xiafvd?)c>J?*Y2HBmA-
zB;V2uk#IEhv*2~K-3ZN;I*GVKhK4<oZGNfZZC_Iu(S8x3d>a<;w+&2^F_tztdPPKl
z$ZGsKm^X}Mh_HcgomLRLY)LMD`FZyYwer4$01ZOCWVVt(@A3I_rF8mri!4*R#e^<8
zbqpxRpUS^PVlNVxG_PU(AJ*PFEULZx|7Pe;32BfJX_1gF2?+%xl$MeffuS4eQb1Zz
z5Tv9-YDP&xx&{Uux;us#;@RVU&V8SAzTf+Le!uH^{_*mUVeijgYkgv`^?I*82x?`*
zn^fqSo61M&+n=ljEobCA4;-UDj;^gbYy^&M=dEY(@VaE~b<{j|n#7I^G|SiC5@CYZ
z9;H>51wM5nm`$RR_B<PU=avWswUL^AotLJiYj>Hwb~w0soX*ZwHBA9e=6ta_#=5Hu
zZ<Mztl6_fQ-d<TRDFDI>y#Ol6#vwVr%klM=GEBw?%E^Kf10-TOvb$0gqeX5(0>AQm
zqBrp=g=!w8Yi7<plW-lPM43ehkVlEH4><w)Lji3UUKwr|8BV^Ae61`}x)LuMoCKMj
z@ZPNe<gXgq6~u-?1EE`;x{U_MUB#Jm@+!oQ1t@<<h(lCz?(~2JJ|Vi;yy?!^p`aI)
zKw8?^xFjyUp_53M6kFyMmArUI7Ti0}PWx5OGcIU<+c?Tvsd0Mz3l01H<7E~@&auhG
zte@lruQx6}=O+*{h`W>}Senm>o2|!SwUeJ*M@nE2z2T`C?F#YANz*0@k*Fl}YHVjx
z%ub1D#Nq5nW$=__1Q_IwRB9|Y1~DgmH`HTlTDeh%g*!RqX~mIYq>{I#w=Bs@7xJ%z
z$q_~d-TUQMQCJHgCW&aOZF0P3egEvE2;jA$Z`_UXWrPe8mOpUo3m-u!j)$W7L0m4X
zZ0Q&x(MW_YaF^VkdzH^Ht7dNI&d5X&5h=aI2K;qdxCD$e2&gtHW%uA(wAI!=F^w&?
zP-KJ}bXVSd^=6F#V1Va=;_HK`u$5^u7-5!YPyg!Ow6B^`R7sLN2VZ|^xlj%OIjhLV
zx;zJs(14kT<O_E~AJWj}=dg8%=UAT1dQ~LoT`vU7Nv{Ye77KQ&KWLm;7BI~9!`t8X
zj!JHPhV9I)eYfOLqKb5%#5aK7bFXzbK+xo*X|h~Eblj5T`*)yN4|&L?{Znz~SCVcW
z7wK`Zq_RBI1NOTBaW^o2_8rrA$eE3j)-uf${AQG#JA=(-lhDm?3Ij<lp97i05yXc(
zH<<DZ;-S$4MGo~+y;_YU3bWt@CDQu^G|}c*1a6oHIg7Fh1x5k=%+SDs2XbsD7}g7S
zBFLkgp83N9BCB_R5KZ-`s&9;Rle>kHhAt(o1zL^C;swMV@iz4<LMC`u@fe3LvSYDd
z>a!%pha1D}asyt%=#~N%{p7E62%*P7<yps*z?r0x)d;S#&0CZqeonrWNN)IZe6UPn
znCy);*_+1F^B?G%L@MzWD0l6UW2<p7f$eQI)=3opQ_Z1AV&kCm6q%D5q-M7}&)d4x
zOf~4(w%O5&w8$<{F^F746hEYFSTwj~I!81faCT5Tf&$90rCo=(*)147U-O!<DYG|7
zb_c{X%{W%H-r-~a@Z`9Byz_Lho?6=Qjmo*rk?`8$K5>`mQQsTsvg5@wx2jmvGTq51
zE|*(jtmoG2kbS;3pyK~j?$J<@$^!dV10ryoj$M+w0u>;QHJtcy5U9`#niYX28Ycxj
zi#2ehuMt3rbli$EMX-&P?sJ2sGxeaz&65sl$hb)HojIRt_GrVYIK4QZUjWIm**AXp
zc;r@4itu<5DM#jLaz8|lU;4TZ;;!M<F%N%l_2qGkcVhR&4E2xk#XI)v&k<dh$pR|}
z2Rb^-ii~|OpP%Gcj3^|kbI4M2PcDh8s#u@Fv9P)N*B<8%t}XN3(%_e?(HINAZ)*0d
zIuznV5@7Xxzfefq3HtGCP_ekr=UbOF(;G<*5MP|Q)T&i)csb(5e0+MHAgKecQ|e%(
zB5iMenAtCv!|(Th^{Tg+0%aF7-`W7|c!kmGT`m?OaPhr&1GirM)J-s8yX8u@uky$$
z!m&7*noQRKRoc)t$6svdq8?jr?rYz$l#!L#5`7~;3-TFJZrl)aKFy+(Ej{U`g;zbB
zr`|vt)Ip(2{Mp$GC$7vQlxa6EkXePmdr=U%DaP*h72@{2?(WaT1T#=_sbLxpuk5Q)
z1ya{miX$+IQ`V3rEWoe{v#@q>_)2YPXKMos#!T>q9&aqbVf?kg;_dENavy@62(?Nd
zv&wC~KRNHUUm<~4QEE@8nP!A+a)Pd`lvgXwx3?yZ2{5HRn(KU*Gos7ekePuy^BK2S
zeQ}77R6l-fv-O-~go}R?)TpB_>xt`F%)BTUI5nc^?(S(Qp7G||tex-?FlbPFTAMA~
zMfj*SQ}8YP*x)XIQR1*UjDNJ!-N-mTT;JLC&SmA`<IP9#_V<g4a?Dd-`W`R5FsyL8
zxlG6Fd`^EZwv&5L`v|l+m^?|82<2B3f#5{TT5!$YCmoF>=$?;ckrkTy1_fc!5sy{s
z7x7paYx^%6lNlwEh7~tH13n#Qe;3r3DO^>DB~5%gOLoc|z(UG8#OJYmSXtI$TzL$S
z>Ti<!NCu}vCzxfR?ZUmULnQIBt2pcU@xo-cIVjJbV-!J3^6<vAu;YFWSTm9KTF^Dw
z6xW?D2bc4#Hv4W8zLQ$TwJ58Sf6uBbA2l8P>0G>RKOS%C4UOk(&NZ{1AF5>Gz^ZIc
z>NFf|3R4UQha-7FSgt1REbr>bh}ew}90}-Z#fNVlFD;YV<*>VMGOpLM;3cuLuB#B7
z*Hp0<bHL828J1|5FsAQu(SKHziKb*i8m5^Zc|$4{A}4`brYMb><X0|iO_Te2MPYKR
zOcAqQnZXKD+BjO0d9oZSNB4dEh^FoDSZGB43Vq8Sptt^N;plRVqaxtWQ@iTLqtwx#
z3^twaYObQ#^F<9!_vYF5U$`Rg7X`$sH#?m(y$=52WBXmeUy)(ZB8U5Bml!j-*Q3CL
z<Wk2M?P7CZqr@skKO)}oXB|xW9pMxQ+i9De=_b!UBRi)*eW7&U;|06L(3e{NVm~Y^
zY;wu^7PrnmLMJU8|82s8JZVU$iUqcA$vW@j_URHX3whhAVBv@*oNIY842G{}3qN5S
zS<8ny_$lf=Nb1sKc>s4OR;P1Oh>;0OV*`6D)u7?bQ=y6@r`aaw=I%l*6xp~`EM|at
z3>|kfTibkbz2{cz$*(E$Zjdq5;1=Im_gm{$5AywL93JhZ5`MwQahyn_yNr0smZ<Fp
zmQ33Ee5lwG1zy6qLF$L-6nVxa{l0gL!R6E1`2r*|alAq$&dgBdcbQ~bDLldTi8doc
zv7Z*)pwIZ-aK+x35Da&B(`y+$WH#)30>4-3i3v}Cg|$J~_gP2Ps8`0x=iZLK1zt02
z#pXnxyOC`1r#YBdsN^p%L_qtO=A9;$OEf{}5bcwV9WJr{)IEpdFjAhwXw&cG=14qz
z)x&wW;DDj1f^jlpq-8(*8<N?nTN!FVf0R4fvLc!sAa;JFb_368{~K6aI`ZnYTQ0#d
z5bV2~!Sirv6_X4WV>gJdhJH;sj+LdeQH1at->9Ly!v>2kS6NHErJ(D&smHEFW{Fq-
z$dV|{$<z5^xNnC$#v*=m>IWVYCuKREy8<sp?rZz|FPb{bd^aeWxf_>kZazv17rSTQ
zjA|k&-d((M+hp5$7Pa`DeAn4Ufu6SSsWw`GGhOp{0nPx}gbE}A|Ku>}OKh;Xk>HRQ
zqpp0%B2o5Y%LJ(DlI`h<#Iikr67%Bu=UV7uBE;_(%nAjxXal{9FIa=!9+-SJIQu!=
z_H7}itT&PRytnZ|HG7M~7j=xYgW4jQ@`E?28bTV+&}@H_N-#h<nEZ=~JYuSBdyek=
zfcO(7SA?Qv&flgIZUMtNo_u%AiLGf|{}|o5`7jK_APz8V1p%5Y<h5(gbb6!vTof;A
zCX7tB@l~dj6K7t*@0N)^Ku_JNh*99x8h~ECRDU+y0MP4A0Mz`gy#_eiDdaIO8u46m
z>UtBL(eLXBcK~3{Tbh>uBaQ(oi<qjm(Wu*|hP&-O;P7{j4*}%sNPuImA%O$Yo>u@=
zK>bce_+Fq}Z1AIzX|x6$Ae#YY()X9|7AslkbE_Uei{37ae6BI!nwFKtJnaxdZd>^U
z`@i$^FCY641Pe%TDTUw;=u~jO8;&O59YAb@O2~3ScjW5&k61jN>XG!PS1TQWB8cOk
zH0yah20^;>vB(Mb&%1!Q1f{*zB?<HrpEFr~9-VR?Dhagc{VmH^0d*_=1D&-(+sVN4
z@DVVBf5y#bmZt;Vi>QsVQqc@=20+UxLic#p{-=o677IP<4SRqrxeW*ces%>+y-Njv
zW5s%f3II-h4#270*g!7he=2;_Nr0}nPNhYF8TpjC0fUJ!oY)u}{2kx_FFgS)#LzA%
zfBy$e+jt9J2jo+mPrnSiM5l;i3Zwh%hND}T|4*fMO~`K>-MdE1kA8MBO?^QRx6>;g
ztWi)#5k>K@0sn6@xxWlJui(E9_kUAG{(HDU!kEzz+VOD&@2AsDn)6d2&ChSmaD=uo
zS{C!W@yP!W-iA!c1M{TbHxr<&Gh{7n7ZaQ&A5sc!FEpz(bLvjucSQZsH)}%gdCY5o
zvcCGSl(i5I&^WdJn>er-EZYEGsy0<Jk~`2$pV}Wx-|z7FpW<q$6VT?_)>x(-4-=R3
z6M!!_3c{-aiyQZdt<?djG+J@+yFJH$wRbHue){V*Y(T(eyV&N`2aNx(z%<owRpkE=
z?*GI^4|g0rd(rmxvTjC)2Q5N$n*U9;3abjx=lK6qfczHfUB>zWReTmwKzGqw$#OA=
zH~%WF+2lITgYO)`_9)&1S@y_LZ7F`~ZTm+=hF^R28P``d#G8iWzYhi?YbpV-HxdFs
zsr{iM{x~Nqf&ipk>2tWU;kugR^<~3vu`7N)7>g7i4Gv7C>;T0Z{MGk<E--){`_8oM
z-Cfz(*r?K_;xtvwc>%CF<sZeJr&IK~(NN+kzy|A<Hf=k*0xz4e$GM5VdjKLM&geO&
zqaT1K8vC^akyCb&Xk60L$LIcUR+;u|&x1Rt3iq5%>&-oEG+i0lXNIg!?UC7WOWb?c
z(DI2U_lfZr>i1rI0Pri~4-~8L(Hm5$pLO$geGR*aSArP&LQM`?(8KFX$hCMa@#4g`
z^n%2VT2dTsxyz%y{luV_+ugwH>#Z4phAJDqLN-81exr4Vyr%09=MT~#{+@AShgpb=
z!gmbEb1{Z3&l|r}f2rhpYJYv)?;0pF*XBxioA!Jt*8F0@66A+<_q$Mz0nT|C8WQll
zx5F>ZO@0qt2gSz&vX~yH0C08#fd3Hs#iY`E&|tf5902B`s68?~LW9-6!7edR0K<}s
zJ1EOgE+)Odl=Sj+KGLvc=-2YpU4q$Xc)+6gqU>LxOE-Hyi4aEb0W*Kso5LWD+_L-8
z^Qjg7Ha0Ny@#!T1&$b4sNYczM3wRN*pkUp1qGQdDKB^yJFa0bodQXo8=yfzv&rxT(
zayN~Dj&G+P?lPaEw}(@4M#%br833pvcKuhSeuSDX(of=}{ZtBSpcx9g0@iTh9TKyV
zwB&Ad8mS#kTy9L~vs|wE2B+VU6{PfxYD(EF6mR8W^xymTN^)eE0l>refTLxJwiW90
zdFXwp^1K3>@8bvB85;964UG?84|WQGh5hUc4$+>N*G+4BlDdKhm%RbY7#9uN_tm{z
z0dZxgE33-~_88*LxdU)t1RzjrYf?R`lVuLtanB`c_}cI6Fe;0h8jLVToKGD4Y*@@R
z^?wsi6<j=^z_28|+sI*ZTw+*`@1c&$oNVEe24bpIJNJC7C?X92%*Tbf`UZU`YLuOp
z5VUQ3ujg+LdUs`de7c<6cJXT7%NX>xjhAHzSsejvy!;ZKhTO>afH>K>dv16%CHe#A
zW@5fR?KVu?*In!s46LH*my}(M6TvjwDH!?4hprKqtm?e0W+rL{=s+^>F7;CYIHwZ`
zSl8&Y--M9)^eBA?@M7d0mKizkHzO+OO?vz*w}lv>m8$v-WY)V(?@3AiZY^~Vno05e
z-K+&rg=pPI@&-;2q&u3Ursn}n%aY{IbS_i&^N|aH{+6-OR~~&B;REDy#pqmh+`pqa
zu8;<A`aUs&bRfc4=6TJ5?#JxE?p<#fLP`eRNh@{nlKF{uJSziI+PJ#W*_zUZCDsjc
z`IUJsaf1hz<Aj)8J};Dv?mwZI#^fsEPt4p+gIp}fNWb++H@V!sz5<HWklmnb6tC`z
zt$6d(VE^2(@}gA$XBsDz7_`kQEO2pudE_)#H;*5u1VtyDh*$$TYXPqGF$RyNlKr*5
z;=7sCF7YotbA{1YpCz|7BGt)-9{G+W<DSoN0^cbD4X&V*5TYK)r+Vh;AFz^qSdTd@
zs2{H1F&P%_1$xlx4AGl|fnx}Ihk&I1Y{NxMS}g}SIR9Mb6L>3ynxAr8R9asGi-^1a
z`562Ma1Mja10O#P@(hrn6k5%8*G5C_m<Hl(Gk~yx7)r2&`DMQU>bE4N_)$PflMCXb
zrvmf>fYR}Sv%PsL<O=UOznvq&NZ$KhF9>S9^g}H(Ty@>?RowC-aPY<}8C?b9c^(}_
zb(}=5uY|uQr`~}@90cP@%fF4k*rX6@pFZfx=){IifS%(}v5=F&Y@^JXDqruSQ|(LV
z0On3aQ7_oTK?)y}1z=^;SsL+ZAi8y|dKZT&<S$oTuKmwPbD4!gR53z=12@0Zw!O@;
zrve=UaC*)3Gb5t+UO?*#1JFZxhW2_5hRV)%mw3ja>k(@LgS#_;?xMU#8G>`L*K;e8
z7@)lq+kvkDemSQn1%w-dIOK9-FLI2=@xONwHE&gGG!DHMcoG|@0e$hEC7>Vug4h(K
znoIieCJ3HX*{>&O<#5Y(34>Ro0*D?%4w-sr05C98Q<r_<Gb7GQ8A0gXvdLNJ@@G82
z03E*-Q3t*V^1D+J&~J(Fr^^HZ-3=753_OC)U19>d1Ns|B#^c9o(6w?ZBmK~jiv+2i
zM%*H_PAHWnM`~uC6l?NmuCbh22-bb|k+$`7?+LJ?2Wa71_N5@-+_gxT{6<Laq)zdc
z0L$-b9i}i`wYcDT9uW5Eefsv0?KEnr&1I+!IqQXRV91&kd&1izy@yZtd2jlaEsbNx
z<G{J9Ni#pr%L{yk;S*}1rkuHLxeMZDr|7IFv!v~ABzti$a6()G&Cooqc%wo&!&ST!
zWLz0K7X1^{#XpTl<L`IR*-%tH%q1-!X`adV&48n|ZeS%0nc$~?QJj~H0(Lk^1UdbK
zqJFH^MM@#o7-k?=3`(j*HvtXQsJs{;2hiBmSAMt0LZ1DGs-*{7<3=Co+{AA2{(2e_
z*$+X~OV(~XOw}S>=BE-(QHq7z{_aN=z-A!<D7Up8)6H+9qu=?T(eJ}*(eg0}5G0l5
zh<s7S#N`#Qyo(JQc&CHN53eVnlc>NJW;G6~)F%#PUGm?YC|7^3)f+6{0W*m3z-N6d
z3#`$2nu_wWY%tl9m?zhjO(540iXDKPk2q;rmD$*+S4z5TWP@e*zWSp>{9~04Axti%
z&W;Cj*|bagxde30IQYkG3HmbfO=ZS|q-I&fm}_KnJ^J_t0Al`XJqD=yT+^rWDX@g|
z3n+e<Mph+~+%6@}-x#xZlNJDqAK@_iC=99X4V9F66yiE?SqMp)*4Uw05nN1ozca{`
zLWt$;LU`WFT%s`f?XR<UsEFoY4hZc7deLOyunwIR2deAScULsfT{@2MJH5qp|5sx{
zbeBcU!9LPt?JcE<YvLBB_N?cpU!b&xx*8?!_;mjIAoGZC@H;Ix(PE^VF0Ycap0sgB
z@HcdZQ^A=n$Z)MH@w64Hh`;`@l0zO?<;5?LS6+rwY2&}_B@AN3S0myM=|KVbx8CVc
zr0kQ<cAb(fNQ4|YpR0=GRDS$2?4|W>5E#0DI~1tzh(Gfljo}<MdY(|BWce}o*+G1T
zip9DxZZg`urP03=Kznr+0sPti2S3Ic<oWp1Qn_!#@#IdwIgG?old+QQsnEiCxtIXt
zwPAdK^tUP@t#!-hmd&sjD8FGgFCLS2jGqgH|AHvpS`<gKqcVpOVuYD+bo!QhLo6*g
z#AToA$$}r34Z{v~ElX`cEvVMY>H7QI3oh;!E$643Y4u??SLmeEouaQV<X(7z9p4mS
z5kv}>L%rgW*O+gKuxWO<8LfzL8R;}&e!H!uV*IP8otMG<IJa5O1Cv-ASBKh;OW1O3
zXRMqUz7-g&ebot2)huzzdYN+YP4?))8rjh9hg@YiwiwT9e|}H<6!%h<et|s^V>VSE
zZD6G@v39q!yg4EJIk5NGaK<`Iy*RuEjt<FAaw82P9^qDwW5PW`Wlm5qTkU;`85PtH
zdtT0BpA$Z67myW|X;6FwqGS<i&S@RZd24v^Lyr3GVIKQ^DFM)7+evE$d-VsR!3R#%
zd<1A^VToJ2Cm^~DmMeROqr*37<Ntv)fTnFAQWnAk6&5(Rto4zYRy7Y5Bg+o=p0wvQ
zm#BU1vJ~sbGU#yxp(C2R`Pz?Sa*qP*=(V?7F!kf&V2_u<iEiZeDf62K-YS;TugV=w
zc~c7#uq<D<RQXby7b%*DqDXjS_cV9E69~qwKd08rHH2V<opA#l>2Qx*eqjN}KjYv(
zl%apTKvcF$Xda-YcK2MSput#Swi>?P*u=ObbbHS$eDt7Kegt%lQOU;StZ0=`JJtI=
z?5`~=wC3u;N=j@B%JMzrPAAY;Hkx}&@kKpz{kKLegSo?)iNlvRN$4u0EAZ8=f~s^C
zWlit+e3agc#LT%nKe{e-2I9#}D_T7K;nfVEy(8?jtdL=IAZRcARGtynB0cGohZTER
z^t+s%=NPuTBEwnd<5ZNbtIRfG`EV1+ouOGE4s#3vqBTsRP;>1SK862XdVBdfd^QPy
z86K>Rc@&*pu~G0ct#Pt-$8%md(I+mO^kTtLCjIs;*tRARgEyd0cWyE7M_I!|;@W8E
z(=e9h)ht1;$c_9!$qdBj6!I+#L^=!H-GyPvT28d>ODf+bwhcTieB`3^lVtJN7Kgaw
zD7o|-co;iLXHH<u&rv*I6WR!z6{lA}AG~7u$P$8xenN*7W85aa^eNd5ktH7^3)~CC
z+wqwNA`I)>QTD2|9jo7VIt_1vHL(!u*vrr~OyA8%VMf&DhKFpJ#;?AB>q<G30mV!l
zJSg=oC+p9puTBs;!xFt<#<XCCAimPkp-79m*jm3Iw^nJxS@12799i$pZ;}WC_<&4E
z+rXFFZ*<tCQ}gLE)O&Z=fOjXa2Rmz<lIAT@!<UIYfUE%Fz<RGLlnSIwb^el}l91NC
z!eN79Z+!!u9#;Q;gM+(%@(1^Lol8<KU1abRMd;<!gkchgd0F_`Hj8%FDVT#?kU_B7
z(bcd`?Q9jT>!mB+Jib7;eV!i7m;=<|*~D!Ce$-6Z5yph2GZhg6BH}UxQi+bDYRPzV
zT<YF_1xi$)FyD?abJ;fpIk5L3KV%GUs+oNxLgns*HvsLIH}xmP6L!oF;$LG{`U%X+
zAs8Tvk6}q{m9*aiC7(X(&EhIgkAs4Fq>l24&xyp+HJ@{mg)TkK$vz>o3B^(>D;O5D
zdK?v9i7li4Mxx*Wlf_%szRvwK-7>WhEr7S_B*Ha%Chmj@rWDd?pGeZd<Wi`fCdi%Z
zGIo(!_g%Wh^0c*X!c{BlsIP-;l6xCVMXCauna;Y;nt1yuZq8}AQ2mcM%9bCm9+E`~
zKV^Ci##F>}em<6$hPcH)Ez`p>Bluavlnfx7GS#SB)5F=!@R^)Tul$_|iIPHC!{n_u
z{FG6`@=QIg1PhCRqSq%C$9irN<eK<KF3K>xolLIfienSd0PE6SuMf67|Bk&{YIKJ6
zmeTrQ95}pu$Q5}1WVY~Scn*?RBmFj^ecU)bls4V+HI)#9KC@3xfYC!J>`_g=U^fHG
zD&amC)Go4Cqs$EB4Tr*sb9zr<kKn#(XdCXyz-^H7oDg@_P^3Qb`7&rrKFf&^z>$;J
zAP;{~rkJ;Ng%7eW{z`saqBoML0hK2+Q_I_CO(|<pmSj_W8Mhi1cYjYBdp{2)Gh^OZ
zVV%k|@`7PVKq1s(oH&Y*T#!<TYuH(16+X72&|*Q|CxnSxa0Cd6_@3%pu}b$Pkq!oY
z-L;T25LGO~ZayHp+i1ud7HIfBksW~py5&<oi9jbAT>wdZYyI9~Z@`ROclln06!8M9
zn+*&BsI!`%UoR|qJh<+R>>|8+m)7tk=uKWm-(E!!3nUaG8?N@QtYe#mcYoq(^nj+}
zLjAkxvc?!2PD+|_QIkZnOW=6A;1GZQjN|c!qg#d(6AR*bdB>;v<GNE@drocU%}qCQ
zQ}cEOe-T6T*szFHHAP~R$Q_A{5*t~7TP8J`oV0My?)cKtkjv{<T}heN0Z39b`B@B0
z$9xxzS0v3y+1GW<6E$`@efuj0L`WwL7CPMJxdJZ>C&KQolN)M}O<K5S-}{oMO}@|@
zlG>PQJLj97M>3|vVY9LMreLImS1Qjv1#-Il9>lc2ZE;uTAjbG@3Cfc-L~{77OMI4h
z-+6Ng(n$GfKv0`BrT$y{>8B6R1inPjH%9q$>^9=q&pjK6b~(I%@B;C|?yVi;UPT8e
zKzrmF?!jATh#RIZ@MJT%wUj^7pW&V)k(wDNBu7h{X76oSkIS%~ePn@N7KcSX$i^7+
zUF=ZdE=>%HUrWS>_VN^EqyI8n;>k(T&aIc%YMC?UaF>1Q@2wJi0VenBDY@@qiLEEA
zkMSRg&eK8I4dAB<UM)&?rnA>;EbR08-HCS+!$U!Pu7qyK5BX`it?KCBcfV!!{&+nO
z8g%7h_@er;uFVN0wicZ{Qu0W(NrJ*8x-{j^StDW1fa(DQ(lJ-nvugw6n6|-wtZBH5
z^AV@mOFH%NXUs@aqDH&g^0kJ@*Xl>+ZsW>16|EJm7mE``l1%6POtk}Qwfa_=aYVX7
zpG6ovP;nfIt=XQ;1h8q@IeJJ-TB<ftCoK+^q(u-%oZ}m{Y~r|EN3BJ<J}(5jS>z-P
z+S8Rcq`tf?_FRCj#M&vCsMk=cLsL)RT5wV})kz=4FwcF#+98__vLw#O+Nn9kEYW5$
z>{;*Qm7txi)Ip??$CcV{Y$lDKTm-Yf*CY;+jYn}C-2SxIvz))svi;dXGio*BJ$xQE
zaQ#x&=~vWdcAuAcS}yj4CFR4<w;&_#f2bVTEE1#-K2y*9JfuILps>QYX(-DvKM}Up
zDDzytFgiFoL2WZq3Lld}=;ga_Alzn2i|2xqLgX5+8@Zd`eZx@2C+cyyi`||1xVouD
zo!43epN@FT3A*&SH{5)Ni1J<=I(fm-bQRAlK|iX9Z`0lJ@Mu%P*1xm`)9=-FrdpUQ
zAO*&1d}wwMt4?@Ot?(u7N{m7%eQxbrG1s^S7H*d0V6wL4kIa?#ec_an5wF+8^WO(=
zNDm|BGhrCtg<KvOSA_%bm)(z~;MU{!H*^l@UI&BLBRx*Xl_Ra$vH7gGmd4uIBZC!Y
zqx#c_mc!L+;f=jz1BM6P)*=E^ERE(bNvMu)2qc#nr+g*o=32-nDAHN}pxSG$2%Te2
zIeNE6!?4)f^Nh<yKXr|Iwn0I4rtpb*4W2jdGE$G-?uTM2)#~sEM`wofxI$U&BIm5&
zj3?Khe!SJePj3``i9uxwF4x;=T^IiX9aAq|bOQt!b|yGR@WMl!DOap>7V^()j}%_6
z<wcXjCu2-501Sh+$C=>Vhu-j~`VrLih{Uj{Q^Fv0fEJlgW>3frqGIBhJVz^|IrQ@`
z&hJN|FhR#3t7?{FZ^xGUI^3re3VrAYLF-$Z3RIcT;A%qvg1I|`ZY^erp_Lg7ijC11
zI;6KPzSYIR;FGS(!h@whq73c$bm&P>Jm5U!sxNGjoX0%?7LDxb5j2>HGIjH*QYItE
zaYN}a<w~XljjO&r)`NCD+8Qr?eZ;{jaBQAzVil?$aOcG=m^JgQV01e+b!oCt^t)GU
z=9(^|XJOJup0M|aMR+M%09o(z5#AP(Qf)7lk6?-(ICswEgLk;yJb_|JND4A}!xKWJ
zr<+I*#D29^jdkQR4{g?F{zQ9o2g)m;FuAc|1@tfkM)0F>j5;uXv|Dt$K+IYZ&uF{w
zu;b3%j`d)DF-1*<3GF?urwu?UUdz%Z9Tszb6MUU;C$Z&05CJHEyZ%Jn<5r$)lC+R;
zY930gENMjfYftSNLxA%b_?v8VNg2;>JwdwqG4M`&^L6lW;~Y)|=`(I2rJ$LkH1>22
z0=gu@Op^{^XH}S{4&;CH(XekCWlY89i<2S1J6#_5Yc4bJSC{j<XZ~|W5bO~v#vDO|
zS?_PRERGzy3s*rN-Oj0^Ds*0KYt-6_elv?Djbn20Kp*oPiplX=pWK4fe<-v8)w!$h
zuYEWj0O7D~c@y!zEmNi`kW}jgJ^K_XYZ38%stF_8Vquf})HmsrI%Jpf6f0?H35!cx
zvh;E!DQt175l8jy6UZJOo8R7iK9064#ayjkc1z)izT)cTs9$*%%Q^18hCKd4A}48?
z;>^y=_a5g(Kk(wzSYGw8v5|f(8FiCWnk~>ksaIZECb=<kOlbSv`k@o>T6rtk+<zTU
zTZp2P)+9TlOJV)7-S>}5f&0sVpqJeZDXv|@+x>cv69XYbS*xVg5xq;m*d5}0Aw5q?
zI*Y;G`SNxgd2|Tq8vE^IsW)-SEf}idVjcQYbwN=Q(PfNu#u<f&TtQ6Fn2#~--Yn$f
zY3JW6rd)8y+Hf=s)yO_FXiEmN^0~csF{d|!7nOPJvi-*rxE4EZbx`X{mY&lEx@5M6
zF4ft<a8}#!n*!z-2dan7*rUznaUk@P-bODVOnc?Qf@KAv;Juj5+qe8*0|b^=aofiN
zIKh`hAis>57i;)R@<d<OV-D~3a*tl$157?B==OJxP4qzt*mJmL9WRD3G-~Zn!-fNy
z@*JP|6j1mN)2O<AXZX=5sy*;wkm${6nOvuAnd_);(j>RsnL3l`5nW*0OY={djD3q&
zHxMi@G5O8?)qiX@)&o_@lIuIilb8^hz4ma7$bI?~-JDQ!jtU1m<aAn!iR=06<UO@J
zhH1m*i@)NQ9xsdRn4L5k=4hf~z8~VY4eJj2%E$%}mT=|ToVUe=t1a7+nu8fQ^GrVk
zuq~|+O#wj8*Fmhcp%Xe;O>)EG2q2$cc90XcN#|$DmrB@Vt^ygUr}~vbvdNPGbl9DE
z(jc8RVe**b{@sV!k)tXWW*MK_-o^4-s4T{!dcv)YiR<a+wLS&%-q>9}Cn0)wyg5{h
ziF<e2iy&bijO%(em#pORd=u-JqIwjm@1`T{)-KK#5v`1Oser;SWIl1bVj8bSX1&OI
zLq{>SkoP9vaxLoklfRJ<+ugllwhtX?Dx(JXhKqxAyw3SEO)c5P=4oAN+(VIwx6gp2
zz`VSmf#L_IDTu`VQsEHB`d7=imlF^k66BJ`StX`A-l_HoZ*650P5{R*T@Cteh@#+4
z)uzJ7fT|5r-WfnaFhqTNKbQsMtGR{Y#oMvWG8w*C^{fhP^`H$fJKY>DOu5>L72yUi
z{{^PxPQz;2juwD88D?A0J`7||fHLt?+!J^eCp&T8e^cMgBfbd}x0H~BKd|bKB@FQ)
zlKIX9W>{#-2HfGB_u~buu5+@{^CLouv8v9;ebb9#hEUDw>yc7@m8YP5LoJwd#V1Le
z_7NamcL}HFJr7itN~z~Kxp5xIaP;s->7zaexjQg{aA$CSz0a)c$_f!frU7(q6=b04
z3o7;RG^_Q&cIta8QAX)N*z{<HFr6!fix$!CcD?klLDyMs0nJ&@(-ho9gaQJd<Sm-W
z%@O5r=|<rfsp{n&@rqFBE&)E4x?|7>xBx?fxpMJx>!+IAZ<v)GAXs-lu!CxJ?|<zm
za7>Zg{OMt|`R%Spv2pCzjzuqB>^QJl@iCbcbLY(p;;j!gJZmA~i}OBu;S@u`Tants
zv0^3Bsxst}ntHbZ*(q5vHd#K`HRE%4!dMebmEJG~*$a4{%roPoyMYpROrQD{4H}G1
z#ohE{t#dENm8+7{Brh91c{6+^6uG`gl;OuVVmgzErE@%wjUdhMA)0^|^AvDd!4kOa
zBek&gd?VlVNs{ykTHJfs8fK)4qqWq2rPE`$=9nCuVU14FW7uhdd+MpbRVf!0bh-j7
zelA-jKXtA7{V|?;i-+(IQHCR#EefH`+udNDBbkq0Fb&o$?g971*JV2=z~|nRUO&ge
zcMx0?rn=~2U8A*fv$3{17?VNV{z+tYOXzoT`^fW+GN2?N(%oupCa$uh|GhZ>peZOf
zuJW{I3k17ffAF=_$$O+hfrbHb{ReKcY3E_p>smw~y%zBJa7W;r<Fi~%dNU3I!M@Lw
z@$7~{YJytflRoFFTADr+GRd{P4UxX_2gi?AZPHYDt2W4u>Gq~<uv<IQjgt%-SoP;>
zFCMw-MRh11|1kWaE69}7K~vC3e|xKL((HIuysCrAxt<4Fzowek7Pqa?yxZm%@XI4F
z?Gs$~;Yglye*7(qW(rw*C#?FDIrjx*a_)XC!!Zqp`Yodm(ptu=4;xr5`{=eV&nF>f
zLDTeb?EPprC%Nz7G=L^D*1UOoT-h@ldM|IUh000Xe<b<+lOQhU+<;3UbC^QObe|M{
zW5K%MAuabh+grSN$-SqBQvx*HMdL;9xlJ2-X4;48Bez9hlH>s{<7o@<GY1VVrVpeM
zKU`szADZkImg>(vS|2`R5pz}@0xzENZP#kAF|KV>6mO?$k1S}M{*<WCQhrrALSgvO
z0RBWp2R1=dpnhV`34gsn_=#M7h>-M16sqA$!arPG#Xl7q&L8?Jap4f@=K0>>Da&TL
z9%Zyxz|pX3#nhd&W@@z^k~JliN^UDqHa6I(ViG^sds9{&2n0fPA-`H<M7bx7CT4Ed
z3+5Zg--G`uas7%cw>p8>x^xq1J}Tq7>@9l}`~2Qcu4XiDoiZe6|BU>3(82XoGp&Sr
z$@$K;ov$EY-(3yC#yg=O8_5+OSheiY4F!9($T)OJ3ok5FTPf#9(^Fc-(TkqmzF6LU
zO-DsCtoCsj16S(_B?So`^{@n1`vZls9zr6bW+Fc}*;T`=jgqVF20K4+QHi#G(D`v_
z###S*$>^@0Nb}`viMf^?V(r*h32Q8usYL9k;Ivc1>caiBNg+gXlo@$kQ{}>0Kh(@R
zRqSLMP>>Ry=BktBH7wX{?zdeRR>cj+|FaiBQ2f)Ln?m3c-wWzJ_hxC^naCV!i@_h)
zHGN`Z?K=+1iB*YbpRmN<iCDyFB&EzMI)LwZ_>aoE9{xO7<_GhovMh@}ixaWv?dR?D
zD!;uu8srjx<IpD#9_Qs{#|x8vPL}@-JPv`b999}Lu6A3?k_D}##n%O`|AfeGm^<|~
zc$uqF{W^d!!!rezgmXI;2ZQ%fb$zo3lhTN(n^!&na^+v22zlUh_H{oVZgIUFWN)@r
zR~Im_YV=<3%-xYV8<jG6z?;YuB<s*JwF196zT`CqiRiv!2wR;twW2vN0-la&YUgtm
za#i(gL<!a6UpV!7^~_h_4$6nzt$6*u{CS$wa(75T?eTu%YnM^EphpA2RdNgmK2tY^
zuAC|kWVbY1{mTNLq!mw}x(z5-X|NnRrwU%ieH+U&bJ;V0-~D;8d&>1{M#l~cJLyYP
znR+Ua&kW{ryP`j6R(ZF(vm}_v?^<->B`2V8r|-$3&%>bIiUn$0LxGpH1<?>^u{74Y
z3rdci&?lW0s;&JO@wu0ulw`^THLvh48bNVnx?4VADTn5<A6Fw*UIz5X5iS1bWtYnj
zFKvFh_+=0Nz>_}9n$@W&x}fh%Gdq*wgGn@-up<&pBV{*)2V}F>Kq3xpi(};{nt@I*
z^WO1oV}7-s?sUDcw29ld8fp^rC*XrNZOlU8?tK5OeRJf6-ty$Klp-u^&W(Ao<*5K9
zqq@><Ea%R`lt9@1RrdzSmT_+SLH<P{;(O|8#rtJfy9OG5$Qv^?463ZVq$?KRQjdeH
z`tFs<1<z7+3OH9E8zi3b@tyuOPi}QPa35%}bG`S(^~1ro_x4Cur>~K`aUhiq#Py=x
zHz5VllCt}&2IlC9VqSg$;niog8;rhwE3;SEe0R#~!{YY+W$|&JYvR&XGQ`Qp3)?dP
zZbp=h-F4DOW}1%a-O+>m9gMCW$z+zq`m6o8ssoR%tCkWB+p3_T)Jad^329QMIa|NR
z2h^^XbT`7E4AxD*#}-1i9PEm1?iMoBL>MJD9c)$(E@o6V6AR+8Irt%)OBp9pul*DI
zm+?@Q80~?N&LU0U+bMLTl@lLaQ%|Jss14={nPcc(HAi3ieDI}v%2F}&{o=r9I`@Ik
ztn9OwyDZCcR8E>_cE1vrH#;fT{4tVeTi?MSKRQ>xX%c!PD1YKC3i2M@EG61Cx%EWD
z4`!OQ<pwNRwk*v^NQ(9YKJ#9yG?pozTJVO2^dV<<;Q6|eSAtOwry9B?mg0p*e~Sh!
zq6M#6y4XLa%#`aD&^OKNCE-`o7;CTCs%8j`iGS<f5-g1k?sB0422X|_<OtCmQgSpm
zhvXDGCZ2YQ!c2pnlT$1(#BS{npB2Lww`!uBS#78g?blN_H^DwCXB3DdyENT&zY8Mc
z%F+JA$k`9;3$cRCO<}rcW5aY%;+&25a)UvPp0ouA%l1e{Dg6ro(%E~2Saxi_=n|;-
zA*f!dVZLDg0&j5(1@=)rb36FKZC6xh%ny<7lx=8Mk^$=04Ud$z?o%enU7dbA>F)?M
z+j>jVoYE;E6$4VOl=7HrZ*x7Y99`bFESiCzY~S$qgE4h)d7NKZdO@qK1_NoV%tQBp
zHgFa%A2!8T)!n}K@AslDIHlct;|2P0V#l)WatmxnfjaABS=M-bvFpg7C;J-lo&hmt
z?X^_hN4!0D>OcEjE%gkRllb%d&e2hXc#Gv8{lVz!;pNVDH=U481vesLmZ@XM<#~6(
zrArO))mXiYZ9BMt{<AiJA2I)`$q6yZUSWv!H-T?4GTaNfKB{(Uj2$)Jp-hqBnarHa
zUsX~s_&r*-;Q~Ifc8##2jMk@cPWSz|ZgNB;*-qX&lBnyN-0cG<ovnoXNWV$udhos$
z7>Rm`2sr8ADY1cYZ+{U*M!7PEnRY!-loV8`Zaz*G#EJ_s^d4}3pWJWdbzO6u_^sW-
zh&qjRSq|?^n`ZIE@az>EYARqTj5)<sRx09oW#%PwwT4F@S@X~CiL#4T+pEh1vF-F)
zx%^c>*lg$4VEu(o8#Ye_CR>E|Sp)d&g<LGsM5@gyUAWc^{IuZms-`bwYsXr6tta8z
z#YtoN)3cEQSRWV4=ZDwZ>+B_S_`a*xS~a2y><_mwIy-cJU!QoPZI84IZQZ%>s@v`h
z6ziXCvkT&a4MMlJoa%j0Q_@F6N;QLhD1LMLoWcAHw>FI=Cjh5b%gQ&^wmYoWc(Q$>
z6v&eiUni&W{-}U^s%UCaw8BRVeE(~JrCbfzj-z>IY{enS05)iQHXpRohgdx9q)=Pm
zy^KAKiD;m_o|mR6T*yH+V%r<pes9Y>!Y<jFbWMxd+JU?_3GKKkv|p~RMJDAedgV)Z
zE_f9pb2@#MDsk=02CU*YInTh`=G}*b<EkjbnuGSMaZj(osv6P*J(s>grd6jDfB!S{
zj4@!>v<=Rz7~kT{z5te5I2bpsRSae5g-WZ_!S#{3!Z}_A7iR`7AsQ0>{BSkD`q;FT
z7b3=6%+m%1_WQk8jTa9tw%t+pZ_90&!?q=k7B42j;K-b13rJd@ouX0l#sS3X-SzUU
zYkOP0#^;0F&ez!>s_R!WMyh^+Z6tMMellRN+STnr@rqQr>8B13QU*10RK0e|arAax
zgVjMgW<Miy;t!i9TV0lB4!**wN(EX?w(9f~z+$nNn_$^A9hO6cI}uZ^-}GTG>I79K
zDu@v6Nk{{p_fwm{ZFo@NRo!;J{|}WMJ7|jFhu&3@9o6gAXJ@OG7k+I{x>qv;BYeBO
zZR&zSQmB>~g!y8bx{n#sy(05r8h7)M^E9$A@!+P=azNtw%s_T8%d&{JYJ9__h28E{
z`#>mPV(bUSw&D*ONxfDVt4KR9VqM(9KDnxzm9DdzL4je0aSVS~U?28@4eFlp$;h2t
zI39b^Iyy-sF1Ak+W<k7&i0h0&rqf1m%p5r^F0(-E-Py8?x=TB|=c(6vyCAQVw&6DO
z6Vy{=gO}H<1<HbV=Aj*?Ni@4@R}#k6kd!m=w@6y5=8K-I1Lo^blBlq0b63+gliOFN
zLl%Ze+GnV+*?M~~>K+y(Ej6ms38dj9bpNy+admf&1<5tkbqZ02wK$<BjFn`%2$T+1
zw*`W$+`t5}LG2D8`LnmlZpf!?qC4nT0se%|t@@>=^lz^@e;`)wBh=2cDhU-2-24uP
zwZ{|ez}Axmet3TEo<NhQxUHJU%yKTkMw&=!<{D^-m*o}cKP|>j_pGN~v)7%++=c4;
z!OKd>jL(>AR#*^h{nFK^&p4vqbujT-H)Ga!Dj^r}ouZEH@vL^Spxl;j=s}iERs)X2
zL~J)Rn%<~6n`Rg|uo|l}Ax+;pI=#?k^&5SWwqX)*JU+#cc`%qUiz^wFvif$im&Mt1
zaY|At0(ofhP2;LExc!`D$uS)@J&9cTaDmGeH1Is279qN!71t`@m+uTgsL0T`JFDJ*
zwr8C-n+nNA8L{98osB7WuU7Pj%ChJh^*D>7Vym{fuWwfUlGw16%L0oR_y?Y;mOhn8
zXE8o=-z2u!vg61dRFpf%=n@$1ZLs`yw!<tNtkeA@a7%DySFl-{E4S$U1**F5J)d&5
zhLcl{*9mM^>@v`aWm#2P&-K^+v(+>#I(Wim%ex@CX>WMsC7+S}qTnR&wU4FM;?wjg
zkKQ!Qr@?2Tv@I4d{oxW)$Zc@{;pJCrFZ!CfpMhy8A7fYH&He?!X1-l7S1dX|Hsqm8
z8vA+PL;`nnSk|nh-&p$<sZEffFvR}~>DRTxY9I6^@lZt00X{}6AVdI)YxTMnJk^Ym
zzYQW!W9>xLd&(|Ue4O3Uj^F>+`L5P@-~kKyHD!h=u4R!5{1YWOGDXG*woF@UP~Q8#
zsafhVY#j-vcfIIS2CIMneAx-XxAEGI3bH2zs4m23%hd5j^U&(%2QZ#dU}Fv}d1WJ|
z>D>;Vj5}4~h1nSPz2n#LE<Aq3fA#I=0z>%L7fW8lFEgbCutA-RSj{NQt|1#!qS+T)
zvBHhY(E9rhX5jT6pxf`3(_xjpE4b-O5orSvUtnn2@=^_?r8vHzlYdQTW-F(<XrfqH
zU&Sqos_D{(G$1&^TPtY{@y+F(CU6~8+&2sGk9VdH_Xc(|UMDnMPVf3O*FNuzp$_Zg
zQt7vQG8@R!B@$lUx43op9akWCVkX0}3w{SVFY0M!-^`ZX2mkw<5*3e42~(~~E3M2;
z14R+w?URVht4atQhA^Z#M_IKwC!$&}RtI*L#5cZpIv69Hwg;V?O+5NDMIG?#=&_rE
z2q?W2O6G+g2GU{+i3+|U(;eFxr!()vqVt8`{stZ^gM4rD+^qi5r6E_{#^bQE@51*K
zg4J9ob;YX%hU<$a&|~6neU<+j6p6!<|H~W3|6y@Tb1I=sya%mPkwNebDr11K>2Ev+
zX@-qjPU45};0YZC&kH4*25;S9X5FCLQ;3<ap<i_L!DzoJ^srJ!)KSfj#C_Y6#G~Bu
zv*>VL&{SOzX9Mmlq~Ia4VjkJJ5W`!|l{!UxK?cI6(aM{Nn;0mpDomTWJvpE|Rco&o
zmBwnLWmH~OD^sTPDF@V!1;QqOQHlZ5G&cOwe7F;czRj$RZ+DOlw$P$6f3F%#!RPoA
z;kI{pLckk~-oAjEsv9kbO@?p(&K)bS&L6u*LJn>F(@R?kijRDH^;AecBw%3ru~|T@
zw)=a4{Aw$_yhE0LYPOZ{_HqaYCVs7cFh*fH@8qn{BSj3W(r(kFCO_iD!(M!gE}dr`
z!m?^QSq4`A{A3mqSSkedrM5C`1NT?6x5R4BwwbqqE``rq&9{&v$TSXACLSjK6JBx#
zIXgB@C$;+$hd+@o>^gzQ%!xfNc&-fzE5C1NI)?@dqDY2n(kK|n-PLX2w6$1=yZ#s=
z41>YZn`67~3>&13U;Hj8@hy<)E`#sa!fw=211IJKj0k4H;H{#@tKO3z%Q9X-5U#sK
zmMi!k@=*GR(^K{nNpDnonT#HrVPfL52Fs6N=8##~u7Q$|Kt`iW_!bVK173?^DJ^DK
zpSw<<F+;bcvADwX8?lQudsczp1E%=bKSS&xzkO~$Ja07hguvoX{x}0tA%_0b@4p%X
zte~p|gb2C(zy1jkBhUm4x2ZsuF2<A^D`$wA-YK5r6$=<H?B9W@;PAIQaD}MjTNFO0
z0%Epy{j<r%S4t>f+j@)f5pbKb|9Tq_x!@0Ynpp|mB`Xgx^isE?w$E7~km&t(&Kf8m
zyO`}i4-qV%h26vg9l|Qq>bBB%=L{}>2<`v}Bz=r1{vA3;!8)O1e?9{GVe+&vlgXhl
zU-Vz7E-wtGV%Y9$t<HV~=9k59;}>qqSWF;V*kF#3?vTr&&Ep%iqW?AmI%cbaTN}=%
z_!}aMVH`Hw3Xab%9;!SFuoZg`qJn6Vr4Oql?=fMfXBtl7@i?3~#8oVVG$;L_Gp{zg
zDy_N`Dp!KXEvKqK#l!*=^grIHHL^e<nJn9#8QMoaX|#u2j`Ig{<`>C|C;?ZLOg=<k
zadP^PE0SQQ8@mp^9m`LU)O9X7u7mHwZtS!;I>Lg+11*=^c%NPSdV~IQaaJL|%H@IP
z?@U=@kpYHVRD~zzq8I%M{-WrsC-5zswGv~dw=Ni;CIg16&+9s!W(}Tt=~o|}pSWX-
z;ciH5F4jeEdv;*+0pk12P3Lb>K|?gtw2!QGh9fH_BLsP$<BxVm;s_!0@HA-+y)Gt|
zF+|$NKgIzLpZ@%NF&RB(7D6_alf}u9nz+jwHCacq=STcICIQFt-+;ND%+9|fX|NG#
zxDuSeD~u%@2wq<(5x5Ygfbz{aRlJ`EW{U8?o%NF&LTr!lCK&N(xe*Oa&HotHLun4_
zy*`|?Pgx*f9%#+`fGpjGvBD2^2bggNFGB`T6k>dvfKi2E6fVkG{Iu&%NRL4@iBK2a
ztdM;E`7cp6BpcFl_ND&<8Ym49u=g4SuM(#tnR4}irehQmjsv|(!fuE@0X9ShjM05&
zpj^R}RUgjp^=oQ<VC~Ft`PN^?l+2oh*!Ng&Lv>}jlx-bp6yj+XrFm`9s$z(UjV}<R
z?Nst_JK5x3&>qDEyo($kMWsPH|2cc(8xRyb(@oCLuR=U+#eU)Ne0c<c9Cop{nz_EH
zd$P-*&)}<j@jP4j>c0PMHn7n4BZ0ZvZ1{T~aRD>T#X61MxzX85h)6Nr<aOd-3|Fhc
zN@mU{T}gvw+IDo?{H8B-i8A@}4MyS0F<`Ul*55X>#q@=y#Me6`C|qJ2ibWDXX{6a|
z`K0k1KV$y>x1lEG1t0rY6*fzOw|WL<BrJ|SjAYq@(u(jjL-DM!^w@)oZ_fTFvI*8f
zdf;jiOR-;7Jg81*&t|ES-cy!_&jP&r_y1x@dwf`VVMB)$)6{IjmgRL)lkc@YmD`F&
z8|G2)4^A%BE#P@KcY#3h`yD8@c4X<~36dLXb;a6~2VE^^u_kT)Phoav2bFwRissb?
zv=^SKXA-jPe_dKUF_C7=JI&WpPKkC+PP6s=PVoAG${O_-jZ)rKpB_nI6^09c%cX>l
zwVeLNvc-6D)zvkYTRUoAzv}b@vi>&DIan)qV*(bQZlbiuo(kH40TYUHow%cC_piU$
zU=x(zQf4b_Y(;zQ3~vD5&v()r5jo>3@kPKU_a8@%;~Tlpa%#Nm5E)JDU>4lxJNBj>
zRfiap*+HMUm(@9!0!N36^goUc4A??cFf5gfzs+9|wk|a=S4(*Hc3bc*HjbG$%ZOR(
zVK)MRjgadro@T#B_s(CJPmB;5%JhsJBE9{L%PSA0KcYf6hpoUNaCI?me{g<t1sm9Z
z>i>)p9}JOo8H*H_zpbD0tehZUXhAJ~fB$QYLR&vzo1ZNeZZjaYSm1m|<pXT-swDr}
zb%6h=X$3P26_=}t9I^!$PyHDwslchYYgqNsFXzvxO#irnDEbEV?EOC@fg5=JaRV`Y
zi$<ci>;->YZ16d5L2nBE;Cqly1zbD>@oyK<?SvNK|81ke!2E$fgvFKd>4gV7VAewv
z>w|4GV9vk7P$HxIr1p<7D+P;Kj2J~0+9_b@9TJ}Y`?pr`JiNHK{}{wQL3y(Dl}Xmu
zH_3rmBK#wkoXLT0O@-obn=lCbEd|>A`zv)H5V->@W1GhjD`GZjqK%OyU)e1Gm$?pH
z#R*0yF5G!ji16*-LXkBo7(>Q_(kL9eP#zd0`=5hk5B@4s_@0f?^G3r5gLi-1JTXEF
zan?YiM}!4cLFkbE_J_UD&cFpc&GC0f<oN)OxCg=I`3W4oR`k&)%6}~#zyT*F=^ulM
z!?1&L)ZB>I4hNhT_#dYMJO2NfBiMmcL)_hen6`i&@NaRMa?K$t5IleS_y3piLVs?V
zM2T0B0P{es$gD#AUIR~aUAf=qOa{u`sOHVX3%WLKRrG_`{l7i9jK$lhF)G}O7<wX*
zKPD?LCi<MO^ta<wu>2ihaZ|V9%*??9R=2A^;-s7r3KIjY#PN@C?I!}xIA@}2mbmCu
zAoR}*;|YPM5IU+%#bOWs9<%a!mY{)Pdv6fslniirBJ?hcUOZzkY^`QGZrDL@tNmj*
znCRhHP*A300>6))`}gkw_xAqNy)l4$3#uvm2Y}7iHt0W--iZM?qP_h`l&zqn?1H{P
z2n&6X`b(4nHhJ)mLC|B0)VNo<DdVI4@B!_IDjq+*RpyeFh;X;A)73pscTB(l@IUA4
ze+d&{20k(PIOPM(z^y;GjTnp-@a8v$gcSj`n19Tjp+;ct(3^*HaG~eU-9P8f2MjKk
zaNzX*&tJCyzs@udyJ3s|^_@R|{eQD`{9g_G|JVUyH=rHyz$&Buk5wj<7T6RH9h1Hj
z1M9gN&VSqm#MzC1#F;(*&z}QR{f<fyxg4#}lba-3PQAazzW%obsT|(|xCrq-E>etM
zTT@eCfSCbbq5k8mjGxRx=vGQ-8GpOyq$%we$kll|$4NUD^Iq^41O>cfS^jv-83WdF
zeB?Jh`n|m27yU0lZ1oxd?d)|L`n&$RdF4p~0lPl%|Frkz@l>zd|9eXzNfSagDmtYM
z37M5s%2+5=rijW|GS3O8iAF=FMk@0VirDOMG9NOJJ0WcIunpVZzx7d0TXgR|-+S)w
zb?@ud{j1kKAN%uso@cG~to2^+wbqG&G67z%2F|y#P6?nD{2w+Na;`M`c#!`YT`8Ai
z^V(Ko4$&8>-MuClEBkpL^GeS#CC?43<w--gO;|fPw?#Ugu7{$3q^&Bay4=*Kg8HpZ
zUxTE%i_3fUO3*xLfJ`TJ6=lX;InlKpRJBRd#0^wcRhc;iDci!sv?B|L+QS15Q8Ufk
zkXc6!!J?v~#<SDoQyKY4uY72LzHL>G0YQV_i1p;Xerk7A4HUJf>y6;pG4P1BErp6;
z!>kZQX0uo54UF(ydD&<rF&iDMPacJ`L#a)+ShUXr_YruhK=_41c6@Z0^-849SU1a|
zzmmu{$_UZi2h)?^TnqY3I&kf_=r{Rh@1_ayJ-aJk7o<Q90`lXu!YzYnlf+p^Pokqw
z1llAJNgUykn!U#*=fTONcWiYwulJ<PDh24>uvvrM>9?7Be;&@zgrlox#W3A0>##ST
zr2S^%cI&ZtJVYHwQ0pbCIx)hAQ^h*@Pyiit6e&t(jEVAibDA^Otjsl+_;%128Xk#5
zw-B*rI3^|~jI*gz`!epmBU2J>Zg!JUn8syhZjOUlPht8aWA#OH;xe7vH9|A!Zivz4
z^uCPEM`{d`D&%HNXPiDf!LS^U(-paB=!T#Xf1cr+ZD0)s;(H>qH`9d39&Nhb4H|2u
zJa^e6@ylHCbyn_7){S0d<j~&9b|01|YYR35Cu1j=Z6#PF+reHzpXgj>k?%3nFEKW&
zBKUeMi43KiN6K=N4(93@IG;IARCC%@KLsT<qj}*a8tK^XT{g}t6Qqj~6>I-o2!yLy
zh<P*Kk(2G=Ddl<_T>H-j>J4F1#3N!7TW^RK%KImVtw*l5dGC=0tx9yoB6FYcBPBu=
z)?%~J^<MpUf4W&-nQQB4q-A)-@CZyO5s5qTY6mi~i)l)ndm_o-7ugpd!_&wFj#N3(
ziLHHnqfo6WKjSoBqvIdwN$T)%pGI{tliQi|3)l?9-6{99)ES`vv}%2}v)v?&kh<S*
z(^-5U4{f|+N$XzZ(N57)?<oi3W<DXkCxpX|_-y`0Jb<e1N8-V#p)1==gQqvS5|WW=
zSlXtewboE>KGfVTC(-1mpFbAkIUNIG^BJG+dlfg52OG$ixk$s|l+;rMbrmR%_D@Cq
z;#tL_b84-}Oa>tLDVwmmQ5-Xkm>iuls66EI7?to8ZR$eGv-3t%^AM2g+j&a~z<HMo
z_Fp#Gh%UXHIpL86W`PwzjXAUMrg53s%tSwavLmn}ByKptmxIy0zJY%b=18T)xR2b8
zTIG*%`CQ3gT1&IGk8xBbcT5Ej<+FwpQ#PbR8`F+I&CzGc3E%Vi7A8V(K0n?WCrKfV
z`d`MlmLtQk2x9dO;?QL*{l3$;@D;F~BIF_*UXB^<T#LQI@Jbg4s*)ZH$cdy^j|=n0
ztl6{{zsBhVH>kuo3VSw!+3mnzB2U7}|DIf%+8J(F&VH(E3@RriNqBCuv3M;_I3fdC
zG8)T;w?(;KL?%9kSashHbo(S&@p`zBGgZ`xuzM@x`Gu<>E{9NO#zLlCV5=9q(z&%o
zh&r5@GdDdR%pn&w?juD{c@lA&ew~ejv#o=^Dnf5B**d69xkA~?RH=DBQn*hjLBM*w
zz#yoao^7Z@#w+3O@TrVE@(J7lx%H<b{=Pe(U}_Idnm{T2a~mxsYVc__1DI6B>#x~_
zd{JgXLld7~ASU$)m{fYBH!aHw-Qp<99$h6-vkg(c$S|dAR;K+L<WCw<q&wv6T=8(K
zDR;K%$m&z%VQz{DVgVb(DgA9^wN|MU%Y~;Jq>!$AIAng&ZM%=0R928jSQ4z2sHBB#
zn*g6zs7B1?!6|U&_ru2{cm2~?zzvE7dy-XL3C50Fre|^~uI#^=E_+AWnVr0*sQgee
z&%ubYi_<+ZbbSpMp`u-WuAxF_lSWg^b)*r2etH~D2+}<Qrpp;JYzw#D?^Gn+np|S{
z3$+|zKf&jljntlcdzxnBGfm?%@Vj*YTDre1B!TE9vc*DoM#6Jcf<0KjYZT@(iEO%5
zxew~;uP^^4H8m9<NSO@$Vh}w{gLxZp``0om6$e6%?-rS!!y3iPP=qg<VrA&qVvk2!
z3>|lcrLd3qWlxPJyzY7scOlVTKZo&7OXM^l#|q*EWN@%QmxJzvBxL~-^q%EQVAx5V
zsb;@y6DxeirngzKrumj|`9{j79BXy(g};S+UoMe@$W_65Sy$A+wZ35|(i;OOM9LR3
zbrgF8W6tuA>FBc%1eFkbDc&`n=;`h-b1v1jCf0yOFqbp}43cz}Rvuzkm`(X*j;#1J
zSwhtlnB8a4(49MeGM6O>yaTfeXXvcKjv0Th<O>bj{9r36bBz{Kn@%)gFQQCF(@q++
zx%9>7Js{^mCk;kqW?TAOwJ>pCDC-`@L(7G;Nk_V2-i^!gZcl2#sI-FM=8~&>k-I$r
z*2=r8_QL&G_UHY0ms8K{0t{R><2`7=IsQlat>jd_ks>CE<~1JOjvm|M40GiK^t@8f
z*SyTDJ3dx11s7Mua=s~Xg5=3`%lA1lBfoD+y;YE|v)YId)&|x3m&I0>7d4I&EV;7o
z?eGl0SiBw2lIV1R%*Vapy1*eG&d^7}_GjQ3pe#iE06MkOnwQoRS)=Sfz<O`W0Yaad
zdG;sscl9AiO=|<Y2;%VIpcmUf6stJQQj{Be#Jt?qL-IH1nt)lSE<64q$-3o@ekAxP
zcU!p5Sz8OvL`KwHgo2~x7AY3NoO+(@+}L_-nDv|O+0Z?pM9{O?XJc%W-X5g?#{Mbm
z!^gW3So}|^Zb9w?$2tez#2Y9x-V@h_YeA;(ev#?J;2?&_nVA>VpOLqyjk{fD??{x9
z7CjT*$8W{mlwreMT`is1u<4clu?&pp1j!?p8%DfE`yE*zj;k4MSE%~4IiiJbqRh~`
z*F`?S3&P+9Ea+0`lzvqGyO={9JkV&SSnb(O3`Q>{FpWOUntnM`@`lgnJf6GN%MR*&
zkDRczuL}8~^E`5DE%rl)O#O9c%@u9GxIg~l$wWyXmNin=cDqLX)%07DQ2$f#^B@L*
zjq*<s-qCF@aJ*IlE~o&V@ZIKR(MLK&scxn<3Os7wp$)HvSz>Aj2MOC7Al~PHIj#A!
zvGVRmwxuwa0|*>(=6g8e00N<W9|g0ZS3%6qyD(<wVL`x??*p~JCr*F^;pnRz+lj;!
z==qp}7Sc{f{k}U4ZCc1@6f5tMW`+Q87Eo!2M7Z?UB7g|{ccF^rS~!J8p_?B~NapRs
zJ?K<poS$vSO$om+n;c2Y)@(^9w$8%~;@+w?NlpBN(Ek$u&}a2ZxXRD!rkbg7tdDhK
z9rJpzF_SNBo7W5HM}-Wlz8+H5vM%V=qn=5g?z1ouaqy=;-(w7$9O{knAtnJY&X2yg
zbTo4iR4r&2o2hOHcX``d*}OAkg!x$0-NleBTx0xC=t`dj8*tPn8b)2<a%%TBZh2#$
zCpSXn4Whgq7@9AZ?8+;*%$@FyO}(0^pCyhsP5mxw8N+wU8nM#X{(*-GN+@nV+@}c{
zAbM?&ni_%mkbdn4xb{%*^x06XSlua6dgC`9{2&V_9Bhy8(WeQyW~5|=sAD+byozYm
z=0iHJSl!(o@A-mFRh2ef_|>87`tF6GegFETRAWJCU19mLh|BSmxobWslY5aFizvU>
zi~aVIR!9ct*jxZ~2~b6k2}b;NDa{2Cy9b)lXy<P|BYMIR9gsUNi5Q^KrKf)pG~$Gt
zUIY2txtqT0@pZwKVd7RRPq{n|*g%a1q#5$aGn&=BJcfU_Uc-{YxGoWdp5_dV3bG$>
zzU_xK(d%{lWyX|~YEdvY@Y=NnIMgMD_IyU6RStDg=5nK<Tux$HIke?o4K=3g1mI^9
z=YMA2G3+9ZR#f~(Z}j2zek!5zwx-ubnFN~4_UW}a?Hf2&xvbDz^>Z+?j_mn$&<X1g
zpcPS10@hG}!zGo6qiDdDLawRQ4r-V))`7mWR+f{8e<(HJ{P>{`a`93h>*pYa?qwmN
zu^%t16=cb*#a`<BUB5n-*Gn&?&L9v{e2ov`V86KDw8FjgkEkF~g$yK}_D<C3<6%KK
zhxiVMM~QwYvqz_0C6Nfj4(un>a^VYG7J)Vondb6pQlR6U0foI?hfrD(@y#jlxjcX&
z70;QP%?nJ;+3VP?w8&uxJxPA!ybh~vE|5WhM9QH#$8s^2*T43&2N<`IiA^_a%I=|}
zrB1#+14d-uoJn77$<78U5RqhgTKCyF>u6fxnug+C5GFH07;g28*Hun<!FM>U)tZni
zsKQ!rjIh;Sj@U5BAlRp0ECK2B`J(yo&DW^6S>fTXxzuY1yYK~(Oh(O<0l%N`I*ih~
z+4p-qBJbLBGP?-uP;jM{;>MPOg2*bF*o#8Svi!I;k}SM6cPfj`cjK1IStKXiFA1yK
zzF<{zatLo&i2W&W((?0qCELRd`<KpQBIhQ2yX5BB&~0c{v4kxdy>J{y{wI$E!ls}t
zDGv~_>X5n^3x~K2;<=?z)k=(aIi0ZRnAf?AKXhAE;qp(te-g=qKVAC9@t&anlAv}4
zF*kz*HI<knx6WF?C=XNXG*9IUBn@uK1#9vHQI}jO>Pvxujhp9~H#Se`RR49M`jQ6!
zZ;~m*3N<*bP(8H@)UflnI5S`-*JK7XzXYqGFo!HJ1}f8(5DN(E+-SGwxP%r>NUvpQ
z5I6uUAfFG&(;{Etp)5@cGa!o9k+8L)3%7P@G&XIY(K?!qC+T2KcrXnC3rqtbbl_ub
zU*KbSr_&?Mhry=5BvfCx75_~#RXK&4V=1ut{3R_1#>#)2)kPQ_Gva?qsAiBG=)X#)
zF3EX?-ZaO)D*!Y7uWR|wtK&a?lm8_x|9N##J4t_^JM#1D_?z63+X)kM;m+l^6Oa-+
zd~^YZ;k_CH6;YPNKb&EPdxN)5YM)9-XlTi`F^G7~?(9G!p7aF)i`^dw*nAOitOy2x
z;IYe?wNEYdhzn>knlGwk5>iU?UmlCizq&25{-e%rmtN7-;Z-3p78J&=J-9N6&>V`v
zCqu|cU&FfjkUDj!VE;zUH=Kx`r*fCKMZ#--gwBnJZmNt(&LP8~nUeh=6o^TeE*i5<
zK86$-eR>8Cp|8cvxowxS=t}*VIP>{}Pu&r@z<NXK#DZYcz+1*GS;rR8tAeIIiRT8d
zhnjaeFx=694Qzo?9yM$R0#TTLg(&90k4vxUZcKeL&#Ui7B4FJN>j?Ma1xce5J8v1f
zm<l~AG0&~<dqQ_(`w*mMrZ&!JIyzB>^MpOoR{)RiK@dP!S=M~r-Rc@4<vWFhzNJfy
zF4OLGN)|OFJdv$U(B}+*R=Vm4nza;D>`NGTCTb*9xKk=>3pIU7difg<AVlq0f)I5L
z72O0_VBq)_1og+2NwjSO&@a5@abqCff*OB1q=mH>d)wwQ<BLqM+2r#1QAGdL$8pJJ
zh1XTP>JS0R`YIq_LgHosXcmYVnznH>Kwjx_+OI~pdcCN1433}SITMUd2AUycF+w3*
zUVL>y2#)y6p$$%KPxl@jxctGd=H>S;8bBp6z_EHv6}AEf^HdOCvm_b^xRL5{=8$#k
zqo~<kD4O^+aPtZTy%;$RZlk(P_A>6Lt2`aM5nvr++~ISJVqBE>Un3@jqwf|<?U9At
z>H{4t1b7G=^e=#JOS!u!Z*AJWOJvHIc6E6w{}S=QXb!G=fxuN)5V-1HG(jz5j?hxb
z-VueXD`Nn~wfx48SnR#?+`0x#2Ti@JX5B!1O8q~uS$+_k(=W}DTFPBV(^jnkNN`W>
zqaHoP(9nD{G>c+!6wQx_2aE9s`lY!<OT!_5RaEAZyz0+@)5VW)y7<NaN%CY-9E1qQ
zU%*U3@^=XQL68AEH!)AwL!dtTf0@PAIY(2!y-;;;`5`o)<ke~wmm$r|GH?9;22i?u
zG4bi|5tX^5)rB4Z3HH#xtRGAJO(>clQn(gDQ7G>{h+Vj8f7XQ+vC3Za*Y;oFk^O*}
z0~gPKMpO_2UC1@99%4)?!??@aM_1MUF|lDW#;34!wgNGn<L4bB=6eDBi}{5){>gsk
zjeH9e1Z&P30FYdkxNoH>-003Mkb<AfMo1!jL(T8`hP>cGoQqSePDP$wKL6|wG8ao}
z;g57hbg^0ed&I`ftUF&jT=_r2-dfU#!Zp2Qx@IwO=A|$S>CAH;OqwBRU>L@>e`Odh
zg(fTTFaas*unE_L$mQ^?!2Gk<5Hqy|8}TpPQgDrbpNjf>L`7Isnl1XH_VjFz<$i>;
ze_CrIx?EPfjEUiAW)H|8KhEs^+oJL{r&<L$mi4{RZDf5|iiG{Zqx05>Hk#k?Tx}?^
z4TzelZ~s0cx)i(dZ}Hid<eC4MlSO@B?7a_kwy-0Kb(|0C@4bCt$9&9AG5<@W7fCd@
z%l-c(<@;9*=MtIkrF^!o_4VmiC+jnZ1Cq{^1liW<H{}O#Nq2FU6W7#l@rL3SKNf)?
z|N8<uel@W~=8|BcwkQ2*Q-{GmjrQ(pZDufHt+*Js3&=sThaqFK2-P>b=e1m@udZz!
zF4#$2jG6X4tL|GDsW^St_FtEagrl`a_XT|(K%&l#KTM3LVdFEbSINU@f^mr#n~yxf
z=FznYh(FWU@4$pLu>iq1RpVR*a{2rHP;RqUk_hG*??er)TgN%I*PK0M)Zgfn4=hU~
zMb|`|3|L2$eX%Q4<T%@Zy}FjNbUbYBrNO5z2fkoX%?|}g{&4?u3o|)*bJjd@chTqb
zuq8zb)twskA*sl1z7>vrV^18sq!BVlZK#=<?J3Ox;&6Q4Uz3GjXg$WBP#)v0^YY9Y
zR_dCxDz1L*cv<vh`1U`RnO)e_l*58VUX?$Jyu2f5!e{euSF(BwMlA=3JAIRHP5E6^
z^och8^Z}oH`YYaD{*nN9Tm79^%rSUzRoa1vB}~peNcu9V5y><4WtG&r-%2U*(nV-#
zi}DD<-kjE%B9@J5%U99fVbgte{!C`u>}oZSNY~x_Aj7==)qpINt8|Htf31>O<OdkV
zV4Iumjf(=fY<X^FW05k!+e(;7k_^%GG5|LJ$`2@b^en^Br|o+f8_xoiJ|-o@aXSdg
zTb<4_%N=5$?xMIo`bu7@t1;9r_W$PGV<&+`-*HkT#o0R{C-J@K>bf|*_=hs?Gi7B9
zXkDujayK<YJVb$9$jn6B$Wz&XnhP(Ne<m^*HQH`EE~Z2i^3qhvvJTECWU17rQ49*b
zN@;%>trRD=^b||5@eXiB!vYEmq6E;TAH&MC4uGoUEfrJ4$<hjMVz65G8QKm&wQUUc
z2Y)$d2=r$UJaeOhhi(WdK-D74mN2%@y)zF;-M2)I9>^Cy2uFO7>G@!CiSs4h<mNy&
zw*<Y)9CAzaaSljsX?h^Vp8F|bHxDb4MPB5NOE0H4+PkiCYh?@Ks8~s@j(s42Ry~%o
zCA|-luc}KWUz4=FP<~q;snN7BA&IZ(j-;2bLH_upPiMjEaPXQhSj_Zw<tZvo)J8)u
zl$o2rL2;qV8lu=#1us~Pzw%kB=u%54B^E?E?mLe=s@sC_r2bK=w0^q+3U|Ab-@AOp
zTza+of^N+z_?tUi$@*|`#{cZ#KqJMu{EwC0M@8>wSla}8!4W-A68~q?32I3asr`gh
zFVxP5w~GQ+FNRMxq)G)~F6aZx&YctTL$(`^OMqDZ!<?hT$~9PR&#k1HTtim!sC+IP
zjO9?o-Hjr>gJR*AZReDTU(S+C)|7251(3;iuZTVfGKrL9FA4;ZT}pLS%I_)*!v%0T
z`q#w9bozl=<Mz*;yq?S9Hu&^zBnM{pv(oCEuDiYrmn0zSD9sPJVjTd?8fX2l_v9Dq
z{L;HJbsK?X_x8mxn|5a8j0fWG=_`K3q^9cl0fSwG=_PQxhw)d|W8^0vXt47CDI2T~
zGMB9OAg(m90OksT7Q5Z+e{Y+7lx*uQkeIzA+;w1E>b8KDM(I{f7`e$jW?v>w@hhDr
z!Twqr?gt2?7qIz`g`&F=X_&);SN5Pq8|b9q1%H-lF7nl}>fj8>%CF0rc%_2NC6%zH
zGTm4Sgh+XcGreQ;1tqYe#|V^^KE2(paz5`}&CHjD03@v1`bT!306$>ZPphuMRapK*
z#hV}<+DjpMu7p`uoee9x7>y>}m}RON=QjC<Vc%iW1F*=)<^|{r70UDIc5bTleh1@I
zRxF`DdCMu+etSGnj}K2ojUSVoY<KmC+el;Y$KSS`j$)Z@^q9nP`pgnROmrO5-^0X(
z3frieO`BjC4K7twgOoY|gjd_)g5WFQeE1rYJ1O_|F=@uQ_=cRstbrM0m=M$85h&HW
zuOX+TB15tj7^`@#sA<*79u1q~objsQ$lagOsh4`HEZe5+fQTiZUwD%<)jh&Czhm^`
z#PA)J9M*KphIN>!-<7V2S=5?FHIe&sffL79-{*u~Ho$F(Asag$PpPvAT(3d8Z!|N`
zY(XO<DjIg*iW4Ytzj3b%qaWOpkqnJY`BYM-5>FBpBt3$eKIne6kQiYxj4Hzbz{*_*
zhQD55OY56vWoA$GI376Ozh=%(II(6pHP5sXR{~3P)ZgWKvvYR@zB)=y2+)49kL<iz
zoukmq<Hk^uKbPp(Y?F1<#&Vg_xHz*6zt$Xg*U381*^$Z+5+kDohM3urB9vj(#M(-p
zs2;VsNt*QcoSZRkbJsC#^CV_f+;~(OO&HC1+h3+QM+s(uDGL^RNkep3Oafts+`DaL
zxlf+KLd<ExpXxmNKW$9e$$pPAA|(I7SN*sXaEb*6-;DtSdCMs$e0OSheV-e_B#=v{
zP40D1blBsm*IUZCVVc_&bGgx{J0EhmoK`fvB<Yn*v;z0=GgjF&1DqqFD_`BR63=rs
z^$H7Fnnp1SJJ6*}5+q?#jp6LLk={t^p@}A&TteIpnS05iC!lV@u%fU*Z-;sKaO+NN
z(*DFcMi^Dom_#AZn43p`sz@G$(j^nz`Y5Nz?hj;((W(Zif$8#$F66#k4-Nur^%OEd
zLC=A|w8fF)=v3iK&Lym3m$uvLIhm>fqvP669zor;DUxeUC#bS8T3P2zb>(G54qaKF
zKU_o^Y43Z>WCWF0enYnd!$s>OBdqM|jfvNdKLps;9JBMOqcG;$noi17x<BP*^2_&F
zBQ!1kz*y}GH7Iveo-cP>6qO`t@%W+&AAE?kuboMiUfvK#unfGbL9TJCElA1Rt;b_q
zz|zLFEn@7$#-zC7UTEs#i|1^cJU%hCkB(~taP`}M&krUY);TpC0kh-6qdeISW*T*h
zO5CO!>g2qV+dB({$TxRllhKsfHu*ruz0)(o5{~xbIh#nPzLUA4<$DFP(tgj0Or$H_
z3*E8AcPdQR7`m%la@*c>50w>sJJyFEjiLk->=?~jp(uu2;Rx*mQH8DY;m%zY`4CEK
z<oJ!D-;`wBlKQ!%2g(g7K&1?;QJ3uWZP1hQK{L5m&0XnCT$+dbgFrDl=h4s~*^xC^
zQnzRMJC7Xz0$bsWVaQ^ZkH?ND2JfvhT7s6-PZ2ew`^Sd~_wP>y`vk(=oZx)u#5CAY
zr?e?qFnh>1H^|*!wUK2MjJ^=SU1O0JVlR#&`EZ}&hG7i3?{m_;y3(o*f;|OhGV9T$
zFlMdExWCbLRX?sg#kr}eRr2{;JX5YTeJJ^&kl?;Iq!EF9=WhL5R>VAJIVl+!N5w_h
zLNP4~lE%T%M|0EQUu8e>DiztDtrMB5e<SBG?yg3*JH#CFCgABFq9UC7oB2~;6bfKz
zM<hJd&WAg;n&UcyJ*C6)p@=FCW*5#@S;uItwt}&Ubp9~TPI5#tOu~i%>TFz72IF;;
zHJmy)HA>`!=!Bta$sGq%D?i2=kfS1&kEUn5HL1K?K(x^-MHQBNK=-It?bg|LyR1DW
zf`6nGAx|2OzA9>^h0bQTB6v-iEqE-0F)xZ5%qa&PB!iYKvaS)E{cQQAGfO6@>@>ZF
z0|iu;st~bZaSgS?I&>*a`@0SNV)^3Z9Wb=eIeWC?twYvs!|AGAKbT<{+mIO}H~wC4
zS<_LCV$POEV*ff!);;rZRAFHSTS_TW*43K4v3uRqDVh*Q!O57RGMj<ymRIAs$t8~n
z$r5N)Ox!2C<`yN-sp^43o$=W(j?|0ZkaN`z3=k^r`eCT(u=1(xiqfoB`@)C#K5kMT
zXMXYhnE?mqa#`YCe6c{kn#FI92d9rYhjqDafl-1DP<9w~#xSS%SmJNNQ*jZKsIIZ<
zHZB`ycXPAT_~HQ!9oHozr%nM+3rE}ziiab@tJL-wN;9HE?Ao2LcI^jVC+K)rT&mm}
z>(`w@mQ|exUyr`MHd;Z68H%^*ml60RS>aqOm=P){pWzmLZ9F(MveonBvJhyo2340a
zzU~tZF{(j?Zhd#dyOd2;%lI1<6N9b--~M~<{Fv8v!sMzytGbMIc|1ELPQ?>rM;dl^
zs#tb~6`Tp4Rhn$>CQEXTOcrr-tMA1RH+1)ULbI`^R5`)U61O)F3{``q@)vpKn!|xm
zqsfWSXOxe+kBs*6E0UY2CyZ9Ob!8J0G$#sd$XzO_O$O#|he)3D&f_|Hlt3f~ty+Nf
z7?nFT+?J8JB;!zexhB04dE78}Qx2&!(R4kBy%HwZpi_E7yun+k>;e14Va1fhe(_=`
zg4&i+Q5UDT-sZsUOTwrituU-421m@1xcfFTMz()DGP6m0!g<Q`2~7wTU{wtXQAP?Z
zKPz%i->QE%=@}da`!*LM+$HSO>39de@Vj(<q<RTyTd=e-HpBUy#KDxgoV+{Pq)s75
z|4kR8^6Dnu*T$d3W#rCA7@^Bv9-Ao;J>h||QFK2JH~1v6WzwlOH4+1Zq6|yrDkyLV
zr`t|6aAQujYUkjpPSXlQImiqSlJO}mH>H*p<meq+-+EneIs@@`Orfvf#c3EAyAGNy
zncx$$(#=eYp)a3}h*jGr`)ymZ_7EOeBwSBtW`;gsCF#|lC~r8CW<T#ccHDPg56QiC
zU*oa4Tu@K1(2h>UZ$xY(H}4HJ8^hxD)lGw0I_Eqag0=iaG-bNah8}eEfZi?J3fBat
zn8@jCmi17U<}(ByMKWnSp3QR@FY-`w$BI3%`DzmJ%rJ-cfR7hqTgoidnY0`tl-zb6
zMA?-~ax>TI6K5@5nVqn+IJhb=hD5yG4YY#jA&cAzQk*p<c8Av#_-HF(aIpW1nPgF;
z0LiXLdWs!T#cKU~^$O@j0G)u@gWatv<e}sz1tZCNO|Sh-Vi6|21;$x6G<2(x6JrN0
zMxqp<m4fpnv0NL#H0tKF$?)gjmBjPk${n^ifh#{gHCa?qmLGJ~E*T@pN+a`$ml?Ba
zyP>k^FK;vm>z-+;PmR}a>3o>y$hyVrHEG1gf3$ptU=-G=5lJC+pE15w^Kzw;Wm9L#
zErJClspLA;Qc+5a;Z`NCVLN4ue;AtVX-$6hnlhc3%M*8!h|T^`U-Z?pe-0JSg{$MY
zI;c`t#xEsr_fh;X{zqumCFuxXZrbm?0>=sK!`@*yBBx64UiRHiPL^vuJsm~vvBN9L
zPhY4{HYsXvs;;iaKVo*b-8=klef}N3xBFV;*d@HSw>|2Kx0&t8W8ag0GsN(nsG}Tr
zT!k_@Dd}Uq2{#vUN`N=_?P%)?;m%Yax4WlZxs7Bm3BLYhq4&f%%)boZ?lTw>F?<mw
z;R<AFmk3Hq^*oL7gLmGZ(x&6i<*wK|-R()<?+`mca=+qU-MovC!e0b~?kGlXccU(e
zdxb(Xox4THcFZ6l8Q*-)hkV@*x8l1d4xs#uMkDqO;Jnrvc0x;8-O62eB!GFLf7!0x
zn+}@U9nN{JEZ^85&H7oly=stXa!9LZ;Gi`L1_yJVioS1nUhLw~Z#MPf>DDbl`h~CB
zJOq?(oKI+;^EAr1j`a{i!PEG&;lz(T4G!!L%F2zBhiT@`s@a`@E`39QRTB8`A4fg_
zB5h!2e3#%dqM729-?Qedj{@{0bZt8b0XjftWzZMsA93-i!I-6E`lX}dIqYCy1>lS4
zmVgfaHRJ~JcHAav<p@OOK7U#MV~7fA<HZK~KC8Ve7nK0~7`y>&>%SbmDS=Lo2%nrY
zApiT~j3vYFjR9B0zn~2Ox#7O=#0I3T@3<6%4Ln}>Luc<Q%sB^XJ$vKMC(sHXdmm7b
z^jHuEw)b2~Rs#94rW_SztdNbzi@ojI?J~wo^DbmpU^2fsl77kg>Q_Kz+;{nIRU_+x
zH_%OOweXrl21Y$q&+xx*Vb(yP)I4Agtx$E_ENe9JYoc@oH1%=b^}}33{dQX%lZ2mI
zSUT2QVT1-6R;~iq^3nSWI}QH52<ch&LSLgD0?Hqq7oJ57bcZ=a{mOWsjo&iwPs?i)
zWPfSyz|ir_SICAw)JK}LPW+m1a&95A3&9!-zWdDI3Szv6mjiIZ3Kh3>9rE6{>Gy1f
zddpedNM{LWqwA}zXLPEsa;zE<xJ01yM|h0)sdg}0iAfhsWbB|x;nkIK2C`gGW!!qT
z+<GtuIsm!a)cfv2I5F4eVa!G6xPc~oxt8vb-UAwaxtW4@J?Oh#7j%emunDa5ILKmT
zTDQISq=es`dvYLWKM&g5hdD<lTe`BB)=aZy10c;(P2yIFWvUtZ3Jxs6HStbCF*%oT
zxJ6!82<99Na)&-(wIR(Fh@(r@B<eeO`4@Egm7_a8Jb=<2QNxRMbG)(11CYzU@AB4w
z98c(&&nSG1xbNT|$&IV)p+`1=^@kg9gEc8q7!o!6O<Mo>)h%W}+9DHrWOzrs?YRB;
z2_*bOvpL`pECznm?FKureCKZs-=&cpC|eKmBq@BKMv8jg&KL8TPE}B(fgAbG`Mx;+
zljW8_ld@lllZTdW{<X*hLb#ew5pv`rI>aK2jMSI{wQh+PN`H^2KnI`y%A_px==jOG
z{K>iezH)u3{QX}Sm7ko;A7#c77zL<x|2F3miOMr>$WK4tQWH&;V4Z6Mv1cbR<(PyN
zHfJIA^}N({gM4T>y|{y#`4X)JA;*x#vwd+(xF0aD9rtN2?lb_EyNmdZ2T(ZuTT8S?
z__udtF)siq@2^^euu#7?b^J*HUa~92e{}1$eiDF}E>=ef^8cFz;Gd*lWM07H*crJe
z_t5?%{mz36i$EQyJ%dK8KS{s;wCyL@h5w)Je1684|I_j1Z0^K>zf!=H(q*=T^&;sV
zb}0uB@v=JJ-b?F7si0w_-M8;HZ}Zi9-eFIh%mk6n_;~G#F+!<!U1sEcRgK(P2c2=P
z@<y^qwRHGRElK&@+{nuFuiorVP8|w-Lx|NbIpHTMJ0&?0ydKC|=@mZrs)n9LW;?KB
z0S$bA<R%JDLrcGgN5KpJ5l;{QpMXFzL55cN{_H5vvpsGvwk7JX5ROD^?bhBh_so}v
z6$EG^(bdJuJEfV?s%I!Nhqf~r_P)1($rr<$;o&<A9>$Kq!>J^WG~s1v)y`wTe_cY*
z-0x~GcvOLtrWIXXD790T5guikfArs9E&S?#WVN|7v)q2E7j|@a6YJKWh(E5w@4!kv
z8ti`myk3cL%r^NV@<ke&km3pFTbdj>AMVx(F56h)wVnOt+Aljkx0?@H&=p?i&hQ0A
z0L?YU6Z7<*pV0WHS0$)IQ6pu)^M4)>{NwBatf<imy{l)s0ly_g(QSW*SCMt@S4N2%
zKxZQ5I}0AxHGqeM41HM5pyDQb<@^$==6?6uf=ACPVx^55b^V{2!|!I(%s=|?uU7g$
zv)XpYTnf%sT)mS-BD?I5t?4a(SDr85o06!x%YwaY>{EBWp*jHN4RXwy%D7;ck;XG9
z=tab*DE3X*Y3b88x3de!$GuA#1<jcFzi0-7QQ>t^nZue3)To5fX+`OXMP>dfP$M1Q
zuS+<=foR;}qYECjqIZJCLtoO^PUKOZ|I=!--B*;_c+9rpZgNT}2WwHQDazZIR!~sT
zuR@+uJ-PlmX~R?BpogKx%Z2X;Z=Qb_jCsla9h!U^;`*C1R2KieLAH~K+i-zl?Gt&Y
z_M#&~X{*#$34oBSnirDOsL@aF9ToRZjB3cUm&=o%Uy@v~&1-ZIwZFe><FDj7>!KSG
z?-wYalMz{fn5eMSp^1<=6IJL~Lz>LaF7l8@w8i4~SHa%3LKt$c)%dco>%;P&C>t?y
zq_ib|{f{TPOuScKJCAnRQpo;&dcZ6_al_Z21*>h~HE)_kyqqTpokJfxOY9#^H?@&p
zF7Z2_a+HoCTmdsKLRwyrva%W)G^cH3WESw!GeVCD^F`%<7*4}13(-k5U~coIxVc}|
zz!lvpcVD%gn5Kc)&##*5%}0xoCp%2`O%6X9vL9@1!Pmxz_0^q2iH?grela~w(?PM6
z#>`kYt%VmPv7Q6d;L+=Jf;q7xF{8qpz0iM%Z0fdg(EORo0yE*IaK>9GXY!(xq{nGq
zH{YUzS1PxXuW5y@)Qs+JD!*Q2)dUuPXA=MX?*-yj_EH*B*>Km{@bbN>_`4b&;-s+{
zX64{x3uQ!^hB8?sfvYp54DM}gnDh*4;}~dlpV6`aIbnU6XG|;1xKo(}tWuOzWNkHy
z-)&RR`@4fhTkSWtv2-YD2CLT0Um(Z^98uvReeRK`ObPXQM%|n$85&k1w#pI@ptLMl
z8ab6vsn`ck_Z5FYE+N*aW$P1$NmC``i9=Fu8+uYJJVcr^FKi)9Z>G9yP~OTkY;0_}
zU_+1bL5=OJbTB!b(YNF%e1u@R^V%<cTgNQaH5v!UM?iFz*CINk^$VEKJzfk&`8X%T
zT#r<bZKV-ej(!wUfg-OegU$jCR9ZuiFVQiS<%pDX#k5YQkpHMA4z#>p2lV6sl;`H)
z4X~w0K-3@XhpX@zS~asUOo9#P*d}{YKHQNcTs5g4(uBkLN5y446Zt^B4+`zVG<XxG
zK+LR_TX#w9@MX%0+-g43rzc?&i5|Q6q3kveYGuO&0q<iaa3O9`mUZ4mh<UZ<_ft3I
z4aq&#-8g1>QeTUxu}nzD*0_Vz;)SEXLN`F39i$KkLWN?7(GlDpPUfUv^LvYx0!F%X
zul%9H&9|dwB(%KeeMNF^9B|vwls$VwIXqr&i}$a4HoGS0O4N-Ft!vlk=Gz%#WcG5G
zSIA%EJ2@}Db8=j-*go80<8PDWOd4<&!fWEWgz(!i@y9#4B_mdB>*>41p*61WTIG=#
z%!X*migUJ_4?sP#BRyAbAMnr7No<YdF6H!;(gaFmyx$CQ@MhbZfduXq<9T%4PU@=X
z&<pnJ7X6j(tZa{27p`;}_i0Nv5{}rX!Sj^Tx{^{vj6W&S_BNJ}l6f>oo+VASrsGmN
zSD<^k6$7H?fij2Q$B5X=Bo<-$BBKWUTZe8x9a0a;h*Dgo-%;_xKz?;`kfPJhkTyCG
z?n(Fd++}TaZrnreSR(q%KaAQ2mu1+royZ;KbNloQlhO#5uT8@hms|U>PTPH8xZb=e
z2=?#MIO2)yQI>sng5%AVzNa&f<jE_!)m9p-*87c3Sh>sK+uCeQE?Ri*VW(j7O-v7w
z<qCcL+n93<r$_Umn8|Kq#ATk`Lqu;yk~<Gs?phP6B3L)DDLNp~a|3*NT;apc!rsD-
zZ?2eUpYr(d3zPat5?>p)kUd`<!wg>FZDCV!AjMI=BCtYJ?*x$ID_7pTe9vu%maMZZ
z)2V#1))fMH!*ZM4s*avylGKz(4@p;g%;7viF|fmh%6SNnRJe(KwBZ)*3pYY0clxmX
zXO)VIz|JC^hl_Q6prO{dlZ<8e*wa~q3|<~Dy|Y|hw5yRf5Nu+f@v3Hay2*b~u45RV
zydSu>FP-XV*X%v!t!8|1?{TR}zg_s8>e(tutyg#S&ShuYsB3rx%yupZ`;m~Bu3*yZ
z^a6AKoNP{HqhC{b;DKwpfiqJMO~cu3a(|jm_{WL$^{l5q6?J$t`^{WUjDbmn7!4-n
zSM^a7ory8!B{PJKZLmCBwJutAWO)NcR+;gWQf-ANSC2dGto`Wl5))X|-<(r#qe87S
z&uF{+*tFaqMRH%CnG$a{c@b1==U*RHS3N5!doH)GpB{wi)OAUGfwsmAjK!3A>*?o3
zCdsVn=d60|8|Az0T_PlBU8vRD_7`vW{ny5tU({WQ#5*;v@4X=3R%llhnU?+{a-yIw
zS}ajR5ss=|s*GWKw2Sh18mnQERd!h>cLuCErYT!Owo8oqvs>xB)$$H{?1b;hrodB=
zB6G@TK6*3<xpX9FMpUnNwQ5=inwE*N^SSvVM^iSwpzZ>vjaXaYc$JSc@`#iKCWDX4
zY+_%~mokV}(GjAF_oFz89pYori5;(>HEP?)Y->@Eh?;O}i3ZWe+lQ_{t2$m9AAI@#
z>u&3hp>GPK?KV+g5ZF63S+pCq-ad1|e7NV5?>=}!BR;xZ%{ALv2R?A9v6M+9dRlq>
zMWgoHUyt<e8n=4M^^qeiVQ?e$=Uwzxys|;7?w1-xtCw<)*3U*q?QrDgoT}I7OBiA6
z4SZhn7DVS%CF`Gm)_U(u({Ngy1+_g2e~eAH-Lgq&oS=1G{h7r(lO6|aLzjTLbK}sx
z{u*7R-6lA$@1n9tt2@|b!F^Pjf^AkXd6}p!RC75mVZ7O@my})Mkp-8<idr-4=gBW@
zdUanIygcBiR&-k9oNLRda-HUa&*xp9z-eG9m3S#mn~^ATtj%GkSpB7&X%&4AAlWzL
z%9>FoT5TVa_4{s{_GUXZ2Yqt{&@_W#*z|`cy^{&!?c(<8)>0Wl@)aH@;oS#oO|0va
z<86@t6n+L-(gGz=S2ME4iqvFS$WE(9uzeNiCOEI?+x887?e(?N_HHjR^x|A$o8Od6
zYSn3OqdIv7Chxv0>|y1hQsTz~iJARQ1jZ(Pm+H}MYZV1lb)^eo-C4`NmP>Bc$yi<n
znIk9^qv_#a_h~2hPbU8!#6i?0cD$j|Z-P*g_GFS(vs#e^7vtupfSB`HW6|BtEs?O8
zM`8_pULn<4FU+fx@0re>2-RP%*?YkIwQ*5&j#|;<_u-L!V}*8>O&iu=_oNGE(PHde
zGR7^X4L-gumweXuoH`yd+U~8t|JL3jt8Q?U5=3Ln2b_{CCic+M3Ns~C3!;m{TNTF%
z%3|it`iU>1sCPSz)`4NKxc)X-@$Luyy;nQRUmFl!$udE8nonPvg{?>irP7_LDs&yS
zV6NUQEP;}|WEf6r?kn_Ynn2Dp;g9B|t?Hh^WPKOhxMP2yUCMWgMc{BEROPDJ3^l%@
zXy0&+ia|x=+t67nxQhmaj`mBL^>8eRuAcMS{$^xSXR#?O*Dp+D^%fp4$r~L<6E3#c
zn$(Rt^vf5Qz4?WDO&qMxS)LN4)N!WKL2%3MzE$gx$QkfKE>TQkl$YwDu{kt#Op52D
zG6vnHas%Kz0!9s<oRUyw@ENch;4N?KD~wR3HiFmSarKWIh?1UBb{&)HR-k!}22qZw
z7Gj4Q91RAoD;cSEZj)ZSE^kpzT?>)4CG|DQ8}^^>a@>Vb#VcI?nFnvWimjkt^9i=S
zzuI2>%_42U)WZfgaodD6{ua8JH_`s|jpzlY*n(lxZeht!uM+G<)nD#_(6rb+BrjlX
z_@<5r{;yB!Ecn0_nj(7TfD2`3?%&8!18bx99N$s2N-e;--|w*60zVEXg1c>E&{Xwm
z7mwFDSNHVt1cxJ<uG#S@js;d*&AZX~Q2%hk`;Tc`U~2<tPtK%VzTNn-aDmFppz}&(
zVu){5P@|amq%~c#CsZ@`f7?l{D=&|mvry15j|8umB)!Q=wzcolUSZ4>zdfShNpm@v
zT<g}v#b}hy5HWedxb&*f!=Clu!hYM`H2Z_^>b*R`zr#!K%3Jco%OTTU2e*DZ-iOTS
zJQeP~>_PpNMiVSDd857}+cM8aQ=O=S7W_nXP{&sOEnbpW&q$HC`tB~05T~I!mzeE5
zmXc-m7FM-1A+^V!KANIG!*ODj7S$#{yylhkY^7bW4>XZJH8E>_LO3-lDwW|YBn0ZL
zYoJh>LgE+`2lU29V8DawKOtY^-3#Wd_tOfhmCtR13q&Jh=^qDzsWlXS?ztcwxw^Fi
zwWz_%9!h|k{`~o$n?pnUQ*wT))femV(<mVO@Y7<#h4#O06ec~xoiZ<w)Av`Q;D3h?
MsQ;R<-{|uH10GQXf&c&j

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/passkey.png b/login/apps/login/screenshots/passkey.png
new file mode 100644
index 0000000000000000000000000000000000000000..7a5686c736b4c6459c1065ca8a5a2adb896cd314
GIT binary patch
literal 86883
zcmeEuc{tQ<`!}*HQl#usC|iWG45lne_AS{$_I+n;A%sxbLY7c=W8aseDBIY#VPqfc
zSjIYr_dDHp&wcCed4JFEc;7!C$1!HiT<f`f&hz|S*9cQpmOn#IPmYI&cShl!j5;13
zAp{TaR6Hp$@XpJ%Z2~+z@&c>7cU2Yc-epyFb}+ZHHN(TZ7Z#U5qN=fY;pwq=|J^$Z
zce2hyVh{xP$lejDzN8enbB;Ck?47{yGt^E*LxJI>+OBaK-yh-WQd|xXmMu0hcqt3k
zrK1qhL=c4(*Et}(x4JtMw<cU*{@we>HOHMbcrW8>Oq}QoPD|I`yH2*XYySCjtAJw=
z-YFq`qK9~<eEf=?<Y&$hKYsvk>In75ODeA7<#fhkFvr)g`+zS{;c?MS5&B)=XPVM@
z-Z&d}RUJ<iL*4XAJ=Zf3e)faHOJeG^#P3<xm{Y$$Q;-Y#_U8Ewk!B&h^(%ZjuL<$O
z0`@MA)?c|o^^L-qf!c`c&cheQ@(>6y%hU{M@@0YN(L%4%64w(X6#P39Sz+JiIKFvV
z^T!14Qk#eMS9cu4X7(mur*b408NcAVrhD#e$U|~xb5QOju=9nhofL`YZ2p3NuVc*c
zU-fr(n6xR~Oj|yG#VA>X-!tiaupgrr^EFPBBqH6$seYbsq%p(yV~chBJL5VB;@-=(
zW4{qZN%$)}%b<lUC^F}jT(qq{dmfzDTTA%bJd34}IYQiY!_IoEzz#b6f*JQ8Svku*
z^+Am%9uZw0deB{P(aXUnAR6`HL6(Fe&vyLqx$NNf86vAAXMb(?YM(-yeO8O1kapOO
zV1|ogT~E&lO4DbY`-u1HYYY{h`X|A~&vGM|rsvKXtCz-px?}(5=_l%q0`r?IwkwQy
zZ>pghX)WRhv!G|lVGAEG6+FjiCKeVc@fixa?wJ8ryw6jY(iC{{X1DP44PY?}rP)3)
z9%QGUOOy3H73;w#{z&tXK>R!5_*1%dq5xJxnWqnnFRn`q-jf$IBG(SANXMfI;C)QO
zMS}SVRwarGIG;}amWb{Xt>Y=zfV%J0NTO5UX)ofle7r~qzWw~P8k^faI>A65R`KU#
zUeb-KH)x2z+}Th)cO~#i&wWcKO~N?oxgPu+`h!birwpDIfhT%S<xtTFBJLPHrg;!(
zRV-qATCe578zPcV)a#dTlXX9H`R?O+UY}T}S$>Lm@3POSMvC2L=yx?5>1*joE>P^%
z@Gz6iJE~4OGO>ge^jgoa%W7pTsdnYK57=q)TVLG16e+9Gd%FDU*cqm$Q8HUSiO4~u
ziK}QW`NUKEyOVOe@8o+X1)jXP&`K~9KK0n-hQgcoZwMY-o4+wHG%q;MXO6dpAMvHH
zgyW%wEuP4Q<UoS}-qy8GL#BGg6C-{rT$G_2ZMxsbo!D;kDTi}^Ty19hV(@XI`OJ68
zDcbc~Pw{#dNlO0ag(<}i;k~Ury*;`;fk44e&%fU%Wm_lfAWJ3-CGC2a{0zVOqFS)!
z9am1dvl`EB!puI4O`A=dPKy%}5&06)1@DvJ3Dyr544xs^p*^6HjN!WCaxS_2<rQ|j
z%S>z)FPUE=UVVFFT1qDx#dFo+vQ7;DtF+fr*VJhXX+*<)z6giYhMx(qqA}v8j(rjP
z@P0&`bL{;%<?9og^x7O;4BTaLHSPIv+_5mONgZabcX=au&vLTzY4Qhh^ffMJedlVW
zF(OZUts;7_MrJWPBZpX1Bu?Hy9wgK7fGOSBibIH!H&|OnTy8llGDlsLNi$P3Ay+#m
zRb%yiCbHF)5)|2(=ojc0ePkBD!!yM5sUWg!$$TPdTTMx$OHnCZJ4YMpuCp2;c6UMt
zq~)6r$vilJraYvk)hF^jy|*x*&1suHp$Q?cq~Ih@Ar|XTkLDj4KjJQ@w05(Mv|hHv
z*hEx#SQ+&(54~IVT+Bk+4vRu>W+@JC_s}lc4>zP^UcYO9EYNq+?1f0{^VE35r>PH6
zPYtsXZyLk=viws08jjAN%E0eu?R{Ja&j0lMUD1?&OI%1r2vsDh+=I*~nJIFsax9Tb
zFES%<UA#q4m6Vg{_`vyrwGwmkYbB7<O(kw6)EncjH|DwK-kr6b#xC+(PqxUnk}nho
z#{~D7M9c2lcG@P4W{k#_q4Zw!=*Ex6SH$~jyXHU6m&ljPA07%BavIVrgcml!Z;xe-
zGM0KhQ7k!A-c@E->1$(Q-&U4iTxY6Mxm#vrI{D<d^;0wWd-3qQwpUBHhn<2<^Ji{x
zT5yJGr1ZZmd*@QWWxs%VKz}n<x3hjJ&}qY6cgA^Wt}H($e_;FBa+-a-eXhN*eUQt8
zdD3~tq<&Nps@qNKJ7W3M`t#ipRPS=`!nf@Lw9mZR_b<C*E8Br)t@n+Y%o=toH{w0h
zc8<Qfn?X&g_R@V0eaU^re6KaWYMg6S!J@IR53R9shfG+Vy(+@T1c3yV#N!K=E}n0#
zyYHpDe9!w>$*QjEsp{2J_IT^Dg5#FHr~UVFI~Nw%%_PpG;fn-!ZnMGfq&`b}W*%}R
z$RaM~>i6Yv!MM_xyJf5;cS^C@rddkHQ{Fbplg5hvT7+$+dibM@T1?vlW1O{DYHziQ
znQL`MK8$>5Y^%Y@$9H|raU4l7NhE&ZG>@zP!{T+s<rvwH3kG@xCAaN1YOdZ_tX5QR
zHJ#3!v6*gizFQqP-b<+5y!MQmIk_rkHyrh4vYX{xHN|~G{&N%O70;2xjK@@7J#*EY
zBY}g8Vzk+LDmnIPtnW1zjl1g6Sy9=t*@M|L{WJZr=Uf?@YI-5ct)(yQOM<JV$CDS6
zYS>+5&Rr3GOJv5|ZvDFN<)@sx=GXQ3mpgX87JWS`7qVXbW_G<prb8?~nSZkSP&Ue_
zTZOxa+mri|&QhU%U8w`D&0xS_&(gEOLYvb=v(QUlw_$~k6!nv9cZMaB>tEOJE@uo2
zFW4+B%<n>Xjg0itAF^JnZu(@`(#X;yMe2_nw`_76ZbbzjHZRMH$i9~~itzd}>|c&8
zS!vr)3QHEdC2ohPBdU`vpF?QF3bn3Yzbbka3!k^Q8R;G|tj1!au8J4MiN&tL6~?c@
zNA)h~50!T~4#yi9b;NX_v^{kOP(x!4PP=WOLr~QYWVH~U-2k<mOu#l{K_rJ%LYnkC
z@ywr@J0<rHRR`Yfq`i^SVi~%v@45%4?tO*GE6%I5URYY9FHGvHa4alvM<Sau4cdI7
zga>tpm~yg*>6l2`%-W2O7>~Ca&VxB0sR*hJr3i{uV1%|^jZX~}*BfUE)Ra_RtIWkb
z_?|dqUNzs}^bqSjTYwl1cgb52N#jg~NlE#!Ei_w3RGaOY^nE!Rx>^{`_eH<9U!<vU
z%eiMRU+1t$-`b+WsCvn7dqsHI#-ivZ^cKRgwzp?$#OXk%%}B*V%uQt6wQ+P{u5WN0
zl#My$h3U~bV8$DrLtPeHC%ioBP_l^Snx=I>2dXBEb?{iwEvhn>C{Vla3ordWnSF&t
zjl%4>rbMjv<nn-b5iA=zqq|ookF7t_X|li`xv?IL?t3j#OwbJmxd&N<9){E!@_CA`
z-#@grt^Q6GC*|HG;_JJl0+kY%Gm#@k+(W!*;`PfuTKno9x?7m}E>lG+%l{(g;hq9k
zW6)xLVTZrh$nXU(HXQS4r)x!TYd0Mg-PYgM_C=q}!<j~!jhvH%V10*Fkn=Nv^y;1Y
zP$G>jbe6QnF<uPe(Rr1w@tA2sX(khn*30e`cx}|e-LlT?u=DI{&*+}6uFi>pFv{JF
z=L2Pr9`0Zs^aR;OIDe9QVjXg<IC)(D_;UWKy=*L9cM?f!%Ng@wAbkxtd#GTpq=a`J
zcuk5&h)<741iZor9+LPB|9UNl&xLpD$NNC88)}6|_-7ks;2HPx5_sVH{PBG1bqF2_
z@Ygxu;h9eGvo#?k{nXFbr{aOn@W2{(6%>GH4O3?`GkX_H2iNbf>!pA<$Q<wKy5Qkm
zxQct=E2v*t2gV<^(tPOpQ0ak~se>J#@e>CVGd@o{N8C7g5}snfOFJ`HV^&W)TYDEV
zPtfHbEyRG=xVQN)v;Jt}Y6H6bP)U{bu7k4~s|eo>z8jY%$yr%hC7hp_i>b@V{n;J(
z3v}7i)zwjqpWnm7gU{n8pM$dnzksNyDE|#XenCNAparjsm%Xd8C$GH=`yYe+97o2?
z#njo#(bdYqo)tH)v5AA5E9mlN+(iHS`D2}Co>qU&Wbg9lwtx-t<38aR;Jd;9ud#uy
z61aE8RINPCY;|R<>;Rbob4ZE`+?M#!{vV(GHRIoUKK!evfPj$5-@E?pqhGsfxtKZM
zb+7~Gbd~%|Uw?M~`-gval;Fp0{coc9L(V_m1q3ZgF2VmVrAd;jmEofSJu+I!sAvMu
zfR*8X@H>ECTz@>{UgyS~r46*i!;{8SkO6CY;;&4QRbSCD*xhjP-szm}9={S3Y<nfq
zHpKUpEGt)a070p|ruL`eAd2-6ybxK{=cObHBZQhy5@hkgviDR^-+#k)D$G`wG{$bn
zcXJ2Ik?pYEbUf(ok&=fgTu`XRpcnHr()z2imxr^JyKKkG7b`yo;t`OtK0WzM)hpmq
zU~2m=oA@su;Qo9<KnSX*J}ZrfPk7>2KoaR$^gtH-=$Vu6<C;B958XXE#gBni&*KNC
zCb?dz3;5@UXVL4-|Cj@x(E74;k48+?lUpa|{$nYD%!pI}*vnICB|=h&b>FKM;(u;b
zx~Ika*L?tE<%HpZRg}bDPyA*9q!3T4U*!dCMwprvnX4dQ%J9zx;DM=7zsL&rXF3NU
zNa4kM?x+6wAuDnU^c&F+$UIHY=3x3}|C<E>N+J2DO#Z8s|0?C5R)POtPx*&u|JPIg
z>nZ>Bl#_wwzcJ;XLHNIc{=eDRKdl1iDPn{>D5<mPNxQ0v3zUr2yxxYp4Q4%?)szkP
z=H?u5xq7<`&&<IEf<1+XgFbGS6V@On-wpS4VRz_w4aC9Qj(4fCnHkoK4IdP%a`3p-
zm;txbha;<)^sFw(xF3r&X4I^{xF)&g&H%q;Ff;SXVMcqJduC?HZYyeXZGUrbY={A>
zl`dW=ER1T~*{QYD`*e>=tde<`vyww{%^BXiQpCG7Vlu9t0IzOFo@0sjgZCy?r<DkA
zI3>WFu`GEtC9+PF(=%%JGqoYssy-#&@ZLOg@Xl^eL5dwOFaiU1dQz=zrh0DUR#VM<
z6zDlG%ar>baof;m;m>V_@c9&{eYu6|!l<@FPPv-%dd$OW=-csBE)2sH`@~^35yE23
zw<w6WU!eLu;m#4sRaH(i<Cg(Jf(Yp&6N@d?*m(@=Z}S+`Ug6QJEZ@KMo{IJYAqTf~
z&rRLQ_5y=X9gV&ur<jFnZ+x`!3+Qe{A(OT2Yk0Y(E{@NJ>v=>B4d<yka{2|h1icF!
zMr({;iv8>mQUi~2fM5$oq5Wgg^ZmX2e(xkali~J0CNJPsg-a8uBR!t*jqp90wMwsB
zdegV2_dM6()fIc~+Wx{6K23X{SB=&y0xPc;IlY8e(!M~ao91@~j&#XZm0)JJ3W=-h
zne;5RqiG}TXXt0PHZ}lF6^3CL^k`WY>`h%Ta3gqY^_PdtEYZ#k!@_%Z<JLZAZ8PTJ
z%Cs)>L_Z&ik9O$m^^puLOO=^lO5U5+GvyhNMnEe0#9D`1+fI$USGUeb9mC$&%%^(O
z>^^x4&mi7K1dJp#!|@sQ{9#oNLz4EQbi%jdqqjxYboH%#B)Z|%Yu)guLLmw{ti<!8
z@g>aiYU=pTVd^K$`}*CE&AE<dw$K905UB_;sViLI#}9z=!!)p9(|TtO&a$&QF<D7*
zKTW6LA>u)5g4tr3<a7E+IXx!klM#WmoML6NNor-H?$*k9jrht)3CMP|w887cv#2VQ
z?~?tez2iggQW=aM-C<_C!2wiv0$^<?Vfw3ORhQO3_m`DZMI`W0h88`#q+KMD6<#Nk
zO#SynEMS(<zQ)X@dVgN8xyYbSkG&{fD7wMiLPwyMvj&mp7eorln+(0X8qk~q^4<|P
z@^(C1awkpL#ymN9Gw<C{Tf{E`yq03zwZCgBTWVq;FYD&Dp#o7M9^KL`tyU&NIa*fa
zC9UE>s7_AiOZf!>8@1OyBgQs+j-p>b9iLoO7}?5L1-HKUs!Ge+L|s|h1jEh98@FzC
zd`%4t<FBVZkLIbDbnr`Gu}Lj*V}-kP9r}Hy4iz}=Ch%b??)ZB-s2cTjeq(<l8fw=)
zRhBvWG?8ak^l)8xPAH^sNExW?+zrNjLxnh1+!xX2?)BxO5{|25Eo5G`F&jK5O4l3i
z_`x8l!zmTYs1>VJyAtQQ@M3FPm-kUj5d5N-=@$5IwexeM4c-nm(a~bocJ8u;+V~#7
zh~@)FdVh6M<AHqPs+A^Hf}w+xqs2WyUu;u(JAz#uWe$@8^ZuAJU4#zQe0nZ#n{8G0
zZ-sKe0oiA=B#R^+BcnziUH8%LOQ6T#$A9)m3kFL(a$oJUOob=K@bRCKXK4`Op7H;?
zBmlpkBiHxcrb=qF@h+7sFc2R;bn@fCK*zO9w)4o(qBScP4lF%RduqBJIWMu*H4nAN
zy~T`@uxXvxMnD+FxO2z6<HWYqAZpWidr1pS*A+&Q>77AXg#|`Ib8D4A_Fu{?N!=zZ
zQ-&vzwJ~{whOeIK`ukq+372@+Cs2M;bz+<0v?MB%?I>Pj6~iD*1Hc<V$h6kI7&a~G
zTov5nY&dpXD3kNQ8}>dqL2;xv5)2!9`&PSc#TP%>m<DVEUXu9?#B_y*2B1V}K5ABs
zP<WN|i+eCjOlq)EC9LFIqx$UsK15EwwEMx3+i<8{CUw;9=3}SS;_RXZDFpU1@)Fb{
z*M^(iYar($n$Z{iN?*NUz|dsogfykIrRxW3`Kl}2SB+C>?fKbOu4PSy?J<v*TlIfZ
z6a=eV1=zDiyW6%!O;o{PE)U|*>Od^4Bu*HW>dgQwW;c`@T7Mm$&mPS~3DFEF&Nfex
znx8P1fxQ8DJT!p5l(!3KhbZ5k8WBwTDssY0@ChNL1x8IJm!@4=de7^CN6ufZt^g25
zJ1a06Lk1DbknafNWY+lv%KCP4=~$v6Xj5rT%*}Vh&zThf2I&}kV}<z~`ZRaK*X08;
zFHO!UBpXs8YsT^<fAg4d`Z=>w>$u9xeif!NGG;zJz<S9&oTY$`MyF>tr#$HY`vM<-
zBIQE%mb%;dgQJ(u?c58v$}im$Gn_Nx8<-mIcJUXBs3k3!?0K7+z3<b+4k^DLn97$<
zfxZT`boXfj##eEhVFY>9&uq|6m?lM@;I0PrSi5^~etpgyc6Mg~<12tfP@_*@kC(=R
z?=lY#GlC9gETU2g#a?op#MLP2x0ws;EyGXR9D)dM2MxH1D5*sP_IG_GF^CXELdp1b
z=Z11?=kru@_uEQxfA>TpwzCUJ(dp;Hqemk2k&U~_>Ddl>V>(xmxew{6&TZz{7pU}T
zltg`~`McPQzY}f(8`~mxASQDp&aM0INY_Jo9<5nWX6o3VKU!i~KL{)}(?UjtUo=(z
zZ`0uuwo^ZML4T$O2~>wwH9Q)0XfRx!+P9_vT(;oY<j>A#KtF+B`_Zn;p>t%h#J90S
z+#dX+2U$d<5Ds36*6p^Q55w2Dwx@mN&}j7;ufO|+bh<vixV(yF^|wjXP`lr<n;r>F
zOAmm`J6O8A$%abZ!x6iedixb47yhnmyZ~pSA%~HR=1EFDT2<w<casmXE8hZ-xAmak
z=V*ojHZuEi%EeR3hFulg)25NgUgtgqPV^%p82ib@E|yhQNM6PEeiNH=)Alr^rZ54Z
z1!WIz5{on>*(`r)dx2cM+P3v~xjvPyA&>>cqrJ`W9j(V-lmLg20g}m*GJV`%SYyZ(
zx7c(MeIp|~nH9!%Vy-!|&!P}YDIYiYv3R->PqWG|*ntx0l#?&c26_?<pUw!w^XY<8
z4eEBx`KLCQQW?!o&bv?GBm*-Jjl6)iR3Y_lN5M)T0Yqv1As&32fDyBqA%?S|Ji&~%
z@QsTn_{MvRfWc-`gC5aGhQL4i-FfS`RLz}Tyb1U&EwVY|EaxOTLu@}?-XHk_`7Pgx
z<z#1hR;dj6!plenz~~0f0S<`PR(l@f08vZv>B&6k?2XZxkvsu2FQcUWqL?ef(>YTb
zbJZ1byVH|pQ?`ZlZe5RtEe`O?p=AW@PihlQ_=h&T`WQivTu<w`l54AZ?KH!U7*H;C
z#ejs)p->kGTy4zNm>AHOOn_QAzPX$fj~9V^RH|Aa^QtWLMovA*tRseo6`7c|c5%pn
zW_nh~Kr=L*6Z+Zrgzd4~0k%g4RvE*_Suc}9)K?SXa4n#9^6Fri*+zW6{oI%8=o8ML
z#rb#v8OH8BZP)n4Q1{4d0+k)*dnP&`2Q{87t?3_f5@lg+o1Th28dvU#o|H?-(_0zx
zyxior;q5aBG(>V}rqU45LD;UvY3uMLU9=BRbd|WfrQrNWMv&~w*psGumBP~noueQd
zprqzC9%%?`gNzR;K27JGI(osTRK;;&Fl=rko*Fbk<3)Kwe_Te7#{nFWe+HV{T`t!H
zvTeH!{7SmJN%s63OS2s~mvq&b6+I!Abf16>QOJNGfAL29iXmE~tudr+@B%ARq59b5
zUVmYjVTw=U+Hw=lQu6^z1@2J%GN;O8Y)Irg(HXfn$;n-TDL(gNnppIZabFgu?WEjH
z4D6TL0C71=&7VrnFo(Epn$<#&DN}2O&nrvrKg-Zki#j24R@Dp~bQZUeLhi4Gv^yjL
zo962z5s~de0~>HPIu^*tzW37k#12@`1l*RVVu$o0qw^{Qfexu1BqD}4BT``r%Z*2-
zGSQs(E}c{k4xY0osX^9WP>nJOD6JdO|Jn)g>=%m81k2w@L=a2=x6U8a*&zd)hG1pr
zLjS1uBSAhOQaLFoKL+i8Y}NDa-P(7a81~=TT;fdg$*8*Cej>%eC%k{*qH7ehaFx!>
z{^kAG9*JEl0DxH#<jg!WlPumC0xYBP@MFNKQALlnarhw~X+XZc*X!6{;DusV9-Si`
zDVI5zlkxFGjznYe@Ky<P)i!Wyp-|4hWvrxjzCo<gRuVZHQy4-Gl1=)>z~;zj7m#X-
zo8V|>?{|?pA8PmCr-|(!j6*8{NX)=moMM0`8ZzmLumI@Rb~Eer2`jrN`$OYim*sG9
zd=~xW^r3?^AOrkQAG9WjMG)?POl>R^ZSkw%!+)SfSUP81YOc08;OVRU3?rU^ZbwRY
z(k(dN`fQRR^0@Avh)`#_bkpICAnPO#@^~F{kIXc&9bt*0BHTiKe=c;08U4(>r$wtu
zLh+=$14@bBWM;20=d|sR0kg^fHCre(D3$#e)Fmf)fmC=$mp4fqm@0$mAqK1n*h>Kj
z3G8Lz*S!SdxuCOpC<Yx);Z|b#r^w`bX1=L~oUrLE&X3Pi(Fa-Kya2G458FPT5$?}7
z?I49ni2kxzG~t^}&IZX`lL(w>g#TQuU?8(fl;BB|2L)_1h=e4Xm(9<cm$f>1ZKDrz
z$bXEV@N;~Vo-)(6)cN;&Z!+6lepMm(sVGDp8N5^#kj~jFSsoBM`~Vuo8v%xOr+AlY
zIeNLNygoT&x)1(5@>&zsQV#(j8}HsfWy3=ZdV$;^ymnG$ebkSmQe6)++IfLguYC8f
z6}3EPR(W}HU{)r4IdoP(ot8ZrAjgKE8odyd$|UZ7OGn_mvgn+QgVrw|KpM*f0OwT?
zX(bVro)}B{v5&1bA9UK{zog^z%KD35#c+Df=Fb}kLYj;>?60+tK2M!Dt5OzC1Ug;)
zrPC-uXRn4k)qp7mfbE^kGq&{reA()rhFt8OAyfZF#q7m?Ev@s<7}z?yy38Z3h3M@f
zldX<C9q6F8Z+>I1!0v)v(9h<9v=gl@dlH?VN`J%6>`XH7WDA(tJ?qbzM}2zAIJpi%
zi5gWB_kS^*KAe@K`Eq1W;S5Lar<DV7UT4DOKepW=a)`T#JX%Pn8Bo(d^)H8xog{Iy
z#K)=Wr@7<0{1zf`_O%#hT@?h_*HPJ@_SHcGN{UPYWPRlqS?>c1`i*h10O4QXts~|a
z>*X>6MsG(2iIoE}vDfgY^(Iq6s+Z#bi8&t+&M=hKXe|Jq!XZo_S@~g+=S-caS<8=%
z%ne9e&#j98C9zOZh{WAr#H)$(%ed4W_aBfY^|LVmSs%QXhQfXaS-=YKuRTq&O$AmM
z^>c+bRFMDN8G*)trHTG(X{-R4&_LcD*x{g_%I;4v84F^TLwiR3;w9HeZ^)~VH>hGo
z&Z4i3g^Cn!BrOh>m=S{hk#9n99s*U#8@Y`0kgh*H<VAX0Oy)1(uLA6>Z#m|A<#U|u
ze`@yM?F<(wj6aONtf?6-5C!5@q3+F_kV@Z;_A#4hJt|BXdS)FRoDv&<4g^5Z&T3t<
z|9Izb_s$5qhQ6~62QmsvmcM-70;q&XuLD34^&hJu0t{pf65wAH?TS-$N@I>Qkjb7~
z1^rYsF3E2@|BDsglYdGLT13mn>D>WVgBtx80$E^o43Yx43uXp*qkr`xR~(8qP+0fk
z0dlVUA5m0BMa)-iE*_^n@1NQeKpIE=4n^mG4{^VR=Z8(krf;l7EbQ$?Y&0`_Ep5gh
zxQJ2yJEypae&T`_k`f#$tjqjeLIZ&PYw>iBWKO^$*?(H3Nzd=W{(rN~{~u8#h#hjr
zB`P(hUh9{z%&J-nMDW;geBn_E0MeMO{z`gQD3j8$u^Ma0!tj&93NPR_(Zzp*&G|Lt
zMYVIk@z>wkY(-!yQx`R;D-JNMf5IEiYet>m<KwnNZ{#w2hjK2Zd@#NM?bNhNo#@>c
z(+h3;Gt>Ji>_=djdnC>-V6RRtn3V`HxPPWJxXiHdW>vG;JaU8Um*9P$4iI}^UHXMH
zID}#NImP@BgbDctVRCT@a~-6%>W;Hf|DQIx1*X!O*gXBq$m-OOWq#inaK--^b3;4w
zy?+CA8Jxj}IerW{zrFj@Z+Fr|f$aG=jem!Vc3{{87a82T|0xl`Uo!dP8F9&0r4SH8
zM7o5c7gwg^&iqj>0pznnIqGMcGZvUSe}AY@{F@%_$uNgUaFqfO*Ec5Bn6C4HxL*Af
z*D9FG<v&JmpfMmW`CpKW28Ud~mB4?T=K{GLymFO1sVV{pfeOEjzlqB*4kdH$Qs5*k
z`%}Uf(YBL~+<HXdXikNbX^d(k9{X>CG=T4w<~^Ad8`Nmef0i|XboPB!LoeWrDdMMe
z1dyV)GjL(~pL+&~gg01esav;_g|mAt%Y|*^ww&I4;l8Pr)bHuq*gf<I<8p3Q@vrsX
zkpE3Rh)d;vlY%k>?(zSa+y1ZM?)Pv%T4`tDLVI&+KtpBoKTQ_@U789c55LRHGese;
zDUBM#0vT;(zl1q1JzTQ2767qL1LCyb&s65$#ZN#ZIg<-5IOxj3L05I+B@n#P(`;2Z
zscByvTIS}d&jQqnGMK)<vTz{O|1+Tm())h~R{%Cw>q?(^GG*I)#r^_C?{U7hXrLNF
zjI*A|pVm|O0|TD@()b$=w*(E;7DI52eSbFocd_;N70Um@Jm!N^fn>jnY%DSJH+T;u
z5_7v?CV=9LvE=`m)^w48#FO*ikY%SrUjN5Y_t6jFCH)0>UsK}(zI(+iE)7${rD1kA
z#gtlj3=?zvB<eD^+$t%fm)UW%8~vOekn~EP-aFBZg(v@U@dd0HQ01jxGuF$1Ds#~?
z6>u;x!ST;L322;@`THUq;2H1mYc`$1)m`uYs(yfc0`_b1NQ)~T`_2#AlK>(7f8;Fy
zOa5n30+bEzi%UyW18(|;6Th*3YLMBkG^i3+W=j2(4zPG2ulh}Vi%QjmWQ?ui;=%FH
zc<}EcXTfB#8mGxKoK6&QI<fj!YAmF(=4fcKyk0GdqYQW6|4%XiK;}JX-UKDiuYOjy
z0Bey5*iJj+e_Yvm_w>Jgu|E*g@FP>wI6G41V03$D#1vlXit?Tm_nE($X2m`8=?RgD
z-58DJL2q<O+TkqcROe0D>1glqnP%WfnzK%A$WSjp5TTM_;I8XA%g!=tevm=ez*Uca
z&u_;)gHI4cGg4}%czd~^tT`3r{V3UMq=oqc0)yDCWOgCJCnUxtAD_BBWwQZ(CtKm%
zRlqap=YX2!XVl~1F18siGXLmlJyP%G0uN!{deg>J%^&2wyLLt~fzQsR8s&>(;A=ql
zRSGgcQ2w5mUqrrJ-3DqND%8_ssOd0RJJ+~V0S(s5*RE)<4w9B4Fl$IVTAe)NmDu}4
zWp6XxVRW>)zNFJsTlj*6^ntpx@je;n+n!1?qL;Yc!rMIoqCbf2Mux==erpV%o<_yR
z_qavQ0*e$tj@H^)h~&}%0a~G*<Jvma@jBJiMznu@T^NIXH5;SX?5i~wH=Zj%v8w|U
zU3k0h;lJy_bjE99*^tg~r!>JWR^zGkt$<R53L$6$61?!?D!}3LT2+?y0O8%@-S*y-
zorH7?!6J6(AV9Q{1LPDgXeWVHT#DR)SjBoRIp^bD=FOMubNv3J6RpVz^oR9nx~36d
zzQJaIPI+blTGpMaT`uZK+B;m3YMP-5&!{|)rulYS+wT(*9U&9aS`@QV*1~PL5#Ffd
zc(~CPYExA6A@is|?Fj9-@rBMKcKH2cnzGu94@{)wyrk?#irK^mtuZ^Ry8Q_3nn!4i
z${Gr79hj<s=2&Lb1b9tVfhG2yG$0c=aLLg20Dyl@@;%4~$h6r2dJ$mlfM~pMZ*-PW
z#D4r@_wAV%&1aD5^O(tFzv6^Q9v?7)iqFwj8dXvdD<8_UO}x2gA(er}z2PcyvAusd
zCh5G%_R?TsZIaOfJInsPWhbckZv6tNWiG)8p;p)phUJ(uJ)|io1XgNAIJ#_fd@xko
zh+TCE6`$PiE^M1vJBxPhpQ^C}nBNDANvk|UK(4H736f02UPUIpSpI5L5fE8*2jIni
zmf|9!_)4b_LT=T+TPAMYjDxy%3ioakU6u0cm8Gj75+?-puf9b2EQs5Yv;+}@9K7N1
z=B?D-`Y5^Mj;2G!z4t~3@1r)wXkJ)rlLRTOws4`cIVGmZ?AWe?VOfx{ZRPub#MDa*
zJl;_N*dUPXYzow8nZ;7iyE{8w&w80vs!O@8*m&w2{0N}ke+5vzDv<@Gl^+K#w^10q
zLMTL5Hb41I1+r|nQ00%QY6+D@v!QaYbQo^FPIxADyd~vO5t*JXD-b81hF!5}aX4&s
zD6bT@>?!j<K3X3eZWO8Ch;-;gBtxPNJ*R@F6jUJUHYsj(H}iBSBwA~vGV9Y;ELj24
zd*}3WQV1RxCKNl`dWQz^+~ASrnMsSl)Q#jQGh77LUi#q`q5wY+#wq#<VZFi|H(|=I
zVbhj0+}y^iV-+!0U*8NLjI>FL_^g<+*c8V7u`~yN47|l94KqGeNqhz}O|d<ivuk`L
zRJ^A@Vc%w^eJjCf4R!;?iRriwhTZml=B9KPkRE-zttlJ%4SCp|mF*4GO)zXvsjU>p
zhjDKM9P>rA;~=lf%Tfh$&zKv_*79Pqaxqc!bdfopy%C17{P%Z`3{a5a^i!qPXVEfY
zi{nRAEJwy71f2GEBk7!ter)3=@rL}9uKh|=&)K6aZ7zaU7)YqDvjQh`0m>O+aX1Ow
zch_@{<UlGEDN>4j{Yygti*-KBR-HgL=7x>>h=b1z!&HL*ega&iP$3aoyOcM-7@V@e
zSf$0YA8^#T;?;*UrC52;lG>C;+JUA`CLxG7yjlDWZC~up=c>l-LPr2`GwlFo(vDFg
z=P7`dL}Fna+Uh_e5w}t~ORv-uqo2TN`|>Z+65ySFEC6w(69yo8OC4gnsMuk$(Q&1u
zjX0$!&M5E3wX!jv0X6x#WF`)3G!nHJuV?>_Z>mU<AF5Zy$LO~=Wd~=P1M44uP)aTx
z1g>@oz4e?9V`3ZPf)_(0F=ck}%2zuJ1!djjwLEV6?WZBLp38+*Aq)=n0+!EO!)duo
z)#$~}sC{VROWK_aVX(I>^q6apn_BQ&TWHSH$`5%occlxxTYw$*w%XsE8_ji0+I{}M
z?jxt<M%X%1UaGdR?@A!^cJ#q~wiMQ?vanx83dHFAmCX*Gf<BdU`O+lpKtiKfY7v%f
zh{<Y#+dvycY!VPv@+`itx2K++Z=U`V;oVTauoZ(a+FqdY-)p%cF3tc@MzOEp1*ouL
zeHW!2ROFGJ<XZL2!BOw~&h$`NYN~_mb<KxB)^L5?i%d8ro%3Dy*IQqRMfMk_eSgs9
zK-nfEY|qK7Dnz#RKEaTF&3h7Kp4{|3kfNE}XurMk!)dW=Tiq$*W!u+oKkqo7w)fdK
zV`8rwUf4J*g#=Ss=Wn+8AGS?V9et-7Yu{NJjqxQr0>TAj<Iy%WbgNq&y1LIPwf~KY
zJ=P=`Grl0Hn?udATU%dS=>&kWMZlXg&93W*6iw?C-~@bNODxPfqCKnr*kS+Rrv2n5
zGXLXU|4Hg{D_JU^@27$|p2r1Hl6vzVWTZf|74I&iC75no^&ZvlHlVtii;Z_VLzo{8
zNBf~O(<Qt4cN=#bS||+H1AWw%j}$mlXx99XF;&dVQHV5h$;}8355KMC$+!GVkmJ%0
zJ_?qj^-v0??di$GuF2C2Z(Wp!5Poubi)9CZ|LUvarSBK6NN7LGrhK{0eEaxtEBX9#
zTHa-kOI3*z&yP~VRyF<MvM8<X4%qP_%tGgOa&mH+)`1@n1yP%mZkf5#p8qlGIJiw>
zUZ5mrxe#%aT+@{`UzVhVW&f*u>8aTw{(7uJSKE77{+?*&s{clW(dkeo_lMf1FLz^x
z-kmb7P&nV?zaGS5Yty`JxLeC(Ysp=Y{lw0^@!S#lF0?Xr$<50x@@@U>Yeg~Tm_c%7
z@zwHl7>5A@3uHF7g)VPBW($1}ae7*>fckbBYzMI%eoq&Lp}op1doNdYrw2D->Y9>$
zm6zQhER8_+VdE>eIC<K4=i1w0i+2W^Mlq#L)3i|1r3G-j!WtA|nq;BKe(89@|0sK=
z49woL=3Z52c1*c=-yZ9O;M(h#B|=Nq9&UEP-L+6R3sGwxP2N2RD;AcGn_S@NBTCmt
zi?llWudsMD!}%I@5k*gLN5N8o6_HH6qw=*J*LTnNKaT*Sj_X_HQSIFC0gT&KAN;8*
zkn)NAK2sE@nnKC7RW=A{AIrc9R`&!@B4FS$P+Nr<0FldoK;#dq)Ak$zfD~fI)tl|y
zdPdUQvWg^y?rIl%P+6S_Bt4V9|3QCRWxgBBvf?}w5Sc3%n2-0`EJz4Sdc+$pOAf;d
z??h!w%v~$Yn+RlPI=jf)BL2~#@cWK<66_vHuz+d_4Bj@jmT!bzT9Lx&_nI2S-N(OQ
zWmMgO-S10iq!E&eIRM8v?3TI0)BGqOg;%n9Z-f0tOHAc^ND~h;o-R)wV<)#{*L+t|
z`G(thoruEkG)qFV!5;Lys^yl5JgNN{sm0shujfIXnND9rZ~4@h+Ap_DEhNsR4O<4{
zIy;E_@*USVK!Yrpq|Y!YFS)dYP>Y=%BrWl4#`lhss6g$*{QZnRr4p2hk55tBz00XA
z?A23@=lSMdF}WL)auzPO4LQW3{F``%_{bsC7!6}tsR-<gr3K-Mr5q#I@0f$(rbfMr
z$^}<dsPz2aOtb?x%ls$)qiOySoO{|eXfhwDfj@;b3-W)r(rUy;9X0eV=tzF9beo=0
zK%sC>&%+Z5HXFC^Eo?4};H%9kUOkw)^R80T;lQ99v^%~+Lc?FoB!X0Pgx(lA!b^uK
zj(Q(gMsAh0bysjk&^7ISnNo6qXf*NYHsCT6u$1F0U4wrkW&)+``pnkPdmNe#kRAhN
zM%fKIK(M)ha={VIhVwt-HE`U?c@M}VfM9*R$$u<ZzaGqQ3m=CbwnLvZy;z_iNsRTP
z2S@uY4v;1o(|MnrBVs=g*1izLcrh0wc3VBCZ#mu2g~h5|Q;OuayVSO<e$!<ZmrjA5
z+?A3lDRS1Ly0zLUYP~gb=U`b(zs<38KC*f__yU&s4LlADXvgTnXDcDtjfm!`Y{~6h
zJN`lbkNp1o9W4xq^^nR<KNhaf>xf%3A`z>-&;fb@W2)}ytqJ=<I`aAhGK&?6>ql$@
z$`@MrkX>8IBnO`1Peofi8uTPsW!T8y7j~)yz?kDsxyIS5caBOJ>IA<@6|w5dv;Ze2
z?D)=kbdKEt90TOWld$W0ZbBvsnV;nhgal`dsk|SCdPps6J^i2|C_HT)`-K=p@09y0
zscFZiNkp}7AQcCkqZTe|-W&~0^hzJ7Ra$ru3z0*a>qoo}UL7Cv2PQi$q%fn7Q16NS
z)ruBE(7~Z<wf*r2;c1=Bxq1!FHtc9-uj>I%2mg`_7V8Oz4R=iLO1OpBDr;GQAJgE@
zdx^Uqi2_ttVQV+lB32v~H!AYyb&Zq!qe&0${*SVFp$koLm3{l!i*o6f=ghH5)(e%r
zXCdD7QB3>&g=hLnA@yof6Jt-(`mbG1y34_5c;j4JSrz$H8p2uVy4f<<GeEks5tNi>
zOT5>I*L}J+SQUxDh{_eN?8Dj*B~k}*lgv2_@SfF1zLuk*s>X`K`%NVC`*gGo&@DID
zml>ym^P!DmTr{N-l#kt1V~w8VQ#;B=7-pX0**5LH#~<lg!cNs{_hDy|hBqaAo|l|(
zJHK*XRINBigRw!f|6UNTR6$&?jrYoi94)3DS-FQRRng&sPN&=%PdA#8Mf7|72)Q6j
z@%_1*Y5Nc0$Sj;DBNsjV7Cbid>5+{R!v6R5>#0E-HHU?W7>l<~aw6p4yp39G#p1Lw
z6G9B?RXd9m)2xyhvU8Zo&4fxVa5{aIaC&7jdcM9dhuV8g-46~)85gFDG5~Zc*tbw-
zS2eb=+;p@&I$3|@+hfs!OQqrS!N5CB-ExSzwDtMmzO6BpLX9ns37@SlW9-59CyH`f
z+lfVGk9Mda=0RB|t?+9N_E+_?SSU+S0mfj>Il=Zy{4HzCb7>&i>^D^B`f?mryzj;b
zg~+C!Hv>p2DpY_IaO?ENT_=L&VxSx$`y=o8ady?pn=Z<-LVBv}{W~MM)r|dfG)E)+
zrS$IpJEIoxC8p?XYP4mh*vp|OWslG{nUrE%5rK>;<R*031Lr2p1k~=c67;bQ35!_q
zz%|Q`c-{`}T>h<t3>$ynftbAGrejP~aJG)s+9fP`vJnkq{i>aV4MqC&mYA;sh8=#G
zaf&Qbth7UDN8TuDCg2@Gi;v@n9j?>+@FuJtynLl3WMMhN!*6l-qr@?N*G5Lrl{)12
zdzntI)@nyIw}|cv4*5IvN?dg>qDaZhuJPN9p!9Uj3mYo@mQsOqG1%JWvMllEM}P;b
zyId<Iy2zeP(up|^BQJE#y)qgwWV*2!8-1A3*aO`oe@3i}W*!DR_`Qm0uj8eEznL^#
z-&&XfyPk41VpkILFuw>PRbn(f<EKnCFj+FM(~JM%LJA_QUwA75!4H9r$!>iaIkjR4
zj+VSDG_8oL*`p}pxHEL^ErL{#pQd6Jx$`j7X=Pj|585x7w)J+QyellLKcyUmLFo7f
zyJWt|KnF4x>O>&?{Ws|RUqw2;NTU#VFuY*n_j)%7N(#;{wr0Lm_W<Ibw(-K^$rgY*
z`Ta>W@nij|bNc~QKCBFJ?_nf^{W*N%kZy{ngHi|ex(yIFKMmc-h5cuQ>2(x)bD&^3
zG}1wyJ-_i_5L#)ch{=S>qg;$%r-2S^i`hqs_e&HqbymMJrJP&9`c|yopgN1Z3#6<E
z(i!(vfI=}<W=<0@oMG}GhNB{qku6HRUaoPecScuTq*l6@|B0CNAUMAYsW@+h9W<%{
z4FWN~pB%Cox#g$JxSglxgeCuswsG$*-pJSwbp2?-88;-hEo+pmHcJ<LS!`s*oroWs
zkss7``24gl^)R$%#~L&N)P|_&ofh#N)%DC*8dyG{8W!W)@DXM!ru19+q}j-n)HF52
za_lLR_Zh>`^IRbES?{MrN(ndB+*1<bGU7!VTasMkWf4QB{#wy)t;X{PvZyM*<to8l
zpO3UvmmC_Xh3N+~$Uc!62yOBZ`)yQ=-D=2=xPTHaDMIwq`)ZY2>Op+{HYAgYeWku^
zUnA@Xd;49&ZN-4Rc)&v7J8*qYJD?9&n(r06<-^u5-l!rcsgChaJ6wVuSy%eIGnXGO
z`Js0Gpfe3;q1|twx4vRC(&bSxxG)qP^JdvW^;7<tNtzeS<U0F~{FN53F*YhXnwV`b
zlT(Q!7bdKan6NkAsrD$IO}+c`e*yS~AT?#hO%&5o=ymnblD%TImlr1=iCe3}tTrT#
z>eqGcG#;;E*VB8|=#^%9y=L|ft0leBEdd^nN)en8mhDINUVi9Alb~wgg02^#1VB}6
zXmT<9;8;qo4ORirp!;`dxb|JCxq$zh*wu98<6^G*9=Z<07{TFd$X+hyu0fNgxA3E0
zX!p*2Q0-V-f9g(oWnP^Js+$1c`|&vH>WVNyN7UO5g1U@!i*d|(k8bgtH&1#pVJa!F
z%@%I;X$2zoyFFUXBVF^ueBB&B^a>z8Wf|1W@0Vm(Sqd&><PW^Co=>U#pn5;sauHQG
zoFUC7RjROk%K<U&)P5Jb&GisdCWR@hw5C_e^0KOzeHV61jKio(uQ&rwhh1$mV*Wu%
zf{Y3;Qcd;UE1!uAzLEucRYkm=TD~ZukM_$Yutk(?W&w@1N8NROpA--4+@kBdEXNxx
zCG8)p40|%w=#yXt!%tv_7c+=y8ekk1P2@V$S`(L_rZ8NO-}TOa`lXSdraH=5>|N!m
zZ{tY1d`yy!_`$m?O-L7+v_e_7J|Ri(`d1p{uW5Qb^jsl%i2VI8YaU0UYwS0203M5&
zHnWjax@RW$imEw4V<`YM7I2xTP|rh1N1%lf#C*lflzN@Rcqq<jg^|wP6ah6s%y#X#
zxdC_Po5K8hS1dLf3%s+_k?C?RyIT>r=-G~ajv6K9g`o0&r4OJg_30MpFz4a(Oqve_
zk=N+EH0Gg|2*N^y595qr|75Z9?l=C4$^>XO2Jva@M)rcIONMJ*duqzC{1%&4-TwL(
zP@&kl=eonqK|34~!#Pyq(|qsK+b}%qJ4$9^g^JnHb99je1G&Qe`YT^)nGTm-Q;g~O
zk&7bJUG{Ah>J17LtIG$z<FF&hapks4o=KI6=hoJX86kGmO;Hw4<m78y3d58+JOHDQ
zv{u1%qFQj$>c2BcY;ei7r`Hl2Mc9sF-=*d{2T&oGFSU~Z7ZNYY*o3<Qr^t3=z@@i8
zZv~V(k$E=NTTL8%(QaY{#C#B#(vg|AHQT`7GC_H0%TON{U#BEdFsw2?z#Dn72HmG<
zw>91-=6m00Z!3b%)ic}Nl9@q#-^~xS(@1HLI6m5~3U^bmWBR@T>?ZN^(Pujd2`%EN
z?EtaLN-{rYB<{6-o8!gy*q}qAAAXfia-UZ43fNnJGRGWoC{rus4DF?M!qg7x>mPVW
zM##Ni6iNhN!0LVI=h<BDT^2^Y0KHe8+j;s3<&VYAF3epM^Bj6s;;ufDQPWE7C6#O7
zl=wMUkDk`@ZcR1FJD=K03=hVi6!Rs1E-me|uLH9{ilj9bGf_#0wuM*nj(Ej}4=qFv
z^jz%_rgvskY{J+ao0r>l5oI@R87o8kNhKU&;~E5K(=kZj#@Qfd2ZW?uOLAGKz4xOu
z5F%QW9-PBEqF0Y%7JILqJ>({SrdyBBjFbkTq_gjZY=VLN)5N_=CI&!3m%Q^g&I^#Z
z(fk3{xqyEg@m8RL!)&L~b`XTzC~$3$Ql9t*#M&&m*;(jV3=}mn3^w(XiKhGhf*y^o
zlPd8=fWKS`N|idulp=S4^e0cxm+7I<DV5~s{k~uFWYf0|(eXcf(;+n(JTIdzPLn>L
z044}KTo$^v7EEXOhQFO7w{nZc>-^mHdbRZeYK#3Z3@LLdwGU}xwS|$r*9>>UeJA8@
z&vmtWO=1fA-rkmVsYH+M<bb1<-%CtCXCD*E+;>8I2t~c0#15JbZtI%TbscAXlxG+6
zPC>l&FKnc+R(FWJUlwsxsQoefY+hQw{1$Xq(g-Lb17(OpceXU3yh-CyO@<R`Ll)6R
zS=lJceOdM>q0nf$%Qkl$B178wWwUqZmK|9Fz&MuuEbr0<fDxwo7OQU$c(~{f569iE
z3XF}sE4>9mQe<NZa=G(p45CKuhm*ZO3}+Qm2ml*7<1VPokM#O@iuonh#5zUZ*H+3%
z?hNE$B5lMTm2UE~=g#t_*^lFxZG-Hyqs6S14(e6T30kMQSFF5Z$RQH>PAjIp$Tx<|
zL*u+Sz6PG>r4!MoFL@v<$>-F4M%21*=}=}S>GTm1zbCjLX#x^MXoH|(;(~v<sm|a=
zRA(RI@p00wo3)M)m8Ta(Xo+~T3WRaALkObdKt%`CcWA#4uv+pcYKI~rC64+h-(LIN
z#578E9{J5MOn#jwS+1lex_+S7_mvLSb`JBXVb~4-nSI33#GsfPc^aS8q|Jt8OkIN<
zTiy`x@~8;X@F8uX0mj_LmZkQ2zhA6^&!Ie~sLvhv?nQ-fh$}_#fz^4pv+KCK{v&T4
z*@fh9b(^ceVOJf{Z*<IuCr;e`BGLSD(H1z%_;D00LWz$Wb|}=z79HK^39sB$IYz56
zov+L*YJQtx#7hRDw1$9TD=W70>)KBy9cpfQ$V~(>qntn2y4HBSkN0Ep9_-J(m$W<u
zFjF1M!hO%?_8&KUW3vKN{Wyen#`^PZU+!mYF86`sIdZ!~+mp^dYN}sosvq-e+I&}*
zlH96%l)qa}nY0D>#4&2<{H7{Tk}N{dmU^xFTRFxhYk!E;Xjs>RP4^`CO{5xk{i`e3
zN~^b+<rFb7=zyO}=DaKULc^LHbcfS98jV#2M|tRC^ea}1BvHa@C33=J`EGN|l;_Zv
zDF;0LO)3rXR{lGd=vQ}U4yRMb7KyTI1>dA_Nj5P90p|r!qMy!ewJE>@N7E|Imf+}I
zFE?A<P0+G^+1o;}Udd71C6m*<-%}<f(e0fS4P;MEX#-P(&KdT^NFgH)5573Z%5Gss
z!YY=Tfg2{|47CR8z86ig8Hc$lzSrxL;v4E+q?VI4duEiL7VNy(H0<LF&}jg^c$aA#
zqU(B<$AFr<iA(0W&dBEc<!{lg8}pC9g?iA3xd0W$f)47al!Y6|l<(^Sp=5x`pcWqW
z`VCae2Rf<xMXx0%+ukbWUk5Uk5T!Aj1^EbCj+&;V4!MN4!;8<cJhhk8=Qq@Hrg;yP
z_i*{JIF_3QxMpjbcx#DQ^47hc%wbDHbEsl%KB8R8yT13mb!dv>SB5#!c8nJMG5F*8
z$G}y%;8HMfiIbQ%S=|>0dN>wqKixv!g%%*)U9xOF@ll)AEzrWPxCst34x}h@jtGR1
zNj>0M4~$UWK2p2@)XTl>n@qzQ)Zzzm4U?xt9qIsotXCM?I$sE}OLR^2kQK!y6&Vdy
z{5Teo6Zz~uvU6RtpOnbg@AFlurVyr$OtCyYq0*P>oYzCr`;%#i7dY!v{VR{XGZ}A3
zvm-Yor5biWmhb3HmCjf6=E@-ILE74Ed2(Z88lcT>5eLNE!e!taiyk778^>=wnvn7d
zK(c8!_*KTBd4i8TL+Bs}uHI@9JwMTVD87GH>Ol3~dpYm91h5KIcT+ru)D@6Is=b)R
zFcdfkXj0cG0`5>dY~jw=$RU-&|GLjxYD^?V)tVK`W5X9t0z!hBl&&B}?@bedEK=OG
z<sBVYD~8>f0w?ju<-s_2qKR_q?$vM|GtC;dlCABmB2ek#&D02YC1Uf2v;w}Qlq^D&
zLLX-&bg6*j2A@surwWdau4uWhDl|phujf>#`T{-#mLFz#-50vg#+TH&k7I&&dUk4d
zcWI5X^#Bv4ckc1lVrQ+FWq;rbc_r6@EFDa`Xqdf@JU1qCn(HRA*GJ6Vp1#6>U2;=V
z7n9#>Wwh5!SNgKG+b-52t*Aby*8wmeg7?Zw1J7n;vDw>}u`vydwRGs&7A;KG1^Ct%
zem?;T^gF6ZDslUcy_JnXMq!>KxEI1}!R^@_S%52We@;M1Oal<1PakV~02ZVlzexe)
zDHUIVJO#K=rwu@UNbDJYfZH#dFT1!iK#8@sk{3a;b}^IY3>x<I+wq;L%hsx|uf0`2
zE`D}9Bw@EUJaKz*!3hwbgSriq{$lv;OunR!y9u)u5l8NZTS>zJ$#Lsbp7PC79TmXm
zGG7rQ2+Ql-SLv6|!Q72PeG6*t^3}|~u1qlU$8LjH`($$Wztm|~-Fj8BWK|x&8Uyfv
zToTK=uy$zasw5Z&{=tup=7!qc?jqs$+lVORmbu2dF89VWdphnC8sLPbNXc(*MQ|AD
zd`vb{A2Dh$5{`!94kmp1OEF0~x-OGvYLVxrpnlu=K^|rex9X?PFzF;O(V~$zW$b#9
zsfQWs54P61&|C4PK$@4IVilVthv7nZlXM~&B@vCPAs=r5SJiL6pof+KC*j&xUbO)n
zViNAS9=HGq+-UnleDqVT3=XbTs+iHfHmM`0-EhVOH<;n3Hao+L1fkeHy(T|jsbq3D
zO32D0H$iWL78WAe{eBG`?cue(077|9;rO$!FP5mfv|@~CtgY>1>|@@j0LTkx-YE_x
zQj$(G!kxtu8oaJ4m@7-e+PYsu9`4W*+mr|KftctF1owf{YgeC<+Cgwu%7AX>r6>7{
z)e8xGHhzsf{=l84Cz+iq7A4HfTlMgqGol|Zppm{=`9*Vd2DIv1W1qiZs<I2PTFEri
z%dr)Q89T^4bHnO*sE(_V&f|Wq@lC~gh(Tk4PETg-!7he*w_3g}Yx6n=xIeID*sKrb
zo+)dqD@`L{HsCNs1szTs#Bm=>>{4Hp1rF*mksD)N(mm&|o~r}SnTI8S>J7Mx0$lmN
zq%KnbG-T0c&&}^!8Z4C`s6%_X-er7aZK$C^r=l$QlEg?rwI=<*fqN6BdnDxc0Wwp(
zJ(M@cyC*a370bqRdDnHc*dEF=K;yg8-Wcp&q7`u0rtD6W`2t;}V~@A(NYK~A+K`$i
zmxb=Apu0+UyyxO{%t;!YQp7B)vhBVsqyh)C7VjSU6a?LlJU5WjTs^|={AKfy7py{R
zxc*@`GO*83@jh@Cv3h%}^JWX~q^Qz-Vc}`t`D?2VwmG|~5`x?~Zk^WarzRk%<-=>Q
zoy@R=puGH=uQV$obKg|_O2yAT*ls^q0Sa`xI@&BNnL)NtMw7H@0RmIp7e`8N@a@F`
z*Rl>S;CKt%_fl+#aESr6x=5CE@0HFZE-jrYdb14<nSn(fvFBy@QS)oP{DJ$jI$gbU
zk#)Rc=|lLf-oP11rFGKXJ355d9=U$obLke%UR|W%t7d)cf3$CBCQJ2!_65>Kn%KQD
z*aZfvnhBScwOh^hc?48n(@dI{Pr~HhpzAzIZpbFI488Am`#-dO1yI%N-mW4@DJ3D@
zp_EEVcS(a1(jeX4AdRF-NjHc{cbAk%OLs52yY9PSyZ1i(cxKM`-Fs&o$5C8s{onW3
zzvp=to<Gdn^VD}jEGdwJpdk~{jfLfRD`gs8;VE}MoIitPt9pMjnjX$o9k&1ORhC=t
z3tjA==t~~ddBvc*Z+qvOttvT;%S;)m?!Zl@ckfg>=6q1aYaBGgUATzQ47<d(d#&t_
zyRiRaYo95kq1TA*f^JGLl_gMcFYkVpVS4gpo>v2O0jRE&(eo$-qYrC&x3fZK@)Wu(
z4CTE%KBt;Ei_H>AYgpI0vm0^9RyGJW(Gyl}aBdo*MI*%WH9feXh2s^KaX-Uj$s+b%
zmuF6rRY~F|KJE2Kx-&Ooe-W4Oai)UyDdKNz38@ic#q}fYSG(U$&rY*-HJj&G0SljE
z%mM1<P$EHYGId;<XmksA%XJk(aXoX0I`!gN&B$UAZAbu{htNaEa3W_LJBX5_FR$>`
zCnKS6x<q>qk6w`1dJ%2$X}#au&%zCcST{ISk56(C*u5S`25~;|BK_n6vr_N`3tO{7
z;%-E!os^A7iB&>unu7Uy>K(7t9J0|WZ=z2)gz+>KKO0|_3&Rgo;YGM#3^q2uqfY$v
zYIwQmf^%iLMDQS6Ap4vP{dJ1NE$nd?6ejg<wMIktKAx3*sSpZCDTGg>zB`AWW0L;?
zRag~f!V>QAxJey@h5YjIm}Ab#>%b+ncXrSz(y)_f*-~-eBeDy+M{wL6vgMv5*PH3j
zqTF9Bm23}~+)!3Z?QtDIP^UohW;wCx+wHP&XM%9+HVa%_j3J{)>Utb(MT~vzv6RZ2
zHtWMG+1C}T+n5?m-jB&sh_j1T%Kwl67E@P~PgkmW;4x)E6Xiuz+wC%)qn0JPGHqTR
zu``<Xp(Xa5XUk}O(8AGBvrQNF6btx^d&cKsDL{gblYZ9&Mb`xa9uyQjXlHj|IhIZB
zl9PJRvkop$I$xe9IY&NNw@|6Ok7I)i@iFb`D-F#N78R4rXCoX13bJX8UxYPhoZ+}*
zX~xd_bG@Y#=F+?!q{gx<l{Rg&IPHQ@KLN7O$&0Deq4K~lW_?2S04-5n^a1aLdjBLv
zj?bBa_qBjsO|se8S(-gWtLrWyqswS#(NUtbLd8<7Nl}NmMb%2?_T^DM?^li5*Ni6g
z;0o86Uc!^$rD#Pj^Bh(3r;)7RPKWUtuD?7O70TXW;g}S^y-=jrSwyz=tXDV-&qz9k
zt^TCTH>=4O*}0@puB*f?gsk5)Ro(U#VF*Rx?RXw)X5P@T1Y(uU4{WbxE-eP~ij&%=
zxE`GhXK!t&(Vi^ZO(O^D68hfZ7}+Sjcj_LvHb7Bj|IuI+Vyo=ih9tneQ+|#aFw&<0
zZdpSWQ*CwCU@Dvbl)w$3-$oDX0vM_Y!5!Nfze(g7?&djLFGFlSz|EA4x4*=y6$xVF
zok%}YBEQ@x>V1`5!gaAC(<2fF7Kje*M9WuMPL5#GmIViAa?+xKqV8eiP`jqC`U<mV
zbzeB&BM+cJOkox)E{@53we6W_lfgt<g83+vdqZ{0En!OUsPJn~;xOnde5VbZ-DCnZ
zCdi%yg8m>lwap|A6n+t6>q7u<vR8A>`|Klt0u%`z;Y-fw5}$o?86@p;O4Dp?Ei^3g
zshb#U0oSY0vW~?)w`ObUcDj-Ue=(OmKxWE^w$?JPp*d6IU3L80O>Qth{lr`QEa$Mq
z8$F>a6&+FdELRTqnSAx2hp~&C`j%~m(N@^k+JOTdVnfZ{=pjV}t65*1)~sUHeAFQ6
z$w0=R9MvHLef+s)^r#6sp9gYkgzGbN@}i<^7AOh%lfSbJ2TQvtgAG5nn1=I8#^@tI
z;n{SJ0a^&|pyar$SjGV+z4O)D%LFW1MOZ=_Y+T4e?3tL7AHLmA-unl`qdn={Q!5fX
z2UA#nb2caA+EX&lwIU`omIv4&-M!9OuUlI}Nw%B(ilis|mxCRApZn6{T{yMk8o<JB
zAo1C;WSw(~SzYaxha))et|?jO90E*B$rDp~H{a4z&eBeBky&sn{tv2Yg28{kOnB9s
z-Gc|`dB~(n+Q(M66EdVXcTfv8W)D&2+#V0#gxF}YtGf^;5$#YgF4~~s*l_4g7G3L~
z&dh6y^6<z}v$?f0z4Fj6M^XYeiMxmfDJ@8Zn9!8|N>qyrT164H`PN|r1n2baU*Yu^
zivnM*A#T5L`b7A2GS&gts&*(YqH>tuv5ystYURb_QytuBu)bJb`NGA@6_8(E&T%}5
zcJ3G}joaAX8iHRukXM8LsH|2v?0`~pFA~TyRph?FJxh}#LlQVuw|$acz{t={^oh1)
z;9JUJ^5eYn;arh$qjVKDTapw7%xbvjh31!v(T_FiT%E>isA|0u<+|n$LF&Y;;~yu`
z%pZ3b8CzHb`qf=A8K)QSL`HcGa0*j8(`-N;;r^L>zZe{x?j%g%IqODxDR3#{EU$O&
z%a1#^qMI-ih$1zq2=^DtU)f%5Sa`Uw&SgMO077EPeTN}N<0rOi9=ZaO#hg5IAQjK_
znqp&`$hc#ghaaMINo}e^P!LSUGaeV_)pcm+gfCN1ele!;?GCIT8Yt+|3~SN>8Z673
zA_NAsgt@!dEg=+aOseON2#G#bkl`+!7sgxMg93}vTq9t%N&-{GV-AqxmL^x0Z@rui
zLa93F{5&bb%OB?Vo%T7z0F3vNKRmIjOMd2se&AULG1)|Q;Tz2H*bk~f;Yi$1r>=a}
zIY!)dp-pXhfcIGeuVfmJ@IkaT>W>5G3z%HZ!M#~6HH*Gn5mX2>QtkA*yzOdAE)MaU
zElh0^b5970z+68qM6Oou$DF-wj*~sW-Qd6`=(Dz`_R(^5N!5>qnLLX1Fnr%hw6@Ps
z&3N%68uLgy;wZdHX=~NdYH~+0Nd+l$k6+uEzb9GSYYLtt@<p1=dbaO8inDF(`=x;*
za<Np4OT{#`{Vl=rK9euJD;KYBeeQERK@U8!cRo76O;fN7qG}w<e#<dglH^f6cgo^a
zbV)cs;5zlp6ok8#h)QU-Bg~<Xy)qq3;zl}Kh|~lbrE7SW2WB1(Bq1xBA}IWL`p#d*
zD+6d(OV(pXpmbA_A4+=b@FEiBIY3@IgkH#Z;vuGaE1U_JLolD-&l(mA<Dma`Mwa7E
z>1H*QUR0I82&w=9d%V{K8GSNf2(W^jB`v<~SFy&&5C7&ggG0J5XV|c>2H(cU#w<<1
zHWDYK0%FitLygz<L33YN<-y&fV#rUrkROkp^>e&QlOvC{5xca<lyT?O+XzD`+NV^r
ziFOQX!Xk`^3^6$8E``5y%UgCysEX9|KU9JL4A9PJ98+<HiBorwhz{KQAs@|yP>fkH
zn!4X%YNlQGQZ})Sn#Dg<-m-&(-Fen)E&J)G8E(rD)%+>JSoj>(nM^IkJu5>U<phpr
z?}W47u2>IS$vw~Ze#6P8;5s$sezB&x<(PEOnzB}IS_aQ5D_J@#Yed*BUqKnnHuL-K
zTd<VgkcwZj;2C`$z&cZ5j{bBXcE7G0KH%ajwWg>C{wZDmXVEPtWxIpX)IRZ88yXE^
z5ptHjjUj`pr)>n`ns(DiwUzm{vEe+Nc6v|LBm3}$DNTGUVu!y@E4-(!t$$tb1$R-s
zR?ABkC=$~ylOo9+(le?W5*1l4fE{wagYD-2C}2R%ruNdj7K{r=gBa^ZRP97#c-mOn
zUSIAhM>5NNVDl2|k(w_Soz7rEx4(R8S_yG8ySlF!r;PTn94tv%>8qX$ivqxW{rDfO
z$X|f@oUFG?yM2Sz%<TDfPmI0V6r|ZRObnj}`=F56W;;o}&SuQOLrnJedG2NK$xeEn
z<y1|!frJ|59>#nmUfadT7uIpkAa=zc36gi&YT9@jep4y8d|YQwP`*3h8G61yN?T7J
z`kc%Kb)RFVXngo=e>Eq+d#D@?JHKk$Zf9TM+N#@6p0v%g4y?!^Y3ikXz>S4fy&Joi
zHcgwdI9@KhWio{U=itoSAst@VSr{0^qlq~Lx%evQaVoQy5O3QruF}ih;r19hSLIj3
zJf+bZs1ZG#2ruU;_rI9<)Ou-5k<GKb?~uv9ykA~wK3TQC$B~FfaFjoN4M=pUH%h>Z
z$&~0dNjROzZhF?yLu65s;gv5Zot@+L$V^fc>}~s3f*zOq0IJQ@FG}n`dCflslarFO
zh+MvFNXj?F1<5vks(m~{G2T#xQwA;G?Ftw4pYz1=j}W`o5HHj`%NhBXS?eDy)vs3b
z7mxh_4G3O~@<vtSaFq6Fh-hTBxIqMo9~Y~bx_BZ2JT1)HHsS^Ye~*ursCq7#Lmq%R
zq>4)~)6LH74|Nt<C$Mn-?x4NGnH+@b3Z|##CT#!~$uab9VO+8M4lDuKT3X4{;3)&7
zu2#`XO#=Y2E8Zw9^u76!<p?U(UrH07OF&JNQJufvYEsADwH&Q!%fck3(e2g142Wn3
zv1135*nsij28ELUp;Q5&y?@a|KKq0J&V5?=wYGP#)Am)-d1@aw6qi^RaE2hM2D<MD
z)Ea2`P?|>E-w2Lir}`(S!_yhSE`FvFca9*dpLA<Hl2sxZ7#xkFS5*`VA6bII1~CtA
z;zW1C4v6CEgxb6Uac^h?^hE#Q^6?$O)g+5Xqi7cD2p>3va)0{VAdI7q359T#nW?$%
zw9Kx^csQ%#qN08B1D=zaqIP8l?Xj*WDbOD4-(N4UX7_u6-P+JlD9udeK*Huv=O2Wy
zfw1-)V_10=bAdwxRS~C!ZA9bHzs`IF$TtH&^R~*Mv^`aj4F3?@_&xJxjm`8PQ<oo9
z#GuOvh!}Lm#`G0$1St(^ko&l=jtp;CR9!Pt68-`fmzj?CozLt4*CGSg+fo)>rvIM9
z2snmD0ByD4FlO{GCUPS+nEVD9)uYNg#zjsb|8V||R`y%wGhm?pUsI~#MfWXNqkba@
zLjGG#jsF?Z{CD)k>z+Ia@;7aXm_ADTF`WFbwIX|`o!x7ugha!l*F5^a_<3OfHu7NJ
z7I2c~{=vwKU;svu;lNLi2c>+m{US91?F>M&{O>98zx$;BiAZ_9KKoY@n-zp7slVmg
zL&@e!)}Sf*dp!7mdD*jHRDUB80$69#nlCFUp^U4<zwG-zs(m~eFzx;g%~1eyBN7F)
zPQwkSf3e+Kk_|eeHo9K@02B@Qe=ud=zXhj8(Tm7p2m?Y|!Y^qJ>}$fc*FT7h;M7Ea
zYr+5b5A`3op&-Klx2Hu5_)p|<wHGA=(mTInssfRZe{<BYSWr?%*guJVxWKE$Gie`B
zq5-e2{zYp0wITeKwQllG`nCGXx@0hvN+$=U(pfPvF`0!OG=MK9`|aTBKk+<&$JPa0
zd86*WfqNdmr*8fSC6cmh=^EaIj!)eGr6iH!wSJMnKX}(~U?28{ODesrA_aD7pY+Qv
zX(8agiAevIU(WXo^pXGm!(d$qy~BV0@MEat$G_1A!P7!z1pav)SkUYE?GOJ><p~<E
z;-Y&IwW0bF@=$$=v0#P_(`y9-4bRHo@l8R2h}ZWZR%!C}^6x|!0Qr0Y<#WdpRK!W_
zR~7?XKL5NtB5B?bAPErl4@c31(t$_0Wy3b0RQs^M+7f6u{x8J_POc;3zyC0}k{2>B
zs|lf@;@6cxPx*$R`h~2(pl7PUVQUIXumQ5G&6gKv-j{W#Kty_^{_M;8gAF05!qr15
zzVIAYywiMiZ2H%j*o;FSLCqg2C7Sv(Bt%r%^F?lX$^$$?7UtoYSp=vD88((1y1;7c
z4=VBE{y<C`_}eTMgc3xWAETuvN+Y!{GKWbQ<K{U(?%c>l1-}(Y*6WPYzoOTy<3je7
z#3CYl%jX5X_yPq`GeQ$)Zjv|0uhm1iq0#^y>=>;5`UviR5=`QG(VLD&O+&jJO_PI8
zGhI1y=2*>zN;Q3rz%$@^4Nd61M|F2jEv`IG)3Zd}HYangn2~HX@qGl61W{BzTnrz=
zqN4GUJc8QJ7tY7y523F7i?#*~4H~k5Ri=|9*N+4CkpITG19San;`Z3|ZT*u#J?)bs
zJ?+t5J#9G~Wgg@k1-A>Nb&JHQYM0^70uzV5`h;rLtP=*~OR)m$MN;j-FOlc6y^K@`
zXrEI5sDy!dYn<7uEd3>%EqI=Mx+}b28h-y8o`1C`g2|@0;kZ=G%{!OI<W!lnyz1WO
zD;L&m5HGluo1wa(Okf^P*qe;Fj7I@bmBskrIi-V41^s%Dy)G5A=*bVd`$77#g8K%F
zew0kb+ABX|3regU4=dK)^q}VjL~;=zXS3Z2)kVaZ%*%1uT^lx#l$@f5ta!!3SFivp
z0Z3X3DW<ZZh~{s}d^ruOWBr@zI0pD6D$tU7fi^OD9%<JZm7AM#&>5Fzub9h`&K})V
zq-bJKID%<UR6(^q;o*k8S(5m0E>s{1D<~9^7O%~BF{D)Rt7r7JNa;_0Ee9K)o-#Ae
z*u930ZhO%z*q&}8y!|aSaK;ggpfvb*E_x|gAO$-mT+`6C0%79VEIR7mn1tgsrfI&M
z$63FlZ81`|^`*e<3RMKfA<$ktrRR$<wePE-VPBD%FLc7v*Yb0A*s=hbo?+z^=5DH7
zdpeU%W;bPVc;E9UsOYH=h`xxNL2Fd%zq}hN-r*NP`b6rsRH)NhuIg*eF9*o0DgJps
zVw2w*bk=RLUX71%V43ur4P<K+2gz7mI#7A`q!+620%LjqxnU@Gycj*xIMLk|%otg#
zxm;4aGE@+LYJl>;bZahqorJ&V<tO;*01#AJ9IvIlSS>~qrB+*R<gch0lPl4o0@kd!
znRQ}oN(z(4qg7WfvqNsv9ZTaet`Z#O$xd!Vbae{PZTpN8WaO{Edr8*icF1a<A^72@
zp~}j^Q8la5X)Aj)Pgv+vHcDq}fpH_o2J^3{yeV$GDu+OJ@lL<ziHHm_evQ|WCLCQh
zh+{|}t9%kwJB?J0GVz|9;mo5GU(~mf(xHdSlA)U3^jf@A>lEgcU#BfJVbqVMNE8QN
zi~pAA3KHNaS54VX;(>zVnr;j2k$%x_aRCXt_f;vt9mJXm*zEl1&ilS;G45ekVYKBT
zWj!F6f3{6|WZpe%^Sw8J+4tIT2eANaTb0!z>`?1qRj~50l3n%3D5aNBX55(7JC?X)
z>Oz!vU4@=fbUo8RB<&{SIB^09%YDytvBdM}Mb$$$+PEMCJhO-P__5Un<~x)AZtVHj
zvT>ga_%20}L=In8kQ+HuLZx0mNmV{&bFj4D2MQ8p#2mH#3>u?PeouXkV`KY^`icuP
zkJB5^#Ww9~Qa0z>ZZkh6(R_Hpi+6RGx}Y^ONcx^AUF9_F(2vL0f~4{|?f%^Ugk^s0
zF7jJX#+2|uoXVC`imD=q<<8i}v6ukkbg3ImE!bs)LhK3dZFO~%fy}t#chP%UCSc7$
ztlf5LLRH*{n0xSExXrgzg6K&~Y4K}l@b!#<n=?|wqb~p=&T1jFi`}VarO@r>n5|wm
zr$Dd5V~?Fy(0UF+wGaQ`r9OkDA}=r+kQ$AY*nPmLWJD46O8ZS1*6dSY&IOjRbFf`i
z@(W|7{*3X21~TY0;^6pSc;%1kLzANHUj}ufRpq&Z4B0IKf-db02}Jd1O4`zi8W=xD
z2P6WZ;<}!vNZ*K`Tt^T7y+$X&)#~zfTp;2NK!j>nRi=RI*q8WMD*@f*L!V#6Q@z^W
zKhC_0QZ-wE=;AbHcd+#Cq)T2a%jbs&&{uUvSRYMO_-OInerdaT8L9}dTBy4Y2ZIPG
zxiVe}@{NF5N-<{iD;a|_>_(k)9_x6t$NU~3@tbG}T=W879&K~txcU9zt;?((^Yn#M
z!s7Merv4Zf%5tx+YpqmCRjsw54Q&t!yPTY{{mH|)bjIQgToC9U0!0YAPkD)uP>g-a
z2#4cHFoIGI|GP9`undVt0tK&s<9(Mp412-~ZC8A8Eh(sLrA1xpz|f~4UfcWtc0iWp
zVm=l725SK~>?*WpvfG+nStsW2v5kkH3ItID>n3X4v<MB3u=@^20Bb-;@Z3^0Kya*l
z^Gc(_X=`zQluyTm-L!+dDJ4i+;_EABpmTu6r_~R$gSjZ8O9fQ{=U1B70e-uK1m%50
z7){JKXIzy*A!~MLYC1t_=rDE3`#-ebK#4o)p+S6I_qEv26EA4ci)|h)*R#Q<fv}?;
z`k6Rf={~m{PedPz-ITy*l4vgMbZ262`e=(U-gzxeN=24j3Bf!DVZb;sv&NWgTq^^C
z4%$?!wAb?1xlu!KlNObS-vCU};tkjts;KomA-OFLgsTs*%&`Vnmv;amdZ`KQ>6&uS
z>Ihl4#-H?aD0u9ww(#PB_$aa3mF{+Zrn=amMscXvX;p1X6%H|d+4D)MXBAC(8`Q1E
zGt)4-w*g!jdHz^Q2fQ2d4e;_tf=A2N6X+NCshW>YRK-_`?5P#6h0m51c<e_~*Z9R0
z&=8cL%LT8BSA-ej0cUyg$n&{U&&0&4WjiS?RVnUJP=gngoDDa+p*wBll~@=aYTyeU
z*xb<5L2{J=1+NGW_+WA1O95PBm*t4hi>mde9h&LSE*<u<l(g>K1a0Bz<0PqgM)eC_
z`?nSFAa*bh8YAd(9(k_RRRw*HV2H}Lg=gU{z}WG%I;SlJuza|G2_dl!b#7<P_t{Lp
zQ<ZZreew>M*C;=;(cUss6;ZVk)~J1>&pM$!+Wffxb?iH+is%!D+irkubeaS=No4nP
ztiW+6)hajkfTUmsItOd4hiioa5)s&~JNe&0xquC}e}DE!4Tdl~A6IEnRESXGR0nDz
zPBSf=6FqRvGO%0@<RpkOqS%HMzYa3vTwCKy&p3-pmi383TFdMMIZ7vPm<{kSMn^M!
zmSE!3Tq$)9op7;2z(nfL=1Js1fD+NWEVId?EmiH#x{y2hwpW)I+GmFeck0dM_N?P*
zl?dgJIi%2P-OfUX_D);uCTt%4VBq2YL0{)$g0DB#2b+@b)Me5H2(9SQ9g1%o_okJu
zNjDsh8rsxxE1UjWHGqCMs~9A(l-Y&p3NI%(XgIE^PRHi1?shVwt_@lF3a>c>;F_OO
z%^a5Yc$wL32BVu%#o6S5<Mh(_$y<0X64$fwX%rwCa$iZ)&F(TgWy@nlLK6wf)+-*?
zgsL0h_BgiouFd%(EWpjJsCGs(B3I2(fKn(JI*o0eujm~H`hE~jFsu9pQoR{0X)$}Q
z<yDj7m$}>SmC*Y#G$)oFcw9M1IWC^SqxQp_^-a4%?)x&H4CkL4R4mMel_m~nSWfSj
z?G@2xlpu-Lg!iwg{-tq1w8D3?5H4fRO|;l;leibZ9qLd+uIh{O4a(jOE2=82SA^e+
zR<jl_n*y5tMNYmg18sF7R{53#nNqX<yyx0``(bNw@bCQnbwk;y2t3Yrv^zdh&QHB8
zt83#qES%LP<~%;K1c(q{sEi5Wc;$(HS7j-ui9}nt0!{CwrcD=1mxLlQUYRLw&!c1@
z_mR~MG&S149w0eu?5E;LY0Hd!6F?jBnBhA%+S|{KiHWiF=OidavyX8T(s~SYGdQI0
z0)xYG6Xtr|C7g?{(H2_#%xl5ye=W9Kps10o%8yLlGfEmgpsKx#HBxL~(fdj?icW<f
zlxsJjV5@9nc5L$MImEc=wD~UgDb~Scw3=*1*Iti{#2(-2SlRLwL?#h?(|LHu?^YYb
zSyzFhzTUX~cSp<1lVt;P=eaVLB0aS<Rs`qNRm1XObqDo|<GG;XJ~>d@Zz#vWghC0n
zqaH_9!?hfV#2GX0N7b4Y>qVWfb9(E;P8eH}5~Mj+($}3rii$PAsxrpU5PBsd&K0e`
zLpWbIVDqbWIbsn_Axu<vvnIpW2I2AvG+b&C@}x`x<q)*>&pA-#5S|;yzozP;J=EaK
z5}I^gi&}q4lTcNvdllB4S*uBG?8|Ey3UO*dBX@RRAw9Y;<2GhdIey-EWw0gLu=eHq
z!Ihpd#|NqilzZ5+5DFXyngE1$60dd|1UNda6v=0ZUePMwxgH5e$TN_TFnQ2ptNI81
zfWu_KG^*rpg^?fYr!f1NDb;^@RK5GvZAj%p+S=ML-cEYzfNNv)Y~1Ad&>|r`{$fdW
z`gCU6dPjI*xcYD~-<;gw!g1I6(DWYp7yA#5Sh__kWYlJBYioK(lMd085>f3Ab$f*T
z6oPtsdeWzvz2Sr+2-HgIc9ClKqk7_mq;p6*1W~W(l?(XPc9sE$J^~OyU;Ewb2njf@
zp1zPq;aq>h#N%4I-Gm(O+K7?mb~xHLLbFeiGK+|qPSM-jOQGEKN>%lNo1y|ErS#}+
z#`m`nze0U+NKioVE-cOdn_IbzvBzE^teJ{!<tiy)l8whdCPrcdBPB(fsz#h^h4H;L
zlr245S9^)@uvcEy&+g*>a^{ado9SAQ_x0x|aHUFg(?zol#=aVO{;#AX#=e`mj6UWa
z<mBLh?X(aHC5Rcg4c;ZRxUf(zl>1OQhP#?}ZUcY%*iX%>1xsWmJ2zKq^`RU~g*`AV
z+_SQAbJ`y6qxhdcZGH2pUv<x<XJk+Y@)(8@y$Ej;RtjK_<*@s*5-A{a*K(AC8rJ==
zI4Q<`-J~pG6R6ohK|%`FgGpOqlMz~m5sc;|1rx5)7f&6fVJ<?zSa81_x2NYq9@2q2
z{MF?E4nJ2gH`Jn70L(C$y-GgtEy0?S=~E<s!}yZ1(IYCyO>8iw%|?&Is6n-y;36m=
zg3Q1nP9=RV|FJ7kOJy`nx>jIpOc8&8q53@QN8C|WEnRr%m}Z?z1Ka$bDe7G%Qz~%d
zU1f2};|h=tQ|E0?$lE(8?<;MVV^IKSn*#_I**FK6G!=1D47hLA9$6D5M6ODs&4So5
z{HYVuSza!cdm5JH2iL{^Kv5f!OFLMzM-Ez+F$(oBN<bR7aL;+(2rPZg3=9z`c?Xsq
zA1${j1Yt0ppTS0N>DOtcg=7uxm?=VQLXr2Z813<IyCmM8bF~lbt;F(n#+KfXarl%<
zN%TDHVtu&pj)i~_$4mqFLc931c%Q(VDdhYPvwC-$I`<X5td9BO#E6r<YI|6Gc5A`P
zo#kcfMe29729{5fYou9;3M}r@+l<40z!PH)O7ea{B^mIb_cV>f7?#tZD~VTg%KgkN
zyuhh?qwK+grFf}oB;$TCA*W)Z$E8#F-eT#nM)*_R)^=dVB%%aXLJ?UyeEsj0Lw$t$
zyzkzBhEDDcj~XQ$gdHP>weOi;{m`TS;_!h`LHgs|+}x$ctu2qMYAwkHo5oKgaw|1^
z-D^*AnNkxHotAKma~^CG))PM=x}0Ua92^|X_G7iDD8E|{XzP;*Pv+ag*vwElAjyV^
zX?1Vr$4v4g0hqC&!~+0s-T<+!75jTfWV<U`(z2V?TRbO?sP0;!AHE)!*I(qaZ?4oQ
zI82RlJxQB7+p1?o<vlMjD%z?$Ydwj3?~3~_=0p2gkH=+k<t0d}ZS2ks!V+~M=@V$_
z4ZA=xDcXrxn}<p&7L$7)h55qp3b?C*KGD;=V`jx&tX{4{{zT57O$%GFxv6wFH@M!!
z1>?@oa{D{^*E?=`!wdOHv5pE=3wJCq*`IBcO9%>j6WINfD>_+<L;e`3%T7pE)d0V>
z$LRKm)VwE-O{RbVRaZOu*|ATVon1@)SvZzq5xR?YpFc-sBKnEb_F3;z&K|>F1gsdz
z9q6d@HZ!YA*e&10gZDn#+i>_@w7@xnd=s(gsa(z~tW=HE`$S+UdL>|ja2U}|HO(C+
zP8|>C`z!N~RMU@`*S9XGH5ZTS&yp&}a9U021~L;EB0p3_d{JXJ^ZPkmZ^57{x4alV
z^<H!Gly738DM%*t+xv-iu~%}eVyrovV}sO0$+zH>JT5CuOZr6g7w({P^)5iHCf^#`
zchZ-C3cwiNB+|vVGp*g&I$uEIF4pgQcA^hecd3x-+6m>{G$i6F%n7F#<EvT8jEf!M
z+^irEEHMse>VDp=A?;jyFr*5ndjco$4T_ERfxE(M^{ViJ;9!~!({m;3o<zh2k8Hr}
zpniKG)qATPv}EG$K$4?MYEE}y6vP!5SXJ+8IMf-|%BQJ%?{V4~m0uiyJ03t#YR~mK
z5$sOPciS-O+qA^$b8(C9Si5sY!c5{+M0@Mx;$*pfkIBthDetk=_FKm&X_Vy5%uL6V
zhoL>ZSFSPaHkrKf?Ed*9lM)Z^C%GM}JeXZrA}dND;q3*sqGa=BqbhQR%kapoZGE#e
zYp3@RSR?DZVl(+QQyyJ3t8F5`WO&c+N&cQw#70yBJRWj954us;xp&mCNzFQpqX;ac
zB^&f?)q9G<!j-{93FDN-wFkZj;>j<;vMB4Neo?^@e@a%txkBhBGV5#Mo9oWR9)NS0
z>=)}7fvKg|DpzcaDspUB`FZ&HYk2pR!%wN8^6AjsNHup=`4E$QUTTc{B9x;O;T~5m
z+2{K;___nL(^q8#uI*EOQGF&0-yTJOJG5A@s*Sf^O+V&}^M027{^_0iBq<zrqw(-w
z@A^aDeOa=8#7Z41>3G9b%z~Fq*c8@@Oa`IcEcto8^BQlHeI{dwK>almOeq@1wJYYj
ziNsy_l%rt;;O><c29-1;eUTrWB%qPP6gFU&i0%ht!EZmQ2H!Z<0To3OLKTXvXu)wt
zyYLo!pxR6H0Y>cQ{l0HVLKUG9M9l*Ji2k%N9^=??^+FOgZ2|<YGCoP`miu%#p0amH
zAzf_K%;-{O46xV;qG)9$Fpcvdvn!TRP>@ckFhJJ8T4o>?7k{%68v(tI*rSGh5EfO4
zoix^Xv`CNYUAfuvvSU*%sSMgTnjg5SfwB#E+))TQehS^0<@j!1y+MU$H?bRCe=dwB
z{sx&$7fsw(j9DmegvUz#f%CHj_>H<;)X7>Rpl~O?rR%CeM|*U!Q8!(560DNac7V9G
zr`_z=0fL{4?%n9(9-i?9E3ey0uY|VWCh4K(iLEE(2(9Pwy1B)_(+U@lGu=d<=G-|$
ztB0>_ab~3$je^Ahvr+0sFVUC>$-Uw1)iq`NaQJ3VZgQc`z9Fm;x#tf=*WC`C0mlI;
z(YRsMaSRxNrCO@jWo2a@aJ&~z5y};hScx3YNq2MIs-lX%iEPcx`Y(NdP@EK+%O)&Q
zA`*&c-hJh=q}$h@AcXndtXvbDJ9$;Yd=90bYs6K{Tqup%Um>S5^(}GVJkOhXQX&Bq
zq7k!3Z_+3dmA-kfZVz%W6d=@u?AUb8XybIYm|79LyQRRxphm?9<Fj?Y6vh13L7hav
zSR2dbR5anTRa-{O|MENFlS|m3q|7wJ6HC5Me5TuakNx1M!u;vx$T8vDg!TecBskO#
zsBQ^Cp-&-W?Y?|*HCCRWme=+h;*UUZhc^}hQ_cH1EJL%uLv50lpnCOv4%ag<f`BbX
zXOu;q!#o$p^rPRZ*$Z_&s-9-)T+(WmR(|NPGuL80Zl>OpiO<hu{F7!64OL%x>Zkf`
zHq)L^81!3xg!Xa!iLhY__G99v5!e+Y_M48!gvdL$n@H?oIe~KHoSumo$Nky65>>LY
z@XIt1)FVSU?f|s_OM#yl-(y)!ez?p4kZuV3k#C~p^6i8J+i88iEnWxsXU8z1j>My0
zl!^hN-U0qcv@gn%o+?3Z(=ON*Ni-KoA`678lBDy?3i89)BM?Nnacp6g=f4kgA)naK
zG-ucvy>k21SvQJ<xGxHWj6D<=`Otp;-qq2EkW|}IL)IgX(1Gmv@>!=HjO5-2kckto
zkfoafF)KTpeKnQtH0MdQxe*<(lqrnu`jMsAkQl4+=G~^fcVZz|6Ye$fHk&(>mmfC+
ztSRH2zn45m+#4xWZKsT;gnjFaJRND0_kxa1T=e;iXbFfw5AcJ<V^Vz7LU5Bu&gDxC
zh)vcs3w?!}fodu667iwzOP>zLw(74gt@^c(_y@3@x0g*(D{kF-Bq}b%|MFH)4VR;%
zJ@Rg;RwWXW4+(+{O~5W61Ci=BU(O;4|IfgXJS$(KW9@RxHt%PxLrA-KM$ehiB-Wcb
zztJo_6*$>$MwMb9tLKIdf`YR?kq+^FDy&q~as_&8l0q1v>a&Pm_+%;TZh~CRMeNfu
zbSi?}bi{&W%P--`kd|=a+{ky~D^*Qb#J9ynA^e&Z@CZz=iHL-FNO$kHsQdY6sQDAS
zR}`Kd83gxv9A9ud?;DaEp9sig?!B#Zsj}d#J3~VMDH2E;d)KB{q2rKg35k2`j6l4W
z)G_58*d*&og<6u@p^}DEhMH}k@aAGFkF;omc$Rb>$#FgE9t+ADrRSvpsOL{RC6|wQ
z9_=qgTeQ}md4&vp0QEejPa=(|OpK5Re`ar5VR{Ixvjj<!M7f5uQQi4!^gCCMk*<Z-
zxbAT6(vG>eTYI!ujtZI6u9~JiJL%170bYdjHs@T==S7u-J3L6w165%BGPFjcdZW!r
zPj7X`%c`LZS6duu6O#pX<<28<2jKNukCNcEFgy~FH{=RVtq=&S|Jr%_HUJgjxxG`=
zg-WQuDMgAfKXW%=S0Rs6tQ>rMAQMdP1@8C*dB6<6RZCWSYab$+720iYFGw=TfWuTz
z^A`OO2!!kmTd>+qBYg4Ey)wjE1rQ{%GbLkms`&SVL+*Obj!$2fb;x;7dKRpAVjp{d
z&gf*UpAaHesXhx-<Nd^m|1^!Be@%Sba+&9qP#9;XeeluUD7KUe9oSHdx)XifEpsB0
z)mgV?B<{_#^76g6x52f{N9+-Q^wzD!L?W{%*&l5u&wAaTvZkAv^ptkL;%F1at454%
z!qWSx_R2#Z33L8DYJ_YW$FNDK<pgj;yqnVPE1R$DEC_gWDr{+|BSt+u$icw#!mM@A
zrXJIIx0z*4V<Y-}lcRt2m{kcF4fs~BP@4P?e5bIxk-;Z>J@||D-B(Tok$1wnFFH`+
z(7CxI@$>6xr&N&b!eU&LO=sx4PRGL;MN!R(zp1O+pM<5>Jl37tlSC1aX$>ayem{W&
z_kj@&Umi=T*D89d;_#(FShX!&r}MhG!U_WSw&(*q^O_xz;xz2M>Jxp-%_#8i_;9n!
zy;kGZJUZ{N%k1po2+GYJ+8is&P)D~B#jP5rv1yl%_X>;$zc?adw)&x#jkt(miTgTJ
z$6I<$*bS>^BHEw!V~8G6I2xYkqH@=gE%$<NY|@D;B9*xxi1ovAUBtzX4K=nmyo*a~
zJ#iD?Zeni9mIH9D7BA1X92j%jDvyH?DE6T}VPS8U@FMA)X^`RYvk2P@*2o|TuT*cJ
zshg98Wa~t93A>^PDfBe;GWT4Pz-e}}%}=>CimZv{%#Z7&_*a`7A%L(HjJTldV&|%n
zUwayAm@P59DQ=0v?o{yYOIDGok@xxWx{1q|vZ({^qtjSP_7qy3H?=`Vcmksu+^<53
zD74B@r<HYl;9Fn9!Gx&qY6~O(q>t#;O;ee<6Q#&c)A!<WN*fPXniN3HekaU)A2G7Y
z?58I)0yCj*?sHgh^pXULg#D=yP5@&-0Uw5*>igb@auRih^MP*yx(mlk$?*_6A@2=w
zbiB&qFzj`jLUm}|HHbJFG+Z#aoXPhai0QDJK0ZTu%8JoR*n{QVp8zif>Ch+Yue2C8
zAgGpmgZ6_Y{@|tc4sLO<yzss(WF;0(X~YxGs|3ryB{s`d%_1!7o{h_a>wCSVix|)u
zp6;zLZ%%>G5UMBbvJ2W?o9j{!2yXYGfie&G!SVUt-3N9|u8!&vIccw>%6J)b6Nn8a
zi1E5l=8Jb{?x?fVSn@c}hb(-_=?N|C&TBF%hf^)kr9G7V{^P2SYYg2;i%Lo=t`RG)
zBjC$IZYk3yU65b450Qh4yhCTw6Xvqp^?<PwjN{l))|rV!xgYPcS!u<9fq*6UEH@I^
z9<2snjX32H-{-do-d^fKt7~g5UHCu4`IgR@T@FpdC-Ce|sWsKr3F&bq=@6TqJ)sjU
zYT4ZO$q)c-R~}2;LXUFlo%%xcvt)knIg{s*M~q>r>`DS*<6#@b?qRqCSh)W17MMzq
zMr(#Rnul8o)fC+?Z7&CW5>1zGt5;uENgyR?hohj&`T7jdWW`&*h$rF9{^;;AsOO<C
z5vnm;mf|{pq(C6o!}?q^yAn<f?-TBTX@5EjKA2G`S9l$_$e)ID3*Zcf(S;mgT^mLA
zWPv4O2!K70;XPo9l8DSKxdCJpuhZ19@r5{*?ti!*sE`*5+gqGnY<qijw%|y~7~3zt
zGU!-RHU0QzK$?Sd_<Kwiwe=RCBZu~?_Ul)=Ial>ZiyoJ!I<AvFiw`u#_Oz52g|c(k
zzlVI#53hMCLAlTOykOj&*mb+{naR-Ch<Wmk-8-nZi=x)ihFC8kjpnK&cF1~5KVqKQ
zt-c&QdMVHYR67L=IoY-S=^Wzh%E>7tMa;1<<3te<tu|0pM>dcu_4?`aYj$4{xXoLa
zbmWqfkf5S<Pa2{ja45t0#`BCMAioPj=e7ag8jG;mM-L2`B39($Wd?O)GggcIBE$;r
zzEGmp@*|2O5ez-dqgs&HSW}o+`Qoh|486OsuPwUQLI(6UW%=eX+t9hydZu1}hO^xk
z=KwhQ#Fw^qoYpGbfE1}8lcAAj@wKaqzW--Q|N6{xQ{`yo2{v*YObi-zFjs#xS-H{4
znbtcHUE=aIigCnHs+6OSo^;=Gm_CHmjN<(x&!{LxBU3eW`lq;<lzoKQ!h3Xqsm@D!
zKPO{ZHmv)6**fQBqFXkO&brOzguW&2RNBkRshGDW0hx>UNp09A+)MEABLfE-ad=AK
zS9q(Ql>u4IxQ<1oc=V*BLoJ~}hG!M2w6Q7WW;QCkk-hT_5>1Y1C=-*PzM_uwSC^Fy
zB?eaee3lhJ6?#;iQGunU1D|jQAN@`^=<YjAK77N5WA`p#mZBZWfP9o-cpCj40T=ZH
zjeRy&=;XrB=UaJi*;5tK9xa&XZ*HR8)kbVWA=BFC&}z8FbT>*<Ta<P|o8QHBJQRVn
zy5vV_oU{g!Do#E(A`yu53<mVWp|p+_0;u-L#qUZ;EoWmj8}4<~?_BOjGwN}mu1u6~
z!Pl`>bVMs`lr5EYwipBpgh`Y*hT`MJrkC2i+Al7qdX2|X;Yg5`MS%vL$|5>i2ez{y
zaeGQbkJ;SV&Q+BTsygiloiKg6^(`htf;Wtahc?asXGprPdXQ_8v%Sa#_j#|Hlg{Bl
zt$FpN{rm#;vdo8-`U)8hr^T*{ixRPt(PtPIRkXbID{Q-CS9MrQm8Y@Ai^#gHp*=1(
z1x5#+@+z$9Y*M@OY>~a*jT4lzSxN3yl1V)3-#a_Q&l`rOM&|J0J}?C&7iNGnj#3>p
zL_hYTZ{EP38)7r%ybMn||CUIF$Zc+W_pugyMsE2OM_$k!u6A9Vr*Q_YSWgOcqoqvm
zr65+?k+fI9^)aI9poMsuRhscn5iIoZWA=ff&~S|OHT=7G8_%eI`pz&pY^u%UlZj1u
zO@5j2o-FOukYHmB%MBY&^hs2An0y69p5X=-YLBME>B}ej&CEl=2dP8TrM(0+W{jG8
zSy1kbdy!`|BSksYUY@Rr{CMgIsUOTyilg87a0K77#T(}Y*{u6;gn<4EO$9nQSC)jf
z36dokt}&q75r^Fj<Sig)Lywvtt&tmbZ>8CPYrKOMmv8<pVAhD9iJ^`&y^W&x2o{^}
zYqVkU0tEG)x}5dp5f(n-nsesp#M*P|tk7w{<rayz0y4=q%gC&;ajyxdv5^5OIE@sP
zh(%;t<;ujhJ7U=ZLf#(viR2q=iu+YP$cz;#Jg@hS^2hlh?Aoid`lC^1!8JT=6OM`8
zQYWWJ^;Zh+>=)%b2N#FqgX{fR`2Ad;ALo3K`f?;wZ10|9N4?L?${I`XSn)^0E(RTO
zQ#02$G&&2f08cM}(*VLWk&r+_hKSxf@Du*#$9@SFtzpEBLD=-q=6tc>zZRPdp_=B2
zy*)%Lwx4n`Ah*@_r=+`Itah%(g+@a1jqjMx)6knk+1bZrgpBaRV|!JbW7tM`IJ52T
z&^hyvI{hxZM#T{{xA)chdtGd7cH6{0cMuTTSG>P<vOcm=BjsqgsFX-57%bydGFL}n
zvOiIA@PZ%X>n+&2y*}o{E(){W5`@#aQ9f;6Wfy&@J&L_LgZw-yhSaFAI-{I+f5zeI
zH|9=6$t<ZjDtxn&5876si@}Q;a?pfkZTU&Ik2bmls^+x^iZ;B@+pM3iYw1nn1QZFp
z#1InLt^m`exe4wbp0ls(VD>HNqidh^6p7oODsXvlv%=TEO^Q|gyoN53Ga0xb71RZ7
zGy=P5feUtj`sIQGP>|tuq`QAR?mezV`CU<o3Oo*ta4f=u+D(k{Y>(XzgIe>W$b88N
zvrFBt6MJ!a@l5SqHvJvb(S#1CVMJ$5(vR5G91LojamL6V*;rhSDJZZ@uRbo{vZ|^3
z+?&wry|dgEN3HC9N1OUpBL>+5WE8Y&;a@Q2A&o=JVs(Lr1i5@@{D}{%<32I&^HK19
zLnT_Mrd3w-4Zze?<KMrZ>LedxaR!JelVv3RBVM0Bhs*Gc#*<lu;qU0K?H^*nd=JKD
z>Nj4Za+9WX90?`)L}>L5{g8RZt~;JxUo;<-lKtzCmo$8ob>Pq`T7?-X;;RKvS9y;n
zY^ZLR=B^!j>e30TmYK$kc68!6TXGLLiP=q~jTNND(7UHvulv{^&-%9=>91Ahhf_&C
ztBhJ*t@^mFzlWRFJO7bBRF`hFsh|G*Qj2V9?h})<3IP--_<ZS+E#sqoSPnrjORvlZ
zvvkB1faqrS1B(JySW}Ge{NC{2{p?En%j~mV%a%G!tLUoA((bO)-{};Eopq2AK#dpr
zhOpbC^(cf^O^f}$bt8#VNEx|22Pnl=(XD4ms8Nu7@D?=qR~UM_!CcS$+pV8_;kTPD
zgbuZ+pU`4zty!<D`6A#8MQE*{=ViRM_laj4k-I1NybKiq2~D$?4dZUs;~d4@XD4p&
z-;au9j8tvk?u=~c!9m*LMC>C82<GSCM^!#Ou{YJcq)m14Lm_-TZdxqm+9CCX5MO~{
zUj*WrAHdbbtJ(n1S*VQ|gH=%A%ayA7UZM@V#zV{dv+rqp2rQLY<_7k<zCGXybWC3!
zmXF-Cf_zR3eI@}kmu$fL6X1%$04;EB#9MNS6h!AOc;&|iZjD8y>h_~8D0&(@Q`}%)
zB3Vaq<c{9xy)a_0>QXM3nN&E1z|9)iPIv@l$3s$IRDB$liFro(sOo!e+x!H&@>DNP
z&g=0xDMagGCKoc#ODSl3dvw0Mx(RC7z&D|1JD`Sj0X3`y0^sHLJp?uEC>jI;iRj@`
zH6}7=3yrdvC1o2}R2@B*`&>p!KMr$;D`1S0Ys8NLwPG@IXh^ZKnK>2D@7^QV(3DNr
z(&23;B6hp?@k&6`y>?Th4?dNhgi2e&QZs%fk3P>6Kgy8*ZJ~HXwaJ~rTb-$2li%t|
zD7*VDwArgfj@PB6G_G&^X2=ETcm{Y;w7I>q^w`F&3@ErKHGjum3qkY4$T-rymD7NQ
zmI~_aqw-*x^029H?;*zXw_*W3AtB%URvYh9ZES4#y-Q*wdljd19-L8yGZv0Gv)rDQ
z#DHECipN6sJ?+&8HBSRjapFDzl#5o#NG~a0N}DHoKdHOb;meZiY6pyTsS|6YVPepf
z%S@dja^8fDIw5zKE85mz(a**vi7N>YXXaURW@pEv1y3s*dws^hL_iJ*)k5^X<<3UB
z!Wac#`GGXx6Mr2Ef)bdu)OCcsNeh`_7b2qQ5ZMo)s_?OL*!O}xCB9v4np5S>7hz)D
zd<p;7K@!G^0(4_eKI36knP61(2FxC=M@5uAK<4YZ05(M&VXVG$_ocAMC^3UchB}XV
z9OYU%(|De@xh54>(P)EUy4n}7?FZGY+A0{k$;l+M1(S+g2=FUDq;C-(t~>gvF(^kZ
z26AAdr~154$L&mh&pbYD)j2dzi};>z7C~!Re4WS0<|kJ7gHTDB4CogLX0T=XR*)lc
z`z9y0eggi>(zkkC<^zQkUx!I#=nmsuRO8o>%P%ShyN=BEHKbC6$Tod;1#b6p;%Q1F
z$M4Q3;cs}-d_d(nCYjHWYMgk<YYE%O-L5*&->(z(R2x1|M@3{9HPgRb4Ce7|3P;Vd
zul$c6f7jcGd@v@&6MqZ)j2fIuOtEe!>}@1&L~MRS=m;(TdM5MhT-4B%D~s4)?2Z#`
zad~}Clu_)7DqR~|NIjc5rD4P;iBlwgD9Ma^OC<&VohNisF>0KX>oqUpFZLEzEEyAF
zgpk_A*zfyY{Co7is&m}$`DCwieo=c`RTbWRbP`UN`?6KSkm;r!L6$<BMf2VqC0`14
zZ{;4??MU5tPXGiRm)G4Smv#)iW)aET9>P@Tp*(eivQI6F#k8E$QHvW_al-kttdj-C
z@T18(rm`punspNt;fv9qk~4j~!7@4Gp=VjyAWTYDP0bIXy=?>YcT!I*s1d+I>A^Q<
z%-RQ-&M*lAngx9mKd-M~K&R><Z=%QIkTTS3F$z?3$JMwYTg5Cg!m4>5QD(#ZrNqiS
zFGTK-FwrDI?jeGAc+WSDR#55WcYmB@%qjo5J?%RFGXh^&Yv>l+x~+)!NC-UD=+R$K
z1qzv`ppdZ^*XsDF*LT=V*oPv3FEqO@_@=8$<iz$M$(miL@ocQZnHN`9QPq+c0^Z~L
zZ7{%nP`=Krk^l1LvED*^$f><$s0hqO0CaVn*3mtm3s%SE6Q)&%ApS7koZz4D)!<hG
zNWu-iki?~KhsC`^j|J;bUI#2S#-g~dcQU*}dOU$qfKx^iyv1os8Vj#?yv-3Fp7$it
z@+Ah18?=kLVBZYlOz$1QiC}uzjAL5D@P}WEhP6V=YZlMUOsxKi31cCm0B)N5g!vtT
zp{Hu7gIO1YFGIttzHgk_N}_-b9Ulw@+TGjLZ%iP)jn7P#mApotaHZi;$T~x_+Wt}r
znuAbE7TV8&hXdd}s6go#g$BMyRa93DA92C^?S%lB<90F)|MnB6Z$*bV85w)cuJ@vk
zc>G_QGT^^*<KCLLyoEt>8-v7i8-babS=?mpOFFNX&oU)9nP)#KAiea*bP7x%`X&nW
zZ|R$Yd;bD$68@@CP+>MU5UeyAj=6N!R80AUib^h=j5f}n6ALco_S_5*)c1yXIjO)~
z+{QqNZV1HcDzerq9*uJP7H~i9oa@yrheVH9vJjNH^G@=Or-iqGj3+h8;5Kmc!GUWV
zdmy|YAv~TFHlL@8Cjqbw!?23E#^H;d_)_JYn-ndWqs?N8YW1`u#L#QUM7>=dN5M5^
z+58%p*-&fexr~f>asVQovT|5k8O`GwlbAP7PEP%k5s|aT)_tZOEUBXW83~&H%Nc^#
z1@y`v1@zxeF`Q3AB8QnZ?}=cAj?B}AbpRH1tz#NtgT9@QR0Eciv5Co>_V<n2oRV8&
z$v)60L6p+JZQ&~*b9>f-tpwC{b~ha?XsxdAp6&KgXHj)9?ZRY5MYUqxG}d|&)Rvkk
zwW3WL1&_ioXPqU%p_D*h%BagAWz$bUCZ+x8NgjBq!9QLq_4<nU;cl}PwMq5X=&PqO
zm()|4neeV5vpEy!YMszz=ZtCGjTk&sj>dw9n76Pm!rn^N1as<A$gFfRZhd|ZeR-=N
z3J?u>2%@bYm~_}E+)O$EfC5?<X`=IW6S;b}8rU|xeO$~<uOX*sUq>H8Xz_i_&gAra
zLb}!W&bwk}i>yWbEh7}1GB@vX3h&8cGM15T<U51q#8se6VY9m*R=KS12aV*jUE)uj
zp$@L{x3Kj`(svWTRc%FTfLbS(_VcGH+QxU5Zv^>~_9}fliu?H*L*iM5i)Z!Eve6di
zK++>wY)W{!+ZA^a4t4baSj9Zk4?qb6Z+IIXL1@>~As5Xckmmpg#H|5MeUADg@f7NM
zSEkKL;3T2H672N}VtU=WG#&$f=+_!;ys(M;ykIO|aNB6pQ8bowI{MH~{aw7xhVCns
zkbAi!@_vfu!k*N_mZLYeh6s(7`fIjlZT=~O@NtF%WL8P$ANe{kKvwUNHcOfUa}S=D
zgi9@8%%wL0^N*Y*O9KNyI`zqA<qi*VNcLwW?CtELXYS~Zk7X1YZ?qMC*&FyOOdP=J
z{g^e1e=)A3VHe%E$}CjkIv&Vs!Q?3AvwD~|Y>`HM`SRj{w(-@Btk%(UF2sEo=o4>E
z!?525$$|Qz&Gb89GvtOhPAhb6el*Ot*T0tnC;X~j-Cf~@Ky0cTG=b0_t|ie{g{@M2
zXu}U<AapuYW1}9|v8EgCto;akcjINm{fO^Hq%c<S?;_zNP}!Et80$V>2iko`m}B<<
zHLDSV29fQE=;)Y${uIILD6}I+vKm#W%X|4Acv-x)vtw!P*xlWwFqqu(KlIWs9$q)$
zurpP!!{!AU)w4V0kM<`H%NZ{&whJ|QXTE%>Dm4V;#<#HBmA*6Hj57%dCLz?vdR&&W
zrT2o#T)(6lCLwJ_yWXB$?1jcjJ{V!XWSfoGDulutCBo=jW;u#+UAJcJ!Mgm!8wQq$
z=NPL|sK3P>nrTiaBbFEaKmiJ8a+q)m_A6=Ec&V&M7|s+Qom<1EU#tbPg0RSkP*RqM
zajsg+;RMg%Gepi#r9n$eo5r{*w=cb~SIdRrb1cmLz9S7E`T=^|V7F^6=r4smC?M<W
z5uu?d#S{-at~UC$*5vIDZsBq{zCSTAbEO24FbpIiA2#Y12)b_~pFtOnDKi_?u~i@+
z#Gn|T){m?h2qAo;qFE)SrMQjosbN>6C|#PTf;R~P`}R5dtvQs-`vec^S8~51bn-ic
ze@O<y!bDieA+;2IDOu4Cr(c{oQ0;zYgsl9f(E0a#JP0INFqZ;B^+N)%O`7IACnDy=
zS2jsuJEPP$S<?}gWQk-L#oCdi|A7ulDi8YYz<3MjbhHKPzb$MAq|TBl)ZbLzxxQF#
zlmhYMYwy6w!$ruuBIl>6)V+vVsyA2h=kFJZ(0qGV&L@3K7Se&(I^i&f%sPeuK9{~P
zbY_hJDu+LR_~s9@K&M3JxsBY9L|G7-4u3_auf5Ic<xptXO@jaPcfRM)1$cZVjlK*G
z=<r;Ab$E&pBV(PLR{GjH{(2WQBu_ZxwY1ug!mF#s!4mC_i`Zu6uez4X8m&0&&RMw_
zH30GoCV}&hLWh+WIu(QBuAr&%Z@&=yq1VWS)3OdyB%eXgAJ^E01f9O1gQDdoB>wq(
z6Lixt`$PDtivYC9`4t2I#H{`KNH>4@&kyzo4D9cp1)5*|!Fr%6CP?Sd2MmLXe+`4c
zIfK$2zySXC$)W$#(-N8ietXWKvL-S6>%4A`4-Ey-2Y&msAcFt?8bcE;mr_4*r+`jk
z{ja6-AE?CZr1a<6h>;LLH`fv>3)1T9Ay!{%YPdQoi=L@TF~rhW`icFAdm%}M=Y2{Q
zJpKCGUH|!jFwluUj11qqdotj>-vM02b*Wq|AfqG{*6xVJjrRgtD*wx`<QZsXHKQPl
zfdaKYJg|$p&WphM2(H1D|M+?Eu|aX%t%g}l4Ye8W|H5Ye!zG2MQLnyff(1SSt)~BR
z`o2`abbJ#%`yVEOyWNBQQK$SbeCYqtQ$XXoJa(mml9F!xV@5_9>%6b`l){7bCGto=
zN)y)K?+J<q=rg|M?*F}0+<;g9d8z+%s|8~=1BSrS2hco|_*b5J_@8_<;D2Vd|LOWu
zMae-G4(&z$_RB{QS_b`p3<3X(dkG1lO=I}}rpYI_G|%v#QQ|fR4RlxVXd5=7eH&`w
zV!zryWe{Ikzi%J!U^+8L{d-hS0n#WkDF(^Rty#eRxj>S=9wf8~$mkZYcmZIt_`mxe
zl;)YWZ6k|B1ob`a|HAize}A{21^WHrv;QVQf?_|FfLqSX9=IM9Dfds;qXvyoQxE^6
z|HIo`22_={|H7iEAd(VFrywB)4I7Y<5;h?rDWK9INNx#H8Yw9yHf)eC=?0|@x?6hF
zwds2A<vh;JnQ_klnfHCq`7j?wmuuhay083Q<qQSf4}NNqXWq1!Pe7Rd`_K42o&8sq
zeux7C6dOl{+^npdqLI<jta}<hk16##E%hT!9h&!-4~0ayX?~a_g+CEr_lko`lOHWU
z^WQb~DF|AANFx97ER@|z`VY_l5xD)$9zxGQz8Wx02+2sopPv8CXZ)+7@rLZ)txJu|
z=OGdQY4<>q?#6F%$)7nM3X>!N)1$sg*&f^h6x{o1_x=F<{z7pSG&M{4NmAJnRIYUR
z({lWdLH(6}%Fwush<9w(Vvqyi@zVhS5HDb}dV5Py9rlKYmlwB$FHXQV$r21&oaX@%
zWb{{1eb4^(6;yuLCcGM_QE8OJ1M19NFr6|%2LO!@u`C&Ua<(#Zd)u-6V5M?q)M-4@
zZD&+-8<ZHo1l!ooaO+jvf6^9r4IsB~j6+}=O~Eu&gyUUZjOS_WLj}jdAA!wz*ZuP*
zzQ4ZR7V3>hA@AT&{O#Rs)_H9PxW31cgCO{oAUw6ydtp#(ipfg0Zn-K{@azJT4%p4m
zROjgr^#tJzl0MUx7ab!6v8qf?)_lcUgjcJKMZbcjYhgn}+Jfs1mkwG@gq|S=OQCwv
zZ*ymAch)xFCnYf+C>^BxhKTOV>bvhf-W+Ultea{I3iLSM3d5uJ!M2n54r<rmfWqf-
zi~~shwm`el;xMstth?65<L(FVQiYd3yc&60kN?iTp3e-r6(0J0`4G@(fbmPeK?Y^V
zCH{yR=Lcw?FWoE$CA;@}D=LIQxueV@bO&mbZy9*QQz2qwB8iEU@8!a$!6M9s62*Lj
zs{Mtm$6&SNEFZ1=uHlv2PwsuP{v3Z>z;o07Y{g5#_*b6XRcjJ13mIwm;7l^X5uh+r
zWQEKq<>+MzXfMj$Icv2s{dxUhtC7Os^)T7~DWm!Mv;^ys7ag}97JA~!Fkd+GTEL7Y
zc6@w%xg*aj1No#;A3=d72Pi0AMr@wR14Ak;1vgrl@D?BXhY;A}i(RrT2c0gH33Po?
z%N*EdelEL`vg+#UC8LeYbO<!VJ5e`;Yw(%F!{${iauPPa)1@PJfg-!#Uo~0ziGo^r
zwgE12^dR7n*4<(2%A67RgXOcEDLv=)KYY;tk`$W_#Je;=jIZ+S=@J7TovXiaHU9%^
z8Vd0l6bXWQ8byqxla)zp3=3$dh|hSFE6}6o(fE{$8FgNT%MYD@miVr<ePD6)5QkJK
z=<K~+ljE{E>wnY;+?^&y4vp+kNkZ6tZ5^E;+pL_DHz4OVCKX6;hbkzzrSeY3P3a@W
zl{N8vkgaM#cP0n5)XYTbP}(N8(=5uIVWd3wGKOo9sGmS|_u-uga$546&E;&HbM4V!
zEE&tn0@xT_@%`wf$9d|f;+At*xTJU>jBC85R=yPuaJ;XDwcB@rsK5IYj@NqH%(-qC
zGBJyur)ZI*vM<lmI)8Mv?TMN2+y_(T^bd&yt%i6uLz8;BSaf71+LNRMzeT%AS$q!^
ztqTk^8@!Xc8VHib+SkjzpYEn66b1~dJ3{7-yzGtpsuq-l2Z5qlPW;Ui?WpwD<eIDB
zFGTGTUET*{Ol_+`LiX!B6XZ3Us&ya#r}b~bbnjLa7Z-m<K3_5Gm{vtY-5U*enYW|I
zs~dNZliKH@Qd-e0)y&Ue7!XgacO?ZtpN+?tTYzd&@B1BnHng$y>$vlt;0v@DQ{S{~
z8SiVArQfb*?Y{aaZZj%%!^Mb63t0)mT}BeTFe<<F1^C&o3{O{&HzY2={GG69PtCQ(
zTU^x5jQmbgM?6-`mqs4NHUg^7jwa_!aF*QY*4$1T32rdXXyY7#vc}doPhP)MK$)Bz
z?eL2}%ZL(-72(zZRw2M)wqP?>5K%DI+^2_qEOzSDsgsihdwAZ@^-4?e=c{z3x0>gw
zNhKssb7O)d#82apE8iE=BECaRwibfp_fn4(OT{ed1r2rvJDUbJXZl0U_vt(a5@;4&
zPcLR7RkqHPqgG=_6IK)c%Dm;J6(`Yz9mk!K@*U(s{P3((d)zRuNn6~Bpu8hC82U-Z
zAE?e+d<2rnTf-#}KXvD3eJ#%^8DgxovLf?Ex^BqrfSq`~T>4c5m4}Vo?w!kE>o(cS
zI2bj(a&o+SB3}ZnOtqd0;=g`mJ;x0x!4as&u-0D;ELI=6OJ&v57CUS=oO-mgmFH2t
zbHJPD5(FjH*-IwCz{}Fgow4WD%XBBZGL1z~j(5Sl+!;}@zZ^jUtx~T5-OzR)SD;Rd
z70_s~_O*P%hbrKiv8~<vM|U7?Xb1MAzTKG#l_aojrhayh+<l_qI|*ohr5Xjjf;VeB
zpti&naO(9Jnjh@vRZD?gIGCvd>&F~TK+XS)=+CF=J1kF+gAUCR(7HJ>S_Uk@$n@v%
z*x4@dfpee@jH1?^rclW7nxtf6sZ+&j=@#bR8V7o1C08rVVcckt{Rz8!j~Z*d?|6<v
zA|8shy-DFL)mMcqC36lu7~T=%RXFky*9Dz;Z1=sd1{EOZHrlUmky9Lp9Ryl$cE^o8
zfc2^b>ZkQ2x9^%8_@7aa<4rnN74(EJo#SF&ZOt%Pzc&i9(~Eoq4`0oQJScmLIshv@
zSC(~bs*Ax;V*L_bnk!Jp1cKNcOh0#ozF5J5*7-Zu4xnZ4=i`#n>ehK9+ipevaxpN*
zcLh{<KN|`@+8H0WDxZl;amjS+3@Q>DQ%h5Fa2j_j)p@>LeB=sRhGGw9`D@E1P%`|u
zlgTby{Gh(Nw2@q=3>tZB-SvK>=Gvz_G*2U;`eExY5!ZTk?SO%^1?z`{p3lBBIlQG0
znglB55<JGnFK2+>nMdJWL2?yD{&Wj#SzJ(O55MiC)HpfFiw1%JTDumGOJ~bL{er?~
zc77A3J6J`>sd*pF8>e$VDaz%qo>!ce*0cm^(Ax4y4eigRGe8GM>ntq|7LIQ98?4&D
zUIpLfKK_o^BC0f_;L!gaL1YKC)pk5}lC`!`cX8A#EuOtE!TLoo*0KU23=^7Q0w}Vz
z<uqV;zBa^Xe+vf&`cI#ofQ6Yyc0JY$(<#z%sqloA)&%fJNBR7YOIl8Cf^+xp_u3MT
zD|6|Td;=|zIr`Y$?n%qtLiXQkFe%(y2TvPM2hfqcau8YYk+;e&>2uU~+v;_%23Gu;
z&=ZL?9;Csr9cZa>4!3?^3M{s>U856Ch<56>+j{s53JR+{uS+!W&DqvXhv~|w@*(rA
zM)jke-7>s```VDLbc8CA`O}*F#M^iqtNmhyopQza-Dfxq*1tw~Fo|W7#dl9j>Vomh
z>^nVb@bdne?PBYAhdx^&kA=(qH-&+(w39?p-4b{q&$*Ffa*(|ys}*ujBES&sV|(kU
z54A~~kE-X&KGfZPmol6-1s_gx!+;9W9jolk=xuLjvA%ug@8)!U_2;bu+rq)@YMVn_
zHYKCYHm92IoSOZGv1+iYx-Ub|o)*z8JVva0eR;f~c81Gly<c2U!QPs}WbgfEMcW-A
zrOBkJH89(Jt-nZtySfK1bi6y|cBBm745k*mb*MX$w*6U#)}?{&Jl*cc^R7oUP9vSw
zCr7K?U}O-?9nC1#pm<Q#rUQ)I&XWDN2Xi4^F9Wz+%d8s~^R}wR=CbbYd@^68P#d*C
zS0!(bdf{F=ELYv(D-NcL-{c7yy3?H7_ISvq$7kYLe$mqY1mB%tI)=tI+(YQ@biam<
z)r|e|2cd8C>w^iK@HJuAJ`M~IqK5Emze)9hJxn5`?Mel|iXM#<WJs&nYx?C9OLuaU
zo@m;hyy#G4y_I<dn+S1{P4I2cJ1v#`h4*}V&g!I{$+ui?5yNPu#7_LvlCXN@)K%;~
zv1uZKQ`F`LdMLNX)re*9wjO{rf&*?~r0R}Cwud&7@#SQ!?x-L8kc2eFH@NHMrM~QA
zpM&*gx*dwXaj+&VMQGszw6^@X)a#nw3*dRxb=kXhw%Str-@m!;O;-^n2KIl;$Ip}n
zmuM!n0x!0DFaRBv&LUcIB|kvuvQZY5u>WO}g!>2tqUr^YQ3H+zA9o38r83y;hFV3r
zpXA8)C_f(MaR=kVuSuJx;E4gxX_Q!oTE#Yb4;YJ48%e(f`8gHe8PNDy=yK-rg8ShV
z-Ogg)Dpbi&n%_fv=Z45kgxbj1^HrKB+-~wuBi7P4z&_h{rwIG-Be1mR%dqH1SjetY
z?1{>u4srOg6h=057i<QY6P7cCt)~?m%+IcZMxSS3!{_Q`X38oFgDB8n(L#?oND#+h
zV{vqnsJ&VS>ua+)RlJad?P!fBu3@J#39<u(LMG{gcZw?dm^#_W&a!BkiYW_%#pxr!
za4m{rP=xB=a+O{?T<@?Y5$YX6g4NBMWCstch-gd<$3up7XbiZ7m+00-_H$>DU`(pM
zWk8x-+&<_RT2dUU<qVUSC}yNmCuK<8CVWgkM;RZEDXQpvbNA6ab;f3>>o8EE@ol($
z>+D!cbGPG5CzIMz2hwS>869mq-KpCYgW{&@Zc#oaw@GMIf$V1M6kH;>tu((j;OX9A
zyZfxw#z8XOQ96a}EAIU&uzdYc^1NG~qmti_P5dSj)M<9PC+|%rEvk=n1}4u>BG#R7
z-ADo!xr7M)C38q*=w#P~LDx-nhjD8msBPM}NcCzc;#sT++c!K~S>4O*bnDPAZNnR)
z$kZF(8MYBSp|?ETT~8TwK&n16E4J{YeK~)~h>}g|Jks36?8H<vjx%FSpKpEOxW4{F
zAgZ$0+@vMo9_>4ZdqGRx;2!L)1rFEh<5#5Bd)yh`2xNz}@8b}4s?o8U_g)1O5ex55
zO???O;|Dy9NN-wcj6DNJi=L`z-rtln06kxV4Cc_j3qPxFFZo84tVgl5AyL_WDuXq>
zLQu_wmvr>I59?3?K4_ny+WC6Dk~2FKW45OgqvhJ!s1x7bVfbb@NtOzhuf{4+U9R9w
z3nRmO`8Fymmf5P7k(gNt?Vl8YB*+TS+W?C?x@3yc&x@%%mRAGxFPsjyzU;tM&Zr`3
zMNX*Kb>sG4GOK;Sd)#F<PfOqxgyGe^Vpc+d6*4w!o!CanZO#vqgHND^>&jN;?E>ta
z<QF6x%Pz6R3Jo&^aQ1Yn=}2>$##da?IIs6uz#9oQK*WP0>rX6nO1Z50B-mtnmjW1{
zOtSGD9Rqi3mDNIw#K8agP>6kf28k1a1uksfoh4tq^P)y)x$<c>8yg#GR(;V1Y4{_u
zPbh*DlrODz%zH$@ca=2#uQ&&B?9kQ^(8N~4(Hk_ZOhdgKZFqtc*&|0N+4YjkwdugU
ziqL0%zh|4;`MW2JSY1sX4nNJ@Cou=iOl%U5{YpTHdX9m+*R8h_@Z>ql<=f+61A;5F
z_&0Vdx;@HZxLe*;jHx!8wojX80JDF4@g%hrM{lo-<lJ_LTxWjD)V*4$S?hYgkB~|F
zvcs6{P9vhtR@-FcbFS|Lw5<7<a*^A@MQ*JRi4s+z4^eKS5gjUhtLBUQ%Qha1?Te`3
zTru{Efu0@blfG4Ddzf0$tE84XLA`GKR@})fpWUW8EyaFO$_DkLsItuM%+ho>`(RL1
zeO|#T&1K3>#wul^FThoG+KSEGSo%xmnJhknMj?Lw%?jef%x%HYP4(o1hYPQAWhPUM
z#ib<!NmWu8D}&oV5W0buF)nEr_63Ex{-?+;*NPpL=V+v?N;A8;q~2|^_&)S8hf1MX
zzvZ4|$DQ+$+bqldL$rEnq-V)pyWL*pzRK6qUEa-}JDlPl*ws`(UuoIX&oZ}9$YsHx
z4>Np)Ck8_Drkb7@YGYyH!q}xS*{4XuEl9-C8UAT5m()HrZ8T(t4}Fn<6L)s2>%REh
zX^gTQNKKphQk$GaP%BaAP@k8y{?%Z=EBbI}4bFcKfyhjvqQIr7U?7lY*a>LB;fGaR
zA*dHRr-sH|>{hJ7#+IH$%f(rL>$-8GteLQ}113QD^Jkn%PD8DS3*vJLgQ{(X!Ul<u
z?K{#<Ua=o}RK@uTCRy^OSVUAbnk729*%3lHv6v#Z1!;bA_I%m<3TPD**(6=`y;Odt
z3bRP=0QNWIlO#@-J=ek#=~b9W@dH()yocnwS;!k)C17ruxk<S9d-mkK`SBa&O4VsX
z1-y;`9%B#98b7?%a})ofj~ZH~SyzRfM5E!xSOV{~WIQjKKhqr|lHnVmb>}l>1%p0{
zZN%WfpYg3k1lU6(!yj&*&=E{2q-8UwoMb#e*E@f4@q)W)0-4%qPnPU-1RDwCGLPOt
zhR}6(^JZv_NXksZL13QpVYiFK=|rC!vKQ5SpG2x_;D&REp3%9I<0iE&5OC+9kWusg
zwB}_JrtJlEGmXA9=e(Rf+mL3x+WaR{MBN4ztiNGSetC+)0Ir1;o!ZV~!I+MBZ8vu^
z2$j6rWw;JDcjPGqk_SFrQSug$&XK)Oz!)mj%rKc;J13AMu=41<jQLFk;WrsLv<dvh
zRlB;>P7%C{a~{&F3o(EJ!?5mzcG~X|3(XgM(K>iJv|Vr+Y>=##Y~x!#U>H*Ws@}PE
zi(2eeWU@^B7?C%5g42HAz>dM3L2<Gd3(ajH-#YU{Y0m<Lc2NyhBTI{S*FNu4qahW3
zV~e3JYpaRBrc>riQ+<p*LBE5(<er2-)2_Wzk1a);WM(p2AU=c?pTx(Szu=^4?)%-m
zL6W$7hX>8R8(!YeYFz{KI!W*y;=D-c5`vH(b+@|OwI$lc+jfoy)3R`36$FcvS8}rg
zMxM7n9}Bm>P)kMMAza+jsn)|P13%M|UO|oJg`5eUHk1W{4hINyy76Cpd3iPf-5DMw
zcO33<hAENC2&Nd4!0F4ffa~vL-XP5%GI33&m>`3Z5_A8aH2?Pnd-M~t58kv68>Fhb
zHY&|`8Rgj+?C1{(5=cBG(yp!OHt>g4d?J`sd<##Q%y2+IxuYBTUM=YbvcxwyQV9Qx
z@1<y{hIQ_3D3_9|mI68qotXBNy~00Syf7(gf|J4gD*43Zo>AvK!12~-{G1Vodi=o*
z1>*cc=Bvun?V!1MNqEliL=~e#BzqqeNw#g)7h_<w$GmY8A$>U$%K4{QVguSFji`KT
zy_AeZmYNq1w_5e~#z_znfwGM7?@VE~V1Q3<Tz*rY7TX6eq}D|hX7OULa1xvPZas%b
z#ft2<tdg~4WJzwtV~p-3ly!oV%ki@dD$~OtnlP!Am6nxrzHjZdJCN&`-PEZSkbXf@
z_`D9<45OPIbmbmOX3{=phjS&})J@3bEW<rU`^zij3HA5k(sP#`l+~G+ysMawV9jQN
z>s9;Jj8AN33be6x4(TQ0JBU8Lag3;UPu|i_p+(8mg$9RcedsM9-AXmSFD(&j7v7li
zKqADoLzLd|E250}_612JUN}KN{+?l^Co+$6^t>8f#N4&G@l0v@rp*RI;YX#p%eF^r
zFl(wo^X1y3>L<-R!Wl2<4m;9l?PNov%QBuxvjN8dy~oPQbd-G+a}nb@p5P`V>fvLN
z%vj1C6X1J64%1D(G;U*u!GusfQ-_q|bXaTN{SW!ng$wUX3OdxJFr?npF!ImGgOhP0
zhPd<HG=q_^;WRL^MW24S^Mt_&mio&HUJz9(d(+OGRZ$ArHPfkbU#t`gHx!6uq>^}~
zs$DvyQ#y$f%D)`mMrYU0#x7~}HUOD9KOYm&Ks+k$m6WD}GR`507Sc!ckRXhj0;E*y
z`p6>7>X~k`xK~ij1|_R&V0btPu4xiPhqkkfT@AA8$4552F1ww(l|jRtl>UmcZs;+c
zHA-eNTcb$Nkj;zHm8a@vja-lG0x8-*r|~u?KN%vTQcg}o5~Jf`cdFsw1q-Hu|6{;C
zWvO@Sll<r9B6^hRBel>f=d~tRGqZBdxso!uXeXlyKB-8B`gmnDl)FcSFiLIr2x&|`
zd&3y`(oYbWXOA}CA>=0#L<6i%J@v6~(vecUPULPJ^Br}o6eF5BTVE{|HHH8y`nfXa
zcUw2`Xg+HXQxH!1Gu@jCE@14NWN2|u4)<7h;r1)eBv~Er>rn0OtoCKxlxWZssZHfq
zLwD|HMebf!j*xS%S9WbP?Q=+uX+Hxq;H@A`b#EX}MVK;lvXZ4vxfF4Gofoxbw$=qZ
zh+B@SRxA7RvuAYrmv*T$tKiVuBu>q$miJToGf)e-*{%kx*`#<gq&%rkOA+nww%oo~
zBX(f#iVq^xb6*_T&aqdBE(#5_z)};!JiZds%e33c-oU&%B>@*p#Bb)zcxar{{li=m
z62r*rJqH@J`A<(=^WoLk`PxsF84;%>E$L{llC3dGbp@9iLDl>4F6O=9wah)@;jJFd
zkq%IIwZxX2yxQx9r2qbYE9)rOSFM5Of`e@2Hz5)4UbUi7KR&kra59xxup2aQBP+L8
zCBQAv=A7~KoK=nh4S(SUTNzGT4Mql)csUqubl#VEhC5Pwc%)nJlVUpraLo$6Y2$5}
z@6F343)wLYvG_%82#&!qI?Fi>iVHW)FKZ!QUB-iDa+9Mr2NI4ReD$+=%7v0K^0!V>
z&rU0FmssZ>6PrRY=2vUW2yiA3r6r}<XM0-(G1X4Cki_4X5WTU?afdm_A=^A2C7HB}
zN+xl#>t=|`Oe2wbEcZUVgIs>ZaLH!)qHl+q;v>H!_}=^oiXq_62b^z3%Vz|e8yB;E
zADEVE&*f>g1o|E~_EShZq{uZ$3j4H|6;hYzbT5q7PEFlwRugctxY9c$-o3B0aHT@s
zYS1WkGb%}~?gNc<#tIk<BPwyzckwRo_<2N)xjo&zBV{RHsd}PM8S{wrl+6mM1)j|7
zqU~q~RqC5@*M*PuR*!{4EgW5IFXdJC?Fj7WA*TvE-D+bxZijAGudq;#rZv)&BQQGs
zt3(g7?9Wh=Q_;<3O3u?^{i9ZplnQBlnph%mD_OhDoO&<W^%6sAK(X}<XNTeoc_Qu@
zE{v(xJ?H95FR~eQzWj)1h>fcR#(%a`@l!y6ek%<&b#G9(man1BP<wp`y@NC95z)qD
zQ>3{>h_!5lq&Q2^>5aQn2_$7cUf*JL+xblWVj^{z^{ag5y-NkXsYNDy^y-U9^@zl-
z;SbZ|=?-a5GJmY+!lctMH?S=z(0n3#e90!Qrdc8c`{E24?w;^u#R9dTr&PGIDvEVr
zE2H8IyxY`YI5Dc@l67CPuEWboHx7Nx5mbjevCs9sVdCKE$8P-}s=x-!7Wf;jY}Ad4
zPK{>S13Py2zUSHIo`z`88U^uDki~I()c&yAA&a(CVo^!qwl{6{(1Xdlm#=3&d)?rO
zizC#Gts+(=z2*iKz+K@%!|`n3j+PY(*=_+7;8<MPk!%=dl=tjOT%w3&rRb}U@NNgD
zZEjb>126ZTIoDpa=;b~tkA;!EDocjE2O^67x1~=nx~3#8R^}SB=PNJc^B(tBo<P{h
z98&}bN5vQiapB4^X?`ZjP*UHzpw<tE;R|6ux;nIkn+)*?Pg){`mgqg9MV-AU6_dCW
z+_);;>XJA*zno_@<^o@oq(*#?1~~#`K`s;YXoPfJB3w-;)8{al9N}PSS19yG?wYB_
za9o|$1WF^pvA+U0D4NV8#2|sjF1}&!DQ9Z07cI=?{)S?tb4vjK{k=3}HmQ4Tlg!iT
zbk%C>!Z$9y{T7R}s$U5t59^*X=jbqo3sExEs<f;oQ_0Od^uL5lnAVZpmbc;Wl}=+-
z=KAJgB7?7aDNzs!9t<lKdCV?9zrUE5=S-44Z>toeg(k+sxADJJxy>537~q9;M#R;#
z?9z%ByCIBnNaoBhbD~)Fg9prU;ux8DIF+QEqqYN;CpTqs7)&zhY?2v2gMlgo>k=Vl
zvePQ>bqAat2L}3}{hzyz;7?Qco3d6SgC9{3lB`BUH?>`o+>!j8Ilf-9ZsS7^$vfU9
zSz-%@TP!#*K|TJLwd*FXod3D5JmKTq#Yit&y=Z&ukPrsks{v7+Ce&eUwz86k3)i+*
zYR{BEX$JFvX)V<^OOaF0fM4Pnx7r*;)xQSrNRS+1{|!BoW})cZ5?=E;pOSTn<EnTt
zlI(U;QvfbKCi|_5n)!PWs(XP@eg0)y!9%Pc3V3LN7-5gq(`dj#n`)e+L*qKioZ;26
z4~*IM=#I}Ipi*;pQ0-!sJ5%l7-9d&+%wAlV4V=gTDO`Vnsp+VUlU{d=1cFZC%;dJ*
z23EIBbQ7ohnJ7zeor-w;M*G&%&svaCW%c1TGpso}tE<knp>Pre#@sPdz<&kG%+T2q
zTSwHZmF+4jxTj8zKgETaUy@Gs_G8AqPeP5^F6qG1z$wMXCR0GKU((-An+O_$Gk?!$
z5HvGF$<R<rOJrOk*76VB&f-zo!3*RQn+y&sCTyr_mUHU%1`SROzLFwR9OR}(&xJf-
zwNuP<Lr?NA`h%v8%eCbS%~H<8?~sWK*f|;vS~U5)uEc~HI7Y@o9>Rp9T_y6^$};y4
zB7=FW-Qce=Po%4>Ibi*!faFt@Ffrdv%@OMjhU<vu@on$e*Ll;%g6*_4T*oY;Q9A27
z0i?YdoBoVAl0Eva7tf+(L{2-om9||eNMo7h*Xj?lr`d;fK*4O{jHJ0*QL>bo|0#qr
zDv3Xk-B*EnMi-u&{$c6v_V{su<}f>@3X2<)$y#!s$pGA(CgBzEJPyn~+IBu^TEPKi
z$%*lL^ljZi`D@qFAei%&m=}RXM4x1GYVB>Y)G1V&7h@hbFu5)!y>eEMQNDh(ffM3Z
z0197UBglbM%n{8}<r&x@0}?E~Cq!)1RN&N+S@rCaEEqP5M%!kZIn4)I-I;OZ40~oG
z_6js=(ySTjn=0)(xvn#4$Z?Yjd;`z)q6$jSJkeG_cb0fHc=m3DzW*9{woKrTiFRJ+
z_{5X@ozj#AseGE4P-|03f2NoQc$heQUuzGz=$&zoS`Uth!}KU8_7&G`S#+lzW`7|R
zBM>a{!Hc#xM7W>ib40hiA!aLr3>UVpHoCjDHD5qRmKdBYFA~Qp`ox0f_WVZn_<B|#
zi>Q~9nzOK;2>ftX)ZdzfGn+)Fp|M$cWJ2N63*Q-ZkcnZLZY8LTY}E8O|8i3mex*h5
z`V;;3r==Z&S-oMenXXPAm4*culnBQqV5(`nXh#XXu{(w47O)yX9-`PKg~SPIjABh&
zy!&~Oq6YZEK)=4tt?gUgjU!F6;k|#o3ZXN%&yib}lv{N@Xz7P9&6u&FW2U9SBxtfA
zD0*H2?LW9Z2l>xKB#55l^=jWXMTGLZ8n==@_qw7P+|Xnbm#bQotS>sc1quz{F_Bqj
zM`}B$>O4R*BsCieDC+=lx{sL9qbulzJ{@vQBt4n(jktUfu1$q1l@Cf%Tf-02=|rZe
zX`;r@%x-r6VIsfne3o(!PK>~{L{~qcetYL*$ZH97Yb90QzYt0c;E}bdi4?A1uvf=B
z06<4WUQ(}Os$Jr1Ix*3*39&6wgPL@;M4U(g&0rxM#6q5uleYa-O0aWv-o6HNKwaJx
zNo}f*Bd&MATmSm+y-f^)&qQoo3t8@PiS%m5Yv1Fk)=pFE?ji~F=u?B=?1;^;Bl6Qi
zhtVMr$dY_(dKPL^VU}Gm+Fu@k1G=Pqxtg6>4K~#qK9naK%-}2oy+#rQvCd&bGMEdP
zj_bBvvml@^QmSs`YIS4y1XsCg+gUC?Ol}w4K+~%X7kp!XjN7S}pLi1_ti@^<%;~zr
zcXmZmyowjZy_GyFabdQTt~BETqRNbexR<U9;5&4z@%b+sH@(IcIGPi0vkgKfNXn>k
zM17~3D}19kr!o^*xc&96&=+lu;%5@o2TrbWDWBg;PDk{qaUt$~4rAHiu+3&Xmvf#u
zMl8a)MLUifb}wYyJl&NsKq4rx?b-&5$OpfWgozq!w04qV&d^B_osaD2f$=rB#2?v<
z4`aJ(2Mu7|SB<WF)Gq$h32lZp5(H^ZHsdFTD(M@XYC8pAj#4e`{gNymozS%K>U7>T
zl(j3CeFtXs?VZ0HpzEJ3SHJ#l%-4IlYwjT~><nyt$0Q*a0DF~2o)0?hhT1T?8Hk8|
z9E?)@N<}~>40h@8;(D>xISz_9k2i12oGfHqQlGO31lId=5f%Wj>>!Wao<aFt?L(B9
z;XS0tXKm6Fcan5Xw4Cti3u*nW!ypwl=c{Ap7dW<!N}|GcpzO`Sk$&le<jF)|3m+?b
zABzWD?tgn2%6z}Oo9gwaGJm{!-@1*+7Kd;}zV&)a=If?3w*KC<gHvhm_j8`QjM8V^
zP9Z2{d{Ac*)XguKQ4^446G6mFYLylhd*NJ64WkOvbh(NiF24+&TTw{5%Jp+I_q*@|
zh2(9uT&Ph=4vXiM`EPUN6unVH7repCx}BWF?7!s)lgB{-d~eUCP7GIIL92;Hse<i!
zF@tM8U~f3gfho7N08Fp2K0Wiwx<zu@{}5jS?)O%?GO#>JuR+x)DT;V|U7!FJ(~&%r
zIpv5(`9{5&OSO?#rO9fb=`d$lB)Km+{noWdG`WQV*vQSKiPxyx@mC+@l`>g^_OYG`
z+`7C}3mlcpO7HqY5;n|Z7=@Tg7q?c-`Im?9;HdJ1cr`seld-KPBTXYi=ATPa$fHNY
z>aSp4uRNrPb^*g+-HKEPjz7fDr)@}OBxg#sqA)wu{pdYGd**sXu|dt@4EN4th8H`{
zbHmym-n;dWCCuI@XS?{QqC59);cy9sm<wb0B>bsJw3uraMG~jfSf))j#WD|d!a9-%
z>q4d7`p>+vDjn^sRaa;ZYP*x4ND1N?G2Q+kEleLG63=SfZKt<C6Qn$#1Y3{)4G&Wp
z8VZs*D3d!LHQ}0k{y~L@N;xR(IO3(}ROolpBeXY2-i)B7m22oP*W`ZH!JFTCR9f3_
z2}|_ztzHmGGmHyR?&O_|(y?AA9I=lxdye^d)gD>Dey#S^!^<T%T?wK9rSYd-^Y*Al
z(*R1oU}I{4Puy+f*d@nm#v9>IL@xtk#+zU5K*}vj@{KP8nI&glwonEa4s05ok3%q`
zk=K#To00rJ*fdAUOXwqsgZ&h3bjO`wtMwhIwnk<feU-QR6Ar&&CY@8_)Sf0rk4AHp
z$O|W^sHV=Rcke!{DhnB+h>qPX*V@mVY%jO;*z|c<*YNP-xDe^mdZ^b!yabQ|X;7n?
zTa&u^jlyH$oD%;&NzwhHd!qtA!M^;ICp-y46C|Pw*D6pKb+a74Pw^9*y{niAO0KFy
z_yE-Px%?7dxlxgOu^#&2Lg^u1ohA`tlGQKMm~8m~@KuAawnWHmElA{4y(NxHaZ^4p
z&QT2k$q;Sn$!kf88l4@y)khrec7g*EA;=dTM%Utmi#*H>GBhSpQoRd)VcRyi@wWc$
z6!|b$%}3r|rjd@95TyC<WpCY7?%Wd~=d8ZDpO#MQ@4*hhq{ga6K{4OpN7Fug>dgsB
z0QXl4a*Xg*Mf*R4rBEeq$>RhIqvQ`M?W$9@>Q@n7$X!Lp7;c!&wHW2POnG+9#eN5-
zm3v=9ZcNLKXGMC({e~ui@gH5K8lCkt@lI1Dfol1%<6K`Zl323N9yAm(mb^tzsJbc!
z9$gqGQ>SEYAZ#{4(2*}JKD*&f%Vk49cW`%S-g*4B@6i`RGFVT~joGL0OG#z>sT;M#
zr>D_oUgQp0!~jvcoBDYhAW9=3-wF^V$>1MOOb`xCJG#z|_r9$Em3nVwM~4#3kR5)f
zY_cGa-s7g%S48_2N6Mqp6N&8oX(^vDgt4_w-R_7jt0~^u%Wa{R9`}l+%Q47XSC@Kq
z7=99S^?HDYd>~TP?0^N~{Wv|i#6YspKKy-~dNGNU$Rz5P*%9zSGV|hYRLu9Q@sBQf
zC0VI9L^4Wen=(in=sEPNr${vziaPA}fWPLns8QxVdM!-bi%mVMYbJ1az=ZiN+Z#46
zpodJW5#Bl5zL<;@<QH?X&@~i;A3Fj;S2tXofWE7FU_0WkQE4HjaU3nsAKak81(&8d
z>u|Y?1W#5wctfl4tL$RdCXvr|^*}W4CVD;xTV7hh%T0rSUB{|8a`lCof!tSR99Y04
z2{#P~r98RU2m8?pC*C&1LJcUf+hgwP^?4<$)kC#CIVCZf)o>Nx<YK3T*`vXSaTZ2~
za2mJe9W(!7ZbdsCxQv2Pq7-H1S|6Vt2bp@J@jaT$R>lJ+yd#Qpq|)F0-7Z%=@ox=6
zPW?!91~bLqo@679ukE=z8MVR$*lKFiYT(JuET@y;;cGM%DKoM_4{%Ux7R*z#hshA<
ztnc0Hm#IFRp`juS00-5a8Y#76x62FEQE8hyApblur&bh|q+CRZb|sIVsIYF3OKz03
zQi0F6|449dNUAh`c|bm%kdDL_T0Y;)sOwOLzWh4*jRQf#t;Yeic>};$DP&oI)c@`6
zotPZds{rR7!E1g?+No_P0T;VF&^NL<vpGaXyDf~<jpIG)couKd?i(!MX#xm2NO}e!
zE?Sx4!Zr-%lwmj*zGY7w_c<D6F@sP_p7wBo4q)TQwp1JCs-K#)QNLw9?J!ywW5F_v
zjO$(jhd4He>CJTb+^XmAZKjkzUU=t`=ui}5Ru*ZeasN`v!UJFHBn-9&zeDRl@PG`=
zTa{HCHF!ZVFD<=3F|F&uphnvJFurV)y&P4Ucplr(4_)XQ&RLSzePFPBK+7xYQoV!f
z?FaE{P|2if`tj4<On`=C>vu{rT(PTO)ClIlB@0>_*DhhywGSQw5Catn_u>{u8Uhrf
zRJL=lBrqphmX126J|7zI{j4VEoonxd5@>!vBj-?Ke^LIedGTgwTXF?59W4?X5JKWt
z)K0i<5zB%Md^g~)<B|JV(rvV(Lq)n8Jt52K{QltGR^@{^j(ECWBnhE?O+Kxx*0H%L
z3!>l6dj;1g>Ed)u&NEc5dWB|~M~0se>G8JHyCc}Rg&W9194xYK_Fe@bf|cmKoDhHw
zy2bfaYp@S!5oiIImk80)X-wR34hu(|-sZGW8iyV8#oH0+<Tj$mPjS&1wLVWW?+0dg
z^GLri^NW<P7DTzu+}St5g}o|5FOetvG6YPjt<d75sM)dTEAhFhRquQGSgHrcv~-%d
zzC49}F65LT;#|mMR&HDrYj+<UBsmm8k^@ho{Uzg-XJN_JEqeLh#cY;DFHT|8hcaN{
zH!5#9kl~Yc4EM0Tg44TORYm2NHeG8EN`jH%CbnF~*TJ{B+Y?HPpXdMV`^6f~uiW|J
zUdS7dQigQOqtd!Xqi$F#x%e05snDPDY-0r9Y*M_VY{ezft{g`5-41wP+Hru5)Gxqt
zi4e|<QH>;2*x*TOT-gEKywFnpO=NO=&O-Q@a~gIN2RouWZllrE^vly|C6KFdQnHy2
z9Dl(xQWaY)ia-3O!?gNs;seoqeH`(JyEq`C*wrfCj3GkYvKoc-XVLHalYtLM{M6}k
z66G4~>SC!m+v>+0ZWfBU?xh6=^5&V37UkDySd;rcptwo~>Xt!?uBZ&W(9RyJMiH%$
z#Wmb=6uJNoiG@={=Q)<q9cX(QaWI8lYdg;?v&YbFG`Rntdbv}8z$H+*+<ypsxQ7=w
zjgrD>QRm+|bs8eD>S@Y?6y`n>bqu-SZ?6=8C;**YfUWdI2s-)H&y&+*LX(>r{qTSM
zJLt#37ZAM=7sYPr42SC!6|myK-j(PB9<qkQrXRGFCW2`BpC`d>p7L}B?`BOXF?|e&
z-d+92yE(PQfnE8HE<bMmw|`a+f@#+1C{rsj==s_|p8t1e`JJDC`|2NOqNh78g_-Uq
z&so9+11oc)0frU}Ff?*6T1Eut%Ypyp+*ml%k}s%XdqvV5&tG<gn=OK#_nB0{HfMjt
z^z=Wj^H0a#BSOaujXIF6U_db=DEo8L6zK0w$%t$$Q15%1ixip{IkeV04G~Q54}yU@
zrrS*spTo1I4PQaT`ZL|GUINZoI8~w|K=#7TB%zXz|LxC%r$wzgzaZ%`kA@HcfG9Tu
z0K^?MgG|W3xD%qETHwE;8qmVnKiTT%;ahxxtZ$eFYHVXevi=7vLdl0azlr!C-?_m6
zr1SsSv8&b6Ds$`Nkx1OJjFpv@3v(3}JjDfCC0{7pdVei1A?=-NoR7Xl$n_<C_>a8&
z{ID0|;Q%p6`;6alHA@CWaST7BxR+qWLFW{xaK(X<EBy5XV-x`swOV^_Yl#7tTYmco
z%Z*h${!QWjucV$ve@^4l9=zm*yr;tr+;9Gz-`#Jczwk&XAr|AWNiF!V*cs#s|HZ{5
z{Tqz{uxXsX9~;tOdYThT@OJFg`%X?y-p};(VzeJ{>O97uTgV7+t6%M7c>$Py_<xkS
zUot%l%H)$o-bMJ2p!%<JN@RKqBuRM6v4$Q2Q0^Vyqo2|!hkjSv!EN+~)QdKd<*)y$
z6~c9&l!`ykrUP8<c<*-wOZX3@_CvZ3B}KyS07lsYe#?(=|K$%y`WKqxAHKpDT#UqD
z8L9x17(T_$u3$*eU4IHX3+kVq4n|tWB&E<mC)xWSPXg(%TCVamlb24Jm6ers<+-`J
z0pt6IgI)4lJ#upsPKzMl{JCiPj~CtcI96+9tf00TEs*`|O?S9LF@-x-(W~>2;xqb5
z>IditT5Q#AipXz^y<Aa$)w?{gK!e1Lo?gy(2SPA>^QRDyBZ@8pJ^kiy&nH07kDpuq
zjs<D;pCYC~0@-%&zu6;8P)rxDs8&?O1YN(u&ojwEn(|jq1M3x=YHB6}S)-bt*66pG
z=)bjHTIkMOz#fJD@UQ+P?umQAl6D{RnVu(v-ro50?ON!G9367$zh3<YC>n97;Lwj+
zLLja>`&Lv|a!@a-rd_`l#g(C2<>|7w*CljlP4~mdJpTDz56~`|T2d51`O5zFeYfZV
zQ(vS+;p;+oO8irweUWIFm>04BGW~Cq;1>x<zf1o0C+rx&Pv~kV6(2!AarBdIz|(+V
zF8`HZLh*n?vorJW+dc!NZ2PC}09F6Mfw}lMOXCgh{g+Pztm6OjyCIFXRq&|4`}U{G
zp3zag32n{jR1Na48V{14u?lY*X#0*YOaAc9eyR@eQ32>{`gx*{6)aT#%F^PApCQhe
zK4%)<%LK$c^rx6VMx}wOp@?g0S04n{LEieGxarhsMMz6s<rk05rUmr#`O{DR14ZmG
z(_JJv%jY4}^wS#x8AZq^{+rzBLUN;^P*g$($@1@V1Hf{bkY7Cw<mT^Q+`p5Xe|}m9
zex0jx$Q@FF?tjn*O1At$CVz9x+91d5I^>v@_5F{I*=(!FmxLRs_XfMPN&jjK{?URE
zA!gfILFV9Z4)b-$Vg42AATj?JGV>1-CiM$q{9DKGADnByUw9)qoKRTsFTV008044i
z^rt}dPptjVj{85jpv1p)+)c)+(sVVWpQ)u<nsHtDOQ3><!}IQx&8WHEnWE1iL3_)p
z<)=EP$9zl3d-P4uyW=)M>3_uzjEI<#Q&t54!@Eay>!-c?4Kw|ljw1x_$1h`$Uw?}D
zYR`P5z{NR8<)=X^KW<S~H2A$%$$R;*CgWeK{C}k3zw<5s;h6t_gi0X7`&C59mL&6_
zx&&E}@)HaABT%64cm(+pzq*|N`!Ne-hHqJy{UWZACMPtmDI%yH_5}z_s@1zc-2H^)
zG_96Cop2yI{(lXq3!%VbkgJ1s5eh75ei~xnFG~HJ;BBpsEAYSdE`fgdwIly4iT@A$
z|KGFnKk&%^cc=ItkBvxEa?<k_26?wCwb9X0vNi_?GxNv!mXW-1S!qf_gta=+KW^lw
zl>;&VujTC@qF1<qRLK8EZvY4MR|){QE&n1w{&%6ozhI3w9k)-eB~-_QctY;49$F0i
zg&%UZ^p3DI6mfC<gc%~ekS_2&Y0GNf&u{;G7aa#y<?!`afDyQ!9j2Rq(qRh=nY%f3
zQCvCq;qmsg?xoiO$a`=2`u{uKi3cO`06hTz!oU8TKQ0t4jyM@8XCBy?p#MmeG!*f<
zQ!SQIZIKCd+|Z>N=Bc-z?FSiKdB}04+~#}a{X6tSuX%bNX1rDy1G_hO>GTnUvf@a_
zlht;ip~nDK8cJb_t)#($wayqgEN|&P0>OL^GiI$XCo}uqAIeS0TO5&h`6Rg3=>lQN
zvt68qB&9<=+V{1-?OBI?Qo+c>q4#7k37{H!7s@*zs135ftldpbT)#VjHyW@fpEs<*
zjw0|r@inY`*d<^h!V{c$zJHDRQ=g$TJ72UP@&ffCnibI5{Uz1H;6i!JZ*OWbvBTWA
zfwqFRK@G`VdKEqM2Vhxmrsfj>4|WiF5;NT`Q%SyC4w`Gr@{ODKSMj-CeEISD9X6-e
zk5DzfVq8!ArW8h7OSztQujnj2Y13aoBKBQ&#!t4NtAE4s1e@)bzhBb0GT&!l@;bI^
zP^%Pl27tUK<<z3w0Ir8&lM==Amd;Dt*rMkpPN7WbF+NYnc3<jR@j?Y|BmkOL!%wDg
zfcmCOO*@k^9o_=cUA*pTJJnRKuBk`%$>eE%0S`oquf#YzKI>^U?FdW%gFPEMr<1a+
z&oi^1PI;oPe&|-va5$*7<|-W<;?Tr_-I>NskX)7t{<;ccUNUY4M@V-(A65O5WR#z8
z*~xiq0dweb*&VF_xzJlyl~2Ly79^B>0D@8B=S18Ye#&isK5g_8TtuZHx8MuAHPk7b
zEED1g<}`2)?wtlleEo5=U2GNfm^~<c^qC}W>UsoN@HIMLmi)tQ|M>k9&W`u~>yzWP
z5Y`bV55B;b_)juzBvkbDN0S|;Idj_sW?OFtm~JxSkW3VMN|#8h+hK~NZ}Yh^5g}s6
zuuINN)LFup3x6wFamf@g6XJjTC90TwP^Fu+vGC!i)3vP&rtB4`Y}1k*vG_{lu$lMK
zyLd0#!PwQ=klL%|_2vwKkVPz>PvPn9yQ`Vwuvz!**ydro*unHZ=CzXkyqWFi%R_!J
zZXP;8g!VJBwpI%-<cRk4S&zEL@~Gz!bczSlCI`dh{F=f<F0m@vgGGdS-Z5rGFFq0x
zX@R!tSbiI%!L2Zu<f*sP5~ohnDAJEyT2R}0wSQQT|7<ix%&jQ7{KL8niNMkehf&%*
z?fO6%WhQBoOPvW)pD;*s8hwQ_H@@UP1cr&|##xj@MOFF0EW+s&S+tR$G5N%^Ma_cH
zm=fCuDbBf_T{?!CUb=#q&c-@Tgg$k8!d*FGzx(KWkM|Vb&shN91{FqdO-2`w4{8Zc
zeY{#i?YUw!{fR=f+$HRT%VP>q<h<e49yOfqE_6={F81lB&RHNb7pV6RaVXH*v=4r(
z50ZgD6a;hg6PzE^7n4ehd!E9MQ4n`2Abp&M-D;7YfA?9u;W8v5LoZ&eoSzb_mc!^o
zi%nWrENAcy2=SrxaI1_Ca97ZheD(;nw1)WIJiXGvq3ggR-T%NV4~ocCjOy=;fqJCg
z-!Avs^(AlB8VBDww12WopMi&)-G-JhIUml&+gLM8(Aqr%4i#Aa#e`mfSz5`^kKiq+
zd62k}wmv(2uv0u*QgCNk=KE{7^=vZ2C|^crP)-E|)J5a&qp!In&}Qehg!-;r?<&rO
ze#^T<jWfF&%(lS>({Fo*3g4ddoM0tNLdbp-Ib3?c1Qdckc3pMi3f7jM(LQg#*h=o<
z^2qj(a!D!|Zq=59MVZ@<_E)jjk!6?kxyH;SLMWXkrS$X0qJ;NuSdmJ!-|)1y=bd2G
zvk(ROpFnS5g9Ua5j6=#(6rw9YM?!ZHjc^IMek%BkdfA6y6PY!bmu~&-?M-X2#+kN>
zw~!r@@?~l9otG2v9ZwQOTg7(<{;jdb<zkejq7KR1f<3LB&pTF2-bevWxC|~#EzN@7
zXL0@x+U#q*>s!7HD3iD1{1q|4v!5;fnVPv7chlI1(D2DXRI!ZVEAdSnuL+$Cy<-nw
z;m6G3Soi>3zM~Gi&Mi^YfiT@rXa8WpY^RKs;=08ISN)a}!-s`k;+3p~!MeHmPS_oy
z=S4^HjN8DSQ`_D~jVgH|Q8UA<DZY3PIcK3f+mC2jOBB-~Nju*}WuuG7)eTZ4SBbvw
zTAsGozy;Ds=J}K^y`3H-D=W6KJ6~m$m7`tZ#(&plykhM&mzxwEtaXx>f`9V#LvD|@
z`x<{GLioJ06YC?s-c$Uf7<|$NRGOAn+8i3i^uQv-h!XJSi>bo$!w16PGxnj+SUJJy
zF@_um3mmWXjSG|{8sq5NH!*`PrqqI6GVAu*NLm(S4F(x_^U{W70SX5u`O@J#9zMl_
zwn71Ty%q@f0n$^v&6;{AaS*6R0MupEohCAMI9)+_(Zg1XPy(J+YH6}Z=Y<qVlBq8d
zGC`9Q!{UpZ30wOZF&FXsvAB5wW1szvu|a5fxht$_o7s}6<<+TX6WZk$6d=R2NP@!{
z0@2$P3E8FU)rRLfPRVOkQ#iU$_h+qp(p6|;L*G%uXiC2lem=*9xrp26$;|^^%kn?G
zw!`h=t|Z!Q)N#qaofuS3&tr@q-YB6%ncQF__;d@vQ`+88W)KI~DACd>dFzRVLESk|
zY8-mZbjO8VNLk+Uq~AbaLZwCO6coD20Aj#R=&)WD0x0=ay=_PIn+tq>7odU}a$vQ9
z_g+i~IO;kelbspvA<zffkuO%x)YAbPl`y(HRdw7h_CsHDJTq3&n16!^0C#6l{9c>D
z2P<a(ZQ8{&npjfkO&`(=|FjEWl5fd0Yo`IR^-kZJ?qrpKFP0dmJs(?_fUoK`Uhins
zDHS>rzx;h05QONvaw`%X1_2K9BVd=gI4`UHoP-Z&`p%1~+aZo0@o>Zw9dOa2Hx3yv
zMb^TO6?0I)`oAYgFzx?Qf-qr-I_p(#JcS5hBEYNwy5THXARhptCX<gna}Erb3VVb8
z<N7-p;qPYwM^|9KY)OWDA^WVFm3F8h3_RZb;>9M20_PeTwC(~FH0#6fg8rV#Y*}uA
zKJ+|RaJ$G57B>*RK9<CTk88di-4)9N^GN6b-Sf>KA6kk@v_Dj)e)$-bZx>$xcacSe
z2=ER~20zeO11>|52;iA0vNd34OdtQ}GB`>fnH&TIj33!1ditEnA~E8e?^Gf;3t&q!
zNcJJ84Ioq&Vt}P|A(rYQ*~J1Z#f~+4-bc&}sbM93xZ;d5F(>X+TRI0-5VmyyC^28n
zK0_^<^lQ|8+h0QP0814_G=v7fFJ?7d<T?Fp_M0sj{*g1jbcVpWQg~;?=7}e`@W3Y@
zalwUq<6?)&B;dg6heKs(s`8)D_gxxcDvYY&j`zrWzOr|MpLfQps3e#If%x3neYf&i
zH{V%Qni<+6PXK(y&|j`XCyltn_J+$wpL^l>R<2V87*fE7hfSUEfai=7P}5xZ#CJR=
z2vH_$ly*718g|AS3yy^Cx<=PAWW#y0qK><%DQ5jgR=JhCGKA6Yn<+QJwSy4fG6Yp3
zeG1i_^v075gagqK152Q<kxK+a5!(StNgE?5*nP0v+6Nqpcu9Ick$oxjl{m+7yKeQ7
z&vdcV6pkG-)?8)R=`spe$1EyeZR^z*)#+Fpe6MlsJW3gNHG6#uA{phdak>?#b;?hF
z^bkUtS$<k1fF~@=3<yCr5_83ZIv25U?9ct@iawcb@~@Vc2s_t`5~qP?9P1?<r?zXu
zWs#bc6H#Om9dZW9l@$-?_3r{5o(fQ`ns&zN;Li9XFXSB=Aptx9$XaClLBxyr`9Sf-
z-v#!*TRU#q`xG_^1c+QP{vEdka*jPE`5Y^2j2vn|fF_%(3!V%679qAFZ7xk<P>O3$
z`*-K=E6`5>1++9TSs4iw_1DsI1yEaIap#Ypz<~kXk<$&h&0agOuo|e=G@{>h;FUNH
zv6(5I3OR1dISLKXfgM+zPYTGvkmSo`_#J4hb8Sy$qe6iSk^kcckgj$ZFwNz}7MfJz
z*1ZB&SXvjhevvzrcrLa#9llbBcR(^@UECXG4SN1@!w=^`95IsTzQy4*Y*kuWxmq)v
zQ=%O*>^N*S!l9p^JPgKzaV#{6f%jlJLBn*wn&W!d+Q(PcU%6PxYz&8*z>FFjd*kNd
zpe&6eQL7<6_fcpgjquvX(gOrETgKz$V0;v8R^;cmo0cuDClD^{uU;u$k>*CI^v-;X
z6D(YtdBRHTG-8{k<F@5LwgX1=wC5DI3C+3&Sv$eD=sXT>cdA$QX8U)#qHB7V^P5*@
zE5I@=gEHaO!;s-e;ff=7&R2iU-VE^=K?|ZC-hv&qDrEP-T4$Gbnc?T4VRfH1*C-Dx
z&~^{fF-wVz(s}X_W<4U{)T6TcOnYUk|6~kQs`Xlf;yCN0t$rskgJsvwO4MzC)SJ#@
z(>1|$Bg1Il(Hd;%zP6Ajb8B{n%@`_y0fyS1?((r6IYNW>cHQz`Chy2}tEMd#sHWwJ
zb0nm&$%;X&N;oYi(DuU%tM(tmtPiebRRr;C4d&c(d>;!l$*A1<)VLDD-{ue^di>39
zGn>yaLQSfzu>H7S?`dPb^+eL#=xprkXO&9=omSP2&ZS*wYkuQx)g51|*^1b}Dk0mj
zkXUPhJ~zx7Mfv*F-F>+^y<_ETGVNU^$BWkG$s+B<t0OHrg0@8lnlTA;uY9d1qt^>9
z=p3BHKD6`?Z$)NRF0;a)X6?Lo3~6<18XY=_sNAm@%*Q)Ez_QWpw^G^7-Y8a}eX0<3
zeRF)uL)f}BW_YvL!nr%a+O_UzYJ79*^Kqq#e$PAA8{_E@k6no!FfG|ED?UlN>K^51
zFD7F_n!diQvUoWY3eJXpBDIir0@o*of!!`=SB&Wn%4~+fjoGmpGI13%a`P<ftqPS9
zxmYWhY}SrLqp-S_gj0w-G&mHazpsNyTJ>(Tw^<`C*C}vsQRq8+KJU$P3}~I*;mA8I
z7oHAvIxqt(Jh@hc$M<r<9H;i1i~0_|kt@Y{ZdQ#vdv>4BQdEGMG6NT$@7{DjWM2X6
z(w~8)LQXgK+V7TDj_rfmciT&>+oQ~8(s<<Go`Fa)R|_nR;kE;#s~kT&w!^xsTU2k6
z8rWY{iYbZ=f01JKR`8h*MfLqTFzw|TSSJ6z5-diadLTc}vaO4lZ}g@g-npB7gW-uA
zkgbY@V@#U#Fp~D_K|2^vH%Rk*iB-O2v;CyxV7K{et-_@M?mUm9MZB<e{;>v~Qlne0
zz7U@cVcX+h@F>3k;~q1AdC(9RiwJ8>s$QF)8@)0&suMQ#WYRo&#6(Qwb57yx2BBop
zMO?|+vg4aOuPmNuaN33AH&t-cmPVEy?WM8?@S6lZMMy@eGdsE-b)7$C#ucV;UvJbX
zzA)U$Iyyhg<=i%W{ou<saNev>j^gR|ousQ*J(gL(ny>5pCS!#wnjX$0H2Wp^hst>Y
z@{J*bjUV#h9%eD&exzSq(ySH{8Z<K=?hAq4-}pUf+`s!+ug3Rd9E##e-cJ_jF|fHE
z`Yn8;i_0H~cVDSiT6)Gt!;QJe#fS*-LC?SY9xF+>JK2?@q^HWMqna`>7nQ)BQ@^^+
z06|_lze8S7IO2yAI%21?smedGoUQc)m7N#BG(*@Zm|MVIi^~mWgN;y)ts!>4-EJ?l
z$U6!O3GVdrIGkGjF+9X7)$5A?Id&2TXks9UL>Ko=6TfnwxMz&TJB=CMy&TC-YGAZ(
z*vi{)53KZhxYN*lWTUrPQYDx=D9@)@HWL-gj{O=8Pt5a^FCS}9_5fqUqIH}`9Y(}X
z_TXta<YapSRzp1!FW#X&_$x+(`l4|*U(xAK^gApU*E&|NR0N*T9_zVn@p_jzD(^n<
zdt$)BXco+N)JGw`uv9k1QLSh+EI8*{?@<e8f{iK(R}Xpgi`^W4935YcW53y2N*bo_
z#vdKy2sD+tpViGpz|B)DUk#1}GSwpzj+R&(Mc2;R2p?g%1&+Lv_*A_5zr8CQ0aNDA
zmp+~7HdM`rRq0n_zv71CUhO!@kiARpDBL8tG<x%-RL;KuJ7y0qI!8{S!XDtG;uZ8|
z3NErJdboG8yP6eDH&f%Vz^Bg^c4t#WPimG^yWrdZ)84lSLb<JR@1&wa2<2KLMN$d5
zj3G%9DssPf5n|*Lh9MOSB^04%NK&~>h1`u2LJWz?bwaMgxXl<0=3B4Wo4woTeBXD@
z`EUD^*LvUetY<yzx%{5r+O)$~Shp~TrcFzk9BnkVwga7@l$rKP#w6+C^+S#q@+avJ
zyLC-Nha+v=tK!=7BZH1`)9&Vw^8^9QCulIVk|y0*hgZ^U4LA2W=J17$5kFco{$#^R
z+y+U?u*ESMp-Hmt$r=O0#xhMY{ENsAvZm%o&<$W3A>%0m_jG(|C5!VYs&7oAf6we*
z;7dx4quZuo1wdVucU4`Lv+Not61ohHHe@_H>=mZLuJ{c_Z|gUHK>@6D)}i%X_L5I+
zx4s{5&K3UNA6W|6*Zgo|iJ!K~7(A^3A#X3qh|U+r@haK&BA=y4Qo;e-B8+B(%%~6E
zmJG<|au^x5dhx>5d?l{I5ho)V5}3J}qd!au`e&cvL*R1_qHlZ8GU(5uReSEi7aA9Q
zhtI>>Ixf#UW#(5DPd-5%tpl8W4M+DWO6QT_9LmGRWG(pY)hfV!SIFB&OZ$RADbj~!
z3i19^?w!}DO>mlXVvp-+v9&o1LIFwN0QU~Jo_cWxr9Y5en~Fxp10IyDIS<V#K!{2_
z8L76{>0H$J$>v=0=&sOgYp1-H+nl@RPVd*;8WeRr3<k(M$<7F0-@RO$lO*nUb3@QU
z5;x?1)aVXG+PGDjw#_IQ+{u1wtfxZXpL==yE!Q+ERKa4zXtP7q_d}#NDV>?d2_&9=
zNiHu{+QUKryoU-~85A@3;!c$Z_^pVd0@{1c1$#-#iSLS}HX3jqB*|f6PxmBb=|Adj
zwoH>byNCCYUr;yE3s;2FzW(ZAaw__^u(SaaJ|aM_W_~WW*Vb&*mvG!A!fucGqlHY4
z*j+c)i&8wiyz+H6^{H>BQ$@mThm7mSNDa7yQl5OA`q4U(XZaS!Y-w~HURoE?%m)<_
z4m%N@QmLY#5*@!>iRL+~|7Huw)oC5W^BB+73;BCni&gpbqiTeZ0}Ru`6G6^^i^K~M
z-(quhF{-uBd0oLgjnp0;Yo)9$mU`n;8$^n5+n#4PyLsN&$tyC|HY%;@pD-G8>&|I=
zz!mEPJS7fzN4lx3WN;Kn+2)A`=)Tx<&@QX?-58wK;bl!L6Imz?KzI}iWZ*8JIq2eF
zTauv3cAhj+ESvY^2Z`T_GJbp4BVnH(Nut=(#I_@bfN;}`8fg@I90~4~^Q(JugzH3u
z9FBofjCz@UqZ{-`ik;c_<F`=Lw1wOfPraQ_i?ys{rT8~`b^7%C(pe=0tv5F+U(Htn
z?+%Ep87%L-SDz&)ym`?M#4Or@gnIW<fo9KYh2)8LcZO$(FwhF3uH5(P$jKo6hay&c
zs<rG+nW@eP)`qpiPz@Yh_f?T6u~^VaY}Oy5N+j{BG%0+Q+^2!~dRAD3hgE%a;ai4n
z6hrVzQvX*(XAg4J%H$2ZCiTR9*4}T8sWBhZf#nX_iVceOem*hwSzJ#8_vP*J$Xx>o
z5{RB%vBHu=g7yH-w0(#OMI76QQ0d$;5Xe$0bqQoy4!S>{or(j6$QSqC<mep3-&N=|
z5!=*RlbgUbZiO5aC(B{?a%?&&;PL*(y7Da<Y(=IsrkO<(sSZ30^ZfI`zvW=e7m)mo
zkFgb3r%RmQr)r|{=tFqu{WH(PPbxjw_w|ix<-HMKq=L_cQIP9|zI95&h)Z^f5f=x-
zK=rY9^enT4=58U^(!kCL>xBtEP3Fdgd78=nJL@Dh1ub3Q=c0sqkIhyamki-_vZK5&
zF4Eo=_e#_0+WcI*GbIm_V6^t+?>?TI%&}O?2V89NaBoTyqUocO(1vIUTJM^p19t|;
zg`f@Tw7ek|sodr<Q5zX#tb4mS-2Xz*>+@F!-f!3OTi|zko?|33QZhc{JSSG%I`=(d
z>W<u-`eX~G>X*^HnpBI0rq~C;ms4gu0iDvB!}@|5-1LbIgIv#Q&1Y_8ny^Pe@kKO4
zbxTq|<$SJNf^$19>aM$tRE&>1@zDH@<N!YOxSfLk!${SFp|Kv9i06m<r64d-ZOde<
zQwD@JvHt_h1m%m~h1F+)bULltm~0qY-|$X*ix1#NJhQpRr_F7~({7EHCuy%#=+@A3
z(CdT0BjI0xqNbs4l<WIXBzM<ZAzl^CLOCVveP_h#6Np7vyg0X3^Wnwg^gMi~N<WO{
zCCys|uS7cK_4%L{eN;<`>hINZF;=-(V-|4!4o{Bl5s3&+p9h>>6i-TXCgAN`yWm@t
z!GDM^N`z1yuyvCrzZETkXhDiSC*#DnMgZ=A4j%FJo-lG?4FfhGQXkFLr2qk=r*>>P
zCXDLaO?ezJ`%Vw>{_GiHq25N*Gc!NVB;?0BH+oq%CcL5ar8|m?sWel{RDB8ql+S^d
z)FA?wyQ6MnQPNjgk2JuDfUB7A7J&_C(%UR>13>ZBOIcMj2eM)Uq~g5}r0xP)2m1rG
zR6R>xP?46#ELEhJQYs^&l*{H1ij1pnYIO3o9QElDAP&?ik#tfB@g%u+z~SxsXqbCV
ztiR#R(>+PBsc*&AU#s^-gC445!gpYjfa8_05kn7tJV*oAMRx#7SRIk^Nx)v3BkGg&
zJPq(=`76Bbn16{iZp9XoXXA5jyA0L5PZlG9Anpwxx=v+MM^Euuw}nasOukLxp6Xbs
zR{_xXSpUv^cM%yj9nb^mtWy=!|JmpBpxmI*nTY{b?%B@uT$|*m8)3*s0<Sqmb7Y-*
zwHe3J2+ehiApT|vD4!Dx42~(M95)xke=Lh})xBQ^&Mf5|D1$jto`I{|hG-VZ$;>Ce
z$v!zqE4OZ~yDQKZ`*oV)PQL1;XFZ@~IgnrE-4@GrGVR1i(=$HE@k#P0ed3#^jvA^$
z0Q`;KNvu+`SqGs9-Ig^IN}JyjgpEWdOAK>35(QkQwK&gAM2l*VaY%JO7fbq%VHCB5
zDIwQ3XBJM~kq6%TRn52Gqd$nw&YNPV$7b*ti<5^0CDxbF$-bcjXw;n3r<>dpKHz%S
z$vbg5eh&=?A~QNij4U4>Cpq0VIw6`-bhMi<*ibj2nM7>8MzCxQWBw#FSz~NR0vGkB
zJs|djgV%|3ei8=PWgP7kMj1c2`>s(EDbNgf+j}IO-<0=}r`iycMAAhVqEjXJ{d$2J
zp9l3IzCdIf^{mqmc8R-u0Hjy8Ty}txTdA2S<n_eMEwm@zh{jwU#mf)Ej`zyi^RY&Y
z4Cy?wsCjdwx_5|lsZc62?pzL1(1+Wt-J_tMTZ<y-`QZt<D(K<NomU^OOfWAVmp*(~
z!WKbo;mgNm!Kbv(3A6_yzNhY?Rf5nUjr0lEr{vs!TvWzGHnmH=QgAZq?1fXe6XW0k
z{^Qr4m;9)?>el0dx;vL??01`J$m2%&94}W>{6kzun$_Usw)CC$<}Qjae|)GAz<ol5
zh*KU&@>n}Mds)c%VN(HJAme6t&fw@|mIYvh*PQqPpU%CWa^}#^_c;^oMe`#Y9&|cB
z_n{n5KmFmg%zR0bcS4Mnr^`bVl`nH<_f8h4pHuiDfA-L2O@7mq$ocB{fEQO3HQU*m
z<lkCAwFwPvDCs4mkR)-h?oP<=rtYghloi~3OA1Dv4Rg0*VGOr%`Ao;&P(;yJB1zIs
z{KtC-g{1yT>%z7UPhw-u&LeZBY#p7-G}y7(NnQQC$^D~+#B-uf;@L(st>PSc0*EKL
z_98`a8SX%w8Q^(hYiw+cwJ8En-KTK{54`0Tp`d~yHTc-(E-yNiq|BCHhLikE6dp*u
zccI;fV4n4WTS6M#25A$iRw$EiQ>^XY<EO%J_blnSWa!p2A8%I!MY0sLx55XEj^e&C
z95r&gZBLuw0XcAJk~ViJA>I0ib<+L>D>eq%OXMk*C&emB;<KT1VHt&zWi&5=_I~Ou
z)l%Wln^XJH*lMr^H6CWa)j!}x_KUGl@9ls#;q@1(E_=LxHYMIiH!K8;nuxBPB~;a*
zV<0O+eqf+S?E|INq-_(|ZZNDkNUzh6Y@Y-dP#Yc_r;1y$H&OvpdbTK`p1sp>)Sm|r
zHzc|%sfIWTnC^#6Ym(TKY4z*At=qxgMrG6Y_cj_||3Wq<V69>GC0h46l9o`r7tFt}
zrCZk$GZ5yXODcAWmFuuYjQS?#{D`|qe%*c7N^)ce<+0D)h1>?D6n!MW#G5*!SuR!I
z=r*k^@8*kpuD=D;u!?n0A$SaYTr0Xo<8s_^Kdiyx42o;%FZenv2t$71@nuB^bP$3t
zyGI6E6M${jYy5e-rC+1utX*?@9EgHT?qAwYeV$G$>MtgH;pk7W(bqmb%<}?d!=`#q
zmLfK4aUe;`dd4kMaC#3M*E#zv7yfdO8Fa$}RC%7lmBGa)o9?Hu$$v|{o#&%{AOZ7c
zI`OeutmTwt?nE_8LDV*Q+Svfa7D?q!@A1@V!2jJyP9UmO1`x(X*<?d?RKD)JJKz9$
zjv{lXfs#*r)Wm|yWzwGQllPQM4$V<8SKay!?5umTs||1nlS5tv4bJ)jr?CU9s0mk3
z_p{oAB*&*_CPtqv=;56kdExIPWe|Qn2`BFqHO@=!OWlr96vEVg^KS;FE;XCPpJ^^`
zq&(64vGT~bi8gB-a(tfryp7lJ%EYT4t^Bpb>`Z$3sE9jKx1jU3Clu#BJWkU*Y(Y=0
z1m326vK<<vr+5+Vtp$ho?ekA2*s#E2(UzMP&0mf#q?;YPE6D%q!skli{5ap4Fgn*+
za|C;1c0{q40sf@_$D{glLms*Y&mx|uUaZkIz6xc-P>i8Cm+`2JgFkE;ccEOqEpf2b
zH3%~Hj(;-t96k>O5bZRNPu)ru^5WASmlF75-M;R@)_@R;Q)a5&yGPfG<xF?i>27wP
zfoUg}dO(+L_T#$GT>&}A2c(e^>0m*jUT{gm=pEyIPcNfnP=hr(+JSPTsqp!ic6nco
z$SwAmy;imhGPpX2##!`KJBns$HO5NPhu`FQU(%?D^$0bJJM2(%G&{bxWb(;qp2*zy
z&;u>HPi94Ot9B<$6XUN@8bl~W;`qI_9RT0a!_DV(yCo&oKUM6+%cFqB#Iv~&BoS!r
z#bcvDgZ4)456HXlMM-X0Qu^xCi@Is@n`L-g#fG1N+meG$WZyJ6LI%C;WI$y6E$UNr
z-<geVNxj$;1Dy0)1sRUOHUutrYs2x;y&utJQG0x?CUeuelq8gyRgv|em+Ypa`m%#r
zE}#G*!~zu{@>yZszF$J#xti<qTOXZ|2*7(O%sG{q7kR|_mIG)A%sMBSZ{LHh)3<wO
zqnJiZ3^<$IPtTN$pf~X4<F?wB_e`Qa&3Ty01-z`&#F+QS_mAm!oVh}0%qgwc7?|m+
zYRi+8n1XFfFi)TC$2}Rjw*OcpYdPr?+`skfmv@^1i+RTbR`N8*6)Q9S(T+_Why|6(
zj855t+xN|yoQpN%QYAqE;9prrq!iN7LFk#`O3YOO#Ot?h$u=eLH?d+xyf3^_UijRn
zH4k;jY0)Jw+CT~O3dE;AJ&=Fb1o?LWjNp&azK8a^C7k2X9+=xYy;j6K;NUZoAAB$Q
zekFEaZeO&n4?^!q*K}xAsG8#Rca4(`f;`;GB3#yWaE40mmy=SO&DB_`30UTQvWVrG
zqW$x=;*H=wl|HMv?vaxpf_I;oW6`L2knWv)SAL?~U>{}Chm}z@@dJ+Sr3B|QhfrOc
zQhj%3UhwV;3pR83bZ(EVz3SQUmt<DB4u-20<O^=yAm!@Flfr`E02kSMZ}A%)PrGK&
ze{aZWcgLN(?SlDYob}kfPN7JqTWHkyQm^e{P{G}G#b_Ob8i7h8I6*)_O!OPi%P2Z=
zCSy&gt}C2gn@mo{`DYu73*Rt2wA=b{HYpqda*1V^4%|X(Oj#30vMO7vT4((irem|(
z9|nyjA2K`|5hDaHjTz0pY!dVC9AF3lIM?=mxKfoaGIG8G|9an593?d(k2rr(?||G0
zH{^poAMta}wuA7tvP+n;r7EZU@Ck6O%xH&}>O{lYXLslPz|77a>k}MgR~Z{2uN67c
z3Q^Ze1z&v_qWZE9IAZ-rZKj_#I#u-?0>PLjIyO2?!K`?%d~At~>Dy=C)Y%p?pbgpY
zmSd=z;{%w)t<y*M<bqz{bDL><YXwnv%0oaop>Z#N|A$R7lA2*B@>)Cz9ie`QG49b4
z`uF;V>91Ixa-arwr3~ycmBT}~e1K{M#tqykKnxuTupciNn`lclOkIrsnmMb%eH^{k
z)-t$-8N7LD5e(JCDDyy7us$dsiFe8jm5`y$a|BGEA9tL}D!$EgOIq4mqxYU--@r!o
zeV+xhGPMR8{J^(m(A)d<u5r-}v+scmdy+2`X?!DZb(-d@ja|OrLWHYzZaZ_WH`)YD
za3T>ZpyCCC(64QwTnM>I24fQXF%s4CmXWWh`SCMhe?IP$M3$JLG)j_dU_iA0^T(#+
ze6&5{S<$7kBb}+Jr+xisk}s?FBQq=rML35OBihYES-!YsXGW{4ROz<(J$!A#cr~F+
zMpjE4u{wKf*UQa@1B!!Xn%Rw;8WbJgI^L11zDoJxY$WYmcx!vHCh08(@8NaIw;I$|
z-YuLPf+~cKa}H-Nd{sx75<z|Ag2VP#yU3wYXUUlDS+UQv<a!m3Mv(D^?H})mop-5b
z|F&C76SzIUx92UnJ^lBdxlQZ|s0KTu50qoh%jG*52uR^-zNBcfkSheFV<jpd53cL!
zE)VP274g|ME&Wg(ZbG@X#lWf4vAe82-@OA|G%;eWF5Dmd@?E;3d*4>=czeF1AE&!(
zZAkQ;mz#zvra+#*VRpPAxV!M)Ikv2`R${CtsIP}2M8bHbC7(uL;?wvJm|2+US>avr
z68$~ydD~tKLq6l$orz95(~X`osf0B1Ho0rPoGxLy6+X79k;VbooQjh!BTZU`g(4<D
zf`pw~ZaNzr{&Jjz9VU2Lk2`v^O4sf|hBZ%*@9KEsC7r(I8UMIujY-Nkbc=gTK_$lf
zU8HG9%6=%GE_<7tGjkFumwaC;m&jZGI7dNx0{3~#!S7zT)TaSa-1b|VS-06i_g!NW
z8~&2UZ%j9jLlxF5>yqs2<sYxh;aLMY@!3u69nbCpR1McOPlh}w4bT2Gc>rLp{It@s
z=dm;3TFcdQnhmaRj2{UmfJB4p;#t21^eghIIE1TJZh{$v-9|H+>T_u1^0&Fa5CYUV
zcN{KIU|>5FR)ZGKGOn<|=6fnEnpj=^jO@#{LPDc%fgmEB$f2Fbp9r!-nOdEDXhB+y
z(InJk&by*_Xc<HC6`l~ak#yHUQe@^+NC&utfq+|gkdN64zzM1{Auy(m&C)lnuZYS|
z(E1JX)@s}6t@gE07UK7gs-;*DwA4(A1K3I+s1vhiT;~9Dl;ZyRO=kJx%57edpgg8H
z4;(R%00mva4XC}q56mb9C{l0@njqBDMCSx>41jn9jWVSiU^AXuhGRHNbt^z?Cb(`b
zV5gFG4c2&j3oM$E-A_(2;6$F#`qCQxT73rxlOV<?d#x3aNQTbOTKF=$1vC)-63PHN
zkCsL97gz~|;bDPgwB36`R)jv_*Jug|W5l8eFd64ZbO4-UEda;~nynE5j<?Zn$nh4X
zWV`8HdpEiWC>h>m<N8iG$=>w{`|Mc=VG{@tHsw$S9yEte?E(@E0utOW9Vh}Mn8vk)
z&}lOII0|40&jEI*+@&70RgG?jVBN}^u}YrWZ?0(b82<`4{I8HMKY<U6Q}Y4ZSNwNa
z7r?0x%0N4Xw4L+;P(y{q)vvFC-5UaG>|a6w{5!D8zY|ZzQ9K>)j-`(>%zSFbiVavi
z_>!aQ;Lh&QeK1fVJJnW)-)-xHQlJJxMiHr$^dtl+z=;fwcZJ7-{7thR*dB`jqn`Hg
z?XvAqjU6y8j>-u08Uu89=@_>+pf>6N*Hd(We0=+Qfhz~**k2!qHjT5|Vsy%jya(%9
zL;KoT(`vJ+<<>Qc1GW!2$-_O?Ujf77tTO;%(27x)a{+YY^30U)AW&QBPd^D{0n%g)
zy6i?LcE2a6F+3MgzLp-u12Ql5%uHc?GS?vV2~_9=x0YPvR<U`wm;=T@IpCMRYOwaG
z`~Fiw9EF8s>(*I;PrTW%zzlhzo_jF2T?{oNjsPXur(k0^<B~bbKq7wg+8+z)qQJOZ
z{2e*BO%<RFTtLp%1u&Ce1#Dgg%P-eg8NcNV;c+2ws}U%=@AfX0T!go(LV!9t92NU1
z8RwLV>B*d#pKB(ny-OTn9WJzwX!F9#71t*xne)Hp=~Qaki@5ux9@Gt6{f$K?*Z{D^
z?c=<;dfsV5d>fE}<Sn$F?GtozKX9krvo6(6m~1aO=QIjncEJ&9+uo(fWrDJws)g@#
zb6q^tH=fP0h~_);)V?A)tfRkV;ROB49`i5nnDrJu1-snztlZDnkjzFFOVVmnzAB0}
z=G$<R0k9gBh_?H99)RdGy6_Y4dJnA{@7`bM2@Vp`SE<c)<%d}|?+V;fD+{m&xfT3Q
zn|tC-c@}euqFcyosoQS}vk{R~E%qIn@c5C184SQjz6bb7PVX7{^BtU{CY5)EVXghc
zVIeLK8p_9irV`qK{e0J29D+IzAcaCcD5=c=^Opkw))&#{ufvm(fP-_OB0@xD_c#dO
zHp>Qr>--A9b!#&@T(z>F$4rHQ8pJSr$ZT5x=!IZJt+z*{GWD@(5h_jEyqKzR649nK
zc$37_pwe>^-~tcABh23B#tOnRa9Rohn*frKxc>PDpljzKoFUZuhklgg7Pu!=ZQUD*
z-DO@Zn?(Xmew?Y>*IV}#s4`IWQkGl3>K$u`3U3K(QU}xt7?;PR{?k%!)Xm`s+&R_-
zdX>Da9GR*XhWnXEsyvCuXkDplklpHQ(l5;ojtF@UzCklGgy&txyna;Cumh}O?+uwu
zEDiU77u0i|PSvQyFdOr59pI2g#IOS>5O1KX%nSW_?H{ZNV$`?EG<cmmZq{J@xBE<i
zr&x*{a#_i`h5Gx7&srXhSU7AbwHYKx<MLFVxttg{vr`Ly-_C^|1a)+N1R&TN*fQj3
zpT6w9;RZuiRVi%ITM>cqfh-l7eOm@(*4$C9=6rLZDk`cp`66dkqxI9z8z8SuX-x-5
zMS%K1Luy@lKz^?_t<ec{VVkk%tyA0AGx2A7mI@eo77o951l((6-1$feUf<yNDf^7n
zkLmN))=%g`ZIicFB_((@S|}bm4eL(Up8{Cs;E?NFGE$)s&ay1)XfuGat0mrKxkXn;
z4e8Tv?tH67gK-h<Veh_L(qmKGGYn#{ZP_j_$HycScc`M+HkQ?;IHz*@HnM}`)(P|x
zg^0P4XP1SYfh9W@c<3~Q?Grz8Y%*k%M@G5%5+qh%Iwt<P0H!>QuMi-CXGaTmLQ8y8
zLrnoua7RG)QaG?P`<U?GZ7%MGEXpe`7TT@Zuk(qjH@_w8-+|5gdeq61-@Od$DCU5X
zF5xZv&{pXM=lE)vSq`64OWtU-y=|n~^!%+hzn%sFl{w#0;FM{2vOtg-y`_r#mT<<4
z#$&?HvYfD|YTNgKvn-HH@aarhd46*@r2P=~?D##j*|E4k`fXcps^v+1wV&hrh(1!S
zCEvt)<Mg9k*ooIXwY#?jTd!Lq!F%n(CY(m`*j}9SIl$5xovgKW&phN+S-WYdSi|^C
zmRElB)#NwckZFeIwc|c#psO{&;_K5w#xb{qd2XS@`LTB`SU=o7Cd9+4JS)ryQtC3G
zDxLY!aE%6-219r30WHVsaF_(6Hz<IYuZ9<&Jh}=c_#x;gP=7JsZxAL9;KpDzq1UM?
z11Uny5*w1Vh&}LwEVPJ`PdA<U{h8FiN7ip)tOND-AEsM&edr(aZJU#eN=}_|u4fm9
zbSJdS&SFt{H}MVmOoH}|RpS<N-5%wj!sZ-&sjzmLU}RU8rO#{2GT@!acNsA0PiNxC
z_=+|*ei+rGi)rbn=1kXLkvWR5cNH2tOUf^W0K9pwzDcQLp@OirF8sX9-wQwm_tg9%
zww0t}T3^^W<+FY4N@xAptvikOcU*fznsj%&UB4LR1*mr1R?nU3hB`REBlo}k-7(F6
zb9K{CDT5I=a|cqa4lW1<i0t+<(cQp#Tl4XB;g)AOWtJMZgp<cs6R1-yE-#xw`y;J)
zJ(pJtxH~)Ucgn8Eq_vcJsP3#6VQRYd*l}thJ=wAk;E)QlFSzHfO-jw5OUo=qhowW!
zBam-l7*xyr`-<1UXZ}L3WIz7?Img;HAD^_|zccW%HsmE0B4LYYd`)=Of5Qo!0Z>Jm
z2b3zOp0DUU`l&QSqM+%!;J_J&bsz^}^xF&5Xpr!oC|h<j|Bgn0Bxx}SkTF6Vv8f!L
zrkrPDq`z`ts9#w<XRe^Y9*uivyPWR&Z*_S8s%LwtQf?yl=jQ&)st`*Dj;;0mTB!MB
z1qlT3I?w!>NCCLPfY_&jJ%hXsDsuf!0RiEL&ma8D(|n+nv?@j1tc?R|I$LI0Sv=={
z+1CtuBLDjI5+*fF?9UCswGv=K{@PKu=<@Ch{d24T5A{T^ArHd2yf47XRbJ!{F!}dB
z?k_*{Z<@^irv3Vt{rO9->;E;$21s*(IB3sbIzu-=%ruunjA%@M0nGf8n&EGV2>xdE
zz*_&6wqPe^>n1Q&%|$Y=B^w7!>TiL45RuYkTcVH(R1V=;E{7}zVgGJ-41r52UDI`*
z6hIBvp}*`TU9_zK1tt6C>Mg~ZziitC!71YAwK0fQ!e|+iwAfN(vh~lq3G`NQ!hEtd
z(tHB}%wf|i#M}RfSYrt=Un%;RZs$p;+xd^PWZ4e^ZC!v4O!UvY$!CdID-)t`U|;0b
zYF+~JmH(2&X)(P0|5CE=jJ85P5$((&_ENc#4WtcD6?>xIZ&W`i`jNrN9S%LmBzkQ3
zah5BkR#*|IRPrNIrmB*hLGk1Z^W2ii$7EH{g4xc|BVkjiXeTCSmMuHfu7d-D`Ef&I
zwb;92c6I&a$*@4(cc0TGn)Pm=$9LBaREahHd~D6)^RG*;%OaaG>KsyAD2J8Gw|%=%
z^BHO9%uhLzEMZ`{3k>)3IkoF*0!$?hjTM6LN;ZOFxx<%+y{8@_i#((uxBPbK@odrW
z;b^1XZ$>;>ko-@qH(z;s@e=IKwav)K4bj_QaY7%tG-@Kx8sdP%MXolhki^u6nex)z
z=9ikeog~!p-rV+-3sH_sb6R}d#JY4ljD$}N;em#=TN+lL4H|au>S5UeCG;_Dd_8CP
z%ZOM@54awAyl?pFT+05r3pw?N_6^<{9Y+>2-9R6==Uba_CC*eoUFfDTcwg|U_g&Tm
z@5?x4*G7V5gIki#$Tmneva4ky#Z>n{nFb`C^X%r<K|ngJ6-&~oOsw1vi%a5PUKvQ3
zW}L3a^`)Y}O(`+M?$*hymv1?gg*H)M4+AT{dDV*7hh9fevJc&H#%k0z4$RrvL`%z(
z?&L%#+85mcE2+I|CDUcVN>c6X%Qk{x^$so#o3J?S*44uXmqw@JgTt=wjg5`K@_HN*
z)Z@K&X5lQK|68-m+hZsnY2L+_Yk=ltEi2@ItU31olW9QGIT(_GJqo15e11tf=j(gI
z(VtJ>UDjJjfiqZ+B&R;qzTztc6siB;D3SuwEbikw!cI`<^gsBzDkhHlu~oZXw(}!c
z$!DupvYF5IIDS@kz;+!NHg(&Qe(EmjXXtAE)c9W2XkS*I_n@Yx(s+}SAiKn-!aV^m
zH^EJ%vp4G?yM2o~Gp_^9X<6P^|FP!C{!gY+s(@^LRMu<^N$1A0bPf(&J+6Q0#qr;5
z#ot=CzfmNCU+i76f$fOyaP+COt5%Y<=}5Bu{C3J~CZL}N%a-l=qGi)uwI8x~j{O+S
z0+C2{Z*Nc9IwAIu=pf4nxUWH&bY8Pyao9M_3Sq1UG-r5uU;W3L^D7hdpHJhv0L=Nb
zEh!DMZ14ZyE!(dZY3%MVtUebdTmh`)?w6}plDh73L)OA(q)8yq&%Mi*t#Q$^JzcdQ
zTDN#lP+D9M?(dzL7;n149#U5IVSlyt&<A~^P10pi=xJeWuG9{oIoJMcn)9o}>p!0c
zkdA!cYw9`Z@Ur>WXX39c+piUA`d3z;6<Lu0&Zy{BXH@AdIHODh*2B^v{oJ~2*&HCt
zcIwQk{ou@^;xl_CZ(FRJ&&;%=dPrH<1zWye8P6_>w4fMUZGFE8LK_dHIfef%&H3fw
z^`B1zNJqf^+pHvXcpdoHXX39c+pkTK-!H8G6J}VCE^tG%SGgfJs5SPKbofnSBa4pj
zh~It_RMbAEZV2gW=(4UJhOFH4)mBcP8Lfhnw+PqCFY@!tNi6Gfefv6WBDP>Gy6I@m
z>t_-rm86l4kQQ0~x3uV22id=y(*MOYfTZp!UP1AIgG^%iAp4IUE#QRyFML~lw5q`V
ziWCbg)e^J%F4rTb-!x}*ET^j+lP;Qk;U@M_udRbTtNs5iE&9hr|HnoD-@53%;n0=n
z@L+(=kS=_(>P%%x7aN=Ct?5$0FZga_w8}4PeL1A{wf|D<f#csR%vcy@$g3bJdwww}
zKr(dY;^yb42l>kAqnnUM{2F{BQo!JaFBv>DHl*r2MWig3h*FrFvlj^;9P@1%`MNSB
zRkINf)K{Hv8>@^^6|T<p_MeFM!Wwl6z@*sD_bd)}{g1)GP2BhpM2U~$Lg2Xf^jI0@
zVy?l;sP(tNhs>(81B_sO_&j~ALIBGKUl><527XWa;qbcw>A?F~v+RAyf$Lf3YP!I^
z-+}=OlLzKz35>W7y;Ub8vk}*HEn>mRduF1oD<jw6gQ{;DoM@k7du8tYIv5+rfnfQo
zFWm{LRDOydwTVz>k3k*mw40-5U>KjV2+dPi*2NJ0XXN%es#F3Kj(bO~jHuLSxOjtB
zmS6><-@K!EW1>A-tv4UpQLRgG!c_V*GsD>MZu}rPe_W`V5!+A2xar}i-BiM7w0e?0
z<378ra<0}eaqK(IZtH(=Vg2!${JE+K?1Gf3cw$`e;l}>P-r6Q7{I5nO+)piH%uMo?
zh4EQib`0I*ShzSns87VZq^)$^z}RAA0Br9$J>3JhMztnuA=nXM!2`tenGZMKzclMt
zke!bl$sa_HOn!?1!AF;=9u&erGI6Lk@V`rH#G&LDDrYNXnC}sX$1!Gj!&PzQ*a4<q
z_{)Vt;yk{Ih_A4)_Xh2(0Y_p}mxnL->+tzddcg=kxR*BF9VUZa*o&jjfa|=vz;_b5
zz%`f&g~duMgJqWXo250eG9dsE%fXn-2pg?f`$%NomBoD~Z*WGX*OT|#g`6+S^QK>9
zM`(U@kS7SXhmNn8AWxus6YZ8ESUpE25W@q`ZZ2y>6wA$Z^NDQqJ!G*eQfR-a#_F>$
zh7)1K!x?s)U4y%*1ZxovTYr++XHH7{+BrR!y#o&3^^hvZgJAIR0Qma8gxK@nCjF+T
z+Qw<Q6&SZ8lOZDhu2eQm+6{)ria=-$6HWBAza=Rd>=0bl<a}36NLl%|i6U4qEEVUl
zb0D8@!Lr@3zH#gk<mSnN@O}bmCiNa)6H8<VedKnVeM^c@-mi&+v0tvcwMzW13QWD<
zd*Sngc=+Qg1OJR6&_&80P}c1_kp}J}4(OFE*)LV?cs1o`bomZi;2GVrxcrNC)KjEh
zpQ!?H=Fi3ERV(;a$H98N@~ig(BsXKh)n}%&UF#M1iqy~b((O#37d^KN^ax*=<Hd)K
zTN*Qb9;aCoBpE>&6L-;E6{pt54SP;qZKPcw=s0WR+kKmI_X4-W&!zGDZu6mbs!0T{
z<eYVE3ASXmkG?h@$C$h{cQbL$)^(dO+}~?XpI(ge-0=-G)^-VEuKcztc7DY2VA88(
zVV2YtHg24S4p{I5tu?BJvv)%S`jm|Wh?14|MKgUQ_^kuugzRoo{_9JbR<Z7l)Ykqt
zG9Zi5GYO(Z3o`fw?0Y>FgW@?TjjKLa(lXgyZk$uTYqhc^sm-v3y7B7IoXc=v;lBA~
z8riCBS!Yo^)$UO|<uj}U{PAfOXrUBHRgR6WsqOZ&1r$O+HP+){eX2^#VPuhqXNF&6
zKizsv5?hn&U(`2_mqE|c-ZS9Slcku59!6$3gMXU1AwYO`vK|w%phD?SV!*aBg!aID
zbH#>Ql(9Igy6=h$q0NV{-$~N*o1ZVPW>ljWPK{ng_D(x$<KMJpSpge!SO3taE8S83
zNIMk&@B`nkHmRKmBnm0rDN$0_Y3<}Se}vZJHLpn4`a=~<r<jFBzkRy#NR$U&Sh7EY
z>NA*70=Ehy)Q|>!Ye=)Q##lm4PZZh#*N<WWJ}agt%I18gL~{)(!LjjmYW+t-N=!%U
zSCal*xEbxlALITOn6c4<FaCj33)SI;!4wSjq}V<)Chj7JkNz{4gj%DHUw_Hl!1a(9
zEG@P*+X{n+@uIymqMDE>ArVA@Fui#9A9+U5bH=0)BtDKrS&G#74^8G*wi;md+1{Fs
zV5Z9Z-ABVvRy2tn11+VeVwrcl!`@g~6Dr@%&#I^z#h=9z95Ynwnn={yylm{0uh@!F
zOU;;cG@|lL&PEW1NYf@$kD8uS2f+1Cs9B^oKASiR8E%0`y;1isWJ;tF%>2@~rdVN{
z%zPd<_o4Oau_~BOdu^QX%G7E5!&2uD_XmCZ(FD&JQX~2-7Ta?kh0nG(E6h|KNuxb!
zRw0I5Pqbg_Zp9V+nR<chkfDl=c$i$0838_8U*!BKCBA=U(sV%md%<twR%uw$`HlcE
zdmYrQ%2X49dXSVs7y=8^N`e#`zrHX3uv#3cW~k8&WhEk|?Pp19SyM|jLp}CI6q6%Y
z=Do~0O}OGuahRdWQYE?Iy(wO^MI{PpwbW+XDUtq8_{eyXJ{a+MUxC<>IFhLup6PMQ
zXz{(PWMM*a<tiJQzSmXn^dUk*)A=0_s1HyWbBtMSu~%!44-VMeyPvN)m>eR+HuXEY
zQ^O@mwX>ON9p$jhLY&je`Q2vn;tc-Wu?y&c1!}PMEv=FkL(rkWrM+^tR;$m7+`gYp
zBa>8<`NW_Gnd+xtiJ3y`tyDAVjqO{XJ|LOmogJI@7HSpCqbyn#P!av}KwISx*QBUd
zTM!kg?nv1W`850DRW{_Zsf~jx^o3bw2an_mcl33N(2K|*{gai{vY$;qlax>x1OC=q
zKsFnx61JwIT8dXWI<B!ySpFyrTFJ1Pkre$=8qveq(X|8i9EGNVghtD^E3xav3E;kZ
z<y@=5zD{H8D%Dd%Fe$8)bSL05_;T}U#~M>m<3NYSq5o5f4VF{@{|C<%o>}~+l^db7
znK@?tUUyV~a~i&#KD4CN!v^51-{hmYpS6Eg_CjS^y~r$-*P4+WjVp{@b#w|J{eJFf
zG^tb8%Q@4E<_!#@u`qt{NeO<k1k&}#{fh6abc+d=II@{-;ovN)A(NU<%Mqc8|FLVn
zPcb<K2`Zq-o&;>6(J_|-)pN?JUbCurI`<aJ71!te%tAUyEGeJd`oP73NP(eOo*Fh`
zV8=Zq&1M!F>BdlsP9jhdm8u{z6L>;Wd|w^anSgXDKp!lr_I*o#v9i!$BOU1eA*P@r
zp%WN!H;gz;2acWcX@|B_nY*gQ3DYmW#<2dV{WI<Eqc1Tl)t$ilnERQ97iKU=oK}>E
zp3T=G8~eh@8bDxOiWq_W`$ll25;ku0RbtBIG2zc{_q4YB`i0)?A2GiPD3fYWO46y0
zKE?TdN(>#-W=;6<r)_ma!9+2Y@wl_w(}iIao-uh1?1Hu#xpA`l+88<+f4Xk|^RVzL
z4fJLSEMz%dS6qpr!EYttFN2Q)6&jbEP-C_;btq!~d~WLlg;nCa$;83)?J-?Z;92$$
z<E>jLMWPl?2;ZhHeMv+@d;)cacdGXN9Z=5#6$;&@P=Ayd3?wDsZkAnb%;sEOi<s;z
z^kzI|a}@n!U9YRH1^-b0HHFwWpX-B|_lrP*X)7fl(gJIp2~91Ju7vy{*TCR)WT{j6
zBPaxYA-GC<gdMD**X@?-46>+Uewc4|x2@31U2bCVeLqutVP0kYdR2NC&@>MF`9zFI
zta`0wCrO>tZ`;Zf*N7{x#-?xoXbx9M1WFB<qP2E#idKh~n!5<i?=l}|#qsr9Abm?-
zgj$~}*+<0J3x5raJo34_)5s0e^%>Pk?^J6Cw4Z<2XRjTun4Qoc*x!+P*}&}hh3hQ$
zk0h;)3t1>C%yyIc<56aoQ|pA4JbVW53FM~95%BCgcv;r99oH4ZbYxcy$t-+It#s1n
zt7X9b#8lFFUjp~kkNvM!&0R<BQ&x;$07hzH5b-?BOKi;aRLUyVp^5JJp3m28Ni?j_
zB8`hE$WRo`yjObdf%L6g$nB|_zMGJ9%C4e2#uU58ZmgQvZZLxENri&rYW41Hb)7P-
zsHp|S_4yUL<7&R9tIl~{F~b5#G~Z5nly6~p&ic1Di9a;J#z^gjtWM8|wIDksyrqy3
z!L>k9GNrH35gR@5ghX-)a2)MNSUu)um=f=WIIS?~*F<;Jw^Su6w?0oyO}1^_xKdIe
zNPLX|FE8mw&{hfvIF)KzV6WT@c98nh?@LR7UeVFGjujJG{9Ykepql*8Ggc}*bS%($
zw@`+C7q02AI3u8M@DSTEFnIaVyQ6>l{jfQ(1EVu-us?lheI#&=|CxZ=^?z1iIp+CC
zg_bPNKbv?t-Sv+ZS~@)bF{4YK!#@Yv^4|F8BwjL?^^v8FwR<jAX$SP~+wdFs(bm*E
KmU-0X#{U5@gYvcj

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/password.png b/login/apps/login/screenshots/password.png
new file mode 100644
index 0000000000000000000000000000000000000000..05cf8747bb449155446e0a9757139ca37590bda7
GIT binary patch
literal 84874
zcmeFZ2RPO5|35AvBS~bhoJx|Fy%i1;DrIKxovdT;5eG>nWD~Nt%uq)5I`*#Yl^G8I
z`{>>K9dCWEZ@>TdcU}MMe|=mR4(GM*`+knc^YMJ#=gA#8Nqk%iTr@N^d}%51duV7F
zQ1Fe5jRpQAOYeq`hK8GAEGBkGT1<@Y&SOghV>5j;G^r;q!cW~%m?3fBcj^+mDSb1E
z$T4gLT?!{2^Ul*V+&9nBJwJQXGXS5^3KQWOfURirB4JDwO$CoWz(*oSNByb94HZ&6
z?)xK{zBy%<BTlQW%@M1^)@^RB-}m3`H@`!B`r@6A6-CBr(Nd|aIIEimA3oHvKk`C5
z$$0`(8BLdkRi+siA0NyA_Fz?$pA%YSPBAmXW8}`x{?)6_H%JK3t`Lu7xRS6^k1P0B
zetvT49@?E9!m8?fX)w>hvu~uIVi7Jzj3qJB#Ef}ML%kYb`Ll7?aH1_=WKnvCf%e2>
zi@d-5;zfc+JZ(xs%_}#R;W?6yj##wglh{%8?EWE~p|KIm;eyg`O%Zf$jbAP|I+(DA
zd2SLKJn1TF+HafO8hsXXIVwvVeuYux+*w~`+{Xq&Y2-H^lU!=Xi!iw0cHQ+^nEr{-
zuI474dRdOxIiic2QQWMsNFpCsDhC=y2AxPumCEt1YmL}py|<p{sB|^IXzqTI4E=;`
zL=P5plY1<_#%YL`_*K?g(FE3h`?T6(ctg!+B%b)*2!}25vy*(=c9W|Q)pu3n$KvkJ
zOG6QRnDmI-tr=tvmd+j_OSf+)32Izhf7yF3#plx`rt#imH$}S==S<@7bcP7uPi<^I
zlw|xZ?)cY5DH6`TN2_iKBS5=XeSPKww2yq^%Q@|PdC#kFTD)?vCS1ud;Fvd?r$T#G
zlC2P1E3o}p$a}ii(AhyA?NJCdEv<;aBp$SNvYQU=!#H`YG&9=gRkVldZDG=RDb8W`
zI4Au@aoXMa+fQJ<Cssxm7{eHHCtb$$pu-S%SI!|@7QHSd$*+m4=vf$tM(n|?b?VBg
zo%c8HU<P{-#Sy;7B&|OG=%kHD*%;w8=E<@1WG86flVRN8^*??0f~^$kb<b;b0{%D-
zqLp{ph_OE2T)A`ZqNiT_EhFmt7%xP>w4X?&*e2&csqUS1W4QffDglM($W2Wx;@h6a
zIoxKa)oO3Q!aP+?xJ=KB)9P(K<_sfxh^15`IgYhO?|iZnZ?h(Q>@Kk=W8Cx=q34$Z
zp6DdryknIr{v4x_;(`BFi3bU@cUn^Iy3OyinvkuN2T3S&oG!RDfKTlnEWX+vG2Jt*
zW5ZX9JM3;DHVWO0muw$p*MpPPp-%>kYw55_ze;|Eew*<t+gHx7*T1qDpsk(={Mea$
zS=rDGjhiIOQ{98PZm}AntClm|=Q@AojGsci%Gi+A1zr}p0H*f~HPj!~-w)T|j|q>T
zUoM3Sl+y~IVXc`Oms#Q3THR9HBHd#5yk6};b_@H$GENgt6pkNui+7awi5jxIK1Mff
z7@%hr{7s+ef8d|cpU|BUz{JFK!6fzhj(gMRq0e=nNnEA#+r+|QS1wwgiz;|}5n@hH
zeWCCv&C`+4Mm^m;Qoi78mn`X(!dOFNpNTNuJD*9+7vTJnE8u(pen2s?CKKUv_;cl3
zfiE6Ezx6`y>hOIE#miSHnetz}`;`8I>3Q3gQ6-uO@o)RydZ#9(6Q_5lK2#u28oN?Q
ztce@@OrB5bo%l>jLMqmM?iZ5kl0xDYx2fZ_jW2VaVfIlJ7l6(s1*P7*Pkle}et4Q<
zYK+1{a^iHI%^9Jf$_Q6a*N{E^mmAj**Qzsu@@EZ(BiHZBDzwPR#wn&MX4@$(1oDdw
zD+xVtNq0=#Cc-c9eOKokluY5o#bSEew3Bm~(;?C)l7W-fq+0c>s<tXq!5I@<qac$x
zqaD-0LVIJ)P8vk~9Bd|O+N_r^n<Gi4XTAOWtVM4{+|IN3Pg?AqWcqOKI{%oL8tyT-
zm)tc{MqX7uaZPfKajn=RI+<{yi>^bf>_&REe|*;X!`c_Vg}wwq*wEXFdWq4{1t@Kh
zEIcuYhm41UATl-L(e1~#O=M}Jp2-Tya>z2tF1^xjd1a7h;M82&tZgm1s<(=}8by-h
z6Xw&d6C$x`)@&BupV0pze@X4xHI<kBFAHC~DB7fJr3<D*(|ZxV2rGnI=3r*kAn!m@
zKUJQCo=h%&K})`Qk&CIJMSXsHPMNNJ(PqA;?x@~=U3JZkv7Fxc`p{Y4UMnx%^hq8D
zLxv{`(OpmT<E_hAEv9yEQ*b<2X)d4jv|6!KnS6}+lAj)y-o5TU7i;m-BF%!!!pr*h
zSM0A;kzGq!ORcsdV<U6b%l?~vOC57*Q;q8xYtCQw$3AZI&#!yx*WJ>l*00zoT6qbJ
z-Pmie)6do^-imYHb-{JvcVVmyt^86ck6c4O+ciN#cd3y|Tg4b!=$`0BSVL1r*09$m
ztx|E;V{hLV(cQZPyW`NFueGWr{b=<e%wlZF+?uwHBa$Jqmkj+T?}fpeG2W5h2EKdO
zX$3@VTtDtkX%}fT)eh9Ajmy-S)`*D1B+Y_h#Kshifo4JX0#wN!P_MHOFqB>_<*DO0
zc+ecA9Hgvmra;BQa&__1&@}oerU1$5Yc>y+bCyTw!z7wW)YUR_dCgbeUAiSxA|qF)
zJCQhPI#KmltmMT|2ZmhDqBkK;RB_m5z|zOjR@!qVc(*WE&kYmFoI4dZ6jpQz|B}<?
z@XG{v{WXurqn^7zcVVPe5W5$W6r3WF(vvdTHQCkXe<k7mT{U01x;(f=u1|^RP}EH1
zJBYRTxr=<SG4+{0nLO)!TAeCpa8-?Uu4$tot6{Hz(`2Sm|7w$X6aUL7*3pt(iD1oE
zd8T$I7?Y~fZ05tVJj?T@Jsv&nv)(<Krl%2~v&kFQ+cH&U9!8aJ^a@6mKP%syOX%gA
zGM$?Gx|zMHsi_vHOvhMKRc&5dN!u=h?KVARRAtp$x8$>1Gbh0<ku0GZ=<u=EtpJ%j
zU%w*zB#NI$z<i_(vrMAk%ZOrI=7URDFY#SM4t}*T?Q8ARC_y5FF9~G5;D5e2C_ThD
z*sn(N5K++dsQ0D1W>Z+xk|Ip0dkHa6VYOK=v@2A+;kb}Fm{O5#G#ZYqK?<GPCE&bI
zq4bjG15LB=*6y9|_>I_CA`fU0ybo=*1_?VtN8aYVEi##!ou$Z(Y$<${nPE3QU6ZI@
z?;On4qk^DLP3a}2K2@(@uenFHzgj_bgF#jPx;!HKI)C8~=emvd$?lwT?IiYhxy6h{
zX*;*aA`k|}U%RT5k&i!TjPwUszn$WaWr%4L5plgRRbv!bqQ9ln`Ed_%DKmuS<HOP}
z?yAhy$L(Lzm3Ffpniv*pmdv`Y&vW&f8fI~1^Nc(y?PwqGv)Wdw*Oa&Cx8)wPsqF9m
z(%Ca4l(MtS+@?lqxieJx*w1>ZZrH)TY)N8d?p@Wgt0h5|;qr|EFCKz?+F+qiE^vp3
zTjJlPXB0A1UQ|UO6-Vc~owC|evL{ux@+FbwdrDP?$UR%SeZKDwGkC+KJzjQRhJL%g
zr5Y?SzU5oHCT1mL1TRGFs<>TTX63U*1fV)ltP!aZconm2%HCpwliy}$Vtk^!NRk`b
zj`Ef?QlZE2>(mBoho%Oc85yvny3sPPwz?U&6jI++U;ptTj{Rd|(F?c?m(iCuu&*<G
zKo?!O`PC0oVRbD@RAC=23}cT-zGWzE0z;Hq=W-pr9UfXeAy=!!V@Mkj<gPcV`@+H(
zexV(?))^vCi9O|wo!jkR=7Eo^Mf6O3_hm-+3$*CdPj00kNn0aN)z#t~^aA)Apsy@#
zAS;V@6}-kq!#F{Kh6!Gs0N=tVDF1#9J#hu?<iY;|*7Y++!}#kMIq)0x^%Q)g&iV2C
z<TGEiQ{b<2;2Rc){_|)IXxz!aU!%Y@+6@IUX=(6VLHDt~zJ;}srH!=mWIFf<&Lb%m
zYcw>HOQ`P?()TVdgX{Mh-&eL#mc7ldYiZ7+t!JsD&jK@lgt`uzAdDZpG}pJ$rh}QA
zSy=PKgy;{B;0Lc!|7NA9J2=F~RES<#_70tx<zsz1ZWcBcHhN)PIyySR$9e|*_r#%p
zoeusIqBpX!dBo4kYHx4PV$Z>1`Ph(^osW-?mF+s~_3O;w2xe;s3ma`1vxPO}$3=c#
zM_k`p_p$LK8)HigI@EQwbu4Xdgy`u}H~RbQ$8+k#jQ_clh4o*<0s~}4y~E1R!p8dd
zwZW-^sQ>ccF^1`zsfZh!gE<5D5N2oN;1oPK;a_k4bIV^&RsQu<zC)+}^48H)A6V-@
z7PB-5H?<M|XTkou@2_wEb)q0EYV5zv#gB<T_%E1gVO&AhzgJBd7iWBi7%U`}vAFzw
z@Ee#J>I)rZj8}gAM!n9Buw@egrXz|bEq>!Z?8N-=siBJ!?>5E<K73WT3%^t^t5xHU
zK6}cOzCKY0dP0KT1NW*<jl25{86ms%+4ICi0c63aKHA*5%btjhjg2cs-1mAjs;oD%
z_-lmW$l{aXrPeBBb+e$l!mxD@U2{cG&*WnHYOAaV{t1k;qG*SHklpmK!hneJ&N}P;
z>%9gHZ0Hs}ojV#j_OCzQx8t6LpI&HRttLEjF;RCd@1-M0gFjDag4&|}j1Vo=p<AO)
z1~)kK>$ML~{_hQbou~g!(GTnUuND2`ZU1$&A5rPQq2j-x;=c)p&i()AexQf9f5xmY
zhuv%_wTfHc&3vGs5&1#I<)L|a|8Sm$X(U(nI*-LrNu1qEhmdG>f?PHtdWJPd+4)*u
zM3-68e(2=xj(hGMCnZ5SXB+<6oNnjc(Av7TVdq^K%}Q>qmw;v0qk4_}`qC<)?5)xn
z>Y`Iqh1O$dWMm~nrYJ)wG#NrxPFidfp0b!_-{AbDI}iEvv3FR6J6iS|-^BO9`mOJ?
zA&D{2E<%&c$*C*byt5|;2FTkkSElW?NeZTO3%l7oap@6JtQZqA=J$eqW}%t1N-#|C
z&DGdt-!#L6Nu+F%MbFPEXU9e(dDp2I1RIeUg{>1F{4Qow&J=@n`RO9iHkjhd`jwEC
zwM;{#t)Sj6EK{T2Q7L34?1S9IoCS@p=Elhn+YP#cw=zETuGbHQH76tJ=9nvKzU02J
z%&6Dps>oWJo(kJ$2#ocw-xmF_gclOEFGlH?JIiLVTf$~l<IQF@;hoc?7*_MSQBA+f
zZTtKFwKXB$6P}^fDg^UVxQvMGQ8MCyf-~GEH=qk{{d=FAxqF@wX46FVZRC#3=I+Jf
ztnas{iKJCr+6#>DDT|t0-<v2ijpf3+zG9U$y0K#^Jn{7wvZQgwa*ts6%}v4l&$$n>
z7kcNW2%Xx5oVx@j1j6b!+7f#NCORhe=tXSiG`-A9bO;s%>k@56MpjaD>$ghxl%3AG
zjTJbW?F#0mY$-3LDf&+hF6z#w@6^M%b5rc<m|XYXgb)f?(?$g=oA%61g)CVU+)sVw
z#9fHhKLs}=*9`eaCL)(5FPSnr3!khH+9`8@yV%-zuC(;)3I-~heMi3KY6w<z60<Q~
zSMKAXDM+t>BY(E7z%OJ4W3|G%?eg}={J`u%7`$@5ej<fb&2Ht@4$dUQ+yr}!M!x-G
z$KWIQ=;(BVDbl02A!pp9o@CV})g?1UF5=u9*{Ekemsa+*VN_A*7!Y0SA=Q}mQd>$W
zdZ=45g{BNoid^(P87>At>9EWC`(wehB9;2I^S>l~6l%vV995*ODYc!edHcY$=F<zN
z+Ro&reDd#UEd?_QHO=H*UFX{BUjeL5Mwz3Sk{&^YD`C@kd+4%kB$+|?-ic^o7u9Pk
z{)fY5yU+WI%@NYY%AJ@TgO*4$=yQXcvafmBn<Kfr`XTBiFTX2#hF)KHvN7|yVA`A2
z<`@{>Y9{2Q_=?XO8WJqZbEq;vLr;4@Y`@PmWH(4%*!fjvjg!f31Hn<NSg5jXrYqyF
zrDqnT)YX3#TcylS%q8<|%ee>v`?>jN5pU{<j}#`3mvbD~XCE~&7yI<2_v)GI8xPm=
zSsQRzCmGgw&G>8Sv9-Dge2V0n+oujN`-C_f!DA_>g?w6R)y00OT4|??vz6N0+f*|#
zeVXxUHfle|(N2s~<Gz}^R?@&E$83M5X4QqV9XQ1dZRPjXDZ&8w)jGLDl~CL!I<BNe
z`3miN1f=VYY-Z+WgK9`c_@aCW1_Wuf;FKNJdtRmZ`-Wj*qIvP~?!4=OiwN7PBTHv=
zu3ew2SJO>5v(ll3u;ptkuhmTj0o)!UI<mBpSD#}-5$9E^Ty^c#Mh2qWYv=p(P4O}x
zJEcD4r8rz2xezyy=v5%)khk#^QV<rC0@kYL3xt@L%pQ<{D}9^hoq9QJ`$kc-!co1*
z{+{{A$%W$BrGg~y!;8*lbfSf#LnmY4Yg=p>Cd3=!MdPy(EXmdxqhy?^OP4^@z>=s^
zT*-aIbTy#9E5&+2)%aws$DwM^Lwsz+X{l-Pe&Q4Qe1n$M;fuQI+ZyQ4_$88K&cg4T
z@a~35ixCzo7h8zgk+*EEOxDN=ER0n>xq4`I+(jAD-M%*!_R|{4NAtfk?mt-*de2v{
z+v^-0{z+j^jxt~xj>uAvMT&8|Y<IKSFTVaJ|BU0v+@|6UJ#G@Ib=hRjWUl0AZ;s$d
z*9eivmP`=mqQQZ_Wk0j10*m*jFmVZ$E!=NO_o06Xo$S0Tey9$<MN~2svs05<JVL_R
z<Q8SVE7E+KiqRYvdFD1-r}({~o9TDN4M|BgzK~S(kTJEQ|BAZKN@3c}jZj*YFfz5o
zitr5gEWdt~<dIlFiUCRPC>CBeiuWHWH0c?bZxL837i0FI8ZCuv99~xJ(+{<3eeuU<
z)3ej5?G^g$1|1S<Vjt<<kMWqlNJfrrz2f!Rhkn+0eYQ|rVWG0GY_U{fCD{1Mk!5A`
zNY5(0yfa+1P?Tv1{}6V8>dCn;g6H7RCr7@eN_d9y>UwJ>U4jT4@->fpn0vcZrg@V@
z@aO!eea^_S-SanQ3kvY2HzDdJyFf<XT=Izcut%tS@apRA?efJpz@O5a4+xzaAO(iZ
z__cdeQQ{_HwD@W0TFIb=z$UVs_wW<Ci|(LD8N$tQRh<isrtcQ0?-<q!K*71>vWD(E
z1NcxIlV&pVF*K_yhi{1QVP^<WHT4YTc6aJ~u9f8XD%$P=C-L2V6UtsP?K-KHiE@HN
zOER4;`cOA%I+=6D3>d<PF<=N-h6^-l!*|3NdNWis%Vrc7?nSD<dtN7zd^jRLzjhWp
zV15gt|MpWm^bos&m%Hr6{<UCo1mO!95K114=2mW&%1`jnXQx7HA&1BjW{e36$e<Yq
zgDJb~?iLAiR1*fI<uWqkEPPFYCuPa*CShUF0uJ=CR)5f;d3k>AX)9Sr+Ld`DhGnA^
z^F~_RX4)97qz@P1HzY?GKiI9@t@dY0?sq9x|2Fc;_0ZIyd7MMtwDdVt?KJ;{?g-;~
z^YC7RomEV1=(nJ41U(kD!zurT2?z)D+lRi8!*^vGYa#0(KaVdMP{g#UU_ma)K*nfH
zrP~l{zg3{_OtW+=e`m3otZ`LW<dD<e@pV_%y@=1>Ih7c#)?t^pUR~)7fP!;kWr6<%
zNsTGvvMs@~=WmL>VpmJW(Ci!z8;>zm!A<*#4{ka|WWgtSiHuSEn(q5hd!s>?N`pG7
z7^<VEV5(-apKE)2U@-IH^&4Pp13Yuv)a+voa}7m-**MT|pZ_&BwgEU{v`WYOM5D6D
zA`5-O{MAx8lcXnuJI*W=-j#JTuVj+NcFL)1F!G)kI}!@~P2tT^#kM4#uoHet`3w(}
zf?No)2Z5Cux24Y^G{(klXA5P#2rK-!pn`lRhcck(cXX?|hH{7eGF<4IG`8fnKn%zd
z>*lk=c!Fk$issxFL$A2>>-^78avh#iW{;9Oe@{a5$@&m``5dX~yGcQVd>?NDtl;y?
zu{ZU>bSO>ygD6h2yG{o1Bojf&Ly!Cxg0deKLil|{v-ya#aOF_pDvR@uNq*)%m$4w}
zirILDAE7lgPV<qKK~smG7Y+S9p;Rwf2O~IFPwRCT9hudgZ55OAjvsW32C^N8Qe=z^
z*mW<yJpvo<%e)6S{KA&W^2GQ-NbD6$H?w+OL-4TC?`+qy$jsmyUlq+ewY<q8i8y(O
zJ@bm@`z-cOS+)duG2YH9_Df_lvE~YGnKwfUw9~nb*=pdS_u+@1QFI-{kxy4VHdrgk
zO&5e?k-;}HYCbf^V%f48AL}2aBMdCHgF^2IA34hwW1a%S-sc}O6X95BQx!vMtUFpe
zrvo1H<7>yxt5}qo{HBE>h)GECocSdw>O<ip)z_UzSKJVBb<7A1@AAR$cEFhnQMS9m
zWM&1kaXov=AtB9V#>bplT<71K@!);OTN)ABk-fg)p9VWk&E8G6(2_au!O>YSD71sP
z-|w(LvbN8WL$<}eAxLs1&(OUR?sW>Wpf}Xg)uv&H32OuRMI%9pL+gI^O1nuAVf0(l
zM=-9P+<=1IrE%Lzv}&o!yYi|Z?&ub@mUA1+wypO9n3OL`qDd_q=5lEDMIBJqI`l3-
zkM1HqSLf8q=?c{$Qrf_RC*}^<SVY<G4ZTf&X$(dJ$(B{^vPPa~O}+qzEPZ&gt|-xE
zvEO97x5!J(2fU0hnWjMcWU%6}gL!9U%p9u$yx?3?@S&037jq|v^pN?{8{S~MC!Ti7
zywkmQE~{s+AZuznkQ@?2$8{*i#qpzC1%<w|HY5dM&M?M4?e@sttn+rR?PUzeNs4UF
zvE?)UCT^;|)<_Aq37mU}-T5t~eGx<g2aV;>;wt`FSF>oG>IU~ZCVbv<v7&)k#QH-w
zLO9H``*2R2#V#lV%P7dY)i9_TEiY2k>aC?GI{5;NYUG02g8UpR4UF76?rsO37zFUU
z>*GxHV8!*Vx^iSLb;ttFS$M%z&)qrBA)_9T-a165mYzapBBs;)z*~XYL#u*@ehD|p
z6h6(_sU@CW@w7HQ&Ajxyaahrm!;iJ?Wj1?1ZaZC=TL{7d?NC;4Sd#Cd>3z<65d5MK
z%tHFWEY_!i^(OAD>1Bg)%T;g}y~KhvldTY^T{x7$dd{MP0Xe&F62;_1G-kDbO6O!G
zIAih08M9tsaV{QN9On}T@aG~}5^Vrcr`{)BKt0?S@Ni`C4AsIc#K$)|TGbXBN{1)-
z1ja2Atssy><AOkHE%4|uR-k+YLxOG+GZtj%MIF(RA>EfmSqyn#ImZREMxxnjS8%kt
z<H6DCioFJKGo3pBDXGK#jZ{xGQ}}&t;(+Lr)l%#!S*rcO%9>4eP1ylt@Mk!BbTAqR
z^eqR8gW*lKXAIq5Nba%a(zSs;)zeVLOw}mcYKr5Ajv!-nI~@>nqFU;18p{Cc2A}>9
zZt#lz7_)s(@tXmIb;CHiZiHHOQnq#UOSeJV_jb$~#iG&(*Pv7jtj6Ym3f?%9qiivh
zb(8pYL+ye8INTKKvpjhwTP8awv&W0jqIZt)hyz`PyoZN=IxVsI<ShL2Ior|q;MyVJ
z+UciI3k5m4P*8U+=v5BlcMM<}Wx8EXf`t<Lu~4eIdR=eMl3eTSnG2vel>OXA8_}D|
z7#+|Ccm=DaD3znR3s3m<h5#?oVXFc2{_l8@!G13~w?Tl&GgL61X1*94oeYkKdWPB-
zvT*kpz~{f(N*uNZ(KtPnp$ejzQvqm&pCK1D09LCWtQMrYVITv~lTiNI;itM&3GC-M
z%XVa|Q8yO6d1O}gF<!CXi->O!BJ>P>n6OCM2QJ?MF2AnjUDgTnK5YLUpRjZ4r1X91
zH^s4`kDruUYJoM71Zx0d(c>eB&f>7?COPVM&cd;ws*P(o7T{3R-yI6Bx?Y#mLrw@U
zcs8Rw4A!a_tQCZ8<#Xy0S0@4{bIhSKUZ6~pBY9k=5pr}sN>TG6jNu~>Je}>q6u$ZU
z@%7LDDGUL_`Bon{O@0<m{9-mC8U&K8^52IZ5D!e?Vxjq<l1S**rv!!rQivHdKD7H3
zFk<N=)BPP~F~|Cz$~zNt>?m#@A3Xcb(uBjIk?u|&Y7oa*0XvyWvQ|<NyY7d7htuDV
zqYwvDNDe7;P``UP>72cy0^HyhjXU=ldA3e0#S~f8TuuHpSHOWU9&z9=cwmip*{?Wa
zVL&93ON|V{8Z&`4{-~w*<(B%bTHpkbBXJiO9XNr{-79uyP>80~L?4{Oad3(^z@`88
zd0?H#xD0SGIHCO0BbHBn0zsD6s{9$`N~xGT1RI0EmOK9s0-Ivi!!X<2N8^is6#paH
z@0F=pDwntqt~<Uw;tYA1U>qCR#3I7gQda4~YA7de_zzD8GJxT=Zy<YLlutdi16ILy
z<{&q*>3;Zw9CLig4GNuwON;=#{TXLns|r{*3rLeBUZG}nQs$wdK6om+AM%fc$LGwz
zmhvRywpMVU0cy5GoxnjQ|2R;8L?P>AqGIzOE!y!@6RM?Wo*5`x$OW}K)_XXPHEVE|
zECS#K2I<35_lhR)gHN<x35Ebo-hUfthsvtoKvoqZQ+W`@p7#Wd<KKo2#!+*HSm2ar
zsE(X^VIGL?5g@wHRyW)-fWv%`Sj1aYBz*v--xoxcyrmY}zz@WL9|U1QGT0}`k7TpA
z^k4zr!o~L-z_L-=4%dJM@B<4#i30^$_?V+9AP>l&?5@(0HS)}s`hZ0~0~VS492^)B
z$C1UoF9ATx@keK*4QKFpO8~Hzc;uw#EFjS*6WkaF^(Eu&9tSa0!u%Qcis#n<r;*~=
z#PPqA4J4o>%mc&6C2bIazM&OZ!2mIn!*6Z^W}X(zd~&t_wpP$_`IO^WTcChHQlgL#
zJraZPQ8B0v)D(E0q4c-Zi*kV(L>~ZWaThT8|I;W9{P8?fulF4_J-v<uq4KOFX%PGQ
zH8B5|2t+CU7|4uIrgyyo7P`Ii1NU7eOEdqoV7&?_T)Z{Ochu<Uz&#$2`RGgmFKA9n
zR|NOqUp=_T@z4+co5*sW$%YZ%6b=hM;saMvK5!ly-^T}1t@Z5N7r;(I@dtttA@G=g
z7dIf;9E1OU7gml3TffU32EU288Opi*b2@*z2AsN}ObV0uO)5V=7?Htqj>Y%K2fW`M
z{kv*F`Pj_C^_$uuj|*xN2*0LUP}Y0?Z~{m3c!tVl$N0}5uLD4%|9A5JI)ERMXTgYd
zk3_BeH$kX-LFRjt0aWn*X=PAg(T*sK266rWWSL8tg8rZ&`-3GIkYc;1rkhmMfF0fm
zdv?TazM&RikBnI8q-SWtJ@tZo5Mo{&)DeUTvX#?EFxmq`fKZP~9ltGvzzmTG3=x5f
z_0nvm2XILmkUA6zpkT0)N2^abs#Z0)@>m`qmGIOZEYy60>JvOZssOrh*mUBq0`Qym
zN$PX#DHPfB4<Qh$g~EPfN1*ZpRK0f<66!{S0r?J9FU|qOjQ=srWAiD94u5d;@!9v-
zboBqajsaO3to@(l-7}yN$bqfU`~;xBceIe(>)I*Nb|zb&Ltq~uHN{oP1z!r*zxW?5
zHUO)ylTB$*`Di7P2JpFnGR}1IFW??X0)};fNIhI}t~mEuRv~LN_qTg}#dc@p-Ecuy
z##GF_ofVO(Mp`srlI~l(Shc@5{;i4CGSxhdbz|6m^wD~cQZaG`^xa}HZw*>jx%8Q4
zSJYhaqdNE5fO&B770*Fm=yV0(BI;U|K*JPG7vTD(rvRaV!fe1hH0PDphaV7PO;+p6
zrx)7WYcsOQQP^aVcJZ*C>05$4w)yIY7^g+@tcs0+m{3~V?z`i%mW~Rrv6HlY`NA{U
zD56uV1ek>0Je;Sx0j=&6iqtwv@Wi<R!U&naP&B1+3bNuHEWADaXuvqd2NRFv!?}<j
zd=>FIP(ogKbBmLnjQl+tm?(jygZzxLK?#%%in;-+etT|Eb_t0KwUOg6Y&}h?0n_GP
zYZoiylNbp^u~uw)s0p{jdVP4TgzMFyE;*<`+eJWkVXxnAFrO6u`cVzect?n<O;Z+E
zjQx<6<kpnPJ~>OpTIZvl2TFxz>D08_?S3^+7-D!$DDCJE$gQ)$%g<eUyD!Cd-JKnP
zNqeaSjDliDjy$CX+v93XQg29zVBVu*o?#n>t!6`EA~_M{+RG)r{oU2t)tJrlmplC)
z2Xvb#F^C6O?jj{ULr=g%fqRRgc#dDoRndJQaNRZ>G;gcGhEDJqVKrLSQ<GM%XIg%|
zS37Cxwllcg?k8LjUx)XD@5}(po*`wcNd!NwWd?XO>K`?iN~N<c;^V|efF6I;6KkNA
zo}`&KygAsUC2p9g#u01NDLoFM{VvtjXnX-twflv2sIyqw7ahg2h+YNYBMn*@i@K`w
zFIUagu|6pN4o|XmwijV^$exh%`xB?UW0CWQvMKhhd{f?}Ra+lrZE=6Byf~mz#GlNH
zoCBAH|8mJJKx$(DjhK)`)3$7R7Q>~FrlReAfp;+7juGVBxghMex65YO`kD<i$%=&i
zw}Go<QjFy9@9p?Cu~wDGzi}%bvThR^N2poiGbv`Is=s`9r8$ZxJ6<+hV|r9=+nN6*
zw+|`k#m_z1#7C|{$U08Au11Y|`-$w1<JWfvM%$0@J#<5^%YK!`kFEjohNz(LzW9`$
zl?sDq`LY|m-DwKZi0E+6If+r`pz7z03N@hNURyM1G3ek|PK5H0IA#DojRVuW>j1+%
z2I!>&oB1U#$L*toB_-B+Z9n2LJ`u=j@y^%BwOn{TO}>TXjL_DY7oJN_xz^_;w|%Gf
zYku-BvkLvu%AInyg2NRO9CR^jNeszlLsO`Qs=X^o{bC`C*Gh+X!XH9Gat+y&?Rs7q
zIV10v-zHo(gOquB4QFSeSQFM2HA1{-U$w)vuvE~VttCFS`YgQs;*Q|PkPY6bq3~)%
z(R^j)w@*y9Q^K3?9(72N`hcEvwRvJcqrAf>g}h1gigkoVRC&VQ;EnpNS*0q9%C%%x
zF0Ni>kqN>O?489jOV}4C%?O`IvO!l4!qA#HNb*A3R8kCJ7PN}~o&~*C3P_X*2b2W%
z7w<70CR$wWk4SE(mMwr8b}Z<#I;p_+cSdOqnqRTcszLFf1^(04u{%RKX8n10ciLNf
z%fE7s4==gebJxZ_n2g>1%rGA3b;hKRnX<*vVM<_>Tux}c+t(#iWBLqRJ(czC^kMU!
z9dbC(m6&V$QQH~u$A*K4x7Z5f?#>7za9#Eq{~RVS*OVx%1Y7yY>dG#-ksCr?7(JX8
zae<$~$3lXedJ0$+GqLaanGo&+6Al7Vr*r!57bP$>GHOtB`TgK}|Hk9ntnJ2Z3H$p9
z`WS{7n2sbv+DBpAs6I)d*}Kf6OPCM>r@q>nct0A75fBs#oMVf{L>gE@9AdK=;<dD2
z_9Sefzk8)~R*uC&vT$N>bZ_I)C&rY50rirRHZ5_66)^w&uWb=3_*02mH{zw4Qs%PC
zSnyoSxo%PLo2=Zt@ZxshL)W#6B^OpIm$eSrd=FKd;X8`F$^GI)mv0-Tt{x~5;sk&n
z+D!2@*aP1d9sDbf1JDm@kRN@JAETfxF^q9AXd>!%JYTj@q_#ClyU#nD5loAmmXzh-
z(n--^JGa>{iFrA)F>bPOfOAeX+!hu^3WqHiw7w?a7%<I#v^i{FT<$EsRQBbiT1~LP
z;<WAE62y|$XH(4`RTv^arpHEDNz=u)$Sz>ms!Nu~2c){;my{ZF&q%=TClHyry1Pgn
zF1#3+eHH<t>vb13<h$UNxKlz`%&L$ZH*U1Fx$Uh!T5aL!-K=LonM1xBaec4gLHxF1
z1@UW`^2}R62b_=sOw>V^`K9`3ck__*3<bVVFn)o+0fazC&h~3(Gnv@!7l*c8Gcgmm
zq{>x@H>>uMUfW%zG<HpR(6x~+c@ZHhyFTsyORSDnHH64i#O;%1L3SDCTH^JvNy^bz
zEsvh$GZLefPf{;oFS#r^EyUO0FuWccAt_E9zvAP13Zg1%he8qjUbK75e${HHzV^4d
z+7-3>xzq+~tR*a$_Eu!s@y$;FIiS<}&gi~y+37kw>B?^}vb}2wM275MRA`ji7$bVA
z?T0#YG{?gYJOtO`3CvUHs+bE}o0~NEzWJ6`hV*JUnUlnE&W~Xpgz|cT`(|EQj9CIv
z2->@!DF+Khbo{;E7Qkw0-I{f2h*-+z^L)d)Vkg{?bDC|7W}P_@hn46hX9mIVjq-9=
zqhej>b!qXkVIP?yXA?0Ys&s4lu}HHf+gq-iWuutLr$tfdPfrpEw!a*fG1h@($|tOI
z>d>8=TUkk@MH&@N8#+_dDrIY^6PW2_M%RNGp^#aUyP;vU;zhelNA<Yjf^155o9pgM
zJx`DBjSKawvHQDkxNh1swgPA1*?dN!GMF<1V3T9JgTo0`K}0rqN;5*lmTHLVK2)2U
z@?gN0DCo))>^1EJ;K3&ViqHI@?~LlC7Az{XSN^H!*QDcywLX-6xZ!p^TjhepBLBB9
ztZsZ|lQP>@Yp%mR;>9r8V#R8IgD2%6{o1;9r!4hmgrdyOn6Zo~(15ouvj<L?$vWY~
zH?sp2B4NYyeHyJDv(KKdRU`^6*|R0+S^|J2YYOX&yEVD|{**9VluKw#wn38-)i>_p
z8l`+&PAAAPXRxKy;9%#ylCP1bc``3L6Dny-^`P3fM&6WlUdfOy22qw3Nb8uGR}S{V
z#EGFC7+a}k5F3i+4v75&r1wkLMsyz&sA6b#$4>ENPR7&LZ-+kA>q=&En$MN&iacA|
z)F{mm-QDg(3O6zcu!vUETQx|XepwoMLWhTy%(w?psg!LS(XunLS?Q}jid?j>C5l=0
z_Ei;N#Ug}XVau`K=wN<g%kZj%k?I@5;2j7-HRTSgI{9~Lxyq(|Se>;MD1)r{@x*UD
zL9+C(8qZ#2+y$#>raCCWA-&OW7@Krn{y^Qqe;yzqxi47z!oWpe{o<lOdp96m0_}|I
zqwdz(c5;(U+$BVIX6qgZL$Izdq^h-(QKP#CwQA*Bdi%&tf^bb&2eC3m)~xbxpK>-w
zoOtFDr6i>nYb`X`I_1VzpU68W%si$OSgoPqSX!s^B($vauMmXJ`CTcw#lu|bR7Y-@
zlzcaKE{~qM&a@Z*-9!LWO)c=zZKv23xS@9-OKIw!syrv9ak#pjaca;;jqBwWiq6dF
z{(}mjloVjvO<%8B4`6Ve{}|jg&C08DIx7>HKMRTNi|ul33FK$xohOJWTa%*6saAqU
zzMLB{+^6m^XZr@MIo%lQwdkL)etjNc&Nk8V7S>xfa(-m@E6<?Vc~>EStq*EE65%pJ
zQ+#b{u~U^hi<HD#NrRWdA3huA=F9vd)T;`yt017Px%RLmXU0NA<0;obZh@3pX(7?0
z<fTcz1NX=WRU>EA{lc37+J@%tugw017#jg~#(X^w#tyimpY=)s5#0GJM=Xw=%NZng
zPw9mPv(l(0I5|h;NP-W4VT|}tDS)n{014^Z_v==960&l>b!1EEr;JqBE|y`f;1pc6
z3P}%NI1P4wnNej5bhf@JJ6Ew9y<`THaeQ|#eMzU5k{=fD<H%aRTytimQSD$le}ibX
z0Xulma{#ehQ3PsPzEU^e>9=-zWPfkdkEeVb-<Z+Ke2K2JJ?<l(rFmeKMJeNa>0H*j
z{aN^Ye}UEvCh5bo!Ghl!O7HT>+st$-#BO)LVF4;O5yQY_6TiKRh2eM5e5<d`5nXE|
z9k`{*i%l9EdA^tHX`IaL($&xJZ`F%nWomcLEu<y}<7#fzkU9=CBT@Y^F-DMVbPfA}
zT#OCH()|@~Q2gZ2=l#+Y&ePoKFWH@W-+t6(bL+a(8cAKZXCf+oQ4XAU7+1giY>!Tf
z7L-r;(DFhtPTeV>l+5(Ikm<>>v$RUDn>EO1x&bYvw)#Lg9;msiqu7~HiUN400#22B
zjnCewcGRFSsc}j)iA|X%H>x!7SOhgpXT^A&Baq6u+l21Zp*Zx@pcvLe^QyamnrcbW
z;>MoRGj^+sya^E(7-F3ti*>Et^Y^9ZV=ZsuFe4LV>#Wie=MW}#?ic8!vTkO-5q|rl
z?0!rPoAym-6}N(Lp&onqx6c43;j_A~1X8L_uk%g44(ll|G~`VDLOHqxt#yJO6h3!i
zP%SjW(Zx_4=)n28xC)SmSOD1wm<`2@td?H=Ai}l-GPhmcqlu;L8Wn8J1K+Pb;{<ZK
zFv|7)n_{b;y(yt32U$FmfzAHjQn5w=$j$kp(w=7F+&p+n`xktx%^Xp6qWL_Wfso<y
zrkJeC?b$dLkp;7qSXW1GCx}akh4n5d#u%7}9j2nS2hEFR?fpP)>OGfTRryyv<?#*G
zk&SUFle|o3td!xk0oJp0`GBJu&*G#x;8fz4(6=vSaFKOp_Cy<$3uFs!cZ8e~0pPo<
zcuKgJU|1rMgsZTtim0<J35fU@$i8>Q?h(_h#hv2%&h)%JBigv@4cB~EDXr>0WOyDu
zbEZ<U4P{QgZLS;n_+_?Dnm(KZh-^(-puz6W(PSk~l8q63mnL`Opa@?^RlcxQxezI~
z&a{V=OMrgbRQ%Dw10CZ7*4ASWZ(4r7P)@3}P&MNlsvr_rC{P&SbaHJI+Vlo;)zY+)
zx69w#+=Nju5x<NUn6@7ZuHbWlni&J)N8@O;wYOO{s+CE)fq0i&&7}GLlbNP-rew=r
zdnAVhj}J|xc7jZCr)+#=O<~E5U3+P*d?~<%BDklhZSJT}{D?EssAelprC04axQ#nv
zQ4N%Q6{A18Zhw2S=7~(mbx_&8@p|nzn<g7B_yIbSkhXB`{aZJJY3^(#b=wE?z*j8H
zW!O3gwZ!*Zd-?{{zM7z^wvcpGX1lJZ-ze6X<59Orj%zMkcs#%&yh)<bQ~4lW5tI2T
z1<z8eWMuUkaF>KiIy18-2rB%&AHxI=u>3WeCR8g);T`t~=$bBN{%Gcyn8Le@J_c?s
z|J4C*Kjony$M+E#n$eHpNA=j>=>sZokDt$mNz@7h^ta$rVJk*KfzUAGb~nK6YZ-Z~
zw1We61c_C#4dA}Bz!NR=Ie0p`OF4qjbE7OP`I!AeoIgWUV(~wc{GfI|o>$_Wcj-yj
zI4=yaC{Ood$z<^Sb*8c_^QdBF`Sp}wN<8xqo(YQ;bfK!F>>b5DLEapI#R3;92JC_P
zMKYBawz;qs^lYXdB%Tm)yFR|^^1W*RVVg!z7ImY-nTnnHeEF_OB2Wk^^DdRILMxJ>
zB5)LHK84(p<!RA^HK~m}dzm+d0U168i9DZVD>SmV0r(7$%bsq#le7e^Kyp1Pv$^s&
zcrTE*hj&Els+v>OhRN}#&D^7E;l2Bc8{p?R#k0=AB70lDr30F<ai1IEC%%}IYC2oB
zHxv2XD6I{?N&X`~ji4G3mQ<%Y@BpLq9JE;v645Wx2ajM(o3u|LyPdP^*AJh!E4TjI
z+_?8a(-xCVWT(GvsM2jcT@zEilx^Vaa3gfV_7owqaj%wUBga>*++^i;PvO>^VY?BB
zskp&{0Zfq|patY3b67Cdq&y?MrPZYDmf25@8)E^gn>fsSwm6@R20{3Isjk7H8db7n
z72@=8Yn;H1OcOy{h-d)h5ZM~F3=i|??F7<_E4v^W$Tjt^9#q?BBy;bkFU#%}-kDPy
z-A23-)o+R98b`qs?vt007N*=`B*8rk@&5@c{GtvKtw%@Mh_xH>V5@DE;&AethBqG-
z3jIye7u-*tX+Q**AU6i148oI^-c2V2)^x>e6cpTdlVj_of_GavE{mJ`!SY2_Z8PsI
zoFIUSrVp#I6#)QgX#cb$nQ!CqtF1b~Z3qBBQH4XqAO}x=Q?EF#W|sP17t~ZuETg51
zrE@hXlBpzp=B~X$=j}^Ba|yuIPPI4IMcJ;S8UI!K0-`yA3(DPtARE6&(e{H9%6gxn
zlCQeQw!Yn&%r+I{WYK33WnMlk%hiJ3Vdk}2xmh8*6F_WZ?9H+QtK*32$m6S)a`Pk%
zDr8A6-A68sc2@QTgE}UB9K<Kr5>Q8~agi5hNjww*)%p4D7-OMG-C({qGo9&o3AF57
z7p-HPT6>>69EjT6;{g@M@69xB4(fB!p9IXWEnR-Xc74p5XyI?$?VfMzsqG(<@mM_6
z=z4>UB!BcdRFa#yxxbr@aoX=4OLCv<&O(^Us)A?e2o~gVuPRHVaYxIWCfn||2*Vha
z5=u;MfFDxwmTryn^iY^YKUJ#Q?it@*ZL^#*AI}YOF>8+w-WYY;FB*~5JxInKsIX%b
zdv)Ow;606g@}5vnRN4KbgUnB;42nCuDbmc$_Swf+$U8j=5te|Xss$LlO74t;TS%}K
zLd6hs_?c~i3_SB5!_UtGpjfNjMPZUsy_AL`?OI>6;ea)cRD#S)clB1$6BNVo)E&OO
zxDgIZ8YDM-9hzwzicl5m9k|B*=+4<k^SSj!jxrYNrcYpV)}JfxhDThn831%iUTzPy
z?-{}6_i^k?UpB&GcQ3xSZsofX82v`~IgQv{s~|{sZ3wy!$LrA+rBq)*hO@EDP;|Mb
zl6P@ugw}OyeEe>R<Nb7l?gOk}dKLg=QrJmXCgADse|kFPKxlT*cn~c{2cX@uJ@b(z
zAe`8oHs<4UwDxwtYiCz%P}m0f$%QxpHo;HL;@zcbiz|^TahQCz4#6ZI>m<qxYrN&z
z{OGFJ9@xL?cxAfFARGDIrM_Tn1~3kNT|_;X9&QVdf_#4?Ja7iK?aGMVxfyw&H;Ai3
z(K(u<8XLfQWLijEfD+I2D`4$I0pvlo46Kj#uWq1P_5be3qWUdx!nUJ&nDeM!^zr=`
zAYk~PcW3k-EZmGd`|{BrimL)~pn|uKG<9ZBDcJ=ZHx}r9wcoZ<qJ%JwASGi!VyKRE
ziyXn^+^b+WwuNFqGW8slQF6J$|J3ICot^@SLQu_2mAv==Ul9WUr#rq=ckB>=nyUZX
zgA1TLTz|Cx<_$3IeH}8~XpCym(paQGNjX~%5ROU~kcH)fhVs9qE##0dAvZcWfN<k#
zkAwh-r0PF}8=%3La`Xnis2k`~1-!;YNu*f@QS!i6a05Ux3Iozn`iNxU6RHmVu6t+g
zG&VHgmTgBX(5Wc>5DI~s?%y4KkbaNXe;#}E@%{hgYHV<Hz>y}Y2`aU7)x|fc0BynD
z*}NctRTh89_-4I8r{@oZc|~Tc3y$H}RK|`IX96kh9|%DIH>6HvC=n0Q(a7+7rSZYe
zB|yio{fVmZ&!onG(Afs%-``~QL9Ko8<1I?9d#o%C<tWGKhJPbsBWxk-zdxtf_z&Un
z&pm*2yH2X{WP9B>C;;Ej7Nh}-aQzQzlm89dM7eI>3l-8oo&LX=5IvlqOvpd`JUsq`
zmhfj)^N%|I&hIsmpql&>G2S0s8|W{-zx_k~#ox8<KU+oOuA?%*G1_Eyvj3aUj_L#d
zflB(=qXAUCE*9!Uj{$inKFotsE+m4?^*dSkZ==E=%sG&Qzs(4|B=dK7>!0nWK-Eir
zoK_5=hP>-@I*reKezJpyoaNYk4xrQnp~3KIng~GcLb!hJ`_v7#XO`Wzcp#}z|0oQP
zKN=(z{fpn)ytFQkrp}Q7hJ*hv)yT0Z257VX;OPGy%!87u{u?0ydwdbvAVPrJH<+b{
zN`~zq8A1R-4|azhyQc-jwPVEOzg1!aLDnBk<L@S2MWyWNWpAPIpD`b<;sN9$mgAr&
zW<Iw|yPhiP6Tx9vv`#|-0dxe$;=8Gs<qSh1CV??PZf`yM*2qAxI7Wp7g3gt@C`I@O
z%hh%ah`Fb2=MYHfw1<SJ9=WW`sGh}Zhp!RlE>Blm1z4|Xl$T^~!V${*qdS0KWV(&o
znI9wMRPY9DTJ%6i-v^XuEl11>JmU+B*?%;fmO=s}l?B!ZE(Rtnm%|s;-(>oy$or`#
zBHKZa#(;p9%v5cSPes%X`^HP*-d%D6%=2YSmE$PByif8A5lSv!4MP3<aYE5JP5^=#
zgDMwJf(<*eh&@U`0<Di7VC<hu3@&QS_P9^m&xf>p3^UO+b!D<1uoQjT-P{X{yG#3f
zOOL<|or4$PNjhPuVuKw~?(uLmbhYvWxyxCUKq2F&ngCKQWgZkdKo4<R>@O3!u-^Iv
zr4MB@^57(M0Hq?O9PhaIjo6#qE&EQRJ2ce|@4xVky}T;QmX{oSEf((t#y8M80-A4r
zz~W%Bp&a9Y%0=y%l2LZ<IgrrkD#zhgHym{9!mD;chv~Fi2=BTH*r|2jRFIbv<1E>0
z@L*Vm!waF<(9-kQmQlNoEK%Cfe-x{5TMr8_!r`8;c}*-$EZH5ytOdyRY&U!*4F~;=
z-p`F;`97)y!dqit@A?o{)(a*j-$9Eq=5o+^$9HtC+8Jgo-&@blE(S&<hbmL&vM0k(
zmC>A9eaGss-5@hi4ql;p^!|kQr{|2hD##TS5sRuVQQ9LDj{S|(pqA1sL9qutN}ADy
z4((nv#KAyGz@}Z}z3ns+hT?Lyhf8g5#7+Vkz^zyOwkAV8Yk>0DW8Ve5VB4&`+jbY_
z;!r;5%$vowe)pxczy|yIKRqn)UpPs-_5Mxe{gUMxJdSXO)vrDbLNn49Q7BQ!`1V|O
z+lCO(J7ltIFv(ZA4V75+JL$WjdcT3JmAt#iB{zbu6nO#^i`ZULFi@V`^KKt-FxX(s
zOV_hc367l@4-IkF>jONEsx1+UD_c$xK{7tHAGYnc7sH!3p|Y7bFY2#ziQPk{FZFQs
zJ`9U4E-%Oms=KvRs1~}RI<^VA>UJB7F1<7>{*rwbdA<9aZu{ZU=`7?sZTq|O#j;eU
z>Z)(bs**;_@F}_VgjZH)tC(#Tw}XY}wF&UTF3XzCa;VPjtOJb?N9yPSQ30mK3dPBw
z#2}Pw(Rs1zx^HuzE`9sbl#k^19mwA@A>zOUc7YCDfn31rHfX!#{!|qGLrwtSYX>bL
z;6!ZYUzjZ$>3|-i%_rOW3)8s3=yy3H_|0G-;}|~ZRu?VxR_)oMgctqYEX>pO=?I!9
zQF|iaJ@HtuX?ObSb<)P~inPk}eR;k-c1olqK8rRB_l}Ky@MMUHu;BjpHiFV<<I)+)
zlEnbsVw93?ylfO{p@`6jmJT%xf{#v!Li#Jxv4aoHX{Os#-UHeQ!tM|ugZU{GuK}y2
z9JxclrK9fQRith|%w_btT=orMy^8bHO%jU+0DY7d$E90P@x8^e)sty1y137rzX(Nd
z=S@1#$Y_4rE^rf=gmdJ%U(7TuuiPli##~tC=Bt=fU&7s4s&cEfXt6_yR-XIN;|uH|
zCyeEtR6(y<<1Rr=K#@|(`m1`uHzUdDXDRQ2je=K=1Sj6mNna2vovAu+a|YLWjogM@
z`E<|TN{E}DZf0D~AaSr!ymlGP$|TdOe63T)3o#;H4BYlhzda9v*x6;-ix$pGNrTcf
zoboXkC}EO4i4VwDEj&<2HT02dp+s6JSu{$dh0494Nr9^J;VvE;SdcVd^s~sga?mQA
z^>D8tZ0T+%xQ{g61_bGV88?)IELC<0C4=y#?ZMSrJ9#h4^{Md66ZzAtQ*CVq#JebK
zb5=W$)SxKJ?Kv{|hdY;BXZ`Wlbk_lo6at>h_DKlKddHi#RS+C1_8`3GTfjp^$`{Nn
zn{Jt8tFR4ls(k@!56g{*ZiBiZLN(yseKW)-6n$p~^`G4y!lmZqptq<1+sYvtA|vMq
zlGH{bug`?oMr%@~plCpWHW6SB>yg`q_DuXMABgf*2v%N2<|dNUqnP*h(>Uf7k`Z--
zoTf!S^PjV1$NTno-1b=k!FPEVB$2jCp0`ZiYI%CnM#U}^HZE(4wD^E#4k=ByjEs-J
zbJ-%Yn%Gd|Lu6%{B(00h#=Rm-=Sj-^DU>{+cH-mpu6cZ)%X#;BNsHxOzlGtS&@joY
ztXP^nCA{nr_g-ueG?Iu=il+KS&pPpZX=225>^qwb9O&$A!5e5E7tVt2aV|&0ubB!&
z*i-^gu%LE7yjLcX@*+f*1c;QEw<Xc0;*nf4>U*&l*A-kZv}lD={+!`3Xl@uVcC6Y<
zQWLpc$T$T178d(jsCTqeB%anB%WH3K$2QwZeM1=8*M0lRmaeLVI>~AcX(iiWHtiTn
z8UtoMuv+TcwDoKrhWf2|nTN#PaG>s(3>ILS?!+<2<wMbDeGicA=80^2fMmuiwV7P5
zCCJ{F0y-sye36O}%g)>fWxL;+@}CXF05P7Gy$cq!m;<WgS9<NU$ljz#9&LN6pcseQ
z1n)=gnM7(e7YiSe($kVrb#mDt0LL0+_qd(*yWeg`+v0e~J$XsA+zh&J;WD~260VL&
zw8Oorv-LbUaby!wT**~NCACn11gvjkO#yFH((r}|kaOfMrEGumyb$DfGpR%fv>ym)
zzc)xuG|jJo5B|i9-TJ_gH-%D0=8>~*-`<9=IDG@{2nMwV-qxF)dw}^Cz_VF{`dFbt
z``m@7LPbi<i;)!xqH_5<#OG$tQ3ge$N0b;NWciyU@_p9Y0$9X4p={@pVd7{W+JFxP
z{-yt`e*qEXPYR^2RFne#*@XmY?DSCbVv(#{JEK{9Y>ugVpiP%P*>;zM`F3?`1cnt8
z1$^2?l~PRYG>s1J%3Tpo5s+K-S#9~`A9h{DhZ18M8HklPU#he(sJ9{U*c4Nl^PT=i
zWsd7R^1apGplv--C7i_AX(dpTO5@wJaJ{y!s+m=$D*<jbv8{G9K-odP)GkJVkLn&e
zP7h7Z^qB}fwFlasb=q$$Ei;z{-ZI_?pJ-$-M6H;uv7nl=)b)jV$)U|DZxe-DERlld
z{)$VS4xJV|Ydde2JXs{4M745dy?fRQnE3l@mKC;UFMW6;I}-X?_$yiJrK=#gBNLlB
zdvDxCqzyZ+hzFRyN<x^tRbf)?svER1epbma(Ah6-Jcw!|;eELeA(PgJfgSQ{s126z
zXu`{YR#pZC)Pc|m>}h=f_Oyb1iC!qCLRa-Y7GyiO*Q9Hk8kJjX7uQZj+xL4=m|C@?
znyURfoO7Q+@NlaLS@SbVCx=9;#M5pJa3)HG6T_kqw*KKc)ADPR$sERPI;`5u+qqoo
zS@BJbHW8lOm_jqn<k2CB&h|GdCsgU~53<)&DeNokaHcleU3TkwXF}r1?Lz>XXHpyG
zO4a@q4=>G?zaI^NXO?!HzR>caorKk@QRDM2v#YSWMpB_}fpNzOh-BPOSrO-OttWU5
zBvy;<2Im%LE~#wq)!V9Yu3lo<a{?^5k5a|#gZ_?AGzh*8c+UOXMqQ;mxI+bupQU@R
zHwNtQMIoXbT1+*<Dmv}2(y$gHL{3Gn=$)+VYXj2B2UWyrJ(~e#o#M<igrZt~pyhkr
z4thvT99Z4ZnH-hfG-BQMSAFKe&h!)uGLnqxKzj{&qxUKqIrA==xu&2U1?+?Bh%Wyi
z9To%^8^{W2KUee&XRnK(8hVC1-LVMCjyEzs6W1s*SK?Hd2G*8BU@FfHXp>Ci^zffm
zCHv0kUt;H--nd7hZV=xD_DprIns61(D&%_*lNfhhx?U=9C*2&#&--g~aLF`~vr2{>
z`kfJ!sxspFmJ{=I>xpCH;b_L(a;0|gjlw~VCFx$Tj?-sapq+0bgmEb*5~@m{ON6`6
zoJ%N?gD;v8F?Y4Sl~J0|Ntwxr&6xabX`GWFQ!{b1Mj|uNH5(gx&L)Q5{rw#r@F6FC
z<Q9kg6ARMx()<jH7!NxzDiy737!VQA`_2<c7dOPjcZf2e_%N8eK~E-am^t0I@{Ev~
zio)=HlBvIu-4l!0blKv`LVL1CyWJhjQse?kTrvNkRIXkb2ihr<Y-3NYe(yZbaHeFw
z^jbJcR1jWC9n$eO_`nndeR8Q8Q&w-h>JaCol(z2(5wM69ZN+lVTg7^aOAMt+jJ}s<
zROxZMi8GAj9}KrZqbkE!o@H!NE2v+POdsSo-3S%-D&k}V(IROyooq}mI--gYPIguU
z4744a4M^Hga~+Yi18E#1;8s0yS=dNC35Po%S#9x{ij&DC5(|?d2nz%Fv~p?r4UGX#
z-Omwi&ITwEZeBnBteWXvv%((5eplps#OYJ!Gs*NS)w|3U<r65CAM##c?m77Mw~OjG
z6PeYq@8=8K1dhRQo^3Fl?$Zxf&+}0}k7bl!?QgQZne9o4c_;kgV`&$Bk_81?T-{Fh
zjNy&Q6GWszJ?v}Lf#D@r<~w!Dc}8Hmyx$riwhd;vn#@}iq<pfy&pKQ)*9n)B68mq=
zyfbzi>RgiGCrUM9dkj=3J*3Oj3l_I9Aa`F&0zArnfJY&6zv9t@U3h=d)^&OBm9e2O
zS=1xdZ(W$OiEm9<1V{pftuQc22i9~o@bqGUvcBIGlSfsHYq$VQ;`N1iwU#1PjtL-c
z&SDjg)W}Pq9o_zasC(<6EVnQ2oAw5zK}zWo1#bjFq`L)aDQOU-rMtURkQ9(kNokQ%
z6iF!o>28pccVBqI<IgkmoM-0w<DGFBXY}U2uD#b@d+oJ8-?gcWt2hUN3v*1fa$nUP
zWeqpdx<%V)_+l!tKiknZ*gR|kRA(NVX77&V%J}U$16;Ret?K&~_XgeUFL?)|l{cS0
z3mM)BN^>xle!Whl|5!DI)1Mnu+e&X6@L<xi9v6<%X`Il1A-#^}H7L<=S>mHTcRXw1
zPBq69sm>fzkSRCN<<#htfPY<90#o|it>-To(wjvHvTEB1YVR~pfQLiT+Q@*gCYX_H
zH&Y*HJVe|MtZxf;;u&*Ntlzh6AhK#GHlIl3r|>-89yMYpSRO8`ZxGQueNeJk?<(zb
z6l6BmgDu|wPVp(fMzcr_LK8T2RqTr^53o3<1D<>N@f%eRl3*+8k>u!bR%cQR^5QcP
zmuWWBhHYSE>k3mxT+s@z6diPIm@i9P?aw1o&~{nQ*&n}R{>X(pdRX#Pv1{Wxd-{=V
zwP5K%jw7=fBZ(C8qamMCOk&PbPlq>HT!uBY!!}@FCHxG+TJ;|S4vwF#9e}@o<ak>W
zs1zLFF<)p@*lC~M(6KW1_dw|IXWnOA2gs_1L(1UO%X{ae^}NDoYgHpU``V3{#XSHc
zYLXZ@$WzMqc>m2VIL=}wk7mfR<Gqs1{~jkW$w5H#LAdV;j{E(|?<$&PZQ1NnUr*M@
zZk#=5%d%(VxS_u@*S)<pYT&|^@CKWwsOd`Bm4YFks<96O=cgI(`1@HJd3!+5peN8l
z@{T(Wq)yrLA#R{r6;HhVSgWdPoZnSx-AdzBg<Y(_7fnIKO(nD}SF@hPyy&I5XI}0&
z$7)RGQxJNMSCr9w$dV#{Yyk$ScYks~+pgc!_$h0>-*r}9^X7CY+P$LNeFmL2k^oij
zl6=uDspHi}j$sS$=Ntpj{1?1c<MJOH{JbC#zkQqwH46wM0x5=1k%vx<@t;0C^0cKe
zksv%0N_1R&_LMW|d$x9s$x!<H)#{q#nOwP0gBAIms=i!K?ShPbaR;z4Gf?@fntVNi
z&eyFx-yPi09R*B6#UdEry-oDVMn(#WOMPtx8oEQ{{SRp|_(5H>_DL@gsHz$Y^bCkS
ztP1D`NdUD?hDPKNBqD!WGFt8a7YIxrbb_pwOaOwq1}tjynt@@7j1h;OL}GTkT+Pid
zKvPngICl8xeE-p?-K5#W#A}Z;6}7MAxU<bE`T~=jVhk@e?uY2&UXR+<gpc*{+t6ux
zpY%<F!?=mn_rs~ZYr&2w53V;BDvYsuc<Qrg8*&ZrB?UN=-AZk4BF11LTzPKOLAqb1
zxTe9qZI?%R3q^^~vcj`RDGmQofG-aJUDx7SCTqo70+ZYM4}fbvziIY}48D8^VtC=h
zP_=w5jOrIl{X>_kD}yWP8=aLd;kc^a;AAu0(1laK*ZCRXkebcw7QA0B34Ci^>(p{f
z<zERr1pHHK{NBsMdMvBc*sWLE$65mI_DAB+o$)+BM^rP29Di?Ee5|WCl3lhr6sg{8
z`RUq2@o^4UA<Vkml;PpK3rPkQnjN|O-?S2UOojSL?(gxC1b6OJ5W!6u#3n!s%#9~}
z33qvf?T<P~?j5ezOz~sB>er=f+_zeL$DdonVOirordE#~x}tGQJTr0f1OLfdhK%ml
z+_$<Wy~#uXE+P7o3Xp!5=6B_ptT*~^W;#ib4~3rE5l)qMHh5avA70f?px@*mDbJLS
zmWk<~-GLb3ym~0(%P&m3C;`8%|Eb0VN>xE!HU8G6R-+)ET|b8oQ`P)E0DX+=b?Hk9
zIn9u{mADPIGz_&$%%_hfC-w{;3Mk{;Tgp)Hp|~KJ5$B<N#+xFn^}#2^{#42K(K;G^
ztGc4A!KM~C78)(P!2i1)Gz?AcZQ@TZi#py2c4U2^>5rUD^x`2MIAvK+l~7hEOW_l%
ztI%pQXMfBay@Nru=TRkN@+4c}ctDJQ()Sfpu0i2GFUPoud0_h}4CCG_3hBb#5fc?%
zd=uv-xJ#rl;`OZ~p!7(b{Lb0P6FRnJOOJ}jDce8kzV{60?li)kLaX)a(&q95(Z!P2
zQ%endjS-b${hZ4_`L-iYVb$6;Z;6CvGFcx63q>7|%xh!N^dnq9h}Br^B?;dAWTakC
z8-*ldaWBB~f%~_az(DtdQASN=RcalV;Mk^6j2XjRxy;BW-zN|(mOyiXcGCTVcK%fY
z+*1`q>~03xxF-Q!fP%H-QJb~}SY}|p(o17%k>}JgCmpP0OH-Kj*%Fnigin@i6C5H6
zA5zsD1YKbYXV(jP9uZOaF6b$b?q;WJH2;{zz)ENR71kjfkI8;ctPG9)QYtZ_-o534
zN`;q8$ybiwYb1&!N-wKBxD&WGIE;@U9v)YHPZ4J4c&bBINu!$j+}GH!TTSmPXq{>I
zy3cWIA;k*YZt(*a5YfH2kVgg}itbI&7zV7YD?hKS-1DSQ9e;N8fV&}SjEi_?m9Bp_
zi0mEa9#tgLK&91OS)8}KXa*DJei1hqK+3qk@>oBqoOHjTe9a*~p8LY$QbPyY+ORz4
zIJyaqrS(Ou6~_MaHv^%4FFPQJREw+{CNoBET|fxlEK1WoH%i|d2QLlqK`E1$&ux1W
zj)cz7@?qlDOEdFtpa;>+zBu^kK|IZ02cMr59&jzBdaQyC$t*Ee`xGS>vU++e4N>J#
zJF|g$W{vjvA1x=mnV}vkJue2FEKz8~DcqeQ;Uv}nP09SXEt3FB`up}Ne=_brmD}z?
z<+k7c?<`WFoJw7*GtB&dC<p)T6a8yx>_1864FOhpg>=+T9t0XUf6+%9LF2!M$K>JW
z6a7{7TFom^tc(6ptozd-{~wf7AJ#t=8-APS%DVG^UX=%B)zO~+SXO<gfhlg*4T(no
z7kB`({TmfIFyQ|t%>V7Y{oayRE>MmCZ7Kz3;5X&cfBWB{F#nqtRKNj%QtW?dDDWSi
z8}K@lC0v7+Bd_~@hY<a~2^dI$5IrPz-KgvO-Dki6{icTk=w$|Iy#LV4Oy=2tYX1Tl
zqW@pkZUGL*i3+;B{h#tiKyeQ!lmE~c=l|)z089JdQZn#t{{hVd=JMOZGlV|<Z)+j2
zo_^a3A)2TvWj~;7BrWv+yrT@n7XG&v0Lu^{mEb^9Wj^9>zdG!{zdADVeGHfL$!FZX
zkB1%MDL!Y59z|{pAAYEodAx0AJN&n2_eZ`#^*^{x*7sx*AUz-i-3SyNQ+F*v8Cnb~
zL+foWWuVYrE3Z1t1-<qGx^q!R&u+xaxPvs0!E~zL=wh#4X>4(jcxLi?qH=cWLNlvE
ztYCWEc}I2hky5T~w{UDhI{PAMVM+}}A#RvJ!3I|q^FRRz9H_747qcmXmOG`5kVNH8
zCpGSpI%rp*BIJ1;SE@!Tmh&7vgJS=s_i=3NHbF<=cGdaTkmqT|MO1P*-Rt{ns~6wL
z%Ggq*@*euH4lm#8y{$EckQHS(_9}n$5f%?5M2W`-Wdmuf&OAmD_-$r+D+h>x9J+uA
zATJFDPFYCse1i2+6AfrRQ*l69O<t*__?gXUWe#q%GY5C>nS*C?%KZRH5xldI$juTp
zOCB~d6zM3Pm=7f%8zmB$WrFq!18rfX1L(t{`u*76h#25yy*_JGgy?3=w9r@ql=6_`
zN3$u=43RxMKyVZZLo|U!Gp(2?%kI;inPZ$`5I}OAURuqqGJn%Sbfc{U^zF|bqvr%C
zlJB%N2aG-`X6E68UmA`K2HRq7s-Dr!nvEnxj+@z%sHNQF^B8*t_i$Mk@TeIpSc~l0
zzF=^r@%ua}OEjwPVNO>W$8#3T-L_i@yGeC@`PJQ<NU*yg`uLim{7Mu=b>5(B(uH;%
zR40KhAG9=4NN8CZOaIEEU0=jM<ScEW+6CUuY{W;tB)z|5{#{#u>n0XCP$^=Htnl1(
z0z(eO@p^5;nt|Kw#twbRRzgsm^BEsyc+fZsh~g@$BZiXKW|#1LA66Qpow){qVC>)7
z#V&UlbH^M|dy51DA!Op(&8D1D&$yMAWa=z|^3Zdk0#YjSje7Q?=GBstH&LpTveez}
z7S-qk)z8v<;g5$R?p??}5^iJwtoO?7WqkkLN|TRcwgT|<%ie4k@x5V&*-NQ^hO>tG
zKG9><i)lBTRvs#f=;9)2T;BZRnmBw;tL!PvWw)@m)`uZFJmsLN?%BCco7k~;l5Ljw
zMRvmBHQeT89bNL+Lhc;czn~Z@nAhlD-NEJSMN=-T4@cKMZn)Gxzw&#2;W1qCbweD`
z@k9;cl6ZNQtT!#DjnT7JdE)L<rX4GB^O<RSc3#svE3O$H#(do1+k$Za22Xn}dKJ&)
zTCD*K-Kc{?;N0Ddbw`BXSA^GVJow_uc^bQkL-nwV|NUqsAzjmp9MC^Ao?s#W@W9?e
zuq8|O<m*{-HPVBg)@I|iW-983k<EeO?-Gnk-+dqd_Kf{awzdP-?92NsC(3vEp`jH-
zN5a^$f9GV8%$@bN1*jZ!%K&CfTI9$jK})hMUOMdxfbYg1T<jkjzBA%JZ4=Ntz-}wE
zN)+565q<5cyT!F=d#=gBbAqL5SggZ%aWz`^>0gq-j`|kp+KMWPJ#OQVY2Di99mig_
z-wo~qztr&|>X-b?pI<^GX%dosZd13h;OVztGct^yzr|_udc7?>)iHmI)b<A(eTFY7
z;%*$VC-ck$Zwm<KzP?s2mj<@*09piH=O4c~dv&TjH~*$qNvBzDRM$l^z?Q&9@9n1}
zyp-MNhR$Lw!cGz-B8=&0EK7yLI@zj>>>Vc~!-RcD5Xn!FDc7zXtF~JuX6Pi<>V1)M
zXXU-Z$rnQpms1wY9S#NTj29Xz&6nLyh#ygo7-Q1DXZ!j>k{o>x8*z^CVP&ocj%6qf
z3nsDTN%EaW_Qzc>7UJW(GkQ63oRzU9kmv-F=%TPtp4em;6~%E&ROk)Vc6bPRaf?@&
zkY5io)GgKWe#4bh8fm_YFP>!3-WkP-zl4R9$6skXPnK#rgq{BQnZTp5!a^5=9vyP_
z(x-lx$Mi#W$kUNy5zwO$&_xry&<llxhd;e|r(VoZulY89pB8D4q&uxQ8y@4`Xp4$H
z71zXH(hH-#b7!?@UsbtGt2C0{f)1C#8vrY-@4q`_4L#W*w0YQP*G}Iy0zEC<8kXc&
zl$Xuvve)HpH`AbqzeJ1lo~>VES}7@^O%kKe#U<p1^|ud)`!*KhBzh5eltN>YRBlL2
zj_PV788X|+0#udMFC}r&7p|hyw9i7nvd<Hpq_sKQu#A;!%Cj_1O&rNx-iw0Pz4=mi
ziC3FsMRxzvBF5FGOgDF}6g+YD_znp$46sB&C8f$Dokmt=v@BSYcBt+CvosyP!lAu5
zk`w6d1<$Ga`h9Re4IS%?M_i>A6Z1ctZF3@`!xaLLi{C0IRYr$Fi{9e**a3{f=O3f6
zN3xBV9gfmQU#9<-`LTtC61{U^PhX};_KWfd$pXjl38`bJS8c_NGL|+rl%+lcKStRw
zS<u3wu}E99a3^f;T@u@i+kAYBwBCp!;3Y;YhX}=Qm#LMs%%t>>bXJk-`EiT8p**Jb
z-hw5qojF`~*fmL)mawpJiWSw(p2!r*u`Ue8Q%6q(;{w^nV<d*`j*{wx<vZ5=_)D88
zNd|PT4oPj2Xa_w+ciohZk83$;!}<)`FNP!#f!{Gc{zmqT7fNBFHsc{g{q;+Q)(k<P
znNZ0sZXOwQh(1x#!iEeZO3;b`PW_^;j{CO58i`O987DrKw>5g70i9M_BR83U^q1_D
z{m=jV(AKcQ;o<9tU+-PB!_v#HY}8Jk@_fWs?awaMF5cb!F0sv`CjNOtLr`(pJ8DFH
zDn$Gx3#6_bRByx2W%xv#8vWw~Hg5PN))%i){rq2Fqd{zJoX2o54^L5DovBzRK~i(R
z!Wu1diRs9IE6N9pD{N_{_9pb}sl30?^i53MEL2sI($Oh7AX_eWzRQY!S^2`sQ(yjK
z<zQ{ng0-0~pOKmQprF7^f8Ke9rJrMy?}5#oWgLomJX^aQ)7R_Eckt)=zK%(Hp-5&V
z!jiOTX~i!mw)#GcdYuTj`-~`ku|8-2u|C<`V0=I3bq^gtE#k>3n(e1HpQ{@bHHdHB
z_nf{-lBs*@)P0LG1@*=}z7+V)UMOvJx=n;kH?L+l(7$WDnrsl=;>9Q!8NKF=sX)@*
zqEm+yXeAB#6hAzduy3$_ainEDQ*-mg`FCn7b9UrU%2?602LdT2O_Y>ekWIQrxy8g3
zIh<2&K4eLhx-cHxD~P9!bx%eyS`D0!OuIjte8?~RY<m@7Hv)VI&cA*KoZcn$60y{1
zkm7P)Vf=!;fSgs|O`g}*Uq!oFNRy2U7i@n#em{L#Zh;0Fd9q)Q>i~WCt`t=o0-yL-
zXVD`f|LDtW5x@)N?p=6+%+8=lDhs+O3dGoFQ+}UbvFgxSyi0t^W$IH&zPg%I<($eW
z{V58cG&`mNt*UxhHD9Mr(X4P-Qfe7Snkl`uKum~|I{aexXntN1?(u>mbwD#U8rK?#
zymy)kU{5D(I=em3Mm+sFhk&Sk4zNoDvyI=6S3$r!*Vln<kO8nXb<4W>D|~~X?-mPy
z?2Jg>92Bx8<Yjjy>bT?&4h?nt6YDTd0X-e9qdVxZ5D0n>$%{u)uz<o5j*&ayYZ|Ts
z&9+O?`BD0LG*FY$$Jubh(37l_v$BM>3(`cP$)s+%N;_lyzMToIcfryBS)7uQ(B@Y~
zzO7Cq9{VyT`aqSW*UkRL)AJ#<w^v-31_z7+H`fSU*ZK1wR!Qr)?BO||Y~HF5G)&QU
zh)0g#(FuqotNK!|eE9*!%Q{dCnJcRN5TcD{d6R3(ZTIu)(=>=3y=^{xlMlsGt43u$
z<i((MB_y|6rFRD`>g@;4JED!n%2|^@!<jj;otU3e5M9xVM&2b(Zb64i9qJhH21w6=
ze2(JNt<J*JyP;QDZU^c|nh#T%C{*gmyiaOnto{C$S>hA$hAQY=RhjQk0lub!&9|q(
zcf~In$jTTm#^hBY-E2Jba|T96iH`6ajJRNhM!|qvp^G9V2>|Pz>h=Fvbv}XV<HtmX
z^S79~64?yIrA%Z(IT{6S?IRLAKU&!R*d6OQMdbL3N6&Dy&ENJ!jJRX}u<`C}vboV3
zL&`Vo{m-he)*WKlO%)<PVxIWPu-1vXh9%j|aN{MYA^78o+-dC0kxA?Ulv_@tm6^Hu
z2>E5779a%8I|p^lDUD61dja6zR6zFE^KC%Oro=?wGqh;q%3jWaTjMJB`C9Z2#`O<K
zx;bn<B(i#ga*dR^dCHD0S$<(<4iCjgMnrsEJ!m-*|I2d9C&(+cidtEzs+Xk}emquK
zkZmM%w`5aYC9s~&^&s=o{Qk>y4Xfy2zi5|ztX+%6)EoQe=3hTtpK>y|rZ_P1nWQpO
zdFq46)$1@&ws>`PC5B61^vPP2%T9jJW(9z-x<iO=%uV~^TyaxMOHZflv1JO&4#X3F
zqoSrw587NjoDkev@^<ovC*la4Dm*El1EgjC>G4Q&0<}m$dur@TD4@EOK|=*e_j|*(
zpmWq)EdQw3v%{%J<4j@gnKPL9l9CAXD|m`Z8uw(~RWC8Fbs~d(shc39Q*x*1xSkPO
z>0W=Y^oNUV{nv?z2;4+IiGz(@1nJHlbCnXG0QLSlReOUG)w-g<7vElsv^dQTYt9YS
zoX@UDNs>6vK5OnCu-gbvtvsBO=t>KuU_fQ2lnO0~+udT}>I^@MmAMrw$7peFHGL)a
zw47YBHGn+V#U*dCs;UaTjk+VxjaiQqgEoJlsH7x;;Qn2qG^elVd|ex_H(3FUn{!1}
zT1I9TEnoyKViGhL8*2h|ZMVSpZ5&e0C+b?w%8v$V)gpTuXFr5)Pj}k_ka{KadRVq}
z(qfLxH0a<rB9hekv~%1f-Q94r@i3vR!*0YNCMq%RvT8HVo1^FTc3XGQFLQvHB8HFW
zz8)R2>pX~6uDf5vD${KJ`Dpn`U4Cx-39q6B<<XPc3uz@HaOu*_9~|9;;<kJ5UCzjr
zom!tiV>difd-OJf=n8S@`g*h^N!?<|yE&QoM@SZLSgNCxN@^8tck88@O0+7}E%^?K
z%WZJ@XGBNmr$zKjmE2=q;=jgL+}&Rk*Q2YNe7l(eAi|T|jvHEhEkJ!regt&56ieN{
za3;Es+GV;zOJ4+nOHe52K<B0^epx*_Jo+)$6a>F8;0~plKxdDxDbSANRW7?ht5RW&
zUvzG+aqFfCgRY!;q0?>jc04foS0f~wGr;b;Zu55x`RDF>zolJ;wi&h)#^HGy{gi_v
zn}2%5q^;6m7<Ex*D8zoqf&n0ewq3yj(J3FEQIMaM<(qVI4N>-5y3UtN<m?pQQrS<w
zGJ2k5U=$`jXIdk!5<Z)(Bp>mt$!?Bt)I|C?UeopxPC^?lue?5{%r-hNVw4vCInMoL
zj_V25{nxN{(DQEYg2o%&V9Ig{UReT7w9i$-;DWl^wk}mo3wj8hxBn0V`nO4Ns?JFB
ztd;p*1-%lPKk)NUVYG=vkyNXrYi&uA6gj!)_}y|6*1b$O+I|X<tEd(cng`|zo3|#I
z&Ol$MEANBd2$KkiBtC%Ky;|l9w{o42<`eCQ2()-S1a$dN-*EN#_f+P+4lt~qJ^;pO
z)|v&ji}Vvf2P-^^-JCElsT21&diQ8Wq_pX{U=4uBO_n<3JKnnTeH2d9h}_@5&F<UL
zF`faYt2F)68N`?DVKE%DC?7d~-+L*rtOTKn>fcG}G{tCC={DTK72tc@04JeMFhJ3A
z>vo9tBSykj|2}nomhM5RCjc5bn%c*zXLoL&sh2RT=~1#>`Y;Y;-6%)O*aD~4qfZCq
zkYh^^o>KP9HH92)rM+n~Xmr~2y<}P68BV_VT2yMDozwN;NxmX=Flfvc_9SbEk~$dP
zma@f-NZIhQrVQmXa7S{u6#jJzZ!ej*)zQ-64lnxmBfr4o=*N?2BcXjp4~)WtGTBYD
z`}rGw;6)}0KqRtpB)ZH5d69s>y~v-Z274qZnr&<p(I<Mm(8!p&(!m>sW))p`IK`Nf
zM=tO8CPR6%N@=9-o587Qn`GaF%z`JY<LSy*^%~j_yfW2O1|L7KDyProG1G{RTcocn
zXQtM;?3<D9+gGJhg2qbsI)nJ`HXv9w9T~5e>yEE4GQA5`EU`2q)Fg2R&8zI2!ocP_
zz^@{3eo)g~Y&EQ~-_AjIb#iM};RTp+rR2D8_MjJ1${U-=nlCPex~w%b9cN{4um`xl
zZm_*aWkdTyWZG1~QJX1tH#F64kmAx;SUXxe0)i#D4X{zmx)t@{dii1(0R;7+OZSdp
zaTPH<yWYSSHS)#+W+CKk1mo+%@;wvz5DmH-KHQ0`Avi#uaxieOWs|5-)`Z)1+C8F`
z@0R15%<kp)M$lKf%`IzYW~M*G>*VqMXz?BBE;e)j<s*aQJdas|Q61-bqIDsIMMXAW
zs^)Is1z$coF6hs$$7x#Sv~xHl;h_8g00US1EUnmf&eV@2qBsqK)Lue;6*pv`*$Y$o
zZuxx-iWCrDN^{$hYF&hnYu;-Uzqfc0my$0Vo0xdRpfiBH?ejoYnE?78@sH5^*8}F?
z&LM6^ELeDgkfUk0x+iHY`q*pod2n`t9*kCg!v1B$e%o&Ov)n1C%DDJI1${OywUFjI
zktY*PF8Fj|)8l}s-Ht4uryh9=h=Af|)WFqxQ2##O8<0;)JpOb=d<_{_SD|qZ^tq6E
zABGzRfzjn7)o^_F0>&g)&?_JgTKqeoBq-lvw<05QjpWX_IhiD-Jf1jp2c6I2D=KcY
z;J28!T9&|(J|U)E2LJ3v5Z?X@mozNHXZD-J7oxk<sJqSQC(XxCmF}Pk<1Bbn>65h+
zYhL!sK-5ES>%K(kmceH%`v``Qt3icwM26x6GzIc?OOC<X0hk@hoEFKO92RfxBn6Nk
z0!_^M@GW;F#0Jyp;!0^7h4=~t1U5M-Q6c5{+5osga>@&|kpN!CC0{<@5ezaX-Bfyd
z`myo$uyW9l0Yen`H6OsVk>rU6rkxSxuQ}aoWp4`$p5@o08*<;$u6Zcp7zts0U%zyI
zYamfQI2re7&e<hpZwqQ<X!sb2L&+M+caX&C`wsN0VNVT2LvvG|p+@ou;H#yHwo(sH
zT;Df5c4kJBU|!6&)Bg6Fpc!Y|HHzMKfV$gGDkBuZF6?P}&@np(E$L@!wdpOn<<;4-
zFnE?-SRNfM5fPYc11XRKiED|Wk3WvX;<{Q$Nq)YoDjz6W?@7|uMMHGkcEl*LePP1#
zkZ-Q5@>B=2{63$PVuL|#j*2VXzNpZhVBIC`GgnUSvj3Jhxz>O+t$!3QEk5t*)|+w+
zhNW2yTFa8l6IW^6Iyp{^KM{#j1yP~ser*q~=V>xZ2TGTlgbRRxD4*~=KQm_X9(lu3
zGm-UZw&NJb^P7lPZ3`egSWTYWh!-{Uad}+IP{e6d@3U5NUau-3i{9B0dNTo?3rfEG
zjNlql4JM`Zyi9YEcD*}I(oSei%56)hvl7shTf{mH+`^gMxJ_lG2d-V2j@vt{vBh*x
zR)B6FJ|!V|l1J$4eB;KAd7$`6-7t1Fjk~dp&DE$IU>&<bR+~9-i_9{4hEKO=0}UMo
zwDyT5xkY8owm7;w<9O3@m^wRC{{u)s8|aBj-p0&CrsgzV@*OcH!5J|{fd>h1Wq7My
z)(B-j3_omn&TY46u0|qdPYGA=vtLC|rF8J8C_=ru&3_w<`qoyH&yxS)4UPJAHcb-5
z8*@2qnfG8R-f#mhm^^MqUz9bekC$Hhd)K!VH+nw0(mdVEwn`dV`_6ya?n#6g5^^*+
z(N&m?{Cd>2`*9x4C$K)p4Xc1FzG$*fcmH(Dz{oB7{r=jjRa7Q*$5#n$l4rcmwrjbB
zT<)NG$)-z+RiG&qFRHVkY>*dA7}eYykp5_Ho{C^|(<K-VHnCOu<4tT)m%=PL*8|)L
zV3dNs)<~IXSUM<O^!j9$2=3g3(?og=Tu<~+R^jw!HU`0U?pQ~1vL0ALm<z_lU$J(|
zGTgxqd@nJ?mEUp;YAf@Yy&Vfi%0P@7M(KH4e&Ez<r<vz1h$>HRH;J2q+c8%{KrOly
zXiY(9DK|)UPdEJ&oRe23%C+qkl{Xcs9*V&X8I|F;ouHOVw6trc4(f!$=DD)Zveq~D
zAHO*Eo|-b~j2NPcx)BEaC<)I}eedZ3t*FRsFp3q{nvjCbAv?$hHXU-ud=sV;=2?7h
z_mrR7RgUunD872$5<B{1jh$6&JKy$^xb5z;IyN~K*mwu0liu4~_#(aV@?XciD?tHh
zJ?_{Z&L?)S7`@XccJ0qee8-UBD6%G4AaDEPnzXM~4W5IKaVU1vyDF;)YU!j2s%p58
zRgQbz-RX5*VcsZ|D_mBl)$p$Yqe*vKULg1cq9?MQC(h;)N-=(#Ubg|rVUp5U3P^jD
z)EUeY*20cRL1S92PT*MKf+&yUq@K}wVmMs%@E%_73>prO6V|t67N%!b+ZK_?PLU)y
zgnre}ffB-n#L0xjihu+gz&@!4$V2S70S08l$fZd)N@|5&Ye-(71!>WL=9!J2!9>Tv
zhpjcr&#~!$Ty~8(L~E1lTT5}|ZQkx6uWEel?ga}tOl1lCyg8M&fy{8Z-m;Nt^->HX
zts5#91vPF*m`Ugm%SL`<hq8cyI7xZwWEzUIw#Ui%lo^4r^VY)(a@!$6C($>qYrqJr
zaZJv3H~b<uBK8mbXU~}f`u8}EA_V%NGpeh@kBrpmgNaGy9|=K_*t{l1LF=7Hu+%$O
zxM8M<mE+B1yBW`JI6rcP3*TUCzAMkH>>mi%9E>f^%0i2A&T6eh;#v$&X7T!*iCfJV
z4c8CEr+VL}Y#=30((2;IwJ@UXm|Akzch;flaznKyjb8irgvnk+{dB8RJZkp5WPMBu
zhpCOUS>wTpIDI)uAN23Jq}y*M13Nl8)Fm+%I>=<%N20ovE}h-yKQaWOQ`f!gd497p
zgyeL%-@c{XLE)n@>4~A2c}jx6^CW}R8~vk&Ro2EqD`Qx8B~B7B(odb14)>D*p07&b
zwk32@cIZr!UQVSq2UwjjbOZj<TTUDn1qH_$^sg-^xkEj^q2Q*o#3r`S6+X-EtwX~=
zTmaeQ)ZBl`tKHA2>DfP4jSGSM*ljfKgxq~#*fTm{G)@sGvtRtyBviWYizv5vl=aX=
z5zQPjmwGT63f8QTmF3Q-no>W!Sr+d*RD-B(KBe^d;_rJIKIALSCljdX3gIipI-=+?
zF<mzg^qhA4>`P{u6&*%MgW8Va<{O!vpG)n1y+L0q`puR2=`-(`4%018A$0=Vu<3<y
zH4Bt@X$6~0y}dWG!XKT(@L?`AVY+;<Nx>i-Kg`)>gO4VdwA~xN@&I?IEKAE+tsV(m
ztWLy7VSvdAv4nk0(u?ad@N4U;*DmwNRi~OJV`Dc>cbRoEzwvJW08K4|y9~;ix*nwe
zK9wn%+OjgFQm|%LDGlcqo+o39OE}uiX{=}7M|{m)`LZoYo{(FA>{-QGnsztA>t`jM
zfjiO?T~sP&m8FnnU=u8}UPWD%csN>E+NALa!%|X?MCK7XEojJnOTUiL+BY=2qA5X=
zq}=L&+JO$A%h~|v6B3pRAOG2&Qu%Hg3cB=0GISPBeSgIvj*<1|O+p?~WIb*eCR?wv
zpwLo>+y2AbSlv2!x4rFOoLZIlL>km&G|)IqQF*r*4{0-n^F@$Su6_X>=J#bL^0G$T
zU~T5I`U(y5azQa0re|B|w99MA0o5a*S=GaV4nF@*Z2b3GsUFA6<$kp`sn3b^+&Y-T
z?kc=?e%y}tbXn#B%I@qTl?UZl=to5~0!YIGPuFjfl#j<0X6W_m@A&@{1+7_BNN|z#
z?2j-)P_9>FAIr@*<Sk`^v^{pT>b&@r>S%oDi<h(ZBh8E#!}xS%x#ErE!Lnt@tBCo?
zNkI(dqv0mYU_ZPG)0Ep4pc`HuFE~)4Cx&Df;PCB5@mmJI-;0O)m~rGu`#ONguq*#%
zT0#120eo~?NL8gDe_uhUgLT|I(i<he3(MPhCxZ$xH($`#4BizU{ls;(xJLiWHBO1x
z_gA<kx(s|qs%t=X)GwQg5xro9>cRB}_Kk+!`>l7zfaUqLS1hIHp`xR7!)U7!5I&+Q
z8w-8appz4;oHDP5>*IH2;j~|U?SuCu_sB2$=>g&_ns&{zao#a>&%-HCPi>2it1^40
zj~olq*)V8>myXxF-tL0D#A+FrXXJbJ)s>Z;++5W&imOE)lqCde?Ck6&)ZX7^E@}@o
zzt$coX!(6WB4Pz)WtBX;-lf>~=$5J!d!Wo~>8;U<jMbElK?$An_lEw_X#2(IP)?$*
zAXk6v!zBtj&B9Z%YwOoKvMFsu?%j8P7mjgfxmqa2irSf4wN}cW4~#UAEQ-Ob_;`t`
z{(?yG=l*`hUB$Jih$eh-s;^1-RpMnqEPXEeysWwvv86N*>0?y0s29<N{oSxscv<V_
z@ZDj-@-_qh#=?)bChm)ej!fQx2dbg)K3KDD>|)U`SQHHM#zn%x<i#fAko@RvO`_~3
zM1lT1@^;IXAX_HC@fX9LkfbK3%lNPuJn<(VnzX2^fdrH`FV_HnQ5d(4t;U-)=Ira)
zazHHDt-G~qUSpq5>N0A|DTjCQ-wOLk;*XbNdca#+P!JsuAinRp2q!A2VMSqeRs9$r
zBglac@08>?d|SheLCeofJq}gn8bDPJWc~jNg+LM$oL1EeQ>xtTmAItusT_UCJzUJ;
z&#+qnxvh8&`s$23h3#>>#pUnf-+h;y&++E8^~Ex5ei0e%V6SAqnA03%gh_1XdRu@~
zg)3K}F1zqp;`ZXVV?vA9sdITLV;9C;^bT8!d$p)?E;q$8W@2KZmi~qEP3exTR(50x
zvfO=O&|Ac_;a*i4D8<*M%!dPRgX*_yi8Co<*ypM5FOZqTWRu|3!^HB|v!Tp94Dtc)
zZz4lD8KSTIk<Oucd+Blcr3%)1)gbpYBnLE5cAX>MiU)^P?et4lxO6mk^yrr`y$v@e
z>Rc?g6w1g8>U6Pk3&Ob*p6K8WP(}*1b%A?^si9m3zfr3XYQ?B=%IM40#az1L8(K*b
zpoMbE^qD^hiI~_!=_*WNubn}5dRCf~i;HU&zq?D*XCWf}1OHRU$*ysv$ZJ9PkX}L7
zEt%iF{ve=LL!q8D*wdmM#bHiW$SJPdHFm=!tPPfD{D}Ri8f5D8`Dal_9TBzI&_$y_
z$VyXt9X&x*j}9>j-V2IY<l{doZ+}?73yN&_mvZv3XkPo+$-S9N{rNlB{XUhXx+G^5
z$SRPRTH4B|vMDv4&JlndTw3teH$CD#w=7eLIK*l??FP9{#A0iftL1aC9T>xu)znt6
z;w~&uZhVI=w)Ea=_vN-*SW59IBI3%yz0~vWoq^2e4LuahGAqS$PUV99yu7H=I1^k;
zm)_o24~y2>kW$>0!gr~^uL0GC28l2#zTXN7t0gPmM43pfmx32sG_pG`hK~VL9i}`?
ziGkSMN6;t0&bl(xIC0G40S%3Gp)j4$Mz|d3sOVuU&V=b~06Di*l<5$iUbwx2ytTUn
z6NYrnn5)sDf0SOEcRc~j8XE-xCSaOp=EEn^Hr~@C{fy7Gx_UfQ74|}i67~dkA{3+e
zTC|8IY}%2no$(F2tjYT%>KEeS{WrmdCLX<t@>w3WZIbs+qL%8T!-#j29DpBOS#34<
z+stSSb$-+mdP(ON?obP|jsTN<xUn?H%M;QU@GKkSAsnS>aaXE{)#LNqg{(fI^xiP2
z3<a~4_Mv}3B89*pTM68M$HA}VA}^v$4qp{Xxz(>?{kcsuI4`t47dRfiHnyKu=vXz#
z#5Y=aFRNwomP>)8O|l6e2cx6(HQqsQw3Mb}8*F$R2)EINsj2+v%wWrc5z+34lUyY-
zk1%MNazYJ5w+^=Mz+hc=dIjsXZ7|D%nFl`PQyXM$TGQLpA$VIGUNw?gN4-h71PbA3
zSpko?>Yv@SFYpL%pskh&ULF{bfMM56dAKUR9F@``Ku0mAg2_r;vyXEoJ^Ti;5vw6w
zpc}GJNxcE3U#%_*3SFBhD{(`$Ki=LsIG1J;d`NCOAaRQ5%K%+Ym!-K%;6AhY8zNb&
z0dW5if!w;_;0M=Dp}r61>}PA8FCzIh7DGt4?U}UiL3;q_=$camE}36HeA~=njacm&
zAIcKQKD&zjl6^KaTiL_?D;Xb!gc$p@#K}53E}SVoqF&>%>JTrQ;*IBbAK1#&H`#Bz
zGsnRfFXMEgqw+)(CSN0W_v4~UM76c}#vDLL8}@mKH|iZSH(wvs6Dmg(4M%5TAdA1{
zz8mIYsX|ypo<^G&XJA?M0E0MQd%6`d64lRVT0IMnJGUnI_L`G(5}P$Lb~%y(t&nNf
za9&%TwVY&&Sp$Xaqawr^+G&%R!eoPQsVG*+PC6N_uTgGJx>4sgpTIVwV`A`u7hx@>
z<H;-<pK_lh&_glzH^Kb=42?fe*)NKM_FD!WTLWVhW;;iNr>-x|?|aue5`$!#IhXRu
zGmva)`1UoFjlG>PE>@fglUL$C@3tt5I@DNWxRY1Ph!X7e-%b!RWsF&1v}3*37sC%X
zfQs$qZsX^X*T8SC7}n;>Ry?GnP&y0S7bRiSVLoVhm%tJWP`k$ip#3`GVxz&~?Cut<
zD8C?~BOq5De`ia4L6Qz$25lDyYXVSOGyc!8hE31VqEYf?fwWS2jujJBTvnv&8y;qT
zmsmQ;<x8GtO*TOoKzcv6E#|h1bX=RM^-Qe|J2erLc_?|?hK7iU@ALw}R5A|f?d;bj
z(cA&&v(W@7-FMxQ?%&3IOR{yv>zfaLWl0hq2U;z)A)1fBRPxv)cWs?`Qb--51POYZ
zchuUTU)|?Lwfu>DxVpFnNVm{~uqDls^8;4jBuC4j>Iw1l>s|^_zkz?0Oul0{5@eWD
z%dq7rgUiSxE`Qj{#X5}m04tq*c7JB|5_!_A>S{9vOOG_sMZ;N>o1d!sDC7~&BX4R}
z3va3G@N3K?_JnS>sDT{sb*NI*vvk{o1`GyO=dI+71&}JzZ<7qi7mvFw92rejz<VEw
zkG9Ngh%DYbQ%o&a=&s!Ojx>>C>|Ny-CNCsjJ9^_2?z|g`zaHKu4WPPGRE~+D*>T5e
zQ{0wK2D&5B+JJRugviTtJl=hk3iR0Gmc+BYKJg-iLW){(EBok#pK9-w_@JOsAQFfx
zso#~H@3~Iygy8g+t}hf&2-(Cl0lXak(NW&V0d}Ynh9|X)e-j#e=t%<D(czR2k9dZ-
zy5)Ai5InG4Ijhh2iv{WATini{z9rzQ$l)^h@M4=v!p(XH4_4i~Dnfk&QJImbiBa1O
zpWwA?VKgX2#S!UUmyB6e&1O6MCJD-7jwlN8SVN<-5yefK=q3!_-z6@hwU@s}Yk!a;
z)-Yw&5(Pc<Yb%<Sc=vFG3T?}+3bn3$n8v$C|0o`l_1irwal!;sSArJI8Bpt%<Q}BM
z7-3f!M%cugo6IXM9nquDQ;22JlS4L&bV{Y0#upS`R4FV_MqkuYx$hR{np6r3`u%jE
ze*GBf{q!<;3WV`L>etn*dMKG3AfGo2VG}YL)z$auuNH+GEd-88Rx(SBjebek=!@nR
zV7&DRLuL6>o>M3S2*09WdmZFfaV#~4{5g_M&b3US3S7jf%Upp)u9_vypJ;ftzl9`8
zWd__9e$_Rp1_}_@j`}&YgD*usIj*gCx`1S^0!Zd5`n27p(&&hY`|+~2epe*N2DxU6
zLz|=>mn733m3``nDQ&x!H3(7>FJdLgyy>LPXEiRUjb>a^GqWo&S^&6=Y5JWn9wesD
z+lvN+yrt-4uKGuq{-EyQXFCYK(Dw&I1OI_2;8Gwe)sM`PwRZKUyE9)aa5M8Xt7Ddh
zpq#Vi7$+8p$q_`7!iU$11>jH?Fe@2J+$p8I6+S6RbsKt{XT>lrn18gO=(3|VD2xUD
znMJt3PW)ta--f6ZJU2=yC}UHuBgTo2=n#MWed&!g<MQk$jGDBYb#LFgH(=bC|C9Zx
zs@i9M@=6s0V@D-_<H57Ev|Yf6K%l{|Sdl$C#GM&{N%E6wsU<OxRnGH1lpHUJ??0YT
z)Vn`mVnCGFo^<p={BZR2c@hMlNM=~UGLWzu#QJ2rOs9(cDq{rCFX)p|11PI|<Ik*a
zy<hY_K2fo^C{qfrz?scYG$YrzcyQ>B=>wFnFb!y5u6A>lWZ&zB|AA*TJ$qgmb3vc&
zT}LDkR#LpJ4u)#@rTNSpUEkCX&j|n3GZycVEE}qjQAz+-><Q8WPFJgMsETmkjLWwK
zf6Q!cdRT8qf|@FWFXuQfdE$pVKe(%Gsf>aGaWXQpS(I~*z`13pq=XCH4VN{ILl8KS
zb3z6MAyU;za7B?wJW7!<$qX*otLnCSr|{|BAjJTt$3erlJ)2&ssqJ^fHF6s30N~`+
z+bfNn{FfLm@TDMD#JDU8DHr8*QoefGdE)Cq8~Sy(@s}7c2qw;$pO5`utw3zoWni`d
zO8Wen&U{#Tb!L6-Y;=xWSU&oTi=(v`#4H8zBPv;7-C((KBmV2xtfgDYH|V@Q1TQ>5
z@IO2Nm{b6yu>l~>C05Yg-B($ybV%v*S4qyft9tjNzqpxLKe_mQoQRr)*IBMHhy+}Y
zIPj^vhrcB8<MCpDeLN5V2Y}<B6+zi~?W;FtSz5&bLnbaK+O69V(nD2`BKz&Ks%hx)
zCv7%B;hlwEWPb(zk%<H#;?fUGGxYIV=hkO5TsM6ZH!Su@3P5ZO33zuUHu^FZp{1#*
zb@g-NHOSPwP>v}PV@-+F#O0&E*EBa|tx-WXTrRIp{|`gZzJREp0hGlP{D61b8vJo7
zLkP8gf|}yfm}*f}b&gC<Wh0ByyWkW?;Bj_3!(&g`48E?p30*80I2`us)hmpi-dVh0
z)dvs4xy8^rzU(r;fV}Ic@mSFtS@4)3*&qjC+F0vg7plJit4IJ?^^DHT>`oWAj{xr{
za9vnI!SLlzA9=>dbBZezgX!Lh-Mjayc*JvVftf8^Yo{{;BHVP+BM2al4ltIHKj^>L
zAMEga_;|(C-5Fd?+KI5PULXOkaz6)Unu&1XKkV=pY+AFfz8;P5&UcvDMl`4lpOGO+
zoq!cvZ5IEO^Ui+Hj%`Q?o#!A^H~F1pAIVbOg$&61;JPEp$@SI~mg23-NTZosbu5)W
z2L|+A?!thY|HXigLlC}Gz2$mZT)f(5LKQY0+27V?kAyxv^g!*#`p{6n&I@7denKg#
zfH^EmR_C0Y7|q+SN?B8O|5(Uu-U|!HEFWeMaW#a5nhtb1klZP6MGnLQU=5nc-763Z
z@E1;6EJFejU(^<KeIqCeRk>i(5c~LaC8xy~#Rv~?Jp8WJz&%Zk>=#Ws_sGazN%oKS
z-%MrZxJ1EF-bYSE<{Opt+y|+fRGA4^1gi5-P>T$%3K=u;|9F<maHMZ1xOF8_mnWQp
z<`x!ABj3iv*i)w>Uq-)`h(ZJ9J)$R*_pgZS8S>H1kV7YR-yi(!A7(4+jlf@nE4g*a
z-1VgXlm=HUBm^@@(m9Hd*(!#Y-lYsUxeGwD0%c64sla%is6U%mG?^?usl;O>V}5?#
z43WYoh^2**hxG*f*F9E{5na}9(u)A>hio!>$L;0@{Hw#pfZH3U2ViD4PXezv(gW(g
zzCNaJBNG$&HFUN2Xh|t3c6WD&D65@g3cuI(svu#UmxYVGC59##t_z#qY{EWO%5vd}
zajL0W#+9Qx;mk}%6W5!e66$t3HJ}APgcZ>xOw`e8BK`r1P4HfuIpnTqE^IpbUh5%B
zEHlHmfUIz^ru9+A#>R4_=83!oeLOczc=X@R+x}RSG~x(Z-0irhH-!7w-Bc+<KVPxo
zrkkb*6RLAFnnMvFh}Cp<1am(Yic{EAX;f&jQoN+{-a@BhxH^UKbzCrr;hQmTy44(m
zjlki|#}9ar8}UNPl0^7=$<}|az*@!$U-;BZjhgpzbY%$iI42j0_Jc6UGci9SzxHFC
zK)8%n9j^3aLH+$xum|#EMo&ovqQU=<`V$=k0}E}}z`iba<G+965`o%taL;{|Qr|X7
z_={JrwE#8~{PQdR<r4q~j!%W@T=I|B6@PpP?b=>o*9JBWQ3znixOk(#e^N0+`}}|W
z1b7Q(9=rx@4BFPP{*4&`2q6MM2zZ0Gs}~;mhspi*Q&1TirQd%d%Qoz3h-@-PD;MGa
zyuTolyDUhl9y=ks!1?^6DO#kf3ZY~5HaJ!T-wIMykhA-Hye@|C0X1Mw^VUSS?lFa-
zuuH!V1fM{IxJ~eh!v5cX0@%od(co!&1rl`QI0qcap)UQyq5g;O__wF}|J8ShljN7=
z6D$)x<9O`z<8b%4#r)U+lR)gbw~e-^>w-bc=M`_J1_mvB77SV#ToGAMv?>Gxq!s}r
z_LmX-;f5YT2dGDzf;+oPBvNTAJ$%~0qeTIaR_PyoA8^6&|DDljXm^eN9FToQNRRHi
z?6N(?`J4V<88uJ_`~hzKy(%vrOf(RRrA==6s0!=R1u4Kfp~uSpM@sY;8~6m-+0vR=
zpER&DJdBxIU}pi4omF3~f{_1xbq*Mmbv>YdrlLS16`+{x4mtDZKb-j=Vh9KU|LIQ<
z2ILlv7=1>-n<qUO<AXktaq(1=_WSj=jj;^nKNJqXcn+{pfx}>_Bh}H-^)R}R%=2kb
z+OX?qVE?DDfxgmv2?{lz9?+Q56N>x5{H-TIuqpE6Fj2-F4)M;vd<X6|NO+Li2-86K
zkERl)zUm03CF;is;Sb@#FGiCEDF{A|hGxWrg+@czW&<s>AE*W7I6x-<S8I6+4cYG>
z>JO2?&%*`&9)t~z*ngWxU|qj|C@8i8YL8z%<~_(`{{FrHyK()X?Ek}L{Ofx!kOY6w
zK`HiYlf=!$jes^6$$!xHzs%pi+OPOUwDVu*JDBksxN)mH`HuP5@D-JZ51)lm3g~cx
zn}@Hnvg&N!#abp%ueHv+3TX7(PFuQl0M0U+4d=S=sSxo`vpVy-2+|4u5u{(J5x$~B
z{RnrqJ1INKi`8l$OQeGfI2A)eLW*eJl3Bfvb{F4)e=7|HJVFH2UU-t)ng1g6`O~QO
zFfT&bamk-USfIcGvnk&Pqs0{jccXZ^m(|rhymCwDCM75*7wwk3-e89Kwz;{v_9t#J
z6o?qK%iFV~Kab^E;>8nN{qBj$^yWaH+kjJWSxP8Rt=p095#X{}0F2sPbq4xTB|uoK
zjr%tmdn7_}MUzhUAMwTyi#z7JC{CZ{{2Yq{2ew7Btn4dWkTgwh)-qa8Adc{&pg<a%
zdk(kP2m*QmhH2cwwo;6l3-8x7<YxV82n4Gk=X<b5^^a2uG~bfEtyFp_jUV|>o;ZUP
zxFNXhb_cX1rRM}^fnw~MBhdTPXtctp;*&UecTLki%QJZEt$PrNzXO4({W&s5drP07
z3Q6~Uo^?7@RMc{|?d<aM2j2mx+XE1NYS^k!vqjA$XTtNnZpQSu>T1qW&>v{Oyf$_y
z6ryxhi#6zhF8*a)Vq)jDj+1F{Cu4kWF2g7&>;v7*gYsEP;m|E=Eu00h+sboipKaf<
z7`VTWg_u`xpW2O4kmfX6`&?e3{}uyWE2D;ju2M5*cH;=TDv8+Pm2NB2GcKz%3i7Kq
zd~X7<3?lH5<05~aLONYM-3UBP@%D5mOho%hsR9-iV^SF07Qm=IklF%VM4SmxTP_Ge
zI1r4@!NJjvlcyt>!YStgZlvm5)Ad{jH<AQ1FHp5ZcR*_a(Q>vNxO*lOx?p)s>Fpj{
zq@=RT@$$=e;L1+BYhNlMdK+|U>D4={wVjt{k)D1#6G+Jlz$=f5ZNO_Pd4Q&xX5=NP
zBYp>iO7h+BpRw=T9d?4Nf{~wrTGD0G+jI`FG<MwJ7Mvkha7!^BPk<W>r0}>RZoQs&
z*ACzrZzEC|q5Gn5Mq<X6k}<o{{lnV;F^=KK*Fcx{iv)`<O*aaT^br$=Yzk<n(knRA
zy@=aLSYO*gvmn|n3TJRhkG>CDyH`jE#^fScc!`kS<e0lX9FUq10J%8_t|W?vs%@6F
zGiczZEbZ)^95HO3H8>wygD8}_URUuh;07I~GY%#MDdM1hHRan2A5w4R<m9+KId$6m
zBry+ov|<k|Z=^5O&d$!|v*050*i+EzXV8Fes|9)NdlzkFm;H$L%k(!QC{m^}($cR2
zJHd6h#p_+IKsr*CL>z=CJ}rlYL%<Pq(-#e^pFScw1$7-zGZDcwy7trFm!$RdGMhHQ
zP3}UV+=M~PM(8H|k8l#~N~60B|2Pa@L=gD$WjuN)-D)%Fh*o$Uyn&{DV`I!<eqSE!
zcroc~XlrX1RrG?Mj`V<%ir{|=T7~xj;-P?`hQ_;aa@qz75g7{!HtdU5t`E9RA9H)?
z-skX}{H%}FAV<ZSWZa<n-W+xv_fFqdn%9<3St9#~yCR@TI7)s=$#70kIrf}_H*wgt
zF$33_X{gio%g)<vFdZrmH2urMrfbHFCP%>A+)&f9@t<2<?5u~HV<&=E-Ez&jaQruI
zjQ_BE5W?JaxsXm7|77$oVeJGQZCyclwEEOcUCrL7q+1K{UZ>Eckzfire*C#FwE$$Y
zuYr23?tsLoDfK*{SHsb%H%K;{&zqh*j6EK616L)ZxBH1&tPJLly+9TYM>i0Ph=T6(
zJ0|269)vnr>1VQUt--+^>fhc_zA_11@7-AxIDfb(RleAM0z<<1Aoe{DXq&_+L6u31
zph0&cK;c^4UGd#;04}kzHT}qE{jvLd+g~JzzM%gjU2u{4{)$efNB3oHALGl_C3d48
z!fQzV_J(IBTPw9k3n}&#_<q?fm`GSOC~Ky;x=|;{Ur0*=QDaK7u9kIcRsg#<w~B(A
zm$Nos>L?exM91f!*hwJIoB0k?q`md3NveH98V-`w{reFRnORTAwv&7cE&^_Y>kFH&
zonAlo+Mhibw@L)RM?TU>*gOpG!%MxDwtdGBCWI@+!Re1jdFPk#0w`sd`2@iR_4+5-
z#jtbOQ|3+oZ)KOJYLQ!kehx+@LE)U;Wa#Ib(T`!dM6GlA+P%Thui&ogcyQ<J!@4?m
zIv{uonI{%9(Ik0nWi{d~ic4X@HMi*Hgt&=6pg@E+!wGXNCl|K6516>m8Vab3L9`Kl
z+PD!FpygfAwycmxBxq|V1EFp#6-jQ43mR-6fZs0qC`O~^)baTX)j@-k<syraq6(ef
zoi-S_10BBMY`iAw&J<SL{w?_;A^T_8Gz@$zP!uu#swhe|$X1Gjf4y~mmAqMCJWSn-
z_i9&Xw5&*8FK`yQ?*_62M2X@)h%JwUT}c)oKm&L6+QaIcw)Iml6G^Gz6&R2STRyQt
zNn-@paV1l6F9QnPq<&e88kgGE&aSGr=o-5A_9nQDz5f7gKo3GfL+$CW()szrd?siZ
zf^Rkmgw<e_AfszMAOfYajo@A*0imyIe(y4<w{OPOG0=u-fm;GK?(V33Y*i-|7xV^)
z{Xbs_{AHN2rGR6VJ-EOh_)Uk7Kk~9bx(dQoULji6Jy8-sdHKar-9-CxEsx27xmi$4
zs4HZh4PRikUJYC)mH+|sU}2<PlayUC&vWpFKL<CRDpHDzJ%g&>0$e_*yqZ)VR3osR
z7%BmDvYq6XP?SveE*2yn{G6=!C694Ma50c=I*WA;j!E!P;%zBhmZ&W_t3|(1E&18g
zhQXf8!XiisA_>Kxkh$Iehf~vrjs~G(gXus9)`I=hvRBOsX8f$AhjKOg1R0A054v%4
z!b|c##x|8CNvjmYrAr;`^R}~SC&&J&%0%;4KqO%9j-tZ|VcC0j?=Q&{@jSl4D?csf
z^PC>g#Q6DHG~tgy9li@Q*}a4tTMw-bi;VX^YyA?<880b-!CLD;S87AhSaWDGnbP5_
znraT4GE`3bDINqOB)Lrxa*=*!ff7Q09Tm1wT$#hBpU`pnf7T7XJRMH=vP1LD6>%zr
zo7(lt5qt;g*I8JGFukU|v?y`8rq{g}3)M;!KwF2$r8u-r8I>$lNpMoWpkr?~Vpc6v
zos}(eC(k5Ky9L=s*4<+e@x^q<GNvTf``y}k4(hQVe5bcT4@6B$iHFmW94|@+6-$r1
ztI;PR3|`@|KBj(M&nZRAb-n7g$ElMx4M~x#6L!Z7I1<K_pI?QpECQS`4L|aD|FY9U
z7SpQihZjW2@Cp@497N7nt|Z)im?feTb$19xyT89*G39acmO<>itxfm{h!k_)68SxA
zd4uAE9+TZxiG(HG=7&!3D#ORG$aHJZi^PEI<T>abC!v;89@%`nQfLcyA2Wi5wtBe;
z{DDmnk_^(j%eAS&=m36igRVPsUEelty1~#7Z_gF%h_62TE}D{zD^Gg2`0+BE5{h%6
zegEeXOAf+$7sDYR^|Le#q=eF@!S%OBUmBbzRgHoLL{Pp^;G#`8>LqvYdOs(Zd}_wX
zUR+c(7_1##I~as?7pJY|)#Cv}umQS|tbLlOvqJ^Ch+DXGsNCzX1|SKbj{IQR?o%p`
zOGo$Dh9@S9WDZqTRJwuIfdyR0P=nK%Cei}Y9`_T>FzH~P&^^0Vk_4+oX;gccR2;w_
z#HhV9!oR>DNaD-OV5}7+&Lk7YELh756Cf1VGINvr$<W|YKgu}#zr@8*#;kSl2`&NE
z-3+AnUD33$WGFM&yUrfy=rpBu>EZPC_tW4iPlqFIhRash*WY{m<jJ6lgRQNta0=OM
zmeH|`@M{EY(VxCZ5Q&rqY`K@cvGvF>XsHD+leGcYarQ%82T}l#>iwUi4IOCzIM~gd
zBO)N2pC1@(Y5aM~;@Twob1jwl&TVoe5=p8kKhV)c8EN?niM_G|u5uhxUTt~MjWAy(
z=DU|eBQoy#RMdG<ePzvRD+|fW=)&iGC}#Kw*;wAo57wUMXzBc@nV&oLL`TKGaa_Ck
z*iE)xezJaZ|FB7NC0%ndJQ>{Ukv_|ojpXibqi-Hoat7{C-&?G+{#5zFNa=n`^=MQY
zS1j${ZPB2=aWHO;G=Ev0E1vd4H$O&K)p(qPNDxkT$E@XWCtPK~w<qjV>C6ccW*800
zLpBATv?0X6J1_5ukL>6g>Rkyl?CyH?SgANa@1mCu)nC7Q@TT?Q<l!;6tS;Y~TKa05
zZZ?Wyp~%w~y<U^>PgS^KH+vkyBzL+Z@ML13i&p;n9F;;d0+0C0Bi{-WLAau7fxpeY
z>9X94jwKD4`2WY=m&ZfhuYcc3MI}qyAnPbeg*N*V8Cs-LRMw(J%9?$ds3^uV2_;KK
ztDPkK76zdxOLj)Ku^S9#=DEJqeOI^6x$pCO&hwn}dY%7%=l8lB-_PfB?brKyU+a>M
z-wGlG(%=2}Lg@GP64fEDch6@j3M(84d{@2I9=11?<6q@IT)e8EsTQSQejTFclRuM}
znK0H%+<A9wpXLoCp#vYMf8(({x%0H~)orYpdWo|?6M5Z1rVn=<WS0k4!p%qf7bEAm
z2<LFmhXMSpYCr8tT+Tp3?LV`&EPQdky7aSPOz*YA(05!>W{VM$Fk@+;hX&N<?`xip
zu^E-9FONAgxPb{%CY`$Lz_JasCjY``uT$uJc5ly>m%C5Y)qbgp90FotD@ho}Omi6N
zAO#mU$oo2ecg@%G0+?`IyUToeWNS4-ca>gw^#Rk+tg~rlsg-AcbW_mzsn`wq>dR_h
zzT>_Mf<#`1u9{AX*mEUiRTy<x>Mb(p#p_7Kw_7ELZT#*%&_|2{HTGBmM?INowls7G
z504Y3%ab68>b;h+N-9<buK0=(^rP@?QpUwAC1JLYKJfPT>SmY;{6e(n{qAM?#a}Uu
zeW|cXwwVE{)Ujoua*oN3K=JG~@vzXu&Iz|N@MhWJK%?lzW>4Uu1HRoD@kUX&AS6;O
z?&{kM*MIkWR}Z(*W`?Q?+3oyxH8n_7r}rm(LbKyuZ8_ON1{pIr3-2k1R8@rUnoNh9
z#g7<jhRb{!T9b772jaoJ_bUj4c*rpG`7Q#2moyy#{Zh_pvv_?qew1klaru`IpdcUN
zxv7Y7ycH*{6IhcJzxjI^xoV)~!OpB+zq@0DEJg-P-R%sEna_7^$vO;ge=trWqm~Z`
zJK!a<M$1H-VO>K16qB#5>e27y=HVE_nL5H7tIj4M{H>*|R`0nrj@o}wLhzZgILD$(
zB{guOFRwsru;K-N>=FnhiMq}4nP#Lp{s-}M=VIKRN!lTtHi}Fsn@Kszc$t)_%b2mt
zuJ*v+JHj1N2ZwnA+CF`q-41uFU3I-aQG^*2E9(8d){>dj#RZXAG$vxTI`KJtiHX30
zu%-Fx%+cCjJs|y6^VcDZc^hE#Hsj9s#^Oi<tb8hr<Ux}SyiWKX7C)vMQ<{Y6eA4e<
zFN8{p2Q=Lu()&?VNxXXaS&4df-I<`M)wtsyE?LKdbeYD^U0tH_zLm%~&aH6zW?9I~
z*>JmN8zhbm*`Dm`VML#J6}lm2@hUT}uhRV{=klEh#FAw^#fVq$K3Ku({kx$N$1yTt
zxO`Oo@$EJrU?;gz92fwe>VNrAP_mTxe{raB6uXKCd;fvQ-`Py1Yz9U&3)Ttu(V0hE
zS|(q8ZQQ1kK6s<z|M=sa^2aN5J2^c)t!1m>YZPr39Ll%mcS~x7f<;=p*7@+F3%eh0
zMD^yK2D2*@JukYT?%hu{&?xru-kN8+(LbyleYkXy2Y#uHEauXisZcqgeDy%f69!Mg
zq@;pL>1Tz)qo610Z%W|%e?bEOmB#}6@^=;L&H$=(Q|}|n%V*J)mp>U5UbqQQS$Rxf
zIxSRsOTPNfOKT0I;3m5M=}lZ%P#4#E;FqjO$*eZf#W*>=(N8!D4m{)W58CgKXn!~_
znyiPd*brnC&6(<*00xw74QdH1(%O}saJK|x|E4lG1z~<=0D6CA07$>q6}ts>MF6SD
zs{HEu;Y17AGbWIxYPMgf{=#<%uHYX?(=U(n52Wc=$2pbQ#;K^PS#{j(W&8_v+|`O>
zW7h@0nNOybXb_I#vmcC2ru1F`nd3=Oh?u+(7XyLW_REauny2izTU{_dy6xEawwnLQ
zb$H^%;XLTwdM+BgcZ{O<zu6*I15bQ<?ul<?R_|hLkT|Qq|9h=`u5-;Ox?R&B@03uu
zMNJs>;_)ZqN%(^`Cm}>*L^lOJ6;Kyn@ZVJV{o>z@qfD7Na3^&*zF$|}w-%iCRE=?T
zOMhb72WHI6i@T+@!3pmIiC=;EZ!Ql;bZyYSdCuoKW8?0$1e^hlgnBV46Kj3d1Ha|8
zh943X`+}`eMnW4;{`_0E8-H-u28d=Uf@Wo}irElu6z#1YXl$EzM#Fe67zV_~f9i1x
z{QmxN690wckp6|&k^TFx^B;ViTO?F(`KI3cdp?D}G`qxz)=&93`|yvTr%)X<BIzUv
z#i_7<8xol#d4d4Mim+zJ4!4W(7Xi=02I8jC4PG?M-e1H9zcLVK{$JR;|Lo(q{FM-d
z=T9MsGDP8jUym$xLVsyWAV*%%l>7tT`=vGg2bMAASC;V~=-&9hU>SdPoLzRf@pEbY
z%}xJECm{d&NhgArp;ts&#aErnC;UTimh@+D#*5oZ@W7Myid*CD??La59&Y$YuFj_P
z&<$~eTwt+jW=SMYHr(ByOJ~9$_jm!h2gvT=ff_cGl7-FxuMUZre}|Ex^|BIY;a~ok
z=kYFL#$bH8x+b7+?{t_SA60EEgul7jii;7wG2k@MW5{3>z>jtzzDlk=NXMWz!gb<Q
zTE(8mH@8;{pN{?BsVY6ZK9^BTHd$WhmNXB8s&2E4195y+ksp4%)+BMKAd2(QQ(s%~
zvs$`yr4T?bG7r7!Tr~+zys0Dm3fO;0(2peK0cqC|wCWVnN;f@t6PMPK(GvKA(gPCU
zxM&Mf^kL9WQ2{?!@rR$2!qQyqD|XjSS=7TS&=cQ(Ur(44lPd8REUAflAbv)<dsRdm
z)DP~oJzi-ItEaB#y-JCN<C@Qh4ZLWo$C<iY$DbY!@7n|UK24ai{P$!43M?{$Y_R2I
znQ@x>^)OyEPx|<0Yc>!3Yw>so4me*F7|uQ7sCK*Te5+y{r}+e_fu_r>CUpO4xBB~b
z`|rv#o`;nf*c(IybIXlk<&Zht8BfOIRZ;gFBzCy0^ZCB~z>UI<r$<CoKnj_x-6UNd
z^xN$FKkPTt$E|sX@$M_2vgpn$f>jf*cK-x{uC4m~>)Ag^VhSJMfKUK6Lz%U?qsWIE
z=ThOmW{!dRs{}qgw<vw%P<@hdbM*eeCLq!KNS0UKwOJPPN<E`>HRPpNzU8Hk;vGW=
z3jNs2f%y2lZ{QE`02suvlQ*rqp}JQ2;>l6Sv^S*`_k7MnJVG$~``Cz0iGRr=J6v?)
z@~%pEqv$ZLgHiDF8t3QhUa||-y&&^npzh^};E#Qf^{0QN@caQdsPo-9<=u0e4Y%+1
zX+EgdnPKMcg5dFtx(4X2@BCEi`zQu?H(mGeXRU(>S+4V0Pw)Lp8miyLX^1d9JP!x>
znDyJ*Rhr_*7R59?LdqggSoq~}oqly(c%KbF)Pa6u5MfF*7P@(2v;8VYbXVAEE+|8p
z?SK<Nt!x~X1l-rZ$Ii&HUm)npprBik%ktHmo_Db$7e8O1fy*iX`EtDBa*mz4J>|%T
zd+U3e_YwRwbSC3jRzd=C_RkeWs7@|WK?H#W9Fp}<*BH&8=Z9aT{isPAjF-(N)4O22
zO6LnF@L%uv`M*X=;m5TF-FO+%R#CxfNHypEx8l}TU_JltNv|nwK`Ni;Hg>=|c@D`-
zjyK?^ndi${iGS;-LAd@af7;s<AX5pMUBSBE8|mZ&qH#pve%qba`}9EuvOCxu`Y7eT
zy~PCxRn#QFb;Ks4{CVX+UwPB+Ie1RY`MxfeN^X9BG%A=|<&l9qj9`9tg;jFn!d3wH
z$<WE_SWAvzQ&aoBe2hANjR$?bT4<6H0>a>ZUjsr!9|oqA_d7Z7NqgFt@tN~NSo<p2
z3EoqcJ(M$(flxr%A$+7)FZV4*3dP7?zNz1$`qJamzl09nzrfZ0*(gEZ*mrjm07iy@
z?@dV(AS?NvM~4#gN)#p}CSh@K6(1RP1wUwXv7sqGEIgRk{>?|aR|6VaMB~Jak_Ud(
zR(B8pq~sf?h=SnpL*iv|4g+BA?0y53NQLc<XC`L=9oAu=Pq;0n`}$pJ<-INbJMz`<
zY1#$o!A+P)`R-Z1(JkR9M7|i8RleWqamUv{#auO!%L`22Z-#%I8vN+RlPfW+WP11~
zKP9+*Qlx^@OwXlLhYl-P52q%$RzUCFl~NAdzgMMw($?*2Wql^*MxSZTl+5nc03ZVk
z1{pY(wCdQWSXXd!MKj=<z91|C_SO4^yM!_aGh#AfXLFd#M^81RibkHcx%$mhJoE;`
z`tsr@*<f%9G*IqUreG&&MmKoSs)c98N7JiZE5jW+ZWleH)^Xe+!J6DbSg|zG$_MM}
z2m1}_)7G7yD($3{stG<Tyv>!}D7-&07AmUc)Oujoi$XZ_MyKi2R(d+JN0u__aulhY
z$PaE<`_1WH#DFkVJpVMt1vmeu|M%h-KDI=?)+9PDgvN08)Fu?(D!Km*48ezpHACgM
zgEs7?IF;blD2B`t1HT~E5c^qWEsj7$$SY=wC3D*S#}w&fii19evybVahJCA{qf-@u
z{=JEGVo8t0u@kX5BTy4aglh4eLjw~?LWyt%vtSTX!8CxJQ9{bXb%6XOzhf7r4k_yc
zZ(m#{@RT(J5o#9@9Caw#jRmJ=6}6^r<a?e23c=k3bfR6+B2QzRMGYwjCSU4gmt~Lm
zT5Nd5dMm6DNOxzGkal`n(K_8J;{hP0F(-f0;j?5keLX$Z>7NM%Pj9Kfl|`;9t@L|u
zOx!5uxc^0QauF~3`Tz=FilvQ3W<m$Hgzo|%6RZJU^oV}i4X^YCn0&_+5Z-_X(6*#I
zBIDMQuG8Z#VKn9GD1zK%la0S_qLKRp81(J$?Hx%-8srkvI9nw<BsU3d-%q7xk_{%S
z={vnmdz`I-5>J+*9xyvwEqgvLwYJ)e+&u})$?8fYAF;Z$Eq3FTSGQY>>~K5mhHdUQ
z=q94~6?ttitUaLMxsk8@j@d;}dpke{4Lr2>LRzQPDhljjZpelWmUh-xT)Smkt&nq2
zKaPH`a{02;96)uItf?lY9DJXffm!kJ<*x3#bvdvg-8vcV{Ut_vt>N$1djAS=UcFtM
zme#NbTgvkbHv~m$^CfqvU_3t4V1$tKj0@b%nt--?W+pTcd}^i=#GqNgw{)dl-8x4b
z>IZ+ft9fykHzrOI)D$}0CQ>4|Nk*=*YqC<Kd+I9t4+j|SopwMtj34c4vv;ha0te;$
z0pKdk*=`YB;>ROvgd<lxR`m&E<P&we%Ys2LbQus(wrY|q?Q?4M0ee9+W4@;Vn*=FF
zZ)GZ-TW1V}S<K0lGPMw*Z#Fq#Qv%0<EOMMhMP#tS7TBE@$+~;=Y`agOrb2@&Y~;QQ
z%fGy566n)nble6Ng-uWRpkEUfs4q4;HC3WGXwTUzfe`yOFIu*ttsL1y-z2Os!c0$%
z4I+h6NEZ}i4DVpY#>#p8wNIT3%GzW|xbk@8Fh>b+z2+}F$04|u&$^#DEW?~bL?5hP
zucr9+BA}_rW2H7weOxgj|1H=F2nNGYecFF*I7>dk`|9U$Bv~;1<`ltTZ9=hU%1_jz
zTTKP{RPmC@MJ2t@A|rA+gEL5519(_8<;izv@>$&iT016$6)Cr|g}er$7G+P;W8^kz
zMv&~c5zJW|_F4l4+03+LE=41^rVtxQ6>QH(d<;FViEHvY-|WLiqw6fQ5A>P$6{y%L
zgC9w-6w8@<+!`)!KiITrult6Cseq9ISkVf)UNdAKKmlhZmWlWueOK})nz4HOJ&rbY
zF%D)glWvRyf)5^CVK}8cRf{YYRlqG@a$naCFs9jc`}qa@&rS(y7@aH8V0u0Q|3A6o
z0pVLYwiBvou)%yrf0w}3J8XTL*l8`PL$u7M+C95k*IG1)Xf-_%Slmh-wC`3dgg@J7
zFkKxoT~{8@DSh675RYo;60F4na#N+jO9sIpjtzDBu;B=frNGD>Ka%TZ7`-Twq=YYl
zr|-32c{B2qn?ghCjxz;}*loRu(BR!XD*O9;JcZDzT5o-SEE8sH(4IOZq_vng)x2P;
zPl^ljxg)D_$0XB6J+%}Hj?MOX-ryU>b2<{ZFHi{kEG#VC?g2_gnj-ZUI5K-9LnJG!
zUma)g8BU;TJv(fh)@1F2RmeKhl67DJS&U7?=-EBV8n|LHrV?FOn&3u`nXME*cGv&Z
z>`X2_6Kmk~7!aAcBZgjvL}T7Zw@F9HVEQ?3N{(6UQF{DlXFK@$)J|VX{nP|7%PaH|
zzu}|2ls5-I9BOG>W=y#l&@_PI#R8w}Qe2>a2w{+?p=hURwUFW$K%tWPB=8pF13~A!
zijcOQ$_?Nnto9G-EF0+(Xg~U<#?M8JuMy85H5G78kW`G%aB<n>a<v!SWL%(s5+SNS
z1QXBAtY9z}S~t~A49OhIX)LYUl&MS<FcT3t>;SjwBKF9ebQ15+P^xzO?NJ3@A%9KR
zKCQzHyBrA_k$@9k%+*<@W+`-JIjaYrKY!?3sHhYQA;Nwe{n!*iRMPR!dQc1Aojup5
z!Cy!gnNF5;exR#ms~?BLsY{IjYjg`YVc^0!HRXB{epN>s(foZ(ybQrELMjRh0<6?8
zdvJKk8idM_u5G8LUbT!_AHlO52J&n|AWsFud$D4J2Ac;DZO&-}w_uO3$cmM2^8&<e
z^K9><<(LS!X;VHFwPSrQ!NPItvLKqEwNB{KC=A6Wz)0D=*{nH7N5M@{)`BP?e>!@Z
zmt3@FF<=YZsa@U7HWXoB!<TzFsnsDlcZZJPmG*i(9}Z}gJSe`&U8mmn(a-^*cC9It
z=18YhQJ$*8=M*sIH%-S{&s_)@Uyk>3X;QVzyb+mz!Vw0!dQYupxaZ<QT9L#ouNAFu
za%eq;Nvr<oKJjB~h-Tk{41ReeA4}VGJ)AwCV6@{(EO`0Q&vVhZ`fFpM2hkx$Z?#}8
zZ@KoR(WfV!t`kZOY7Mc}F3(bKhXxiw|FczI9eEvt0mC0SI7KxS3sty`4=8Z}XRp(g
zz8y0`4NVl#IM9XOR2wyQURQzZSX1_gO0c|kNt-ObJjpk!FFoo~Iepp=uWobFagD`@
zXr_i65SUUjc5w&!H=NWsM!iM~VLMNl9JS);9T4o^QLj?F{f2mT71~8kt=KD7zUSff
z+0SJqkFQ=ky0W;SB*fcnqwHZ5dxDXFN2oeMfN%93H3`&*%;VlRw}Tk3j7|aJ@W9N|
zHIb}_IxM(?{wbbsv5pe-zsFI%S&k`cLMT)1_=0{=<LvpSJJeCF8vO7tYLDydh%QBs
zemT{0L(CwnzLhFOVhi~4yxp9a>p9Ayr+ev4&Kue2sq-g_%j4IWa&3_pH4)xhFVA1K
zb}=g@=bcKWZl$7}w?%<2b+g7jE&BGocSr>R{;q4T^T}^_5fdl?kazgFA%0WTXh6<}
zA@EMKb;s7Hbf_?_l(>^g?J*{pGxZJ~bIIz}u&^F-ta6@JJE8pMxQoIKHtWIBkqykx
zyzK?=_%GfswuaK<BL`l@I&D40X5*Rr<J&|gW&`|dZZxYUYjr|U<~CxvIA{CdU3?B2
zIDk{IISz-D(H9cck|g3bsQF!x_palDj7i}4WK2m0$-^#eJ9`1p0IM$*jzK*7biP&d
zMU2p5bPoD)&Xmo*CqY)y`%8hCzUTIn5Y?W&0!!e3x-aAHi4>&?@(pYr6vP{$Cjxku
zwnuHZE<yFOo>?N6T%%-nR9%eSkpQ~AlF5HZ$(_tXbxrT#ix<SLKOR-<l9eQ)d8>z%
zL$k|<WMY|0LRz0hdhPNLYT?fixrowPiHX)GadQ+ChB!>r$4)nVIJy!~j1sk;(Qj~n
z#AoewPt0w^XYq8p3q&@P8fVX4u0Myir%3~xpDNWWFDP*Gjjmso!QgRpH{Y};LG9k#
zeZ1DRcDthFT8=d=6H{e6IUNsb%EpTLV=jvyyL^><I{jn`Vrc$oJDM(sRJ_7AsnXl%
z?J-ju4agwI=lVSak0p@2aIIR0BisYng|iY$P@b1)E?neA%3!kJjF*j7@BDP0x4LSd
zd4s6Mb01d?llWnbzCy5INq`!u;x(ViY;~oPNut5J;xn%M<M&fgIG4N6rviRccQPU9
zpDn10zs}C7c%gEGu>7HDRs<EV6IOtA!L;U_41HWy;%k!S(iA-v5WzpHcagS5!~BWW
zOF5#SigouRqm6t~cg*(kCO=TC-9P<-5W03Ia1D3ix*5ONp3ZGMp4||!mUFy8+c|36
zV6@LEf-vCK#m@C%+Tx=aBYOD_i*H3F_Zv%~pf=p`Tnmjl%C9mK2eF7TwA3I!YmeWh
zTDW!zdPls2nV#cL7btXXtNU%|_@jW44!x#y{?wPO6qG0FI8)k%ARDQntT7j@3d@qa
z9RsE@@Az6s<z}ZrO+Fb#zY$eY@U({Y7?fu5GwVHfMF#1zmKQF^%&w+St8&$qm6#LF
zMMnd|(SUvC`e+al=zm|`|IYB{rTU}Ys^&?evWHB<yZm+}kE!xnOWuF4NA_5;oiMZk
z&8OA?$s08u&vtiey-6-1+{a`RCl|eF0JdoK<i2)eKI0=NOg&t1_(^j9ttMZL9Z#uo
zVz|cWhWuNbhkplKd3r%K=2;?Bdg^BwhdjpHGs$S*w4wUYtzrC1ij;2_Wvha>#bqB2
z6(8f5ZrN9Rk6~rC9rZ^vCL!p!-^%l({&@;%)^-V+qkyo@`-z3mxHbNKv@w(uEkB>|
zzz-KdR9C3)M(LvIx-N?le>#=vLc)ahltsOfRmlm-kP~C2yzvE-lBa6-@`nFXgjtya
zDrEv-Z>?E}24))=-k474THox9aSDLV8#0tJAT7P@?Q8NRSL4mtA$V!!^~_~N0oUUu
zI=<w9h;8lC0CZFSy`<`X6~VYwo_<>i&U({F&u*mSh@_=#P!}?JXtWiD|A355HNt$t
z*!sTal||iM8o4fE#eH;v3au^{>x*q7s}DqJHb^{DVMsUjZK_c9xY04l*6YrputU(o
z<B3G?%b57k$OkS00&h2l=yfPYa7-KCSOnzuDm00^kU?(F)wgs|m~fW3_afPNU%^eI
zWT=nKG;*!?-?-O<@ld<3^M{kuiRztN%-Z8BgT)*Qn^xQ95%j88n`Dz~YYM4Xf}WK4
z$VDp>VhqSHU2xz=T)bIhM$E0&A4PG8CV38ZO?Ig15zS>0-Zt8YaPh+muUB(b_Pvk0
zERGD9EK)QZLCd#GJu*Bn6=5W#KKy+c2x0l3!@#dsbKhv6fdFhYkK%6^u-}T8jBgk4
zRp`==9}Uo7njEO4us!+nrI>VxaY`gVWdV=c?AUt!t9Vwmf|6}Q;sLtv4j7+sjLZ5E
zgh_0Fo%AfyEhBL0gVBI%N>0}5&jnbeJ;%B6nTZ4&7#&Jce7#F5s01lBEasqVO!zc4
zs}`(rB$Ox-{We!8YT4-`OIC7n9vg<TU`#4I%r@Srhm0^x?-_?ssk!gj)&Mq~x{^@)
z%~`n)G5d`BJI;9rChn`$v9lvYz0neE>QZG`nbbQlK<2Z$qf0A`XJ&rzR_}7bVYd4!
z9&7LG7Q_q(C<s}b5j#{Wx9!pn%E)oGKxJCCE7M29EbY-0b>A>L(Ejz=^Our2YL#pC
z&B;&)>Guo?8I%wdlNx`o(kz)X!a_fN|KQ;96eJgqJUZ>Cp3>NH-6;Bbe%<dupA+Je
zEHswNqCN2WCZA6tz_QeNbdD2l4NLh_bn=S5=9DdIT0vgB`m%uNYpj_oc}%5%z2QaD
zV=tGjYEIgh6Z4nG*C(7!tRq31p3_>?^C4<XpxR5><J$Y@yRgcx0{JD<-C;Z1Dsr>-
z2Iu8Dt#LLzS#>ZDWq!OtLNFo7Ka|j{SD@08=k;FcQu5ACBpOrxts6^{eWFm>H|o4v
z&+#S&@CYU!=6Iv7^y;x!Q|fsr1n8RIB5k77rsV|HJ#mj|sX)7{SxtJA+VDo@P6Ts7
zX5#|2q*w`#YIPMISA}!-I6|1F0wvnHkh?{^XSYCIOw(tnCLS-Nx2KuE_s<XkFW{d6
zt*3A5?a8r$psz+`&#Wnj7=wDU;fw%ldPN_s$?45ql}p(ETSF;7-vbc^qWKPvunm@Z
zix#(BEUyei(zRvVizMlz=T9k|w;Il0#>%v(AZ*lA-%qUlKs^sfL?F+q(GR{z5iI?D
zw6(sv(ovF^K)y#4r>fKWHTFktP`q=?{X8urG!>~=TP&ia&L<{pd=;SEROYyz?<~4|
z3@JXePHQW42rfGOW_QwfdqCZ6pH6O>ec6q=^21!rx^G40OuD_AR55m+)o&elQD1$6
zSwiSxGOv!l?Frr^gwK68ED0ieb_DT=wVUs4r*sT;2z76k_4Gay>_R$Ft8RzZxF`N-
zii2(&1p3Ecf)7Vm%Wh;mJZe)$=C6CLXU4Ik)TY7(cPV{!^dH4_aT5?N&K;j$YaSA>
zwyW+E{<x@Q6dgvF@`&%R0}K&u_8IkkOG^d$;8cz;0|x^kT#IOz$g$~$Y(i`g8;2A@
z?KE+4bCGA5sFSapFrO&i|0a%GvT_+?M)xhUlcO(bM?jKwOq2Fdv@wryVyFvI?eg1;
zRC1l9ihDk!;(cAObE*l)?QXrT)K&0C^PRerr>0jJ7qsjF_IZB?(7*c6__y9o-xMm%
zM@gagMEOrQ%WJn)zYEJ+`bRjMf`qfN_M))&&{Q>nXa<%#8-WZXAfsCw)qiYjsH;Jx
zuQyhebchLaR{4s90R%92zd^Lla{d7DT*P<`!7gtRWmkkO?9I_~G?MTl*k!0qLdWN)
z{kHsTkqjf5V`PjUb(=d?P8ojs#y2d?)}NO&%OHu|0%8n^psg2o84e&Yvvd1@{P^d(
z@bR_@N|eskxVveWoT4EFxjolA#Zx$N<I*Mirdxkrc}<1C^8(9K7O^N_{nU$f#R#Cf
zZ0>d-Y6<55scFT793f?0(oO-?ZRXT=N2HyJAiEinwhZG>ZJA!AEfb!4E1WrB{m^rk
zDkP&qfSrHq;sGfH@%LZ99q8dO|MW`L>`>EQ0C$TZ2iOn(+#d2nYD%Yk>hD8)=*H*a
zEVx6Fc_;`303N>w0CV#75265Q%5ePL??FSq=W4B>-6lq~#G^fO3D9{u0G%g5jPRiU
z##IAi@~>a@nZGXMfA^{Z%>VDYY5<jnXjC_*r0-t)qXhou9tvUhu`!0@QgZp~OJdJ^
zA^6&oIjLIssJsiQ^Bn$c0jc^`YPaA~LH8Gwst#wIi3VhWy%J|n{UnNg>p&EnMUT*?
zpsyJh%KHLDK=2=k0Q5}%y0$^pc|mRakGU6noJrvL1fcKBe;!OpLk3d}+(%1<Q6d(f
z#?`^DtUfhoSA2QUt_=fDX^Bt2M_ME8sv{|&sh13{E%yQp<F!wuBk+&L5DX(LW}V!C
zp5bfb=n&AWjXw&|Lvy5Uoz2kY4{hs~m%VtTS&YoU@Z#Q8&4E+S?*IAG*27Cv&5lg0
zgej5(sp7~a!SR1!xPK)?3!0{dg=iFUAnSg1Ae`{&LMdxLtOo1Lk*c5s-+_bg_|*^&
zaL6t&gu{r=DPe+^JL)HEy&q}0-#)k5mV*)f<lbrSXb{ak^P&m9?9Yy1VbNqon&^KX
z@d2q{V8mx`Bt-RR4~zkhl+vxL<NKH}kN3r~zK38oY7YL1=oQG%W%Iv`MF9Nlf6k?=
z8`gqE!d?DViTscH_&xhASYaOP;O~L<T*p|c8REki&P&SpB8{T6PSl{0G}z>88vK_X
z;2gqgtMX4jy#vW=&Wk)2hC<uMORm?z5p#kg2K*Vs8caV)Zz&RM+<$T_f+=79?sM`Y
z(CYK^RXKna=0KZP?7#KnFW+h5g~%iLr^q7%af6e~?<y+ft2@R#RYTk$;U5H73%bEy
zS&m<g?=7g?V8Is9Z8qE#Y<z~X5`+KNk8cplmIq1O`je#DLU%WMaP4NSiwAyGTf_e&
z*eCp)eFCu2UyUYzCB$HY7Z74z1Z(u?=}d?wO@alTU?lVC<Jx5idg#NP0F20ErjvQm
z+5fE{kHBj{(*8#51V*(j@AC?=tTq@N?+D(m-$(2}S02o=A<uq4GY(Kdami&{%z@Jf
z!7)r43fp>wt(<RK7Amz-x+Cp<*2#}0<Sv#UGH@9wI%8QI)?vB&BoOJO<fg>+(JS}3
z&2pJT3!2AVQMsfNY&cJpIYo&Py=`@|F!(3(a`2O1jhJB|o5_dAs^%jdMc4h>Z;vl2
z_T%X<_UF@7x<fl=<vCZgVP*n$Vdse~(vXs-u;rdG<uqm-U+&Wfa*l$FZYK?sP!dNt
zw!xH$(HTf6=VsyNVSewCI;J_yms4yyi+yck;$DZ+6;1cQc8nI~r$63^eE~(Y?pYbn
zo#9eej{|Lq?q5+ouk$>X_%sD-(wg1wY+>M8b8p8v`Lv18ow5#Z$5~<WZoF=Dm_WXI
z0IHxB>^IMR`uB$vF$X6fG-)rmNz-*iZ_8w1Qt_x9p4M09IHk#)K}@PWZAKw)Fi>1_
z!DsHz!4M}@R>T@bcG&l@zGY|IEF$hWDwI|!v-+SPFQu>^u${H{zQ=aX#o|ksue0}t
zT^9LqNyS`?mkl>3u5kd$p{7~N7&Se`#^mI70pU52lK2e<(i%=>y{G2;uZ5$jE|A-&
zsZ&J(mlGQR9s)r`K>!G$&*}r3cwm&M#%gZ9lY+Y^=G{(!g~&b9JI-nc^D!dn+rzbs
zC{w-ENyVnJHCgN21=iLBM^LZy9p)5c6Lqna*M|>_S8E@3-T`rC6lBqJI$O%zT^Zib
z9amOz!9-_~KVF#M)!0NQV3$ewF4Jnl%p%I|d9>E^&BJe3Yks(x`k1p&R+OLR6aa&%
zmAt$1qdpi5<*RZM?=oSQx|?1&1u<OHTr7EO2)G_#pL#P?%QIE?)Eg~!@;<q~mg)Ka
zDm*ZHO-J6)N287QQrPGIz-bPnH1&fnS#Pd0khlQ<wM;B6m{nE0ddC?T2Ke5D#JS-i
zWFl%Mi%!F~v-(HTG3)Gn-`}z|i4#=>@*VzbO16u*;<Y6^*OHmu-}(gQ?T<DCyKRoc
zwCu+%IT-k^@^9XD<VMQ*3hRR*+bd)Y6FRjGU2T1WJ~OeOOg6dw0Jz4ucb>=T+Be&(
z5j2bZ=VeaG)*bc`%gx;Cz0)T~T+4Lzq*2qGPtCxU^RYeZsjU<QkEy((GTa{cwY{%;
zrQwTfzCBzAb0lmyO1s>!qom|wtmq|^PX#5Wun{EO)xfq8Pc9s(nFrb&+1u9Q9C~el
z_Zt@g-__ApRbHm(?TIkjn^_@=b?kd49o?<wj~D2=(obYWU+H=!j5Nf5l<($dV<K=W
zkneI^WF@H{xN?Izu?2m3FU4x^o<lj9EMA2=Nr)*wEM#b=x!vSJ^W?OhmVyE96%OYN
zU%~{R?YC5b%OmUP>-cEAu5q^7;OEi6Igskz_56_16cMJEWXK~^ZPYrW2AJFz5&cvk
z1;^GxvK&NSJD44#F6-|{rxiQ-H>Gw7&kZDR76T}8i#MLU;;J(;<}jU*|EJmgIp?r?
z6w{D#2V?F_=1n&%*PNS4Jz@aZzO1$A{`EZ*MnbcW;o@gBa#5mjud1)9a_+wL@!C)q
zcg)jeL7Y*Bg_EM|_)({lG<D}F2wr?2Zo`D!R>)*QfD$m`J4S2oMl#JQPll31)Cp=(
z7K3}`*RQKIw5j058%3W=U!H&rp&k2{J+SO;*{rKmO^8csLEB%Ul+N93*$TkOrkypR
zGBoqzcG0pX(wSEm&lEwXK&>Mh0Ykx#dxyCDk?!j2x$F#F;6FVj)KSQW*UweK!DElF
z=tRnK=O7rJA3Z1fCfjcGZQ|;ex2_A0Tse1$ECBjBiehTT-VfxfPmLV_5OhLOJ&Ydw
zRQhQ(juz{es6Ob=o)nGD5%^{SqdY-Z%S{l$54iU+wEJq4bw-yn%D^uT>A++@#Vo!7
z&4Jq`s?%-@hcLMGH7Jf2AaI}SKfsl~yVjW)zfF;IP8A(t@?lgP7i;*i@jAXZQU{a~
zyRjI~A!Pn>lnLZy^&jf-@0OD%$P1h$L9+XO0dz(FR|5sS>wn=6kgA;ww&G9I_b|rc
z1QS*N><rak-{S2Q@)qBrwC9I01T5~xiJB5?PY&TTU(cG%In^#09W2w8NOp5KM|dWV
z(RZKxIboj*cO44uwrr+%^3g5DTziXYSq76Cb?HEBQ-Au4(4``qW~-9$CV&$82vv&O
zafrm(lk^;U=Zk%hIQUVVTN-GN3AwbT_I3K$Qkr=hzR`73GCfH9^b7j_oR>ns%h7=l
zjcwPNF*14aUl|nUF0eX;jOu+-a_i(%P^$vZ)VheC5a3-%v(ho3IGf!Me9rRBW}62)
zZq4o~t~mkKT~fduXHKQ)Qq$Lq8ITNItnPCwx@p+F6ppypTPf4;OtGnXmis9ifLj&0
z-9DGT+Ne+QAu?(J;Z^zu;r)8=T24`NVFjM;SL2HmMd5HGS@VDAH}}KH41a>WMT?yM
zXVcb+)c{26o`Xw2ASGb4OQ^Hmx$pWjNy&kY&{`iIqC5^&N?V5ZRZM{LvE8SSJ43;x
z4}zf2VRPpd?ohAqsO55Q&zkgg^w{WEEk$D;U*R?~B0w^bH6cGaTM_PT-idyDeF+*U
z`#fZ+<2#$d<u^m`vrl2<w*Q4pkGe~=hx)X#xkugMLi>&Fdyas)xJdI}HFsD0nmsGw
z?r5j>n`ZlT7kzDxT|EY-z;U2I{y{skKa#?{bOnZ3nnObOSILb*C&FB>*3g8azp)~6
z?__o|=-zO55M)Y*GsqM!8uae#6fPu@^Lf~<jq(_9O2eT3ZF}Ud&nLli>fhIWzk{NG
z^~00FDs0ZD$j{y$_%&6oZz8ndnvlsto$WtO79x6}^?9$+O_ovV+Wz>=N_{MK<s?K6
z$gt06m>;q;2jFGO_C<!euP@(!Akn$h9<arkFv3$<5g{*ZmfYAG{it8JWi)uNp|Gah
z`1``aU|n-7goO_wG6LF<Y(eKM35`Gv*)-js5Sd#mQ#V_RbsZrFYM!@`k#3cz&yJb<
z?yj|@kMJ$)72u&OJRuKGu~sdbhcrxuC|$}Y!2XdQdW(e3m%zg`VOQCwhfcKuq<*P6
z(AqUjPE<o5zVk3`5`L1>%n6X%ctAsn46aRZNN;`d$S@Te`}X8db#G2+pDF@)svXUE
z`&hTwaEaS+zE{{R730@fv$KLPbIM7&WXXzkZwzUp43m?&Rim1&L^R(!XIw1MbkOSC
zcSH0PsQc<7Ua=O~sW{4LlR)xWx$RW)+w6(d1gq7X4h<WYk91*ex+`r)ZL&z`9!!s+
zh6_mC={3HyS)=t=(j=v%<K5K9>N1CDF=FLa2#;r<z^So%&vaZ6-4`;1$lTfHDz4ln
zMxL$UYv=9HDg$c`K5wIF(~MCuNb|@@v3}kFojG7}*S6l0h*!%1oVC~tD>bEj+vFoJ
zw=&n>gC*N0`BW&ZeS4Sj5U=CA4DPO-XqnL;lx>wR1WFjYyc&+DKoKa}BvInxrj$KZ
zasPr_$pC=kX=1-k>yde`MmY6}q}3eGG{L6d?|nAaGFfRiLmH!XTupTeuXd_q$lE*r
zKm^8P%Q5FGLI;3&Gcp}I;h*&$kn0SqvH_LP^FFE*aN9OOqxlHng)<d(ggC3#5x=xd
z>`YqRGPzvKc0v2m(r1*=Cgn+hd06V`lS>vE7f5o*0D#_)rb|(a0F-M?`-{C;#Zdy?
zIwo#Uu_8S+Av}!E10eq#@wVNDlrm=X-fHX{n7=sJps1JK0(^+w>BIKp9ZJk16Aj(2
z4Xu-y?yi(7S`O>=Xv_LDk$Z-4Ho$tDS-w59DHr2b345FOV6$B$08j94wrOt#kd_`y
z>yD^#wcOQqbGK{F0OCh3WekT(ZOvC-eer}L4CVEck${W-tg&9AV8971n%+uo@BU0=
z5Cl+|J7)abj0b^quqsmK%e|;(AfddE1xHku(QH4|$}X7T3~2CvI=Qo8g;-fhZ(ZqX
zzNx%L4Tj>|2_=L<4(X?)lOnYixzyJrL-RdjHmmH+&Y13+cq*CQu-|5fW0-YW>3-5W
zybV~HE*FQdk*Jr_mV5%Vh`;1aX7dpl&(z(VUF=6X%XH>8={M=NYt&gO$_$J-g!f%v
zBBIWeJeUzk9X#Gp%5H$J8hFz=(a^fzE>Mgbg~Htko!wp%_}iBk&uD{0?W}gI_j~!s
zvTDKGW}eMV*J+Mm>G<$<?T_ruTn23-<JRDAI1=seAGEtfP`p(UE-Q)c^R;N&JyY_O
zXLJY#E`UVnsC}ih;=As^W|0S%ldaZqWcSb}(wxU4u|C`O*v|~k<hbaC8-l!Z(6XwH
zqbp+)o06D+U`m>I`@3)UP0*wE_xdKU!qlF+z+(>+mDB!JH^>UW@7W~a<x+;tEavKL
zLPi#A^=w$^R3LOs5jPfv>6S}_fS0ubcDQHsat}EXfg&@5u_3pxSxA6mFZ-Ap*AY(W
zQ1i0^#XDJ58ivrmzRtcn<3d7)MAC9yGXfu;YjvF*A$O!7xW!?IBVgZ6)*CxbG&CyC
zSi$gwp{3e}5krceEfx>DaV39bPB$`i__IE|)KUr!jIjHhHXE)>lryn^3wyjHE{7Cs
zp_rC(lYz{(MkA6|yLAfH-5;W7eLs`(rMPt`(A5$ZX4_e(jtFJ-Of(KzuGf1{XH|}*
zjSHvv$HWdq*5==06y%$Jzsx03a52#P=8*h$cBcbCyUJf|>5iNLs&)1LXB2+|VN$eD
z;@J6;Tkiz&E1g@$w$qa?Pz-o?o^R^eo;#Zc@cTnK!#AU5>qZZX=HJQ^lcEqUh~2q$
z1{PH`x2cydgX<0TzF>h?37c1^FqKcG#s|A7X&7FenOO@BjH~UttxkI2H@$zEgUlxN
zf9p_!OPNy$q9RSQNxaaD-6;;V-aZ{xG#7+aNp)TYo>$%gR(xE<DCbd1q?-#223TDP
zC+i#Lj1+Uasoin`K3-X(?9ocuA-&0oG)ZL+>U76skqt}!t;=T3&O`Q@0PMe{IGz$o
zJ@k5D{9sYYCz|bnetp@c!gH{J_o)mbjA+OP?Q0V{U2>O>PDT{6(hs#H7$@GuV`K4>
z6YVgy;B_HWUYoV`ORk|+(NJ@0oxxCUNO=6rQ0tUe_*rqml3AiKYb9;(i;)i@!yR6H
zZf{-bGm4|F2Q01O-`;#SJ2bEg1B}m#&BW6Fl~SIh1JZ+U5{Ri)u7f)rr)=z2@I6T<
z*ETkTVIy_Bc8NMSJGW-qyWxh5?rf||2aItk_SJ>*ZO$q0&r>AMTz=*@G+`7yg1G+h
zjF!{VtMb)Foi-W*g;D>xZ~c|Iuu=ES_0-Dsdc)WTY@1?RqznKjlj)YcW-Pk#c2KQI
zhe?r?9A1V1u*I9qhEsDAO8o)=RocAr#JI_{o>=Z|U4t}F+xG17V~XR(d^0B}5|p0p
zqkBYk^YjgAogR8bJ9VFLKGw`<JjR6Co;A#24^EY$<<i(VK~SJI=BC&tj&1i8(Y-=G
zFbOQT<r^{_MmX#Xm<=bZd^yMNkfKV|rV@Pe3B}yGA6>_z_(sVcV##L6V)iO$w;me*
zz)Fls8ex5|!=aI3O5G?sn(`bkr!f72^_=|?mlrM#)qd;^`_ZzOhyuRGUFco4ow%Kq
zqkN)w@-Q9`GWZ}<LyDiGiL)bMCUkep9|PIjH+MyNisp<+29<vCm{U}2q37_(n(SJH
zAamkqNVp3{e#kLx2FR!%daax?pxLSpve^u#D^|V6Mvx+BVAkax_1swtY+dM;v@0%`
zzW_<D#e|qp_ezHWqt-Q5CyEIrZeQNr@AS&;<Z(X7lI?bUixKB#+M}1xUbU!@ckU3I
zujNU&ukpYSxlL}Eoa)q^(vqKQyPk}FeoD;l^WbD|ZW*;#vu@hT!nJ=e$Ew#zY&px}
zE=S5{Zx^8_hr|Utb=J7W_DDNkakxv_Tmi8g#67z*wTwDn=T#f3D%7I=Q*`SkI2imb
z{gPVAB@Smhz4|ET*xWh8Y4SWiaiZd&c(p?L-V4=GVR-+o4*P9VF!VG83_fR6rX0Le
z*{myTo|31Z#adNs5)lMu2A(cMzlDnsW<&!~t5t2Ut08^-jF)R|YcIw>HAgHW#?8P3
zk6576fpz$?L#ElO+^zFNV(&%VhcPi)B`JP31<b--z6$i2T*Ypv(Cjv=zxFx3n<i*6
zNCW=klC1D64*6+0wwPM2xDo$7UK>V7NS#{(GZj!2Kp6!$b4^KW3O!OINtjmevmef<
zvvcnuR@u)L9RzaUezyA!=DUxsQouur4gW{ILnQm?c25@VHul<Ch|8=Ku+-PIM)}F6
z8b}uu#|+C)V|x!8+8I*&n9n??yMBJPEqSKe;@(XLf0K&S+!e2s#jVMou-5P-yl!DG
zvt8V+Qnq<!%VwTB#P6Vkza&Bmpwd*xsz@@lo*gl)RCqnsn{QyCEB}NX&*Hv#?h3AE
zD=p6_m_BoDY^5Gv7gf)1tLkI(K{ez&OAB}A<`!~%c5o(-#Yk#VI8Sx%zR*v=x-i1d
zX(cn=gKj!#FnUMuRI(wQb3WiR5qn>78?rBP&%T2Y{Ffj@Tl4jmr{kD()SlSQsPx&<
z@{~=_hDN##NfLm?H7rxXLr8@!f9=Z~*!<L74ZA{ybG9au_KwG)Z7<DM0Civ5=6vmv
zoFuc05YpR*=v7}NbS;Z(Ti>ro54QEgl4A@5bNi|fidkh2PJ7PItjSR~&DI)j+b~xp
z$<X4z3Bcc(sHvm)wQ&R%$tI#3wZC;r08%lniAkLPY+bFG;cQ2UYh*x2$qCG9@zEEW
zt_7v>tEj+H{U9a0Fl1(QFf+IGO0H`s-^cB5+LW;&e2yJ?ixoR8SYr(zbWF}EwNOz^
zwSuq*JFLh$0VfaqgQEca$>p0YwK51xwN-cc<O=#nBw%%ITRf8qHTHB7tv#03nR=#=
zr@Iwfv-Co2MN#<vGfi)Hj}<mK56L%Rg(S;z`A9zbm1Nk7Tb>ajIp`?X++vZ@TO51p
zUUR)!V!BsyM70xZS5;}#JftyJ9S%)=8AH3*Tso*p+qEoH#hb?IZI9zrbjv~zuw*uR
zHYtEQ;?FI6N%+vcfB|*sw{>dD;-fx>VMDahkW6Y-N(rxpRpaHcjINcC^TlVHd(ObH
zU3ZB^>ZjmSx#{-XCqJ)Q0Y|@qWU%{3`ZhQmhG{){PogXwe;M-dOc==eNVJh=8g|#b
zpmS`|gOM$BpKVJguB8Kec5|hyq}>_9y=A-({F$zeQV1pFWOaynhuDhVkrD8aSMxRs
zrnv?xb<K{64U-d%_vHZAzA7Ck+6(I-m*W#Y<CD`oq#@Z%B(B<H;nHdDrZ=KT9t=)!
z>B6Qoj`I$clvW0{(rMl#o5J$e168a&!(x!NdttAx@|sUQx3jfe?7GR7b59ZLE=&Gs
z@kLFc=b?WF$O%8)ASWQ#qRFn2=dcH|;`F?%(sXhoIU<-E9&NSSJ$u6GfpdkKfqdI;
zge_mT6F2mQuSTS0<S9=+>`r$puZUD^<+DlT;T|O(*=?9TTBc}%Rm&>oYt2Zhe0N{-
zye|by3f@lj;?ru9IF_|GK~B0p-1JMugAmu*>HK#SC(MIRXpfA2q#R7kHG~RvxQ=0}
zG4KhFUApuNtjPX(PLH`Hcs^nw2@OlN-&md8SeIREu_XITs96e@Q(De&8vM0D=FQK-
zqeC!RB%f=%Z#g6@GbBT{*H+0inBX;@kghgv!f{FxjluJIELoBK+xgS9&oHr9F{l+e
z9X;fxU{<?zGB9%Xqw8emg_%0qpuLVsqeR*m_UI|+f#O;X9vor!CKmm|IA>VUu4oS-
z?w6AIF`v7&nTMD8&9xogHzQ$9GQ(&RisEp{f%LkOd$v`PSTO}d)}hqSvLG4@Eu;T%
zrPF=aCRXR3M_$daprCX34#_wxq0A#NVyhHq_gtzrnJGHfw$ILIgHw<2sORti6UJ?-
zF!IeZJ{JNX{hV0iM<D-QHHeg4=<=5$U0WVR)*V@bhAkPfB)(VEbc2nunAa^%qOF7p
zm?hcJCL*l05<{HnD8Un*9jRX)Xp-em3dP>xKj6meNXT*?qOPLbhUfmC(aJypxn$Eq
z)#tge5recHgsF;4oi|*4@7|ERFHDNRNRc*`AVo2BP)`)(i(_Ur{kX;c5gvw#@Izf<
zyilQNy*6@8Oo3RN2SD+cx@K{y+AwuxMl`gBY1L<04gDg|!br4EMJ}p_w~gI&KU`{!
zqHM`L;U+&*GzW}m`9;nW_4qt)*wo}6^k;Ll$>|DCco(_FO-M-Wr5G`458rH?+bLGR
z{gj<>U*_55J@)N4Lx?u(avfkcXh4PQ1<MI>L7Vl8htaM5UM`2eK=3+x4j$F{I=Jzz
z7H4A&xpUS}QYW0TwLXJuA02NTnvY~&A50i^XU1#^Jb^{V={di3c}8x4!n?KKT;DV`
zVm31-(;YTM!AeMfxmT5`NPUr{e=H)PnUjw~P)nvC*=?TGzl`3$p7I9ga--|*>Rj!u
z7i13`bo)tvxk#6|H}JYKzqLTe{Mk&U{i@mZ*PcZ<mGRhq{Lo+?sQ5<OhAS;C@V1E;
z!3#!l7nN*{h-s1FSmg!@PiAjTYw$8T7<mMkdUnL{)or;D?WF!@d1QWKZHGH_Y7$XM
zIw3@2;=|*o?@5S_xK;s~jnl+r)X15Ov>6gfJ1fLs+6;<HJHuyrHp@Y7rUBFW30JF+
zyN&k*DL2p!_Mk*sB)aR36(fhF@cWbX1R8s-9bcm-zqpt)v%hYhAU8;~wiR5lgnZIF
z({z=Tks^Jvz*31alRbVBI1Tz|<Ilb*mp*hqIj2=1nKs=|@!wFYcHyZe*33?_u+B5&
zORnPGfh<aeMf`Buu2n;<#QjzwYzIOc<Dt(-nUcw!?@d6>Ib7#VI@pKrX*1T*{HrDr
zO2q-r`oe-xd!ahdLhf^vx-|`lw?v}1+34<Wa2y5H?>UxJhF2j@j?i@;z|<c*$Forg
zKWtpcA~{Zf6gT?$ZpkVy^5F)5n>m?7aU#X~ONzd;%_`IOgu#zHu-(kvxj?H=KY9mv
zeYV#LZ^M~R4vkLkWIip#gwHke<@z*;zWcxeTA-8?U(9YtjvcV`dnAi4Rb8KCI(}1>
zHa;&-4!fhNyOAoN8id7P`NMu$?GCskevBq;WFpD@yLPr)Rv=6>K|geTHUC+^04T~n
zVp)Ra7kl87k8Q&t9j+i~;LJhDA_64KYJ+xJo5fBN^mW~K%ylb9fnT934s|LQso=I(
zi2`+A?mA=WxcoHF2JSD`@pu}Yk7dDfI~1lz6O4oy$jo1JQu~1u@<1_hB56}G0`)EU
zibeq<$A9(_^JQfE0bJyw9~oT!T662)*!F?J&$J6R2y5dACfzLfGyP$#y?vad;x;7Z
zxV8<vZ$s5FRsL=BO@}+R<TsB~1W>2&haW^B4-xkj7y<-k3*O;(EekHJ0T9a3gHVd_
zkl%yJ|62D7>STSnOUr+TanBdX|CtEQm%Yh`K1tA;{0Z2d1KaB6foo^eVe1JnykhSC
zmQP^PJ>s@uPMn@Hf+RdOc;~~`lc+TB>%GL@tXl;%ObiAMAplHr3je=$4K5wGg`1Mk
zl{YQrzTBp5;CODX6OAx@H3RCP8HQGxJ-N-Ll-;(tt(-TMFIPYqdi^jhld#zR;}YUf
z_X7*s=toT(^(ucJv`SfHZ7DP6bD60o(9)XS{atS?VFfkRHlLUSg@hHXuE{8Z&M?zf
zs5n>L-&x|zxwAM9W_8fSXB{Q;18@&B@}L4Z7~yKSpS&Jv1a1{KZ|ZAMYmw|5K3XHA
zSKkgmi&wQp(DP<L_@rVtM42^6kd44G)d5_mX+McN1r=^xSQ3U1h&=!Z$K2n1_drr?
z=3rZjIj~$<cb53`2`H{rTsoieep&))argPE2wmz;XvD5saVSDgWM<jBL7FU(?#j4)
zNVSymz^@xF%Q=n|iT((=3?15+AVvFWizz8z+Y`RH(^Dwl*<D&s4_U>;CYKSW@~1@R
z@(;F)%5wmj$yU1M>IC9OrmNaUDHVHcW8yO|U0@BZ{{TpfdXLz)t4tW}Yc=uDz;soZ
zeQmj_AC{WuNIz@mOB6&8`6TL^z>X^O>gfIGp=Cs2<vFsQhmZ3h!0TGK%_*ZJ2IZ&J
z%~<SjxU+vnnp^j(dp!tASx*7#nX35Nhp#dbOsd<rBD{4$M?9W+^`<wwYfqxFeqx@v
zc{{7*IuY6(ESsIrN;;V+Joh#i{eR2EeC{M{RT0iJ$9ryrDaAo9v&nai=z(>+zkr%b
zyq(7ye--t#OlKUUTCco7=5pd*DURcw^r507`<w{sVw~SN+TOFBOf)(=f$zvIbXT%w
z(0Ur%U2E_l!ZKMLFpGnu8^&({yyJ;!>uLmti1e=!EN60-(Z#o0stDW{P2ZPpa|yBM
zTD7)UM6h4PJw)!}8<`E-zBc=iD|xPR4HIko+~(a{=J%Gi4_C=!mO4ex@_=K}{^nS|
z;>W1my@@vamZ~cuBXg9enm2?to!X(wtYV@&43y&`%LJ{hNo)3>zb(Z+r>Xmv)Jwx{
zUTrr`(lVi_UML}qZhE23gpo<y@k8fMwa2X5W}h9mx{5Y$p^g$)Tv<Hdpwdp4x`3T?
z1W7$%*Je8lNDX5b37@5{{f@H*U}6G=HA&O5@7Ji0iuFp|(GsFBf$t4g|HBcsB180P
zUI5j4@==KY6ktbmGp@d%JHb}9>nu+quH}L5x-#uJ{|=P~OFLHI5=z_@#(;=<-tg*x
zYk;Y`KqK2f><%Xpi0(?6OH70(?n%T<=cf4b<t}w6EWg$uk<1YGHUil2^E?0xH%Cv6
zP{#fbllNy-?B53z{!5s={}9ml_&Iru)88A$_|HPT1N0^Nr&*$p+kj~<L+9boh1fYT
z-2#Ix3lEe1LJr`k7XX(2ifT}PA*#WfMsFv9bJqzsUj1MC@krY7sN~jPpRq$Wq5OG1
z4E*B)Q{umxeBfDV^5Iv*AWjPngZuz9`LFzV1O*8oqrWjD1VHD%IuQ3OA^rtlCNRG)
zFqZ(z^yj$*K-m0&68o?G_;3FCzj8k1f5SDum@fU_aLqrM4Eo=2jT%hbEimu?@16|$
z-*C+@=FI=ylR^Ir<arkTe;Zx>Um(8_rNzHF3;F*W$kTGOGe_`^n4#acV!y~<n0a4o
zk9q$vonh}RoxaUWg_}RSApN)et{A@*t1LS&V;iNNA8*}}l6_3Qj8}J}co#bMTn=ol
zxFmeLR+6|#&9wNKrhzOYIzr-@;BmClwci#oFfy_6D_zSw&nRbXvQt+goh_dr^kLdl
zu5EM0$-YuE2~>lkF|lZn6U{1b9BuLf^T)sW&E00j)LTNj{X-gg37V|!BRh62YS+;h
z!U;u2Z+Bu2cwCzQ?fE}a?|1D2?(zk(r`m$3`y7|VBbIG=B63jPaexiyP^^CYi0|*;
z0{_PY_Tk(3ipxbrWkz)1zJBge_+exCVIB|mDwGKOOLq9=Z~wi~PKF4H<oj{=^lllM
z+_~tg!fSc={8lnC6@?>3N+drZwy%fdCjWTc^d&B5iA}Oc=+ho}r<kH}$GoGV&p!s%
zofYrkL~q=?`|GvL{f*0Nc{?$$Q`T#Vvf~ah??zQE_N%`8BqGa>2_t75z3=%CS5m<Q
zS91RKS!)3g{Qk#e7UYMM;D=Y`-@1Ui%k*jPw!eOQBIlwiRKq*%L)-U>@7Vt;M}Sr8
zz|LT&(bFq26ICe3B<Es+3LN*;565k5Vo;E<9^`qBb<J1L{?t(kFQsvO?xjX>_&X1|
zzC9`OM_!}bIMIy_J}-ipFi&rA;krQt%6=^ZE@u}K0U$_%*SzuLYvPdCJTJOwJ-nvS
z>DB;vO-^{tZA;NJ7jUFaj#D?`xLbcXuBG{+NR;&Cs*kxjM$s*otS-PqZQ3&TP#^*O
zf0Tem_F)`;fK>Dm)=Ow9vlJtub?(;^ps=6>sLZ{l@{g~Hf!ExVvNmu9ye3DS1p!_Y
z2d}yAI-a@{V?c_K7<~`N4gTS{Qfb#TabeEO`V0-lk6EO?*$FSTI%w{tKm>$-6oCOI
zhhl==#Mw(5J@6urmUbc{ko;>Ah+IenJ`14WH8~#r@S1y&*L=|6U3!xVv*|m92GjzL
z6P>xA*R36d_uvo54b#mN##Cl6CMSrYUZkCFx(^R^`@q~ofmU$*s1<gI5s-D3Nae^U
z+&yxA1QD%MAX;8V#7{dh3iMgALSJsl12r$c*S~9d_Zhc~iFxHx2XejEXSQx~8fqz-
zIiZ*9Mos;smuWYU+HZOEWtYZod5V0z{|Y9I-^?z~3b^&?c^xv4Hzoqa+tmROEe99)
z>FwJ+0r?n7jah-Ie8s%eKwEsrVlz`S5S}k0bHW2C%1(hWMF&gl8=G#{C%qrP*D<BG
zLkz80dgrh|)+L3`NC=nZ8_;QAjlS?1=N+;Zcbq@&N-2Dc%e(|cx=lMez`_xQHIBn=
znhX4tKd-Ai{5?90q(uu#fi`uWx`pu<za^YIE2BrEWmt7i4^z77r$P_^VB#1ng<!ca
zt!|JaSmgyn7Z)7pRQrh-He8tL&Mk1rW9}axZ)BAol`bi+aaxIqP;lKN=QeAiSQJTj
z!M<^>^RFRB#4{td`>QpvT;)D&ybCyGD`-y?XNR-fCkAw9#&)4Nov-zsl+W>hF;d?x
zr3rI!Rc2Q9T%dZK+?xIEa<sJy!E1Ar87K`GA_uFeKYgR<a94;S%lcfJj9w$P6)tZu
zawi9a@2-#PRW+adJ{ebibRgM;3G<`wcc;FQWsy1%i1U3$MtR?uiIhu6ZQmX-SZT0w
za){nPT%y<_suA<Otz5*QBQ#uvb(3@%t4Pb#aZZ|HdE8!d(SWw@1KY*uM;NDw?N?%X
zou3vPM|R3B$|uMr6g8WIE}2}Gi+cv+c1fXpSeGn%c6}zl^%O~Qwy)(*%n$k!uiQ2)
z>SRxMeO<0P5xMTRqQdI0pPuUb=T9%*gox8r7+$<YEOS|+XKsOxI$DuB9@xD2lm#i_
zr<;k#w2h8hPxZynn_XYhyRebjlP$6;Q=)D~*Mtm082pZHn<z2X&?MQ$u4lu2)Q#(V
z2U2DNQWm@veTFpBX*iLaVQ()3tozP|!jW=pes?W@G?onRY~HifA%8o16j^LWbG$Xf
z)`p2yUqfYOK7qN7`>+Vg^p@l0m!P6##AR^dZb(PSXExD2Lqo`BnVNo0yu5N#HG@;5
z7a9&EME!X0{Ywh`tK^)<D+U7v*Jqa6DQ>r+ejfhdHN+}ukwe?>mQQf%*Q(@4Nk1{)
zVb5zRq~cWrPGd!#={82ekdP{`NbIU!6I7!{+RXjeGxP~DUV>AAt@1ZP1c`Ki&ET~x
zF30JqI+G%-w`gt_o=RXfW#dqgzT@U36f2m^8`CAay*Xs^O@tW8j>YR9zg_Q84~$}k
z<8oIjDo>A$iW(?lX=mvVE)@u?cj!0_60)7`y)y0TYzO_mk1F^RmD>Q~z5&({&lHaB
zD>&Z1TCiR6y<V&9Ss_;C19eYA5}4&LIUTTx;emJ9Flj0ix)cmxN%5Eyt@Ho1ckORU
zrCYcrGOcm6EHkgEjW(5O8Hu+<v(&sE?LunmX;+hAqLGRq8dlmFHD)p|LyC4LB@$&Q
zjl5u9Qo5>>7wjTvR;ZXtNO<pjPV>~Rf8oSW`}x@HwZ3<~>s@Q_=i49KWOn0@l&Odh
z8UrO77lxgjSFCtQ+c6cD6H<F8$z56+#B)f!TE6g$O5l!YknaSWa`O6edUozBn3*{;
zF~}Ud>|Br<YNxg1+MN%hrDMN#KIh>LcPze`7`V<WE0lIl4^mjUP0)3dp1vOSL?BE(
zJG4caOY|qVLH+TLD#o(8al7#pusEtfzw$P*3THcGT5X@CSYzq7c`kTDQm<SnUXoxm
zMydOJKwTwX(tuat^FLg5pD_Awdz*=d%R6a#9Pf0a5aYPrD?_kDF!^2bZ<EK;M&~P>
zYZ1fWLVah0!(hw+E$N&QH~xKuQvaePr&0cJwdHikYtw3@nCIqsvgs>0L)jW+pEz?S
zeoRtdklJH&Ky0a;tQuWXYc!GAJ53!;t#(>8H#<-|t85(muw>_Yur@GbmiFMR(PfXM
zBWCKG-f6D8BbxOfS-7eR`!?qHAAPM%;tWpC9@>Be9_beCb}Tw=T0ml(bC}NVxuz<{
z(Y2=>3?54Eb3B!TKxuzBj+ba4hn1MNg1UW(g+;w4?yorpoW?DT)Y|d6giS^o!a;tY
zU1COOKM~b6es#7*x)}WP$Nmy~T=HoyqsFj|i48}s&@Ko~4Gd@a(LyJ2cdJa{?Gb4e
zN_*>B?h~SJ@>ykmNY2QblB`F2I62DB@mI>*Wm+I}ZIM#?Qr+fePlcbSRF*KTBXZrL
zEyl0~(is$zp{zFhq`#nv?m`qdoJ(*B5kN$z`E$uHiCDkuO>^azPDa(1qXfPe+Umxm
z6S70dg^d{B5Smb?qrIwC4h2VD6L2wU0xn6PCU{ocJ?ak6C4yQ<%2J4Og+XhQ&gh6B
zR(2O5wYxyrE~PWd#giYUv9kwxr2*s1GQ>@8*}SczAHzNe1?t)RPUBkI<FQi;SfM}{
zX4TQh*7D<q9m=fJnT}TsIdZ7R{H+I0Fccn|XH#m62Z9dv7C;7g6Ro-et}`o$hO}sB
znVq4WRO3U7$J@Qh`={vqJ$rm|9k<TdC=E<UoK$l`;OE;auO%ALibN=F8q$#~jIKQ$
zcBJ;{b$jfhRBo-mV`-C|n4b2S1M$bvUEmx@*&OW#Z@I@!{Is@S)!6SXK9Gn9S8Th?
z5Rg49xFVu2Nx$0ZZFFrgK=MVTEFb9%kUYU(N$e1jhchxBM-Ll9aDhNE>+-_>&F1ZG
zU3AIcmnbGkS)JYdaGE>@a4{w^ZKO<nb@S971^3yF1CVsVg6|J{xH|8}@XN>i@vKoy
zX_LO-jSXBqslkQ2h*sO(ScX_g@vI_iq;*tXSV1WwcMgHfj`8uX#x|aTC`DY`3V-~R
z8MC=PL;`nc;9p@IPO0`6F_0Ald+DYZia@}}4JC5$V|fidMyR3zQ3yi>k|#cDc+Q{m
zMM1l@$xm-vx*}_+D9|c5sI{kgq;)!&18B;Y2PMRv=#FCJBiMT_J72z}Wi&CKL=RGm
zD!=H4+Wf=9uSE^lKEbfGMFI>3y9tTf?)FTQkPiZsFTP%lJ97@AKoCJH%Si88EiiyL
z7-Pk1UW+xMeuA|A#4zJU`7O&kt%?Ltm=kUui|a_y44}+^H>syr?KDd8hBH`%z@7nt
zuT%_J$A<nx@!KCGsK_TIr?Ny`8JC2a;c~e)yjKivWe41D)T-}1T~Z)rdIrdJa-J@Y
z(uZQ&@LMN8+AfZJq^4U;qGcHAEyEwj)(l?uF|!v+%{-&_eD<NP8PT$8sTY5QD}x|v
z9M+*H*_J;@X~|Jj-JM;Dtj76R`L&bTl5WgY3U>MlIZx|zV}&ksqdwDoi4k+T$Nk%H
zUbPYRe{{a=DRBNgUBqIrWKZ;hPWpx$e%X6_hWVhD3sEtkOUh*yGv6x?7eMx4iJJYx
zeb$fF46&pj#Un}pl4Bp|GYjVk%FN1~h}!OJx8M5b62?RoQr;9Ihy{d=%`Q1c*IVE5
zo;MPtFzfO9Ji!H2^<^C@TBXw_9&c;7Vr~X_aXACZJc!+yK5>{ZB^ghdl)M)pZCAkO
zwVGP#d^c~-mS2yHOtNftWCvK?;2xsux#v~gxofRNdJ?X|WEkDM0TGD!fgnM}eAsuJ
z@69pRdD<Omsc!H_WW!5>ys~$~-N{@QysvJHGR9}FS$qT3-iWBioD}T?6tT+SrvJdz
zqXdzivJ#A6w;6mR1X;j|j*uJ<zqedePbUYxxMQ$uqcL1#qp3yI-FY#OXK^DLoYC7M
zKnFx)N30`|y_o8<OzQ8s@N55G$7)EekeBhD$d@-CPz8&OdJi>~TDY9oCImN;6}oWH
zyQ|P?=s%kDgW`t5DPTXC*pj1v{&lkKhk;GM!7o{|I8bGcg(Psc+3Qa*tyAxo^sS^e
z|MX_~Z2Q(PSi84(<w7v-FlF}re!#NpxwqO+J+SJ(M8LbX?SbE-jFG7UDca1uY2~Qv
z(K3*TW!)-M9J{*PL&E0^xIe;_dn{#XaEyC&Cr6nQ`P@UC9ro&K4KqJDEIKgsCY-Qg
ztkdWttQVbPbDc_(yqL3IKm0-XR=B{jwKacXo7Fr~Lzo_TK&e`-^=n>B*CRL_*OqIZ
z?^u6=<7Rb(?|6`JVtgO#q6PB>UAPCW<KI+1XjXr(nD=wfOT;?q%!@D5e#=7Yy<D%P
zn0ogl@~z`dE*E!2M4G^3>5SGnSxEc?yg7mIh;1QTH(ZPlse*w>BqPqQ#s3wO1o|yY
z5rZeq_fb>zEIykKn=DWzRcBGTLB28(JicHEgPvPh#p8G)J@ZeN#+p@C(W2bah^gHO
zQ*T>uxSY?o1LNz~>I{bS*jey611yej0A=ti-~a-J<{*WAtB;n#;R0!e4gli;KAG^8
zna>DE5Pi}!3*3*N9Qt@bU#hyBev+R4mDK?cu(?5d<iU;bP6hC#Z7&$V)PCe^tG+-N
z7_konVYtobIJFpz7w4J5pYqLHBCXI&A1@E;f{Ekb4s2TmHgI^oZOzwKGl7sWdv5H9
zvu7Rz78w7Dc^^*Xd8-VN!H#dUE8sda4}v#n&AvhZ4SK{k)_)V6|3|@@abk!4A{EEa
R87}}Ik6k{lWiDaK{{vSnMi>A9

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/password_change.png b/login/apps/login/screenshots/password_change.png
new file mode 100644
index 0000000000000000000000000000000000000000..183de6df34278c13f445410af4f223c2fc39f6bf
GIT binary patch
literal 123203
zcmeFZ1yq&W+CPePNGK&ps~{lVvFMOSK)SoTQ(8eu=@gKVl<t)7Zdi18OWk+jK4)({
z``qt4W8C{6_l|McV})zYch31f^NHW{JioO+$V!W%BI6@NK|!I4y%v&#f`TQ0f`Vg3
zga<xho&LH21%;evA}A;;CMZZEYing_Vr~Eh_4-3p41%ou2F|-%w_!m6F@X$B*T^~O
z*GOOBWW&%{1s;=p#t`rcLVaWdH|7(BsAwOR23CbqK_LtB7cSD(2ovU4!9`(Jn1c%_
zs<E1LJL>C+JDRoY_v*X2t-9^0f(nbO(zU_Qd&pP)nhNRY%<#vLHU?{7C>Z7kaLQ16
zv~&_Z$f&6B?<J=jx&z&y;)^P1C~U7UFK?-+-1%|Pp<ZGwz<T1)5iZETuV4P~LJmsy
z@=-&RT#mEPG)AUa82qE%IB*6fQ8L(1OvJY{_B}moGc(lwb6TYcSf~%)=XjH~&!3}r
zqUbz*r1erj`D2l&t1CS5!V+Qv8N>Tf=J1rb{TOaBukJXK{>~NhP8U<UNT0Juh98D2
zyKnoK&gUbN$rB26KE9+>d5jUDjBINN%E9Be#d*<#5@$&2#poFkY49L?xTjmUU5Y7X
z3-h^F0xO+!Jf^=VfeR5Og>F2YO8vs{t4_qoaq-VZD#JZdJtI+HMY^s#p+mU6q-}+c
znT=4=SEcL}O`QiMAFA!fbTlttqX^y1F*#f>yUFzb?Dq60xKK5*6?*5sHxqXQM>Zze
zm-ocQ%H2D3Pf{|2Tl3XP^!Vc}|E?uClN(zvMaN3_e5?x+qp^UletQ3>PdIzup)&H}
zr#)_jYU+qYhmvbz-1s3ffw#EwSVyk-bCZB&?7OB%2YH4}+veK@P_dPT@+mD`KbJv%
z>*Gf5E;3Nop@hW5yj)8tB7I9EBv3yV@KVHRpq7uI)HV7e#fr1sBb|_7-t!?1yyF~r
z0N;qE49x|Goq31559dt+EA&pe=*d1G<7-h)Eo4QXvQ#K6ZyIfcmk5`Q{IYN%-k7P6
z65(*0u&rV2y=%aa*5P2l*iRl1H$H*oXMg|j4XMLxTt=T)BwX*2T=?o`>9OEj1rB5%
zKljle5H}`NfQ{l?8F-M5{}YcBM#Hawe|7*S8y(+gPC!c=OVY=rh}Ha|T8m^X975Bh
zeKK~WK0iCKyECRbyi&910{l6dJ4`*wS#u%y4Hh3|>iSF2=NCaAbkhZ7ZL)<v!<ON{
zeNQF)Hf>Y3H`{T<LV?co$qC*kVfn#_r7xyX3EzbX9Sy{-kFM+5b5tYGzOxjZ7diVP
zIxx?m{}HDRdMRi@TbEue_G>J(B;_joD)TDiDy<>Z(SzXDq3`6%M&?kgI0-%)-ZX8y
zO=Eg$MY9v0+b_`q<=a)jGd85`w9-M;jXTYRts0H9&8T3W1?>H5XRcae9yGe<wFQX-
zmh+=?wR7Ba1|P<z_h4~E(tV_Eqy(fu#9qGyzX#1v-uN2}*i(pL$iFxHVDN);(O^+;
zkqZtE&I1nD{{mUSU)`V4e+gL$`zIDp<jd!Fj}uD6o<Fl7BP1;gBMO@f@6^{T#^nfk
z^}>owDUvQcC4!ey4m%%<Bgnm#B?vnRHK+nhi~7;$kDryrgQILei$_UQ%_`t4lD~XP
zT@qE*l^aF<x&P(764Bc)-zL8KWoP7K<&I>l%j0E$U$$XsA*V#haJ;S(+Q>@FhF4&X
z64ej|3Drpwrs|lGGo#V?D++OmY-N1PmQx^9NLPr-QOr)3-}#!p-e!*m`cxn1>EjuC
zV-S7%YV1{0-lvjH!`b+gH&XJw5>ly(*@}gZN;|=vg0o7Xw;s8!=|3@1O9QIf+&_KA
zcVnS7duTSqJj?77?;lUWOl;bux~i(9N?nR(>R|lIbj$eCEV#_cL~Dp>?8}z(M#j4N
zI7cB<hQ#Q}0QRQkcwOpc#Fs8@hM^}0A6eVpCr4|(OP1Vwr<pYuTmQi`!!y~l?gkSk
z?ZGg~pmq&^ZqxfO1q<peQ2}KE=${ZpB-8cNlSFnzh(AevO#j68gbg1(K0D4@(pJ(`
ziYOsM3M9oOMJ=@#tJ526m}BVHQ{AIuCwioRgnX2MQ{*4%KcE{bd}iKb9y6IX8C9~U
z7V%0YdNR5!+C$MkS38$GS0s0QEMUxLOf7#pzhRnvDr1tM*hOFBJ8EffiAA}GnUQ6C
zNp4Y%o=o{!iI(2H{%u=RGe5X!{7ZZICi}RJuU_sF8-)?Y2l=Gou#zu!wMUj~my-BQ
zpH+HlH+^gl995QV$5u*mBXdVi{I*goqb+kRSuB0+Bv%nv3F3$M3ikROc)@d9P5bZ9
zCiVuma@IOe@{ZkC4Zy8uoZBZp25sUxga&n|<p<HuDW^9bjs}Ig73Zn$S02b7oF0_*
z;q@!^GS|n~5m%<yB3FdhO6L`@+R#4G<?u6W#&*t$rhTtd?ZDp}%Sq&9on>7HO0<u(
z#jKCioh`vL7Iwt_Oz{-)<4>Rk*h!}alKtZS3<GW$iMe>~JzKBVbjo$8Tc%oa79^U@
znt6qsMa@H;u}ttOgUvt51*txHOL)RCMN$2{nyrn~@NLg0<xk2w=JEuzv{bv+Gwaav
za9lVKU)ifG7wylHMGAN0XsG3VXSX=0dLb@RDIwjax0t?Uw%A}RSQ#}l2rJ#Z>-UH#
zp(64uXs>m?kN9yVia0FY<5^6J#|V)#k>xK?U$~LSkfWnaHrp;Fe17-YgOXTYP%bnh
zBuhAJG;3*iX}JIW%QS^IY5~%1#UCxd`&aVKBy7Z2J+l*f{G1~Z&VZ)NG-4>MDO=Ex
zN{w!-`?RB=<EE6^bfeRNs#~a=Gdh88zVb>qM5|ARdVt!QT2*N?U%jT-3fpYddvsva
zZ#3WR;n;E^UdKs)zN&<JLiOo5cS3DM?b%k^ILn&Z+S=+_;hC0}TB<S$Wo1K?MN2*L
z0577~`iyad&3N0M|5fvrFstxaVXa`7)^V@W>+jp`2T~srIN7)?=4#+-giBZE6#Mhv
zzMy)+@#1=V)zWODZ$h*3`a0wVS3wl#=iO<s8OrHNH5~P^(r)YVXbr9I$nHHwXQh$7
zv8g(nvv$xGsN&RhCx1GtuF!Zs=DPVBgm8t<tbnf+P4t7Phv)oCcI3-xN-XbN;xTr0
z`}65XgW+@EioTVbu5E7O=g0S!S?A|DuCF(zYqYzEu#BpV5oTwN;}RmY8?<ZP5ZoTs
zVe(U`$}q}|B{6cAT{558>%fc@)#_w0RDG|YEYG==1jmgTR;&&;C|}zy=gmz9*?n7M
zO`%Bc=jHVzU28TDt~5B;9csN9dyyYX+p1nY%-WEDWIM2ut8`VMZfaDfRk`VTvduDX
zW>mmb$TnwPJvgv1Ve?a|T}#G^(}8uyzJ79KWoUE;ly!MU)31hWbvaXS8)&!IHtXV4
zvnM>aRn@TXX@%Zkw9h}~%Z6S;90Ka{_~@d3E_5NbA)lWW)ev{BIKMUGR?weSxTJDk
zB6?kWqtsw@ed9oK%W>hdfijCb>g(uh6nGU-tx4<5u`hmQYF-IOkK%P~VD<3Wlquxp
z644cbpL;#`v4O@j>t?sZE$}Qq{Y$zGZ-&>COXYL1Yxz;5)wNT)K`qUXG}l3ws;9l%
zYDZ_Od!g;a?d`4VNKUp`e5A+}<k0)4h>R3Jp!s$LRs-SWkB&3=<Zq!OVQ(;HdS@aR
zVfhGk$=k>rQJ~r%vGfVsKI_MP_QntQ-OkPmC+JeTZv)du_(u8kQgXo8BG|TxSKl<?
zR$~6PRGTap<~-{fw=W){tp(L^9DuJu2FhZFQc_S<z<Wd}*a!GfaKO6<z=P+((|^7f
zdGHbn=I(Q7D5yXaDA+&7NCU5szcAndx#rg^Ohf<_0`RZLz{5Ee`X8fV2~uJH@g9y9
z_zsF+UQkR7c$L?)H88NWGq$qdHDDnIK0va5tzriSh4TXPcpxVCd>@#9!bCyYURg?#
zQ_sqRR!84T*MQd9!WuFU6t^=c@Yce>UWdfl!rao1(-}l|H-Zy*5BZpmjO1>Jy%~s1
zSxS~f(8|_;gq4<_mY$3UnS_Ld+g9I@Q%*?akIR97fyj*Q?X5ZK=$xFKXq}j7t!$0x
z7&tgM=;#^g7#V4R5j1u#mi9W%G?sSHeogX^d4vq?^lVM6?M<vKNg(s;=vq10gUHAr
z3;px&*FFuLP5xZT((aGj0&b8F@(mpWEj`^o=LRn2hJ4B?YvOERt|DY&0muwkgNK2M
ziJANEf`9qy&n5qIsq$YgrDtLM>!pAB>i0|E+8NjiT3G;#+VlK*V1Hcv*DwFLked#2
z?|+fSFG1gZ3P_p<nVasPr^bVvADvAC93+8>kc<NG3aA<64>|#Odim=W@_t?pTDzka
z3W^U(Oo(5>`N8%qLL!zhPWyo<j-7yzFg^6@JC3AD`8WKn1bh!;>0#0y3k$<xJ$i_U
z{22C4&&6>MN20Eu1}wj_@bi~C{<-63=qw;m4M=UYXtR*lX<IUIGj8uVWcs$iRl_1`
zbWDX@5|QK`6!g8PccR{=uxLaqCddz9G5DbV`UL#|8UYRV_fIkQY5Bn5q|fk=?vKXc
zd)Mf#cW;8b`D#%x*qtf9^8d>`B-Y?3zfS@6U=JD=ZBEPt<F6aJn+K7A9saisV(>NA
zKzaK*$>9tA%ev4AA^$SPf42^c@n5O`S7H8ZrvLRY|8<W4=R;B;mE%K&LPe>~F%4nG
z9C<a<@oz6!Ovl3TM{}<)s7}@xkGwn=8*Li*9?ZkIqwj+n&!GPD=As@UI_@abKq5xW
zWP`Zax%06~rSbQxn@a(eYDq7vSjEp!-Yr291=_r2rlX%(l(eK2wJb(g%mU_#7YLGL
zJW{}K$QutD543O3B9^>?|46S2TMmyxt<f5YuRQlJAKkF-UpAdJ@m^jwUXk}`?I-jk
zHSk5hqSUx?Yf2x1MI?|*mzvw>G|Q(nEBLND29IA$L#073(Q_+tt4uB-#c6cY?sp$u
z$cDUg#3;19$x%s<ANi&twHbSx5VEW?JmYe-5~H<d(7W`(3ji6nnIF{hEL>UgDt4#j
zvK(m!-|>4PF>5PVI>%krJDV&zDnGift|SeORAsr{-yFWdwTzzBO7u6_XSd3ftPM<)
z@+KTThDI=I?qZQ`A2FWLu5<8NrrDk@*Ir<}uz18TxFR%pAL+c*;u8!URm{;*9NJwP
zT@L*!@pXAkOFum4pmAC2U1L*&i9d~LT>$D<KE<e+0(yuYAtS@y+1I9l56EnWaQ9J-
zw>ZkWY%t5FB6@(j@iPgj^?kk0{$u;>QsWy`B!a`~jPi^o_$>(wrjG&?gaQm_6};K~
zVezb}&+ehJNodtIo!+-*uq;IOor|p!`fYhB#Y&5DB>>i8($PVMg(Dkhh9i?gPv(`x
z?%+5=dWwvxZ*gxYjT*pBl_}<uvPiuV1Mv>mC|xlc6}YvOhCL#&?vTy6<qMQESMc&E
zd1l9#@a$*I#l!U1T1lY$=<ooVvsO20G-ljBmZ!w;3-*CRRJ;UOma@FdqI8bataCFr
zAK$!IdqECaNHHWl|2{agg3cYwu|yV&|LM9~y?=Gl(AnQ`wVA);<thk^M!k-hZMj=F
zWW9vyTW1p9q17XcOn&bMpuD5#QtJpxD|}CdQhv5b%InGO={7A>0nn2w*7|Z(F`xQm
zOpU8@e#_lXG-w{z?y}p@J}=;&`ejfRiSKM?zSlniyYFO8+UYl0HDpycc!@7Tb`S~F
zQC~5MP0HA9%oh1fOrqYy#bK|tuUX8*%S^lVZ+zzQ6vJQVEk+>{P_Z5si@?agDt63Q
zEw=7tj5D(I?fhNo9bm`kD>~J`Dzd25{+J=NBd_Q<KIp_?KbMsp5NY|eDRHtnYLJX4
z{XJ{}3+ab4+&$e^wt?o%)BRLEYOpc%mC@m64|c^;!$C44f#N{mv~eVSrdvqIwu{$$
zoKN}!_d#zqCv>+}I3=UO)W>f}%{R@3evLYC9?qXw2e}j!B2(6)<AbuOjkC7l@2$s2
z63*vf=j~j_VixO=`-uJd<6P$#(1AgpYV*E;2#)IuUf7A(m5M&Qmoz{@d%|tzzhyEG
zBSQ03M<TdlSDX;XV2>>m_k3ZUjS-A}PZzwSNPuI*O=@f^G@2W0#z!kzUkDq24|i|M
z#xAUZMt-wBY?-eCzM=izjZJ~NKCHmtW9!%NTB+`j701Y~z+oY9FUDj)A9<BU6QJ<f
zw}tGU0;M7&(q}a91p+INGg+CzqPdtT-?K7A1th@rG!Vmh`)c*q=D%qnr9(xzzi%p1
z3|O?xfEFxMcIOLjM1op+#Ti5vKnZkF@2#b6fGpe6RLBFFi94SrQY69rxo$-9<6XJ%
z_V<(bx88-V%#)#8?LxW=8`3ET_?HiKoo(GdQ9g}L+>5l>Vm-<T_s&Q80D98fcQ<9A
zX+@sI+Imo;bmy><e{YR5m<a8|h%(as!GqBF?CUOS2MRk2shHk^ae^y1z=0&HHRpFV
z!)sJ+(_)VTvX>1Ry?>+FG)1)mf=}4jsY&d!x7YZ<vMN<V)4;kp3)<uX3eSD?UfjQ7
zf0SjkoPii%;3T?F<CkJvY|9F6^MSWH3$mn7sPDTG>bE33)&ns@>#}j^0gYc6O|dN_
z30c=S@!4ftz6h`@-p>IQ<M{wZGS?B$4Dh{{LnJi+^gI-aAmSx<t+YCLps`c{HPDB0
z^1kLP^Ftr75Hu%Yvim(2^LotwJc`P=uClRd#G1a{2+1ku<?D#3d)cZt_KPsD*Z%d;
z(18NH2*6V-l{zn*IR;bi8^ItE#n<h~_YX}Rs{<B|GlPs(>wQwyV=bG}ITml<vwjLM
zFdr(y-URdedw$0m6VT-T>7WJ*>wRx=Fj$abSj2rIHTWq@Mu1?z2ZVcb^I>Ckj94QE
zi?lf!zfV$uoA2%N5`#t4<n=v-MhH-F{+h{fPxOr?d}CqA7F?`q?~^tzqOL&k&#d=<
zay({tUdgyWQX38#@HwsI*87`yNCbIVs>~7iXqw+m9^O-#eJY5K!?a-KFJMS>5aQb!
z`k5Uvk@0~s9^_ofQ)?hT{cZ@@hR_1VJ^v`n0%vQ=zTW+@7gyIvv6rpvu@<(sFPl4X
z!E~u1TtzE$yMAZlkToUmJ;6VK{T9a87l!O%@qJQYyNBvn`dga>srCLThw_HNL?#P0
zB0<kpgccHk0FfuzJ#&2vv6a0nelWOqSRA*sw?iH<O5aS<d%_{Xet=3)daC(dqlN$M
z^Y9l^BN3{?wZgfV-o6zw^bzzz$#N}CPnl6k?@gV9_+!j^0JO4<!oeix0`fW$K_aMi
z_X)S>pZ?gR``RDZ7@z;1!pUL2CzSi*77V%f%+slxAXH4iL5z@X_>|+t34_6K@gn!_
z3j&_5hJZ6V_?Uq*WvCDMu3Elf#CsAAyHorS6nUz=g;Y9kA~b9d;AF6oUZ@g@;gZRe
zA(^s2_tF2&4!<HT=P#rdzNFCVi2FXI>GXD%!P_@Rh8%LMo3uWp*sIR3;#w>i>cW0o
z4Xi@47lu45BV8ZH)N+)2vBf3|2Cp!EeEyI@<|*6E%L)0;LO=^UOknS8%PS0cv{v~n
ziVj>L7%oy+XTN?qco^%~G$kEl3Qj$<OA<y$kO&C8ui~SRei?)$YG5M!mqom{Yo8Rt
zl>~qVeP2IjXQp@iMt*F)4=sH^$h>p%E((AF5nK%bg0qo)%ntZ-6qZl-oeL!r@G0FZ
zZ(m#)Xau^C%s%%lF;58M;?IE_;f{nu8?oN^k-EPI9~Cq|Slg5ZOTMKkm=2hw?YTD$
za5%ERi7PAuiiO~+8FGTaMq=^N$SJ88Xt6ba{4O7w#xUfDG{}OO@MwlwGhdrg*nivd
z92}qw5s%r~-9(z<E$A2}Qdli3-&pgGs~lTf<7C~FHy;V=FO7bahL83Wxu;9g1-SZf
z=(z@l7_NOuM_zHGH$Iw}unPLU%ark;{YR|_lwN~n=hlS4vdPkE27o$OeCVM<A&^8x
zU}DH1(*_gYvz^o~BrMhp0WBVHK^I~&;ED4?wD1tzEIDIvBk7~()c0+M`Ym9NbiCfa
zB}UIR22ROJnj87sq2IJL;U(U$(s?Vu0--Ij0{agMGwJ;r-vy0e%FZr7eDAzS!qOme
zUW5pzEdwQ-wHq1%xbC^Zi<z%vX)W^iH*AXdnG4vku5@QWBHr62h)x0S;ffy%2p}GB
zn1}vmD}dySA(NA%6J#%dKT5&eS5(tq;q#3;D#EOpbRaNoPF;C}ZVN10UyAAwMAUsF
z%=df;V#Z5ZOJKAW#E_n~DxHm+#WyxxFiGG;w8Rkb9!%`0_f<9r0!-+r0nt$ac%JmP
zZ{GrC)TTSwvK_~5of_cF#QNKa93)t8U%VG@fODj419tXN4Ca3jB{?eO&?7%b^-wy@
zJ^O7s#B*Hj*Zx}aK+@C?4UJGj7bL>z`}?s30jY<UB4o%i#6A+go7{7V7_X)HU=To7
z)M){}xO%{_wv4-BIlm8k^9~=)(*}tk5fljzAS>UvCvpo9rGGmGD(Htf``tj`+!h0a
zC13ycEjCcX+`lBn_`f?vh)uKK*)-q|ne_hM$pOK;p%Rc_G9bZUYGx;%boSeVP|!DU
zz%Iu>H#SX{0B5ruoEF{({#^@zfC-L?0){ZTKrn%kIsScEBlia;0JN?(wy`OW!Q^h3
z>F>j^fD_kJhX^|3ALxtyZ%#vy>X#k^x{Nt=--Kl0Ai>5H5prLhcbcL1`)S@q8ho@?
zz#-~Ng26qp%y){$@|$K*LQpLoEyTu$?!c6oN@t?n8tAtL-@WsC5TJ0*^1|Bs^c9IU
z{bibQ#@{GCfJF=-LnMg++}DJc@SB?$fn~NHI4UOtqB;Y)wY8xn1RgfU#s4-83l5MV
zZVW`wCXhpp{XmNSH>Uyd!g&x001v<4&Pw6I9qxyQ+}GiqO;7wbB7^)6_X{!rk>Cj?
zJ3A9#K)|w+zq^YdXh4F&5`dz{F<aBK5J<`?GG>jqg#I=i30UhLDYmB+MD0-kfK&ex
zf8%eI9v010<<2q?fJkNCmU+*k^O3Lsf#A3{|2=@=J_5t=00RPsW&S=)_<<<^`tAh%
z|FR1Lu>OBt(7z2N|8+tC-*rLHt*yy3?wc1-E&v?VH3lMJqkwfG{T8^gp@FufCok+D
z5zr~;Z|u_>Xsyv=&$$DaQv${bK)=87UX>F5|8Vaxz$|}bzJM#eGv7N`3RDFC#=HG5
zV@-Vu?W*YRXC@{ikzLkXFbCiZi9P?9u~711jy3%6SQH!L=kJ{O{~*E0f8)Xc5z!mq
z1?BvQK`^2?g5ztS+iyn(_23o)6wDw%L4^;jeJVWo+Q|C%fC|(*e_@G#i>8dhscRO(
z|7k456r@UQ`b|q-3q$<;ofH3`b?9$V6bT}L)B<(?(;%3Ur!SpzMD*Ks_!=9a0H6>L
z0lYZ(FtK;TC%z<32mPsKnc}(r?a7AMkvnI7@$Hy@0BmIjh`J{MHv#(VQKo7?0Oh0{
zuhbNGQRV7exSbDDbOsW8#Isll^X8~kSW1J7w41DoH=?-;*JFz1PT3rWDC8<EPuC)r
z{Xa+FkfPwye!f7#>G-^t)v1S>9R5bHEqIFIS7HGsOZE0muD}LT2!DnW8gIdXv|{uK
zNQ}$Qqo0P1p@rVcuL*HKYUSdPA{boMce(WqwOcLhz`H$e)M-0Qk=Ri!s|}Y)V%6Z(
znwLoS*fp@S7{Y+$*p0jr5ZuXY^>?^RHVn#JkYAnJ-eBHa@O-gsyhS+1@pHxeHA!Nt
z%rAL729iv&NAi#Y@MHNEweUvLl!r$^UBmkuP}r2k=J7ut4^srEx~Y|$#~oMa6dn^>
zTV3_V1>XTPzK_8C4})4>K_ej47EApmPv}6OPQ?j$8}F7MbPeHbb3KI6nDyDCK=X!m
zrl{Ur*2-hjG`IJw^v={m+C)k}_gO^Z;A+~0LC-J71Ib<WCIEs|(wL)MrGe@^t6TaV
z_%>%Dg0vN=#osmR2#ev?r&KmB+#ra&Zl?udvX!eHC9V84D-82EodWH#3KHYLP;%Ig
zcH;P>0*VO0EDZ7U3jly`1L*KyuuYiyyGGKg(ICxXQ7}gRszrqfS!jqS-)3Agx{Z7d
z3N8As;iHO=F2AxXKfp{8UtC=QPQ&pxfCz_#!H)H#OhD-rk9{4b&>}#o_IR6paG#Wu
zMn#TFjd}W$nvsZ(a|lF|VK4Z=VXX^SegJ%?|0~Ky#v!qO8Efuu0p_wEz}2jCb)fwD
z6J}5qeb8hi_Q3YQASu1X<!*|1d?NqIQv}<7tUU1c4c08O_^V4)5NLD)%T`!wOxhl`
z4OJdwGJ4%W+xe(Tk>h&N%_pca+#IwM!_^5`m_cl(T%`!iHfi6TRI<7ucASaI7H!yD
z9$hxBDlzA>CrC*ZA5j)kNWo${5=K)oAz99FIkeGG*g(VEf77aTq_UIoh<zPR+IUo8
z7tdL3tp50}ujewn8nwAn)Y<kluD|vR&^417({z&>RI`#!R)1yZnUqjM9D_F{p%>iy
zwA1j@(@vjx&q!jg#1~p#M@bTq=66ab`wmE>ksHN}sJsQCGY*x+{s9GrFXCSb1F4%k
z$~htd^OMSx%%{s?zNh_a&$J=!hDkptL1KazzI$%;gVWhBttT8}2)~MshZNUPe$4*j
z3);957x#?TX%Ur3ncgeLZRO!v$xs~H8!OiR*sUMuem<CGdu)?sFb1k}kf_>@IMUCh
zVe9WfA%3M<EM(XdOG#L`LrPbFrOG~iVWjHqTVHfG=RTKM$=2uc31+umtNNst#mIB!
z<Fin9p@Qlw0nB>laMd!?wtTXq)!vwjITx*hjTynrYkH7lQjp=Mk(<UE_40YN=m+?x
zgJQf}ljO%2n_GL!5#3zfXYyX}3!3fj>{kX7CSWg&nC>M6885;3>;$g+4;YW@xrAE0
zGltpbr6cr0c!y!3d82B?T)YL>%s4xuV#?TNIdh|?18A?dk3QJuP0r6$9UT_9Y1S~U
zWF~7AM_Ucrv&9*?ntUW?QaGJ83e7XPNdEYQLz+`PZdSV9fjU0L5Im5#p?KKlmE7fm
zG%rOJ0XhYd8P$UX-S9p>ajYP42Ya4w+Y+0-v=%&5(;uj7>C&L9mW4^CAR?rFYL20`
z%~)N(D+-gTc8T_pc98?((%vBeNeudXMNC*U9FY|w0EQl0wW-W}O|$JW_Xn&+K`yn}
z+ZT;yAax<zi&!-WWEL*4^JpLZp24Le6otU^_S)$}cX52keLU&V61Re{=G3aJmne-Q
z!$w{mZ2cxsdT6IQ_waP;y_x7*-Ax;p?aT+G6}3cX&v@Y2-j8d>lT2GoGjE+_%UlOc
zuR08YR~B@9b<OznSw63Q2;gn6uzXhH6&GprX{Dr0R4hh1X6;y0rC#JllrzJy5GDi*
z)E9eKBE3QaiWwYM)Ico&SK;@<LAD>C0ZgEhmaBUCe7VXT$Q1O>9|gC|G&f(>lFrY}
zs`AZl)!vs0$3^JC3G7};RI<`74<M`^=95*NHK@7H+lp=<RyLAawi<Lt$9d2&3nH4X
z5Q?NuUvGsiEqiIX<Bba~x|krK%@#DM(pD8|^lfo0EZZ&f7S@F`d9g9suT)WpuJu$H
zU7b$v$)y{j=IFWdFDFnTd)e0{xM@(VCEJOZV^*W*&+ZTRml!O4V*C8_sW}NtFHidL
z#DPo~9Igg-QtvMvL;%t<c5th?I2glMZXypz?(rf`fEJM}J62ow6y!kD`3#@~_0$MR
z(Pt9e77Hkru6GGup@+IE1Z7F~)-vXoStnJ=)!ll!8LaxF<IrfnO0bw!$DvWh>g&47
zducsjvG<fw-EzyxNtT+AZDjX`?X*&HD%n9iGil$uVBR@b!{GY`UJ?~Df&F<qO$91F
zh>@sM{aVYb&cR?=&{ud~%Rc^mg{^p=pC+vY#WmRxoa!A8FFKghjasL-W$u1+;PtgB
z;3PdaVKGcz$Txjl@<H!_<E+D2G>#}CE!(WKhWUA_Aa%i(tGu)tr{LMaWMJXyvH5`P
zMnrdER699$WLXltlrQ`-QjpFR%CYlEKe)TFzRc+82?U5Y@&m{T&6y$LG5e2HEY@70
z&cZA?*wJjS@)Y>m8v7+s9Ehyx)T*O1%lqy+R&esoE?6<En<B+CnPuM7wl@k_qCJ=P
zyAfRI32gB!T+CVz9i8<6^~^12p1~X^22ChPZkKq5E~__0!?o)g{bNU*mL@n==~6Al
z)so!!y(Kr`16E?w(L?*9+tl{rkpygU$Ya9+8Kf9=qF2??!=rhUWLIc6{0OEseu}kT
zy0)>@p5m<7$8lS{zTIPoimvJ6=`M{5Pgp%@e_5xuw|~$)9J=hs&SVtb(dR}$@Kn;D
z%gp17fpNWH+b2eq&vtDV9a-sDPvu=YP+WVat#1b%i1>Oz<_;jdRF9#7*oTt008C(I
z!LI8Im#kSdaeG{!IZ$=S#aeRQNwI?)jRL!gt<Bh#yLZb|t9t5uX;b+H3szpwy(q9_
zoMZYkQC@uY7Zt!>-MxKrNJf%TSETUk-PsQ65-qPU0?0p)N7udDY2-iq>g@}Ueu{<q
z?$|E&>f};x`r)(h6m>6*yT^>COLU312w&Bw9E<gx{^THX6FB{D4SsOhRXHeFJT<ta
zm*Pd3w0;^>*l?)78vRx0+4N3rL(jR5;rZv3yXcShtEBpfg@6Dn#!4JqG?Nw)3g9|a
z$xEOWDJy2cDhR|QDr#9{Fn!&5Ng^lGUj1!2fs5oWMnL6w1`AI8?e0=y<dIQ|m#{Q%
zjmH?djkoV<hH<5Eu}`=Sh-&T@tjCeo+Np9mNMYkGSnpuR%F3kaZkV@Se1xVF>^eIm
z^K+Jg-At2IMo|d7KYUzhYiiETXz5ehupHkbG0Nq$zC)KTe^iH#Nz)grU%hntbmdrH
zrbERcy^Tx%MAg}~`SqmTnMTQ2aD8%~e>lao<*?Ar<sqhuT|b)xL0g<F+Amh^E>H}z
zW-C=Au`XhvI$<{f%Q|XV1SlvV$9)1$5@3d4J!UsAS9x{;&d0SqExT=Mhjj|+Pzf^%
zKyw%%ML*48c^to66bhoQ99=E#OwsRE`zN+oakE{16xgx<WwJtagnHJsm5Z|#4$U8y
z@(gv8IzNPqDtFRY#yig+DLL<bBWXdPpna?#+J_07K#LO1?{gN5je=^1z0`Z1@n!|2
zk@fC$S!}|W!G+PHL>fdGl2^;9Ia&>xit>R(E@|$^2SzGKU2cy(WCQ~~eKzBCqO-z`
zzC-BGv9w<c3uOC2I0AlM4fx)Io=>A8m2GOR)Ud{dAhexc3*?gaE!?3c688$5*;R*0
zSJZgFTv*;Ez{vq^9?KC~9{07cd8{XBNNUWpG-k;>HmC%Pt`BN|P9@l0bz0b+M%lLo
zArg2dA2{@N57q=2KkBfKHw_TXt2Uk8H`y;S+ME7*`_8Ro_3iO;x|3G4NP=ZV*_0ne
zN@V$(Lr2f$!6lvT?#&mL7szp?bABM~#{`qp2Y3F3L<zvF<39}0ej&cUmi@3^$-V|#
z8_mzzPEocS?JNauFzE+s+(xk!rct;$1s3vpaT%3aI8G^*vTL(f!K0}b$?oN8%b38S
z+2}~VMJI?iulrhiGBwO9vwt42Tk+l_f_R4^l{#r|Rlw!6D#osy#;T1;=3@lNar%WB
zw%bI|+~nf)hdo1@vjZWNkCrt@o;>ks5IzBznC{QABLNBkR_;~yWs$rEpab8u?1i_W
zT_}xdmgd$ty3pAN<q}#?yvbi_3FYZ!76$LTNPiKoYYCV$X=%5&Xh*YMF{moTljc}*
zcUkzV<g2k<6X`#9!M_Lfri0lTY+<XLyRGK$c{!^;Y1iO|&`aR4taAtsJ4CU^DQ>Wy
z%^A*2NXtYBkh%B(LEvB#ptOxp8w*r2b!CwgqW(+_N{d$SJT+gVSgK~-$x3ejT#t!h
zFrTTCy;~6VdKN{dtB>kB7Mpq_&*11OBEb-F@TN@bgru8nGpu$9VeWNkX)Rh2?l)}q
zRpOlL?v`WUhCO3xxmf8?V5BW)<>2RR?8a<80Mc7TqKlZ(E2fHh0{cDRG(o;!Fk%K$
zqPH}z0LlPn3Y#_nus2Cb3y%^od<F<MbqLyRXHY%a^=ct;XK9yjzoX-F1q@SClR2%i
zXopW}B%;oCZQQ{R4g+Gs2@Q|)Wosgr!ny{<aS3`BK8tBbo(X14R$R*90$m*33ip$N
z!iq#!+tV<DI_%BeO9CQuY^7<vvAmRw$&krbq3%hz;5%p|2c#wYC_sJvej^7CC2@F_
zd1Lr8AaCcG>g?xJmfrX*nd8k8P5*L=9mT@gEtI(95IA8iudtHN(;5PjVWX?qI2p+1
z_BSO$yHBTCyOjgccY$cnsWDFNj(_#>>5c6o<yr@IVSRX+rm#%1vwh`u$=R+-?gj=v
zp?LbRqM9Y`UhR$f*x?Haaf24AlD)9-GH98*T`Fe3gGY0nQxpQaNxOfeb842gnp0&U
zkXg68Q}X*7%$BPQl#D^eNq?vk{9u>je$AS0%%#A!S2-0nOe&_;je!8|gwwmFA(UNN
z<Y66`e&3bCCHeHu3kVvF%R<k@^&)rJ9O;b5rFj)sM&FNF_x0PH>S%K5eg;nJNRH#q
z6r*0(?RIO^5)g-}0NCFj*Z&ZL;=QryAnlq}2!{XFuKBY>l}h4`n}SDOvt27V#(EL7
zy@730$4Hc9|FAx!RfcocQG(6HZk19c_m*)@X|h=5bkqtu&>lK)uijl|OvNq#m6ylk
zI$?v#=B+|*%4z0lPC%yaOTA7j6PSHH@k(=;sF-&_NKI37^n30@4`X}7VXJy)(bBLS
z&;||XiDJ^P2ta*T=I4b0U@Xv#HWIiiMaey$&^>B9oJ;6mE4^8r-s@z@@9T&wWLgXY
z;mEPe?YYwDugmA?N%QSc?&3rMRTmh9{Pz82y=S(TQaLGt^>e7zc|ZncI|yfSqGLFu
z!`ACKqXcAOT|Lx${OV1wHM~m5dkuDHT;imbcKy;omZdQ*#9mk7Dxtr4Ce)$;mMY}>
zz1e~Fe7^@XT~~&u=A`y5{EUZ}x!OO1iCJ87o+XeBFs_YPsT?gOs}Fvuv)`~+=}TLu
zVQ_$hM)2|$OqXH{N6HKkXp!o2#S-CtXDkEbR&~lAd%lq%S7M0jR?dAeax}C$BT=%t
z;>HM+fr>Z3Ih5dd0eP=&BWb%~uUYX)^x<l*%nDY?2oc)Uu=gF2NqYquNC*CCED!^4
z@AvMWV-4)?=!wiwU+z^X_2D%1B~d4^P0|>7vJ18!;(A<r_QiVE4S94l$h>kg7T&@P
zK}D7^r9*IY-D$8A%Z;3xDDi2BMcW1NgYL#;ek6foM}w{OqTv2PC@;-gc>|d{{$<JZ
ziBk6q-12Ufv9l0<+oj%XyVXFZV<z{74N=<wePi?wt8Ro;t@4=xxrUx|yp<`X+@~Eq
zb{?r)XMYra#;z(U@Qst4`r_nr9cii-H=pVsKMQTmZ{xmGV{t@)_4L?y#asX^izZzx
z4Cu05Yb(&<wiAzJ=~lhNOe@IiNUL#KWzk~7t%sdiDc#2#yj|tf%;B?+)50O#SK2Bb
zC!@L*R$iSfhaHtj-@BXRY@Esm3|vLMB?>DQi4ykh_u198_QVI50zz!tOeg|M7<nZm
zZo>?@wv*(uWt9L9C@KNZ^)`yjuD=qa=ODt*D$Ck8FeU@3_2v~)@+uZ(Z_{)2L0(5R
zOzx}a=L<|K)bSLN^{!fDnr6N0<}R1B=*t3jGwXyB+a~?9PEp}42;Hh?tCs2Qu|#Gz
z^7XP3<JUm4Jd`>6m4m+(-z<+-Ny{cY(c!0<N_+Wf{p49A&fy8$eCtlouM!a)GJQrG
zUlFn*Kq!IAUTlQ}C`k+e5$jbKJ|Gaj#}8-*lm<HuO9^SNvf)S~C5ao(g3PC^muho2
zHQ>a1V=v!s6+{d_ZJx`%1^Tx#b}O8gWRP22Or+x4E8rK*Fbn1Rz&4H{VfJb{f!SJh
zf7*&a-``<eh07{5NH`cLF8*P!!NFqdMSO(&7sX0%cqHCiZZ#Y_6|!nNkm8|~hh>9=
zWt9bAeQS>>r1AX{XwrXy%7e`XxMqA*UQu^V@vazsN+3wezHgKnZs>Ar#vKnq`@p_g
zIjldlyja=Faa20qT=_;&e_X?{M<rT6z%jhR4tzbd)HZ!sAPo+a29k}FuS)ihXiinu
z?YqSCGxqX98351J-x5FXw&fUa=<r7gCZUn)UiuMBjJQ3bG%1&-^^aI>Wnt3kB3ejM
zfY0-vJ;IA{WMx3ZpcJpZ0UBn?{^ODX7qW46zM2?ZuOppB)b>wajO%j+N}o`YfHW~^
zW@PJUqL0r?Svo~6jamwgmgk9uOD;pkqFaNvZ?#jyfg>J^p?lRXHq8iGL?{oV!ZB-(
z7zJu<z(WsZPRETn`$%mNjpN0{1cI;^4x`C~;iuK}ko2`QtXCPbGG8h*kOC_}DS&mM
z1EHI2m1O=|lPVywgE)8rIDB(utvQ$LNdRcF)IEH}w1EU3F&SQo@0(p|jnN7Quyfwe
zldaBFuFH<ynjLk^aYxXChj}y8(8W)Er>EI(b2EEl4_y>xP%Y9o&@P|5+SoKn)ayJG
zC9-+{keHJ`ch)GyO-0(uPG_vvT?T*^j4$7t(0MHnQe<4WDovLlyK+xrt$ob(l6~_G
zpMZuz5EUnOTFf-mCo9F}4Uy~lqd1O|j5H|}RZpPy^Yz-r2*Iho!zpotKKO%{CykQ2
zouI5lMk=8)wNrhjplqbRFX~vusv+;l0=8<d&U(?CG|<yOiXJEc1Ei4h9s>joI>Ed)
z9PhNq*Zlj1;o-0hFG2-*BBMim?O_U=Q2WqjGV63+xcPLRnDygtEwqNcRN<8KGAPol
zMz@UZXS>FQ$cV<_?X&TFSjPer*-Zib7VtDA942x$vde>O5+i!ws_@!|0riV}dst##
zY~!1%yizeQg>%h|d8awmkb=L*?*;!qNggCDklsxaMeu)nH~)?S^M9y!1F@xF=K@fx
z{&##PAo>1}cnm#1!jS)_lLny)K{!Bvf}4Nr1fX@k1Bw{)=m2f|-!otkA!M#E04?f2
zA}|0<yEysHTG8Jcdl>t45RykG1P=n?!cYtAll|W`ECKr89S`K+F=74$zyAr93gFK*
z{|&ng$U*KnK#@R)BJ4Nf3KfI{e<lb}xc@x^1|Z6fSigjnLjMyEl~|Yf>SxZq@cRos
zfW7*smoWnJp-EifXGu-JbqIlmCBWi?P|^M^6Xu^?x#0hVO7$l;|BDOxf24iPLh#@A
z@xLYE{nrKk|JVinM9fY9$Nvl9KVx?O@7z(g4>Z?qQ9kp$fv5?PeaU4>6UH%DDc8rI
zN7ddoQ7}5q)l!`Yb$f|D9h>J1K*htzJ6;McS>ASx`P}e8;!(#l>nTc#4!o?SC$BtK
zCu5fTyw6rtn4AEFTDF|WBpqQWRUQHSCQHfl#-;ot0h1=r)%x&ERGjZ!7rap%LfZ_M
zzE=$itLD4@d6J=2(N}EJ@=5Qk%zly)?`$2DQGcRiVkIi6s&C4yb80J(hPN-4vVl%r
z*_sKJHIFWLL_;_zDD#J9%?eIJXCs#-TJ*KP^r19YuE(}(k5DR^w*;*@g($I$anTeC
zT^%{l45~?!@>zjYZe7pT$#V1LD9o<gQ`{BdXPI7^5y@bjb0H}lUtc-77S`gz-k{xa
z!teN_-R(dJ{4e~-u;RvevpmxD0QBg17Bj`ltj^UR_17=P6)H7{u#@BH#Z5=DX`SXg
z8n~}}g2mWS#)dJg>OEXxLvKBLD2wekh7xy>2y9=+z7g~8f<+sZT;y>axh`(o%tde;
z1zY|+#)Bl?jK@ubhZne7iie{`c+hXvNIK8#Mm-T~Ibm;HAdJJyIDnJr_AjJfK2B(u
zpC{4z6;ou!SE0PoUFS$L-A8m+qMj@i!qZmslG30HXGmMS>2OW!D)hKcuP6q$cs1Uv
zV<P+v!Qw5sHT%K2UWP`(un(}wTKDJ7av_kOR0}#twqV_we_%6BICv$`jy76r^-8r*
zQ`xU^UJ%&Z(fm@<AuY!F<=qdij3AVOztVAl-(=K5Uv5XHv*13=%;j>5>AzuPFw&}F
zn^!^OwC2TReHhUi9JBnYu;=4y&F*tH$2|gb)wsrmZ{2jC1<`p(CX#{Q45dI#W0A?m
zHS)K>qY~QdA_|jE<y|V_zCOIZQt}F|^@P2#yd!A60pQ7>-qCvmwtTugZpKrhBGqGO
z)nmwHEwjAPxP_v^lG37&n<G{uuJOyQ1?a2FaK0~a&uP`%XEeYn3#V$;-Hy|&sG8y_
z^)M?dN;g}V27^S<Z{;9I5#_#6`x5r1>7R{_S^@xo{Iyt1i9AvF5RyI8s3vRX)LD#Z
z3vz6Sd3^|(o^@V=XLQ=-zOa-Fhm=STdn+P~r}9)v0?fxM!%KN@%_qxMBDE)j=^Dt1
zy$&0CT&-$Pl3%HozC4=oECOmM20%wWW{Xpc)U4nQE9*_Ur<0K>yYWG1#hfSa#Pfmx
z-+)&L33K?aWZ6!O=boF)E~ghUD^ex>hnc?UQ@oYFfxBubP|^vk8ax-<D0ob#HY$c~
zs}yn4964``<}2ne_>x^${k3m@s-8}|IZf)8h#cnHTpn&&8T{z5fg~ks7INeBbr-a4
zIwjx&goZ0d(fS+1h#9VBQh*9kF|jkI;Y4WSHbz+-H`!mEDZ6G~();`f4`i`hxep}#
zE9U7b!*N+j&!;WM6*jG8Wjt>^zF=W{S((pA-qxNP7S+cS92a^B_e_s}VYhM87;r4u
zajwd%pZaz<&o+lN=hWBN^ATvlQ9rdP{o*oT@^wCGvc<79d*e|c;q&R(B?G;Zkb0at
z-yk9;&K?R&<a`P#s%Qiv0z74{nfm<oB;{kf6b?H@dhTrJu93XnP@Y5jNso#o0~Dr@
z*`=i;+eSg$7sp4%dvk8jY4LMFK4bLls~cI#BtL7u4C~2oQ_rh5prpj>iK4^>$nQ**
zWwgEt>^@yRH=l7H28Y%I`52SahYQY$TdRg^qJsE~oRp2Im^gv#wp*g3NiVCh@p%)}
z!!a!{&=FVZL~H}i881CqiPSk?DA!I|#&FG^$CImqfbKNjvc7JEm}ILNQ-t;|!DmFB
zsw<5!r{Sxspe=^HJ-467#4FTx1Y1T-JArsATbq#{XOn_A9_LL>SE6lF7-jFJpN^<$
zajM&D(qB$nQFIqAq%-Ai*H6>hng>7A|8k+xaIkvQwC4$_kJbCyXOD5)i4tBDB8Lw5
z1Tdi6v&YrnkV}<6<jI})y45IE?0x?xbd^TrDQkNBZ2{LFhCA^nORJd|{oZ9aT?3LQ
z?lBj=<&@5)g?@v_DYFywl)z@(8N1n-%;Anxr0*UHD07MYTJw7R<`PzLo^?X|8ca(u
z{{-{eoEMOEqSW!(%204u^AbAGl@L(3lI-K;OqXcy)_;5CmJ<SUJL}EE{JFWtZoLoF
zbaj0;JM1pAqa!evum9n~%Kt|5;}aHI_EpBG@d*Czywi8R9>sddFGxJ$A$dVKZ^1K}
zGMA*$$}hiu$O!xJ%9k$+b09L2qMeQx&t-$RusgqE{_VilLo3`TXx;BE^K_bbt`Q8R
zyNHP|Q`d>tR-{@2Lc`yzmU|D1$+(vyY6(ZqeG-sa-ELf1n{4Qa(el7dWN)*$ogbf%
zermOmQu12H-I7V^+g1Ya@ls~h(Q5a}tR<Rs(PH%U5y0|E0J>oG=bq-nyK+_CGyH-w
zKhh(U*ENl%N(G;2h{}*z?K&he&tz=Zuv8}nh>SbbQLe#Cx64<6E){YLVrX^AQTdMR
zwm$etyZYG4_iy=N_QZ}Fd_z*Jw%?)Q+9}e=6ydKYVx$S>kfUYa%S(+L;=Kt=4*{`c
ziPdC%f+x*NwDB|~+(AmO_}p_gbz)avE$<Y^v((<h`m?cojKt!2-%bByRH<8aEu>~Q
z(kR)DGB&GwchjqcdBWN^&!L$D-`20)Lf9$C**%e?O^NdMNrO{|wafAMET2`UITN=H
z*V(r&6@&dJnLJMVKBfCClkFAtnTwS3-7ag1k7&_6`x1Dyq}eYL^IU!k$$WM@+kV_L
zeydr*Q>KA|1<yowJ2S9CHEC2h>r>^LXTRlOwyzx8&QoWFD3IDg-Xw3~l!t_s=2S6=
zIeUFJO|5J+b55~RAItZHmXqC1@k8R|>0%FUpOsT)Dd%oB_@a#MI66{tB9%V^<e_cJ
zG1dC2o6Q7c>>?h`r2+l84BgGR^rPqU_eAnz53{Bz_jx4O#CeCaFcKj|wy|r6nj8Gd
zURZ&P%r(iK#2c91PIskE)^UewfzzoHmwG9mfg_;Xrw><(zpictt&+t2ycWEet5<;@
ze7fldT3nB0+?uGb>jmnv7uP7hB|YM+-Z=b(_Wc8r%5T@tN@j6FAMt6gKvJ|lBOo)}
z&bf6d&g_uaNGm}kc=e2kOja1KjoUpXuWl?pPAQ8bM6Z{Ip4e*<&(8lWwCAc4VLTo)
z5ax#4W?+RkKDW&^N~SOsLCNHHX1y~@E35_{6)73DD$C3I#Waui$R0{f%sb6+RGGFL
zbF%X<4?52oS~3DI1ZU<nZ}-cxnELAJDXfcP=v3rP3-)hyHP<-ha>ov9?2gwx+!SR3
zPsY`hh+MU`ttn7vH7ka5!%(F5f_r;MXNm&-;bC3nlm_!bEs@$55-9eYgq-$6kpdo;
zUT8m)LwIvO`6-pN&Dvw)af8PIB?~DtYFTUzHh>w1Aw3>AQ7h+BOF+%c1c2jB#aY+L
z#sFBj(67*d$L{*0J=bguTGn80u_?FXa#)WA0WPgNmip+}g<9<N$FYL9)W%9OLYizK
zoaAJB#*)2A8D6@qmy4+nJfL%VwL<J04$2cTjV@so+*<vV-WFCJ>JCyLEM(lg;02)K
z)mGQkYV<c9_q4)>ohm~8wos;)w@lu?edhpuEF-7NhcKy+^-HLwJU}IMu|I}s8lAKz
zyavTu<ZX_s(b>g(uvQWF7OdDRh}LkLWzhRNEgX8_?MsB{>PAp>J7=5EaezwULC2eb
z0sMyFAoHw?Q?5khlXdt*dW!E;Oyr5%jr@YCQj!?h@qSyz=;;!)4Xp0*Cw9m0-Gr^A
za^>rNicF7y1`uQ65&*W4Jo_DL9-*Uk^^Biowf6(vHz6;pQZ^y>y0e>hTaUAZmaL{I
z2Q7g4(68vm{*ai1wWNRD_j`JPzNeQ%9DLwW@19QG$#}mz#k$+jQWsjuaUJNqQ6ugw
zf7-PFIY@Dgsk?a(_L@Mgl$+*=kW+VJHgo61{zQ8SO2YT^s3h39e;n$?HYKzBI^SR;
zQ=)xBicvpn`^}UJ|JPkDm~`tyJa#{eO_^)UI3pgd>m<Ymt7DI3=Pr(>HBE?`v;I<Z
z2)F(rgj;{Y+cJjb@=d}%8t6LmTi`h56cstY=No-&45TEsqVrGfq!o_QJ3CjGT{AXJ
zFxY1JYF5!%DIz&H_S`CnJeCQES-299VO>(Id<rSDtJSHG`x8|j(?)w%oHA=HSD+;;
z0l(Mxvq3kI4vHMH9w6L6G8-qV=m;eC!r4|TB$;E{cbxq35N1#e1{3rJIg87(fx#~A
zXVUjdpifg=@LbbE`aSx^k>9y5dN1}{yU~W)PBa30kO$$c+ibLnT^3<Q<Wo2G1dh1x
zGSFp>YwUJ%c_1=?4Q5rxWGAdDBOWj_&1>hwwLYgqPVdU<OzFDfz6a_qke=Sz5U4};
zTHVNB@mf9oxIq6IrWfObv{Dovz?F$E<v1J4qt9OXE($OBxS6`aY2HPG{)%rpIC(i|
zFESLA$iXq_!1MFm3n+AJ{-kI6^c3{mPR?sJrTqgD@7bJ(+iIoz&q>^sKJRX~3ge1{
z2iE{ELK4?CDNV^XeGGrS_N=KrO=;woUMclN|K=0hJZibc_^Ca|_qV~|?*-#qtMz#3
zNjbB(Wo};1j9PEN7|i-N-yte}BEE08kOt05?g=GkVji{=Xvyo&*OR=qtjkebJri={
zEH#}aAI5A&BWMmddE&XsK}dFNIWT$)aO<L+ocj)FLi>*2cd%t_!Y<hs91MyDrX+d|
zzHM5nuQ=^^_#xgZ;6UB;<V0n5tDga6Y9A}e?ofGHElEehrER;jfKgu9<cqVa(2}{z
zwG*YJ)t|T>xHZ9BW)yH5G@w^IF6H4%s$E^X&9%UKlq5SA{5nv|p|*Vcw5EEdp!<uU
zV(CBu=((6%NTQi*oU!(|x*Gdp)RUV1-Hz|6?T2q;G@cw2RNH|)npjP<0ysCEY>0=C
zws{NdA90U+oz8eDRn>P##q9-sU#&z7>^nyz5bxP9=q{+{u_F*}u+nti7)`}hTWyU)
z5UWqwIdS<2;lTjqmmaTmNPTLh1t|0xj@;_2$}i{84yt^5x=DO6`b6#vi6o+e&V!wy
z0*cIq(W-TcQMC()Ef=#@KmHi>`YpxD9(B_3&Ko_p*n>6Rb^;G)dRDEJO=XK3voa6H
zax!QH(3c^4{z9Rt$gyO^wx)zQ{MQ5)1>&0-dNn7}UpP0)r>04E(Fk1))N7W^=mOJ2
zsHa&cUak^fKA+f)w=A4$8&P4u__5@p;woU*bI@JWv4!-_aVs=;Slh{WOcjZ3ZidcS
z(CxFIcURf?d@PdMw#QUxN$|7P<ku5hn@dX}7Zs(vd)wNl0KGQMZaT(cWeg9}U9qpM
zG=Ei<%)Ie-aQ#DmvN?!(xj@^^O*vqeX|bfgfw_ge8g6UicKz+?n^h{0C$Q>z(hpl)
zp~}lF(_5fMxGi0O9t8G&FznS1cibC~1h3m)e8r9Be2f5J;sJ+tDpsXg$FuvRB&`ND
zd0J_yY*oZr4j+}kFy0l)sJ!lF`KQV_eBF((Z$&Yor>_Qy$WNKO9tsZ<NpLz`GbxO4
zk~^I=P?o4pY>_f8^&`~vXc#w>!cHCK?6?s6yr>6$w)%aXlh$9F6IOe-c19JYJQwss
zRIun$5)nrl*J1rL5>>N{4R4CGy>n)JyRrO{!MbnyqGEUa*=MB9=KfY9Prbqn2Ps;%
zG8X%x)a~pgY1C%^6mQ=f=@h4hD3veiyM+(}bzsidFOdP<xSCT8&IC7tU<~nnOz(z}
zJFKdBhgJPZ4;2#VPzZXkp^sv;kw65AttJ5Lfi!it=0v>EF$uk<C*X2)exo}t_w!UQ
z=eDL-&w-I)!BF7VR=;YdQ;WPID5;c)KWi&mYf^L2+c)H7d<tz)tk9U}<h-LtY-_<Q
z#DHgM1k*RotNLbo&(jz>rg)BEaL3JY2MY^t<f1*vTCu8yYC95K`2}t&AU?;!`7vQV
zk%r=&eu}=a)yLo)?gs-zn7vMu3=;}9HBSE*X>T1CW!J6`KO#~}mo$igw1RXCf=EkA
zOP7Q+LkS2-i*$E)#}Lxp&Cp##Hw^sl(dW^3zwiF`{*Gh+t2Z<2Uh7&{oY#4s!_hpv
zktHG8*o}dD^3>?S4Rc*Hwz_)Ua!f8JT*a+{n8762H&ZGaDSuNkHz{E|<}6zK)@uC=
ztS4lStyshyV>8kLU}(6!e?B58$v2sBu=)I3O?Q!Ru@4dQ0w2@+{;CObD&nd(nKQ`@
zBw1$l#3WmrOo$=!3-#!XWn9hc$Dun**4bNX83I9e#Ow~Q<Y(EOa4tI=(|hq0S5NBC
zRFTZ5=sK>hiJ-R>rnG0dZacCK-`(nnLhxj-W==S^4JN&Y^kS~AQx#{sjY@vpl<UIK
zSDUHsdu2PoFo5%GEW(vDCA^OHDNbh-O7<|5E{P?3Wk&U`&^TqZf+DMzXG4dapJktd
z%<Hg(2$U91OlpqM7T}vVO_k7aR|A`(J0sMY;CUu&>Om;xayw=5G<WG>+hYN3+iwc8
zwbCFX6Izs2<tI!0X2+VrrA$Y)k=*3$ieDVAdj#)mBm<CrdG@WTzD!tlotQB&6~nen
zh2TMTui<-<>L5_A8%{i4KFDar!1)dow$=}>4L-g;vF;+|-rNbjUYUabb7ueuYl^P<
z5&?NGnrywoKZq){k)W`r*imW9HdJe^hTsl^0792}miVT{;?&l4GAN(o@L;N-4!KU#
z#XRUm15yj)Ew7v$=++oS6hw6H^ilcd8tF7rhQzWUA4yc;WbZG~BcD?;+PEGV$g8M<
z*$y;1`#QrfcP%A6>D#t{t}K+Lrp1o&j%st_wgT1DZUk#(fw{*rnYi!kjsE#=3Al-_
zvdX2#<ov1}5{XXdze@|uPZuTYoezB7gJ2NYU3i^U4R<H$%pa0j47wMoUQ)d9dEfe3
zYDeIUV-%_%+2)lxrifqP<`~S^+=~Tvbumq-9d_$DpN^?dCxFz#i>Iz3w)5A;BhsTp
ztj@+5G^6b~sR~Xh>d|nK{hm}>2l+I|j_E->gE4wjPc5*x#0dE_KXTX4n)c3W2kEEO
zCw!C(1{51h@_G2!+$Q@^3h$*UUMxJg=IC(Cp6P`<d}TSHd$Ml~=veF$Nj?T7Ixe68
zGq7Ls?!hi&%GIlr43W-*ZHl_33_2ftnVInh#ptBi@jTGt2TY=2LakvJO{0LDtqTVM
z-2tv?I^?wn7@<M+LW=Q}ym-RJT|47ziH<V^U+(7{%i=-ZW`GQJ^2MsfATNia^@z5r
zl@6#O*TxEyW0;Dwq0YW%jG$z4GC#J#ayxn}HKlj=a9vl9;5uV#9fE|oGT5q)zI1R;
zpgI0vQ?%J-Xr8b$d6si3QXt{=!%t>|VXoox9Y^0E4x$o3QdQpVoNXj0qME&YJgkoR
zNs(B9bT|BPBFki>I7{Ae)&SYn;ja~H>mk@2NKthd!m*8qp)-6%zS4>D5XAesxDRqK
z93y;W>D^_Pbypb6B)KfeRVng^$U{yu^l<pV(X)%k(DBUTX$;a`5DjK*$)2vQMppnW
ztbuQ<P2YRGVnED~5v)`pY2CZ{od0IIx7d5;#U<wmxEtW~o;5F*L?L*J3No)#e-?KB
z4Z`*4zpW4YLG?np5ucil5V$mv18KgZf<o)m2a`A@oi#iDM=tvwPnYmF17uN-8%FcU
zxu^6a7<qGh&dJk{!;=sps>rN0tHi+24$jNWYCryQyPYaJ0jd!`$xXa@J$7Pl#9rya
z2XiWcuYC27yo39M)Yr7ZVt%4jc8zE9L*bVI4W1TVX5Z%kt%hYZTpL}rMHd5Pa}`sI
zpHY-v4Cj(XSm$^PRL!!K<?fqH*nTIO@NjC!YXi3<;_?=P_juX1Q=6Mt0_q|lt?0BQ
z*=Jc=iQm;BSqtu5Y84uw*$DB)4;}++=p>~AyXsVp2*_YEm{s*z%Fxn%U8;UA>3cm%
z4cA8RTLx8(Be?LyqB|Qp^RT#0K6NI|@f!PBgEU#$I`@HLp@(}Fsl^Mx){|4<Cb`P)
zaaMmRFd2E0Pnh7MQlehbA=zjF)vv3kVytU`seQ4x0pv!y*(mNI_TZ-Y0-_*3tkl-e
zW|_)-ZYA}8`6i$j`qMY*-UFLxam!Baoq2rOI<j1tVC&W>-1hX=zT}6lu6S4L5$Z}G
z%^wwppFF+bVRz@}Z^pEMhGW6p-R8&moIbXUHYeV<^8op%7c1@H5pp9wyuC4Yvvp|%
z@V@X`7oUNUvkbt#dC{|z?CKN7u4<$$Fv&Pm9eYr+Q_tt9NI0gRJLR>X?CnDMxMSgv
zrS}X)-H*m{e**1~6<Zy##7M&ku7iR+yyeA1l(W&WQH&S6d#93x;SSDn)Yc{aWA9{E
zvgYFVKgx#iJqX-Q#dVPXFc@l{p61-TM?s0s$wV@fR$V&&f#FfffQfBbAHya6sF+{i
zAo~LmOpGK*t3Dg!d(0Mnwa{tm+k#L%WDGfh<FwkjjU#aAmv~FC4DJ>rdv^~Dblt@c
z(I#cVad{jJi#1lsS@fL1C;G4*_@zmI=6W03mT?il!k(5JI^6*JTXQ5?^>vi7;(hnQ
z)v~ig_g&@=N@3uF>PCUfpt6>4OE%Zp^HtTiNQTt|k6dJ?JzFa%jAGPrqo?By$iZXQ
z0FlNw3>oFd0ug9UpQi%@cxPimWCip`O3|CZJYw%xKNKaAdt`UTj^Bqgo|#3T)kqc>
zg}hXaKMl3L&S<_B<uYBf2gBfZr4sXG0FAky43UB1%&4iUrc+YZOM_g$=xdUrN{RE7
zhHx@`lxd7z#8Z~6e<(su5XKKAI{L{ON_gB~AXD}XE&1t7Wi`ou6rhw%EE1qJ(S|;W
z=am+f^R?d|bxf(h>GAOHyc*OGeH5;&T1bKyr_p*+H>8fegcS$}PXr1KHbv8E>d~_s
zLImB%W>whuUsUB^(v?m?Ni54sXN78Zw;QyVEbW)4OMQg+;xv574P;yFkL;t-Aa}r|
z396;Q<6X+5!G11nR=#+REWl?u4|NLON4|E**~Y?PEpZ9n6tpi3y?_0fS)=Y|K|e(B
z2}+e+2#g5g^9l-9Wm<S=0Jezhfx6Wpm%AckBo;L)Veo%QPJy~|JX;20ta$afq)VKM
zTv9+IZbkM`xg1jyqmP@*P)cfy$1c^&I_?4s94%$<R=@u9SKOwD(hWPl6L!N(6uhRG
z>C~YDG@3L!be^IF$Urx$6Ohcl5CF&>2?ErpqN}-_#pS;gIshpcKqiWtK;zDd-1;2L
zHu|$_*;%H3!YSrtNlvnW`0aup1yi)vJC#_?VgxhQvy#AuxvxnHA5Dr91i9-Awq0ua
z8k1q8gN-JZr_nBv?3!GA8!P%0ePfSnj^c`rF58N2RHQ(!j2y4481o<keDk0Ux2^e|
zssuL^{Hsw}9uatVVDTxx@dI;TH=LW{&b#n|$@8+PfLi7)ViD}u0zmQNfNB+<y->Im
zx%?qh=x%Fd%VyeRLBQJ>7^b0PC9$f|&7%9#5Uhn*?3m2A%ApvhO=mwUOf_TPzK4Er
z6~7;+j?oLA-Z7^z55SxW7f5)L;9=3(yZRY+hL(&Zv{LjPB1(3WQ59U9nWkm@ic9I7
zU5*i~;YHp`m*6T(%T!X>%GjjFSD7^B*!GnX$z<V5k?R<rdrGyba;~JqQxGHDNTwP<
z3r_nqgR29jXayQus~E0K?__;;9JWA;6OkT?#f}a{LPqb`RYK3^L|UL}on>cnHReO#
zJ{&e9@6k<as!iyNgl?qwLrI~yjtx?+pWV3(w_|_`5h-rJg1KL^R#u?@#f>jd6ttV=
zsoA;p&_d>6=%fDG#ErGPdKNcJR&b_yO~brdMPY3vln}Qm%5nbsd5p!vvT~DXWv3_1
z-JS-PqzS>(Bh|Nz&m9H&n*(1QK-s7b&<uf9$;nz^LM78QybPQ$<=Fq#mvneVN2p1|
zYMT~dF003PqkTVh{!acB|J1r9G}Coqu#OcF)&!&>0X>Q$7PtsguOE=G^gaHWusA2a
z2DEBSh~erY0#uLLj~e?TrRTyNE))5k157whgNetYvt+7!lw#nm3;Y%kLS5q=jb?O{
zNnN+c!7yFf52cX>U9iRKL2Dnyuz6u_eoxnnmGW19jI3aJ48GORAEx0w!&E;C)V$XH
zS_#|QwxIM$p}yXDa?m2nXk?9cNkHSgLKaLEV@79!?b_T?WE#5tJ?Y!pLsAEh>hN6)
zOGYAD&~iGRta`hS=;H>4`taJLf(D@q!ZtXMnnx0|dOZ0|vP5ulZvb#P^_$A8(BMf)
zI?{L^|54n{mA>&a8X%7DlGE^J-FC!ZBhyjBd*GU&;o7q94s@^66AC_Sl=Iwb{;?Mu
z`!O1>6FCah&z|PeonFnH22_PWCizgl(2-olZYH88Ic;AqMrDIY>Sa~6;+)++(V4aS
zVf5AIOKOJkU#kQzJsfa+rFU*4j|ufZ-nyd=NZKVekX3hN+ZRYkv*&C%FYHaH(_G?Q
z8nhh{<ap*vBslrX4TO`|L=A>k*{-j?)ZAmV9y$Zr?=yj+b&5k3w-~0I=}QxAw&ufH
zj??rPWFv!bvQ6$aXLLGFPvGB~6LODLR#r*uC_>sTa~w-+XJ@;q66`kn;LSr|@C>m5
zSDnmJY5o21JbGc@A%4<x^At|YvHP)CsGyH#tWlY?HM7S10tUqb@y3mg6>bZj-t+ff
z1;#~H!oqVQ!;<T9=QAH#uWS^qt6~R5qamK&f}y^0Gw~8lxLGlfD$6D<c3V<1YV#Pq
zqARs3Q%6&4!p9bln=nVCSJd`o=Dyah0NXpuuV37z<&Zf;p;e~BnTY$sbJ0=u;jy5B
zdveR5wx0^W<+ix1d7}$4*Su1Q#V4`#Yq@iK?bV6WvpJm;u;hK6LaNe@Jus4I@_aCD
zf}IOr+oPuYcFv7djQ9^Q0O+L^c8m+K&wPIt(ireU`YM^uJb-_khL`d2JKbAzH9(O^
zJr)q8lUGJO2|;#~c7)nbsDWprGnxj0S?9>wD}tf|{j=-&8EWo(k2cz2V?s{FHCMii
z<cCW(E<q05tT#lCX~ZlKJ!a<0TAh~$ktKq{!qPkG_H2@X5yLY(p+a@?#LHHpS&0+l
ziV|(RTES{Luazjj<CCY^E`u6t4VZ!$#@&bO9Gm8)bTG{pT$~22w6izE8@j*%qCsac
zF`SRkInT6FDuAae+%(@@bDR)aK*YPQRa_yFZ3{^vM<iOhfm~y<HQduiPd0KFv_z9O
zOO;G~ImNwxv3rhRl%o%|=N92Mc#=Q?yFBBgK;(F~ds$`w8c4kk-K@K`VqbYW@Lj!6
zJT*I`qFo*8HU>QLf_nZ3c3T{^`3zvBZ0`c3M=A?IA%)|I7gK(0B0rwne$NxpZtNEP
zG*}&SCOfQ+lk9P5IKi+6yWI`|DGR+kB>Oqgg%l6o{nEr&Cv@#7dB3K8y=H779?;X+
znV||342`eo5S=7<WAjX%@6Ielt=e@HuO8(kQnlYE_`+Ey?Gk1R{YK1@C!yNUKRF4y
zyHCA3+?mwVH;R0Qm0$3{LvYwy!9{<p5d8LF-VGUJ&8>0i+;(<Hj~oG|fFG_zQb`BT
zXYO8V{KDAAtV@CbC>bArNQjrUE~Rj{wzFt`@4=1%>{GtSM>!7FcDrZIK@`U8Zpfg)
zD-URs<N8xJO@;jrhZB%}WL0Rzq^R8pV_soD^UAJJ%V}F)KF@RrNs_KraWOb_eqc~j
z`4Js#{_-GQu7CW_y?Oj9gU&!#>z+j?`8({Ye7eR-`^MQZ`S(J-66fdMTbb5(L)d9_
z4fp_nQIfQ}Gd==Ze`|DcYmd@`IcnTxKWEvKU^iu<J$p;av)v_H4$9m#KAF(i?=FNP
z1z;!+TV8?69Gcrzk>j_!E6!+#U)fa3{G}@g$~*;HbCF#AXJ;9z+4eQBPQ-NfAHQ(8
z!BrDb-i7Xh={JoR@=lNPXU;$l_d3pHQX6;rP)!>pbv&~3`4CkTp^IX27496>oAvsO
zZlz~G&16ploVw$`D$DmV`ZDPBcxa_@fy~=GzZIalV3^5HiE14+SSDI6jHfIlp07Sq
zE2|a&h$5@2xS`?WeUTdnPD3kF9#(cWAxQ4S^jn8yb1VzC=%lp#y!_maCpBinM<>$7
zUtA$3m=x&b6YQdaEp?c6MM#p#Zh{J+81M{}w&sKs-HdP27jxG5xU5bY?k)cVsjPKB
z?JbYRc|NZt;o%lP$)X>A(6wvlk}dS{=95QxirEfE_@}o6v$<kc*Lecma708te+hu!
zdJAv`hp4bX?<~&ohV<XvPo)y22tl7YIj&3XRbF>=Z(w3{8=MIj_8?3T$C%!puS|c*
zxl}U2he`)?Jpregp9?xS#aEt(?+xAxOdOm`*<PzQ;1|schz5FWf3lo(ezR<jnHs?8
z8@qbV<H~v?2B?5g!Kt0LaBAn+9n;^|2(a625n=%~%!h$Ml5KGhT3Iq}6yGDpj&w<A
z`%1MdLv_qvv*h+3pZyHx(N3`~<E&=2sgbWGlU7~dBjpR0{cg!d-xJJ*el9D#*^t8>
zV7}M!jc6k$T5Pc>Jts%C|5$$5%xj)q+N6x&n(z;>)_T+MLNAR&WxTRY!4pK+US>`%
zQNoGvEq0>-hb>uN(_#eZ87zKlxkzQnI@lGmBYDA@<@;INC;4KW%lTp8I%NLbRY0Y}
zxNlJC4u@2y5rPRBO%gK86lVmDtccuaAv-&YB+9}nOb=V%sa>ou&&)(^wgW*=t257;
zVGm~#G028M%((riP$1&tSmkq&R1Bq_CHOz2#pP1+$3HEf2)~>z-{`7dcg+1ZSqL6o
z=(LdWl!6sWA6=6)ilI}SI8Ep?Z8?5*pR}kPUvJ)b{k}h8twS8Jx$mYhe2$Ny{IL4)
z)b_Q9&^2hT!uyAi!aqtL-qE4Sa78`1=Be4SA%J|+7tzu*v1PQx!nG(DSy{0Nxo_4M
z@T?ZCs8U2afpIlsP;-KVip#Ku1>4Wr)*E(2K;P}$77(6010+zxvS(b?7E2UL=m0tq
zTv5og$rI4lUsx2qiEs45Rj<S<Y)&0@3=dp;VylYyQ@GsIBLuFs<38~R%LTlXI9#3W
zA|4Pqx#<@iY8r+Rae>}gJ3ere`c%DfL(-r;kM@&&|6e6ye&+l|fPN@10igEwOaIB^
zzGspaU-ua#8ozc7?Tptb5!Ex2x#ae0ryJ&dg;dRdxgIZB>PV?JT^t7cDJP%72uzc%
z*B8S1)+qq7pXgU9p+oS$>FWL7M}RZ&Q^b0S>E9I^iQ$SG`EcQ-zkx65#Si3)|D)oj
zIF4_ZqJ`k2|4DcAH&6Z7!;MV;n=Ii|-LL%P>%T-o0m?DT<BR_)o}FU@U+8rhTrBd}
zXD0n<CW`&9Oli+CxF9PIoKyF|Eb`wp-F|=j|14zs`(^$^Mdy!_=)Wig{yL^)RMI~E
z|5=IiO$(NDUccYJ>TxdK?It2S;lC#I4NXP-Ht(V+-xh-JvftpX*X*lR%6R65?n3yG
z;R%DD$nGt{E=rnG*cWXCoB(0UFCGI0F14|<cx*1=@dpFPPWwsB#*PbG-!AtOtSJAw
zha&tJ0@i2Y5tN+86j;?Ge$pqpL5qvQ!wQcR<VTUc?vrE8=ScqZ*k6c0|ANvV@xb~k
z0gIP6mz;#I^(z?)6pW76=9h07n2-d2f99`;Gf3~fWk_>-ih?oEPv+B%${_&!l>yGr
zZ~gn@fCaqay@%*$f=$isbZm!*L^pPly7<}8o9p9$JV$(wk^3>GpY;D_ozD!_rfcVo
zpWgfRHt_fVwGuJ8&))+~VxRn8#f#=<CVk>9^aR9z9{GFS-(UUJOr>7%`=#8TaW5_{
zqR0QobK=4ekfGIvi%VFj`iRI@K_M-RU*ZI@NDr(J#AOhEZT|0VkbL^tPqe}so3!4U
z7tI^j>`K`BIXOm_!aLm;2lxIyslOklTtkt6hYh6`u|8PediF>bAj*-}Q-%L|m%on{
zm6BU5@Nsi<e0KVC?$j*I2gv-S^}7H09LoFVW+!fg<^RJv#p!!{22KU3QUA>XgegG?
z5lUjcc)wQ>ii%-GH2TJB@#)_i|Bp3%!$Uy97}k6J`=vyi?_nZaP5sAnFA*5HO`4eR
zWBR>$3>c06FQf7NX*6d4VKh(f@sp<c1i}Tz|2AvyL+j_k-_Zg+G5_rd=q2DLK!N((
zv_lsc(PRJPSY_eI-}e9G_<x`QH-ifI|FX`vYAOyz=S2U03I9SE#!bn1qMr3<71Gwv
zdt<~w_v!x4vOP1fgn|3Y`1_?O&@i01omy%C<2h{kW|3<PA}4OK7Qkpo(tjBZBHU;c
z0HcYF5H3{b$TaGYdzUU=m!VqBGM=X#o~NAuHj=?~-NR}9&gtdP4SmMpX}>ekJyYrY
zJwBe%e4-#MVLab(JdaeZ)+V#yeQDX4GY=L5R!#!kk(|~3xpAJ0ANWb7(=%H17VjgF
zaCmNuE9IzGhm8IFO`Ul>1>JOak{V|e;S_$<oX4fEmrZ3Kr)|{A>|zTz^$^h!u%>EI
z;rHTL;<pL?eJ>)tgj;>lGelq@6@#x$sRz+jk@+f;vIAyn<)Gk#7fo$zYlR$lG#64d
zw;!UY;0`b44T7m@{2O(3{9GgP5aoPrnUT?aseWP(J?h?NOqE03PiHun8_Dg5`D(s@
zA#y%}o37wT;F2fF8vj7$_~R0CtPw{>MlvMB#Ybuss1<1y+O?Z*)2a-*->I3oD~#%l
z+r_W~O9$>kPtxb8;w_W%y7eZ|>2`;B!rFRKq)#A$q{_q->YMdQn9nD1U}3ZH+p1Jy
z1l-ncc46y-j?JGQ;Qr6cGWPVd@B`|h3Q2v_i3<M=B32{|MwNnZukQ?`92^`P!yejm
zN`@PmDrc5nJ}7FYRn7>xERIrmHrnseQPo8rZ+=VL{o++S+VMh}y*VH(WR*&E?}ZTS
zWZRAY)T`zDz%l`WDl$}sCU-Z}v69BIJmp@a9`<?6V?u*&uL2+PSROp!T;KdWS5vCr
zp7htbHc>Ig>##M10j5MRn^JUWY%*LQ%i%dDHLmbT?IGdx{=tX_v1h7i<n~C>TMkCH
zFFR7lh0CocmF7?Np=PoAh$zHAef9<RkOHO*F;`hS#mn%h#{NVuohagDWZ*yLYk!^p
z9~YwU<*nB7a)g8%mGavNA|N`Z+e1e@W3E|i6WJHvM0tiewr$k*YLWp^Ni(af?vj6u
zh)+SgzTS0F$x}8H<eMV$Gd^yi=6s&5S5sU$mv5z2tJ$Q86>zcK!nJvdNcrsu5sNg<
zO$>ey6Fr9b{?*IUO9|h-n8~uwpAvez(Xa8rZ)y8M{!oejIB{9xB`Z_do3mgO)Q<hy
z{8g@FiWbo_({Ku4_jVC0_=}v6v(7k`rIUEft727bl?|IL_An7hXzt;YRxCt$`iVXr
zr1)=cDE(XE;EtI}3yc1a6N;2_qe1_EXk#HZkwdQf=+%pe&b9pg*1=jv!vt({lb<n7
z9)tk@QK^YSb#+~}evj<I7(?{WQpsV|RDXFY{ftL)4}LptOhn|Br4Ph3_yqSUuyS4^
z62~6-Ph<tXf-JXBv+1vY1kZLo7T!}UjH-~$H(EKmjft!lZ`9D2W(*#F`pd%K%B5Ju
ztBj<GxW#{nqAz}L(8C0*LwJo!Sn_qnAkOb^0`9M`Gy+P-(|a6v=F?@h4ON%N<pnz4
zNLs-Xt&QWHGTr943vnKX^@mP>PN-P4+(_o57mw|_n*QR5@yZ(%VaiApAOc>$#QGgm
z<*k1JzZAg<SOXj4vIJ*etod!J>AKlul^@Y~NdtZQn>Egf2-P6Abh6(YBop^|xb`(A
zFZ)R92`LW_Laz89w@!`@cvbO#vLL{#rUPE}-IvcG&I+r^4sDtGDQo%DnUQH}do}DC
zJa(UT<NRpVFH&p7a37Pw<mog_WqT#fPxkIi@{=ysGaevRy&cGV>hgp;;>)|RYi=M9
z*iQX<dxG9YMJ8$(aB{x-3n5oV*f@Q&!db!`i%3WOQw%l<uL@Qv)l>fduNc(WWUokF
zMFF#YhVNNY|0?+DT^w)lG~?UXVcwMAcoCoFemzs8{CzY3CC7QDijc@>VMNxmg8qbY
zqzj3VoSIDYNgLcwI1_|Tp60US%Utg4qs#rk2F|Pp9#qa0{(RE!oGnEYwSui&;U#DJ
zyS6*;vL{ZQc*y8-e#<DOWbj<`5b>1=C^fcHuPU~|3+Wz;lJuWwPEPsXY-dlH@LZjJ
zhUj(G8Jb<!ZU8=`B8W2p{dM~;KFQl47<?yJ>E!cOWHfBD&Dq(EyGAm5kM@NTfsaN(
z0Aks7%%9``*ObZ=P2xk~K)h5i@fMraJVI;}r4(_da+u=ij&jZQvu!WGRi?1l&gOwL
zJ{G_33ZkcxO#GYUbs2ali{&>o!*(e{1+rIVc!G0n@cUapKosZ#{BSLf$xKFRg~>3J
z4t@KJE&B|6^-7zDq8vFvMyufZ=vG!61zQ>lM9Pv+*eFtr>jR0b56cKFHMs`oUZvpt
z++M0bq4Cf5_Mv8EW=c-7XuMI6teC=@w#c9O){r;OaBNN=i0ckE@(JqIQYOe=CWWt>
zfyT20k=4o~DJYp+?da%;Va?4(5i6$vu>c-w*$%D0uEO)~e@~%ONKsyz8~Ju}nlto9
zF-Mycjb_#<V7O#XM%yW4G3xfd7_CF^>5dv-j|WZ=$lo%lhe}2Hauu_y`r@s64%Uq$
zSx_Ya-?{ecFHAp^(w~|At-{{V<TuFAdn?(%a08Sa24q&k)7YDJ<5BM_&F~pHb2dvf
zD&s~9&HBs0pKZ8DH)kV{R^lSptc_$*;W60;OTJX(wcqS)C7XLoM$ae3*$0T6I6t>P
z<xk!mv-lzEMeqrdECNadk*6;@$(#5I=Kdf&#?|6nA_u$HX^!o{Sf<>*qEvp_2=m(s
zkSTsTX^*$S#us3}Fg<1C9lrsAqPtJcb~V|9KsAYEMV3;&8=gyFfBy3=zdeb379!`)
zl(yOA{L8b@cCsKx(et<4bBkWEc_*Hr=HBM^SC8OpZ$o@F47xn>Slc&^r4bAv13c^z
zO^TQI8H5eUf>uR<oAe*2@Ca3@SX-;^<Fw=i5v#XQr`*ddot+GcV9>~ia0Wvs{58kC
z_MM5IMP;d;eFScHAUb-Y$x<>~;7-?>6OMkG7NeEDl2QRaqIv&ouiuXj5%_5&v;WBi
z|Fv=hB3ax^%csm5oYA|xG;D4iOs26a${|w4@kf(nYY!UZ%aztwm-ujL6m5W$B_Z^5
zu+WeK=KKr>5}dzRS`T;FAI~x)GCccP@mc@QOaHF;Qu<K8V63nk4MepEmK$O!zAbH_
z&;6P<{?bS<enN*;`zF3YNrhOnXQV>BFs_%@Xj|4|r*F(W&}fiRChkjT5C;u@y0qzQ
zhL;>4T#ipSGDX2vM*|0#YwH^O!MkNyGPkd{CvvIH`|%w5XFlSq%?HGofGxm159NfI
zwm9;73ms=!_Z!a@dgeM#n%u)>xC#yXFXF19#NDS_BiYrn6Z^#RJN?zZy?`JEg{1a(
z;S>??tC1?1{3&S(EYH6X-zER$C0a3v@;gNRsih3XKR_(1%342k%Ef%-<*W^hQq;WJ
zb$eGVnLgFPq*fxIRBzqN$4%xqr7jC~e9aWf@~C!2H<r`Ewb4Ek{atQ>-eP%ZSE&RA
z0XUL66iP32b7IbPrWV7cU$2y}G9ESf(y}&FF0U&T3V8f!_(aZe|4c6+R%$r1n#<-e
z>!eo8##8<^h~l{LrPch{ykFf89nOcDYIA+Qn=9jV{+XLt+}*wx>U((O$90Ewy_x&?
zgwqhB%R@q&tLbJN=UIx40!_p`l|lxs>Y0{X7~5VbYUIv(4GADNil73oL1O_gdh`V_
z{TKffrtl!jfl4Vaj%YTXM?W*HQOO`dD;LWE&n~r%90H!Hw?_4^w$SadeB0g%w2ElA
zCB%ELGZs*OweXCY&#|w%H-Ub1b!}(AyLy1`v4K(k`zn?}y4O!T-A`^w%610$I&2bM
zmLkJoS4n1GtyLOUG>-EQ4ZFi`gp8ne%d4gbP!n^3ixoLRR?!9Lg}Gh)!5H3-094)Y
zw1st#@4lZ7>Lhy#KD3b0urd_)DL{8*F1JGTV-xN7fAXZ{^+tcDc(5HiWcVffj)F~F
z%U71jmq21m1uwsg@BQ25fWrl2qAt`xRrOsuMIqgHq)z#v#@kdH{CL$|7C)t8vTn7|
zrmWD9wJy~NwY2Vc`SsU}><=agtDek#ed4C$)_2peEIn+>n~s_IDRx!tBy>hjg*7_Y
zymw*qBQRPOk?Nfs{Zdh|tV^1;x<BOljjXJ!t`nz;TOJAqZ_hH6OFKf~e2Qb?v{)^i
zF^~X8t*(-$7ehSc106gJU;Uyu5ana!f(MO?FN*4A<r&PnT9`}+{&}!F`fMa{AUKko
zl6zHD6i{J7HIej*Qt68mn7mbEv6J8gyf(ea&vN(vpI62u?PJRdoBtvCmuCj9iD8>>
zhqzq~`(%u(A@ldSyzvN2Wpi<x`JH)J@w}LjOvpr>?3!D)=4KJg%lZ8vT!ZtKiRi~|
z`xmWX>a~2;1%Dmo?X}@r#<fn4+`~Xk5U6g`+MUcE$584)bE<uQ)X`;EHBcCJoK4sf
zHvlXyC1A9eeN-|weBZ%7q8T^zBszo)GJVQWZwG-=#`0OYH^SbMY=U*t#e)$x#$DwE
zXLNwsSMGS?=G2NWJOj}`>{WHl6lc#DR~mD75BHmn^MbCHjQtssT@+-bQMGyr`U{_P
zL%w1FRVroWPk-+EJ7{11@#nONuUfl;`iOwJUN)Y-Aj?e?ah{7RD8{T*NX=&7`?%f9
zhneo>Dc-q^68x8CH@EGMrO?;RnwLG)Y3t!LHj@RV3(EP*<qM2aEYT7JJ^RoPToKFq
zaYS>^M}ll}`U>kG_%SHwb+vs;2fC+71jidX?$pK!Zl6jOHxsRA!^Hop8N8Ac6WC5K
z*?=7)iyCYsI+Vm?lcJ@!T^ZoYdkRa1h`ZgDle)DKX=gvQox2;tmBc08o+zXyo2hQ+
z9@&xn^c=A#<TDz^j8*TCRw|rLz!yLMiN3i}!hx#bI6yFn8bP-K8bR;T+oPPnx_SZ{
zd0H57KF#WM1F+g@TF#V`NmkRcgBDsmL|5&7{f${0cxE*>9phONSA)RCffmV}>v9^#
zP0rO8`a4K-Q#wX6M--^vBCAz=*O~m+n2UXYG3p-1`xMn{i25FPqI-LHZ(5{=b?!oi
z&QQ!Na?+93`*kSw`)*qoDCig5&-GjMHJe2w6cUD4o=%$&&Sfa~5`2H*<_ol%Cy%;T
z2JyKY)yiodDm>%3wTI7*E<5{7Ml3p^s}bQLkqy$OU$m=3x|~i=tNToR<Q|e1GtPtb
zQ+Av7lN=zCs^{S%#h5ZRI%$yta(p7>Bv?)k^)ENkYp?1cyOt2E>dIL=SfoD&eaYT2
zYg3eQGKIn9ew7s0mW$zs7;dL7z8A@lm^X%qn6yE+FHB8*ea%N>Nsn%it>547qg`&U
z3_`CiLa8x@-ed57pqRD<7mcK;DaKkode<2Q6TO<7UkGqMyzXG#Np3D5;J*Jr$KxL@
zfY%NSZpJPNvNHL!sg84e!bUPAss*M7ei+b<PWn!wg;2{fwa&AuM;oC+bX~`+jkLf<
zvfnB>Oi#YF37vBcOAqB2bC}iDxE|Qd!Q(i0J*`YV>b&rOFp$mo_P9v!c-31aW@O-y
zwJ9X*{ux9{mTTXvnyeb1<Ir_E*Yhm;>fnoUl6ydcDL1G2j93(lhS7QLagyJzQqz(k
z{wW_GnyZ-KGn<GnIx_5fIkp@9dX2&~Jicx~ig82@_msPTQlbBnRY%Yc+2=D`_|Yb$
zE;H#ruFZWBa$;&v%<)Ys*@H6b2_E5q$F8jDtonoQ6an`=j<P-{JiKwx{HMwa2nhBO
zje#YnG&$~#uf<hz`0A+!`J>i%9(U%CsC76y!q(<0?qBYli}(pJnx}rOg_2*gNWw6+
zL3=NFc8BgC6^3FeS#uXo`aCdl`btP@SJw}=Y@$k*dlf@XtzWlmJ5+j9yrt<UgHGOb
zwW~#fL3CAg_&&#wFKOxQ!U|sir1Q;VRk9v+Ww0qItTjZC;}#2CK!f2&Ue>f*uIdQ+
z)Tdtartx;&#aVyzxq^q^`8>IS8%0G$ntdk}3bqD?;;s$*p~Zz0ys=ct!E6&mCfDbp
z*>=kRaWMHM8HX&+YHosWmyB^|XlbR@x6z<q^%#1hlQIdi89ZJED?B((av9hfxhsmt
z74&YOmV#qdoKm{wN}9Ig?P;QWD-A5m#Ujb0nX2<KgOAvU-8v~0r^*@~iyLk#NNeuq
zeV|W@(cLwQ>a%oqT@?TUHRkk|{udHt>WlRZ{Bw4_4M(RNt++>%O^ixR#8+o74?+q}
z7+n$XC+l-XC~_<M4BWs|YIK1FprG<(qlFjbKYpL^KNU?Z4oY_0n2y--(M0zH4wA1#
znj7}$652LZAHjE5vPaphkD_#huHMy=RV9<!Xb-;M`=k@{9W&X9o&fxC`_3BrEn7b^
zS2^pL??;T78Q2VH<EA?>g9{Q%ujQcB+vrQ9HvJ1928)=~|2pi}8PN~K1q97c8TC(y
zP{47D0$6r--V?Hu`5Igf#LNPlv-Z{R3m&E}Vl}<vGu&QEZQAXm5c+t5!c#n`T&lJ5
zz;Ehp`L}XVWnX;t57`&7+HP(<1F;RP{ahnUtxLtdd*D3-A8+RBX|1worr^wBoWLb<
z>8U)ajj6f|AC3JQog^nvN?SS4&TQ|hH+J&-rM0cjz0d`Lg|d0osR~h7=Y{x>F*z%R
z^F&07?vZ9jAR!LuBaNF~{5ngB<+VEC&FFyNw76EO7(KmWVR=qXqCymwDzg(+N(!&2
z&JvGFa<o5fU5@N`G=gF*@?~m=9<kS@2Jl$La~A6J*y}%OUh**}k6H=g;pd)m-R}Bo
zN)$U%A&J}j0*?x*k^g;B!_wK5yZ;_vRq0osPw98Y5--1iH(j`FCrE+c>~Ls2rAwU9
zXuQ#pXTd)O=j}^}#41QgKui=_gkVSUn<n@cR|7kJD23{rp{1%tP(J&>KBw`doCLwQ
z)T9yXkCP!%QV_AK7t0xfBv~CNRNbXm&q&}Hr;Ye;Z1p!hFC2?Cl)5tG&Lx^wsij$-
z3Ol>3Sr5+6PzMbi_G!c$qd%F9m4(t~QD=&OH&ylunI#_m<do9c?vrE|8XgkiCd<cJ
z<<^(I(A8z^wRGU8<>b3-eIQtBp@ZqJD&8RQgdo~ssXKDG@3Z{O@y@5iL^H=P-UE3l
z<%}kyvewB`#gWy1ZXfhv+$W2$wKYQWYHeg<q1&;CHju;}iTJjM7&BBg8;uf%KhouP
zimC*T7PV}|2g7&E)+ckHw63FJFuXk39hYdl;@#BTE}l-m<!Zs$nbfbiU%yh+{Ol2P
zb<E}YV@7fTp#$aG+jVeDMOA|S<|1Lnl}95fgSIq`uNCdtOzI?oP#UHAnHVH?tPGQk
zO-G63;0IZnD74blxFV2<8AsMiO|#QweL){8O$7R=OOC<tRyy$_9N#RW70{En7)<ZX
zd3JJ~6Z-n~BMYt*utt&#m6J#0xE(vQ@w1_zTc{(?@)WsB(6AfVTt$>CY})#o#bg%^
z1D>*@ku6n?4%WR9ygiXZw@|dyapUbv(g+>jNTGgEf$zBBK)12-U9e&8OrxmMoFiGV
ziBP&*e9F!Uf#dvUXWw+>d`1Jh{cJ&*jK-!5JG<>IC+L)4jokfU;Nax!dWK~Gn<s07
zWpt&|=5?_|+f?+bR(CX$k2g9t7N^0&GplLX-P?%T?g#f!#H0XVY~3*n-k!S$^jrRJ
zBkts#S^VAbiom{iPT||=B^tfQ*ZoPgIN4JVaPu;?tydVu8czT%hV7TJ{xgR6DZbC3
zdr_^`2{a<6hg`nC86lk5&}ww@=bvza6}S5zMH*=3J;bohy2IYdn76rhJ6dIDC8#O9
zz`0L0F`G6wQA)LU=+#<Em#Fq*M?~Vjfh-YO@3dPowH~`6+#K%BHrwfK3=RfB^B-m>
z+SG43&6`i=QVy5RaXL6BH-LLfxOB>T>CU-T8!xsszy-A5M`>YCD$T9TiVp+wt)eCu
zoH{KPv0v?+okpKHBsx^=oais_r)QXscCa0Vv#y<#U$squA0kuK6xSbampfDj(1BPz
zWD*G=g*73Ll8DGMS?4JTo^eHWGEyp62_8{euz6$(_~?;kwAGGd@McB)%<OeJW4~Vj
z(Xnwz^+M6&0W_MTP29UC?VXeBez{8z?0i<QRU+9*d#{G?86U%5W9!OFld%kmxd5--
z96&o}bR_ohUsjLU-^Kv%Qs7Fr9LwIWxR}n?grRrFVyj=1*=g2vyLXmPmL;t8N909j
zMvA?8)-Bk*ymae9qqafCib%OA_ZKFzhwmW~7U{BSgxNH_d8UZu<xRA09#K~Cv1zG4
zvrY`d3qS|I3Xjp?Z(!6Y$5mP3f_=I6oZho_Af?mU8TvuNJ*L$KTo>`lFBFl^w1j5)
z_)FCMI7hBiHCpBEq5`w8G${h@m(sGYH{vgseHg96AB-BWL5xMclvs0zbiz7sNN)nj
z7GmY>LJt$yV3<6DoL)3|q_Y?wT|<OAU8$MlxXSadG;M+(xox<CNm;o!D<XKee^^}g
z!e+NTI(j}3S5CF;r6rm}4b07T#lDV<2MuM>eltVLWxmxUmP@=SKYeZ;eB^$yPQ5j2
z%D&@o-RIw6H;EwAK-mF1vzJb&UB7~?wyVx}RqK2r+jsKy3AXNvelB7?hV2)FO&2=N
ze3-a=M>ObZQHPW+5pZ?tcH4)FDnq?t5E2Lj6>Afit!`CqXVn`PVdqq|JJtk(t++xP
zA706tC{hG-##<1Q_%H2|bQm5MxeFdyn8)O8xL(ypzZQ^OhAjD!KPzrL$<X4kn6aC7
z4)tE)QoUG9L-a|jqPgy%&wazGdn8J!{<FJ^`x}>-RE9zjE8G8W1b&yLd^_5uo)vW+
z5KSJ^FP2Iuv_4w=aJCf#IW`2)e^8DoT|PQcQ|)=HxI(@l+qlK%pX{$EIq_teh+#QC
zPLlH@kzJ5IY;1VNU~^7ngT=k+J4<$*>1r+=g>jbeu9cO944LD$wiEI;xL7cPMZ=-&
zx&w2K)qnB%5sa#=cYtq7zqoNv#o2TS3#^ILEaE6VrZB01$$KTTvjh29)zF_!k(#qO
zF9!qJuUWAli9mv@XUXE#UacHNTTI3aSNlMt6_Vd}hCn~&q|@6e`9K18oapK>xg>N;
zLGL~`*c0-cq`+2hZ0{?G86ONO5X@u+-M!%CFi8ue)twjf60QG+wWm7k=;|!>=^VQL
zE*a%Ca40JY9kO4a43_e&VVWObvTD%l{dBVGFMholk;Pk?TlHPLdaf41?I{icP9bBj
zM$5}GCR1A$lnY#-*Jk`U`Cc<sl6Y>^&w9!b-uRbi_(6*3$wrq_InQC1A%!=pM{eUT
zx8-1Rn23E&J1+k&n5LD$Nr2y?o;>eM{@atnQG$8Lw-gFZUq>pGVhPHhWBR%5*V9ip
zE2q~3YVU<Z5Le@_z_NWo&rjL1mpSbCCXB4jONV~@VdU9KAA+yds}?vN<{oZHm!(r_
z9#YQBD+IHSdx*q?MEYW`;+fgy?*hciG5PK8phj`siqP94D{rmK1qr}<(XmNS2Ezsj
zO3$^yfdMqBy81Vl%Mbhxcs9?NtLC)`Sl;fEeSc#uPbK*vv!vEHYU%32Dv@fXCVa3g
zKLEUcv0|qd%zWx>qFC(j9m+k;LU^h`u+QKndVsk607<J{;#{kZ3}0!iJOD&8swXZJ
z;fnQ!<xj^7j?n%$01|H;{o_hYA!=LSLJ^??kj2*fOi=E?{CQ<3O@m55x*%ug%{FXk
zE4m{Da@lo%EydOgL;s^8Dxsjur>{3hOB*z^e0P?k6Gc&B`NyFZT}=|xVm_!Cs@m?U
zv#xIPA@Gu@Y~OPSonwx1RL9|zP}}10^jcS<I_G<UL6CLL(oFB#HY01<WO_NrW&!%4
z=;^-8!Kd20RJvUU7>cpj5Y<gT#38s)b>$Vu^D$Y6>_Ufru2G*or35QcrZBZ<MJrnG
znyCckVswgK+Iv2{9kyN%b!w(+e3}NaM1H$|61$Xo*@%mZp<b0Xs1Pr!G2?K&$g{y$
z@|E%yB;kJJli==fpozw}+HyP)0p3SJ%%}H&F@yIT+>L@-Lg)h>@tbu8VDffD9BcHP
zo0mJks{Bfij_la5_rGuqfL#JT{=)>h-|YDv%?jQJCc-uu&+{>90Luo(81@i2<f|yw
zDbHCCr=%YmadQmBi)5GFtmN-MYzVYC+hO4d8rGijeO&Bkdgm;lc_ZzSYb<@Qm2=B)
zxa_0C!9&LymYbr{98WmT^;~-M6btgcujLm$?^SuwPD*gO-h${S;IQy|p5iP|AX&Cy
z$`E|27+Od80{9h?-HM>P+n{pRs8B%+v6v$qQdz+z6Xz>`<XyuKox!x)a40XdYp--a
zOy$j{$7H{a_CEVA2%kXRerf<DxLdhlIpOrKAJ6ZRn<`5qe^a*K4g^aFLob|%qTRk;
z>Irw7V}Wv;LTj&al7|`qdG{tU-^R8-#7I5N+_T%>+UPabafNDXVbS7{+DX-aNM-kr
zFo+O!@><^Gn`OP3cLx`)1%}?I9t6rRgJTx(mv}T-NYlPSLp}<|<>3wr$(s8KYIAbp
zjYcoa$d<E4m5HSUv@c1ZdRMkD7O02cVW(uIDNUgXpfsn-zoeO4g!kjsut?wbe1}nf
zBSs`9Dow4#CL>@SsA4&Yj~_<&i&4NJnHkviNUzwQec>>5zVG_<&c*FLlLO%y)VbbH
zNEgPMS)MH&u3FS2L0n<N;FeTRS9Ps^EOqFXU66eGq>9Q?BzvYn&;1k~GD^7cEO3Jb
zr4`4+Lr<Jbngi%%fbnU$Ybvk7Q2Y0dYJ@F26CS&Fx{q*Mv#9Ugz8F;1a7M-8<yhSf
zTCm6!xv7Xr_qfrtLld<y`%-H*&cN56;gAAUcxtU;%z<4T`<?^RshMaXR)_<n`m=(b
zq$|m;|Lry0@Nt@{Nc~gkah+eZIo1OOSFxar>KLvlq-2SDwO&wldhG(!ZN5kP0fD2~
z+xirx5jE<T+4ecd8l8*6a%-j-4ys2Ma7+?!yk}YKwe_=Y)QAO6jz<=NT6rIvUTfN`
zw>~}l+wiu=B95@Nwf{vs3Wobl-|#OM6&{>L<qNQ=B2Ycmvk=op*U4lgSUY7s-W!Jl
zf(7ZfNQvOO!_PHW_UxqEcZ=riO(%kO9foO{I6fTA4V%|_FPwt-)|-=}yRf4Zn0YIW
zrm}AMRp$4a+;iM&1aGg~c38s(zy(}S61cYsozGK0@U~sR0yM}g7&M{^858eBKh<&>
zxafL$uU~AB>Xtz{Mf{t;_$wMLc!xw*c7UHWy7B7e*g-z=fz7rTh{|@7{5m+JqZd;M
z4<K?nZ@^WBh4LlsoO2dDpJkJ|j$mAR>@1t^4E&__vs-1?MST8I@@-s+TT4TL(v>#W
z;f~Zc1j|DjaN=7YFr)09G5rwkEWewJ<IRg!s15gNIwQ&#zQ&8$belefdv{LFOEZnp
z?+20R<a$}FAkGV}ia}<v;R7Am0|d+K`{Tz3&KJ#mP}7qOHw=DSPB&90OV|XFaKxp+
zxd5?-)|gxV^vZ*c)9*n+L=K3O+}G`s$xU<`j&mdH^7nhR&iONbNaKTwXpQ3DCfbW?
zlr1PDA_wxU3BJ;yO!QKb(K7|wdS<vKUf!1*8nomXVf@ej8}eHOm8Z2?-ytrol%-|S
zNsfXX@yB;ItsO8~ArS|m+mb2#ov{es*M^^<vwl|LSy1&(hil!bH`8l5-bcYIkEhNt
zVy$?EURN5C&BW2awDO0(`>udpns}%2zTUF%k#=R9mKMt=1uxMZ6=uU-R-GB0tJ7t>
znk!q@Mh5-PTY3%qEhgZ1zUnqvgJvqi^9<2uhS4>gfm)E#mHWoth2Bi>v8-urE`1>&
z@OQsYDVj{iw3+Luw^+ZWw~}lxT#jE|g;-=aQJ12vk6NEE#s`kD`C_<JRc&`0YgeS(
z>oG19*ma;KVvA}hkXg+YDSq>1vXAn<7s}5}muwfrEHW}oGqWr~?D~8ecgw9gQsu81
zV0ho~2h6d{hztUOolt9A4=LPd&khcjf#g2vwPk(8mML>wIApVU>k=5?scZWHS?g}+
zJUO6|amEfD6}t&z)~b`Pi%&hxCb^eViv3rGz)6?li{aFgYs-<0QfXqYp1op<eYb<s
z1lwDH<e>1Z>GnWvw_#L)E>!5!3tyLWp}<=cq+m51l2v7HRWFLvcv45i6FCb+pyp-S
z+)!&@G&hP)SgE^`^joc`g!h52I~)fTB%O!1OkVxNfdH7G|H82R=8BN|X*DRe+`_b-
zeB7-2OxZl*qAj}NAZ5(*aZo^)Mm(M9-ebyG4{3(83k--QP4)@6rB6J}=v=GzMkiOz
zWpwJ3t#oXAZ&qL0Q)t1p<@cyW-ZlrfjoWO4qtK@I<z<47^`h?z<|=sA8nGW)-&zkn
z9MY+#*z|~J=6bg4Rq=GGijM*d>e^X-ghzV9JJu-zBdyS~J{&))!p3%u4?*0VH7&=<
z^ykWEDp(<-ty`JcSzQLE<y&1Bc=d$&4(qhe1FdGJ(TsE7m)Yfx6)JXi9C~^0EnM#=
z*(}V#^sYNLhSr+04c{gLv>STKC(R-Y;bHse1o&tHW;{GRHZifotLL9QhYfVk3)5v9
zZw%asBFv>hmoyvGM2syiQg#Ds<r`DO^jD7lRR)bf!0}HKzAPGjhlam3hDXrab>v2n
zK!!j=1K@Fzl93;U5dFS?V$frS@3z2mTJD&&0vZ&I*FOw!5#RZK#_+ZT$T9{bqTFOG
zb8Llqq|w@3hDF6pEUR+~nQU~d9Jd1uvexqCykqVM`GZ|i8g}2e$Mf2;whpe~;8Oae
z52~@?Gylbdd5E`|2LNeU)#oJL-xf%**sH%RJH>E;7@kwx_L%S;`xjZwfbv~wD7Gb@
zUk*}aq;AESD6#{pq;++lDZJ-m7DfG_`F`F5MOalAI#;dsK5kZD7gHvAZ=k9L*g7$C
ze78Do0zJ1!#fc0S=L;_R33EG2JC#^_*@L=mU4yG>y+z^JMoOI+5G!hRg!0K-2_Nv(
zKJ08-QQPTEmoL(&M&xyXoZxlxN$n~z5dgH<0CJ8oVG`z<YVkjgseqvFzS<04z0eQE
zBBRGyutN&O_T9HPYV!;Mp=bauJESg#?Y48OQq#Vl`KZU-%GYn&$_*K*;UuGi%|qu|
zatVE)?tU<qK!-&)NEHZd)=IB$YQdJ3K5#_OVZ6e0)Nn%pBV?h^1_#CDQub#PoK*i+
zy|n_)fbd(OyJQB3%5eVB(EbG~!<P51h8Ie$Wp^(}ne)^Ze4~^jrrT+k#B!BnQ>(K@
zN1N_IUm8XW3Vh1es(c2;Q~69cw2X0vsQMl<ewKuAYJs~B9Ff|2tJGx=7C&dN&YcSd
zMDk6=-|dU?y_nRrFNG@QUuHP0uVnWGEpQR__EhH|vJQbxUg+Pw;imo~tDHMeZ1yAX
z7I~YaluBkl|Jsr-{$>SD`c!R%|7yc2I??f4rFg>7)#XV2!#I6bYR=qqzktx!9QYI?
z!5+O<`W<Vykpa9}X$|?W=N>|iaNkHl+Adt}N~s;}q5ww7AP2zpdgJylq#gpmKm0pK
zswd|2MBF6j+9UP++tA#>`Q`{EJFZN864C4Vh<8CRXz+7KifT?=`RufcCHUO<_CUgU
zn(79VsZAjZE*mm718M?Cuy;k&C;)aFNxCvEU#v}*tB@|<`29XU$vj6>#!f^G2^+qF
z0io;@;5ew@ERd;Or|9?*Zf4{(fWCn5{TDev*rbCKHveH|1H=^52&MOrT!m9!VWHfW
z*60C5$Q=`3B`%xuX`?E%bQjgHJFL*x>v2t$+HB>D1)OAaN+xc_HC@C9TTBmT1n-VW
zcrrJfbFED!Ymo}i-Is@NI}U6f@-0(^34KO;C?zfV!`yqJti$idCN4rk<Q<9=Ho)RS
z*0)n<q*ZsJS@{6aMEc;&Ze}z1x(0;066Hq$?u;lvD(eXro-C}Y5dUI!mdP;<R?erN
z%PVs1VXb~Bwd^mkQ4~QjnK3YC5x6cJGFNyz(=@t=Omm|56{^%tP>~=8qlWhfS32d&
zT2G}EiRHUXtog9sm?AKI%eyQA1qUU|*XvrpU3f%@>=_&cXF6b#{zer3h3O!h0(9X<
z>eWVLT5CdVHY2rlMouy9Xg=~}i3&ZVvlr)jwk&V`-sI8b02GkZy`Bq={Kj7mCt}ee
zEJ;foud{vwczg__g`Zfla!%kBq}$kNe>j<u_`e}Dt_ch8Y=h%cp}aDN;_HugJ~kB|
z+Dzqt2l2R?*OPQ)eslB|JUWBUe3hmDDkQ>lb8j&M>+=sJ+@aw&KqC}C5y$zat@~!K
zvKf&FAR<Y@sV|p5iAX<34E~Vnh!y*s7XU_J2{!iMe62od#hSNSH>cGN$ND2XZ+0q9
z6<Jk~NXw5Vx?Fg6ve612owo_VS?kZt;gmUA4)cj`wYD3*2<-V7fbr+N|H-m*{=<L$
zSC$<ig1UrGtF$ARRT2?7_&4V)vbXZ-PKKyWR99MkW%pY-Z8)teGD)~RE9+6Qv!a@z
zQ6!vlmf56ZiG>gu20tS?ATs|4vwuyTk`xgAIG7wWEz@g%yQR*dbyiqqTC1fPLHCn0
z>1rt(K@W#(g+HV}fz#%;09uL5pf2jX_=C^!KEgCqe@IFG0RQYiNJ$B(6=vhFh`G#S
ziYxRmSJp}z4()QfED8=kJ~pf;`AwVDrS}<l!tQc5J3_Y%P%!~kAW*0>yZ?V&xE36g
zJCRzaPgNXjV<bE|01Tj+3G%7WrZ-pZg>xpm%s0}0awgF{t1Q$dy^&6jQAcuZEHse;
z{+uqb-&4=E+o8dW@}#MH)qHT;<Pr)-`zr%v6s5-qW{6p$MqDrSp>}!fiAT~9U2(h3
z_swE{rs5wT`%lU1&I_;rwB<K42)y=XvZ?=%y|;|(s@vK|6-iN2O1dNjNdXA~5d=v|
zY3U9DL0UlgD@aO+AdP@@BN77ADIwk60@C%)g;MT&KWD%DoDb*2^NrtqFaK+<ImaAh
z%rUO(nk6j~H`A!?jF}}o03PfXL`{h%K7~k}fahi11%Qs^qP(vIi}h5?+q5*{jbi$C
zQ6v$Lgm0<egu(LRL<+pU;hUi6GqrJxHK{e2T0B(oC(qa__>dDGi#;f>{!3XT;2t<M
zGQob-bO@@J%*bH!68|(6jm3K{4v<Ln05zJe6}n>jSodhQ1*&PFc5ExgsWBYkbU}@F
zL2a2W2$-qpRXEA(5t;=mh~=i$VM+<B3pgOhy1tC21b8L#rf^yWo<r4<ck~nbE1x8&
zR+rt(Ac4b>IfB&z_{cFS=Zq1H(!s4z5|8;(5dy#@U-K2*^o~!7-_~0iR4IqU!)b9R
z(<NWek5WKX5P5mHSiuAheo8|6Ik|~qav3f#p_RSC`l#+gM#+;rHBedE?kdDgS#<--
zKZ)cqQD}>O1qC8O#<(0N8$`<4+KHv*X3fFjU*yy2W_R!e?&J~aXm40AJtQ#rSe9^%
z&<0raj^OtEYq!xAJ?a2Ea<o^*A(9BiEf@mX9poOdMWQhOAr#5JdvS0nPjX&ygEY<|
zd~J#`U>h}O0Y{1Ru)FU&GJ1dbVbft{!^ADno8&Dg3>@WL8#Z1;*ZGY_4~BNAWCDO|
zbGTh@WHV^i=kRVHpAbb(V25ZY&b+^I;dKx${AgK@;nR8WDg>1EH8nD_5eM<|NzH1-
zHsQVs&u3Jq)r;jN!w@6nv*+Uupu>zrQ*+>oi8aRcI4|+L(5|Hf_m~quDo4Z#$!BD*
z3CQ&ogy7Z5B}ZPT_Y^V;UL62{JeP$94&D0V?AcNtQ4VTs=IAx1$G&rcrR%9E%*rGd
z=cURvt2)U9YVGvh4$8L8Z>q0)$D!NA34saQv62C#GnpmJ#RNilO|?XjVh4yvgpGs$
z*GcnY1Y?oy-kElwpotqUv$!YcQ!Ig)I1I>{&M*(;(Hm_9DWx%g^gZGr6iiH}A2!Cd
z+%RfyLdNj*{hr|Gl&o`*s&`N+GYrdu7ZRuH^w;v-wg|_>m)8ZcglwA7O{=%K#M}Ml
zJOF5t1>^ue1xFybFiJe$YdujhU1fuN?Z;H_Y7v4ms@z8LXJ!!aRUqKne!)p6>Zx;5
z#Yd}q>UhWy^#uZH)04U7<*|SN+(*c1Or?;DsCUhn<2NZogm)$xHlQX#E&ugFBQ-!$
zhrAE~M3+TcuVQ^FkLwpK;>yv&LnBP?4+{HG-82cre1-Y!W<~rIE}4urz#9kSE4;S7
zZ%K>!G0xTs3N@6MAad2aLzo^*Wh}VQ-a{bqMq8HFB_o;gsLqU1qq5!3*y5W?8Nuf$
zDHQjk2r4l6u_%TGfAf!IDB!rQ$eZ7grRsn4H10|jb8vW;q8#tFqL)l?(-{?;QS%^^
zp+$q@a4(ljtr{#}Rv@TLQS>4CoiLwj;gNFR7$tC8g7vAyPSz+b?qs`*u0ohLCbZ?F
z;#tmOe#CY_pp2nxk=Jeet}p(kVtKAB^=1#T<!5lF?}Vrh)ZQn*2RkANW&s;}C?+s%
zi|%S9&Z&JL5DFx=g%wh?OGq&&=_e_tKLTrErHYBGR2i?1nKXg;Ktz=EFDV-p(;h2(
zDOIL`|L-kuLY1o@2R8LLspW(vcLc=_xDNrlQSttAd4KlSd0LsQ-vw%%?{~3I0uKqu
zHCX?qsZo7^BI>IX#KS2Z4EQi8)c^TWD&H44L~me1P+5Z+w8H<Zah`F_=f@gH1K}<t
zPDgPD%6w)J;7>7fu=^MlPd@7INjdDV=O|C2`Ae36aDM05dTvx$057Iebb{Rlcrko*
zqz>AYEc~tWBP9#4I&wFGr}5#pyE!*o0%Wt0$p`~Z=^ygliOKx+oY5&D{l6Y(e6Zdz
zs{FjUVDLehWW7_vJ+l!`mlm2h(aTV{&p!2`C$Rg!p1Xe9*Ld>}eT~12CJ;JoRGuCO
ze|rQGG0*C+Ab&aguv;)CWCH&1C#L;}3-i~qLe7^_`#)IzCkRO6qXAHo{ojrgKat@k
zPxtPdziF5k+-4xQ6{FngC_q6%PlB@44KTcpH_Xwv1!N%}j?X{ktLLBlUm`LvhW{lZ
z|1S~we~HNd0}=VW&%io5SgM_RAq)_pk1ILn9g*mrqeG483F`X~u<?Aj2(W>wcNG5s
zbo=W$_EUPqKN6<@lW{(3$jPxTZ591n4FKa+6qL8Ho(7FGRMxW*<03MZCzQK9KFu0V
zpzMD==X;6?uL05eZ%p|42p=R0RZK=tL*Y4c_W4h1ILb61xSxdiKSitap)CO*C|==0
zS;!yVh?ArAU(aEJ*3pV(-8X<;|8K{6M3<a*7WrEZ;Dx|1C~pa+I~~O-=i#rMgbvDG
zs!y|qf1kU^Tei8VBL2Tg3IDHBS0I$IyZ9vuTrVY3Mz}5~yZRQCFOF9)MjI1iW}c}&
zK{<@j1s*;=^^Ec<+4_2AMj&At#Gqb~R+l96W#gmOq#hn1y1(b$-6IR<bQKKT4ePFX
zf7`e&UrAGT<d;eJRDGJVweG5>oZc^s^2WI?lgkTLmtEmN<x>>xt|jTCAsDH(%4;k%
zrwvRo>C9V6(a#>e-Y}p!&70jCB+qbW+0W;pFO%oN5kpARb;t|Q$i*_PFWa_PIj=j;
zrxygnmdXb+inE6YSsj{+wwmd32f)F}UZ;&sSVMZLFQ0X<)PKS=Oe5^sJXQ&VFiCSw
z9P)tW;v~4~X>jotjL80B?3Yi>*$QDTR!WDk$*K9wJol<~&OtiPVat%FcXw2mJ}(E}
z^Vhp{nuG~V-Z(0!9GxvXjBJkOP5v~s(q>S`5Rgj4GRsJ)_er0pwe^2`<z8jXCgJLa
zDVNv9Oi2nATDwved<Msv;%gh43x^1Olz-C5$X1N*4H?v})Dow-66rAR>F}(MGl46L
zqkPg0E}pL5lW__t|7#@#`JX|L!ZuSN_FUiZQ^2*S2uON1hc9R*fe_&LYPfWY%V_2P
zgiPH-&mWXI-hsfcIX<m#=@r@+c3cXFY4{IURm+@_0p~iw-6JX%RBl%nu+bkjzrVeJ
z@@%3W0dGA7^qxWw;JC0(-w)1(ko91mZu>vh6F3s{Y;#)Ud16yIPv%$b6b5&Xp`Lmg
z63WunIj!ZDh-H`HFU?slD(vtN>A6e?^L+rT0;fGoaNmhW0|+z>7>M*G7}rac`A{Dl
z>hE;>gwXDEK8+^7Pt3%X{IxAd*!l~dW4-L1#W$!_OiWAzT`pnwEqnBmh;<9qzlZ^7
zm|i|hd?eR4lf6L?j76vcaM?xu<)pK`+$~D(q`k;`1WKHr6QnI1%V@xL&j<T<!eu6H
zCJRsJR({xxt|V!Q8t&mQj|LdN^td6fQ$K1^u5I1QE)qna^D@0L^n+gO(ihMuvkj6o
z=?VfgSiPQ~n5^r|Z!E)l3a=YRIjm;KeV9gEpI4S^U@1SOBX!=hH;uN`0=(kJ?+=LS
z7yI&ZL_WwJ?DQ{edNxJgRt>68?Dy-hhrs7iVm!)Wg;F=d4dN&oC+Os=#C@DKoks5z
z{F(rl1coGj953ID`cfYVq+g%Sb%rt>Zhk0PZ`sXuPE|~&faG=;I?Ws*m4~KxEaG=}
z$4u@#IV=^Q7zH}ucH&9RJPkiL`GeH$X7yVlZbdt7ghX1kXG271&~C=bw$45i8vp?r
zocsEweNX&166An^MvC_yHBR4W{?%6=k_JWjlWh76q*nXjs({I#@w63!23bYRQL4Ju
zl<Y-}oSaICyc=nZUCF9RekJQQsJ3B%uNqX=J^0>Y6SZZLx|Y=OrTQj>bCqi?3%1x5
z+8i|J-c(ho7<;ATNX72N@OmU`_G7+oPlTZPZCYLc;;+eLRySX^^Igc==h$vZaVz6t
z0=RdtvV9HH2yaqpewXq^+FHef!kD<`+nfXDJfp?*k)JCDrPutnX4vc}yErMQ<60+%
zcr1ciK5$q|n~Xo=-=hFb8?xxEU*8=qdStP0ckqJtJ|G(jyllUOyPx~m0Z0>*^cOv)
zv>yv}Os~^c`sO^7M#DY+vLH@^a$UXcV{ZJnR@vBAk?3mvDW~6RCr9?|=KJ=j%wPwl
zA$`w$Or(-kZ4`DnkkQB!w=mJ@xtvzI3iWMa209<ArxDBOmrHiFiW~!T<spD@b}WEF
zNCif_66^3$pz#^<t43!ov@STmZi<ekh9IEqX6=uEq}2m@=sZDVCTeE+Y96?7tSv(o
zNKwq%>qk5F^E+)mOHoY!G&A!;JhOylxPTe-agR7DZ%Al*g?@$Y?vgkS*v72m*_i>B
zdBZm`*Lr;sf$!gu`c|7varv6+`~mvOlxPSx)StZU%1ViN5ZcT+Pc~@Rul(t~$%6H4
zevp>P0~<hD`n>)zb&<s(&Cf-&pGtCrIi9xf{dcr+8mZ9KjL+0ow^kSql_MF)58gfL
zQFyyput=XTnWPbsA*V%U8at9@tRN*J`siY;H$n5yaq04g51UuAzLfF&()<3Mw$H|)
zbGT-YoZfPwq+`SO*Q>!NcfGNQDxH7r0xn~I?Xcrv{BOOL<Ak9{^oYhca+3Qvs3$^2
zsf(scmd_8Xq|=gr#)R+48lcH&goR6$+Aihea8wGyzD8S58QGFDV!n!2k8xNxUi~rR
zR<OqXwEf!Wu{js3p*u;9uWL#5HoG5poA{KIe5rJb>>O9)$<x$fRDC{E)^GDYa(w%x
z9%^wqSH&m>rMueGUWAVwnRawP<YmQ~ejV(nJufKXTe!5{@CrlAr<|X7l)3GVO`G2?
zY`IL|j(}y=+J2$_iNhoHSUp@7_pEPktlDf<%S|N3ggANV$KPQ)62$8Hs%Mfqq>nOf
zKeD=0(R2`#D`2==kFPzX{f4FLWA{N5Hu|@h!DZb;^sZ9xbU9(}9*FdQ0}i$O2oISc
zQskX4-6^(*%dUIE=H>H(U(!gqxwS^v(8WCtod|%3{)Uxx#sOToC<H<Gqvwy9zIV@4
z(S=@dmw9AT5`iS=$66kCqEhQf_hHCQC1rjXs956AbCqnY%C&#HlHHAYfhN+b00{iB
z@_O!<&A8`I;*YDx%=`0fr#ZR5@cUE*p(<UbBYUelmq{rb!wyXlyn%dB!;|r~m`TJw
z^Wvq;y^fiKi}rr3l$2K1-F@pz4@v-RAUg0))lyvf*ZF5&Y!ovMmNp&{lz07@E^R;i
zwQSXqzS%>5xLnRwxAbwFsd%B-DG_C*cG!8>w`TeY&zFY=O)^g@ANiD<Yu*}VdxYJl
zBR!|^bv{lAX1n@^4(a>Hcx>|-yx`WCph=*7XSfMBw(N>IA@2-<k?zZ&N~^F=_V#9R
zh`@h*l5h(E#T@e2hGoF!?i}->nW=I92w>?5OUt|)iP^k8;>MF;62`c|DD@$f4le@j
znHD9H$Q4(0c_Nt#@|z})E;6jo{m6!MU*!ilorMih`7TA1nzfHo=bWjgN!yO`zR(xj
z6?<r`Z@*z5*1u?hPC)w%=#;=!dWNa#bW`uVS}vmL%b2&>sn+_a1|if%XD(s70w<5=
z^o))53E+lX0gBSX6sM-E#$1G1pJK!#RQ?0@K0iOpW_)zORs6iu;IrVe!vcCN1l#pt
zA|u;HFEB80!m@tp?ldV|xkQ&`Th}s`Y;KV4s^w9QH4TOJNyd)EP?Fe82*u&vU2fa0
z97L+9pgxi}_%l0Mu}~{cMq7B<e?*2o8q4$<Q~`%CzKjlAr}Y8w%btCV@y3{VxIClq
z3UvMhdh~EBR5Q+vFFYJ(qco(5lo&S7a0|tK9E{Xlb44ACIW6~}2D7Ae+U8&q{kVQ{
z<O4ZV-{S|U$;zXW-I_*g#CBuhvV|JN1nkWCC@Tx79t&xhw$t#W0HU*l{*sc&%F3$g
z4TiPp>$<{t7Y1f5A-NPLx0bkU*owMgXI88{=M+qERM;}^Ibds{@b(-Qyd%B$oKD62
z=hqiBP_7G0#d<IDNq}u`H#+g~l7Eee$^8mpac+^aLoYr%inZ3CargX@)=k=E(amB<
zn18&fENXdEW2ss;pwHnqZ&BPaD2zdLnM@1eG`;+a2%wBT0#B+J{6=K1#EfzBsH@X-
zjzjnm*bDtf09y3Dz|6#cqaH~|11Ym)<71?~1M@v{4NLr$p(iOSiQY3d0k64ZDtcF4
zIV^t2YY=P|sc+AX6fP9L=kn6SE2d~loeJR|6Ld!TML=SGkBKc^*N^YUcd(6Qdh*`A
z_UphT+8lKBDa9MipuQv?dMlp<tKl9WDadID4X|^UepaCc$2WBbf=f_eXSdInOsvkY
zNhYS`szho%RIr(Ald1bow37Sme)XgdC0vRO){g#+{Q!r}Pt>@0=}<<^TQpI9{pPo%
zEZaWZbE7*b9=E3C`quG;;7oqW4u5=DN~};C!H0*ziE`L@LP}%$9e}z3dc;AD;NS22
zaqW?PZfYVMDS#H|Ub5JeIA!XA@v-r&s?@53)bOAyivfqr5zEw(DI=puOTp>IHU*T|
zI_(5`##Q{<cHM7|cU*gX3p9kgnks)D@MQMVk+0(&B9XYrLPsVByT>jgm(j9`o7|-)
zdp5oA=J>CKw{7&|X*PPG^Xr8T`Y#st_eoUPo4Lti4>Dc8wfv5b|Je=itrUjwOhL~e
z%qpb*-TnUHrkP|cGipqtyUhCGDjHatOIXo_fFFR^cyb&A+9;5)fKf7z%N2K_QPYP-
z)lkRtExh}s4s9<10A8LcD;#w41sAzWjcRT1Xjm4_ZxHHEoA>vx@0-tCBz<ctv?h16
zZ9%_lsmT*Wmj3YlzVN|V(W8q<3x#27{hL_xS7V8F_p1-|bjY^7Sb`Wng@{=87%VSY
zjpw^5-H&rb=IIqiK^wj8NrJ?Gz}wfdijiSg?ik%ABz1QM|H}@@zP>fk$BnGk3E7E-
zF>?0~gsDH1a|^#QW{|!0Grn~K<j7gOq4zD3#aVu}zTL5Snfufb4#!->Y3b2?bu3G+
zJT1cSUg(jF{OW}jlb|j18mE-sUFf^h!>lgobFqO6LG5GN3PGOTzWUA_uPlJhes54`
z(%NeUcU#A4BHLgwbGO(+hwbM5=(X11r7z1A(Gi+^qz)6a%$|(B&ks^y+Sx6%PZz`t
zYR0xSN2@|=Bb1q;WFG&<9$4ipKs9OjP>5K*TF!3x>Iz`?Hm9@64_GuXaOYW=jLTTI
z`K`xaS_%Z>Q1utArMZ1z1<yzCi3<*~)C50xZ{-76mTFO)+1?m^os{FA28cb62$!5q
zw!N6bz;U7uwe_yH@b&fVqU{1ly#Z3}h0k5zR_Q4>3}4s1zx~;2kItaF=_Uk2_rU==
zX7xDE76tLDofEl0XahjMv-$j8$hf}AoDH~HKtGm<<ANfJEx<irOo+343i(MLp^A!M
zxw;o~<weE7Sud&5&EZzEk_WT{#@|YDsW?OrcGz0pR{UXNZN0dFbKN9@`Kh;>y<|Dr
z)-oH>PUa}*@Bx|K@TO?lqW{$*)q<Il&+2&m5%<bIM8>eY3$4#}O$-)lydI2>5=Zd=
zC>hb?DC<%C932Lj<np)5ewsS!4{o&b`z)4v<tl>mz`(&ybXXY8%4RYNPGeJEwD0xX
zuRhGLBq27yNS)s=-x~9$V+`BEy!Ku#Q!Zi%#^KvJunLZ*+1W0^_rVT^IQRfCsfuUT
zp(dyp=!$C~E+nTNf3>0lQujOAAWtr#06n|COKd<U@hVl=b31t0H#LqYW^Li##3L_@
zHIzm{hNbI^S`|(n<uoPCCOJ+s&w1l<U;OSZh&x-LGkY1W_{-%>`{pGL-q>2xa^0zP
zqX2=f`!m2j5ksrA{4U`K2f2OtG1a|SZk$6--NEu#UJplFe$HUI=hTQ#VZ3YBL~12e
z{sn7kI%C0H|6|d?T;m%&q4k~{ILI~$_ke1I>9$Y_O8ky$q_w`kQ?C4sv&1_t<)z|H
zt(*4@<G|sso{>}CY+Ifsky5MU5hggKaFK5&7bPowTUXMgU-!L$aTgnhWU4uWsc^uh
zJUm~=_W7L+9`*wAG4l%-NOr{T3(C(C@##n6gshsqK{fu7OpgAZKpbca-3?WWUTZ5H
z=4`61$M)YSoW~>@i^)blO-BAr!}(dr2i%TdB{}$`GS?)Q&5VC06T9BF@04;BHdbkm
zp~RVDstW=@Ebmeq#>^fopO%~fn<BQPRtBrXkCNBLZ^|t(PiB_;FkYo&eMHAG#~yX3
z21BlyB;J_&a)M-pVoqDIqI}*o5zeL6lceb1G%XAm>;H`;C@8R=DQ%v>Bmbqq`p-h2
zZIujWmB>gILx1<A0*Ii-aO0Uq6Fe+*Ln2uI`9H~GLIRqnDz5+kkfxRJnf3iw!C3)F
zs3rEaD02pjbEcdE{`~(ynpX6s15g|Zkdx+C+~~9BH0mz!l}}fp{%)QI@KDDGFYqb~
zvVe#$iXU6wK>{A}SL{uS_EzWLA?GMYU4vBD7*5V)XM}8f{9#L9)LZ7B&F$bY93gj3
zep2t@$fTf9!t%4i(Ahh3+q#gZn$4L)J<L5|_*m7W3Ml{3fD60>z`3~|D2-fRYPx=!
zp@aQFh6M*{lV+%z(Lr?wHHVdLj_I(&T`4K<bUUi;n+{kIs*CKj2n>~?;j^j&uZD-S
zO)RY43dt@%9NoVrdhU>fY>Mv&@&XZ{1oG5qxGbHyo&1TxpZ;o<SE+>O0?0Rz-vwpb
zLf)L$4HBfyk!khv=f{up$r%=`CF6LE<#cA#2*fxcC(r!sGFa|?OX|>>LRgvv4zJ(K
zV1ISs|8%yqDQJ)%a2gU+GZt=U))iLfLo$EI>mMVFQ3TNIX7&j2ME4<;Kad6-s{=!=
zgP|TtN>`Hg*QP(R`QiynhI!7F#>uY3jncvZkiFrSBN3Kl`{nlt736(Lu#<|=QSqB%
z%|I$kPLsnd9|19NXqn_3ief}sz?TZIDT;wxPd}GKb(<#bE5UKD7sx9N3L|Iqk7aNH
zQuPOuQCnX8{?wUh06vJ;70w4wA{Xy_ay9OxE6e0_1PJQ^<Svh~jz>7Ez8Vc#(2>x*
zbWU<QKo-PR_gX<vLd~Q;SzZ5;ED~1tDhJ$iCP$_Kn$qynaNs*RPo*c1(5|#8KV1gT
zt-Tu+5adISQ90I0u2=OsA-E$!6^90QOtgn?zt!-5uZdeH1!&UqqC+q+roT4B$zf6I
z#fVH`G)Xtw8K<rcY8vp;p<u@kTb_2ce)rbH6DxN^D9<VPQrrNqxgZRxw$*3BSU@`Y
zA$^G^=lNwu0rLZweBxDySpQy@;PdGmP(Jek-KC$rK%;J>^!|xO9U~YJsBt!g&xUiL
zDs>;oBR|K7_OI-z$3jK}_q0}O@u7yEaUo;@^w4_IxB(;?;p_9Z27Gq8`8oeCfCVj>
zO!|p(A*0ZF0FGV-GE$<zSuZ7E44NUxQAp6H3j4R4O29I?PTJoDcH)a5fkbFr;=qn9
zxK8Yd^mnTWaI4F$&X4RHG_5fpsFgiFeG5bm77+8?oEJIQ+@o>>6M8}6SQ-2uEGg*n
zfBqE!oD-8!S%!Sht&n*_GllK}Oi1(Li3yPaDygmrSDHZu)>%I;3$+h_Qh{EVGv%q7
zLOn!4Bwg<I{S80+;|N9J06^x#rxOfRiQf4}VhjWRXw0?WAmHPF!U)=_6>Ct1dGpLZ
zJKDv6kWh*f@W^O5+p|v>Puv-R-GxBo(giAk8&^*Soqu;hu{uPTmHf_)?A1GHTCaiK
zjE8#aD<E9yzunEBjz#b78_$Dq1(juFWB>E70L{B#`5wIUa^eXXV5Ua2AU$gFQ`4s8
zN`o~a!`2xd1L1^|ognZD@-9*Epp9!mb!u)<P?C`y-7gM2<L3ePiwtadf&AkhX;9&n
z^XU0t1R&u8_giuI&nr@dp*=|g#bu4tJ$Z_OpLeeDjwDlduloLggnoK`34l;d$@7hW
z1oVOf6VO8nB{VOS3%#YTsI3e2A{>{Cg>45DBl3)U)fCgzsNdd@48+rPQTMufnDx!x
zrZzc4%v#-XUC(MO7O6p>n8%Q|gOycpqBdF_oWS#+it!ip#JwG`UCYmD{-G)sUvpLO
zd!_3{>k9T{iz7)e2<jp1zJp9SnRN71kIIk;;X^(^*zcpjDR2kc(O>1jw4%N`@fg1W
zUAlQ617~MvS#5s$<N%60jZ@H_RHa7YFg10G?2%VhXrXvfj`GIuB477`(h~*E2it<Z
z-DU6l5jyj6B_I8W`|5YA5XDm!x$k{^62b54Mr1ukz-qs$iNMKiVt)Hx)nu5)laJdh
z4PhNW(p70%?;hsh7)DAWRLYlpqz!+tPIB!+?d6j!B%l)VATST$*~I^9A%72(zv4Q5
zyVoFdN%*etqQtWG*GH?h(b$&<Gv$(+Cz6)$O7;-=^Us87y1oU~2o@Iwx5?y;6ri%s
z`fMyyw%nx@Zu*txk^K2~=-~b8kjg%U=?~QV%VmjK&DrbR?OI<crK`2=$Z;~oGFgtM
z@D`8u>Bt(OktM~SNRK`P7=yDoMm<bDG0y|6{l1&6hJD)oK-W7*xLf`5pv8d2@WY57
z>6Zsd%10}Gb{irrN(sy93y3Cf^Q}z?Sv82&R$JlaGiy&IS?z@5-55v&@^-AVt<i~q
zRg6+to7vRZ_}0vJKyK<?Q1E?5u)Gha9+e`!?#V_wNn;XNp<OczaoSZ+r|qO2HS>@j
z(94S#@(sphFQfKv_hj@B0qJQ5gLKg<#H$m__3@}_Os3T{!!BW$&?On*??01tSR!!s
z$6m*x6;lQ3^LeJ-w?{MZqFf7B5@*6JRpUbDP@ig&4`HM{mwd$Hzse{2E#%pW6Cw*a
z3dJxe6w99TqZ70bxFo`V`mh@f7&@<Nhjt3AhEHqIXNCDuv}rDh_k}X5-ZJCt=NMgj
zq%H^4+*vJtc!hJ>&XjoQ8ZgmWs(T>u(ZC3*>Vpa_%6A3*?v@$24a%*&|3wk6O)}{y
zbAjaMsdMlKEm>p|4B#A?=+8Tc`>L`m)_tV1povfI;!Y3rb4LoqnYg8wiWU*=p2e<!
z>O^~<!t~4j_~MT>zSkQxYs$5R`dpBR8G)8u?pJcs(!-CS@YDjyRo=TwYu7&?02lE;
z4<q2z^=JR>`s0X3f6n`BzBi)iH|fL5k1D+t;D7fZ?Q2;dLAR8>SpPz=wcb4OhG>za
ze0M@UUULM!k&zKf>v)E|PE!pd_iG2{BD1fT?CN_BHY}C!u9xq(>{@9=-^4PPt~T-Z
zwhvwwy!Si}!hrvF26PgTQ{#f1TF}3DY7Z+$dy^3BK&x6+o2a?pCNMHG5^mQd$z^n)
z-1|c;1+R=SDh?A?KIF3wSNiSRi=U0`2hOOi%zLv|^KJook>+lsnq`fNRiM*EEi_CL
zWf={2eDb>o+ay#kYagEOtKU0b2;>Y*{{k<0%eaCl$<t>MjedJOVyo6)w$veCyW@)E
z<|WXMo%CGVoOuD%m1mQ#74r>%W7Q8o^LPBNf<^ShcEQ~?ZEm{_Z52#Yjhc_!cJ~@}
zdw!y$_A|u0?mXnSHB_3}u&e@Vu)3*>#V{?m<$v}@W6+*QdI`Ld&*`>0%IUv{%G34-
z;qNm(4$$NIZql96C3M-0dV9TWIe&iwsNpiP!^~f;zK?R<!MwBbGTw(*^O2mk7gB*)
zhl<Pgs1HRo!TQG@o#Cp9%<=;?bn&eZ-rd)z*OG@kUjBRxi8lWZU9!PYFn@A#9w<rq
z7vo__X>;nc?R)BIzvk;^>(Kb5c}IGkvgl_}nQUZF%!8SL9U78SX(^t`m+L48s_ng`
zQat0l+bc;y1b0NhHs7&snWF<fPyuw5-Y*x+lNC*FIAXVy1X|P{x{F*Ttjj7ytS{)l
z7J1jY@>{*tz-xn7q58oIiDS2gt9ctXW2hK<kxtzZl;(`kL2ju3G|C{k3(5FMiwWCM
z<1EF`cN($XSs1yLw(KUgxV0TNT-OkCb8yhxx1*zD^6UO)p!3GkE$gYKw}H_v<lNRm
zMk>JQKa8l`4n0D<W9aHg5bbghviECk=H-pRYW1WRj@S;}CD7?!-7Q*S9gCON8;x`I
z=1KdyAzyN%wC>2<uDv)LV6=~x^d4kxH%{CFbkwn81xa3O%ef?vOy)Ys!Y<y1hqagR
zd6IgJ$Z$nqnIBahsg4jHRuAbPZpHMR%Nj6fUqU%m&G9WJ_lAP6s)AyxRteU^A|!Hw
z1ghBQk3NS6%LnSFUp`&%BV}IJY`cd=szQtTNKp7E%4@RA6o}+MP48oxQH6LadObGM
z!ZE!P*Rw@NhKYGi5JB^+W()-)qfG`1u0uqBE6%|DLS%S77DLX4y|w<(H17Byi?ZF&
zbmX-)y_U-t;oy-mdO}}}v}MAG(R7x@D`FSIFAH(kY>^Q4p}`azHefp2*qN&rDn{uw
z`G$Fpo+lG{@%0%F2GLH)x@dI|kD4W|<HyPXKb8XquDs1qk&Ht294ES~;HeA0AGeIY
zjEuHliHfFkh=4)V5S7B5pz}u4-Gdm7B!za^91-K>(Z_-UmNUtqIyYT_%|qlhpyw_W
z&Vu7*^JayQt7jAgmm~!lfe9M&?|;#c1qQL6Ri(AyOve?>C#NM^i$Clk)IZv$L6Y)Q
zwAzVs>)!Do1fB@NxeJx!lceA~%3Vg&Yn8`uXQ@F&o33-I8Xc(QIsH{tOz6`vh-!uc
z-GzGDj$SWrnN?Lmi8I;XeBt!Lo5;v$#Lv*s%wSb5XfSfS@DUk(2~Toj9Vc`&TdtR$
z!<PTyXdm_-STeYdDFBj~+GOgqBhB&D6=gtU&Vj}ZLp>gIGy-g6s9jW?vavAo;>ldV
zBcg)Q$Xnt&>YyAy$y8B+hU70FY{7Zyc*@|B)5yrUY&wzAR;>G96Qc<&u~x)3z5BD|
z3zo>J{_-!~@s8K|f}0r%SUZQFQRa=ZYsYK1ToJoyX~^U+|2#pv4AY7Hc(`O)<QFSq
zHLv)~zbU0dfaMs_Uzx=Rv~O$O@=;6kQR35IO$SrA{}35ioal+gQG+EO3G`lF)c<2Q
z;Ah=%;Nf9@+(@v3DlG$8RlpYsOIo%gV=F^K;vuT6wBY&=N1JHs$`#7LLXVC?l(E{i
zR*HRWbZSb_n3bV1SDlQx)m_NZ!YCmza8kA9%!+#;z{3Cr<xOce{PEX?jXZ&QJfLqV
zj5xCviWnF~+{W;*t<Q_!{=qV;%QYOd97f!_B{H4&Ba(ol+Y;9}T}foMxUas1oF82e
z*D^a+wxVaBq2G0SJzPKOng{l1rrU_j#<7{1!Gs(Km;L4UrnaLcEF8w0XTPJnnC?`O
z9<oQAvHcfcCs9hq7cC-O4mwCBTz7ZP9a?wq+Sm`*A>Qq!#L;1LKmN^<5lg?l^-R9o
z&U0@Ilak6;nr9oOo!9pcfBKzS6>-e1hPRsUqqg>@KQ23Mw*2yBx@%82T%~vyGC=Bc
zlT*cBx~sk%>9SYFlUqD&MLX<tX2a8>Fq98s2;JTL-rr&2y1Cn4l6rvN3Yk|=?<n(x
zEZC?uM;mn$Omo$}(!J0s^Ubkev#obWzk4Ip9AX`>B1RDm4wJBKzp106IRbrq(JO3l
z5e((h$xh!KX|v_ZlP%yUYK(qPjL5rNY9UGbeB#I6gV(h;%MJ(pKk}FV#Pgxbtg2o&
zIQi9{Gy#TJPV-e3;dc*u9!%BJjuGznGA&8@yN<C%>_;t6a!v($XZM}>34@B*((>Uj
z5se8AmyXdf&9$gAv*t+i#G>kEIs#0|L0;NjNWroN1<z|Q8u~JXq_E){DOkThKS$}|
z562`<-d`ho(M@~9<&B!B+e_fdOM$&4ro)vn@eZct1LNYg1?$cI7BAE57341FJlR#`
z9VMS~M}B_lxpg1}dD*=W`<z4zmPN@^d?$Mk{84ZNyt3yexE$p#pZSj9%w`5&ehQvf
zmSrOd`PiWVAEbN6m0*x%6~7o^4t;za0bEdk;|tC{<NLvn7{ggx8uAd?+HzfC!6j;V
zbL9S)fop=X=AYR!$QX|weMN(17oAKd9~ZFq^x#GG+EtqCCqCxrk8uPrupjcr@BI^b
zLMzU{nI6u)>apTE2P0F%aS{=rKT=WdTfU0!ms+sI*Jj`fCioLWKy1=8KL4e0FTmz|
zdg37*p>OJIq{LzKU^=sPF?u3jJfN@9z&d{G^NQFvrl&>#W?vBx#1^a*cMdse7;C}#
znUH*P5>{%?#Xy;l=f{8ZGH}hfO2-pX26@WZkevO|#|QV%jbGqN2{f?xCmZ5-7^!0|
zI{#*20ZaTw`eVx|hX-D^q36twB@=jZ+wCNJyg`7m>Ku7_M-U-nCCtu$=`|3W88VK2
z3kZvlzp_uz*8k~w_Q42j5UhJZ<M)p}GI0e5o?pp1XeG6e=X47S75}=DO~-!Y8!*T-
zQKF&q{P=}0@(|UGolL}8&tQ0VSn$Yi@W8+x%bmP8ccg7d^|~@5=Xo0f!AwW_#4@0W
zAVkoACTxJ9djsRo7S(!{eJ)K1PC5Uj-f*^DZ>n+rCDb-uDLc)Rz#>?~L0N&=iK_(*
zk#l|})xk=N1DpQ6$N$Yr-huWQ56HFffkB?STA}d1^W&!l9^<jv$wZvZ4$qDMg4+r-
zFq0Dta>XU;a|F4{$oVzExmcmaka}zxdsx6r(drPM-Q;dv@Bj(WYDV+l`HjWNK=1Gh
zywhwA9@$jtD-`QqAHNk~c|^|drc{ta>Ae1bSV`vNYy?B+T<SzCcYgdh2*9cM+&o@@
z--+q(R4?w_N|7;ZKm(IJdGGJ+LziIS0$jJs$oB{4l1WKP9fQ-Z&gqAd2bO=_jT<9K
zt93FPTrXa@aCnFv`LX6$5r5$WN(p+`Zf&&8OK;JK-dKx{`=4BQ%P@t1Fo+px2IGe4
zz81|>k$n_|EY`Q_{5>wDp)|4jx^mFH!?noSrVoxwn?t*$c2kXb%N?n^AHdm*jcu7t
zf68g<PHS(%y~Iz4m+25MqDO}*RH?`(ZEWP!-=J8-&GgRBylU4$Y&ReX6#O-z+XwV&
z`|@?`+Y?#Wz9_G5|6-aPH;QiL2gK?Y=`x4>^u)#xJn=#9d_5n=!T?sihB{K8!vNfA
zjiMI+^sGxgCHD|!9hwsnz`Z-AA}$BpO5rPmo2-j(TPK&xyZMIUkUn3$HnVQkj`F}~
z_3mO*sL_Y-uVOtCoVJ@2BzJu}K1ov_ADRI#dIH%rSK&^-MdS9Y63bwrdy0UTo4b3z
z={M>KfGII^me%^2W6Xy^RKO-4QMbnrium6O2W<&wtyMXDV?$TPJ{;_rB>wucMq<BN
z>MyJG7&Vb5`gxj~{kEs9h(f%mO7<9&(LkDd0@WAX!lB|%ZwPKD)Oo1nJLF3^IDF#W
z`f0emIeZPzGEg-)hZc_0ru3fQojFU@$qBaicq$5>ulZ~<nM!wts5#YLLvV;PmVd~Z
z7mpfm8*MPPCk@BkE7Us!eG{;PFX;W0#!~QlqD90~)Ex+intE#>H8*~;XOu-pl0-(s
z_1L$T>R<zR`-E<Duk>y2kNZ>GI)|he1Od^4mxL1Uex+S;wv>OTsfwz4-NK8-A1%a6
zud$D*>ut2NU{usz<Q|8?QXltA*<~7fu06Ao`v7xcVWz+wh3=pcVODHpxEpU2T`xIk
zfxgD@jV2&t#8R-<dNS>X!GzrR!SspG)0%-5n`l0+%#V+os!%&J^o0YL;XO-QTm=<y
zcx<nfm#6M#+{*L|>ym|sx$oJ`eEYC(epLy)J8HnmL^FJUjY%u~7W<tw_Sv4Y{NVn)
zNHv!(U;TI0=-WRseVc^w3c_lxO6Px>;~62b2ls4u*O+7XK9INEa@tX9U$5z3?d6+H
z7@t@b=k}~@Y3AFh2WXq1OtkQJY*8i4HooM-);33^x~T}IEFSrl#Y&$qb*<%liaVE{
zh@Y_=EKnt<#mvyYNy&B1C%NcyRON`?GZPvvj4JXcpI={GnHWcJ2vwCYK#=p<c2_NP
zvQLrK6A$O%+~OvEtnBEzToMmk$gefO;rEUHPQ2KBe&IO$hJ55m%oiEyw|<MNy``nw
z8@uiOMeA>a$iYO$z^N6^X9lOID%KZ{^M^8oxa=>78bwRBDoG)p6jcPs*dUg-$fIej
zDss%P$Y|Lt4wpT`6xQ5E1g;>#RA7(t41e_KyK3e=R;fWQPOi8CZVM6ZEv?AN2}j8b
z+Z{Ir*KJ5oez4=W`GV?7$jPl>JNOKbV1MiR_Ilx+oI@AK#_#%0`x)!D1wvOfT-Vg?
ztM-;<2a9>cB-gsOy~UXVJ}DFg=`|h(U$h&XR>a%dAE}bo1$>x-fkl&sT&4!j;g;YX
z{qp7(V_Kf@7jK7wV)!M*A%k&hwf1dZLMN*k56VQV$%giyzuubult^c@-Aj<s?QM?K
z^s#>5Gp<}@8CbGeQOl|~=Y!x^!6f>?vh8co+ZzA8h!zevs@7#E1w)bYVp6-NKt)R+
zR#gn(5=8dv`JBR@DEvkk&A8L-1#bKyVTg&KD#WBWx5l)qkO*#pXipxc%Xy1}QEW9i
z{KHz<lV*CfeX_ylO}DV}cMh@1r?GHi&1NQbTR?lVrfGStmq{rjP0dCSX`b$9u<~J5
z+JNQ0+YRPftwSDB+aY_JZM)|3)x|f<3!k?*Y%ZA*5<9T&#Xit`J-bEv>|3l=jS)>f
zt_ZDT*YnSB9F46El{W4B=xFK$k(OxsfAomB?93Y2&xUYLY>oRpyy;an!sFOKZwbK0
ztK~vy?7NIiOeMeGvvVFwP2n#``{8L2EcqauG0P@QGB2SVQ%oZ5wO`i|nNp`fANiXl
z^TS>z{gi;+r6rnm+YFt0yV*YVvb`PEFKX@l*T1dEvr&;L$a4OgZ~Ezmfa;2_<d5$V
zh9dR3bXFIUxO4D&Cu;X+&&|8<ZWL~mROv61^z_@l87v-iX*GWu#h_X+plH3@ZoNC3
zq$y$WYs=EQltjv`r}8qITr`Oej15p~kgR%Qk$Sl>wS;pmx4Q;SVe4r%Ne_G$t)!Nu
z+qc_IP=g<!wqp{3J9}ucYwntIc3klMaI3iQmPt}s_=-y%=?%853^tg}{1DAR*G7L=
zFw)ZJD%;?y%0pb-h<8NYLv2;ImHBne10&sXw_2r~#g;xF3KATCL+-6aW=?Up`Xpep
z97Fcw{;%gBN<WJ9%-U!WMs)2<9gdk$PRR%LJKE+}`lsUUJJ-TfEk4`*D#P6VEW?cb
z-4xK^X38(fBrwnUxhdTK$;==E1f2JLBsj`@3EJK*T(K$1F@dV)*`Dd~xw-cZQrZe0
zp+^rlABdi`H!i@1(|ir^)+GQa-Kmtp1ku%;Vi6zY>*2LCbRD15O}S-Fn%*Gyt=y6X
z_lDh^oS{U|jWAA<8pmc(E|Az5D0MSc%JpJATx-R#Qd~nDZ9<iTx7_VmAAZL)(Epxk
zlm32DLN?W1b`2~Tscja!Mc-qfB|>=lVqb;tjm5V4&xQ}FxeQ}O@ZLSDotRewN=n5o
zpXNK~HX3xMnn+Dcyw%^3#S`!2xb9QWxy5t`MCoidbA$}qrjmMJpd_(Ziy}JAGmm0T
zq~yvo>XL6U>uNI3)LhyP=fW}TkEBdjjWlb_>o^Qwk?+xNY|y{qiKrFOYRK#JfV527
z*i>$iWSVE$<w*&eOMt_d&X6i}zMiO7;jm{Rk&&c~9ZQ25*|vD$bi!S`u}wGhCJxc~
zze&M%x;WV;=1eRCGt_V8N8MCe*=tdPMWMg<N0XDebu}Wdp403Tc3yC4MhCmY#HF~7
z_r|iB*Kx=>ZeL{E95iUn+Ru|fxC}76GYoWdPh-R~^K)t<MxDpC+H+e4R5@1aA0%j3
zH!rS6eqNh+D_x!iS6hL!Xwcu1!R!iHFlxm6r3+(gm)s`&D!yy~zNGkfZT$yStkxxm
z7IBvDiiTpdN#JEPu&bm<5G$=)d9`?&xbN;qDo%$LAs8>qh<l+E7@8SQKN@US;I*9n
z)X39FM?-9qi`{IBCFI4Y9R?bMq#(l`uNfK-%_xX+piZ9l6h}uVW!OQ`EX9+TfAz5i
zFE8wdezMm`d3TRcV01N7^8~~hv6JuBk`$|v2a}4oOxj~fIN#IZsL$zeN1HnmPca*R
zE42+lyE@xOml>71>;kTK*_*w4J2~MpVV_%B>9pi(wbF2%2Rh$Wlky|MY6QvLH!ouD
zx!VpTNnDxZ-5qGO+H|g}+Tm`x2O}#Ae_&qvIhCN@GDgozzoTILB^;mPCbcF)*sd?l
zn~w%fS;3B^_?Ue*?jbjeEb4?<?Hf=zQoFlz--4?_C`nzlOPI}PDGefeNo{bEB}w1C
zcvtxD>$_XC+324OUAY)dI>&4BeSauCP1rTFyM|vDTcyUGclCa*-SDBP!>{Wj5<U(z
zZ}6?c<oB6w2^G5w8NN8{;qs-9glr~3pvBxc4RIjh<X|BR_O#Vq_sP1ke|;chT+jA1
zm21YADOPNy5#%rR>zwOB()_y=!&7~;k-Vdi=9MvUP(Z{TyZ_d@Z@OQEt@ZAH(Yo%t
z@+Yx*My^kb?q-ZI>u!mLZ~f|Q)3B*{X3Wp_!HF1dEXcMqNs2^A7-zpS<HMSv!`y4w
zf|BL>3&VjtbsL4U$>foksLR|}gx;dD^weBIuw<h!3|}*En~V$U-waA@Oi*t0`!VUd
zDi^<S!}xHlF|(1Ao!mIp&Yw^+(!<#-5Sue@KECm7jc;Bpr^Nx>ox&<=+mM<Ce3!!y
zw#wDGIPPVK<PUCr9&=E&{dTx7ZC*x>k2S`tK;k&z;+R3d$8P>Z@!()LddB>|&a*2l
zRf6m(c9mB-H**>@%zh0oBj^_(`!<dw)jqfyXe>fY*JRsC2tq{C10YEDCnwV-y{OGa
z)qexbt^M!xLFHS3H*Z^pPV^_r4@#*&si#>pH7+Ja6EtOvbeE;NN{=6C@(*WSrQtIC
zS)1D|gUatq^wj_A{i4n*&4zt(Iz`-oiV;aR!ku3>62sFS&RfuDh5FjIXi)I;+D&h_
zAHJ8-%vBGS%p{mAa7eG;xk2PI*8S9;c<5>OizwN`7C+nPg7LYRTHUhaVd5ZH&FiwE
zt=heTTeF4IdhI7N*UDD><ondsZ;{ci+X_*RqYC4(Kb<a;kKCXnA~J%9m!$thD~@+4
zC`^78x%aaiPk&9)ZDS+<(oHjwHfA?+C4jt4;zZNG7S8%KZ>5r!hQ9?|-&d6ElRtfE
z@32S9V@g5q{<&a<Pb04XE{{=O@J%Ht+3KJ+2V}HIDhwz1K(~b>N8gWJLCzt4bY>u_
zAm^U|8T8epL!K_1YlBT_+a@?s*2F8xo9>!Cecw$6mnaB%bGRxhP*BA#qj|n2Tzama
z#1S$w!o6ZW%@|NHji9+TXlwqd1(eyYyMDFjN>lsX{!MtRs|9W42hZ{}VbIt{Y`Jd>
zm#`E^m7FnwwEOA}KS6?Zrd_5KJ{qp%u&*!53cXe^)QE|_+lHI!Sema`Sk}Kryp>sg
zz5Jd5?rgtn7AC4<zk=h^cLBs9%;(Nm2=q(tH(fy+uX&Tzk>bauU6Wi}b6q;LHVyBU
z56$SyOL+c*e8N#|Q55exu|@c_WvTJT$?4s3x;Ts}qs_3#$9By5P~Z7!z@Bqm`zmyb
zp{wHtt+9Fz6mTAig7W095^SQpOb&l#`ftxdLwpf=JHNuH#o|edTM-@J*rM$(TFkqA
z*jpaCWcsu!x34F2n()g=Og4cHz7V&Vfh4}|;S1)27aCPSVO^H(%{`d*OcUy(3PH0u
zna~a?KEdnnQz-5FQfz6ZW(vaIlcRJ0s-Pym{M3A2->Ob<w||s4W3Mq&V(-m-@s~8N
zi-Jk%3;l;Aj~<E2`EcO%6kV<&#W(bjlmb$tgsD~4&aY}pp1U+WzWH$GSAvp;wY4En
z@yPwO<Q^zj?=OF1YO?CzkNch<8O;yA{CEcmJlQ7$vOpacjnrO36j!}QFbLyqlPKyN
z=dLqScnOijU-E5qBpu($5UVXK<l2Pm4{uI=^h>t<Zeg8^zU{@yxmKBx0-Lc){=>8&
zw)gNE>ltaxnI2aMt756#t0>WjbPRT7T0Lq>NSVf?9Jq;And`2k^b9rykD{Xal^)E=
z`>AJ?&_;?)fUC>`KqgL_j&*Cfa9N|h3jS?pI9Z;g^qqM7q6~x0`N;r}O}zDq=PQZb
zi@)NyyHXs|4ULD=vLm}Q5{d7v0O8)(h!veCb9rp4UL0xx^)vFJqYra2uCi}erKu5m
z-0M!F<l@zF*PCOY@<dn$1=Aq?Q!0`!|B)XNIparkb-3^oP4AMRg%-`{8H*UC7PS<`
z&*!~%ku7|-uGrICv@rh$nY&-Gamqk!*V;oW#c!OHW9++AMAtxpmmx2rB%s_!e5k$`
zhDp@EW=U)C(YZ66guT?1du4z5ivG7OgsIk25A!hf`9-yak&(G#e57SpuI852k%s+Y
zaHy)kBiWi)oy2L5gO<u=dFY%V-D+N-hJd!7_Nw4BBKe0W?g8&zRmMJ&b)`sUE?CJG
z`3Tx=1Pu}{7_WtC4yFsJy`EvfmHSvmwK;GYlO6$d-@LSE%2%e+c|3EUCSRP~YRjsq
zAv7Q~@h1mYxVw^_K&lk6pNI<QGy|+sL{bv-bLHElm(ld?4@gtBm!AqT%j7pGuJ+U+
zEu>*M+-)%I%WIwNXe|%OEQ=yneW!d4?REzZiR;3njmE+s_T%ZB3DV_)8$KYJO{|dM
zN$#J`^SvG;^R@;Hzb6y+;i}Nu+`Y_<U+=*|8k;Cs;gc5f9ExSvB%TTrT>3aKQJxOp
z^CzU+>)m%)E!!?}6vb!wOD(3v1zbijcsGhG*}^O76;a}i@!rO`0jZfiiT>KG#C6|@
z{M^YUf7G3sRmOf>w4~Nf*6HxEAHzm|qX52Or_3`s=^@noOy}XRcNWF#w%_s5-?P7(
z?5e>Q(veH%Y*KFSheZ+10)Lr(?~?MTwpbGU-RtN?z6#l9zH_$xJ4hAe_bcFzF((*x
zDo4)ZD&#EsCVi=xQcdz+DbrKDIZ#c@mV7olT=-?t5LYdt9AGDg19*@oKTnX_jJR0!
zGj@yh=IEIU>y^|LwSOtW-RUReN&xp2g>9?!cjuYn5oTgtZBx$Gzj_m6HUMFA0Uqfp
zgT2@^T0sU{#n%3&u<aBgr-`Rjbc*KTZLVa(p_q_o4(*9G=K017LZh=$yASGuQ<zj#
zm!yY>I2#Z2dptkNS5frk8PiV}80&Y>A3U4F;>R%R^tgA^m{0N+^2aImqRE??Wk!wb
z(%kMIKdjvto+-cWlYJ`GvFw8jyC{oE1b1W4^8{?u3xREVe+XK>YG#`$dZ}NM7HWd&
zE+m@#wbFi3rT%FxiPoiSp*K}I)G|BBTEf|+MSNXkhn$z=vj!ODGYj&6%{}!%xn3kh
z%T8-@)%1C*bJb*X;jo>;BH)oCiV|ZtF<-}LR;fV2>Z|yHmLr~_#?#WQG9?+7GS8#g
zrtzMgyGzl`N@~}#05-NUY5IlkUXnAnx_Qax!kY!<((ihC!TrS)!p*XnzK;Se#t&Il
z-y7Yo4WGSz+j(^s&#J09#lUDQ(_t%jv7o<)fFd|s{FYxODpTnVk7j01!?u<VX`b)j
zWDP?sLNA;7WR{1MmztN~{3R;W8md~XPI+~%8?|3z(L|MB*BvGmwd&rlzU8>3g(Pm5
z>-!P*fR9|7_YR9%5^9Jq=NsD{1>UWpZ%>K<b#gV`j=&e^>Hh67F`TMS6gYa`rf@bT
z^Vz4c@ceN+rLF_qE{^Zs+zK-<cpU0(@pPjs&fVUa*sAy1w)t#lsj2EWf{|FmdTM&$
zLUXkG0wA1v9H($oMxN{lHOW4@VzKVfW1PxJy;<8^Q@tOpZ9JWB+dnITe0Z?A&TYXc
zo(NP>h0;~}dwbyfZd6kfYh<f>?9@<dhnrQ!&6z}`EQSy7lL1DyvV7OK?%B485ZCm)
z3X-?18A4LV-5J!VO>LLghse$_Hqu<7TF#DHlWd?wKRGyh%p4s(kld?m^^LH#!GG{Q
z0ss8*G~wi58F1>Y08+iVLk_<r?L9g?Y;p0cxqiy4t3;PhqSNm~4ePxZ<T&-(XC6jC
z%57r6$#&EE{lKaF5&>XmDj+U*oZ1YbfYZ;btAzjZlOn%Ub8x>lJ_he_i`uW1tSkY+
zA}@sT3C&p9u50SLZ3)s}tETn3q{yI3ne)faQ?%L9__8)oz<*bsIt>~CL#xg8?pwfR
zA2<HLJ|V~Nf)IU>8K9c<@bY<9fI27mD}d$L?f%(XWa9wG69gm@kDc!_JQA2buYZ|7
z0!k3Hu|vtj@X=la>B(2V-~UV^^ti~sK29ZY1*Qx1n~qO~07UtE^ht2ewvSTv5GCTt
z{2h<O9_~ttC=f<Ewk{`HpyuZ;GKHj3psmoGXKY5N^tm{=H!TQL@15ceesZg`pDP;h
zwfwN*eR){pCq2}OXyIJF^=Ka~_OgSBdzPXF;Nq#{g3kv~>x1oO-R$gpz>%s*<4S(#
zv^)e1=1Dr{mZMh2-g@J&{DN}RVQ`WKw-}RyJVnwI%2R%aCuC@W<1!v^%Fq=GUscVs
z8j{#{{N9@5P)&;X<GtbSv!`QFM5jVAl@)0)FAFhMe1=4)8DExPVm!;c%{IMHwV5;2
z2XdYqN!ZE!lOm(t@bVD5l7jIx>Z*z2t+2_@q$4$YnO6?ZGIyRVVzrGnhs^CsHw0%=
zJ?DmBAdn4Qxc%znXZ%M3ka~wY=ZK9^LtCEXWRs&`6+b&;kLTfk?K}A(*7ok-Iy^}C
zJ=iA#4ptoW+x}$eM`m0Hj%HfdZn|t!a5!H%`~C}XE6AoACKfy;a7;*;H@V*7qkRUG
zV)tmj@HSY&H%E!A6J*AM%JLj@M&YX=2+N3xf@fjpUyEr*N{D`>soemC$JLt1SEB)@
z^QUEma|ScMWBR1Al&~*_3D1?|`wMb`iJgH^BAyfH1eDkBeT5H7%hAMMa{)@U+hgHZ
zClVgoUB8k-OI%o401D`DB>E<gh9v<kYtom`a3XY<Jx3SMbtia#68-d-fI((0p~&|h
znmS^Lf0WkPM9M|;2hm4)>vY>mS(15qAiE1KprW1I=Aw}RvGzh9B3D31@IaF*U_M2T
zPCR!ph+d7xFkk>|Jj%&w5=?0?gpD^u2Zu^W^}lxumJmI@tQHgexuqxbf!Gzk6`*p)
z^ziKF=B<0qHIe<~{IB1GejNoAXfj1lpM?tXZsa)GOq}NymFyDm1#rngyO@Q@>h)+q
zox)LaerohGxX-z05zZm|av*+A8_73I(T!q|;-0uxBy8v=mNmRg@6y`!-V5$kI|B~q
z*30W5G%{r`c`8TG(?y2?s@M%fDnUveO)LB}ZIBlN5WE%QxYTO^j?3}c8(N1;LiF02
z=I0+qJfi9-K)PsXEJRqJ8!(8pb&gBEZuo#MMUL~(4O|UyV$*I55M3${iG?Vr^wz1r
z_+21=O^$OVB?}MkG-(A!5+DpAAZwu96_5JFZSlGbk>~<3@yA)`e%%xj%*_J~iyS4Y
zlV`y}@6{-%fcAtDp7VzR7a_2u{PC_5ouC&w?{8^QdH-+B=#SF{d+0)ima{pZAMvRH
zJ`tjZM#ca_MQP>fcMDZiFkrI>#RO(E-8pX~TF}^JfI%@a{HF$W#P@=MxS<B<I_J7B
zdKCeHY;@Ks2-rddi#`v0u+V@qb-d6gan4J=2lafYtD^uT64YT%py>4hSAv}u7|>Zs
z(Cq(Wx)eZ67ZpId>%DpU?2)Sj>$uQ(_1tc*y8tSi5Zg%N3QP@bP^%D-Y1ABN8kayp
z4S@u(?#?ar|71oFd-tlLLya@Xi;=9mg(S6SXm?q$K$!zsB@|>G8sP4L<L{0gc@m0p
zU97FHCyeO4jW9!FqXh<qhx?xz)REYk&=uJI3|6po_(w^>wgBYHa-N8K%AU=y1jxQX
zTWC=b1o2GqlZ6IP1K%K_Es7vSzu@_m^mPARMApRwBZ^_c2XRRF^|?4ifDYsRi~Ohx
z{W_!DNWcQl>9a?vhpxG(a6Fq-pcHX`!_pVd0PhH;08N(<l%y`~lIBGzNes$4?2C#+
z+CB|dj+v?xt}r56(1xIM&Datz+qeD5`>W0{oZ0AMpKYGDY;8h8v4-{MNZSS!a2x2e
z+c$HqtR_L9HMDFWso$yC^*Vcxf_Z65>OyHZiER4Lj~vU2<<&{0VbRvRmnKp(%O$(t
zq=)&|247pF%JjezOgv47A3uQH(a%#?83ID@+5A8TSIm(sm`PJ3%4v`M&Rktpr;}UW
z>T>zyn0Tfbz?bZIzMZJh@<?>g4yP~OJb2KariY|lw%013T9rfPZ!}%ZQ$K;?FP^UA
zuzyX$db;H;TSU}NHhm{0%S5I2LFB7SYPPW`?m9~`8atcAu6i>+AEXJ4r_%>C*XTS9
zvX|`^yl8pt)VVQ0Bu#eU3WG{TPdE8*=eA#Rl#&7OKxR~-)h_2>4_H_lR9K4=q|Q!4
z+n@%EnqD}c@ud#QqWoPB8_D2Iygz^7TPc(4jPzNNoh%`Ys)}WYQ#zo9n+mu43K#Ue
z)aDj#W0H$x9~WoIInMU)hE^)VCg*0Efh>d8kY-(tPP>kTw|!8zTdN=MN#L#1hxYM2
zw2xB(kM7St2Fl`1tb&wpQLm?H#*q@<p-RV%<aBjo?^z4DH!pQK!I)Ailzy-Kfs##G
zg3lXbP8OAGw`lAogqFU@z2`K+>bqq;+B>Zg%(2LwlqPF7|7jK6Wc={6m7ZLNKW+w4
zu-v#ig1p^z1>A0xv+^!TH>&elfH$$;Nv1>=0a0+$J%FJqc%K;ck)cxYBxtX`{BAXY
znF5ndF#h3;&il~i{l2xEf~rzFJ%7_X#h8*TccW;hTQrgXhrPFqs<QjqM-4=zQIG}|
z1Ox%48xfIi1ZhFKyF)-gX`}?CTVT^&(%s!4-3`+Jb>m|_{@!<-^Nus#^X30ZK5X~6
z_r2y?YtCz4*EK&VAP6jfw3y^ReWc6~`h-ol-U}=DRLnj(W8}~km5ipo{lQ=oWnVG+
zDdKySz#kDOqx9gHn)IRq)*<}4hiT;gy@v(N1nS$exIY+vmXprYy^nH-Rb#03+VW>?
z7pD?&W@tW})tF{XaDNb6@^+*lnYj~<JbGj4-a%Ns_c?`$lD|J5SxUs4prz!Z2`6#9
zsQ%I?dj=e2oK1-z$!!TS-|+tiS(-shbrqxb?l97?!UtqHBFNW+zyUB8;5D3A82}Us
z^01{7$s8WO>)gs#rsO4S1NbLjpY8xIi;!O5=NL0bsYaQKk%8@~_mdJIELPw9&gOMi
zJ<M+IYkobK&5K4Oq4LrNJ{IihAf${A5H@ZXVZ(FT=J(i!%*Ywgp$kmnS8QVtY~LYY
zn%>+x&H{p<m04U`tu)I~B&e^Am6{Y~x)z)g>2x^9Jgk3yE-cTP_F8HNX~BV3vn5!t
zgt$uL>TB6aBe`xIWGB3#sxS+k!4_H?2JW-8=ANZ^Drs0J*kw=v^9b2sKK)S;y8N@t
zpfmYb9dmKX2doBo#T}ppn@2E-m0i;xm{695DaprHS}kLr>?`Nc%M_!$$d}l<_d;m-
zW8Xe@OgT0CD!NTW;)q;+Mr!Ow@+g}OA41N13KdOrNVJs-(FEKNG@}eSk}sAf@h$(|
zU%N;hTACT)X;Np>1OcpaRR7M$NtdQ$dCn>izd8;Z<caoM1nSn*X(!IO%V8>LZ+;m~
zGK`#ehgnmB(H4dk`12i63tro&WVRyY(I!3|hu?S)SFuBvY^vwz)OvzzWLxvmRDz;b
z)@2s$ioO<2&NmSq6Rqc7bISW?H%VL~xb|x|wL-fI<r%nCXl4GmR8&9vN-;TaeIBw`
zia{ZLz(V0^apkl<l6lf9UM@>TnY7fRa>9DaE)Rsl;=MIeTM+<6lZtktepSIN?2S*Z
zvlv}{X@C82u|m!ZQ=5UQ{+!VKv%|qSno(YG)v%3-Af5O!o4^hKr#~;OfFvk;^H77b
zH*kyo18MwIbdq5+^e~R|Twf)B-ROgU+OtOP%ind_Ljx&+M$?2(E8LC+0SbGpwYrK%
z-ML1(;T)iHr!mn_5N)=6KQqaAV?B2%d2X993=ytqx0rLT4gZkxEG(_i@<sR~qu|v%
z>*^)?sxvJQ23<SYBCzI@Vj_~3Y6~hy?NJjX{Pl<^&?Cw|0jag#uhiPw6(k-X2&JZ(
z$6;mb_fn!Q%6;u)rP(V_mLtK)CB!O)oWt$8*47)1gw*`Rmc=JWfabAYFZWE_h(Z*E
zSN<)Brt0gEAWa)>1|XC{Xk4E{=>#-P8`JVc7a78jH;RfJxK62Tt(LuWUrle+8_K?N
zWFiV8(ztj+#4iay;vHQ1xX_i)b0Mp`$g`h<4fsc%eQ)V5mR`{B8Pa8hIufv9H%UBr
z%U7Bv!RRe=sjuZ1H3k@uQf+V*zyMAHeD5QDQ2xLOTpXYqmjF4f$y&ay1F+AYe^10n
zSY~+|YVZ1A`=h*Vx(#guVSvoo^Zlx-*sDSAkDT_-u|)0Hj{vtM?hi>bD0+ndV}A6d
zmghmh@6QvU3@y$+#3vd2mHmT?7gWN}A4FE!yjbOgb;6?)3@i-H4E@v(gK_mT(37>&
zfoqNml-z$_b2spCk3ZD@1BrZp#GC*4D+uh@JpEZ;T?7G+6vnaHpC6`s0*b0PpCN6n
z87Qa!Lji}JCV@!$GsFNGq=5~sAt(6ss^za#>?aBV62l7gZ(!W!Z^;ByDKWr92QI~*
z2QC=((CGRbe-L~-67=o&0mM{s@7HG`6y~~zOkL&Jqu=2u7vvu<7eCG}+<%{4Q$XJT
zJA(whi3WO|_Mq4vUip>Lf4_<ng4<QgDffv6wXXvI2lExv)t@KPr7QT9(35FGun87G
zI)7_DgvSQL`T96E{~04UAQ|kNdmy0HAiVKA)#1Mns29~d$A+w+H2x0-oCh$v_<vkT
zlX}QJN~}>qH~|B=eg@%_+fb#1=LS^_!M`d71XSAq;9mavPnU&U$Yr7HCR9EL{`%~H
zUp@n;3w4%RK$Z(k{|m<0H2HrKMv^V_v?^Hk{wsOlmG718u~_{UO(>AhLRT)>_4|nY
zKLZ^2pyZWzU-um=i^EW13apP2Wq37Em+b#r9D+aZkhzGq2!xzQd_353)@;V^tYav2
zGWMGaFgX6#8r=)QCm`2skqb?tR|)BNrtuOb{-e};^MvDyCY5Xmb({TBL`bVfxUKl)
z$Dp6+U)be;2ck@Bfxm%lreDS<W@*`zZTH)OKNkjCBNt17S33&!!iRW!a~tj@+k>>d
zgVTW-$I7=rpfUlE>py^!L|;b%_s=OI0IidsntSzl^OqD9Y`YboHvopa`ts~l5x)YP
z4%&B^zxEPHba<^)Q2#*+4R)CePAr;!L&~4LT0_q!zPfVKiEImdYhCNygaJ0=J^)1i
z;lN!$q8wo0F%jilVX7LEg-!jWw^L|8)!CzL1k!N+_kV0?Qjsrk?;e&N%I3=V6Rti&
zEU5ek%Y18{?-Y>-fxH(-C?13){)T)_C0IqHI<eaRT6wU3;L+|F@j7*Y?cPaZgj#)<
zhKGv$nGYuAuTwOU&U?9`K(~KH3T9^cAW!~2yC#{;pRXDj<B_x~?9jd>L!t1=nLI<}
zbUTrjhm6e=buI9kt{|Ua-+K-iOd<sU^V4{X>HXUw0R5Tk1p+X)9hkuUa|UGbS?U=Z
zFPKMpdh!~4{R3D6OB(<hDJ(jx6$AhfaK--fN2231{!yeu$7{ePa9z85|NQo!Co33g
z^!u?2h4TsmRQ-@aU9Rsf3a}wiaQ_U{OK@~z;E<QE`+XaC<vaoC>wjuv0At<c$x!H0
z`v&g8-@yy@gofWvlZ&85z6srDCclE~dxdzxk9;Tkcaww%YLZC(*(4DGSjCsWx(p=X
zw)_Bw8T@$1|8<w)Vqg?>c_F<1v%ujs==*Cec&>oc^)}6~{O#iYC3~D$qdxT~q<hIF
zg9IWQM#BBPa{&j1N#hT23*5L((11V<j9-Z4#Sx#Q_E+1d0pVAU4Q3ntk@n<B{`GPA
zi_T5)uSL5+v_QZA?CXo1gLi+PYv4HqqM_~$7#j8CjX_Oua5MdX(0~GWB?cI5@jDRb
zIh6X>lDWZwMR=(6N1A?t{eZDie*iz=h?3`rBH=d<3xGiln*LfYQ*c)|gUKd8!uukP
zQLp_g4t<~z9RD07IAAIMr(t^mw_*Hy|J(`SxC~(D*1tf8*H;_=y(4@;Mj~(<DxrRI
zbKXs(<1_uW&3)edye$65(eS_6$E*F{?&CGU`~5q{aRDYC@KE+=fZ1N?1DFi{+LAcm
zr=3B_<^Mby0EYiN>*V`FYY;+_FiQGsTY|st{<V1<K-o&_jq~&5_^(^M;J798;H3dQ
z2Q|=A{T&c|=Zp96K%^6R17Pl&-_B3C-`Xbp|9%f|o@~PbaOI)&&o_1`Ve+UI<f{Ma
z;D_!A;4b+CNQP29UW1{(w&dgQld>Un{(s)p1%0ZA@Mk|OgzpOtcx@o5D-`^dX@FCb
z_wT(9@@fGvmgiqP%<4I^%xJ>rKI6i?f>RZLUEJa8&o8Q|S2K6Nm}}1H>UV&tGeeud
zox;B0lKu0Iv+=^Ct~kXmw#Frg&uBNdndZ^uleb*}HeVW^yjf^z=xX^y0{VS%7Z)G(
zzi;Uui7SqP-y1uoK4Ux^=G6WN?W$rOEZ=?Pz%*3wFbVo*VmRPozFb`2@V~7m$YL+<
z!&~&RDkw)-E%(du32r!D{Ek=#I2%~72i_?3+AgY?=0f1`@#i^X6%QXzlZ8~JLRx1m
zfJxf`B|Zig;6EBzh<4oI1y#(QUwcF0uWZE972Y9C4hvt#;-%u!m#h0BwP)56E#nXr
zsMU6&0*M^t3k_^r*f3#=R{*It7!j+bb(v9rc9&ie%l?t|ZVBK1usxdM#z6Gx+$kEf
z-&A5a*9LXb*i$jCX`D1wXY90sQ!5B109rNT**)fo5I{367_y4H0{4M5n<j<|noZ5`
zF=;5S-7#j{b9T}i#8FV7r$6bqAMDmfp9}OQQb7F^9uh>Q>a>^Xz_3OypR2K?z!}=J
zo&or0W?!7_N83HQScJ&9I1BQVh02xp^b}iP`;QqHDNbg&-;CkF2lLgTEC6BFS?gD*
zeNSAVJzvXq8iYcV^^bULQ=RqU+3WXX=I3tP`|QM+ieZTQ{$Bvxm}n4A2jKbhmIo+`
zm}N7^@CPA)m|w8BUc94XJ6BNTHBL54C6g+_Q#fj*C||CV^HAZ0zonMYZt_xEp0r^Z
zj6du0_WCh#Qifba&CW<caI!XY?%I@b*4p;O_1;9|^D@o3mXI^OZFGT8UrL=|tGVWc
zCFko-`{lPEDv@T6T8f<z&>NbJ8Wshr6iwV=AAp6J$>|TAP|c8wgktz}M4LG>VSOI@
zT=PEpI<cKdgQ$&GCgB96_we*YD?IMCHwOgGi~`3z5(EPZ=$J5o9HIXyQ^6JL@hR2C
zz{FNm&cuZL>~J?LamBZ&<YCncu&r}z0s=q{PleIueDRc4U*-d`;d|jX31}*_-98O(
z2AjmB%Vrg-a#6j=(5ZZ9bUXC?5tSTG<w@zI&MR<qe6N(b<p!*)c`8DPh#8+TQOm)G
z$Ra{^5|k|D2h~?HTY=hg<pbBT#}fx|`ETJqrv{@Kb%XVWFW4g%5SS%&jiuXnAgNV<
z_gTDa?P`p3NTgB4IE<!hSW7CU!!LJX9c4COTD<9Cn^EIiQ^9g5E~iT94mdW@FDS?v
z8iq)y>>K4l93}^ZYHo{Ryr-^<JzI@L50qi0EV~X<lfERi#>og8wdR_R*aYh(>Hd9_
zme`}u*klZA61C^t!L%FhHgvCwgArwgA{ND60>+BXo)tQi&8t?disyG&H1u0dl+XqI
z!RXcRjljg~86OqEeD6z?P6ZHfHGa|Cm*8k^8+bWLlhvK)jfl!Nf0CPS<O3^gjWkja
zd+t{(_t{XnfBsy)K&V4!tn>*d;sDoWxa)xnF}5{uG9wz9_AD0bePR)xY$FVJYdD-0
z!aD@Zm==cECeH&%!jw!;N2&ydW}frhQH-Wq$(xdBKo*ZY+MU^VipOp*7(57A0{(YX
zN36483{&xIzhD<PqJXON!;~*a29!@snvw^mUfz)~1N(%6H7~vpi1WO}6jnGOR?z#4
zmY&ZA`kJ31^}zPZ%E%m}-E%-mR8VcKN>?luZdZt^nt*FJYb?KeX0+<+=Jjg%EJN4O
zo&~uwuV{53HhTQvOEquXV8`I9*{*n!5SC`mkf&jHj592NY$4wt257JEF`7abT8<vF
ztX3?n)5T6^7K$<$N$w0p-PDh<)I_LOQx4RwLKpCWlHTdXj5{nWH<QlxAdQw*L8_Rc
z>+?`N(<}H|ZXie)dawvABDLGYVj%Tp`|;T0mlHNS<6Xhe6Sxi&Uu$-9S_KhWr{0hJ
zNXy54%Agp{9F?t8VRAK30zmG%qele8t;K0ZiU}TIQpi&?bLS65lcy3uuNS4$Z*mwM
z<QD||$VCb#E0a$V8SVG8_L2IEQ^;EJX3jpRHBu{U_KGrxTtjjS<2gV^Y2_u+n%22R
zv9l{J7EmQ}r^*SKywA0sL(5*aQJ9`@G%T~5J~(6=^sGv~EI&MFvdL$Ba3@nSrI0g}
z*!f7l^2pAEV`mj9K1!Hdcj2Y->N(@(Mh{<{`wHi=R}X?v4HX3-+w_eP=T>~<s<2LK
zRm0W%8C0_fR@o?Jb^X_`J3iT7NLNS_8k#`AP?J<=768BZ+1#3e4lxvwjIFFAe>0r*
zoV<}+`ArHtFv(KTwbkF<AIDpz)Z=vvS=xsf{XiFhW!so<s3w>&s(-10&^m+qMd3(~
z3L0D6LQZ4jC@%5InpJ8+#V3oJ?w)e_*JVPsdh8{;K#%m0s{Qye0axT%lICZOMQa8J
z?8rA-lO5kW@>^eT52`w|-r_q$U3HEmG)oLwuiW6V-7g74?3>hUrJieU^c>yRYz=E2
zZttX$@VtUhcRxV1GX#iwtY-b$_YsC$Pm=AqDcb4zSd({rD13@0{Ou2lt6{R8?jE8e
zn6iwjhldLVfuQ%GvElnV=99)o=ON`YI*6~Yz{K6kC6^2=5>e_hYzbjo>-NOWfS)>I
z?*z4$ukKHdcA)RI0nKG=RweF){lTz4nr`psG#!Zs#&cL;jMlljC#%@;>`qg(E1#-~
zO$#yx>;B?-5G2#;sLWaI<etMf&muVJqu*XJHb*qrKor_(Bhg7rXrzS`62DX(x4SB3
z_<kzDOXz*e#U^_IrM7X;UfoLnL=6szTa>_(vod*Q9}+JcSDaQd_OE7mn5i5O%wKCM
z?no3!tK?V_9$e!zZoz&@TbgFYP-eM70=mFO^;lF!G`t&xcNq0#{AH2C3fv~kChr^$
ziOB6knp#=1&9G!ZYNw^G*na-9lUl@K8$&WOf=tv&j0k7{owDDVt<KOZ`g%1{MNH1g
z({{|)MH3d8zWC^w8=-rAd;3mqNNsP?9Wk7@=9qn^9x1YgWB2PQlp2IH7<NB?sAtj8
z9Pe_&vgu7s{`&0@s?o2BT4_UCk;`=1s{T(|X&*}`O#lh<D64hjElyg^OhPXbf0n+?
zj)UW53>muv!r&|s`Y@F~$qtsay5NPhmAw<Co}9iT*9w1I9$HGroi%H-IY#DTO37-q
zwxRb{6mP}Im&vh2VHI)wLN2vg_TAUkl1vk%4NcW}?k4cuuR3-LRkG9U3g0pe^n9Xw
zLu1tZz8&|=Z^!p~!=oPXpG=-hMXRVCxb<*I3vK%d*gi^@VDIk~Y4fg)k2*QKx<Qp;
z_tI$(3%eQgLSFCKIU|drT)A}V$tB1UpRLj6((TX&4mO!Wm_j|wivC*3anQuVdWrK}
zB`ed$D+e_o(Gg_>1L>X}%x&;qJ1g@kdcnYV?K+kZh+T>_6>1zJ+{~0MN+V|Cn`7pj
zrLg=?4meK=zR<f8Y#`-cq<RG!CPLS{MiHy4uS#tjOdyqv547rq-|kNnMZVsuO?c9L
zJ8W<<Erp6j2b~%vdG150hdy~#*dd-p_95l$2dg0`)qDYl9_u-w5T%@FSLc_6$BQ46
z)S#9b(Z8NQ0Fq^yl2#haRpA&ToW1yW@Y_8Pni(eEiqWUKP)8NV(h5-`KT~az^3BZB
zuY875LQXrR`Z;Zs!Kj|T!Tt&R5!=p}CGEo8h4^R;=7_Xs$~~{;i#M%D?@o-A*Ri6Z
zD`(OA9Tl`BEqWItQnKZ_(vm)#(OC?$KmEG#p`k<K@^kkn!=g+Kc#^(7K?KwzKGVM1
z19vM+XYP{#{i<&p2Cj*QC46^`bV|JLb=<mRr?UQXPj2Nwq+Wv&!`EX&$Mv>_rC3$c
ztkRPjlU^*Uv)n<q!c051Z-VY{SOj7mXFA8|esq2NCQIfs^(LpH6$S$pU1gT*aw&S!
zR<NtFb7`>aa@<GhwfA?~26P1(EA|`M;|UQKbQ7Y0&#Ho_p@VW!^!D(A>T}U-WS1eh
z+_e&^zSAjdk|(KQvXU18gQ+eUjlsu5%x-5>dF+RpiDS&MNG29dnJ$|tR+7fG5zR1K
zV&Cmsv>PZh0l&=1tn<V~yysYHMr$pjLgs)R3wHjpyw0Y|kZ{ED;MCt&yN1UqGNge-
zET&+Y5PQzH-LhzYC;J^DYPXx5f4cLTyk=)VVbKKAsC6mFE^_aYX|yd+1bltS8*2ej
z7zs8bcSH9n37qi!)*Y4nH8K^@c71mjE3`x5JV+FrCqd#s?A>v&7|2`WSAhtp&19(G
z{;B_)Makw#Ve(Ge`fjaA%F0^T309a@uF;A@Ebr|Oy@_fV`~D)y?2$fgUTal*IMsr(
ziRO@C?^BdIxe15+&R?6~7y7L`x72l8$+PFIb(G2MwuTEY!>7}#@p|~?UoN*msL4Lw
z$WNCpsaLVzyFV~KX_!^DkiV=EA3%G<+XBIjsEX_$Ny$@o(dML`IqOxcrBFUqR>?3T
zF?fJyM+X%z_J=Ynm9vhyS`p}vq*5OAdw&DkQ;p@FY6&+;6iZumHh_FhUdK?BE|0bt
zyV+RVfmRt-cHdz-QzFil!$h2WMJl~82$)VhzOn0l`eJb6W_08_Ny{4W%TPqaq(0~r
z9!&)z%D1#*Et-pt)(S3sD=Vx;D>(U8^ThVwoQAa`^-3xHeQ|01{fM-~_Wa?sSB6jR
zA_w(TbzA)oVIip$K`lWIxZA3W+;q{8iuUl(;T^n7rB;~SEpa|^9;6RO6qeko$S2%A
zX$_&qwmV5hpgVfMWu^0O)K3+Gl;;k943+7|^(5Qm;9Xov%wuR&2N0~gM>)vJofCGp
zG>0@ciZzjcEZwssHc^ptx8*>2H1XPgqa<=%qo%jBrE59?<Wpyf2k3<HNww4rOPupA
z_Q#$z$)S#$-Q;HaooD+hsSB`9_O&tn?Ud!+Yu7oM_P(0cB3Kqi@toSbPk3}6>x^j=
zxw;wNJbQBIHh?<nYUEx4SoMm4kiry1n9sb+lGrIzg{K?AY83kLge}WFveLagVt9T#
z!dl~=`wi3)!M?3yPXdcK44h?Zi<YsYN41!{D}H{X2SJq?BGH>VL%LjtKJ$ewn%FVM
z;|q*I9r@~PC+bs#MZ<=t9iOR1w)ovIpI*rn)Si&&yd2iR{kR5|uM1m%8ChfZV~R%K
zBDpfwF_uu(b6vBA(HuuA)|932!iPteEw`VYEy@`$pv2Ppx^18|Y#!5o-I=EjFz+lQ
z&DETU_q#DbI~##G8n*3d)ibkC0DOrg(Qac2b#SHd4&ipPQwF9qaA|PL<x8(=QNE83
zGa8+EcSDj#pon|v?dwF~pdv5bZCEf>(kwn?-nFk|VHGJ6n-kI=qoWu-QT&3Ubn&PM
z0hNvDXyW>FmYr#13ktsmR~wz#k0#2JNTQ<bhrF-j_X^Bo2PHl`lXTlXH2wz1<gp+$
zcI={Z?Y?7j@I0<$Uw`sra-))^h)u5b!55trYn%FG*kSPtnVOj+Rvp&FeRqlNXr+y>
zR1BtByV))2dV!ju04A1$FNzno*v0E=eY2u5+SY2+p+?_g(kbI35YE=@VJVmLiH^<%
ziE|9tz*`lz+8LxU>8XXyaP5FeU$M!TuG|ORVhME(J|plCX|#pxg+vtzOti{*vhy)1
zULv*f$tFNka-Mk_nA`eB+sK%_3&k!x@w=gCskm|3J(ETPMvqXu!~pCfLKY=lQxD$w
z;S<uWVuW+dxnCJAy>c3HzWXhZMxW2?*n<PJGQ*wf9ul*PwfhYk+hXc&n;X`srIR%J
zvDFy78@a7O45s1F$L9&?d#^dDVF=VB;S3{)_m8%dqLeIys_b78-_p>>R!m7n)rBl9
zo&+dJUd2^0F~u$u-A$6Xc4cps;-SFcRjnpZ_`AI_eU(Z|zQwM!C7F?e__yvz_u3OX
z7^o&2HXNHP9<0ndUnhPg+-We<ftvm<T28GNL*|PVE!INmN*y`ltZU#AZHv($Z`&$`
zW&6Vi5g*VA>~K0gfTp@B9L+i5{C1yZ34hkvbg2x|$b%kQ?-%I?STI>r0ZvUy*^G}_
zdGS$ismjJkk1PZ8O>YjpjE44gy)t21^n)bZ=a@yr%2~BHWWJ4SE|kWxtQGd!!|aN|
z?+zqc4~)<%j!c$QbsmK$wc4Xy?UU_b+p&oBwZqT>v<U%AXRnDEbLUUg*eYhe^!R6`
zOD+knE-)WN)U-Ne?Jt}=43nkfd|Eog8#yuHM)0GlLZ{%o42Z!_iU4C2LVKJGxCe00
zmu_EhIYlA;<d(%LHt%?RempNzY5DUT&)DU=&79@kt}XkZ@wL-U6?W5Z0C3^H<;p54
zw)Hx?RXM|}X!wqFrIHUETSM7hJ3K|bSre)bTLnIhJeg9y=ERRJBo;qp?d>H|k{|Hf
zHq;5&OxF)?JFa!_E#J03_%czd(@;Va8oB`g_zH|6=ZYBP<Esn>OD69vHU{eL%obY{
zz}QdkAo!-`Q7QzcZ>MOiX3bbG!p;^3#)J6Atw2=9_-!&~5y{$uLNLEP+pi?=*6D~!
z-_Us?oM&pllwVx2D)Z`{@g2JnWDHXmJaNN5I)l8_*sjduHKxs!(V`Bet<CJRwN@ue
zo_Gc#)HIbvOXsB#v&P$4u@)Q!4ar@xNi=Cx78^v&9<_WQZ}$ccvp6${LVK0xb9zFt
zwwIA~kM^_Ar<k(I$Ad5FGusSq8hr~J*mFApvckZgg4Uz~AFf`!C`%)o7;kt=Sqz1G
zoiMLk1Pm;h@M--Fr>(}bBP+%Qt=-)2oJgQF-3?!@>s7Sd&8ubl3T?}H>N+|&A%1}L
zCe6qW$s(Y-2MU&rU7#O;mcPaaDsN&m&wI^eTV{)+A6cD33F9Sa{RX#Nz=k));X1!(
zyxe%WgRS5)6=|$JZ_m1oCaK!6>%K@j6Dn`-xwdmn%xAz77$Ky!>UAn+q0QWVwvtw+
zw=ufWg8fY>1-nldfw3z-X1Cs`t~OyU|5dkTH!94#drBqNf|z<lDWG#yebFsJ!!?|4
zHPmRZ>739in-L4;WU;bt1yP%}l)H$4P@Ld&BzWDsctp@z)xAQa^!1kW2L6~FgX~)}
z?7PZgmOh&uWC97oc4K@=&h6u~Pj`AUh^UsL<?=b>U3nRF5)rwHolepSuOv)Ru#LJS
z)rBvwD3#vhF{RzLgDs8pl;XWI-)*{X(M<;QnXetcHDeE2*!bc{t_|L=n!dFebHlFT
zK31M1{_wuidwXsPGUz^?$BjFt)b)bDKVYbQNmE<9r#Nuh+^`sz=<x)yf7b(wvdFu5
z5n~3oV3lXLt(_I{U3q1)O&g=u%~P|%eaM?1BJc5J381y{7GsDY1CM(|ryFKZ2nW!H
zr-1n0c}{|$5mtEUn;n0yo`N8>ZT7L9_koi6^J|`q$Ty4}O{<RhG={ET<)wws%!+EL
zIzQt-Q_8ug3bzW@Y;QM7D&?tx%~7*#s>%9(sTg~C6m3QFn=aF-%f}<EZPxk{v@xD<
zjS^}f#`DsbMy63IKil9ZBGgw>n*1P1vflq$YyVwX+ryh^BU3(|A~=Rsv7Ifaf;6SO
zBagJ+MDy3?ZL1?bV{bddrqti9;%0mMY}|>FZw4#z_#SL@sn38d(ldE~L6rtiiT;I<
zkjXnc79X2g)9$6-9#OC+!K#3)b(%Vw+mK1|aLFPP?|QZPk{4WkMOXT`g`w{FYriAz
zTj#T8%5B)_{kLtL*YUdOkx3)g8SJBP<l>{dpq!T6Ja9r^2#*gF1Q~KtMMiurnuGs?
zD0zX6`w<MGz71yY5KFs<!^Y0M%eXU9s_(MN)Qesvtk4dd5BHp!QuwHf5F8B}?n}c-
zBY>}i6>>Ag7II;dzGzS!y%Ih)`?$vYfWQUJJwb$DCR-kxWkmS8NFMz`PQ{)c`Q%`8
zvs!J}K-I*gF}7-?#HjzP!EyZj71m`2H^<{i!pu-(`4qnLZ#Ae|<tOunN}O~f7R4+X
zd7UcuA93MIM;-id4~~*d`3!B21eqq+Pg-lzs+7v%$jypzX-;x-yUj~Z{mSO{m?v)>
zU@5=r$UrA#3xq=7tE1n^+`n>rnm^{bH3kj&eU^MfN56a{+romCWNZ{`skW!33s{b}
zz^!4#$v<L=#S-s@ughj+c>Pmt$F9Rw?as5|4u!aA%rvR*p|8iTtf;_@M`5;Je%Le6
z_6cyMmyXgiQaoV(9qW=W9b1?kuHbK*-|slR)2!{K!dK5pB4nS$clGLVC!=GisGXh+
zOZr=@i9Mp&v~0B(_2V%EK&yjQqKxcW3>BI^DryGTT{wO=cWfop9|B6u8*GDRDDPW=
zb9F0CG<Nmmy+oZ^b>ES7cSSoAU~7pppzL6lL~$C5lUC{CEAn4N@;+CeUw-DC(4Bj_
zR1v>724<qh1y(WgRoob}JGfb(x2Jbl+m-^GxXzYk2k<;4EOr#_1+g^)6}O`$q&%`o
zckbnDQ^_s)U?StG-Q>gLwX!g3U%w*J13o3@asYr&o0gx=mzf<Cx>Z!XOT}NAO(Dvg
zz+Lt=6{@|HYvbY-=vw0;^DM=^?~<pe2;5%H{3rj9dEOwD)m(Wkj%1vlV>qiiaVZDJ
z7Gv8LM8c>u)1{j^0TNuQlU26((ohlSa0dv_rSy*@3ZH2|?Z%Z9K;MkHC6q{k##ZH2
z$R+o642^C}<iR>FM#W9bm(OeI#XblI#RO@#hVsj~w;myPPs=O^$_+U(FDs`!Exgs;
zZ!W^wbRsi$`k)sKJ-#xq5J|?V!Ys^pk!Vl$%-;RaFzXHK&(fp76$ffb@Qyg2gmI2%
zXNT49sZqGIZ?U-Y_F3)%L2}T9<8{`&eL1)Jac#Da$WSWn9pK%dDrDY<4j*-TH-drk
zo3HZK>3c^>%Bo5XM^%yRV}=Rc&E&rJb(JTq2QP}moR4=`$*!+giRU-@#aT<gSVla(
zm(*+h+|y#wI}z#L5|f`8VVdUPWS=nC=_*pu2rxv5u-@Ci9r1z>69H?20=PC8Zbl<A
zIf<D!OmL(0q$;j>aGQj^zc0~0@L;um5ax68K*XervOCMly}c(k2dVGYQ#Z?wh`oe@
zPwTc=WGv589D1j`V?@uToQ@4)DElQEOHzl;aB|0Io@2pzAD(%tC*t9+iB*6V%aprW
z&9hRr#9>+TNRk3C=IM%MWk&k!EZi7__(<^$gLj=FEC+5Zoxwd^B=K@nCiEN<SBcVX
z95+r$pfUBnutI6-bevVKcnX7vdBdV{GJ?tlWF7vqw!BVJ)^QWlgOo(L>sVWi2xhw_
zkk4E<+EpW_2T=`jZqN0+j@x)mOfowm%nr~OlC;D0fYL=qMo4BJ+9RTOS%MLCTw0dO
z31GCm55}77F$m&S>-Vm$QPT5$?06a%H9er^#TRv@&2hN<l(o8A6fHTbmA@T(vbnQT
zhdt=Xas|}ZVcT=ed7gti`z}zw=^Z{^9IXLcsPk-s_)td?BHq!phKiG<<z2q2v0`&E
ztXtI;I;CvxmY|?6=0W8$;Z_8-hH?2`bd<WJ>Qr!JGdaO6FBDZrdR|!N{%vi#wJEPs
zm(ttm2w&^)=F(NiZ$ErVVZW9WN#M|RHZ5^GGv@77?CY50F{^}#JV8%Hj@QXlQMw~C
zxWEMtBX@(#eq_hH;~H^_TO7NWQ$O<lr=u*?;iYk7iAvqY_{I!m2=NdOqbcGM@$|Rp
zQ=!$%gqBPi3{rh9mO3^4p<%cS=iZT2)wtDY3uw4#x+bj8%Z|o=z*G7F=R)CvvQ~0)
z!AW97Tj-PaTYaRcd8^gewL6@77Pk?xWEUdr{m&w0d4{j$^dGnLg{jJ=zFG8GW<Boq
zE2lEA0w>xBFtFK~t<Cr=sD*uSCtKIc2AK~k=+{h`lv6riq9kX0trWfhO8o9!q{ZOW
z%M&gD2{9$*eaaoEcaZ!ElKb9tX_qTW4dZoIE(95|I0f+A0i6I_vt76SbpO0GS~W@W
z%Y>B@n(5SQdgLr)=5oZxb9IJ6%LhA4s_*Tt>nsmdhJ5PXZIkJ*p^KuE^b}0QgGWc%
zOftRPp=;?>9Hl66TuK~<XznQYSTlC(Rce{Ep&a8}7V6`Y+}8F(m9ZX23~PA&DAQbD
zNsPIrfu$_3dv+W^Bl6+hR4fy_C5K#xk%L_&Q=b`k8hWB@K(a+=`XjXKSSWq1JoQ)=
zP7GL99Y;?cVDEe5%<J@f)b8IBm9Zgj8>%@!OO5Ssa**tk8AGZVc#sAxS9Yr^%2x9Z
zh)Q2-NNogL5z?Z(j>MD?55XtAd_Ej^>C^S7Dw<J%N~~W`a!jssd|r$s#<yCjCGcrN
z+FQsj#?Gei7M;~t;?s1#6uAK*LfZ0{u{`O<_y_A}!NH*ZwES$JL=-cjcpcU04yJB_
zi1a5YoB9$^h5inj;QpQY@bwjP5uXWyWUy5=l;tX*K!Wn%(CpC;=gWO&j;t~p@X9H=
z(}Ugy;q4k*F^ib0XV`}psAYajHV3799uDR~D^^EXe5xv7;1e0;BOR~OpcqZI0z)6{
zw|-f^WR7?7n4NNc91INdhn(cA_CE_JMwl-7+lej;_Z$<81p#2U;Bv{f;jSv#$b*L>
z0$p*qGch<Al|E79U(261Zhn?O%^i=oy_F`Dqdvqs5GH|w$W)Ka3>EiRJU^^^+gR|f
z`Api3V@+dID5um4?S8UU01ip73bwLYG9_CVlOKe6<4H|34HZmunDwH_g)?Om!E^Om
z+BsF7ur-SD9Dycq$+9jID&8v@RTajP*g&Ww0UU%7gz*x0mSIIhJJM+Wne8uiqqO$2
z&k0FWqU@dyF|o}weayL4bDHj1hvE?!+0QGd!;V~T|86mxKon$W`cY)s(PT8CjsLW0
z2fnHYt)GAJX2T1crJOF9V(OW(8H1A|)J|?7;fbZVg5P3(fBabK^RdhJgEe}-iY%dH
zpLd1c6ZQ-^TX8@#rx<xxUsH7AKH)_2Wdr-&Rn^5d9+*+zu}~3fl{q>~Po_VVI766(
zkGSW~Ve^fZBN2<oIQf3~vZ<W|=A)_)izdb(1I&fZ^8B+g+nq%I4R)lx0SWdb+xfdJ
z6s$MlzCvb;98PBg2&i0vHy17{)RLdg#>c(tp*W@*ZZfo<f&J5iX*$Cm<ry>F_<dRA
zROe@kmFHaKlVPXv9g3>!`;UyGMleo~BE$KtwxbA75ewXw-gTT9g|@|1eZk5KQsq2@
z;KE$Z)+V2D?pb{N$l1%f+IGe}_Z@*FWv_a0U#0#)hFT-Tiirnk?R@xlIBukFK(MLm
z<7=*9Nx569>uiKXPpEgxUO_s>Sw8+TOTNTtoLJO|RDn>)O=V|6Q!}gGYxbUmg+cDm
zO@y%$>iTD}ucRStDm5oajc9u*2yElVohPphj7wIY*?B<3fQieu^Aht2mrQj^GdrWU
zJIaV}=hcrWXSx_OKR(xuo&Atlu-8V_{8$qE3O?Nh1*!BGRp-0r6BoaDPpj)vpi_%g
znB2KdGw&;9jCURCQhgj72dJgWeLGL38PFF>*^Ks)TtqM^L@cICK0Nr^Jo<tbWly0i
zkw{mYaU<YFEE~-0HNb?}mxfwDc|-p&tya6<oSPL_A}1k;0~5In-Ya1iT;dF}?qrs7
zPILW5vjxl(q0q=`S+adkcx8^f>9py9sG9hitXk<;gMi0ysWYT55cb0D>d_v;)doLY
zc1fbgE`EX#saA;hhYwvG!#6|&F!1G)pdivkFRTDkobn1b-<DHVMP+ny1JoR?;cqDQ
zhP8Hp0*izAcy{6}ZpBnmgkdw@&uyR>ffT`D5l~(-VyH8Cd7k?_d}%Q69%5s|n&&=$
z^w#p!K-3TK%1Sguvo*Z>^C$jPs(xoH-a$h6WI7_)GuDO)%|3GA;ptyd+xmKcd+4L-
z_SjCAMs=VW0`%aB<R(XH<SoDnju<63T^e_0T!Mva0C05bA(x^pA0er$)p4ZxQUe#w
zY2bpK2nVUJfEc`R%na$)i78b$y>%rpBct>7^Wpu)*Vp%lSjHK@sI?cg>!IwwXqT@c
zW0UW^`~Nvh6Kdx_=J8P{`HRqqj1CFbe-p~_UMRikm`wgnH)}$Gn6Np&SS0^76Bd-c
zr-cw9x(4FN{l@zK|BVp+Uy<E@3U>eJ?BXBl9`*0~oZq<UA1++(!hgN7?`{Sf22+30
z?l2%G>~Hom|1}d<;)jUjEyR)g%~<0ulipuTb_X&QLxOl<-);7ON;1{{r71vv^JD-6
ziUd*DpA2JvK%b-gi`WV|TI9a_UyNHw1X%Yk9`0oXQYb}lruz@vy1#bN|K*zhU#|I`
zfd7JP-to>w&t4|vsNJftaB}4_HOcW8iVIDZ0S82@<S=Xx2mDZcA_!!^@U#&~H2sU+
zuif-TZ5$2Lk+qM({N!OctC6h7{#*GAY0D4}$P0#X6vEBlUTFOQGqF(f*Y5ctsQ8DO
z-i!g}b03Lb-GDD(OFC?A#%=tr3Hy`diF1)50Pm9@WZoYcf{i+SUpi0K(~`H=ZY0&T
z7r!Ie16<2J60h;0$GI?<8Q%Y;H~QzC5$k)>H)jcQ@VDPk-hZvfffP%=e&9d)!kSst
zfH3DO=}#Soz{+335wWf}8{41N-MmosN%}M7d5LhHipKjv^EUDHFf7Y=oUG9QoY3J7
z0dStXAcwA}HRo!zN8}q214uph*l5piTrwdh_`Yyxa>00MhD^@ac{;V#+I{p;YE>Fh
zMGK`c&)Uknmw=%9i}`(Td{16T1}||1qOV=fVEBBGCGm3FA|+(zV>$Z6k;1(`TkJeT
zKWtFh3Py4;Io?V4GTS6D-)PV_YMWxIqioV5lfY?_$0|>pD~g7BY>b`y)&a^o)t*(F
z{)&o)tz0<cN@ISZVpxcb$;WTAB>U*H8Q+BQnDvWj&^#Rh(^g*S&4N%U6SC(uKyQx4
z1Qbh2L>)c@Faiqh)2{3VhKY}Wx)i9SSTIn~y5d2~q7#YYXc7#@1{mbDdrnC_yhjOE
zWaYtSK;YA@H64Po4Jk-oaQXgoU}cAFQ=JU`q5?n26$TyO%HZls&s;y@i3b@Am=jxN
zHvEFQ#d;E(Gm661t?bG-;El&bdWA!dDRE#{3A%*d{nDd^UH$h}vHTGpJXJdT35uvm
z*G|tgeEX=<9V$7PMT-0sc6HpPn}{F+_MnVzulzEr0~9+C5P(qRS}+bD0_x+bYmrbV
zv7hZv)rw0G21IyVPi1~q&C|JdOl&s$feL2*-+d<#IQ{!O|A}S^#Zl+H>bd?XbINM9
z4NmK@89&aa`*c-UEn#8A+UE~DD>l8#ch)_P@~%|%ryEj}$5>>nmNXjW&Y%`(1cCX!
zDKT2DJHS-Wxctz_<p?(QJC`qfTl-cx=doP)+1#LRCkqA&9xLeFXv9=lSto0bz15zr
z_9Q~u>2{BY^NfU52~o;^rr5!L7+eOA_TK0=O%cGv_J=B5+9&PL5g@mJtCEp{7fG!z
zuv=A~GlKyYFa+R*-qACU`3Y%8jpd}d&UVdlk7r2_4Lg(+tIDVC|M6E91{`3G?)duc
zJ!X2%p?8woo!p1ls%3actp8!xnSmw&n6&$1mcRDo6pbsiSy~0bpRvD&%YN-Hf8=XD
z31{r#5rUm^TO^HnYwo7S$KuVz!l9T$v!(hpL79akQYsEhmbRzu)~h8-PR)n8Gk)wt
zrIeey%k&awXA3b`Mx`K4S~OT^jt0|cs!^jdUnSF}YXd|4#LkqrVxl9oS#tZ<j;NBP
zl7w=<c4GAa;A$H095<H!&XW25>@EM0(}U4b18GU86Vt--tpWS(6YngK(UNP{S&n^e
z(GZ6Do=Z`jZgkm4ge|@A6YI__Kv7yq{QaoSWRpKk%qTK(3-2>^c5bwr)OkMl!*FC$
z2Gb3OjVC$Rw!s)t&8eyDq=N+Z3`<Ua9A71N9;T7^ryEo6EYRlj;-yq>nzg)Y1Me`T
zSB$lqBmE$t)Y3YaWA_tR#D1FN*)v1_u!FG#7Y5Gsz`hAJ`(cNj_BDDLf6LWk!Caj!
z;_lDWxm@((%*P}4#(7y$R>3dQ<pjlGxz0sR2OqjFA)z<jgwir5VAJ$38h#qGhBw$f
z-%_Wtf!qDI@6syKmh-uJ`p#+P;l6!O*+#5`W`wSlEH7)8qy7WwhT`@_f!?-N3}(AL
z{zdOEU}A=VFJ8a2!QJf?+xIKu#sLl-Yk9#d%4#wu#WNlDbHPFWo#bp|Hp0Z=`^^h5
zyKjoYQ=2uxIfWD4V5SAGucGJZGwkQcgrw|!J#m8fx*ea{Qqnr!7%gmI>K3gvyp6*%
zv+m-U_|$#-+Q3S709C04{gs-|X*N|8oSoTcOI?NTSb8-==hQmL-s!N4k~cbWwDwQ|
zkIE$dK3NFxyF;&gaNPs_`j5tYdE(qOb1k7EB|G!2nH5K^j&4U-IvdZmi>S?Tgt^=_
zz(G+5?zkHgWLrwz3zO~4N`@%&A3H1;gkgfiV$$UPfw|9L4i@vIFc@GAyyv>A;&6yU
zUuW!o!6kRJnC|VY%<lAGwCL!zU(3eu7XscglqOj(@Q=zXS6lE`jr+88H@0{;@b6e!
zeKzb&nU*)4ec$LIs7aFgtar-Zv$bzQwUDoVjh|}ix@YwPGLn1X>HfH|5hJ~@VWq8m
z>adA?J>s6oF5kvzsjBw1uxxb=wSsWOW58o=oe}52dVob$W4&SJiy_R^Dz{F@-PRI<
zZ?vrZO4W$73cZQ!XUF6{1Jdt@s1CpGEe@cWr73YSFtxShCvs#p(>zL#TAOS~@^w0$
z$X6;c>Hp4L>q>7#Ib_Q^(mX%l^VVpk2GNyE2bk*)s$M_H=la&|5zcFamcAtt5W_uW
zShiQuxC)wOqZx*DJcEQf(oDRwC@~ywrdjqrnt!Db8_Oo`CBCa0yO!hK({URb1C=<}
zMWmc$?lw7E$L0(LO{&Pj2ZDQQ@v4nV5vMy@W=;#~N&`kK$@R!c?XF&M&L=r_+kTZw
zj=<Sr$!^B5`!k*0Ec#CU!y!*1IT!{*epJz<k>W6HzEEv^rF1VCj2EYCD+_yt<;qa9
zV}jL}7pE4)MAHgVjO^Ptz~a9m-%=8kGU?Key!CZYK5+u|$iRn7TGjE?aEW;;dQ;Ez
zU?ls?!_=sH=M%M<yWJh7R$Zf@5vNelcVGkDw{svaR~ch!SSL(tB*xixG3sEb_Mnw%
zR0e4!RRHE{k>rK76T;3@3Fw}4@kk?{dq6f`X1gB3c+Y0HWP!V=?`pPaYx1-eWz7n`
zKKoAF=MqB{Mc7y2^g>%{yBL!(Nwc;7u(zWR<x54(%$$PTnMOsR=?~lIU{Wq*b>gx2
z^39XN@2a2QjE8@CFJ|KmjKmn2*;<mXA)y`ta$q6*)2vIUUXOPx*=w^7&F4FU0Jv%%
z*(&cV9){Fud_0Nns<u6XZ|u1OE6xwHjOud*H1OcO2<z+>rt$nwBH=6}G%IH#QP#SZ
zSq#_1vo<`5?E;W-nQ~uZI|70+5SVC?&&+ez*@zcoa}ut1#r0xYIj?t)+$0Dd1Y;oz
zi115|Rb#uuV1R~#+3|VH*^~HQ(b!NuVX~4=C5#n&Al1`Nwkxcw^6GlW0^SH<Ets9;
z@Q<v$kkIKpQ<u-)w2m|$-!_2g?`0WlrfG+4^B%4`(>eUacL!DR^D`@B8TE&|2l~0s
zgtIG^C|9(j9jooqQY(PXGRA=R<tykf*+F_tdVI0yR8Kax#(h$vZke>=WW56;Lg;z1
z_H(h{ImH?GWH>Go&QI!FF4jSCrnjIcS3Y-<?MG`uJL-4l{{D!ldcyuIwf<azDP$r!
zycnOu;|R|?Cu}bXh~_(<NIqeE=js}JZ{Oqe)F7+E8Y3q*{+`zmmOYPz%o7aEve?*E
zft)-0UKN`oe3B)+nAOs(cI>;6+E1Sv8Ep)eHBYRKpFJOLCk-NRHa3f#jR`+5KR9bF
zZ7S5`SZRCmYG9?U0*yl|13$(}c*)ij4cz3o@tOA+mMrCq)Vx}Uv{eJt{JAg+9J<!;
zjd<M^A;;@o$c}tln2+FYTfuy|7$m6nc(h=nPOPz|_jPpMXwS74IrqctxvAm>vZkwO
zzV8OowBMeCIWpRV{oz}(_>y<Y?gVJUEdnu)`yCdW9Scl&^7Luo&h43D?8_jE%lYE$
z$jIu5Dw!hOP*kN>*$2d0=#d2p+2W|H4cp=y$Jt!(&VoFdJ0@kgi}?7C<}+j!o7~*%
zIg5rh)%<YGf+N`Gug<61%cx!zKb8#<zt6JB=1G(b8rt#1uz6Mc8N!m&4tvX<WMF@|
z8>hq<YGW>sh0@?_N4gBZHJhp}qB@pRGoCxSg<oaAPJDa3ss7saisrJD&lB5wMM2(~
z>ES6cHY|Ggx4pKMx}1t4RBWs?WU#Su180tjo$_~Ph>OM@qSmxCb~@Hg<@=IIoNi?>
zcag`8R6I)$v>`|a349-1F$_*AcdztA;#6!^2&c~!!3JImf7W2bLW5rb<8oilqvtqP
z@Oz!znCF><Ivj6R9*^G~v)E8R&7ghTF*txQaw-<oY3y)Pnvi2R=}_jd*`2~Be~*)U
zKPNTa)s7-{0hrzs?|XZNhC8<kWBMDbDl+LI@r$YrVqp!TanH}H5BA>VX+y?(nje{x
zoOW2%1l-?@Qf7#$6&S)AJy3E6r_++>+$u5e@LV{3kt(typiXcQx>q;reUmWxQX6M5
z1becnwjrnz&s)f7i{j5k!=jUS)}buRB#hjuLv`ISFgDpQ;_37qC6$4LTO{lL5yE;0
zm)6K)nF%|6afvdM(dv(0DGxjfl~mJ?XQ<}!9)ERYyq+^k(~VcOU)737wCn>`M`(ui
zEW9xRznutM<-tf8Lo}@N>pgwCw4MAagKr)bG%TqfP20AVzozr`j+aJL68dx2%=cTY
zevKZK&&!!cn>1X&ide@cw*ahsfAQ3u;Uw&93s00*-%Y|z8j8><`+M3T|5%QU*$<h6
zA*9zldtjG^c-r6h8%PEf5+L}J*G?*6h0IK#7fyMhF`iU3D3LShT2};#aW)<^bDe#O
zX|dL=PtJTl*EH?&F4MK8yD=(4>Ip(?%5f&yC;PRMNNOVN#|<2e49oY@23u5^Q64n}
zJBQ*iO=N0)`C<>Wf#k^#@ey}GRvj=S#zL=&tM&AbBBb6Nb6o(wF#;iAhrIs2Ljb}W
z5?)gq_i$|8H!d_YbuqvfY>(Fv$vGFiR18K*j@{It7KheYV`HY5RRsopR=i8yr^vcJ
zESu6@WG8xBsSk`wQ*9mX1H-sQ8}RdL<WwBf+rBAqiD=$HEhY93cS?@ac45Nc+*$R`
zXtjO;NE<agQ7w#w)?dS|NWC|0c8^cY%US|Gi8ZwA6}1up2R{sPO(E{V>I^>i%~e+h
zuCJLSJta59NJ#na1oVO+$ILo2D2K^}PN5%=y+fP%)M1?ICyRmD6zA->Ve9~AeWzRU
zDy?>P`-*XzC&@kC8WE*UY3%73qxxiW@;K1=tsioHrFaC*qG>3B>5xmkYnohLq;Ung
zxW6OKG7RT7g8SP?RiBM34p??mLy}|CDLc&&WUgK2Ao!33eD>RWC2>Awc%Z>upMe~f
zU2E=bP!G&r5*#BaeVptQu2-g`fmB2acik~tj+cV4RM<14ryE%+sd%a@U+@+#ORV@T
z3I=V~IFkn#UGB$b4F_9?(udVNtxEywwW7VvCNcS{sS(0UiUFcb6HOj$2Q^e)D3c+5
z6j(_W<1P79=o`5=3*WwDrtfzfh|GAAq~`CJ&+DyMVqxSehvh$q{^reNkMYmpZ^tR0
z63t=djpHcEUAfEtenkkZg{jLOOpiSWfrTR3tP<LANje61>bnlkGrd>@9jj&^u&!H-
zZmknUh?A$O^78l2@$j2?MG`a)`XZsSaXUr%hxNX8UWq#3Q>1&Vj6E|h)Kk)-i{x3X
zD#^jsiw-QHEP(!)44t6dmJJO<OtzNa)h)b%!L0wwI6k{_0td6_@JPr#4l~tip7u{f
z<;Ji2ym)4oMZfeUwQ9uSq8hX(i^junOsnsXor$p<k?Xl8`3;#a7%3AO_Yj9#SIscr
zV|$p4hg+(9pltn^`5~1j)3HHMSnhm;s9wfYY`aB42`ss*f_*~uXtbHTDJg7nN}ZBE
zrbE;u{PIiCm3ao8jTA!q(-I+rAuTrvc6}?k%Jsd_s=`6=Y)jJfiN<Ap0Krr0S_`ge
zvhgy@oY6DQBjcX6u~!I^><K<-Sb|0y)(Hj`bMy5=OK0hiU<t-=4=#amcvOq6KD}Z~
z8qe!T;_9*^>_n>y2dSBi%H4U#9CC-AH$RDu0Nz0Yg*6xN2GK33e=~0CjVJF>HkF<E
z$9ClhH3<h81iSF}*5NbTsrVyuvL|iy;~y&C&X2a8jjImCx1a=X1?`l}<h&xOkyZN{
zFHOVbQC(|&N-qXM{)ziS)O}Cl(p>rEiP^Wz%tlC_VU66Hd^guzO+PMieW0u_dt0Ym
z(>oo$bQ^Umxirqx4b}E=vDSK+_XgiPnZ_3*<sf#16~hhzN-cOrNlwbTKYe*c2<#&L
zp}MZNM+R!>114;Pm#9Z~J`n9kr1Z}1nREqyI*PcP#^_FjT3NNV1R9s03JTHt7>v&x
zmTbPZbo;EfNpa=#y{2FS2BI?0eQjk`K5i;#a1jvqQ-(~Tqorqlqp6%C7`2pM&?h9Y
zvUo+os?n91yF|8TuvL7h;oz8jS7ICiG&(vBZEaXcr7Xccf%E;IcmmxM<*BXq=8K`7
zg=AUNTPgPD!ONmD<#SIy$B|p&&w-axZil~kwIq47-M2k>I}of<I=6;`dTP<zNTuq#
z6Qp?yA<W4HH||AV^KA4Of9?6XZ^mJ%pINg@8EuFc)g7}vL+B)jst(}!>W@CYeex7;
zY~`&7b^5g^#po3wyDH7O5?H=|QQVldoU>xB=KGFHpwir1ZcSJU#1L<m7UzDQ(tDV>
z=G=;st9+bkcqkz=-~+BzFg~iB9RMo%82%RWAHTxK=`jp1&E~C23{RV#(tv&d4BNOJ
z-S0CdwppKslyA5odg?mdCI}pO3}{nb1P(xiI0!`Ih284|_C4+MQm8_$%s;My5OUkc
zAo%LYN?v&ow_9N-fivK=QapO_ak{J~6mH9NY)_#e-<SyyR$dwq5>|g5?)D$K4Zl?W
zp4NY=D^-%$R{h)Q{UcxSgbrgHMdVI*iuQ?>42Z`ob6<4V@Jud_b%7B}<fl98$G44T
z(>2+wS()+XceQq&8({Bfi3A-9TW~I@%a_}j=Ire?Z02`F`M4}t^fK>P=*Y7%S4*mq
zfigD#hKX{TzP!6u-3v!$Q{q(Rt9+-v1SX@tx&5~zfiHTxyBp%|5yy5ySC$DxQQ|ND
zYeRf}Cz8_N6w`b4KBXET&j?PgPj+Wn_r2Ki(m!enQ+3q${&vy;G+T=v>t$tC`J+0#
zWuk;53R(BpCBl{^bCQ>i;z-1FtlxQVRP~06TPhDu^LTQyyi~}4IU4%D$V5Wb&u(v}
zB}4w2mHY__7ox1qS)FHjUoIO#VFYcNAS+S!q{?>ombcjk?^rINn)P2Kmngp{mnU~p
z%*|gCmP)<Fbb#};$rCg5H4*GwS);%_8c5y|BuuL9_Ke(W5XH~NdVonVVw@LJqPC*x
zi?sLr)wkE;!=CC`6i2(IQVOs#KV_2sS|=Q;6A%fpD+XnIp;n{Q=rL@aSOhc`i%P8D
zzBpP08h&P-P8yu6_2<rG{<z#Vo(y)KLip#WCS92;zU%tNBEe|wFPG8>6_oeK_0hWL
zzo;EeC3LpET)tY9;TXwu)EpP+lFX#<xPOQ}mu^fp%9W!xU(h*W|LjV)dzcCpx5!~L
zjCcaBjCoMf1X?r1TT`X?v=ZOE+D$Mhh9MK%Sz8cF-F;Q}I^o$VqSa|tlt$M1I+-sX
zlh5+Vsi=>tbU^?f_VQ)}u``<>UZ3$DPcU0)HT$%%`>4~`S$^GdDv*NsY`}w_D{9xh
zd~3d}@Yoe~$6>Mhm|xv(B`$Vw!t1Od3?v@w_#<|Y%l$gS*~Opx+lo~luG^E)<QFCf
z*l`YG+C8pUR9%$lY<X56<%Z&KUK%ai7IqhtVE5WvRPQueYKHxa18#NCK%<_-93?X~
z>tV;is5K@fw|N`=8`QC`J`>_6Of%NqK)xM&N;+2c4dE^m4l#PuQwWWcMRavz7Ux$p
z$;AU+xSJ-aEUURjsN<T$BeRSgN8j25?YmK17p*_jU>zkdECr(R^K$61RvaQ4KV?v5
z(S|Yl^({%5EZQA4_oU5q14u5hqZ{OjvR^abmp!$;c3qkK%t~+voJYor4P2-1z!xPl
z2RLJ5K4VUNahGK=GEZS%D>FZs+pskCRklX+2X#J~fa2wCBofKEp_-S^Pgy!xtF#$r
zU)tPSolt6&Rl9iwee=$g3Oj?$kZXr>gXR6a!4L^d+DtZV8YPYY!`@qlW!ZJ>!ip#$
z0-^#c4bmaf9U|RGNQ=@f-H0eCNQrbwcXta&cXxM(g!G=*ji|5BxAxlKTF3sr_2d1=
zb3EQx%`wLuW1QzWN0x<w<>D!6eO5|B27de5;mF3EXPSc$G4<l{W)U;>)8Qg@mEAC9
z=}p}nB8(Gn;0nHA_Zk)#3VzVo@LGG{l#JG+t+<<;ar@fnu-LF^nY`S$3dPPKG{daE
zR$3q#hoNJ#WMQ0xg(dSE<M#ceqk~{C_3t(DkL$mlI)OqAGm37)ale)Ps@>^3MOj*1
zQuy3=psBz0sLYWQ=T^!scm&grJ~fkCOhCqQ5qr3AQFf|&q~da~w7o@g2DW8rVpV0h
z@xqXJkn=ZFA8=w%pGefQ$k+=Tv#4sARBkONQ)t<S+&7$@JklC3Kk%=X+egmyD=*hC
ze80z2as27KmNA2ob~(md?pBwbrUwkIeSV9YEFVLckHV-PeyTVtD^rsjCdWwWFPlp=
z)K0=39uZLMD0$+1Vl0^R!hWV_Vw9jxg<+BZbfc={6StFTFmvLE#a%@W1Jgp<vfN<D
zmnJw&3AGF+_wDlaMOUm1-`fmz7V#c33qKtzwVFG~Azt12fs{4ekFXHsWdEpIXsoh;
z>PfK=&8nl`z%65u*m(_2o8avC<KLFs#(U<C<yl)pXpv3djD@e5aRD^uvI{thPjhaj
z9hSy&#0(^>5A0Fz9i?XAl1fDp4eYP$3L3CVpmNM!dgX*SYWTG*v1|(617B{nNFjW)
zYI8b`-pH0NU;DWA!&(2{8jCP31I@bJAY#CJ?LeaZFiM3fmAqe8qp2gX$uWGce(bC=
z)i4%~vOz1=tD!|?l^Uz;@o>&nDyHvCW8XI9*>2skd(q1}vO9f{<2yv_8`t0+?BT&>
z;-$BWomnEzJYH<v%l=T+X82)MSZ0Kcr*o3%@TZuSdyxq_CG&Of(AVl?$5hwp2l~7F
zB`|#LZYER0fm2-!uev%sDUOa+2?fZs)k6~uuD+`lh8quW>$;R;f;vN9Q}lGpj>$?H
zztc)}jYKTCS&C;)puJ}aCyUv*7vTp5k0i}jA!+0;gOZ@iD<i|w*NZ4}gB1h;BWc1$
z#@4APGGs11BsBh{l_<txsWr8#Jr5MZ7fPpv%Bg!murm)1B&8-+>`bb|%}g4+#CfTJ
zP=>Q-B^C+dC2#l_Xvd62c8LbH0=&~fml3CzhbJ<s2aa8=TKtRe3MwX~2Oz&)tzp}m
zPK(G)pRnaxXX;OWnHj)?bvtbgx7P$;<^CBmM%k|B*?wr=C{e=vuH#@$zH*4>+cW({
z0e;mx53Ld~kS%AgYsZXHcBeGR*S%zerwq8HM)@hh`&X9X3y;9ytsl=~HWJ2%LNxYy
zO+tO_gai$y`7^}#g|W+ZMbx@iO36VcY*M<PeM>t9-s6Wklzol@-B&-ONaA0W5dP}R
zXb7f*GMDz}v)L^Z-djf@!7x;y9Hgq4n<?5oObG9hPbY&2#$Y1=otvE!8Z<Nyb7`sy
zpxC=))U7&AenV2h4gSp)JXC!+iL#J!oKzRLM2fg1<umtu#Y6%aAj<od@T*nbWm%M5
zMAW`7p9TdG<rtvFR?+;O>H`oF50$hl0m#N(`86BC_V%-hALuCeK)Y6eE+-c4x}93d
z3m+Wks(aRXuGCb@q_|S6%9&OaH!dUgio<dZ_1|F;xV9e>z*+#11_6CAmdLMJJHIlv
zs|cJp<(jwu_&3m>yfAG!Fw6tw#ek>shgX`Mn)D94^y`A>zoQqvga#Y6b5UUeAhRtP
zC71psyV1c5{^ITzH*uXs>P#R~O8ouy!e(?mA%gZ-$bLTOuYY-=e)ca1(5Ab@rGI%X
zpr1<&&|>bQxvBrg^M*VL21AU{{<<;{mZQaJQb78327(<57;}G+ZlFK4E=VdDK`E5Y
zxUm?){rUC5TQ%MVu>M^%56ImEeXdFGu8YJOEQ8FS%kULr4*Nn20Qwxf*N`S*YIq2y
zQ5Q$VT{MKa&lq<w?M(guUJ^)Rt`sIQ_sgFkq3Yc45jLItdp-Ovs6d<ZOOQF&dO+qp
zp8XHwc?l0%cNPjc|I=sx-#l-?qAXwnUH;1~R}g_g3{mo#T|5HVqWq-)FovH(UH`c;
zfI(5fa(zAciGUPd`J;<G0a_A+e=G?BRK)=Ln7{VKpH+-o7pC~@i9eC?2777&j@5;+
z6IWM@zr4SM67lyM&_kndAPKZT>v`4K%$NT*9!R<mOcMfXpa1pey`=^e(76A;GA?8U
zDkQ%i!4~Z0#(x;V1ykkX>;K0F0GNSbw9J;7FyMl@u?U_Ag*QP^xGDJ0J^276^pKY4
z#h!pAY9D14q@T@J2>iVakhUDCQv+?eUk3hwHAG*WxWe_%Z2>c_i-BjqO#3>jEvs$q
zKMe*QaMz+own4)9Uw&R#V)+%}+<#se1Ca8Bj35pE*J<rLIf)Yb4+FT+N&Qy?uoi?%
zuaIXLTK!?oyysCtrmcky4;wV-ItmU75}V~PV(^~^5CiC^t4LA(+Xu7rU$$N;2v}^3
zNu+q0*!;QcDMLO<4NO>$m-gml=_llZ)<@t!nF252p*HnX|8id-f&b{?CewWVx>tFT
z@atJby%zU2_G=l~jLXPm<x#3;L@?=I-gb0w5exbD%Yb>p^btCOGo=5yG-Q~(Dol$i
z$#h+%gb%7&U|&h@?WKW0PwAI19r<(q&mr%xo&D3cZll~Z-98+!$-8>y{$%Uc4amd&
z%PswW?}-AiH~-a9lHL7kd`|xf^j9ua1z6}JZCOfa-l<<tM`<=abNC?h;e@$c{)9CZ
z_C|g9wML=n=lP*`RpG$9^#$?Dt1G6`F#6)+a~Om$8g=rXGO;Lm;912AJy3wwK{^6_
zvpTyU^EYuEk(Aj8G2`W+^9-C1o_EtI!_t>Yv#^T{srJYFI`B@SUD|@$)k+o7KX@AN
zMO7Cykz$)_DXzOT+yuiwZKyEc7eITm_a+?3@KXrywpiVriMCViPk!2vX|ah;_SsPF
zI{3mj$-TfQZjOC=3I-I->CUH5L7o_SCA|>LBV(ORrB>;a0B3t@`tlGR_{gpwZzh9!
zlprc)iyINEmfh7Hhnvau5XU-$^Y<c=vx3taWrTy5nbA(bY%^03w&xn}!ws3KHQm1(
zSWJwF8i*J!!AH;lmBG)Cd*L?Vdw-R|q420T>T+&E6V)3xU4dM7=;qXfel!Dt)YUR6
zWv-LbDaAu~;mtiEGgDys)6B$!um3uoFo^wVpckN2a7l;gO9Uf`S}j&2BgJy{rv$8W
z*R%^SyN*79_S6dQuRVo-abjUy_mhxNe~N@UVp5T?TC@?B>wS=^Sd=LqewtRk(~P}+
ziV*$TzPxQfT@005Ph-eFjYi9jIYYakPcc}-Ih6Kc)m~6J!<L)u00+o#wKhP0zLGJ}
zed8c6Ogx&Kzw&UN;~v+Z-N8b%i>TT|RliLAS%~gZwpw0cWORcRo5kP(gU&JS#Mx$C
z`S$P#kX&M@G21KKM^O~UeR;YIe%A7(3}3he-(jPm49B_ga;|ODttFeIvE1j?H7_19
z=FMS-i!KDPH!r)_C3kf+gEEaudh6w*H4=`s;z*-X5snt6{Tbw^^GlC95=Q3(xgPo@
zN`yD2=|oRN{isYINKH_+9aqY&zGiGR8tvR35N>*pTr8M|Dkl=xM$fe9X_Y$HK^xA|
z?1sx{-6#i{`PN94^mHA{Jlfs6sO-=2Eyj&#GgOM`j~Jw!nH#o_k+T{<<Gax2n6^R$
zu-lD^E255QPN((0tg8eE9kd*c^=r(ZVq>-USTt+IvRbe-oQZWK?L47c(s%62?fZG_
zr8Kj#-#ZG!&vx=U)=X6$HENa&vr3=cXEq}D!leBaZi0Kaop!IHVg2mU$hZtMLsf@i
zMxXd;l$u`A*<>xT?CE%xsM)iTZ>(`GBG%CZs(C4QFx&mXs|6zg`V=U+qzo1|L7~%o
zaOA)5*^Cx6+tgY7GdQ8TLogCnUVqi2>NJWbfK1AtYyU^p=LY7j3bcd`V>eN1j>=kp
z^ZBL7Hn#$O<^Upz!(*zF`NPV(AVxiD4ZOSNW$Ag6-(P&MZGCJ(JXi!2tc<#`rqVx8
zq}{>+S)YpKVr#!(r*PmY)60;Q;zv7OWU+NpJX_g}#@&PSrd2?aan0K%R(t9jgA@;?
z{f)3Fr&E%WjcTDa%j1`WZf<dF<BlVd+d%bes18E<Tu<zS?N==p+JaY1%iFFKZQ0(A
za(HYokV=wwO74ekibt@2V_EUdflNarsn|!vSP|co_ERU(G0Cp&Ir`bknC<Qs(<k96
zt);7u-LK4-n;KMND281J-<spI{y6<SEtY;a;AW#8+>o^z5><Sx%Z&GZrq6_KCV>hx
z11S6$N2d@h@Lh6b$S$k$)Mxb3qB=*$K;}wTWv}FdL^$nO$BL3s1>N`Q?^2>P#PBN{
zV1zv;evPaPi)q;byHb_J^Gw{#+s<iU9MrN@#1I<+ZjyGWb^^+1vq8=_&AHn7>?myC
zQ7$8<L!?bu7@mF0v*FGgH-z%%@=%bV3_uVlNKmW3G}J%KM9caOO<zgI|JWEF(JAj~
zlJ%ONOti{6d4KoR{J3HZEr&5ajYhfc2fN#hDq$fAdxG;QvLWj(dbT-55;hZdUPgsW
z_10TFXUB#UI7@EkBZb&c(2fpYXQC}@C*;C==*-h}&(v<@p)K9#H>KUxbUr=4x<}(Y
zR%-YphUaw0#hicRxoxM|Lv}^b;fP-*u0o>vN+LQrLefZUJax>)=1fmLb?V7VZwk#!
z1D6SY;%@cnW}H;vT*2<w_d@GAEM@HcY-dK}<}~W%&xS(@MZ+0Qv|5&qeaNf}zOUW*
zj(#1LvR?1{RkZL&`1Zt(vpGqF=_a~AvI)C#R>Y0DzL+lUNT?L!YP)E8w9l_inS*65
zpKtaOZwVS(t6XkqRdNXl!eU5J%45=wLmBXW@_y^KdO@tPoF7O|zred1m1QoXD(sl5
zs=W1fGI*9VQB=cbv9>FGb@_*tKv6*aWOj@`jrD}z<*to9b%q@li_imOwIl&A;mN*<
z$(J0Fnc=>&`fqA6!%ZpOOsXgjC7x=Y0XJEY(Kl>T?CPCTRZA9SZrzNj+jT7jI0*9~
zm}}?y)3w9RMbTo6e{I1azz#1j1xvoTx7?#ada@zrU{qi@@CjkPgnu|>em!ibI$LZ2
zc{ShJl6BsUZ6Up<)otrm&&ed89YD=uwXq^6Bv2W~P#N`u-B8IQG?R8UkKgGE4(pGp
z2QzeFRUjevv<rS61jWj^Qv{FTMZB9qNL4MjaIT>)604Y&l+dJ(RDn6e+F>PK$WI4)
zq=F=IeNpqwyR-*}6t3F$986Z&3?6KG{K%f13yvZi#wChkj~vYyY>UM!0@_e(m1eIx
zR#tZ=IS!k_*LacS5*22;x8$BI@TUD^Lw}L&z+P!xP@k`~8KN#VD3FiauBhGPnZg+H
z<n!Gc*>KMGGG(D5FC4Q+=BUtWk}Wx29<K{qGf+e|{=~T+iWQ5A6DS}2s#?%=(X?Fu
zwc}1x{ATu(1GIaN;kZ5O!8U9waG^|T1j_C3fYbDemswrW@w9%|MnnZ(PuZljPoE_R
zjr)+1{rQP;U#8aZRjH?+0HlKZG786_RE6=Tap-{Q*RigR(n4|Uy-9+jviK1&A$qu!
zMmzxtwIZ`@RJ|iV!g>mu^+%-{Mv87}u@zfEfaA&T?2CrG7|-EAyai^Mg7a4D%CCR{
zNTwh9?PmBx^^0bWi3~>qNuHYKPf(qgmUXdqcS%tEJ<st9x*q;f3oZ8m-pA|kLO4Bk
zbFQHj#%**1<y<xa<K<j{9g_U+TeVQcb1yxY6W7F)DpJL-*$gdPpd9n15^?wei}+zD
zyTv@dCi9_BRo?*1DxmuKt1+AO67MBGWx!H3mw3eE`bY|;fcxg50_Cb8{dQ9h{fpTi
znNhx?2_r5XOTj@Jeici-7F3Dm!(vI@_&aj-KKFGdrc2Ui-nbQpu^#lUceQ1slui@V
zhAgH-ga%5J_yEc{+Ks9OYp{6xx;w>N+nd=9VynY4LO9e5Ry;lJic(&-!NIrQg<f_w
zctU`cNyY6l^N^E+zEo$?)a_KTc<GZ@X$v93x}h!^1*;x!g-KtQ#=``uTDCFC08}A-
zlcJTvuT&CdcMrdQ5zelfcUK{LG;wVTs^#$B2Z34lYdIex5Zb*CEKP>Wdun7*DP35C
zE@I_6JpNwPED5{T%K$~L{^Ci$RKwRnT?(kfM1+oUcdjFp8p$txK;IuBJyu>%Uk`5F
z(a;?%Vux`%QcazJAmFncmXod;dGXJrtP$qsLMv!r(xlqLNf*@31e%3uR5FQc@heAY
zy=<J`vmp3PbQbDYMBQ+jlvFtd!n1iata6s`y)a7Y%JmgwrZ-<o7IMQUS#zsPJ|g`T
z#(n&Q;YepfC&HJzBJ=YZgN}BX&-x(AvI07gv8}X8E(cZB_AtJ^_}lD_OG($J+q0@p
zXhF%CRl8)nT|AX`hGqU$$A=%M-&Cp{PwNKE`>a?RuozHW4MYeOGpR66uzkG}D2ws>
zrg}f)(PHheiutgv@;ab?bBPYvG$UX6=GmZ#u2?rpSLe&->|G8OrO93nr|F-*xoZA0
z`ZB~3s_pyX4np>9Q8>_8<y{I=(`O`Ume)a79DhnHJya;M>f<%j(@s=)`Pq~HSt*OV
za(*mOCStZjLF2*&90P6^oww-MmxudMxt8NUv$$%CJMrgNA7*IB6=I9}uIoN=zPzB}
zSaAHKM^1(Mv|mVf(alc%l<}S^UaW@QZU+5~$4J*kH#`Ea{)>S#cp5o%`(259mIGI|
z`aC5X@MjA&GWR;h9P=b*GhJP~685IJmU=B#*|9WieQ*o}`#UY0?=6UA0R_A`9=#qH
z41`{f7anUx1&J?}1%-TAH)7K)Wv3s%iS(}*I`)2699>E?ut<%!T$)Dfe+H<Wk-LZC
zx3vMgW!kHSDbiA{{@q(kn{P!J;-w=oIPmlmKkay{-?FMBf+Q*0O0$_V#i%+)KY+CU
zr7pjN1lxQv{~EXcetDjQD(0GoK9D{|Uo|ZEnbsdaKG@zOI}2!tzDsN$0UOw)jSgUD
zYW6t|_ep7Io%Z|C*DWw307)vW3^o0J^%8ZE#Pocp_ap6Axe<Z5LHAU;03ZN>mSBI|
z+E0HvwSAoZ(_;YU0%Tv33-ht*ds{oFJf<Cg|2lEfnU<Lz;JVPpSUNrNloi5f4D*h=
zWe4B!1+Ro#I>lvD(B{6yLx~gQeqb0DL!lc^*w#BswcfY+`W~(EXx{BvcSDC}yt1_y
zFTbe}CEruxc<FhM6ho<5^en8Z-=Y;Iqwspy=gdj7=tudzQ`3z4ENE-%{wB?qYK2Vh
zerO@I7@Eo$S7`S81}2&V2gdJY*08{*GF{#e`-1RP{n3cGzr+AWbk&wc2ltq|*ykpj
z2`PUud-bdU64}J72*&y`#EV8%C(MNoDubmDD~SR6U+QBo8==YRW~p_9C51f0z0O2Y
zum}fCpCPb;s-HupLQqP~`4v?9v+{;Bef70UlOa|})&(oX8L&cx-q?0>j(Wu5>8Uzh
zsj^(6S1Q)?cVa~|?Vo<bU+l#6u$T6dLHu2O6#igC7Ow>jTN3K9?J~w{!u1$BgPlBj
zqaOhj0|TKzu5{wryZTSB^0I{Ru}MrTPclE=W&c*+wSLED;wXE~gx+~ncx8@`=?sf)
z|G0%@$3+@d$eNYp{xbD=jix-2aB3uw?e5g%Ei$YsK-n7o5j;1JfG2{H`K`P;S!^we
zVQPqMwXjcbXVE7qa1c$0_e<jK<R;h$qfLq+Ad4QXR;Vg;?=cii{VY;VScx`OSWq^0
z>$^jO2nq>PAOJVF*?W`JSN6sne3Qdt+6Ur^5mR2D_&#cS02L$5!0?0OC&$}}sLsc&
z!{^0MD7W?FUiBQu(XmkU++1`5<Ra|T)*fF$HJZ~OGg9{sdY>_v*L+(fJo5Lr)?%Nb
zJlvLW3#aC!bK}bXgo=HHg&-r2GGDbu;>crPTmM^->20CYkDqNmUFxx!Q?X)cY?+D9
zJ-uV1_-=2+h~$dNiniBE$ohmMgOU&DF+sR*xU@UX^&MlU{qGKf#HzF5R_!0Wuec~L
zNXE`|8=9juthUNK0^ZiQiCd{XhfD(qYW&UDHA1cKncA19uCr;cF|-g!M<Vsku80bp
z)$flR+LX+Del1qaB1?+0Q*Wk}6fz@kshY1_h|bSI8J#%3&4Ej$8(|$gmPqR`w_7xK
zug5^brG=?33uz7m$LKW%ep`5!vBWDY#zeZ^$^&b`R7A~95Ru>cRT!84C?>#wh>Agi
zm9YS2QeIcz@KZ6o^Wc9=<NaZK9H(?HFQv)w*vtvuW6Wkuz+P>j$31-ONSrNB#Vqcw
zuLfQ<-#|~1(C}m401i>N$R$T`+~63M+Nc^tv@!+ml5%n1e}l?k2S|dR#)Rds`dL&h
zTAytKU{u^v{Ksu}8?R<uhaJuC3YF}r`yVKtN@UjBmp{z%k$sguq#)B}uEHGYYkAef
zX>S-Pix4dyrQh&<l!2&F5ZRpG0wbhs^}bY>UkR`*mc9np7x>yCvU7$UqMvZ9WI-p%
z0IeO`1b)bN>g%*9b}y`lv@#Wnd*!@)Bf3%?JSO*3xRLkA`X<^32$|3rocU9r2zbVK
zl!`_<-B_{9L{-D_Kq99v09eSEEd|q$^|xiGup!F>6_i_BEyS!pwipc4B5sOFDg-Z5
zm&$#+8~C!jVyH)6tc<O7FZ0fn<`E*Qt~Hy8B<ty2Y=dbBe9?)KYwtAIiuT+p7BZb>
z6hGJ^BN*?}>8_97;`d!Dp6&2)?k!~P<jx?A#(aOR4z7V7Sm1EF&1kYvg2@<@(Grx&
zLn)6@+jCYa+?ZHCw?pew0G~Gd9l2vt-L|=lhE@J!dxhS%kzcdlrzNx2#a&Iv(zOy7
zS>i$58=V*V_hz_OowuunqD3~s5x!xKEX^BcX{$U=cAf7{>4}{KKFVO2xjmm#DNYi%
zY#rOQg6d=gvGmQ`>U;sW%BG_|Fi#;)id00qe=f#j^&wWYOW_y>hPizR`jZ+H>Z#ME
zB2Ph@0j9Y3oZOV$;rfWZ<Zw(|rPJS8PLBs0Vkg$*5{s6x;xmeCAa`%GM$%(XC~lH=
zxq|ja@tWX}fmfRmdeJ+6)>1zXo{v~8vl2z`+)nX|)U)J!MTtHpOl;W}?ch^yh#wPF
zhUi0>Ob}Fq<U;>V7z6IWucw499aW9u@pbMu{KwuEl_H9657%tc&^9C6HhtOEOHl9K
zO9bKj#H}Ul^nr0(A$Oj=&rGedu8${vEb=EN7PYkvWXzMMr^|uZbOq;yU_kM=kCf<%
zO%rE&MJy}6a6>w2H1V~MJcL*Zhf8B>k#s*V@~724UFNO}U{5M*pMDh}N~5A|p}w15
zoY27}!#WncRiE_2b1JbR!*s3Jg|80T`0A^jS4jd#;OzNQJr-`xMEaCZd-!3Gwn~qD
z{L_ZG_*Zd)3U|ALC_shAGoqI&j&_DdV`u)ffQ7VK_w1<Vy7XGnkSr>*RnmM!Sd^^+
zPOKYAwU7jfbWbLgvJ^1<4TDw;py9%vx@<~zMzB$FmV<79-Qr?BL}<W=iTNH76-|G1
zmc<#qKXvz^JLRYnKa;p%spv=$)LN-&5{}dJ7Y%_L$k9<+RTEa!Kt@Q@E0EQN&8GS%
zTBFPH;9}Ss_9?5eTeFImMszow_OBFd7T@m3CVuels2(c%y83}0ZDFENQ;<ve{C3dN
zuLiZpa7tTp3z`gVcevlURnpko&(`{X2;!=0t$lecQDx18h>rsV04ic`?30{k%mf-1
zy_2`PN-k#BY0LF+Nwb1*I%iCO&HNQqc)-Qxa$HGRNhwiG3g|HBAH>$;%A^ZqVt-PU
znbiDBaP_^#^#L!J6_gE$BGivM(6JI|!pxtu_QG9@iYldnKa2Y$eN#HrDuqVX^7AdG
zRBEcFE46?Xc@rf`SwSg??+g2Fvn*VDYE5Kz8>K=GMav1QLzc{ez$yL>|9L}}9y*dw
zp788)CTT${!`hjXH?I$qD5yT-_u%TE7(d)y8Jej0akCb;P4CuNJ7>aRYH7u0k$v@>
zcM8%2j_e>YF#(-W*^LXy&nBPE$7uStguI%0X%PaNbV2s_iv*(Zcq`<w+2(7k^kv9N
zx4@v~N)Q?FdMB}X443i+>mRO^4OvIEX)OssYsBxahBhteayUOfkDcXnSmEw*u%M9#
zy4YY85cB=WqQRjtiJpV<@-JSmD<74@SRg%41mo8qPwXsWf4O|cBYw9~SN@HgiS5x^
zp??(CK6y?CXpC)EoNy#_`luAlJs1@9lkO6zrW)q=MU4-}vgS4){h-@?e1I&9Oc8F<
zEty$%c&j$UE+?jYXMV5f9>ZGp7ktMZ{hZwvz(#8xrkPsJlcd>Gkh<3q$<kpmBmdG9
zGch%}#Y+PDvy=D2lL~vQ+Og~jO1O%%DKhK$TNO=Yd<0mCy`NV^%QGprSu)j#<>>k*
z*3HO8PR7F641?D2tif=W7IY6>J(d|jw|tuQu%dPI+tmA8>{2c>WDqALoRGZChNBHt
zKcabI3L;cbdEh-;Esa;J;-;$-y0Ts@w7xi@!aQR6QigbH{n69O&JCd=D^QkS43?n$
zqN<b0<FLNvBEwQ-7J7Zq&4ZJC!(~&1)yov}M<j@oQ_^rB25!J3JajD01xejd_S;=E
zI#DG)P5*sN3pU==@LE>i%{4hkb%{s?hPpPEktadaYLq-DpLI{}b#p1KiFVb8ypuS1
zm8x%js9TyQpBzz%VK`)td(b{=ORJO{|M<}-b&-8tw_O#l(p<xy3Go}=i7XW=;U*8>
zy|a)#B>Co>Lb)tE0dG<;H^1Gn?LvKJcOUc-U?KJP!lH`ZL+L7Kr-M@u{J5T&d>P7E
zI4V+0a#7<gIwqH})`$a-vf|$IQ+1QvR~%IF9dvNnVVBAL<w8uV)`D{Nrd}L4H~V(!
zNs4?Uy#_!Li}SD*00}=~;uUHD&hZId7A*rlSVBF{4OUeE;|$#a{*#+Vq*fgR<a1$w
z3Kt?6U!@}T3x<SsHdJF<-}zbr^WU+Nx==*|{MHBjwj1DTF_z5KK)VEhU>B^5CzMzK
zd5^o`#sI)C&KeHjUxzGuVf6N?yQXHIe$dST+7d7EdPUSg4iPn_gboYtW^yQuG78{_
z-$-P3)R=5F4glT#f1!)6qQqw1NVv1#W_)u-u=iKt-P<x4w~YYzBl$W+t_T8~_$LqU
z|050n1ULR~aQ|t*#rP-a%nR`q9{*mZbIy4;HtRoN=eLls#<SmF<v->u{8|Gr{p>Gr
z=pSG*A4F{d3LwA0Ss0J$L8;uc8;(#({|`0@pxHnKdC@=5^na692q4(*|CD6&KZ~^T
zpBU`Fi7NlP0qzn1o2YW`vB4O`e-l;y#}QTjpO{J*fIh;{jRzanxLJRW$s)iAW6A#@
zjJZMQE*Oq`acur8_vCL5A2e|mq<CQB>;)6+7t`}^vd}MOunP{>Pa@|(4kKu|<f4TN
z-hbzLMJ!Xmq~t%2E$B}_D_G+L)HC?2tG1l*S1j?9EyjB>xAWIw_#ZNrz`R*7G`-<`
zGVY&^J=NGu|2Vn*AV?03?Ys!Z5TGAlM4o>y!zH+;+h4>4a>ak2^!}626CZhlBJAI5
za4`|}7YFN{LlXWEW|JUL*K;yysr~Of?+02i5EcK=fZ#j=gt$f!75<#($O+6x>mLSi
zF(moo>;K0F0B`|3)B_Nc0BN|t;>Ujw#%|pDT1%(|W+Yz_wqUeeK?*8z>g{o&zn6iR
zzz!A{Qv5dXTR5$ZiT>kX|6T)v3rVmG(+0f){{iv#SBKYs`Fa1Q5yK80ptc4Xf&80a
zy9*Sc-NpZ50A$ce+!w#TzT<yr06=cFzLpS74uD4D{?~#+h}<qPuJYjg4EW=01X^n#
zhy_|}7Y6=6G>Cl$M`40Tcm>FjgedODn?ql?#4ID1?oBNvdPeGN3xBiRQsy_csduln
zKx~5Dm4V<=s}<46;erH(jJ_Tfe_46a=Lg#^T7U}yx&ohI(kMS@3DW$ioPbeN4;#`-
zK!ud9UgY0vGAwGqVnkc8%;eu^kfnK}&hBn&b91Ub$L>bewrQ8FQl)L?9hx6cJ?D>U
z&!|H+dVJ_}X86p6ZzQ0+{k7sSqm!*wh=~!Isqg;6chY+`L?r`}TD4eszCGMyQ#!-I
zI}(;d0YOjcn3#3;aFIwIWBLN5>BnD2;e*;v<%5nNU7aGl$_A*3G<0C`?^rhTAXmp6
zw?;7GKt1bIP%mQjW!*d!Y-YcLu#9^&%Gu9jsFlmVai-G-#>UQdIg;iE^R5jS#7jmp
z#XDD&#_rxrtkT8u>?cDyPY(RT;ZFmZ`iG^L3&wqdZj{);X`RW02cdbn9LWZqa<#2e
zWf<372cGAFe=9^d6S`ob0$$?*2Q7JgiQW5hk%0Q{-s7Hlw8TRN9Dl<2r(9L?j-CCK
zF`J+S%Nc5T>i?4}TO#oFJxZcHe?^eWe7~kee&46B)1d*{Df(-#7jMepLp4Y5za8g|
z*9|Jnt+WxuKotlPb5n^Jk<p-6IxJ(T7Y~^R*WgK@`AwKt^J8|!purwCir%|_=Pj@N
z?Ptd;SoxOEWRO5tRh0K{F9Y@Y6TZ%fLZKN@YtXrg4M)nf#X!s68nKHIh02ukiH#IS
zN;gA1rdl5A)XO_r6rA!S44;D+-}gLtI<7jk<To-#^^2U%rVk$Y57IOLd;7J5FeNwP
zHNhCuDiNmO*M}B*hL}vBj#oB@nD%+u=wX+C{rVOin(;2nAd;JKySsr1ulED26MBk;
zI(op5=5qS|5zZSfn|En3w)#;3u=q~bjf=`)-NT+e-=HLui&vSgchr8q5%z(3k<#_X
zvJXxtU-K4_(4Bd(m{$f~fj;UV*F!|5BJ>ahN@>rU;uEFbW#G{Hr7tnHZ9&*iqcPlB
zSU-x@Kpi=KQOBEQmmLFw60QC_JqZLhW%8h^;D86b&(9+mb_n=m(u9dslo~cd%uE3<
zOuHU3-o4w&8da5y8fBr>>bY{)ub;M_;_9HmHrOS&InvFny+l9vHS6GEZ<Wsu#tJ}~
z<tBNUA^~!u^K-5n=2pGefw@<ZK)y~=47kQ$JzA4fU#R;H`(zD3b#zfOhS8k(-56!i
z!!seBV{Qf()UY_Hx(E7Bh@SUetC%p%?W@jJj<heaTE#K;CfeM{t)t&BQ~XwF+6dr&
za6&nV{(cu&3q?rPD6E%WVd2tB5mGsI;u(7!JN~sJbxF8h2R2t39N3OY#R5#>V=9Re
z{K)U_4t;6UgCn=#TT3_>(iU1@dfAyZDOJZ5)_vk}5+o=u_DjEiJ6h?5prdBH6u4V7
z+<CbcaIKeAS-fYfdyd|w1zk?wH&8NOWjwE@i140Z@AzabSvSO&T&pAStAL+(JV+m6
zBW5FD1uI|{2DtG2=fVlF6+p-1tdJ@;xcAyVE2ytt5~8=h<_&{L5by#y27F*TWuft?
zKg4!l0IbqKS>)1~oVJwjM#Xv^*8A9mKwAqhK`<yC&B_`N9KRGWOV*~eV~P<IpkIJW
zF~9ab+y-2!9LSlSn&oRRffk$W?m=ysMGJ?63de9V`7;!75r7xY>Vw!);#{jh$m|(X
zC_+adwYk2heMiFZ{4>ZLX79T`7Z$IW0p4X`xl#vjL$sRD_u>8x^tJ4e`9}RIzt#h&
z5$R{w26Tpl7Com@`5x%L`O|~O=l693_r32&F6#~M8-j@{sM`brJO4b)e+@v$k?}YK
zAFq=vbL}rj5JNNuKMwGf%#$)LW`xlpddRjoIHVKLyE32{kM<(QOS8Cy$C+laChs_r
zvhSJqQUZ40Mr+WoIi$|Ns&N2&Vd+YS#8ogxO#8dY%M@7Q?B+S8R-CwpHN`*`9p2-<
zVgk-h*fKu>w<fwH-irvXfru&+)d>6(<8K`jS3vkmQei>?W4$D(e8!-sz2wRWZWDj`
z15w|5@WRGj=e;3phX3k*+;S(YpHj@K$BtWMwX?l|p0tD?bVk@Lv$Ocz0UcN#4>~Nt
zt_nN1L;_ZLHKavZzToQ{Pc!dd<26fm53HyC%ZNZ{1$ZElsMKE%X$$WW=w}BMv5A5c
zllN6qjeRg6v&#fB1C0guvz8jXCP8E~%Lddcep&$RH2hDO4+M?p#OOw)zi8;61q!)r
zqk7gDhvLTsOASf7qg_sDo;n{ZRfcm4I3Me$9)IuPA!(MY``9Ig8tAk?UTbogOJ(1*
z*&rleXY$!Fd`MwqZrBb+{|13?^8;xBy)v&b2UOUMKeisSCLXdqv6|g~^Y~zO#L@2T
zJO12Av@_Lr@;oQaDlv{G=d+>5&W+I&y6QaQL9{JvF^f*i$WT99^!EleP<|tkT`z~N
zITk3um3@U`t&)?OU}LnX376f<e7!Emz=BH4A$q&%lpH{a1Ui}3HS$3nTCNNAAN>HE
zmZ$84y3=6`KpS<;Ek1l}FSM7M{elR0p4nu>=W3X-Zp5F=#Xd#-%wDj|M`=Z=eCm6{
zc~$=2_AGV^vfR`tigE@G%5nzb#KK9G`9st(3zd@n!=6}eVlqeafiWi9W(FB<U~HBt
z<P-OvTI<7m<Q~N5^g<0$*WSZ={Isk?1rw=Q-;&j6xO4<%6iqx0l8-U)nY`J5ZQ?v_
za5Vz%2w*FEwyXVl3C1h(RjNoLr`tyw=F5F(ADnghhwWAh>Fp=&tQDErc0`q;V(awx
zC6Af|)zG}G_XGE<{MVh_h3rV1g)UWJu8wik6(34K$7!AqsF#IB6$B7VtFe+6<5jih
zV4T#GjH?P+@?yg#*_B3lyO`Y>D-_-KTx+*(#}7<IkVEP>I#egv)iK@vd3>-P`I`40
zeC|`TL9>ea?fGmfEvt&lYW|qC>Xi7-TLF&S5>bxFeI12;U)M)Wi5ga`0+LzL6UB~r
zNIJ?NQM4*7?GH6<5GzJo6_0sz!+RupFSi`|YEYr93}6_ibWKf{&8<*WDJ(fFE_f5O
z_F|soH37fn-}6_VL+)i{sEm(=b2!c{d=0fy$|moL{Yk>3+}gd7;R9qW+E2SI<CRZB
zo5KK^UnzbF73K|i32@<tC|JvxR-0eYV2>ZHBCs9R3yJMAv%c6^i|;tVo$WDAY-X#-
zOS1a9#wF!9gE~5-@C5LOXyr5ooG7++jwu8LT6$7gn?HlS3ii0Hr1$kUL9^tWg+D~0
zjb5PjbEErLfX0VgIM&0jIP9!ydSvRd1_~=cF#ModaUSR(YIp0X{9J2!^hWOL7(<VW
z*-{IikJiUNQ(29EWa_@#eflp}zkJtjpkc``Qw^Gwj`X1z*~d8d5OM$NA<_(yJwRAW
z!Q;ID%96l%*!ZCrCXMIz)HeVlJpfZ{ii`%F4fXrXaYJ_-qPM|-mzLcM(|{6-g?DwL
zjw~jl!jdbaBGzDf`;d7{+w6qPSzwcn<;Q*QAJ6b`4xi<q(|4oeWLC}7>sPHQSaT5L
zxhU65*(Q8rrm_$$>~qk@;~04Z^PFLl1V`{56t_*hZV>67vI$wQI9d<|n)Oz4G;)_2
z(W(@vNQE(*5F8{jRbx$@5lK~Tr_7!xOTWNgN$-1dO|@SHlSYYD5$!%r-U99CwW2{@
zcAV^h)xt4S*(!D1gIB}U_jbF<w!ucgQmK-0v(H^i%$SQ>kqpq0xId`PWr~ks$4af5
zFQ<Mo8Lk&uiG`<I_HMCI^~{|ki&LcEpj-MH&uQ4P={BQE<_uq12s#IIumVkgzB7iY
z6TQ+p_O8O6hY`g;dfl`T@;buWSB{EXHHukP?>OP-HWZq7Yr4klFDmi`VvQfrD`QG7
zZs~=pjhIr0oA!1W*8Jc$O{6#yXx^T(m*4V+Ib}OAm+McboN5~EnW<|TbXqj}yaS5i
z#KNsdFgPrrP^+Hn<UQz^C<D~}kA?1wT8{YR4lW6L=(Hm?8(ecaLhJqjihY;o>69j;
z4PfF=4=ZobrUFvG<zVZ{-cV0{r_<POl}B?{RU0{GUM?WS1WH7#owq#Ap*PZ2^Oa$g
zpKi`|P2pQiscp}p^~5;}kSa5qQcCS@sHb}ga{5$~+dbbI={8;T+8WB;CC!+7=RjNd
zy}oiUboV3cPSu)MAQHoEQfG>Va0Gh^O1fiH%MCM`lnKiC<S(&HM_WarV@z)l>bz0a
z?T$-Vg^0iQG80=Kvl|xPz-5s!S#<uq6j#+f^0-AWOb7mRt^Ezqny66t;$-o|iuPDR
z_~4v}HGYVB{Ks(GMS>)poNyY3`M!?XZ4OT~rOIG*=Jl!=uih+`hM-qGmcrdnv+RU*
zI+P}9Q$K++3Y%~1l0VcGxq$y?*rgnr(swr@R$_NWHm9Y1q~*se;snXaNh0fpFAj4-
z&TerGy5HNF{Xdv;nm*JjtZWn5N9)Pe%t61m!{@Nur&y%D&=&sCm}P`QS&EDu*XHvm
zixw~A2L4PrCm>La+<)P=JMx6+TfT;KAnuu|i%KSS_0*|@N$?B@yac%wc}K+_hbTBL
z4enH>f+m4fPtK9^47Bw&SdFRtxIMq|1>Bct4k`EK4Zjm-?mg}V^WP6T@6s<{DI>+e
zx-KF1j_o^EQ>ozl_dHLk^p%k;E1aL@R}@d)Y-7A#s*!gZW{5vK@a&aKLQBUQLrtNj
z^web9E0!VSdWnaiJ;f)9OL9qt7O>JX>%)}jgzhsXQ%QVW(h8}sI(esRyV6KURSEQu
z>isMxF~|hB@&i3kH&Pmkz0tL5W}*$0->*&-xX5Kvl0p3q!rRCEAYM~C_UK4OmTU#Z
zBeY>y@yI-AUV(W8k8>u`e<GCjMzrG|j|yRdVPD}3zA|fL;y5uiI-OBlwuSPjI!cMF
z@1n(Ryr2dkm5p+;g`Gu;VM@NI;r%O3WE)k~RxAAl2WeRwRA}6sHIgg#c07(iY=kKv
z0Q~yqUt@3+%-U7M2YkPGtWg5q9bc(s1;H&;(c3sC6-&x&N9jGQr3OKko9L0T3g|Ll
zDZ?5I?X!q(7-7N^34;f&tG960OH1=`N~E5faLxEW9-8T`RPVJC7R3#d?NKGBw=AE<
zJJ<?VV$Q;6$4NjHyO;R#Vd;o<US~NKYjUTVLYC0%n8;J3R~V1fohIprk|mJCqq)DE
z4yCnZShFAh*ej_l)P6hPvTY`u^v<nbx?1aty)x&4yN+?`+O&^(O$=W!A_fsN_pGOx
zfAFMq%jk;JZmUGsso{!eIR0JyI+N#ueYRWUUIIdQx-8o!bGB!_@C91Z4B)B>ZJR=P
zoZPu91I0;nf<k1>BXOeKCMVSn=5FG&7SegQj$@*xv18z2vngj5C;C#WmF7R`Qr5ZK
z=8l3LzoTDVvfpREK9n?K6@`748)3I6V14M>(jH9Zp#D6mpr!5*dxM}QIBQs*EpXCo
zsE%tkjLNNeSaf<&GAU`bQj<mDD$r|?zZ5BP-hxR2xss{5qlZj*mxpr|W@{h11O;Rj
zSJmJYj^%rE@;oT6>Lj4NmP|gGC}gs3P>x%eo%h}4=;<C;UUZ}nGOAb*=Fslh4~ID~
z44U4pFOl9IwMd1IshIafkWnME9C^9v_}%IQ4yhcC-@4M__O9&-%WdgTnMo88$E!3{
z7(X-a`=Ulanm^8N*z7=@nWM%@DiulS5$TYm65sv(JifPt4#plVD84a4LvWIQ=*hL2
zRXMyY^SyeLv5W9gnI)ITxZ_cUSwCf!FX!=dyPc^rqmr!31IazE&1W1Z&B$?D3z2VF
zZr0*CJ*KTH-KTu1e;KeuGqFz&)lCQF`%d#2I)bq@+G)uQfQUkB&|}y!E=_}^6+B7T
z{&6|G)>8(zGK^l$r;?x;Aq8>ROOj2xmr<t2hNr`?)*;^cu6os+GW{#tPAh&DB@_D}
z^45{XlhR>!35Dh%+cg>fNpDuF{D7?EzR22(46Iej%pX6@X02k?F~Vq<&f+<b1Ur}e
zgv@N$*O3!WbXG<}g7;iRqwHROinQiA-QV%<PS@ujk<dPxf$N|v64#zb$1w>1F7p5g
zJUo%)fU<nRkh5haUp8{s{AiOR%tW1d$h_Eidsr<-!0Ss%`1RXsHp4>B(IvTTnyEc{
zpu*C`JYq!Qfm3YS+c)Jw!P5k~zf8Pb_UjyS*Gu_s*W8w3Q&D%AiIme6ZS_J%wV(PJ
zju+{&)weyH{EDPMW%(Y+2jtt_*3MHM2_iqWH*P-tX4_L`w@Dk&FI{4k5P8BUr~K96
zaq-I}Y^obaQ{%dgr)AgT)V=MOUX~bihRD8rSN~D@`N+$xqBypAVphF_+$ZmHgO*A)
zMU%t?l-|^aaC8Jj78)4Vs@V*%-ea5M=U5|Vef#)vv2WU;b(uwas$*ghF)ULqc?XVU
z2DNI!MN!ZtvbrYgFKUJ;g|_=V<ao}ZKZ$RlVrLuMy!jqiP2HYK8*zcxH}$hIiGD_B
z)K`QA)OWFPoTK*&(sSzXTX$J=Y=rL#-vTmrAF-XI9Zu)AcLo<~jrtvlS+ykOvx(13
zWvr0v@!>GjEveA$6sX?6yjS2s8!W;6tl?G<I{CWGVTSCI)1yLPMm5b!+h%#R=A-Dd
zXRWm{`IxBpv#Dib(zUlDn*^%~xj9q%>r%TT?7XxZW*jn7pVbEwvjW0(Q@{;CNl5%Y
zGo{5;-fmC^*l4+pg$Nz;1!kR2s6AgVJH@w9RA1$E8MYkKAGlH@(9gr?bZ1&W^pT))
zu~|%Hg8Qd1K)OEtEYe;4ikRc<YpqZ4nbT=tq<Wu_s+sNSyI|uMud!28-LkO4%1+EX
zLv-{4$E>*-<1<I~=XDg`ufDw2NT|z5o2M@a1U-5eP8a6<b;rH8=R)rqmg=q+$2!zI
z#f^VDt@T86xaW(3b?q@4yfVm!Nj~?`lI{8P=yrG!w+!pUBfxt+kdpkJF+(MK>58i!
z#RoH{3}6ldWxn&nlH@W~n?4eD{YYOSZZ?H=mqnS-;}c)&alEn<p(y<Q5Xj5mOFGIx
z<R^|QApX`&OdOTplXeIggB6E6!G!xLfxhETBFtm)k!l5I?KndQWoMrEWpu<In>7Z7
zJ?DXy_W%Mi1VmrA>cY3v(Blr_sFicmM?IWd1R9z|Jg$y0sN0=kFOBQkraVfl9Gxg!
z|7fF<44AiD!DCd>P63K<swJ>2{hs;^wzcDbU)D80z>QnYzi*Pdm6-Vbkel?Or1-|%
zC$*UCJfLa)LU~}8`ia@U0FTW?;ACy-shJAc*YNiqDd?;91LLk$B-wXyI8OTFixPJ2
zm8*yva3%!Cow9zI2?Cxiu{(-?EgDy6W)i>osZAB}+D<CBETG@YPLFg<6cB4K9!9%t
z72v+Gkk6qsw1Wb7T$T~oC?!`_0zaoWwJtWp;)0{yG;huhX7#&M7Mx<;eG(G-+QM_v
z+SygP>4{a!51O=8(tE1Qgh8@CwDis^xVc{_%ZLr#*J4=4L3rc4Pfi{twKCBNjzwf-
zCK6DY>-8lgb$l=|&cy7zXni=3%ptr`D+Yu?3k1rF^$z!vCT8D%zc#dFbOuTy+NpX>
zn$KFb+U0;5{A65$QWGu4Pps;N6{;V|^p_A(4RGuRzN$b>Q{tWAopN=-kB-ChU~aJd
zPIwm94I~T<#@n@cIMhP;cJCuGOsBGEP}k-Pu!MvJq<B^ygKoD#@~qnia(25ISj}Vm
zsDU8LuvVh1=EKUL(4n%M3CzhYz4u+I=L(vypJC=cw!_FZ(MjTwWiD5KBGA?bDr&sX
zuez?@#<6UeCVd|k%`x#Y-)gOPyKcWqukhKhvlq&&tGb$2WI@<qe^`<RiyW!*o*Qn)
z3JB0dPD-te?AF3!)EK8zlmf0<zrBvDEZg&PhQ|-vo%3Z<z)hS=yFDHKXH}Wript1W
z)IuoGJP=Gd)lf%`4a-jCxbKv%j;~013o?5ZnY~A|OSx=6&MgXs>E0M;gP<(XJ@q<r
zw%>!SvHYsnj904G{quy;_E*CA<6M?TCrf{}<LURg2K*#J-6v!Ah9Q{uGPK=Lh8yo&
zy+O{P{fK6qa`2GbiOQfP<_+I~1+D*_j%^!MLAf_rCDlv$xTXFoLK_c<eetnP$Cs4Y
zHlDLjAD!l}hO)R+;%K|~a28mQ$yC3zp28W@YB|&Mzg7FfAlQ>G60~yNb8HaxpXz03
zZ}B9gN5`qTKMhFfpjKpn=el|a^eG!sXK|Z_;+i}HLmnu_&rTkOf>=v`6jUb)r%LOZ
zsTnc|O2_HM$0Hf*GOcR}&-_Pd*|@LAWRTQXGK)Az?iQ_<w+VI^)T;Xv#AIL>u9&$|
zvqZ^4!|BIyUwP*%6@_~5kKpHNH{LcK^!Q%TO7{sNg6V7ffUh_bs>4Qk3Fq*Bx*i9<
z<5s{8mvtwZM^j(Miu}h4kxLuguTH;lYxlAd>pJ#GyxR1msLJnn;<{Fvw@M3=$EgtW
z*mE_t2NNL*H-&Wgs1SimLvVOZy5kB|G`i0faiH32Zkd<>d(xZh*9<m`pYuJxma-Bt
za3a3cv(o$`t-&KLf<ZTvQNMd|&k!^YKuNu6)u~Z0N!&9(jC<Zp&nLOMH}=ZbBD$4X
z->!@^{9tCw>B(VEs}DRInjts<I;K<8ln0<9ackA+4(zK^zT>sNj%vR+Eb*dKo~*_H
z$S4}~gFeIQXP@A4m6}nyai%Z%yp&oICd$%|_rJ3WKQ=3#UnPzodF7Bax{6z?@d)nQ
zinUTAJOT>dhJwF=P=484yfjipuv?X*xVf^0v?@aloFbF<9azSX(m&dsx^;WX4Fie9
z;rU86SlH3d28A6LWl%l*vp&74PSP@ER>$uLPxSlfr30TvULPKKwO(##-Pnw6dY@oJ
zT-*u$u9@LOwv+tZaqBnki{bB)mG6Y@6mN=#ZmtRsX&xCTFlM=f&Pi%q4jhWz6@)hQ
z+Fh5ET^6>u5dqLa2WI<5^312i<Zg^REXTi1^k=?()R}pISew5GG#WPUm91i{C?5oX
zJh>x+<~+F7MsHNFCVY?`Y$xWjq>msr(%+UKQfpu5zOJsPOmh4}nWOx)%f`GR?x9E8
z=O5!vM-r=M;VaCh2Jb#*zYYU~JNi2MrOlhVr`0@w%x<OgJSkF{mXY~lpbRq7n7b#b
z)XoO&*#I|PL%-djStbqLd41uoCEq3njwQCH;k%Xf`(&Vqm>ixfBH(sp$||upVU_ki
za=kYC-S>ozD>K^D@%XbdWTt-X1%^YrmQF1CV*XTRc(jJhnfP^`^!8aPW2%|=I2D|a
zwS&r(182``?cbo>?V{GszxhQ1#67og%F}o-dCRzgl!&2zPif$m%8xqhiuW{<hO#P;
zSIcLtfoP>V0F=ZHBbTKSt7F)EZyf<?T~Ol&k{2hSDWQ1hva`_4y)TtF@LibXE$?`3
zCqi}6l_FKK(|tAPcY;;q8+$;URlsP-gsUs)j>ZX{+UX;-V|jneUZl15t?@HwYSNFN
zbu}34!{%+bU5<LJjVU@x17$GJ-IXrnt|IX{V7l%KkLRnwydu>wP-{;qWK)3E+6BMZ
zBcYZkaNw98fJQ0;*3W0@6iz5$R_#!H$v0TF73nI%8uAW8oZPd_;nwKSKS2mKS=i4(
zWt4D#xm*VyDE^@1v|6Y@<e!K|aN9rBXZe&iCsXd2Ka|-hQCz@z1YrZCgrMHeVHJrj
z<OwPJe$s_78;M_7t&J<tpwXLp{-LL)`siDl!ex;A%Uk8-ohJ#jpe{UDBQTW?=m;SG
zd>|$JJKQ;!1v1RkkKa#`bGt&o+B?}i*9o09vz%aHU<A)qgS(f`gCr0uUBC)Zki-ix
zg`SKs2vbPJXfQbsw9mV9pZFU*fq<!dfQANT0PV_uZbb;^v)z=tUJ{(VKbmIYa~Jpv
z-gPiKsWGy&-J4hd!f%@xAmx(83w|=6A^@d26Kak=r@2G#rkRk_avtfDf`??}lSvN)
zzXybYPf3)&J`7&9CW#gvr($kn0>v^{utE4ss21X92%$n5^@fLAL=fO+=L3Mdo<9J$
zQaRgblRid(!7yd8TAv>g-2~wCUwhywM+`ot-~|W9ydPk7f2zA^SGy(2HdZ{TSWu6&
z_y#?oxd*t;dasoU4h2N(5`lt<3m^zoG{&#~4l%yE=~`u0cy4g)s=u;MM}nFC5TtoD
zV)*`q3jZ=ZLaE&6jgJ&%jBogd9J`;vS{klAfr((>>S<(@OuerNsNVJR6bSIJA3uUS
zJ5953I1}yJ6AH%?pGUck1oe8c1ur=6MhqSGwWdUbFPM7)<v5Y3%HNL#;pco>6$&&E
zt6~ml3&tnwm9RL$Y4NxY7Z{3wevRhsxwFQP6S_KQsCgc+Ww_*Oehcxc2dN4!QCeS$
zVtWAvs_QD@PfRwr4Rx;YLTTCj#oynoD^|cFMbQT3;Ct3ku3i^Wq(JHv{PIB7!?pnv
zQm<g@z&CGr41aW)+nz7D7yRSu7{0Qx1j!jIbM(s%s{Dx5;rkxc5r?j9VXBz0!jUCV
zIQi{-Is*v?%H+V=_AD&S1sRk2GayLV!*J|pX+vS%*_v0tjL)c6rZeH6?-C{mkc#EZ
zvd~_`5_t&@P9HK4MCz!6Na|3gI-FOu$N*#!-v0a>OeAJaf2*1#X{=vj^5wWE;{{1@
z7(0e_Qs+!K+X|XeA$5_&Q$qtT3ssmwM7>_x&pgWjG!(}1>DLhrmtQZ7Js;oCYT*%^
zPaA#C2u^C*TjY=OzI|MFfYW;30pP!wbICQBruQWWkQ<A*UE9^4n{-;&c6ps`Ra^7U
zYc{J&SND(Q@Vp5qa7tZ{EQ4lbDLqCfo=-G!5#=acweyl%YV-rrJD=mnSSXp%U4rDt
zW*z@Z0tlCFsXT_>S!e;Nk13)`!<(*x-uFfGn8JsNW3Bj6QlFt-g`M%TH=nUFCK}HH
zN&?%FHS1Lz9eD&eL9iUP*o9X7oso}i*jXk<i}XB!$4Y`!vwnLlz%B`=A&(a+q3_~8
zIowmZ9qU#n9mhTW!p+_)Sr_3adqp|`=`A<vaI>a&!HDR|u1#{2M@vp09h_I93$55$
zvj*Ykxl9)~1*+N?qz>l4;eJR&ZlP3P3&%!}Am#gxt0g$&Zv@^$kV8r8%Y*1T3ew$U
z4dl7^6^P0pTpXM)53+Lu-7s+b$5fY#YIt+s&?#lyLZUuA;ZR~<@dz3Gg5A;9k77TI
zh$>200&#%;2&_bFe2OeP6DT<$VonG$t$-u>2P&$C<VG+I=srLY#)S1caTB!p6%?>I
zAi1VXaG?)w+OsW=X$*G9wCz#h&C-`>zTp1?2j9w8x;XIAv&g8Ej%|7D<}JBuKJ?kC
zshdPwhrpt1lBhU<MmLIBz8WA;bW5itxm98)5{t<0l6|@6Kdk%?og&pm%^V(P#nS3<
zTMDS9CUoWk6;?%l?1q{Tl+?pMci^~cyGRAs<yHD}V!yeDG9380D6}jCduMUWO!|5g
z3GmZFu#gGL>MH>a5~3CIH=|+TK|2zZO9Md^AeNz=mPFmqx=NJoc)*jJo-7<htwaQ%
zpT~NQnai4{uuSDkH`2E!2xEJm3TOqbexU^es!|3l280DG5a(*3?SQ2z5RB6<<>Nx|
z3KH&`E|F!d;`O|)+i1?QlW_S~fex<`sF0M(y?yWrgq54~=iFGZ#D6LoCJVwp?&7l<
z8bu02sKj_mwawgu08bhG)w3U2=IAOFGd!Czb9(x90A^Evf*QdR&#$sVZ9MhGrO|~>
z^c~Bq-(*PFRkG*nm)y?UGBb<$@-?Uu^Uf{}*4`KS%ITLbhx0}x+*hZ+F^;x_PpP_k
z5|B${I0r>(ye6e7!z{5_u~5j;WGpf9P?xsjan5r!z|=?<fuGL6-6@tGrS6ZfoqLuW
z@l{mQRRJX>?K+xAuPP-w7}gg%8@n6f<sQ)Y0!9UDov^t~gF|F44(#NoKN=-`zK*Ck
zN|sox){1)rM?Vn#ef%{J^tn_cmt3n_sOduo*7Om41H>&>n1C|*<qyiF0fFls7GI`K
za<=$XqSx8d>Y(*|jzq!Q?k7ZCA`H6bZ$j0%c-H`;^IO8K6#6su{cq(srq_Qc$9X8|
z7%;il?aco}sW6lfQYushe(PT(<tam+YE>P8OTw(<*SoC}!F0+1LFcDZ@BbU^zyEub
z>MbCz^iMu70radf{}!wK7n;$(#VY^L#VY^r87!nf`8WOe-#q~TKlT8eR#k9lnv4kd
zT)Gjx6{t16ixZv_8g_P;wA#F`lk3m&3YEi$Xk-Kh@y;&#B|c03#B>k&oX!D+#h7@?
zO2ROB#G3@X&oM5$@~bJh^5^IZ-+jywjKz9~n2PuHrOR-z|NZ)sYu{CPRI3mFtGz3a
zhjMNIHOMj=TE<diOJ%80S|-~}NkzvNS+cjGEK_#FXsG6(sPk4FLL#!OlsylVs8F32
zLX3T14q0dL-lNm>Je~KP_kH{Q`Fs5}pK(3k`+HyC?|og@jnCl0RL09V@YPz|GK?-~
ze)~3vGZPiYzuO>!UroMrL1w$hj23BB0bAK10MI!&_B*IM*>ArO06^Clfu5jo0eU)H
zAAMbDaYYMbDAn{`C6)uGv<UVN38u3&9}%R_xEc`%unLe^Iz)z1)Dec!p!mv5uWP!P
zP&xRR&_D6Q;XCVHUzN=~*0uANQjb%YC_dvxii8rUp9}G8J9UrQFzkhB$4>LGv-Nd9
zxp&TM;`-YKaABI-6~Zxv0iyV1P26wvE!Zs~LGVD5C(14D9`ici*T@nmQOuH)T=t7h
zC27*VLz_wRlY)!u1um}Vf?O|#xE7!6DsJ0APYk;cB}Q*uFPQl2OCM^8CN3-u`;8d!
zJQRkSB;5<&#KE&+T%9Bx)cyE8<6*n1B4-PWFD7`J4;$B;a#FO5s;&0e`NaPvkwa}p
zl@<)68nMNk7cb`gPx6uRNR1DY@yRqR#iPp>U`Zx2dbt6;DTNhZ-QY*n-ueKku?<^e
zu-@Nmypsf0D9NR1V~+!f<BLuoLGhCDt4)w*$MOue8Ht*6@QNXsp|-2PJotyXW2K|%
zSNXpru^(M<_fB>il-QuUsD?X==IQdb`WOi*UD$ajQ7MBHHMOYOeWYfmQM*aiIZg3R
zKPs<KzG<G|ybMfT=nX%hH*B(wV+0iK*a;-HA~rQ(r$09E7t~zY2J&?fqA5ND5YMiv
zTsWoF%7d9C$)}hhGO|ek*i$K+gXcrlZlud>I4PG?7xwBNqGs^D6D1weu`%J)omOs4
zUqi~ZN(S<ze^;GGxY(K<M{4$-`yAt{UA|`ikIF0QmgXeR(uVDYnzRbg`;@wmV+2sP
zs*%*Z*oE^LX9Isht&we@(F#e-k;?$$^4H1-T=r8IA|qz2fjw=kzu}>1c{FXk7Y4R*
z*aTxl#Sp%y%(xj=lmgUvwWvlJKkm2t`m*8WNLMMMP_&{<PE;!|TeD|K%`*5qA(=8a
zvfGc!tJ!?`&9-S8d@l#&*z^oTIYvO^!mc5y^|Prx{dd&z*am95sEJD#0}$e0OD%9&
z^if1cGUY*yE-Ltj$AfVeqFuipSE9B_D+y6Cq>b#LEm$voPD7)t!Y3b(-7gY?bkz}V
z(Dp1jQBQ<$K(ou=X|}4Gs!jPc+5DsO`hz2Sa#RSumk0wky@Zt<BmCQr{1?=mxPXD^
zXfob(E9lLtUwX3=3ApUfJy#Orb@tm<(YW6vF$xOc&pXWm_9H3=@%EGRR*L;GoW{r6
zNIF=x^UCIB=CISV6qUiphwFd9i3*Uy1I@&&;QQpu+<29X#wr>r{84#7gCqKqAq7_#
z7ssZjwSi*<Ws>~<?+lLy)K&sJ{n5GqHMQ5v*ai{>o%9&!%%{F|=Kp*WIDFW9tUq)5
zGNNLfCkC?TmL1=Q8}{7dy2es48-9AY%~pVU>g2a5twqfq!}lp{p)bvgnel4!_)&TL
z+HQv3EGPUi<Shz=S7Xx))Z_kdMm@HjzNdD3Iom+W;Jp0jlR(6JK`Sp<x3!YR@FQjc
z3+|2XX$Nz9yrn|oir>09u_v@pf;8!1&x5}iSauWsCVAtDnz&`HH7X5-jT1Kc6)0M}
zql??Woc5qjNleJc3j3ZgbKg=uV4j4W!o}tWs-N+n<YRX>_C%cu1~nsu=W$ffafkl_
z2EKOjy)<ff+5GQbWaZaWT6gb+6|94cac>K-V4qT`=)*}8Nxf1lh)UN=wCv#Gr++BY
zn9T`lpgV*=m4Smt7%*}*aoiYYJn>7c$6^PW^<$MK)Wu9W%x0QI??awa{$_)m`uUFV
zV%Is*g$Y;6jQ7m_vW~HUto;n5E}HauKCaq%2@GL=HhVW&bfanEG9CDAOSDgeKB?!&
z<is~SN1<^y6>V+hNCkuUbFruk)NaDUe13ObTvP2U_m*AmhONpPktg9Bl+L{b(V6+N
zazgH@KFMY7Pi96&O6ZBG2T&sF*jqui9mad>gXTOu7UoO4honYg?GE=c_8>M;B|AEk
zq+T0B*7xxD{}8||lS9!246gu$_FGWf$G3zXhLVKSTFIZ=x?VXRsY~aB=Zo*%3g5}D
zPdiUcPfWyicM0WiW3U!H7_4v)HwHZB60bRzuGyqqR+x21pctu*^r-YFgWvs%;?@yt
z=SPo^4-A0u1#A7s!})J-rY^9^^G-D>yAMg3{NABFl77o_1>*e5ud0sKX(=XW1Rj{(
zwJ<)?9q3>CctKmi`_y%tr*Z{HLH>2)TIezf>t6M`W%x!%xb4VkeR8ISCHbK%R1%R#
z(n(aLR`Dkd%2j%ZRbSk4*?g1EjE~Pnz16Y@V{%@Ga$}CfrwQXOoYK-6o*ir{1<FkJ
z)QSi0>%LU66rPZ5YkOvripTBIp)$jmw}knIT9L6EL!D@K33JL^6=g3~`-Y>_dWVMe
zPp^DuQ<Y<swSs<&xK+x0&H6lRGuv<@D-?NT?Y*d;_2luc4t0Hu#8^j<9mSR6JK;et
zS+!x%v(q^wZpeSZ6U+gM1b(j2J-v-?l(?2I5}~xI&1`l?W3EGce0*)9_Knm%h}6{x
zH(=I|4LoQyTyT0aH+<sZIXS(CzG@R*^<6t~>l1k+%Ni+LYEE2(mN)>&mNK9GnE|`_
z9X@V7Hb#W)j?N3!tmoJn2_a+>bK{AW1N0st_q#qjJ#(tYmR)NNT-Y}Eit(^k*XPcK
zxCjleTn`gE6-sP>MdU;8RZVaz9w>L5iY?P1H#WOz(}uU%mIWs4{3XEd_n7PJU~~8q
zs_pG2=?Bc|m(5f2bIfjL6k)r25Md})u!>LpV}(K0snQVi(h*WYuDnKL#Hzz-uWKrm
zeFB}_GkhmMXLQfckz+l2e0H<EXA}L%ioOlE@$lOokqU)?LqwYzFJ7Y*9Q@XEZRJZT
zip#FhW=eiV<>jnZ!=A&QF8baLpzHaEw&z53TzG8VD^R=r?ttIy`>0w`!}vV1T0pf;
zpW~GFi?s%?wDK0Zgx8hTR(1bUY4{7=vjOcWzo1J^eF<a*>jLtW*=!zUHB>AzX1jcD
zAj><X8vMV+r~;g%wcA|<bqT+Z_C0=@cK%>SRyJmN?K0qVcmBE7^V#^0zC)BK?fK7P
zRgqFDQlD6Ka=gZL%x2$dzfmS*3Tj;%#LJQx_2Im@%^HDna_mwKlYBpQ`s}hkv8-^o
zvg6#Qi4o7v!jL#o9o!>eq0<Du86kV$ntru}ca)je8_z~cYMz!1n6zBGx4G1#=U4)b
zrCMrZ5=%><h1;o>2~nh2TGN5OJS@#oux7}7ep~y5b8E*GeWYsn>|8Zd^;Rjl{u0_f
zXra_^yj!1H_xq%%?1EBWWNkU|4C#ew&rGy(DJbPp_r|=K`Ma=!wE<z&?C_S!IZZ#a
zDY5vb$nG3j)%`{J=4u;ZUVt90EV#AY#b&mbsP5>vz13=~#x~ZIi<H?J#Sym#;-IE5
zeh_@FbOp3&?lm^Xs*-u_^CN<W)biS_9jX{d<#^4r&vf+>m%QsxUB-0VbJf)4TUsm|
zy+4=E)xX^2<L{$3#wxFSc`@%O5a7Mk1*+)Kcu`%>orHk-NA4Kwj;F7o!K~~`bpC1l
zdN{u|D74*6L!~CcNnQZd3fYga>RwiIP|U~2iymjMQ^xzg`7j$yr@j?2eRv%{yA-2B
zl-qq$u@i#vvOXA0Ug{d$udSAzg$e!OqBP;?%{am=$sXVIF}@^FqhqhoEv=+G3h-iv
zSE7~++xM@`7j==c%M>4sYxOg(ezRdImA)Zj%@wNo99Z8#EBCg9#6as&HE)Yt&&*^B
z+@zW7RHlyw4gdN~Byu9MWW<3qYv0q1E<QWXjmgmH;>sEB@p84Pg@Uu*q|?lO)6?s-
z#9$?`-khOlR~(t(LOMa|nV2XG-Xx084AvMGpxoY+;GfK7rKcP)FZ9%bPbQ<f{DLXG
zLq2%5ZFrT28C~7?^QX8mk93;+W%ra5r-<eScji<pQ2KC|!cIIX+QH>-%ImCMJkL-3
zd>(S(PAMTv%Zv5C=n?P3M5(x&StRSidL4DGd@cbe7Pl3w;m2ho#JtIaq4`PR$<ph=
zGdc%~=ri550^!@?%t#^JlQga*)n&ZP)ZMT4jJY3S<TkrKdvWbNBX^iOetET6bXquE
zy<OV&wkj%W1EbW~@}r|R0yu%u?ky7hyqE#W-R}=xyY{gN4nNw*e|aO1dTW1g4V~Bf
z^gsg^xHrahSe&0{f6@4Jxl0?fT|cIW248~D45VaK5`TH`gh95L1WrOsGm?r1;$Ex_
zJ0R--9rOv3AzxxTbJ<1Z;N(*f+zv?R4puI-97$TWpEm+(_qPs)+Frz`UK6%YE-uT|
zq|fDXJ^7I13q9B005|jn;wRA=a>f+{F^T8`Z*5~DLs-Ym)v%-?LF`3To}=&k46|GC
z6x8e5yIZU5b~rbxwl(1M87$s<#zbX>#7}|~QM-@p5#F1_Wo(wGS{j#kCO<D<d(yHa
z7K?vpq*3r}pNq=Y)rKC>y8_c#ICR1VXwQoB&d%rMh86wkW&Bk7k#P6Ad^x2C)e?n=
zUb*(qKb)o^4g-a%b02EaA<N+iH7jfrp|&I~1=V%I;wF=UXsq6#`o*(wHm2BnE0@+N
zZaZ`M{m4+t>Q(rF&yN15a4H^+2Nt}o;Y_%-9z%nI4wFwK=Ok=ij-zoA-OlRL#(4Yw
zHvwd&3-Hi00=VlExb1$m8S}|!K;Uqn&DD*YEzWtiK1Rd493+DZ-xi`1jww|1$OkuP
zE3qmsi|BQ$l?X~`bJ$N-perKsb^KxIW~cePttF5{TJw!8^*f!6pOv~^OvnBFZD}f<
zJEH&5oUu)fLqr1PLZv_QUs>8-W@Z=_4ilIm%f~0Kg_>n3@L)nV*WWc+a@HnZp&oW}
zpra_%rAH?Y4G7@$cp^`iE@{6Pj}e745&!{MBXb1>lEuY|A}rR_I^VHoVkM``7R;l9
zLk1Rb20^?inzK|ATp|zzp@4x=+YiBA4jf2z25;v@8p9O=_ZfR|0dQCvv*CM?Jn(j7
zl{~B#u_JPcL`LqC+Lhmf93?VThK?gDF9^4gmL^%8KgItYh{_geQuO3jJy<niM{E`r
z#&0G*M5qlwqD6%9KQYB%IbM8D1YGDvZd>mC4&)~=R-^=8{+6sSSwjN{pkHr>cPh5B
zDd0B=Z?*QriwHYYJfMN|INgNb_Snn31#kZ^-3T%Nm+t?s?xrsAvSgE{y0j~0mVhr^
M9fN(@d+me&32Kyvwg3PC

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/password_set.png b/login/apps/login/screenshots/password_set.png
new file mode 100644
index 0000000000000000000000000000000000000000..15b5ff49ad5b7d5e3e9e1efe9ceed5a7337e72c6
GIT binary patch
literal 153578
zcmeFZbySq?7B)@{Fn}P4fFLn+gObvNNJuN)h|($D3?QO(cPUaLA>C!rUD7DsARWVe
z58(SA@x13--}(LbTkEhE%)^uW-uK?uzV^QNGq05tq;RlEv5=6Ea2`rOc#MPu0wW=z
zvx3oqJwbvE1V~6&AI!wXl^%+VLzL`njLj^KkdUNb$HZYMDK8Vj5bguw_aEMWN8lDU
zg(8jl22Cj(m-qe+NHpGk-#{Gv=V-&efnYU<n71=pNSfHxf&LOjhPvSrVw%L*yed;@
zFN<nyrrdYBI}>&$?R&htj}TRe&MKtvm@32Pq#v$9tEHJScMgm{fBt&c)(;7l8yQUl
z=_xyhY$p~D4*Dy(@rI57ccjFk3N{8i_{j-^nb|{(=sFVP&F>&DA`bHJ%CG9@Uei5B
zQaZtJXnLIM;yaF)^)MVAe<NY$9TP?B%!`MTer@ru?(jBqBW=;Lt4D&6Ui%!9jMmc9
zUT?#GavNWt@xDfIk(8SoI_39Sa1!<1S7F={X$f0#LJz$=5+FTo^Ym@5<{VMJ2l&RX
z2P!)dJ+p_?k*V}a1y6z*nKW<Uz0|<6GZxMz5wjzr>%>klrt;?Wii|Qsju`0dFl>?M
zN?RqM)lcH(a7iTa_abwpU}7*#MANMQKET=rjvA4PF47$6jOiSV$&_q|x1odzc`MjG
z*yT3C&RCGQS2K6%mAj_B5!c#02giPJHpS%#pL192IqvZCCp*$IvwHyZ*qlf>L!%y+
z>;7=d)yBgoY*S9|osb^uUhK$?Z2$IIG_x~1Z#Ab%kNlfQ5R>7T?LBw=Z{HH=g5hvN
zN#EXRL~3e{x{ma?iF5h0<TsKZ^EaM6E{<-xZygV7!r%U2%(Z5@Murq$S*V=$N$_}1
z_{GwQiHEBql5H3{C8em~EVg9#>>vc`^LLW8hipi5J4iaZJy8#fvpu4mF;QPZF?(SG
zy~yZ|H#JZMXFwA$;w>~E2<QP!qv+Nalv7$tKp#uZw=5m$rVpC|1|!BvqnHv}s1HFp
zeli+y6QM1tgHO#2{t_DM4B;(g%EntDv3swsJ)&}yCg${Ig$TaFbcNO{-MNYW<^HzP
z4O-u4y)vfcDxetXd@phi=`o1_s_u&dvB_T4oa>~%Q}^`^Zp!(Z74ceL)BYqEkA~5N
zzeRlyv-^epjE4(>4!U}?)OYklY7f+U?1SdQnMXIFOzBIE!qIeruMIQqD?QJ75Dh9L
zRei-Qq55`3sVm26&`O2F{MH^xh=g+AwNkn<9CBFbgPq=lrJ*H52mWfTNtm_xwB*4X
zsov?k&w`1*qRa+<H!!^OFg`OLMUH9V&I0!W=K{Mi(hhRam;R6R8YY%VyhKU9x;|`Q
zH=2f@Y8Op@^IBuX4Nz{;oSAq|b&p*kkfm|Gnf!}x<76|=jL3Jwt!fv+T1pXIj^@Sh
zvfDg|JBQkb#D{l%Ih$V1$bhM~Fgq}lFay9{FOps$H{W{XZ+hQ>K@v~-mBnkL&jLS;
zemwmlh=zvdiAL;ygmvFv$Dh-G7E7J*_@+n{Bdz_7q|$I&8Y^mYs<Lp3@TrKlXHScX
z`9oRhY^c?vI3m&_MVTHG=HKKG^!UOPNEnC{SaDOI1wT4CT0<r%#x7bWMuB-!g;b56
z@it3IOjUbc3`=wm<Fq=3>YMl9-oMCsmv=L7Fh@t3<lPM8*PHrSX_1Qj(p3+Zv)|^R
ztMJB1=}HMdsFNd4e_}?@jmze*_CQc_^<7BLV-<3h43)TCwVYJt^~{W=uMW7vA@vDf
zzFuKxMzQ;>!>mmoLP}PQClmJ`$t!os%BQR4s1-V?uLlW;PpS*6dgi%h924M_zO4G{
z5t2#j&ckkT&7z-slG`=WKaqi((!5D)LF<VYODV3oqiKlws_BVEP?@utem}+Vn^l+P
zcT1Kd{DoZaWQX>830JH~>e5dl-?SUt?Z0Id%=`6KYOEeCRc;fempv6<|Jv)FSE^Ut
z83F2B<N-*ZL5)~m)2lZH-*rC4yexZpJp?Q%m+>qkMRHw|GDJQ&BZTi3AL;ePoCI4r
zJ2`WCilj(+VR<fj7WvKiCtdNzxyJ6D)tyi5rFNd}VC^Ik75PW`_Zo&t99VW*#*Mxm
zjVamGj%3x09gQuE^;C1nGsqLllgt|#emVSnSUZ0_zhV5|*t=1(V%KM~A8|^%O03E~
zEljLiO7e<oo+_3fl;}U5euntk)GRhrH1eh;V&&e*bHAr~vwRFD46l__2Et3;*w^k@
zFP_Meaz$%))~@(I-*(cRwHux<$&1Px+<UQ_W*uvtYt3WrXD_z^ULZ>x*euxWb`+hN
zT5Z~Tb?|MoZ#8$ZZSTXb$AZz!mji*dJzt}*GEc~j>h{aGV_nkr&sv>~3Jog`(>+c-
zu{;Glnd&3z=j#>WyYR?UbGYOwIb8j)0%U;Vi&Bn0v1n@Vl5E~Boo+w#zOfwgSjk1n
zwYS7z$Kavuj*g4<%!HLaWe-;(L*mFSl>7In#_y-TNPJ=Z@{E&GP}ITe%jx2i@+T~x
z#y;hKmu<Fa7Jc9%Wf|&n(~OiU$TH+{pw=x_^1Zub4Ar#Nd|w5ORXam8LNuOODwDCZ
zGjG^VETK%J2@+jnb<oi$+M1${lIS4P)&B7Dp4E00os4Xytiso)KQd-5el*yLSH?{A
zffSlIUf@$CRYV;GZho2Wro2&!Ed%1XF-ahM10!l8s+<mo&YeDv{yO$(v)%WkXjrr-
z6Q#2F<FI$3*%H}9*|P()13j-8->N*)eyQ-aIN185e<gGxX*scq#{R(#TK;4-Ber()
z$o}xA9C2f2ZI0EB{nmokvr=yJ<u)Vcjt3nAu}K`$m8TM+`rV2wy(}&)TIwtLIyJ>M
zgcd_SL%l06hVm`04bK&lwC?rfYsu;)Rqu}oCDlgO9<06{;aRj;TwFLPJkZzIPS=1i
zRW>wPeX6JI6$N`QO_(-3ANjiJf7-k%!7Gs|p&#V>WyHG_{&B5kTmE&D0H2`MR1I2<
zMCtsLT2H<z9Wxz29ejMj+TvUHH@!+YJd{qbAVwg1WBlO+)A*=1k<M^whwVtLu6{>U
z$EKQ#`rzj9Sl#o37U5IjihZ~B{PFC%LeuFucr#oW<McYW3aNT5#b=66k;7A^!8iM9
z@uI4f!}oL?4#)BPBBtIKy)QRkTv;K_PwXnQ&Hv!EwA7rT+u{+*Go(38o|8R7OpeiF
z)S`bzhS;ei5M$6%<Ww9^;S?x4;oft2f;w1K`{do-s*e>+<+&$vGYP}S6$=9m8gRS0
z4^yLo_U{*Y(-=~FL`A)*7Mo3jDvb^e`@ftG)8&V;f6=KP;BCm?vFn}BQ$H=xF*hmG
zuUzrkTjLqAFe%_F<eRds?(6;j?fJ2Ki@u_>fFtjOL;dLBeE-mdaQ4Y5TaPxe&B;W)
zU4Z@K*GX6BnoWtR)vAUqFPrNPCR<`-etg$UC_{zYJ%e3!4j&vnTvpD{j%i4Mt4*&C
zx)=0h7tU%PmPo;C&(s@C;Af5y1pkriGWI0#ke`#ENx<pLYCU!r{w<kPbIZz^>oKBE
z4ZNP7D~g4pf|7=k=u^^D!3}I)*=HNA?g0n+8E-NaMc;YfI?*_M2v;65Sy<fX=+oB=
zW`hTwXzh2cY404QZ-%uDw6uKD!F0B}38lhfphwx-2XiufMuD#1UkE@`-r0QzRYo91
zfzAjNyC$N3fS}}t^k1o+u#sBudAcR+XnF`}9=#xjt*_4u2%ji)FBAAmoN4Tz$o2YJ
z1=%%;J~Mxbkex=98c^q<9%jRdyAv_Ke!?*x0qAR>k;X$~d3hveU>l4CLMBB*1GbQX
zUlHWne{V}7Ga{j0>_<UD3NS+g{W?bh_&om!2Y%15x%@<pe2Ihs{C5NRbxBA0>ueA>
z9rdqmbXMRPl9;mi!-v49@>4q_BWrt88;2Ch6kT8krmeK5JrWWT-T5!_!^gB+!2Q3O
zsc1N8$jb>lwXtG<^32B2h~34?_WV9bLM{Tprj?Py6NrnIrM10)i!k-Y83Mre`ECws
z$i*oR7Q)mT@=6eK8#^NiFZ&(#JJcdr5C}xb?wPT`;|G$zE(iV-rZ#nOuod9oaCUZP
zcjjWZu`}Vg%g@ixafg$GlamcNgU#O6+Tn={o3%a7<xT#&&jTa-r*>wx4rVsikn{UK
zF|=`X5T>R+f6(7QmvS1pnEmTX*7m=K1q_hm{0PTg_B$MZ-y678=zOn$l9`K<rRD=O
zD?n$!Geqw4+`A)malyYG`qv|WyHw-1OYd-T{(k9ihyJ`&)!xWX+{OxcsDsGAChXV6
zzaRW{p%BOU*niW-rJ^tP0-6@V65{xK)<m%U@66x>6G>+FKv4zw1kCLG2bBo;!+7}#
zY$J0i3!aXPA|XMM9zGCLaY0_2#7Mp=LDcwN3jOXI>bKOlknJ0jyVr7a(hYGT=yLJM
zk6yoh3nW+QAT&&0#sv?z1u})Z&FsFA4?kp-d<YBl3MU75ch~kU<vD6THF!C%IVh?J
z*qFEEkEj+}4BC7%^;g1!A|Zo*|6@=_lp_W+C_6i?a=CH<I8O)}1;h>db1xnquovau
z_Clc0+kf6137HBCrTO>0D4^1-Qk)BQ2W1YDP6B};p@6UaK}H$-a~BHujxUV&-_Asl
zgfXFWqy9gNCW+UJ{<|hF6w?U4^95%7?{@})O;N9k1xVQl{wL9HA!ps{z4mW+h9Mza
z{h@o{-&<n;q&1qxo2ZG%f9L@Pj0Z`_xuTkjGid%vGy_n)A(ZR?QS%0%e-bSiN%@*7
z`o9et3i~I`2mh03FnohR<gR}oH29x155xawqmaA%Kcl#?=>HkTUzl+R<$p%;%d7rp
z6#qXliuYQ#b2Kwva+@mYuZ-leIIa#xXq8z!%unPw<Clk5HJ_%X-Rs3Y6rOR1Z6eoW
z98&zY0U0=G#2T>C`sm>w9ev6s8^;#a5X%}Pia3>xE$p4XEklniiT5lrcW%#dWiYmE
z#FEj1SLf+`1bo`r8>b_)0pSvj)k|S|ecyZ9^m-}Am>)tvAO?=+jnhDR>a}(99l^VG
z(sa<Y0{1lVA|PTr6DMNTV(o~H`EXh{qY8n-An6*89HjXr<sa(QK1CDsHV#Kd5*Bx!
zHq31j7Ee5A=tMC75hjelOGs;p3u$9z=F%x+JnvGE8c1?d9uu+Z&^Ey9?--F|)4$Yc
zctTU1l9xj_$diFStZ$>6t6mXm3b2TLbkLbr_5CxQY7fE`!T^aY0pzD_y4Pf4v1A?T
z)UMUKvl&7*o8pwSA-)eZEF}+XY|iP7+mj3R!5OiclPEv^s27CLqVi^?x}%hkhT3xf
zw_EuPNkRQUIIAO^#2*gYELx{K;$-^@8`^F}Wx$%jzN-D`+|!McAtP~#W#(?{kF)Vu
zPwlJtVhm!E@i4B6q(*?8;#Q>QmpFA3R5v$IFTG{oR~SrthbS1Lfz|+$=bM18B$}aV
zImk5mik{IoG%_EO-J|_Ix_?MTNz67_=P`HX$5Js^?l<Bznc~P}c<DF<0<#9UyDZbu
z>WtIUa?@y?@oHiO5#y8PTyqZfxk8J+p^(yQWIticwTirDj*v^U-qPMiagQ3>;6e74
zIc;?`Z~7|Fdq;{Jr?<3mn&@tR`i&$0o4*SI38zjUz#+}A;$&!AtCGmuQ$a-mF?G?5
z`tRM&rvWVLlVIzQhS;d^JDS$}p;w+A%~B*;mq`EoP1|*ojahcB-GI~M@y+?+wh<gK
zo=QK1_JELV#wh)5SE+$_FB%eZ(QaPlXg;bO=^0=LZlBQI)T05NC>n({yP{)46j01=
z0-sKX54WDT?xt%}P$vQQnNIucHI~<@pRN)iBdozf?EzZ056gQaUJ3fFL5RbW&h?!=
z`SW|U9S>lu#Y+!zVBZo}dbmc0{ugFk@S|6BMNMO6nUW!d#irY7dF$N3us<dSo=D2e
z+cj4^uC(fRsI}hT(GbVFqAeJ72w$T^XurrSg|yfq!FBHY#L!Me00_*SE6h7y`Fik!
zrZQ3DGMe|@y7b6F{%cn*##4l5lYAIT&tlcD*D>x+y<PY?)k*@E9x2khki^ULN%g@3
z$Eh~=Ln^c@qC(SGz#ly3-n0g5+Q099t@<MY50XQ>wve<!aLv565L-r0vQtKYF+l7$
zI|pv?icV=@qF2{@UCVf!6a+SW{qd1Mnghs3M7<=Z@?G;uI`tLdU{E`hkdfT=^<;cd
z8%c=?%?uj2v*+zJCSEV(3a#~d&j^L3KcPXdRlnb{Yme9Y6eLDxY7f3Lxe#|`96ZyF
z%I1VQNUL5L=|{9vGEgw&mHgM2S3m=riN&oKaDFJ~1%1m+KN;u(-jx$zegGkjH=OD9
z_@Pb*#hVUf!~dP%`lwO?)D%f9vsBOyPX&t$<Ej#vS%Fc=;rf!yL2`<y2%mz({UGQ!
zlCD}&o)YX*fQ5=?p#|Hg_yn(+e=woP%ydy*9rzlWn!??9E9NBJ33D~`K?Z2}mXuy1
zYCkq!Jk9n^zZX@b!dFzPB<3@S<g@W?59<anV+NmI>suMYplR9sVfdi!<!?8x%yQ0y
zbB#6R+h&DAdhf&12YtNlAw@qiBQq86<}`tQ$#ROZuc{c+Cx#z<isVCKw1;`)jxXf3
z8sXXiE?zttDC^D_NaJ_3tHNZ0`m=8>E#pIS9#cNv6H16_LKgN0l-8pdQ6l-9=>QN3
z5rC$TG`N8<Z;6FVYb)a5E>Uqqp}4*eibk2P+%%j3nFDHIh|J|n2HLmY5tW9*8qaF&
z_XU`ty@P8hWFUSTW2r0i2@OSiYmaw`K?R+W-Qr^L$wBgI6Ehf7##g-CDiaxUb#mKp
zv<iKJ_5ky1<caI*ki0tsi&yPRig<S?Oyn8+6)*Xz1OekM-Slg9fzGwpMi>N&b&Ixl
zBBR*h&5<RMQ(wvL_z8NEeD=q&ylJ7~T!TZ-QhiOxd!|#tWS~5onwj?BWk?qQg8(Jd
z`bVImQ>&{5bg&$dk%%d=KjOU|O$Y&=!W(HBbOjYv%AxHyQH5Qeu|j}?P?|Y)3k@_}
zSq%lmKmW|+sw(KP@F1q&7~iUEzfObdkuyIqV>6Gu4@f)|(Dmha8-=D~x*(%)K@DCm
zK(=JZU_PaUXR$+P3^ZW7eSEDxB=59gW;?t?#?uGC%_B1CeHK&;7e%=1LMQKCA895N
zBKxuywNDKOq95MY%ByW5OXO8i(fQHPp?Jl#kbIbF!+8PCvvCsPRTX3DKK!EKk0kbG
zg4$fO4+)`b5km~Qvl`^Z0G-*{BDiYCGAJN$t5|r(zNrMNL)aS$U^uT5CVw9d5(*}!
zDGX}gLO8|`-qkQeMekRmb&!my(U!!U>lD0+4`z$>gP8QLfv?<I`T>L!!-s;2jUv39
zI$|exE#(HJ^|cElY5K{ve8WI7h4fL(tHv1*odae<>zNQR6NZawB!cwNaDsUyZs-At
zmIMsK(7Oh@`UE*3UFQee^;X{RLz;YQN(gK>cCudu0T5a(k`KwPI~fyXAh#RA5b3Rq
zobDQ23Do;RZbksibf<AFUWt==e$cPLsoQ4Tuu{UI)K^UC{6}DMe4pO86wOJ724jkk
z?uPMqV)6@Kg)TeR@aKU(6bu)`Z81?kssZeXU`Ocz#PFj;Nk|<HAzT3%!`vTZX#EJI
zgfJ%a3rY$BZWDU6W8{pFkG$HytBZrTw8Oo4*S9h9JKYsMDLI0;q3Q5)lqf$){)zrs
z;Cp*2LLmZ4JQY0lGOc8w!l|7362KSLP`WEtlKvii$Pd0HrlcwoVeU%t90eqIHz$^o
zjUnWBhsX;70NkbX2`;H1vM(9r4-hkm0ek=g4fjL8#c_@>WJ)D}pd8gX!r0;51WbbJ
z`;cJ;@R&J>23sNu@$26oGo*F_;;mw{Aq0>+{9rlS_ph>V%{3<JUNyZcVxT$!2vYh!
z9vQ`+Hq|g3)!OMQr=kVOFAT}&X$ck@hJ(!;)#`6=N54*8>aH(o<*E;JqL4y*C!V8y
zw8LBCj}O_&8O%|HHEz#d1FRpoHuD^T?%h`=ziMbIkQ%@wm_gthaOnH#Zt*^(I#}=f
z{tGO`QobgHes<Lu-X}wyl&|gXV&bV(U4K55ssva)0|8*f218!=$*$h~6%8Oh6Z-S9
zha}@K-Xd2UnZ{5;daGFHAdG&I6<3W}mGL}2Hspr`(6^<WGaLZe@vheWJQ-9#$vMN6
zTnu5qE7_F;ii;wNcaQhyD^sXx7%;dfzs3h|16=~eqyr?b8izSJn*R$_@h;mubS&`w
zbHJjoQw^2GDr1I<!Fcg9v`jioEi6|rVaCLR7=V19x(8E2AQ(P0JVU=jF_I4m?ZQrd
za{%2<lp>>=vD^@<nRD&}qnONAUMO0*<Z2xdBId(skGJ%E;0N-rlYwku^qw`WaSn3F
zp9#HtX6*`M;z>UMR3~@W)=~omCPU7>;>chXOrSIh?7wYzdX5uhxqlp|J=bRE2Oj{!
zX>*cCYC>-V!w}QsLuJSPefr<mA)UL;%(qvw=m0rE0q6!Z`*R_RtD{8*MdF>CDoTq}
zj0CKa>@}@_=!A;Y6>)Fe0P3%>#*b!SuH%LKHAW=<VVu6_#_6RE$a+JidsVju2RI8-
zn1oCm@cXO|>0P*vt>x$Es33X_A0}Y@b6EmcFd{r0@M179^K2-fP}m=0ynlg&i~{V(
zx$6Z3ZWTKC$MG9Cw@`o^i&6b|a=d;(NEmmIBJAp*kWe0;S8D<PtZAo)8iYQGyf0<_
zp5{t`#{>)s0-gC*`U3-qMKjX!j#mr~B6dl&09i4a7xxN)X#gVDNEa+f{5SRbnEz$%
zKLFzb4E<)-t$TKVda^WNFMvrT5h0^ULH`g#^*#_!fC+qgOBBF16e;sRj$>j0Q9a5p
z9q_*YMh?K?0%gg<q^=GM$%pp5`U_Ztt`R=ujuiF7H#B@#P0Hs52#kjZv9;9NKKF0i
zcYjWDIt(3LI;{raFeqlnZ3Hj}fW5C8H-4e|O})@EVh9E@4d4dPC;kE~vZ_B_ffguc
z112FKgycg5`9lom3(oHIRQx~sIS^vo#FV7}J2|KyNqnITZOOQ5xiIJrpm2C@4F%`G
zLlg0?H{wqazYlPhbK}lGyg-r1e@?Oz6csdP!vZ+7Z@X*V>IK%!IdaYX_#I8t$FRfw
zfO>Xl$iMLAA3XNbr?UW;#t*-0+0YogOLwOF`k&lc?;N-oY5zMpB68mTxY08E=xUgN
zLNI|Pi*svG*93t(BcvZMwf^ZRRF`;{r1qciE*%+Vy@C(`6|wo+DaVO(RQy>@V*C8}
z7^$?5)+z=pnzTrg@d1$>FTVLE>OXkwrB4q~LubI!S1mhT23P|*pFq6X|K!f+6anv?
zBK$XUNUJ=0{(5#h=PJlU!e3lMU3nfW3TQ!^mdW8C!0-a^<XQd`-d*Mw0H~zf>1_&F
zpQEDd<h9Cszr#?@KCtw49`0y>IC0Kco&@^*gU4R_v>86c7WD3_Wh>GBa_3k7(VYRB
z&JV_F`|sqSeV<eLdE4a=5XY0ge+hNtssPs6(?;GD_y;h&z`HEM|Acn{?LV<Xn}bLz
z@fSLi^8u*nTWgK3L-u>DQE^AM!@J|#_z@q7SC`3b<3D)prB9avZj18xs%7Wg_~p)@
z|C2j60vS6Q$p62SgZ_ppkSe(d{Q=@&TB=K^TW1Eaj{n9(Eb@N`!%IRr5cq%PH2_om
zZ)k%uP!;(HkG=G1t^cp|1t^yMkG}lDvi`61MFpC!SLeoQacsiGv)F@>*V-sjY!@K<
z6&cd)K$qYbOLPf-S3oB`1m@J7?Fp|REYugx9K&x(W~KE0>Dpf1u4metE~W)D*#05<
ztR&wlcTHK7t|f_ooy)8jvS<I=o|=x%yF=d_P8USP5lbT49m$X-#4t-QM^u(^neWU{
zUsxskddpxJK$FVp|DppvtZ2jfg%KVHL+)l}p_cA}9*2F|W~(grUsfm}@jJ6|k1G^X
zk|TPOd9>Xodi7JizYis^N0DDJfDd|?o>hMMyJzJ9EXNlsUG;H{4hHyiVE7RlvHr09
zlqZ75n^5$U!M~#WJ5t0F-_FGRe8EIRLJ5ID0i^@rJqI+0MM0g5<dfPRNXYUI(d9SS
zO?9BYwU+bpoT?THU|q)6b&<ch`>)tqd=p3?=``r9DF`9)$9v8{hsT$d@1G86*>}Ax
z?vs>%_UY^G)?sZMs=bxrz3ITyqY3Q7)&z2nP>-;f%P{o<?Hpqv6ZFM8K!JenR?<0{
zj9~_foR6zY1T<7&Gfe?sr7Ke5hMOh_yfv*jBf3l{8+B4&1!yQq7}T9tQ?@;)pcl-s
zk@zBl+h7x(lAL3pFV+oZ9Dw`V0+D?N7H2!80|K8aPgsw~{yaPkc=wS+6Hiq@-^Kr+
z)Gy~i<C2xbI4*0JfEymto^~ogF2cuXRWT2si16D$NUnM=XUI`?4R7gah-Uyt&($l^
zv<RXT%f=GHroGvnf%oYS>jfWv2b4PjLc)YYec}&rmdji%P_|eU#B*Vu%&fo|n;l-O
zcRIqLij~G)iI2C|rQTLyH5*O5XtQgZ7jDkeyethuE^-my^t&o+66f%b6nRrkE<x*j
z`Xtco$RU8a`dF4pV4L+Ba%q;Deq0V84qx^cZ4X=MbMr>Poz=2)PZD|HCD8&w#0aV+
zt1{Vkf%RSMVM_wDNw?dY&MA&_b=O5=eSJxo#^=o6sO4)F55*>RlrLy#ot-Sy{9HYq
zwktb{hSTChdQp?V)#p#}?e0fEUB3UYZMs+@kC%{CqG*}^c2ZAm!eFkh)Ud9zRi6}-
zLYf}qmj(`L!O#vYa<q^0L|sNZ!0$GtcWaMmPn1o=Nt03B;KjO5>jhW$WlfYF%(@7t
zuYNuyKUeq%C_4&hETUn3;r4v5-}TmeEuKd|=Q$@G#-v1q6kdvM*?tIO=71KB7YII_
z)|-5GJ?fRBAIPb1mXHw6oFN$&=i@x_w1M#Gcra?bV`f|?3Xva9_;Z^ft>bP>8il31
zOn{T!QRZUDu(lQchaG)Z-Ez5w&IFdpf>jodhU1qFV@D>Bkx_&{UZ3*nb12n*mogjf
zP8mG~x0cnWEc=l|b3G=nu(A~-t0j{nP?o_P;g3z+Cb;RzII_RQQsR|JUM26!vR6`9
z-x6bYza~Qh761F&v^@`kcSj53lym(oZmnTl-dHxxoaZ4J8v3ge1QhM09m>Y#FBqL#
zO;!^c4Gf^Cwm5iXPOUziKYeN*2<|-ZaGq9-da8J@!(qmosYFH-*_UF(DJGA7)9_6C
zu6Jg%a{Zy*doq*I3WKKRVC~fDBi5=a{hsK93d^z@R_+W4z2YsVll2;tcJ~CLufZv_
zx`i^6idj}2+G)>V>5h5%^Z5v&C?_mYIhJtY13^x!y1M(DKf*{H3(4$y&-Pb1^(`3A
zzKT?|7oAAOROued<FpFx9h#2Xep;Ff{Jy?-j}))ks<(Gb`_dccpuf^wNg%JubOw^8
zU*QuX>l26$cF3tiM-M$ac%n)1(ZOCmFxz>8l7frsDLe<MDb4$gNnakWHnvu7|JCi0
z&63hVe#NA6DJqHTTNDtn^E!K7VS~VI&Z`{wQZ?VSn_{Tw@|v7Yiykl#sN#<h^{m$Y
z@iG~H%007w%bH*XQbt#Y!J<|&bSA;}qV%Rj0s)8UqXt5gZ-(>c<RAM=P6*91#MP`L
zj$#z<j-E7TJQydrD0V}ff2A^sf72dmmGrmBz9agskDb01IDWMsI9l_D@5OOjR!Sx~
z9~IVY(^qZ!NKqdU5JFx}^nMs@^ud)VR4>%alAj9|+>Al4m?Av#Qh`CtKM}I1#Xp4`
zy&N2AyZ1qF6~5X#JMXRUNnRH8Z8Z`XZ@2zCY1QuAZnH)EA54qw-cv3tR`3mD<`!(l
zFhy;f!o%4x(M+{<t;apVoUJPD*u$oE+Q<4Fiz)8LbL_jf65VIw^cOqmlPqcFc_)<2
zlb*ip_}r%0;ZLkjuGe*8eZW%BIjzR+lFIu%0fM4|m~TMt6|6`6?1e9rTdfOSuXnE$
z64-dolzf-#-t8_z+qx<OkH#~1jMY<O*;w|Nt_m|6*;v+Xbu`fqY&_FR49Vcwag6EJ
zF2|8Tfm3)^{m8@Y5=ET-*@oVAZOghORvyt$nLx^^5Ky_dPi6f1)6=HOJ)B{E#jhfq
zI=jcsMk^!JZD$x2IECHj{L4r_=q}v71nj~#WOxY-KROf<Eb@HjH>M_NX_Bc(ms~&5
zTJBnnSd<o&3Lk^3j<Qy1{Llo3W{&mvve#wRm+sad9`2P!ppt^BcLP`FUNiM%4h}T-
z7Ez(r%?0h>9;4XfIy_F=Tpy~vKweuspmt*Hqz}|i$Zo2yzQ4%HHS&`%iGj*oo*ZNx
z$;atymiNw^4`suNOp70!9mmT>#YIj|JEHgYo6FR7sV58S2leLbhH>>5u?wZO_0?d|
zO$cIj%ZX&?R;l0yqpR)VOsS{S>Zl@xhpF7yaWM+Wjj!&L*&>>ckL`TK^$E5X3i}5x
zWu@PYD<HNJ`^Le94>7>IC9KCxp3$Frzh8GfLRnL;J#1FcyD#mYQt$OMcX56KoBetr
zZfsczVk{_Xzz)2m@={H3jo=9MDlXNNm2HXB**apac#$f?hZbQ#u5eH7<z!T%!6O2q
zjpCN3Gy2Pg4BMNRg@z=h%R<9>g5OE#0LnhkgTiB=<;cD{Z>HU{ofaprhsI=jL8nvg
znp{mXlQV`#KD!KL5odkqxe0MuT|dZ#w~=>vTK>qUtX&X3>z!KuwjJi~{AS(pSU?#D
zC74=n^(hWSm-UK278|>BASb@pF%}2c>j!W*79Gs3WDsZDC@C7SJnhBk*j0*EvqVEN
z?s%_7kMKw<&30?Hw5NY%b<t(wb*|O-bku{WhqF@e)}+Q;>Jb9;!?V|>J=T|J@T1QZ
z%BSa%5_WcUyd%;sm<R5qH}`s!ngcPlgy-+n;Tco770kftJF(f$=`>=CfPdxNE*1Py
z_FH}wuhZ`XrQN$b9QE`j$pdtmGAb~r6f^fYr=D+f4n8)e*KRJ^=zetc?9zR}s|U)>
zV!8t3(vlc!Hj1CNYr}0wSp7ChQ;XS?{M*5Jr<^BArDXVF@`=>C>~*~NR6Pw}h;-l4
z8C$cjH05l(H(wxV9m%C2c-LwmM0+islX+&8>8Vknu#@a4yN3vq%}b*4@$$^mgQ4ul
z!+Hik@#Hv<z?V%S8^4I++p9zo%8TsV#b?7#S-10e>=Ew0IgQOW6f>J=8gIlAj#w~V
zhfwc4@`EyU*D!_TbGG34H(RKd!<Hg<%?YMRIIa||i~8Uk{fUkl8ZJLG>+{6#9ei6V
zdyUtFL1ez`7Iq9i<Q1tHUMg?8GRSG{c}+Cea5g@fgGNoXqY>MOx_vFq_0{YBk}M8Y
zbEK|o+cD(FxoLHD@`>CEqeD-mQfSjWjwRZwi;0>?xD5w2s>-F(ir;ThT*ODYzYB+V
zzkFk*#k<I0@yLSCV`nD#83ClS*n)WHTh-vv!stZb0SBY`t*ZJ8uYuSz`l+5Ae9$Ne
zti^3ZPuXxF(=Ni}cNUxPq^OyVT>uzz&01l@c6qX`Om^whFS?INkbU(RJ(8RRj#V(_
z1(xCxjNKYZEx5Oc>(b!p6I9N)RiZ|^uGnd{i1*ynmIKjUSwe7M2Z08QqK!q$1{rsO
z7Yh$svrOwjHO~l^KCW()o>!nDx)&i(+J;aw|Mg!*2Qjru%V2<H-@`ta-@O-!A3jL%
zIP_>>jlX!-8X=>pKILnSK<sxo5AcpVEy5o}^&NfTfu>{r<ld>*jl{xxfTsA~4VFI7
ztKBAOBV@7TQfRYgpZ6{0=N7r^<Wg`baoY|@ZK7Jm2f`j<9)<l0&yi^PH8Zl~Ils;9
z`m~>3>_pse=ACNR(t>n9UI(N!D7#prL21!HFDhRan{N=d(nIf9?|RxDzCi$il>9hf
zys?Dsk^S^_(P}@B)3(K?0x+IOLhLuiw8nHr!&Zr^0&VrGm7lv4DA}p5KDE2;t5Z~*
z!pqRKYw3#M)~sukZZ*k+B71#d(}+8|`(uddDeF-F6<b%A2cwu&CH$!k>z$e<@;AEt
zP9?l9mXGgUR-w+l_4jfZkpDfO#hFXum{Q2geTd;`TCV%{Myr|BW5MXr*qrY>PAw`2
zQZUFUl9-A$vZo<5%6J@2@l~sXx~LF2ZTF)0)1JJ{Rl3DYOM%tw(PHJK{_Ybd^0Btw
z8taFy`oyv9+Og&A8-aui&jUYgcxyPwfG(Ioqwe1|4BHkR;e$&{94hg&9RjkY_h|c5
zB_TpPa~WpY_%UzJK7PF3PKA+)J5(O<DtrB1FyW(5!=J=3Q9x~IU~bV*Qk(V3`yf<L
zW*@J8uUyr<*v=%LA^mG!FSGqXHqqOLtux4WV@$cqD!YBL?rZKZ)LEGMzSO!lNUx?m
zj#7_(4xYMbv69yKMX(HkAO)-=T&>@af|JL$9Z2rYe2r#yBX;!*(a!uZfL2$N=j^)v
z_EV>0r7N!l*BG(K$s?^8awlOW<DMga4MiBF3aM$eP>4y;azvnLUtj2sVW~qyeM7?%
zJU9{8u0MCN-J-A|rWkMqMPU)G{YjIs=q?AD*9vTX#d~Vnt?o7=X+O`3jp&N|jB^#0
zq(@<BfQ2FX$PixEVbSBRuB{Z`tlZ1G{mwp{>#@0!8>g5`)|o^Qk?c;sGC@z~8mr-x
z>AHjPZ2B+-_v~%@e4{Fo8ym!c8bRPQ&p9ei<GDH!`z_^lZR>`LPDK7ajcg8MVlN=`
z9Fo-}R(KZw)A%Kt=YuQ}<^lG^B_#q1^IYwUg3g3((G#mp#~>@GD1f|Y=9^qJZb0X;
zFRPv_zb|5>qo8nz@;!2zG-`=XOo*&rCO4_uA!8Q^&{>RZVXK%P(-uf|G;d#MAVjch
zmnqcM$iW~9NKM!Ey&)mPx(r|RiJQa7cKKX(%Ce2dhsO_trg|!-y!1l_w?CYtqv;}|
zg;GS`{l)j8Nw>CEsjnES4JRwYeV-GY`lQ%bGKiTj0#}~iUj^}|_lP_17fCMi`E)n0
z`eYzURWb2lt1zXatc4qn(bd8?FzhT(xCVw-19RqlM`@V{KOB}|iNv{OeKL*9kwO6$
z@vUIc9ZVtk=lD`7oR!6Jvt3yINQF9I6+kJDIT;0TGWQft9zN>hXsRyOdqBrHxXx!Y
zDoMnuaZ4q{?eWV{)4oTb^Bl8?oZ}*`RSWsGzV`FS#roR63S|&%pPa>hi#;HFilRCY
zxmA^o@e(I;zlAd8XQ~r>#gvmG)0wAO`*DsxON~=R>LiDvJIm=S@kwAM9SCS$eB&xv
z@nlF{yln7It3y=qbX&#rh~TlZsJFKHNP$sdEPynR1X7(f+kt4smF-Dy@u3egzYe5v
zlDI;<mC=rD6{9j!Uhss{xz_@|P^lZ2FJ`Fa|0*~`|Asp|_ViD648c|UxZk`tOFa?w
z20oU3b_b<<XILpgdRyxOX7>Gi3P0Z<L~=WG(a9Brx@8@5GQev;zj{wc>@zr*s=F3q
z;#FdR9ipWhrY7gN#1S#W%ll0XqDLQ+N9JX`@BTE|yj>6>%dwKYKb2ndvQ55XBB6Xr
z|4rI=*&dNtUI{TNNa^Uw9e`pFOmiO|&1^OGZ&YUZ8hO4MKWK0bpWvT6i{5*LO$rl0
zOq9G+m=v&^=izHVY)O4J7VLOoB!m~M8R;lpUkh$r)Pu)EMt}pbB$yMpN1)D6j)gJ0
zM+EWMxaUmsoJOqGpA^^);s>-QTJQ!7LE~f#V_N9tUwicElkCl*dMa{t>pRUm{`?$m
zQa5t8e>~`0&*v1yr6}5_Pk748bfm4dS*fUHD0DtqZm=1EAVm`Exv_0wH}v*6MujBF
z3}neaJF(J!`01s^3%-Y%UMJ*SDRVEDmT8%8C;FRBdoZpRlsLJR)t;P5*+rP~9Y4UX
zSu1O?=5*S%)ihb(6&U+knlBL}C&oCrAH<O@)6yN6iAFT6Wg%a+&>l3u#-*TOHZD+Y
z)ZjPPUNH^Fb7UO8sF^)u`n#O-jHzV-0lx4R7`-15a_1gH37TU@_^(ka65yCOH{F{b
zxULt~m1q_DT)9g?-*6$gurJ+f%oMezKgD^P0p6MNJ?B0QA`HcwSLt&+xOSVW?ie>%
zSJzJ=kp`mNht&5&^lZxx?Zb%aWH1d;EUTuW9ad>Xrfi(?Sj;o5`$vSOvxwEg9i!!9
zqqi;n<&nA9YG)~`fSe~`%J`yn4N7#eCLu=DMQ1($l#I9-`Y%=+-#Rr5T;L`v+S^oJ
z{b6>8z{b9oG<JYv$ChbsrG{d~b6dYyD_>P;s<zZy3g4~?5MlJRsTO|9bAgV#CG~6V
zsc+lpO4zbfC-l%Kht*exbEB+OZBEjRdm@||QV8-=%<2OvM)c^vGck>l9e%${P-})h
zI`~BU;<=p{R5`rL@v|EPP-Y*ce2De*O))+|%9OHTxE1WD8?&4hAE%SKkIZZ;E2d()
z${hqwRH~{FIA)k@?PFn1N&sP(sy|yeDdv3|*c4WUgO}r;mb4N6oPa)VS#K&Sv2<&@
zMKVxipVPVz*83_VOa>_U{ZQL3AD9bNl=INoHQ|*YFrNChNaX4;F*~aA^inRnizOJw
z?AOr;P8Y18y=2Z4kQkB*9SBK04?mmocXQt87vM_>T5_3m#ag)UM#SlR(ijFE<|T5Q
zv3}a1V02%rmrW3_EAu=49KHCi1!udsZzNY)d!h4?(<rBUBV#D^<f}kc4)kG`+09E5
z%+GDq(9^K>KDlrEZM0(ok-~Csw``+n1LE7P;=?%Ef{*G(dv4Va(Mfo`8){Qb(@hdc
z+#0?KQ7CPG6Fr&e_}Q8f);3WkF|XRS0^bo#qtopcZE@$kpXHP_fSct7&)0EX57A=}
z{(x&>H8DF@pr;Um!#B~Wm2~_#`?hI;PejJo*P&$T7nSC@^H^}4Edeb3*@e}(t=+vS
zSLR8%&oJXd(~Hq~C!am#!ZDB<wF~N+kJI<squ}9ty1?qXE^70-8?DE2)MIC%Sa&s6
zFZ)q8RcDeqEtgmFyd&-+LM?gq)5iv8NcuxGXPc4|=Q!`#tlO?tXxvY}mzw$OJ#NxT
zeOsQ(Ypf+3w9xfTudlFpnO?qb?$tS;+eKXT8v8u^we(2ztNQ-GrN@gp_5YS0|F`sb
z(UJ65OV$6D9{*^?_+RJLe`>Y3Xi^6fz5k|T>3^M57yWks>zo28C9t$~-Z}MC!62Kw
zB8s<WgZ4ZtS{ce?0LWy!x^hFrb<txv;GHpz^#bP%`rGX}_~NxYXGe>!b_$EKd6PW0
z&8p%vyUL2u=iFZ~VKLQPVuRusx<-(voE@6%xzN^MJwIH0cD&kF*w7vKk$}FVCC!7v
zozn8v<s?M@YP&fJ{Hp?X(RL%Pk^V61Yk!0D_0bQb^bt~8^@jd(Zl_Encg-#5P6%~J
zO(z|nO-in|_t-DAr+LF;_N)`F2Oq5P<#3>(aZ#^Ym(4G5?iOg*9(dhNDIVzAxKTyU
zg3qWp(;p<zaaW3b!D_#s#io_qc}iQ4a1*{>ZpDOpydO<!mkxYqz~y%V9Ph1WS|a8K
zdOC_uBr`ueMfUNy!MJ(CpH>iKAqJuR)!s)=aM=o^DrvA@HXQjpBS3b2tgJ&gdpV0{
zYQEp1W0HLXy+@veq0D?Jx@OZ;Db;ghzH+E`y>ynx)Ifi8uOUoWHI_p^RV@ukj1-fF
znNcYMNeqWe&HhIvhEYDx$ZqI+pYqX?Md|HL>}PYIX6HK!>kDQ^m2iCCv*9hCRGI4|
zn*=njFkCjZ<c0m+)FQ260F;V~yN0#hq>fHD=Q&;5OMd>4MMO-?GZ+VuYjv1qCquNY
z`kLJlU*ZrnejB8zQCwQ?>t)Y=e8Z^oRHcR5_G7llEQV&g?_uK2&CxtzFaoOpdp|$H
zXp7P1*xj#w*7lhHWI}eX;>UEyJuDlla7vWt^=Uh^GF4chpHhF<#9Gs?m)RB4UQp4P
zlPX(oP%%NTU~-SBuwI(vN{ofuZUn~}ACDD-d+DeIu865O0og5j**JDt_XcVfV3n_A
zVlX>Ey^I>!7g$`C#uc1{7K$MI26~_jwn?T_BctHpnubHMm9c=T()bGdxl*e2X%@qv
z^_Z7!3RXbR*LjPvaM<6icaeDCylRH+TJr1abXSWOqZCCsUVnP9u@jBE{%%$?+hy~7
z_>1fCcaC{hwZ|YZ^=r)pai2gCc%!l`%(6k3Ws?;hmz24%et()Q6~E?w`U=+PBd>yL
zlb!^sA~&qd_PLIp-&$hB!(pDp-axL`Up`4fDA4~^o-gv#b$HxT?SMS588bE!YcypR
zVXJaaE#tJOD4S7QnZ-zCmo|4CJ8?42c$xKb-NDa1o7U_!ILEh*d}onxI@wrI$9@pc
zuqi~_rp#YwdR9i$J-@$dvf_F@U#nPp8}790fq0>e3N8vxAeo`0xM_=g+Thk~r{>So
zpu+a?g?OVFaa@r`_hvr|ZG!HuL>_IClOHSzceWpDK3RxuVFGf)DZvfEW@&qb4kDdB
zgyTF9M#ak~YO7AIC+g4k-ATBdB2RyI6p}dSj&JrEtIrly#StPZrUU24H?!K{G!zkE
zf)KAhR7|;ryc-zJZeLiqx0>)dd`CXTY=O&d_}Ls{zlO4ZWogl2c$uMNf4m}+{x)yy
z`75<pSl-;_l&!$B=J>dtJnq?u7xltVM{^k!HLuAY$H{_lp4$af2+vjF&FTSMV>KO*
zCk&%5vmu?1J#kIW*$PklXcMI<yoxL>#yaSYZwnK9Hoq(<N!h=l>al7zfHnUnpv7%C
z&S9DM_#G~MVzE1AQ9kZ``7-kufChFT0SvM<%NmM~j*g%049`yUe6&Aq((~;hmgDCx
ztt_k5=VPzmHr&=qby;yenmX1!oG2xiPhO6zc3hPn&j<@Ampicp8ZR~<DFexqQ7ZM%
zeCJcqv%~YsO>Ww<YFyIiq^}5(ol%5o`N*^xPOVi@)A53{Y3^Nb_4749r55iu>k3k6
zX08aou)1kgMBSERm$KcF5%H~xYCUb&XPr-(lE@rp>ifUyl$1ZI+ZZkJj<t~!9PTk5
zR<wUyKI9MIpHx2c{7f}<43uo}%fN9sw{0N09KzGuaQMN1(csc{6Fo4<JhG8}>7$O*
zf@z12l&MXx0D`ccdOwGi{`)(h3E|{F$IX=P{_s~Q?BB5&wPV>VIo|0Jm9WnbCOL5V
zI+uNBT?*eU?+Bebc!V0oy2oHY2{b^Z9Mq&w`#dsgAuo@CA53-#F&WF6Sr$B>s@0!6
zq0Dlh78}dT2=ppETZMVn<r>_!uJk#$8N3<%+N(Ux^UO$#5bjyE_M_imQ;O1?UQy1K
z-Rib(U&;7<@ynw+l@>2lbhPoq`eS}v^0V-YGZ=iIb6VLwF@0?qcoDkdzBk9$;H0^-
zs`R(65nTr*x?w<pt7rx7vdP;2jp$49plW;Fq4U>ADEW7Qmj5N7!!{DXSD|enO5KS<
z@2DrqZk+t!nd2SAw#^y0zpc^w>Gbo(qI3fI+~)uZL_B+5FsZQE*Mycv{~#w7?qzLP
zi8QtJ6b?b?7SIthw`x<rBjEOE4*|5u*bU@6XVqnr$BcKS%+N1f-^nR9_)cB*=73Ev
zfN{msebQ6hCXT2p$#pu6Tu`6>AfAEMw1r=%^r>6jXf`=_pH=CAvn*mYb2KYc@fGIC
z0HkNH&RSvBcG+V_VKJGWhlfe-K_ARtujcG~p@bkU-$BjPDxRbzJD0reJCj1>;+@cO
z4Er^%5U82++9SK~M<(tyOh+d+{Ku68{Z3|K&-xm_<eKQ=S!U44@8bI;bnA*PT2voI
zjM{tQt}J1XYoY4TN=-9Z6pY?6N~+m#g{HcHC$veackW54kRAx(l^gx4-<$qo+PcF%
zuqi4^?slQR)9nWD&!(=YuT5$vH;Z?0`&W<ixQ6?B_7;4c(R?@%$!q)hiz@eKrT7sO
zT=0szG;CtFNCHKEKBE+N(-tRaL+X?peA6*tK)~Hc*hXS0?Y6rf8_?KQQ=v94vw2qG
zT39BGOJ<uvT#Bi>P2|`>Addt&-6dF$rzk>9P4Pz2i?UsR0J^hA>ukSB*ru7nj*0tR
zY_a5gG19$bWbz(Vfwu`6=k(h=%?`LNb)im90##kOU_EjB1lr>{NHc46`c(1V`u##}
zf_KKp3cXHVJ#{p-3Jv<2VIwCmEsUHA8rxL#?o{b-klE>P>E=2XY<gv`)u|`Rsn$Z~
zLp-hJF>}n37SIWxLvO|EusN#ei|f;9)e84opDN&%fAqwNcXAFrg72W}Hc2k{(@&B)
zO}9cSqt_2g>NxahV2$sIfiC5<1SOzLO%?G(rH88*k*q;inzOm|o~SD^(c9vVFI0>X
ztn$bQGfV_>UL3V`8tY3kr7%03Q|?I+%<;xp&Ct^^IqMbON)z4PgQs=rYSsm1Ip@^X
zq$5<^jz{C>QlHS&X5t@AE>AL*3wj)TKAH9(5lr=3Tu#$<5#>(5>)OniYjkE?zPd{J
z-id!FIjA26w0{D82|>KzQbWRyC9UJi2M;&#X=LYj!L;8Rg-XsM0$#c)YV{s#DQ^CR
z8%gq6KG}#prnyxrUYJt!lVWJeS<6vB5$|!@OuB^N^J+_PTsL`!<cUY8f-Ol_<+;}=
z?X;Do3N@r~S#_&bc)6VqJ+DvJ>jv06ROp!v*;!QWgq{hEcd(E$_6c^a#`oxm(&T5i
z^e@x7jVOmOgp%V6#cmch#JV_#IKpEWK1Kjv=&-$?K_0-@^$KQ^9gGv|*-o;UP51pa
z@3VB1y`JxxJ@OUVjt=X%8KDB(n_7DALv(MQtKo0YBpOZ)1y*pL>F&IeLnQ8=3Z{&x
zE}RODOmhQou?E`I!^N}`1V4Yb3&rd=O-bajXrG;>{JG(EJifHq<neT<a{IVR8GL%s
zjt%tXoRN-NRivP><P%%ZiU$bKg=F2^f_csf3_RKk((5RsU;5~AgvBNBE@H4iwZmKX
zWxPUmsL*y0IixqeD~sNCF6nT537jfhSlO*Fcf{}234a?#Iuyx-oI7^DCNm?{EpqU9
z^FU`c#MMQkNUu<FyyvY%kc795L#dCx$l;c9)ter+v$xKR0_w=Va%uUYkXyn|hPIts
zL9b^eK@APZsp!W<3DZCurX`*S!xE2KO|hS%o7Htu2SwXSEp@3gQ*F)Z+C^`MrNwXM
zlgmxcOYx5m5<LqGliVdx6-W<FO;KL#yWzMT(ma<8BV#5_-whf*ay;`G*dLL{WL??j
zX`GGIK?k1#-(Cl|)-)B-ho@{c*z5`@3he1@+V||Aj85?t;zJFFe!ZTNuY@Qui|Kt^
zpOFW=4NsJH%jMdsA2jBsX;qh+-AH;;zW~v3z_h~v35CVRoD@#O$eWc<@{5W=XY~gg
zf=W|d;xX{I<YR9ZaI2gc_dL61M1WQnMESM){4^5I`j85p2r`f|z3>eO!`V5YSJ4ck
zM15L&epazzD>Tn}Y2&tAfTeksglQjAfD`Q0ZiJi<jl6?0_)E;lM7&-02I+v0@NOFJ
zniOS{VC+JHo8}i>yd@_$3eV$diZ%Pil=8TwV?AOAku`-R`sn0m0v`o_KvyU2#wVM|
z_17N+S0cL8#Rb;R9?>`M)H*Y}nYg9Z0Z=w}GQhXTexPaM5ROP_Sw9-!#N|{*uh!Q!
zzq7dL+P_`f@z|GdJyfv$_S?;A&ANjP?Yi%W)eW}Ua-L~kKl;+S-i&+vTt)z;Y51Oz
z5`73IzC&}*adwL7NflyB(AVi`ZHJ>{Qd~WhqVLI|IQlf}YCP4vR<pCrr(sgq(M*P-
z#HI$qYGccM@g%=u`e4Or!{KG}V1539R>i7!M|z{U`iiX!`NoEGJ<zY^BFKsOX63PD
zTQ_j*i-<i?7MzY^2)-ssZ@RUNl^2pbZN+zh>!s*GD|UiQ?iWGf1Z$lBSpI!cua}8y
z(_MTTaWKS3lAV{_yAf~jSuBf5l7TdCCpe5KCG>gI7j^eSjLBiXc<RztIg6?viMJoW
zOiHtm{IFEy-QZBSa%>PCLXKxgE;h5NkBXKEevG4?uvt2y=gqa0d@}w`)N#%)RG^o4
z3b7zI70u|`uq*i8X(vVL_#jAuX2nT&c~)i5Q?T%b!uQ_K1^YM2$rGNZl6-lCtUxZD
z`Gt3Iv)NtTN^Jb+P@Mi;NN1J%5~?0~nX)+Bv93^W@Y-?Ds*P*MagUz+8a>}`E%RYP
zyy;k(XbkNLvM)8)<TAj;!DEjOPZl!O^$sLoqcNE10SQ2P#Uile`oZnjyFC8KY4`G8
z5bcrc0_)nGKj=_YHJ|}57E=8UCxjxZp4{4-UKMEGGpi?`Hml@$`JB_szIi9Ru>k4y
zx2K_73$d$jyLrk3NXJvMf%YI%3~51xTXqk7qF_@}i<O!=()U~TBZ@)Y^21V4^S){~
zKG79ST(?Edfb3O9-;6Mh{8iP!!<LQGG4Zl>dBH>><m_aJ+6oy#NK0ywU2CNiqhq|g
zN-DCuMp5@(!*XoXl!(LUmy}3V8!wZ5XI^>Aoj96v*6)g*u3PQxZMU3hS0{UiRvfn^
zh_<=v$^`JP24;i`sZ{Gd79iFV<aZmnJApsc-A6;SvAr@raC0pJL*L`5EJ3n&eEjQ~
z)TUt=mva+5^rS3{X0gYlBEKvYH%NUa=jU2fSYqfCt4%iYje?Y6+o~VM*zy!F{A!1)
zu<*X6nAQn;oIW%OxW39Z?p(uT@?!e+H4N}V;?bIkWA!~d%110bOYf9}Pakm$*ojNo
zelto=NPI)%Te^G90M2o}w^6mTV8G?AB3ASxjTqjgEOSb=Cs3R-aHL!3475r2hE^_6
zwUsZ0AEIFo*rR<b*pDX0(GoWBRr9K<v^ani%@hV59}UiC_~8@I%6CUbTn`HxV>O!O
zqAyzTX5V+X=}yzt@!Y=+=ZyraHo#aDi90)huaxl4?rB(h9}Rg!QD{?WU7X#9_C~^w
zlUR4S%Y7Xo4r`2?VL%y@0^0O}ml20a1Hmtd92dP{ji+!b;4Q%Ox0_;U(?6x`DZIy}
zI|v9r4j7(Z?#Qo!39NmiwDwxVG(iItxxQyY&gC{kQj$WHqBspdj&TlU5rn4O5ApDc
zRW6Z#GD#)7?Z6p!Xu`gckexC|moTtC?TL6w0AV6$!!MXFRCngcO(_sP`&`nIY;54H
zmGN?HRb)`k3a(J-Epn`<`DNqgl4(E?;>b@|inesrk)iNCE@Hz7MOZ%(A2lIxGIvCw
zWebBsp=QTwWa!Bk#RP?{)IxM*?v}=%^Br~ar3ASt4^yK44`W{e6;<1{4Z|QI4T{o=
zGzg;7F^EXFbQ*wwbjJV#DuPl<NOyPVz#uB!T|;-rfaLrK@Ol3CdB1PH@3+?IS}xC=
zIcMK{?|a9!uluYm7fmQMqUE$k8|T**JuEz`>qu0QnAEfRJl;%*Rfy|u&d6xrW76sE
z6KS{D(IKJPCw`2oKR5TyeX^`h9`*@I>T*A}O>ukNwiP;NC1L??oHU&e4xaAieKAYH
z9i381a@_1S+f4BF`QGV$EjPUpTAi~q0%CvS4QBgZFN#zon^==V_s*w;*o4%Z!cj10
zqk$=6F4cI+EyBI-XNr8`{?Y_HH#bhnFW~!b@s1WtE!`dBA%Ul!JJEQCkA>f41#mlw
z)ko@xcSbsJSAF*|7!ns^no)gtL-G?9jTy*mL2<Ig&-7p?HTadw5ANzZ|ETSr^ZU3V
zdBumMEI5s8XlQf0_lx2F;gfH16mSJ=d@d@;(2A6EaW_XlF1LrrRpbX?N*Bc!fdMFO
z6#X-l2-cbU5B6j!sI*p?-=)_Wl!0tLUz^NUSGJDg#TnYVH$sc9in>8pZ{w1{4)DEX
z0D~Id1N5cN&ElJnBVGKFn`Nf>B+JF?)AG$dG|Su7Z-$&Zs~UzAYFl@#&>L_om%AG*
z8o!-T4xUpT*Xj3`e}uc89M=bb_-4G>cH%PN6z{BdZninA{B8gB>!JM%R0hxmPl<I`
zr+?&8S8+#Nyz%+hQ3K%tp%{tw@kKUrsN#JP*BERdI4!b^($M^a4tkz&&ua*5RraQ5
zX39#Q-hU+@_v}?jT#>(Db9sey=(6pegHV)GAucU*7zQjJ-9&drB340*+cR@26eINs
zUY~bBi%f*)x%ARM3=lu_318&cP869XZW`Wj5^GSp)7!W7%MyNP^Z58E%J8f3R=u*(
zvzt~}UUb-<LCJd~4!0Rv24F!V(e|3F{alYKWgH%=K@!K3n4OI!6XQx6WHGXste<EJ
zH$R;qrSqq?Ptu1<nI}ElqhEG`WW20&@U~Dj0pmLE2QL=&%%WWy#hSCWo}WO0)q)I?
zU!h?2Ojz%d=nlk3UBm655!*8wxts9vGNIIr_ksGWc0WP43=3u*`)3=Kk!u<DCQnUz
z99-wiUBv`>;J;6BbQ`YvelMc`XmqTx^ZB~?Vmm&G2;V`Yu{G57O&xM)sJ60py$-(8
zQFz;Nef`xKCdi=BAxStMsvA1pgVdy#cJpiXwN{4ru(6zZxDYS?8XsSq{C>_)O!N$6
z+2g>|+&k^#WNY=p!5!qOx%jY;c$}f|YjryBAGOzLCvCs8#n(xW_6t7(^tPkr`F`=c
zC_~4B!wTAWftHgCz7D>Kz-zpY_o2^aUxHziZkxtmo}OEiF+RH?%wUG2U=Iv^%uPBw
zaQ8NEneSveyzvTbC6{(%4EXL+zu^<AMBTR{867B&Ej=|%`gBYzM-G7Wf-Q)Gp@+yO
zd7fKzkJFdl;^3}(Qipt-9!p((;Jt9;3@&_>HdojANcqWdu6v}`PY-Y&{rbu3nhkt{
zC7OMu{}}+W!r8JCrvzr36m;{XF<>Q^_1C1l1JXITiWx&$mT-^8Ji|wcR%YDiSePEc
z70z$Pe{YlTY;8vl!`dC)G(;iB-Njsm<l!q+O>1+`x*N4N03yX|Tf`YUF=cN0t<<0l
zD^;1QXI7l|0S&`8@*yKuSpoB%{iSe^hz{`>Yy*GX6Ll;{crZp!m&<r6ag?d4qmQ@0
z&Q!lr&Na!?7wEBQ&+j5*%9Xtif}1}|f6yP>bO%*@6<T%LcrBFfb?!T?0IJYaWRPfg
zUwiz;E`;FFFpB@j7@b#Pcj4B{gIuP9a;u!~)ZrIns!RbGurtA^$3fo@iX05)*&#qZ
z1U;V5NZ}{|PpsPE`np{-<s*Ul2|c<RSd#H<`9yVC8zAb6Q7AInqGOYIXf-UaaAI)U
zOpp9}YyWfu116gCvaO%H1-?iM2wQR0ZN|;aBlf+6<LeyD%9WA~+c(gY((S!E5{8z0
z?e1U_R{4v~$+u)o`t#wwGVVVjm_coX(wD_<hjRZ$dh-uH;~{LH9kK!8Cb`^H7GD5w
zsja7Z+ZAy2^VtdKbALPP_VS;oEEgs`K08i{E<|6zg*tZKMc`O@F23bYv2pA8&yS=N
z=e%~_)B0snFRyOPV0(CUKC~TcWoc=p4JNi%Uw#CFe(^PWCT6R(o#&{CbUsYNG+bI+
zvuQZA*IITy_{#mL*J!Vk4{veWpS)faz5jb!yB_Avd6G%%SmYnuTplb876Alml@Vz{
zrE&14^wUa*^C7Y%lWc_6!vi`X)~3h5+IXkWF|{w7?pRxm@ZJ$-=0jma&b>e{Jm+52
zmpw&Ln`E7dM~zGo4E5cneatlEl%>I+mcezgI;wMyT1zbcdtuFF1(!(=qAwF?c@Cp{
z)iD4aInpn;-Yqhc6h|3D`RZe9$P7AoWjUj{Bh^6s_;+bi#?<*burgz5d384%l{&6_
zJW?1?@$}F`m!H+<h46|lbo4!acYbo93?;DqN+?hNemO+01Pcrd5xuf!(zn*aGpq#$
zmIEaaE!V-j&#t10UwP>4O1U?xQ@t7hX&s~CT@`F>$MYI7a|nGvres}eAQDbvxw*JX
z-+w@VbU>eB_t0Vdr0~KgZPuG2ZOnK(qN4OW>g%(H?S%3-f*-rkbc>JYZcYUaW1k4F
zPIf#G0w7|%3nb2&DZqe+QEyl2^b~Y|>eI0s&=Uwy66__bFEwXz8Zf^;<~GP{+oR%!
zDo48)q7qr?sF?ux9YX$XMda<lq-vs5Hk^w(h-l}_dB(Y)-gznTpn9(f5$2w)ma$Rf
zoVMkeX{_~KVj^z1aDhwcc%q}y>y%dO#oiE{Sf$cPebJwY12iy~Q77H%hJ$<N(5}ee
za(|KZo9-za#<5ToCg@}*a&?-xvQpY)`9b-}2EsZueXHQ~5D2UHL8>*s&OdMb2tVj2
z)EuH1^%~c-Z$^kAbAWlt8Y743i_$8x{^5ekM|_euwE4MG()P<T(Yy8Jj`zCul=D3;
zU}sg*HqxZ%5p}tJD{+2lS9QXDQK40&aXGW)Kql`SC9-&;WGU%w8mEcuM!tjVAaKPs
zAmzPUqA6d1GYIfj!x~f!(`?r+*f{_K4Db8J=f%SFNK)ocr<QEe{em^e{uzl+yAtN|
zyFWBch)^4TLYnj^Po9T5c(9B`kF-ogd%8NBYuchkPuyl_%qC98!%=&!0mL{C^My4P
zQJ#XR*s{(!=cM%)J<h+ZJm!B~450yOYl1UDr<&JsHcQ*XZuq=YOg~?d=1BaIve;ST
zepPY<s^D9*Lcs#lMn6&6&GDb!>(O47$1X47LFY%AW``W}K*@DC5>Q)bKE6@cRO2+5
zL9<c~pYgQ8?uS<G0;$PI7$kHzUQStg?`<5ymzqyb`W+JAe3=~mnP50w*ibOOU_X8C
zaRR_xvub+|db~H@IX?<%Dc!sGM#@QiZNKmB@z@7tk%fsQ2OGT;7fp2{3$77mg^zM#
zX5wwCxeI_JoH7_XJ9gMdl^f|+jy=0Jh2*Xpw_<ttdA$A%8gbZv9=}_;F}k)GF1%J_
zn0N|Qw6dmqp$Gkpr|vTqd8uTZxB0$%oP_!vL|GQH(~>4_9NpS;6{}6n*E#hks26N$
z3R}ZyRN0HKh*)`Qx#F_N;MQJdQacjBu|Wzxu6=Y=9M;&cXL!~f%ex)iC+&EQLiL8l
zccjWS#2n|>9X2*2El$GXk7;vU_BYlBgZ4e_4Zi-i@pU6eiA;8xBm<A`%Yu(@NqFFg
zS~~!>2HD)mbmhjP#2gYLxp(6YUS5@x6M7X^@Ssg*rtREzyJv60`F#=A^3nB)C~W{j
zl_dlMC?_Te0XjU5rH9$3W@H!11L~#Y4S<x+l%6BARu^xXew+N47|8_Nz^CCmMg5uG
zB%Kv-yME@roWUW9YxZaHLktjD^wI{U$H%gIbjfYL^In$3)|X$+q0JkW5sV!UbHfH^
zRyKP;r#2IeS5R|$SMan43w{W|7uiEZj=x2TdKQX~x1^iWRh{24&~%$m_UPyt`-Nn7
zub=BUCl>vUq0>xLxc5Fig#Obwtc`+Uq*H{>*2hgD$*3$fg_gE+w?Kj%zE)FOU21vm
z!7kJ`J#t`{;goY$bKJjKwpv1jh8~YnN^SLR8rLa_?NlZ8r_&<mIw#jnOdE99NvVZc
zPBZj2_k{?AH>%?Gop;<Wab_F)^umy7dUg62nGP9K4@2JO0l4|7Diz@w_f7X^?WK6j
z4{i+(Nr?fb1>URClyGV7)mNQ0Mo=AFFIC#yUPk{65!79Fw%D^}5%jx<P7Ld+;MHVC
z12Oc}^WLu3#*DAkrPa<2@AjVl9?swL7nbp&MK4t^#Vs=F?nga-5a&#Va(R6?>4GQp
z_51`#T$j&}4_EHgZdH_4TAtDNF$7&p)%+$cwOO&&h1?4DdZzmwZ*8_>t8Z)pJ>Dvp
zm8oZG9Y~bv6r7i(ELi>h^+f@L$?a&6|Mlj?-K|aUlerM0vA|%uH#TEYQ;mZdBWZTT
z*n8-5t5w#p1?HZrEisQaq(?bky^ABd8mLf_gB}H#uGD)!aAT=y2RY;e195jLT~;VO
z>5l7xtarh-NJhGS+2uRI-mNa$3LC4j-r|x-S-PA=697i*ri|Bn7VNpb$<UHoK;9Yt
z0RT+@`fNO^tt671|H!5yd(-d(k$1~UeE-v;kZ)5g=+fcrYsxWoI8(7(2{*a;zRr!&
z-S$MU6n7De;tzNUee~it_tA7<xIph3`Y0u8&Qj*v;Lx6JVL-+EDS~%FV4!7uHn#^5
z*X4Y`P<~(xaB#>E{8jvBw+VzD6;dldD9UpUfZQPK`TQHJb9>=g&=A*N-u|H*&=B{n
z)jR)1%|9sv;8=&(ijLM&yjJP6v<w|m4?kO@p&r4-4PEHlgT?z(d){MB;b%_g-TuuA
zp~Z77&2+x;Y>=dr{<$(67lm#A8t>2B-L`itw@+%`0x2=_aM(OEO}Sxw-Y-N9rPYeJ
zNVBiMo|5=!3f9v+wepeJ-~bEk-t5p<MXJ`|C0eUHX6f<fJhTz3&aK~^T8G22s{+|d
z6tyQ5KZ8woigK9{?3l3fo&-iY#LUU4EM7`-QGFB`5}_8$S=P6sHQZ9Z^KtCiF#H55
zZAgTD0v)db_E@AU)b)p`#7iL$@nhY1l=V(BGix#vu)%F`uIZn2DrOeurG(V>&#a7v
zq2vp&z%iDytpOom+C$Y0^=w$B!q3e&W@FE!y_Z?v0qZDa^0mav+es2`xfwez1nEg}
zdwAPA;rlFlb9rZdiiz+W*W(Q}Z=3I!pvfVi4`lzmmj)ZaG!uY4kJCbwm`P0NAL=Xb
ziRe$lD=A<19y*3cF4kvh<eIwn8|!qVfVupZIb{*@ynf1q@YHbrbDbXJq+n-Y7`@(Q
z1JKKG)Y0)&x9ZYQ0KBa2^k;VVcpsQk#p7BPt_h?8N0M@rW~G3RrDuOqI)8y5Omx1k
zv<csB&N{af>7Q`wOGY_(CB*LF??=y|g^UxE`j>37lm%RyMfME00#~wpZF_|yX*(DZ
z>*6uxj05eC!KoP>BPdiI&g$G~hk<az@?jT%KC#{`AU@dq(7XXT+M9I}KcK+!ZWvPq
zX0mVex%v^RdG5Q4N2_8G2h+?sshw>+JS!8<A7dM?4GZdwe}X=Ck~vo{U1~wWZHR>M
z4(ji(*cZ@12VStHitRsiUy3K5uV|E%%CuT8a@x>0aBY2TsIhUn`i4+ZUvn5tu%6<=
zyH&H~<u*Q0`3ZS8ICC-+TrH+*JUgGM_RMz#wf^?xc(ih>Xt$sk9v{EGCHeK%rh7lE
z<N5w+tx^AAZLTGbP}!^fTDSRG14;UiWtI6riFUczNxQ=N)EQ}aGW~F<TXOtty7q&I
zi&1kB-R6QqQKr{xAsYi5GdR8HA=F&mb-jiq-Zn4JzHg_mXJQmJ?pMKm2Jc<rph~(P
zRkb0k&)r{g4L3tXY|PSVtYEA{n6YXtF*`UosTb0CY?>34SP7{dM08UcDMi#TX0ymg
zMF#ugZAl7u3I(QD-0q#F+^DL5X|K8L@=Nk?YC$msk7ewWga7!HQAVQwx87$4oh`BM
zsMTw+S%<`nvNw-!DbwDuTW#H_)5iiTXzoQp=qH)rH!LId<b_shSOSdC#HeoH>hE6r
zm7o<nb%avS+mAsh!O!o1_@wk=wLdqujHgk*b9jdG%yYjsMJo|@yCK%eF^sPJTy)5I
zV|dXn;rNX@w8ob?cEH(siS6T@r7~NfT>Y)3lhKBoz$6)D@NzB!QOvaJ{VbnMcfiFl
z0?6p6ws{MyevEyK0ub#H*pAN;i?KG$>YX&Y&_yU8P(EL)(>(KYSj<c06&s#JW)7KK
zW$*$t!ruud(RW^%eJ^;`FeLuGawMht&=n5w8YFkzId_H!)(>T4$3{1wuS|;3maGxS
z2A4KuDdnEunao)jLZ%M3T@PG-P}Wp87^(Ly`E;#)UC=?wU!a-Geb~@n0{!BHXKsWz
z^o}}o<B^T!B4W*8GkeN2>Oq)E#&NY_p_P<$!s+pvjp0cf>iq0%rG=_oEw%0b7~La=
z^nOVFgQkNfH-;}FiPyWurN^R^A|m;bo?6!?+|4xo`;+%$Y+mQA_}teix#w)qDVP+1
za(pfKoZ-PiFndw5*U;Eef_Q^=J%5AzXj~<ok~e+jL%bWPTHda$LhnE-&YpujE6z=q
zk6y!8aMVrY*6CIQ_qL11rZVBn<t?a0W5|NiB)f~5j<w3@RJTq79l+?}!*s<!aw;H<
z`y3corzyFWx8F3{7-(^p@(c<L-q0KWU0!iidP~T591k#;2>{Gx48&ky$luLYNB;>O
z?i=IT?ABC2Rp!jZNvZwbfGe2!pd<i@1Q>Vp-2c7@-$5`?c)jE;3I!&_aCc{4b+msH
zD2D3w(vazTeKTaGjLkdx^L6PfW+gq3tFHq9uX`8NZ1eFz@uBWSW^d6K=()_8ObuTT
zbf0*M)Musiy}+`Ouw6i~BwjatY~a0MO<nam#ej90+`*CX)Twxi0Xx01Je*s*UL<L*
zCe>+M;84JZn`Z$d<kL2yqv30bH9DSj>A#z(Qk>HrHg`!Fa*yM0I>^>1OIyfGmQq6(
z^9%l}qw#B1yce?=m%w4*uNIs?JWaIzcR|TglWyjhkf*S$zv@!|axH}6_MZlYPVz^{
z8&wxNfO5?8KT=5jRiy@g`hOu5{3pTI<;$l7g|Yuk<9C$@asSOK^=g{_Utb84)P{Ej
zqe>-^0zUzu8-QB;_%|9Xc8RO3%Jk-ce!zb+9$rcazTfxX2-2?Z`8TiTf2R3+e<gMj
z2A)FM|3uz)rBo;XCu+M(5k(nN{TJfOOU2l%d-NBdTL{eiUsoI84`#U{#R|Go%q~0<
z0kVH%)yo3^VVBeS&ky)FsPBq2>@orAlmBnjgnt|2|Ak=l#+BS9d=Pbi^CbPH=D@J%
z-?WKWy1V&*f<|B2j{BwU{0HtgqDxKN`%l!bf0#GhuGAOcT$WMzH-bE}KSXe*|K$Py
zNt1UeB6+|Z{xd1))ja`~xMJ1)FWhifa>v00?Zx~rgr(=*NH>J6YUzv91p)UhI6kWs
z=SZ>faJQjEV9E$dF$|t$jJbaIrG$zq<T)Y`{z{AF=M!Of;m}lE8k+5e)|fl7<M8px
zQQ(iq?#bllYv$H_=+-X91h+kA2{0>(3d8njIgJz|AjOuEqz4D4JkX&8x(E5k2k#yR
z3}dc>^O!+~VWI5)m?}7qHHMA^cNri*uEnI5{>R1lLU+N-em*zBV#39#xB{vaz=h$&
zpc?`|A+M%!@Io>E@wrEfsq`QTGF_@J6zD@PHA8{xdDqmLi~;i>A65{E0+*HK_qu8D
z-RY;QRiwaABUmg<S^jw$0}M>o1A^^J6orc6lF10>e{!b4WC_f`0fT@?U$aL13j61;
zr-@)5GbCZdx|P;hK}r<wfeRP>AZ)6mf^K5n&FlXr2H>9o3<$Psz%w3jNR!&8uuhQU
z4)DcO9RKM2AJ>L5{CQ;E|N6*25Fb0en^2N_q4v6z8y63vNQ?{Kmk1r2^a*0bqzAKW
z<}uu0e;x{S?PRM<OwtvidA~$Qv!%<MWqGTtic?@+iWJfTcHS6c5_Vn>ud5Rot%ugm
zTaPpARW7zga_PO^TjY8W)&3cHhZR{LG2Ay2)1_v@mm<f6L5>(yVCn>qu6cz*0+>}a
z126`2G{e|6*yR`6B3MD;%SgnpuNZg~ESMj0V)@QEsQInGps4xU_?YN;fb|T23yOOQ
zfgzT-5f_?)p9z^Je^B}r5<`-uQ~F^b%TVzX$oXqWY#x_hrJVI9-)Oy6?OQFI8t2W4
z<nt#J&(}L9m@gNSH5Bsf8Cz=$E0;;QiDq<(Nt%9jiCVI!Tep3C7eTSHL6`f{Qlis=
zwKecG;eQEuv#Y5V(41!sNyMPUtmt^K+Qn@?3}mazTMXx<XAp)DaUrO4QEU7y*HFLk
zZSsu|+OG6lWgpBFe|<<_W6-GFLPPXZL0uhfiRp%JYnNf}yRmpFqX!9LV40*5+&3^t
z=eE8KJ@}_Hq1x$>ixusy@_|6;!E9d1I#9BYF_1~2@^r&Vp)bjvcnoimbvi@mUm1a8
z10^CcHRMcW;GY$;^O3fLtQxvGSq*`5s+^hU;juLF{K}KE_7O!zI%ifB<&s0$4UgNt
z8xMAg+*oSL{qTeM!U(n{Fe0xF=4wUhKF*c@8F<4<RybnIS0lI7#OZ*Fp6MY6UMPf}
z6nJ-Cz&;8umCY5xpdyAl;Nay<G(~X??pnVWx)07_M}r7ghx?UqRCToRUKi@*HYhGo
zvr8mNt(5fTIo{^N|8`dFDaol__Nw;v#t3tJgfZeuOw%D4dHAaX1?l<MRmd`Y^R=tx
z_*liU2`+R=(MO%&!Z2s9w48+`%SwoCKOlBgmZ25zk;MQ+ktHkJvf89wQ>WUZ{1Bp}
zsRJ(KHc%QfjojnHf7gUjJl$QV9}Q>Js$jFkx^`*xun|1ScD_+z!LF8yAtkUN;w5iK
z14pjERw847rLjO@J|MtiS4Dh;RVl15OnW;Z2Kc=Iyy=-@*|}#($@#X3+;ScE9D*0d
z=#JfzkmHBy*T^O*6l8xtw#hwBIcKG~7sJ;MI1d>Y(6{@V4PFM53LhH)8YK1hd)A7F
zrlrt(DtGZ942UYOPhz-o^QaKXR9e7A&Vn&vfbGm;#7c!i)X02Z<(eu|TP|t38td1*
zt*)$amS)1I3D=Q0A!iM4YqDu1cGG(uNrrz*#s>_1Ub3hZzr;45$V$HHJM-4LcQ$=&
z=IuHYFAK1MykvhCFzR0x@cA?aRuGIHI932`k-Y*A8Y~07b6T^1z4OJyy*AQbz|}Q6
zuumWrU<)~H?u#E^SleimO|gI5a<ytC!mtcQD%l{aK_^W4K}WxGi!n^VQ9zDKfZO7O
z#XL$cy|WSw!Sd3S1$K`K14omPdT6*@ubf@)gc_0t-+j=Nu8^LVhgup(M~t>fUwj?#
zpOAI%bQD0~C{*LK(5_`6T~-|RD-O_w)~7xoOl(l%8Ne+7cmaM8CY0p&Q@}HZJ_WyR
zhb?dnG$reDP$!p`P>pCQa>y+5s4Mb+E6Bt9|MJNUCJUejKYgi7_M<CIP?llz!t#z7
zv;oU&bv9Q^7rV5)z)Q=^wwKaTCS(1K;Ysw!X6PwP=}*{PyJjSx#me{RxDEqfKGIu_
zhvRFQ(8>bRXE4Vbx!d?%N`Cn(gLxqZ$1_kE`K834BK4kRI9}`$oL7EO?zuD3Fe`CD
zn6NB^6s~c(?@+$3h5x&QGT*Ne0zJG^KQR5=VPtq2s`q#Vek)$=d=E%@`U$72Y&Yw$
z^(Psa13R9AS|$IOMbQ5+i==OOW#(}I17j=UdkReLn3VKfc=~rg0}d?|vJd_|_ayK2
zL$l4(<?F^o7utU3O53}ZFZU<v3-$9%0X9fhQ&7-=1$Ox$z*~Z444jk1N<a-Iqj>hQ
z`QmkxY(dW;hN+s5wKFvNjR7YjqX;6w<*{y0A@&`p^Z99Hd9i(E89@M_={wt?nTLt@
zLn+B(ki9R(P2B)PL5AN3`DGyY#?x`N0&5bk2N@R|EzB4M@SXLj_Z0D4&b%BgdhyB@
z^b62yHD3%UNslkWOxo!}j^D8^cHksX=B+mbrwp)g#v-#=O|^PYL7i&*@;u#mu5w;E
z`AYjiwE|jf4cC{O?mD#&(h{<+pD%1gCJ6%skWPjHV?Av{`PI9Jac<aY^LKzBf6eq~
z=T*GidE-DZ<sU$#@>3znI)1D#Ndlgfjcpd5dpGD|8-+vXtjBS>aAkXJwddRoqa4m4
z;KpgBJnDp+dD=|5rNiN6i>2_3K;<g_3Aixse~o{BLKqksCC321I$k+5SLRgOhwbg8
zChRvQt;oFF3M*_Pb=>sGz3(Q#E}pqB+$Z`=g+sGa^x4u>iNjLYBP+I8DPWt0TnD$|
zG(G`BkM8SnzcmGc-S+1Z)`eNzJJ;PNxJTj*yepeSue+1U+%Lrv2FtK;4Y{fJ3pw(F
ztX}4~><4)bxEB^%_)wjHESee?$rU3T!5(3<!2X!aO2hf>dmc(aZ;DC&cn{Yu$ueLo
zywc>kfb}?$#HCk2GzCk!*Hb@f_$69L_Y)Qg9ub?mgpi3QYa2VoQMFgs_}wY1DYf~f
z1-wgBF~Eh;_{fAtRZ5zoceH9AecE7vkxBef=;i;Z(71TO2~LtRkF2vaIY&4hmQ2jo
zV4vExD9e8<k`ARTD@SB*>b|P%3rt#W-MfrGo&rRLH`R(?O6in1R-f*5*Em{GjXwdI
zD_;2z+KGSjA1Xh<2X998*|iGhMJF~gJ&9=|GwN~l%cfY3zz>%{A%1=rxNuBQ6%Zdg
zF2a*NO3u#$^yFWFh=m&y7ksPIq!&kG$MEBTXzhi|E8}1Q0$qt!!&gIf_sCfFD)P!E
zbIaG&9Co}D&ob?K%jIjL3Yj0vMcgM97}^-SGgn!_O=@MrcqtrGFfXs1tp9=4AS5;X
z^k`Urw8Bd7u2K^(@V~PPe*!D{i>3Z+8U6~a`pC1?Ya<`M)i$!XA8JqeDWCr0Sw@^j
zfkhtx@4gZDrB)(xD{U&=mDfZEa4JlnAf*{W>Fy|t63-*KR>RVY*N+qOnP3!u%)r^;
zpJo6-xF#9ay^hY)i(-r)9Pot>Quw*P!*6rbNMEh}`N7+PujS?f#)C+eTvaGrdgRNe
zBk7TSy0vdjIDfwDc&M)U;9Efk)jdg{ra~<vHznOimh3hPQ0dKE`;dv8^64%5bc+b~
z5=kyu%|hAQs)*P??2Z0n_-8s)Ryc=|<~2gP`|3zf?v<G0H=EpQ*=kZ7r}<v}2X@(0
zgV2+fNf%^RyF02pyKieuZ&vO8^*b=C$2s!-%t3V#wlePk?|g)(!f=rUL|r8T|38!q
z423kq$IVN7M!iq-uibUCi#P1qihiM%uf$dOculJ?EKKW}ID>h$5zdP9l9Qp}$TxxC
zsyaLl&OP<ojIED4r;p6&E(lLXE!(oq4nl1j(5;_NMzyP5E5g~nW@mmKu&#<qOqorn
zbjpn^nX31Y&lQbn54@2(U)ZqJ3XoZuv`7BP<9*=qOABZo7)%nm8WA&nyV!1sdv?ZI
zgNrO$>D^6870?00sG5yMOA~~X*2<!S2bz4v&Ca-1V6538gA&%!p<q5`tqk>!Mvc?2
z3<^|yxbPV_fvm{)JrLz*XbH@8+F!WN{;NdgcltD*41>~T*njJr)np8ZcXu=k5JtAV
zw?O&2zKbDTYmHDwMipkM0;D`n9GXkxMm@nuNt>@9taPt2>4=%Z>TKK3Bu-AB8mi^q
zemha#uS{y!dV<s=pP$A$JZ!50n7!r>oP|fhzQF)*R%oqFSeHL-niP9sFWSo3`14T*
zP|;=iigaxkUFWEGMG}bq=6^q6KA?FtH3B`eBedlrS>?0N%)9UWEluh`5th`VviH>P
z?q80+oT>{{&aU+G2V6iS;wNC4te|}f$aPSnIQUX&MHom}>A`XVZCx{-hKUFuVkc8d
z(#((Pt5U@hEeBF}-H7`fERp#%QF{r{S4N|2JxWJy$9u7fuiGS*m&WO>r3IN@65Kj`
zS5qh;e?O;jt_fZcHX$JT&a24kYsa|iX>fV4*s5*xqjSMlm43FNoQ3ZPNHl9}XD6XQ
zOU_yAT@pm#3<~en{B{=(&Y<_nfrw7+0e$16>mRjjT}{7lm7>2m)EIJF4(zzTtF@+Q
z9X5nU-(TJ1&S)2$ypP9Tfz|++n0`~>`u6ZV0lmNjSg|sw01nzG=*TAK`HPJ*?N65I
z{PgmD|20cg0fVX7?2;<T@FELUl+sIv+wPdK%Vc)o+X?P<7K(AD4?=nfg$EdHwTC$-
zCtu7-9|}nmiCR{+!sEBc+4|>8?QBMBUn0*1Z9aKciV7lKBRI5_jFCjS!LA=(li*VE
zTd>kAdnm3BWar0zFzKbcbzW7shm^KZDHh49cKw8&e<hi2(r)T5{_cyCKMgmBW&yq&
zr6m~J;CZxr)b(linV8t~nt1QX`!OJiym!&v+^|@jgJCHGk2mk8QXJ1Kk+)d-8_pzV
zH4^l)g)HQBny#VBLn{>mz!%v->mLs;I`Hov{3-ae-}k)tpG=xQ1lgCA(7nmd!#(`~
z4HkZ)RK0q)@LQaQWtux2;X@)kMSJ9XdfYmU-0|fr@ZNa<E0ug#w=s@#F^%Ru_SpNN
zxU0QoJOw_65YS%_M<E`WNQHJKS7H11rOUS`mS)HU=Y&353=uz5b2peM>|yHd5?p)!
z*qA=!jOE98&fN)=7kVSWej4*+rHKOfyXx%uQ*wk4ow_YR2kIB+rNnKN`Ot*W`*-U*
zJg`QtW*9L1)u)<V$nmq|o{A$FV04~{l%fYq;fTV!<}V^LE5ge}-EcTQU)Bs{TE848
zxM$KnlyC1<ZK1}JTDHY(^kCMoF$arTWbjb4dX;T~ds_UfT^?jx0WI7yQ#7SGRuO4<
zIJr)1#53n2s$8d$8H}utvZiL2NAIFDL_L;>qQh&E9F<jk?9a0pxW&Yu#140#qWG(A
zmS5e;^{repOLPl#UiYuu<<QEHyv=?#P?^!HW#moC8^S??kW1D&+?)T{L>%^vkXmLa
z<tIR*Y}E3KF`+Z60SMrat;FK48S+mP9ZBcA_L`%iX=`p~ZKM`C7^{Sz{Ot<sGV(CR
zI-=->4P&?KX!;jyq3g#mmp1uA1^npy16_2$%&W2p*|y+=gLFLJ?ZsNB66oOyL*<k`
zG>h}-0D8JYx!d8uy>jMHGa!3SpWe2I-)ojSArVKx27!<BD$(PK1-rUA*!6hoD3RD#
z5p5lLh(v2|Rf;Q}P2t&}7E8B^os>mgL#?*4FN8Y$>X@4E^7vq})2U=>GsizttEDBl
z--G2O#`zdOGyG6&`y;0TPp%5fdoJBaUpEc9)x0=_TIslA*UZ@(&d&Ws_!mv0kJh#h
zviB>DSl-7Ii^?d8qn?g>Hw4#oBUZ7x?lr?jWW8d~%<A`ENOM9_D`CXuckuj10mS&7
zW;*D*{pZl~{&QMvCB{V0Rkt(diMVZm*J<JI&tf3$FL^QdEZ(%`jCd_wPci2C86TF1
z_+1H+wvX?Ouua1HGdk%KjACVWc?f}MZRf9K9s0lJdIR9G%5iyONC*Bkc!b|~xi;10
zM3r<+!WHy{pCRcpf~wPiJ8HELz&{|j>{fzGR6C2gS@&;=sKhvpY*^91#Gq+yG*8C+
z<b{?utX{iA9&~hKw2-uoy^vK@g>}tS97=x6*vzaj3@+qMltZ?-6#_lL6Ff?L<##Yn
ziVLRHcQvWMf$<iG(awVO=+2keJ5{``qw{G#Ypy%od(e0UEI@I(p2{X9WY<Trz?hUm
z#~L$t!2dK*Obe{%Jfej5`fc|i&eNS=_!II&D_WL?j!~M{?i=0m3oaCQ{pmAig&59l
z<?Y2aZu180Zx%gO3-vYJ`|Dl>BImYVX5WtRwS=der?cj|di<XdhTp;MIGa0B(eXQQ
z8rhPuiNWf~W>KcfjfY-iI_CDRNtl}BJ;GBHGW&}Qz}@}ao*SN)NdP|#4jsOz7G)<7
zg-hdB1~vxq?~{K^8n3517tTNb?zHNCW+l-@DOo<=MQ%-fwz)w0tktfW=Jx%7I+1gy
z>hoX1@V%d@h2Qz{-$epku543ocPJ*khOu^kHmghSHp4-)U1`Hp9Z~#)&cAO@pR`hQ
zv6Ozn)Vvmb)@;;kYUU2?0e6|N@)c*ne*|h$3J6ZSkNm;HE}LIC*at{V-Y(|e%rt}+
zJBpYdCLJ{O&MjmfibW`~0B6D(4mELj3}yB&#IrQJ+qqz!U$>4CXrn%TtKl~&9j^Z5
z9krqRlQyk_tjY(jRLJ~7L?tXSG;`Cq`z@Px(YCr*n%i}9T(7g0hYQ-g3_ns7I%fP)
z7>nncxw?bGgbF+3W#T_Ry=uY*A1D!|O#6Xsx;9R~X4Z2=q2P`37T3W@rSh;^tJpmK
zYF+Nz+6C*ID{Pdg75dk*+g$@%^8l}V57rs{K<v5wkj-{rW4K?o#r9Nz6}3$w{K1=T
zTQ~cGy_cmc(3Qu#!2I}|<kth_O&jwP<8PwyZXpbXr=4jDAFF)W^3M|#m%UxCPaXF(
z#<<Yh2TCjK)C<Byo_im)>gm32^4kA7*k*5>ONI?37|RjGc5}?;Nam3jOHOCpQNlLV
zK5vEIs`s1S<XD6Ct=0jAv<GcJ8dX4z%bD~MrCq;`7)p=dEj0S(y$6nHpzZAac&)pE
z$I!Y4MaONB<?MlTedHTzZ)xl$;+{l<9*~VZ&({@vgLb3b4^tK=R-g}bF_KDb)!-;V
z#9(9U*Q0kRVUKY^$08z2{1)0%uZRme^;`mDQ<b49FONT(B+<*$iFdZQurhgYJRlwZ
zAWwUIr?u{$%A-GNX8*sJ*`=OhWDMXou#>-d=XJwk)kd72U&&RjE&MtGh0EqhHZ9qv
znqQBa#WYs)``hVQScMy_66nUwv+oHxdv2L+s+4gnw23=2QM?-~K5oBTwGO_VDG9U*
zAN>5y#(RcxfxG5WGgkg+mh{S7k{0tIS=S{&tclfaF&g)bRiYJlkLN3$Xy^f$!RI<2
z_jd`oA-_LnJ_AP5ob?<=K$vtu(0@=RviqC$-r!8J|7L`tXjlI@E4@5AdKw>0a?M?T
zL`&@CF3+tW<FhM?4Y{2YVK`VrXT(I>g2u;<UydG@jqFYA&CN#&Z$AFHx<dH%S4d<D
z`Y6I@gvZ7!@}>w6hIG-?h#B{ZI`KIVA&7Y%`@J+B4JVJNG-A3qzvLHB`;D7?Du%q?
z8HTc$ZcRrFJ|B6uy0^-UKtx*lk5v+J+!$t0dCs7)WgpwM_`}xHRID?~yqno3H-nOP
z_qZF{*vy=VXYu+pbDpc#|9+FRdHrK82y-aLpXWs|Y8@I;hn~q43MRHaS#N4Ro@n{B
z=EJ{(`@UR{#a^snb6k3}dW{)QxiE7aq^W*O!Dq=`;A@<)H;kalJQPXWU60T4nOu2g
zRq;htQS;I6vZQ3k3hGd?k}z_qxjv=xfzu+uZHpR_?$h$cm!Fk+gmwO=?^kK-COX13
zva<xJ8O+K9#er3L4^SNV$UX8!J?0`YwM7&xDlYpa&F|w?JQ~ESBDVL!_N@Rg%w~iW
z@F$HaQ)taabS+NSW;iCN%SRJp$@i8C-rDTLxZkwrszjNR1KsB)y!SWl`SbO-mG?)_
z`1qc?g{{jw!;Ftors^aX3=RpthAD@%4s(vr)0x&2#yD*&)LX%(JNE9kE#+d^j8k?U
zjdJW2r7G=csuf{_2u2Rn{kk-AOW<WARY_~37D>N-kT{shFG}I41664{=C4Myxs}~p
zUfG_zqgw9NO4lh*QK`=h^ks*4YG5uc9OTHJW(F!_q#*J+za_i@=^rBQ9e>|xZ79;5
z-jiL_;}CUFOU*(vEXDlU<Js1S5m<$>l`}a$HLLVpk|a*xv_f}*BS)+Z+kJRlCGu=>
ze5;))$|$#TtA6iUBX1zC^~t^x3UlYh;Fr<k@f*1H$NN^@W8ZJU6wbvc4?|}Tr_xhH
z#E;?#>bZFcGmD&KPY(|JupgF(;H`VC2bjJ7xErFP{n5;5ax3YT2&^gYaBHeQY^>aJ
zWtr0i(`kRlEL!q-+%&|T-7J@hx1Z@L?{>&N#T3^nv=*5YU8Fqd-gM%h!WZ{t_I6SD
z;)QAe1;k)+2cyIYlZ(O&F76Lt_&z;^;7d(stgBf9&u`V%nA=54h_0I_6;anW$2L@~
zHHOICyb#uVW?z9**qQs5W+a%|wXtWi>nmOD-s(TLc+=B{n_AeQr^&5L70w(ZQ=<F;
zp*MD09E>Cz_uEpjD#NL4j&rRryYmtZazU6!?VNn(PM0`ych{QAwF#HC0VAJ}gD@j+
z|ImZ-Pj~(flxpzke`4`?M4hG4_?F+xch}?|jb!}50t?W-+misF=zr`!*~1aVnR4nl
z*ofMajUDn>7CbYH^SJY6@%pw2&sr3>$b*GndYh3CxRr3_v_>GKrnkC$8L|*0Vf{*i
zsydD$$sr?tBi(~>NAPi+yodPiwQwL&z7tPz-$<a{Lzu{jz?Np^Ly1LAGd>gRoe`}0
z?_(R0e)T?LFbr`L#e<RNQb*hV7+2N(!H`UN0j=X~TxtSTVp_e42raxKaGT#b4Owp7
zcvrA!5AR?meCoao2J5nR3UwFTwE*UhU0H^Du)xoY9s%9LW!3bR)*dsgy4X=|nVcVJ
zOOcX%%>4R2(Bl5C(<^$ECOZUW=J{KyUUS{0j!OHyG6q%>A1Uo&#H}|#V<jBtee(Ea
z;qxLfk9=cnEMbJ(i_Q-)80SIviCd&X4L8rN(tfF$_;n@xS|DlCUA4)wCW^zQv(^5M
z**%;HXS6!B$nPJ^*a*V~_akFiacHX&yM(tFC3p|g1KfqlU>JCkgn2JCFxEgF#5N_(
z^)(`%w@49I$|wsBlll@)NYzHcNnHdE3BOJ7WHm~_^m|CZcz7gN><Vk%4de3Z58tn~
zC6CQSlHMmu#HST1i})HWu6w`X5yMO4_c+=Q7&@ZQ;wuMUvC0#vTeHFtbiZRA-$Tdy
zMe!{w^=_WhAf_-uo<!>&)4kSTJa<x-bJdMJRF#z*TP1b+jRWL3H3CS?;ZCy@$GA-3
zcVk-NiYZ^er=)c{g!y>?X>Lkgl>`6o$HMO3^{H-KXpj2p%IV-byC9m@FZ-UDZX%-*
zc8BJ649T_zkK7SEtCh3VevrxX2d52=Z5I-GnMe~Nz{9&5w`?Gd$%9AFU5>F|#2)?n
z@t|)Z%O_Qaa|TEG0QV;o$!FJnuNCA5%?4}1i@jh&_%J70UXQxU4>}H`r{VhUjREq!
z&6#lciLcfl{ayvRLQm%vqRUqltF(1Y+aruVVSSrK69n;@BGn`p*!?JpJ^R6q<V|At
zP23JA#Ez&i4ZG#ghXW|79D~m`7G?{07?v_><NXTzeQDQLzRQgvYhn6|85z=HEX;Z`
zC4mJ`xIvG!>b?d(7{+0I9W>H^ROI)gyoPOA_vgv2D8bMCs*%#50H(it=bX#?T$2}>
z@fhu8?;Lu9p%-Zl*3Dr;@ob3zHFZ({<N1<^bbxF2!D9zRJ7b#uPkhy-P7Rv~`pwa)
zc9-ew=GL7k@HJOt7cRdT)k9S;PZl&4D(tmU(W_X6@tbd3No4C?Gx1nR^u0GC?3=k@
zE4Q_6>f7yVX$5MW5V7iY5>iD=iLo$q33URp7ZSE>io<P)wZc9WjNjW8RjD}aFZ$?7
z5fYB~>y?<o*c!i;jkBe+o9#D$3A;6C9Gv`jK2P5t(Qf0bQNJe)XS{*CZm)2Zb-2g{
zW4hbfMp6MWRwi9`Y_Th`?IrvAcv(0c;$u!z6^yI>p~O5F;Y8G?4f#>9Rdy&ImOzP9
zAYa9)W#}9>!7sqT(-|#nL?mi|*oHT=OCe>H4k?PQC&equ6!?i5*YKw=aYk*F#2J6l
zEcz1r$MF*X)p5Ygy!9Ilw3<|2gQ*@{FnlWvGTAJNxQ)Ilt}NpmaYfj`tRrnOIc0y3
zn@zp5YDP-aGcQEE;wNWjH^RPtzNgW%wUVr+D46_krqISaGRP9kCbUy*&j3ihE(%c0
zRDD`7m!i<1#J!3Zm+`&sh5PsPCW!sXafRsJL+c*9#fi~J_F2|;Z>Hayl<PR%c?j>I
zJ2<SVN(9KwAdlGY!=_Iil%iCX#j<kEhs`zu8&F~dBEl|$8pNmmNDqJgq0A^G@tq{q
zPtdY%Uq&MFr@}(-_UZ$^W-OyNoKnzY`VCkI`?$jKqxS(F4uBXFzq?a|Xq@fuhBJ7d
zKh{e8Rc{K&pN8wMYGp!HyL6)Gi<}$#v~mm(ke)F@jyz18^qcQ>%Su_Z`oqagKhIq+
zgx!2i9I7v8Lt;^7#HMyKU^N#gY3(%mVoxZGvuuy!iRn5%;H(@gl7L#>C<Pj@DZ&rB
zpMvg@kY6G;NYtB0<6AGZxlfg0MDdf}y-<9x1yI^5Cc_)bZ|^nyuE(|pBagTtQ8ts3
zTq&E%#|3{oRkxGidEWM#d(+x+#jb+JxoeX@tbLI)l+vc!$l_5J2UHrl#Wa<S{6Vx<
z<DmiG@+pU<lgsB;<}iO=b&1W>D;|5wczzDiA?{Gu1plP{jtAbH*pmzv5NzRS$mXZ(
z@>VB0RzSoacn_eYSntCy<j=U;k2PYE<Lxx(r<2XTOe-YQu6Aof`R=U{0#}#KiFDfi
z7cr28RUGYVjEs{v^36&HyMl|Ker)-O^?K7^XgMkF=X9(<f(3a59qTx#(TrY^^tU7A
zn+VFFI&X{6ef%7Oy7mzFZoyA~E)1!f93Qq?Ak=VNq|SYmXL#%%u*!Drn}v!BYhb+`
zEGdaY#j|-jspMJEYRU5eEXyW^c((enoerROb{`WTOo2NgMrv}^{&;xNCwdwX*(#g#
z4fpwTb&zhQMfNq*YIng}_H^F)@4JJkIf^<9O~%t4Z6Y+{o?sL+YQ}IFH-qTi^>2YZ
z#&PznZx-CLng{LM1}U#c$~}6~Mf`99m0YXX-RX65GND%x$%nJy?0LAfPjAxJ1Y6ix
zcYJTvQ1)1wZ!@sdTjGU@w1Y?-#D}-20@@76Vm|af6_l=_@y=LRsi$1uo~iws)_;Do
zY_PXz*4pTwI8S>Y5ciGW3n$8HI{m-gjT@Gb{^onGoc??p`FIJ^UTJ<RwqrV?7w3WX
zsN)xPgY&?)ec6*`+*qZ=Q(?!nMSB!Lxc}&o5`KDjH_rZ<%h9HP;>NoBIOoC=(X`_C
z2i;=#&EjrO+gu0p6ISV-a6*I>q(_zz_a)??y&NOfwB*T^ty(Y|ne%kpPrh^fsKtB0
z&djx4HO66%n&YX@(ODDSp)=)xwE$%uz+S+_VOd<!!;{PCxw8}7mwaYeLm(g`0*s>W
z<-hiE7*uU1dZ}^k-P1$Bw^KRvL2otiX{%8v$=<$nK0xVyU~c@PueW(UqORQGqIB<m
zRk}x7w#0-%yg;VeO+d$j%gxQL5AOLmTb11&2PS<e0+e!3UKbj3KK{srbNzahn0w`b
z)zFCi!N$C~eUEuFjt-WHxN%XQnqP$P6ZlQV!7m?O++^<-3vH93D~qj%iEcMI!E0-^
zXR-0XLDY}Kqs6^)rqWXFd8WLaI|QNy_gu_}D}wahWtAJLMZg5?FDgP{*?2$MNQ@C^
zAZK^fn10mFsj4lj_*n4h$E(4<_goR#XHmOz$`2KsP#8z24$4tnatQZVyW<I^Pq<-Y
z0td^Culs)YA`5`Dp?8P}No0w|L1p|C{Lc4Un?NuV6QR6oqxXEVs{Of}*)p485fV}~
zHQxXnU(mM{xK?iL;JW0u5H{my5)#?zB;*NXmB==39iD!@52PtArKv`0>QGJd7xPuG
zf+;?_Fjs*v577Ia{=W6TK6BrkVFy+tMXE&V8H=KWKJW^vB1VzZ5%mNal7dO6)q%(c
zQ^nzxot?jug1MsI-z(!GbzV5R!K94Rmc40%bX;j@4Ja5(@?ESoHD`ASR7!`LsiIJg
zp{MHWYEz!E&$+-_<)kKytcI-S2cQY{@p4mP$dY_YZ+EezyP(TPc6io$T-~yABMo4r
zQc4H`c734DmSE9StsphZU+Vb-Rb{#_sa9=@ST$Y>j_0-8W-QsRY{2iFN_i!`;=bf$
zQSM6+@7$i@o&ID&&ai&LVyyAH#hAps<in!z^cQP44g2^%h%<S6AAX|be*4N4sTo}_
zI{mz$s4PItFcjkBFt@SeC%HAWcsR2PB0sD37h%1{Ii4(l4I04m!Udo?Gl5=M3r>%h
z52?2^;EHRaciDeAf4F6x^cJ5=WZ87ZWr2yAYCnj7_m<<FK;I~)A7g1?<1rz18qm-a
zvc3+MnOd5q<6W;8hL<_t9!Y30PJW)PucMrg%S4itsNmsHXKZYw($d)(@pUkevY`uK
zfRA9<THC?%xN*~5qJXi(vanvE@Qv}<&DA*hD6Zil`l={~dnJIBah<ROUFb7zLZ17P
zs|m4kA}t$%;5+RyG?z$&GARgM6vkTS@xT_s9-`R3JPg&b;4gs~9lq3jdEA0+n72Fp
zsZC$E=`7?hYtWJ#M6*>>zdq`kuQI#AOyYyB(A^y3p?fe^S{}}&{;LVgVGmp9diu$G
ztq=R3=>s4aHAXz7593JiIgc5g!xE`xo<0-pfv}oQE&cVS(>$$Ti1V7Daco5x!t=Pn
z8?9-P0|SHNSPZ=e5uWGZ{YDaco>%_FAlE7WMz62d2k%dUpD{oTGV9M%oKH>LnjmMT
z+!<^9Yq!962)vC$0d7P74Gu(Flas5<n6y1W@X=n|X7RECdU#U-PjL2IzXI7AbYIoK
zec6m|P@XXci{ysb?`4M-4^+@@i=W>DP)Uw3=_bk^zBgTpNP9RHBI;NO@UpUj<Ozh0
z-}|}Tn2H^whHBsVMxw;vqtO&MI_2h6J@cz}{%4fY<I#QoV}$%GX*oux1`K*~#LL~-
zE&Sc8JF3vZo4B6`eW9BN8wcUs;%@R=x<$reG$Tjg6P`+P2u8n7j#eRadlW}zrR5Ow
zGy&%qzzmRos#Tf)qgo|{LG-hzLg<=!L+--fG|l}n^J`MtlU0fA(HWFUc07aUi=SMa
zgiA|@TMTKN3N?M6-g?{AFQVW+oaUom1Rt-A$hN7QCw%(C5Z%M5+!|hq-0MI)&7n^a
zNprubk5?pk;%HxPTX93*WGepP`(2^6xAh>=9Vq)hDY)g6jx$3IA`*Y#O<zxzg7;?l
zg+EPJTVjOG$}gGr#;xBMM~KnNDIiX_w2wh;0#5=Yw+%3hi;^&klj3&8ciTVfNZeJC
za8t`Kyg6`_?mBa5n5x`S_M2R;mqmfie5hK}3yh4{-x!(s2JKcI$qW6=a=66E%-4D4
z-N1Xt;#1uh5#c7jsEbZrq}<BPxJ8qZK^6XPJ19n%M^f>DOr)&=y1kr@f7MT7>>P(a
zmQ&-Cp6K?$5$sN7I}^MX2OjW2CZg2KZ=O97YcNM63_x_^L{Cf7d`m$-Kde2748=lK
zX@p_}Fx970Nv54t?&gDv7CE;vnlEscY1jUsRTEY(^V%!4Dz?&to?E{qKx`5SkqIjR
zc?gGgd?}Grs@KjpO>$fa&+^WT=umgbF9v$YRu;xF1TTOlwYk5|_REm%olGOSVY(<L
z$w4wToDMCo-JRsN#@U3i6o!FQ=ilnug$naVbm$o8vS$9Tc-0h~;b2eFH<LN<?elbc
z$)lk+eqBT^QqTTiL*8~_U7%0?KzLc7fi}iB(rKp}t0@*K=+!cO9or^0WZ}1RBa770
zag|c_;|U`2cKHT7mBX5KisI8fbCSno+hpmZ*D|yaXbC_(uMgH6%8uMQGj`2CyzjgN
zOJl~6An&rC;dpgG|6VvtarIY`{XLcMxL4qT_A5B+zkml|5V*Tjnisq#0mnj{RA0NG
zCcKGQh)}YC%BLYbR%8eZ@)qp-xUF$G9cmL=Sbu(>u(ebcc%zl4h`e{D_JbBW<?O=o
zF~2H8A!FnKu-Lsr4?v=sd*_o6KrWO+!2D7<zy=sM<w1B%K5jD`5!w8}aGP$GwujhO
zmM1AqSVlc=y;?nvDO1=MroMh2e+bj8v1a!rpr=&{V@QlEhW`eqo$yI_gWHze!S!Fq
zVLp;qFcQarH>sEDweBUHGn_0U{wt0A2dQzn3>MfIg`@&qb-09|yTxdAKCjuPXVC0t
zdyO=^Uz_RseX#BeJYeU<q<llVWbDW#tdi9NWTm@x=LUOt6aeFDwJ2Z3zkmZ;kp6)K
z=3T-8HvxAXtAr1oy}+0;gTCPy8gdy`*rx-`NPi=@0<-x71UG(6ph}#Vf`3qSsa-<O
zfXQbqEk*fUBdv-Y4e9fQhlSv>Z;JO|`;1o*Hp5F~^ZS2+uss9)dQG8$a9`C%!=a{v
zD{2{P4~E#iGS59v8hC}d`Mt19?p**vSzla2A@cRg2lDyU`{Ztc_@cmlz8GN8=kXE%
zgU(f8_TbU?i&TW2;v%t5x^<sOSr%l+)RU!(m2Hq~+VkA6tBta;zKunK-9Nf*3E{Zl
z;d6=Il3{QLnOb0K-qxvjE47aO-~x+T{1+C}=YQ+Zm4G|2rfZx8$L#2+>^(=@`Z63x
z!{7GD(T>ljTE(iBZ00?>03+SI{ulbv4?O=mn|e(G$egaQ?j!~wtx=a4`Y-AXEjU5K
zG7Khoh#d+A8F{wxhnxoQnes@KH1A5ZQ;_4`WVJJ<`Uwl)_>>1=oFMij2(>D0GM6Y_
z=9}t0(>;;EOE5V70nZ%%J9y^HI|u-4M)i4Qb?x5ZU=sGoFVJDvA?vYckQE}&1s*80
z4-5bWm<Xu{hOM-#-UQ?sHQY%bZ)yX;h#&t3Uak`rliFUyL%f&JwI9Ets%01i@dniD
zaj7^G!MGJNq4;8W%MJ{JClr=az)f|*Z|#h;cLj?ykLWJ3htNOp5BSI>EC9f^x8cCl
zQc4_lJrhDk0p<Df9uhyc+Ns)vh-LJsk>D+~MhxPANk1&21B@|S0inPFp^oI%ihOMe
zihP|t!8{ZXyf);@>-<0VzB?$YZ&??HA)^dPQqqt?qM!sxGXzPJ5l}J;ijs4NAqa|+
z1tg<HL9*l|ieyo8kR(ZR&gt!$L4WGG=iXPR-uvTKy{ai{s@(2bYjv+)-MzlA`-oc@
z1-43trIyX7e_^vmVp*At^+*Rp2_Kn7$9(7`zy&aY%(Bm8SHAHW<-Q>3U-=e6wr#=!
z`1115TliE#0ojt=xEkA+i^rHD$r#um0`R1VoQxdm{KG?%BH%Kxm%(6-Pz+DftB;0t
zMR@`o-ek1Lw9j_xIf`C?!vZ00%Y)9?VzECC&rLKx4lkEA&&eP{1`EIk4g0<JE-$U&
zHa86^&z+iR30%|W)<ov;QUFmfQG~=8NA6r=ace^T;sy$19C;*F?9Mz9f<Z@>aMe1U
zo<{u(0BSbtTd*`RzrAf_?!!X1^!lW?p2leI$yJBss?DP}G6<k>mf$wD{TKe%9jJAD
zeBk7S3Gs{NGWgU-fd1LupZtvM&530hbu?Q17udKA0H`zvzI%Zs4HlCz1=^HR3oZx;
z`0Zr0D~xp5YrNL7sO24_Uvyp$m)x{B+X>Ytz*>LYz5&cskp}VRRxaMrIT-kc?rRzn
z9?kRk$VKRm#mJ&U@=U7HI7<M0Od=qPpH77-rY4weq}mqCoAsy;xY=87AQ)%8+R+kC
zk<qSL(rxA$f(^l@SRUlLEn3#Pk>nWgkZLmlwWcg;8H#2IraPWYmH<2oK(TCq$93Dy
zB!G<j^cg_h5Pe8eBQP9pYder*rPLs)0YONhKDK$z#S8(*3?UnB70_vGL}DV%P^H6e
z=PSh=qMR%+(2c5yfr}6c)L(dvS&wb52+AaCNNF(NE?36~L9qMTgZy)&p@nt>pL-FF
z@c_;+92QC10^Ixk4%6pGUg2ehy!~t#mHy8B9k34Hm4Qp2hu_Koa?1DTW$Dr7hYUvL
zgHKG+Fx<#)ra=|bLi~I8?&0;f<s0P2+%w0?ByXtfJJ_ba=U>e3dkbzzH-0eEQGtRT
z%gRCp1T^*VwQj|LY=!j*Y#g*&+BF%MhTlad)oSBck(q=nxUY#ZhZCKN`!Ee<;n8%Q
zZArESfTH7ulmia}sFo`Ke4#Jhent`g+;@HfNf-f8ERhM-%4IeqJR>h26l&ha8;rq$
zzocS7Q8j{tF}Se!qXV@svfxB>=-p_0!O2P97OUfpec4s>{Y^L$hq(yg93@Zl1geoZ
zY2cW)eTsyK8;qf>z%Cf{PMIxG!VWnCOhmC+yW+K(EDQ%d28uW#ZHq5g1yKfC<0%GL
z6_lVM{!y(xd$rX_S@au8PT=kZz|Nu>LAU<SKwo9?efO?2A<te>j9oMHS$t?XN5+d)
z&{JFs_pd`-$eVd43=-p@4Hn;d{gHB;SbY`{Rr}k{gmSXm;;xLqzxP6aWo(}l#(2I%
zp~DYwP#mJVN6nZ1;t+*5SflKl-)JpECO7J`pC1KqyKMUu@u>mD;Q$V?UmyAFXtvD#
zEYyn|IRKD+#}Z)Z{`demF*G*0^KUo&kH=sjeCAYafV5=H@NfA;|NJ!4$#pw3#!3Iq
z7z2v>`{x((R|mb&zcD=id{7?x|LJ7^FVM;UH`IY3(KPkSn*Seq0O&+y=$Reo_`{9^
z-p=nIGE7t^)6-c1wHLl20df-;u9YAe4!?f@)&1pT;HM|{%c9)(9+Z=j?j&S9^}7}V
z-!+oYlKyNcQr{WP0GXXR1G)dU$B>&1A#+A_IehUip6##Ai2foEIU6#1`~G)B{z(e@
z&)J1P<F&u`v4Y%L6cvryXFz@@B^Wrc{#t~mz9|1hqWUFjPXDl<{@#lSa49U+6T+2F
z><89RS$u_(*gVR$=&qtJwEOGVIaJS}>lc3K1OivtD#=}&S497m9P+$lJhSG<ZU17;
z|By1^2?w7IIp%*H@=tu_f1wV+np15toSXnJ@x{{@mlgImX3`xqtKdyJmK4(eSWcGb
z7|9=8re|6K?nv?exR2TK<8#H_E<gjzhMgO5)D$7IF8D7{_*8o^itUM($0Wp;Pp#aV
zHb?tyyhDKcZ<_?+N~&A$U7Kf^q?`s#R_n>;LK9X+(JO_Fc2zc)u08Az$2mvs8Uu10
zDQlnQPH@UCw;4~KeS3fN9}z-}z-`eSOlJJ;Kccj<wbXs4_C1?6$ctA}oSuk_D5;8^
zooS`NpJ@wMI}Ec_ta9`U@~vNz;II><PX?Mt{d#HSV^|Xbc@rLXE`a}BTDqp7DWsjg
zhum77>jp^1qR$nL5**|Uzh<I&Q*K@tbROxRzp533g{OBix^(*-^U5=>m%phR2G}yf
zScDsYkb?_-TI7m;ES^W^99V#3@FzpIC^5jT8%e(^eK@M9%9$!0ZcZ87iFOZ=Ck;O6
z26IEnK~3c*K)Pbdzw@2570sRHM;nHp+}R}7A!;FubXrmk8u=)~HuGQllg^BIcq>=I
ze25>^9H<n_rPL}|*uBnz4kyp<_Rqpem8hjcx(9Fba3THqlZoY5EAuRIekv`DfYcZ3
z!<*B$jMrkd!5psGQ$}V#Ss_Q0G0#Ymd&3Wo3gsie(i7NZ*xi(0L^R&Mg8lOqfELI5
z7BQxNXq1UkdA>1^qBncI`OTj~(VN-7(s#xSMFGCh*DEGZR<JF_e!c)!4B^uTBb}lU
z3LeFnhedQvGH3hU{h$5b!*!VK@h$@33k;>sR@o_hxLRFddH&Zs+DQ07a6`l7qvL_Z
z=v+xo8ly9PQU6n4TF3IGMQhzLkBQS;vCRa2sftE2?CtQoZGl7j`qPLFD-*0El3#4;
zBLr7vC2Ap*&<iml=chMjh!4gCE(I(3Zv3;ynq)CRn2nYM;3g;h$k`e+vOfvU`THxh
z(@es^_S35O%ai;yhbod(Sh%&$)tw!rH|RI$5%w9SSPEhYm{pHL+GFiklI)P^AMIU8
z#xYtIm>B@`tl+BtG)EEb^P!jQj0L`MwN(WHRpwz%03uqn7X=U|*&*qj8C#=}GeIM4
zVpvKskb37!ib@d#IEQ<7X2QaW@m+rD8!GgNspaiOEli`QMce&b#ELo<qkj++fLRVU
zO4ff_Pz8Bk5S-L7+Vl-6I?UNdyKKlXC+oH|0ocMBK1B1=q9CGy_yjt`Yx3<9T9MH}
z@}GGTK#|Gtx~HXzFaCPJg*5Q~VSUB%b6<aQ+dWIT(y)<nFLpF)PqUQzPd^gG_Vbjl
z`0dnw`T|&f)20+Hwk$L|I2@%X=y(s6PMX{F>_}b!M*=sv_g8l=Ef&;wsyNmBBQ78f
z2|)Vcy)E5>Sm?Q-bmWz-DpYL*iKlV7bdT2>fnf^kTA8zmyg`K*==5!GU~9#0iY@SZ
zhu5z;AUUi*MS{HN^mJzY-8*oKzsJjiXu!k5egc|=NOPsCK|;^({!)PS>wp5}cw<lL
z`25<qsWEwx$aVIUMeA!HZ)15`HnyK_BSz+hj)P_5?Q)Mh@aEIZOQ}1xCnfxadiGOq
zT?n%n24&Fk6LM_f=aHlOaO;^WHM(ShN92F8r)4=HFdEl2M78)B)wlY*JWNK~>D>iy
zZ;3SDelVSi^)CfV#|Oq~Vb3u2g$R8{P@{=ps57EuNtOjt;qM`db?6%N!aO$WH&clP
zY~=0<#!or;Xa!gNYeO57fe@mpVa>h1GSM$tW1~BNIWY2ez<<>^0(~kvxPv5pQ*`6P
zX>ww+Um@29gkBrcK5l{smaniuE_dK!A2E9pWn!#8leF$$F*qN)W3}6@Fn6Cj8i3vl
zM_O`3WzJ#Gy~&}STReDW6&B_xXyW9vb^<r`R3*B^uU~gKnH7-4Ifk9$y`a#&`c%oW
zNWlA8*}C$se2waRWDcPFS%dGR!!|gsb7Wu$MLVsFBoqj;cJIX9-2DKMrQ1uG=)XGY
zm01Sr+t0i+6lWT8U3%}4v21AN*qyLS#U<c#EFNjea{U~(AF0>A|0Pv=a48gT0rC}{
zjj8cPIyLMpmqpol4>bAY?vTir!qz555i|Ihon57VwqL9wFzSe)FfudtjGK02N&JTV
z0s`9>E<jy`tdtQYdk2S*;!F7AI;XijQ9UOveiF?=^gcYq;)47pa~{sqAG&L9YZ{!4
z?n<zad+tg%ekNb_>ynrvtK29as~Q|PKjpx(uHzibGIqm<ssVKgEY#|g^V(b0eHLF!
z_>Ui{r-WbZe%wHkL>wV%Lp$+qF3Ezv?E+KE=66+biJNzpziKoGiHk`|>@O*;>Z;q6
z+LXtNT^ED8=ihn3U3;KUevAB**k%CG6*^Xvv3%4i<!GzDBYPwE<3}<)#qYO>N6nF1
z1*y6(Q!{|HOHbF)F*J$4@<_lFGQ1@VjIY61R9jQr_UTF&hv%MT1xhhf9{aG-vJDt`
z$*Og)Ul<RkG)$%{<$b|KhR0a#4*Z#lw#@k?c3g4Q`kR_}@_Oz!_qkeioi3Y`Y}FPb
z3+dFw%KM5bW8yVCH&1tPE9dHPYXR4kSoX=cRG1nguSd%bO@O%vDZVRH*Ml5W+Z7aU
zLFHPKCaVUt@GY*2@ODk`m3YsuL_0;-K>>lU${1ZID@nQw;m4_EZ^sMOKQGepT_e68
z{)&VE9AO{~{IOFk)3T|PP%*}a<iaL|e2UkNy`F}`fLavOFN$8LO9c`X-)#n3iA*db
z^WFu(1`s1-vG)hTpVTZdP@g+1Rf5+VBudCKf%IC2P(cOR)8YVT`DmDNeP7rocZ|VK
zjo`00DGReM$uM#4Rd(<xdE0G8RpH&_Zs{Cl1t4ra>x(v3ng9njHsyO1D=)TR3lBE%
zN0>$L4e?lVI$e!o6BlH!GsRL&H{}(JZ{0wt0@Lj>&%o)KWxVSm*nUtN79J@?>PLf(
z!gHBO101kS6G4kkrJ}EvQ5<QOgV*d}zXy4^NBTr}-PE+S!R6zgwKPs2O{&^}-Jo-F
zJC+Gq{XCTN7VXj6)2qmV$g4wxpK0=EyaDQK-1MBkZIGeMg?BWo%1V)^w1GTfJqOa+
zAITt6*)7<1E6>1?=zN$aP%S~YvzSd0%IClR;4SXa1b3SSPQF8<=&Bp6xMZNMM^z#{
zVPfDmkjzN5wWLHc7cF|T(=5MLD9rNevK#qqdg(TMZ7=jiM1@Ie55JR5#sQKy+AoD9
zl_u1IW@r-JWZX0)bdC)t#m#iwy$N|@UUfioci44$XWKLt0#2Zo39`k7<I)$Ecp;lN
zon|EzJTYDMi9AN0+sbKkg82GufdcoBSx-gRg+)?(>bmnRF5J$NiL0OOcrlku&!$&q
zeQjvNi#~thSy`!dpT@%+_=IE|<|x3tnt3^A6zy|5n#e2eY+N`n_i6>;vkT<heqBZ3
zIm_D;>5}Qi3{WWnZd9#6G^|jy`MiAxa3?$VRB68ZBEQQR=;h9PwganoNdsd$A2fCo
zrb7FVGm9347KJRs_umlL?0-IlXSUCJ;?h^tC)y3SE-cR|Ufkc>bl;5#qQ5*b;M^rR
z{QA1~tgBn&qv8ka8d2P@R-;seZ&cBIy?seAufX$rOk|T%Y^zOuSB!#94GTa5A-auo
z(4{Wt98)`7+C5-31LSvCb$a)&I5nRetxo2q9WH+Xl%`W3^Inz4tey%LQ9Lh_9p&u&
z@^#|*$BVqSan63Geakf^jztf~KMrKNX8B@&X}gtMTTxA-bOMN_Wj-r0ees*rv5GDI
z?a~KNI!-ou-IR{|1#QN@C$kzI6^D2zgit7(4SY7>hxhHe%s>S6eeYJT%%yN=@GH)H
z@Ahr2)}$BpV#k;up{(r{E<czU7DMW=#<}q5J-2RuSsm9eaNDG8i=#A(u%BsbMe=>?
zJY3X9%*<X?jS)*qD0*xSV3Vy)mKW&c-jOZbXi3AR&%Sxo-kz1>!vb)On;%_R$%@@s
z$ysFp$hI$LIJMh^+T<Fhg~re6<#u#*A4mj`d$dz@W@uzQEjFFGygxs8aY1Oyy~T52
zr&`~ZM>loo1UFn*8v%`Rk87jNUU}E-C?ZuLtY&DCBC8bBHt=SgOKo?vF_BFBEhv+%
z&HK<<>pXtn@%>}>?L!0T6zk1MT%7TX{R)%ZSOpPp7Ti6zS}8Y%D2)~^JO;L^Z^q|(
zNHpp@5mRq8NEcg;tdIkp%mBbjG}g|zj?wFlhw)!Xox=8=`Yn$|Kb=mfF$^Dimd;Bj
z3G{oB;hD0;dhestc)3Z`uYkMJ8&I__mg4was=eu?gP|y8DBpPkxS$4G;OynWo=c=w
z?~Fy+KEk%2Ie5%JoUmf1V~3bJX%E(ph}f%#<-4z?6530gB#WwA*Drbx7256k&V#Pu
z{TR*F8x(ugf5L=ib1|LXKIuDn(^yVI@TP~oOBh3)Sv!Te9K}eQ_LT;#;nWe_g&?nV
zJ1m)}daE>~_P%qO@38&W3sfkGsya*0i7o?yGyhsYd>^M4+1b)$cZ@^%l2CD!$B1h~
z&GE`%pY**oQoXq(hblTE;|7Y$p09CIch7lTeSps|l*A1&wynI4f7NyHJb7lFxN@?)
z`OP|MZ{7GA_7CqSU#k{^nlw!%g^k?iW$kxfW-Yj<dQlp=!X;8J2?vWY-SQgOkdijR
z^xwLl?5VrZ_x1um2hMxo<ucw!Zsn8?L=RRfr_4pxe2=AO5%b&G_nRM(G^iLK5H1Am
zkLXgI_g4|BIG#yM+kJ4QUHN|V>CvN5o}RJ$Wp`Wa>n~kBS2cBGd9@+>uFq?mG0CH%
zLQtwgh}pV|*a;OacgJ|^N4qYIBElzDyn99cW`0%ma9in$jRgciQIoeBp~t>WGc>T+
zTjJ4@`^LNCba1kWErr7|N4MVVcxcW@W4E0U%=m;B`Ybv3sM%3s%lM+}=q-lTtdLl)
zsP@CraMkHymz48wh{vZ#IhXB=l4{N0>N_nfKm1a|@Z*bURI|sn?Ws)@Bjn>9Vl4vB
z%f@DbYM7>afQj8oQ_H1V%8{uJisnsKtC!r<X>g^jcL2MP`|oC|^fs%ljP9P(X>3{Z
zTv8Ry$|}FE2HbAUOq%$A7`wYxPoi|AvAFB}*Ri?R$~GySbR%SV-{Dup+mJWeVz+_Z
zz`Pwiq>dcrYo?&$2w5Mi$jxW1%#cAW&o58=4;pr)CnO#;CDbh^t{oFgzK~0%%2559
zd+6rp44ptM93{stEXzw;SI=Lce>IjG?~AKlbL+#0TTC@ij%_dqLojMAq$}KDJ|X~)
zOqoJFxak8sjnS<F?Y?$@xYla>!J^O|Ry&|n)6L{PKkv<lJ85I5d3tP44+mm^+EWRm
zNK(fd&Riz-frrJKam<T%@@?5d)^A_1NWJ7o;I3sT#mbdhmtBOpVxN>FX6Dp<YKDX`
zU&-x;I2S+>PE{#%>)}8%6jwZ1cU>Aw&Bdp83m*=e_`1*TQ^uR#D-hRfpCTTeqcuA0
zy1rfJ`NSOe5olWa_T26d&D0hXLa^cFLoENEPQ`ogsg*Q^XnYPTDgDN79GF<By1<8A
zH=m1iULz}@csL~A<E$I-jOyAY1xJ801ArNgOMyz>@BJ%U332B1ZHp|2w+fQ3j_(A^
z(T9ucm3JRT;PzAM?vzxT;^W}CMu|@&g0=-EKGp9%1A5JAHb>k~bI+~YN%7H2v4Jq_
zk2)TT!xytgj<NS|8W1k>Qr-LDj`4o_y<i(3W{gnzw<{lI{OewKhULgt++dv$`%zz*
zo_(t%Q^>Y)okUeURu%8c{@U~M(t_tcW4S`wh7DVILZzCIK1*gETm#9}34A8pa+7p=
z5)1RaZnE}xJeiuOYHK0YBichO*^73-1gJ2@?H-r$@N{p}=6HwZ7=)$wO^Lx&E5B5)
z#aA}8r~-ccS?t)yzHf%o<5pm5;7JJo^He{72&+xaG953i;CJA1BPWQ{J*_KGZ8u`!
zR_?-K@Uf^Jwx9NbA#ub|I;M{8NR3;`$#K;yxG<tY_Y3S^Db~jl&90Svmr02$)*YH-
zwT{(Q^&hIv?+zhp597F`-+kr)8vYJf=d0Q-xrDKNo0>8X$j6X-3$fD3U}0@2#6|Mk
z55GkA9TR}}ajs7@LZj3Io_giQbeIglb%cpu3PLzb=tn)6TOZkfEn-tTFz&1pTr<j3
zqkp3AuLu^ytIeo+m4KV^Ad&q0+ua}PVeW4AM+bU{iv{?uBiIgFasB7j`Z1{Vjn$5p
zTI6cPR;~~88F+1cH5qFlvN>9t?E=SfPI2Rd=pF}&t;v6(z8SY`<gq<txL*dturpam
zkF60pihAL;((~Hrs_ddr#_JnmKWZaFr#n-{C#2z$Cs(CcDo^2ErDQhKtJQPPt28?k
zK&{(2VQtBlyA4;j-Z$4`isMx2294BQ@mv@x;@^I|>nP%qTV4ftiQ!{qfs{+WE{7rR
z&M$7)pI-bZ%LYsqfk9k-Y*TS7p_Y+@&VAjSXn+{A=LX-zjkOQO8JAo~H1%-KUE~=*
zUW?+Pr2oOhL{FVR5{kP^$h*wu+8}3(4HD~}Qa-x0{d~gyaAK-!+Qcjn!UKc2yR^A_
zQ4#+T=dElzv@&MPA5Uvj#r;Tfm*-jed&<ip7Xy?}PdIgqT$I8y+L6(w9*$vdn6&Tp
zUB6MzfW3KM_QDZ>aLz)x{l%>LyFWDYsG>~M(CfWN$+PzzPC{dowdb1j`hw^x<W$c|
z$u`X7<x`SBcxy^LYn<jU)MMR1-4CG3`l>r^dTa~;RZBIkm^(`Ko+?n*?osJ==DxO9
zk_E4@dV1fextC4XazY3(zOVa^@i{k4ioNF5I7XMoqY0<u=<Hru9en?8&Cdixx<wzp
z1r;41M3>L(QyQ*w5%E30-;%0lCm)orc=fTbnUol|pY9@}{FI5#twBq{C~WT2v(4`w
zrItKl;;sevX#r+r#p%Q_bVBIqc%isBZoSb_s4^ZKByI}ACULUFiAa6o@ugnz0iTLb
zitC=Ys;<;{^QkUgI4i91@!(So&WsUUY?<N*tD9dlh33NMgs}ZwyKgQRpE>a88igJp
z#BgSmR7yn;)Po-%jB`J)4*XORS~zYT=q?b7%dv+E3%)VkfOUzk7t$!cwdmj9-187)
ztXS5e_J04W&kqZ5ze(+F>6d|xy@SCNuKs2>m&OyW!|P|Hq{JZK;iKn-^m}ypQfS^&
z;PF(;JR!V~`w?5mmCtNq^1O|Q?F#lop2HW%HdlkByhpGkcCE@=*M|45Bu`vff0yIV
zQzG&h6Eb@tXhXo5__5VGb|dC&6w{!eKZiiKjULoj*f!!)aP{VFE=NeH0&mz(exOJS
zeGK1Rv!`>wK=0AX+@}@qLLsMS{l(mZrPr?u>LhLv8$*g-HaH#>=jIc;hlB!~qe}L?
zw!;AlU&XSA^4_ChkyZ0#ejGf?o%yUy@-36y_m6PC#dL8|xdpwkVB!mrgV8>h1lJ$4
zL}J!SSj2_NZ`@7t$a4uZu5Wb-@$_n>T3w#2Zd+}dVoGs}a<!`|3LL!W$E{&X|1q1R
zpf3CHB2GhAE{7VG%>G-Y8f?GnRoeW3a(ZO}g5yvfqf-NA%qsXfu4UV!B7^Bqi!Qr5
z)hP_LD<+WoXBh~qjnFB`#j-i8u5wb$(4k|pSG+5dtRFR@u$M)>ALu4dGd=GRRqXR<
zimy^@Qa&CRl5e&`qyiA$Xgu*=rJ(T|?(=b2y6d>#uS>x}n0dTB6>G(wyDHNqUDyoE
zOV*TbQcR%<d~V+fhZnFIXHGxYz*a+dB<QW&9adbuHKD<5oxMCEsFG~r=*wOq5aPf{
zjvg#wktMwY7{dwEM6ypCtmD(qou4AaWf{~piPpmRK2Ph2_3Ss_$lfoe_oV41zrI`^
zCdM~?zLuDHE-R^rX<GWG8Y{Wm;&yCp`T9Ukd4*55$d|yt@^RN8kK8GVFT-vo4~e4g
z25>BN?z3;>(Ap#<dn~Be65D*_W24%3lCBVGD&yE+le^K<oZ>xi-e)I}8f0-WH0mC7
z^RDwSaktC(p>a$3&dyaLA|Ae$U}j@$?%6@cK~TrBzs*2sej&Y6&7+n=5N$n!LAEg=
zc#^I-qKj_2hR=HU%R{f9wE+AY2K?w_b}&BBmd3dc+wAzf6loVoD#r#1M}MTgCDc#_
zvgv`W&0es9eZVGC8PlS;%G&UKqE)>Mw{}vXdCj2S(7<heKf+xHu4&IVM`wPFr+WGR
z(@&Is<0qu87)B{qJLH)6ttPw3OP5S1<-ih92-J6CS6>Z7XieJJzc!6ne3GTSU{STc
zqZf;xW=k*Dl>l6%YY8BuN4!Y<dry;wI;SiImvZ=ovf+;K^Nh-Lo+GdLX-q=ht{9v7
z-*ry-cB)sj2WZNqRE0ZikFV!_<1u|vlO(W-u+Mwr;$h<l@Ay_j5vi#hf;*>sKw%>V
zoE#6QY>bd|y4KJJNyrgc)*~fM&@0=0Z&VJ^!25oymH1~7*OZVurQCLOD@p7NKsJ1>
zERT#E@9EBW=9wW<Zphxn>BH7V!0RKFxVciWNFTQwT7H2~;M}$B$Mdx><@Vb?4$J_k
zW9~u%2wh?Fbx@n=dg&(N%`ksH<;M<e0gW4jSdU-UpYX)BpL4h!*U8w>BRG5Vm|zkN
z5?CXC!PZ;XxDYHBLA1wsF?wjOxn@`VPT7~_<tuWO@9BIidnjyaW>3dY_d=Yb@dYCS
z<bfUcf=Qr+W|l3*D<`SBsjZuCPfkNFy=Z)C<d`uLhCvvu^P&&SPn=t76>r^y7;H;5
zK#LXR(t8=JN8*V2$F3>yku({(eXMxrdmEo8WxSQ-PnjjTZai}k8gXytZZ9Kf&<ZK3
z-f@lsH%+>LPvjuqJR-bKi*P-?7fDqS&_oQXUU|;QA9bPgCJ=p+#@p`C+z#w4zUeA|
z)xykNEPJh7+q3Wc<4duuK&{5(^>SnIov2bEpX0YcGJhIj3qn|#+&i4QvMeyZ<He8&
zQyV<R^O&${<6aukwLlBVWIK397&un4Gw#!&i_s>dk&?JzzXnNRl`CscM9(4fHNj5t
zzQ>QD!|=M4ng~P15fKJDb3P${twP#6<Xh&w)9=P-Kaf$`_z@D8Rc6#iN@aWMHbStx
zzyh!UO>P0>$9H);Le7%|l&LZcVO=tciLKAcl604A$1&;Kz)D*{Kl&lPgqKpDcK+Ou
z393v*{Z}!<rAc`4Vw<zP;i4-SFI|ltqbaEeSbvtu=6B@txDq&V1B}h3m<LQU?W3JH
zm;Ie$0Gk52N9VOBVKe+Vhq}%rhu?jvefTN1-3Ttu_lRDfEkfSK95VUU@_HHmhGw_M
zK=}=7;$`+JG2tr5n!$wPWlTO{8Aj5&{b8kK8!Xq^<|CJp?|0{m$?aRo2jVmzz`wdi
zhGp;oj27mqf@W!GgWjS;UoE)Zu_|=GLzbNY0gZPbJe8aHvAX3TeYy$|A%PNQaaXOn
z<%NiqbQ%>|wSt2Hl44+k2tl<`gKF1ITNpS-QYIK>HN7H*z15(>OdVvrPtiq98$U}|
zodKFvN|v5b;Q4aKBfRq(L7y)y_JXIMGY_(6N2HhckO`V$7#3f#A!SH(%awTGWh^4g
zl^Z;9y|XxSUU|fGXb<#bv?Re;K{lXrlS00J(Yk+RB}hE=ofl-#rq-ZY&-!A-r{nW`
zOM)*Q{O0<<y}kZ0fLaII0N3{i>exiw4ZZ$N?@f0!rV;1?6P@sfKwwjdT35nD#g5br
zo~;K$IF$~UjZ7HTv)$RGpnP-hBcD?`it7zuR^2uqD-$u##2?h=vX#OKy89J<4tm44
zpD@>pJGFQxtj0V#O<u0-vA!;9o#668{jw*?pg%j80sehY*1fk%b_C!jD~sM>P;ht{
zdsaA=%n0VL*%1%t8*;M_8)yUw&b95^qlGt)xAPFwS+tN=1zMN|C%eZ@NsMSH)AnVO
z-_v{|D1)*?rQ00r0L#PgM|9p@^d-mo&r6Oq4XbN9SJqlZw@Z*}-e;0Zf=4tY??pA(
zkM&hWnQ!j$(nxas6CrNbMMJfQgo|SO(11H*ZJm$mEj~u7d}^;w_#Aroj-Q)!s8HzS
zSoUCY(sPc=+HV(QG?p^NJ_jL957(o<s#{7)O-?oBZxZEq_AjmtG2#h(u6@1le(^nU
zQL(7$0^}nnj%gX9VX4GNyXw`>+%vtaq&7}iOFSKEchW(KWt)aQ=-P*FL3N&N;=yHs
z5g_B<A+mN3*Y-HS;$wode;=v)R-J|@xBn(TSfHUV0#EX2i!zZh64M)g3s`R}r!C(*
zx2H;Y>(1YvhT|^r?v8ooO3d<1UgY;5esW7>%+o6I{=VNh1DG8w+*TU9`B9?YsR%f*
z_WesFg#xOLpa#qX?c80VY{dnKBzO~XJ;7Lo7#|w8t*&K!(hbpf*(Tqpj|%NkR!E0I
z9*IAzFbtnj6h>fp8%&I2V|qWB2t#SVFS(h!qo@w0&Bs2qxu=dsrMvqNdgShe+0L^=
z0+=*6b{-*M&qt8gNUha->lUaI-ib_5$W=AHEjWaJHpf8m6&R#;#sBz$*!~EXS2W4I
z@wnIoRP`zap*+1sA+1R5+J?+U$@S-;l3~N5^@&??B~p1;jbn!Va`<jOCM4WRm@DE{
z4#$sT4eH>(&0S(XmQ1aAk1KcYs0TC4F?;;w!z9O=W&01vbllx4nlzUY3h>(Ab3sO+
zywFxCl_cXuSO9f&?M7pdhTOR&l8L*RbregG=P=`qAqPXN)zjIEW7;P$3^s4g7q=@&
zoH`O6CAo?eWooOO9B=94K5#ykvZ8ze@Tzox!XO^~&1J`rzfn{gH-R3-$or?9_&EeD
zDn%qqMjkoS`%S6qUI--kuu`q08uI>%z&5kib(fS{8fx$6Oq;-k0`Emr(Lti}?#64!
zJW-me5^$ZKIwNB_KuT6Aw5s=v!fru*%|29XvOZWT)V^NO%(Abo&Ov}^P!(S~wVL#l
zrm_Em$-kHH`{H(CRO8BUGbmpZ-WcQM6WWK1Sf<1P9lV^|C8&HDFnXVHsLY2l&0EO&
z;@3=<O}R^1FbGG^mMY-NAp_oa6u4*Y=iL|z*O}$LBSQc#BZsGBc|ii@efbv4humMn
zXgMZ6P>{b8QN@&<6}>0Q_UvAv4M8D&4FP|>jJpRuKT#@A<@aIFc3Be^zq?@~iUmx>
zo3}>N>9o()@~)=X<k!@G7HbpF8fi*~7#H|K7M6)U$r^MJ_&ZqjwE+yFl6ybo_kTon
zDQm1!+a!nTIDOjiNQ<H0B7O5*9tSdsWA^x3zH0XVNSQ^w72LOS{P`t8$XyHLfo5;f
z+4x5z^MzJ~U|akCtkvz}8?_weAH-e8xPs_Bea8YV2<M#YWo!;jEOwQN)D8><)b!*B
z=b8j*K!R#2Jy7eH;dlrP)^;FM-{SJt%I;$sMaAmM2oMJC^xSI1cpbK|o39r5zAI3?
zYT?n={9N^T!{I!yFvBd>-6slQm%6&K+bw`Yw=6Qoz7iw)7*9L05X*ZY?9GgN=foJE
zoO8VG2=d0mu1k{KQTUs9n~i}bZbBN4zipjcGdET#)-A1;IwL4u>$X&tEklHtxHh7J
z;?BSu3p&bd3!vNji{`=ma<1RaUIDi>y&numLH?(NeWY)HNVBGn8}AzmC^u5zS)Pi>
z`wUE&Y>X01zRWwIZUljGE|`+zg^wGa-%42ZR*NwpjyJ7c9e(#vv5WAtrZx@z1Kb>8
z$g-Ej@Rl&{N|x^Vjp|jO^Hp8nb-56LY3}V7AVy!>m$;07ae}Lm9iD+KGPPbwl5#*W
z@`@N6oYQ--!v(vIL$F$+*cTB+T@q=y5yEnCrNPMx+9gbL=FbGnLdR4~%5IAW`;%E0
zHF8X4k?heK=(X@hXrm!xM;W6phA*yKFeeiIe77&bN31Yz;`2zUEPncXv9*G_eZzw0
zP>1&=RkYu5y$?I7x=k)O-G5kFW7e+o<^@)Kdn+4FZW7LSs>EXhC#wgNxWb{3Rt&(k
zGp;u{dU)XChbiufv(!`MuRpT70nKs)Sni+kOLmcrRN``5ZP&4(tXA1JRV>#jlYJmT
zU{SIRQwDm7fiOd*8r-ZlM);=&#<j+Cc(YR6BTFsEI@*P|(wh4=9IJ7wy>*8(r?M9T
zvV59YUYFYTD3^!J170>-pVB!6`WW6D%)#X_<GibCLBxHeL3f*#d;Q39NL&|jB<b+X
z;|a@(hMO0sn%(^s;~uEGJ&HftIka5%B|bk;MKd&{_xSDUx$?GghgpW)f)l@^wJ6`2
z4v5+uhfN(Pb+kZdiHfAG-dX@@jpO%I3C2#F5U4Qm5eRw5>ZKBG_o_<b22F4i<%euG
zy54#rO`*I7yE$><xCdX#Q>q4SY}MKG9FZCJh5onPNiT$b$Kz?g9R}{dWl*jFN|K$Z
zjXYUcEFu7BzqZ2O9E^H6Ke8*?KX75Uo|C8civ#nM(kG;V9%5-W@pZO>@o04w9S8E0
z{LDN=S4PJcQ{?Xwf`cW+zr)|%k#?|Lka%t;bb8>CfAvwn3?UX(;mG?inDObX8tcMF
zzsG8OVkP0$@k|^~P<!1Q`tQ47PAuJ(Num1(hUv(I<-<dqegRf8R`vu(Y%fhHd$3CD
z^&6=A?R2Xs4%<KYEx^69<OD%OvgE^CikI6Lud_XyT~0pM#x<ju%`22XEaP`<NpiO?
zGQjnqCKmT!^^wQNt^YCVTH)_j{8Gv|>s@*M{)(J<*w|Q*Pzi5NdDse8qJlqeuBybL
zVyNh>d~LheL|02oxLog%UJWKUdun1t*R%Eh0^-<yvFJ(H3QQSc#KgA}6(D1;Po;JB
z^CKKX-RtM22*2L|+{{-(tj}HmWIgN|2PX47kE_Q+fr>f-@c>fm(Dus?F1^=f;HvBL
z10b2<`Y253i*96Ls&Adcv9gP+`O!KBp8k6dEdxQT1D(&SLu@TqsT|^LYS)KBFVnd8
z+A6*;U?!_gW!0yO>7V9A8E$>VT@ql3?2}>aBqo{uI=QPDGOMh-&QKp)pvy6EzC!u7
zu_ck4*tgHeyUXm-tE0;kB%G8DjEq`qdXygV@a&B%qb+zLE60qHi{x)^dKkSrsG<j~
zQKP!fVV%D)m-$2hDMJJZk>XBNb$nyq^9Q^tG)<zAnKLtf@?;*U?B#C~2w6$ST`Y4W
zEKdL6qe63x2hOHm*_=ysd*fn5e9LIbUrh{|v|bgBKlJ1}rChp&u(i&c^#!h{!31FM
z9~nA^KT$gF27|92Jx4-ndI1*#Akus_h?<tr1fVFTV_xm_VHOzq!jLfj4+b2Eoji0C
z9!C9=`rYA&R=AFQwE_6%a7>4H$P}nW&qLzXx0k!`+6vtt^E@{Ha;>i!cG^!}5QQbW
zOnG&%$$tSTWwG(G<vunDp6!d6_uBoIIbIcKcH+D=$N;cIV&v$26e)ObvtDQx&!s;Z
zd%2T#d9l*7Dbca<iv4_(c!uIk8=Tmx&~NY2XMH#Q+FKt|YYG7?)JPXR5<|vb?K7@4
zqxCNRH3@bhu~Xd1^6o=|k5L<i8&~V@FKS1=vn`@~@LhQDTupuojrSnKe!xYdUbWqV
z7q?_h-q*lEo7FhPedo^?X^Y={Mp8(x(q4Fz9!F&o$WILH)@xMJ^xZc8Y=axO<nww=
z_wF`E^{NabMC+}FY{K@dn&;F)ts<05$@ZoxA1tT1H<X3+-^#KbUQaz9_dbnsHpRhp
zxAv7*b>#>W5up3BjIl^fln1y(GjS8;^{F&*P2<iz+hb0R61}StY&Y;}(#R=Zwfc;S
zWVK_@CA~eqLM8ZsI7Z1!PUIc+=J&lu70M0au?-16=E9pCF^-E4GfoUWL!x)z60T5E
z-K4WuV_S83EI1*txwOgKrYd=QX~&zSb-Q>`_ltAQVHGz7_VIeP-l}I-c~b<UoT$5w
zF&wXceRB6)q_fp7QJeqxXn@Z67k^oSq{VlwHmweKKe^3YHizV6C)P?e6b8w$7wstV
z8fBl8+=jXB8I5j#6Q~{ctIG#E9&}UNJPa!M6v@-;NE6&)3mQrF7B4WG@SzAmz!$tL
z%I!%BL#}Um47|^<`x3Gl7*9v><}KutI^EIdxKlm(Ab#Wbf_IcHN>1lcA-A|pWELHL
z{z%YiN*rT_>C79oTVbyB*nYw48D2nD2UI_py2JMhl+!Xry#G)+)LuzGm4aeSxIP81
zb8!ywO3Y>oS@)`$=aOGoyCD$i`~KFUvq#(TyTzLA6sFdot9;nJ1vs&v0z|t#ov({k
zn5b1+?mzXEAX{>LGW^NkAXoej!65w0d+JVkES!GV@X<U^JYURA{JnFow$|zSlR!#G
zeS-f<+UE<LN?Vvj+H0v#F<-A|(k;+D`4)5n=8P9{m}_5Hx<-;haD2Z@(Bp^Dyizo5
z=72f4A{Fm~>6dOGC1Hk8H@L0S5q5CSyL3N-Za`2|*=%3)rRiO@DK@d)-q&MVbh?zX
zj1OLJ?&lB=tJU7Qb#2B%yVq+ZaeURKc+062tN)_auH|d&eA$rLJv!*8wof+VZ*m@0
z$%V`+V!WiiH-ACF>r0C5Dxxo79Mhh8PWqDW{xz#^pf)0~+wMFtdIm(+76$-|SAL{+
zN2>>Nibrb7WEGSU3PLEQPk$0YmFXH=6}t!Y2?{mnOaNG7_}8t90S6t!c%^~v@Ri#p
zaV{cxwCjRr0z}z6Drg)9+v5Sp3q5)>r}J7o?uLW&z}S5E)iQsu;#B~C2VgUCuO$On
zPruajBwim;m?QxZg4E3nh%tld?10N?MFhr=Z#kGaY&Zw34eyijZ9{wQR-NImFhWh{
zKgQmo^AtcL`d|tyz7_%=oZ~EbQ$|T#yw4KUG}H@6nZvb_n8Ci8tv)JlNVXla4#-+l
z5%@lml|aCULf9+Xvf)2;S0@C|PN(JJcNF>6aS)No1T_QrI7L!S;ktyi?*d~rb3I+l
z<gpf4Se`J9D1urQ0ib2E;mcPAl;~~>1*p0rNSZ^uX=-$~CD7gli5Un{g7Qs6$)H;r
znz)VFcUfQ|2-|>)6rjNYGtiKvqy1n@<8-i(^!Y;z`8&kX9}OD>vp9ienRhpPZ9|E4
z2ZQSdz%wWmQaYM5$%kk7<QZ8x3_?(~e77MOE3Mm({wH1+Ae}QI|F`R{yN@m)nUO`?
zG`z7$gU*a9P~-YVaq9*@a@G9`|3SpE04z#B(s67tjI*W_pfG%)SBxkumMk`sNEJ-*
z=n@+Mzx_lRtIYJ1xFN5A#4>Iav!r*Q!Ef7t!f*9wzp(u%MFM@Tcvz^VegS=1k+NtF
zd?qb`z9X?lRb>u51376z<x2?LX8*xwiUD)s@WG$z$3TNnS^ol|X2HT)DI<SFS5hN^
znX?)P*1<o^wNE6N;d7(<9Hj#MfdeRe8ZEO?2?u0ax{>xDxT{(oFfcOCll1E%XlVwa
z$zJH*7(YoXJ6cFAa9;s*QT5l1tdTPsA%9*gj_j!f-5GoBfa3L%A|ba!iyV*#mMnV!
z)(yXI&+__DF#*kJ0MJ)-Y=-V-S(JAbI`@}%_3uH&h_mifd*-*L2$6b0z>Zep2e_>R
zOU|^zCS_0Z3`$tXudMt+odRFj-GOQeYaJ)et3G7Mt!|&v8G&v{$Y_+|w`epQsDXP)
z`pL<lLxCW&V-<COLG1EKdF%s<f1vR|mj)pOzge4n-@`s;US8FclSe9cIze;1=4U)P
z%71uriRMEI*KAmUn&+=z;pPJ`euK~|1I<aaq6uDHZp&0YZF?0MqESMU=k)EYHh=&c
zh<jEWpoiHb324`3U0W4dZdIK(UMQh_r|BQw0YHi;<paG3uB%x@6EtC(o0mTo^aJSH
zO#~&77CHJak;j&m#obj-oJqbtM2!yLNq(ZefpsDPeS%MZtK7V&w^H^>n58S?BbtwS
zdVlrigyWkr;gh2XuPznp!0uPFig(_zx02#3uvqjxWlWdNDOF%mSFnhXS0r5KjAT?Y
z%UsIj-{ISm?5Z4HOcGdqcF|>Qy{=$&-_w0gVs~uwn@9a_joa#K@}?+5LKd(~(^vtT
z<rLgFI=j>{Q-la#jN{F~a6x8tPm%Q&qx{puR#_MZ2;z$YhK9$1kH)YbJs0ZjW@#tg
zWE5WXWNCn4f&IeIAsIeuQMe$)?N8}^%qz?}`L%fG1#9sf1^qh#?<BJ`A#%E{f(Y-|
ztEj-9b}*mZQ^i%p#|jH<+Za4B9+)8kNm&901Y9QLNxf1jULe1$9e(MW;}3jBc;x6E
z9$fT5Fc89Q6Cqgc@$In%;n#c$o@@%tZV^27B>*3Mi}AyS!x>b|rjXG0g+6znN-fYA
zXl`@L-SdM~r>v^q5mfQ~KjRR`OzKu^LNLni7KxhNj1$kTbt0q#Z$a^fb^sm4zgEcx
zp&|xpQkfcGStEhNJV>>K#PJ;~5ESGDrIzi3tRrPsCGDO+r-gxuw?v0Yj$JB4fOT-_
zi7k%HMJd65!8jNb1fQjdm}@~UQx5}V`r?A24qP1njaH83bHd%KkU2jF;Qyjt1H&X$
zlWy$G?TIT&#dyiqod&^!;7OI~0A@%^d4&+{3JH*@rPR_%OVuAL)+pBE;4rL-BjYjs
z1Y5=)=wy*P6BY(S7xHC%azucCI>o1~CG$D8*>aT=9##=Xl8ne(n6bBS)^~WgjLSP1
zZxeD<s!bR0)}ZWPMjGEke+~tZIq-El0t2}sEq9~rTwH*?-&-q=XmEv4v0UaB|DX&b
zIvY3oVPFb&Fkc27q%e_O;xtxbFsS62f{FY$t)O3zpwtP%1VRfPN&5OF^vvt1AN{qW
z2r5!F1T1AlV+|V2Fq5u=y!XhC1xir3LYSQdCcghMSOidg1s78sPfE}fy<GU<PyP*L
zkEwKtewPvQ<-wvLqAM^!&g>{Ti-6$rAO9Yq8U`4(_<~59;;+S5cKW40=!Lq%Y>W-;
zpzx=-a3T%>nuL6~)=?GO;1A77z@)_eV}Y2(FvakGz#+vXNN(6edsQeO9r(r*MWrr0
zH?cR;Kc)9m8MyHHK4KuC_o|WQV|%9&Fyojj97InN7Enw0kDyF}zO=~adeG0+!F+My
z^1Xjg2qF!-4Ef=pM?eR@lAhR`gPi(yw>SX(@JqMG(Wm)i>BHB+YtU3&c*_kWs35x)
zCG|Mqx+nxe{MQQD$)QC~oq-ai92D<K+}|T4@C7(QAb5-UEb47u$R7>Q&N=_b>cF6n
z!Fe!aF+7d+|5)7Y>K5}C8N%fL784{G8}l(06cS*Gq$vl)i$U-@_*nxP>@;c5%*xM2
ze+KjbMm~23_1rf~U}NAtiT`^-rt&aske9X6dw=NT=&0-OkW)9TVuMV;!+Se@L;U~H
zcG6_jCc+yE{ui@?`PT}poQeE3@=WWU26ht3zl;zQ0)rxzw*#PX07i-z_)!SywZ30Q
z1pV6|!+pu|p5ekT|HtA+ZE~jR_3XdIgaImoqD}wupQhjXZxs$E!32YVBSIPJr>R99
zBJD8%BKUjBiSV;wsa;kau8@!6_8M78N4ZxCIGDunBC9Ui+Wn#Ju*M4w{=UF#sF61h
zKhG}$X(BEhi9gH%Cf-NdGm#@1vjOom2q?4Z-y>uPdOrW_;qzbEp+XR19V*}SAB+37
zOh(5205Q71#RP*=fT>J<0fvMD(gk_A0fX|j$B{k$_^*}*=yQ&I&I0wEy%EyHFhBfz
zLct7}<ak?^+}Ol^R2nJ^y~wG%&nF{If`$+l&-p*JUEUSs3i;v>y~l)F^XX*d?z?Fc
zjA&}W{lgq!AS#&9B7cr#ys1So0SD2|zc(2+3~h%5kdaC6^uM=5+DN;X^Ph_wa96gT
zg*U(c>$m_!?uQ{wggh~k?N_Cg>F~hj7o!@(EB?jO+&DAtNJ962XWUak2#N9xV1r4w
zDI_6l@~H8SBF{?s1@nd`_#XxvUloHG<PKPlk7&zr0oZ*A4x%fCRC`DV>K}6rg}9uF
zTpj7TKePvSNbuhyOvN~}L&%P{0rCId4mA(}#~hUWKNj~h(ibtwBpa@O9~Vd;0_D53
zI3ufMXSZS@8o2IiP>~A#t->FJ(Z)R!{oKDd?pn|<b7f>=c&73qIhx25a3RA3X%ZAh
zi7JHuI8~sN_!Dp#a7H{w0+ZCD08HCDlrNA0hXRZK4|9M4{vL`Jxu7CSl%X&P>6O1n
zNCq@mN7|vzj{m_9=^~w*^zZ+%xYb{EcMC|-h5db8Kp})@9!EaPXuClnab`COq`&{G
zr6EBZ_tO8#xc~Hb|3j}Mlka1L=>*mv=D-*BjRY<78%WM=b}I><6yv{)5Clcrp_l)Y
z9pVJMXFsj~T-=IUcieBZOsW5MTws7r;b@Oz1X;M@HzyO{@c7Gt(@dfCVq1buZPbKL
z<NWVF6?Fe>OZEM;rCR8=PYwqnQN$S=+w7%!BjwxW-nCo@W<?$QcKIEN*W}8qMq<2X
zJcl>NrgbvHD-~9~_zdVgOl2g@IumCfKPrf(m`h^m>{<<X!y@@(n-@0!I@gxgJt9)s
zkok>l${D2lDpUO)Xde~x-eouH&b1e+TN_=HdiPqsm~8Y72)tSiSACRKw;3M_is0?E
zTd7-}^lZCquMssh6O*jd9;F&q3<@RyTMawCFf2FZMb?bhA3Of!DN6C=cPoQ|7)3k8
z&h^`a@yIDxh5QrH42FdOg@D?tol9+&kKbJ!DQ^c7la{)5`XU_q72)*?tTz)GnUbk5
zeB7^v0I<|~h36SvRzmV$y>^PM;IhHbo)K|qqz50B3E#@EpFclTbXU&X==}blzb{6L
z(k8luXVu8YifJp)VH5lp4q3f^gjf5WL#EwNT*RS3TV2Bbd8q{LIfe4}>q-$`PvyH3
z4&zO5>&=FfQ{Z`Eka)A#GvU+$y@HkZ?>UIQ*X;JUN(%hqu>UX_#$BZ7odZHUSxC2N
zBJCsvbNzs`OJRsVWBI8|mP%A}if8`_)l7+Qktxt~^fpkykGrk^NRJ$tV|N|-%;&oD
zmbC5jt&YXRArnnS1?`JdY-V><e>2{|*QJXf-~==9)?9}U3J5{h!;s9m?14F?VE1<K
z1d;21t9y6u)G&&Nwt8z#XlB14o?1}!_}<}~L8-2~!m-zrjyMs$x}$|^O9xv0IiN6F
zM^8H3{{Y})QM?qgLDXz4fZZM)g^0LAXnekXwU?T@o8i2SWwsdemfvTRcVjldB`?ji
z3|D~qx{D=Stg|(*Kz+*HAk{>Z&%4R*rQh<x*GZc)`T`9)!u^*;GK{JJP)i`NLA&;6
z&iFq89pLMc)*q~~J#KkF%b?f(widVTTMFgiOpW)q-jbk1kDZI^x!gb>yMwJ-y_2KG
z)te*L&hyZu>!qEgDp=Q~xPVyHU^SjBhQ~nhF%cak(czxiGWJ^V%XQ=7tu98L`?vEA
z-@eHMx<h}vP1KvH-t_|XhxfbWc4i|9P!c?|k+Nf+%WfP7Z_=0cc8x^JXPT;;>TOaI
zrhB7QOP$K&%J&_-6WJC8EyHnw`lA;5-VAOh2wKII(elLlblR1cT8&D%>$~L`jMaGo
za1xs>o%}mio|p^wHgIgQ{p@(3hd(868*!KHGGZQoNk;%sNMFp}PvT*@NsQ4s_HJam
z@)GFl(lgC;uaOx0?d@7ii9el8#2y3M7+yo4<OWU?-q)5q<8ya6=)en-Yk<kH(m8pz
z*xxRjl;0t6di=02I-*O=)Zqst&|2J@lpO2GzT~Aw;r>w8$lBZT@u>UBUhfM}Q*L@r
z$&M(&?kiTzJ|5d>rdK+?Z2x|LuEj~m$Ye?$k?Mbuz%KA2X<E~^BKsXjdbg<;>Vk7e
z*df!IBL^eLfB74vQ9yEJfi@OMj+l-$i2L*-ZGpQt(kDa|v)?WbsM$Usta>m$=CbVU
zZ}7Q2NadpICkth(7bB}RI_9TqnwbliacTg(s_5H^$LFYL8bb;oNe>H8Y0C$XGriY}
z#11|Ryj*wy=}fm>B2-nFQ9K+TJ5L!uh8H0f&|g{BJk$Ng%%QrjQ#N+~GQl6J7@m5j
zikXY3^X6BS8Nm@{7{M4wIAVADcG%6}gga5+dyfuh_(G~|u8R62@q;ho_Je6o{w74D
zJd4bf?;e@$F1sm7-mdsDz_tAfAFRn*$0hretjMjq`=m`HOMi&J3>PsrH9P0hQk+Eo
zhX(=se&*)%qjoWH=J7Ly()9SOVAGm4htj@u8I(=eWM1&E92bQSuefa0sjG-)JQ?k+
zT)fu3d9c!5@%4(J_0SIKP?eKj%)_r>zuj>+?m^zRx95O^qfGfuStWDu?LQqr(lE5c
zq`fF6cpa7eplvTM_kgg6r4gTx{6L&r5VCQwr@+4usIz2mE&1sg9nY;?t+pcE#!;-p
zd!%6ZQTy7&?k%uK@D6Rkv+LJPt|A&%m-#$C>sQu}i&u)v?)(*hB16Fr2R$GZ#CP5O
z{yiEM`ja6;f6%Ejtw)DC|K3WSVDAu^XT|<Sp1|Y4O7813#vhodb@LDU4adi-&3c37
zGPFA{nd?1H9M3F~QLz~ux#^Q#LRY~O4_kZl@_nk`%lEJ>rQT$q9LTTq4Y0eRZfB0%
z+mYWKIYq5uLkS?0a99+y8X>(n@GkAM`IqLJBvpm|(Q%q1ZmsO_2R6RLxU|Oi>2#}|
zlK?KTHqYYs=es_eZ(XK`)OoQF7p304xi#IS{$Z&qqg{LO_WAh4L3x~=>dyQGkw>9h
z)WU;2hxEhMspHE+BYgH0{vNoa49`QY9soD0i<qKKX+}Zyf2x7~nd?J=N-~{!yFVuL
z)#?(Td97PK(*7Y3Z$|g+e%HRj>~W1+TQm;~+f@ne_$2SA*D!m%B#w_BT@;(XB5F3d
zrz58{uff7SGIt~F#rg%-k&n0+873nb{Ff~8tE95%dO7gk{kR&$qDWTml<Z@dNIRyM
zdDFsT<V~Rdx3uR;g6g{=WO&GWc?F?f+5|7x86G~}8@#|Y{lOw-!CIrW!`im<mO)1A
zlje3g^U*KO$z_ZCf9Y2gTEAk@y9(uycVy>k<uenD^L?pX@2X*WwDn%@0OLffa8h_v
z`*a1<E8TWd$~lRD%;YiWUQxc|Vrkuk{wB=lrFF6FVw?(XndMM%-)HUAZ6<8c=-^2s
zVfx5SlE2rxv7Ki`)%9;JCA^dC<*irx#)<a{|1j#z&|mQ=xW>cIuI-?LN<C4n{Kp%t
z-4FgyKaI>L&MN0f0Tr8v%?FEHLEb}0U6RH2GY>CrZY(0bp`*U{<BEscWVE2dQ}1^m
z6WHwnqk8z`bMzc3UhB$*1@*Q7RkU?`z%k0S>FMyTVNU4wE=za$sTY6h_}hN5ujF`+
z&F)UbF(+O&MYTAd>hOVr@j^J#y(y@<4wwGRAT^vBq}jg=QV7Ec@$#+I(Sz+Y@%VjX
zXYynB`jZ&O(-Z0$R$+3dVCnVmO=eAPw?4-h1TEO9_1`S1a2&E9Dz(_m=Pdj)mJWxU
zMSp46iC_O8aI)jBH2wcjy7>QUC|zo<_D<0(N2k23H_uSHEry#r@I;4w*gEg0orR|0
zFYUPm<>{5fW8Ug=5K?l-+{*3Q*vCspJ`wJErd8U%Y1Pl{T4dG%hcdO2|AAA~oL>bg
z+Iqr37vjo|BRqGS%JDt16Onli#M+tKkpG@1a<9<4YQuUsu<?v~yR+%p%klQ&8P3}0
zo<DB_)S%#p{n@P79`=S$g;_la+imWi;Wt|-1&IjaB7mVm!qAD3GNpeKA+Fg>9_Mc+
z9`Q87S}5etk~}b7(DP7HRtWwN1xO6*HUkDihV^H1B)p~EPBj_j;wQgE=0H=qdL2@i
zu{)jA>k_sB7t|Q*m)kV>8eA#_UyPX>a)?{o>8;pdW(VSkXfAcBr{uhs56On)2*`QT
znM61szA!S-0ax+e!}CKiMapGICAS2v#<(tCB=QLLYs+s$CIN@uJ=f1iT}v=0!zP@v
z#z%sv_G)n<xb{OegXhq(t(q_Rj*)Hhwez6^hTzLY(VTiW6l1v5eYJ$iz>#4MnaT;k
z-N-f`wz@SpGIjLoYDi5UDvy2>4=n2DY&ovj7R$*=#68#=z;Y&>8pxUlNqT_++tgSb
z8E=+Z*K4huNR2e9{nV_6Ps$1RHfOnuoffr+>byMklQ`M15UxyW6}BcEcS^IP+0}0<
zzTmP@RZUUv&r^s6;5$tt^DAFB;i!}@#y_zOwEMN*ebE<_Yb39w?X!Mmx{Cf6d+!w$
zWz%g73nEbjM1m5!B?<_Lh#;{M6%+*|=O9UPk}O%tQ6xu|AR-_+(;!IBL2^(sG&wfV
zaH<=5U%!3!#eZ)8GsYR43x^loPd`<)YOPgs%{2>Ztrf=cAQMK*vox!kHkp%X*!CW+
ztT0r;e(|eTCH-^VQYm=?YzB79g}oLk!tKK%OO#9ZktD#0jN0Wv3Q!a<&WJgQ-oqpS
zhBh5hTH9ez(tpb&ze7R7sGjV;nqDTrzj9BmXPdUWfW<AxeCQhwS7%V9C+s8n4Xujz
ziZ^sRwHqh5neZ)HF?F+R^{W`QWmB1dDjSoP#Nwp*4tY_}iT<pI9M12@K;^*86y)l9
z7yQp(7{C_joOn=6MX>E`INLhlbeZ}RraFT>K?`!7qIk|${A>>Z<~?=>M*H&s-97x>
z9M!sOmzTbI!%t+wHliZwv0Yic0x8-?f8m;H?hj6y?aJVjsf3_$(;iv}W3&jF9Pa@d
zbGpbgltlT6?$3&fU-qZ+g1M3?@>k;(-PFk^?DFz9$DuXLV@OTL;rpUeJXqzejRSH>
z3>f%L#f@Zh;{_&*f}N((sX(wg^-tpSI|f#Tk5j{Qy&CU#X^yo~i$v|(Lr=XAmw0ZN
zTOv-F>{~W<f4+a}IO2~NCml@@$Iq&|4gU?wj?QhTpwHPU-ShDW3;eU%)$jM{r$%wC
zar_9Ph!i_f*U#V`qs=T5;KXOb^SaFZL@M2lqghO&L`r=`r^V)Zr85P37Kb`Ard2R_
zY&9wVYvpa|&|~j2JAREGb?T!XQzOBW`xm+WyNtf8F<-^<h^^aQ5o&j|G<>I}HNge^
zgcsC`lcj9}gCSI+57wTr@O0!i?9&w`HOBe<5c*ju+jnK6(qM5@fU#i_1{A;%#x-^a
zV+F6cPde4SYJ;z#(eryWE{Hr#)gWvQeO$glB#i$a`@)|G!O;)u_M_m$$JrQF7ATxy
zsCDeDOu=B(GyMN#kVwhSKXsm%p#d`d%ZJA{yO?Ay{0MlncPI3AZ%O?ho%5>w1PWF-
z-Y+M^guh~@;K6ALts(6eNl1{^pMuE+nR8yLwGnnO{DunvCS1FVss9|^KRwZ*VRnEv
zU8kWr0~L8#fi>AR(1K#;WAGc5oM%-vn_(I9sWkKw?qCa}b8Evo((~ysw3`K>K?64y
zj`w~wf8te~7wGSO3c?gC-Mh}#-06|fMIK#$@n+n!>J{uM0hF}i3U|wO(o!(6Dvf$f
z!CgoG57POKoJR!Tp+FaCPNNe*j4%Jak!vkO>MsID5(cD}K+Vl6;j~bKuB%hOAT7v0
z1Jp?EK<$G^vK<Rb8iRiP=!>&Tre;YWjsP3_SE|pUOPMgWZXXz%+#hsjLmC)_`x>z^
zu9qsnT-FzUW1!l}KZR0E+4cXy^*N;ikU}IbHrDJ1Ck`Inbd?1<*w-a#`}(<>+L|IH
z?}Y!PN;H-=p8E=!8P9^uE%u{N2X{n|Rqy>?uTOId_<h@P^>rN2maFrL&tie$@=xJe
z!Scm`-kFB!*&B8;%+gWsFA!0-w6A%Dv#q(`NZ_~XRN!*(MH`UUKHBU~_WXI@z-|H@
z(@F6vx@xp}cnZ3c;X5#d#?a$T>$qvhC)s=v$uAN+c~{}bH{$%x)#>qDujgH&*WVIS
z6c}%=I2NWMkt=rg%Ib~_5_?iW9rWYsNmn%I?Wx>D!<o-K&r2n9g%7{>84l@7q&=B^
z5|QmQo1;<M!WbsTEJ5!gtlET)v1leyV9^VE>%o2TPqysh4TtyFLg@<h>K`F(R=YL_
z_<5N*SGsN<eq-SELMPzhewn7+BMX}^cPvMQw=NM}-l>=sT(lb{-Zj^uJ&Ye4an<!s
zbl&cJ09`LbZ@~vAzB4X4Xxq)`QNmkQsSh<&>$r&<jQ|mGWm05^EDyVmlV6JibvO}C
zAZ>ZU`??QatCEUCha!KaZtu+AOo8Q~VX4}|Zn>Jv_!7z|W<}=2BK9sy!NhT6wsIt7
z<<w<Bf$4vo{0#1MX0XsG^{?T1vGOjxE#2zm@aY;njNxYi_2X2VPx>?CrA@<19yirk
zBq1J;X6D|gxi5HC&IIPttsp~PExa{7`sfJkR(oWwfUW({Mk+G;UZF*fCQbDp{2M6z
zwI2!Z_-pp(+DC_!li`n)h)(Vb`hPvDPb}Z;DCG^lwIgQY(o4`g_3a=cA$?Ry#PItA
z+3K*dR1pqESinuY`HmQF_<?eX)#P<>1eFQBchKD2VY_94nt97JA+{ZNmlP9;VBbM4
z!QZ{jmV<P^SciTuW4kIn53<SceGXe3Cs;roOtd8~CT=4!8s`0{^*>M$dPIWVmOzgq
zl%VzN`&+}M_x#`ru4}8BSM%S~c<Gw7YO)y~VHFt|n8(<4gyZZG_}}EzNMzJc_7GGp
zcCnA|7pk%$JtTs2CQ@8{KBQOiOxx+X3Ua298`ZJ9#>Sd*gS;uM__t5)J}Qj4cfCx3
zcSYh9Ukw0$5qjVTPQUI*`}|i6W8<r;B~PzrX_SU8kiIFg=#2Szh#+SwL$oH}c5Xcs
zZ}*l2Ul7#*Vrh;#m?G*X%_)fUr&a}FdAo7DA@w!V7F^7}_M{_zq`rZJhTrmCPNUSf
z`)@ZLe&phK`%2PrK|J<LbhIjT>>`6b?2Kv6ZxQ8H3qR@CfCY&jt!b?2Rw6uT!SQpm
zzFih2cR*aGlI+5AU>#2Nh&V=>v#a>fay0t7lIc(4rTjl5LA%I<YA_OjpG77*TUOo_
z0vA*$yB{3$vH`?x{O){{vu)!&i$X+cX&zXmE=o_>)HoHUN;N5WmWvCfu+W3*bObTi
zP7EY15y|r_Cf#W4cZ+dRxU8s)#<reT8yG;QuLu*Jkmk!hrN}gtDMT;klbdF5Ry7~}
zc4?ArBXTp6M`^R|{2p;Q{Wy2whiliAC)eaW6r$lSPen>}OzB>geJ&Hn1Sziu7T{7)
z$Fq;1-SPa|lUlgjTSsqx=4!AOFaHQ5v)$(4*e}M%xzHudFA0q2M%JII{Y=L2H(6zD
zOnLx6&Hpz?ePH7Ul{(H@NxgYBHVrvtRu9!mEvt`qH3EaFk={>VA8Lu1M_<mt69;`$
zY0~pSGwr-G5eGX<fuhjm_wH73UZrFjlzcSpY9LXkmF0K{4ZZyvP@dt`@Ywi$1?j#U
zwz(hK)fz~_G0uJ)nWOSm%+pftI)Dd*Is{Hub~)XFLn!PNeg+V7ZUCM|`$6cqOs~ai
znb@oje^d}Y7|H+Sa_-#iwZ{*{6=&P$EDV0`*&WHfT7V65(WM)OEZsKWmx|k*z^l9K
z_@VE|iorfP$;iOT@nN3gSM{dxx73)BdpR6zrR{`h4NQT=u-D0|1iGT9VsV1|oSgnu
zH&$<!1dYkqf@+q+Aq=^^#;05ax##lrbC_IFL6_*mnO$xE)&N#oV|TOuqC(aqVUGyp
z-hqVkR?gR&`|hEU?XQ01Xe6;VT_gDb2-3|E>F5!C;q7K?S4|JGlQm9$ZT+x~WFB=|
z)NcVcg^Z$&$EKhRB`R?#$HRXCw7?zeO^uVx?c1gfFS1Hk5^;w=YN9oCQF{OWZIFAh
z1Q!6YtV^E}Mrkw!sk@FX(cUoo`ITblNxbl^k9o-Tr~&4rk(P}nI>ur%h;A1WC^1BL
z)$FVHbG%S_7=qtr?(l`yxj`=@X8x{g)pPDDhWQl7T`urAtwCwQShi0zEqVZs54ISc
zG2S}d%z3;va^hf*@E!|=P4zTl_#1FXw7tZSot4R(;q*9Km6|t6M662}#G;3z5VX5m
zUQ;C#sF0S)TcFrv-LH7CK2h*Yvd3d#{Nu^AhwFEak6NfgjwPa7y4|SFB3@UC{1-oF
z9`i;`<vo(}PvnxTM9wQin^$9dev(ubmX7srE$J$xFZrp8GpI)Ry(O>;j_8xMFg5$C
z7HK&VP8;brf*{0zR~t{z+c&8t2WCA!pwbLb*C8gsSv?e^Z0o!36nfc^H=m+ZbUdUj
z%gXcUE-hFMmabaW+*N<_e%+UQe;EZ|3bKBl$<a}Na@!*c6>?|yZRSc_n66=i_i^sx
z=!rH5_Jgl?>mif*_dRRQ3Ctf|dbIAuvt+|>F>;f0RQs}0x0Cw}IU4VOkU<=MatB)?
z9YE>=+=bL*rbez6pB%et&$CJGPkLWM$>Dk=OftKdBO9~Rt=4FK7C)hOjwdNNRN~AQ
z7}(h0huPk6K?8%4LvqmRSf!m*=X*j~G;g%nn{Ix^g7W-MIyLV>%V$K<JDHH-+<J=V
z593cRJx}!@#TOnsJ%ar>rE-9yFxk8ci8sjv9d}4DA+6drga?%;_u+m-_H0j6N_6Gg
z=rDyg|06=2IET*b`x}|gwx)&Aal75g*psg}+@nu6vZ1N^M?sY1CW>hku9~hvRif@M
zGH83eRS9s2=G{4zp30u*TpqLvM=cv9hd@WlA80tDid9-g99Lc$(ZA~Q*&O<oBtrgi
zK#%S;_rS&E9&A9d<QfV0{vx>XYZ;0E>|}<>WHMhP<4u>y*5@J~t1Z;#Aw=5H<_REM
zY7STF<<bZrEzvAZI9@EMTqJs{<8gd<{cbm&-O2~mud2@vl{HGu$~Tu1c&nq5g${YM
zK)Gr>10FHQz5h@-SDmxCLu0?$Z{p`lW$V1oYyG`G5*=u_Va`0!Rd%P??xX0>X$j^%
zc!>Hi(H|r$lclUxOe1D>+y~H{LA93c?fwdP(eY#rFX%h?&r#Ef25zl_v7^pol}m!w
zCsTVmGYB$SF=V)=fy=FZ!=Mc(^&0cHZl6`WzKfBdI(~j`8Gd(gc-cdx#}zqxv}V3W
z;E_&9!=aL{w)UB@QIfr&4BKnB%*iEouupzZq35@8pWXL~LPi>?{ErVUc66TQ4FX_7
zGGj!)4IhWz1rug;?w^GjC(@ZoQlIid_{CrpCC!i0Jy2^LX-XM(&FWjPMvf4ba3ti)
z*=sh<TJcEW9$kJ0-Jgw_G^av6Hd6gw5`1y7yCy_<W8r+93q_g!u2`br^*+S;_)l#V
zgRS4+!iOZXJlC7+_ns8?$&&3*3H+vB3#s&=A4Y||g-yx4-S6(!yY1BcX*lVA#?H<X
z-HY5`23vPOBqxp@JsmE6@m9A|#>2^dIaIv;Ptti8v+&%TSbXu1Kh*s4*af#TXJ-tW
zDMAEE%$y1qB#L#e(JIS|Cd^$WSoYatj?v;!5Q|;4igqz7n`wePy+so71L1?@2}u~n
zTX3+@X!ZX^GK$*1t_(5agX`q3PAEO0)^Cu6OtSqn<9<8px>Hp7nd*Mw+{*20=CJlG
zk~}}!5<8<$QeH6f*LP67<=cVFK9lkX2~#^N$y+4cD_pBA5RZemA@=MuB$IB8L%TD5
zpAd359zV#4FGcOKgb``y&OCw&%uJ1J?ijD(l59t^$VPGGR`kf4IE!pfL3@7TagJ)f
zaFt|l0~s^x=dGhy8(WQ(N^e0y#MGxOD_pqAtD$<f4u?Pj$DK81{#Yso_3a;Bv*WHt
z*S=e4U5!3ymT<&F0-T<LN}j5N5GN@!#Z7#b*2%-#Jjr>fkA!t(Yapt0`x=xx)Qxkf
zCX*8E_DxXFPI3jj%OQnlJUw9;m{J8(&%P0Kv?OkAo#ca{F{fh`+l@*(!C&MlLLYye
zo!jxbZ>0bpLdzYc6b{nY8?*d#koPim$H(3>BA*#Nb&NXWIgOK+uVQ~8-I$meL_OOa
z4_=#1q+Ib9uoYK&p_F5%v8e(5EMNZa$lw75T(TaZaltQb4Kg59_mVWyRPN8X`>gVb
z;3W?s^_gsG+D<d}SWL!V3RYlJJ5M#gbyc<CfeoAS1dF7M)n}5m!5su+o=_p7o2XmC
z3UexjpU6()n7!;AeP~4uC|b<c)t!IU<3t^Dry2^mE5W`-*jNDvd){H+Yy7%j7==eW
zapxj}lFD$Cb~F2#(~9%Go%bwv&23GImdR4Zfpo%fWL;jS2UW)*i&L4q`B0&4*VG4x
zLP99}o0rIg(YQJ0`^J^DNE_Qea)aMA+#^aL!&kJH`z0Ra&?biZde`AzW|*v4Jd+>)
zXDdhK=JMJMHg9k(XH>`9C!}2sKK-UfaiwC-{-#Ey29wy1y4;6)&M=bdE*F}G11T@v
zZqEr@6rXk%nTpf8-RJP_`ryUgA-j3baD^`OS*sC!4>Ek=?NhuYru(eo_B=8KP4cq8
z=-Ny!^?3=&Ogc07u`l}Mauo``cl_aYKlMJ6Ssp4StHXgeATl!fe%5NH{$Q>nA-xfc
z7$Lg$l$Mp1Z=>JAjmUbxhqYyMmZPwLGKnIhX>8yoZe?rU?*_!x6#w{Jrag8_JP#(1
z=1UB~EkF_ad7|e(2Hq*}=x{&9Cv-3i7bXQ_EBypK-_Ao@_Xn2StygWEigc7y#CV^T
zDnBf&5td%zJF(2$N3m8O^mWy|1Eu^@7RQ4U^`M%LRetMlJaY7A(=Q=-2p#E~6NmWm
zwDI4|biV@5t=1$7Y2T0)zCDx+R4*;B?i{r_+>?hc*dp!YCK3<tF*sN8+sA9#B8wgR
zZ0%Ov_mEOO=#|_O461uK>5f0q$ZzGG511K3x3&6b(}O(lUDym9>D6tPW>h-9DXlq9
z`A6udt$7}r%ZBEOCcW5NB1%@rqodeKf0AZR&PMurd&22n#V@jwV?O@vyY<qn!-jkH
zRBFA0xsif9dq?I}_&5`EFF-ed*P&L2{wb{*8^ftv$SSR;E36T|-!-rrp@3f_Y+0r0
zp}&@@od!#lsj??&JN9Umz$JN~or^GCUaBu%`+2gJnCI=cnljJ*K2k=6zZv3i9gc&&
zqrX45wKp3sv4oR36UbcWOG_yuG|OaSVr0?{p|yV&Qw{hB?L~X5GwtsIAsf9YzkSge
ztOgkp_O+f$LEfX3<Zwi39MV?fw6WH^kXHDK#sBqsScSy<C_zgdzpJ0sCSFflkPb_W
zLp0&XF22G>Mo$8_NxJVukQ_hneWXP(%zK?5yACv=GJ|8esoml_Hl0ywV-Lqktnr`;
zcVH_YNr=l=fMXtLuviSgPLTBQQ~L62htNNMA0AaMLNbn;5O-|mQ_(UqW0%~~Ul{t3
z!xORVi?a|OsxK?hXXz+bK#qTe=izvQ_?@U~sKQFQ3=IAYhQbTiIZY_hjO}Llb=)4y
z_|QGEv0$@o^!ZV>82I`NT1z_4_Epcf9A%*kJ*eBxQ=)m<DfFesWUS5X`s;<Zi{7y7
zgIT1N*Vep_*pb&s7sNiNyxuOMwb|FJGYN5V|9aJ<bW7cv*jZCx<ISVZ#<KZ`P2DCv
zrC05jAo`iH?fUEvm_`RL0Y>ym$`?p%M9|~R-?d`VPw`;?oMsiYlasIU$_3`OzAK&P
z=LzpbWsi@KYQBooa{G97WPfSM`265ev)jP@)aEMx2p6hC)b^;VvHadopyOIxPygy<
z9Mm%(Wttdi!YTRW$MR$(DiQ8852140SSJ=WyJg+URF&)z^ZDSiyy256glpi^72ku@
zydP8stMJSe=X<ZRwD!h>hiz9cP>mYyF$#G>ZJq904w;d7OOfF330$CHBy~zt`oq&C
z{IbYAYJ&kZO;2kD5h)TEx3S9R?NuIU264al34u;!@43*H2D`32E8q3iu3M_whQ0(x
ztlPUklBN;dFGq)O?C7+`4+QzVu1~(kc7AolM3mfosN*f*Qx_oj>mN4`57Auukhw8J
zW7RS+==|iwGFdspRIuv4pW6PcmmhuC9i>n3<kMPxxGKhh<RNgd$6fcQNt%C96%(+V
zI=ZenK-3r}P1lw_@D*s!6vR(zS<=6()cV;{b1~p(<rB%rXR=l%Za55+o*rhx?>Z|}
z^$p^+xYlxEsVrW+@Ppbp6}yFNcrG<qt5{nMq%YS3CMny$u@%ifDn>aTm)L9_*bID$
znw^IT_dQrKc|LtEuM!Ry+02viaheD80;L)%*rX_bpiI_h!_Kg+nP9t-k<+;?!1I!^
zyK17iIOm^94WMG0Q_sA2%Ax*;)QaS7NL9|cwu#(klb?ut@#yNZSoq1&Rv4Y*+)4e_
zN6@m(K(0q>^l4cZCf(lxcCPK4&F0m;7qld~;4wLlqIm@MXSr0xXA-E{gYq30NitvN
zlun{)r~Kd>5%a2AaMW%14=5pyfmd1|L%Xj<C=h-L`1Q*O*9U&A9m%GahUet~@9G$x
zeM-Q9y>q*4WzK9SgT@61F4-s>ds8I0vO`8sU^yWSF_GO~^xBWFef;JV_XA*zMaMcE
z!fS66ea{0c>`oLk7r#Ks$u9Vy^QocABV@N8!9jwQw9Hp~_WMci<l5c@D5M?ol@6KQ
zuory7Dcyckk(egQGG;ssf#bcnCL8{#UC~$lRmp`U`|D(c0M&^(MRg9(s5uS{oniDi
zg72qB^F-hOK8ZV85Q7O4)d7-TD@}$*ikL=i9+A<7)r!^gueDuB4d%tyN588XB~KIX
z{{DWAV3lcxa|JB=38~D9?nk8L;yQG;QbFu}XUs1CZv^G5vRV<x@$2)+b{R?2djJza
z+z}sM$y=u4KGJ4C;vd{XE0X7MS21Od594Cai3EV~4n24_5(P`u#^G&Wi)466IEvFV
zS9+q?*won6<Z7~wCT=7jLIT{s34aaQrr9@{cztiB{b$K;N*fhUHOCHdSq(v#1py=J
zgZL{(#@0he2;P}ls+5w<$ON^Eb6rSzaB?x&gB-WNyn5?pGZ#1WCg*WAiEz9LVRLh9
z5LIWmtzp}UQoPF6vfO}`s7F_>0@-|RMN{DJfpr_N(NfE<5#bZg2$r`IB2R3Emc0{P
zWgFZ_6`vbeabcY1DE!~zz^1W(-6xVs))=iN`>4KLqxs@0DI@n2iRi;v9qhVxs|@L+
z5xkM3(^Hz$_^fEs-Fpk)^ZIaq3R}-hI7dgeOa}ss5ItVE=&^Bhj{{Jv{<T--kh%Rm
zG%Yu~%Yl82gqV)S$IofWxhRnR#!a;&h4pED|En)j>o49oP40#;TO6)MfTNzh%uLsi
zVgb{iq|k{e)*L}HIB)-QMHC$S_GGP4avcmbMnDd_^BQY?{18WuJ5tkZX}nBj)t5$!
z1Z9s($F1O7H5&{ICJNQNn^O0-f)x;(fl=9MHhpty^tL-WM=PZ}?~z0vWGik{G2q^$
znfGrF*7I;ZBIdus6()Fj@%DX#K<b9OUHQzis-{vzWF^VQyPR@|$p5Awxz{ev0>ADz
zbG~{)20wz&knc9nI&ag<n?xw34RQ{)tW*nY$L~!^gpp7`?DQt>P`NKc*q>d?4Fu6<
zuJ~4<Drl@?0DjOm$+w>^!X~KMKO*B;ZaIFSi%JG}Ij=Ws{Gp+L%Zz{V5rV$ULoTlq
z-F6^HiR|%#ZvIlMKG#nURqyc|>`j**es*sMs%jRjcS)G3;#Wt06D>33**H>cJ1oPE
zVMRz=&u+qTFUfXgV4@(G`qdgZN|Os!6Cz|Pkz~#x<ts_4^I7xDF<qi3>grn5Ng?pC
zL&xJV9cgei@QNwwm+csVF~FW~pPWYw0#d5<$3mL@*?uF=*`^fR6Nm44O*)twsy{a<
zCiSdIf*a>@kUy8Xn*q>E%~YOhL50q7y;YkQmQ~$2M~LJhw3%*4<$MPgw!b%Q1IX~$
zl|}|FAqPVW%1rA?y8~%f&GoXac1D8twM6rfahnJQ61+a7mV=>eobarhM(NYI-p#fu
zE1z6s#fksC_Pf0H@`bfeg<ZnWMv5%SsJT+?wO!HZV2LHQ7p(H98I>#it7f@+vg<EH
z<X}~R7^*)5lv^H&4|<HV0`Op!3Ynqf@hRA8^&!%FBvT&1&5OO|)rkWL#lzn3DbK~1
zAM7&7VNDIsH^!PI!@<>Edwf>M+~JW4$*GmYwtH?QZPT)$+Y$j+m|vy4+<ST#`{|Fs
z+1aOdHz~{+q(T0+taL-Zu9@3ZAWMSUUHWkpV{leUa^W?QD^JR1rqGSg*XHSvqO<na
zKe3_XENfqsG5XWzB8^xAxyWneqAMUh?%c#*sTo{oFp5iE5c5}Hsg7@{7GovB&JiAb
z)grW&c(-mHM=O)CbdF7}*KTRhqhT2`p{h)ismuALVp%cp*g>gj0RMT%IY#MaqRz-)
zvcfkKPKFsI`304VsJ`bu(Z1kKk|`5D9XiZr`}uQs@u+>B*g;QdrYP}o@&0I~W2GW}
z)d`na5&J=Uj1FU;7*bd@Qv|QE`cCiBr;4qnu6Vvh`N|2NI?<b_HHhD!Lg??l25Jxs
zuY8Hz4{k4%<XQpM&|xMg-kjgHu94b2Bw5-q$OTDqq0VDXeXh?E=S5wts%Xb=xqcGq
z_&|~h2%w#Z?w!$`oe{<<^w+9#_693GilvbN1;6P2=?xkFoxRu|*(X7EUA83T4S8^6
z$x3{l_VaR(C{g<H>(E$aMqj*qk7(%`7!0wpK=(6t<*J=VqPl8p2a@}I?-li1nm@v~
zj6C?YzMSm+X0lD-T3-9k-)_Hud;!D?-*;#(=}6)A%#Y3o+m(`!uJ#zq0-S#B5~eqE
z#u39QIO~3{di?8KlW#M?PVx3uBD-qd=jT;%jdm!y&R=7$-nqc(y-18oa$qK1aR2hP
zD*-MS9lL5x9DL5E`MSOL>Q;r@ca6w&jW8N}o*QT=G>n*zwxJ@`YRn`4urSAU`?;hP
z0L#5sxPz~<@=yNc_P75an@7W29WZDw32`%6x6ad_xRauD*K+IzUF9n(rLN+qukF4j
zy4aF?*d-r7s$@|y?|wsb*Zj&#vTCOQfy!MgzSmol;~C$jA{Dx#-e$NmoEG9Qr=Sl7
zt^$ajI)^!?@rvv?tnIp2N7<i3RGvF0+}zA5NkIYTW>m=>agCVaH@No6c*^Y^#>Kw9
z)u(-UI(7qwy~{tB3xpA0_Ie|M$h?VwcZ&4M(#>;uRd>GE?B6hI2x{J(Pw{Bsoy$3x
zu21f`a}f$o4Fltqt!|Ec#fu-cbW%nwztv;+KYb4FzRuG|WeW4WP7~(cd>FSeizi>X
zi?uoWTk+m;njJ#4^5BL>NpO{=ugsl0@VsrT32yd_?a91@N1{s+0dbatsARV#GNG}L
z1}&G}DO{^Pj*+EfFETtFj1$)#d;N|EwcV9vL>C)sHST9R9HT2zTXQu93o(-h6N%hk
z&uvv9LmUD6a`dHcQd+P$(#vu89bu!Y(B@v`acBacYv@?78LVHAMcf-(6L@Z2Ms)A!
z(a2w|F&@6upLwRb#N6nFVUm?z8l{$z!(vA_Lc+v;T6O{=jGrDVrDW|D4d>*WfHkSo
z>?$79)m<-?Yl6o)SA&C;n#!=o_)mue{Dud3s)Ld)S6?P3*bY5^X7D30>f?zus{F+s
zr2W%QZMR1=oR>w~6t_J4W1>}ARv4fE*g%c>>1m_^wCu=z+k5OvOFOyn^6=wyj1E;>
ziU%rbnqUEr0<_p0Bl@<D?ZfXZeV@#geAfLSLbhERM$Zwyp>1h5>i`G*%lEj%OQRo%
zkK01Ves-9M(aq~*c6tFgXLy%cR_5?v^u7J`bQl@kZt7r4%*T2x#r6$9y_xh}cpjnT
zfsjM~Rii1F8~cZd7C68k-Of4`MTTj~kwfTXn~PyGOm6%p3S@UGzH8#CPm6_6M4x=6
zJK|gIjh`zy9yF!Iv6))F8_6J=+$Lce#@pl3*NLRDDrX$x0qkB4*S#3$#_f4zL_K2P
z6-WcUU%lhp9lH~9SAX7?U2xZ<zfe}H;~F3KTeZDG4}6szb&Cn?i<gt0LDg-l&wpH*
z&fU6zt@J~MTVuwu)1LMjbe&^)JJfN)CVPc%DsSs#X*96Ks5Lp+H*2@*l;#851YNjN
z$*wI?Feo?3S%lRw{+oL;;l?3`IdTC*fdXw-P!AkzqQ2LPIqDDlu}WU%e|-0DvvQGd
zT_Ku(`?#hYnO%)vH0Tw0e)6>tFTYX&;*$jV5=|6x*~$p9$q9>YwJE#*(0@8qM13iK
z`2e-YyjlF~T>{c?dR<=Nl*rQzXe-{DuoqPL;37oenKEvpyT)e*Px&&8q=*NJpb#ol
zn2+;^nG16#he4aIKF;{SUVu@ouach<MZW%(3pV*cXNdo8u)GI8*Nk;30UF)_23wV2
zc19JsT)G>p9gqGZ{m5yCvJI6Z{6hkV9ihGdq-%YgI5ZkPNfm#B+-V=)=>Z6|c~$W9
zX*K(>nA_uczp1uQ6u?0I2xjn&-FGw{hWBehm&Fv89vVB@8fZ3KKsO5vpJFGmaF(~u
z)fxzrv$1u8Z`sb(E8{b9peLh~0kb1RPaE$4|6}u<vPD48>?rA3J4OQ=SSNvMo<vHV
z7f%5L=zRMrore#D!-vBDuhDs++Bn|o#ik1vdkO%3Yya&Juv`K7=$>p&>AlT0+CLnD
zzj}n*;kKAQ`~RJPg=T_1ua3XMr70Dir^*cO_LFsA*SwCi3-$W`mPk5eNvXrp!VlS*
zGv;GlFi+BfnSz{CsPa@ogcLOF5{Lfjp!ABxaMWyP-O`=%Uu@3nm;rWW2T!%pI|*GY
zR=JN42(pT-E+CEDC?887n&mYDu^K>%A;Rz*ThPRJY+vd(=H_S3tqqB265SuhWHTs<
z%&fut^xek+nah<IO&pZYddF<IGO|-(i8`ph`W8J0=)QEszzVeC2gZh8oD!mLHT+G8
zLeC(>!$7GWQ>B|Xe6KcGx&CUuoZ=}~1<Nz|(K_%hBHxiD;7{H2Pxs+j-BZ`!>%Wrx
z0*xmFDbhf|+Gg<YEBS81jE4o^Lo-!p^WcL_O%LCe5n{9qUW%#@fNZgQa=I2pivRwC
z$bVAlz&T$VXW%I}c2bA#vjg?vZ+iMi-qY>SaG)|3!^KR|8dE5HhhtGhcMXc!|9J(N
z{XeM0j$!!yCsS;LiFDxyxOPXLUHOJp9!&&vt~BL5;vrheg&VoXw^(2^ol(88R0vlD
zZJ$cFK|eC$dOkBNh7_RQcj_5LD(s{0pKvhMO9uZ8KkNO1C6dW`={CWI3>rSiOwY9g
zr52Ive4L7md>Nv_38VD^Ow?FAv~uU=_?Y{>dGzLJ{L#F*+ok@(k{G-XoQuFdLbuni
zjb}jUMoZsq&bGETw5+uj%)0K;W;<J&D*kDYXo!V%TpLKUZ`)#WTM@jv*O*2P;j~&T
zW);8C7YXyDdHMW<?jP=M12zdk3Tbn+XCU^&Aj+uA%z+oady0Pg`e7bMX@o9~Huv7x
zEcuSk)$J|-<(rAoXN0mQBdXW>^Eld+zrGK!f+z6zBZ$wu(o=#vf~(Z`j)#12Th%cj
z5kXe^E?>tV=O*LKwnpbSzO7V95hV5Wl!Orz4CZRU2fI{Bb3`yKC^IT&RkT>s=YZE}
zbB_3;#4bHb6t7XU&Co2ttFQ8h!5U1k|J#$^==-RG;lNT6HN<AGFI!Ho-~j=fa@A*q
zf&qk0u}rSJP<O9To*cX7F)ZaFpf+D0y<O50?NQPSG<wKzZOaDEsEqgIUMO6`K_h>~
zAJK%4DT!@YvX@8WUm*sK?Q5uKM{iF_jWAsj(se(|g%8ukd$shn->(B+cy;(6wF|^4
znVFUJR)-$b0%b=+%W<(V3;X4pIyJPi-cqoef0}a%Jv|A}kJzOe?U?Sq^th?TrH~=R
z;mK%+j~?2_<I`SWjSP%&N<#fZ1qxWjw?$OX`b=QrWU2Eo@rXGAKp7VXkqxblA^I<o
zI-H`|<#K<v#%N7B$P|l`uz8lXzy2X*!k}=11x4TGpBCR5>i}y%)U3<vsK#Ma9H8UP
zq5lYI3}1iY)_FP|xfqQPUdfU(hW#nFMmkjZhvQF)iB4$2l;BeS|C1Kx#1cxNP+|SQ
z2|5sfFou>{`X3Dq^d{%+(36@vbLW^NCYt$5{-<;F8-`5#Ki&1GPT|iU{qMyT{!dKv
ze<Ykv8P;I0|Br;z|42Cfr!w6CHwh;m2I~WpXNEvBZu3XXWa9#U+F1w%p+<`7RE20X
z``;6oaQ}}$ipWvdaVWSAJ1R5TS^H;>PRg_hy76XgtkCZYyQ0*iU|L2Fm7GqS6OrQl
z2OGb84@;H{Y26QZ=?Y#g+N$lh<=tLBya#%bO3*ZHVJ{7<3gu4GEyd>(^TkWC*>Awj
zaxCCiqNKSh@2VUYl4H(Yr?{Oh`9F$B<yNl{xt-`#Cv5pt;viMCykPU7jnSga6jan*
z9{%(*_0U1N?(6LsF8KH$zSN-BBGn2#g2!n2+bB4c!)^4FTQ*+bF0qOUh@6O;Pxeqd
zM)5z<Z^^$)W5-}ExkfWvq!2%()p-vtQBwIO+#0lY&raacM+sTMhY4{?_bMe<tEMTD
z`YpFXi*3I7ask#q`w<2$|I=a2Ip*AK2ef?tqyJ!k01#oS<HN*I^7Kv%0p{E{$u4;3
zfG&AcM)#L&mM)a<IW-;yt`^E#hwvJqppKWS#QfFpWuc|mbxPwEQloe0mj`)n91reR
zXZ6i&u%;0IEc_Gj(K+Qe$Frv4H8J(0m_`D7i&J5jhnilnt0Mc&)}RQ&tJN-l`8hOp
zYg%}593W(ay`aXEHg7+kj&8YiI}w+dsk}OAJmROjM=+xd?Pdf>f!ZTs<TubOHbyV!
z>abn5tE^UG{$n-e9N%9eUqDq1leYg+Xu}+KNbK);!J0yJoOe13UjJylxyPu6gI)a%
zE%jj;V_z`1KTI{*?3R%r#O#3&eoLUL?nCd|ZbI6Nx0`X7svO2$uD)<7XjmqVe#$ES
z*Em6ZJ<AMvepOO2*#knm;yDbVeUci0h7>raig`x->7XSJC|-oq2|4Unj=(|nBvfqm
z<-HFZ`2e!>Dj0}`bn5H}Ro(lQRC_L8xnrq!@i$S9*Lc|=ivbw}Xv(`jsMFU$Z?(_+
z$#A;ySzM=hSAO3QiyW)kZ<)zKrgx|p#YuDUyjT<&>jS2BippcCr|(ldJhFX>s^~3h
z*^q}HUzh)4@K`Nzv+`-Iz(aQw=Z{I|{cPV5DxH4yZN1X_NZX${HoJgizuF(>?RNAQ
z-IYM3emCa)ZnjCtbt=?m!mw5RO|^=rFIr}Y^h4i~(?E<@Td+3QLOl$<%30Y1Z)$F5
zdzjWuF6Y*Kzx0Fp-T||kF@3+RiHmol$HcHa=;Dq$2A2ajCRpJeQnJabcAB|o&^nq+
zWT~eY9Bnkoqe~3EKu*GTR(yTG`*0@Q$E>ZPbTX>331Swi@pR&3T_2F?iqQp&ik&hx
z0ZJlFQS5XjT&ezu2cDioPsIb#_|g`*#EDuA{$qIVS8?<#@1bAH%&yQ{aoe$^47OLN
z^(}+-bN7bu&s(;j#qE=+_58Trb1FQVpx#RyH(af{U~87*73Z*KGn?L9Voy|Q**lZ9
z+3!EkYXK272zRE=v%26*nIrU&kGeesCig}0aol=*j0W)rAj=2wv~aNa9PGXOL_;63
z7<=vI=vCBr4zzSZ-CYWfWcuAyw{OJC$EB$Z(s@F-!+u6uvqFcJhb9x~<`(XnZS@+v
z9#`8F5meghb^EdU5#X<ko2&Q4-aW>5aqJZk+P>dG(<PD_*Z=ibz$5iv;P5MzDV<kh
z&!IG;lKdLs&Jj37K?V`z@a>dJWoC`MZ$YH~YB#u9?c(;tLiPSAZP?iv6SGxM#b}zN
z^TO20eh}CP<qBGh;b5o88<1dA;AeoEl+6i*On6L0Xo(q6upN)a?Gk_Jj!83m=l;gX
zgLEWXh+K+Kv9F-h$wgE;RB9{dJc*1+hHxpdtK8n2Fm6U#2;w2_e}U?4GyqJCmVrcy
z)#BJr{L|4%=VilT;}nLER+Cm`<yILM?%_0EQ}1L}(xfwYO9E@ILN?cL9oA-B6%~J#
zIaEONO_!+aBqmqQhV_hu77SdJzdqJ6(?1d19s#N`8e5N!`R|o=iucaEc_iPEI1Ttl
z(O3EoQ(FQ;40Pe6=5#sP)kK7-yzoQ=7dC{I3wb*zHCQh4K_|-}6dbuet2o;4>+&5J
zwe61}PAhW8AN;ti*t{OZO?tG|6%E_(#ykF=QCiDC+4<fTSL}tO+wu<816S9VJ&RoM
z6jbDAXwO2KZ;7MtxUQ%zxF^DGdyRNd+hlq2WNJDhTMg5#bb9O^k_P>2Xf4G9%t>8S
zB?~P%;x|HpKjA*_#(^zto^e~z*m-uKPx#GpeOWZZh4f|2I!A@e*0@;=Qfd$R@!?(s
zzxGu_$lZBvRVM!NpE?yfHUULuqrG$es)J?$!jQ`EuZz}RrLQdI<~vM71ZTLk?le(f
zEvA86jz+<(L&-QTmxk+w)0UM2`FQ$2;JdgDYPyvNr`%E#z5CHihapeal{EOa2*I}a
zVNz-1h*n0`UW72uSOS;4%EGtvD}brH&CqSDax#$-bdp~(D3R?Db4|}6K`Rg9l6#!6
zc{F4DA&w4aOwhfV!=p>98%&M*IDgz8Npj(P)0uisM-431EAZ<1HTPR>a&LmTO&Mc!
zT=K_HvaO7oQ(Yk?Z3iE$P9y<cS#iHh1;ickaL@k`Hljvr4T%i`t)WyApf8KY3Og1t
zVfZy8q`4T+3$*H<$^h+xyKX0r!gd&kfP?~woBBFVPuLT<<_~;P-!H|q0sIIhF$5pn
zEz?ww%ipU&3$hrxcn)e4kz8`?U3GjoC}VWw%mHAcPZU=Iudp%XQKw+9xaXzo0JWX>
zKy9bV#KeUjbp4brj{^=LtV@h}homy7=GV`yZMrS{^hwv+4zjC~mx5yd2yi%fc^r1|
zIPiCPSagZTRV+#Vgj>n!@XDOrsC;6qD96K~9w5B-P4me0V@71os80Nk>|d!qm%@$P
z*YP<Ic27c&C#)|6g7sRflF?nP9SZ9<4*lc^w~%iUTB~F6S1OzX{tAZBsZ&`<ca5PA
zIL6xg|G|Zf5py>0GSwZhy|jNZl8kc_U&=A&-W~jrWt-%Dt}_>}?tK7vkZ5~0EIfKw
zg%XAaWJr!$;YcJM!ofqzJ9J>JyS!41-)KAXCqf1?vV)~q`90hD_w2Y;(P$G~@ClFt
zv4HI7)zrjjQLQj;iVKZ6Xl3>-KD$-V`Uoz-^(9Q)Kx8(JWb9!_!rlcUk0=_e6=Qxl
zASJL_m6!~hx?Fg@wQ_Uxu$J#cD0?`|cC=$~1how=wVU0XIP437^76I$xVqbH_`Nu)
zG04)i@5rgkXQW~Yf#|OVT_Rf;S;4Jrp~5ec^xD1YuY7d4;>urk2qi6h;Q!b3Y(CMo
zg1lJwICt*c$;llxcl@(!FcIT;PFIvh8#g2?p5T$O5#G>U1GM`G59LTNP`szA)BeW6
z?oAko&yG*{`3CeM><Z#wIA0fwNcXWe8#Wg4Gj-23VdKP>IRo<hot8sPC*@p`B89xh
z#vZ&Jajsp$g%asWX69rpBv^i3CZ<h-+0W};cKL2A8w^jTBP9XB!0>3nn6qx`1Eb;6
zveiS{*|wON7#&)m-@Rr&|15Dk{<Y||nKL3nyTnbU3(s(_v=A{}stuvaq4E=Pv7BxU
zv9(N)Ha{H6u4pbdPSJzt4CQB=j}$%Dc6Ls)&~Zbp$b)M-%MU{n5Ta&%C6S6b$`2of
zIJJt3neX3-yJHydM!P225zl9U`21lvYiF5XO8o$GBC5^3MRoHXxYHRBxdkPTk;WFe
z1CApml8e?o7dBJ$L&Mei%$~drq%iP{O`mH=DOoPqlqU6+ZP53^*HH4#^GPqFNs&T!
zZ-oVQzqKFD9lmrAqsfcrl@a1GUH0kFC}{?SY&JIt9g~_`0>Uo98Z_?&SMk_?U0EAl
zGisyT+s+RghkVj;Qa2s^!nXV~CuVCz+bAXZcuAEFR61YtFH4rAa`DELm?S4BPoR!t
z<3fYC9VZ-oz-1-*4##oxMO{0>yr2aT3+MEoq4-*^f!5)Nz4P3y8+%Sg+6c&^gHi6)
zo{v8^>Mr5n)Kqrd<Fk(+sqF0a)Wx$y-0Wb2HgiMe^2Qylp!K+WF}DegGN`n#u_kd5
z$n3v3?`@J78UbiWt)<S1w??9pAoh+qjNHLay`640?Kp>ry_Z%Hk6japghm~P)_57U
z@31cO&3NCPA98b=xDeBFu(P~!d&9i}7iThoe0=nG;zFZ_)rs3)v^&Y9*<_F?+@#M)
zE#EdBWI?U!pC!y;sci_|xnkkvJ3#&GYC#h{F(Ze_&)n)?mykQ9ceL7Nb{w)fVjRp_
zCF$Lzu2e0Miya9_x{SG}Xt6x!vWoA1v^UaaH`fwUx?SW}Db^Tvm22ROa)eU0iu7nu
z#ZYD`CF#O_J?NFn@q9OO(gxFY>a%%+rQX86M!H}kH3GrGdAp%c=ek5)pKAQFGp+C%
z-&n`dm^igKw4m4%hU~O-uF&+@@z~J|WxEUQj=<$JRg5ugJ9!tHl-ruG=^nC<v*WQv
zC55z|eIT29vi7NK=9eVy@BqC>Q7NKQmRAT{w~3A;AX%7OwM?qwRV5qTGW`~oc)6{i
z;SvY;uvOO%&5k4lax>-i!NYCAJQ-T%D0ZcG3epEev3THo^`4$zo0*l~BRC1w=?Zyr
z(&X2`by-AoKNXd((lu(H;-XpNkIWDu<H`$m?F=<nJszCw{Z+8qv+PT9XDIfrVXzw<
zj!NbdG?mEo#=*&Z=Kh#HmW(CnSo3C#WA$~!?Sp49(&y{{*b^)@9J^AH!|W$|0_3D%
z%66BrGP6X*VYSS-zw+h7Jz+7`C&?PKv7bmtR0`qx=e<R%SKl*U5*q4UbN0{yd>|{k
zn+YlsvKd_hD@=#a+^+I|)q-!-u*_-ffm`ylEthR_=mPUtiw=&qxI-iJr&(qP(vx&z
zJ*OV<G97dA-qFr<TDvaH<{(KrM3D&T%LtCPWm%8in0;El<|UbET$rFG=on5knrv*G
zI9?&~Do&h16Ib-7<gUp?|E?RV!?A758Eyps=A8D4Cl_Ixm9%%T?KsnNy?$jH4F6X;
z!GW`>6&HzG{)==i6_1zQw>RU&3(S(V5W-wM{x6+8fn+cg^UpV8Y|R%iVs8rp&EK3$
zOxQ9CgHUMmqH?z<Oty0;P0kPLrvS_sRdv+M>)_-ToyB}>JwWf{Wb(2ixIVIcsa3`n
z!6VsPX*8jKKIKy7xBA@_x=q!7ZJ>BnWI4!Y+T`9w*C`A~%@!DSi0SdJu6@VBk)*fz
zyj{b+Pl+mj&fV5F%{p3>t(?UW7Tb2|8vn?6Nj>=OH+aNOQk0zPH_x}bs#jVjxryF=
z*)7ee9d}fbsLv(#(oS32`DYQ|o$kkG!WSWewV{F5lcm}tzm|Jbk1cP%9)i()c}eH%
zy6T~7)N$NW11`=^zQLbh{fIkmsEkLt(`r)fuKCc*6b>mEDGiswO${#o-Lj@o`g;qt
zsCN9o>}LXUqr2&1`1lNj^rsVro-K2qb68kdb$4mGHYn}U24nUH%j+KZM_jLs8!ut0
z4lW<__|6yo^pwfR@+ukC>V8t8Ink3GZmN;PZ)iAd)mxm?Co9$!nPA!BEb?05igwD$
z!gSYco%{J6y*na2Q{pBQ=G>#&RR&qFmTa}QHML0y$w?JI%W1R7I$d}1I8eVP*UvNg
zX1VzS=M8ENpVWbSoHOyOF{97A=Z|koAnp5M_T<qEMYaQ`hb!pT2j*Q7Q@sYI>_Mp<
zb-s^-F1F41&Ta>z4%O?D2*J1Z0dyZyQA-X>SAM?lj;2(2y@m=yyhc4o+kV0=hd1DM
zCN;>&<3oAYq~il21=DzGnO6+ZZx@gL^2(2}Xh>tlZuMn}e+#j_d7KBc-XymXc$Sn`
z_*tBkVEDfCucY&1mDC2@QK$v6CVDoJwIw}SoN@3Az2wMb$8q!eH|qw^=gr83tCwqI
zW9)RUk!t7V9?o5}qpQ*;fe8I@XB2Z7Gq4M&Ys;5ya?>2RGLfK5xW2gEQCc|LnY@v`
zU&#S6Th+8~;v7s+$ENt0x&20461#uYLdEqS%)Cb|r_1_b=B0b9FH+a0GgIcDr1(Kf
zKX^GPesbX}-&@uA8a8nqn)s@}u6e#`rp)!hzUD{GqMvnirJAe*9R#jrvUhH%RyhTX
zjV_bfsrbG9B|S2!rzce{@pg5(Dua$g>D}>MD5dLNlPf#fht5Y0S&grwh50_`CCS3V
zW1w4P|IE}Tc`7azBmSn4DB*fyB)-726`1kxC~Z7%`o+~3a_9QKbAP;WVdsHX5Mg6w
zlI|~8nd5lD1|3Q4n`-gbrK1hZcP{MM`cx<IM-I&4+(UV6ZE4kXauui7Ts_V!RUaEk
zzl?NH^k>~E30{7N^@x)z_VZ&&wL9jjI?-{`#DSykGVifa|5`DVwx{$(e0<?Bc2+X$
z_z~wTq_It7KWZZr2L63v5Ouwn2uQ)76TP|&!_=MPty|DkTrXC>Y{q|`2l(IPE5K89
zjrM*9cQMRf9xp}@&TUy7_ASA==sY9-lkNQ41kf7)Cyaxq{=Nw##(o4I3qO4<6#Cg%
z$4~mAaJd@YzaIntlX`b9hWg*%x5LJkeW5J**Q2m-0%4xuuXgJe#(O9EVPWy%3upb;
z=X~@e#(zre{mPV->3R7B#}%}bn{**1mGen`0Ku)g_s_e5AHA`Q-4E5p@tPM$pg$%=
zf{m@<Q_J-HYMfefUenSar+GF5Eu>SI&tqeEO}9SANz8DdzkoBx^N>*FzZnT|8(#At
zW>24a9@~`ENxo3<%m-s07ybZ?7=OEpGvpf1V@0kWEujF<zW!2r9Grfrzauq5-I&T`
z;%h+vWKJ#`TWdwgu}r*Z|Bso)!8e~MP*cv;<Rm)L1PTi%F6n3^rqscAeHZxfsl}(9
z?_i$U>El`354}YmL#>K?IQ?ci^c`x~GFrq(^6$aPrD2P8#<4=&HXlaR7_q~tPnRME
zvu1YK-eV2Mr2<M0R-|uO;<ep(cK8dddw!1*-NyTS2`{tDf!sAqB`=xQd8n>rQjGHE
zI}@v#nC`(Fxk+Rg+p7H6w!~p{LbkfCW_<*>!eOw#R~qCnlC<tGuUx+M4oX^t<&`BK
zE<^17omT!UdE#-Cz|2*!l(49xxmsk7y6QJ>V|Qc8OAQMfq<_Clpd3t+ya-4ix&3&o
zFnM!_kKnU-Ek1TvSPEu43e$>1Spr&{+c#fV|E_isaPhQGby|}wq5tO@sWbRRmIJ+%
z#Ku>=@G-ODUXb*l*2HxFIZT&6W|!eDRjH8d7nN*wP4y|~q5QvBm*6tKB$+|3Dw{rQ
zReY*;kTE|F_)C_|#r$@nCp4i<BPMiL+1JM}q&>NX@o$S9%EcahRe67#(!c&u@I>xt
zezi^_#^|YEp(9WdIjI4;&d#K?g^wq6^v&OkXl?~8>XnPje$c3^Ldo(nIcCN^&t`mz
z3zq@Bgdfe{J31T(3)}nL04~nh4=918YSv;e+OlusU|~7($Pr;<E9u_<cLzd?aq#iI
zQFU4ufpsBUPTvO)OI+j^7cO`*-hV#%3V5<-6vp$2>7KsC4d|^f=|jxdoy-1X#vYSG
zq4;tH_`pqxX`j6@#)k@%-2K}&plsMUI9S=ZI4%>>yG;yq=aOAp`FIC|$Cj^rx+kQ_
z09_x`I{iKr?Z4D-dBZ4T|2kMmae~*<^^o&H`;o}Szc&3-%@?&6msY%LN&Z?6c_~j%
z=+IS=GQp;h`Two}uQznm`|rt53p|G<{*4t30E{5=uMxyhJJFke4gDtp^MuKRS;STb
zfwTa7u^%ecYNJdjh{-O_iNk=eEC%j~{nqs}pMwt#R|i9`J3gHavADC*-QvT4dO0d0
zZWihC!_^+!`*-!pkjp=>?)8oh1|vnNaPdH)>ql=+J;5i>THy?->%e7^2>i#S{z6YG
z8^&q*wVnDlT;Pa+x9jo=`8!NVp@&)f1<NbBH2t{`l&wjPZJ{6i1#Dn4eE9v|(iauI
zK=uD@#=ZJ4gN5D2!#JdWO$KafT^24L@O)S3`uV>;eg*w;2i(*BcJp+<;ouB61Vfuk
zrpW$spjiy);Speizpk#d(>;9=AM9~v-2c`Pfr)3}iVO1Lzq3t@@|HnAnH`3X2{2A-
z@l?X6e>uanX!KHwo%##ejMHc1gOGw9`M}V?$hk&)Lp#Y6xC^nr-Gu=mDJjn3AAA3G
zx=3hyXOowTxZia?^gm{?4EzG@2@Gvizictv8WYRP8fv$6_3i(eJuIAe=wW^{g{970
znEZFP0%q{P+oIx_kn4W?bOOa;x~8PD0n!)2^Xc*b%I9Fvx9A<6RL6|ozYu9mesB*<
z{4Nh8egUV`o4<_q3qBa0t2f3I@&4I1=(uJb;5A>@_;;XWdI+|RZt<DhPNOwWPgOua
znUEA6+~kNJk$%P||9dH!(Mw5UN_xxtzii1raag5Fg%x^Z;xH`d-*n(c9C}l@&tl@S
zY}x4|5#qP&2VRj+>)!JGk6FCT1%4s?GTI-ymnCAHxE|PQ-ZNS+x|b3udyCr)fw)PB
zVJ00%%lC&tvu$}stx0>^(cn%t3MYt4mb@DMs$Cwf{fr(OoIx6|2*&XmCkMZFFM1lk
z>Ed<RbAi10*~p+psU|m26=DGi;@4+L5l*cMr!B3;!v*Ll*FqS`&s$M@V=Q<GcwYY(
zErn?ALuvQ@4dX?WoCk6v^WKG(My{B^(f2pD9?;{BzG?k_W|6fH=shvT2kqV}xnoLd
zp2?U$1pkU2u$$|t!;so$#zh~gH}oI15;Q?RjnBvbv>Jk{=(tLI$*gvXE?>NQ+z!n$
zI0)u<6P@NjYe}I`XB)|(bIi60@pmR9GGwkX?kq2FM7pXM7-S_5?#jmr?Zu4A3fism
z*3}XZ+Vh^&^PV)>WpDy0=$mm$saN2ZVy+Rpr2<0-xjpTSw?6LKf`)@TzH#b0KcMqp
zVX=(Ayj6PxGj2e2gKjGaHxL4bm|1Kcd|-vMCcEUeAOFg%qKwFRw)dV})LCe?#SZZV
zKw%+?Jp~qsubN?Cb`9I2qk!~<`WKbF=w-ea#$UCoAMK7D-s-u<l$WJ3*x9>R=ep%0
z7@x;TfP0bla`8A`R@t+Pkbv8=Gd5ErJ&(?!n7kU=p$nZl^m`b$iwUW$wm4qyeTTh7
z5`{ut^F6)6hP|)hj9Z#7e)2=4>v4CsUW@JqtPXC6+mN#~bq3P2+9vp3a(_BfYDT`3
zH0fhvRmB<eYKh)40sw8ziIAH2K;E*^P1Ioytoy8|L|Ej*xyvC=3THFcP^eG;&y2OA
zXAB%n(4IO`5S<5h)_Zzh!$D8hQd*Dgk<A7-r+=vei68<8sekOPDLe4>xrBRy5a<}F
zG6Ha&>%E+ZN921CEFx=mA@GjN)s!{RzL8?H^a=XIA6i9+Q85V>gd)?TR8|>3`4(a%
zEqoNmG9JXSZVLF%w+f%R8)(!8;0&tu&tuy?v;>|Kl>VO0T3}Lb4NP7t7xW+$8oSr0
zQXsveK4Rg;!l^2-9XD^wnLXLN%s+i0NjXQIvvSQ@ckBmPF>rNZ_z$9zoR_-OMt)L8
zbAg(pd`A7ew$W_Xs@;pzvZ67{^N#JsPVAPEmIfc&$(?CuzW-%LztNL&>Eo#xefi6b
z{tbFN4{&j|JW@CT^s1>#N{n}h$vSg6ca@!F%p+4ssB5<|L`^=^y|Ao{)ieQ(OTuFh
z&X3+sdhNo2Ts?%?=G=B$61X?Fz-ZgiW#&sMEPSxfYbTNvIGRQihuMYY>#<&EE-(%4
zvcLJ1HK6l`PZ;1tC=45WE0*DH0EhhkPViob#mO}`8?TJe82iXYtC~nNH4*2Zkqh23
zL{!IYhmg&bvLNstMO(8$9#P<G$Obn$#|+9BU#m3~dahxw-kItVwRO(Cw2BZOCD(~#
z*UGElS=|CQjIm%+s<5~-e*hyS0<Kud595mUPv3+D?TVRpFZ<|8;5NUt(4cZU8L%h|
z`>F#M9o%%eT!ZM+DRIH`v3^K=^^UneKQnlbwc*Lv48+%BBUmrQZgPBgYFuP(E9+q-
z?3VrpIy$VPH^?&^v_vUN*`Ch@2w(dBn}_@?OiSsZQ>b|WfSd-UU!VBW`8&`_fF<UX
z1>?Nz9N<M6^}pDA>$s@9wS81z5L6H(L?l%d5CNq-L<FQ16qFi5y1QFIrKLnt8j<cC
z1(fb?kY?x@Vi@LphY`hRKYM@nZ@=f9_q?C;`WJu5ux71w*L7dlz2J^8yv)ZRtL);|
zI1D$9yHiK-9a-27zSLO_-CP0e$>lneaTt|g-pi(L3#FimH=}7i^88W&*cqLSth%b6
zQ>AfB)=@AwU3ZR*Ml$TX^US`>UVVZ)OQb6SAD7A80dP{`l3Nd`aLOnD;hcUZ`=3sN
zx0ktBc|EOV)RhcV(eo|L>L0Y^oq*XzDOoeTq%$KM)PSxsv?I8^kihkN=*aeR4_4|5
zcJ`)g^`V*Nm7Fr?y0e>o^J}vdX$Gb~$XJ`m!_5}+DI-hw^dDR|y9J&!h^h(bT|dd#
z7;mHE*%fr=^%`x@=Wq+&5c7J`F7K?15ky+*NW69nTb6SYblo*}ZtSncP?z_6FU*;d
zpf-AhSxVt-@8Qq7a+|$|;rY}Tz^cs}N#pn*P2jAB0nfG14zdV-gp>}{S+2E)=zMjj
zC^qU3ks^NB<cTv=L-hjyoFcePSxKv(exyaYn`6r&seh;YD<yl1%C%vb$JyR|*Y9jk
za{1=j)ga?x8+l%6fZ~cR+$pQZegY}kpQ8?CDe1EVST_LYMJ}9Jo<|9V)R|Wy;th0>
zwK8vpZwVR-ZoU?qZS9fIkJ*4#(lnBR+XGa?EsRGp?Qe9BP*Yp2V{9Tm)94Owm+B5}
zLP|<ha^@8+V{C2^>&7=u(~?pDLjOHUh*3G<>ysirW$==U30DJZoi%~zq@GR(<Oypz
zm7biz^dSR&X&H6wUbXITmp`B!hHWS<?SGslYiawFIIRktPLt1I+yG9N63CT+YzZl5
z@xO`Ne^cUy$#QR9VDR}V{Kzu}m7jhFS|5(8SN|@_FRTA&b>JmXe1Z%b86zZoe-)(n
zg9wY|ULFpn@QK9$j!*I$%IE1@yg}hQ4aY^Yot#LBY%8vp$pz}u#oBFD+=>TcIS|Zc
zP6cx{?McVHKWpAgz?FS&ib~E?6#uT4x&-?4<<un?F#-TO5ZwDJC;<5Em*~$%gF8}B
zAL>QULrK^A&f&h@J<@^xM)n@1p#m4U{5WtCuO1h?KLZyD<F>%$AG`Pp6<Sh`?>7w#
zdQYwZH4=ay{);mFA->l?CiyJ)9%J7+$t-~6OF<fychR81Hu@g4*8u@FnP)T*Q>F2i
z|Gm1~9@_l`z``D$C7_5F3_D$b)8?sTbI=Y}=@#Nq+;gflYk;{~9#@AtoxfciVR_k@
zqXO_GeDvn9&5JUF{B*&r)A*)Gt_Z@(Hg%_*`KI-^N96od&n8yi?i_HT+(>t(=;P13
z({`f{sEw)6Lg(H*Q)S67A=NQWwZddA;h8<Qmrs{AxF!;wH!cc44H8(^+_!8O*k1@^
zEt!rqK}Mw=CpN+NPhGs<c+^3TtzGDrYH^;q*Avh;XK=yJN$@{|`3+2qhqE0g^Wh*3
zK#QLoPJ}n`AET1NbrQ;`e3qQ0D+4I;#TG0`JWC+4`*AJ+TsNh7_$vhluC?cNB3xGH
z&M2L25f8cJGIRqCsY37I14VR*tgD^BqVDclQG=vwUz5cBGo(V=>TaAm&Ud#Gzj_2w
zW<XTc;aA=7Jg4g!cVRWmRgUHB{|OI2j<r+0ZJLD&z+>IVZo6_oTY{*p<99BOTFA_W
zyH>R6_fYsi$kyw@xya*)&4P<tR!>Wv-A`u#fS|IhSxVU^=AKu~dFM`<nuiC(W4ze{
z7{6X(um`lqq7FV_<uIV2gR+Ktu9D;0S04l#k!=3)d;5T&zSsc)5HL@H<=>?sro7Rg
zo*wj$K@$tWf@$Oa5uat~^20E{c#;mGK>xSZXV8!<;c3YAr&a!8^uXU2VFRJl$TD>4
zFM;9d7@P0q@r5|{G)Mq!4$7&a5b@{e^!NV^kq7EqBG)VHbEmwRNaElHz?uP%hm(Jj
z83C{cyX6~C-ASC2dISwmTcP@dB9o4fPZAh`H-7=z82~CL3Vx|;{cT|DDSD^j3qXPS
z2J^&v{%jch`^!V2E><yO@)mzRq3ZzHgTfurcSZnR{X1Fx6=<hJFH`Iku=RJ#{1rPg
z)RHRgP_f-y5En3p$4LZO<CLd2hr}5J4OY+||F<|C6xM;lv;Jt7q3(r(9J=*F@aWji
zc`-cc@BQI$&R~ku0`>>&^LyUkg<pK{X}}ODLFk@*`GsHohs%4H5zu<4W8e>51Z99P
zanV7|65Xu$85-h8|GEMxpxyvVpUzWo)!(&Vj)7SqBGBEATF60};F2oPQ!ye8U#Roo
z_B*MjP|c}t8bFB)L^6Tbe?h74V4aS<z!JlWj~!fx_etEHlxjVVH~}Vg>8GXW{cB6f
zJ3*!X)8*0KzQNwIwR1XXqWl0Y`A=(6L!TlVX#Ggf{g=a*0-zj}=PCNvo+t4HUwzYj
zv%(m4bq@Lg!1^la=E2>`w$m<9B%kajO0In>lAuzUmOpT8V2QIoy-wl@itRx37fX2z
zh_--#@qW>0=YYafC#Bl{veiV`CMPM&f4ID#fllx*_Dm@0`?CY6j6Ov)e7ex|*A=`2
zKuZ8-CtyZ@WmJapCG5jrd?(%cUj=HC)tlAf<N9F-6^KON2;n(c<I+h^&V&Vp1yXP~
z(<iuvCQ>f~^I3m7%f!UvwxFnJaD+hQab#q|{%z#tZp$^!SiFaw-Y<~|Sm+o<e^f-4
zQd1S!Eox04K@09U9FM;{tCIOzzc=TZqSL5DF^5?%Kts;HuG<_QN*c{HlO$b9x)Dio
zIBWO$sgzme?64XWzyW)483?4-?)%U5+_tJw50?zEwXTzOPR|DP$dT-rIgWqBUb3jq
z^Hj*!#x76U>cduv_xbJJiRjVpP$KO3^nfmt`44sbF>z|ANi)O8V2S7T3H{lstO#mn
z1tIuh*4_n@ucPep!Y_bHK{4T78xQXRh!Hf!wo>k%wE|S@C&g^v>}h|REZc0~BHLkk
zSAni{EEdm1u_K$XC%<{6s2tza^U6jPd&~L>J`rpzJ$ic)UN&moAj?HtHoZD-)e*<t
zLbFBIEQUBcSI#1TswXXnb|(f_av4A;H3wiPeb&#_ebKCrcYO_@!O%z9SMW4QmBxS0
zd7j_RqFAlM2@uI-iVjm4dtMH%KY3D_LH(378T)$;k4$p}voYjcJl_hlqwNyK=KPPF
z;>G8D+~Nj3G`-17YHSRBSF+xbzerrmy1&2qWCGlFD7RX^HkHwa<?iWq7Nl%f{<PiP
zI%s@>?n5myqH1H#nQb9cKWSe8<-yVWD;W>;lv`<ZQT-ZftEN@nL-wNy`$Z00GgJ$K
z7RJ*leU2Jx@6G}3_$Hk?k8ssJ^782taP6F{itJ9cmS9w_i3O(ZtIrj9Pgn_nNdmI~
zS#ke-ye{~YIg)<X8wpQg(BQh3dx?V3MHt}9t>oZXZIAp2P@Fk1u6QUa)1iTwY00f=
z%Et?=y+Fc2+o{~y#Zec(#LB<=ys0M9S9dID_1cBYM=$p9HDymO@flB3qGRV!vgpxN
zork&=>Ov=d3;=5nNEsAGQOkf)<0Y{@rJMMMK!u;`wDYOprPTV0{i<uoC~vS}w=`_R
z-dqvqnsmEi&%JWi$jNaO{j6nCGKeLPe^B{oA&h)8k$kQ_{0eF}uf891Z3t8-e7Hl&
zTBSXEdvSMxm~Ct11@BzXsqGB<Y3MIb8#)85zza})l&k_nJ{ZZIN%nhw_@>9ZR4w;Z
zWj?*@GuDmd2G<-Mr~)skvYI0Eg;h%Vq(5+tDLxF2W<U|Y{3u;KVhwT#%qx_M`L~ad
zLI*NJ97rF<>F>^x>RZ{X0OOkxco!$E&-f_xD45`4Li-NfpA{0?7Q;QVKV@7kv|_sN
z*e+nGr%^h#Ki^E9_GO9{k|u@3@Lt(D8nA)XUgoFdI>gQdghZ%!MN6J1v#^`}2xlM}
z8mWT#vzX|V>hEttX17>tA_vkTamEy*<k;tMi$bOVuI}Ko`IuTC<cgbOZ=hS2YqM0t
zh)0TC+%V8a*9IQe2!7xVvhPj`BvT(8zWm`SE3?<$%C2zZHur=rS;Sl$?48nlNr<3~
zXfr_g91Oj7mBi<UB;Z#f$on2E*(B6cbR~K|98-rj);Hy%h+=aK5MYs3eGyS3=0Cvq
zI*>4Dr|m<nG{U)iz{3HuAC|AFa+!znTD#}3eOnPz?sQF#(iY&~6n|kT*DKEh$Y0WD
z$rZkVRM%pj&=G4yU){;d9V+-{Xtk$>(}F5ZgpZ!nu2t=RjCE>0hy6+P?m|A!iY1Tk
zk`3=tV_hp$DZF%iUt~C@qe+{+B2BuKB6;8k#;*iQWE1VagMSs62Cn=@gs<`3k`k8t
zQbKLlEJs{7>*TGMr%e$b#j!fr#Ac>t`R>5&*kj!Q=qM>&0?&DrMC`M^+<9-}=IWR=
zQb97Iy+i+KEB7@CldU%x1jEEb>*d*qn#m-lmpe<GcKPeY+trAThWpl=4n{>4)CBr*
z&Y}3YX%N2ti)+Zi(e71%_g89rF$ufP8){xN60aFQaj-l%1hWLlwcUteRqM9kIDjan
zIUi^LPHH;7Fw0Q1Do1(Dga#_*z|UUsg|ejlR&`<h*sdT+TW+bUy5m8U#PS<cj;#rt
z=(M!@Y<pM%eH$Os=jAn)be5hp$PM|6<SfKs>TAzrG>LL?Q_k|q<Kr3KtT!_s1gjF)
z+f@G`8tEN~<Al=_*DT*5*sU2k%Q<D04-w|Xz6%!+pgr%fU2ZX9u<;#uF5ubHKo&)I
z!C@{WwN7`;w9;-x#m<?7#F8FgcsmHhH>;eIXB2VUj=b7gVp$!}W?}*N1Edvt?{^kK
z2NuD?6f~DkJ}bJJFFnV!U?|%<!?8mi*OzgP6Zd|qa%+=;uJw<?p{K0_#Iv<B_G50z
zu?~m#?4Ajp>w!X*b2OOYD?Ms<S*i`~$oYg~D>ryca`WMol=Gg`!C}W7#f*9z_w-fD
zS7H74_qqe_^T6KU03N69FBs4WOeVG$ycQU@4N{x%m)pR^WX8L48MD{8c}LY)@Eo2z
zOI_Gwb+F)E8@#Pwb+8A-;G|t+H^$dxzPEFwd-r+%ea9i^HN7q=`0M$G#=SSWOG}n0
zI%t%Q0l=;`&>t8u{|=AlyAY*r_0gtk0h3=|z8k`R0|N-fCbw6(gWo>--ml}ZQT|my
zKWf;HUl_4`VJrK{ykH<caCR^`IB#wK6VxoMs0jI@2fkYK4F)eQ7f%UdVJH+M-|xtm
z7#>kQ+S^hq-|u&xEukJ54!u?}>0UWO8F;7DZaL4@mbbL+Ca;+{`Ps)txgCof2R`ZI
z=8BnNK`LFHiB*i94xOHGak%`vVIra2R83c<!2<UI-(tQ}f57GUS`RI@-3&b9xE&9-
z3VP)Dha3E(?nIc^#F=8f0RV-;Ret!Z{ZOz7AxknOxAFiYnz+%JI5;HmyT}KsGjx&i
zlPm?jQ|<35mx>_5$`)S#Zp=DDtX5rfP<s(s%rdf>tmS>Mx!j3SLLfNQGd18;KqJSk
zKB2A>Ygu3_$7N4(<)C#7W@#casbTD1MBYCJ9Uob?I>?3unc$|+$5YWA;Fkwo>?EYM
zTXNIYH`HNK?_|^vN!$Vub`$fSE6)2~?E{Pg=la$~z>0oV(3B{lQC+i8GC6|iux}Qw
zR4`$qdPNvx_0u1lIYTWzEq)Ln!jzSo_g?qC`e5PQT3z*8=#cQyojQpc5<7jdGx%6G
z2V=48&^M5H1BejsbG>1TwPs@PguuvwmWwu$ZVviy;m+fFzI!x!vhBvsFM^1j$NJY}
ztnej$--q7ftJY)baadZs^dv#+3rYJG0h<&VR|NA&@3ir7_&vL)-v=h%Ke@OoL`U|%
z5^F&n)8?R-M6+suL>rHO4E9l8@amWzyWIonGIN_3`0T6Blc8!+><hXyQQ*t3)DqhE
z9y#qS(%3N{tRP>143-Xbhn@%G^=rP#Qw}in0=nc9oj*q723`Q<i^6z^CGH%)#nSA!
z3N?Ki^OoQd^YV5zGWS^Z*&yeG#?pzl_WX)?I=Q&*B*dH$EJX+pmqW(DT5FyXYM?Wm
zrL!#Q8KB!T`>tJCq62;wBnAvnzXjnFTw;ZZIuISi@iGobU$2#t|C}yQWh_RBIIAk3
zrjxF$L2U@p?Z0$3d&KUo>+Oc=K@SlL%mv+Ze2XD)_14b4JnfqH3lani(}!v6#lSn%
z%)qR8ZND$_uDaps;&8~p!H6|pU+@a_tA>3vbeo`{u=ehC*#2OH;;kypQgg%aY~|aV
z#><K-)<1@>1rIe`4KlFUf|?szwc*<jIyNBY85SJ@Q1t;1(M;;R-{9^iQCX;6R1@%G
zvkv%SQGfkoYsXh|z*fcy!Ur1w8|he!m@~svQT`J5J>cr?Vwt>9<%#@cDqLJO!Qm5(
zM`Y<Ik1^snxv-8)#qiW<xsUI)OuXShUxPhFK1FDS=tnGXc`d<Loq~mjNAUd2Bd6JX
z@6vW^dy~DFCKz4xxg<YaYoFDcdft?EiAZpTn9yVeBqVUo77NqWvbskMc*vIy2I3vf
zSVzq2C$@Y)3!17}HDA$r$2iBm>670zdu5ePOO@5$p~~IdaMZw_f3&6#`z!a>^h05$
zzN}}({)?SQ<Y|$0^-{UB2j3Cfit^#AX3ZDDm+z?2nOE)9kYlXt<q+>Wx4t>rn0p1L
z#~1Bo`wULJ7Ic|*dAvAmtbtio-J}%p6-VZb*7-|%y1Gq6+1~teRYHzM<g<_Ej=0@D
z)f}G@j3mIP``#ok>w@w>J}WaHy>v4lDi_110=(2qzhQK3!3qS*SNZKU6u<z?FjvJ4
zU|yM!LIvv!#|1nW4vN}Si{OTR)9P9oZD*sm)0#!D?`I<}%E#(R;FLk@<KNpZ+e9!c
zl@)u?;$aez6V8x6d^JK5|LXe%+}g0!o6=EDy2_x5L_ercsm5rehe&P$fdnDYo*Y*j
zfHaN^PEO0~&y+p5;ewAC0|*&bY2|9kHT!8bN#z$I0cmPTxnb}X!iCaxU_dvGdIt?l
zve*_4r@hI0LtnU`qQg6ylAY3ia3{a~wyRADZ~4T_gkkfEIkw4A&8Ocw^;;S66sO#4
z2QR^3?}=sh?k=TT>ZLSF+l7liC%7iiMF2gwAQ`~jDv1|olkz5r=MA?H=Xq_htV38J
zEHv3%F?lMe(s_P~561HnB+5dq_p69ur2olm4M%6O$IYhJ@@Hr$9@$qHrs_(sqA7o2
z#k7UPXhu`@`CZt{c6FpD+$<_Nh^Mz*X!lThxwI!$khXIelkYQxHcY9{T~89ZaNsED
zyQAcu)vAl_Way<d7mSZvBwt;WJo_TOseDe!!+E*u?s;OHG2^zIXPg*CcotJJeu_z6
zSC3wcMb-tU9o4Pu`pBM>-`nAO<x1nKz)|0|m?WK3WQ!5+>g2&}#sl?BFwK6GXC`XW
z=F1JH(H8?%kIevrlYoODS3+O8{He}<OiXnob5E(<svYn|0KoHO_-cMqTO>OCgpEQ!
zr3>E+>*>|Exy*@M5V)<eO%VNYl5eqigiPHjRdBym<2q6TL0zGIk*jaMuP<AZCWqV?
zgMwSHiPzNY<J?qLRZSo3;tkxAo3svYdtop$!h^OWX`Nfmuaq?cSum~`u-qGL7?t{p
zk9*%4kzG0mwVZy|6?bdgaZPLyxfe1hp45OtQv}&&`*vYR4x>U|HMU2{DQDN!zA;pS
z@;aZwj}`l)j&T+RbM?&R`!+@sImK#Si`vdoU!7@O?x@&23C@h1SEt;$beS`tnp0~#
z#gR~TaJ_V*#}psiwT2est8p4n@_6d?T<uW6RJu=_3c7%0KvPJdcZ>*UUS5=Ev&|WA
zo3vvWP&N0Sm*WdimB8Y-CpK8DU87V7DMRdc?{`nqDddW|1M?(#m9i?0sk)pn`Iw*Y
zrB}Cj3f-b*7{v9mn&WbFqCXQi&PhKOEOdGF-q-fK!tq!4@;Jt_q-rok%S;>sj{;cr
zhbzy#+8UeqB^*gO7LI(?@}p!R*r^$59}u}O!BW3!&FsY6L{i;*fu>gV(NZ>(`Ld<_
zHW3yL^ah;6+-PKA!o@zP0yp2D*TMCGe{&{e%5Dfqp-_?%a`TCNW1G^mD<V`9LhOwJ
zc0=D_4L8q5deZ#zwT~_UD2sAm8o&ii-BmnqeoS^BTR(<bmgPPJQ`M?ouF8UQOkVJ-
z2I{pRYSbXyN&qRZTBi1=Wg1g6Kl`O7`Uks-$aO#%@zD)yg}a8h_${P7Fg7Q>bgIY8
z0k}!)SO+_ASEX~snr#ir<v<|p3%I?v$MakeX^1pv<&gQJZL|f*Gai@V>Uzi>m7?co
z@mz*46Zg*Rm;(uHQ2b!RpZXDVPM*=x5(RIn>Yn>hySU}Ub&2OM@0x&JUhFQ|z2;-3
z+`lA*d_Uw{I)Q-X8JcVHxV+~zYo#2ULy1d@9(u~DaBS$YcZ(V`Ef|Dtjo1f0d_+P=
z`x>9D$Rg=1F<<QzEqkrFG4rxYdWkC)Li7(AlH`k@N!ettV(<GV!zFe;e`!4JfFsxE
zKnA*LFackFqqVAU-R=k<Bbd$i91`m#5MI`FoE#rnL9E(JagLk#Mn*BK-cspO_wz`c
z#PD?6QU@q$#?gikO$|gFD{P^IA`*V<S=Ltw4X)K0SAfl;`lN}D4xr|$L&8;Ap5qsv
zK-34c!>26V)t{Slmp5;#W+??SFq~*bN^;jFCUBgaug$T6;(n;#vXJsCu`=|tgE_jo
zRu}rH?y=du@?yzoStPlv-uo93$%PB_OFD5ytoS!<4xnqT8MO2mqMEhxCoTh^7opo8
zdw6mjNpi7i?Wn{j^l=W3vdt20daO$<^J}sohEAXD5<7n~)`%y`4K4Z!?h(e-!^K9A
z5;W{TT(`wf(iF)q4jB*gPKXE=iVoF@)AEK(-%u1_Eg@82#?<miq_20nPa!wuBG_eW
zZwXr=*x6rIwu|J-ZZGgJDbKUE;r7U`RvO$bQf?Rwn~t7ne^==wbfvun0_L)J&Ulhs
zF=J2WJ$Us3FE9e&N#E!#V0^ZEk{mGRQgwBi9P$<k@t1(ujoFep<6v-JOwYUcMRm=E
z*1I(iF?c;xzf@qX7jq$Gn&oT-tJ{HN&bH&;#sY;q6|dFWSgGWep0hYy20q{_*iDiZ
z3*Z=2E#i=1!8zRWj?c+G*2x-?Q4R7z@jW;ZZ3e`GQUhTKuq?i(aSlYVVM|NQm}=Cr
z#a3bLy)XUxRgyazRS#BIc3zif)zw-&f%8LLi7OMw5Au;Ws$X{83QTg_xk4dq`RQK5
zO?mt!<9R?M_-W&pMo>}~-4MBf?!x920(g?~i%2UnZ<lJ@r=ozw^(G)WX$x5k+-ISH
zzbuPaYM$6!E3M1#*ebIC)P=pdkeKQcjoqgHTh*hQYjbU_uf6;1Xy!_*R@qma$5|mw
zA2^XSr3SSLJ<?D5b5+g#FWmZMT@6assyirXRWnLVzHy3?{WbvwtvRX!gtNC3?b3nF
z$32yiD=4n0WFX?3(yw@X>~uD;k2xND5)VD+k2_OlULJ|@)pvQlFM+Tlbwy8Z+c9*P
z$nf*ZIiS0n=uX@9zX$M-q3?!>e+_*DTXoFB{7;o70LfgFeD4>l?D)H-#QsFX(0Rmv
zxA0|juJdmik?4xW^N%JGZ+Xk=Q?cd&1BTh#1CeZ`c3juqN<BGswm{c`7ZYHN&fy!=
z8Sk(S?d`e@ZFfvGImT%ZGod9i(BBf7nUtKTNRiCPSx?%di+<zUgd&NJAg(*|QMMQK
zNr#}R2Nw)am}fic5uZkmi>OjQRI84#635=ir6@d0p`l#`ViRw&=j>^sQdz5M8l)c3
za1yjoO{fq_PpW3gA*w7XpR4#O+Hra%^Pitd&n6U+zj2As9w9?_bJtIEEC2z`>sL2$
zxN^ZajJqM4&%*@SP9LO5*ZGCn8h&m-TmN+Q#T6;SLF;3(NIIH+fFg^SAnA(+HtfEC
zDqkbM__Ajm_XJ)BdR*7ZIw2id9KzpfRzHA+S$5nLj^!I}xaj8CF<p7N3(M)n*I}PR
z!IeK-u`bwlpWQvGM?Ic^uAg*UC!L>1^zWd4`_m&d&;53cO@Yj}=Gp~}KFw3A4o&!l
zSIM}**J93UW0(NgY{w1a1_;^^PVnNNy!YxQjQL?zay>Whp)Zd^@*LJ=PjlcO;J&Z*
z=_4@HITD(<&ZG}fx<0O;H334k<Vj$I`}TsUhE2s|lmIQYT2iYIOZ7!*t2sCyvj2xg
zjDQmlu8|D}KIb)Ff=#?%DZ@s$rG83x%ry<S&zuoCgL(!N)uN)k542DJPEK+{nWmd!
zU?NpVo#j)nV<v(M;lE8mN2x+?o`s40(H>`{LlK|w&<wxlCk^s~H{_xrre9CfBot6w
z_(9_1<tIq}Zdd(NLd^;3jc%5Q2|Mn1$sXt>|8pVBUkOaVc_e%oq8sDxCW61Q*CrAa
z_m2s!uc$@eEtH-~F(u@>PdpCg>3(I11xmpae%$u0J0)fNXO#cG6JcQZ^k)*AV`3@>
zAQ-p`G6M7k|1OgWurlED1quH!t@9}26TdfFOB9JN>oL7dv>y__RQ<z>o}wsKFhGg|
zu(b5i-D2v0C1f%BMe*Qme<YfY`eagClqX5N96<Z;5}2ft*w_jMz_|{&aw3nbc4<_D
zf3>+Ev!N)}h~{ISLV^YQ0-&xx31f=n$9arD6ozzaz-6JmiE0oZTAX47{4?g*uj~B}
zcLmtNe^Wt(;^YG%i2&qwD$Iu5M{(HN(M|W@)RT5%%==5Aq00iNTnFtllzc=GU_t>x
zmS}We`CkfIhEY;P$@H_L3PFVmotdal#>Pd_12V90;QqV9p`T0!rtvIdLXtH^L;r6E
zSGWv{rU$V)_Pq3?XkH3hrOBwU;P~YaD$Y3+WmFQaIa5QI@F<22#y?YR{gP|`!(CC+
z{&y8b0M!Qg{6VbWB@}R1QbJG^J$7_<tb-QU(9<^F(gTT>U<aRygp#DFuP1*@3Ua%3
zDl+^}60)2S9yR%?-h4aKMSY8<5kP7PTmtbV3BsqqqozPtl98U$J-{x(SOucxt>(JI
zjLlar4FAmja*y3R<=rCt`1XE4ZpzrVs1_jCtas-75Y=dE)a^hJ&1V?Uo15DpziQa@
zF4an7L|S)s6l^8D*jnBJ!s1pNXd_X-_g@yWIKDWcTM|<d$~ey6<lWfQ*%I#xn;@1K
zR0f{UR*Y}qG_6Q?*=QQEl#ka@J^)6=%mhT5>gdlp#b%h^RxSB_c(65~Q0-K#mV1d`
z2WV0i42=7|@xA6KJ62&ASwk=$GtkrJLM3%qb221jMM(0SX}76Nxa0L;tbrh|6Mr6p
zR*p;^i=aA=&1vN)4eC~o<VUog<w6lMQtwXK9Goh8zM!yX|M^v}jD-2Ee0dv4nqNT7
zU0yq-ZJy8(4x4qI?i%%&jI~2*8Ru!!@)X70GXLIBFT~~!*Hgopl(|;7^4Yn~$M4`!
zI>p{$i!!K>QLv05GK|ldrj4iCI=QBvPcNf<@I^Ge{8$@kckF{v^m0Y|z{u%fe|MmL
z7U$HdMc)XJ17@5)=>=Zh92t!+pPT2@nd6>lF=YOcPzH!4wu_N_rjZN9>)6o%37u&N
zHpse~G?rU6+WTyQe7D?zy*Nh{B49+30?_cA1wtD{1(bgi1T*iTf;82M)n>YsrEQiR
zyH)06MpB0Ob=G_T?P``|QB-BU=FwVVs?}^<wy~(20Z-yJPkwcKTV=<|BmS`=#}aO{
z)^~h6G2dK;o{T)LRFd8Q)=M)Oxj56K+5`~vLyRL96&srFNzjBEyJ@f&O-=#N8%IMI
zpN`%dYdlu@H2O5)ofJm2-%ufm3h?_V$=|c%kc5)_SzebQbP=3(wH|>y9EvlaebUfU
z(F8Q0n~KBZ1)x$kqUk;tkl_e|efeW`&+z`{H^`%CHr*dJLHvpr?)8snXByyR*k4^Y
zpee6X#Id)FUwM-&69IHduk7ysk{kIq$oyJ}4{9NCV#mSb9vVhF4jx3#Z@%VT!<wlr
z$-Yp9T;dv)=+6Zw7&{7{1H<N7Rja*4%aVNYu5#7K5CN*Y-DPv3(6jhnq4XOXOm-S>
z;#WF&5HHEOogOUz*cV#0+i7ES`w?E&^6QTLA=Nm(Bb0y^_bLd*?f4rh3$K@me=|bB
z*%vjKqq5!p1IIq+V)u%#KomL0q*nRzJD8&ojZkPraZ?cW^MaR#JWLI156pTN)8pu-
z8v<Ip+yNL<S%Wn!ttx(?hi%KBAVq3ga1&6!{OAA}!!<Zm6kOH_xo@VAQXG?lywxmP
zf6*iqQ2D^1D4H@Y(T5IZAkbWl=5HOUU?_&?Ba)Q7(e6}oSc-j5n(Y3M(}I@L1Yj+N
z@&w@}WFT9LO{cD7K}+F(UC@GNxM}@(OXADF`oEf%e^b+P!j2^2zwh5R$Ae;gmR>qm
z#ri)0YbUz0{qD-sdUzxNX~CofO3J(E`fhpAU53o@EJ&2oiRGT;;mx!64g?<jA}9eB
z<b9L^!T?3uef&CDe)%>kqp@w$1d`!@s)9!+5<gYKs1g%J=lwgu_kTT4o+HBgeQW=R
zsi%Rl0DWE_f2$us!y-TR45%7kM&#cu0Z}aMznPfu-zHRNR|2YHskzeJ1=iET4MIr_
zRMJV0zAKc!lg|IAML6C{{hrczf0BVE&!N`Bjox*f6FTt!mt;7%N_n3W1F7tv3ioTM
zR0Ic&7d$}Y1t<r~vLk+;fM)=7lV5VqJ`BHAPu}@YPOLc!rP}cxc@OC*ZEPOOb+lKG
z<p&BxfI{qc>Lfy&+vG#pNSRsyWT_?1{Rmd1{|5_yos^+c5kFJ=NN%Fat@tySdwSHI
z)CuRuPzcXuyz;on<3*Rg5lb`-q(+?YcBJQ<0JP~JB`s7?8d_2)M;LxfkM3CQixErd
z5~Q@^F>WOB@f2>v9s!fa<A@t|%$?50PR9N7EC<anrxq~AJUAh4YD*IP=$g$Btw#hb
zDU63wJkJqv^+ni`cqTI8u^g4kDFBZo&;zlV)AeMIXflpmaGjO+INeO|_^m`}OdHSK
z=u*geM8z-0%00Ngi#b$e=kqnmLaT)6kD4magHiIiU4xOr$A?(XFFaxK#YUNjVO%%9
zvOX24EIc8M|0u^QMJgSuJ64X1l`{BkN~y{A^uS-mKEP=gzacW_8QYEu*`n<?v}06{
z%gV~%GQ{Gx+{f>fJGEqIjXA=tB8;V@&-0I{(nikgwm6>}?xR_G{=F)>*?8W=0wvb4
zK=+P$E3iIVeP%6bVtfqT!!84bt)(HWLRogjo!^iHO1(i6ftp+9IiElG8(sZB89?;!
z3S5q73Y|s{fIrUolZK3Qf*X7Zd;b?|Ht@XF@fB|U*DUz|H}y9%q4(v@{<J;NI{@WF
zDKiXCVKINB%=kr~BZ`o=89*KQPWCZl;?cI&UuI!xv;JfZ)T7}BG-Cir#ZR?VkFS$R
z^SPfCp%XM<o$fEfnnd6&++!9z`)^qB?^y7ICy>j3xV#g&{a^GTv>|vH$No$p2YrfY
z6tVOF-l<~$zDVeQfQAW}97BB?Uqx9eofujm6wGuQ8{D4x%VE<>{ZwZBlsf%0Wyb#x
z+Ef3HbJ_maEuw1E|A}sqPbzC*xYU=!c%UA3<d_>R<wRN`jw+rQm@yA46;xmxYruGm
zN53ZrhS!g&lB_kM(g`zBRQoKE0rpT!WBNV(A~8ZoF5QvXJ<5^Tja7#Gv-h#b_8^^{
zAO!{!1KrBK^N-P~Q0}Qz=x6amokg!8B5{$!m?D6>(+zBnG`n7z&WeIWJQZ$zfiR_-
z_-)x;5=pE-@&Cuu3r{AE#E+g+Q<uPBC>5BhU+{eFHF2B~`COWuh^WoTzliE<qGp8w
zz>dVJkyw*bag%*IejY5yMe~nGB3_=0DD5hPF6x^%+wqu_0pC2u<D@htDtGsvlsyi4
z_{Y#Z$=7y<b?GuO5l+g^ki?9%x{HF6LA*=rWvrz}eMZszYs&jm>AVF_J0Hqg?pnjo
z%S5kxJ^l3b376^k9sPs>tt^VIMzP&yPn>1rs7lCgGTU@Z_Y*w!p|wh*zS~xFhV)W}
zdd`m!PL)jsv+gJnRTvV!&i*3LqDyJ_!Ua^Pc4dF<(O8A;%)Wj?p1J<UyVUM|$N>Fj
zHmM;PhpH@r((EYE1em0n`8+@AFg}t6HA}hX!+snvjQNvfX=)xT?D1OVY^OItUKRm`
z&?A5qTb-wFy5&@C+!qeKg`hpawAxV11#wgop%wi(4f5j*I&nIl26^1GFM$R>y@Kg9
zZ_3>$MNe7z%&(P{X%?8jI~yhs8C)v3^VkNnCp{>lK)1Oul36w7TREBOjt>sO5|i`F
z&>+ihqmFzNz&NYwvsG~Qd=zoJ$*gkacC@>G^F%b$53|+0uZYwxYWx-J>Vxg54m}rA
z`|{e>s-&K8-7qgDJK-`Y)NLOSICSrJ(Z56-?5y?_U6L&O0z0zT1=t=h8;KFiaFvon
z^TokT=h_LK0{&6k0riv)gnjcWKD5C#vn{5yv0h41w|-0Khfu;Jc23H^M6vX#8{l{6
z!Zer)+OklRh1DTZ*v>YxjZEE2H?*3I^_7U!C3Fi&XXrSsmJ^wjik<9J)WS6o#qwIu
zcK@kVs=Wm%1zwo(Y<#VSl`4uDdkM@upUH_Q_&#={={#=Es$F@ky_x?4XCaqq!Ni@_
zsvfyHiiY!DhZAn{QCYbVL8C1|g?i3p&0YDevq)mHCyLrT+Y&Ld#Bw0G;%?PvTWV@s
zzEXY$<14IpzWCBQ(6&JpKyOcHk4vD>HG+N~-_6`iMDDtOy<R?l<hRm;8bS0h&@KuA
zGh|`z;A3u}kp_6tA0_=5znifJTLTl@URUv1hF7;HWng*Tl7)q&CpgdzUpr`vbrU0#
zLurq;%NCamUScG~JocSvB9inuUgP@AG=WrMn)9%FN|c%G2R7MpC%EeiEfz)|O{8ne
zv^d%88i}}Zr+MVdFNx_Z(@y~sSjZ=5-<A7`n!m)*kMG`%w8BPxg{5wwe}<2#oRcv!
z;*4vs3=ae#>ko@ivkE4dA-v3G-)gh=b$W_Y+trfldrW`|YwX^DRV#xNK;jAI20IUt
ztPg!`lpwTO8<rZ59q3-&u6o#SbC;etj-|Yl<%Dcaf)K4`iahW6bl*Oe2M46vI;+wH
zrqV&WC*ibZ+i$;nA$%AP-QxvjxB$;41Vv$BB}C#=aL+jjMd%R{rgV>MsuB*`9dp+-
zM}j|48XrSf;=hMaC<PT8lEi(1QDa_(%UvKMT-bC%lw9n&m~KaPq-ye(!)HW|$UO??
zAtJ^^b@8*}lVI8_+k@T(_FL7<#spV5dR=1nJY6Z_Iwt~~LSTe_b`e0>TJ8~eNUMdJ
zxw-bp@*?iVL35hLi8Z%M`Jz=hc#t}AiF=8%1fcPkjvo-Gz4uduONUO_ZIzOJfe{z4
zU@C&7z8>FeQ1Y~jc8;yKN96^&D@z1|Y?4BU3xyd>*-9>R<n%3W@KxqY?hID`_vYG1
zdpb2$hH@XYqx_Zb5&(2*rYPI0$1v_XF8gdn2~;y;anZez9vF&`-0e!w_kS3y8f*C$
zrHWC=)li2scO35fFLMh3;;Gv)Z5EH?oW`7E!dbx@k<4)EvqHRgKG4`|Q^y*dXOAEI
z!SO=>e8UbDnezF?mi%%LY(vPIJ0ggzloX+4IQoh)X@ba45xd8o$$F){X5xF`)nU{9
z37QKt4GD9=@YHc4L2?^<!RWqg^QtnQS^5tHh}4hP>n=vNuvSVM4dmRU=r<1`0G_;W
zxNEzj6Ff#CDP5TDwCnjHE%=*%RP!>8d*r-CU_@q^#-m4}wLNmYqT3hAWOt3ON674$
zW!EF)9Ff!XH6L2oUBJLt|I%@lG3T{8S#fyhkLMLf$T`*!?r|r1Ax=0~u2fcn@mB~i
zf1d$GaBuL|fNgfae*+6Tv+9JuG!O>7CGZ58mS&ouAU`HQwLRToogGm!b`><ycJTFs
zk<aE>pm`c&BB%Z;s~)6^4)|LaDjRoqJtS!Iq9zya%i~eA^o%>u4{QR1@FO;K;)}PG
zb6?ybD}r1HM6x1ZlxZW5)ZdU1F1*=gq^F^W$4p=&kfK^gvQHYk4k<#TN{^6xfJR|B
z-S*{|a#NNj<1WfAr1Q6%-6<Q?Fl6BLclmszdwaf!j1I&#rsdm8M=3H##(hg&bx(Q3
zX}=cWA>PcDcON+thM<OUcZyxivnO;i9Uj>P28oFy*90w)uCwnhnu`0MF#~4u9=(Tj
zYQVU+V%Bst7#$YQf^y$W-;xvB5Vl(Gk{GOH|9mu0vp;kQv8rXtZAua*n^zHzee&LY
zi$USa(guZREii=zV9XpX<QpGjMdGz67DarokDA~!;3AtHl>q$Q(!L6}gqq-%hJ@BU
z^<sXcT6vPS#1>94`3EBXx4UgQN1@vmYtB|AR{rYG<nh*O)~>xMpsQ;iH%zC}9aKc5
z0^-AbfAQd*SBJnn@>yeRc;<$VuQaEk!J~9Q92sgq4!^6y;&K<zA0@diap(fV+HLlZ
zk%oNXhX56Lv>+!Zjuh@jaIZ9=0+^e>V!M{#;upL_(BcQjZ+^xo3?rBa__LiL&{k^J
zejS^gO0iRMQFVqiM^+!N{@cs7J=eBZQ(BZV)rQ*Tde!mlhEhxL76zE)=OgC&qXgI1
zjOEknR^GURjk4*_G|<@F?AZiO&_th^`C5Zz-P-fLSlKqzS|y%(*L7*@;HXwA7rS5h
zH35hF<9Tj`z&u&`Mx^ud^?Z!4gO*_{sTfYqlJ?yp)BXI;-|*>1b#p5U3X9BaBje(f
zFVzlS_k|oDRH`}aSZq$g#DUE}pE3+#%0~*Lo*bB)v5u$QO-TMxQ(blB{`kGSV#(~p
z>oN)*y(Ou2<FG>L>jkO(WURCE#SR?EIf|TjfS|gmWCtlv_TiG9qpS|_E(oXb(^7dq
z`*-J%$P{FPGcc3Ae07PX{0Lm8Ih6p+L<=N>tE?Iu&?3vo+erAo0Semnc&p8G3YAJ0
z<(kV@D&|vK#D{*!oCYD~LH8|OTy0Xv0FfyWQ0WO{^Z?T-ctrY}kFbVSfGO<hfQmZh
ztmn?qMPUV9Ad;xE0_1G*m?8&7p2f$8f{bfAHKx3^E>I#lC$F7>33q=bubir__9>G$
z%$;fOuVk<AU+4SUZ#&lxe|GzQ?Q7@Np~j=oG^X!C3a^<dQ%m1>JDqbH;bBg>;)`+M
z7Z~5zaD+j+HoX3QE++n?ydGJUzdaL6cIEnqeLD^L)?zlq(7bKlnz#ftAojv1m#biI
zX%k!np5OT}7o219%10>IePOXwbczJ-S9q3I#c@J#BRCuD<3s?Idub}An1<tS7p>la
zI`qM}we9@}AkabJSjPNW3B(c<0aL9&Jgk1h*!-;c5#hrH7yNs*=EFJ@%4OLHs!@tD
zDrpmgZzl-^wx0)u0>3sPJ7Djxqz=4LAV_U9u_TFU-%ad}k1Hp<^8g;K_xa;$u*Jc6
z08!a=yif`G5eBso*-^i$`H<`G8qG4F@c0HH3k_VAm8Nt0xjB1g4-Spn?E@Tlo_FH%
zR=~Lbd&3Q-6Jx41@FTxL7KZ?jQjt%H%6Ah;f+IFh&mgbnH6)JDKDYR#QsCYkb~XgM
zaWx?Aw-vnK=)D@A$?UnwWUM&)Y-gf!L$7)rDQ-Uo52=T9fhAJ$muU`#rI5k{73%aO
z;3}lBVQ1BK>r`@eCHAG=LUM47`4K@W^fUL3_U#E3D%Z<U$Cj1d`72)uDG2M$s)7uL
z%kH(*3|Lg|AbsL0HE05>x@TRF+HTOkCY`^B>4P3mf8KuPfw3-9%S4|Sb$QC_zbujL
z2S2?E#PB&(3~$<8AoG1l|HJ9NyT(Y13HN-d5U}yPY}N%Cbu9_^=%o@Kj7?aWD)R@Z
z>Msx;ZH<7<68QJ)r)Ppxa|?r!YE=(%$~M0*q&(6$nks!er@8<ToJ(33pb$W%<ocOD
zE-t4`X*(v<qFd|ZfkaQIzD6E)vW?^syBKw$d;`TTCurNi;MCgG!2!JXqPlFvQbgAs
zs_xv8T*W=vA`PR&fv~kQotyk%b4%N4X2E3m2=pd#FsvF38>@_V)d0g?h*K75wD`Wk
z>l}fafeq27xq#4c=8B|o`=G-T_}q*Y@?QJXmY@4xTQodty9_bDK+uay&3oiwg<>+r
zYrvh$ALxa0|KJ{TGT$EG=F}dmiQliLn)<jkwwnrHsKKFrb0ne^rR7ai==qu@cdcA8
zN)u@ePo4K|WU1`!_S@_pe6#su;T$ags8d_BdabgqWao;Jvt<-z!y}W|MCK`v21DUE
zd&+t#O<1l664>9h{VqfK91)&0FyIR6$nH8`QCM{A+y&$l<pvJ|eJ>}2;|*9Na0jNj
zG2akMesfoLL86_~4sf}a0U5jWS;2mKK1QTFtR1WUt;$N>lP4hOhH>X=<?4Yf4d*p%
z(ahV4gWtw4efGG{@D`thlvH%N+CF!-&_Aib7)Kd&;k?(uY=Vw&?DEi9A-{8^b-U2U
ze0-D4yJ!L8ThYiW$LXG>iH%opA6dgQ@?T)43+K#xlp1|%N?Kqujw_xzfR^3SS#xew
zv#(<|<988SBu`?L{@|9FsNdRo4U6cS0{m$A02#f-dSx=+=TqeYe{}#;y)^50OwSxy
zB?UK?I3*pRsa{+Efz>4_ZDorPca(XG0Hkn9^DPFZ=%=&cjtGLcBDA=gz3z%&U6Sv?
z@tU{XdEmN5M>ok8O>QM>Q5g~8ZY!kk&m)JI6Vg^Zo$0|l5!_rO0|Ufu{K4L5$##RQ
zIUSqEY;$2OO_mb&_H#3DX9{J)({A7`PYlckf?3AeDc!fP=dxCvSBVw{&$(W)p1-UA
zAr~Vd;qtxBpvpGp8*7_Vqsr8-D^J#UR_qLLdU953%)om)4J)`u3t0uo;T+NN$!pQP
z3maedE7xkc;|PRrHS#(uTC40}t9(qeezPXFJHEOUqC|_!{D97ca&R?oX4Vn*jNE!R
zW2&9)0qa+{oBnwk&CVIF`vlmOvlF`ME3HlR)U$8TZy7b**qvBhN`&Wkc*YTle!E%X
zUh7;w??y!w`k;a0I-!BkTFA#bfOKTe!zo^a=NnvhgI8(fp{jGjkId^@PWW?uzE%i|
zb3OU$N1zX45P-RmsPuS3DD|4_1Ji6-A>wxa`S2ND>hy@&P>s&n(t5wV@!^4w(jA}Y
z6VpT%UZmyjIQ2I<i6~i||0t4}s!;sW=*o<;zQ4QfcRHu<tInEHcRq3m*e^rrNO0*m
z5-c`{w7Sfk2jWUgBkcvpN^(qhT`$^=7{UcWUPc*17@khVsCUmZ?30_?2^le;JT<Jw
z_M9tlX}EoMXwU2U;eF(z1a8GQpl^DZSD*I1!W1ooq^(4KCQhv(Q&;MlGJ?-)jk5+1
zR_n9g=s8%2R?P`&I3wETj&NwQA_vww2R7l~1J<9=-v-!Y>n|-LC~>*k`4AvztA%u_
z#1?{;#wKtiQm0aDKz*u&#%1rEJu}g{nj^iW;+H(v7^l8EOYmuldEcxKZ#Fq>_9RnH
zm&>Z;D6STv9yN2HcX)hmmS^pCvb>#Rt!S*qf-diqFvX0IcIRKkYB2WNv8<6@&lc${
zpB7CEvu(^+Z$^$=c!SB_9Br?-R_yQ2A#I#@O-K4<*>R!I!W?Tr^e;Re6qQ&nXVR`6
zvQZBnD1wcZJD&IDBz^3>f+<R4%)7psl?(q7HnBe8CF2NJ<Dun^G!|pMcVJaInB-6A
zcXO_hDAg9)|ALk5YHxzWChtS=8g5&di1ng!w-CXS5mos?xbOBQ+c=2^T@BWcb~}Aa
zvh^<$<U7<}g!o+l`dUjln#=AWs<x-2W`T0@U|RyVpnY-BUY-me(rqlkKse(h<kK<V
z+yUW`ptgR?%C*1KQtivS$9LsCsJtEr?6I~*vNpKGz~8sz*Xv4+>6zZb3c4!y<s1lB
zolQgo!uK1jvVQnhgoKo0r4~nYESrwHkx@cS+)JAS1OMDBR`IDL2i5k)qU$228Vjz}
zu0tAz-)7rBWqmdYT6KKBnM8+UYSmjZ>2={fFmpyI|IT9}*Jo~P)dXz}&<BhI0xMbr
z_>W|IBQ(4d-!^x&Vc7*Cb%KS%b~wcwbZ<G$e(^6doHvx?^s{MiwG{4Zx1AVkcT`@m
z8N8RaJ4DYfeGVVCU7N+qXVqx4=tDklH#NL7HQL+Lz7$jZ$&+b)O?c`IZ>-9t)!aq#
z;V5Fawj9${C!KSkDSrsWx5BNO+^uG(qC+lvJqW{oVm@Rh-Usu`P&KP%&@DuHalu#F
z0r2A4`Et-J-{*ugS3RIE`;oJ`%p?IEG|y{DXXtuxqR)bR=RdzZ0JTs$v9)cLmTxl|
zCg7B-NT|EM-Rvz5ZnTa609!oVjOhNF!!?;M#%Q|y)UII#X)MRT|6DoXpvd*&Laf02
z{f084z?;<Y$5A4*`WaSlKdrCAr&}}iW7kURggJMx_s@ft!m0-yH4@y+u8Iu{5qQ#8
ziJ6EcYJt{8J+MXVROH?<DS(nP-syt8W&`pcJte&iI#;en5qR&tf6EnNJ+GL85U7i_
z5txCnG58DrTAN05?kA%H=Z`eIU3;Iu%D7}-6)-$g=+CLBX6Z9qK)K^%SS<qZS*EHc
z582=CA8PSMn`_uKk-i9uEK-Y&j0n?#@EFi?EvJQ=MW?Sn-@Cu$inoUm+-_-+exu+s
zc~0fVW%hm+4BPRc^!M3Eh2>1QZ8#PnHc$^%R)K_xi}Q89VCzjPo~&4xj%PiIonYxh
z=bcIEKo=?o2ZG_@e#(Kq&x#^6He<y;kma5kN&dzNamkvU^J~CuekFJQW^WbjyQ<lv
z*PjK8u6o%Yz6YjQ)UfW@;(vKI;L@U?!fQjxtDV86-f47h^Vuc8=XgCf#KNUKa?(|Y
z=jvU(jMTszye!Fs2N6XbSoaJi6S_l$?$3WR$Bmo3oohb`Z7H|kew_lY{3=IwMJN4&
zfz;P=yJjyhaNw8p0dw_^^fW@;`<~yx_BDvdvVgsaIz$cmiqzrW{dUGPQHz<ri4=b!
zIpf_;OwX~LgL~6F%uVeNIWadxWX>(Izh|1u#I7m$C_?Dex!V9e=p*xk`dyUy3<}p^
zb%Y>=dJYdp%wJHy6Y~^V<iPFiwsT%9&mz8DwO<~zh+RCNpZ=8i7FRK}-?(kTwqN5$
z3#O<e#|mxir_K=;@dZJl2^T1X@#el)x$Yq0&El*J0$R%CWnH{jE}F}dyFO0$XUXO=
zbmV2{s<Nn^Y3@49x$JpSxMNuP93dnWZ@)a7Mc7{2VL$oVMa4)uOOSzb7~yb3KdAgZ
zU@srBzvji5bE{lrng}tkzV8M^kgdi5Wj8XT^D075w)Un&)}&q4u`D8D%wIgJ9OF_Q
zTI6joW^chrAGw4m|50#(s3BsXCFU}zXi)%exHBqvg`~+pVb7GO>FU%Y{V?5dSxUw6
zVFwZRzIG_9*JBTS<@t^IT<Cr;38pBIZ5=C=La30Ud;S{X9)By!J)Q9cc6%zjVK#uo
zli?Gc2JIId(W49szV}S9Oze1(tDYjPdu%b=dec@F+?(x{ZHgTN2|OPv7k$6Jv7dcT
zyFQQzuEw+H*%RT;+YG`gHW^LD%E1fMH8qar&t_+xmp@<N063X0sSkl%&pVvnudVzb
zwHu#<_j6dU3EEq3<ctMNM_O%eA*vaslto_8JNep{rywKdhUUSK+DXk`#qZW-g7z=Q
zK2s`Ff|a|naOPGYDLK4-S(y*=Vxby|4)UX1Xx?cNzeS&^b7R8E$Ghz@Z6~6#k0m!l
z_a3JoQnj+#Qwh7%=?B<tKSH%nB=UUu{hwFdu11&9bm6^4xBas;fAts1X%_9|)v-5U
z1^HzO_lCzKX5|xO;Sn4i-rtuMd*3cC-MBj3eP5!;5|UQ4JYH!or9{=)QWB4Go>P|n
z6MBCc9y!y1jsv@I$=yv+O)iXcASd&zFF0RK7)<*7L{e}cJc$Uug!?i{knA#OM?`hv
zt6FT$po~b}r}Rs>_Y0+XNBBQCn9#c)QBIw?K`pt@F=f6W%d3&YC^KJLtl%ji#`Fpd
zMOX?iMDH}v%t=(n7uT#Bt3zQ_&U<ubFTTYKR#cS5HX3?l5ylkxfrk*?ek@ws=@a7f
zA7r`4zpUWT`_J)PD1A51S&mX`DC~fkuq+Dm@cG|kgH|C|M`CxpKU3L_@J~BdsMKmo
z$SUI1>K@HJHg|_=Ri<%5ynl@9)$DwdqQ#A>3s8=I-9g&0<(ipmd?v?gi&@&Rm}9V$
z32xj|TxpS$KSF*;?uO7TJhY0w*;u6DtJDglIIHvzQn)S@^SI{2m<;1_d=?aeO|6a0
zFg)+PR_tHCdnD1y3X!=$aC2lyjH6oevN@-qy%?19T!+SXq;BM$q92b3wlX_0Jt;dr
zxhr<=96ZD8hB@MbHsWqw^gJN`f`b9<sX6Bh-s|GDZ*OPXWfvsvh-zXf;!*lmA?v-_
zbw3;4RX(qH!R1>IF6bj8YCx4XONC7cYd@k{YNQV)Za;pRSxtZhm*e&4yjutrDq6hF
ztFHZq<R7mczRULXt*V0;$GB2E=GNG6x0&V5weceEAv9dR4(au{n~<zpS${!vd-El-
z3aJF$i~W)4nP9K7!0soFVKhNLuVw&X<AUyk2qVLKrn71x;iP=*t$>H{;<Gg{=CkK%
zj9|1(_P5Qr!a|jiyULAMUEA&hZcWWJOkBEn)*VRa!|4uhD}|A{w^c`_dd7;$y<ab9
z;+=5nqa%DJ?a(wdF|t-;UW2fEXU($T(;*zg`k6gfUO20@+(?{<^V-0u26(69?BpY5
z8o(bSHUoxpr0UNhm>ASMrsdd4Ny*LL5`W<Kv|3i~79i-}X2f5)QG40JJC21Or;;ef
zPmR45coU#!N~_c+r(PAJAS&Ck%2L>>&}72}_Ry%>70k14pVfgn32{b>&~_o-6Sp@m
z*{hbA7}Cwa`+SS;WW|!)PC=D1hhy_(nE3QxNU%U&zNOSr?8l*&mM}#uwnH=LY1(B6
zB14eZdRF1tr`5~v<W*8dSaYdX-Z`ptH@Wk6?N^CRMmcx4OlHIUmk@U9PTACnxf1%Z
zPF03ORzmiUWNK`kReRmYfP~wL7?E>H!DTygy9IYJ?t^&_HJJybRrYl22Y3f!-GuLM
z8yYzcRpoU=>ut$$TQ+Sg9F1PcExWlzXY;xthu<{nH5N?(d@$B#$+4!fDsG?ATgLRJ
zii4%N%g!?>e2qQ^zhAY%q-IF?T_)9|i7S|%bE_JoyLU+Ey=3NT@>=ABN_U?I*bkZ+
z7j8U+Rv!2mTc$f+>wHt2>l@8Jf0V^|hir!;y!i8Thc<1C4g^6=f_wa2tls$DWu*a)
zrz(K=PtD8~p-nhP#NZN=fV=;tlh$QOH|ie086?p5dwG!Xa_p7nXkZfeHBT!j>d3AR
zr>895IIQk0NKH1Yyq49`eH)wTKK+n>@R6+a8JL{nP8ILcUXL-!;bAW)*lq8}%I^L|
zMZA3AO~M724=}q9SAytZ;iKNqm8&YS^3vRx@l>59o!Kg7?J5Gp0|5}Gd?*-~BlZk1
z=vK5&HMoTwRi;Q)iFgor`6lO>-X)`9QX=lmgBgM_vrXLx8Y#w<Nx^AnWv8MXfFie|
zv350&3^%9ZhxV>+?R?V?yuFg<imR*g!q2*~{M}7>5hy+le}>JUfa;N<hI8e`u`m}m
zv012qQ18q0EE_tB#e~moXGvYVV<8``EPpi3>){sxc@G?OcgR?IUgz4(V(_B!b>AHQ
zjc=DtNjyb#VGI33lw}j~FLocpr)j4iVg}s@d{>i~2<v{q^^hw`u;j;zahx72CI}gW
zKr?LF!m<V@{N4L+NA`DV&OL??vf7;o(x8a68cfekyt0(iA%nV|q8G*?I}!tC4Yz7|
zjbvND>PgV9@`JvpW_)XSTMd@l5->1Gcvlj<jxU$Am1_6)eSBsywqUwh#jG5=(RMZG
ztqV~t&yvg}U<Dn^qcu;L(Dw3?cc4&VAYC8&<*OL+lV@;}?rp%Qk^3I{h+M^#qs<e-
zy}cnCa#qK>odUJ%FWE3LgmAk{-Z^|p+vIp3w&M}RD05`-c4Yp#_#wSo0prn+xDMT1
zZE!fN0J8OS@y7^xFeAs{-u^r|0EFSwS#@v*PBh%4LT=z@aD~HzT=4&5@4cg%>bh=m
zi9rHLks<;DQA9uxM4I$~B1%^Tqy~|WbZJ6>fQq1?(tA<qz4w41A`ptwdk?+$n%_yl
z=Y7ie{qDW*9e0d7#(n>D3=b#!oW1wjYt1>=JQxrD@!|(#*4tBio%#(CY?*#;W}ykv
zEg3mg=D-(Z#xKH*jrYW;P~W;X#&gn0o-SPsI~zwXzO%wGosj+*AtG6Ncw~a?&I%6K
zB4e0(IVWxDA?5y!sf&kg1nCg*fVa&w)<b6Pm0W{Bi;QFU%~u{rM=agmPu?TQi3>1;
z*;f9@wp<KDMx;aQg7NZfkl*L)OlpU?0#xVW+LR`IyK((IWU~FCj}qbX7u&<lZlTlr
zrZ1r)uf%5y*L4q#r1MH+=QE7?vFpn%Xy%ILkU_?*dv*<}d5ycqNZVxNNlipM!H_Rf
zQ{PfRNj5Q?p!C;5^)mDK{ZB6IS<Wq5)B0bA9M8mJBR-dFQ4h%m7mxDKidvThipdQm
zwL&OU17JWUvMV`lFG2AwB@yAD8O_iy_i|gdjaj66XdE6LRli7+?fPtxNNGE$u2Yik
zY^t3xeY{Yi^~1O&3I0Hm!_}1%;0q5NlxEt|$tCq)Nyp}>t0)MPRy!6tOPnM(%p8u&
zQX&O=bg!p{|5Djo66=`$)NEP!T2+K>7KoU40#6~IAJ-=3=O^{CK9?<MAej`Pj63Q|
z#*uYi8dbs$WSCl+gPwR>xQLDA(RjaQ))SM1ql(>)4*yKv>7p(jpS;b?$j|y0r7jAi
zy2I_^fvB}i1Ng-T&zoPfbyuoJB;-6C4=poM>5-;!Wi1U8Qq55VeGznD!biv!!{^>N
zct+8E{x0eqEu>H(Qg(A0JKmhbSmhD^nB^SyU_kCp1-XR9GhtsR$zC3tvg(ZPy7!Xi
zGAva6Y5TcN*SMnU&+8THFXrUk+O-#e>OXm9++xJ_VQMXJtYeiFsSBRbG*L4*i~mH$
zQ1HIJdRARiuhD&HtihzIlf@Knz@(#1CfAeLzCGUDqQG0NAs3h|!7Z2J(1)FjD3MG|
z+pFBur8d8$+6s;^^n!iJN5}!?wfY!6DTs@**DF}Y_fl7U)ES3*Yfx1BFQeBmRw{^Q
zS*lg+;w2v*zWisZ5GE<1@g!9mu)p`IL-_}TuOHD};(}-qa{L&d_uBGJy7nGT=>=P7
z^Mc{-zIl9ie2OgJDZS-#L-U#%srR*9Vx-93(Fov^g1g$PA9k12RH_Z)T$g0|?Z%x=
z&dpcIC?9PNxosPfC@AUIO+O~Q#Rn#Vd3hwAQjO02(Y&{L|6<56-yE|;fn%nE*C{Zx
zoe~7#cf%S;AiR#Us$e#yMpZxKg00uX&(ADwuwze?OvtI&9uYAl8IT}hk<=f`=8A5g
zxsqI3q^=owB=BByeUF%u!x^-}mE`IxC}=qOCb5;p&%Msfye^VI@|RYWb8yD%nizI3
z3J^EsVR7xfb8kLf8`PmRi{?D@2?h+oA6cXCwqV#l5PBs{*WQntJtY5Hgy<%_!vNFg
z7S{KY>Sx271YxH@l&K$U;wqM(1?Faa{gIXtmR$cL;qIf0z#Z10_)}gy>b})|d_Kkw
zlD0ayb%p>!bDAJa4g~-<5q`nx=y&w|{$oL<XCSz{;U9hyObMZcJQONF9u+Bg2YSyh
zY61VBrwD#uM{*CqRl13!*(4z(_sTNg2I8uhbW<?MoifCcKf(Slm%|#5vqMfsJ6sA*
z8+Q(}aMM@AFFne?BPOJ#k^GO_LUF&406kewPh|1S$q!~wV)rnDO1SURzXpK2lI9Km
zNNh@`#f9cqZpc$CV9p1@Ovg|1`&t+Q@jYm}n-1Z>IaFY~Ge#JW-dG{}+kJl?1Hw&r
z={Y^p5PHA80B}QLrTlV7(dqZg!avn1kP@J-I)#K9^S{NttlBEvk_t)v$J2X(V_*gd
z%17fq30@)1<ukZ>NPlq`R~TvupT0))mzNbHPT)>yApIf#+{xBM*6cxZ<sWr*YH_y7
z{e1+K9AJXv3qZp6O!MPqN?CQ6%apxVF*M2Fl>UAt;pO8!XMQ{dCwtDw7uX)Z-z)G>
zRoEXp1@w?-{u3*Z`KQm(<L1G5=xpl6zh1m{97vn)Uc^rquvq4OYR)8IxOMgb`M3K%
zKUo0}aCn{i7zE6D?jO@i4cL0Xp!fRFxb>ZG%S$=x17)+wzkRZhPlm|>C19s~%mNPG
zfpS2n@_9sYId3|!0#~F}yIZ`Pr2ld`n+h=W$H4pfcKm+s;u3&NDs@3eji&XFe_L3m
zz$DUMoM(W+4X7WlYY5nhk^L2?-9N^Pgg_~AuU#8|+fq8<*FR7R{$o9V@B)LXO4LXH
z{h3E{o*_T&`R6&p?GvVxSr5Vg{4J2Q{I|bPCBTs%@B4!Pqx=5k?2HXvbN~AYfYvce
zJj2rDbiAM00p#iX{U`E+f4@={3IbH;V9sa_{A*t#1ftHDJO5n6SD;APvK8&WKl9HF
z{E>AvEPva_vU10>&S;GP`9RnQD!#u@r2qi|;9~C`(!z~fZzS8etnuL|9@Q<jZXI-{
zW4lH6hUQ+SRziU)H-3`{&;h4K%apR33K0J;65qmY<J50N(jvpd$*F3%-_euChXA#~
zfY&h-QdPo&3~0`GEc{>Ju}CCds{e2joJJw-Ie-BwFzF#YCy`<Ecn{J4B{FP%zXEMW
z7WJEC5<Ob-S&V;%9_J**$G0eYg1t}^r@AyAV1GOP-iOE0<#!}@W;F@#@<Ofccx`&I
zf8{-Xf|tM%emnIeZXhtbbH{u0GCm@l?9I8mt;|tg%0RaK6$@iMoqP-TUR&M)f5u-i
z_J|Hd$)WH^ILWW9R#HvFEyZ%Lcep@#wUpj9{<083=q>2S1Wp+s8;Xv$Dg6~|G5%#4
zojCN~#=k?TU*xE2SE|J%+S(8mf8axp*gnLxNnz0$3rr>094+VABHezSyTisFd$ZG(
zYb}j;vUEyrK9w7q<QWS$?@%1@sc30z9vcM4e~vl<&N&`kmxK!ssYLiUsrnuh#AS|~
zim4wE;Os+^De~D~z|6#pSb@s-EHWYhSZDfzyOgW{Y;V!@#i<7)!P}D4j|!&FN0&Xr
zZg*E;&<?y!8E-O(;1=DF5$fSvsS_&v)K}f(G*Kdv_ds7IoQD>8#!5z#qYugFMA><L
z9e`LSD-UEU_iWCF6XH%r0{ncmdznz1_~8zb5D55Ej!3mciW02(KD2$Pa_PGcy4Q^*
zef|4o%1*yGVBlH&sDNkr$=G0wi;O>{@n?`+L26qzexo<y4)|1xp4u<5!B-Pdcc-pW
z9&Gl&F{S#Zkt&i|2-kaH&<JSf)hTe3A23rQLrQZXU?epcen-^=5rKEd$XX;WsJ7og
z1%z8FM|<r>g+#*=UNjz{5Gky<Ji}cu<M1-&quaIQz=M1vZqEtXA)8#o9qE%$d?sWs
z@OE#(ANN>6H$g}MI|@xrPb-*HyJgP!u_i`{U{jq_4heJI-zXq)KogtpSZM6aLQ`MA
zWWqfpZo*a>e@q=eBz}X6M9CtY@aNb4<AwW}r8pqG_<|w~VP#JYX3Vb6?t8MI)pBOb
z`6%pq%QW1>nAvrKbNyFy&hE1=k8oW>yMlS1f#}U1orcW9+BK8xvS}f>`)ZQwhMy_g
zp{-i?deunY0FPLN6?UJcV9?%bfr`f=lDGQcdnKU5aLu_#Daz@-eQ0O$nXG$LHu~pN
zmK(z4)z|%e8H<R)(=k7r3-uF<()K*^%M4eFo)jBZsQDI~R5|uItzPOm%MZA{{j}oE
z+cCsU>dQsXc9=#;YwDSL>>5WsU@93fQ79P9w?Z@8R6V^55Xrkv<5$8_NmBy=+lPTi
zAJ%b~j)F{@LeemGb`vd|b=G|RrY58=Wid3_xd-+p;jzVn(MJwX3uZpOjcU8Tu8G}#
zU55SI5M<d>l=t(@e5BQ)U{+Q4oQa)V%Lrn-iXPi&YBI^>9L?gnm!=)op(4`Co&Td2
zv&tSP*d~b$%4l9~crMJ9Rp_n2C5@?lOB6L?+L{>_j+>e>V5-q3G0AW(lgK1AaRc)h
ziQ8d730h)XLcC(sV19vLS%8!~*K2pNX9P_cepWH?8^TND#{;Q~`PPAG&u96GEgk*t
zN4w#eGCF;}_mW4?gW7C%Oc%499AoWR5Qd#4ONQ$f^~_nK0zkr#iFF<k79J5z?^bu4
z+kYqZ<&ePS_JF5{Manc8i=FR-k>`qSbuCvJbC!$QmC|pXCZZ4w-RiGPSU+%{zy1uK
z|60qwv0h2N%SgC>d8{E0J$q0h`_>gGZ5NI9=Qh#l8QBXismeLkyJ7R5wfS|6z~UGv
zlrUf^7$<3t1U@`kCi$pG6o4CW6;$1q#^OD+#A2DyV0)b9R46)A$|TZXKF_nP+wT6u
zQ;d`xR3`_S;hzt(p_+wyL(m+r6b<Am_D21?0^SrIn@t<fTl3qybZ|a8Jy8zJ_{&60
zxh252KLSmb%CfZN16Pvu^hPty90?o;d&tVr+*KPvBK8;7Gnk(1b=rJzooFd>VBQwH
zjZDB!-9}qiEJd(U#W)VvV_L9o4eTl&medetH`@>eVTW$+f*ud1VDYi<x$|ctX~TLR
zF+Htycqv}5;FD||rhg3`HMu)XLa9k!*^8F)Y_@0+R2qL7+*Ztc0B373M2-elEb;j|
ziu4k5-TzcAJn56zlQykEO)qdu3_I9?#yFY((0$U);u(?HGxUtveP=bZj$+8U!kn*7
z+yr0(FbAYW5gA0A8BW#PBDo4#9isUpSAc*czyO>|XPdsyXm(;_-7xpFYe@EQ4z5S2
z*$=1qE?3u~pT4r)t?IK{_6Zhv!m_dx+}6iwQyq!e9=<NZY+bpz<(7?wgin*j7xhq7
zbj2WE<XE(6hbA8Fl~T7ouYM9qhWHM5-ZVA|4b^<U*|+bdjA<Rn7ADmuxN_FVchG>@
zW8;2FM)o?#M@h=FsJXp6KYEQO$k4k^Q;8Z`7>c(_#cVu3)&S~!e@k+R_{#lSg9(a?
z!d0u1_k1NIuFknVw|-V`_oY0xdy2|Dlw9k3Der(0p;H$Nmulq&`}_To_C;7LaOx@G
z7DLw+R?3-r6CQ2|rY7t9d1_VortOW1?O9FU2B}_xHz=OAflspbsmt}@rdm|Gz0>H-
za3zEY_DK^>!AdQuF&R&G)ss8j;Sm|xrM;O&n7QmhDeOTrqAIM-OI<^&k=t<nTII@k
z2Buaa$96#Q(2o#Q6*6Ks?`V=pNcUXp(fdHXz;q#q840omUU24v)Z=C^jrBGg0WbBP
zpC0PJ5^VEi>Fn&T^QHM#qa=4%rZh()mL%MEQ=8|*MHHR-$*MZBI}<8_&bKbSm>!})
zo11Qu1xI~k%`Sp}xjEhLsIE;Qv+Y_2fU3>KT37G8?e)<`053|)Z(lm&B_ko6A|4iY
z+HHBHQEnGFd7?f5C(jwDryE=WoRq0H>$PQjm$j%<ZO-m@ro<zDZd5F!e<|8AwaTxv
zPK`;EI-1%0urj61+ZjtPCaTy!YFbGLdDJV%;%U*X<ra`>Pb*Tmzv{O+U?r^gG)&vV
z?@GWOE8-udh1Rh}BcwC?iv<-Tb8l`3Z_Jf=<Q@)-YZQ|2SCx(gz0ym$-G6oWN>oOh
zcK4Q+RhU-)V))}<iOmaaQO^BO7#-&BH(YV`*xRL3d$3v-X@lBDGgxLutzZGu9i<Xh
z6~$k91V}@+lcK)`fBK5E;%XD28}&6$%<`q`jX-l;Or&6jZyQSkQoD26Ip7{WgzH+7
zJCNik0>J0)0><lbOF+(Pd9CFB;U*?>T3<0R*7g~NseCF^NAjTsxtV8#n9y?Nb+pg+
zyXOO<@SeK&Eqf&Sk%#3~KpqllnZxoRrSSzfrT8YA)Wq0w%Ok5udF3>JB$lOn0_-e_
zO-TcTRz>GZJ7Q#Cwla}kW4ICv2ss+lNp-Atc^!te*!P<S<oa_ohrjR_LRCRz47^nf
zP26gY9m<m33#EsidLG25V#y`?-KBPk=$2i6Ad?juoUC=WCm!!_HmU@)w=R|p^~cy*
zV1_MVj_sF*bhQuth_V>Y`fr}5kicZZ9t{J+#+Warr$Llv3_wa8FpwjV3`;nlV0zHk
z9n?aa?Vyw4qrh`(AZp2Gl;I7^YuU3s(Qi}zAhYX{x7ghPC5GT+(8c~T1l2b0X#YnH
zJqro=nnKTJ|2)=oiFrSPzXe{a?C7$Zgq{6Rz_8%qa+gv=%Av(k*jUN3Lm)s+S-c<j
zox-~sL?m<Jj^xpUgNS7xlbx0l_AtUI$xB=WEab(?uMZ0ev~Idw(t8>VeB8W)-9c@L
z+`6Q?%o2@Q(iMfGsD4!$5BKgf-|QK(RR}Wm;OeBPN{?^Oh)q<#6ZD1*LPLL2j|Kg%
z$By1?s^5KbFhgvz=Bu{W7Qt$q7wNU9aF!5+Ae8Jx9Vi4))bWT}nF8W%juHjljl8}p
z)SH>+dlx$&j7V*D-^m(r%t0sIbs#3%YIE-kB=jwPS3X__22J%LN|;*wJlj~+5ByT%
z_`~(=0)+H{T@B;?NhK?@{-A2|J(Hu_&FiCq54L;DzBunS+gFdl7UwK|*-z&HRBpmT
zC;wi=w&aEIP|c4O*42D@wJzwrv+b1+UJ)%bMGn5D&g57He11v~$Kn-u#T#0JyHKow
zk|L4gl;qliql@ijrh*yoaxWHNI)xkr(8im({zY(eMI@}P>2ntBqB5=8Vwdo+^Y(QU
zl<TzP4ePw4Gm}`^OYYs|g_5?+1txoTrI;p<)*R&4yk&LrXU;FK-+d1Qo8}zGj4=Q_
z-D6T@iybPtn!LY80F5Wy1y{wiMG1BsVdaV@$99cHI7np(r9y9e@5Jpp{+LtApfz;9
zSK3}E_lh_a9`QL)qRYzH69@tK9p+aqWwXQ?TqnIUP7PH>AJ@XgZU3r;Q<)t9ECrjh
z1Qym!hvi<!;>b7^RxS`?HJn<S5c_HQeb1KL{`H=#7@wQr;eC~7h_?giKN@u?Wa_`P
z)Cs$B|Dsjr6-tgiSEr*f4Q!uyquqThSFDf3A}}clSK}xK9dvHqz|nmH7@5~&=niFD
zWwIibb%{f|2vz8Zo!k*=y}D<OPVcQ_l?D#C?d?R$L{~!`VjMEg3F}X7DHU~`>vvxG
z_=Q4v^4|Ox>YG+j8unW0dG&72rwgB<+&)$i7*rTIO8ZXcAt6~3Ml*R<v-OZ>!+2Os
zbfZn%uO`vvbU2_mvcKULw#ZH+fLQ#{Dwpi>-IsT!?BL8H!eUy$Zt~5$8Eyijk<((+
z?ql1t>xZEo4OYcR?-iK+$#EQoBK;$H-@Z3N_qp+H!SjsD{PZ_gEY>GG+NKrfUv0pX
zmH3H@rNm7coMaLnLx5_R{43Y0v?_PWm(FZfT*Yh=d=3&;qyv;Di%Z{6izHd4-cx-C
z)F(^35U{-4NQ4emaMjSZ$QKP-I9yIc+s?IM?iyG0XE$b(^ZFbU6tJs{_HikcqPuFk
zaH4D1q=YFRPrJOAI8w}-;;NzmvhVUhokj8cQq%fZgMC@-yw^bz?1UgK${)c+wMZhC
zB@NM)&7aG8a*q6faOLd)t+wPO7p0j$GMRy6M<g8(U5R~Yh;QG6#!Fi=%Lai#Em6P;
zwYA9m-6JUt>}_j}DCM@1Y}3v%86|`-W7!t@C21fQ1<a6o;w+Dj-IYFv!-8dN556vA
zK`{+8&vp;Lk<(chFICHuG%yVfEfh7hYQ1Xg`P$J|X|`0pk22beQyGOHAS$!r0TNCl
zrp3XH<-Z&*f*ib0NkVb~2y6)tfvvp5;f9ad(k<pPL#DZw7yhK0QstgxxD9Q8TY8bw
zob&2+=_@wdWilL;-1#fDCZk>`KO3JLRmps3E6k0;)aq7TO7(!+?YZ`4i<g3I8$DlK
z1ME${<ebHk6kKya)!M8bn3ku(mpVKDAd%49mc+M20Mf#vZcgSuM^b0QJR9c!sNDTb
zmSbpx9Z)KYUe>eWn@FK|Vcw*TpSTGGfm#RPELUQqe960^|3lsF$Fx?4<o3A=e{b&+
zfqVP!+BBiJD(5dP8S77zrwDVzseGtL7CVu6Y3vZk&b@X8L`C~`9+HYF<x=Z|3U|Xm
z9@pTvS}w<XD4z!>R>$VL7heKUm19QY`dyzR0Bfa2)>uz`$+aE?<Vzwr`BFC^U&5FZ
zf<!3FJ!WdY$-}17JB|*wBQcs4l^vhna>pntK?p&fM@rbTypJ7hu8QOmV)HI$<4YY4
z)nhf%%@>>O^e+|<8ajy8L{vTMVzfa$J+JqCET0x)RD5k+op5<bBxZU4Yw7!z`zdjB
zPtyhC+7gPoLAM|TkSn+_$YGHWjR-!JS0e`R8D@uDy|NXlcaJL?XPrin4D+h?o4TVw
zUyt^ep1jzanQJ|)4~IuH%Nd8gd@g3O%lcp<-(wmmOZCLKLbKsA#Tuq7PrV*PRnH*Y
zXMUx{>Iu%WbcNl26z}1*{8q0lkx+VO;l})zJ5W`_6O6C#UvcdRi{ot~hkEg%njXmj
zSOU4!#(8dsx{prR$5Y~5htV;SdCFxtu~EsWE(lpoez;UQQH+^krBDcKC#_C@Ia|Bv
z4hAJj9Yrjev<;a?b6Tj56S3wIe*Fx5z2pv=(*52#<&+<^wVYImbhGX*=li{(0(zU0
zkiwT^EyDV<>Ep6Kx|`|da7mx;sI`0+0BlkA@?hKUED{;Y0kpPO&7-c<u1BP(>bl(x
z0(m$2oX>jkDT{l1&~|w#x<0now3QUzg>5_TgrMsx+@#{K;yrik3ng5(EQGC1$vlnt
zX6ljj{2s!ezYkh6yU+N2>$57Id%%N)a%*VVvokw?iEc_gEGKeXh_*AhWz^1Q(jutg
z(0JR__lXCvh%CTYC}*m&KrG-Sr+NRW7dS9$?ixQ1%bRm+m=lY5+d&sioSNf_@`==i
zzo_M1FAJmU6q#eC<fy`6<_WdGdeYl{WH<t12gg2H_b+MGxp7KTaH8KhXG(m$Lz0)_
zd5ATWN0H78)lK)w)s&V5t{eyTty<s9j(&nXw^xXeP_M67!3=(|L6y|re(uik4S)=l
zXrAlH$t><~GMNcI9Ae5=x}wZQc~3VSPX8*}x~yZ+wMW8QEZ)=#`?igr(WVfkuq<mJ
z`%8Rcofc9%OD1Zn#5Fz>L6LY{UPS0wPhy46UN1|J4FU{`=Pf+HlCku%_H7J9)43Z2
zpd{rJFud+hU^pHU{jeSHVw?O<kPPFGut4TKXFx(@-U6RK%ZYf)!!-HUv08h3$D-n5
zF!mt}Duk!x8RPbpL4P5<V9o56kDJ`c0%~-6J*h$x^wpb`$H1D!&Z@}ueIAT5yW(JB
zoi|!xkD|5wyG!<TOfIyYE_i)!t6=_7b*Q6NVr1H{=L;_$<v*Kxwe_|Gv(+5zeZcx$
zZ0!y|Vs9h!fZ>PZY;UXRyMte?i|%|PVQmS5_t9s-&=0s1FDx+B*+VR4KXiximQ!zv
z>7<uJoA7*AL0H97KR4vc4Kq>A$}i8%rjqC|hXYQ6_Cl$n@kRY%pCu7W6h5dp_;3#J
zRgLAsg1so`;lmoX`|G$c)$aFNziTA3c&=$FMjN2x?^ixgbm!)_NRcs<1u0RKuJ&{3
z?&%(uhq+zE$+0>gDwGN&5+V=e(Ie?ekpgK=Or+SC8CQ0<sCk~G7HSVaZuOXe28u1_
z29*8W6Z3DlWT!n&8PRbP%*cMTA+wazKn!~Y2n1z-S1;hu*>j|y5;L#C*{=C9(6>;K
zXrUrSZ@I7k&LLAJEEm9Y`Uo^^ra4rYw%_P1Kj+P(qS*uL)Iu#2^KjOl<}%)9Y_}X#
zHIA$Y-V-~(+n0*SgW3KfmW$ML9#-~^nH|6VUff)NcZAUz#zE1_#m!3^)AvLf0v4?}
zldK}XS?OAztuC=G?hw6L(%1AuyxTV%j;PBvmZ*^%>Pi3Ud{*J2P!oE6c%MaR870-)
zG8?j<x>!7P?cDP~so7`it2-)s9#UojM0NMao&kt3*;QDzVJ7=7dhS+zd(OKHPU^oX
zX6p~bbmZt;N=C*<qNA*i0Jv=wM0#ag)Z^-FL^@UDgSfDa!;yKLsO~K7=pm=R;e)5a
zWWfj95-X`?nDXeLQqS%^CIGZ4cAcB0ixH^~TO304Fj3n<w+IqYC5df2dk}C`D|8+<
z^8RS2qs?R^VjsQF;$c+pH5E%OvpG#N9Ik3Ml#t|Bf5#A=9oF!1sN86mb_Il#ykHi2
z8)2l{*Q4tetaILF>=oV3s=#G);Ar4?4(z>TYZj0IrcxD%+u4h@30P{gu2?WQ*nGux
zue5gOH1hJ5W0p<pcw+G^Tit^mp@_HdX)}Ppg18moC#DsDx4JC(!i++b9;=OF*n*lU
zS=d2>^eRy3PF|$77$5}?kuMtb7Y%7vSe#ws9z;ETZvkf;Kf6f_36VN@@!5r&a>nxe
zkn@nyMl_dM&9<Jp`c1DGY7i2o*z%M}Q}7i|QUBs=Jm1s18dSs(K+xrW8DzwC_VOCL
z-DF<M6@`1d(w5>E$n$fF2_Rpfl-o?#nsAz%8BLOb9G7zy$pgFdIn`wz%7L5XriQ&K
z-612(p36S(fueuwzW9n|HSq2Q1P{|~)Z?|)HxU{^uO%nu0dV8xT%Gaaxvgz2Iz!eq
z*5_;VRYN^kg76I?Mypc&pexK=Kk^Oy>ggOBs$kGdQ{yO8Q-s+)k{!3(Qyb!2k3LJb
z5fM|I-rp9S&n`$F30>E8WosS8jy@H6UqB72m%+*Y-E;tY+J7o6q~Gxljz_ctU}cn7
zYdwt*O^GmbZW;#}#z-RJDM_$Y%=lK>y^lx4MEpQ*IOcvIn<S^MZ9GNW@@hIhGUCjh
zMS3RE$2Th8^N7vPtaH7zLs7PVn#T{L64yU}q2Q(7>l=kP+ncv>qMh*T3_+DKdp8{p
z;~e*hO$M;mv*cZc{?gg*ba30^z6}<}vfD#}3&y}FM58l}7*aP%PDizC!+57gJj5C|
zs%CB$cnd~~Z=-_;M`tEG+@iM^VJeqc;u3>v5n1Nu&oC^?PuexlBdi{n_2nm(VV86U
zw}8@l3AM!H_$^Tj6i_K`Y2np2K_%xY&?OVbU@tV4;<<B$;kkt^U_ihy86NP955L(Y
zS*ihW_61O5dy2ksD2M-)O?^Ly*y7Y`)6}AV$0$4;GmsL$IXP0lkT;-wbxVzMn}D}>
z*4b^bOrg6#<LV-X<UuLD<mG}#PkQZZO&4Vk&qM}i$wt3~uskPQ*2>6P-_zCp>^1zs
z)Ez+x(tAJm;z%SViY;9Cat2Gd*BTJ#jW=&o4esmN>)#Zt>oMKipvP=Icslgx<^D3N
zONrp3#1?_W#0t=_ABq5Ahv+U%I9r~_x~mj+oJ*`|mE`k?u5=h^h<x7cd_F>-!^lkA
zHyNR8z7M1km}~D5lo4ttY;!T)pV;PW57gE8<1lJ*g?%P%f)S)oc5<Y~Q1(OJq($9=
zajW~wm<|;#s<v;totnuWFUFX$jV~?Wx7QlsKLqlFdfS!#+Pxa02k6$^$vAaPBBE48
zmOih#`du3nF-qr59A&q>e9fWjaVDfApA2AK<4zqmJ^K#Cuo+{W^Muqu6++GKA-q3s
z(d$p>9jND49ulQc{hc90lux91f#fX-q4&_1WG_?Dt;*qY%gClCUUW#B)a%CiLF;tW
z$~lP<_w{~{wE}KC5fn_x=W)-T&4*iA;p;Z+%KpKf7c|`-H)s>OKYg{=mQ@eqFzkt#
zT|TYd2jdoKfyVDY)^xq-3sa*y=2y4Q<6p@i{Hl<fl24hTFo6=>K^~_8!7;G_odWJk
z<}A31gpL$UQ$f~R6hr~uMx6MV$nN_yk?r_Ff*BoJ+vz<DAe;EVzsw4&erP0orL9>S
z`h%LL5x8aLA1aJBle@LtAlwZ?1z2&cJ*f`s9Y9NmC3v;^nf(^_bbu<iEMAWS<7Wfz
z^Fo*znXs`$uXz?}_**mc^Y8H4D8(OQgL_H_vhymYKN1x5L}<HBYy47T)N*dh1(tRL
z%@Y0S7{QK0iBg@awV(?C<){Ku<in{5@{gHHfU<q_4@Cy?343qy=ZF5U*n4U~8|E$V
zPD%5@UW<+i_mb7yAOOF{F>eB!`U@$K3_5udq47UG2~H9t$~Cq7<8O+XQ=nJJdY+KQ
zYj{3c1q`YP2(Aq&{l{2gCn<i`zf%1FQoaKNA%_R90U`)kld;}&9OA4lft!qk%xHp8
zpTEd4<l|1t%s2RVbX;ck0{S9fq|{$@K7ep3@RZtFoO-AU|MM4-P&UKAD>BSLC!~kg
zpGlAZg1sNb2}BZr&Mm?(y4|vP2D%HMd^eTTtBU-Eluwu>9`!jz>Kzhr3;%wAw+;}r
z>Yvh+TjgCP|2_gQ*d=_I3)Hv*PdA>Fhd0=)|9&M0<uQ$~gzrlFP2*n``(v#gZx;~N
z2Ux;(G0DF_^LPmOPiy%2zMoj}Dz1=#oA{@a1C&@1e^+8fc^!+OOpZ78e=maiLsLM&
z8SeNKzmzxe)Ox=4nMdS*(Kd0of_9)a-cVy!ysoR3|6g?M!?^c<9|2Sqa<YlCk8y}Q
z(A<GroQi(Yf4`FC&ancj<M_4z_X?=rb=SW;^LT20=k#BsQm}-XlUe_a@3pBt2YGn;
zA5(c1dYqC){*Q!DzqP^t?gsje)3E++F#!jM_wgnw&NvPYfLcySnM7^;A7cfbs4NQq
zM+&HuHW=xDcjj?T9A}R3A^BgCfkX6U);a!HL#HD$pEqyV&?L)8!y&2q*K`Xg_LU)C
z+m}!V96aVc&QUL9PJyQWr7>(;-4c?G#XaU630{F6HEu01c@aBXmG;v>`N=^9u?Ya4
zlX1QlKM6>3ULLPr<0N1S&rc#lmhgWS8HBGAXpv`j2|blauxELOHF|npMGJq6b~K=*
z5h!3(b_9^?{NMW!uO1`$Bl<G(Rb-yo2yGzBBoZg~IDUdl0KCH>6M!Fx|J&oec^<FW
z|1D4yw%=+8KL>#Rvw(z@{zg4cV`63k{8>~VSxPyOlxh7DPC}**t-R%NOR<a42q&%-
z_}cPgpC*qu^&5d7Sm|7Up;rH(dtK<#BWiYpDfyy@yIM@~&(@#V@pbfF#_Z`PF|0QM
zrmM$xq1Vio69SxfS|EpfIH#5wC(pssgSr+_mQHl_0@M=diB^6<rG<M0qhqmV-}O(!
zdH4m$^DmMr;<G2Fka%V;Bg-(mEI<C~%Hbqu^3$F;hY&f0iU-j8*us#JGnc<v?f%Af
zE|P9e2Rw_rWe6=2z;i-q(c)a|H4-I}yO`LXq+y`_-4%109+z*F6XUxMmoy$)`s04H
z$seZ5RdZG979ean2Z=febCAKsdqTDwKmqTqk$sO;4$AS1vCddJ;q1xb{Qb{|vm>h!
z?-^=Uu=m~4k2D0hWpEEdbG!QC6^^Klo0O0!8ew)HSi$8#PMDTCl(3;O9^bixmoElD
zs-$IU-x70xq<ySeB5`Lo4HMFER@0wcky@7$Bux#&&`_EspCp;dEPqQfO_Rh~`WWRC
z9xDRlXLv!>h?8w5ltO3}svqh;io#d`gLutvii9~_IS%oQl7Bte86&D96k!hk|1y=X
z#}jPfj|UgZo3~5=Z9X4YR&Hga<x*J-9o*fV88J@3KDf@?6Jb-L=X7J>Xj{spY^uMP
zO&4<$=*A0h-9DsfnW<P7_5@6>0(K9O?y)r1B`q2z>n%cj89KhNNw1eC>|&yAS^(<Q
zklAfqYrU&yWM_QPCVpL+e_h*DZNwAnL;t+XQ6%T-fK{=8+fs3Gq~z1rv(A0$COEjK
zN!4h`v0H$N!rT&5%zZZi)l<2?M5JZz1hAzAvr@uBmf3kx6Pfca1Iak<Or*_qkFz0C
z_PkcFxOL7h(1Lig`TD^3i=K+k1;6CEO6{c%Gi!BSR$=S==*X_t^)}CEldT;VN4qUO
z#Y+>Cd*22fM(QvP@g7a`8TZtN6}p}PGM9oy6RU!QwdVf$-9C4dc{{An`^eRJca6pV
zUSM5JUR6~*ly`Y$eiX1=)W8EMXRvjdsQz@5?##%g$dz_hl_-Fg9(gWR8LVa16}rgp
z?!;1nzNrvN9Vk&7d$cJ$Y~NP8qJ6N{XBuO6{;>hU`an)~Bq<O5jI-&Xb<tGyLK)V)
zJHKtZo(_&axM7?wh6Vm6Xx$Ya4$FOceIhs8x71Sq`A=DNXPQ(L&@m=JA+h#y*X1BZ
zYx*iqX9dM01eC?TXP)5`AS50mIK3hy6K2RyKt|}@D5c0Z@jXBoP>3wY2qKQ^HPN!+
z<mpZe38%M&d|CQ`q98g2As5G5N`?hZW8EHff9%fEiJX6}YZ9jaq7f%X$Y3h{EfG1)
zj;VGe1}pHCz5My`O|uTcWzC)D?E7qdhP?m->bnfs-4y(&B`w=A*3^9pd?~zaGGe53
zIy*XGF2Q#B@I9dE7+C-sz3XyVVq&%dWx);J%AItvN&xnXLLTmQKHiS^II53vJ4#Zn
zfi%0#pazuQx?=c(Q5iR<;kRmZB~synnEi{r_2}GBue|3xWU(m0I8&Th<kD^5NI7Q2
zH4!DX;bx%c)C||NM|``H5X?9(X}eM+QXd4RkES%+0{dsdSB1YMV!zYr+7j^NAl*Kp
z=ABRZ9wRR6Oa*<(j1`FYQoAu_?(KrsI*6V!)40iEE=laK4RK6Jrn}_Y%As?FYo=|+
zG}hY9l=pt>G$x5I?x}|ErGoz8wh2$Rnz)YrAPa9BE0DBaTNe)K(j8nT;di*I5gW%3
zRMa)k{?IV?srIH*An_rT6Q5d3K4Rpz0*Kw$AnC_#kp(7^ESUxgyzJ}6W*;xkxvfrV
zg@Ng|L^__KX0JA`0)nqz-s@`U+ATsi>HSyVeJyP+eB2bAPUqqgvdk(g7dx1a_blV(
zf03tW92y!F?og#VUteCV8V$>hIFxr7c$2u4q-|_=BQ<;(?h%PW1(iG#fj`{9>SLuG
z^yAU?@7ZH*L;4)27YF$en^KFJsQaQ;nHJUBdT#1iBY5`IrRms`SFQ#NR!dWwyyI?5
z17DMRdUkcJ%lpZci*CnA6~I3xtHfJt6euY3RJMEb#BP;HltvFMJM~KGLqE8D8YLv5
z%kvbl9dg4e^Q5o8yC8Wbt-@(;z7pj<s}LsjzIPb`liPP(qUZ?OUd!xI$qi%GDYxv3
z_X|c9gppCV7{0x3p`qtme@DP&G_fJ}&BrT7fG8mKZbI)Kt)9VcY(Vq)+>)5Dsl-U~
z(N6IE`zsv2hyJY{5umS4-3*p99|#)PwGgl4BKa2!9A}fl<iT1JKHE0Vsmk#$qrl!k
z*Lla;@&)h7$g7u*-twaCyA3ijD}%Vy+Qxjum_BxV;u0ZX1dif@6TODe(Qz)uN@)~g
zmwe&NH@&undNU9MDfk87;!sJo>pFJWuE_GIA+y6!S9mmS=5C3%{$#n6SgX~18^Qjf
zdEmluJ?ckmE@r1E+BD9MPsFJ<PXf){eHJc#b%&@>3T-t%wfoiWZn;%#&iq&d16h=N
zFPem0$2u>vY-{ga7kUc8fYphH-LQqh3y#VyE53+&=BTv^#t$GPDNX>u9=R4`_V@`@
zzvTy)L&5Nh!!d;t6&FC3azTj#avNwA%0J_rUNV;hbvU9{5oxfZKpk8zXzjNwU2MDh
zsNYhQcXvD|_DSEKyc3Q%(mq@TAxBmRY&w9Z^GX9|ml-}&wggd+m9d7U72|H1Cv}@W
zb_4t-2iD3G1u9|m8OcIF?l><<P+UDvrR2za8!3Bw1+dsL&_^sP!LPF(-97`K>!#_!
zwVd+@UsY#o=mUxz6Kam{9&9bub`s$m^?G9zVl9dt$@(6fn_p^Q6kAw?CV$}s^dC?=
zLo`#}!iG=x-7uTOGrFPTJ;u9&2Yb>>Wnb2tEEKz+N&=+%2B5a>iRX+>E+o4s-f7CW
zKEMgr6D#3gt`g?S2)qvx!kyxekCWD2ic2RY)en|DR1*iFqW%i>@okYlJ7PmCYh_+d
z0Gt8B$8Ik+d+y|CGnfVL;LLBXeWu&1+M2&rVd$jL4U+21>9A`zm_N!Zxq2Q_vD7up
z_S1bG*}b86>HNjP))xn9fF!rlBQkX_Asp>TUA_KuQux3ko3|IoIEx86bt+kZNc~|~
z)!GzAA%$su()u2W+S@UwWnC^E7`(Zb{bf)(TyMsm(#$tL8Tyu3OPS-%CUTLynbT`f
z!lHCv{(J#Bz*)0BpBdz*uPm3r9#NBA?04K)O=0vqxBD`=G`vS25m`XhzWI)M->b}S
z$Eu6RD!$4|uwg@da4}rvwJpiLqHhacFyeD&<cIQ6o)Z+qVmD{`H=ecgUnZ|oo-ubC
zaCIxG;3EXlrg~(kXY4xc(cj9KqjRW1xs|VfKW{Ba46e&&41p||#yZ<wMpek*D=sJn
zzP@)A2<{KU!>-D>){F$9!0+F9H*z*y`9twk{$)zQwncF&^sWYYZ+yABcZUwal)*LV
z(OlH}MQ^rz8$d`8<`}oTCQ*E>L798$_M1g@1*k9VMDx9=_n|YLiCNJj*$dRyB!%Ue
zoV8nnaH;US($#Cu+%Y7SQ4Oz8x6_8fThCT3k%S+8^^LbZPeny6V<$~?2-Un?3&=ri
z*Js3>#eY1{S0<&!aT`m`WpD3z;&_pR0nvtsy(LyXMp4onl)8>BH`Yh%-ph&b|GeGL
zVnDtabM7es-s*HL{-Ab9&RA~!ULHOM6WxfU)K@VxUh5uMj^uAGyCIGi0?P;C%x@U>
zY{Y4V**+{ez@}p)?*)pLSM*uFkJV#@#J2^E`6Lv-rVZo$sXm@T@g%lRa&4TnRVZ4U
zJ&&YXG1{bcS*)gV`|GXv05~oIcBHZeAqAt-fzE)~%zGb#@xp84MhLjMKdbC<J(Rr;
z-Rc5OsUo8#_Wud))RX`k&drw@9o{1HY-aNpQEit*h^$bG2&C4Zy=`ue9QIPT3B<dL
zeq{qlT{B<(FI+gyL~r<T1G8sx_u8TBhE6anArw-)qxl^)`LQ8h$S1p!2OU<#gmSUe
zPs4;~S9LRBnvnDj{!u<J?oG4m#ZkYP`n6!KsjvFm<EEmEz=$L#+;#WCPQz73QFcxF
z&!L2YB4cN*qE_lh7Jp2r?9?~HQ(9@ox=G%OPQTN~RO{G`IZ5nptee!-WYpDd_FFHw
z(W7>z-7cADDXvLS%tBSoKrM+t>#vP?p~gNSfp#$4o^TirN<I%cujTS&p4G&-CuO0e
zZD}b=KyMK+N>a|wxr&6TVR-UUFKU74R2_k>+VaE{4>Vlp3I?JBEI|m5d?XZaeQY?c
zexUg32j8sLFxa0U^xc4m=P6KdS~tm9O<OfR4Y))(!}ic8Sue9OMO>=6!y_A5*bKIf
za$eh3l*v8epPvW^pzSR#FjJIRQbDXQh_?ID$aAefk4)>Ksk~nuIImEIdd&6m)0=I+
z8y1sfCJ!n)M`<eVgvQ9fLY>JjXod$=ZC`Tu!+?hM;1}<-W`-8~JIQ-AY1a>ou|>@0
zL<#xjsy{TL7c7`KEOvPbmE77leBEy+E>B(SCKz*c@<&oQ@~M_PkL=gPcx(|$l2%i4
zn1k%%6Ph|T-2<CBl5rt;^>g5@&P_JMwK2H~r5v@^E|VfvGbAkRto9S*U?m~jj;hK{
zU6)IMg-;V}Jc+MXys);&C332dQ&8c!e!3J^0J9W;pFje8pMg)Pr`Hx)hSCC^d%QC)
z&}8>bdNl2PCkT!$1R*s@N{3PJ+;VoVX~IiAv54f|&61J9=0X<TS0JQRb<9-b75%{d
z+AgZ+x*g<8o-2Iu0@F51AnBRY2Awl*Ei31oC(${viIfSvGQ%IA%;?TxbmSrdE$G+5
zo6p{G$#sxsmt*b<AC4pQSYvs;e~Z0bu!Q5e+XS&eNf|Pv-sN}R>e5B$z!Hp^gon)#
zn%@u<;uhIuOUb(R>H|GA+YdX`naj7GoUKKQ2TQENEqcC^Lqf!m_Dh<-4j7mF)2e1|
zR|uB2n)?+Ice7RR0Zv9|Jgt?aqMyWTlGq!hs^YvJik^SoD+eTx*CL%#4oS41-1T0M
z@8)DB!1c%|;;}Gm>dklf%>D^Jvp+J!S-;@Sb+&+ReuNbY$gYFai0~SG*Xg0|f}{0D
zg;gctvqHGiD3&K2Hkxz0T5P#AOJwgyUC>lkdiqrz{-e)zSGtOU<yK2eqyJ*cv19vF
zA3SS9h8Z!cJPp4jG&Ex7vx)XnaI2WqR@*<^ZiuYf9;~mwo#K1+whHxnTYM|Ti14L+
z^z;t{rX|4Ug+7Zkn^LUQUTl6RI0r`Q@hX^osi3t*F*G%6C%G~_k<(hQL*1gnBv3jb
zggC^Z`d7Q>#DH}{lE{4FyU&j|*>Uc3)7M+&ps6j`rn>EsF%+hu?Z9VX(T059K36Oy
zP-1Jc0K;ran`~Mp)63qe3AH6WI5cf!3%6B%T%`S;0>M-HF7&MUSpZ`}a{rNFbMxF;
zyNdU0t2Y9B8!w)hgsgqHpze0QL6^dN6>vlt2J9@Zm-G$-nE{RFpzw&YfbZsyvkSFr
z0RPAlk7}JEt&~{+V$ZuHAbnV{ND+%MlF;Mo+)5JN2+J`(y)Bk%*-d`{(}aKUD73W0
z^<vz$v@coiWxZd5MY%=9N!;9>ER|QJHKZ6E(|wd>m|HE;ld0udTDW`As0r=0j?O|y
zrWj+E{Kq`DxDa~N=1p#{^D7xc`R~#l^tzdLZ7-35<wJ4m4(1}Q)cV=CfHrcb+D_>~
z#cKaM>c_;{Ys5HZgGI^qhFT!M*t3$N0Txltka({|%`NBsqC4Zv-Eie>)nJ(IfKpFH
zQkZtF@z26!oRFH!4KO=GwYR6g>(Umd#l5x&Jc$2h;Eu$^i$e+-nyzz;hW^qusm#%<
zql#LV3~1VYU~?`CfWD6DQSdEN^taJ&{z=gh)!@1rdKi>;8jvq!l6V}<rdTN4H`klN
z%Q<E&l}&tkBEt_dy?yQ}fskn3hQRW^!e=7!3JAd5A{r=N&P}4Z+fr%IYL{3~ZAq=P
zPni5@f1+hBL(zFugKJqoLs9lsZm7IhyY;6^Qab?xv8GHK{L<-Zq2AL0l?IpHE@8!Z
zQlgi>Lt8-#+)LbKleu=aFWZ7AfN*3_CDg6$gce?|<XOgLs(bLbNQN=e;Ce4q2m;7f
z0sL!NK*^QYdBjT2VLVT+RN>=_eWBiyT9x^go)oyBxK&tQhT@>mwZRr4Fn~OX0QNXX
z0VAH<S&a^2;lb*=6(2)GD1dx$x}UXMw8nQQqjK*RL3o@^w~p!c@GHg8m5jD;`v}*>
z)4lH3AsgcQ9%aVVTwr*ZN8K9Fl2otw_CfR56F>n=0J(LNeX9J<KJWS7ivOz1sd#;b
z<`)D!MrVge3%kwP!q`RXELRZ|-~G0m%1hD(S>yTYC*3FZxEHPO09Tdig!|s!sMMJx
z)iEux$K~J1qbx{)T&$@eTF)vWT+gw_7wC%_Zxx=cxK{A>#eBr+tpR@eH%%`_fu4Hx
z=+o&_XB?HDd@x<?U4K49^T6ElrcG$utGD}cp)@I$t~GmF7i`MXhWD;r#S&048X4y<
zBlUtTn>3-SW2;c@z}zcd?nm|ECbz{LKj{r1&@!YvGcV6-d2m-B<ol&80%>QWvEP{q
zye?z{JM85B^DbkirBl(iax0Y9y4r#JGLrRcygi$$^`ZZg8c@eM7qlJ#>ILDlE}ZEL
z&Os(KxBSCy4+eXWyU^Vm5Fw+^)n&`?QA*sl$vb+A+F7$KsIL|l95~pPYMo7JV<aU=
zobqXPeNZjEw3}hNw%V}q!#*7d?9h}<`@vLBhczNrX{R_>jF1&YZ^QG&&Q^)}E;?qH
zl_%DOOrBN;0Mbmkf@jU#b<9R>@TAlnuBB9fGOtBrz<@_m11JZM<8eTl<z#?g$JNj@
z0?i#ZJ<QILY#S+f^%UUzwv(~>$@n`w+}zy?glrN^>iOAPBK_E@GK&*3y@C4jy(sNa
zlWi)PKh24$yg{~<AZu>wwp9kv2F@tOtlsZKa2wr`h1ZL(Y^Q_uHqSvqW@Rc0yD?6F
zS^eJbG(bN<+fWG*YV)B#ubsDl_gJU>6!wc+n?hJa=Jo3hP}L^zIO?|J>UoRRJi}$p
z=Zj>A!r30i-*PirfbEiOm`=FKr@i+afI>>2=D|h@XDsNk!->YvHW#eAEIhUcNyFb+
zS!y!Q*tw)+W<H4*vg*%KKBajCNc*%X-jzLd8Bbx)7=_x`tqh<e@+iP=y*QfpMzj|-
zWMR7)AUx5pYc&uMe71idkDqQPMsZn*8>lh-U19;m#Si>4HvTN4VIAQgN!z6OBTHs8
zb^#pOWOOtU17I3_ntFD514A8AL7I<@6fv8!m}6rU5rmm>0x#!Y?M>iY#FePzPQX3q
zTlBL^q{!5_&l$0n-`|b2R4jX%?P*V|zBre~`P(*Ta4bsy0B~VI$JPbS(hxDbm+nr5
zn+wvKck4bCbZCvN;x1t;2t)lc*qFDuT5ik?2ddA^1DtwB%VbaP`Etx=m*P9my<Jo1
zz=kYp9u~~ED)FD%F3)TbSAhm71yA}V%}*@~Ih7cV{Pu*HQ^-piQOdu)05Grw-M!Ei
zeZk3*(qxi*qn!l<ykx1<-QVs94?a(eb?WWLiG7y@@?Z(EbMO}fQznQ0r~6Y(4@!Zq
zy)vi!Uja+8QZ@^RUCvuusn&qP(z$gmT!41Ycwd~scDD<&c7#A{TV`8NmKK|izU<!5
z_*v#Olu_lO`(e~Bf6=pecy6Szkk?budwuj$PjtAxN6Yd!&}i!g6Fg3HwLhnh1mckm
zE>=ozc9vJkfOdF~R%MPGRCdPU2?)E%KB$>JU_V^4rEM8OUyZevJS?o;rTbBm9i^S?
z?Winx6inQGc75NyK#(IAC0b-&P`KMpPGgFW_?d8%K`c1iG>JA`c&-1sTCWVZW0LgT
zo|ASxfOTSGmRY*Zl?N3N<~lY*MJ@532eTJ`ND&f%T0X+cwzzQX_b5?4Lj&{qz101v
z+e#T1t`Hv$xBv3a=ZH|<EsMOhTCrmrU?;)b^B5t>?(X@NP)8)*>K*iw>u0ha!RkZN
zA$NhJV56e=?;O!L0fu3X?HFgz68i&Z*V|+TI^jn}QW#Uw4{s1C={T?9%>!T))T#Hc
zB)}VUTQ#9(2V%GVaEwq?+%cD<ajYjf;aQ3LCh*}K!V|BAXQVl90*V^J5lXOkRG%#v
zAY7#WNLSV>%9PYT<KA}pYdrD#9mT?cZp3=k?);>V!6Ls)5>4Ul2w>}%VAVnU`mB_b
zm|A_HC=oy5u&y5u{+QkVE5`}*qr3(5I$}nBwj4CYwuXHlpDDVt#25}}wglec`9y|p
z`ygE$NfLS%2}J@9?|&5}d^&MivHO!2O}_IVt@p4$Op*R~h|g=y7n8xt|1h1nbUa67
z$87r_G~0hf4*041kI13vKO%=ek=TC?04K!!e?$)dmxvtxqYwL!KI}wPh5U~`>{w*^
zzo-xUpAl&N&sjs|`b+;exr_m=4~U9q|Jb@}j~?lzezpn4sVe<fdEpo0Tz|mcmXpyI
zUmgPXQ2^M^X7&%cAje5#uK`|+g16Vw;Jf#~D})<=YxC|fjX8ZWv-tCiII4dBo&(^q
zZ8U$61!pED@OK9ynh*f+!AUW5e>0cAJI()(%M8nDan?ouZXCwDzWhHgGc=ZiHjL&i
z%-ws1xkw-u8K=sNOT2plGg4Jv>nqBTI~1E7=|=ckn>e3A2m_Gy=3VKb=0H<GWQi;(
zf19{N&xfF)`a7e5v#bEWY0FK16ZDPh!>#B@k>Dipx3fpK*YQF()r(+^by<RW-jDp`
zdXPetD+b<+?lP3D01NTj)Y~~X9b7xwYd#R1cV2JUh(~9dk3?%pc~~CBtSUrmmXCGS
z;e4OTY$SM0am$en;GzKK?c(Y5<h3=L)8RLAS7b;d0m(_d@0)Na67G4}a<H-91|ei~
zSuQogZ!$A?5Y-uNo~p1&=R8`5YFqi2u+zlon6=Qz)ghOc-WLz>ot&SwI!*BlJ{0gg
z!nv&VJ)?V^P^9IaCmS4#vp(>MmaIeR9$A~T?6LN>-Cd<J1IT#(<;wL)jr9_N@_0#{
z{O0H3l@k?X6g#pS?fy3B83yk0l$$Wh^fbqjwobG6EWG-u2X@TCE$eZ?4&!UUcye?=
z=CmhX;;4%Em}6Y6CFM0bpNHj|k$nh{Jx7>NAF8crh|H9(R9%@+k&2FAz=Ds%2W<Va
zK|O(`;0@1c$7s!>G^_hm5t4Q>yF=R4P%0zq_}^}CR|Xu;>EcD$dIorxFP8$DW+bPY
zr$F_=&FkW5CqL@PwqFU+hHrVsEs$)|ej|!JK(8cFmCoHCwP{Au3Z<D!2HiGjJr{A*
zHSn0~Ab<sLV|NgK;ZM3Wz-sS;W#DivuJ5biv|Y^;j%KOEdpGQUIqzKIXs%F9!dDs4
z=o<K4Nuu+*mPE<4Mn0D`7QhS7ec<1v4og(LF%m<^-e=gd-@RykZ^9qD^G$zH?I783
zj8sK|C*d;Pm+f_L?fP;~={&FiEGKcVoRVNasLLWr$?o1gOOE>>d)=J@IvXK3J5nTI
zi8v)SiVsqQI5Vmr#mqYZmFG_W<r$(rPEV3J%&OpBg<>Ye|IpeFfnT#90&7OPPg^cW
zWM8nqZ9q=7Gc}PCRYi*g^!Mjvfu0|Xfdcoe+Oc9BFBkn*D|YqU3z$HZ+=>SH7WXse
z?PzTr?q`+_KFaSteLegu-xG%_?9@XW5$+g1^Ge5GJ?<&=$C7ev+@EFdo~G(*fVdBC
zZVI<ZV{19MKFvR(5@+bKzgY4s`>bX>9TG4BiUd@7XvO%|inR1S$sF-3-p9##$a!S7
zKt&CAZa?7EDWeeDo#aqN34x&Z%9<3TSMt}#M|3p>@huuFDxWSz<IfO7z@l*xv-HKb
z%y=Ne6%#pdqblK&RhGc|j`<nSgVmH>%z$5#7I8Miajv1tNRUBpR#~$0q9Upc6I)#z
za?uC&fO^Lg^L)L-_x)^zNx`NpUg5mPg7-3`#k=QS0PKq*yDkEZdvwTPqrN=2bUEpH
zNvQ^Y>QaRP3&jKD^L=I`Ci@T7ZA^?fltIPUu{%o$4QMWvG=HoKV6>;60~l1=75^Ns
zPRBzWM>vQBls78-fF=q)iW07NQx3pE-~#NRHK~MiBbOPMdt%a+^qNCz-Y*YYTAHwV
zn{ZL0C+6V0Q^NEL{yUOl>;AT;MNDH~g9hR(JpiZF;lkfXnGq^Rc$@P~B}eizYqqG^
zef>|ufz7XRZy8w$=s_o6`Q2fY0Y0qoszMC{X8UFEcKIe=-1*`h#AHNJpT@MnOj&1e
z8}qy*jSKfj7&+kL-Jx~+Y(AXHcA#dzz4cmvUI_$F)76JF+6E<G5OA933SFaw$WJNT
z#p0JCU=#}hlO^7bGX$^`1459PC9YeczW>hK!*aY<c@E#M@Xeb}_JNrPa)0<>NkkAg
z%64~%QP{1{Hxw-3mg($p2PIQdaJsQ;OHSJ~>Ut4G5@KKZ3*!?gKo2^H;z$=bw(i5C
zfNlnh?opQq&*Dnr_lL!o#ftDZ69=AH;QjufyM-UDhQ{Y&PGQS53v4gy?#`#wrehFA
zCQL+e1S6jV27CXiFxBP5V?UD$z}AC5{K7?s7i@^=n=5=?J>Q^?`@8I)xUFd5FKt)Y
zmt0K(_D(i!rN>PlEFlf|bF}8I9RdJouHDPV9FPXge1|~kn%J>(kuXl|2IF>lK=TSi
zSGwG?9H;gaw~$(VPl2S@%X(TqC*zu8eyqw5h%<Ojbl$9`lXVPy2m8R6W$I6$c9tP!
zC{%+J0#0(QF4aC>ffNK_@4fcRR;$3bnt(w8^D}N!TJP`*_j=~<KqC+(E)QZ_K8aY_
zjYM}0C1>NNCyEjHBaBl+a}^5b770Aw|JUAkMm4o{?Mes`1R;u41)?++=_*JKBBFv6
zQ4y(91q7sblAsjnNRu8B1*HV3QbLtp1*A8n_ufLu-3gv^)cbw!9pj8~|GoK<!5HkU
zwbxv8KJ%G#uF{0<6E)dC>#lasbd|7)`?W#)Yd%aw<2Bg1cO^CX1VBK-_krPcg)n{y
zNH_vQ(f_rf$4#BDdyaT+YkDi;<)Ku%C*|MlkS)5cl}vR38;O8piq9b7?e2>XYiZ{R
zjRRA7C8TylEI)8rUM+!x1KL}(Mcm($ZlkP~{BAk<VX`Rygt6U-I*9Xd3&2Ss;DyhY
zUDbX>3cQ104XlpWlJwEt+?EsH1Cpy=9lE`miInAfHl1dc^vu}Y4Nu^h9g&0Zwr1b4
z+Bg;I1pR}(wYK<~Sl6j(37;6C@Z6ZNIo|0Scf2sjd{!}SYX=IM4GN?tYOks=__hM<
z;p3Q^=7P9P!z&}t?&sqC72~Ya-^Yqdr(F`jZoJ$X?ZhbhIA>8UINg=VtuF5tV%GqQ
zs7Vrod(ycsh=`_|b0Z!<rMqS+ozhf#Kyli(eVrfxe{26rg{3kh;Cz*aQS!;*J&#Ex
zyWIq*xHa6m2;i|}CDiB^u-46dCUcnw3$5KH)(8=!>1=LsyK0r^@b+hp<A;0640u%c
zK$Swi^G}qg^KxSfy_Hh!d^Hh!X5=Hd&&;-U>P2+Tl~`WBk{4!Dc=yS-{?>N7HH%u-
zPqMBSD%w6Bm&3fa%Q_wRr7w*gkT1gx;)$SXdevw0d5E>+4~HHixmWijutnZ};b=JG
zwL$lYk%fpI%}1ap7vok*Tzdmdu?_T`E(*>-TBvLLLeqGsSjNXWO3z)Q&t7_s{OyPV
zBrdbupIK^|$?3esyl3$ahp)V8o8v%SXURgC_M)Kx*4lNGHSF+3fcnz7^Sewv4)fs;
z9DqhX6$Z)H<|Upduen?UI|=a_ad%t2?70Xmk4?|WOYYO(cTfV(d}&^7x;5JHf+xvy
zIB%)9S|M(a5ru9DJ6s(PydWRgUmf<)rHHGgvsy*OZccrA<a^Idd7Q@Z0dUulr}xfC
zNm3DJRm&>Jr_Z|XPS6)HyYeg|wP@;tsE2*<0h>*`<7D%qTd~D9eshr&9-Ol{wk^}}
zPWu8S>IGczF8z$WEcm*=J(vEy;=5!iHx*pNf|2*$aV*~j-Nbm=ho11iH$ekB^Bq*w
zrC7wdw1${8v0m)!!(!tShGP1bN-<7rN-idoB5kZ&d%|l^-yrqtD_mW^FCijGHaz5$
zUNE_R(Hl<)k;crrr0$G@!KDV!j(2zL!n4+kB;1wN+I*1c{Y1_kO0V2D>~;RK^^cq3
z$C{;f>W6ZGRgAq{c9VJa)AT(w8JY7JNo0+&S6P6o=#fW2HDs@tp^_f^Hmr%Kw|gwu
z8%a`!9xe~<v0l+qY!$Q5*xMaa8L#LJU&Aahvh6GO8K-Y7@SQseoxXkSn!UES&n@+L
z`3{d)v}*g4iPzen(dkdN^oe8zpO#Kdi^GwS7(zLB>7N^r0L9iUt`He})5X>hmfZKv
zaiRhmS>x0svRwIB84lkifs#`I*6TF?-nIiJF{!+l9LE;kWbG!bq1@TLtw<B;P`=CO
z)>s4bx}>At(H4oU0D~th<8IW#Zn~=9ncV@dlveM`-2{PZVX6Un(z1e2r%$Y|xM8Nb
zdd-UHyQ89_7|LJomQ_1yH9gRJ%59OkBc*9F-XT1Z{$X|Uh0{220#78fh{<GuohkV-
zmUC_k(#oEnzmu;HEoGezU=)bjYDwjh1h&|&_RLw$EK?qR2L|&bIY(p^)tYY#isJW`
zU4X^7gK`h@;`4TOzXnX{69vr7cvBa?{8eshlAJSM(xLci-ma!`5ru?hS@53o^ZUm6
z^fwwpWr4fp_bm2b&`O6(u<sULavzRx3Vi2#EQ%_ag@<pAp`J2&kgL<AIV`_Cw={6b
zR;uqwW@Jj4p7qXl=Xu*Y4ou@)fzr;$c+~!G0}HPJuSR@cG&SqsNR|YyO2XC<+H4jh
z5K_KvWtEgmJ5W=`{ie>gj(vO0rabELbBg+R2*kBvXS{mJP?napzVz3}_ccvEaLqeY
zsg&c&v>oa?i*S1}9GioWx`n1PI?tHmbxc}f<}i&OBPL^)$9o1`NN<j8Y?n_|BCwHK
zQ*F~5(^pPq6(wij7Q!~q`_i&-$64~cuv%Ku2wDPz17!id&Ag$mG$+IgsEEe9fZD(-
zOT%%TA3qco$k=k3vDS<-fol?By<4IsO*;tjnkyYqQAIg}M=knX@J(sPHyWj!hGD#z
zJg@S!YA26={dnfW(H+KqIda7F7SY|XLECEjyLuySdR^a3XadEo3ipkww1yF22`b3C
zAr!GX#@;8st}Qxfq_wjbaEo;|!~Trf7Ph0OZ3PNHLITdY7@C2Ev*#jK`weYJWn|`s
zUFND^7TG$P+@N7UTbP7U_0?eT+L)Gks%_UJVms_WOTpN*_2AJ1w$dMvlBaugm_8xe
zf+3?8nt^R^-$V~Zn#-)u5-vfV$Fe&2?~|2VEWaV~Q)ZWZ7QDVNCdG2FkW`>op0(Qx
z=60B*J1w0gd?%}9O7rRjI-&X8#w4wsDXt65Ho)rsvf0cGaeIAYKsoBTB29som0Nqw
zo1~OylS_4tY!Xk63X67Edd6P|h<k!J-gEnX#zkP?m04R)`RS_37}&Pa;ki5Cx6$b6
z&3J>sx)SE`Vz)}HchrZgO38M1Q=Z%k@g()}u{Tq<C%Z3m-?#1j?92oRB+>@+ZeUHx
zR)uF*;w+j-w+1g@-Q3DA@)wWa-syCSo_sV6+yThhChbtZPaA?AnUr~@7sEp_8LJAH
zsFiZt%o}Kpzp7Z9k)vxRlfYcqq-^_bf^j^GPncs(dFNw;v}N|*^n~r3N?>&w|J;E-
zRf*0g<mfCfe}rD(2HW|r5R<`m9*KrJ{641!BHsi8`N-7<oSqC!(htU)58&B7%BPxU
zeD?-*H{I7hD5ftyyT<ADU5=tb(c}nxL4PjgF+A7hgg!2Vf%&o5bN$q<q)EN+TT(l?
z!4)qOS*tfOU)N$+H>d|z7CSe$BD3&A%%TH4lzDIQn^LCzhU65Q+D5^w@mGe&=K0CM
zl^*$74R<<?_3>rGz0|hTDzuU!vNRG?56aJ}k$NSx90_G)-%Z!{z@7B=)PAcwHp>lP
z!QkoEz_kp!iAe)lu_9pL!;0wm*vF#o@{}N9u9>qQUPvLxt9}1Ux5=;r;Jm!*f~sO&
zhXT9us-uRs82M@ck|h^7jpX=~k|4Z1DH0#sL+eA$d{G5I=W=y<^zB03nOWRK6e|~|
zY&mUxVW7v#v#P<gNe_eVYn}5v#$LuvN<ou7;p3xX++^t#IXNTpRI~gvuEfK*P%kJF
zyS49;^;Yj3Ol+!IrV&_(Z@l%b(#5m5`tzVVMbXjpOLA~kE@v8GpB@CJN`f*X14k!h
zm&|V)S_@9x(!1PL>z2sc0GBaPl`&UMW#&HFyHU?OKGycWH^=j92xC_W^LlCmEk3|w
z0p4T<M^{#OrVhi}um@p7+H$^in5(zTu!DCCByCnjb7qF8dI8%;9M}|itiqdWYGLOl
zC_$NWq`?6WN<ITg9mxr;QU)4369vP(AePe^pIbg1e7s2_E3j5LJg}7*BZ2U6{hndL
zR{w2i#C^7^T7&Hj?j@agg7b`X(f;>nySensz*tOoEsq7ts%CP(-W&riZCCF~Ujum=
zH*3=-!UXZjS)E_n(s%1iq$t<8w*67%8SPtIR#?SgsTJxN8HDFBH@3O%EDck;jD0*R
zS6N2Z)2Tw*F$p2LoVK@#tX|mrq`-Qij&<Kn0)v4C>e{ese$HM~bE*b;0ZT_8DoeJe
zYb0Ikbs3a?gAwU{e*Zfai7b8lRZfEAgL{Kt(L*I&H`tpc7I99g^@`T}DvlDHvsMxr
zpH^*c@e{)%jE`PA4(HP?DT~JEW0>PcB^+(W7}br}MiNb@o|9CT?qoXRF=b|WU+B=2
zp3EN6v6FipR_vQ!<cdhWhC)hi=w4#qV2ZbQM>;7f3?~%~<EykGCnhMp=(a{=H%A;q
zv@)eHqcP_`cc#6I4xO@={#v%We83ZKR5G&PH<a?j7zFZo^xk*bU$!Pr_W{i`CrDWh
z(?JC(4Hm*Maf-s)gB>i;&xdmr+6Kq$JuSY4hz+`p$W0`*NiGS@uI~m9;O|+LZVHzS
z0e6A%#98O(CLrc3C5-krN?+h{r>w&bmBp}~#rC8?OB&3r61zqvnD;;2_BT~sw!az$
z-BW_Ac4QiJfB}F;-8;(33;SFbh$~kfNW)trE~$BLx-D6UF1E9k)jddlzCN=)jOT9H
zr0{jpRR}rF-8MXqZA7aGWtHx)I40@CRi9*E_wXNmOVQR4L^&GFuG)%(<CPzsS+++?
zH53R447t9Ven=(G>T<APJEA_U{!R_#h1i=A)U=EITF@#Jk4M-psbdCQwwg{kC34I8
zQfFf<Gq3@olaVENxSD?QvP>g7rQJ^i3Z$U`Z}$ud?^dIhmW5s+M+Hlula$aQO9J^3
zTiem(lonZAhC8;lyJHRu8oknm<JoU=aI+(kmIeKiThn-7_I(Y{&wZPYZ@0K51vqXv
zhji_mhmelHOg;EkW*1hZ4@cwQP|@VrO&{l}UvL^!H(Hv_xZUr82?i<112_q-e-F<A
zfmmA*g$ts2UE<S2#be5IS9bGL@iz*3+jsA!NU*uc2bYg8dO7TnlFX7@%)95XE|f<g
z;e`SWpp#muyEygp7^ag{ki~<wGdaWNhEE-MbR0tlaqWtZ(zoHGPJ8=y^YbOUu5zXW
zb@_=%BodaQcuK>r$pA}}q~685Nea-ho10AF$0Vo`0|#o<)`;tHun4+|&1L<3-<T-H
zZu)`~Ylf;GbFY1PkP)Q_n{4*jqBRpWq-<}Ub*3{lL?^!+7Z<&Ei?kA1f$6~?l*omI
zNz{!jG19FiAYnp<UUagAk)A67M(U+g@JNqevfs@}#@u)9WjQMcFJE~ceW%K~&$!l9
zs@XeC2p?**Q}fm#WB3aKr8_phLXe|UvS@k+DiZ%pszjv|q+X+ScV@BEPh+KX<-7N5
zJ|tK&?7D(LbkNtd+)s?Cy?O^8-Jl)a%a)MGKGC^ka>)>yCf_0Mp8&KnHLn7kW8*WA
z_1$70tX1J@bUkG?gUMOK&xswWG($1_nF8+6F^on(O<fRJJTvXUeCY{Vr|g?!d8p{H
z`#`JHCKnSFIH%|BW`j?VXLi}pog}Mvo|CVZ8^|i>ZuWc7CZ1X&a!SZ`I>7&-m-5P=
zHL=@8+t+^EYC5(h9nI@xY*Ol?^LVJBhd!%#%<L*27tC(Rl)>8@1}rR|q695{BXQ^-
z)iAB^G81`j^fG}5rcdn^%5P~fU;$ET{%+^*TBQruAI6H_x~Fbu0m8hoO^wJ4HqZch
zjp{$wQ^IwWnV@YI*gQky?f1eM)Yx@OHa1smH%6=?wq&+@`3IceE;a3M4H^(INwH1(
zBCu~PS;uqTCbi+1=!n&n#O?`dh_cj}d(qy<x$%i9wy;QzN0p2Hk{-nw1>M}qr0m?r
zfcC2RQ%#`=UMG}{;B_vrxaa9m9CU8=YfbV^3vVXTjL3Up6Sj)03<XMgDH3edE5)T<
z*4=m4jh2NDGRVN?Vzakh7KVHzpNk-59&GkL<|x@)tkVlO<S(vnojVdD-u@Oiy2~R#
za_^}bp2^554OsUD(iMWtbUgSZ|9-KZptwz6<#9s3;zBnc+ftmrxap4?F453)R(hcQ
zIIy*GOhuZbe0U8mf!~~KtIv76PI){m32$KSvbYn>uA+Vp_IU@_WV~xxn6o>haM5Zt
zoOQw7RIdsE(G%Zgtfft5Zpm&T?5ZR-Ip`$P)9=nvLN0K%*bwRG1%c2~q<;9ugRnS!
z9wPWh%a%-}je;JRI8y)3hg28F&F%ey=;#(6_Pw=lTMH&*p2ev6Engc)&(^`6Rcune
zObj%`6q9fzs*`r7Nas?Cabm{7TKK#>12BcD*9JG+n^x<ZYAFPUT9X`lANG0d?jhlN
z8|@m>_P91gc_=GQ(U(@9eJT<X64{&4S7utS+?twNzA7)JE<;ci`!WMGDZQ@aN|MoF
zmQ2&-QsBZRO{=mEWv$J+6YXEzx6dtcc-o$djhVx{e%O0jXE~odN(UyKLM6GftW$Jn
zt8Yn=5GC0fCwxU6R}tG3+-ZvJxg}Sf>ZtP&j^^#w_PFda`)Q@4(|s~a88|mAH{RJc
zuT8puK9b-unV}y*fT_b_Z$J%Hkdqh0rW2z~n}w6Utk+o>S5YLHeX7pebczD*SQyfZ
zV!QHieJRF6xmY>TV?l1$Oxb$G?tRzRf@NWk2K{=Z_vj`2XNX-&a-14Ud}y^Iz_xK>
ztAEE93|<;`ilR<ivY6vt7uYTq&Juzgxb{oue7iA{TSt3JLAFQ7r6aLOrR*qx=z9>k
z%+YD8rO*|XQj@u(o|<?!L!<eqxrVDf(wriuZO5`cHcFDnCb+QNNI?lfK6V@kKU3v7
z{><MMr3+wp)!=g;NR;9t9T>lxq9zS&*3^!hAHak#i#*oU^xT<9QL$c<2`m=gR`Y(8
zxV)5VXUO}60x?1w65%~Lb^?*NLOcFrt*u_l0X;xY3gR1a>baBC5K^kJ^>pVz!DtUl
z+t{p`Ys9m*;^(#~t$Ydnx?57`0d8^2A-pu?YL^D}o>|C{W2B;hIW5`dUdx%6+x2oF
z5T0g*l_+I5Py;o@hnAHyM9(f_f4dZ2Buy!}(u6VoF>Y<tj&#+W(Bcq(np+_Wtb;z^
z(`1K17&+}uTp5YB3)z#;I_kml7>I_Nrqs*AHZ<@B^Ae7o+DNntZN}xzlbTOzuXlVn
zO;Twmnslxyh{=3z_eZ*!?T)2NU+cQy+9#yeq7zCdOYg@~$Q3Qb{i2omecL)0n<~V_
zdqgR$e`f^eo8EN8!UYq6I|U{M=`gt8k!uo&;km@-Y~ppv^DAe1=I4w(+kvH~#-@<=
z`>R<ljrw(9Nn<#?y=gFrtwYS_RoR(DnF+pTt<Z86|ETq8QT-=?!pm!@Zm2tK$0sKy
zGD4kM4RwWXTESIst9Q_p(VP==D-hjAFWS}1mPd*xOJ!9r#+L0S83=mdsF@|5L-|Tb
zDzo1x){CeNN4v?tk>j!?%bfEHz=W>x?*-`Gou&jKMtJ$9G(0a`nQC>RPL!9gbg%Y(
z5!m~7e@7XvO7BSHPo&z%QAXro*BM-Y1y|h?x5R<-!YfYcgiH4w_p2jap3ji6M+)2v
zBd6Vc&2#dA)mfn&km5^<dD!k!j^^}Zf#Mk<Iwnc8o*H`SlZnb6>MG^ydhG2M-x`iV
zTw{17mP)rr2lYc9@6HMDyDjDME``S}AwIQp(`zZiD|pF)^o@UhIrZs!f-gW7`w2lx
zwG#4zf0S5D^EL&p-_=^8mhk-Mv|-X5ZzkiloF^g>ijX>Wpt$R0ryS|AiMzkJ;+ZKg
zF-6#_f7-p*X0_d;uu<FsbH=-t<@0z|u2Ih?iQ697E$75?Jg}bmOnD#vnah;Sa0#+_
zZxLUjd}U-_L7evh=3M~YPR8(0^HPi7*>iuDfvucG<wqvn0jN#s5rykSYLf-GB?XPR
ztFK{35xsM%!X|y+g`MH$gE9uwxT}+T`!XUbbdo!(Znj^8LU1MH9{BJ5ynP`mr-j`8
zj<M|>vtO<TQh!OT70-tE9w0vL>zc!tTd}78c>k)~18mW5AX(n8p<@MWw6EARW{%Zn
zH06n8s)(Jo-5fFQKD`vSmqvnOt46SlrZg>vX|cQBqBZ7O7}xV?)Xk~!NuQWsKmGnn
z+pAoR3p~+dU(RJ>Q$58=N1!BWaY-4+S!=UvC7?+CvF+QNf$5Q0Tz}om=-}uOnYbT|
z4<dyR!MEUorO-PHf-dStutNpOWmkc)$n<Te21&Q}m|M<ZPSfiZkaRBQtbM+xM+cAu
z?GZ**P;_)%%1<xhadZQDeHms^rY0J44ty2hHC*PtZaQnNCBeMQjRQ%3o{h2^sT0wf
zcW(eJ*}Al+H&aDndUnO$jdgCcgg5Yn$KCG>v^<SxJ7qDoDM`1{7*R=lZ5^vuU{-uU
z_oo*{iM0an`!%GBbF8@vxL|@LC>INKm=NT`*TEcT>Z#~(0{J86;;6*^KdQRXZDBVT
zuWAGWD&7?gF9vz_7YS&aIgvpiOwR$zI50GMFJSj7kja!UMOKu$S-(nqKbe)9r+N3?
z+t=?(G;#UQMidJT6p1lF9wii-vJh-jRs;Opxd!;TR_WL5E9XW5Pc<aW2z~8BeqN~?
z=3Ob#;O-8jC0F|HiV!2MeBk+y9u#7pF2ElU$hG3U2}`5CtQLZ{FL(ks_W)_t(1j%L
zDuA}D_WE2VvMn=480_XQ>-e6;Q7E)42E{4Q!t@+%SdG5-5g85<lh3T70>%L6n?CpP
z+QOZ|t^SfJZ6QL;ECF<#Z-=oMyG?mGNUc*r<&qjR1b^xSz)MK?nm-AKDI#^~T{_^O
z?S}+f83^-*<^_JJ^VMKroC*pBVlDuec8-Z&HJv8>PzB_*St76SX(%~r^7B%@ePPi9
z!cV%v5QzCgu<5=l<>A0Itv4r1r3rb4ustM@WpJ)R$MXr?aX1c5nX$6TB92Ul4hEZ!
zWz^!)K@yUwCe&X4V>0!Bn7|_>vI~QA{h#j=W*8t&-8aSr+U|=3(--oc3_LmH7JmKm
z<-(|`?DLu4!3MXjwZC*umMMUZoQU%W2FAs?J^9Rh2nvIZ(mw|nsOY1+EsH;Z0U84b
zSC}Nq9%W9+W<cBn2DOr9*FuPrGa-QV8xyi3=Qv?7VxPCy1nL}!eU4H9c|`!eCZ5=s
zWjsg1f}DcvZV;n_J4ht@5>LVH0N{-io|I<-PPn7PDBLko`RwS)ji*?GXu7<DlP`1)
zfAPRz-CF56fUI~vXSVaFgZ#pWJ{dbAYqvklXbPSQeL&I~l?o)f>^7y8)U#R&O1q%M
zvA@rk*BC1$Br{D@fMn(-TP9{hgZc)a$X(Zs+4FkJiDxr2snTt##Z0`(W@lX+ggF%I
ztGok@I-<jQ-R)_B${%5PdmvA^pmV-uio%lT3VSFA3>seXgUrsj)-5Eq-{R^|F)8u!
zhkqjsSs(_;_ty&KcRicwDGX8Cca6;hJ{W!eT+qhGhOm3X8)2tmcQf<Y*uJ^(Dk8Ns
z*QlU{;4sT_Gg41x`n^XR)djNkCpCnp!Wml}pwLUo@kS@Fy)X54p}OXHyDgb*pPc&G
zOvn2v&_~330wrEsBgAr0f~%tz!pBLu1-px67U2p*MErF0d)v8;Dv$@l9<@p_j}Piz
z91f}*yoW?D`Q1+$ssEPa=%TH1jIudlFR?jpHLU0d3oS$`sT_a|^R$WRjk^igE6&fp
zDJ4!wveS|{^VKTFZkHCge2&x(hH?77a^h;_#fPc`>}xR#B`x310Mm5&qW<teH-4_q
z2~CY_jk-)-`7TvQf09C_G1(>e5}P2iY{7wXX_s3y6IfDK)m-a*b^^g*hXC@}%mkh^
z&G-;Q)A6d>=QjReLsDK9EpKf03BO(uf0b`_L$ou;-b|Z{FgHg)3%~&hg7Rxvd|`L^
zu$)36#*hXT0lE14irS<*uJ{=F(@Uzkgi^-~AcNZBPiGTLke7Nhpvh(36zA`SjH-h>
zV^f<lG;<w<)N8@yG^b&5(M$#y|5OTLN4uia1gjuXK<~e$Sx^V3TdC#ZakCYwN&!g9
zLKDyJ2oF~{{(ff@x%mbq2t<h29zC)>(b`EsEgvFkEo>={-0DH-biWKm4{`C@RX&5)
z#kLFaye3XOv_1zZLxYl*Z#Qiax+~+Fa8ZxHCrStv_0qa=4|8h3E3=;!0k@vJD>wTT
z-T{Chv&95`$!Q`@Wzi*|;v(M)#l^0PepI}W9XGqj^x1bA8HO~}Y?tb3Zl|TTR=hZ0
zf{N!S>M<C#nF@J&Q_$f42R$DWDh_0hg*W(7nY+rQ%8nqEW*TL&Hba87tp&mfkR`=&
zZbC1QJ^`351Zf8DpN~4T#kI|e;_pJEjTa?FUJtofdBxw&F}-whdZ;9%Yill!ihMoL
z#TM4L6_hJSFmXTG3ibdv9=Ddn`Os>iAXtOC?(J=GGUWA@{?(lq!74OQJT8lGB2_-9
z0DGe9PUFtHFC`!1b|4Zh_96Hd8b6ys$|(F!4^F|^l`6aa#cO>;F^kYN9GwoTOoiC%
zErlP$1#Jhfv(;93>wGiX-3Bwbi>OU1@4!SSky{mT%Mhti3p!w{9BPE2cxUJqI6nEo
zECG{L;~zfv!r@$J1`09jS?S@rSXYJ-RQ^lo!_UvcE<Ul0bXl9crKm_%2|v4dl!qAf
zs!E~YH_<#_H}3)Y&EtL!ih-|+QHr;8$}2nGW?8r36)iUw)q+?x2lVG8%@QQ!9+_Ug
zWwFMo`9!9%U2Hs&0d{&>%ljCl`4mG?pzLV)GS&h_z`A^X0YU@^98GrlP^W?L`T>ay
zXZxBcf-;uo(SWvAAH$9p+?cGijsGdTPK6KY@Iz8vWz~`~8n89k5Ez_nwv@f$FmZ5c
zgsP1p^mS6v`^j#r)6aDd6^)Ra@8Hru0IeU4#5)eK`)z6sxEJ&L<hBGNXF|tqkF0ee
zbv1UQo3)K2sJ_#ag1pWx)XmTBy>jw@RK%Y{g4$_?d0(hHL=OT}@JH?_w(sH#sAzT!
zKRr12xfKj?o`Jh@k4DlxGkAHG3<TJNU(nYbuBDUtwmK;U8@!%kLi933=93Sa6sRgF
zr;|I-R$91k^JC_Cy*$an4BS<@%**s632JkI;LE*cW5grYc!$r=zMD-JddvJAre2s3
zKujwUM$~u~x>{$bIs5Je_#TXrszNRK2vHm_@4Ra_X%%otO>=W0K`}qCP%1UhXWsTA
zV&7k1oXSWIY6#@)mD@y3ze*x|-M~?Ss9k@3U4X%X5A;(Ev4YvSPk_L)cXK8FnkN8&
zfJF~)k-((JF$0qdeQWzZ-SGrTYFhLn8K7jLGbR-^1Uw{S6~URzk}*9;@&KJ05IZd*
znwQdvZ(V~dE6(%5|2#=-+4l&B2@1XbRD-A|tJ-k=N#+#6v!W#gSNK<(M?gXV>moe%
zi1?T-F(KgB^+#)8&Y^!w6?S7nNn?SKDHa$a5F}V<3o?Lcu>_d{`hx1B5+o;40b2ZW
z*rEVT5KyU?8q^m__5RT(!joSpm;Hf^#Fra0g!XuOV17577yo%P!jQ=T0z?qA$l-{I
zjQP6xACfjWnN64|0#7x#*J}Tb(C<bEkpu`2QGXUA;_%O}o7lry{&HiU*y$Ef4<kq2
zN{)@y;$RCIBG#e)dCMQrQGz=AEi@ACBN6a0lFv`x82?8XiGzl5lMq$*P80F5MFK`Z
z!(xAL4aG!u3D)kZMQRBBk`_Pnk?0xUxe=7xsF?Yg&94IwbtS2VjZy+e(0kY-;B%-!
zA}jtV<I$ha>*wR4VkEjkFqmKOIYN8p6JYT1mwm)Q|1Uj+rXi0IVvjE-lZPWF_<O&b
zEq_Qlkl+jrp_hcoWdj>yvib@A>J~E+LX`J$B#eiA=BMI(U<6=35$M$Kuu~wrSPK&*
zW*5JVefnL)k?_-?QUih^=o}h?9SJJNG_=ZZ@J}7%JhT_H|A)PhgZr&50L){G6w%2i
zIDV`>5d)P(N%?7rD){s3t^nZUBxRwWj!O{gLXB8tMWC!cx2{k&wfo;FK%DCnJOIlC
zBzNi^k@?3XVP}Q@FcW%!(-Oqo98VN8(LW#m@Q0-R)GEk-@@+r0tDX0W{VD<~Rtu}Q
z7a9HWk75DYt_=`CZs~wdKM^|}B(fLom*(bHLC%tYXgJhQ?htPZc!`GK!VeQ%qrS@&
z7Wapaz5Z!0eE->A+L3T#+3a6p4$-Bf1b)?6B>V^1xdx~c7`(M7U|1v_^g8DsW`YJ0
z7n2;1i#Z%IEdf8yUj9SULPvWE6V+bN1QxnrT5L`jiR%oJu*6uAYoGoFyC5mLgc!&R
zX23xN&PX>RU~{V7X~{euQun)t9|74w4)Mluf@lbBham}v?Vp$ooQp%Sm-mN{ZT)Zd
z!U8>vJpLu-#5mVf2rrZUs<F_U@jpR3;t)Fl==t)8ncRZ|)fhm`B6dVE@BZl=4*}^0
zaF!duy;uOJ_b&mPuyW(_kCoovu>=mI`H44KhlWsutY{Xw`S`lk9~x_L;?Q35{<FQn
zNkI#RmjR6VmzYC`VR}ejMj-S5DC0}IL(mTDAY!L792)le4>LImM4beuXY!w&o<1qy
z9Ar8EHDD9N<r|W0e`q-5%b7#G8Hgkrg5+UtBe4EYOji17FH!&5UY@|w`vv3xsQ)|6
zG5JAH+El^#tCs}MpZf{gYQ&m)BPHbQi9gIlmE_RrwKV_g^emNNiARnwOx?OJd++~t
zfKLgIf>3Y!m*7oEA9efH8U9TLe{v47pV(7kOEik9!$mH~i~hvtTZgvOdHC4>YCFdu
zc_ZC`^Z1we^Z%bPGJ*d~82?Kce}TRK62|{M!1^y?^ndhU!g$CJ{vnL~p%Ae7#y`;?
zsl{vJ+M1tXEI`X{`oq6!P%9z$5l3}imuubz%83ea=*k0!GcZ8~gZ~u4M6waWrvD*M
zJ>=bwfs~^3MQE{Ltw>;@IS@z9Ync=BabX`m{2jCrU&BugJ<SAuqY0m`Vrml{{s?&C
z-6)p7l4@a<e?Be`1PMUl#Gv{t%nwrkJN<>9C58r#?a+i!Sc;g*`ng^HCJlFgS?1Ei
z^84RipDQQiB(z9_xPoLuGkd7+g=<hZcD%oK0tLqwJ2pQ7(&M3m#Px%J(=JYBw1pwS
zs5lqNxyN1rg%KbT`+nbD3VWa7Y8=lPix|~!>;mmb<{Ep@|LXbNMflj4Tm2q$Vh&~K
zvCZ=rSHQBGR<WI9wC8auP^Gwh)klotry?d!r-6Ut$#8TD$N}qG-;To0FM`2C_l;yY
zM(wxd{F?+Mi1~Su$&0Uw))?RT{7MXg+!zdnla?~p_fT2;vUPT6eyu@LHWcj^o}*5A
z3k=dgTPOrQyp3C*;j?4B_$r2*Q~%oEQXx*r&EN|30X9X?I&5c6%eW(g8{{=U7@L=H
zYl@_D`LSYs1<Ahgr#}1H!0tR9*wpVbGJ2%H9V&k6XmhL-aJOuy5<GOKgmtdQfelK1
zT2-Lh_gKEEP_B0mwE>p(-tV~_ds%dn3syhW1q)C8FrpN$nX3hX6pz-uX9bJXLR@3d
z2u15XkeO9Y`Q{#2nHNJP(FG^@LtNq@ak0ls#cZ1|m)gp<?=r+lYfZ5~3N4g(P%aBp
zm{6x~^wN}swaZO23|o+Im}L1jCzhyAHrs7>9*g-kY6Zk`fxErjT7|h?MPgT~Ih>SC
zSD-z&p^0>r;of}wm^hR~R?{dUxJ<oEZaTRP>((U95#7id79!cKCiwif$+)Kt+y3gq
zazqK2b8AxIVQ3QBbj-vAi3`;Q&w~kR7|_mjDozlpc%RRQPv{{zEz6UhJbvwqou&ep
z*xw%S4b}WjrH-I_$(prBg^hrFo<rfO%p#@@qAeox?z%lP)+j56;`YU)ZUHdZxXA8|
zl)I@~wpgR2e0!bbo%ZUy)Ez2@rogK&fPWsl_j{Tz0tTg~$kV%GeE^ENRCK=3^sqUW
zVnGcB7E=hM(YD8H2w!kCLB7%;Y1l#7VCH*AdTQ{iqKA)KoV{@k<hbi3biafq00_a|
zLAWm!XdK&Q0|`dvJ?RPM1M`nNbpx9rZ`<Z@Q+(}fR60x}FE!96Ag`P=5(#dpX}*;F
zvp_lMqLlmV^}I7ErxUqT{KBM+{1*n8)sFwsdI?e#_GZh*r`Y~$vi$0|E^DL3(w(B9
zYbE<GRBH_5n<{I-=8V2Y-RxcK3l9FSuY&^^270J{Xir@Lj$Ld`@CM2W!iZ1J2`Z|g
za*xS>(;`1uJ4Qw2!_r%oV|h;VQ*k{<-+PL*(A;KnXF+=eRFJGOO!7gV#t&-(FFsTf
zJcQ87%&k8kd#9AE+J`2rl9Zxfh>~IMY-cw^oV&i~oWZWlv199>7|BI04zwhn{dG3$
z(~!Xe?Vav3mQ~2&Vz$Z7ao65x68j92@^WJe&iE_XJ7`1Ga>ItFuL|K#R64y6^jyo2
zLn9W3C!FvJ3gm;yS8WHRC*!2$(MeW<`f#k7d4F&JD^S@fD#<6bdy>m`6-y+Zw99VD
z5z;-j(XAup6x&kJ{jG|OzTB2n`ep_XS2Q*Rvr(YJs%YXe3>vy(|JaS|d;$mT+(1yL
z-ow^=9mxej^My56W@bmq%h%@ydVI(MILZ%EM_UR$<S_<%S&*>@I$En}BbA{oJ5o-&
z?NPBricfumm6;LvKJ`2)gax<LzC!khkw5Qo#h}ZY5wM7Gv*GFP^EWb7j*TrZBCd&^
zFUYpkAr5R~m<-XcRHLj$OP`bG@xfzQzHs&ZvgLk04qL%M#z3)U#P-`v-He3SmAQ|0
zQDtQhjAwpxI#$*5LWXhFdbmL2K@wYg69=q*Xxz5>#d>psyt2?URYcIvVp~C`gFnjS
z_G><usaK*GzoVc2ZVD&q>gODMt+jucJeHVRFlXFW++SkdYSxM^gcs84^nOZ?hyv`v
zb?lmW-#b2Y2`a=`!IG!Y`00R*qkZDpX#*1Ev--q3_}_@?Cx?#nSV}ILcz_c**a~KZ
z7U!*dv+^pMy+oojMEO&;fK5jgn$t8o!{@URFZx2OZ=?n3{Fb0axue>ZoeoUGqF%7c
zG5Ta>`ySO%$5q`-jf+U2gfx2cTyrJ9O!#PR<<1G^ynwi9RgSn{Xfxoz8cskK@)#v*
zMrkT{Ha)IIN0nt`lOx&yb=oKQS?^HPIw=+&$~xbFt%<aRAvP%6;>`uk-{JYoS!n-N
zfsLEqj{JG06?SBA;(YlpZhSdW&PpPCvG81qs4g&$z8CY*hg#izN7+7ROx-d5CtCqH
zC0&&NW<C}BMf*E5RGo9|wv%A+nR8zmz1Kg>G0fN;y=W!j{lnsI63^w|-&~Usvam1^
z!2g-sUVget>HBf$7h4G``*}GA-;1`bX={A(tmn@D?V^dleTe#zfNRfxLzSQ7#Vc%h
z2M!&`q@L;Zz1UIB_;5a6(@g8Cgc@-j&fhf1Tot|6>R!orP2&ZBb38AJY)0Xw6m|BT
zn<{TA45sF94>b0@Jo_66smg&8oF=KPju)S`f6OgK2{FKCl8LYDXq~q8A-e$SdnNzt
z=#g+sNJMv-z~}ot8b-m9NZ6*<Becj!ehpb`4xEduz=W{q;-683N};@@c1socJ{$LF
zjDJh;CIf>%jnse=wm|_K_Wl_cYzu}4(r<ca{O-9=Tu{wc&|7v7SX6svTuDzB5<W=}
z2GbY0k%=#nG3=&xHJBrELzjj|L{fwqel5Bj0Z~GybxpCI*rQge&*VWDe*onvFK2Bz
zbG~*nf$UxkI{e##iO#m}0ZYlVXIFlwkp7T}LiJ%YOES@OpOfp0QW5kdvhquh!&+U!
z?z{RYWMoa>e<t`V@WEjXpakG50xMN}<5vO_t3}75*SY7-$>fW1@(*?t&OfF@sF(d-
zzq!n%dbg)+`i8uQ$?z*A`a<F7o1*3Q7q;$|WPd2(HU7PII*`t62jkG^=|-i84vxpc
z-~`H=g0k>M51#aD<@8e}FYZ?h|Ne_lprP4Xr(*TgQ=Hvz<9TktRh3)#d+uM0E_-oD
zT;eJ7$LV=!#_xr%#tW)Z{BE}*Bl6TVF?=5)k3;Y6w?_1O2-xI))T80~XD$hU-P1yk
zOCuUiJ=pcXVCxR@@)wM@4dv%NqSKof!I2B>)BbhtT~YiS8zp%*vu3xkM?hY8-(4us
z5p~56^}aKRu15XFQ&3{y;%{|J-O4uc9%q5IB{#<{zlQtw&V_t-Gtd+h`gM?LQmFcU
zTs?i)3!sem!`jZv6-Ox^`DNsaGH@5(UyY(3(ciqMC#l90zRe&D58c)}DJknZEqiS8
z4?rThhH?+@h=M{RCL`K2A=D>a4aNBWZUtyB?e!59yeJKTC$1PjSKtAgQ(~0AKH#T@
zgv0o?L0+GY)b9&aUi)ap$ny)6gmZ(Zr+F5xoPcsJ1V5AhRX#*{$^uJcj!vIG@z1Lh
x|3akzb-w@p;&%r6Us?TEOMW`Ke`OzgGA!oi8)fa2c1M8EEqUeZS=aQv{tqKEa9RKW

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/register.png b/login/apps/login/screenshots/register.png
new file mode 100644
index 0000000000000000000000000000000000000000..ba9f6951d803ebdd9c4e31ae18111c9244015466
GIT binary patch
literal 161800
zcmeFZcT`i|);<bIM+8JcK#B^2AT<<ef>cqOfOG^zLI>%+Dqx|g2qYlAN=JGp7ElSj
zNk@_1rT4owyze;%-}C)`-x&9gJMK7)0SQU=-fPV@*PPFM=CkuuRau^tn3fm|3yW0Y
zri>aE7A_nM3tx>8AH3o$K52}FMVw<HEv>2`EzP9rU<bFbHpRla`7|<`KvjL3%J0Cl
zQ(8(vDwWbBVi@NpQ4*f&i&KJ9r<q=pO9eb5rLf2A33x`R=@gkfs*9yVa`9Q9Y{7kl
z7qT~Ws7VAhhVg<5s_ce6S6a}>l_AGg-<GX|iUV{7){DrB`}VXsCnYOyvJ<Urz(0O$
z;C=WA>jXbGo;H>V7x!&6F)1nj6UBkLreII3n1V7+R)@Wvodb4uuNzckSZrs$<N8o>
z(|=cgQv35MiyD^d4n-YG?X6qD0C~E?3w(+N<Y?*@hWOFP3UZIWAfE6DzURkUV&>9%
zg^Tsnf0L%KnwgpG3yCoug&~`ic1VG|hX+36_c6lQi@Z<5`Cld=m!icKe4CI=tzX73
ze{r|ujtJPGfIsalZ#rll+Z=fne>pbKIE3wr&S~->ZDI$w_*<GA4pb~?5+wYBFQ3n=
z2vh8ro#>|fjY_bDSxRQZSV3;L7|KAO^X?2+SntQ+>C}Gjy!wSOqW9M80-a8DB)Tgy
zP44U77o0FLUu6fGRem#)lnEtAO-r{n#glpq(VyS{+#`|MABH*a{q$66-EQ&;Jin!D
z;UMGZwK#~}$Gh00*phS3-OkHDd{I#`RqWo?wW!|H8G&EN@GSNnd^KIly>icNF`4xQ
zeQo6lq&p|l>_^HcNt=AS9t-t3f(%Oy#W(#??i<aI@zcg??_Q&%Y!QAaisc+QY|eV_
zJQkunUp?W2==M+X$5Xv#UhXPb55wsh86`x=NaR|^x|py&ey2%L;Kcg5f~9ZJ8lmtm
z!z;p-=)@CAqBcK~Hf;R*Guk+!qqu{9)Ju5&Ot><B+6Cv9B>8U2ix?7X29zXXo$=>1
zB48ufslTC$7v@iyNbv@b8g=&J2`B%mQHm+N6QgI(VKdgB!@Y6s$;mqxoNrR|1zcqk
zeM00eS*yx(2LF@Pvg&E(fCp{2%;`07BPGY%urq15X+%yKJkGl@)OI41j5c6c%FyVH
zVt_?~p!G?;4~hsp0u;s4#cM<@j~z$7+$i<&wcg8r$KSl@b)uGJ<9+_<oimbG5~tY2
zU$Z=WdOt-<)jm_^HEs#*-6!m_cavvSn=@UyY&5tn&#lpf%Br`YEN1B^rS}VyS!qK~
zbx+-Q60Rg3^0Sp5k=sa;ZyVu#5JJ^}GxqGe(S05TL>dA|@yZ0x1pfrz1Q#4@1^fA@
zj>5~@X4Y7ORIvdD{+ta9s2&r&f}w9db8M%A)f;t22kkFh<5GUcQ9u8l{*yud(0kI+
z>)+2VRl12*GhRQ%{eJTM?PY<@l})`(>P_ANKGc)ZTZ9*uh?<CEiGm56AICn%et+&x
zpt+P2s~oxd6RW4DA4Ptc{xJC=iid~ijYl20MJyGlAIKLtMyz#q`^@zSHfG1uvBfW#
zFWFqAzfkgm;l=RFFAq%KQ45D%WwE=c6~X;7;g!S{wX?Zrgr9kR5_op@8R@gKGlm=#
zuR~sI-+CVD@cLGyGW(DQt>$GmI*y{qim%y`9Isp1Mzk32CS`rgdYqY>eI~mrQ(v7X
zb(F2)j3IHtD;43J6*AKq$(i^Xf|2qD^5QZziu8%b7MJ-?aRzG2h|0~ThGwd1&}*b<
zM8DO{j8~seOPOkLIwc-ji}VTb3Ewx3TEE(J6_pcOGy@-sS-Yd8-h5jrQ8QCB-$iTw
zxrp?TmiS%oY>$*}O48z>iUzOHG+IvqE~}GP9sEQ5?lFNeto)3YDBTHNV_lBoQ<l!=
zp_a4eJ66w2TrCVc7<!Us-KJBgtb2v?VX3#f*V@j`*!I>W?z~F+YQ)=d&NM`@;Yobd
zJ->LxMZbF)!-(3aKB+$OJ~jK4Cz7!{nc9u2Ze*jLB;|eA{}35e5=0hCD5se6ASF(2
zUXC$TDI_IS=$sHOSxhGKp`wGLr4mEzD<yFym=cH5BEq;C0e=hkL|3AX9pzUZtPron
zQWXS71h(A|m))>NTSxaL_eB;h>b<(E6V(@066LMwlx>tPmMxdv+Y{7d-=mj1kXtu!
ztv|Kz{5$stw+l&&n~Q8py{*h_8;i0Fs!UW$H;N2RMjjkApx)mYE$B^Zd^vNi*Zz@7
z_LvZ>8S7K^xXu?vNsiSkwv#)Gw6NDY=<1mO`(+oMF^8V<qU?z5uC>Rr3ARzTZ*2u^
zA2}*c5Kf$r>0HcPY;l$t9iBxkJ=yrS*gpGq^2=Jzs@H_+=%)>lxwQb(hFiw;rZwxO
z%TaC#>-(QwO!M!TZ6<o{dJ}t#cweb~Svy{<vbVbTYS(g4ZkK*fYqJd32qyri6n}8i
z+|ligWy{S($I-0%QYJN3H&yqxBBK=}g@-HpZnmR?Hja#~uo%{u-g7uo*Def5#XpXD
z3=i7pV-%He^7*toX<TZ|@uC02+wZsETfLW%ag(<Wb30=}d*!)xsM<5#b9d?2c>7r^
znJa}FMBsPPq1vI^#@6cRxwzOD9u7|7jNpk<oxJL#uU)V-d@(|{iON7Pr|_E1as|t+
z+vT^F8%%zrj9LAtbC52N9Bju`e!uXTf+4mnV&mE3r;!%M)8!<$aJf$pQQkgH5HT20
z%0kNGc{%zr8A;!Jhwrhk{a$-tVN{n^3r`Kpkj?1M80#GCY<<F(tZ_##NV(x%h;3nD
zx#VE%bWFu1N14;i!f)_QIlo%I>Ue?5l!mkGanClbf6n{7U(9bg{l%2MNv268Dwcbs
zd{;KiutkNVjl+#YS8FC$zv`XcS*vdU?zWl7-MLmLdw%BAd|qqK)xE7BTe;pV7F+$Q
zdSf=ZS76d=a&lrLf5XsFFHxK6N_id1=0h!Gn*^cn)S!8teQ(2J;O_fbSwYz}S;Ob<
zpL%_Z_X_74mzAEziU^6?3|HY*$rg_fYqsXzWnpI#X4xB<u(kTu^6g&v-d-4sXkMhq
z>xBV@!7BrOdQ|#7#Z3=;qYMn2BAOO8-L$$Ed-`kaHyXuv#mm+`=5q%!YVyrTqW9kK
zi4*LS@oUg(MKOG2Kwsb7RqaYzPe4fAW$d}8@3c8U(f)Ect01e?a&l&dHaDiZ<Y8`(
z%hc5S6oW>uFoABJ9{S9TUTS)RM$<;a{qqMaHIz44byfIOdgAy*N_P0yoQzL&6;vCi
z@>Ud<T`7ILqd1D}ftO8m)@koK{LC5dd*+xmDVV?--zp*Db7Atm`SWtq&HEjn_Ip@z
z!?`}`S9S{4<*qoijc04^=IL9Sl^B-K_^izd^jewa!SaQMA6B-veg9^^t<`9#;ws`S
zIOtT{*EQbJJt&^Bv&-44M{Tz=SnCk%IN31d?pn1dJ3L!ax8!3-R%f<!qyLc*SrKEH
z_*d@`cl}M7Ern_I+>FRN<euipY?o(VYexQ<&SsJPUiH3Ko!Q>LGt+_amisix5Owz>
zmq%v7yFr!rxZH%7ZtYrHmyeP~O1RVsdV9~P<V%Rk-Iv23zBwFH$LW)?zwp^Jcq2C@
zDMdvh)%V<v_NKy~dbioc<T`h|;k^*fy=ObR>&<g|D;tT6;f<Y*ji2<1Tpi9xULa<@
zjI*>($jAB-M{-_jA{bA7Wi?e&{QxThcb`(Fc`)J!t|a~a%MBM@NU$0y1X^SrF11o#
zy7QRYZ+?DUM0`iNWtuWTc3*paN3rdZ&2tBo!~@HqgWDqq#YPviPi$uFQMbepG<+b1
z_X7C(%v4(euB3#;4xSTY;bPNb;elt^;P*N<-M^m8VY6YKID8!k3oF<H3-_<jD1%4n
z=LPtMjyZZf@hS+50Q`3v{JJIL{QYTMc;bn_pW_1%jfHhXU0Oi_JgS>Gn3~!;n%g;%
zM0uKn7l<C-)N#bZqGEx5u@%&qm%#bIS!ifGX)7s;nAq8H89%VQZ_4Fn^AI`@mYACe
zcxq$nWX$AdV{Pjw;wFCa@Dn27IrK93MW(}#I9Z8b)K*eulD2a&WfJ7#;o`Y?otTM<
zNzCB^TtrPq?ytkaf8rO-otz$uaC5u5x^lU~xa=IvxOs(zg}Hh7xcT@v!6!H!-EEzW
z-8gL>FCCra@AJr*I+{3GJan?Kvt@$LYkc3%*-8B3Md(8R`Z*e>shh>WuVm}^*R;R{
zxuJKsdAWGF|8;I~s2KFBh^mE~skM%bg$=M7xW;u}LEdX(hX?%e*1s?L+o9UO9m>lm
z`1_&1y><N1yN;#~(snlBqE6TUy<mSG{QH}K9Vo^P&HXo992xrXRbc7s#A4k4TD9xM
z_nHo%g*<N|qoM&Gftx`;C$4}$Y)6maIkw=>>jZ`BSXh!+3Nkk|+_2|{2;MNuCN(bi
zf4_F^8uj|9<S*F(!izsBdCAX^Q{eI%GqK^^I&<e`#uGncc6N6BcL?%NxcK#~4H?&2
zX1KVX+<Nuq`>!~=eeW)PXQj2&d1ThmmH;DSdL||>#;%z`=pZ+b!EMx^VBh2$xg-`g
z?y)}}Ts)FIosN#QGJn3uhaEt3osf{p4+{t5k0dj80P^M%|MO$7gMZ1<OEmv*m5W5=
zXqkWvo#R(0m-I6VYW?#xOymlFMwd^EHD5e_Z7dvIm>2%BNq~R-Z-O^oj#^OtF+*}D
z#CO=Ary-O%&4hT0t5Sq9wWFb+PA2?$8cC*CSSUqiw;0(!Eky|5Jo$&2uy9`D62dQ{
zI<I1y54wgV&j+(VPecBMS(1m6C>~DnrwzeUocMF7|6PjXF7@A~_|32WyDN@wng0f;
z-=pn+1JtoV``=vgd*b_V+CGLG{{NG<Epcu~bHTPZBo4O1bxP+XbSmP5OI@1gg;y*6
z{rz)DceFWqx^eW<a^-8Xwk_2?yWHot=1la=to1AQSCiHq#4WwvUzVTWdDlHNurZS7
zEt?|mSz0L3Q=-OMF!x=4=b7aIO~jDhs`-wE!Mx8-c<I@lTUCahIoF9cJY_4qZRQ_o
zakNGBBePm<d}GBYlzGzQDtqR43Tp~?NEv1;hYIAKIs2n%#ri3AsjDQ`8!LyuZCH4k
zY|x2O)gFXZT6sPgi5+5WN)gwRr+>$N>Uz&wmhOu^F%2uT+`c{h@SfKF^WF0UQB8|J
zYiQ@i`gO09;c>3t)*Iqc3%v~4Dqnw<w3Oyn?)Cc@iWQ2NO|tcujmL@gJNEiY&h=S`
zR_<BesES{Av}ClhEp<O=7i_r%KwFzkq8bekN3I5M#APME2-bXSO&wE*wN|#hr1wFR
z+5oZ6bqJ*q--^1b!|-`Zi5j1)yKd=}#=&y<K}O;r&i0y(dy)JOHCN3r{<ZbOJ}Wx<
zd@{kgk)LlGE9;N~A|_)dB^!5gqxSY%EZ|#)xU<C8N|S~5bo1wJh8Z(-2EL1gC)d60
z|K;NGI^Sx??6%dIX;rsh_ByrI&X2kF_`<lxL869Y^<K-wgVK@pc8A_|8?u0EXHE^P
zfoHPeq$=iQF00zTbUQva`E#`^=2ZjzJ8M;@dd1@|zE{K7_2(t}HRm~I*R%2Zc5*a7
z%QY^PEt}U6Gun*Ni}$R3TQC0D7$y=`lWDP-lQN$>WH(mW((Tf_f30s%jUl%7(vEV!
zTQU8L=-lFf2M2?V9Wmp;!<;=aiJ_c2L&wr)p~d)I;UM{)mboi)KFIL(!L@MbTn&<j
z?MZ*<@jJf0-u)4c;|Uz+UpZ+zci%-@W-Gl765!}QxNt*ZgoGTux-4(><y9Jd`A3?H
zueA25Bq!IeukSYhysOC@p><Dq=TVB<+ttF;cJ#l8FLHCP0;jjNhMa;clid6(6XK=}
zzPoQ{A_=<}^-5$s5@}m<EaR6$x?>YUXuVlL8Km{0X1Cdr>KP7=XT_^qTKC*vAw`^>
zi?(O7*OCbBXfV#rW;ps%o&iQCvHL`)z{uF<a(JyL=_zH?b;Yg0vGovK*qF<d$ZYw0
z#HZ)cT~SW$X*aF%c(s*mGF)7w?gjpygn?tJjwS^&2yP7TNalv+X=pn(n`!vosCCE<
zVcp{Z<B~VYNAf+VvS2q52zz_aGb`1lzgS@FLt^;#6V-Qr2f$A*6&Rs#95;qGVggC1
zHS1o|sMBO3l9Fz~TRzf+rRuUE6fCb*4j^TpM|E)->Y7GIHtSj`!EzWo4IEp-Fb1WK
zoh$9wNbjoEn~2onr2Q;~Ea}nhWSA&a!6SrkKNu}(Tl}SG%$;xr=Dn@^n9rMUy;|w_
zq1=?0{En{Mcb@!(gmu4#W#?Z{s~l#v@=k|I)hrUB6c?L4hm*OCb;}<r<PJIa8pJk5
zThfZ%_zk>b<9cu;HpSRh&9CdG#0Y%IEw(!Ez46!x9za$hg=D!MjZC{8Wt#0rcFHoz
z(6&_&6&zO<{QDf9l6=GSC%_NU0Uq^k(c(nE@vJDQT#3Yf5}OwH_3`P>xehsJsEoRz
z^`tSb+YnxFQ?^&+!7(qZ6P%&Kn6=O6&9vjXTYbVqHwYAgG|!&KeZc3N>G?HaGOMhZ
zUio8#wtJSk!iD$4s00S$lziYX&)|;U-HG>f9@8&spjB^X&sNM^d(sCJct&&pO@_3P
z?(0-8=i7VlQ)PVxF4;aJ?TIy7j4FHd`&0-+?EGWxYD>0B)=c4FUynz_Di(ttHgqG(
zTZ!P8+rDilg$(!q_;kBS2bP^H_(?Ig!RFiLwudX4zgNmeID~`V8{!k~jSNB@Dlr;0
zUyTbE=qXydUMiO30K4#|CaKEVDa|(RW^A_>Cka%9SOkO!*q!*@?=Oc*x(IjHE%HX*
z`jk_%uDTRT(SoaUS@8l2jeG8EGC01OYqyE>9c#Vh3Kho1-xGb)Gqc)yI^CIZwpQXj
zQYyyY*Ut$4hRiqx9A$$F_|zvlX!OVoPBeGTx5|m}_p6d4RH1w&;JY(0QnXRrBJv3p
z!cN|zn3<GcLlc0c{j}-XarJe(sBXC`3hmeTP?~C=-uIGX`0sUeA|q~4uzV3+DSr&F
z2|b}%&c~1L%m|uBlfGL#CT3{s;`Z&a&A1Nd-<?>}=m+shvV+|134FyO8W>;<kZuVl
z0+9A1>A8>jvQh-#PPspV=uV?UI+M}|eqVVW6y9724d?#At)-4zaYV|3Ny7{%^tJOX
zno=}1oOI|ZVHiBMJ_uutQ&|&@<OWu!bMatVx366ad|F6>4*6hjEsA*Cg6Mlf0~>po
zI?eYxnXvk(e(9!jC~}6*#<?Lxkq~~lh4m4zX{c#7aEPcGu1v0dQPsU*aHw_SG#AF9
zp?(G?>2Wl$_ZQwE&oNSfN%4ox2k~XqnYVY$(Ss?a_@`(8KBYD-9G6fi3cyJ8`ib=W
z-wtSHj!iW~pF~-*B6Lcvb=F&=xc8evz^TwqXMbP7ZN>UL-lFw>EBIoy+S}r*AgJ-(
zeRq}!{)#@vtFfQRRHL`YtU+=3r8tK9nFO$18$!0z3)151)8Z=M*0^q~(=QSLLQ6t2
zmD}i16kNPyZ7v0lHXm>sBaNwfJ@)&60eGXpouh@hG=z}q&Y2W(mFVX8xnE<D2bns|
zb0D`rF|CipMtrCIVf$&S1Dl`*d(4X`OPV)?RCZd9c39Rtv3r?L2k0&SdWG>9q&hKc
zjk#tCFq3p7ZR77whUH(5vrh}NZToTEuB%CNRzQTH@dr5UqrF}BUAlMto-g%UubVB8
zz%9?qV}u;wXW=25`A$4?uBIImL01=6=8RCjy180Q4$m$T1NQ8rU77`50e|*vZ_y4K
zVR5<f*kJP{+i78?TDd`7xjjXb<GiFG((yMW6;KNrUCCKm#jcAVV*MWu!~dtlRK>}&
zQuy|)?4p|ukhDY&Cx2g3@+YiDy$BtvTmfRc$e~+Pz|GwjUqw9!oY%7lr`gExxRPuG
zXDHB*Q`s=1YX@Zk44$q;r^l1xDt9encvEne0;LE`deSKE|9m7aS)?h7vnh+qaJLr`
zDm2{Ydu8X?q7o5)6M*xZ$myl25v^xMwxvaipd!@IDS>6B^<D{jE=9c&DeG*_^C3+!
zkE#`Oc~)@;X<#$-C`AvGu4V=bw3E7P$RroB!C)s<cOgo#bklCF)+(0Aq``Dd`1kF?
z^diKssv$%~mL~$;wwihg7bb4Jkn=LR?Nfa2RQcC=UN~BtlL7Nu{CGj~a!P9(({fg5
z^Um>`veC?EBh9$IwoBH9!^fn-aNF(Qp>Cxtob9%MMB`aCrzB_`ij<2wk7=*_M4MLV
z5Eewcr#aQ|M~{SJIw~dvQI!lgCm43v+3vR_@bcGR{uu9Tzq*E#C`Gjooog-RXs5XH
zBK&8-GS*2VrReK?CJkqgPcR-F5E8e1pK*vG`0L=9$M7xs1A)0lN<fpEjTD&D<(#?8
zE@Im>e+i}dl4%@cO(bb?l7Lxt?$oPk*p4U_jg>NlTL8CD<vrzGQ-HcP<ex$EENsAG
zr`+iKkC}^VCxQgv&zP?q-vW<&5O>0#;Y1}n>~O`<m#w)eLPiR;|Gf4-h`mC}E+aFH
zvn(8qSRVa`Ny46{Wb<qY8D{vdc>mF0q9`tm^x=K_cS*NW)}@^X`F6Ze0W%@UncN-(
zZ|BVj6U?ED`6mm&yHZr^PqVLhjvURI0?c`AxZo~b7Jt^6tg)!+ihYA(a|;*R0Hj>Z
zvE}(e1npevL>{=gIS<MGLDf&*ww~wMiyG%lIGn8w7{<Wv{kTR}x`2NbMcn;fmA*`|
zbuGW<wM9cn=rd(mOfU13l)<iQKo?u!!YG0-=yu}5+NYk=xtxef)=d(zMaIvL1U`={
z*tDa#cx(Z1Ky0RgqnUZmQB(pB8M{U&!nXc&mY&lfXRqTP2+1#)Oflyz0!4F8Gj!%;
zGuK^97qK{36%|7G>D`m%*tau1WgCYa#Cz+A;j1UU(84Y#eEmI_WBG65%(sBGipAq@
z4r}!7U9AU`)PDMyVaSiAD>r$}wjzGk5RQI~dj->#J1ERuLuuBkb(T8j+(Z`R<H^y?
zn=}tkM5%5(3#%H3HvYX^Jd~$XF(b`Q`T98ClzVsCBXuW_+~YmG(MFtM3{(am86WAB
z4L)RXt?wi1UTz|UpXZ6k>>3b}lv|-QV{Lg-_EbNgW>+_GwMq-qOPI6=k?Kb|b?FSj
z)ud-hB0e-I#hYP#m?=Qq|NG1KnIWgpb^~NF1^U5B?-j-X<j0_XGHt0L5^z0ho+2aE
zkE;f8ye27aZ;wSf@+VhE^LSJ8K=@{O!62l<(`m8<Z{7m-^~nq~gg>I`K@btC9RmTE
z+RTB8_?#5fGSR;Bxn0YKAAA-8=Jv1~E|8TlBD#C(=(3V!O?mN;Y5r+#a(F3yPu^b#
zdner|(FPo&@x}JheDqF!5$Yri?sa7yGfoxbB6uTu+*T`vaA7r6b{+AI1&_0WXEsd*
z5g;D@gX84zMzm;uoB}BR<Ql%sHkgm)(R}`K$&DI7zmp<`6&J?aMOQoxtepj{jU<I5
zc>iIg{RH40G|$h8UqC!f8ctM#CQN!b;Sc}l!yhiC^eO2D1>qMd+gHswHKbF6Bc}r$
z=xjEzZ%?HiT?pig0W^{>SXq_^Bc}UFKEUolJQc%w8OsVi_^kNU|6uI>YjOU0GNDMP
zhKq7wr`*pJGVcU#a97%SmyZtp00zg$N26)z0{`E*%6~GMw#jAYo0yY$5r$=jPK8nN
zdPwn5O4r<o^#S{yHft=p&nO6Z$Bkn<*9lte|IO<CrwQ}?(@^S{K4;Qox|o4bIIEGS
z_QlyY(L<Wrmn70zt<jfsr-qsdF<s;Sfoji>MMGGlk^9ggr2<}Gz#!VD2@C$&0CZ?J
zg*epwJL%WQj%ddNmf0qknFrOG#{PE0o?lw6oM%}Ryg~8ii(`A59;~^7+12~2kBu$|
zc{~!lO$Mjp`jU6|L4)E6r&E|Cp}+%9N+IE&P6R)F4!4XXjQ~bMWtNd3>}XO(6MqR~
z)P&3z>uF(6Ps*g)LfuYo%ThYjNh|aj3w6xO`Xe>i5xcxk`amIp*!C~2qCjVY(2ZMg
zMG6BFo+dX6MdIRLxK9nbh(Cg37UX!KJ-~k~j?>~md!Rp2TKbVrFni>!Jd<tZNxP(X
z$}^k!#&sK@Em|XF_wBw=0FA)s5M<EYdCX34G7+#f|28x2WrV{0bDB;8M({wqR?KMc
z1C7Mz-1v`;n>^~)l;eab#WOCnm?`-9d6GF$ifbMpkuX8sc0$baVdK7{04Cs*rbq)g
z>dv?4bn~}()NR55CTJE8z$l46o&i@zY%dR7Mm&|kuV5fY|Gf4MlO(uYjRk{W-X$0E
zdIa*myNB-!qx6l5;wS(6^Bg&EZBtSbYOY3;J#x^KAv2F|=1*Jpq0qZq&qIBJbWGAO
zh!S8%Q*#^;enYQ64Fbi@xuCOgY@!H25ZSvp1R&2gh+*bKwbNjFujNuUyg|@{_C?bv
z_=MIY8YPcQ2#e1xH!zb?4A|&0DJsdv0Z8T`V_DX(r$7iTdLLzmnb@D<pb-l88Xmo@
z0mxyUvM#lw;bvK(Px6?gvv{*(x_AvW7{hREM%P7@;;ocB^SAq;BypO~s1lQba091Z
zmfW_EHo9Dh%`J-fo~QVflxGNYF~q>$`u#)34T|?qD7s>}6Sj(x+XMb8i>9_VBbQXQ
zw?8e--HHDU5x^A14Iyv$pR~r5*ne;l##~S)a(R#`ew1f)u%i^&FD*Ms99kpd8&)Sh
zhSlmRjY4V2Qd?cX4yIdr_Xug-py=E`kb?w9vd)}7g^>_mK%2qWmmJ_Ax`TI*AV4Kp
z??ix6_AG$_I_AIH$Atn@yXV4F<P}PzZeRkB_&9v!m^H{>fE8Qam;{Nqa2c5FpRM6X
z17o<EFn=0cYt)ngHW+!O5IbEIV@>^7L1g*;L(t&;jtzbk0-`bgmVN)S>q!l}sUQF3
zz91~||D0gLm^--vFlaK_jjmH5dX4AXRqq<X3-6SRL=2erny6!LOJ*i89-@;{AGx5)
zluW?Dho^|mDyWJtu=p6_`#}OM`dhGrf~|%bT4Mm%0xR|+#!@k1V?zj*kfI78SPF?Q
zr)d=03uNIp$Ihun0X$Yi?xM295rFFtHImDA2F3V`H<%I$Neys9nep)9YbeFl3!hyR
z=};lM;Mi)ICx&??*}<NT_<Hl>GyzKS{Kk9DCNg+Ahx!FU0u0CX$HfH&T~W!6U;sCU
zHP|Ed^PSE<t_%Ds@^-8)Xm1$esfVkLpN|v3a(Fw*-#o&+$Z@P;Km^a4p2<Pd?I;z7
zV?-;a7k<ETez$~H0Mb$##FdV8Ol16o8!W_fBNLnq0FoJkekey6AaUBxVD9m!gdkhL
z^ncPt3JG^)n_Vs;?&zTrS59Y~$MEeZ9N={JdnRSdJd~ce)$3K1XpLS3@)K}Afhx?|
zoQ9&z{d39A0Z`Rl{(S)#hDH!ssXxP*3CMM!$W0USA_9Q^)=t>CvOsYI+u|9fVfi7$
zHcOUp{5y&13U!T0nZ{wj-%okCux_gVo1n{t&@o2AFuV)!f7&MLjB*v5;-}GP24sW*
zTndbn`=5jNlrm&bO~MsSv){Z8Hmyade7>hNPp8%L<#}gT2r6HmJ1>Wk!jC7#|Bzf8
z6eU6&mOYsfS4y8c08~OO8j4xMw1c4oE1xE%L^JcA<Pf>RQ}jOISlE{!Jly^>bo8{e
z=wVv`zG~+EvFV$^{`Vp^(ZzI85NB2<IJ5S7-ZdynJDtM38U+NVF8bgofvfQl+ERna
zI?-zQI?ksjM`;l5hKXjFUOa((m5=;o<qe=+s?F>JG1k4?NG@U+5J4aRsPREK&_DQ=
zONsu-fStd07-QY)=P(EGlnA(MA@;PrD=2$T4(C*WkM#iZs^vK61+M&YEqq7>r8q~i
z)PERZLkQ3qJSWo&1i%NU>0U6n1{<X}jyA_|90p>TeHbQuvxjD#=R4O!1iv5d*Xwhb
z2E~kAFdgLMVF-vVJxNLm7thvUuV6TJaw>{zi&G;i-&m2udAGM<#1l|&!?8lvg>y#m
z;p)I`3;v=C0~cx6V`eUd7B$L?7DRr)la$<hO^*ioS+0o^!)=)qAh_zF?a^~302zO$
ztVgvE6#@v)?f$E9bg>{-7ba-*xC(Z#IKE1bFep>;Q|F)>;Gfbo9PP&BU3!}*;+tPI
zJ^FzaS|j>pjJW6jH<H-jY>KGbTMY*Rr++FS06K`u=QRPK25tV03loB2<NkmOi1Qm7
zP{YfVIetO@KVq63j9d=(`oDlr+spc7+2?4}Xao5Ec5hwGTCd^AT-9Q2pNTx{nCww7
zWWEfn{gm`(com2PP;DQ1xQ57U5Gm|GOnBaP(0-zNrNyeEaIHtL)w=K#RbO4KO)0X^
zWx%GnN6&8P*DR~rC(x^liF4`yviqIPH?t<!Ol*v1qO5MuW+bMI$?Y)n@>~F@19l;(
za7^e1PbaT|>pg83o)5IJAsW^eDB>1#Eakb@G<i+mHniL@t=J}phl%~V>9~X<h*gNV
zJRYX>GtRL^xbeKpH)Cfz`(6WA0WAaPy9UB|NAm~~0!~I_cS+OMmk9oK?fgpLEi(87
z_gBr0cmb;j-i=VoLv^DQm#Q3(iJtHNN`hVOdPzP_bLw=kQc}o!8sCA3A4r?yT!*Kr
zUA=uDJoxzL;d`Qqw;AzY`$aYe9h-A>iYkY>NDt4Vs1LHT;$Wf8cpL?~IJxVC2&k%7
zs5Ct#RBJdWQHo^2FVjJK@E7stdqflG73bXZg=-us>S}ACN0}>m;WLfdn>!n&_witi
zoAm_f>5PPXv#m-(Lk~*(EwlTts~lw(b1i^o`p?E{uR*x4^)P_^1({ZJCD{<}d$Wdi
z!&@z`6N>yKV+&P_E&Da&QF>^WX#H2B3ky>n=~nqQF7FL{Qa8$nTm~xa#69<4hI@T{
z<J6(xJU+zb_JMBLh^uC`Ll=e%6CjR1vJV@N7+;LRG!H*NA}$Fa+ZKKvo)-hX%9-f=
zu0v*V<DMT>osjBX1wkkj88moUjd@%qCx#Cn>~BoM?>!cAT&&rETXnv1_<AMj!^C?M
zZhiuKC)K5IGVHr3G9RNbkr_5eu!1z4yPh8@<j)~<s(*bI_l<4!99}_#Myi%ov{AYo
z>M)A<p8`QGUAmm;7atT3-t8KtS2idL=$nRu|6&%H{3J(+oM_S7nTx&$I}-x=?x91u
z;<e+Pc3*m8-=0-mVhxwrF9$vFtYzPbZ%t+M2kS45(xbPFq5id^BJdd`Vyu6r>LSA8
zZkGJoSF%IIp2rKj<oWZc4{DFwK#R`oUGyB;L9<G1eHo<t=G3XwJT+yW7ZSHXB(~Zn
z4WBRRZ4r><i5N3F1loxwz<H;!Y;bBoCM-l<l{kdW(ohkRsDk&E5N=z&ELYSlIM79O
zefcA0-_=)@C(gX)dbqdN8*5WGB<OlC0C}F^2tU&U+>?Hym}vDhH2tF8qiDzrV7mYH
zvuu~3!ptAZXL>7cG~r;^EX7%+f9TAV*i!uoAT;<ScW}_onZT+NKe%8)Jj-oR$zK(>
zR_(rmeji8@x{#dOcX>ZeGLV&RtNxv7(>npn{k=usSW>}nOtUIg-b4m!nwmT*yly{V
z%D>}n*Xz}`e)r|FL6x=Dmsczkh6mfx6=Pwd?~GJza;p|9S+X5Pps4S!31O78X;1Zn
z!Q2Zu|Csyg!IQRrcHgZgLv&HX-dxm!MG#%AQKL;<RcJQVC81_~_XWoUE2qXx;Iz#W
zgH8wWo(sGQn;%)xceM;m<>cf7)(kf)dyyYbiK6Ggv8WA7kCzLNQ?b6<TIH5RZGk!1
zY3f?A=$-NE`tfC^HQ#3~doZ9TD@XRRzzKy#t;rGNVETYbw_jgai~Oe72keAKHXDS{
zy><I*`ZeL+b0+YyP@$H{zPOr=VNt8bg<yt*)eH&KSzK?>x)t0Q@%1%`jIRF4qO;_(
z`8_xmEMv|>xnW}cr(7YEhLet;&T4f@iHE-2-VNmTLixVEqerd(&>smiQy$_aKHS-r
zto0$tg}$(07(ge2w*c0LYN01kEwuVpk_O~PA@m#JB4t&W1yJWiRyx#;ijHiBxr58w
z@~fvuD!F=YgAv&T1qH=u_S)1+ti4r1MyOn`urScOfx2mq|02waDtIUU-tG_T*pa;j
z*Y&hMla!4b^Y)95JvwHlv%h}c>oSrr<2sm<mx%GKGfVI;75?@45?yuHa+021O$pD>
zHpMh`6>))`vSl63^O4KEjpsX;sHR2oC03?qvhxMG!SXc=^y-_q^qEGVWj!gTK3cN3
zK0pwr`WV8_ZJdz*N6l?s;|3Mxn1&C;`g{yRK)W@8_%#LEYolsJAjam0ZSK|mY*Cu&
zrd?TTgP*m<X_K=#MPcpZqOwH_PN(<ktm^jGn`TO!I;hy26C_4*Drd4vV&?H-9(4&j
zgOir|c56?E7sGvbO^Sf8m~!7KcbqG1EZzQ9=^=|kj~wi~uA~dqd@(OotQuHJIPhBe
zz_{O*Q#R~@iVg}u=6lau_2tCVyAJYh(v~fK4`yr$RA1mdqQso!L51I?VVADAx8llU
zRiAKyu5wjSV`2l`=e2M3ZLtQhbc@Y&rP_yc3mQENg3LTUMsil+)-`KAeY96>qXkYt
zsnhYfL#u$JO!UlSE)F%qB<`(NkDj6sc!ECAZa5dIIq~I^rie=9g5Y1_I6&Y0!wtk5
zD_5&<k&UK%>+i0TyREj%7hT_s#_nbpRdEuI#39+>PMgPtB{>^8c{I26nS_hKbJja^
z{UjM#tOQ8F%1uoPmC-@d9V|nysypZNsusTX6xkc*7s&bRnyXiE<pY%D;-V9AUMl*{
zv>MD{`%J$Sa5_Hk<>!Vc@3D`^OD8<tS*U8|{BhXXktBn5G{I*gkhdegjXJR+XfpTl
z?EZzbwr?9<MTPX7Y@Z`Gc=proV0Tg?w1@mkztfct5YOW)KU6-JGk)e-@q*ogK2oS|
ztJxX5`6+8W!eC-7A#>_i)^qOKYog(Fc~d2jHUf=Ja9&kNUFQ3XkYcQ5l6y-yFq{5j
zeRVKjI-BA<27YS`u5|-mn;#ejt#S(G7OKmJTw>eDZzXJ@&EEY|R~G){H6_iM)%|jh
zRA}%8o)&wThd{KUkNbRiym@Zaq}Zfz1>by5#Y7CM#P{A>mX>Le!yq*qdAs{A&7G{3
zS;GSnj*Z@gieFzj9?fC}2GEpo?&#Yz$BFh%iL+l-BV^71F|S4QI|Wp9Cdz}NyYteN
zOzZ`)fsHCD(FjW(*rh_(TM%93zkhm)8PR?~c?O3~vI1o0nfmL$UWOwglttd=4N{rE
z?1k{yLJxz$ZJF=#?V4wB_tx@#1@vqyOczXJN|qahYI(I>8feV;^#^3XhcjNTnUdw^
ztJ|BmbDXqy)g^^XE$U!D-tIFODT6a#*?dUd>^xA`T5_s6x^CCBDptJIQ7b)Re>Gzw
zGT+N|VJ+rm>XJMOEwxR|_mm}h*u%MW^4mq8yGX_60AyM1TCPt0D%$LNXZ$ny!!Z6C
z;sD*TE`pX1c-Wl)6z>#wauJ-@q@fHBDO;w}00!x^$cRG|NNl2Xg;o#z2pGNEcE=bG
zcw)XJVX-(7y}Fm!Ysq=$;I{kxgKk#v?!%!<zWosLvf3T7Gx3M`3Vga;ulc<1?(zg0
z){2h2at^_7p_YdpY0o(+dixWD)#^dL<|7)Ux!kiV3-8E6{ji_$R>0kCY4VUaXboLE
z1FC6T;d<twNeR0@S^LIy7Od#-V7hHOt_GH8)G8+ba$!4wJv-?pHT0l`dO*9E*5x7q
zxO+Vy_|Wto7VAM2+KNF1950>}N-<+kcqTLD9nXXDNG&e0z=c=*&NE$u_6A%jG}NK@
zCTmBhQo;p6ww<(+^_(w>-f9o`(HQ8Z9Qw5lSw2^B_Jclny<{($m6)LTdRUbOJ?(+o
zCC}<^qszs$=$+w>>nS>7rq(7za326eV+~w~1bRsglGB~7b^BHiwwr}U#DqL=eUGZU
zW`Bn#MRjU>Hb1}0M4iJ%{RmxDL0)Gt($%UA_9G$Gi}M6cBAx4pt*%QDw=T&Ip^Rdl
z94h-E--Eqa7X!okv#-hrK#a4kT}|VzkR?r+<x-AuHW4y#aGZ>D?H`)62O9}idA4Y%
zSaKPN7R+5q7+b|R^c|;?f+xbPl71w&WrC8}RkWk>%D&6@Kx*1%Dw<irC=l;HvuQY%
z*?G_EIY$RnH117$kQwgHXjy$)bZZnv3s1gLALxxpHj+z<c`qP%=v%8$17{eq`c57&
z`(3t4oS;Qk!wlA=38I}S9S(b^Q)%_u0W{voo`B-YraRdK0M@EekDdoNg2BPKtk=#=
zP}gnB4tcPvh%L+5UTy(NU6cCcrn403HnzNu6?*ExSJz3)dr8QEE7iU&O<6r%aha^F
zcyU9I+Y;!F+N=b|OdpX7n!mNV+mU9s;2}L=S62gphXhY=HblDzKXGpP<16x?AbRyh
z2t*LT&fF1!7?+yzJ7B=wCqYlo0i_7e)dvQhd^Bhz*c9#avCab~HZh#ZqEyo@*Y?x7
zyDRl?y3$!XccN)IPwB6x_wmG>H4$o-aUU2MhPxKY5B15rK4R}LezK&gXA>!!gBRx9
zn39~^O#}1TGn3fqn_G~Qom8vndDCZCw}<Aqw@h3#la(!)6(dSTtaTU(F1Y?W<+@vU
z;&A{{)vwdovHFnhNhE<fEAT{*VW=T6w{Jiyjq=DuFY01e`RxZycQYM8|1*jNp2dn3
z_mrE`IO<NV-efw1u0GgX6v{~O@yH_psIND4A!f`jhBKv#N-18fPvXp=)+l9VjZ1+8
zU7&7=+jGv+%o-_>SV5X~hH0ERdBu8}npLwtwZwE6@1ZY9{78D2Z%Hoq4iwnBv<r-G
z49(ZBiR?+-K{bKgpmf0RyhGf0O8DmsYl^Wp`kY;AARD1Me?G_YSL?_^?e@XuSoq{U
zxxb<IIcl&MU|d0Ot>Tyw)3i2btm`MD+H|Cxci(wI#pMNgsCVdpkGL3Mc$LbXJLZM`
zE>wlx<06&PFRLt;4Gktbr_=QmIOYJ*y6ccZ$Z45PY-zVK<l0KL+HE%na;HcNR>R2k
z^}=u@nb+tEAA8%nI3qdkt^)$@+RghZcp=i!0^`d2t6}i|^NwiVB<YfOg&;ML=vodX
z7Ft){t&o5{GlE}Du7+;wdvXaPCkNFnB8@IbzI3Z(1dYy_dywJDpjPtVjxQ;S3gNQy
z_)cPoz@zbDlrEEBpEW=5J8_DqQmMG=$~g!i&r(IM>-#q`c+Ryu5Z<Q)7}wCIcB5vI
z#`kNfxGm!VDSU1gyvgeb5E>1qV9r3e(14Vyu!A8i$_NhBssaGW)_GQ5l_bU!thi;f
zK#ndZl7p0kfWiiBjS=}p7k?u_p=DY~7+I8r9aI8)g4W&N;iaDl-j$zRMKaxSHdnTD
z?p-XD7TF#=EW6EJ(^b9TobUMjmS-N1MS}M_uf*Q8ik?Wu!cwZUd2!3_B2_uoIevt_
zsN>FjSu96h`THs5n@LE~Qri?P5ZcjEdbSo$R}fW0-Wx+ojUBloUmXLGny)jVUQQ|t
zfX>AYDZMqI+f?EfvAzqsu;NFN18}#(hf0K1wZtJKId2YKJ9xB#3ooDvB6Td%B8f)=
zq{26<C&eqqGTu1ca&gVjHzpD###tY79T`kh*QJ#I-UO;I`2JR_Zw!!lnvv|=)^1Hq
z^tJl9P?2v%%LvTe0^r=!hf~sP=4}RT;NAW7rq51&+U9h(c_=HZ6|ENL%E!Wz(nYu~
zA*K;w)KEe>PJ4bQxXKZh<3<IV+Z5=Wr5{iu{6&ByD=K80zLHsCoN;eT9zsW%8K`*x
zY*X6f+y>`axZR&_0c<c&75NLwuWotVm0}83?NHgA_QsI)iYTIxJ|e~T#=I>t(#icU
zG@zBYD&FjR<bC4#J;B1$sS$(8yb=Jp!7i{u_X~M&0XxP=uy!*+@~XmJ<<rfTKZAL)
z7Qv|a)qh@tK)jy6@*|odd->V-o36ZSi_X#M)Bu5?gpzMRmx8J38l+ry>j;qYoj-#|
zzHc2D5M8Q2m<zFm?(ns4t=6@a_T03_(`fThx?K97c7Q<%cb|YI0CJ@oh)8(pxuG8J
zadP=RnYQM6o#m^4r-CA>aEKz7JP!?JZN1fZzo<R!#(sJg!;sfXGrYgpVn50H0HFGU
z_VL>b=~Y;y00INHsNxg7MDP5&4CS~O&zfy#Q1l?RYJWw_l|A7ynFTd%?G~y-ba?p`
zAe1I?tLTa0x;5t&4)S|)SbV+d;#Qs;?%pq`Q6?sWi`*F#fCiusL^O9`s`KyL+I}6_
zfrK1L^^7cXYcUzK8khpgkgrFAjd%~sq_@LKUFdl6OHS-Z3I-2m9*{2$#8%L-=H*64
z!(KfDmz1hgf%`ww+8*@e=s3ILc+BdJSk^8Da`Tfa0ZONKu5{?II;9(4!cQ4c*zvui
z5e#pQr+?F)VxnsXk5Cf)VjEY}Kx_5DhW%#0+gNCkZ^;B2pUyfli?qxo02ymrd4(jw
zW!QZ(9d;+LW?dJml*aotZzdNo7hB9DReXL$R7mTZ>x^}Nbpds6j7@1@dR`WshTe0o
zkhGVy<N4~avgkbjO19x1J6-IfQzDrQ`nWJ><}(mo^aW~-{gUqLK6M)H6j`<xu>%w<
zCyxv;(X5Av1DzFS1<1$SMEwi#VcU)dFx5QZwUx>o4}^a_xis_jZerU+Nxrwu5HH?k
zU489nsjVV2+nO~^M-(14qEkgee4{ei*~Y2w6&2lrQ)imAo!1y$Gq}~jGF=gQT1+V$
z6%z0qLiHt%Y%(wREVFYpIf_)ACbPk&uHn+?IGHvnzUW@6yKo0)aY}TqKpzPwH1J;Q
zhR^1f2?9NKb5C!3$OSx3;^N);zhT|p{S?`_x?hp`2w}&GpJCGn%Q2=YCbTeDb;*^E
z=-Mt$K3tgaDHkZQ*k1qvee6D>vPU5Rnb+>(avvarI2Pc)mk>l>?m)VzkCf-Ecv9j=
zJQr)^qA!XAzQ@__XAqt3XS~z4fzdT{rVx$^)O+oj*OWTZ5@!Y7>OR+z2`Ci~*TDrg
zx3&;6Ur$g0HpdRHrbpRD&eshu%<?5L?k@#*TMSB<X0Cs`#glSCy-@Jsl$=#Xd8{q3
z&*uxl2+q=P7h`WY9_($HMF)EWy2T~iv^Ca1(+L#r53p|yk!0i1(&g%mZ4cQu(!*0i
z1;5_)1$;(x2n{S?Ec4k+euK<x%M{fJajcX{Uge_qqGvPf^<^UQT$_Kfg=2D1zcuX9
z+rPgHprKjSIV}YjW?($On+kH9h&sq^ay*o;QXn|;gcWeFDZ>YIW)d*qUGhV8ci0k}
z9Cp|4Y1~0Qg_oF9DQ3jNOZ0uV#vw*6Pc*PcyZ!1bP!OdpXjkFIpi*Q*_i`hR;DCSX
z%emNmZ~8&RcThtyzA-Rq%@Dk|6hMub&8upm67Yfuux7w1XlR)^Idx6(F-yo~Wq(VQ
zywEXueWRk1Mg{0B+O9!l1v5K{gfax_@<SI9(-cnG&5-EI`N)MqbK^*=)aL2`E`VlD
zthnXr*EQJ#KxlS#j=BJ*2LU+ld1tE@Tn-6?%sx6xmD$YA=o8Zi0=jIyWM0LiOMp2s
zVenc)%^5bYx7Ed5N$z8>d^`mq9pe`%NKqfGE+E|>3AXL_1}t0Y+I4}k$q-n}=bn#+
zlUF>hR#v?-G>pFX1wy>5WTrdB?!|)5M67Sf#qMcjIzM`_J0VmjtQ}}{`LomoD3KIH
zFjZX4VDUUkvG?hKRXq@Q<sXUdATV?&r1BpodA#r<bxlQzWLt1HuGWoXv(4kuJ_}c6
z*UjkjXKjdYpTYM63<SqXxz+xf^?nXLU%;liKW|U2Nt)kXX>H}Aa0s{HJY%5T^)=m3
z`bPWb&o}e7$$XYhtjuWDiD;F!Uf+2TEnE>uLUomJ__V&WQ>;Cw=I*?mZ`H!?`g!6w
ze#)tz5h}J7t?MN*%gL&@up{cOylCGM0XyRn46(aisi6Qf<iDhVx@+DkT*A;Y?73+3
z;CnvF&sw?J!6^rxjiRLGT~KrV)I5^^N=iX}Tyvg_PQVa29x0b0WtI@wf<-8_diN(^
z=K%q#15$+}Xi!!!zA+e)s|WMl-<`9)U0KwrYn2;0#A)&C=NBb=!2#<c{c=Z;-DALn
z9w`}4YHk8FVCypEtX0NFas?3AnfiU&E(^6gwouswx0*61J(s(cjOTLJCB#|1E$w!>
zlTR*D5vcZin%6B#NcZY?0A|+eQQ-{8c_HUo5OdwzLokBXX);%{Rq60f0smsCYd60<
z?XpM+ujCw@*aG8U{iRA@hsKBc(SNBcc{H(`HJ29?Q*S?!a`m(9>R~+CY_#rqrY8@S
z*|{`_g%vjLwk#w}*$LbR0*du0j>uaJxxw$ZRCN|)yW=!5)KtkpA<6!SLek_cAs(z!
zeAVpw3bIr=x5R3<m%mcxZEl46(XC_t_K-kq>_K8>mr?+d3+3XW3k5vZLu&)g&EGn>
z*B1%~Y^!JvPTj1;D_LmkvhEaN(;XNu?o@8N3nH_3(VCq@;M`%yfeGAaqHO~1h<X@N
zCePD}o7o!-4AAw5f{{&nG^ePAFNS5z4xHMilxHDKbODiD^==}@igwRe!BwxLQc(Bj
z`k-U003g=17SbvQUQpro#IRc*b%<6Y!0uS>H1DkgQUs5POcn@yD}n$8RIL9NO0r2y
zmU;GY#&Uzk2ycS2>&@-Xg#8D_i9B>*gMpN{cNxSBAG+n;9TvnFPnnSwp!^L6^#;&S
zimi3w<ZeEgK*v*voc&AU7NQ_ow$Q^_(s;TBP?HQ3U~}{6*_3o6w%<QLYRjI>hf0`x
z@_BE3DABLSwEJ}crgi#peEn5R>p`fqYq`E-?YO@+S>`ok;L`VLifRBPHR-1Oq>D$x
zqr3y!`jqw>dcGjU<?5}arh|2+{Y!rOcL>17tz=mmeMAP2X5NG7nnMb04C)Jvjwbd&
z-HkWGj_A3*qR^g*KJ%2&%5Kt@qi;&7FNfq__5%88u2DwmP924DZ6L&$9m$BH`ruEA
z_F)0q9|sE19QDXsEWH)}Gr!L4Q?bvch8@tZdvb&OXgpVfI3WoxRD!~Ryb0V56u$XJ
z7$%jGj44`>WO@hIP=>+pb2BA)z^ZeXFj@|`k~r>uM~($n>p#jcNg;L2|4~;7MG}Z7
z`cE29(BqFQe9}%CfIK%t+P?~1q5Ejv03q<F0vsgE|BWsf1hwBJp1%#n>Yr5UU|IfI
z)eFY>r{4BYk*krU{EA-YRl^U6|C=~*w4(qp76H!tPg-0}68Hos`c-dVk=f(_g_;-~
z7O$)7{mBpXOM>ow#nhEUItY;81ewGaPN5XTQLzG(0B>&}%hh1j{~8^T6~q36#Say4
zalA0t-_ZQ9F?0CmB7|vwVm}!aLxG2-*o_lZ2j$=<jNNy-hm3;M5tje^0RIONnT1xB
znT8~#>p$e6g@OT}$;N}Ytc%C*1ArjYE1G9)^gtc{{@!3F*q)X_|ASB+QpOHBL2@l+
zaPxrvBtAaA!%ja@<W}S{Jq)CoK7XW{7Wh{j{y%PnK0r<w3n&P{*XL-G)DHpczm6ef
zBG&<<y+|hcbAkvw_>ELE7Hl?_FoLV(62hq-WQ^u1{=<D0VA{vD`xe}gX6nNK$#g(j
z_pXYM2E>v3j$ywI11u>olqA!Ac1wxiKf-V15gZECB2K_Dg^f2ALG;5AGccmTYQh|k
z31$A_Y-q$6>>^CLDD!2|3%AS?>J)%9U9FHXIrv0ncV1cG*J}1|(bb;1mi!MsUO+0d
zY4T$B#ug+xb*TR<tNrbUPa!?#{SzHyfMHoZSFPg+Y38m>zv+X;2sC4gfw24u!EU0&
z7EihiI{vgLozoxzay6u;^gpJitnUP$>>Odl15M$EI?xmr01|=w$K<X*A<rC}s-g!U
z3IbZl|L`GT*v58OaL3V8Qg_z?<P0s$5zf4>d`z0@=Lb>fBham*;EJM<ESy;oeN0%I
z2~9RMnL7d86eBoyv_{{^kI7k?SRu3GXR$z5bq69ZddAFQi{3w_a=#8GQ-m!yAkrAr
z4@ZBFr+_UW+XE69(IQL%Vk!hw-iFA$@qun#<hCw39P*g}$A6y*diDeo8@(i8a##W1
zy+u%OR|`G{?k_Q0$J9(|K&JdnT?tf$pe;{+T&#IqA2~z>XuW?LS_p>tGY)F%2acZq
zZI)nc#{<zK5b}l4j3B-Lw#4B~n9lx1O`rkf>q)zn_G-4j-Y;yTOjV~gh!^wTn@>R3
z#+m@WWWui%2`e(LI;Nxllb$psfT`SlgtSz)oIoRAeiKc@)bwKEKxklp|2(wZ`(U!b
zl?siIxvHcRh#{6|ytg1Ngz@1dfIA{VFZf@98axvKf|@S2?O))AockYuBpH+||D^fC
zlxFMHHk^#+WBCU+gj8tl(a_Ccbbti;i2rzji3b}Gl-AfQfK~f22((KRfJES<v#Tyd
z3Rp!Ug&os@NMr`rtFb!m9Ui35fHW*FPW^xp>`_d(F77!G+N^L;bW1#F?bWs7gm{$h
zmMuUPy}x>|y1aB`Ap*R@>Gr%0>bOsQVNF0Qmw_@M2DBjyrr!?v1hMBAciif87wmgL
z2{ZlrS~arr9egs!^G1o$O0$rV<p*0WL+=uB3o=s2eLS)mfLrq}vZH><@)ZblI}U!G
z5kM*Gykd#VICSRM{9<qL{p~ploTk-Q;ugIc-*_%mKm=Uiq6tuF@j~LFcLnJMYRLqv
zlan9FB&;th#XRWIHVKvS6y~j515&MT`rwNN=xdNFzT2G>K(AoD-rwGS$Fc1OfoZGI
zfHlmqU6$Ikb<G`W4ZjgzT$La;0%34rob38$VjqwfS(<Wt_BEkF7f^G6+v69ghMUiW
zYF9Scah%S&z`wn<{X+2h`|+SRI}uhPI{&7#b^*{a;qLQRhM>b8#(r2`X&QR3_4CH3
zvMvE~KUVfR6|$uFo@h-=`z5eHxj?Yct%=U#g`$Pw?m;l=$tiOmlE`r@jm1_vw>ZP#
zy-jd~2oMnWK00)7ebqhVpK9sn`9uj<k@fRsBk|r_yP&Vz|4UQ?Fiz<GokfW}pA){I
zxfcUO6MehAzI)NaKzE?)ldoZI2zuG*jk<$9U8D9{qlq8SxdjckJE9%zHX9}O3z330
zx}Y~X%`DR{JiJl6fz+zo?smq08RqQJ0{*Qz)F0i8w-FreIE6wxL}(m%g37(Cf$I!y
zdcWN^&>YnOEkC%WA>-R=;OHr8|914mMx4r@KbJm`wU$%@DGXu~e60;g%6)L4C4fOK
zu634W&}j9qm`;y<S1Bzm-FGr}d6mws8NYHgfP@h4kTMh(2fnBw^*fqlAd4&3b5eA~
z!nN6-fB~^1Mui94_WjOTHmK$qxAXH?6Soi`#&tAPn<4?HBvcVxG+FuPX7p4=EZ0^a
zsLq=AHbxeyVlRb@byROP+qFb)iP}C%Uhx5Kho-wo3E$c+Fgm0GL+0&*)j?ZsHxvmP
zX%??T?XW%BrI-vK5Sh)1FerU6O95`ETxEpRGsu+i>msvkD8=nDSu%<z5NpQU)oBr7
z1n~1`56BFE$rdHa@c2#lbM3sd55+~AT6#7Dj$f~2ARz8Ju%^v!$oWge`!^7a6S$@(
zW@Kg$@NH=O9r9n0EMRx!V9&7Uf<ad5lHzRAw_G+vVWV{TLQb@6^%(txjh&}nrmjIB
zsGQ{?p$L3@o2D(=#HMm}s^c~{X^Z6-c8!CvAU4MdG_T=KfA3sUrF`ylN5GxZtaaL2
zZjjo!JsN6e7!WpF2y8ip3VHN$vlHU$Cm>3`=QfBl1kV>PfbV?-m<h$&aTTR_@q}^J
z9Wc2N8jhw*ID4!QLFHy<NWRu`_Ny1rI>fhG(M^#+4PP|ipsvqE>pLhcyyElT-_^NV
za}ur$R^1U|>qKJWe$^~`x9+Z&)itjJ$7r3TVpt~<CA#DE^mUa_Xn*HPfhuPQ<sIFf
zn>;2g9ll*GPJ%g?5DLE4Qx|Y}LGGfI7LOAog1~SND+uZUvmf4N;=%lI#Crqjz22A6
z(+?PFJD`TD>-VWraY9B=<#n0T#B3#sel^b}_pazF?bg&o3e_%$I!9Zvv9(9r?PcFi
z=O2)CjcRwN<&@h1n?~HTIk#-sa-njTt7w0F)@&X;%Yy@ErDDN~*JS9z%_7#-|A)Qz
z42v?^x`xeyhy+Ch$%=wVvI&xrsDK1P6cCWqWKg1HR1hQw2@N7iK_w|svLcE~laZVZ
zK$DdyAn@*L^^7ym%=4ae-XGte@6TM$W!qhM-Br8xUTf`Do<I=t=?1^FD?83rNHPIn
zfbIHhT=jvX)X}ou(3PdAxQbe&^I05zp~!v06EHT@Iw!Zcz<CB;me6~+U@vfF*PFgq
zdd`=u)hyPS7i0?(1#Zf&MOd~l-mF^fpTW+YcRkVL*d$?#DOL1ZZc8dDv`pGt&XON8
z@4h@yq-!WYLAeG|9N*J9Y%Mlb7~SnQn&dcYZLT;o3=G@D%FopstJMuzpbhD%@@mbx
z{91qhLh?@iJrC4J{PwE8DNAdL!A8^ACi!tB@H=%G1(=y+&8?7;yE>>=`}C7w@41h2
zI=&<qHce*KSIwx7vnd<P=$3iuZc{imYGG=6xP13iqu31o#!3AX%fLnD@$H-bEVxo2
z=hZ%{;u?RDfkD7=w6S5`Yq21ianhJh3X_$cue4ZjUy6BtE?bh|pn-d|20=}7wcA-N
zg-+}7D)2n-EIML^{6`j>q}JSy971OXEWwpk3@8%2zJWFxwg|BwXa4jMsN9O&HdY6d
zi!ypIPqYR<?Nhp7bfZd|)3>?i`ATb!vqIk#LML4m566tT)FM#@*-T$L5dS{9fU5Ls
zn&yeEP8NjTNNLV^E)%!4>-k5-${@jn%z10GT~>vQA^r3I%ZY>EGc?3f&%SsQAUV%E
zcXw3$sMATVHvOB0Bw6}-a&d%xUaakLdO101XI<%|f`t}j<C+C@A6_(y&UVh^bS*G^
zBe+!_qao8<2h{6v-)4T-;-G`)EcV~VUj25<q?Ezt#SJidDvE379MUk9(aXC*w={dS
zAv-Foif>}hX69Un1=WzM?7r<j0Zi@|iybuY)|xiHtA(bvId-V3dl^gZJjP}6)iCE~
zn(~&lWZT}14l;+W!g>Rf=1L2a-(FB8AiAhXIxV`BAYN8kCR3OuX+_S>U1oFhbfrRK
z5&c9{$a-I^S(>geM`5XJV{4NP*Jg7%6WVbyz<v0tV8>yqUS~}XP~-1#i@u%%P4$!4
z_yarr;tuhtZs)1^B7>MG)5^}C{Vukls)J$VSf_)RZCB1dE$8HWI$=jBsnd;ke{27)
zTl-EEO7Oauy4E``8b(yDFXVN0FtpHe_ltH{sT!IVoqo!+V21am(qx`Yauz61F!Y;e
z?`67BEx=V{myr62C;M^tLEV(|iH$kD!EKppP1sO)p;AwI>pOa$ZdT7}cKc}XxS)>7
z1BsH}ij;jE1Bm~&jZ36bp+)vUw9xx%Fper1U1<WHx2@>|+zt@!>gQZC<mg|Ykk&Cg
zA(*99Qd#`L&sHn=gOx^~s*sn_`^jy#^Z`UQh+))}n+Fx1W78GdwfFQ&E|+K;$1o4i
ze$cXDHDa6)ko#)Cnu8Nv)P9?EPjl^Q;u?d6PqyLo@X)Q8T>|C}2{8?e>YJ=ecs)Om
zb?-h<o~P)~V@J5(l#h)NUm>KIIta5&eiqzi({%Dvh;G}8n_EZ0y_klfwx*CZh6%^a
zWVMF-PvK2j^8q)YSd=GaC=fe+qiLl;-RFqa_oBu)hM;xNR=0T^gBn>*Ruf=^>Q#U)
z+_4wE*LWKCjRjE$|7+hoCubILd|jFSD4M71^6M&X!-{#c3#>PJxSIF*lzYDh2IrOT
z>Gb+UftRn7zNRW;Ri)PEC$(nWJInKVd3suseRge~->zJZ^8wAaVfp>jm@8TtEDDJ|
zS7?uR=wF>rbg&J@dJtxr^gABd_S%*-U>%-S>$p}Qx7Kb#`j2cof|UDU8COKVlVvmy
zw}Ws=SQX{5`wz8_>6|osdBW?q)|WKiYc6fWbSpX4SWe5fkiAR7GiE+-wVo7$lFvLY
zcr2f+fj$9b&{L}Q;kkJR?KV@f2HP;xY1Q<O!k!TYm4`Ib<$e2`{13_$Z%Kbr=WXdK
z(dRghNlA`LI~!N#w|}ZQd26Lz_KT1tuMC{wF0uZmPbg{Zd0<eL>QTbFJ!#j7jc=Cs
zn7K6OrISdSq<N31TPP2+Xa9u31u{c{g1SmS^{I!Ga7uV}+!|+su7YmIwL0AxSRWBB
z$ws1aLjFEI7rtb0?`!W7eByLh@Q1fh)eod<{~mH~ikO9^?XCrJ(n4I0;S+8IXK%*E
zf7vHMgAcS?de@9L;&9dh&_5a9wIzYwgqNLk?N)ie>kM#@Te1do13HXaY-n@L)6N=R
z<}D+n4Y6w_B&G1)SdTmG^+G4#^i03#3DIP1DaV!85d)r-HISZl%2#`V-m<l{eKgN=
zn9JRYUVk9%6H#u+o8+FmASdvtu3x~h)?jvMhpD__M}MbPKb^iq`q_!Dht-R`7tFlh
zYCW4r!h74Y^ic|ldG-An-8y6moGC*&Egiw=d|3iMq;U&JiP|(RR`}%AiD#@z<-lu7
zdr@^}R82xM-0iq@SLf8t4UTQ+)kp0Y9aCn3Ocf2_sU%&yG%<5zSJ-4Sr_lFi>v>$~
zNvk%S*f<b*b<ZhmjC~fIZtCeBTz7E<O0ZopRcdEpY~<SRvV!#Nm<{tVk0@=Pjka$S
zO*{S7r-j7DFHJ<>IH=DvW;Z<=a`|=42he|B1U1N0>a}IGC!YQ3EP1|0og#l!w%XP{
zlgo~8ZkX4n^vW8I>+9MUMP}Q@L7$Dw7(`u%Y&m4BOHo(p@9<^&dzpsVmN+llm8ffY
z{yNj9g=Fm;bgqj*;-9H|`lRLJR7$JYmL?{GA6Js+V<jwvBD{E~<8-`kw}m8dYG#;X
zNG4Shn`uv$kh?NCm+R|0JjluB#f`^J@BiFL@6c<%P&$yc|5EX0zp4r=eP(M7r+aog
zG1Km%?s>a<z7L)HGz+Yez=UxN+jG0XRxs0OdQ@rlOsxK;L?-=GHK7~}6s_y@oLzW#
z)AdEL;h1!j4Yzy#fKI?Vw-j4Un5s8ipUrkpr&F9>c6ww|p4T$b&zGrjd3<1v(5|VL
zQ)HF{odOovdutWXW|UL&C8dP+IlSb0@8}atioGNPx?*1%XyoN;Ne&0BCDa2NdR)zv
zh&`|p)XlUzJvv$RnM`>*359N8u2r929_!~LDSYK?IL%b~gsR^-q2wEd_!sHou$%gI
z@?<k*t_D`@@mIITsf(rNr<IeII=`pz=rt?tRelUSe@~AnkaqQY`O0PUqWwh*)n7X^
z%GoS)LetKEXn}^HSVkA#!STg7eA@cHm~zZbEyXyShIsz;hweEQy`bh@iAWUkx+U25
zZqNyLw@SU2d;Y;7xke8;w(wS@zM)*fQ>P0UTN9DYsVoTF)zFk$vtvPD%4e79)QY;$
zVJF&RJLi$}NAonKY@TIrYS$-wr`x6IicP}a<)m!E=9JOkABHM?P);{-=SI8=lmlyP
zbS$9F{0?1F0JZ$gPE#!B%Z|(H74UB4I6VUOq4fj8?B?<@Wv%qHm}6Bd@AI(LUL_0j
z^6DSLr)Tf;y;|SV!_;YV^aUQY>CyU1#!YS6_K!1_JtvJT7oFGB^%G@>bv^0~b`0mv
zr4Pwqb`@H_Fg(b|2o-Bl`J(C0%8fS)hJi(;tQx#krtbQjea@Yh8th9^IW@ErUMYz$
zLaOlP!Rzm&oW>H$KJpYZ=x%$~Mk$}H-+!dnZWp<LwUS=uXyIsU`Wgel4U|Ibd(x!8
zLWOv~SUXt%)9F!H;e+^x_bP|4amD41F(g&Iu9Q1xJw)KKkWaKT^aAePJfOeGAe#ov
zi5P|feANRm^Qj_>-Rd@IXr0hSy@8=PQR7{d1hUObQEUwkE!kxH?#*KzR(zit<6CM<
zb)`#^&KiYO$KG1?@A1AqeK`JVr?18Sz`{23wbC5AGcMOJ_;a>poXyH%PZJdG6MIY8
zqdDWfR9<i-p`X9L^0;gX=^&Ky`JD?Nm9bnq%50xtH@f6;3kF3bkM+qiyG6?A@XvzR
zg(d<##GTHlX0itH>@6r!>~x#zf81`6IqI}(1&P%`kUQv@m(dg^(WE<$H-&`?^>CE?
zHC9eUl4JXHjN~VV2;$QnZ>{@$v$}_UrkmpSQ<g|scLZI2%}5TLL|O?^3au9NRlGla
zABdfA^bU@c*Ga)m5mQK#mt^~KC*4%lR|wDgttPzuv$O=;j*L}*B|{Qt#TZDBt6VY<
ztt}d?HIGy$Yx9`7fB#x%O;$Y(@~k2;S;2`5Ty@UN_3)^%=VQvT*sk7~RkC+wGcPG@
zzZVxCxou~jbC!%}Vp_aMfK1jTOa6LM?pX_KGuF1Wg%dKPWHDolgJm{n60t0n8QNl-
zFALwKbA27fb3WfCbt(0PKgXi>)cTEXC=kLW7B4P}6iMBjW_;6baCEeNqOai=`7uyu
zrB{0}xD!&lcMB#d$FYy)DwLTmDsko9Pn(>}X(|;uh<}FBq3<W>_GoECLEQb3$C<8;
z^_h+Rw|u7c2j|Tr*Rz{Df|GFyaa@9;vCa`2K*bD_0qRvP1z^bSP#>5x1kgg~|8=Ha
z&q|)1FUUE*CEHgvj*64-0K+Bka)rv`_m@YY-plJ>ykLFRVlmLCTrr8a&@zVxDoPJw
z8of?(0Z~${6VvLjO4C%FvIO%)hVvDtxAAM#xtGs0E%bUdusN7V9M>;vulV+gH&@V-
z_FN8)_*$*us$86Lx4(6NxpHaTnbJ{$3*V=K*^5&yCuAS%y$C5M<gGw)vz9%!rEYrI
zXPxc&)GZErj~wCq%5jBb<{v;@f$tZp>UYE*on6<|=KEw2rtLJAenU|TR<pN8XVA3M
zh)X#n<_o*5rf!s#$wtfcHoHI@Sv${JN7)vG?|6Y-hV+bNl@vhKq->zxg^kyJUUl0r
zxe8mFeuS6jDXrVLv5^wUBJ4h7JL^tn4BnU!URorp;_gfzALBVv))wKdnJcepTL~*H
zX|&5EJV$>|>gZywyeL+<A1Ci>(z?Qpy6d!U>{)ZvU+xenu43xnj$ON~@Zt@WcX!V(
z*>g|blPypMzIHPEbb-9ns_91KDTg*ZbCNm0eXfQBUzV3glkMTd6_*&77T-*7cFnkL
z<6P>`eEF?maHmz<afb5PfW`jp0sT6gMKc-<)#~&wcaw9ACh^aKP>DV?PQSgQTDfD^
zKw!hZ1WwVGL2cRx&id_++<exZtX4<mN<Z8>7=jh;?iLn}lRSuePUZ`XiyRw!f-8=i
z0U)H)-Xq;3gXtG&)Gc{6z|%`E*x!56`Yi4C>~(V;pJIaffI&|eY}0y%h0$oN;8@cx
zS4Z9t?d-}cZY5HKmEUld`>F^{ACbarBA16--)C*1Ki9lzfliA<!m{<g&Fgbw1x@3s
z3Y)i(goynFsTV*$XBe{V6I)jO`KdjR7B;-QPJ6toO#C&`qm9|7bn-G_r=u5o>G+@y
z-d(H+x)v3i%?+2K=y9b|^TM@kNhlKwS^t>FtFOECVI<K$*9a^QWys3aEyX~bNoJY!
zg(mNsybE28`$UfUyuSg4d*1&{!7hR5Apr9lv3H)uO%X~yf%MdHar+GFjTuLRqoVcY
z7a@C|6&Rt0N^D7KhZ#B0^fBGg8<pS5V^DFj+`nWY;(AA73!`75LC|iV($7&n?)*9U
zO;3_$tGnvE2iST$o`$bKz|MBiGp^)k@XjaTQgoPloS3|H+R6l79PPhme_CmM#GB<h
z;AX!6*m9gOR2UqGTiJ45+VnGR0?q4#m}uJ1CW#7)^?@72iv-vxGEcB%Cwr^PX6h^Z
z%MYe;WNSPhvrDkdaCRyDlAR>@;1ejga45qse_t@VF0$ZeU(DIn+?3njcNv>kxoCBA
z$BHM%NmAQs72)mlyCj^fUDhg~*TqKcV9nS9BtXjBhHVE+Rth)PSIw>4P%ER(^9S{{
zh26bPuCw%&14)AE-p3}JvjzMm%h*fHIi5(}%%YXTgx;XzK5XZcL9>6nNlU+K8Bohk
z8UCe?aWg|ZPAR}2PU`^x(aMx;w-k0cqqoNPUNy0c+jh^U_f+w|TUJ^h>aZ;q*EbBL
zVM{GqRF;H~Lwk>CHP46U2Mmk#x*CZqX=c@*%Up%?7ZzT1+%rKXQO9tzH%Gh(XeS+m
zvw9o}EtQu}8>SSk2d+(3>os}h@~W*&Rj-AXdt?)qIWzA@6+QU0li`Z5hO}1U8sw&L
z8)q7`zf2t4)+|y2`jI|X{XNbAbHCr;-@uqXO>i!2mz~km!@a-*_B(T2pkB4_g-;*v
z0w6kl;AuNCwmP`s-M>35&8{57(+8Cj<pV;IcWKo{W@ue0qBC0m3Ku>#VZj7(<NJEm
z_;{{m>RF@MX$3RdPHn~|bG6kn{UXo8Qj>>XIBS>qHJ$Ug>akhA?SW0#USslQlPVNS
zrnE0lF1Fb#uI@T15M1By{uR^45r5VG)6}AJlOPX0^Xh2!y992BY*8px`B39M);QF>
zeCF2W4E?7(oj=@c^qKfn!=Im|ZdQqbTs5vco6^-Kq{`P)`!+V5(7In@C2_4Lr7X2R
z<oilbXB@}ctxE-0`@WnSZJylkbu~fIT6_8dSVliUXt+alQYWqH`}g+4&XPIZY3l^#
z$K^=8sNl-eY9{W|W*sg*`=+Nq#AX?KNkPu@*=Q!iG<=NgVPjr5sohDlaA9{RAFf;-
zsKVMU+U!@Hm!tP%oNux%=uKHG_?CBsd+>OXc4TjIJra3?q*C>I1eS}i@Oacf^h4w1
z7~uENhbTyv)K^tF*SB`g2NnQbLvc$69V0YTo@&#yycHw4vu9qC#<w)Fe7{o515-P%
zrP8X3i6};o<>bn3XN(~A@3&~1%!9USfyC_@OZm{JDe(B7zg0uySn~5~no==keBQ*2
z@Gh*@g=AWN<IfwO6PUE7NUYpgl&I|rzFV2H;KsPmd}(U}&x+&gB>h7Hs2}vCUS@PB
zhg@q@ERUe$27~5-M^bg|7dDz`dh6^q@PxUC%H4&WwGO<p&4V-ZZmrcWZOQ&%_Ig?9
z<>}2&BsW|-)LP6^7K@<S=y@%o0&WXuOjR7ZfpaNzS1%!M5{Ux>3DTDtb{*HruO(2k
zdhs{ME!)}eIy?VLt(v=&mSc%5c(AzY8fSaU@SevLKAYz!R#&Z*<8~5G<Op_Ld?|IQ
zByYizC>_q{hPLG0bW5g710MGKnI2_FKbKuo_kEyzdXn9AdO7%By>c8DdN@SN4{B*h
zyrZ&^m;Uey$>Y`-3RiUsM=uPeNtw)>E2k$r>luc_8a<V;@>uy(k4`xINK=S+<ATA$
zXo%<cFBfJMv1J7ZA(5Yt1I5LPb;X*iGT*0QxdB*}Zc%`ShjTPQVpmOKQS3WC3Awvy
zLPI=(mUiIiPpO6g@>m&B*ju^-u_Ag1F$dBP^@~3D+t)nFRQ^1R$MUJGW<rF0tne@A
z@dqg1acaHlEQ9#%ESNk*f)hQT_MUsLza&StW2SWU-riZSS=5Y=2;>woM4K~qes$1>
zf1~jDH*bmSq?}hk_lFH$veFL(G>lVk#!RM4V_@IUAvz&tUHfjWCUMjmKWLa<Zy2o<
zBV*PboU~DRuI^D|+mGv;f)lujc{-cryFXLN0<dMl2sH3L*$v#q+3i!YOnC7k7G;A`
zJWi*X?bR<u%}-MFuL^|+L|3KJden{d2XPvK{Iu>1u~kk{yil>POf1$W5=v*^KKkP`
z=udJqU{<EJP6!3n6!Q(woq(3WU}ox>{x9F=j(FI!4S)GIa5Q_ZqO$hQ793EJbtM=r
zz_<PPV>`e^*D#$S2J^ZA9{8VEF#n6=08qXm{E!(~{Tq%M%P;UZtfH)-mm0IzBl9m(
z1!-xbg5sy10gR%&7Z~?|trMcM+yC;}Hz<j$mLef$)?+`)cE7*qBO;I`-az``BI2CC
zw%)`|=Bgl?h3_xwhZN+uAsAHUDFcAYlQ^P2#h7RfKwP0e{&W2<>>~#TuM%1KP{cof
z$Qr!lR_sutJu9ySst#)v(5CsFSa&1Ze{$=E(1EAU9xad%`ETyG>g<&<Gl&^ybe}LB
z?KG0Af^O#T{BIUg=Fui{sQQbB<q?u~SRHEZT?Y+IN4cf-Fwq`rU(&AM7b7x$1uM$H
zWNGkxCEb0a*B=BNIsCxvT{8KL&mbrILZ$SU)v7=Iroa*UZ=@cW-{nW1M2U^3$zQ}7
zchJsy&_eJs{9!TrYW5~>yF$H3Q_??(971p>rymt6@qwa4ygwX9iA>UJ|N7F=7{k(M
zT+j=hC2CQAHtGL1!4Z35@xJ%pgN$>z^1w^y)7Gt`2_R)zrhgxNbW7gc#1m#i@J?Gl
z@Y!9R*ecGz_h$`-v@t4oyL{)LfdWTjhkeH-(BN#wxblF%S-~i3#QEcOQp!SFW&AL+
z?Z^x8BaK|RF9z+0Uk6JIsQ<6a`yaGF|AjyZY>dv>#BU^5&iO{)=UBZm71j2_VU&}F
zq;7k}71QZWZ&|LGsyk5MR@y<e`OLAvZB&PEAHE%wwr%ez(s#E{SG|&;jEEk(dSBVJ
z+J0S7%ih(tp>NVw&2_3#vwE=Ksan7P{91)XZ~und1b5li%_P#Bwov+R+Qza8{>Z{A
zU8`~<jh&Vf%jW3e=tt*(mm9(U&8Na}+vJsbSm19Lzx(5sjzxD~@WXw;zuSk)8r$>Z
zyZ-gH%9mx#;|zLL6zf>Z2L=Z2v9@(&<aAT#n^|iaY~Q-N?0k_oc~gzbvgDh279XQq
z3>doS*}o48z9=wclL(CH^o#ye@tg;~WhYpN@yUkabgr6<{rShP=aWR3WE`KpS{Tf?
zH-I_HKtM5`wN7PA{PsURCtSNn#ZsqYx`*?b7zt+k*5vb!%Vd}s229Ke<82~X?5lfI
z|C*B@&+(20W`?f)ljUBcBTR-}_dfIDBTSB*plxIP%NNsa`5gat$fA_S5BKKM00VlS
z$Wq+&UmoZ*2_=7YipAUQ@TtB(KK1$Z5adAU!jLC)VlLS@z(pOzPXydRujl%@^yTm0
zzGA<9`G9>B!Mc`OK2HU2PC5dn=Eg<c*MWR{aaoCn@Ra<Agngi$Wd!v~%Q6{W`{3WO
zU(d#9VgQU^MnLt#hfF+>rvZIWveGN6YtT$a6vO0Jue)Pxx}JQb&tNB!P8r;LdXN@c
z1w}CK^8{}n)tqZvAW2Lj$`_!~r#UFINkn$jmaTrz{Tg}Nv_;~=!cHxQ^z`;(%sYO)
z-~(-^8GV>Lf{*(0X^PL4af4!2C2>7>?MC>47i1IAePt~)aP3ps_x{%!=?b{4ys92R
z3U^|mYxoKlHHp=D0+4aGW6t0j^a9w-*9B4?!h@0^Y3ajG{MUW#&<<J`k4%vWW=hG_
z*u$-TAgvyOLZS-iv%b6&zwE#U6XZy8e})Vw)o_t-LpKxK)Nd-Tfpdj9WN?xNZ`gw4
z&tK3ldQquc(4%9XWVYYX^J)Q-had+I?fA$iE?-~KCW2gJ@Obt2*&Nba1-CYBTjAd9
zfS=dv9B#ephr7f#;u=xmj~k;g%1Dbo!KLXhv$EOqHhU}|wV@S_yaD0G^rvtsA-I{N
z6p5g6++h}RYF^`-MJ^KsYltqUp+QDWt53Q|x9(})s*)u79<_%Q@bb+L*Yj4}+}guv
zbwur+O@KfW7z<%RFvOT*-eh@d(-t=>ctysP*n2+fZU=Ft1MU+z=I=v0-I7Lp#T%iW
z+Zf^0pY5w_uk~le=~{6TbsoSb&uyKp5aA?|zC1+DQip%OV0*~?7GE35gDn%p?Gkb+
z-h0y^pf7k(aP>r(FQj~bzLg^WytdARF{9~~2Q$E!;ZA}1sNe{+jtCyTcg^^m&JFyt
ztDmBr_oFz{ekh`fx0VI}9m+y}AV0HD#XlM?nzrSw_;RBgnojrLyd}Vy5anq?N)4aC
z?k(rbfLVK^bCz(dMrCix;&4O*6*e$FQmvI@sFDi1^08@Pnk({@@zxp@FNa-A8_?-u
z-6*y3{cyq=4+3o)vKdjJ7=^{4xOVdi%@#@vw=H9<GP`R+W>b)(6$ys?5)P2Uco8td
z!Gmxi?olOlF(n|f37hJ_|6P~Pb=Y8(Vw>5p#!Kpss{wp%m#Qiy-3MxRi(t$2BfK}w
zgz^z(Z7K-@Z#|)3q4=d~AJu~TH&}~EO4aKLjh9bfT1;1Oc&8hFQ3zwOEC#LG;qDHw
zOfpQ@Ii%$S8W%xWR@pkxnqb4UnNdwP!@y_F*%4s1E>TdGWp+E%bK7bvbrs=H)IY;|
zcpejZx;SW4&|u@CudhD>4pu^W6|+J8Y6Ud!>Ae?vtn+Y<jjD5bK5O+Vi9!uWn%?sk
zt>gEPFM$roO54EAOiyuv+3hn``rVU;-)d-W?$Iu2u3ZDG0X*2wm_>7E4Zds9oY?I4
z?hYrm#*cIaa2P>qy?r;Tpwn^QVo+*Kc;MPgWV5oEe3BU&=7=6sKu0Fy!R?33v7Wo+
z0QuE46xALovUnL1Liy6~zgQ9D(inP0Ygj0IRL}{FkLQ0ef_0{7uG|0tjsX2Vq7TCA
zO*W}ZErSJaBe=R8tmNvPg!K1h&)GBeUjbDv_9^N2I^r00orZmtCOSP#^c^y;5OPpp
z;C(i<MeNR7_AeBZL8K_`-P!hrfA0gmT@(9iRE!=TwC1o!p|-!Tjksp+)PDx#wdBTi
zgLQq4k1qzHk83ebgngUj+I(C8k%OgIp#fblRc>|sfVYNI9rWj!oBN!bmATDa6jU3g
zE8oKUE+=hqL3#u9cHElhr|yD)2Q}TQO}amN2AUh>_!isMcVj%On)>dgW$2H+tSYgf
zm8fzRHGW^Xbk)DtRBD0jfx|4p6Yi7xiZ2ce+cTHWy!J-bEMXu8my3in8E0K|rnv45
zl4?pE^E8g&xZhpyT?aRRC9f8@4;?B6Y_N+2j^R&-0Af~Ua`?uoyv#fpn?=$owY`y$
zj$~HiG0d_E%*wdACuZH9BEmQCLuQ%JvOI=`$*K7iU6?oHFnu&3k9m8ov`i@0EXoTS
zJ_Xioj;ya|L)@ke4BbS9dFpn*Yn=tZuihgzM-UyAA<r|JpU>^X&Oe!yd9;u<0?j_Q
zvAOt%hp);;vIlu<XdDh=Vxpl-Bj5l(ct2S(=q=Rq37ReWKr`i&eb$-AGVQL=G50Ux
zpCe=^9SBlO>eI!RBadh<Tx#KHRb1Ysb?3kZjl*_*mD`RKJxV)$u)#DnZg-{h!_z7n
zr`Mq6*t|1|&*Z|fjWc(lYcz<mH81Jdc%B@cJONshM1^>pkjS#+krWutlzREbp5kS3
zr_#_^1&H(!qx(FF=DJnS@|2GwA*gP)UWQt-oqzJyJttGJrt1A$pTK!(p@U+>p_-61
z-AhbdYx?g84cC&|2UX>jAKwp16LP0$9<*9glkwj+&g=a(__pCbnv2R;ro)$fk)hq<
zdgfj&wsqLr4fm4SIDBTKle^|Ro@lvls7SY8d^X>zJQaR4=-GX=EeLtAK-&x@;?%0C
zu(KcHdo?Jr4zk^!q{nt%A!Vjkl9B&FIB56GDBn_>3iJ5kPN#;HR92NS2WS!2ZISL3
ztUZ#nBv+tF_#mc_1g(h}_O;8&15COu6vLt&P<1Dgh(4acy0zw~X?I+5Jj>l<q)M$g
zKa@9?p|4RG+M|tdyuEuYjTFvAv)h!WQ96(c9HaJc)!?)1*lp{m89MQ5MA>j9N<yu2
z2x6$y)wIYA(MmAoX-m8aCmc%z*Y$a?R4OBdQ02mPfFFq&g8#Kn*4r=X2kx`tga<tf
z1eX?>QmO->^IR<t&chN9U+=r>0wEX2>O$a!yhY9=d(z$DK)0QLup6O%wx*`}k;F`F
zYdkEztzD($cj;?XwnhYHN0p$2&Ti%b^Yii?iMaVEIjkbN0&Mt8PA&4dR2e%%|77b7
zcABFq&umkhsz@;Ioa!|%oiq$?Lev;YIGplq*ePj#7Widzp&pAv)=Ff2@aPz=2h3@0
zADbwAzP-d#a>zG7vtT~D`@uv&&0L#T)lAju30}#us{GxM`KIJ;YhChJ@W<)e8h|8F
zA@blcYTCoK@Py5@Mj6$8Tl?+|eY|g!g#>N;F=mjC2=P{b&tLu;?qf4IWh#`v1-|66
zFExuX)>pLnMVm~#C8d_e``P_iSOrt1^IM<YVz%T^eaNxT9Zcxdgc_9MTlg4h-IFHg
z-`=2}IJOkTwPL3EF_?NIBi+1jvBIB@(KRcl_=J7sLM+YcMZlLjwZ3SE>^qT{sx$V%
zV8M@WZTu1K78>$!rK87GF&7SpvRMg4x5DA>sOJOxM@jP7#vSR4)d#XJ0c{}EeZ^g@
z9;LLiY!T}R-_sf?Xt1o5FThFK>vERVEoSt7$&xSpsPmCx58qqa_rRGkHu_f8t*Do9
zGoepm@4@9$FSNn04_5Y8U-asp-}X8Q$*bgZ>({w%WSF*$O1-xer^4u#kF9OGx1SL^
zT&F{dq1KttGRUD;`u>oCC&*62NmcZeQDjYs%-4mi+*$h5fh~AVdV^u51PuwJBWoX1
zBj%gDrX8m#k1$^U1kWck?lAaGwls>7i!8xb_6BVM*Mmn-;9Y$_^Yg$lol4lQTJWAT
zUv{JQ6)7fvVT4KjKA&cX#B=f)>O}XYO}0{ir{<*One9UP^L15U9o&wxfQe*gNF*fv
z?V*4Ekpi9t|0Z&5=a)hPAJ@^P^YJZT1#d<$eOw5BoPl$Z{}>W16q&<eq@ZcZ?EUS-
z+j>8TA&$)8jJH()`PurNP0+Yk1Gc;zgN@nSxa$Jd&;&L7jN3^0EhJJp5lx-UTij)g
zeH}t~rYfh9FWo(KU~3RH_FctJi`O+sA^lO)`$XKGfv=zUqLVEP7E#7|2}22cC=R|S
z|JWEiAuPA0$-0JqImc9^vhpUu>&%DgCh@tDwW4P7UX3I+KRW+DYbA|_@2vbIdV?$4
zSbFW-^5c5M0VYPCslIdUl7zs0u7+T<KgP(0?*nb7%VV1b#oMhV-Ppv#<FW-)jLz*E
z#US&Gp7yEqkfy3p>0a`^z4s{nQ*F{=I^_amIy6WwR6lXKm5-LP;pa`yJ!b!L{7$P#
z`DV%oOw)gO0IR7eipeC;NW$)9^j<8I)+I_Tb{*<tZ5qdZCSmv1Ixkf%y^?y7bvU6%
zOusfmSOn`Xc84=5S|KgMz=i{@)^{xE2xP-Q(;?hpo<Pm5P9hSC>Jml@V(-g#o-|S@
zy@2>V{8#H76n^4iw{*A=CQ-SgDl&XWH}e)F8mux^d~>(iF**)ZgL({1uRT9yq3OLV
z&(FpnMoBmL-k)pGA5U@(5(#-yBn<a!;mroK0PCn)?YFiu_QS5#t4YKT0+a+eo%<N%
zM@Bx^vRhFzLxmqCfWn6qLQao=Bdhe{@BtSmJk%L>6zOsmCa*)D*1y}CPIrG_OIj56
zj(KfJSWd-e`V$WvP&+iB=lCE^<3p)RrDg)5CF2?>kroJ+Ua8`<>pPja#MK_lWJR-j
z{ZrU4F94&57K*odlvZ-9`=?WNd`hanhT3--rSuGvVk#?l66^<KE*Myrr+Cz&GaNb9
z6hP*3tIW)H?JH9XXI+!XC_}Fg`-2PjGiHMxou2Hx^0d>?r{ChWEW1VqI>9WqLn&*y
zowrj`(GS;SqtyK~Mhj>BYbhGCVUfpc_vZ-F{8>tlxOzX*y-|HU3A)bngqAZeOZpsw
zMc{atD!aAv%(Ma|X#sTN*RGu7t!(ZMaJbD}KAErF8UU*KRzg|ZMW3R~+S-IyoDGo5
zDQFsV)rC@9l;yXdQ#R{JIw`-tSrKh77JE3qYqG=Enq?_;PC+)OR&ri3l-}$W{n?H0
zpz`Xeo}p)Z{Lv3LFtD|iDs)jg`FkdTPQJxY$){o`L2|yq-n;EcitFfoIIKdhEJ^eS
zpWZY>_(Hmwq;Lxqb%i(LtdkGbsMrcUuz9N&&uW~}8#+_HQPmCBwK=TZqE4M8yh)G@
zj(}cMFhOAzxOA0cW1W&~<0T!s);KbrXDm-MY3G}LKvmuq;I{NUcWR~RJjEonb*uc1
zKyT;wd3m`gX;P@>Knu6=&NAA8Id2?5J=W!p3yq;!YWD6j3Sf^s0Y*^Ocu4n*%F4>3
z#>eZS7PEq4nOrR9QBOPn`PQ0{nuRtuqgGz(1*{n~1QZ}sl8C}g62`R?*(RCY7RMYL
zv>&Lu%Hg)rlEEg}i^|{v(F#Ah{&bYc_xR*i$vMf(PeU?+1rrP5ASJD7zHSc>ie~=)
z@XgcTQ0oq|5Xt`X$!4qxGE7Qk`8xxUqq%&`7CXA;o64$MK2@BkV;U)c7e|bITkioD
zv7;h*;vP$lioW<OdpvOpuQ7L6X~;$$t{|39AI6Ht-|}3QtMSLKTuGf>7;l;uT2QQ3
z-9s<%=6GSVOo2zd<jheaQNzkN1m^8%`{K6=ye~`>n_to?=zj2OTz74{K|<Pj&~xtW
z9InX|8@m*&J0)lwKFkEE26Ox)%}iZ>Z`gTu_b1v>VaGQFU<+pGQcu=infNi9+>r~7
z#9=K<rvDWc@?w<^!&Nm;Y^<^YwDl4~7#qM&eEsNa5IzRG0zqX%R4m4?x3(H*kzgW4
z#35b;;@&W*xc>eT`1CbM06%TEe0m<jIKw>%<Fx=dWrz{K;g2s9-?CS<Tt)9yM+^TO
zyRUO9#YL9Z#eO#3^sfcZ)eQzLd?bbRys5%27*5%s_!eQ$&w)nHy=I60G$8o8JF-wj
z4_^s?06%w8{OcJhNIe4MZ{uG$?ffz5Uq9)q2p?pM*smuKfBONx_4B{=DLI&s%YQ`z
zpC6L04cU4Bl{OVj(=}qf{P)vU_oq)$!L-Hy6%zXbZ|P6d6^46q6TM`NW$R(+=h}w>
z^Vc?#r7w|BWYBw%4)o0!y>$8dc6<b@EIvw^$8x{EQ;T|$g-suA+SToh@XmH{TwixF
z<me&)9M73>?a~x0zIHhL*0viFfkVCPAe8OK95T+xyqSFMBk3Gy7Z&?`(R$moEkWV(
z*n>Esbj5JHp0BG8m#4|RQtPVF-(bU~@k{>QV(C>=f~f`dh3EIQz<XnQSXn9IC{3#8
zP1=pk46CM?c(qqLp7Wkt|9-FQ#7m4yM2x^p2^S+<h>JWF;J@d+Low*)->87U+r6cs
z7dIOK*$R>5B(9AJsq3it=AbtFSbKYMNH$=Pph;a=Lv^YoL*%Lq^UzZ+l+74W6DXGa
z4ep(@d;gX{`rtcnHx`5?j*uNso%SF9CUg{lz_zn|Yr%wgeiKU5vX&>?P@4N_+dT+h
za(8c!(Vm+oJL@dAGXNH}dbD)*l79jt&*iNm*j>I1SNEcoT}S)l0yA6Hcq8qMW2e@P
zR{;m=iitd=*mD|3sb@nRZZpG{l^7>LCKrbg(xB8N^3p3+#Czl+`dfN-%3iP37H{D!
zCJ}6ce6bG$t<jMaQp;P2mWovkq!>B87HOHGJe8Tug?&P3hrObV;7i~6^*|c-8SlPN
zj=E^?sfSCeEcv^y9XCEmg^^beD<Owx_5Ae5vjXU=^aa@%qXT%i(Jp<BF0>o>$v$5b
zMeSP&XN9`&$17MD)_A4vIDkh(+jW?-%`5eJ+a4kLFdR#4EI-=vR)&{Joq4tD;C;cS
zKK25H3=NIf1nv5sQJ(wpxaySGA#k@rqXaZA7N_ig*>J^>#PP*0G`SXAp7zlON!nLS
zuwgyfa*DzLlC6dn&|ay|I5>jPbS=_#aFlsUMuJJ@+I0}U$B!h0&6ms|kaFd=NGtcz
zZc*n0WRH^Ly7ciSe`-~Uw!<RW6DM`;w!^%|t^Rr5W;ZdFMLi*Y{GRl2iXr&%B?)e{
zJ4mPkhpQ;Z^&*Q&lk_ukS}#N5(`)15;gR7cpSZ$qnwTWIE}2cMw#g{t+K98>{PtM&
z;XlUsZ+x$i1AgBbv8rMq3g&L}KJhD~ef+7H+6cQ+uI<LiZ+wxU&TaB(bA{QZhTAZn
z$i0EXoA0j5e5T#ie{<6|-COA4@~=mmWY|#L>6NTeDgEwII8An3;+PhgTUBvWVKW-C
zCtI)zVRG?Q$`1IzEyRPsZJV*%CdGKp8Tu4r7Hf&-yVdKM3623{rXHSo)(>~h)5zoF
zpVvji&M(a|e&i@*d_`X{TBTkwV@br$1JO9t2ZIW!_%#ntee02dP<XWJhh?C>BZB`P
zZ*$v3p?~JbYEol~-Fao2?A7YM{j9LM{77mY3`rJpP9GG(2Hj^g)Pqg4T>ER&+=had
zF8IIwab>hxF8Yc42IL+lF1(<ll=WLrF8P1-QVT}QS7w`WDX-s(_We)>jC^ZY9yi(%
z|HYG^B~0cQjJY`N&Tl9#DKSs5x3;d&wq`e-;}ZPy`2*8}><@bHqC)-HDW>PL7pQ-1
z*q<-=YgMK^+Q6*nt;l$BwJL<+*evTh_t&VHN`8eEwj|^1saL``XD1JK2(=^`_4}1G
z>i7KGs)}fG{cs;WRh7~6jiVK;o)<1}bEr;*>dq(It*`+Gzx~_*IePIp9TB-iIuU9k
zh2vD%e+3WtSDP7(GEOG9QKQ}Ej%KNS!i1{#4Zr5L;cLCp@P>tdy<wPStXV$Ezw?G6
z?EH0-i{&6J9{IQ4aHL7b>7K7e{tyq;Jb%W64sKwO6n6i&KW>NMPUAOQuMw1LcA(&M
zZOc<}Uq?fZfu%wc_<t5Tme^I9hxYP4@Z|qvZU6hr%T~txg4w(MCZeJ{y0N{$?lhEG
zKGr9ePVaVCN-O~ZYaqGV4>#)-F?OBziK&oxJ~c5EydH_?kI})!k~2Owvk~_#3CR-C
zfMGfO7-ryinN$zhk@b}5H49yFz~7m=?$8UHJI*J(!|VD3MgJgHh{Mh(KcSNS?^hda
zLjKR2#huuVAn>rLi(kLU^t_aJ-;9T@AN)Th8)ZH8$(69#LW&UO;%UnYhrr%nhXDMz
z96r#ffcg1RmH5jB9#eu7xlP`S1=#k78myfQ-NlG;0T|xnZdPvDI~#EM@sd2U6BaLv
z`eF1tb7i~$g1-!5ma5{B37s(nENiNoJ@#S^@Ky}Y69vQ=#6?`_LXK?McZ<@cQ-|<(
z>Z=tes-Cx|%e<n5nJn|ClSf=*-p(szm@k8Xak|Y-7Buy6D>7X51BlIWOVNs*F6wB<
zG>Mx~I3bTgxMZVrX6G=;&vUMR>otQVf8^YTY7g?gmn>5K@u>fO&&i=p=*Df~3T7G<
z(ROR0z58xNISiLCp>DTIf*GEjX({7<GXGGW-*5a|F|4{kI)41bX7SGy-IQ3X$QOIi
zT2qF-`=w%<tda)XDscF7vP+L8_WJhyrxSG$me_m_?ZP|cNrC_Tt+1BkJGWkY!<^5G
zZ)dwnEZbwznda6{>uEHSa&ym#xh5%}k^6(*tG08fjU9NU<0hR!x2h3dhXqh=<|+AB
zwCA;1;GL%0bif<!-8x(x&Zo(<!IT3>XZS7}*@t2F6DTpJdRYN$YCVG7C}Tg}B$}su
zbT%|iR1J|~-U$m``!Y0n#wUOALjZGvBC}UJ15{|lyGq(oYqn)9cteGR(x7mcBaJp%
zclJ>y7hJK@QM6BT3n7x0-S;&6=X~(Ty8g#OG#@m29eE9^vIf_xIYxA;fJijaH_F~;
zRj=)htV{l0sOccX-E{rpG?`iY;X0LWCXNy>Kb*tzl0`r5MR%=-2Y!az+{k%RhuSC2
zsk*OYVT!pglVFP8Tt;bM1UsB5XlZm)VHqM3-Gbm&yZ08wu(A6vI_8_vp~>}Qi(3CL
zTNLdQ1BxM5pEn%`jTDTgfn7;<gX<q`8#gaoA;KEq0GC@~G1|J1v@u5nxS})0*P+?R
zn0RSUZZ1zREhEs4i;w+eT;@-9%#XEA@fP(wfj4}hXbHNe6QS+Cmgy513kcg+EoUGn
zVSIvht|fAf!@v$$Jh^8FdKCq-Ki8ob6?VQv+h-&5Y$8^}>U9RP%$IOzKiQZNGXr(>
z354q4PF_tD%!5W~EVMui5X}^{`a<`Sr@KR=$kdZ#4IC$-`sl7+1{eHW-Jo^8-DA0p
z%^4P0A3FEnO!;Bwq(8^w&R*GSDh!7&!`RQX18tH&mb2h7d>_=zLM6T)BovG@@g`yX
zV2&H)rM_5_=}*TV+%D@bx=&Kykd*!X0CLI`N_-oA^eDwl!s7*Cu!I58E+KkmKN{7Z
zf3g9xe*AF&6B}!fqNUz_<mU?nMEu6Jx9oB8z>kQ3c=SO9>?w5ebGMUwt$>Y!`G%R$
zH7?{5JT>UpbT=D;mm|<oB{+J|!_Ih)R^Yypm#+KRgSE3nX2@a}T2yC6N(~t91mX;y
z)BB!B_1)uNX&yu*Hf$|l-p(%(Ql{2&@gm>_X&djpa$v>T3F_|R>WGXfAg(JyAAdb$
z&|0HXRuvln9JYL1p}x@C<Ai%bg53Cr(<kbWn;3vN!L+3LDzK$`bFd&zJbJl>_*}mh
zX4NiCkdszzFjpO;>m>!>$Ozu+eQNu&tKS27Z%1wWY4O70&+ji7PH9K0HS7jQ|AXdX
z>D3!t*-vhSMrpM_;3^a5jLOiaHn|W^1Ss6lQjVxAogY5%Iev_+a=n@tB_}BT{h6Gg
z<Kky{!?NQ!=*?gv&$z%sXs|WdEU_=E0`6!ca-rsTuPU4y4LlUa2MbU&Ki5Bk&k>47
zdPaMA4Fb$w^N}JO-{%^T@xN&`@#-9CDp2k4GEz9G5OTl>%nzC4L6FgTJpT<_u@rJc
zz$3=VREj)qHr+ld^f;_%N{fh}A#mjwj0Fn>o(f?KF1#3deb8Q|1DRGhE_RzAouIbc
zr!yuO4aU4UV1y@xu0F{+%&LFGy$rlu2cInM>^@v^2~G$si1O7QgF7r2cF=1{5TQWX
zwg~zut5zq%jfp59#wL$uhpE-#vq{J&r%+1U`75REuh~uYuQ>gFFLu5;N1TV}m^?*2
zz45+xy|ZA`(8b{PIr0qVooqUR?gC&`a*RnA+{?3&A{+-kqpxz09bZELYVRGocZWYA
zpf=#xnTRvAYt&hNJE<MC5HU(G(WQxoGw=V$(+3W}i98hTQ42tq$)O`=7i!blbT38v
z-m6kPSw8E>Y58QeJTEmnDJkh~#6@zC_iHa{)-FDIdnEDM`_Gyhf-i58E2mwFuMs<i
z)>pF}I^`0s1(7o*Fkr}y=%2(Oy;II_>l;drp8-u<Exr^^PCW9BpIiZNn?rNHcWoXX
zKV91*`*g4D_lU(pK1Vox5|LnJtUuapP51Hr%46=*u4xe+Yk@dgLr?y<BI#3OX%Ca&
zB95*E*ws>w%foS*!UaU)sq^Q#6A{3dZcz&{51+3!ori9E-~nFz?HMM1a(#CI>8PK+
z+PMLE=Rx)@F7l(J(-KFMoT4=5?+4jT_v!b~XTn7iQfp4uQO(FW=fRIJXK_VO>LB&h
zfawZ|upX&o=;10%BKivuUg1|PWZMuM!L9c)qPc%3^_VDZg|Of9blKXF17!itS3kY>
zk67%6c{ro^f{?0%F>2?czjfbG{=9(LYjC4T&{8AA>~g;F#^d2ba&l#d;hPkar`I`F
zYmm_2zTn%(;PS_~rnyG3CdB1;WPCU`{TlbEmPpAMP+sv-eCPcEj$QQl-FNP?RJSM`
z#7V7x4UZ*&EwZUy`IJz(CwPe@Kz38WGgkOKJ@pB7=XtoKY^Ngxg)XyUG0mDK-C;PD
zOVLFUrouj8%yMRWbJ4g7I^&uzpea~!XY%S#X25u{cU3PbLJi>as|J8<;Ft*ZnAzty
zMqn);!VOVP_xU&}hJMutjNQBStKl{W91yjs9Y)#u1y;y>$E7>m#ZoK2h4LYU9tlgu
z$djthpb&|^$6d=z9m8;!h$>b>7D7B*A%ubMB#iEa>1i2tSq(Vmbj$BCeLNg#n5I<8
z_TtrW<}%p2TA5!s=SA-IUZAg%`!jBgn|~ZQdUT$x)=bVzG<m(@k3QP4?s^<mdA~58
zKWAgD6iwc(2J#8dOoP^oo4-0aDjhYwi(HpLL}mk^ASFN4k<vbp@ctSWea#)!>|D#I
zf+6SM_Kku-skSK9uj=h<wf$9KN^?Zh$ofboXta9mt}apLaD262d6qm$|Gl}r2iiWQ
zuN+iBN3I*nUL!h}@zYn|@MFq9?|AKvLPpDPA*0~L?Vo$8n2;8H<SjM2VddcP_ABzF
zbTN|`9z=?B3->!kBex?PFA3@D<&i`eoefs}VUCNC;jD1}%%tbf$DbLUjZ&@)XHJ$A
z&zRv(*rKOt)X5dV;1F2)F^J11W`0t2>|rCi8Uv@ZWr8u>7G+35#B4CoF{g6}6=s33
z`@1a~U)OKr`&URyc=b^;c||LK>~U6Zeu2r!o39BdlXWSI{2={~3@Fi~T`ObVBBs*u
zPcMF>0E)lv=hg*^80Cg1fUwp5c(!2(S+(?|9KR#O6T?Gw<q+l*XLv%rTDo5~I{PJ5
z-7_TFH%o%aLbQ+$jFClMh?vGX0;l#*Y23dKrf^UT)v1b16(gHhg&RR!O7{ug!&=)y
zu&3w+9wylKzdz$+2e;vz`Bo}b#cXusY!F~2DN@u>7>nn@YTAVXCNs5V(4!x7X&E}#
zW2vlKMc%cZxvsx9KU!$nhDX*vhu!BO!QzLvU!If3dWPCXt5x=H_Vo=EmhY&bg!k<M
zI19`?Qu-FDu<wQk)13`3k7=YDlf3_G`};95W++g!21L|bxn_%w^baosj+SSbzdIe0
zd|Z6}+b1m0Br14s0)(C$w_w|(B>!ueB(UG-LQs2H6lebMJCiVxBRKlrQX%fi`dFrs
z&*RUU=6Cz%J3Bk$j9xyzy}`cDVcbTORGz5R+x-nycIx|yQ<_w59mjwPle6|l@Sf{$
zl^v9oDE)3*zXnd_lUn!fcI>vzis`!`V%`XcjH&BzWQ)MVv9tgJ7`DHz_)<gGk^QKM
z8G1?&-`7|0!wK-mvVtb_^v{elbQcEc0mddL1&{?r=&ffN!Pv9ssE4-izsO=MR2G+4
zy}qIlDRAs@CIdfQ$zYr@0LleBm%giYwfm{vT3_Oj%<u4b`{HiwTS?t-P~n6|?dGac
zc=?#9%Y-BYJN^WT41fWHfHo_cH^5{MG2Jq2vb{wkG}{&Pxa?EmKamH&z?&bb+mk$s
zA!g4n*S%Oeo(gPj1ER-hJ~-3xy9Hf|*UJ1DDsL4u&zGllCje({;vWYup@Z;2Qvc3{
z%U~O>nn;N~A#f3J*_A_RZ?3u<UYUfvMpm2F;F?iMx3`s&4Y}Yh8g~B+10V_wYsPYQ
z-8Z*A$A0^GS>{7%YC42es88xw)TThhH;0Xs-+#tN_e;94nPxj4E<dyD?cme9Ejeac
z6!T1y`<n$b@u;XEMM?K+g}aA1XiZ|fo<9x;G)3wcx*AJ^?Kx&FBY0QDsY3h7!op_p
zdFjNFMYvj`qYt<{>}1zdOGm6uoqA)uljL<3e>LrS<q?qXS%bJHnkn&i{MhwvP(3y`
zk<`v^8t7cT@p76B(<qsx)-Nn@^BlpxvU+AKh4^I<V$6hCeC%u~n@!Y585Nun<hI3Z
z;kVTNy)S-oZEo*Xx-_$4Jke=FEMX1Ns0kBp^Ugjn>X^$L1F$1cZ2ZE%xw-Hh?+$&B
z*e|*+T?m7|^fCkqVpVE`PjY5odV6r;%lL*U-A9gU)Im7{VqE@k$rXzcS}p(3tkAt`
z;!j6-GcApXWF*M3oFCH70R?)bE$8tKHt$OZ($idGFB;!At?o4NXxPmpeo{w`_maa~
z_7TwYlw>Gi?<mdGpFrt0<*(N`+VPO@P|F$^G8gKYgbL!(1we@c1I%Tg!{}D-g1HG&
z6@^kaT6bxdq5EgB0gNtuKx7b(2QYzf*+ZeU@$*jk-uuBT&)~MYM0A1RaUg-m&K^gK
zGYfiRT_N^j2Zc%)ZpSI|W-ExrA|1cQ;-6;)#=Noc!;t$EK$87*uDsYT%VYKCNHQ2k
zD~~|bD<Y+b!e#o_VmcAyTZec=L?6t)$zVh+pS8mE4<@m?R*$;Ftd=3^p1eBGdEKCf
zYC9@sTM!hn&uhTjLk|B<PS=_dUWd;wSRGJBP{18n90kN!(3gl9`=Ck$VApl`?Jf48
z@JacB)?E0fV%W?daN95ccU)eG?QbAs9aK2}myqwzs`K9g1dkArikpm#H*E^mv#;5)
zg*zq76wkYG3;z@1i*fEzS>0}~oiTXv&ZpO*WUQ|c<hW_e_MdPoOF-Lhw2*XAeZ?1S
zC**|zx+m=9_zsj<hyO~f@A6@C*zj6Tt?!(=U&;hn(H*21;{If%x)0QdcYhEVY}M)n
zCfJ83en3Wd0oecBGv@zks<MHL-Ayr+%0>Evf+2-H-{_TkZLp2)=XRJTORb`@1a|O$
zz_veWod1?0`47<ZT9wGcPu66xK$CyL-ViS$Om6)fe8%4a&JZHs@W1>w0ApAm=SNxv
zGtx~WY>S~%X!F!dEXFFoiOtc#B?~`EHVjyp1y=gb%uN*vK(h<JM#m7jBitiRbM2}S
zxqoZ@{~dqyA56~QPz#BBvGFmFl>QyY<?p5kUM$<cN%#B>8324M;voM&{qZlwy>=L5
zfj^Ozn<ad$#~c4Qs?y<q#=)Po>;P!xu_zw^5F7ht=ml#wkp`1adAkh>Q83=$uNC~_
zR^R5lml9v{U-9fBGNB|}`1@&tP7b=;st_hm*v9Na!KP?&aZ$y2?cs;G2wRu&Z>vuX
z#DO^Yi0iaP<wA_CvnRYlU@O?a)$Ub`hr+of=mfPnQ3!^Bdz6K!+&$TH9L@m*D86!K
zdC#`wzi&5@jJqSplCdgth9n9Lboj5%8lV(^vEf>Wupx9J4&4X_T?AKy1ZWz5evelJ
z!~MyH7=QwOJ-%tjp__r?;a-!%_JOO095hm)=-}de+E4q=g;eAp5PDd)wJO4=mL?t^
zKcpBY0QxV&z#DWlfq*O2m+bt7t^9KJ&-M;i4V^|pBk7cjTb>Tk20e(d1@2CVDW~`r
zWHNQXG8tlkF(s8m*B*njV+Y4oh3c*-$0PNDf<Fqb=9?wnRPQt2HK)opbUihh6ZPb&
z`%o1@rmzR4hbgRE);?4<H{TXWrKZB1_3a7Ya~r<C;1}&gT;}f7DjPCAj$HfEH&R;c
zxE{}D_I>VC)zDreV%joCTI*?OvEIF8bDaSrfh&wc?6du^V-l9f=Xg>o0fo}-$nO^J
z2{MKyLdC$ee_$`tCctCMNMq!WKY6|dbt+*25IZiBiO*iadl_l_bs@$e#eUlg2m|cR
zdsizV_mU{MUbqwBhk;*694v%D_=(yd#|*0D(AP?{Fo7iPb{(zR{5GSE-Q&(Z=<{$R
zzz=fWkHi>pJm`b)ROsJOQe6MRe<wk6QnBXL)D*6f^Wz&{*51kXuS-Ui*S3&gUSaZj
z)8K?ccXhxn<}g+m{G!1vsqYeah)8e#>&L+(oe~PP-3A<a6hMqTr6`_+<)s9C_0I|U
ze;+L<&}u&gpK!myr@3PRn&g4)v;xKgm}n{t>y00~@8_ezQ`XA*1_I%&p`b>IeV1a8
z36^W5=iw#_&}%@?TOi9{hyN7~U%ZMV{U{00<#}xx@YIjN8lR{Y*~=D)5}x1YPg;B%
z2#EfZ$^K7=j~W9lvz#*FpqbJ_;si%q+nxk&R=wg|{GtE!g1Vqf?`8;nkqtrpuM;Aj
zVhZbnvwJhUFt9%PTfdKZU4J#0yYORyuwiAkJw;-P-ySkB02FH<zsl1|Kx5%e_aq_M
zh3G;Gr2o*t{b!#K#8IC5p%M9G1%5;gm483wK<UX*qWt5J<+|zmHE3Ui{=z#gd;M@H
z9(G!`L0~-pBQXBMevtd86(jN=KJMQSpO2_=Dr*Cklgne23zYr~HH=sIrx>20nxuiq
zc|j`(w?uu)Z&U6o{T76A@OG5!n2a(^cYbSF-4a}_Kk;K9$>INQ7yt9ZDmdZ)H@p6y
zKmY&lqhEpUKU#l!Y|yxA8PgegD2|+wC|vq&)gnj;G==P9DW6BEuu3j)jRo(MZ@ooK
zKO{lpA@7)MvF#iHK`Q@sf4n;ag3G_9nu!V3-|i4f{=MP6?+Bzd(2qM&h*-DB|3wUr
zB|(Q6>;H(^^jkpb_$la|D8%4hi#?$z24f)x6BQGFl>g&|A&0g0cb_M!hyE^rpmtfY
zL^~wNdV~_9(Vm{36BD|m-QSh|G3Nbe@2Z3kQ;>F_9^-Jh%`D*JUq`Gi1S9@Ou?6Os
zM<Grlof0c^{I9W+BN1Zd-)j`8iP4heum2+O7PN}AJWIP12GzoiN|$s5L(vge1&XdD
zPv5ihK@y4a{B{Ln`X)lOs0(Qn|A^3^<zZR5MNTHyodU?-{x`@Tl(h%Ee>OQk(92mZ
z1$-_MF62wIOS&lZt`l|OAt(+6=E2ZNZPO~4Q;oobH;2Ltd!xvm_d}*ERsbAg0=g<!
zm0Re~$ATN^dynu&t<9Z8SaHK|_=E_S;U&PXoi-I;U)vQ;k3Q5$#{&tVU!r>aAQ%;0
zMJ}LS(@suK@q_D&C1*Mh=Oc+H1N7r*+nf=)MrNMm9INB`^;OO_Waru4!6@NgSPB$L
z1902+v2csJJ%u(BV*G0ou2-NF;eU<=smpNNjCA95jBm3aBaKvK@BQv?^zxR@shX0y
zXX~ghbP|N!#n#H)MR!U8QjfM1I)*2rKhQfW2%^#=nMSy5&K}!%*V3tic&$5hxT%G`
zMFi|00|3GmGN>3%y^t}&0aJ=T=-;<YIjcG44hpfyT3EtV=|7Z%u)l=rLLLQDzLX8H
z;?&cPNBBN!C>FikXy|5iMD?zPP`{Jr!R3#t*&0R)3(%*&y#N_)>4z>#jKrJZFF7{E
zbRh=dx8cklg>dm5x0rbdp}E|DLUXU~-kA?JjV&8CTJdf`7~w%!Zw@d~DV`PS1m@t9
z_E$(>PAA6odj{Yu?G49KG;{s>wZlNJRQyh^0B~$n;73QkybR2y1(22eNGy{GPO0&z
zolW~Q-1HzAvR?Wy+Wel|Yvk@V0?HeHWuDUeIeAU$aG61Z+satx)Kvqoh4Xrbb@cqk
za^d69jK&<&Xb-A`Ld>z!U4R@bEs6oy9sgUuYiIj*+Dn%MPAtU9y_v39Mu7IOmjV<H
zOv3u-obRhae9=;El8mT&+6gy={Q%z4ka2+capPVP&}C>xlRfjTTfL9PHGrM4Cc1Be
zcxP$BSuVJ7x~v;oj8709?-lBz2%l)lU$m-cJ3V55-kzVi^nSMek*2Ly$m<j<W>Ud~
zm@|tos^)Jdm)6#F5V!VgNT7>OhMiu}WXCdziVfOdwG3$7IE;}PLfwxq-Q^Yqvz=ol
z2j>i2$j%-engC3(qRokZM%TU;ap=z<fsTm6-uYzgxz-S+W9R}55%80o1hzWQ1~v7i
z|L8eI419<8`|}rYaQR0g&qTHE78P!fe3Q!`pc}hr?Yz?-1oZteItxjNcLK>*@!ZI+
zg7LRCBZohE3%Ue_8cy!}Kg@k~Se04#wt<0yl!yq3Al+~X0Rfc|5D7s#qz)h;inN3Q
zNJ)zvQUU2uQd$YALklPfNVjy?x1Qt7JLAmz`@Y|w-(1dhO~5(Nv-jF-uek4fvH7V%
za%f_%+7=NQ`R&d#LMuEhLYtY{8>XmySFDqtKpBM0EJ>scQsYmWf~sO+6ViXB6uK9q
zhvP@WoL4eY=>jQA4Pc$dNp+jcTM~-ezKuAb+Vpd61R-|)^++tpYK?8b#-0biC@0ZY
z$o&p4Jrbf+947EH?}`_t*}4Su6KwN3<k=a=5#+`=5WD5O`>T)!_!-SR2gA;wxnMpv
zGN!zQZ5)&ig<#_6bG<>xlCeO8h_M3X$hsAO0D=6wM;{L!W9YlfNexX?nGm5y)8%T~
zJ)Si68;{dWl^jeEkk8+qEf&1IyyMk08bGj<d$fKAES?!*=M4n-Rma1LwSv|X8t9J>
z(R}eRirS8}D}gZDDp!uDrwLIUPzP{MNmalO>%r^Na`u2WdsI5R7j_}h^CQBX6khvk
z94ow$CL4tt>i`AqGzAawMqQW}D_8z&A1~r?P5&{iD^qyC%9Y#*u&QE1`25S09skPT
zjP?+$F7*PC>qd*^6Z&LTYzLG{2cTl#MnEN)naz_p5=0}~E%*?6c#%*H5$sG#FyUXm
zB^&7s!llh1Nnj=-D%zYR7Z$q1Cjw$5M=$>7Bqn>nM|9@&_e`{0#I8^pRvfE0h)lyy
ztCDD3f1xWl7`RrQ*qqIS%23S`3YXhnQ-|ho3gT10d+hHPT8t%8f}e*Dunz({nwp-z
z7KwSOic5t5yzKsq2m&aQj7C1#o8+zv2qh}jibAGUpwQT}s5<J0Upw0t(!imfG5jq2
z5(jPha}Nm)Kng^8KykL3^#XR~pgzi>*#N0(FROYGqr>x^fuLTXhk(#6Qa(BC_DpzD
z=$qgBFmx0;TBo6-^_S;wYsCi!K`YJIx}WgQBzFc%ClJk(&zme@1TeN6;S4!OySTQ1
z6fpXI?U@-vBFd%njiaH2V0Z)L!IG!m-<&S_0FD1<0DS0`Dh6VLnSV<LUVDK2gu?!c
zj()jJWP`tnVqF97Q6Jvaj(kw49bd7ak`Xrx3>8uXa0I9Nk`l~-;-P}5b4CFH{2Kv{
z$QQU?F+LcVQ-;4~Qd^Xu<*<dRw*ARfrO<L^+vUR!f?0}D8t~Y6%LCcYlCF|?=)xsz
zHYmB@Dhlko1pJabpx}M&0+9wRGWPpk*sc}B<~&#FtP!Hlq2mFwu*Z@4n26S!Z483q
zl-bBE?7i#II5+mnU;x3_G&tPc<s8C+72zhE=a`c_g44tJ>o)Jehbo~RMR+e1zHTk9
zTV2Kp-iWcT6E(qD;MvpPfVvxxaOCzU`OE+A^$*~=+(go4rcMDUrOj3#r3~Z$wEJG-
zyZl>7#|J}jNButs>DLLDl7WaSL^$ckPhb@hxT-ggabwkhme820($tb}QHWH#{^krG
zU%^LmwL>dDQBsk<^_0`{aL|CgQ~WRXPCZgvIC{M)3vsebu-a%-KWyzkxkp!!fRK`!
zv*;<@5>3k#IEK=H`>DTi9&lFo-<5WxuqOBOzn_4@5mzf%j?sVrslVy*#8o0;Q@!rL
zxLPL1adk@a8xWRT+Su5%TG?23c3a_p%M}Q)NcxS@gL~?<lQA!TTc`tg@<=KZN~3JM
zd>m3C7<49FrGTWsT9vHbe?M2q5xZ~*sbhV_XLLAdm@KvNCK+^lBK>$!m%r#X^)glP
zRDa)Jph8#GSfH1}iLiArFD1hClkeX*=k+(dadR7#<a4aG`q|=OEsv~E=uy6t{G|=<
z_O8%sWOp1J(DKB54_TXg42}fbIQnSRFWP|5QQ}gqP##i(`)j99OWo;Q^^VN>nX7g+
zt9B4JcyT)wBPJDT!PNilk^|1ScHFzPJUoFVYgH&nen92X7@%cJk~ccM93?z4iBVuL
zr)~OeIX=#kZA^~rqr&u^TLV0HtRGI4=ky(Zq3<3nJfuv&edHN6D$m23&{GV6h08`b
zp{e?2u3PBIAH~gv+paAfd84i&&hfu-#P0kcb298G9j~(7vu3JXd_rfNJZ(ddKDuXb
zFi${&o^EF~)WLlcOA5BAbtd<`*vKS_4<Dm$A3suc{m=VezcP$%m=LqnP?B&_Ynq4w
z=UB?8y$r%me3dw3li_k`=Q~%C-zVrVJ#POS=j}=N#rq?3IlYEArJB{e`RpAi88s#$
zFy{7zR1SNjy}KK=daXX<TUu_%zm$*4Q1;%tPm8uP6|Tqfekv2$bd$_i=x+-8&5&3E
z9{WdWSxsIZ-wD%T$?QK%MPH{7pwF7E1eMD7_fmmYjY-2P4XGzL=@-6PJ9hW2SfCSD
z(bsKNm_20D@wEtM8K)QZ>y;-p@WP3m294wSqU5)?PO8soxV4t%!I6kI-xmQUxyjyL
zoRpRx(W5UeTP4dHf!LAXPi@wXJFSUv`OF@jUKs^ko{bn_?Y!-`L5M#dIMWz4g1DK>
z?)P;%0S<236pCM#9yGWg9l)_^PRT_2&R$FTjRcuWd?hkX|0r;c=W;;e$7HV+X~QaX
zeS+jmZ}RttA%}u(R}+*yyZ1y8PqROcr16j){=YvIceUsS@Q{7;Qv8josZ0mzROJMJ
z>v{<Qep^Gxb;;v@?t1~d5>$p|#+qbn2&xpu`HX)HI#rNYDuLR$if-Ur`$LAw{3}D=
z%ZL_)>KHsh#lSBL;~!DiYXx|#+gnh%TxR2_wEo4VxC#rF$9H>?9&5sd`pu0KAAz+^
zrvmw#+A&RSW@5CwB<;ORI2J0KnI~pp)f+UB{&M1`r0^^q%tp!BjCVVQ0M=Q*ntTjL
z`%D{_j%?6H|0cF};RNz5LXdO%HNDSQg!t53{QG@)782C$mgA_Q8Ny!`{y&aWBLl46
zTcsKWjE3Q+HE<V@o*+*2LbcYPC#)EYz(oFY2VFUhM~qIt2RFs(SH>2x5MUCzeHg;A
zY|~>%&{aKD>d<1pLlOy)wOM>bu>bH(%_S<_***IX`Q7YTAoBOJ`NJKU`3B07Bg_9&
zIg%Gg<G=m=ILe+|R1i35hdmEeVGlfDNI3{6<F(iE3s|+-n}L`!C6k9!{CLP7-%4i1
ztzo(ltWjCI1r?C+{2&xmNwWCGpk1PecV(0d#FS;H?m1I~(eFgySiOI<RCC1clkbeZ
z#%%xqO<^%VfMpL$cN3j@0heAFj+UDya@LS3_hc;M-)@5Wb)L?oh9)>{T9hnM@=m<+
z!7%BY?EYv&@DYDJ)-!OGrEQ41UK>cJqHccb4i7o;rxrltRooTx+80@*`whIEHU62j
z)aSsZF^_Qq6I9in2Tm4+2*PBJx&~jtswvEZ+Zg^3ct>(BXcd*!Z+&`$0KISh+U{c)
zu~H6i5P`ebtnjf>PhUR!MZ6`0=C9gNsBy9{g_gu6e)wR;MjWGh`bU{320%ccVnB9l
z98t2{p0BI~SvC78+amxKbxF?4>pZ^=@H##aLDN(1ZCHM7Q?}?$2`~?_QNUQ6#kp@;
zbhfvLn2~YXXC`D9l)X9gfJPSzCgVwAin)4&kkdCqv=z5*vC=m}hiI_1KS0cb^9H=r
z^cJq!llv8l)#nf)x*n-N53r%aMf)8$P3|~&*+uM3VPp|cq7S88^(!iYvU{b6-Hgvy
z1-Rx_onViI{7LZBDgd_oI4U-V8(j2HvgefLf?Ac?><}&keAW83DV$XmYvj)vVW(PE
zg^Uj}DVN}?pCCQQz|RRyFR$2ZAwAjy%(rXo7jRP}0Yq3hgG@QZ!mP^R|NiVQAU-gw
z@iFewA07~tNzS597=Fe%<v8o0nIpTX_)P`$J_7&C1TYz;&UyCZC}-u_U0y&EUR*96
z+-<=z4UDD$izt68x9!?V3;^z;5q$+&0?h}t<YCs%+$-bSeaHktL?<jzV$TT~PBq&9
zQlFN{FuAARw*R0ZlST|R0nQjtTmXyr0<6v<u0o$^ggPhu%W;TY%JG3Jp$w(;(+^9)
zoQ^`m;jHmBUmjp0d!JeX&PLx54=iONs6y>^wuwWkQi#ObMo{D0^qyW%4&6J&Z<|#P
zy66b1J^#5lD77@hbN5E0qi%uX4yz`WI7^j6b!sX?W&;K(;!#DOLhz~^%xHhuFqvVY
zAPNLr;G%eG2b&kT0>!LoXju1v8f~ZRYK8%DwMy@CYOFN`@^mu0miKOg0rLHaPBB~b
z=_pksQhIQOvX{`aV?=_aR8TDv?(FI^b%)V`Xzx5ZEHZU1)NNVYd{kSN2LBQptar%#
zAXFo#2KN%zk@KpJ9G|WkDQy05*Pt7C$bOClP2@Dd1(xNEkCN77fQvhL4|M)apEDJ+
zq?$%(eTLGO0D?#p5PdzQhzup&{47*qm<(i<8CJR#lIzqe5986+8vw&H5gc@V_{hl<
zgI4)zP$wNZWw4h}g!3(T;M!Sb16OM4LG}9uYq960Uqc*mx%HZgQq*qaSO~(;Xa-2?
zu8DbDX0Hp70IY9~LxR$(zT1`KZVHIQXsx-383$ikzwfuMMmCUJSBjmjQmC}2p}`@j
zb8(&*ZV=PTLu)li#OCqGZQgPt()q`eV_2wqSrDa<=74RQHM36wt`6m5;Q<7oW{^I-
zhojn$z6UzJV53qlR5ZH23!Uag8CKyfgGOcT&T5WFf#h9&tV|u0Cd;38-cpJe?>ApN
z2MEI3j~d?sU@+*bF_KA-BRX<0uFp>k7O)vc3)~$CPZQ<Vaa1~T2P{nxhCc;6!?p2(
zUIAvF+Ar5~ySH;d5ty*GaRm~xbBu~-qCu{(3MtAWFoHE#J4Hl<OHy^ad}paiMx4X|
zpTj5<lUHMt0=hV&VI4i7Z(<TP_KhYm$(8@^jSy7S6M2+_uy@q$8&z_N(%Z2B(MQKQ
zkH0VdQrgYHmS(-$SMbJi5e6OB^D_@3DutBMd!HvoNF5(^rl4a&X@#JYg#w6%!fu<q
ze$S`bE$$pGj9v52?!1Q(B2u`UGSzRtJ5`#%(E9A??UW1x-e8YaG2%*4;OS)pnqm6Q
z6IpNW7uYI!RlJg4a|NbVG>FqQO+Lz=e_4@dVIaFv1~M<RtKy)VkT)87qj&x%Eb^Gi
zrD%~SJY-8}el>-CFo@ZTLK3pcX6-%*-o5pM2InY3Nlo^X;5JNdr?}QUja0K4B=xRQ
zd;%=9F(~Ss7A4QC6ywBB*6MISL2B6s&Dl4Il^=nks5-i|=G3|^3*96T9OgrAFqS{l
zXYv5~PScu~D{F`znBNr(9hXgn$%o8FHA)xIE7X6w+JT94xcqG@%nPdbRp&DX)JCUg
zU^XDRM~{gfcM%lwrSErh;FFPhsKH!a!tLA{JaS8g-Sw@R9G!zx@%uX|<o-2kA%cx!
zi6Ed@6p3iFaWxS&-b_r05h#E0dJ{akB~mpg^~kckiQ;L9e{tIPDCvT3NMzy+U#wD{
z^}~3PSN>cjsmUxMJ@#!B`&~vOEr#mx@=+Wlv*1&5v~CY(z`C;)E9y$mZ6i}c_Z}9u
zO(4b8ZMWs3x0SCzdnM2`YevtZvYu#5Ukp@6(Qv(GZLY)ebIH-C5TjlFaKx&|S7wo;
zbUy0OAf}7f8@Z>lE&oh56(l7bw*Cf;fhY!ev}yStzS~yM6pFS9onghA%LeFAc1Wvo
zf}CcR7<#8YK-@3AoqKgE^bESgfs=?vB){%PjMY|`eh5)^lEDGfFy$fJG;=XK>hhgk
zm<0M|T%p}RRVvA@U6{48mhgzYO{cAFWZEj<&-I(zGaE>G+KNA@yHmQ_Q8&qFHhreX
z4?*l>D89CZkISz;0)lC;q&&+~N`?C93w?)|qRHJHH>Y+P+-1#sL4S45u21B?jTdF?
zGuLsv1nuEx^lYc`J7wigq96ds_y)%qWo1WzPrN70W)RrY&+V*t%x%?xQ_$T*az=hF
z^Eme=w_c4Q6qsh{&IZy-49JkBWz#1z+}Y|WtGMBJ=%MiQ?++NSu+gfNYz*Gm?4Nt3
z-z~1KaT;c88HY;NCl9YZpgO&oICIGGGs)1evg_7KBw$WK<oL3`j<1jzCJXDDZKwXa
z%1RPg3_p8NY8a{SPIC@jmF9+mnA02KkpNUWO~wwb3;rp5)GK|Lw3{pGbOiEOG7PpW
zSF>yw>r~vs;R+SeS~oaQU|8crGLFm+j=gyo(9G|5+k@i_c7`b$-2Is3t`C}jZ3NqV
zW!1y$4tEW+kvIKu{+i(*&xjPK%|B6~k>)@i$Q&`+uh6@~U{lQ@X`>oM$qt#O#IPkr
zF2FBUEe$P^Kog0sZ-&olLhZ|wEY*{sz0=ogM?I#4qrLQW8I*gL(p@`e#N^F}u;qg4
zkFBa!eL`mO>RjKSs_pYNZ%L&Xfe5N6`zI7;BcA9-30zi?9&UL~>u&x^a$oLBuSwX=
z(3?gdpa#Y;vs!cP{VqHt7MWJsq#!Cse0gV~I&8P#!Vorg9fGiXqn6~-cPGz%$uu&`
z7!m-Erisk#Eze-@l;Ti0NgDfU602W7>~(K_ag-T6s4+UzsVLgKr77rkU4XD8n{HFm
z{eiR~A?-uyo*?=`-IZ|fvu=Q#FG4vMi;#*iI+c)a=}&K|@J&Gsqho*!bMn1Exz@QZ
zU6q_rpvLeu)kE>M%9j@j!^CK6Uh!YyZzU2XxcGsZ?3kamq67&#s@lFVC<>zVKukKj
zA2FIinMKIUU%tI5(!21(ai10GMTE0faa=UoHfyqW@MS*FMU@HUh0&!MDTd7F<P$>!
zyW2|k52aEFm4C$%)jD!0u61c_!Zc({15!O2W)X9}LtgZPJI3bG$sq&4SIRf{=f)-_
zGOUDdB6Kmz!jZN16shoh9)_z|-IP@fULLOD&3?6@z9}5@!4`&OGgZF>onCD!;e-)6
z*&F^Bm)_J|5W?O?)c+)QhKR@vtw-xa3a#<)arFcTUJOy-?q+j&Zvd$1Ioqs#h5?YH
z^H&Q=O|YcbJ4Zs>QIS@6t?srv-Gj4GZe9(eJ<opi#<hUbQ~U&0@osB!CE@oh9de#s
z-bpznP{lOmbax2RYaLEP$$gdgPio0l@{OOG&!+DPudFBc6(!Bvp>JtiAE|g%(k&_~
z8b;^8w|;9lu;SsAvI)K^DR1m#f*^lPgS1z%pn#q7wP5xV_gG>LrPFq+f3~b@t{{Q=
z5x_Ow7l`ON2D$CmV>-X|m;8#48_HDPnUNkK$0s7yye7@9jPUgIpYGPb_{FKCV%#7g
z-#wRu@aYcPJ@x9|rMOZaUJ`@qjpOp`Mf#>$a@;>iCDj-%;H0I1QlP@ps6xsHidY>d
zlbd4sGDgfFY2Oc3PLQf*JJ*{Jt)o6u=@gcd+HxOl<LSy3wT`LOq)sIXF=t8*&uTOA
zWsC{;*rLi$5_0Jw^M3rZ>Fn`o_1Uuc8XdbGJg@9LLo!ChS7~r*2(%H<H%XUIzfCga
zpX%`02tIQI7^6u+dX`!hFE1q0zma?T1aA1NQJu3}O1l=GFQzvc=N=X0%=>$v6})Aq
z_u;Y<X)@BEJTLyR4rvo+eVpiK%q*!S+*@A)f$Adsv0L&U#~6C$%U1n8#VB5+Sc}jW
z1@eq^8X*|H19(P^5S_0=V*XzLP3_7_!{oCqghimy28j*1E%x$VVO>XeO_ujmR2w-1
zCk;hTFmW<{5wUWS^{P2KcHjXcwB{)M^hYJ7pL%&Gen=SN{P}8K2AtVE(l<pigGZ5e
z{60(S=3o8UMUvx*>Z~)EvF2;E%{!y=<s+$q5)2C0BJfD@B^8NDj0sO>++OLJmddc>
zZ?D+?Y02O)HKv_+s5tce@F<bTEgHg7TM~vSN_IE#slB`PN-p&gq7~a^03OA@uRA}Z
zZjBd8|6u3Vy!JzTsFHLDo19)9vSl2zrx_iRh<$X?iaK${OnbKNKHX+QdxBO)OeE8O
zETm-ij<>(OYBElA6(c=%``oU6I$=*Gx7*Z>wXJ0;H8myew$68z?~Utvfo34i`Kt(f
zK^;lSTcN(u&7L3WPKP~RT|A`zD=AOlrZ<w2Jn=nKsz5)fgW@UL`hm07j`=GYFUnoN
zY&zcTO9v%qUQ`@N&nE3J*<r9Ck(7K7vY=Btti5&IpvXCvq(ZOuQj6xgefXeM2t)Rz
z_mX8bSw)P^8Vx#(nIB@Pe`=nK$_HXZUsv$i2*v44I^iipu12{83b&W}M45D}@k@;#
zsOk8&olS4urXr;U(yw{1wKR=fO^3v$oMeYuhp**w$*HA<_$|Rw5P^L3mhLXsL|~wB
z#<2JMv^XhEJ)%{4kx%*Fi&LV>9h2*Pv8^&sU;CRZ_1OuVnrMu^B)dz3cD?mSD3XbU
zB5_bO|Hnc=jY`@8+O@J|gz+kJM6qdWuP62`=&tCjhR*8ec5nyNg?yyR`c@S{dLkb5
z$P0_Lt66mofH65mcP&pOFmQq>witRO%@h?2N1~}}@sFjaq`s2za~(;LDEw}F;~_+>
zeQy}g84b&eXiEvB!!Pxamyh1n<L;_>ohYJsAtW+sDpT@pNEzSMF8DLu(%zi*Hwx#_
ziL5yukkv63+jY#9m`cB5p$&r5^~9EVwaa5#>7tcdEBDWB#?rGaCz3;kuP1NdyGhn5
z??oXQ;l0qasg{aI3_lzFz$usl4FoBH_(3+=z}OxNVoV{$V!vuX&-{ter?nF550RJi
zlwRiSI=`}G!0r8LuHaSwkLw{d^w^~5W~`20q_4Z#5DC`adE3sUM2)*NGjCt%H)4+`
z(a}Y9Xg8?qh3ayqnDwODa}56U=G&}p2BD3|CU=c}S(bd+r)oaCm-=0LAo=PpV_4UE
z3A}2yn42KI_=-$qJBP}2JSq9M^aR_GoUcE*a3TbCOTYHK`#4qCvcD~d+*uVl=9g<T
zUfnM*HZYEKo&L&oh(k@I(5~YA=D^L?Kps{9vkthLnfYy;u`A&q*tGzG?f$VuT{2Vk
zmi_+B7QwfUKB}yd`D&L%umnFd{i0f^#6d6U0R<g4$>2<9^%HO*&diFJhVV+YoOL08
zsz|!aQ58Th-?3>uO&FBQjGg>mQ$y~-5}a46<Wb)Wx>&~J@gDAptkp!KvphPSr;CTz
za@H|{CJ>v+@HMYNejmk9+Ld1|QsGx~qS<?dlszSE*sl(e$aIIhUx)5GzG0_apq@lW
z@okewNX<n-^WLLLl$%)BxpO^KhD>7Y5xt_5ub)}bn@ZCowU)w@ehb93FISY4%d(MM
ztwNwmW_2etF71YJ9RE#+MAO6<g1M-RX%!L=wI<I_6`r<tXk<<K3Lb$@`wukxOQf7t
zt`vw--#eowRR|)OyZhQyS9Q%0>D3yAu1e|SDEIT^%}@Ewm2WSe(lfm$`=W5Ja(_?V
z?*6I~37VgSSxh>|w$faFOgRkz#0}Z>e7c*<@%u5ORrd>5CV<0e{d~MWBJdqVY>!Ak
zNvWJ~6jNoVe6Zy-Wy+}Kkf&?m<m-(|WqF@L)tf+ftC2E^GCF*;%a<=b#o^^~&4hpi
zuJ8>F#@HWS=fpQ#mD+T<a}-=EWon*-T=7J_$3Vb20XE?>s&f%%#kEoyv7<P*X<tAh
zxL0f;7OU*|LZF*RKBCWDZX!5Tb|l$|XfCHd3X$5C^925-uJMt}UD5!yuKoqK&Qd^b
zY&R%JEfpOwWD=R5;KY9Q!N@Cow@viE?wBp@kP7#9=fEl2f#%|F|B{xz__y`6=Scj4
zz8+$C{?$mJXbTI)jZ_xDD=N&{ve@9%goGIvFLHHR+o+8^<zly$H1l(W!VjutI;yL_
z(Bezp(<$Fe3c~2SLt&yhMSPXjQl9ztE)XE+0tD|d#jc3EkZ9yT*B{sGo0=;iZP;=)
zJ^j`eU@UJPvx>hX_b!^hya+E#IfUmm+<c6*4#mMcB~w#Log^s8Eu1%$+~UZo^lT9M
z{MBUub;QPuLrKi&xw-H&?^Ganq5;TdrtNgQc5$T6jMOH@QITjjv^*n&9dj4hVL19M
z(mQ(03$2F?XrE^7S_3?cZy(kLDXiWnsS3~**&Gdf0k;CFJWu+oeE3i%-zw#7vRzvV
zXx4w|SAb(965jIijXj~|H;C*YL?lhTo9cbTZh96FD20&0v**PpPecTV#r4ZdMuZ<m
zD3bS|^OBaqK#D~ZF)?Zx8T>ov21bLbZzuVA2eD{hSK*v8PFg<r_BkhvH0;`1KvWf0
zgF=tq2v^Ck0gVVtvYxx+SqRI4fReAK;)|vHJ;Gy4{uNE-&Fo>~pEGNYb=?k~LL>=(
zCbL#RbT_vI!YeOYYGd<4yGqikU$V=tc6=`gqjzRl`4HN|dr=31ne%%Ybuz=POwm?G
zaW2!WRQ(M5B^W=33b{xZ0Q1aR$lHBc<@m&@7p|s5ALYuy3%ICp-p2O4y{#E4!aP-y
z>x|0kKNIa#9*O?^U~JT}@^h*Z|2PW&+@Edo2q;UeUIYE(f=XfpdnfU$ihqoP5j*Ln
zDJiqEH0G!OvkqaUQZ%n6Qv9$(^u<xtUiq9%hBD5o{9(6BScauT*u$7^=03f_;#Wg~
z&abq6%R=kV9#tz_Y_{^0<DksbfE(f&A}(*b{H;r5kAvz;!K{B#-i`0Qz!aTp%Jn=;
zh<U(0n4V}6Lf$p(x0CnXw&~j>ML`zE&qb7>ktU-%#asAoigC9y+uc-k5~WucwCtyS
ziGH4SH}Up1^?gBaa@slRjhTqV;By3kcr%IPflPG_|B+$|{yGZuj&Ukc-b09NDqXBx
ze{Str9Oc(wcq)HKjzaoa7T^g4b8m$3kQ(b21Mn$~q2Di=bkL53Sx7;lM^{_z%R8Y(
zJrG<C)gwlep2lf}KqSb4G~2wO{oK8G4c8U>)lxadB_F9`NqROM#T1JbvcpVyX?2p!
z^te^lFkn+{rc+wd)Z0&{CfqtDzVSnf2Ol3LUzm}U!PS`9y=YPivDxh6j_g_MZKQ&7
z3Z|+@Q^?G$`h{-D6X<|!3#zN57`<YfMR8xkk0DQzTZ17KDdbr@aZA|9i7kGj;pgNL
z*4bJH2%2o@=6M()(GWf~C2~(o{LB4(P^tMI<!UJN8Ju>-R?c}UX@1tKhL<a9T`f$5
zGcKp_{jvkap}cX8N;oWT@k;wGNQWI|t|-ipM7(U%=?TXxvb!27*Leq#qK5v`M`b2Q
zLQoHt%^zom^11t;4Mgb^sJklF=U1A_-JLatzpR{mogfALTI1;Nh3erl+L7%ylIY2<
zNlS7;v2fL-6Eru16{0694^#lk4<S6s^{-R`s4288xF<?QUh)#ZaS*+$t_o<alk$hl
zHYj#B7)w?K^eK^WMy1J;9Gy;KKX*Q1G69IWyuR1&_g#yJyQG|)%JnlTC4-Y(K<X>W
znwzm%#_ZEF+{05Qb#DaSqP?-^PEn-CQVf1D<|k=wZg0-G55(qg1h;sN%rh@upP(Da
zmR;#w;JbP7XH7B&Wfldyu`Onc=le3*x`)6}-XZgi_>z5=;Bwh1bdSgCSC%3~8407S
zQBWb_x3;xbRB0XVBSQ1`t);RG@30Dcm0WdA_-XB)_wiw}JBWw|JGIDK3-^}Q%A>UT
z$4!)K+(PXL@{(GA@UZk=>X+!NoZp_{1T7$H!UIA`nh3NtNpu7L16_cC9scVrF6~IU
zZFO-s(7>5(3k4)9V<#$QW+laxP`W*sgR$-QslbYeM(ll=gb=iKs4S1Dbiist7PSCr
zDFctEzTd7fJFV|hbJFug7P)NwMr2w|rAzJ}z+$P!NJD~05{%FSoocxc$<8p~$p^P>
z)^m&OYfHOnsJ#lk(By$2F6An}_w=?FO*qqFv-fwzi|u`t$(R-M<&tWR)ob;hZMlO_
zGb;${<2oo+{WAQyOpgLfRZ|z|aOWneVe;|be55T1dKO3p;Z_VH7yhtNEzUF}uVkzB
z^c3v@n)Tpjs1?5W^1yzRBM97-^XxNDxB`%ZsW3O_>61jMYcY!HC>N0L&FA2q{+1+F
zGBru#D+Oim!Unz7s;nU)Qht8vq6Cu;X%)e9ac^arPvGJDr%Z0Wh)f#DIU$|sw;-GN
zt=Q#gi#Xx{`5X<=(*zl1fkq`(GgC7y@w*geyKFy0U8nCf)`8%+>&0AlpPyK+gM>;d
ziV=39KeT9WR0jou(7H)?yjB;?$BMcM_xU$ZVR2l$Zxs1A`EY<$8))s$I3Zub?r1n3
zOSwkyO6Q)FiJ7*Q<JLLe#27MnF8t=vurqi4#4c)Eo;gVPd<#+RTCQeU_wm-Uh-^f_
z!(_#5$9%o@UQi2njCWb6OI+f@LqCT$>#VXdEiM9O34@h-DGs>tvJ*`<REEi}v?eaW
zxOxoR04SsUG_4c9;VVJTdKKvt6O$cWFM{d~ud`PL>;+hy7!tsWNMXN}${*bmgqEvo
z%&%h3vu!qP06_W>`6L+>o5g4HESzRgjSR#rf<bM+zCMy1JR=*OEfza1Px-YEX<gX-
zM1TmH&*Ar_958LT@m*KpTds1P#nq557$ILd0VIP(Y3(aL#2|<JJ(|gu0($qxivWZh
zXG`MxtD_D2BFLVNL66KRyGT<9!KtJE=#l-^;>9^B1o!hA$va#q0c-S!=B76S8(9U|
zNQ738eEqn_-G5+>a3}+px8;J>nF>MLKix1~rP(82f3?K^{M3~wSYvWZP|tUpB1lEh
z77xw-cuC*?4KP9vfd{Vs)gS(=UGIh5#(cOQ)Bh600e!Hw9%v!rq9ZsO(|7)7YzT5)
z{Q_}(NAeC$qW|=p{{z)Iu7<SfxewE$wYO&;L;HOHA#NkY{%05mRC#+1pw9H?<b?FU
z`sROu8`+TD_thud;4-aQ!0!+Op00~9erNFiGPw*n>0rTNvN+|NKbJoomrKS{qu%Pe
zxAOy%;01d+4FDN2Dk^d>0RQ#tOhJY<cGL3D-$9Jq9PkJVFG+>b=ZdwD-lIWmyN|$7
zCIw3US)AC}2Q|jyBm2AY#al5iu`v%<2o49#^1c2IICFLZPkd`*A6ro;Zi;}xdJNu8
zKb9DDVU`WVxY+%9UP^hucDk$o#2h{R+<p<uccX;@)AReJKJB27C&LB=nB&(o|HL1e
ziycTqF&Qx(NjyS<00UfpR$)au+0DLoFOi@$zVCz<Z+~J%fBziMS8AQ7X`=r-uE$*L
zkkG(hdhzl=Pjm7NA+JHdX<GN;U=d?mY|@?lAM^-r0D<k*1?XO0^r9T^o3PiiArm0`
zCav^$e2#YDWB-VD-+1>G7L+aKh<4!BEl*##{LRZvku@7Y*6i!FFuLZWbTa|X<sxCL
z_*UK|Iptrx;Xn4ACGxQp=48%h5oYJ}F{viksyJ%Y5d+T<f#+aUlDN|ywzz<ykT8pL
zLZ=s4Xm&>4J_A60ac=x4sPNxGEERa+la3wi^O(h;O6%v`00w_WYod55zkr$bK{%*D
z-X>K(i}2;5ptaM_wEZnP&7qt$*ZDRZYGv(vYfiPxCRiU1g;R_md>a<J{QP64-XBE7
zD{*%a&PtSzA6#lQ;SDopYD(<tMmoGsdx+<{#--kZ*`{@`R*1aRtPr>KBvxKjjp#S@
z>xDMQLs6uUCWDKcPh6zno5>OQF!r!<L#lyygv=t#9yuGam55dRKXIJ6gDEv`_#3th
zp7FvBfM9V1sq09BzZ=25hA+1Icc>P4?+AdB=U&#fCIp8N^fw&mj>IFgLymoFdyA_T
z-T|*P8rtsEk99~TlX}TA-jeeU$1u^8H=D>tB{E!NJg4UE!xYLynDnR^lbAqU!gy|P
zf4ww&;`_v`<DA=?uvvWG`lD7GH}UyLYwy;yEj@aACo)(2T3sTJ`#k>JpDR=cwXpd^
zXNzg@QG^*w(_WODkrtZd8JFlU9Qy4~o6Hq)bnpFu?}45e@7vB}01UzMXL{eJCLuof
z+aGggo<}X;c?6x!jf`Y2^NNcPoH4Wt$eW|H&lHn6ZaQp|)4sQWFB?fIzFbAkPJtdZ
zP7W?o^!xim!9QQ=$Akaz^IWQs2R>?bDL(YkD)NmAPcjex_E_+gZ5IwL@pis$Ont*b
zioW|;Kim}eqo)_Ug@1c6c+S-5$FA5fdWToXp_i+_r)ry{9~n}MJzX#IkGH*Wh>-q*
zKj!Fd8A9n09@WDu2^<*|XcJ!58l4HLD|o;Cd3_JQU)7QDOLV0t#${8fq1?q#<_t>p
z!puM3>G5%XpT`{Nb83_Vr=_bD2;2N~Gm-CCAhC%h`+X6KpOoO&*D3T1DBJ9jqNm3s
z7}sHIwEm~}&zry!8i$QxB0&~h09IVR<UMao;qx!=*Ur*~`-YXvY*#a1Fhp-)Pd<ci
z{A9%Bsg;L5GoBIl&$Ya8Xq7lP2;=fWh*1L{bu-QPdXq{y4EdA8*xicMGRyMrPxHI@
zyJ5h}9XPldNjc|m!7$ly)u5c`A}yGb5&8Asm+1;#?{Rn~s=$!G5T4F=Y{=3FfhoQJ
z_Xk?znecXc8;?3LfQdE2!h<Oo-p(BU&2kYVp@J{AsOGg5C55>@V_hdvU<mKn)F1q|
zKd@b|U%<NmWxP21;Lr5?FUEWE0xin=lFYs90J2FhgN+o2Pp)MP{M(Vi?P@+rq?j3(
z|CG0{FXiIK#)ebh=6{wv?BohlcGKr}_gy>&>=%P$){LpRcNP5DOY+Zc_9lVl_P$*o
z?0?Y^UH?(kRHK{+HD!$E!$uXTr)1je|8o(gULQrw?eNM`Q&z*|t1qvrr2qf9KEbvB
z%e{upC9JETlLf!?QiB@{Hd39gS^KY*5<K+F%C9pqp=(CqFYAfA&zJhn->U01_Ect4
zTst>M6#p2;?V`A`?{OP<;>k?XKlkm60=Tie*^i_0Uh$|tJYtgf%M3Y;=luV1TCap5
z<{Ea_c*8V=2jx2MC9Dn)XOv9*;or`x8F5zQCsKtU;iCjJt_W^Vdtv1KF%45bdEHv<
z(J$Ae|KT&P;GMg2<qV22)$^P`92=R9v`n0T2^-Ed{^ywlTqBrucvNZ%HMoMIxM)k9
z{f<_3<NwpYnI8ae&i|V9F2_?(%(<bI+-#hG@yiSJ{pZ`MB5$X9Hz5uIIXr)KFB^Ay
z!cOWi|LgD^#6!1Y{4LvfczG{Ipj}<dveb-?W2}kNjOTcn`d|DPTZgT`Gxx94T8(^V
zHJeF&Ei9<XkJ#J{+_6x^{=>?nWPSiH%$}noFK#t6nf&G$CC<Sd_+k;Bgj_!A@c!UN
z|8*?$Nv?Pb!|bCGUNVzj`pYE<ll5~JG?uvSwd<03!B=2Dztp(e&WKez@V=1&&J8$p
z(_I$M-<C1e?=e1~w2^|oz7IdC`O>69<w$NM#@$}s)E9nHF7IjnuV1`c!1DY0rv_Y!
zyHK6~mQe8Pg^j5j`uV&W=L~{jkXbQjg+$8Slq6VQvXUNQLJ}$Z=+%NCe%y|CUbmmT
z_4@;aAGp>;HMsFvJ<5kiv(kw-*`DwHgI<f2f@HC87Fw-meW$ir{V`KIj<>^gA;me(
zu8@ekamdw!LP`JbV4lR`n@GQO$9u`vIlbv^XK0F;DPMReA02Yp7vgS|f4adZBn-ji
zx6&h@^84^#e|PuXgQj1{juE+Bno!8)lKme~_pi%EJF<BHiSy#YcmYeaVa3Vq27oLx
zeFq|$*dQX#ORcVH=oOa}e~)5sdvO00A{P7sNVwGweby9+YW$SLNw%EhJ|C~i{(we-
z>m{H+j>JMmKK>+p&iFN_S0!&njw1u)h5&G6gWUqfHX=kGc!otL%XtsR_ML=g%R`Q8
z;4xDLUK;jMcTS(C&~@y$9|AxehT2Kd6Gj$G;6@f-KC|{>cI7R-%F*{@2(p1^kZ;_P
zskPlk$bx$|CS`fIp$==8UB1`EWti;Y{W4j(fM@w*5)UdZ%v&q3J3T+9laqIRu{TJE
z+f-sKT(t^Ns91fj*oYoi=-3d^Zq{GdHZ|MFS8}>$S^0{vcMaBn0-40~4yvZBp`O{4
zDu?chR%dKLb&UrR{~LM`^yvEnpBq2(QFo%t3s*Ejc)A*ZQW)$$&=T)o0<qNLVx)^Z
z#H!>h&o{tB6v4XA)09}|auGq(GE>8Ny2W9TMUMq2jKd`78w=Miz=2IH_-T~U4}9|1
zUrAV~STE197c$*C0)Rl}jXH@v5|0rI9jo`<1%->yS{Et<l^+5`6nup4Y_*G8)x)^u
znC`6cn+6Fveh&u|#4Y1qkJM6nQV+8#aDz`ml}~3(cgRPkMVZG>5z0j3hgD(Cb%11p
zjd7Vy8=6w`aEUJvb>o_Fe;@h&K8Uq@Awz*39&MEY>AV^YU=NWZ_Ed5mCKG%6#$P7v
zac|50>3*WdcjxP)l!;1CBU78Jfx}6w4^zLMBbdX6*(erlIIH6l+U}hS+^(KKDi7yY
zDPY_`HR-SAE&!yD5t)rm*y{8dmHdUf>P68<w}It23h35(vM!$aeAvB2C61-qZQE&_
z_^Z^p%5$o5mqv10{quO1^fZ6UiKEX%M9t2LGhkOfTi?;Rjod~AFIS&S?9jE*)qBGe
zuMYwG$p88K;|OOnPi43aTL2TzCZC0~9-$mQ=tKjQ_JeuofrS{SVP8W4JxyicDTv-V
z2ky9nCvdbDwmfYO26~Gig1NkTBA%4V0y}`2iFSaOuq8@4`tpVZyw>THsMxI|$f&a_
z5LhP9xS$j{G%Cj&`z0!H1K`4ZJhxp>KP`&bge8u8)P&}J<`ky)roo>}`V8+HUoMN{
zy@PfM>W6Y8)5tyMFgGI8%1`v31OtY^Y|b_B5dvGQesb*mSt3Mza|ppt3pUpOgakDI
z==c*25+2`*+1w@utlGhcH66-*l!{&mtY!#WPeGV2I&9gGBiuf!)XCAc|9IqgoYNHF
zp<QLzqv!bIwlV{j_(?^r@%iP*4GM0}`hDlCZ|k*_367HK`9w1>Y_Q(UjbfE75PkqY
zN!VWHx*WtxSIaN7rXwi`>tiuz`6>n8c(&G`d9C6@fNO;Nn(+&X+zo59OXM$jcD=Y=
z>Cl2!hDYPcj#GP1F<`?v9m{xkE%^`Pqhh@<2`6?y<njy@=-bY|4dYP_Z>e%>If-&M
zlK-~N#a<HW6_|-`47HZI4EJT?`Dr#UPfSVu#Hi?5B;vEZ@5qV8#)=9d8ks}M(f9lU
zt+Yt+Cc-rP?DBFCNMK<Qm9Zv_tgZqtwX*<!Gq<ts0BD$e4?w-o1-dmaRye!N8q@Zv
zuOOPuPsj;BL|A8=MRfsLo&*t}Ed1bpjBFHP`#zAT=nPZWeNg)j{9kSH03u8fbgqb%
zD1)i(Jb<8AKVDw2y2B-6F#t|-agJh<W&L6N_IJU$SOQ%@v}S+UI@E_ix}Ey^2D;@>
z`Nx2&Y;l1NmCvPxaU!Pg6Pa3hRqzH;x@+^u{7a5w6FtB@n3P(H9^64^a(C2RC$?F>
zrJDOegW757s0~2mtk^4G)`^oWYmWIZ050+}f)sXOiwJx8r4<^4q==>!s3TDB$F1e3
z6bx??QnOWgl?=eX@1}JNJ~L6Tr{{TI8MbU<X>ciXoG7KKa-){J3XuW-s>mypvS+<1
z)l2HGn|foTEjewOSz@yxi|?xp`528|-}~Gxr8uo#QhQ`1wl@r*7bqlCKaU7QxP2+K
z7WtGJ@Tu=k%y4#YBby;KuumXEN5ZTdz7oxROMcfc&TcJqsaUeltV?94Xa~GlP|Bj|
zow>u}tjwjCU-cKRTMf((0?u-=bc1Hz>H6gt%k8f!R^Dc%A`VEWRja#>z<LFs)-P0F
zM@E$Z9=p~>dQ?uBwm|9uAJ#tqSR7{z%`%N-xj5`-k-1lVe|R7B7i)l1_oL@*h+D<i
z7XVAnjSyZJwT3Z2L<0*yt+Nl7_Iuuomm7J!tm%$2_i&|E4Z7U9v-hLNbMSG(ojKE%
z7~w_Hcw0o@)^Kh1o0#bSm}vNl`7;;_d41=nXA{hjj+~J#eKo<XQ+c^Goa&ToWxGRh
zyy9GZ$;hJ@Y0s9&oBexu9#3pto~U%*J=9wR^b)F#a)CiR1bDd9pXc(!k+^OjuL8xw
z{bq7KV0$XLvUZ-OQfVhJjLVI_qNhGcq>hz$><8t9mXa4+Uy;(FRH%EFscc?my>Wy9
zDcbcWzlV-EI?CYsGmbZ&n5!LgbaS{W0c-kEkz=OGeC-cD8P0(;T)4ui2P0zh&Prba
z)fqOCcg*_!Cwql?=O&#2(qqlyagLW1%!Z&=ZkzqwZD%Cd!(oi2w-fr>X)L)L`MZS_
z=ywWVjf2DzQlE@SRDlxRc{l8arDk@7^Kjagx<E$3DW3~?Wgx(<C~Zk2nfhrx;E3i(
z=TWY-D=E>6w1;_UHHX7mc*l|@pDrs)vCy7X)|_agl>ja2YG_rF5|vNgwDBX@aqdIk
zX(3IwJ212c(LyPs&thS)U9NL)!KKTtz-|ziR(pSn>M%CPb&UN?`5c*qETY|eStcg@
z&M^1F+>9~pwx+AU9LDWk7ms-->!5s%+j{Asm^8<9QQ0#q(Y-yZ=rvDPp=Tv(ub;K7
z&>Y<t=P@6~@V%*u&$Hg2{fN2x#!RB#EShg+D^qiGbH$x*XK{9I9j@gM+MzV_1?7FK
zYg5N49XPfd@&d>SKW*f`=xhVQXVeMR+3k<(ClsAk=}%r`ZlX7f$1jbWr-&mWOP>9(
zKU?@+x6cx1h_2?*w<WfZr@u4&7;^%o1yr4?sRr6e+iyL%)IEcm629;{FUdar6v+pY
z&D^T*&~Ky`UwK311?}!jTKsVaWCV@bjbEmUFaaCq-5PG_cXY?OxVgLTb};`CS6x;4
zvX_^^?tHdPb7=E|N$fs7I(h5J%A0^_r6wDXl|<SXZifPgG`wHY;kj?KW)S5E>2K*E
zQ?M-=IeS?vd))2i;_JW%b$93fa41V(v!2>i+U}p#h+OREi^ZeZr}287!XtJZ8;5eV
z<?QE~lDQ+palaeiW7?6`p5sx`KPpEVXV5<@JqAq7AdPZvYdVg)M2HA8j=YYyn_QrO
zd}rumpZXvx+qo~>e3}z}#!0&f=^;L_Pm^asFmxf?v78-(3kjdTQ6*-g42l7lO~r8}
zz$iS(6iX{|^$hVbC;#Vf{kerE<X+tldsopg^Oz(^k&4FXWSL$fhvr!1hbQF3&*%qy
zIt~tJ#ZhpS4W7%qGnr4~lvn^1lDgY8UndAzs)%hWQrW2(E-JiJ%bs`ANuilxJY>`0
zdgnmgumbhKos04$XY1Wy7KN;~q$?QGi^C$rB(y2<ct>~LP4OFFNS~mdlKuAM$+kEw
zqt0q$LAN25Cy(UTnGYU~(z{yDr-Vm?yH9A9nZC9DI1Hm#3z~+hWGmHNB*th=`Yg!5
zTDOfu%Qi>-QNoK6^H8OuGTlshdvDKL@%}&tbW^Kd6n{!R7cBTO{i3*XP8q8V2X%K|
ze{0@wQ()`yif8Zkc+SVHx3X-z7QG7)coV;Np6vcU@lix|<Ji&WZZ6@u<w2PBYb0j-
zec5#I&>)%Joy~iBAJ_HN?M%|FJKkL>H=3(^ed<kD<44CKxV+5TlU*Hje!5R*M9&wV
zj%SN=>%|{*bd?}Jt56-|vJG(!Y2}RYfW?tY{dl<!!BbW`uVe3g@~%BPSa9ZDBYzW7
z;G)9CuiJx1q>fkgy*pi#(DppHiXfp0q40FS^%2!HUAVkCqOUwZvAMX~v>sZ}lRGy^
z)XmC2HdY!x&mZHV;}XNpj$IgjJTJe$d-dBp-S;1FoSgQBKxL(KaH%R_tckhu(F*Ea
z#bTxP$}uOw<F^auBQ=NPckiuT#G1@xt7_}lgz$u=hI^k6g`$l*HrS8R5H0(<39X7G
z2ZxuL^3F%^s6_3Ls1{NulI8^PjJ)z0C9DOONT;Cr2Vl~S=tvpMq_A5y8&1r2I%Z$;
zKKqfMDmjSfrKgZgx8cGwt)&#Q(Ujb_Z(pIaZ``37=DIUN8`PKo7N9f9UF}9~?}3X~
z^Ki#lOS^`w3a(s=jgTUE{<filgY4Zz3KO{>?KR)F$*riC?vP@nGx&I~pce7Y+a;C5
z5l7jeDV4SB9eStk^L6<=xztT$M~d+drP$Gtkc#-S!bw{<jj_0v<I<I(9rHlV(uTaj
zzf2fSb8+}QG{m!vG@n~5R}s*d^m=lxD>_?n>+4=omLeW`ae_vTL)M(zQ=@XLt39FV
z#CIj<W8WMyUH8Jw9zRNa=2v^<uxs>E9qKc0jpQL~n`eZAK79(3)wTg24}{--V|9Z1
za2b*7kHZh9=_cOG<{dn?UF}rZkP>g^HKY2;b@P7UeC%wrNZ@+kfZRoLV!ij&4B@N1
zlDZWa!J>-PcQ2?%AHLPHeegZ)heciGoV{)TN0OOIH}A)peOJ28P;SNYhrtOB?xnk~
z?amW$A0=kkq0&qqqW_4xnZ&ZPr4X7t@v(eS$7=9;%!H`FF&-Y(e#bC`{DxPo=oTI|
zH68FYKdC^Hyo=#ck%?T)h*UYBiJGlFFtyab4<Vm`Vzkr&hL!D|jV;FVd%Y5!F7NK<
zJ~p3vl|8=s<E?*rJ}Wy`(*@=m$e$kn$_<sfU)I(tWO^m|O_1@KWLL*Lo9>h^_z@31
z(|a8iIF?&aGL(x9&#8yMIevRIx|n?K)Dx&$6CAXCmKO|#(?-ewo{RpNvb#SSun4r|
zh4}SZmt>|Sk!ekvg=aTD3LQGbB~8~?+<1a|Py6U+%|v1af`y51pJU<!i9g|;O<rva
zVKfodq)t41w?&YIuB`TY2nZ`!A6>O`ZD?|AkrN_sJdR3|>&25|{n>D|TKs0R46igB
zyUB*4sLj<hGAhsQndQRrkDsqZA1or$yw3af=>Z|C13Y?<TZHK53D2x6mA+G~EV9ad
zBE9Br^fYL1#-5GrRVRK6*L6SqvVPjk2OHBf?T+{JIJQ{lU-t%@z3fj$1=@Iq(^6)(
z&1$VC&uO|ZdcO)j_j)M$pkeUGJAr0js(9k&+~djFE!Xk_csgw!wT@eCn;tpUD%6^O
zWT?|q`KXcR0?FA+s29&ZqD*gWe?A<vSDjFme3MSuAu3Kg`TK6ShR~pOoYKqI3devZ
z)QH;wXW;iea%Ph2dAKn6CW5&tnBofw8oSiEADH|h*qg%PR%`i~alGaT#wUb%Tt|0%
zb{%|5pY`_jfTvWSbX>K+ZPaKGaT6W?<}RsH`FLaZ1ZsD!XlMRRrR9n*G1m1XEfIIZ
z@#8`}XGqhn26?Zp=NLSx@#iaxNsRwwmeOWZ5!=zT`3b4Cf4U#bl_n3R&zrbpQ$dB?
zkrZ84Am45KF{LS*mztE6_(<mR{K$s&U@@DE=xk^0Y}CxHgU8$jv%Fv4cCwrh71nfV
z^Ti&W$ut^zYCv&Pnuce9CHk9?P4W~2M;?~X!D0y(ZA1$O8+=;ibYkP3PxQ1nDHz+}
z*gJIry*roGu~hf&^rw~BtEcJMBQ`~r_dHxDzDx1OXIpQR+r0bmG0L|ssLjyAOu|iz
zBy}g+aM-0A36J`cleM&A^tjwNq1N4SM`i1}#_w~?5hQ4PX`N(Oyq&Zk2HtmCRlhs0
z#M2%)jgNZfQs}n3x|F%`Xt57El<s|{t*th%NG|ydrdg9cPxD!GlZlNwLTGP&=9cqb
z^2Yfe+rh!><&;X|TR95F+gUmHD*8kg7fq+eztts-0*}zg@kMQe%5|D9G|ez(B`<az
z&hdjg@8(kQH+OdO4VDe6PE%#N9w+#`d2jt%zTW(?iC9RslfOA$s@(KhW<80z(I>v`
z<}T93y*XOokx6gOrZiwf?yhci;_Evv%0a<LQ#PCPV_*1XzFs&nywI;78u?gsa?QFj
zx?B_cwZNI%{X>r0!qdQhGq$)u0e@&OMBS#X=6d0YF(jK0Ht4Ft?uMyi?$Zlcc4JQo
z2aQiDRs|Gs$O>Ou{gT;P&&z#w<5Hns@<VA|?hjuJV#Rm+6v*`7eg4Q+)w;Px6Y}ho
z2us;d`y5L~JqGMXONQQ+V}V7jb{7;_-amAOH7@%xoWt3>)_FR>LnWo0g|lU7|47O+
zypC$WryuhvL>}Uej~F*gz7BhSN2dP7*~Qn}6Im$Y_Op0onVkYG{+Mu{5l-<Xkw@tM
z(6MjeuDcwl$8SYnDwF<D<JzzAjWXctUBilJK^Ilx+-O~On*APwOLp6<(3S4n(`xYV
zk&8@AD4!V9llk$Zm(Nwz!ub<p4#Bq(_jJj%n7NdtTo}G(gG8g<zDhZ*;uR+E&hpRP
z{7D#cSmLtJ2d#;34)dlGqGDl5s@{@~cdK>eF0@5XMsY^(yH7J<-))8NqL*$ReUq-5
zI=nfhRvAv$#nd#emjdVBqshZ&0w1*?=hjMC;?_5h9+>AGlRsj!+5rGq^ew4q4~2gu
zDirHJ6bB9nK9-ZZs+R7BIR>SMcV|TKQJFtJk_O}L*q!FAwotY5Y3j>k7Mqf@Vv@wP
zkW*|qFV0453HCWZIhAlz&yWW#ZZ;{k{5gQ1r}A^<p(js-7B#uLuZ8ePQpacORWn<B
zdUCbg<DwSa4e0Kqt|@(z$M^XyDy$mqdgY2(oK7+hfBPb^f3#yecv1DV=Bd8O<fS{s
zig-LvX&1DfTc7r%{OLw){oKy~kPX(kI`Ac)QA#=IYLAnl_sFGvf$O;nL02NH2T7it
zPd-h`!)&JQ8E-2TU{*S4#&|}2kz3%-Vtcyzytr6p>^X(4<w8Ag8#d0E>a8iE*b0OC
zAXb|3%BH1O_vEF<&r?MeC7btVYEm=|y&oC5aH#HV^ka`^2E038?UJN0Ifmh=renl9
zrOf%Tu8GBPnh8~5$u)FIG-w$JIo?~{H5R;CX;8b|ndaWW-NocKu+hB4PPfI^&5B*=
z8=Sr#`Q+-$xjvLBmBAGsjve&Z{B^6CFBKH%l7d1Andp0WjB_I`+-V4NJ)!t5SM)p|
zWEAR+m~z-)H{7>;*KY^Qw-Vi5!g|h?@WrwZZwa{(5M#r?cd#x`#VVplI(=o#dFtLd
zRD|(JURIC2(|9a)!0Ni#Ok@%Gwm~*W(odN&dwB{e{dKK<Og1%#51m0pZllPb3e_H0
z+Mwn2U?f;*Rtk#GiIb1M{TL|<Ih|n6FBH35MQ|Yfo+#^p0|BqMX`|cg{^)1-L@GQp
zd7f3Cpgv~SSNK-)SoBr4jJ!=A+@jaM>ap3L=Se0vNkOZ%54gFziwZ=pOjwr^4611l
z7`+bjx$FFLQ(^37dG_Ge^mu6&S-d;!@X5f-WIo-Q)RWSRHC#Un!X~?BP+H!S@{x<1
zi?&Z+9ZPF_!SgK7xPtchB}}V(T~bF5&h|&6?}qIO(d@I2n@H%ih<IV#w{_sEd6$~t
zW`@bNsUqm>S7aa7z9#ha)MA!Rd)8aR9=0#nq0KODJm?w2h~<BCMwb%T9{fBMoBK^J
za#8V0UIjz0FGeYF_Dhh}<+UceY@c;tGZscz6)>g>>kGCu3}43-g+=Oc7mtQMczgV4
z@&?VP??M8r^^U{2duF$s!-#0a^0=NJOn9Ny98QAPoN7o8b-JFJwsWfvEMB$8G^qbU
z9nFK)^MTb<z)-ic|CpDdL2|6qX@gW#u=}U*`TP4jez(4-G>;THJR3YZoODg1#UmrG
zQO({t!(5aVO}%V%)|xcsUFJDsBR|LBSaS5_<-Tbx1^iJh6A^^|cg9O0Prhkf?AIaC
zLHEr=p)qH0?Vhu#gzB>fE9$kTh2|Sg+mWm;>Z+ULG)+xSb@PAPzJcNAL5kMHht6|z
z&WaL0IrN5}du3T6Vknpt-KZ!!4QKcai!?hSS{MR4yL5x4Cd)8EW$x+3FE}$#zZSW;
z+I3@lt!I1Aox{LY#I&fqAixuo`z4CRW-X?;{YY(1O@QX>*^{Aav?xegh5l>O+EIs1
z3WFl2oH0DQ6D_y&c%?fdQG`Vyd1yy*1eNaB0zqQ*{?n6O#}O^I*y)W1+eixFYU`fo
zw`q%)Ptq~`+_8}H#wp_sUsZs?c!ZFPf@<U51ugNkR=(J^FZOB1?pkI8d%drpnF{WP
zb7!xvWBsU{n`*a&(C)sb%ZH`3FTIc<X!K@+TbYG>eMZ=!&mp(Wigu7^oPoc<4{+AT
zhgp)xXdcv%M3~gI@*QTrk<^2@oLX=taQnE5t#%CLIrq8`-05iPGo!3<wlJjed3)^5
zESpG#&48J{zPNkkYFD$P4zu{}6DWtEJ;%`bWBNv;UhZ)XeAKt92+p_^>Iw`_?3_u~
zm*tUeS7)9bHU6w~=RuA$JJa9Seqhr^{@p|`Oh{w|>C*F7r`&Ec4F<YQ+1%#DN*xc|
zcP$nvuqkC)wQzfUF9r3sW7-ZYb!ph%@=YhJbu29h0!!c+OiqCoj-h}W<Y*8_pYFcT
zZ0OxW@r+!Dv@<8!7=I)`*n-su<ypqa!6_bZDxz^F{!}>Tozc*>t#68qW20Fd>J)kC
z=G+@2cSXzE8GbN76MCe15|K%Gz{n^SM-DA5zXP`zu=gt!mSs7qS`I`Muj5IOKee>7
z&~B7v7JNI<`6fkGu0BuMNPxiA<IejZ(xI?Tk@tN)IO<{r99y%M4I7+L&LUx;oY@i1
zC}Q{kq#EjOEHFyOYSXxo)a!I;ZfQwKD&*0>NN7uQTSZ-(NkOVjtmg%Z8y-mp5Pv3Z
z#IxZIvp?M=9LK&xxi|}hDK08{$%`G1{km<twrsV&oVmfbVXaO#EE;luz<I(8N~>K^
z3)wAPXT=wH`2o|VPG#~)e}&G`FyB~E+}&-KY9X6D(=>4x9}knU3CwvvIcqcvwd?i>
z$Ga(3#oKAW!m%kJ@%(6-|3A#VbyStxw>PecN+}H@0s_*_mM)QQ=~AST776JFX_VZX
zR6rVO5Tx9cv~)=eNJ)3S>p?yD`#tC0JKp;n_czA-#~H&jj%V-vtY^)+=9=>pQhT4q
zbu%1FoK|-c{vISZ84Lm~Pc5WR6e&L*O;<gy0Xh3l{SFrrJ56=Z1jRadig{aUcpW-Q
z7&P^cvnW2lyy-IqyOVlc-GmV|C1k&mblSzVO#GU*C;ITiX59$y;uX)TZs6(c{6(YN
zFl*{eqaKVs*T$#JoW^y#9E_Tgjwhp>Q=<;0$0c!XcnH1Yzs;t=Zh5AjIg0_N1kcO8
zbdkbLszrD`piN2aj4#`Y^e4?Xfzu_gCD|ooL+_sg*BE$Khej;%w&XrINYn;0oQ>3x
zf_T7j?C4{{YZkwysc!}>euMJL`ue`A^86ST7OHyJ!%C(F-_+pbvujJ;F=$Yzt4LF}
zkU+I1Yv4pOFLfo#os6%R^(z(!IiR^voA^Xf#$f`<4%r<!<lUeM8vEViT!Z%vD_U_&
zWxCbL!Y(&mET72-D`nwN5#&ry`BEjYH#9F|k-dl`+E?@`J+pTwqr7|9{q6?)dyHZh
z%O$l+_I^v3>l02YyR$6!vZ+t5Zd!pCom{-8f7#?SChSh57gpx3gb#ma?UCqY5x7pJ
z#MZbW?Rfk7(BwV7BMg_@paEqv<+$T%*-JU<<E8aii{69taM$4X_*bF;L6}WXCD3-V
zAqF*qZvpNtLFD6(BY&Vc|7jh}S~1Je@k{L_$7GTibZsaiYp(Bt+Aos$?$)(eWoFlw
z^uCs<&+9iQo<oyy{zjl-ka&fSd6nliLxDTb;zd%J+H^s70`fe0)_a|*gB#5+e5UZ=
zMO3NSCZK5N*&==B=~SdLU3t6poHr5Z4~5S44Q9yIdrt{I6zNgQI-)tP+3S&Y0PGoR
zWy5I`^y8Dj*`Ay4#`492zZS4Jmijr;eI9EA9$92rT>X;rU%K&4KYmC((-1+*tFI-x
z(PNl$i6xbEyLTPEmv?7tfBh=o<Sl!xFTk4>9_3b-;hE;rj+wctW5Tcj0HjC~T#)ZI
z5TpSSmpXQqYyA$wDyqsQ#BocH4=rt~moj-Dy|aHxa7%u3s5_s-{d$*Do6P$ekGAjV
zu%N3!H|w_J6hgZN^HdNN*aDFzC}j0&`j@Qon0iGY%9nK8FbcQ+_*P;O62O`46so(>
zkBK8;I+!8xidc?z(t<ER>?Yqme!M-qqV8#HR>vfa0n+|-`Fq*A@TKya#%BWBo(vsy
zV_D@a*G!oaU7-H@D1~|%|90_~;oAh_8pq+H6zlfBmC~q}6x_Tr$z~>$q<44vCsobu
zu@(-zHx09!O<tSH4aCo^)bHc?;P$g@Oa$`!{m>@BA^y0is4CSFmssQa`!2Sm4*!gY
z(^@BC02EIneLa+uptc<-B9-8uZ~K{)<oKygyIl@tIhn@+>(!KAfID2L${Tkh|3~1o
z4O0Bqds|Q2>sfzQFaT$vJI<GERnz^M1x~l)thUTG%@2%t;4KaReoF#wQ==ZXT#Z$n
zhM0yC&Ecec=dLmWbPQx4-hj)O1sJE~gM#NRo;z+X5x|SJ^e0!Z1t1h}o;Y_XW<^qn
zu*tJO8!=6^o=xPexB5Bojpz<Tf0Yi7+u0D*1wZ|;vA`za{Mq-FBGW>jsi^Pv6aF;R
zrUYO{C~O0J4d=1dBf!_vo(1mE){czY2IdHpICK{z7W#9Rv!`%FzsQ>ux4vyT32+H{
zzt6_4{Md~`MZ}~Fi2^&(d-mDQ-=Ln~zGBGVqcvG1+Xt8^qfQD4MYr**WKJjJBKdSb
z9ur^XKV#18(pAZaGdG~*-9;_1La^LS*5~h-^u5C2ePpcPHm>=BPH&O`UoNyqajgTp
zTbkH_p0o&66fNWATQqiU+{;_mt?|*;8WE!Un?1~H5!_AVHe)1L6vwdp+0lT!k72&t
z&*U{|;<CxBAtFeM_2Aa@sIC*+H%CJX{PvTTz0tk+eQ-fvIpwYw0V3G0C#7?O_F8QQ
z==#2Fi$~_`aZY>q=R{g+&TsITu85BS+D*$3lY=8d`x4MQ4IaeO@T_^ae>so0j;VN{
zba43OaKH)iV%)KI0P4OZAM9+eQs*YwwUDTyK4Wg3{?=Cg<<`!Y{0nQ6n_5K)0aQT#
z&#?SKV)Ja&`lI6~#p~L2R}e#Tx{Gdw&ln@#o28<m1d(Vt9Ica#u@W&XOts8zkFG$6
zh|DL|<5sG$x-cO#!8!RG3lgnhXm;yq*oGmM!26=?rw{5-GdZ{2+HC!=rqF3v__MtO
z2T~H4O#oB6v0MeAebo<n7E>|x^u`4`Tg<~DeP2>KLO9hk5M5%&jg$Zn*f{fT;4uV6
zGzD9W{B?8Z1B+Yuru+=@#oE9Z{(6*@a+*9DQv8;x*R@E`2IFB4&7_DHNm6S9fp90m
z<F>bh*Wf1CPS0HVpF-BsY2|Y5``(e3<7oHg!y6t3F6k$uY~s>7kAJCkN}wHLsO4N-
zx(~zQGN9_wHrCS#dWtoPTh)n2&-Ot?u`cKd7MeAmnOB|pIB2?n7w)XAc&$mWvW#*)
z@yqN;)=M>yucFtReG-y8JQM1%`Z_~2M?aeEcL<KVn5*yRKe~2}&%KcSIae_c+mzn8
z8>5it6_-hKitn{ecybwO>Q0^Q-9nttzYCPdf0e7s%PrJvAMfE3R00SZ%_P|l+qVin
zYqVW9DQz}=ETqJj19BSFy?VC3fm!Q$uyy6CZEX2x8!xu@NlQJ!x)pl1hmNBq3-9M6
z?M2G4kwCBfPJ3O^mifV&!G2}#v#Gk1oHfQ~1Y^H!ta@vp9GK%Y&QFwmgBDuyB8D>!
z2nCyFM{+r9x)yI3=Gu$55?sFC@s9C&yjV?_kMVqbrO>qZl{BSPAL9&hQYmkqa&C#A
zT!k(QJ6UfS?;+`tSSTpA{>8GYzY)qloTw$f7{d-mOTMvKL=o;fKNeg+Nv3vDfp^@M
z8)*<PiR>&2e)*-)0>bZ-d9yWTY472ydZ1{)xKCR%8962bV{xs<Zgg|oq2%MtmQgk_
zqV$J`Ff%t<&QR-jD^<ZV1!gRL2t$hQejdYo)h)kRYL3bKt|EsUlj6q2n+qsn!(BAv
zth?IeXv{<#0j53&@=`m7Sc^f8T*4oor1vaI=!0v7fmO*De0-SU=h7i72F#&>;?*bd
ze*^LAK-k%b-!OM&PF$utzxv0gC3bB$K62<nx^}bWgbuzrT+-HB*WBldy~Na|&k(>R
zuiU_MB_h|ZJO2;TxfVxSyC+6Q%2%F5wx22DpJ!bOe5v$d=HWaqQ!U_J&P8?bR_$C-
z&>;KFN7>J@f&Z30^%9fROj496Pq)7InU28@+VuIAdXD@+6S>P`K2ARPW_OZj!(u$H
z{zkX`h`)q#!-qlE<#WEFF=e#WGgpfENW{_;uhTd^AghMTR9APg@PwLQ?<?J8x_t+~
z8_togV&>I<Cp3f&B>?q6uVs|SGr_8D9Es_m@*5b-cy~IB1wpSWS|XeF4#Ky+BZOrb
z%D_qRew2)=u|SATW|!uFz^h%+z<(hBsnDj51SrVa-WR|AssZ7Df-(*S*9K$nu#pcC
z_|SRq7x?h=KQY0^;4^8j7&keAgD4*f29yBBT!isYH1b^t3CQ_C(n=G6j2UY#9{NU}
z{yzcJoDlGmw1qZOLB2D{tfjSe+%PQMu0kjyqP!LDoqW<N*BFH`z`Hb>>A{T#!L<q|
zIJ457pbanl2Sn8yZ2<b#<(bKt$KdC^rzK~R`fr~E$X0&|T7x>%0h(YHA>ihJ0?Ne#
zSFE;6B*jl4K;Z^}?f^JVzVAPA)n9M`9Qgn74+Ma2n_G#3+yLd8LP9}d8_L1mGP?Jg
ze~6sgpVO{n_?g!MfM#K(x)?-&N)SwPf^_Nrj_ZBv1c9^N2nTd7p~K2&QxjZ3C)hm{
zfn(a0z{dq6`#Y)`P!f_MN`l_ia-s)F`GSKiQ@snEmMY0g(BHAk_k+P-y`RG!_>}0c
zcMdoa1hYdj{{|q1hz`k6QB>%wg9*^Z8Yil-!i$WN6Xq!XcR+c9IM^2nYNU;9p})b?
zU_%O<V%YsB;AusWq{}r$3$DIqS7kcOL0s&NPPG<(s=spr6riN4kQ+V|FM;d?459_C
zi^mH1==dja|AHA?{3eWOhX5>nF*AhhHn~kYXXPeMW*Le55WzcYStjC+f@d1oQ^Vd0
z+PFUeJigU&c<{w&!1RCeanLt&`PfQV08)Sou144epp2vBh~QtLvEa`>rg&fgV>;AP
zBn!s4S{ZT+V2qotj*#`$y#J5&gqD5)wT^NWM1-`27RRq5^UJd8KbBJltWj5fyg{ri
zI8CJEJF_m9^Z&^Y{e9RxgASX^tsuQ%@c-{@d5EcFl282)B>O!G$(}KG%TxRROCSNz
zcP8f$?%&_dGdu|N{(l=5{|vTJ#D5VMME}<t80@&ehlQajqtQRY-G>&Ujesn}{1s{x
z=5KCpR?LR~H!1zU4)4D`M->1d)MVFmCve$YnEo>ysU8V{Obu|L7A$}wp|h#fRrA7N
z;mieejfP{{VX+kv|3K@XLWk)Ye|9M<U>#(ne))8<kMUkRO8<S!-xdd3{zh)t?GP%1
z%xga+v^6dc4BWMx#rBPT%{D|_);sHee``K^5Ep=LfGEWhs`pqs(5~e0jvAc<Q1EQ>
z1RDjc?RNK;tmN|CThv71>7{=M$lu}s&{mRSjGk}cM8<ku{jvk?8uWj&KzVB{cYycw
zY{+Fss{SKeXO*4aL5EPJ|M}Va`Pi)Er_wJ6TFxhPMA$1`k7)&MqY05?mdyCkuOIZY
z$TSoGYl86Ug{VO3nu})<U@CI^#t8S!+iZI1YiPk~*y$eC@~Wr5-c{=0Onsk-^5^k4
z%#`DiqIFg!4BE~Svnh0@fBi5h+XO^3tn%5<SyY2)o2?CxjI5k6vJia3KjhT=UGd+O
zoD@Dz2-W*p<46R%{rRa^s=Nhr*jBE5OJEPS=fc9qIH^A8!A6*NM<BJ{dCX9}foeSg
z1#k`8C@=IVxM~dG-)O)P<y`a`*`1kiAWtOVzV0@)f@qLsDj<MVZBq(|1J+Q1=Hj{k
zc8`e22~b100a?;qAX<Uw5IKNqC+`IX3)K;OZ6{9o^Vu&n)dLhAr{HdmQu2xCV;;Tw
zFI1uTK3MF%gLU&#yMw=k1)1Fd#62}KEtGX^6(!H%ui%#fK_A`3$$1?ri*gmj=@~T`
z75B8{pc3{H>6zkrd&c`trE8W9(FK*nR@~-%+slV>Fa<(WV0=_l1dLKDLp*^vkw37l
zDJmCPCKWmAjl2Nfrf^u*?heg>J>%Ikyn?)n3RDIwihxR^KR{T!e*WB60Q9!$Rsl%X
zy0t{WezE%o(B1a>2#VR#tl2Y&jv%~W)e`{8+qG>g2nO-acN_zh7)Q+lSE0F~vO4Xb
zJ?nE5iiIn015V1I67ac(z6>E7A)OoOID~zSB>A}UN(r&=b&^TY?L*;qt~(SWYzCxb
z>ANrR^i!ulU+UgT*$gxDhvc52Cjc{?ahp%p9|6i*lFVpozsJ4?2(*@uEd$lXgN>5-
zT4u;<#h|cu4+HQXOl`=4V1|d5ZSC%ho@4x{r^}j+d3w8yUfIRtWlV6b1Aycw2T(Aa
z@xiP=B}2n~=oIYFF1hwd4IOsHdrT=x+lM9=T6j1*Ed8g^HP(|s0~RC4VdK0D-z!KS
zI%MqV0yGT_$ohxQ=xrhKU2F*IjQ3geI@v(U<iW-(kvl+(C68ef=cdLJ$3ccx$F~9~
zWo?Usi+r1DW<o34Ga*bL&^nl5Q*BPlvhp5dz(-4Gw+vWP1p;g*w;;fdVJ9^%e}{mS
zN#qjz0AVebW3DXWa&zUI7`6}r&e@0R<=l-XI$@5Joh*^?)W-IwhkvCeH7Ss228)v-
z7-T?QT3~WDPHj`guB25SPGUj<V=u0+BzF`0xKfCn_59|^NIR1-t^4;UrD^5z{rRSo
zyB}T#01+lu&W58)Q)H-_?hr}APWOBZ-Ptmo;%wuUk7zwoA8lIB1PDR~2gf6-jo)wd
zdlX%R_5?0KvA2#a4bge}FLWgm1Lg9pq2i^Y&o93{J===k_}D7MDlbLB*Y8u@PXD_U
zYP<{HK;zqQ-vpryXH$YAm+Sm1OPTt6bT;^lXx02I7~ZYD=akFZe#eMmtyFkx$J=Zd
zOl5daP1s*apv`~)2vdAyeQxV@tgGdDIN$MY_Dc)kPSxakO&w1XM*x9yIOQycut7WO
z$%mS~^1^WCVhh(5-6@>~&VM1$`MkpeO^Zi%JghLNOpnTMh+@?H6@nxNVBKc0i3<64
zDj8zL1oqxX3Z>g2J9+9h!#CPB>o_?Z>=-rBUXi;#Yf!p6Q<{2e1ti<9%sNeqWcpq(
zU4|dqD;$80LcxLyh!6!Ah;jCbdxX-&z1Nlfcp+P$hMA2*&)vLR$xDne)Ss$5fn4>S
zEQ{B}7ijXX1i~Wk5il}rRFPweZD%BR1JjT6M$HdK5-C7~QxMX0pK<AN(;ETyV=oGs
z?9)gM0*_B1{Gv86Omnnz#h>@;4b_WD@<g_a5<h+}dcmB5_){aE8w|ds3s6^BuThQh
z7F8xBOYNf`SmdMw>;X|!y^2r}LT*mZo1std@D&sxF*YmCz@xO5*~z*C4nqJ0<hLs8
zmF%sQjr(NRu=%sHZnwa@o@hBTHf&?O1Tf3u6I6_sHV#*wp7Rg!3^C`sHn&U5v!p5F
zV0zrG_X6O(&9iR7?M~-qAh2~q$)#OYr*}xtZS7lZlOjOpe)0ce>oz`)d<8(bLyi+x
z4&!I6VC?!MFL*G`nOr|Y+TVom<f9q0x0Z5n!>PlT_4a!<4+e~Ee0+SC>k}D=fWgBt
z<dNb<l5%;Bye{4OCQh*3?M{2|Sk3nR!Mmx6HXlJS{)(P33}_e@o1i$A1uU)N$0AHY
z@QD6L@X)q581^)NkbAefGU5u0zadcX99uNmX@cxct>FO2Xx+RFV=tShLtS&2c2~wM
z)-jxz@cCIsR5uziZMMS;6#2)fWT*%=EvHeF@tadXNnhE@;8I8ta+!lJ>G?wfDR{`t
zl_9}UmI^Jw9f)e={+*fvecicLz&&P&Tk&ZR@NX*ubAif;(Q8bbMKPQYA28m%L}uT~
z5r9-&<`-BXAyP1bWP8XU*k7Du)Dzp({A*=^;8$_uwKg(|FbM5H=n!mJyrSEi7fcno
zd*^^1gQ4V%#GlQHR^(?0;l!FP^>HZjHI&&|ZI^6<Xl0~0tIzXSuEfy>-Olm0#m}sz
zJafQ+*jK!(MU6<%)jBj*8^fCIVA9(R8FKOG7tc)dzO?I0TyvMC`8bo(W6YK3EZWuD
zE66<cY$xlAOW&Sd-?1OX$=iake4O3t;aXN<>?HavTfgVQ&XNxrKFe@i_POd4`udb?
zS}V)U+co_xTM9Gz!_t0LvHK3gpF32MH&iJ!j(q<KibUtvc7E77#0)t`XSXXln%eZz
zPiOF7|01Mj@(+z-{(gs!6tL&F{Mk#l<uroR!UnsNNEa1CVCFu)ybAcHHT_So8Ec8b
zy+VM~LJ^HI#E!rQCwB0J=?eY|_GAU@G}xQh_YzW=h>V-8omIb~=WYzeHGI>G5yMbt
z{!i|98aNM=9%S5Q|6+1C6z%g}BGDF<o36z}#oim!9o-GL=!zh+QW_f>vkKbjK|cd^
zCp)j%Ya4?eq5ZHSS}#y*q@x++<EQ}A6m}@l`lvsNID>e;)kok@+9(GsAf^LILa#72
zRRG=Bta9=De$SZ=KSnfMqR68w9h<(Tp`yj5{qaXyXxeL|W8mSrLhW^JUCR=u2u<`W
z1IB@^sQ7~z>PNy&W$Hj{NXO236DyAh-}iZEsFu;J-;+?s*H_0L%fjab4`<y+dF@wk
z*gA_fjG-|lE4~}vGecr6Ee=xj^a5edfM=AFHPjJ6`=H`Iipg20nJ~T*;&r>?8}@BL
zTqv<_C-x<kt2c^mDz)x3kB;$U4_l-)&G7oG(y@lhgul4VW`B++A~e`G?e#{37h|oR
zYATp(9CI9K2DD7=x0;?zB~`Rf*ASbI6zW!a_P9;rvq;cmdJ2qGHoQ#|Wug?2R%&ij
z#1=i!e@};Red`vCtkoACRuTD3%rgj0epA1p_Gme;wO=dYt{@Kl#pkk|R^h#3JD`0S
za%pB>VCqm&P^uRAaP-({2N=gcXrWqcxPl#a#gkQEom4#0MvTtj+Gewc@xvhf!8@5n
zTKc!K&F}I*KLbkjsqS)|xJquJB%wW*C^(v%?laTl3;?wC73=)xooy@+Usduxlr|!H
zURpxwb?tzNo+nQR7tUz<uzTHe|5L>lH8cAJ24>PK!9BSSVUNUg*5XTBaeST@WWx=!
z0OwuuguEu*Lc`c_Om%d6{7rpejuvxy_%0EOGWWqswYgWuTmZ>l4vbmhIjelKfsj91
z@bik<5GFjDipzTlo5e;yY~fqLB(cgls9MawtnwKc#7y}FrIuNv><3H#xXQvDKJ7W6
zEY-}3wNe#)wNK=)I*uE<fBq#bpz!EdDGDbxmA0I4r0FE!U~ywria9)@@w)l6{-CF-
z?Y<1WjsFx>nYy|U(RjRh4eO*w>VZ3luHVBwboo!kOY}KQ#1sb&*O6}EM7~A5*_0_|
z*MJGb;@qr^TBN>qeurC~QQ%Qzu+o{)(j3qtoUkMIVqhvLQz3ZX`Lq>quogDJg7l?T
z3RkgRJJV8uc!4wcsR!aKk4M85kytLU@*wYQV_^^XBP}e%7w`F33Uh53Ff<mR3Yl78
zR=yTM;?F8hO!^TY-HQ_ItjhxRDMvnX-j5jX<0NxJ%1#EI#G4zqSL<qnLJl5ms+z#Z
zj8J0O{D@y~)V~1Y%9V=y)Sa)tK$F+;0`1i@JWq!!GZ>p+LW626M51;CN3)Ve*36ZR
z>}4TDx-Qi_+bcx4H#PR<SB&`K0fGiCp|WTX<b`&ukstO`%X$q2d4!d$|6<a2(m_|K
z2|TC(IxGE`0!Uobgp>UFbRh->tTu#mz#!V6#1=7KAn&egL`a&L8TA5XHA~&ui#;xo
zVwxk_cS)J3hTV_;4bRnPOmSYgiL3&nGX)hbeGMQoVndUyFugM09yz_ODDUVY;Ag@=
zjaE7S6~LYR76|CJj2Pb>_J5wbfr1JK;TLr`pr6`H;IehH7jd6cbG(x}KP<T$1E+~>
zHb}tQmDSh5)Zjt&iqvwy`_b`}PCPOC<W^iIY9`%#-$HwFfjd8SerUoe$+YGc1I&$v
z>R3F4amzOd#XSy6!1*oRfeB-l@dB!kFL+5jx1v*<YWNVYw5K}{PdE?(H#R+L$M(rv
z+t$G$aW`?(^Yng|GyA5kR*wReCE0K8w$B?nAU)D+13F%}HO}jdk~PcJl2(i3*zHAb
znzw?Ua@O{gr#Q)Su?!L`?-IusI^(Q^Cco(OTS-(JI3>bQc^4%7plg|8^fa$e#g_*}
zpZyvJXcJW$>(F8H69yrYdK<oSdP%Ex%$P-G?4N1egl#D-aWV-VNo$_HaXeeO8eg*H
z`jjGtL-o<dS`;xD-s)PHtC!uT42SZ#wW<!U)843AD}#`g+sYkrEPQibDgEUhP^;e2
zjM;J&IA0w&*K)bzc`&mnUQugoq<cL5(N;hmXic-_2jLuVOw5r{CW_5_j!_%}kYkQv
z^2sQBbJq#E!C-02cUf)JlLmOv(zui$-ys{AByY95Uw^}z_skKa(ba}OR&4Qi$5o#I
z=%aMf4;}fs#j%%qOHfxp1@<GTz{d0k*s3LCjyX+DSp}J8&6syL6R7~Ou|CEUcr@4~
zR)6L|Vd{0xs?nxvke4uc@XXV=D5D{V{>&IYYn<0p6!I0KCc`sNOMPAfs1O4g))|Yl
z*FC_>3jXL_cw6M^`%XvZMC&v25_6(8Vz8#io1Sv*F@8Bp+$?zvNUZ%HyyXEq?nke*
zXlFvRpM~J3;mM`p<6NDIBi4G-2Bxti8=B(TI`HBX+^-vU#{HR{uDPjuQezVsu>3Ip
zDQc9Su!4s9euFm4d{_4`;PC$Hx2r_Llw}~qQ+F~(^rx=?R|1!ze*~8vobtvYyoxn|
zlU!h5wZ}qW5lq;`N$_k#*yqTKDkdCWCCA|Fi<2Z}B}_$G;bFCGt|1v82*(hb;`lwE
zmV1!jV5=}XJ$0g52ON1aSKmKrX2LVYsa&0`!oG9vgr9J)^U=@xv)#g8<T9YtoAbq#
z9~-oXy=1j&UE2mUbTi9x%FMpv5LG>W8kSOhj#SYmvKV%;vB}vlsEy#2o4bm>4{OHi
z_Er!SZ8EAJh3<TSP+D(H+cUO0S}Ie`0#FhMESz?`*j@)>4VsU#*z*@NRrwtL=%7fx
z0gc!&!veOCX6P_Xt^0;dOhp+Ou_4hyLwJx(OnM|@pS;FN%hvR`fy^$jXgf6P!@z7n
zqS|Rj1Q#&z;XgGo*Sq%4<+2=#o261xKEA$t_}w`6AY*jPr0pnj+X?MBzMfulZG&rh
zcXWMnI$w023B$P?cSw*x61cx&_I2d&x)Z?uj(L9VglQYAN3qED`;$Bsj?*;5c&+{U
z(K;HY%l@mL+hb^#R}ukOqls>~A{@sDZi*6|d?$l_E-M*fn+O)d<fjIF=JxuhU~`Rw
zXafuK%M=ePbaVtaeuzx9oUD6Ss>o`O9o)Ba)9MMI&r<s90J{oJganqnspMH-v!B10
zA2RpKO^xNRxZ8ZF`!}qiM=L*@;a`oG2qcy&V$$t-m3p2lu1R()EgEcci7oG5v5rbs
zgUTSU4UIEh1Fy*wAo@CM=l(jzj`=pV(ixyj;Y?jyvNC#S)FDv%lmNQ46oKQfm0tey
z;SVVh9fI0Ldw{F|=ziGoG-7FP-S2%=M<6XG%n5rEiPWteaXH>O(}4@W5?fGfaDl1L
zqREenJ}UZ}$1e8Cz{Nc7Q}+t|U~8?UgVm0~c5AKt)Xtg>iN!=WieU=0e=PykUO;C^
z#-;zwmOqIGNn<bPjDoGJ>cK#kFkxlr*^QMd21dW`-_j-x*-$%Qx!~|{p9K;kN+r}%
zX_jklBiFqPvG|$!3)*9NOxm{B)nh2be?9&gv;4=6efWf=e9?SjEx!J>Az;X39v0Dz
zRmZV$70Ee{Wy;qw5In#+G6A%%4~;cQAEN32Hu88#Tg*F5wi@;YGewnCl@amoqc6p%
zMJEri^x5mcBz<J2FBPmx{n*X8Tk>YU3fy<G^vR0B!&E48Nx(lVvq!v8?a+0*UOFJQ
z*A+2=wFpo1r`AOR9c)rP(A^ndI*<`AQ%>}ZCOmP)HHEIEuXcx@itrCk0E8a0jV@Kt
zL>Ai@&(ped^8?@O%tzp?{;(zipWzpY4fQ~Y<J9WRc$mWOm)-bcg9vzNjQ#jBzIWI}
zN8roSU0tk5I%GfB@%FEVtj{5+T20GzfkZ*zpx2+)mX!}Q3IVzQIV+yo5w3~!CmVwn
z-H(q_YAV;0wtX)1$!#Z4km$N5TxNUd$9KLvd|(~tV*0>Z11D)k5>DymZdoLI<FX~n
zNmmgPYjHyY+1J6Hy;pbtWQXK~5U>wRGt&3Roh{C&yx{~y(Tj!#=w{<?fHmtI1$9Ov
z!YqX(+Sv8x{Je17;}>nuPj`o<vPw;39nKCHE1MAD?a6yJa&WqDD)~QX;2aO4*Lw6h
z{B@=HOToh*BDS$ekb?}~1l(nR`SaWJonEO*2;qm*S@X3&lwIuj!H*3e!uL3^>`>rw
zMX6X&vi;o+xX$}a5NY2dU(Pz+W$Y{p<LMYY_I6Cv?mL*X0-S>+qg+bWn=DB{+5hqs
ztW2m$wtLfRGf59zcR9w`Q%IR2h5s4_5<$G4tIU#ia$vk`Aq4VMNc>;<X-<u{hnJ>%
zhpGLw=L9nB<<TeLNq;qtnU(bUa>)Fp&q<f4SM_Q9oF6<`ZJ4EI(`PV@aQ}pBDvjNm
zgLR_)E{lE@_(<4E(CgMA%r4=+nvV=cxdQw*fJ;;wz0THS5`%?FxApK@EDa%v%b^*7
z*ZYy{Ngg@~es5rzwvDU~pl~b&4N&3<J;BAS_U{s=x%fm}XkNlQRGrU-`u*TU139O6
z-HY4>*ZN=SjXx~}1WRIO1uT|?BMH7x@OmEJ`d+t%vfJt)AkGPBS&20zKY(G(g}6`{
zCz!*8y;ys7p#%0;_*tSus$8+`S8Vak7QXSa-EHrz!p%!RdpLpYggVmKhp~`FXbl)?
zRt;l;2i%WNfc6hzmN@&@W~8?$g$4oYHD8ECTvntnkqHEC?~%9iBT=Jl0!Z-m9TT92
zp5iC=6*zq3yGW+Nw3rcS0m~iXd{*(Be}&L6-ft+!I@!G3Se~;a5$D;PMQjT77mGj>
zd|tBE;u;fv``i^@LO-+odjRe&iUHH|HO}%k5cR(#*<fJ^U0%m|cLRhLyIwG)z)xQJ
zX^%KHM$(MqYO~g#Y;k|SZs5P9pfxjMp%I6jsx<(IS+MOK^16(d$+_o$-P_ci8^7#(
zD<T*h2uT~)WsJ%luc*T*Mb`cIfnj!np{Up$ObKLI^Sd>>bMDx%xiYVOGf1I!Xxno0
z@XmMpx$WMHzxuiE;N}7wV-W>gYFXsZma2FFdguTX1^Vl=kLQc40}zbs0X_xV@zdC-
zp&@Ge8=>_iNU&c>i{i4W*uR)E;>qb#qZwZfOcT`dy;Xnvar_oS#lc#AQR_0=6t{f8
zD7!9Doyn7RonCsB1#GD-lO_YzrBYxMC07mRshL9{J?J9P5s0nLUw6*G8#v-CJz`yV
zT2^0&IcbIxl>1FUvFwxf!#eaHh1ALq9ls;u?ItAWcEEW1*=3qeECSp8VCZIy0hMZ?
zS_yX?PDaRDyc04NoNk!Xdv(rwvhQ`S*>TFsDNNLTve7^L;G4VYj=<Z3c}eoFn96l6
zXB@3Q;?P(%{pAS0Qj=u@)og;lX34+)kO`dxIr5TAK~PSsK*x}1mIVg^*ooB3M%O&q
zISdx8TYGN2Jl%amm48K`aw{bC6@KL7ESgSvGv#a2TJp~46!HNLBF&6>`FL6$uLkv@
zQN(j3I-PhX@4CtDUH~2DVQ=x1hY#lEmh6!j^Tk%64T$O=&c{b~H?4fpb@?r4*nkxO
zHDlchq@`WZO&Z61@~L&;7L{Y??6?_%mq;^p7Z;4uDUOZ1L3^H%;rC1-8_X133>LPZ
zeuABBWO>QW+&L&NNP*$*xeVeH-!{0W4=f~|^c@ow4c5wsZvq=G^Q7E91{>8LIk>q+
zSN3CtyC4M7%inVT3QT4!D8n0MH&3pE{j<J$?S%<Q^CnRsDS;hCq5wKae&}9BaJP=B
z#_Ph4mKci-k+q9mmi~@IkGU~m^h21T7UB5As!Bp!I<3xGMF+N@DVKzgSMihE#`+qs
zTra@-xAoUgfR^7}$BvLt7b!1sH&2!pY}h`9Uq^9K+SidUhj1TK`2)YJUS{rVku$GE
zNIwjAYV@R_xz#VDTMuz!hO*C%)84eUn{Cfkf&@`S-v4!6{VIR|tBDLawx~l%*t(OP
zm#t@B)}KpZSkAYmRP6Q5SYOW<mWa{56@X};VG#XOP+ff5ElOyf_^w^?TdqF>HHIG>
z8Z2l-eKpXzNw?&<BJgp;Oatbg;xd_voEP~d5>QcMq$})pSTxL}X&ubTyRHMz<WRpR
zi~cv2HB``YU6b56zjW!+`S~sHjHy4qw5!S2;l>h!ftG<uM1f&%y`!9PC6rNdQAHn#
zvSa#Q?hFckN+8aTt1cfz<?EZ4mQByd2*2_cmGE2a)vE;e8d<gb&d*N=pI7HuD!oGd
zT+$WV9@_47*sogD81z`#TdRAT%Fp#;rJ(Zc>01J^>GQL~?dQ(IRcl`7`(AS#ERUU)
zZjqoHL@RJJFWkC5ifdOa!qIClr02NiF@qh?jOBIS>M>IxK#mc4Vr%wu?WlI-hqRXC
zJPmU7M%;~Yt74Ur=d~t{KYlz5Kb1aJ?%9?4S2JUvSN$3fF7VQ`#+H;ck+7>eUOMz8
z#ms1*$4(7tsyl@qc1i;pvUB=fr6mWkmf+JKx=Jp8#3xJjF#pj~vrKksPeUUw+U^lc
zw;f)kfy_|7Gqc&SQ92#Evwu|y_HNh#f|imd^Rc+5ndi^gT>a5tp`1AbRPWxZZo0n!
z0<4HpT$rJ`)y|L8_rl2|m18!tW$5gO>3gtL4M+V~kghloZ2hIEY)b1>wQYe5D;J|P
zG&PL?pm2jZ8>)w&Y+Qt^3Mhe_1$A5toripC<=n&?H@=>HOs{87!MN*&-@ktfkx!L<
zVK&(Y8ZHcGIkF-Z%C0J<+=7pfIkwxf-3HWN7szYt8&^pZjA$31C9Nut_b*nRi|Zw#
zrF*Pa2`OffyI&}6|517NK}Y~s4VY!kb~^B*4puv<CVkUz@i~D(B(~D_dMQe5+^7h>
zAH{6{_Ao@3fv$J{W_Ki!0WF=%=86sKm5Vh7TGH~y()JO_dlKGD;z4Wwwww>>P{cbO
zsDNV#bteIL-2~c|6eSx=G?+N}x2Asx*y4k)xIY88V*@haq+5^mH>(#9zgGkTJ2{d_
z%3n^JkpIB16@HHcd@Ew!WM@(UqmbveqZX`1&Jlk;-5IM`^v?tTdLQ%wKpj_>B-rA}
zhh6o?eq6x<O6cN`|L)`A0=9KT{Wpw^N)6*BrKA$87v?K=tP}(W^&IA+*Be(p<AWq8
zxLv^lebVa1C#44=#$Jq;@@(ZIf4RH-%VH4X17+{#E0659(O`tw4<_ANi@uNVj$N#L
zW}H!`hH1|vyYLqFFOP-)*hTGBz-gkS#pr9TD4gW}=FPQv@O3}`yB`j|hk;sIK?I0y
z&rFsKf_1zjl==;b8h-&D;-<g-u(t%@4aIQc4ekJ!-`hV~bi1w+_4NMQ4|ibXVpjk1
z2+$v8DZ$TCkxWbQ1XAIRwI+F04YPc%7aRJuQHxQ~jer0B4;X-n0fWiC+@<SCd9H7|
z6$zNkDd~&R<F_GoWx>E-ra=Gks$w33&G|k|oa+=A0|dHtXxRHS+wWXN9#F1s#rb#T
z<x4&)Xr0MCB4GpkFm7%pCvyjfvK&il>anrMg1V(rXcGtDk2hR5fB^Kho*L^==%>2<
zcRv-FakWdU^<(=ZEIw9Rae+J{^=FU&Z|tc5^2I<&0%&^jjDF3-_}dd+MpKgq>dzt9
z-_9=Jnlh4m*Bn09Z>wA>|KD6gV65~1=W|1mq~aG?T&!Izm!6)k@Pw44cW7aDG(pH>
zNizBL1%;lb(j|k;BaUawqO3*tt=)G5{x_cvD9Qit<cX&LbOZjEi%0c8+~0=(v+%+F
zpG7AyZ28ZE-+r+Ro4UL^EW9h^$!#(+>*cX8K^5G@JwvOw4|#+Sg=@$KfvLl1nC-YB
zNU+@?!NLqoKO;ZQk-G1#hS%g4{VmUWKWIh;VYGQk?VBJH<h$2AshG@%PPKdPFA_m#
zjTrAg{~6!^x01yFWD(^dHGHX}a+bxBF?)B+wlaQPLxDf%%SGP%8VpVie%ypfU}k|q
zI%VU38RP>5bRc<o+w0X0e=k7ejy7ve`PU=~HwP&XVNN~iUV{ef5@hrm4A-Cjov#rN
zkHY(7hri)_9%l(4Yw~`gSAN^mcmD2m&gPi7vE3{wg<Q^KC0Vfg=ssf85!)!a!bY+3
z;4Ok(*6BY^J{<3cFlvy6NqD|1TnEA>{^>`=w0Fu@g8u|fQ{Tal%^2IK#Gae4#>Xjt
zx{ODR=i}*}hqQvx>uT|0NX~yGT&PxoJE1OgCsIgSNO6HIN<I!suzn8Lef*RH^Q^H@
z8}}^_XCY_c)8S_}Ss{UsGsXuBm@a?BRm`6sYDvW4LT>3!>WVAYEs~L~?lY+~B}^^p
zL77KyQ_I>gW~M8J-+6K{@1_BtX6!&9I#wDn2Q(H9;9Qm`SKirtm$`RWaW*!-nMjuz
z++O)-006^X3v>&YjZ%&kzV8BX77nDi`W)PWUI7g{ftr(fw$v{_`}<yg_Pq+pui8ag
z=e&=@09C0Tn8~L+I(`USINGs*49dyD<R-q!Lin&vDUhdT=Eg1~Ng+Q*%J1^*E;~BP
zcQ^vI%)AT}lxBYBze_XlWC55o55orh5jV!w`3fq7!_O2CHCR*@PIAIy+C+aIbn1NX
zWNM{0lO;5*JDyk%jIUia+5M0Tq&a80Y(4Eyxs-0B-qV`!c<E+f3!K={Ajv#uAjfqp
zPS16zr5oSf30(R7uiWH)TQ>}_06p|412<qB!Q#1)S_E07I}q=i0sh12py#0bRGiat
zW3{yBrrT<<lskjL!o<2~r8P#FCfQY`KeZ+t6%<bLC}a1>t{P+(eeS$UROkj(LPVyf
zHceq4e<<;p2=6R;IrC<H+k5xY8ppm{8qT1cGzy5Ejo=^6#kZtWQ1g9vSkN5jha{ZC
zR^n@t*V*Araim8+f_BFlFnF7TNXD1?<k&9ICad#d?yDMb4qhPPD0k2s=}7>5)9hfo
zJ0ps4gBsU|9o@eI!iPi&sx^-Z9>5u_PQX#Vl5(*}J3E2F8S7CVl}<~`hws@42+?BD
zc!M}Rvl^P*!%{Y}1W?H-XkKH$G@m%CYnjBV&&CB{5(fe|rYUf*J2Bt|Zq3UzKu31b
zAE>kOJj?AD?>IT!zEJ$NshW@507wK8X@Vc|4eY&jF|(-{FjDI><*zQeY5NBdP6%pW
zZa|<sNUbgV<>7@EE-+kPDRgt`yLbr7j=Dcljl%&e?EzU3*&;#=&{e;7KO)IUQhs&a
zE24(#o5RW#@@|I8f~ql<nU7*T!M&XCCAuIF<(cgCh!Cv%5{)*`xNa<FL@Oq|;BFjx
zz}Wc>Ad_rZqahVf17JOzOECtpk%T}@mw520()TuqJ2=n{_|w8~CNc|b89U2DSC63f
z^i9Ey2L4x|oy?G5+;V$&INAgJTIJ-hVdJ(Eia)6f?CQ})V0U6L2Xe38zF_J%Q)H)n
zH-}MLm{!f67wfu<jFl~Ob+I|aT7SeiGkvM63^FWg1ZrXJCNV&uKo;WO)gwz9ohRn+
zW2^a^Nap&(*{N@>yDthfnt{Rpmw7N})Ia$8N|+#ZyO0M3jF?<|F0>{mYg~#&Y1SaE
z1~<!^3NYx(T)dY3C*AmvKu#7U0y~=xP(D5XQ{tN%n3^uYWdaZ$lOBjyFZ3(=MRqf0
z{SoUP>uxgun`CZW1iTyrZ9TUWIS@-(Kq~H8f6QwhAiii#!tih!LL?jjBn93F0B?L7
zYsU>RT^qB+^}G<U)Nx<E7SAJQTv8aqqCP^-K+V1*0D2rMrZ_Akqp7b2-fM=sKoZq)
z1Q>D~QjGvUuMi|oYNN|(QJw_hEbZ!{Fg0kSiN{K`t#e7Dz2BR}0v;L?njQh@OT$!x
z;2qFT7ZE;(<mR^bt!g$~-t<CKD4_jU7yw}_-?Ra_)Z39BzylI%EEBbqKavKn-KR~1
zP)9MOAsNbjU^tlzL1x2UZ0@1`1YiI=itSh&x|H}QPTH%{nI`6fF=#qWa^*~rWCM=e
zDMQ*~u#&ssozO*qHnn4B1@z^+9O5R4))nZ`FuG$IauD5sfL-5!IH_oBq55Z?SkT^F
zJ0Gg7<4VzVWqq>>X;r2Sg?5W36SrsWRMwxeKmgGh@C+{mdHRB~j&7FIt@$G~=3;*q
zF7i*E1Ds~lw(=TdlvJ;Xg{omxNXrxC5@!c9eycNxxlpI|)a5?AY<ly3wF2q+^6)=*
z0iQEmQ2L&0-851_g9U`^fI?zo``2x{3OLD#-`Uw;zQVTuXwNvYbOvL_q~|G9=jijp
zjW<1dgbPmwUCUDnJzfYJwxpT5T6|Oz$dd7jJ$adx>=eQ?Mw?xh$e70ZBlEFu1S(0P
zG_Q21%`{ELGd?49CZO`I#0!u?Mh|u8m1RP0WaEKC?lZ_a(Qq<uA1Hn2$emWjWecyB
z^&=rk`0B0{`t?=-fz5r}RHfIO%dZnvom>?CbGU$g8wjEak*Ds(O4H!V&s*EN=^lUt
zLva;v^U;ej2&!q9c-kKhngEBL&Q}V9XbFP}@vf?=e4hCpt#lJY7NrZF?}O<tkD?DJ
z?joSJho;3i=VC)ZwXG+!mf_=I?bkMH7KLozti7CcF(YsWKuKHX5`}Bw0sgeXf_U9(
zYN?rc<%TDS9(UTBl_%>Vb%(N2z3`L7AmE{{>>Jq*ZG$h9xkmt<c3bawY`En_$W)G^
z{Qe;XKytlFIX<Kae=|KB9>10+g>DZ?ZLKJqFL4Wr0Do6Qhe2HcM);y!5$UmN)cax4
zrLFZN*`oVXJ+a@R`v`O)wikwn`fij{Xqz@iEY(r6Oj1#$uuMqxeA;Z=pV^%TzOGm)
zF5^VdjqO*p2NMFoBy<>?+h-l+nBq;u%RwP7yB1>l@2Uyx(X^+7%c8Og7U&k0p!Hk*
z`kgx<`B%LsGd)%2c^AU3JP;6K^M%IyM|s>-cYKV-fWPP9@O3|Q7?FfQ{hsc8)!m&C
zpg^7ke5vh9ZMGc6Kti{C1%yqgFgPnxqc$0JT0_$K`|9LS-%P(t)SmAvHfP0e%jz#+
zj}D>3^Ni_`YW61)ivN1gfRW8G??<=>&rt}o>sWsZ(MvbLrX>fsJCS+yreUBfTAB7d
zlUUX>@7_m7yvINqIJJ54h>kVnwX#r)cv4~2LISP9?1xW3L#PtOxtL^S^EV0H@>CC>
z+kBh}q?cwODQO4t;qyfRQ#fX`3vg4h?qka_T7#^!>AD7zZytx#ar8cVBj!}c@KUAv
zPEFj<kPFo$bQ-TLeu$U@{)29JFjt<lA;bL1C0MkTw+w@WU6q2OgQE@Ke<2Ak2$@X1
z9V+N6Ki>C+xd3DLO{BZHDaN0JKuj7Ozhb=4JXSf8@)QPp>A4`|E`#edD8*r1tznyR
z3<FwX6RWU2_fHhD@78kI(}&fWhL`&4suBH`ObHelPgm6m9N!MR$aw59)q4(BQq73*
zjMI(**r^a@a)<#k>`<;u*)3$GcLz^l3WAc)E&!}~s{tf*(E}3hF|T#I#=|HMLWX<n
z^mq>?=04<5;+d%tTu!4$V+#4w+jR(Bif=0ry*C`!6>_5PJOM)2g`t;nrF;X@qSaIk
zBnut;3$n>*uE()w1`(jEG8XugSVzCsZ_P9}PVkM6CvzI1#JEwi(lQCRsEOT|M2W`}
z5n14f4F1FzCFvU_f%v`{uvbj#C82Kas!>hwF)jLjm+YHI%TtiNKW}EPAn~}NU%6Mp
z&x|D{Mm&}>uTOmi>;N9x>JNtO8G5nk!a7wli<#)JLVhZH75q3EhXgc@L#-0djH`Ti
zTuYFh02g%oDzha|<n)`@8TOk`&yO?-zV2Wm#7UFm84ayfN7H6{y>cQouFADi@6Pf4
zc{TG;JLu5peyor<93fjBojr~k;PeSJQZ5SX^$1G4QZw6u5AEiaUCukYaC4e=_eDCM
z!1W}1Be@6~beK!u)K2D;>u(cPC9Jf1RlY)!KDA+y3Bu`5_tXih(vld=FDB_v)3j!T
z6(XaQ7(40vBzeXQGOM!nLS4Tqtjv+`e=I{BoB%Z?EC^~gYp?4e<zg!z)Mopk0EH}m
zxxcF<bN897LKe{CSH2(oVp{rA6urI#PrpuVoBzkh@ZMr3kx<PsbXaw8B^p8DI-ZOb
zV=oAV+nzwQmy7FN4J*05L^b_w8Jc8Y8c{J9+kB8S&vP*OO*<%d$p?zH2^4Ra8`iP8
zw8>FX)N0fbN>r6Gt@)EkB>i~Y>p;&@nMRmkm8-@hgP^%5o6m_$6W)}N&z}B+9-ob-
zDJL>nHsOkF#|OC|vY{{L=q(f^lubfjr~Osj*MMs%tj1_KG6mQO`WaHJu#3KX68r1^
zI)g+Yj9Q#`RN;tx`t)LE8Mut?K_7kePLf-frJib!-Mb%fLG+?D()(OuG+oz?95awX
zc%Lm?V`A0dz4vL^c*5LOeZJrm=hs2gdU}JRkcpFeaH8CR_I|p8s)Ln|^!<D101!po
z^aE|Zg~u*WL?HlCUEGWxteAjd>LT?$4g(gVA(PI(WdRltLbE4%-rH>Gn0WyVc89ZM
zWMXjZZ9;>k6J}vx*!(f^MS4(dyLhIj$2`+hbb!%&`i+ek8?1G8_1Da71XKbal^@4r
zz}8Nz5~FnGm`nM_mhKDTZ+7x{xPzLR0>bn^>vN!-4^T$rvqwwvnvYEb0t@Mi<-U^g
z{guLcPoXVl;>|w$objMSr?uk0j&2Kd(BEJ=&()QJ=eVMl>?u6@(y71(`iW3U*~MWb
zctq2=L)HFlLl)1p?+*1L0fj(sne6K(3_{!6AusBFNa{-POclCKtjyY<;=7?=u109~
z4rDsa-^Dk*M^E3Ep)PYZUPHL*G)7f1_@OsC>*1b8VXTt4GG($X4>Bx54p%H8C6>H$
zS<yDL{B~3Ua;|(FoMY#Z%>coTv?#?k8GK|#hZ5dP_nlM?0+q7PaGuFqSx;m(-V|lf
z-z8M2EmjYYNtc+F=aG2B7gARI13#E!IXXlkr*GS)IUUqP^R@uOAlzGqjLx*sPKi^T
zOHP?uiuurn26GjGvkxpK5r>vNbLZ-2yng5T1KzWPxjB0Um(usEgyE*Z<2d}}Pq$v5
z9{shEDgCPg+hj@j5^4LHnz8T0Ph%IwH)wV87q-WI`0yP7$JAqbwc>!ay^Pl&n?zK`
z;ZtMPUInX!7#<~*{3Nn=OG6jq`$BWTWx(m{eH;b5lGwnQ`0rvAN00LR&m5UL>4S^n
zY%0<cmlP%PC>b;r_^;+Bo|aiv%x9SoOM)QJMcPDgu}Jehj&awDth#IDxTgxDH&nq-
zC53#xLRm&4Ktq`i&o-t~T-7sXV+gNDM`Ra{0lWQFSF%<Yw|QBm&p_b%s{5mu*sXWj
zPs-C7q~qMj_O{7Y4J4_g5=do?D9>`0W|j0(yVW~Br=5uDFxIHcY@^m54Hn*n>fH1d
zV}BB|^tdJsM0QY=WVpFkM{G1Lo}vWb;iEqn)?138>5R4baW`)m4R%U3n&tY!r#Wv3
zbe(A-hu2be`<6{5Yh+Rg>=egD&4mFepRiN8^j4r|BkIzMq-OsU=G#<-4}*<kc?Z)7
ztlTP*VNG`@9^}!#3QK!b&0^jZc2o&ekzanY)U8*87bkwN5HKb^X6VdbUaJ`Y!1|UU
zz5{^58iD7x7I90>WA=6t>dkg>u0iTeSsA-n-DZsj*#N}->Uqe@zynmk<2e~FmiIEH
zvmdFL;ZHb3Xx&%Ls#XCY)$bOS_1#y(Q)T%TI>x1_k~NZ4Wb6;*C4pPb+40JuyGo|s
zrxX^#W&)0Md+9^Jd!{5k@8k8x#tHvw@`{N=C-i+S)vxOQ2nO#lxmeJo9-Ke?&W#V+
z_5Ip#z7sOi06tRgsgH6=$}XeZ!#c)jDl?{U!db9r(7-A1be^&|{7GKg9paGZMNxE@
zhwwV_<Q!BB2|Z(yG<O+vBzVe+x(trTjld%LW9#}bD2Q9`mbtk@pm4ANAAj^&45m39
zSB`0bnv6BL0JT)MJ>OiA(M6GX^xlAU4F`upFY{KZ_~$KUhgT9MBWjrr+6x-WyknK>
zy=s;HiUKS)!oVA;5uk@2Kjn~BrX+G1u<$C~r|QhUDZni>%+<HG^utl7j5Bs#{Rpa=
zHS_xRKyZ!qbh`)*mlZ$GkEvBx-ZCInMHetM>&GGtj;WK<9rPjlJxB1_LWes1tYe(q
z+-G7@3IP=<Zd1B~iHGAxJi-edMvjoTsL^^w5|}GQgXRL%(~~zdkW@w7^lA+xUzV_n
z#x+rsLBH5S;|zp4xjMZ!7|rqYCyFe`f<kP{%A1~7HruGs%$9X<q#vnJisO=37(U9X
zaM-qRc~t%6YL;rUi<fK=TxPp1C`*F^7~mGn8u4s6SwR5dC&pjwuOK3WiOn5a!JE}l
znr43UpqKAZjdFa-O+KD0{x#i<6iv9~=3a+&Ee6c|UhIpz3{z2>eeYY!Gb+<wtI;xb
zKI7Yg3~7oZG+dHrTZqn`rabmHKtF=rM&Zx}SD7WZ0qgfj@xct#T0OX=V7HHBnt5wO
zJg?^}k*(M7mL#GZ8Fs5Op(JK26&z~(vN)!F8TAvi&(&|@v6$yaDU$WdN<scLX-{}U
zpquoZ+AWq+77hvS`R$E3<CGxwbecdy^t813LK+knKo{C9KUEdJGf|c+q<hNn1Vh);
zCF0JwCe!z4G;|W-4luHNgdyNN9PU6Qu15rNI`?wv`>4*}(<t1^pO53pG?&SWe2)xE
z%WBd<4^>xr)4ey$CA}C*m04p_Sbh|zfi2qsE=2p8&ypPy_iHo_XbCl9p32OslXKBh
zs`zGvh|`ywFFvlWkE@CMVfOw>$$}bzda|sQ5I48!rxq!RB!<HN6hP~c77u^Hjo>vF
zSOb18yRrS9E!2NXtVTHyTa5xvr$6|R@*?zm#Sx(T&HZ&X0aHo3&LDdMyG&wbNk^bJ
zkb%p(tW?=A1zD#T0V?8PR^3Qne?r7N(*65N!OLBtaiVe0-!?U9(1M-qF@L2BFeK)F
zhU_TUktnqGR)n%v(|?f9K)V?WwWxMc3uQ-g88kHRTT4}`-@DzWB<DIFHHF7)wH$ru
z7D<BvI~>WKk{vkiepzS#MogMI7+g9vuPThbai)DEGcJ$X9|4u(^}v<_30M<_S;aw!
zrV`)?#6)i!t|7_~Oq<faQht`BdZMH9M#)LxrNCm6y-IvUj~k)sz=PXd)Nj6nsxA!R
z|0)N(6naay0Kty=gNjKZ9oTN?_c5fbA^{)>B1T=Gf2*uWD#33ag5Xh?AAYHDqip-}
zE`v+)yndhMU-yVc1!yIOJZtyJ4Kg)-Jtm<(*z!dYfQ1X2z=RpD1w)AY+)4`rT7{!L
zcZ!6TKI`7DYAQ`NX7nO|GKn^=v=Il_08Lw0d_G(QNk;}*F%<8p<O(Ld+htTS1wk46
z-r`B=k;2szHp<eEVw%7ed3;ETRF1%Opis@~>k4RT6r`j|6&8GR=vUytXnN84<wFpz
zTY(+q!j(Q93xqQisNp+fOn5{$`G35XNE0S-EIm6~8EzH~=8V%H&TB2*6@&NgP)H;`
z<H~iSi41yU3+_}+67#Yp+0=#B66_4Ak^ZeUKZHJkON&Hln#a8;l|RQ7To~%;3mfqv
zs72ujta65Lbl~|je;w_(FnoN|rtv0(i{=FWz4p#e%Qm*RXpQp#5W9x58eQ|dU)-yo
z74%eMXHMH6YG|u{VjiWLB*enR@(#1VL4-DfuWZLU)>1BlYBA47P@{q|U}H~}uU5|t
z$GpC8@nGC(!g2U{!{zJ#Pn<@Z6&7;Msb!;F0bX%9QuJ8H`H{_?H73!tM8iAtd1#^T
zx8<|=k7^mC%d>JGw~M9q$vCUV^g>trw>2CZ4tMY-2qrRep0o$2J;RegewPrOH<L@V
z{B$70{QA-})o)v;_d4mNUegfmW$Mfye=i)QkW>3+-nQaCwNsv1&!8i#tUhZX(OL{>
zE3W{Z38|nr5z3y<y))U1p(#6NrL14Fa$43(?uN?pdD235f*~sjZ*n7$=Zla#Xnv!)
zt(9xKcZ>W%M`T`yn%0qa0I_hlQ$Fq+!CE|MR>Cd{^uQoQFeZ$AThAIOqSWq*Oq>HV
z1`nZXaXyY1fhH!r7X$`rX@kD^)iWt1W+OAH%+akTq;=0CZI(64nuPYh;qQ0YyE~Mg
zJ8Zpq@B)DITR3#gk{ywFa?Bj>8lykjfgap|J%-~L-xJYge|$wWh`*in<XXuS-#3|h
z1s`Wa?8YV^+%Dis6O@MFYS6uwzl7LQVJZ4nuD#x3y+q)R-1@RBzteKV0N!0gQ;Wkm
zJps^jrH=Wl=L%wD4%xXfxm~&O<@_x5m3_N)Xn2Ibs>o&&JZLbg_~v$rV^)f*#R%92
z)RmBH6Nh25A6(L|Oy}~KaqRIO>bEP=TR9{5Qvgh?lyyv@K7H*R_x(D}d|EGo&|lHn
z9}0$4nZwSCJI`=TX=SZKPC*OCviqW%>Kq6nvBSr=`#L2m)q~A5ar74Y6_y_=j1LYd
zNrwXv21F*Pa>{rK*Ni3FRLeucqZ*duPl53h>xFSho5Fnh(<82MX<YP1t+G|8`ZSNg
z%>%me#hru<nygqf9hxU~?juu}(I)*}o(%O45_u5zwQg8Vs#^&?j_XD^%AYmbzy(ua
z&s#Z;ZdO);v)??wmQ%Nh?3?UcE!aj*9KhKk2XVo~KcaU0#gWN3$83^|<Pt_@x^puX
z=9aE8sG$1^4rkw<hZSPiSL=(?v{p9`85z{a7s9OlNkmToOOPBt+X*FCkVa=zvY#uk
z9Be9^?|qhi7X%VP6@`TV!`^#_MYW~tqRR|o0z^a<6v-e3l94P$4k9_0M9GNcP#_2*
zARr()N+>cVS&*P)$vFy2PLiuYigd<AUA?<od-vLVpL_0k?(IM8M_WbBF~|7E7v2z5
zIR1>hL3%s6GbVQ}EF)7}o>9|Cme5@Fu{$2S_%n&`8}t1t=vB6^25Jbog3+2n3^Jpo
z>P2aG^Y_)nfYl@n*jD>|P0(eRbLoxzP)Y4rmHXhgH6}4Vaqj!uZN0BJ`Rhpz0OKAH
z=&s&>5hO(%&3LLIEOB@0t=9`xB~6R`demDwWyI|xa$5JjjNwYABq%%Hh0q-x>Cdl%
zXE8kr!G5S<q5W@f)*8qoyE$=3e%}6+puhm89=>lF!6@S7t^Y8Jh%pfVR43+fiE|^I
z{ealre*8g-vBRJl^VgmA;@D&(Q~+yOLacO>3n&~LV;h0F3fE|z?azaF80C_VfzxRB
z2S*z>1k`yCl2H4O!$-cr*2CQHwwr2R`#G;-pmx}CgqT~C<the+y+mk)N@4ABbW+Cq
z@e3hrjwhKI)Z*tDY=2GF%5yJ^1He@VNDosK_AuMl=kagnI+BesP799Kc-2*pUi+3<
zmn@ZPGE^+51!o4_mLB7bN3mhgUL^VZxw0oTMxy?^F_LUl^hbcjqGQ>lqjkw^%+9NX
z?T&}~jISKLg?(~pyej}p%caRz({c7=b$x17%cYfbkxScp$VEO{`PB{0hC3;L2N8N;
zObiaOaquBZ>mSA@U+Wt7W#jS(HchH3`8CC4anI>{2oyJc{=_1IiEQh2Fp-UBYtIcL
z(nFC%`+p@m%}4V6v3qVB*L4rhb?wL?`SPucN2&DgE7BtK_FB_{ozFjDv!os@S8VI0
zI?Mss5!D}i?_)2m=++db?aVp<{V+b+4{s^%$6%*}&ERUF0xn9ByIPlGDLK6nQ?^hv
zP}$q@=K$-lDe@je4SwQ0Z{8>cNsVl2>dC2x`XcXUe%@kj)PZ3FX6CqxAy<9${k8gp
zk;yu<8uGt`^F&EOO_eZl*DeEil*TKmv<NG)qkm4sd45d9Z~tN<4nEc+Ua{>&XdL6L
zyq`t>0fL;-0t_5`{*5+Xhhg#~DB>F>KfBG}(NFPsVDtHPV#b14l?J~#+&lxYhHc&e
zZw5B#KViqjL54#1l57*K{+lBpEk2xpvg-j%Tk!RNgpN%^(6PAujAS}Ic9nb9J;q=l
zk@x-L0gxw=e}p_WLy)J(4axoq0P-YKDHjV)N7?sI-P&^?!PPO=^p{{e-(d&;1Z8>*
z9#^SdUAc?cJDM@0)RY~-kJNrH?q7KbTJhFi#%OlmOj!z<e|(lK+V@$qD#60VOE+7U
zTRcMgZ9R<$ePccxz6}82y7^B4E?x-0^^iGh4wO(Ny(2}@pwP<xQE0u8_{CFzAoW+)
zmep}=m-YT)``}>CU}jfW7pgt*g^9WCnnfGMjb8)p4ol-n!hb@tT?OO(|DC_|ce?=W
zNT=g}7fis=gx>cLLiXtwa1sHLs7x=HST1NRf<5fKPerZa>HlmS{hY6y1M&A2`z003
zaXr-O1<PSD#P8_)|KG}gJe$8c%8jzT28wV6&<02vL$!etPy1(K^2?)K_t*aUZ%#fL
z0C#!)6L|41xcYt>D1P_Pul{C>i2ZU$z5nFAQ7f5y2ZE%gLy%NH?%T<^ZS{qmuHK!2
z3RUOPrvQ%5c(rw;Bnq6;!tbY4|CfgvG!lLhYx;bmeH<mG?f)vYOG_t8<B?;Ie*0B#
zvS6BjjJGP#tfTMdJ<A;c)m=xVVznP=)V(%d{a2@f%D9;<fYHT^Rp|tl%MyavF8pYU
z{e_dia0oK>{>S%p5qeMh&yqufKtT7Zv`+y6-5J8LvViVm!`*)hfoxFQrS+b2H=%d5
z^qW#E4iK3Y{#9g#QeAC1M+*zpue|_Fr8FxpE*_)1=<~28zWjH?(!UfHGFflh*l$`y
zv}~&XQzYR8kwjVGXkSS%D`?!qH9Jm3z^|H}1iu%wV-}*=PwCMbF$k*ZIvc&6i7~GM
z-pS+<nr4}AK(*`(39{#asltu(*JQWi=Qg0W1|%I|Q+ntCy*28XXhL##Hj!fE9S}ZR
zts$*?G#B(b^&D_vMVtepuK@$d`V{5^6lB(D>|u~w@pvnH#|tDMG-L;2EK14;bFy2<
zmjRRu$7u%g(epr7OnvLl06!_S`UT*%99fS{*!eWuk47#rIs@xW3P=|TT?_gf@?ndR
zo<J37iU25S{%Qkv6<bbGw={O?6ou1+Z$K;O3gQ4vZO_Uu=Zhi96`HTJ5(^SQvnU@R
zhrnIDqG4NOuDcO)$TT{Vs0)&!yAn|MmD>=x#9AYZu-Vkr0GR;i_nq*Dv4;xp0OCl3
zwgewQoq1>&#-1sB*m2JH>SM`4;NUyDM9jGlOqK~Cn98ITk?|%Ni~6Z{IUax&Wa0;a
zH@!X;wfIM)d;<Wj6!Zq@%liWBo37CVFc3E4!F1l8EID*!nxcW(?6E#u?Yw*52UL3O
z%%z_m>j5Qjn-Jh2n}`P?P$o-y6odr$$MF>&?PcAj0H)lBFer<C$b8r7(<FtOikeBO
z#8E!d#I1_idQAXlc<2)ha8<-vpp3B2ss60eaZ2dhhoBu`r-wcV##BPdpHGl#-`j#T
z1!|xo3Brq*guUMZ6WHpiy<BUg`5xbXHe!zv@}$68K6USIv$yF)UJ-MR7nFInSNLUr
zXXQK*6INpu--FNEeqXa|+iHcf@GLIBC+bYOP|>L)cy<clpe<|2NhpAdMI7L%55ZI5
zn7v_CA{K==eg&IPu0$0U1f0rO<7WBO`)2Z%((u{m1A8FlEPRPmdtV<45m4efeQSU)
z2N_UQ>v((h*<Q<A*LzBa{4-GoHRs(|pC-l1?hP-HfY5WgB=h>cP}Y>#3CtBp`^*QZ
zgO#`sf_dqvHtFKEL|TRNZDz8~4lmIDx(OW9Z;b~acJ-aQ!xD;`n)U$p@QnZI;^bKf
z9kDe1p7I@8n5U!v$s2!o=0UZWxpGf8A;>TF07m{Wzm)L-cmE5eUNri&4`}-xP@Gjj
zE-2MP4VTNvBum`%;tTe6JjfS&a?^cp9TCHt(z)(fF?nt6GTqHq6UIPP|Mk`viE5Sm
z1H9V+0&*5~*Is`8OnMajV7{adASHw~bxQ<mP}>89fN(Yu)U9^5IysJRG5qs0g@#c+
z(V&A`4H>gPPwA76a{l6ZYGQUC)OVL4N?p>1aIi|aRYPi4RTs<g>z&acBZ()IdkEm|
zHR9YqUdAmFW93u4#-bN>nWvl}6U7NH(wH0=7cNb;x_vX{6>V!Aa&yRrF*3*!xWb4Q
z1M;Fauvv?{TFmDFKx{lJPoGB%9!ZNyzytqu?g1E>I={z6Mud7tTjd3qeon95umZb9
zBWfGaFI5s<K1oM)@ht2_K4xM#P!!tek(;?XZ!Alz1ls|}@hOyOe|W@FOalEv+P`fV
zu=YW#z|vXjTa$z!5rS!G3PS1NN;2K<$FOcdmfddHY($_hKbf9!_1<QHqJ&s0#=W23
z@tHRn_^vVM`*&B4OJ6kByrv>mBg;KduiD6#v-$mpl|hKZci@ci@B^q*XahQyjUlrd
zbK>X)6Iv)Yy{9Ex8nNoG`srmr<;|FrAtW6UW!`^}iLD1oM;u5xR7s65eNxHR_kJFI
z#Rn6a3gK0+g5Dj)SWw9Un0<&a`DokssfctG`-f3IDj9Xq;@&nat!WioEDmCH&QYaR
z^uVMCpovHq6?%%l>N8gZuo*8s!f&QNJMM8a19k~O*9=Ee3y260?I5nnc7#)F_#tym
z`d$GQ0ro0P)eG~}L!ZiQZ{DFPQ#rUuTLmb&S|kDdSsl{dIV44xbUeDHtyk&%G!{jQ
zTTFpSuxEp-%b7wla2W_u60)>%`>UErV?h4PD@CvE0nF1i4g{jwi*YD#Q%BE-WI=E{
z%x}|vyv9dld<AGf?&zyXzpMbQ*}m+)X7PUA1OxGp_M9^@M`>8hbMnOpohAcQnkM0%
z8fl=x<;ZUwPY0pw0P<ILPum$pHWRDmlo}l52=&%Qei$`)&0}{>hvq<~+a&iva`K}C
zd8ymsrFUn6oFR)AV!n|tJ-=&hQT<h?)@1tDIPhGU$vd59AheiMII#>7>;a7ER!$bG
z5rQeQc}dOA0Z8CF%5t87Cbkk-ntP3LUnvDQh~Vhe#6>l`>GR##ZvZ6h4xx=Nt#v8m
z#V5M-X0a%^4)?^k&2%JE=7C1w<uy8Y%@CQ{N#GnkRwNp-)VpZoz|=Y?fB{ej-k=Xq
zv#~=+$C@KA;_JJCscJsjN(ro>qGDAr$G8)no;ZGcadQ}zm9p;c1nIzMB^QCNt(?t|
zEn;~A^HszG9zDp)S-!?PDW%8Q{ob;4Te!0#q@)RV2%$gd@YrV`4tH#OXO)o$>1pCD
ziu+Wt=F4J&GB~V8lKdRI*vhHBdH#VNB%s{kL!+IAM1%aoVvj4Nm60SyX&d5xukCMj
zZKs;26X6yL#TwIGx~U={6l8@i2yh6$*!2@fiqJ$~vgafcwX7>SOZphAUqsn&@LppA
z)AYw9b63)BI_>3WtMWE*pIV8x6bxm%xiIdf?(=T<DkpBRsK|em-f6PMYo&&O)KV#x
zbNN)Q%+0CyWxzEW|D7*a_HNS$IA7U&5HA+<UbDb?rMOWrmUk&t9UV=w*Q&z+K|OJv
zac|;JI(7ybX-1$;M#pUl{HtV3bUBmBy8#fE-(Att4AVslexbc~o+|ejF14`@_7Si=
z8*lkuR+cnEF4OeQ89E{FUw>j}oR3^9tz5DkAJ*)ihTs?hUs>2Bm~eBn?6CMCxooXU
zkUu!ozo}rk^_gj0hTH$j21NFD^viBEaYp!EFIQ|2z-8^(#W_ctAQS|*r|A8sv8m{A
zJaz5_Mlh6_N{2eO0&4fmgK;RsnlVzdJzVy4w$V4va4FSd7j>6ObNBMsAx~1tlPfZA
zjrRJXrQdy$ZJthzbr^k=K~H&?Nko!65@a{#DTs2umt(Nc`<ta&v<dy^ToMBkM|l8B
zlsvXMV`JQ7f7ZiLH&wkrLFXpGDj}E)M$c$gX>ThiYr?<G?<E;1htNOBE`-;n9CS+x
zVn0U2L=3*38m2V_&7v|~`eLAWei6nc4k%2Nk7LK~F8GT5F^b8?fFX#zW{Xkw^M|;7
zbGlZ3fO)pDuY@LXHi*FNc0J-OI$T0vxZwe<i%#!yn1DwiDppt5V-Gu?Lb+$6^WJP&
z-Su?_e{N`G9uC!)OU;sH0x#YbM>yOP*&jdep{_7#rmjiC)b@^uyXf1)M4G*C%$=?x
z*-uSR=c-Y+O7esVTTVmPJ_~675~);k`*zgIo$W>2`a0pt&1MkdKPGjkg{x-!54p#;
zbMC~IES9tr=GLThRU~g!U7~yGlzh93EuRl7*td1cPhFRgo2_W;#q3i6SDAx>ycZKW
z`=;+1Xcs+)+KvJs=beA5V{|0@b{`?5^$YhQ`D*V9ke>!}%Z@S&<-kgCp_$1rahTHw
zf*QyIE(M0k&IyM|3iG5p@-@Jmxex7oIuW4WghQzPSMM46kBTiux)i^L1^ahPTDKM}
zX!bhZ8i^wv{W{;0?H+DkT<u;~1PcXwu!sepRUbuuC0hb{kNR$m5S0)Ya;+a$?az3j
z1BkEEs%FRL0=+RF%NnFrjcmDM2tHpwl%{s&u!RpAOoUc3GwH)aIQ!M$S(0&DplQ6I
zB8Nhk5A8!U^k6yx%APf+dL~^$-L3M0dWZXZsIf;&e#Z%X$~0@tEW_R>!<I}#I$z}(
zLqo8}xih2Q2tdKdZg~%@9ksxBR<(PYg7C~uTqnG<E%~)*qjh%#$SEl9mBd80%Z*-k
znudf_1!`#IaEu2)DHmN8&`xkII9bh(S(U@xL9n?$`+**IIK`^u>wr!CK#b^1Qp?Ch
z|904@I%+oP>-^b*1}W~ya@F}gGyTZT@GtM08MEsU?MgHLyGqBC!gYfS!&t)t{3p<e
zHJXz7O8r?soKiSzN{0|W3DG5GYFWt#teauZ9S!~k9>kR_W?LT<sx^ABk^Y*)0Lr|G
z#vb#md#IBw=hP+c7d}4=cNvotiwb$m7t#@`D@1T{DA}};c4nb6Z!v-D0d;~pCOxkW
z@|_V_rz0_5cx0wfR4tf&(Z@LP=I}lwZA`(NLP<b9H)M|(!BWTyrBFZCveUYwM=La7
zw`YOnwHy%5{c6~lR)XE88@B)ecdTHx5Kv{?N`5KW#ikff<c=xRhYw6ZwbS!hcd`7f
zeANe^KoZs(2xbZo{2^G7{}EDM0Wcgo_H#G{QUw6-@V-}lp>kGW#k64Frz&R&0J7Ey
zo^Q42l_%C<vGunCnL8sZfPWTue>O}JQi5ExEFw0h)j~IDF-Z@hT^8P<NYW5j?ZZ;%
zd2pgE`3?TlqMhc&i5&<|p%pfrs*;hb>{$}r;zai>%6;9B^r1(~^A$rL8TL5YEmw`7
zwa$?6o@$9$e0G=WDf|nhL1KfG&dI0;m>I>WO~}v(2dj%I!JxP+Gffpn4Ye)?qeSQz
z8gW_AUqLK@uIhm*luWL_1UHB$dRU2`^Iyf;<?d%LW%4A?!(u`W5Jlms%G|B095liu
z1T1f_$4t3`40U*h-b(U~Qde0nxo)gJO{^HFAH8aKNn3<qmVg{VAytU9*Imu~l%tOr
z^hIY)n`O9ph;;43jNm<m7sK_vo{gnnVt}@vWomG_UQz5Fzdz<VMHKa~q!dBbrW~O?
z(Un^hG=ac@%u<Qou96pMN1JW5kyB-j4d6IO{PFo*Mi*^Lh>b7uVv|WLn_>cwJ}8eX
zwpy@5a*k)5))OBPhl|fOD8UK&B`A@0d(SEdwk-C(gwc)alDhJGgw4bx4DV<SxaSXS
z8xGjT$C|Qm`cYrvWY^H6wXBHk2-S{?ZhGiB9Qx!|ml(XJEDvc)9S0hEF*#J8(o}xZ
zEUk0wy6)u(8FT!d=6?4X6C`uC7ERORFO`<Iu=PksMSq<wf)CF(QX*Lf9f`0S1De+g
zrCCZo_P0f)T2QajXDRfI<;=yo%-;D-hNc<LTa<BW;})U-70N!CUmVRI>-?z&fI5)%
z%@l_cX{H~Ev>fFZMuH}`LOjvEtUPkAcg`)>Ff=k$0Z7ljO-$qphL(O*tw#nkEeB8b
zoR&AG19$M4a%V_q5-fPrh<_<;t0ER=HRfJm?|LlMoowLZIX`h{9y>k~fZu0&EnRNS
zLL}xpEQEi@KO$r>sfkFY(`00$5$vU2(R~^vZVvsdWY_`jeoRD>!fD%5$%tOT=qePq
z8K6<*x_@{Tr9UCfNFn9j-Afq`N(HPUMmkuogEP;RBN~pJS2MFInaJ<q^5eY3*)J6p
z;xU~5D!n8#Rmq5BudeQiGM=I?`A)ry8+z?v{uNyAZ0C;3tS;IMKKx9el$^e@A2t_r
z`XL;@gl2WVp+SrdD-=%@MN3*df3I03e`oof7AIRXtq`JEvFiv|?tKF~8>O^?NejAG
zNj&xt`2oVw%QNsEGmP%NOwlMQ_$|L|zJZH6dT9e&IelS*4z4<1r+4K>S`uY)A|w})
zCsVr|_~^pP;c2J!jFS^j%wr`IZE-I++4zi-wt|vbY0BqtDWU%7ht(3>Two}8NE(h%
z7+w>Ye50p3o3*E9wg@N!&gNp71X%WjA0)rBT$$O>sY%PrXUuf6w4YNfbHYTYQt9;^
zpECIZ7(c8=&`8F}#5Y+Vyz6HSKZ~XtP%FzIqZ5G)QF^R6?bH-dvti$pf|%(>tY8<-
zuk6PzM~+=U5t8P5N9!)A?3EPU&nCwfS<i1+RlQBy2mi4a?vAAd;E6LFxiWqyw}u`j
znn>F|r?>VMBM;|K7vm7bb$H{A#x2rT>agjFBU&pfZkWb8dj~DZ?Zk{7Pu~I8RT!bM
z-Q8umN+tDo>#P})>Y?vbsR%z(UB3T;)k=0hZT6LSM7+Z=gZxH8rhcYV#MeuS3oVs<
z>z@Ky!{m?Mr+)5!q+}|kJR);ty~~LqS)9rg=e}l@+%1?k`!>|w9H$N5ux7P@!eT2N
zZ-+!DIn*kyUXa9JS;FP1p}x8c`#_L$^W7e`ui{KgVeLD9Gu>cMr`CvO+e%4UF6||-
zvsrDY<cE&d!8f8MgUA3zWsFh|-EAAtU5Il*c4!LB8-P;Lu7cKfAGIVm<;?h)vHKC=
z<ORG_yU{9(DZGw^fl_`&o%(1SPbyV4%6>sJ^z`L1jQmpeiWHHO98X(ErLIpjCWf!8
z!}Jc<O4s8Nr&&dpC1N3k9GTD7IQLNT>l&`Opwtc{5(WMrrx-v9P}Tgtxm?i6W&RIE
zdSe_fxwDF1Hesh+*i0Ccw&uo%T=nC38Q%_;$Oq5&#;MlG!mta*LyuETVti+wIck+}
zPxNQySy>4eS##IOW|zx8GVSyIlt=Cw(BD)#v?yOAdu96zT;GI~ac?*~*_0>ZLg7Fa
z0E@0IblbmIHJq<wxW-NpqG0VLxaxVnZr;6t0~wdWnu4?sGxpO^Vv}VO8uB+KTIR49
zfp3#sTuVvLbX`!$4i(2YVf22?hhbDNGGh`brN%7K(gj}WDiYT*u&ZFi^&yfy8^oy+
z*VX4pk+FHN5leC=7LD5W8Y3=N+^Llm51I5(Bet20dg2qW;35lUkH=G$c<Lp=Vf*TI
ztL;Ebr{z9cx8rkBo>hVj-hE6sYH+B`$SZpj2Bh2TVU_!Kwyo=IdT+_~#P^p3&jUP^
z%XXaV=k8>~em>egDW}M&SEmbRMwXqX!cMc4D5OhR$Ec+v2hSbBlMMnW3fe}?@~=K1
zf0P6r=fnK54{Gr^;pxOyy_qA0?@WKDVtXa5h|teXEu(0S5L##e((@iJ9Hm6YE}7hW
z)0%$wHV{4=`>E(VNE;dC#%ykt@T~j1oO?DxN~<qier4fVaYUQEEp7_gW&Y07l7tQ1
z9H@aR7k&SM17#Bv61GY3uTFF>NR)`a9C#KXt1?DKvO|?X`-Q|{I%=)i&^y`=P7co)
z;t=+W;qy?&m{(f~D%&M!J(iW@Y~45tPnS3_HA}S0QkJD&QhDQ4v;e2*&SbyD@NmMv
zoqP21;;??16^Fg((XiyGi*2b?%OyuuN?VH)<;FX0<<wli8c>cD{sCG^QXOd=ltIJt
zGQh`b_!OLW9yuX*WDzS6TVl`w-hstC3Rh6QmRHO+)1_<$3R*LZvTTua>CwjXr5ns+
zoRcKUDz|8w!mqbt)_HSPQZbVO`y6|Ga$**fd}Mm!El*@Flyv)L?s9N;J)RqK=NJ9s
zsM6i<qi<F0;NUl^GtRwQ373Q`S1p`Ze%&$$BL~3V_I;CfYwz|$?zMS-j6AouZvFRg
z#t}U8B)h2Dc@hgR=>|uT)N<4$wai`fniAa(U?f#;_7N*p7yu-E3PL5^LaCm>RbfPW
zBVK(h!S0G5N=n1TwLCFFK|HF9Qzjc<V_kdn9s?}wmQ6MT>AduP(}Q8THARnZhT{>G
zdO+I8u8%}(;?tM`-z8%E@CO>aF3jh}8Ba3aejjR$LMqsvn18#jztm)<6yPGz4o<0=
z!cDhzK^2--6aUaU2Cdh!A^JpR>#*X=s)rkseT!Bg9(N$nIzt%2&@W~mliL(l9PyQ}
zoYx|=7z7gQ`lxtTi^e!XRN{0l>h?z=<oRhO50}8h#GyeZIlJy26VW~D3P!>=_yZvP
zb~lyE>sJ=H0Z=3>52(_~t}YU3i2^pRGC*AaVB;PNapYQ<Mxl}OU0M7k+NqHiXcZk}
zYk=&(Z;i`#dDlmkbAI079V|H$beChvFD#|Qf+AknB@?p8H0ViP?lBD4^(Zfv3kPPg
zh;+>;Ldx8)detQffI@uBLqkf9JD*Kyj9BZjrrx$G)t6U$03f~uV-sOImziO8izFBC
zVz`@hG%C~Ns><Uo+AComv|deygyNYGLQd0uv|7u=y(Xt3Hr`m;HrH_tmk{5PwClS6
zg=<OfD>J27d1xp~iykKta+bDNy|URkO{|7d`uQ!wER~Qs+O=Ct=IF-g)2yb;bl49;
zG?uUxEtQ%VR2Mie`KJ;cBMFd~-WgnU<;rbIaJ1F=irp<PS#RXfmr<JHIIGCy9Gw)O
zpaA$r(=*Pk1{7gx*HS7i0CQ8ESgtJ}WO}-S1RQ-`s6QChLMsn)_Z)%&9y@G1t{=lb
zJy=k|eMO<N1Bm^P;>L$LN2^kLxqB1r*lA6Jq8$?PO)L3<RM5%0VEXWMT-%HZVnxdS
zWJNLp<n-fKZ>LE+fc&e6<>rdwx+`F~+lJhM4#%h?B4m|2-Z6lmwRC65#opjyk0ZvY
zSj9^L?J??Rv#}YL3*OH*cHKzZjbu7$BKPG*ZrRn(hkM@s0topxl1R*e)do{!!s9Y}
zL*05YLO7*~3U#<cH6IhHKaEPs)$=y#=MIY2pRd;s%00LGhSjd#TpU=(AY=SdS*qM|
zy5|UU2gCD%Qpp{1twP5#7((Ai#I?QSQPdOPNyj%T7Asj7oLA=v{1|#AedSvG0K}2C
z&|GP>vroZX>9uOUS8gWFN0M`xU!^Ls%dR$Wn|^!@7tK7ww~cPt1|FNwWoSou!zEm>
zxP-P~HFQt@C}`BD@I>xlUG`_N^TmR*x14jWx@k<H&Y@f$IPn~7MPj0Ih}MAi&x}6N
zfNqJvQqTBz$22WGo!?0sEzTaD)k70PZ$}Vx3-wbY8<JImGQr)f{8pY=bat}C929D+
zP$K0tLsR^mRjJ#g7Z>^i#|M}?#o_w3Ux(Q5Y@>;0O=CP!a&u}AZUyHcW_yy$22N9!
zWRgV0iVBwF=ck!sX%v{42hT?K-I&4oC~zYoHT>wwxPz^#t;#j~a?PMKVYyqNnV1K=
zk>m2}lOjU9Cpq@Sp7a4wg=fzJ9Y?I3rrtQ{cm|-g_U>yswkOPq4?i}V<FRCzXw9Y5
zqXkH8Yy#*8bL!d1kBOb>8feR`%iT4mc1&P|E)rc}9V(I?m{Alk5%pD>wlDVd)AFv!
z=hwTg-<n^b^Z(N6oVl?Bfd3}a-(uy<^7n2f`d32OZzM;RbZ^Y1l>ui<g>+R@*<x82
zK^6E%_gh1mVwbd3q*oMVymQJQ>xqnzAd_N+!W|TEbluoa-wGR3GnG<Xx$PPw)MycL
zW>7bqvRtEx|Ay(Sr`vPL41?177xVrwaIfD1rIoOaQpj8~IZl~hsrO~xYc6{fD7cU^
z8>FUJIol*=i>1*kL+VnS=#fQz*sOKGp<CIb@tX3a<i!H2fo>``N$zpl7}RX2w+P%Z
z)2YViI2Y1NL)2(RV5se(6pX48hst2XAKd&DaQz)%R83ywnzrvzrVI!0z8ESLgD>Mm
z#>Nnn>2c}uf*wP`bWU2@VVA_k`HLnneN-%48DNYo@|G+62KBT60JVBo1cW(u90bE-
zPloHlb*&eLuO%}=wDla&?uV4AxRAVR8en44bffJU;n`vjTqq5j0pLLs0O?Ij?Y0jk
z^Q0!zE^lH5bF-2WHA^yCq7C8J;()XxmAEhv$v|umj`e(?4GR=yV^T!-RC`~jCTf^v
zrg>FW%(q0~Vh_Bs5yDuR41d+j-DmUGDd%WECEtW70^RhKZLfjuW}5-#1L%XRk_Nc!
z-A>qV&bFdY7Dkj~rxlr~8BU9~+|4%8mi_en<SY~b%(5b@7EbnCao8QpBzKe(>AXlK
zSIa7rMG9VlY>Khn(=6DEzjW8xHmK8pN`3Flatb~~@967~%OJOo-@0-te&otxk*qS{
z$|dET)uOtStJbj*YbIyfU35dP_9cB%rlNyYHhLnXf>V_PE;*S7I(F^kqfI(C^&~b%
zu+dJfu6>8Q<|V4Z<zvIAWoA;?WPGj<^&EfWGAjKE{D3JsMGbqY2Pzjm$98BxO${(^
zZ#|A%@+Olj90Wa(J~3vZV;Iee7kRwW{T4klQ};l_s6=U8WVWJ?EHG0V26m3;20C_8
zA3cliu~6zw^M>pAVv)kLFU8b}$BTi6LTVTNFv>g!wP5DIlnCZAD08n8S1=Arq^Wej
zlsX`Zy*vAgN*r>VxvnQYQBo%gmz)>Kok#Og_AL6-@n^DxI}oyK;=Qk9LC!E`-P3P@
zTF_11p)w%(Q$7$AO7D5jf)u2D+;oF&LSZu5a`RZo!X}u5HHhsnUQr*AA*qB>KbgOb
z-5Vbs-nwz^-EmhExsRf8e)Qi?c{0#}jl>|KZFdaZ1!on0-UWA|9ES~X@|kMEluz}5
zbKvWCN>!Z6wk~pBDq#K6T*Hw2S^3hm4y=*%jiyVAJ@Qdq?qRuV)!hp%D(_+?kmKEQ
znl4YH+!f__a%WBDU%16q%HRFcW*l5T-h~M*I@_YAFSt3#vWu8SKc1bFad?+JspLU@
zu9!)Qp%v4uwwIg>!_v;BH70G`>$=DYC@kf#Rh50@RQ$vF4jzx+V=4d8byg~SLsyZf
zSwO#<Spk&$<e4uY;M*B(`MWRm?Z}AAW>Xzeus1U*E=qM4y#G#Mz&UlTw=JhV*J0(>
zNF&9@mXE5^$D3t#1_|<o-GeLD2m7k<9s`%B{Y5vNZ)}ziwWC!kuR_s7F1?36G_N;N
z`ct1W&nUeb18Aiv&OX7nFXtV=-sfJbta!M1Dn{UAqtK|u0DQ=W*Q1AT$(h0iwb75V
z`6!_u&<=;_n~M&}{!P2)cu)!sIB%!d3(DM2{OEQmL%#2I#}wvmcgfeX<0iS+Q@hXW
z(Y8ezS`HfE#w<ZE1Y@fi@=m%cfx?^*RbG+{Xy0p%*A=3qoV5^3T@7Mrtl+?oh+@@}
ze;vzGDIky(+Zq6tS0^NZhryqEsrnRD74QG-N(ZDjd!2A>lz7}Kc18pdieV~uC+uB+
zKOaenJkkZT!QC$c)2zUimwO)2Ojr4o9AUFHipE{?kIv8<Qzs8FS(1}Q=`O~&W4qag
zU~>hF1hH1Pi_f5a9Ac~6Ns!S4i6qFip2wB`f@~rmOQwUN0bJ{mlnfFkvy~^u&f$$%
zS0g#n5a+azWD2zh8yOVYYSlQim;fu|?)>|%(oM``x_Bi^*1^Pt#ugt9M%04mBi*e1
z{oQCs)a1zSMODx+tLR+0Giqo7NbW8};jFem8>5cxWi?ea^`lhyz;QTPJTOUHlc}^M
z7TRmhqraj>)>JZ-LS=rDH-)X#rgI10Gj);I0SGWR?iE`m_e}PR<CxH33|Tuuf|Z!{
zAyPwmg|rh?9@sG#8n->pzJ~~}r6<X>WA@*_zz#2-dsd}GaRohLhm*Zy!yxx6Cxa{Z
zMR!&Py4f}a7Rl6Q1*t=<45$udeWZ8@77N)2n_q~GFD!SbPnP4Z2mN$-g`aA#(z|)*
zdA8Db`Euz8lDlD-jo_lmR8`8%kuNQKQu5f!_tmMD6W+TNtPB;MbscN7?{Whzz}$1L
zuij>FG@-sk>&%8HFJs(03%=sqUcSBI+3cT(Pc)3tE!Zk<xbKC6doS3Etgu-#Du5WX
zhhu*EHpjd$&o+}jd!JELit4`0o-}%BiORS;JZxPhx=t!NBJWg#1lM$ZXp&i%(^5NP
zJ6m?jR+I2;^IoVsYLO@0P}?AL1x6%Hf{$90k>NH7#bqP>SNmLV+~V`Fi^IvkB52K|
z?0}kqL;!K+;e1ZZ5=t%Ae})sr)?WAPace+$FQ~wj@0l3kXy+}U8<P7;`&|`=DMv#|
z!OnI>s`C+(%?l7jl(OvjaYikwQ;)LHvAsc66<MFl@#X4M%avm3$_cwLbnvEBUW?(c
z-95BOHnmrQ>RNct3MBI5?ZivjW7W7cWyC(`C24)Wa5%Ruj?)P!I5`r}m6&Pm_41<T
zJ#xK+Rd-4XvIVv3Ge*xUXYbilEQ;rjY>X{*?dXQk45Kj{QpkSglYX>BxwMaSW11&>
zcN7OM=m=R3r>|WrY4odlsCDhL7&-vVs5Uk^Z>g@BPAi377V6qc4?+x3-ulSjmH!o6
zNG%j0kFE#Nx6&Hx%nELxETPYNi)ndEjQ*;oG|y&soY8ckL^btv@tAkX?(p%eSfS&i
z-Hc9JIYJayzI|@|8YO_UC2=2xgwl#fN`{LqcN^1oaWhD@EemJZZ)(%KQDxbx^?2F0
zov%Z{&~ReONZ4j_IOEFoYk$-6ItD?;j|j88#Rt8flMtl{k`@BWpuMQueW?Sy>~1Qw
z!8f75u6fk|XxA$a5;?kpzE@dGB)NYAr9D3YY+dV@=*V8G8d<3n#YJfJ`a@jh#t$vD
zjD#nlcbKHb;rPh#o+m#U8Gjr%rUDbQ);dM&tL!zhPvL|eP)Ya-fChm!BlzWq5}JL)
zos4YK%;gPN%)P-ZHjX;1?>xT1&u2)Y0?|$Rc-2c|kQb5REsC?ei4s8mkZaVZHER5O
zlEEKG(;y)j)0?*k_kmbQgkxhr_>&_L`1q{ev)`yq*8N7z@_E$S<$uDyod!?zm&7aq
z!o%$rioBu0xSl02D2U76(ojq*HsGQ8X2z|~#jlY&tK}|0`K&KkMCtrv&otA?6c_-^
z11-(J_~#E5K4)5oeuEUh3Q2<2w*gEx{~yj9WuS8~U=D_toZb*{^nXAk6ClffE%5k%
z#n=CrBtGf&#aoQ5zpD8Blrs2}q{2uG&fWiBK}`Ty`nBX_F;IxLtK<ExM65n);z-6@
zXK(QPu3HO|s;@7(EN%ZQ4cz~CX}tm&L3D4D9t3>thJddF;^IZcWlkl=!J6fY534`<
z4)g)l+)Vc~F)l9&nB~YRk>mf9PxpUBMG{2Izp7;WS41lR$G-l%#A7@eP|tqH!N)h;
zTO2}YX~~k1J9P6mcs3yMagAWv-+GnTmTU7bNgC6(GOG*!S}ygsM<b_s>Q@4#zkR2_
z(Lep=ePMj~j(!E${~ZGVH*oA<!qWeRMD<@hp8pj!R_NmV3!J6ju~m3~1-Sp8d$M1P
zOha-Xe}SHGsJ!~`Q=!c9*uiW3pUDy+j#4YcQA&e2N_qbVM+soQ^M+&DfX($^K0JSM
zQEIbf|I!Zli`<pp(3^g_VE{J^WJbTDH~sSD{1>QPzoxT%4{oDSaJ$0^1-G*QJh(w&
z+bh>{!s%e|;4CmxdEhkn+P4;DxkN9F7Apt8C(2<rl3?)wVW<wY1M6!;Wmw1}G>qpb
zs)X0eSffLXC_&>GMRfVuqD!X1T_B7uVa&QG8bx+yHc#s#(B^>T!=t0#Jounf%qU*-
zeS+)y>WNqskP$20bQF^PPQDdA+H$K@RvieJCaWvyaVPV1%!-EJ6dnP*Qo9@Xn(Zs?
z5<nP4dZS7_@Yt1F9BYbaj|QlD{>j37GvqKE@8}EUFiNeo%`$0ffl#Z;4%WeM7*-bG
z%m3odaue|(-FMFKiC{Jb@X*tIHF0+waO$rEJ<+FFTm-_s><zHO>_wbk$4?}9nkuIS
z{cWmy3--v%m%|K<FN>Ql;GVOx+gs47*n$!x{3jRF>3E~1f2hXW)pn=5*IPiNo*aDF
z5Pd_@Sir4A{Zv+!<J8@N7=bLFtKZQlCTddCG_Ci9cdVANs@#;R1b;@B<{s7_8TFQ!
zja@dS@1TmR6_aSHzzHU>YSDi_B5U2%+ohkYSZ9K}NImu#vv*HkJbWTh+^oAXn88Ch
z{57?W!oyL!S8}<wwKLqm&L06YF9CdI8y!lnP%!x_AzZZfAT-9c6wVGqazmXz*mcH=
zUN|_WWMuhy@(Ut4AR#Ipz^8X;J>l7m4<PO}Q7?5STC=kA_>Dr?-B^?bd+h*eFY3ne
zllD54;&DL8Xfgwf?f^nY21AiC&^Pz~?VEvofa@;FB}HRJE_LW#zY>36RmW6r1E9Ro
zq04J!tTgJG7XioiiOhow1NNokHG$woyFEd@bp<c_j8k$Sc+sWRKUP7OT|{P%CmgXF
zt2IS(sB(gle(xQYDT&uQD~e93-G>&OR{jAadXacVj?5M0&DA9lR(KF!%y<2S<e$md
zFs`EAz3e<Xo9+p#(%xkb>~&K07%o9v&5s|B61n$!0gzC%IC4sco0SsKNnN))zHe31
zqs?-U7IPiz7y-qguS(8z!uEBfq8<Wz8DVs+Dg)S$TNyZkk8I$3m4}W2D(n0mOYjhr
zMBj<VyvA3K7a#2b(0EEUgr;el4NZA|_`}1Ua__dM55bCmHYYIfzHO6+a>s;s__*Io
zJ$LxsH(5!*cVkmuR01+q1CMeafp>IPQ>h6cGVpUl$BgxET`P~sTG{xs*vSB3u^mp6
zUr9^=DJ^+=;hTKyi?yZ*c5!Pp=%3@|i0$z4Iu)A-N^^EE;cE0^?YTf8a3bhciKWy-
zal0cw-vQP5$)CTt0e{T#^Pb)ZuRD;LIGNh!>f7&?r)L4a3A_@}kAUH)d;J>#RLAsc
z2$H(gG#&~d<3y7Z2e4Ik88tvZDD#5*5jjAvXT>umee6jyYTWUYra0Nltc?UtVR+IM
zQs4L8_{~RvXK|8dajDUcR*>|W_3k_y*vxx)n2mD5uXbQg_4VeU)&Zfh%jCdTC8YN7
zolXsqhH*(o?sW5LM{zxfVaj^-IJ1VKkZS*=tsYN9oGzHN_rwYdfd`iNe;%zz`C$wf
z%-Ta<U9}Pqrd^OZ2Sk~Uw(;T~bCS6b1{7xmrer#tUwmh`3OgUSyEcH;9<b5raAj~~
z!H5PUA^tkX7y8P*c}4qTklpcZ(iFX5RjQ$<MmC*@FjU&h{IPvoc_0=9>YE`T806Sa
z;UDhcGnAh0IvqPI9jk<?jnFn|rh1Qca^wFV&=ndR8q|W@JY*?;ItGY#d|cnaISFtA
z-6zzu#Z+^Mi$itz{!^ZlRn~IH7v`(=y~wxukjQqo%@cayIN|EN*}bfXF_SZ^&?c7U
zJ(AZr`TQdr`*b=GgSrm*<otgVJb>2lI;q==?4gCngKv14MVB$O%d_C?0?)vT-n#^S
zcv1v-a<sRIY@O6I?yS301f)w6-u?NQA}rs=qP?NI6R1hd4PYw}*fW$OE|82<67x~*
z;Ks(MSJ{o?BcCpxt!Yj2b2Nd0J?!|mJ^Y`4{Q3WP|GL4UK*FXSs4+QSfR4@C-v8XN
zfOaM-Q>9=YMeeH7cA1=XmyEslDm^$IZTR0`E{fOc9Av!m{uS{T7yh8AtL#edStO&7
zgm!J%-^sZgFZ<&9km!)$S}T!+7}#*{V|P0aoz6cz3-BHZP*9!+9VmO<bLHGXFQ0bo
zbtM=Ue)@jWvu_6yPkF7xOM#K%5xn1Rd=TCGoq6ZRK!YsC$#)anC$?LML|L)c7yrh`
z0a<^s;;NnX1>=))6?a`BsRCemawwbd?|l6K>c9SH%rJ&SHc~yp|3;P$VyXN~f+|Pa
z@A1;@IL=;RMNObq;w1&tWTg-IV_<S^4RkFvW~Y-}pR%%>Ok5jo0p$GA!@Kf@M5{OJ
z!}bPU750XP6CMp`I8U7h5ytlDUU|Y+c7kb8Z0%tjo<9DTBKRh4W9zF#GdMT6bq80c
zejv=Cq6S1<?bS+l{KMO7{AMS5(YbnoOwbE+8SF}74d}zcfTh>W2Rk)N?j0>cywa%)
zvasc!q7{?>#=Zmz_<!f)zunfn#trz7KWw#AA8JiJ3;q#pzu|QoKo_?WAvjWk6rle5
z^{M#xJ`S>?|IW7lKd>|YyZ4Cx{}b2HZ|@QC*T1~cS)BzmIG`-AZ~d+IG*ixngjH`k
zZ;0D{$WBH|a|*7$Kc)wA*?`dz_noC$fDzU)Q=2CR*ChRqYdwioZlJ?QWG%Zq{-MC4
z#v!sL(Gy}rW-p&xx|>9QwAMi&fzb&N$QTQ16=9HT!B3LJVb`Vs|J=xl0|LZ1(Lq4|
zs2sO0fOry+vBGHum+r8buW3~;Sqp*ndgHQXVH?*tq!gB^lZF82=Jk)m{IrHcM~L)f
zJ$k``VrQ`N8IZdb+<*HRptDp)uMPVOD;|Hg<ifAA3Pj$1^&5bS*Kyw^ug^=QkM0Nw
z?v9`L1vTO)-Ag+FDD<_nlMV08*`E*l{^!G91IekxlT8^~R*QkjOns@K=uE0RSFuze
z*O34FTmxF>9@rOam!8-fw#KW(=ciu#Qk({M10G(Y!$P>O;AhSoGkppnkjgy7^v$Sd
zSp!lmekr1f*IBiHK4CKV&nE;r7!*f_VbSm3=me+xPk)z;Scklq{GiSS>dzwJ!mnpn
zKpGsnX|9$KxZ_UjCOtiOni8zpC0-J!Y+OCmT(|Gnuo;QtwXFeEQ_?l2k06|Nn{<-m
zouT`=4)pRrUi!bY4)(xMNJr5*p8cT#I*ZJJ9Q<W&#CuLB?om6XLo1j`r<KaBXMj;t
zvR_^VG<(tl@%B9bmRk9LvD?$We6c!f1W2v895<;p{Jy6mezm6n@n-q50&D3!3XfgC
z3~0u?NCp(z@0`%SHgH-FqNnmdlYv!o@J}-+WKsqbojD}<M<U#vzilKQT(wKEsM?+x
zhiIc=2&C_D7_fGs&WlJb=P)v}uwbSo9dlXCtyN0I_4XF;@755&&csODgVer`E8$xm
zT?5W>*fjm+Gd&=5ZjuFT7_hmkz!j%~+Rxf`WMpA!&QG=QEpVf#f!?*#CjcFj`uZ8r
z^2ey9k?UcJFYHaGvmhTEJpeK?&!R)F0Vk9jk3*Lr(;0qafy6TeOOR(GDoD7x>OHu9
zGVgTH#H3Ho)&MsSQVzHywomOmU^}46t<W8L5W(Jtqy{n`z#d;`h=)*fYqobkBOwt6
zpR-(pNmUwMX^;fvguf*8e?E14#ftFg00Q_>6{NCNOb3AqAnvBV2gE}20X5f6_bTMP
z48lJ#0O*nHJAIVVCDO%pM-H>BtpUv2IY@h;1|nrX0>TI<ke39POce+qCH7jdY!d6A
zX*DaJ2tS2(F1f(U3j444e9^3++jV#zg+gFoHksmrl=bT&bv36>$fKhc*c4xb3}9^V
zh7KU%21va^t{-@GaJhHAqMsybalDx?4i{|!;ffUUSa4d_8?h`s3u(2zbkg5nQZ*_E
zGI2G)g674yX_b8ha8js&JW030C6i%m5b1ehaW^sIybuty@QR>TaR!3n#9ITlawmFT
zv7&cD^a<oXfuqVxYa;PU%}DVpSY2oUmV21Q@7H4bfyCSZ&ov=ZNE_T6V!N(Ap)s}q
zKRDp(uEU6>8fiPU<j(-F*p@I6BEpOV7W3nx^u(t`5*Upn%JUUeHZwpZ?mRI1(C9Hn
zUdjc=2VD;9AL%3%;X)j#(`6k<D<1IaMHIv=g@pJCaLgYA+&X}=gh~G_nCwn_I|=mQ
zpBceAWi<pm|CfR3-QLl>G;W$!^^m3{!~wNf>d^*BiQvsVD)!KehpnJ~x5xVfPGt@F
zQW(FTOAeSYUP^&QXKjF6!e+Nvk-R%24uU?813^3|Oeun&#%xaJ4RS~j2x-?IId$~{
zav0wF3A_vu#QR&X*B}#%m*Oq-iS3Y8_hJ|62%sbsuLTq)+fg^EcahrcX}YY{lb*Wv
zv>Awr5a$6D4kW7)tF^ZVDJ>jIOd^3>kx#JO)J?tH%nKyz$3d^={*QEwL0~X-eg0e7
zbvAgizkg}@7f39eVk4@tmjUvXIuETFpcje_EQYJ;@}8z5nj=xkOqPu0XjV#8gdj7!
zS34iRg2yzgg{09gEZQ@+&Yi-?7cKh|I^z*0T-d_$&SXHHYuF^^a$t(d^*zbt4hY*T
z?j?c8fd|(6ZP&)W;LTqFGaxLxtQe04>8@4Plf{+{)JoJJRD=@>9yld_U3?ax(`+yZ
z2&!JkgCIw4cSa;6caZ$-3@$Y5jd?iaX!A^au}mx&60VTbn_drlvkuHe6j;_;R)Odx
zVdA1phW7>JcoEeHF|NIGQ!hy-z}Ru>LlFBMnrnf+r>2VH<xt7gWI+!=EyK^wDUe3G
z4m%=w_aQ%#()oZA6hkJYB!B+Uhbm!T21%_gH7C8e_zbRj2sz25`JS~#52sl63W6QZ
zfqmG<*_eKr$px+y*qxktmq@%jboTz8gWZi<t`Q4jopZcXFCX<PO4QFw6XBL{2YHT_
zO#2V?5;gqaL$u@+w1e_U`SQp^6~<Qe5wtrt+u(S59R*U=<Vrq@Ba>yxT8ME@BIIT;
z|83@yL46xFxt6|*Ly((r6|k^M<`+#8c`%sQ7?`lNMMlWJH_dBNd;?s+`aiE<dkAts
zI1a8~E##2_QsKRI6b$XZ{1$X^7SbgtPPzjfX3lACHi>wq7)`tBa5eF;_&cX(`$-kT
zmE?J8<Q4s4n!7#9iP!;zkX4^MksBY0!lCfDfniV`H3@wDDp)Ex6-!_RgxzP1d=L38
zpq5--!)hS6g=C$c5KwJ`c%mzC>b)&+vRVaFB*~^iHp=bSNZ?cSrGd?28g=pCfQ-r+
z?;kn!^;0_LhUM-oU*FW88wbI`zRn54h~r5ZlmnJ-BZIKNL%wMl<l^i!PJl3B83*z;
z9-Y0~Bs*7S(R&9SW6|$FD)zcoIE1~tqvzR_ndH?(liZ}lf6v*U4)>nmxPmbJ2;m9E
zizM(1=j#YytM7>kD=7U3l+Gy#OI`Or-4uTTZ;I;p22Sm6TW@cFd+Tz)o!W}~;>M7y
zqrJTfwv@4Nw0eJ_ntB*AGO|Q%absSOgG;bTvD~-J^#OhBRUocBV~*H~@i4R9sn}>Q
zbho_7c3-2sL;6WK=k->OuKXjOw4UXGjcxvPWA7Vf^^-VT&gsz>p0tI1jL#yGA#UK+
zJ4wlYHq@Scb??-wJo3Y}J3xHAO;O_7w8OjoX5M59S`tjs+Xo+xPI}n)_EHLXF9b|V
ziXe_4)BT8SG4~d$BpccZe8~LRh{QltS{a&x%z4@%M=36ucn~3bVltUN*e331Z$Jv%
z5ykO>G^grM$1K7QxC$6Uou*owrjKj1U)JeVW(ZGDf@Q}vr?F~Y+N9nG_pbDfmuCD5
z;R+0-Iu~y%t`J;#I$ET%ZEK?x8^NMuwjwvd<YCZw)%Hat;v+hGnVW@YTz4W6CHQf?
zB1e@YO-+O<Fm9#6D~D<N3<8jIo$hY9e<5Hey3aw<U)qh?;KR+O1TKF#9pC(T|H}nq
zHy4Y$Ng_#BlQz}EmgC9w4xFQ}UptrJc^o+lKLh^9#CM65c7aCD>D<mV7`ZbfIyVyC
z^`wd5iJ*O9TXRMbv|$&yzHH(C$TPj;^6eFweQA>54MOp33e%XEJJR%BqVngA%BU6z
zA4;X{0-+a)MPc;`zv^ZmCYkJO+vl5HSR-on@P&w^YREldt@P&)m@-sLU)KAxA2=8_
zkv<{T*48dXe4dyEJn|^#7OgRTg%C9Pc7>vPm0Q^m&`w$^k?k>RSgui5e`~u9gfww7
z*ZZ6j7!&t(Et$6bTo5nAUle-v+9}E1QR(cZ%<WCR?y0M!J^hDn%`>;q`I}GN{7o5i
zy&9aasde_MZHp^Ca&P=9zZwjC|4qqt?^_gtT!{R$r%ieRSST~FQ1QZ}4U?P0=_9p`
zvV0Ntt@vP5sS=!sP{-<<*6<(zdAxiwXr!?qhQsD?YdzWy>U#Q`0O+rjkw{HV-K%Mk
z6hVr*>$M9VxNU%|>}^}uYmXp6BBp!zT=PRsTgz6@M>}oA36(s87#4e=s8r&|z8ocX
z?G|^IuMVlGUPJw&TFr~NooD(%*0gzc@p&4JB!)|qs-3I1tn4g?3XB|hEfVvqabex`
zFCyTR%=^%i$bDZDcLciSGi4!dH&SGPZf!I-Zpy8R#|FMdA%|GMMaFqcrAG;}kt5#@
zR$RUIt@$9pcKMxt{b_dBO^aCCT?y6j_GYE6OJMCU2LgVM1|Itj<mQb|s(YntZ&fym
zw7x}2wG>*F-DoxJ*MI$<C|j3V?(!@Fd$U1$`~~AWJuuLbKUo}ayGr?fFPzdPw~#{2
zsCXhr-!7r*wiQS&`uW5+wntABSFxtpE!>F-Myt?MKYDA&hdQMucj|O~NPPh52u)#e
zO^CHkitVQ&D$5<<LqM*9hTQSmPR$J#^skd$r)xO9e#5p~if(ABYj-j>CR;YT?T*l$
z2`U+?(if$PE9&asW(&_A!Aqrkxo|{KMQ|R?nlLF=37a!RwumDoJEPFy5f|egu~3?8
zzLuKA5=vavYv-9fGr8Miay4>pId02r$Z}RzS6{}dqkxR`U~ZqwTGycY3A42wObM(?
zA<#SK+N=B++SoT@Jhk_fb@Ial;-g2PKqP_<TbeMSC2Q6+_GS&!DD*ihljD-lp{K1B
zrKdt0@W$%cz7xg!KGG?sdL;5ykElT1a@Edqo3CoLZ;Pz<jf=(>Q^yYG%#&L`6f-`f
zct)bkz3oNDU}BU3CI6d?Y2DxC?U8y7yiyfFPk!kYL*!>D!A2DaOkmzD&1|+PJegSy
z=K40XT<|S~@)*)m#R(WU7|8Rl)#Ygf`M?Kcr9dn3MT~IP8o!EQO4Sp#1Xd7vYF^Xi
zjoN9*@d99Or^qRd`|Zt&ch=KrMH-OQFT)&tp!!wQWH^3;@_-`UG;6<Lh$YZ{ZzovD
z$dsd|71Y`_s6>w3)}q>TcfP?nN`YuA{os@LtViw1gMD>`lku31i9B;mx$xMdIkoBE
z)Mb%^$js?OrfO7x2ZBoQ?2%nCF1rmZ^a3iE)hZWM9EKL(P;Q^kjrS&VOjwzP8&BfO
zhZu4+3L9GEczbBqszn>T$!J2O%e9&{5rW0Ty&yj@=ok>fCC@WEx@1~!h*{s22{-^&
zjc?doG8{$2+?MB<EYNyI%r0$_cA(O?K7K!NHgkPGw|`QB6D&Z`i$eYorz*hU&^U#C
zUF)df+AJ+D67h0b_u^?Bzy`<Yj4RB4A{rh(_jI@4#OLk_d<@Y7iTKUdrqaM{->YOT
zevd9we{G43UA|M^I11<odPJKySTpf^E%}$#48{#m2*bq?(5o<Bx_Fv7f1$qH+op>3
zX)u`*Peo;4a@-lE=qaAAT;Vm~q*qWj>;qW(tiAqltL6}x-JG7XpoORq45}$N0#Z;%
z=L1k)ttFg}LUAWkNn*K%42hXg-&9#{;<Gm|0%18s&to`(dm8qjKSzVl@Y+@L@Uth7
zeZ7zS$t~V^jyfJRwd&LaR7neN<_Ft%wIOo<C<fdY?yX|HVvCDEwE$kj3T}r5`*amN
zpBA}#{QAp;@B8KO7&&=I$E^@7n-xzLM^tS-t@bXSpm}7H^^$mjgzj}M@3H<WuVwRc
z(zi)F@u+p&IBpSLO39|JTQxb>g~wjN7%p`6grBsUwvA727?aGFK(0DHrP*mb_MkJ>
z7fc8<Mw~unIS=1rHtt@}(Xs*?rda*whS{!pvHrfXb&Aj!O5;%s#W^a}l5;Zg6z7bh
zsTAuq0y3<5^u*5x#yC(bPW37&aDwbU(%zpw@peJQHYmn(re>O%&_&t8ygjxWiI6~6
ze|jJV4`(96-6rnKxQEDB>eh^oWuSK?7q+TawI1F!uga$&Xd1^Z(Wkg?Y<N4*V4Wrj
z7IFKg8UV4A4^uRgq#xYWWE@FT`~<nQU=S%tQt_6W_(mAO@p~N2r1+vV-E+WX^@^23
zk9Ky)Ycf6G8SJIU?>4z-3gLiao8WBB9v?B#kLhJ?dKgWNvA6C<$|<E5?dAw_HQ7`W
z8;Kqmr2tC&N@#f2yV5z`wDV_iJg;}s>u6?I#O=kR@U{Grc)csf%&LdaPy$~Ztzb7o
z<J;!x_a6AEz`(t2ewzJTR6ZVE&#|}65=B%YvQ;{rPm^5#P>E};9lf6{AH@sY4g*`O
z@AyC^*P&Ca92EklDV3@8k}?va^|aBvxdZl<gp7KNX-eVD+AVjEN~!+a%Y%~B&FSsH
zg4775kSNIf5j65FfmGtapi{0Hl?P8g$Z_)dpMy>|?(UC!T6=m`yYXi0lpA6dZ3lE5
zt%KH}$hG9}wQpm&m{8CmxWkd+@vW9}*j1B#!t?B?_0)>&R*1X^B}I`}Qemg^FxWoQ
zFam{9wY{C337wZtMRxP|cgBzCH7Jgg9=!#{8ZAzRcg2so^p%)VS~(QMkEB^{44r=s
ze-~6gv1{uhN1RaWz758J%@4=&>%bb(1f}6m#z46Zb4~f#Z$y_c*V8Y!e=H2q*)Id)
zEV*HI)*d?}mJBo&CMq}OgdQ7@Sv3a{HJ6JwA{8apa7XFcZMRL=YJn!9`Pg>5<1nU*
zBq+yZ4AN)veNiR+7^(--uk+4UySoqfXI&<WpuWs77m&iNb5RwoYbh_dZMgWyATqw_
zl)ne&9<%v%fj7Z+VL0GJY62>q3$D#j!fp$k9NzZ$?gd5Ezd7?9j5~3n-xst>+mN~k
zBtEM!m5J(&joYDLk~0em?%7c7WvOJx2)6B3eA<MQ>KLvd3N&qM{OSnhoWt4mcvsHW
zn)r~#qg^B8E-a3X*MQcOvTI_<F{DO&6OmnZZpm#(Ay9|N9gqUNpd`qh^NOG`4qigB
zO$Baz`Tua^e~XH)I95d=ihj4u$MkGY@1B<|Ok_`DV`aKdP2MT~=4bg?>8OzFn3ul%
zbr9_%K9rUh<!d9S5ySp4NayuU3@`DeWLN`H6owTxE;)-!R*V{33ik226A8cp*9AP4
z&#z{#OL_S0wb@X8Cglt1u?>x@T+~h4>6JX{p3d*WODn_^vygq;rOa_Nl+N@zYZtz3
z{~C{lnp>;480~-{6m75lE!w8=ud*q@DB1HJ=&an1PhB3=*ll8zjF3DIhOF+#?+g4d
z_TDnA%I0eyRs<zf1Ox;HRJt3aOG?6^TWU)yEiDKlElO=l1Oe$1kXEGGfOLzJ(o)j!
z&TQ2CzWv4fyvP4N{-2(2eBiqFTx(|5tXb!|&h<XMCEXJ<1C7j8VslXP51pXmcG+kx
zv;>tnd@F2I;3#Kt0l`lHdBk^4V*;)(jjmmjfo?zx(gdcw-8v7}bDE{Sv;4&OabA;m
zsDL`_WL>~1Ip%GF175df%&B56mR;@uGQB#N8N|+O`h0Za|Gi657rq;dn6K99*)`M3
zh+3cD>rJG?Kc0IYgUJ8L`4aiFXh4cl5;;b2<C&$cn2fZ;sXI)yifpVa;v$mXwCYuw
zu^jEBU~t?n9;mvV4wK;Sz>7c#HB>Kco#^G3Z)Xb?{Mf{wADehSgBOm@9sRKwK}h!<
z6JlPp`m{e64E=e);MPFHGw(1mckn(!TX1kDVooNhW_5hK*?xT^-F7r&!%jETlqX#|
z!QyaoPuoi+O|f~+hp>;S_k??<JE1<g7NAU=i;2Lz5O%RGGz=*}xF1If!piI6jZfUZ
zEvd$VA?Grpz8E(oo4jA{Nx246Uz6hE6D8^wyDiKJO&SPk+EFo_A5pQqt+@Qg&D5Lr
z=!3gCfpi1nWY2_-H%!RjvFg4ZIDI}&N@~r@SM>eXm6BLpmUc1O;i}g-9fmdTfRI1M
zy{u^jP7=aKaP%q}A_iBl1|4TX*wh-)^+iKRl}UejK8BcCJtmS_gDwXJ`h6|htrE2b
z(xJcPIUhL^{UyHeOG4n63~W~^$i%GNoy;c#i%bw6>8ys+OOmv_h(-$f(wk>a?rGk<
zdKTl{o7ndtJ7>J!-@)O$q&shr@zOK`>5LA*O!b9K(XV|9Uz-ych71^}aI2vM5|mnz
z&$-TP8u>M#Lj|~aAJ;2pvlD>py{gm~5HoVOMzd3`MWlB2X{*Eo`N8{XN^yKcDn$w}
z(IM~P@nlIzkFbz=wDPX=E?6#FjY_(DzQ{W9#yCA-iPa$B{oD;t27xdvaD#dru2bx6
z{i>l6(BeDtyeJQk38Fn-OMWl|S83zeOQx5q{nDcFjdaY==B>s+iQ@1SPwqu<HTr@7
z^J?@i3Pv@YChx;GXy6+Qahjr0pg*#nQ-SqVTO5DKPNI2GcBeA>>v<(*)gT?jL>>;2
zWh<t+&@D=x(HGfuYg7Fe7-D-M7@{_G&~?v_i}k&L^VCA~>@mYcZfX0tBKjqvj5Tmj
zmpS<0wy@De1?L<pMiiX`=V0@%bMVhaEP$CAU(M4++~=sRl6h)Nbvw8&`XQPf_ATVt
zgzaM@QH1L}I}tBvdw^iQ_?HU-pT>eP+JAZt?4nB;cIy=;&Cl&{FPbvqk+8f;koto5
zSY)(z&(Y;J;^N@5j+=nHcABPQ|LHSrMFfu@Kem2-a{Ugeucq#^*P5@Kw_FU#f1p`a
z9v9#CUOulmbXGK<2t>!lzF^N`Up(QNO%JC$LgMahS88fbHP6s|r-c&8^f#N`%;NDt
zn;^0_=>Z%)(IYVU6oM5_?&E@M*Vv95A})R3v9$n(Y<Y?{q~ceT!gKP@L$<q`>M!U*
zk9&3T@RH(sXJZ4porsK=fPb0&4EcU9?UDB)wdo;(XmT!Go2-w+kh*SW0vkXJ!r#6l
z)fYoyp$=|dr5Hx84~<}oj64FMUA!<sFKSPFkR#v7d*mx{zkD_g(GtOkW4~aaeiRYa
zFw@>cGqfJV;U<9L3heC4X#{X^6Cwl0f#XpR`Q^wys-|g*!9Dbi-Fpf|*I;k{D1COl
ztRqom81+(2?6%E*+tCKyaVwq#qAcQf$BFI=+q~r@;U=odb1s+kMJhWmT_XW=$W({k
zp&%V()bxmIUcL@&y#1?5oLhZ57o%MFnW!DBL5duSLvbdJjau3>qhU>T`}I4zRrKOQ
zLJzJ@MFk`Qyd=JQyw+qi+Mkqp*5B(7?srb`ey0%gp)vRZJQUD=vIaX_v!Hgw!<qA-
zj{yZ1J_^ZAze}DD&xIEv989nU%4K`7WJ68@7qk{SG&6SvwNCcktO#tSfo=H4I1UvP
zpTD_YFKpE+!fsj7Re~bW+&q>Zh&ziI+|^SzyMf-GiN{}@1JiX3Ga1g8=66n_MM}^|
z5$w*ivwtNnJ~S%svm$J&w}C#!eXn6Bf1o(gD-2+jAjgpEMu1T$BRZ3%r$Kj3&PEDn
z-LX~$z4t%^)dr|{J0qbW^fbtG<%b)bseORqJYwrF0JBWlqN3}s@R8QwdjBw)z^ENa
z{;oZbuB@Zft8mIe@>vgIGt%2Q^eTISrnEp_yZF)AYE)^Aai~Dry#dDu81ZO_CGt@z
z{@Jc1dC~}}>qL{sD}LqI<QKim!y1h%=Dywo9$qtOHWs9;e%!rQ^-!GMQQ~Pmmb@an
zd9D2b`%A#Q*+vOPT>$f3_t$LndA#=m!h83?_4oQP1?7)?e`F0%==NB_dUYxf$|TE-
zcbpYk;K<&U|MU*XUWd$4dsCMtk&XlLx%Xg;(IN7xevqqI0rKH6&||I1UjeDo5|`dA
zeO?x&nya1w<kERb%?=Q(UA60l?qWdqD27P++K1`Q7LDpIcK~czOpk`F07!xtUaJS!
zU#P`sRk;?If#ho(s%7N6G+E?s!m|54RdsGDDJjG>3TdkD(qozmR|)qVo}2^5rr&3A
zr;A1J*w-7vcO~z~%klDII8uc*I`w|+sBJ_&pnJi15=?R5uPOfNfV0;g)!2**7EMLz
z!~z_mYLJ4h{M*$O|K^^rptW1J3mEx*cmqW81N7))VF!@ofA`?kAn^Qc;HKoh2J^t0
z`=-rTg3e-9<-_jsAG_9>B@cv_%4R5u4h$AGTqc?~LHqJx0g!pOCXu~l>nku3%pE)E
zXdKL8tf-d7>6eT$%Q5X~a@0&<M5pSey+R53!H1l!7>=n2^BV;x`g&#o!JD;*!X?b1
zFa5%h*P@#VLGvLkh0WD266gkTxa)bxjnk?{5kR+_DhAxFOLNlaBvzq}xsGmN0)!){
z!DTN8^jrsmqfNrgE*%$d$An8iV=;xYCDg5vg^EJUfB{g;;@HG@d&`Sgx+1k*irvFt
zyG3K+P6xyZhA-7R!C?pQ41%eSE7ua7j+TtLeY`vUCjZ6zm9~wAnW8c1MXL7wOZ6wA
z4I5(;Ffp2T2H!%6G8$x(+9y^9a<6%kh$6;y=@eMtu`$}JpmUTN14nOZeX#FI5lyJ-
zKFyow65=wiGiKqI6Ez+w_B7&yhd_2#JqqNM&DVfNz3p{FI@+wx$qgX-UaySbE%5cQ
zw{!A^)R0Xu0V22zbR-Q<yBR@zCx9z+If7B;c^Gqsz-!k>AdfsZKTj*RgjaRT;`J;a
zVk1#yC}M=PYn7(dl?a$P{<$y-H=}tUJG(CuHIyA4T>{-VEr`8jlyv)#AA*ZI|FBh2
z$YLtczASeE3bIz|yo}?(BUlFV@O?OO*mQ_u_u5uSAyzjMRn0A*V}do@7nE{b23z$J
z9bM7+KvTI{7$~mufLqfTs-Th5@+=_9yD5e?(%>>~sUSbEggVEF0Y1bukSpQlA9?Ut
zX${D=SAf=8KAU0ss$QEFV@T$_%C0@2&Cdm$@gQ(1D2R?5Mlp|VHSjM4<;>A%kqF$Y
z1pJLfmrMoC(489nC!qV)!+CsZ7f+}W9R+Y|v5}oN&B})b;d#*+D(TwcS;#NmXL@h<
zzZTTDZ{z);O}X(#7MTt(dqhJpnRWAW#j>c|qU*aTDHFX80J~gU%f2U)#hTzA(o{YR
zGV6~+4#9|qgaMQvhhL=p4y4|o=mkCXn%nlyt!;~Fts(?(2Ohubsp7|7P{8}g)X+`p
z8gVH4X+>e&U8>qwPikPLN~Lr{r`RG=0L0{0B!_EahsGo<ns>2M^)L9>2CLKG`8+NN
zBE%v9x#Js8_B&p+8Uy_JRGbHl(qskwhx{9l<E4(m#-j1+_a26YW26oSy&^X^t3f`p
z-3oYLC)d)w34%HKq}&Nxiy@GyReGzx4Kua+zwT}Qgy4Qa{lt;tyT?qZE2HP9$CM`N
zyv@NLH1zKcfRAgt;(y7gLV1Aw{A>r2b0ZXgW^NjIarN+>18k!l4mt!-O#_I=N+E~z
zKF+bPnYRf&^j88kcqo>4=;cjrC+tT{Xtcwd>l)~QP-ZCr2oEN4=O$+ItZ`UfpG6LQ
z!KBAwCN$Iigi9|t9e<+Y;r@-&J98Q}77$h)FcUd#5!eC5HtvZbN28uyF_c%41ic1?
z*MRh<nI<_YOptYHZ<!gKH6DXkZgZ2Rce@^S)RczvY+va~XxxQo<!=`HPgZW%9PZW(
zKW`3{GYBE3Ne;-Pa>!kM_AEU^pRm2B=KR6(;X#M+cJocXDy|=XWW@>br~D-_Qo59S
zh~s*qTd*^v$uwpFbXseT*p5SkG=tCHu|F`l^)fDd({I^xv*L$7?MrLJH}iqvUmX=2
z_RB*XGlp@4kUiJuBdOrcb4ve_kQy_*-Vq@JQQ+z+M#WuiFI&}AK2=ETUisaR{jJ_4
z&;&1Y+39}yxlga*D(V~7@{na7FGvfewJAvYW?w(gH}XJg?E}8&CmW#;bxY?D-{`{@
z4LLEdX4P?5$C4{)6dAsKm2YKjbt&*ob*|YRm63d=e^9&{HV)($sn(zk_^J-btOek%
zTXbOGZxOtX(Fq6ws|ZiPV0f;VVNPR+m}-esfBN8Tl<8<8XvV17N{}N*V;KfhLM2Ot
zO(qm6NtPm@`9uyriEZ>$uupbesNfs}H6Dd^>kXM&f1h~fip!mnd*?ypQ89baXmZ$E
zi&~zg46NduFR$$#m3Hndx%UqE;_p!_P*o{r9cWJvu|{TpoRht1{WjeC)S}m%%1aBu
zAHCIHB7}Q9(pTwF>n#JMhzQV}j7DAFcY9<;wBNyKA8=@@880)9UdJ^iK&*Q~!ux^?
zR;p(Jm&GYxq`MpSrr*W5knY8U?s<5;h;Cwym3Dz^@Adij27TPx@7|Brz%CZCjo{pC
z^Q@H-!3F^05Dpdh#<x6=tf}X;3VmzQ_>adM3af_=R<0I{?lJF$WN#h@l7f1din&b7
zK2n6OpAC1}M?eB7)c114t<RL44?5iXu?#y66wUdmbZ*oul!vgp*YZq^Hjq|-_nUTM
zYd>UVp_dU}T4i-dZKd;+;$5jt%yOuYNJ3Qd;oeS1-Zw1n6jpzFx^2rSR*hT#qTkal
z;c0^j&6eAq<5v*%4wn|s;`#L|6jjz5rMXmYVT=Z|XFrNv8Dh8|wgH2g{@qzTTVsza
zp4sf#x<g$gSA*Kp&ruJJd+=GGq8zx5%+0}Leo;chRGJ@A&={1VZQZz+z+W}1#1}HK
zEwMPc+IRoT<hFl5sj_EWBc68)<t|v0gTc%!h@mcLW8KP0o(@))2Ysa7$+0t}t@rZS
z>jd0%v*|284d`eFZ0u=dpX)PG&wkyrA)LB0{5IO&H79H?(M^sw5oA*o^+!m9s}46@
z4{r}Uz!;`yraB+d7P|o=%MsTQq$fiiaymv+(|N~#AQ#75Ftl-B+)ZtzJ#CY3lX9kJ
z*j&i{u-mhAQ-)$jPwb`hzOuEUAjPEScE~`hSMGpU%XhKdU3?F~4AQYpqk1fxu$n#b
z=n$?JQL}H-eWX}*diZop^@`TZ{#-yX!L^RP%Z60NB-ZiyxvxG%Zh?7mY?+It`Iif3
zwp|1b8^Y}ALsUaU!#0jr>QLwnj(Wmyj)!c^x=$&_c0*lf{sZ^v`W}Y3`<$r^!aXDG
z+3B&Sq@u>LEA@ple4lOAYdWt@NPe|%pcDffN4=gM)!N|ebsX<ppKf12vm-W`buQT<
zg+N>8g%gkC1M`n7G>v>Wj;tgzLW*)-!V95n^mw)Jl_)Cs?Lb}gO9|E8JQB>gYm}QO
zvfb|6FWY|I)mxy*k9L;*JlpD(PK9Tm#zma+Q2Eu?&CkVxFy<XrP4hNl>JA-tZgaj$
z|0XWr_43Gy$g)eAz)Bs_aIEZEqXenX_#nj!+MtA*Q&P36(m5Ai!mym{)YLHTV!B;_
zrdHXbt82La%xi%~Sy6qb&o1{gRM#{_6?yjGoTHCbcvO+0xSIMM&@Qr&eb&BH?;f&x
z=P(-B-PLi|a_Vdwi)k)LCGqykN_d*Up1O#gPAfCP&a#<A%Y@}QVb*XFuLJiuKUDVU
z`LyqcnS|G<#A4@&cl<kT1st5(?Rl#hNpP<;2@<OBn#U@vVBDu*s9;pK+sS6sh770d
zG0N?|aD$68s+x|@2M>%?kh;jx3%e>vTs)+qr^)0;nXDj2vv?-UW;=~TF3-k7T_<*x
z7q0T$pXZIs7FGxs#<oXDDXo@?M@Y#%f_Ek74`Y{jUC%xr<J<Omal%8g3cF`fpvu5u
zg|nNzaHEM71l3M~Rd4;&g2B~!$QOC_ggdIIwJ~^k<TmqZ>#B`DL;igB{=m}-$7X0y
zX1S%y`6c<!FE~-KjRT2r>+Th6WNq-Jt@7<}tMa$p!=2RTwwMn&?Ur^ygPayYNw#do
zp{_8HKB^B;4yFX{YP4k=tg&2#0ADjEe3?XGKJrUyZz&JHfv3Kz!FDubnlP^)^Y%vg
znkg2JXzqe1F8Asnbz?Iw5x7tQggksKx$}u~twOqS3TwK`&S23!eyn=s*-YUmbku5E
z@TK}zBF9IME6ck+OZQ22A9ypSkqzUM?p&V4s12sRoi_%c%l+h_Fr;UAj%+oAT~t8Y
z0FBda*D4n5m>cSO*9U`wL(`Aumcf>6w$=8H`ty@Q$J^y&7}I1mPnDIQWmQ?cgzH?9
z%jHKVz|?mq4!5u{yjZF9JM0hC_FPu7iLbtJnvj1oUdxcDHaKc6DxaFZ-tMVz->t1#
z&JLG$`-NHUv>hp`ooD;ZiibH9MmbHB*F^(PX=B|mxG)v3!L0Z05yymF@S;YPTwxu#
z!c!cMmPY4qES3yoH*8p@f*nHR6)cfIK#T-aIuRcNcO_dH-N{I}M@UyI+0To%DsnEC
zxV-Fb#1v?WHvI-~wHi0B$1oaSzhNMg&@i#CG1fv5gd_=Se&+|SAX)HgkA`j)Vzl&4
zI3Lxclr{=t!h4?(omx*`QeVW`^`Y!ZDE`>0|AVXIdQsPwinKd3wzH>InUyokhAQ1g
z>xT~#aUSo;pD}a)&`IN<4z(Ga?p79RtK7)BAEK5)HlyQiR!^(cY8ypYjn!i2OO{he
zE754+k)`#8fe-hPr!Crob#T9=w5l!kz|v(I_H&+o-J8b4dPAk!L?nehBzAl%&&ZF1
z8~0oI>)5_Db9du2udYqZbl<!!Gi4V01>6qyt`-d|qtgRi$7~H4G-AG1Kb!G*^?>1i
zjvw#hW_D3~A+w-zf?)3fX^+JdDi-x;e;B0T!Jf{->GLWJGlO!Qrx)*Rk@O{uk8o~Y
z6zZUu;HLta)$O-_Ir6_2OEGY?R9K=2#e|c4;I7thCNEdDK&o65D=Kc}@j*$ilQXqf
zp%>EBcJq_3A$O|3V6lHfa6{&k42G}d!2Ng*Y6ZNi9)Cj?pXQ>(4HlJbK@-+{JoKI*
zP&X|3_@nVoD3|TQO&ZO8aF$a>-A6SB6ABb0KM=HH)rh~v&GPtaZ2-fL1-%!O=lAH<
zOY$+DC%m@CnLqnU-HVHi8u<(u(R)_1#jInTtC1=GD#(cnb450yZTzm*D)$4q{M(u(
zR$9YcBURYk)SOGx#toz;baSe7oRRg<_b7vT>*|o6L0k|>)l>J(c4V8cRGo0ibZ>cQ
zvxGN6ijW}(huj6BkZYT}KA89EYu%UZUvk5C_rqQy9;%)10yw&#r1A+ll85c$5C<VW
zyK*Ex8?RhI3GA;ej0D|VjFDaXWLdg4oikOq!9OUaS6O8Mx|KVrc^iGx^r|C}b+9f0
zT;sRM>IWEB-Mb36NDs{W3|yun`Sd;NSTnNsHb_sFjuf?b2MX5X?d$+XZ88#-6QvsS
zoPT2POb*j)_n<uWHnW7~mhQl-+WYlbdU@(+x?KF8eo5{ROTCn!dkxnnD%CbK|AMx`
zQ`$CnS#1)vR<{a4i;Xvuss%IWYd^TM-ptxLui|N?YnWit9T*wa<s@PKHP^tUOxR(h
z!(iC&T2b{DM)habn^i{jfzxGv9Z4G?DqYqs;d{y5e(fVAds+tXgzV5Y!0C(YPj)@u
zo-+KLgl@;WF(^8+WMXLcEt3j=L%o7Bw-;*|#gp3PEEipOdJBeljxY;Tx>Ba+hdPxE
zyjteNVtrxOy=7;wpc4z8+!NKGE~7lWcO_Row1fsUQhB+r)g&xY`)w%NXS4Vsr#boN
zq>|VG^(mkn#ulX2WA&epySX?|j#hasFEI`pajI07O`Z=t{H~V;v#+xXZ)*!pok_D2
zzZj>n-KYdkzwazi^44iQNOJO;q^2?lAYV<fz;RKK{Rl~8DZ5-`FmtIx>&`dLf%}v9
zU!U_`FfSbF#1+E@MX^D8dgj?tET9ccW+#&p+j;x}CzUMDvM)lPDJ%tIjdSPm9%tWM
zFLrp%o^m6PI4ICGCobKhmsv~XnvIPki&jb#leC2CBFOlsX(kToy06stF*WJExX(F}
z7xQ}Uk`5>1brxwPXuQ|70HN#Y8%5xjI$TnW6X<1<smId1=#)}pCn$8UJ$|}CGN!1H
zv+b#oRC{P|&3TivOYtj1Psd+MJ}cUn-?b}bpb}(rFb=L)d>qkmSF0d||Gdvj$MF&N
zmt3CvfMHQI-6JI?TDpi{^E+++yOJNT2yOZ`R2g%Pk-n9Cw4{Y=*OSLN4-yxt#SXpp
zeoHmw>_to}HL|Je+x@1(%3f280&F0WM?`_kj7Z}ueu2CM%9fGE_FKu9&^)4Fw^Oq3
zqmO6g==uu|zT7+$ek~v7J8OsP1=Af>q8t(_)k8&h%+^5bzR^GdLcLl~Y63}>mu!GO
zg1BubqvM`XsFE4~V(7(9(ZL2@B9Z*Bb5v|!b3STck(2a|vUHLdf1GyG+%>W$;>W`l
zKq-|9zI3_bat*6pd?siv?YS1$HkA!{Z$)O&>a`)hgi7>w5?SQUE=zzZZk<x6xVvL7
z(SKX>U|?1*mLzpe>QEHWUr2`(^Li;)D<*c&?Ep%*wZ}+PKps)OY6IYfpB{FaBdx+@
z70I2-i!9Y&`1pl=jMadFaB1(8e9Y}~<zNp(x`qL<Tw9B)9d4BKbBdli5yg7`y)l=9
z(3aM%+S!<IP+P(~LqBU=cIW_|43Db~#S)%f=0SOXRr}|$kwg9*MVIja`q<j8e!<fI
z8_%?J0&cNmIFg0!DiH%}0A0NE0krhZKP>&i@x8OMoT<c>L(Zy`9<%*(r?fxNulsjd
zQc|a?B;Xc_G2_aglS`;+>BTF^mDpIWPgl~^&`JPR?iA`M9E!ZMw}dq&@~<bf39g=Z
z(G@(@Xm_El{#FjkfR?GqOL9)#>NWo0gN4{xpZyrBLBXltpw?d#ygGVV!_`85pUm;W
z&U`K>+{08FdF6ZMp3NSH4y+9xuY~dnm+*GJzrvTF`&bxzrRU{)6N<2pQGkpmXJQ9B
z5u5aV{+-aEL!C!1yd`Qi4Kk&OY7H$GfH0*9PSa|0sb|XylgUbIO}Q@`naRN8pTmK9
zcMX_#j|%5V0lkgSP`+3+02wiDVSu*v{=~#Up1&UegI;LBiI(FtaqN!PaCvs!B)1$q
zOsQ&Ytk4k8`)?2zh%w~k-l^seZx@eg&gO*x21H_yQfsHl0IZ7!Mowd_7N^X*37k}l
zoPR6q9_pwJ!+&~NnI0U7vLrwhRvV9s+i|XVc0Ld^V4r<wcN!$_5r5^gf1?Xpn2<p*
z$<L6^aRk#LRU%z870}5c5w+OsM~K)}fYY5MXF<p;TzxSPGUSN1OTVxz>srNd9Kh*p
z?E_@Bz7+I#Ud{(BzzS^*GE+xpsrL8#ro9!Z9kUP7(bQz!lX8GCoqIzKvA--pXbP?3
z*Gm9;;RTA%VW`Lza)c&Qaccsom;lbfHm2RVdvh!;Z|aZ0^*#OT0ciY?1ir%!ID#Y0
zHY8H@W2D5XpQu>f`g1yA|NT{*%czKsO5*@9&kC1*0b)<D`~t*OC6Zdql^heQCree(
zpY1t10L!h9d3Qnph~r};>f3Jnb-@!bIS$PTiJO0-lbP5}SH7=KwYCivTPkGus2jwJ
zd3i2g+Hd%RM!<-&sKIxDmwtjM^GRlR)cWUpbVfJeYT^C0THw`y$Q@)+f8ofqFf(ys
ze}fy9Ak_cue)7@ULo(==p>+w=2*B{3H8v`$iExD35g=C0{1L2@-l;C{hapG@09k0l
zhok;VV4-qjY>s)=gfAn}p!6UBrE?ySF{-4|w3W`Gj;v}y8G#R30ZV9<?rFW^sN3q+
zTo?zpsAqErL<NrjoAslN$zzkJUEBf~bqJJ7Jdde42(J);Fh=J<9@AYMn$CuXzk+A9
zuaTlLrH9JS9>=J-L+d8@q`@K|{bP~49Q%p)>f$s7${gHVF9qPkE}9>pZ75OO+LNKO
z_!5(BUx{ZvMsxSy8kYs(y39?)Neh-~&Kza=KXPXPdsOxaG=_6A2k0-5S}<1|;tFc@
z&oxCt5YhBI=L<`G)^vRU^gmcCivYlH!UeEswjp+$9}|Fvw~u4@go~qBb5HmcN4Qv?
z5y6#c$?|I@u325bMyu6VX!x`~<li%)EpY&&ia_cYwEswa9~=EODq=o8=+aw#I1P*5
zVaUoI)4^hi7{<7V(W`)*5hV;$f&XVugG8btpaFy-H4Pvp`bc~f`zY~0x^)|^r%?vi
z)>~{*gxx%Hs_&Fxn(k*k1;AP!zyWI@o*gXGlR?NMK=qM01<ujK6l8bMaI66O;gclX
z0vj!>^PrEi=vpZ46To?~g`Ah8wDIY!g2d~95O~achu|p3^FL$E{12ZF`uA4*|LeP3
z7?;%YTqCzvqid}6L7i4CyZcwXRJBE*Zq5OEH@(#=F!I~}<S%LhI&BVjwWM7JaI)1A
zS>~RV#s@9OtFVp<;%TF>$EnOFGX_{gQIIh(Q!5?RCSD-G!_y&i`s~>fZ^};!dgqL6
zB?!9}V!vPd(F%oA{)0gyZjLDEuM*k=Xf2ks@(b3q4;~vsju9;SK;h8G-)(gRy%)`4
zo8(A!J}iJ*8&jj}208|EeTwF;-vu4UrW4(kI3a8!F!v^9PStS^*IWA>SPMLW$zai`
zw+qs!$m&-VIt{>^w$lD{CAQG#G8s<)g7R3OQioovjkj$e+ZKOC2i91`5&Nj~2BE+!
zkTF$!Gd*d<Mf3jQh}n5}l*xdALN*~NF3opiWC9*>24d_#&lUhc&nuMGfxZ>lI;HKf
ze<UZfMlKJ;+uA@asGWqQ2v|o1M@zT^yO+ilgFrk6DIU_C`rip5KV4+q&TVB|H5_gM
z&LlQ4PQd6zQ@BdCUu3oelHc5jYfsf#xEphP>lG<nEf43Oa&(K87`F(3fg=AR187Dc
zHweW75Kwh(tvUT#9la=L-`+F;9e7|L<+lCJvHNGQeL2PrkeN7Tk1rt0p0Euv=tj9!
zKeUUQ>EdGGy?g;=xey0?+tx1o06OKb0mWf$Cofu^b2NDf@{>qVa8>usaNU&MO>1og
zw!NMP%)&SqV0H77&#spC6CwPuuqiYGv`R$)9ETgWjFvrR9Gi0Jb-3v@4MNJQguKIV
zvSLHR^I9ETu=rPSC#DQU`isSS;0E}k93nMEfXN%z#y>XFx0qY8#09I<tOr|`0f6wJ
zsQsX!SHr*>gtueom3yC{U?1Zmi(V$6x;!&L^9zjnLSJgS585(vFm1+K=5p%Tl%=}#
zq)?hBu12KCkZ~j4ruK%e9)glS6Bo$DP9x3&C&(EE1xz#n=jhN_WRh|28?O%vX)p+x
z0VOg;;S;NHC{DuNTdVIHMcRdT2Rryw(v>Nq3YHk7^_-AZ{4CmUo2)=5Q@*N(7R@af
zK_6^-9rnLLfmGJ;YT`~$`q_(Arsi9~xMQJimVMcrpu{c3rIsl1E{`ZPL)b-|cOQfo
z4Dq=S_s0%JvKdD64u0kOr$LwIz5EGMJ%{jZklQv7V-CS1FLm_ls#4y3;tz-mPT6XM
zUpItojOd&|fodrLg*=V4L?^G{bLP2?&M)l0pUT-A5xLQyyF0X&xGC%=R^J$$Qpb+j
zMf9foVf?|IjsO6t>y5Z<Aka4VJ1+eRw2^&>#kp~?Y^Y=~n%%(0FFYT=5_EXxhZjN@
zh`&*}rr&&NL#0d`_|2R9^o>o}V{q}q7A)@~z8%50AQZUfk+;=|510yT00sG6Ij^@|
z$b6yMFc**Tsp?F)aE-#iLy&5)q<T9lu%ot5b54FTK;TdWw60jNP&yD8Qg;CmYC7t}
zDJm<h2<wu;hUqKb(zR+V3jh}XVR-QV1pZsa1JJ#9F#2R_@5e1z9XoCADz5RlW~-h(
z*49Rf{j$OSoJN~5<=Tad#jYC`Ywga}-R_|IkG*_sP1wUa>g=r)QhMMGIXp3r7Qta)
z`AiZgEC(;dXppB*FoEb0v(4_k8!@*9aXQ%KDnIeG!2(>i%<Zg#RnXP-NvB91*5T(b
z<Lg-~KfnrmoAdYwZRP^lmrkiy7k9r77>DuNWqX2xXe8{2{o@%X!6w0nR1ZKIwpl(!
zXah=Gyxx67xNb^FF#o6;C(g@XA&hZ&8F82BqzCHR31=@yk(Y7mdoRQ%P6aFx4inRG
z%~GB}88QlLHXj^Z>@uXnFvspO7gn~fU(p32gFTX^0N$A19uf-Q>4m`~pJ7@PHh_!1
zbEfz!du*tDlKOt}^Y@b#iwB+2k{*ja(Ly5emeN-|ia{wUmAN!d>I)(rtz_6VTqgO6
z+am~I*(3r^^>Fr{|8o8^g9JZds~5U{(fA})oGt4#V0dZ`a6uXy{0>?4%6rmOs)%XW
z<Y~e=l27TeN@bqI<$eiD!cpO}l;&a0b~CB$9vS;rT_N6P+3gJk=LS4+dhPlFv=Xo6
z)~&>kgy^MBh1a@iUjX&aDoa*$xGx!JuVa~O1_fY!<69c0obnQRT?2~Rcp;u?{liuM
zPQv;1tE;c+MVdX4YWr$pRnK%mBUfv7MLy0$5dEjn9aYo7vXS^Nm?xbxF%58-3(rQJ
zTf{U8Q7d<57y%W@KRjP8<^UBiSg_L<7S-UT)y}Xb`4M`(G`SU^<1m)iU*yYT&@Q~D
z=vLF|A=}4U7}K-G5Uy?fS>~d(Nn<_4DERPkMhPcO_cM}uf4FykWLIeP@UBbk-(Y0X
zDy-AaW(Zlb#wA>L%psgq3l&voFv|uwI7td_XxzA|A!E=@z$njfd;P<7l)<yGR`ne7
zsPnoTD679Ps-yeerR*AHH?P3$D}0beA#lna6^ue~U6KHiZKN@KvmvoDy2uM~r94;=
zJ$;17*2nWs-B$`ByL8FQ>A05pJ9dB9HxY8c8&oz1V&0g%j_d4`Cen<lcQueQY2z-l
z%JK>>cZ&gj&Q2|Z%Ce0F{u0&Rms8eU9_GEg<(CPhuLe-2c^JyD69bl90`V)*np}fS
zX>Ii*B(<!Chq>1Uvc{4-&gYc!rSr{R(KE2#Px60QrTa9Ca?*5=8?>vB#-}gWefZVS
zX)dZ&;jolPPrjcu3e+UtYy+j|#`wDiPQ+JcYPnu&xKV-@+0&CRZaNLV-3JMbsuDKW
z=BG;G77D1dm~;Y19BalDf%x}Hg*375fR<9|<MV?zM=f~+aDmcCYbD>(Dk{A0+)7^Q
zpwd}CE>4BPLupYSRx2yEbK4%p**H+3XPhF&DwkZ2c?K)wp3Uk0cR3l?+1{{(<P`d-
zetJt6Kt<>WinKe*Os0YJt|_i`AQ+17eT4@*8s}^s1m6?>7+T=k5H6jvWJ}n_OWR92
z=JBeLG~L~%MF*oijc&U?t@3cb=AczSdbJv`K61WK%q15(gx$gRBU4Io++;e`Uu>TO
zx0G)o;vk9tIoHf8gM>}n>SUmb|C8y#)3vs=h)BvHJcZ@|7SVqcJhKIoOu6CQx_*!t
zX07rp-fRMoxSjD;8gX+h_372)Yqg}+pJe8btMpxB^d<8!bRX(YBq8CqGVoBLn{~~n
z$_VA0se#Y70j`K^oWT~aTKMYY%T&j4V{g2UKFd$6h~K}OGGSxJmEw$8ftCDiu$Q&l
zXSv#7V<s`4RlRP;Z+>#-dl{ylJ1`B^NBT^kX`NW$G+~Dm5KdrLWW@J)<ydWB`*r~&
zA7&fY1V>5Ty(LIIUX3x0UA+|*w7Xp6)tGxVd;sUlss!~bNuQEzGGZRj9TlHF)Z|$G
zws`kIx~<*o%dNGW=c({%=FGC=xJ(0;m=wsh7Uiyo`=w=b@U}C{eTu>gT_Pj2r<rRC
zL&iO!3D@6z&rvzWdf!}`{wJYNyW2>{+=E&6P}k$#GpzJlIhP7IA9mChNiN}x7hw4D
z=5=(uv<A0QA#cHu#?d^)0wZ9hJ2?@3RfLyk&R>`3BW`cLGAJW>ZW?lx+jh+7x;nY5
zx5g(@1?$#29riU`!ecaqzJ~RI#BJ;egeI`YBv>aVJVnMsZGm=cdVTfY7a=02nMPk^
zN~mB9j9d8v+-rR$@RyZ&!i$VVzF7u7XYoBR6I)&k$|k2Hl4HQ`IaPI@p-EESlR^+{
zQ(ANJoc)6g(o4nB`ieB?{3PfO+D!}^CqK#__+W#$GX5z3UC~Yp+3+Ky7u=%#R{b?w
z)nwaly;FAAf4IcdFa`gZ9cA9-EPR~)Lg9$1r+9?ddH5_9H&_*EPRk2Bsi;f|DNann
zl5IoJPPUpoP&dvtl{fpk@KdMi)sTSL@!19)ft=_uGJ`GKKCy#qj9w;ob(AN^TyLv~
zlgD}3a7rk+m@&l=6;5Vfn-&(OLv2YuTMhTi$_;|Ge2H+`cN*v|-vha7XZ4>~X!1WY
zJ#$};8;VQg>B=*%*#$D-ott^sPb$5~?(}L+J388PR4TRliN%f1hpdS8q+GQGSDe`L
zN%fHj)q1sSMzz7HwhgR1ACRB?XUq)_j;~+NJLS4B_UUnf;!MJ0gVfGIN;^-+wTA+a
z9Inuz7!q`jPXe8hSB{zsU5%a|YoC-iBFbuZuP)3?+{C+8seaYA`s|(q%%7b(Dv?r=
zso27hQjEDxF>;OlgLt>F-m`Pb=E_j}Bm0Hkj5CVDxi<L6zT0CVwoa|HW2U3yEcy=1
z;i<vb3B{WDgIG-BPZ)(X7h0(b-YXbqv7f|O8n0OEq@9_Cn<%G)d^Fu8G9@zo{GMBK
z(f5_s-V(8dS)evipqH9SYO@-&1_3q%|DDgFIUuK==2_;tm0S}v@lTHeRxh6o(G<WE
zP}-1||5u`LqcG-noF${`Oy#Y!)*Ca`Ogm{4JCgKcoVeQIj3s*+J3ekPeIIk{$PT{>
zEeN$_#jTBjLMB4$_>T<_ETUTOJjLPmr}BK4(`eRmM_)TbzV$wH)0~`2V*Dq<ozegt
z?i~x}F+SYYSJYl-6MS^E>I96JBAi|u@3^u`$aE)^YkdojIJI&vhUMq==k(Gj=1H&k
z{y;e!-q)X^gBmVu7e3!eOe<sB0!DN^>~vrlwTxFWtZ!Y8sv{<yyeWh6w5!>u8!Pe(
zL6Z_~q*o5mDyY|PZ(8lfnIhcet*)3&RDNo!{?smUsliT*aBjj^(#ns%ewXTad`+><
zh(n@R$A#uhIy#ixWfh8zmFp8FdjSOCVh3oQ;CL-zURY!SshtU)+bS?TE-Z+i%n$sX
zk=p9DeIHGAUce@T_z9)eMp6!Y^v>#=vNc>+4yUse9%GC@z5w2#sxJOGF4th+Te7y4
z{s=n10V$gsh7F`hnb;aCBE(3bV!5YBz`D|`b-nCX<IBL;c?DeNq_V8mInfwmb)X+q
zxSjh(q`LAGA*}7?PCRAy12e&?kDS0e@gD`N>+16>sdIE3TN9N;%TxA>3Z~3WT~fx?
zMRVOZ6twkqepcnmy@}c|OrMRpk!h=8oT`qY`aOMPD=LA|crp$})vs1vlplU>QXRi?
zseFE6?q*BJ%QW&efixabYNc1b`(0rdo4c9}=-g<=1VQ&(Q$k=O9?Ur&%Jj1FhiqGa
z#hVU)L8+hu;He?SDfcn*hK&>VR>ps9%vXyxsM~hgA|osE;%&4e#7M<-8&qe^$Rn@g
zVAb3&n^jFIHnPPpwtM!56hrJAD1lGl*>Bp+m=Hr*?u4gZ*&v@xkye)=G+s|)HNYNn
zHi~Gar$c><u`gsX5aZf)mJAW<INXSyjp9~dz4)26sqrx;=O$Mdt4JdVm`J?QaD+DR
z{8$t_N7MZQkd7S2eZd=){o{Om9tl19Znxm5JfMi<qX1ZC=?n@7Z+zLk8~$LCg+ot&
zsehAxT8Dnl<+`Z3$p;4d8oLr^g$n`8Y;V{yUkI@o@T|&D)OMvRwE1A+E!aHFRiJMC
zQ5ezrj#WV(>*X*wBgL?8M2QsM+IW0_WA>)$YIi=U?+y-w&TmD}e5R-%W)^iXnF?kn
z{r023glGPw4@=7c{%v#^S^p2av^R`5*xuzmvN5RPB6H57rT|hueJnZ#)V-&`CHPVW
z;q$I-{35$IZ~Qf|0$8Bz(Bg@L)#%xZ?EAXkcl$K`$P6w$|3WQ>fope~kw6-M4i^-$
zdjP=$YrUX&wH9H0_EW2eb^wLZrf(wD+dC&%(8C$PZ9k1#c@gqXw<L|&9I1|_RofJ-
z-_BVtIb{(WndaM^DWA5ydK?4@`z;>|bZ$6puTD)f8*B%fGTm0Hedfzhiu)oviD&T<
zaP{lTN4ZbeyzK#%9gN2;H{OD`R#+%@4Qv6Oty;uV-az`woo-(mcZK{1DnT@^mf5{A
zsb74_w(Y|sLoS_aMV9+CXou+7`7WiAj{*rLr@ih0hQ=DUE#_Ij3F~hR{m$*VYrM)9
zy`rQ>eSuKCXdxz#hft2^pyjz;TP&}-qHX&)FYmfEyK8t`%M2d~MSYcfI;&K=-|-w+
z7K<s>^m_CP2+G71Xl|dvXvTr}DbE%CCtILSO0iZ6cu(?CFC5AYi=%wx>C-W__{~44
zP5Bwe=LNs)MzOw{(60GPL)i2x8IMrUJw3Sa5@^(Yzp_BVs2)p6%T59@wj`l9JB6w7
zVOhtR7!k1yP`@tJSY(EQ2zKk7EQSgL%FOSy$mQ191}v?U+q;BOY?a?@rvqu&5~9Q$
zeZuUyW<$%y!dVawx}j_x;06-iv$NW%q0=a5^uqTF7LI`3-C4@dfU_vM(BB=v;d;e3
zi$9>Ojssk6KM5VJ|6kT`m7eggJHfwXX4SJbe%(2MQ8~XehD}1VRaq#D&^hcuZ7`;1
z$Vc2&qLkhMn(=G*KA>4lkG}5agokl&pHm@EReP%C)FQC2@3v?fX6b%9J$*+-KT^&(
zeQm?^CewiyU<woa=u!}~bB^@h+$BuoNoWx;-7Iq?MC@hUX_0kw(5+XVsD5|__4Mp<
zj9Ij;y*6?#k%Hhiu)m}>*)=i5!KYl|YXe_t-k4^*S7krXSAm7-o5u{(+@~oN)(w1Q
zZ@?ruy42{YvEC_nk?YHqYwab>atx4oEi*@={;-o&TEw9u>6D`YZNvj2<;HL?@|?F{
z(^zINi9DLK%&2a%aHJNA+3{%It_s(@`syB!gn<_ALX)nZ1b+3Z?E@e)H9RXbbk>h7
zwfp0{Tm}4rC27eOE|=(sSE+CTy<S6A=R3tEg`{wf^MJn;+%>20R-cPUx*5xZx34Gv
z!4wU$y|vMYC4S^YRXYJQr{lpTn!0a(Qs$~&+cj6fm9&cJC=I<C8zzzpoDzLt13CTP
zjim4wb~$x4t)iqnPL|nrDq6&Owi+ZsvANW(q9NAp9WiNg=9Mot0>%1T#${CaX!{tx
zZA+RvEPrp5!I6wrrsZUCM?RYhxinxoA_VlxV!Ly#p5X7TbwyYA2ogpOq_`Qdn32C}
zPz;#%9E{z09T{m-KXD3pDQ32^^;l0@OS#S4lF4C9^5t|MTc6l#gH!53x`+^_i+;2W
z+XEO=D6F}}ACQcKcG*8rtFivh$TpUr-D;PV#;@BMA5i%8IEylqm&yy^GI}>}y9Qvz
zPE#9j?4NbL*4KZhm)-s0vU&+Xvge-Zv#o2W-$L#rXOV{K&t=cv5R~n|Komm57f=?@
zwYi#_l0E<W5_XUGQ7CK5v4(Z>-u9JnspOU@9h<=dT*9yS%ce+#oU9A#NkjzhL=*3P
znPdB<1<(eVvDv-B_8e5q*SnuiK70s76D^7SjLcOUGpuk9$fMmH&yFcj(A)|r(7`E)
zwwF8c55ElfbjXhDVgS(8!u!prIx1~K?rft|m~r?cv1`?b2fK~sC(wW!9r4eL=?PE8
z7{(Oc76`)KItlL*`;!1$@$707yAPbn5W_!1v9~edHwlrEt%`c>t}31c!5hq=1`)tM
z;KPq7VW$n#PParH2PKr!Ny-zpVq}J#-8aj(XF&gWt&6{<I*v-Y`mEpgtCAw0w5lcu
zEEXJM!FsV5kv~oN_C&2BSp?$=fQSadBgm7hwoy@RcKRjgoQ|;mt?|GL(L5u~#^Yn#
zm;(;oO2(s)K#d%D&-0(};qj?+-S!9%V-ENMN^?O8UjX`Tc8x}9FCEr8U~MHI?l1Hb
zCZI4u0&0zu$kGk{Wr|KmAvE{k@Z)*VA^0+fKCFWD*@_{%e=~D)8z!&}egzb0Fl^5J
z|Mg)!QdYhb_0ykj8AtX!p#3y(BeCFJzKE;*zb&8tqdN2QEwQ7RsweC+FB)PaMT5Nn
z9?kRAa<T@+_jI3AD`D|{7`i0!AGMwTAD{jcdcAxL1awezL51J52jZ6EHZcFs>Jx?>
zaYdAE05mSzxxWjbaZZxIN^?E{m_H1{-<NO6{(M;WNe>x(SQ!l-c-Jc`R~7D+|93bV
zT|y2OMKY))ETC@pWp>Ch_yIJj^!E!FhQQNGl?pBp%%=S9a({!_|M6*~e`~e>E8krJ
zbQHL6S)Kh=w%W#%6kUF~Zrq0^E&3nl2n5&1|CR4>3}fR6rn<S0eFrV<>w*RtPl+N{
z=b}yfPa39Kjq9~QO{LZU^QZr)LOq7zNPU#6bexbyOU_TC%b>4<8snUMQ94w<NIMs2
zR#xCX=phn>)?)cp+6x}0`T4MkTmmdmp1ckVl*u(wlReC>d3gV}*6<fM13=WWM+yx)
z1g{$)WW9P7qGkB*sL5XT*4#6-ii33(5v1ULKKc6|^t*2KKR(U!@2&QK<-315gipd3
zIj>zC=u<r5nt><D!X{_*zfR%5aa8`}w*GHU;VWonVN++a)<$I_i9f^H0FNEuj65-U
zLM?^+ujQ_|3w!U@KKy3O24Q#}%sZj;<`$}YY?>(5Mp6Ig1PD7bth}?Y-j7pQ*g)+7
zfX3QRn{09xnKV-%7Ke6GK3Er#P_4E3`5AcPoO^@sU2NGOOREq?JhAoGNO<g_F7Zq?
z2b+65+K=IQM@+ar$5o2~bRj0+ml7a(LB``_;CJipN?6$<*tuxM31gI=Gb=y9clp+4
zI(WgA$B6-|w1E+l6KEC~rD|30Q38Q6#iFlI)*9990b91Vu^DcT=jY@Ea_KW}`5}*3
z7*qJb;S^)%?ETO9Kwp8_Nn3(58-I8D{kuR4DdmDX`e1~$)e6yU+?$^(N*<ae+y_-B
z0=YwW1{X+0mC?tNuXu~Ch`b*Y3LL1!wH--jzR1($AMzv_^0yjCoPIMNY{u=^+Df&2
zL1|+EQqVE;V>8h9fg#1C_vMcBDC<(zV%|}sAf?8AEKs|AhCG1@kWz?Z#pi6RmhwT-
z*Cxp&gM9)-LnHh4AaMT7mwy(7DbiJhk=Z&R=8NuiFe!eyNaw>@{d=ZC0%6JM##|;%
zcg#qyt-%ADEojPHqTZgt^HT=W<%BDoFG5Wz>?OfnxAz~yAKgh0$2{gyi>3V4CF7Xa
z`ijse+cWy(GneiZyM21h$Jw2hTHrca{p_Bb3NyM|{#*Y${d;zrsGhQo1_Nhb<O;W9
ztP~`4{XU=FpV*Nz(i=0XuYX@Ny$BW~5TTKMpOZv0vuHP-$o0TLPX0wDG|IY6(#r|g
z`@Bu;#K6g0zTmR-<xrtpq-+5Z%mCvrXQ$ZoX%rhMOBe#((~sXdcH#RjKO^uqZC&EZ
z(#V_5N^1AGl5#Sg3A9)6rN7niPG9yZ7+yhdS1*|%9YrgR02E^BhG)i+_frgdt=K<x
zTtE2SJ#F0qANaP5$2Y&{(n=L4>t`}5es#1nzz)bqv!ui@Tgdx&Rdx@if!4;sYMTi7
zVwCnj!^n?}7W(s`LdmqAOv&=O`5wUWIfSopqQ`kl@OVgPtkGMiMGu)|RKvyl1Dl+&
zyOOhQir!$jG*@rcztiWhL_19BRR1UBK@r~$X8ey=^<Z5gA*CVPWO`!gxv=RE$ar4w
zLIwIk9AtX_S3FR6fl1jwuK21y<sR`{?e2JiBF!7aU0*=QsACvYM4!4cnANijv)D5n
zaAq#rT&uYs#r2i=_m|yu$IPVcZ`9be>u6|HEUUC<J_BM$5}aSLBh=+UUXT)N7w~kj
zg_{L|im@@kP6NU%HGSpAdyq@@NL&!3Tx0f?9>#Vo?`EvqvfePNk}A|Q4(U7y%AT>#
z`NP97Sp0Iot%vU%f;c1$nH`(5-U5P~&`Nu67~D|6kHO)VrUMzRaI5-R=Gm4==AfG1
z9Jvy>Ld26CFu;muVYzTG8bQn5g#~tG!08oeS{d2P(Y78A#cX1{qClZ3Q6&JITcB9x
zcJ$vwJb(%fL&HSf?JO@d%52J({+x=jomT<rbR_6S*&rppHUpGsjHEAYZ$Fp%p+DUk
zmX7L7Z1pgFTPFvmUlD=fc%k3knu-NsXN|O*^W#uCJCmpYY%~z?dvyk1IpX}m(L$RX
z!?e5d2xwnuC&#*8MyY=EsJjETaX5Zm*#bCeAQubzx}Q&ovtj1PG^f&LW}K>3<Q<V^
zfm}fx04bsoWZ-W&pC4`Yzn*!McuW+LdH*q!C7=n>?#n@6Ay2p=MU)7X6@e*l|I2Ss
zVjh89nNU}R_<0SbSe<)5l(~94`d<h~M8<NEz4iOkfPdD-2C;c`)SEO)(6#mfRY4Do
z&0)<GI<hx99ROqFzdi8`?>LBLx(IuFP8g<<FHuK9q`?=O@8_lNg8Y#OJ~AGBRP`pH
z4)&HxMDl`Gp3gmBFMyw*0pRLs+&@iiapPDJGL}y_*@7BHgMnm<TZaU`JH=<Vf6m3P
zk$gJ^MzQ|b!ejM1aDq8q&`QnO0U2liG1g<=d>ERjw_jr%guqRR*9Gu=$H{^7)RI!6
z_%*vf--v$>O3N()Av$ESmzXco`?xVsG2KPwM$G;3(~llu!=vhao;AYEED?+A+BGw;
zQL+CN5}`jp5M$=@9|H@-0cg$m$v5wSoL=C?%PgW*aDzVMJaUJB+1u_aSbXu?DZeiu
z9t4O$Z~$}@2%Unv@o$4ul>ugseASVB*B8kW`${dq6B}5?e8m*+kM(H-*JqA&OAdZ5
z@DvqMQTjl;L{Z}#&EHosnDtv%fRR<P#U3XERXH=v8r)ewkdoeVAA~39-+mjoTd<=n
z!|mpQQWo2CZt8|~4C9S@@XGanc_j{frH@FQBmtt(JWxh@=L)3G7RjUu{$mdv!xY9i
z3Of%zfv{8P+O=;Kyog__AIUR*<^y?&z>98Je^P&pw(-!hB9M6an>iqR7A^{j8@Xp|
z6`S8z5J#iGlYjaWyea=}{I_V~pyX?I3JKsQEFoWq;|Eu_iwLK`{~vh7L<-n=kVl%9
z80chS?l$@TkOH<tHB}1y)g~MLNRkCud8(rry-{HtDy)Zwsp)88uG3rue|#qwoZw*c
z6rW7sU5-_$grkk@Fy00LiodoH_*0GOy;0g6$(s^)U!=u0K64e2le~>9ig@yh4&#pr
zCcy-JSZQumb<ilh<x?Zxl0RHr*DQ_xSTU30cY!()BI!*NFtSd<hYuf0EY5sOWy3Cb
zcR678pLlsU++wrX@sIx)KNB4of8fQW@o@qKlg*?2E%a<iHb9K}@Bi8q09>4%MaXYz
z=?`e+x<*CWg-gDF%m*2qk0+u*K46iUJyEAcFOszSXx2YWQbzFJh^~}`u~ZcBepi>Y
zwOwJpMeo&%fBy6%aX(-Xl`DIv17%{GlL+>hUc<?l_!Z6ko@0<N_~*{(BQ;E80QD1k
zo&WMmTKGzwA6B>kaY$n%C!R&y7)6f!(_ef?yNlE3ccD7j!j~^e&OI@|0)l`<(lo;w
zbi?pc37s=&H)ehUP&0lH30lS*1$}hUNyaikY;M{U%j&x5?;MS>zw{3iKN63GgQDG^
zYn6$~s6I1f@d=LqI2E^b%pkf^++Q2y*%@GClkW48s+fjpgbUQ9L-^2k)N9k&fBbkR
z&RtFwM?6&>AgEWo=O38}cM*!C>H0sH=eee*V1l_Uf^jneclh|avUD0Wa(4iK<3BzI
z90y9k$!F>$4XuLhHYJw5UX9Hy%?MIfPhzqEm|!j7l@&?aZfVh;Loi8EvA?5&=fQY(
z0Qzq6x34+j?H5E6=bd~N8rkvWsZ+z5y#FCzp$K`<Y19wSqC=j)R^FQ!Fn+Lt1A}B^
zGTt4p9Y?Qt9I_%9IR0%xU8aX_C4;x+S0Z2l8kvBKo1(z}NPy}0_llds`5@b2!3FCs
znM^zK8+wtD7#sydf4y{42AE_-`}N2Uh^1O9EX|LcfS)qPKYscc1~DNph~IZ^2698X
z$1>lup25io?uZ6li@)9m{`{An0gk?8Rd<ww^vyqC83}DnJ5a=U-jFUX%}n(*+QwX#
zCYgWu)A!W*=$z03yrLBVDYMVFjelvG(YWfzJlUTEMH{MPC#`wq&^A89A@p|-08SS!
zYTztT<gX{^z;~Xm)UiGKPUCjlKgO>HzcX?@i~XWu+76#tmINF>raS7bA>z~@Yn~6-
z_=S>+>Ky`K<c<6=T{AH#ofeFWqyFQ^GwB}HEB3P9vIc3<-c>4fSM)CWc$o;~ga2;5
z%hYg!-*7U$!L3!q`Xoe*M4ub<pD+Cp3f<xb=U%3bw?!*hF;R#4UAv%NPwE%Y{M6#=
z?=^6=z)U2-xuL})Wf}=Wpwk|eU(jcBK+(_8_4j{^pZyuv1;V(l7ZT30`X1@e`J4;F
zdmf|T<vWvaAbQ*vxr%gV;Y5cFq3;Etme}8BKgkG;AFN;|HcCSfVqgc|gtI|sf)f2>
zXU9XglHSKq!}e1j5gPeASR{4r690JPF^ot8FdwGhiWn{!(gh*R)RNJQMB9B3Ubp^s
zl>SR7kcxH!#DX|~|1a=>svI!L-!I<i$q+Rt`SXbSb7#Q#=MIQ}h(-S8m69<2x!aL;
z%NJ=Cn|wPQZR6(b@IRx%<6-ZQ==x%SuHSI>>{(aY5VD_q{pa8QsmO=6G2i=zzZ)3X
zx+xesJIiO!vp~qh_1&ia=sQCM8vhu-syrB!T324Rl`nE`I4S2OI(`Fw@d@(J5Off3
zL_Ve4^3uTBeGs*KwSNw3d2-zk{o}{q#2zEzRx1@Ro}xynwt8vKqIc2h$BKZ3{kOR|
z<{b<tIHloD5)(EzvG}s83EIdB5A9F?v4?uWxtCFnmB|XanQ9+=ys;d_p%MYo=7w(q
z{)h>mVZn2w^K_&dhG81l`ijpkI)H1B)%;_{2%OV=XI4PQz{CZNtbXsogZv!r{|%D=
zH%R{bTK?Z4`ENlo5BB=%0uD2FaP%?ti=#N8ra&kqARYtOFD_0^L!f>ilrI!$0D%I~
zmIefMBqty#`{<DKmcMz~-RAr=&5_rqupZeGJ;mWFcxOw>bDRrYYcb90Y;`eeQP;j~
zO!Vm6K>8KB7%Yv7RXXwaA(^C)xi=$Sy68C?>ATC8Xn-C3M4X}eoyTTY<=$fFq{!`V
zBTnwyIwhs^k}<O(D&`rkWn?hHjK(-e$(NxdZI*ft7c9;gf@p3<LhTAJjv|t)UNMfZ
z?U#zLjfN&g;Li)B$<6m7^gA{DV<ioHOMw-r-a}1un@Y!!GPnAD#J*SGJug<(d{NAk
zCr_a&1yoS#acvwz!tN#8d9wG-N(LNcRG!(^2Jhx{L~f*~fy)VgfB7WDnH9<|BGN66
z1bJahTM&U=<i2fJWH;3k{`{Q537CR{d1~3D3<;gv(rCxU@bZzHOi$hcO_Td(?Jz3U
zt2%41<<|IX`tQDtR%Snj?{%k%Ph2P46ha;c)xJobn*7T;g(f&%4`n>wj|vN^G5$>K
z0;R8RWd}f4od#89W-{$a?nYQBW0n8mBx0^7qwOKzDs?_oW^`KAE&`PlDNYWCp!$c;
zLKaX=j-2-yjHT^cHLiSn^|a10MI9AntrrC4QZY^B*XH(1Ic|>G8>i5|N?@4qWX{p`
z^P4bEliVUZ4-jk#>MgYg{I|r|Mxd@ax=Lyh)0Eb}UoRx@x@&lJF_w{{P)hlN{Oj9p
zg5HRaXZYVPYDMp;+&uE!;x*Xs?n#LdS?v0}{EVnxdojGDc4=GkZV#sZ`hrp$-pjHK
zVg$`621SG|0)1<|3u=!$3Lhvgv}0Sje(hBt*Em_z3re^$LOtG^I1`0Xx?kq{l_guz
z+KJ+VdS6H(=UlIt#aP03fNqT{G;Ot7EQrrAr@nI(!OF?J7a^U~=<pS*G070v9f^A}
zbyMb?ob;Do_RqBoRWo#&?dQco1}9UamzxSQ0NO_7ewK>D+DcoNDV6EzxQqC-Pq{){
z>b5uPVHpI*OKzfc^D;v8cV3`94u0Wg$7BA{@}bK8x0c9io*PeS*!>@+@g}U6Shq#R
zwOIvnzv!(6^50YIWx5KmEWq?vn*C?aIhYfm3&o+HydLuE#J&Nt;+~I9h-v-bLt);!
z3h`X*qkZ|w?@=Po=u7q3y>*TI9MO8W-QQ4)Usk~g^I8|S2ShneZ5Nf~;N8}@<sMl;
zJaXqr2?-gjZdU~Pzh8}2wqiJ)$gJ+MLM_j66}r9xI`Me-_7T7)_;DjY7J2MU3oY6W
zynlmp?Y2w@=)_&vQn@eHA1a8i{78HdQ(3@Cr>J+jh_1NzGzquqW_e|cR7`W0$O37o
zjT)}>g;e~X63dMOd-d8fJakSE)VZ%=Bn~X1dePX^`v(|HF1I?ocQjY3UXH4>gj6{^
z{D0be^LVJc_;Iv6gj7f+*(y(D%Q7J*OQ|G6sgSi~B>TRPrI2iu$XHuRw(L9Ei$Nj#
z%!G_(Fm_{^nR`Cd^6-4W_x|qR_dfm6%d0-ld7t;bob!I4y?yvGR{(jrufF0tS3-YO
zTHD0*orI1Dz`Iwl`1}o2+POT6hX;2T>X!W}?uyx$Ps`>bS`X!eaZ50uCbT@{Z#dII
zIzuB?ObUiTOM)_sRclW0<S(`8CG=wK3|ambzN_8DGP}y{I+5$~Ub_A4y|)Go@FhLA
zo%;}iBQAns2$4x2)IQKRR9&^?-UGU@uob^w>DE)8dFyedP-|Db0W9J(QJuqi;Id`M
z=~3`P<=$<Rzx5b?`pys8zAU_;xJY#25^#Q5rR&MAPoAAS1B&<ycrBT<ln+_^5g=8r
zAWVil=^Um1d6R)AZjI1$nFFKUhW5Owmj>wtRJ^r6>=<>T$@L2%IxoI1*bAi#Rx-`1
zk<@_?6Elhy=Z-Qx(^NSiZA$tsF!erutt53qGulq16Uxeb2Q9eUJKS~4jCAWg>W7WI
zRt7W<J&(mrf@heZ)_2nhRB879(Q>yxg?VKPT^>Bu?>$^3t_S+41FmqSn=#O7_s@%U
ztkpa%lgsug%AW&qM{49;=;yyhz)7l=3=k3EPR1LIs=-WZzp&Mx!dGm?JNL;e9K?gu
zigW$XL}_k*KpXv{*f@m^p^!g(H<{k&)`dX8yZJ>E)}V9iq9);)0Q7i!|K^+LpF!oZ
z?tcYL>)F?wOp8VLaX5ufTT_f)`tRA*=;C}`6li1Kz0X4Mc?0_PfC#s3{k7Cx<(9aN
z2a=uc^{+)ii|pH$P!IP%CHuQan~tD0e{_%b)9`%wf=YYf4C^hy3lB>MK|H!o39(ZM
z$_`hiEvJEqfIOstH-a+wSN@zexZ)jX<zFB1x>Cq)z{!GU5!r;kpW{;e>z+s_=nc?%
zi&!C>9H-B8=i+x~{@!j#n@78Swt*hN3jfasus?78{O|N&f;pb3?*;`RAd5>ASrgX(
z?)31h>oe$NvGg|dP>3Wjxv_+w=zjtTAAT;FRK}(PC2Wn??kP`#mO`xWM?S#-S`7Y7
zm4R+D{13Ej11Je9QDBc-tVO>9%>?gCf`(@4J*gR@wP3`Rx)XHGDD`(4B>dp~D?Wlc
zhg{@xa*1tA%+DfpBFMNVvg9ruk(>xZ1@-KUkTKJbNmuffwYbcVxZ0ulSP!sd-k;(@
z{bSB0eeL)X$AXo5Tf^+1LB}w7n>%duFpG6N6sC8j6{qG1*J^sDjx<BBLQv2dHa{Td
zklAw!@v2Cy=ck|w0Q<rPDn_nH{GpU)+2S{37ssts{%cK7ETO%jhVg&i2Y)>msTzm+
zl+{xB6Z~)he)vvD*Q4Nf8#I&FtS8HkqTdKAv~2+G9&7x6;0J$6j<K^gzJLZGeWX+=
z;|tE*0prz+1iHFK?6;v~S2gJZa~y^nzhXIxZA+zTHs>K2s21vcq(}*z9Ryn1_Log{
z9{`DIiZO>Otx(gEUw3+bjF{uWGc6fb&rjV&Rx9A0-okx;ALVYeLH(*LG}HBV)k2cJ
z<&_*ekVu%g@Nk62tdd_LmC*Sr$9uIKF9mOfQL8*7<d@Lat-geAJ>4hFIwDZsOi)FR
zZ{Zl=AueM-E$G?~RFkE7f`SrZT%o+Gs@wyqzO@{D_DIS?*zMND^F~RNlYgnk%~?U0
zt${v?4ge@zyMg>7*x4FBaUUO?a6=77h1{`7<aAwp6LNXrEj|oa_Oi6Sahyrh>lWh5
zEh*i@+=t>VYj%TY@!NU+-#v?$uYA{|KJ`x5m`oLwFDy2dDEbvvlL76bW2cr`6U?#R
zivl*OjC`)8;9+I3VeQm<_~q7sb-O+>60088LTNt8Pj;p6Aa8)W1X`>fv;*-%*I$Az
z`gwz<2EQA-K|R~?i?2+Ca$jq?E>UxSbYYQ|KO2dFdUhB%?ajP)oVV`6Jg4kA@PZQ6
zm!BG^U1e_xb6(r$?000af*=qEE+gv46djE|E(fu+=BpW{sjKXW;3Mg>M*&M0hHfJ7
zsCjU@W^QuQ2{5IQSHtP2Tzdg|Rv*x^KXunSzsFA|H8~0lB0AT4qR*+53m<!IC4QaA
zZ+AVq=mrP;=MGbR*wsm(h8Kj%cL4*5uz}#<Ppga9Cc_`%CW7`_{c<P20p?R5*g^De
zS;n)oCfUNK|3<$NcXb*I22y~&L*WM)H6Z-Cn)&ncBmT}Ab`J2wdSs6?7@wK|-miBJ
zdW=LMzzA#^@0rpx&tZ<0aM$hJ?o{$h0_aJG7BedOVgw$d<Ch1X?~A<xKP0~o*`1#(
zGwi7_+wMnc*#NI|Px^s}^XS4JN*(A`T+~nsM^!F+J?isWXiXSvoa{eM`q&5_uN!4{
zyCfSxjpKo<=!qfhVTpcLm7?qY967h|XQnIqsedxVQkvyQS3-B+`aGnZMGwF%HKn|X
zrJ;Sd2ITQIhUk;$gIaet+`AB#UD>qpL$BCc?ocwR_sGIH?^r@sal92C9e>ZxIIq#j
z8zZvN(h?hQXjkptE6?4QfVeZ4=Qiz!9;<S^Uurq3kPp0;R^8>^Pg4aLBbe{~GtMJf
z)@X?n2KSJrq@cO`lcW!f;7LAmTD5hsPj~udd!n;%XA?T!n`%y(ecmk}QZaP|QFDR2
zH}5PJyxbp^m5o|JI)$wcRNv@#@m55d1DNorh!9!HV)4ozqpDfE1>k2*>ebj)kIN?{
zOg~Z(O+<EAqbFrn25hM*if))MQ{?)~HeER<%Il2Q#^B^Sw*hI1jwyXfzl$|K#<#vL
z5EJwgG#(Y?F4jpOm!g9b`^VghryfBUM%4d!vb5IUyPUnQur@@FL@8sTiMDbpgZa1h
zo%vn6p5Wg^V=Ys)Y)>C7p@$mhwu07qh#)S`F)B3R0gr|$n<Luo2ESmWLgm3*2`>Bt
z4(#ZwU@{o$WEp>dk5}o^cfM{JqcfA>j<J-sXR~hWWjV~9g;mf;-wZTVu&A3CgC9*>
zKC#{}%u4f?1%<XNvP??o-NIjqO0<lWU%Yi=UufYMMbT~)D-z!?%P-Dtd#bf!{gYZ;
z>jBNEq}xG>{6;Pbt7|LV?MF_0l{IXYPUBg*SiVlcVXkCmo@}_w@K*ovskym)ss*e1
z!_^Jps7J@F!{8gneljgHW$lf=ORuA3J5yzDw0rik``Kx%6n479bW?Z59c$^1=O+)l
zEi{vh^K?`C_wI)mALx96MNWRZ@G6QW#glphahGzk+<Qt`Pfah_Yg&WPCVB1$gKR{$
zF5OdpH*xwG#XQo|3j{kO3#Hj~>xkYlHc0b-e#w91I%rn>{!^5W9T427o2=dZqSQz+
z5p=)QfyM&IK@AOz92@qxstP5}YAr;%^MEE_U~aeda$lMS`|E|}-Vw(ON1GWqeR5DI
zPHQuQPV4*e6$@1ZngWDFF~VWI%9KZ<C*;7}d^g$lCmTazhDGSpBV6q#^-RTGadA<;
zQ?Cv5Ti$`p?<*BriZ9^vIp8?0wOonwoF9>uw)bg}ZN(pdZ#83tOfk5wAMmOF+ySwj
z#kkyVp4H@xspXB*PIQ`ff8S2-M_=ScceXr_$siU72Eo;uPMDSqCVJtO3#{%-pi54X
zvBh?k;(CEi1?fS~ag4QUVKL9{$O{CFX0lG-OFeM=QMGh#^Ku<GP7yTWRo3&wIQHBW
z(1`7WrJZCoo==0fa+$8_Ir~-AqN7;|FXZ?tF2j@!c4Kt(n>7;@?(*H#r!OT`uP)2r
z#f8N0rDiz&1+n|}<?8oP5v+_Ma2_~&r)=E+Jn1%(n5^3W=#UHOONL*^Re#hnb(;3=
zHn2p2uE-b5;qEg$3!wi52F&c}nZbcU(?N0b$6@A;n$Bwz{4fcRnkt0DhdC92CqHtd
zFc=G6P5ZJ|G^+DM{Az;)(h9r?ACp@+4W3b;qmviw5&h*eWi39S!L{sOuRW({w{a7D
zt{;uek9*?U4&H+rEr6!~pHty;_3jBHk?<mv-ZyS0klEcfN(+EM@U|%Su6pnRmtsh=
zYk#)e=uxRBuAkt_J`o0`?`34hJR5di)D}-AT|8X6S|oEIDfWH$({DTXnrm&0--eSv
zUD!vxi@GPSH(krz@aSTXNpZ(aFnE=M>Qq{1U3hN2Q)B+<r$?i8#NMwqlo!FrA|;sm
z=o^$xDW6^^1YQy1hgIsMk83l7HX>hJ@f$3Low0l1-;dxY8oExnZ}<xs9*`ShM}Sfr
zx{twG$b?LKUYwBQvvR>Ol7f=*{qW&<|4XaT#Z`N(84@|yfuDOXOR28(-d;Q<GX7T;
z9<Qh_SUR*{`iKtS*`qh!F9i+%m6>&Qzvx4T%)rxCH{Pn;&Z0vy(KEc&v3aS|AaeM&
zC~}^SrFZYF=#EJi1@j$8AE=!@dv@=99O|^7OO9_o5o3vQ<#Wd;=66@FyH^qK5W$#p
z?<}&RQ0dr4e!IebR>ZQLJNhIkBg4D@$T$|~K9ZY}asX=_CrX%fZ!ws3aTRZ2W<oUg
zSsH5n6>Id?D5=0kAWo`D^JM14eJ|yyhc8=9HyYIXCI99nG%3!QJ^+mqd~N3lCM*53
z(aNhi-5K?(Mj+=?vRrE7vC<5vJ2)FGSCNY;TkMD`aIdeA0Fztb-NbrNFdX3ka+a~@
zY<xLu%ZWAL=|Gff$etj6^4F#iR^;r{<+w3LV(AcQ@Swg-x*8-C;V%5w^xnfN{vSWk
z4|~^;GR5OOH&$?R^{ZEh0oTmzRQCLell9fKJEI;f(l$4r=U2RZ{Y{A|_B=;j^x_<m
zx^zFG)UsQtzVYLjyacxA#sniQw>8E4Yn8*uWouK#$u@RBN8vVA4t}YU)zC4DYjK8g
z8$8bQvprH|YW+v6fNgy_;<kT>;)ya3su#&ctOl(cpRyWxOV7t=rdjm}a=(c0U_NRD
zFXuNpG@W!N#ddPzY^s(Q`c*L_KY9uzz+Rb}gDH!Wx_#qswrga2mnvBGU63@7MBUZz
zWLz@peZoBkI(kIKmzp47VO+nS=M3hoCh0kSlZ~mQEZH-)`_3%%&!6xw1<jZ0`YdxQ
zg&(=s`)rK(Mela)h<@t}`sPsIOmtT7gxXjPya&x?I}_xsO}@3MMe`Xtm8Z^~n0R4J
zN6*A|FjB=w;$TW415BcH_9Y>@w~AQT6D&ur8B5!9Nf})_%o5VSs^`RrS?3c9?x`3b
zn$9Nae$z&_-7M)~1wo6XqgLD^J2Bp~C4=&HO)s`%^%kBBeX?%vntR>i`h5R$ALED4
z6ZK7g6pUzXh_ah+ITGNifm2cJ^f;xwr)?FFPvkd-TN-{@Z{qe_;t%fBhF4X3Po((`
z*?W68XYNFxrF8KzdTJSgD22vbm7G=|^QvAKKh21aji86M=Hla4ZA3k&>pA3<CwyZa
zdYvC$uY2kAKdD~JsJ>TqZ!yVsjw5-NGz+g@z;%cS49sO*oa20oT`t10f;sPgcUQ<W
zM2eONz+3_OTdMtfQDKg_;#{cm0pxly?xfRHNd(f=Jc(48VVzT1ltn3NB0G32B>1_f
z`dbdJa$Y|XXYed@0b)dzEV{W$GoS7Q=#A%L)hFsr)gMKjV%1D!Mf8u1r7XRejbK%N
zopr!ZUYL^CQKBYSV>d|cN}&!c_k<ysL2Rl%)bhr6u6IVNMGqy&03)Z2QnHHuPE=6a
zd#bJi{?g<uaq&$oO6;n(YHD+?Hf!X8E%+$f7CSQ|M7VQLntgVa&=V3TFv9S0eaY_V
zdWWHnh3X<-W*1X|$!fk~A8DdT6TH?NyC6g`y)sFRA{a|T9cy44q$uTdjPFoTyS3kh
za8|;A)_oK*=^z?v$ecc7hw4?U(e!(h$pOh4+aFnTcGkNj_jRhBGEZgc!F*U1Ri7YL
z%&&4jsI*KOJkVrn<TbXQqn?pzPwj50R!S`Mw%v;fqjsj%3hf!>3Fbpryj_)fcPhZq
zr~ZpY|48h8_h8G7^(gI(qFHhvmpfW)<NOWBzXDOsJA`)YJ7HSBskg`mayg^V)x|5l
zTd9jQ`rZ+-Dx@?QIxCKwx1GkblE1J9;Xt1w>z)z)>L14>c2_T3OAy}|wJfyz>Gzhe
z4B~I*+!bW0st_jxg3eQ`IwUadBA`eNNgfBYXO=$Yj>xY0MvVD^j$B+wyd_fB2kJw`
zT1pyzE^C_L)mBm$7SnSQ+rV~G(|_A`y8C+{5?P1yi_8SuUhW;c8XCp9aRGLQXxSq;
zo^<jQx%?u9MAi!_u3UJZ`)%F5$i=x}mtx!mPHG|3bnP6ex%Kq|A-qAXLKPDDT8Wxh
ztt^N~^Y(V9ck9dcJp8<ZABT$%Fagfz*loS`0?P^q3<0&mN>F!8`BFu{=8UcYO^6Iw
zE%@dhsy#5JjB-9uQ=Ggq)TP^l^qt7ECs)pb9wPaQ*(`|ciuvYQFm19x+#7Aq#|w?D
zDk5}Jo)8EY&v}_}v%7I6$nkO<IeT_o&98mUZMP`Ut-JZwfCIFh4sLq5iZi^uKM+O1
zNRV?TH4i<p+#q=lN#UxNt<UpYBOBLZT61I~yep<<a9`RuIB<OK3nfzpX87|tlshF;
zMEkyTvz^Lr)w9}st~o^;Pc^D}OjcqGb7q=CqetkQ=jJBmd<8ceOmSbbdnl|m;c&z~
zzlalgeu1d-lY9-Oo&Lw%A3;Xv?>H;1+mWbgxh81xO~LGPG4;&)UJo*XszC}(@wjx#
z>Bq%WV~LeVC`PV{^(zw8dGpqGL=I+hpz?-Oji!%cqFaA|&VhO_#yuOxC7_2{53jTv
ziUo0d6!<2JL(JM9x4n%vEYhQpiyb<38;Y19CWHdB22DXe`mG>2mB;}@2~`xd+d(Dw
z>kBMrs>@b613RSFlJRNzDN8@riyMkD*o~*1L4MIUtcs}<?pV>&OU%|p%RLykzfTvg
zHl&eynQPFZ$hi#%tbAHQ&q4q`Et6`!5Zyg7l9u9OLK4E|9xz+Fk0M#?&grEMk35p#
zu@Tgcbidt2WkbiAr&9DLhP{r*86-|$Ns<SWA@mtY##&9dJYuraTrl|1b0a5pkKVfO
z8N@{6Iv5+TPs%3VEN3~^UAi&fqH1IUI%f}6Ebx7~5$0U6fhATJ!rvHUK~tL}I~4p#
zA;i1I<#5Ds<9SZ9kH@sNX-};3ggRBa{(}(ZhZ}Y7YZUTiy{W?*mguW#c=|+KDBN^8
z4|GoxTpunnsc;_qi{Hbvx6*r>+Ex(6Ks^#C{4mD~!r<|vY&e!iOWPXseWKqzkBRf#
zL}!yF!<0SGDXkF#7c3KzXGytDSh)&9dp7f&WzL9%VCBSqQ+_Q4$G2H4SXQL)MjJo!
z){nSOZN;k9^Qk$;)c9*u&J;X5dSluCq-l+U)wFL%3H-+GkOMNS#PjVQI;1A5gDu^U
zK?#ip-*(^rzYH^aqmYuFRN<)-39LHDN?KHi(rm$O63*v_2Z7&|YY(5o(;1Vs<?r`V
z<W^o-#M<O!KULG%z`&dA{#ULj@|^}>Y2KSlF$-r>eG7O4%~JF9&K&yiqwF~_L$>rl
z<%R~!`05ZtcysNg96Uip&sVjYP@V1zTN+}edX~)Ah7D&ggNZ;Dr#FDk)GX!#oyqbC
z;E3Bb)HPFnCfr&UuD^=C9JKPO1Ea<QXP-oEG<ac<lFpzYb#nWcRYDUIx8iH+v7GOB
z;xwp{?CddezU<Lrh&_ZQHB$Te*1<dh37_?1W$DHBc;vK5Rpao3T8y@(@~E)(9(#{E
zLeId7(yN^w&t1OAZU;2krS@B}Pti$il!iRWA;)+2FpdcLxvG+s{XA7qd5|uWV$~A4
z_!d5S7j0Kfe6T!G{Xv#_dd0`kxd$EHJrf_wh@5<6SQirSFr?9g<Kye5->E#SxMIR;
zH;j>1CKHvgM&1j)sd%X<GnyAPWMY}rn@lWAZB<@N(F;+NIntPnAA6g!(m}TM+-Q0g
zh{~xp(<U|ek-smwE&I;nXVab=anIy>-F9Z|;2N^#&l}<r1+r0sp(^MPVpq}=3>Px0
zT?|X8rD+e;<nUuy#hQ6bB|piHVbNyXbr{JEks^;6wsw8TTBB(pkg`LpbY^t&jRiL(
zF0XD~=I>g+)r76|R!yW@4341MeJ+reO#RNE8hTKef(l;(<7+LZ^WlO!;By(5F#=lq
zc>IEdmDXxB2Pq#JDPqu^B))Y1mh~u7=OA@Xxk@3?6OZD!kMcl+kiH9TzmP<T-d#O;
zoq7axC$wG|SZptyT8eM<?(4}`r0JDZnqHCF0h^nNHC+!1DSTO5^3|%0k20%WeUQ?W
z;^SC(31s>RL7y*eyzk7ZTAqI*uMc?s^r+f$upec7{qL+STS`rN&Q9Xpz<84WHA#+k
zfEwLFE&e&{OLI3z1a>2C+;9uxR2;Le?b*0rD9_YsUOqie8K90V4Egex6^V)z?Sr&R
zZ&*%XFavD=uCvuFRv$ZXJy~M_PXaZX&M$ysL778kTPDlI-2Odd3D`x$X<ktf^0Cx`
zK7m7a4^=DRqgLA9H#uHqlIxe&A`!=s#=^*;@%=fZC8VQsQ>$DEXyCaz-Se1l^%L=~
z-&r^%aVcu!)5wKMUocN?SM{PsyZubjDsHIXT8_fh1iyovOhev#(~30hgd@tLks!gl
z6NKi<rmS(mW|Qxhd=F$P!<>%|L>-+vbPU+3fWV)g*Fm(4So_BFu^@YDlVuieVsA?n
z&+5IBqEdm;Z}w|0F#hJ3*^_J1SgQs5czNA6g@t;zr#L&cU3Vxm^M?JQ0mPD#?CcWb
zwnOMeKdDJ|>T*sGu_RO|6nDsTD8E|JX!d(&cRR0Yc$BG|F8t-pOT1kQ=~TBFKB(Pp
zMzCys=DCa0kAvCu@?KR#LzbDQ-cza@F>mFlUt@+w{M>atFb$?Xl#|Qr)QvK>C~f|^
zw%0=BS*%0<%t%i=JK@}l2j|tqay*M3zZR=#o;Va`J>fJt7O@i{!u2ql8_*?Y<vEBF
z43we&GImEVHsw`=P`o%qG@E1t3!U*CdK0ZRNo>w;g4-*BZjv&7`ovveHly2uZ&%?5
zAwy5iTf3}olbk?H)!;?%O!GZ`2O0uVwo;l3>X5B>-uIBmFp`fqOD!M7r15a_&HL*P
z97c#LkNOb3llRRyM{(2%DLY#~tU*ij&Do_aEGKsqt*o?a`!<=qsTZI$cTA-5^D8;_
zwF+$SxUsgk-SMWgqMoVuDW8d!V*AlAZ@c!ROUx0%5(SsI+0oZzC9OU_C75Ju-7I1U
zJScc*?M1TpvFSnSkxJ*L?ihB+qc))_scAO!j~tbWFAR{L<(jXC+`<dWTirrc{x0X7
zH%W$w3ip}bGHFP@KC#rV1kMS^eO^DFWvU`M5{X(feH%u2X@+ntQgg)vhdJqQ;4pJD
zBjTfh3?$1VoXp?bRM7>ZR=pIsAtl)*0okoIvs6lMM_q+K<Z-X+HA-G$fW=%llfJuc
z8_Y%h+?i_;&c7|e(tY5fmY55!DD;1}2t*~FF3XMpn5B23@#jv2lR|UR{g1zFOsh&(
z_Ka1CXcE;?Z$sz#X(tQy7(~ZdYtvg-o9CQt=x6-*pYXle-twufT+Ye0BQFBl|4A$3
z(x9l-SS%MY30{;P4y``_YxQ}hO9ak?K9c$EJg}weOPoEbHRxfRs7W+HG+h1vjA-o|
zO{|&~nGW)^yQm_@Myw35uzbb$u(a(OGk-(z=|#!T#Cje;h0m3-Zud}Th_uK|!cj;9
z9e=^l$Sj;=tO9wp{id(Orc%rhPs-FBXCP!B{T-b+Hfhed7DTtu!{DAS#xzX-pv4vY
z&_7(B*)nd2+`ytbg3A@(eQ2>u%g5Ujfa>o2@ke#PWSuP4>u3{)Vd3sJ##|7oelS2u
z0I-1Xvu=sQkbsbLIvSRAB=b)VyjFk+qy<Hczf85#yD<}Wcrn_8IGF2d0eI!`V@`<q
zbtR)$uH38!l;-{4F(|tieNsrO3D^&(oVQ6g1>^eC1qfx}_f^aiY1%vx<#@K)8c+{#
z)N;@G(RHCXgEuo*65)Vd(?0$7)dr=ay?Lj9NY|jX_>6llK+-24Kr)e3Vt~o>S`3^q
zo2@}p@R2CQiyL|?1$BjadD7B0<-;LmKc0wcynkRY`KGDYq{`n6v5My~)C7r{(SH&%
zi)R#9F7=mMG<uIkW{C<w#Hj$F^(q4G7Ri><?n4>1HJ~uPrJrPfICN$gLJQctWv=3K
zOT|hf8|~$3keRq0L{KURF3y}fSbF6T?|q$RF(sXaJni0ccl%Qm(ui|rv)jXuN$yxK
zD9UgE0}z71%w+cvqnH*TzTi~R3}rfkC(6z6wa<MO23=a7d}i#|ctIDSn8wR#vZ}$#
z;{mbCPLoFsWryR0FQnL?0(dHfc6?%%D*yS*SX?PS-nw?EE~Kt<#x>`I_sR@UMjr1`
zhuQBn4%3A_!C;()JQ!}a(sx8}R2rg#|HnH3lOMbrsp{-?D4fU0Se-?R(#cg7Z{}-<
zXFo6|?>*twNbWZiq-b}6;I@RP*&L_jjNWCD>D&W!MfyH54RB~Z2n3`g2i4oHhJm#;
z>7JwoG#RxP47od~1)nZ(i1HpZm+VojXCZ^W**tcoqp=Qnlw~j&=VJblJ{tvz<&NWD
zDmlZ6+rjChlxM+&Fy(Sb|3fD{%b7R6o44&!-lznw5~6JNdhh{seY-7)+U;_%tBZP)
zF#e{}q_^v@6(%11lN92j=6t=bXZ$U1O`-FRUe7YN$2UUQq(Ocxv6JG6!|J_Rf!J8Z
z%q@U~l&oS5H^oH~eU<#aWeuIrS*@KC(ur0%62PgrKIl;GtYwQUZ^(JwWQMr-QuB^n
zljciK(_^jwwlhDoQElMeZ8l3W)+?hNq41cuWNIc>eyK~h4vbK1=k*9W5eglZDIACo
z;|Por^@vnKULF8>Yosfwh3f9Gab}tAxEM%%;CPeg>htSDg_3*Q82YFpx<lFGg{!3N
zf*{t9sd(Q=54*lwEzSzRaq>av^T)K*4&`OL6i39GduyU=x53b2r*>2WAN<^Re1iR+
z9#cPGZ<(3cz9aW1X=FFkpfi@_z%ja+T0U}bt@xqr=h*4pAfBXeK?m9ayEjzKTF#Us
zi#2yyl$BcqyF(IuU{QMDK-zv_i8Oy(qHb0Ya_7H1IK~(1e!V`#0a0gBp0lKiIu)Xm
zsPXAO?WnshzwlP>Wq@IfVf+<~!L!RNan^{tIU&;ymD)a2sG;&|3)dfZs3UC>98LFd
zG%2<Mf$MB@k{>?<Y(Y*j73SurBSf=3v=Be~rW?ohrg_qKB`r3BP=W5->0Dl%L*ra{
zfT2&^th;x3f(b3pISh1UEorJ2<<aD@ajDZ=$-|cv&5Erk2~I+NJivhbUarj=MV`s;
z*8xQ*t-H7=)+IaCMaxK(c$L4KzAJEn|BBz@0y_nh;g-XcgI^MznuQ5gzB30cT$x;`
zE5t7^RS5x_Qz*E_<U#&QNRk8c=;jn}t%OH!YpPC|^8_7QgIN8hQfG10ML|<*5%{_L
z_KL{!6U<Z_ZI3RwX=X4+vtzA7+OY#ylH<K+cQX%6m3!_hVLv+DYai|s5U`NnG9D_A
zkkx3U-rq+oddNZNZDSg6>Z^SPL70+qfEBXhfTe9`YDiegDt>TuQdL@#Jy9d1&Re2X
zc%v1E34ZjkgMrVHqCT`<ZLNK33@cPj#FW7;)~f4I7L;0)op}g?f51P<ZhgLQGcb24
zPn<u;xGt5Cin*4R#g5X`!$zm_#esp#z6uN^jsDTPgU7?{ukPVHeQ*!I(qPrCP<yk}
zllvd~m5lJuLHcG2TWNS$m#8yAvpoCuj$=6+EtC@{kQd<CGYbt8nC=I#klN9daz!I&
z%oB%}n(}zK)lOIaeE8MF$Q|;wE0;>z6{A>Km5BAT4;QqVS1MQfd8OwnjeN8@(>TUM
zq}gx3I}->;xc#W!0W*DOh5!$Ou1!%MYk{hT(9g6G>~n|GPwe=A)Y><W<!)Sg;HVfZ
zje+feVY~)$-zIp<%*$;x=nUD%8ATlxv8(JUQvMSmQW!Tqp`x$KZlbm`56XbbVSeqg
z*mF2e-m5%_N4|x>_O~5DpWV@{&J5{O!1OUJE=1OmJQlNIX|P4!0H?%TZ>s*P#ROKC
zeZ1-s$8#x%iJ9<;SYxx!ASsMff)RGGd?FH68f}-s0kjHt_6+Oz8#^fU!ti$!a_j?9
z_*;=E^;gS~lLrZvTdK+mpVWzROP`cp#qvClC2|>Dx9+;Q>I)YAwU!brgOsrjN6VUP
z?APM>0m&xK*4O!@DrUq1`--;*%9I~Q?`fu4R?P)mg#*ynNiLVxX|{m2_B)jorQGUp
z0%pA-`?Lwt&o{)WB=Z=POMr&WdqX0lG<n{Ry0`4QE64gWKT~T{(TB2o^SJkn_s%47
zpv9P$?`p$a`0D^(GS^kT$xHY+`Tkr79!TjyyeY)Ih?8(5VDie_T*^g@|NgK);H1q&
zQMtuwJwIR3F>JbPt5m+Onp+WJFB*+6D7cxwA%*^(%oMYoJ$a6X04BEH9dr}xjlH8r
zeX=F{j5Cc6b5{Lm7O4(@>jJzvja%78>_C83VJ-X(5Q#uKEc+`DEM|AX%r6?zi?Ch9
zsowZ<%(ypzt~PGs{=G=l#07Y1FtFoalSZS=f3vr4-(do1jYb2Xwzn7EOx(n+T@Kel
zDdGhr3ICKL5?|6h>0eZ0>N;u`iMn~=m8LR1%wn*q2vR4H{+Ou$@$vWn{o`Lwq`W%K
z@%qUCAV(wt)}A-l$zu#eJzYZ;fy|%oF}O9-Yw)6Eeg-q*gvZ^PYt4VC3jOfngFhUx
zlT~F1&j1TzJZ!79Tfc+s2><2Nn*%2+`Wnr*`gPWTd2mu;<sHYofv=ICVg-CM>FY&2
zXwvo6#8+DndIZ3((D?G21U>BSkEQ}R)vPf`I^yLGTJHDvaw7B_BD(wQbTT;tQMVUY
zgU9%xr78-pZbB|o*T0r3e{7a&)xrZa|F|E@sMAc!&$GyHJ`0i^N>W_482E=yOl<Ge
z%y5*yUam@EK9rTEO?NdnH(wlcYhZQ#ET9*AjXA$dJu0`-XL}8LzE!B`6o8or#!)l<
z_dmP%tK8b|jNZrRUkmch0CW8t8&JgZrm^U^s6*T7MElDl?j4F4T{$nA@3Rmpegd%D
z&67>&b8hf0-)Vm2fi;Y0+|`%VZIHBaxlMyv)+g(?Sks6kyWJh#C401GI?4=Diq$nt
z@Pk~w^l_2jj7$6K1=w=uu-=yfv(&&d<L<X8(DB!*y0`3?0O);>`^o6Cnq<BaF+EEh
zf=i|eea&k>w8(E{>YM{`o$t-Cx+baHs*~w@hX$7j_Z`fUKi`1hQX4|%Exr6ofJ<?Z
z>6@6|ed|vkHsxr=J1`0&&QTEDGA=-V0gTS(rw8zBs~BeB<L7NRaB`=IY3xYp9;D$?
z6IPt^o2U>##~48Q>T0#mKp^05$&UL$^svh;AdJ0Lbmlj_0H}a_^x(5roqZDz%~F}x
zNf$Vwm>5w}thkx}$Hf6#b_nPc`POI}P%me-Lzw`y;2nm|AHBN>PQQQmg@9}(#LgGm
z_nc^`6!aWW+q_=~Bnpaj76Y8<XG^%QwX=b!)cwwAn^!kBp=eux2n1Gx<UYa!v($sW
zRYT{Y5d5>DD3o>itwU6H(?OcEJU%iL#Ixo3AXw?hGM-a4p8phc?0T)3Ylpdw1PH)s
ztkgyW`JBU6M$!i$2Qj{ISO`Sb{`FW^nZ~;5xwQJ^Z@PB<4HQKD1@l#3cC;AI=XMwi
z2;2{}O2M9Bv^EReJ`P|Yq}D_Z9Y9}`+Qprue-7fe-KN%CkaYPYFRU=)lhe9DoI&<V
zS2vy?!na7-&dpyPKMuAGB<(*b9+z&$wq_hhW8JD8*UkHN2?C<@U$|3B25|Lw-?N6`
zx&h#dF=5#J-9B~z7yI(PL%`#N?X%`JpuyF=!@zwr?|$LvEvBmUezVB|xYW?Qal^}7
zwRgXA*Rd!ggR959jczu%d2X-KT$MUFQA6Xm@NEOXF$D3YiUl1$F5N~Yc96FQ{j?@c
zMvjKdPV}_UW|FA`HSnxU0#{^~x^Xak(d<Z#W@n&0;zFG5COJ}haR__{fIY8pG)}ly
zsp>0@{9Hs^*59;;nBWpiiFxWG(=%I8%kK8mCD4Q=pV?sh=8r`7g43VBf8~W}Ac}50
zIzEwxN_FfX7l5V(3V?uLic;xYW`J3c<qE4HUD?0`OL(_`3s^fLu%vc1D1Z_Jh#5U-
z@;%>uX^XPB|FMe9Seu<H0Nrhv$;`|Qcd`B>-jW(giw6f<K%7ovrJwT6KDd>U4gipc
zwjUp?FiV}?_NJ94ZJPIN68>;L_(29z0;ym1k*4&p7P*w(VMvh9JEJx46i09Vt^pFH
z@Tx~3%X)oR-36foH2JRUIkXu`_c$DyG;Ia)1}RL4Sb}0<;VM+jMLo)<+x*qeonXtu
zNQTQS2$6#ikeoEuO(j|<ZQiet84#t2-N4Qdz_paz-w(lc9l-TgFJSX`=OMTrRK{Om
zfPLH5a8r#2S8CpwZr;tjyGXx0t<2^oGXUYTBPJ#Wi)H&`cRuqy@6I(gQIXU|?z-S5
zN#i$xkFuM&S_cKxy9oE=W9~q6-<h>)ZKbJ!lg{f~NOl#dfn!T8#o~~a7Esg&o<aeT
zKz0Q8W~qF40etpt*ZC)rOo&GxqU>F0<ZtvIQ2j?IZ43Cff};tG&DpK$?GbePuV(wk
zADN|YTYDo2EI7~tPm6sw@Aq%5D*;&@Nbla;s&~%<u&(b?&D8>6eI4UAp~-he;Z|?p
z@CSQpz=w>9Pm`0$MQ~A3Q2|W<AMr+C6;f<mo(EQk#!5f!3H??^3WDs3$F`kv5^=((
zw^=RFSU396fZ%5Fz6>b=tCO)f&Y!+O2_#6sU*zc9>J3Oi-oWdeSGQ_3_t$;+8cLJz
zzS+VpUQ<8)pp@>wL$PAzK-8$0wk;?*0Nb4UDr3`*PzoLo>V2kXIs;KVcf7;}(O7q4
z{pJ?6V+*WKy6w5x0sb1aQ)OCF5d_ya9+>XL^({(_9fIptPU@8!O&QhP?k6<3(rq5Q
zhHU0t#Q@)R)(6I|%MdPIEG*s@%RTsGck;HRQPDJhWBRarGgn^|1kBaE<IZOc(A-=;
zH=Tc~f!0Cf=C7XZ18P8>Ja5Z_XpXA6$a(;z0L1~9Jm}l8St{Q{>Rm?l${PWwEHT1u
zOe6msc6p2D`j>)Jq6tgF<E`rLD5Ty_9%Lv3TGwAG{qs*P@WYmW^M3!<x-_c;k{6*j
zx9HvXYyhlHJ}S+x5VX&Fwi%H!Oj84Xho|l-<Uwv_8{}3N{}J#1+{$05`p>QW&#nB=
zt^EI$TdA37j(^GO>u?IZ`IwIo*&Ow33ph%r7Rkf>oVVokN&bOa$Of@O_T0Dc|IVHt
z4Mg>Rzt87Fg&M$X+YD^+Hre#EKSE^=aEERG<=5r42A0f-*bGxO>tDAX7xp0RD(3JG
zJ$luL+DeIim)E=+z2G-Cds!+kDn9O(Lmo479sPC$d(0V+N-N}bYSLVFG(fNdpQ0=I
zWtJx+Ob+8>U9!+7&|3Z7yB1rylJt`C{bnQO|1pmqlyky{KqJSULWvGWr^t)C0|*9K
zOGnOY-WpBbkq_7~unr?D_JAE2|Bf#Y5(QTc`SY-m`!^d-kkWDJvq;&g7CE?IOMdjt
zGMD$?z_B~gG8JHkK=s3lWW*D>imOeL;Q35p76!S_I}~fUM~2YagK8_y$$_<=+VOsK
zCc*40o!sCTpNNU~83~B0L!b=P<uDxDRD5~)KFX1U6e&tvJ8kQy*PaI|wIHgonLMLx
z)>n`(d=Tux*HdnpXqnn)BS=+DN70kEm+Fc@rLjL2HQ*Ray}BQ(9M0ik)Hj&6z2AA^
z9U^3%x7Ao8wq!oLt$=K-*fLKC1@Rx!8Oi<@oo%URgA}AEXLJ1sE8l6JJ^WRbir@My
zaiW7Ge3pd-%I5HXJDml6)y62H4h)+dkVOLW2V=^6kmu!o?=kWJxQB9FsHt_?oM`b$
z<*EZwOPzi4x?6H*`mrh-p;O?BZ~pXHzF-KmWujw0$i7SIOoWJ#myp!P7<bpyY2u_o
z?9a0DWyNtuu>?1)@ncXDbzMN$tM1_~%kq`|s<{x88eR7npF=fN%Zq?lI&C4SzW>K3
z0&2DU^?YV#>}7lkQL`&Qmel>soyn^f!)_<cKF2hak(<O^*Os!LbASSNKL3CdsJx2c
zLFSiiCO8uoy$$Esl+;??cVtRw^qB+J(>n+zZ?yF+{wljHlvY+n>uL;HWdbyqn)v;E
zU=u`PfuS%n#P->kl&g}uL)+ehJZ0F=%MhVs5I0{w<t#bqst4USVi)=gTfQ>2yeGcs
zqw*F3F*`yxN6^qS@pN@gL-*gQ78Naz*Fm^*w1p$1&q(I8QQm8d#HBlUbod|Zf%2?k
zb}KEnb)0{EG9KzSWR)928{3}c9!r!u;-IBZOaA|s8@vFU&{`!ZRrZWM3pIr)fC^c>
zy<}#%kE?KOn(3KK#pY2?7FODp>Ct@V<>7!o!`JI?tlw%bc{DP)*fQc}2ggcr_@xVD
z&v1+-hT?1=<@=|AqSr0grEtf~BAb2aZ2{s;gAR3iwM#v?FN4RNOXS~^<ztr#8gra+
z!@Mx5(-VxxOQ(&T$>vV$=6zzWjl3B?rGRfoz1jzFD(igaJ!$86GZ~qbJ`lNNS50m!
zWDe+|tbf@E<ED-pGkY&5c5hr8m~o?f&!Kgy=Jd(Z?K)e6fn=3LW!i0^koX)C-ijr&
zl2yE6zrEOCQd2=n@vzHYp=6H@ue(o?w!#=b&g^heVi}AklzTwd0%(qOaDDsfjf2I?
z;>5tX84|@Ule@ZqA2CthhqRpi=-3~5gnmF@IgC_2(sqoax~z-!a>rpo%uLU;yQPt*
zo@GBJJK2I491GkC*Oln-x6lnrJ*+3B*Uf4^?723Oi(Cmeb$oQ>vQc9}ao@L@F!zp3
z-yvbUrt*6>3nl9pG;<iKN+e<cRY}%QFaCKzH7mt?ygKCfU&J#DhaN_e#2?tr#EnEn
zIe)V8u}J5SdvipytkNx;r02HyRk>+AIU>to(x$8E#!V3VdeJu)q_F6BydRl-GfF-z
znEaaMcG<$x%F4>yG4*2SCU=VklSpfC?DVP4Ui^Tz8P}O}Cr*W4wHm;<8MzU1O{gRn
z(=uhdm8ggTjJc6#vGNJa^v)dn%1ppCnbh8HOXj1Epnfp2T#$!6#Q~48Yswq+yzRMi
zabUbzd~-DY!I(iXh{w^?4m9oz?ZM#McwyOMma*0nS#q@G$IseVTG46oaX=0|zLvF7
z%vy=Xlu=m@!9fpeo7Q5r-nq6lF`V$Rz(D|mvvqIrP=r3#OB=w+eFF8g^`(v_$ELSS
zHa!A|<I*j~WS8#5`kMm@su-Aw&CRt_G<M?+9mP~-XBq-My$qg~5L}nGfU9%KtXs$2
zs8T<9hEUXLQPF5*P<`5Ud@^m6JZ&(!NHCND*E&F2z}#C><DFEtR(6G`#&cuF+n&Wa
zqG2t_zLF&**`RxU4E453VRQ5z_xxk-15UDeQ<gh9e0|*&{6f-+a`QFUHH+xx^`)|f
z<(AAIaR9W34}w{u@!RK^m6oz4yFMwG0gSXbu?V!Gu=7jVlJT3O4^R(KE6V{#!z{Uj
z&tg}4I=wJ%#prL-%dS6P%@Ekw&|Ok{`b^M=Ji;@cixQu^f+7*&Tp1>2OptyCeCF8X
zw!Q@eAB^b{%<^lX43#6QSOnqC&aV<Kt0$Xn=dS4|KSM(D5?sM!oXJB`mn%`n#t-UQ
zcF!AqmnP&UC=7}obdNOIpRxJm?=G2%)-;xsmCm31`1xBXo1r*yBm!P!+T`U61ZS=B
z&KtG-VD6F0(dMR@2vPotFBtC9vQn?;X1rsh`dD$)KgMx8UHZq<wPB89pJJNw97pq)
z#oc|pYzC7HO=k2he)5s!J<smh+gB?GtFoSrPA<chZT+gVw_wdiEx_uf+F(kCvzSGa
z?hFs6isIDmMK;g;b=N6fF;0ebP|sd;)G$4PKq?t=cBNec`whkmM1aBlNXI3o(bBxT
zAHL0Z*$&QGDGn?_7~zh-tQapd6?e^ku*%3YJCo4$#@9G$aQ<#oOOnP`MJ?=5@UrpE
zh|{{0#hgN8jP^i}T%1cJQjzd$A)6?~Zdt)^+{N}8qsEL)ygk#!n+qr(wK(Dq_=gWv
zf14kdor&vm>Gqm%Ec!)lU2iFCCh06}3E5Cw8-99*RFJ$Sg>54Tju7RzRCE)&8V=7M
zz=>OC^?WPN)Bp;k$0K~Y^+sTnm21;9zaAf4#tK)W#osD5()Kp-HwqwsrG@QO{A2SD
zsgdOfQDU|uP=qE%c5m&drwFc0022p8P+qw)FU)UZ)YpZk!+4X5{8Gc@A6<IeulOii
z;lV#E1sr33w)0qOA>4}k#`lSBKSgQ!#^iETzDX2NG|9Pf{n1(U9Qj>I*DO1#kZJ%<
z<wk|g+PUcU$IK(2-greXy9(xa$;X#rq+)+@XL@DdB{pddj1_P?+FeO^BR?mpZ6U%X
zW}9O?6KkiY<E++4JQ3+IYj5CPm4UpMYm|18yCG<*pAOGa=xftDp7<8S95Qfzv!^D`
zVsnfXxAY@F(b>ecOsUnWDm&W(16aDONob%vYsaDd?iBY*o3Z`St%=_UHe+N$9|}j8
zo2bbVJj>T&mv#bV@g{^SCdizd(8`NhGfd}hul}}XoFcYWiP9GxdSLUGa%1vBPF6SW
zM5F3-ni+ySYU9RVPtNzWU$HA}9h85z#ZBd+TVOg}<P~|o$22%WHuAEHq_Yk3e3VlE
z7xRoJ+d|}(eGywKf56|Si_I$1^*<YJxQ`8O!=70*sm2{IwqDXdxVR<Z)g<CjaO87d
z6ug_@vT+-rD{RTQxi3ogPG}N5)_lxy<EsD3vww~Zs!H-qJhm@7WPHV%_*-&~*JE9w
zQ}a9*UwPl{KdQf8Xu-tz+k=7pr0>TW4(vzr5Im!nNUwi5^gadGBQyd{F2EL;&H$xg
zVU)2ot6To@G+m5m;%m3Gmn+(m`E@4S7k1siduH=CPC0G%yB_b4vwSSw?rZ_i_^=cB
z0sHGDaav+Wb->)lG4F3}TO15&x-cf41CDLd3OADk567Vd3nEq|q%{qGlom^sW^Y2A
z<hFqG!Gd9@SGENs3{75{Aq@8nOeLAP`R7e7BcAJQ$-WzM=(}A6|6Y{(a`_cFRM^w3
zsS3L2<{js@6ki;Q{Z$aX5)3tH|3=eOuopFM>6;X)4a@eI=%RzEL2g$i^L4Na+9zJ5
zI~y%N`pseh-$P7HcY<Nvo!QqUVVCcQ5IH-hX1BX}Zd&A;z~S(8#PRo&pw9Px=y(s;
z_RI3#;+u~3A)kR>8t&~AwKPc&YZ58>D+(;~@r<kbrbWcAs~pU~He-v41E*%i%_~S`
z8YCCSZbEsl3EkPaX&IBkr5lnUcWd*S!em|a)oem!lL$Mrv(=)5zN&ix(cugJw#vk0
zgC7|e+qBO!4z`cLiNDzrh<X`OLf8`if`#6*vq9A%h0QDnt-lMfJgk7-y>io15SyvU
zfSv9IpH<rgC?ui*FM$pZmL1N1{tqf?aK5_$6l1H-IMXJmp*1B>f*SXi3xi9WB^=`W
zZ$JgU=i14;xy}o%84NgytN&rS$(C>i+#omvxKT#+rNF-+{rCkii7K~akH#ixf`9<z
ziv#3y*`!EmupNvCmoe`O%y?~99?;S5frY;93X0q;X3(0dAU@h<TW>7!ucPTi0QDRH
z@(cUFAT_%SaQ7b(Xbkcn5&qb<|0Llb$^B0q{qcAHQ%C=(&;M+~AKUZ)3BycLuACM3
VJJUZRw+;MJKd*Hz`>a{u{{@Vba_Rs8

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/register_password.png b/login/apps/login/screenshots/register_password.png
new file mode 100644
index 0000000000000000000000000000000000000000..31515bda9ada8b5733fe35d8545158d065d55f97
GIT binary patch
literal 118094
zcmeFZc|4SD`v;7OXtP9=C6c9>vK6wGB?-yCjY{?{%-ENZN(^O5$dWw_vhSiIWF5vj
zmaJp4@5}I>qx*TDba(&W`+h&qAMYPepN|YP=XG7@v3`&5ahw8ft0)|yWTGS@B08dY
zL-r045h;|2h>U{bAoxw_7~NYUBFZd_>(_59Ucb(E+riG%!rFw0=te+9B>8Q1Ed8Th
zchvQ3ir129-NFV*ZX9|`cKgLqk!v(;;m5D}K0iWjPlon=PN4;hNF3H9(xqa5?k|^n
z-|&T;j4lI}h{hn<liYH<LHDJWuTe`F$5!u_jos4SucbsUB1-SuGi4o?F1x{dXlc##
z)2F&i5B-P^2oaO%5E=7Bl)h3PIdbsXt^Vq!r|v}2xy5{34*0FDU0z-f8Tw;H+;k(P
zUi1*=5%p(PV*#9Zh;DCDSJ&Km=i=LcJXP_<LF(D4;bb0`xZ%f&@_r4kpIsEG6(X8H
z%dZ_uN)+I;&e&UV_Uy3+s(YuXjkvGr1m!BYxgBI38KsC}zw|6b=w*D=eB@O{@1`iW
z)`szO4X&1uFyA$5(*RUS({AhN`cP=xxtQ#GLEJpLG{>LlP&$}OyknGcpy&Kb6=izH
zTfi$c%!K$Q>TA>edS$_Q9PL@77!im|G_AkaX;&5=uKUqsx>X~n3k?)u-8aK?bx~g<
zzIH~W$T#8}NP@3=t2oFm3z<<RO(;8RS-P~{I;=k%`K5LYPbIrEC<w=oxvRErHhKA<
z-q5pfkbUGaHxRW$#*V(#l6BJ6&ci2U?$)j3tI!K8uexc{{2NEfEOs2cwVX;kkaQbt
zX6Pr4trz`IofK<+bVNX!DUs#_QO%dIV?=jq1hAjvdl<is)7-n07hZGC_VuG0>V+&*
z!SB}JPZPZ^$x)C0D84x+@p!7+%)?cc=wS#mE31_FD3yH6XeS%drxC_@MLwdjB_adE
z)-c7qG><UnLkFHoA8LCf)<%5r1Dy_u_%P|fBZhf0A2w3iM>@GD=cNU1D2N$RYWWr>
z5YhSY-6iKH-})ePn=IIeHi7yL8AHv9hX-Ij<-^odWCw;%oFr!baFSH!%Cp02XW%y&
z1bi>Bi9b8!DqVH^BHh8y*A{Nmob`RscGH|$gET^Vyp1@WX_HaxfZ^k88BE)O^kYoE
zgV&7i(%tg4$Q7|ZtpD-WYcld0>Us7nhgu#x4tu!J8XVNFRTw$A&hBxbifXMkXIPC+
znkQk3TOyqEdBFXoYq#ywWy47enKYmA%4sG}-)>HK>a@{-Se{&AM98VPA1>hRJHq@Z
zSazu`YN~7MK1{TX67$IR`jGtETZOivOAmtR>qthQkKDa~QSo)kYm!?$6Bj3hCIlw<
zO^KF>13!1XKc{16O(a4e<7?={S2tUOHrCI@^mu*eKKfL>UUzuF{>&AAmFMR_%+xY}
zHvE98Ju)mga$>&BMZAJl@+hQsaztrCcztPIf1P3dlCMC`v*DW*XXXzz9f~>hl%n}@
z%wyu(lWP9v*I-=o$JL)%1(<vi`)2aZ_?tKx8JQ;;gZ~EQHGczt0sm1-?Gu}Hl40Cu
z9cf|;UYzByVP`&5_=4rd;LC;w#(4~)!528~*tNqTFXKa{c<!7)(uqFz_$>VV#PcK1
zi|LHcQ-=qI>)Z^Ca0tH{p~8#NVA49red>IEL}_DY#QE@6?jda!&9@mn8IRMGGwCur
z(+$)alZUzM=!_`iLsdm@l*(e$64MWAh(stDDoDsy-eOL;XK_yGD4)NUthhWb8IgWR
zgIOa<Bl4YAdYt-9O43vv?5G5yD$2{(D`dyy)#?TGg_<lx{<JA3dPPlHy;(^)K`UJ=
z$4Pr8Q0zKJTSC(_(=BO}_DI2#(mD@B3X{7qztv%@4k3(?YqWnfmk_IEjoyUbJ-zb<
zM=jyz2uqy#mQ`S(vxQLy3;He21)Dr&-7T6Un5@*b(sp9nw!1Q6EA(yS-Af%OO@c(~
zp2fX_K8m|F_XwIc__`{<E7>c~t8$0-Kq4`Ut^IDfOlHlqx7i~GA0wU=J~@V<kiV7m
zASqUUMxGU+9F&B(eDX5WvFP-uhqoMVSt_%{geprY3o4&io_l?-`L*dgQ}?fBU++08
zEInAFT#BL3^$+uJyB{LAX8qMVvNy3eB7aUl^n&iI-dBaMJhfn%cQdbM%4c??pP=p0
z`pAA{b^n#V<lfVHt`C&nA1P?gw<+?pGPAAE&&(}1RxMh~H!>c2uv=GCD>Izi{kHz)
z^p$RVKjX~N%Uot$0qU`+7x`};E0%00w{9^BhU<Q<nD(__aMB%hK#%8VhGllHJjTV_
zzOsF1D{SlMcx!@U;&e1>E_<#8E;T%etC@ec)-%_RdpFszlC|tHVKV%AP3-%MuSwm_
zd(0-4t3?a1T;f-EzBrlW+%H~F@YwdG^c3^tsd`y8UZsj(#)ocO;^nuQ@!IRfq<2Yt
zNs0~*Oqx5oys>P#k>EI-@u7(A&TW_5u5I~um+mS)TrzO69Uic8WNj6U=8En<NpkJV
znf_~WkE0)(KG_jq6_<i}ecqnDS9I_E$G(s6MwDu;YNcdd6s&_?=q#9c0<95up6i{|
zWL~+{$5nQ=>~fu$speON4npUiwfbp(e%{%K15+eJWa9LPFTf0Ra_0xx!{nOi4fV6$
zU$I#z<-Dm>qNGx1{4HtJ>RYwL^^%Bzc2bqv*~io@F~wnP&*wf5wXo8ZP~9Yj&|qkl
zXvo6`!iqSLaJrw1Ja>$$x7J}KCj3#jCl9Oo^*bTS!D(`7U1_7JQB><Q?nDhW{U<7Q
zc|o@C{Y#_=VzAMr9FDRyXGPzTnea7QhIYKDNxyE&s}I37t$xY=vQr>riES|9ZIW#g
zdlds2D%q9`Hfm8l-*(>Ryq@+n(x5!g?u1pBPgmRY<1VDtVf0uI<Cm3Iq@I#NOxbGp
z)tHLViZxtfxA3IZ<mAL!&YF>teu54gPf2x+&BrR%HYp14sR8q9`|i3q|Lt0woQPbC
zoKc|b=Wg!;{QK|q3(5g8Vwc5j2FuCH<qF0JwOWyyoV=W(ocR6;TdSUy9%u<3AIvG9
z9U&Gz+pjpl)8DI4Z-6dndf5HS(5NY_X->;UyK@fRS82aiFR?9Ayy`ZC>`$xAF&~P=
z*Wx9}w~q;FFloPH`NZ;7a((-D=iAlz*HW6S=qm=W^?vI1mxCF(8AX<p)6-1I=;p$Q
z$SkL+soEsNdXHe?E?qQpdRjLFGkLv9z0uC;-K9!e87@6l0abLYfLP&{&<gC{fzI5D
zd&!qd-xu=~z1zAq9ECP5o<LRW;2p-Y278}7W=x92bH%kvNqL=_tThiTF<HOg@p%W$
zi45WYY*2<0sYWh2w2fzKZ)Y1=niU$AOna?-7w)z)%NESJJovDzy=|n&ep9>NNYz;k
zE;0bC>g^ow=o*kn+uG)9)n~BV8mMx3>Nr`4adj@AlN-d9R?mCc9ji8*m+AAnd@P?e
zSfbH0$kkw7c0&=Xj!cWFj>2mV;X2*3Thnqzb=UJ1@D)4S)n@n|INPr1hAWl|!_ejD
z<Y)GD`$-v;-$iu(=C-AE$?&lVDW_@?PtR%994T@6`|<||Zwv-i^LeH1%zklyx`s@8
zo1`k0?0s@eXI&Am-eop1xe94Ff(G&7pKs}{Hh<S&T1%J<sYlh<e>OPe>_8`dhLY<X
z$^0sX0M{oH>6vR2Ps!AmmXoE`cZtGCcW70c2g1IQN;BU-SI6!|MO05M+#=_|(Mrpq
z_L$+(%*?o$#Fk16meyBpM`v~GR-2zqphJz+1Is77N<+H^ciA%!tf%1_TB6D8J{~dc
z2JrQ{iH@SFvN91bcuhe>O3Xw=23`?^FG=E4|9&k`%uRG)@Ao7`L{BY<NdNeZ3iwX=
z_X2zo*8KQ>AoK|lIrxbNe7Pi${Oi-C(1Zj3dQC<F-XoGxzpkhVzN;HMn3&i)n%lt=
zG;+^_UmSXPL)Vdrh@O-1MXY$|>^!)BkA;Q~Oh@^an6aG=|Gfux_f7a+Y#tJ>Lv+<e
z47{{4f!$+sv9Y#w6myYa-}{6Zcun{<gq>~gBQProb{*y0Y}f4^OxQ&DFY;exm!xE4
zW4r3`z*Ovxto$F#!A}zG<}lbpF$l!j*_q#2kl)V1401_SR1|Vi03sm32R^~)=xPhQ
z=fY>}$noPM|GJK>iKDTD#Y32doh=*Ty7%te!C?~Y?1UTr``?e}G;y)`&z)=?|JWAT
zAcXJ^<P!fy$iJ@*mR=?NR_wNgi;1<atc4Ab8Mue!C4nnfuI?@P(_8<!<xfj>ep-6z
z(!QlXz4hx-O-B=l>vlHarZCC>DD02>{`}@23$H>5d;dumKLow^TOesk%BzrnYfX~!
zqdGAgP~>R~Syc`29he#6AIW3zANP;%gx7s9Zkm-S5D`feDay)dxDbEGkiR)Aw^6sy
z$9cNJkL;)#>FlGAq^}Q5vz|D>o9Iid@#%s*>E~zZ&loup)9=cDrg;83|1SOKhvekx
zCn=uO(3MEfOR2`sS+A7Oeg9O3mGGJ&H%(0~E1T%gKaaQ8T=`@YX}CJ{=?M`D1>2+j
z|6O$OIpiDpGNyy=&+pwnbi86-PMV0A^!Wb&D8U<azA3uD{{Fc1qhbHK{WsXV-|ZWZ
zhEtATXlDQA?%+pKhzI#Emj^%kTmx_T-?gCs)4h+gxr~Va`7#uAG;A(Bq)PdJ+TkOj
z8mgf`Uq(9N1yPOC8J%dkKkttMx_<OmL4jNPlTtt_YdS9cSyIyTwa$OO%yI6s((`vH
zUYSzw7aw7}z6@0d{`{!YXNY|xujL8_{#k}V70iFW4C((=@ry0|PZd9#=l{Io7q|Rh
zfciOT|1UuO8fgEQD}G9R|4ZAy;)egfrtLnG%L5OMJEV5;bKWS#<(*>Q?j?^cyG^@j
zb9`&0er)hKl9Cqbow3HH*V>sa(bwX6HA5RcD4WS#XcgiqgnB;>+d^RsFqo{NnH_D3
z_bhPh{K(6F^@Zp%7TY?OBD2+=rkC!SC`lXi=8etEVp6+2rc<Q&LX>$(X0^^Lae2{e
z&E@!yQ2kRog%N8z=JEBbx!p7MFFmV*70fH|#V4VXW~}D=aU-n#@hG=@@!i!$i^KNv
zYe;<wc(>bK@m`#oq+b6=DZQMmlwhf9BxP5<-OODn@>rJU*1_WL83pkk=@3D;?dmvP
z<JFyuA!sdCt^r={5GRfE1>ipDu*MY4x7w<X1@%Qqb8+4_u_v*{TVXw1Cu@@6xm)D9
zN&PIVW%wSq`zn=^(P>?KSJYXX)onh*G83jl8w=GJ4cXmNwDjpc^zHo$Yn#j0fVt~8
z!@_7S9AX;^2Fq}%E8Rwr=9pqHIP!iqu}cLOK;VJp7S|ct^SLEEn_WJEgHtEpOjY;z
z*%WR1k)CmVBv4t6XSHeb;g_4)b+?qz#j`?ZxU||VYx;`o`4KIPPFpVM>7b9z>Gy>5
z>vfN|P3j8<izG?)-pdS;GCpSXww2{8)U&SLcc<6;V!v_u=eRAa$u5?DzQg!Wn|4Rw
z6}iolk)D{o`1&%F5VX#Uxx&<BI}^pJg3IJ?Z`!H043OxIq+Z<j_tmYqaubCD2X{<s
z(u{b;Q|2zcJ(1Ch=Tu6reiyvGhBRY#A8`A~#IoGpSA?H|?}niJSCd@zATw~*kky6n
z9tG~><v63_^Q%jr+-$dc_H>0|ok`b1L5o@SRe2+|{HI6zak?yKF3~X(eKp%w=UK5y
zo-|gS&|^#HHXFy<HV>$-Jmqrt-dyayDYmm?r<tx7^SKa@-yXW>TDdvr7+YnxKCEu|
z>g)S>22Z=oJ$Ipf=1E6TWw>nPYB86JLj-9*Rw>#|?>6$jUY5NQf+zPG)D|lrd2*`Y
zPOqy)<qA5}>(VV1l}$re#QvE6;?Tgu>$uJ7GF->v_<2-eH#BAkKbNU5c*ypvWwO?K
zo=jP9vq*Nt!u=TrHW%Hk)`cL|bT!UyL+9)6VlR2KiU-Rq!jwf+PT5to2W`^*6dno4
za~bmR^9k*gCP+0qQs;f1gn(8zbZOGAb}Dj5bn-h3Da3KL^9b4=iE+TdyLatwwoezT
ziS%20orhx{<R0v$+8<!<YWaBMaf>i)N@U@5Rve9Jd$h&H!rtZ#-GlkFUt+BMiE5hk
z?3vuRjx%BNEF-Q(cCADd*j8<rZs)GmDe(QA+NJN_^*M1~D>;zAObDq{n%8Jlko>W;
z(?h=M@C7kvr?W0m;**wBalEki<tKn$L;LOrHtSoJ<$5)><qGY`)XQuM@Vh&Uk%4+v
zA1>rr<`fT#b+LYQ?}^}b)Oj>)ax}iet1R0erai>#w&KQ5MQ<%L)p3jszOU->p{C&W
zD4nmZPK`jmghV597wS$Gq5B^oo2lDGia-fk7Z=?Qzoj0em0gkDH9ReBSTyKHj0%*m
zS5n$nCrKNTL^~}%mD(;XY@HT1D(bl}n0k7J^GY!<ZN*pQQkS#ci82FkJfh2-VWt9`
zs&^x@KXT<r!_j>g`9ML|M>VUGTrhHQDFas!5P+sCDpUb`L5ioKSZ}-yEQ&a<Pc>b%
zQ@rDbONklssDY8io!KvyAm!m>-X*zZT?JyfcWX3ouTZpIQpULB<oxWQ>U#{YK<Eu8
zLbIwomyc*ZO-&WCX=Z&eJM7YWR6$`MCe@-cu>Y)y4OQYtqTPC7DCLd{S6s2hNqk4@
z>m^kR=)^WpmiMEpuy%1h4Q+MAIsLVOA=4QB&htx@zZg#z$>bYHFWj+-%gIMB58SQG
zJN_7AEFsJxex;`A3wQm{i(`hJ9GGi*AkOre`=M<bQ|pEl-S+Q_t&P59Dp9E;LVKqi
zejpr<>g?QhDwR0naVem5>&Co*bE_e8Qf(@cvMlDMZ)Ef3p&$!+;Y-l{UNOqh21^Qr
zR24+0<c_~uU~M{NROcP{1WR1gbkXfdZ?XDR;w)0f-q6ZEHN2?LQbx}kzrxgET;{Xi
zbJ={R(H-8~j+T6x`h2<livIH{VYil=4nd>6gH2~ftltJY8N9!*i5t=zGQny2iiuk3
zR|M?8M6M~BZOO<J*lg)!@lmn%O}~wae3m!!CR%ZIRf_W+J?f}RW6U*%!USqaUlC^Y
zRTszZwSC$-ZvN^+C}&ef6eSh?SC)$O?#Ga3G3UzVC&MWWDNoQ?P8Z!O56u-naIv<q
z8^u2}8N=rw3Bz*w#nh0D>+|gXrG?ac20Cj4c^f#LW#H;rc&tV#CYWoVWlATJT7L?p
z@1Eh*!KSDrNe(Ml2!bFoPt~S0l^BxZCemeIK2sFs7az{gu}^bW)!;cNizLUUKf~RR
zXu2VbS8>9-v@{h$yQiC{?itl6;hZ}3m}96Rf+u<Q6A4Ub+UA}yz@vv#sME63RE}3H
zf9ia5v+@c5^d$~xwBz8^p`S}iwl>8NXcyhwgyMJd=%XWnib7j2hf{hd)6nH!*BQFH
znIN>ZWtr6K2+P+MzubpC_kjg2TOL_u{r<CQ*Ns<RBoSWIB4eY2V`Vb)0#8+3rD~cG
zmj`t`^CFP%<fG4jVS+eL$)YrWj%y`~hkBSG`nILIE2UgqT<$yDq!0;p1d_d`sb^|S
z{Gk*OuAXOkCUuRH_h6^|K4qfAA0ZbKfvV|Jmub_N)t!|+&jkzeNzV(|v`?AQC&O^b
zUHJ-_t{YO1Ng<dq7uJ0ab}|I4zRv-@aN~WwZRK<!wAjg|ItY+RjNLDbEoE*NKS9Px
z2z*P4IXSmqHKQk<$ycN+R37B5M4y^VtH83vf~fh%ol30?E}Uc5D*R2Zf3<%oqkpy{
zWWV`dJV;z!r^J#x)@p{+%ULnC@>^@9I9?HM&uo!Np9r%O0;{7eJCzY@`-ANQC5&ky
z5xT;ZzN}|g5x<=33iFM867NiPy9|!%&hHL#!Jez%+GltlT*$=0_9~}^HL!(og-xT;
z)F2xQwj5ynOcHK;WZi8wn)){~$@vhP($pcFNwr~!SY+9|A;d0ba-56;+IZ?1oRsRe
zsnywxBmsQ>eG`J}ci-1FS^HKz-M7ymRbWxQ_XCwP-^r;xqKVjGS-Vp|_Yt=UNWgIf
zx#TsvbXkPl$_1DA<xJESvJT<<L-8m>t}s+&$fIOfF8=Yn$@U~_?a}b(K%pr(UHbYg
zJi~Dmaal{#CWE>rFmhCQzbzjo)*qGQfEFmLs61iDacTgk>$&3p88Cg%+m8-COuNl#
zSE|lT1wFYCYPE2BpFNnzNlSi{tK@L87!+knRUn0YoH{XBtezgqT0~g!JzJiN!8T^D
z&hcmS1=QvfiZQE-bR|;A5z$K=(+6vsp0Ozjp?Eaj8^hg<##dR?5w`*r_N_^XBJuhZ
zm`VkY7U+C8AgNothGYq`BIK)P-8J}GDizcIck0Zn73oLhE54p<aNn=kb<%An$VXDh
zCf#GmsCZ=i%R^B1h=bv9O3lS=c!nT&{*)A|;%d#R^R4@=h?tZKI4m|#sC_zc)-o9}
zoN`~sYDW$PI`v*2jfV15UGD|l4XVDCO_RT-hLoP(zuISlVqF+&{pq>Hgao2-ac!j{
zQp}4L8c7RiS~GEtCi*up%VgA+mTky|?0&@;4*NIENYc&(nbu7sN>MNMjJBQAmtg4z
zuGSQ7KfA>ZmiE2hTMF#>><!UhH0ooHU|7jgf7Ag)rTjxw@&r*`S%cG2DesBue6a$M
zRO**sB}FDL@l7uN8Nr6S+@$C4(;RUtXnRn^F9%-~aIf;%$e1P%7KWOl#w7MV?p+U(
zShR~;NFos@?^5MlO7PIrZWCZajU`9BGW^fw3)6HpG%XwK5`uo$;hHAv=s!Dve8ny0
z<{aNwSA`nl^^YY9xVN&nzcYrrUN{fX1ll<Py#!=&KrOc7R_jVgDifAGcsM2O?D&3F
zyO3EUKvL#%VVsNNb_6~zkbS){nw&e9>G|}SiCeb!$%T&J$Xe+YzY;An`{K70#!2JO
zN;Vh9!YPWrrUT*Wr7Cli<6xb&Jw`6DC@?zl@IDuizWbG=s7@(|1KNqPRSzhul$r?f
z2ot+nqjW&knI%CMgIo53W>0QDrG~s@Guij7(vGB?hNE&4bM#p-_iE92ubH_+U|FmE
zPs_|!o<#-}n70?HssG~g6hXQPL&Ai+*4!*!tKWWUcjqaWi^VXu1w6ES>|kq?UByD3
zrM7&9tnV*No2kDjRHSQ%g@w(uz$tHwMf3+_28-RUz5?i<$8MmTdT~A(6|BZ=WLiUI
zRROz`{EOE=k*=x>bPFekxH0>4t3^#u=tJO(n^z$mKu>k>VJ*)`G{SUU3nnweCgUqz
z(>((!Vxh_V#dfm#gEbIYIk$8`<2Dy|&t8(i?HMbvxA``SI4v(^j5hVvG(E><oGZyx
zJFCdJ&%`f!`FH>me?kozmEubJ4p0@hutM9bW49B}C5csi^<_Z21d#Gv-<SHLIS8(7
znOY0*T!uO+q*?TG($pcal1`!L30Rr>f2{n#1U}Bd>2_`Y&NcWm5yA#ffDO9NC%SrO
zEzl_5+22?SGI}Hot@A#5a}_jwl4pr*w!n_q!HyP(<!o~6l>WROVzdk6t|)i!0pG~b
zvI7M(K!*Y8!H_0D2B5#^zv}P!-A_t_E!W>cK_U!g&NXCBkZqQQd*}jm2I8M==r5li
zWw?uoT!{Azl>qvECobJDDIE~~Y<fM<ZC;?A5?X}#olyt5FfJY9_Hglyto?u&nL7|}
zz6%~GlN=J{5^(xg(Xs&nDPN%)-vk!W;*{`;ARrnbpu*u4xOS2p72^Vp?yoY^zuVAZ
zVv*Pt@b2A)ruI25E-S;1vRJRc#)I!h*G5*RK>n1s6VnI;56ct?9#(I@!}75(lwGm$
zXNXDUvp|(w*R<X$)4&3x(aD@(1Eir0q`_FDbXH-%*|c2+at67I(If<1{GF(8kq3BC
zM)07dke8=_@y;buozWE6$p_&Q>@JKc6BK=m#5X%1Xw*mkCjU0m0*x%SG;q7i&I{aZ
zrY;x<3Ty!K${#k_Sj2^*@7+g4-Ut=gA2YW}vK9n(9B=25lR`M*<mUb4+-kIYZrAku
zM7O5$@!zWQ)9*GLMMluepH2QR441y*;x|s3UwqO$n1E#NSouE_5*DtW?i?F?fOMqQ
zld82*i^}ZKbGkp_RdqC{i3*7M@+^)5=*1~`dR>4D`U+wcQShbd=wF0Ku*nJ9+w1e7
zo$0e>Gf2+ezVjota6s8*eo^KG1#l0?7P){paF^T6iOK|J%E3MUJNqLdfO-C#%a4as
z9#0>)A;cM8;FT9#-pN-KF!kPhI+K*jy+3LkKbcQtRS~p7N+$_o`n_SVm^I>?1>V36
zbmwcIMc#O^U#AJ8Btb3~Ev4M;w7!uv8P^N2z!2X3Fa!|F(S``8;cWSrocnF<LkXGA
zsL6m?!uN$k(8kSGOc{tr2NU-q*>B^wP997*+8l0XY3bGVuA!kpZ}Qx^Wn0g{#%bX@
z)4va<7hLWE6a4ezW-WBQaa2p>0w$>O)Eos&P#tLJ6*=UlC<EX947CTphF)7jtXgB_
zcK7g&%&YP&o&`Jf`4OuMYYY*8+dq3@^A3hqP^0^wlt_QMM;j5be1*{PS-S5eHA*rA
zGSRER_2hxfmB}HQ8Rt&^qloJdVusu=W@bvUm+9YXKq#O$8;<s519_VQd0#jN?K}v~
z^6$nN5OIMc-TBp#p8Rkmi<Uh{Y9lz3aarn;zJ|yR=IUcP3J_3lxuM?bErV_8fNhP}
z1onXd^0(6hh{CkUVUzN7p8fkGCat>wJl<H6*#DU7{GF2}LlYnp&#;03w=(Px5D3S9
zyOX9R#JEFdZw*)hRO>z3nFr(`59E-ww=aiZ_vK4)pojF0D?Y<1Z)T+V2x;vsaG>cL
zDj+n4{SV`Fj^N9*E!RpVfiLGXr<(v@M*L-91`3~h6O;#vh@{TbGWvuR6$GM-Z{&^O
zUtG);gw2i$M}bBb>WZK{j-)ml;4uV#Jcd<;Z16AHPx<&C-tvIpEwKb|DgGPYQo7ow
ziDVT4K;my_JNk+XMpYS>_n$Hsh5Rn1{#77sDnt&;`E^kIeY^Y1aQG~8;!Plp#2FW!
zw_>s}1R*}(3(-2GzX|ssunA2XgaZ(ybg1i0AHf<m{yzjZf?@p`+5*E8olKMk^xe($
zqwT2#fc5_p(BSIf1SpV3fC8~GuiN<4r}Z_oa$eqnz_%qUSSmsBGo}30vK@pd;~!bF
zusgd`Rlo0LzoJ6;FIqPyV4nB!zKP5L^ECE*j{;ff0n7u^6$l@PegPvw3IMSEJ~gyI
zV>klo_o0SR{~EM=2toUMT7o$_D3upihf2U6>Hm*C0uTRvX6s^tAWfp32JE-~fkXdA
z3jfO#Hv-bme?v=FKF`8aQzx`zqu;#Af~#D<weXi=O?N)e4H4O?H)?XPlWu?HAtEuR
z2MW3r|ELyJEj)(@?3RFnRzm>JbDGcd(2RKFAddapfC+sRnr)~nTm$m)-^W;>wE0bC
z^p{EkF#m5`O{!lc8t9ZPS9g^2&y^2Q(eG-5R6j!1a`;zh%}#*UqO>NPGW&}w)LzWJ
z{!7eFrMRG5mQ{9YhEU`vfeNoMTiKk+uRl>hJ4JZw-ft0H9(FG`oY}7-X>~$w;4w?Q
zCAC+^4`cxIenQ9%^c4knT9}=CBrTuskIY0qmk3z=wW{>UN7@RygR{l1Amnc;fXal=
z#X>l5G??li;46^pfy^0y^;Ee>)PE%ppwK73gaKu0U}dRq0tE0N42+6B%mh{jm;gfQ
z(*f*K0Z9D9FA}fg`|vE%KHev<9vCLB-x)_(@}pX+W%>sxl)mDjcG9z#`$d#MP4a_k
zh$C<vn}VXEy0~sxTy%?_S})sg!<-fsR1X2J^tUZr>lhS7``_el5bZ}UgyRm>D2ev_
z=n){*4G`_S_Dak@Cru!?b8q||Jb~QI#BVndgb=VNH-LJ-{JN_{1k_ur%iT@x8|hGV
zpzu4ugfI6{?|8J8wpO6f`+rdM<`0keY0W1hhX20rfYd4aiziGR0_fv+B^dxuz^+7p
zwJRAyIod@-t**Y5ISbmT=rZ9;m(<*m3~Et1ol3ujZMyRg&B91wsGd~PE#c>9f3+hB
z@Z3=;a!z+p6yI@vR75C>sR0zDuOLtWH-0HiPZLVh-xd!3<xFyarf`6MexK@ppWdi{
zOJMxtNBM242b9`xN(ew6{TB+nKj_z%J<^5{&svmkO<^|aBf6}T|1Y(iUq-!h>a+hN
z@qBng3q}-hD1Qd%YyOg9--1~%&%jsI!_KFZ%Vv|`EV5ny`HgrC?4(aS#T$o49;|4q
zs|xbHx~haQ1_xcsh*%&2te<%X0Wqz74N5fvDAoS7?s<Y&{HTHdC3Q#T;UK}58(gul
zJ7Qbk^HC75g}~e`eVal}w=oXZsMUVE>Vj^lJLc^5*9?_Ya@bF_s)s!jYvlszQ~EKp
zPS~R2N*lcj7yCZf$yikEEG%tow~>BEiIGH^W_^rHD(dLf`44)LgS$IxX@18fOSI~!
z0H=`fjsS@}1qGwM03@!ne}G&Ekod}8Y5T9L@AY{SZ3BBbxAF5vQ841JR;S`}3}59&
zvz?0jY^j-4dGkhDtLLmEYN4K0s&lgE-c#m|Gfz*4#%+8xOGSWgX?jr)qmMAB^n6}w
zvglC~if|fWfp_wn%_D~aXZjXH#hOqs^d%19`#o^lFzoW2h{W;cFuByajN8B{OXSW%
zi1*=vxujq*US|7G)E2RDG-C-u?RyCf+p)YDS$);eu~}Htk?YOFYj-|enzo^<30zT3
zGLl>fP(ACfV@)As2*@<7*|VK9kEAby`VdAN-9JZLA@qG4;Qwjp9&o*bT<FkCwMdJl
zmseIJaB@O-hVz>EmBeRDj5k}ocLZU(lB@4SQv8mJnNK-Au^2v)<02<aQs1{eW9J>?
zgn?_ji{{m<9fY8H$nLs-fB&>{jM_(@@_2>NVnG`Z>G7%S04HvKi1yPw1Z8sS0PGPQ
z@<Ym?dLwwWkfAh(q2yX=YxC4Zv#nEp@^RxxLnlQl2L4-_TF9H;+oP-~U9;GT!L_P2
zf0<^^NP|$&<;OAFARBz~YeQ0=tNHOZtPaWtA$iMz!InPXKo7Y@FImUSXsfSVEcim`
zMh+N{;H9wgCW>Qgy9j2bpTr(7^CKehqyiPKU7lzm2=5<NB0;X6{Xv@ybaB%V>bU3&
z5Bn_AGy}&rC98(XAU70PJz;&I*N)fkvO)y6Z=Qp=_cry-;Y!hNjB8Gj<pZ4fY3*uD
zXJhazl_w3{X9}^EbDnnNrw{^S!;cPhG;qZa%u1;qH;)GWKU50^UWUlW3n1bYqxYqn
z@xv+iCYu0IU)zU=rNhV)u>$UMmCl<$;RC4H=dc*;TE(P<Vm0~Da_Z$2Ws%+o-&vjS
z-%mt8O(lb%MKP)F#TX|lg`?QYnc|_rjKyc5Jxl>*f{RTZCZRaY22wR~+e8~bXeEj3
z0&gs1*cV`hbU%a~RWsV%o|H<PDeBK|z|8g(0|6RYH1QQ@RStCy%f)v3mZ`dRgjwRd
zs1UM!X7Qe;;p&e-WlTXRb*B!1yKsQJ+*^*Wh5*sFy!?-7|6tsFQYo`^-m}|)E_>mu
zO<|W7cFud(9cj&9*|y2;T(uNyWoYX#pBOAZ(tT=Zz0T4zwvT*-jN}ODE?RsENH|5o
zb}<)V!h@+XwBn#y{axrk_WUn~$voqce35zkfCuVZwzeT$Qxz4oh=1am4OfAgrQov5
z`LS!6w&0l4Chl10*t@j2XhNLnt5QA&Er@HeuV>cA<<n#FU(F=d&j&&W9)3Kcd3%-M
z4i*Kib*Jp!*gBW@Bdi-E={0sx@jDuxT(HSZLUf##H!=|$(tDuO|Lt=iO8%5hXZMcd
zySysYrY&y!Ys}@GO)m%tpvub1DWI%oXO**}z>ggBPOoC1yt5)G>AkZZ7gFdj-Uw@#
zV@OegR2Jyn-V!M;Z4M&KKLmA~NM;8Pqw%PmNqG5FP`W-Tgv0l=rXbK_A7ZZ#aF}UC
zHz%v(Z0Y`m8<{v0%4fhllAGWrY_-=cO?+VFs9>Xl?tFLkj<6>Pu!=_OwG5%Y)YTT9
zjfCi#O!Tehm{+cM`Re9$W{!%bs!S+9g|H{rkdRw4s`H(~)o;{__fTy51(GU|K-{J=
z_NZE``{0u0XYsiTN4+9zUF28j)UIRIW>?NR|666JGz+A2YBSx3wg$0ZI6|^&kMtKu
zDj=BL`uhi8d2KWqr7pFI=M)9<kIjMjsyP%wh|x(_Hfd<8m6gY|D(SP&RzkeDlU9p1
z-MY&Mg)yTnYd0*_N7Sljs<vhe%cbAVg1Md%#+60S#YsK)DZ@E8?eZJw9Iutk{v0!R
z05`gmxuiB4x?)qa2H!qqiKcr6@1ra70AWSdXtN_SqcAkl&B23^X;^mG>(jP|c6Zbw
z7)_+MdRsea<K`b{cz_`+WxYTw^PG!9d0b1(?6p;dokx<PsVX6}EWbVGX^xg&s+Zca
zciY_>idPZCp6y5C(|4w~mZub?#3Vp8&hl#MG_A5Qij@)px#uoF;L=R^-=x$KhGR+$
zUrGR+!%Sd>K>J4cyq@x{<X9)YlfrTYywi5Yr+f%Mi)E-@mqQwbcz!p|420nQt3IXX
z4r5il-A<mAt#@x!kGo@d*E0Ok5X?DYQfhajs${ZzGTz$@=e(*S(cOAJnAfG<oWc7{
z&c$m<^xLbka~@ok%P9~frm&%VA?Jk4mwt%YcO1`gwcATT`EAu*3oGyIS@bcI`ZCf5
zJR0sJR7S6>z?`UpT`PBa7t&UfOz4>Fm+O6V*lWA$@tYc3g>lPnFIkZrNqG0lnbHd$
zuM>_d#PjsEh)%vqmS(Tc)Y5=J+(D#{4Hlhvot+f!HSfooyoH(b+Q{x|eL-K~h0`C>
zEB~m2?AV2JAD@QB(G6Fue})7*#i*qU2hcsiZpGVG#)WyX#u3IOMhThJz9A=Sl%^t!
zaWXFC8)&xF@1bV`cS)eg6B<ZbU0WP80(FKI42L~;mf~3(I%%v3>UD<KY_^AZbv}3V
z>NFY<w)_TNE7P`#cdp*TC~_P>h>1R4F;zSGl$pu!;Y5^Kk<=@BuF7f6oSSy8P5ON%
z_^VhE8U>WngMQV!ck8>SlI^^=`n#4H&!dujIS_i!<;TWW5+^C2t6W|9G>ueO5lvyT
zc-akRUQw!25)jIGtK~Wwa%Q1Xi9)0?te<6P{%Kl{$N2d|%jk23=Ix1kQ9I(&&TCA|
z<>?8^o-0Fh+iYs{i57R6gq_w$o=$3-UF{YX!)4{0hFj@{`o^1wHw85sQc^(6h!#XZ
zY`D3H$#40;d)K9Y3BTMr6>>r?YWH?!=fc*!+cFr9NV?3NAxEGUf8@H%ZWl#lbsT!v
z?}B9{q3}vLL=wNVoR*0_8oQZT?Tdr-mt8z<iqbn%MqyM2!v>jJZ$3w#Yxk`#Ti*pj
z6iSMdziz&%Ty^e70s2!Avl-8N|Ip5>qF&P&T}zmk6&(k3d6%^ufXBlO$~^66`O50q
zLU+<p=T3?8-k7F?y#Y`Pi!QE$_k05QNh>DUI081f)?*x!3|B0etylHlM6GUK(Bcw<
z<dca;XC#yP7v|>M#vt43)<k!=qi@nHlcOXtwno|S9+U}}4Y6#tJ=H=LdbsZB&1@B_
ziIJU*-OiF=#I6oA5syh_cD0WJ6j8~Tr1u@q4Lsr<RNlj)^L6U#cubW$rB3UW(V&Ww
zRRiK-(-<2q#PcQfPnIY20pVRikwZ<eC;%D9@&!GHD4<U+pSGYPU|9nHf*npNtW&aj
z8OiKy@Nc&z#!L1)4|!&;aGT-={8*L~3U+t4xD3BcvsVluQ5sK@LL|j1$2cMH=vkWk
zJKgxA?|(b+TDxj70(->H<$8IBysx=36PZY#(0HwpIqsW~UcNj-c=`7{rE;WKd=R@!
z0NPni3idK9(4;>RD+1=b^xc}RpkZ|EJ(zbe$-<pL^w9-|bv^a5K%?zM;a)F|^$~@K
zQ_3qcDAPqOkL4~1ii&PaF+&4R=xBB?=C~=5UP@LK$&E2s{MJC4r?rF{cba1=T$}DI
zk93C{XK}?iU;j$M-8}iL<1wr4&%#yuBebES#&jyswZ$e#{EDY8){J9F=-UnT%Eg(>
z)f>uXqs()!88ll@&|92s*u@X+rhv)63jB@{m<qK#a#9($7*nfI7#X7<%kA=h?Ymmt
zF_#YqGRWXLCEuPWzf;{*m>dPV%F)bZ8OJgtqEA^~_sK#JG;G-~d}h#2da)cEC<3T%
ze_*tKS!Dptn5=lO3x4}i7f16Zh-VM%tQP0+-4)X}f)nq8{4O{Hrh5yi@>RCXB@o-}
zebW}pkNIcCY$!E_7HdM5*THbS(aPmMNVHg2XE~DvX`_vud;gU2R~<iDnQ-|!?py6-
zmGsq~b%Js23oTd5deCweL!H4!<~r()1=*@qJXwoWI}-pT(hH&eH~4JrsdlvrO%Z)x
zE|XDG28!8i?rKF@1MLaQ=W*x0_cyWeR(>hEvpzaA9#n6eRN6T~On&;JvDEn&IrPcR
zmrJMlrHbCQQVMOSQzNF^>3IB4#)>H4d+y7D)F10sRXc_8W$?eJ=WgnEL}Uu~#i?}m
zNs8l$LITg(j?R?cT1`Y_uVbr3zfCW#FGJWcH8JUgFDTHy`sWL|upWXQEIyx?2Edvh
zp))S-0{BmA0>yQaoRm-j^4`M2sWm*$B5t)Y8w&}1Y(=z4ErQ_RIo1t#1vQ^G-&k~a
zVBC3bosx(5W{{E9+v8pKR{p#0ml%8*ls~F*w_6wntGs<m|6KFpTP(jwEvG<k-WS8b
zrOiN7*Uds>A>Ql6UlL+cX~uD%xgXuWEjX3herh9~x-e-j{#vEVP-XqqiA$Q#+OV%F
zV<bU#eqskI)`dm2>y&w~F6iFLWc3%PtQ$+C*2IWl1O}c;^%>#5SeK5!D#VykL1B?x
zv2)O36+Bv$0O89;Xc2cgT(FJuWWao004&J_6QG3o52p}KUsNV^InVE<V<osY#~=L+
zp9!id=O_{yOlVQR+tH1*cB2OP<QsGRaZGS`&d0Y@rbr|WrcunUJC4=i%bBj)lvTHQ
z&sD{=Sf}X9EQw%om-ZX}9Klx-(Oia~aMuh*UZK<5KUeW*B`F8iSyDE0(@&zlkoh0m
zNR{&t*5esUTv04|h};yIN~PBD68a1d<BD+Hno7f)ztzVq>YWK0qI<o*qDyztLgPji
zb}K4}@xdGx-KaNob|_eEI-RljEt*cmTO7vco5cgGwBEEekB;<WS)2hyo4Z?kAT*o-
zetIEst|B#SC4b}Yt*uQ9kNiRgBoZ{^!6+iA7f}Q*)57dQ0sf2&BXY70NoW~e1VZ@_
z>FQI;nGjfG=ZVwTq(E87KH8PtJYOk)U|o$yFY`Kw&?2&*?qx-G-1)<eyU|kpQvvqm
zkg7R+#jCgU^@J*Vu+^3sH!U(!X6RC7A;FCF3$q*4o@>xie_<L!`Kov%-iofX9@L(C
z@97=7Y~CilQ!ISW43))ee0ZDi(M}T9!CpgYv7OFH=0dr+ojU&=fHGrbk7~p;EYlL{
z-_dFogx(0K{j358^``8FB683h-~Ce=$E}Kc^zq9v!=F1{WQlxAc|oO8>NeqqyIiAW
zr(%^wn20$5_*c+tC2*H}_U}vvqnfhwT8inaO)WEzvnijHn2YjS|Hz7#&y!VWirXIJ
zS`&``M!;!7`cNxbKUT%0s^+d?ITRH3wi=}(-Yh@R?H(=it=o}+!f=*|o@ex|=$g3Y
zWG+ps26LGK6?L~n6^q!=DO+*MNFm-EGI~PScrBY6g(#bz-ie(RNdD}<g2`8=TC@E0
zyt=6!6}MWzh$}H?U74v^YRSiBmb+nBdp1@Jb3FMZzTZ366c~zj+Sq9IhMvc*UQ0??
zgd1m7?b;!@T^Jt}C<%Gy40+L3^yq#g1ONg<^R-K`TfZ6<7>;_zh1=epvgClG`HAGt
zb)qnjJ%SKx+dS%J`PlQCl-xIPD;s!?)m+GQdx&JN)1=;fBGn+FbQ4T1?3u)_sqOA2
z=iYK&Zl7YrAb5uohvjxzQ+X73vSl{BqFGYK&%Ya-EuR~N^M=o!Oum?gT9dW0ve(A&
zD7{62%4z8%+#_3jmHS!KWvOqYeO5Wj;3S1TG)2!&zE}{zbg4MH?cP+j8ywn;7IqH(
zfcZh*Tsf)yvE4A9ZeT3Nb_)sD-|S7qy7U=Ms^RnbD50BC=m#^hfuk)&gNT_(DVmBg
zrmG4-|J($+th0>K1~=;jXv{4sepz*|B!S&t_utRd{D=9^bviVKZZ2~{q@LN}p(#7Q
z;>^k9{{($3V3tA%L_9=C2>{GS_#}Oqt=%46mjc6g$}=$MbYLXTU3{<2sKh#L=_=9<
zWDuz*#*?mUu-HTwC5f{%xE0BH6_(f*?A+{3MXQT0w_QgivErw6uQMY#5=SRus#l6q
zk6~}V*zo$--vVgSFM3xkq9^A(zv%pZf$Av0v2)p*_qT9rNjh|)<NcTFPYaHsJHVj>
zqx367X(&geLKtK$({1OdMiM0ymUa&Fo@b~aF6bHxdf7J;nvxC%ZIw>|gq<1})xI1!
zY$6oQVf7hM6CXhj5pd<_^sawq_=7FV5+>2(`Znx$Ebfx>bq<c5owe#>DYF8$jOk^E
z`bZ~^*??3Z?ypgo?c&_cw$%{@MFFV=>o)k6?wnbALH*k!YXQ(Eypqx89pS|rf%B{7
za7t)rOP97$?BM*9%U^XK6`?K_91Xe_LM}P)6Puwi;$v%{CApSo!F-ahbHJi8LcVya
zWTR-VYD=rwwn(75Dv0&O;)|zO&w7rY8p@sSLgs`>toE#0`QP8bR4#iWX5*5vN?z24
z$oM2UY!kEHd2S|0IBZehH-y(EK>qDYznyQSSL?+Ufc7j1Xs<v}pl|1RMG)F?3QZV%
zI{9NR0MN?>`u{^8R|3^XL#JMoI`XD8uhXzL8EkTxN=8@v4GQHg?)M1yPfbnG)x0>r
zKrg9kdS1!-4+qQ!_|oH@OsSw*%!q>ZPh65}$V`+CDPnb_LDeg?psLk6hJLe4h?TDd
zr{J`Xr^|Zdx!P+H$X7IPr<qeY_%+09IjPS*8k&4tDe1jO2^_6!)<y3kx$ueB%Gs&W
zFT%WLKqW~=C{ND$X5(cH^;bw^O!W}96rH``OtVFxD#{}^(|seSwAv_*p-a)-u<5}d
z2j57>v*3`@htsq`>!MDzo8S3sl;ZEEWP))8F#=EcQ)kI4?U5IQEjT+R$bYg>2QVqK
zdY<Nn1(rv`JWzC;NFKHO`ucthn0w|Tg34X4pv*HsDkqY`Pw1JGHi6>2o5>MU6F8Hw
zlu0DZVMX^ERz_CjOXW}6ZWD#%b2lio)GQ>*m;dmUzII*hLQyqK(mQFUn#9&Qh6>GR
zN&2pnj<b-;<qk$?=Dc}sy~CRX=9tobd*Z<9%AC7j$q`;syJD1q8Vaat5ey9Fw4z1^
zX?Mozwz_F;ejt}@lhi5(V>_6~gem=Keh~Uo<KK>KD$EPK8TzsY`a7^kpook)N@xcO
z5GX)2)Q8!5z`l;Glz-jE9yOJN%W=oxI$kQU=#rY)9EK9=+rDsGKNLwWfn`L+xz92N
zA8nuUDeg5rl?jztrL7nfpWdA;;Lb!}Y=6dCt^07K$;=(8##=U%j}8owui;K^V5lrC
zqFXe_yz&qqdvQHOTHY$s{0MEo7(#jh6_6E2f4pUGFy*sNVfr#C{EU^0SWn!*@+)qn
z5`F(F*!nfFOtO1Zu)UKvYSO12Xf_`I-AquPd!}-25W9?0o$J%iBn%~AWq<U+fZ)`>
zOLn>vgi)ux9+l1(DP8WEvtc`z#>s^K(LQ>^F#z51M#9rI(?N^&V9y1nL8-oDG4fic
zy|))e_zIDO+<pvJ>h~G|QoW7veJ>zU1@hw|JJ#54?6QG+3?0h`wQ#<&A}X=cl_>co
zU!M_&=i+e%^*7t;tSi@@%8-RNln!(cH{gCSC2P+j^FR+xRT*U|tCJRbk+%J@c4em`
zY)9klK&VRe!Yvs+tRX8*;F2oxR+;}M=K{{{IVywxrsGTyIBe+~xl{4Ho1n)JK#xDQ
zt(s}u=J*j;N<Q=1su{kq&8<1;311uwQ&mxQsin2tnkwXPv__?qd0)z0+as<p?Pi_*
zeJ3l{U&xq7$I+Bd#I=*HCU8I(oeHa-$Gd^U1I@U##cgFfH}wv_n5E{_W8)^P27xt}
z60shr&XjGf_I4qT%$!22B8-#1yRL*~@>k${%X+=V)%clYeI4h%L^=B{-E^&8iMQ}j
zSY);bioJf&SfeJ8-W=+TfiHd3Y{g?@O*Oty4sH#uwNUiI>UsD|nh6B`S2ED|ilQ>J
zn3trfIBcu^Koykp<b+NmsCG;`j*K|}yNLss-vWv$YK7BkD~jF==uP^aSEaFHS!6J{
z_@oESXIh>iR<A%E6}YI(VO(&<4o3XC8@J|4S21-|cnwh3TQ(V1o`~0NUjjT%t$Zsh
zGg&?tV;#zxNSQ@v0Ph!K|1{L%N>`&KBrKmKBBX5AHUkosx!bgQyk0-PmI`tUFshz_
z4K&y2vaxkMMGylr%EPD6cCr@Ik=d@lv8J0-*kdb%X*l{_p(Wh_e|reeUR|WRGu55^
zer+3>tSOlRrhjJu6QyX?4YGO-{xihu65vq0K}$xlOg{<~;{PhmL5~<^q8}X{Z3K68
zaL7YrJTlTMsUv#bS9_G0Gn<S>0rCHHpY<mvkLF6SVAPBMY*(h!<y%tb^1T2L*zcTK
z$|O11lJXXTqCoCGi)suEt35y_z9ILX*WB$hpok+UT8;3m5{0pO3}q69vusH(g|_CZ
zy$LjB#I`q^E*vT2@byxCPt){!l%a)X#6g$$=X@FPyMabVvc)I0%!T_`V}`cRS=`iS
zIh*d42H>Ke5aI?^r<49!?VYF0PC7I58@`Qh*KK$-+B#Vc$DGBC&|i{RR?_?U(oVP;
zz`Hc_RXj`aGj>wO$<GSY6qFsyLFSKR=!#PaT%I@~v?)h5)ly^#&dF((jC<1q_BVc-
zUnO5zv_puS?BvemHQcHWTQsYCc#Trpye!oLD<=IkK0S|~X_|`Hq#>a0V*oY4Z+S{E
zz4pi0m~=jAV)>DAiOxQHCcd{Xd7|^|drcx!mcXAjv)Ftp&m|i(t1-%Os?aUEWBGOc
z)jDVqYgduHlDXO)sZF{1t@)=?S4UUBwhJA$0-0iaI0$=`@^RG)(k=z#)X!%T{dp2}
zhE`+k>BbJ1Ap?fxJeR0yGO|!)dA>wsluuc`N-~;z5{JhDPkf^+6Ct9DCDBV_P0W=g
zZic$gXj)xnVhn}c$#evLsd}_6*7`_#H52E!-$614LRqFs#VY(f1I72kEXMQ!LN0K*
z&)w}iT<nc}Ft@>C41&FUDR$0)s#Qq&7V#6-ktBSV9bzJ&HV5>&Hs|Ou9T;-?X}?-+
zd>DB;p+ABGep<yS6_{answPlz{uu~NGNAP}QLD>T5kd;_>p#&8Mn&6Y2=gE;gnste
zUiV8$8s|OrO~fbx_L{}AMiaRq(4Sf;Pz4m}l$B_q6376_zQ)1_%Ya`=R3?5d4+8?N
zNb=W9Qa%$Ze}8OdTI-`1GQ@l+-CCIpQbwV5Wu({)P}iE$iE1a9gx`u&@uV+ua4+IL
z<`dgx1=cu>AEd0f3Gv?K2pwBq$?=x3NPav-$38}^Mb~1^8q44>5=hUNagAA7x1;QW
zmnUtP<`g{!t1#D_+BSUDxx^1tvX*0E@`~{O#1%*D`0=L5G-$U(#}psgvse*?<Q@IR
z;M$}8bDip{%1n4#o20|g&K)z!r6|j{V^cc3>J-UyK3>ok&?!*q>KiA8*ign1P{(ls
z>UbFXWD1<eJMO~iv;qQn(2oHA$LPGz#G$EdSylHwR0cKM$K_f35O)LNo9w$(uAPH`
zhKho2e`C-dkzV$Km=Ky{nc~xg%Ksi5kx)`EG28B#ko;Lk95H<8*oza{?}p`M8Ubt(
zvq}hsXW})^Jmp^%rfCpituSwlnoSs;<9@JGE+IM2qpHZd@kPP1i>~D==)}fTPjvD&
zFJ8O%l|bJrA+W`X{ZTj!)XolRVF3!!RICV-W+yIH?Lyg-2IQV<XR7=Wtb56j*Or`}
zwn@@a=yLvIEkji<Q$xo>Ld_{k>l5>!m7cH)kQTy^0TBHU2@|~Aq(^!sd?U{gD^!+)
zN_2Jaghga#j;<PCM*&JDF!9H<H4{$)HKkrY2b1eX{iniwatwDti*U`l%e2CI6Pu>(
z91>;o;K`68Lu#2cn(m!BlRR`cO$u+(=edSiN}S(Fz!%q{HRcmXv9n^7H{37<4;Pi7
zi=n)9?=58ey2&BD>gMyS#nlqn7FoPCB@--Y%EQ2+fwK!1;Z;i&du+wHNLb!uS4d7V
zUKns)!K}&=jW}$nJlb62>5z)(cz6K-<eT5Jb6T%1edUEUDrmy{6=j~Jez5_tF<*-r
zK7XG)Fm<xmeMhaDOK9^ZibVL%h21x#5NKdG5X1w*T*qQBW0f5^9(O9ZfQ&#_gOVI{
z$-4`D88B$`pSsmr(%yLV=Sq16b83C5m9ujt^v+$KG=`6Pjx#>k0<92T!v{DL=OT;4
zW!zm~ju-~nm0?pQSa0GUa6g!LwpBY&cCowmU72A{wejs%a&yg~S#&ZrT`XD~n>Lf4
zJsa*g_EN#=O-EuYXBtDrFqy?jt-mI1q>-2FiEB{{gm%*4MvJq2vvv}+(>pdy<?ZX>
zh1{nS7ntFlY8HUiqv~&<IzeyV%&7bpTVTOQhq!tt9X+?vMpEcSY>1iGd8?BXgXSc(
zb`3JK+wT&JTx3=^!)9-Lw1~qS8{YV;{^*tz3%5#ZLQ$6if4*2Y=Ta|jdI9#PdI;x;
zVc(ug3du%4e7>qik@C()&!bnQ%X=l$$Oe+BW;dWx)?7mi_^lEGzvboo<U31E(~Cz*
zgBVcDZT+a_{x$bB5&Vcgp=%})zJL_w5ke|3%$Hq9@E4WiO{#`eGujVDLftGnqM4Xd
z67(<iy+<2)<Go@syR<(fwaEnfWek<ks-#)mEMz{lea$(bW0QOHR$143Tm39)S*yZj
zfyShM1=MbR!>viES6=~tAliUY$XvhF!KBbUi{1k5teEtmGma$Db!h^Q>v-d7RGfrv
z4Lx00^&)i?yOq|?-hSh)y?5LB>=Jg1_In8PcGr%zo1V<e6(L(o4?PGyi!i`pz(RG!
z8woQ8ETEgVH)HTuGuDK8KRx#QgxO~1-KSJ|>MwseN@iNq)TLbv%n=`y_mAeWOjej6
z;DpTIogN40uVyXj{`R!w1p+two7vRA94q?$;O1Y=L;ZgA`L9lb{A*n1r*qrjOa~~Q
z|G|V4P{{@5f-=FMPSMc16<5gtG4ibJ9qVlehiHNZVd?aQnK1gjkp*yM6Hf{mv{3u|
zqq6^amihN`2Gr<3nAHBS49J4RD1Qvh{PbrN+D;R4#_tEx0eSh~7+(IzXJ$$_r^k`!
z&UFA5?~i2l)8Vs!d^G5<%t%T2TZ-@nn*|jB5Pma`3dRT}515326CLQ{IW)m!j_;Yw
zZ_jXn==l3V_Wy=ugBhcLVk&>-lK&c(`{_8Wkis9w0b_qU17ME1`1${cX8&Zq5HR3*
z>^!G20sr8v0HFkR%?t=Aa9K$FN0a%#pYQxD<K7#RXIjX+{`Wnfz-EKdfIm-v0|otN
zWZPP7j}iIx@D~puu7wM#rLvMjObp0vyFezr4l*fWoZbQfCbnyTdz@=;!rV57P@I|)
ziqm(8Fd69ohqpJ6r+Rza$4i_HNn|LQBALoAp)$)9l6lTnip(n0HkS-#)?kOC%o#Hm
z8zGd)Jcp1unP)q{`>k_2bq=5B)AM@1zyHp8y|VY(Yu)RfuIs+m#*AP=`9uxgl@X2o
zYmgYaj1vrCs}r9F%>#dQWq$UpB*+@PvQ^S4K<L17r+EjgfeqFm$cR)GSN_S8rAD%;
z>Tu2`3S_c-NB$TPjh}t*a)D88LKcUyjvI%o=Wc(B4;X))hG1cw-(eq^tJ{Pu{zg&#
zgLJq%3@lw|e5nbk8aXfv5cC8{&;RZA!O~OD>M^-Y|449u^%+3_cO@WYj`|dT>{>}J
zG$lL5|I?B-=dW*N0B|_x_R=)|MF0PbE}L^$oN#qn2*(T4XKFn!GuVJ5+Ijl-zZr&x
zLupYa&|&-Mti?w-OTMosR2G)Np4?Wgk<4tz_smSsf1J1H;D0|bfNVJ!-~S^6-;yG~
z<#^kl4T7IFJCu+@Z!?Pge>fUQ3xqb(f<|N}&|>fZlor5{$L|d_{MLlR--Y|nQJ4_9
zVw-UJw;cVxv)L{{Zt~4`e#SgBp~Bzs&Tmb_wWI+9CCnaJ(3|H%Z#JDU`O)-^;GBZK
z<WU1?t&RfM?y_E{k&IrBsj40T`SUMJ|2V*(`96DL6nJII&dsq*nk}yY#KH!N%)Hed
zpFK?Qgb*+Z=6LOrm6nz+Xv$!mN2HiLpF_L&fc49Rc<Aw@y65pi*FI;yRX?$4p_9i7
z7^)}6)V^yGy*`DsnHa__zCI#ES$rr+WCN(VlMAldj|ATI-c16(fnag5C(dKfFXbmB
zBs2nM)EGBq^q^~I@O_g&+lBi`zdr|v!Smg7B>=qTn71V742J3ZtOE6G{TvX>mFIh)
zJs*w$OJ4Jw(oZ8_0|j#4u31%1vjx3et({k*-Mvuw`JQ4UG)zO0&c0qtThUkhQArAC
zm9zjl;#4JqZg=qvrRaxsp07JuHnb7$-htrTQWXx9U2ds&@80dSD7sVa8jl`Za>Ix^
zL(j1xa(7D%RPvP@v|jA`S|U(|#;-p3K9+Cl11wb$fPT(<02Q*pVFYPx2z_}`UeG$8
zTgC?chdDS9Hn&eZn9m{<pNvAyc{|BMXewyd3DB3W@AT|p!92$-wGk8kK>|#xKwl<j
z(-j2xotM}?#N_fN6tvF#=a7;V;q0@G>{nu`7rBLY7eATNHb;CbG7l=J)b8O8_Hi3H
zpYQBrY>NdBM(F|Ls;9m+5G2g&Hgi8ZwII7iOJ9@D&#|EC$-M+xv#|z*t~3WM!~$nS
zk5?W5h>P7z=b3ti;GVexXQyU>dc?|zupzzyQ}r}EKcD|=meTjY^<A9<=1sQwJi`1E
zNVY5|Klyl&6X*T9^I-k^$>H3A`!ig7bX*X-m^h7X;5dl6t5K;l1d)peoFj}$I12c|
z<UW)cD;>z*JW2<vN>+~s)^d4CnIWdndlb&r-uVq1Qz!srPeNU9g7Mak-rTV}sgwQ?
z=JZ5PQ)6V$T!Og==$JpIq7Rq381iWl;1U~Uo6F`6M_%G`TS?|-R-MvT>s?t0hh8Ee
z`SjlQ_*Fub!Ohk=L=Pee84}(YSwd#SBiODXl-&)EitksqNteX@q6sUDR9kWUsB%|R
z7#vT|;aXscPA8XunSaUYzCyu&cIrkM2}c|SY~90fCg2ry^<2R(eL8s*IicPh>7^WE
zenUVvYQ^Qs=R!Ui?<*o$g@7z1{e9;2dy3C5$HHu%1uTR3`{#wso_;WZ#_%XYz!F+t
zn{8qSf}we)ey$^sbWfPAs1=VcmV?=6m>=v72G(nfeg>w3N6$j?sI_*}tbLn7K3>QJ
zksXXjE|KQhx$J0ss`I!M^NNbgt$cu3#3x=31Zg_uRQi`C^a7P?6ljwMxi2z;;@y)=
zvaR$O>^riITg3GObmnbrBfH{UV31+ra$R0Y&nf_%YWutUb~~P38D1IB$e=Z7F^yqY
z42vToqt&1rMi7T402mrGPj@>hxP|5?-0q$U%Rd)U9aEt<zZ|O+8&M3+Zs=o;D$9?f
zKK9e*Cq4cOq+!t7TN^sz(BLFA5O5-SV8n$FXw=Ey5M+{3QTVO2I%&?es1=6pc)1DJ
zueQ-CsgpObg&NT=m8E(_y(_Kx$?j(O`v8{}YRU8fncZRD$-e67yv(rD`WKjl$SqhX
zOU;KHmu!=zg}DLd#Gacd>|plhVG!14g~`INzA;|03FkDMT;~knV2Y4<5pQ}5rIFsL
z6*9x6GXk2*6U=UN4Y>_hvN|yXfnC0>PlD$}>tD4vwXA21xui~Z02_Ds+O*jd^+2`z
zB{iT)H5+F;ACGc-u9q!8VIgT5+1MtgGk*7p@Iy1Vc;TMupyjUI;RxC!LGAPl;SMl&
zvccF}C@%INj&iYXSp;24Tyku2N^PxRSE`maYHmL=M4>&XH@BjdU(gaDq;2SCFEsc-
zJ$c5Pj84m9K!@GUcfPwhCrwU#rJ-d7^f0G@^;WXd{j~S=>eoV>RTuMBnP9!k3d3C=
zbL;cn!>+WNHCS6zxpO>r>~WGOdsi(xJpR?O#6>`}X>2ff1s^*Zwy->IxUPq<d8;6P
z;7L$owD!DeFIieeeC{nf2K*6OhZXm(GouI^mXbFs)^6+OILCNz;4<^74o|wf+*|Du
zHp}g%jQS-f=7ZgN=dwB2+=ge;qI>I>-4WKtRstr_A^bjc3PM44nOH;VqP0Pkvffl)
zv{I~+U8F%|`sYQ>q!?kcj^u@%%&ymHT$h}e#~pD4jAo17j&=UY!^;K7PW04}QXd<M
zIYEK83w@ev(d>{@1XN_};BW7G+lW2^o8o>k(3gfPCWcATbNgebVhlz-l=)-M(hVH2
z%2Bny6o&`$x#6;TOU0uxYw+5+i_KVsb~*~~&?xOAdc^2lQ^s1wqq5L8+>pSiA5Z#=
z<lHK{;wkSIZ>$nqlXuig0@;{p)6oK8Vh(H3E$8{jCsL}fxFS6JWD~p6B!AJ8LADH_
zNW(g;wHw}YDm9HZI~u$k57IBV_#ywJ-tc+<k3h35sY!{W0IGFMMG7emHx6(WB}14|
zv9SN*T}DFW&{+Vob%zU7qO4rtqwjwO<Vs7^ZhLxNyBUDDZN&?@6A}%bwI#h{_jw-}
zPI=O`ceTWxxrq>^bNPzuiPpZYP8vQOUrow=EY!{S?L_qQIRyODY-w?<NFW|tP0AC9
z=k9Dyx9&@y;^>`Y#H@DpqG?9YUl#Ipe@}PS?X47(nwv-32jm0C&Z|176^{-Z#QM)n
zAhTpbBTsM7#B|!?9sS&Ch4Er4y)7rbv)soQge7}z@i?x1nMzfw&52@~_%*$757(9y
zwC2$Q%Mza4Is^cjTI(oYNguTxlFU65$00f@uSpYV+B}(Onq5&luUi7hPEN|_V&>KM
zs${W|)xMKQY4MdOi!&KJ=T}!d@~bQe_w37nzCh);;mQahD&Bk5vKPRcuivB3_ikGK
zkz3^y;v!rknM!o^1uRX57h{EqbVWtS%Gjf$=IVXL_(wCE3Rs#wlJxh*`d31PO6k;G
zf94LH@>brsdFF2`JjqrC#JT=z2z8v*K;?qd;KN+J{q_(W`b&Mcv1@LD4)un)G)G1<
zhV#tc1oPgoYD!Cwp7P?*a73$xFQ}`;lW7=ub=^4-h(?GcltBtF^5#r0-HaN~m|3wX
z6f|HMcj#Pps=wOExudW)&(k+iWRPpZ?Mgxex3k8nOQl}2`%NE}SkW`a)m<Duv%MK`
znF}p#oO>q{FPquj62k`AA5Sb9vS^yy=Vn5*7h1nSS1n+<|BzNc@A9~3EsAONgJW@a
z!L<|zbG+htLDqNGGi1}QN2!U<Ax!yHy+Mz{u5Mm4uZIMTtLMf_Xm7Tj-Pd))!tH8I
z!v&b?IhpJ>x2{X-%b#2+h-Vl9<WBoby7U4%A7H+Q#opAM==C5TmZl_*K-YSM3d^Re
z4a9Wb7wL)ORjTtAAv)z!N`acxv2)w+hqsF<yY}yGf<({NMc2jkog!Kde<b-uQ&~q=
zLw8Lovrr{6S!OOBd?D>Zv~si@+Z}!(R*DHb*ZK0iHCKuQI6I+yp>-kOCxS%R7iLq0
zNL2*-rDIjUIC_fRcjui^Q7+kQSNz4+!qEH8N;;=RwxB%|&DoAg6>n~*m(N&~V`b+G
zkD#<euCP^6n~q;?7MzIfl@vP9)IPT4bd$gOQ$<jk9NxNN@+i@(g%cTd&l?0*@ZFP>
z!#FFLW_Z1Xh$5^FKfOW$!VhD+>+>L6Jp4UdY+(bk)%x{J&W$qA^ybZyWBI(J;z{#Z
zlkNpU3brr!wHReO&K3V`pU$oXuAM96FL?>(ig{z~OHCqqS?#COtwIFQKo(5QEx(0s
z#WY;EYlvx}cDNMVtLcm%M0x1ia1hBAv}aC0!eY4UY2Y!~R^jvwYfQu@C?v%uVMlqY
zE6jI$a$-p}4|S%XfYn(#F9%hu;jZz;RNjmBrSW*X<CbjHb99)89p1$&X$_*CGYzCp
zF3!qL1pM(5P1ld?YIqQuC^rAxxlm}a;9^e6>y&fq_Bqjkg!N~M8Koji+8^35)g*m@
zEaQt_{Zl?S<s%<okh!>d@Z(E82?JT`7aIhX5>>(zsLj;7k?GF`hohg>p7HLp-)%2^
z)tjC#dvYFet>)DJElo11PD$sQc<j)rD4;=4#2y9v*)`kb^f`9cgw2c^Gse)hC^>1N
z5rlu7R05Pbxh}E`!{WD7f?uu(r-rDP#<=Iv5ZguMB~VHTo{_bZ>(g*|q*oeORY_68
zXFc~M^+T_(v}tdTnwM&F=Qpnw#IJQFy+9@(i`^IaZ^#bo#u`)a(;K;DKO>j+Dz;a5
z1)pGhvB~vHdZ_YBM{B|!wGs=<_iYoQnVyoX7m{N`rB_^6(zy>chaDJmd?vg4xtGWd
zE086l{>QxV*+>Egx8a;o$IRmU5uK)y2_Mbku=sS9r)eshT}ijGJ4HTimybO-;quv|
zcd3_WObS&Jtr<)Xq^1qYHc(%L@!v6Vqov+w%N}Gp89zw_a{NPZY=wf(>d&A#OE||o
z8FBuyN7}q-^PQar*9PhK6=3R#eDc=BS7zM=JSFG^I_K!VxmHWMs}=y4!9Zv1RKe7{
zlY!hA;J>TVa6M|U+h#={Xw;OxMr5Pe=ds@Cox*#OW=LmSXi2nq-EFLEwJdrV2DUCa
zcf3by(TtXzr|ZlcbxdjHzT0~JUE<EqO$m0^M|6NOY;Cnt<x1Hx;#u9+R&a>)NsgHT
zxxuc^gxCEDn`>T;E_j9KRmtl%nPG%DkbGXufQy-Hb}mu8$So+<O4OW@242~_V;Xl~
zDZ4sNQ#=1$-EGN-9SN_c=xREHfD~wcD75HmFmTJRNp=BkO5}09=^t+5u}7JoJiA!W
z`@wCBRZidcuz3}BbiGi3szMec-50|9(gSD;8if&kz{l3=?yKp{eo=$&ij_TSX8u_4
z35Q#BPM{D*^>wUp`h208d4M-|x%icZ*u2uEi^bnU+|!S|c(=G%C!kg<yNxSJb*art
zoyB69JvuCGGV!??sZS2qHMN)VWRDSsL3rz1PLIC0$ueXXkx^e<oR&(HD9wX%gPKvp
zh){q)i#sF=C_ph<*O;O2=KEc@Mk^R5dMHs%9z?;N8&j+YpPErbxK9INH%;`xN9Tms
zXP$X^qgKeW17Fl9k*x9*wX|I>_6cZpXdt>{Wg&!VFf12HE45j1izhlX(cdkrVoDu|
zw_gvD+AR;Y=m0*wWqgf5`q^D2azF0jOA`Epva4^;(bX4=tGYPpx@X3RGLkyvjDAoq
zc-opUs$US&%6aF!K2z9;(RsR=Wy4{-yORe^`e(SOrAd<kL5ZsTv=>Iox>iDV%F-KL
zrpsHdNIpYRawl<KD!TTobv%)!y^EdItK71Z^W$!uyBd>rT9NkHiQ#1udfxAN4)i`!
zcF3j^Le&f22IsBqzPLJ(Z)kro)!9knX|%HV(ZlBNv4i=z*0+BM%OxjLo`@)mJ8H;t
zc)jBeZ$S#9-g>o^z!MuXbGiMvBtv?8nkOg5t5|~bDm9oY#~g15CaZC#M8{i4CLHc?
zRQrRzqkrA+OV``(nSoVj=O;TE3cRyvM?QGa?JBJFKSSp>yp|x-OaU{2$vUMt&sEp=
zt1V{IM(F5apwhU*fo&#Nn7tt+0zeJFp@eujJxL5D;WGUWhv|nqxr^NC#RC($O8r-u
z4Gw+2rH~Pw*>&fh$gUCKXX!X4#glz=4J7HM!?&Q>_VCNRO^_d?8(w~rVrlq9jz~2k
zA|%5<W-&L+{|xDY?J;}?Yi28cyfs$RcdM<Mns*iY`^k=&#sw8i3D%yqFyh>m6-ti;
zkM>+MB|0Lv&bg$*Po{?Y(NdSrClcA@Dl>ij+;qk{_k)}W*Ubi_7Y$mhn0Ia3)pFxY
z1H;?>6Xx4F@8NLjFGjj%GUoBB?Z%SP3GJNMnoOFm&s~UeI8U9xrO_1TYpi)|70bJ3
zB@{q(AE+ThL_5+Ch!!=Q@`aBv6JhyAsrPZ&Wl~<x7KqB|YZ||EDD6b7D!S9o`pQSM
z_a(!E71xvqQS?>`laB>g*S&GU4U^4lZV*8ww$vT`AviY_Ch?8#`uqht<pTR;-ejw$
zitG7G7T4N44<>ibeUh=@9x-aqvyN6}GsvNpvs=Aj!B%oM;wW5&7OT&J1W#T40%T21
zkDm|ZYt-0Lcrowt$Z-nvoSwxw(?hq94yEvQ@!ykEPn+S=DNxa3F|r8OF%TWg=psE2
zO19NA^PHAf)ZM3(awT%aywe7an#}E<rAWv{OU7RRVk8zl6yGJYD%?8qC~tJ3PVc0w
zKGWBE^R$Z%1Uy92tzo$~!R+9i9^9cloOgLx@+y;bAS<TfxSjCAUS*L?p~p(&jY49i
zv~zB=YyvY+p~}fQW|df*&_C)HxKRJ3AOhwi^>ULVWaFP}=n2b5x7avM@pU=Nx{JG{
z<yl<`Akd5qyE-WsyzHn}a>A+rt)X3FJ6EU?sYHGVb2koz{cc%<PRZzD{`_80N^M`B
z1qqZQ01vW1A^OJ(O&>tTgOf|@;s=l?zQ}p3o|t%b+%cbQ;5>8IXsM!De|%Skabn%b
zdl&K@GbOac<7YW7-?gczt`;2288viB+zax<QL<U4Z%bMSUI++lq$@RXH|M*OdbtPl
zU{u|d#NY2=GFW?GRmN!$XK`G$r6DGPp6inO&6!+|nTk8}uk0LY3-`1X2nwdjOqkjQ
z=2@#BoiRJ5cWvoK`R<g3@fM+zEd}&>?UpTP7c!_y72Tr*lB-0r%e9nkgI$k41Lxr+
zO!|p`=4>yG((}dy7M0THRu0zl&UsvF&f@C<g2t&NrT(&ZqZfuR#jVloGV7)#y3{%I
ziJf`-0~qW}ZtpYH3+VjHJ=i8O_CnDf%eTr@C-_itb$Ga}wSg5>h80f(Tk|kznq-gG
z;1^*A-(mM(+=L%+uB|eQ;m4*{%D0K-BZB4l^vrs&M{rpDe^@OW<(5A#LYHsz-c4)w
z$cpLMNWTtUc|mrFb#IDNtOmd58GUM;hRxcfVFAxwUQZg%jv={LomWf({b%U<3*P3b
zZYRBIchD?SwmC@&8E3lzn)MNRSICYG(=8PwwN+%KUB9>UoH=AOUvx~K-Y6NobY5&C
zPJ0}k==p#ced9!A%%FHQdOWN(uTn)Uo^!G0eXL*s^dJ}_8{@l5#)m(8iUhuXA>5h7
zNOXdfDQB>$GMQizwaPm#Y>}_@;WnK|K6jUa<Kf0doyaqyE!jt-(P7cHE+t*D2}5RM
zk@x^JzlfFRg)SW?y(J=;cXBZ`dDbDh&#GMKwD{RMGA!z5qm7TgiR@MD9&3-iKpkYB
zt!n2ql~pIUnzMtytBOe=MjrpZF0g030{dJx;Vm11MKDxstx>l7-KbzN&^W*tQ8z#|
zRexx<z`GGEyI1^E6P#caANA!C?|DdgoNLy1h^|w7Lr*q`GCu{gEf)0q`X=@ue)&$w
zTK3!u4tq?3uCTx=SMY#n%&^{YDer~Yd5IbSTx-xEYzhk=%Pa}YaOe2u=uStoj>Qn2
z$lI5B#`C_i*ei4CSi-r}mQ6${UmfDP6ro!XtR$Kx<Xn@eKe}7aVRZ}_6!pHEz;g{a
z?K&3gJQ=vGqJ;oi5ze=FY0tJYUj9OW(eNK1`sO4N?>-orU_QD~+iA%i5*5scd1u4M
zyOXSFMparUA#cqk#6wQIL>NE0mTt0q`UC3AY$2o4WO!o*o#A7<RdXv~pXD%xCMcSX
z=g2BS`1l~5C-G92X;ipp!qM}a%Uju<W0+;D+<BqSndipNy{%$1_B2n;FJ0@h)3@u6
z=UPXbz6mdGYLK0xdamO0T1gvtjjdm8m8TkC%#K4-*5!Ly{9U`oH0Wkp%Ts^iquj}6
zQp*Vfd%i^%&2GD&lho>=bem9D*5?I_=RHA|d(_m_bFBNc=}vfZYRgFMQ9=3Xs=iLW
zC?TnFkC29vaPQMQEW{TM)xN%|K+RsBMHVwvvhJRe_BEsKamR$ltXtt~%JB8XlBUG-
zn(N6X@x7w<3c9;jC_HkF$OHQ)POfNQYU!H_QW#N;D1KvAf?uepZ!k2hZaKWFJ(;%~
zx&qQ_<oA$?>{O`BD`RI-2^9l-sP;5spBp9AU0Kh{&{x!0G#O9JM}Ka~k~uDsE3Kg(
z*M7)r^v<o~7s)iQ;>L~r`?WJ|j{865#EmFEe&hXM{|Q}Y62%i&KLpr}`$w)>(W)O8
zeq*xT>??PxzGcN_*>~x=RK7;D?X<z$M&B2ur?*^1<;Aqeil%x@E62!(+E){DE*vf9
z?Rol{M(HRzJk9+!722<3k6)zu(-C`fWaz2?VI7xnEN1~t$;HLU>6mH15_PjRP~6Eq
zx>wo(?}2l_+DP-RqAN~Kyb$|PCe~TZ9A3V0`;yV7r*3>NuJ?3@T}tqRd$KLRY2P4d
zG3;8oV9pVRF~aqWh^-9=8<h?kRr<SQbF?3*#%PH!Ek>tHu8YRSx^@OX7gV1%x5G1X
zXC^K=wP<@Nk4@gwK*_a5a7?R(Tdug2E~p+is5Mk#RY+#PT)|YhK40u5g8z`xQKIfw
z)_!HbjDIzT>udbGZ|*_2XLk~^sO%?*y*!Y-M|IuiRo^L&RmUK_4Z&%ry!Ka9avWkr
zj%X9sn^X5lEHf^p-R!TJc1=A>f&x7((YH0>7dR#|-~4flk7UF@wD@VFM@Q?02c#v-
zLy=WH^7G!xxuOr`pCzoHYD*JM_6X6NPV(w$qciO`jr|g?KUT$N=PGR&)N*Ksx`M9A
z5$5Tu7Mtb5$qI@WV2qAzg*AVsnx|^<@TycB!}yYKgf&?Mb}wVqD;V4!pkwV2#v2KR
zPsLaU*sTWjkCHw8#=iDk+0C5#ghq~*q4`|Aj_&b-R?MaKTdLGMsFlN|S6C0<I)gie
zjz?v$^e1#(4%0Q+|EdxdGkW$`mgEESr|X;rfUWeu><`yd#mHYC<MbxAPd4%U_MsU1
z&i!-}wMCCcLyPU=1v+lLKRTe<S0JV}es5^l?UH7wp4;8?wLFLQa51Nrl@=;eAI-Be
zt?(r-kCP=286GLH7@vx(OFRCBu8!Y&#i^8t&I^GUMvvcUoRBnPYhZViSKbZQMXhYB
zm`^?Gc(!CGl|*jvA-m^qZK(__pS7G{bc|Sxai=9Kt=7)<;4g0T(?vNO?ia59Qcr%N
zn)ZHD#DZUzfrkGfyd2J)V02Nl?0&?;kbcih*itc}!Ss2L$q~FH8A?bteiupr-~B9C
zJK>I>&v;P|lXD4Nmkz&c)nD(8#Fx;`znT|LDSDo(VG?Lfu6}{>z2Z1$`dFefAGBi)
zMf&4YUbnoFZ_DS2lrd5mi)EAZJ9ta?qg^Trk59}z^p+;$0;-2Lp(JwmsZTdg$r%fd
zp6#H~zCc;k#5@+AH9GhB+wS^tv^VzrH+L;pdN4aif@aL~4|<;;k(4R!PIh~fL*PeO
zJ)4<#2p2NlPYGr<wkKpHCV<x1@<{5acnwUAdju*KQ;5!~;Eu}8tI)R2LD!BTzmnd9
zzuQlMA);~}H&y&XKe`{gV>PO>5gU2F<k9)VIL`FS(}3Yc7~cG%GpfrfnYqm@i_U|#
z;$}>DaVu7IIUVF!YV+r0-qE_Z6vUxSs7UAH73$<M4JGv{?%sU6Xj}c{>>lXGupJ|_
zsIZ9icXv>-Q~v<ah??Eqj21(~k1dC$l8W!PY4}TpQ;l+l4zopCE2`B78S!MHA56up
z*Qr%vhb9HCx6*0j)04>6FrmcHzWiZ)<Y?-s-X+GtdlDgfiL1iPsIkNa|Aq5Z(v6c1
zSMYuWl~=^7weDR^6g9AP$e`|RvcU7k>sS176nFMZJ!SG-VJtWtMJm=dJ&Uv@m&@LC
z%d{1IqAp5uV}}m2_i3E;FzcnR%E8-No;@Q+^@RNlm+;{<-}$!eA?{F_DjEMY%-jo8
z<qY<(roB8CD$#EBW$(*C!eEuVHZ*$A&DYITPb=Ry&qR$i>_I0)EU{K*6Zj2(UDna3
zLL0%&zZ$3?C~~izMTMMT1+RJ7JIG-~e9nJ8Gy}y*b!<*Xcm0O2Zc|BdvV-Ib-;=dD
z)Z$86(veWWe|f_r#ph99RvJ~-_*gx<?bO%Wx=eh_$ZGZ5K8<-iA0_h&njA5_Z~r;2
z36=2t>z#h;VEXu%RNLlI4avUhpJS)zGUitrql0MT#Cqyt_OWD28D0QEtF>xZ)z+Is
z_lsR=1~_-fR~_=xRnTJ#%<v#@V_=WqjFgbO)jYSDS*fZeFT@&ZWNuZVSEiFG|5??5
zk_W@tC2h-N!b`I{YJ0~wqV*eac&$xNQ{(--%^&t<0^&l~YweP@%yU3uUBQq#WX{{R
zN$F&u?lGoS)^QmU6urv8Tjj@%^cJFr1jjIU7h)H}vYz_Mz3x10!Q_|!iBq_WX^^LY
z$3<bkdV!Dd#LfwnL3vs#kFiL5>*%*U{9%`{shA^2CQuVRjBX0L-1p~ID<6&tm}O8e
z#uMf~ap>gw#(Q|Wv@&GhG>qG19xasdy!nRt?j9-;`zJ+5_vo*wi9-};d@p8!dTydz
zUEQ$SpB9;$(^GBPpvr2j$JJCPh&M>Y8`Ll~M7a)~h~9r9L8Mf5JigZ@%|7&@*zCtw
zwvo9$ewVol6$uhZ&sj{yC(JkWXwbG_@i=K=^`Jw2O|*5gAc&A#O1{HvWmS6>r?WF*
zZ*fJeH@e{yT;=o8-e52i0>ml<@$};%7PQ2uS8o^gwUKh7_tjN(-kUm8=`XkE0AaF{
zgzgb4`Z?wWU=AB;-*2HiX`D6k$g4QXq0!LIE>&J>y;`ILoAd5)3~JlT8MbFKhAgxW
z%~!Mbb+>DJoLM*Gy(DdzLpxuQv#)FKj=9Cepx(2O^d7Xw>8z}3j>is=(U)N6Qci^}
z>UGepV6SD4dF56%b|$q32Wcy5-RwBP<9l=h)%_y7nmgt5KGw=+tdZN0oswhTt;erB
zDfA38+m>D}+FmCW8cM8T7BFs$>(7&k_AY9TYVKw3<ay6q_@(SZS5MRAgEzd4Mbm_x
zg2UUzP1EKVs}y+BsMo)ZnDj*WwaR<nY%weehS`hdrGen8<HC4hX^*zM_xW}TFBb~b
z%4okEUqs_YBu_36E}d@i5FcLJ^~URU<C&WQSaz3qN;G#~v6jSi!tk<A<Tokli9TQE
z=j*4XLG}E$ILo$M@lS4Y;Eqh3TUu*jdAiQ5O)FjPcaNCu_^m&-6H9C(P~5rQ9CxH+
zJYY&Kb3T{A@1*F@+t2bMhe`sYtEXMO60Kils8J=WB-f^K()Z85rP$7g4*QZTi+SF@
zqPM*wGHUp;l|1Iz_oMseZ_oH!52((j=ca$-xahOz<~Bl>dJ6dBIjM{lH{=({{`m{Q
zQ@q7Y6C2&$Mi{0=!0non;@_h2)E-3h?q)3SATXw?Z>iv}OkJPUDmCt&k%51P{6zoP
zBkh<X2`_6!iwg-C$CaG~szf5=Tki%>l+S)5VZrT+GBc!vEQDxwBMWK%^BY*UZEV5D
za<&XB2~&LQ4M~qbJj%R9M|uFh?(e^W|9o)nCOwKBB{9@TiRRn!RS-v`g8K&QUjp8A
z)&etokl*q1UqH?T!K+5?N;q+uB5i8XPS|m}cN@V=WuSuX4mrWbV*dIL347v@X|*T0
zZ;$Ww!ZK*A-Z3MhMm_jtlmGgs8yhjU=V_&)eJg9#xjpC`Didr8uo{)`t1-u6h%+U(
z{qp%qyWsq|v#E6tdrsXWvY3>FEs~jWO-<v%!D^)bwHjmOw(=>48nY6kbYCnmHN$N^
z^xa$n>4I4V5qtV+{VfNN2?;XU#4_&RA9O#t#oX%t0eX6Km)6@?v(G<SY8Mlsh}u^6
z{!{n@O#^(;vH$cz5`oyURGFY~7To8jopR@Ro?@PfFk4uVpn_W;*6%T?X@5=T{g1ud
zMyPNY{_Gwd%j^^}Dtx=+fgbo45BL_nviEHBd!#N6o%5m#X8-4^jrYPHcJPEax_V)8
zu7yF?u;n*l%a!`PA$obW|9qUV`5Hdk_M;x^`W@LTiFxOlyZ96gnbk?GwUrv(pC<b(
zYC7xLe`Pi-1;=*$r3LWagmS&;;Lvvc>(EHy(2}#LoQ7^q-Sf4mQ$_3=IW%_U&@TV$
z&@_=l<K_vy%0!HEdbz;R0=vKhyAV-ECV<}T_aJu(ukc`xtgO$#WAj|Su8%%;nrUWH
zwJ)1(UOs8BTbX(sy{$~qz0x4?A`x{)_V>M^M=_nT{ORzK|Kyf}%dy$sP@$PxtQs#3
z?MlDDp!2UgA_$J*K@ovdl^o{X`~2|{*iixu>?jpFX}bUToA18o$5%b&CQO=Ed-(9}
z2?{T)$OV@mb2zXNSk%#t1M~UUfqBD$Y3kk;nU%o2E6*KHLOvcjFe>zeX*F?kep@LN
z^*@bb4`=u`0ki`8W=%O8?#dq@tuSDMc+m|L1aGqMU%!Ed;0jK|n0=;ZM;|*yTU0D~
zN3ze52q|I?{>~xkZ5+}jzX1;EC2uS_8(aBxg<QQfD|0C+=lmk4Jcr;FqWtsX<K?#Q
z1jMN2{f+{j-~&E@4*+xGLyK(kQSieyH>YL`Tys}V_yNqb7yob^HznR7n?6Hug^8(;
z{lq8ha{cWU<CFiZ-<MDC^gA{VIsR{%0NAC}KkYIZ37yHQ(os&}Px?A-HQ+FBefK9<
zHotM^TO1~Yx+=(0e(?#nlK1RmJU}5e|1Kb4R~1)_d2Zfwa`Mscg`tj4(K91&suud3
zrU>_-|ESB!xC6%L`Q7*+>}_U75H6|}K8NotQ)EgPl|#bCTL>2pea4(Mk6-;xM9L*Y
zJ>$h$j(C^-;{t6XU`JfuJF*Zbj2E`%W+Ax^T<enm)eZWs3p%l3+(G}kptq0<s^jfy
z3m3F1FYzt1N67u>MI79~zZ@J5;^0VALTq+}!M86^cYuT20}ig!8!`AzJ|1y!`;wKf
zT)A@Ue4<uLu9Ai6*~z?<b**11&v1z4QPkb$xH-j#NpO=vO3Rv!=v))IcovTh44?~U
z`=@WvWPvcloqDGDG+5K+F7+#5O_E?uie>N1DN<hY?ng1n{mTL+z%y?C8^OS@|I5db
zBG=7Z^X<u<URYO47e7nzad+T^U<<eS_<+rqg!p{Vf9<$0;sdg2Pn$p<aNC^uID`~$
z2r1C8*&<Z}=XUkzjT*u}_MI(aMu>A8+^F(~TKvby`ZL2%oSZvz=^wezwp;f|;G{ki
zy%iBDQ#5(q?UPU7*Vg+}<^D@%CGk{<P`0XaK>SfKTqAkp8oh&S6y4MndDUVusn=$F
zE?Z1w7>?>*^mT1E9dJNjHr4<(2wi}GeHLusriql<72LJvxBtCa{U}X-z4Tk9UhI9|
z;DRLoWdKs(f;LHM6gLiZvwu#HYSHy)I00FPWNz>yxD#i<Z-i~+2!#L25q2Xv!lnlb
z4sNr54i0Y91KnaX;b6*D+=P(uqlSc^8$ZI&9--+>Hw=@=b}ww{i3y$<h&~q~`mp!O
z>_@GTM+y8^bcNmczp>Z<+%fu>t-Rf$!Sse6HP4c5q6#7W?myB^i4Nq7E|7j^WbR`}
z^`^%{L?rvPVUT|nG(Q^*lp9;!p)Iz2EBl3fg6&^E(VjRUDA4!WiXD=~#UV-DXCI$A
zYnNHe38sT~{g+p#L@<ya+`ihWEe-Cfbi-Z!?q2_<DIpyo9;?=KP#68zIUm?J`0&jf
z*8a_}1J-GlwpnVIw{AA<`v1GHL5e$KBmE1+z{y=F25}*|cJq`pS}fNI<)4cnJ0)=Q
z25kDNLM%89%U7v4`<3ec^mmQtr#{-&kuUaocob%S%Na{f@c|hq4n*Yn61*$_cuLIY
z8_7r4+1g8p5V*4Y%>8nNFE<6;7`ISKWYE9|(b(@>o2@g9L+$>N4nqZ|bAbd-zl}`V
z>lhy&gZP;=EsIso9~acQfg~|{zVEa++|advLi$n&mskI+y|50R$YgpMP{ez!kBG=q
zhtvT9c;!VIDGzl|pK%ExLPz!LcI*}PIsNtJz?i+S$*Y5i%D69Eum~S$HcXOGSscQh
zy@}{xQCY*3{#0hLTg`+o<<E7YKM&G!Natzmz)_-w2KbH9;LZM6*r+>2*3N32zk1_|
zopiVt9mx@t(>ui&L_5a6N*Ac$1&6=F)QO-g{Ce4g)>NbGGAGO4gIqt=q1UEQn4CU`
zK4P@(vdZ@cH7|CCYp=JLej}4u&t@a|IYFytgK$05u3Yh!7^N=x%Ktc=iv9e?m)E!)
z^7*6{`^UROIC!U;wokuzMe9Hhd@T=y`%+&Y@W}la5b3Ty%?xMFND7Lgy(1c!24ZEA
zY3U_UT3`g#=(wSqRm>i)k51c~%!bqbaw=+&rx?rY%CFn9;Fc~ZWFrj|B!(jm6Gh=t
zZxYmu>!({g%XkcztJ_CqP|m7LABV--m~JLUk=SwLj)3C$<7;Ik(;gM28heL;+wFnr
znT^uspQZn0b49`R)2^~#7}*Jp8_uZb9!;d2J-hz8;GHDA3YgGE;QTVDgGB2wx0N|W
zA6amR$l6r7WL2mg;Si$Yt^@K#16IN(OlnM5s0|V2^ghrL-wj0Zt2&nh1<HW=&m0B3
zW*>x=E0aG3%}*bH-U7~#0CGrHMSad6O^6iquZsfNvp#rPfg;kT*vT~`%@*J1NybaO
z*yCc;?!G!v9$}H*v5>b=ipXwFA;RpIVC<LXTeNM8Gg!+<XH74V97rzAYLGo3;MVAm
z%nV4%xgBy&&281|1L48lbZE?_)Y6zE4_?_0=P|xt0b`|4e>D{GR)JyO$;a1MIC=U8
z2+jJ!y9b;&&|U~~D~72FUqrRH)s1oy8LMCrP#`P+>C)a}_k?69?2hr{IVl$0IlqL*
zC&55!%i!83Oq~hD3VJ;uMj`y9mjE-BBN~oV-~vu9U|&v$*SQ{UJzz$r<IxV9!R25*
ztqHncN~XL~Id=s|mF^yhUTID&1L1iFrP$cmz8%a<5;ZyUVxx(q4PUeC#E!q0s)`ou
zvdrd`h+CYWg)yhQF}~;$(1RogZrslKtPb9iwHckgGJm+yx*g87{cxIt!FlA_bS{3N
zCBxnR6zI~GLtC-gRWV$g>e(CRd~vsxrfBQpM4=<YPaM(I=(!I2%MEasx?IJJFs<29
zG~P_2sMMF~J<%s^(9{NB(qt*bmM-cTKh*qu=I7k)H5HPqu$ypoQ+Q7G8*$Z{5>eY6
z-e@afoyf)x`izC|I^g^)OsFfyi_SRcEJmdZ_-?VMo>@}gWizJ|N2VK|e!-sja4MGT
z(OJt!qAm_|%P??6F9zd0Rc%ztQL~SSy<q5xa}AzeAjMv|A-@FwL67K9Pl0Lh0Kq=v
z?(qkMSyfCf(wUO^ym)wC<4!n7vXm`MatI9I`{_zd_cGZv1zY1)?{ACw5@sBxdsu9o
zqI<X9*z?3n9RwiFiFRKZ?L$-wUDI~a(d>^Bw9>0lLG(45CX#R2!UUN>w$4332KO1S
zCCR_hwSG0&PxCQ3Fm?e1&hxnn?zA8(fG^f&-dEKb;HaEc%M^EMtxFx53%7rB=jU|u
z7W+fQf|?&%x$=5p{n9cZ1seS;SIgOZ;n7q~e?j$U6?jw`t@vOGygDN&Zce^ALUWh*
zd2O_KiPMRVv8E}Y#G;DhFY^iU#+Ko@>-8-Qp2-p1jgTg)l~Xc$3woN2hT{~0&l4`o
z%N#%3!AEsMO|j$jsP36S>AeCIBqYK@v~ib(k$EIfK3O}>yrF0Gg4O+8Om5sJWg|rh
zL{O<v=Fenjch)HQsGWXl@GNZOsS%SHM5cD3jhXwwYORg?2{A`*9KY}^!Ou=c@z||~
z%;^<ztnWsIi7%?K{i}phUFX33r}!d|*}s3k8B>EQes2p(RZzj4tBYM!dErFMZPkhU
zAg#+<Py{nX<jAl~tja8+(a)9Bz7L*`v1+%-D2iDIQV<yx&tVJXHI16Hp?e+#Ehovo
ze|*~3hz|e2Gz+8*1%qk1POvlHLWX0EOcahEkjqumNK9zY2|iSxG^wR;MWbOTlLiRp
z2`>LCK}O?7nvdq_FX#QoJ70=O{nWs`D9-_rg5AaY=MFnGaGc`OZ}>Pn5Xc3-;UhsY
zX?HvbWQ{(F>m#4OQ**^Vi-%{>!f;hD^+^nyaCN`R{kI1TBM6yV(5eo1Yxk(C8W>k_
zu1Zf3p)is)CQdNc*sEnIGf5*uPLrz{R$b@5kd49TO0xz|M=jzwf;hIzR_9s&q4r0>
zSoLFvPBYRb5oe85!@a$nYtJkm+uLUkMFlZIZf&pk06!qW`0U;%K3z-bYSRBwq<U@q
z4mu<Uaf8xsBL@jXoEd951nY|pp$7yQeH)ZSsdgO-O2y4oSMb)hA<u0rf#uUxR#uiF
zZ;+%;viinM&A`JwZ-jV-#563EgITY~VHmTlX&SE|V%*6s$Y{_By3~=j4OU`^z+#Ml
z(6|UlJn!bpmYvr`!vhsQ*y6c()i?6<CXH7$A0s-mnHlEsoY{$wYSkFDGyLr@Yw&B!
zINYC#x!!dBU>B+)s%B?j1=Ya*pKXsEI_SDtjs#_j6|Ddl^~@oS8&cFq^Jbr8cPW!^
z$5@7(j|gH#h8+XiINlq^1g1N*w$z;L!Cc<Q%xtq4tyTli;;_*cYN{GA8Y?Kt-Sg}B
z=er7_K%9^!T6FQF?S1{!7S>R<CzI!FwM)_XNuby}&EerL?A5w(y#jOp9_crQE2>sl
zjYB#eJX~F}(NaVh`;<n6!ak%^LC5_iWkA}T`$(!$5rhh65VMatHrQPpr$da2k@&^0
zN<$5B?n>4n-93PSL_iXRU^x2fm_DsoK`(jSh%81mRG0BpL&E{%#1YvTJKK;q2N*}W
zOmI2mOVPfFln#UIROxXxnQ$&{k#T|Uu(-<#$n2Y|{z)p)f&F!NGVZg))G*xTNuG}>
zIF?Kin^3@4?b*=4+Tsvu;C;=W+|Haz-%jIfe`wKmuH{3aGAEBdah-YB@YwRcarRsJ
z+1BGJ{gm<4>f)4WKYk4PPi4|AT1eq?bdKE3K$f2T*U}Y{R3`LNewqKN<ORP7J|Tx5
zr(vU)I<8v%Zy+|<D+s7iqYQ>W(tZ)AsEB!05VZ_3)5KLy_XMJe@0vFKz)bx}bxO^C
z<I*IPa|H{!-Z$)HRn3J=9;BP_E+|bZE`=V8O9%)@h90NwIm#5L?=-?F*Is07xcwwv
z^~jg^X|i`o#Si|3iXgV{MuFJA_djgk+M8}(b6W52ei=$BoaP%r<49_6I+9&TlG6@p
zW*K)%DwQwx=`%eZD&+@hF>MH);nY}CtWm21mE-3N)SQjSWA?>;^EK*$G=20qld{@^
zf;lp~`&ipqY@z*fIe`85m<DK?l263)WVa}LR=4WgF!r|PwlD(`=(c%B(rEiV^WG$T
zRva+dGMrj+vy5SW4CRFs0_aOewMLij^&iCDA^4@#+`|5wF=kTj{!^^i*%|Sn5?N4B
z$oBQas}}kq)v;wS<uST1E=sn;3sDi5t38$nu@s0F6t#`rF1h`DR97?zwZjjZQ*oQr
zJfb8zK=V;kJ;Coylo8JYyba9=Fh<29s(7jYTD{~>nfsNEIQ76spB;f#Rmqd6E@?<|
ztSLdsf@dn_99Dx(7B57J{_NO)mqYfrd`1hkaChgS?TYr6&3n+Se|$r5zrT(~;t+xk
zjbR&FgC{7euCDe@734Mx*0uU?2HF841+{m9{Z%$pv)a`zaQ@{mE}mVl?{<XRI0Z6}
z1$p!5AN<Utl0vL9btYgyH(2MTwzt{+k*DrdObbx4yjbY8s5+(>YX~B9lDYbRx<``V
zXF*u;*2eYI?3KQ6^n{wxK&>d;2$31=Z)pSyxC91XR$xHhhw1OCZKJvqB(^f5vn!wT
z^$4aOvR68prwO)r?;zRHumnWma9Uxk-(?~94O2^~{B?GP(N4>5*7!R1OC)_2YCpTM
zi)IKe#qKiy&$x2vtk9E<{zx7#@!8anr_T;}LA1&Zavoa>GS5hbymqhj1EZUWPNAe{
zV3yefH@=5f-`1A<8swM*^ZD&#A{>QIR%k|!)isT-P5ta?Bs7VyrKoCZvDS&~LC;*9
zIGqeRiNtqMU<-_CtB!Y{7F+PaU!n_uewqg*Dit^Xc;nw|+HMJWYzf-@R?8VMq0Iq-
zi*}Y5unj(;p?#;~_0n1e1tu3%>sni%f2-dVME+f{O|ML`s8X@0HX`@GLj!*xfWHaZ
zTuTYv43A*h6aj?2hURfO$eoIR1bgo5ahW71qdh_#7Tvb<S4^Y+z;+rZ1GD&tWl#k&
zwHi2fzW@ibKx;}eAp@ptcWHe#6A1*xPl&huWmWC$#qjo2`O*B3Mzz1>Roe*Er7wbp
zAQ=>e%hZ8d_)E}k`$j*1Ldpy4K4Ls#0o4WZ222aflkq{yftNt1i8X^K#>k)|C0>#L
z*|xV4&QQGssX|Y_Ivd<{<*E9)(WdgeF6&6g`ietB0%+R%-ecDzh*6@R?^|jiUpV#G
z0uT9AoWok>b^KAveyfk;Z^yKaFd^i%(#h^-YQwj#W;dBPupBJ3IvZ3{S~|6)<#H`&
zEsHkAuQztoh|?GkNxj>f)3!r3k4F15D}JsHwiAEmfMN(<1>@hHgJ0-E%?lVNP2cmV
zdw3dBn((<NnGmI3zVyCmRk8u{AQof(JTu;sP8u6;@^1O*Pdx=14wgO{f?c|(gV0y+
zkIbzbJ&2nlxmMo|A5pOgEe!(<iG80j;xjJ`gN{J?+VboUxqz?;_Tk%S{?2qY9!pd^
zheJ8k4rLpUSQoA-wo(yYY%C{-;c_9WS<;d?Zc`=q{Y3KVNjgD`f#!twP)+#2!GHX;
z2NIti+kPNP*5q^i`jJXD<3q^iO->|F@ZT5ZG!#zBUgn=4`wPDKl!1T>-Hc=oHx8?W
zsy?4q3-x}>Pws_1chQ9$i~|+)9rzGH??L09c>NL_2Z60(HpMXz|IzJ{i=7wtqgP=7
zf@T%|Pk)kFsrYL3*y0G#kVqW&_d-w1@%s-JK)>13SJ5T^3udCi3(d1X)}aPErr~iK
znr!4q6a13K&Z?~f7(gi$wfcKJZebVn1GifD=8L#D#h1a0^D3C*vuO1}C&gF#Ol376
z5n!hNJ1f3;9H_R9I!B<bCL5XO`<xXwx9#XvI_T_PM!-b`I3wEPM|c3%UPxgZ95i(=
z@)~v;EXN+P9E40Dvy1Y#Hh80vb(;ka^!~30dI4I^<lmYxT#n2`OpJZ(C;NB@5Wx65
zGcakok>$=*|HPqRFcMBIa13sX??(-OE&mwHhWmW@qp>Uepl$?orvoMcv?4bD69IH}
zx9=-3-ginb--Gc^7r1Qf!L=01t(FEn=J`TXseM3H@d59jckD;EbOoQcDVomSHwcg5
zG<$Ts#YkeN9jJbZhz}IE^~IM)({Hx+4M>BYaI2l&$^^>NWXU~=Q9b8>L2qx}0CE%m
zlKQ6hE)P_Lc*(7d*Mo1fZQ8(-_=#C@7-5oMLO?Y;7}zJ}K<tghOJ5r((Kq&f<tv6H
z;wyMlfVcv%e@J@K*>L=V`ANJ2l$(C--T&s?H$B7+G+^t!`-i8dHTkP2u{Ep<esk*`
z+Vp0?MGg$W?lGzDd`p(w+`b1L77;)6vo}2=i~MSTh>I1bO$)~~y|7GA2fr9WP&@Ly
z%U-GY|HmCsEc53>Ys8xg$_27kLnOkS{Rc?Mz6V^T1lSu%qz$RBG$#B^`;%S9;46dw
z>Pg>b*}sLs-Je$bDpn&ZRHkTMW>AU1xZNAD#{X(Np>o+Hy~Q2!fV7N;we0QNYy8as
z0DJGJZ!Das&CYdcPC0)HpGr};3>V<@)sHR2aL<L{o`-p1LD!S%%7SJ3eOg7xZH0g3
z>{TB`?D#y`@j|agpx+dqW}GlX6}bD8-w!7c`$y@8{V1g0w1l)Mfx($|t<AvE8+jKL
zdE)C5{0})#>I=_&*K`D!AWM9FLjgpSzU@gb7)yRJ6k*|$mfs^(^F;V$rJb;n5kvE1
z>Te)n?1VhEdq6xoN+6NZq5YY~c126%owjRGi}`}W)-zth54(})l0VNOav0Bqtu-Gv
zJ$*!RgV}BuwcHO(Nre>&Jg#7wFG&(FntEZmZhoxY1HXO6`A;yIpLn+(#%XQ3svLPj
zatdY}s`X=DOjjQ8-FyDjGq#4$1>@;t8%@DtoXZ5F)v^Sg4~8&(>(i4H305Jt1&~XX
zA@~5I2PQB;XNYuPNkE+EWI1G3{w9mLUe6J+l|JB^MooRI=E-0{6n%V87L6+H?aB7x
z{$LhTvon|C$jPW5Ww^vc#7}AY0_UM89$!b^7w_S-17VM$UTzp0;;60xmmEHlNer+f
z=l4xH@*4HnQFzs@&@3DE_0@3HF^kqC+7CEan4sm+S1(0zG~zIhsrhk^BN{-ds&iP9
z+tj-NLYOUI9*$-X0|dx37e5FOU+;7Hc)iLYb{2U!)fZdz#rT6TxjM~oTsXPkGRtCV
z+#aVLKLV*n2n3zWs*sO<8e;hL0603twtJpI|G#4HPd0?v9)`Fn*5k(Tj_zETiRT1@
z1i^!YCl0sYmkj3>GHRAb#K-!l8R{HEY*#=|=Ky>yv&|!tJQQGdeV|?S=pwcco*p5I
zw9JwR6(-@2i~h349|8gcy%A*(8QWQVnqmI4L$^D3DqY0=T`>ETz{yvhQ5`To-tj{8
z{NBEJxofWqbhlR=sQL?0WI1)VPbQqhm*K{peE#$a07%lcIhezzqP*_D^YS72U|$ZR
z=hVonYtA+mmX9QB<V!Wn2V?wsZ&YQ<lBgux4CEs38eIZe{h6K{Rv_g8%3xnzG#{(e
zEZ!ocVEd6GCmlo9(ht<sJ|&@>&ky2uZR=-|0tSZv#0KCENH2aUvm;w@=FCxnJV{a%
z@~Z3+p)M{M&=E%AMr2SCpWFfDd~*i3x98ED7w}AglJnYC6<f91do=J`_r3i~L!cx5
z$}Q+r|DCB@6t1r)KkL}rDb8D3ru0ANuaZ2@{8{Y97mUx3c7i6*KpJ%pLec7$xNuV3
z3;S(}9G4IAY5RBJYd?zI^ENg5P|V1}v-4e`rn4g-lR6fg6sC}fykkTG-ND##v82<;
zyXdJ|)!bkA-QRBm;`38EiK13zUDdC3H4Gw*5<y=|*cBcn;*97Y=l&qS_W<>*<k#CI
zQ^$S~UvK&C1-E*n9w<gh>n={B>h7oL5%|6Oe`0|B8F_cBVVppHhbBn)>nR(v3z6x*
zT4{T`tc#b2j@b^Kvxu5oMqWt6-RrR32aZLb)h|fSzEML$C!gHO<5{#_qkJFoI2^~N
zm|$ypKnRL1tiyd&soD98;sR#h-}liQxsSAPA8C5xc08gld%ulkH=h^mSNo56UJB<1
zc#9=wv9NdIXrP75T!UP9q(_cPN?Kkgs|~+`WC=Vz>%D_Q<d|q49&vMa&>*7#<I&S!
zd&fkpC9(u4Aw?uqSXT@<+K~r;rXCNAT=g_ST*Uu+N!)&gAYkVmX<hJ6KT0q%=)(wc
z?Uf05JAxPlxP&=e3e60!KCv%@?$F)`m-=%hKaBbuuqK9o{`_POVb>tmkO>jfBU!l8
z4!!Dfz$T-aIPl9pCvlga<qK<GKY#m*Sd!Z@u8Tc?Up*Qm_tDu0#$|VVx2Ya6Y6rpT
zq+{T8`@cI~J~TbyPA(j$5eJd#@P{V{5XVX6BG!~{#?iq*cj1~Orj!hQu`o}R;>P(Z
z2HSJ(HYNDZ{w`l{1NJAb%$QHNPEC5>)krq5MW9N7Rvk8bTMw;2SMsT>ocKrIm0JPw
z%FJU>Q~ig99K~^tLHCk2m;t}iRuc8%T(WkIWw6X$-m#?IRe0HJ(xh^P-k4-J^zVAS
zj*FB(9g1tGlG2Ek5jg9obmkp&<rx<f5@HOU(`rHxL7qMsGCY?sR0ppPoMZqf?^0)u
znNn97S_4*SB=*+r#W5e;&L2xmmPVFH4}6=(bcVGHzp@<v%-?K@QD#<%OULXwE3PT+
zxbUT;PhQzs&AD(Ox<F7@&KyDdbykgMYfn-%B`Qz8^k}%QV%u0;0LqiMNeNTT&QsmO
z85LAa7qt~UIU79zUf;I;;%#yxJocfM-aA`^q%=R<Mz5U}t|6-zpRqXY{oB9aMEpA?
z`1jW)HK&NYumRUxNUR_X`TPh&#}cRd(<pyQ=Or#SASqoy(sb5HQPwFJq?bJZ3zuWd
z`el8CYFNSmg~cEGS+C!pTC{W!5Z;0z1r^0mo7AqB;1bKv-g@Si#3;pDwOPp@w{{yL
zEgMu)ffX^8?~QWITpn?kDN@wmaL9zIjWGBDN`1yXo-nBp;XTC~2EB*rkblsU6<ENK
zZ$k1zCD=>7`|cE<_Y2|u)sXx!L-G?*_Fjt2h?o!kA%Fo2RK{QV^n*yYcnz|})2lYg
zvND)(?ncI-%aAQb{+%t#1^!Ms{=cdg)e(R}`ZudZQeZLOCH~!t3*fP>YZ^HqCR*kE
z)f0kB!!&6^mm;cG$bM^X)z*c}=0zWjDR>r8(U+y_9&maVMt`8}y;^p&tICgDaNDhl
zJBT@Ff?e*j>SRjrn`+#V^Vk3^GZ0~8s$x_FI<hIzZ!Ud!e0oLl*Pa=-1aeP_;ht`C
z6E;R2SkLhNR`st074b5RRb0V6b~2HcuiT`q16_cx&;_`<uGEqQ<QtiS^6Rizdl<_3
zv)}M;i!vZOV6(b&gVDZacV>&m1~S^h&iWtf4IG+<)eHK-rb#fdLUtl9#awCDvNGPi
zeBzCJtMBj{xPqAzU(E@j7x4t?Mf`89Yop8kyDR_CEt#!s2zsbSzj<FsP*-qw`j9T)
z8&fbHCbeH0GdCqj2oK?swtaySK*fDULQ-l2@j@1%mk$%8PA4r;0^119`Mq@p-;DXT
zJnXwXJM0Ttz~R)qPID%$Uq9?M^+xlyEFO!dPf&`aMUr(chF8u~q0?$b0{cG)Km?Ju
z-IfV<;te@C*h$DVs}G`m`4Z+rV@6n~y?^blK2ZFW5NS<{z`Z&)Me}7tkv8bBR}`3@
zY&xd(-Gru~+@V0EQrXUDp>YPkdOmeImb<+4*Magwkpd-NGda36^gI0(jnH2mkj`J2
zP>^xt)$xigsr~Z1)LZ?du6}sDA0W2Sp8j9j%`C@c2pcKc$mQ}BcR<5B!F2W^|E@Ac
z`A-}NT1h#hqQS!+?K74Pu@iD>m4yc22Zwj;Sg*p#VqtgdyC}8R=gV2mRy)Lw{m9QZ
zj_4(4lZ<#vf^swyJYUyEWujJe5L&5Q?Wxgz+7pIfT>jChUnU6|ZT#?v9yK8nmcxON
zS&|?}M93_y--mHDYO(M>oajdY<SvzZ5=|$Y)lvM?H)5$5-`>Ke`!jS9U!362u2AXE
zo^?f(4MM5t->_^<0Cq(+wxjvPe^1@~b0PmCd~*{*l;31>0^vQ-ZHiz8ZZQ(F#e5I+
z3=0AT{~qypE*oSOl}5+h<vUyoHNbw6reaov7(WEAc%$FF888EL7n{OnSm!{jbEK#X
z+yBWZ(&jTHTkpgci`r@&Z7Zm7i{Y3p!6=}5|IT>Q7SnFuiO*LM;`0Nf@@oE{h|e%Z
zxWy6w?!IkhLBBav^!zHWIe5p1sNB%aCkF#IA8JIvyv;_Ppy{&dwA&WI>6X`K^HHa*
zEO-lJ0p8g4heNv%&-stJHRo5#oASoKqm=&#KMV-;n@<VCP|s$F_HUl%RzsP;JFvFJ
zYPPzQzX=d;v6}Azjc=1<*>av^u+(>`%J5T1_SN5+4}{6jWHOZflM^*jMO&En=7D-+
zdJR^e`7cjz34}1fDQAL$r|w~G+8Q975KaA=Qf@jA3w^6i3<0S}HY5jrFjW5INcC^d
z^=v>^zcJYLpNI-LcRDNLO^)h6U{$3%huaXWYWmbaN<tPDB4i@HjQexsjxt5DJW-iE
zn0b5iXE%S-$r5PtZ<6obn*xYxW6tR&JJ7{XdLb-Q%bW(;g`<D>fwvLzA)|&Sui1S8
zTXx$1WlBpTb8@`n&kklkrDez0lJ##>p!+WXqTe1Q`5$j6;?E79MaujB^{DB9t6o6u
zO&Gk;m;!q9UI>rslBMO553?H`RqFz?B^X99Yz&|k{et9kQ}?6Su6V{`&PR)hre=Q-
zddBU_aqb4mv9&K(#mSIIF0Qx%`Q2ge?&pjm`;lk94xfYf{+&g={shzae5b-R1H3>S
zK@%yn{}e}n4B{d&h4|XFC1|lQ%@NsW<slt*WH#Uu@(e-^dm$d_vm?Cia_ErN3$~g>
zTG1i|B0>F!@CWWyjE)yZ9w4H=-biBwgl2YA<MlY7f9-uRGLJlv>wtqk@?r9)c#nzP
zHXr1@4F=nq<Eog`pr~DjXl=iMXEMBz$1m<L43hs;6qZsxt$hDUN9#BhFeJ4q{$xmQ
z%$4mW0bZ2HE@%*+jeK;F@*+U^4Ni7;{2yTnwL!>ZwU}vt!;h{}$#lq2M>%wmnc#JR
zl8PE{{9>=T$l|Ly^78UPg<*ApV00xHDN3jy>)qkVH^-=Oh(!7nAP%qgJAh7?e{{Cl
zCz)PCAsVzhaHt3;Y|^yNkr|c&MUrF4TLt&RLH*-L_jW%?$n-r*Yoard4ql}6Q-49A
zFkLj)`KJ-Gt6Ho*xHAncx@Tst@MiG-L#9ZJRw)v_Ho5-IW(h`87{0=8U#sRyl<teI
zy+q3N0cf04ca>dPgXUmPLcAtQ)P+=*v1X4<-ypnRt_>qDJq@%v;Ud+C6$skiaYQp9
zZy^dYGdXkAKc9-BJme#P1=v;={Wqx&B2Ukgl<Y04^NIRt#r~{7;gX@$!}ZD`+85A<
z|Np4_%CIWetz82oR7y&b25C_QK{}*Mx&#D7N<b8(L0U?>Rgi83328w>3F!`{R6sf<
z&v<d^TJEL$J8Pf){Ww3lF6Nx?`^3omzQ-Th7tqNNy%qpNWH(R^E7B#q)%&YI3+!!9
zAQ-KapbdAI=?#9>7D#TN0<`FYsE}}N-FP=4ZN=vo#-zxQ=!T#*fqjv9pXoz~&TvUy
z6;fUiFn8}CU)9Ls>XQR>VhHzLsK@T+&KV%hC@b@)d#h<B1NMKeCC(cWz%uck=n)AD
zU@sUlg9u3QM>qRbh|BThWFyb0&{y)8vk9*83ViQ+5!M`Mt+;@|Njnx3i7M%l84G5W
z15-={Q!2gQk6L&E&nTpO&8RhYY7~71#y2pK<$cZD-^yDIPvfOU;6oS71)UL9q34j7
zT@Jcpat2{}L<6&66Xt^uoG<&FxCpn7M<O~pJA+Vs%l}H?8W4t98&t)7`8QfQ-=A%a
z=CQTdX;vFxM+h}`p#P2cDepvlR$di%?~4IAV6pmPY%bPkrw#}zz(R31ZN3eK@i5sG
zlZC5x3WrA#_5J)dGo6*#kArU#m;>t64Dz6qs0S5mOoYnvC`89NPr9xY$SJjO<cXY%
z2pI)$$MLrz*=L`D7lG=-cr_=bhAtSgOiJ@|`jW$GE~I{YJstqi{0IQge2gOq2vL1P
z;&pX*zVTEhR1kf(mr$FecI`RYxx_>wLRxs)?^#jD*|k!a{q6TY2(zJK#9=lk&Wa<I
zO~sm5?r|Ye-86L0zN9xaD~OX4AfpBjD(QC>D2;qW#Lrq?9kxa0*2Wqv{RMbWK@O<f
zNdqk}pe_M<xb|%J14X;6ubtl;Ky`%3IG;N}c@TR&ofc2l3-gnE<FqTdKRv#8uJY>?
zLKE4+EANzI;-HrL(9z0f={&2IGzXCG+f`9I2w@88ZUzP&H2Wm!o`jETPRjcphEWtw
ztI`J3#z7WXTfjdX`I0wCicm^+#;c*B(`dktXI*zS2D^S8#-p>l#PnHF42^;`yf;Ev
z>m6Pn_FY^?XdDuUlpN>GbV>ZtXN&mTkcq;@Wz+>(8N`<3=|;Y|P5PnfdPB!`7Tqbv
zZuF?A1zM)Wxn#$`bb{G1=t%c$Vi3A|h6*<d>irj>dQ34UmBaNOe_^?q6<brBV?;QG
zng?$xymS?$q$x^^c9k1~?9PqJSf&<z9qg+j^g8P+l#zjxZ$YjYC*bOmtwLk<?lOk_
z#Kc5L#q;qpJiBh1MSM$+&OwO>QfoSir(A#ZbPl86L^xx&jhS$X$5QZ`+hd_qqPbA0
z^NrNOrlUEmT&EIqsEln3Y4pwpp4X9l{<Slz3g7W_b4~#sQrCEarPzYBkm<uHQub&s
z(wt1%unC_4vHk#enS!jy05(GFqM`zvaFb9JT;~qf%Z75FU!>dD`eP2J9x28<1nt>U
zVjgD`dENOQU0$8FOf^))gvWprR#-e>@?4Tzt>0#`w3o)mp*bgUO+iV_v%vJ68Q{-}
zbe*iSSrUnxt}6EWUq$hyFm1{WY5#+cqj92CeL<|TKAbYq{(yqC@);UW=$dqfB?#N#
z;>uMSm2`F40s5_-EmDPbe|;GBVHw1^EpbPx&w3wW-Q228*In9t)Sz@<dZ}!Q=8La0
zULVbM6Ve_UwhXQUE~euQIq!kVboyYzF8OXquULsGt&pUntS};ugy(hUYbEfquz+n4
zq0_)jU|36UAnGVSAe_M>V<*YK1w_9+w%mnTosF`@n7+RlU?qe=uXL!ijuJ;l%5&kQ
zIcm6^^X+Ox1Fn;To}Xu~P-#b>p<@EbbbdbfpB2NPkPA9_ObSA}i4hS?Fiaw2AT1gr
zX@mVK$oAzI$?Sn67t<4QX;M_69PGy8TWwE>=H^c1K3kvK5`idYcT8fiIv8xNPA|Qb
zEX&F07jQ0(qE9*zXFWLujII-a8W!(b1NkOPGLO(h%dq+ERh&@oLHLi^(?+_?z`DC|
zt>WA^OlMJOX%C@)b^_NI3r|}y>@!7(^qj1vgHp@g4h05ZdedT^p!MnkS%hn_S#_1g
zF!-S_N_gUp#M0CjEYcOl-q1lri+`~os*<^?mt69t^f6M@u!pIsyR>5x;^j0CE9T5C
zk3$z#lzBLN<NeCh4fZ~bw%Br%r`AvGFCJye3EWxzs=RqQC+M~*UO@PCQfl^T47Lmg
zEm232@kg3zwbC<ff91nv&<TR3+okv>TwI;h(EDfx;Ou6{5Bj`s0J*{3drIM?zqM9y
zqb-}(MUrtu7CxI+akb~n=i?=8vVQuKcsi@J+Pb~wT`bZ~w+8@XIP~bk8dC+*M@4V5
ze|PW8ouw<zr6rtLChsLa1QSy(iPSs$%W?`zUb`k1fD-x^Hb~*4-%Njc#{Iwo`OcHv
z1ptPu)KQl<VCoV(&B=|Kq{(E;olAW<(e7p%vGi&BCSgTsD*2_|@mZu_`%eCBrvgjQ
zYDj-_YCK+@H9IpYOJ{5v^)-fjlC|9c7Fh7(^HajN56=lh$t%2!=Miq096&Q<?Ky)C
zwn@(SAGm_f8cEjn<M1UoAWZLH6w&}1bhDxm{hZtDQ}~)XVbxONlHs(8taUou2st#I
zR+0BzxF->TmCAiz^R2si1}xm(i5C@T#qBi0FN9VNYmJE-WV!fPWfOV%u&1qlC2SC^
z5*?#mD-s|OiJ@pBlWHu;mUoD}lNvx^)t4WKO!TTsxs5}rq1c5>?tDIPajw6=-*bW&
zudMJ~{THJ84&pMY>#`cuO{P+7dfnoURqU2I`6$G#yU;9sm>BEFJZl#=2yT_o|IF-X
zIc|OegjB>#M@q-&=VoGl`<U`Gt(H3qH9C2{0XsN4euaM_fMm)e>IHcU0++7ZP5bD0
zBl=_BkaPX90xmE*&QvEZi*+{4P`uEguv*If>czN}k)++@d5?}}yqQn*jG}pdLeVZp
zW>RuRR(GCnjMn!wx2p9UN}uHOOGahmWh7&w!oK`*v3@Tz)AKR+n{;?H2}t)=d`zQ0
z`x#)ID?^=eLnAY;(#F>b=U4`^ae)Ra?Um_=kJxVd^-<C-(R}@!R(A^HES`9$OZ%K)
z#yek6wtVHwffjO#foDhRXfESL0oI=;A=!atYgfrim&34qXTx>h*2#Qdg5!pt{)gIL
zv0eZC4QQdO$2T;H+T~yU3)-Lu0q~pV$ydJ+v73(i@L(I^`XlN$h<KR^u1umEGmOG8
z^2oKFPn|wqg_%iMO*6Dt2J_9Gx|Qiw2k@oK7sq{hBDEZPS$M`D&xCz``HiHMDUcNB
z;8*LvWwM~_I9IgPaL!j-GFjoh@^#MoJ{Ae?#3X7#ZnlWn*7K6WewfQMu4PLSvR-#p
zI6op&s(?9@_%d@Ybfy;HY@D7)Y&_sme8#+gUud)%{s_dF^p9rnGY0I%4R%2(>8ksm
z5%`TI3WST{J)?w3b)Ayir;on1VEE9ncrxDQ{&<+v*O(w^H2s_$(ocw1*O0V59rM!6
zyv-dO;uoCxCbKG>>1a|{sskOK<*L`{sBxG+O^6|aub_)}y30;CbW?*~+Mz+3v)11a
zZ}vXDVIn=rO#ld(kfAC%pCz5nua(x%i_hFn%qs6{RYKUgacY7@yQ`Wd<QbsIw`D9#
z+mIZI!fv=OalOOpIZ^dy{TL)p{^y%q6bJ*@OqGX3@6Ry=KG9@s(5g7XU6~fY^+Xoc
zzKE4TKIatNuFTw)o1%|!b*QBN!bI^u2|*R}W$B)-tGGH2wUK#YP~r|bfQ?8~PtbY}
zptIr{ZY}4c8J<j+$S7dAeM$g>j(aANL_d5gp^UES+O;ksb7x%E;_)1TrU%z<b9hGC
z*0%&uF)b8Dr%hbpCOmgIvETYdSno}}TIuDeV9IB*je*K$h6Sl4&uHGI69mN*h;j#}
z$;6GvW_=7OxDnnFnmb<{!%|<FTHCUID{(wWylGidg9Ci|^uth;Bwz}c+dGEw`*2CU
z>Rf9##qSFw-uw%MDHh15jFr63@>pXjmYyCb5tLQg_a-e*jX1e8`z`v<gp?f4Rw}!J
zP`+u@^0V%qLQoQAMG`SMrkVE3;0*b1(Wj@+M5yVU-j=*J0KscgkZGVqf`U0-5fFK)
z5eoJaN3FC`t^W=C#(RY&2mC3TF;U0s`T+%sG^)uC7wehw*Q!jHuRE{xTx>wbyFG^~
zlyx>85%2smY8%Szr-3#8Xnj?j@lo8<2;8LIP|YS~sWt?2(tk5dw$p%KM<Dl#8FQ<O
ztozgTh)1FfJW?g+Q>dz8B}6;KT4=~Jo(31#g-4_WWCOhj55wgLrrm7@gh-`r`flM|
z60tjtQh&JNIaD>iCzOU%HAqV;50c5H;~RChLo7|2l50Gx?*I{TCJ(0yAsZxBJ(Q2T
z%#v($+ML`o>YW#n@2RE_*Ob<qGqZBfc%8>E<ZhyVCutY*Cc-rBvvFu{whPdPVoT0W
z51Qn>c-NR}AmEo}R!Lw6*|p9DOPqz7B1??E(%7)UqbuiPD<*`Sf<x>QQ<pd_9SKXK
z6~cB_U#R<takwdS(ih2j5`9f|ug-{HPh`8(ZLJjUcPfjr;_8W=!#_|KjIv;VrC8<P
zhk*ei8M|>5!CrksQ-?1h{SEzxx-xB$1V@jBvfY@>$cm0QoU}y(IKwf|cR=xYIDosQ
zABRHZJPpJ-*$JYZ)0YNkr_)E@K-R!NR`wa63*!>r8AWrv%BU}RI0y=BlFT*pVK&?C
z?#_rthsyN)$)w2K-pD)8sM+f8FV>(nMjtQlNmqZJ+Rs_3`Z2f;vj~{~bg(33(>Y#y
z-Bv8l76kdSEIk?ufoF3h^It9@_?$jr4T%gB7VB;aQL8mg*%&#Hd;Ahvc&orHhqg%~
zAb$>me(3<pZDb~?x@GET>Jah1E7DgL&b5N=S9dD^s;NQWRG|<lg(pVS%?n)epgzSs
zq%xpesop<`Piiwfou2dv6W~Cqmva498I{DhRZp;!)k=q)$@>AS5ad8aiDGBj(lr3b
z<~R9Z9M<yq?13>ylvo}cD-i}%J!X1MMfx@RGe<}0R)*XOg4cA*(>+vH((c}-vq)Rh
z|3uPmu33T#v%SKe=B0Yo)(FUgEkg3qrW2@5xbfB?NjAKpw^p8KAlp<S)tGaP@Uh^J
zfC30Hh#(n5&GkVFbk>w-8)#62`}9pvDSU}dxw_}!co~`G&yCYVC`|}GdAX0`(+LoJ
z?3|-42D^px4Zihj#UX^_L_jrDbkt`e`SzS3Yx(Gl0r~D<@|(bsA4qjKkd*Y1E{*?d
z(eRKPM1_G-8AkjO)KnERv~ySu1porB|9>eP{-_2a>yn8m2mV*|j(#Ix1vSrKN=QRf
z=~rqx{}mO^-<FKO6>QQj0g;4G1vp0MIN6hJ4`i;;pPl+;L-C;dihE+LA&$uNIBPj;
zz$ll%u+4(O*#2(y{t9XS4@-DpGMrDP_juRFX0eiAj=928u~?er6*HUHZQDZ2fG8Ct
z_dMPN3i3HNh8_f_&i4Hbox&h<95f%R@SlIOd5rMS5+i))4JmXOembMqru~$k)_?`e
z1Efu?)Kf-3JzVVMDQ8Anx+j0+2y}Lv3a(gv*9BP5e5$YueBMf!<!RHWL&;p;QrBI%
z{*?D;b-_wJyB**C<0bFEw%wUl!S=rAa!>xmi-CsMW7OLg-DYoSGs)qh)2ALU>cK-(
zF!X_kv%LHrw@6qMKF#J_H1&GVk(V#KdfqRG(;oGQ;Y4ctG8k@gmagnhyPHF`BO82#
zK=PuXn=q6r)-my*s0jBSCGUr>d(?r;M1aZHIJEhfB9=B6V>a3Zt(Ptn{saz_!9DED
zO1|GDYgH&;?b@rTy8;YDrNSktGsnhKXcof|#!}l4(I1NF0&VLG<32Tkp4WaqF_&<n
zg^#4|d|6oP#|1tY)SbOZ@;skGa{Hj_IVCLT*FUj_?>A!d7dOiHPrtdpbpL0mN*O-4
z@U`XcX(rD+mz@|T0XNJ*iNGjK7BTM(ii(>L2IVCHwvzuRCbpb(GtJI$)k=3TT)1pB
z^=EPk!?^_a@_py_A|W-|c&EuoC0>UjZxW!xmCYL<+IiWCcHSLh<8ecZr#U%FyT3iF
zNS^4lvZvNSMCWXC37g@k1r$s`IZ|G|5X&`_q3e1dBT3Cj0vgJ{5F=Bvvp04DaiD{k
z^FKkyP1St8Sl2*8U4f1Q#D+&dzwBLfK*YWTCe7nrPL(7uY6R0*jZpIMYyHEhr3eKF
z{I4@yKs7df2@m(T{F`60)M62pG%DfW@oxb2@sG(G2(`_QWbQA#i~mWuclm<{Hh>pV
zEjY^95+_xuEyaK40$o8Ml*8~W@Al#{6`+*hXYDhAi1vNMN5tr=35!JY#my$y;{j7m
z;b*!X7Q%Y41=hoh{ZvzB&!`NlkufgFIm@5|r;4wG?-4)*V71DhxqyZU7qA_0Q8DEg
z_WOSpLp_jZ_CwED`VEKd*R-?$1*q3ASy%_JbOu2stp5wKOcGFgLO?7toUh$608-pv
zm@j`EozUOB5`sic*A*iHTtw0{xVS7W!MT|ntuIbTZJjJRwXH$^bOlf=Z`)pG;Ubv4
zZ)#ls4l4I+dfNe*0$1dpoyEw-<vV<JI2=0bX#g9H`k6c^gOCTepv8NS=p#AF7_GoW
zt{6n~eMr;rK#}R;KfIU!1BUdM%(DZO5taAv2zbBdLmdEYF8&T`_}ldZ@Ezs9BPuc}
z2>*(x$iegnQE{LA(4qbPE=s}H?|RZ-o}fLZ5gph!Q%ihhFC9)HdF4D#MEb)7dWq$0
zg1EGjcr@u02}h2()1V%vmBylyJRCtG<fI}<J7Ogs{y~~+3=8M5*Zy|AE(?c}(ss+d
z=lqkwN=s+{l1nSrHa2S|TV<K9yWL8B&|=vX5O4B+wZHqmy;W~Y(tLkme^<a&?!~Q2
z#jjtiPMymRZoP6pi7I~RQ{LWlqCMjXi?dG+evVa+xv@H}@mp4|PHvEB8IgB|GjuW1
z4NVYUzY`!ZJvusC7Pc@wow1!m9?8<$E%Vfx+=WO!0c|YBF8xV(G$y^OhU(L9)l)iq
zDf`tHwRWCFP`Js@rT-~*{*0ItmwBaBnLKoccWY~u71p1mm^T2DI<;(Gx~eRgkNJE#
zxj1&wz0sd|d`VyXXYy~mHk`=a9jK>_Ep@gT6z+=Jz0DR?I$WRmG=i?E$1}>+e#)Ac
zjFpU*jJ22GXE5OiLO*LG4T_q-?)usWEZG><$fT9x;rhYWrm#WN+T&z^)@<~*q5au-
z+5%l;b%m}$+BWZX0Z?@nFOLy6%cJ6(*)qwSW?`__+2Ot}@QeZ`|9fr7w&$U*U=8Wt
zV<43E3`1*l7WnWyoNc@->a9kDqjnP~Z2>{}a{p`mz7^=*1ZjcV-7sjeO&3GET{pE<
z>8OE%jp7pYwJOUYkJ<S;T{2TR=1o!tv&dxx;^g!Zrb0P%)|zGGF1H4f3ykLEH=KFe
zHSW(kYJH_C+Te+wzRsjgJDxJz4?!ij^SFX`(`Z4B(oyGM>2WjHHeYbFSig|*K!45%
zP722uY7o&yW}vPC>VE_@T_zAsEOl9B4N+5fgu5PxCrf7c;c&@oEFLbt3a#m(_j|=W
zlffdx*YC9&n&%GsWp_ab^8>=RvIS0^T60jf%v0WhCk`_i79FBQfvq2HF_eJJ=kGX0
zpzXhA;)Y6i2e>M+L-&WwXE}+h?`A87wD^}{ov@Dn0RRy!2B)<Z=S|Eypp)pOd}1sG
zC!n4n6i(UOZ>Q`bU{OVnvx<}2g!6!YUe3piK^n%-dJev{k?Dh-tPv{p!!Q`!*bmQY
z6eQ^0kXqH@=9|3QNSsMFGYXTvy!7<^Q7pXE{F^n{Wgvzy&<gJzQnWV<-Nt$T_57e7
zl0aQxBIXRi$oW8)-PE(Q$*~0W6>nw}D6d}r(VlWUft(J`rtpjil|V*ajUM{f{)G=1
zDJ$>~<-ehVv&A@caJHnYqiQ@cCbAQ6k!Xd~`qzc`sOeTR+=m}7EeAD+Gan<;{8NcJ
z!uDWD)z<VC)lsThgfmwTWrQy7mP11rbdNtEN-Br%pWcJ6dbwoSxze<Fm%(8&lBp|~
zY-W@<a&0S_E~{04Qct6bA+jM=c3VRILA?mTL2k`S(SRu2yEVlcvYt_wYa)uY7!%YR
z^A9eYqVJNTB$$XB1RO*Ce)u|*_REOyn#uh(fqf^@(s`0#-P)_v&-4U8`XMyBJ5b0f
zEPCts8ef5qAeZ<&XmI-2KklYKEVX2wZ4DxjrGb|R-wfUy1U<krh#X<;5Nz?IJ~xcN
z5ZT^DLtWE#0%wAD0+uZEZ%cOkqE6j&iLoiA_^oj4Mbn}{!*ckhVR8QDki&8FRofQi
z4{cw0AM=LhZ{FByJnU;UEp$XJJ<jxhjM8-(82$vkRckadyM)Rxy`FBC`WKQ)k8Bi4
z{gLYtTrk1;18nl<3GyVzaVKaun2KI(fk|q}TdV}5!u{aDs1WH_Jk*0-yNaK~-+ddJ
z>HaMr^8JDm)frn;;flV4hLy;z^~9M~5a=k&H)xD)G`_jB{eFKw^7`GkhvTN)E-7D+
zwMzpq!|Nw^n;7!ny0+!ZWvVN*_*Y;Zd-eLeC=UR15GLJwLA#2ZF3;|(^La*L9VV=F
zgl(GAvRBlSwW9>#21164FJMvTLBO;qwxQ6(-ngDyvTGtpV7?*HjDP(dh!{>p-IQzY
zSb!BNph+}#P`)I2*t2NxntYJ3TTdEX)b=^x0<JX(xtK&G!<ias3Hifl-1sZuiR~Qn
zFkE$ZZ#St}5=_xqQ3aU`9)f{xDn2+f!U1426z#6eX1^GYs@^foGLabq(%Y@voutcJ
z#?QRGuXoVnI{+EB98ucX$=+tplw(|lTDdz|g65ef%T<HtA8J7LFhL7c56{eTzuE(6
z!&_(QI1}H9qHN?oxNWaI|Ds=dQwBn?YOBTn;gJ-s4Fi+wH6K_7)s^l6b{jDz<1;BM
zZ36F|r=@jG3rkIPO*25HVq@gfq@I2X)hxUDAUiU-Ov~r=jdD=28wNeu%df~zfR)Vx
z`s7M&n|Hhx0NN9>c&7fiU+gF?$9`nx!3^Nk_Pi+@q*IBEg?fbT7|?Gj)F&VDQ_215
z05zGNqnLr()HH}m-t8M2%F;fQdaL4!Mdh06#xrc^biLDq*KR&}$2D=H1OOb^4iz<#
zp;$aX1L*2=ybvOlZ-xk^y%Z(Xp!ssk<>Mbu61{lghZlE~IWR{p;Tc^|&Mj=L1ul87
zp014@v>fQXWpPfv47=JNj+i2E*CQzzRQ#+9e|oS)FQSOAlVS2(4C0)_cRXBrY3rFn
zO2i#rXE(2|V;7BpINqhMOJdFR(s$GW2#}+V*6)`Yh8anmNX+6Vghz)#YxLAUwNz2*
zF{@LQ(HoGi`iLm9-pF*B2OjY}@Yt+j16+G9_eY(bRmNYT%JZlpF8DJGpG3H8)f^9(
zLc3HnoV20mWi+VZ3m%H#)`5reB4*WB_g=&sywwnJ+T~0zKfzVooy{eScUL~0h>P3n
zE_fTOxbo^K_GUjTFa<KTtUE;GMg`ufD?hQ;=3A;eC3o08LYdB2aE|_y<`aoe>+nD?
zfsi=b=o$k`IOC?AYkZB|8RMcCS(mwuG3jIe^g~3*lD-E2PsCcQ$Hfl5Q_x}x2l1U|
ze?D32qJGi864#6oqZ{yWiEXurEfjQTZ}vLCr&QX$IfQzc=Av<@c9Q_{3BWJ9-PQe=
z{)b6=@CqGK6?w02R}qllUmTc8RZ)02r$rk)3U}m>GX<gQe-N!ef-o!fa{@jO>Du%s
zh!1`r<NWqh@&QrvIzEQvq+=<!Ygr=WG3k5f|Mbx4ti2IGr-ma4qqEJmse2l;b$V;7
z!A``|(o*}idX}GNaoH0_f!McU^RE}iVb$^53X|}_3^TTTi_gFzfTBiO=+8MyIT9y)
zJvEV1-lsQ!$mYb|@t;aN;#XAu|FTYY2Z_KxUEP28sm9+vA@6_mUjOb>6HA>Vv(LYP
zbW6DG%lc(l!@-e1W8B5xMAg3k(Wla6p3FNi>Tdto$<<Y3Gv|WaYgZnd{o3RluWfG8
z$lKh1b?RKe3%^)%AX~nWRl1k>m!dp1!me{Qz@0Ee(JnMsCKyXOX>2$T(O++VHg5(C
zeBjm?#DBj#UGc=MBb8Xq{2-Ds;HkwdKyWR4B!@R6=UfHOfwE3E)6WVkWr%1@yud}B
zGDp%#XV5Mxz$j670mobZ&GFX!yHAn*^0(j_>+GiK9{$6{c3%_@h;niN-HVY!_VUj!
z+kdtk``|^i<v~#OJ+bBIxw#y(=%-}nIr5P?{66<uCnYz=Y?t8b{bZ+w>|(C0L^Qcx
z{&Y@;*a!(Gi{CF;&gblJxXuqxsNKI;VemoLtoU$^?+=#+<zb3bM=Yz>TrJX$&f6}0
zp0gr)Qs{85XhsgaK_}__-%~aBMK-g@)H7?4!W~%8A+>6OdcKt%lKE|2ts0h%r}jp1
zD<7}^Xfr`~BbdppG2Wq-bnCUx$hiNzIT!2C$=9>4Ft1THG(W#FKPZHwQ|3L&e+Ra_
z^xFZ;Htm*Q%x->a%{j6pUos$0WHn@-|I&-#XNJ{<0F?7zdoInFy>Gokl2h`0XzhhG
z_C&}E5B^1+WwS6UGe9rXv>s`a0&gn;-u8Iy@vJjzr<^`7sg39fJf3&`u%@rA@>9X>
zf)k2+iT|U`%DkM<4J@4R7fE?vQ;#i$>LuZ;(|Sf7(IZq)hQ~D2gpd$N=i!nfHF1Rw
zp|<h)lD0?97pBs^y)FN8k#LAFAHma><6pqo*g3vmGc;vBQ)hR&xH*prP1tT4bG-pg
z78Rc<4NN8K82H#Vl%T!0)bpcgy6a-HJeo#D`SX0zEh4W*9AtLf|I#HAe1?KAv5~Rw
zJhD6eRKvv~1XI_hme}@<&H~da7j@AEUL7&hW)3w=&!~@FC$(}RYQ(w?-ckrc*k(cZ
zniazjgv@_^$_KCR;85gB^BL+_bgvMbSL5ignRURYGLifg`INtC`;~g9(%pAN!{I(U
zR&Dz$0xlUQJano*f-oeEPEb0c$>z}E_33U{1IveAU9)Ec{HfAS_rTdi6d6C6oh6yz
zTw7o7HJqOA=-s+GFmq42w}fL|dS$WP3B2{xC5vfv#It{YR)5jI4H$Alhm0k@m_7+O
zmxkBo5?bIX{R$u=rU2VgPxZHH5d0_*)5vRuE5H;vw)FegZo%G(Y8>p{qFw&Mu)QC#
z269lb59?P<b`ctOql~4T$RrJqfs9uH{3)R)5w8yO-=;B4iW~}xavDqwh=ulvP>}~4
z;xC)P*1IDWlz;U2AC~n0HoJv_{D|E@dz=TvtX~U7Pjd*_F?g7w8Ky!I9DZ=RpvK_;
zw=s2JaiZC5%4Rc^)AB3>@|2NCV9LRvu!vuyc<bytjxf3rpZE1p8)bNEB2J5ZSM<Sm
ziITByk@H&Ba%KHoT|%JP?S@Cd@ZLQd?gSH+LJyZ{I>Cx>BX%4|=bx^)euetq2DZHM
zIRtmx#GlR7eNpjP4^|TrNz;G3+hnYSe;XgOO!=Tun%`VOOcqC{DPd431_^2ne;n(7
za=`xS4*ho?|AOI+b)Qm(9QXm<45SL!wDv!Hc>ka!MTVQ>byliBw-XL-X*1l3&Z%Sc
zUtu^P?NN)OO}InrB?otC)v<z$Q}0Nve?8vMmiCaF#VLvg=@PAk;Ry(9noFiSk)!_V
z;HcMTiv4Qg1p|I_H6VBW)meP?-@4fk|KU~oryF(gmzLlLn7Q0E#V1u&7poL2D=Tdx
zX1|*`uD(CYwGijnrIJP<)mpu8R^`9*+yC_1!&d&IJMrPaWki4Tx@7;%YW>s4mx<vX
zSyRsJ>f>xs%Pc7=$-T?RH>erUtmTaL={E__KQ-W)i)^z5d5`6yFT7*?S$7TbFV-<&
zwaSJM(UOymrQCd#Lx|*Qdq|!}pmVEg+&`KNcdTCjZ-bReFmNVPhFGr6FX8GmO%2_h
zMvT{u1LLKqLjAvZhg1-s@AWt1cpDuKf~-=wBCcnY;`3r%W3cVCh&TQ1|AV)VOQlbt
z0&ow=y0(L*kwUz+x?M-;LbmD6kiStHw^0`Drd>$FHI9PAo-S6nk2q{~_zC8U^b@Ka
z1rq-X$Z2;5A8B2EvMKv8h{#$G(epsMLG?X~y!nrODt!O1LIPEerZkqObQrpRTA7Fb
z5`2Fm^8JJm{^=|H>l;vDBR;zW%dqFjSPFB2d1M@1_KV16KhDbNLCi|{H#Ae3JY3%q
zOAj_PC=Q()x!fcNE)D&gOG8YJeSd1JL%;U!q)inYT3&%GSwte?LG*S(AEP}lpg%Qf
z9Qkt?Nf-<-YWBe???N($q|PLh6OskDB?*6PexhP7>E_~hcr^N>7Bm-=58Ea>KBuap
zm({tYRMNv1XHzP6mh7O8Eyi|uD<Wjrp_}vwPV@*IOG9hj!!TR6$P)Ia=fy!ua#>1r
z%G#pV6LC6aS3hLZ<=#^huyS7e{3*xPbd5*%k3cI2FG1HNg7_<vAWVwFtJ@cecN9Uu
z5^L-;l>$M=V+b<pYyF!jAnYvQxm@Z_uDx_01H&>((ES@a-`MBSt`tvqKN>umpbiq@
zsX5|nlXylY`rcR9fd{Jpb|zy~mh3X{kwC0~r?{WMskWcs?2>j_7uHz<_~a{NO2KM2
zP0i31SiD<CuxkPHy&#>M?F^pnprNJW1+`~&^zvKM+BMi2C_SXQxVqj<d{C&HuR$Yc
z$KC)kTNg{|Wa!>|s0W*Wtm)T20&EB$$H@?JMxnl~VPs4dB@>LR`ScP-1ikshv(j>D
z1V}pqll)1PA_JdxK_;vmX<Z>TvU#9%`e@mWd5yrdrP*_`v6BstNO{iS+{L1PD9E`D
zcvSm(S?KF@4FV%{_?ZtGxBHtOwKc#ku5a`KbhKr9e-ma9ecIQZy$AZj8EucJ^N_0R
z6HxW9x(}?&$BsbB61dF)Z8EhHqz)Ry*_r31=h5Is5sU*S^~lZeT_B%j3w?k89#7=`
zPn7F5*AVOgXUqCbz{v>y)o0kHNModO!Fhp%k!i>$<Q1?o7&c%W7mx2v&i76$!Qu$n
z^2_<sNxXP@{W?#KQ{KaL8z+F3>N*1I&yyfb!p{kX-Pj&J;0KNns9hf`(S{eFhp)_w
z$s?Tr5wDLfpe(s{Ut&Y8{0qQR=P$*74Tu8>X=m$>x8N8`*+|~bO8mYx^zXa`@(}hZ
zQsiXbIoo{x+IWY&>z0x&@Tg*ZLfdyiHSV>f%p1OGe%26e$&G!$U*7A_%-&vx83p4(
zFm!B|gQJ(YxXFqF9Xd5|3WB{&Uw~@1xjU0t2^g$L24HaW7ZcgwwuhY6(Zb68(2B|G
z)&l&2k5G$^S`2GD4>7XUJet6!TRCti59;wqw=SARF>>+lL?CAw{E_V-WB*XH+aA=v
zhCxj-YrV~R{+<OeMzi)l9!F`SYM*m4Og_%Ke83ZVQX%9cHDpnqvklXLxRr}@EyV4n
z8C|fj+#Vq=!N6042!=mutRO{hKBSC{3FVG_9IW!3xZDp*ZyRd;hhGDNpSAic&<m}h
zJH4nx2lG|pOJPD+McEKT+T(G4P#08oT}g3-D#GJ1;!UXDo+w|$6Sy&hiA;JJ22`|q
zB{93#0-#%R9cmZ%Q~kVIX>s2?)Ailg4Y(Rav@3A3>mrf1wL;1M-gY^3)JEi4I=hpg
zfd5Y0VLGJ>wR$bbvJ`&5BDt42Royd6pGy%FrA!owllU(iA@M8#<wwghS6Aup8Xc6Z
zt{Zv{xoxM|Z))>HNq_ltiM1zez<s3SkqMO<qT^%F2g~L#$>MJ_SKNlBn+J}QRK<X+
zD=4}>J{BFT_$>MB9MHb<_us`MMOCYLQ2C7B1~MMsm)d3!HdhYR?RazQ3$U7!wt*S<
zku`L#c<9|62+E99-r(9wrwx{_W()Nq3XHovXiV)Y(BYN%Qe#<Py6gS^p6v#(Vp<zn
z?SVoYV)1T<vsPNQRmhN{oegrv!hqXX=a4PAhgh(KEkSzI`NUXhIYY1|rI)EI==Y)f
zb8X|+0^GgR7i&-_R!Gg?8`+MDy8C+)rHnl_T?Ni|o%Wp?)V+ScXU~DF_;q0^9-$-8
zQ<Hyv$O+<uru-IHE1oRi(EACV-))j0)WIiqgm+(;O?-JPHj%6IRBf|_rO=E(IRxv?
zpR0}_iTrz5!h=Nq`x$0_AL+ql=M)L2cu@SP;z^l^LaEx9Ruen6yB#yANLTzo@K6Ms
zZ_;|#WE-03T2XmrB2)gkZ($iW_zAsLJx*V`6%Z7Z4_%vbxV{(PY3}AS&?2MxcJS#*
zMY5JZb72w_53^1MCS@odKmRfTW_z{D*h=**0m<%;W{wF^AFS@Ra;U8lk2M3Ve|EAb
z!J)~}B_kygGwyN4gVhElCQPJ*wC6-HBvRv3WLgL6>Kd&iRT4DqB+8|>nL3&A@3fXA
z@#O_;^a!#qKFv*Z)^%DEb$tie2CKU^eOH2@H~(n_T1iqExmhM`ehP`MnCuxVofo04
zJa?G)wY_hOCq>TsGh(_jviZsl9ar;g81`rJ#HRN&JJ*Xx_khgKRVhojZCg33Jz72k
zlg?g-HM_>%0va%o!})DtBFI<Sc;Fz<)(I8$9XZbYp(N#^P9)40(dE>ZFC!$>x_!~L
zRkALB@H}6!OT1OXX}PY&a5;fp>yjqMtj&cb@_K*txzdI+W-r6!`LB$&*rMYLQ>3}n
zg95ze=lx98Jw@G)mfeIW{Gu1)rm4>e_3f%JMTc9r9j`S_+NsGU!j<P+3t#Y9-5*&F
z#juaJ|9F}lU3<3)tdNlFS^I_zat)gvm0f|66|l5&wjfZst<s_VvCj8Y)`rf~4rpc0
zE<`N9RCxblZ)=ukq^~m^lQs5S_I4Rp2A_4j%0Q-n6{pnPsy#}d`PEZAD6w>q&VAGf
ztb2@jea-J)9|F0;DvVR6*sZED{eE=8{&28v<)E|HlnZa0`AVI98Ug(D^R}B~KIJi&
zjJDoSlQ*9d@@Nymx>ARIs0*l-<E@@(Mmg8-)!~Y7qTOSvuE4;TH;6HeTvFm;4_4vc
z{_<isfo(+GCiFtWD!7NX=`ns;&A<s@C#`+lbmDl`%YWvjrsUCeL;~}u>N{U@iK?%y
zmSy!sy2EpDuxvyTy2gBRm|W(daw9TqPo-~T#=D7Vs^`P?jC7Si7>eimHG+=jfx2X^
z|Ddd}sKk=JNn8c59M_oV^U`^xPk5vBjU=l$RtU-AQ-%|FbuhlA5LNKt{pZPo<)%g{
z>ULK?MjH$RE7$CNQm)EV{OmqFhfaffHyaYvw!jr9m~%zmK57yJZYvAr?yTDQwj0XP
zUDuvWT~$+S0pm1zla!$6GgNVPs5w=qLbveO97Sl?PU)?ktGsP&UBxIayo6vP{KM%J
z9pzpMO!IFfk?+1i`x22rN|%G5;zG@@TA}?OA*VVj2oyKgHUry!&RTv8nO|kJ^xmdT
ziBGti%*eQ;O~lTZVVU&E9PX=$6g~@TLspo0t;q<%><khu$=cbMDqh8g63UxU^U{~@
zjcEhfi;1-U6Nl4}Jz74|-dU0M)WNh!;w05n2xSmjWzKO1EauFb9DV&aS;CUr#?QBb
z3wnU7S<;~?Xw>1bdL_a#mGQuPIXie0_iE&Yhe2qms$T*(YXkvXDwz2wezT6Q0w<v)
zYFSw!)YenA0$tK3#K(UW*d?@fC??x5u;=4@9q)=ID_UmBVF|Q8tH)13*13)Uxk10K
z<)t+oYD+S{=yX|OMq#@Sl3Tt<pIxtCRw#e?VpKJYUn<jQkk8J$?i0aGlKdR2+f7jJ
zw5f?%Bh(mImM|45Qj%Cc8)6$^w>O6EivDpX4JBd&82NHa&epAUCwj;zP3l8nO5EH1
z6WEvav^KlHzExu6MSp9djZNvg!{8=4s^}IK8KqM0{lLbQn(w98mbS~+DH|OnD-9<f
z!E$7mkCl_Z2~!v)w0ge2>e4P3Pjx?M71tx5|HFf$GxI#LcUK46Tzb*Mv2`M*_m*#m
z5gBY&yFe@vGfKBS85WfoI)86DT&ZAQzD#_EEYtA@y&6*zs-6z>)O4Z?`^T7u6kjhQ
z*XJesZ;r}utb-6nUe9t*5W+T6kry(YOGftEcLmvN2<se&#hP@GON-R4{|MEQ3XI-B
z@#E_?6Zg!;>_X73VEm>kDi#LqnHC1g>mhyK<607%?H>0fkT0(^dgvnk82v~fSsgMV
zD&D+HmUGQ=y7qNuK&(`9NtDB;s^5FznP<9PJo?z^r9Nhh40!|?6nDFNDbyuB`nt8R
zD>+W~;H0tN3cUUt=0n=X)7r^>-Vf%brxB(%xsZFK4)i^I_H*W9U8rg#BpV}*MA55^
z`GTEbkeM}!Wkr7cN2+`&sy2u)7t%PL$Byf!W2FNFj<pPlL;X=0wVWnPpAlRR_ruW{
zkEUJz&<~<)S)Wo3>V^xqB4(1qpGJ`p)^Wb9^!In!hk$DNtIfM5ycP#(M?hR{n>!rp
z@Q{;;y`P*=C{^aou0rRs>08gx{DLt&jKBZ$u(E}5oSmQBy2<JX{HEja%gb9JC9Atz
z4Hyx9Us@-b<PV3>U6iQFm{`HwUcqpaL!a!=vvxSR*+oIb0j2Y=@e(}xahGTImyn3F
z+o-<Qs^0~sH>y-Fp0R($K&bqgXNr<KM2(?JV4CbM%#Y%hEmcu;P2FQduPDfPuRz*k
zIWs)<7H{jwnzW`bL$b1+!iaU=i7vAq9lSW2hYa-_9dg^eo>A?XPQnRDHeA?d0d#Z-
zMwq?_BT8tQ?Dsx0?S&D8P}XY!2mf?-`{~x<&3q>ImcAD6VK@ieoOn9cmBtBa_Mh-h
z;WyJHTW>uYU7v2%h_yax8l1LCD^+u8inID_;5JBm&ziR~H)fbf`n`V^&R^)5v?Pw*
z>kyVkQ$z8TJF&z&HZjS~+K!7K8I*gy#T908ZcQr>3Orr_n%PX+z#GEqobClKlXj8{
z5t<9>@1&-W`tq6{@v(Dtj>4fSxtk)^h^LDo!|emIA4N8c#!{%%y1pg*5;wa%Laq|{
zo{|C+ty@{I;yg~X5CIc;dg5qW>az5wg~UE3tOs+QstbPZIvnY+Jp_s-CO1I!A-Tt=
zmV@ybJxaaoN=o%>4}DYY>b2lin84PsBY?NOc*PMXnsh5dZUL<fPjgObaGLs9`S@gM
zIzQ!bV^_s;c$j*JaZ}2&w9KOg54>jDVTtyR%6SBJqtgG#D+-a~;lHKfBs0P);zU1U
zz_G^RqJeu!-arzv*t)yEA5Hu!u~bTC^QuRUrVHV2N=mMf9LYiIsk1F&on*+}RQ-N8
z)epKY`M0FKLPb;us;QS~In@>iW4MWqv*uTJ*!p5RB=z17wWGilk|eue(D-QW@UA<j
zFAA<NwqHjly~(T0S8kM&*&T;2+r^?d?%0FW_-4t&f()!!^1S2+*+S?F*Uy~1yVjnU
zA<f81^CSs{`lK+2jU@K=a(@U(MduCdkH~KAoOPZGyFp_~nPPV*`*3MLC+4km&Zk2C
z#9!1Y=jGCB{ZUTxNzj|To%molezGGT$!*J5oAFcQ>Ob`u$3B`DSeC%F4DopN?5=S8
z$5l6>p>TZGb24jSsTD|?L<MA*_ECNB;hjX2cHrU#^p<n*$6$G?n2N~NNNyM7uGgXZ
zoXi!AwUkWpFHXA+r07nsx?Jcs)LUbiTg4S26(8bg6<bQ{wnYu$|B~jIixQ&lr0|7x
zN=1>GNS5z}q?L*=`6<T;V@Ku+^^LU6J!V|a;VhAXE#(`F6f-DeSJ%~n(o8y~fa(0S
ziYdLqz0!8@6O5WWhjHWyF47Lk^8A<`Al|s?J{~2{R!5cH*8YmH*h}85`gvg681;ii
zHmB@3ZbjHHo^O5=DrNN-ic^l>G&fUodfP$3%ip)Dcd0n-J%O@{<^0;AE6SZksX{XW
zr!P4@4qH5w$?4<|NUosfXVW}2r^Ke-9v9X@Kf~LQh2~{IYSXRIlfhUZiKF1c_t`8~
zY0&MBHtz`s+CgK@N1?;{1j%ZWLdQ7FB|VHzCUU%rj7}1C_rp%4IV>#f8G5Yz%ps<e
zgn861ix1P(>(|AOc(GP2)2&y*u89JvEdg)lLbp-$qpmOZb5LREdC8yu0Pi>xOvB5-
z4nF%RC*sknV8ZNMyj#}hs3lvgdgsEQwLK%d9iBE&5U$4HLa$JPit!M0{%q(>_Pyg>
z>FRRa!7+RSMo}&)UE6LpHYa-0jN?_e(Py~=Z*x~wtXs3HR^uw3IianjV-v3ws+KTs
z^vtqzmjT5(>OvwvbMmu!c}*c!yG$nlg=IQmd+)9dq_Y~U+I1X1lCzqY%&*{lH_e%>
z*1z#BIlA>#C=-#6HM@X*PfINQpD{~@3`eF!+9{2mH^Lf41Q#XbnxiXPQZ2F!w+w=m
zvAd^OA?N95!Q&U!1V~&3dLrlM62-;a*zsk(_)$}U<6BYU7(euaGKk+}F>#?Osl<a)
z$L}`f+dwVsE^Z5n<@4=QxRi1d&u1^4z@fccCwW-wb(09Cw=}WD4DnssAcN935n9+A
zc=(f6iTG%5PCh+dFgrH|=)SDHql#xO1&3>g8gG$HDBpO|Xv*GCb}ggiq{D<g;Ey+T
z&je?+M%1Zd6HuP)9c@Z_Rpw_%jh%X{Eh}UZue?<HkWv+hi1o_bgi+w<(#@KiztDes
z4f`^8+O1|q9aO4O<D|gVo-}}3H63V(2xP@$?veNh#1<3jb1Gk2GAyPHUdP~GQWf1T
z3>ZEzZ2FyY@ttzy&kTxU$3M&sa@y^A-34KzAk%8Xt#AO8b~D_HQdECJKiT)`+D6(K
zj*k8qV|V$0OS(e5&mvw4+k47(G9=G!G*ABG1+GQ<yK4aqwjC6SShTobsXSFZ_V$YW
zMa)km$61&Bxb?QL#phM7#|Akj`t$~`E@rD3O^)E@MdKW2ZOSrJto2vj2q}?__D(c+
zSnLzAWjypoTFib5lhm=rn7rQ5H;sAP+(7-XaIHJ90lu23WLE&YwxmrvJGDKXvDX><
zSkGuGZtNbGy0gAs9;<;VtgCYZ+(8sKIQ+cW!W;cRj{Cgi=6-+CU`tzOV&bzS3@!e$
zMAaclCfAxuMOIjN<k}*0!J{n0Ob}XYJ{%WIAnon&T%o2lGNl6Z>S<LOzslG`7FoOn
z;a5|)qS9oWKWu!ayfC<pIEg2#3}sT9)6|2Nnd2r`rn@OBAGGh^qpkPtRPIpkf21~h
zypeonkNs?||4eon6N7g^WW+pT_c2&n=uifcL~4B?(31}rlJk`B$vMZEmr5YBci`<g
ztk8S$`uOikfVSTktzU$ahv$0+k9ATMw+>Tw79)!#xmG&egMY0-rc0h(A_6@zdCLAZ
zOid2niQ%@%#O5L%E}^~eX>zrRQ68f*U#T<AlL%E+B{ZSn)sf?y3x1VLP&TVzT&M5P
zQsj=}=O@ZhO`fJz^-~-7MU6xbYwGw>PufRQ&#16*m<VVq-qiEfC1Nz+)oOfkyY;CW
z@57+9GYtG5D6FU%DgpRbDlvXOi5WbmYWBVA85;RF)6qyGMs8~~k)U-)JfNe@Q&4m|
zBYQ>BPtC(LoP7H;-Gx|K!Fe>%b%ruO?-^LZ&hbMtCe^7`GWnIYj92k4POhbP8<&m!
zaR&1RpqY#;oyi8KfdG0p^dA%rE}p5T1UO&jpKw0l4iLVsxt)U*+O<<!>fZQi5OkN|
za9^>1OK)OB%5wa1s@;c3tZQ8rTcq+l9a{A`)vueFhG1k${LIXyd|Syk<j2Bdi`gxP
zxyV1OHE)?Fkc3v;ot#Qcevr8wt{|0GT&F{+=W7yw@oUn{i?ND{_-&1r>uy)K-zw2{
zi?~au_ec&2cOKHUn8nMSd~!<P*K@AdC@Dj1>28zXL{dqC$sx`x-ho)YJh58oiZ6C$
zM^uswjyZn2(~NmwUpe_du}69oH%c})m^!$J&eRliUVJjJ;W#M&u<iy~gvs9Z?TF2N
zF=pO07V{D8rq4>ScH<5vWud99rcKjOd?vNbbcqsAnlInFZT&tlEvw1wQiV)=K^w{K
z=R!r<i-zgjN&~gc2u?XFP1RZXJq)hs;>RANExZtqV;m37sX-%7ymh4d8v!84Kj<6>
z)nA{26c3##OLhq|45fhDulK1c-cXA?JuMX(<#{a5alX{ZM(P@Kh4GzSVm8Xf8|gu+
zA;>H}wD63>kM%QKpx8>8wI2}m`Gm!Y)v-$RZv14fdTHL~^M^%7xtEmbPNs`IA9-$B
zF<EeXIkY1@lZy{Bew_eJ!+JNXIA;n4`(<<tCN&B6PWyB@%IS)!$|UtmQh{WLg!dK)
zB<woYH(7G4q&KC)^yAV;psw3GgUQ$WG-@p&WqBe+acVBHC#Y~RB2{g=V)AREiCHhB
z>JmOJ(|zIeeXyoYeSV9HJ9?*YJ6qB`suxaNW)Q<=BJo9$L=iKn?tHtO5XPS}!cSF&
z2SRx2X?C)BN=5oH6*LnxxZ*l7dQ((6!D)LmvY41;sYTxAc<ihD0(Kt9%K3fD1mND#
z8&{~__7`1)dU#hgJ4ROk{#AjBYX@i9S1V=#$2jN^8S9)C34<eYmKFcyEZ@4_dLmT3
z2|wu$%#~!#ho#PhVM~6lf|2x#0Bs+|KKD9~pOh7yRZl~f?`Ct?O(^MaVE14OZbFUy
zePi3TJt(@p%1gvgJz?@8Gvkbde<s>pmVqn-Z=vUFizL-=m13k+Tf#4Vm~YcV6YRd+
z`l-+KvQ(zW3^|wz<K)sEA?pGAPfvE0nd3{B(+1G+ruz2PPz{uKBk%>)Yuq`e#2&AT
zDKZ&*Dtm&1MbGa~WMIc5A_T#$>Juebv7S`Flh?V3=RxzB!%-*DGisB?mWzB=37gGy
z-|lPg%Xj(-Q<}8xl8b{jecB^Xk#bfL;p?YY%BuB0a@oveD7a1vTOYF^YgVV(kLiJx
zgonMP7q8Ph7ZfqAgMAs{PYL6vx^A_6Kg39H*vO<OQAJI=XTuDyr^nXw#{07OZ(gK?
z1ZS#i43a4_8>47#o}JlK4qr^1$k^}3*BR-HciA#=mGA48q+QEL)S|RMY|3r%!tC$}
z0i4ed;WBX7M(w_Xu$)8TdsrTel%M_eUKH0HdplixT^sV|xvO>^97S#X+na~Vp2?gP
z^H`*aOI3N}D8hiwiYGl;%c~yxCIQVR1)%FaXp5xG)z@Eh@X@)15iK{m;egnjHtQo#
z^RY`VpCe_D>X}JByh>{yNN>@2LsBVkGM^0?OUf@ewgvI-U;A>#9<QGF^=0R#*CI!?
zDrwI{7#)LG&(4wBaWO(%@}dTQn|Q{+iYW{<=M6DVm4D)+m^3k4Bbe9(!<j#=yw#HI
zdh0GY6==C1@;ptQR|;8cd8d;nirI^ny$^UUpbyHlb9<A)lG&<g^gidX@5vV@-3k}l
zebIuNthMHMrRX+1?r(?7Z9ly8Owu|;+<!j9gLWjX5VQS;(3^ON83sD+u;5kq1cmHO
z2<sr&#9Pd9Oqoe{%$mWio4K}ttZtNGh&+0sJW~DF3@Bc9Ep!d>vVI)r@Mu;dk|jsz
zl6|N1rZz8>{l{bOE9=9$dwmP9YbNUT`~6r*(am&EhUU2}b8mde_HkA?)sXuEE4Tly
z{8DFhhL6}K8`m)}qQ~xCsY{}(s<O?dQg+u4si)Y*dW}A3AoLs0s*^k_!ncYvl^(V3
zwLVt$QP|rIOg`qnOmmImI*Zlql+7`_3qqn~=NvZGIt8mb&bpdMZTRr=<5ygKh;k+X
zsU|xHW>@cRHK|6$I#c-CDmoW_v9Y7hFxM0n@3J~4|MW|xb0Kp{>PLG1rfVk8GsN`X
zLy>%QTEou<=g3vlxOehy76fQU$N=hrI6|H7TuPj~=(*c1m)evk`qEDp6@;XQO}o(M
zn$DVZrP^Cj7Y0`N(Ij}$1f51LIhiH+HkTq2&!>>hrxUSUNh>{CCMmbPpp3a>6ZrNu
z?e*gYOc`W&kJ&l=QQT_K10r2g2DTsD2;juu-^RDMEF2QAn@h|ObI)rwTLH=cymB<t
z!L)fkhl}mTDW%sU=hbRFu5HX*VBx$SBmf2s64$Ms=ZTuv#q4Sl_%GHOcdTC+QFYFm
zSDLY%Dm^tn*OYfp(UE<5RN)Ggh|yW8#N7pr5LnUa>fsGB@FHG+dXXq85NwI%vU;q7
zUwjTj-DA?OZ?TxIIPl|w!-sB>!aD5wiFWItTcNqqrFYEcE3U_*o#GL;cOdTja9xS}
zW4!C$jrpduy?Dv=c6(z?84XLE$pK0tThgS{Vxl$IvXA8VVqQCwkY=gL&G*QCb4E{6
zQpr{y``ODcT<aodlElAuV`Zl0iuhg&Z1Qbpo+u|{w|1T>E7T{Bu##yy%ZKt=&D4Cr
zB0dq%?+f*+tLBEC@A=ksvrG?^d-masUM4U0#Lv0X1T&mGSFEl=n#<qDefcta%OiMI
zwlXc4=lNnC0GwG42$JIzf^Q=(HZWtCcsD{&@#LN%IeNGdh0dB(^CQ-mAKX9c!PL8(
z<eq9I6A$Wd-3q`Vu7O_{yE9R#ZR7h2;iB!+V%Osk-JXm;Z3MmX6PyrlpWs{?<0GqW
zUR)+yHU=j#hoC?Hh!y7sJB5}dV)VP`zZQ_A_|e>fPNS+CY6pp7X**N&RQc%Ic|^tQ
zYld#DFhOboho)%q8*T+clrq@|E`Ta&A6Nn-(_(sK4%(^>8cOm!JVzXXwD{uqVZe{t
zN>hVhs`}F}`Sa?q_ZW);<j)+ZokC+tJNz7LWeka~?}9KuQ@zh6Y=@7NphWG|tY3Se
znd8tyAK7+e8z?5!frp?|WtP9UW$G7xB;Lm)sH_B6+3{vEZIQPi7Sg;IVG376gLYqk
zvC3WK-Xmy_1GZH?0zhf!I|6K+JR)8ER|-p~g+qw~ROu82-$Oh6O7vGx1hYx&2C_wM
zCZ@^bdgjm+v@5?kAf=3XgxUu@EOlDWU<O02G*7qGFdgKLB7f%W$d?DBxdGL4q?)BS
zlM-r>;y<7j2vF`uG=g)8cEetQbjbVk<~1K_0P9u*I^mDT_`i&m#ChZO>HxHz!shI3
z;1to>Lz~mX&Z6bO{~NqE>?7bo{-*DKml86B>zav=9RO7Nx@b-jLE63fPQqaR+n|6+
zVaSe43$I>T1Ei*p*-#3C)C~T2j|ndBu8Hs68Mj46tiEDt<OowBUF2`6+}~dd7V`h=
z@Be9A92^~IGkd#|a@O7!^nALL8^b%zzjOX6Fdmj<co;9jA*ua_9%6mxG_a5Ml*<Y^
z^gqF+{|B7wt#@_cwEl)gK93xBY3Xn!(4f2fvRK;`4m;|%^N66i{wBm<ihwfCvna^%
z0d#e2@O}ndMuM9M_a8y?{^I`uK^YZEp9U4hsXON7-H=;i{%6?ee}td}%Lo5|@ozvV
zB0vJaO`&bdK&zF$a((DL2P~~SEbRdg<d^G{dO&80m<FJDR`<}5mRiyO1?RzjsXmHn
zf8cT4uQuvjIEK!5Er5RyPX5g+!z=s>`-RR5=(S&A%YOU+P$c;knE7|eN5nGx0?hnd
zOzm&r=D!7Q{?pg}_2d6>vA7X?mx5d@#=ifHiv_rdU%~8thrIs-q&9I*?yS+jhzcOL
zvP=fdpSHz=Q0$;ZMYa#B{)jq&>!0wspXeP3=1c_s|JNY--z@rn4MF}JiUKfde|^UO
z;X)z#I?Bp(*|@dm<y&uOoeZ&b4EK2%MOhAzcQ@()cy~HqR=gfT-o0c{N>l4iw8;hJ
ze_99JHSv@*aV=0S&1zH7c;DO4+WLB78CZbfZ7)-(0cKS6;v4k;qRy&-U1uFZPU3T$
zkXP9AJRN-MxVjJvyvP_bjcF}YC&4-izVpx#>L-Zb2QUiuVf2=F-vTD`zXnV|sX(5$
z+_HSecXqf({<?0?8~fRKO(2<kW0gR^{Ii-St(Xh)r#;fj)R|MTHV4wvxj{X9#29{~
zry$1jhOPNsRDrVbIXt}4^KK~L1U}ob0JL~NJs%s0oo*Efb0lw_zU(q+D4v>oUIEt8
z4*@PxR3O0qFS#uDQR6S%M-_L9nlDBZ_W>J!p%cMZt`a8iA?NJzYXtO&igas!fF8fG
zPWt(@W-whOXw&C6{WjUoPD5;B6-Fn&?(+kwch-mH3vrOZ-b(};I2?V^U>M}$d#n?l
zgE(_L0w}B^Lp0BaAs$mwf6~PG8RWzBhCm9^X^APPFqCIHIjo5re+p<@)Q@3V(Jcit
zVOa$~n1hKuJrZ@KR{GW)f-_zF=DCo|T5d2~%(Mv|bNP~bLaoiP{m<e8Gl)p~`~%~a
z^eFB7F+59kdkmUT!bux~icK8jbfdstJ~G4CX;gQ2M$G~eDhtzUi(8?K1ppD*W;~b<
zyV@ncaLb14GQ>^{u(~oN-lm9#nXw1N2<Cz$Lgfh4R{eX}i16u%U~_Jd+(#vst@YPj
z1d{W8v+Vqa;6NC{NJGVjoRo0nmCU&^k%RM!LNI{nXcIjfQWlB+^Lr5cc4yOk#2OXb
zh-VOlMnNQFzEhgj2AU}nT%s$d#_H?bagX2-k0C*|-BCqn<kVoe!7(p?>X!qj{Cy{!
z@~EWmr+h5->C^c6#sz(Z>e~Ebq7#veXg}aHAkX|^@c?P|?tUQ#D>tj`>nm&BN+U3b
z0$1+dD>@h&OG6B23Rmudi=ihcMGtaXZh*V?KWvB}gMh9OUeX`zDM(<cxGIV*%H4fl
zkOtQJzcYvN1@|Ciwd86&91kN^gKxm;661o^#2tO0Ob*c02SQ+?j)g1S6oypl;&(Xa
z0Y!|kX6(h(2bl8!x;zNV@+A`cj=1jc&I1C^2AR&S1*(t3Fi)ZC`OpLTsq#-x9fy;G
z_-Du*K2xTdSq{InvKX=HTZ=z>-)?9TKz}c*Vcf{PFWu9{ZRYBoW&V9c4MkB+Dl35N
z<$P4tDy=OjVW_=8T2mH)iOSx4RDI%H#SSQ--vKaK^@#9smPt@OcwtvEvmvlEhP`*)
za1-WuPmQkS+I}@3l;1|gI7j)RIHwYM`0+Rb2ikzrtUVbba=XhYGdPAo6ydxtjDQ-#
zoQ~ZXYDpcQ^h=CW=eSV0T>xx1)_lS>`$O4_TdjAIOkf`nYHg)}I_q%UK?ErEI9HU+
zv)7#gWAvno^+gL?m9q+`nO7Q2PZ+G+S#Gv~DI)8QcGD?Q!%!xg0!jLh&ARqe5hI`Y
zH~tTM?->+jwnYsqf+P_|5y>bZnKlq4qexB)3QA}cMFb@0tVAUvp#?!CiDb#C0Z9TP
zAX##1GBiz-X_|h|gEMz-n0f2HU)?`n)%>w)YUu9gIbolD)?Rz9ildGq)L~%RaD#27
zLS@E<57OD|sa7}ZPE$r7W8IO>otW33=b8nI|7Ab{=5AS<=L>YkqA3B$TJL(pYIag;
zo3jmaH4q<d^6`ya(vxGrMH(l4A78Mg%bFssg#!g|H{Y$u+_7m;B$nAbkoA12v!^}2
z0W@L1Zg(0Ng4)BbJ94k-`oeYX42@0vfwrd93`8Q^1`{}7U*ywo!IZV$W$wqo_Z<ik
zBt=QylK}+WCiwwRZ{XiD0&#;5z%<}$o&oyEren9X`7yrC&ffA{&0V!(a|u1+raDHR
zn>U&{bsqd=`=JgsXI;W$!$UDz($leF5ugpB<5wdJ)ZW(cxUGp+GQpA`sg(BP1qu>0
z|7ozj3n)^fmerg6jw1MoPc~qjaYuV!gwi%Z6>x~>+H2YUV*V9-m<`Y_kV}->kFc=;
z!l>>y*nZ}80(um%U`T+9v|UbA#63c9F&7JzlyPR>e9FCD=1MASSB&3Jadyf34hWeg
z0ZsC8W?;skp{k#u?E3>Uk%`$wdiJRU(RZMlUv3RNRp1<1Pu*~Bkl#QV;PO$Oy6He&
zzB3h!znkO0iig{^a^l}ifzp`y=+ly_<3IH}+*Yf%w^lNb+9z<ZQHfOZb+kEyUd8J~
z8+>^F;CWpRG7n(=vO%&~lYuLb;V72@k~<o<O_1@ld2BiL5B!7rHXx{=Gs@yU_&8i@
zU&X_gKVSzA>1w!lwr{|*uX2QaGGLa`SQ!KO`hklxRCCAn!d7bu2M7ML23z!|36mU!
zd{mB1GrM5jtcU>RS#ze>kbsOQU}SIC2bX3n91>N5U5K!(QU#DW837dCH&3@~A%3ll
z4jJC5WdlS`H)&uBO#QJ^vzq&q_maGvp@Nqz+cCiSc=CgcQ|IVp`mOSnvx(pwp#L?e
ztN;XWNmJ(2lYhh)DJz&aF?n|ShVkbGZR;|WRPqg|9snP8s3W24b*(V~1Z+p@HEjP6
zMln~TmSA=cs`x3<z`fkM=r@i2V2_Sazu5SwWjz+nKrZDqJ?zc#&~GLU6o}epEsSvS
zRY3g3^JHS+^1_7qbw9*yO{$QYI(FFUYESKMwmU2WkVp+dfEoezLmMz<v^*#~fJBOz
z9e&*C8!y0U3G37-@kfewLuAllzUM&2W;CHO?z-7+9PoVUcy|{@6-4{$K8qscI3m0R
zv?I{5dghsntC-8DB+cqw{Z5G2<WbRpGkYJz|GhZ6uKcq+$WPXkDX;e~x|+2-W=Cr~
zh7VLrr`hCF)oy0mak#WJ+!?!g0l-R>A=gXX!>K{X!5hqz(N1sN@VHL3FlSbyPZa!I
zi-eA2$jW4spQO{qRW^=IeJr<Dty7yo8F7&+PM}(?i!vxe8o!{4lUA+&2Ka>**0E&i
zbhH;1OcX}8TeY<}-2p0t3^bd7t*OCWluiM)8*uryPVQI?!~nFcej7A<EFJk{3xX~m
zJ8;Ckqku6mnIAcWyyeh7?~Fn3ptxinY;S2yeUrv5Pa7t2Mu)J<NS|FHl^+M8et#A6
z8@cyVfyj3xEyf`Ml3;hVUg02mHn9QD2#*)d0pmP-Q4}y5FQFfO@9Hm4^f_FhqL~&l
zs1J5wwrjaC*7TrR)1Q}08e)Iw=spS}#eaj`m-cux_uhj?2~l-;^YiSRk=}5z+4BVL
z`frdvF+}y>9bY@5vvMIn@v^)My^!TI;El57Dtw#DC-%fb!;9kuK!z)ZE*ce(mw7K3
zR#QHXkO7SsnA0DO#QGWpvjBKhSGnpqwU!dJz>@E7cB)WVP&>&P1hzf5w#RbsFV*Q^
zt{(VyOn7VdM=*J{0T~Y&<KAeil=M0H-PlFW{D{o~qw(zq;7U`Q1v5m=Fc^QzOcI;)
zJ7aKarX+vQ4<b){E#~aWa;g_}NAqve(rAeQKdr^PJmeR!-6xb`r1cxgz@+N)p3hB~
z#fC8#NA>rJjP$Q(AY#qa&<9T7q|D-401jIV8R!7d-teq&Bsjp3JX=%bt~-9RR-jp_
zHCH|;m%3iHKvF_b0NikifYQOC`al8M$>Ifplx|eIsQq+v-sQ`3l(B$lCD-?OQXWnT
zcE4L9S&B!zVCu_|H-7Z$_g?n^hLH4^)LX-jc(aL*qS`8TQS$aBoBb+0w020)<`9cX
z8Ktd#0+_t{u^elU!5YjtU^zJ{Kjn8T=DJSkanJa?)ayr77><}fWXy0ml7nw}A#x5b
z^iv81H2eqYG2L-tZt9%PE$y*eD$okaw!HB2X+hJu^{t&wKwn+TKRPIM8KR%#XLlaS
zQq#~xXu(p-nQ8zgC<2lbFTsi}K6wgQrS4*#^oU{uZF0?>9&1N_&e3%_kEk6upY7M6
zWA@$3Tos_lqj!~WHF`q18_X5j`K}GG-HvZH-V~^gWx46<dEQSDJ;;+*d;i`x>3nH(
zv+nq%Rr>VH>8db>UaqE|!up!Ej9ZMG?kY5H#*w_Js8?xrebm+<YeHum;mv<GauFAD
zfQvByyY$a0K)5QP@U0J&y!HK~@A~stECpv^PNBErl&Teode6a-_ZV(CajREap*(3C
zeK5C^W{bQm!rX1xWA#6esWcJ!Y<00I8{cx7HjU|N=~r^ObKvsMOZD!L4W4v>{xPie
z%8H#RpHYrJ&V~e}_fe2A&n;z&?N5e2`mUZ5cIzr%(=kmdH0@(WYc|@PJIcpAsO)mn
zGU0ZcIzjSDJC7!cdo=9LPMpu?2S}2v6c|p1a8T2|=#NnFe8J6qJzr8jn&YJ3k?Kh>
zj#BRnr?1uE6<->IsHsR$t*>qj*H~REz&vU)p={P=!$bOBgy_#4o##}Q$aml2LtGn;
zJAe_DZlZV&oft(*{?4;dEy+=}o{$+5i*$^Saj0;=4KN}oj3HqpF1+wtOR+lCf|0R7
zNZ?e`E8Xz>%SOn<6uw%3na#qYYDzT>8qas9;nBM5>2jy;S6s^w#ovA}?U-m5-w8NQ
z2`t@E#{#ZBek;Z0qKd7J9=?A#CscIoXBF`hl~GaR4gS0|Uw%VEyzyD%_!dXK_Y9Q$
zpJjFZ=}0p0OGbpO9w%@_WII=H$&4MOx^9f`b~x|n|J2TSFv<CTT(C~9r`q@ir*!|r
z@yFJ2Pg#y1=L@z3BWfZ(o)b9QW$mtYoCTcgbxrmQx&f*#uQN!%LE_YxDbYS+@i>yR
zabR(Sg_RPv$W?MRGRC+|(f9xu${F(M_lP70f2E+f$vX9o`-t@^=O>!s$#lYcCuFrh
z7i--~@cBS9d>ofopvW}-{4?^ouWT8(O{VLk0_V!fU=0lw3#rf*IrZ?0oIXC?RPp)@
zd7eeViPDS5Tg~XB5QDvzB_Y+fY_Fqjyv|)f&WrcF`9X1l&-#3>*JHpS@7myKH>56j
zJhdO+ktQ|~BzN^LgPKcMjhjS<sBf}HJY`;)nHwMEeY`WJogZ~Msix;%C`0uMzdm?F
zJCe@xuFS1CZVoDuKoy2%UhdCY*Qk%l#WXvCH0S)9zgM~wC+%qd2?U0QlG8R~<SDvj
z(Ow29@41oHUHjPM?okA)J-eqOMBdNdwTP^%<#`_r58xJ2O{EPqo|I2-!h0B0b{Jln
z6|&?;=Dg0(7w+lgQP5-R<QGg@1(^3=fXS5g!P_pGJ2~n%T?%gZ4|X5T6Dh?8Tpi$1
znB<V4g@YyxVOB{Imy%BgQ~_has>fyZoU4-`kILE+F(#umBh;iVU>V<=4)?QMyNh_J
zDl>ib!QvVX7WfFJq9MzVorSrEHg?lu3K--@=(vmiJS4}YdE=<V^p5Dg%f23FvyUD|
zj1CeXCA$S>1doKUY0FP*uYwbAPfcJjCk<yoHZ}acTE~N9na`h&IB{(H9W8w04RG1p
z4U#D(%JBv!J(%&pz0|c&#{Jx%Z4x$8<i|d_Jvud2mtG%?wJ6~TJ!6Gj`&t>3Sgd}<
zii3!!i3LXEax(&68!2<@d@_W1++@saHD^Z(k(-wn0=|@^!5^qps3k=7c@Ky_r4Z2v
z!7{NqtD$Vw9G{UV)<^LnBQ0I9Vex1zX6hP<n~S}fUU`o9v#xtlo}UY@6$QOS-ivuT
zb>`<$=`1kuyvB=E$Mb<l+m21&>e^kNz8f<<!VN{w!x2CIr5asaLCq0=SFrEOt1EkB
z&&_8aeHbikAw5b~yt;d{R?DiEh7tza=;RYK9(s%he8{hx=6G)Lk@_}#GY}FQ9MA1L
z57XP#T+@gK+BhH#fwm!_ONiXQ+*JTf?*uYrYuh<U=uf5u8|U)GzD4T!UQRi0^N98q
z*nQy_A{Bbx0PApGYaK?V=*WTKsS-buBU5bEYX=^IUzFHiG`E4$Q2$~urkf$Z+aBmf
zIm-SqM!v&(v_{?g73x<gOox}*y4<eqf}7*6$-8^8B~OZ$L7T}p0yyHEDUa>3jG-3X
zQ+q+n0v@t0T$B|Mgweu{bxlb2wU5*Z&F~|cymlthps5XWPbY-2Bvk8E^oA$*X*Jg=
zKMYOJgamOApv;}&b-Wz@O-Kf>V!vIevlmmY$)x773i#GXhB0p@fqzvbbh+M_?*r>*
zEb)=pB3qutoCX>i5(dQp+P4nh75GqQ`btAwV99y&K6(Na7%AT2P5J6oe_q+LBG1M&
z`NTHzkj!!3c$fyYXen9O)h&f%u3k@iG#(G~c9LKC4TSrhv{WUn9!l+E6Waz`=K1uE
zr>So_zFCmN%ErB_B!CsB#~r(<{ufs?;ya4K9bZREbt(`K$egXU3o4{W6l{#3%k1m5
zRNBcI5PWSwTWa$Q*O^R=9U%HwN}$Udl7eai)AJiD((M<jCf8C#Jxr54OZ7oRqg=_p
z>9SRxq`0UjFVDlN%#8Powb{9}Uqq?YKDqmK7*aD$H-~S#Zf3*<zBGSY15g(AGarmH
zsq=<cyf|skb;}kF39g2M>p*8&0XlzeQO*|l+I+$ami{z$9FSX%;l6OwQwc*uwXL`E
z0q4lDq&CJ9FV6T80|z}6R-ge4JL7B@ZViZ_FFDSd3A1zNR&u?Rp(=-I-fz0E53GUk
zLdl=SlYFKYo8%Kf^QJ%s-SL-?m)BBUY#8XcxxM1gS}0sGjlO9!>yr6wuuoGX;rbn;
zr8n1AcHZ2N36opAiaka|e+pDed=<D0D1ZV+y=BHcKx@81!neQSc?r33pt5QM@^D6K
z8hx;ioK0ObxF6=~2z0Y4zg!oJh}xmiIt4#Fuj8vqQqwc?oLSd*0Q4PpA(BOnRAT2(
zf1^kOt8+-Pxu3EA^0OELT6iAtF<mSi%0etAFMvD#W;7jV_k!Z+DfnIMKJ_a^P`j`0
zn>`@yI(zJ##k)79t?pbLCBZtKWG@3|(77%!U@N3>Kl=jIS*cM+9Wx~wH~EOovxUrL
zogD0BO;FL@nn;kVP2qthvvz0Q0H{#@VJ~s9S<gPjb*Sm0q@c&$cqD^2YENthc0qrt
zmgol{!YuUR9r;~-{m!CGCd)p4G;e*Z-rD70u$i4qP<fo=0A@lSw0K=&mgto`y3kj~
zT{;YD&C(kJ0OjE9&79JojEcs+ke{QFLX2!`K?7tisWC`0DL<Dwv9lPpfmLk2E1?u}
zhj8|zSo&kcPj>}>bG;~{rfh-to?8zx5M0S#Ye8Cl6c`esI0)i>N~LAvcnVH&e8|ie
zpnoxcC=h*i9e(JGa?sC%5)g2W6?Y+b-7s@S&bxI75j`?{GSkB*bmHrVzF@1{ne?-M
zbOOmaCT~bp8J?Nnj;WDX-8Q@D(si&ltbhky1=XIzpuZ?#c28f~SG2-E@TIG$A6>O_
zp8-x`0qQiSgM*%~uu6V$E`c-5Q^UQMAzs|@@G;}#;Xv;(Li)+ADhy~LpMN1c<oxN=
z#GN>+R3n};BXSrigYX<^Ih<{>dQGw*bp@@>xWc*&I!-pyVSStSlW<0?(B9o~-uxy2
zbkqu}R&DR-_|Y-nu6tRc1s@q7xR-{N^LYa|XwjE{&jlilj<Bk@P6X(ufs@w<!<|}G
zg}q*C3rwuQcooM)DFupeJ4SuIL{oNl+T?SZr{?uZ;*2eh8*HXT+8;HXrD7<yfC6Qo
zTJzUO_wsj``1L`b*t<Vh_xlZ|wJ3F9%c&MtssY7=5#J(~Er0d%RX!5s#%*FvzKwN$
z2p4HLn}t5tg_YQmFyCOC>$)-NM|&X5nyQhGl1WnrUkuy_dyvo0P-k(Nx3J6C-*B0y
zHqlE0BrAXKW1lQTfxyC6&kHr{sc4Q5A<Pn`g71z;=^1M|o>Vpt9QoLEb1rvXTe|NN
z5D~@<#!u3d4#enty1mzXePilXHzaClSh0zR;6eyH-0Y(+-*mc@H(!8BpGoD?d~Yz?
zY^rfEpPM~`;(S4}8XF<+>q@on_}(^<iRE~AV8~}yP!^D#1EJYXs?lnjFUxO_o1`{$
zH6QEMb(engj-H|781EvTF|4JS`nFfo<JV1A>a0TmtH@saKE=mXGmsS?%|_$y`{^W&
zkkBZ%=MKe8v3<BTSXKoNc@$6G0jI0)H9O7KQUK~zdMUw#8ZW4IQ8*f!rN@lqRiPJg
zOx2hlG(Czeu1_5ME~ztjOJlXj$KoFusUPdFVGzBqJSIfr4w*oUzf|g}5&>e>S#!B1
zFcC5oM1L16QCM>XDhdBA#dOaf5eIXhak$u~tk3<f^nowRW$ut$)4xi?CS<C2(dQ$h
ze+)&u7+9JN&wz9CDhp;SFAm@KJ(X~cVcG1Yi@0X(_vuot(vgBDFQ9DA$~JZ4UYJ2?
zk~>;#9L|9Jc=5+=ToKTG;Eo0OXsGE)e9)~En@1N1a)8X((3ZC<aEBsO(IavLvY_xZ
zO{vqk?PUTWe^2@c+;SeB7H<C-Q*)2=<bV`>F4s-vl{p7lrgU<x7Cf=@?G?N=ro{47
z+R~&q(5J%()3}y5!bk&#beH>%FV4lAH79?2EI}L)1=7oas4WaD<)q0@9JN~`2-R01
zIjMUtu4^Vnjla+>i<h#gH|)@P69Ner9~>&rJv<L;Hz(MaeW?4CT+FsE$6~sdYf!!b
zXy*d7nvf1BDpP+9jnWe=r0`Yp$FW;#txDR;{wU}U&a~~9?eT5s@>@ub(3XbE*gUjE
zMb{1qGE4tLkoj#3nTk-op&geu!*;)`Sc};a<oK<WRRvbv5a&QO9w^;4zh{?wSWE+s
z|7Vti2kQ{V|L>9$e^4-9mXd#u7jDZ(r4pUJrCaw?Uzs8&k9O&7izGi{<l6ztAG{GO
z^gKrIzM4X*Ov?l$S$q$w`~T{h{|}zPAjB&WQNN=i4?I@thP;xYI1BL#ekr~Ehw6(5
z8Kj?+uP{6?P)l*Y((Y|ZJ;Fq_^V44vC;qFlB~ZWtwdf1~!5&})P<87^9+gb8dR3nL
z!!RL$t-JyAl*<b#z1{o|c7+JUuJ|);8lX@57^qs=P6hqB7#7f*`E$9l|Efg(*N+7t
zqW{fn{KfP93igW|AlSz&0@;^r1I_T#ey%p1q=t&8*fbob$_0q)HC<cz1nnJ)UnS4K
zs6>My{4=pUP!C`-0aaFxf3>eULNp3BGoZ_E#0dlHQIr*<3CQ5@`GIRNq~G#Z==DsR
zK<vNQ-yPn8EnPWEG{eF=nQl-cfOrpf;8B2pf|YO|H1hn(%>LyNe$I;gGnJyhR2_np
z3{L~z7ewy@RZCEJ164dpNYzMDBKjUBP#$e5eP9LlPt)&`L!d;>@yBlb^|5(r5JLV;
za_FxY0mN+K4eqLh#KAPGfjF4sQkPHw$AeOi;J=V*1(F`Hn!7wHq~Uaw|1s|L&=x)(
zdfS*5@&F#z=z_K|WIG`|IWrRkIszJB^K)4i{QIW*Fbp<H_sTi$?VW#fe7Ns&haPO(
zKT}r%6{A1bV*+LK|9ADH{~bvPEQUWJ6#+G-yT^fA(wqNSZcuka<@j-vejvW4R%sax
z)kjW4fIB55(82xhdQyNA2-S?g85cv;i2U1-C}NY_#%%;gTkMm}92*InS|RG%Hb}_(
zpDSqpAKnkS%#o-OU!HRBUyZDwg*gvtia1mpRgspgS8aWvFCYz~A0E=s)c}e{5Fqy-
zOXB~s6@ivNf6%{=3+e`tu9O@~&d~!T5Bbt|JBVfY^?%AT{0r6~IV|QTh-H!gu{v?k
z>coq17aa%Up52zI%OG9_LD#b1nqqOKW<@Mcx-zbb`7L$X%j0;8JI4<9@%b)ryec@X
z-*E-3O%W~#-xN?-g4C^PpuKkM_vy3!zY;MUn4Zg&uin~zDDQD6{#P5JNL#XA@6p3R
zp}-9l=!b0XGJ^k<g-|brZ4*fG1qabB|4H%1Y1pan%s@qUQhAMD=z70Q$zCGtw@9M{
za*|>d;3*6O5B4Gmoyeio`60kRP%m!4LJ)Qb82?2-gvteIFFG|}(#53mjR{_uT%l3I
zfO{TT8Y`!OdR8C<4q7EG!Qd&d=HV$8z8Ec`u9IzmpPGFg;3vU{!c}LhOoI*UxIzr;
zPLHR%Th>KFiBZULQ1?ttrWGRvL*>K;0GNN5iTTA!ZLk{D(#6Q}-f(QzZA45e<s-2{
z?<8FdWqOY@KA(VG!Y8jkf7E;(6n97D=?qbAziV3=-5)#)KsVWkX*BZyZ_|o%)LI3O
zn9b^m;(hIa3V_~Qvd|8Y;ED2t9tY~SP}p|-({XI*x75WzJz7@50;QOYgRXF|US?NR
z<mi_lTUUTDIct@wU`699?DW%mKXOY%Qy4U?3ddf8)IRm)qwG0M6U?hi3fsc&RVD+d
z61ixNLnaXw`NUfHsrFAlp&z~WkI6d&=k<q9MX^Jw20QYEwY$9#G~y;_=ACM_wsvRk
zg9I=v_huq+3<l`0i9_+@)FR-sb?c+*7FeiRQ1~r4<hx8^hU{!e6kX`YMCP7B5A}^B
zLatV8c6UZkq+T^oK(3nYGM4<8D4|9wh%z#9W01YiVwarZ8-D#aO@E=h`Wx*yuqQT{
z?|OZkO{sV@qzZhS<)y)147TI)_?y#ktR<uQ@t2Vr;KsmSO+uP4Q{Oh>5#VV7&NSLz
z);>`5n6w$PvxT0pLuc;(;S;h0<s+>z`dR&}^{O?Na_tcL3A|)l*~G*q_`8J8&(;u4
zm<T$jxsZ1$pp&%FLti6r0$5l9J*5Uf-ta_&)&l4Jn!POjNB*=U;!8QxfW@#a?3e2C
zuc|^Tp^Ty(xxnAypr|X1S`zaD2h8rL-n&eZ*M{qGc6(XmReV%6<jK7nPn9R(x#u7X
z93oivF+kL1Bb&8)yL#0zJGV5RQNroDVHYI#1nD@8`cMka10u?`9$M`=7a(`GL(5+}
z_>@r;Fi-kol378cP7Y*Yl5jB2W3#5EDsT@m2UOe~vJeMmjy!A3GG0gsU21;}2QnIH
zP+;B~hI)gx0mrBUYP3y4P{4m<jficBIU^e+!xnS!P4}AtldI&AxP{P_2`Cb9JPDCh
z+yP4hUs8mrr^Hn*xIumhq`g$f07>XfOQz9li=V9o+fl||MZZ3uOBxCDxQnBz-rH5<
zho&+FouuS6+$Z#Fm8eVVcC0&JNcXolI)RiN<@TyKVYnSwVrXnz^YPryL$_CoE?igT
zFYxQ}+=c{-Tx(fXT)NhJStWt48amGOy)9I9)n-kru>y6zqO2E?<HHLmXY2C301>tR
z!S6Rdq@p(g6DZI=S>Fb5(s{reaolcTJ@`Sq_B#ROSScuo8lo``)XvvTJD5JJ2Y@<o
zn^hpQ)2HFBal*j>Wb*@ote=VkS!r&al-_w*_Wf!ban!C@GzJT*<86r!-O6atlpwtA
zJtr}~fcVj`HFUvq#lpz`(Y+v0`yV#@oOCHM%I{J-P?vM}y8M2&i{j2?`CO8B4c+Hx
zMMrTUDZ%i*$`1h)gr0nPXt2x~WLemH$qJ%)sA<oFD)=hI(wfY^+G`8^UzEqKXrA9>
z=qTL>FEVjbV)-)R$k{Mf@1U1DBgQA~)cjXZomXNj^WyCNJW80hMy>@&fTn0h!8Rmd
zmQ*C|qqq((1NUapY`%46{>URKX}I(~em>7d?Ib%01Mk5TfR<feTMBL#f=M|X^p#UK
zfdG$`tP-o53;kkE<+vBl^(Z%Od+zjOaQA#F1L@15MgB!)@b_Ka5c`hLg&)~CR|}DX
z%G}+iGejLOK=oM1_b@uROEPO(z=~eS0~T7y->M2Ae7=K_p^c+8>n1KGSP(mm+uIuf
z&x5XpZ8%+f#S-fG-aI)5=1UHPny^{@RC8{3v$+FVJVyW>MR*5i+EXq-)sA6MImBze
z=6v*E1u!$(A#s2U?+9vf587;MfxQp<Owx`Y9W95=JXQ7^q_Q;7;KALf^$K1G&e(IE
zhHwQaM4LE)qHpn;VTf`>=ucupDn)Bi)Q1!9?52_um4v?uE1C|Ia7+Hm$m@;rOskXx
zY`VVbSJfT5WAY7yu@F8a0hX*>-w2n?u5uZ0s1Yxy29@?K<L`jz$6U7dl~H#cvQ#>p
zEqUSR+l2D3JT$S>xZyzQjSJqZZUEn2+@odAP@0s#xuqeoa<^J0yE8&DNSd&bA#=}2
zaGqtqC+XmBVE#u1PyxC*x<0d(l19gb{n1qbsyGUSOdJN#HqG4Fbf~`o{^`R~PH2~m
zZu|?~^S3U*!BQr}I_=XpZhoQm!W<(^z*s7uZs34db4+t8=@VBTKMq@yB+o5dh`Q-r
z^(ph}1w3FVY>lz);Q>{vmiLEJbi~gO94{wLWpHt<Ki%YJ!ap*bF@zaZ2D%-){uX2R
zmELrx@LpaRjGB?kMy?V}Lba*#POfNz-ERL~4)rTqK}{hMtAMDtrdDt5IR;c89etmw
z_Y48>)$^Pyu0>8k+1kwadWzW%w=ZNYyhALA+_K8amE2N*%Z|tBJTRdx>(kNSB|TR0
z^N^kAX*k>=xvu66gevE=>3)O(MJsXYcu+9z4!(hXPtGFM&=<QVoI%RachA^RX)0gz
zi<^7yiaCPh+<ms^vuB7-y&^-6<rnXH8*FR6=23~a;-*$pZzWgW?#FMB*YZ9ARGequ
zIZhvd2#{TC3RUv^aFvpe99RcDm6f;cTwewBD!EjESswvB#Q7r6CH-+MjJ{qPyC026
zk(8LWKQVmR>ce)peU^^=GmZF<)97iB{;l*@RqNTW;fBej$)VO2l|IeXbu{!qbZtZY
z^sNkWlW%9sfIi_~QS9Z^^W3&>_|1WA-=3d&OPW(YEZ7(yuHe}+hyk-zdbefm>$w9V
z8u-)iZzmx@&s;ga`-v2?8P0;O?D}$F+2_^qaTOZ5DHnDc5;PE4gH8EmO2><zZRA)<
zElZAvr=9)C*IHsIh*mN71d@;O^>6(6U$fDq3q7OeIR{5oq*Ur((KDV@!l?*pFGoM^
zwke(gE@QVhkB9^D#eK$!Vk@^{=0@I%&1UVoZsdNz7p04rB{ujH_gM+crZV~~*BrbN
z&C2m8TCNL*nPAb+m?fm0H_{mqY>FZGytNn!bw^7HBFlf^4YnNtFY3rk9jIhYtH%z5
z0k*JZEVu<7vW0)C*yapsC8HwlZLKOn5+(+w0K@B#rl09@WM7S%;AJL0YstuKb~{J(
ztqS(V9X9>y8GUd3W_Fc18((Me&-K(w+gGqqKf0!K*MY#*{uo2c5>;jliYJBVhRRy>
zho9=wEI&H|ilrHR$E&HNYmKv}F(tIrKQPdRSJNN^tl9ynO8-rq&5R=UqcP7Y2uOVk
z3I!OuA+wBKGwowedFOkjgS1mQk`)W=f|TS-O!i;UG^f2@I`1yO0-V;z@G@f^&SW9C
zh>BEeyV2lmRTUj|&>k<Q*>!{!8%yG6MQd%x0X5UJX6L}*RtTalFT32M`fdantCmNH
zEi2DaX*E^7$DzXe`1_tz<WPcNMEt86B@Q^N>=<@8apmCBOjN`FLP__x+h2&~!jT8V
zL$pSAfTlb*6oN@X2HB@9$f(eq>V8)<j@e>0G-Z%&Te?Mb<CQ)Z<UHL1g)JAQb@$KR
zK2Cl%Xy(G2Voz-R$_WN?81|bOpoQZLYJjqvZpKMhIV{&XA)g<~uDcMkT#S>(EGtZF
z|Kq*&bzyat<~I^}Yj2!BjD;s4$e=fdBTwncogflg>t|D%`vF3|+RZA*Zhn>Lc@NC8
z`IH^V;Uc#0pVrci#uj|&e$Fhu8Dze79px)KNc=R=D?N%ZUErKf{1)gx_C9|z2^K5)
zrvo*<Y5&Yp?2sg&3}<gza3G&8=G=<EZYD3b=@_(q^{E=c_bwz%36fo70NlMc3#nO!
zLZ=zXJO5d8%$(0SA|dvQYn=M1PTNK^wQ~4C=(s!?tg@q+V*`?Xtroa>d3eJE5D$($
zXdk5({AmlXUWhIWnkqaI1BONKG&?_E*6yYr&!;;S+U~`8Km)CC?{puVF5>;1=Y!|<
zKQEYt@Z(bF>)uGY9vke(Qr#6Yx6%BbM|`{uRy%^okg-L^WnI}z`BDkEYH-JjCD28i
zX#F-N?MNww+Te5EDgh(FgsePIDtF~}b;-yQFq9lw=82#tdT>SwM|`jJ-W?eM_Kd?}
zqABwIoIEiBG3W<lO(<b*wrsZgEUt^ke9BA>;=uQ=q}~e^5?1L^@8Ph8YrArOih_`*
z`{0^ue1~321c=!TT?H5WLjk@-j24d{X!>b&14=4={Xj{jLIc#j2Z4rFjBoL>HOBl-
z1%s>#GQv4{D$VbP1wYbnn(rW3Qr@a^;o~Cm;Ile<@DWK8U`jBO!)!xnNk|V`6s6yw
z_3+H@>n*7!faSR{ELgpvReQF?OGzk_OXF>9nwdg8OFBV2{%P9FN@61QHS)DbjW-HR
zZoZiKIc>sy<&$2;yeeRa_$=~1%+*Rw&r3DVHVRA?XyPNgF-5=lAeY#P?K0!3^X;HR
zoY2ha-~n+abYJKYz2UY>zv_=DKRNj`o+0halFEfGUB3F@tsa^|nw37Tc~1F+;;DpN
z*g8q&>3t8to_`7htA>7bCG?*!)W2P0E%mE>Q3)C6{jWhS_nYZ4?moJ&ZjryH*3%My
zMdjAUbw#d~27Xg&Lku`E%1CkZv+oszd*(36Ug@Cow&p-K^6~Q21RLiGsfdR)COc4s
zOFDBn?Gv`p#2p1$-*G#c8#VWwh1pa^gA08rQrUSa1j|FJPKxtRloKW02|R6bi-cLR
zkwm`N)$mB2t~|4+|DCgOcWiCwZyVfBFn{(;r;0H?;A8TFKO9rtDWGA8-H5tt$H%oj
z(hEz{j6}5pYMqDXyvl*2eVzeI&xc5?y1<~m$*mKlO8ZLmVs3Kvw6zL#AZs)<GF2$u
zoq>5jkP$M3edi7jcU};3At#vgQ}%v)5c9Qa!(OmK4x3-Om=#v5BQj<`VN0CFak-^d
zH|Rjd3(!o(#k%DMvAD+k>6E#WsEHX)n5!~=S;@_PcQ2jEGlkHO&{jzDz_z;DyQ=wY
zWJu2NK&g9+#pJ4=l`q2Pgk1o~ZuNYp6GwRKY8YnO>XEw@`-?BAa}%!+b??1>5RJ3C
zq}=_O9FfX?GWh-JrmN3&m$uXkt&+NvCnnbulrSI>DJusYX^~Y8jaq(-%z0JOy5Q$k
zuIsaVT|9d^(v{W~<Ge1Bmz8RGIq1lJ_A_JFZ(@=#%VKtJPsOseUDjCHP_Xy7l`^A)
z7<MsZxdZV97?$p~*f;Q6hF)S?3W8TlF(FKo&iI)e1*~w2)j|EB8K%%-p?lA`*m$Si
z+RJ_f4@PO`*#+`E)J2OqKT3f)`2*iC9H)QOa-q!1BvQ1>G&i?Zx(Lk;O>LYlvDdz}
z>I!bkYg}0!7^R>apz=;?jhlbszSIpKbNrDPo_|+weyS<>oyh7v%#;LGxDRUC67Fw7
zeCh{L&RUB6@g?axRpa%{V`nW~bQldSh+#Qv#`IyjJ=SjNp4p<Uncht;G6R@U^Xwu9
z<zdXybuU}P2d}nzwKdzT3d1HM^2b}8H}DH-4eW4G`12CA=+9Zv800aPe3Or9In9mT
zWZR9uU8R~mArD`=`jq?v3Q7&j=OpLE)D2t3uVDw&z5PO&+AmV>2OuyZXKMs4PPO>t
zA6yJp{$^x~*Ud^3^cL6*UfFZ96HpxA$u}txr!mFvZSD?+a1@hk9vd~oT%2}oU>uu3
zonW$y6vI-I%=s_NV6A<b(1LX#`!OX+_Vjtd>@Q<IMqBij<m<1wQbAWdub&3&mu-lA
zcic@b62jYR4G+dGEo?Esf3m+Ch(71mo~)mcKN#IMGKoG880?Y5K#y_Ba%K&XLSWR@
z>7T+~BJ)K@!Tn*l&y#erekPG+?IM9i^#dwAe$BJh@n;h88V%b1#*w4M#YYs8&m!w8
zH8F2~dMqAkVtC)DFc9y9$T`#RQou1hAnqDv;Gchf*HkQWf>Y8*PWnq5PlSmf9l0jT
z9cy>@m50q19V>FDmf>5VrRy<)m*L2x@S>;cV}Ty(N`iJ@$z1J+(a>C5)~CWzH6Akx
zW6_;SGUKg3XSmN3jvIwJMLIs(026V^U@Rn%j{NRM9Cv+_N4jNp!w9DzMeP>Hg(weU
zGf??$A5Unz7=nFt<0g|BuYwP&cR+@QFWq46fz3tA>p?}tV%U)xH8p@msG|jgPqj(z
zUbEhKEZD%F`~=PEH{?ygj{@@K2si;_VU_$xlMEVTF`O9_GRJr?KdaS!5)bY0nHb&K
zrGVYcSpO1}WXE06I|qjAif8wl8z$t<3-e+K%ohm(-yY1M#-+sAyQsZ)<hB8wq~E&I
z@Cyw~CcDwKH~GQeR{dt$5Oaicfx&go49J$%Isg#-Y}M79sc4y6!;YyP;A7aIqg+cQ
zDl??-Td}?Pl1BS56zqPtf8PD)jzi0w$4SRx`_coM*u~_DgE$Qim&k!Aey@2t#%Spo
zIR_V1ATjg7v0`fY2BQU_F6(uig!C4lR<UtBXD=Hjfnm#+wNFl3IY;JSY(0I&Zo}U(
z@<StQ32?RecC%{lqGExP%LEMjRARp^JHKu7P|+Rm!bQaV!*RpduSWgf*AP}dbb|^+
z36PMwm;Jh4|BJ}{VCC|j&WdRE_bA`E9QPjdMb?DI;iLehp+1Y;hi^oC&ViD2-nY`d
z_&3M-u5P7(#k)!?7FxV7VP=SO{tl=g-z9HFHalXbd_67nGh2OD3d6yL!K!LP{w96(
z2kRXPbs{!$8<evFS6wjE%0(mBYS0>|PsNpwyEau~+2~8gcG-+X0m1JmH(10<PcMN-
z9<V19jv10Y>8o#^apJPv5E)smK2oQ;s?OD$dh&Ko#~;yj`QyiNvbIv}rQIrLgV{VI
zckQvhmy}zMtF7idM&eX()Uir}N*Ez4QW7TS_=#U|sg`avDVxdA7D$Fx0(E8aUFm8A
zRKEW~_BAZsEwR2rKat5hSFi{fv8(b2-OoJB#<y4Vn<?RGhS{F2r_W(G*~J(dVaJzo
zRQW)kf@nJ(=E(yqp}33UP6C(pJeD6y<s6FE#g#emYH^u*1&s#g_r`a}P;EvEGxKMv
ze;Ak51uyG|?L|6T)YoEz)^3n8M-w(TA-Q<!f{==6l1nDl$LUR7BK<>5M%ly|p6zWc
zOv;TYJbXxUd}dqa`VIL5R>U?h4O3g>#e;FhUFRi$D|KpC^VbIN*H?+VM0&Q>?$VS8
zdY_Frwf&&eP3Hh7e~t~o{y4|+A?lR^Ilf_BmF8PpZEL<u6Cc*Q%*68C?)Lo}<0Y7v
z)a43qpooOCW5Kqt9zj*?<a_Uta<(8+rA?k2oRS51ArQU0Ri0j6B!<0iho)ijfu%$4
zY2@dx!6rW~+ufp=wk8RB^!>*-OZQ1IAO-y1KqDr8qu+XA<D#|Aj2uC*YI$n5BXM})
zssE4^$ccB2jAyc?Kns^ZuVTKaUYV8Q!TwzPI|Qp;9^p+_Fus+5<I~M^u%G>YWk8#J
z`_5N`Z$<$#o9y16kv*=?>wDzQ9hSsdf|oxX9_E6ztWUZey~R!A#&t}EyX|2aHnHpv
zQO<AnaYGC82i4Iw23|%=6Vrr;KNhxfhm>Vu(~&Z~Evr>dFTJy+KS77~nZs>s|IgdD
z|19!JB6vg2LBrg>cPL&aim}ma>B2;0Y%gSGh<B>H;T1g->7Fpjpd&<NcjaCP!?Uhv
z$}1{kwC)OaJBb4!{>LR<C6`?uh0>`O+*hwv&a2lA36jz-y$J&KsrkSowYqwIXOP9E
zlc$MKotHcs=0cAYqe?nmr}`=KizV}i`*MXt^Lp&i=i6*93cE(}FIBb7%(x?4m?Lsm
z>q)?ufT>9#+J_g+kinnRWr5A~7EILDx9f{Zv~|G<C6pe>KR*AlW6}b^ld`=yLS#nS
zGF1XFvPaTN4?+@q+B2k#LQWnfzI5r!Y1o-{RZj~r4o}PKOm6(H1)%hMBJ=y0C{rE&
z{O|v88-dsVmgM`Eoz3NSrv3+O@c4%JEgb|-K#7mmKYsY|*U8c@T&{eQ$@nec>eZ_W
z)JjQstq!tGm`<(|V>Q*bJ4_bS?cPJa`RUl%>}%PfdBQ$);P5(;c>z55ug^oTkV*FW
zt19oc)22+sFk1u4?JV%u?En2=lfWKuf#9sHB?nE4?C<}4qXX*!JI6LlMg})tJU6dT
z%B@2OG8Rf-=vmJG+q0OF*)*y$te>(tOAIS`Lb;U<o`vzhf0n;^Pw?G;_MZQvCl3*P
zuozI791?P3?pRizx%x52H`I=c#(j6s3@HCS9e=Xy{+<rvzjw#qyW{U*CHy~%z<-||
ze;?)llO*Ktqx`>INPi#Ye;?)le@%4fw<BJ$osxUusPI*H<`rTsG;73Xg0o<7357@k
zm>)wOr3I2hr0E3d@7Egcd$P6G(RKGrv`AY!NN;|jFvuB_l^i6OChvENV|zID?hN?*
z8;SefMZeuT5se?;PC{3$!%J5>+0J(Gf!^`cW2I=s)!R;bu1A^k{I>Cy-iEte!>L^0
z<|yT(R?G-)j+Yb&*rEVaaQXc>!MWro4Cikx7>X6p9|@ph907VV2_s{rmikLyCABKQ
zMDu8mfS#+7?{U{gmj{d1htsKpj{f@5h|e#)lg`8Q4N6)K*PBbwdnQYxSP9Vz(tc}u
z(8G%GOCpiWj+f09K?TgI*#<i&E}R@O4U<@oAh9Y-H0{^4UiPK)HY}MNSXwLms+up~
zvlu?XnY;TFoqw_)vkz;>T={jKBTr{2<9t#9T=_=#HkTOXt?p?&>_`x^I@sSOz8v#T
z?05(?1V5;c5?Jo!%_tHfR1Yj-s`j=ma0TvLFJ+^?XeWLCf?rv8&Lh1n?XWhW9?CVC
z*u|+jdV4EDQ6XU66rSA|Pt4Dr-CumiDI-e6jS;;Ke=(81{qf9V7s2lN!0X@V>wYY?
z^v;JWK!{qRZcmgLXa_Z5^(5(0zy&OU&ndVO>6ckKz7w@}VidJ<xEg*?2*hNr$0-W_
zb}PPoX=0r9TM1GWIhEx;qAOSv#jfx2GMbl7u^xFaZ#a4<aCM%;08{s(R?yLg6P+Lo
zS7}^r$RmgEy%=d1+=sO|4TCHDFIcBEI@O>*j~T}o?r|HD%1NeQtR;+AC1YP-IQEu=
z@*HaYL1@=Cm0vgJDe|4|0POqQR^Ho+&K0W$Ud~A7?rTJb6i6&dxE;)UOwbiG6^?%U
zeG;rmhh3tq`w-4@={w=gb5VZinhX*tQ-E7sVqjS)w3)mqYCVQ@>Xp<v{nBx%ze3oe
zAC)@Of(TM$Xt)L4&tHMpr2AGP(>>Ehur?{icU>WpCmGwx8oiF4IW5`m!n4Pl_0<VN
zs-g(;gI4!{zqZr&L<<}0<T1JT+?el1)9SQ0*JDgT9sO}T!d!zrRpAhodHDhfi)M9|
zDWA#<MOP=?|2h!tHladSO&5{R?75M&Z5!+qcaJdC^+amXpB?T-*i*?=^g%>FWoHcj
z7g$Ub37Sl?{th!s@^*KL5p`!G9Nkf$E<Lbu22?vHBv;F|Llj8%A=6P;&3SK>T4+-3
zd?#9W;2Z9SAXyp@Cb~9$b<Ax9t<hn?lN?M?wl7{&Xkvh^J=dO(o8a_+K=$>+vFM59
zJ@wylhSTMkX9)S=a|It&@qI$~MW3`IX!&$dnn9`X;}%w~B8Q74k$mTe{1~NRt-Y^%
z=Yux!;RqeFXl_h_^J-M0liOCBH1t*~9!Iwx4G_aTWzkRR0FG5!0wRJo=8fak!2y>w
z%0;{4;LRY0oOqc<e}5-Z3;1u}JxvL|J8vfZ^f+!UYq_^;JEZo4z$xwr6V^$!sqTaJ
z&K-p7i{UPD&yB>4LlJL`{34w-F*Nk$!)V7B#+KH<V`XzXxq34qmP06~Au}#f_pRr_
zF+(rNp8xz@mkX~RY6q%LE5I`37&ga+;n%tkfw8TU&M1zNs$lH;E6OT3+eCi<<qw`u
ztDKX{by<)*+G?7W6DF-%qS5UQEiE?Ej0b9(UgrGN*|WpAC5@q-QiJ9*0J}2P|6~fV
ztHgh7g!6(%H6yLt3A^!;hc8X2jP%fSS(|F|-9)+k8dS34(-GUgSoT`VnK{%oE4yu(
z^4#`wl76xbMC)@JwsT1DaY+~8HnEsyFy}7}?{*RR%0N=5%0K9X2PK-tujZ*1p%dVL
zG-9@ftvh)D_fs=CdgulD<?&-8$&$>6Fkcuk3jYB~8Z9Hzy64nfyQ<Lfv^SC|^xL_J
zBF02QBpzF&^^LW2{|?L~JUa<z8jA2T-}W{lhT%o6s}#Wth30}PBm~~6Z3)A7*sQAG
z954IoL5&{4em_LLo*yN^Z;u`O)+I=T1hxU9L!p@$BR+gVNQ<9Cww#6?ScpU|SX|9n
zdovMS7$|qqW#Ph8SS7YrXn51)_lXMwt`lwyjm>26<F-1k8i$j!LX4{ZK)B#y#?|yV
zlfthqm{{<Dt8Z<~&46jG+oG#@kKIMtLK<uIcA82#kiQ%L>)d)p&Dtpc2y5_mwe{M7
zr1s$eTsg{G*-}Cb1L3cu#@ykIB-vesiT&{9rH`6P(q^5{8yR3Ru9@c;xa(9el)5l3
z9BCSg`aQ0`y1?3)tJ^)%|8})5QU5(XbfUcwU|S`@hkLX?dmc*XL#H2X9z;ZgRC^~P
zKv+|(QY+18XceWso_!}MzvFfIYhc_IAhmJ>pn!8w-I4-csBwSVzsWIop!)+T?jCo1
z>Iy%6;ap;m`HQPZ@uy*238gvr>=(&6xNOGaaJ}I!Yr#tzr4#a(OeSw?a3zie7m*$V
z<9O5<R`ug(P+u8%*m`IcT%T%kW2UkToiK?oMa&%{whzfqA@B3{g5vdpFM?Cm(CG`M
zBJ%En{BYBKa(LyJMMZ5e!?@z#(c&v8-||frh7pE!sdD?aYlq0@XOcsRxbO7ajk>mZ
zs=+5zwvDQe@Iu4T=!tZ`yq!?62UoiOu@WPwr~3KKY%IQSPjm=$o`7<QFXz}?3JgE#
zD888Bl$Zh!nzin;VwXk?GxTY)$^#W$?|&K@VR+7ejtm)Gul06*(2=^fZjY?{)9JkV
zKha;6G2Mx}8~qSm{_KyHQ~+1>HDGt4M-9$Y9OAzBiHKpb6eYZ1BtX_41J54~i<wB*
zFKAhT9=zlK@xc$D+I+<eJoV^1`O%vI)&568N&dv{pKS{tx?z8FM`AKCFX`g>{b)rM
zOn3EzUI7R2v){qbs@JLZlUqQQkWD>?UWU514;}oSl+b{EhyisgKKjLbr`Z68kH|vm
z1cyXTq`%T@w1htV4Se_!rk(-Dv}Rl#cDzCXbG4<Y&HmSHf#2h&HNQs#&DNXcSBU5J
z3Luj(%LV{#k0=N0VsBGc=B2^7H>KkmWs_bWM|}`GUk#!4+5Z)q1*oomF@VSOl=pmc
z;0TNRa-8N0)DK)kz^mq(X{4MB+XVV^4nQoXEb9D#i?5PdO*123IQwC;_k$9A9h}=~
zy!mxAdf~kd<}+^nn>u>h$Y8egIbL-;@w2=jv=Hy~gZUxQk^xseL$LlDe$N}}uBa{e
zmiy7OvrC|~aX{O!$<Ve*GY9;vPI^JWL!Nf$>w<tN0VP$ZRG~bmFnq{1;GJ0NEc$*y
z*YbXApr8#`?e3M$X0QD=_Ysou%2cl;Mqr{223gfP|E+n+B^TxAHDC;>I{%n}w4$%7
zG4&z5fRyI#Kf&2MAp-64FHcUfxh$;kuM*x?pp7)gV5=K%y({~HRqmEzA#$TaqUtfc
z@>9+9_`Yqf1WvWAchx>s;wXe|Eud+&bNitz0`c3yept%@$79aG9WG%Xghn(F@q~Uu
zb{DM8>O@}zQ%RA;*39E%mFx+Vj%6M+!DGI_sy~FsO8?w<Bw;xn9V;QS;lvj8Nz{i9
z6njtz2|$J@0>y$q$Pi%Cn2+8`znrS_n2KPeY*y1?Ys+|;!M}udKy?g0aC*z3(*^re
zw?Ur-R;ajpY%V3yv{FJ>232Y~eDLY*SeW@|cc^HDxZ&jwrSw%`YaJ%z3eaLRe%npD
z#_LaikHKPxprW$Q92Pu$7`Vt9X~0P3E(eZP)DEw9*<&?8(Ybnb355n{6FdC)F5w7N
z6#56F<yRp{b;tra0@w;@?}IsSNH20F7G{J#DTX?A=wX{7wPLfx88HAJZ8ooFPuI%9
zp%)Jn)*PJ2tHs~V`6lrH#EE*ZiwcxQky=&E=p0tyfkUCA)nMVfQQ%`9W$FIe{p+<b
z2hjXr;W@0~gNWhNeQGLE`O|U?IoSSAv@;QOL2RzHRo=j8#Y*Djp(Ku5Rd$T>TR4(*
zq|(viz<t-RCpJcy$-cJesfMj0b4{v*O;Ux`_UO}!=U>oa%g<$1V{`2hMy_Qe!Z1zu
zsaFykA9k%en~Fw82DL{GvqdXR$}DXN_-yx)L}!`eQ4z|33^6fdll9raQP*)~L#}>p
z-%8N{lQZfO<!BwQ!~WXGfe~z#NJSFdF}&)MJ_2a|oo6k=J>L!!l^JS(cTL!Po|0}9
zZZvJuBS&2|ZZPn3Rv>?{VWrr{tp-+I(>82Wt2@@*gcx72LOObmq3JaT>zLgpJ`X>7
zQmOCQDTf~FA|2WG^3c8Rx4*?_RGvL7%2;F|?KzoiHT}_YcLgI8$Xxh^d9#>#y*sA1
za=;Le!_^0_4_CPM&wlvs5&qr7!s%{D5||8K6U*GKVaFfMM9^(<V{N8?+we4UBN2%|
z38HFADL7EhLz`|$5s8GlNSayPbM(v5bt@lnNe2rY&R^+S?X)w(@Kf7VK>qQZb3Hj1
zsxCO+e?XBHUxp4g+V^>P&2*Wr)LX4SzSCp22))rWzN$KG2-@Z8AW5)y%;FNLuat0z
z5bTVK>~!GM$!Wn=O!&Ym25Pp1hc^dTiRx5qn+91A_t_v37Jl1Hiwe%-{pGX!z*=~#
z9Ce%dsIUI0V(sS~v(RXN%8wP)3B^gnCK>eomt1eJ<CAji#>*X+JzrTD4@?cBA7`*c
zjN=FMSKB+(gqm9EU*!b*Q77$Ub9d!viW3M0&HC-}=GLBsq>=a%eeBSHwBx6DBDt~S
zUhOgmHJPIWGI(99Z_yXZ+}fWy4{EMD<;%F)9`vPsR2WRGD$M7po|_(!Aa~rKp=9++
zV2qOysKuef4XxilSZMbyt8z!5mYA_bxvI#Xg`aFCdhcA5Ub1W1CR%<?rtJG`PYQ%G
zE0Vu8%%$~`@slUllfv{YmmO#36vo~y1>fWAR<Lfsk5QgNZj3qHl!DSm=<xZKHeODr
zo_h55bjK>NI)1iY-YnGt4K5m@wBVC_G-cX>5%g;AI05u`Exae}e?2WwIQl41iicXc
z21p$A4KJ*qUJg{FS4Tm^kd`&OVsnf1%&T{w4+3QjmOw^2URu`{FKjVlpM;Zi#&2Rh
z@6G|@yS6gmb36tS%0v>P2!L((3d*QvxSA$rUU3OHSmSWji^PMMM?JT#Z5azwucMxw
z79)}ubRMr7Ox&m=v|D#3iMD$lgf!3A`Ja9Aj<kqfx8HgsmXyYe(RF#K3pd(a>ryoG
z9rg$_WnousvSftCt9-a(X+ABtoKbk~bZaDx=7WJt{{<`abFqF&wkG3~GnTCLf-dA`
zF*Rtzs=?MsZu_U|nKBN2t7!Wqd~I3(s-}>O*hPuTIm`Uv?6D-KO?ySBw6@|*;qCe5
zS1g2m-LdM{>h%!LO(&Bv=-}nHKt}KG1y@`9Ab!>xZsmhOZU2wkRztM(tECAOAkk-s
zfbWg&FUfn=z>t`m+goKx(c_7t)_G9()CdNH+&=)lUWxvk;ZPHh9k4(bLz}?dGuL02
z`>|<yOc~*<3iDZW?d<2mm^ZPY>7vXX=&Ne2u1^KSoB)rfXVG#X&u|Hd?{-R%+ksw#
z5?3jvY(F7ggS9B6pyC`7;}5fgv?{PT0v5(<lkt8J?Pg>$4$kzp(uah@;2tFhMMO<=
zkbj@2^O}m-|1NX&jGaTXSrW1?cl^iB;`iX9Yh+T_a1>$0Y<#+w-?-E?X81E403ld_
zfXz(b9q`58++r0AElTJZG}7qo;4WS+-P|=~Mk-BUU)x(d4U9%q!#V`*&VJ(>ca9j|
zyz^MG+wZ037#prrw?n#^g{(w>Iz5UVXkL&T)OZf6Y_k&jcJ#W)^G6$`Byfu{-uoq7
z!eMXYlrUP^R24AOS?PqmN$>HM8n;%ghYU6;?wa}F=^Lc|;T+<G@l_k${Z6UPW+>=`
zBh93GYp=k_2jRu-TtE#Hk#~9k#Ncsh6$fYFu>Cj4^Z4S5g}{kx9Cvs7^7A?xPD;H3
zQoPoq;a(f5$bEm9$5{2jrniyx#idNOxT~CmOgh$zwJ_&|Wk6)v-yh5O_H^{R6+9xg
zkI5JaPum5mvkP$Sn}Sobk?r5JZE~bt2Fq<zCHCfZEBW&GAJnu<jJp=%FoB(y%V62y
zh5q$e0+Z0jXY@HcYEuPOXwuez-pts)!uUA$W^qLe10SpF_D@~^v^XXb_Q_W@$T`-n
z)_yN~oL&I2`0CD&XJZ^E;7^hWJ9T%;wq6$GAK#Tmg~%743^Cw%>pI#xuosA3f|J5b
z_lMQ3HoiKl<04Yw9BgX{?G6JiYQ!ZPBoiX>xPCo<#Ylm1YE(Y&LR;7%!!^QIet3KM
za)p$IeO8x(^%<NrbQ&~zg~klZ)TzepeXRk9fl#Y==3?cT;0ZViMn%e8Ts!teYg7~D
zd9+XON7=S=5+ZX;u$BAC+8VA1+>gM6KJ!w;6(Brq&y}>_fkYpRC1trk2h_5b)x(*(
z>_#2EFUv8G#<2ipTEb<<p7AP3y4ba+3^^k(7=L9BwNy86*@jH&_CPFrsW}aWmrLQY
zS#@pnt3$OlO3UG11w)2AD>C5{Jdf_%4`V}j_qh5M!iOGJ;+9ES-^p-f*hz0OKb}-R
zk8IK7FT507({cw!m$<IGnSXX+^MM;ZvZYIKvWtK6zO?t(>4Y2;c0{M=rpR{icuuRe
zCWnjIdi1f8G4~FZrFDx3NdqC9adbX}1VUGHm8*TmtRidmZm-Po@M!xeC^h=#I<sk-
z53bs_XcrhrwnYB8h(U?)$!q%q&Km}h_;+Uwg~JoLS6?=Kp#~d6$bKg@ipZyEr4Ojt
zZTEIIO~PmH7vy_w@}Xn$CB<cyy0nwTw@Ok#qtxmMqSoV4PiZdN?{SO>w&YV^w(eZJ
z(E%1wk?*;Z%}jDVcQ5>&rdiEnDaF0R97vY!tdg+H?o?d3y<O~uiWYJHLY6icgtxS<
z^>$-(N9ViNxIonRTe*T>NA+FzLxC#X{<2IWF|51Bu)G_6Ww75!d^hV(6(EUPZh{QF
z0l$NIY_tpZ=hQJ;nXhYk!=ctlOZVODhlvArGg=Q|4X@i@{R;+m{^Q0C$rI4)=eWjR
zVRf0P+m+Lic+ffXMpe)jVYt<>r~Ar5M%txfqg!><0&cH%fB_~<9s6p^mAQ^GOxa!r
zJ_yhPm4X7aQrnM0<3pji-%{06(7Wk5-F<D;vbn;#W8~cFIqYqs<euO;bi=Ak@Y;G|
zLcx4DYks%-;x=q&=Ymzoa)G>g=e~?+g^YmV+$DF6-5n<p&IfGw1!=NEoLy}ibe#9y
z^BD6VY&4UDn;z$0a84uhDP;63>lMJEN-XUf{;k?;=dKYq!~oOzFg3Rif^(ER@LZ1{
z_XMWAiwF4e+Q{+P3hC((>Z)+h<>?wTFHayJR}Mfq)8q!rL1SbaHl7;pwN;c<MTea5
zcU7-p*#O4&m1e^_&VT{DCj-nJM~BC@oSc_(%VystxXuO^<qKD*_RXgEk;7F|O`8wj
zpOZWda8Vg96~?|c&>%c1J%V0&OgT~dm?E5LcPxC>ZXD@g(l$F8$>S9o-O7UWQ$!~0
z)W}re288piduWPKq!1fD9ff$<I|>AoXI5(LLDZD`ovp>0%g$DR`Tw-{<?&FqZU2!%
zQrf6w3DI&hsif>JLJGG^c5Nau$})D7QYxV+lbu9m-^L6xMk)KgP7H>~HfF|>8H^e4
zIaBT@_wRY1-}C%F@8|vf!yog}Cv#obd7j649LITlzu)6ZwwiDOeGu(}zvA}8`2!uX
zz9XmX+D;+ZDi^=L)$cIUp~uSVqYlGpZ@?0XQf3DXt5DOQYM*X9(2Zk+W=^}d{n-cu
z8rPH#eMd~RQimwibS!=%P_Bc(>f<GPG=f<eqhCOum<TWX<KS9OiN}8(7+0W9cA!nl
zEj!l*N7@}7b*J&$nx)kS)4niRVX_Ir*`LNgry}2vw_PjmIoJ2j*-g27p%2F6%)<2a
zxQ2b*m%TWSrx!ykkI;h7n7uX?-Wyr_4uWlGj&(7n2p<;hT6iJ)dD7N-dOLUQusGP2
zfNX0d7<q<H>pV57N73<d1(Qxip>kRin;Q#_8o_2($^EOU!rsil+f6T2DC4Txn!5%G
z6?!+M7^F_eP)>xSC;~J%Hnzb`xSH8R^^b@%@g6s_BnEB6R*|k!x^v-QQhHia@EDK`
z^f<Rn6}Ov0Fyn{lX_re>hz1RHZuLr~uzkDE4<_iIohDa);qVMsaVxF?`EKt_WF=Zo
zEKd?X=8;j?kTcy(Zp=xxihmVnKL6!<Wy7%_O+(}7bgA<Xpy5O~>xF8OGR|R~SyvHM
zSfqT@?p%1SBoD-{gsz3Egyv5TPe+VjY_zE{n9G1T`_G6|iVP(L-UIt<=#a5<3a<qz
z>5bqmwOzYMZDjo>4%O_0jFz4a4tw60g0^}o&n~xo`CIC_JE<J3=V6bJT=jNw^FUTG
z5I^}WH(B>>J&16zmPFS^btq^vSz{xdS5c#ko19rFTx{&fw20$53gqZ|)>Aszs<;aV
zb9VH(M)>Y*3D-KuxWMBsXU8U7>Xq=vj<0TUjd#6hy`eHKtO30CLnAuw%zPa-ZkN||
zM8ZN<eY`pi|0<{P5cJ&<qOBU7_Jn;bKRCw&W{%eB8p@d17eYTiY<VY`F(c7&^nBBT
zS8F%1#Qrj!dBEiOaruJSyCY@!8}5R0+Z2p_4rJ7n*Txh^Dcd=~&Llq|*<4@O__{5)
z?|W@R9ZpK=`naEQy0pO!tz2Qe`uEwA9ve;n+W}Web?2tORy%v2gYFsNdw`g@*gW-m
z7r%5Esg@NMMG95Boy3@@o1g_nQKLZ&{{(iWZ=UsrG_V1{FOPewvp_k+iOm=N1({WB
zC^^^v{@KC0=X0;LzO%*Zs^d9w$D>d-3*QhFE2>J0#*AIu%w3RfmS+0Hfi|les07Lk
z;oc8@YA(dbCR|&<m*OhoKoOlXmJYw<EV>o~I$_%gPwX-!(!3gd;=xN&;BLU-pe&FM
zuP`HTvN6+*i^e!IXigwaFL)<LDa#$})2`SrK%2jyFX7Rh3r=YbnN&=jC=bMTEZ>>4
zWe>3@`O7!vB05{uv((EyG93<2z>Im&iv(i|i{vDVKZ?1}hI-wT494QVx8-VEC(N{s
zzeilJ2=#s;=v?en!tfFn?=HESuPQ09-g-7er~Sc><6YnDsW=56i5Y~iL<yfYi)<r7
zf|(yvr&8l@CoE3dcoa$JJ->ELl{uxViIvH&g<o3(3EFjJyqB?&(MCV)J)lBQ0FqDG
z_NaKV6Gw<*Sm)0dc0T+R+`X|hYY$z=*&Go=bf=%<obmGyPnU=NamAOEpp2%+Ut;~K
z$f=!Wx1T5x0>zX3rQ!*j#*1(Z^E4~4e-SZr+1$$DSidLziD4{wL58TRU~&QI=Mgrj
z=`YF;9Zc6@NeN8Wm^~ZZycXiJD5qIeCI%Xco+qb>TMxFi1JeAvp8IPAy4FJS>OnX4
z=a~@K8-9vJ*M_;5;2kr$Gqz<K48NGZ6ymq>jhsT_?SPjLM2@R`XCGgK)@H`u2#E|{
zoHn4xN%WdIZ}zuMwZ5o4n64|qT*ymRGV<Pp-9>+@O(}2eH6uHXQ&8}n7OU_ziY`yK
zVRec9_>e&yt_uHnu&73x7lQ11&gfI6xiZwfZwqRbWR^lGHmrsOkQ?K=5N9#6p8byz
zE!Mt%Ull*;OFYMPJ_HfoiH#+&V~F<p3-gjV+gf2|I7?T9O(;I$|D}5LT`7^dFkJfH
z5Vgx{Dpk2;pMYM40hbkA60_SzE<AfS*1bcn%mwzP?kXq<7}l1`y3O_*HX16*zw_}g
zKVaS4MgfVp8`Xz+tF!sgBH1Jxx)A<K+Ol`zk@6Ap;a%w(-^x9_fqtt<q-3OgX4NRF
zw4{RlVgy#dan^-ss`09?`#80~w_9|Ndrn5&Epw#bF=UV)&PZQ+i*q8_bdQZc4mY&%
z)GrjTK0_?<m)EJmDp};;=)XTYCsoYi;<wDQp<TgEP$K0wGF<$D>SuHO-BD0CEcE~K
z%uNc8_FdFt6g{9tSx_xbJ|#gtC2ewG*I@;rma;ps*u}Tw_K7;7*3H2i^*yB=2i5v>
zr%8=g6_R%Q=DXk-ckot=_ZVeSVYP;0%mJI;fg3)4FQkJ)y*j0oJ!oy-5-n%CzwebY
zQ@uH774zd}O1B)_@{FxL{kryj(oaZK?Fj)(KwctsYp+kAIN>`zR8J`+KpTZW^n9*=
zt@t^5J~i4`aD+ynR{7tBx?{%k^b5J?O<%XR*~hAGF4INlc}`w?ciBL~uJx@%R++Dy
zU{xRI5Wio}=wV-ZazngQIT?eGRkI%*x>(6B&l0?XMky5*puAx{fA>YQJI(aS0V1)!
z^Fz*_*}Vf&cKf20ozobtf~08fH_!?xzq<PPMt1ECL+$CVPxZT{KT);`;^&q0s$k1~
zM0lSC*#uxIs=vTrz`zb~*a_)~H6~?(nz^(3D2H7x=@+nn4FteWWrsjL9HcDI@K&WX
z02n|<H_(&8X`Iatf5^^2FAh8wam@O#4Ip^?hAK=rSyKBpNzV_IZpA6ZfThC9UQk4L
z74kbW|J?We1(EdB=o>bQ1b@|@M~q1Tk9-sLK=Oi2NYr8p1m8Y&qT73qAT(r7yu0Xo
z6bFd-3d*pB0_|gb=jQutU$Rk<|3^FljOTwJPmpBq=lvzt7_kGN^ikJd5J&(gi~H9&
znbyQLj8SIjD$Ya?w|6mh0qCS0T+DU_aewJR{^eY8KpS`K%$_iSHu>bgw-^DpjRLp*
zB~1eo2NLqgdr(zB5oZ=J!m0Kh04RjXp|*4>E%qV*l2@ki4!KYIn~;wQ>@UCix8btR
zO_0vO5I}ElH32+~RA*g{whzIVE}Xag7viFSjRpP6irT%9Fiqq82ul4MXcDkSyMG`r
zzCtK#y$2T8al9T-ubUimEL`;|n0ykc0?a34(m3w2BVBrr=V<RAW5OWBz;6B{@&mnu
zx4fVO!2gWwB8MMxxF=^n@<KojtTu9C_)9CIC`f{(pML(m^z&zI_DchELIc`WaBD8i
zSG{6U=5STj>K$UXA&9CkDKNtc<Nb>?RXkS>O+J<l(6H;d!LGFkhzFt2$u(G59u#m5
zkft95AAbZ1Sr0pXXH#;3hLd;DZ1Tv@%AP$y*a23$pwNx=%2)j^jY2adx;y+&iEB%8
z1<bj=LmT3#icp|en)7j&C_a}uqX*P&jZR=!e-t=WCd6kgm1yu*A8akZf0#>_IkLv7
ztDqV*z%_u<#yf=%Ah|Yu&AIx(qQn~+bKEtR0A8rR>>2t_i4;ZlX@`2x4bFL>MWLN-
zzn);V_~F(#mj&^;W`!x8mg*hsk~KG^-2N26^UqjhTn9HU`3Iig3&ev^au*Ux=`LdH
zd2={}FQNC6#C<1Dpssx42GMMR%gaPfke%Xi@pK8y((g}+H}OIctU;*9=r%`!b5$~*
zjO0X1vM?H<G5qIDUwJ}vkhJyAi0fvi$O_@>D3x2u0GFczuj1{jk|fTA)WbNG0(My{
zX50~5W#ea(Wf_$}<(>@7&T`NkD!nPwcny$IYT;g&89Nlcf8JU}giS0EH^N!VQ~g+2
zml8&w9m1oROMcT{y}k!>@-Phbs2rRsYa@c_v&~zx7FbqGaJC@^Sk@M|cbI0br%3kZ
z=HSW|Td76E;wXQncc^!+^~Kf3(>fTyx~e3j2SR^iQ@F`;*c2?G-I{p~wR6PcS|$aq
z?AF1RDYW-Q-;=O7awvR8VP?jvEPLmxgRw2J<Ha%-1A7Rnpjdiz&7U6UCN{r9F&e-z
zVde@jY7Xesdr)o6w!iElv={5e+MUI#b)~1+9SYb@bBFuw5nQj0;<-6n9?w1HZ{$Dd
zmk3A}yJlP}hD~nHWMQta=6NGfCGnWJSlBbBgV7!N76yy*)nTvl4-v~Js=()OB6cA+
z7^yfVqd3s#=AAWN5-t}5E%|ItMmZ2SoDwnntkW^of1iWbeY~+{;#06?kWPu^9Es75
zQn;RpsHS<pFPrw82^L1%X?T56>$06%1Bq>azb?D;&2<^iefvdjsRA>?uup?aOc;JK
z=1Gik#Kw`lRR`X^-taKZ)uQ)ejqlk+SrOs3%!Y17V@`^Ej2lp+{MmZh13H>mmk`W&
zjr(2L*=)Y8LY~cshl@lsT(623vxx_AO%1a!*d`4?VVaOiYmx;OmGhCmDk>cC(blJY
zqDsW;BKK>v{G08qG%_kN{OP^LhWUyRQBpwgvk+-3<EY&g0qkKKrQXBJ{m{&-%F>+r
zo)jeRqPbYlq^K^=t+G+w?|T2MN1=U|YxY9SRgb}lAq;r+`d~ot!lsMD?XQw87aDIQ
zhxcjUHXX1%XcrGyg<kDkPnFb`YTvo*Q)C@+Rn438`V<gj>#9x`yR?Nbqy!4E7ZKbW
z?L8qy<@KADqWVnDP)wX$5Q__3^dOSN{dEC2fnDBx>*@EUgL<H<jdeuKoU~Qh;T`7-
zfhbvTJ8)Yf&Weu#_vlG|+OLuSk{NFA7(8F~i$FM~EHkzCp?)#<RIr)9UL&9cfiqyt
z$2~nCuHE=mA(^E=bP;<5VI668*;)s1yO$3kqTTf#x9_G?I)^%(JYP#+JsX{Uq9=1#
ziJ~*Co{SyXilU3Rb|>*Rz%UvP<9s4s5IO4T!V3k~fiu?>y&kX;+qOlKDg4Y>d%D?x
zTG9?$>0W|h^)Cc^ha<LN%Xh_}+g3>HN)FG0&nYj%y{J8IlbV~cvxF(M^T3*gLY4-e
z&rMort(=R+$!&8l68EgPSnwmBp>2W^>NR+i<Q=i=%l;_z-vH<_U8yg1ROYnVJj#Qf
zFAC-oAJ8D*=W;l7n4gfa3(o@MR1u9U*iwJwTQ>9hp_7ZO+}P$k{E02k0Z7lX7v?wj
zT_ufYRR+nkyqk8Z_-Q0_svi|V&iTO<*|iBAaco#3H!xR$W3FHPW|{v;$-2vIYWuI1
zlss6)%~F43$&lc;9xTM#{7_PSPUv^{4_cILO1ZbusLZiQZ0$i8;-W4c=Y+uQd_M$e
zd`7KBJrTP-J44@g-(P%)hi+Ypi!BY|l|KUt&@G-2nV@d@>{vu5LgtH)1)_L+9uA8b
zO0G9vZ~_8!#=J_eeOmKjJEgP=wQXX1KI#8iq)Tw0s%0}hSR$j*N@f$`R;B}cS^}Hp
zmmbz=6W5}DvrTQzXF><_shZNGsMq&4URua0W3UQKX-={XB`~|R1AxDhJJ(*iz!9->
z_SNqK#d8K+Ox&MaGr9)b`pxLZAJ<*ZFo)31+HrvYk#-p0iRQOfaUHWrH}D@_3TFC5
z*)Xxc)QQ`+G*NdSIO_YzViQ+c<fPnFCF=_1G#3FjdY&C&<G(Z;;00lacP-fq8$Z)Z
z)Vn8b9er#qWdq;^TmXW`pS*ydWTW!%zlkVcLO$+<d~ZBaw@C>5rA@vG1@?;qI2Qa;
zoBvJF*dnyuDz8n@_SB9YI~sUp>;l$7I`GI0b96{I<!wmsBSwh`fd5NI1HIb-8Ht^m
zaTvs=kJ^@2?5D|H<N=fZD(dm!4fhepvL5;X$I$-bKmO~#IuiU%Ncmj=IQ2PKAy*zA
zh@!i|k4zw>6j(~~O`rblS&s04N^OYOW2JTX5vF--80=>W`H!FFzZ)mG_CFct|J0NJ
z)Vv$9Sv_3s4#?C1!RjCt_gsgxC#03-!2T1nTUie7mEEzjJJ^Tt{|~!k-wB%Ts#SY-
z>YYAuk=?9g#c}=H5pczEtvIfgu)dOIE!8@6Wmb~jm8AFIJ3Xz$j+NN45<6C6$4czr
zSt*$Ohn2Vgsn`*mF_{On@#uXQQcZjQT;3*4Xs_NCfFn{KrPNx|a_iYBYw~-bQA^(O
ze`z8H*f>9OfzF-Xhtd3>U9~m!JO#X)p_ZmGD69Ygm|HvFP$K*G?02Te0mypn6DR{~
zc$#5gaXzyU_+1RSSU)np0acv5)Zy+Y5+P|6{?X5o>T%$5_xHiQh&2L3L&=~!Z@8><
z3zXkl>XR^shM);bvVgj{dSiwM5ZKqUc*SAC!ej?`o#j35w7@F}wjH3jIpQ_?Ko^5=
zL-jEcVfXt|-c~;@u(*%V&C$lNE0AHJ0_i)EclGlr3V>Z|aD>aQyyEEWb}^-8#oko`
z;XF`uzbs%5euj2r?3fE%|KPW4Z5cHQ+FP7$5*FkxfxX>}EmxoItH=l*C!N8NYw#gQ
zWa%7M^ipvaT#SN&Fru4lFnJ}5<)C>$C1@O=BmoG}1?G~dOFf#eCdKJwbSP-9x0#40
zsRsgR@NRnL=i+V}!1?rH$`+O$X9}w*)+UJMRaP#Z`9CCs$DlR1BuT`JHPci1LV8y=
zKa%Yy-|@^G!_|9+F<_RJpm_YmxqC*u3_$bf_JONCK?-@yM}jfzb`R58fcGtj`n*9P
z6Z*H*m+yyOU#|}yjiH#wQJseBMgbC>o8NTy*A49d`x~eOBD$lFBNcv76N23}SN0)A
z{*uG5MgQ5dLJQ6_xU~h<?c&3#5B$UK?(}eDW;RJGKyQ0=AnJ27GL3O`K%GLkD`o=#
z0o+}@58vvSCT#9UefG4J-|g;MBbGE#ES8N#J7)Lv094%E-B65E1^??q^8QC4ZDY5g
zovcD_W`)bYSIx)0&l*>-Bx+MExSn2$DC|#(I0_m={}Pv@?Es1>27m*AI}9qC-SDW5
z%<Nn&YN(G_ss)|-rOHGE5IdLfjGq$86Iv$`sw`}olWD1<z{S`Y6?cci_mqs(J3!^g
z?OScN8T(R=s{?50TW*P#SZ&AZO0bQ%3?WGA56Y*C+KQOn_Go@%H6?vzihGgWBY4SX
zz;BPGByAw(x!<zJbrHGcZjQ*LKis0?9zyDgr@?}j**Lu8fuu|k0Ds_VJ6o^nqM4y5
zBt0BtQ|f;~7^fC1mytIlAV4uMTW&J}y?g)^OgG8Q${v-nSsi`Y&V(iyXx@4`_-$6H
z)LUxp<BVwWTO9sHm^3iRO81i`kFM&ahnge#NiKw92;hT8g%0v<H=EYR`N*W(LoCrv
zA<ycZk@{oH)_4`S6<@apkqNM5MqaYzQCkaJqI``8yc!=oxc-dGm*7C@t6JB3P%shb
zb#(=#L03Unq_;C0l_z!P_m+M9GFH$&P@Gi?9i-}G>SIu$@@Q4sBAlj~y3lCm`uVeK
zKAi97uz=e6n4=-?S2Fk$m%A4p?mYimc4L!@@$}Q89nN=19qO;)1AQ;Bdls>KYSqsr
zXduO(j%05eWn`8`n7C`kayB6)43M1Qv6x=aGQy2FQylLuQ7}vX%xE#edCTbFZg&-Q
zD);YPwoqD$LEKY<tIcY)apqeeNvYU3(?1vX-!X6Zi}^n;nXw_`sEPb~i?<0AxB|N7
z)HWIZtApk(UE@g$ipMwK92d}Yu?c<JuOS|`Yi~6vU{PY0eh)5@Pdw0Bdylwr!KbP;
zXz7FcU|dO3WKKB124g#R(d=`|<f}Iag_?H<<1{-E3z1H^K))lJEoi)6%o#^$IS`0H
zk+;l&AJA&HLOLXqt~N>e%_f%9MKr`UQW?$kOtN1l9-m3;Au*dciarh;4?Zp$CQ6)m
zu<hC7m%XS`2%c3~Ab`S$jaGj5M`w1^5hm`7XiJY4+1rg|G@#Gi^%J1?>NPc`g=Ez-
zCmpWNN<HYHr`(*8c851JCfu`@JI1ti1p<nLiloVdH(m^j^`Z)IUCOV^V2;A#3YrOb
zG~>Zis1f+-YSz!2$L^*pAaf|rsN%>^q{@XYQ|@pZn=m>W+UWQDrqPmA3YaVtV4_Q@
z+27}837J`bqKlsPSK56UIdQli2i2ZX1`{yRMiboeK4UT;?Lk0b`oZNNOrmCx67SoX
z*KtGH7VXRdR&gr~r;cA{(OPEQagT&Sk6J6uAu7qyE7U|j!;zP0jsMJuE8r)%s^Y){
z`wo=(jK~z&w^yVwqH(m<FN@)I_(7EnWU*KwbrAN|P>y`-r#5+MhJT#BBGrEy?UYXN
zkDc=TdS;A;!_f$VPG#m8@2?GX(GIj#7PxQ`%Lz>FvF5apOB)^8py}#KIun`2VDuxQ
zq8b%W%ckLq5Kq^do%4!tq77r1N@X~H2tv85f`3^!F|V_VBaY(a@l2q79}RO&DskIs
zU*KTZ{yDmooXwP+@v}h*ch7{)kxU5ll|`J^D;y0W`y)-NN$>F{g;-Gy2;ieqvs0Wr
z3C@n~=ExaBAU?BjBjFCF6qo^XhT`oU$Fn1|%gr3c{mKC4L=QBdX@-i5FV9hGwvNc6
z?b|!jNcSonq#H2=Z~Jx!LXIGc!EQ7QpU$Fvz2(`Q7I(?{lH(=R+S^EE7czb3O&E+h
z{TB?*@x+O1yf+yXjD1ei&%9L9nrlV?E!zFxku#h=lyf?V5F+AL1?9Ss`QoJ1n@GWg
zZqKkFr=pOhCE!paF8+B1YjjE+)phReP+W$_!u5XlcjPiB^v@tP8AxxsmD8MNr91=e
zGB?a<r<qv%EvVIS$E^iJHgivxUE9-vv`8nrt5WD7grzJFSy6Lafp7z35(fTzh_{EL
zNUSJUD2{6vS)O_%BDl3r1;YqtVP;BR;+bOu>cTq<NYb|}$t<?Ol!$E-R~1y~LORZv
zqTCmG%$<fMhL^je?MDJ8xkF9DJS;>|CItId1E3*A6D0s+k9Ew@6B74m*8upoC(4}}
zXb!}dcO{lNv-i<j?>?PLhxK%n7^agKmi7S?5H?4%J^D-Bx7>b)FKi#k96K}u3qyJv
zYZu;X7ja)^e2Eg=+9#jE2nF65Ai1ezJHf%?n8JQo_b>12lLz{pKb!0-^uhLApE_OP
zgOxMv7<rq)+<7V~@b@)&!uN8U$}<!Z7KZXUXIkl__LiCo76iorDv%aU5<m4rOkYw&
zA-Su-=MP`0xIzI`Kc}_8U)M0w4lp<s3L|%^51m)Jb>VF$@ezr&4ooE8r_6^WJ2LW?
z?CDhD)9rmyyD)b?X?X~Fxu@y;Y=7mkUXY9^Fx^^GTbXk(OT+=K3F9nyQi;cw+iop|
zmz|3J4#kb52pYG-{<<yOCJVNV$bPlQ8_t@_`O(rsh|Y4%xx(MREo$o4g~OBAsUJW3
zv)#~A_}?$tbZerS1dC5?_4o71s$~;r8~soEP>#q<s*a}mDLbVsLJ17TyMHrZ?L<Oi
zaty7fU|TknaJk&ms1mfh?vElLop{{S`(_-LU?TCiRKTC_hg8!@Vc1tPqrXC<3m8}d
zU2nemP0|?@!5s|f$l9P~Lpm)qa`|2h*<VWSQt`MkuxtICwrCMS?fDWb2k5iEx|wmj
z#q0N4%|dU9g!4bV@|a%$M_6_U@ufri)YcsfrwhsDG`&@a_?BDE>VP)^PpIBf1j8E^
zrSPm;;GXtXmJIuxSJH|aL3?k|4qEPw1p-X_D^4@wMriW!3g0zA4~ifB#S)lN?W*Qr
zjrmE-PTpn7+Vf&92zP|_j~B(QiD6-VwjXbz5ufxRjGYH>#&1~mmsi&PIJ9@v)@JC+
zKAJWdC8UnoqxbBi%$Wq{rK`@%A7WR)b}qeV8Ut!R-eQLL`fSyb)@h0#{^Lof$HVF!
zD!*U$9CyI$B;7ik+^05~xvl)x;jxjuf@wr9y;3?}b)WZg8;D*rFLwWj54^rH(kB;8
z-nDAk4oHCRwJl|LeoGMnRY!-1&vGpzMQh^F*J;9!aXy>qW9a4K<)wnwi1GZ^(-I(t
zxPAKp(^?hL8+%ad_ql&<$<3n>VTa?lmTk0*X?!VEaU<#RvX%c~c`qkr`0c9^pfuXt
zx)uJM=ip>W=jvtSGvMMzR3E3Z%(h@X`Ljsefd}2!f!8klew~Lrd=~3+1qaXYKvo~m
zEP)#bDwZgx==}aH+t+iQjQsSv(zFq@%!?eC89^Mpx%u27!%e@tsc0TPGceHB05B$A
z-6Nw0_q0+~A?80Dm;Ah=mNz%gAEWhpmvl}~7`I1V?_RcU?1y@e1>c^!@MYDqq=bE&
z#554YF2x<MSiZy9W2pw4L`GA4z0mKE!&#EF{lG7*+-PO$IC;{FF|6#PrGUQT8CIO?
kKTc39p5cGlGb~C7&gMMO;yxR{3jFA48=THMdFB3p0jft{egFUf

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/signedin.png b/login/apps/login/screenshots/signedin.png
new file mode 100644
index 0000000000000000000000000000000000000000..f96ea1721f08504956ea6d4464e62a31f8de57ed
GIT binary patch
literal 60794
zcmeFZbySpV+cpkJ2_hnmlqgaHf+O7uh_rN<baxM-prU|^f`Gs%B{3k<Fo1x7N_P)2
z(w#%|UE|)q#`gJr`(5k%>$e`(0>)vk`?{|)j`KL<_Mw`JJP8pU5f&B}iNehrx3REr
zZLqL#4hZqVI|%q)6D%yET-)o{)fBE@XI67_wz74w#KOAy@I@Sfn#LSe@UegQbr}Vj
zG;+TfB+ku~ukqBLoEDHd%l!O|OlSlNnJZpjXau3Q$BQ@P`dE6zED>R{@63&!$V%%`
z6ANe}@xtF#IwSoz+FIf_M%~+k+IEl2k6X&Ip1deGccsfcB~@{g^W+BF>f^^oK9{>#
zCm`5(x>y!GyoxPEBqaC`l!j}X@B3pVyes8qb35GMKj!2NkftKVVyBqEg;Mb{OlUl)
z{`!#hHkR5xSxxQjET7QfGZ_j`@X40r$J00%lgIBV$ld+?^1&5>ItbS4MIN1JxL6NE
zc4!9?7cY{2CN?`qX2LF``}m!_pC3Nc1d1?`h3`Q$<Y`L$YMhutP;)$U`{$`kpMC9k
zV?xnnRu8+&nvdI2J7dq1FD2%gJ!a?7J9{Qvm&naZJd0M^jf%B}INs`f5I^);j3xHd
z?v`frCgrOs3*;9~5(RjD63D}#^uCN7Y~~4gdesx%mp>E6^xt~^POrP=MN7|%bh$5w
zpK+qZf>hjYY(lJwQ>T^Pwe5U5luj8e$9<~%dPscZ2zk}>@T<RS`(86NjDA<&*6l`c
zz{*Jc5gtpQQd=&KuX8|1^oo*FnwatBt=RsvnPFd0c(zAwLE2tr0dR_4X6wH2FYQ;t
z&e4dp29xkh(Y-nQ0ju^?3@O&_TK>6@as#xJQ)kU?zkgmU<McAPmTWE8>guAyB0bj2
zvV4t{deObF;`e6ztpj{jv0S1Vn3yC*QN(g>s2*mlj}x>h3fx#<H?Rzi+G7;nX9mQ0
zpFHtE>SRZ-NC!6l2MS#r(Q(|7VCq%85N6yP!Mg8gR;BoF%8Qr~X@?fWuqZ;fO$pcu
z_CH9g;YEdz!^mFYQP)zsobU*#94DK_J26g4gU$4T23K0>!726go;RuaLoYLnJ~-(s
zRjqb~0>43KP3`Q(&^sNsY#20gUr0@LV85l?qZK(}bT3bOwBy8EQo2y2jEO0QQmE}a
z0f$ot^-3@C2x`ezS%glu-E$ug@F6$E*Qt}Az~5mBI8jZEuFD@+r;y@+&9aL>XN`Dh
zo+_i}`u4_i++sSd2b{86Z|2on-+J{pYVz9AY|%!_YIL3|VjUu32#&h3(Gfq}J8SMC
zTtPG%>~wuh4*gobV~p?4W2#0RRK$d-`4xqi=`V4VIHs>mL#Fwsd91KDupc#a6<pG_
zcEA##N(?m$;ci^6?Xxg=H#z`aWIughqe*Xk#Pz%ok4gmBhow4(2BQz7btK~w6O^kJ
zKB5RFiPOAwGZTty*LF5`40fn@_(J(>AB^83JimIf`DEhB`-H9c67ONx(Wr;n$at{H
zozZw;|IqTI$fV_@#iS@69$p|Gb=WSEOqgL9e;A5LhjNcXB8L5<``N^zCl@a`vM`)4
ze!}<!`SkN0i}%#RQI}brS#)A}pQb#M<hV@<rx1<^Xt)+Z89@?JN@2o9_Wbd4-CK`d
zxIMr1LWOfwlTP~*`#G+{7v*1aUT{5cXCKpH)OwvgkbUoMS`I}{&s#$c+O%=@MhX+6
zlxM2KH_LC#WxjcfuPN|C-bh~jMwJo+%*^%@<TQ7f_6<?Fg|x`Gw>23wQ#IqVwBIIc
zETyN;HhP>EkF1V|hC-u{EMvDX_g${djVzqE8co<zSJr4%REBB4)z0_QS$ZULeN;zW
zD=^0|b&s5+D7?HeATpiK{~C||Df=$SD8x4*EP)NeWLK*{t#78!Rdm|U(<ahx!Diq7
zQL(qJNf%?^>jj^=v{{FK;ry#<ioIJMl=DvgRj~bMufLe`b<tQp7HE8s9BUk$th5qr
zoQZr{{ScZ4O@>w-k)L>j-Ob!-S}C1V``~rngkk-Q@ZxaNNJ2TK)H|t3a!Ybdk;;!#
zBL!&$=|~ga#=9uFDcLDACO%UZSH7yurM&Xeto5Z;mX&`?MT?oc{KlOPqK!nVcVRJM
z9p=%pXonVuxWPArFA7%-o?X_99gHoG4b=9?G0hRnk<01t3-5F7Gk_1nYlek}(gx|@
z``%G3ASr4sbSw$9w{~hO%z0O7p<042G_e@FbKF>4Cq4eI|8>*Td7*ySyB0YpK{ji)
zhZ;%UPYPeVBQ~67_Lb<aKG$nO%!j(JdFi3t`lbqVVsd)6?k%J^#X4m<U30qYt~5<J
zO`p)clDE?4DLIZ@s9k-49$4vI$eQ`QmAe@*Z8_e67Fpa1wQRg)#$Z{sU9uMIld^sE
z$;&d|ymSW^a1cloC=$p~{j_?jTJ>=A@Y#Xgq1*w(q0UYzt|?9^P6__VjE%d`E4#Lv
zF!%B74<*dE)qK=^I|@xVOch)<41Ju&M;zUm+OH<CCG^wa$OxSumPx*saL+3Ih@VMR
z(gWIXFk@C?##KL5pEaRaXJ03I!$;mB%7?<1j^mL-<n0K38ZCw`z9F`Xixq;6B34>0
zk-Cw(W)2$kJUpDsE+exzV|b!er!IRK>b_e=vc$+XQyCfL76>`6m9ySbEK^izw3tjq
z*-zHET`zkv(uu25w|tL`F|jlT9kJ3d*2Z+UjQAEV@7Ymu#j^x4BQYhcB&`0I;x3UA
z57xO&Bt8#*9>~F@as765T2!WNW^X2{8`a(Zfc=f8x<R-~<NL=>1z}}UBZ+ef<rmy<
zoV_Ug3eS@Ji`}!XC$(>{TX7ojE;Mg{%KLOw1hJd@Y{}Vtqgf<2k$0@@KsL&xO_i&I
z%ZE!}XC7`?`QDk*zBi<|WBy(*-2PPG*L>PfTkUXtMZ?63?S8RD#4`kX;Z6Uw8T*-;
zX>>l?#KZum%gj+$Q|nk?&D0@D7&JR#Q{&p-xDs|yw;(GZn=Whe$hV<CsOYd@v1v{D
zVWNnjs3WoxuTr*X3aQ-=*J9;l6=ppgo_4YyXd5stJ3NeH70r7g@_cz%VT5CN(16OY
zuc+CjKi0^kIi`6<+efEorEjRp72PC$AYQudw*()~tjf0;i#x146el<!g=o_0#4>(l
zY?0VGQ0sZUo$^vri>Xh@&|_zqtn(={`(1X4-OT(v9Xz46*ae>JH9K3EYSa`Eb*)#g
zkKt`*KQ#kElVy|15&iK-6}dE<zAC?JUlPAa@jhhB!|X)QJA_#pUwJ_(M@iPc(s+EI
zRq1qhjqah_*IeXagnRakKnh!OyQC!a{7jwAqcY1K^R9-YK2~@%PlI7aw?GYi!>wZ~
zN9Q2V(9XKpq--9#wRo-H-a7AUz97=2qO)USz;#cj$wbv##8Y6zqk6Dss;hTIJahkm
zyWN1=d4HtZ?Y{d=<EXE9<%%qFp}b}l>P%W=y(&F)SCF)jDN6iH;A3CIog2Ffa~kl>
z7d7#R+G7hn{(0@0`6#`eLit0)kxq^E;gKivvGA_%9Puc1?_ICE*7py>D~x%3gja7J
z*g2GqlfIDjsu2hboL9}46qPfV!$;mkKCa=0W*#kn^1qLUr@l^Al}rnw+1K4sIMnF1
zo}Ss}?KCld%zYTKufN^8Xt05Xtwc9<H#IdFp7eI3kUCGqb_r*7n~<OFBaYOP%=CRc
zjg8GTDUD;S7~CUr)z*=iNn9xg^Gl5^Uc^{UWY^kc-7d6~Ur@hC9lW$OB_h7B(l$pP
zDtn~6y|2`9*YS~Ct>hiM@MFcX<04a*oD(~lhtzEe1da71R{em!Mp)`9SSc%Gae~)`
zSh(19Sa{$SHu#pnKKDPb<*?bYPJDYG2Mg=IEf((IpHTt7F<(!>H)hRWzfU|1$07j#
zIt#viU^w4DjcWrt@%=T<0r(r1w8nJ>1@K$L!p+js$=$};BN&Ts3cPXB<))rH78VsN
z<{Mk#_Qh3j{eD|bT@PJlB@qi}M;@~~&gPapK8`M!>tKobh=7-lmL6uzK8_Af?jk<o
zEZ;sM0$yX@=4E02_7M+zaTZ-=HRkKiZkEgfJXd(Gut*RwGc$|1-LVq6eM9c=<=|i9
zEH)k<E+V|V-rn9k-dA~?-K=@}goTB9ukiEo^K*kwaJ&0Dd6@ZdJGo!@>muK;bHmcz
z!p+vj!`9h}8FO7Tb7xNvaTXTLM*s8m*L_<0*#6kb$^GwRfdlel{=&=0bA|VRt__xo
zVcr!{v-Pob(7R#l2xJEKkPsArh<*F~KmPJ#$DdZ}{#eP!$1n8r(x3kH`%*1;OSkLJ
zj$ls@i68p<d-2bI{ClAoFXre!iQ+Fge|r}QT7pQ7_kWZoK}610$_MmFZ+k;k6Z{5N
zhWWyVf*<UE{l>g@hxt-TRbydEVJX~@*7U(%96gDEYaBMMc}C5-mD4Y?UhPjh)p|oV
z?V{}6w`n$NHXSz<4z<Er5}vc9bzOeZm3B5=IDLXqg_T9U(Z4(<>-b2be`sc~=Foo|
zx*gvqf`%p=FIM#%@B8*a^8;13(YZ6|%~7vm$75m#LgrvBoZo(Y#@!>dc{b>7ihD*1
z3;UNJurtiCiM#(?LU@si8KxkHP0#r2=P}E{imU%!@so`IE35xn$xoj3U;p?GgZ}Fu
z|Midm`p17G=Rb(ae_6(V`PI*K^#4DRQ}3kY2~vq2wGPSS{juY^>!gSIXF39%xrX-X
z+Fxeo451`?s(kb;Y61fT8w%*W>Go~K$ek@_=t^4;Uu+MLv=eUkFFlzu;~5LI9ce|$
zzVsP(%->3JmOQ#*;4ao2mioZm;Mix>Pwsdie}8AuWs=daJW~GLq2sXnITBa89H(I)
zgYeE0`Tg*uCRc*gW5mbQCh^9m*5SsaY&7LC*I0@uqHN~N1(6lOWp-p^|4>sw)sbU=
z=jQ5BrC$$|c9u2$gf6miR261|deYF@*yX-i@BEmvLM~><=dv@Z+P`K=Btq`~PI-?1
zxgcYU<LS4#nSmpVLJ6X43=M%Fn=E|Kp+}GKC)LfPcglQ+%QVU$A{6;i(V`<IzK!*b
z!#-E`g-YBX0YDJD+%Yyrt*vMI;@y09&b?k86YkuC#`(xGg}tfT@DHDG32o%21?G&?
zrKUm%VhOI&1z0k7?~smFHy$r;9Ou|XpD77)$oJ3bZ(?Rc_65TG^TnlBx0#NcxsZPT
z+5LS7qz!Utb7#k6vw^-d{;^J|f=lLN>Gh4+O~>Z&z;jKad&A4nB@>$jc}LnH2ghLx
z)WcaiXN$3d8b|2Sq<Yd^v`NvV<IF?@n!JgQ3GH^yM05|$6itVwVG?vc=RLWfT>%fM
zDGu)!yG_AZ>qvh%>x{CQOrAtdJEBx3&dAd;d6z{>bn;3#Asg@Zu16&0IH7K$HrCc`
zoKV$rk{^U3%9_53D5lhz-WTB*h3GsJDCd6;&44CnDjjP~ZL<FBTKUOq?sU$T)o`Cx
z*Ye1fi_3_4R|lrgjw9Zc-XjK!WZ!PbaIBFyqH0Y{B9as*CGPX##udvibY}44zRNO+
zJC(r(xbsA3I(l9td^}vPIj)rx+AwVvRU4|DPSBuJSfP_0%IPVssi{dPCH*N}V^T(a
zJjQ_4T9@NP^nF&v*sz92)L~)7)YsaSI?!;Mk?m_T2^?lgo*5<8Pvi+b$e3YsIFR_1
zzHExHtIetw`pFIX74z8*yb)O%{Ru73kp&liNgoFZM?CvOU1pNJ!_pPwxJ^#>?d%l~
z+2w@WcK2CbQx+(Eek?_3v!0Sl7OD2SB@ivX>arBq$U|4d+-Kmdf8mv$|BZc=>`(a^
zhJGgDEtjF%To&M^*F@)9!nXPhGRgXK`y5cGakOx7AzJ(~Wky`qvE2US6W*&elX0~l
zKKM0cDaGtK@_GCWNm9)IA>gjU6P>Gz*ODCcTq7x7Jfop`*?22q(VFKF>!eLrd+p0;
z)4})qi8|J|S=Z*e`!lOsUUC&)|K&0tsMV4Z&N(B>)l;opQ?HwlwK=@2^@CdLllkZd
z2V3Fov%j5w45gjr<ky!god`d7rY+ahy=7SXr+hu+0B^HuG5nm9U0zzeh-d4&?V%o=
z)}ZOG$S1*<k`7-o>3Lcg`C095*SzbLJLjg~{g0b~B?qf`S1eZq35eQLM&`kq!-LtR
zq)=H(bppLfo#{nPKI5;=Hz{zF@5Ow2LiSUwz%-2fLD=1WI-QARe#^+o?216Y58=T;
z(R|D?Yp?5Q9Tj6obVlZTG9m?$@5<V1elwpgB17-dtw==|-s5Tki$*Eb?UBF+Nn81b
zPIq!<*k?yMKN{6jR-4ZVm>dkX_m3Lqlp}Mk4oUFqhBSmr3kYsiu>4{$s7o&WM#ObB
z&gI2B)g{Xn_5?;PtWLQZ56_OA?NI7!mlA%}X;5~2L=e%PxVOJwXO-y4uP{bgFZYu$
zv2nGPLhSQ)4N!KKq+!?k4WS7dyGCcbo?p{O?&CsYT$UY$QcKV9!o`aV+^p_46443#
zqED=l09>c)-B=g&DDgR+VWVrOPAS=+qdBj9?(?mFDXFWUGe(H5H>os(<k~rag)U{q
zEE@3{{&ES^1}b(H_dPWC>zW!#rIh7k^`s|O4M(Ru{Jn7@qxbmzsySbEo}uP7)_&}P
ziWHpe8lr8bz5cUBVB=mq!&?p~7HWN20A(dQuguy?bc~DLdNF=dW#TbX=9G=VSU?QR
z)1-^ekIa6RAy?RkyQC5{c~#ph4gRAp_4C1U41~7Y5z#k>6EDJSFMQ5_Z6K6N))Z{j
z%q`fwLUM)WmwU$wxf0~U4x#GsFq9^bC$xR@@r%2n)YX&I6)IANHl1CQNe;!m(=p==
zd^dhsXF5gxQu27HF>#rARJ-G5c(B#fe!!WII}$UVb+lU#xoik+_*2xv@Bd5{x!@lT
zb|Wbvk*pBTvxaQJS>4v@4TjibLfFcUG5Tz;I#*BH@F(905C3@)2rRH*x#7pOTR3!E
ztZ7f{z7&vk+!1TXh0v;=zJC1|OYozZ^~8(xQkCkyuzqn_MJi_QYcGj4Bw$O6gzj+M
zEkYxM{L8zaP1-b_`oT3DKRxLS5SfG*sMPCHF%x2Fy0*8+&sfovEBAsg)t|Jy`3oXR
zU1!dN4VvEFis(p>8&8j`HdR%@#z{Ce1CI-yetn;j6B!bLTNrw&{_~w*7k;S6DZp>t
zoLiveK0G`ub|kd1(@-9Y!iB^u8}Uv&-fKL{g?)Blp*{Ue)z1`nnp7Zfvd5;Ih|ZD7
z$nT`F-<$z`aF8-5*t8{s3!i5+oN~Wm*e8AoUW$A(tmyk&ipm@!l`BoI)A8{GE7I%S
z?NR9HcKwDgh#q$Yc==rB1ab#>kw7wne97{^$g+#*xqXMtMLw5@rK55>r6#3^s{zRX
zaA{i=PZ?B@WR375t?`rvul-}$03BrNLwZ0>H~Yf&LJ?_lvqo_6rBvUCW{RcfU+g#R
z=fdVP8aIBGseVW{C4^3EbUfXurfB7PYV-{Nr5Ei`s|hqk9>c{;)J%n;8Hx1mzs4I|
zyllIUkLtZ7CiB~m_NTnu2*IiNRrze@1n7r(B`(3{E;apQBNZ+i$oq;~#Zjp37`Ob2
zR&a2JPJ!z@)7@B=O7z}a<>Qad4(^nhDxqS(*e+ojIj|Ig0n<^I$7`Wf`K?i9Dop!y
zj5EAaQZcpkzO|18FXuC1N3zMD`$d0GQa&8izV7I!>Dya~=7DvJUP$}w43!sU!Aa;O
zimF|x8gE!G$!@<+Dz51fDI2OMZ87EZ_!s;Cdj1Sh1YTsx(Gk?!)Uz&5Byc3D`z0I;
zTNz(NgR=VheeGU0e8{Uw&Av&A-}VNoPo;zmfuNh1`uqY5Od;!dwIHW1ZoMOW?_+Q{
zCB%|@`B$0lp2Vo#0~fN}s{VzHtRt-_XlFocLXlp-cf&5ay&&|Gohyd!{iqCm<uKLh
zn1!TgYrM!FLWwSH2P`%%eFY&!K}?6wbPn=3TVg8slChQlbPKoWQpC*9{s%1X>`7oS
zsV8kVsR(V)Dt{GXhz+)SWxB9j!WqC(Q=P4<C{_5i`VF0sY-qFF$gd{4PDayA3Gveb
zH`}tL`}kh4)ny9#g6QnkbcABQs>7qwTo}hASEgSI-=9=J^uZotD<Zg~2kf~d^Y=aX
z2KrZpOn^6ibSFO%n{B2k&NPf#GS}|VB<qU$<)nAc1FU>2v~k|Jfdl{YTHopS+2Y%O
zpBEI<6~t8eOta|ZdN&Hhk?%t@Zawk(1u~gQvGegG<+Le_G>e<OyO(wcqK7}92j=6F
zY+lx7OQ;oS?vF5H?AQ#8zgjw5B%1syxShFqal9ASsg@lYo4vihy0FQCo`F^ak32bZ
zDV!@Qe0+<e^qY63eRBUvJ<P#Uej(X(5W0BkA|J<Xqn<enlX{dG9-+<IHpNpqA|$m7
z8cyAThlOeCcQe+=8LXUIi4s(jf4Ba#54ddb@iQnxl!OgA#-dRhLzC`nB`PTcal?pj
z*HRU>$)XGI&m76v-^(Plp%aZ4c5lu$>ikuN%um#q`(S!Ofj9~Gx}Pk)K527SMfs<d
z_k;f=HtmkDe5B=3p~06XTAtsfa;DL0j~n(hIX=_j6Iyis7fP{9_>m6csncQebyUS{
zemg*7CHbib;3jjIAW`jccd1sc{C}-&VWKArjGX9!OQ$~dCN`}QPie2TzBmeUmx_~-
zsEsLDgQ!yP#+27+zhp&34D?EtG)kfC*Kn0aJzEU4Ji;A3w;izO-AecuQ>VKR1*?Yx
z!Rqb%jDBx@IJj)Yq=$ZS2EatVT(f~>9~~V{kAGA1PMuSG6Le%612Q&IU(PG`o<T^I
zaN|RAVOh7+7=E?v>oCK+au+xWAbyKs+{TG}v85t`Uk=MtG67P&@hy;kBzP)6+VK%K
z$sczXfx|l4t6&ZGg)49WLN>rCV{B9$Iwnc#7c7R&r2vvdGR?ee6)^Ctd_(ff-crm3
zQswxO;dMj_AIYB$P5`wkKOoUZnE3=c7@V@vl}4TXO-x@ed>~2)m}Y5udZy!I0_C|P
zpZe9kffAaIccG2sX}@0mlYB58aB<nF3+G`95H10mweX3p0!KcW8D1pY&EN1g8iTiT
zW)WvF)_Ql6A~Rt6(*19n;QiR-vWYY~-8Gw%b+6yxI#|ja+pgnca&QZ&DmZ=U_tSsD
zj^y-if2Hu$wEfwy{E@jB>zd8&b}3{N8@M^i?>9FUEVpk8ZcpL2+cO47nVVsrA;TP-
z;rks;1W#9Y=t|WS(UJas`4iaM9e1vrq$LdrzSQ}30M>9WyuYc0gaFbUVFY9q^P8-0
z@=B2;Y`Q<$AOsHH8ueWV_EO#bLJbe;Ajzzbzk-7uxPDr42qGGDUg-Dp>Yt#q>+p&C
z&AEgL)$U%pulLFO6fWf9bR#}D@(M6V_%)0oW`0-1-EV=9oq-Oci2Ave6=&MmycT=G
ze8-D{i}pURQZQyI{KG6;-!wEwFnNG&pZ&J&9Nt^$80cv?Mr^QR@TV1%a#E?0!T(kU
z|G^G{y#Bo%QvT5n^@`pC@Kjfg(0C=L@S9I>;`G22BngD00SoF}{I0(SOz=%+{!JGW
zIDi6L^SIHU1P9goanL_|ED%b&;a8!vI0-ij%`vEG%rs1Of=>HSpojss$S)LTrl$IQ
zZvno<)^24vg$*JEy3^H{-yC|DkVbD%gAfLh|8Bs1FufuhTMOzyv%Xw7!l?6Clw*FP
z3k>-o8}mjzIWT1A?}q&Uz<+@|t;av2mzM$dsQuj@%`v{A`s6p)V*<AO^(vTf1Vp_v
z_lIn)c8L-?-bxo1mva584L~=DfeEkS-hui6v60{TTWkXK9hdDjmrt7|I{q0GwEut!
z;V0;f8Xf{QUieLor-8~pn^CPZoB(Pp|E|V!r!hE4`#TP@e9OO70tio>=#DtQg+`a2
zf~#iAzHGI>YD8zPQB>2mJ>hx;!u-SOPk%d{qY%d7tbcd7M?i9J@ejqCq=Dp&ze`U4
zL_)RP)A4_=!oJ{e02BZEOtE-LEkciSgnXa>=Cz;kbfsegh~6_|{Cw^wDZKrY6o3~R
zTCuddVqlT_yEXl%TLE735AoWQ*nkTQ|1Mr;aAA6@^J9FN3!nSx!hh7;2Elzz5eTRN
zaD{h|jg9f=R!fKvSNJ-@#p$MQCiM?Wh_#tu{Fr|5Zyat2o<{n|2|(HP{`KB89hdcQ
zfH?BIF;j!U^Oc|6H|j3f0P(|^r;z~V8e9sk9G8|Nesut>kdGL25yOsWN(PH?f85po
z3SF-KiHZDg(B)m|rIhkdt`~ukS~dJ_q~A!&8m{fHBzBz)hOaE){uFf+6P_Zzho}Dl
z%^12}R@VICLy@@}$eFqCE-ZAXo9GMX!;9q!|03>^fVkgq{{epq{wqdZ1F|MB#S?)|
z#{OoLS(r%Thrcc%0c>*jyG{NlO7y=G0YH_1Edo=#e=mYRMkgy!nz2<U3Fx~Vf$RUz
zGXlT+#~JPMA%+c~FZ{+9KFI+TA5@Z!J%M3X+~2Xk6%(Bp&;JH%0yw}uBCaxF;<?2<
zCY~FZn3yzMh_4PgWQzPDrh`2jh!W0NwI|R0TgwH!CXx;k`R)aPpo_ol?*|+tE#>Yj
zc?>W0`i^hmClXj2cmT5glZXRT+Y|oei;FSKrvDpua{U220m6f58vdIRm19^?T>K|@
zdJHIkw|4-_dismz+l%n3KLtz5KLpE(ZzSM%G4o)ehvlVpdIDghzTa&WL=QSH8#*1=
z1o1}zy8gl9LU!+7-y5RB=;r!2u5~+wr`28{ztzLmu(R|}0lxlQB5?iJ02yM43#`6b
z>8tQ*;8z>p{i=_yV-xRRGcy3ibeTe}|6c3Gn1p7H{x_^}I|Cf$bm5Z~8VpuM{=kam
za&HB7hX^2se`g}*Qtr+dV4aq)K!EtCm4HqDVI}{sz>8g(@5&W8jb>0#Q1kfS-kv_=
zLP)=rXz#Zi`~aktXImfse6CDP4qm84LZ|wB8c+p-dsn-3+XW0s6aDU}fTUH2h6gvg
z|L)h)z^{c{WU4JN9~b=b@jqrv{|^|K9G6W|Yy8#jVai{f77OPg26BCH_$9@FIiGz0
zf5}1tbp3(TCYa+Xqc~OEtqMaM3x7N6O>O{@Jy)Ng*Fe(Q8vR3>e@r^Rk*%XV#&5~t
zHw-g0NlA7bMU?b0p8u;f@&~n8y8<5E16yPM%|iLl0Eoeld9ro}Xj1uqlC7&SV4zPw
zwoOy8MgOkHav<zys?vQYFp3fXu9*J>xBv;PIN#F~0@2xiM*<M7{ur?TEILdY_s<&1
zpQ052FxwuOEyY0w{-4rT%0H&9;ULKVJA8!GcDPWoMgPuv&S8M7q1T(>M^H&od2}VQ
z->L%AmSGc=v{a8ez!aETpMF>ERTxL!Bt_jT;bEUY)FFU;&#FpI-^XO*(%<D<kKOtV
z#_rX&7>~@e`IV8Jxp^5F&`0toyWgr7PyXIz*hMOp?$4+Mbp8)i0w1r}dL{NxGzD7u
z2bzLx17z-3e>3DyvcPA{TW%zyFs8x#<JOf^@s%wSuipRH$@`D6^&#TC%aCnmShuQV
z)l{n?ba%>Z*s;{n7KM!yqdXpb;xwV;{$RU)c;Mky|NY`V{hahjf^X#ku5chn?Z>|K
z`QFk}SB>8rZQI|a%CG#Z@&JegxcLxzJm^-ANtm@5ikADje@`kSB~RIS=sVD%EiFQ?
zo7RTnO>|r*C5bcg(p!7)yD=TM0iL~Zs5#uOTFgjasS6{nS2Wq{f?Y{N1a2gbo$_BU
zw=TCeT&dX~T{+G6%0;G`Z&M;=uP3vlXblTnbv)8Jz+$aX4Z4ijXd@<I^f4{x_#7A*
zzSQ1dg+`vsP)SO-BS!AqVG%7Z5HLxeGQ0a^A+OSDzy}pse<{)7Y{`gQ^Q3p@a^(sm
z=r&g+qZ^1p@h#*b)k{gCv_~u9AtAO6ulM)&4Z=J6Gp!B2aZFTbb=!gi(_ck?o2Va@
z<8NB<B=y7C@e%rp|Mp_ZYYxNR7Hf&_KI77f9aJ<aTe6S2A{yM9XaJZTakgEUss#fi
zM=m3-O~qAT!EK!0dj?TIhuwNZA^&BQFSuhGipQ~~?LkKy6XSPDc?4O@YxoHuL~U(C
zsK<QnIyM2Do$~hsw+F3Twm(N<ZoPmChTp3DC{K6)0x+1A?*;?MR%QYKadYU*CpD=Y
zeS87}1G$nmk%fDrD~PMPpnuQ3<jFYeT~B4;Kz6j1A5`pl3^pYf7;&jD*%l#D^{FGT
za}L@cj?HU_ZWq?G#u;{X2_Q)cZ5j=H8jzCM%E=p|eb~wYag~ej6?Z-mNSpx!>!kx9
zxj|FlNhC0v_wf;z2{75a{&#_aY7*s1WaGEs@Ff0&|JXiqH5rY_bkx)__O<j`k4YKn
zL&7J#Yxa!>Y%`NaoMw{!oqT$8jHe{}v(|vryaznGm4_={xwi>VysJNLZ_m_@kCU+0
zW3+}=mWr97kJgbQAA@USRUa-nTMq`|PEcXvzQ=$w6(}+@W5D@;=z~3`lF<HC0N0J8
z3=FE&MTssC2tbllJk~$6l@@#3t8w4gP!;c8D(N@&4^!l=>Iux#NL4BIYv3~O?3<cS
zbmp;>EE4C7BEf~A9#o!PObEWzuCR@hAih0tfgZXu@!~}F@zH+0W9cZ>5m0!z$-yMG
zBVOzhvB~<gINaWI3H+83fe}r>%cRbN^2J576bJz;(4W?K{ehV7(?0oTfC7|hK{4r*
zs+43Ur&|^;?UZBND`7Jmo3|r9Th-g?GV#bc<+X-Vq@VqOO={$1y?$v$MT;!8QBRjn
z=IMj=xEcrB#0Lbp5c1cENk))VwwG_=B=jSuuT3l#w&#hDS1wm@y|pQqvD@E=EZ^WF
zEPnO`Q+NIJpSVMLCRqo>&RgSd<6YqWN_YrfHoAGwej{qDHqaRF;e=-M!jei<1Lrj+
zdh?;4nLOO>+<NanR<-2wc*9v<kynv*C>8BQc#7d9h|P5GGYr@RrNu+7lia>=IO_O6
zYESX((__$?{s<kxw75~+phCPxl{~VKf%2g5;(>n)fAT;uTH{TUN3K45-6==`F(a?-
zPZy#c?DOr^OxJ5kq3`DB-Wcf!cCO7kiLl<%34T8eMgzz_c9$O_32iRv2Q-K<Vk}uW
z7FhEA3X%S1<L&o5@1_KLSMp<}S3zG&8<TG2ZZd^LVc|j;d>dC3K=D9+9n`2nRpPJW
z!B<X~u|Ra#TzBSu0A87v4=Qdf0vjHUEy*STGh?Req#1}JlT3v<{(&ihDr4CoPkpVV
zrB-LC`_3nMiLNfsi<u_Hi>4I7x8y>a6dzGq8Cr?fkk<L&Lj2;6(Lu-5Dk5`fC4vWC
zan%q*ms&i>B?zYPM$UmrjQ`@6LJk;iIkEqL<CauB4j{N6Tn5^U0on_|J1zY644Swe
z!0=t3%2CJt-S!|xuTjtbSf>h^=kxpn!Ba6Q2X}-fA6(Gi^CR8#Z>+rIosajpm?`o)
zo_I05dT(A9PQTB@f~0X6*2RZ3$8r;wjzRs&Oy`d9&pD{!TAny@V*8!Ar1q7JKrSHz
zgpX^1Ntla$Ub$8Ke)a|q11clYiSw1<utOnBZVoC(O)bA0u9BI^XCaqV-#dRbcEflf
z_?k%M6cOFw@iK$=h<Zz5u0;oDy_SwqaifiXrPx-MDoLCP)K?MpH~tUxc{OvFQZym&
z#3<JRM>SrM95C>@jS4}gK&>ce?Gi=3^ZY9;B8@zk_>Hk6CHf1kTJ4CluECz>z3FUE
zFr>Pyt9HO+;8@%nk&<ZJ9UD|Tzh`Cd^=WM;bGl;=)IYBQDyu<m$GRj3z-@9X=)<VM
zw}wjVIvoTIdMNoahK%59-qUIDS;}}5*B-d+?&v;@Dn(3jPt-FVxhU?Z9BpQr<F#re
zuRo972G99$A8ckyI@)e99suc|j`r(G9ZJ6KYD#%>x#V!Ww1!(IGe2O8Ynl3DBx)@>
zD1eM=uGu8Xu?Rb|dKEx(3JJAIfa}f#Y0xa=ZRxOSnantF@7hjG`Rc|)Xu;~W$kphe
zgZhQDo5?8~uVyIX*i4+OwnijM)H7{oIj;?25FeIfC!5c7I4eJ~*{w<{xl>EJ*c{PJ
zRD)tzA;g5wW_O}ykG=b$qM|BGChqIuf{61rc>Om^)?T8YKCbs~)y0JXFh|$v)a>=X
zaVas{qKe)<n30s6Wik@Bd7-8Ku$94C6c4iIzCWiLByw<su5liW#xXn;lUUGe=bVNQ
zuR#wNOsG*^Dijy1b{cq36S<?d6UPoR%7&iKYYi&r%y=PvXJGBUCBshkDU55VH6j}b
zEL$UKlU5S-_^Mr`UdZDJ;-CeCF(NNK?U4|N?XjTaRe*hn-3{85g(-oVloVqmK_HnF
ztP+H#igWN5aSWNP{!S*pSDvJfaP&DWYHr&1aLz6Ss&m$)0*b-xP%)Rmeg38x$!C9+
ze7O5V2TC01@Gw$aLX+&wEbn|$HSYX+DJIgdsWv|n6;t~J<Fy^tW_)}JwhJ__7C;LQ
zcRXZv5w4m9LYK4-bgsxyw=w%LHK(a(l;U2%oT3R)_Q@W{LX(lPjbt>g@TVQX9aeVS
z;2E9Ndu9C7n2_iLR6V+`mo-!iF19!MY{?#8tgRInyS?@b9eW~jvepKN4$nZI!BcZB
ztY-O4^1)ZO`xxUZjtCs~?c<|p837z<!nfVu`0Yk{?~Fp`vW=y3uU7-54z5vM1;SSA
z6P<mo`m57v?b=C82OI6Ybq_=WE4OIdgXN9`(|q66MnDCM{BnoAKC{MAglKEg%v2qr
zn2vqOR{QiCs7xejq0mX)a#=t~Kyj~iKq&96Kc<>g_#LtNU=y4wm|lm{>5xG5s9?a1
z=$I{S?vY4dx24G8{c7#{#p?ZK?)+|(kEl5BmFD(%>ttHv{h|I6M59CphlYq}He&9Y
zpJVSfy5_iQhd;Fj2VJpL)UDF+C01q2RqkxZEIPgV%3Sl-O#w;;i50{~#F>_A;}xAC
zzEYJElU|G79reh^D(4>@PUdOR5^Z>7>nACjG!}QsrNoGYsQIRNKDrf+M#MEi680~U
z*nIU~ttIFuDnYExZEQs7Al_JXSkLI~t4j?uYxQr^9kz8)j+?V*maI?XLG-m!+b2qE
z4wu~e^U$h76ZhV<DfUMhiTKo{%K1^Ut*8No_16;{uZEUn9s!T0%#<n??*tDD=Dm2B
zQ2Ersf2mlfBZ3W2dbH&8`bPIs;Hnr7;pQa}_>c(g5+tT@HS(jLsxO^tr{O;1fcjQV
z`=l#%%$MIw=he+YK*XCZz}>5ZrH=IQ>%PFW`{~VRVwX+oDXx6P`-5k(`<#~%V3M%7
zXf8x0-M8^-a%W#2e&Ar|7Y1jIeGA5om!PRTOkv_iId1dV%YTB{gvR5RX0O1rV7b?~
zGp}4Xf!#?@;M1yorp@~HosIAQjO6j)76p6j@Eh4jb>rivyXo9$%20N!xBBU*Kv(BM
zX;dwsggUtr>q@;knH>!7Equ!y%C0XWN38>LyG6E#ooja9EqSp_S1rLVIM66arE2tf
z%-`zGkh+nww2)sTaR3ZGdtTdcTTj+Lr$l5Uw}0MR0eiH#-*{MCS8Um!R;HJ76cK!>
zIxipxoz7L9)fOdAnKzQ(W`}SKS~>C|fB;sMV?bjx(adGC`=#W(t=21*t(-mIE@F?p
zOl=0O!!|W0+Ak_wnb{?uH#ao47;WUSLY|&fyK8mFiK{sWgAheO5CW8qK>PZ`*E1bi
z*G05GJ5BXo*%l6bsvC5;Wl;ULp*zuhEW7(v5u#>3ztUu<j(P~^<dXB}XRKylo^!bN
zbC)8Cn3KMwuFifqLFzD<LqHVO<CM?e%Yi$84c2L^9PK}X8j6DB_dZe|jarXmqa^O5
zc4J^mzWqicwCMc@e0HK39>i*0N#Fu;3XiV@$Tg-p3`D}d&gbOwXkYg+i?mDdksI>O
z<Xskt)xPCeJ{8*_<dJYsMcE(t*`Pq4+g-bfS0Ha_6=B&sKGQ4OWykE#d0#?xW2W7?
zI&K~65yUb*%IKaJ?N4Guk(YJp>EYw~9j3jG`w{xGoL%QiLE2DQ_P8okd*Q7Fk!$um
zoo9k|U}q43eVtsD?)FN7L+@biY8%UFY8VJ8B(3eTYoYg#d%0oiG-zP*;$m|Os&>%n
zDVWB*iuhK~dS1l72<5T`)4r~OKQ9T2p~L2K_Ao_I25KN1S_%bu5MjRm=z@9aG#p2#
z7p^Wuu2VIK&XJ)yY+Hpgc^G&K#Y3S9XGWy4Lior`@mgPA$$KY?!JFbAc=H-mFhF-K
zM*hP-PFC<lc21t#*hkAaBdX->qRe8knZUV@Iq_}9=b_{)iVwWD-%wY*WxuD7EQolR
z?G#a(<&s?&wVtsm|N35DlxFc9@lq;?kg+ca_GEHHE7yqCc8ja<A@856`*t5`UG%xn
z;KeRjI-;YNiq7uE-V3$NU)%)nC?s|`r|Rq*$>_n~yCLEzqqEqx)|?o6InWo4bnm71
zc1}h~6#L1Xe_EO~TconPs*>0pf!%t4G@IzUY7b&~?eS&-dLy0XJ&`a%c?<g05J?d`
zt9c{LP;0oOLrwkE5Izpk1Vy8-L9ZAWbN8CZH5O-$GhdCeZialRL~iAk#CZ_eP~c?6
zJ|nq+QrX<?ix98mHmWGnRW=`9kVt+I+(;~ga8bYuDeh{=cOc@W9MLp-sC>-e1+pMP
zRc`JY??c8-Xx^pacGX>R%m|enX0D*~T;3;tOm(92hphjuD8|Uc<{uTSB&}-q&)&Lj
zo#d(Ad``2>te#*+QLoolg@_HI#cy)79`|TGW6Cs=U_M{NVbNqQ2&8^RloyKgdr|p;
zOZJXA^3@>wuh1czXN7gf=?8KY8uWg_8P1<C(9ZhQ58ch%lW{<&DmpheS66eotW}pS
z5Gn25HYm<2%Oz?U;*Fmlvz>aLjON*04x=F#UZLyPb*RFHWTPg-SoZYZ>&R_1W=vMQ
zT59b2;)N$@RQhh@UQw0}uQaOD%bch88ZhIo?CGu9)UWidA?}gS`G`n~TVJ>~!(Wi;
zHs_J!V_D#KT!Cg|fvrjO8=Foas%SB=9ZKXB`etf!w#4`g?<72yl=MVO2A+|ERfFk=
z^I91;2V^$-Yb^WsW7bz5m+9nlOHey6Y(5MuZ`Hx{5l4Qs`7+*0cMp6XDgV2u#ZTQ~
zg49CSIvK<7?Jrm63yEhQu#O}nDbT1SqVyR}dCN!KB@ad;3<Am4B0k#{KQdByL;V&S
zL1Z2)Ncq0k_O_?Mp+vVo4*^xhot;GFW=2UI`fP_!j<v`9L!LO%1Z9&uo>>l+S>ei=
zy)sir6`CaxjYG;4(N)i0pc{;^TY9oImYNM1{WDFo;2M!kOH!F4b7woJT8X1Cxgnb^
zXj>1Bap>Su?>!AYgze#%vMX(S!&K6_oJA~EbnxFN3byOJrc;WJ3K*GjCht+~&wJ4K
z=D$y*?wEZ)s4uQz-94wu1ZoHR6?UwjuBPm^#FiK{D&3Gm!HIfS;2`TR64vY;=15tm
zNtyK+vRov0&awM4pl=?tHp5me??fhL>Hzu_R|TTD=8Z96o%;i<|0?@__<DBLj&+uI
zZg0{Mx!EA2L&NEeq@LSB=qTxKQ7m#0BdIkQW<Y)p9norrdk@`JA?@N&_Y~ZhEty}R
z1U94ZsdhRa65Dx{ZnD1`;BoCz@5MxeHeM{OtEQO$3m~g<?)e#b-n(LDO&5<Q25*PK
zNOVJ$iquA5X?3xqQj!GI8m!`SDN$Oip!2oH8*To+ms88f6hWlB?eJ9h@YK9@!LqjJ
zmjPXTSJ%ti8+oSk*wG-O$z{se;^`(S<CPZQN<;LPa~hV{R7sLyN8+gCrA{g9cy$p~
zm-$ZQ%(u=`q#GZxEQO`+9m2-QT@!)jxh{gd`NII{PFXq7>-1D%I^KHUJKo<1GeSPI
z!rtT~<5(%@FZZ)|TH1KhBG;#rkQ6C32kXtlD)3cp+_y)e;zkOY>I|Tq;i?1T7YDXJ
zHY({^?|NO=i9qSg`LMOd^kvTzbnxwh9KCF9>KEba3(MrmtM^K{N;lW3w|&m6JSPsc
zE%XeLqwDa=Z0<eT<^<x><mOu;l~KPOiSH&<f!!L4M_lK(0Ppu=$AjAES9uxuXW|=?
zwBoxOD?fYM<}Ox3&2Bq2!kLqMwvwVWmBa>d=6bOXsM(aoqBhq}S#apUNTo!5HW#@d
z{G!OzbB)RRN$nNImHfEYN|qGu^sH@-kxQs{ReI4<Lgp(1ptVMOu8Go<7sIUjelRQ0
zeFB|oQ@4{g90zTpD<cB4>$bSrCRZ#PAIDO%jN&{1@%@WVY$s6+sOyw04J6ISE><k$
zO#mk3J8UmEY#P*V8w3Q>-a$+&$1k@+?44<vJ5N*bbzOlisb{^&JNxs^nzEqHR3=AJ
zWu+XvB0E@j21^#Fz9CYq^5HA=x~`mijgu5ADdToAOZu=6!Xh>(7PTNR(!RE3>>|X7
z9jP<m#g7XC%qehqYI$q_Mi>k=9hRZb=kbwD{v%JZQ&n%|_VdEeI~y7ct=%WFaqWoT
zg=Pr!-Wq%gV5Z35L~2p(ugO7TY92cTBAO0D^|Xmli3OYTsaA;2zK(ZNM4HC4B43kd
zDuBkqcn^~VRv?*fRn(Lz+`RSu)r-``l|lY?VS&(#(K*$p`blhxZr|{9`I6|}5WBwN
zxxC<=&pnyhuhly<SEOn*Jp^6r&So!;D}4%eWm*ZgVwtI0<V)B$)}5r3Is(-p%AQh$
zXGMa3c}mqvuf*;obq&pFky%)5-i4%@GIE>*_D*Qdo*GfnQbx+P!<GhRoj2Vped`&1
z(nRe3gC2T*25*gYiZwbIO2LWAo7zC_@iC_K*x2YQJ4y_?CGo|7H<~~X8hx23JET3n
zF!I|pkm)l*AL$6~Ya_twWVvzklVy^$=#8<*-LO!B3O&z)DDmM#h@n&ZtydG2x9l}}
z8=Qb%Dfx;mpdeYJ0~KzZ%I0K7USq@ncbk0>TmN8|iub!5J%nPszx(Y>{8m6dLFDli
zTi9HaITd(mbCBKH7`q?vFSglv^C~CgoTvazhXl~9s~FPX0<YDLVWsG@_*EgHf%oPe
z#H-mnd`zQN!^a?ro*;|%xzVg4;E@cRo7?#TsLWr%OzS;Pa0x?VM&ah*8%$eZ=&SFP
z4HXX$@}!RIEy!znst~@jtFfQ#`-2WpO!bR{g$8z=Z>xsql;>07^AI+p+q%~T9Y(3D
zrg?*Q6+7mzwGzF*L_^tpO{B87)k~|Kq*C9c>+@+KqeSN4!aB?$iO4wk-0Q>Msv(u#
z0pld16;6!{hm#UWP`PgNA9RGEtN2U;)*2jjruG_mp=2Jkd+XY#`J0zUm;EzaeO`Cm
zoDpVB3BGizXv|N?Lt`AyoQ{~grJ2p9g+z3BerfkdSLLh?QbLf{t_Y~Jp9Q8X(uEn)
zI;8(9hJ%@Hv-mOF_E$6O$}X<Qixg1LD|8&sO!l)IaH?FYgYGZ&uNx+HCr%P;-YYSr
z(OAk%f%>_YI~oP1AzEJvUu8$k75Nr3fM<QCOJoX@w$;()0Dt0Y4yH;pZX!fDJ);el
zXOa@GJj=Om8>Uu%6c+VbOS0tV9B|xdZ>g(KH;lKL<^qj`ZMS-Loc+sXRE@GS5x&JQ
z7l|IY9jl<L^e^Z?Or;c_a!lKxM@vhQv+6t7tVKHCJ4BDw6c?=B%%sk)R`M0y8NYj1
zMUu-IQ{q;08EW<#w2Z?GlbLEwW)U2OLcgqp?SDh6AF~#sMVV^;L9^>ai#GF{1^E-M
z&~MXVAAi6XXia{DFCrfks_g-bXjsnWByXfIw{vzIC=uf!;|SnXF9n^AhoMy;n3vg*
zeme4<l&M~zcsXF%;<SJdL2__<>d<<g%k?g%XK06>UnpT(fn4+FFkZ4qGZ|?Tg~fmJ
zU9r-e*#!^26_gc~FXeCvaCmSzBegzkB2-*ALc7=Pmja#BKk6E*h%-h5ZJ!#mtDbI4
zI)~{nkO)cysK&(vEm|-QcR@iLgTUx87cu7@MRL0t=wA|D-W~=XfGC>c2%8_<>nlxg
zj9Hq=6n0r=4*u{Gla#fv>wID$1K~{jdpMg2&H$}))l5;fyO@q}$mfeL6JgZ&m2YHG
z{U+<4<zr=AbYhxG(|6E0hYRycs(xKDldne%;MKy@FTrz+-ScORcmi@ufdPQhB3XuN
z3esz*Kz9(;OEAB6Xm@(Eq0_kS;0ss2gJ|)k{%`Q*$RgjdnzRzYHmm6ByHLa_x1mwJ
zS!tX}r$VH#;FMs3m+fWn{*J;+e#={m8^Gq5!Av5MLiI}E3h@dkdE7t8SZ&Sg%OL7g
z<L(U_Cac{kM-Z<pPyYe4`^90SbdU17s7gO?12k*Jpji?I&Dz{#N63Mr>wQNvFa=T;
z5rdihi%}oP^pHT2)#yI5c~05Y8bhFmW6@1BlkjSU9cwMfdgu~I3|1lp=Y2q3w21PH
zhj+(yi_u`Y%1!NxSt2d{bpC|a{j+R2L7+ipwp84oS8Sgz_0Cu*7O31G598k4Jv>PW
zoOk-d8EP%V2<E(gnOftJadGs>)q|ZTNhi^Z*sbeaJ+d?_5msyEBBlE9^^qBg{v|))
zBGffZi!pn&NYJ=(be~OEbLo}9)GYCmmjBf;0gVHrk{|9+uJY{LjVYG0RF~8+E)Y)w
zsd=nqStaVEzTUkv7X@XS%Wu(l1ZX9;{;5P?aB4>0tp+@Zg{e<<#5q((3J7J3I8J`c
zHqFfa7k35>mejO9`uvYoM>}1pf^$~Do4dHiH%lZz&bA!qv(iJevQ;|jWuSImztYH~
zQ`SlOIUpk=HRyPK+Wg5h^ug2UfHX%f6OS%R<YGk4&MT*4JN5GpzB&4?8q4G>_Aeg8
zFQn7S>lk@zDGrE(gmuy%1zJ*#+QF0%i-qzxOOYTdKOXuq%&iaR(G_Q`eZMudFU5Zl
zo_R&S8TU0C-VXo`s(D3A$AL42lQQK|sqy*lomW*_uX~%sruj<B*(DA#1gkz*t*e(8
zR-a1o=u()7;L0Q9yoYH3Ar3q?puE_TNYrW3#SX882yNwnC3};FvI==mg-uySlZ<H4
zwt~G7oKjvQpm&if&ni0x?TNzm{Ox%dU)2=1^GTxUFNxaYn8e-;^oV%{snPO#4S|Rg
zbR<r1rmINO@8h>V%uBl?xxjynDGRy2NRYXT=RBnxR>)ia^;vB5)wq=YKqCfB?c<dG
zHFadRcKh3QjC%xGlG;$bnunBlS1lMhN^W%CoOnd^z?&16)&5c2z>(6V3(>p6i06mY
z8Zpmo5176xU7Ws{p^-*mKJ3VUa4^8PK?4M;0(#~a*5xeA4}m~)e-bEQbf*BLdr$PX
z4AZnT7Cs<X6)V`0xjp#0o?L&ztxwNdYg@O-Mtyh+!6hn~yjtCoT~qx$83bxD@Z2}9
zThmlDFV`M;w2|UGSR9&=DK^Ey?daD5DEyHY7hBPL>GO}~7oO)Qz-p?w5S=Ci&0(^h
ztS@K8SA2&o-8XnfbJ(=}<zGJ+7hl?2$S1|r@$V9`4=-t?>}mRdwz*^Cqb5uk1>7EA
zh-_oIPHe<yf2s67=7VPQJz27^?J1{vvwZsv-Ie){E7FQfeevQQC70w)`W(wrp(cm(
zI*)R)Uf6#Y0|7-kGjBFq`uK1qXlYp{(;Nv%l+P1NZrGszO4TT(%i1B*dn{1eJ^#w0
zV9l=b4yej7q_{bIQVND$^;Eeow)-_^bS#H+GsndfB$YP8;VSZ444m+hf?-AD^=GSL
zyaBZWf=ro5ySAtAiGtuX0mjthUDg#mr9gP@w)`<e4Zs*P81VV>c;H&ZiuJ`z!G?Z6
z9g&Fkx%}fjoT28vx#ryMR7zser6P?2H`$={zHHi+NBMi4%$-?;UJIZcwt(qWXhMCv
zUs80<631!3o8=usQZK|+Em}(JSaCSty?a+W?hAaVs7uCVxnI{J@=cpUum6@x5c`Td
z@M$(qSo{NDUjKo8{a#qFPL%_g=hiFu@}`Y4-lG9R83-Tp*u4XnGpO*e9gc`!x3B1x
zq?;3Kvhb;4yR^ZfvKAQG0N1YPXjv}WOAny$4egp2HTWpH{jf%`h()DFFncenCXca?
z<Bsa#2Kg8{CZ$*dDMh@`#%GTk7^?D<EdHAC0J4C=Wa27IhHt7mN9@meBy>~P>@>J^
zNE0;V6+7P#50B`MDT**nOVr+e<=RNgy+t=!jj3o8KdCmgr);??aL8&R8`!UJ4=;%W
zwd5Kem6QUVecJ`yPM8Kyo7jdDIznTO6=O;2*pZFG$PGqr#4vT$tgLw0!@Y9#owqDq
zo`Uc?-_ZqQ9a?s;;pq91S<UiZZ3FoG1&kYlC(c2Xaspu2U>nQ1JhG5sUb9!VR<#nC
z-ycVHNQsztPaSqL_>z+1WP$R<Jwqdj8Q6K9U$BoEn2`R$<<~o&6g5{&$;)$?qmpvl
zd)bN;GoNYxz4s4>Q2=WLGeTG5@v^n;9#3y(%&L1P#PDb=^<ICNzu=KmGZeIXm+5l#
z6R&yel<o-fz^CHCrk6BYn=YKRnS9g^!p)cN2j)!vIo(tgQMQyyy%|H)70>g%{jT@g
zZ&Ldt4Qa9Ao|~gaKRji#DbeJP%%Shi)0l98$7LT?_zi-Ag6VKat^9{e`X^uSv0%ng
z9OnIUuG}=60a0QnFA&4Un{XlOEVyvH+sqjnt@C*aw9u_p@x#(ssIy1*34sy+9i(d$
zgU+k@fjM-e%gPk`_Tj;R>ncE?OBe(qw-%?3z5!0%_v6$F4GlcgZKHn;JzP=1D;cy(
zEV0~76|Umo_sJ9n;nrAoDQdtvtyCmTfy+$uT%D-n&3!Fy8n{}g?al19uBB&4&VlR%
zk||}Ams?XMZC+prmFxqppp5zF7bwa4dJ8xE-B&opw3^gM=>y{{cP1Zkq2Xt4>D*I~
zq)W2Wum(*f%4K$`g(AA^`&vd!NeNm=O_LcsULWc5tfgx2t@D(Q62}J{!+U-tD83b>
zt9jz|9D(GHv|=l4#}E;@rKEZP4kYoYMmw`2EB0ZOUh&fVW*%7~n3f>&3)hM#CR57?
z{hU(vXXls}+~1h@Z}Vnl-?h;3?8#~(N9XwQg37UbfbIyV!{W7%>?=}cg?55l6?5WF
zh_yzu7-azt6*f&H_QTYYf{{Ehi!kXOuif>+UgJgd>w;P9h1Gge(uCuuPUMFhSG!!-
zMS$sHW+3I9%UD)0k3uc}1MIOvJaG07(?m%2Ci4@Ri0q3*tQ#NG%HA}qky811bF1Gj
zaIQ;tlU3U!50b1bI10%Ho2Jr*Zo|<zI2n95JFB%2+9nruVjbVi7<pbV`Xaj}rAaOq
zW{|0x!dMiMu3|P|JR>Vx<P3U(=E<IyDLMMqC=i1<omI<;N4rGqu+9~d!+;!ij{~EU
zsaS(3yW*(8CUEx_(d`!C=7YdE!Q+~>I}$j6&<z&;ou2+Z*2{LaEeSK0^82)4F&5V!
zo-O;|OzwhNv%gUJm*@4stQqAWXU#BA8vS#K?N1}Y|7nQL^l1Fat@{E*&8l4CJ(y=G
zAS*0H#s<xg=t%!V_Cid>!wKz}X-k^=w^QN`!B%G9270I4ra)`)AH&d?LGeF4(w5L@
zSpuHZQ2*^2k&Dz|P-vawlOGuLc$o2hQ2akV)dn>3e|UTAfGW4{-&YYNR6tS@LAt@9
z8xatZmPLn@bax{H3P^~EbSfYv-5?+>-7Vb<$ptLp&IdQT-yP??zkBYv|L%=zJ<pnR
zjydKSpYM0ty!Ul$f`XjI*>cwvF3=GHm|n`rAJopDEH}=1|EmNH5Pko(1Weg_^Z#5-
zVZAo~Qy2LYeN9+~{nQ!Fv5sgzL;m3QJXKSisiJ_G?7yZ*0WsaC+$BdnWcydF@!xQw
z{|SmL3W(^xlB547{sJiS6LXV^G1dPT^#lUdpB=vc5PSctKou+}{J*~A|5Ts~Is>PA
zFOgHdS5B^MXR(Erx@m}b(WQld)Z#Iibg?_!wIl;zpVVK7{XR$nByho*928l)4}Uil
z{#gP9h~ob%0>gii09_&)8yyn+gGc<2MR6Gt8q`wj^P_^qDg3O)b6Uz`1m(IosehE(
z{!=(?_cE+a)+Gj1YWQEq<zK|G|1#bXRK>mZXNly_P7(jWh1_<BPrXgmeogzBP)QyC
ztOjunimd<TRH#1>QM^=UAO4Z8{%1+>|2bO?iiP_32vxBmd1T?)%;2~XjrQ|&^dEj7
zHdjFuWW5)*zzsE20)J!BVC{AOb?p&D!ppyD)qr^CfAYc5hWED*KFuzzH^y&6x(Nk{
zZR<L)GuA3_HvcF!6HvXDTj1^#TXQNMKGPC_J@jX_;6K+dC1_awT~avZWhgI4z-I|(
zwp9L$t_PSHf}da-v-$7`*a&F<U#TsBWxM}jN>GLYmd8IShPtt$8yRG_3|;?wkR5{m
z|Gq>23ugY$TmL^}=KuV`^ElW`(-o(SA{EjNC++Mk4G*-Nnyz)1CgyJOj`}z4UxJne
z)!DKDswS|n{r9RS4kMD$O6P+AT4MY^R89Tk)Bu3ZKTQoNWd7F={{Qa>L&BA9j*IvH
zv@8y`%~s}%igq!Q{@Jg=7V+FQkbK+ue=xlOd)x)QJIahfwfNnCE1m}8uovQ|RP|~4
z`UUF{s`(CTd%Aa5E`5ygyXi1g>tIbj32G2ipxkbt0#4su`Lhr(omD(yVxdjaB>Vl1
z6f35(hPBvfEuX@l6c2I|+~8BW=z0v1slh_Wd%DyT<nDGu&l22ugO`ty>o^Muo*t#}
z@|C&?*Y%sbW44{aN6vUqo~xq^b%*bCgzwNpjlPcG+CM;s{M1d$(Ik4!19^hEpnC_;
zLLZi~;AU9J3#j_iumaVsK^L%+P>|G!(!ge6-SfoNX}C>mfV910@(BI|VEzUBPGXf?
zpx`1@iKtp<nHT}bLt+SQ3bx!b)kdoAeMc7>T1{!fq8vW8_~^j`5g^+WE&;L3qQB{h
zG9+C5O0>8D1JD`%v^}Wyx}q)!%8<mFx`z`KLptBVdtHJ0eoBrbO_JXSYmV)mdSfQ~
z#wy@7i(+ghf?8MCw@JF(mK75iVO<XbA!z?80L3>bKzRa0p;yp8i{bHx^c~m)9{fom
ze3pC)Kl27<BCbkM=eg`SZm-<E0jk{3hQMfz6E7jwA?EN0Xp~nwK?C981n|fC-4E7o
zXzy6miJ%_Qk2Ikp2D8#BKatD?y9!E6z{YS*IO##;a6soSe!|{YNP?2rV=8v+^<x4I
zP7jENhCPp!-gx5y{2izEcOL_6;Xn7&Mb;mHpZu&kss}6&u_h1ax$1dWvU+#x+E^=?
z>A!S;^f(3UKnr$sAjI$0)vgnAMirpy*x}7_iGJT5bRzF^#fUu_o!sp<vqtG>YlcDZ
z4f0zOrwK?p4cHje9y6KKfy6`6@^^FTmvO>4+O}&^<z4Z#*0-_=-DK~WRq+79N6fA~
zQn{kJjs^X~73;BN7(roQ9->6w;bpHl^>Vu=3T<AmP1pUzodmOoGFiFhCJvsI)R}3;
zEcMVkb|3#ku>4aFkxmDStXwaAuzAym_qP&G+=hVNU37>NhRTj%p}?|y2v!0hJ4a#W
zK*+)}1vT&XMkkMn>|9=9<#$ALF!6&4d>N{D*=o=6F^-ixZA^czy?EovMZt2Hkesh6
zYh|787Hdj;P?<1rBi$mnF|}Wi(d4i%O_1Ypf?ySY&~$aq;}0I{7G(xQ;9OsS0f!%#
z087KZUui1d6^;phUVEpFKy8hnqQhz6qR0b5%dA?NNSCS!1n9sKeS93H03X?@zU&E*
z{EO}WFb`lI2Wzl~9@`)4*3IplvcixwVgQuxS`Y5=-dw}++!NgcrQ_>%JK4Z=kbAXs
zCip2R(pbwPUR@0F*iP{|?v4nZ?@Z8+eZ;}e{v=kMranzz&G=^SSP{?|{Qw$(yxZMl
zE$Xzq7A1;#+q~|<K=KlZ_&6f~z%$0iZjeZ}PexX6f6#5nAx+qPo5p^$9o73x*5Tl>
zaXcvRp1jD+tuDWYfM7<@Ee+f-8T)zpf*u{1D0u}MR}oNY2WI}u2<Mj-MPjwr{Zr1n
z;Sw35w8<CX)-w&-DFnQvR$oA8NfRLZ4Uua@iIeqEy|!LL=%9P3&jGotTvJ|3unihC
zBb%`%K1QRufh^I=ekMy@PCu#<Rcvm^(Mi^5`yKk7wL)WlVof{wy)J*jS%=;wRk{Q>
zn~k}OF$mXY(@I-ltJ?0-CG1}JKvdX7Ce{^T#TG7cLz0tv0MQQj&<V;3?|1?!fmqko
zQQmP6fOgV<s}jWG2nNv?x2jJ<*;-*QRl4?(vtnYZUgmqN{*Q?3C16PE#eTpzyIftt
zlaLX78!`tCt1D@-HUT$^zqUPPLft5Ktem;oK=^)Dn^#GB;R5-d@E+W;W~D0YT7n7O
zDASgZ&iBDaD-2XvOyzxO;d>x7T56#^nvr)>s-9L{O&cw#-pOW3IN7xQ>FKqo3Cd_y
zG1-rEA-rt#cYyqLN|e(UPP=35`w|v!r1&xqbWe$DzYr>G$QRxOhNcZmat%KIC-#RM
zP3Zl3uVP?BMnx^4#?!}4pS3{1I@Cpd5nJzi*Wz}T&F#Fc4nATg?n25LP?%@)Tk7w6
zHT8m*{!k9rpoIMJJNna+!a1pYr4R{w=R#x8PM3j#x}fX#0{R)}LZ|93v1Mt95Fm2p
zW)@RIf^q7>Hl)2O#S~VkARYtTp(l8yt|XjtqW$Ev&0K^sktRnm=qIG9&?GwtY~4Vl
z956#$7Npj>KP;RZND+vF%_1_m9ACOrkkt9mSrJGjzDhUsFB76sPVRR&Mk8H2T_^B&
z!S*(kjZvY6C?6zbQqfI;U16B*F-eBPVqRJ4%{H%(m3r<L3+*w)zy)$-{+U?ks9gRb
z$xmmuZCWsk|A{94$-ICwfD3*Xv6Xw-;76q!YQ7r)@lSHfV%x-mBz0>112wIYt^-?G
zI@@Sm7AK(T7r-Q7Oc>0W?bpp9Zha%fOFR;5Q0X<nds64wu=d`l?Gs|PB<qa^Vq*Wn
zPw~ptn-SLZEK@H?c8&>Emipc+!BlA$1C%%HB5e|r`^8<f=bpD5JU@Xj>!A`9O3jYS
zUWadYn%FN8W~TxJF~foi*z?2HXF`{-B%k1NTPU4>{f#iyxc3pUs?p(yzSZ<AI-)d-
zrHv-R-Ms0ybmN0CY@=<Jq*pTTfw_Yj3U^<rJBukgD+ScuyjgN62q_1DG;&qvsqCaI
zv^Atd^dUi}ZlQMBitQ7@2AQ-_2B$#pZWW-qGbHe6=vTGrnJKlA5($6)@YHw1yBk0?
zhTDEjn`F=#Dd#tIR`{HDo8wr|Zo=&BRMAJ!^#~gc*CCL}q;-wWxkW0P>B?&4(U9!U
z0|Gyz-bhRLJ0WQ$K@!3#Gt8Rhec2}p*jHBr2yVy>B|bpDj=^FuwGZU1BF`4g8+|6Y
z6=el<f5h!-0{O=WE2FIKO`m*{BUrG?`nV3*`M4cF0Ti#4XX*uhfU=W_pGi;UZc#2v
zyz*ia0<R?BTXPN%2{b5{#_<Xta7BYh>;giU%Z&;|G`ffOB26mk*?V_^E<<QFuZgVT
zD1YJlv)HQ+V8>3bI%F%01r0^9a71;hyL}CuK?ZA_T^9HV#h9!^w4_)#3TfPC!>KdS
zZAdN^G+`w+0h!(mpEa!iWUb*nfo9fzeXUj<Et!|D)2Z=Zzy&)bN@fHj)Z*$!s81fi
ztPg_8f|P|7Nz<pbH{LsZo3px4Q3sO2X?W6MwLM9&)`Iz*&Z8Z7K&&@8jR$aMGrvmP
zF!F89)Y|z3Omt0^cL(v6&bLFmhVESWfm0KU|C2Zr5_NhtWbene%mnaS4eqb`a?%+>
zB$zzRswk?2BdZ1;-7@zl_i%FBZ`0P&xc)dZuFzP9AjtW=Qm(S~ryGD@Gcjg9SPukC
zE3?d`X<%QT{O4?#00uX`6~nFDSWxT7{C6Vpt7t}rPoI0-MfL>MX{(*fayZJQoc>|g
zM=6Vyo>3)rp2NMbbb?pOkV8#GntCdC-*FgK-dPL~#G>5}xsMjdm~udC-QcgKNT#R6
zo#Zk1T`Xk9?2~fAdNmT}z~YaS7mhWyY<K&5Hb|lK%AD1)AGA)1@OW*^f6xfp%PQzF
zVbIlRN_10GzntG%D`o4Y3IE#b*UF?s(6?B~Ysqv2D667Bd5P=MqX()f8M2|Rybk~Q
zS{<OCw6t1~FC--#zKE~$`?Y@MM^yM-{oVxUjCu`%35SNH(VppPV)v^%x0`C|Rj`wL
zLdqnp3xyH&0YI!{r$k1`IUrQtx2@?o-cKr3d9TOoqXwH8vd35w(4k}_eCBC~y#2Nt
zCjE<jH~P=_7|YE?(13Nmo56cOFEQ6-(TL_HtdL%#n?ZHt37<q7e#60ClN-juwt%`U
zM3u9DjLrY!OR|jYzOCJ2lD{8SF!y~?<53Kwk%vZ5x<~ur48%QI*i1%p9<rWzYP$Jo
zsk^aG3@qUzZDMkvV!|(%roi*k04&J^oL}6T-HtaI>M|-j5IE)50cFy>Ztf?F<X(eM
z#hWyhZAB7|REhHD*U(7jG6@-OcVQ(0H6T}RB|CV_%IOsK+e&lt{T_&MNA$Sl)GkUb
z1>Rky@%PuF0aPn&3tYH~l}GcDFOdq|DZCsv%sz{lF<MBFbS<6)+LuQbgM(8NJ+20S
z`UYDZ_D*q0RrX>=w0ItUkvqfr*Mw7dfZ+Bv574CD<5@6I7MB*jC*L#A&1rN;mKdk%
z)Flv9WM4G)i(>pyH1yVjUSv*<L+yk0az+}AY<hg%!?AR`M=EfkEe!`GRkBPnTnZcC
zo$P5U@CjpIEB7*Jb2RVv&Wu`AWT(Hv%iT?x{>t0<PTgX7HK*68FxfEmd^=DO#zej>
z_VtTFzwX0VGG+t#m<3C>nHvogg>S^Cqz^AWO#@&nf5!V<PTyxF1u~*<>LH0rYd=3w
z+t|f!I(dMslD#Qof!Ev<=%svM9Y%`MRN0)HoG2u+zR;x9*@P&d&Gz93!S4Z#QzX@t
zFCw*+F|Ya4&rsRgB;Ohx9Q>{o3CDRg4&3bS_i2sv4)*Dq%diiS9<vMRddr{~;6Im%
zNGA)rk6*Ea*G2!W>qB8t25qp(=OIW@w@d6pGtNdVFffxh(W)%XsD0%V=}TaRy12I?
zuw0l9ROQ9Hq2l;mZ$-I%?XlLD&D1zjUD!b%T2drV*;XRWumLv|7*Fai`G6|aECbkc
z`4?y+<soPZ^Q<y*#^6Fv8U>zI+!b~uoXvenszC&s`@0v|z+73&0#LL;+9*bT;~FW@
z%}fCXi8;Ra2!hB;$xjScs_fK7wz@++*xf+5V%5sgTgGdh%XV|=c?di&J=M_c=A)hw
zRlvejHQ$W*VI7>%RdHowM+5fD`I<SxUezk@T_Mnd7Yd|#i51xuMqKKLp|Nvvhi3%m
z{xAdB0Z4v~8w_fz^j-rA8_12vvP7vzfpo1YyEBEdO|7;N%mj|f%$#|4kc#sUAo~|m
zD<jyh<m~pHZ-)dH#~?%S14vcgocr6RZ|-31&Yjl=y{76**=>-EgFD{umdUT8zK%W$
z1QQ2$M=m)%3WG`WpX_(y#F*tv%3ly?60|c3;EYSQ1$dX=&Y*S;Pr4Lq8Fj4NW=s15
zVUJnGTJaR5B(1yRI-*$OC7!AJWJWwjCepcyZ$dt6pqoL^h1HMI#e@C)>$<n#Y(>Aw
z&SuV-n&rX{gq})r-nyC!8Y11`gSGi{`^j&Z7s^{t9!nv67zCFyGcUHt7TFMtEZSqm
z6%J=!Q9@&1&OErQ*4<~^OOsvnJcHB^DE+$gAeC++&)~;>m?q^gxb%Po*uGoP%P1)}
zr%E%$={~gGpNk~6RpRg7i)2=!lSp9ly?4hhuruwl(UU=mNQ{seES=7%dvt=c01*Px
z0m#R#{9N{|EO6F4ICoaI{gY!LxJ+UBBKt@MOlHw8*+yQ=^+{ZLa+fd@Hb8Y;jdorH
zFPOWGvsSG3T)t6`#$F!XbqT1F40Tf78R=i1f3u5tDZ!tNAqOV2Q4L8!&chGMU*kB@
z#5VJo%%)8V#FsABIDW_&l2{js<Ygn?$;L9$|8$G_BA;4qudxL|GJSeC=Lo2{KSvXL
zh_5WxuraEhZ3fgrf&_-&-pliUIAI%{D=NC%FuHvl0;&U6tqf@dvfx!)mE(GJ*lGJI
zbx-{_(&<1A&P9gFlnrd2_x^MW|I_BV2t*)PiCEMKIsgKYIQ@C<%YBMwP?!Pk>%2vc
zqXhAbn>~5BpAYDtbge-AS7MjgdA|dQ*J@ZMwG_&e&QyMqNgaPT#lgMSb7CuA`GtsD
zSW=suWnKf3h_~$6@(cVt%Sz2+Gu19Etn72IG7Y9}%Rhz5AbXH6ecfklcVQs0Cy(nP
zRG#}P$Sbx4IS=q@rZXn;0QF%VsKo3f*T5}-p+!SZp@PKufB+mOj8~Zog}O@+rPiGm
zTnog?N*WZ8*t!l$ZJH?>OxsR+7)i2^yO$mVnBPf3^HzVes{2lVn=IPVNtw*eUeYFE
z1`lk4Y2&#F7|GJs2Ny1gd{Wo4Bwws*6ogJwp<-he;2S?rdLRjL)>>1CBuZR7m9^dN
zy9s33dQErY3Db?;cq4L_3p6K)5vSJw?*L8fCwrd`^!8+UXZB)2+A8Y&hcD~a$!c7l
z35p1=pKM{?=g%d0sP4D;$c2AoyJ3*m33?MaP!7GELLD8eX}KO1Bwst0Q??#WU0=$D
zY!7QYj*8pC(DgZodP`2=ym@;!ihBRmH3#JUxoxDz^a~<*WbuV@ewC?ov_hiZ<%(oq
zyUhObg&9Yr$;9Xy=Qq^|-bhBnoGZ)}CI!PU;_rNVUq%a$4RPcrtB27Kf9zdavP-p1
z*mS*V%pxzD$4V5~bJ&&pX+G>$D$hfmvK?nRc%jnj)y`T`x^0g4Hrb>*E>-0Bd$q?x
z?ogaNk8wzc!j@~Pn(|(*1i2q_W3-~fb={e>ZI*}}dEG-M<Q$50YOG39!=?JIykdpK
zB=px3xHnL5fq&Td>WfQNN8^n3`%V43ErtbAeD0W%ct+G0Gm^#BKbJy(B76=-2{#d4
zn(%D`f((N_%;uRd5!>a?rV$yGb|eLTUj5XU8(2R-O*oMVwQsv*j55`)eq=u7WBaGY
z;WdY0o3hKJ8LjbLTl@SsE;~66Oi$^&!Sy<aig!yGCmQuls1*kI*f)B=KlT{c@7n7<
zs$RWUS5TloTo%zOQuCe3QM$P``k|ViS42wsec9QwT?Nmkl$x+52tH)f@Q)99<n2es
zP9|ao{p(wD5-85`{?&JRO-4DT;0WZDlPSmTcMt2)PG1f;{mnT-cBLMVYFCP`2dz<r
zYL&P7$xWHiqK^dG{EYOUbU9JyiJSuuBCLtISe1eQI=bC(V99Pdz}s2$^gmOgE{cRd
zq{O>&!JAe=H>+#fcWPf{v_x2OJCR|;yVs|Y>W}yM<B`E9xuHDi`r0YddeseF!Fh5*
z&a=*QcJJoeIA(0Dq-xVfbUgJvN!swoyAu(bL_<`=N(6+VQm9w2;`R~BJt5#BkbCeY
zP;?F#=Siq2wn!~L&I1u#Lew%;LXoJ?7vO985)Sty4ev&^kmkiZX2Ah#6b~;!u4ODQ
zO(OTH$2B$ANBbwEB|n}hu5SgC3cBqT>W$iY_oj^&sJq*Zj*O_?*-epH2pqkD&N{q}
zsJrx^*Dzod62Fg+XW(6%6jB`<Fe&;NCoV1?P1bfHQ`&JkHDm&`Nic(OyHcYFZWgMf
zd_Gt#b`iEUn`kN7oQuToQu(`y-$$Hwf`rkJA29#`A{Lwrx%0y8x^%D9FQ<$ypKtHx
z@qBr;35!JPugFN%m+kF-4_vBX$gqjB>C|VK5PWAn^qu0uGs<0iG@wnFNBtKstDZ~E
z3^JQ#;ChCC`e&fz)%Leu9XRp*ZUQbQHjw!BOO$Y+0COCbzk5RcxdSGK&N6U2ORzlq
zDrAIo_b*-BzZfC$8s+&t-RU-e4cTtI`+Iu^n1TLs%j*^i<hYy}VquC3y&?cW|5q(e
zY_+VXD(-gbRFIph!Qb3ezid-@64D7>%b9-L7BtIo>W7!)Lu7glMm|1(VWf}t+7=yK
z!{p|_dUDpBI-d3Xex$7i3T)ESue=2R=8@*<3^qgj)Zbr{E~58$!&s18{%&6V=g5X%
z$I<8jL-p55amEpyP9u-AX+#29sWAV&nfPbiC;5N#F#pj>`~5H=xBKtsi^)IDm&fGM
zVLeF}CMNmU6tZEaBqPl)`9~{N&D#ascog)6#((u4|G)gwKN~y#U!SCx&bP02mn9GN
zd0&WB^Z&b}I!FT{Co{HFBl5E`yDx0JP0#dCqxR<(@c(Yq{$&dN<0|)F61^v89FURG
zqWiE&E!)_Lii%1)WX`+)BcFYb#5%BN`{`qNwwy4G44=7QAvvi6HimzXPT-|}+ZdiL
zZHh#m<v>)VSwA{^q{@H)O900;=D%C$gW3DbLh$T&AVML@nb!Z`c+j6sBwUE=!24@Z
z`cK5?_mhK;BF$f8M+kt#etTH|9y;**O8qs8l0#ASmxuLP6!kp~c7KP%di@O#iyY%(
zqNABFDrNRZU*x(=*~w`MQ@6$O6wv;sWr5q(j7739Bjog5VMPuQ55n^(X)-Job8`kI
z`T5f)S>^rxN_3Nxrlx6e$JL#O*|+(jLmRlmX7++|Hm#?Lg`HiW`6#VtaoO5vNySaR
zV&!c{(u?O&ITb<0J|;uJDOU_^O&z@ZUkpHyrU0>2I{DSC!PP|t;rs6!8pKKp?LO_L
z)Ra{4GgnYRRK(?1UN5-x^!NgVW@cu@obFLu#+AJKA`FsL!^E`QbsxIKCBD2PlsLC*
z1z^WI9SjF>@5C4?5s?h<K2`1GO7qF;;~Vm25tG5KmXAzRIFz@9ybAO=-kn~5a+@Dz
z({?iYP*sx&25V((n={y_%4AiJzD1oiTx9xeBW($j40vzBK$WY-gg5`jWl;TLINLWa
zL7u44oN5*ouC`oQkS)chBRa$xGHpntw!1#bGvC<MI5xER{)W;5`NAC=ac>AY3C;ZS
zN$84$v2_az>%I_O<Z@bl@PU;l0<LMHtIKuXGbg;M)K3i@f<*<6%qPL7pq_ke*Ci6T
z!w7Z~B9!Rli?4;6Ykm3>^O%iAZ$)^a-m|sc5@Wf3-KXzzD0!?SoYeB5c0V<j!`5!6
zFlMV{E3+eRJE`MMO^wY6&&lT@@uSI6x9p5N+95h=I8L-~^<<u&lj)wTmOoq1eu}~#
zg8a@ld3$1BeeB`VCWEWP_vBGI>NDyp#Ba$$(~pO(EGPi9hadl*eunPQ{zi{y258AI
zA1^T<Oq!4h2`Xzp7lbRfJbt{oS%lKKtj9BbA!;;oaO`P9-8bazkCEneC$~J_$y#<y
zXxSp&b?SeXhGS8rJjB`$51;4S7C$-HoKX-S?izb2^cDQyCCDWFm$m<&hC$gnAK;F+
zUVq8cYYHR}p6fSg2s*rY?@))CN!MaK>05i+fD5*PS`{CrDeI8DE%Cu;aoE`BpA#&>
z3za?p`Ms?4Fm1fm@d^*s$*JD&H>pBHK=ApeWeGMbXjyV93kPtL3Aj`q*MB~2wCRi=
zZ@5MMzHGPeQ^f@OJ&&nxAI<VZ=i!3sWlh+gs<7wL(svfbptUlFIzKN%z{G2yu_@)_
zj-(B2vs>VlY4rK>83XKM)|-06eSI!EYKrz4*@2=e<|CQmf-b;RknZ$;jo;DX>@j48
zJB||K1YiWlZ^^ypO5WNqjb0IayT94<Nqr(!N4#cb?KsU#s!@DgOfc)|X@+x6@Vu%R
zRVLpYOz^9;^cssv(v<|%^=p3tPk#?C0Ce7g*kTs!r4c6y>u9Ep<c=VBGl<!eGN@kk
ziQ+TZe|&NDy2thQ^W=T2N#fEM3u<wp7i}jF)uv`<j%C(Tf%QD>b^*1yAq_Br%yJNk
zRU}{`UGM!P+xfMS7HhmTJ}eF8l}-Dm4t$%PePDe;TVpbRDRAmQ>WEw-O1ad=t#ABw
zKf6KmB6P2i*>&%kriH)}_D#QC_;|fieDSw$o8lKCZ%m)NipGtS!r_fo+*gvvrB-f>
zAFP1*0CdiAw4GFPRl=1vw8s<(6Y_5w3m2keO9I`6ZOd>>hM*c0s-Ntw<2e*2V?WDd
z=O&=B7YQE_LMWfo7{6mV$OEBReuN(yeNQ5oltt?n_A^0Gn|}8O?GMJd#al;8@$jnf
zP($4LfICq7uXO1vMf>p)GF?)U<93s1qA!?WYG1lEz&%vd2lv4eKTSq6(b**y0!+UD
z$`;e*gmVV$_I`xvimAJ)^*$qpjhi$1T<t&&wk_@-b9cDfgNg$@4$gT$#luMBlbrfq
z&@s~4ALnPh>73hw3LZVk<CfNYuwL1h{z$s}FGLUTkX%E@!8<)l$bI-SRqsfoT=()4
z3QkY!b@SRsBrJ7+LKoI?LcKqwQ?~hC^;z5<e#=<L0AWfnfYi^)Ln9#<Liyi6#vdD7
z|D|SwM+*zY0a8Z(<of7I^N;y3O?nFPr-2wmSZ4+6g*HDF4t#y+O5iu<;wVDBzicN(
zO@H&x$k<s2`N9A@qiXj@uFUM1|J9`bM5v;nVdFT#qfYvy?)tvDUWc+NBNAR#uBdwF
z0J@<{UG#e&1CKqTW4ayaWZvE&Cm$uT407}q_JabsmBL*TJTU)S&VKX23nZB886tYX
z?pc@v1sK!$t7~a(MD|R~?5+;4&BJ6XLK0Lm=D$ag&WTi%lnJCb9<@u;*6Uq6WoF#*
z-pBAw1(PRi*&7v?6?6&~$mZ5Py($bQq1zQRYGL7mFd6a$FxPh!pb(DEZgUyruz=s`
zst_(65pxSZentcvi(^W26><`n;MN;`S+SmDe*N{!q|<A&%-#ue_cK)UP8n8l=0Z^d
zY<((*<rN4?;odm)PFFChyoul_)qerXTCRduph4MmcLY~pRumQWvN9i4PxVFf6_%>C
zY}oQO*KWu=b_dUICE4DfnmGkg(zR~IwyI~oF176x7`0bGBp=9IJwPok23bk*?&0nM
z9K*<kaMi{WBs~6krzg>Su4Cl7F9_L*fT8v_{cSF;^+@+l;)Pi$VX8nw!Mio9?@9)y
zqsn_6JpFn_>5BPk-us<i(WBFhnmQ1T$`Kxpe{47Lioz99sfl_3S;ZXRz}aMixIlrk
zv`Sp~-hyYF2sju3^Gz4R(EfXwnWpe>_tM6OhTbE4dOlSc8fOpI8&;hNG?~DA^18E{
zn!lf}-A}|SYHBu)V|P}>B}^L_qnEY4sVHxc0TtSH_`W3qj%hT4xwGU9zKBf^<RI3<
zR85H>D+5>Wj9&uL%C4ZGX*sh0UH?7u-OOih?%!FeB;&sO=LHx_b>6YW1~peB8eEg^
z$I@%|6%K1={jVKRaTo7{vDQqy(#;B?pz3GmRWc|wqy!STc<5Hrm+ES~b9Fcwg9jt`
z?x`2<1~ry{8%!=kFEV1k6auYZ7B*ZDo;#ey^|@r@HFJ|}mbl*S1n&jeXD%snpA^jL
zZ{!!L*^Uck?uPe&Y#Ng!uL8HQfV-+B+3C)f;SK~-5`jbSHudNH{AGaISjkgwRBjCf
z(s-D8G_)giYwJHt?@@-~#D5QvslPo~DFK${Euzo_F3Ykx2fC7lSlf4_#jh2$^vK~<
zT~KM+rF--M3COExy+4f%9mn(W+OuOwIW9)zz(kqp*jmEKLh#;Jw4l50hd`<;a8|@<
zRr^}xR@@&k_0jj{Re497r`^^qYe~@#6RWh)RK^cQ-=hJwe(CtLBLNlU00$l2w<&RR
z^smZTmX9Qi*u@DoWb~Tb+xN%u=gF;CyEkETaSFmb&Bl4Aa<36qcS;;tGCRUYl-3=V
z`xqQswN<IiW~y1g6q{!&muBtPHD02Vc>%ZZ_guT_aoM0a@Q6Vs5~&zxGn8sI$E3A^
zg_t}!nuNE=dgLP~){iDy{dV#rtG-o%HXds*B16`_RnxkGFydxKzy+X|W3z!wrvgOX
zLG#ica28dcxL4otHnww3u4*0hM3(RGJ0om`5Vr7@YWPaNt0#_2m(Q5z(V%BpK?iS}
zrfoY%M9_M|@lwK=qbI_VxalB!@_+?Vm?n_@X2u2=wa!>(=J*7=>^TLv4(bUNSRW>&
zCCl;<MPRmfuDH7ml$byr0{luhR5wXc#xVegSVH);rR;e7qr9hw)o^c24sw$NUc`pn
zIgk=Myc1#<;y!(Vp5c;GzBT=<=1V&{f@%7Y^G;b))%2B>ByaxXE~Mb%1Tx35ZCuy2
zaVud4+ha}H-`}xJU^Q28r<J%mb;4s3UFeJZ$-Q_5&#{)cSQ%TF`WqA9<ADIP&!2_d
zYTY`-wGUjByfED9QS3T%V^W3mzM!z@j&g~^+MIp)xU!&K&6>F-lS9qHa^^T_{tT=o
zahliE`{Psq54VW~TI;|QD@Q-TQErWm!yULv+>yK0L8oS1;6pr>NRgS<%b8<<(y@yi
z<gs~R@`!~{udFRRrt8-F3B)WNeF#L9&NR&tGgSdU;u6mlh_NC>f8#X|c^R&w&tYIV
zdG{A_IA#j9OD?O$dLHw<2bsMXhzl7QHi2Y*V2Av={MWKnSN4|-#WtB7-8^?Brz5~B
z%EPPS-z40QqVA5uFpOr81p5Y)hL={lQzwA<H4^A~>bUi3B$YC$F^ry@Se5`kIpr}h
zpVkR8!{+A)d>Z#&;yni9U|EJ^w|Xu&(ZeU5h?=FC>XxIGnq$)=?#&ZDjob2d$$@Ou
zrA}I~lBMLJotsD}aM4{zDQP*|ue~X=x`RH)a43>^DiPyy6j-NzW_424nkdn4bd>A|
zMFQ<Le%7_XF#*)I64kx&kNZ+nBtnQIi6azaEmXB^6Zp#1maWuj68A^qQs9+q?aJ5a
z(d6Y9qN1)NLjC!_jsuGfxO|Aq+wh1BH{zz1<_$27T8+kwa#6`3?sc5)c$$q<fPpEN
z`ayVa$j7uaP12FWS=r-MWQ6uUVTmgO{?WbM{RiN@M%_CRZnAk5L36|&Q^e8OG-)UT
z(^o_2!9|nNMowPBQr^SEdNMNhBPEtSp1GVdW#(lUWWms=1KB_!4aqV#B(%~#3#w;D
zKyM4Q;G2AKQ&r}^Kq?Po<9^M8KIfzB&g0p5U1PRc^Q<@9Qn1@wTLZ#-pL7T!S1r;8
z#zMRr^_S8&7Q0j6{vM0|W019U@(IMFAt3!bhT-no=%C$Y)dtGWD&P&xHc~ThTHWXl
zoG5I=!&f3n%$LU+eDJI1dp0-oPi_w%mfO&)4sQWh)+%ns^U}nns|v5aupRZV5jJ6#
zRFQ3~SI?=Bad~cWReTCgYr+qhlLe{I2{~-b{gbv&6UOBjXxz*j+p4rtqHVMyb_T$>
z>HKBf<Zh{8Q9bhh+R3^nWs!UNnXqj~adbsz4zNYGSST3xKxJQhvAQsKk_ZX>;n1se
zPYrsk4UWm4Y|EBt4pXP4Nro)|ucYG5e!1O;nt93dO1Umd8|>$$nP^6kEVsN{B?LFG
zB0x*7?`TWt#8#G#IGBcM@PM$3`Jirl^Mu0pxob3|gLtB(&Ouj@hTEXDbhdx|!Q0Wj
z?Xk}({Y3GXO5(OLe_52B9UC}MqIYzC&~da3PfMQk47eQ?kq7q_{O9qHH%FR|42s*#
z)D6(uQ)|BMUN{1#Dwg?o?*}Bd*7%@flcp1k_s_ghBC(<Q2sxa?f%Ch9{KLHoM0H6x
z2~Bp6N9u*>Q?qU0S;J-$eYoIxoL2Fp?$S8$F(pU5pyQunRjzx}>yYZT(GkZNNJvs~
z7*PTVNp%fgl8Oe@wyr=Cq9UA-D!bU%*LV5?L`_|%%VpSkG|MrECBWu3b!n6c^Ig9f
zWOf^viQ3{Cc|tzBGaGW~=Wb?})h|W7reLQ!CJ4Mp2y0vBBDJ+vk#UpzamP=DkbQpI
zNB!FNLMK~7+N&q8WZminzMsb#`oS?x_dzS@+bc8AJ%7(dkMHOniKT2}b|;G=$LXb$
z@LWJmA2*<DE&-}~une*}XkZO-o26RWd6i24nc(s}lwOE83|xR*Ck9QsUIr==s0D~g
zg;Kveb;`@7iVC3v5bJUMvXeFGN-hLpyq9pkGQ19;06PWCg^KExiZOt2Ad11|s2!rY
zV$bJxW=&=0H5-|<k<%39$DKkaZYwP17S&A?fEBD59#%!TPa@pm$$_jk3ae@|eBp#o
zrm3_S5S0r8E4c`;SN60Rn{KMv^fO%#U*+TA*i**Gs(r*pAx+qnu4ic_vE12w;-5q|
zdQsCE>pUti0np3%%ZZLaZWdoxenna^PlCWa`B@sLXRykwLFxHa^Vq)hd9VM%yK#jw
zH^a8rY4&-~_N~tXM`fEbQO0Ee${YvCs_N?IP?KPBx(NO{TPCH)f}=;8O6}E>Cd8c0
zhz+KpJ53UIB8dJIihYXvC1A*%2B(j?JZ89v$VuiHMV^M&l@e=MiERAHwsg-_*U+#N
z+Q1jO8gEhV4#1N2*`jUQ^L3Eun-aIHv&FP!uG^sKmDzw&?5s~wtRVq$%j*y-iq|j5
zV7L?(HTy9&OCGz=JUJ&mcxW#-1KxGr%I4LgQ#ejX(qc}ZYgjp(OSoe2Z2lr1x8&Nb
zD4`5VTVVd(`8qh5HwtHettLno1!aFtn{;e(W~oV`X}&1e-MrfjjS$bpUSVc_C{J&v
zH*5B|^YB||DdZ7-Fc;8t7gnbBmT>o|t>#cFFPT242p^kr$MSfC{3OrGNV6eh)cNy-
zqf`59i_xn1RV1?J1Sux6@I!rAtGbEWEiCsb<}|fRU~V%}BZEjBs?Mf>?tWXw>va$m
zW8KKH4+f;Z^t4qQjMqiPf<ziVW}7KcRJf|L81e;n6*%|8qFRnCaZsX<ON#|Qfz<8h
z&kha9ctM8-1m`-M;<=vW&8b=PV73Yyn&;r6rVx)**KK^VnyFB&1AL+04TIu@<K9jO
zbhx`g+f0i=vGz{E>*VZl4MTNoRyr>CQT^lduMZuLI*(U7m&p_^&3&)+Y4~)G=ff>C
z1)V*>rF%N5j5VH@K74^HlE1xYc|32q+-_sik#Mq~Fi75XUb?D#GHmepAos)tL4LA9
z4)015-AU6I^K)y)iCJaKRI2lL*~dNj>@V<bZL+2YgGrxIqH@Vgybeco_$ueHw#Pj-
zw6`>?7`4ItY?*|1U6h&6!Jc=VJS3oDAc;cfd=t~Kj+R1>^wGo5l;;Ccxgj&x0Kx}J
zxu{fldk=3JnBzThTPg9#6tYjgT8>7{Gf)t}!)#iTEIlDQL@m5GMSeUrokaMg`4gpT
z732y?a9(~$cJTHa1g*Ul^@BG&;Y$4Zul$2-b#;?f+^IU-b|ICB<TZTDlOH%I-}UEY
zhV*FyvNYaAXy+?XlPboSKwCns%jDC`H^v1wUdfsr@V;A*)FJeAZvs}{ZXv#2v}ECK
zaqHt1gGW2sC-&XUtU^1ALP~uMZ!Yd@MG)SbCSGk&!je%|y2Ve{X*jt~YqVqt{IDYr
z#~4n?TTgs6Oe%;acf}GZKt}3^hJXX>23zHDX=6}`+e!Y}=TbRsK?#?ja80_I=B=O+
z$EuHcd_iY7;BpU896q9>MU*O6PWA7M3vO5Alq0HF#&?<w*6nU|HLvh9Zh6rjTQQSY
z(|Cp9j64m;v9tLkgTZvX$##<O(LlbG0&Y;05)({qHCB2WC{zfpu77@=hhqlV3^0|q
zee!|8*B!;T9zW1MyQ;S0)-U_p<YUd+=elZcs0e;PSxPuI?lmU0bm@&53pv>f8ALYa
zvYendM`X`#Qx4D8uL0AM+(BiG7So#T4{R(s@2ESaZc}^9?^z+CB)uU3$64n7O=}+D
zBR=~yPjb?V$L#tjbZ8)6!{dD@gc+e<nZHb72BQAS3>nxph|?k^V>DDHwGiL}5&Ifs
zMUA>$pmG*;DMf?7<(=?eFV2y#(yYBKF>X$g{RC5EM-Czl?(44F#4xc}QbTMW0{cR+
z`xh{`XR#C^f9{nuN69<-m>RQvbi=73{O_cL>DKR{TI0#I1W>BdP>*IPrUm4B3+?#`
z(UYxseH?WT^(k_lY`FBPW|~Q@Mdhn}b#NVR8fA+KJLcr<ic+ywP1CfOcvh-~Jh$&7
znP+dj=qISph2MJ2$#9vq_QB`%SyLK8SO=mFmDS(?wjaN9;;%#&qepQ&2s%hNs;(aj
z;CI<sC>hIwb0K=kX}9=~HeNYlmry8P*KF1Ed0;M-?#cZQCjk-(tl!<)$hc=S6596)
zGtJ`b`PZ>n+p}~+`>aUMCPz1ks%sX9=kH(}&HAME#f9NiZP4yKoGrv2rv3tiGn}eQ
z6h&aUkw3^Lxsm^fI?M3Y1(NF$rG<rVUm^yJIWs)*mvbLBUlp{IdP!~XqF(`^ssJ@U
z7f(zQEue28ZpX`in22W*@o)w*RMABX9SgZYh1se<C+{?g=hCud;1X+N61g4To0a;-
zDpR@+C+gYo>`;D>xJmenY)!dtNl+ztgSh1#p!7@}M$+<#czC+EfA(!!W={DhqrvrD
zqixTYlS#;>?W*|F>94O>;yO9CGoy~lR^Q63T19EwWwEm3%8YH4m21nu$s!VA1~#Ux
z02jrL_qs^s%4tHl7@Ldy;kNMPI<?bMs%#DJ_KE+I%gx}xe=qs`>YjIH3k%6uzahNy
zETN>DGOfQfCvM;7D8qpXv|13PCC}FNt7@ukTZtu(CRZ%8xEw2<iw~TebqfeTEY_Am
zf5U<;6mW4z`H(`hE=-P(7K}m3HY}S+_2{ZhRhVwWCWS&VcVc&%kZ)upArW5Xi{AHj
zHFKL&Dgi02w3*r-AeZ7>?Xg2b2iR&9I&35T4}Mwi!&tCiM?37|=+6aaafeC6W-5Wd
z9Wz$(MK0A1%1rt!7VP4>Pkv5lepw$enQUg?rlbk(WHdb0FM0%`-Id8*^GR5rPFQAp
z^OF42@Qr51B<<rlZB`ia#qJ)=WVm_EmymHFLv8JOfD>FjJMoovZ#kRx4I7eBGwYYP
z5ZYVOg9K|g+I?PFZ`u>1vu_Mq4m*bun<1(LMZ`QMyG?kq!JML?I<Kj+gl}(Jej_Ar
zbUhEZ>+8CJ$JGqv){UBt8)D(Hx-^qg8?;41)aN3ks~abFi%S}0aSo4Oqr86|zk;|C
z>6yvhkTKax>Nx}ot@q6CX~B>1y54Sm%5vPBa!a|Oc6v?^BV?yKuE!L6&UJT=2bGsF
z@u8I{BZ9Kl291P)mnkNTJuEb_p9uZV1_PtDYo-^iV1uZPC#EvnGIe6uhRXTcOdtoE
z#**H2(~uP-Yf=Y)p=F<F`t>WaN$;&<)a+)p^$$G6_+qsiJvMo;!DEFirNern`_}|;
z=w#!w5*Vp-S@bZ}op7>Ytdce4N8RN1(0x6DnzOC)Fp(Jt5#KrT#x6L_WO>YOtG!|A
zse->)F|J+9k&}JD_?8YDd(}6eN{0#ri~BT7j_URi2zhWQe$J$|BbD4jiY^&x0i))@
z3%sU;u~|RLD{8RbnZ*THEb<F`s)_{l7e`sXqO6U{Xg9qAm6QAoK32FUfa@>Hb}A!5
z*6_zq^aoNgj%5|K=BL3LIUIbcwNcsnP2HC%(Sq0jD)MbLbG)n<id6T9Zn-O>u|M5;
z86+Yj^2V!vL=BC7N;G%%o{-SwW`LLiGnYo$BN?1GQX)-hbIr#+6Bgk(TMF#Tb$FQ4
z`eHr=h$}G!BN0mXdCgwcv#4IdXB}n9w4AlO$8e5`!pq*CtSmo7Bk2*RrXy`-&RFp!
z##U7JyJS2c#AT}9oTJHd3(#i6HsXy#XG&Z$AmeqO+;~6dQE4LeoE5Wj#2ow_Xelrz
zBMhT~XB61_sbbG(aX%Huq<QeyRDLrkMozWf@mGgVQ71*^TTG^d$|5V#MpN4>DlH~~
z36aRS?QUSI@$-t(->v9qs)D9K%WWU@!9WGIrW8;}<s~lN>QMD8o2Ajlux}kqzGj=C
zsbXJ}on`NFZc>pL(_>GMY>5o{b*EQV?dD=br-w+BvbD=uRi}jaZFnYk)uu07hS201
zgUo_iW*Ktz4SrmYMK((G-gew;8T>chZF7m*JD-#ZEguM8^Y0B*Kx2mvVk<?Q)H<Qx
zTc97^dhu40RA#6c%0*0B{qW51-@bh-EoGId(2)vR0)9}I@^-2tbNSPHdU~va_Tn;;
zZ+h+Ph;pt`r}b%o`d3mJ{UheI{N~cR{Bb@<c$N^I<4AwpD?VkyuCGm)O_A2xPE)=O
zqWfQ%)k(XWjb)R(vfbkR6q^EqyR~7$y>0x>Ni!RbX%k{>qjt)$+maOe!yc<m9$8wY
zWf|cvat(-U=U?9+|Na!iI900EN?c3(nEdSt&fJN}{t0w#kqczvvhJt8j{zxumH((M
zu%NOR6#OKCK*dC_DHutJc?n!NLFV~td>k$%l?jjjFm>4o&I7ZJ44wly3;MCu{z8)g
z+!_vy++^E~Bd2RTH|abT_{kGm-!dkKWpcGB#p=7ZsZUJDgUeiq5j)!8HzwZ?Be$Mv
z6}D;kuxB&6aVIr2w+}mvrLQIIe)d#=w9O86MqJO*?)u5``c6M<p5ESCoZF8`Uan1U
zEq4l$pjbv~4%1l^Sp_*|SZ3u;wx#_h*^KmHTo_7oPfh;-Yx>LjEEtE;^sW0am*$9|
z)Gzr2hzOQrwZIF}a*HYl57P;>H>5`D3{O`!X~{SeJNKr=OkH1y(^sm1%zM5IYU7RT
z6{G8SP@-Yw4i$YS2a6IyYO%pah@sel{e67+P#(|8$#>S1lPQ<x3ZC3=nYTXM16@IZ
z{X%hoqqwl5uP$*D=&aad{48ZC_=sca=Ra@E2gibZ6gnB^Qc#CND&BE8ph<TfXK6Eq
z+tMjZ-89V1Ix9sLDXdqK$3a0|79{WyIENek?sY1&Jsrs1wM#gfZl9!q6s0cJ%6JJk
zwh#T<I3|-^Dg!GXvzXF{(obdz_!2Tx`J83T?NVC#)zOczwp;y$hU*w4ZG>2(nM1fn
zzG}c;HMhp@-5uTN|45DdMpzsc+q?#fNdbeQy>Dl+Bo&@L*o|y+Yzv6B!h$)C%Pe=i
zsJ0npO<$x=d=;0icGp_&Drn;DWXOG2ea_%4W2s9kmNB=Ym@wbF#&5S-y~91b;8#j-
zm6_?-fK=KL5EsS|#O^o(MJ|h{Q>iB<wmk{=%S^2<c09b=4Bd-<T~_9zD0C?s=2;#8
z7rbW2WVPIv&*!!$bCP5ob7JNEk*~~Q#9iOxL*G>KBjK&CSLPPaq&wcpR1^X5`pHJd
z{Z41#JPB#a(>j;lN%6ORh&Kq2V9eL0G0Q+9;bCFO>Ilti{*Y4tA+>&JcC(kwsrFJ`
z{YS8+T%ou*8^9l_VIx_UI~IoX-A3t?oCFOv*({b^()S$H2MT=R&)+(Q_tWAfHZS9p
z@!JlivIh0}hbi$vx9$ZT>Dvbpe7ll{e5j3SBKX4_hd?i!@WuwMve275FEWLF7kIPz
z@DJL|E4=1Ka9l!>K+Gh+Y6DEl%0a1<d!nk8oRuc~!rQKmE0#_^;kj(XAUS2lVQC09
z2=7gT>MR_ZChjfT^3ts4toG*my-n)|WSlOO3WE}0^>c3qJ>yRydoBR}js=F^qN1;%
zkjRT|o~miG-fV1|#Hx@xsfWs*%<H6{-sAwx9QW2Y)_f2buiZhp4oU6nC0mRhLaiIo
z-;qEfc#nkrcncp89^hWJMVVU~Cdjd^4u_PYXykhwqj`6^-lbwflxR%yZ~Q~(>^x>S
z(AXtH$XHBXyuiILQy<!EHY-~C;u=UuUf|@n`0HUZ0Ox?%gV9HXUCrmFaoX;3mgV<?
z$`Kr@OHtZkkT2Kk%n-8o5P6nH9?`rg2f}M@)F(C#WIVo%rHg9!@JJteQF{A=s|g>H
z^N2~rhf5i>wT4<bn_dq`<;ZUl+)Pq0-oqPClZmsjk<`aDP33G8Bi4Mf9ab}Yp$5c{
zXbuHjZh}iWjz1h{j~dc2!1X*cWdX=XiFh)-BlPK^?$j?av@h5Y-ioqi_~r(>hvmTi
zvAyBxjN<p%ZQ3O&k%ZV_ng+WWDZVCfD%WPFP_e@6g`5^aQ?8Slc>*X<iQYY3<%Kpz
zwJJ*n5|&*2Vu*TgK!!Ehs6}X8WpLAM{zR*aMm-hp1l32<2R~v)!q#_OgS=?Jef>V>
z$Hd)|5wMUjxreZ^nmA7-_OH0fA4I}7EiM*X8-q;6VTOz{TTc0kjJ=ls{KpjwtD60u
zMh3bNx5Je2l<EaOF489&)J~Jf3<#-QbB(8SRGufYZ~@QC;~P#q%>^Ftw6PD$q(;vC
zn$&y8lZV2H)U+eHw&MYO;`Q{hwx-^}gs?nwg0AK*NShuPn@s8bI8$1tD2#+1I@ZLL
zr(QOi#T!x}cmk_Yi9x-tfKH<k_XwSRb4m*~)QtY)H7C!}Lzvg1+yhue^Kuj{mpqsu
z$xow7vM%Ct3u7vDZfy|FkiyUXjOpGw@#x0}uxQOl8K2hun*BV$>K0}>u*#=<;V)eR
zoF$NfOb^@_Mada+6bOYFC?qiMrs`z&9fUQ3Hs+DgZe9qXZ<y%h-ZdL-nc?!8V7>q*
zQBcu{Uw44U1haV-OZ90lTH#!)8e}$mRORcju@)Y`otpfv3qU8<L!dH*VWc};TgsNk
z*}@=0fI$|tulv@A3UHgXQJDl(py{6k*H-+!N`MCgVBfqaQ14rRjjL!JKhAK6H!m9_
zmhk6fY?sYZmk`yHaC3_jql4a<2g#bkRPOq|etpVeiZat*L}d8F)aVof8_Mfs=)lE#
zJ2x_RC^@wC!@a~z0-KBFZ$|m^&r&q_J1wOJ_O+H8(7e`AWpw)zDW%dD5vng1nDsqW
z(QdX3mbUOvnz-zKM3xI?Q|K+>`}jP?1o`Ggas1Bt>DpAj&+8dOyObMmrR}`brbi)-
z4?hXl-|@|Q0FET1FF)ka;UBE1t4iOyb7v~2a<lb7(RymeMK6%g0EOgwX4ZC?&{KT!
zvi!(c6T;_oWp7KfXv5U*JPpq!Hx9r3=s;?X{7x8UCkS&*K=~a%CwMr8GZ;hD7uNQr
zjX^yB%{+sw^P{V=W5CvUM{r7pYpV-n1qnE_Z}V>x@l>sx$8i#N%9w^#J3zG~q8+bk
z1QHZ^O6f;PSuM%d`_>RDQC_rJBd@d(Kt;Ea$=$&g9S@={XSQJg(z=G%o2o!!yv4V{
zCGT)K_*)q6H48vzTt*y%?hDixIM}WPDRv~(w1>bKh*AV21%n-aD6-_!aHALKOqi!8
zmuZWi?;FMFfyebONmEjg->T1Gwc#<@*D3EV{`~p-tmx+~%AqP(gt%sbv&`}9$mlx?
z>;qVDc(13Eio#?cVo*o=4J19P(0dsZ+e%$4Ne{2+7Tl!JmLbOy@rs?GN;8&}pRhWR
zuRK{@HM4G@=ka|Ad;M^aqQQ~NG#o*v_fCz^ru^L;m4hz5Uc~cWiffB@K?+ZlC&Kqu
zr2HLSg7UX?ZYnoYOvSrRzEHXi6EemRpPQSjdoXBeQq+0NBc#ZMt&r<da}5>H61r|&
zY5?_>w!v4edNc-G^v*B7=wO{fRhhW}Fkwnr^0du9iOk|Wg7Yn<AkMteAN-!rpkD?+
zvP4I3J~;QZsdX%4&Mb8rkLHT3b@WCW@0EIoD50VyvSWfY4Ne{!QJ8fzt+!W}xK5j>
z@Ui6^-9j4@=}J6NSo%W&Qp{M$rZRa~R%M)uD$+_kfUAwBc)#{;NSQtX#!F%DDq}M<
z|J)CS<OHa=>2e?qAk?*}6@?UlPtH2+xLw~mS`CUN-13^FvPHWA0H=xdf?Q#4nb3wX
zkWiayuYRkoBVn!Z0~b%`(o_7=@nZfC3&tE2>a_KTaX7=NxE7_A+wbCEo_Dp)pMH>&
zNK^D^cKZW&5T>OVZ0_NP4v*%;0G<^lZeQpMO<~^iWdTVV?YH}Mq`2_3u6t)gh8Ede
zX-d^pDA9}@QlwJgXUaK+5FutCToWz#`b&1n1YDL_b*n}!mT~!s+aGPXyzeIBd1Vr1
z3o7lJyze^S>^j-|X0?_AHF||0nvpGyKeAt+<8_|_kM;Be>+%qdZeuwat{d>EnQ@!~
zF9NcfnP64VrJZO##8`oU)N@3zur{!z=_MXuv6X{dSTg>g%mJqhK$@QqGB#GpCdj8<
z^TszTdH<!hSV5(ja<>^G(~vB>d--})18&#D+7akFQ#de2Q0544lRt$;qEYJzFVoS{
z9ex<0i;f2u9b;^>f?zjsrDXH!scQcWN;pOMpTv|;e>WIN0+&JqneQx82G*UG9k(kc
zn--8be^EPdzKbYZ%(iPVzKlL)<lbF-K!q^`#QG(E^k33f2BgI~Zz7byK&j&Z=YkyA
z4F*`}4@-+n^wC!rA=g8J?^kMbpd>`~Z_|<2+p1+vE>Jx9Fv^$EF^xHG`2Ohi>cwyF
zj^?BH*I$-AhrrUV4B>Qv0>^bSPnwe2(gV%3_17L4vy}gc+@C?q-X>^3ABOFDeT2|c
zELy;07-7M+z=Y;``1Mf{+nYTjoDo29gkjbGv^Wu^xy|KRm(antP;5Cl51Ojql3dm+
zRsRb2{$>>aAecW9Vo24@rQ3+nsY=_13-vEuQlEX2#&nb+?bx>3_tE58Xv!&yse)qD
zK&vW1rOq8OxGVwKhi%r|?ndH_ihGJBbb&toKqup)mPVvzF3q=({x7HHQ#_VX8MGmw
z^TsDss7E{xcr+{V`y|6TyXV{O1=Fw3uIU2o4}O8<r-pqBA0v%Z`thobD<a3!h*S`5
z;tom-gk7{-ll3V>w}siBW#$mE{FC~-iXqetA1UfR+10b$piB@dTdvOMe^1fAKWYk}
z;KO`&u+?8D4`Dr(Xok;1%6xsprE8p;UB3old)Go&G3#_{*GR|;_gYR7HGzhGe>+g>
z+=s3Ohk#<xWZBGTMiZKzMar{^Fh){FtQB0!gcnEDVi|V~!)y`5V%)t6xdg!hVB}|6
ztPb}oV`5_1WL|TxWF1u>f7`7@|F(!bgaT-{VU+NprV?S{UWu{S*x5crnYn-!`vr_|
z%YL725%XMHNNKqARk`9?Y6N>$?9${Qx`a5uAZ>^-l<D4D!zXJx*T#6_k)hYgQPl4P
zHd$Sl1i4F#VRRr~vEgmsrMpvn246#a%rRChci#74G6Aj1hon81?@N=IbZjF`eNrGa
zkLS|Ysc+Tp;TC{+=D~@~qxk#*Ebf929}70QM1>W3jGv+Ri3Ao!o<8MIt{6vwdI%a#
z56rJZvyEwdb8hx@IRkyUxfg>W2y~VWSH|>BSYwSwv*&COu6H&CnDg0pLXKRBQQ42)
znA>WAfI6NnSPstjKjXWOE$VaxyY<xfvi@FpAUM}|MD)ho3+2qUX)M0#sAJZ*c0D4H
zFaIYW93xDR!Mq+5aj%{eSvjcz8D#ysqy4N*1H&;g4B^{vZulv&I$*oSVLXejy-zlt
zr{`)NrBD{JcF_|P&W21h<dK&t7(bb@dWB=ix*6GH_y>~ft(f)>{Bcv<Sa47ff%2`?
z`ENhmZ~h40!qq{OCff>Kp@+gz&{;SVNaV@aLZ1m>;%;bxewudN&`dr_X_Ec(D#a}=
z0>_N96@ke7m-8cvnQ#~KfjwW2nEaOeQ58tJc``onIBotvVCxqswzhO*8#A^Ie39Cu
z&8^pS2H0O{V^q$WLF8!r6MY_B5OI6Y-t(6-LYU<IKFi$U;r)&2&HB%MAFq>>Gm%Nj
z+0JZ6R}7<bY?&TOn$Vh1!BN0EE3Fd09X>DRr7Q-f)SFAptgM8QUD!43@81t8Wx*c{
z-oEJdB^2^XX|6dpQt6Ho%_)53q6UKC3Z%EffbOt>INK%ES#-Vq*K?bjkM3Y#8qNC8
z<mK%oij#!wePAy^exCm<YwmKzl=>}C8(TQfsQ+DL#+`7BX=ek7aLfDB)1$B<g|hGY
zuowsv2$^{6*|6|%LLwz}7ST!rdb>O^%`gC{Ng;a@4`$!aBe2bZF$IDuh^MqUU)I_S
zHW+o}N&nsaWO3GKj0?w7H@!Z`ZFiFIc(=#?KkZ$4IFxG}w^WEMsgP|-Cm~7JIt-;$
zWU8YkYn0_!8VwGm!bnldQc_A8mB=!d?0Zp-7Gz5diIIKHJ{rE~9gSuf*Qx9C$M;>A
zfBfV1dft0`?)!P}-|sGXVCK>rnP`>L()Z3!c)H2nDYhb%$HJB5E=g&z$MRUZl8k@E
zn^i$ro+oSWt-|rhSldlbEj4_xT|U_(wg>&TKY_3KAaJnplKlvY^&s*HQzOqzZ=dBl
zSYyV@s$!l}&=L76bi;iL(tzxDPre}AI#rvwar4G&JE6`|*7Zr*>8-cFOW)m7aMF69
z<*&n$$9>>CjAT6cU@s1QzlLFUGv?w4ZHFMz$!fe(&)dmzFMKS!5!!!lfZJT)E?r8H
z^uGe>Z|8t|BftG^+i|2a$&w>`73vlNMMxhPPugo*G8JSxxRYDMT;=cpP%*C{FpjL#
zdXr;lPtdQ2i;rIwU8-}KgkFw%E+|ZBa_y-z{LX=bat;p`08#Oa>qF@2t?`bFF{?1t
z7&SzZ9?Sz30{Q@`9L;<d8JRc-N5^D#yAAQ>jfC-l`!^`Q+5&@#zus``280!X*Wckk
z0Wb})GZ1D0u4Rkgs~KEe5X@sS-Gn<iWqYO{cBdAh_#}5Ti#o@?5~gwgr{7(V6bg^)
z#a!^z?O989Z>;1@Rsee|=J|8>ee4oxmMtpX&z}9YOVH3tN@mNGC?T*(afO3(?PaG+
zm7QNM0T36_Jfx&}CL}&^jnaS21kCo4cNT!4`jBWSKZ>=%c3*p7&uvy{Z;_?ZaGa{)
zrCB_qwGbO<SWK}K3~Ga#ftiVY5ZT_!BVV|DE$3|b9xM1@%dH$jJP`4D3r#}~aZ*PP
z1VEA5Ku0LVaHj<I2|^*ppBiGoxvM-7IOvInvI}5O(?24iqf^rMVz(t=J=S}vxeCOp
zY9Tf2*_L%+|9&kHg{A=Wf=r&ses1YRolB|9W{`aYc;|HU098!WvVwZ~v)=CxCqkXB
za#UIQV_Gw-*j<l_v}_~Xo{!PnjKXm|BY>rflQ8i4bD^xX<D(u^b4xa8uUIupRNoj!
zV~GgR{%!@lgho!VAn3ls>F!lE{7wLQI!?`s=7Uj!a64yP`MB!Cm^Tp0%~|lWSxm)0
zH3pvjYu2;HS~GoHdTUr?tL^kyg>Ue<*rn7R5vXC*L<|le0pMdUauzhsGeXV+Dg7dH
zR$r6Iv+I{pevX<D!UZ&c(>RVMj0d6;mgmU|xCm_f{fufUg}_`C@jL)c#%4xKaZfcf
zJ!XFmc7S>XCxAcQ7vyyG9PQL)yrLjv_sn`$Z3zHpXYy&>f-sSq5GK-G;@d+63K`bf
zyyL(3gWpira+~ivf5)T2vvWNf<W_2}>uL@|-TFe*N>v+D)_)1%WeE9}iWp#npe3L?
zpU$_AgQ(Ea25X}L)<vnyPz8P%vG&af6Vv8{(A-V`C$oLh7r;$~RGNLaDJdCpJw?VT
ztvIzCUKLYfr*CQ^={^KkD?JEJTD?zIDY#*0h&TQ%%VHG37RItb(7>y;?0_i66sVC4
zpv{5eei;bPSaGz3-7~USkN^q+8nnM3ii+BJjTx%wy!?xOccdAjVy|`mAU=RBi=V2}
zg|IA!%KClFVqi@WayQi1WG@uqt^X~;Gb$YBQx?OjJqq(${1S-G0Cw|pKL(A`5Sd;i
z*8Bcm2qNf8T}Cq{j<28ftQeGW)n5^RTUBK#9{~ZblK93CMJvbYxi~T^spnfD$Qc>Y
z3NW@Nkbuq5zb~vcF)WV$_qSu=0j;|bDEkNm%2r-4-dSax7PBRR5z=$MeBpPjiJ`I<
z#+m@1hJ~1u=u!ZuyGsS+0zQpj&kE*K78sl|CwIEXveuJ#8ap?Wk3yc%0j{6t;(`IH
z4?OEPE1!0wpll^PHtFjJzrxt18C5>lZqa&B7q49XiecF?-vWOpxnroT1xfBet?2e%
zE8#Je9V<}NmW4>+fM@-j??BBk7bJy)C?XtQ@>oG+9fu&Yj!#!EJk<}Yj>^tNklMk(
z1}tS@!-859BV{d&HG#Ax(5={I6;usr|EPw3vy@?+!ZBp3S&$SCD$4xF9v%Qi_hLZ+
z(F!dV1k~!Dl2^=I;{RV31Ps!)#UcR8u?7Au$6hP~=9ZTXtZA_b_$6yvECPNW08`H7
z7K?yu)Vy-O9DA_{V294+1E_MMjOUzt!n;@mKvMcwYg#M<W~%1to0<Q|B0wTq=D2HZ
zUVVG}Qx{eGqju&cD>>p560+kGC&kU=Kvi`$3N}F@D%wM>j3Ks{%r<p7CvZdfu?h6?
z&|Nm|+mMu**`AQqdTy#y!ePq8Z;9kRpLjE97S<5;-0Cu>wY_|MhAS!c&#7Ez_dWf2
zjNY^L{7~q`+mehOSx%Mt?)<MdW%}tqdQ&_ENEBA;&D`R%+XRSfG$D~lvI;3O=gY;x
z_#&vwi}rLcXx|qwklqn=7M~$x1ZJzBcNL)2`a*Z}H-j^mtJEqP&_fm$-ZTcxHxh7v
zb@ccjj8=snt~PUxv$uC>8w(|5ImZh^$2LD!g}BabJaouNT|C1V(^?f{rJ~_kAzp}W
z{b$nceru$>+jY8iZCDxlU^rUE{VQ^+GrHmB%Pkoe_>q$v95ofzS9|;8j-GF?>mC0P
zNcaxXxR)Ll0gSRX!x!qej24N<Xc5Ip>t9&p8}v8ev}WBH!jj&w{3UX>96JCbROPEr
z>L4VBHBM~8UA&F#=^5cHbN*A6Wr-q3n=}*=Q_sO2c$%(v7bGRMuMs%7+II(N7^@fh
zyE}thm;Sy0^L!&my;~a}U`6u1c1&2j5nMtW6?8hV+ZJv$S}KpLBlHM_x4EJrZpzZ5
z)YXcCF8}Px^2dYltHYda-*wh*$wI}<S}??lW;9V}e|i%f`=%{5@4Td6oa&o6{tu^0
zMYt;BKxT9wr)pzMq4wf*v1t*MJh)}GXG{I-fdR)eqdAQw005r8L#>Ba=fF$dc@0cW
zU24ociBs6G=sJOAVu=E5x9?o*Dl4|Ie{#KgqdO5740rVGZIc0qzGw&N(DxPSAOc<U
z;lU?gyn81z`DcBW>7Qq^IpuOOL9Yv+P#BnI%)Q+kb4fwv^FJxZs*cZ8i%t;IQTeL<
zrBS>-m?)lpRu3?#>=OS|a2L91`nKHZdPvAo@ruovX-b~q!HtnN{SdS_{;Aa3F-|%c
z(u|N}aWbj|R5+c-O5+8VCRA(t$*7<RA1_#gQ7>j=Y@`UFzvzSDq~s8|B-azeqgH+b
zPMZa&6C3I}lnnRj-yhu9WUd=ZfAbfymRXAZ0s-aQrSx~p(Bp=jGbDwzc6!l@`*Yw*
z`!#O!8KTZbP9I<&1k~l123Pt@gQ-KY2Z7Du@Xs!4Cv<O+v5Va3e}8bp(W245#=fYi
zk@R!>>p+VZ?FZ<vzb_SY-W%|qbX4J*M`H7_76fQ6l2LxMd@aY}X4tE9r}9j41BY`{
zT`Hoh^HbaY0OCIjZ#I9mRwu5_B?n$2rFPpR8i9)!;66TerqGl1or+_L9s)7uxz%;`
z<yg=-hj_5oo@G|#S<f6Jmy(;?jUefVt^o*{tgP{7E}y9~E59=1zpPK<15m^LyRoH_
z;u*^gjnaIZQqRMOh^|{9b1e(zHX1@3sV5S&VEiM2;<{$rzwSp?Y~B*S+%yyFxS_eZ
z1XOaR20=y&PCEJ`;q98*8UYipi)^dKNVDD--(=t(pRRiA2JvO!6VEY;X!w2uiHw_*
z2^sHV?+qI%)i-}BFc~}dW#XYnuc8^x1&#hGmMOXZKBg(|A3rn)3s}Fo>6YpUii!?I
zZ}le~(zbiAh_LeW<`;e4j_<<XtQ5VMF(z12rYHs^Ssr#i3z`cWzD~xbT+0she&M~Y
zi&&_iH7vLptQLR`#8%?V1Fg(zo5?lCu~RwK_Q$4lMEGbwZke9B0t<(XCZ8m^t|__R
zXQD#xvzbOT_6~j^|C{P5TwT$i6Jb9#Q)6^+4LB@S(|E9CC63hY>Q<ki=ewDdj5feu
zy*p(8vdmGO_O-l%yS@Aix!p?7!MQD3)bW8hccV1J;~%>^Jf^M93|JdiYn17i@=mun
z)4JvnbU`&P*PUzv<LGHh&PR>r_CgcgX{-#U;^n%|7qDz{XMFQ0BqK8(9y|+IPO95A
zm5I%7w9{w^#CuBsvwC6Tvhtr);M7G#w9IL_`kIU;obLIvTT(9*kUdS~Xo79Q2dpvu
zt3x!So3!IRDiW}qfy21my>YS*HQWyi90JA9R7m!gk)e3JE%Y&>&>!g@Kk^~!bdhn$
zNWY0qFd-9HP0sX`93>L}sldYN!ja}tmb^=X1NpdKU&ptDj^egFfy1azlD+&Hs4B5h
zPP{)MQ{xi|%R=wXB-d%j!I9_d*Yx@l`dz`o<G||2kfZ)sBAjktOIp1|c{zN@xydne
zMV|%`MTJ;n4Y`nrwjW+mcA0=6UCOWL_5laM%Lc1#`^#go)nXZ!Cz_OVt;njW#+SW|
zoSV|C^PAit=EI-*^4iJQzM=aHClkI;w@+Bi*SJHtk!QjPg(La6HxrN(c=t>V1F+J&
z?~h4(?Tv#!NH>0=8$IFhvZ_;1xTnaO{<C$wwlVLG%SYyLJH^Al<-beEBXJ}C6KKzV
z;CS2ag4r|yNOJrL5{0XiT@LyxPd`qV4oEH^aD!OlelF_+%h5}MxPTLBy2f!M2)uPq
z;%Er|!AQ!;6IsZ34zxy9@>)Fh_~>j^7oRVGFsF@}KRxDd<`v5hN0^SSD>HUKXUmEB
zC|~G2fQlwJyJupd(Z<@&RklnOv1WHiwz<nbLQWXF&uUt6TGOuBZ&O`nmr?gJ;#7{S
zeOf^;p7;V#$GrjY@D=LHoi&}?;~MNZMTFG_NCp`Vy?={dn-zU^yc~-B{YO&5Q|emW
zQ|(TVnw&~1mv8o{7gqzH@V+&^5(7Q~7cN5(voV79Qp#|W8O?mMW9hjVge<#*639SK
z*i<4WI>=|$1R+h7=trN}mjnJ(j*#GH)RQ<dAV?=YK}9bFYY>wBHk}QNoVeUp1U`M2
zrvsZVxTjAUm*&T$b`d(qkv+ST%bjsgvumTPlWq3S{9{Oj%32X&NfwXYjnr#m)pPN#
zWxgIx#!;tp#Yfq+z)OnUr1{ULcIA{03ad+Q?g{S`FpaJ0shMcXq_qaX)fkI@)X?QH
z^j*8`>b{&di?nU-L~^DEl#d9N9=(fs6r3+ST-%-%8dd2r0H3SD%B_}<J%EG{?C7Y}
zYfR$F@P_t|jte0iyLWUD5`f-iqZ~$(1GMN<mmr;p1N&CK{^WplEqmt({<fnF^y_n{
z1I@o4JhqXkBl7f7_qR7)zGYhl?)Rj%J56&5V8F%N_^a5ime8Za9EpTC1G~%|*o?tf
z6USwQPyJI@(CHz>zfF<u&mts&#Bat<T;6%+T>S?u;l*lTDHnQotk5qcY^p3cV7A?(
zcJjml(7#8U5_+#cq|7S?{dz!};Cbk}P_(S3rbUirwUM%5#~Dw~=x%!>d<1<K@`=k!
z`eNWSeEXTH5;ReX1ag^5vqqhO&#1A(t_9D?GH%WyOX#fu=2f!X=xu%}6W_L~H9+*T
z=1%s#%4)UUWG80}HCl~fG!t1GeEtZ_GfV6XCRZ*8;}nMFhC3U4WWTM?>o$Hh`Q-Da
z2lUb75=+A}nG?l%-Hq?^n})MQ4*=U{4$Cm{zI`08WM26kP5ZbxW+`d)#i4Wc$4AA#
zNS$auj=@+n6>!C}YsIR*W~z|4q!+3a_|y>TfWza$L`)c9PDzQWug)_FVb%@7$M%Xk
zZJ>J^X67Z$8X_GSk|-!)514-|5u1o@6MXSQ#L&6wvhea)B1KlU#-F|tU<iiJTPle*
ztcb!s)X@lRXvndWqkA)GeI^No4-I|_dt4NE1gJ<q&E^pi<r?&?Hu27tkUO*)gV#FV
zPu)qDDQ2hHqtLp!dsyzt%KQ7P>_k^2eG#LJ=0U+sFAgA5ZZsOO+k6WP4&S?bU!}r2
zwwVA%iH6dvVfSNhIqQmD$5`tkx=3N`pVk%zzcZ#S!o0kAVWC1-Y~P*?TB2xpKx>L^
zr$MEs#c^gjE8u0`C6v#d%?FF<&_-cK*F6>b^2VZ_R{23`U_l=%gUMgmZJuEtO|A$^
zit<bs5u$yKj~3>TwQ8%I!skDjORP8Xe6Z)O<N9DJe}q<GpN=pWhU$G4%NCG`5XzR4
zoATj6y$wrdqy2oYbfy#U&C42L0pS>H-oIso<@xI^xAAeY(*C#XHLxok_X0#^K=u(M
zc&muguu9v;!Ng((Hs`l~<@EUnMTSoeFqo*5hq!%dJ#PAYZvpR=lF_F3d`kR_I0?+x
zZ|8Oq+O<yq$3sZ)zIZ`0tvyf2OfNsM2<c^C(X`T>c63cc@V;j!hv=j0v}zYW>W9%R
zYKrPTi{?ko0T+F0W+RYZ3>1rjf-XA;BMkrN_o**aOl|}6hie7`!I&{7ru};myAyVq
GU;Gb<UI)Ga

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/u2f.png b/login/apps/login/screenshots/u2f.png
new file mode 100644
index 0000000000000000000000000000000000000000..6b8eca087da532c2fdc06911b8c3b492a02dee4f
GIT binary patch
literal 76779
zcmeEubySqy{x2XXp&}tDtuTThph!rAlyrAVcXtZ{iV7$xgM@SqAl)d4h)9>j5Yiys
zF>v>&oL6``>-U~}@4A27byy2#n3-okdw)AV-wBeF5xam*f{lWLazXroumTDSx&#W!
z8F$RH;FXxzoO%=#>>M*8Avtj&Au2h08)Gv|BNUVeL6Ont<P>L#9vymg3EdaJpF-ds
zK8*GN>n(=d%Zu#y@u?y%-S>NT0nZMj*Y6poieqHbs0NBU&h=*jBKi8-FGU2^iE-GK
zhA{&3D{Y27)>^;Dtic`Hd|G!7%MZVnqr8kP*S90dIWJK0fF5gY%lPBRPj_q|qnu$y
z#ZW^rU}Bd1ihbe2*{4#2wargFP@wsxjI{QMy}d(vdQU+jTogLOF?4StX7Vw`r!^Bn
z5Cs&uJ-pfv3Yo5cgO}38U!KKVj2TV2NfAHlFE0AH>Gjjw>~*Xt%QQ@?VdyA9zS~#(
zt7vF&n{f0<@pS3#tG&n<b9X;WIW~?Nd;QMSP}WxoG0V|B;y%qWRBcU@H=5kcnZy0I
z@Qj1H%9;<`#<xep;%~&}>b;=5sg8dsPz~GOm^bsPpgj@fD^85@H6Ir5uy7;PS6yG5
z^&6${Cd?Di=*F@$yFv*9yvf`sZqn*QG1P0ux^6XLhWANC<g0gmjr`gjnJW4P(S#Pl
z<0E4)yv}NZlRPEupknUYE_GgWG5T}e1Oi9+VEC>RV!}hVZMWGwfNV#@%wG7B=h9Hj
z0mk)Ssn(n;ZZ@92p-WOyDLgv2Hlq6Q(*wSYW0)P-`=~gVdBO;Hs7!hTzqH*BAicuX
z^5_DK07(-5dz25K!*Nj*KCsMw6#aJf`y{@eLP5lb`_``?eZX7EF~0l5@&_5p>#{t>
zgnI7X310u1J`+zjSrpq)a!N{m?r|K^*70sCl#gRq6T}%&Ce~22wA;eP3(`HqU9iqP
z6~JnL#MO>^_C28*8uuvr&?Dky3|}gA;YVuuSC$1>9*A-2VypNSC!!GgGCn*<cW&>!
zpd3bsFF_*S8w}zPmu=5D`c{tO&0w4vy?h0g^8FQb!Fx~7%U^SPK+NKIi;DXxmYYD0
z+-<_M4fj{%@M-)E+a*lNmCz#vCfiXnNOrGsozeEs6@<5+$-pJ?8@{jmkWk9cET7%-
zyk@=BYm9Rr@RqON!)o<+81-}|&^oJHCpLC=`?}|u8l0`Vyis{Vft!glbi5IeXF>YO
z_vP#|gd@<4NtB<`izp|}$+cuScUvhjn_t<u8Z4sNalQyLaDn_$i11o_%uLUWz9VM^
zHvEyb(1_^PTe0?$JBBZaKB0|28+)jKTl{tEYc#2wQ@5vBr&y+#j8WE5pEq>AyP;-c
ziNa14>!<C@_-XM&uYqPh{G0a=x{FT~8`VdL?5^Eol6l7PexZ)MLHj+t?!qYF*yZI4
zSMDlGzKhIt(_@k=Y};$wn%l(Ncl=mBJROz5yta(hj1`OZ1hd6I)*rR*ihO|SeMef+
zONvh|f{Z?LeK-1U@SPh21H%i0IA90+et=d0OTaj`>g8QRzHmAk2mIKgmo(H?*U7IH
zzod9M{Hn>&pn#Y&<QBx{x@tJ{tAsHAn+lg<gq+Vj8`z#*es<wmDWNU{Uc`$CHHqhu
z_7M`1GW2jI5|tZtqzr|T<zKQR86w)~MpP-3-)4Qw^3O=gCd}^6&{DjbGD`P}P!~HP
zOqTOOx$tayQpQ;&_DC^pF<#+nDe^=;vm2}z83R;=xkcwwf-@A9$d!_nqBB)8;uRNC
zlV?6TUgQm~iShRH4m~i6+Pu|!>qAa(;hZrXx*;#E*di&NsFI<Q=d8N$oJ$C<%B$>^
z?Vh|#aG@x${F7&JDv1Xhlf`+9PF6Up8#Dk)%SvhfL1RioPlKW8qPdf4u=%{{p2hQG
z7c<>Xir%;LuCpmKmVKOgcT*&LHrg-GS@%^Z?uEVm^6*aQ6{8pIpPt4?={$;;T6(0D
zKK!~S$UDV5-n;sM;7k%~7gfi@O2O<8Pv7Q_Y1Kyt76;-6V~R>88z#qzE{IYFOTS1C
z=D5N^f(y-vv6ZryGMA=^4U^`TzAMcjz4ThI<+X99vB%enuX+w*YldssYq3Q60pS7d
z`k^9QmR~KS`;+=33zsy*ZmCE0M-@kTsW@go%;w1!&F<?B?6vFFgbl)K2k#A}^ph31
z8A`spP}EXrRpMn~V%=DnonL7nTe4NCYcOJX_~}EP;Ano|+s0RO_xkJ}8)T1j(3;Q&
zDaLiZEPU%wwProNCq;5MLj7yioS)r_v--Gw?_^<icy{-O|9paVly#;xoAqM{sVU4U
zGHBOQ?oz80|LE}ihvlbR-<CS&GpCz2a@IYkj7A%_xPEN-8GVw_BR8tvELn+iP1rp6
z>}-^$U%H*>x$lMT#pQLg=2gvPjVxjv5w>rR5Zxz7sBV{{KSc9GD>*wfZR+6q#=P}G
zqQhv``w}VzIafKi_QHp255;ZQv|O!6hpZeZ+wMYXp?z1-?%%sMct74B>Teu)z(UE*
z@95pIKdo1y$51~|pE)L3XHmy5>?&p%;!0>na`U-mu);HqE6U^>cLr!HXeu~9aTzOr
z4OR<Q)3a10V`8FTv>lp38^PcvI)BSiOD%tS_<FcVGm*At&bxb7E9DRg$udcqPX^zU
z$1T3s+6$FM4t1c*)GhksQN)&pZ#`RT7-^-%FT;^QXU2yUNaCLh9||vlT!47oh`xb~
z(_d#l78~&>!s{lbqL4ypN=Uj$dQbXz*LYXkQ@SK2dCfqXPX#Zm-vyKj48_hu%c&iN
z@o6~UU>GreF%Ro}`5{Bdm|l~4zIpR=?&pIdR`b~=Bl>3HX0E7M=8>{}kr3ThS%!87
zR|XB$Iha;ufz4%$9^an!IsYD*#rfWeysMu#+F%-zTCo+IeLS&MVO3l6Nqub77Sq#H
zTX|c$x|)e<R5#0NKUme*P`2}9`pgWO*4p)bS_;^&n-^ghNfpt3?$*%fQ-pZ;qj5z#
zD3*(Z+iJKHqf(@3a#*DerVOEna6%A+Q`Q#WTEFR(ArK)D?%YVOh{Zwip__yKnnYT?
zMa{N-QQErA;mu1buBzQjy#v*DTaCQ?yrrA&3$VfT>O9ktXha=?_uM`%s}hN76vao1
zuYBA4a@}t?6JGNxQ}*7|a@-!o>v%Psm7i5&K0P-_0)w^`+ro03XJ+b>wHrM{*m~4^
z$urXXh{?}28a3)3kR7g76A033$g;@x#<6e}@3C$;>YeG%uhL7oQ~s{>W=ZCr)M!kv
zap_c7ts269B4@b&nM2kzdjf5I8$ZAIwdp$3=VeCQ`kf62y%1O^Q-fAT7ke#i&Axpy
zTXjEI%iN?`w`|UP;|E)xg-Pz+JdR=8ijMZNZ+5$?jk>ZfTu$smjy3(=lbt<7yy<)U
zjBT34HhV)g_D>w9Kf&ExDwjlt=gVuCy=`!7O_l`*9&_LpQikw;@p|E=wJp3OKC1{z
zkF1SBsEo{ad*rsI=Z&jx7m6XO4peJR5C=|FhnzcZvp8_#p2yCQO`hxrR_HLfaxP2k
zn_HHR;zsg2*Rp$g&B^BRbBpSWo*jNL{Gyi8JN;nsv&WMySn}IsS^gBCD|>3&;t0ha
zld0)V<_=w*7mSE!dm5W9KQ!025|=_7yBZrCw6I+42?efU)80T^-o#{~{fH*8aDVCv
zhT__Kih$xFN;vuffo#iA_;+*xa{U{ht~=wPG~%(fir7=P5m3wf6F*v5nB?N!lWCnL
z@Dn*u+uW0Ce{A*K{sX_EdElYs$YIgL>)B_v(-Fk2&~u;aFBtcM@b#IInz*sFGzvX<
zj){VfN`is`o}q$YK2*|wJr_l#Lpk&Fbu<)|CuS(<zds`b9+5vU!7uWfUyo<P0#VL^
z|M0=DYa-gwr_m)6&m28J;||_K5mXcs7YC1u2KGiq)()mNjy!e63E%}R+Xw0nC@4e_
z<S(kY0?jg5zt2ob%~4HSip#*pib>DVM&F3Z)yfvR4hoMe7kFxA<fupGYGrBdz~#z&
z{pTmRz;oow%-5-Ye#Fs&_qv+29F>rby%7~V(`}~P*ZHuisHk}C4UM@JghhW}4*ui4
zZtCc0%f-y>;^M;Oa+k@*-h}xMCnqQKZ5C!07Dn(1Mh7=*M?F_YYX|CIiyW;ZY~)~I
zZ)WRgW@Al-Tvt!u#>tWQ`gP=u{`K=~pGK}`f8EL2;rFq?0hy8SFyCRi&HS&m!KFON
zSGnZOT#YQ%h0Ux0&A>hQ?s4Ac`T6<3z4O-{|F}}^uPg7|=DhdkrGLD2@=|37BYPnm
zD{xOozCZZ&>%M=!`TIg1X5`WTAjK~_|9lk?nh%?Y`Cm-q!&Z3~I|BGfW+p7F1RjBu
zA%9S-!5_L`kI3f{qX8N`q$nr?DB{9`O0K9s;OE}Zh`>Ls43y^+M-So%ixZ<_G2b|!
z@e~z<@D4*_;uTbfi&yZdMFrmbzrJ)C1N{zF(nH}pKR%$+QsLuXWE#==zL0KXUQ#*5
zZ|32i=Cak7fcw=^+R3S<)I@K(e=aNDs5y#v;@c$w6jbyRf3$D~u@cZuzIsXEVKxeQ
z1O4xBB;FE`s}n>0+d`M<a4tnG%b#+KFKFlxPr?)T1^@aMfLl;v{Pz||T=_4djwta<
zSpF+f$F=Ogs(0L0{MUe-FslDGApbQW|8=a#WdIqF{Qs{PO_&FCmcvyIvk6Zq+&^3O
zugdMqtPc%nFm74Rl*Px#Z<8I|p|_Ry&Fkz;4tW;h94S^jKDZXjSgclS@3hvtqrjUr
z^6;@LVsEu4tBtZo+ef%sY(!(TF{@A*BOdO(E+#x360`3OUX)#$+tTz|H(3$eMSL+>
z|G2m%SI%Fu`XQTeMm#ljrhLgJxl!p%jB{4&;z;OH@JQa8TF*iSZx&ZFzha!&NTSQi
zUO#2F`}j!uuQ%5axY?C8Vh7bbh+CmGFg>Twl$Lxd8}#%~eJGL!R{Hn7<HVMxeL}J}
z5ix@!h>XcBmr;-SF}rQ@&FU4#ZR8$Ov}=a@6SB=~SMNvB)=bv~YwXo{-V3c+n8ST)
z)6$nQ5Q?p_v7VrKsAjj8j!TJXauWtZL4p|}!D~HK7DmeNT@`!J&ToDp?h1lK;!s|X
zG#iAh)IYv3lzl5Qvk*wi?K>}!q$@B!LcAU;uJ1v|G(zG@^Nc~(qF6OkZanA^<MVkH
zbFwZeJE!(hpF#;96+~LMRI_v3m%XPto8AY+1+dVdwO!%?*Mof3;JtC~Im+yiWo8<R
z<n)y(pXBvD82@hJ4mCp`1ARVXA7@hcWsiXQ8e_@oYjdhDnI83IG@lp?-reRU-8{$l
z6EH3zCAezN#*F5A-X7vdsB-nnQs35>C0YtEmspQlJxat?ukw+$)tNzaL`OmorFt>t
z<&R5uvo6i=A&4ldRa?Y-R`qyQHok2Y1&7wpsd>uP54(wtXx5I@8AN6;S?~F1B}I|e
zP#?-@xaRbXeX@DKl{RI76B3y)y=qpEc;*0G++8i<+jW^D-Pl|3T(?r?SBZnrf8HHA
zv-Bm|+lSF(_1p5+c|K<NUX>KIdp=DnhAe<~JnN8JuqlI>iteglwCi|Ui*?thmP`r;
z#2X$rg$U2hPqXRXFC|kIvMzFCQawUJ`|FRHZ%ZskWiTm6h12|5_&~A6(3ePyq*uGU
zHIrxN<LPe2Or*&sK>1!)%QFkev7j-%6E(AZfrjtn5nRFJUFXW-HK4@dG#7!ld~xRb
zAIoA=$$9#oqfi@*V)l6t)8$vYx^nm0?qW|LM{ozEq1MxC{+gipAl;hTgR#$n7h;n>
zm0m<sHf1po)r~NhX`c2kdiLigF<;pE?k(vqF4lOciwIKhn0$S`cth&7+|BW(nafmk
zH<yc*>5^UwZ`qkEhH*Mfo%g<1YQJoAES#a@@ZFg2tK?oR8@zDw;wPUHri}<KA0J9;
zNqYijnR;|cLphN$?^UuPLb!DygsJaqbD>F_;lV3<2==isz}FL<HMGg+&_j&%Nz=d#
zI<MUW7K`2&o-(4@0eE05UsE5r2s?y*lspvepZsX*+V_UD5L3KU_{X(lWG}~|yH&o?
zJ6IZWD@b%tHjb-bI`)&+tMYo66?Aln_QyOY^A<^#du8udSDgo2f>et#3764N#H$8q
z6&FlqI|u2fyE5>jF6P?4sGvoMU{t0+qYb;#7(4i5$JL`s`vZeCah!u@F8;}#7lNq#
zA1q{x+?P|tt5*s>@DAvaIsvW3s7S#UFM{djb<p67gqO%T4%+b3GL7s0B`-gp!7r;-
ztVhl44Fr}EI83dJ`3x-v9nM<k-Seo#z?2wZ<a)8`DUc-eB<hUw3O0vgy8Y7N?FXF4
z_itMH{tRx8t;?`e=|S#7Nxw0)D~Z(Gz%eNL%1$UCK}}%OOJVJPuApq|%2_*Hk8dH`
zi{$BI$KB5ZY%L#z^vYaHIIT@J;>He%p16X+1RpKk?Dt|EA$%thNwjROyEoh3^p7+Q
z+nFDe2oztr(Gc!Md)!>L*&8n?mv;B|>Y~dpr%M=4T)q_HI15$37F1DS4e#B96Ncqa
zC`B_}OcyzJdvnZ>r6WUb(F~Ci)|-}lp@T1OW%_d5e}*MdVf)rRfM)I)u0+X*w`LUj
zVqNiA#4#cY@S@f#<r7uK+%++7$?}J=nPDHI35q{qmahiKR<Cr<=izU<Xm`JVY|)PE
z#J;)EVmWM_IfiT<v<wEVEY3l)1k@DH6})H0i*Q{2&WbJGeVISWFk0Jr?qS=#%YX8n
z>XASp+L<$wNtaR%p5l)X=>ckU0&0_2skER&NaT~O`m`x~Kg8S7pSYzl#@VyhPqQ}5
zM5!gZDFnp}vl=qR<T~G4bVxl&;_?>80$XP~pDuWeJ{p9})Do;Q7Iy_7+;!6Uf!5<d
zNJZC#*T(?|7geA`bY6%ZyG>#l8n#4HOH7xRTvCNUMB&O+QbF-^xdh<POHPbq=V-s?
z>)X&l2I(k=lFKJqgM-g}FB)S-hgb>Z^a&SU3mTBq<`-+Su3XT{Q`ZqXwyjGuVUH4$
zQzG#obM$)R(M)R3(;;+bcsY@Cut1uuJWh%A`g$@5?13WjF@>9X1Fkac&AGa=RjPva
zQf1D0k=!mV1w~L?A-SbZ6HB7RvL8PIE<5$*X&AfidFb(*4$zEF)5Y+5hz{vzDw$Up
z`GuurR;av6q@mqaxsTtov4JIFUqQwC{FvD*5~t!!5|*alH-(^>rCP^UNZn<`ycALN
zs7FGX(vy|zQ{P%BG+CIR^#z?7P2>D=0dqm$Cxdtk2jTMV8zk$nY39juSH*{d?egVD
z;$07hZlMPG7z&G1-_bd)R22*lgX!c$p%(<8us*m8r*oT(Tv&ZE=&vTHg>URTh(@p~
zj5{4?TqW8V8Kh~HdZ$W<ITogxcR{CF>`@}kIaNw`R&y@(HhvRuBeuWY=ytwq(0ouu
zqOwg9L@0D(ZM%Ww(7Z$^xc+9V{G-H_mNLF&({4+(wj~SUpc1&tNUA(RRmd?4QMF_E
zYB)q}=dzOev1+!JHXE3r0}J%y$C*&kmcWgDK57Y)rWLN^vZMX;5*;?uM<*_EZ_#j4
zO7roQt9u&e?pGCf>{gDl@7v^ot!H1c;!qjYiwxkkPLpvxzqbP_b44BBumy6aVD5Z$
z>b2emo|w&NH0>jfn|wGi&<5kyuS5|uahIYT58VTKspzmoSbk`tKKP~u<I*g#49aFn
zq9HV(JSKN^Q9$m5sU?acB_M^5Tl}e7y6=#t-{wH|3uEu>#TE=p&rqhl8ZmP&01qP0
z7EgW5&otmY2%(eD!<2aDU^UP|;1}jh7d4o1*^fq6K3j%`PTp&ZPCRRc?D!2s1nfib
zH=ZS?-0Mpt=e<T}_C&utSmWALei2xo@}h1RjN=8}iayWv<98ysqE_{BLm1vk1{qi<
z&+TPoE&eiornzx<nukaTa8tVP!#VN|Xtpx#d5P|`)Dm;zt0c$y!s}}r5_U^4Xjmlq
zcB;pcqh)*y^0I0b%rMIu6>`6@6#O>4KTDv#`Z)d$5tkwe_uPvIxc$OZ8qB-%z~Qnr
zojhZF40~czuAI2wI~KTL8}Hh|oqmJtTRRo;9E!9&frx#i&=}4?4$)}oafe6miTQ<T
z_(hx`<)wVlhzyfrv`~%7130TYyl?#7UEnjV>^B9)U{mJRi_M7ffnw;_o;zaVj1RsX
z-zgK0nnOf}<gcr({<zw9^O{(7nt9L4<iRUE$OfU?g=5T^sS&6Yi<lwD0}@lQOK~Z}
zHRyaO-$X{AzcQ`*RKne)l=$m;Cj~8oO)SXW7=uDZeVYlINkCEW&4=8m?FRBzIb2OF
zynX!heKs#*_1s3?p?{O}hYwfqiCbQe0+0CpA<b2LnuI+H4Wk3L!*5dLy3viENFP5M
zd!EOf&7?;>YPS5K-+f*>G?v>XT0>g?q<)H^0z3RQ26*(U^W|~S#FPs~P4AOc98}^A
zW8&v2MI*ZLQ%=ZVAP{(eJV-+s#lj+npg5^;xbKr5Em&Xpq<gN<6?uIuh2xq@C<ZjM
z^T$*Cjj9e9Td)puYb7NDDYx}(GG{4N9Ex>hqvp#G^n`;T53U{)IXN<46|snn>0rN?
zqItyA@X&*Jpv+?=v}bU$%Qf<7n>Vx$w<mq4Tj4$C&sdJxJQQChoFXo<po&2{OtW?O
z=#kaeT)bejOfD?T`OxeQ_X5x6D8`ky^SxFtydS+W=pmI1JHA5V9$FLdLDHE@S&msM
zqw?89l;38YbVD2W0fAXaXzN2Xq}8433f?9f3Jsm7mM}L{I8IzgRVq%v=&<t=MK%Ex
zDlv06N{#1e=GS;Afo*t^t2e3#7=+av=!Y*Fp%!?;9Eso|^;Lue?H<fMIXIEV_zK(M
zb-E_koAvMO&0DhwqAp-SUeLWefAhE>dv^Whn`B|H>vT82M4HL+gN<?p0`9y~roAP3
z4#I1_IHaAEMtA(0OEU!m)tnODZ1Y4U*|$7NTe`7A^=c77B(F*z-7WPoJ~0L)$K62v
z1aloVA8|@lcwwya@(YTKj@$;sEu8Z=noR@}5=Cuv+~?t;Uy)bv&wi;(2{tzH$Hu@(
z$WESw>OC1mqzrp!!#9y8+3Jd`S__~yiyyvZ$O%5Vq5%lnFq@f4C|K3}XjN*ucM~TL
z`ivGV*-&|7;RhbrYs=AI(IHV}CpNl*ewK*Yj#s`Esbj70cx+d4<)bL@A`Cm8hg<-{
z$C)joHuX5H*n&e?Qv8ls(Bw(MMMs^YyIH6FIS&_5(dvkbJBfzyiVJoGw{R`RPts8r
zNk^Xxt3Ob|-rz@j<D)xOEs(3X7Jp6#3B^_Azg9=moa)3;?2t5nWARE%7EmYah&pS6
zO#{V`<q3GLhpV(<r$_{fLxkfF+JvV&5Y_ibqKfpq_>wPA(ElEi{-^AQhC&{n(c`WS
z6Sc%G$uGy#G;5sOV&bKF0yWdLbWJm)NHd@km;dz~Ql`;QN&+<qM8sM3{2UMnFS~RJ
zkS9Cvc2L&Vx6qTy#4TUh90a*<SO@EQo}8&1F1;8K)wjxjPvVqtE`%nXKW4545}VP!
z%6CrUyj+{bl3+o5@>@4Zu_f5=1%x`3Z+uEhIey7Z1(Fm9{D}di)>a*n0%$GFz5XeF
z^Q#lozyvq=yNqX}L*|q4AoA4Ud^9J{SHb-LY1pFfV;&E140(><$54mRsW*f5Pg0u>
zxqbx0tDnkUal}u_vk>To7{Gp-6YSr@xFX+)uy|>L3)nyR$H&bdE8E->Kf#toBwM!f
z1mi*M)0A<<7E3xhy&lq2c5>!<^hXED&8@8lZTd)w%-mTfU)#bjfj@orCWyNXS&x*3
zoiO6ISdh_4H6cU_@|VcZ>6Ac_wT}cj^>JAIOmFNzm&;B;EQbiSkdr3#(!-Fj>skT(
zyGZe1KcXuaQl(B&SkVZ=G5U$VbAZbwM_dLA1K|}rL8a@MfJ%6|_r1LUl}wMQ^dj+N
zSn_e%p^HbMmU!kOJ<v}LR)rp|iYal6^Td+hvA~imx#HX&!axS@{;}7P(?kpqzAQe2
z8mSL1NPW=c<#lJPRyUd@X=OWw`oL7NS)5I#yg2ob?JQ+PjyCrdjypEP)+&l82#e{c
zjx<)DsP=rorHYRJKQLBMwt2S4p|Nc+4kE}23Gc&rot!csP1Sc12;9Vxz)d|ydR4y@
zJ8!^yC@gN5D?$OnkERTgzs%0p)4~>T$Y&0Wt1}>b7VY^T4hiyINiEs#xPyb5GR0Jd
zn?2?6rd$F4MjHS>TtmWU#H<hY;itLd|H$|Pb8w1zN6M|>Ng+eZ?P;e!)#w7F^j+&Y
zkNbTfkZgb0)(|>7kl9yiO3NP)^QhX5fHu#rVtn3N2ioj=q|G2uc`QRf(-vDA+e3Jq
zcPMDuM1UdD%mS_Hzz<-O{bmR-IO>#aAF?=3i68*8F;%bC@&RTS9Wh%4OQIK4K9WR1
z^!azk3gYFkZ4XT!AKjrCh0KUKrBG`EO!n+s8TfE*IWH}>Cx~AW-H|f@w%UR<$)EF|
zDn8il)$TYBYd&CuB2EaLHZib4xw?K@+`tCCI<oEka!5ydia|Ziv;*Iyw(*JOgj=F}
zhBPhqkk#39Ksx)5q*Lgp!4f*b_#`Cb<#UDk5Wrx~9Etrc@`!w%{C{o<vxonwiKV9t
z>TNYXHKYcX%k-T>-^d8DOPUgWDpwDIS2_+yw&gviI)iUEwV?hX+I4i8%tRV<L!cu6
zI6nEm;s;I(+(7sXtjQ@3M)>c300c4Fs(CKZttUW&{+WXXmss@XgvL_+)8GKaI4WX-
zK}2EKPrZT+0<S&mwh2l+$<{}KGi8J&xqKbjX+b%Nb%PGy!;w5m2Ry0hN!}s!YoW)<
z67IUKL`mGM$M1uTeLfxeFAxTTb^ab`0@b|NcRdv3XogBhstN2ca5{ev>5!3lIg#7C
zKiH%BUwgcr^b!B0q=x`=NI0!Afvk_b$ogXw|3NHjxH0F1jCMcx{c~yh&!SynhX~WS
zOpLXw^7{WUNBTFhJ<^k`Z(03Rku0Q&^mQexcEu`3<>Db)hVC)t)O#NwbF<(h1G|%m
zv{nDi*yrF!<fv29hOhneNS9s^3uwOo3BwkE2Mk-C)-x?G;2&Q7;U8WnpT<F8t4{Nz
zA*W>%r#UoW1VKQbgcTN({4wl=fXvhYQ~3APNl37%A|r^R^x=oae;mO?Ci;V@`2Gp=
zS%-Q4mJWWN$^g)itxUj@-QMIu^j{j{LVTKr&<l!J%>_RfjrdypAEY3Fbf=hkApDaO
z6J5AK`2VaKw8$e}$Un<I0QG=pym}(#Boujs2N5a9-&ubQl+fb05`uaLGL5`;+*1q4
zqXX@xQ@x(x4Yb?wNV`E;pVK$@-ui=Q)VY#dC-WLc5JFh%`g*p>g82J?*Y};eabyV$
zj`_0!#uO=$s?_K1zHaVb_@$FADHi9&cpcY|>7O~_z29-mf8=m~7D_&#0kd_=iGXRX
zLEDK>02H%1qL`x`zVuYZ!`!3rM*GrsPoDQ=Zut~R-{9bU{LWXC3dH81jaqftS}Qj^
zm}7Xxx@O0i!)?{D)U@L|htGj0hry>8dc}PUk9%{q=MUBr4$FG7RU5U{^B?-gvRSB<
zRyOSXDp-Ej22rU!?cy93$mdp%LKd*)-z5}ZOEh9FTVIc!Y@JB+i2!ELx7_nNg+tpb
z<BF5&E(bepJ{9Ak{KIhD`U{z92b-m}4Ic!u@<+LCeD((6Cj5K-O3ZD%TUuMI(X~9v
zDi$W=pMn>Qx?~*E-`GFXEH;l+mqz_^k^9HP8kM5D5yYa)yT;-^o%w^U+Cyb0o89%<
z#aE%8hCis2?Z!VT_cUdXet*vFEJp66G#Jaj_oEOlsk0hZQY!iQXI+R|6$l{p)&N_V
zgI}0&#9TKPD6M3HQWdC9WcAE{7xz7i=hV>&6=rZO%e=-(M{FA@JS^4TnCVV;?1T;0
z>@Ch8tc3c|JjXutT>0LxIEL#}*5Afv(OY&?G3|BU&i!iL01WJqIjiPq=Fl6D=kruk
z=kso^yKhyFEO_sBC9uPz#dyBsEdrWXd3+~G__lsWo&I3Ek>9z^=U}anRgc1B*loHz
zIh1d}Gx$ET#_0R*Ch%U#dldu`hE+9x`J)0ZV5G`JfQ9lyS|}DAo~b*bc0N1Jx(W+C
zyB(p<V7&xIBXwtU43^#O{cK&t+%0LB{clTNOCF0x%pNgr!<yFR4GSfM)>9Vr-7|P_
z6^Etjt=^n*-792djs&za>y-f>Jcs*hcY`zTZFDP+zl1Dth{|<Bmjj4(W?FgHq)Oe^
zj6uI&$)!VtxVRUk7|4w8om)T+JG@pvy+h~E`rPmMma6hSN9~TZ%aC28GFytR!69NR
zkDgNI0~YO@(bjw8FS3MGbJWImcT1Sws&42D;xJYIU~!pw`vh9uHAGgqq~q~@!KG#`
zZm}!jz_I6@$3k&5_x^G{yvl7&KUCYfzkwHUCofAi0xkI2PVM1d?N@mD?p(HmPl6i;
z1SvppN!{JfuV+OpsII=5i^_~-P$hyrUq1)RHgq{i$G_QGlxhIn-PI#^_g5??;EW1q
zN-DoySI#2Cvm(5e%ItM>4XZo%a$r$5;w!o3J5(>bZuHc#j7x9{`yOT09!u%);<++g
zMcdUWj@t4ChdTdhv%UkbEjaNx(_Sr_Ht)?sIQQ_%#nS0`kBa_6lS+@p@<zno$e}ak
z{^+^5`>$+0zSUC@jrc`OGm5InC83P2cgf;bcCCA7D%nGu(?3&tL%r_`iXd`!4~Z^C
zpx^s}Y{FbX788TgrDm2!cEzX=hu6zD*4JrV#-~-()iPta#_s$m)kTJCW`Bi2IU1K+
z<na+wptJ}P2Q~2`p;4HPSN7h}G@oiu#C=pR^)CfxHQ}l?tC7mmS}t&>dYzkTS??|q
z&otLsU)>$2JiL;y^O-vIg^lVr&}22=oB)UL?!ok@4!Ku{n4sm)bd$o<b*(2IzEs<n
zZxgNSUGDMeZaf}Q<KFIJ><vtB#JsNV#;zFOD&Ceau4iIal{N-A@1rST#ccX+ib`|i
z@+?1!<#aHfL|lqcqI2~Fy*O3~Pz&ih!QUhRyO_2AI*nyqvVY=7d!$kfP|I2Pb>{gX
z=BKPUVQ<(tBSt8<zBTgoB7oj5S5j}vOOBa4B^rwod2ZKJI#cepKT%jx7Hmd6NA{AQ
zVYM|)I`%trr}szSrR*CHUab!C<1Q9_=J=Y@e$XLcmTtQ=L857%5A424OmUNuzWqjP
z3bZubxXqD#zy}da2Z9r%K(1a#!USR`;P8>LQz9Hq*6oYpP^79(j5+&!O0Li0-bkDZ
zCsygZGX2lbb@%nR9#ig9iP!-JNk8yQaDVrRyHCp@*rSdh{^eYZwIJ4rYSw-I>D<ai
zdjMlGNcz}79ku%A9Pq6T+Ad-QrREXgBbX9Z=%K*&2{<6jkZ-ykz(nN2R=x!ME<>*U
z47HF&3xP@urm|7Att8^=jI91!;T7?Yo#Knlx(D`I(q20idyAE%Ov$lari4HIsVzjm
zN6Rr{>^I4JvpBKM!R^Dd)P_42#K-oTDlUkY)=#{{i(t*m;tU$z{=}hj@k&rahs3lS
zl4Fj7zyNCtEREg-#zFtcnSfn@O!oIKipUn;a5~TvaPDrh(KguLsL`r+FXpTby0N$4
zoz6EIo41#t$;;|CQ()9Qlp-EJ#6D;_UIKR>tY|cJlP~SOrCq@q@2@o7p-|f^TvX2~
zb|vD)M>iIVt+GbtDWg}uqGYq1Z*2=I-1(r56VbK%Mp<8$ytlYrMt#qveHkcL^iLG#
z*MxpkNib+RQviHurO0!lax8)yMe|l%h@4xxH9UMztb-Lkzr}LeXe+ZDhjO)P4zChz
z0Y6uxPzo1pdW_3=<&ei>Ru7T0b08hhQ*Pht%>Qajngc$;YE~?Ich;n$w6qkS{+1V*
zb}FKuA|iNFM1F_YRJgud)k|KBK)qa*yXs@Qi+c;|0nS5cAM$RFW)clix?G3D>_{?}
zge6xmjT%^!$l%)kG}2f_Y6n=y37yS?=mu#s8N8O~b^~VV%FtfM`%7+Z9&bd&{0BS4
zC>Lrri}O;au60B=*@`4eGFP*1)Hud|VJsa|Fq28X6UNXmBRLae60h#YyCa<aX{P#c
zMvOm;P&SsmW%l`xca0R9H!U`Ub^$4X<Q}SAbQ>HTo+9)sE||qxv?_&9Sy!!yrq8F?
z3N0l^E&w;3(nXg#k;YuGHr*ymRJ`C;>WA-jr;n{_`}^~_Dcg7K@Tg6|;-1-QnQITT
zV{?7^sCOH8)#W`Z_$qkkl=Ivp%Lxmu4?CytADZgJmj^ue21nQ{Q*Fn=k>YnW3YK*b
zccZzth8)Hd%or1_tTgUOI1G{b?5|jVdT~`HGK(dk^uR=ozl-wO)Zt1qTeC<w&Af?B
zLeIpFP!LTZWF(ymk&V*@WQ7Q@y$8TrKFz;96yzBARpbYC?FZp~cmj#qXuH?%+6-4^
zO%W2RG4v@ZOA-20)2(-YI7j&dX~<~JQxoQx7d52QdWoAIt%yUJI{XW<`R1%@5eqhO
z!E@vhSxL1O44&;XQ7+Z<+L?WIaR6|a7PZu4U%IOhGn8BQ9Xs7kXWtpPNX`I}`hLQ*
zUK`oEY_t!0tRy#7`rfsgw1g(PiL7H(gvTD#8V6frdJXoc%bbId^uLXaUpL~ZYRKr_
z>zuicK|Z$6Ts)Vp#m|7vPxz6w@}}t?Fn%iK3kw*`u7dP0EK10Gx=fUk4b83Ww||)M
zlRmjzJm)`YzUDEqr?Wp2v|Ma^m`sVt;NF=CXK3*Do4G*B{;~8@@1D))Yfs3&dxHQ&
zHDnSCG*R1`KrzlN+VIXGsC2q&*ZuAq0(<wnNAxoK{o5xLbHJS!D6Q=_Z-Fo_mOi_b
zAUA$&{$TkDzaujIL0HeN5Z7)8a8JE9fF9V#@Teu<BD|%hTc_NHEy4QbzE2Pc8%N?T
zv*yY-hSx4itgG6<Mc)qIt*foG_!uf$%UTI{n~t+ik8_q#?ju$Rwl<rFQDzc!f7_YY
zJtPS|D^XLmRI^v%vp-JRlvKjEWGI(pk@iZm_j8KzaK!!4dR+c0J>`I4F4;msse%vX
z4$~D&p3~eiAL<+u_J-1gnhZ(Zb(rbOccx;;U&*TKdO5kODembd8jus7g<!|77beNc
zQFqQ+kx1jW7AxlQ{p`fIV1sP#yL-|XP(5F{HU`W5pK9m$!E_xZwqsh^H<5XvZwdBH
zGqkun+YjFYgLHnv#=R?c2+*jZTXI)FRh%1^>bTM8$ZyH#Bv+I?Xt~*MlHjUy&I`4R
zk+Dfr%@dL5ImxhCoaY4_k>=G947w4+yYi7haU+L3;5Ny%mqSo233JXHgP9vzf<e|U
zoeLOxl$sYfWjH4zTpfj0wbJ9=%_V(iWhr7O%h?J<!k>7L;pl$uw1gXQUyd+6xByon
zJgeE%x&XMjk{dN%!X9wN9X3oxvf-`LoyNzFE!dl<yA*XxT|e+9Nl?<m6}CLLVD9NR
z4mr83w=~Oa^@hCF<V%gsC|<h9dZ#&AC@`KQ&+ag(-R;RU_vXZWj8C47cdH^brz1_%
zw@8VN6e(!dNI@$#eK$Z21daDJL3<SV)dKzgcHf*aty2$iBDwRox8@3J0XR@Gsv$zm
zTWa}<bDr2n>qgeVwaStw9je4T^{Ov!<oS4IY3W{Kqx8M;<va%i9oGB|b0?JfzV0e3
z>cmE$F6Ch|CrSMN1Z{d22SLOP3jAy$#BQl<JjAs~Y8#?KjSIlHVdk3LPzOO>XAs2d
zwe~0OXgUrGC&PM+yBP_vwYbV>CHE*ie#kq0(X^=sNbUJt<;ey586~--hxZf4Z-3-o
z{Y*W+bDLr#LrmFvq!T6z#BTblW)16Mu%D<!S6ftF#IlK^6Wf;uAD-Mo=u&JHBIC@4
zWZHeYJK8Q7goVZ}&+4&*r&elhOp8>%mE0I8W=Fi4F}X2RWFN(sFqWpd#p*68y6b7t
z<)7Q9?V{~j8Fv}lUCH|uTcXZkuJ+nFGFyRt^}e>ZQ`b9rxUuil8)elS^dk{rfz%+{
zs+T9_Yy=5;mC8{Xvd_%4@-)meqPGqMWQ52B)^`&}E%}mTl<^HG-leLwueH6syZ0>_
zIkTCgcf%%X<<ytjD}sdx^5*u(dg<tPKGO2x`Ed4p;cBsLISXkj$>G%Og=rG!O@-$W
z^YukbB2szE%~mD7P_2v1;?Kf$UJdP=`WdPZw_QGOdJwg&@}jSL(TR<=$VxRKCsEkS
zVnQf87VT-A%W(OWUbL2dkjG|W0(ot&fDrYo`1KUpo}9dLA68#8d&TX<SE{`#^V0>x
zj8-+|@PQjX!E-Crn)?<9@@oW;dLI6QrrO~d`BHS=1vA;~th5eI+BdfMmCKpieN<WN
zsNbjxzYVc|Rap1YT`(x5OSoxw=_zjTez_|W?!HP096OIw<p?`)A{Lka>ihieeE9NU
zu%gxNTG-tUuLzX<oRzS<>IzaQWv6};qeNztiiWfpJY0<pQQf+*SW!KH$=zNY3D&DQ
zH*~Cw=7G(cd<MI$w;sI>0+c-KQdp{MahCW!iF9jfE7uO}`tF>%XCM<wy<n077ltLK
zY~pR`Vjb#|_x75omX4XS3c1?2tEr-fiT2afWA$`Acy8OI75p?`RM2#_E4pd|qSsYF
z(1sr|Q~jfQYgjq^D_wj0$C6<7;B~o21i1=pAaK6NW|nP}t|ONu&jQ^GL?V=Cia<?_
zi*dMr4S*Kbt=A<Zprrto0q}3d=2nivxDG&On8*NL1%{<2G_x_8H=L4Ne8aA%v%Jl{
zw=jz<QJG;qfVMo&YqNhvZr@NHHr*R77R=hAh1UcFiNK%>GBq^pNsD&@D77a==Pm9D
zrdk)aGd?J0XYe<7rjdZLKT*u})@=Tq#Y48h@@A8iylXZwMc${bk4;Rnth>lsr~|*F
zNjkg7bMy@51EPk~u^FyDQnyI1#1Ar2i7CBrc(&j!x}LGJj};r4`!p1^u1RfESYSY)
z^&-i}$YEYzYh+V{qnq1B22{p+kL3TaqU~o*0fL)+h*{Y@F6nA<?UCKy(oYV|G`O9g
z2`?nz*3M*vTt?Xkkp|4eL#V)tw@;zG$?Y<0`e%7D^2jU|2D*;VSLgHAGam=X0Z$I4
zt*Zz~9*&lS{aBfm_2KIAfUOz?5M@eO4RwSyLAM}7tO<cCOPQs!D(4vkhJK_?LfP^p
z%P#ZMaV`{fW!<1sp1G9ko!k_18I6VmK9JlLI9P0iC6S}~vB*7mShp~C%B_Qpp((+H
zd=Esy4Q3(H6UG=2Y<uO>jtB9E+&oB)AGiq;d1rH?JVtQfKAOK;a-co*vuM6b)b8_`
zbw%G*QvfD^r9xYPATw8^n7)Ut<!~j}rJ6x`%B7Ckn7(g_24+dJ6E?*9m7gqC9|KZ6
zELH&1XyYc2$e^rf5v6txi=ASUzjxWXx40c9g&mmlo}Q<Md=FW^7!P8tFF__+Tj2@&
zDSG@lZKB^)>}z`&NfypaXv7s#_t$EGueh+x$#1JTzz!oMEV008(R8crCF6nSsFnH@
z7u=-6nZ8;ub?+U3J%txtm)1tV^jQehv{vO9Wnw|%m?!dA;&{{z;JTI=$(h6ay*DLy
z*WTspokk_6`Bv_w7pfnyblanMG8NMU8)CMK?VsEzm9kcm)5oB1GMM9C5|z{6=_P>~
z!0VPXWxc*skCQKDY?TabLRE-6Bn0(L(;&KR8g<Y&cX`~lQ+Yjkhio8p@}}#c62xPf
zG*)vzXzYamHfgW9FjP`3o8jhXtj8a3({=2VtGrJgAsFCPH!~fUki!r8(dlu}S9@@|
zO%uQ7(0#9>`a$Vc2!{oF*yV`xw6DeEpG+e&J{4qLKM9NA&HU2R^H^-LGWEljk}q}M
ztf%(tkD4aFGMKkCOTNBQQf}Tf--wuS28odh%si=sVmiUcyFg>o4Yngie>rex0$D)X
zYjvp!=W+))>tbukeCw`uGDc_-TluU;YdkNvdPMV@#<d{p=N(@dc30tFiM-8h9Hkfp
z#j7KYNaE6a`q)BSnL)M6)l9={%E{uv6{-NMKoEq8;Y7>nl-a)R+NW6<y1!=p7$0$f
z?|oISHi}u7!b^R|Ci6MeMJ)RoI5Hmv0D)ctn9ju0Q7WJg-7DgA$G+o|>+gDT^@NSw
z(RTs(dSc|fT^>uxJp|=MIN#n6#hzCq`%@f?iH|R4(W?r=H1Dos*p|gcZ6Vs9@DVcO
zKrIcxQQi4_SM#A_qNx5O>mpjEf;6Qvx9YRk%!=`(uaKTa-K{chja8{(Wq7Dr?e4T{
z)$Nt5saWTB%kh!Zy!5bO&@N1#7yAdY;McoQx}kq1BI5$=M&!`CLux{vvvvIi3G?8K
zI6ir1X?eXHomqSuaN2Ub2pTq5U^_*SJ&+`=AkSSvP~a|((LE0`6J)75i{mOY))VSS
z0%v_Ka?3yQj$z4Wm|rWe_&PYeS&}7Adf9ad)L+?bF665iaejYF{e6caOD5{w!y<GD
z$d_b!aHT%K(t=EGkB7QweBvy3(l1vEj%v?Hx=qs&mZz%iq};`jK(hxAneHWC;(3hU
z68;wN(pw>hCCGV+oDNkHFeosh`YD)Hb%O||xt>LjfuWJhO$JNz3f7mjMu&)B04U^t
zQ_u&UbQQ5bJLzsXGqutlOVy=a(JK>Ev_i!<E-F_ud#^lSObM5fpa^pZ6Bu`07PU$p
zXFHXuoqxQDN)#qixs(Jku3Zjb{#eTO70SjS64m(maW_^{9FV`7uNDmyEm)l}Sh!$N
z@toqS7XxPZoJi$TjYm~M*NdxnzYp3EF9&kaWS8HjD+eAG4pNk`tYq>QZGHHvg7Uj2
zzcGNBUi0$uQXYHh*9i&&Y;K#d9!H!=(EtcX%UF{5+i)<Lpzs)|og5)5fc5;XeL^qT
zME@IeDKL!=ifDQFFsR4UYN3Z9=W-w+p|su_@u@|Yx74)y`~0H_Zb)VP*rSC$PcAL(
zTPm5fW5s~<&Y)f6-5!0svOr<uy%wuztf42W+rBn17eJ$`<Ce<#%0|cQ-N1s9+$yNt
zHCKPXoR=}@r?S(*){&9Z6i%yJ?fn6RxXgAk?KWMelZ7NKC@fp1(@-!f@uNnhSgEFZ
zvrylBt6d{Gu}?_2Q_;u#C=!|ffp>pktQ=(obn9R{kfMmZsf%TxDxnzXHp!r??zAVC
zb>D5eT?p3+%%7;wrMj;{Q|L?b??V0XtF63ts=hyCP(U+@cT4M{7vUIoHAt=M&AJzf
zeKo;UnE(T2%<2Zo)s#UiXHdR)Ve;AAH60{DEC!4tIn3J|Dh#GK=wA6<7B+RFg{^ky
zGD^xNbr@)T;wbNdKIBlR-O(D$6ixJ(3`44SUIijFk>+Nj11R(UPe_KuLNp-JuOLke
z{cYaPRYMj9Qf-GIL%j#H?=;<8Pv>74-f4A7%i;w!_7K|lmeY(F$&7Rzbnzg4<e4;H
zn0a1NTve!C+QT9}x(D>UhMq?Lp2J3uYHaDVBKHvI?j>QlBqQ(o4n<__Gn5*wGqB9a
zN*YlG$^$MH@l94EURzGc;2chML%p_R4M5;G_=?O!M60D@*<l@-<9#rTRALY$PqWH9
z*i+Mqn=b>z^t0<AKL2}nO#<0FCqj1D+VxNwIkJsRNUe5P)0%{0`xmRXbU-g?KZ|(~
zdTFhJ+1u`}G^?^n5eRx>@2~mz`?%rW2`uEX_!d~K%RtkiMWgXn#KD%(sIbPf)PqG8
zuAkKNBrNv6KmchldkZ7MFw^B>_hj~>9|bD7*c=vaGx;)wdwOz7<GnfR;~+Ka%*TRL
zq;yari$w}fwd<+O<pi=kcR<reESt@&Cv9SCdIZ47IR(Y(>iEzw2?dcj8dvKkB*KY%
zjM6IyFAxCOb$$WZ_mG%q=n=dSAZS*|AWXZduJONmVgilmIm|3$O>LahZ(Qp-@~e6e
zuA00VlestM-`%_`S!B)N3d+x~=u4fEEgA5oXFa+bwJX6kN{qqT2BMmBNn3{HnL{>E
zs&!Cs->S6oAiHwqX>`^Fn^O4)Nv~+IYn~N30Vu@%^Kkp*a<(}uY~c{jsn=QbAXJse
z^IEWggDgBQi`gXrG8Wd}B!S(_T3)cb7Lm>a(GfKM{xPVDe#K#alLFz%JI&danPqW#
zAC%VYnO#5NWa*f*%C-Vy3JMHkFz(%@_ps7o4K@uiS}M9s{WK7kVIzUc7-g88&H$)P
zeT26_!ouSeS<7ud9Mug%u)3l7Ed9PJ(da!@=p>m*;)3<ky6huB9aO#KNkE5(Sldy)
zs`Gixn>}e=lAc!QL96NK-y1uwM0{4KrmlNmS8Er%>k7)^i!Ot!8Ihrml95g_!6fa^
zxJerD4-RvNn~F8QAnS;mLk?~3J%I=fT0eYg0ZZv_cf>|tCGY09<g6u@PDYb4mev}5
zkcjlIwsV1LPI^bIGnW{b5H(xXZD#t~wLRE&I=h|GT)|Tk)=$XnpLT^+BMaI*6~b$y
z`}@=Up^v$ODR4L}4#;{qK^<!R)!i{IvC<*?=Us0^n+|r^FJo7OdckI8CK%HoJO?IP
z<t`y%o}U9gXOe;dPcL={qvIEV9g3VIxXO%!bd{v&=8PCWVtb>FE)?51b>SCiuow5H
zp-enFbMa~Ii(${T7MW7io`D=qJW&H64|zt4{2Q6F%JMVpFLn376Dv=uW3%du>FzpJ
zDpi)MSofK448>tebkhcSjZG_1UmpgorbcSpqPi|}mm$0-=aGTMJQ$W147%8v@v^jf
z!HO+Z^<{Az-`>YQ@$dzWQj^)~*~QAGT<G8gHRaCJz0q_0rX{dJZ|jQLG>Hdk2!4=R
zSnqGIWbR^j&0#n~XIx6*&d*g#I%!}kGihfxV#+oLEV2i-XsPK|@WC*Sz$;`2{efyS
z!V6U7OpicVe_(58LLS{X*P|N=lXeJK^D!!!3pCO|Onoy5ZCMxD2P}0$MrZYDVv{fq
z_wZedsv6h8*vmu#P8x82WQ%uRXRAU5*P_CE`|y1luBF^NMZuuUpV($J_6z(7gTFmE
zE4Sf?AN+n7SU{b-?WT@0!S_4ADD*NaKy?kL<6Nw}g(schb7=|vwu+CE66z<grS#(5
z_cWN)OM_eDc`J?C{KBBDRiGlPO$aKo#4Fsk<{%IG+_GQruPFw@DjH-?X+@Z^L2Q74
zXlBC=`&rG$q;1^8xk2ec!+dJ=F|IRcB}=qKI_EIIt4I~oEeR}~&0E}^_ptA>uZAAJ
z?KN&$(uYmS&%0)8Impha1WxEqUVbx!GY6{sIYNQjDmFzQ@=2x1t{m{+UQtL(kHePe
z7N2kSfVEmEJ*i8d=G!V?%t#KgNA?yOl;<%ZHDT779sZ4D6PX82^DCG0Tt&zVX4s(`
zgVX$nJFep68hLy6j5x4CuN=+iN@B@vj?JM17S3ImWHB>DiK4MaUOSV~9Bg^=$t7;&
zAhW)b3%Zi$Rjm!l#6atYi*2nr9(1gK<5R50>gH-mjDOGriAF)I$CsnJ)Os_~R>(oR
z$e`;fX3I!o5RHYE#>OPl12cP$;fx!ZTl6TFTMJ@}Rm>2bZRxrFM!J;Pj4fmW)M7g9
zYczWMY<3kg%IWJgiTCGQc+BIYKnw4>vU0dHvLlpP;QV8TdA}uBr*m#+pc-3xbzkK{
z)btLkNr*~i#~goeTH9N1nWCW*U3S$*Q%*ff*PBC}pr!?@S2V)q+fLjAt-x8roNjEX
zb%&(3`1@hYCR9CY`eF_*O|36wOBZj&Z&lG!+`-SCdTE-ps&s&@v|jjQM0c`bl_0>w
zy;cJu)|VF30;WRsTa!VN%=ltDa*p}sb5MM+*JG4QMm7SE^0_~NCAW7mSjDH1J&7nr
z%_-K|X~fnDC2r%0_uc{=belx^1s=O>mo@U{&f%1cPJVrTC;7vxsyC(YL8o>)ib<Q~
z$(dcUd3O8&l$NuouuWNhTF?Pi-M`y8I7oWvX{um=$T@G)wL}F~6iE(W*C}$$zcCcY
z<uqptb*M0U!0;`D5kY3rN`yF{9l9Y}c7EQF%pchd6GwuY(MR5P;YS$yU;I7g0fMUh
zx!_;G_1jSxtk`2<E?NrDlqN_tBLDYbm%uaz=<s&vr*>Gq^IB=Df93M8l5z)H#wR;H
z^363c``={x2fh_x(EnPrRK(Rn0XAvcSU|9Zlrd1<kU;{%(^D!PKuYyu@u<4dDJTv~
zH)=0`g0T$b1bjd1cq~M^PeaGQcS<r#N4|UfdnPiD0Hh|Z>Mr9_fCW8A-A>Rtm!9Hk
z`#me=d*{Y7w6E$@oI@*TrVH$)upSn&pbG>S(@_jbi}B&iLO_d%Q)xkju~@YxQ`#lN
zojP2ha-n=SEmq5w*)a?M=qn6fW+SCwa>0EZDFuQ@U>N`}0`0V)2vy&Abj!nAHGOgJ
zbD5c?2b0V`{c*N+SeY!&fC5M|fXENDN!6ER62Jshvg^?jjz95-KZlFntKqlfXWunx
zeG&a;V@Wev9Eotb=+Un-auL~QMN;FXG-z`6??3Zq1+_m0!r!$&0Dc7n3BSOvw|min
zRLvpt+1iDb@y1F}XB(7$eOoW*&a(F}*bUtqBo<*Ytf*KBoQCrcf}V;C{WWVzJ_}O)
zN`hAM-XjFxnAY7>aIT;#S8i{$UjN}A1G<m^8D;2KFeCjB5z+v09w{%EB&dNy-1?8F
zVn8GKbQF2g|1r)JiA9B-2Jb#?K<wY{<8(CpsaXD>!7E<KAMkt%M)2*ZIR%cvrU=FH
zviyrbCxs1JkAxinS3%!LcIdiF^*g$g$TlVr@@dzimpcR82K5mRjD->@Qjn7~E@a5y
z=aliNe-7IGcVkii2BH5Q03}6<7@;O?BFD!m9|=SwXC<16siwOCb_xBDqy8te5?~7O
z?<1bTUYv^XJawq^@3RsV)leiaE=-@6P5@~~e(T8%cL0$539b5V9*{PI?h#TkN3TzO
z!vKb|?8s35RR;cJAUW|Ka(3#pVF>_mJ!MoR<kSHOfJr;$_+TFPG&u7=mIr0OFlCGJ
z{%~TZH>dIqbi4mHwFc5Gzze*Suuf6H3v7p*_OqA(Oy7G1rUz)_Q_;4_87>#Jbuhyf
zhn(SR1=ysN&0>SdfXLHXafA)|?Pz`)Suj>}3avmT3?HDF0z!d8{(UL~>0tgg?g%iu
zP$Xv86feA7BkBa?7>-0|{0&bE=H$R|+VhiRa<`E~iC<Gcr&0rZt$t*$mHqI6I%A$t
zXKZ9EEufsR+!3JBss9AR9(k&tKKYkp2D21NrvhRB`Fz{I8{I{YIToQm`8nnojU4N;
z;MMrT`Yop*QKAUVeB;zOqT?w(G0gq$$Z7M>Ac8n`v?ja97oHRVhEV?@Q2jp{DnaHm
zU}WtiJLr(?_}if0zX*{Sjz-FE=}5|9?HJ2$_3WVk2fNMikM+A1M$JM@`~3@swfBgT
zp~?Gi1nnO~Qo{~zmIHuk`O5f4n=6N29Xf~IcmH?i>bOM{sgNrE66cj72PjC?v9F~z
z{Yo{FUq(`5iihlbv66)dbfIAjAzR^R&vAS_^yg2I<`5P^#$BlBTy%+-QcGR*_uBxR
z>HDSB$LZ5bm@mvg9r49tGXOHL?6R)~d^sAxZgLgBN9LP`0bsk+>!E026YP3*y|vx5
z@;=2~y2}#d61jwk`(MJW#Bcuk=7$N!#F49|GYKu4-|<377Rv0B4?1QVr8B!2SYud>
z?Du8oFhKB=xPXj%oICHcJpebf_y223_17ejuQS$+iOt3wn{^AcxP$qP=6B=E-crz^
z`5POX6~p4y)>^DpF~7d3z&8oUGQ=8(T#J9E7gzK!hcsu1f{O`zD_th;I{?#3yw_cS
z{@_qF=l%Qd5RIJf4PXbB1WOws9P^<TD(b6Ocx`@ui^jsw`1Q}E^;i75a7j*}z`SS9
zH5acq-J^2j`NTw1xWb{L262nX>gd#yp{yCZ4ddxvk+Cli*FC$0T16^X*qL^>wr37Q
zsyn>K!;=$@G?Z@hy7L)m6;bjQ{EDdC#ZeK~<<{`sZCq5Sg=Fj$d(8i$?X9D#T=%w7
zMN~qiL1_^LK|pB%De3MG1?lbvDQS>KYSP`^pb~--la?;&ZYFi^N0)o;cfV_o@qOov
z^UoS%jlp=l=N-SiuItC+u1*|pSI(G(?o|dATr$pRfeZT^e*1T1{7lm85Uw+!T&$_|
zAf5XOAuE&lc=Srj*0gx=w~W_|)1exZ<urHINc<?&s*T}{*|zDp`V**B?96D=e~ARI
zWVXI$`3xu{Rq%5SpIu{nI%Ay~yPT`5G62kTh0^$!VM6A9sgw&b5Mmi3gU8+jN;>Oq
zzaS#1LSA@u${j6F*Pexv!*xc^8G{HP?#<8;*XezU{XQpJWbuUMhp}$gCbr*WLa)!i
zS#*3k$hgr)lv!kN(s{AXDtbmHkU58M_xiLN;Q^}$chRqDW`x>){|=)E{5ViZtfWm9
z+ah(d(*GIv>VnD~agb-tj3#<n@us4I6-_kVi<0CAOX=Ghnr9!mo~w^Uv}Qh9O8TYs
z^tzxmU&(YnB4&J$?5@H0mEbsn4uHFT57Ck5CPIB5L5Sh3zx{_=nT-_p6HE{i0#=ie
zG~cli?@nuwlRVdjKyFLQs@#OR9EZ)|tU*oLtLtK83#f9U<*ANI6Rc=bfA%%{op6j%
zbQUSA+FQ>nwq0VaWKP~?{@0Zt*Xc59NMAjEB^!BU<je?Ko40<0yp)Cc#aKq4|IT^(
zecvfpz(ujm)hXm!P)s!N?vm8;powmcT16t6RiwY6auxRKvRiugq;)tI{g<`C>L<en
zPm`eKP3Tj2=8_qxy4HiNM4g>TOay{WsQ-x<{>2>Y7v(D$FH|j~EzYhJMIf@<`z*tS
zBhFo$bV{=2=#t&tx5XAFdqWsjpK=;PG725Ft=%yN3w080r9EteYIuero}^A^U!e4B
zt}Zk>16U#Lygz#g3@P{}K<c4il>9{`<*CHXT{%7*3EXI0=ZTkS;zt2UIBb7eA*v7O
z3rLS7IJ0`4g`=Ryxf_joaiKvi$`CV9qqL4+^WUkZcytg|2KEFH7y#A06~8};@>?A5
z{g(JUVwYtW6%EYl!v>UQT*3wO8|)uT-%@JQAp(Fm55f0(tI7oA*_NI@peKkuhGT)i
zbrr>SR2pLV@ci9w{>||58b?x}GWb#cbGNOiYr_1p+M%MsaPTXN*m=W*g<IE4U9>lW
z$Fo?F(<Jx2?nxAOIq=f3S5o;)7c7Z61RH$&0Tn@c#{?*&ULQ2G2Dx1)r0+lmrQ1*p
zU3D{-zJWL86YmS_bx}ew>}F=+SYL{bU!pII^t04XpiF7I^u7Dct}?te7ovL0SwAps
zMun<WJxu`OF(UWxiUMF8nEU}RFEsA*uw^XN_l4MoBeP<664fhw?q6~kD<SW$zI>@P
zR!B$HuIa7o|Hy2Mk1U)GZi_JJhE|UvQ}u`s=MsSQk@c7O!(ScRRQ1;v2!6+_3yd~K
z8cMj%r=Z4qsY9+@ozEs5hwe^z(C<%e0^V&!dE{(C*sy2KG3xPQ^)Yhg`&Jt0mdH8q
z`_#OW#eP>=518a5yZ^rERQ1_u*KJ$i7K381rECGIzcpoZkFOUVJ=tqPk7^fN^A@HK
ztcRJi!)I#*0TdG4N3^G<Cc}g^Hb3)?QX+RPCd>^9YIE%FdI4sCdgj?Ec^@gb_d|d9
zJO5%yf56|VIH2Cny4)X^+Paj&$f66|X;NEooz%+?A)DLw-ukugA(YoW(WPzh>LP|b
z5kbIY0aK_jF!cfh1e(WxF8RM`ZLg3JKkCl5T&H5`F<$VpoK)Y{n4CXM^rsC?H*}RE
zTy{uSB^25YsDY5k<g#zCdzzZ&4J|;5Y&pYLz+`}}1vH-=7)aWRY!T7ot23j8Fp`3&
zW_AAznl};*^q4<VW%(5gbu<FwR*>=LQ^A634uHmCcEuF1*N0}9J`?-NDHCw%YSmwf
z%0Q_3$NY*Qv)qnHifV2)hHn-Pa@t5sd$)>0=M&-3uD;I5FJ`K(RQ07bBVR!AH4tra
zlP$Lw473dfRDSVp%m9%nNPn~^Wop~S)paV=Cvj@v6McrdfwpBA{RRnp{>&rGd%tc1
z2a=DE&sOspsntS9%)A^``|5+2{Qo^K`HjOaReHTSZodUO|BA6UMvNlq(&3bF?&1uW
zLAT=D%=vE>b@Zl*p*>`|&Z{B@EUQI#beGUN=>>o4IuuA8N_;TA4bg@E^k@Es@Ge!F
zZ9a=_`1I*6yeU<~)A&q=g}p0Mj+0%?sfR$wHs-s2apVU-cgQArB_W@aQM<TO3ukZ`
zF4^HH2)$lJdzSuoQM<vwMOt<sL_V1lSW_i{R|PPmzjBSFiAv*&hUFCf-Ao&<jZ%A?
zx|yQsMP-qw`Y=Cpb(XwooSZVGUe(%>Mo4Nd6$J^QbqE0Tp_UJ4EE--|oI6=ur~ho9
zhVjn{24KPd#Wq|%k8F*~k+fkxGpzjyzhLuJuP~N`6F;+WOw2oj?h<$zm@DsE_imHg
zt&bEtKE<27ZYKSF9%!R5%`>P;kUXX_4lJm*x$mSnYGlr&@|&{S`hxdHOUvfc`<2*4
zjdTsmgefR09Vt@N$m4l4FF4ATS5t2JQVpl5biuQuQ^->+ky~FpYyACPqRID0Lf2ZP
zg0^Nzd7F;{!s+42m8PSD1?n+1f$%zNVRs|_iI??<2H`9C#MSet+&`blSdVJEnjh%v
z5;>l2);L!BOmRDk%oyQNH!Os4O?FYkh;J4YOf}40Skzoyp0Qgi8Ws>c&3bLYuFi83
znGM4<>g|j*q%Q%fsQV=Vl?P970^HH$ZYSAHtb;M~b<eY&%#|xOb>lD)7QP4X_U%_)
z79I$(sdN#S>(ZkNOfS%S!dYZRPHNcib)E0mJzJ?xw1#sY7EL?Yev^`zBH-D}L;I<K
z!Q1xotX-o;RT0gHdYgA{)8epO$$GW2d38%K$1_`gVKh#2i-G5=Gv;EnaZ|8n^lDS#
z2L|kE!<n{YHy4lW6OZpWWZT+D2`Y+5iO!!l*?Va0b9w<?XcEE~89nG(h3^g1ag7IB
zq%^>Zw5rWMHXM#<WXzp83h9&^)B*75r_ILwUW?DZsG;{rM%JMw-DJ4OLB`3L|I3Xx
z21ZqGbxWLtA!kg5QE$0Lx32(?Lq~&`4m8&yxFD=W$`cyrZyM8)WpTt|t;$|K8r8K8
z855Q+E-sT{To$*{kx(dqss9izPXNAWTx|M`OjM$W#pnO3HuJ0Aax|vb4D~ug#Jm6|
zo3p2x_swUgn$7Bpsd^*rNV<$uG4&t9uR!C<RhC7jYtg6~yIL33j=6AUsjjHN3iMy<
zOFRw>wwPh3A%JFQ+8<w-^K2DrR-E@imGwo5k1*aX>u_5LDowY!a#hr&BaSz|0qAeL
z>xBCFm+~4fo^=8_pcnH4b___z)2^_IT5AOsG!x~<HBAQUG&yA9R8T1iX$>9`h(i@u
zZ!HH}Kq3|PpBF%><QJP;PwTam-M8;P7{wuR)I&w=j^>l|#TqqrRIzaE=<}IHYYTtW
z)fUxCWd5I;$n_7D?e-_dByVCs#6YMy7XQ@2cDXmy(hF|>{KkzNc{_`tmTnnPzkMrP
zIyr&Upq7glP{F1Ey6XJI>hLEZQds6cnM&US4g8l3plc2<_2HBHB}!|D-W&439p1Or
zPoK+*F?$oaBLG_Z7P=Iae*K#f`&FInsBaCzqsw@4dqnwhRD-oug$C!?`8nkt5j}rb
z<8-9P*f(w}=POAg%C<z%^gChMcIxCxm-BEPda2L;CCDOWB7+;iIJQ9bxvl|F9~RQ7
zx#v)~0LtEo_ycG?d{GG|W6gh6;trSu;l~gt5ikcYdJhlHN$QjGxkHj!;hKEFLx(gE
zW%U(gvkd$M+)w*S05N%H^&*oV38FB~JDlr{2(!w-0ch^+Xz|hK%ag959H~U?3(wk@
zyg73(#zbCIqJbb-w9%yJ7^vzw(^VLNh$!X{(*abR*hX%i3l=AcO5=22n44EB?qrue
zh&E$yUL<`EGLdaqAm9WsrkE)#*X?!FEigVj?ETSGnx42E8+dtTe=_Ia@QtD2>0<=c
z@R<fs$dTkpRlF;}|Ewcu-tpU=WPq>_NlQO+*&o_WI(2v&`*!8!q!8AC*bgh}i$8tp
z>sMD=FIG~0CLy%To0^Op?iz$$F)Fg<JPEa$S7ZhPqmpq!J|byQz%(Z$)kx(XiQHk8
z0-e_TUzE<@wd9WacP+f?`%xe|Dag?GQW5@kqozDG7K_RqzSk-f5R1BXRPD4oe-gY2
z{J<L2hZg=)KHAZ;bA=dfaiCK!3{aVM8Xrtq0*-c}m}jT;#ung4q?`e2)cgU#RnyTp
z-954c36CNvowp^;2$N&LHT!mPvF+&y-bBd+Kr$r@(-Aw2y~+F1eA;7K4{%3Z46bVm
zur<<)6_Fh6V=f4!d<Jl#B-_o4RE*XQo7IV)PY&Z*Y2dzT5cY~&r=y2`W`h)vBswoV
zAlL$DxI?7-0A<qjQ#HAQOih>7ENeKRV??U=06>=d3&(OTDPK-ckHd3SLVAETa--ro
zPI28*`^YkMyp01p@pbKUoyOT-bAhOm$Be9QLv9oaDuNS$Ik6nZgIGDKd(3qKPKt!r
z@}Q)X=csI#Kzg|0XROBL=`xIrEYfaZu}D31r42{M4iNdA&k?Z8gPd++DyA7j*jiWo
z&kVk0va1vS2GF6Ip9mn`4G`gQcX%w7fLo(?u?`jz=t*jKk0htBXh{$14KDO)W^`$8
zw_JG~17ygw7U-?*E_-&8INA|9?|(Ps88nU@xBABUu|Rp|6g*~Pn9PM1U=D1g!DNyr
z##xwFFg#CQnb|IcvUjinSEl3kvZya&oCCC|lP)z<uMAdNNC0QbXK+)NP>zzUXfmU(
zVg{m0=S<|;F%)5Enr7;qorzqo(eccF#g47axNE7kEw>-Fa`nX{rPRgV`L0(P<*x#O
z$^R$-fCtyjy1UU8jIVT6Zc-)n07;L3cFU+ez6ZWn@6nz}r)+NLQ}mNEV`(ID+K6-%
z)O9L!Md@H!=nS>3O)El-K^SlXl2G#gxNbm-(x4rTlk|H$(w0)<I<-Ezngi25{k#^g
zQfmc>Rvr9-j1oL+llAsr`phGe5_KocYwSmLJewfI*dAsMV-Z5WNNV38S7$I=N@94I
zOU*kHIuq;o*G)Q2)b47M40n??^Mr8HO!VWe6pX9@qP4BP-hB~}s+6+CnP`j;C(Biw
zQl&-}-BH=y#SU>&X}`**&ebfM5*DR7^M985q{_6B@Y2<R_<-1|^*YdTx84FE1ySyj
zK<{feZzQ;}K1lW5^gByfUPRY95zsWdc?)g#e3_D)t*+!<-^^vkGDM^K1&S$@cP?%=
zu_vJeg`8|GwvofpbDEa(pNtC*CPg0(Dqt5+@7*X|u%89M9UPsjMars?vtqmIUL3y&
z*u{q7RKxUPaY9uyfa<j2Y$Ntp;~{9^Zl7C`kDXK%w{2~G#8u&%Z6-|U>W4&iMqiwF
zE{-(Er-RYHn$PX(Z;Z-|(s}!^?cTnqRw8KG>#4P-ssV_<Y8Q?}tov1<WcZ*ej?F_4
zRB%iFG+D~UWy^J?CXqqKJ~BE~>3R!GY3$=6#`PA}I(QXZOu=)Jt~dU*U$hS<>ocig
z2ff*Gw>=IuWUO4bY8-oxD!F&^wh0p!Z8*N&DA=`z^Y*RKDa+2!R5rKLU_zXvwF3eJ
zfX6CiJR-cC-r~C+=X#;9^QHIVXlmPo{Ze=37~(rA3!~&proC@gG**14gHZZO228;e
z2+<02cC#_(0aBxgdz65?W%b+MC6Gm5jT4CK1XS?LpZT40fKl;&(R%08?aoJ9k=w^1
z%)M3+8J13I0xw#TFeHV=b*qp+@cr4kL|Ji!@R}qbEDqfLxQ>1TP~ktt)%F6BZn$f+
zxCqPzviYf?JscV#0$9nnheNiZd^?H76~#?#bkBfnf7GDpZ7l`&dl!#07PBL8(Zm&(
zAzpr?Z;7@_YMKYF;-C@kOb4(%ZB9e7<)ILOM*5N3d3LF+t%y-C?#&=Vv3bC_fg8TM
z?lprOW{evit1^=Nge--IgKI4}!;N*{T}8Wae-VJx%FaGvc*y3Z!PTc})rup?g7N8t
z){O-_Ar9ZrbHay@TNal!YZOl9WSh$|#Lt^a51Gq**d}Vx85^H5#0D?j9^hsh9|{xx
z@U?H^n-b2AW%mN*Nw1_U)}&TF4nQI$LL@6)k&Rq=s!?zRQ+9^2L6rk@6_yJR6!8I4
z`fZ3i`|h`c`IRk&+Iw+rjk!p)OLLi%DQM!~q$;wQD`GDq<t?(TKO0+x<q;pPOE5SR
zz^)d$Jql#r6Gg9Z_tCzVO=p}$?3L(bvYU-zhO@y}ZnYRwMOwPAYrwmOG*l!{#z&i%
z!gw!FPW0Wo2I5FtR;&GPqT{#e)DIWGUpUj(wEq@vp|_jZ%z==5ST7`~vveN!q~~Lr
z241Cc+cyZ7a&iic_w!=_vtsnnUe{3rbW8Z)CK<wenccnX<yP&&yp}uvsOy0SmrtZ}
zUosU9Jnl-Z!k}Ge+Fm0@`1*;|BX2v`XfWLD0`J|*Q7&^IH*;|;@uxDtwrwAkdgNp0
zD&8aodqmGzDAhrzHOot;EE{PiF&7Uwn#!hO*cVr7I@5<)I&^!Dt5TNvZWf0R6n5rB
zWb(p}++AJ55g{fDqM2B1gsd4-yaW(vZlU!Rgcp3)HnWsIYNsKwS5e#-Vlg#PcZdMc
z4duF<S@5%wQ(%mIbgqkTcI}GExX5QESVX|TV)?xWxOOI#fn`<x00F9&)#Z~Hea_O{
z+acW^0KcZJ{BXd7i6$b(L-@jV#GDPy1h8tBX+8{OYjopcI-MEt&~;S@oj1nJX2jHQ
zy7kRn`A_^{Gk^F@9>Q4!ZX*LGJ!e<hm1l$}uLoty%xH#EtXtEMe`eCFmT{V-Q>(x6
z(y#<7lpWc8C+LLyVr9b75b-2H1doz8IboZxM)^caXD`z8)2Qc-s>qNliXz5{t~ZGB
zQ3A;;s==BJk&AXMPv_BW4b}q!s}?Qmc06gI_cM5UpkmSUJdKfH{6I)j$0EuzP+2t<
z>v5O)1>$hGhz2;3rDTWkC#N=(C5r(uiv)bh%#Bp9GTubms#Crke-K^ivIWqjy;&_A
zrh`S&9{NBXKvJicRVT363yInDThwEhVfqL4_Y!=*SoXPZ*)F)$-xW+#E~0-Boo61(
z4WGpGFvY#kf)kxf-*nskR@CTs*dynOkHX(hu*eBFGfng8-8?T<-M4B0vW5c}%_lNS
znlq0H@%YaD^Ibx*g)euKWgezi3vW-5!Q2#Ecds^*-9z3gee{<ZwHsu9`I7AA9cH($
zaZIlk(&-XPiLT2%i?k<DqqGiuPD$A6OBI1E8c^=bi<}W4AbDq&O#IGskG9vMxKS~=
z4bQg_5mU9y-;C}@tKA}bo!ycRM)SFj?Kkw~aoRf-6y#gZ<ZH0@iDegTX>7kdo?KRx
zIzAmfYZigsWfihDx|hI;%Fd4x*^kX*y6bE`9-aPG+iA{k?KAmhlIV%3X()}pSe}SU
z{^&j=`LM-#Ciy<PMH#uTK1#x)Kj_*(kc?c-$4gR%HO>QcFKr6G&`9lsqNC0r*#Vx4
zdS>}g8C&h67*AnC$~fX~q1ZY;v*-I*;!k78q$QDrGN)+--cA@xV9|!=ZcXj`uSxV!
zh)ch)Z<r`GUM2Ed6N5)(c%+?sdb*{Vs2K|eHYYM@tVtz^rzZ~8z|({Snj@6UzE&E4
z$`Hy)(2mogqt~9)KyT!55v<~lX26msEnGJ$qxQ<0!oT7r#ecUt&%VXntRuvl>y$Na
zf=WeK=kUFJijc}$&^uki`-JlPDlpQ54wk#_-Kha6S(8SN_p&y9vyCY6LZk-sKCind
z7U7_hyh&q#&jJ8Ys8#~nts*ok`{c*BgN#t-H5=nc_rXjYntg4C@wxBJecz|USKadZ
zFzF-E{NJF6KSJ}?eTrL27cD6zrN7FsrUK(ajg6&wP+ZV?!kjGZ)$ZX!YCB@ch!Wbv
zL!FPl51>zPr=A>&G*GllRaxK$re`0=Qw$>V=&6059;?Ie9C(uCu?s0=Uujc9d!AG^
z(itK<z)3gAeEI5!-Hz}#>Z*2uK*YoJOf0DlYKrSYbt48%A?=#<X@cm>vZa;qnsxRW
zH(TX+c}D^f%Au|5%a8abjLj#y)kHxQI75nb{Py_su_KRAOY%Ir?y^r}-YW=KA1k0S
zo-{Bp$e%ILvF%|U_Ossk(dcY@6za%fQGG2MHsBuJotABcW-YhwD?6|<?(7@+fhQ|H
zA&4A}KHy<K5w^(G_nsal1=UKbe1|g>dO_^WDt555(JNU<%_if<owR)8lFtGNc0%PX
z%hB)i9yAY}Z9|eNRoP+4DVS3S!2gxj3zg&jz^SkFja0pc>d`|Qb1#F1vdZ8%`6x>(
zv(hzuT!a@PcML-GOa@Diu#C2WI;rG^+!BtLc|Vo~?ZpJ99@6OwtqKDsuCzm)a%XZ_
z(MD%1x$X~6XEI#dO-l3PVF~11xdDla;Y(F4@o__CM`2p0p{5gr*UzZ&d;!#kX;qZ6
z<XPk~(%Pe2G~bR|tr7fk0)Z5_?MUd6UIp=mwhb^#(7@@e34Oy3H=BH84Q3L)shDT6
ziVx6uWlhI=uwm1=DA7b1J=_(T*(pFVHKGm3AAg>=f;CzrYbTnk@<>kV31L2cMtf~l
zVxWTnDus%A9Hpj8cn`9VgD-Zd$Tn}*y(h_(xbmST1n5-!$o=cs<Aj@)dZ<+SQ`p-M
zxH)<4qrosbrDcGr?Un4=;^L9%!wbY4aG>N6b21q@P*ZrQ!m7oNt5MY(MSg$nnwTs)
zmavyxMjxs`7j}>8{Rko5C|@DekSQZGjLExeniT{nm~sQ?6_tC>DWVILv>Xg*om8jP
zc=C#9qh&MN1OhgZsdv^2{3jzG?KfL3#+N*Jw&B6muyR>$)ksfk{Ct$|YL3?NkeB}F
zG5gxemS=OuPc2J}<_qQH5y!?NITh)K=}E`s7DXK$<F%fnPeHEBU*)a8niy(1$!E%@
zUy&UamCK{gXIpvFGr>GBPfg5mBxvL^-{BMP_R_3T7gJ*$o4ypG$&(ALxfWJ)+hZ*+
zr~GsBo}yIT+}s<29J^eOT(tW4_ztRK3T2Anub$vz-?l4qS|(1OC}a>@(Sf#A*)Osd
z*5A_MKB8u*@2_5)-!34Q#F>%oCa|WqbpN8%7rV*u)mr3QUG4`{E_%|EH5Zz@Ms?XY
zYfQFtjf1yjUpv;>rg$J$O}unB#c_fjX)GJn6hL0&hlDjfo-cNAtU0=Fp!R0AX!`p4
zaft`Uum22^U-P0u8lqX<c0>{o>phjaiBZ4>-tDk2wn?<=owDRH<j2%G=j@dgJUJdd
zGjng7&MwZ=T`ex#aK)#YG_AS(&opS{tjEYBX<qV8^qHh#Hm8L<zAW>_rpL8xxj5Q*
zl~JUwltEefQ=Y;*oV0-|dSj|#G#Lo(?8=re2lb+Gg&Q^K3)%RNnC(7k5r#jtUJFfU
zqx8)zijYk=PknXZZ(`cGX)Yn~CU>ReW^H<?9kIwGQA|0sVBhPTVHvoTLY8iuraA>%
zzPKG9MyLW6V!dU~$0VN_3DE@Jye`CJv`ny>l1Wi$l5dL>bl4#vMk7i`7RWU|GHMbl
zOVOfg1fN0n$`}?gF?E>9Ygv15L~JsCDh%i8QFogW7jfO|q9#g7FAA>OtWiIoHagO#
zO3x(CGdVSCIIs|k^o4)_PV5jBHU7q|?TXYwGnnpVAH@sD?-~}>#mhkysu#=bc-)0s
zzdg^`VTW$OX4_+{lbyoE`1rjv#QHe{YT~3sXIR5kf`%Eoc#B|kquvyu<G5^Akt^fp
zy4(P4_ln}=XVFWkmOE8bM)mt&Z3F_(85?&#Z^TxSt8C)n`3-q1O9k7|b0=iY+R4)d
zI&#6AZt_zS?X2?#VT;c@n<)}2U~wm)S8=2Z+Oy)arqu=2+*ZCo8}^Y?!2Phqk9FTg
zaf*<BAciNyS&0NKnUNnj!ZcZ9hw>}9xK`wBL8pN?Kb?SBfSa6WY$-natuk3`0<7u*
z_z)~UuQbm$jpc$8pP-PUowG#_?BJ?1BJt7Xo!ldlfLJm2FV^ZJLdTff9JuF|n-wM}
zzW6z652KN3n+}~;`ZE)gllS-Q;pih08jZ&zB+t}Qa9_P6q-wXKmnZ>SXGrm9>+r;L
z<#ZpmIe6o6xE#d0p8iz1pfKrYtgf!FTPUf6^**f>%F^+TJPx~8Z;#i)svM`$*jkP6
zM@PSe*!#w4h;A}94d^_}(Xm+U^dpt2(I;v6V1z@0xCY9hBov++pxXp8LY0(it)gDJ
z?sxLHV@;EB#aU8Hsfy)gKR5a98l!8v`;-{rR1JsF1ZD_STFI=}uBbM89%PW|kB0eS
zKTu>BjGzfRm#Yu(#S{w8Ej1qdB;<iDIppu4B8U8HGWzizq|BD!f~{>@#UQpbs>l3^
zuVK+>Lbpm7&h-X;Qt|6o={??gnj}>qJyA_7Uhw#hn1)J0cz>l(rQkDnhoON>&)r}h
zMfCGEx83O4XtrUA2+`d%4EJ2bfX#7HJtHDXG*kBaPjX>*P}=HF*B=V($okw+=0wp@
zoMlIgx1ywwsXSJGJfdM~kHLFhTA;Y*r(u3Y97I23Hz>6Qv}C^Z4rBO6(gvltV6XWm
z+jMtbGEZM@uDYU;`fQpaH8^ZrBZAG$%$^L;UR?DD-KjKtlBw)AV9TNHjsy<tW45>d
zaPn{0#47&OcZ~dlxm0dnPhO6>t?4=0($$h*<O9a|%5elg&4WXvE`4nPv7{5Hfj9Z-
zrn(dhZGsZ(mf7($dg3Z~Bh{6)Lsc5NAn7q1wxWiejf%dJEP<7i^Zh;*0)xSt*@qV*
z>D@=06H+a&&49z#$vB9!GponQvL@zsdKT<~dW>6Kl^_s^zb*a<b%NRyeF3mp9%(!?
zonyeFMq#P<pp9N(ooY~TtSYIl8CEXFmWr0Q0kR#2Jcu;E8vNOO<Mg3q*`cbnSy-kd
zB`Isd4OAj(n466Q!p7T+m=cACQ$(sE+sF|=%OEd)4d}!r{8;#UFKg<ni03)2l&Fx*
z0==<bnqW(3j0bKtV=PBz9Vi@`b_l=)#u;8zD$+z;06n4Fvkvy=h`JT~-8hu2ditQS
zfhwx6xp`mBFeM15YJ$2ubfq+NM79|>$#H^)XuCzcr@~0Mm`H=r(5fUL)fcF``(5Nn
z>TLw|95JdBqVS29<o3hRmpjAuco8^#8Wnx0dF(%iV%J2*c7@Sv24!?EuRh7&P5Q)_
zdIJh9u7A~PL>3T}KFOPXV{dqxS)Cv&5Q-iAkPXGxyI8#G!R`}|K2kNiJ~Hzr>8|GG
zt3}er<xASH1(&<qQ!`pBXTsG8fdfj0rF!RY@eRjw<Gq-??g*W!D4D13%!LXTb?a<3
z`z0F*$SyCzE3AprnJ;eHz11{i!*!e)M5HrufuJO`iU4Oc+1-O7g<f3xENXMyw4}#j
zvwxpFx-9~0oF6CvIeF2{fGT%My+i<ojN%3>ZvW7_vwFqNRD=a(^hy=Sg>a{_!jK<+
zk4eFk=-d`32Kywo&`mm>Q*i@n@F?+~??4h+u3Gy$5F6e#W!WD&K!nseGmBw9y(|>j
zryp)}Oi1y;V=oF;3zaYCqBov<VB~9uRili!GU1Ca<{n3*jdg5~);`L@exfc$;g5(m
z!ez(vicw8x$^4n%KsewO(~&W<(oChex{s-@?yFQKR=F;pvAfo|Uedx-z?u=w!HQ}m
zE`v6&ZXoGFgDuP|Ufj6XU9XbhE{!R^W)(Bf_k>-%DeZ&llWZUU=#Xoy;^J%%3%H4W
zBa`?PK7Cp1-4iosP4gwB!hdCkiPF9}5?W}l(ZSZ>6I@bv#WAUkkSb9)PdxOo_?EDh
zGZmoMIBOQ`k}<_vc_OLt^xnz@0`p_)0ilqbQ82t#Z1O`uI?FZsju_nxYojy*g3ov4
zXm;ydifL|#QVC{edcRtm>9vNoH|UY}Kzb&EWCzez^pWILD@`62?dI1Oq4{Xr!G+Y;
z#MSLsx2ss$=;Nza!ZSp0`N<QjeeYHY9MD);4{kFHJ@QSj!?wfq!;<IL)mg7gmk<^a
zDX7w4#1T<eU2dy}0!XFphZpElNmUZTZ8So4xsWK1nw_7#rho!x2n7QrTGth54Oxlv
zqEg83OjH<#|Ehn35(ti@^n4Hp?IG3BSj4+B%bDhUnRCI22SHX?iM6ZD<ZR;3L8iwn
z*y0Dx^7#t)gAad<wRpCG4kuTI%k$j}lS|9S-Hx^D@4Fn7JEGqe?ScpL1aKY=C(5zJ
zR;|la9Gg6i_N9sKuOZcOS*0QywsJ8rQB<HlT6Xq8x{V=KTleG9u<qKaYvyf~1B~k?
z(Fc8+>W<#Bx^l)}V$n!P@?vF73Q(y8p}>j%^_x$YsONEU70Kk%`>X6|H!RpMvg4k_
zKH1DxAdbOLCsCnHN&?K<rOyQldaH}}xHrkm-Y)khTjpNL9&ji|2}U4^w*(N(_Y@bj
zR}ZLv_SQ6}h6;DdK{@X$<7+XrmLZKl<wvioBr98$BZj1_e*92__15qf<fTvP6uMar
zSHm@p3Tf2|@mGq%<hC`YqJlEBHArg){dsPPU&x_JjGg8U@BhrP77Z9WeMp-LKh;fF
z=hcl|8fWJec}jI6dZN~KLU<V5bcTFTvnIhv@>QO!#*(*PWH#nedfD0A``3|Up`d(b
z8yQ^J{X{fUWygQt06t`G=bx#GFy4esH)f{t-p#{2c2_sF-oXCe<0tHvNAY5lAFo}*
zjTRH+SIlE)L5Yre=TY(mPkfcc`mHww8!l?vIP*Bah&`RaP{@`LMIhQcT9;4QPrF@O
zLeP;eq{%a<?qI+cO*hR}k0*X!lJ~QL1E~xx%#r4!>3X5{Z-z}UupN^KS&;l3o}GV|
z-`p~5TF1j|`~CE3QnN*Ob)Bx=*SoQg*0W30Y;8|bX^>tuq~*r?$&2X9Q63Z%;)}=0
z69%Js7b_RV_w$BhzT@*i8aJ12==B?a{re&iT&EC6nDPuZ@Y9F|Ryrqvi?I6d`#_F)
zvJb<kZEs(=oG2<QOljR-CYZ9_FCwtNdvP$Zpz)s0V)@y_z9tsKkSbw5I92{cTC#8S
z`*ad3QF!j|+ymrpQNFzJl17`a+wYXDb5al;=K0?^3_6g#q;XP(#c~22k6eHccFy_B
z2b&0>V*R!k$k{oD=h9fr!)WJ0w5NIDv@b?-<fvZp1T8iRM)|HTV<BO_yN1lkN4~*Q
zW4(|&lV)6bLuC;gbLHhPkB@dlLNpP7m#1j+ZB~?e^+B)3u2|ok(;+H(^y1ruzmGeJ
z#@fQo&3_n=4JBy@`QV3~V%P3M$tgvI-pAK_)H(%k9bqH1&IKh>Hf&YE<s84fMt<!&
zid|4E$kn6;#Il$^2t}0|t>Zcu51K;G$&`6y+6iR63x~J16?dF`eArb%p7%JKxVQd3
z8E@Yj8WA%2EUIsj_p2go{?oo6H;?l_OCWNSH-aNIxtYd99NUWcu7RJ%_XE{;oDu+x
zcQhPJ7|*O8kRjI#gAh~e)l3BXqv*vpa8!S;><~@aeO(_u@!3`{m2<XObPwv#yF5>w
zni7xjw5~381lC3dJL8JU?1&V*Vs2eWfxf?T&1-e_3r~~%_}#mA>&+*s9cF_xk&v1s
zz(3K%<yaI#oR*0v{_P~w+yAG@zq{B>WC5enjq&RuaH=!#9<C0=(0cuNelAJMTMQU4
z-~V+eXcVa=7PwOB`0^U)^|(_4sf^H5BN!apd5kGem~Oo3r?^wvTka;WAw`oW{Of{0
zMT&}2;JItah9gE9oBMLzFLJr*^}x4HO~wx)u4%r1R*mcR!G@WWbDqsyomToso~bPf
z$^ivr%jOHKcno|aN7O#1fXDL!%B>$mxwUS<U8GPHU)~L2;gQq)g+!*Bs}v2pv+%=g
zRU3qC`^6!rV5IPVD9NvNE5lmTUPW0rI23OM`wzFEy%b1ofmW`w|8e@RfS7n@&jMJu
zbj`mnoDhq{K{D<0?TYlS@z1gv5ArV@9N-uFX*F$;n?88Qy;$J;wts(rXecBxCB=Gt
zYAITw`UFAws=yP=#g~r^8$1RwX%jmM6e_Hc7;Y$&#rU1clF7}RvWLO?irMic%rHw)
zzW0z=-^P%B%h;}jaD7tlD~fGuP{#l3%0wW4X0WO6h^0@Q0#RFVBeDCd)Do19@g|XP
zY-I4p=zQfo#kH-zarKGv;p9aO^?!a5f88c#B!7&)`oO@v@AUW*E@=j+tYQg03?;9i
zf2q|3CqO6?O#7`rTo+M3!#=p})%+M#(VA1V{beI<J^q*XH}c~<7tu+2udp;_H8zzU
z^RfN*?;Vfg6RnYh?Z%-OINwEh^R+-m!L#q#e`NC%;!od?k@wSjag<Xs>~J=nB%IBh
z3LUR~HZ5{c%AM)*xv}Lv$7=C~@TU0y^gO{0PkxArR<mXz7-{$Zh03Z7R3+$hzU$~G
zi!EBX^BkmS7QZvwfZuP23t6#3&=Y0N)?q;G)ekm*7sa!v8O{?7?Po7WsG8n>U8mq`
z<g=-sL5lzTDrSg;*L8J0$q^am>zB43qFlvwFCGj>4xm}>R4bao5fBS)4@$`bhAj{z
z7ymMBMse>PzR2}pU-0KvTQA(IdGiIaQRgjwM5<-yd5|86!Lll<F#Gj|HnH=*m}wHm
z<FsFA3oM=RYZpXmVnRZ1aSr1>T(QqvY$RX${1DL~?n2n<>a@`Rqa%Brg?zC2<NJ3r
zhx$tn#Z52<%)dep^)Vwc*OvBych~n_UEC;m_dBjH=#++cl`ut>IRle!|Jp%13aiDh
zZq<jDCj+nT>?niFHRTKe7#n2>i#$E^p2!Rdu%t-?;6c<^{CW@%(|^4-XOtBTA@?YU
zjWL0dP+#neG7j!W%J{EN{r<7UJLz5Dv|o17C5RHgX!j2_+n@i6Z}MUBBWJJQHDplC
z!NZJ)!TOph`?q<k($YRXEoX9*EA?go16wggQDieHuMZgd18+gi@+ZB<5&wODttOcL
z#T<i!%v&ex@JB(<;0^)Z@UY`T*nWwO)7;x}-rlF2?8~Of-_MqV_;&r(G!{H*{S3x}
zDc0SJk8|10cKX;|-@Hxs%>1+2Vtk$&`NDBQ3H~UNL09gXqTO(K*3h7In7=81>I^D)
zQ=O}f&1GewKZ=xT4-c2;Tj+0~f5X>C4=*}F)*%gk^iDQ1%KWb~A3X{cP89Qx+kYGl
zA361P_an;q6^t(6Sk){Mew7YWr5fvxB;UJNb|owlX!T0iaDoj1=a7nt6x<o!;7rD9
z(<btP_+w&UQ2e@p>4;)EBNF9@(iK|dm&pRHav7N|Gss|T{#CTW_l*=|jOJjB2?>W8
z+WXx_!c-MPs;ID)zFJxiA34m&)W@qET$r6rz4EaQEjZ!jq|=t2!|3HyB>wGwJ|Q2l
zFIZpf&tJ~Zr)#LHew7zfs^rd$e*X{(T!1yzzw!<h0qeUDp4OB1rfM!iAacR^6S=sg
zwK=Ex24DwMu|aAaZ{EO3Uf59LNKz(b!ulwR#bA*01}EN#OgSw<3~#A29d)tR2~1-F
zU&Mj@C~Egq!!3~H9Th#z{rysN<sxmxIY^M|P-$v3W`<TZxB_Vqw`5>)!)#)_4Rwsd
zxBvR4K8olaxgxA#URmFaHcTNd+C90dY9ruM9U)^*vXxv<3qCwh^fUo{80=FZs!m3m
z%1w%N%H=kzzqTE+a=#Yn4enhgc`4N@ej4SnAaIAjN(J7(GEQ=~U%vF$AO3nWKOgc5
zia9T(2Sk9kk@+XeK>t<pM*eN2p^yIhTTB`#2#+>o2)d67mXrTy=g6ZarR9G+uHQ@e
z{nzjK)F4aVxvjJ|IX2c|CYt{Um)$f+@EblXW4Y)gbJ?m9fs83`!}O;Jdh=K2#c%dM
zK5`AY8>&<N{1{9j><w<H$=^2=n0*vopTCy}{VG{f=y3Zqai3!Y<D&S-tn<@=w@v{(
z>;L#RpEI;o+_rLUqF^2J|F#Zr4gSx!3WR_E=Zgl}%0KNZg?KkJflvr?8YT7c9|MI6
znTr3<zYsctyC-uYq2}LjDFJVKi~U)u%6g)H!Ld~_9_)ZPOa*ogoM!glr%9782&+Z!
za8%WL^B=nl#(qNXE{-~N_8W-kkpDz<=mK5x0I$7(LWM8>pT}1(4aI;kZ-Lvuz~ET^
zzdSw=bP0j1;?GU|ebe_afnEQH<D)E)o9C*VMFJ)Dr~i3}SD?Jb&h=JM6A$>+&42%D
z5PJR71;Lb)PpPBPr398L?@!t7zrUr>$i44ESdaK=y2M!jviSJFO8ftC=3ZJ2$F<ja
zlOU6v3do^Tv$t*?n7CJ%9g_A|%}1qt*<Hf{xmDL6*YRIJ^j{w3fB8ZGcQ^i@e-Man
zyvP2>SzJen_6K$Ne|o0><;MTBCBc-_#cKO2VEJREQn^8d^8eSHE;T(SWuNtDW~+Wq
zq?je2M>N^`PP@o5wrKiG-9MFFy=9r6Ki_P)Z$+S4`sG({^p|n`YqfSCL3C5kef_2m
zDR|4Xf8MeZ&Bvs!=&oIB&=~>_=9kC%m*tv*B2kMzzOqpfaNhrFV&I8CHYjHRHbC@0
ztz5r56dhg?<Gw%wR?hBkEBAl(OrSc~|DoXmsmTc;RWlzGC^tv`=gHf_z{yX+d?-Yq
z5W?cm3&$59y8U1N9PAM9ZK1GhV27su-k~?6MChO-`akz3>mfLy6tkKE=$XVr&t&XY
z^y3dK-(qV|HoVzW;t*Dv+}FV_g#6hBrL?!Y<Brey1Osnk|EI;k#suaI^>JG3L*VXw
z|E-4dJB9eyiTrXCviOiM`6h|Wd=GqI^UwD|fe^Td|Fuy4hu{#)zY9KJfFA9i*AFld
zzvI3C^=ZNAX#K}Q4{if1RQ$&ZfwJ)L>dF6jTVCbRs?`kA<E_D}7ymfvf0e%ec>cef
zG&(4dbTi?!hui?$JNjpPr63Oo<(AGU=V1DbT~t(*MNb0j7BoSIh@HWFVZ;R1ayGR+
zd3kZhd@R9G*A^NUR_(GDbOB1?OU;*uC4gw++N)(hth5zGSN!ZOAtl8D47BN+oNjVW
zPJuZuecS>9&$jEMCF~c^1+F1|!|7kX(3nBQ5)l#EvQODXO#l|c9`*f_%Qcl28%R>-
zs2kF#DF!g&FX)3NSWb%(B9o3_4TTMzWS)~v07j)=R6MbjGkn!Bu@#R4Vy^)#uo0`-
zZ<TKQ0$*bI*G&VL6PS(XZMVF*k(+@wRy~BFRwLL3$mK~OeKTX@h)oM{z2Qn1FqgF_
zHTLTxYu0iy04TOycbm+ubi66756JDVm8G0RAZQ>F8O~+5BAa}1oA<<PqS{;|IrIjo
zmbFe!CULo)lmgC86cHie+S)S$0)naAJUiFfxwsNTUm<no0MV-Y=c~uZpL}jl&Cb4N
zTdF6};dNU2XgF!ev;T2p1&FHJL1;#LcC!LOzN?(|D}yR%GSF6GMX!2R%EWed4EU+r
zG0fnnGGUKZxrP(%+#n*-Kp+*%=MCMpea%-g!v0Npdrp&%XY~bf2@iDdCI8pGTzpt+
zIm2@d%^(;T;u81_4SqOI-gcwrI_{<`v4fDM1sAxdi%=hmLi{u90sU%kGS`<hkg3@~
zG#Pt-$7wK=Czzq0=IrR~J(0y%d}}4c6u#6pWC%&@INN&tcqJpez6L1#Ymwv$CUUr}
z16EA<8Bj0NVb2C==*}%btm{c1B=tC%s~`P*T|kT+{;`t@m8$1*d+QEXF%qapc>_Di
z$zSI>dg6KQ+O?}I3k>(AKU$?5$*A$fO2hBB?;s1rdcBEI;(IHB`ROiJ+uh@v$2YB1
zTJeNV<dAW1D#{`sst6)a*67Gut7uwX|8(~gDzYs87eY}1q=&x9R|u2ZsT!GHyT=Mz
zgN`oKXWTER+}DQkG`5Sj@(_qg1$Qu<;mR^K^kb{%RfCILN_f>v0D0FZ!>6z3@@>X6
z*lhd~f7TWR$_M$#0E+AA2gXKJYFdG50KPzy_OO8S!8aggLzHrLzU-eR5f>|QdF*+`
z4h<%Hu6@|pwA(@S1<cEcEw!5ayyHvF{m>22OE64}s+9Hg!1#tyA4JAcWE@cS0^5|<
z($Z3vM1UEOf(%rf@KX>&Ik8$V7ebgn1L*PBVn+=aoqO{TB)II~`Etve-ko#*JM$MH
zyhj4KG2xH`Z@#{o+dcr<auT~Az<*9$ox-l3@Mc&)=u4*F0e6A&9EdtTy#XO??*Tb>
z`(<{f?tp@`EmHmali<Fg^1U`PvRI)jp15`UcK7u7ekl(<OHajvIEtnGbv3f-QJGYX
zv`oUcbWToiZZcC-G%AT8O!qe<Pkph&fkO+4X$4b~?gPD{<Cp@Bd-r0ghx2x3+re@@
z33<-vFyeyk<}ZL$r>W+ZbCG5p(^Kun+LPPdwc^J^jE6Ft;HmLDeSJk*9)xiVWl?$-
zTso8zm*IkLizSNaTxP^%QNvdK&o4}1P7v>XfPvN_k5+xA<pztArMR=%+|UpZC<V$q
zB#+6{1kJzP#S-TXVGFiGp~Cb3ghr~((bqYiAka0H#Z<@qfQl4EsP~y64!JJ?LzjH-
zm;E3EdQ$q?!VT|kli10g0O2yV`o`s#+o+Ht+(cdYI+K38rpM{epKOfvE9usFRvq>t
zKU8IKPQcg^T%gumYC~p=Ek4fg3C3sL2Ms52-$;iK9nNYN0$m*2Jc%HNt`~e463O62
zmeWHKt%z)X6N52nS<hT5P4EF#`%t19mrGhHNaOKPXtcDA_f2G62BJQTQ75zLRs!&{
z&K$&e(F4Lum;2A2Jv$HPXPE|F<T+r3QNV;8ss45I>K~8I0Qln#%>4*eAxApYB6K;J
zvAOmjW(F`~7Rh&)z~nKt6KEy`m`#99dQ|Ek(^70%2^aoZ4w*{+8N3OL2J;^}?lRw#
zxz5+yAzjqy`IqM7l^wWAwP|2%7S;De_L8Ka4CA}tfAlpgyDQv0!H|xd?bD_uP2HCo
z)Q1ZIjLqn&6*pEn?Xs>G*Wnt-4r!pCUP4Nn@c_B6_wh*XTiZGiWOVGZ^(S#aaRGC|
z!i`R{7@L9HiB*8LErQV|+V#1+h;Ywyy?&>>CLnQp2Xyv4PSq8%E1Tt2tG2+sxF7u~
z^$u}aB9FU^Q@29OKs-XOnB_CsF1%R_jK`W=D=1;O37BCM#Ywc~fRqwmI#PNH$S$;_
z!yW~&HUBW2&HXQAmsXBbWrZ0!Wk4RXCC+`Q+HQlUx%v>uQgTWHrHB~wtc{}?PtQ@2
zv!~Cc&B4gFI{@{3esuttE-l}iotBtk55Op%iaiee9EdXZ^LehG`k*l>uzWRU8r(pP
zuXhJ9uo#no_Setyj4;l8Zv6C&uwXDZf~(n_n^Cot9FoAKo#{(pHI2!84&McSPpeCJ
zzlR;8&$-t&z3%4=(h~7Fk00N(l|3x%L%NF%!gIi@WfkQcF3U1ERhKgBKF7YnYPlBL
z7L%5iw#W4f_HYx%1LGteud?%ud2s}!b{mpi`yGcNFtG=_5o{p4uc1wcgbZ<KrGdY*
z6Kn}#^|(pFP?cLzUtx!+IXJBc)@yIhlT2FV`A>l>M+ZIH?Qh#5am@!=KOG0C;xw^6
zfbocRAG%y|)dfRGXlvkG;n~Kk4K}?=FMb+Y4N9@oj}9810G8c%lbq=lE=j$Dz7kRd
zx6vJF#6uPF;Og!r7|6o*J>{iqn}xB<62!0ph_z;>_dH|>?V6b>?RRBv9aUjG8oLc|
z0mX%(Q)Ysypg$wzF47_PeZu<uF+Q>fREN4->UO@7K`TYGbAJ17g;La^Ci<a~^B?or
zsqS6!rDh=8?e0LMov<pVqVa}F`xS{;ho1x<-a62Rjas@b5X}MNMd5VufZeV&;G4V$
z2=5~OAJja%fmT~}%drH{#HTy~3ytIw#7UJWKt@o9hEd&4fS55L<)n=|7J&L(?$OhI
zWCzXdw;VvCQ=(ukk;c^^^9Wc!_7!h=DS=3aOEZa_(?%ePj&hsSDb@bT45LnSV<Y*n
zP$qH`<RI^U68(51C?kPR+ZE8Q@Q1c(Yy`;;b)*zvimt7uk1i72042zmpmFx*Pugw3
zvGiexp8+zw)xJh5h7_FQcAS?d3q%Bca8elH%+2hb>>yJH>U9#^N@ny*X;Sk9|Ag3h
zx2S(~miI!$&q&Mf?}Bz0Dj42V6|21w)&#G9CfXu@Hx-?6f^x}y<rNui&tABse!pL>
zpa4k$Hav`D9>q}yG}={zb)^!p^lJ!a!lMtf79<7q%s4&tCXEJf7KY`GH3A)ajP<iw
zXmFX^V^$IwdojDT0(@Q^MAEn(bw^kqV&kh0J)Zb9n1$#Mo^ta!x8TglQ){8lZE)_S
zQU%-+*Az%74i%(yw?#jvBfo>jTV&~+PxlkK8@exZ%{(Z}4sxTs)&yoZnPcTp5;iWe
zmcZw23YE~iOtGUWL{Ll0vWO2(n`XVy33crcoYysG)GgSXk5dk(iWaER+VjGZkwRO-
zUa^)42MVTP095)GLS1CA#ZFRuHunDGU14+kL6)i_ptDzWFkHs?{Oj2k14$&W-f4)$
z&=5~sf|^+EUY4)0J6oRl>#iMAq(dz7j7*;D7lOhxc^qiUJ3F79c}7NX0cL6*3P7c?
zME$(LP%Mtdxx1FCRF%l6T4U`v@~&?v;DQ9#Ot6ttz=V_cQfxmmzbl^rxWqsJ2pEn%
z>01Vb(**C;pPYc$czh?6QFkfGvAk$I5YTzj&Xv@uFUx)qKE`&kOD8+q*5WXlIslCa
zgz1{k=z&CSHc{?s`XVqnrca&{jh+IgrCQ3@^`>+CxvcC$9~M^;wOfc7<+BqIt`)&$
zHvJJP23vLj40N-sE$?gQhU%_}fL|LdB7uno$fwt^;!7Y8GOi=+InnN@=emc6q*rj{
zp;($>ySAwjFnIz17h!rt7<HhviJlsD6NmC0YsFiE42YOdn2h9A8-TIq7W{7XNt$4p
z-r&)pL?e?hOLJM4kQCLu%sY!2eUWS4ZI9nbSvST8Ici7f>pxxj{Jh$30v;Q5jg#kK
zDs>5!YA;4K)mo;#`Jkc(;0V|SyA;U-CI%~zvD{TeodT_KU#StTHs`FbRPhj$SrwM+
z*?rnzMa_JEgOXm5&eNSoZ_qloFAcfcE~KzDfhm$kS%~JrDwoVm@Md{Ar4uAZZsz8&
zu$#4wit3}xT{h#mdK`D8^FwOfQ{RhbLP(9#1lv`YgpP!flV?~Md&7=2XXE3^>A-O?
z(@Nv^7E`~EXUE=yxK;+~veo;t*=b{<AHrr#v0uRs3k`+XQyyOPN<ak_7K2u;d*QP3
z*4GMuo2a5E(UV1Y7`9v%yudBFhbd}GvEr-Il0K1Myvn$OpyI(}IVec+c%eAhp387D
z@HC*HxIX`3^NKI`<v7iiA`RR%@E(FnVes9MKQNaKk{KhQA7<9ciMlt8+BD@4(Zc3H
z5-~7uLsY*WZoa!kQVw&P52SBt)tF(q!I$ojFw<CjWG$Gto4}SD9Oy(*A`t&vL3o|6
zN{8*@bN*wUVV}Sv1p%>;9P~R{qBO%gE%Fj4@z3>yH5<EaH(D5US+~UZ!<9Dez3f}B
z-)0$sw_AUwRjV|TJ6*S#wA6Z?JxCr+m5NRrsMJj(_Z@iFD-whdk2D_qW|l9ELtp4y
zOx6KJ0p7?7TV`}$l?YwPiV_I)y@%>-{k@WZGsDaT(U>KWZia24J2R3gET*3H1E)dv
zlal!>DevHH!^~eWBaVxML5V@Yn^l*l8z7RQ30%+mNV{1cQ7D^U_(;pQQ%?$JADZZk
zQl<DbctRX@_yT^AJ;rh<ItU+#MTkZ#D2Ig6N!iOCB_wq45nN*1>khJT=-alVd${Mc
zb79#7Jm*Bz>vS_R_bX%C4@}nchO~&xzO@oTLss`3+6KDh0qQq22K`;sc;a^F>-$t?
zf;}F6VkZN~AHx)?;^8^l87D6@H?qRrH}rn)9fW7^8r>O|kI0&GJXYmdFg8fy(L+p+
zRJM#AkYsH;hQ`FMH?aT2xo~<98f7xCjijwd6DgiLHm!0`5L19Ck@zNvwC8?D+TBpk
zxf6>BnUkLn#;UK;#^SI&`u)ILr$yXUoZqY-GxP_s+?{}L^A!w&dJgZUTlMZD(M7M|
zXRe}JYU=cDN>^98*$ard*wA}seOagEWYZ!SE$#PfWJqD@<I&a>fgQZK@SAQ}8A@`_
z+ALU2f2K{mj->eH$^@Fe)g2tWC$-l({r*KyTOh%dQqHuIZGC@;f@ow<$x)W7Sil~`
z(!ld!zZw(LTw@@p3&!m2Rkb~n$)zQD?AcK+&B?G??roP=h;G2DPtcY?0<fL~*1-)_
z4tcqc(*!#;%=GZY<v$7N#+kfri<Ooetkzw6zlB}(=@yY-O^2Z<3_UQz8X=wIhwVN?
z^Xijyps3|;(RK`t0Sl**b|#F<U8HGxa$fTeG{eh=Uca-=_&xT%?uc(21*3$>#|O`E
zNFu#&o*0^uMyEPD8`_wswLE-Dk3~@(UxhW(X&6W?=PThCsaRT0VWz2)9#fsR{aK}P
z9#7x;4cAmxVr=#{HVM0lbx^E!4ak(f8EWbghHopj4OHt&2qi+Y2wAB_al3awi%|qr
zxev>F9x@4twSx|zKSA$)S#`Fo{M%^UP(mtFF*D4SJJ+>ZI}jArxdk3tQl?f$(oI1g
z`B^Pvv`U%;UD^_ioCm@7g}fiM6-z9%JsP6S&28-k0^J5yQCIz<VzUS^3)X|rH~oC@
zoCn;4Te?kNYJG1XI#Fa9D6b5R^1a2Xb-)eMEk+$jVB6bE<);TXU^X}Kt}+R7jI*UU
zc@XVf_@`zyb!CN7+D@w~+m#L?^+haE;)e`&bHyXTV!I8F<E~Z@=9#SC%yR3XjW(KM
zv2d|2yi-u?iT(24%LCcE8Wh3254m}^`A={)z=0eJeK(gt7tT2pEYxvh^iuW?N<bzb
z)(V^t>wQA`wM#@VEd)oOJ!?iS!6ai`{881xNt9Lo69I4mqP;TiaM9fl9U}WN_&v=*
zHxd~+@PWx{S*o!bqFBD7Q`^{WC%jxFS|~E8wVU!Bn#<~v+bgL)sqyiloSC9SLfh`x
zxVvLch{#zJNCrZE60*^py{nsH_IL7}Db(xU@q*r2CuE2hL@Uq&fFb7i+Yo>F%T;5`
zZu+X?2v`q(|8PLj)!QX=^8@^dS}ISb9XXJ-y3~NMVydh9d;rG+1leu_b*J55Ws`lJ
zA}Fi{TLkid=$uMq>{Ay-eJF=BmiGaD{chHQ;9Kq`?c+D<OM_cZIMXzI6Dy}ha(uC~
z5OkZ(3Q`2ApxVIbDHo<tk=~lI?Ks6RT9o|m!;${ebt8AF+XHsbSQ#@iG-c1l{H{wq
z2o{)gLZRAh`{3|RcSgiT+H{_V=ur?#w?QNgL2y9_dXFM*%m>Wy+foz#$@#hxEjKpW
z?Gw6~#`D-8p;Bdp;+<s~wg*))4;WL{6G;|UWuUugjTNlkd)~b$uP{Z0hfkW9H6w$K
zV#gjYjYjpz`hFg7d5#+UTEo#NQ}6+~Yr7-60O_TO_$W6L$+V!W{IM;bqloDuOyzq-
zb3^Ce1DTtcB`qmZNWG%0X55~j>C-v}_WSL|#^cWkAn_LI`d8wO3UY1$r(9w2s(jD?
zbj>8VHe2CIr90mCke|L8XP&l}g3HkY7+E?%--P)9BTbM<DhI2*^6VhaY>MjPRF1=0
z)Fmf<OZ+VuKDDIjhyRDYuZ+rSYunu-DhQHF3P=iqAV_zol%UdxfJlRMixSd;kD#P9
zNP~d1k^<7*B^?jlapofS)-8_j-RIrs&l%r8$8bH1x#qm*J@2@#YsTrX6iRtcbOy9r
z*4O73kKY_0T@~iTjTTnGg}KLST55av4unv{o_z4kzTAFy<m+}Kye8YfGvwhFL#ZT}
zEKx}U)r>Zj^wmdZWGIx${J6Kzw9@Fxb4wToR?<Atm)8S;h(5bXI#`^|kVK+Nd=E?A
z(^mHql^ayaX1S%aq6QzXkdH{-)Y!FArIzq%lYE<*|IUAhDM*fNiB9It)rO5+6DOi`
z7*#Sp!_{!vh%&n#t}F&Hp&+1Cm3Lv@c~2v%5xCsV2So~vP%LRdXW{Dx3{>$~1H~4H
zKaP1V8*e--czYjfQoVZ?jqC<$QeL4CT1MFbhGc8|niA~RP5&exa`mgedDCQqWeFdW
z`IAjN-)S%>p;dCurYg{Pg}Zdn%B!mPx^S{kbRsv~58z0ys^4@4T&PBQ8v^MaY#;e*
zlq_o4lnH?>jd$sXo^Aa2maW^tR+p(7=nO*eVg4d2a9uE2y$8${g5?psu^@SWi}OYy
z%~I;gKq%1W+F&p)d_QQ>#6#%r(`L^ZFSK-B4|w+2g!9#*<lDO+&fhK8wFqU2-IL&Z
zFrSeAl`Uc)XI9M;Okj<m%`5LVsrI3deiX1ce9C#ZO6L39DmIATJserp@+#<++MGdh
zOu<dIp>HPlWF>d%43YRB?m~vP`z~M-2UGG!Yu=x}RuCMLphw6l%^&r})-|IW3mrC&
zY5L~fW6?@u22gJ@pRJ<itkjLQTkw#3Wau;1wWefwFIQnyolmsQWoybh28*ek0wIZA
z`_5L#%gb%MQl6s$Otg;}8$cyAiE-^ZeL&NPd<-~UV8Ya_;C<XJEXwa=xq<XSt?gS`
zG9~gQZ>WQ)xrE!EGh0zUHWA0WdlN4gOsiGsG-GQ!^;Wzw-E5^km3J&B@=R>k-K=Z6
zffp$Y&rRc~8fDeZOsl{DPQp+(j<?fq;w@h^%`zXH){0s4YPm}h1{EE-Wkx@SeUkh}
zCwE4>qs+@DT{1C4cxZK$J3pCiCN|+p)uY-Qf**>crrGcLD5H;ujRs`<F^d}97pC#6
zjbg5+e+<GaiK4mNYeM)s>+G-CqvtN?u3AJG<;_b;UvIO?30)w7;aE#QxH`?n&;3Xp
zCyexMI$x{dj*DPTm_IsCN{@<kHdv!4%Dcr=Yfs8>N81_G+7`GJ>-E9T-^98WtK(=F
zu+fPjc>^o|?+Y?>?G?_bqNGhR?Ms<;E5@LNv6}fB6q}NObLeB)9XvKd)bdfSTdQ@E
zUgaXY9ky0`dG&3YOKrA;5u~k}mTjt;y>GWWSiKdet2Bx~zj5J=zozaI=M(oq(5p1$
zo`Z;>pD?MqS(VYdPkXC^JXa)JlZghaY}NRji0e7^FI_->xMUr#uT~P=jm?nIR)ijJ
z(=HD8c%2@VBNv3zp*TRQ{?@Qq@iWWgz$cm%ww1}6h28!!sw$}*3l<B4UJ+zTaN7Bt
z>~Kr&N>1V4D9gGxgR{2M@LlpS6;3}1_?Ttf>g{%!)Kn?zEg)imyILS8b*{Aa)vo+r
zkkTFYn-d@4Pn?>PCGbcZ1`>lZ$Lm)Q+)5K4IYn8{C=|+YMeEQ-Eh&DM1gB^p5Qn<f
zOawLd&^DHO0pLTV^{@Q$EA<itm?T0pYViBy_Yv>W$11(ORsva=)u=PLIG1IC8`Ejk
zt~0~EFtZydo5U6rOZhwJKJY2)X2l7`1rgwQs7!&<0K@A+=jv(E!uk2oypJ-1Y7ffV
zXWa%_J673&G>KG>^LUp!wWU@F>lJdpvPDCcm)(^`c5yMj8$KV?2w!VZ#N*n{(`UDq
z#$~kmEGF`<B?~;i(`$+O!O0)@NwQqfVBUkBRZ#C^{1(n}Tb-xhel|^4K;4Uxz!L-=
zov!j`SHc}ZsiCmWnps^4x6MGmrRyVqMvb_QYwKneCv`+4b)YRNrjRt9)zvipwyF#!
ziPpy=xy-l8w*6pQEi%*+raY-lHpPA>zW7mMuO%3RAEh(yE9*tvBUV@{iJb4Q)Scd^
zjulXN{YbubDt0t2i#kgfUDq^ex`+-(r_*7lBz_!gnE9M|S{ptk3J%>9n&BB;Gx5)`
zPXwylM6U+7AJkVFug~?g<SseZ-^_<ai6D>MN0q*fOh|i~0VaXtqm;OAJv0DZxh7z!
z`}Hzm8Lho**~mA(!Ag(Gee+K0qtXuwv1^t^PvHI>tY~oH;#;usLT|IJURikY;_SHO
zdJ)T&bZx~ZoRF%?mQ7*J$XNiox*M2wg}c}c^d3Z_bw*++$1j+4rnYpUF6MawxC$PT
zD>ET!dSK)eF;&O=S>k(li5RZ3bO@|TLf3$2I&Lj5%iJ#9^kqS8<(jdijTLs11)i-W
zp*}8OAlUe$^pK{01Y%m^Ynz7X4VBP)WG(#X9<R-A08+Su#&EUfc5eF3?ze*x!nj&k
zQWT$_TzrKX^A;Z?Kg?hKUbHY{8!DMP2GrIQ*vat0^5TVPTm6>x?S%MkbolB?fGKE7
zJNqT+zN>+l__bHIfrF8DbhB}z5qLBn)q>YmpeutptVq2n^70x1pIC0cmDom5!G}5R
z4zA~ivDf~7j&oJE;gSy-UTJgl<cDd*(#28pPv^vy4uQ*g1l|#2MW%j&Rr_VE;kPl&
zXVJ*m7j-@faPotTVLiU9^+l$nrEr=tI;-t6E0HHBt0m)y`}uM~#C^Syn>DHkvra%~
z^qT7wRDR}YkQ5Bdo`kW)C9q?)DsE8Zt+I~wnU*=dOUnU08c!(ME`I&St*v{`{1yS4
z`9NUg8!xIea?(ps%`JE+AB%vp(tuDOL|HnrIi;%_HJ>gTNg2tZdZpbEPfLKW+j32}
zE)J9Ex_g-#&3KNg$cxki&07^-aBy)}$@JZiend1mn_gtn{E^eie{>*YR6YDIsZ8HJ
zX&R^V5X@^5!Xf=V61aJh(g!E-C|E5-ipy_mXB{25-D@mcCSy40L^sM2l;M3qL&^PE
z%u<0`!q6wFj68lg;3Gq4<VCzZVz;#pW6L*o*omFp<4Yw>XJN!qth&a<ppVO7su0>c
zW~e@w#Gbe=cC$oWl7Xtk$O|uaAZKq}1D8hLve_Q%isG#YHyfb3gZ{RzMoqoAG;XAd
ztYBELQfHuTqK|{F{71vW+z(7PbFgg7ZNL1|YT?l+6_6C{1s#BvR%M@&obh=tsT9L$
z_Ieu%OgX^^schtBK%8t+>*2%A2mB=g#vmi*(pa)!A#lA`^2*pIWu%*7C;TGbe1f_@
zk1pj@k$Cx6ap@?~AhCJaYk4QH=yR}KoCThj$F^f7Ds2_sB~MG$K|{ZcO83B0)3v?W
zm?p;CG<#@r+-vhd_XX*Ld}}%oqfwm?FxDqEy=hqEU?o@!5^-;uEa6eJq69d0hh>k>
zYw5ba5I7KUxMY*DXrxWb06JlepvheOHdFfT8*rMTy*b{TEbf4zYYT`b?`04QF#_@(
ziHrx(bk9)_s3o^EI#8_3C(jgS$_>0`cFG2o4d>d<0o?ZcY-^&tg<qS!vO}HM{8#p+
zD)9E>-u*!y|2|P`jVMvm*h(*$HlsK@OB`2kn^HrW3Md_^S45V+x)pr~+xRxCv;&5w
zdGk%?+|u3F=W)~LR+ZebkXh<Jyi`CLU4N4mJ(@cs#O++HLQ%&Q)E(m^rhcs|0fk^M
z`=GF^#N>@;JP3S8p&L8s8O~Ggi!h4ex`gh>XLYR?CuFr$#V1^dpPhcr@mMN3iqpdg
zNAz23Chpg1Ys)i)w-qeEeCS2ff889XO>LrDPcb7-A#t0q)oO0mme6QTNP$stxSe%x
znRqt%Nx$VCJFt{q3E9&Qg71*BXtc!<q>KAno*+KABxq7{!y2&Xe*AnYC!TBfqhZ}}
zD_+XACpS2g;G?7-k!EpkS0);0H#n|vS)m$Ah6<mRhBxE&a#F>PG^aP2zuQj#hQ%0A
z<CRwi+R|@olC~$EE>y0qrPAG+FB6W%6SAH^$cbD_UFK395+l$3m}J1|)Ucf)Lmhaa
z#5Y#AFMs~cI#6upZPgR4%Fzz?;qAhT(yo^M_EM^A44k!cexL*WVX5B981xdzb^dJ1
zx%pxR0CdOqJN&rZq4e*$qNjwp9>4nDt~a1^J0T<m$CaL`x_8wn9z{moNZ*BJ{-N}`
z^5_dD<j3FMj^G4eP1fv9uRO1gWQ$u)p4Nq2l+D^c37U<F(p-4c&$9>en9m8aAX*A=
z^{SlFRu((ZgjJDijKaLF=C>1dRb+7kKUh4PRLL+IxKVF)=LvyZ@8dAz`<+I~Sf<>a
zZyv@F5Zv%D+~1xJsG%b4!=ROpk|*>*N`lkrhET6u8~l=tS=@kvT)B;EP||Y8#{k>l
zj*q30;ZUM%6mLS)!~P_H3*FVJofN_y%$?{-&}td8N#gCp!WJVC+L90slFi?^J)ox{
z^!@?TEBRJh@@e=5L9Zs=_WPg|MQhL7iF3FI4xw!Kkf_H5Z4l+#(u}nkd$Xz)&-)m-
zClNU=ei>&d)b^{g2Vr3-wz#Q7imIbSn@A`34Z}lR&*xBpWvLBq4z(=>Sz^t%<18^o
zE<1^Og24M}dd}ndVfS(f0rt=j`AM%(c-fFwpH#Iz+RV#@3hIjI;D3D4U03Pp>QH@b
zQt+eFa;_XAhF&6mrS_t*U%`)#8~vp6r2=JgOG!0F4(npHThXBHAq>z^l)sHyWAQmI
ztc^yIkH5{d`l;0Lr;gS8Z$i;sAmK3)pjC`8#?LPz@kS&j0U_;!w7?+%(sk)N!1gTZ
z@kXi&Qzwh}{gv9XNOA+1{~xYdn9UK?u!IbI?811s_&FXiLUo(_Edzpz%nJEo?eoru
zQ8H$;dXOTC_?jN?qANPHw~fChdN<Y~r19nF=J0|l?q_oCTm+>rLeu8QJCIh4f+wCh
z&T$sQA$XJbo#SQ~I2BNE>1i&)!O39$cck343m|-~)w(=0dlrO`dB@@756ku={Pn9R
zu>WOzA5Qz{APD*JXAlC-*Dr9z-#x6;LU!a9e+D6ab^imOvcOlEXOEvc`D@3Ys|;AL
z0lxriw;*^EueQ9HEO5AYbC1&pYKRO&{tIN67p!xw9^K3ofFO%}`0ERqB)NZqBz}jG
z!&|;0L_7ju*?t&>sF&C;U{XgU)P{G2+ujSPXlSsA893Z@T1_)5IFGfda|W~g^p&Wi
zZn<u<o=Q|A_jgPj|ND9f6Fz<>$!-N0`We+@i@YoeBKco1y{{l(_4nI2R;!57ab)+7
zE5AO1$iTk-+pl^hAJnAO-hvHmNbxTlYX2vr00o?1aDvOE{QqRp02Ka|QRu)<vovTk
zL}yGj4iEG9B=7I<2Lm}!eSO0fqcmbt-|Cw5ik(IPj7|R9{-;^p?WCr8{w=a378fF`
zoeIeOgT<5>%<aQJ=eE{NR01jIF)8fGIsCXYjxoZBGXnr4EK>THk%9gV<}Z7W1ln__
zSR~jNr)?wrQ!VoUuYGa)x}N54Slog{q$G8pcK(x1Bt)(JDGrs<fmP6}<`;;k34~D3
z7kfWAPYzT3Zg_mG%R?=c(>DEoyFCn%D8XLB_&Y-P)ul5`lG*s)DxAQ%Vy2t~kq{Q#
z7U}Pp^sgRZYJPcG1foNnw()K;>zUZ)w|@EJnys+6w|6sQc6Qd#E`u$yfz$8Q?U8LZ
zGD;?_Ih@W0^&w7R)khw?P!{;e0g@M-4p1tZelk$^AWHXEyz*4#e&TLzC=vbfSN!=<
zX}ynJ4!#a5aLXqiTaj8G6}aKk@WBw^_q^5mA7BTnAMZdgas6x6Lcch8R>;9WrZ$*H
z0(&p@c<+J266mm#{<8N7p}qIZ!zb<dV;;&e^!6Gqf)4CE6V}@5Sul(T$HS0v$Etb{
zOyd_jT7c|mqvm}h@imxY+=(3}%ayB}a(n;X-G3K&_@uF4u0NF-Iz5OEPY<Oi`k6Z`
zM%D43&dwY|=%DY{KKXu--uYlSfvs}w7khXH?12f-ji3mu3FeP$(kf9tcLEptc}YT`
zC8<9vw=w~i1mTyW=ub}3RSo2u6d{30i6r1`DmaOj6sSjlg@981k8Ax0;#0`e)04}~
z@`2;|>B(Xz$Q_qk|Fbtk4a{GTTs0782GxtVw*f5_Z?)sY3AD<OIyAqm9$0E!ikWGE
zm=;Mtv5Vg>wUEWc%;R`1Gqd+|cU@duq`J1ZKYq-$%ex;idOoSqzSDDK?eGxk{xg{K
zVv_XkJKHo^ivn@aex8HEJ7AZn6F&=O16_U0%)fR?jHpD*<EFuufAE{*Jo1--iAC}$
zzL)*BE7*pA`U`g~aO41B$uDzpiX{U`Ch$a{O87I>{1plmTm0SZfB!Jksl)h9kazl+
zffInD;-3cnT@czK%?~UepRyzvqGQ@!BTkcm>aM6`@TbdG&NMUMat-5gxXy6-@4Ntv
zDJF=>WA}%_AU80G&wn1$LGCEE|703~6Vm?03DJY#?H^d?DXZ~MgSXQIfNQZ7QCUf`
z*TFVT{%f25W;30>r+@SCDLW6O7QYD#nNH0UPCuPa4-4s(GTB$x+;2Io%V<#l-NRgK
z)<x)FOZdfmQN!rek{+cyxyxn$CbGl-byNQK*aRt@V|9#wB;?Njva#QU1t1qt{dN}V
z(0?dG{$p}mQT7XS(_=MnCe)O4JttdDJ}52o{l5&U|AoLFEcY+A@!Ry`)D;Bq;|~`<
z*3U&0|M&UJsej-%0nF(uL3(<+=P~i^UX|M|c6K@I4*(+{Z{g&m(%Z|enj$9e{zbWI
zd$H6RXkuN#|0~0)BcK#{rEU!w{x7Hc@1n!s{PEM%7T_{YOH5CH_&2fef1d_`Q}VQA
z1o)!=H;LpwPmh1&O-@a9kJ2$c`1hmY&rheLI>e8oN9S({1DcOWCnt6c6oH%;(x1LD
zK>YZhPuFiU-cvltCD61P&9(=`xKjgP{8M6Ux1e)A^%zBSf{YI!>cr1{w<9iK0Dnmz
z_|~sof2O!l*m+7R06J8kQhok0RbI<2?jme@9C7-Y`Wt_D+ML~hi95#qlh8N@53Km_
z$clLFJ!gT#v^)v(NMUAOgy=ug=v<#a<MBkih&XeNKf<>|fihNS&6g@0gnLyjgbjSO
zfW<)|h-_1m%ubey_GfHi@AHhuw0+PnZ?M;JJ%JFB+qE*sD%P~X_%#7#fuFeE&I=Gv
zO+ML|065)X=zvRRr~dKh&-l4DeVcmYS93Q?FIb1EPa&M4^@xLy&2IL)FX$FXfGqB6
zu)ozs5V=e4G}RrJ6>q?(&qM27k+%ac<D*kAWTsQiqnlc*dqXQ`{aB(4IW@OaMXL@*
zqXo!DTD>3j$7j=RywQ#qnu!Xd3A=4F%v2SJzQ9QS(~RbZn_WIViVs`^li2p!Sj2ln
zZ2xBqCS13)=QBGVD^xV1M-da3?VQ*0kxpba(I<2d+T<Rw&a5Cx5S8$BeT;(!N}kUu
zT^`Pt+X5^ylqoThNqUh%6uVD=vnRT$C9sbOZZ{+D)O2w|e7)=GO$_*XpzVZ<RB0j1
zGfV3Fy*O%sfPQ~RU480OSoj=b<YLlVg;ZpTvd}FrG6~1XZ;rqVU#e=5tN@1Q6|E_$
z(8?_uc~d#wk%NGw2o2693uQKKn@y?ec!$eWi?D}1M;=@GM+s1rtB9}}?8$6=%SfJ@
zKWMKNVbzHYSR>XIjXt|b;4VNiI?Yn<esFb&z!+YiD53FXW`CfmaO40ykSkY&cxL+-
zyKo2aODz|qb^OhqS-yFeexP~Kdb6T!y_Z@X^(F4|Qb9_@>}Ykee5=UjSf)O(vsYt$
zAFZ{H@RL413{e;$N>5h*Dv^6fnF5ID-`G&b?W_~!zxwX2=QCk!KfTL$Si2v-c*=c!
zVz3#2Ob+K~63mZK1oq6@hKsr3=7Ov#y#M@5L|1P_jrDL(H(VZz9Do_^!G5hw7cDAL
zb@s+e2gtq9<aQG~>3speCs{5=sht|1D)e!X(Wem)t%+~%=H+sXo?|Fw>qsbNJ{0It
zWs;)$`o2Z_@b4x0@pCh@=QJX_ShWz1gdY?Y<jrH^A!t)BdW4u_t`8V$Gf7>123|NT
z&&=2<1PobbiA1&N7U&$u3j&Z;1@pbv-zUO6Ww9_MdWp2KEtGEr8)a4Dw9~zNTOpo7
z3dQ3<j?hvg$+Pi-Y2n(SS$l1l+lBo;*UxUx_&t$Vao@p7c%FJ@jz6AdsSK(Oy(b9l
z3qAc?IVpgnV*Hi1wo`kd!at4qXPc!Y^ij_~>vTX=v=LPny0KUYx~Ut3XxU;%>62>*
zMl*+&<CKhZ)Xt3Gh-}DBjRqAu5B?3Lxq=;j+djiQw8ETd;h@bajex=&T@cQD?${b%
z0j8w?*I%pRs}@Wi&<*OMmdKIF>whX`5M+DdK6<xe&i8~clN%dusX@eea@J=KQ?|~x
z{Ffyx>Dl4I@gq*xHH)elmChiHNe^p_nULi5I`+mj-XM+DDGn%H8XyK)!{A98Nd~(t
zK;_^Ur1bfX5f=RA%uUsAH=;8QP5o#c&K|m&l<OEx7p#brNYI@Z>-);>_{y}`Xh+Wg
zJp|j@99A?2$LfUffOoHRGigDo!x5vi80cVoKO5uwbZCR1$Y20-GXw2CcisA6cYyz=
zxD&>jMx+reZH6EfLVpP$1JMC<>r$9W;WXk9VIlgFf5YQB6M;U1=^pgD=@aj_0_*9i
zv%|=)^q6l;_CA_@C+%Z(3#w(`d;FwPO&Spif*4Q>f1yV6dQeoABXY3GO%OFzZvn2C
zlf04rL)z|##Td?Js?p4?o-kl5rfAwTx=Pq!F<_9AW^XvzO?Yhkgb17@?Lr4AYwUAw
zhUMx~_w$rrh+uqu@p=1p*TqEQ93dK5D!2~lb+!yBQUe~;?94eZq1h)B3gzWw9^fV#
zA+M)l#(7Jx9?dc$_}T<qqAog`&{(qfD*_Q`XKF}0^th&y3i{_CD}FbdVLdajH}NfC
zL2)owj?bDV>`}I^AXIA-)B5>9RB;O;`>K;6U+$h`L$Q|bx3n;jrQ39vbAAR(b<PSc
z$p{OX(v)|`U<jWUk%?llDqunBB4r)5SDOsgYb8OyAXM}^G;3sFY~MCz(+~aDU8v%w
z1N+DoX>X1%D8b-=V+W`Q0bekWG^KWn7elf)@R4#l;@xOr1PRCQy+bk^KE6RR*bTJ6
zma3Ni0{wz62jlnh9<Ct!u4>zjh3;&<!~HOf{gTWp@{ROenG(ALmeSkzk#xj|zXi<6
zJ%$0&Sv+abopj%z6mR)y6haem#x7L!raE;&>g1Qrf0ih~R9C)2(SwW6s1uG26lvE-
z9;*L5ljWa$zT_%5db>Q74P+&w>1-ltI1Bc#H_SOZ2T5VRZ~9-%Dj#<seB|yTMvEd>
zsg-CaKQKn3EaA+a!#ymT`wCz4rr^BL-X1nyAL98UpwybeW)9=4|7Tp8eqO*X;C#J~
z^92-P7GBLg@dQRS`ti6`qX>$tzyS@Kx7P!U)F4)0KPsSbgTS2liV?Qg=Qv!+iOYcO
z_$*MKDbT;SW#dY;&T6WfEZF8Uz<(V!*I$z2HVy{17qM0s+0+E{9F;MEHi=i$x!Fq6
zThs1Aqz14%;jvZ?4&HLv6W>%iGoOpqmtPoyPQ62WGg4!B5W5TS#e)wLsjj0QdIU!>
z2437$Y|lTSZVFXnOW_2M2(_}s<C}&`Ut)DfUYJ5>1g50-T9Q0iH@MQwJwic=41c<v
zbB9Y$j>%7r?}fVVCHP0QjtPfi|Jvi2t67GfvTi{vW4Ye>SGez+Q==aFU>2yk;~%S$
zM+#eAp2{{oT6OS(rKE>p;$R<srG6(~GaI@NzFyi3--XupZPmEyAv+a}4bktkmHi{S
za`L&=C<Z^6<Jw9Nm9FAMBuc}^RNYIowjb#n7yS;2q`+>=t54es&*VlezHpi&T?0im
zCUgHz7C4PyZRl-7<%)~MH&I9&$3T}9SVXFrA5@mAxtr08A!%==)5CD+2JpQ85Udr~
z$&|eeX0e_69d*r&(zcfz6OKVG=lw--92O1G6+VorNMqy77w-h&B2m89dEaw%pgjSD
z)_*@-g-8i49*2mi1fw<Nq>$D(Hu8OSj?1Hzr?qrKp~b4am54G4-MeN~vc@{z4CyA1
zc=B-%5l+w<>1%HEOiGLZA!8YwJr(uqPYK{1Yj4Jn&m9@?m!}b{SOUzyy7sw=!I?1j
zEmpG4S|>9uZDef1LoaCg1wl6H0a|qRB<Fyujy);xN<%*2(c3onoJ!9xU;OH#oyxJ-
zQOmYF&JEtu(+U%Jl6D<u9@H<hy>#TFlYD@B&SWjG&X`q2yVXvGAKSp}d6(S<Lbr;+
zkLubz3<qXn?6ZArtb;3$8o)9D=xT%iTd#3HfcY&x!TgGV_7xO?6HsDHIKBmcgO3)8
zlID`ek#wETwP$jzJ@SM4Mff8^p7ToQd4|<p(9yXw4HCXOH+3^#%^V8$yL7Nc;!{qe
zxob1V!_et_XziVIFW)H*g5<cS{@8^adpO&gmM2C?l(Ern=tu3c_dCEkIl0a=blbF<
z4f}YAyb5#+nr`d7c(5}f=C;<UPMb>S2Gf>(N4W1a*4k*TgC!zF4c0sa-R6|ZQ}FmA
zj736qSF^22Qf4e--KXn#T?)YjSO(9jYL-abE{}O8N(KN(sn52+(|YMd57mhwTyU*8
z%WPcEAJQ*IPqY9^X6Bzj#y34q4ip|or+zAf;Z0bMa0ga;dbM}0<^;9bChm;_WXEBo
zLk~<gf^uhMWA3uGWA`f46RzmE9My>a7HAtzkIRB(t7<tp7IC8Ekid~pYzXTI=*ba?
zfc$AH#-{>ER+O6*&Eu>Cx#Ud1CbskB*H<lgs{3hkl+PXTZWqCm<o(V&yN|;4E?jx(
zw4M{iGitB02zSxMh3KPh^$ca)Y7X;d<!D?+nyE!nwm|*(GV74zN_Al@rld*f*2Jg@
z`=kftaNph5^AJMg_>|?GuK}jXhr91cV$KA!x!^r9=LNN_M<QD;Tf?y#^Y?A~=hNA&
z(lX&1gr3TMO-Seik4oe$+546HZ$56!l`5BYaVQ!rG=|rpdJO1gkmU6kl-$zp?H%dd
zsxQy&Vz^Yc)kZWD+y__Hjkt6^0a4eDPII4svz*NoRcb*QGjGV+-nNyP&_mt&Eq<qZ
zBHy<nE9K2K5gRutpF%Qy1(JM+sgH{bY&>+|!b`0SrdBfsnv>+S=SnY>M=_YDuS`5J
zCSvU|i+HM<$6L##k#CGY)*m&9m0r3K*$S_9Fu80U#e%^~pmx3Ay2fb)F62{z?rdk+
z>%P2JA6aDA9X*xPtFNbtyP%$z?HIA&qn&@Lywt%|E!24@k*lK0MfEK`y=KTal&GF_
zD`_YbwBD&92mOwwpOO~Wb{`<$@;?uC*?h-FSQo;e<Fo%q+qct$UA1bL9|3o*ph^Yz
zm(-b+&8mBPj0GH+DLKrKxU{#70A&Unc5r8<R5V3z>m*=5Q;w`e@$uY=;@w4OrGNct
z8E7qVUbXm^)$*}!1z*pRw|KkbLhy!~W`x{R02_6?&NEFj0)?hy;Z~iv75h7725;Vu
z8G~cQbkqp_@K7q01_!qN_Zu+or<1N`n*x1r$lPlTY6ob`#bnF!;;U;s2=5@1uv^w-
z_E62*r@+eV&>246bR63qS$Q?}asGZ=dCg#v#nyVc)B@dtTF(7uB7<V8tYL*owFmS;
zx1LVa5KkB6b`M(5UD5gyvm@2_fUm&eEmM4%<K73G{j@6hY$DH%)ZF`;Z_6IqZ7yY)
zqGvcv-yc_uz)2i!NUQo7u@PaZ`w9uWZ~FQi!TGMJyQMtK+7AkWDo7hGF+pTj6IFb`
zy25jrUTa#!cN@iaIul(@ssu8-bGZU@7EfMlP`^_Ew5PL-pk{|A=5nxTex)Ws7S}4l
zj&<yAWSc4>yatjS6PfrqSmaP=PaGBEEJb(dt|*7-=_Wut+N?)6gawDl;#<qe9-QyP
z5}@lJ2-$Y#gyNH{m<I3=<6efYQ52|XN>4nOVb@?-Q7{?VwJ5*tm6z-r-0s|?>w*sS
z=!Nht;#Bb=+CBFeeiP~gjpQvDX}JB&^_;I%@|sTxOxHY*TP#Uo&l=CIeU+!~nKUQ#
z$S<?*JO4Z;Olw4a!!uqa*e#n8HWF>U6H#9gU9*?tShD|(X2ha~FXl3VPBW(s?mN<r
z{-W&57^9pj>l@KU<q}Z`AsWGe{~ROT1P&h40(E2zg-#O<OXuuQ3Vuvd6t>|`%O+a$
zg8kwd61npqOZLthQo-V8Z*)fZ1Ygj#zoTiIRvqKBUwF%LTdIp?@WB<yb((Cw!TnHU
z!X?-}3++G&Cf)h{#Y{47s)d7wd<GOahqFvYMi@YJ$}tH8Q7K{<D^o%c<7)ktP_<KI
zR)o`sr^#j4QiZv#G#xl|3{d%RKvE)uOa4Oj`M32N50xeG@ZKty0$qtd6!Wn_P|8><
z*H4Tf(AX^B6I2YRRDonp{ItBM+4J4;Z+qlOI`7R6xdHKvbAE3@)xpGe6nn#DlV0T`
zwIlF~C|DY3><<rGBiHZ6)B!yU0sRN-^%hY(#fv~lCD-u)-12j+c%wv&^^w(%h|Ji4
zF^&<*;Z~u#a3%s}CNNBn?90ep0Q~+Sz9@P0oL4NL`Mpni`W828SA4j>amT+6BKtBr
z(HH#YY=Y{_3{HswmKg75ZNa$ZyH>f~7Gparhrw=tngw=?`Lzw0X__3F>-RCeU0OBg
zd*&Ky%(`}tqkB0O6X^JjiW28STcbBu#ucnhk=W;fBcX~FW~6-OI9bEy3EwN`XqXt@
z%SV%?O(3fp-y!M!CZ0?NTiw`jx41YVe`mYa)C66V!&IYyXzyL2iA$jQ?UcY|i-~*_
z5JHR*`Hc_Qy8<D`AQK{ou`G3Pbiz)`VMigrcMq&_AS^LPO7uYW2Cq2cR$CN3eHC(_
z7jDTE<p^%sriec8-fELOpvmW6!tFS#48&yW#40w2eSm;OCeX_WS1v939^_N+i&@fR
zm~owz>0asHyr~Cn@k1qMJ2RFInt8*^k_$kzX0bJ-lx}xDA2)awXq|Yv1E%?)dYP)I
zTaZbhUeV!s-Fy>)6Stk5E&97|QxA92phxfC1|NooO(mZ<FU|*numl295{{>~Grs*W
zT{6asyp0m8ofzxdMdowJx8VDWa??Q<DSIcl0theq;GoOC@nW<TBkW+5fBkAXv|^ta
z_f1m-j->y=Hx{j_8Oob|a`(Lu{kr|x&1Hm8KajzS3qPf0RbI~}G%aL%GUIPdh|6-9
zcO_a3_U<;@WnQ=yK*m{>iGiS4VxUHeZ46*N;!KYlhsn?kJKmOz*&Oy;v72<tNV>8d
z`m_a8>?$!NMPp}@(%r~DhBA^_F{scRdo9~`DJZk&am96-I=q72<$ATis`EL5wX!bT
zuVZ90F7a)*1W0y)8>t#Z8eS{pgzdbPdn6XLaWq4-h?ew8VnFC+$rIjAExGM8)P%0*
zGRc=h<gKVy;5=BOyN6~P?`iZ=W^>g%fEstYv-m=(gVLP1J5~plyfkJX?A~&&0!hc)
zN7}PK;6@o556ZY6GJQ>6o85GQT%~s2oj0=;@Pp#_j_M-R97``FDk}2dv0hzC5&0(N
zsU7U`z3Cl^lg?WX?Rlo6Non|=Sauv2111#UGzPNqs)~RTa?elMBM7PWXn8BA>8w+s
z>xr)@Xh$lBYJyP39f;jXb;ggEBs5N;F$3|4{BoK^$85EAaHB3q@tiKhO}O`p+jUgg
z9J_H^P0U7)$+=)FG5go+_jp68m|gaFTlYj5?6n{P1Ew2abmKOydMpUwh3kQzj$=RA
zp<|V%-rDslIzQkpDs3gKD63;N?}BD$Yx|A7lVQM8k6@tSaU2dxg25Ky{v^rxfR-pZ
z>}y#BUaQHwPCsL21=C(+%4y@5P21~!BOxw$kq8Rl-XR3>xv`nZzBN;;S?i}9P~yO8
z$32dN0)oYtO2<jB0x%RWC|C^lMxSSrY@bxlv8F*k(<Hkl4n(<%7r`ANag6cR#0>J(
z90$8A6)754`~{nf6+;Sx5;fcQ@V3(4aV$wl1x+_ZI>vc|c`%p|@H-Au04oeAJ}W?`
z)V!I^`e>xt#&I}m#NRzdCOV5-hQr>v`)N*cyt2(lj)RbVAdIt<Bh!2HP86%!<+aL#
z5-K%D8;Q4bg0)@VMe|A5(n5t_b>tR>q$6D@fiHIybd+9=cJmGDMbD-;fl927CvF@h
ztk*y)o+IjY{aGbr*{C;dIrs**<$33wdEC;qG*egxODB*~6Wr{sk?~F+UrANw^1PYf
z{{aIzox!_IL$x<X?&*ko844sfBNdiV@3`HTn48Mg8U|22y9zQKl*N1VaHKAE8}))Z
zuj`R=cUJ5+#8Ye<{N-9%R*jBS(+h?9CokB4r-CJ&_cSn1B3ki^8J@XRaqdB%mShec
zD3qyIur-z032!j3kauo^uapRtfBJPN1Igy5ep(X~**AIyD6N$ULI0w12&~9B23CN2
zCMYV^-4d_zv_9O4Z81+~>g$EBrO7Xkppy(?NLUX!Z2%PQRcvsTOw=u>?Zp9OusWu0
zFVHwYsWDun1cGx4-CCXzl6|E+yf=aL)ue-G=MC13j0fs0Y}{Z=>u>G@1s+schh7Cj
zxP`5&Tu=pd^M#|VSN7QNQ8b`QBnE%fwrEbtL)%&4ab$bThnqjo6aR^@QG7lu%Gpv`
zFRpt{l<1WPwxmDT{ES&g*@DKoFJT%>&5OQHtTgku8c+4u_Y5oeP(NU#UmX1qVZClO
zBI}~5RNA=LbW#+#b_op)m)hSZ*LSQlWH4u2AXd+3f60!Sw<Tn98)Qt1I=?2T*LiKn
zc0JgN86ANn4-IaFdG%z4p~lKg=F{=I%qkq!^8=9&M3jNX7#J`zv5d4IBR8OAR`}vq
zXcjJq0U@}>W=~$`bf(c2ai_hd0GF#8`^yi4XQvx^LNx3pzK-|{nu~#)y8AjHsvcQ6
z*0Gg)mf008ei~q<w%Mx=^Wn;LwCv!@RHB!?X>!F8WZSTbonTy>I*whY*}J7Kov&Gu
zO>MUpx4xBZq@kKpFC@iw0<qXyv4)GPrdb*Ve7KkM7xo^RqiFUGuGXbh+>T_YqmCE!
zT9}9}+D=mEGu4+zeUQtrYzl%(e1Nst7n|;OcqzwZZ9N`(O7!?b*aN!wcCL8EEKlqz
zobO<(X{1(`xUuzB6OdjaTs;)kNy{J1vsCbV1(bkh&EG8BRe4_#K&S_C<Ac%wd`f$Z
zO3VXnaGz|O)Xtd;b0id{Q#cj+MXRk+FBV>{tR})$LxD4x3kh)i9$RJXDoeKq>v{U+
zTp3bZ!leWI!0Nf`+3@Nj!ks48!-;#ie3-of@6cy@n<v~%c!hhiJ!hW?>ipFIk;Z2s
zX<N0z3NDH2Fc!$)>LAi@<h9GsT;SXT>}(eYht1`J6_w6+98UA2{%l3e32SjS?bB{@
zPaCg$(+JI?MP2uUwM3(J-21ln@&z$5@y^$g=Xrw>4j<<-*-Rc}-{rd-O;NIz5lqu2
zTyNY5)ej^bjPOeLUxbynIy~qFS7Z=F<&H7uX1}rXpm$Mzf*U)|hes4EuVxe9T@o0h
zJ@Y;8wai6_xus9b-zT6ToPBqZoIuD0T-oMsQ#>~Bw*hL`%J1aKDl%N01iAqmxE?ze
z$VgHEH9E$TQJ;hMMQL|{&B4Wa{w=k-u*q@ac15&j>1`lfR#5>os&IgAM26?>rrk#c
z3*ad7fwFD)j~Vx=TNo1%vX<_D$#7nC1yW4xv03vbrJ%e+<&<|+f*H8>-a>%qDYj(g
zXt&J*hINnm<FoZ3OT?q!o-NO`?5SJa9AHD*S;#fF`;rk8W9keylW$4njsALr;~{&B
zFs+8g9?ytPRn`7HO0Z{y56bQ&?;7bPQjs1CQ_kh(M?*eaY$D)p%jI|IJY+`MBb>U$
zT;9gc@X34+r;GAh?>|K>ILN$J=v_;skJicWIXjY+Z!*-~*xVsi-b5cx0@B>Xug%JQ
zbJ;?#6T?C27~VE5WzT2X5EQhPmOq3GrRIwtpKskq$N5&Wz$aB9f8B;}77<z&&if9z
zQ0qnc*y$g35x$4XXM@Y>&v&5XCj+{Lz{nU09|tHOJF4<*Mc9st)rqNz3Hl_ARwk5Z
z6xRExfa|yR&f)IfxN1A>dUHQJQ97S&zdca~h0rKdKs8!;782r13RsR4UFuel-P2+J
z{%T~KTL0UUv!5K(U}X>SVKv3_BrB3%uYod8yFfmy#F*KU{-^=0(w*0;1oYFFgFIS_
zo7=+!oELh735X*wBsKO%Z&s{C<t6v@F80B9rzXraNW+slC}GsroO_~h<F=0k^C_WM
zB)4~V%FW?}jB}frBLvpg1DhKCO<M~t<qXbje4&NwzM#!7(S=rO-VN?p5c&Gct{-wa
z*wfluyHFp^von`d=j*Qx$d|hdHf5%$`PpoPo7HSMG1ZGVod{99aYHp?X&A0Y?Jl*e
z>BP-p`g2T7J?;Ib;lPtstea^vv@?oZmQ)1~Ry9Eenp-U*taYa4yITz|-gVdPfDqqM
zcEiUE)>w-3CEGKG<tvdJyB@<UA!TX=kDDTiaBapp5|<V({=s_j&|kjxKTagQUYIZL
zt9q7@6lsxT3$MSSJs_OG#V1UR*n`JJR+j*>Y3dzV{uLHB*8YbP*-s4BuDO1%GlbKl
zlnlBYoNZC#4Y*G&0sm_8xoCgztGGPIUbF37G?zzDU(=Jy;3TuHdp`9D$s0I5w+!yN
z2Wg|<%r++ehL%-jLTQ~;T^~!5<*Yr_abcipB4wzEM$LJA)NI?UC^#Qsf1G3iNo9yt
zcjD?|`OOMneM7cKU&Z?0#K-ntUolaC{9v}u0ji@|j(;Xh^!r)15UP-}W73C*FlZ8|
zm+gDRP|tK~4On%pd6ZTq=re+@kM>f4iAc9mPJ{Qwo{CW^pEiR*appk0?2h}Y=Twy)
zSW+IB*pm6$bpA1Y_0YiXupb_|deIbu5qX0uTAs#<A?05~`wQ1e2{Q;;2cATjtyyg#
zB2$jFz%J#i1<$_e+j(GasEvFD+|%gO@a>(UCvCb)E7?@4gyv;!(Ja3FMok=(GK;Oy
zR8D%pG}3|j*1LAb`+>t0@gz;SDJX#nzGMqv7OF3+>H+MbW$^Wu!{XsJ7ic)zWJr`-
zZE>Chp#BQwY*%f@a-~7e7I%XAg04zrVq}sm&Z=f*1?5KVv1*mWX!n*m@|2n!K(%^t
zdAu%}JgJCW_yXGJcGTTQa9;KHcN0CnQjFsU9c!uR@Y(AS`a0`RTq&6N)7v4CQGtHK
z*29LV;{tZjfjs9rF&WG^LcJj2AHCqPM!d`?Su-f)7L=7k+jY{<Ir9FeHw2CbfbWH|
z-VbIB6s<S3KS~~8NPcLh?L4Wb{=OdsX7y}zW$X)MGEkuhomjG~iQ4nzfS6g!^C|M*
z89V?c|E~Q8MKGWnM3TA%pueQC6bG@Eb3DS-_*_L#rGE~rLAGE+xAx&ubld~6;JxP%
zqSiGKGy$PC4Mfsvia4CRr+lI*t3Va?V#%WuRQsWi2FNTTu@WO8P-bq?9Xe`Cl0%0S
zh9oy<Hx+^_xaZ;<4S*ZF5?sAX?U@2#ZMxmtmhyU`dbjDdn0c*<25lmt3R%L>-tN@)
z*3pzszF=`d_#cC$|LFx#oxS#en#chiQ?j}-U9IgncZ9mFNG!nGM~S3L48V7F1nQO@
ze%C_^uv2^kARNq;`PUW*Pr%hm&`tUZ-F5%b{aXC%3m6G^-reP8R;S=yp4Khl!6yJ=
zT!~u|ArVMtKnLtl<LanCe#>;Q_%MD2=bHzJ*ZL~F)5H!DBK<({R4XmF^P;M8?!ADy
zD@A7xeJsWkS<tbx_ZO@kA=$D~a@?p}r_H{MfRBOqHtRn7_+Fp1eY9|wG5Dt8XQ|OB
zpb--NbN65n@XWP(vURmyOS2-kB}lJiKAOe+dqZCTr#}dFTBAuWQ3N}Vej}{7cc9Vf
zED|hu?JNS9DI3dG^XATYxfl`_ZPr?y8^WBR0*C5fxn1}p%m1j?IihYea0Tb4%4NVB
z#boV$LXJ+GM@(uq8DZlA1m3ueGQXS$hgugru;dZj;Y5QbG;*Z{=$MN}f8RwhL7zM@
zkl(qYe9;vZX)YgrUaKsTFOC#e$yIuX9*Q0CuX^WNodHwad(zy7*039N%wsg~L2U;t
z+BVZ(B6VyB<#6lRlI}-7H|t#TupI)Xc#irf4_6T_d6O*orP(?Qnp{juuV3Amwu?o7
zb{&Y>4u2BLzX)0m_I3*i(`{IiRIkO!=0Jz0^$VL!7^pcQ_5N6Luec0>Ma+PR>Z^OB
zM2b9*e0nI_5@pc|O^eNcm|8p{2<s3{g0`wu>S)Kl(wFa1wr?>#g)n^1l^z3B2ol_1
zXcQ<b=|x!8sXU)<52LqCGz_~M3YD5w6G4dJ@xJpCC<9gglq>~mh2F~^@gVd7-4(#^
z+yK`vO9i`~L&1SL2(n6`qf!?gr8kCm_$Oc3PjTOpDcfplu<^v^bwIHxQ`Qbmy+w>@
znIEP-SZWt2%@nKKE1fFOMC|lcmk^lMsdR)OCdK)Sx<pB&!EriN>$8d!@|OrYVooka
zq9Sy)<;8OkdVBBb2qj8IzVn^5pjvD0J8pYU9V@Izvd+5?rGW9I%En~1wi7Pc-^TRs
z&052Z)-mcQFsyPhyYynE94Lzc7yXj4#}F2Wr>*s%$5J5ec~n0WJ0-KZ#w?=T7|oeG
zehBH<dUI1WhpX8x#6Rg~FPtTepBwsoWo(EZiEnE@$evYF5y{u}vqcosZEiRXVK7-O
zj7FhuWl1SaC%fZ1CNC&{j$8}nPXVXqRk|OyYN{k-16|8qWUAS;d<~%n4XaCZ1sE^O
z{09Jv>yoRm6Zvb35X=~oqZ*ks0_SyK^ea{!2hu!{*z4jB-_VtPxSo&C_`n=#U*sI3
zrSbBz9=e+oalW$>K&=s4Nhnsb$P~Owg<wr3JJW#d$9_U)J=WTUNtb0(6AGNu(8msW
zb}|13t$3Mm^YKQ(K)MtyJo!SNuEkDPIb(iZcSH}D9?hj}nO9EWVLvjrL1*Dek1R2g
zDz}b--2%>SiB_(GJEDQYX9fI%%=xa?SiJzA!u$kJd{{cFxs^K|r#0Og4|$7mWH%Y=
zCtFy}e0TR0A~>xK-m)4KAV`!7i5vk?-b*2l+C@hyWKj&VD&bS*_d9ETnyZT+=_Q1t
z=MQ8t^_Q%kVUjLn)+i}d))o8qwv&W)z&0&&uT!CXAt%ATfrKesAjX0tqD_C>;YQHQ
zs_#&o(V7zFzWgbY&xN<v@ro$>zP2Imu^k|Z`UP1FEC0n2vG?KUW^3n&){vs`LPw@t
z$_*Ba62F#CIJAQ5%0l|;B9VPsA-TOchD251ChztW!s$Z8>;{d+cu@%k-_fr-{GzpA
zjYM;Gm=E3pXasQ0$ptxjaOMy5V@F_^qg5qD9NmhJjJ+14=S8u^LElDPvr;qI?XVux
zhd4T5_{g>MEeBRq>@zIzH~QzDZ47sWEWCY#9*qG2fG#dsSvN^Qz~8GJga^^NC=eiF
zS1kYG85YUjEFJtKX9UoAQ@RLCSLK_QNTY=_tV;2WAHDCIw%GFE!%z}JSSsgs>YP=)
z)v~iGw>eeh5jI0(18&%BH%rgHjYOGpP5HLa?u8DMn<q$%pI>Z+u*A&>es5cfH$VES
zbis;#PSXkT?g)9Qzo3MpY1Hg&L*>iVWVTRbFf)~S87%XZ078Lvdp~w-@;fxzn*4_X
zq=zzp=b259%O!yRPC<^*ggcgF&F3^<5~cI9djJjdC7C#CNNGUEn8oV5xhCK-=gC1;
zZ*;TQ<^G{c`C)sWSmZB$#KWgpnUj7o!#z~jiPj5WBXTnWbnDYFY!)1RN^Gm|qFttL
zK`rJ4Er!eoaYtB3fDgoEMLF3CU=-IMHj!TEK(j8RLU>7@azV;3sN;6%R}cqX5i?~z
zNIm&gGCRc&u-L=jzrPO%bM4;wvtJ-sqw8^amWxCwf&s816n|%}P4Pm692eA?IiUA1
zQg|G?9HK*(sDEK4U2u)&s8ToePB-fc<F1ZvD*>Ba{Djea2>&>ZLj+h@zp%>x(Zk1)
z%&A!IQ%H)3fr;(qzkll27l7Vw=PRUsIO@(HEA0RMsC|RfL}MbIfz$ndLQ^?TRsK`<
z=3)8tcO*qX!P12&SaJ}nrRIN(Iw4u(qhRZV5eImbzdQQ=<A))<C5R>i|Nd@(LjkUC
zk1;9d0x;0&lW6S*qy-TB3rmX_qKax?o%t1d_#Y4CxBS6VC|wXr3>4k}Q-nKc`+`rD
z|NAFiLq`DIM32%KTF4c8g6fAVXJ?`hXB&5zIdbe$*6d>G3Iy3?I?1LE6B<a7<QNlu
zytfM=)r8Y%nSe?5A3l7X=LJyw{oMnQ-o-+IKm-r8D^ExWzj&u3jP~+1K=~pblY77b
zMjiC;jvDaaexa!z0T}-QV;2&gAp83#+F=|ibE)Hl6pX8VXlST4>m)13^9xY-+=w{L
z$&-J~N+JE9qmMpuut4bIbPnWyPMG|+94a83FXMR@f(G;5z|?<t)Td~9{9BInSnQz=
zVz5L*Vh{dn(=m+@(e5<O4L}YCp5Q;{YyN|Wj~eim<iC*JHy~#9j<%d0I<W876Z?j0
z9A08TlljCF4&9?GH$-W!VQ=q10fi!+lji=vGiu=Men~j~Ek_FRJDfxwKzF~OtpRwZ
zW$H0t2kSH%(IH6kRHnG!uZPz^didWu>A-y}+||+P07$1u@l!(h-;eqfulsK~Qb^fh
zinfpmB0DBQWJhhM!lc{KEj+h=;Mpjg)T;g+!uM(H@PF&11E(k>n$;QtC`6oeF@DcH
zKW!kt{lrsf>i?D_1(B(RkY>vpNMJ(<64)S`Z4-&mk8Jql*0R}cWjkaCYQ0z9odhRG
z3F0Z@2B0|l%i;Bp9{#sZI&g{xm?xzGaQ2nje|OZUu*lQ?Ek}C9H%<RlP~-QA@&7*f
zJ|(~Sw@$kMO&R`U@s88-i+}5+``?t|S0$JKO&N$mpzwpp&;O<j|81i4|69tiUsmEU
z@}`fy>5n_J!Q{%N;sR&51QpKeV}3t4z{fR4U~|8FPJnKUY<lYH_ow%X4I3Xm4&kmR
zwecr8!&Lh&fW#C1CbE5&l$}^@GPf7&EC%fAbm#@*c<cC3$GN+5Osq@(K|yhh2#81+
z*Z80PaR&Uuh+&wBvXAdYFfDjEIqdjhx=WJ9v2k%vd=H;FemIeI7@IP2>8eVapxo0q
zBVt=v?;C^VEOY@c8yF1L5A)=e;PGKa#NycRijl%$R!EZmmJMeE?iSsZ=3OTR%(bAP
z=$}Rq?)^*_7GC%INe-GoZD6|Hu)M*854AP)=P0$Y;nXw|1mwp<g@*BY9br&Dd++v>
z0tE1I;mO0T?<v6F12mb9k%@+|c<buFJ`nusA-SuMkI%^L!7f~D*RXGK_)B8Zz5Y+;
zW32|f7hRI;onh74L0Xd1&i-TL=MX8yLML3slGT%`NTgl_HIJdYZ03*5&84<C;z1L3
zJQ-l-D9oIld3U#(hI}6!Jh9!Blgn<=eqyf-##MYWu19jqb3N!4MN!TK&Ku*n+MHX;
z$q_$&Jw~_q@N^E`qm0Ly$xSxUaer%X;D%$2PON9kRQB^Aa;=rmvF+)KuLG*yf8T*e
zp_>kA_?8Xx5)t!kXa72)#m%LIOHGkZeEp?P7MtH+2iT-wz>HRJ5vbpndrI-=lHtLM
zZI=ve*Je642R;&3MD4GVoHAz_W&0T;qoV_68w;k^d=*THl!QFKq9Ipcbbo|-65G}H
zI&u=f2<plhLgm}vd}_q#yf<N^xxFpzKmGPcvmr$0cH(rNpD>lJPB~!iFFRN=n`}%Q
zkZgS)w=US(Yg_zAXeFyLujJW#oik(1i`2O(4T)n~eEX<y8hrGckb?ckj>)qR;)DOT
zrn;_+SY0bignx|GylCR<*`sA49Tpezx8zgTFy`*O8X91gHxCvQ1uqd=Ok-Z608$C|
zgDRhuk=@<3^bTCj-TKA8Azr#%7SW@faJ;az$h#|1Luj&*yV^FnIXPSvB@Xa|H?0_E
zain5}QS@o7#D-`MHJp9x2+xDg`L;o;!y4tEC?K&((3k^v?%ylwA9+o=pFAA&;irX8
zCCAv87%tl#cd?GzC9wz`$!S_RSk?$SesOyGFE8#qT=or^8!@=nuXhi1$cc-Ki?DQi
zM$<El&9t+Z@cIuM;}6&K2;i#V3bvu$wMp5%1Lo4tYjYtXpFHa0;n$IC;y=eS;~2D&
zC>XTb@602DdFh6XT=&SxZ{cdpY)>@wEj{SH)nDXbv$+Q+L6(yI^wX3#^IvnLaM>HG
zsqmR(sQE(&&t#yGrL=NwA^w)IT<agsW5HlTi1~qAPzeTZftebaXRx#cuObMyqR3`!
z!?c=YWIR29*ePqrt=8nT%U>G_O#FK<{>{RMu^QQG*`Q(<yIDU%5<k+~5=Od$T?rQf
z3G998u#1v7!%e`C)B`_)<KLEr5$@&^wX?Od!boSAFLkSeOR9J{m%`{Lk5!N4hMT{?
z2S3;xkDwSaWF&EMwApn#@RQQaMIPIF@OXJFGp1Fkw3UWsi^IPU2}u&iOuE8PrAS4Z
zlXzXKW(1pZM6(<@>J~Db4tb~w*;Ltib8!T?54~I|f}bZJA3-+Cnay!$zHLc?VscD*
z%*MF7%*8#U&&_3o$}xt*4PXDgJSV+6Jx?MtNp(Vddm~F}DzJFcCgx%4+|-82v8^uC
zQS&5+z3urO+~U%MHO_s(i)C+3P@|mfU3T3aOg99h`|?d40wku-;Qi<k`N=Q_`Idp#
z8yVm12*qvEMCIFE99zKN<C`QeDl>KOBIz%%m<_=oKM0j}Rzu-37&GVaoY0P#=L81q
z9=`IK+*CEJsYd%2R+DUikn!dXnN6MAt*u$5M^ZoS3zUm)vWuQJfo>VSaipTezTa!~
zjSItjZBsdzNoI|@Ffm|s-^0Q2kryA@szl)L#yf4E6u?*U;HlsftUS_7M2XfGBd@98
zW$&^5D-va{u550-c(L!YIQs>D!P({Nfg1h++v4PlA@n`xsSTkrlI^|bs0(8UXGg>~
zVa|>lU(-}ah$u)(AH6=0XGa}GQU<@W4=dRvpEtLgsAz$OqIayTpn&zmqCZD$H>)De
z8+o2QS`1b6QJE!gME%b9n)sEm?$*BE+>la#=O3K->h(;~TXGkfo+~=f+g{Bx=WCCj
zoV3_-WS42WRI?;z%-!fY4-5S`=&X81pjNO{;khe#H?cpuU%ZyYC-+@;-#6QCOPl0n
zqF3`Nf7p%u83;Rqp0^%^$_fRV4NaR*hxaPgrdpO1n;f1p){yToMn8w1yVYuoCsi}%
zY)oiE9_5pdQ!{2>%EKJh#YOeQ+dd~FU%g1Uyk&bef5dqdJZm`WXdp-6v!<_Js>#KW
zVNo0jOi5st##JbdiX@=MoG=)FW5u}G{TA`$s8WAt^_XM7Oq$PH-VYy+(JlGV;Hz8;
zXoaeAH|CEJOKDHrE?~^AEUnr~N~@TbLH<}^jD}PwErFT1X4zQnDPDkuIh|2kR<E-P
zpDy40?Rbq#KOTs|SnO1H#GBIQYpguBK2rJCj5!iENf@?fIgRP7&xQH-4Bh9K%YJ_V
zyA^$3fk3tfTq#nmTQl~l0eo{|gJB!T&X2?Ugodz#@Y0c<xW>5n0DQO>_dwI^sCj>|
z!I)aVOtM#Q-Ym3VEh7o|+h-)lrj_~w`aZ4hvipZ<ED}tP=2@GB|GXj$2nvFpt0HOB
zPUDl+W1lYNPCIkwGv80~n~dx0-O~5lvw}_w2U%od0~UoEsWV^OEj9*B(rQXAzWo^4
zJd|?f5D-esV~)IVBR<q@$f8CerMCe5d=2_}nCvA&1FQI@UM1sVOR4zYy91?Jl=gG8
zrv5*khy|aqv;@<{^tpXIsuR=GES;TA*dtXQaCRwi0V^xdQ>burvWhR@(2nn2WkqjD
z%w0$RGwQ&&)*Sme8iVXxh=D)8k4!wVIsJf4np9KPkOse8>t|a74EdC>+q{W+mMOU_
zQn^2QaI-oDg%_SG>iWgZIH(i;lP0+<E1Wg6VBZkDmAyo=-qA53IToK~tGYAsNLt^a
zV@0yW_or`{a82<*-D#w4cvD^O)LxC=5PyEhKF(^r3l{^%%oIhyJeQKv&_EQBuf)aB
z*oXCFKv)P&n8IMiqUMF_e0aa5fx2_#m=!pO{K6AGusmm=|5@ovjfm>v_|fwDO~Hs?
zstoimO(}p^*37pTDw!6gKYJe+xDkGBRL<DAl$F>-e@JaUIOC~IT8R0N0a_}l*_&pq
zA&%Sv5M<PVAcNj$vOQt4M^g;URI{DTqFIvl&~9mgnS<wqDyEUu!2OL_h94}t2F2(K
z*44s=(k&+of$z<ZA6OGvd7Ad^!RGbow0QoUCU?hRy&*oIJ(r%RhWCdbBHCYmOCULy
z(#M7?ozSip&l;(HIOeR4@Q05i=c7Y~R^t0g>Nw(ge_Ec*H=n~Z$<mjafqxc?qG3_U
zz@0V9zk&fv9p=0K^6lLs#fE;>sHX!3JRR6SOzp#{&*9e|X+~L^NH)bAj9MkG`sC*I
zT||<+zZgY$>rR?xp~<<6AwT@!*=H&+tKRXmqYX0igtNx^*x*m-@UgVNtbeD#m&m#r
zrApGJ^P~57)j*s$k8LqC*?vBwV66mCv&-tD<bB6%i?iOHYw@a44h{cjLHx<cxi`W&
zp_3sgum9TD>>WFg)d5p=-F(;d^-@k}Z1eN}E;3&!i5y&30ukCDW>nARd$I1X5UZ-T
z{iD@w64~>&8+D&XPJRn^9td^r-g-Wp?;%q)Ft=4#-tvhv{lc-@^4T5LbNR}Pw2=*+
zCcY!<fM9shnV-k!NUzV|-3u(wq`yz*wdvzcGJ8}KiIh_6TA5e^4W=?MaF%$wIEJh}
z)RFvKuKM5l4}tTp=yH3R)yR0a2zh_GG2y^c<cwHg#N^E)<Nd`#azgw|Ct&N?{)cLF
zpK5jPnMa>c0>d@oWJ2=ExYc*|bc+Dp?K-WLJ(@*Ew`$$$M_I@UGn6kVUC6k&`Rv`-
zRUQrjMIISPe@=VocKV*S&`uF#zol_+;W3Q*Hm`QEUxW*=P~~`B<a>?J<l4S_ML|}`
zLH1zNfm;iY-nzcKW_w>0Cx=(mNx7Th4TUNTE+c#7f`@~{C5~?{x469go;XgKrl_O2
z5~YoCpp40B(%U!JcWqjbqWe;Low9)?)A^OiPLFVKaM;9<q^`@NI@e~!4xfddQ#PPf
zh|!D>J)-Xiztz*QysBQD5X&@~*<l&7BMMv@8BdBnTz4|FX;StFg;ure4-|K?BE^!K
zs6b!Nsrn#s@hNkzJdVgSJT&>KPN@>2o_tWn$>F;0`sbKmc`T~l-SZ0UAD-m2m+?kw
zEiLG52w1}TdTXAR#?EW~<+sjq1}w8&iEKs*D~r<d-#Jy$GZ!q`uAa6R*^|IL<Y3I`
z=xH3)i|lfs3mWeMi?Y48hOd$R3@Y+x0Rw&3#Vj9`rW6au7c~XovYgIH<l+Wo(*+-3
z(bN-`jO1-lJ9&XQ(AIqaGgau;rUA>Mv@KG|#R15sy+B*5s*|oE=V4I#F#+aulf_q2
zx@SOZU-$xTy)C>s4&B<Bz=BqC?J@K)$OqbbZ{Ccr$OSye+OxnwIGbULT!4eZpbBW~
zmv2YbOb2n0n*ABTK*)4kZHOwWaA7vk*3qCJ4f@ekKU&~`iwj^YaJ0Z_9G+$Uf&a|Q
WbQ67byQ)kXfWXt$&t;ucLK6V(%PpG#

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/u2fset.png b/login/apps/login/screenshots/u2fset.png
new file mode 100644
index 0000000000000000000000000000000000000000..37115548a5cfe9ae9e17ef1a9267d9f90ee12be4
GIT binary patch
literal 90769
zcmeFZbyQXR-Zx4rA<`fyDX^qOkdjUjkVQ!gNOyM&(%ne6bazWjqjYymcPzMbxwpr?
z*`D`#&bap-<Nk3N1J`8D`Kxb!zA^Qa0*j!b5Td}qz@Uk~5|V*|K>)+Rz*i#O0lqm=
z{$>jUgOYC`C@3W=C`c-0X{KvntOEn{$}cMBu9WNs-uoM;AwdCAfedWNh*`K-$f<}@
zq4!w@ut*~@1U&rFFf9;AJ^Yd6t)tTBm0^@n$^E^Ai#1h4h5426QCZ*2B6=6snaw&K
z_V>mf&R7k&^`GC=-1OGKghth9S`g;n<Ewo|gM4_Z+t${>X#N2Po*5QV5k~7NgLp3r
z8rmJ-*HcYBK29)k#Z~kmOUUKr4GoPmKOQ>F6PyJES3Cxy1zF$5Wj{(87^zFlre>KO
zdygrMPoklBFn40-GpLD^<~>DUe(3t>`;4`P8D@{-sX{mcjGy}%!9+a;1$q~%#zRc?
zCjyFr#UhT5cSshNkmAW1eM6YTl4JK`xJ2E0Vo3+OR;aoh3>hLkPBC@;hN^pR2A0m|
z!jq`t3pE0tP%B|!cq^h<>T>50@LS?h_M*n>lDRRthDYeYh7I-hXm(0GPu{|&P>*M2
zu#dy`a((1LObybELsV*97^3S!iWn1%ELIxojp`ka%6!=k>4FR9asyim9Wm>nrmsp^
z$s5`azP_ij6Z55I8G<TwJ^S1Svg{-|aM9!H_2^vLz*6YF^X_!)H6r=w>;C))4rb2o
zA-k_%XK<;}9Y>F0WqEZkAsSp;y2;yCI~U-blj@CncMm-Cdia2&?>!n5A7L8SXPD+M
z5$G^7%}g6@FUJWMSFki>N+X*EOh3MF#@x@>eg56}`y-f-)kU(&t(+Ij+@9-Wdd?1#
zFy<jdBqY3?OQ<jVmxf7U+7<|sMd@Ld4`JS_4n&BSW;sXLA;bIfArHRi7=*p^8AlP0
za~@&(J^mh|J1K(Dd&S}hdwfi<L^#w@<UJ}<U~t^&-`#z3_wqBp6k@PDb_!+!B7QTj
zIlQ%d-8|+xBK$n=16Y#J4-oj-eeX$=*}TGM@}MK-^hI{yYm|D1bEjQkUkZ!DLwit6
zpXd!j6yM4qY&PKq0SCOQXCeR0Abd7Dp~tL%`a7K09tOp%#`jcOUw=fr+l;wK&W_yg
zX*KU`kNx(JLW{`4oilQ0_(s&zmZEuS96sul^(Wksl>UC2=>k#~*+P*B6@+rWG{SOe
zn^Jw*w!<cG7z`gA69fs%e!W*tIf+K}K3M2*Fm`=pUDNtSEy~P$Q^C2Hr>P=?bBx-7
zcpY#{{tNFkpNW3V{0R4&diB{V^D5KoQ(c%t*nswLB~*%f#xSgS@gAz~^c_3RqgpD(
zGvlt`pWOG6?Npkdwjg7F3ihY{yxl_7uKIbV1#O;Z0e7#~p0l2W=RQNr+Jg8#%h}<X
z${GF{qX$#7@4Ofi*&cEaay+sRQlDqMCv3|DX)k>NYtTy!SzjYRoi>g|okguhPDDgR
z7esuoa})uuw_Z$MODGDs7dSi-PbjRg;>$xR9-EL8kyV5eht7s|X=|0@zX+zIG$U7t
zU<gYN=cSgxEx>u<@7&JfkL!=-UxlMiiy0XhsVEi@Wf>_J1*VyKLnu%6<RNWYR84nY
z6m8_dlQ{)qxzyb8T+i%`Je<7Y?6<N68S_s%aMV$f!zEw5su9}AO3S|UhBZn=RfJop
z;Wbf;h5;4xeR?l>A<mau89~`HZ;0Nczlq6_&rXuv&P-qLu)fb7)EMjP;Tm$S6MaHA
zO4pnpRJN%*6L%~vA=@V|ks_ZhUu3JW9l#+tqrffalINIyfsIz~UDM$llu78s^3>>_
z(KqH9W`{VhI1n?5VYBk8vW7Bk`F%qh{UF0F{Y#^O3OfV!Z^WaiTlO0n>&9a*ik@eP
zj~ox;ZkmoYq+EulcE4l%_CP0)wZk_lTJ3$(>)rQiS+gG-{aiC#lUy6FvEkEThe*G^
ztK-jW_DwBZc-tD~UEz%$g!J-tx^{Zv%k7sWK@x%KL2M7$2+`xRW6fV%zBZH~jt`gM
zmUu2fE3x}gqwk|`j;>R0ZLfxv$f5Qj%3(ZSu~&rGpk|2hsd2Ay%tYEmRN1adIGs}T
zM07>8i@bH-yF9MEmw98O-lG<yDg{#oO;hZX855669kj(u(8~MDOe$TB^h`U;@`~%U
zBr8wL)V1ccZ#tS=_~(nqQai&o*~ctCXyq-jf%HIrvWY{XWvN#6ho)<nuL++=D)rWH
zdRXk+DlJ)#u9W3P<P9HtZY7&Wo939Zn0~N&y^6H@C~j!CaJS!vcYb!OdC&KBeD~{C
z&RW-T{*m*l&V2hR$M<6ooenV#BAtel%Kd2j<df?!wmL<cRc9&AS1u?n94^$2VT~(|
zl8_@v_?02#<rNV`;j9Yb9h?VT<(=s@eJlF}!~Rz(R`a=^D@kRf?4=wA%ibNn6E#14
zYi~L~ZDK_-@H`F_H}(KdfSqhgAjvb%Q`h^NiG-8a+O_>^O`}qSwso>KXF<HhsD)R^
zUc@-q9>;)?I>0zc#$Wk?9MLi3B&e36maT(BSFSfmF-TFvSoYD=r!+g})9Y|^h@5!$
z=&au=7VpiHM+o=esjB3cu$%1HP>P9Hi-S9~7SorE7Mm;utD~mBB7j?VJTZymt0GSQ
zciZRsNwBI>#Sj><X0XMv?nX>UR8pc*I#I<?p`%W;ST4jzzK?XFCXp4C3CRe~63!aQ
zS{hm!8t{FR_C{L88{APEXj<Y`%{Lvt5m)orN(hVMMFOG@eYauwx6tNnL0uXZhOM5H
zFNI&O%b5)~x^!rIgnBrl;~D0vuY`lu`z2`yY3*s16*ddr)|Hy!8jZM*3~qXk6d2tb
zT`nT{ay(F=EdDmW_GFAJzCOJEbSrI)WzA@9ZS}P1R9#&qMUj-cx~bWuwUK0y7s+jX
zTEEF+tYg>fs%1-<RX9^vJ;0%T%&i<!^1X9k!Y`hKjnibd4zW(Sd}UUCpg@k2hVlg^
zWNOvaXuN-1tr`LersOP);)vXt5}l@=noz-eJ6hgjJ{GO2-V@QYD{rqbygNGCU~$^X
zeZ^gM;<#NfmDNzBKNkaOfpFiwLT7$Ms1QxuM%>GDb|p2OdXoH+SB_+q{jK%c6z12k
z+1%pXO2f6yO~Qh>z6$e#eB1T)mUPul=U|o*rBR~ntTB9|yPZ0n>er8M4jZufLCTU$
zlB0=C92J+$$JQF~!^QO)8H_b0Rn(O^m#^nzM|G=Khnf^2mdp9G6aH4YYpltjqyb)D
zSF*Jh{eWtnGtF=9*Q1mLAy3=i)(){Y6&zX)uH-3P6}~mpt5C1rbUpsgGG?S#_`Ha1
z*1Y!X;KI1Yg+iygq#cJ1>$G*_#PG_uk!kL%%PaZ;6@0VH=|)Q*tF?|92fMmm;n}U4
zraf0P^d`MM{>cw)=w&3q+}$pL4sXwd&P6w53$mh`Vj=Q#Tf<I;16f5&N@ryvkos$d
zCOyct4e8B`bB7Jo8T^qCwjcC-uDom2p4z|I6T31ruAWDa;<asJb#d90EaK&SsrmBG
z?5o+pCVJPb>zyx7KBoogsp*ou8Ey|Q70*N=vLkw{YbOj})zt#&A^w-jCw<>l4o_2d
zLpp~#JKNtP+gal9k)eR7;Py_Cm_TiCeA@!6K8Ui1M;UywH!u+h*VvMM(-DgZd_<a5
z9ptvCFrAnz{lb=y2e2PYd*Z*}-d^G0z6AGgV0#E(E1q1w9{gYuVA;&8ZRmX?K6g|8
zjyw<kEDM6)A9uH-6-{>xfUo{KilVv_5->EtH4+R0EFlaca0Lte^1wd)*Y!)-Cou3o
zzK4T>@iBlw`12V62LJd8{qyfXKH<Z?VeSIoU;)4ODR4iZMgXV4|Gb8;gpT8v6%-W(
zK4rBmb#zRv^v$emml(!@FObb&DOth5;88+<VMS#q_JBQ&8N5-nR+M<np=D<BR72ZL
zQ|GC@i8*v07%qDb;L=3LT7%Ty#Msn|!=9V`#}gdDHS}u+a?&4<SQ~MZD@sU_3YuB!
zkg`5~_VgJ!4+<$MDVL?TE{BZJ%Rh$$e{qxRTU(oRFfiEJ**&#;{?yD;kAd;Uix&*f
zm>8It=z%BbtsG3PHSFn4tseg|$<KL&bgZ;24a}_#%uGq4^J-|C*;sRvlS3E!*UumO
z)Uh}CwUVjTpT`0Y$N;^=!1(kT!@uSRhH^o_<&ZM4*D+QSGB5#X2CTvJg5??4kLUk!
z=hupV8L9YdBqQT9roRsT%dOi(<*alp1<g!=HLZDm@$1jQf4%wVKrRO8(f>k<Kj{49
zTY%6!C|nHxVj2%hzgL_vz{f`hLXvNQPe96`Kd@84KTrPngkIMrJZ4DGfPvwI5f$Qp
zV-Nd1@oxQ!(1g#LnqqCwY$gp7DxE~}W8akbq%<_-<9rB+(g<`&$sTCJ2soT+ihPK;
z!onq*@WMDH0pD9ZaD@H8^{`GtR!KfuMRdhmt(M16&*-@}%}|)>Qbp)lT1L3dI_ND&
ztC$klQ6TZbz+t?HK_G>J{dMV%<&NnYfrWkVA9sL<NFTp9Z}Ix;<Nq2-gG8F}=6&<M
ze|_<nSuw!XcmDF{zb^R@VLc;Io_!?y-Ha{BW4E^U$JE)R@6Bak?>ztew*R=t$G$*#
z`#?YL;38mvX+FR6{@sj7pttb9J8X&vOp7SugWliWgIVx2`VH}5k=|hNvFE^iAowR?
zVF3b}qy3iTC~!z1+;`6ee>bBicH!?xN-D(<vycIIPxlw+emw>-iRE`BMffk1en`!K
zne;<y{;NqpRQtc0^ur+k*WCTE&HwdDKOCt0e|^&bCE%cq@)jPQ=PY!nX@B41bWm_f
zDWJkM({wxae$+z(g05i9=-K&tGVKk+9GS*)BYHW>YzDfz+!B{n%j3~~6naB-4WEXE
zdV$J={iPu^%1L@b69|L2$iDac88vUL>v4il#WSV^lLXb?+dDA}Pg1qVO@XLvW(V2n
z$yDv0@|}Wm!-K8VhQw$ul#9tHMBE9I`V!-&WppfcCIMn1_e2cK?&02fs!?~Nlf$yW
zC1})Q8?Uo+emXoom}YLOQJ1WfotJgTt7Wxxn8xgjD>{#zZF%vGF2R}CoU{SwBZs}d
zQ<j*1((?Kcon5s11;{L(+oRu#?)jU|KMIzcG~Hg;qb%ndmaZWB-ascfvw})7jAt2H
z*^sJ|w7`MZgI8sKW>0Xx9}9p_e0Sl}(;u70>b#sO?RmNdK-M@F*YlMtZZS4oEQCpH
zK6ZnFtjY!~CSv<}jb@>sY#gC0c!QIx6j0P#!h!GTsAMm!j4E;)<-Pr*_V~0>=y7#q
zdUY1axC~aJGeKFAaob!4hkJGKO?&T8_L%IZi?!Z&hNz6xaHpnfDA8crE=Rkvh%X>N
zH@0iKCxS|;0$D+0Z7N<0yQ?cF^(wW)^iKkgJQQG4pcg##ffU^NXfH0ZHzC-OtCP+6
z9eoPmO9ArQLuK4btDeE>^24C12f+`%|3Sk`9d^SfN|Ptv-??1816{{=GzskGp0+kS
zDMu?mQs(%qBZ=07Vq>g2|3LX+Wu0PlwfE}%>$OFr9s8FHuWJ?MS*j0_JxAX>t(zae
z;O4a)x36oj$*pPT8Ps7flQI}5US=9rRf`T@M1#zt!zn~Ny1ICRdV&WC-ZC7kGSKE1
z*Q*$0;x>FNeSJ>ljtCb5pjLzVO!FIf^xC^SZpDL4Iq9^8)gCIQ=PNUoL!WebzkmJu
zRe+fFU(o$eAf57RzWFYR_34~jlS;LDiAwRi#=6U$^VtaXT^0V%#QTd~C_B<2$~B6i
z^hjI+0Al5j@u+9tIrR{I5S;!=BEB+TMJFn1rkl2CI3@ZU&Mh!28}pgSZhFPE339(m
z|LbD3Na$?CCrNe0-H4p20zsn}EnS0ywhAR};g>sZ^BN>9Mb2VEv5Z=^3fu}Ch2)mE
z@iZTn`;=+j%#8CPeL?-fQ8MF_^fmlRd2|pi0L_`_2}565&bgqMFBXe!B)qV?!#jHC
z2u<Se;Y74CTmT-uCEK)lnM%FA1>T0Cwf1mOkVNO9cGu2HVgLPw4BEG?UG?_+@UHg#
zf=Vm?-|H_npA+qid$-0Z-->hE5OD6U%-u9Lck(IC+XZQ-bs6UM`IeP5L}CF!M9mV3
z6saPwQ*hc@50P;Yi@YFnPK_ix*Wcov;v>vZd&?P{G2ZVEi+UfF9aeB%>P0mrp1LRq
zoCjipyI)iFrIB$2;LXgTtk#bz8)+Z<Nh-s$WBhFvAXX?x(jV_1QMk#gpfAGyL}R+3
zXsCbzHr#adqdH&?%cWk?9+4vvCLNEv@MsnIdz^xVAn<t{lUHRQg_bT^LY6BH?VF4^
zz-sTp82z+JhxoHh@AdqK6T;Y_n}3Lp8k~Z<OM#nu9fMIDp;6#Db%02z+i|6T`j{}x
zf;Lvy-DV-5-cKYa&o`bJ+)0d5(Ea}Q&WGF648NWa=G?Jlo3$<zkiPf|o5wD(h>0}|
za&P-qCd3|_(bykA#jy-I<z4sL;97=n=BVoD2#L**H-B(T-Y{N~nV+vH=#(WFRxh@;
z+8pR$NFFdpU)gv@h^{XwGJhr8J)EUF;E>K(jeXupm5Tca?sl9fgFJ2CDzVdFw_`gL
ztvU*b1_Q1j7d4rZCK?h*a7S4jn1n?QoC>Chd)7V@%IUs&ODL>GNgozkElIdWe$G~L
zvANV@TNI6v%F?&>j3Bdp8>OEn`1GxPGWyfyX=S5=E}S;O@9?>|!rDPp_h&36vs0sr
zTDm&8zMv@m=#NCe>YLrRX@2*q7laIEY)BHRKTh1a;r}};-}602;yRoEu;WjA9b2K(
z$CBrTt;5G<AQXdEfC<dNHzf+}|ATqytmD?bRKz#Pzhcfm;!OzF$LD%#tTHKyouce_
z7DY)*mgzCU-h)}xEnOan0S$B;(-&I>oSt}6l(!}DNc>%Y0<AOd<HCqezu*t%-x#)6
zqea*W%;z$Esk+Pbzd|O$_JKd|N)i2is5>ks5-|wnemr?##xjA_P_`}>GHJp+3|oKw
zv{q{M2f1a}7xoGFiczys{?4t>pOId%ODk&yF)s)?U`h&UbcrE>;J*);dSOFS_SgyD
z-Ic<<y%cc1u}=2=<4nhd^+D*<@4er6nKPvXzrvNUW?xY)HZQq>4QA&8-x-E|1OIpO
zy!(tG5Ex;~1s+Cdi-5Hg>Kh?TxR(N7iz^Yy+s4k%PQZ6p3h~y0WEe<{V0jgjmsH-?
zkA1Bp?2sg~x?utPKmgNg>KWlf?D&LJ)7OH@XjJR&AYAU>traPZJ3lsbyt>Ov`Q!C<
z{R1)#aJV!J&*K)+WYysy{j_?r8v)+D;EwJEi*I^&r5@cPP$<$eH`p4<k8B2sd}f*G
z8@1Fn3}7pdkQtH45_6HyTd+bRz-{B`e?Mo68XQ@N=pH+=z$-;tLsi2@@NsdI8j#~~
zIY1Y9m1QW<SS-Z8AruI?m08)OeCLpmEu7==%COOKAUxfU{Jr@%KdE>KKY~F7<y6!F
z{wOAxLt2aX7L6Q{+Ze$I0<T;fRB2@oEAl?L90LT}_~3@Y&mkA~???5<axw%+<S5xh
z9+2N29Oj0>$AKGi=(UZAil@iRp*yl66#9=1lS$z&QIu23;fVI(Z|Y3Y0cYes5&3hZ
z2^W|n>^GZz)6R}uAciX>bLi!$#2Nr3nL;3#2%)y^1ze>Y$)4B{`#p98kx-Z0)On1d
znUG&OnLBYAPx)T4vbvqxVUfw0%?FqO-9-bLT%JX~ku-r$+1gDWVWExO2kr07<bxo1
zbawT|LXbfm*liIPmt|vk04w?Wv4j>4a}T(V1_hNypS{uhfHoQsP>S|<mcqcHkpjzq
zSrRg^wjMT?^M4W^-kJYMYa7U`Ij(!qNK>fG$t95{%v*$KwR7C!&no5@r-W=9Bv9X0
zdY3*Xu-(W!p)hATIR_7Ok517fyscYDjT0dySrRG`WH(SFk$4#ZERph-(%&;T_oRpT
zWWfSUzr^$JiM+wra8|4RR*xGE{4LTl7Fgv3O>@61HH&n6+eFJkDI5dA^$f9X&plZ7
z!sY@`VrrAz+T#UOhAuF{)~tzbQ5ORr@f3lR(b1R~%cZ?)d?lBp$o@6NTgm2NS<&a#
z(vRRQ0<k?KR*(9$D-jkl#3!L62x%pYy(o!64x0J5P>4RUJ3F8p50HDD1L##;n?_|1
z+H}SXlcAe*!SD>p)s(yZz)eS)urBhUQxsS9`z_l1sU&i6ucEjUgtH)IBt5#AfV7wL
zdhAKd<r}&c`vB|8A(Y%+_YN#=ho7=M<@+}itrOOhBnKtNctHB~>BVDT;%)yoE668+
zRvL(e{X_0R&-6pE6EPP>A&^NER19z}DV|V>t#Ce<gNmZa??(V?Aw*w>fYF1OEG(8(
zeQ)ZALVCDia8Kfv94wnCk2MJg><r{iy!&uGDc8w!+Ye{^eNL!3oc85C86Q7-{iG{^
z`22W~s|WAIOGhjzG)Ct+V1%r{qC3E5<bI3-nGMxm)4#QEx><PPV=g0%#d(Xjj>w)5
zK+pBa6Naa-kBNyEGElGoGIGH}Mi}Gv5M8L*1=R4R+wceqK%_5gh!}Z_BiHq+TNgf^
ze!>_JZ>_Nk9U#LE9zFmIT5xQe^-m0i^T8}oguYT-MZ}<W`acd`9|g#@OA%;2IhRnD
zMd=R60%=%rFDj}0NiM{pZuEF}LCNOjwD&`-N28j4xAl4kp*F}O?Zg)ACC7HrWx@;B
zSYUjtXeK4Yd&St?leKMh?jtFAoDl2)Qr269?js95WtYx-DI%g0l!wKa`#tsD4~bd@
z;sMd`0rh9na&6t%Q$N%cSNOIl#_>bdl)f7kG+8Nx(etVPJTe@VoP6vExL=Bc5P)I;
zb1D%R5PrY(Grb)yw#E2#!2V)@neK_txFLc3REdF8Gtx>LqqcOl5`+3X*_GyUQEpKi
z7HRl3bZH5G0456>a&WbXlAkHUl=v$-Xij;WTQ=EkS(<)8L%MHN(st+XhAhPtZd)@U
z+hjEKAt0P0e+Va_Kcd<se=Z!40p97!{k+sh{trq+5PU6U+(?*H5rLgHVEh`e$6oS4
z^TRE}fCFcrz?=!%G`S0G@8;L`JUac_{~<r0Fi1N@WgXLIZU0I;Tu*G0Wo<#t1jQ#M
zx1d^fA`CI8!jAtj;d}G&akLT`P294Bwn`84MOv~BKVhs}By+z&##qX@=Ft}bG#JZ?
z4395gQ$A@t8Xt@!8mnYO7e0Oqn-5FA>z{V$m-OE3==h`;q`|RxahVYecnk`epPXIs
z!X9x4l;MB5mbbZPSnF+eH~=L5R?m}@E)0-#SPQm|Mt8-}1PO%q!uXcqixYYO0Pr9Y
z9Lk>N;jg&=Jix!16i{8Y<l(R6o)JQuKS=}lMn!vdJZ;|xAUx6Avu}d<0s)_xf=myU
ze6K&brGf#*b6gNY2Hfdygkg_8rwKi75Y98AP0jazl6GMF)g$3VdVY4%jGv;0+Ja0B
z!sEZampDNv>6LuFN=i1A(gEc}4FWPl)W$}wrR}jYKiowKpyK40f7vCSV!nFhlz!`R
zL2mIaNqNuL2bEi^yUfdb0Fj9>|D|F7W_2i?Hv%|RJODcL{z+#%Pi%*TFWdq1#s2~A
z0JT8+hgv*>sznyVrZF;b1jw%=ls*9Q^bWp!h`H4EI~xa_zz&^x=?pjl<frESTl&F-
z{0GGTH^=1y(|O!h3T7XuUvhqrxb{OS2#JX3nZekuZC$0u;h?9jwk`l@z?$fU^OfuU
zVKxtnJN*tB!MaLv8n>(ijC&kZAy@C~e_6l;V{wxINoQ8Fgz2@c$F{FUjNSiXyI`Tp
z@*b?uhYc*l`BR61A$0x!zcN_qXk%5mEw@x1295>$^KVWpj{$b3Y-2BZbz4%TcwsdY
zhUe}|=)<;%YBIF_NmVLOY``AgyKN8kQQTixt-atS$bI-QK8Xc@spW&^m=aNhls$Ml
z`_J>Ed)ghwP45GUr>*g)vPvL<fQ5f&x!c$c#3YBO?gRGY`ltO!Ghft7Fcu2L4xqg4
zM{TeH>pjCg7`XH}f#O7v?!97rK37S>lLU;Vwng9D4jUT@;5>4Jl-omqjhCc<a$X(>
z030Rkx2Z6Q0M(aN{7o}>fC?l(so?*^bcp=JbnpSvEV1r&F$MJscmLcvt0#8AquYD#
zd;Gpr^zZ_(>12Pg>0}9t%eM`PJ~6-u<|4^WD0U}5{;9Ik?0}<b$Gq)ms4zZ0w@Z4s
zk46CHgC3L*`C*vb^i)0ay$f%D<8T2_e{~)J3Go8#^8fNcl~7w=%$}#29`qmR7GT4E
zuhcM%;J6`t8vwpjgt`97JbEOMeS#vwKg8@lEZ1)zK3rpv5h7)aPvyW9yUi6tsB@XD
zOTk2gIv4Ms1jK+c{C{sCeJwOG|6vkdKutnIV|E!OU>J{n`cHoLW&pqZL-4GSfRJ|}
z=xjAGNMeAHg@Z#`f7%zl2?NwKD*gkd{|yMCwus^_wcQ}-4J7HvdEF9X7z9Hq;81a#
zDP%q(z@dEq$3p=s1y&!Pzyeh2;-^YM1IGXNhnoLSC;+J53m0iUaX|Gpei~|JAUV~p
zWW5^18u$B?0-DlCG#J_nXt%A<Pwl2m=v80NdnZp6@c6cFNst1xp*j+Pm_Ql+;TLWG
z4G&j)6JvsK9zYew5UMcMVPRn{m8^6s3DlI5Z@srKfOv<Z^e65@Tv%Rs0P62cYH*js
zy}dL>b}S&yhCA=Q9}zE5lswk_6H;Nf_=Q+3wu=I`lj62eXD0(gHg`Wzl>-q=3I1P(
zXhIoe@eip(hDx2MT6PnV)bw-t>5c*9{C^h+pS&!~|1G=$kXQ{op`|@w+=G7_cK|!9
zBbROd2dC}Q<ZZ6Phn_*|wiTA*gnE~aiasErJ21%v)tn*UPhvsgIsv6;1oAyAi(G$X
zVl>r%TIhf4r=Z64c37Yy&At!dgn`oEx=p~j{8Rk?FFF?wbIaW;VWm(q-I4#bTlO$#
znnMM}$@}~sT>}~faT)Z4#t$a~KQ-w8qay&RpB@1^s7;G|4&}_~moKk0R31jt_XF|h
zZ%~=#ZUaw;-%SvJG=B%{e;4CHqftgMkP!<02PAZddXGWW<0@D{chG<8&cC(5zq3Ek
z`1-dw1pqJo!&v>>hXE<Ex=8Df21xwvm#O$S!8gE<|NX=NaqME+#-?X%>^PbYtr{-9
zd|6)gkxqrt$LdGMa!drUGGQ*i{Osv$-Jk;FBI~R@d>+kh-$^R<90~)cVbNXyVZNrw
zPxbl_$soiCUOueYHwFMe^lcUnO8}tB=9KSwa0mdJ(Ems01O%7A@nith`<=)A{|UdL
z$(Fv2g<oNdskV?)KvyZQ)tQ4pprr+IWxOEN_%r+xV2AOgwt?KTeQ$ZW+Z5wV(S>XK
zjm-rBbwGXh`n2(<$Cbaap-@K7A_nOL!K)_QPexLCMtC*)WA0j%{_<vgB5-xPjdgX)
z;o{2YK;{319preds#3`v2H^s<_Zc3&y2fg)Hm|U@Th(DDYUiMb!A{|=g;zYUTch0!
ziPb~nVt1z<tK_Yd8N0b_^h%tuy#V#A7RZiWlT{BxQ@zvdVbWUCSsUnSJ2U$+6(*oL
z5svAN0IK}uWGg%)&S#g}6rh@ExjF877(Z8yUq6rNb!Qi7N7zZQ>ZcxeoH*O_;r$L2
zAFBnvo;KY;cJ^A)8OFzfDonH*+(VP{u)5VaBNUj$CQh$JW1ziA6>~7)>fzkkOS_HC
zm`eK7@+|H?$O5{Xe!NfO2tqK|!K>4+A+F`23$*Iz{!?a65R^)Ov-Q}`@*%L1T;0v}
zWnF|MPfbN13W5+!2zDVn6tC6ammwA^0HO`bglXCkAU2{{G&8OoaM`iing4+Pv|Lg>
zv7d9d-lHHUsNr;W%4O-{+!Gw`{Wk0w&e{E7k03N8zIPjx@6Ah(PPp}W-oo8n&fQFZ
z6(QLM^Fod?;L$eC+`ctO7r#DOozM)R?=1^g7!ac^(B66IDV;W+la(}?y9qGFTK#Gf
zUu7zvj}L$bEjFY;CB$!x|4$t^0baEMLIv~O2@LQj<&dvxNOVd-q<m*8+0mVIGdsPM
z>_P51s`{D7l)0csHF~t=p%GABFLCOYO$tXF*chI)8B-lI@J-;toxPkrwe9YA{qR{y
zFLC8$LXSi%#A-~<sUV)kD7uE>K?wJW;^~(94ad~9h7VEg=3UPSzAzn5AcQJUFFX1!
z2%xd8KhYSFD1>I>ezU2AXQ6uPuLzU&&pLT|j7#5&Avw>(lRQ&zBstC&snH64(Xm~<
z6l|JkGiqT}So0|$i&9k#1MP^}?I0q#dd7CDFJD#=6IbvP&5X<GjOmD+g2}e)M335P
zKhNd&QQItB&j_&RI0K+S3mh2Gcy#M$2na;-0Ni3sFl6<N$Qjit$A=S#rs$hb)@arC
z{aeKGTe{wzgS{rN_e0#OL0k*SnV*O)+Aw!!c3rFD8MR&-ka%Asy}BB=UkXa}7Fij3
zo_zk=ZovzGRU-4a=V@I&sVR9vB!<QV7$}(0DWUEJGJ6&69vlBNk^#)7w``xcIn#(^
z;EBMyE}$~UG=A;8DVw}`eGt=BP9w~2kg8}Xj}v&*`+R^dp=dGY3#~^?0$jAa=_{BQ
z>nR_mcinC-^Jin~mnnD3k|FsjMg<j<#A_nF7hz5dsOsb0K*d*}xf=$^ifF%omSrvn
z2v8#auM{hugBuCSBU{^w%T$|t#(mJzVE%Oq3x?t(fQ|1}b}r#-0hBsOM5&;Dm7_Vc
zJOs$h+Nio4q~7nC3{$cAox6(dgicvCBef6vN~A1QJVv|y|Icee(JYwdVN2JWEyhVy
zcS@j=)HQ!`SUF{Cl~>g0m@42I0T)c^y3}~N1GOv83tYGZ%O0ptpNx;|--ks@y%_K0
z88wuuYUxV#A>QOUj2$TN?%7&7Oulh8ipNFr1&~AaeIdZ??sNP^t$(H@ezR(k8^nk;
zLagznX9QOerQ1v#-f5`deTxG_QkIC%#7^HA`ngZ1<(F!4!OV|C;I6%ol1}S8yIy+m
zB>{<I2SV{(4#4Wp{S0{kbovKRSpjiWF|BFu>a)K%+5j^sS-KMmDVOVq)g6zjBsP94
zEbXS5VArOPDbJY8@0VW7efREyJg4ZJQGQ9sXT{O3@9uYrzZ8Z5%$-x>?Ivm%`gq_v
zRcF2+VAqPqR{hYd{_6&D&Qd|utfOgWl>BCuVU~dq)WmS8p4v@Y_^3E-SIm5hH{Ar9
zfky3Sa^F2@%5vSz7iX7l@++Dw%-B%0*=~b9EKQVMZrXJ{tur0qKBX(S4Q=uBCiNXt
zwVR3B|HhJY>ATZsli{@6z-AP(V?vl#K53YzQ`VMWf6(p1vUYvBYc@i=i>6A;F;G%c
zlBz~hOKc<g)uAtmo0BuyRB~C5_cB(NE5e!Md^rMDkpJM)yMgD+W!Z)B=}f#?;|r~H
zYFF8vfD4r(%UW9--jQ7{;%}_R_qR7geB^Ct6ZE_H$C|E>3k1Jh3O(Ppj<~4tv9o$~
zFbd6AAD5VY3j^|dPLF?Od0sl>SO8HNU6y}=UyC2H<&n*6^>^1NRZTTcJ2hGF52+;`
z{GGl<BrPW$Cakgdk$&xi4<){8x>{kV+jU;!+_^d&U>ME|LSvgAG^rSoH(g7#v%UMs
zoKL-_WoqvF<U9KUDVENC-YfIdxUqVwkKr+ZeKZ**_Jb$uYEV$e$_s~sH53y}H0pg8
zDZR%5nbJ#knP%#t!|sjh;e~8S5*#{vhqzrWnV!zr4aC!o0d8$q@1DRNzjx}8O@*1E
zq?7V@hV;ju>6=L@xG8P`2WSnnifQWBZhVTL-tQ#Y<pCz~p)1JLWnzaM4VA@&L^Em#
zkExo+s%d!PPFr*m#q1*s4*)Ky7g3oZTi$VnR(<2BV%H+XDWRh78>`#3^J$Qob1P*2
zF7Fd(hhF?ao1(1))m=vgjm>UnVj~woLik4~^32obN)@jF6Kz{7FAyGoAuU3L%PQW(
z3m8YG`Cc=?VP_INi&Pp5hRY{*-fQ;SVo?7IXs*hW%XJanNtdH^5}PUGG6^1)Z?%Qg
ziJggdv#~2<W&-ZqfT(U|95{A0USDj@0E}fgttfJ#zvNy)-DD$|9uT{jF?5`?6=iq>
zb$N-db!6*032qS*tX&8XXQmFCCfMglD{Ye0&$|^$FXM#BXt@D;3{0k9YUTQ-#T-2E
zXMcPN*|5{6l$g0(#BUnk2E4LqR-$cbX{7PK%WGM|t*XMyfbg9S^^0#YrKx!Pfpi?R
zwo@i+_qq1?PCfAJQ{GhFtF6j26Sx4>Xa~%(kx?8=Z$l5Dg%d=T%?@#3+_yoJsGxzo
zxl5}$r(Ilyw_!6elo)NIZcWyWwIRz97qSBwxu*(E7jmu&m4$OPLLF=k8xo>!mtwdN
zyd|9%vBBhWJR8?IH&jr{y?&%Hx8*oG7v%hHuC=Ouh2BBdNOg#icZpy?-^57R4PX5z
z4Zp(p;*x?P+SVZSbkDX^L){ALkE~1u<#osf`whqQJ-5(KPROD9i_RrCwF#1en?rTM
zj^kaR^RNHfLBosL3pv4YGiT}g?%T7qCV8~wz^hiiR5hZtHf%{_m8zQ$yp21xThZO^
zCikXXzn@gQWgDvKjc@41Jvc=_>$17@+1&>$Fc;3Q;|7UtpVr3du!-Y&kGfiJPXM_t
zOVym~<r!e5Rk}$&Dv95i^SB<5D8wJH1g#}lfpgRtn3v1SRZq!9bLtEEX&nYW%FHI;
zT&*d|GdM<_w6EFhx8tjfR8}~gt_n0Pre#!~F*tg;?C&2;UGrCNTeN_0%z1Y@(?Txs
zGnQ+QFRRzn0t9ePVp`9*(Q3gA^3nYb+oI=**QsuAPjk4e3Ifvc3HlZ{1sM#Zy4!4)
zt9TE>LIU$b7MF#4WVl@~#@JOlO)9!Joftf=>GJNWG1FB%p1THbDX7}WO)c5OYD}Zj
zsuBsB958sBY;D_Q;XkT13@I#_yIN%<LSOT#3Utya%{x5OY^%nn=NL7a>2%!>P}g3$
z3UE1KY*^>n;hqueyj<hGiG3@QwbeYi+kh+H8QIKH<hnB;cdEv~MUgmX=5{$H&w2bP
z&#B6Wr=$<{$<l0kg<NHF)M?{sL#EcInOwpmt999SdslVscQd=j`>F%m-%@rLwu9Rn
zS23!;m(q3|Gt_sk%x#wwH{BT24LPNs9NwQjC#n|>++*Lj>xo=;t0gM?QLXI+ax~Tm
z9EeQJT}whqm>0Dp;^B79M(UT!W!Z&FF390NFB!U;#_QPX7tmDk(bSg<YgXd~lw4qW
zF4oggD{UWI&Zy}n+Mp;MQ6BK#oJ)2|Oz?)*DKu=#c@-^qc@VLJIk(FLwW9Dt+~#S}
z5JP>uxeR2&8-1OmvqCHUiy9voo(b`6h}SnJ?H0G*cPOjbLCol_n4MPAxcYpTXa1_y
z%&3Tc%P5O0{z{y`C#iH%Sl~3+u0EY9ZxSS#oP2$h73DCwJ*cpMg%fQtt8ta&Ev;8Y
z47yPDo2qI&E@+|dv06lTJNp3Gnm!a;le3tf{J?sNT8WE`Jch9Y8sx5kz)x%u_~lIK
z?x96P-%!I$iyBU7w1>vl%KABgxAiB_mO;E5vlpXP^4mN5r!9UC#CCHoRZde=v#Zv;
z>y%v&rB1aO4vuB&-@H^~;TTYxN_T2<ooZI0f5hkZaG7k7R?y+eW)hAQjORr~`Ht2>
z!k`N`NesFACqu}@fNSLtH;<cJVJ%+X=K5%%M$&V=emdN;{=DSNGMnAwmdv5yZfemc
zx0$@C<@3y@kQ`B+27ApUJwu}Itm{CnfG=e%C*bZ=b+%*LqWaq9R2&eILXslTF?y;Z
zN7%t#zo|GLFAS|_#@!p?#pmWKXCjU^RE>$I=gEuYvLLA30$wN#|HAXD_yt7Kn(QOS
z5}06$r}}3>EE&t^18%OXo4NQ@-0La~asH$X_%5^t`9*5|1sM}}DyJ=bdJ|Pl=N$J-
zCP`2AZiFXt(+VU^Th0ycMAe8LW#_JcAh}9$I<1>i9d~I#21R;5R!n=@7)pG<U9r`5
zlKagj?CVyEd~G5vCa;LohFzCW;!e}@j3?^inpU0LXA7!`M+f+a-%ukKsn_{uYSmiY
zuf|M=gw<M^m>*H#jR?G;Z#7T0SN<9*Vlvohe+O-wq+{3MflY3~3=-(VDPzvz3a-HD
z62J!)PC#^!PlGCYdJm1VB>ek@L^j%WPi#c7Cfdy&u{v1L=|I%<`ht5|mMzVv+hARe
zOMB4mh1n%}5^oZv(CVq3@|X=#Kxys3=43g$=Y=)Hu+13QS0;Hq&QI?g*(T#@gP!1M
zkz5n}Ncx=rqP+gNpd61lMfg0ebOX&sRgq(R+RX0T=cDUpeo=Jp&E24Q?<GGs&J(Qt
z1Hs2p>H<+Lk1{veXU6L=!51~WDyOs6iJR!iALUL}(Z0&kVI#AjXBb&51+n!fk>p-T
zFUEPsxyt049{>Qi@`#P{xY{wv*9Sf`nrM`p>-cOrF9w=WUYYxt&ejFV>@pFxs4AT<
z*HkE+Up(HEN;JB%qBEeu9(;y;qxJMEPb)i^q*Yb_!{jo_oxX*~g#L>pwkl7jy4OgE
z`%J5W9DvwyuIWuX$3qW1{DTszjuj80=V4Q33_EMrh&69wHc!-hmIULcu2ZM10T0fS
ze1)&{JUKWsmD!cfhUc<+x`<`ClUFKkJCATj>QpMRTD^Q5ej}*qFmd<MDWgsY#QxMc
zJLYClo_%gOXk3+xCkek8g{~nqp~gW)Fz3x^C*?DA`WUAhEGf;R6C>ZS3vP;<Hn(*_
z5}Fk`$OVz20RTuehI1;7*oAv1I6xEEyEoTGkqSCfXsR+KZO2X;^mW$-fZ^`AqIYPn
z3{^c}bgbBJ_Z4W&MZ57(rzu(>pP^6%snvh+PS=0sA7UkyD=Vm1&TxGSps-f1NPH)8
zoAvtoH3?gjO=5!Z;G)Apvq8-Ttw7IwZU%^Wno?EaL$nWr4GhUgk5;wRaCS^4gCjzc
zbw=}?7NPd~J8>+-l5niWjip)iev8BcTRejvnn72Yj1q)<aIY-1ZKUbS&W3Jgs9~OI
zXNf7Q+u)Va^v!7H1^XOpL7p0|4M&lb<R+wMra{5Y?NE@xW^P1kJhw@GVZ65ULQ#FG
zn<V@~wO26dN~SgGLNrIvroMV;6aCnw5lva4uHZVX&*{VQbeqOZtCJ}PA}H#;_lEtx
zXDWxdgD<*pm#(uM+=m4uP@)$3>rGYn4>l4h)GeZqoP^NtV-ZbK@?L(aK1ImEVWzNF
zME9U(d~qZ|$lH4c<F_3rTQlJAlVUMKEsDNp!FjZYodpEupCTpEqwv-2H4-X{x0|M8
zE!2;SjWVf_K}D{|d7Uor74u@brzW}UxA+02Xs*xACmt@yIKxaeJI2b!-?tSVQ~yE|
zeUbPtmS&-VW)E|%uNN^;2_1;#oe>xh%ZiuFqDGHPvz^_`q7C)bn5D?tS-RG~Lc!Rz
zj7u~>Bkf|TqtXsYDXmEDlWas1c7BX>yWC#0J#F6ChRUg}rqa^s`+m#vPWAYU)h89=
zSTVTit3X6-ykX|)T2y<t^Xm9CP1c#9ox#7yK*b{>Y7+UL>qq%1c543~9iqIMhL+mZ
z29WPad3c}y!{I#hZ`+WX&5N)-f}0(I);yj--`KXVxkf_A?M-G;VSF=^Vz}Ug&Owo&
z>X5wa>(!p)Ql5M#dj^x#-esU@jqK>ojP1R7#%U^c!230L0;pQ|@tSKNPdgQPZ$8Td
zi)5n>3<BJW^I#+v+-`R_rt)#!Gw}9=oX#~#d3E^G$_sN<mW6hieSw_&NjhsbZ%^^Q
z(PP9}tWT`W>qs%`ASFsyg{E)BOIWU2tu<Z=$U&|bCb_qi1`HKkDkZ}pE5XDdBV*ec
zK^uXGEd45sICr=!E4x*%Vw$cphbo4iZm8vGkd(wXXx6qBE~OH;&khz7)vVjqQb82f
z>0EuL3l2rgdX}}=?k$}%2XeH&$hbGM&(O4bPX-8us>B%u1RCN-l?2%})waFmJWG`U
zLjo7Urt|zvfBoI7ILz)QQtv+F4fUfk1IYriH)QFWwp^=>A=LM7q+X!mqm&hR*3Zxt
zX!z9<vqXrCm3A8;`G3r$=+jJZ>;^GNX}4xOo)^%(9Q5J6T5z_RD9(FfwR*&|6sueD
zwU_;z;<^^U|0CmLGuAN{W7;HS;gy0^(TkamlDIcH_~WHy9}`_qYa6W-S0cP~4My2$
z4OlB?7H<x=e*Rwowo?Vg;)441)oR5`4+nsxrI?^bgSpJbWqzsLTBb|GbaDZ}rY{?_
z2Kz%6k=BJAYwQM}Qm<Y=-*<&T2CZK57(7VvhMdH;jid5;EsoB8b-vT*i#y<$c^RzR
z_E4K}mD@RVJEL#`^PPO+LP??+3$%Gb{x5lX`voC>Zy+r%2&Cm@J^8Rbu^Z^}D@K(O
zH3<cas>vY~5(I>j$vOMGK$PqtQz4JRa-&nRgjy(9gNxog@NKcJiKZ`}tq5mbhJkE0
zAVX^T%i|C_#1BK(39}V7p+z&^#MZcqPm`G;nV(+tW>F!590{(0<lW?n2FKj0>1ct^
zDUkHo%8bd+<zN}Hd6ZE-W=}iHI13=%n2xH>v7=|MlC9a#6VyQqLhdrS_gKN(a00YN
z9{MyVf;>6I?TDhH7gJe$WeREzI<$44X8Z4AjYKA45w(MoIaHsIipQ&E9J>1*9%mM+
zw20)Ir{QbU68mY2iGG$4mD|_GDOYH*V(UWJv!X31m&x%}%UFUL%6v_94=Z2GUDhJw
z=u%P?Ym|lF_|fGn{uj7!*plhoQy*ep0~sx8YNT?H0NO9rQJZ*R#|Ef7jWpT?vT=c&
zK$kV@6ADf0&lYvdP4&9_9S08iO-1LB#L;-VgnNg?vwo<T@%+%1q;;QK6?dQ>0sr@U
zM1o@_K&UjT1q#>mLGiRk*2+su72&sICRdaLb(5S9dKpv>@J~|S@=zZ%t|W#HXcb(R
zbbUJYAz=zdB&g^<`$*Iu(#P;U{NrOxs^t6_7~ZzdhO>5tem$eQ!Wg8UOJQ^fkSa9J
zGX{E^!RlBlLE9RcV?L+m*|{;?4!q@;hJ@XA$}|{eT%3_Cb^R%Bl7?f?Hs3UCdtz^8
zO6zFC3Rbe8j}z}mm^sQe(_vDb;5^axW!2>WdO>c2Xtr~tX$;ZD9hOmh0?Bao#8wqK
zPf0iQK`?gcuvwxfXK=UgNH>Lh<#QNATHTJP;t8mxkAk)u(a<Le+VQ%HY%E{q9tqdg
z46uzd!}kO8K?rp+-9pAgjj7HwYD6ltwJ@nF^KV;_nlY!MVEmf`aZJ8^Jx^ER9V%2%
zEtQWA`hfawK3fcs59`~G?=mI;x>>e=*5;+5Efb6EQBdf~j8-D#4y1}h-={IO1BtGe
z^>vmi>TtL<Jju+D1f)-8Bh+lQ*sdZO-pL)SFo=)hi$wtyhKez@y7}%RAC88%D_((h
zJGDL5^kcoSdHJPca<Z@Mj-_zXLAfgIUyn)o^WyPe9BR`BHt^K1<&|A1J-xaRm@zB$
ze()toT~=ys2q0^&6M!Ps#M!^vTtm~P%MIyQIY|W3zNF2RNy0B}<S8A<fOj+U@zwff
zGv*8va_i}q5kY3v&W3CWw8=$7wKn}Z#GnJsL7d6+<quCekp*Wcdg43oa@)o^*2HTg
zzqn9Iq5gO&8eKdnx?UQr=YT+?e$_i%WWKm$9oc4s_HcNQpH^v&O-axOz=NlbyCb`=
zhtSs|LXKq#nWE=NM%iYphgx=3PO5JNW+QcmydnS(FFPKZ<qC%dj@0ef2Kq&v(i@@m
z-crePt#?3Er|<&MhV6IuFus7g#Si^p^+@L1)AP?ZN?h;`Z}n-$ZAH<e>b{qX*U@or
z4=H>fr)RGqrzQ4iOi|m)y4xQ>mODUrK(_mkH}BPgd9;zUf4pUCxCm>0s)QrbSoLWr
zplSK|V}q6abWSez10<JT49=+$SwcJp_EC)<C*jO=d~mTH*;^~J79<B<Sl~Mlr*He-
z(pj4op4bxw85&GjyfWWTrp$JkD|S<4uh^uIn|5r9XeGkv%%T`vHpDYqjh@7~&Yfpy
z*d*?_onOgqL6AU~+g0k+cp-~X>y+j36wTtNo6eiUA49YAHGI$CP%^I_S}Q9gx9#)i
zZ+zk$S%MFYTP*kXT_=7d)70X(sbVuCCulQKn$sf6d%C8!+u(nmxlwi~nxvb2F`RWk
zWu;0iabVmH+B!{~n=@_LXz426S=jzqT=W6~+AiXy_~0S%f&{qewJWrjB{u7du^8z8
zB~6&N3IQ5DJ^-y}6eaM4aeV{B3(Kxak{^5-(k^T#4M3-P>JS=r8`dK#*K>3NoXBl7
zGkd{t<GSGwg_{$Gc?G@B(GM$POT^PB9~_Dmq|p$2unY^JdpMHzf`Yn&wJ;Rbi&m5l
zfds+}b!GzyZjrq(HL2>OJlKVd=VDtcBUo(taaVNwO3&W4n}=n+Pd2Qax6zKu$#n{C
z$}*qU7@i0+58vcYJpm{4G(4^|SIg<4k(Sy2i1UCQ%r@t2Mdljez1p5+)!>V=Z_!d|
zvz^IQ=3z|J5vECG6M<80(?efHhZDw^Px^6&0zyA{94$!*mr=9|p+IvRe)h%rTV=8|
zrJ0y=RUsp<i3Qm>s6`a3o38Qoqa{##EA|3Kkl7cOKqvd`c%3q6`{e}Wxf1Z2i6{lp
zzj|VS*7;?-bP@UFE{}`xo%pSt)J6q$>Ly^`G&N$->Kk6+W^ayP5Yk8nUg7hsR5Z$W
z?*RWBTUu5IJ~6Tc%7Y1`(nYc-?=u^}d1u6|0I6>dW8EH_F)dn{Pr8sjSsA?UEMp*z
zW=8Fj86gsW@t6WAQl&W>^dWrfmlb`U{{^0(Uwr9Z$B0PmxGZJDlg<=ZNo<ja&WS)s
zNr<wS#S7^Q3JO|@*Dh3Pt+_adY?1nhq@@bTPdcn6Ch87;$-)M+r#|Bv^p_qonT~RX
z>^t(d_^nus27m%ttaHT7{il-WDs}A%Jk8T$tQ^>uBUbui=F}@p(T+pSGhlMa$Py5+
zwqxuQUhf&;x9XBB>>9P6)eSlsJ$a!7)b^N^GU8nx0adGOzrVFS&kvUwbSq1+5oEb)
zF)7N<Z9G^@ax$fc(Qr0KlNgMls(GVgA-Q-($Xk>nc-Z`|z~aPmCg_83hYgz3lw-~y
z<KgpkMbn#$G<wMt_8*1XDU&MI=IJeb;~qKQq-MB<jQ5k%#q9o5K&eBzyXYe&)+d~Z
zPh-PicIm_qXWZ>35497c&C|BPCBlpNZz}|eF=|8T%6geB%21}{dx;^CQiLdhW@5JG
zL`+Gy+-f2Js*HD^;=+tZ^Od|}70cCS=TER;rVMofT2a1f6Fkn>>R_ck5n&(($#dPI
zWw&*{0#6;#`Dv+E#Akj|bs1&(lp3?S7K#Ce^E(muj6mjT#RFSs@Xxk_l>3z<pu*MF
z@Z7-!5H9Us!Ub)(ZqCsw(+&Qrlu`Yql2e8DUHpL&lAm{Y1{LzNgN{LXD=t~V#^AGn
zM%}2elyFI(N0z>vK)veVlkzCN1_c6lIUKCmc<sCgYHy{QMLTZhMwHWeZC-c5M~s8F
zVRyw}A%Wb5jt`Uu9HWQm#Ll&m)#ED5RqOBf;iT5$ypeYg*6aNkhPL$8CP6aMGs1aR
z%}w&0WAWH^tK2hU&rXC<^<>hh=q&Up<#;A;(>sjkW08c1zWgn|T*?$2YqIteRhn+=
zI?}NEccXxprEuOU3LYMa65HM-wtqJ}Y@w>gcF@?BrRI&Uyv78y*^llGt9cw6uCMsh
z7JlUIGll?#Xu38Ees*dyCZKZ+TaikTJ(fMLXHoC?AR(&g!|^J#L-^c<nSfphXp?_L
zEHtH4^~0zE$>iYW;YmFgmMtAT&nqRBrJ-X1291<4GCqI&l>Hi%&v+oj$6UMhhswG}
z)#9A6X>#UR@;FwX<1Q4?rwL0_VLqM@n;L3}>q{&3b!%}CuWbd56>RZ6I<(NHTUdTf
za{kJ|f4X|7xM1Olqi9!_tR(kHpvllKs>t<&oGqxE-irA`#_++}AO2;MMF)ZD4diq{
zuWNKgBK0~3KWxMe3mtb3lw6AmK3J(e=U(ZlP}$Aww{7tYrVMK%Bpx!Dl%;)Dr1^9k
z$T4n%Q;S@%bkRA#7Yh(+7`}0M)Fn%mj5E{`7Y0hsinkFreg(YG!<Uambs&1GyuVAO
zG*-zXVV1>Fz!$ISbkGH|qnWgAVo?ckHN#i6mY%ZQ2TPdnI-PtU|E^i|$#qu?!DptT
zjol3BYDju{v(+%&ddW+}^7;<YeewFv$|?yw(B={HtIY%2Day`b68$Ch`PUdhMEh-4
z>f+25Ii~EQCywWSQ<Ty#TLd2zTFtqf#_sH55y~t+wsz{DS*=<m)4zl2K)Rg8TM%ah
za^o^eXyAI2Po{Wod2ZuEIfiPSfcNz6y1b%>SM<b%q3hX#4`;jSD^c-Ub4>?x19oq3
z{gsH7ne-U>5@WVV?a&rceaY@!>SYO4TUk8-&?h~@vOI2ym%Qi`A0Ik4qeOPJAl)3!
z2`spfF?Q@4F=Himq#U3}RPO^J>tTuAjRnLp--y<iXQuq?K{n_0*;1l+t91mOyI_eR
zv|L`kb2u}Me=rM_##bYU4-&!^6b!@P5lAYKbmqyZB7qEqoNx;;!Qako<MZO3?5k`d
znuvj}f#KE$0}){W3Woi}iGMWhf+gY`%avp^H_7A#@73;Od_7Lf!8#UU12^;zVvJ!{
z+5xZR8;=W&kIL|~0^!F>bXOdufIFuo*M6IPQms6*YC)r~ofviDhW}Jrs@VCk$$LfG
zXZb8EfYR{^iY?<tghyL1v~32Q>4-7tLvyn8V%rQ`E0qc%5zg>3u9D|h)LS_=wpd_m
zI=?h%8H@i-q^h764xK!?SVBHQR;1pb8u7k`O^9^ySFmU+0d9zXXb#CjhM3ek6`!#j
z5n(M=NpZY2U}K|nF=fwfiS2WaRWz;GU^S2Jz|Zft^Y`LjT_)~2>!lJPfe;@>Jp{B>
z|ITrkL0ZS`sLbv{!w5L13)%qOMK#;I1T>JJi2sTkp?%X?g?(`xihAi}&rrTy00p<&
zrLGMxseOE$Jti=U@kLb=q+omOsQPu?_E_Udg;!C9{2sqi2f@gM+5D94w%CjUE;`xM
z<V7-BmLn1M#iXlcP^VmUB}-pPJ^3Pz=JVz413o2#%&3D;-!tW4pK`hs$T=fB-2Wm@
znjFXT24piDk^8x6-+E}&CWl&v<xQIG1&~EoBJ5^CTA*0@e`x#4u&lZ*T0xOgQ9uxB
z0clXFmqrxn?iLZGyHk*mkPhjP?(R@hK)R&6OS<8%4SGE1)AQVWe%wFj$9ec(_g;Ig
zx#k>mj4}87(hWDy`q-r1F!~J}w*yt_aiH#r@IKb*S`bkd4(XQQv}+1Ap`4V7MEhAU
z-R={{BvnU^II?Jg1~L5DB#oEo3tQ<?8c|zRUhcYM$9G3EaN)S{oIz{a;y%Gg@h$BT
zg@FzR>bMD|aBFouYJvUFD>;=Ncn`1#6XMJB5d*gxr0=wOm^?s<!KiDw_9^8CwOF;M
zcu{omLyVu?c|3>;%wVJA$*jCD(}uO>d8vE6ige(4W_o6+{R4DmjjMXO&nLMF&bMdq
zo43zTu#-(sqgXbUSL2*vWVCSCPUIU+&&`?74|B_BoD7^s3U|;JX3oC!(&XAX<_(q1
zoeJ-kIm6-At`@Wn&-aR*@0MH8oNv7j3+CjaKcD1W_pJYTxc!12-S;?wVdgAzuWbMR
z*L8-&)6<+|8>HltxsheU)nK$KPJAKD!|+nmbG{-&{3FBT@HQ#M4MQo#4j-B16E1?M
zT25<SyRw#!Hd75WE1t@se%m{#++*L^DQ5DU36$AVa-6w2;@5~9x@&KQx7zu;n$k04
zx7t0;4CzGcrku@Z26#rYS%un8rC0Aoy)V5sU>RAvUaS`Cpb{*lHn-1^{E@FpL4SU~
z-lpj^3tc;+s@s0_!wNy7{vhhtLsi4U>|?PryiP#ADVeh$Tk?Du+A)YoESA%OikQ5m
zSL!qoW8)=$hF5>&j;;35;RH4#E3c|Gu%sE|ORrW1>rnf?$2(HCKiir^PcMhHXZu)l
z6qPNx!jUG-^c*fefMxtgEbn~vDqsZp6l#y0jyHooWsVg4$XMKIUY?W_VQQ0svcV3a
zkdRjOf_Stc(ZXGMy)k=sPL{M=^sS-8S+$;&E%yCkttlaytuv_=bo~pS9P(P7t7kI;
z>Ap_vc4~wc_Xju~y4I3vrl8(h+bP4|-68hq@tLg+D<yy6fI7BREqQE<xN&l8ob*MG
z;0IkZWhpwR6@HBKJiz3g3za_(@67bvUP&2HLORGDpC|nB<4P8`cJ=LOlRD&?GoQ6G
zH7<wvP7wtp+pOesl%YL`liN{sZNYJk8Y<3{*-4&C=Lki8V#s)M8FqIh*iTncX1Lz#
zrGJMq+x1jB0)GT}P8lmZTMF5Mrg+3x)gj8?UJKs|<lVI^%gzv{*F|^P5?q+_)QO<K
z!e+&u@YxO~gR^UX^5l~zuPV9h0);)O9=rA+#@Y;*2OojvL+=A(;$(fYkVDY>QTv*E
zbC>UXoVpq?|4FWTl4iUc^>v{=x4Ew6C;Vf;Qs>or03&;d>QlU>oS1m9G$&0zZyMA!
z=Na~Tzl7sW_VLol%<6neYqM5;$@7l~*01Dx-boJXz{C`mZP4F_>{RX($jqP<RlkY1
zy@q@x!N7@9@{7GpNb6$k>ec&ET7YI2Cv|3Y(`nI1vD8gyV@x_jtgd3;jxwaXx*O4)
zb~ZFVn7cMFXGL;az#(^VqeKX=XTtk%djWeH4Fpb?=f`tBRMGFfcT1I>#VsdfD*&;e
z84Wi1)|8uu`Pd``r}D)3<Ngo2DBitDBmu@vxL0??!puBT0WMp+N7-^N#;y%XJ0HpL
zUyxW^n$}c<*a<>zd?1dm;ex1Dx~VbDdCV>CBei9vmc32@Dx5i~w_Ey%Qk8n|%1U;r
z8dmM|oTK|0w-MDss1L}(Riuz!Mdpgkbc~1|ro)iM?RtWvog+-o=87@-iPgigEk-p7
zwm(*-=k8|MAepN8hP+Fg!2Fm`)zat)2q)%|FBoF!SkzOb^W+<&B;p!Q<JnHGz8rY7
zl2z!3L5*;4Jp_uuMzycbDPHDi6H7S|`MhgwVBnlvv4sd@j3HEU4eM#2{LFwGPj(cu
zp;D7L1D_=d(S5XjoQv+6hq*X@2FBKkae#+O14G~YIFIc1NG9sn?P2%VA1cdoyX(sp
zj_9PhFQ>I;zAU8N6t;Mo3H+wWBr;l)NfF%T3?5J~aitEGY%y@@zK_v%0a)$r*PHCq
zx}nbqHtm`iVgqkJ?d}T8aA-B|CtMa(rJ7uC!Zlt!X(lXukL^*AAmD90=bqQol_ept
z&wsv!!(5nr*0i`U9m?1zTx)qQNm)skv84+O)D|s3e`ZNTr8UySCc{sfMY(#FnDgqK
zXQ|cEF<xt9o5pzkjAs6r2%!4uYS)TbWr9N8>lXvd)r1#F$tL?s(`$EM#bcK_1wV)L
z!fK-_6dB1l34dtrJyqgv#(p>6c)OjYQ_(xqoBY9-x%VV~6zhwxgwYo64;r;&_3<$!
zXPx<^<De1y`AAYJX#A*W9R*x7rNe1?$t*27^|X!M>2W&8X^gn9+HZBk$;Zh(yrUAs
z105pu>I7@nWLNB-_VyJW;&^S@Rxj|%7ZSJ^EJyW<b65XB$3Z2B7!02}OvJ`e$f*{p
zi$@2PjaAWEcaK9T?ln(IO3Vya%`=I?Y1)f=6Haq>4|{(;tjOm1I-DDBa*E{<SQY*p
z>p2V7T!x=4Q=$JpP5X0&v28m+^g>Je9<$qm3`<p8p}8~&nxfew_AL?8O2W?vEZUsX
z<n?6T9nb?w4TQdC0zVen*WP={im>j!Wt4*0$elasdd&G5Y#z2~xoi*jv?1tPdzW7|
z8^~%&f6HoH07>kJtnY#1O+evO5VITs)G_vbK(VUcT2Zas?rrlScy2wU6>c?za=a7o
z{NoEEc1;%MlY6*F=;k27enXGav>qe~?^E+ArAEdL<>Zl<$ak;WZyu+oG-S&<cC#ng
zMjKSI)wiwCqci+6bE{C6!=~5nEO!kqLV)#<{MO5rqLY&a?hVFJOQ9fz#Q5N?p4-hQ
z@*63r<VRB3;XL{&6f2`l^??nUVl8%(X;h!E4Y_ZS9A}(n$X8RXWCpNciM{^SNv=jB
zry_s+eE;o<G5;RbW1d7;?et|i%z+I_di?2e(E{!Gp6Uj)JF6*?IoopW4>9GF^o1Ub
zqN@FHwUIB$u07RT0hqd-xpSywVXHuz0tlm-1v{_9OMQ>T_D}j|J-c8CYGI2#bS>rv
z8`b-Cqv6AIgIwGeElUIx;>lLXQ%U$SUXBB&UCl7l$f0D_9!J4()x)Hrc2YAdA!UPn
zK0#lfI9vAqz=;h_IIVr}Dp6<8yAHL|LCsRDd~ZSnDRPe$QeUph4FP~KTT?@y0FGOv
znMJRmbD7`d`}}UlY%$2m0xeq!uU@GBL5b`&nQFt_eg(k6<{hl5KSJ5LXdP`w^mD5V
z6r~y4jqtMBJB$s5pLd~V5X_I<Bnx~*VlB(<RI@U(NGyj|8A(YNYe+Kju-z^Jkr|m5
zaKWEC4e|_T(~H_o_P$f+7Od@sI9O3r0%&ovEzN9SYr>ZKxX*;tWgi;vn<^9xy(BGa
zq|a+jrSCv*V05Ff$!|dWDhp5nswFMHZyur3B}=gB)G4&Bf^NnhS$J>%{b1yWuOcHY
zZt5||P>CaLN>^`LDQJbt7U;>o=*31HKQh!4P>J@~w7>r%CLdrfs@y5uT=?e7^i}9W
z(^C&#B~6ja^+@2IHqG|;8y$FhD6IjeQiMW(oA0A7lVi|fm(y`oQ<2iHpu$|%c$WCV
zLse;C68Ryz38{&je#RKFgF%3Acurx}WCT6N`Z>B(W%=2*Wm1m*L1csADOP6CI>wPJ
zeST)^3N>BkL~ssjOzKfORl3pX+7fA#+ZISz7~L4T5b>3r>$8${bC@ixxdaWi;4HTv
znxEQs+N)XBwr%X>D}SrKc^WH!c2B8vz50G)LBE`Gqax}^*r0Z9otG2t7Saln7of<W
z%=2!_Og*p5sls%uiswDdOL&9s7|>G?#|Th2?zM!~**l+SUT-O|90H)is~Y29up1;b
zyyV)q6sAw?nk8c2B)m41U30WNR6)R4loKAOrbd?`K<U>6NIspb3TAEUnje@(SBDB?
z)H3XL8{YdTYc3+RBfe{Y<*Y+f-NCoXy7S->j^HNEbhx(Y%4pkQQpVo$7nbPM4#oT{
z7O}4=jl-Xkj*(*$)^*CwrijO_TU4hxHS$IXwb<GC*V=hZxB|w9`wMBy6%PA5vGBO6
z@9duTw?%oNxt-mqf0}eb^jRS4U@E?~`{|X%qEpGVH?{VDVFbe)?fv_v8*jY%8f7Ip
z5*&gCL(v2xS#CP24u(1fADy-_@Tz~eG~A6Ojb1c<yWEeeFj)-p0kqYc=wW8U)h8?5
z)r-q4pX?*f#J+x_#kw!Ga^ui}XP%}hphG&AE<<@##+ti!TY_5{N#@RvFK#gnM4ab3
zj)m>aZLdylY#mbJ*=J1D*W2cakbvrpQB2s54q$Zzem}9gB@JohOE-=r48U1hE1js3
zAlemHOt_7El_cOn^o`Y*GDQvOKN$SA2=EUvPC&?vv7MVU{N-Zv@Es(8XH50PcE!nH
zz^RI|y8(Va_BRv=Ab!ZuK!E(^2i<`zuA{o=8IVB{=V*A+r`Bgr$MH2NLOVobZ6mex
z?x}wWC$)-3y>L>w;RzTc9`%+P{obJGrTMGpg*^2-!CK2|+&uso4+tCF*5T)Y_ev>l
zCvVI?09Ac7OFmZ%P!c@EIY768A;`!&1UmGHXhpVuymo2(k@gNEqQs9^X+8ios^D)u
zf(DRn5;G$u-R=^(tA0?2jiN{vDZoM8541^1TzkTGfp;e*d)=D8=si<OBb&lwMZ9oM
z`Dh0rpu0x~_h?@Lfa?Cw?W>PWzHjFb<c0v=1I`j@4^045MjK9No0V}c-SxxX6I{s}
zf`Mbeb?PCkO|IUtu00+z2+QC=^h$~piv0DcKA<mU8E8CU3i!guzxcuf=wj;tp?L+g
zyfH{R_azYgzmbdPrc=5ILY6w|;pZ~kN8nmsV|3T!Iz8QR?o65M82RN<B=Qi#d>*dN
z6QBaj$M_fKgHeb481VVO6LtB$RXJpGf5T;xR3%DRz0+e5IccRe#Nq%SW@7dQ0lN&i
zFPa`8E+9!qe%1<CohLXyXvXf)08o(Sn^;@zFHP4kU2t9&AWxb;8ES~K<p8_E>DO)m
zTy_8j0HuCBh6~`!505z=uPHLO7v#@{DOc$BrdU!noe2`fM~FiiAyncs;0h5St%P2i
zRRu<j`&!4T;8-#by~ZGXuKG?%@X`;&<p@&GbM1+;Jpp`n<6kNwrHglR`=?Ne(F5AA
z1>Zw7HG2!08z1k|1Wpt*lK)K?sB|HBKBU*f{h!<#Xe@&0ScWcI<o_@%`ESZKK)r9g
zXg2<#&;GkH08oWI%Jlo2WefmIDLEyL*+E))_$#gaN$me)A>6@1i0r}GEdlUfp!4s8
z010#c;zslT@uwk(<KZ()=!-o3;OB=G$^0a-y7BdpH|xo@%opV_w2^jV$h`pjcMyO?
zjNr8Xr+L08F^F&}JI|}vfC_5%SMo=VLQY}?*w{t?i;@;bA8qjZ|5@V>lta^R`Zu9K
zO8U=-+JzA8KWuiuCxnQNe|&IhXfOZq34yl*IG=x0niBl!?NE|<QAhkgO3=ZhLsiFL
z*7DMg373JHnNz<9SOq5Nl8_85i-cu=tS|oyRTIlCxN<`=;Pgs_Z1evhqUBVBZL*O7
zRW{K-HRw85K&)bn$GG2h4a5+!UwW9k?vUFD-sNBOoL}4fu8C$1_}HaXN{+kzW69xa
z%VCPz5n;5oW<7%B<^B${B(}lF{kcwa%o7gV7wR_1;_`FPbHJ$(mNu4;qplNVimHoM
zxI($=@VXw@wETyaMi;jWxD>}v!No@_Q>4@Vp!8&`4ckCt=A)*cX)}Sn!S`=r3vtdh
zBcSF+VgBWZD~thLA;MC|bGYQ)g7ui)IrFbbeLwu_abbToyI$$&i$Tc$Z@xoa^g!0-
zge*mHY0)={2ZTT<|0x7QfV$<syn!B306pEi2ZEdzAtsLzY_iw7>!)7k{IH0Z-Bz@K
zKl=^1IRS$UpxFNDDB<!Hr~`2@1($(n5*R@yL$&~6^W$+aYtXI2G8_cAL8}31%m0T`
z`8s5~DnXi#c=2Fi+K{c@ws`^@3)mL*kAS%P^W($=RLKGZNi4#W1QoiDdMk6tn_!Rc
zH~b4MRsQEk09sQwaKrz!|LEcd%X5Y!b@lRk0bfq#DiC}H+2H>Q_y3{(z2OaXS@8l=
zXcvD@1Gya)Fz%l<l#@h@<mpsmfm>SpS8egXuc&P_MQc||)bIFkU1Snyo=kxFDCQW5
zKG)<FweFUJ6s{65qcSr;(I^#t9kW}>UI${6wq*(1ex|QU73bg&wVJyp0@|5JzGVXj
zyDA~*XzIUK#V!M?&N153(V*RaAY<L=QwMw#4>Tg!{Pd)Ys=U}`8l!U!Ivk0(ddAnl
zrHB2ORd88H7PviR(JQKq@TNU-&gr0@umT7_9v1?dhUogijK4KRRadsHYrPN!9xbI-
z4i&yZl-4bO`2~J|j^265ae;lp6l`rL-E$9Iqs5Y8J?hf!4))5cw_u-X0Wl+)Bj$$l
z*>>C*K*QE*PS=bpA@O5~YF!KSh{4P)_SHwF0ObzbQ})n6A_vHh;lpLO8P20_e=EY%
zMgGDPpiSAT+U_vlup6u#h1528@02oha`YNj?+)N+rWN9&3wOX~Zdk9EFH{hoOd@J4
z_p8$b?ZVi&{l*$ZTwoA4aA?<8n}MXbMc)9d6<Z0~ph_b#au#@AuEa~j1D3+B7km8-
z5}y#(k|i^O)e>*|mmL!n`Yt{2#xS~kR?XUI<tYw;8gFzBNP35S768#^wXViyX4;3|
zO5FLVSJS-Y6i~POs{v490opjp<=o5}u@D_3B3z)VbGT+XBlF4Tr1Hd3Sn)_v^<lfQ
z6?wFYE3noM{dW2Vc4G=6ynS;EGPyw;_rs0643bjWN;g~X4grW*`L>44;?YWO=V}a9
zS|)zDx>NZGVD^ux13{&jsKFXH@ZlX3B#-IqX3+JaEio})=r9cJ6*{>g`5niQV=v#|
z5)?wtN(20y%aZHsl^aHeh42@<r5e&R8;^z+Nr4iJGji+4tDmQw^bW@m<nm@g^b(nT
zOQj3@7~kr9!ZY0kV6eSspu@-YX}v!VsG>*j@Z$xtkmtq$LC!kF4jDN?7ght0RoX6H
zysay49~nFeI_qsRTBh~4#d2zn^m^GB5`E~*pq9Os@-#kB)%Zd6I*K;34A5rCeUU4E
zJOsJ`CIDNhgj5l-qI&w_@<BN*Z#ZUfLJz@gp6<M>Ams35L)?~BB-ArS4Z8t98;bd_
z@At5RwW#NRNaFrorQY%?`ap<zECd8gP#*y0wG^^KT?>#2bL~fTI;6~Y-yTdSz6%!K
zS+md{XrC8JofLGN@vSX@=rLItsK+nv5Yqdj=AE3$SzC1hEFPhKCC|_}`-Ve@`sf;8
z9)cYpYkO<Up!<hk2IGyX=gq_5PsgAfzD}d^4yTMnedM%;cr7>)BPgiuSC2ll7&K3L
z62>Cyn&Q@#RK4j_uOP_MC!X!?!d2y#<Avp?y@brb{)@fUzeP51rWNYEWZT-*_MVh(
zHsP{2KJUIA0SVm1=o^fI0t96UlHYxN%nk{m_w)T7voIy(9!tzdprg`meJ=Y^huTh*
z0IAf*o+9GQz;YUbKKXMEgZs_NX#QJ7wxewQvk>)IY}qfmp1^N3nns-9CI-+|TPm&P
zD0Lrlteg5%uQ~w{_B7@~aulQDTELaPBy!I5KE|8wf!JQJyk?JuO<!PMo#WiF6;Jo=
zP~KHEHMuP&RQ3o;)c$MCs>@>g8HFpzy98mjyP4{1Tqjd#l@NhWbFPA)TFmQts6)`p
z2Z70|Kl^sXF0(*nPIEWd<`echAX@JaaovPtT`!w?LLVljZQNzRg%0FRG$9)h)P?o7
zkBWf?d?-7Bdw#T)pY=aJ+pnFd2J(*fsBf0YvV@?HK|Lnrp|BDt)&0KKHDTiQ{4hRS
z?~{j+Zdo9QXhx5}(+<gg9d=D#(Q$~hm?>ak2(<W_Nb$PDLA#U$O55&?N!XKs%)9cJ
zdi&q)r7XnbV@whgXd;=&E%EX>5cVdV&v{8ORph>C&pd8-7jb&_>b=_RHXPTkD=iup
zHLXfn7v(|LwL793Bb17Uy#Yy(%AAHxWNH?$wK9T<LdCZ}clA|8hLuu{0h#OiV}Dx_
z4VX`>?$O*`IfaA_g=EL?YX?m%HInEleQLI$-#$M6RG_NS%u;*UPE%$A`p|Ps<~_@q
zxv?zlK(u`8B5`5#02SwlC2u8M;Pm(Yx6>cU>|!@E?}5qy;lkR{g$_vunfyK$vBrZ~
z(^S>|$a!WP7dHoVUMR)N8?s8L^ntXBSX+>FI6hxEuZ#Bwzz81FJ(_Un`2oldYx+Pk
z==ibDi{m9`?=x3^uHx;tl3ZR2`G{f}sX}Kk4e;=J97^MW_fv@mwDt+ehT-VF%->(W
z3rY=0G4b<!PaIvu*CGZL0L4&rGhD>Ad<oLT^<Qb?znhGXVWgpp)qoRUiCw+O*K&8+
z3Ew_chZ(c+j-V(|^>H(x1v#97tBMW-XRAbQV0WJ+mM?Wo=5sx!Sl=0%(~oyz4|u^7
z=1Fo1zb~8ez<oj=;=nnUg_en5I%cKZLj8QL0vtwRc)7|wC6~9Bs>?^;$blyN<^bg6
z&gcoTOaJ1Y_^-sQixW;57C1?Khs5%|pI^oSvA^T0ChARzuAWbRY#A^0OY?0ur+aRP
zLHD&0NHPrNX>2E6;2MV9+(tsc)SLlV23nN+T%J2d`-|6&AG*6pkts}r$o)C&wggQ@
zF(;DZ7_+QEG0kmSxmKc_pc~_sz&p>+Jl`I*050mno}7b2fN{7XLCKZN3&?hqq#|MO
z1xVtoo}Rqbyl@fyH(#!JdjJL`UdhE)cQBO?Jq2Qa3y7sDuO;;a+>mib?7JqZY>fJy
zK#D!L4uH!n$HOc6mMG+U`zvbuY}UiNsdvSmnrbo1nnkM}4-Zz*J0G?o6dnmU_8Z@S
z!ESL2QZ6UxLjP~fbeKi(d}o|-heOhtOjR(%twIiiLVDzdgpBL6t2tCOdNhuw5Afdy
z_N}sib(4dNr%UHX3-Ol{bzV$KiN^yW!VVyJp%>*;>DV<f84{)|Z#X>~thF+q|7Hr*
zjuR*@+SyMmQORYccc}>4fVF<V-WKR@Dxtg`@!5ZoS*N3QZw<DT6g&z^tm^`cP7}}^
z(_RV>edKbqBPPmeJpqBo3~IGy!s-N35vZZZzRw3T*AL5n!}s5T^Yu&Q1|d3%0hHlU
z1_gn??7IX=A5ly_hhz8W*!tQd$ujghIEc1Ce#nfGET2h+q%R?X7F`~4kLYQ${3>0X
zr3{m-v;uSdtj`V?up@1NtPRrxrpvZK;s;9%SjZ~uplXLnf9;xUiXTZx51k>(iySyQ
z2ePCJgNSXHNft|p5T6j;@EGCIEo5L({1US9kB7*8z)~SClL@2^v%j3=Xs6tOJM1N{
zVj+65oHK2yT)UL}DJ<3LE6mB5UA~M^(_^fBAvP*#>|5`(saYV0(4a)xh}6%CX!MO>
zHjM1e;w{u}r}{?o=`^yZbgZv&9=Y`KtqOcVsGAwVbKL2MGF0PU6#MWh<7u4tIn{f^
zzQPnPCg=irkkfY;4b(xC176JcfqUH6FI<2KDylC%cX;-%T_=ln*sz~4r?+hpM!5-_
z4R|(6nHnvXck|UVxMy*@S#LtsQl5=%nRS1owu=Z`BudZ#&K&Konaq?;Uc=NH&)2Gf
zR}1fUVRDN0ICQ~xI_)v+k1lYP=84DRZTfP!-{3U30UjBX4YXWQXqU)7W~Yci6g<>j
zof$xE`*y^*$^%0tRe;80=wLxMf&GM*#n%Dc;_#Q^sEgC(DKa_G*%OXIZ8e?Gz(r<}
zu58lPHGAS_d(|i6`}tk*JPBLcHelawFxvZtMlxoK)i|PugH$`Os)ZA{Nmu}>Q^JU*
zKc|oy6X0V9vyzA>xDqg5AM%3|Xh^_MU-Sw@0dt5a_GLi#S+8PeEN5kiXy?_#&u@{)
z$)4YX@<B#dP#WIvzFEuy4`4#n-!LKM7+24L@yjNQhYfmU@T+mG7PEjWy&t&K+=JUk
zoI347LBP+YJFM9VOGg*s9Zx|ak0gFk?*UTz*seZ<!x_T!GREW$;KQIEshTR0=KtYo
z$qeYYT7ZtRSUMBr0|D8Ww5VwvEX&s_MJ67xcG`-~dj->zbc;=^a*csZ-3TbQAv*%5
zP^)oVLEdPafD6Oocy7Sb+G#cxqy)U;@4>&e2EdJLa$hwd`WDtwDeY=rn6J7#fgV4@
z7DRD#?!y*w6hzx*_VFn(z{zsWj=R~|{{D^jA;=RqN`|zf{Q8+?VUqQYf?uTB$q?%M
zfwV~Ioq^}wzT&7W`F7X8gC`O$Bys%lj?e-!Wk5v&>%nb3AMpmu04kDVo)?Dzn_^xs
z4k!>*K>m;G5wu=pAYZU&`l)sWf#9QTGw%f`#4~v9I%PD-)M`z(uD=iV=r_pway`F1
zb<MDJY(S8rg}ia$9zK41l+eodLZ>yZQJDrYoe+j=y@v<Y_w?aGKvC*T2Bg#)u&$6=
zKsq|gL8>YOVjcM^2X&@edYPclOk;}kWt{>HBa40hqb7=?Kl?gtKgYTnw9uKetfo!3
z&R1iQqg7->&yCrHt%JnKZz4B5S`|iripLkCdPhU%o+NYq!{Z0>uJ^7>-n)kRA|MZq
z{Tk-Iq1W;fn76-Zymll0@~A-IIufyRD*N&D`Kj7j>2iO2`ud=%?5Uc(^Tq<ka`pE5
zUQMZY&VHtOXTHFNCvKM`d~ZtU`@)2hl9GlG^|ga7hT%2VZS%Q@gN&9As%nMgpzt@l
z$qUz@r`?Zih%iOkk?{%BU4O&A<f!S=VwTxO4~6{xRQ$VJW}twwZh3jsf1XphZU!=Z
zEiX<ENun-LiwrD1wF0QT71(UeO3JjDk9NU!q}R>xr4~|E$<e9o0%c}(*kll(9-5ba
zC)*Gl2?T}<pOexbHupz1w}w&!V;{o>h=dYkOJ%YFeV3&$e8Wmm4Lb_C(OF7~-N-N5
z5jY9BT?82w_-=?}(l3C9n09o>@W=^uofr8RYUsvog>uIyPP;w#0TWHg1O9#gw+xKo
zOUMsE@=$pe&Qt7;0Yp5(A7n#x=YYwJV%x~e_0jTtfkZ>R78pkB!);JkmbqL-#Hx^f
z5dk$xO>*8r8DqL}X4)z6ZmJ%*TDCkd3X`0aL2xhj=3vt9h+guzf%8f=CnGy@+Xn2@
z=^Fx5*XC479*ZU_nK_chwm9`k^1F*p?@GN$)~NT$wlwUBW=*k4@#V7yH%&_zzGJBk
zIM1UvZ=$DS9ruQckAmQ)8X8>hKnZav#CIO~x?BL9dRw(_f@V{MEP2r-c6aI2yGZAv
zhf025{V@fbaCoNYkn>5iv&B*4dB426B@nzT4e8bbu)%1w%+!4aop;vjHkRQXHegaU
zQz0bF?s#OuV!7N`T!kOBw)HSt$7rj|24H}}y}tgTj~6Q^PS=(8lyEXw{p-=VM_Wje
zR00+H`ub+aozG9j28Cl^v_6r^c`sR>&Dz?KWJ7tRmhhciLoOvx+$}f&X#qN*b}zt9
z%{e1yoPAqNDo2OntwMViTLSR!h3uFv+%MxRujvs-gL-r>TzwsK##$Fkl~5<Z@;1G5
zeP3omi1h>*RbVcsum%Vu(o%%0+36<O5x55fK;g|g;QUg5>n0SCxg9)C)gSFyB>-9V
z6uTa!RAYPH19l^sz0BDiLj3&v(Tak~r4`a4C`u7dMK`}<yJ3jC%0pRiC}^AhZP$2l
zhyhE{OM}jMcIXigHs^MUjjy)7s~gN$E8czK!WFvIKqX{(49dfAqfVOr@+cEf_Cv{;
z&4K37^2sDIn*!sZ$PZ~>b@mZ&8L514^5T!4C0Fo)^9R{Tenn)#bb^ZW>8{c0_k2~^
z54rm6y^xtv5g&zUIq2hz2J#c&*f%UzFQfinw|L7dEfTAl(&5qNpN9TPq(o?b0|Rn{
z<Kt>N37-9kgbsNoYAr5qIGhJm9nZ^c(3jP5G$BU1f{tLY3;%Y^6RlRI2$>-B{&#sL
z8>_$;Enm@Dy5^`q7t3`J%>Dvgq5{Dw1!Z0^6V9cs{MIaM_xJA#ueQmdj0aDrFK%VG
zg*?szc+1)M^v&g0Sp=y))+3q{<drlIQ)+*<V%2z8zU+9tGFSSk=*H8=`Upl{sZwL*
zr@D9P`IU=X4X*;Hx0z@T(Gn00%ACDSg>=_6SHUO>T=tvL$^Cfk2kdeF4m%jH(@KW+
zms9YS0j`lCkpC^bEmdzzojdAG7AwS0!1FC6HxGaGX{Q7vQtD%qU*5&^VCV_AVF7xD
z-0k7morx&JkW=z+S3VsOigTY@7>m{K4sc*%Dm*sWaZ&(t$Y>@%5OA{XF&4mo-n-`7
zBVlhUvY%|jYG*8yc^>=Ciy7MEM;HJ@+)3@HbIwH~pBoBMK}HA&@;N_m_(%BRiQhnn
zpo1}h1jw3Q-3NN25pa-%4T`y1+Boza<905`{S=cwGCaCri21%@Gt4H>!^0!!>Fzsz
z1sY}XWj8}uryuD03hgCadBs$??Dn%s@w4r)7<FydGyz7?LMy!$9mwAl|MZ>RTFTZF
zf3-@D>z4>#Bs!=|L^t;$I_`)`(aHWkkif?=@re@$Nb!H#IK~^_DFfwL%(M}y&$NX|
zEC;J@#-XX&yyP~n)|HEn(c)c@Jucn-R!#`~o#)Wqe}`Pqu6=gtH`%q1MDcOyU~^^+
zI95qMvDJc;`sP1QWgEe7JVrlr(RbomgM!?i?{OUx5;>(jB_>anwp>gXu<ibup?Mi3
zuE0C`e+JU%4Ui1f26+)WpKL;8Q0n~tBU1Y9v|Y!Z%h5$U1Ry)K^S6xU=Y<KDv;AJA
ze;W<4!wDY;s<<&!`YMShn;@X12T+yH^4=5&>vVtof$GJ07an@Zc%1%f=aLC{ChUj5
zp9w^Te?61WXJF1T%>`^`LPU;0Ffs=KkiA#-06BQQ?2X{FiwR`$)}V*mQ(3jmb|38C
zP~_jc7xD?aY$wKV+zGI5*_vyc@hUAUD$6bzZcP?!R9ItgZ{x^tRNq0oz#oU83f*dT
zn-Mf<Tl<mz_Cvp?j?KD%E?Qz3eXH{%JDYYh<o^BpLO>)X@p4G$J|DU6pF4?}KDvlj
z1=IOTv;RchuQ+n?eIVo)4(YWBh~zl*JYpWemAd@)&!q+b6^*Z3u)rJN9u^}b%RkMm
zpFmu8Uu+_BVDX%!@?PRfex#x$uX4J{^n;7>C4V@+D?$rDKpo(}2{vfXv)>!^uYEo>
z07wUghkmsp0H5j5^XCq%y6DCIF_h&H>T8~4@r5w}Qkx+6&u=<^(Fps)kNhhd*h*W4
zSc)BBbCaF^esBou{-Y^q3;9xWWby8qgO+Le^<NuLYRU~@a({TQZ}Gew-ocTilUYzw
zR-RsBWMm8x(f@o!m6kRvyXZxTdcO|#z!V2J;9p4P@cmqYc2sghL!U%6RB*Qb@`K>x
z*ebZMF8oJMrv|x0{y9?T1i~hq1|GCU5Je{?5uy;uF=UGAY}X-!g7lBc46_h_<d1cT
zx^Q#;!(u&v5EKowZ)gjm!3+waqu-n4U-jhWX1YB0P9S3=<<<|J69F&U^DC^|{(Y>?
zAu({){o6x>_4s4Z$JR5j9*2rPG;aU^7v%JN2_XeV{!?COnY}Al*d+v?Kb84?VxWim
zisqu*`=$)8+XDJBf=tktG5YmoJk0-oZou%axX;KlrFj*9j%L7twsR9|K=2e4Z=e5u
z5`7M_Xk34jR|)_004FjBQMJVZ+3Yds)rGX({{4CW1;6~;vHY)}=WmASMBLyWZRu2c
z%?dQ=Av@20rvCryHu*2lLGafV|J}5_?6`polL%}R@QQzVj=!4gJ0Xcgan;{^pVB)#
zj4qy$kdW}&?CSMJJ>7hRWTt3gX>x;lTPx_S6#U*oq<*I8mQOV5u;k?bN!Z{a(uDqX
z8#uEk!1uV-{Z}0Qulw%51Pu_q|34j;zghQ#Pxsz5D6aUc889iJT>2g9{%UZ2a{KfD
za<cxXH~e|6utC>K5_GLRWO?~ECk(4iPN}|}(Xx&?`VHhmO?Lb<WP(sJJj|9zcfAZ5
zqvZenh-8CF6e^h1;WN!7z|!%bq=v7NASxB8xj6U&XK6G1-$iVaq2wsSC0h*IY2f1e
zc~}Y{s9<%F2#o=X&?x`c&;;(4zpVDpM&}Mbd|P;~3AJ373AKEV?^(84rd+n!kwdQ9
zsWrCK`f-QqW9f^3IL+;?D<?DKqWU{rm`OY?qrmy~@-OcYD~X?7m+xURB);O}3k5-v
zAFQ}oAct~Ivb|k!k=3C$!o1)gVa$-u!AsnP$H54I6<91ul^P6f9jG4+b=cV5xJ(vV
z$%!PB^GyX#a?{f(v1HA-v{FE_@En};DMQFBm~sM9mmmn#T(p$YIy$ew9egF@DG>?0
z4>rB&5&0KV#p`Hl+o*|ZyZVVviU#+-Pu@?YZ%PUm4w}9P)t~3Y@f(hryT<*?-!UZB
zyr|_C<Ek*_!`=qGe`4^x>p;B)K@61MDo|pQ6Gl?l0xp#2zb+JNB=Xn&`L|!a<Do-Z
zG#}~C|4OS=1Us6pWQz@M2uMlzkdvO@&BV-9;Sz|;i~#;MC^Ce7&d_0BC`fJ_?a}J4
zC2K<&VMBb8c>H6kUd4Rd#BIOmQ97cF8Y#$-ePOtI`uf5g870$XKD+NCw1i8#O(WSf
za61Yi@3SDsU#SC8bdlwA)f-^&7(AFYg@YdOvS)n!PBT?EV-dNkx{l{9L#o58`|F72
zW5NvMCb>0-CH6Bhit91^3uUaR!=rV6jYf()ZHYpfMXA-vwjXgh^^!(jo^~4*-fXJy
ziZYtzVsm0(G5S_vihp)Fm-N*CZ4DuvVgV!8;#~$|zI@3SzB+ygA!qz<>>fN$AlW6Y
z)$fgB019S7_J1apE?G!4ADj?W%JQlwg~l*#LmBxK`88)XrrS_^)y!)TXMEO|u+>d-
zI~@k2>~|^-J!VFY2q&7>Hq-qp*Gk7T_#L~DE|&6$%S9^?QHY<kVr3)1yX0+2k*~=S
z`*Xlq`TI!#mBh~^xqzr^pybh6Pe%TnMxy%33HE>=MNNxp?MY1KM#~#&EaBF%sOKT4
zT$P1UJBOWR^E$QcmtXIQ5Dv7zZFUGK&^P$~R0^5m&$}o6i2qBp=exM)LFKaZ5DsAl
z47k>q63%d%!hQV8h64flA<O7-TIKE+^3k5TWETy6rsfplXQP4Y!@c;W=h$~7^bjJP
zp!9k+n#cY)@%vS&-jI*ndNRV%9k7L7ZM)lP%8<x(t;cGm3ET|RDE~~ByOggLl{%cA
zl)zwdH6NGdIjb{9&wk{Ng<5k>4ky}>D~1G0zWr>BSCz}|5Z9^om_zeoI5SVvwOPvt
z#sbw;Z(r-Le1#3jHTAx-LD~_9DxvVUngLOg=q&dJW;Z~MXuGWcE^DF1oA9k+B;pu%
zlU@6;r9yFx+by^&mgx3R+H#u~6wlvy8j@EO`bEq(85d{_NNYG;M31j;-(EXw3`9)w
z<`BosiUur%9XhDM3Aa|`2fL^I$*(-~U*Aqolt<BgczAe51G6nDIhmE~>~KcB+&rf|
zJAj~IU|V3M)=8IRBPqB1-QJPK@WZ}K{Fd!Oo{0uO-tqHNMzdL@g7v=cVKZt+h~azG
z#MW;Y2EqvPuN&u*)CH=$G%}Z@RKcyb1wNLEIV0Q2O{H6^rW5>YmEr8$i-LFepCMkH
zXixx>@;P&eAB`V9o~aRq5?>=83)JjveOD$HkY0@jIL)H?Xsrmw<lS5tf_&FoxPBjs
zS<~rJH)LfcRS43|5aD?&I^V8*dp{CWRP4NEcYP`~E_X|(c*!Vk%*uqD_4HuaLM-<(
zkm$n;ZoZDOd~s)+bTG4VcG(NO&9W|&y%Rlno1x#esvxGt6LfNN-=9T~1Rs2B?DiML
z?P)_;%NpxM*`nV5fw^<Wv_SEOUM_yAxqPgx*&5=jYnLAgAFkGrzgF8Hr|{O0m02mT
zNE!iD%o4~KAMXR0I!N(X5W1Mi0r3=ziGV1^eCFG=7M?uEmR{1=t_y+!ZsyR>oqE1S
zyO$|qqS=%+;%pSn?#}Z9y7ccHMBnrQx7^cTx7>x_3shjIF~cRBuP!R!rQY9De{{?%
z5}X6Oy`4nOtKtb_sYLCy6Eyht_WH!P`TEmzeH&wDZ*G4L18vlyt<JVZunh7Key{Xp
zUF)KUu25kS5yfupG@ASz<CHCRmGzA}XK`fx>w&>Ta>A!2G2a#$9zl5PDiV!)4sDwG
z402YbQKr70-Z!HszBgRhpnH~0eKMrf(<BI8=8yO9Cw*kUhgbTlv6W)(2NKJx1{0Q<
z><FU?>CSf5)~VR>!o4zXlc92>lZUu_MX19UBlma+$-2gCzS63ECun5FnFVbf3&LvD
zl$$OmfUie-uHT2t0Bj8eS%1IHtmzY?){JK+3eZR~8KKW_2nE*RxTjZr#<uBem2?No
z^=j)&Fvj|}$rtp*M6O>%OgqoF69vKFum;&l7*MVqp+TrlT=Dv<7?_RxDYy&^g~&_T
z{TZl~028(WM)`K;3cT#Y_|CB`#lo@WerM}(_rpC;=QX;rDL*Rz5dZZW=TYMIAC6q%
z{w<GCFSg4f6TFkK-n05EELN*_VzKWrL3gm?T8d~~!t1o0VoOnu1PJYc%j%5LqSnQX
zNlM2knc`rFZt<bt#}6Qri53kQB}Et2h73=9bv22Z`uh8Q2VvNfLREv~UKxXmGJg?Y
z&aJku^Hb|BxK68)o;S1WD`&zk@}YPJc<(tfxMUC>hQo$O6=ie4B6C6oECEkuJ(ONz
zGyPu40gli4mrT^qI{~FF8M2vUi{05d`T5<V<)>=aYn=Wv1G*i`aW<dF*Nf`+I}d3h
z2rlw2nW)bNT5Y4ztlMLsU2f(N3Kk!yawF|nLy>Z0<1N!Z$lSIZf0Z|2O@C6_rQm%?
zHi8bfM^KhL=L`$B@1&L|w}s0OTjq?g+{BrVjbTH`4OYoT4~Alw1TH++fS~@00LzVy
z`eB}wK__8Q`JGxV2^--}C0*k`3<g=Ko)SPDBw^6PwVPoyVO-97<s^Ibrh@~@sB{RI
zBkBEF#`ix~+ANQ8uH}dqM>#aOtbaeP=}Mjd_WBaWF@rzjf7jGR99TNX7HTbk2C^d;
zaF!4-Pme&lJGb@w3qfiH=ybY$ZVk;GJ>GD>jW}}D<vDPz<#?KM!W!J&r9no=A|vfA
zcnbv8%dT7u>JL#a64ic?ZbbpJ^^qmZ)7|E>r|+)IrE1!NI~(v=Z7|*g<ga!A=^sZb
z^!5+R_nx=(%~p#1%;-hz+wrXi_(Cm)7KYDu_}^4OX+dXu6!ImorFCt-U41f)Mr~O@
zR0W4$=@}6zD69pNoMRz?X8#w?apBqp#VhdR5eO&DF+N5$ZDU)XXVNS2&>N8z-+ZfZ
zKk`YW;aD?7MO_&9@-cs<8Sc=+P%)(c<=LpMyI%dL)$1fmFEBf>zxg~Nq)}9Yp`l&B
zd4Ki=e=X)wVm_1SddR1}v9=i7ouqZfbVXGJnkqm#96dkjJTHStV)y`Pmc?Cxh>hVY
zW`d&=pmn@Z0vyCMc2z(40sGC3asa+PSzm6%R<}?#_)_vMU<Fv8&vdXZ;0<<nPjzr?
zi$KgRnyjG1L%Pb<Y0zQPV$uF~Zy)eH<h8hf|9CE>o50?;1S3N#K(Dui>a+*>+KE+6
zO3I5=Uo+@%vVr(3h41HBjScE$>U%#+@!xwD9e$(c*l9I|gLycGAur*JrFB$?U**Pf
zjoprhJLSpRF3VVmIs3jsgxN^(<^T~>&%$X@Zj6GCbKR_Qh1Uoc;UZz>2JwF8F(I7_
z8d}M)T_XF^H)+&)){RapY=?!_I@`#19EOACN6VRGP|y8i2>}NS;F{Fgk|C1EITS!s
zP^Rg2ULFVfJ0u0IXN=3C)q{Su^ymg4J7Tjqog8HNORn7ljK{0{AZqfhpKb7=sjgI@
zIW9gk0%HU$-XWsp>`9n91G325%KdTsnHlE;PiGTgjG>|*ZM%(GsH4acUQD;=`gH%?
z`F!75(tGfZr1y3QUtdwLEx5?W05JtuKHS6%&{2{Ng*cHcgkJV9_Z!I-slNIA77nzX
zcG<Jr_>g#rI3Zw#f>8^TJD1F;@3v#J2$th~-K!xxslV0lub(ROpTI>w(h$z120$_o
z3o?y*O&w+CX8_@k+O2%B+IZ1iNyuKVT;2E1BoX&)?E`kDDRO6o(bKe7bA_E;?0c|H
z)z<AqB{eWnI95+97ksCjN&shTZp7^E?G>{HzcgvM!{2buwdp0EWm%1053vMdozD(=
zv5$^Fo+MJ<dDAP(@*y`@skqf$T?X~0zRg<`sb^&tsu=KvZ#qpu>E~OOH1MIYt^f6H
zHg_IwNEPN(GO1;RJ(YChV;3F@(UfJ3vL)|D`FlCNjYk|AaG1Z-D&##9t53^j^FKX9
zuwHIFAJ1N2=7W_RYz>ZKTMgAH@2mN=GH8D@0R)4nC{Fv5W5Ac2+!3xUA(8z=6fN^Y
zlD7dEUq9Q=JwM7N!*3xGm<}uH7KvhRCu<CW?D^NB*&n!E4mN^Ov9Y6|a|@a3_($o}
zL6lKJ`Qe@d;2_lmMxmfHM)SnexPVw2U9#$XzaQOE&NDQ-83FoS;Py*;BiqRYp|D1O
zgd9$?F096@ON$CBNZ!^<Yx@-|>$XYCWBooRW_57(mBxfM^DafoSM(%o=UPL>Mrgt2
ztIpW-GwCspM#Z8rQ3r&jQE<vJtqUL~^mZpVH<rkY5BFtz@~gNk*5;#({nj82yFKWq
zstC8;x1I}X<%B5~=}7LZ9C$Ah=US*(l8Jwu@nff3zdMzLXre217ap?38ufS1F6srt
ziN+iOhsvsdnLgSdEogj{gXYLyA*NFoc75UYqA^6snUEW;QFp_LYEv4JxT2WJ`#SHU
z?*3T=*$I6{^pNG@Kxks0OUxX@=sZooc)NlHzmf9H4vuo*JUK{361`*4xWl3o=eTDI
z4agb&QhPd5TMoIrtJ=ZqMuoZ_*ML1IyH7x6O}@ob4w^qRZJ<X)p^?i3hl~%1t{bCo
zxVCZj0r#mSamqn`YbPVrq<|4cDyP=-+WTysbe$V6=%A1ZnOrO-2N!eruhjTopmqGh
zwUZj7Mi$BF;N0lFt1PD<YArMC?e2(iRSh+*pHU_&KdL}T6bhXajGqiYI-hLt!a#+4
zT)#foAO8(TU%e9q#)J$`Unzj7<T0;ahP1uFKp|H)EDk*egbl*xZwJ70*|@a(1#USs
zx?&wr0lfDP(I|1GM#M48tQNZx^7-rYH0nn|Uk2Y^Dh&+*uKxhC_>bYBX$@`k!EQ#A
zIzNm%Ut&y|*3c2r5{cljH4FcuG52A+Pg=ZDQQ2Yx%!c0F5w8^hN{BFAwi4>^Ic2AS
zf9;3x0U6_AgJJDXGCiO2fC2WY4_(DqN8mU9VTAj5wGf)@ux#Nw%hyQK9ho)?A~|RW
z4_uRy`_Tsx{8}=!{H?!hcpkvX+#Pq=7TqU2-y}30b3RISrfR5_e58QjE&Fl`8oaT&
z3lV?8jMV8@2v_9*XN%+2VeR>G?dGw-%46N0q($Na%Jt@>&f|?*!rV_y5|xG}Lrs*i
zZSpl+cS~CyMp@wCl~k@s=$a^eNZpSfP~GmgSLfJ~;4&J8tzfB&b7?|)255j5JH$JO
z><}<#6-H8LO-Z@z;*4t!=iN8Y0NEI3Slgq}%A3TRZm6$6(YZd2;4jn=thXcicC5u^
zI%;tv!GFJBP?iqlYLpO!K$gaq>jA0)m)|I^u8(Vd1qH_{D3}y33Z@FdmjhWtM*SK6
z9dG)EcGHY2hqkdSGQ+|47*Ku_Vm}`yTxq#coW^0juEJusvskv`e74~1rx{J!9Ekk|
zs2uLtbC9mJXeQ&!Weh(m6qbS=HqtxYX<o4bvyXyAXJ!E7nak;;^Z=GR=55P&H<{my
z8<$O8F9k@|#iS8+I@@Z%<d1Gb@gZ1+=BzZMEl)9hAj^L-jzc9UhtK&#uTta*Os{~@
ziyWPV#)W6p37Yied>HO5$V`bxE!NVPE*&Ga^w5Vu$1zXV)|?_oK%vO;#nLCTYn03%
z2E-qWbM2;!^XZl%vSoWZ(GH&MOy<1I5qwIvO3xu59RdxmU{;2AZAfE$ECZ@ylo59e
zhbEjiWh=S0TzGU`gDRob&FE9HPDe}Muae`mHCiVgPys8c=MH*W{Yy)13j1r#tE<JC
zn|*s=R+`t<!y}@~P=_W`??p};7ZF$aC(pv-Qm-*0OCR|voD}nI0CKw35#HXel-CbQ
z!I5>d?Fh^3w+u`)o8_#1URy8lIwJL<g8F?~i;TJw4P+E2zbd-qIxinLjDlqd=mdla
z2dY=eFZ-U=^P_Qe)2h}~DUW5*Mpw<{z|Nav_Dox7<(p^HgSa+gl1a|ALc9;W5D92U
zCghaGO@uU7g~faBWEx8Ebe;8#4IUXiv0oE{b?0^i-z<3zC-34-Fcb}Tc2_lLvxXvX
z^^<>?nJ@}@O{^MO7sYYwRWuHXNBTZ3oq%aoXDbDxy!YwqhicH0FNfyW7=bZH?!sFy
zyXs5n_2@Tlo#$nH)&nwMAvCbdi|?8(C#f(+v_MDzxf{J+u6n^;nEV4bY!wUD+I5f{
zSLr|`*0S<WI}&1n8G%QeeA6OQGy#*uQ_t$atdc5p`_Y36bQ;nI0g3|eYi^KfO*hut
z#C!AQX}Q5-Y%O|NBNk{ii(k$FL&sN~7VfDUY-<mQ!o_Gt53DqN@y4R2vjj%FBU@JZ
z_&69l=jZ3YEAtJ?T7mZ_4<uD2a6U057spngEhiQyv=wS8tlLjt2{Y;Gwai-|=}agb
zgpAC|HZ&d8I5KCC*$<sEXBp<*gJ+|6xCmLzlAsZBnuTT1Bo$LUJe(cHP*1M|+r8-w
zp89^28!^%1#)SLNuPg~h39Sn|d+zK@I3o%Qsvrvv^TrE+f`kw2^bj)0TK=~p0d!Fy
zrLZ*oMim3KQN@?*nlppQ>Re5}?0t&o2_`*?sw<J;8zYm;MRgc(-WA(%KcufMOE1i^
zpHtc*X5WDcauqEnDAc_tc<b2xF03Tl=FU{C{W|6Amy$6OFl0^3#VN^=cMgJFA|7>K
z*Dwqp-{W?2P*JVzi38?D?%B+qgid83!x(Xp7gNK4XdDhXh#Me-E_}^i2LuBvH6TI8
zUM6oIn7E>KzlRy;E~mvA7z#vZ)2Fivm{H^%YM)ln4M=AXJUjRaY)SV5x|qCZrwc$|
zewmRjW2N`Hz7cffH7gsg^ap?cbl58VIUGv5jer-1U#VbAiU`YnYhV%yR0oct+8Ifn
z%^)!+<i_-gC@Hj%YY<)XmEDn`-MAVjS4Ist6&!bxw5|4hdU}Mcx%Z72+BW)d$mRkN
z2+3(g1-VWNA$4OB-0kl!_de?7v~v+j4CFAGmHkw}fv&nsPzDBW&1_4+z==*P%vonA
zcyu8Cq&{H&fu9}WVInQl)_4#_%6_I$a$J6r$pblWpP5p4U1dMFsMmpy$XtZ@;1bC0
z+3e|#Q@7M?IgH{HC$U>*+ICJ&)a&hus^4Dphbs6xYZxZoK(2JKS6|CN-bUZjR6v%y
z0u%ic)dIT;0hR4vjod|KmmfY4fM<+*FrY<O{OHQ?tm6b?%xo=jBe?E8>_*~E^(R4f
zUL{3%c8dx6#pi&^sDR`e>0km5t{st#3I?a|L!W6?9eY=Ax4X!!R9n0fG#KhTZ*>|?
z0_5HI&jbKx)KmORCZhNU!@G_0o12`ZTnC;SUhLjiKWzcKI9k6s^pfx^Kfry@%`AKp
z&^4v0@$~>G8kz_g*u+p+(eq~0XEu~yg_H=oZ}(x5_4is4BZSe)lM3m?$o7?TNMjz?
zh38yzW32N!>fsbv%$xrBm4QE&n5xB4ez?N?GaO>W-jB0anmdH2rv&U)1~lmIb%Nr9
zPaUl-C!9`ZGoSNqw2&I3Wj~cq?&(yJg5{4dpgf_06PyDiB%c`^vW1Y>&X8n&!*RpD
zrOojO_JJrUMJ$`h%^6Lf>DDQ4d@a<@c2->K*ua=dGUsy7Ot>Od761eJ9AGDan-b3N
z8Ip_(4{gcv;&vrXt3;Qg?tP^jZ0Scaw$WMMCBzga>g7GR*966{KUqs}791~KUK}(v
z)Rz?WM#l=DtuK6zN*F~-8NDcPNR9QritGdn9U;BHK1N6ihFrRN!1|Tssq6a*znOFO
z98WofMw!6UuOXDu4#7c#P)#|RAA~73J4A$r5t{T-x(CJ<nEIZBQD(N<tet7F!G(>J
z#rFNzmCsayUs~+pNI9`)9j7_L6*s^5$=|Os(AslfE>Hu|_`Ee8D2_c#4i6F!zh=%O
zavwZh#h+Pgk#7|09=7$rrQaqg56^41)@BQ??jpb4@h&T@(AoNGKYAc3_&z?wCP3PI
zOh*|_I#D~Oig@#TzhiT-&<Xz+?_$mud<10Z9aV2c5|vss%=|b{eQl>mZ8ut;V#?10
zxt^csFjZ2gQ~`yYpPS&_>Sm(~O8dtwthGY^>=-ZDD&>~SREr1CGrwo_-X+U<7H<!w
z)|_g)O1L1}wI0#8$H<mme1`zpRE8jxcRc&ZxA988(rkRu2)*<C%M01rhy>4lGcw8m
z(o!YTwK=!oSvds5nIA*1dyvQ@{dXswTFAm1aLg?@adMw6v`C4;1kZ#Bn}`HU#5*LF
z%|fm-QNAZ#v9ikYls)gtV5JmDJvg3j3^c(HqfwOlz6EdwMD-KSknJ7GYKX=;=CIvv
zilMcY4?ko@Mx=0ZidSJL`z;I*G0Dg0lVF5YYHxc?dvMbWE%V%hg$AB#f<2lMOw;la
z2HC|PgRwqgRR#p|GYkWvCT5UEz>T3zUxYw1>batqOiu@U&Zy^^CNgPQHjA;>WL~vk
zRQ?ev1S5uruAguL7;!<m>^=&SJF3^!OTq;KIkE{JZ#>F10e%&?kKq;#bFZQ)h_akN
z_J^T!z73^D=cw|j#fFn%p`L26SJt^TEJQN(g=)?X<NQ$uGd@1P7Q<Hxfs9VlBttr(
zh^SGu#JvJ**`0vwm+9z_NwvRT<$0>=DEU^_w%_f6fRshhKFH5#jPDvoNll7#Mk^0V
zh3N9(ypyRbd+4N64Hm?LAJ*+q#PnSGJ*k0>c*3lW;1uZ^n?ju+*-F5CO|bcZX-}IV
ze280Gjt~=<W~?NuKj0BCWd>jhy$<}m(%6wRkd8Gt*Dt^}trU>lc_wnjKlrTbsL`Gu
zMp>}9Ljgd=RzU3f_u6H?BZe?JR22*1v%!Z~_>2|ObQQy#o1<|R{Tlc1_Kb6Dmr|lf
z4xhD#jO5TZjCCzk7lN{RY(L;wHbgO1Wk_$uYdwiUoK|IhNiK%ddbC5;a(<Z70u_J1
z=PBzHY5C3M!Zo_cl%9Dtkg;z1?tWe_ZFx-=9SssbcZFMaKjgcVGea=Mf?mCC2r!%W
zBsd|{OQWD}@x@_Kd9p4f?<x&T^(3&PxK%=3*+UNsl!{rb+lI&8B^c@s*Rc(6+JfP^
z)vUK(WYXe9miFMH;j<N)h$5;sG6~A%gqZ}bHt*-!8W(lH*i0vQEepl)jf2n0c5z3v
z5~hs}&cI+l$Wmgk<?vx?0GS6ZYe=&{{A5P7&9s;M+iJ2<*I+#d(7S?9i;1?|d@fsn
zDau%Lc58Vf0s0?e&~ZzP1}zP$HwtK+pzEsA_`BT>&<4QF;ps#!DyH>y`l6242!HQR
z@&o*Jx@v&fj&bV4W2dYYtGNYZ-1<J^c>LqEcigIdITS-|hiJVQi0U_L*0F03_=Z?1
z7FU2#$sKiZqm~vSm?Sg4R=;F9G`tVY8pI~_Jf|d&#<T2`bQhs*eH$zy9KHGsPUUVC
zZ)3BD<Xf@0r~E?(m{BB#hY(KTYAq1-39Td((X3Ij+qOsfDZE!n6~#mEf(?p*j4E~`
zP&TC6i-bMO@q(Yoa4PQ!eH(xo(b@<TM7g%*E1`{pFd!=-A3AFf+SmtIN;63E$s=3@
znbj}XuvT@flyIc>;Z^hvAdE0A!E??Y)!(YIKf-wiqvRhfp~mV0zQcEoGYj>1{E9zm
z2I}kU`=8yq<#R@mb4T6&&FdE~Jg4Y@2<$Xi!fp+!svx<ahzDR@T@qNpYW~7*hNT`c
zqAauaaPA#rkEUbi3MNOE41$u1F6zW`-(9st+<t^9QyxSrqi5ZdcDKc~l{Yb@P(~#`
zy*QK(AAJ%OYVshkIdyW^^@WD3*VT=DV(BNaELUBsv=r}GIXcuqvLWuXtA(9@^puY>
z30h@N2JYjNznfdGDts`%l@UNL`~=_h$+5rNePpt&uC7e@yZSc_OC_7`H|9&&C$okj
z`b-GTHj82mHVpRbgG&Lh;ai5hWrHwpgAG^!clfym-PeMa=2gne20Leu5m~#6Te|D)
z(VjIdr0>3jwWWj@$baa(S0@;xGr=0mUE5BpRz-T`{6@Iwu8G1#1dPF*#}6t$n|*qH
zq(Ki7`Bw)Uoa#$POqcluH-gaN5sTeNTujcL-(Vg7fRD-62rj+V4Cruy5i5LiW_4ao
zLPoZ%(BN2z0DeJJO!z;{y>(cW+uJrQh$tYU1EPWqC^3M9NDU2&BHdjIh;(-;0_uQ(
zgecuDUDAq#bTc$k0z(N>lHa;jbU$17^ZfSvKJRgS|MAB#_dV-c>#B90=cV*U0+o5W
z{gkuQ7Fex>Mb6Pk5nFj*?N}RhyR@+jG+=708#YceClH6<^gJJ+rAaXuVWRpb*wmyQ
z%`vQdQ!Ab-w8QjV;@5~n2AlbA)I6@B4Xy7xS4Sbgd&aqxA7F2-`J6-O<ub;K6Utz6
zK>9q-$zs*&HtD^@&Wmm;@CVH1TEx1#Iofy#5JCN10S|bR&az_V@epABhqO-W$J%g{
zaJkh%>N|6L$sopu-cl8@P%g}x0mYN8xCG{2b66ci+*$6Mv<ub2_OlCBXSr{|g<#A9
zLi<~fkn35N?pHQaI<-P0G(1rudcF(3iwTRWf=e>Vv25PN@{6u@4LfASdxYn&8CZ>#
zV;P?Gya;>6<^GubbZcgjz5hAYE%!QCOS)8xfnc<KREkXh<1Y(9FCxj{5PbpQeBW_e
zau={-gPj(h^w}OweDaw!X4QRjyTwt_QG=+a@e_G~ZJ>_52*x%0UR|3vNK8p<+2|{f
zaf>*EED2BaQ3L=)Z_0#k<l$oU!YLOV{c|aiz#@1wlzN=p_XfkS-hJc>hBfH3y%jRs
zX`~a7F_09r%dD)82L$*_qyeEKH#I%^UtSGE!DngBZr_#*I+4ITXp&$m!N4SoAB(GI
z8~iXKfy?E*ig*f4r^>BV5u=8p_ub0_U9$%JHA;b}^PXC4@+2qvj-!~Bo}RLM(3r&{
zAswleX`qcq;ZZJsAN$eZZK~&2lM-GtY1kf{iU!lF!GMr?Jy)A6FN^2W0;)PpG=m<c
z(J6kU^C8}24nt1!pyq&{|IDpGI7Pu5Q2*$Ktx$D7xDGjEddD$*(%05*rJ!jsvC~;v
ze4OEi{{!6*1h;kAVI#HrKqlL#A0c?m{+p4iVeT`%_j@|u_rI~OJJ8*T=DU+}`U3*Q
z`zc#(7grU~uR|TydleA40zzUkQhz*JYm(WPYt-C!cyZnn?V&d#Tl!vxzfA7HAH9zO
zh5kfMsr~blr^;P=O*R*){a6kfqFjP^J~&V^bGUxab{z=`42_iqA<|2Ixtvl)FttOl
z^_~3A(sUcYi$X*OXHIvxRl+-n#EvvCdM*d37tK%gq85NKFfE8AGNFuW@2IAk_0Hm*
z^eq@KIOYS!<(5qcB^;k@^DXZDpnsX<$`r+A%MhE%9YI<y`p5uLBHgJXTfm2`P4#sR
zUc0?wU$(<2G64t#(!ER<yo;kAe&h>2V&5Th{A+hGT8z@2WAyqOAnDMxk%d;!ue>8T
ziQkj1c8ymSACYkY23gl)S-X!IQ1bTmC4$LLwc#$;$3@YuWv8Z>G;3a5BmD})l~GAa
z1PU2(R+d#dtM*+<;?}Pt`uaFUM6P^&24t}tH~jU@J3Cb<u-|X^uj_@mLon6tHjQ4J
z6tM1dhxDJnuDjO+Aw}O*pE1R>&Z~_GzJ=Fq1rthKdixp&KW@nw&k@gqW(m!7XWSOW
zAa4)}cA@+AJPwli_f1a0K$gsqTAt}l9f^F<=lK4!jL~%r1AweF@x-*3z$?ULbd_H|
zh4SEImQr<-6gAOlXMUqhRQ8J@!-Q9tn$FX(o*8=r@1QkIvpjZ{Srufbum&;thic25
z<MSq`24gOJ#FOXl(=}>}#E>(t%A9Gws)Jg-;`U-w+}5^W$S~3z|79?iB|-hQ<0D{-
zj;eG0Y%J?UqLk#|wW(v5lC{D%ee{C15;g<PU??TsynD5x@7zOf4)}r@wltelA+n?`
zFwIaFP0f2#&Nk4s$D{g|aCQRwT@l&7_$aG{<>P~7(=!R?5@4cd2qmLOudCzgRHJo8
z_|zT*v$xLGiN)m|NK1{)TRMRlZKmZ}0+g<E&H~T;q=BjJP@A&(@P=OMtCsuNB?c>9
z*PpLp)}>@m&yGRWKs9=7OaM?=I_pe9Q0>j)jR!&XI}SJQ8a9B>*(_Hdi0tNW#T%6e
zz{$$XwNvvi7!2{s4%vxbCvxy;e%!Tz@ysj8cUsX)eWJLB5p>)7+?Mg_Q^Y=H&MO*x
zQWHFWW4a8%DRV08TMTwL@)9!zYo#@9XpFYvvZISS-<K4>+d6J%uGr~7eN2CS$S8Pm
zrahMO{^w4W^UmtGL*+VpM;Xh6TGjKk3Ku_2P&??Ql`?kZKDZ;xCw5G+R{-_kl^%~d
zC8(P+bz5&FL<(|`n$~6@B452$%e!m{TPk5ir?7g|H;oW%C}3|Nd~jWEb#T#su*W8U
zF~KwWED~H(yFi&RJTWu#G1S9XeDJi4@p~TpO#-JDPt&2784a+27N=ja-`63Tzv~>O
zE;eLuQL)VCxYEOk1uyTEj(yGh_36=(ydC#T+_vaGY-fSASrP5(QN>je;Rlf<-bzCv
z!7&7@vvL(@@kBsd+3=!fz3Y3UPcUgPZ!7&NGZr<aV*?Xa$H9p$b6$V{8wqLx^J_v!
zhS_jTpbizM_t29vu*XZ)ejy{j<4`@D@U~b3o9N<RV^eg-EJp_-Tbcc_@ATOk`+E34
zaKMnDFQRTb(>FCGnA7`G$0r;~6C|{Re`>hccN)xuy++1B`nY(U<|eHDwhj|MS*AHF
z{sg&U&&s-!4}hXk$Gx^`Vwur*yT?s@>#^`2#Kzk1D?~U#;2DkIk}&%dEfJi2gB!WL
z+r3$w0bW<9H(W=GHu)8z+iVA$QO6e+W%%3<hFe(X{Ha(ULj<q}O?4Yv#l1V1R|VyV
z18@3~)(xqI-c8Lhi^Lpne$RaUElu3RZre{SfeK38qH|qn_W3)280{hhmPFvbsw^{f
z{bl&;J$~$4UYx-pzJ$0$3ZEA2Ro<@)*7x5O2i)wvKy|<JnHhX3reeIIbcO2-oHdGG
zZVnRoEAH3xi;~ypg|JB&uZQjQ=&r7d$%Pi#fsqp|RL`j)s-~Q`&xgcJ+8E{Ys!b1O
z#AOEln+_7PUc9HV76o!sHIV7k;;fa1pc?@QCGe4UaXog^BGJL1w$*!z7j}_D#bZKC
zryaKhW1D+-fmXq}<0Vs)BH3X+jR0|Ef9uX%*FBjU@f+_S_78a<%=8Ul+wzq{SP(6y
z8=pcTs4UK}4e@#fX>Ec1?k;m^Kb0ICR%}Fn1F!rOu_*UE*ZpbLD@%N`6breFqTK7d
zjm{A;TYy^tI3b<OAN3=jUF5mk^tzWjKWH6B_SjRn7b0t#(C^rZK_`Os2i)XWWmtw|
z*d9ZiJg;@(-iZrmN?C~<*+(PhHU!p(k=pw9VofRBd-+>$@6D90M4G*7#W{cW8-nK=
zHGm1x15nEnE)kq0`7&kn0RQ>(*z1rr*Q;vgmWak_C{mS(G~#b3WZwWcvjANM<L{-C
z!@^pwdCd}fS8Nm^^kA34aidr9$}Fdlbi2^k6OJ7^v2E?%ukgO1TGsHf?sWu}pnS)I
z2d^AuKY_D-33T+g#}mj)o>}P$=SjsM2`-lDZ~Iv{tV30p9R-D-ey8XJs_8K1V~G0v
z1mH!>I!i5yi1mr5Cy#vtfH+_JSTf7OO=L?gmW`(t{<4&f=tK`WNGW=Td^Z+60F=>&
z;0Kh^`B29!jS%bLm~DS<y!_j)pcSgrgDIEI&)w~4!?$FcW$hMxZ(^f7-2BDjUB5%t
zsG<Ab;R$+8t!s}};WLd<RC25UE}Z`I#p?w@@PO4{51`pVqE<DeX^^jdfL=+4#GN|)
zQjT`Nk~RkAL<O!4w@Gj{Iti{uGxU4Q3Mw5y`R)9vu?YV7JMoF?2@WaCg4N<8g*90>
zn|>c^BJyP0I8!(b2jd5U@k|9=UATey8xO&FKWRHX0dIq8B}Xcp2_~?D2aazC&)~(-
z6}dj>V23tT1@Y&B366IAz6;ZjPnkFEgoab%U>-rRbgea4$El(ULrtw4H*Pe#s~f*%
z))Y^irTJqQ7LvaMT#&e898zYD1yUxp^F+ZUvfI~Ni1i|RHY!Dyp|iRwMa2*SZpJ4b
z6H$iE%w6L?(Q_8EMz77rmLXWIgkOvGLsc$Kz;o(l`&2Q-y&;~Nh@rkFZ{?i}_JWT*
z{E+~686=QuE2RZIAC+7Q&hEy=kvj@&IYZ>1>ZzWyL#%{>M+O`e;AZIKuUowzoQTRB
zRCCV3C(rW%wA_*y_sDe2gRi}#;kVBvLPyTAk1b?)OPXsTf$rsZxDp(1OE|ZTn_n7Z
z?NgdsB@B*$``s5NLSo?CpZ)&rV!~{)Yd%V`^7rWEc*Xt-hUFz)AN7V&`vbpLW&OG8
z8=@`O=ES${y65wDb^3~y=Fs(2RcAOO^+h)6?PiQ^tTQ#h6pgCTM1BP&$rSt-h2=Y0
zXI2}#sW|Z!Vp}hxtLs{g|9Lik!KJ4P0;5*TiA#OQW341#vId$L?aOvQzqIs$b#X3W
z=)f<VM<QD4yGz*@i>q`G(tMLEP-Ts`y~=UPRp!8z(yHMf30~hT)8~X(dl~4?JS1F8
zSK;hVQhGX@;LC?LXx0ZaORlTxP+4Sp?Hz>5+SplWv*?-;^17oyTw@1ev#1Vm!dSFP
z0nk#<!}d#VKl!x-_WO@dr&&TU<4r&~2I@bdNr(4&I*<%0B%m>HrsJH-UJV3ybb`TT
z){=|zto<Kep8PAAJ6%mQNG*S;p~TwN4Kr!6lU35RRDa>ZcaKJ!Yc`OtR)HS7^aAh(
z>fq0H-nQG>oIHhf0;w1EneH^i5nA^8t@pEm6KbDYS@}LoXK&N#+N!Yppx7caTF_Q^
zbni~Kt8qQ~QZM(IgJlJKbLE%)i`@4`A~nxDXEXT~A4%sp1z*s(ymD_XEy%)aU97y7
z>-;>OMOo0!>{jdW8@BoFY$$SrbLeqPc#P<*spPw+$|v6f$YdUmukB4>qSYG^%vWaY
zh~`fc70cJX4&7X{{fGzBiVf&#PFD!kh^G4K_(ADe=xF~i5^4Pd@$(qOv=?AZWFcTy
z1l&&$vXH((uB|xb*>&DI@#M*UBSWP2<Hz6LLs0k|<Vbx=IiF+os(P7$`o$=%Za6ac
z66q}MtIt%u$4P@3Huxaip`)b5=+zn&>Ylki{lnMV@6YZZq08}E#IF(86nm{D^9t|=
zrs~*mR&U+0CYcmH2xGoNc>0Q}$+7wFdBCMjV68f;ePeC9<PuD6Ya+5l*+3BT5db$@
zwVBmdecMjA$mE4)sm;BLV@mHn?5W5Jg#f&ug&N5Ttpj=hV)_T@|7jUgyIO6KYz5Wg
zdhVW4E46u{S!QR<6n9$`PiW|CBpds8>MsA8=V>f?q6ZNX5tlpN@5H1uXaOr+139(=
zu9Ofv1mFA2K_q_IVNJr3<vcMJ`fwv@{+#Gu1ik#tY9`E=tbY3O8Nt+&w}s!apiMY5
z0rV;;J*p4H@)J)hVAJtwuhb#v+cK1jEoZ4S8$JW6m`TL(OW#}8Y%&UuQpvu>!k;v>
zzmZq~`2C0Wf;h<}4Su^6U`+m|=Q;pEcXv2Hygv!tX!i9VDHdq&r4a$gO!FJzCkBL!
zd|fa876@#~c=!nXZ=}WF)QP7aL*Zb;EDa(lMUlLxSAT8h8^%0vtKkm}zT!t#`Eddm
zJpkq;z5SiF{EIeZ1369}HSdd3Sm3#r51;#2S&5&^0N4nS81QO7Y@qEZU_c%G2Bw6z
z%TG>{unt81VZ9Qx$Pb0xL-HCBclbpN{>4rNUkyh%tE0?j!0g)K2S3*9uSyEPJ}XSc
z3U<Zsyx5=E{lC5jIIh=0c~bFOwD=2zzCYx}0{-=P*xFxS8T|SD92BRTB@Fn!As7xL
z$xk-NUsePB>3j*|vU5{KNI_JcWC-4zPIx{pGr2DRMV}SR9|H5geQXkS@P+6|<PV_W
z-`<rC#A<_zBRm)2z<AgHV!ZDN-M=pbF!i5S_+K!O|8a%?fAiIVOL?PFPWun$cnW(>
zwpha(H3R9&Hx(W7BEf!ijuM@Fim<r%-}1W;gpM3Ja&W*X5Yu`%XL}*~c$C4-q61T0
z(lBj@m+HbcawxwObV?*G>hiG{TCfh5!_Q7%x^unde5@~CELJzM5{WY-?p3M;m|H<E
zHq4urDVKnt8K!cu>DbV%t!P_TLN|(uv2+(?A8{|kjFydMRFz;H+XXmt_3C^d;C8v-
z?S6@!Z<v}EHwQw5LKycf4SUnQvYD9jY{xN!|7vaEI>QlH`74-Cp7g%TQJ6dW_2b8n
zX%Z)An`xYjX(WqU^QOD_-B_Ny1&g7hpM?EXwW&E|aImHkV?uls2((ZGF4=!Q&R=k7
zqUf1*o>_IdnR2Ke^$wBRNIx=h_RDHgaj}(xbClBM$r#s<))RSuXZ*$)gCv4u1pD3s
z<v2|Ng#uRXl~3R&n2(FX5daQ2V=<bN`;7<jm)$M=9_R5B)(n%YAklii*s->BM&_C(
z)mh;RJ)M}IK2lKGOdQG-{Cvwe5(rAz1#9gC-YMh(<3p#q3jXvgW=QQzA0#V3KL~je
zVFoC$NJw&Mf^#ml|Ld24MrOlry5<TePO@gH^rkbu&)`iiyv@EYjBK2W!Kcz;W0f^w
zA2*oJ=v^mzejWh_D*pe~4iOMv<kL``HyKrwLGkq;FV*TDqMZ2|xpH3b8$;<^via>F
z<?z9g{?l*B%?S9@Yk@K|G|Z?N$ODA$D*jwpAbTG8n^bo)AkF^%VLE7asDE1>9%yxB
zG&$744XD)ikJaHKhSvSeZ}z<it$R1AbRP~_caQ(WbqCbbKfUvLoie7AN-r*uX{f0h
zTUl8t_2S~LEzV92+?qLY2_dWTxV;sSsu~Sq|6+`$-rhi3Zy=S^Iz;k!o%Pd3uRshV
zvv_#j0T46>PXGF8Dp_5Lyhp)?%q(H}yA`QAt^&Jo3?K1X0Is&+(%~Maivo5L`)#|}
zK;?f_u~9x?n}n|&+T|ZV{PEu`HK69CGDo}y0t9q>N=H_Fot+gTLEjp=@|#+L+$m7H
zHyQiUnF5snaiJfF#}K+W;eX^@45^`x11Rz-4Sci4VA{I?EY-~D1W@5V5E@RzJlCi*
z;q&t+{4|+bIflGoFy?!RywKBo(4<-gD<1RMsXsLh)Uxm)-Qo8@Pn|3VNELenY<8!A
z?>#!l3gELo1E8xQgk2p6xJv7O^O6ll4M+<U36$_K7=9ouauPIH*U~a7!OUy|$(JmI
zKt;tG8qmRyDW?;P0>FiFW=m&DZJ(C_Yc&oOt-|v$uXQSUqrfQDaezbC?0}?*FY(W-
zx8nnWv)Fw1+;|kRT&w`NaI1mll^ulTRPS%+0%0~E0BC(t@QGW%+9ibbYa-=d+P?d2
zS?ZTYTynFkU;W!UNcVx*>k|O3FW)ye{n`pZ)|K}Ak@1YV<R_%?Ji%<_OVHi*dU4ff
zA69SIk$D}({1KFysD35_fb8u%cffj%zo*>)EXs8w{3Mh_JmetA2Zx@^=I5aYHMtYc
z7c-zc<@g@lF{|E(lab+%eQk5BNr|)=Ec#q#KVKsWBvD=7<~)NyitousKR?dC=d#xf
z_#p1%kUXOMd7vX%0>SzF`!Cg*r%24&W`FEeOHRGh0O7LVLxPwtlACWD1Zp5j(moa1
z{eg!w02R6Q3ai~uXDvbHfdEj?)0mF%pk7%i%5gW>Cd5PJxb$YGBuPN3g75i8R|0Zv
zrkmu4h}rX~IVC@W`;3#6TW^oo7Y3TF1F2Xx{$=NO)8a?&RgNfSUWA$p5C9+GeelXW
zKL_SS8!%U26UAdoS6-^})zW=lbDTJKOLV?qbappq{s<m+<*knZ>t?X^iMv`|Rr7Ka
zfb<RYU%HLt`TX|i{NC7R)h1!=&hQLbreyW9lha(j33Jcs$B#+-o@7LpSO-%@(Y130
z@f%+d<c3K2A?|-)+Vm4PfVOdbBzidvQgVF)t$}@*R$lVZhRb+)us5-@_J_&ZVE#LL
z%LE0RLz$vJ01ACzO3?=feU;xir{Enz8fFD%g?j_sdiY&1Jg&(4rM3eefMxHQSmKVT
zk6FDZ913^lp2X=AFUOq?bRC|o0pNdazrM|i8G-r6jc2N6q>FN+WUw?Q=_hLIU}UAh
z2fy1PtVJtINe~ZUxB6i7KqJy+_68+ckM7!LPpV+iy%|Cr7atIaa|(NU`a;el6q^fF
zOTaz-fXy%W1bN<;660%RV{`kEUN2E?1+&qkZOelV%PjE$*U>LAE*;C$iwI5en#LEZ
zI_g9*)6#LC1;gU5jje78dlRbF+sep^r_`8<2>yyGT2^Co{P8581P9lB2){5GH<kfE
zCb9gf(DsW(3SKStM?0zh``b<~)(?R2otP7lm!gD3CI^p72A+^gM)VC9nZ8eiucwi<
zD&Zp_R)&{zOKX^^CF=$&CQ26ACRSN!nx<Y{sOVE|AQ0aR(f(yBe&By53mUydV`wD6
z?dsTh)jLBG@OieEACC)u_7piMP(E+zyuDIHGcM{j%|O$R?Y!HPLbK^e;ku2yP$OP`
z&gi;5AmsGo!ds1P8OEcxbLwb<CAVKzttG2l?=yM2YaI7S&<I}1Zc!reQ`NG*xpyLS
zgXcv}BiMOUWo`TsA;omDt}mbkFCL!4NP}s#EAuY_A}gFZ{AU<}V(7;$vvdS1rusoG
zHJr_a8j`Z55N&_v(&qxu`T2qFdm0f|UFckd6;M$!H-aFx^L%spwSnwKwx6>Zup#wK
zr-5c2mF0aOR=2xOK!m<qNx6TS118t8&Rsbty$(;2K%y$u;2XJ5e4r5&-A*`WWZ3LC
zj*J@^B3~At<Cl>z4Kl<48Q4aFpZ*&V{YdT^HO4F|b5)q@&C3X9p1cSy`0eRRnXjC{
z442x@x9c51d;pQmhxGRN2F?JA*JDjjlRp~-8@ZtP%%^g5bVwU@E7Kj)J<TjBMeDfw
z9OwUtwZ5|!TcJf#a2Je0!E1MJv(?bmbr`re4us6@&C$M>%52kS(Ccaq_GoR@a@{MV
zUMdu7x?OLT-tiV~H|ZX1qjSM@uioiG2}tNQeI56S@*TDndG$R8s*fO0Xf(Whs{fq6
z-jl9SVs)@H<5YC;lAP%@VQH8txklwIz~y9nrKd{+ecBn7s|9xCFyblS?BWi5exT)$
zJv1S>St|PmxWQ<{9HGo-F^MJDfXLZR?OQvo*7wl*IvKGW>!GRqb(N7UTtK_p5_8s~
zCyd;@u=7=!7T|!4uXW4jsG4_CxMb-Sx_w<8OlirGZLur!CO+n<6zLm_Vg59j0}t}u
zjD<ghKTy=|ioXA%Qv$2$Anv$;QP0R?)W=+)nR-_)SJhl>F-2T4!j46&*i7Br16@9<
ze6RssJS+rJH0O+oxH)Q%@<Ci33Z$yJ#ZHH%N+!OO2=h8$&$4`sp^1J`QGnto^LDFg
zFMQ8%LH^iKiH<!J5Wbf&R~UZczB$6Z@6zMC2QQLdcVAKL7(>oE(TdJ)CMj2iin$d^
zJD*8n*dI}kmG}Z^Vp-$h?lZe}&eHVS3|ZC*d%$?>nW+a7<caGWv{A1%#WjfB`$}c(
zpN3RmPaAK5lA$U9mGC9iV{*Gy$G%s2ojPn{`{QvTBnua&a&Q*{MeUKRy3TE;j=l6=
zU5`fCwp$m!U%4h3C|fN=5xbqH@<f4remA-5^rrrzY+!C0kz@-xZ<c=z;*+c|%SDkK
z7xir62IAgjE~`xn<wnU_$n!btmIG%~MbX0Al6LUZ_j|=>?4!Nb_)sApPq;^&^xdTk
zkV-BUa$lL}_M9e8rpua~rPw>Qzc+SJIr^;P`lK3SJF9`4O^L`_F&6DC8N;cUS~VUm
z^xDG3e4^~ka`n&-Dk`Ub=s4e^t`uiqhqKsBxevj)z8P|V^Rhh)yEerOMP44|Cdb#w
zi{kxr3fosUbTelRvIkVSdu6N7^qK-*Q(8M^48nSQC+fr328?-5X-%V3`)09w<)@7~
zV0Pa7MrH{W+am%19vR?Rw<86GcAVasfzvYA$kn{QtkZ%LpxZ|ZFEC`ivt>tz-@arJ
z+X|!ZhDReI1pWu3%)2IdR@p#NJ?lfrtsS&uSYagxG8xyQxXhD9xR@jJMV=}_VJbl{
z1gv346F;O5<j>z{iWfV_A&>({5ONibS%@E<1PYZEoL`@P!8mbxRsg=FX+cRw03DS^
zo#;77R^zuU#bos2B+p+ZCW)CBYRIOZryWE$0OAkt^4%vCDy)cd!64yq&J%o?v_y?O
zBMhPFLE%DHn1KIrFv4Nca$Y|-E<t`{JB#j!tm|O67F+FVef!6GHXK<J1=m+c&~rTQ
zcuug@P)IPbkC=#1V{D_iq?apef+i)bufgDQCdTMdPA^y23uCibo$9VT7?7=4Zq3O)
zFd4X2X`*lt3pi3);%(dBA<z&$<{X@L_mN5&gz2D&8@Ef(sSqL<3FjrHE(59E#myLl
ztWD}ObY}->j-*l28z(0MK9Zr7@SIHG&YYuOh!RD6dTI=B22s8J(;biD(TLj^e*Haa
zmc-4$?6AZzCt@(VqWICP?Ux9R+gr+7=V`OLk~T_c^6n<gkVS_S>eV_aV%U;wliF@%
zM23y^@x0rql<4UC%5=7h!<m@8$m?Y-iwvg0!Gf%vr>&Sx$8cq3?qV{MW^`G$=4o4r
zwfnTEHJBIF%hjv7qE7>^DLsogJC!kZGEa9(+MFT9)6B8jp)ObLoC%cT!s3fhMeVRQ
znu<?!(NAjQHG`=VY`ubU3ISF(g;b{ETA*`_KE{LTE{n9ZHg}hcQ!K)zip-L7Z6oW;
zqwVXd^E>P@E6=v;yB-}Q(5SPIQP|CsL1T|7b$zYdo^;yDap34Q-Pp#^jVm`~Mv7Vc
zK8PjeIj9}V-<&6wp>wG!Sqw~-&5=cRmX4pzak@#dralxK(EH}~=-$3>gLrj`)#%El
zs444=Ws_`HQ^sKW2cVJ#w><NS;RlsV{dJeUmZ~sISrt5HM=}ZAT+k9;YN#t=9M8Kc
z1PL8Dz7`~5C5~9XFlY23CiJe}D9Rbg*2vLu*VI+9v}5ZrXrrTou}|S8@JU1{rFbPP
zAv?9niC-0J6Y|>amfc8etXgtn5Z~=gQlA4*G1Eo+_|0hCF3j@khpX>y9lc7}(uaVh
zwQ}4kNJ<V-rW_FoPJL38NatA$^P;;rVK65y>!RRZqG`ra%E=XRTWB0lHrGsFM?WW7
z&8gtoN|Gp-v`%Yt<LYd7!cv-P>`K8dJ42Kk$YF>e?p&6{It*2&NbkuU^Q<wEdLy`N
zhFF$Ak0sTErV5tY6UgyU(HEgP;vG_`YrL9OzNphxD)*@M^XJcL;?`tG#T-vg-;Kkw
zyQro5b?R<{cz*F+cbT1U^$`$S?;bQCejIT%O;_U}S1Mv{@LIEB0s75ygL_96Ix}FV
zwB6kz6W+Hu?U_7Q+AB+ZzgJoZhu5*LT6s}-J(mNdC{FF17%*w4<vxb5mo2l<T}gGv
z9petfg~!ypxa_KeQ*XFspS@4)8LB!%7(G<f<rnOsxg9-M5cV}-K6%-`O>StuB50#7
z$~LO_jI4(3tASdnd(3lN9Hm-CCcX4*!q^YDD`+E~Ft(}gdqC?yy?s7R3{6S9V~%kj
zu3jGq&c0tp&dQ45OP%M_wv}q>p^jeRQ5nk&j8IE&hh6E_DHUH#w4DN2#!(Z#7ydf|
zgA#%0CcuY?59_I4o$B%K2(v*uj+T}-&Oh!g>7F-eQ=MG&GN!N-fU)l3hLS|yhRc>!
z&2JjJ)9Z}L=!o-H4?0Usb8N`F8cEUQsL>Y1XNRxGkXar?&vI(ocVkcvaJlNfm04a|
zR@%(Sdcv|(^%JJ4WB1#>rV8Gf(d8aDxHjXuXj0)`7HI_{n?+c^B?xkSPkf98KnEiq
zE?h8W>K)SZSmxO2oL4UqMd1)oP0VV7Yot|q7e*@`H;w%ot1!6lO-b@o(;MroI)m~@
zvGB0S?q~%274aW4J01TnxpYM~*-CGxJ5HV0#@TmPCJ2`|U9)7mHxsiXbnr!}NSqjZ
zB+GC4;+%W}L_E*B42HD|(zg?mD<wPT+g~DOMG;9jG$<amcfL<Qx0H@sX&kKjn59P|
zZ?;Ps**SIn@=NJQU4G@bo*8}>I!cz-C<H#)l<6auptr$ruMUa_MK7w*Q+%KFzpiCe
zlnrGiHHtDC%ys&$sd2^y3P9C&wKw1z7mhxrbE&@rV1UwgMNB2$_-xO13bb}Pzsd*q
z-@*3lADpBivuje;tzc@b)Z7!5Y#-F#m8n7D-Z!B%6%$|#;~NNmdVfzo1UdAw_lCQQ
z6z6S~U?cjVcW}y%O-yRU3Ho#js8lL1ihfhwb0Omauk3BPkmj;lTIthWN2<cm{g?u@
zm_gujex^`!!F2{5U(E$h>j1>_)wIrN1xZY%1KJL_ilKe5!B<KZ+=nNk`#09eN`MJP
z-6b0+U0G*K%=I3<*#%jOg}DaP!f-UcCcp#VHVt8r=4zz|{u{Z7j49N(S;i)bFicOo
z7|UH$xutbcmVZ6E?O;`+n^UqHYowIR^Tt>voNI0o$UW<&+lF~`OH9PKuaYP!jG_I#
zkaI4^)v@Wm*0AHG0quM%9`^gnd=hD$mbY|N9TvNJZW0?xT9b3TkL2<?=Y$C8`j-%;
z*gu_wF(7mJc_tgw>`tNWbpkEaeFa+VWO|m{+HN#aFEd96PVpG(gip>@ukbikpv~~!
zIB54R->?o_7|toHLmQ#2wxiX6cb*hD=;!J}Thuffv~3d4bw_&>Yd^8~FPzWdZ`J{W
zP*R@M%vhg>I$la=NHgX)Ysx~SQ_YB1EMG^qRu!n`M7cMZIs+xZYeO_Yih&e@3<ZkG
zBp2;`gOY9b13EF`qf#S_{>yHIq{$zfIfZ1%o`vI&89z$pTPib6Ov1{-UEzHvU1XIY
z9-?*IHiQlzM$0r1ZN6ic15-4E!HD`MMZ$4k(>+$>sq{_Vi1*8R!)O#oH&8}yMtqjA
z=BzA@3{)r2-(R~I5?PHym26RiqFX7GOiB_7!U<eYc1liC>+x-_yW9qKLtKR64=AhA
z!YxZ~rl(Ujij%g%u$~8Li1NPbDGL2ZUaRgK1+iI_?VUSY*0JFvGKH1``!E9De1<uG
zn&OQ&UeaX~4g3|2J-6pN4+O?V^R#Fp&QqcsfR@AC*+<%fb;OpkNL1aik#w$e2X-MY
zJ@1wTP4v?A6?~5`ZZqW^TkjpF@rZac#B*aYx}G=aejiXEm$y`a^TSrx%$#?Jmew@=
zD}AO`^aIgSMON2FZT(Lff*p#g^p%FCI(=j<Z&RmZ67MN$h@7x}^#aXvi&&5r?;dFh
zv=hw{ESc@|`lPZgyv}NMHC1%>pY8_9@Mnz~RqHgJk)bJ^-8@4OHyBotzecVcoSV=u
zV{HN$1{6KVX-JZZ&$yps&ljV*$2wjX@8V>fKa;t#@viWcZ;1X(i45GvI(+Ms=fY@_
zK%3?AWN}cICgcqH;LAym-t^wcDKn<>)YOY_I~z7JHsjPTRP4W26k>I4;LD!qww>F4
zp=lz&AI){&Coqx9Zqlg!`(TjkGtKH3*O858oxl2p)Nq7NyeM)-O{SK#fg^8qZshpD
z*^5%d2wKY{>JL_O9;|rFV9AyY+cYzrl_60TSrM*JM4H+d2DZ<(mDBm@U<xy2c8zW^
zStJeR_EWBsJ%5vwR4!PylL&4$&lyOTY3dOxOW)xL%IlFvqAoNm8iElg#d;LFlX%{>
zsI8@tv%ZxKeU2rx4wqC;p7eWihB73Eu<xPxgfM?;?|#oI7%j&*JGbG$eGO!%ARjHo
z%hIamqc;N!>bzK9bW>?Mk_f~Uk0>GK7s!vfb1c6`@!z1>!~(nFcxag|OCW-^?uys#
zsqREd3E+zHl52YaFwQx0*2s@?PJ*)Zd4n$;OTkw^dDhwE3;*1PrhmKms$0;V1StNB
zwsB^>2UCkC;0-Qa#mwnr#`$R^u^}{a8CjtfW6u2VLQ6uO)ulgOJZH)NBwV_sj6!#}
z|JDN51zG-S`LjYc8kBactb)toTj@;J2ODr&CAhx;@DA|1*3Rx@NmdDajuI=D!aAoX
zQb}UjBg!o7GQJqJe~Xa<dPKKJaGpO6#;>%#uzsxE6Xxn$?_9A7+=}(sx<~V1m1Ao_
zd%SPtmq+I+-eyWL56(K~*Z~EJVmKh#xI6G3yy44u7VRDKCYzXNOg2fj0d0kc(4!)v
zW|Qk$S4Y2FdB!&XXqOz)j@5tOB5|}v+^`@OT>P|viytZEU1f^Ek5guPSp=Es3!`7M
z2fb9{<a3#51rp-@q*6(UPSTto28TaVVVuT2rCL!yuY3v9e?-K-q(N$e-(^f3$tFV6
zIyPs!AV^8n!TC<nO1oS#t(>2fgsZZ-R~#uHxmbO$zn)z#%|B6A=atz%y12Jp!7zcc
z<j+G<Qa`_%+8DmnlacK!K;<dY{-F7an7CINl3uU72Gzz5bFo865mSGuzj{W_K41qW
zm|3}g!jJBb%L0PJs;&mL>gOX}PuCS&<nQ!$77qcV<e*nxT_Wq#RXUj1zaT_*dWcV&
z$(%e|XSy|UEP}#xA)Lfja5n1hN@$O&l-<IHX0M?6!<<d7&w*g96}5d+Dv2whJ;5oy
z&f;(|#=bjAAVxT4*KVnU+L-Rhd3Lt&79N(-`={7VODtw`)Xw`+uKVV&uJTHFk<F`t
zVHtvpZ`Oe(Nx*~q+X4fnnnSZaxZ4&93^Vf4GDD>7(Iry?cLR+-_^kr<9<xOe)f)Rm
z#Sw%nl=w@{UkW^mvifv4ZP`BL_KZEMDjlur7Skym-k-=h;;_q8av<|5f+Emy!rjr8
z(lvE@SFmAdlMfFO!ZT*d#5O9(j0-k=dznY%Oe&let^a&wS<Cr0F{IssvYsyibN#}Z
zBYt+c3~DD0;#QFZy+b6$c(A7e$9YQ;^)U=CI%9f@PUSu9V`XWK;peZu2*gaCZ0UBH
zV>_XFO8vSI=wUO&oNhRZ_a#8?g0=zrWg$%#-sL9p<GsB}a&QLB%m)2ay3=KRmMgeQ
zDIrz~1QjvwR3s{uOcKAyV$m`SzpiTI!4&{N6vL<7ISu({MWlXr^^V>V2umy<TZ!i9
z+fcizpo{VfZY#7(aCn}3DThY-bqfKFpiE_;4>2CLZ}XiMqKOJJGe1w!6O!pxdJdJ0
zITNnWxa){{Ws!OBa*8v>Zw{ACxYr%ETPJW;Vs_NKVA<@N(~w)WRma+=EAG~tNJRF=
zBq6>k$`@5yt!&<*)w-_pXbPG{nG8n|^PtmMr123N_{w^o0`N53XSJr%AM69zf`$jL
zuPaBi@K{uYsLV%>coXljREo<l)!I&_t?EVD5#vsdsT%{PffuoBH2dVkMj(R5Ii8d>
ze@jcq)zbZXEW!q|ap7Kl4)5lb>=$)DzSZ69QZX64x(svM+4HXyn0EUfvmDs$EQ9`p
zH9xoVJ$JP0vB$k{TEiSmif1==q8PuWyLD)?WwqP<3ge<&k}w&XH>uo03$8j1VgTi^
zvVuVmLspLbX=PB+!QV9w*?5QaM^{JkC7Td8WalC;NE0AdMglncZb{{aSi#2p7rD~>
zO3qdXzKkqVJ7dj%CeRqv9FFxQC*>GCMB};awo=EQk958i^R7eAJ{K5z{jsK)qX^e@
zuvnn$USO=z7|fi*s$}abDdo+h>~*<Mk4CluXV;iC!S+fObxO;=3r8#PRr*Ma=4Dcu
zlh2oAn*44x>o+(uuDf6CrY4oCy&lM3>q&=zsa=cdaIO*Gb-#G@J;ox3S8zmL**Dfc
zmT{bBG@u_7gpd|qKOYKe9?ZG0i7#R$V$VW_1aCR>0veZ79|2<Ga;IpFR-fZNzYusM
zY;((zJKT2I36aG^T+sjJ^3uyvVp+aXk2PfHdGQ%5=Pz~Q30ZLVAh8$Gfl^3@xw13p
zfzgKQ>F*sS^Xj?GY*m<yopx8Lz&@e)!{^*jbo2vxP|Pk#R}j-1V~tt``hg)9+`hcM
z+%uaz%HPsDa0^Absdl^JA^~E%b#^$_)PICST-9X07H?-85X%hqo*CXa1u7Di!-`}M
zJAq@u8oK?QG%(|-L9x)6y<)5jyyvvj>#go}iq<wcz=yc5CRbchL&q_mb5?fQPRc<p
zN$e~~o+{>(%8)oRDAoHI?lZ5&<n`q>b@#yv$xyKnF%*xBa+fedXZ%(%$nvWSJpD&q
zLktJHNo1+Il=-_VN@FKI;(5i9oeK35)^hF8EV&}FhlKo#Eb<k>6546o+=?}*LD3k+
zPi)lh#E6}a%@pA!YdLUUQeE{9+4g&|*F9;5LBMK5Ctks!Ap3~lo`arSWg@}j1@5VR
zbjrv}r-bo!&o@ifr#tNQHTHXAJOh_28Xk$6$u`fp1$eQ{zpCrPCTNai)(ID@#?x%Q
z?dU|y=pdo@8YS&k^;COSx<ayf^GhNxuZnaAXP#npm!)*3DJn=srW?aQS9<FnooxX5
z^4EbjUF-7nQ`TJ=CEojtb?B&JRI2$E!R7VlMBWufnpNJOucB~^Ps*eRkEM`jh$gc)
zM|o~+aMbOlV9J7)Zp41~yK9)|gH!&9Ak`2PyaNdh9yzwFdaT1yYJA0uD{Et@eAS^Q
zO&JDl>vl}%V(+$i$=D3Y5Uh2hKYSg<WK1?LcIR2?y}LU(A6J~bGT;SYqpGBpegyDL
zArH}FHvw{ioc(9>{@dkiNXhgGL>^!DMw(xAseL_XN7J>H=yR@a)G^+30k8BZoQy$Z
zTA=yC*7y^2`2rW7lGG7``tw2=iKv*0`=K1K+STh)+Ai+-A?#M)$X(^9Ew>U=pDzI(
ziNf#LwRw_;OCvf=Ms-+6yWJ-D%)I!Vt7p&97L`_LatIfaxDG#!W%gPmlraQcpw$75
z^_%I6!!b@*s|CkJhdOO?NWD3$B$x0IO_Z`Kw7d*-&xccNyFlk|D_g%}*tX1kq^M6+
ziowH;dcW0Sr!{Hli(rGKyU8`nkkgv(j4Z@CEwpDOu^+zF3(VT$CXtQndRSXbk!55M
zD7LQoEJUp(^mg)jLLTF5GjCoww@pfO4a{+|`7O^j>^bri%Tkm?$F5aTdK3FUVY-vm
zRtj6=9yFq+(793<(y0a=(9Vp7>QSi;H_lPPS4-7HGh0yxqwy{rO<@_mrTfs(Bo(b^
zki~Qg^gHEOJlD>*Iq5k}?Fy!XYnB0-DL0`Y!9_fT$$`^CylsfZZgQri!#u)`I}AVq
z>aT_SgW=>YDzZOY1^Fhu01X4K){!#xVboDZJ1dhcWw|D$BWqxn#vV%!IiYuDAdPTQ
z{)~Auzx<kx_?YQx3PFVeZ(Phm9KAMg$CuAfy+YGZ<ypa4IbSbNOxuD6%aVcV^;Ev`
zxjQO($1B985Zq%HHR2U^iMZyzm-4_&<;+`q8Rab*ez*gxaZmOAjoxOJcSY2uh#$Qm
zZD#wj{za<yu=ykjtLc?;Z*FJ1T8nlQeF9SQm;T3DVQCB51*>-Y3Cn!a!E4$PdTg!b
zR}i=wU+c9-^~XimJ4Qwd{W+<+MYS3jux>gszTgFE?q%+~%p<Q!a!eG-%XT$m!JCSw
zx2m0d?i7Ndh6TRXo}kKC1k&2E8p#a)6jWH!I;X9>N`)H?*~lkQvD1prE<`_QDMyf=
zV5#_AQ&zE>5jfXo<rbrGL|Xc`8EnL|M*QLj&1%aL3e`K!pf8VGT0Cz}heFT6hC_H7
z{5N;ah}nyRaHf#(=VrWtjH6*_)&};Ko?_l;Vw)YuT|P<us8{y`H@X|k#ouYrMqGKG
z%s*H`eu~i&1SN)3eP&|~nPCiYuL_#UBwJsM9`})nv34n4Zad~q{b!g5m?xha&!N$y
zvfnn0(T=}vF9I4p%C^EhaW-Z_<5C+;W=c9U39ljxW;oQNrjl1+=g-BO19lMb?bDTa
z1LGW4ryvp~hWzU4>!+0zi<{vA?-$;z@j}kN{YMQ?p~}?X6e-yd9&_bIV5ry~=+?R~
z1<6M+kG)c)hRYiE?0zPJ*n!Qe=z#OkRe)%2!M*)skImI)hyu_5amu{3Mw~Y{Y^M<S
z1~dYD&&eNdEXVPHR@;gbubXNl7zcX<Pq9n;bXHP=U(wR7`EWx5jkM)%f(@mUz6;i8
zhN`e7mw=XJ5qUY?{GeEr-ni(-7E6p^vw+6YQ_?aVST9n2n2$zelO*m+te%p8cuSI3
z#+*C);rz}z3WpRS>P+ixbivr!ZC2f(E~)c~FmYhNKXN0kqlz=G>*F0T{_K>EvU0AX
z^r=viLS`|3`G+-LM1pTv^bcsB8YPgXB2PpuM8gLn7{+O;uB3Wqsc0)`5ff%89VfJE
zWxu}8IbORon>kXaHF{o;!CGc0R}entyi5~iR334n61s{$_C-qdx;&h<j<`&Qr3psg
zS|Dz(6dQEk50@h1<m?J(WK@bstSur;XM|s~g62&XnwolJODjUCiXeS?%9?6ix%pD&
zNKc8h8epz?^N~MK-{bg<7L^jeoKkzqJqPu)maHf~*@IXHl4u%?tPdCqV0TxJqLAJt
zLH2ctwp&jM2o2S?Y-D<*KOBHj)9%ie+}~3`pBI4NH3nYkMYznk=!_&Wiygez+Ng*P
zOt)pCF`Va*8%qtYE6EVD+bRLRvu@!GXC<2O3AkJ>KgE?j=HDigCwzeb(IljZ_E!__
z^EfMs0rGNPLjl0~eJl83Dx-t))dVPQXzJHUm_t>k|0RFjP-w>2Hrbt_E_+?{QGZjr
zn6B3Is0rRpMr36+YI3ofxYAJab0DQ{kF!kRVx!k}bQCnmtqOFM!vn;)h0U&+RLk}b
z;UM{LxkfVrpB~xrRcE?kD77395n-8@6CsxKiULf|93(Wx1})NSSVrz@0Jl{j{|lz{
z%n1U8O(HL7W?Ln=8%@Ncv`a)v=|W-R9H#?9q>=iXyB=fin^^*~9J7+F{ak7C`%c%%
zUh0myO5@mjauPk_s2&#O4DU{o0?mUSqO-M%N1s`U+Y5miSdRh_((m8DU(dK~7^vOR
zYM2AADryzs0uBw$O?5eBr;R@{dEOQu>Je_iT`lVTnrai#BXRqKI9c2Uv<&ftQ}P*e
z#iJkk2^u%pq4Y#?BD`*}W53sd>u&e`-ga*qVwnj(t)@xZb@yYfMU8Htw>ZsOwKbt}
zG1okuC_~6W5+qo-PghC0DV8n70~w9&W4GD{l?V`JH?9Pd@j0eFNYAm8SV^RgUVR$0
zUE=*7SvTX?Z?SAYqg#`$Pz}`I(}Ge%&ePAiT_ku|#I}vd!9y8K5DPTaRoJ$*gFu!s
zUe&uSJ1S~@GHOMJKUEQl(w|N`9=9i<=8v$)7d6hy@7mqq5ksO>GZaeKDrhaa@m@%z
zTU`TN#K|VZrJtI`WsE`k)3^B6C-NwSU%s4ngsIb+TPClccxZC7%=yxa3Y;74f{;=}
zKa@pZExPcH&W4Uop!GwG9ru*UtIav+bkItxY>Zk4HlM7zAoMBSg?^4M9<Eu$=I?yL
z->vyz1t<zNIvK570*#E8V(Fjp?pteowRq(OVlZ-;Z{6rAcHMx_O$TY6!j>GZRYl9A
z?m2c~_Gxe4^@+v|x;Y!3u%}cdE+`h`i=mCDd~a<CDmXgFeBi6aB_6B}tL&k0?3G<d
zJ5F4-jNq7CdK#d6IoSM$v)!%>iI~?ZX%*gNCn`!IvY=18u~rGYzUlEIg-iIxpYMn_
z&;(LBUvnB|T0ON5&ELj<W-`s;*+rw_s9s?c#_H~Wd^H;9457-Dho$>1Y;S(;E)K96
zHZo}`dnvohP0CEuJg6>-1V%B;E#;T8XT}<RO!K%XE77}zY4D8&gAszxr!6uVf6T&i
ziqI3eH6(vA&WYUEgRp*4{)G%2p>oUd9PQSeMb)}Gq3>qDexS?s#H!$wxzjRJ_h@vs
zvt~Ol5r=iT56#F#*{g0rH9SR6amY@!H*Z$l*#j0DLy3ycNz+ezFI)tr>q_ZJn>egh
zs$~_2J&ZeAqfmaeoG7?NF=I&fi?aEwu~&3Bytn2HTq?w8NSvRdDg`p8P$iQB4gN3H
z-Q2b*=AzEHiqGyQbHPdq1D`ogT!^(?d{xI(@}OZcR4^lP@pfDXXS0WD{@g{zPEq*F
zm9J9h2B&bBY3YzbarBL3nXk0hGZq&+RfZn7jcF`tPESeGu;Q&_MYm6IfE|Z?n&p(n
zY||zB?T$uAU}`<%mF&uv=vNx2bkN0m+p~PL`dz=N%FJh4$*`VDUoc!Zv#1<gpkG0D
znij*)hKR+qiPLGAM)Dps+lmL)4C;#(=WK0;>yR@CI_~E!SD?4#mu0wd>1?YgWn;rs
zV~UayQEB_UPcZeqY+vBZ8v(>aM&LI6LaTnU2h^YZ`l~<b1b}jpMaIul3H<npnGznz
z_^%;RbR3K?>py*95E|ge=(|+hYTtE)IooW+i=dWHn>_ESwXU`A(S}J&O#5CrHyM?L
z^=2ue>87gJ?n>d^whdR>Kstd5s(8H$cl8$9w`P^=eThrYUOFvcHZcXfsTM`OD$MAG
z@U%?0?$wv~olDfL`i9-F+<H#8KRGuxSj>ObE}#q6J$dG+?Yy!=6@YS82Y?zw{CPi^
z<2j5;uQu&U3dI*Q_MAgDI1{r=8?KRuc66K0T#6R67m)9AraJqD=1p3=?E1A-SYn;j
zLaq5_bpBkG#jL!D^SxQa8%$J5do4S|Jzphe#EMesCV9u4u&Y&dUnqVw_P@eG_bPxR
z+_bpOr%c88b;5RX!jxT)W5Q6>>{p$g$lI|oMgk1zXi#vBd~FG{grL&AzX}dG0{(q~
z6yP}9mhqD><XuD2M`%4y346FCF)z=bEEA)<Ed!TuNxH?rogx$M?7Qz=(@0`o_NI0A
z)1!(Ok{!{&7HPD1*_)#|j7jAiE~2U3+Iz5hsc3*PPltL->G}iBnvel2e;80x5}B^j
zdm)VrDDjp%NB$Tabqw}=zVeaC6=^%3Wo)9%H;i@7Oqn(sXC<t!Px;63^{!TQ>iZV2
zhQmcVCP}PM28AQj256%Csqv##M#Aw%r5E4BLlm^mt#iU~sIHcS$!OQg2g|!VFGty3
z4(V6KqWN03KMQc>%;N^hVbrI3Z4*x*I8W?D$nse%Yz>vcFs+TSn@gTIX2TgxZeBU2
zq^;W}q2OB*FLuU|x0P;O)VjQILZzanQR<6@$paTDv6|>}^p)wndAcWr?|cG?UV~3+
zFDt;r_Le^JpDq)s+rJNDn}&6K`K0kec*Z&_AtYNu-lEmD#1KC}?PEJW^5XG^Uj55J
zxWm*5qZq5vfHY>Te+LF&s=HRx3n#0@Uj7Du7d|)x?tWf-DBLkJy6bK=$Jr3}HXv}g
zpl)p5T_&dRWNaif_@z<smuVp&@8SF>K`eoU#JDmT!^CvT-muy?mgEs^MX1}W_&yI^
z0x-Y>kAA=ji`9_nqz6>>sN;b5`jfB&!S6k>A?WhMTl8`GppE4J{6`zf&xhFD>)*iJ
zzad@!PI97$X53E~-VEUsK{h7+LTp1Vs^4auH9^ztYz7k=BLIfB>#!)R`-WcjJ^ay!
zVEa%J(EPeK7(b^0q3nf!Kn<BmWeN#FyYe@-l@Y|Yim>#8nSccyz&~7-FspnM`%3s0
zz@&aM|1oOxFMJ;kDJZpf8RY_WitI*+PC-UE%l7CSpW;JfNZ7coEp$0IaM)AVsA+7{
z%#c0_I1!$|Vdjqj$Hx$N20slOwBe~C{sq*AAFL6dwpKue0QdKwzO)*$lM7%&0lDrM
zivZ$x#W{l~7*`QWq=DJGhF1=spa+em3B3GwSo}SR9PrG+sEicq9v+(A6ry?m3zEV=
z5G_6<8IoxuvW^4D`oW=xV2Uy#2j6}B?*xbreh6qkhD+N6Fr)=%4}tc1(8$9-z4o`;
zQos1e@$o+PKDft^iz%B4hm?KixYS_!ZH(c9F9DpArhxhItIQ#g3;f6Y&R<M832475
zXe11{fGxCoxZjF=LV88Irh^3>zi|CN{gDis{`i<Y?)eBcz<G=Q*mi(%0!;oVdI~W4
zZwsOM?dIh_WNVmzv)&&*3?w2Mm^;k`!2bJsxc>&fos}OWIDfI{LLoZbAATsH<?;XF
z!@z$e7m5~qW4s(5*?-&@p5w{Qh38Gq|ADQMMyh7tl<d5vbqcD0iw`T{B8Yya)O?0@
zVB|k0Ye0M>FfqO>nD$q2IrIeJyb?k)3EvaSeSk<q<d=WA%YP;f{V!PMU+pN!H=g{>
zH$wc!|9qkUfhF`0`|i)QsQ*VF2Hd7dl~EXOhCh>fe)*rdG%CHuZ?NzO1b}C{ap;+(
zkm{wd|D3o4=wobv!MTF`y9bfOh8Cv-zZDHAtp$X?j{QHdqM(?2Di7kwWp_bNJ%jKh
z{gL<o9m8lUB{JhYqSx}-|3*Y)`y)js6XS&Q+ZKT|p#H??`I+JUC6qTo^F(>fI}N0P
zOPD)!2~yC+)c>5X1a`=O$o6XW{-=olZ(jLog`N8Ov<!C07Cn$Hng~zM4s|vb__v+8
z{y(Qchdv+_N_zf~XBbR>i^txyk`Dj5HwV8A;w$`?as0zG{vnt7voU~*!v72E-T%%j
zL&hi~H92wP2En`p;i*#r8N+WMR#8Or56xce-Oi9H<sgb}z62#uq`z1yQ`QN(A9W-h
zHvi*j`EPg5Uvu97$>7k5|7}e2G?eQ6ft=UFCX?a6P;?GF;KzvYUon$I8tf?P65$Iw
zVxY`<@?Y!JKb+J5+cft(Oz{uA!jr7pq_`QFlZ4E#uW%xf$PAmKN4Fj9R?QM^y`P65
znBUKQ0y2pP`G@&S__w_24{HEI<R84lg%u>;-A34>_b$JUBsGFYl15l~UfY0plc#=}
z+$1ohDbtkIo0#agVb}gpB%YL(6Fml;P~@dQ7cRey2=bEO68?Yr1OCCi{h472qQ{>|
zlOTHhoy_`=oAmAHu6yws-PHfWAW)a>50?ECV-%FK)67LSrQXv|1%M{iuVfYalLL}{
z^5+&ga~AMl%^n{n){@B5xiA-Ez<K$H*!!<|tbbm(e_#QFMC$L<RL}_kCVBGP@6`k4
zyMmM=hsGJeFW&uCfPpNZ=(qH?4pKm8lkPOS3AWM7{}{`_8Bxi3%=_0Ma`M^sYoZwD
z*3kdkBLXf~CZ>XEnZy?IYH{`Mp2IrS0{C0;WegQxWyhNOg+PkKcbMXU{~qdxj!NKf
zM@1SsD&5R-_4^=c9XdQJeJ~j{<%S!-(X-irq7_3510el?nri>ArvC)!`=ENH`pqdl
z1jiTO$QwHY^4KR1SG?HDM)ItAI7noE8@et*1%eh{R)-q}SoNVp?ma01Vh|U&$l%|$
zqb%5tttBFOoX~dkIeaH3s1}m{tvEf2{a*5=G8XCeZ>53}MC`7^<w%zdzAu@tBun{>
z`Q@i^Tb^%N*Z<Q5zVv3^-S;|@Y61QFziAnCgPV^oJA%->2cQ;lIIKndVITrPbok#s
z{{{NI8+oW4kUeNoIsE*;YDWB99RjG{{p}?DnZuvx9b!WLzf??1{kfL@Q-9+h>r1c^
z{_iRo^H3`Vb10Mgi=4up4cP65z=D@JVuHjtP6kPQ_W<T<hF!DjCfIIsQ3MdW|C>Rs
zjfecwdRXJ}v}-YXGSp}>_66S)b$XU2%r0NnfO1a(H!#G*xUrD}>Pl2c`GtXh2el~B
zQ%OMl>WR&2V$Z3u?O&{3);w}iO&>=uh{huaKRK2>(*TQ)u3j9=UrzWeI3DDeW@@It
zX<C4{4xerO)r;8<5az#CxH*@3YS7I6_`{<np~6hh`ghip&vIxczA$&10n!*hWd&?l
zG=RJXmjp6>1CUbN2(7?uB_B@HKJOw^G;XDCiG}t|i(5C+laQ;Q3MiZ+TB7;5TOzr0
zJjR@o(|)LD#0g`sY{@Mz$|`Gn><xZ?@<qjmfK{6~yUM}*&2(S+d!c>#k0Nr(F|={L
zcIPb0?)F>Em)>o6Z70}SELZQ}fZNVb2Fd9?aClgt%@17ny7$1IFYp-qE61`G&j6|$
zXa(v;ZPCyM4})O?<HbW3U)b*~;$Z{a6OkV&^L61lR9`~yx0rra5y#Bzd^Kiob>4z#
zY^QO3{I%^mk{b`3UGii6rY1?uS8rEu^O8Y>P%FIzRArl4R#X2Fh^KesGMYL%YRayA
zDa0g9<*k^>2W^}GCHo&`u^7pBbym>Sgknp>D&SueLR7-}Olj^B4zv75y1R+~T=?V`
zZ|*j?MXsJ02CT~QHooPPC1W10a(o(t;KjWLgK)mP>{p98W?E_Jt>ts~N6uH-blLDr
z8oC}g-r7n&UNNOU^jJ*D?n{_cLSv=$XFwx0Y1>*tSznv{;5U2;c=m#RpKMJBuqxj=
zBI4>z%?7<0%0=qL=FV5B!jeK=CJRJKic<0DBh8D|M`9}FT}|+QJk|x9i>}9XcXKaR
z=bX&;*nFzT6SFhe#5A8@BSxwDCs#Bt#q9b~vdPf>f9-vFIMnUicZ-UoEJ-4in97zG
z#!f0pND5iArO2LrOSVL&QWV3eM6!$}>lkYhLWr@CX)rNk-)AiEHG^Ne@B4Y5-*Y_A
z@gDE{9{JaIzTay(uk$*W&-ppqpOVu6Vfn3q&d;mg;u3&g<KnNXp>Jw$v6%Sr*|hw@
zww^0fMlfbQw5LnKP*Uu0=MRr&{>K;2(4xRM_37JRUO^t%Gd#mliaO-IfWlm^TW&u}
zC#c+K+1M*6>$xIgJ#h|}^fEsbt#PXhtrN8$f^IWw(KZ2>bB1dcF{%f|Ce5gEGyc=;
zEfx!t12a3$McT=wNtT9vjsz^hQ7<9rj_~gXXdEkoN@Z06o~?+g09_L=FLz3a7{kgu
z;fTa#E&9uB{^iHtS5tb6)YuhWBX0t(GQnACb(E-GjyrrW=E&n~pp6h4%4odEa*oC;
z1GJ#I2eq!%|K^N)L^12dB^5<SoBr#G_p_+wzbgm%RMz(K=UGL3`MjpkHs3*_-ySQ3
zu3VA&1I5>LJjG)b<Gf<shi(s?3l*3!d3`-T%9;glp`SV1eF5CHvBDbzM2Ca3@@rhX
zY*j9^A<bv})x|Y4O31_Hi{sKm0ow<dX(kw7?ES~vW<Dr{3QkH${iuw-WgigEeEU%u
z1?xH1Nj$Po^ICLAzsrMaRc$mfZRs!wNQW3ruTDs-LNzz5g9o%~ulQlxoNhH!?KbFg
zHlcm_wr0c@+Tu;px9eRoS43m#1GP0u<>8BwT$2)@!~E%sec1TS^U$AJbMNi#E(vG7
zbGHH|Pl9^IF9#lSksduB15Efi45T+05!AXSJX-+hjVq{?`k=iRC#X@zFo|Jjp#D^i
z!Y-r}Sm;a$PS5N7Pz?(nrgcvRTv_zDg>U;E*l`KEFit?ytBKu+%-`&!l%TXl&Gi*W
zujfyVTnE-_=~n>%0u0}s3#`Gx%o+#&_4!}H79cBT?$l(lXsT=ye&+phb_ZVCX@*J$
zLLv4+575Xu@84H0tMd13-G2o(^m9yo3=Qor_Kefs!bVqnIP-S-cAUA&h<>$H)Bc7}
zY^_dt52<~LQ#B>7a{;-Wbj7X8CG8seH2Fv<<Nec7&{U`A+oTbKIRQ;cJS4Sil@s*v
zO}rvH1~k%SKuVi&rVd%K9MNu}`&iV#(Oc>@;&{?4D6$rx_ygEGE$FO{B@oP=%x5&o
zC#@-C35hOq_=%^ZZEwkAGM%WE&gcBAlywbsce&qBAbQnKH(`Zf^EQOD-dp`E=)EVF
zP^}d;!CZEFUa!99K_NSLr=AOstdJhurMm;jcY)FTsyOHY1qQn5_K>v|d_x?XVd=Hv
ztC=9kmIFIFO-POp9GXM-&$2SSbYS&@{}hkwn0mjP2O=<A_bP)8+*=dtRu)YY?mzi-
z*7NF0=k2j&TZ4#QG;yk8J<)Uyd0=a8S3i}jC4|SLrv0lP-<6~Ojl3u|K*!vW#>A`^
z9(h&<jExbD&HYypn;Cy@*Q<+Oaw&ecAKg~+L{wI9HFJjB+_(McA?6D=hnN7(p*wu~
zf@WN=J`nWDbu7V}B^B70X>2mA%T=LTnkQVnN&(BWnN5BAk;4y`iZ(`I-vPUdap_(W
z@gbn7fv%lIU}JuwGE5RxmhLJ;hX`#0tHvguK!Rh!(jj=_z4>k-x?5<6?2nVslmlVc
zT|D1aYiP=W(_EPJuS^O+T7G&G`VkXJ#$524v+r`USiO~^?uQC`o`-VQ?NGC4emPT7
zGk*TMGE?RU4f}hTJE;O-Sv&uYW&H;Iw#=+iHCf)wwK@wfITufxP>`RKT$=^;8kYe2
z3q*T;QcP^=AxoXv+#IxYn>*d*(@jDZp(^wSV$6y_2vo(UTZS_D!MAbi-xdZK91y=i
z^3LQi;Sv!B(dIO&DF5g8tNdp{@9}1wGZOr^9G|F59=_Mc1}HY{{*AqRdHaoSU}Tne
z=JfW>)R^7h_l{--Jv_vA2ML)$KAs)L<_&zI>Ajo6n;&l-*@LqX<`qUOZ33x?$ljkR
zEe2}fG?uJ86jTkzVn)Re5!IHg!R}$A1`23DFXO-YCe)ZkL-uStX!%UdO?bXWXt*5&
zyT-8Y)6wo2;Jz%qM^G26yNG+$7E7c%z5AmA-~!!^@CqtR<IsrG;elK?X98i6*t=Bc
zp@r%8)#xLQQ5FnR9?d7c?IHlVhahErEmx06)aj=sprvXB;Lf=wIYRA?>^onnU3^Ql
zVjpJa{?^^QsJuLn-ebtewXS+0ks025)~;&dRgpb;BL*+DGOX;na}H}`I!~F*#RXKG
zu#Of{5csZ5g$7iKJb5`hQpf7$XM3tqxK6o5OFbM87En(VxUh@K)>v{xnV0-zd<uaW
zJ>$%hXZ*otS6bq11o87Kh4KBed(5lil@u{9m)8#c+T(u0&|_v~^a5}3*e#qovOt%J
zLM#mikH51w=^%fNod6VAhpKAkJumwWUI6AWW^LkKM{$Xr^dJHo>e#Gic22DI%yK#(
z{L^Xo)tN16l$~QkABJC6w;A(As#l`09}Uo10aypS&n{_@8YNiQac=K#uIUHkotHm2
zbaSk<{cpZy@GpTKXlK@NI{I`6O#$(JTbCN^&L4MR9mlyR!&$TvLB*P1?{-{iuQMXE
zriv@j<wd5`v}0WbHpB4L8TOY!21-D(E%v!m#6!XzPHqpi2R@fr^tz4y&{UO&9)0A(
z^i?A~_LAzzK}^`(Y8c6Xh;LQOl7h!eOC6HOAMSw3>h}Pgd;GlsCsg`iu#HYPOItb@
z@x{qAxvvg_?|_9P{T%9nvEmYC5N-J>o0`doJ@M<t{8`=Rb4Agg9)eApW;^x)jrW}3
zS)JI4gKI*Wa%eGLa*W3nMOgGS2W8_a9b5)1;Bd)m%nMvIBRygldUErWCzbl`Jm8~S
z_iZezp@pCgNF|lEX&i-(W6vlW{*c)yPYGO_!z##<OetPQ33=%T`J!-_wz10baR=zi
z;#B1f2Km0zL-k5o2bFf}VBJs{AaKYY2V4*0h7RT1aL?34nE=p0?Yb*+{Gkf>en6fO
ztJA@aqZ)0k)-sSF&;s$4uwEu#F}XD)uU2v<>B#G}W7|m_v`O9CLp|b13!Ft{Ay;5E
zsq}oibF_Np?k+pl50^rOQd@6F8D~qwXH$tYP3n8R%C5A#)x61UnT-upC)n=KFv^lJ
zbXtfRuft-QGYXd@#4RNZppY--{S7iJEb=S$LY2c^qq|WgSq1I_?2k-L24h7P7gKO*
zh7p(V1d6MI_d~%E(2#sAx3YM=O1Jxz@XJ!urB<s_-}6FMHJvicEDePTMuRUJvEp|N
z-QRke-0_aYlvofvxgc?_>hna){MH4Yi6`}yC0?StV)xkY%|PKI97e}Qa61%G5*cTg
zmOC_i1xfm?H-_*K!+mxps0?4;l`eZkeT6ws-g#Sc>zMs6t0fQ1MVF<LTgC%7u8L!`
z%zWJj*r(<O@<XuKJ<yBh5+?$-Qx)gen{Gm`x*%Jw9{CF-0YZl(j?@+ufy%q3j-(m;
z5MK`ZR&p8hMo10HnN~8Xh;~Qen$=eJ?UtMVrVkZ2SR|)eEg3+U=Np3;rc^`=X5&6Z
zX?p*N#JztTA<^;@1Nwx{k5_Q;TtzOF$m9BBY%&;j@XUX4m}%9;bS*STm+Utle?WkB
z3|{79*0>b|rL0~Of($^<W3C28Qbw~*6c1dV`*5BS);er3wtH-aB=FWOP`LN5hI=*9
zjnTlqFiSUapT4g<*#*ay93HML+|tn1$jA%zhLQ1{R#?6C@EoOYJE6wU+{Z)3OmzGN
zUiUNd79gW-pN}X+EUOjVX*J3nvEl8J1RkkgsoyejS@t+Kl(*ER{bqoF=8q(q%9PRq
zd8#jkfz5{3Uh^r)^ZZIsP;fVWa@2e%XRJqNmq?7ZpLf>|(R;eH9-p1v=wUK9>!e{3
z+FLZ?vng~jlBL<Frs|OTY!OS-0!k#ci#f*78~Pw^%p?wie0CA#<xhPrZBHer8a<OW
zc=nE`C0Rl~T8*0YxBcB9)oVT{y^sILESexU#yQ*THRdqzLN^$+=tj=8YN;IL>|LJa
z*GKp*5wU>~+1DdlZ=5J2a|sC}zAF@k+XHIguyLS&e#Rw6YS;}tb$c{>3>Mw)3;2qH
zK@Zv7-doA<BJGQYlEwk~n!KU=>-g$jICEagZI)ia4{E9->EtK0dvMd17F9*OB1K3G
zD%GbHR%v5g?9AvdtESWIt*fW)q4mW;nTPKZ2J3F+zJyvv`j*}<hmXH9AJt~ubMpPy
z^cRFLw)x1^ZQF$2jx`)Ck@6m&SDVSx02L?_=w6pO1>(}BCogkMy;#Xj)&krf@fSBq
z;gl(XOhQ@w@o%lMj-K^0RS@_m%iMG>-5$<<hLe7gO!_8EqnbjMkQGXH8=+<=WXHAM
zGf0o7hV+pd;$UrUi$z0l051N8%HxA8lSE9gByY~g7swh(unn9b2okx3eC`8m=DZC6
z2&(O<7IQJVqK4{vXh;oEX7EyNy%4y=S@#he6B9qf%$qF^6Q4OkKvlqZ1eK)k5~;xc
zrHotTIH3O%mR%a!u}wQszzon*?fF=L4K`-TA<=X16R{t#6j@SHRBfGus*t$7JfOLB
z?qr63?s0F>5uJh6Y`6UUwp_W4)N@gwPxo}E=-5k$!oo3}rXN{*X(4XRTLro}o}Zi7
zIvxA06Ln`FiI=AM$Ox)cD54I1y2-I3WG+QFUQ6u@>c<zD;a)p~7T@Xql-8XRurwai
zr}wiKi*j88?i{-*!jN_(t3Qs{NJqg~o9lz0{&u~(%?8pR^qU5s)!C;iB!RxPk$e0`
zn;pu}w-yv!n%uJRr7Jqnc2xXF4J)IBOYksOH=-+F;OD(C$7gs)(4XeSLPJVj<(zM`
zuQ1^o2WdZ#kzA1lwzO}?7WSfs9ug3+6<5dZ%ogptSVyeX)hzkY3tO)5anGFm(vdSz
zGZkcS#Ob@-#ifsxoY_wG*41aw&t}6w^ya`{%rir+x7~M=<75+0S%-b54?SGEvUDR?
z@2SoY&c^xt@fO7LM+rYroX;TUQ4?lxW3Q$KXny^EMZd}q?SbdQ?v-Cz5c`g3kf)?|
zzCFh~i(SEqXhwmHEEac1lZ!=b`TAF%P@;834d8a;iJwWc3IUDC!;8Lx0-dDs-Z>t8
zlzr_(hvvN=vy3zgOPyx!Tw>FRUrMxn@WbV3j|)bjLT$H9DZ5xAo6zU|9@wr6Jh@st
z9<MKUUu^MPriflAMLw-QaO6wzgj}Ud6u>~qo6Ke4GKZs{s@UA+(ic~8yz=}=TJcYH
zLZ|Kw5g@#)y@!9CSj4oxojrtPW8jY3E#rDejXNgXVY0%S(=t@+lCH6j*SELwcRJrZ
z%9>1Z!zRzB6~3u;E&v&WQ#}Y4;HaGJ@k!&zqh`M@tuH6lfm1Eyfe2o3AMu{7!KRu$
zE`Gl}oLSk+3JCe!ygI7d0dHAj2q1f_&+VamW?*;YU|z4M#ka$-XN;oIMs}m-$L}g?
z?j$c2d}s-)q*8ZD6NO9`YLDNlt$yU?3Yx&#s>;)Rb43L<sw?-70a9ITIj8dkY!dKd
za58=-_S&D!>IQUsjH_41clMZ1J+6RYT@Yj;k!{{zxKuvD^q^Y8te=mlMiy(7EN4-2
zd1_Sgk(b{&fCgCYu}3oMtRgyOjz)zwCzpD9%+E+kwvIvg;oM&BJh)z&dajN^%m>?L
zQ;XQ#L*%)jIjp2``@PCe3V}TY!RyoV)qrZ}#0+^@j<5rLEBAMO%g#@li2j(qvPe+S
zg*9{Q#UiHQRv}35fzlS?xAH_Su5^c~dV60XZntg~;uw`-D$q)Sa%1L$3?NhaVlLI_
z)$3dtUFu!&K08kSlgo7;Ih||iPp(_}Rh^3GDFM7gw-`>u<tZ4=KI`-<ig-G5b~S4o
zPIZ%XV;r0ov%GesJH1VW9(kmaT{7LKi<Ob>lMfrdtG{qT2!HR=zWdj)rKEHMCbhAj
z9#V@{=N_7ktJSadxRx9Xs-e6VfsM`SI~)5{<(42n{3V~6iy_t~pPY^)UGs&3>}q5R
zNfTWp0`dY;YHP62RS(Kkm2F5b{O6$K8)?wC(b$D!eDYX)O$`LWtsys4ovz~0ylhrc
zb1WIo8o#m_Kty6Eqa-mxGl?GPMn|KTG0?`-{Rbv&N<vFc&3f!P7h)aJsZKT8qXgmJ
z>662miit>{>Xjfaod}<P!2!qar)m|h294?U`r?G=2&3p*cYKzccg!(N5gyaskee+P
z-R*ZHPx`AXuAkUyEx*$t^@x^*&rsVLw-DVW!Zu=^#0ZujBy3KO#HH<Ur6!6lu1orw
zU-z67|B3BfTKx)@bq4h5eLYhhuv_}5H_-t59-EpDlNv<hw(`y=Sf-nRCWNp|a53t>
zDId6gqC?FZ(9~MN9dEfeN5&g=O}p0vy*#01DdY1HfJ;{j@DYqik9wO*&`wB)Lu$5t
zP6xIPouxfdMWTm1er;7vv+uuc+WeS_gggzfKeBu4l!xBKu5C6%?q}%hWYQ)DO#~o}
zxJo=~CnGw{8=1pcPId)Fw&VL-?N`(aJZ65*iykzUSlmYSJP(XMI8S5p<y;q7D!?!@
zTb9{O{7tNb6JVFTuB3<1cJqf;)c^s!taiG?4eJBAQ5~;A`|fY8SX|&wC4dc*tVlI>
zxore`3xZaO(xf8dXzqwO%;VlXZja_fQQQ7lT}+s${=QMal^q`^mw&1#?4q7=eT15O
zfWy_ZLRWUs0#q-LZ4r$5nR^;{WR@qC_xw=R;B{c*$_|?Hr`E%@McBLzb2~MXr|UI)
zOCz)oH|`AMZ?><fLCG&;9Gc$cM<|UyB8)QgxRpiaE`{gV??Nn*zdSw*T8iE`dIv)|
z+?Zb~6e7;OTZsk1j%E<(vQB*c`sw}ZJnN*~F2&*tv!&tj^^;vT8a#D%HdC~m+j_R|
zm**-cUSUIsMw13`UD#!frB;Hxo40#YnDPF$bOVmO9#>Stz<u`q8BIUwWc?`jPcK^Y
za14;)J+XGuPOLg5mUW`LWJs9->_hXNDH+M}p4RRS&hfg@Ewze%^OYU11KGn!ikGbI
zQ`wN~e%xVdtmlOwym;Wn+|E6nRypKvNJHcF@yX>Zq2feCp6ep&i@+EEQ18}#BmL7<
z)Ks(Z3<1JjVCmlBe4*-8J~m6VI88rGC51OIa?immt9HjO^<lgeTL1WbSnIR$JD#7X
zTzA2|<{y^rWrXO9Tuj}5%*eMj=6FGdnbmW|nkzr)H8hQ32B8(l-$N_Fw5c`=JQs4R
z0m=`$4nCB8m^&v$fV1&TJY*5uJy6*HOznZOeE}{w69gPE9ed6Dxv<ctN8gb^h}@p^
zIROee45A)?ju(&)q~ieJ*IiqM`92Q1P;vccs0LUP-Um8;9wc*K?O1$KQm;7R>7=Au
zK7^%D)l3acxA+|xtmi63vDoK?&I#nYu~j$9uSWV^S=R0d6zQ}=@m%IClwfW`Hh@x!
zufIKTyXk=xu28c>aB-Y~*(M^C#%`}M|4rT$|9CsmJ9%lCJpLjw<G}S><%>+I>@Ks`
za@+SJ+fT7q)I=*>l{5P|@dcU^Ssilxv{AX~9<Nq(<<>D7Rz8dY=S3`fXkhNcjTBG_
zPAhcn4}CM%@{xj;VA?U74~5SMq*lgsVcwZE&RfwuC--C_hY%{f{Mnl4M9XLZKl~xl
zjKP>CYya!n7krcDdwfrj^05KK<qb%`rP%SPeC{@DGPo21aDcX0oj9dqU~A+B|1utC
z0_WkGd=m2A?G-RdNDlo^Rf2LF$UZ{$!tgZ1!fe*tvv*(k0BU1iW57`wWaL`tMhlE%
zN`1}dD>zE@qL)DD>jQv<bxGL}16XBvwaac8#LNeY$sX}uo<i7+plU!PC-r74>}mwD
zh3fd1HV3k0LCG$tV6>~jw+g2=gl;f)>5ipdj;oRTcu8y!)q57%boAno&>miftK|0~
zI>wM4F!#9keV?PT`x?>&S1{OnR_$+N#uXN{=58|xO-gut?h<`prPVqmeLZF;u3vks
zM6=y#;=;_V-TT=EG{TT;_xp3fL9LT$d*89<&J4d60XQkg!W8-g>vm_vY95(dxe}js
z_^$j%t%35KqoiD$*yNLd9!0(yCNnfO{yEiV5M%78(td}cUh!6FuxmwV)0m~730uVc
zl_}$6^dRV}WfC{S0PgV}zYq(+j2!TU-vzYYN)sy5@09oWT%QMhH}?*H<-Ad)xey^Y
z>obFR@pSx+iktAUCuurOT91O*eB_s=5h1__wz%foflqt~Q<w;ah15%QrKLK&ISFWm
z)Ywf1%5+Y20^WhQxK<=jD3aCQISE`oUr#&E?pU=7X`yR@osh}h3uQR3?~%(I@DCqC
zBA4f4#(Q{8T54GpoSIJx+D{*Cq$oJoyx-5KeF$DW{;De|S>7|%!k(YEbn5K@uK&_S
ztr$@Nyolh%G!ae@iE|%Jy?PwJYxnLzH?(7ZW|y3bS>HR$k(>g*1(e?&1v%%SR|mY#
zQv<764Z7bVKzNdi|MwIT2;_}{zL9_+{YuYA2z>lqCms*{_1#wS3q&2~Iuw3D%+Eu>
zDO~taH~Ed{+iJ(@hhIbFr*Z9u9%&?w2<hQ3WbxRgIX`#wxvVHg-@#J|@#EMt7(+Iy
z|0!hu!X%hosFOq0<7M&mJF$bgjRhGg)uFc2NIx`GcHo$%ErTMJsJjC65F-&U7z69z
z!lq2^)r;ghO*C19*lfa;O)|~h+qZJ$%bvF|$sa|So*!tMm|$Dh`HU~<$<8w#NSWll
z{x#xrtnIZO{<&gDUK+aBq`UOBqejUguZS2!+!5mmLZ2kOYf`W2!ae-NPt4f9C{p$v
zn=V#P(Sn~*(tX1tFY?2iErKH7nwWUt7wf!^FvSZ^D2tno`XSDzo9iC@c&PzX;^tD&
zS7A_L1?xc>d(K;x79M)<9n)XvJl>Me7~9a5naec5;^r}N)V20HCPO{!%p@n(b$NWR
zxWbj1c;;KTK=P<iHgQr==yaT0FQ;hf;-lkVh9iLXlAMk4eXb5`GIad>qBUr2G;^lS
zK$oRJ<<m>8S8Y>DhaY`<3LFvn#HT2X_Q#({uh;0X?H31VzIZ}1JvC7BEQl>Y+CGx0
zB15JT8T4#I_=OitL}IsrZHX2&s<e#(a_VWnNDkgL_B#djQUB77it}u$sr?{~W;$PY
zK2?Q57M~K9mvzTQ7L%dJl~Fp;FtIo8X)!f7^7W#MkT(P<JErHqD?3#wagAb$&l0)d
z!cB^T7_0_vvT4Z`G#~sqsNp+ve$zjDaWuEX9>mFQAKRLN-wRefzPf53#ja)+RPFN)
z<?c2Gj3{bCu*eTIcp6H1m`Q#;M&fzS=I-ACoB&u)U1N*GBQuH1xlO%GU3uJ`w2Vdg
zTIwZyAmE)O{Z~(%#Y>PQZqiQ9j{<Y^UauXd)mE5&IoC;4U9x$LrsUg7oumooeznz5
z^Xl*UKz<-m(sOva4LCTF_G@?RdSnzJS;$vQJDD}ext3C*w4aaDujZV14&6m7(iR2%
zO*0u40lpo${%u-`h^$7j@ApQDz(`*^qli@)$W^Ls1)P(2l>}n|R|R=l<aFy$8U!Q=
zdVWt3{A2#?KTq_m8A+ED(ed9)B|1@lT~Yk2yP37R8#Q|JdY%Cw<-zk0OST5y0Z0Z+
zG`Tg{p&2Ps=Sa%}-dCZ9iIf3I(UiCiB-%iOuOMIP9+z{_nj`RyF-L%~ntAJ+cL+Z1
zOmtdpUGapbJV6h#gYt7b{cniDh0|p<K2#k5g&C3^RAhA$*SADb)p(H_R;S5C%lU3@
zP?fQ<q09fxa**XPxe`%yWD$=rX1L3IG_36A%--6Gu^s^`Cgv`%x|CokKUvr)LaBKz
z+OarOK!LZXqqp-o08x0oTgwm9GEIjJ0SmTiPmv3?`9-Q`6_4)SC8a*VM7~?s#K#51
zFPSQ4yX>*NJ3ecz)qxc;Qw^*v2d8$57-N2SQHGjo$pb}Bx_x#<O7mY>=HN3Gp@X&{
zP5l<6sTrwh>fhB@@n16X1k=xL5W2Rs8*DmhdMtwtaa?(w)~WJR$9HdCOP{==I<m>)
z33mI2E>x(LI9L|^w6~Gr=;xx}d-f*Gs~#{8SXYy`C)@efYrsHUdT;YVuJr9dxc>zU
zT+M#<0@RBs0H>IO4j)Xh_9cZO>;?$t0%{5(J-_#WMAzLMYR8Y?KmB;?ndKI*P(iZH
zz%)DVIRZ&Cd}7ach2B4a=hWWao}?&1C8^>v{V*c^_$dROpr*Id0LIaLh%1dc0B_W|
zOWi0)q)<iNJV&mo#>lOQJxa{P*nGe-&JLZLUz$^W@7`W2;l;>kN0-XEku@Ke2%#qI
zt9T%~Mmd7TQ*3@FE8D+p_77$#rZC9_j^w|RtiqpbjZv=%jc}VVi{jrG(h&m^ZU()g
z-mAzUYA(tmaF9u|o7oOEB2lbS<dVU&(on2E2wEdko7M6t9Qd%7-uuE&{TM(8RJ%|q
zG{!&Mn{X}9``JuNoCB~6#XkSJR~*I*#p#t7xNNUgzYpVW)pEJ@cs2JN5xpP6bg$xp
zD@goy?Eejs5N=6w$#$RkkqJ0mD337me3_mz!wz8aTU8$9s{)3)kX1M@{%}H8!qOe?
z+c2V`OT8`b<%)j8ur&US>fo!x0HPJ)JCgSzzh<$`TslX*B-DM+9yYv164|JR0%|Dl
z#%)w!s$Z{UiS@ro2y|zS92%L+y8ULq#3M^(8dPC3{a3*)68paIzXAdaUx?=<BYbBl
zFK`CQtV9cmnGj>CHiClXQQ65u$}{-Z$<wdWC)B?i1BLU#SOz@<6i&Yl2imR!y_UYZ
zn^z4D_0Uhy>o{Gmvq>v1Q5CJC7;rW>nND0_OU0})*H!aXbL0T^o2ko3V%mqLSv575
z2GnuiO|DCRzsP(vuuPk$@B|=D3^Pz;R)aPnc<QsNok_V*j%(VS0iC9(5FK%jQb!P2
z5zG!VrhzeNzyMCQQ?s&7`K(tYIxHf|9hc5M&nmu@eNnjSR2LQCrFKGVY5erDlo#(A
zX*bttB`PkcF^~;C-03kWB^fdn?|KS0a=Hmh$~mtHBgj%z!z%pu=zo7?^Jc<LIOfw2
z)zq7aQegfyazUrYfmkW6>x?zPWA@N!STXzF6H(t$bbIM_jFmxu<)NN{guyk}^%&nx
zyb^j?6R$KS+f<+;$s1*oF9CNQ6v1`Bvq`=QySrrzp5LKVz_~JVx8eT09&5XiiS&tB
zkC;zc>K|J>`fcCf1*$@iJ^`Pm+}{X=inJ4+iQCR<)0W0ygULw8+T2$<9(`Xlqv%V+
zDiCl_d180cn_H`<z^2VyY{S>VNMhXI=!Qbbs9T>8;)>tdR0!yHb7r7TjS5^IPfA=d
zb?wNf>z^qZDlX5Q*~b-V<l1?Zgt9Phzg73xK<TFX32{v}HVrz9yih^uTe2GG{6XvL
zjvXYkRh$tG=)r<d<kBjkU3oOieF*@-0zDtET$T+*U$M~UVbe>y>-VJZXpG=ZSl3HF
zRz`vB4y!sV<cGPt>>Bq-pP(#39kF1xUGjtnR1_sG7IS&t;@2B}6w9iDz#C7?hpzzH
z05_e|TMl=6!N7}0w4PmgGdF=4$kH8%ef%ag!VA>sUXdCK1O=gFJ?9VDMIxg5bIxbW
zY55J^qU<?}Xwpmr<tB2eZ5;f?vZ~;T)LsCt0<YcQKA*+w;c)qsW*HrudN*EyP2+1)
zOh<pOu~kW4{n*nDkmqfvf>m|ribD+v0&uE%joYe3fJI3#VfchsM&~OWMD}*M1Kus0
z(#gJpTL6o~H+#JNQ!lY~IZbCa&L`d$`3d^UR%Db{tRl40GW^Wyintz13yQQB16&CK
z2e#70ntC7o^x879zo|DF`QT<=$&QN64M+X;c4Yyq>2ZrZ&U8al8Nj|s#T^~E6`TrM
zh%m?!-uws4dx`I$P!$3{=i@ogtrI|JrUhWG#{tYW?G_$Yg-@IiJo*M0Ag}75IO8VQ
zaCwoJr#EhpCf~tRotxdVyXK0|-aJev&A=Z=V(U;TeGUTTr62qIBd9&uOd8JD(W;z5
z2<~Ll2AJ;G<6DO29d!=M?vTOLF{>5vSK~o4zGG4ZT-j;_!?Lx!`A954*D@*owRri|
zWq>$7wX67B&mmBTdwI>A1l8Z5PT@a*o(K7VI8H5W+S%dMpd-_0UY&Ep*Q>t9+{42*
z9zaKKajiSR|7StYtFh~tf9x6eAI}GrcQ)--$7}(P`?mFX=6|uunTk^SH)~SYf;FKk
ztiN#5w4QhVgMi>LaY5qf>+L{R($|Z~X@Ft(y?-l62%y%^{KEPM1iU>ivF4r#^!KaQ
zjTcH$WsbCN-~SKINL=I6ozPoE&}Fn{9iOv~)Pnu3i)%f#Dr3s_%2_6=d9hxVLA!<~
zj{dFibUU@*+U<}e8}RauEx#Fl{{-a+um11VZ2yndD^Ph2PF%Te33w-rUYD1bYq9_5
z-obx+M*mbL@INM7pqSe7qjF0wwHC#HqmlHF%^iW*{zDf<5QX?BngD<j{oA%(V1Tq<
z_%E?AP+xxjuWbfv`PM36Pg0AQzES<ONB=pnt@>}(RadDb9{>J~{)zbDe@wRiiJ0U6
zky;qgc=9@}@#OFINrCXcH=z6XX0%d@Mom1$AD!AHE2HsX%D-}Z+}?)~%0)7VmRCwY
z?`u2w5WiQHUTMpbh$&ouk;J_uLTeZ5I_i``?vRzh&!K$maEfoOYd_*vt@x&zU`x3y
zS9%SS<1@|=EPRUhH*MZRN6*ZscysS&FL-!1s}JE2G-VpL`J#j{F*NsWpG8rqoW@Dj
zGpkRnK0eKnS*^NqX20q72a&bcAFe%X>0kznysY(j{f*RT&FSYq)$AvJ^V$cVWM6+$
znfm0{E5AMYmcAWt@%+V4nLXvI@BDTtW}Dv7Ogs31%?oZ3Y)u>C+EDkOFN0`YxDi@1
z#SFhjuHJNnD{AIbr<TLXo=-fGSBVGK=0kg$%-D`kTsaVaVr#kT!0}IO&z^*4RjVew
zzp(Z~>LU1y)5Xhsm7rcGIe9GfTc4#YE#Efd7!Y&8K~jUFjMO!`@x_SyeTmKT+xa>&
z(;#iT%c;wv{M)jGAHE5T)Y5q~CQAo-vHWMPsr&M0t^dgNA06^Xhy2mkf9}RVcjMpe
z5XvZf#HLN0#;WI(uKlq|{@8#2AKKc-yx@z&x+_^;(?7LbWqvc5L0$d$aBFIhef-Lt
z9oeR9baJw$Rd|-N)O1(0)?~OsQ-@Im6%!Aw@=(|eyaJy!uRtUq(h26bGUwMN=er0+
z#r<aT)8Aut2SqER`K3!s)1w@yxn4H-J^kQAy*dt83wNy<<q|s}2=7T)k0jO?MOkR<
zMKssB<#eTN^oQ;%Li}M03tgiyUf+*Gh?5I7n!SZFL7L!Y;SKge&=kY_`|n#+X2<Kr
z21EiNbWRV(q%_8Nt9*ygczI*?-(R)|H1Y0%AQpY*$V8YcXtLU+o5TE%Z{rXvY4-sj
z_ZGLVSrllHtnd#*!!8b%x`M`;IbKusyhcmN%gPSTcf_Sj)B6%lH=EJ3hGZC-v=RFH
z>%>YseaJ(E7Lg<*adFYAB!f*nj%|bAmk?Q2&8unBvVd1<LHVJ)2yyvt_QeyOt(T+9
zYdW_hZDtm<?26>)q$2qFpm+4bEH^!4GC-B2MPsH`YULp<Lm#C`uq1UezgIn1e{<;Q
zMsFnC-AQpG2P-ZVF4n-1%j|GgcVT7N0C8ZtZP>X{9Yc_>cBG?&Fxg~Lch&|IJtKAc
z7~Z7Vz0hl6vM$vCy|P?N@+G&-Wq1ANtKKh@V^{=enI1q$jzIQ~OyDJ5?a?zmr4RJC
zz$|}ed86T-`aYwDL*#A(Gy=G7rXo?mNxeHl&Mw)dQHybvU+7BKT@iI(=nwUafofmp
z|K$hYFI%F2?)PBct(1aDwcmbOs%Esu4ZGlL61hHj(%%Q)M)j&C#+<K?PAm{i4407J
zZle?UY7}U*XyOLrk<&+^r8oMe^l+uV)>K^-Xm__~Wl^Urza=;mR*K!5SKQ;|7wHtg
zjqgVKw5Xr8XVjAM90xP}bea-aq1V78rpkW$T~<n~u8C&plq)K~*V}n6%*2~dw#K2A
z>c_7;wGP|;Sz{J)ehS^_dD7G|=8h3#K<;x#yIm4i!BSqs*~j}uWE+Huk$vlvySLle
zZ0h<FyYWP%i8`((44jM0Sj;Qm+FMz?-s8)ykSiHGmth<Idb)<gS4!fia3Q?vh|>#p
zr`ng6&33By##BV&?YGctG*qnc*&PSsk_66(a!$OS5TQ<=;c9K^p5+cJvE=do*wnxr
zl80Gk`(?e~geIBgC|CJ1XaT(Js~I_YCI+PDoXOkEmVc&7z2hl0V{5Dn&(??Eq50!T
zu(9QSoUUn12E-d}bwpCJ_m9LyHJJgnqn3@4lRa_SVN+gX=zLVMx7&zFE5nAxQA|+k
z!^2kcC`1#5czMf7rvqnvB(2C4-33pL1&({Q5RFR(S-YUwQ>2k7^K9Zfot7L49W)Gl
zu*rwh-9j0YQSG@{)ZlGQE?Jx;j!A?sjn0itbEPg0c8<l%dRUPkFSfOAKM(3tihQnQ
zZ@coFe4R}onM{KH8<9tpJevBE!+`?0td>;G#g$WHg=C6OhbZo`q%lSQ`$LnuP=XDv
zTHhzWfp%E3z+rhzWZC)z>OJC_)~Hk?>+50cS*Pn(3(+(#S#+{<Jo2yorv^3Hc0Sjf
zk49gv)pd?~ePP$79}C%TQgONDZs(Sn!bV47pj7dm)Tl`Oj76@c-qq0@S+ON>taaTl
zJ-iwrAQC5PWF&+*w=l{mH&E<-{Ie9y&-dFm<c?C_MUTG5>Y-Ah7O|}>KI4Sf3VW73
zel{xm@sP*Lr)?4zpKDGudPNt{>UUK3kH3IhCa@?!b6@U3*ZNt){G#TdB~H-PA*p*_
zXC8qybri_nbfniT9nu!9q*_?b{ru~kfw75k*jy-~W4_RJ7~koIAp3N05J3MBhy$;Z
z(!RTUQ|5c8Jfs?sYFH=l;(f^IseyJU`IWR*0&zgEC5JTUxr;hU>F;#gY~-?x8|*)b
zR7Rd`bvL%|@VVr(96BbBIk-_U#;<J4U_4ZtOCp~<a;y<8+gO#>dNPN!WM)DWxzhW6
z{rhYjw3)M9<x-<Nv*k;TWuk_vY^M0X&Me6C*cb6oep9YDPy5GKgt+_2BVYp_gBY9Y
zLaUOJ(_gHeSF*)QjJY@{a2SLSTKGBUI~_9^pFE<m`efXKi)@3o$jm~gVJr-2U$S@F
zNG#>IQGQcPkhrHu6q<3jm4{VNhTpKg0o(2DmnPO|L)92Cps5Q#>wgd2Z6kNXC*w0-
zHuow5S)c1<*w$t&MzJv#8`Ew<0wBS!m|ik#fm%T(H=yZ`w<;_l9iz^MAYK=5IZ{N<
zwl5jW9-OIUW`=j0#aUMb<;JI#q}3w{cv<v<w|o`ZyF|9Cci;^2w}n(@E)ae45HmQn
z099D=mgiOTS&*KsCrpVG<B;{$G4X{Ms{GZ6w7r#hqDQP7uIpU%lyA@uCpgP>op3FY
z;Kfum{B>{Wtj|6is6y5e9+?xS7W6!$k%X)pw&`v>IkFj#O=jKYlED5%5wC($gPHGb
zIf{v{Bo|n&D~woG@LRAiev3$XrM|rmY_nRMc04M#<fA?piZtPANF5L+Ny3{tAe-D=
zPl=f{Ng^u4^^upMn;&MQdS%|G!6KU0!w;lDAMI+_F%QjyV`eSQTgi;{8g_--b8!_e
zJ{`GH`fVt0cx;B47g}(`(JWKmTX5|8QA|!e>iex^63<lbKvtf;R27kW9lGg-b>1{f
zN51QAj+JZfoKMsJO-1rEe&5bw<8wnUl|7)%^PT}0FOVW3u;Z1T--B5&GwDWk!#8Z>
zmt8P}@g(;y#}4%OjRSYM<lhy%8}qm>!!mc0+h!&<Lxd><Rh`{Pble8MZ5Z3xhbt<{
zwMhr}ep^-jU$#J*t>9RK9;#Pg%+ALA%^h14Zh|*;8xLaMN+cGf*pGPH$jLW!&bJfb
z8^vpndV<7DJ)%u|qr44%kT?Y<JL<-*t?1xX?Q(}f&~DfWRiY!NT{_y?`L^fQ*G}~J
zjk4sxyCt9DPzG0yt8Kcx0v@Qs5~sUEMiEn<)K4?Cy%l&^kTO?9#25*|99w4CWUW2J
zjK^X%E<F7;2LD5Jo<Z9s(PJ(cBueLseNjoEJ?#~;v{xhwK;I9cGYCaCbt)+%1`!i6
zzka%T%O0%+FuRPgBAXml^+sDyf_Q}aPI?WEkD?+<=hes5<s^+7d599`*_8JiO~{03
zMKyQv#)%|xNh7hjl%W)#(!$0GQ+n{r0u7P!bLwL$p8C95gFXghDTs~V!!UfLW5e`V
zd87}<Cl9~E<`4QhBk|M&2zQ9n-x|`ntUVVu{<P=O#vds&eBaKIJQ~YlJti|J6CuV2
zm6|xv8q7V_l{cL~9Yx8XZFF|pct4aWv)pDnu1_}b4AZq)Q5Nqd%Wi{M&9i?ypa(}O
zcztS{`#Spiw{t^bhMwnZ@`O3hVMAi)ppU_6I~}3oR%m;)Njf8U<@Pg;jgpqR*`Kmg
zQ6Foybz0%2%3e79&M|u~>+ZRNQ*tF;tiLQ3#e~>0Tjg*H4~FRrmm~wdMod9xj6K(b
z=Wc~{?b_k?URQfI#{Yjp9J<QP<0p)&u$H97<p^_d;2MhM-)`q~i^II?=#JmGC|E|g
z5WIlsGbX)E*)eT)8*H|maO1JFkF>k-JUp!i8*PG{?*7_zJjn&s<5vXT1;BwyHla`6
zC9mOu^z!t!S6(-)s26L-mgHU1;2#-Bdy6kA0$S;NF-gvJJcI(mo%lARjf?P2w~u>s
zwbW>bZVd{11iV!B=Ppbmrz?D_*DAq5?Ux3oqlaJagTJnl8uK~1Nm4ottgUdGBzC%F
zYXrr&G<Ms)jYI8o-7<I3tb2~qqw)E@Ggz_)0Rs;c{|f@oB{sgXJLi5`e|-54ADQx+
zO^p1qoHto6`)^zx#?7y5wwU9^wn4ToZDCH>^>KgF*<bT46Wm587;89d!>jM$B%)aw
zcJ{gNZ11aIFYvczpjXSw?M>Gdg5F_A5qvk-$_04IY#4$BKi`RtuUD}{O4}fAKTz26
zv(G7@E@8udE{@X$3Mdqxk(*;<&}b0x9;7g8H|!$KZg@miZ}Xv=0HdPUf}&7PYblLW
zoTjyRxO;*&3?zh~?}!J~X6D<i<4}*=LareTJFku2w>rAvic_YizZk3+tge36Av<MY
zHgm%Vs7tE|Ry^^%n%IV4P@l*=21F()s;hFNz*3h;WXprdeIn?;yrnD&DDYT)yFF^Z
zmXS8hkKoknf1Lj7TVh$6;diYI<%Iw8*>8t|v(?o6*SFjS!uDtIe^&mF*!(%LKxh5Y
pHb6uFQI&r#DeCR{AKtL@emg^as-#&EqMN{<>UoWG8E0=k_+QYDfdK#j

literal 0
HcmV?d00001

diff --git a/login/apps/login/screenshots/verify.png b/login/apps/login/screenshots/verify.png
new file mode 100644
index 0000000000000000000000000000000000000000..c13e6a3a88cf81545b31314f46b2bca810cd57d5
GIT binary patch
literal 67934
zcmeFZbySsG*FH=uD58jfpn!pZ2uMqJr*v*qq`Nnp1{I|x1*D`KDTz%PAkr<p73uDV
zZ{2u2M>yyFp7;HI<NM<q<6#V7!@lo(tu@z-YtDJC{X$V*0w0eI4-E|sUrJI`2@MSk
zhK7decNz!$=Z$Q*BpMoCj){nfqLhdTm7=Ycp^3Qx8k*#bh^SMF%G1Q2hb~<r!cxL1
z7ZG727?QY2*oq<NID`qQ!p{qP`{7@(!S40;JFR9P@dl-Zrg`SN-&3)IN4g<mLYgFJ
zI8;WkpA}SEjkv6~Hb<`x+qHSLZXcE(HkYG?M3g_WA<H={SRr{EcXiY7<HvetYacXB
zHgs$aG<`-UnPxnEe4OX9gEdXQE@&|Y?-*!o_jh*>Z{KzmA|^niCHjWtPRw-moAUGO
zA1|nt&=hws)YK_u!o3I2r%8q2Tv&)krO;8tqn=2K`!v3KewX7t8`{!MM)goEv=?4m
zm-~@7ZxS?~c}RXik5*VCpg;nFz@hv$b~^St^YdV~mkH5JQM^(fP0>_sjpMf(olTj-
zyf-fxzUV4zI&2%;8V!xV6`S`kfR;{^@cc6kJX=G)%*#Ty#MI4aq7AQku(*eY8KA%H
zYHoVeAjg_8d-0}TEC&-j=HgTLE6x;jG>>AiHLJgM-Dx}>)+ZfapxM<N(cB%8D*k1^
z5hIA#L*7<&jm_vx@`Rk7nkl?p_N?|o)aUm<_RokOjIcWF|8P-g+i7xtdSzS7#8%YP
zb#W;A0Q-8cY-<jwvz4n?@S?123NP%=dSoAA`qM9C*d_<I9%_zduDL|pR7SnezO>za
zN>0k%;)%~9NcM)X7On1c7y+769n17b@voP^j}tyrDh#g^wtVGTcVRilkaf;{?h4wg
zvV7%)4?H_R_?}Gl8M!(upjiiBrKA+#89O81I@V2v_VL^01StlzAFF6Ox@}=nh3T$g
zPPmxQ1##Owx!cikYKb&3cu-hFo+L}yUQ}43o*D(DOM)zt65M)tYThM@XhdEN4^GjZ
z+N~8*#18Vhn0VneHc8zjYfO8uO4NlZY)sT8Qgq5%QY@i+&(Ge!<{(MJ;(dpT=Q*yk
zV7201BAidc%Zh|Iy&tzr8(&qyiVz%cN6#SJxy+5J`y@|jxE(WtfXsVDSnmOmthY%4
zhxu9U53;YYPt{#mx_%G0^@$zI6@F0%NBzCTH=M2Ou9($lHs9x??h^^pB~H=ug;V>z
zc$6%xXp<otj#WaY`uw(->YEwGmJG*k3l%0)()G)MV#*z7i>U|juX+ZFuC_-{^-Mjo
z=c>RP_Ouik72iyfXdh*M96(%;G3NK}!K1rUuTo!O$kI*RonV__nP4<TTSfQ()cN+7
zhLJfM2XU;ot`|f7LS3)EcERvh_c_{gzRC@ns3Dtc_Za2<=xgWSU;U(8JNzCW#sBTn
zQU#m`Ny&eX>HXw4nPv8^)h+EUk}YO$mb&LC>C@MiaGP*raeYs>Jc)gR{+{&yQ)6L!
z8u9bW&&^&KeB}Oa@Lm5q4>mTo8#c+)Z9L(pI!{@ij^U|a+9Bc(qrGWI7+V~2^M=Ls
ztJg|GC_+YFHa^xbB;g9WLv3|kJ&fsPLZ|?p(xqG?E<e{#?0%R0@crHq>Cs;Z4+z(g
z_K&a)myVFXJ*+~ec8ivrz9^#nOLhc(cpL4gI)!Rd*4L~j87bLB+1(jB%9m46wDm-K
zcnP5jT$1IY)9G(Aa8x)VBy=VCM5|=4CO$N|#deP2shTK{_-smGhLXxvm1LEuOtp-7
z<@wa)se1c!e1X-`?%wXf2L_QFcY5#C<pdVZ7!Jp*-<MNvk&#PO%TUXARG;_f78zFO
zQ+3NmB=20rFMd{D?;4m&=EBZscGj$uZJ5nD=4lKK8>MNT)`ZqWE&AefrVhq|rnAPo
zX8t8kCVHI|y-Bn1>69t+KCXP$6q%m&_DeICeN~COp-EpJFn5v~1aQ<pkB@|T#>*~x
z!qP`xRljggagTSeI=G1W2EB`_<3XiRcHQ%&yl*-mBA%5zBM3Y#E}Q%~IZk|DoH9@@
zAUTkel#`4gCL`Kf)>hV3jv_Wxj!%wNj$Ur@)x(xohM9&g%@xfL?Iczoui~x75*IuT
zd)odeSZve0**vQMO@BnuqIT#V&B*@9l1Mi-`|JnVyxHQ}eZ9|mZF;qH2Xku%?+v8%
zUnz8cEb|t>xTVOV)XmJuvY{xupi*C<bhAiLfAsNTecgK@R6$=-!^@d_eKtP&*<+kE
zMl>&!<GMnMlI)PHmXo`(WUS$u&Bz&Vn`KAMG27npqU^Bj?)4|L36_zTnU?I9K6bJb
zrzft&bS>sBwmJx)MrP}lo^O6#?3m4*Y+TP-bDc0iecI%nTlY4omwtHFplYLZITD_*
zaq!vEApg<3twh&7H#|3PH@fPV)#KF)`)m85d#3y1dsp|>x87kr!0^T>#TlA3wu8Sm
zZIw*4LuJ*LQYk6I6`k9Q9;`l)vR>7JTcU<6>?qq<V`yUfNHK)(T^kgRe-iV=@Yw+i
zC69o;`=`ChhoukcKMZ`x{3i3>?7e^}T*5pEPGmwx=WiaU<flcddUc(7fTrSR1!q0C
zp=xuWMxe$+bLA_HjJFr8ho&$_v3ZEk-m%xwC|DY~9wydAtgD^#_MXLZIkmJ*nT&kB
z{`cfDv+p&wB4rUn9a!@37oJ?8h<z8f>9_c4w3U*u?2I%P6XEbh8NyRxLt&-V_|z`9
zqHYnK>3?tgEjHXU+>MS>Swtx~B`94iy(fLFYpkp7Iqe&j``XXs>k9)c-##r99EzQe
zDZgPSN_dm&HMRl67t_$rkh%;J!`s?SvrQYH^FALGvzbme8r*IYZQ_oMWg0Ep6ARL7
zRiJODhtq4R&*bV<7Fu00>+$MopLx=gYj(ExNB-r{>utGOGCHvp8-2X7$WY|w?3+IJ
zNwdkxiOu{?Jw5G24Jx{_nmUUQ)s*c5r#+^IjB9NA>KC8xy`L515K9%)^LPH#=TW@>
zcCKMr?nNv&Cy&KQC3dA)@%V^ZTdpegZE7y+{lN)Kv#+gRVP*UKLDW2X5!~SmgHl6u
zgZ<jXI=#hB)_sw>dQD+Xi)wK7?#14LDx1v)zCFHo8;JSb!St$p<I$-7_xpUO_6XQi
z$kZb#K2kLEZ|x~|Cv7CW5>Tb=y{BWpHF%-p<w#aRR;lUa%nVs>OiPJ%ZjR&B)ca)J
z2G=0=9?jmX8R>l_S5Gw<H0T{%Ib5x}C`6;Bz@pF_$HHB*%eHR+5VN}g`7njK{Ovos
z(#&01RCKT5yNRwEjeXl6IV1gkc3G1g2{iF-0s`*WCf^(Tml<q5>il%jOPw3c_(`Xt
zi=!rY)wX>+TYWE2$JD4quWZJBeU81)%qWjFpL4{zqNDxWSDPL620aBQZU>Gb`|AGg
z@y?zhzVzKahBj>ytKFe$TVK1$`eA3M%0;n}+47ntcPoM#qa~pMA5MZI${@ZkZUN3Z
zTcX=i)5^K&5jD~KYNNB=E_rR~`D2<}MH2hS1N9oC{R0Q8L#}P-=`+J5JwA>;M!tK`
zDqxIot|jR`Q}Z$uL4<%~4TqcCj6%KukN6{ToDs>9fEot(^n-=ZF20+&$w|oy0x2G(
zyBb?k`^r5=6O$WE9eS_;hJC+Xt&NsB?bXf1#o&gnhK5f%xK6f2g4gh9Zec8KoMxf<
zh#@#HJmHJ2yt<YmsC<YPhIMdJp=BuSJC@+pN4M&)JDx#nxWL{jW_zRU;*I-HNId7~
z$GQ1-<y)sOdW#)sZ0yRm`&jtf)(Jc|eRe1_dRYA6dN$@(`aVf(%&Gbh_=bG|zWNzx
zNEyn>q1^_rPorU>lc8aQSLooIAD#Tq*W&23XqZR;$3R2#H9^Dr;~IJJ8~O?X-_Sij
ze`AI|LpufjA_U*?M2ufoW5E(Jf4#=^1Mi^;DT_!+f#1sdwgv{4cE(or8)ld*;2*fw
zlA3mCXvEaeH@cM4%_Z>sJ`)uUdkr~RZhb2Y#)prs9vLvgEv%vEpz*@F!AlDR`-fC;
z3v)|5ZaCldqbs<<Yv|uh*Qt&!u{Yzpt|6yLC1Pc3K*hm$m+|g(emp8FDqh>ihTKY`
z;(y!@{^GlCY;SMP&BWy7<izO2%4lV4#Kg?S#l>`&g^7iQ0bIdg=WJ>J5YAv}cjM<n
zemzIjz)s)R#M<7(%909t?!!k`4)%Q4uR{a<`So+225^(VMzXZ~V_9H<Owc<_%#3%L
z{(LsLl^6Oix1tH$z+6+*!~)0+jKR-!mxK4{`oF#N*NDH}sqxpH%*@R9e!um%w@%)w
zYG+_8Vr2owwCDe8zy7%S_c#Bzk(UWt`fsB6Dd(gA0zvcR@iP6nY5aIvFwYIJk5^1Y
z6;!})pk>e(`X}&%_UCWtb%0RXyerTuK{P2*Ar(0K-0+zp2Ic*R<#pbLcfOOa$3old
zxPqRCO41Dz`O!)zNs{~^yq$SK7ty|d`>B$WpHk9w(GEGf6<*%c<$aCw)|QOvhX<`(
zW(n+O`TZ^%28JyoZAQqTDx;PdO|ucR`2D$UKC@o37(SPc!?R~FPE&cJ9seQNhW+d`
za&0Ia^ZLoR&@f)0d66(;VVxI5LqGN-kqRAy3A@f#<Jf<XF7m8B(|2MB=ugEEG_NS{
z2V8fKj}E;hh<a*v;`z{@w342+GC~Dch>s5qy+yV3p8fBWJxz2|5S2=$anAqm<DZ9r
zBRjbW@FYA!swJiKcYMYEKK^N>HU8g(g@%ERdmc`AI`YFm2n!2VhVwT`p?P^@okkL2
zH9frW_wg~9bTI#6M}#o2V0hl+1%H1FY)9VT#Uc3L?fCC@{H0z0wT|N^@?Y!tuXX&_
zIz0ayJ5I#Y|Nn*ZrkhBdc!cT8j+(>$MGwP{H;2?1h(*Rj)<ag2lEXdwSQ^%<$cGsl
z3WL7SBIop6a;d-S@*sK^{0YXcIN3;Dz1lWvGQAuXS(G9et2ju_#X8v|AbsFqGG**&
za>v8u?FN#(X;IhBoNq2WS8u;$p{5uXnVjStX4<ovbG0)+UH4t8!=b56kwliuK<Amv
z8ouBhb?w*%z4`4PJ<Lh{!MbXWf<e=-GXv{CdMNsD4XiuD=Bw*4=IV9wOI2d~^ZNA6
ztmd2zs|Hrz4bCI>dnkCfOl1nmi+U{(H2E7}hh6$_^!Gg*=q4oe)q0k~Ryp#chkM(7
z-9cMpF<Xzv_QU0`F;2?^&QC2Y<}S=3_DeR>)T?`kBYO&9qwOu^+IB8yD@U5tUFPb~
ze2jc#$ClGaIIv#am+F>V+5dfCT^ml9k8h+w-;;lS_S4?bm|yn(HvLS`t8d?~u_Bub
zG%foLT2`8vjMOw9ZVwo}%Ht!(>I6uvlLE6cP4IJ=0^_-|shg~rG>uoYSyJdi_ck`8
ziZWF_>l<Sb+BM91RVHWKvGAnlhs!#bY-X;!bKiT$#2whs7~82a63XOPg706m)ie6_
z$w1P)bAKN)wWPJLg5P}^-(~Bv7Ri8EQ0jb5c!T@H(tHy}Z9VM_U8@b#)%xYq$%lGf
zllrrf>jQJhx$Uid%?49};YiEP;@S1S0dg0ZW`6XfS+)fMg==n<%Al!}@g_SQrSqcH
zKDPYfaC}W}oUYYa$+$`Xdme;E#@k#I0zIBAjY8$70Zj>Q?aGmQGoSq2ysCgXgaS-E
z{v}@+2h8HrKz>24+=Ll<(8lB-VrQ0PxVQ9SRdrI76-!%=+VgeO&7R)21*5*Gk<x+i
zXPvp}48wVx&Lur-e42fm%4f>gHqXM?FHR!fCl65UaKUUoU26V9pZ_>g*D+elK=ZuD
z9YK@<p$@JB|8}_Z_ZR6ioYLF|Vn*s(CZDua9I=arY@4Vl&wlvuAxzLmS@ak(=O%&A
z&<*SHJ)CIMGoEOPHJWI4&e^zG_of?N9p)@nG+>&Y(y0-R1lxvFHs2#7hEB43@1?v$
z`FJFIc3y>_ra?r+sjX%%_G5WVBCnS(1>z&`7D~jh?)_7Lo?AVL+tVXvj~}ZdYQp=@
zMlignl`)7-tMsG$y0SH<z<Alrz^1Q-y_YmoOjmt=p>{6tc*b#_2#)eP)v~|YmS>^8
zH#ej>FXhw0t|k-Da(Y4VdkV;3SUg*D;u+7F36b!~`(MvZR_?vq)JH-0Na)yd&(q33
zsPo32h<8~~K-5gd%ZhLZ1O>IPrrulmLK$5vGaj3<kH@I9_2awISu-D=+=9Io!+~PD
zMgo^ziAMy-)`;fih|PAcInHTBnH<y5y>Pa$i9tWD_kgsOg$w&M@~lRs8I^7eEM<X_
zjLoTqJ)O}0askJL{qOlq;tmF0^^i@2uHi$AA(EDXk}tREd+G-t=d{ec(^)i=M5S(~
zbp&PD=n^x!zJVPKnB_+|)95Ln@Q<f_f+iS<xv7N1J@s7VC;e*KxC)%$D-mgWao(qq
zD(MUrSug4x?kkY2!#nntv-4X8D|EdIS&u!U9n)*av$ABjI6_V5TC^cTlGEZ&n7C(c
z6B=8IH=`Eu9gU$uv0&2NqShEpYs1$V$8SEwINY1OTC!X6wDCnw`GoO&@VH20&4B=G
zD^)PaQF)~=wdi9qX2r+xYb~aC<5*}JT#COMj(t3LKCg{R@}*$j9Cq?psqL7#ksWhM
zO`{q{ji~9S!`Z<1isHA>;+%S;4F8UcpS7!EK{b4>Xaq64F|B#u;@G}CxQlIxT#g)|
zY))XI&n<qmQufj%5=&1fu+BvRl}a$!O;9mK#P+nfQ#~&*oX_ElF=hNERq<n5f}@TC
z3c^Ytz?;soJ6C9EZ=do_6t|i!<g6?Pn26aI#dfjuf(LbDjYI~@ra~lXw6jIxsTIFR
z!@Eluh@q(wmqmqmrB@sbdkwbUOg_$+&%>va9b53g3?|w<c)7wHdNuv&Qg$=sGH?Gb
zQ`vLqJSD}q*tG0g=%Q)lmZ-zhtT@5FVQFT>_8oN1vG49)zT{H19<Sz~cy6;%^S<11
z5!jyQUGG+&NQ<@1jGGJ5G|Qc<^=CU>eYTff2#8>yNEOWgfeX^Spss5d6_9cL_pzz&
zZe!Kg-!c`7nBaru;MI}PcO2$p!FCeySFvE-V`5FL@o!<2uP>+`cO<tGJTaKGwASJG
zDKMCnNCTeM%6uARR%jP<2KNZOT7zf8eU$iqpXRG#4E?bZ3Z{~xK2(J>2EFr&tX4BW
zw+#l<CCeOMArjS59N1bs1(VW)<2IZ{bC<(WIaf)fq|RX#8)lD#rI*zgG~fHYR;Kb1
z^#sk5(sd58Ysab?*k`^n!&Wxn_Z>jxV2GCbN_?#h?&mn7mq4TR>8)7mW#;cEPX{b_
z;&SdDFHt;&?i`q2ej|Osl@4iw#{fzwNyxaX$l*l)6()@(Q6<t~G6%y}*zcR~DcFHg
z+R)UUX?C+N+!5pU{11j5-h1vYz=;m5-llfq@rn}jC#H5N?2=MQsCK7wNICzzU<A>;
zHn8SMnYz+)U(Vg*<$b*ixCOS#s*E?hqWsvUc!WsCOSW;5Dmm9O&mG%26mA(GtXS%g
zG1vVJ+1~*Bd%l(Q#)68vxJ9mLdyd|VMBR7u_+;0i!Acwa@l(F`sj;`l=J(iqh2?=e
zZL72+4Ke9*Sq5A;B5GymnM-dR6RQn&eLan7m=t+3GpzWlpr4x@VeB50RrM|32g+EW
zo^_$U$gfx^JZGL`xW#DHOzp=0d6s&A)$f;%rIQ(vo&xp$<dQa{oY@W|t}Q`zrMAF<
zhR+TcvyqFM#AKFsfV;cKQX|L)kClA9$}p0cVdjA=I4Ua>MGfQZ)nLwB79riWIEq@T
z4Q)n!)61RGLG#B~tK*deZpvN3QT=%nw9vAH^-c@4)cBC)`lGu-(ZyMgNmlWKmmwca
z<r5M;0=a$Lb|9>p3=4MK7WXTfbkWR{6<WDNbCkgcd`@G>)1}8%@3bgkfj$!WWCY=3
zTx>;Q6L*KzAIqB$`QpL2@Qw9Q5%h>1@ku#aJ-($v)QiXV<~V&0weaH=Hx<d+4R|z5
zYGtjz{0o%KQ?gPq)zipgwA=c2w29xNVk3+?-iS%5A&^^-a*l6N4>Wp4gMZ|=Z{HqZ
zuVSgL{J^Dn{jn1gu>6R|12x4@EzuDTI56UF1kyOE!9Tm+<(Mueasw;9*cgU4v-}3w
zw8KE!=NM41Q{tR_TjYIvVL{W`9QBlfDUW#Z_}<LmmVtpCv0zz!;$q#vHZNpZP_WWx
zJR%4y(VceGCWK!mV<DH<8(pZUKPGBV!KYY5%rF%OKF09%&x&dld~s@n7W}ZWGw0zi
zhHyBnJ9Ef1oyjnmN__5S-)EINA@60ZJ!V)1E^_M5>FSSWO^(vHmO6vf(4E0#E$<)Q
zw+6TAhX)_S7b?<;QG77_M_^BTkkJv>mO`bJTc715`e`F*gXN0y1D3!0EmIuV+IUE7
z@n3&ce^;Nx=2ST{**LcN0kI8i{0pZ-gfS*frl=9MS*6@N;5@IejU2BSTp~IRJSBS(
z2Ce4wMz@y5yKQ(Ny&#G@&%@1nD97|`tzXS>+MqfHQ}y}T<LX<2B@E>HOcOmk$KFLP
zw{*}IS$~OYiLhf7M=nP78h!B5fH8E1_{XOEoartH|HEgdJ+D{{)>BwGtRLy^lNqK~
zZm;~XSzWDm1=czq+b2^j6owE+$<YSK8jiMsDDxteCHp?w%bUkl0s})6%)vAXO`5hv
zAduI2&rO3#9XQ7Fk<3o>_L~t?xldNgOc41VXNY-U&Pky@VLm=#^3Of5jv3h7-^490
z6S}xrm1{}cVp){$yz&)^tiJ$O)4)g9gP-_V^+tGuT$js!SF-qy*Nvr6YANnxx^iB<
zHfWi}01sF&!+pzXAo_LrhzT4;CGyu1iWHo3i|fG@Oy|g~j;kgfUi(<8cc7AR1TX^6
z*Q!s*1#!n42Nu$1s}B0>95@H2E+>h+e0EGjsLpGGp+es^_-75y+<&7scq4)3Q#QU)
zTl~Jj&F`nn(8Cq+3rj1f!J^mTxVWI%_4`CsBoc=yn6jL+Yo)X2d$@KRwJ!qiI5>iz
z_$2FP$*^3X%YJf$jARJgaXE8i%m*#MiFt>YQ#=5RD@s7JUt1!4J3ovjok6BKIJ^c0
zk;=|7>YI{ezmG<xc-8CeGA^r1c90=^CkqH5$Qh3#g{jofp68&<Uj_wq(LyI58co&H
z<I7z~2CV6qa>8?*w{C#n4;-rX?-daWSBzPykcsEDbRUTVdYY=Uh%j+SORcVRzW8M<
zz1)jrzkoTe81u9C@dXHDERZr~5qm}9vCDg@URzS4vMdtW1+p4Zq!4JqM^2G8n-YcI
zJgKTEu<8L|?W4C0x`A3<{^G^5hbB!W!(yD5u&_9Z1Djg@ZuU0lgor&Un0ie7S<Hk{
zsj?R7cLY4Yn`hPFgY|(WIHokn#07I6H>Ff8(y>&fmit-;Ko7*@7(Wvvro3Z>odLIW
zdPOB^p$vT5lO#osLBsRU?+6A*ea1hZ3CCc1iQ0#@B8k^si+f2pI4b0Z$?*{`K_lSh
zD!N|<BUr_UPn}W}?tw(!=|zG-KDi=w{NY(tKaKR#<*QevvOb_HRE;CP&jNA7#~$Fi
zqfv*`g*PY^c||#|QYyH6UIrU4b$sK`>v=N6zP}R+AOq4%g3)&o00p}McBsF$X-^9!
zcE&3z<mQPvx}w(uN#ih^0{8O_kt-|UNth*08=PQ>$@Gt!3`WT6A~xuKQY#ZZAg}3;
z_NiaRgZyZWGkmZabL4TfcAE~!OPWLGTg3GxrF%AIXyEx@F8!Pm()mnFdk9XSoA{Js
z%E_=v{2<`(a*n}Aw*Qm9qa&b9=SvQ*R}@Q0T;U#?Us2`($1iD_7LoN#Py-A5->ATm
zRa_J5{5@eq^O`vw5UB8KV6>@aYD!Wm6GT;&aW>Z{HBUOZkNm$g<o}E0BYvC$PADqp
z$;y@q$I=^SnC!d+d@K-b+2fO2rVRx8=$+u}6<p*;o5gMW&NcXp?hvBm0N@7^kj868
z%*eo6nG~FLm%N|b+5u!Caa;uy`M`c=!eYbk-@srppgr|v36s|AP92Q-z@6hrN2yNi
zzXR6PvQk_rZP6_-^KQp4E10ycX*+|EfdW(zy!^-%z?b~RHu7Vp4N2l|J%9smnjtu#
zJV@6>ka#b4#!AF_uQ=6<BrPoO!!pjX5R{RK#s|Com6losB>%Xdldc1s9^pN3m%(I;
z>3L4UbWP%ftZzdjT+&L~;|3#)^3rwu(&ipard2aOnCYp0;~QyV=QK}v+mFPg<Oz}s
zgW?hrp;>1M2-36I*itGh)(E9#Chy)-pzxsVZMq2Bl<^K(Hw8RH2g)8(15L?31)Bi!
ze0<WEUV`K)EfcOy074|9Pi7U9b{)Sp7RZO;5<F8(f-|kb|Hetj$Bhy2FG7WGns3Yz
zci<m6o@qo7f-RP2moNeFLy63xf(lG+qyo+Wre=r9gvbkKh6#tBu##o$sb#_%{6~<N
zJiD$H4Sa-3;4jw-tXJx!WJtgmTNdY&aj;;IGWx!(VbUg<LOMEKD`OE56&T$^`w#j_
z!Sq&}N`4y)_PvaR2%gj+lQNNVyic8&il&b&zDf4^EEeoKd-kZ^&uIjLP31bVsWZ5c
z0VQdbK)dq=AMDQUOdFnk>hNBvf7uw|@XA+-Zwb@}EEE1cR@9O*Ee}$O<DW);RLqZ<
z{^ei+9EUM1L5Ni{^mtUIss?lYXyrr74seD@m0B95ATES66mBdLhTb?HiZbHCwJP~?
zUotKL#}bZdu!SBj82P}uel!?7IOzC;6A>67%ROm%7TB<f*4)5lC34>v5`q7)gQR2B
z?&Kdc(7mEaXG&OHuEHM%L`mXHy*(aD<bj9#@r10v91^f`KIEJKlb4uxfPnc+vd~Az
z;m>Ob(5G<-KY^mm1}O!F{5)66@(m<)_=G_wK2JwkLW1u)9Qd*8{hQoNEKUpF1JP%r
zFSDjeaNqDd(bqS=1?1mikK;t{6(wmgI9m%sz;*VUpN^wlE^M$!nr=@6AmU6RutX^Y
zvb!Rx<trSK!usa8DxrB90^8}7HL`wp0W7h!>Kx?pl|+<|^Bh8yLAd8i!np$tj6VPd
z)<=q(N}iaXEgtY7@)_t&;wWk*pN*p+{r|me4KpI00JiPdhr{ocOe$KuC-T5ebqH-3
z^<7^9$Sd3^?sjIMSJWpySU@zh{s$GVoa3J0w2BB6WIN6o^m*6H^naK6GV6viNV;!r
zub&nc)cxi}Y+!?odV=4l0;K3Ek@MhEA=_J!dL*8>u=qT<kXR720u(w^o`DM?^@usC
z9y&ma8$YpGM+1y#+BtFxfGxsII=bVek<Zj%-^*X&FkS@WmmAovZ4yrY_SOhUJB2v)
z_=YBy1GgWudv-<*04A-{O$hmjno6JCDO_+bW13f!DA=j64gRI~r2jZKpt=afI#9E{
zx$W!gtGtVElBH#Zo9e7-$~wfcFgf`%ua?}XA~;eT<&$b710-w9jIVPGOeUuIRc%uU
z*n<D8g`cosrarT+U+;EazJFX1Jq1}ofG|m8EgOUcHuwnR$TVM{ls!>mgN)1@uV#R<
zl!}Ni{tw)!8S_t3$)6CF7L>kFcL*8+|COofk9)LGyAum-R{{&wBE)};11+@V)lb8u
zIboO#Pywe|k)aQOnNTN4UEA72O4FhgwYYtmomaMY3t&*0VkJkJdYyY|<*WV~Qvvfe
zxYV^G@8jTG5{!1co0M7&INTRsE$;)XZH}v?;^OU+s{DeKI0m7!ZUEi+4XNkAPQfU$
zv0>eGfwlfV&3{WFKqO77r+s@H3nu;1(SPR1tK~8Nt=s^Fg0N5$4+I95bcHs#&x@oU
zj!PBx<UdZdee6@uIN$LEiVp&mzxn;OBiDh(B6Zv=KZWqUaNzw%pc)hYe4e=H$N}o;
zj+{uPE<%9hmKfx4Z*zitEbB*mNSdq^Q&O@0IsFx=98|>%W#F3W(qMh#ZyP51f&?BL
zwhrA@Jx70RNHmNd$cjyiMfytsgelz$T|rzuQl@7oVlq`ah+W4*2HBXHTd!d&P{fp5
zCyg`{T+B9p`D-8)Uo8GLzJPmwcc+k%{zH5TSPs2tT3ZPD@5KMH|Nb8Z4hVeweWA5q
zx1LOhGAAeBXrusLu1r4PXT|JQPdYofOjmQTHda>)C=>ufy15H9jd&BD*<#9Omn>-{
zdOXIWVYEQo8QqGqgyNKi3ng4r(chMg)n_{8MhWc+(`f-QEw#KY(UKZmYXGi|*5e6F
z(h82kzY%xg#I>i{E`mKX<o2nA;Ct!3Gs?g+w?SrJ2Xd`KCtR!XHIOj<<)xib<IL+v
zn4sk(CXj&~j}%+TWytaL0#6O1tkOStJc?tU`Y1wEpO|4eSUELGSFOQyuo@|_8c5J-
zCp9Vx2wIedV-oTf9+0;f4N1#dk5r6_O6B-qG3M@0(K`m%d@ml4?*8;Q|L0+V>$)3f
z{~y34<OL1c{ks3|P=QDzMKPnjfJhCYsOQ!3!JE~{oOC*X_IR)oOpJy?(Dc~_4&V$2
zpb!L7-tO=t7kxIo_UqSI+n<=+A42WV(qTvKq9(>ldwX{RfxUwA?TOfyj~}0at}0D)
zz-89v=4jTIuK11Opr8i%pN4tX8<@^nVfs>!bD+G>Ion79f(6hGn!pc2=LHiNu`R3C
z)mDcl`8gdZw5_U2xOV4?S}JDqVx<=y4O(AwO?YCSyBh^Vn9L}qzqa-3x2oA!GEvpz
zI^0`rnbkYoQDGlF*mxJ)r69l;(Q7_#B(NLJwKJ96V)1U6xY==`d@`nLV}QOaQ1oYh
zhNBCBk<ZBcZ>vCw9qD)>*RPKx8nGq<rF*w)plgLu)T?C{EkWtVraHR6IXe2<c_KQq
z*it=+Z$rawrICj7%EZC$BBxn?m7@qk^&&BY*5h6c{XiVnp3SW6JeEPL8n>>jws^k5
zD~PEiajyu&rl%w@W7uj;A6wIVjz4Ch1_A<3sYz@+saI4Q?<b2nH&iM|y^KXPR~R$Q
z&x}1N01adR=29Jjd;4qqPAPoVgGG-+vo!g*fshd?VKq;q1h)+-M4!EFv&Qa_^JLt_
z<u<r@!B$Z#cecS|9N)&*4;k-dvd3q#^EsGYzn#%G(C7K-!7=GT4J9dw3(C)J-63zV
zdWEdB_bB<xz~8+5wXN*~0&=!5=Kv6OUVFRUNU+o#O)mBaxXq$YYzSmadtT$Z-K59i
zOX*&gFw{|ja6&EzTA6>{1Z{UVp1A@M5k$mA3g;g$L0u^$C>Mii=2PLIWhMJu1!$OG
zUT5jtV(dzjV^vO*orX8Rdgc@Mvu`3u2?0_{4lRN#Sybw&=W$ow03g_4>O~@FCK?<i
zujS)*Uhsh;w&RGik=^nql5}~iFgXrp&S86Hg#(r~KXv4L9rx|=r&k3WP=so1)&BL)
zHYC^zL?1howUfkZ+Bm*Gz_bG`)O3#QzBcumot^=`HF4$XKk((<XyCI9Y)kn8W}An}
zqMkAXUk^b7K{4#LDSryD<tRwiCV(xxO&IE}Fr4kT?~)_mxL+WoAGbEP(k?;}{ox!>
zv+LpRs6tjgx?jz9ixnBZ?CTO*RN=wSY&r+MWb%VRZ;m^EgscJ;paqdyvT05rs+2hX
zhG)F|@QlgE)_b+v_9g`mrFxbatepL~7o2KhrOlkE&CW)jqI4}-baDPHcc=z)9*?{;
zvz#0+u&@%{=30+jbX&9w`?G@24nnnTYZLJADUOREcy>sb=_9-AA3lQ8C~4s06*avS
zT)$tOC>skh%h2QWnPb!`YX^Pm7<^W=5}tKik<^{L-@26**nO|qN@h(69B#My=vSw(
zy#0xBYHvcd7pbpPCCayea~uX*qsdzjDru5O4q5S`SLH$l{biqz`H#S}<DEvFC-AM{
zJ|2>*=>q$W=9TlM_|rbGmy!tFKEH;4f03z-T&S3Bj?}h{me$Aqqd+pX%%YhO>7-UQ
zz%7uwJ1PLVT{}<4RvIhhsJEV_9u0g!U#49joYrH1R!`YPlYZxF;<AciTYTJOO`sHE
znXmWhsEanNIQJWA64;!EY<xSyI{-(+RH+v*2Zk3OdT)ya>kPZ^&KvHmP1o(+e1>h$
zkP#>@F5X;EZe<S0B>mR)9Lkh#YaKthyOQ-Q7B~isZzRv=J{N1KS*+e|h9vWN$&_y*
z-7Ct!BG3Qcsh}4CT@f(=JSTQWeRT`kWf_1SKv6gI8Wh%cgi)a~jLbaq#mXYOJeMDH
zn#Ihpw%+@21+Y2r4a#u)bnF5<x|;>|z7deu$KB`0-^%tfC*a?Dz-rce$EgqHf~_*-
zisxu-IvJs+Mc0@gi&Ai#QEr?QK0sILeOJAn`#8&}Qm%-vYJxrgZFb{qgTR4J5twRk
zm;J#^zkU?u9_rM@8-K<^@E*{!ZPXpf7<t6PQ27KV<(42{4aV8qt3?U>=7XG5h##|Y
zi>~SAJ2Tm{4TC^PgJd;E2YcIwU;|l$fot3+wL)~oHsjK~R@AfFfEXkuuekRBYs{nb
zS<8lY!2_@Dfxc=(Hng?T!-LId4ZTF4U0Utp^<mpz)MKhPM=EnQ%etFp2S*P|x0i!G
z%=2mvcAl9|ebu%oQDwPQ;r-m1IM9D>cl40Iv7(;L>=kPpZ<qPoPsEKCXKN1D^J9bE
z=JfF=lLUitUXK_=>8=ooPyk>10Cm)Zwd;r(fLq^aEZ?b{z7|ONjUkDRNk+SdX3tHN
z2?k7KxxS7N;6zYbpkjRitW)s%63}>RzPo#L!C+rDKTsZ66E-iI^b`qJNeTNS$c=L@
z?>AM_o?njNM5ddxox0k$Sd|!mk7uDQ85q60KI~v6ij!f1z++2<(7qs=v1+aJhxlmT
z?E2PNutMO=WT6+EqaGfdGTMs{s|W8%stX=cVpG9(2l_ZtIAu-;GOYqz=fO2*8*Cd+
z^NQLZ5ddP2?YPJ890_T6W6Ai0+Zg%iE3CdDw#|J7j~!*Zt#7`ZvUT$lHlsCbsZ8wL
z>YSe^ES*LZTo%g3_3@_>%|%zNYthBM3e~#YYvv4?Sk-lG#P&ldw?9h+c-!toBN}C3
zk1WA3I~<2Cz(UM}xF$#iq8%V1Dgn3Llw$4(U_s9uK&-$?=R~IHV4a^LLC0q4zF4QX
z_Pn9kq-*a7YG*81ApXa?m8rwUTxNYBs^@b>ZT#X@x&ykU{f4nA5+5OWfXYj%^+$A1
zEuR}c`%Y``@~bbWkwc&WEVW3ye%_X3eNM401?le|%s;Ey#xgcGmZ@u5_6?^9ppEp-
znB4HI@cT^RAgpI=MzFlg^z9rR*(gPAaM?}V^x|F@HF4@#8=Xw>aKB4s7(9LoMl^IE
zCB~N?gRNU!gLt^jmpNzS4Ap6F#iA9F$(0i8xmH8vfQ8?o_*$Ug6pnVp;dhdnS3?C8
zTrU&$e$W`U@ok!a&T8PA(<fP|*S0MGWPB&O{f#}J^qXZ~6;5nJ;ozrivwRoukW)6n
z%JN*)TeM-?1jFVa9vnJ`$;Q|E*IV^J^u21k*(-TTQ5(!EIBm*?#N#qKIcuy%X>`IB
zox|Zp_r9g)3YB%_SMS;D67`IUq2ra5Q<f?7t<eS{il>&Dbva4&T;GN&H*tda@}nb5
z<&lLLx)2}tk5ftE3iCN=@jC19u97}jEP}0xLT2o(tgP%~`D+WOV2-11n<;q*`i2|u
zg>3KOidM~|+C4Er9=$J}GQ8WEMVH_x5dEIsxKSrc_*ZXMEvC*4wNh2`EF$eb;J>XW
zDxb;9R%$4w2hQE>!xl}&h2B>rNt!R&CIUJyowX(ze&SpI{WLagXdl1`yNTxL^;iV9
za}f6ot=(FO#NeGqGawBXMy+C6+yP_PFrdL*;=%90=N#;h9%46i->1OV0fEh6Z1l6)
zAdr}0^-4tkltq)+SnE-A9iL4x5{veVazc(>z17_%5q!bq4v|v_stJ)J6TC*Nn4H+j
z<gqPN)XdUU)*rfwP?@S)bh8qvps-M8$_K=$YbA2Q5{+$F$t5nciKzB|<w)9)zFJ)R
z#wNUbP;x$-g^jo!@_WfPp2F)Jn?_eb9C~#Y6n>)5<_^JwuwZ0z(o)k7K&xPE(p|S$
zyYz;nxh~^Dot+&~s%{x!)tZ$r^yCPIt@M;=EyLzl-)Lw!53Sr+W63)m!uDp=Yq%rw
zVAy1m4l~`Enf6X%!G}|ZJy(OpImZvT8U)A?H;VC)wCyRipSfpq#)w~T^IM@l@d+BM
zB?IW4Grq+_qGK&&ElYxZg$-_2G!DVhgE4iM3Sb|D)pbm)OK&I`vXXV}`KCHDderrX
zZ?Pk@IQ?<>di7Ng&;q{XpojPAIt@SDKLCTpK#m`OnnQ@sZ0+=GO1371O136gnQ1jZ
zbT_Lk=a!F*<^1V0!0Nvmv@7F+Z0Z}x6rtqoXB3kbOsI;rtT36GP^Sqo3K<>?;>mkx
zJ=CM7%`m<F(C9)TX^e$Lu;Z4#o^h=<e)xbX*CKM24DoRfSeNmu%V}UZpEOh15MI`6
zUw6VU!#g}1W-NY?XL7a!%A096kt^SHN>~5}|H2z)N48%1N*PTr66|oc?66AX*Wm#8
z56hYER@J*MH#l^BrJteeGR4I|>pJ(gA?Bh2@7srcIko<IcKEM`?!ddP?-Bx?_mYB|
zl#TsI0oes;JE)xhu@rg1v4kg<bFuh^*|1Zy`8DnzZU|Cl$oT_^Sn~vfbVk>Dqu*#(
z(`Pmbt%Ia`3ES?+ONq1<BS5oa-FsKFpZl;rxx3XXLa}OJGjMO1dw%)Nm@&5jAM6L?
zO!*sTdEqLaa0Nd0_=B}{&SJ6ncos{p4L41%C`B&dO;XDN@-bH(aPR3JI*`>ugv(W>
z0vuGX)4=on`3<FDCxbw%uuJg!D09H1X;vkUJ~CebSqov9klnf-vs;?;GtP-&#vGsX
z(hl8*XJLKTd3fiaPzWgH<JW9HtuKdn#g24a2jpO_YizeVRV$C~fuCK*)~Zg8cu3>h
zkB0@{RRTxbA<LT-PpGLsFy+b?<nLjLN8vgxqi4ElAGVj|DXF$}O+_%HPqNqZb4;n$
zc)9;fUPIlUjm8kK=Hext)l+o*TPUBFJ`kXDbjdn<wCm&Oq=E&89r|?fw}rh(0_l_c
z-)kH#W91C!dl)}C&C2}+Rk7W(BR~TXq{Y|S+NR{-*6g@O#oR#-sD!Nqs(oJkgz&z~
z5d(PuoKym#y?U#~X6RpOOx2;cKcjA`w7-AN_sS!-2U(RF4SopIAG&OUxjYn~9S1Fp
z4wifcQXC0DIZa=*=yUPv^Ot<a{az#yF3rphui9KESWEF5v(qTlJgJMH3<$GQPhTjM
zk7NNYIB~5msa^j8S#;8MKfpU=-*1VYoqTN<wA?^4;BmM=7*nwgxZGA{YV5D_N5gIr
z!SA=lIOa_^UwnuOGOxQYKn1~okiFC{3(#ExSVn&q+gY@O3qcY*iVfgG%}wRGoyiMi
zkJW>fo}|6!gA!Z{m$`40*EKyl{9)a9^=0qs$G$jN3{pf<6D2lk%LdfSL|SEVzQmA@
ziEGql!!N3@nYO0`*01T_&EG<dy~bv+4W-CwK6htHW4LvKz1I;PV+x3~Uvz~*T1DZ~
zoKyJawk5~Ua@_Iq_j(Pl?@?>qL|TCX^y5m@5y+cY_6UF{G^Q&6nMo{2fH@*SHon1X
z6z8CJo59|0(DX{+%a<=7<Dt5}Ds(yos}XDsx;WRC-mK!TV|B27MqoAQvMtR5a4~m_
zT8IQ&k6ZW4S!6~KLT4_~=iC=nUB1GbzLR{5&UJeO3vJRw&0h__Z*7%1Pp~FL5BS&0
z`1xD{Xe3b|9UE3G8~r|6{OXO3Z@?R0XOH>Sq$)Zh4qzP-2MV#P_vfu*F$s7JuKDnM
z&ch%lTYXO%mE7Z5l+@t5Myt%}U+=r@!g*F2Ma|ao4nuBp#Kmg=C7=&XP<K6=WhSjG
zCVSpDVYZ>=h!S&vkZ&M`ld|WHwl_A~L{CCrRL+4i1q7dM!veg$bJND;=TW)FU(B%W
z_Lz-MBjJiUP@Cr}RE`!Y;~zb0P5;?Z<bW#pKilVC=IDI4-U8d_Sd+CeBIu+lsa&jf
z`5?4_Ty1?Enfwf2hEUiiV`i0`D5Q~FJbq0Gu(xzX_(HmQM1AngwnsLrqhxpEa_(#=
z7>Xe_D@W&VmF)A2qr@V*=VZx5HPCC@%a{&c7+V|3u`aZ3tbxR!B*`}tVPjF!qjs>M
zn|~2L9TS2H^;lkjQjKiu8K`9BxcRI1xnA3(zZ%x@)~NNd^>7F^)E*a<L}ergNgJ}-
zzAN{cdxjvQJ)f)@6vGf}RqZTd^$b8x8r(Iu!TezhA0jv|wi+A520rId2v!bMJ_5GW
zm+~AG2QDNxR8(j_0w96gEG<`tvHT`(Et`wIWRXF+auSqgiF*k<ZFdB_KOR|n##tuC
z=L`tSGyzwzfDYaTvG_F!XbMWsFZ}9h&OoUl-i4!{F59JcxqV`7^Nx^7$Sp_nyH)f*
z@WCf5HE~P^l=Sjz!*Zvw&GX8><E@59AwRbCuI~!rA@Asv-Cf?GoZSHsJ`78}`$oMk
z5!)_E!542itnm}UO*pbc^(1+KBiMb`yI6C0@c7EBVE46T{Mh~IV*7)b&VF6~gXQ4Z
zVAmfvER_^SfMjuRoPuCMXstgfR9w)7I>06Gep6Rah5t#1DkeVNB542hq3`8D2OEIq
z)6XR?!xqZM&Os<9rE@=`&3&V&F)_muk!|yE2<bdZpo9{e+{;vO`{KIwfl@xM8Yd)<
z!y<-jJX~36I>vM`;TvtlwMjn;uGI$l`wFpd-@et6m~udUBF++w^S-+92Eo6#^kKar
zP`K!3)z&8_4!kQHh-*uoX7_`9(J;bPADFvdcUF36A71A`)5Q+;Wy~OI61%YT9veB7
zDuo<TB?Qg9>{_`RkRa`mH|WOCLugD*^y#wIW*SDDl<a{_j*SUkcZRHR*lE<Q5$!EL
zIkzlnacvWHph$;*eoeAbWU%EGuNXE=Wl_CqMs)%N3x^q^A-dO;9(&8rgsdYpyUd(e
zyOgtPsp+v`!ncoF{PPeP*){YjI0ZBy_fOhTBn}L)G0sL0=pBN3?ax+y2sNnbc|X2I
z>QwqV2Z=Z<$~m1&?537I>1CL26D4wvD<x_2S!LDmrVlZ^W817Wp-Y}8m+q<e1(3_>
zck#}f4*~ocV5kPN60-Z`9NPBt#?28{ZnN5%<}<0QAThif(cAb1WFQ=N6VXP!PO8D#
z0260d=W!x#N(GaY``6Pc1;>Gmv{!CnhR-W1Z|m!2puic>3gR9qRRPLcX8A9k)Ieu#
z6LR3%v*uf|=i#_Ni5qMew@{}9jODqfQw%km`FH2^TfvVs=b=CV;^Le^4n1~@dU2h!
z^Q8nu|B6j2KrJJ#D`5$2;DAah*Y=OF7W7kB+O2bh&LXFfi0{GXzdj2fVSmnu^L4hI
zqT)AD;K&iM)bFZvc5C1ndDwbyETH>Z>8SheP0}#-ixFuRBX(_kfe6lR88wvHu5mM&
zE(w`udH)+PABVh!SDa*Q>OPYdO+)2&foVOCt0ueJBP+zob#QHb{v4QiMYX-fBFOL?
zA9O7=OO@WiU{do|ha5Q%<j8>-oPzdCIl)FUO#G86{~#;_;YK@%<PF+$gm`h$6`PM2
zCg}CHr9UtNjNjD4S-p(Us$U<_&EZy`9TiY&5=rTV8zJ!AizIH99=42Uw>=(JnXc#I
zF_W1d<8zKXqk6=j6BLv)oyY0*`mJgCI#WCY2AiaUH+A6Oo{CpR?LF}26Qo^wgVqSp
zmkE>--y8&GiH($WzcjW@lE5)raMmVf6?_OwNn_m1&~V~(#^!(-6DOT>J_Sof5RvGL
zOAR<u#2}?`RR9Hlk4y84z->wdzv22)r=T!&Hl+O}sJC-Jn%#|qIupXb7-eb%$eTrE
zKzSQD&Rz98B2Rb`W5i@mefMWNH({Ip>YU+cN!O*iQ(^rt3n}zFHCP7Ci{x1HUex2=
zw+hZdl4*<UH<vXf;=mXyrmiPPC+&&BX4nfsqP7!T0ka~WyH9RXV6ZOSQ6`{i@t7W@
zsm5v7)*q~ptjl&Rv-?EWTa{0z#WqJ(ucba?Au8^8P(hzp_QvD+<0{Sl2q6RGyWjhZ
zjA;0tEmZF=plnov5N6wFyh!w(KqZ1isLMOuoIAP+bx5#((`Qg!e{%LH9<Si-%^3->
zy3D<mxLZll->yLscjw~8i;eoiNfJsc6be=J)qCSioNHR7-L*~13Vac~hWakP8tIBl
zjh3?;>oI0|%%FyBG3eW|#W=dZ;G~Sn?2Exf=1a{cW<P?_(9qDrny}s6JU2s~oSC}6
zY{=qt+WafnzGiF^osj11<5stpzWWzIv`G6~0ROiR?YJ>PHO2N{yeS5JsIu|-h-ONa
z@99m7V7sxl^&F80`sovVDk9Z139g;43w8;t06Up~C^f_-s}$j!+g+%%x;qHOZeNJ7
z7Y}YP^QXWagpYkkIKmuyR2$0}lFVvzeMj<3dbJvFNX$rm558~_$UXr8sNO4JKgEUO
zk^VvX4L$MToY3TeSg_DEa~kjD1A>fr(S|E_0Y~i&P*^t)QwCgVr7K6}>Z_3dXs~yy
z0*4+XTPA-Q4)A~=FJn2Pj2cUzE+%X};Q}#4sdDPp##)zxLaIZ>8;KX)c4Ad{g_Z#h
zA~nF<MfX*2lt>X=@i0I4&V2pseZkLeYX<Lz9a*7*=CFDBsBb+t*TL2px$F?;?Zh=u
z3}};+#yATV=5FW4U6QMu4|XdALWoTOY0dnVv}7b+A>HYhJ>sU6*b3d4(u*ZJwvE(M
ziJwbFfcJ3jF@*49C+nvKDXGEv70~(VyW-G&zcH~jsm{`(x_#CI)Jtx*Z-yo8eH?OK
zZArQ#6_a;K*KBwGU4o|DdJpTWi4P_Ge!+y-DT=#I4DWQh_P;)dy4WEQuPsCF#Us<2
z8i`Q+10z>s#Z5)6os1F_HMUO-G6sOuFKSBm%iK!YK$;Atezr%_%82pguUrI0@W;qN
zsG5rVUN)NL6I2J6%8zY47?-L8pFc7*Uf9IQN)}$$EH;)jWDPzKC_+_@ne2*s9o2f7
z3GrF8baw==WEET`s6P1qu34?YI#SCp+F*c7#Sn)5mJNSrZ+kT?I?>)jE{>c1va%s?
zO>INL_(%PKPY|7tIZsvKHslHcLGmXR7VPK*jqd~Q>0iv${p)v)T3_E>df*bAF#^g)
znuKW4bLg4wCL%LXxtS^isyFv@_#gq-Af<Qx7mNcmLcn;t{FCw4u7?rRG5PsMu&nA%
zahJSI{e3Cw!k_j0zxQC?1N#VqShB!Az$u7sirK-(6XJhTzy-&#DLnRUil7cheNBhP
zb%c(1@NU6R&QALxsG3Y~63^uvV8OWUW)Vz4{M-)!e-?-zq6A<2Nw?g;0VUQnm{k?*
zy|Ril@$fgXAOARLu><wWc1ou!vhG3AlY6uunh(*>`TS|GXkG{B+ZW#%@y%))y1MeJ
zegl2DVc7(JzKD7}AQS*@_iqEEcef~Cn2|%J^3()vZUE6>J_YQ)<D#L&0F9yiX2#07
z(5yMAjNJ-~UMggN@C??907hQ3n{|LWVKBuFI+UaXEO+$|;Kyl`9f6`>3%XVS(ur8g
z{V9peFEFQJ2ScE$vZ;SGO#}sw(p_VDR&MUl*Y!(F)-(3PtXoezm3Vs8juRdL-!wB&
zMh&1Yh&KvY(LbH(`6&V~;ErPfO1Y7lQ_X8x*m%qE@#E#F&VzfHrbmk4DQE_Dz%AIG
zb3ux)`b+U6&mpJ$Zx@k0y>o(J{Rr|YbHvY;K?m&KLj5ndn2O0%GM&QNf6t!wI9U-L
z>pFDD51i*Jyg+A{e$gu#ju;o8U!LIq;Q>|16s8Z?I|Uu4prPLR3r$9^P9YzM+ybk+
zd16lAp%L~tp5MpBU}EkzGx+T$=VD@bW}ra}$fG2WPs|JNG)THI0?#Mm0l1x*E&1Eh
zA&vR_%m9hzsTyq!Xi<aHDbjytY12@jUO4CktyJ|q#8-LtoD`y=vqF58-u8AyQ(gKb
zHUZ^$-UI%eC>p>@=bcrN0wO7~X_WrS7q^?}23*<w0C1k}f6TfB?9Na6NB{=8PH<IK
zgn(IOwd0NVfpl$qLh8jY=>u9a2mypAP7P!P0lob<4mil0vWia9ky9W#a{ryD>VCB{
z-#&iB0CZ$p_5VxaJLov}!+jv{^s~_mUa2U7Mtp>M<a>HCRI2rNYjiOGaC%@zzo+m=
zrJ<uACs|RyonHV<bmo5|*8e;#z)lW!Y37JkH2H7jt!?!1?s{r^a8Lmd=%LeKnnfJ2
zLQbaNrVCA66`~;DE)jQj02Jio>}W9QKNGp%)+hn((Z8Gqkm(#t?WMQq1zf~T%#{;d
z@DOOXGMJ@vz}X$bx5IA$W52Scn&8)I6tzGIK>tM>ON@bR%dnD2mmUN38jY@u0^==&
zeA{nz29S09am)XKoDNbuz-@^OJaHC;8ZfDq8V%`?O5l^CXwH$KKzJ%YkqQ2_y@C!9
zQ;6H*zM&i-er3*wkDpR}Ew}#er+|TJw$>k~%O{5ZB;C^ZK^(CE&29n0$-C0NkZ5*)
z%|PME6NdU0BGx*d`AC;gD|5wZ>{m#g@rsg|q<+~Y_e!2y^yGO1U9e?uIEBLT08!_?
zB?1taSedvkLYz#+lSD%(V4q1uAC?8V@rNBg^`8OTJosN!;or{R{G0xQF#b>W0pd(1
z#Fs{k{a-NNElf~Pfq<T!5RmExpwU^yqUGy=ESKk0#U|jXG>Ssv0zEsbrr7>CdD2n=
zDhoshIsyW3<`9TmS)n3`fI4kq6IkRx7eV0ewzEbsaDLRGRljN+(7^#fQT|^X9DpXv
z47<X8;!t1&#1i|$E=6|<9F@Vd)4v8zSTRe$uaJ7w9E*&9+C|oNAVO7>7q+wDSoiTG
zSpdoaUSrZ2!|yJMN|6iVHRef4XP)<pQhG&xW*L(<kc)eI`B8I@CabXT_2cw+L8?Mv
zrlOXflAkWZUtj@NR}(Kp^R+0n`A6RN+HXAAf2X7UPQX1z#rn&y{2&AYsNDw-oV>r;
zC;$S`fR(YNc9#q-LtOI4lE?!A0fO0|hu9X~pe7YWeESa!*iEmf0aB(CgWfw3_bcTD
zJ(ukg5PcdiX5~wODbxO)8V#6@{w63Eh}oC|D8}Fb>OZjLKwSBYVhmRJ|Az1Uf5XN8
z7lz+Ys_$>)y?=`q5Y_kd>vF)00!pDYUf?ZA;RWS#&GCFZ3cWYmSeowWJA#j`7}}=M
zt`{NT>mC9$A;TV3b#{T>{<hoBI|_X3;pG4wLL4>2gY7ntn5Sn*Vgfk^Xty^5jCeoX
zso7h(KjQ|~D?r(WlWv!1bUR4Xs%rgBxBhv&p0+j6`ITe!IB;DBwcH+afcz}tdO@Gh
zA_$<t#|fZW>t-0G>u6$jD9<Xe)-Gb0U$r6a=mE+dCV<5DHPW|Y>HV3O2z8hV2dE(Y
z&{@B%`g9zm*O`5XASGY}1rO~@S*rcqdt;P`cLlcU2uwL|Bu_x}4^90*c5esWV&j+P
zKSE`i*ZcIWENk{1SMxpgn{tpVUnVZ)!=G~f2odq#RbhXd)n}<%h0x3gaQ?mP?%=4r
z`>6$xZA^?ac{uMc*-f^x=ey0Dg{?yshlv}M+mdeNR_CW6xL<K;u5BM`G`<6k#))ol
znE76MG`ratL`vPivvjaoGpYk}Ym2z|l%Szgy7KNz4wGOo@5*!Vc`K^T()79Aw_S?o
zD_-=F6hi&aJMV^U>kw0E%K*+xSz-ZbU-%$i;{~9tygDMKxbJi&aO8Sho(G&pYv?mw
z*jxH$0~2<-(~oKgS2lbF_L89bF+%ra3fG7)|Jt?H*wMXPT%#bT&z`43<-4!b+wCnk
z(Cp4?7+~WsR4($b?)260(>YDXIdMQqKx}D$?z<7wk(J1I-K(@U8}x{d#bv<aYQF;}
z(>N)Vfox)`89FNDa!lLx#;emVK2}h^yQP|sh=}I2vLS%!T2(CUiFtj$D1WaG;z}Ic
zT75%O^%=CR5=<n6Bid&+#d6FzBPDvi@PYPf^CbUfIijQ(q~rq7r{rAN<x(n{&4N7~
zS<8ho7>h0kRq#;~y2}pLc7S-Md<OW#)K#@;q)RC|yhD%J<*MR6&~*(Z7uhdS@`%fy
zIm+-sfkI${e01wsKd5i{^yHYL#Oewm_Lw*y-pZYw>>^9owbY^<ka;eq^ys6Wky~a^
zE^XEvx@ixG>{2hSK$Ncx&KJ6C?w}x8n*Fp2=DPf8LZ5Q?RX=FXwLpsSfC~%eeWy+o
zn{J5W6rd9NKqX9N=l_Sh_l|06+x|zTH$emu0Rao3s1T`9kfMlyh;)#asPwKvLg<2B
zK%{6Cq)YF;g=PVf-b-joCv*tCytVP@!E?{~-g|%V`^J0Y{o`=x&R%QJKIi((xn3z;
z6sO3`JsFwMV9<L;^^eq?$T8abB0xufv-Bxy>dN;7!_0~O30yF=I!qZa^0M4V`&%wG
z$btAT<*rrnfWnj?@aItfkji<+&qZF?eIBz9%m}IZb}k60)b&;ZWd$m}b~*58+6=fe
zH!{j`04Sq;J++?{1^}0NtKi^1#Oh%0JG-LsII~J$HYMy9z%rGM*n6&ro(G44fdhfU
z*iEc7DJ+q1!fN>W>9n(J&h7U=$u1NiNy}0PiOK-;QOyY|nAOGrGa)mT(-O!rpLad)
zLG7tggZ?$p3d}H>g>EtrmQK#uL0Cd1zEjC!y3t&xHD=;c!k;8^9#0usb>C0u_A6Jf
zJ_cA_Ka{QR=?jYNh?k46v;6s)Fo`BX^w(kmYVNE`SNk(YjHOSq)7u}dQ+>I0CKm!Z
zFsq;xXAM<&o7on5^^Izi4`Z6nkwOqIrce(6V5y14lih4j(W|Df0bD#}V=lD>hOwBx
zg|JrDF?;~MNjGx(7;p#n+HG>O{&y^JQE03OIGMsNN@~MZ*_l6azt8Ahs1HTLH`&b}
za>1NG&ku)+n7`1w^@t_VbBl|L3v+XGe+&|we7-d<Us?ZrqhWphSY<B9$CxD3i3RnJ
zcP^MBP+!!2uv`N5x*~j*s^*|PHXfJ+$f3zGC}w7o!DtIWsW$ej7gh$Gyo^A{QWIS;
zFIM_Xi4`6Yb50Q32h{<ze^5i~E(qJhbjIUBGoTm;If!^(luFl3a#I|*AiYp4Qo~>H
zQDc6qbZmBZQYQnnb$EN7Sp7CWCwv~Z2f{^{>>!0NTh*7s^6=$8lvZs>U(vJQ0Ybx=
z3mjIx$8UpUZF5i@wTlU7Df;HQwGh#NlQ{cv-w9`#S+9LOc+r)iwBl*~hIl>O4H87#
zaXGJt;K1zsYJA#=h<UvzR8QMnom?ZavOmz-6zLpdHY1kqtRj5y{uX;8+mlv~%VcX-
z?WF660*cf72z1-vT=QnV%=X6G!hp*|In!?W8QZfTxd-LNlhP~k7Q?sv<8}RvBlV>1
zz$~hv5;Klw<BKqlIUhf+<*(TV#@9}6JC&{XYLzS;J|3)Ko8q9+D=O0b<%{Ay!}Ava
z>WX$sLsgU2jTpzq&8^yPKb6~&=BFxl+VVlV+wf@tst()yO#+3h{RTnj0iX5j15$Re
z4$Ws&C0M2GhL@uoubl$#o(c4dT<&pbFe$FIZXA??m=UC4gjg=>;2j-4h<_1k#?mYs
zJ+YP+A>fA$$Q{#fk}WFILAj5aU(ePtav6`U7R1};8_k-_aS$DntTm^i!YQqM0P5nA
znT<`#@IX;-&La;>)6^`nvFxwzpe!5O*>%xkVQ*TpgW3#L-S_uv#U;f#b@roZ>4==N
zvay9B0F+TR>up*$mtJ^#B_aylgsdl?Px!pKs>v0GrF`@%)gw>rWr2s;VpojN)vVWc
z?@+aN>AVK%XhPGpdAhXbqDX@LV2lN$gAoU)=;#VBgpe-iJBA%bciyUAZ`@wgOV5<p
zh%gA%wLL2&6yUZswxB0NShLY)6j<y^YM^XWk?~(EiJ7@0QOc#7Y3$u;oWH&v-IZ(Y
zpNL>v(`&kkTdUPx<*>)y)iBq4$d#WJp|0xM-QsIT)e`NF>K%{p(3v-M&12ZIE-s4@
zt$g#<b16F_Y@?;T6%w{ONR{4?26|A6o_-s~pj*{(?kYgJD$KJbEVLDXZe>IJ_%KIl
zFa*s+*yr_yc-4sT!~NkWyjV|HSnr4WaUWU{{gpr}!@<Igxup}MSl6}u8O?#o^rGzL
zv0Rf^kxGX3Y(+;tAw9FC{Czw=!VVl0?UgaGG9sJmhT*#-WuL_rv|&dYqZPauB*r3J
zvF3h8x6MtOZf33>OJZ~FiS0tBqAs|K3``G}LXITDjYc<w*m&d<R5z{@syZB0^N~vx
z*#jL7o{-YC30Y6_;t|V@EiKQ}7afbQv}pq4db;EA@}AY30Js!>UNN2WOY3<;Ts87Q
zaHANbm5g6Ql(ihPAorn}*u?wIO^Hqv{(6xe0DSkGynESL{t@O}tsH25eaez``LRAx
z>%QEeYJpF`YqC*31Rf@izcZjX(i3q@iZ3oyk>YVHgMQya_;M?EP&TS{g{er|bIu3Z
z`Mx#TJ9epPU!7H}ior_uvjU1_-3O!;`ubt{y{cqs6LDHTGJ_%b`YAW*F5}|#BBezc
z$(|{fbXng@kEZX46BEvHp<jFii%xcpY^heT6PH|ePVi356yMFGA}r}Q-<3#ID2^y$
z?~rd%vJQwkBgUIwISVk2<%tG1netX}io2qO0IvOX0&6yH$4#a^P9ZI$8YnqGZlAYb
zUY5_c)~(WQREo%-mhHNl@8i)f_9dH?dHOrTm0fg6L1s-I-x2P5VZF4aU)9BT6#@hc
z<NG0<dcT~oEmcu(63d?_=Adn{TDHAjHni{LRvsF!v<|0B6UC2U>%hbfT7c7O9f=mp
zRp_}AXta4GlU}x{iaxdwPn7<xb^JXr(_GFbc2iG4n=`+O&ON#UxNVs4+--ZC9#Yit
zIozleY@GidFf8rx#53z1HtvNI;N&{6%%lie-eaEHzfuVgA!9gqqzma8tF`P=oIvGg
z$ABVB486AbNY!Uc!v!F`x@{^q=gYup3=guXcRpAh-lykzv5h_;4v#Lw5cmu|g>rmK
z4-wpQ9Vc%2$Bvs5WA%K#IunzTVT)+BeI(0#tH3^qP3&*AX{rk+cGRlV9&^l2SiUdW
z^3+9VEIoKFFzH@Oa<>`@H}PSnPxr-={XG|iHMx4VRw@q3%r;xD<L5U!QqavR*r{ix
z%S|zNAeiWs)x=|c_;p(JiqCp>>$A`_>)aAzbBv5$#Tlax{l$gIs(~C)I^5VuwL7`W
zD$8u6U%WTjnsQF@iWk<d`@_D1r22`e=&lcr3nmS^!^^_6-@{eI8&1H>+|vi@UHjJ&
zG2z_Pqh9N8V@Z-(p0<7O+vqkP(<V7cys2@dic6tNEnQ;SA(q2DA7_^ydmS=e_P|9F
zF2TPQ2@?AR(+X9xU+XWE!6xXVNaAd7>N>X?%Xi?sIVLjW<g40d_<E_`XI%T0Dau)>
zHD(S`ylg|Gn<C56YHMguB-nR?lb__tyooq2!3m0ZgywYNJC}*X#G7u})~XlnHdFM{
z8*|MY>O7|wmxJhW1y!1jie+*KEOKR*X_@eP9~KKE?+2#Itgjob7q>`Tmjt1kJ?gwq
z*X3Cv50V!_<p{gQH76wGaMJ+RA4*1Fl4+!HV7kB&dZ1vwUVI#a8NwCyaNMAvb$pNn
z%K>H_Go_MTI#5_aHhed}b#dFp!as`RGXxGLda)4Yd%|3_;FoBrJInZrft<j$moO3y
zVd!rD!f!2D3-?t!u|0{UofEJp`t!bX(QZ>NV{{2qucBd{YfLkJHvJ%b8?m)_4P^+s
zP(%dHA41ODYZ21sP>Q$4s!xn=!uDKeMbUeH<mgkA3E!ek;V>>9+s_c&#YOei6+*k#
zRo5kW%j+KyZE0<vHa005*V?zYxBy~yKUae%D&4@=!BxQ0X!Kiqf2!(O+!eT55g$s^
z0l;;6JySdC4B&Q<c?zofsKwnon_RyYJ+6i-v2H?^qKvF90cycmi8jtc-5oVOjjSb}
z^o}#lgUi_s#D?ZIHiXbKCE9F{-jGQy+OlN?6vd)FxwNYqzh8InNy&fb8Fuo1d}PLE
ziu%62?jv1&5=Du*{`%;_!$}VD9U5?=#d0?M048(vdk7(0-B^3o$MwbZ%${Kf^UKZj
zB_7BzA%)@u1%JCSR2~1Dl+R0dnvXwOTh&yn6Lh((Na7?AwKlZr9>9VLC{Clt6Rusf
z-n?5b-JCQfp|CEgbaAhrtFig;_(*s5=vWzgVZ9m*yctz1E4FDk=6+>jIfUazOW`yC
zk5?mSi3x4bPK4js-V~&BqFud?Pt>~;+a=!r2u0ovRVL7%DUZv56No8*7o^K(m$&*t
z!rxAh%aP#q^NHpVbGmDPQ?BIffdft1U1)&1COK3*M1w0p9^2$_aXsAoDIwp-?qHi{
zCBs94=V}Lrt%}<d*DJ7W-3M###f;I#+U?0nz&>;}zIi$c){zISy^5Z(+{)-C)T^-d
z1}mi_nLfdlHa(%=2ik*9c%Ak1>^(eQ+0>VTCtO4(w27nDbv@x@w_8|zGrbB^WEG01
z?ER<8il*L&W;J$-PRHmMU4(F3VTUVAxL!pHc`hDOwivHeF(w^%%ROlkH}JN2?D6H^
z1tQkExAsf@(i@9|n7irOjX5Q!KGMG_@?u@?!Q0YNU~FbpN;*XSaAgIfJ%n<f60Tlh
z19#~{=P6e>^-DOIvf{a@M{uHWig$6cKMA}I(Gh9XfliCHoA~BQnY%VAaB4Q1!&Pd+
z3QH$gP(Bovs$#71sM5V@`J7a@l}x&AdDrUz;9+zIK8G>%O;wxu+ap=-XOy5852bA-
zM1Ho-N2g1<+HALN_E;=02XSC%+(*W;RgB#%)ftrr0}5qMPv^c54-`*NH9j%bdZwV+
zCR89ums|p3;Pv4(R~bm>(}B)I^&p6W`*35Fg4RuS8QYKA`pT`!0QUJzK{8&dOS;%z
zWP}Ena5~>kEoWsNKRBi>bzqUAbMy9y$1P1xPXK;-?-Ee34tI@M_Hm5onh=WSU>0zh
zltXIC`Eb=_!c*4h>@5tbr{ZOUIknUYdKC<|HQ8eUFg$aVUU}7KayBXd1j=Ffm2Nxt
z_C0&S&3kPh72xvvJ>|;qsTu68j)j~cd>gVtZvD+GSIrm>`%PkdiBg8?SS|<n|Gpcm
zB*&IvjdnK`*G(x92i`Xwzozd<mKKq$)|(9ilQ@AzR-5%Nvh8B;`z|fr{e+-INNl=Y
zjl^xEm@rMFDN?ZIJM0-K0IXCF6n&Xpd8Db?&*9$v@@<L2*F`&_0RT(&^jUAkB#^}Q
zDA6h=Ex$SF=|aGj!LmT3T~myLMUJTJwbn2xr4DSGh`_YDR&fX7-kurH-Yt)NWH1R>
z{*$oh_hf3aDvxXW3sDf|q|8eu;&igRceE<6wL<S=BpE1#I^GxGQw*x$txrK`#D#fk
z2!8w3>!c3ytLWor2i?zSX`)A@3NOGj>PjC1c68pq+9y$ntnGnqyBy%LZY<TQvO_aW
zmxj3%kgzOc>iUZP`5w-XQ{tto(lf=x``s4Q@?Kj`wA-cAb%^K0tUp4M93$G?*-nZO
zI~V=p6$@rOZc`4Wr5}#IXD_~}dqeUyus(Wlu~RVya85a?SCc77^sG{>wR%yWwYvR#
zP>YgrPTvL;7ZrcVg>Q)_$dQRXd7V<O9B&)YaSTkjm}$sEO_&bw5^jV^;3Xa-BzM!Z
z;vF#oi(eNUYCWUUktwYy=JPs@1CJj9=y+$VkxX2N7Qim}_wXNz;%(KeX>Srkb31=s
zV0(p{f}%V?St}MyQ;JHS!Yv*DtGS^rs^WCf-4dgg@n#jT%<wjBxMPh_54q#1j{bG1
zJnHeY+XQ5>n~a#d#pjCs`Ax;V;#P77BMOk$Kt6uAs<+X3_`Ir=aBiJA-b9FJ(6kda
zV+UWX<rEe#@TVOQIP6Ku?F3g*g+M_klqQza?uns&D(^H!qiIwG(rf{++zz0L=mnff
zVQVSvtzY$fVC&9yRynHqb`p={F0>h66TctFW+i&%sq19ppdf(NJ3Z#0@3F*RH7x{4
zuh^EnI|M@g#^CG3WpYGm@Jq*uN!KDmn4xlSYfNuLUo?1at@=I*fvK&#7b8fZ&ZHoO
z>%{p%1`9$r065>4iO_m1Z7)j1STqejp5TxDO#ggz)z|98Z1dDid^8y>EJrhY;A*yQ
z6#59g7a9y&YJSl^Fa&js3xI0HPBZ)Am$%oC&VJu&%k9E8ss-h&56d|2jUC>ki`)D#
z*_W_hwU@JI>RF^0Wj`^^X|*`FBuy{I21dUrrsYrnkn6N1>LzMN2W~GAHFvaUvo~!9
zox-{N_^Q7~CkKU-Oi2SR&aq|7gAFaEDp?5U<FLuNxH%%wpyKy+yuGen+rOjhCU(=O
zM6z9VO#LC~BM41X@XU%+s0TmmJ~-{?i+BAJ9^=kCn{{rsIWZem>tegC4<e%}kENmr
z=B?wg(+$!1?2l5a%R&lHcZ`<bi5*E>r;aNw+eVmLZSdif<?+PAv~bgqS6{=bQ-SFt
z9%!|Z*5A0>6!?jE+d;;-d(-!xid=<3{yRHQ85TCocurVP1JAOMOqf%)Z5rLo{;|uT
zS}LJV*mj3XBOgJ`z0;OK^}f@C8fS4tN-`sXvN!a+gPGkXx@^Oo^W1?mG{bcca@-Q_
z@6J0+h%{StoA+LGDqiXRIQ8aq*x?R$n{lXKXSPRy>@2>B(A``>HgU>6zBAYBff^^U
zFTFXQ35R2cEl;R?OC=G_HSwFf-5^wbU<C=cTe>rCBO4Mh>?=~AurDdO>>eSmp&osE
z`7YU+km$DXCz5t5*%jBbp?5qAn@Z7B3oNhs4oqtO5<7KCo~r;#(;qG4>O+ewD8Xf!
z)i0zjN~u)XyFa#SYIsf=q+>52>G0Bw&~igwAGGS-^-n#L>@h9p6W0aWYWm;V+;ept
zp<&1eklUqYO?61}f0#2h$(N61C86U*vxK~lpzAp+)J)b9+sOUplI66tOT-EPvVDYM
z=#rfV32hC~Lg5b%>6=t%<Fd`(f4xQFb%7M9XA@Rm<wT-9{AE!<Z80Q+go3D>N+<2Z
zIo48)yDG>~hTA@F2`LvWr&%$*@2#)!IGuUfDCD@X4rnPwL*4}=pGKC7X*Pf&Cu?^b
z)EHik^v+d>+p>>!avFRnIX}BEat=AUr*0amYLp=#8#T0CpGJP|Uu)0jYbmzcz5o}?
zduP`(DYTe${}m;Fd-O$(sTfE0ba~@rD?n3+zdhkjYjBGuT=dEser-_SFZEWthJkOg
z9!gRR9uOW=c53kgD4aOd{mDn<x4zSx5>Z7N%uC~Je`CS$gkIG|<@w}3@scp>#88)<
z^)3S~(39hB{nA=sf@S^z_eObVLoScdtjw}RtFPjk%{=RJw)XW23S%rVjO~YD(*-xC
z&HbfH-BIyDPE}W+n67FGS-iTbr3K<pwADdF%e*?LTby7fI5-$K%B=XJ3JML9z(!;h
zRQV)s%7bZn@A;+(w~eU~X@w)~4xjcb@I2lch&tFFc1quJ&1c&z)Yc5%fwV1`MKWTM
z9;-YhAdV+KaJFAecw+Y{*KIL|TdatGuYj}NSaxYJ!AvV#&qDqFcTifs@lhp{lD_rk
zmymYX78N+X_R&{M<z)MKTC9_mi;NrxWADmsl)V`1q;&($BJ;&96vgoQwd8az1C0g>
zr@Q8Hjr1?-72w1z$F!ovPKy}79-|;G724L$&-9S(Si)>2+n$K6G4zKO_@wdHi5vI!
zkO(gHw00V!2F?7Vbe$Nj;8NE5y7`7+IOY<{T%VRGdylF}%L6{!40t1wJ2t8?xLwc@
zS?Sdjql$jsmqdvWMNQQpmV}#lWS&@&Enf(v&)ps_ybfvKIsAM!0>8^~i84G-TLp6y
z#Ev#awnEU#=L-Eb2Rd6vUrUGf+?)gHV&D5G?}{H(8aA&eF6k4=V9uUM6A(ZM1!$$o
zVDg%$0gRnTv1{C1t35Z~_{nQK4;dE7_lAW~=!Sq(g4BMh3DboB0PB>@D^Gny$%Uaa
z^&qoIFmL-=D-L+EgsK{~)GDaqo4$J#RMlB2&WJu%$d>O-A@a5hE>Y%n4U*}3QF6*5
z4aM%q9ORS}AzB={=$_exT(G?_--4Q0bt|^0JWPKkxvZN&mq5AQqSd6|O6;a|=-!;S
z_n#@V3Ne<VjgjvyZOfMHU4oS?YQ!jDbU?Y(!~o8vdSULehLhy|n6FJ3SWCPr++Su3
zGhe$6%JG^Jfp9{cWa85WndO>9mDhL(&MV58>8(X8dNMKwwt>#fX6i!aFF&?Zg9=td
zE^j5B(pDEDwhg(TTwdM0=-8%w1-?(ewZ5pL-8pgU08gVz63E+FW1YIUriFT!^TKRG
zx;0B29H;#J{ZBl&)6EgmQ8JAhd1L${Q_rDStwW@v&k+bgOyrx1Z+ZUfD?xSU$WRId
zXghdrGD#b%+wq1}RRT$2<mgxE!+}wEiMNe<d-K3-wvRWf_?`qI9?^AQ&dWEPlh`rp
zy**`HggF)!LRz03R0rCOD-A98`8w9Bw=QnbUGiEY6)GBm$k5~)6*E!tQpJ>IOB|b&
zMuLJKku9!)kDfe@&?p@q-ylH|(iS5h(X`g3aipR|XR}<nub&lo{<bc9#{|ThZ}Y$i
z?fiJaMX6FtnV5~c6-6aWTBT*clqDvV`>da{DE=dMC+#ZI$yuDpyxAW@tbhvi6?Xk8
z+0YPL%{wkTooM_86_gvZb|COdv_exAcXHft7s~N})@i$x3p)Nh{aUdN5J=A~z3kL%
z<S0IO%<Q6nwFMXi<1;Z=*x)W$xL>1m$7vaO(fH{y>1%mPvY6#_ttF>;t1iJ3qvnI-
zgs56Kr54{PT5z`^y-rJAYPAZ8;u29m@&V{|3gR5QR#w;d<qS1M?gP8SS@p^#7NV3-
zr?iKt5E8cADK6dUuibVnVt#q`dLlGkyuj_(C3o2M^b8jGbDuPVBhWnu;1PXrI@}kH
z7RB`nLD#*xWu#bi3KuB-sDKMIri?Z6E-Y)8>~CFAf(L^mqcM>yUeS%wvX8cC!$&17
z+X;~zqiQ8RIUvdUQHKctp!8ynFLwlbmT9BM)!`KI1BcNvghhv2WSrd!5%lQxb277m
zP#Le>hm=#ex~Sf!gm^MIE&{sK!d9cB1F<RF7kVAU0wCJV?Xr{<+bPU#O<Ra{;;O1n
zfes!i1mEZ*s9U2LOs4|?SAFr`U<JQpVwOnO<j{>2j*P}<<2CUdH#3o!HXNOhPAPi<
zNVnyK(c-&2uKrA;id+@Xi#n<#o=1%6(U`UI_)t%944eq7fLe5egp{<ni6a@x#mKEG
zk0@P~yzcCW&G}SV32hNT%kp-`vU1U}3X1lFjzV7-z7-OF_by$wkihec7`cQ#aTTP7
z*rE4ZYsp-cc8r((1#L?KZp}U%w4%0M3zKM@e(lmG)S9g*V%w<)5573EW?kk|vEskK
zi!8z1*QGSUDNw9+FFYhm&oi?Gz>R}8bEiQ4GE)zf;-}Jx9cX-6Y0Pq^?FkA>l<}QS
zVn>HVA|hn-vOmY_;KiZBs5EYi>QLZ9GkX;BS`lkCI3zqY9|)o|sH!~u+O-tjB!n_b
zR0vHoSAnNm^AMVfuH!GklZEqTX4WRvX2ekVeiuS&9T;$MQxG@%!DP=Z3U_^hIy*!!
z8ZDFGW1P3<c5k73*<X6iLU=kj&9rz-WGv$&g9yxhTsi3dg^p+Iof_@6!XWo>c?6m8
z$*rk&D2g`oV(n1susDes&5Myt4oEFSpcvLT7qMj<vEeBVg2a?o^Ow?OQ_)qTMCV~7
ze1bow;XH)|)XdFO>{5`h>{|?u1DhthbE}#M3)UVyaQWWVpt4yzrmjgmsNDef9B<1V
z<<=#HZFqpd`<Ow#Zffd-ux`Vt*nSx_h$nZ<yhFN(U%sj9WcS+abJ^1nYLr*>4IVmx
z@Aw%~^5?~qt`#=2o^;P_rH@?iC{FQi4U+W~YG)N%Pf*qAL&PROdBNr1lvOW5Xf-bw
zYn$5~9D6M1FFL;eP?&iim*CdjON6WzV-;v{j)F&4BNE-l@jh&{r>$Ms5IVI7XHN-M
zh0R5l+l}<AL8{Vk-}&1`4jHvJCmN^|n~pPse%OwS@yaJ`qX??-QQ8|O6fY%GRrS{S
z_rx4|oVE?l`AcSROWqZX*3eE=h#!qB9|S!op>CAp4!K>?{Yq=^TFleA;8vsAQP?ur
zVj;g%n~_ZN6lGs%m~lM*`Nn3eU09K2Ji4Zt7}=0wCoO^(SlI3=ZaKvNT>8b}Hru5G
z6@CxM{hmi>WLS%?Tzd8?lCm}7X^6!q)>G_*&zyY0$d2c?4={O~UlR?-oMso@|BRIV
z!o_FB8AqNoA!T(s-8(60u7;<vkB)`h9yhWoDl#t%x-jjCLh07Ucb{<fP_6SELrRiP
zViLo0C+klf#f-mr{joId0c*)1Z^GP%boTRxJa&)vkctW1q(fM(ku7}t1I<@nyhjXy
zgLz?T7;%_etamwa8H1l&E(wD<eD8Jc5AfzHSAF_1;ZiYGR@1?UeB0AG!{>b2U`NlK
zCBDwgT7)EeQ7HY}IcXAa>`IE<@j?bf!W`50VF+H>8MCLNhU?kbPuS)QiiElEheUbv
zk7MR?)WGi0IE=pHW6+b^N}CYfoRpAqO5;3$r?+}A@ckS>J-$D(QrV^b>+m%igrOCB
z5V7+!N3w{t-|&_9sYtAF7+KZwm*lYUgB7UR4=-3%>8gLflv4IG2^x3#VN#|Y^iV5m
zwz;owzgwWMsOaA1#b<~9I@szoc%@^kX7MOB;zDZb!oaX+SdqlimjLkN*TKJEkm)5z
z(K*-5t6CS%13oRM{sDIB`leFn+;_{1Y`?#@^8q0E(jKjtcpAh7ffT~PBX+Qtz`wli
zDXB`Gz*;D6p<!6*vCz85X|*Q8QO2m7)*_Pf<Hm@Ocil+IVRL#<uH56qsSWaesv-Fe
ziuUpx*gB7$((Sj570PF7Up*+;hwx^HT|9Ty4|~;G|0j}j2h-`rLk-?Qlgzk%m>TgN
z-f>*#I7S^FSLqW^Vfy>9$(#E~TQOZ^YJTB-;3G5YAFz6~eQCK0$;zMTvLlQt_c>ur
z@2pZ;D}3TvP+YhiC-MlMkANM7zp$e`oIGJJ>qJ!d1=ZQ_mPWl)uvYNi;Jv?3XTHpI
zvr3sKE`)FyJfs93n*7^`fRy}tDD20Z0{{9ZW(zAj8rsWGhwh=)yluoeiq6J(B(-C@
zx_t#JU_Ckr^QCW{5qm0pPPmR%(1`)2^Ze!F)F!ZDrn<y-m;FF+)t7f365##ILjll3
z&k{!@pocX6(}yI1H2mwEI)8uD-#_&Ga?0@u^PTj^pSZ4F{>%3tX?(Ru5>eEg*y{j9
zxV_zdM@f|b!WCH_AUl_DCly|Y<h<2=_L3i~>c2kZ6*qE_C{Iy6JmI(vky0>7-TWiW
zz@R{3c9^OLWybwt6EZ1TPTaTzPFRJmANz!q`!S&Fe*%fY-^Q-qXNMV$w@#n;W>vK&
zNMmTMaOCNaDS<BQYy9Qmq62`(*b8E=fdijgnv3=UJM-O=|1awGlt<PNt9VVU;~97;
z5InS^ef)2B57~i#`-%S%9sc*;1W~k_T*{$PqE`k|`5KefuGyOQgVRTuV*Q=ztL6Yb
zKbdo~S3@kpGM=T{t#$WhKLD`{%%FH?DM1bsx)}NqsC>fQZFUDR3vSngJW7DzO8R~)
zBbR2GB2X4QKt3fAm&y<C(qLe&X_x`6KOE$V8wYEW+cFGFV{TRXSk?;de%FzgJmBkj
zEXBTu(p4zCwMPZ?K-x(|;_%bp|5%vk8d#IY;N_b*xmhOWob$fx1CKaiaY9wQ_66F)
z1Iat*0^heiwHN%uv~dGp#7kcL7t?kYGHo^&Z-+2cC|_$FIXexxkvElxf1e7f!~}Fb
z;M&<J!?f$FrvW+Ru+<6K->|6yJ#su(xfj@93^E_VJZq2;4I~W2rk2QU)Acl}akD=m
z`-OA=VI55%>&Ql6Ts{M=<H2qF3mp~8u8cVH^YK5tMxfLr7;QM*f%JTZBD7bp5eW|-
zo<E_$i3;9o*spN-sQcPt;u_UCFqhD@=Cy#ZZMW##v$rm_RT=Nuy^!K-;1vRMx$f3I
z9^e(UG=4Wh4r3w*#N?0fD?%mLhDqv5gSmwBBaQ2ol~)Q!!(B}}Gj2tpJE#V${IRz9
zylR2`o?}6LD)-!7r$GbupOmFxg*eHYaJA()CXs0}+zu#NRHcvQRvo<m%i?$oQ84I3
zA;6hxUGY5>wJ$Uz!~~$T9%%|2SMFtl+ZoPv5;?qCJED7_*$qD%032xmV~hyHR(a&G
zG@fE-Za@<Q13;&QkDp#(H!f|gjz--3_K5YMuDpBQC}<B321oIcopF7jWqhA7m_F83
za5ttl6s}6SkL$3+%>4a<&#`>Vm;N*jN8Ev@QR)vVd?QrhL-(1h=OYS|`Q~FM@t|6v
z-TH!+SOjWOLn+zyr%-46HbFaWmis!o3yjk66S3PzgXnR&2miHS67pug@)y{g)Hk84
zOt^x(lS@X1RIrUCbxWGpXY`I~#$Ruvho(c;zB`}om=!vsrQR3exdn}VW9`Z`esb7j
z<(u%mAw@Q6w`F->0|Nuo&(B$!dwR}nt`S?1wxF{*XsA}CVKS@I=hRxU3(;zID!<<Z
zj96?k_T`e&UjhIUyZVsnKUo60>@Gt>d{;Y3=7cwPg2O=J4ks=rUvn^akCb`+Vdp_V
z_~JJ(#^E$HH1C^M{+8g43|TIZm0JWc<`dV00q#q0ZFz=UqReqzqY%u?xnw&b%Q9<}
zYxT+w?n6kD9qlrY5U4NQxXrS7VYZxXZEYU?+t6IuHS&-U1MmLmR|C2_gvFukE}Jnq
z6Rl0^K~rmyB68Ccr_x2%?@X!!z66!*L@2S3-U*vNKZ7ha+%{PRC!B^7O@2<NGN8$w
zi!4@8Y5<@|kc@Kg%U7p$uYL=!;&gg<VRNzN^LF4mKuw`I*-!yVEDlZbtm9?Y?I{7e
zNcY@xMQk`|_GA`j?zX$f{7|*9RqM&|$;sgSeh&kG@W*;J0Jy3V(=V}{`0`u7N5XTU
zD@h+hRzjJ8mpIk|dEt4wL_<}{DbdYW;X=lhUnaY<i%UM(+S=Z$pkN(yO-Mf_1(3|m
z`S$(a-M>10NN}*aAT|vk%!y993CQa%TdSj}S<Qkm@L|D(wBqaBuc=^341N+iu<V0%
zpu%-p*9i5hbQE9+bZ`i#5$@kuDFImd-md!HwKoHwX^fZcze@m9sq8_Ip6=lXEx%dP
zY7{8#H%-0RZX+<`*?+tST&yR+CTyZOcF<}{i!pkl^e~uJ04Bj3Zf-Rz!`e3ER6_Zf
z`L0nL#W2`>Mrrqhi)hAQnt^F~QTG*$vhRGmw8_>w9bz8td_`<-m(J|*3Z?}r7)zIr
zZQ;XoDVK*Mrgyet$=lkXm>dzLgVIKT9`)vDPiJVwZnxII0@D<$TwWzr&x2)I%IX(C
zvm(EMbUJoDX<!75R7onRKZv^)BB}(sclWtR0OWAg_Yisx@i9)=1mQ~P>5!p4d+3Nt
zmoI9aiu?w0i$AF{&H_R<mkv97v+J{2a2MCRsX&N0VX>c2roWvBsn#>SjHK3<t?4|x
zT@bK}EKb>-E+E}<1-DiD6EuP5yiKc^9|}^P7=)E=Xn=W&ns?s{VAPRMPT{l)vWl^%
z7&kyi^W?PXZ?})VB!xI}Ga%`#yf^k#<dwqMomF{J+Q`_97BIS!`xWR5&vg|3P`o}<
zhLi>ZD(F;;Tk5vf;L5>mZ>>X?$$hy&X1iyNxiN1bHbZh0j6i)2z`e&lOpg6Fl-m;e
zLVaDknGu!QEGG}C(rzf@z&2|nq)#WL&n95kP*L!Hw-)w?!D-ZGno)kV_N@#DSjs!m
z>A=cpYN@<F?tei8;kk+8-)6HUT3>#`iN3KCR}mn90XX8MGkRH<EB!c5h?vzT6g;Nf
zWyu&5IKfx8*6X83gBWp+3N^QoKmjBXAADkHn@Tt4Yl_s}!$tvw{Po2Ll#e7S6pGPP
z%@s-x4%t1fGbPRGNSRHs<3!YPqQ<SKwDMn(2Kjccz|crJxXQb8>iw?0MJUj1jUCGa
zb0843kI-}-sYb;*tV7yW!(~?QJ<Qe;<HMVKfx|l?_k^KsW|e9e*Qr~>p$yT)+y7Nf
z+xR~7*YaQfDS|=GMx${Fo)0)UCgcVe+aFBf^9i$ZEM3~LT-RYR2nqZ6G3DlId0@`-
zQxGNkt?36-^>eQ-7j7=$i9nWf3%@<)Fj<`+UX#czj#XR9%gxoM5}g>0YEyRqJT~xP
zU;9itI0w)xycb(K0tQ<IfMe~N7o3tqpknxHyd|Cx5wF8p^MF-MmDti|kY}@ByLP#P
ziaR*QUs}IEJtjs@dUc4|8H|XPe*^)uU)YWQuJYF*L38L`LbsE{Tu*m?Bp6Y_Ryl#g
zrXz<v;#IHs4D1gIqi%ukMdlvAGKJvBd2DYwLGuwH=USvh0SC77Bv<m4g%Fn0I%D_W
z-`R(%%d^EVe)|$|990lKt;>Z=2m&>lumtb&N2L=IxsnR*rb)9Q7o4*UU8iy%$!+bv
z145P-<kf*6<Q>kMdb3hJl`4F+W3!8qk3Rdb)_izGM`XZ$U^vva4ob^Sk`V0IjZNI<
z#%Fp7Ny%XlOE9C{o%c8ZK-|}0e$Dr#rNTp2R#wer=+@@u=$UwQrZ1<Yj@FzZG546Z
zOyypLR+S$I{3{sOLF{-(OX6##TWls+x^kO;n|Qpfp6<^u0l3{0AQ)dvee1)<j4M!^
ztdIh3w-xg&kJ^gWcg>}t+>0z#-oeQU`vGNj;%e}WYLXCSG*PJ48N2D}(mb@b+!dpU
zn&J2M{iS(=IlJ#L0-p?m#os?!z5_$U*W7udkS^xL!XW!@r2&CUK8Psp65hTphO#pL
z9j9?Y;IH}Je(+YN{YjNY&_inf_z+0A{{2J1!}2gM)(y|+9)bMpRRbv{1B0>Xfg^v7
zK0yKCD1zZ<aP=eV{6qsx`CVnEnupYg+qcpVf7*$Et{VR}b%!2PO5WdZ2!hjW2EU;l
zgZ~u!dk}l%E)-4m1bz}e>W#he<}}q#l_$3O&B5PjbVLc%kCd9NKEYXkm2v<%ew1>4
zwZ$<iz60);DW50v+S38vgCk!r0;YnxlW5$}dAmQpL@^NLnt?g&b9Ijfc%=!AiaT|i
zhZrBKP`LeT;6@a!t&<(m=&J{ozkmMiS}QL*nuG|k>He~^z3ifjkN2`2Bco!NY$xXS
zy=8~xmVQ`jP?){#l;~m|yr;aq$_AfnjSW97i8zIwjF0dLBoaDw!y|v&%kBM#Bpefb
z*~L!1&TKxbxMQQ9jod@I6m{8%i`udnz6E)!>e`!*JBLB`zmv$+?%{QuFC#PH&Q4{-
z<>cDZr+rm4HZGacDM_>K$}-KeY~kB1+;?GCHZeV&m562CZ3eY;2hz*7m~t1~>O#a^
zA}bzH)w~fhPLi~^I(^*_8+;~s(2@yvj?&LXQbab>$eduD#{$Yl3}NrYMHz9yGmhuy
zJ~7i6+U#Ss{nMjTYw6vb>dyT<`zQ?NY-5GfT8&a3n}RAxzHA_{zV+iJc?|A8eWio)
zyaZ*eVB5jtS9}{KjcoFM*Bl~6>ogW@P=B8&da@INTmbUd<~b60jug~uw1vnH;6-iR
zYx6Ea0XOdEt$eyDpQ&fjyLuPBRw%S)qe%~;OP*#7@@|d7XpTdH7zOwmm5+cSr^$hm
zSJQ#<oQe_>5)ac4b%meo-X-2ok&zh$)AIWy!X6tdD<@t??oXTxjQsrc?kSMC-p1}T
zr93%2N;_i<HlZ=g)QX{@y}7)^4&(M%iQ1|jqhaPdaA@_n5>Yq>xI>w7W9F6bJ1{&f
z-2A%}28~-GE{jQkQjYVlZS6y}O1ZfDVOJMMt*?5s;+f?+cCpQa9DEc4G+c#8(D0aO
zf$-eq=<RUI3gy~?N8f7q#5N+fI-rlE1c^gH+;I%Qr}wWZ*?>>7!sOJ5c|v1rPqe3>
zI5xS39>`XXtd;J|)vR3N``_~Sy=s?EY)fVkh49ZSl=1BYNqZ#`opZNcgDrO5SXZ75
zL@_*q9fshRvwy&h!$iY>vPJ_c$(Vk5!HN&M{M#o`fGuo+8ru5dHTEzNyW@V!#w%}-
zBcGH5AN{}c3s8dl|HT@h$Qnq~2TVcHQBWc{$oI2`^+YjPdPMAS)d|@jMG_HNny`%-
z$l9Ey0LD(;h8&i6;@KbL_;*BmgO(9Dw3#^fefj+2U*wJg#(A-pzqwP*zF0fm@;GK(
zOu3Hg&pMc50ARF7Ch*|VPujm}(I5`rMvv;4-M?Mj{%gI*|J{1681;YpMc3c&(5gy#
zRy(G0f1Uv`MBE#T$ZmC0`{f+G4uHzj5UUS6jNiqA^Ez>R&z?Qo+sf;C{y&F-P4?2f
z<1xPo-wNsC;R`hhs#apytIL%2P&q)8ftm5>rI#Z2NlB00qah_l9EQz%<Bq5^kjTp(
zAdzR1y|71~nrC*@414D2%QrrT#i7RV(Z`-rZHeI%At7(WdnZN{$JdrdgRXV7sJ1P%
zE+=-q-Kx`6ZGcAg%hX+nrrTJIugQkDC1QI)SD}1=zFkS)iVNsmQINq3ieb7f<5_yo
zgA~1}RlxnI?EO6?q~z3$M;fiYpd-o8s}XMV)g@?9OVJb;2{LtXAkaSP>gw9>|91BF
zRFjrYav-<EHxHsjUJFevHKKW-gDf}>Aqp0&qk?q|J$X}24)eywSu3&qcrAFpS1_qJ
z*2{w$@nP^j899tBz+(eB8))&4Kyp<R9x~BdGx7jy?K8Ak?<79Rdn077*-@VV_^*Av
zydpa*e5XG{C}J*9Mr@F`4)rEUyF&Tcs>}W6R=+q2V%F*aZ!M;Jo()zd%9#W=wG*4D
zQ<GHR`6y_0ZJr|-w!Q6->CHz~&1x}v@*Q>@Ml86Tr~>Ay1geuNPb`u&VWImFDRWGF
zDPStPfx<t3N<wN$0ru-@jeB3hpqVR(QQ|@FQwu3-(uzljbK`Cd@*bi^grxD9LiGEw
z;bvND1m#vcM#+^k&dO*uP_dLNQWO=Fc)i3%8YA?NKQQ}$YlS!e?MMIP54Pz!;KST}
zVUWZ;_XZLZ;Pv(`P5KMzkgr#)hq%>xGms@OrW}DNTwWsXiB05C0pL;7*(_6n*k}0c
z-73x&$ArFM8ib2T>-FG2WK#Af3k{&>15-b&wqsLXC*Zr!o73mDq+~6-^8rm$_9F7^
zfK2>%Y{;xsK6?NsYNYh_7u%@cvoPZJZlulyE=gQ#D;nSpa06>hT+s}3>2jOB{f|GW
z`x{1sO{L5UGydl*=&=D&GCgt<V_6g!y#EhDqGnV)4diwu^dGk5hrRjtKQI{NodPO?
z`iqKuW`|X%%{Dvo?p7@wpjxy28Fw|sgJi-&4RjCG*4Mw-TU&b#gIa9T64yUoQ<<pQ
zUxmIvQlWf-5b%0}<m(rod^<?nUsZtGZO2f*jULpuv7>n2*uK5F%)CD}_l7*+b;V7+
zK~ol^909cUZ1b^^s|?yeftGB6#+`nEO*QzKdPT%}_MT%)l#3=GX8dpT_O%#7r%4`v
zTbBYRa64^C4Tz3qKcw}-n7PC&WEU%xTVB2Q{V6Z^W%WraYRdcBVV3D1wNmL2Ox2Km
z`eVmFs$%Taf3LBBr+_+?uyzdFKm6eDRQ!MB{6C0F?SH$%KmUM3-0rK4k9f_<NIMHf
zc6Ro0G7%AG1gE>`E5G(HGW~hC%3L_{<K*P9XOq87?^non()3pl{3YYY)k^r8af@aN
zVJCmu?($PiKrbk3*kQ?I(YBe%-q?dey7v-*>CLeRx&b8j&HtXL|E=T-1FQMp=*Iu3
zO#dHT!M?MAKeRfczAp7Nt(m#G0;QQ5A5LP;;uJ?}fazds;*7CmH~<}l6BU(-drXHu
z8|-+@uLH5b`}Esyt{I0gw1o;+DBC~oe#Z3EcBC8wT5vNXWiIQvVE4h|Qy9zr4!lp2
zfU{c{|Dn4#E0te^lJo%Yjc{-slFIvCrjSwb2rxX6fL0ZsJG}TPV9zL{emXHA;ciJy
zvW;MP$?4r5J_qvfWnzeC#FIpQRvb@YI#{b0a;&Exuv+8xlK;J975Q&}@OPg0e^k@|
z=k*$H(-T}bq&oU{N|$waqIEfwQx(L_4KD9vUG59de^33x@!j^rl7tMzj$hTd@-qaJ
zJ(7BVz;wXg51Z3*E2$k&e(0B?KCY-~w|+jf2nH%zN@&@CC5M%;ffCWrpJqG<di|gx
ztFq=)k%hrz(m<?y?W@B{fNxWHC|UuI(opm8?M;^o<@?YaiV($De|nlDFJ*xvkj<}D
z_V!69Q=vsL(O>%M{(wHMXvKI%vi)sj^uNMDu(^~u4aWc6F#qv`aF4Zdy|Y=B$}KFh
zyF3897bEVW{{=8cnma6xjMK7>9mdJ_^h+-z?lL7TG@0t8sWZ{~hw*~k?lJ_8ECwa-
z>~%2ty9*4#yfM7^?w3Q^<3&yi2LGC(!7ySoaAc{91_wNRV;7x5dVt@Yv&@0Qo$GbL
zZ#oJ-)FdiscGds0(t^r<@<NGOR;g!F6BwgCH3^1IoW6u*EXDkcA3;R&QfJ_uLwz+E
zrNM2IU)(#DRSbr+T1o~LpsaB`T=y^60k2l^%d71~-I~i;lLdoon|GT*C8@p?44*#u
z&a6b#NPCxBe_}o<hi&{0E+Q(Q1XsX4?Z8kO0NPPe@m|7`!}h-n4FSRMV0+?>E<NId
z(3&)es)Dl-9~O*Xoad7S2dy79_x%|clOLlE&Oh{suMW*t4h+S2iq5Dw;8!SPei{m!
zLy*|){{T%lfI3Zef*;ND@(|kH*p6mh{3*1uH;<7Xy+b2n^r2(+92jzw1!f$0Fk4#Z
za<=+n+r)2AE$YrTzZiV(uK|JvhQ=Rq42;_S42cEP3Ln}(!#Bn^1^3?y#(V<)nmAVT
zdVse{aW{q9F_yx6txFB>R8VxW=o$uq)8W*Wgz-3+UG!n>M0w59TmVM`PUyyqRHpeQ
zQ?{;Uamq$uFGY$nc|aR03x9rI3Onwh@r}V)C5=DR9N;sX>3~(<JoJ9dYk>EWOP|><
zB@)9_e;n@fOi~Yu*_B<8Q#)R~`LR+(Z!1qA6og-n=4dqfy}_+Ywaq52JQ38ydgqH1
z;7HzFs#!xymd$yt{f~TSc)~56O#~5gWVaH_Mv{@XW5&ym@Qis6@RGP#Wc}PNNIeSq
zh6KCTAlniA+XfgF&)oFGej<CB;0yxBm0da2XJ0Iz+^)=qnsMy;eKAClFw@=jqnKv|
zDVtQT$i2vf3zk39C$}W^NA;S!M1<P$dbuyQo?a=Kfd&zM7H0FFEAmWAlbfW5d)ey1
zfBSl1A)*$3<pq!gg)yHUjCGJ>ik0)mo~)(gNTfPRXZ>cb*(CZ;V*nmY)-DIp3u*|R
z+V71uTELH&;GtYEtL4Ehh26Wo%-9JOdgW}ljh&rQQ}^WLq++s&$hWp8pwbq88)SAI
zOUWIXVb^761HY7R4uE+2*<+3DKQljS#zV?rC1W8KBi;(-=%cnWnCcEpH8-JyJ7~;T
zRQZ?CLw`}G0j7sPY}{Q1B*HdeL$w$s(cq9@u`_Vw<u?E~*?cS~PSF5+Y`I<mqSvec
z`ivRQ_p>PK6;Qs%Ih#AdTs}Kz=)YeuWiHU-q}c9Vd1aD=*mC!Rpr}nBYeuunHl2M9
zM4<9^NYPc0#>sVi%mOcVSuRm;Hz9p_Gj0vW+3=;Ghv%my$Vf^`X7&GLM$rxNLYUO%
z!Jh_~gp`vx1I%Kk<k4^<hXq6u>T;l5JJ!x7boWC>OyD8xmE#B`z{aE~=v&D^ks^5~
z<<Hm^dRT%FNcRhR#rM<Hh+`K!LM@?({`E~jkd$Ngr-Q-;rv11;E+@{W?;a{sv1N@|
z^&-dkx4n@U9R;tn^Oc)KfO80+{%!;w%7n~tJnUENeg$BFWH--{i2Qp}fp=xTiAxIv
z7VBjmH;AVHJy+QNPVjvHyVrm{kJPQkv)7rtg`_I-cgYhbm2R_Oi{y9L1JZdD&j4aR
z^=PlwGrK8UdEo4z>9qv@WIiCdk+xK@(EK40#JmHjaWvhxdcB)dHPk@ZcfSr2_Lsje
z`Gyo^FQ>L{N&}hcGzMnSq~UFb$K@XdCzxdBoj-FIupdZxkNhsYLKHxb_*#RtnE@vn
z^B!OYR#UI&g@>gfJ+DQJH2=1D>NC86?y-(>%VI!NGi@cI%1o2&@4Ggp1-st;fgt1i
z*IfhkqY*Q0gM44k6lBycll?^-_`y;_QE@3DfW`OoIH9W1zb*x`s9k$!6#<I({&&TT
zgB0&!NR|~)JhE;yRFn8umOvJ4OD{)Hd>0kp&Q6TQB--R$*;>t`UvDFHUI#8k$)q1W
z%VdUoI5SY3A|u|!X89Y($X^5Hs?m^WS%-Gr33d$$=D(phi1T^a6@S-(Yb4hH0f8!O
z-l%EnK&DU@F!wpYt~eCd7(q-{{GG|XfXP`r4Xvdo0WWfZ&_QbVFG~Wo+eN7FntuQ1
z#1s$efa)TXLXZ_3{bwr%iKOrc>)$Lz7-YppAM;#&LJm`Z!z$j4o)rdUG$nKx7&=Ae
zG3~aQ?^(gKYeI@mWEIM^L|k3oga1edfbsoTar>Q`f2(W2u`pYGO@bVY1-`-uvh)8U
zZfr2)ODcMhf{^^*Q4pvoVK!d`Mafc7e!KMUS5eTU>)dZ44%i7B>^M$*S6FwX@jQ?q
zM?1x6N5xsDN6xp7r&7TT(gXurhy;J5&Nsgikx@|)=-QCn%lBm7Se{9}c9+?#)rs%d
zrth&r4!P|&8}Rx7knq3@n(NU(!W)5vgK+iV67%2M9VK$uEfO0@5!8NH1UBFdUXz40
zW1(~!%~YX$j^%Hkvc{bu6ODy|5TD+L@WbT?{%$ETJC;(~4-LYU%#R>U`SL>KoA~4I
zn8XwvUXJ+d?%en}kPGg(L@7*{o3_UW2o<jc+wOAX;HnTPRII=8Y4X_sZyY){b?E^%
zc_Fxk9maB7b+^NB<cH{QbuJopWtPd$B_|4eVH5>WY6<+YpM^dUtjOw;r_43K3V4d&
zSD|b;bIUr28iX`#^DdWmg*{&NG$1@HJo>EpXod2Dkw<<ze%&-`-lAFs-WzP&Un*4$
zhTdn-x>dd4jA60aKNeLUB4!QUbR&fagFCZxtve1jxPBQ320J{POA7D97^B<TI!y5S
zkNUmrYCX3L&##ZG#xFUB-5~Xvt?C!EM%Q>^JC7R_FL&FNq1MfyeopW3lox!db6FCV
ziBkw#ME60?1<Vu`sPyUiN<TaUU~Sp}c9Qow=_HuCtK$VQSdsuDvq^q7jT$Iy$~`Z}
z0z-7ytJN7<-Sl~prp>mK8T}rFEO76Q+MbrP7&Dw`<YJ^EFl8@K?8iOS%&e>#yN>_>
zl`ep-JAbAJj6KYPF4|l<ngQ<Kps$fS+NkRVO|7FVdxr##S9&WR{M^tezk{X73y>n*
zB+}S)Wr-Do@t}1!dhT*?Z7BwkTMUwujUZ0lPLxPDl47&QfrNje2Rc;g;oA=tlO4}~
zJOj$B`3E0;qc>SOU7BIq`sJWkk}UPD56dcS<&yxx_jy?*_r>VW$&am9O?rWF@nrMq
zqF$vE!mIM5Pq>0P-5R}0Bt~PeqoE8XTxr;=wJ3TgEGE94jZ0gyIF+njE%Oci$5{|H
zf~hNiCr*<HZhI?8b@+~K9>AmOAeY|l@!};1O~@fO3nO*%^diXD_ve{*VlzgwB15;i
zSWd#LX~r*EANRo*VsQ*0(7(D!NCsMo0q+}Ho*6khYShjRLfWDhn;R{|;PMth2_DDs
z`hv0Q38sX{FzC)~F{Dn%?6?34snh}Ld_U+;I<%|$zA6u~clX}--i?>+?F)geLZxUi
z!_28=_1Wgq@f!;70Gsk{{IF+=zdt|y{E_3wDfw^dL@sjb$#=3hxcO_j=;)@o92+l6
zIx)IJ#S+;AUUV?rr%OfZ@5QpRNpDs30>qk)xl=^QCb0fua)r^%`*A5xlS{q==?A8Q
zg`3%^9(^9%HJCEq+{a5$1e*g%sAH4-=eME6=8tsc{LDu(tjIsuU>)jL=aR<LUo7bk
zfUDMBK#UsEQ3gm*utQSby{3hcX<dTP1a0cBhsmBNe7;ny3D3FybdMK5Q%2<U0s4{P
zi06;cpqg$z8gn6t^UnRxsQ8V0+~=h#YN!=(eoIgh?qO5$VzY8KfU!wSf?EV3ZK~u@
z6WISo!wZ1T%s~^la~?oZn?2!j84C`NZ2|gSK5_8e_6FU&fn0w2bWr0uf*M>t+dY{O
zV~6)~Fq-74!{}WzE2@D~W2a-_$X3uDIXL`*4ps|b6aj^GCz~Fnb|o^Ow1?|wo2hsp
zmjX1MJix9=NL!9%Shf`Ett@vxknNxVUHtizoyIerM7!%bp6!^oC+*Gmfzvio(I12~
zg)W~JiUtUBt>}QZGhXA&v+iQ<#uL8OjBf<J0Q72AG-jN=IZ=vZMt9!8Z+@m@LoPh4
z@O(bI%G9I2JGZ^Dl);DOca)rFaD@K0Z?Z0jJ9tN1{(h%Ypw!}C^RThx)c!TRs#j@4
zBdCMPq`Lx_ao1i30}hK0UA1RqHfjtBvm)u&)s(_re*x&u$cVdEab#)i06A>c7wh&F
zxGt%pu?0;QVEbpDfqyJq+~gMipMJQu<q^B#K}@{z=kI`Voqj6{0>t5zE`C<9!s;GL
zDN=Hs64})&c5M+)na3Uh05X`}X*iY}bO6^Xd)pQy4IrZQ4TC?;OuIR?s8qhJ9dQL;
z$aExw9h_Yz-)&vPn^)9ytqwGpnBf))t{{E2!0lwfOplv6K3!(bF^ktPUvAUdmmYLn
z_9iWG9hzsKN=Z;a&RD9b=Slo244cL$cj15mUYSRw+j4+@J%k(9n~Z>d{&&%@0sRo5
z+C0HoEWL!AnbG|^qbq_~LlJ=s^IPWe27(8Ip0RuFlfiV<h&Z?VVO$_5M?|_E&!15J
zM6-A)a=D_W(ydZix>>p{ffc(x%R>Q^dtRWrlNmByY2^4+(2?1`c64ApiF<JJ3=QLr
z5>RYzlSI2uI?p`7(gQy>h=KuOnfSqAxpDg2(RBLRngRpsR!L7fs`no`O96htf9Mle
zm^YNS{~vypH6Y&vsBN>)05-MnqzwPdYyyGU8fJ%ZE+E|(LwrzkdGKb;yM0oNZlyG2
z;v4E7IrTL!P$H(K%v6X!0;RGFfM8lb2*$^R8;WmS_WXjo=<CX<8lB6m>SnP7W>>=`
z$08qO({q$cKI7x_s0DM8FGy~!6d#<rur;UprEl&<**i>VkPQ$59uy~(V;2h^!E~WM
z4!@WkhDE$}2cxuVJeJJuL#4pI=`|pT!{R>^e5e;UH?OX4TKQq+1z++D90Y{v{F5*}
zR@n;N?lx!ua5n|L#j5D>SQ$%VXC}iz@8^Rrij|vsf+F0mF2Ow)Ix<7T6(zl~&oU&S
zV<&y)ll@<E(dFTs7Wh2dt~&V4mnFQt(coJo=9_$%Yu^I=V+XjpZGV^h^a9;STU8yt
z#`OVHV^FR<5gN*2XisFc=ffo?OND&3(*8^Nea8xt-?V2`5X{yt1P!5m8LOoeeQ(D0
zgLRXDh$K~h4M#c;zv@biFOBIO&rRPPtc0g?z&&Kvt2{S4XUq3Fe|eC_d>!-U4nF7=
z&7w4>3k006jD%X$4S-r5-mO-SK6SJR{ZBUIYNhG=-j0Vr@Ni90b~bAvqkns=s|yUk
zZu-8*hXMwI7|kVcQ>-K&=j@ONCNG*acy2i?bkVNQxW!2IYeE$kX%C<}Onz&Zy|EjH
zYg_x?!k<1996J~aKnzd2nxov1x#Z(#fhT|S63E8rt%h@hr@O$oNza2+H_l*aU|<@k
z9vWN{X#$n6OG|4$7+ge`Qf=b1e`qTt*WG`SYrsBltj>9Z^KS-XS*}n4lt}p}@~`lF
z%+@!b?{n+6jQCo*MYKO)UZ6EA{F%H-RRzjN7k$#m=ywhe{*YeuIQ@6A4#UtAP}dcl
zX4&%VUm;Gulw+tCw_Urql<&Eo-?h)<&h^au`05i8@1#bAPWT%>g7@5!LszmP>q{5H
zW=y~}arr*{sZPcC-Yn$CXDSnD$gaYK4*WwQG?wgZy|k-l9*XdK5|Gegu0MU_Yx<C9
zSXZ$=YURSUx0~P=*mwC0VH?a3#Z4eQIl7~mD?)1W*1nn-=e|F^RWh&i<^>2DJtdG$
z+veFPq~~bl=b#lPLHEknZAlRjc9zUb_obeTzf<ZX1<g61q(iPmOj;w?^_M<!hle(_
z>PKw$G;A6!jVZ{Snps#2Ll`cDJ7QgKEv4GKpTK9CI^=n5u6=jAe(u{t8-Q2z>s<vy
z=3lvk89QgB6OSwsz=2MUOu*R6hjlPS#il3z%-%s~@cCas+jnx8wysfF?;w{`1J`0C
z)iC;re{R7vxFB=Ttv~yDCYaCMPy+_gzloj-y6!R*y(xfyv6`#guPfAGU;xD7h5)G%
z9l{O_1^7O?F3)Q8Zu?qU!HUrs=s2o*0cN{T0`PNneyHj8vM21z2TyPdx{^@wka+(2
zoRzmOAZE&ZW2w<kSR<r2ct)(;&I4*ZDw98h+^ElSUU(fn<<PLHe$XSHb_$eO44crX
z?ZzqrgFF-N_0FnnFt)S#dn_0WJpNG(0lD|+se2J34SQt>>8H9SzCC;r{Q3WC?>nQK
z+`4rws31~RP!X^pB1mu}MXDW@rl2&12nr}2q?bgbseq^mK@boXks5jpiGYC80@9_I
z&_W4;0D+L)^~P`S4W93O=iD*wpF76>w}(6A&AaAWbItNR&#Y_*>d7HCD+^PdFj_g@
z5{ejSm2!pYP&Ag~Ammn9F%^smnT)dc*S@-aR6s~HZb{wnegT~|c*U+GGwT@Vs8d&$
zkRkdNj8jR9%cTMdcr;?m$oVEWt2A8y1|EPsZ*za@UgYvg4BX`j_kZ2xHIk)gF(8=E
zR_vV}8{F<Ss@V5Z5R6Ofydt_f@ol#o=<W=gejl&M=KiKMv={d#K<eH2Y&k#nfEOi|
zajz_f4Eh2slU($Et{B(v$T6Yo-fw4N3^FVXL$_xv*mpL^(?e+dG1h7|wV`g<xhX1f
z4)@5P9EPO9v*8R%-?0?X5wRRzRK$s|l;Bpb71ff60BHYqwL+EVv+!tJH_|{)h57^4
z@J(p3uv#WxKndv1<N0sulant2l90;+_@lwe!@_&JKN#oVM3jPwyz$8FMlWXf%KSRt
zf=8ve$s3>k&BFU5Z^rvC^Z~`)d!q5QF{@b;6~5Y9lGC?RisCFt)jrp;+q>e!xNayE
ztigsC`8$PIn}qe<1XQ?IA;Hq{9-uHS5Si%xBXK76HRsQxP@1=;co*ij=eRj_W-H?w
z?X4|YVKTGpUea6g*OxLnK#jY2GM+)*St<M}dVwu|nH*KEl(Mv0jY3Jkg|6vcZqp5Z
zPvXJL^*HM;Q1J}6yc&`RtBeq>e;Z#Hl+7&wjep0bpJv)7l$1U^=*i&+31BuudPN^3
zbFI3!lfYr`uIsu=ksHP>_8f#7W8n<W`InPGiDqx|PT6y;<Y7@&F)sbK9q<(*j^1_1
zX8RVP7ZEI=YB-*jgN<Yi5Tz?s29$(JkDB_pBunRibkiz=qx+`p-0B&HE;>9K90FQP
z7a(s|UJEm92F14doot{UHNK*H&)Cz?fWst?T4y<eyiOe>ZFBYLEFBhsHPGj^;c%P4
z&V5|o{eHEmY%tFt!Q+}k{2*Eent6~d)pbM(F(-%2Vb!U521Y7ck`LUKS~>E1was2x
zkwI)2=meaKa7I7F;rbL9&+Clc$54G;GVELKmBWu)5~-L<QX+h(+63R7!!6N{tTYCx
zoSGa3-AXwsOig=VTk2L=MLF#Xs{uIF-)N{<MvWvGcrlpBjeYC0P(|a9EDgK~P0Aps
zE{$3)`NPj3X8DDq7!gNl@8{u_8mMe?VOcHUAcZqtJ!DKm62?W=eCIxqP>E78BROEI
zX{M^`auZiDZiBJcR6gzQff>ba(cIn7c@TSd<RDYZ^!LO|X|-0z)5itKj$Rd+V~E8P
zdwOlZ@-y7TYCF;gF~)!V)E3x5%=X9uo}Y*b-FTxA;P^>?-He%FG6^?>SX8WpIaWNr
zpj|xg6Y=B>)KwYFJ){2^HHT;P(YOR>gpC3^1x)$Idc9_h>&jV?^Q>V~euM|wURJY8
zbyq!VZ}sZ2@FyJbmjKDjW%`_BpV`r?McVFDzFgjCRKyp*l5*W|_@S~Tyg8-<;>S_9
z$>9>-H=L>NKq~rXop)!}P~;?I6{iYARBxBQSfe&(Pnjj77`@K`6%jjNU}|x7X>&Vh
z9G>(ZPvBBM7%#XITrp+LVFD)E(I$OnR=$wjO<n83Cb}VXuIF~$V@W)t!A(Wht44PO
znItg%qW?-?ANqA48kCS7W<_jtNUvCtpav9`UxZlAdfM<=pdMV6W-{(#F6X{D)`%tD
zTLfy(*+4b)0N1wZ7a)(%SW5i{RKwJ%%2jY!3S#U$5~aM5h0~jk48YZ4NCB{Y4U$wK
z0j~JAbQVZ?pIm82uC~9Q2D5+j2KC-JRXd0`C8<!xy+73-&LQW&;m+tD;B-5l;xD(#
zSnXrTWNR1pjOZgNO`VHi8s(u~9l7I^HjLG6;*0HmsA}cuEDzTCg~9#h8!L8o2Psbu
zRANn6jAuM8RjfxI3_Reo@aP7+aqrg4;Hb@*qdn?VgAW|Rn5b4e`k}y2(9V&=3@`%E
z?;5BEg4tmgS#RtbX0YcxDL(-}xS<FrJl))dn|5J{dJPHm-B3a{`UypqAf(vOUZ=`~
zc@A^S+G28Zx4vTI8D!@!vlS@4OuEwNvGlW#u^N;OU&*W9QBYABbRcbq{RCK3wz-aK
z73^o>pPbTu<+;OT9y>43FPpa_U$PH$jVB@Bdy93pgFIE_e4`Xpgpjy~eW~7AnYlCx
zg1*wF;rPZdQgwu=@;Dn+BDg20XM4f<pe|o+5OG${>=_8qMv$AS>D7LHNJ!y|#-)L~
z?k`Euf^_BPRQ2BK*^MCOJx%EkA7*r9Y=a$i@TihTd|<UZ7jVmt`hfoQqOh19g|n;m
zi>OUd^{rkftJxKGcWlc(*bqQrRkM~g?TjOJ49ZSq3JSrgHHMww2A!##<Nikb9#1<v
zt3<O0XM%(nOt)VRHe~?i`Rko{22DAr8r<=M0J;0Hfh#y0%misyoZS}NyA38Vw--iz
zQU|a_RU)^gTdOtPb@jbYMYN{uun$i~bxj8XWKokmD8t>3i2oh}KC2))z+*?evif-&
zOxyFv&N+&4Z+k~Nl8VwE&JjYCx=*<wMvJJhjSTy<rQBBgAJ%16!nNWSF@4_|I&&lM
zwTkxGvT}k`p;k-(AYd29R`A_l&Ak~8zkBp`kc@@ULS|X|6)<5&b%%XH@>Uo$fO`&}
zN%ubM)!G$jLV7%EiCnPsdo;8&Uj76_y|y2H%QWyC7`)Qi*z)bLH@th=)$N!?eaKFX
z|BGWSFkw)w(8|)%Eb5u3fT~afa#q1&=?9=}%I}B_44{S=U@7>Zf=vOWWB!*1W`Cft
z5=gp!<(%r0pFY8buXk|w^f;DiJfqi=ybT6|K4o&}Wk2|%6ko0D)HX)xxF#}^L0&92
z6Au~JArfvZ#<V;vtNnOS5Ct-%DOTr$?$l{Fx#1iyMv;61Nt$L3^ZNd{k7vTN1d!ej
z$senQ&ptyDa&Gcvd|wb|%yv$y!<U_|Pl1@L!QKnuG>ZWc0$KP{`6z){&tb=LJd8Rd
z9FJnqWeU^fS)|eKm1DN$w%cG}*!Rq^YQZQYYUeVKMJs07Wlq{0noO{xBGH)51UnmQ
zZyvw&wLg+F6oymB(tC$$nuQQO*wtd1TUNm?<Zuai#aBV+*oiyD)jWTIT<LsNrAqj=
zCy!B=QMW~-c|hJ42&%u{6Ba_xdqHi%>_Q12#vi^F3y9-~r3F$@y~6YXVRIyX)L#4<
z1T7gxrY}(^YAZ&=JnHV|FqXm?--O67wvFc8Rxy69I&nQrC?lA+?Gc;l7sSexTz3+E
z7~pDV94^(|)VCGmdz#wLhC7gUOD>AQ+x8j+D+t_Y9S##MWr}U3ttQ2%;!r7$#J(u@
zOqlvj&4Mwn?dPJ8U@XF4f=FlPSPjVd1{RV&sqH-yx)Z|^e1}(vaw{|XxnNC-v{p*l
zwNk{AIf+yeCh@EyT3kTZyTF}3r;0=mq{UXAd&zxczgxHQv*p(QM9;cR&N^_@X;UnM
zr@*kGRO+7iYf21on8K>^oc6iBy_V2#elC*}^v8W8S&F$aU?fj`9kkedmh-8&<!|1R
z#5<AWI!Oi`*3+&9Lpjx|2$FOu77uF2IdY{BNNUN-i?la1w^;pMH&e=LudA)vETmZ~
ze>jGw!|FUedWdxA!jY>!K9RD1D5-}7GHB`ttGSBN0lqW`aXoivV8}Pd<)xf~amjjj
zHfi7Tkar|j_RT@JLZXFcJlnmVb!D78u<LO`3l~%;(1H7jfeh~BHGCIT(-bb4VZ3kw
z7m7=jdZF#HZk61Q4?Aw~d6k+7SpbQ0`W?-1F65H%oNzy0D4Dl+GN=n)p0snd4o|Bi
z<ypP^L*n+xl|tnSG-J8+V!GpFR3@V4V9<V}7Or4IWbih9ykl~nx*jj)27e(KZcfi;
zg-4!_HM`!WUuq>)x!5y9PnGZ<Y%vQf=_X`UxZKINDau~@=<Bm6=x@||^79PNfTY85
zV`4=j-?-G+I!hs3a^}Zk>qmSm5c7bFR$#F)VB%J-{ReDjKgjpv!jZ4=wvma@tn2ty
zJi|Nr^WqaVC5%CoYgTN{7Mlv<fL^RaZG(K7`ez*ALbq6(_K{CEq+e3s0!xagCr>g~
z7})FkCDZJ8+IejcGk!Cxv-NnTZ`BffRW|9Q>zm6FSR7mo2d{U3^NrBj=?5jS^+z6~
z92DOHw2Mb-lT(>GWg(mth$vE9G8muuDQtT5O4M~7q`%=|d-sa?5#$yRi<3QaX`aZH
zE-pl4Q1MXiZaW`Og7~)T-iZFheP)1{kyu&oMxh5z0h~sw;VILF%TX7zyN52qJRRxk
z4RHQeE!EXrZ=NCQ#pQ_=74l0_f_1-l!ZA8XYK<i_`Iq^HO!ai4Vq4}xKA+rcw|haL
zTD3dQwVVyt(xQ?3N16I5D-KYhzLNyy=!$s{)fIvJvfnFtZ>2^btHfZbqE=G)tp_WF
z>0=Ij<6=ol3A00ywLT!Zb_3WfS%WW(EiiXGM*+J&KNJ}MUQboihwF0(Tr)4KKD$jY
zN_oZuS9&||DNYiUoXiLL4Yvt!1Gn+|S6Mk>64Vi6V`rTJ&I>}wEj~lnWt!1d8FSS+
zAXoiBJ!EJ3e3F5r<B8<FD+shffBxGnN04ABa_v@8)v+%M1%520K;GE7X$$qS*~8HK
z^ds(U!4rX%E)_$Yh24>eKJuNWpH-XtjF!N_sH0wUG25CWP{jnX8(i^!+>~_RZzsMT
z*RtPZ_>L86wpuvehm!iC!Mp?%SKuo@+sR?s`~8m{tXmFOeL$BVC(9dCe}aT2BWi3L
zxc`ffGzRn&T6Ftf8iT^m7Il}6-HC6t6sL5l_|7tk7u6~Y!&`*;je80dqzUHK<&(s=
zDeJ1*^aAcJNvgC8{g67RjGr!3MNnDMxa8>Fc{LL6`J#kh1$UMakZaz)LgKaaIZbK7
z9m{x~)3AIMD@8OG$cUZ|eq3>@mpoeWM$mMmRvY1T<s>n2-y@qY*ZOSszMHptBKiqW
zwUtB|{)yVVgI22KuyFxlGB%!RN8G6$)pRjN%SX#yK^{}q@bFSF<=t9g_;M!*h*XEI
zo0XD|fi+@Cc!41{a%4}Jp~my}x)K)qX&~PbtyH&epVswGkG#3ahUaHD$+zizg-jdi
zZ+<x;JZr3a36)<m@6#&64>5y4R}Y-V8<yxB_KAiyV|CKFXtd#?{l$nNrQx&G9r&PK
z_!#<PbUOxXkd)}Dh|jHe_h<@^iw`gqqf{GO`kYt+!_stjsX}GLc0>t$78-zeVOH$A
z=}-ZJ_@=U2pC9H-Lp}z*ZUw|st&d(%6;Kk{2+HRkIX;Y_G<AD!eO?R(%&);GA+YZX
z9m+QqfstAQDBP2(&)1Fh6K}IZCB!$KYASyikQTtmJBNkOYRXn2hdELvuad~m^f7;|
z)Z)Co9N$&)jc`~ucF#Un3tLUTG;la(2FZX+Jof<Qf*O9x$}(vvnO`w^LP1=;M{+(9
z7W;CQ3{%C(YfyBfQi6$yDQinY-$TEP&Z$#AV4OPM{^D}L`_ILNcE^rYyd}{<Iqxj?
z(agZWgCt?&W$eVM*A3u29(Z{M@P<J>4>$KFm!ZolvB0M25;q~r8NjvGeOw(`V3OFu
z8NYSO4Y|lwIky?iW?@_&FPqV52KUYU2gY0ESXtm;w-EIk{QI<5pBGFD9RJfpA?SMy
z`V7Oc1=rOx9Szf>S+g%pnVtPJ!x$fIJzb>2W^&ZBWcVfML4s}|rNKQJal^ULfj)|)
zE0%zWJFkD=cKb)?50DD0m0gz{pLP}4<LxlBRaIdZR0yw=hONuqn(QC_X^n0uhd*sl
znyaJ1u5z8IDNmyKcZEi`?PJ?mNkGBlVgYu%0s&T9XZ2J<<MbO#gb3qUW!dD*#xERl
z-Pa^|_y1%KOSE{sYd4t@@a`xJ45;TWK6?+Kudrtno0|5Dc2cS9@_2lm>a&$GT6o}d
zal3-;1>6CRN0n5-n8ab+=MY4$nUpehxO$gxs^A1>#s?W5>r@k7-aL5tQ-zvlkQ(dF
z^70DlftZ=LYEa^O9gt^Q6BYtO@7AznPHTq$-I=UvA;NTJyP%@$FmfZUotFRUa1L~>
z97ZR0aDzLu{U~q)Rs5jp9Eww0k&(0SeFc!8$kR%shjDXhw9yWpiYd|&S{h?S4i_76
z=V-T{po-&Iy1lYY$?}Bvh$~&5It;I8ILtn*oFgL#+}^sC5=$$(qEh0cS}u{u`30rQ
zP-(ZR+e})kJUHCw_Tt0%6*N>vG;2aMi%J8xS4o{}L86S2s~i_&CqhsYY8Qj}`B(0J
zaA5BMg@Kr^-kjNHiQvs@G&pE@go1Wcw-;#sCkP=_(JCo8{YZkQIl-FH?l|$<#U~U7
z0HgLMxgAVw-iEG3xhLXpW_g!QO1B)fVKfP^nr3~T00pO4$g5wrbmC~WxO+1`Gk30c
z@RyE(9J_A`8T^F+5_n{mR8Oi2rDn1dkI)12xPl1m>9%<Kh<z^#xno|uA|ZQu5Q|&w
z!q+pL<`V|<xE(Oy%Bkt=?>o%(aG^%lRzcB=v7&0=J?ZqBlojT4Zx0si6Tn9-7#5cH
znHf0b2_$hwC&NJem;)xSNijZ;a8y!J#AJWhYBrN|rJy*d-U%)&@qq`ktg-{%6-i>C
zOf))N;1Fx%-R&yh+i8i!8Ql7$Kopsr&qkG=^7?uh6yv%VPmj_Lz+WtdR@^yS=gKBL
zew%&`voshyr+rA?qS1iPs8$*orZvBgdl>}Fp+>{t^}Vapi@SVp8YT#VuvY;&JvuEz
z%l+upJtRaOti;6&dQHa8&0-P^bdT2USf(#ltl|t2oR<6>H9Ro8;J{f%4ASzhfH*OO
z9pnUTmj?0^99FJT<!8UbkE@hgf?-*BW|;sKQf~7c08-@#sp(k!i4-uyQndj&vsB`Q
zqFD|r&)u=`5vud=@`lwSw<7KK)cJQx;#NxV!t}Baq5T8^+rH*HU8H*aC$2)!E?#-;
zEH28nduer0Z%9;?`m_R}dEA})U0brg7f8i&b+JjCOamkCX5Y;q1&uy;54_siFJhx_
z-@d)elyNsq`IEtBQGe5eW7|h}3Jny7d3E1?HY&zwhq8kuLHnbOQeDz3vO-8te!ocm
zQu<ULXv8DMzI|veNwYVRJKXf(l6^kpn?VY5XD|=#)8jDEUP(Ilh%_69RKnpF>D2V&
zqZXiG+xSv$nX-CrmGo2zYAcfxNvPOSrO~3wv}dNK72!i+swyjAMO9QVf)*gNby$*a
zSaK42rj);A{wbkoaxdQ9)3tK9KA&}&KLSNeIn@fTEz6fTYE$v>81%-uS13%O!2!9~
zIGmH0ex3=%qj2}QpRhNQe&t#Ln$L2^y;^aOau0$0m{!bV(Tkb5iF6>sY?Fo$b{vor
zC;IPI(Ds=?b6HltCQ#5&x|@SrPIVK3OQ1mw-Q{o>gpGJXKz`|HVGEQ}B%BvscHqgD
zXiFdkg^)%V8E(o5gGA5Ty3EXlBi+yD!Br;%-%NNnAZ`o%92mAW*XN>gTFHX)eP{gA
z(jk`Z=Hc5-%Ck}n1Old(4|iXh2lHPGjsZ_Kpj-*+5}t*Z9ew(o6bn@;$w|ZULLN!k
z$2#?)=>C<lH=6)xua(Dx*gjspk8zL)0<MUyFhb%U3r!5@!+Zn1g1VQF4q>QV1tm(0
zML1<A>uXVQD<GR5@xD|i8klpe<}OrhEQvbZ>@0r$^G=IW|2HQS>L(6+4>mQ&Ef70(
z<H)ZEPG}BLK)f&21!*0LaYD85d!Ulvua`t#GUclYhSLUVd`Ym^7pZWRP?YlQQ|)7R
zJC9q^_k;PH9#SXiuvY{7P3EH8pYNA@>&6NdarK9DY`0ox>=3Ar_s2Puj>w?D+fOYI
zUUuJYk>KAIRzCTr$F(cHxRykPMhH%}q7hRh*(B~=t3P0|F9O2)AQHrDq>qV;%#z>5
zD8LZL-YtYvhl`0B;^*?4wG?gTOA@_LcuOqI&>HMVg<Vz~2jG;Nb{+4jAB#7i%`ts@
zv1B6%!=0CF^c!jz9ps1sjfiX5(Kyv`7~QjLvMEeOjQ!x%RYybm^(IiQ#aZy1xL<b^
zccd;CyAZPh|6+;8r71d0EDY^^b<z&pbYBzOu?t~pi2RYFi}aw+_+gxzPr6NZ6u}cT
zjzsO}P=UB@lU86dCdYhkl5$=Y+YQ-0z5M<%P9S-fezwK`ya(%5PE}f_SzxVcP|v4A
z5%F##aF2$40}~emaLu%1@u%lOD?zwY%`QlFBqFR|=v+po`z&^4`WBz)>d(bRal&Hi
zUf2~_#aJl2$@_4weQ!a*8eo!ptXirPciUMPE&R0Y1Q}a*VW4_xsC7n>EUsq)Gl)KG
z8dzJn=oy%&1N3f?bHZe4k6S_a0O5fgmXon)UNqHcu_Q8(U!eR)7tj=rOjTJRn)<w!
ziaqUJH*Dss+gw&I$_b+65s7ZN;HL{=D;@c^w_LxAsD8Js?6&I+@ZndqU`>@Q>@Ocg
zEH;iVN5g`r_)~9_c-4&*!BOfs?Mn{rZkSRoDuu?qnytPDBV3UebL1-UZ6tW1pa+l!
z2`Anmd^640Vs$DPzCAKBLhegA4!h(H4AC|)WiUh+(w{MruL7ZkL3c*pVy`t3Cfdgb
z;R|SoG#UX%b<=#~J!bFmajM*tvt@o~N;YB9KPk?qK=(EGL?cN2r{<h7;{dw>q9TQi
z;fUCPesgn^^j5oH&7uAF+_y?D2tN684K%}Fl<x$8=B#su^y9l}Q}RWCjIh8+I6csC
z$pTd~lGYLT@AyQJX?y(J9(_wg_SOv>V6PxCuwVW9#$T3`G4XV68U?6|E2nyy@D>Qk
zTWgr33!3h4$QxZf0iePYTB;OP9??d2-#^QEm+|#f`Eirmq=LAQ;Q9Ceg$x4s`%}sL
z^;&t4W>S-dOhnZlec8ndfEIVSy_~m~a+$~i<op_t!2beO!Axd+Fw+3lbIIoys)rF&
z_aC4l0lyOH^w}RDf>l%jNBjM39JC`L2&-{JbgUDAhrH&>YzFX>R`%ES!+NVv<$X=S
zkF0YauM99zyi%slaiq=SSJSw|!*369dz)4~i#MF|AU9SVphd2OzWF}2bes<#uv=o7
zK7@?={J(jBD6{Z%F5=R@N&4gCla+hW+iVAk1$dkP9#ryIAl=>y!AkybjRb0~UJ!o0
z+p;{S_}`*3nR{)+!dA!OKXT5#+YLZP=~4=;APPNtH1j0#@M3ek)+C8j<DJY#<gtcq
z4gr9y{JACX8Rrr3YYhGca`6CKk`{`t0Q?F1*fs?{uIi_XqeY~YHvx&YhfLH3=!SlW
z8bafzPg(*LCP0dTs(!Zw&1>rHJL0B+#ksp-rFYv)PB+m5_F5f$^v96-d!VUV2$uGR
z#;>idy9hPNCZPr}r^-@4)V+RsNk50>liD4qYYQa+Q$Q=LGa*PwL0NP}16-F<7dHW{
z)>+r7yso6Nkhe9t+y4ZNDW)gMwRuDoY&9A(m&iy?hF<11*#8<mwb`i|#mBpfU99u*
zDl7LO@Z<X?2<637NUjl|gO8x=7y6J48!*5tCT{1$qrjI$9r_Eg`03YU_B)N8?JV0y
zS#figHu*%EFj>a1z|>bXCR=|MDawG$iOCLzVGH-j6$offl3n`aSYH?H4QN&d3Y<9r
zVp=L{IeiK$K^3z=nb73hhX_ouLV7{zF8SrLE=veH3d5HwJ+Q{S=3QN89$%&{#Dd6R
zF7-E1__JtJXB!mvjoo$3vSbnfM>|37BsW|wO8}Ub^(%KFsa&1>21lLo6Jk*~4xvWL
zltE77{h2|R+7LiIF}At_KqRLi7|-aBMS%Ws(6cPv@9<?~Cvg2S_g~AX-=S>3{jgr9
z6Nt?P@098?r#$}<xAQ=wu&)%605Z@lZMg~j3v`M!hx(!JaV?7y|Fbz&wJF8Uw}@%|
zi83`2g7<l$fMTTjK-v`^x{<I@Im&|{&l+<08i#SY(G}DBBTS0l81_r#iCc5GGGJ2(
zHA<%2CV;TKPZv{JS)9hiXt|%K&(3&o5_ChO9X=ImfS>HZ#J%VU*El8gTodY*4-7c#
z^VQk-yR5H=Z{{cUB`jN+xx2wNx85pgun=i{8`-BaB418utDg9*sL-~Cvd28qi4TsY
zO2f;E2Oo8UTj<%vQhzB;vzq0j+~tu{%B$e!7uYIU_C*7QHD+r-ZSZ}-%PI|*EE?7+
z5Y%jbmr?$ZEoYWXu}%ZE+-NwIDETAI76S6cL7@|Pbw1Af26G~`-Kr9W#IujS{MclA
zut!R<PIS+Sso|TDw>LiEKY=oKP2A#EqH<05Coc2FG`LASR<xz8_L*2?P9<v~-+&{s
zNBa;!2G;)Y+q)?W0#5?1Tc4~AGeA%;vbQXi#q&U>MSb+4d!7G6EpNZ=DK(<?a)U2|
z&40s4N-Fw$zCAl`b5GP%hhxqgsnueZqlo+g<!{k4CFVe{NiE-XCa)7gT-aSGkziL<
z%PX%-gBU{nzrcP?*M4KFKx8tBPsyp!nfl1wl>dfIwuUI?%=GFIpXI+0e*g@6>;0?n
zztLP*PDQQ9pYMV2=QU(=$Lyjamy1)7&_}7oe{yxTteG5OY5#(sJ8J-%oS?vq%RM}p
z3y(A8nwgnuahC164_yHtGTs;J?!$xmnj`e!0r<(ik7Z0QMXkrNOG7yJx@#Avfb!b$
zMen=J8}*MF;yPMp@lil`Z@+Xz3&{d=e9NEvgZacQ-_{aH4>TTxknZ=T4!K?=@$!`X
zyurMWQn28J{S9<~XT8Y+<7|6j5GwRldz=-AzyW%Il=8@EBXr9Dd`Sg}B&N0F{Ja+H
znh5QJ-*4QYga2a6$w5pxWr$<a{#T3c-g@#s)2w?p=KoEe1wQ>buzcd(&AiC~KX<v2
zV!^!Kb>#9j*P`wvp%1O0w`l_JehZKvSaa5!<q}x&*uBp_3j(tc;_PjH`3fK9zomFU
zMX()k1jm0q`8pofFY<iuu^#h@*&7Vkzx@&L_M9A-zGeW{otb_NpymM>ZEO3(H7msG
ztO?km8KIZo(t%K)JnX(XWMRPl;kzcjX2Bnw5rvoqPfefnvX!Yjlh67wE&S@f)Ou#n
zNfucq51#^wU*uUrM3ZPX`w6SCPuWHhHg6RuJ~q`mfp9n2O36&}=HV~vc_t?z>)V_;
z<N^%KR@|$>wEjd@{yH**2=t)`rv@oti$H{as8Goc9GK~Pvorw0TcY%Np1i}4QJ=f#
zLN%Gr0)w{vdxHRgL-eD)Fk^w2@~dEnJDN0JWj>Mb!1}ijg5Ex%>`BM&GW83SR=Uh>
zki6`vwbsHJ5U(PS=V`NWnfm_GE$PtxeG9m!O;%ghJ<%U<$P`ZQXi^0HT`iUS4onO4
za(r6PGz<I^7#frP2GiT!UHpClBAA#+4`>?yqT+?>CSk*-+yPjU$&`e^$Nvk?C9r-^
zhwRz|QVeYo$<Rv}EU>;|SneqRFSak+2RmH1-Yk2e6}LF{-t_{BH^K{>#YC9CS){C^
z_!>h@VC%!YNve-g@(t`pfaM9j{k`>X{{njZQ+s$y4!J*lVr-kj+y*z{_;nVR0X&^z
z*+Y)YhuxnJVctbR78VCi@l5)f1qa+?Zot<P4Ls;6$^vWpzKuf*vatI5vfnt8OiD4}
zkU`|`mblnh!A|S{2u=;z(6w&wS3}m%+W53ZuuT2Pn5XnF>kD)NDAr#D%QGnGLy1jK
z+5yW666t{gh!emp{+;Wou!q5lH|)6B@*KD%C%l|27zeNqHiwN{qXTi~zxX%i6Ad4w
z{rx=fU_pp_8?^PXnLZE>$V$}&<sq=)Cy1xlS@<`n3jxUO!4ug(@BY(ELhkb2PRN6Q
zmAWwF-!Gy-eOJb`@PBjbSdcv-BH2$!+{UZkU(O{@P1i8}s;pM*vP%9Ckcxt~QVY|&
z^V|_wxA&tU>&qT^Squ!zVr>73X?>Tw%p%X9t2y=xe5m-;zS(84MF8pk2LRk+AhMIx
zdb3zUEB+?o$xog#^&8XFs$ZO&-gYRw`Rm<&_iu^JC$hg-|Mushw{N_2Ve(nO$RXFf
zWM;H_!$(>4&))>`PJVZ~kcHEMg*WDHTKB|rkO$urI2H?}E<}Y-$ulkdbgS-qmil=}
za-dVg#2(a;uQO8>^xuS@^?FZC@BaUUogEEvZNLWPu~=`G5XdajyRIvO6|Yh5>tGTF
z>Q+4e)<l6StH1fTU%au6+3Vl_G89(q3wdG;?ys*IvaQT*kb-7Xoc>(R-<@s^WMRO>
zlX$21=SQFe=&J>J@SPRhr8^&^#)kd2GW#eZO?Q3^yjX3R>OI7IfUvQ`0}YT#nVr2Y
ztwNgSdB=YvH!{8ZrAO<dm%EVlJ04w_c-}9<>s<PVY5kT^+jSv_I`p9*_rDT@f5`wr
zAqO8sH(gJfkL3Y}(lYRnl^UR%7L5wTFpEMSaQxp}5{Uf$?%$YClsL2g?Kz={;k+MD
zmiS}TlaAI;zrqR%WsNGz#!bIF-8YbhK^baG%lfd24f5b-d)~W&=^C-#jr~juAK9m|
zo*%ix7s$t%OM8_56IA{aRQ?lG{u5OG&q5ym1eN~;mHz~lP!Rt=2bCz0TDhq#XmtWU
zeTt^X+U#-Trl(sV21u;W0@s}O0YEc(8g$5W?q6{ah%|$+LxN#73*8U#7c3LkDgAKY
z=PiT?`=H8&b02@S+54??cvEg9kd+9v0SYs1>FxIhqJjhwF*bILRo>W$b$RBQcUSHZ
z+fuWGCFxgW6{TaQa151;5l}fPMcPzB<5#+ge{Wd$w`{EKHW(O6d7=b>ovCspY$q5d
z6*rdlo3xVVCVpe*D}3cB&{;eIW_irKf7YLP#cCNS<~^+f8ZG843j*0h`@)3F+F^>*
zWB=xzmgt?M_X;KpML-)YUX0G}!UEIOY1RiqH}aoq17N|WCMR%UDEKq!!r7{rY*3`k
za7VZo_S|ony2KWw*SsbN;NG*{rqk)Bt0N-jx;s<}w+T~r6_3;RLsi=G8>M07&(LuM
z6Bv;i4arJ1U=6~}lSfiFs^^*HDJj7i0%>!v2*E_U2KL+ZR7#2aZ)Rg@P+r7L2GTeK
zNUXKz{WCw((33yRHrALCYNzzE)7GA#BUXO$^H!k5XfR2!^4MGKzgl3AQvo6iq<W?B
zo)Ot?mY~{xrrC6zjM$?yM|{Q6-EUWiMNx$G`eEdeKA@oBN)pQjMW)S-z7{MnwrvUf
zfUNP|toBp_02Xw+=DHB`Je;BlId{Bsox_vYNsN8vWfeZS3dH!}7}eT`D8MUN*qcEF
z@xILV@h$*A-tTAiDBIwdtfdQ(o&zkRz(E{IsoTjJu>NFk0qS_i{Mxj5gYV@{Q0oK0
zDjwgOx%%xAUn__4=ZqQN{1`hitK;l0sbP*2H;7(BaG<-`=iOljw9~NHJbnQEI6a_k
zXKnhjC&sS0D2kfh{<AbYzI2MG9Q7<YX|3I&KAvGU2CdBZHeCzE@(ZZJ!ygwrEzvI>
zE|UKE&NJ4QwFSmj%@n&!gk*>zHMnl?x#yG7*7<$K?lanRZ(v>)YWp2y2Ca1k){4x5
zgjdkl!3)r0jbGuNi%zQcYX`qMF%TXCNOJR9EM@A7y{QAo9;5s}+<=s(q2J7xpK5;a
zN#{$X3N7EZ-MpZi+&mBs<LkEN)mxV(xw4d>D@K`kQXMo=o!%Q8KnFq`x7pNnxb6M&
zvSb3~)2+bhnh9k=rbLJ%Acs4asu`sQiX4XBkmXC&J;8;K$v;2Ft1^D9?va?VX%A{M
zXB5zqT@VlUUaL#C!Pl6(Bb$%{)ErJ!P;Qqel<z>1*e>Pd)C&t5b7-XCQ+o{3yc1ng
zD9T|>ERxC(Ga0G99s_Nml_qFZyS?1;g7c*U_Lw3AhXPve2a=10g)BIy@igJbd6kE>
z!H};Kmpjp0&#Wuq9^YiT8VRhH%xVZaEpf0p2V2MLvy@f6CBH=>uSwarl{&ce&)8Cf
zFWCkjow2_T6_7W6)rP$H>8h^&#71?)BomXZCkVvWscUlGp1UltJEo;~<dN|)l93+d
zi1P;1wJ!Y%4uVT6q?t#^Z8XLHzKsmdCATlQ%_Yk-U*f!`uh%)V74Y3W|I)Kjr!S+8
zW2UX9+Ke!SHEElZ0m7Xk>5S|$^)VCWdxmLg`||x2TBjUB$T$af9iY0={-TYuW=_y<
z)h%Dc%69Z9bw*gJTxM*UwA#N?hTBG0o}c@I->k~Ds?xvc>xvXU#xOpCYxAikldY3X
z@M7i5CvrT#WLvmu3g!FD+#azPOWAsq@*)u%D{OV-BU{(Nb>*se_XZf%$vF-%kt|@`
ztV-)CnSkSY$3p=wTDPxYU+!zPKJf-z*#E>p&wTmNjYYBJ-OIQMdMjBr9@gd>V=K?M
zrhJpCd*D)I<E{{vbk8n=>ynWQ7bRt-9iEC4%1>PhoFZo#cu+l;6trTkeDKYnmHVTR
z>z1JCeS<WuQY9Ohz8;tML|4LH&Fa0bOKt6`UF(YIck<XJcANRPN1LDnB?f4zU79Nr
zdTsaGTTDuOe<=bn_YL-4rKf=oI<teQNuV@-Ov~wLZ`51O%U;dKbY~!qrzxI3>#H}>
zUz`Rmu2P&zX!{zHys;ha*;-W3)_2KiY4CJ?B(?)V@yu@qOzIzDWl~E9DdNEa`zd7T
z)6Wf6(8v>A>;!_fxgpghi%h1FiG`G!W$ao(w*wJh3KJ^LDCay@^PEcPGH>td8s=f9
zueG63`UTa=y6H0>3c%wkteDmg`SS(0J~$4moq*SFJ?}v^GUUVR)$)0nq^mZ}O*mF1
zqdC{CHOo)ljtGbM#WQC3T0~%bs>?Z#B4dWpv~IfYiCZZcBearTUfrA>P?lGak{t5i
z34Jv>G6G+VCX7dR5!yY$$5)New|wf?71%ZWzUcT~f_^K_C=OX<jNl-&j#4}cuGG9_
zJE{@Y<*kCbF}xXk?T=;t^e}<@5_;%ljFFxS3>TSnyHBz<hOhesTpTBvZ%-{oul0_A
zSUlvvr#0YV>gdhBf^JD%U~%gx0jp^q+<Ia$8DVV0uoA?V96aDYUL_yWJ(6R9;$v5=
zI$^*4MpchnmP!D*@_AN^ipjdh!d2f07XIK?+vDhMr!-y4J<z!rtGo_ut3sTc8bDyY
z%-SP|F-SAfrJ9)sN61}2)oPnkaKlib+F)X7{TCU(3w1Edx_c@jD7&(zdg@j)9gs>E
z3MtVGH~E+s0w$}{vEpgsgiLAvtL#t3tqqcko_QJT%0vdCn`#604NyKQl<4Rw$OwM$
zPG5HE_H6Z0(uTy-EOGA$j((w)6X_qlMO^ruPr(dq7@vyQ`T0h3Uq`=?$_beWxri-(
z5s~dZd|fybysI04k@V~h&Z-DWJQr4JVtw5HxcKQv&-AqBc^At?YlX;lcW16xW==w-
z&WcQF+YP>kyIEv{N$Nfcmk=vue92+3z6}Pul=sRN8l?1^q0@6Q9}R7AWEc3_inf&P
zrrIt0gG;eL$o=^pDlW~A#MZ@}*k7*kEO97se{JinNecLZiiI6?a6;Dpapq5!Dh_Zt
z6#O9nu*_PmX|F{OwTTl~esX|~E>~sR5gfrHP}^!eNvW(kFB<7-+wuKpcx-2qD{IW!
z{qp2^ru4xoofV0NpJoKYcd*`uFmK~4JrjtyB%r(hkz#M-BXYLN$pz)<liYr;I?}5&
zYwpCZPgVs18Hy}xPRdT+%exgM+NX8UFpAL~qiM=<!qo}A#W|%?;C@&4NQ{+TeH`RC
zA$ij>xjjWtpuogMcwKoP&`YW~PDiE`v{)y8mv?dfWLFf1?g4Nh=ezs)=FLRTR?EAf
zQggbA><Ur*lXWVZ)z{Zuu{Sn}v#HjoNEYCo&_P2Xx|ZDwHJ(^kU9dsx9mPEJUfsF-
zw%E4SP^?paDq}usVr?Doju_bC0_uWE%Rl9-ZBn&5r{$}~iOWAVp{1-&9BaM0IoOd{
zV2rNtFJAXhW8OV-OZQ7mI>#NuZnZ7ud4cB3bm;fXVO1PgYGU<tkRmP>v-(E3$?)F~
zsW^uM^MCubUnQdXhOiV}Qug*s-if}|ABl1=({t-T-95JM5bp4m-4q%jboU44ZsCKw
zqhPBlj`F#nV>x8>iu<k-)h;&fSz`?rg#+B;XAB=G3chO!fZ$QVU!2q3EziH~SaGS>
zM6RtnW~OdZ6nOl#*IpmrOb_P)$~ILlhtzsHxka2U^cQUJGM+w?|4VcpYHb`nkeTCq
zr8B~~6RE#&qH8hl7I<sB(CX~caS$!0t{N?Ty}33fJfprTe7l@0rLd$JsjkG?oc*Xj
z(Y$d_koDo=`$Kz9Hr!lab}l|6;Cn@&daPI%z9Q;wn0UC)!r{kAmY!IW-8!3H++@2|
z#8$}qqG*ECE?}r#Bi~Q`@$}0*-s-n?or=fTF2>+?jY9|Cd_6goa^LneKs-5}OYNsz
z2^0xeS~&i$_2QaBy{ClK_iOiFRZq{pa3QyBfyM5RjBq>ddWN^8G$I%bLtpc)Lu_9;
z&zcp;#XU9(2TJ@JS7n<Vw;X!fzrOit&cY&DyFqij7O33pHyEhh#hIeJMxE`>O?Fme
zJql?`XLJj!<ZJs>>=vmWA>q<BroXeig+;PiwW>B2@ZL@*h<O;ZN{ehBKefh&W0*&o
ziF4<7<@rHP&2fR9Up@+NR$gO+I||TuoX#lm)B{4hyKh&nu$$`5_Kz#9d7oHr?tD-T
zR_FoE+@v5;#Hjzt+4{W8e|ML@OmK5&r#*L^FoJD?x}%&6YI~Z?&NhjxS-+#l58MM1
zQD{y{_wiPT0<Y{%Z(NlHL;qek-=$5PB9}&dtbx$iFNvqWx-!szoH+$7`HM02_k+P-
z`+x@VyzSRm*qR><xiM}{kVk|XonPzHps(ozTi!>&adfSSF7&4t!1rAE(8m4S*EGt3
z$M#+7rmhVtpdZi#zNhK4%!PG7hJ|$=JocZT|Ig|(cm6+{hv|y`Il4>-_K)Xbc5DA}
zoY0l=|HHMl#OTVpyKlpWJ%Oe)L)68%eP?B6*unky$HoDX53;}Cd>A%Xn7y#u@AvQv
z@Xvem4z7s=AfM2$dB)virO<0_-U7AoHO{zy{|vFB*Ildjn>PDgP)V+m)_nm+_HDRw
MQR_m+xjT>l4@@5Z$p8QV

literal 0
HcmV?d00001

diff --git a/login/apps/login/src/app/(login)/accounts/page.tsx b/login/apps/login/src/app/(login)/accounts/page.tsx
new file mode 100644
index 0000000000..a1e99401e2
--- /dev/null
+++ b/login/apps/login/src/app/(login)/accounts/page.tsx
@@ -0,0 +1,97 @@
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { SessionsList } from "@/components/sessions-list";
+import { Translated } from "@/components/translated";
+import { getAllSessionCookieIds } from "@/lib/cookies";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import {
+  getBrandingSettings,
+  getDefaultOrg,
+  listSessions,
+} from "@/lib/zitadel";
+import { UserPlusIcon } from "@heroicons/react/24/outline";
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+import { getLocale } from "next-intl/server";
+import { headers } from "next/headers";
+import Link from "next/link";
+
+async function loadSessions({ serviceUrl }: { serviceUrl: string }) {
+  const ids: (string | undefined)[] = await getAllSessionCookieIds();
+
+  if (ids && ids.length) {
+    const response = await listSessions({
+      serviceUrl,
+      ids: ids.filter((id) => !!id) as string[],
+    });
+    return response?.sessions ?? [];
+  } else {
+    console.info("No session cookie found.");
+    return [];
+  }
+}
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+  const locale = getLocale();
+
+  const requestId = searchParams?.requestId;
+  const organization = searchParams?.organization;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  let defaultOrganization;
+  if (!organization) {
+    const org: Organization | null = await getDefaultOrg({
+      serviceUrl,
+    });
+    if (org) {
+      defaultOrganization = org.id;
+    }
+  }
+
+  let sessions = await loadSessions({ serviceUrl });
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization: organization ?? defaultOrganization,
+  });
+
+  const params = new URLSearchParams();
+
+  if (requestId) {
+    params.append("requestId", requestId);
+  }
+
+  if (organization) {
+    params.append("organization", organization);
+  }
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="title" namespace="accounts" />
+        </h1>
+        <p className="ztdl-p mb-6 block">
+          <Translated i18nKey="description" namespace="accounts" />
+        </p>
+
+        <div className="flex flex-col w-full space-y-2">
+          <SessionsList sessions={sessions} requestId={requestId} />
+          <Link href={`/loginname?` + params}>
+            <div className="flex flex-row items-center py-3 px-4 hover:bg-black/10 dark:hover:bg-white/10 rounded-md transition-all">
+              <div className="w-8 h-8 mr-4 flex flex-row justify-center items-center rounded-full bg-black/5 dark:bg-white/5">
+                <UserPlusIcon className="h-5 w-5" />
+              </div>
+              <span className="text-sm">
+                <Translated i18nKey="addAnother" namespace="accounts" />
+              </span>
+            </div>
+          </Link>
+        </div>
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/authenticator/set/page.tsx b/login/apps/login/src/app/(login)/authenticator/set/page.tsx
new file mode 100644
index 0000000000..a339426c89
--- /dev/null
+++ b/login/apps/login/src/app/(login)/authenticator/set/page.tsx
@@ -0,0 +1,218 @@
+import { Alert } from "@/components/alert";
+import { BackButton } from "@/components/back-button";
+import { ChooseAuthenticatorToSetup } from "@/components/choose-authenticator-to-setup";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { SignInWithIdp } from "@/components/sign-in-with-idp";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getSessionCookieById } from "@/lib/cookies";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import { checkUserVerification } from "@/lib/verify-helper";
+import {
+  getActiveIdentityProviders,
+  getBrandingSettings,
+  getLoginSettings,
+  getSession,
+  getUserByID,
+  listAuthenticationMethodTypes,
+} from "@/lib/zitadel";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { getLocale } from "next-intl/server";
+import { headers } from "next/headers";
+import { redirect } from "next/navigation";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+  const locale = getLocale();
+
+  const { loginName, requestId, organization, sessionId } = searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const sessionWithData = sessionId
+    ? await loadSessionById(sessionId, organization)
+    : await loadSessionByLoginname(loginName, organization);
+
+  async function getAuthMethodsAndUser(
+    serviceUrl: string,
+
+    session?: Session,
+  ) {
+    const userId = session?.factors?.user?.id;
+
+    if (!userId) {
+      throw Error("Could not get user id from session");
+    }
+
+    return listAuthenticationMethodTypes({
+      serviceUrl,
+      userId,
+    }).then((methods) => {
+      return getUserByID({ serviceUrl, userId }).then((user) => {
+        const humanUser =
+          user.user?.type.case === "human" ? user.user?.type.value : undefined;
+
+        return {
+          factors: session?.factors,
+          authMethods: methods.authMethodTypes ?? [],
+          phoneVerified: humanUser?.phone?.isVerified ?? false,
+          emailVerified: humanUser?.email?.isVerified ?? false,
+          expirationDate: session?.expirationDate,
+        };
+      });
+    });
+  }
+
+  async function loadSessionByLoginname(
+    loginName?: string,
+    organization?: string,
+  ) {
+    return loadMostRecentSession({
+      serviceUrl,
+      sessionParams: {
+        loginName,
+        organization,
+      },
+    }).then((session) => {
+      return getAuthMethodsAndUser(serviceUrl, session);
+    });
+  }
+
+  async function loadSessionById(sessionId: string, organization?: string) {
+    const recent = await getSessionCookieById({ sessionId, organization });
+    return getSession({
+      serviceUrl,
+      sessionId: recent.id,
+      sessionToken: recent.token,
+    }).then((sessionResponse) => {
+      return getAuthMethodsAndUser(serviceUrl, sessionResponse.session);
+    });
+  }
+
+  if (
+    !sessionWithData ||
+    !sessionWithData.factors ||
+    !sessionWithData.factors.user
+  ) {
+    return (
+      <Alert>
+        <Translated i18nKey="unknownContext" namespace="error" />
+      </Alert>
+    );
+  }
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization: sessionWithData.factors.user?.organizationId,
+  });
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: sessionWithData.factors.user?.organizationId,
+  });
+
+  // check if user was verified recently
+  const isUserVerified = await checkUserVerification(
+    sessionWithData.factors.user?.id,
+  );
+
+  if (!isUserVerified) {
+    const params = new URLSearchParams({
+      loginName: sessionWithData.factors.user.loginName as string,
+      invite: "true",
+      send: "true", // set this to true to request a new code immediately
+    });
+
+    if (requestId) {
+      params.append("requestId", requestId);
+    }
+
+    if (organization || sessionWithData.factors.user.organizationId) {
+      params.append(
+        "organization",
+        organization ?? (sessionWithData.factors.user.organizationId as string),
+      );
+    }
+
+    redirect(`/verify?` + params);
+  }
+
+  const identityProviders = await getActiveIdentityProviders({
+    serviceUrl,
+    orgId: sessionWithData.factors?.user?.organizationId,
+    linking_allowed: true,
+  }).then((resp) => {
+    return resp.identityProviders;
+  });
+
+  const params = new URLSearchParams({
+    initial: "true", // defines that a code is not required and is therefore not shown in the UI
+  });
+
+  if (sessionWithData.factors?.user?.loginName) {
+    params.set("loginName", sessionWithData.factors?.user?.loginName);
+  }
+
+  if (sessionWithData.factors?.user?.organizationId) {
+    params.set("organization", sessionWithData.factors?.user?.organizationId);
+  }
+
+  if (requestId) {
+    params.set("requestId", requestId);
+  }
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="title" namespace="authenticator" />
+        </h1>
+
+        <p className="ztdl-p">
+          <Translated i18nKey="description" namespace="authenticator" />
+        </p>
+
+        <UserAvatar
+          loginName={sessionWithData.factors?.user?.loginName}
+          displayName={sessionWithData.factors?.user?.displayName}
+          showDropdown
+          searchParams={searchParams}
+        ></UserAvatar>
+
+        {loginSettings && (
+          <ChooseAuthenticatorToSetup
+            authMethods={sessionWithData.authMethods}
+            loginSettings={loginSettings}
+            params={params}
+          ></ChooseAuthenticatorToSetup>
+        )}
+
+        {loginSettings?.allowExternalIdp && !!identityProviders.length && (
+          <>
+            <div className="py-3 flex flex-col">
+              <p className="ztdl-p text-center">
+                <Translated i18nKey="linkWithIDP" namespace="authenticator" />
+              </p>
+            </div>
+
+            <SignInWithIdp
+              identityProviders={identityProviders}
+              requestId={requestId}
+              organization={sessionWithData.factors?.user?.organizationId}
+              linkOnly={true} // tell the callback function to just link the IDP and not login, to get an error when user is already available
+            ></SignInWithIdp>
+          </>
+        )}
+
+        <div className="mt-8 flex w-full flex-row items-center">
+          <BackButton />
+          <span className="flex-grow"></span>
+        </div>
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/device/consent/page.tsx b/login/apps/login/src/app/(login)/device/consent/page.tsx
new file mode 100644
index 0000000000..9f257bca8c
--- /dev/null
+++ b/login/apps/login/src/app/(login)/device/consent/page.tsx
@@ -0,0 +1,99 @@
+import { ConsentScreen } from "@/components/consent";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { Translated } from "@/components/translated";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import {
+  getBrandingSettings,
+  getDefaultOrg,
+  getDeviceAuthorizationRequest,
+} from "@/lib/zitadel";
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+
+  const userCode = searchParams?.user_code;
+  const requestId = searchParams?.requestId;
+  const organization = searchParams?.organization;
+
+  if (!userCode || !requestId) {
+    return (
+      <div>
+        <Translated i18nKey="noUserCode" namespace="error" />
+      </div>
+    );
+  }
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const { deviceAuthorizationRequest } = await getDeviceAuthorizationRequest({
+    serviceUrl,
+    userCode,
+  });
+
+  if (!deviceAuthorizationRequest) {
+    return (
+      <div>
+        <Translated i18nKey="noDeviceRequest" namespace="error" />
+      </div>
+    );
+  }
+
+  let defaultOrganization;
+  if (!organization) {
+    const org: Organization | null = await getDefaultOrg({
+      serviceUrl,
+    });
+    if (org) {
+      defaultOrganization = org.id;
+    }
+  }
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization: organization ?? defaultOrganization,
+  });
+
+  const params = new URLSearchParams();
+
+  if (requestId) {
+    params.append("requestId", requestId);
+  }
+
+  if (organization) {
+    params.append("organization", organization);
+  }
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated
+            i18nKey="request.title"
+            namespace="device"
+            data={{ appName: deviceAuthorizationRequest?.appName }}
+          />
+        </h1>
+
+        <p className="ztdl-p">
+          <Translated
+            i18nKey="request.description"
+            namespace="device"
+            data={{ appName: deviceAuthorizationRequest?.appName }}
+          />
+        </p>
+
+        <ConsentScreen
+          deviceAuthorizationRequestId={deviceAuthorizationRequest?.id}
+          scope={deviceAuthorizationRequest.scope}
+          appName={deviceAuthorizationRequest?.appName}
+          nextUrl={`/loginname?` + params}
+        />
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/device/page.tsx b/login/apps/login/src/app/(login)/device/page.tsx
new file mode 100644
index 0000000000..e8761d25de
--- /dev/null
+++ b/login/apps/login/src/app/(login)/device/page.tsx
@@ -0,0 +1,48 @@
+import { DeviceCodeForm } from "@/components/device-code-form";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { Translated } from "@/components/translated";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { getBrandingSettings, getDefaultOrg } from "@/lib/zitadel";
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+
+  const userCode = searchParams?.user_code;
+  const organization = searchParams?.organization;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  let defaultOrganization;
+  if (!organization) {
+    const org: Organization | null = await getDefaultOrg({
+      serviceUrl,
+    });
+    if (org) {
+      defaultOrganization = org.id;
+    }
+  }
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization: organization ?? defaultOrganization,
+  });
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="usercode.title" namespace="device" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="usercode.description" namespace="device" />
+        </p>
+        <DeviceCodeForm userCode={userCode}></DeviceCodeForm>
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/error.tsx b/login/apps/login/src/app/(login)/error.tsx
new file mode 100644
index 0000000000..d14150a4b4
--- /dev/null
+++ b/login/apps/login/src/app/(login)/error.tsx
@@ -0,0 +1,27 @@
+"use client";
+
+import { Boundary } from "@/components/boundary";
+import { Button } from "@/components/button";
+import { Translated } from "@/components/translated";
+import { useEffect } from "react";
+
+export default function Error({ error, reset }: any) {
+  useEffect(() => {
+    console.log("logging error:", error);
+  }, [error]);
+
+  return (
+    <Boundary labels={["Login Error"]} color="red">
+      <div className="space-y-4">
+        <div className="text-sm text-red-500 dark:text-red-500">
+          <strong className="font-bold">Error:</strong> {error?.message}
+        </div>
+        <div>
+          <Button data-i18n-key="error.tryagain" onClick={() => reset()}>
+            <Translated i18nKey="tryagain" namespace="error" />
+          </Button>
+        </div>
+      </div>
+    </Boundary>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/idp/[provider]/failure/page.tsx b/login/apps/login/src/app/(login)/idp/[provider]/failure/page.tsx
new file mode 100644
index 0000000000..f2b7a19b91
--- /dev/null
+++ b/login/apps/login/src/app/(login)/idp/[provider]/failure/page.tsx
@@ -0,0 +1,105 @@
+import { Alert, AlertType } from "@/components/alert";
+import { ChooseAuthenticatorToLogin } from "@/components/choose-authenticator-to-login";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import {
+  getBrandingSettings,
+  getLoginSettings,
+  getUserByID,
+  listAuthenticationMethodTypes,
+} from "@/lib/zitadel";
+import { HumanUser, User } from "@zitadel/proto/zitadel/user/v2/user_pb";
+import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+  params: Promise<{ provider: string }>;
+}) {
+  const searchParams = await props.searchParams;
+
+  const { organization, userId } = searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization,
+  });
+
+  let authMethods: AuthenticationMethodType[] = [];
+  let user: User | undefined = undefined;
+  let human: HumanUser | undefined = undefined;
+
+  const params = new URLSearchParams({});
+  if (organization) {
+    params.set("organization", organization);
+  }
+  if (userId) {
+    params.set("userId", userId);
+  }
+
+  if (userId) {
+    const userResponse = await getUserByID({
+      serviceUrl,
+      userId,
+    });
+    if (userResponse) {
+      user = userResponse.user;
+      if (user?.type.case === "human") {
+        human = user.type.value as HumanUser;
+      }
+
+      if (user?.preferredLoginName) {
+        params.set("loginName", user.preferredLoginName);
+      }
+    }
+
+    const authMethodsResponse = await listAuthenticationMethodTypes({
+      serviceUrl,
+      userId,
+    });
+    if (authMethodsResponse.authMethodTypes) {
+      authMethods = authMethodsResponse.authMethodTypes;
+    }
+  }
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="loginError.title" namespace="idp" />
+        </h1>
+        <Alert type={AlertType.ALERT}>
+          <Translated i18nKey="loginError.description" namespace="idp" />
+        </Alert>
+
+        {userId && authMethods.length && (
+          <>
+            {user && human && (
+              <UserAvatar
+                loginName={user.preferredLoginName}
+                displayName={human?.profile?.displayName}
+                showDropdown={false}
+              />
+            )}
+
+            <ChooseAuthenticatorToLogin
+              authMethods={authMethods}
+              loginSettings={loginSettings}
+              params={params}
+            ></ChooseAuthenticatorToLogin>
+          </>
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/idp/[provider]/success/page.tsx b/login/apps/login/src/app/(login)/idp/[provider]/success/page.tsx
new file mode 100644
index 0000000000..ae9feff6b7
--- /dev/null
+++ b/login/apps/login/src/app/(login)/idp/[provider]/success/page.tsx
@@ -0,0 +1,340 @@
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { IdpSignin } from "@/components/idp-signin";
+import { completeIDP } from "@/components/idps/pages/complete-idp";
+import { linkingFailed } from "@/components/idps/pages/linking-failed";
+import { linkingSuccess } from "@/components/idps/pages/linking-success";
+import { loginFailed } from "@/components/idps/pages/login-failed";
+import { loginSuccess } from "@/components/idps/pages/login-success";
+import { Translated } from "@/components/translated";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import {
+  addHuman,
+  addIDPLink,
+  getBrandingSettings,
+  getDefaultOrg,
+  getIDPByID,
+  getLoginSettings,
+  getOrgsByDomain,
+  listUsers,
+  retrieveIDPIntent,
+  updateHuman,
+} from "@/lib/zitadel";
+import { ConnectError, create } from "@zitadel/client";
+import { AutoLinkingOption } from "@zitadel/proto/zitadel/idp/v2/idp_pb";
+import { OrganizationSchema } from "@zitadel/proto/zitadel/object/v2/object_pb";
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+import {
+  AddHumanUserRequest,
+  AddHumanUserRequestSchema,
+  UpdateHumanUserRequestSchema,
+} from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { headers } from "next/headers";
+
+const ORG_SUFFIX_REGEX = /(?<=@)(.+)/;
+
+async function resolveOrganizationForUser({
+  organization,
+  addHumanUser,
+  serviceUrl,
+}: {
+  organization?: string;
+  addHumanUser?: { username?: string };
+  serviceUrl: string;
+}): Promise<string | undefined> {
+  if (organization) return organization;
+
+  if (addHumanUser?.username && ORG_SUFFIX_REGEX.test(addHumanUser.username)) {
+    const matched = ORG_SUFFIX_REGEX.exec(addHumanUser.username);
+    const suffix = matched?.[1] ?? "";
+
+    const orgs = await getOrgsByDomain({
+      serviceUrl,
+      domain: suffix,
+    });
+    const orgToCheckForDiscovery =
+      orgs.result && orgs.result.length === 1 ? orgs.result[0].id : undefined;
+
+    if (orgToCheckForDiscovery) {
+      const orgLoginSettings = await getLoginSettings({
+        serviceUrl,
+        organization: orgToCheckForDiscovery,
+      });
+      if (orgLoginSettings?.allowDomainDiscovery) {
+        return orgToCheckForDiscovery;
+      }
+    }
+  }
+  return undefined;
+}
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+  params: Promise<{ provider: string }>;
+}) {
+  const params = await props.params;
+  const searchParams = await props.searchParams;
+  let { id, token, requestId, organization, link } = searchParams;
+  const { provider } = params;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  let branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  if (!organization) {
+    const org: Organization | null = await getDefaultOrg({
+      serviceUrl,
+    });
+    if (org) {
+      organization = org.id;
+    }
+  }
+
+  if (!provider || !id || !token) {
+    return loginFailed(branding, "IDP context missing");
+  }
+
+  const intent = await retrieveIDPIntent({
+    serviceUrl,
+    id,
+    token,
+  });
+
+  const { idpInformation, userId } = intent;
+  let { addHumanUser } = intent;
+
+  if (!idpInformation) {
+    return loginFailed(branding, "IDP information missing");
+  }
+
+  const idp = await getIDPByID({
+    serviceUrl,
+    id: idpInformation.idpId,
+  });
+
+  const options = idp?.config?.options;
+
+  if (!idp) {
+    throw new Error("IDP not found");
+  }
+
+  // sign in user. If user should be linked continue
+  if (userId && !link) {
+    // if auto update is enabled, we will update the user with the new information
+    if (options?.isAutoUpdate && addHumanUser) {
+      try {
+        await updateHuman({
+          serviceUrl,
+          request: create(UpdateHumanUserRequestSchema, {
+            userId: userId,
+            profile: addHumanUser.profile,
+            email: addHumanUser.email,
+            phone: addHumanUser.phone,
+          }),
+        });
+      } catch (error: unknown) {
+        // Log the error and continue with the login process
+        console.warn("An error occurred while updating the user:", error);
+      }
+    }
+
+    return loginSuccess(
+      userId,
+      { idpIntentId: id, idpIntentToken: token },
+      requestId,
+      branding,
+    );
+  }
+
+  if (link) {
+    if (!options?.isLinkingAllowed) {
+      // linking was probably disallowed since the invitation was created
+      return linkingFailed(branding, "Linking is no longer allowed");
+    }
+
+    let idpLink;
+    try {
+      idpLink = await addIDPLink({
+        serviceUrl,
+        idp: {
+          id: idpInformation.idpId,
+          userId: idpInformation.userId,
+          userName: idpInformation.userName,
+        },
+        userId,
+      });
+    } catch (error) {
+      console.error(error);
+      return linkingFailed(branding);
+    }
+
+    if (!idpLink) {
+      return linkingFailed(branding);
+    } else {
+      return linkingSuccess(
+        userId,
+        { idpIntentId: id, idpIntentToken: token },
+        requestId,
+        branding,
+      );
+    }
+  }
+
+  // search for potential user via username, then link
+  if (options?.autoLinking) {
+    let foundUser;
+    const email = addHumanUser?.email?.email;
+
+    if (options.autoLinking === AutoLinkingOption.EMAIL && email) {
+      foundUser = await listUsers({ serviceUrl, email }).then((response) => {
+        return response.result ? response.result[0] : null;
+      });
+    } else if (options.autoLinking === AutoLinkingOption.USERNAME) {
+      foundUser = await listUsers(
+        options.autoLinking === AutoLinkingOption.USERNAME
+          ? { serviceUrl, userName: idpInformation.userName }
+          : { serviceUrl, email },
+      ).then((response) => {
+        return response.result ? response.result[0] : null;
+      });
+    } else {
+      foundUser = await listUsers({
+        serviceUrl,
+        userName: idpInformation.userName,
+        email,
+      }).then((response) => {
+        return response.result ? response.result[0] : null;
+      });
+    }
+
+    if (foundUser) {
+      let idpLink;
+      try {
+        idpLink = await addIDPLink({
+          serviceUrl,
+          idp: {
+            id: idpInformation.idpId,
+            userId: idpInformation.userId,
+            userName: idpInformation.userName,
+          },
+          userId: foundUser.userId,
+        });
+      } catch (error) {
+        console.error(error);
+        return linkingFailed(branding);
+      }
+
+      if (!idpLink) {
+        return linkingFailed(branding);
+      } else {
+        return linkingSuccess(
+          foundUser.userId,
+          { idpIntentId: id, idpIntentToken: token },
+          requestId,
+          branding,
+        );
+      }
+    }
+  }
+
+  let newUser;
+  // automatic creation of a user is allowed and data is complete
+  if (options?.isAutoCreation && addHumanUser) {
+    const orgToRegisterOn = await resolveOrganizationForUser({
+      organization,
+      addHumanUser,
+      serviceUrl,
+    });
+
+    let addHumanUserWithOrganization: AddHumanUserRequest;
+    if (orgToRegisterOn) {
+      const organizationSchema = create(OrganizationSchema, {
+        org: { case: "orgId", value: orgToRegisterOn },
+      });
+
+      addHumanUserWithOrganization = create(AddHumanUserRequestSchema, {
+        ...addHumanUser,
+        organization: organizationSchema,
+      });
+    } else {
+      addHumanUserWithOrganization = create(
+        AddHumanUserRequestSchema,
+        addHumanUser,
+      );
+    }
+
+    try {
+      newUser = await addHuman({
+        serviceUrl,
+        request: addHumanUserWithOrganization,
+      });
+    } catch (error: unknown) {
+      console.error(
+        "An error occurred while creating the user:",
+        error,
+        addHumanUser,
+      );
+      return loginFailed(
+        branding,
+        (error as ConnectError).message
+          ? (error as ConnectError).message
+          : "Could not create user",
+      );
+    }
+  } else if (options?.isCreationAllowed) {
+    // if no user was found, we will create a new user manually / redirect to the registration page
+    const orgToRegisterOn = await resolveOrganizationForUser({
+      organization,
+      addHumanUser,
+      serviceUrl,
+    });
+
+    if (orgToRegisterOn) {
+      branding = await getBrandingSettings({
+        serviceUrl,
+        organization: orgToRegisterOn,
+      });
+    }
+
+    if (!orgToRegisterOn) {
+      return loginFailed(branding, "No organization found for registration");
+    }
+
+    return completeIDP({
+      branding,
+      idpIntent: { idpIntentId: id, idpIntentToken: token },
+      addHumanUser,
+      organization: orgToRegisterOn,
+      requestId,
+      idpUserId: idpInformation?.userId,
+      idpId: idpInformation?.idpId,
+      idpUserName: idpInformation?.userName,
+    });
+  }
+
+  if (newUser) {
+    return (
+      <DynamicTheme branding={branding}>
+        <div className="flex flex-col items-center space-y-4">
+          <h1>
+            <Translated i18nKey="registerSuccess.title" namespace="idp" />
+          </h1>
+          <p className="ztdl-p">
+            <Translated i18nKey="registerSuccess.description" namespace="idp" />
+          </p>
+          <IdpSignin
+            userId={newUser.userId}
+            idpIntent={{ idpIntentId: id, idpIntentToken: token }}
+            requestId={requestId}
+          />
+        </div>
+      </DynamicTheme>
+    );
+  }
+
+  // return login failed if no linking or creation is allowed and no user was found
+  return loginFailed(branding, "No user found");
+}
diff --git a/login/apps/login/src/app/(login)/idp/ldap/page.tsx b/login/apps/login/src/app/(login)/idp/ldap/page.tsx
new file mode 100644
index 0000000000..372c814525
--- /dev/null
+++ b/login/apps/login/src/app/(login)/idp/ldap/page.tsx
@@ -0,0 +1,56 @@
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { LDAPUsernamePasswordForm } from "@/components/ldap-username-password-form";
+import { Translated } from "@/components/translated";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { getBrandingSettings, getDefaultOrg } from "@/lib/zitadel";
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+  params: Promise<{ provider: string }>;
+}) {
+  const searchParams = await props.searchParams;
+  const { idpId, organization, link } = searchParams;
+
+  if (!idpId) {
+    throw new Error("No idpId provided in searchParams");
+  }
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  let defaultOrganization;
+  if (!organization) {
+    const org: Organization | null = await getDefaultOrg({
+      serviceUrl,
+    });
+    if (org) {
+      defaultOrganization = org.id;
+    }
+  }
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization: organization ?? defaultOrganization,
+  });
+
+  // return login failed if no linking or creation is allowed and no user was found
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="title" namespace="ldap" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="description" namespace="ldap" />
+        </p>
+
+        <LDAPUsernamePasswordForm
+          idpId={idpId}
+          link={link === "true"}
+        ></LDAPUsernamePasswordForm>
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/idp/page.tsx b/login/apps/login/src/app/(login)/idp/page.tsx
new file mode 100644
index 0000000000..ab16e897e5
--- /dev/null
+++ b/login/apps/login/src/app/(login)/idp/page.tsx
@@ -0,0 +1,51 @@
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { SignInWithIdp } from "@/components/sign-in-with-idp";
+import { Translated } from "@/components/translated";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { getActiveIdentityProviders, getBrandingSettings } from "@/lib/zitadel";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+
+  const requestId = searchParams?.requestId;
+  const organization = searchParams?.organization;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const identityProviders = await getActiveIdentityProviders({
+    serviceUrl,
+    orgId: organization,
+  }).then((resp) => {
+    return resp.identityProviders;
+  });
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="title" namespace="idp" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="description" namespace="idp" />
+        </p>
+
+        {identityProviders && (
+          <SignInWithIdp
+            identityProviders={identityProviders}
+            requestId={requestId}
+            organization={organization}
+          ></SignInWithIdp>
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/layout.tsx b/login/apps/login/src/app/(login)/layout.tsx
new file mode 100644
index 0000000000..936c7e17e4
--- /dev/null
+++ b/login/apps/login/src/app/(login)/layout.tsx
@@ -0,0 +1,62 @@
+import "@/styles/globals.scss";
+
+import { LanguageProvider } from "@/components/language-provider";
+import { LanguageSwitcher } from "@/components/language-switcher";
+import { Skeleton } from "@/components/skeleton";
+import { Theme } from "@/components/theme";
+import { ThemeProvider } from "@/components/theme-provider";
+import { Analytics } from "@vercel/analytics/react";
+import { Lato } from "next/font/google";
+import { ReactNode, Suspense } from "react";
+
+const lato = Lato({
+  weight: ["400", "700", "900"],
+  subsets: ["latin"],
+});
+
+export default async function RootLayout({
+  children,
+}: {
+  children: ReactNode;
+}) {
+  return (
+    <html className={`${lato.className}`} suppressHydrationWarning>
+      <head />
+      <body>
+        <ThemeProvider>
+          <Suspense
+            fallback={
+              <div
+                className={`relative min-h-screen bg-background-light-600 dark:bg-background-dark-600 flex flex-col justify-center`}
+              >
+                <div className="relative mx-auto max-w-[440px] py-8 w-full">
+                  <Skeleton>
+                    <div className="h-40"></div>
+                  </Skeleton>
+                  <div className="flex flex-row justify-end py-4 items-center space-x-4">
+                    <Theme />
+                  </div>
+                </div>
+              </div>
+            }
+          >
+            <LanguageProvider>
+              <div
+                className={`relative min-h-screen bg-background-light-600 dark:bg-background-dark-600 flex flex-col justify-center`}
+              >
+                <div className="relative mx-auto max-w-[440px] py-8 w-full ">
+                  {children}
+                  <div className="flex flex-row justify-end py-4 items-center space-x-4">
+                    <LanguageSwitcher />
+                    <Theme />
+                  </div>
+                </div>
+              </div>
+            </LanguageProvider>
+          </Suspense>
+        </ThemeProvider>
+        <Analytics />
+      </body>
+    </html>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/loginname/page.tsx b/login/apps/login/src/app/(login)/loginname/page.tsx
new file mode 100644
index 0000000000..6d8f209572
--- /dev/null
+++ b/login/apps/login/src/app/(login)/loginname/page.tsx
@@ -0,0 +1,93 @@
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { SignInWithIdp } from "@/components/sign-in-with-idp";
+import { Translated } from "@/components/translated";
+import { UsernameForm } from "@/components/username-form";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import {
+  getActiveIdentityProviders,
+  getBrandingSettings,
+  getDefaultOrg,
+  getLoginSettings,
+} from "@/lib/zitadel";
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+
+  const loginName = searchParams?.loginName;
+  const requestId = searchParams?.requestId;
+  const organization = searchParams?.organization;
+  const suffix = searchParams?.suffix;
+  const submit: boolean = searchParams?.submit === "true";
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  let defaultOrganization;
+  if (!organization) {
+    const org: Organization | null = await getDefaultOrg({
+      serviceUrl,
+    });
+    if (org) {
+      defaultOrganization = org.id;
+    }
+  }
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: organization ?? defaultOrganization,
+  });
+
+  const contextLoginSettings = await getLoginSettings({
+    serviceUrl,
+    organization,
+  });
+
+  const identityProviders = await getActiveIdentityProviders({
+    serviceUrl,
+    orgId: organization ?? defaultOrganization,
+  }).then((resp) => {
+    return resp.identityProviders;
+  });
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization: organization ?? defaultOrganization,
+  });
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1 data-i18n-key="error.tryagain">
+          <Translated i18nKey="title" namespace="loginname" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="description" namespace="loginname" />
+        </p>
+
+        <UsernameForm
+          loginName={loginName}
+          requestId={requestId}
+          organization={organization} // stick to "organization" as we still want to do user discovery based on the searchParams not the default organization, later the organization is determined by the found user
+          loginSettings={contextLoginSettings}
+          suffix={suffix}
+          submit={submit}
+          allowRegister={!!loginSettings?.allowRegister}
+        ></UsernameForm>
+
+        {identityProviders && loginSettings?.allowExternalIdp && (
+          <div className="w-full pt-6 pb-4">
+            <SignInWithIdp
+              identityProviders={identityProviders}
+              requestId={requestId}
+              organization={organization}
+            ></SignInWithIdp>
+          </div>
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/logout/page.tsx b/login/apps/login/src/app/(login)/logout/page.tsx
new file mode 100644
index 0000000000..ca97b37b20
--- /dev/null
+++ b/login/apps/login/src/app/(login)/logout/page.tsx
@@ -0,0 +1,86 @@
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { SessionsClearList } from "@/components/sessions-clear-list";
+import { Translated } from "@/components/translated";
+import { getAllSessionCookieIds } from "@/lib/cookies";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import {
+  getBrandingSettings,
+  getDefaultOrg,
+  listSessions,
+} from "@/lib/zitadel";
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+import { headers } from "next/headers";
+
+async function loadSessions({ serviceUrl }: { serviceUrl: string }) {
+  const ids: (string | undefined)[] = await getAllSessionCookieIds();
+
+  if (ids && ids.length) {
+    const response = await listSessions({
+      serviceUrl,
+      ids: ids.filter((id) => !!id) as string[],
+    });
+    return response?.sessions ?? [];
+  } else {
+    console.info("No session cookie found.");
+    return [];
+  }
+}
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+
+  const organization = searchParams?.organization;
+  const postLogoutRedirectUri = searchParams?.post_logout_redirect_uri;
+  const logoutHint = searchParams?.logout_hint;
+  const UILocales = searchParams?.ui_locales; // TODO implement with new translation service
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  let defaultOrganization;
+  if (!organization) {
+    const org: Organization | null = await getDefaultOrg({
+      serviceUrl,
+    });
+    if (org) {
+      defaultOrganization = org.id;
+    }
+  }
+
+  let sessions = await loadSessions({ serviceUrl });
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization: organization ?? defaultOrganization,
+  });
+
+  const params = new URLSearchParams();
+
+  if (organization) {
+    params.append("organization", organization);
+  }
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="title" namespace="logout" />
+        </h1>
+        <p className="ztdl-p mb-6 block">
+          <Translated i18nKey="description" namespace="logout" />
+        </p>
+
+        <div className="flex flex-col w-full space-y-2">
+          <SessionsClearList
+            sessions={sessions}
+            logoutHint={logoutHint}
+            postLogoutRedirectUri={postLogoutRedirectUri}
+            organization={organization ?? defaultOrganization}
+          />
+        </div>
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/logout/success/page.tsx b/login/apps/login/src/app/(login)/logout/success/page.tsx
new file mode 100644
index 0000000000..e7ec459f03
--- /dev/null
+++ b/login/apps/login/src/app/(login)/logout/success/page.tsx
@@ -0,0 +1,43 @@
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { Translated } from "@/components/translated";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { getBrandingSettings, getDefaultOrg } from "@/lib/zitadel";
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+import { headers } from "next/headers";
+
+export default async function Page(props: { searchParams: Promise<any> }) {
+  const searchParams = await props.searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const { login_hint, organization } = searchParams;
+
+  let defaultOrganization;
+  if (!organization) {
+    const org: Organization | null = await getDefaultOrg({
+      serviceUrl,
+    });
+    if (org) {
+      defaultOrganization = org.id;
+    }
+  }
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="success.title" namespace="logout" />
+        </h1>
+        <p className="ztdl-p mb-6 block">
+          <Translated i18nKey="success.description" namespace="logout" />
+        </p>
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/mfa/page.tsx b/login/apps/login/src/app/(login)/mfa/page.tsx
new file mode 100644
index 0000000000..5543cdf66f
--- /dev/null
+++ b/login/apps/login/src/app/(login)/mfa/page.tsx
@@ -0,0 +1,134 @@
+import { Alert } from "@/components/alert";
+import { BackButton } from "@/components/back-button";
+import { ChooseSecondFactor } from "@/components/choose-second-factor";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getSessionCookieById } from "@/lib/cookies";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import {
+  getBrandingSettings,
+  getSession,
+  listAuthenticationMethodTypes,
+} from "@/lib/zitadel";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+
+  const { loginName, requestId, organization, sessionId } = searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const sessionFactors = sessionId
+    ? await loadSessionById(serviceUrl, sessionId, organization)
+    : await loadSessionByLoginname(serviceUrl, loginName, organization);
+
+  async function loadSessionByLoginname(
+    serviceUrl: string,
+    loginName?: string,
+    organization?: string,
+  ) {
+    return loadMostRecentSession({
+      serviceUrl,
+      sessionParams: {
+        loginName,
+        organization,
+      },
+    }).then((session) => {
+      if (session && session.factors?.user?.id) {
+        return listAuthenticationMethodTypes({
+          serviceUrl,
+          userId: session.factors.user.id,
+        }).then((methods) => {
+          return {
+            factors: session?.factors,
+            authMethods: methods.authMethodTypes ?? [],
+          };
+        });
+      }
+    });
+  }
+
+  async function loadSessionById(
+    host: string,
+    sessionId: string,
+    organization?: string,
+  ) {
+    const recent = await getSessionCookieById({ sessionId, organization });
+    return getSession({
+      serviceUrl,
+      sessionId: recent.id,
+      sessionToken: recent.token,
+    }).then((response) => {
+      if (response?.session && response.session.factors?.user?.id) {
+        return listAuthenticationMethodTypes({
+          serviceUrl,
+          userId: response.session.factors.user.id,
+        }).then((methods) => {
+          return {
+            factors: response.session?.factors,
+            authMethods: methods.authMethodTypes ?? [],
+          };
+        });
+      }
+    });
+  }
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="verify.title" namespace="mfa" />
+        </h1>
+
+        <p className="ztdl-p">
+          <Translated i18nKey="verify.description" namespace="mfa" />
+        </p>
+
+        {sessionFactors && (
+          <UserAvatar
+            loginName={loginName ?? sessionFactors.factors?.user?.loginName}
+            displayName={sessionFactors.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        )}
+
+        {!(loginName || sessionId) && (
+          <Alert>
+            <Translated i18nKey="unknownContext" namespace="error" />
+          </Alert>
+        )}
+
+        {sessionFactors ? (
+          <ChooseSecondFactor
+            loginName={loginName}
+            sessionId={sessionId}
+            requestId={requestId}
+            organization={organization}
+            userMethods={sessionFactors.authMethods ?? []}
+          ></ChooseSecondFactor>
+        ) : (
+          <Alert>
+            <Translated i18nKey="verify.noResults" namespace="mfa" />
+          </Alert>
+        )}
+
+        <div className="mt-8 flex w-full flex-row items-center">
+          <BackButton />
+          <span className="flex-grow"></span>
+        </div>
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/mfa/set/page.tsx b/login/apps/login/src/app/(login)/mfa/set/page.tsx
new file mode 100644
index 0000000000..ebfa358d6d
--- /dev/null
+++ b/login/apps/login/src/app/(login)/mfa/set/page.tsx
@@ -0,0 +1,174 @@
+import { Alert } from "@/components/alert";
+import { BackButton } from "@/components/back-button";
+import { ChooseSecondFactorToSetup } from "@/components/choose-second-factor-to-setup";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getSessionCookieById } from "@/lib/cookies";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import {
+  getBrandingSettings,
+  getLoginSettings,
+  getSession,
+  getUserByID,
+  listAuthenticationMethodTypes,
+} from "@/lib/zitadel";
+import { Timestamp, timestampDate } from "@zitadel/client";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { headers } from "next/headers";
+
+function isSessionValid(session: Partial<Session>): {
+  valid: boolean;
+  verifiedAt?: Timestamp;
+} {
+  const validPassword = session?.factors?.password?.verifiedAt;
+  const validPasskey = session?.factors?.webAuthN?.verifiedAt;
+  const stillValid = session.expirationDate
+    ? timestampDate(session.expirationDate) > new Date()
+    : true;
+
+  const verifiedAt = validPassword || validPasskey;
+  const valid = !!((validPassword || validPasskey) && stillValid);
+
+  return { valid, verifiedAt };
+}
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+
+  const { loginName, checkAfter, force, requestId, organization, sessionId } =
+    searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const sessionWithData = sessionId
+    ? await loadSessionById(sessionId, organization)
+    : await loadSessionByLoginname(loginName, organization);
+
+  async function getAuthMethodsAndUser(session?: Session) {
+    const userId = session?.factors?.user?.id;
+
+    if (!userId) {
+      throw Error("Could not get user id from session");
+    }
+
+    return listAuthenticationMethodTypes({
+      serviceUrl,
+      userId,
+    }).then((methods) => {
+      return getUserByID({ serviceUrl, userId }).then((user) => {
+        const humanUser =
+          user.user?.type.case === "human" ? user.user?.type.value : undefined;
+
+        return {
+          id: session.id,
+          factors: session?.factors,
+          authMethods: methods.authMethodTypes ?? [],
+          phoneVerified: humanUser?.phone?.isVerified ?? false,
+          emailVerified: humanUser?.email?.isVerified ?? false,
+          expirationDate: session?.expirationDate,
+        };
+      });
+    });
+  }
+
+  async function loadSessionByLoginname(
+    loginName?: string,
+    organization?: string,
+  ) {
+    return loadMostRecentSession({
+      serviceUrl,
+      sessionParams: {
+        loginName,
+        organization,
+      },
+    }).then((session) => {
+      return getAuthMethodsAndUser(session);
+    });
+  }
+
+  async function loadSessionById(sessionId: string, organization?: string) {
+    const recent = await getSessionCookieById({ sessionId, organization });
+    return getSession({
+      serviceUrl,
+      sessionId: recent.id,
+      sessionToken: recent.token,
+    }).then((sessionResponse) => {
+      return getAuthMethodsAndUser(sessionResponse.session);
+    });
+  }
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: sessionWithData.factors?.user?.organizationId,
+  });
+
+  const { valid } = isSessionValid(sessionWithData);
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="set.title" namespace="mfa" />
+        </h1>
+
+        <p className="ztdl-p">
+          <Translated i18nKey="set.description" namespace="mfa" />
+        </p>
+
+        {sessionWithData && (
+          <UserAvatar
+            loginName={loginName ?? sessionWithData.factors?.user?.loginName}
+            displayName={sessionWithData.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        )}
+
+        {!(loginName || sessionId) && (
+          <Alert>
+            <Translated i18nKey="unknownContext" namespace="error" />
+          </Alert>
+        )}
+
+        {!valid && (
+          <Alert>
+            <Translated i18nKey="sessionExpired" namespace="error" />
+          </Alert>
+        )}
+
+        {isSessionValid(sessionWithData).valid &&
+          loginSettings &&
+          sessionWithData &&
+          sessionWithData.factors?.user?.id && (
+            <ChooseSecondFactorToSetup
+              userId={sessionWithData.factors?.user?.id}
+              loginName={loginName}
+              sessionId={sessionWithData.id}
+              requestId={requestId}
+              organization={organization}
+              loginSettings={loginSettings}
+              userMethods={sessionWithData.authMethods ?? []}
+              phoneVerified={sessionWithData.phoneVerified ?? false}
+              emailVerified={sessionWithData.emailVerified ?? false}
+              checkAfter={checkAfter === "true"}
+              force={force === "true"}
+            ></ChooseSecondFactorToSetup>
+          )}
+
+        <div className="mt-8 flex w-full flex-row items-center">
+          <BackButton />
+          <span className="flex-grow"></span>
+        </div>
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/otp/[method]/page.tsx b/login/apps/login/src/app/(login)/otp/[method]/page.tsx
new file mode 100644
index 0000000000..2d9daac64f
--- /dev/null
+++ b/login/apps/login/src/app/(login)/otp/[method]/page.tsx
@@ -0,0 +1,136 @@
+import { Alert } from "@/components/alert";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { LoginOTP } from "@/components/login-otp";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getSessionCookieById } from "@/lib/cookies";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import {
+  getBrandingSettings,
+  getLoginSettings,
+  getSession,
+} from "@/lib/zitadel";
+import { getLocale } from "next-intl/server";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+  params: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const params = await props.params;
+  const searchParams = await props.searchParams;
+  const locale = getLocale();
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host || typeof host !== "string") {
+    throw new Error("No host found");
+  }
+
+  const {
+    loginName, // send from password page
+    userId, // send from email link
+    requestId,
+    sessionId,
+    organization,
+    code,
+    submit,
+  } = searchParams;
+
+  const { method } = params;
+
+  const session = sessionId
+    ? await loadSessionById(serviceUrl, sessionId, organization)
+    : await loadMostRecentSession({
+        serviceUrl,
+        sessionParams: { loginName, organization },
+      });
+
+  async function loadSessionById(
+    host: string,
+    sessionId: string,
+    organization?: string,
+  ) {
+    const recent = await getSessionCookieById({ sessionId, organization });
+    return getSession({
+      serviceUrl,
+      sessionId: recent.id,
+      sessionToken: recent.token,
+    }).then((response) => {
+      if (response?.session) {
+        return response.session;
+      }
+    });
+  }
+
+  // email links do not come with organization, thus we need to use the session's organization
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization: organization ?? session?.factors?.user?.organizationId,
+  });
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: organization ?? session?.factors?.user?.organizationId,
+  });
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="verify.title" namespace="otp" />
+        </h1>
+        {method === "time-based" && (
+          <p className="ztdl-p">
+            <Translated i18nKey="verify.totpDescription" namespace="otp" />
+          </p>
+        )}
+        {method === "sms" && (
+          <p className="ztdl-p">
+            <Translated i18nKey="verify.smsDescription" namespace="otp" />
+          </p>
+        )}
+        {method === "email" && (
+          <p className="ztdl-p">
+            <Translated i18nKey="verify.emailDescription" namespace="otp" />
+          </p>
+        )}
+
+        {!session && (
+          <div className="py-4">
+            <Alert>
+              <Translated i18nKey="unknownContext" namespace="error" />
+            </Alert>
+          </div>
+        )}
+
+        {session && (
+          <UserAvatar
+            loginName={loginName ?? session.factors?.user?.loginName}
+            displayName={session.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        )}
+
+        {method && session && (
+          <LoginOTP
+            loginName={loginName ?? session.factors?.user?.loginName}
+            sessionId={sessionId}
+            requestId={requestId}
+            organization={
+              organization ?? session?.factors?.user?.organizationId
+            }
+            method={method}
+            loginSettings={loginSettings}
+            host={host}
+            code={code}
+          ></LoginOTP>
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/otp/[method]/set/page.tsx b/login/apps/login/src/app/(login)/otp/[method]/set/page.tsx
new file mode 100644
index 0000000000..f74093ce8e
--- /dev/null
+++ b/login/apps/login/src/app/(login)/otp/[method]/set/page.tsx
@@ -0,0 +1,204 @@
+import { Alert } from "@/components/alert";
+import { BackButton } from "@/components/back-button";
+import { Button, ButtonVariants } from "@/components/button";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { TotpRegister } from "@/components/totp-register";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import {
+  addOTPEmail,
+  addOTPSMS,
+  getBrandingSettings,
+  getLoginSettings,
+  registerTOTP,
+} from "@/lib/zitadel";
+import { RegisterTOTPResponse } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { headers } from "next/headers";
+import Link from "next/link";
+import { redirect } from "next/navigation";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+  params: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const params = await props.params;
+  const searchParams = await props.searchParams;
+
+  const { loginName, organization, sessionId, requestId, checkAfter } =
+    searchParams;
+  const { method } = params;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization,
+  });
+
+  const session = await loadMostRecentSession({
+    serviceUrl,
+    sessionParams: {
+      loginName,
+      organization,
+    },
+  });
+
+  let totpResponse: RegisterTOTPResponse | undefined, error: Error | undefined;
+  if (session && session.factors?.user?.id) {
+    if (method === "time-based") {
+      await registerTOTP({
+        serviceUrl,
+        userId: session.factors.user.id,
+      })
+        .then((resp) => {
+          if (resp) {
+            totpResponse = resp;
+          }
+        })
+        .catch((err) => {
+          error = err;
+        });
+    } else if (method === "sms") {
+      // does not work
+      await addOTPSMS({
+        serviceUrl,
+        userId: session.factors.user.id,
+      }).catch((error) => {
+        error = new Error("Could not add OTP via SMS");
+      });
+    } else if (method === "email") {
+      // works
+      await addOTPEmail({
+        serviceUrl,
+        userId: session.factors.user.id,
+      }).catch((error) => {
+        error = new Error("Could not add OTP via Email");
+      });
+    } else {
+      throw new Error("Invalid method");
+    }
+  } else {
+    throw new Error("No session found");
+  }
+
+  const paramsToContinue = new URLSearchParams({});
+  let urlToContinue = "/accounts";
+
+  if (sessionId) {
+    paramsToContinue.append("sessionId", sessionId);
+  }
+  if (loginName) {
+    paramsToContinue.append("loginName", loginName);
+  }
+  if (organization) {
+    paramsToContinue.append("organization", organization);
+  }
+
+  if (checkAfter) {
+    if (requestId) {
+      paramsToContinue.append("requestId", requestId);
+    }
+    urlToContinue = `/otp/${method}?` + paramsToContinue;
+    // immediately check the OTP on the next page if sms or email was set up
+    if (["email", "sms"].includes(method)) {
+      return redirect(urlToContinue);
+    }
+  } else if (requestId && sessionId) {
+    if (requestId) {
+      paramsToContinue.append("authRequest", requestId);
+    }
+    urlToContinue = `/login?` + paramsToContinue;
+  } else if (loginName) {
+    if (requestId) {
+      paramsToContinue.append("requestId", requestId);
+    }
+    urlToContinue = `/signedin?` + paramsToContinue;
+  }
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="set.title" namespace="otp" />
+        </h1>
+        {!session && (
+          <div className="py-4">
+            <Alert>
+              <Translated i18nKey="unknownContext" namespace="error" />
+            </Alert>
+          </div>
+        )}
+
+        {error && (
+          <div className="py-4">
+            <Alert>{error?.message}</Alert>
+          </div>
+        )}
+
+        {session && (
+          <UserAvatar
+            loginName={loginName ?? session.factors?.user?.loginName}
+            displayName={session.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        )}
+
+        {totpResponse && "uri" in totpResponse && "secret" in totpResponse ? (
+          <>
+            <p className="ztdl-p">
+              <Translated
+                i18nKey="set.totpRegisterDescription"
+                namespace="otp"
+              />
+            </p>
+            <div>
+              <TotpRegister
+                uri={totpResponse.uri as string}
+                secret={totpResponse.secret as string}
+                loginName={loginName}
+                sessionId={sessionId}
+                requestId={requestId}
+                organization={organization}
+                checkAfter={checkAfter === "true"}
+                loginSettings={loginSettings}
+              ></TotpRegister>
+            </div>{" "}
+          </>
+        ) : (
+          <>
+            <p className="ztdl-p">
+              {method === "email"
+                ? "Code via email was successfully added."
+                : method === "sms"
+                  ? "Code via SMS was successfully added."
+                  : ""}
+            </p>
+
+            <div className="mt-8 flex w-full flex-row items-center">
+              <BackButton />
+              <span className="flex-grow"></span>
+
+              <Link href={urlToContinue}>
+                <Button
+                  type="submit"
+                  className="self-end"
+                  variant={ButtonVariants.Primary}
+                >
+                  <Translated i18nKey="set.submit" namespace="otp" />
+                </Button>
+              </Link>
+            </div>
+          </>
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/page.tsx b/login/apps/login/src/app/(login)/page.tsx
new file mode 100644
index 0000000000..f1fce50f90
--- /dev/null
+++ b/login/apps/login/src/app/(login)/page.tsx
@@ -0,0 +1,8 @@
+import { redirect } from "next/navigation";
+
+export default function Page() {
+  // automatically redirect to loginname
+  if (process.env.DEBUG !== "true") {
+    redirect("/loginname");
+  }
+}
diff --git a/login/apps/login/src/app/(login)/passkey/page.tsx b/login/apps/login/src/app/(login)/passkey/page.tsx
new file mode 100644
index 0000000000..bef71986f3
--- /dev/null
+++ b/login/apps/login/src/app/(login)/passkey/page.tsx
@@ -0,0 +1,89 @@
+import { Alert } from "@/components/alert";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { LoginPasskey } from "@/components/login-passkey";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getSessionCookieById } from "@/lib/cookies";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import { getBrandingSettings, getSession } from "@/lib/zitadel";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+
+  const { loginName, altPassword, requestId, organization, sessionId } =
+    searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const sessionFactors = sessionId
+    ? await loadSessionById(serviceUrl, sessionId, organization)
+    : await loadMostRecentSession({
+        serviceUrl,
+        sessionParams: { loginName, organization },
+      });
+
+  async function loadSessionById(
+    serviceUrl: string,
+    sessionId: string,
+    organization?: string,
+  ) {
+    const recent = await getSessionCookieById({ sessionId, organization });
+    return getSession({
+      serviceUrl,
+      sessionId: recent.id,
+      sessionToken: recent.token,
+    }).then((response) => {
+      if (response?.session) {
+        return response.session;
+      }
+    });
+  }
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="verify.title" namespace="passkey" />
+        </h1>
+
+        {sessionFactors && (
+          <UserAvatar
+            loginName={loginName ?? sessionFactors.factors?.user?.loginName}
+            displayName={sessionFactors.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        )}
+        <p className="ztdl-p mb-6 block">
+          <Translated i18nKey="verify.description" namespace="passkey" />
+        </p>
+
+        {!(loginName || sessionId) && (
+          <Alert>
+            <Translated i18nKey="unknownContext" namespace="error" />
+          </Alert>
+        )}
+
+        {(loginName || sessionId) && (
+          <LoginPasskey
+            loginName={loginName}
+            sessionId={sessionId}
+            requestId={requestId}
+            altPassword={altPassword === "true"}
+            organization={organization}
+          />
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/passkey/set/page.tsx b/login/apps/login/src/app/(login)/passkey/set/page.tsx
new file mode 100644
index 0000000000..3a3dccf8d7
--- /dev/null
+++ b/login/apps/login/src/app/(login)/passkey/set/page.tsx
@@ -0,0 +1,85 @@
+import { Alert, AlertType } from "@/components/alert";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { RegisterPasskey } from "@/components/register-passkey";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import { getBrandingSettings } from "@/lib/zitadel";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+
+  const { loginName, prompt, organization, requestId, userId } = searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const session = await loadMostRecentSession({
+    serviceUrl,
+    sessionParams: {
+      loginName,
+      organization,
+    },
+  });
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="set.title" namespace="passkey" />
+        </h1>
+
+        {session && (
+          <UserAvatar
+            loginName={loginName ?? session.factors?.user?.loginName}
+            displayName={session.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        )}
+        <p className="ztdl-p mb-6 block">
+          <Translated i18nKey="set.description" namespace="passkey" />
+        </p>
+
+        <Alert type={AlertType.INFO}>
+          <span>
+            <Translated i18nKey="set.info.description" namespace="passkey" />
+            <a
+              className="text-primary-light-500 dark:text-primary-dark-500 hover:text-primary-light-300 hover:dark:text-primary-dark-300"
+              target="_blank"
+              href="https://zitadel.com/docs/guides/manage/user/reg-create-user#with-passwordless"
+            >
+              <Translated i18nKey="set.info.link" namespace="passkey" />
+            </a>
+          </span>
+        </Alert>
+
+        {!session && (
+          <div className="py-4">
+            <Alert>
+              <Translated i18nKey="unknownContext" namespace="error" />
+            </Alert>
+          </div>
+        )}
+
+        {session?.id && (
+          <RegisterPasskey
+            sessionId={session.id}
+            isPrompt={!!prompt}
+            organization={organization}
+            requestId={requestId}
+          />
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/password/change/page.tsx b/login/apps/login/src/app/(login)/password/change/page.tsx
new file mode 100644
index 0000000000..78ba88d282
--- /dev/null
+++ b/login/apps/login/src/app/(login)/password/change/page.tsx
@@ -0,0 +1,100 @@
+import { Alert } from "@/components/alert";
+import { ChangePasswordForm } from "@/components/change-password-form";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import {
+  getBrandingSettings,
+  getLoginSettings,
+  getPasswordComplexitySettings,
+} from "@/lib/zitadel";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const searchParams = await props.searchParams;
+
+  const { loginName, organization, requestId } = searchParams;
+
+  // also allow no session to be found (ignoreUnkownUsername)
+  const sessionFactors = await loadMostRecentSession({
+    serviceUrl,
+    sessionParams: {
+      loginName,
+      organization,
+    },
+  });
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  const passwordComplexity = await getPasswordComplexitySettings({
+    serviceUrl,
+    organization: sessionFactors?.factors?.user?.organizationId,
+  });
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: sessionFactors?.factors?.user?.organizationId,
+  });
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          {sessionFactors?.factors?.user?.displayName ?? (
+            <Translated i18nKey="change.title" namespace="password" />
+          )}
+        </h1>
+        <p className="ztdl-p mb-6 block">
+          <Translated i18nKey="change.description" namespace="u2f" />
+        </p>
+
+        {/* show error only if usernames should be shown to be unknown */}
+        {(!sessionFactors || !loginName) &&
+          !loginSettings?.ignoreUnknownUsernames && (
+            <div className="py-4">
+              <Alert>
+                <Translated i18nKey="unknownContext" namespace="error" />
+              </Alert>
+            </div>
+          )}
+
+        {sessionFactors && (
+          <UserAvatar
+            loginName={loginName ?? sessionFactors.factors?.user?.loginName}
+            displayName={sessionFactors.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        )}
+
+        {passwordComplexity &&
+        loginName &&
+        sessionFactors?.factors?.user?.id ? (
+          <ChangePasswordForm
+            sessionId={sessionFactors.id}
+            loginName={loginName}
+            requestId={requestId}
+            organization={organization}
+            passwordComplexitySettings={passwordComplexity}
+          />
+        ) : (
+          <div className="py-4">
+            <Alert>
+              <Translated i18nKey="failedLoading" namespace="error" />
+            </Alert>
+          </div>
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/password/page.tsx b/login/apps/login/src/app/(login)/password/page.tsx
new file mode 100644
index 0000000000..461c095157
--- /dev/null
+++ b/login/apps/login/src/app/(login)/password/page.tsx
@@ -0,0 +1,102 @@
+import { Alert } from "@/components/alert";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { PasswordForm } from "@/components/password-form";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import {
+  getBrandingSettings,
+  getDefaultOrg,
+  getLoginSettings,
+} from "@/lib/zitadel";
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+  let { loginName, organization, requestId, alt } = searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  let defaultOrganization;
+  if (!organization) {
+    const org: Organization | null = await getDefaultOrg({
+      serviceUrl,
+    });
+
+    if (org) {
+      defaultOrganization = org.id;
+    }
+  }
+
+  // also allow no session to be found (ignoreUnkownUsername)
+  let sessionFactors;
+  try {
+    sessionFactors = await loadMostRecentSession({
+      serviceUrl,
+      sessionParams: {
+        loginName,
+        organization,
+      },
+    });
+  } catch (error) {
+    // ignore error to continue to show the password form
+    console.warn(error);
+  }
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization: organization ?? defaultOrganization,
+  });
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: organization ?? defaultOrganization,
+  });
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          {sessionFactors?.factors?.user?.displayName ?? (
+            <Translated i18nKey="verify.title" namespace="password" />
+          )}
+        </h1>
+        <p className="ztdl-p mb-6 block">
+          <Translated i18nKey="verify.description" namespace="password" />
+        </p>
+
+        {/* show error only if usernames should be shown to be unknown */}
+        {(!sessionFactors || !loginName) &&
+          !loginSettings?.ignoreUnknownUsernames && (
+            <div className="py-4">
+              <Alert>
+                <Translated i18nKey="unknownContext" namespace="error" />
+              </Alert>
+            </div>
+          )}
+
+        {sessionFactors && (
+          <UserAvatar
+            loginName={loginName ?? sessionFactors.factors?.user?.loginName}
+            displayName={sessionFactors.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        )}
+
+        {loginName && (
+          <PasswordForm
+            loginName={loginName}
+            requestId={requestId}
+            organization={organization} // stick to "organization" as we still want to do user discovery based on the searchParams not the default organization, later the organization is determined by the found user
+            loginSettings={loginSettings}
+          />
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/password/set/page.tsx b/login/apps/login/src/app/(login)/password/set/page.tsx
new file mode 100644
index 0000000000..b717fd5d96
--- /dev/null
+++ b/login/apps/login/src/app/(login)/password/set/page.tsx
@@ -0,0 +1,137 @@
+import { Alert, AlertType } from "@/components/alert";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { SetPasswordForm } from "@/components/set-password-form";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import {
+  getBrandingSettings,
+  getLoginSettings,
+  getPasswordComplexitySettings,
+  getUserByID,
+} from "@/lib/zitadel";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { HumanUser, User } from "@zitadel/proto/zitadel/user/v2/user_pb";
+import { getLocale } from "next-intl/server";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+  const locale = getLocale();
+
+  const { userId, loginName, organization, requestId, code, initial } =
+    searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  // also allow no session to be found (ignoreUnkownUsername)
+  let session: Session | undefined;
+  if (loginName) {
+    session = await loadMostRecentSession({
+      serviceUrl,
+      sessionParams: {
+        loginName,
+        organization,
+      },
+    });
+  }
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  const passwordComplexity = await getPasswordComplexitySettings({
+    serviceUrl,
+    organization: session?.factors?.user?.organizationId,
+  });
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization,
+  });
+
+  let user: User | undefined;
+  let displayName: string | undefined;
+  if (userId) {
+    const userResponse = await getUserByID({
+      serviceUrl,
+      userId,
+    });
+    user = userResponse.user;
+
+    if (user?.type.case === "human") {
+      displayName = (user.type.value as HumanUser).profile?.displayName;
+    }
+  }
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          {session?.factors?.user?.displayName ?? (
+            <Translated i18nKey="set.title" namespace="password" />
+          )}
+        </h1>
+        <p className="ztdl-p mb-6 block">
+          <Translated i18nKey="set.description" namespace="password" />
+        </p>
+
+        {/* show error only if usernames should be shown to be unknown */}
+        {loginName && !session && !loginSettings?.ignoreUnknownUsernames && (
+          <div className="py-4">
+            <Alert>
+              <Translated i18nKey="unknownContext" namespace="error" />
+            </Alert>
+          </div>
+        )}
+
+        {session ? (
+          <UserAvatar
+            loginName={loginName ?? session.factors?.user?.loginName}
+            displayName={session.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        ) : user ? (
+          <UserAvatar
+            loginName={user?.preferredLoginName}
+            displayName={displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        ) : null}
+
+        {!initial && (
+          <Alert type={AlertType.INFO}>
+            <Translated i18nKey="set.codeSent" namespace="password" />
+          </Alert>
+        )}
+
+        {passwordComplexity &&
+        (loginName ?? user?.preferredLoginName) &&
+        (userId ?? session?.factors?.user?.id) ? (
+          <SetPasswordForm
+            code={code}
+            userId={userId ?? (session?.factors?.user?.id as string)}
+            loginName={loginName ?? (user?.preferredLoginName as string)}
+            requestId={requestId}
+            organization={organization}
+            passwordComplexitySettings={passwordComplexity}
+            codeRequired={!(initial === "true")}
+          />
+        ) : (
+          <div className="py-4">
+            <Alert>
+              <Translated i18nKey="failedLoading" namespace="error" />
+            </Alert>
+          </div>
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/register/page.tsx b/login/apps/login/src/app/(login)/register/page.tsx
new file mode 100644
index 0000000000..aa83ad1ead
--- /dev/null
+++ b/login/apps/login/src/app/(login)/register/page.tsx
@@ -0,0 +1,136 @@
+import { Alert } from "@/components/alert";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { RegisterForm } from "@/components/register-form";
+import { SignInWithIdp } from "@/components/sign-in-with-idp";
+import { Translated } from "@/components/translated";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import {
+  getActiveIdentityProviders,
+  getBrandingSettings,
+  getDefaultOrg,
+  getLegalAndSupportSettings,
+  getLoginSettings,
+  getPasswordComplexitySettings,
+} from "@/lib/zitadel";
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+import { PasskeysType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { getLocale } from "next-intl/server";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+  const locale = getLocale();
+
+  let { firstname, lastname, email, organization, requestId } = searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  if (!organization) {
+    const org: Organization | null = await getDefaultOrg({
+      serviceUrl,
+    });
+    if (org) {
+      organization = org.id;
+    }
+  }
+
+  const legal = await getLegalAndSupportSettings({
+    serviceUrl,
+    organization,
+  });
+  const passwordComplexitySettings = await getPasswordComplexitySettings({
+    serviceUrl,
+    organization,
+  });
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization,
+  });
+
+  const identityProviders = await getActiveIdentityProviders({
+    serviceUrl,
+    orgId: organization,
+  }).then((resp) => {
+    return resp.identityProviders.filter((idp) => {
+      return idp.options?.isAutoCreation || idp.options?.isCreationAllowed; // check if IDP allows to create account automatically or manual creation is allowed
+    });
+  });
+
+  if (!loginSettings?.allowRegister) {
+    return (
+      <DynamicTheme branding={branding}>
+        <div className="flex flex-col items-center space-y-4">
+          <h1>
+            <Translated i18nKey="disabled.title" namespace="register" />
+          </h1>
+          <p className="ztdl-p">
+            <Translated i18nKey="disabled.description" namespace="register" />
+          </p>
+        </div>
+      </DynamicTheme>
+    );
+  }
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="title" namespace="register" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="description" namespace="register" />
+        </p>
+
+        {!organization && (
+          <Alert>
+            <Translated i18nKey="unknownContext" namespace="error" />
+          </Alert>
+        )}
+
+        {legal &&
+          passwordComplexitySettings &&
+          organization &&
+          (loginSettings.allowUsernamePassword ||
+            loginSettings.passkeysType == PasskeysType.ALLOWED) && (
+            <RegisterForm
+              idpCount={
+                !loginSettings?.allowExternalIdp ? 0 : identityProviders.length
+              }
+              legal={legal}
+              organization={organization}
+              firstname={firstname}
+              lastname={lastname}
+              email={email}
+              requestId={requestId}
+              loginSettings={loginSettings}
+            ></RegisterForm>
+          )}
+
+        {loginSettings?.allowExternalIdp && !!identityProviders.length && (
+          <>
+            <div className="py-3 flex flex-col items-center">
+              <p className="ztdl-p text-center">
+                <Translated i18nKey="orUseIDP" namespace="register" />
+              </p>
+            </div>
+
+            <SignInWithIdp
+              identityProviders={identityProviders}
+              requestId={requestId}
+              organization={organization}
+            ></SignInWithIdp>
+          </>
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/register/password/page.tsx b/login/apps/login/src/app/(login)/register/password/page.tsx
new file mode 100644
index 0000000000..e9689f0f5e
--- /dev/null
+++ b/login/apps/login/src/app/(login)/register/password/page.tsx
@@ -0,0 +1,100 @@
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { SetRegisterPasswordForm } from "@/components/set-register-password-form";
+import { Translated } from "@/components/translated";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import {
+  getBrandingSettings,
+  getDefaultOrg,
+  getLegalAndSupportSettings,
+  getLoginSettings,
+  getPasswordComplexitySettings,
+} from "@/lib/zitadel";
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+
+  let { firstname, lastname, email, organization, requestId } = searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  if (!organization) {
+    const org: Organization | null = await getDefaultOrg({
+      serviceUrl,
+    });
+    if (org) {
+      organization = org.id;
+    }
+  }
+
+  const missingData = !firstname || !lastname || !email || !organization;
+
+  const legal = await getLegalAndSupportSettings({
+    serviceUrl,
+    organization,
+  });
+  const passwordComplexitySettings = await getPasswordComplexitySettings({
+    serviceUrl,
+    organization,
+  });
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization,
+  });
+
+  return missingData ? (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="missingdata.title" namespace="register" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="missingdata.description" namespace="register" />
+        </p>
+      </div>
+    </DynamicTheme>
+  ) : loginSettings?.allowRegister && loginSettings.allowUsernamePassword ? (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="password.title" namespace="register" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="description" namespace="register" />
+        </p>
+
+        {legal && passwordComplexitySettings && (
+          <SetRegisterPasswordForm
+            passwordComplexitySettings={passwordComplexitySettings}
+            email={email}
+            firstname={firstname}
+            lastname={lastname}
+            organization={organization as string} // organization is guaranteed to be a string here otherwise we would have returned earlier
+            requestId={requestId}
+          ></SetRegisterPasswordForm>
+        )}
+      </div>
+    </DynamicTheme>
+  ) : (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="disabled.title" namespace="register" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="disabled.description" namespace="register" />
+        </p>
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/saml-post/route.ts b/login/apps/login/src/app/(login)/saml-post/route.ts
new file mode 100644
index 0000000000..f2834f3884
--- /dev/null
+++ b/login/apps/login/src/app/(login)/saml-post/route.ts
@@ -0,0 +1,30 @@
+import { NextRequest, NextResponse } from "next/server";
+
+export async function GET(request: NextRequest) {
+  const searchParams = request.nextUrl.searchParams;
+  const url = searchParams.get("url");
+  const relayState = searchParams.get("RelayState");
+  const samlResponse = searchParams.get("SAMLResponse");
+
+  if (!url || !relayState || !samlResponse) {
+    return new NextResponse("Missing required parameters", { status: 400 });
+  }
+
+  // Respond with an HTML form that auto-submits via POST
+  const html = `
+    <html>
+      <body onload="document.forms[0].submit()">
+        <form action="${url}" method="post">
+          <input type="hidden" name="RelayState" value="${relayState}" />
+          <input type="hidden" name="SAMLResponse" value="${samlResponse}" />
+          <noscript>
+            <button type="submit">Continue</button>
+          </noscript>
+        </form>
+      </body>
+    </html>
+  `;
+  return new NextResponse(html, {
+    headers: { "Content-Type": "text/html" },
+  });
+}
diff --git a/login/apps/login/src/app/(login)/signedin/page.tsx b/login/apps/login/src/app/(login)/signedin/page.tsx
new file mode 100644
index 0000000000..5b2ed5fbf4
--- /dev/null
+++ b/login/apps/login/src/app/(login)/signedin/page.tsx
@@ -0,0 +1,141 @@
+import { Alert, AlertType } from "@/components/alert";
+import { Button, ButtonVariants } from "@/components/button";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import {
+  getMostRecentCookieWithLoginname,
+  getSessionCookieById,
+} from "@/lib/cookies";
+import { completeDeviceAuthorization } from "@/lib/server/device";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import {
+  getBrandingSettings,
+  getLoginSettings,
+  getSession,
+} from "@/lib/zitadel";
+import { headers } from "next/headers";
+import Link from "next/link";
+
+async function loadSessionById(
+  serviceUrl: string,
+  sessionId: string,
+  organization?: string,
+) {
+  const recent = await getSessionCookieById({ sessionId, organization });
+  return getSession({
+    serviceUrl,
+    sessionId: recent.id,
+    sessionToken: recent.token,
+  }).then((response) => {
+    if (response?.session) {
+      return response.session;
+    }
+  });
+}
+
+export default async function Page(props: { searchParams: Promise<any> }) {
+  const searchParams = await props.searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const { loginName, requestId, organization, sessionId } = searchParams;
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  // complete device authorization flow if device requestId is present
+  if (requestId && requestId.startsWith("device_")) {
+    const cookie = sessionId
+      ? await getSessionCookieById({ sessionId, organization })
+      : await getMostRecentCookieWithLoginname({
+          loginName: loginName,
+          organization: organization,
+        });
+
+    await completeDeviceAuthorization(requestId.replace("device_", ""), {
+      sessionId: cookie.id,
+      sessionToken: cookie.token,
+    }).catch((err) => {
+      return (
+        <DynamicTheme branding={branding}>
+          <div className="flex flex-col items-center space-y-4">
+            <h1>
+              <Translated i18nKey="error.title" namespace="signedin" />
+            </h1>
+            <p className="ztdl-p mb-6 block">
+              <Translated i18nKey="error.description" namespace="signedin" />
+            </p>
+            <Alert>{err.message}</Alert>
+          </div>
+        </DynamicTheme>
+      );
+    });
+  }
+
+  const sessionFactors = sessionId
+    ? await loadSessionById(serviceUrl, sessionId, organization)
+    : await loadMostRecentSession({
+        serviceUrl,
+        sessionParams: { loginName, organization },
+      });
+
+  let loginSettings;
+  if (!requestId) {
+    loginSettings = await getLoginSettings({
+      serviceUrl,
+      organization,
+    });
+  }
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated
+            i18nKey="title"
+            namespace="signedin"
+            data={{ user: sessionFactors?.factors?.user?.displayName }}
+          />
+        </h1>
+        <p className="ztdl-p mb-6 block">
+          <Translated i18nKey="description" namespace="signedin" />
+        </p>
+
+        <UserAvatar
+          loginName={loginName ?? sessionFactors?.factors?.user?.loginName}
+          displayName={sessionFactors?.factors?.user?.displayName}
+          showDropdown={!(requestId && requestId.startsWith("device_"))}
+          searchParams={searchParams}
+        />
+
+        {requestId && requestId.startsWith("device_") && (
+          <Alert type={AlertType.INFO}>
+            You can now close this window and return to the device where you
+            started the authorization process to continue.
+          </Alert>
+        )}
+
+        {loginSettings?.defaultRedirectUri && (
+          <div className="mt-8 flex w-full flex-row items-center">
+            <span className="flex-grow"></span>
+
+            <Link href={loginSettings?.defaultRedirectUri}>
+              <Button
+                type="submit"
+                className="self-end"
+                variant={ButtonVariants.Primary}
+              >
+                <Translated i18nKey="continue" namespace="signedin" />
+              </Button>
+            </Link>
+          </div>
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/u2f/page.tsx b/login/apps/login/src/app/(login)/u2f/page.tsx
new file mode 100644
index 0000000000..7fba7be1be
--- /dev/null
+++ b/login/apps/login/src/app/(login)/u2f/page.tsx
@@ -0,0 +1,96 @@
+import { Alert } from "@/components/alert";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { LoginPasskey } from "@/components/login-passkey";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getSessionCookieById } from "@/lib/cookies";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import { getBrandingSettings, getSession } from "@/lib/zitadel";
+import { getLocale } from "next-intl/server";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+  const locale = getLocale();
+
+  const { loginName, requestId, sessionId, organization } = searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host || typeof host !== "string") {
+    throw new Error("No host found");
+  }
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  const sessionFactors = sessionId
+    ? await loadSessionById(serviceUrl, sessionId, organization)
+    : await loadMostRecentSession({
+        serviceUrl,
+        sessionParams: { loginName, organization },
+      });
+
+  async function loadSessionById(
+    host: string,
+    sessionId: string,
+    organization?: string,
+  ) {
+    const recent = await getSessionCookieById({ sessionId, organization });
+    return getSession({
+      serviceUrl,
+      sessionId: recent.id,
+      sessionToken: recent.token,
+    }).then((response) => {
+      if (response?.session) {
+        return response.session;
+      }
+    });
+  }
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="verify.title" namespace="u2f" />
+        </h1>
+
+        {sessionFactors && (
+          <UserAvatar
+            loginName={loginName ?? sessionFactors.factors?.user?.loginName}
+            displayName={sessionFactors.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        )}
+        <p className="ztdl-p mb-6 block">
+          <Translated i18nKey="verify.description" namespace="u2f" />
+        </p>
+
+        {!(loginName || sessionId) && (
+          <Alert>
+            <Translated i18nKey="unknownContext" namespace="error" />
+          </Alert>
+        )}
+
+        {(loginName || sessionId) && (
+          <LoginPasskey
+            loginName={loginName}
+            sessionId={sessionId}
+            requestId={requestId}
+            altPassword={false}
+            organization={organization}
+            login={false} // this sets the userVerificationRequirement to discouraged as its used as second factor
+          />
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/u2f/set/page.tsx b/login/apps/login/src/app/(login)/u2f/set/page.tsx
new file mode 100644
index 0000000000..b73e902821
--- /dev/null
+++ b/login/apps/login/src/app/(login)/u2f/set/page.tsx
@@ -0,0 +1,76 @@
+import { Alert } from "@/components/alert";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { RegisterU2f } from "@/components/register-u2f";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import { getBrandingSettings } from "@/lib/zitadel";
+import { getLocale } from "next-intl/server";
+import { headers } from "next/headers";
+
+export default async function Page(props: {
+  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
+}) {
+  const searchParams = await props.searchParams;
+  const locale = getLocale();
+
+  const { loginName, organization, requestId, checkAfter } = searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const sessionFactors = await loadMostRecentSession({
+    serviceUrl,
+    sessionParams: {
+      loginName,
+      organization,
+    },
+  });
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="set.title" namespace="u2f" />
+        </h1>
+
+        {sessionFactors && (
+          <UserAvatar
+            loginName={loginName ?? sessionFactors.factors?.user?.loginName}
+            displayName={sessionFactors.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        )}
+        <p className="ztdl-p mb-6 block">
+          {" "}
+          <Translated i18nKey="set.description" namespace="u2f" />
+        </p>
+
+        {!sessionFactors && (
+          <div className="py-4">
+            <Alert>
+              <Translated i18nKey="unknownContext" namespace="error" />
+            </Alert>
+          </div>
+        )}
+
+        {sessionFactors?.id && (
+          <RegisterU2f
+            loginName={loginName}
+            sessionId={sessionFactors.id}
+            organization={organization}
+            requestId={requestId}
+            checkAfter={checkAfter === "true"}
+          />
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/verify/page.tsx b/login/apps/login/src/app/(login)/verify/page.tsx
new file mode 100644
index 0000000000..a61d4e608c
--- /dev/null
+++ b/login/apps/login/src/app/(login)/verify/page.tsx
@@ -0,0 +1,174 @@
+import { Alert, AlertType } from "@/components/alert";
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { VerifyForm } from "@/components/verify-form";
+import { sendEmailCode, sendInviteEmailCode } from "@/lib/server/verify";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import { getBrandingSettings, getUserByID } from "@/lib/zitadel";
+import { HumanUser, User } from "@zitadel/proto/zitadel/user/v2/user_pb";
+import { getLocale } from "next-intl/server";
+import { headers } from "next/headers";
+
+export default async function Page(props: { searchParams: Promise<any> }) {
+  const searchParams = await props.searchParams;
+  const locale = getLocale();
+
+  const { userId, loginName, code, organization, requestId, invite, send } =
+    searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  let sessionFactors;
+  let user: User | undefined;
+  let human: HumanUser | undefined;
+  let id: string | undefined;
+
+  const doSend = send === "true";
+
+  const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
+  async function sendEmail(userId: string) {
+    const host = _headers.get("host");
+
+    if (!host || typeof host !== "string") {
+      throw new Error("No host found");
+    }
+
+    if (invite === "true") {
+      await sendInviteEmailCode({
+        userId,
+        urlTemplate:
+          `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true` +
+          (requestId ? `&requestId=${requestId}` : ""),
+      }).catch((error) => {
+        console.error("Could not send invitation email", error);
+        throw Error("Failed to send invitation email");
+      });
+    } else {
+      await sendEmailCode({
+        userId,
+        urlTemplate:
+          `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` +
+          (requestId ? `&requestId=${requestId}` : ""),
+      }).catch((error) => {
+        console.error("Could not send verification email", error);
+        throw Error("Failed to send verification email");
+      });
+    }
+  }
+
+  if ("loginName" in searchParams) {
+    sessionFactors = await loadMostRecentSession({
+      serviceUrl,
+      sessionParams: {
+        loginName,
+        organization,
+      },
+    });
+
+    if (doSend && sessionFactors?.factors?.user?.id) {
+      await sendEmail(sessionFactors.factors.user.id);
+    }
+  } else if ("userId" in searchParams && userId) {
+    if (doSend) {
+      await sendEmail(userId);
+    }
+
+    const userResponse = await getUserByID({
+      serviceUrl,
+      userId,
+    });
+    if (userResponse) {
+      user = userResponse.user;
+      if (user?.type.case === "human") {
+        human = user.type.value as HumanUser;
+      }
+    }
+  }
+
+  id = userId ?? sessionFactors?.factors?.user?.id;
+
+  if (!id) {
+    throw Error("Failed to get user id");
+  }
+
+  const params = new URLSearchParams({
+    userId: userId,
+    initial: "true", // defines that a code is not required and is therefore not shown in the UI
+  });
+
+  if (loginName) {
+    params.set("loginName", loginName);
+  }
+
+  if (organization) {
+    params.set("organization", organization);
+  }
+
+  if (requestId) {
+    params.set("requestId", requestId);
+  }
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="verify.title" namespace="verify" />
+        </h1>
+        <p className="ztdl-p mb-6 block">
+          <Translated i18nKey="verify.description" namespace="verify" />
+        </p>
+
+        {!id && (
+          <div className="py-4">
+            <Alert>
+              <Translated i18nKey="unknownContext" namespace="error" />
+            </Alert>
+          </div>
+        )}
+
+        {id && send && (
+          <div className="py-4 w-full">
+            <Alert type={AlertType.INFO}>
+              <Translated i18nKey="verify.codeSent" namespace="verify" />
+            </Alert>
+          </div>
+        )}
+
+        {sessionFactors ? (
+          <UserAvatar
+            loginName={loginName ?? sessionFactors.factors?.user?.loginName}
+            displayName={sessionFactors.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        ) : (
+          user && (
+            <UserAvatar
+              loginName={user.preferredLoginName}
+              displayName={human?.profile?.displayName}
+              showDropdown={false}
+            />
+          )
+        )}
+
+        <VerifyForm
+          loginName={loginName}
+          organization={organization}
+          userId={id}
+          code={code}
+          isInvite={invite === "true"}
+          requestId={requestId}
+        />
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/(login)/verify/success/page.tsx b/login/apps/login/src/app/(login)/verify/success/page.tsx
new file mode 100644
index 0000000000..a0df0327c4
--- /dev/null
+++ b/login/apps/login/src/app/(login)/verify/success/page.tsx
@@ -0,0 +1,92 @@
+import { DynamicTheme } from "@/components/dynamic-theme";
+import { Translated } from "@/components/translated";
+import { UserAvatar } from "@/components/user-avatar";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { loadMostRecentSession } from "@/lib/session";
+import {
+  getBrandingSettings,
+  getLoginSettings,
+  getUserByID,
+} from "@/lib/zitadel";
+import { HumanUser, User } from "@zitadel/proto/zitadel/user/v2/user_pb";
+import { headers } from "next/headers";
+
+export default async function Page(props: { searchParams: Promise<any> }) {
+  const searchParams = await props.searchParams;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const { loginName, requestId, organization, userId } = searchParams;
+
+  const branding = await getBrandingSettings({
+    serviceUrl,
+    organization,
+  });
+
+  const sessionFactors = await loadMostRecentSession({
+    serviceUrl,
+    sessionParams: { loginName, organization },
+  }).catch((error) => {
+    console.warn("Error loading session:", error);
+  });
+
+  let loginSettings;
+  if (!requestId) {
+    loginSettings = await getLoginSettings({
+      serviceUrl,
+      organization,
+    });
+  }
+
+  const id = userId ?? sessionFactors?.factors?.user?.id;
+
+  if (!id) {
+    throw Error("Failed to get user id");
+  }
+
+  const userResponse = await getUserByID({
+    serviceUrl,
+    userId: id,
+  });
+
+  let user: User | undefined;
+  let human: HumanUser | undefined;
+
+  if (userResponse) {
+    user = userResponse.user;
+    if (user?.type.case === "human") {
+      human = user.type.value as HumanUser;
+    }
+  }
+
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="successTitle" namespace="verify" />
+        </h1>
+        <p className="ztdl-p mb-6 block">
+          <Translated i18nKey="successDescription" namespace="verify" />
+        </p>
+
+        {sessionFactors ? (
+          <UserAvatar
+            loginName={loginName ?? sessionFactors.factors?.user?.loginName}
+            displayName={sessionFactors.factors?.user?.displayName}
+            showDropdown
+            searchParams={searchParams}
+          ></UserAvatar>
+        ) : (
+          user && (
+            <UserAvatar
+              loginName={user.preferredLoginName}
+              displayName={human?.profile?.displayName}
+              showDropdown={false}
+            />
+          )
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/app/global-error.tsx b/login/apps/login/src/app/global-error.tsx
new file mode 100644
index 0000000000..5111a65e8d
--- /dev/null
+++ b/login/apps/login/src/app/global-error.tsx
@@ -0,0 +1,36 @@
+"use client";
+
+import { Boundary } from "@/components/boundary";
+import { Button } from "@/components/button";
+import { ThemeWrapper } from "@/components/theme-wrapper";
+import { Translated } from "@/components/translated";
+
+export default function GlobalError({
+  error,
+  reset,
+}: {
+  error: Error & { digest?: string };
+  reset: () => void;
+}) {
+  return (
+    // global-error must include html and body tags
+    <html>
+      <body>
+        <ThemeWrapper branding={undefined}>
+          <Boundary labels={["Login Error"]} color="red">
+            <div className="space-y-4">
+              <div className="text-sm text-red-500 dark:text-red-500">
+                <span className="font-bold">Error:</span> {error?.message}
+              </div>
+              <div>
+                <Button data-i18n-key="error.tryagain" onClick={() => reset()}>
+                  <Translated i18nKey="tryagain" namespace="error" />
+                </Button>
+              </div>
+            </div>
+          </Boundary>
+        </ThemeWrapper>
+      </body>
+    </html>
+  );
+}
diff --git a/login/apps/login/src/app/healthy/route.ts b/login/apps/login/src/app/healthy/route.ts
new file mode 100644
index 0000000000..da41c2cca8
--- /dev/null
+++ b/login/apps/login/src/app/healthy/route.ts
@@ -0,0 +1,5 @@
+import { NextResponse } from "next/server";
+
+export async function GET() {
+  return NextResponse.json({}, { status: 200 });
+}
diff --git a/login/apps/login/src/app/login/route.ts b/login/apps/login/src/app/login/route.ts
new file mode 100644
index 0000000000..db67efa229
--- /dev/null
+++ b/login/apps/login/src/app/login/route.ts
@@ -0,0 +1,557 @@
+import { getAllSessions } from "@/lib/cookies";
+import { idpTypeToSlug } from "@/lib/idp";
+import { loginWithOIDCAndSession } from "@/lib/oidc";
+import { loginWithSAMLAndSession } from "@/lib/saml";
+import { sendLoginname, SendLoginnameCommand } from "@/lib/server/loginname";
+import { constructUrl, getServiceUrlFromHeaders } from "@/lib/service-url";
+import { findValidSession } from "@/lib/session";
+import {
+  createCallback,
+  createResponse,
+  getActiveIdentityProviders,
+  getAuthRequest,
+  getOrgsByDomain,
+  getSAMLRequest,
+  getSecuritySettings,
+  listSessions,
+  startIdentityProviderFlow,
+} from "@/lib/zitadel";
+import { create } from "@zitadel/client";
+import { Prompt } from "@zitadel/proto/zitadel/oidc/v2/authorization_pb";
+import {
+  CreateCallbackRequestSchema,
+  SessionSchema,
+} from "@zitadel/proto/zitadel/oidc/v2/oidc_service_pb";
+import { CreateResponseRequestSchema } from "@zitadel/proto/zitadel/saml/v2/saml_service_pb";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { IdentityProviderType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { headers } from "next/headers";
+import { NextRequest, NextResponse } from "next/server";
+import { DEFAULT_CSP } from "../../../constants/csp";
+
+export const dynamic = "force-dynamic";
+export const revalidate = false;
+export const fetchCache = "default-no-store";
+
+const gotoAccounts = ({
+  request,
+  requestId,
+  organization,
+}: {
+  request: NextRequest;
+  requestId: string;
+  organization?: string;
+}): NextResponse<unknown> => {
+  const accountsUrl = constructUrl(request, "/accounts");
+
+  if (requestId) {
+    accountsUrl.searchParams.set("requestId", requestId);
+  }
+  if (organization) {
+    accountsUrl.searchParams.set("organization", organization);
+  }
+
+  return NextResponse.redirect(accountsUrl);
+};
+
+async function loadSessions({
+  serviceUrl,
+  ids,
+}: {
+  serviceUrl: string;
+  ids: string[];
+}): Promise<Session[]> {
+  const response = await listSessions({
+    serviceUrl,
+    ids: ids.filter((id: string | undefined) => !!id),
+  });
+
+  return response?.sessions ?? [];
+}
+
+const ORG_SCOPE_REGEX = /urn:zitadel:iam:org:id:([0-9]+)/;
+const ORG_DOMAIN_SCOPE_REGEX = /urn:zitadel:iam:org:domain:primary:(.+)/; // TODO: check regex for all domain character options
+const IDP_SCOPE_REGEX = /urn:zitadel:iam:org:idp:id:(.+)/;
+
+export async function GET(request: NextRequest) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const searchParams = request.nextUrl.searchParams;
+
+  const oidcRequestId = searchParams.get("authRequest"); // oidc initiated request
+  const samlRequestId = searchParams.get("samlRequest"); // saml initiated request
+
+  // internal request id which combines authRequest and samlRequest with the prefix oidc_ or saml_
+  let requestId =
+    searchParams.get("requestId") ??
+    (oidcRequestId
+      ? `oidc_${oidcRequestId}`
+      : samlRequestId
+        ? `saml_${samlRequestId}`
+        : undefined);
+
+  const sessionId = searchParams.get("sessionId");
+
+  // TODO: find a better way to handle _rsc (react server components) requests and block them to avoid conflicts when creating oidc callback
+  const _rsc = searchParams.get("_rsc");
+  if (_rsc) {
+    return NextResponse.json({ error: "No _rsc supported" }, { status: 500 });
+  }
+
+  const sessionCookies = await getAllSessions();
+  const ids = sessionCookies.map((s) => s.id);
+  let sessions: Session[] = [];
+  if (ids && ids.length) {
+    sessions = await loadSessions({ serviceUrl, ids });
+  }
+
+  // complete flow if session and request id are provided
+  if (requestId && sessionId) {
+    if (requestId.startsWith("oidc_")) {
+      // this finishes the login process for OIDC
+      return loginWithOIDCAndSession({
+        serviceUrl,
+        authRequest: requestId.replace("oidc_", ""),
+        sessionId,
+        sessions,
+        sessionCookies,
+        request,
+      });
+    } else if (requestId.startsWith("saml_")) {
+      // this finishes the login process for SAML
+      return loginWithSAMLAndSession({
+        serviceUrl,
+        samlRequest: requestId.replace("saml_", ""),
+        sessionId,
+        sessions,
+        sessionCookies,
+        request,
+      });
+    }
+  }
+
+  // continue with OIDC
+  if (requestId && requestId.startsWith("oidc_")) {
+    const { authRequest } = await getAuthRequest({
+      serviceUrl,
+      authRequestId: requestId.replace("oidc_", ""),
+    });
+
+    let organization = "";
+    let suffix = "";
+    let idpId = "";
+
+    if (authRequest?.scope) {
+      const orgScope = authRequest.scope.find((s: string) =>
+        ORG_SCOPE_REGEX.test(s),
+      );
+
+      const idpScope = authRequest.scope.find((s: string) =>
+        IDP_SCOPE_REGEX.test(s),
+      );
+
+      if (orgScope) {
+        const matched = ORG_SCOPE_REGEX.exec(orgScope);
+        organization = matched?.[1] ?? "";
+      } else {
+        const orgDomainScope = authRequest.scope.find((s: string) =>
+          ORG_DOMAIN_SCOPE_REGEX.test(s),
+        );
+
+        if (orgDomainScope) {
+          const matched = ORG_DOMAIN_SCOPE_REGEX.exec(orgDomainScope);
+          const orgDomain = matched?.[1] ?? "";
+          if (orgDomain) {
+            const orgs = await getOrgsByDomain({
+              serviceUrl,
+              domain: orgDomain,
+            });
+            if (orgs.result && orgs.result.length === 1) {
+              organization = orgs.result[0].id ?? "";
+              suffix = orgDomain;
+            }
+          }
+        }
+      }
+
+      if (idpScope) {
+        const matched = IDP_SCOPE_REGEX.exec(idpScope);
+        idpId = matched?.[1] ?? "";
+
+        const identityProviders = await getActiveIdentityProviders({
+          serviceUrl,
+          orgId: organization ? organization : undefined,
+        }).then((resp) => {
+          return resp.identityProviders;
+        });
+
+        const idp = identityProviders.find((idp) => idp.id === idpId);
+
+        if (idp) {
+          const origin = request.nextUrl.origin;
+
+          const identityProviderType = identityProviders[0].type;
+
+          if (identityProviderType === IdentityProviderType.LDAP) {
+            const ldapUrl = constructUrl(request, "/ldap");
+            if (authRequest.id) {
+              ldapUrl.searchParams.set("requestId", `oidc_${authRequest.id}`);
+            }
+            if (organization) {
+              ldapUrl.searchParams.set("organization", organization);
+            }
+
+            return NextResponse.redirect(ldapUrl);
+          }
+
+          let provider = idpTypeToSlug(identityProviderType);
+
+          const params = new URLSearchParams();
+
+          if (requestId) {
+            params.set("requestId", requestId);
+          }
+
+          if (organization) {
+            params.set("organization", organization);
+          }
+
+          let url: string | null = await startIdentityProviderFlow({
+            serviceUrl,
+            idpId,
+            urls: {
+              successUrl:
+                `${origin}/idp/${provider}/success?` +
+                new URLSearchParams(params),
+              failureUrl:
+                `${origin}/idp/${provider}/failure?` +
+                new URLSearchParams(params),
+            },
+          });
+
+          if (!url) {
+            return NextResponse.json(
+              { error: "Could not start IDP flow" },
+              { status: 500 },
+            );
+          }
+
+          if (url.startsWith("/")) {
+            // if the url is a relative path, construct the absolute url
+            url = constructUrl(request, url).toString();
+          }
+
+          return NextResponse.redirect(url);
+        }
+      }
+    }
+
+    if (authRequest && authRequest.prompt.includes(Prompt.CREATE)) {
+      const registerUrl = constructUrl(request, "/register");
+      if (authRequest.id) {
+        registerUrl.searchParams.set("requestId", `oidc_${authRequest.id}`);
+      }
+      if (organization) {
+        registerUrl.searchParams.set("organization", organization);
+      }
+
+      return NextResponse.redirect(registerUrl);
+    }
+
+    // use existing session and hydrate it for oidc
+    if (authRequest && sessions.length) {
+      // if some accounts are available for selection and select_account is set
+      if (authRequest.prompt.includes(Prompt.SELECT_ACCOUNT)) {
+        return gotoAccounts({
+          request,
+          requestId: `oidc_${authRequest.id}`,
+          organization,
+        });
+      } else if (authRequest.prompt.includes(Prompt.LOGIN)) {
+        /**
+         * The login prompt instructs the authentication server to prompt the user for re-authentication, regardless of whether the user is already authenticated
+         */
+
+        // if a hint is provided, skip loginname page and jump to the next page
+        if (authRequest.loginHint) {
+          try {
+            let command: SendLoginnameCommand = {
+              loginName: authRequest.loginHint,
+              requestId: authRequest.id,
+            };
+
+            if (organization) {
+              command = { ...command, organization };
+            }
+
+            const res = await sendLoginname(command);
+
+            if (res && "redirect" in res && res?.redirect) {
+              const absoluteUrl = constructUrl(request, res.redirect);
+              return NextResponse.redirect(absoluteUrl.toString());
+            }
+          } catch (error) {
+            console.error("Failed to execute sendLoginname:", error);
+          }
+        }
+
+        const loginNameUrl = constructUrl(request, "/loginname");
+        if (authRequest.id) {
+          loginNameUrl.searchParams.set("requestId", `oidc_${authRequest.id}`);
+        }
+        if (authRequest.loginHint) {
+          loginNameUrl.searchParams.set("loginName", authRequest.loginHint);
+        }
+        if (organization) {
+          loginNameUrl.searchParams.set("organization", organization);
+        }
+        if (suffix) {
+          loginNameUrl.searchParams.set("suffix", suffix);
+        }
+        return NextResponse.redirect(loginNameUrl);
+      } else if (authRequest.prompt.includes(Prompt.NONE)) {
+        /**
+         * With an OIDC none prompt, the authentication server must not display any authentication or consent user interface pages.
+         * This means that the user should not be prompted to enter their password again.
+         * Instead, the server attempts to silently authenticate the user using an existing session or other authentication mechanisms that do not require user interaction
+         **/
+        const securitySettings = await getSecuritySettings({
+          serviceUrl,
+        });
+
+        const selectedSession = await findValidSession({
+          serviceUrl,
+          sessions,
+          authRequest,
+        });
+
+        const noSessionResponse = NextResponse.json(
+          { error: "No active session found" },
+          { status: 400 },
+        );
+
+        if (securitySettings?.embeddedIframe?.enabled) {
+          securitySettings.embeddedIframe.allowedOrigins;
+          noSessionResponse.headers.set(
+            "Content-Security-Policy",
+            `${DEFAULT_CSP} frame-ancestors ${securitySettings.embeddedIframe.allowedOrigins.join(" ")};`,
+          );
+          noSessionResponse.headers.delete("X-Frame-Options");
+        }
+
+        if (!selectedSession || !selectedSession.id) {
+          return noSessionResponse;
+        }
+
+        const cookie = sessionCookies.find(
+          (cookie) => cookie.id === selectedSession.id,
+        );
+
+        if (!cookie || !cookie.id || !cookie.token) {
+          return noSessionResponse;
+        }
+
+        const session = {
+          sessionId: cookie.id,
+          sessionToken: cookie.token,
+        };
+
+        const { callbackUrl } = await createCallback({
+          serviceUrl,
+          req: create(CreateCallbackRequestSchema, {
+            authRequestId: requestId.replace("oidc_", ""),
+            callbackKind: {
+              case: "session",
+              value: create(SessionSchema, session),
+            },
+          }),
+        });
+
+        const callbackResponse = NextResponse.redirect(callbackUrl);
+
+        if (securitySettings?.embeddedIframe?.enabled) {
+          securitySettings.embeddedIframe.allowedOrigins;
+          callbackResponse.headers.set(
+            "Content-Security-Policy",
+            `${DEFAULT_CSP} frame-ancestors ${securitySettings.embeddedIframe.allowedOrigins.join(" ")};`,
+          );
+          callbackResponse.headers.delete("X-Frame-Options");
+        }
+
+        return callbackResponse;
+      } else {
+        // check for loginHint, userId hint and valid sessions
+        let selectedSession = await findValidSession({
+          serviceUrl,
+          sessions,
+          authRequest,
+        });
+
+        if (!selectedSession || !selectedSession.id) {
+          return gotoAccounts({
+            request,
+            requestId: `oidc_${authRequest.id}`,
+            organization,
+          });
+        }
+
+        const cookie = sessionCookies.find(
+          (cookie) => cookie.id === selectedSession.id,
+        );
+
+        if (!cookie || !cookie.id || !cookie.token) {
+          return gotoAccounts({
+            request,
+            requestId: `oidc_${authRequest.id}`,
+            organization,
+          });
+        }
+
+        const session = {
+          sessionId: cookie.id,
+          sessionToken: cookie.token,
+        };
+
+        try {
+          const { callbackUrl } = await createCallback({
+            serviceUrl,
+            req: create(CreateCallbackRequestSchema, {
+              authRequestId: requestId.replace("oidc_", ""),
+              callbackKind: {
+                case: "session",
+                value: create(SessionSchema, session),
+              },
+            }),
+          });
+          if (callbackUrl) {
+            return NextResponse.redirect(callbackUrl);
+          } else {
+            console.log(
+              "could not create callback, redirect user to choose other account",
+            );
+            return gotoAccounts({
+              request,
+              organization,
+              requestId: `oidc_${authRequest.id}`,
+            });
+          }
+        } catch (error) {
+          console.error(error);
+          return gotoAccounts({
+            request,
+            requestId: `oidc_${authRequest.id}`,
+            organization,
+          });
+        }
+      }
+    } else {
+      const loginNameUrl = constructUrl(request, "/loginname");
+
+      loginNameUrl.searchParams.set("requestId", requestId);
+      if (authRequest?.loginHint) {
+        loginNameUrl.searchParams.set("loginName", authRequest.loginHint);
+        loginNameUrl.searchParams.set("submit", "true"); // autosubmit
+      }
+
+      if (organization) {
+        loginNameUrl.searchParams.append("organization", organization);
+        // loginNameUrl.searchParams.set("organization", organization);
+      }
+
+      return NextResponse.redirect(loginNameUrl);
+    }
+  }
+  // continue with SAML
+  else if (requestId && requestId.startsWith("saml_")) {
+    const { samlRequest } = await getSAMLRequest({
+      serviceUrl,
+      samlRequestId: requestId.replace("saml_", ""),
+    });
+
+    if (!samlRequest) {
+      return NextResponse.json(
+        { error: "No samlRequest found" },
+        { status: 400 },
+      );
+    }
+
+    let selectedSession = await findValidSession({
+      serviceUrl,
+      sessions,
+      samlRequest,
+    });
+
+    if (!selectedSession || !selectedSession.id) {
+      return gotoAccounts({
+        request,
+        requestId: `saml_${samlRequest.id}`,
+      });
+    }
+
+    const cookie = sessionCookies.find(
+      (cookie) => cookie.id === selectedSession.id,
+    );
+
+    if (!cookie || !cookie.id || !cookie.token) {
+      return gotoAccounts({
+        request,
+        requestId: `saml_${samlRequest.id}`,
+        // organization,
+      });
+    }
+
+    const session = {
+      sessionId: cookie.id,
+      sessionToken: cookie.token,
+    };
+
+    try {
+      const { url, binding } = await createResponse({
+        serviceUrl,
+        req: create(CreateResponseRequestSchema, {
+          samlRequestId: requestId.replace("saml_", ""),
+          responseKind: {
+            case: "session",
+            value: session,
+          },
+        }),
+      });
+      if (url && binding.case === "redirect") {
+        return NextResponse.redirect(url);
+      } else if (url && binding.case === "post") {
+        const redirectUrl = constructUrl(request, "/saml-post");
+
+        redirectUrl.searchParams.set("url", url);
+        redirectUrl.searchParams.set("RelayState", binding.value.relayState);
+        redirectUrl.searchParams.set(
+          "SAMLResponse",
+          binding.value.samlResponse,
+        );
+
+        return NextResponse.redirect(redirectUrl.toString());
+      } else {
+        console.log(
+          "could not create response, redirect user to choose other account",
+        );
+        return gotoAccounts({
+          request,
+          requestId: `saml_${samlRequest.id}`,
+        });
+      }
+    } catch (error) {
+      console.error(error);
+      return gotoAccounts({
+        request,
+        requestId: `saml_${samlRequest.id}`,
+      });
+    }
+  }
+  // Device Authorization does not need to start here as it is handled on the /device endpoint
+  else {
+    return NextResponse.json(
+      { error: "No authRequest nor samlRequest provided" },
+      { status: 500 },
+    );
+  }
+}
diff --git a/login/apps/login/src/app/security/route.ts b/login/apps/login/src/app/security/route.ts
new file mode 100644
index 0000000000..4a2b6d4854
--- /dev/null
+++ b/login/apps/login/src/app/security/route.ts
@@ -0,0 +1,28 @@
+import { createServiceForHost } from "@/lib/service";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { Client } from "@zitadel/client";
+import { SettingsService } from "@zitadel/proto/zitadel/settings/v2/settings_service_pb";
+import { headers } from "next/headers";
+import { NextResponse } from "next/server";
+
+export async function GET() {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const settingsService: Client<typeof SettingsService> =
+    await createServiceForHost(SettingsService, serviceUrl);
+
+  const settings = await settingsService
+    .getSecuritySettings({})
+    .then((resp) => (resp.settings ? resp.settings : undefined));
+
+  const response = NextResponse.json({ settings }, { status: 200 });
+
+  // Add Cache-Control header to cache the response for up to 1 hour
+  response.headers.set(
+    "Cache-Control",
+    "public, max-age=3600, stale-while-revalidate=86400",
+  );
+
+  return response;
+}
diff --git a/login/apps/login/src/components/address-bar.tsx b/login/apps/login/src/components/address-bar.tsx
new file mode 100644
index 0000000000..7e7bda6bd0
--- /dev/null
+++ b/login/apps/login/src/components/address-bar.tsx
@@ -0,0 +1,61 @@
+"use client";
+
+import { usePathname } from "next/navigation";
+import { Fragment } from "react";
+
+type Props = {
+  domain: string;
+};
+
+export function AddressBar({ domain }: Props) {
+  const pathname = usePathname();
+
+  return (
+    <div className="flex items-center space-x-2 p-3.5 lg:px-5 lg:py-3 overflow-hidden">
+      <div className="text-gray-600">
+        <svg
+          xmlns="http://www.w3.org/2000/svg"
+          className="h-4"
+          viewBox="0 0 20 20"
+          fill="currentColor"
+        >
+          <path
+            fillRule="evenodd"
+            d="M5 9V7a5 5 0 0110 0v2a2 2 0 012 2v5a2 2 0 01-2 2H5a2 2 0 01-2-2v-5a2 2 0 012-2zm8-2v2H7V7a3 3 0 016 0z"
+            clipRule="evenodd"
+          />
+        </svg>
+      </div>
+      <div className="flex space-x-1 text-sm font-medium">
+        <div className="max-w-[150px] px-2 overflow-hidden text-gray-500  text-ellipsis">
+          <span className="whitespace-nowrap">{domain}</span>
+        </div>
+        {pathname ? (
+          <>
+            <span className="text-gray-600">/</span>
+            {pathname
+              .split("/")
+              .slice(1)
+              .filter((s) => !!s)
+              .map((segment) => {
+                return (
+                  <Fragment key={segment}>
+                    <span>
+                      <span
+                        key={segment}
+                        className="animate-[highlight_1s_ease-in-out_1] rounded-full px-1.5 py-0.5 text-gray-800 dark:text-gray-100"
+                      >
+                        {segment}
+                      </span>
+                    </span>
+
+                    <span className="text-gray-600">/</span>
+                  </Fragment>
+                );
+              })}
+          </>
+        ) : null}
+      </div>
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/alert.tsx b/login/apps/login/src/components/alert.tsx
new file mode 100644
index 0000000000..417e67934e
--- /dev/null
+++ b/login/apps/login/src/components/alert.tsx
@@ -0,0 +1,45 @@
+import {
+  ExclamationTriangleIcon,
+  InformationCircleIcon,
+} from "@heroicons/react/24/outline";
+import { clsx } from "clsx";
+import { ReactNode } from "react";
+
+type Props = {
+  children: ReactNode;
+  type?: AlertType;
+};
+
+export enum AlertType {
+  ALERT,
+  INFO,
+}
+
+const yellow =
+  "border-yellow-600/40 dark:border-yellow-500/20 bg-yellow-200/30 text-yellow-600 dark:bg-yellow-700/20 dark:text-yellow-200";
+const red =
+  "border-red-600/40 dark:border-red-500/20 bg-red-200/30 text-red-600 dark:bg-red-700/20 dark:text-red-200";
+const neutral =
+  "border-divider-light dark:border-divider-dark bg-black/5 text-gray-600 dark:bg-white/10 dark:text-gray-200";
+
+export function Alert({ children, type = AlertType.ALERT }: Props) {
+  return (
+    <div
+      className={clsx(
+        "flex flex-row items-center justify-center border rounded-md py-2 pr-2 scroll-px-40",
+        {
+          [yellow]: type === AlertType.ALERT,
+          [neutral]: type === AlertType.INFO,
+        },
+      )}
+    >
+      {type === AlertType.ALERT && (
+        <ExclamationTriangleIcon className="flex-shrink-0 h-5 w-5 mr-2 ml-2" />
+      )}
+      {type === AlertType.INFO && (
+        <InformationCircleIcon className="flex-shrink-0 h-5 w-5 mr-2 ml-2" />
+      )}
+      <span className="text-sm w-full ">{children}</span>
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/app-avatar.tsx b/login/apps/login/src/components/app-avatar.tsx
new file mode 100644
index 0000000000..defe388438
--- /dev/null
+++ b/login/apps/login/src/components/app-avatar.tsx
@@ -0,0 +1,48 @@
+import { ColorShade, getColorHash } from "@/helpers/colors";
+import { useTheme } from "next-themes";
+import Image from "next/image";
+import { getInitials } from "./avatar";
+
+interface AvatarProps {
+  appName: string;
+  imageUrl?: string;
+  shadow?: boolean;
+}
+
+export function AppAvatar({ appName, imageUrl, shadow }: AvatarProps) {
+  const { resolvedTheme } = useTheme();
+  const credentials = getInitials(appName, appName);
+
+  const color: ColorShade = getColorHash(appName);
+
+  const avatarStyleDark = {
+    backgroundColor: color[900],
+    color: color[200],
+  };
+
+  const avatarStyleLight = {
+    backgroundColor: color[200],
+    color: color[900],
+  };
+
+  return (
+    <div
+      className={`w-[100px] h-[100px] flex justify-center items-center cursor-default pointer-events-none group-focus:outline-none group-focus:ring-2 transition-colors duration-200 dark:group-focus:ring-offset-blue bg-primary-light-500 text-primary-light-contrast-500 hover:bg-primary-light-400 hover:dark:bg-primary-dark-500 group-focus:ring-primary-light-200 dark:group-focus:ring-primary-dark-400 dark:bg-primary-dark-300 dark:text-primary-dark-contrast-300 dark:text-blue rounded-full ${
+        shadow ? "shadow" : ""
+      }`}
+      style={resolvedTheme === "light" ? avatarStyleLight : avatarStyleDark}
+    >
+      {imageUrl ? (
+        <Image
+          height={48}
+          width={48}
+          alt="avatar"
+          className="w-full h-full border border-divider-light dark:border-divider-dark rounded-full"
+          src={imageUrl}
+        />
+      ) : (
+        <span className={`uppercase text-3xl`}>{credentials}</span>
+      )}
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/auth-methods.tsx b/login/apps/login/src/components/auth-methods.tsx
new file mode 100644
index 0000000000..ff0bcf0b32
--- /dev/null
+++ b/login/apps/login/src/components/auth-methods.tsx
@@ -0,0 +1,234 @@
+import { CheckIcon } from "@heroicons/react/24/solid";
+import { clsx } from "clsx";
+import Link from "next/link";
+import { ReactNode } from "react";
+import { BadgeState, StateBadge } from "./state-badge";
+
+const cardClasses = (alreadyAdded: boolean) =>
+  clsx(
+    "relative bg-background-light-400 dark:bg-background-dark-400 group block space-y-1.5 rounded-md px-5 py-3  border border-divider-light dark:border-divider-dark transition-all ",
+    alreadyAdded
+      ? "opacity-50 cursor-default"
+      : "hover:shadow-lg hover:dark:bg-white/10",
+  );
+
+const LinkWrapper = ({
+  alreadyAdded,
+  children,
+  link,
+}: {
+  alreadyAdded: boolean;
+  children: ReactNode;
+  link: string;
+}) => {
+  return !alreadyAdded ? (
+    <Link href={link} className={cardClasses(alreadyAdded)}>
+      {children}
+    </Link>
+  ) : (
+    <div className={cardClasses(alreadyAdded)}>{children}</div>
+  );
+};
+
+export const TOTP = (alreadyAdded: boolean, link: string) => {
+  return (
+    <LinkWrapper key={link} alreadyAdded={alreadyAdded} link={link}>
+      <div
+        className={clsx(
+          "font-medium flex items-center",
+          alreadyAdded ? "opacity-50" : "",
+        )}
+      >
+        <svg
+          className="h-8 w-8 transform -translate-x-[2px] mr-4 fill-current text-black dark:text-white"
+          xmlns="http://www.w3.org/2000/svg"
+          viewBox="0 0 24 24"
+        >
+          <title>timer-lock-outline</title>
+          <path d="M11 8H13V14H11V8M13 19.92C12.67 19.97 12.34 20 12 20C8.13 20 5 16.87 5 13S8.13 6 12 6C14.82 6 17.24 7.67 18.35 10.06C18.56 10.04 18.78 10 19 10C19.55 10 20.07 10.11 20.57 10.28C20.23 9.22 19.71 8.24 19.03 7.39L20.45 5.97C20 5.46 19.55 5 19.04 4.56L17.62 6C16.07 4.74 14.12 4 12 4C7.03 4 3 8.03 3 13S7.03 22 12 22C12.42 22 12.83 21.96 13.24 21.91C13.09 21.53 13 21.12 13 20.7V19.92M15 1H9V3H15V1M23 17.3V20.8C23 21.4 22.4 22 21.7 22H16.2C15.6 22 15 21.4 15 20.7V17.2C15 16.6 15.6 16 16.2 16V14.5C16.2 13.1 17.6 12 19 12S21.8 13.1 21.8 14.5V16C22.4 16 23 16.6 23 17.3M20.5 14.5C20.5 13.7 19.8 13.2 19 13.2S17.5 13.7 17.5 14.5V16H20.5V14.5Z" />
+        </svg>{" "}
+        <span>Authenticator App</span>
+      </div>
+      {alreadyAdded && (
+        <>
+          <Setup />
+        </>
+      )}
+    </LinkWrapper>
+  );
+};
+
+export const U2F = (alreadyAdded: boolean, link: string) => {
+  return (
+    <LinkWrapper key={link} alreadyAdded={alreadyAdded} link={link}>
+      <div
+        className={clsx(
+          "font-medium flex items-center",
+          alreadyAdded ? "" : "",
+        )}
+      >
+        <svg
+          xmlns="http://www.w3.org/2000/svg"
+          fill="none"
+          viewBox="0 0 24 24"
+          strokeWidth="1.5"
+          stroke="currentColor"
+          className="w-8 h-8 mr-4"
+        >
+          <path
+            strokeLinecap="round"
+            strokeLinejoin="round"
+            d="M7.864 4.243A7.5 7.5 0 0119.5 10.5c0 2.92-.556 5.709-1.568 8.268M5.742 6.364A7.465 7.465 0 004.5 10.5a7.464 7.464 0 01-1.15 3.993m1.989 3.559A11.209 11.209 0 008.25 10.5a3.75 3.75 0 117.5 0c0 .527-.021 1.049-.064 1.565M12 10.5a14.94 14.94 0 01-3.6 9.75m6.633-4.596a18.666 18.666 0 01-2.485 5.33"
+          />
+        </svg>
+        <span>Universal Second Factor</span>
+      </div>
+      {alreadyAdded && (
+        <>
+          <Setup />
+        </>
+      )}
+    </LinkWrapper>
+  );
+};
+
+export const EMAIL = (alreadyAdded: boolean, link: string) => {
+  return (
+    <LinkWrapper key={link} alreadyAdded={alreadyAdded} link={link}>
+      <div
+        className={clsx(
+          "font-medium flex items-center",
+          alreadyAdded ? "" : "",
+        )}
+      >
+        <svg
+          className="w-8 h-8 mr-4"
+          xmlns="http://www.w3.org/2000/svg"
+          fill="none"
+          viewBox="0 0 24 24"
+          strokeWidth={1.5}
+          stroke="currentColor"
+        >
+          <path
+            strokeLinecap="round"
+            strokeLinejoin="round"
+            d="M21.75 6.75v10.5a2.25 2.25 0 01-2.25 2.25h-15a2.25 2.25 0 01-2.25-2.25V6.75m19.5 0A2.25 2.25 0 0019.5 4.5h-15a2.25 2.25 0 00-2.25 2.25m19.5 0v.243a2.25 2.25 0 01-1.07 1.916l-7.5 4.615a2.25 2.25 0 01-2.36 0L3.32 8.91a2.25 2.25 0 01-1.07-1.916V6.75"
+          />
+        </svg>
+
+        <span>Code via Email</span>
+      </div>
+      {alreadyAdded && (
+        <>
+          <Setup />
+        </>
+      )}
+    </LinkWrapper>
+  );
+};
+
+export const SMS = (alreadyAdded: boolean, link: string) => {
+  return (
+    <LinkWrapper key={link} alreadyAdded={alreadyAdded} link={link}>
+      <div
+        className={clsx(
+          "font-medium flex items-center",
+          alreadyAdded ? "" : "",
+        )}
+      >
+        <svg
+          className="w-8 h-8 mr-4"
+          xmlns="http://www.w3.org/2000/svg"
+          fill="none"
+          viewBox="0 0 24 24"
+          strokeWidth="1.5"
+          stroke="currentColor"
+        >
+          <path
+            strokeLinecap="round"
+            strokeLinejoin="round"
+            d="M10.5 1.5H8.25A2.25 2.25 0 006 3.75v16.5a2.25 2.25 0 002.25 2.25h7.5A2.25 2.25 0 0018 20.25V3.75a2.25 2.25 0 00-2.25-2.25H13.5m-3 0V3h3V1.5m-3 0h3m-3 18.75h3"
+          />
+        </svg>
+        <span>Code via SMS</span>
+      </div>
+      {alreadyAdded && (
+        <>
+          <Setup />
+        </>
+      )}
+    </LinkWrapper>
+  );
+};
+
+export const PASSKEYS = (alreadyAdded: boolean, link: string) => {
+  return (
+    <LinkWrapper key={link} alreadyAdded={alreadyAdded} link={link}>
+      <div
+        className={clsx(
+          "font-medium flex items-center",
+          alreadyAdded ? "" : "",
+        )}
+      >
+        <svg
+          xmlns="http://www.w3.org/2000/svg"
+          fill="none"
+          viewBox="0 0 24 24"
+          strokeWidth="1.5"
+          stroke="currentColor"
+          className="w-8 h-8 mr-4"
+        >
+          <path
+            strokeLinecap="round"
+            strokeLinejoin="round"
+            d="M7.864 4.243A7.5 7.5 0 0119.5 10.5c0 2.92-.556 5.709-1.568 8.268M5.742 6.364A7.465 7.465 0 004.5 10.5a7.464 7.464 0 01-1.15 3.993m1.989 3.559A11.209 11.209 0 008.25 10.5a3.75 3.75 0 117.5 0c0 .527-.021 1.049-.064 1.565M12 10.5a14.94 14.94 0 01-3.6 9.75m6.633-4.596a18.666 18.666 0 01-2.485 5.33"
+          />
+        </svg>
+        <span>Passkeys</span>
+      </div>
+      {alreadyAdded && (
+        <>
+          <Setup />
+        </>
+      )}
+    </LinkWrapper>
+  );
+};
+
+export const PASSWORD = (alreadyAdded: boolean, link: string) => {
+  return (
+    <LinkWrapper key={link} alreadyAdded={alreadyAdded} link={link}>
+      <div
+        className={clsx(
+          "font-medium flex items-center",
+          alreadyAdded ? "" : "",
+        )}
+      >
+        <svg
+          className="w-8 h-7 mr-4 fill-current"
+          xmlns="http://www.w3.org/2000/svg"
+          viewBox="0 0 24 24"
+        >
+          <title>form-textbox-password</title>
+          <path d="M17,7H22V17H17V19A1,1 0 0,0 18,20H20V22H17.5C16.95,22 16,21.55 16,21C16,21.55 15.05,22 14.5,22H12V20H14A1,1 0 0,0 15,19V5A1,1 0 0,0 14,4H12V2H14.5C15.05,2 16,2.45 16,3C16,2.45 16.95,2 17.5,2H20V4H18A1,1 0 0,0 17,5V7M2,7H13V9H4V15H13V17H2V7M20,15V9H17V15H20M8.5,12A1.5,1.5 0 0,0 7,10.5A1.5,1.5 0 0,0 5.5,12A1.5,1.5 0 0,0 7,13.5A1.5,1.5 0 0,0 8.5,12M13,10.89C12.39,10.33 11.44,10.38 10.88,11C10.32,11.6 10.37,12.55 11,13.11C11.55,13.63 12.43,13.63 13,13.11V10.89Z" />
+        </svg>
+        <span>Password</span>
+      </div>
+      {alreadyAdded && (
+        <>
+          <Setup />
+        </>
+      )}
+    </LinkWrapper>
+  );
+};
+
+function Setup() {
+  return (
+    <div className="transform  absolute right-2 top-0">
+      <StateBadge evenPadding={true} state={BadgeState.Success}>
+        <CheckIcon className="w-4 h-4" />
+      </StateBadge>
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/authentication-method-radio.tsx b/login/apps/login/src/components/authentication-method-radio.tsx
new file mode 100644
index 0000000000..c3b273ab46
--- /dev/null
+++ b/login/apps/login/src/components/authentication-method-radio.tsx
@@ -0,0 +1,104 @@
+"use client";
+
+import { RadioGroup } from "@headlessui/react";
+import { Translated } from "./translated";
+
+export enum AuthenticationMethod {
+  Passkey = "passkey",
+  Password = "password",
+}
+
+export const methods = [
+  AuthenticationMethod.Passkey,
+  AuthenticationMethod.Password,
+];
+
+export function AuthenticationMethodRadio({
+  selected,
+  selectionChanged,
+}: {
+  selected: any;
+  selectionChanged: (value: any) => void;
+}) {
+  return (
+    <div className="w-full">
+      <div className="mx-auto w-full max-w-md">
+        <RadioGroup value={selected} onChange={selectionChanged}>
+          <RadioGroup.Label className="sr-only">Server size</RadioGroup.Label>
+          <div className="flex flex-row space-x-4">
+            {methods.map((method) => (
+              <RadioGroup.Option
+                key={method}
+                value={method}
+                data-testid={method + "-radio"}
+                className={({ active, checked }) =>
+                  `${
+                    active
+                      ? "ring-2 ring-opacity-60 ring-primary-light-500 dark:ring-white/20"
+                      : ""
+                  }
+                    ${
+                      checked
+                        ? "bg-background-light-400 dark:bg-background-dark-400 ring-2 ring-primary-light-500 dark:ring-primary-dark-500"
+                        : "bg-background-light-400 dark:bg-background-dark-400"
+                    }
+                     h-full flex-1 relative border boder-divider-light dark:border-divider-dark flex cursor-pointer rounded-lg px-5 py-4 focus:outline-none hover:shadow-lg dark:hover:bg-white/10`
+                }
+              >
+                {({ active, checked }) => (
+                  <>
+                    <div className="flex flex-col items-center w-full text-sm">
+                      {method === "passkey" && (
+                        <svg
+                          xmlns="http://www.w3.org/2000/svg"
+                          fill="none"
+                          viewBox="0 0 24 24"
+                          strokeWidth="1.5"
+                          stroke="currentColor"
+                          className="w-8 h-8 mb-3"
+                        >
+                          <path
+                            strokeLinecap="round"
+                            strokeLinejoin="round"
+                            d="M7.864 4.243A7.5 7.5 0 0119.5 10.5c0 2.92-.556 5.709-1.568 8.268M5.742 6.364A7.465 7.465 0 004.5 10.5a7.464 7.464 0 01-1.15 3.993m1.989 3.559A11.209 11.209 0 008.25 10.5a3.75 3.75 0 117.5 0c0 .527-.021 1.049-.064 1.565M12 10.5a14.94 14.94 0 01-3.6 9.75m6.633-4.596a18.666 18.666 0 01-2.485 5.33"
+                          />
+                        </svg>
+                      )}
+                      {method === "password" && (
+                        <svg
+                          className="w-8 h-8 mb-3 fill-current"
+                          xmlns="http://www.w3.org/2000/svg"
+                          viewBox="0 0 24 24"
+                        >
+                          <title>form-textbox-password</title>
+                          <path d="M17,7H22V17H17V19A1,1 0 0,0 18,20H20V22H17.5C16.95,22 16,21.55 16,21C16,21.55 15.05,22 14.5,22H12V20H14A1,1 0 0,0 15,19V5A1,1 0 0,0 14,4H12V2H14.5C15.05,2 16,2.45 16,3C16,2.45 16.95,2 17.5,2H20V4H18A1,1 0 0,0 17,5V7M2,7H13V9H4V15H13V17H2V7M20,15V9H17V15H20M8.5,12A1.5,1.5 0 0,0 7,10.5A1.5,1.5 0 0,0 5.5,12A1.5,1.5 0 0,0 7,13.5A1.5,1.5 0 0,0 8.5,12M13,10.89C12.39,10.33 11.44,10.38 10.88,11C10.32,11.6 10.37,12.55 11,13.11C11.55,13.63 12.43,13.63 13,13.11V10.89Z" />
+                        </svg>
+                      )}
+                      <RadioGroup.Label
+                        as="p"
+                        className={`font-medium  ${checked ? "" : ""}`}
+                      >
+                        {method === AuthenticationMethod.Passkey && (
+                          <Translated
+                            i18nKey="methods.passkey"
+                            namespace="register"
+                          />
+                        )}
+                        {method === AuthenticationMethod.Password && (
+                          <Translated
+                            i18nKey="methods.password"
+                            namespace="register"
+                          />
+                        )}
+                      </RadioGroup.Label>
+                    </div>
+                  </>
+                )}
+              </RadioGroup.Option>
+            ))}
+          </div>
+        </RadioGroup>
+      </div>
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/avatar.tsx b/login/apps/login/src/components/avatar.tsx
new file mode 100644
index 0000000000..2300659875
--- /dev/null
+++ b/login/apps/login/src/components/avatar.tsx
@@ -0,0 +1,97 @@
+"use client";
+
+import { ColorShade, getColorHash } from "@/helpers/colors";
+import { useTheme } from "next-themes";
+import Image from "next/image";
+
+interface AvatarProps {
+  name: string | null | undefined;
+  loginName: string;
+  imageUrl?: string;
+  size?: "small" | "base" | "large";
+  shadow?: boolean;
+}
+
+export function getInitials(name: string, loginName: string) {
+  let credentials = "";
+  if (name) {
+    const split = name.split(" ");
+    if (split) {
+      const initials =
+        split[0].charAt(0) + (split[1] ? split[1].charAt(0) : "");
+      credentials = initials;
+    } else {
+      credentials = name.charAt(0);
+    }
+  } else {
+    const username = loginName.split("@")[0];
+    let separator = "_";
+    if (username.includes("-")) {
+      separator = "-";
+    }
+    if (username.includes(".")) {
+      separator = ".";
+    }
+    const split = username.split(separator);
+    const initials = split[0].charAt(0) + (split[1] ? split[1].charAt(0) : "");
+    credentials = initials;
+  }
+
+  return credentials;
+}
+
+export function Avatar({
+  size = "base",
+  name,
+  loginName,
+  imageUrl,
+  shadow,
+}: AvatarProps) {
+  const { resolvedTheme } = useTheme();
+  const credentials = getInitials(name ?? loginName, loginName);
+
+  const color: ColorShade = getColorHash(loginName);
+
+  const avatarStyleDark = {
+    backgroundColor: color[900],
+    color: color[200],
+  };
+
+  const avatarStyleLight = {
+    backgroundColor: color[200],
+    color: color[900],
+  };
+
+  return (
+    <div
+      className={`w-full h-full flex-shrink-0 flex justify-center items-center cursor-default pointer-events-none group-focus:outline-none group-focus:ring-2 transition-colors duration-200 dark:group-focus:ring-offset-blue bg-primary-light-500 text-primary-light-contrast-500 hover:bg-primary-light-400 hover:dark:bg-primary-dark-500 group-focus:ring-primary-light-200 dark:group-focus:ring-primary-dark-400 dark:bg-primary-dark-300 dark:text-primary-dark-contrast-300 dark:text-blue rounded-full ${
+        shadow ? "shadow" : ""
+      } ${
+        size === "large"
+          ? "h-20 w-20 font-normal"
+          : size === "base"
+            ? "w-[38px] h-[38px] font-bold"
+            : size === "small"
+              ? "!w-[32px] !h-[32px] font-bold text-[13px]"
+              : "w-12 h-12"
+      }`}
+      style={resolvedTheme === "light" ? avatarStyleLight : avatarStyleDark}
+    >
+      {imageUrl ? (
+        <Image
+          height={48}
+          width={48}
+          alt="avatar"
+          className="w-full h-full border border-divider-light dark:border-divider-dark rounded-full"
+          src={imageUrl}
+        />
+      ) : (
+        <span
+          className={`uppercase ${size === "large" ? "text-xl" : "text-13px"}`}
+        >
+          {credentials}
+        </span>
+      )}
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/back-button.tsx b/login/apps/login/src/components/back-button.tsx
new file mode 100644
index 0000000000..31d4a880ad
--- /dev/null
+++ b/login/apps/login/src/components/back-button.tsx
@@ -0,0 +1,18 @@
+"use client";
+
+import { useRouter } from "next/navigation";
+import { Button, ButtonVariants } from "./button";
+import { Translated } from "./translated";
+
+export function BackButton() {
+  const router = useRouter();
+  return (
+    <Button
+      onClick={() => router.back()}
+      type="button"
+      variant={ButtonVariants.Secondary}
+    >
+      <Translated i18nKey="back" namespace="common" />
+    </Button>
+  );
+}
diff --git a/login/apps/login/src/components/boundary.tsx b/login/apps/login/src/components/boundary.tsx
new file mode 100644
index 0000000000..354d920960
--- /dev/null
+++ b/login/apps/login/src/components/boundary.tsx
@@ -0,0 +1,83 @@
+import { clsx } from "clsx";
+import { ReactNode } from "react";
+
+const Label = ({
+  children,
+  animateRerendering,
+  color,
+}: {
+  children: ReactNode;
+  animateRerendering?: boolean;
+  color?: "default" | "pink" | "blue" | "violet" | "cyan" | "orange" | "red";
+}) => {
+  return (
+    <div
+      className={clsx("rounded-full px-1.5", {
+        "bg-gray-800 text-gray-500": color === "default",
+        "bg-pink-500 text-pink-100": color === "pink",
+        "bg-blue-500 text-blue-100": color === "blue",
+        "bg-cyan-500 text-cyan-100": color === "cyan",
+        "bg-red-500 text-red-100": color === "red",
+        "bg-violet-500 text-violet-100": color === "violet",
+        "bg-orange-500 text-orange-100": color === "orange",
+        "animate-[highlight_1s_ease-in-out_1]": animateRerendering,
+      })}
+    >
+      {children}
+    </div>
+  );
+};
+export const Boundary = ({
+  children,
+  labels = ["children"],
+  size = "default",
+  color = "default",
+  animateRerendering = true,
+}: {
+  children: ReactNode;
+  labels?: string[];
+  size?: "small" | "default";
+  color?: "default" | "pink" | "blue" | "violet" | "cyan" | "orange" | "red";
+  animateRerendering?: boolean;
+}) => {
+  return (
+    <div
+      className={clsx("relative rounded-lg border border-dashed", {
+        "p-3 lg:p-5": size === "small",
+        "p-4 lg:p-9 lg:pb-6": size === "default",
+        "border-divider-light dark:border-divider-dark": color === "default",
+        "border-pink-500": color === "pink",
+        "border-blue-500": color === "blue",
+        "border-cyan-500": color === "cyan",
+        "border-red-500": color === "red",
+        "border-violet-500": color === "violet",
+        "border-orange-500": color === "orange",
+        "animate-[rerender_1s_ease-in-out_1] text-pink-500": animateRerendering,
+      })}
+    >
+      <div
+        className={clsx(
+          "absolute -top-2 flex space-x-1 text-[9px] uppercase leading-4 tracking-widest",
+          {
+            "left-3 lg:left-5": size === "small",
+            "left-4 lg:left-9": size === "default",
+          },
+        )}
+      >
+        {labels.map((label) => {
+          return (
+            <Label
+              key={label}
+              color={color}
+              animateRerendering={animateRerendering}
+            >
+              {label}
+            </Label>
+          );
+        })}
+      </div>
+
+      {children}
+    </div>
+  );
+};
diff --git a/login/apps/login/src/components/button.tsx b/login/apps/login/src/components/button.tsx
new file mode 100644
index 0000000000..a25a30538a
--- /dev/null
+++ b/login/apps/login/src/components/button.tsx
@@ -0,0 +1,74 @@
+import { clsx } from "clsx";
+import { ButtonHTMLAttributes, DetailedHTMLProps, forwardRef } from "react";
+
+export enum ButtonSizes {
+  Small = "Small",
+  Large = "Large",
+}
+
+export enum ButtonVariants {
+  Primary = "Primary",
+  Secondary = "Secondary",
+  Destructive = "Destructive",
+}
+
+export enum ButtonColors {
+  Neutral = "Neutral",
+  Primary = "Primary",
+  Warn = "Warn",
+}
+
+export type ButtonProps = DetailedHTMLProps<
+  ButtonHTMLAttributes<HTMLButtonElement>,
+  HTMLButtonElement
+> & {
+  size?: ButtonSizes;
+  variant?: ButtonVariants;
+  color?: ButtonColors;
+};
+
+export const getButtonClasses = (
+  size: ButtonSizes,
+  variant: ButtonVariants,
+  color: ButtonColors,
+) =>
+  clsx({
+    "box-border font-normal leading-36px text-14px inline-flex items-center rounded-md focus:outline-none transition-colors transition-shadow duration-300":
+      true,
+    "shadow hover:shadow-xl active:shadow-xl disabled:border-none disabled:bg-gray-300 disabled:text-gray-600 disabled:shadow-none disabled:cursor-not-allowed disabled:dark:bg-gray-800 disabled:dark:text-gray-900":
+      variant === ButtonVariants.Primary,
+    "bg-primary-light-500 dark:bg-primary-dark-500 hover:bg-primary-light-400 hover:dark:bg-primary-dark-400 text-primary-light-contrast-500 dark:text-primary-dark-contrast-500":
+      variant === ButtonVariants.Primary && color !== ButtonColors.Warn,
+    "bg-warn-light-500 dark:bg-warn-dark-500 hover:bg-warn-light-400 hover:dark:bg-warn-dark-400 text-white dark:text-white":
+      variant === ButtonVariants.Primary && color === ButtonColors.Warn,
+    "border border-button-light-border dark:border-button-dark-border text-gray-950 hover:bg-gray-500 hover:bg-opacity-20 hover:dark:bg-white hover:dark:bg-opacity-10 focus:bg-gray-500 focus:bg-opacity-20 focus:dark:bg-white focus:dark:bg-opacity-10 dark:text-white disabled:text-gray-600 disabled:hover:bg-transparent disabled:dark:hover:bg-transparent disabled:cursor-not-allowed disabled:dark:text-gray-900":
+      variant === ButtonVariants.Secondary,
+    "border border-button-light-border dark:border-button-dark-border text-warn-light-500 dark:text-warn-dark-500 hover:bg-warn-light-500 hover:bg-opacity-10 dark:hover:bg-warn-light-500 dark:hover:bg-opacity-10 focus:bg-warn-light-500 focus:bg-opacity-20 dark:focus:bg-warn-light-500 dark:focus:bg-opacity-20":
+      color === ButtonColors.Warn && variant !== ButtonVariants.Primary,
+    "px-16 py-2": size === ButtonSizes.Large,
+    "px-4 h-[36px]": size === ButtonSizes.Small,
+  });
+
+// eslint-disable-next-line react/display-name
+export const Button = forwardRef<HTMLButtonElement, ButtonProps>(
+  (
+    {
+      children,
+      className = "",
+      variant = ButtonVariants.Primary,
+      size = ButtonSizes.Small,
+      color = ButtonColors.Primary,
+      ...props
+    },
+    ref,
+  ) => (
+    <button
+      type="button"
+      ref={ref}
+      className={`${getButtonClasses(size, variant, color)} ${className}`}
+      {...props}
+    >
+      {children}
+    </button>
+  ),
+);
diff --git a/login/apps/login/src/components/change-password-form.tsx b/login/apps/login/src/components/change-password-form.tsx
new file mode 100644
index 0000000000..00513d8dda
--- /dev/null
+++ b/login/apps/login/src/components/change-password-form.tsx
@@ -0,0 +1,211 @@
+"use client";
+
+import {
+  lowerCaseValidator,
+  numberValidator,
+  symbolValidator,
+  upperCaseValidator,
+} from "@/helpers/validators";
+import {
+  checkSessionAndSetPassword,
+  sendPassword,
+} from "@/lib/server/password";
+import { create } from "@zitadel/client";
+import { ChecksSchema } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { PasswordComplexitySettings } from "@zitadel/proto/zitadel/settings/v2/password_settings_pb";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { FieldValues, useForm } from "react-hook-form";
+import { Alert } from "./alert";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { TextInput } from "./input";
+import { PasswordComplexity } from "./password-complexity";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Inputs =
+  | {
+      password: string;
+      confirmPassword: string;
+    }
+  | FieldValues;
+
+type Props = {
+  passwordComplexitySettings: PasswordComplexitySettings;
+  sessionId: string;
+  loginName: string;
+  requestId?: string;
+  organization?: string;
+};
+
+export function ChangePasswordForm({
+  passwordComplexitySettings,
+  sessionId,
+  loginName,
+  requestId,
+  organization,
+}: Props) {
+  const router = useRouter();
+
+  const { register, handleSubmit, watch, formState } = useForm<Inputs>({
+    mode: "onBlur",
+    defaultValues: {
+      password: "",
+      comfirmPassword: "",
+    },
+  });
+
+  const [loading, setLoading] = useState<boolean>(false);
+  const [error, setError] = useState<string>("");
+
+  async function submitChange(values: Inputs) {
+    setLoading(true);
+
+    const changeResponse = checkSessionAndSetPassword({
+      sessionId,
+      password: values.password,
+    })
+      .catch(() => {
+        setError("Could not change password");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (changeResponse && "error" in changeResponse && changeResponse.error) {
+      setError(
+        typeof changeResponse.error === "string"
+          ? changeResponse.error
+          : "Unknown error",
+      );
+      return;
+    }
+
+    if (!changeResponse) {
+      setError("Could not change password");
+      return;
+    }
+
+    await new Promise((resolve) => setTimeout(resolve, 1000)); // wait for a second, to prevent eventual consistency issues
+
+    const passwordResponse = await sendPassword({
+      loginName,
+      organization,
+      checks: create(ChecksSchema, {
+        password: { password: values.password },
+      }),
+      requestId,
+    })
+      .catch(() => {
+        setError("Could not verify password");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (
+      passwordResponse &&
+      "error" in passwordResponse &&
+      passwordResponse.error
+    ) {
+      setError(passwordResponse.error);
+      return;
+    }
+
+    if (
+      passwordResponse &&
+      "redirect" in passwordResponse &&
+      passwordResponse.redirect
+    ) {
+      return router.push(passwordResponse.redirect);
+    }
+
+    return;
+  }
+
+  const { errors } = formState;
+
+  const watchPassword = watch("password", "");
+  const watchConfirmPassword = watch("confirmPassword", "");
+
+  const hasMinLength =
+    passwordComplexitySettings &&
+    watchPassword?.length >= passwordComplexitySettings.minLength;
+  const hasSymbol = symbolValidator(watchPassword);
+  const hasNumber = numberValidator(watchPassword);
+  const hasUppercase = upperCaseValidator(watchPassword);
+  const hasLowercase = lowerCaseValidator(watchPassword);
+
+  const policyIsValid =
+    passwordComplexitySettings &&
+    (passwordComplexitySettings.requiresLowercase ? hasLowercase : true) &&
+    (passwordComplexitySettings.requiresNumber ? hasNumber : true) &&
+    (passwordComplexitySettings.requiresUppercase ? hasUppercase : true) &&
+    (passwordComplexitySettings.requiresSymbol ? hasSymbol : true) &&
+    hasMinLength;
+
+  return (
+    <form className="w-full">
+      <div className="pt-4 grid grid-cols-1 gap-4 mb-4">
+        <div className="">
+          <TextInput
+            type="password"
+            autoComplete="new-password"
+            required
+            {...register("password", {
+              required: "You have to provide a new password!",
+            })}
+            label="New Password"
+            error={errors.password?.message as string}
+            data-testid="password-change-text-input"
+          />
+        </div>
+        <div className="">
+          <TextInput
+            type="password"
+            required
+            autoComplete="new-password"
+            {...register("confirmPassword", {
+              required: "This field is required",
+            })}
+            label="Confirm Password"
+            error={errors.confirmPassword?.message as string}
+            data-testid="password-change-confirm-text-input"
+          />
+        </div>
+      </div>
+
+      {passwordComplexitySettings && (
+        <PasswordComplexity
+          passwordComplexitySettings={passwordComplexitySettings}
+          password={watchPassword}
+          equals={!!watchPassword && watchPassword === watchConfirmPassword}
+        />
+      )}
+
+      {error && <Alert>{error}</Alert>}
+
+      <div className="mt-8 flex w-full flex-row items-center justify-between">
+        <BackButton data-testid="back-button" />
+        <Button
+          type="submit"
+          variant={ButtonVariants.Primary}
+          disabled={
+            loading ||
+            !policyIsValid ||
+            !formState.isValid ||
+            watchPassword !== watchConfirmPassword
+          }
+          onClick={handleSubmit(submitChange)}
+          data-testid="submit-button"
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}{" "}
+          <Translated i18nKey="change.submit" namespace="password" />
+        </Button>
+      </div>
+    </form>
+  );
+}
diff --git a/login/apps/login/src/components/checkbox.tsx b/login/apps/login/src/components/checkbox.tsx
new file mode 100644
index 0000000000..41b45aad92
--- /dev/null
+++ b/login/apps/login/src/components/checkbox.tsx
@@ -0,0 +1,62 @@
+import classNames from "clsx";
+import {
+  DetailedHTMLProps,
+  forwardRef,
+  InputHTMLAttributes,
+  useEffect,
+  useState,
+} from "react";
+
+export type CheckboxProps = DetailedHTMLProps<
+  InputHTMLAttributes<HTMLInputElement>,
+  HTMLInputElement
+> & {
+  checked: boolean;
+  disabled?: boolean;
+  onChangeVal?: (checked: boolean) => void;
+};
+
+export const Checkbox = forwardRef<HTMLInputElement, CheckboxProps>(
+  function Checkbox(
+    {
+      className = "",
+      checked = false,
+      disabled = false,
+      onChangeVal,
+      children,
+      ...props
+    },
+    ref,
+  ) {
+    const [enabled, setEnabled] = useState<boolean>(checked);
+
+    useEffect(() => {
+      setEnabled(checked);
+    }, [checked]);
+
+    return (
+      <div className="relative flex items-start">
+        <div className="flex items-center h-5">
+          <div className="box-sizing block">
+            <input
+              ref={ref}
+              checked={enabled}
+              onChange={(event) => {
+                setEnabled(event.target?.checked);
+                onChangeVal && onChangeVal(event.target?.checked);
+              }}
+              disabled={disabled}
+              type="checkbox"
+              className={classNames(
+                "form-checkbox rounded border-gray-300 text-primary-light-500 dark:text-primary-dark-500 shadow-sm focus:border-indigo-300 focus:ring focus:ring-offset-0 focus:ring-indigo-200 focus:ring-opacity-50",
+                className,
+              )}
+              {...props}
+            />
+          </div>
+        </div>
+        {children}
+      </div>
+    );
+  },
+);
diff --git a/login/apps/login/src/components/choose-authenticator-to-login.tsx b/login/apps/login/src/components/choose-authenticator-to-login.tsx
new file mode 100644
index 0000000000..0f5dd79134
--- /dev/null
+++ b/login/apps/login/src/components/choose-authenticator-to-login.tsx
@@ -0,0 +1,38 @@
+import {
+  LoginSettings,
+  PasskeysType,
+} from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { PASSKEYS, PASSWORD } from "./auth-methods";
+import { Translated } from "./translated";
+
+type Props = {
+  authMethods: AuthenticationMethodType[];
+  params: URLSearchParams;
+  loginSettings: LoginSettings | undefined;
+};
+
+export function ChooseAuthenticatorToLogin({
+  authMethods,
+  params,
+  loginSettings,
+}: Props) {
+  return (
+    <>
+      {authMethods.includes(AuthenticationMethodType.PASSWORD) &&
+        loginSettings?.allowUsernamePassword && (
+          <div className="ztdl-p">
+            <Translated i18nKey="chooseAlternativeMethod" namespace="idp" />
+          </div>
+        )}
+      <div className="grid grid-cols-1 gap-5 w-full pt-4">
+        {authMethods.includes(AuthenticationMethodType.PASSWORD) &&
+          loginSettings?.allowUsernamePassword &&
+          PASSWORD(false, "/password?" + params)}
+        {authMethods.includes(AuthenticationMethodType.PASSKEY) &&
+          loginSettings?.passkeysType == PasskeysType.ALLOWED &&
+          PASSKEYS(false, "/passkey?" + params)}
+      </div>
+    </>
+  );
+}
diff --git a/login/apps/login/src/components/choose-authenticator-to-setup.tsx b/login/apps/login/src/components/choose-authenticator-to-setup.tsx
new file mode 100644
index 0000000000..4aa4de720a
--- /dev/null
+++ b/login/apps/login/src/components/choose-authenticator-to-setup.tsx
@@ -0,0 +1,51 @@
+import {
+  LoginSettings,
+  PasskeysType,
+} from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { Alert, AlertType } from "./alert";
+import { PASSKEYS, PASSWORD } from "./auth-methods";
+import { Translated } from "./translated";
+
+type Props = {
+  authMethods: AuthenticationMethodType[];
+  params: URLSearchParams;
+  loginSettings: LoginSettings;
+};
+
+export function ChooseAuthenticatorToSetup({
+  authMethods,
+  params,
+  loginSettings,
+}: Props) {
+  if (authMethods.length !== 0) {
+    return (
+      <Alert type={AlertType.ALERT}>
+        <Translated i18nKey="allSetup" namespace="authenticator" />
+      </Alert>
+    );
+  } else {
+    return (
+      <>
+        {loginSettings.passkeysType == PasskeysType.NOT_ALLOWED &&
+          !loginSettings.allowUsernamePassword && (
+            <Alert type={AlertType.ALERT}>
+              <Translated
+                i18nKey="noMethodsAvailable"
+                namespace="authenticator"
+              />
+            </Alert>
+          )}
+
+        <div className="grid grid-cols-1 gap-5 w-full pt-4">
+          {!authMethods.includes(AuthenticationMethodType.PASSWORD) &&
+            loginSettings.allowUsernamePassword &&
+            PASSWORD(false, "/password/set?" + params)}
+          {!authMethods.includes(AuthenticationMethodType.PASSKEY) &&
+            loginSettings.passkeysType == PasskeysType.ALLOWED &&
+            PASSKEYS(false, "/passkey/set?" + params)}
+        </div>
+      </>
+    );
+  }
+}
diff --git a/login/apps/login/src/components/choose-second-factor-to-setup.tsx b/login/apps/login/src/components/choose-second-factor-to-setup.tsx
new file mode 100644
index 0000000000..edd0ae2b61
--- /dev/null
+++ b/login/apps/login/src/components/choose-second-factor-to-setup.tsx
@@ -0,0 +1,119 @@
+"use client";
+
+import { skipMFAAndContinueWithNextUrl } from "@/lib/server/session";
+import {
+  LoginSettings,
+  SecondFactorType,
+} from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { useRouter } from "next/navigation";
+import { EMAIL, SMS, TOTP, U2F } from "./auth-methods";
+import { Translated } from "./translated";
+
+type Props = {
+  userId: string;
+  loginName?: string;
+  sessionId?: string;
+  requestId?: string;
+  organization?: string;
+  loginSettings: LoginSettings;
+  userMethods: AuthenticationMethodType[];
+  checkAfter: boolean;
+  phoneVerified: boolean;
+  emailVerified: boolean;
+  force: boolean;
+};
+
+export function ChooseSecondFactorToSetup({
+  userId,
+  loginName,
+  sessionId,
+  requestId,
+  organization,
+  loginSettings,
+  userMethods,
+  checkAfter,
+  phoneVerified,
+  emailVerified,
+  force,
+}: Props) {
+  const router = useRouter();
+  const params = new URLSearchParams({});
+
+  if (loginName) {
+    params.append("loginName", loginName);
+  }
+  if (sessionId) {
+    params.append("sessionId", sessionId);
+  }
+  if (requestId) {
+    params.append("requestId", requestId);
+  }
+  if (organization) {
+    params.append("organization", organization);
+  }
+  if (checkAfter) {
+    params.append("checkAfter", "true");
+  }
+
+  return (
+    <>
+      <div className="grid grid-cols-1 gap-5 w-full pt-4">
+        {loginSettings.secondFactors.map((factor) => {
+          switch (factor) {
+            case SecondFactorType.OTP:
+              return TOTP(
+                userMethods.includes(AuthenticationMethodType.TOTP),
+                "/otp/time-based/set?" + params,
+              );
+            case SecondFactorType.U2F:
+              return U2F(
+                userMethods.includes(AuthenticationMethodType.U2F),
+                "/u2f/set?" + params,
+              );
+            case SecondFactorType.OTP_EMAIL:
+              return (
+                emailVerified &&
+                EMAIL(
+                  userMethods.includes(AuthenticationMethodType.OTP_EMAIL),
+                  "/otp/email/set?" + params,
+                )
+              );
+            case SecondFactorType.OTP_SMS:
+              return (
+                phoneVerified &&
+                SMS(
+                  userMethods.includes(AuthenticationMethodType.OTP_SMS),
+                  "/otp/sms/set?" + params,
+                )
+              );
+            default:
+              return null;
+          }
+        })}
+      </div>
+      {!force && (
+        <button
+          className="transition-all text-sm hover:text-primary-light-500 dark:hover:text-primary-dark-500"
+          onClick={async () => {
+            const resp = await skipMFAAndContinueWithNextUrl({
+              userId,
+              loginName,
+              sessionId,
+              organization,
+              requestId,
+            });
+
+            if (resp?.redirect) {
+              return router.push(resp.redirect);
+            }
+          }}
+          type="button"
+          data-testid="reset-button"
+        >
+          <Translated i18nKey="set.skip" namespace="mfa" />
+        </button>
+      )}
+    </>
+  );
+}
diff --git a/login/apps/login/src/components/choose-second-factor.tsx b/login/apps/login/src/components/choose-second-factor.tsx
new file mode 100644
index 0000000000..6cd890f11d
--- /dev/null
+++ b/login/apps/login/src/components/choose-second-factor.tsx
@@ -0,0 +1,54 @@
+"use client";
+
+import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { EMAIL, SMS, TOTP, U2F } from "./auth-methods";
+
+type Props = {
+  loginName?: string;
+  sessionId?: string;
+  requestId?: string;
+  organization?: string;
+  userMethods: AuthenticationMethodType[];
+};
+
+export function ChooseSecondFactor({
+  loginName,
+  sessionId,
+  requestId,
+  organization,
+  userMethods,
+}: Props) {
+  const params = new URLSearchParams({});
+
+  if (loginName) {
+    params.append("loginName", loginName);
+  }
+  if (sessionId) {
+    params.append("sessionId", sessionId);
+  }
+  if (requestId) {
+    params.append("requestId", requestId);
+  }
+  if (organization) {
+    params.append("organization", organization);
+  }
+
+  return (
+    <div className="grid grid-cols-1 gap-5 w-full pt-4">
+      {userMethods.map((method, i) => {
+        return (
+          <div key={"method-" + i}>
+            {method === AuthenticationMethodType.TOTP &&
+              TOTP(false, "/otp/time-based?" + params)}
+            {method === AuthenticationMethodType.U2F &&
+              U2F(false, "/u2f?" + params)}
+            {method === AuthenticationMethodType.OTP_EMAIL &&
+              EMAIL(false, "/otp/email?" + params)}
+            {method === AuthenticationMethodType.OTP_SMS &&
+              SMS(false, "/otp/sms?" + params)}
+          </div>
+        );
+      })}
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/consent.tsx b/login/apps/login/src/components/consent.tsx
new file mode 100644
index 0000000000..e60ed2901b
--- /dev/null
+++ b/login/apps/login/src/components/consent.tsx
@@ -0,0 +1,116 @@
+"use client";
+
+import { completeDeviceAuthorization } from "@/lib/server/device";
+import { useTranslations } from "next-intl";
+import Link from "next/link";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { Alert } from "./alert";
+import { Button, ButtonVariants } from "./button";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+export function ConsentScreen({
+  scope,
+  nextUrl,
+  deviceAuthorizationRequestId,
+  appName,
+}: {
+  scope?: string[];
+  nextUrl: string;
+  deviceAuthorizationRequestId: string;
+  appName?: string;
+}) {
+  const t = useTranslations();
+  const [loading, setLoading] = useState<boolean>(false);
+  const [error, setError] = useState<string>("");
+  const router = useRouter();
+
+  async function denyDeviceAuth() {
+    setLoading(true);
+    const response = await completeDeviceAuthorization(
+      deviceAuthorizationRequestId,
+    )
+      .catch(() => {
+        setError("Could not register user");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response) {
+      return router.push("/device");
+    }
+  }
+
+  const scopes = scope?.filter((s) => !!s);
+
+  return (
+    <div className="pt-4 w-full flex flex-col items-center space-y-4">
+      <ul className="list-disc space-y-2 w-full">
+        {scopes?.length === 0 && (
+          <span className="w-full text-sm flex flex-row items-center bg-background-light-400 dark:bg-background-dark-400  border border-divider-light py-2 px-4 rounded-md transition-all">
+            <Translated i18nKey="device.scope.openid" namespace="device" />
+          </span>
+        )}
+        {scopes?.map((s) => {
+          const translationKey = `device.scope.${s}`;
+          const description = t(translationKey, null);
+
+          // Check if the key itself is returned and provide a fallback
+          const resolvedDescription =
+            description === translationKey ? "" : description;
+
+          return (
+            <li
+              key={s}
+              className="w-full text-sm flex flex-row items-center bg-background-light-400 dark:bg-background-dark-400  border border-divider-light py-2 px-4 rounded-md transition-all"
+            >
+              <span>{resolvedDescription}</span>
+            </li>
+          );
+        })}
+      </ul>
+
+      <p className="ztdl-p text-xs text-left">
+        <Translated
+          i18nKey="request.disclaimer"
+          namespace="device"
+          data={{ appName: appName }}
+        />
+      </p>
+
+      {error && (
+        <div className="py-4">
+          <Alert>{error}</Alert>
+        </div>
+      )}
+
+      <div className="mt-4 flex w-full flex-row items-center">
+        <Button
+          onClick={() => {
+            denyDeviceAuth();
+          }}
+          variant={ButtonVariants.Secondary}
+          data-testid="deny-button"
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}
+          <Translated i18nKey="device.request.deny" namespace="device" />
+        </Button>
+        <span className="flex-grow"></span>
+
+        <Link href={nextUrl}>
+          <Button
+            data-testid="submit-button"
+            type="submit"
+            className="self-end"
+            variant={ButtonVariants.Primary}
+          >
+            <Translated i18nKey="device.request.submit" namespace="device" />
+          </Button>
+        </Link>
+      </div>
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/copy-to-clipboard.tsx b/login/apps/login/src/components/copy-to-clipboard.tsx
new file mode 100644
index 0000000000..cf0dedc060
--- /dev/null
+++ b/login/apps/login/src/components/copy-to-clipboard.tsx
@@ -0,0 +1,41 @@
+"use client";
+
+import {
+  ClipboardDocumentCheckIcon,
+  ClipboardIcon,
+} from "@heroicons/react/20/solid";
+import copy from "copy-to-clipboard";
+import { useEffect, useState } from "react";
+
+type Props = {
+  value: string;
+};
+
+export function CopyToClipboard({ value }: Props) {
+  const [copied, setCopied] = useState(false);
+
+  useEffect(() => {
+    if (copied) {
+      copy(value);
+      const to = setTimeout(setCopied, 1000, false);
+      return () => clearTimeout(to);
+    }
+  }, [copied]);
+
+  return (
+    <div className="flex flex-row items-center px-2">
+      <button
+        id="tooltip-ctc"
+        type="button"
+        className=" text-primary-light-500 dark:text-primary-dark-500"
+        onClick={() => setCopied(true)}
+      >
+        {!copied ? (
+          <ClipboardIcon className="h-5 w-5" />
+        ) : (
+          <ClipboardDocumentCheckIcon className="h-5 w-5" />
+        )}
+      </button>
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/default-tags.tsx b/login/apps/login/src/components/default-tags.tsx
new file mode 100644
index 0000000000..dc14f1bc1e
--- /dev/null
+++ b/login/apps/login/src/components/default-tags.tsx
@@ -0,0 +1,32 @@
+// Default <head> tags we want shared across the app
+export function DefaultTags() {
+  return (
+    <>
+      <meta name="viewport" content="width=device-width, initial-scale=1" />
+      <link
+        href="/favicon/apple-touch-icon.png"
+        rel="apple-touch-icon"
+        sizes="180x180"
+      />
+      <link
+        href="/favicon/favicon-32x32.png"
+        rel="icon"
+        sizes="32x32"
+        type="image/png"
+      />
+      <link
+        href="/favicon/favicon-16x16.png"
+        rel="icon"
+        sizes="16x16"
+        type="image/png"
+      />
+      <link href="/favicon/site.webmanifest" rel="manifest" />
+      {/* <link
+        color="#000000"
+        href="/favicon/safari-pinned-tab.svg"
+        rel="mask-icon"
+      /> */}
+      <link href="/favicon/favicon.ico" rel="shortcut icon" />
+    </>
+  );
+}
diff --git a/login/apps/login/src/components/device-code-form.tsx b/login/apps/login/src/components/device-code-form.tsx
new file mode 100644
index 0000000000..a1efc07207
--- /dev/null
+++ b/login/apps/login/src/components/device-code-form.tsx
@@ -0,0 +1,95 @@
+"use client";
+
+import { Alert } from "@/components/alert";
+import { getDeviceAuthorizationRequest } from "@/lib/server/oidc";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { useForm } from "react-hook-form";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { TextInput } from "./input";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Inputs = {
+  userCode: string;
+};
+
+export function DeviceCodeForm({ userCode }: { userCode?: string }) {
+  const router = useRouter();
+
+  const { register, handleSubmit, formState } = useForm<Inputs>({
+    mode: "onBlur",
+    defaultValues: {
+      userCode: userCode || "",
+    },
+  });
+
+  const [error, setError] = useState<string>("");
+
+  const [loading, setLoading] = useState<boolean>(false);
+
+  async function submitCodeAndContinue(value: Inputs): Promise<boolean | void> {
+    setLoading(true);
+
+    const response = await getDeviceAuthorizationRequest(value.userCode)
+      .catch(() => {
+        setError("Could not continue the request");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (!response || !response.deviceAuthorizationRequest?.id) {
+      setError("Could not continue the request");
+      return;
+    }
+
+    return router.push(
+      `/device/consent?` +
+        new URLSearchParams({
+          requestId: `device_${response.deviceAuthorizationRequest.id}`,
+          user_code: value.userCode,
+        }).toString(),
+    );
+  }
+
+  return (
+    <>
+      <form className="w-full">
+        <div className="mt-4">
+          <TextInput
+            type="text"
+            autoComplete="one-time-code"
+            {...register("userCode", { required: "This field is required" })}
+            label="Code"
+            data-testid="code-text-input"
+          />
+        </div>
+
+        {error && (
+          <div className="py-4" data-testid="error">
+            <Alert>{error}</Alert>
+          </div>
+        )}
+
+        <div className="mt-8 flex w-full flex-row items-center">
+          <BackButton />
+          <span className="flex-grow"></span>
+          <Button
+            type="submit"
+            className="self-end"
+            variant={ButtonVariants.Primary}
+            disabled={loading || !formState.isValid}
+            onClick={handleSubmit(submitCodeAndContinue)}
+            data-testid="submit-button"
+          >
+            {loading && <Spinner className="h-5 w-5 mr-2" />}{" "}
+            <Translated i18nKey="verify.submit" namespace="verify" />
+          </Button>
+        </div>
+      </form>
+    </>
+  );
+}
diff --git a/login/apps/login/src/components/dynamic-theme.tsx b/login/apps/login/src/components/dynamic-theme.tsx
new file mode 100644
index 0000000000..d50bc082ea
--- /dev/null
+++ b/login/apps/login/src/components/dynamic-theme.tsx
@@ -0,0 +1,43 @@
+"use client";
+
+import { Logo } from "@/components/logo";
+import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2/branding_settings_pb";
+import { ReactNode } from "react";
+import { AppAvatar } from "./app-avatar";
+import { ThemeWrapper } from "./theme-wrapper";
+
+export function DynamicTheme({
+  branding,
+  children,
+  appName,
+}: {
+  children: ReactNode;
+  branding?: BrandingSettings;
+  appName?: string;
+}) {
+  return (
+    <ThemeWrapper branding={branding}>
+      <div className="rounded-lg bg-background-light-400 dark:bg-background-dark-500 px-8 py-12">
+        <div className="mx-auto flex flex-col items-center space-y-4">
+          <div className="relative flex flex-row items-center justify-center gap-8">
+            {branding && (
+              <>
+                <Logo
+                  lightSrc={branding.lightTheme?.logoUrl}
+                  darkSrc={branding.darkTheme?.logoUrl}
+                  height={appName ? 100 : 150}
+                  width={appName ? 100 : 150}
+                />
+
+                {appName && <AppAvatar appName={appName} />}
+              </>
+            )}
+          </div>
+
+          <div className="w-full">{children}</div>
+          <div className="flex flex-row justify-between"></div>
+        </div>
+      </div>
+    </ThemeWrapper>
+  );
+}
diff --git a/login/apps/login/src/components/external-link.tsx b/login/apps/login/src/components/external-link.tsx
new file mode 100644
index 0000000000..a52164d35d
--- /dev/null
+++ b/login/apps/login/src/components/external-link.tsx
@@ -0,0 +1,21 @@
+import { ArrowRightIcon } from "@heroicons/react/24/solid";
+import { ReactNode } from "react";
+
+export const ExternalLink = ({
+  children,
+  href,
+}: {
+  children: ReactNode;
+  href: string;
+}) => {
+  return (
+    <a
+      href={href}
+      className="inline-flex space-x-2 rounded-lg bg-gray-700 px-3 py-1 text-sm font-medium text-gray-100 hover:bg-gray-500 hover:text-white"
+    >
+      <div>{children}</div>
+
+      <ArrowRightIcon className="block w-4" />
+    </a>
+  );
+};
diff --git a/login/apps/login/src/components/idp-signin.tsx b/login/apps/login/src/components/idp-signin.tsx
new file mode 100644
index 0000000000..a7c938e90c
--- /dev/null
+++ b/login/apps/login/src/components/idp-signin.tsx
@@ -0,0 +1,67 @@
+"use client";
+
+import { createNewSessionFromIdpIntent } from "@/lib/server/idp";
+import { useRouter } from "next/navigation";
+import { useEffect, useState } from "react";
+import { Alert } from "./alert";
+import { Spinner } from "./spinner";
+
+type Props = {
+  userId: string;
+  // organization: string;
+  idpIntent: {
+    idpIntentId: string;
+    idpIntentToken: string;
+  };
+  requestId?: string;
+};
+
+export function IdpSignin({
+  userId,
+  idpIntent: { idpIntentId, idpIntentToken },
+  requestId,
+}: Props) {
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+
+  const router = useRouter();
+
+  useEffect(() => {
+    createNewSessionFromIdpIntent({
+      userId,
+      idpIntent: {
+        idpIntentId,
+        idpIntentToken,
+      },
+      requestId,
+    })
+      .then((response) => {
+        if (response && "error" in response && response?.error) {
+          setError(response?.error);
+          return;
+        }
+
+        if (response && "redirect" in response && response?.redirect) {
+          return router.push(response.redirect);
+        }
+      })
+      .catch(() => {
+        setError("An internal error occurred");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+  }, []);
+
+  return (
+    <div className="flex items-center justify-center py-4">
+      {loading && <Spinner className="h-5 w-5" />}
+      {error && (
+        <div className="py-4">
+          <Alert>{error}</Alert>
+        </div>
+      )}
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/idps/base-button.tsx b/login/apps/login/src/components/idps/base-button.tsx
new file mode 100644
index 0000000000..0185c57996
--- /dev/null
+++ b/login/apps/login/src/components/idps/base-button.tsx
@@ -0,0 +1,41 @@
+"use client";
+
+import { clsx } from "clsx";
+import { Loader2Icon } from "lucide-react";
+import { ButtonHTMLAttributes, DetailedHTMLProps, forwardRef } from "react";
+import { useFormStatus } from "react-dom";
+
+export type SignInWithIdentityProviderProps = DetailedHTMLProps<
+  ButtonHTMLAttributes<HTMLButtonElement>,
+  HTMLButtonElement
+> & {
+  name?: string;
+  e2e?: string;
+};
+
+export const BaseButton = forwardRef<
+  HTMLButtonElement,
+  SignInWithIdentityProviderProps
+>(function BaseButton(props, ref) {
+  const formStatus = useFormStatus();
+
+  return (
+    <button
+      {...props}
+      type="submit"
+      ref={ref}
+      disabled={formStatus.pending}
+      className={clsx(
+        "flex-1 transition-all cursor-pointer flex flex-row items-center bg-background-light-400 text-text-light-500 dark:bg-background-dark-500 dark:text-text-dark-500 border border-divider-light hover:border-black dark:border-divider-dark hover:dark:border-white focus:border-primary-light-500 focus:dark:border-primary-dark-500 outline-none rounded-md px-4 text-sm",
+        props.className,
+      )}
+    >
+      <div className="flex-1 justify-between flex items-center gap-4">
+        <div className="flex-1 flex flex-row items-center">
+          {props.children}
+        </div>
+        {formStatus.pending && <Loader2Icon className="w-4 h-4 animate-spin" />}
+      </div>
+    </button>
+  );
+});
diff --git a/login/apps/login/src/components/idps/pages/complete-idp.tsx b/login/apps/login/src/components/idps/pages/complete-idp.tsx
new file mode 100644
index 0000000000..2061a28e3e
--- /dev/null
+++ b/login/apps/login/src/components/idps/pages/complete-idp.tsx
@@ -0,0 +1,55 @@
+import { RegisterFormIDPIncomplete } from "@/components/register-form-idp-incomplete";
+import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2/branding_settings_pb";
+import { AddHumanUserRequest } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { DynamicTheme } from "../../dynamic-theme";
+import { Translated } from "../../translated";
+
+export async function completeIDP({
+  idpUserId,
+  idpId,
+  idpUserName,
+  addHumanUser,
+  requestId,
+  organization,
+  branding,
+  idpIntent,
+}: {
+  idpUserId: string;
+  idpId: string;
+  idpUserName: string;
+  addHumanUser?: AddHumanUserRequest;
+  requestId?: string;
+  organization: string;
+  branding?: BrandingSettings;
+  idpIntent: {
+    idpIntentId: string;
+    idpIntentToken: string;
+  };
+}) {
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="completeRegister.title" namespace="idp" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="completeRegister.description" namespace="idp" />
+        </p>
+
+        <RegisterFormIDPIncomplete
+          idpUserId={idpUserId}
+          idpId={idpId}
+          idpUserName={idpUserName}
+          defaultValues={{
+            email: addHumanUser?.email?.email || "",
+            firstname: addHumanUser?.profile?.givenName || "",
+            lastname: addHumanUser?.profile?.familyName || "",
+          }}
+          requestId={requestId}
+          organization={organization}
+          idpIntent={idpIntent}
+        />
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/components/idps/pages/linking-failed.tsx b/login/apps/login/src/components/idps/pages/linking-failed.tsx
new file mode 100644
index 0000000000..0c5a8264c4
--- /dev/null
+++ b/login/apps/login/src/components/idps/pages/linking-failed.tsx
@@ -0,0 +1,27 @@
+import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2/branding_settings_pb";
+import { Alert, AlertType } from "../../alert";
+import { DynamicTheme } from "../../dynamic-theme";
+import { Translated } from "../../translated";
+
+export async function linkingFailed(
+  branding?: BrandingSettings,
+  error?: string,
+) {
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="linkingError.title" namespace="idp" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="linkingError.description" namespace="idp" />
+        </p>
+        {error && (
+          <div className="w-full">
+            {<Alert type={AlertType.ALERT}>{error}</Alert>}
+          </div>
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/components/idps/pages/linking-success.tsx b/login/apps/login/src/components/idps/pages/linking-success.tsx
new file mode 100644
index 0000000000..8d41cd8c32
--- /dev/null
+++ b/login/apps/login/src/components/idps/pages/linking-success.tsx
@@ -0,0 +1,30 @@
+import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2/branding_settings_pb";
+import { DynamicTheme } from "../../dynamic-theme";
+import { IdpSignin } from "../../idp-signin";
+import { Translated } from "../../translated";
+
+export async function linkingSuccess(
+  userId: string,
+  idpIntent: { idpIntentId: string; idpIntentToken: string },
+  requestId?: string,
+  branding?: BrandingSettings,
+) {
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="linkingSuccess.title" namespace="idp" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="linkingSuccess.description" namespace="idp" />
+        </p>
+
+        <IdpSignin
+          userId={userId}
+          idpIntent={idpIntent}
+          requestId={requestId}
+        />
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/components/idps/pages/login-failed.tsx b/login/apps/login/src/components/idps/pages/login-failed.tsx
new file mode 100644
index 0000000000..70c46919bf
--- /dev/null
+++ b/login/apps/login/src/components/idps/pages/login-failed.tsx
@@ -0,0 +1,24 @@
+import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2/branding_settings_pb";
+import { Alert, AlertType } from "../../alert";
+import { DynamicTheme } from "../../dynamic-theme";
+import { Translated } from "../../translated";
+
+export async function loginFailed(branding?: BrandingSettings, error?: string) {
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="loginError.title" namespace="idp" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="loginError.description" namespace="idp" />
+        </p>
+        {error && (
+          <div className="w-full">
+            {<Alert type={AlertType.ALERT}>{error}</Alert>}
+          </div>
+        )}
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/components/idps/pages/login-success.tsx b/login/apps/login/src/components/idps/pages/login-success.tsx
new file mode 100644
index 0000000000..6beec160a9
--- /dev/null
+++ b/login/apps/login/src/components/idps/pages/login-success.tsx
@@ -0,0 +1,30 @@
+import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2/branding_settings_pb";
+import { DynamicTheme } from "../../dynamic-theme";
+import { IdpSignin } from "../../idp-signin";
+import { Translated } from "../../translated";
+
+export async function loginSuccess(
+  userId: string,
+  idpIntent: { idpIntentId: string; idpIntentToken: string },
+  requestId?: string,
+  branding?: BrandingSettings,
+) {
+  return (
+    <DynamicTheme branding={branding}>
+      <div className="flex flex-col items-center space-y-4">
+        <h1>
+          <Translated i18nKey="loginSuccess.title" namespace="idp" />
+        </h1>
+        <p className="ztdl-p">
+          <Translated i18nKey="loginSuccess.description" namespace="idp" />
+        </p>
+
+        <IdpSignin
+          userId={userId}
+          idpIntent={idpIntent}
+          requestId={requestId}
+        />
+      </div>
+    </DynamicTheme>
+  );
+}
diff --git a/login/apps/login/src/components/idps/sign-in-with-apple.tsx b/login/apps/login/src/components/idps/sign-in-with-apple.tsx
new file mode 100644
index 0000000000..17e3fc43bb
--- /dev/null
+++ b/login/apps/login/src/components/idps/sign-in-with-apple.tsx
@@ -0,0 +1,36 @@
+"use client";
+
+import { forwardRef } from "react";
+import { Translated } from "../translated";
+import { BaseButton, SignInWithIdentityProviderProps } from "./base-button";
+
+export const SignInWithApple = forwardRef<
+  HTMLButtonElement,
+  SignInWithIdentityProviderProps
+>(function SignInWithApple(props, ref) {
+  const { children, name, ...restProps } = props;
+
+  return (
+    <BaseButton {...restProps} ref={ref}>
+      <div className="h-12 w-12 flex items-center justify-center">
+        <div className="h-6 w-6">
+          <svg viewBox="0 0 170 170" fill="currentColor">
+            <title>Apple Logo</title>
+            <path d="M150.37 130.25c-2.45 5.66-5.35 10.87-8.71 15.66-4.58 6.53-8.33 11.05-11.22 13.56-4.48 4.12-9.28 6.23-14.42 6.35-3.69 0-8.14-1.05-13.32-3.18-5.197-2.12-9.973-3.17-14.34-3.17-4.58 0-9.492 1.05-14.746 3.17-5.262 2.13-9.501 3.24-12.742 3.35-4.929.21-9.842-1.96-14.746-6.52-3.13-2.73-7.045-7.41-11.735-14.04-5.032-7.08-9.169-15.29-12.41-24.65-3.471-10.11-5.211-19.9-5.211-29.378 0-10.857 2.346-20.221 7.045-28.068 3.693-6.303 8.606-11.275 14.755-14.925s12.793-5.51 19.948-5.629c3.915 0 9.049 1.211 15.429 3.591 6.362 2.388 10.447 3.599 12.238 3.599 1.339 0 5.877-1.416 13.57-4.239 7.275-2.618 13.415-3.702 18.445-3.275 13.63 1.1 23.87 6.473 30.68 16.153-12.19 7.386-18.22 17.731-18.1 31.002.11 10.337 3.86 18.939 11.23 25.769 3.34 3.17 7.07 5.62 11.22 7.36-.9 2.61-1.85 5.11-2.86 7.51zM119.11 7.24c0 8.102-2.96 15.667-8.86 22.669-7.12 8.324-15.732 13.134-25.071 12.375a25.222 25.222 0 0 1-.188-3.07c0-7.778 3.386-16.102 9.399-22.908 3.002-3.446 6.82-6.311 11.45-8.597 4.62-2.252 8.99-3.497 13.1-3.71.12 1.083.17 2.166.17 3.24z" />
+          </svg>
+        </div>
+      </div>
+      {children ? (
+        children
+      ) : (
+        <span className="ml-4">
+          {name ? (
+            name
+          ) : (
+            <Translated i18nKey="signInWithApple" namespace="idp" />
+          )}
+        </span>
+      )}
+    </BaseButton>
+  );
+});
diff --git a/login/apps/login/src/components/idps/sign-in-with-azure-ad.tsx b/login/apps/login/src/components/idps/sign-in-with-azure-ad.tsx
new file mode 100644
index 0000000000..3cd33708b6
--- /dev/null
+++ b/login/apps/login/src/components/idps/sign-in-with-azure-ad.tsx
@@ -0,0 +1,42 @@
+"use client";
+
+import { forwardRef } from "react";
+import { Translated } from "../translated";
+import { BaseButton, SignInWithIdentityProviderProps } from "./base-button";
+
+export const SignInWithAzureAd = forwardRef<
+  HTMLButtonElement,
+  SignInWithIdentityProviderProps
+>(function SignInWithAzureAd(props, ref) {
+  const { children, name, ...restProps } = props;
+
+  return (
+    <BaseButton {...restProps} ref={ref}>
+      <div className="h-12 p-[10px] w-12 flex items-center justify-center">
+        <svg
+          xmlns="http://www.w3.org/2000/svg"
+          width="21"
+          height="21"
+          viewBox="0 0 21 21"
+          className="w-full h-full"
+        >
+          <path fill="#f25022" d="M1 1H10V10H1z"></path>
+          <path fill="#00a4ef" d="M1 11H10V20H1z"></path>
+          <path fill="#7fba00" d="M11 1H20V10H11z"></path>
+          <path fill="#ffb900" d="M11 11H20V20H11z"></path>
+        </svg>
+      </div>
+      {children ? (
+        children
+      ) : (
+        <span className="ml-4">
+          {name ? (
+            name
+          ) : (
+            <Translated i18nKey="signInWithAzureAD" namespace="idp" />
+          )}
+        </span>
+      )}
+    </BaseButton>
+  );
+});
diff --git a/login/apps/login/src/components/idps/sign-in-with-generic.tsx b/login/apps/login/src/components/idps/sign-in-with-generic.tsx
new file mode 100644
index 0000000000..ab8f2f99be
--- /dev/null
+++ b/login/apps/login/src/components/idps/sign-in-with-generic.tsx
@@ -0,0 +1,21 @@
+"use client";
+
+import { forwardRef } from "react";
+import { BaseButton, SignInWithIdentityProviderProps } from "./base-button";
+
+export const SignInWithGeneric = forwardRef<
+  HTMLButtonElement,
+  SignInWithIdentityProviderProps
+>(function SignInWithGeneric(props, ref) {
+  const {
+    children,
+    name = "",
+    className = "h-[50px] pl-20",
+    ...restProps
+  } = props;
+  return (
+    <BaseButton {...restProps} ref={ref} className={className}>
+      {children ? children : <span>{name}</span>}
+    </BaseButton>
+  );
+});
diff --git a/login/apps/login/src/components/idps/sign-in-with-github.tsx b/login/apps/login/src/components/idps/sign-in-with-github.tsx
new file mode 100644
index 0000000000..8800e66c3d
--- /dev/null
+++ b/login/apps/login/src/components/idps/sign-in-with-github.tsx
@@ -0,0 +1,64 @@
+"use client";
+
+import { forwardRef } from "react";
+import { Translated } from "../translated";
+import { BaseButton, SignInWithIdentityProviderProps } from "./base-button";
+
+function GitHubLogo() {
+  return (
+    <>
+      <svg
+        xmlns="http://www.w3.org/2000/svg"
+        fill="none"
+        viewBox="0 0 1024 1024"
+        className="h-8 w-8 hidden dark:block"
+      >
+        <path
+          fill="#fafafa"
+          fillRule="evenodd"
+          d="M512 0C229.12 0 0 229.12 0 512c0 226.56 146.56 417.92 350.08 485.76 25.6 4.48 35.2-10.88 35.2-24.32 0-12.16-.64-52.48-.64-95.36-128.64 23.68-161.92-31.36-172.16-60.16-5.76-14.72-30.72-60.16-52.48-72.32-17.92-9.6-43.52-33.28-.64-33.92 40.32-.64 69.12 37.12 78.72 52.48 46.08 77.44 119.68 55.68 149.12 42.24 4.48-33.28 17.92-55.68 32.64-68.48-113.92-12.8-232.96-56.96-232.96-252.8 0-55.68 19.84-101.76 52.48-137.6-5.12-12.8-23.04-65.28 5.12-135.68 0 0 42.88-13.44 140.8 52.48 40.96-11.52 84.48-17.28 128-17.28 43.52 0 87.04 5.76 128 17.28 97.92-66.56 140.8-52.48 140.8-52.48 28.16 70.4 10.24 122.88 5.12 135.68 32.64 35.84 52.48 81.28 52.48 137.6 0 196.48-119.68 240-233.6 252.8 18.56 16 34.56 46.72 34.56 94.72 0 68.48-.64 123.52-.64 140.8 0 13.44 9.6 29.44 35.2 24.32C877.44 929.92 1024 737.92 1024 512 1024 229.12 794.88 0 512 0z"
+          clipRule="evenodd"
+        ></path>
+      </svg>
+      <svg
+        xmlns="http://www.w3.org/2000/svg"
+        fill="none"
+        viewBox="0 0 1024 1024"
+        className="h-8 w-8 block dark:hidden"
+      >
+        <path
+          fill="#1B1F23"
+          fillRule="evenodd"
+          d="M512 0C229.12 0 0 229.12 0 512c0 226.56 146.56 417.92 350.08 485.76 25.6 4.48 35.2-10.88 35.2-24.32 0-12.16-.64-52.48-.64-95.36-128.64 23.68-161.92-31.36-172.16-60.16-5.76-14.72-30.72-60.16-52.48-72.32-17.92-9.6-43.52-33.28-.64-33.92 40.32-.64 69.12 37.12 78.72 52.48 46.08 77.44 119.68 55.68 149.12 42.24 4.48-33.28 17.92-55.68 32.64-68.48-113.92-12.8-232.96-56.96-232.96-252.8 0-55.68 19.84-101.76 52.48-137.6-5.12-12.8-23.04-65.28 5.12-135.68 0 0 42.88-13.44 140.8 52.48 40.96-11.52 84.48-17.28 128-17.28 43.52 0 87.04 5.76 128 17.28 97.92-66.56 140.8-52.48 140.8-52.48 28.16 70.4 10.24 122.88 5.12 135.68 32.64 35.84 52.48 81.28 52.48 137.6 0 196.48-119.68 240-233.6 252.8 18.56 16 34.56 46.72 34.56 94.72 0 68.48-.64 123.52-.64 140.8 0 13.44 9.6 29.44 35.2 24.32C877.44 929.92 1024 737.92 1024 512 1024 229.12 794.88 0 512 0z"
+          clipRule="evenodd"
+        ></path>
+      </svg>
+    </>
+  );
+}
+
+export const SignInWithGithub = forwardRef<
+  HTMLButtonElement,
+  SignInWithIdentityProviderProps
+>(function SignInWithGithub(props, ref) {
+  const { children, name, ...restProps } = props;
+
+  return (
+    <BaseButton {...restProps} ref={ref}>
+      <div className="mx-2 my-2 flex items-center justify-center">
+        <GitHubLogo />
+      </div>
+      {children ? (
+        children
+      ) : (
+        <span className="ml-4">
+          {name ? (
+            name
+          ) : (
+            <Translated i18nKey="signInWithGithub" namespace="idp" />
+          )}
+        </span>
+      )}
+    </BaseButton>
+  );
+});
diff --git a/login/apps/login/src/components/idps/sign-in-with-gitlab.test.tsx b/login/apps/login/src/components/idps/sign-in-with-gitlab.test.tsx
new file mode 100644
index 0000000000..ab5bfda54d
--- /dev/null
+++ b/login/apps/login/src/components/idps/sign-in-with-gitlab.test.tsx
@@ -0,0 +1,45 @@
+import { afterEach, describe, expect, test } from "vitest";
+
+import { cleanup, render, screen } from "@testing-library/react";
+import { NextIntlClientProvider } from "next-intl";
+
+import { SignInWithGitlab } from "./sign-in-with-gitlab";
+
+afterEach(cleanup);
+
+describe("<SignInWithGitlab />", async () => {
+  const messages = {
+    idp: {
+      signInWithGitlab: "Sign in with GitLab",
+    },
+  };
+
+  test("renders without crashing", () => {
+    const { container } = render(
+      <NextIntlClientProvider locale="en" messages={messages}>
+        <SignInWithGitlab />
+      </NextIntlClientProvider>,
+    );
+    expect(container.firstChild).toBeDefined();
+  });
+
+  test("displays the default text", () => {
+    render(
+      <NextIntlClientProvider locale="en" messages={messages}>
+        <SignInWithGitlab />
+      </NextIntlClientProvider>,
+    );
+    const signInText = screen.getByText(/Sign in with Gitlab/i);
+    expect(signInText).toBeInTheDocument();
+  });
+
+  test("displays the given text", () => {
+    render(
+      <NextIntlClientProvider locale="en" messages={messages}>
+        <SignInWithGitlab name={"Gitlab"} />
+      </NextIntlClientProvider>,
+    );
+    const signInText = screen.getByText(/Gitlab/i);
+    expect(signInText).toBeInTheDocument();
+  });
+});
diff --git a/login/apps/login/src/components/idps/sign-in-with-gitlab.tsx b/login/apps/login/src/components/idps/sign-in-with-gitlab.tsx
new file mode 100644
index 0000000000..00f3712a90
--- /dev/null
+++ b/login/apps/login/src/components/idps/sign-in-with-gitlab.tsx
@@ -0,0 +1,53 @@
+"use client";
+
+import { forwardRef } from "react";
+import { Translated } from "../translated";
+import { BaseButton, SignInWithIdentityProviderProps } from "./base-button";
+
+export const SignInWithGitlab = forwardRef<
+  HTMLButtonElement,
+  SignInWithIdentityProviderProps
+>(function SignInWithGitlab(props, ref) {
+  const { children, name, ...restProps } = props;
+
+  return (
+    <BaseButton {...restProps} ref={ref}>
+      <div className="h-12 w-12 flex items-center justify-center">
+        <svg
+          xmlns="http://www.w3.org/2000/svg"
+          width={25}
+          height={24}
+          fill="none"
+        >
+          <path
+            fill="#e24329"
+            d="m24.507 9.5-.034-.09L21.082.562a.896.896 0 0 0-1.694.091l-2.29 7.01H7.825L5.535.653a.898.898 0 0 0-1.694-.09L.451 9.411.416 9.5a6.297 6.297 0 0 0 2.09 7.278l.012.01.03.022 5.16 3.867 2.56 1.935 1.554 1.176a1.051 1.051 0 0 0 1.268 0l1.555-1.176 2.56-1.935 5.197-3.89.014-.01A6.297 6.297 0 0 0 24.507 9.5z"
+          />
+          <path
+            fill="#fc6d26"
+            d="m24.507 9.5-.034-.09a11.44 11.44 0 0 0-4.56 2.051l-7.447 5.632 4.742 3.584 5.197-3.89.014-.01A6.297 6.297 0 0 0 24.507 9.5z"
+          />
+          <path
+            fill="#fca326"
+            d="m7.707 20.677 2.56 1.935 1.555 1.176a1.051 1.051 0 0 0 1.268 0l1.555-1.176 2.56-1.935-4.743-3.584-4.755 3.584z"
+          />
+          <path
+            fill="#fc6d26"
+            d="M5.01 11.461a11.43 11.43 0 0 0-4.56-2.05L.416 9.5a6.297 6.297 0 0 0 2.09 7.278l.012.01.03.022 5.16 3.867 4.745-3.584-7.444-5.632z"
+          />
+        </svg>
+      </div>
+      {children ? (
+        children
+      ) : (
+        <span className="ml-4">
+          {name ? (
+            name
+          ) : (
+            <Translated i18nKey="signInWithGitlab" namespace="idp" />
+          )}
+        </span>
+      )}
+    </BaseButton>
+  );
+});
diff --git a/login/apps/login/src/components/idps/sign-in-with-google.test.tsx b/login/apps/login/src/components/idps/sign-in-with-google.test.tsx
new file mode 100644
index 0000000000..953da21d94
--- /dev/null
+++ b/login/apps/login/src/components/idps/sign-in-with-google.test.tsx
@@ -0,0 +1,44 @@
+import { afterEach, describe, expect, test } from "vitest";
+
+import { cleanup, render, screen } from "@testing-library/react";
+import { NextIntlClientProvider } from "next-intl";
+import { SignInWithGoogle } from "./sign-in-with-google";
+
+afterEach(cleanup);
+
+describe("<SignInWithGoogle />", async () => {
+  const messages = {
+    idp: {
+      signInWithGoogle: "Sign in with Google",
+    },
+  };
+
+  test("renders without crashing", () => {
+    const { container } = render(
+      <NextIntlClientProvider locale="en" messages={messages}>
+        <SignInWithGoogle />
+      </NextIntlClientProvider>,
+    );
+    expect(container.firstChild).toBeDefined();
+  });
+
+  test("displays the default text", () => {
+    render(
+      <NextIntlClientProvider locale="en" messages={messages}>
+        <SignInWithGoogle />
+      </NextIntlClientProvider>,
+    );
+    const signInText = screen.getByText(/Sign in with Google/i);
+    expect(signInText).toBeInTheDocument();
+  });
+
+  test("displays the given text", () => {
+    render(
+      <NextIntlClientProvider locale="en" messages={messages}>
+        <SignInWithGoogle name={"Google"} />
+      </NextIntlClientProvider>,
+    );
+    const signInText = screen.getByText(/Google/i);
+    expect(signInText).toBeInTheDocument();
+  });
+});
diff --git a/login/apps/login/src/components/idps/sign-in-with-google.tsx b/login/apps/login/src/components/idps/sign-in-with-google.tsx
new file mode 100644
index 0000000000..4759ad69c9
--- /dev/null
+++ b/login/apps/login/src/components/idps/sign-in-with-google.tsx
@@ -0,0 +1,66 @@
+"use client";
+
+import { forwardRef } from "react";
+import { Translated } from "../translated";
+import { BaseButton, SignInWithIdentityProviderProps } from "./base-button";
+
+export const SignInWithGoogle = forwardRef<
+  HTMLButtonElement,
+  SignInWithIdentityProviderProps
+>(function SignInWithGoogle(props, ref) {
+  const { children, name, ...restProps } = props;
+
+  return (
+    <BaseButton {...restProps} ref={ref}>
+      <div className="h-12 w-12 flex items-center justify-center">
+        <svg
+          xmlns="http://www.w3.org/2000/svg"
+          xmlSpace="preserve"
+          id="Capa_1"
+          viewBox="0 0 150 150"
+        >
+          <style>
+            {
+              ".st0{fill:#1a73e8}.st1{fill:#ea4335}.st2{fill:#4285f4}.st3{fill:#fbbc04}.st4{fill:#34a853}.st5{fill:#4caf50}.st6{fill:#1e88e5}.st7{fill:#e53935}.st8{fill:#c62828}.st9{fill:#fbc02d}.st10{fill:#1565c0}.st11{fill:#2e7d32}.st16{clip-path:url(#SVGID_2_)}.st17{fill:#188038}.st18,.st19{opacity:.2;fill:#fff;enable-background:new}.st19{opacity:.3;fill:#0d652d}.st20{clip-path:url(#SVGID_4_)}.st21{opacity:.3;fill:url(#_45_shadow_1_);enable-background:new}.st22{clip-path:url(#SVGID_6_)}.st23{fill:#fa7b17}.st24,.st25,.st26{opacity:.3;fill:#174ea6;enable-background:new}.st25,.st26{fill:#a50e0e}.st26{fill:#e37400}.st27{fill:url(#Finish_mask_1_)}.st28{fill:#fff}.st29{fill:#0c9d58}.st30,.st31{opacity:.2;fill:#004d40;enable-background:new}.st31{fill:#3e2723}.st32{fill:#ffc107}.st33{fill:#1a237e;enable-background:new}.st33,.st34{opacity:.2}.st35{fill:#1a237e}.st36{fill:url(#SVGID_7_)}.st37{fill:#fbbc05}.st38{clip-path:url(#SVGID_9_);fill:#e53935}.st39{clip-path:url(#SVGID_11_);fill:#fbc02d}.st40{clip-path:url(#SVGID_13_);fill:#e53935}.st41{clip-path:url(#SVGID_15_);fill:#fbc02d}"
+            }
+          </style>
+          <path
+            d="M120 76.1c0-3.1-.3-6.3-.8-9.3H75.9v17.7h24.8c-1 5.7-4.3 10.7-9.2 13.9l14.8 11.5C115 101.8 120 90 120 76.1z"
+            style={{
+              fill: "#4280ef",
+            }}
+          />
+          <path
+            d="M75.9 120.9c12.4 0 22.8-4.1 30.4-11.1L91.5 98.4c-4.1 2.8-9.4 4.4-15.6 4.4-12 0-22.1-8.1-25.8-18.9L34.9 95.6c7.8 15.5 23.6 25.3 41 25.3z"
+            style={{
+              fill: "#34a353",
+            }}
+          />
+          <path
+            d="M50.1 83.8c-1.9-5.7-1.9-11.9 0-17.6L34.9 54.4c-6.5 13-6.5 28.3 0 41.2l15.2-11.8z"
+            style={{
+              fill: "#f6b704",
+            }}
+          />
+          <path
+            d="M75.9 47.3c6.5-.1 12.9 2.4 17.6 6.9L106.6 41c-8.3-7.8-19.3-12-30.7-11.9-17.4 0-33.2 9.8-41 25.3l15.2 11.8c3.7-10.9 13.8-18.9 25.8-18.9z"
+            style={{
+              fill: "#e54335",
+            }}
+          />
+        </svg>
+      </div>
+      {children ? (
+        children
+      ) : (
+        <span className="ml-4">
+          {name ? (
+            name
+          ) : (
+            <Translated i18nKey="signInWithGoogle" namespace="idp" />
+          )}
+        </span>
+      )}
+    </BaseButton>
+  );
+});
diff --git a/login/apps/login/src/components/input.tsx b/login/apps/login/src/components/input.tsx
new file mode 100644
index 0000000000..de19156b91
--- /dev/null
+++ b/login/apps/login/src/components/input.tsx
@@ -0,0 +1,102 @@
+"use client";
+
+import { CheckCircleIcon } from "@heroicons/react/24/solid";
+import { clsx } from "clsx";
+import {
+  ChangeEvent,
+  DetailedHTMLProps,
+  forwardRef,
+  InputHTMLAttributes,
+  ReactNode,
+} from "react";
+
+export type TextInputProps = DetailedHTMLProps<
+  InputHTMLAttributes<HTMLInputElement>,
+  HTMLInputElement
+> & {
+  label: string;
+  suffix?: string;
+  placeholder?: string;
+  defaultValue?: string;
+  error?: string | ReactNode;
+  success?: string | ReactNode;
+  disabled?: boolean;
+  onChange?: (value: ChangeEvent<HTMLInputElement>) => void;
+  onBlur?: (value: ChangeEvent<HTMLInputElement>) => void;
+};
+
+const styles = (error: boolean, disabled: boolean) =>
+  clsx({
+    "h-[40px] mb-[2px] rounded p-[7px] bg-input-light-background dark:bg-input-dark-background transition-colors duration-300 grow":
+      true,
+    "border border-input-light-border dark:border-input-dark-border hover:border-black hover:dark:border-white focus:border-primary-light-500 focus:dark:border-primary-dark-500":
+      true,
+    "focus:outline-none focus:ring-0 text-base text-black dark:text-white placeholder:italic placeholder-gray-700 dark:placeholder-gray-700":
+      true,
+    "border border-warn-light-500 dark:border-warn-dark-500 hover:border-warn-light-500 hover:dark:border-warn-dark-500 focus:border-warn-light-500 focus:dark:border-warn-dark-500":
+      error,
+    "pointer-events-none text-gray-500 dark:text-gray-800 border border-input-light-border dark:border-input-dark-border hover:border-light-hoverborder hover:dark:border-hoverborder cursor-default":
+      disabled,
+  });
+
+// eslint-disable-next-line react/display-name
+export const TextInput = forwardRef<HTMLInputElement, TextInputProps>(
+  (
+    {
+      label,
+      placeholder,
+      defaultValue,
+      suffix,
+      required = false,
+      error,
+      disabled,
+      success,
+      onChange,
+      onBlur,
+      ...props
+    },
+    ref,
+  ) => {
+    return (
+      <label className="relative flex flex-col text-12px text-input-light-label dark:text-input-dark-label">
+        <span
+          className={`leading-3 mb-1 ${
+            error ? "text-warn-light-500 dark:text-warn-dark-500" : ""
+          }`}
+        >
+          {label} {required && "*"}
+        </span>
+        <input
+          suppressHydrationWarning
+          ref={ref}
+          className={styles(!!error, !!disabled)}
+          defaultValue={defaultValue}
+          required={required}
+          disabled={disabled}
+          placeholder={placeholder}
+          autoComplete={props.autoComplete ?? "off"}
+          onChange={(e) => onChange && onChange(e)}
+          onBlur={(e) => onBlur && onBlur(e)}
+          {...props}
+        />
+
+        {suffix && (
+          <span className="z-30 absolute right-[3px] bottom-[22px] transform translate-y-1/2 bg-background-light-500 dark:bg-background-dark-500 p-2 rounded-sm">
+            @{suffix}
+          </span>
+        )}
+
+        <div className="leading-14.5px h-14.5px text-warn-light-500 dark:text-warn-dark-500 flex flex-row items-center text-12px">
+          <span>{error ? error : " "}</span>
+        </div>
+
+        {success && (
+          <div className="text-md mt-1 flex flex-row items-center text-green-500">
+            <CheckCircleIcon className="h-4 w-4" />
+            <span className="ml-1">{success}</span>
+          </div>
+        )}
+      </label>
+    );
+  },
+);
diff --git a/login/apps/login/src/components/language-provider.tsx b/login/apps/login/src/components/language-provider.tsx
new file mode 100644
index 0000000000..21a53093bb
--- /dev/null
+++ b/login/apps/login/src/components/language-provider.tsx
@@ -0,0 +1,13 @@
+import { NextIntlClientProvider } from "next-intl";
+import { getMessages } from "next-intl/server";
+import { ReactNode } from "react";
+
+export async function LanguageProvider({ children }: { children: ReactNode }) {
+  const messages = await getMessages();
+
+  return (
+    <NextIntlClientProvider messages={messages}>
+      {children}
+    </NextIntlClientProvider>
+  );
+}
diff --git a/login/apps/login/src/components/language-switcher.tsx b/login/apps/login/src/components/language-switcher.tsx
new file mode 100644
index 0000000000..67b54e58e3
--- /dev/null
+++ b/login/apps/login/src/components/language-switcher.tsx
@@ -0,0 +1,74 @@
+"use client";
+
+import { setLanguageCookie } from "@/lib/cookies";
+import { Lang, LANGS } from "@/lib/i18n";
+import {
+  Listbox,
+  ListboxButton,
+  ListboxOption,
+  ListboxOptions,
+} from "@headlessui/react";
+import { CheckIcon, ChevronDownIcon } from "@heroicons/react/24/outline";
+import clsx from "clsx";
+import { useLocale } from "next-intl";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+
+export function LanguageSwitcher() {
+  const currentLocale = useLocale();
+
+  const [selected, setSelected] = useState(
+    LANGS.find((l) => l.code === currentLocale) || LANGS[0],
+  );
+
+  const router = useRouter();
+
+  const handleChange = async (language: Lang) => {
+    setSelected(language);
+    const newLocale = language.code;
+
+    await setLanguageCookie(newLocale);
+
+    router.refresh();
+  };
+
+  return (
+    <div className="w-32">
+      <Listbox value={selected} onChange={handleChange}>
+        <ListboxButton
+          className={clsx(
+            "relative block w-full rounded-lg bg-black/5 dark:bg-white/5 py-1.5 pr-8 pl-3 text-left text-sm/6 text-black dark:text-white",
+            "focus:outline-none data-[focus]:outline-2 data-[focus]:-outline-offset-2 data-[focus]:outline-white/25",
+          )}
+        >
+          {selected.name}
+          <ChevronDownIcon
+            className="group pointer-events-none absolute top-2.5 right-2.5 size-4"
+            aria-hidden="true"
+          />
+        </ListboxButton>
+        <ListboxOptions
+          anchor="bottom"
+          transition
+          className={clsx(
+            "w-[var(--button-width)] rounded-xl border border-black/5 dark:border-white/5 bg-background-light-500 dark:bg-background-dark-500 p-1 [--anchor-gap:var(--spacing-1)] focus:outline-none",
+            "transition duration-100 ease-in data-[leave]:data-[closed]:opacity-0",
+          )}
+        >
+          {LANGS.map((lang, index) => (
+            <ListboxOption
+              key={lang.code}
+              value={lang}
+              className="group flex cursor-default items-center gap-2 rounded-lg py-1.5 px-3 select-none data-[focus]:bg-black/10 dark:data-[focus]:bg-white/10"
+            >
+              <CheckIcon className="invisible size-4 group-data-[selected]:visible" />
+              <div className="text-sm/6 text-black dark:text-white">
+                {lang.name}
+              </div>
+            </ListboxOption>
+          ))}
+        </ListboxOptions>
+      </Listbox>
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/layout-providers.tsx b/login/apps/login/src/components/layout-providers.tsx
new file mode 100644
index 0000000000..fee93d015e
--- /dev/null
+++ b/login/apps/login/src/components/layout-providers.tsx
@@ -0,0 +1,17 @@
+"use client";
+
+import { useTheme } from "next-themes";
+import { ReactNode } from "react";
+
+type Props = {
+  children: ReactNode;
+};
+
+export function LayoutProviders({ children }: Props) {
+  const { resolvedTheme } = useTheme();
+  const isDark = resolvedTheme === "dark";
+
+  return (
+    <div className={`${isDark ? "ui-dark" : "ui-light"} `}>{children}</div>
+  );
+}
diff --git a/login/apps/login/src/components/ldap-username-password-form.tsx b/login/apps/login/src/components/ldap-username-password-form.tsx
new file mode 100644
index 0000000000..2f9824dff2
--- /dev/null
+++ b/login/apps/login/src/components/ldap-username-password-form.tsx
@@ -0,0 +1,109 @@
+"use client";
+
+import { createNewSessionForLDAP } from "@/lib/server/idp";
+import { useTranslations } from "next-intl";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { useForm } from "react-hook-form";
+import { Alert } from "./alert";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { TextInput } from "./input";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Inputs = {
+  loginName: string;
+  password: string;
+};
+
+type Props = {
+  idpId: string;
+  link: boolean;
+};
+
+export function LDAPUsernamePasswordForm({ idpId, link }: Props) {
+  const { register, handleSubmit, formState } = useForm<Inputs>({
+    mode: "onBlur",
+  });
+
+  const t = useTranslations("ldap");
+
+  const [error, setError] = useState<string>("");
+
+  const [loading, setLoading] = useState<boolean>(false);
+
+  const router = useRouter();
+
+  async function submitUsernamePassword(values: Inputs) {
+    setError("");
+    setLoading(true);
+
+    const response = await createNewSessionForLDAP({
+      idpId: idpId,
+      username: values.loginName,
+      password: values.password,
+      link: link,
+    })
+      .catch(() => {
+        setError("Could not start LDAP flow");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response && response.error) {
+      setError(response.error);
+      return;
+    }
+
+    if (response && "redirect" in response && response.redirect) {
+      return router.push(response.redirect);
+    }
+  }
+
+  return (
+    <form className="w-full space-y-4">
+      <TextInput
+        type="text"
+        autoComplete="username"
+        {...register("loginName", { required: "This field is required" })}
+        label={t("username")}
+        data-testid="username-text-input"
+      />
+
+      <div className={`${error && "transform-gpu animate-shake"}`}>
+        <TextInput
+          type="password"
+          autoComplete="password"
+          {...register("password", { required: "This field is required" })}
+          label={t("password")}
+          data-testid="password-text-input"
+        />
+      </div>
+
+      {error && (
+        <div className="py-4" data-testid="error">
+          <Alert>{error}</Alert>
+        </div>
+      )}
+
+      <div className="mt-8 flex w-full flex-row items-center">
+        <BackButton data-testid="back-button" />
+        <span className="flex-grow"></span>
+        <Button
+          type="submit"
+          className="self-end"
+          variant={ButtonVariants.Primary}
+          disabled={loading || !formState.isValid}
+          onClick={handleSubmit(submitUsernamePassword)}
+          data-testid="submit-button"
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}
+          <Translated i18nKey="submit" namespace="ldap" />
+        </Button>
+      </div>
+    </form>
+  );
+}
diff --git a/login/apps/login/src/components/login-otp.tsx b/login/apps/login/src/components/login-otp.tsx
new file mode 100644
index 0000000000..4ad6cced6a
--- /dev/null
+++ b/login/apps/login/src/components/login-otp.tsx
@@ -0,0 +1,284 @@
+"use client";
+
+import { getNextUrl } from "@/lib/client";
+import { updateSession } from "@/lib/server/session";
+import { create } from "@zitadel/client";
+import { RequestChallengesSchema } from "@zitadel/proto/zitadel/session/v2/challenge_pb";
+import { ChecksSchema } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { useRouter } from "next/navigation";
+import { useEffect, useRef, useState } from "react";
+import { useForm } from "react-hook-form";
+import { Alert, AlertType } from "./alert";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { TextInput } from "./input";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+// either loginName or sessionId must be provided
+type Props = {
+  host: string | null;
+  loginName?: string;
+  sessionId?: string;
+  requestId?: string;
+  organization?: string;
+  method: string;
+  code?: string;
+  loginSettings?: LoginSettings;
+};
+
+type Inputs = {
+  code: string;
+};
+
+export function LoginOTP({
+  host,
+  loginName,
+  sessionId,
+  requestId,
+  organization,
+  method,
+  code,
+  loginSettings,
+}: Props) {
+  const [error, setError] = useState<string>("");
+  const [loading, setLoading] = useState<boolean>(false);
+
+  const router = useRouter();
+
+  const initialized = useRef(false);
+
+  const { register, handleSubmit, formState } = useForm<Inputs>({
+    mode: "onBlur",
+    defaultValues: {
+      code: code ? code : "",
+    },
+  });
+
+  useEffect(() => {
+    if (!initialized.current && ["email", "sms"].includes(method) && !code) {
+      initialized.current = true;
+      setLoading(true);
+      updateSessionForOTPChallenge()
+        .catch((error) => {
+          setError(error);
+          return;
+        })
+        .finally(() => {
+          setLoading(false);
+        });
+    }
+  }, []);
+
+  async function updateSessionForOTPChallenge() {
+    let challenges;
+
+    const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
+    if (method === "email") {
+      challenges = create(RequestChallengesSchema, {
+        otpEmail: {
+          deliveryType: {
+            case: "sendCode",
+            value: host
+              ? {
+                  urlTemplate:
+                    `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/otp/${method}?code={{.Code}}&userId={{.UserID}}&sessionId={{.SessionID}}` +
+                    (requestId ? `&requestId=${requestId}` : ""),
+                }
+              : {},
+          },
+        },
+      });
+    }
+
+    if (method === "sms") {
+      challenges = create(RequestChallengesSchema, {
+        otpSms: {},
+      });
+    }
+
+    setLoading(true);
+    const response = await updateSession({
+      loginName,
+      sessionId,
+      organization,
+      challenges,
+      requestId,
+    })
+      .catch(() => {
+        setError("Could not request OTP challenge");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response && response.error) {
+      setError(response.error);
+      return;
+    }
+
+    return response;
+  }
+
+  async function submitCode(values: Inputs, organization?: string) {
+    setLoading(true);
+
+    let body: any = {
+      code: values.code,
+      method,
+    };
+
+    if (organization) {
+      body.organization = organization;
+    }
+
+    if (requestId) {
+      body.requestId = requestId;
+    }
+
+    let checks;
+
+    if (method === "sms") {
+      checks = create(ChecksSchema, {
+        otpSms: { code: values.code },
+      });
+    }
+    if (method === "email") {
+      checks = create(ChecksSchema, {
+        otpEmail: { code: values.code },
+      });
+    }
+    if (method === "time-based") {
+      checks = create(ChecksSchema, {
+        totp: { code: values.code },
+      });
+    }
+
+    const response = await updateSession({
+      loginName,
+      sessionId,
+      organization,
+      checks,
+      requestId,
+    })
+      .catch(() => {
+        setError("Could not verify OTP code");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response && response.error) {
+      setError(response.error);
+      return;
+    }
+
+    return response;
+  }
+
+  function setCodeAndContinue(values: Inputs, organization?: string) {
+    return submitCode(values, organization).then(async (response) => {
+      if (response && "sessionId" in response) {
+        setLoading(true);
+        // Wait for 2 seconds to avoid eventual consistency issues with an OTP code being verified in the /login endpoint
+        await new Promise((resolve) => setTimeout(resolve, 2000));
+
+        const url =
+          requestId && response.sessionId
+            ? await getNextUrl(
+                {
+                  sessionId: response.sessionId,
+                  requestId: requestId,
+                  organization: response.factors?.user?.organizationId,
+                },
+                loginSettings?.defaultRedirectUri,
+              )
+            : response.factors?.user
+              ? await getNextUrl(
+                  {
+                    loginName: response.factors.user.loginName,
+                    organization: response.factors?.user?.organizationId,
+                  },
+                  loginSettings?.defaultRedirectUri,
+                )
+              : null;
+
+        setLoading(false);
+        if (url) {
+          router.push(url);
+        }
+      }
+    });
+  }
+
+  return (
+    <form className="w-full">
+      {["email", "sms"].includes(method) && (
+        <Alert type={AlertType.INFO}>
+          <div className="flex flex-row">
+            <span className="flex-1 mr-auto text-left">
+              <Translated i18nKey="verify.noCodeReceived" namespace="otp" />
+            </span>
+            <button
+              aria-label="Resend OTP Code"
+              disabled={loading}
+              type="button"
+              className="ml-4 text-primary-light-500 dark:text-primary-dark-500 hover:dark:text-primary-dark-400 hover:text-primary-light-400 cursor-pointer disabled:cursor-default disabled:text-gray-400 dark:disabled:text-gray-700"
+              onClick={() => {
+                setLoading(true);
+                updateSessionForOTPChallenge()
+                  .catch((error) => {
+                    setError(error);
+                    return;
+                  })
+                  .finally(() => {
+                    setLoading(false);
+                  });
+              }}
+              data-testid="resend-button"
+            >
+              <Translated i18nKey="verify.resendCode" namespace="otp" />
+            </button>
+          </div>
+        </Alert>
+      )}
+      <div className="mt-4">
+        <TextInput
+          type="text"
+          {...register("code", { required: "This field is required" })}
+          label="Code"
+          autoComplete="one-time-code"
+          data-testid="code-text-input"
+        />
+      </div>
+
+      {error && (
+        <div className="py-4" data-testid="error">
+          <Alert>{error}</Alert>
+        </div>
+      )}
+
+      <div className="mt-8 flex w-full flex-row items-center">
+        <BackButton data-testid="back-button" />
+        <span className="flex-grow"></span>
+        <Button
+          type="submit"
+          className="self-end"
+          variant={ButtonVariants.Primary}
+          disabled={loading || !formState.isValid}
+          onClick={handleSubmit((e) => {
+            setCodeAndContinue(e, organization);
+          })}
+          data-testid="submit-button"
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}{" "}
+          <Translated i18nKey="verify.submit" namespace="otp" />
+        </Button>
+      </div>
+    </form>
+  );
+}
diff --git a/login/apps/login/src/components/login-passkey.tsx b/login/apps/login/src/components/login-passkey.tsx
new file mode 100644
index 0000000000..5a3b0b6496
--- /dev/null
+++ b/login/apps/login/src/components/login-passkey.tsx
@@ -0,0 +1,280 @@
+"use client";
+
+import { coerceToArrayBuffer, coerceToBase64Url } from "@/helpers/base64";
+import { sendPasskey } from "@/lib/server/passkeys";
+import { updateSession } from "@/lib/server/session";
+import { create, JsonObject } from "@zitadel/client";
+import {
+  RequestChallengesSchema,
+  UserVerificationRequirement,
+} from "@zitadel/proto/zitadel/session/v2/challenge_pb";
+import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { useRouter } from "next/navigation";
+import { useEffect, useRef, useState } from "react";
+import { Alert } from "./alert";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+// either loginName or sessionId must be provided
+type Props = {
+  loginName?: string;
+  sessionId?: string;
+  requestId?: string;
+  altPassword: boolean;
+  login?: boolean;
+  organization?: string;
+};
+
+export function LoginPasskey({
+  loginName,
+  sessionId,
+  requestId,
+  altPassword,
+  organization,
+  login = true,
+}: Props) {
+  const [error, setError] = useState<string>("");
+  const [loading, setLoading] = useState<boolean>(false);
+
+  const router = useRouter();
+
+  const initialized = useRef(false);
+
+  useEffect(() => {
+    if (!initialized.current) {
+      initialized.current = true;
+      setLoading(true);
+      updateSessionForChallenge()
+        .then((response) => {
+          const pK =
+            response?.challenges?.webAuthN?.publicKeyCredentialRequestOptions
+              ?.publicKey;
+
+          if (!pK) {
+            setError("Could not request passkey challenge");
+            setLoading(false);
+            return;
+          }
+
+          return submitLoginAndContinue(pK)
+            .catch((error) => {
+              setError(error);
+              return;
+            })
+            .finally(() => {
+              setLoading(false);
+            });
+        })
+        .catch((error) => {
+          setError(error);
+          return;
+        })
+        .finally(() => {
+          setLoading(false);
+        });
+    }
+  }, []);
+
+  async function updateSessionForChallenge(
+    userVerificationRequirement: number = login
+      ? UserVerificationRequirement.REQUIRED
+      : UserVerificationRequirement.DISCOURAGED,
+  ) {
+    setError("");
+    setLoading(true);
+    const session = await updateSession({
+      loginName,
+      sessionId,
+      organization,
+      challenges: create(RequestChallengesSchema, {
+        webAuthN: {
+          domain: "",
+          userVerificationRequirement,
+        },
+      }),
+      requestId,
+    })
+      .catch(() => {
+        setError("Could not request passkey challenge");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (session && "error" in session && session.error) {
+      setError(session.error);
+      return;
+    }
+
+    return session;
+  }
+
+  async function submitLogin(data: JsonObject) {
+    setLoading(true);
+    const response = await sendPasskey({
+      loginName,
+      sessionId,
+      organization,
+      checks: {
+        webAuthN: { credentialAssertionData: data },
+      } as Checks,
+      requestId,
+    })
+      .catch(() => {
+        setError("Could not verify passkey");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response && response.error) {
+      setError(response.error);
+      return;
+    }
+
+    if (response && "redirect" in response && response.redirect) {
+      return router.push(response.redirect);
+    }
+  }
+
+  async function submitLoginAndContinue(
+    publicKey: any,
+  ): Promise<boolean | void> {
+    publicKey.challenge = coerceToArrayBuffer(
+      publicKey.challenge,
+      "publicKey.challenge",
+    );
+    publicKey.allowCredentials.map((listItem: any) => {
+      listItem.id = coerceToArrayBuffer(
+        listItem.id,
+        "publicKey.allowCredentials.id",
+      );
+    });
+
+    navigator.credentials
+      .get({
+        publicKey,
+      })
+      .then((assertedCredential: any) => {
+        if (!assertedCredential) {
+          setError("An error on retrieving passkey");
+          return;
+        }
+
+        const authData = new Uint8Array(
+          assertedCredential.response.authenticatorData,
+        );
+        const clientDataJSON = new Uint8Array(
+          assertedCredential.response.clientDataJSON,
+        );
+        const rawId = new Uint8Array(assertedCredential.rawId);
+        const sig = new Uint8Array(assertedCredential.response.signature);
+        const userHandle = new Uint8Array(
+          assertedCredential.response.userHandle,
+        );
+        const data = {
+          id: assertedCredential.id,
+          rawId: coerceToBase64Url(rawId, "rawId"),
+          type: assertedCredential.type,
+          response: {
+            authenticatorData: coerceToBase64Url(authData, "authData"),
+            clientDataJSON: coerceToBase64Url(clientDataJSON, "clientDataJSON"),
+            signature: coerceToBase64Url(sig, "sig"),
+            userHandle: coerceToBase64Url(userHandle, "userHandle"),
+          },
+        };
+
+        return submitLogin(data);
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+  }
+
+  return (
+    <div className="w-full">
+      {error && (
+        <div className="py-4">
+          <Alert>{error}</Alert>
+        </div>
+      )}
+      <div className="mt-8 flex w-full flex-row items-center">
+        {altPassword ? (
+          <Button
+            type="button"
+            variant={ButtonVariants.Secondary}
+            onClick={() => {
+              const params = new URLSearchParams();
+
+              if (loginName) {
+                params.append("loginName", loginName);
+              }
+
+              if (sessionId) {
+                params.append("sessionId", sessionId);
+              }
+
+              if (requestId) {
+                params.append("requestId", requestId);
+              }
+
+              if (organization) {
+                params.append("organization", organization);
+              }
+
+              return router.push(
+                "/password?" + params, // alt is set because password is requested as alternative auth method, so passwordless prompt can be escaped
+              );
+            }}
+            data-testid="password-button"
+          >
+            <Translated i18nKey="verify.usePassword" namespace="passkey" />
+          </Button>
+        ) : (
+          <BackButton />
+        )}
+
+        <span className="flex-grow"></span>
+        <Button
+          type="submit"
+          className="self-end"
+          variant={ButtonVariants.Primary}
+          disabled={loading}
+          onClick={async () => {
+            const response = await updateSessionForChallenge().finally(() => {
+              setLoading(false);
+            });
+
+            const pK =
+              response?.challenges?.webAuthN?.publicKeyCredentialRequestOptions
+                ?.publicKey;
+
+            if (!pK) {
+              setError("Could not request passkey challenge");
+              return;
+            }
+
+            setLoading(true);
+
+            return submitLoginAndContinue(pK)
+              .catch((error) => {
+                setError(error);
+                return;
+              })
+              .finally(() => {
+                setLoading(false);
+              });
+          }}
+          data-testid="submit-button"
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}{" "}
+          <Translated i18nKey="verify.submit" namespace="passkey" />
+        </Button>
+      </div>
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/logo.tsx b/login/apps/login/src/components/logo.tsx
new file mode 100644
index 0000000000..09819f2ac3
--- /dev/null
+++ b/login/apps/login/src/components/logo.tsx
@@ -0,0 +1,37 @@
+import Image from "next/image";
+
+type Props = {
+  darkSrc?: string;
+  lightSrc?: string;
+  height?: number;
+  width?: number;
+};
+
+export function Logo({ lightSrc, darkSrc, height = 40, width = 147.5 }: Props) {
+  return (
+    <>
+      {darkSrc && (
+        <div className="hidden dark:flex">
+          <Image
+            height={height}
+            width={width}
+            src={darkSrc}
+            alt="logo"
+            priority={true}
+          />
+        </div>
+      )}
+      {lightSrc && (
+        <div className="flex dark:hidden">
+          <Image
+            height={height}
+            width={width}
+            priority={true}
+            src={lightSrc}
+            alt="logo"
+          />
+        </div>
+      )}
+    </>
+  );
+}
diff --git a/login/apps/login/src/components/password-complexity.test.tsx b/login/apps/login/src/components/password-complexity.test.tsx
new file mode 100644
index 0000000000..090c95d397
--- /dev/null
+++ b/login/apps/login/src/components/password-complexity.test.tsx
@@ -0,0 +1,64 @@
+import {
+  cleanup,
+  render,
+  screen,
+  waitFor,
+  within,
+} from "@testing-library/react";
+import { afterEach, beforeEach, describe, expect, test } from "vitest";
+import { PasswordComplexity } from "./password-complexity";
+
+const matchesTitle = `Matches`;
+const doesntMatchTitle = `Doesn't match`;
+
+describe("<PasswordComplexity/>", () => {
+  describe.each`
+    settingsMinLength | password        | expectSVGTitle
+    ${5}              | ${"Password1!"} | ${matchesTitle}
+    ${30}             | ${"Password1!"} | ${doesntMatchTitle}
+    ${0}              | ${"Password1!"} | ${matchesTitle}
+    ${undefined}      | ${"Password1!"} | ${false}
+  `(
+    `With settingsMinLength=$settingsMinLength, password=$password, expectSVGTitle=$expectSVGTitle`,
+    ({ settingsMinLength, password, expectSVGTitle }) => {
+      const feedbackElementLabel = /password length/i;
+      beforeEach(() => {
+        render(
+          <PasswordComplexity
+            password={password}
+            equals
+            passwordComplexitySettings={{
+              minLength: settingsMinLength,
+              requiresLowercase: false,
+              requiresUppercase: false,
+              requiresNumber: false,
+              requiresSymbol: false,
+              resourceOwnerType: 0, // ResourceOwnerType.RESOURCE_OWNER_TYPE_UNSPECIFIED,
+            }}
+          />,
+        );
+      });
+      afterEach(cleanup);
+
+      if (expectSVGTitle === false) {
+        test(`should not render the feedback element`, async () => {
+          await waitFor(() => {
+            expect(
+              screen.queryByText(feedbackElementLabel),
+            ).not.toBeInTheDocument();
+          });
+        });
+      } else {
+        test(`Should show one SVG with title ${expectSVGTitle}`, async () => {
+          await waitFor(async () => {
+            const svg = within(
+              screen.getByText(feedbackElementLabel)
+                .parentElement as HTMLElement,
+            ).findByRole("img");
+            expect(await svg).toHaveTextContent(expectSVGTitle);
+          });
+        });
+      }
+    },
+  );
+});
diff --git a/login/apps/login/src/components/password-complexity.tsx b/login/apps/login/src/components/password-complexity.tsx
new file mode 100644
index 0000000000..40988984b6
--- /dev/null
+++ b/login/apps/login/src/components/password-complexity.tsx
@@ -0,0 +1,99 @@
+import {
+  lowerCaseValidator,
+  numberValidator,
+  symbolValidator,
+  upperCaseValidator,
+} from "@/helpers/validators";
+import { PasswordComplexitySettings } from "@zitadel/proto/zitadel/settings/v2/password_settings_pb";
+
+type Props = {
+  passwordComplexitySettings: PasswordComplexitySettings;
+  password: string;
+  equals: boolean;
+};
+
+const check = (
+  <svg
+    xmlns="http://www.w3.org/2000/svg"
+    fill="none"
+    viewBox="0 0 24 24"
+    strokeWidth={1.5}
+    stroke="currentColor"
+    className="w-6 h-6 las la-check text-green-500 dark:text-green-500 mr-2 text-lg"
+    role="img"
+  >
+    <title>Matches</title>
+    <path
+      strokeLinecap="round"
+      strokeLinejoin="round"
+      d="M4.5 12.75l6 6 9-13.5"
+    />
+  </svg>
+);
+const cross = (
+  <svg
+    className="w-6 h-6 las la-times text-warn-light-500 dark:text-warn-dark-500 mr-2 text-lg"
+    xmlns="http://www.w3.org/2000/svg"
+    fill="none"
+    viewBox="0 0 24 24"
+    strokeWidth={1.5}
+    stroke="currentColor"
+    role="img"
+  >
+    <title>Doesn&apos;t match</title>
+    <path
+      strokeLinecap="round"
+      strokeLinejoin="round"
+      d="M6 18L18 6M6 6l12 12"
+    />
+  </svg>
+);
+const desc =
+  "text-14px leading-4 text-input-light-label dark:text-input-dark-label";
+
+export function PasswordComplexity({
+  passwordComplexitySettings,
+  password,
+  equals,
+}: Props) {
+  const hasMinLength = password?.length >= passwordComplexitySettings.minLength;
+  const hasSymbol = symbolValidator(password);
+  const hasNumber = numberValidator(password);
+  const hasUppercase = upperCaseValidator(password);
+  const hasLowercase = lowerCaseValidator(password);
+
+  return (
+    <div className="mb-4 grid grid-cols-2 gap-x-8 gap-y-2">
+      {passwordComplexitySettings.minLength != undefined ? (
+        <div className="flex flex-row items-center" data-testid="length-check">
+          {hasMinLength ? check : cross}
+          <span className={desc}>
+            Password length {passwordComplexitySettings.minLength.toString()}
+          </span>
+        </div>
+      ) : (
+        <span />
+      )}
+      <div className="flex flex-row items-center" data-testid="symbol-check">
+        {hasSymbol ? check : cross}
+        <span className={desc}>has Symbol</span>
+      </div>
+      <div className="flex flex-row items-center" data-testid="number-check">
+        {hasNumber ? check : cross}
+        <span className={desc}>has Number</span>
+      </div>
+      <div className="flex flex-row items-center" data-testid="uppercase-check">
+        {hasUppercase ? check : cross}
+        <span className={desc}>has uppercase</span>
+      </div>
+      <div className="flex flex-row items-center" data-testid="lowercase-check">
+        {hasLowercase ? check : cross}
+        <span className={desc}>has lowercase</span>
+      </div>
+      <div className="flex flex-row items-center" data-testid="equal-check">
+        {equals ? check : cross}
+        <span className={desc}>equals</span>
+      </div>
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/password-form.tsx b/login/apps/login/src/components/password-form.tsx
new file mode 100644
index 0000000000..3cd455c69c
--- /dev/null
+++ b/login/apps/login/src/components/password-form.tsx
@@ -0,0 +1,176 @@
+"use client";
+
+import { resetPassword, sendPassword } from "@/lib/server/password";
+import { create } from "@zitadel/client";
+import { ChecksSchema } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { useForm } from "react-hook-form";
+import { Alert, AlertType } from "./alert";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { TextInput } from "./input";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Inputs = {
+  password: string;
+};
+
+type Props = {
+  loginSettings: LoginSettings | undefined;
+  loginName: string;
+  organization?: string;
+  requestId?: string;
+};
+
+export function PasswordForm({
+  loginSettings,
+  loginName,
+  organization,
+  requestId,
+}: Props) {
+  const { register, handleSubmit, formState } = useForm<Inputs>({
+    mode: "onBlur",
+  });
+
+  const [info, setInfo] = useState<string>("");
+  const [error, setError] = useState<string>("");
+
+  const [loading, setLoading] = useState<boolean>(false);
+
+  const router = useRouter();
+
+  async function submitPassword(values: Inputs) {
+    setError("");
+    setLoading(true);
+
+    const response = await sendPassword({
+      loginName,
+      organization,
+      checks: create(ChecksSchema, {
+        password: { password: values.password },
+      }),
+      requestId,
+    })
+      .catch(() => {
+        setError("Could not verify password");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response && response.error) {
+      setError(response.error);
+      return;
+    }
+
+    if (response && "redirect" in response && response.redirect) {
+      return router.push(response.redirect);
+    }
+  }
+
+  async function resetPasswordAndContinue() {
+    setError("");
+    setInfo("");
+    setLoading(true);
+
+    const response = await resetPassword({
+      loginName,
+      organization,
+      requestId,
+    })
+      .catch(() => {
+        setError("Could not reset password");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response) {
+      setError(response.error);
+      return;
+    }
+
+    setInfo("Password was reset. Please check your email.");
+
+    const params = new URLSearchParams({
+      loginName: loginName,
+    });
+
+    if (organization) {
+      params.append("organization", organization);
+    }
+
+    if (requestId) {
+      params.append("requestId", requestId);
+    }
+
+    return router.push("/password/set?" + params);
+  }
+
+  return (
+    <form className="w-full">
+      <div className={`${error && "transform-gpu animate-shake"}`}>
+        <TextInput
+          type="password"
+          autoComplete="password"
+          {...register("password", { required: "This field is required" })}
+          label="Password"
+          data-testid="password-text-input"
+        />
+        {!loginSettings?.hidePasswordReset && (
+          <button
+            className="transition-all text-sm hover:text-primary-light-500 dark:hover:text-primary-dark-500"
+            onClick={() => resetPasswordAndContinue()}
+            type="button"
+            disabled={loading}
+            data-testid="reset-button"
+          >
+            <Translated i18nKey="verify.resetPassword" namespace="password" />
+          </button>
+        )}
+
+        {loginName && (
+          <input
+            type="hidden"
+            name="loginName"
+            autoComplete="username"
+            value={loginName}
+          />
+        )}
+      </div>
+
+      {info && (
+        <div className="py-4">
+          <Alert type={AlertType.INFO}>{info}</Alert>
+        </div>
+      )}
+
+      {error && (
+        <div className="py-4" data-testid="error">
+          <Alert>{error}</Alert>
+        </div>
+      )}
+
+      <div className="mt-8 flex w-full flex-row items-center">
+        <BackButton data-testid="back-button" />
+        <span className="flex-grow"></span>
+        <Button
+          type="submit"
+          className="self-end"
+          variant={ButtonVariants.Primary}
+          disabled={loading || !formState.isValid}
+          onClick={handleSubmit(submitPassword)}
+          data-testid="submit-button"
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}{" "}
+          <Translated i18nKey="verify.submit" namespace="password" />
+        </Button>
+      </div>
+    </form>
+  );
+}
diff --git a/login/apps/login/src/components/privacy-policy-checkboxes.tsx b/login/apps/login/src/components/privacy-policy-checkboxes.tsx
new file mode 100644
index 0000000000..4ab0e33222
--- /dev/null
+++ b/login/apps/login/src/components/privacy-policy-checkboxes.tsx
@@ -0,0 +1,105 @@
+"use client";
+import { LegalAndSupportSettings } from "@zitadel/proto/zitadel/settings/v2/legal_settings_pb";
+import Link from "next/link";
+import { useState } from "react";
+import { Checkbox } from "./checkbox";
+import { Translated } from "./translated";
+
+type Props = {
+  legal: LegalAndSupportSettings;
+  onChange: (allAccepted: boolean) => void;
+};
+
+type AcceptanceState = {
+  tosAccepted: boolean;
+  privacyPolicyAccepted: boolean;
+};
+
+export function PrivacyPolicyCheckboxes({ legal, onChange }: Props) {
+  const [acceptanceState, setAcceptanceState] = useState<AcceptanceState>({
+    tosAccepted: false,
+    privacyPolicyAccepted: false,
+  });
+
+  return (
+    <>
+      <p className="flex flex-row items-center text-text-light-secondary-500 dark:text-text-dark-secondary-500 mt-4 text-sm">
+        <Translated i18nKey="agreeTo" namespace="register" />
+        {legal?.helpLink && (
+          <span>
+            <Link href={legal.helpLink} target="_blank">
+              <svg
+                xmlns="http://www.w3.org/2000/svg"
+                fill="none"
+                viewBox="0 0 24 24"
+                strokeWidth={1.5}
+                stroke="currentColor"
+                className="ml-1 w-5 h-5"
+              >
+                <path
+                  strokeLinecap="round"
+                  strokeLinejoin="round"
+                  d="M9.879 7.519c1.171-1.025 3.071-1.025 4.242 0 1.172 1.025 1.172 2.687 0 3.712-.203.179-.43.326-.67.442-.745.361-1.45.999-1.45 1.827v.75M21 12a9 9 0 11-18 0 9 9 0 0118 0zm-9 5.25h.008v.008H12v-.008z"
+                />
+              </svg>
+            </Link>
+          </span>
+        )}
+      </p>
+      {legal?.tosLink && (
+        <div className="mt-4 flex items-center">
+          <Checkbox
+            className="mr-4"
+            checked={false}
+            value={"privacypolicy"}
+            onChangeVal={(checked: boolean) => {
+              setAcceptanceState({
+                ...acceptanceState,
+                tosAccepted: checked,
+              });
+              onChange(checked && acceptanceState.privacyPolicyAccepted);
+            }}
+            data-testid="privacy-policy-checkbox"
+          />
+
+          <div className="mr-4 w-[28rem]">
+            <p className="text-sm text-text-light-500 dark:text-text-dark-500">
+              <Link href={legal.tosLink} className="underline" target="_blank">
+                <Translated i18nKey="termsOfService" namespace="register" />
+              </Link>
+            </p>
+          </div>
+        </div>
+      )}
+      {legal?.privacyPolicyLink && (
+        <div className="mt-4 flex items-center">
+          <Checkbox
+            className="mr-4"
+            checked={false}
+            value={"tos"}
+            onChangeVal={(checked: boolean) => {
+              setAcceptanceState({
+                ...acceptanceState,
+                privacyPolicyAccepted: checked,
+              });
+              onChange(checked && acceptanceState.tosAccepted);
+            }}
+            data-testid="tos-checkbox"
+          />
+
+          <div className="mr-4 w-[28rem]">
+            <p className="text-sm text-text-light-500 dark:text-text-dark-500">
+              <Link
+                href={legal.privacyPolicyLink}
+                className="underline"
+                target="_blank"
+              >
+                <Translated i18nKey="privacyPolicy" namespace="register" />
+              </Link>
+            </p>
+          </div>
+        </div>
+      )}
+    </>
+  );
+}
diff --git a/login/apps/login/src/components/register-form-idp-incomplete.tsx b/login/apps/login/src/components/register-form-idp-incomplete.tsx
new file mode 100644
index 0000000000..b8a7765c9c
--- /dev/null
+++ b/login/apps/login/src/components/register-form-idp-incomplete.tsx
@@ -0,0 +1,156 @@
+"use client";
+
+import { registerUserAndLinkToIDP } from "@/lib/server/register";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { FieldValues, useForm } from "react-hook-form";
+import { Alert } from "./alert";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { TextInput } from "./input";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Inputs =
+  | {
+      firstname: string;
+      lastname: string;
+      email: string;
+    }
+  | FieldValues;
+
+type Props = {
+  organization: string;
+  requestId?: string;
+  idpIntent: {
+    idpIntentId: string;
+    idpIntentToken: string;
+  };
+  defaultValues?: {
+    firstname?: string;
+    lastname?: string;
+    email?: string;
+  };
+  idpUserId: string;
+  idpId: string;
+  idpUserName: string;
+};
+
+export function RegisterFormIDPIncomplete({
+  organization,
+  requestId,
+  idpIntent,
+  defaultValues,
+  idpUserId,
+  idpId,
+  idpUserName,
+}: Props) {
+  const { register, handleSubmit, formState } = useForm<Inputs>({
+    mode: "onBlur",
+    defaultValues: {
+      email: defaultValues?.email ?? "",
+      firstname: defaultValues?.firstname ?? "",
+      lastname: defaultValues?.lastname ?? "",
+    },
+  });
+
+  const [loading, setLoading] = useState<boolean>(false);
+  const [error, setError] = useState<string>("");
+
+  const router = useRouter();
+
+  async function submitAndRegister(values: Inputs) {
+    setLoading(true);
+    const response = await registerUserAndLinkToIDP({
+      idpId: idpId,
+      idpUserName: idpUserName,
+      idpUserId: idpUserId,
+      email: values.email,
+      firstName: values.firstname,
+      lastName: values.lastname,
+      organization: organization,
+      requestId: requestId,
+      idpIntent: idpIntent,
+    })
+      .catch(() => {
+        setError("Could not register user");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response && response.error) {
+      setError(response.error);
+      return;
+    }
+
+    if (response && "redirect" in response && response.redirect) {
+      return router.push(response.redirect);
+    }
+
+    return response;
+  }
+
+  const { errors } = formState;
+
+  return (
+    <form className="w-full">
+      <div className="grid grid-cols-2 gap-4 mb-4">
+        <div className="">
+          <TextInput
+            type="firstname"
+            autoComplete="firstname"
+            required
+            {...register("firstname", { required: "This field is required" })}
+            label="First name"
+            error={errors.firstname?.message as string}
+            data-testid="firstname-text-input"
+          />
+        </div>
+        <div className="">
+          <TextInput
+            type="lastname"
+            autoComplete="lastname"
+            required
+            {...register("lastname", { required: "This field is required" })}
+            label="Last name"
+            error={errors.lastname?.message as string}
+            data-testid="lastname-text-input"
+          />
+        </div>
+        <div className="col-span-2">
+          <TextInput
+            type="email"
+            autoComplete="email"
+            required
+            {...register("email", { required: "This field is required" })}
+            label="E-mail"
+            error={errors.email?.message as string}
+            data-testid="email-text-input"
+          />
+        </div>
+      </div>
+
+      {error && (
+        <div className="py-4">
+          <Alert>{error}</Alert>
+        </div>
+      )}
+
+      <div className="mt-8 flex w-full flex-row items-center justify-between">
+        <BackButton data-testid="back-button" />
+        <Button
+          type="submit"
+          variant={ButtonVariants.Primary}
+          disabled={loading || !formState.isValid}
+          onClick={handleSubmit(submitAndRegister)}
+          data-testid="submit-button"
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}{" "}
+          <Translated i18nKey="submit" namespace="register" />
+        </Button>
+      </div>
+    </form>
+  );
+}
diff --git a/login/apps/login/src/components/register-form.tsx b/login/apps/login/src/components/register-form.tsx
new file mode 100644
index 0000000000..6217bbcbb9
--- /dev/null
+++ b/login/apps/login/src/components/register-form.tsx
@@ -0,0 +1,227 @@
+"use client";
+
+import { registerUser } from "@/lib/server/register";
+import { LegalAndSupportSettings } from "@zitadel/proto/zitadel/settings/v2/legal_settings_pb";
+import {
+  LoginSettings,
+  PasskeysType,
+} from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { FieldValues, useForm } from "react-hook-form";
+import { Alert, AlertType } from "./alert";
+import {
+  AuthenticationMethod,
+  AuthenticationMethodRadio,
+  methods,
+} from "./authentication-method-radio";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { TextInput } from "./input";
+import { PrivacyPolicyCheckboxes } from "./privacy-policy-checkboxes";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Inputs =
+  | {
+      firstname: string;
+      lastname: string;
+      email: string;
+    }
+  | FieldValues;
+
+type Props = {
+  legal: LegalAndSupportSettings;
+  firstname?: string;
+  lastname?: string;
+  email?: string;
+  organization: string;
+  requestId?: string;
+  loginSettings?: LoginSettings;
+  idpCount: number;
+};
+
+export function RegisterForm({
+  legal,
+  email,
+  firstname,
+  lastname,
+  organization,
+  requestId,
+  loginSettings,
+  idpCount = 0,
+}: Props) {
+  const { register, handleSubmit, formState } = useForm<Inputs>({
+    mode: "onBlur",
+    defaultValues: {
+      email: email ?? "",
+      firstName: firstname ?? "",
+      lastname: lastname ?? "",
+    },
+  });
+
+  const [loading, setLoading] = useState<boolean>(false);
+  const [selected, setSelected] = useState<AuthenticationMethod>(methods[0]);
+  const [error, setError] = useState<string>("");
+
+  const router = useRouter();
+
+  async function submitAndRegister(values: Inputs) {
+    setLoading(true);
+    const response = await registerUser({
+      email: values.email,
+      firstName: values.firstname,
+      lastName: values.lastname,
+      organization: organization,
+      requestId: requestId,
+    })
+      .catch(() => {
+        setError("Could not register user");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response && response.error) {
+      setError(response.error);
+      return;
+    }
+
+    if (response && "redirect" in response && response.redirect) {
+      return router.push(response.redirect);
+    }
+
+    return response;
+  }
+
+  async function submitAndContinue(
+    value: Inputs,
+    withPassword: boolean = false,
+  ) {
+    const registerParams: any = value;
+
+    if (organization) {
+      registerParams.organization = organization;
+    }
+
+    if (requestId) {
+      registerParams.requestId = requestId;
+    }
+
+    // redirect user to /register/password if password is chosen
+    if (withPassword) {
+      return router.push(
+        `/register/password?` + new URLSearchParams(registerParams),
+      );
+    } else {
+      return submitAndRegister(value);
+    }
+  }
+
+  const { errors } = formState;
+
+  const [tosAndPolicyAccepted, setTosAndPolicyAccepted] = useState(false);
+  return (
+    <form className="w-full">
+      <div className="grid grid-cols-2 gap-4 mb-4">
+        <div className="">
+          <TextInput
+            type="firstname"
+            autoComplete="firstname"
+            required
+            {...register("firstname", { required: "This field is required" })}
+            label="First name"
+            error={errors.firstname?.message as string}
+            data-testid="firstname-text-input"
+          />
+        </div>
+        <div className="">
+          <TextInput
+            type="lastname"
+            autoComplete="lastname"
+            required
+            {...register("lastname", { required: "This field is required" })}
+            label="Last name"
+            error={errors.lastname?.message as string}
+            data-testid="lastname-text-input"
+          />
+        </div>
+        <div className="col-span-2">
+          <TextInput
+            type="email"
+            autoComplete="email"
+            required
+            {...register("email", { required: "This field is required" })}
+            label="E-mail"
+            error={errors.email?.message as string}
+            data-testid="email-text-input"
+          />
+        </div>
+      </div>
+      {legal && (
+        <PrivacyPolicyCheckboxes
+          legal={legal}
+          onChange={setTosAndPolicyAccepted}
+        />
+      )}
+      {/* show chooser if both methods are allowed */}
+      {loginSettings &&
+        loginSettings.allowUsernamePassword &&
+        loginSettings.passkeysType == PasskeysType.ALLOWED && (
+          <>
+            <p className="mt-4 ztdl-p mb-6 block text-left">
+              <Translated i18nKey="selectMethod" namespace="register" />
+            </p>
+
+            <div className="pb-4">
+              <AuthenticationMethodRadio
+                selected={selected}
+                selectionChanged={setSelected}
+              />
+            </div>
+          </>
+        )}
+      {!loginSettings?.allowUsernamePassword &&
+        loginSettings?.passkeysType !== PasskeysType.ALLOWED &&
+        (!loginSettings?.allowExternalIdp || !idpCount) && (
+          <div className="py-4">
+            <Alert type={AlertType.INFO}>
+              <Translated
+                i18nKey="noMethodAvailableWarning"
+                namespace="register"
+              />
+            </Alert>
+          </div>
+        )}
+
+      {error && (
+        <div className="py-4">
+          <Alert>{error}</Alert>
+        </div>
+      )}
+
+      <div className="mt-8 flex w-full flex-row items-center justify-between">
+        <BackButton data-testid="back-button" />
+        <Button
+          type="submit"
+          variant={ButtonVariants.Primary}
+          disabled={loading || !formState.isValid || !tosAndPolicyAccepted}
+          onClick={handleSubmit((values) => {
+            const usePasswordToContinue: boolean =
+              loginSettings?.allowUsernamePassword &&
+              loginSettings?.passkeysType == PasskeysType.ALLOWED
+                ? !!!(selected === methods[0]) // choose selection if both available
+                : !!loginSettings?.allowUsernamePassword; // if password is chosen
+            // set password as default if only password is allowed
+            return submitAndContinue(values, usePasswordToContinue);
+          })}
+          data-testid="submit-button"
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}
+          <Translated i18nKey="submit" namespace="register" />
+        </Button>
+      </div>
+    </form>
+  );
+}
diff --git a/login/apps/login/src/components/register-passkey.tsx b/login/apps/login/src/components/register-passkey.tsx
new file mode 100644
index 0000000000..e21e1acdbb
--- /dev/null
+++ b/login/apps/login/src/components/register-passkey.tsx
@@ -0,0 +1,220 @@
+"use client";
+
+import { coerceToArrayBuffer, coerceToBase64Url } from "@/helpers/base64";
+import {
+  registerPasskeyLink,
+  verifyPasskeyRegistration,
+} from "@/lib/server/passkeys";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { useForm } from "react-hook-form";
+import { Alert } from "./alert";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Inputs = {};
+
+type Props = {
+  sessionId: string;
+  isPrompt: boolean;
+  requestId?: string;
+  organization?: string;
+};
+
+export function RegisterPasskey({
+  sessionId,
+  isPrompt,
+  organization,
+  requestId,
+}: Props) {
+  const { handleSubmit, formState } = useForm<Inputs>({
+    mode: "onBlur",
+  });
+
+  const [error, setError] = useState<string>("");
+
+  const [loading, setLoading] = useState<boolean>(false);
+
+  const router = useRouter();
+
+  async function submitVerify(
+    passkeyId: string,
+    passkeyName: string,
+    publicKeyCredential: any,
+    sessionId: string,
+  ) {
+    setLoading(true);
+    const response = await verifyPasskeyRegistration({
+      passkeyId,
+      passkeyName,
+      publicKeyCredential,
+      sessionId,
+    })
+      .catch(() => {
+        setError("Could not verify Passkey");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    return response;
+  }
+
+  async function submitRegisterAndContinue(): Promise<boolean | void> {
+    setLoading(true);
+    const resp = await registerPasskeyLink({
+      sessionId,
+    })
+      .catch(() => {
+        setError("Could not register passkey");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (!resp) {
+      setError("An error on registering passkey");
+      return;
+    }
+
+    if ("error" in resp && resp.error) {
+      setError(resp.error);
+      return;
+    }
+
+    if (!("passkeyId" in resp)) {
+      setError("An error on registering passkey");
+      return;
+    }
+
+    const passkeyId = resp.passkeyId;
+    const options: CredentialCreationOptions =
+      (resp.publicKeyCredentialCreationOptions as CredentialCreationOptions) ??
+      {};
+
+    if (!options.publicKey) {
+      setError("An error on registering passkey");
+      return;
+    }
+
+    options.publicKey.challenge = coerceToArrayBuffer(
+      options.publicKey.challenge,
+      "challenge",
+    );
+    options.publicKey.user.id = coerceToArrayBuffer(
+      options.publicKey.user.id,
+      "userid",
+    );
+    if (options.publicKey.excludeCredentials) {
+      options.publicKey.excludeCredentials.map((cred: any) => {
+        cred.id = coerceToArrayBuffer(
+          cred.id as string,
+          "excludeCredentials.id",
+        );
+        return cred;
+      });
+    }
+
+    const credentials = await navigator.credentials.create(options);
+
+    if (
+      !credentials ||
+      !(credentials as any).response?.attestationObject ||
+      !(credentials as any).response?.clientDataJSON ||
+      !(credentials as any).rawId
+    ) {
+      setError("An error on registering passkey");
+      return;
+    }
+
+    const attestationObject = (credentials as any).response.attestationObject;
+    const clientDataJSON = (credentials as any).response.clientDataJSON;
+    const rawId = (credentials as any).rawId;
+
+    const data = {
+      id: credentials.id,
+      rawId: coerceToBase64Url(rawId, "rawId"),
+      type: credentials.type,
+      response: {
+        attestationObject: coerceToBase64Url(
+          attestationObject,
+          "attestationObject",
+        ),
+        clientDataJSON: coerceToBase64Url(clientDataJSON, "clientDataJSON"),
+      },
+    };
+
+    const verificationResponse = await submitVerify(
+      passkeyId,
+      "",
+      data,
+      sessionId,
+    );
+
+    if (!verificationResponse) {
+      setError("Could not verify Passkey!");
+      return;
+    }
+
+    continueAndLogin();
+  }
+
+  function continueAndLogin() {
+    const params = new URLSearchParams();
+
+    if (organization) {
+      params.set("organization", organization);
+    }
+
+    if (requestId) {
+      params.set("requestId", requestId);
+    }
+
+    params.set("sessionId", sessionId);
+
+    router.push("/passkey?" + params);
+  }
+
+  return (
+    <form className="w-full">
+      {error && (
+        <div className="py-4">
+          <Alert>{error}</Alert>
+        </div>
+      )}
+
+      <div className="mt-8 flex w-full flex-row items-center">
+        {isPrompt ? (
+          <Button
+            type="button"
+            variant={ButtonVariants.Secondary}
+            onClick={() => {
+              continueAndLogin();
+            }}
+          >
+            <Translated i18nKey="set.skip" namespace="passkey" />
+          </Button>
+        ) : (
+          <BackButton />
+        )}
+
+        <span className="flex-grow"></span>
+        <Button
+          type="submit"
+          className="self-end"
+          variant={ButtonVariants.Primary}
+          disabled={loading || !formState.isValid}
+          onClick={handleSubmit(submitRegisterAndContinue)}
+          data-testid="submit-button"
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}{" "}
+          <Translated i18nKey="set.submit" namespace="passkey" />
+        </Button>
+      </div>
+    </form>
+  );
+}
diff --git a/login/apps/login/src/components/register-u2f.tsx b/login/apps/login/src/components/register-u2f.tsx
new file mode 100644
index 0000000000..e72bf1fc69
--- /dev/null
+++ b/login/apps/login/src/components/register-u2f.tsx
@@ -0,0 +1,225 @@
+"use client";
+
+import { coerceToArrayBuffer, coerceToBase64Url } from "@/helpers/base64";
+import { getNextUrl } from "@/lib/client";
+import { addU2F, verifyU2F } from "@/lib/server/u2f";
+import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { RegisterU2FResponse } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { Alert } from "./alert";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Props = {
+  loginName?: string;
+  sessionId: string;
+  requestId?: string;
+  organization?: string;
+  checkAfter: boolean;
+  loginSettings?: LoginSettings;
+};
+
+export function RegisterU2f({
+  loginName,
+  sessionId,
+  organization,
+  requestId,
+  checkAfter,
+  loginSettings,
+}: Props) {
+  const [error, setError] = useState<string>("");
+
+  const [loading, setLoading] = useState<boolean>(false);
+
+  const router = useRouter();
+
+  async function submitVerify(
+    u2fId: string,
+    passkeyName: string,
+    publicKeyCredential: any,
+    sessionId: string,
+  ) {
+    setError("");
+    setLoading(true);
+    const response = await verifyU2F({
+      u2fId,
+      passkeyName,
+      publicKeyCredential,
+      sessionId,
+    })
+      .catch(() => {
+        setError("An error on verifying passkey occurred");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response && response?.error) {
+      setError(response?.error);
+      return;
+    }
+
+    return response;
+  }
+
+  async function submitRegisterAndContinue(): Promise<boolean | void | null> {
+    setError("");
+    setLoading(true);
+    const response = await addU2F({
+      sessionId,
+    })
+      .catch(() => {
+        setError("An error on registering passkey");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response && response?.error) {
+      setError(response?.error);
+      return;
+    }
+
+    if (!response || !("u2fId" in response)) {
+      setError("An error on registering passkey");
+      return;
+    }
+
+    const u2fResponse = response as unknown as RegisterU2FResponse;
+
+    const u2fId = u2fResponse.u2fId;
+    const options: CredentialCreationOptions =
+      (u2fResponse?.publicKeyCredentialCreationOptions as CredentialCreationOptions) ??
+      {};
+
+    if (options.publicKey) {
+      options.publicKey.challenge = coerceToArrayBuffer(
+        options.publicKey.challenge,
+        "challenge",
+      );
+      options.publicKey.user.id = coerceToArrayBuffer(
+        options.publicKey.user.id,
+        "userid",
+      );
+      if (options.publicKey.excludeCredentials) {
+        options.publicKey.excludeCredentials.map((cred: any) => {
+          cred.id = coerceToArrayBuffer(
+            cred.id as string,
+            "excludeCredentials.id",
+          );
+          return cred;
+        });
+      }
+
+      const resp = await navigator.credentials.create(options);
+
+      if (
+        !resp ||
+        !(resp as any).response.attestationObject ||
+        !(resp as any).response.clientDataJSON ||
+        !(resp as any).rawId
+      ) {
+        setError("An error on registering passkey");
+        return;
+      }
+
+      const attestationObject = (resp as any).response.attestationObject;
+      const clientDataJSON = (resp as any).response.clientDataJSON;
+      const rawId = (resp as any).rawId;
+
+      const data = {
+        id: resp.id,
+        rawId: coerceToBase64Url(rawId, "rawId"),
+        type: resp.type,
+        response: {
+          attestationObject: coerceToBase64Url(
+            attestationObject,
+            "attestationObject",
+          ),
+          clientDataJSON: coerceToBase64Url(clientDataJSON, "clientDataJSON"),
+        },
+      };
+
+      const submitResponse = await submitVerify(u2fId, "", data, sessionId);
+
+      if (!submitResponse) {
+        setError("An error on verifying passkey");
+        return;
+      }
+
+      if (checkAfter) {
+        const paramsToContinue = new URLSearchParams({});
+
+        if (sessionId) {
+          paramsToContinue.append("sessionId", sessionId);
+        }
+        if (loginName) {
+          paramsToContinue.append("loginName", loginName);
+        }
+        if (organization) {
+          paramsToContinue.append("organization", organization);
+        }
+        if (requestId) {
+          paramsToContinue.append("requestId", requestId);
+        }
+
+        return router.push(`/u2f?` + paramsToContinue);
+      } else {
+        const url =
+          requestId && sessionId
+            ? await getNextUrl(
+                {
+                  sessionId: sessionId,
+                  requestId: requestId,
+                  organization: organization,
+                },
+                loginSettings?.defaultRedirectUri,
+              )
+            : loginName
+              ? await getNextUrl(
+                  {
+                    loginName: loginName,
+                    organization: organization,
+                  },
+                  loginSettings?.defaultRedirectUri,
+                )
+              : null;
+        if (url) {
+          return router.push(url);
+        }
+      }
+    }
+  }
+
+  return (
+    <form className="w-full">
+      {error && (
+        <div className="py-4">
+          <Alert>{error}</Alert>
+        </div>
+      )}
+
+      <div className="mt-8 flex w-full flex-row items-center">
+        <BackButton data-testid="back-button" />
+
+        <span className="flex-grow"></span>
+        <Button
+          type="submit"
+          className="self-end"
+          variant={ButtonVariants.Primary}
+          disabled={loading}
+          onClick={submitRegisterAndContinue}
+          data-testid="submit-button"
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}{" "}
+          <Translated i18nKey="set.submit" namespace="u2f" />
+        </Button>
+      </div>
+    </form>
+  );
+}
diff --git a/login/apps/login/src/components/self-service-menu.tsx b/login/apps/login/src/components/self-service-menu.tsx
new file mode 100644
index 0000000000..449c1dda1f
--- /dev/null
+++ b/login/apps/login/src/components/self-service-menu.tsx
@@ -0,0 +1,42 @@
+import Link from "next/link";
+
+export function SelfServiceMenu({ sessionId }: { sessionId: string }) {
+  const list: any[] = [];
+
+  // if (!!config.selfservice.change_password.enabled) {
+  //   list.push({
+  //     link:
+  //       `/me/change-password?` +
+  //       new URLSearchParams({
+  //         sessionId: sessionId,
+  //       }),
+  //     name: "Change password",
+  //   });
+  // }
+
+  return (
+    <div className="w-full flex flex-col space-y-2">
+      {list.map((menuitem, index) => {
+        return (
+          <SelfServiceItem
+            link={menuitem.link}
+            key={"self-service-" + index}
+            name={menuitem.name}
+          />
+        );
+      })}
+    </div>
+  );
+}
+
+const SelfServiceItem = ({ name, link }: { name: string; link: string }) => {
+  return (
+    <Link
+      prefetch={false}
+      href={link}
+      className="w-full group flex flex-row items-center bg-background-light-400 dark:bg-background-dark-400  border border-divider-light hover:shadow-lg dark:hover:bg-white/10 py-2 px-4 rounded-md transition-all"
+    >
+      {name}
+    </Link>
+  );
+};
diff --git a/login/apps/login/src/components/session-clear-item.tsx b/login/apps/login/src/components/session-clear-item.tsx
new file mode 100644
index 0000000000..81930b11b3
--- /dev/null
+++ b/login/apps/login/src/components/session-clear-item.tsx
@@ -0,0 +1,105 @@
+"use client";
+
+import { clearSession } from "@/lib/server/session";
+import { timestampDate } from "@zitadel/client";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import moment from "moment";
+import { useLocale } from "next-intl";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { Avatar } from "./avatar";
+import { isSessionValid } from "./session-item";
+import { Translated } from "./translated";
+
+export function SessionClearItem({
+  session,
+  reload,
+}: {
+  session: Session;
+  reload: () => void;
+}) {
+  const currentLocale = useLocale();
+  moment.locale(currentLocale === "zh" ? "zh-cn" : currentLocale);
+
+  const [loading, setLoading] = useState<boolean>(false);
+
+  async function clearSessionId(id: string) {
+    setLoading(true);
+    const response = await clearSession({
+      sessionId: id,
+    })
+      .catch((error) => {
+        setError(error.message);
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    return response;
+  }
+
+  const { valid, verifiedAt } = isSessionValid(session);
+
+  const [error, setError] = useState<string | null>(null);
+
+  const router = useRouter();
+
+  return (
+    <button
+      onClick={async () => {
+        clearSessionId(session.id).then(() => {
+          reload();
+        });
+      }}
+      className="group flex flex-row items-center bg-background-light-400 dark:bg-background-dark-400  border border-divider-light hover:shadow-lg dark:hover:bg-white/10 py-2 px-4 rounded-md transition-all"
+    >
+      <div className="pr-4">
+        <Avatar
+          size="small"
+          loginName={session.factors?.user?.loginName as string}
+          name={session.factors?.user?.displayName ?? ""}
+        />
+      </div>
+
+      <div className="flex flex-col items-start overflow-hidden">
+        <span className="">{session.factors?.user?.displayName}</span>
+        <span className="text-xs opacity-80 text-ellipsis">
+          {session.factors?.user?.loginName}
+        </span>
+        {valid ? (
+          <span className="text-xs opacity-80 text-ellipsis">
+            {verifiedAt && (
+              <Translated
+                i18nKey="verfiedAt"
+                namespace="logout"
+                data={{ time: moment(timestampDate(verifiedAt)).fromNow() }}
+              />
+            )}
+          </span>
+        ) : (
+          verifiedAt && (
+            <span className="text-xs opacity-80 text-ellipsis">
+              expired{" "}
+              {session.expirationDate &&
+                moment(timestampDate(session.expirationDate)).fromNow()}
+            </span>
+          )
+        )}
+      </div>
+
+      <span className="flex-grow"></span>
+      <div className="relative flex flex-row items-center">
+        <div className="mr-6 px-2 py-[2px] text-xs hidden group-hover:block transition-all text-warn-light-500 dark:text-warn-dark-500 bg-[#ff0000]/10 dark:bg-[#ff0000]/10 rounded-full flex items-center justify-center">
+          <Translated i18nKey="clear" namespace="logout" />
+        </div>
+
+        {valid ? (
+          <div className="absolute h-2 w-2 bg-green-500 rounded-full mx-2 transform right-0 transition-all"></div>
+        ) : (
+          <div className="absolute h-2 w-2 bg-red-500 rounded-full mx-2 transform right-0 transition-all"></div>
+        )}
+      </div>
+    </button>
+  );
+}
diff --git a/login/apps/login/src/components/session-item.tsx b/login/apps/login/src/components/session-item.tsx
new file mode 100644
index 0000000000..94e7a19da5
--- /dev/null
+++ b/login/apps/login/src/components/session-item.tsx
@@ -0,0 +1,156 @@
+"use client";
+
+import { sendLoginname } from "@/lib/server/loginname";
+import { clearSession, continueWithSession } from "@/lib/server/session";
+import { XCircleIcon } from "@heroicons/react/24/outline";
+import { Timestamp, timestampDate } from "@zitadel/client";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import moment from "moment";
+import { useLocale } from "next-intl";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { Avatar } from "./avatar";
+
+export function isSessionValid(session: Partial<Session>): {
+  valid: boolean;
+  verifiedAt?: Timestamp;
+} {
+  const validPassword = session?.factors?.password?.verifiedAt;
+  const validPasskey = session?.factors?.webAuthN?.verifiedAt;
+  const validIDP = session?.factors?.intent?.verifiedAt;
+
+  const stillValid = session.expirationDate
+    ? timestampDate(session.expirationDate) > new Date()
+    : true;
+
+  const verifiedAt = validPassword || validPasskey || validIDP;
+  const valid = !!((validPassword || validPasskey || validIDP) && stillValid);
+
+  return { valid, verifiedAt };
+}
+
+export function SessionItem({
+  session,
+  reload,
+  requestId,
+}: {
+  session: Session;
+  reload: () => void;
+  requestId?: string;
+}) {
+  const currentLocale = useLocale();
+  moment.locale(currentLocale === "zh" ? "zh-cn" : currentLocale);
+
+  const [loading, setLoading] = useState<boolean>(false);
+
+  async function clearSessionId(id: string) {
+    setLoading(true);
+    const response = await clearSession({
+      sessionId: id,
+    })
+      .catch((error) => {
+        setError(error.message);
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    return response;
+  }
+
+  const { valid, verifiedAt } = isSessionValid(session);
+
+  const [error, setError] = useState<string | null>(null);
+
+  const router = useRouter();
+
+  return (
+    <button
+      onClick={async () => {
+        if (valid && session?.factors?.user) {
+          const resp = await continueWithSession({
+            ...session,
+            requestId: requestId,
+          });
+
+          if (resp?.redirect) {
+            return router.push(resp.redirect);
+          }
+        } else if (session.factors?.user) {
+          setLoading(true);
+          const res = await sendLoginname({
+            loginName: session.factors?.user?.loginName,
+            organization: session.factors.user.organizationId,
+            requestId: requestId,
+          })
+            .catch(() => {
+              setError("An internal error occurred");
+              return;
+            })
+            .finally(() => {
+              setLoading(false);
+            });
+
+          if (res && "redirect" in res && res.redirect) {
+            return router.push(res.redirect);
+          }
+
+          if (res && "error" in res && res.error) {
+            setError(res.error);
+            return;
+          }
+        }
+      }}
+      className="group flex flex-row items-center bg-background-light-400 dark:bg-background-dark-400  border border-divider-light hover:shadow-lg dark:hover:bg-white/10 py-2 px-4 rounded-md transition-all"
+    >
+      <div className="pr-4">
+        <Avatar
+          size="small"
+          loginName={session.factors?.user?.loginName as string}
+          name={session.factors?.user?.displayName ?? ""}
+        />
+      </div>
+
+      <div className="flex flex-col items-start overflow-hidden">
+        <span className="">{session.factors?.user?.displayName}</span>
+        <span className="text-xs opacity-80 text-ellipsis">
+          {session.factors?.user?.loginName}
+        </span>
+        {valid ? (
+          <span className="text-xs opacity-80 text-ellipsis">
+            {verifiedAt && moment(timestampDate(verifiedAt)).fromNow()}
+          </span>
+        ) : (
+          verifiedAt && (
+            <span className="text-xs opacity-80 text-ellipsis">
+              expired{" "}
+              {session.expirationDate &&
+                moment(timestampDate(session.expirationDate)).fromNow()}
+            </span>
+          )
+        )}
+      </div>
+
+      <span className="flex-grow"></span>
+      <div className="relative flex flex-row items-center">
+        {valid ? (
+          <div className="absolute h-2 w-2 bg-green-500 rounded-full mx-2 transform right-0 group-hover:right-6 transition-all"></div>
+        ) : (
+          <div className="absolute h-2 w-2 bg-red-500 rounded-full mx-2 transform right-0 group-hover:right-6 transition-all"></div>
+        )}
+
+        <XCircleIcon
+          className="hidden group-hover:block h-5 w-5 transition-all opacity-50 hover:opacity-100"
+          onClick={(event) => {
+            event.preventDefault();
+            event.stopPropagation();
+            clearSessionId(session.id).then(() => {
+              reload();
+            });
+          }}
+        />
+      </div>
+    </button>
+  );
+}
diff --git a/login/apps/login/src/components/sessions-clear-list.tsx b/login/apps/login/src/components/sessions-clear-list.tsx
new file mode 100644
index 0000000000..5989948725
--- /dev/null
+++ b/login/apps/login/src/components/sessions-clear-list.tsx
@@ -0,0 +1,109 @@
+"use client";
+
+import { clearSession } from "@/lib/server/session";
+import { timestampDate } from "@zitadel/client";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { redirect, useRouter } from "next/navigation";
+import { useEffect, useState } from "react";
+import { Alert, AlertType } from "./alert";
+import { SessionClearItem } from "./session-clear-item";
+import { Translated } from "./translated";
+
+type Props = {
+  sessions: Session[];
+  postLogoutRedirectUri?: string;
+  logoutHint?: string;
+  organization?: string;
+};
+
+export function SessionsClearList({
+  sessions,
+  logoutHint,
+  postLogoutRedirectUri,
+  organization,
+}: Props) {
+  const [list, setList] = useState<Session[]>(sessions);
+  const router = useRouter();
+
+  async function clearHintedSession() {
+    console.log("Clearing session for login hint:", logoutHint);
+    // If a login hint is provided, we logout that specific session
+    const sessionIdToBeCleared = sessions.find((session) => {
+      return session.factors?.user?.loginName === logoutHint;
+    })?.id;
+
+    if (sessionIdToBeCleared) {
+      const clearSessionResponse = await clearSession({
+        sessionId: sessionIdToBeCleared,
+      }).catch((error) => {
+        console.error("Error clearing session:", error);
+        return;
+      });
+
+      if (!clearSessionResponse) {
+        console.error("Failed to clear session for login hint:", logoutHint);
+      }
+
+      if (postLogoutRedirectUri) {
+        return redirect(postLogoutRedirectUri);
+      }
+
+      const params = new URLSearchParams();
+
+      if (organization) {
+        params.set("organization", organization);
+      }
+
+      return router.push("/logout/success?" + params);
+    } else {
+      console.warn(`No session found for login hint: ${logoutHint}`);
+    }
+  }
+
+  useEffect(() => {
+    if (logoutHint) {
+      clearHintedSession();
+    }
+  }, []);
+
+  return sessions ? (
+    <div className="flex flex-col space-y-2">
+      {list
+        .filter((session) => session?.factors?.user?.loginName)
+        // sort by change date descending
+        .sort((a, b) => {
+          const dateA = a.changeDate
+            ? timestampDate(a.changeDate).getTime()
+            : 0;
+          const dateB = b.changeDate
+            ? timestampDate(b.changeDate).getTime()
+            : 0;
+          return dateB - dateA;
+        })
+        // TODO: add sorting to move invalid sessions to the bottom
+        .map((session, index) => {
+          return (
+            <SessionClearItem
+              session={session}
+              reload={() => {
+                setList(list.filter((s) => s.id !== session.id));
+                if (postLogoutRedirectUri) {
+                  router.push(postLogoutRedirectUri);
+                }
+              }}
+              key={"session-" + index}
+            />
+          );
+        })}
+      {list.length === 0 && (
+        <Alert type={AlertType.INFO}>
+          <Translated i18nKey="noResults" namespace="logout" />
+        </Alert>
+      )}
+    </div>
+  ) : (
+    <Alert>
+      <Translated i18nKey="noResults" namespace="logout" />
+    </Alert>
+  );
+}
diff --git a/login/apps/login/src/components/sessions-list.tsx b/login/apps/login/src/components/sessions-list.tsx
new file mode 100644
index 0000000000..a3a1f8ed94
--- /dev/null
+++ b/login/apps/login/src/components/sessions-list.tsx
@@ -0,0 +1,50 @@
+"use client";
+
+import { timestampDate } from "@zitadel/client";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { useState } from "react";
+import { Alert } from "./alert";
+import { SessionItem } from "./session-item";
+import { Translated } from "./translated";
+
+type Props = {
+  sessions: Session[];
+  requestId?: string;
+};
+
+export function SessionsList({ sessions, requestId }: Props) {
+  const [list, setList] = useState<Session[]>(sessions);
+  return sessions ? (
+    <div className="flex flex-col space-y-2">
+      {list
+        .filter((session) => session?.factors?.user?.loginName)
+        // sort by change date descending
+        .sort((a, b) => {
+          const dateA = a.changeDate
+            ? timestampDate(a.changeDate).getTime()
+            : 0;
+          const dateB = b.changeDate
+            ? timestampDate(b.changeDate).getTime()
+            : 0;
+          return dateB - dateA;
+        })
+        // TODO: add sorting to move invalid sessions to the bottom
+        .map((session, index) => {
+          return (
+            <SessionItem
+              session={session}
+              requestId={requestId}
+              reload={() => {
+                setList(list.filter((s) => s.id !== session.id));
+              }}
+              key={"session-" + index}
+            />
+          );
+        })}
+    </div>
+  ) : (
+    <Alert>
+      <Translated i18nKey="noResults" namespace="accounts" />
+    </Alert>
+  );
+}
diff --git a/login/apps/login/src/components/set-password-form.tsx b/login/apps/login/src/components/set-password-form.tsx
new file mode 100644
index 0000000000..2c3db8dbf2
--- /dev/null
+++ b/login/apps/login/src/components/set-password-form.tsx
@@ -0,0 +1,286 @@
+"use client";
+
+import {
+  lowerCaseValidator,
+  numberValidator,
+  symbolValidator,
+  upperCaseValidator,
+} from "@/helpers/validators";
+import {
+  changePassword,
+  resetPassword,
+  sendPassword,
+} from "@/lib/server/password";
+import { create } from "@zitadel/client";
+import { ChecksSchema } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { PasswordComplexitySettings } from "@zitadel/proto/zitadel/settings/v2/password_settings_pb";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { FieldValues, useForm } from "react-hook-form";
+import { Alert, AlertType } from "./alert";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { TextInput } from "./input";
+import { PasswordComplexity } from "./password-complexity";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Inputs =
+  | {
+      code: string;
+      password: string;
+      confirmPassword: string;
+    }
+  | FieldValues;
+
+type Props = {
+  code?: string;
+  passwordComplexitySettings: PasswordComplexitySettings;
+  loginName: string;
+  userId: string;
+  organization?: string;
+  requestId?: string;
+  codeRequired: boolean;
+};
+
+export function SetPasswordForm({
+  passwordComplexitySettings,
+  organization,
+  requestId,
+  loginName,
+  userId,
+  code,
+  codeRequired,
+}: Props) {
+  const { register, handleSubmit, watch, formState } = useForm<Inputs>({
+    mode: "onBlur",
+    defaultValues: {
+      code: code ?? "",
+    },
+  });
+
+  const [loading, setLoading] = useState<boolean>(false);
+  const [error, setError] = useState<string>("");
+
+  const router = useRouter();
+
+  async function resendCode() {
+    setError("");
+    setLoading(true);
+
+    const response = await resetPassword({
+      loginName,
+      organization,
+      requestId,
+    })
+      .catch(() => {
+        setError("Could not reset password");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response) {
+      setError(response.error);
+      return;
+    }
+  }
+
+  async function submitPassword(values: Inputs) {
+    setLoading(true);
+    let payload: { userId: string; password: string; code?: string } = {
+      userId: userId,
+      password: values.password,
+    };
+
+    // this is not required for initial password setup
+    if (codeRequired) {
+      payload = { ...payload, code: values.code };
+    }
+
+    const changeResponse = await changePassword(payload)
+      .catch(() => {
+        setError("Could not set password");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (changeResponse && "error" in changeResponse) {
+      setError(changeResponse.error);
+      return;
+    }
+
+    if (!changeResponse) {
+      setError("Could not set password");
+      return;
+    }
+
+    const params = new URLSearchParams({});
+
+    if (loginName) {
+      params.append("loginName", loginName);
+    }
+    if (organization) {
+      params.append("organization", organization);
+    }
+
+    await new Promise((resolve) => setTimeout(resolve, 2000)); // Wait for a second to avoid eventual consistency issues with an initial password being set
+
+    const passwordResponse = await sendPassword({
+      loginName,
+      organization,
+      checks: create(ChecksSchema, {
+        password: { password: values.password },
+      }),
+      requestId,
+    })
+      .catch(() => {
+        setError("Could not verify password");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (
+      passwordResponse &&
+      "error" in passwordResponse &&
+      passwordResponse.error
+    ) {
+      setError(passwordResponse.error);
+      return;
+    }
+
+    if (
+      passwordResponse &&
+      "redirect" in passwordResponse &&
+      passwordResponse.redirect
+    ) {
+      return router.push(passwordResponse.redirect);
+    }
+
+    return;
+  }
+
+  const { errors } = formState;
+
+  const watchPassword = watch("password", "");
+  const watchConfirmPassword = watch("confirmPassword", "");
+
+  const hasMinLength =
+    passwordComplexitySettings &&
+    watchPassword?.length >= passwordComplexitySettings.minLength;
+  const hasSymbol = symbolValidator(watchPassword);
+  const hasNumber = numberValidator(watchPassword);
+  const hasUppercase = upperCaseValidator(watchPassword);
+  const hasLowercase = lowerCaseValidator(watchPassword);
+
+  const policyIsValid =
+    passwordComplexitySettings &&
+    (passwordComplexitySettings.requiresLowercase ? hasLowercase : true) &&
+    (passwordComplexitySettings.requiresNumber ? hasNumber : true) &&
+    (passwordComplexitySettings.requiresUppercase ? hasUppercase : true) &&
+    (passwordComplexitySettings.requiresSymbol ? hasSymbol : true) &&
+    hasMinLength;
+
+  return (
+    <form className="w-full">
+      <div className="pt-4 grid grid-cols-1 gap-4 mb-4">
+        {codeRequired && (
+          <Alert type={AlertType.INFO}>
+            <div className="flex flex-row">
+              <span className="flex-1 mr-auto text-left">
+                <Translated i18nKey="set.noCodeReceived" namespace="password" />
+              </span>
+              <button
+                aria-label="Resend OTP Code"
+                disabled={loading}
+                type="button"
+                className="ml-4 text-primary-light-500 dark:text-primary-dark-500 hover:dark:text-primary-dark-400 hover:text-primary-light-400 cursor-pointer disabled:cursor-default disabled:text-gray-400 dark:disabled:text-gray-700"
+                onClick={() => {
+                  resendCode();
+                }}
+                data-testid="resend-button"
+              >
+                <Translated i18nKey="set.resend" namespace="password" />
+              </button>
+            </div>
+          </Alert>
+        )}
+        {codeRequired && (
+          <div>
+            <TextInput
+              type="text"
+              required
+              {...register("code", {
+                required: "This field is required",
+              })}
+              label="Code"
+              autoComplete="one-time-code"
+              error={errors.code?.message as string}
+              data-testid="code-text-input"
+            />
+          </div>
+        )}
+        <div>
+          <TextInput
+            type="password"
+            autoComplete="new-password"
+            required
+            {...register("password", {
+              required: "You have to provide a password!",
+            })}
+            label="New Password"
+            error={errors.password?.message as string}
+            data-testid="password-set-text-input"
+          />
+        </div>
+        <div>
+          <TextInput
+            type="password"
+            required
+            autoComplete="new-password"
+            {...register("confirmPassword", {
+              required: "This field is required",
+            })}
+            label="Confirm Password"
+            error={errors.confirmPassword?.message as string}
+            data-testid="password-set-confirm-text-input"
+          />
+        </div>
+      </div>
+
+      {passwordComplexitySettings && (
+        <PasswordComplexity
+          passwordComplexitySettings={passwordComplexitySettings}
+          password={watchPassword}
+          equals={!!watchPassword && watchPassword === watchConfirmPassword}
+        />
+      )}
+
+      {error && <Alert>{error}</Alert>}
+
+      <div className="mt-8 flex w-full flex-row items-center justify-between">
+        <BackButton data-testid="back-button" />
+        <Button
+          type="submit"
+          variant={ButtonVariants.Primary}
+          disabled={
+            loading ||
+            !policyIsValid ||
+            !formState.isValid ||
+            watchPassword !== watchConfirmPassword
+          }
+          onClick={handleSubmit(submitPassword)}
+          data-testid="submit-button"
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}{" "}
+          <Translated i18nKey="set.submit" namespace="password" />
+        </Button>
+      </div>
+    </form>
+  );
+}
diff --git a/login/apps/login/src/components/set-register-password-form.tsx b/login/apps/login/src/components/set-register-password-form.tsx
new file mode 100644
index 0000000000..7660e60753
--- /dev/null
+++ b/login/apps/login/src/components/set-register-password-form.tsx
@@ -0,0 +1,170 @@
+"use client";
+
+import {
+  lowerCaseValidator,
+  numberValidator,
+  symbolValidator,
+  upperCaseValidator,
+} from "@/helpers/validators";
+import { registerUser } from "@/lib/server/register";
+import { PasswordComplexitySettings } from "@zitadel/proto/zitadel/settings/v2/password_settings_pb";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { FieldValues, useForm } from "react-hook-form";
+import { Alert } from "./alert";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { TextInput } from "./input";
+import { PasswordComplexity } from "./password-complexity";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Inputs =
+  | {
+      password: string;
+      confirmPassword: string;
+    }
+  | FieldValues;
+
+type Props = {
+  passwordComplexitySettings: PasswordComplexitySettings;
+  email: string;
+  firstname: string;
+  lastname: string;
+  organization: string;
+  requestId?: string;
+};
+
+export function SetRegisterPasswordForm({
+  passwordComplexitySettings,
+  email,
+  firstname,
+  lastname,
+  organization,
+  requestId,
+}: Props) {
+  const { register, handleSubmit, watch, formState } = useForm<Inputs>({
+    mode: "onBlur",
+    defaultValues: {
+      email: email ?? "",
+      firstname: firstname ?? "",
+      lastname: lastname ?? "",
+    },
+  });
+
+  const [loading, setLoading] = useState<boolean>(false);
+  const [error, setError] = useState<string>("");
+
+  const router = useRouter();
+
+  async function submitRegister(values: Inputs) {
+    setLoading(true);
+    const response = await registerUser({
+      email: email,
+      firstName: firstname,
+      lastName: lastname,
+      organization: organization,
+      requestId: requestId,
+      password: values.password,
+    })
+      .catch(() => {
+        setError("Could not register user");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response && response.error) {
+      setError(response.error);
+      return;
+    }
+
+    if (response && "redirect" in response && response.redirect) {
+      return router.push(response.redirect);
+    }
+  }
+
+  const { errors } = formState;
+
+  const watchPassword = watch("password", "");
+  const watchConfirmPassword = watch("confirmPassword", "");
+
+  const hasMinLength =
+    passwordComplexitySettings &&
+    watchPassword?.length >= passwordComplexitySettings.minLength;
+  const hasSymbol = symbolValidator(watchPassword);
+  const hasNumber = numberValidator(watchPassword);
+  const hasUppercase = upperCaseValidator(watchPassword);
+  const hasLowercase = lowerCaseValidator(watchPassword);
+
+  const policyIsValid =
+    passwordComplexitySettings &&
+    (passwordComplexitySettings.requiresLowercase ? hasLowercase : true) &&
+    (passwordComplexitySettings.requiresNumber ? hasNumber : true) &&
+    (passwordComplexitySettings.requiresUppercase ? hasUppercase : true) &&
+    (passwordComplexitySettings.requiresSymbol ? hasSymbol : true) &&
+    hasMinLength;
+
+  return (
+    <form className="w-full">
+      <div className="pt-4 grid grid-cols-1 gap-4 mb-4">
+        <div className="">
+          <TextInput
+            type="password"
+            autoComplete="new-password"
+            required
+            {...register("password", {
+              required: "You have to provide a password!",
+            })}
+            label="Password"
+            error={errors.password?.message as string}
+            data-testid="password-text-input"
+          />
+        </div>
+        <div className="">
+          <TextInput
+            type="password"
+            required
+            autoComplete="new-password"
+            {...register("confirmPassword", {
+              required: "This field is required",
+            })}
+            label="Confirm Password"
+            error={errors.confirmPassword?.message as string}
+            data-testid="password-confirm-text-input"
+          />
+        </div>
+      </div>
+
+      {passwordComplexitySettings && (
+        <PasswordComplexity
+          passwordComplexitySettings={passwordComplexitySettings}
+          password={watchPassword}
+          equals={!!watchPassword && watchPassword === watchConfirmPassword}
+        />
+      )}
+
+      {error && <Alert>{error}</Alert>}
+
+      <div className="mt-8 flex w-full flex-row items-center justify-between">
+        <BackButton data-testid="back-button" />
+        <Button
+          type="submit"
+          variant={ButtonVariants.Primary}
+          disabled={
+            loading ||
+            !policyIsValid ||
+            !formState.isValid ||
+            watchPassword !== watchConfirmPassword
+          }
+          onClick={handleSubmit(submitRegister)}
+          data-testid="submit-button"
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}{" "}
+          <Translated i18nKey="password.submit" namespace="register" />
+        </Button>
+      </div>
+    </form>
+  );
+}
diff --git a/login/apps/login/src/components/sign-in-with-idp.tsx b/login/apps/login/src/components/sign-in-with-idp.tsx
new file mode 100644
index 0000000000..ec9cfb36f8
--- /dev/null
+++ b/login/apps/login/src/components/sign-in-with-idp.tsx
@@ -0,0 +1,93 @@
+"use client";
+
+import { idpTypeToSlug } from "@/lib/idp";
+import { redirectToIdp } from "@/lib/server/idp";
+import {
+  IdentityProvider,
+  IdentityProviderType,
+} from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { ReactNode, useActionState } from "react";
+import { Alert } from "./alert";
+import { SignInWithIdentityProviderProps } from "./idps/base-button";
+import { SignInWithApple } from "./idps/sign-in-with-apple";
+import { SignInWithAzureAd } from "./idps/sign-in-with-azure-ad";
+import { SignInWithGeneric } from "./idps/sign-in-with-generic";
+import { SignInWithGithub } from "./idps/sign-in-with-github";
+import { SignInWithGitlab } from "./idps/sign-in-with-gitlab";
+import { SignInWithGoogle } from "./idps/sign-in-with-google";
+import { Translated } from "./translated";
+
+export interface SignInWithIDPProps {
+  children?: ReactNode;
+  identityProviders: IdentityProvider[];
+  requestId?: string;
+  organization?: string;
+  linkOnly?: boolean;
+}
+
+export function SignInWithIdp({
+  identityProviders,
+  requestId,
+  organization,
+  linkOnly,
+}: Readonly<SignInWithIDPProps>) {
+  const [state, action, _isPending] = useActionState(redirectToIdp, {});
+
+  const renderIDPButton = (idp: IdentityProvider, index: number) => {
+    const { id, name, type } = idp;
+
+    const components: Partial<
+      Record<
+        IdentityProviderType,
+        (props: SignInWithIdentityProviderProps) => ReactNode
+      >
+    > = {
+      [IdentityProviderType.APPLE]: SignInWithApple,
+      [IdentityProviderType.OAUTH]: SignInWithGeneric,
+      [IdentityProviderType.OIDC]: SignInWithGeneric,
+      [IdentityProviderType.GITHUB]: SignInWithGithub,
+      [IdentityProviderType.GITHUB_ES]: SignInWithGithub,
+      [IdentityProviderType.AZURE_AD]: SignInWithAzureAd,
+      [IdentityProviderType.GOOGLE]: (props) => (
+        <SignInWithGoogle {...props} e2e="google" />
+      ),
+      [IdentityProviderType.GITLAB]: SignInWithGitlab,
+      [IdentityProviderType.GITLAB_SELF_HOSTED]: SignInWithGitlab,
+      [IdentityProviderType.SAML]: SignInWithGeneric,
+      [IdentityProviderType.LDAP]: SignInWithGeneric,
+      [IdentityProviderType.JWT]: SignInWithGeneric,
+    };
+
+    const Component = components[type];
+    return Component ? (
+      <form action={action} className="flex" key={`idp-${index}`}>
+        <input type="hidden" name="id" value={id} />
+        <input type="hidden" name="provider" value={idpTypeToSlug(type)} />
+        <input type="hidden" name="requestId" value={requestId} />
+        <input type="hidden" name="organization" value={organization} />
+        <input
+          type="hidden"
+          name="linkOnly"
+          value={linkOnly ? "true" : "false"}
+        />
+        <Component key={id} name={name} />
+      </form>
+    ) : null;
+  };
+
+  return (
+    <div className="flex flex-col w-full space-y-2 text-sm">
+      <p className="text-center ztdl-p">
+        <Translated i18nKey="orSignInWith" namespace="idp" />
+      </p>
+      {!!identityProviders.length && identityProviders?.map(renderIDPButton)}
+      {state?.error && (
+        <div className="py-4">
+          <Alert>{state?.error}</Alert>
+        </div>
+      )}
+    </div>
+  );
+}
+
+SignInWithIdp.displayName = "SignInWithIDP";
diff --git a/login/apps/login/src/components/skeleton-card.tsx b/login/apps/login/src/components/skeleton-card.tsx
new file mode 100644
index 0000000000..80b3793e8f
--- /dev/null
+++ b/login/apps/login/src/components/skeleton-card.tsx
@@ -0,0 +1,16 @@
+import { clsx } from "clsx";
+
+export const SkeletonCard = ({ isLoading }: { isLoading?: boolean }) => (
+  <div
+    className={clsx("rounded-2xl bg-gray-900/80 p-4", {
+      "relative overflow-hidden before:absolute before:inset-0 before:-translate-x-full before:animate-[shimmer_1.5s_infinite] before:bg-gradient-to-r before:from-transparent before:via-white/10 before:to-transparent":
+        isLoading,
+    })}
+  >
+    <div className="space-y-3">
+      <div className="h-14 rounded-lg bg-gray-700" />
+      <div className="h-3 w-11/12 rounded-lg bg-gray-700" />
+      <div className="h-3 w-8/12 rounded-lg bg-gray-700" />
+    </div>
+  </div>
+);
diff --git a/login/apps/login/src/components/skeleton.tsx b/login/apps/login/src/components/skeleton.tsx
new file mode 100644
index 0000000000..548953d278
--- /dev/null
+++ b/login/apps/login/src/components/skeleton.tsx
@@ -0,0 +1,9 @@
+import { ReactNode } from "react";
+
+export function Skeleton({ children }: { children?: ReactNode }) {
+  return (
+    <div className="skeleton py-12 px-8 rounded-lg bg-background-light-600 dark:bg-background-dark-600 flex flex-row items-center justify-center">
+      {children}
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/spinner.tsx b/login/apps/login/src/components/spinner.tsx
new file mode 100644
index 0000000000..5ed2f04c80
--- /dev/null
+++ b/login/apps/login/src/components/spinner.tsx
@@ -0,0 +1,22 @@
+import { FC } from "react";
+
+export const Spinner: FC<{ className?: string }> = ({ className = "" }) => {
+  return (
+    <svg
+      role="status"
+      className={`${className} inline-block animate-spin fill-primary-light-500 dark:fill-primary-dark-500 text-black/10 dark:text-white/10`}
+      viewBox="0 0 100 101"
+      fill="none"
+      xmlns="http://www.w3.org/2000/svg"
+    >
+      <path
+        d="M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z"
+        fill="currentColor"
+      />
+      <path
+        d="M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z"
+        fill="currentFill"
+      />
+    </svg>
+  );
+};
diff --git a/login/apps/login/src/components/state-badge.tsx b/login/apps/login/src/components/state-badge.tsx
new file mode 100644
index 0000000000..00151390bf
--- /dev/null
+++ b/login/apps/login/src/components/state-badge.tsx
@@ -0,0 +1,40 @@
+import { clsx } from "clsx";
+import { ReactNode } from "react";
+
+export enum BadgeState {
+  Info = "info",
+  Error = "error",
+  Success = "success",
+  Alert = "alert",
+}
+
+export type StateBadgeProps = {
+  state: BadgeState;
+  children: ReactNode;
+  evenPadding?: boolean;
+};
+
+const getBadgeClasses = (state: BadgeState, evenPadding: boolean) =>
+  clsx({
+    "w-fit border-box h-18.5px flex flex-row items-center whitespace-nowrap tracking-wider leading-4 items-center justify-center px-2 py-2px text-12px rounded-full shadow-sm":
+      true,
+    "bg-state-success-light-background text-state-success-light-color dark:bg-state-success-dark-background dark:text-state-success-dark-color ":
+      state === BadgeState.Success,
+    "bg-state-neutral-light-background text-state-neutral-light-color dark:bg-state-neutral-dark-background dark:text-state-neutral-dark-color":
+      state === BadgeState.Info,
+    "bg-state-error-light-background text-state-error-light-color dark:bg-state-error-dark-background dark:text-state-error-dark-color":
+      state === BadgeState.Error,
+    "bg-state-alert-light-background text-state-alert-light-color dark:bg-state-alert-dark-background dark:text-state-alert-dark-color":
+      state === BadgeState.Alert,
+    "p-[2px]": evenPadding,
+  });
+
+export function StateBadge({
+  state = BadgeState.Success,
+  evenPadding = false,
+  children,
+}: StateBadgeProps) {
+  return (
+    <span className={`${getBadgeClasses(state, evenPadding)}`}>{children}</span>
+  );
+}
diff --git a/login/apps/login/src/components/tab-group.tsx b/login/apps/login/src/components/tab-group.tsx
new file mode 100644
index 0000000000..afa625d345
--- /dev/null
+++ b/login/apps/login/src/components/tab-group.tsx
@@ -0,0 +1,16 @@
+import { Tab } from "@/components/tab";
+
+export type Item = {
+  text: string;
+  slug?: string;
+};
+
+export const TabGroup = ({ path, items }: { path: string; items: Item[] }) => {
+  return (
+    <div className="-mt-2 flex flex-wrap items-center">
+      {items.map((item) => (
+        <Tab key={path + item.slug} item={item} path={path} />
+      ))}
+    </div>
+  );
+};
diff --git a/login/apps/login/src/components/tab.tsx b/login/apps/login/src/components/tab.tsx
new file mode 100644
index 0000000000..bd82931b5a
--- /dev/null
+++ b/login/apps/login/src/components/tab.tsx
@@ -0,0 +1,35 @@
+"use client";
+
+import type { Item } from "@/components/tab-group";
+import { clsx } from "clsx";
+import Link from "next/link";
+import { useSelectedLayoutSegment } from "next/navigation";
+
+export const Tab = ({
+  path,
+  item: { slug, text },
+}: {
+  path: string;
+  item: Item;
+}) => {
+  const segment = useSelectedLayoutSegment();
+  const href = slug ? path + "/" + slug : path;
+  const isActive =
+    // Example home pages e.g. `/layouts`
+    (!slug && segment === null) ||
+    // Nested pages e.g. `/layouts/electronics`
+    segment === slug;
+
+  return (
+    <Link
+      href={href}
+      className={clsx("mt-2 mr-2 rounded-lg px-3 py-1 text-sm font-medium", {
+        "bg-gray-700 text-gray-100 hover:bg-gray-500 hover:text-white":
+          !isActive,
+        "bg-blue-500 text-white": isActive,
+      })}
+    >
+      {text}
+    </Link>
+  );
+};
diff --git a/login/apps/login/src/components/theme-provider.tsx b/login/apps/login/src/components/theme-provider.tsx
new file mode 100644
index 0000000000..a8a72f86a6
--- /dev/null
+++ b/login/apps/login/src/components/theme-provider.tsx
@@ -0,0 +1,16 @@
+"use client";
+import { ThemeProvider as ThemeP } from "next-themes";
+import { ReactNode } from "react";
+
+export function ThemeProvider({ children }: { children: ReactNode }) {
+  return (
+    <ThemeP
+      attribute="class"
+      defaultTheme="system"
+      storageKey="cp-theme"
+      value={{ dark: "dark" }}
+    >
+      {children}
+    </ThemeP>
+  );
+}
diff --git a/login/apps/login/src/components/theme-wrapper.tsx b/login/apps/login/src/components/theme-wrapper.tsx
new file mode 100644
index 0000000000..314c3a2ef0
--- /dev/null
+++ b/login/apps/login/src/components/theme-wrapper.tsx
@@ -0,0 +1,18 @@
+"use client";
+
+import { setTheme } from "@/helpers/colors";
+import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2/branding_settings_pb";
+import { ReactNode, useEffect } from "react";
+
+type Props = {
+  branding: BrandingSettings | undefined;
+  children: ReactNode;
+};
+
+export const ThemeWrapper = ({ children, branding }: Props) => {
+  useEffect(() => {
+    setTheme(document, branding);
+  }, [branding]);
+
+  return <div>{children}</div>;
+};
diff --git a/login/apps/login/src/components/theme.tsx b/login/apps/login/src/components/theme.tsx
new file mode 100644
index 0000000000..86d39476ff
--- /dev/null
+++ b/login/apps/login/src/components/theme.tsx
@@ -0,0 +1,44 @@
+"use client";
+
+import { MoonIcon, SunIcon } from "@heroicons/react/24/outline";
+import { useTheme } from "next-themes";
+import { useEffect, useState } from "react";
+
+export function Theme() {
+  const { resolvedTheme, setTheme } = useTheme();
+  const [mounted, setMounted] = useState<boolean>(false);
+
+  const isDark = resolvedTheme === "dark";
+
+  // useEffect only runs on the client, so now we can safely show the UI
+  useEffect(() => {
+    setMounted(true);
+  }, []);
+
+  if (!mounted) {
+    return null;
+  }
+
+  return (
+    <div
+      className={`h-fit relative grid grid-cols-2 rounded-full border border-divider-light dark:border-divider-dark p-1`}
+    >
+      <button
+        className={`h-8 w-8 rounded-full flex flex-row items-center justify-center hover:opacity-100 transition-all ${
+          isDark ? "bg-black/10 dark:bg-white/10" : "opacity-60"
+        }`}
+        onClick={() => setTheme("dark")}
+      >
+        <MoonIcon className="h-4 w-4 flex-shrink-0 text-xl rounded-full" />
+      </button>
+      <button
+        className={`h-8 w-8 rounded-full flex flex-row items-center justify-center hover:opacity-100 transition-all ${
+          !isDark ? "bg-black/10 dark:bg-white/10" : "opacity-60"
+        }`}
+        onClick={() => setTheme("light")}
+      >
+        <SunIcon className="h-6 w-6 flex-shrink-0 text-xl rounded-full" />
+      </button>
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/totp-register.tsx b/login/apps/login/src/components/totp-register.tsx
new file mode 100644
index 0000000000..ea40fffbf0
--- /dev/null
+++ b/login/apps/login/src/components/totp-register.tsx
@@ -0,0 +1,157 @@
+"use client";
+
+import { getNextUrl } from "@/lib/client";
+import { verifyTOTP } from "@/lib/server/verify";
+import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import Link from "next/link";
+import { useRouter } from "next/navigation";
+import { QRCodeSVG } from "qrcode.react";
+import { useState } from "react";
+import { useForm } from "react-hook-form";
+import { Alert } from "./alert";
+import { Button, ButtonVariants } from "./button";
+import { CopyToClipboard } from "./copy-to-clipboard";
+import { TextInput } from "./input";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Inputs = {
+  code: string;
+};
+
+type Props = {
+  uri: string;
+  secret: string;
+  loginName?: string;
+  sessionId?: string;
+  requestId?: string;
+  organization?: string;
+  checkAfter?: boolean;
+  loginSettings?: LoginSettings;
+};
+export function TotpRegister({
+  uri,
+  secret,
+  loginName,
+  sessionId,
+  requestId,
+  organization,
+  checkAfter,
+  loginSettings,
+}: Props) {
+  const [error, setError] = useState<string>("");
+  const [loading, setLoading] = useState<boolean>(false);
+  const router = useRouter();
+
+  const { register, handleSubmit, formState } = useForm<Inputs>({
+    mode: "onBlur",
+    defaultValues: {
+      code: "",
+    },
+  });
+
+  async function continueWithCode(values: Inputs) {
+    setLoading(true);
+    return verifyTOTP(values.code, loginName, organization)
+      .then(async () => {
+        // if attribute is set, validate MFA after it is setup, otherwise proceed as usual (when mfa is enforced to login)
+        if (checkAfter) {
+          const params = new URLSearchParams({});
+
+          if (loginName) {
+            params.append("loginName", loginName);
+          }
+          if (requestId) {
+            params.append("requestId", requestId);
+          }
+          if (organization) {
+            params.append("organization", organization);
+          }
+
+          return router.push(`/otp/time-based?` + params);
+        } else {
+          const url =
+            requestId && sessionId
+              ? await getNextUrl(
+                  {
+                    sessionId: sessionId,
+                    requestId: requestId,
+                    organization: organization,
+                  },
+                  loginSettings?.defaultRedirectUri,
+                )
+              : loginName
+                ? await getNextUrl(
+                    {
+                      loginName: loginName,
+                      organization: organization,
+                    },
+                    loginSettings?.defaultRedirectUri,
+                  )
+                : null;
+
+          if (url) {
+            return router.push(url);
+          }
+        }
+      })
+      .catch((e) => {
+        setError(e.message);
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+  }
+
+  return (
+    <div className="flex flex-col items-center ">
+      {uri && (
+        <>
+          <QRCodeSVG
+            className="rounded-md w-40 h-40 p-2 bg-white my-4"
+            value={uri}
+          />
+          <div className="mb-4 w-96 flex text-sm my-2 border rounded-lg px-4 py-2 pr-2 border-divider-light dark:border-divider-dark">
+            <Link href={uri} target="_blank" className="flex-1 overflow-x-auto">
+              {uri}
+            </Link>
+
+            <CopyToClipboard value={uri}></CopyToClipboard>
+          </div>
+          <form className="w-full">
+            <div className="">
+              <TextInput
+                type="text"
+                {...register("code", { required: "This field is required" })}
+                label="Code"
+                data-testid="code-text-input"
+              />
+            </div>
+
+            {error && (
+              <div className="py-4">
+                <Alert>{error}</Alert>
+              </div>
+            )}
+
+            <div className="mt-8 flex w-full flex-row items-center">
+              <span className="flex-grow"></span>
+              <Button
+                type="submit"
+                className="self-end"
+                variant={ButtonVariants.Primary}
+                disabled={loading || !formState.isValid}
+                onClick={handleSubmit(continueWithCode)}
+                data-testid="submit-button"
+              >
+                {loading && <Spinner className="h-5 w-5 mr-2" />}
+                <Translated i18nKey="set.submit" namespace="otp" />
+              </Button>
+            </div>
+          </form>
+        </>
+      )}
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/translated.tsx b/login/apps/login/src/components/translated.tsx
new file mode 100644
index 0000000000..807ea18e8f
--- /dev/null
+++ b/login/apps/login/src/components/translated.tsx
@@ -0,0 +1,23 @@
+import { useTranslations } from "next-intl";
+
+export function Translated({
+  i18nKey,
+  children,
+  namespace,
+  data,
+  ...props
+}: {
+  i18nKey: string;
+  children?: React.ReactNode;
+  namespace?: string;
+  data?: any;
+} & React.HTMLAttributes<HTMLSpanElement>) {
+  const t = useTranslations(namespace);
+  const helperKey = `${namespace ? `${namespace}.` : ""}${i18nKey}`;
+
+  return (
+    <span data-i18n-key={helperKey} {...props}>
+      {t(i18nKey, data)}
+    </span>
+  );
+}
diff --git a/login/apps/login/src/components/user-avatar.tsx b/login/apps/login/src/components/user-avatar.tsx
new file mode 100644
index 0000000000..f2aa0bfed7
--- /dev/null
+++ b/login/apps/login/src/components/user-avatar.tsx
@@ -0,0 +1,59 @@
+import { Avatar } from "@/components/avatar";
+import { ChevronDownIcon } from "@heroicons/react/24/outline";
+import Link from "next/link";
+
+type Props = {
+  loginName?: string;
+  displayName?: string;
+  showDropdown: boolean;
+  searchParams?: Record<string | number | symbol, string | undefined>;
+};
+
+export function UserAvatar({
+  loginName,
+  displayName,
+  showDropdown,
+  searchParams,
+}: Props) {
+  const params = new URLSearchParams({});
+
+  if (searchParams?.sessionId) {
+    params.set("sessionId", searchParams.sessionId);
+  }
+
+  if (searchParams?.organization) {
+    params.set("organization", searchParams.organization);
+  }
+
+  if (searchParams?.requestId) {
+    params.set("requestId", searchParams.requestId);
+  }
+
+  if (searchParams?.loginName) {
+    params.set("loginName", searchParams.loginName);
+  }
+
+  return (
+    <div className="flex h-full flex-row items-center rounded-full border p-[1px] dark:border-white/20">
+      <div>
+        <Avatar
+          size="small"
+          name={displayName ?? loginName ?? ""}
+          loginName={loginName ?? ""}
+        />
+      </div>
+      <span className="ml-4 pr-4 text-14px max-w-[250px] text-ellipsis overflow-hidden">
+        {loginName}
+      </span>
+      <span className="flex-grow"></span>
+      {showDropdown && (
+        <Link
+          href={"/accounts?" + params}
+          className="ml-4 flex items-center justify-center p-1 hover:bg-black/10 dark:hover:bg-white/10 rounded-full mr-1 transition-all"
+        >
+          <ChevronDownIcon className="h-4 w-4" />
+        </Link>
+      )}
+    </div>
+  );
+}
diff --git a/login/apps/login/src/components/username-form.tsx b/login/apps/login/src/components/username-form.tsx
new file mode 100644
index 0000000000..1dffade4b5
--- /dev/null
+++ b/login/apps/login/src/components/username-form.tsx
@@ -0,0 +1,156 @@
+"use client";
+
+import { sendLoginname } from "@/lib/server/loginname";
+import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { useRouter } from "next/navigation";
+import { ReactNode, useEffect, useState } from "react";
+import { useForm } from "react-hook-form";
+import { Alert } from "./alert";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { TextInput } from "./input";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Inputs = {
+  loginName: string;
+};
+
+type Props = {
+  loginName: string | undefined;
+  requestId: string | undefined;
+  loginSettings: LoginSettings | undefined;
+  organization?: string;
+  suffix?: string;
+  submit: boolean;
+  allowRegister: boolean;
+  children?: ReactNode;
+};
+
+export function UsernameForm({
+  loginName,
+  requestId,
+  organization,
+  suffix,
+  loginSettings,
+  submit,
+  allowRegister,
+  children,
+}: Props) {
+  const { register, handleSubmit, formState } = useForm<Inputs>({
+    mode: "onBlur",
+    defaultValues: {
+      loginName: loginName ? loginName : "",
+    },
+  });
+
+  const router = useRouter();
+
+  const [loading, setLoading] = useState<boolean>(false);
+  const [error, setError] = useState<string>("");
+
+  async function submitLoginName(values: Inputs, organization?: string) {
+    setLoading(true);
+
+    const res = await sendLoginname({
+      loginName: values.loginName,
+      organization,
+      requestId,
+      suffix,
+    })
+      .catch(() => {
+        setError("An internal error occurred");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (res && "redirect" in res && res.redirect) {
+      return router.push(res.redirect);
+    }
+
+    if (res && "error" in res && res.error) {
+      setError(res.error);
+      return;
+    }
+
+    return res;
+  }
+
+  useEffect(() => {
+    if (submit && loginName) {
+      // When we navigate to this page, we always want to be redirected if submit is true and the parameters are valid.
+      submitLoginName({ loginName }, organization);
+    }
+  }, []);
+
+  let inputLabel = "Loginname";
+  if (
+    loginSettings?.disableLoginWithEmail &&
+    loginSettings?.disableLoginWithPhone
+  ) {
+    inputLabel = "Username";
+  } else if (loginSettings?.disableLoginWithEmail) {
+    inputLabel = "Username or phone number";
+  } else if (loginSettings?.disableLoginWithPhone) {
+    inputLabel = "Username or email";
+  }
+
+  return (
+    <form className="w-full">
+      <div className="">
+        <TextInput
+          type="text"
+          autoComplete="username"
+          {...register("loginName", { required: "This field is required" })}
+          label={inputLabel}
+          data-testid="username-text-input"
+          suffix={suffix}
+        />
+        {allowRegister && (
+          <button
+            className="transition-all text-sm hover:text-primary-light-500 dark:hover:text-primary-dark-500"
+            onClick={() => {
+              const registerParams = new URLSearchParams();
+              if (organization) {
+                registerParams.append("organization", organization);
+              }
+              if (requestId) {
+                registerParams.append("requestId", requestId);
+              }
+
+              router.push("/register?" + registerParams);
+            }}
+            type="button"
+            disabled={loading}
+            data-testid="register-button"
+          >
+            <Translated i18nKey="register" namespace="loginname" />
+          </button>
+        )}
+      </div>
+
+      {error && (
+        <div className="py-4" data-testid="error">
+          <Alert>{error}</Alert>
+        </div>
+      )}
+      <div className="mt-4 flex w-full flex-row items-center">
+        <BackButton data-testid="back-button" />
+        <span className="flex-grow"></span>
+        <Button
+          data-testid="submit-button"
+          type="submit"
+          className="self-end"
+          variant={ButtonVariants.Primary}
+          disabled={loading || !formState.isValid}
+          onClick={handleSubmit((e) => submitLoginName(e, organization))}
+        >
+          {loading && <Spinner className="h-5 w-5 mr-2" />}
+          <Translated i18nKey="submit" namespace="loginname" />
+        </Button>
+      </div>
+    </form>
+  );
+}
diff --git a/login/apps/login/src/components/verify-form.tsx b/login/apps/login/src/components/verify-form.tsx
new file mode 100644
index 0000000000..dac4c91314
--- /dev/null
+++ b/login/apps/login/src/components/verify-form.tsx
@@ -0,0 +1,168 @@
+"use client";
+
+import { Alert, AlertType } from "@/components/alert";
+import { resendVerification, sendVerification } from "@/lib/server/verify";
+import { useRouter } from "next/navigation";
+import { useCallback, useEffect, useState } from "react";
+import { useForm } from "react-hook-form";
+import { BackButton } from "./back-button";
+import { Button, ButtonVariants } from "./button";
+import { TextInput } from "./input";
+import { Spinner } from "./spinner";
+import { Translated } from "./translated";
+
+type Inputs = {
+  code: string;
+};
+
+type Props = {
+  userId: string;
+  loginName?: string;
+  organization?: string;
+  code?: string;
+  isInvite: boolean;
+  requestId?: string;
+};
+
+export function VerifyForm({
+  userId,
+  loginName,
+  organization,
+  requestId,
+  code,
+  isInvite,
+}: Props) {
+  const router = useRouter();
+
+  const { register, handleSubmit, formState } = useForm<Inputs>({
+    mode: "onBlur",
+    defaultValues: {
+      code: code ?? "",
+    },
+  });
+
+  const [error, setError] = useState<string>("");
+
+  const [loading, setLoading] = useState<boolean>(false);
+
+  async function resendCode() {
+    setError("");
+    setLoading(true);
+
+    const response = await resendVerification({
+      userId,
+      isInvite: isInvite,
+    })
+      .catch(() => {
+        setError("Could not resend email");
+        return;
+      })
+      .finally(() => {
+        setLoading(false);
+      });
+
+    if (response && "error" in response && response?.error) {
+      setError(response.error);
+      return;
+    }
+
+    return response;
+  }
+
+  const fcn = useCallback(
+    async function submitCodeAndContinue(
+      value: Inputs,
+    ): Promise<boolean | void> {
+      setLoading(true);
+
+      const response = await sendVerification({
+        code: value.code,
+        userId,
+        isInvite: isInvite,
+        loginName: loginName,
+        organization: organization,
+        requestId: requestId,
+      })
+        .catch(() => {
+          setError("Could not verify user");
+          return;
+        })
+        .finally(() => {
+          setLoading(false);
+        });
+
+      if (response && "error" in response && response?.error) {
+        setError(response.error);
+        return;
+      }
+
+      if (response && "redirect" in response && response?.redirect) {
+        return router.push(response?.redirect);
+      }
+    },
+    [isInvite, userId],
+  );
+
+  useEffect(() => {
+    if (code) {
+      fcn({ code });
+    }
+  }, [code, fcn]);
+
+  return (
+    <>
+      <form className="w-full">
+        <Alert type={AlertType.INFO}>
+          <div className="flex flex-row">
+            <span className="flex-1 mr-auto text-left">
+              <Translated i18nKey="verify.noCodeReceived" namespace="verify" />
+            </span>
+            <button
+              aria-label="Resend Code"
+              disabled={loading}
+              type="button"
+              className="ml-4 text-primary-light-500 dark:text-primary-dark-500 hover:dark:text-primary-dark-400 hover:text-primary-light-400 cursor-pointer disabled:cursor-default disabled:text-gray-400 dark:disabled:text-gray-700"
+              onClick={() => {
+                resendCode();
+              }}
+              data-testid="resend-button"
+            >
+              <Translated i18nKey="verify.resendCode" namespace="verify" />
+            </button>
+          </div>
+        </Alert>
+        <div className="mt-4">
+          <TextInput
+            type="text"
+            autoComplete="one-time-code"
+            {...register("code", { required: "This field is required" })}
+            label="Code"
+            data-testid="code-text-input"
+          />
+        </div>
+
+        {error && (
+          <div className="py-4" data-testid="error">
+            <Alert>{error}</Alert>
+          </div>
+        )}
+
+        <div className="mt-8 flex w-full flex-row items-center">
+          <BackButton />
+          <span className="flex-grow"></span>
+          <Button
+            type="submit"
+            className="self-end"
+            variant={ButtonVariants.Primary}
+            disabled={loading || !formState.isValid}
+            onClick={handleSubmit(fcn)}
+            data-testid="submit-button"
+          >
+            {loading && <Spinner className="h-5 w-5 mr-2" />}
+            <Translated i18nKey="verify.submit" namespace="verify" />
+          </Button>
+        </div>
+      </form>
+    </>
+  );
+}
diff --git a/login/apps/login/src/components/zitadel-logo-dark.tsx b/login/apps/login/src/components/zitadel-logo-dark.tsx
new file mode 100644
index 0000000000..0df6ae2004
--- /dev/null
+++ b/login/apps/login/src/components/zitadel-logo-dark.tsx
@@ -0,0 +1,210 @@
+import { FC } from "react";
+
+export const ZitadelLogoDark: FC = (props) => (
+  <svg
+    xmlns="http://www.w3.org/2000/svg"
+    fillRule="evenodd"
+    strokeLinejoin="round"
+    strokeMiterlimit="2"
+    height="100%"
+    width="100%"
+    clipRule="evenodd"
+    viewBox="0 0 467 467"
+  >
+    <g transform="matrix(.56485 0 0 .65932 -1282.85 0)">
+      <path
+        fill="none"
+        d="M2271.15 0H3097.9230000000002V708.241H2271.15z"
+      ></path>
+      <path
+        fill="#fff"
+        d="M1493.5 1056.38V1037h3v24.62l-70.48-41.24 70.48-40.988V1004h-3v-19.392l-61.52 35.782 61.52 35.99z"
+        transform="matrix(4.96737 -1.14029 1.331 4.25561 -5923.46 -2258.26)"
+      ></path>
+      <path
+        fill="url(#_Linear1)"
+        d="M212.517 110h-12.125L190 92l-10.392 18h-12.125L190 71l22.517 39z"
+        transform="matrix(31.0036 0 0 15.0393 -397275 -666.457) matrix(-.04293 -.28297 .16022 -.07582 12884.5 137.392)"
+      ></path>
+      <path
+        fill="url(#_Linear2)"
+        d="M212.517 110h-12.125L190 92l-10.392 18h-12.125L190 71l22.517 39z"
+        transform="matrix(31.0036 0 0 15.0393 -397275 -666.457) matrix(.16022 .07582 -.04293 .28297 12878.9 10.875)"
+      ></path>
+      <path
+        fill="url(#_Linear3)"
+        d="M212.517 110h-12.125L190 92l-10.392 18h-12.125L190 71l22.517 39z"
+        transform="matrix(31.0036 0 0 15.0393 -397275 -666.457) matrix(-.11729 .20715 -.11729 -.20715 12943.8 65.7)"
+      ></path>
+      <path
+        fill="url(#_Linear4)"
+        d="M139.622 117L149 142h-18.756l9.378-25z"
+        transform="matrix(31.0036 0 0 15.0393 -397275 -666.457) matrix(-.16022 -.07582 .04293 -.28297 12917.4 132.195)"
+      ></path>
+      <path
+        fill="url(#_Linear5)"
+        d="M139.622 117L149 142h-18.756l9.378-25z"
+        transform="matrix(31.0036 0 0 15.0393 -397275 -666.457) matrix(-.11729 .20715 .11729 .20715 12897.8 5.875)"
+      ></path>
+      <path
+        fill="url(#_Linear6)"
+        d="M139.622 117L149 142h-18.756l9.378-25z"
+        transform="matrix(31.0036 0 0 15.0393 -397275 -666.457) matrix(-.04293 -.28297 -.16022 .07582 12936.8 97.644)"
+      ></path>
+      <circle
+        cx="1496"
+        cy="1004"
+        r="7"
+        fill="#fff"
+        transform="matrix(4.96737 -1.14029 1.331 4.25561 -5928.43 -2257.12)"
+      ></circle>
+      <circle
+        cx="1496"
+        cy="1004"
+        r="7"
+        fill="#fff"
+        transform="matrix(4.96737 -1.14029 1.331 4.25561 -5884.5 -2116.69)"
+      ></circle>
+      <circle
+        cx="1496"
+        cy="1004"
+        r="7"
+        fill="#fff"
+        transform="matrix(4.96737 -1.14029 1.331 4.25561 -5855.22 -2023.06)"
+      ></circle>
+      <circle
+        cx="1496"
+        cy="1004"
+        r="7"
+        fill="#fff"
+        transform="matrix(4.96737 -1.14029 1.331 4.25561 -6234.47 -2112.14)"
+      ></circle>
+      <circle
+        cx="1496"
+        cy="1004"
+        r="7"
+        fill="#fff"
+        transform="matrix(4.96737 -1.14029 1.331 4.25561 -5957.71 -2350.75)"
+      ></circle>
+      <path
+        fill="#fff"
+        d="M1499.26 757.787s-1.89-1.298-2.26-2.587c-.29-1.018-.43-4.538-.46-5.2-.13-2.697 2.67-4.356 2.67-4.356l-9.2.191s3.14-.122 3.45 4.165c.05.661-.23 3.476-.46 5.2-.09 1.247-1.8 2.468-1.8 2.468l8.06.119z"
+        transform="matrix(4.96737 -1.14029 1.16463 3.72366 -5477.99 -831.33)"
+      ></path>
+      <path
+        fill="none"
+        d="M1495 760v-16"
+        transform="matrix(4.96737 -1.14029 1.16463 3.72366 -5404.79 -597.271)"
+      ></path>
+      <g>
+        <path
+          fill="#fff"
+          d="M1498.27 757.077s-1.56-.617-1.62-2.277c0-1.142-.01-1.519 0-2.784-.03-.682-.06-1.408 0-2.067.13-3.113 1.85-3.793 1.85-3.793l-7.04-.225s1.91.788 2.19 3.899c.06.659.04 1.698 0 2.379a88.86 88.86 0 000 2.309c.03 1.816-1.07 2.309-1.07 2.309l5.69.25z"
+          transform="matrix(4.96737 -1.14029 1.16463 3.72366 -5404.79 -597.271)"
+        ></path>
+      </g>
+      <g>
+        <path
+          fill="none"
+          d="M1496.17 759.473l59.37-39.459"
+          transform="matrix(4.96737 -1.14029 1.16463 3.72366 -5770.62 -677.495)"
+        ></path>
+      </g>
+      <g>
+        <path
+          fill="#fff"
+          d="M1500.86 762.056s-1-1.656 2.23-4.6c1.82-1.659 4.24-3.305 6.89-5.201 4.84-3.465 10.7-7.315 16.54-11.206 4.93-3.283 9.86-6.57 14.3-9.369 3.7-2.331 7.03-4.384 9.72-5.88.53-.294 1.06-.471 1.51-.771 2.68-1.772 4.8-.061 4.8-.061l-4.62-8.686s-.24 3.172-2.23 4.715c-.43.336-.85.744-1.33 1.123-2.47 1.933-5.68 4.224-9.28 6.747-4.33 3.031-9.26 6.299-14.2 9.571-5.84 3.876-11.67 7.796-16.7 10.891-2.75 1.694-5.21 3.248-7.36 4.269-3.14 1.488-5.85.019-5.85.019l5.58 8.439z"
+          transform="matrix(4.96737 -1.14029 1.16463 3.72366 -5770.62 -677.495)"
+        ></path>
+      </g>
+      <g>
+        <path
+          fill="none"
+          d="M1496.17 759.473l59.37-39.459"
+          transform="matrix(4.96737 -1.14029 -1.16463 -3.72366 -3997 4993.28)"
+        ></path>
+      </g>
+      <g>
+        <path
+          fill="#fff"
+          d="M1496.1 754.362s1.1 1.245 5.03-.764c2.12-1.089 4.61-2.575 7.36-4.269 5.03-3.095 10.86-7.015 16.7-10.891 4.94-3.272 9.75-6.606 14.08-9.636 3.6-2.523 10.09-6.743 10.54-7.052 2.94-2.02 2.37-3.554 2.37-3.554l3.1 5.956s-1.51-1.247-3.91.529c-.44.325-6.85 4.668-10.55 6.999-4.44 2.799-9.37 6.086-14.3 9.369-5.84 3.891-11.7 7.741-16.54 11.206-2.65 1.896-5.09 3.516-6.89 5.201-3.62 3.385-1.83 5.827-1.83 5.827l-5.16-8.921z"
+          transform="matrix(4.96737 -1.14029 -1.16463 -3.72366 -3997 4993.28)"
+        ></path>
+      </g>
+    </g>
+    <defs>
+      <linearGradient
+        id="_Linear1"
+        x1="0"
+        x2="1"
+        y1="0"
+        y2="0"
+        gradientTransform="scale(-160.7235) rotate(-75 -.938 .578)"
+        gradientUnits="userSpaceOnUse"
+      >
+        <stop offset="0" stopColor="#FF8F00"></stop>
+        <stop offset="1" stopColor="#FE00FF"></stop>
+      </linearGradient>
+      <linearGradient
+        id="_Linear2"
+        x1="0"
+        x2="1"
+        y1="0"
+        y2="0"
+        gradientTransform="scale(160.7235) rotate(-15 4.962 -1.993)"
+        gradientUnits="userSpaceOnUse"
+      >
+        <stop offset="0" stopColor="#FF8F00"></stop>
+        <stop offset="1" stopColor="#FE00FF"></stop>
+      </linearGradient>
+      <linearGradient
+        id="_Linear3"
+        x1="0"
+        x2="1"
+        y1="0"
+        y2="0"
+        gradientTransform="rotate(-135 173.811 54.311) scale(160.724)"
+        gradientUnits="userSpaceOnUse"
+      >
+        <stop offset="0" stopColor="#FF8F00"></stop>
+        <stop offset="1" stopColor="#FE00FF"></stop>
+      </linearGradient>
+      <linearGradient
+        id="_Linear4"
+        x1="0"
+        x2="1"
+        y1="0"
+        y2="0"
+        gradientTransform="scale(-160.7235) rotate(-15 -4.103 4.77)"
+        gradientUnits="userSpaceOnUse"
+      >
+        <stop offset="0" stopColor="#FF8F00"></stop>
+        <stop offset="1" stopColor="#FE00FF"></stop>
+      </linearGradient>
+      <linearGradient
+        id="_Linear5"
+        x1="0"
+        x2="1"
+        y1="0"
+        y2="0"
+        gradientTransform="scale(-160.724 160.724) rotate(45 -1.58 -1.166)"
+        gradientUnits="userSpaceOnUse"
+      >
+        <stop offset="0" stopColor="#FF8F00"></stop>
+        <stop offset="1" stopColor="#FE00FF"></stop>
+      </linearGradient>
+      <linearGradient
+        id="_Linear6"
+        x1="0"
+        x2="1"
+        y1="0"
+        y2="0"
+        gradientTransform="scale(-160.7235 160.7235) rotate(-75 .592 1.434)"
+        gradientUnits="userSpaceOnUse"
+      >
+        <stop offset="0" stopColor="#FF8F00"></stop>
+        <stop offset="1" stopColor="#FE00FF"></stop>
+      </linearGradient>
+    </defs>
+  </svg>
+);
diff --git a/login/apps/login/src/components/zitadel-logo-light.tsx b/login/apps/login/src/components/zitadel-logo-light.tsx
new file mode 100644
index 0000000000..51529aa821
--- /dev/null
+++ b/login/apps/login/src/components/zitadel-logo-light.tsx
@@ -0,0 +1,210 @@
+import { FC } from "react";
+
+export const ZitadelLogoLight: FC = (props) => (
+  <svg
+    xmlns="http://www.w3.org/2000/svg"
+    fillRule="evenodd"
+    strokeLinejoin="round"
+    strokeMiterlimit="2"
+    height="100%"
+    width="100%"
+    clipRule="evenodd"
+    viewBox="0 0 467 467"
+  >
+    <g transform="matrix(.56485 0 0 .65932 -1282.85 0)">
+      <path
+        fill="none"
+        d="M2271.15 0H3097.9230000000002V708.241H2271.15z"
+      ></path>
+      <path
+        fill="#fff"
+        d="M1493.5 1056.38V1037h3v24.62l-70.48-41.24 70.48-40.988V1004h-3v-19.392l-61.52 35.782 61.52 35.99z"
+        transform="matrix(4.96737 -1.14029 1.331 4.25561 -5923.46 -2258.26)"
+      ></path>
+      <path
+        fill="url(#_Linear1)"
+        d="M212.517 110h-12.125L190 92l-10.392 18h-12.125L190 71l22.517 39z"
+        transform="matrix(31.0036 0 0 15.0393 -397275 -666.457) matrix(-.04293 -.28297 .16022 -.07582 12884.5 137.392)"
+      ></path>
+      <path
+        fill="url(#_Linear2)"
+        d="M212.517 110h-12.125L190 92l-10.392 18h-12.125L190 71l22.517 39z"
+        transform="matrix(31.0036 0 0 15.0393 -397275 -666.457) matrix(.16022 .07582 -.04293 .28297 12878.9 10.875)"
+      ></path>
+      <path
+        fill="url(#_Linear3)"
+        d="M212.517 110h-12.125L190 92l-10.392 18h-12.125L190 71l22.517 39z"
+        transform="matrix(31.0036 0 0 15.0393 -397275 -666.457) matrix(-.11729 .20715 -.11729 -.20715 12943.8 65.7)"
+      ></path>
+      <path
+        fill="url(#_Linear4)"
+        d="M139.622 117L149 142h-18.756l9.378-25z"
+        transform="matrix(31.0036 0 0 15.0393 -397275 -666.457) matrix(-.16022 -.07582 .04293 -.28297 12917.4 132.195)"
+      ></path>
+      <path
+        fill="url(#_Linear5)"
+        d="M139.622 117L149 142h-18.756l9.378-25z"
+        transform="matrix(31.0036 0 0 15.0393 -397275 -666.457) matrix(-.11729 .20715 .11729 .20715 12897.8 5.875)"
+      ></path>
+      <path
+        fill="url(#_Linear6)"
+        d="M139.622 117L149 142h-18.756l9.378-25z"
+        transform="matrix(31.0036 0 0 15.0393 -397275 -666.457) matrix(-.04293 -.28297 -.16022 .07582 12936.8 97.644)"
+      ></path>
+      <circle
+        cx="1496"
+        cy="1004"
+        r="7"
+        fill="#fff"
+        transform="matrix(4.96737 -1.14029 1.331 4.25561 -5928.43 -2257.12)"
+      ></circle>
+      <circle
+        cx="1496"
+        cy="1004"
+        r="7"
+        fill="#fff"
+        transform="matrix(4.96737 -1.14029 1.331 4.25561 -5884.5 -2116.69)"
+      ></circle>
+      <circle
+        cx="1496"
+        cy="1004"
+        r="7"
+        fill="#fff"
+        transform="matrix(4.96737 -1.14029 1.331 4.25561 -5855.22 -2023.06)"
+      ></circle>
+      <circle
+        cx="1496"
+        cy="1004"
+        r="7"
+        fill="#fff"
+        transform="matrix(4.96737 -1.14029 1.331 4.25561 -6234.47 -2112.14)"
+      ></circle>
+      <circle
+        cx="1496"
+        cy="1004"
+        r="7"
+        fill="#fff"
+        transform="matrix(4.96737 -1.14029 1.331 4.25561 -5957.71 -2350.75)"
+      ></circle>
+      <path
+        fill="#fff"
+        d="M1499.26 757.787s-1.89-1.298-2.26-2.587c-.29-1.018-.43-4.538-.46-5.2-.13-2.697 2.67-4.356 2.67-4.356l-9.2.191s3.14-.122 3.45 4.165c.05.661-.23 3.476-.46 5.2-.09 1.247-1.8 2.468-1.8 2.468l8.06.119z"
+        transform="matrix(4.96737 -1.14029 1.16463 3.72366 -5477.99 -831.33)"
+      ></path>
+      <path
+        fill="none"
+        d="M1495 760v-16"
+        transform="matrix(4.96737 -1.14029 1.16463 3.72366 -5404.79 -597.271)"
+      ></path>
+      <g>
+        <path
+          fill="#fff"
+          d="M1498.27 757.077s-1.56-.617-1.62-2.277c0-1.142-.01-1.519 0-2.784-.03-.682-.06-1.408 0-2.067.13-3.113 1.85-3.793 1.85-3.793l-7.04-.225s1.91.788 2.19 3.899c.06.659.04 1.698 0 2.379a88.86 88.86 0 000 2.309c.03 1.816-1.07 2.309-1.07 2.309l5.69.25z"
+          transform="matrix(4.96737 -1.14029 1.16463 3.72366 -5404.79 -597.271)"
+        ></path>
+      </g>
+      <g>
+        <path
+          fill="none"
+          d="M1496.17 759.473l59.37-39.459"
+          transform="matrix(4.96737 -1.14029 1.16463 3.72366 -5770.62 -677.495)"
+        ></path>
+      </g>
+      <g>
+        <path
+          fill="#fff"
+          d="M1500.86 762.056s-1-1.656 2.23-4.6c1.82-1.659 4.24-3.305 6.89-5.201 4.84-3.465 10.7-7.315 16.54-11.206 4.93-3.283 9.86-6.57 14.3-9.369 3.7-2.331 7.03-4.384 9.72-5.88.53-.294 1.06-.471 1.51-.771 2.68-1.772 4.8-.061 4.8-.061l-4.62-8.686s-.24 3.172-2.23 4.715c-.43.336-.85.744-1.33 1.123-2.47 1.933-5.68 4.224-9.28 6.747-4.33 3.031-9.26 6.299-14.2 9.571-5.84 3.876-11.67 7.796-16.7 10.891-2.75 1.694-5.21 3.248-7.36 4.269-3.14 1.488-5.85.019-5.85.019l5.58 8.439z"
+          transform="matrix(4.96737 -1.14029 1.16463 3.72366 -5770.62 -677.495)"
+        ></path>
+      </g>
+      <g>
+        <path
+          fill="none"
+          d="M1496.17 759.473l59.37-39.459"
+          transform="matrix(4.96737 -1.14029 -1.16463 -3.72366 -3997 4993.28)"
+        ></path>
+      </g>
+      <g>
+        <path
+          fill="#fff"
+          d="M1496.1 754.362s1.1 1.245 5.03-.764c2.12-1.089 4.61-2.575 7.36-4.269 5.03-3.095 10.86-7.015 16.7-10.891 4.94-3.272 9.75-6.606 14.08-9.636 3.6-2.523 10.09-6.743 10.54-7.052 2.94-2.02 2.37-3.554 2.37-3.554l3.1 5.956s-1.51-1.247-3.91.529c-.44.325-6.85 4.668-10.55 6.999-4.44 2.799-9.37 6.086-14.3 9.369-5.84 3.891-11.7 7.741-16.54 11.206-2.65 1.896-5.09 3.516-6.89 5.201-3.62 3.385-1.83 5.827-1.83 5.827l-5.16-8.921z"
+          transform="matrix(4.96737 -1.14029 -1.16463 -3.72366 -3997 4993.28)"
+        ></path>
+      </g>
+    </g>
+    <defs>
+      <linearGradient
+        id="_Linear1"
+        x1="0"
+        x2="1"
+        y1="0"
+        y2="0"
+        gradientTransform="scale(-160.7235) rotate(-75 -.938 .578)"
+        gradientUnits="userSpaceOnUse"
+      >
+        <stop offset="0" stopColor="#FF8F00"></stop>
+        <stop offset="1" stopColor="#FE00FF"></stop>
+      </linearGradient>
+      <linearGradient
+        id="_Linear2"
+        x1="0"
+        x2="1"
+        y1="0"
+        y2="0"
+        gradientTransform="scale(160.7235) rotate(-15 4.962 -1.993)"
+        gradientUnits="userSpaceOnUse"
+      >
+        <stop offset="0" stopColor="#FF8F00"></stop>
+        <stop offset="1" stopColor="#FE00FF"></stop>
+      </linearGradient>
+      <linearGradient
+        id="_Linear3"
+        x1="0"
+        x2="1"
+        y1="0"
+        y2="0"
+        gradientTransform="rotate(-135 173.811 54.311) scale(160.724)"
+        gradientUnits="userSpaceOnUse"
+      >
+        <stop offset="0" stopColor="#FF8F00"></stop>
+        <stop offset="1" stopColor="#FE00FF"></stop>
+      </linearGradient>
+      <linearGradient
+        id="_Linear4"
+        x1="0"
+        x2="1"
+        y1="0"
+        y2="0"
+        gradientTransform="scale(-160.7235) rotate(-15 -4.103 4.77)"
+        gradientUnits="userSpaceOnUse"
+      >
+        <stop offset="0" stopColor="#FF8F00"></stop>
+        <stop offset="1" stopColor="#FE00FF"></stop>
+      </linearGradient>
+      <linearGradient
+        id="_Linear5"
+        x1="0"
+        x2="1"
+        y1="0"
+        y2="0"
+        gradientTransform="scale(-160.724 160.724) rotate(45 -1.58 -1.166)"
+        gradientUnits="userSpaceOnUse"
+      >
+        <stop offset="0" stopColor="#FF8F00"></stop>
+        <stop offset="1" stopColor="#FE00FF"></stop>
+      </linearGradient>
+      <linearGradient
+        id="_Linear6"
+        x1="0"
+        x2="1"
+        y1="0"
+        y2="0"
+        gradientTransform="scale(-160.7235 160.7235) rotate(-75 .592 1.434)"
+        gradientUnits="userSpaceOnUse"
+      >
+        <stop offset="0" stopColor="#FF8F00"></stop>
+        <stop offset="1" stopColor="#FE00FF"></stop>
+      </linearGradient>
+    </defs>
+  </svg>
+);
diff --git a/login/apps/login/src/components/zitadel-logo.tsx b/login/apps/login/src/components/zitadel-logo.tsx
new file mode 100644
index 0000000000..105665fbba
--- /dev/null
+++ b/login/apps/login/src/components/zitadel-logo.tsx
@@ -0,0 +1,32 @@
+import Image from "next/image";
+type Props = {
+  height?: number;
+  width?: number;
+};
+
+export function ZitadelLogo({ height = 40, width = 147.5 }: Props) {
+  return (
+    <>
+      <div className="hidden dark:flex">
+        {/* <ZitadelLogoLight /> */}
+
+        <Image
+          height={height}
+          width={width}
+          src="/zitadel-logo-light.svg"
+          alt="zitadel logo"
+          priority={true}
+        />
+      </div>
+      <div className="flex dark:hidden">
+        <Image
+          height={height}
+          width={width}
+          priority={true}
+          src="/zitadel-logo-dark.svg"
+          alt="zitadel logo"
+        />
+      </div>
+    </>
+  );
+}
diff --git a/login/apps/login/src/helpers/base64.ts b/login/apps/login/src/helpers/base64.ts
new file mode 100644
index 0000000000..967cdc8d17
--- /dev/null
+++ b/login/apps/login/src/helpers/base64.ts
@@ -0,0 +1,63 @@
+export function coerceToBase64Url(thing: any, name: string) {
+  // Array or ArrayBuffer to Uint8Array
+  if (Array.isArray(thing)) {
+    thing = Uint8Array.from(thing);
+  }
+
+  if (thing instanceof ArrayBuffer) {
+    thing = new Uint8Array(thing);
+  }
+
+  // Uint8Array to base64
+  if (thing instanceof Uint8Array) {
+    var str = "";
+    var len = thing.byteLength;
+
+    for (var i = 0; i < len; i++) {
+      str += String.fromCharCode(thing[i]);
+    }
+    thing = window.btoa(str);
+  }
+
+  if (typeof thing !== "string") {
+    throw new Error("could not coerce '" + name + "' to string");
+  }
+
+  // base64 to base64url
+  // NOTE: "=" at the end of challenge is optional, strip it off here
+  thing = thing.replace(/\+/g, "-").replace(/\//g, "_").replace(/=*$/g, "");
+
+  return thing;
+}
+
+export function coerceToArrayBuffer(thing: any, name: string) {
+  if (typeof thing === "string") {
+    // base64url to base64
+    thing = thing.replace(/-/g, "+").replace(/_/g, "/");
+
+    // base64 to Uint8Array
+    var str = window.atob(thing);
+    var bytes = new Uint8Array(str.length);
+    for (var i = 0; i < str.length; i++) {
+      bytes[i] = str.charCodeAt(i);
+    }
+    thing = bytes;
+  }
+
+  // Array to Uint8Array
+  if (Array.isArray(thing)) {
+    thing = new Uint8Array(thing);
+  }
+
+  // Uint8Array to ArrayBuffer
+  if (thing instanceof Uint8Array) {
+    thing = thing.buffer;
+  }
+
+  // error if none of the above worked
+  if (!(thing instanceof ArrayBuffer)) {
+    throw new TypeError("could not coerce '" + name + "' to ArrayBuffer");
+  }
+
+  return thing;
+}
diff --git a/login/apps/login/src/helpers/colors.ts b/login/apps/login/src/helpers/colors.ts
new file mode 100644
index 0000000000..bdb07cecfd
--- /dev/null
+++ b/login/apps/login/src/helpers/colors.ts
@@ -0,0 +1,439 @@
+import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2/branding_settings_pb";
+import tinycolor from "tinycolor2";
+
+export interface Color {
+  name: string;
+  hex: string;
+  rgb: string;
+  contrastColor: string;
+}
+
+export type MapName = "background" | "primary" | "warn" | "text" | "link";
+
+export type ColorName =
+  | "50"
+  | "100"
+  | "200"
+  | "300"
+  | "400"
+  | "500"
+  | "600"
+  | "700"
+  | "800"
+  | "C900"
+  | "A100"
+  | "A200"
+  | "A400"
+  | "A700";
+
+export type ColorMap = {
+  [key in MapName]: Color[];
+};
+
+export const DARK_PRIMARY = "#2073c4";
+export const PRIMARY = "#5469d4";
+
+export const DARK_WARN = "#ff3b5b";
+export const WARN = "#cd3d56";
+
+export const DARK_BACKGROUND = "#111827";
+export const BACKGROUND = "#fafafa";
+
+export const DARK_TEXT = "#ffffff";
+export const TEXT = "#000000";
+
+export type LabelPolicyColors = {
+  backgroundColor: string;
+  backgroundColorDark: string;
+  fontColor: string;
+  fontColorDark: string;
+  warnColor: string;
+  warnColorDark: string;
+  primaryColor: string;
+  primaryColorDark: string;
+};
+
+type BrandingColors = {
+  lightTheme: {
+    backgroundColor: string;
+    fontColor: string;
+    primaryColor: string;
+    warnColor: string;
+  };
+  darkTheme: {
+    backgroundColor: string;
+    fontColor: string;
+    primaryColor: string;
+    warnColor: string;
+  };
+};
+
+export function setTheme(document: any, policy?: BrandingSettings) {
+  const lP: BrandingColors = {
+    lightTheme: {
+      backgroundColor: policy?.lightTheme?.backgroundColor || BACKGROUND,
+      fontColor: policy?.lightTheme?.fontColor || TEXT,
+      primaryColor: policy?.lightTheme?.primaryColor || PRIMARY,
+      warnColor: policy?.lightTheme?.warnColor || WARN,
+    },
+    darkTheme: {
+      backgroundColor: policy?.darkTheme?.backgroundColor || DARK_BACKGROUND,
+      fontColor: policy?.darkTheme?.fontColor || DARK_TEXT,
+      primaryColor: policy?.darkTheme?.primaryColor || DARK_PRIMARY,
+      warnColor: policy?.darkTheme?.warnColor || DARK_WARN,
+    },
+  };
+
+  const dark = computeMap(lP, true);
+  const light = computeMap(lP, false);
+
+  setColorShades(dark.background, "background", "dark", document);
+  setColorShades(light.background, "background", "light", document);
+
+  setColorShades(dark.primary, "primary", "dark", document);
+  setColorShades(light.primary, "primary", "light", document);
+
+  setColorShades(dark.warn, "warn", "dark", document);
+  setColorShades(light.warn, "warn", "light", document);
+
+  setColorAlpha(dark.text, "text", "dark", document);
+  setColorAlpha(light.text, "text", "light", document);
+
+  setColorAlpha(dark.link, "link", "dark", document);
+  setColorAlpha(light.link, "link", "light", document);
+}
+
+function setColorShades(
+  map: Color[],
+  type: string,
+  theme: string,
+  document: any,
+) {
+  map.forEach((color) => {
+    document.documentElement.style.setProperty(
+      `--theme-${theme}-${type}-${color.name}`,
+      color.hex,
+    );
+    document.documentElement.style.setProperty(
+      `--theme-${theme}-${type}-contrast-${color.name}`,
+      color.contrastColor,
+    );
+  });
+}
+
+function setColorAlpha(
+  map: Color[],
+  type: string,
+  theme: string,
+  document: any,
+) {
+  map.forEach((color) => {
+    document.documentElement.style.setProperty(
+      `--theme-${theme}-${type}-${color.name}`,
+      color.hex,
+    );
+    document.documentElement.style.setProperty(
+      `--theme-${theme}-${type}-contrast-${color.name}`,
+      color.contrastColor,
+    );
+    document.documentElement.style.setProperty(
+      `--theme-${theme}-${type}-secondary-${color.name}`,
+      `${color.hex}c7`,
+    );
+  });
+}
+
+function computeColors(hex: string): Color[] {
+  return [
+    getColorObject(tinycolor(hex).lighten(52), "50"),
+    getColorObject(tinycolor(hex).lighten(37), "100"),
+    getColorObject(tinycolor(hex).lighten(26), "200"),
+    getColorObject(tinycolor(hex).lighten(12), "300"),
+    getColorObject(tinycolor(hex).lighten(6), "400"),
+    getColorObject(tinycolor(hex), "500"),
+    getColorObject(tinycolor(hex).darken(6), "600"),
+    getColorObject(tinycolor(hex).darken(12), "700"),
+    getColorObject(tinycolor(hex).darken(18), "800"),
+    getColorObject(tinycolor(hex).darken(24), "900"),
+    getColorObject(tinycolor(hex).lighten(50).saturate(30), "A100"),
+    getColorObject(tinycolor(hex).lighten(30).saturate(30), "A200"),
+    getColorObject(tinycolor(hex).lighten(10).saturate(15), "A400"),
+    getColorObject(tinycolor(hex).lighten(5).saturate(5), "A700"),
+  ];
+}
+
+function getColorObject(value: any, name: string): Color {
+  const c = tinycolor(value);
+  return {
+    name: name,
+    hex: c.toHexString(),
+    rgb: c.toRgbString(),
+    contrastColor: getContrast(c.toHexString()),
+  } as Color;
+}
+
+function getContrast(color: string): string {
+  const onBlack = tinycolor.readability("#000", color);
+  const onWhite = tinycolor.readability("#fff", color);
+  if (onBlack > onWhite) {
+    return "hsla(0, 0%, 0%, 0.87)";
+  } else {
+    return "#ffffff";
+  }
+}
+
+export function computeMap(branding: BrandingColors, dark: boolean): ColorMap {
+  return {
+    background: computeColors(
+      dark
+        ? branding.darkTheme.backgroundColor
+        : branding.lightTheme.backgroundColor,
+    ),
+    primary: computeColors(
+      dark ? branding.darkTheme.primaryColor : branding.lightTheme.primaryColor,
+    ),
+    warn: computeColors(
+      dark ? branding.darkTheme.warnColor : branding.lightTheme.warnColor,
+    ),
+    text: computeColors(
+      dark ? branding.darkTheme.fontColor : branding.lightTheme.fontColor,
+    ),
+    link: computeColors(
+      dark ? branding.darkTheme.fontColor : branding.lightTheme.fontColor,
+    ),
+  };
+}
+
+export interface ColorShade {
+  200: string;
+  300: string;
+  500: string;
+  600: string;
+  700: string;
+  900: string;
+}
+
+export const COLORS = [
+  {
+    500: "#ef4444",
+    200: "#fecaca",
+    300: "#fca5a5",
+    600: "#dc2626",
+    700: "#b91c1c",
+    900: "#7f1d1d",
+  },
+  {
+    500: "#f97316",
+    200: "#fed7aa",
+    300: "#fdba74",
+    600: "#ea580c",
+    700: "#c2410c",
+    900: "#7c2d12",
+  },
+  {
+    500: "#f59e0b",
+    200: "#fde68a",
+    300: "#fcd34d",
+    600: "#d97706",
+    700: "#b45309",
+    900: "#78350f",
+  },
+  {
+    500: "#eab308",
+    200: "#fef08a",
+    300: "#fde047",
+    600: "#ca8a04",
+    700: "#a16207",
+    900: "#713f12",
+  },
+  {
+    500: "#84cc16",
+    200: "#d9f99d",
+    300: "#bef264",
+    600: "#65a30d",
+    700: "#4d7c0f",
+    900: "#365314",
+  },
+  {
+    500: "#22c55e",
+    200: "#bbf7d0",
+    300: "#86efac",
+    600: "#16a34a",
+    700: "#15803d",
+    900: "#14532d",
+  },
+  {
+    500: "#10b981",
+    200: "#a7f3d0",
+    300: "#6ee7b7",
+    600: "#059669",
+    700: "#047857",
+    900: "#064e3b",
+  },
+  {
+    500: "#14b8a6",
+    200: "#99f6e4",
+    300: "#5eead4",
+    600: "#0d9488",
+    700: "#0f766e",
+    900: "#134e4a",
+  },
+  {
+    500: "#06b6d4",
+    200: "#a5f3fc",
+    300: "#67e8f9",
+    600: "#0891b2",
+    700: "#0e7490",
+    900: "#164e63",
+  },
+  {
+    500: "#0ea5e9",
+    200: "#bae6fd",
+    300: "#7dd3fc",
+    600: "#0284c7",
+    700: "#0369a1",
+    900: "#0c4a6e",
+  },
+  {
+    500: "#3b82f6",
+    200: "#bfdbfe",
+    300: "#93c5fd",
+    600: "#2563eb",
+    700: "#1d4ed8",
+    900: "#1e3a8a",
+  },
+  {
+    500: "#6366f1",
+    200: "#c7d2fe",
+    300: "#a5b4fc",
+    600: "#4f46e5",
+    700: "#4338ca",
+    900: "#312e81",
+  },
+  {
+    500: "#8b5cf6",
+    200: "#ddd6fe",
+    300: "#c4b5fd",
+    600: "#7c3aed",
+    700: "#6d28d9",
+    900: "#4c1d95",
+  },
+  {
+    500: "#a855f7",
+    200: "#e9d5ff",
+    300: "#d8b4fe",
+    600: "#9333ea",
+    700: "#7e22ce",
+    900: "#581c87",
+  },
+  {
+    500: "#d946ef",
+    200: "#f5d0fe",
+    300: "#f0abfc",
+    600: "#c026d3",
+    700: "#a21caf",
+    900: "#701a75",
+  },
+  {
+    500: "#ec4899",
+    200: "#fbcfe8",
+    300: "#f9a8d4",
+    600: "#db2777",
+    700: "#be185d",
+    900: "#831843",
+  },
+  {
+    500: "#f43f5e",
+    200: "#fecdd3",
+    300: "#fda4af",
+    600: "#e11d48",
+    700: "#be123c",
+    900: "#881337",
+  },
+];
+
+export function getColorHash(value: string): ColorShade {
+  let hash = 0;
+
+  if (value.length === 0) {
+    return COLORS[hash];
+  }
+
+  hash = hashCode(value);
+  return COLORS[hash % COLORS.length];
+}
+
+export function hashCode(str: string, seed = 0): number {
+  let h1 = 0xdeadbeef ^ seed,
+    h2 = 0x41c6ce57 ^ seed;
+  for (let i = 0, ch; i < str.length; i++) {
+    ch = str.charCodeAt(i);
+    h1 = Math.imul(h1 ^ ch, 2654435761);
+    h2 = Math.imul(h2 ^ ch, 1597334677);
+  }
+  h1 =
+    Math.imul(h1 ^ (h1 >>> 16), 2246822507) ^
+    Math.imul(h2 ^ (h2 >>> 13), 3266489909);
+  h2 =
+    Math.imul(h2 ^ (h2 >>> 16), 2246822507) ^
+    Math.imul(h1 ^ (h1 >>> 13), 3266489909);
+  return 4294967296 * (2097151 & h2) + (h1 >>> 0);
+}
+
+export function getMembershipColor(role: string): ColorShade {
+  const hash = hashCode(role);
+  let color = COLORS[hash % COLORS.length];
+
+  switch (role) {
+    case "IAM_OWNER":
+      color = COLORS[0];
+      break;
+    case "IAM_OWNER_VIEWER":
+      color = COLORS[14];
+      break;
+    case "IAM_ORG_MANAGER":
+      color = COLORS[11];
+      break;
+    case "IAM_USER_MANAGER":
+      color = COLORS[8];
+      break;
+
+    case "ORG_OWNER":
+      color = COLORS[16];
+      break;
+    case "ORG_USER_MANAGER":
+      color = COLORS[8];
+      break;
+    case "ORG_OWNER_VIEWER":
+      color = COLORS[14];
+      break;
+    case "ORG_USER_PERMISSION_EDITOR":
+      color = COLORS[7];
+      break;
+    case "ORG_PROJECT_PERMISSION_EDITOR":
+      color = COLORS[11];
+      break;
+    case "ORG_PROJECT_CREATOR":
+      color = COLORS[12];
+      break;
+
+    case "PROJECT_OWNER":
+      color = COLORS[9];
+      break;
+    case "PROJECT_OWNER_VIEWER":
+      color = COLORS[10];
+      break;
+    case "PROJECT_OWNER_GLOBAL":
+      color = COLORS[11];
+      break;
+    case "PROJECT_OWNER_VIEWER_GLOBAL":
+      color = COLORS[12];
+      break;
+
+    default:
+      color = COLORS[hash % COLORS.length];
+      break;
+  }
+
+  return color;
+}
diff --git a/login/apps/login/src/helpers/validators.ts b/login/apps/login/src/helpers/validators.ts
new file mode 100644
index 0000000000..6a61d13ece
--- /dev/null
+++ b/login/apps/login/src/helpers/validators.ts
@@ -0,0 +1,19 @@
+export function symbolValidator(value: string): boolean {
+  const REGEXP = /[^a-zA-Z0-9]/gi;
+  return REGEXP.test(value);
+}
+
+export function numberValidator(value: string): boolean {
+  const REGEXP = /[0-9]/g;
+  return REGEXP.test(value);
+}
+
+export function upperCaseValidator(value: string): boolean {
+  const REGEXP = /[A-Z]/g;
+  return REGEXP.test(value);
+}
+
+export function lowerCaseValidator(value: string): boolean {
+  const REGEXP = /[a-z]/g;
+  return REGEXP.test(value);
+}
diff --git a/login/apps/login/src/i18n/request.ts b/login/apps/login/src/i18n/request.ts
new file mode 100644
index 0000000000..9e5e37e231
--- /dev/null
+++ b/login/apps/login/src/i18n/request.ts
@@ -0,0 +1,59 @@
+import { LANGS, LANGUAGE_COOKIE_NAME, LANGUAGE_HEADER_NAME } from "@/lib/i18n";
+import { getServiceUrlFromHeaders } from "@/lib/service-url";
+import { getHostedLoginTranslation } from "@/lib/zitadel";
+import { JsonObject } from "@zitadel/client";
+import deepmerge from "deepmerge";
+import { getRequestConfig } from "next-intl/server";
+import { cookies, headers } from "next/headers";
+
+export default getRequestConfig(async () => {
+  const fallback = "en";
+  const cookiesList = await cookies();
+
+  let locale: string = fallback;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const i18nOrganization = _headers.get("x-zitadel-i18n-organization") || ""; // You may need to set this header in middleware
+
+  let translations: JsonObject | {} = {};
+  try {
+    const i18nJSON = await getHostedLoginTranslation({
+      serviceUrl,
+      locale,
+      organization: i18nOrganization,
+    });
+
+    if (i18nJSON) {
+      translations = i18nJSON;
+    }
+  } catch (error) {
+    console.warn("Error fetching custom translations:", error);
+  }
+
+  const languageHeader = await (await headers()).get(LANGUAGE_HEADER_NAME);
+  if (languageHeader) {
+    const headerLocale = languageHeader.split(",")[0].split("-")[0]; // Extract the language code
+    if (LANGS.map((l) => l.code).includes(headerLocale)) {
+      locale = headerLocale;
+    }
+  }
+
+  const languageCookie = cookiesList?.get(LANGUAGE_COOKIE_NAME);
+  if (languageCookie && languageCookie.value) {
+    if (LANGS.map((l) => l.code).includes(languageCookie.value)) {
+      locale = languageCookie.value;
+    }
+  }
+
+  const customMessages = translations;
+  const localeMessages = (await import(`../../locales/${locale}.json`)).default;
+  const fallbackMessages = (await import(`../../locales/${fallback}.json`))
+    .default;
+
+  return {
+    locale,
+    messages: deepmerge.all([fallbackMessages, localeMessages, customMessages]),
+  };
+});
diff --git a/login/apps/login/src/lib/api.ts b/login/apps/login/src/lib/api.ts
new file mode 100644
index 0000000000..7324007307
--- /dev/null
+++ b/login/apps/login/src/lib/api.ts
@@ -0,0 +1,17 @@
+import { newSystemToken } from "@zitadel/client/node";
+
+export async function systemAPIToken() {
+  const token = {
+    audience: process.env.AUDIENCE,
+    userID: process.env.SYSTEM_USER_ID,
+    token: Buffer.from(process.env.SYSTEM_USER_PRIVATE_KEY, "base64").toString(
+      "utf-8",
+    ),
+  };
+
+  return newSystemToken({
+    audience: token.audience,
+    subject: token.userID,
+    key: token.token,
+  });
+}
diff --git a/login/apps/login/src/lib/client.ts b/login/apps/login/src/lib/client.ts
new file mode 100644
index 0000000000..a59af90b77
--- /dev/null
+++ b/login/apps/login/src/lib/client.ts
@@ -0,0 +1,80 @@
+type FinishFlowCommand =
+  | {
+      sessionId: string;
+      requestId: string;
+    }
+  | { loginName: string };
+
+function goToSignedInPage(
+  props:
+    | { sessionId: string; organization?: string; requestId?: string }
+    | { organization?: string; loginName: string; requestId?: string },
+) {
+  const params = new URLSearchParams({});
+
+  if ("loginName" in props && props.loginName) {
+    params.append("loginName", props.loginName);
+  }
+
+  if ("sessionId" in props && props.sessionId) {
+    params.append("sessionId", props.sessionId);
+  }
+
+  if (props.organization) {
+    params.append("organization", props.organization);
+  }
+
+  // required to show conditional UI for device flow
+  if (props.requestId) {
+    params.append("requestId", props.requestId);
+  }
+
+  return `/signedin?` + params;
+}
+
+/**
+ * for client: redirects user back to an OIDC or SAML application or to a success page when using requestId, check if a default redirect and redirect to it, or just redirect to a success page with the loginName
+ * @param command
+ * @returns
+ */
+export async function getNextUrl(
+  command: FinishFlowCommand & { organization?: string },
+  defaultRedirectUri?: string,
+): Promise<string> {
+  // finish Device Authorization Flow
+  if (
+    "requestId" in command &&
+    command.requestId.startsWith("device_") &&
+    ("loginName" in command || "sessionId" in command)
+  ) {
+    return goToSignedInPage({
+      ...command,
+      organization: command.organization,
+    });
+  }
+
+  // finish SAML or OIDC flow
+  if (
+    "sessionId" in command &&
+    "requestId" in command &&
+    (command.requestId.startsWith("saml_") ||
+      command.requestId.startsWith("oidc_"))
+  ) {
+    const params = new URLSearchParams({
+      sessionId: command.sessionId,
+      requestId: command.requestId,
+    });
+
+    if (command.organization) {
+      params.append("organization", command.organization);
+    }
+
+    return `/login?` + params;
+  }
+
+  if (defaultRedirectUri) {
+    return defaultRedirectUri;
+  }
+
+  return goToSignedInPage(command);
+}
diff --git a/login/apps/login/src/lib/cookies.ts b/login/apps/login/src/lib/cookies.ts
new file mode 100644
index 0000000000..7de87a98e7
--- /dev/null
+++ b/login/apps/login/src/lib/cookies.ts
@@ -0,0 +1,341 @@
+"use server";
+
+import { timestampDate, timestampFromMs } from "@zitadel/client";
+import { cookies } from "next/headers";
+import { LANGUAGE_COOKIE_NAME } from "./i18n";
+
+// TODO: improve this to handle overflow
+const MAX_COOKIE_SIZE = 2048;
+
+export type Cookie = {
+  id: string;
+  token: string;
+  loginName: string;
+  organization?: string;
+  creationTs: string;
+  expirationTs: string;
+  changeTs: string;
+  requestId?: string; // if its linked to an OIDC flow
+};
+
+type SessionCookie<T> = Cookie & T;
+
+async function setSessionHttpOnlyCookie<T>(
+  sessions: SessionCookie<T>[],
+  sameSite: boolean | "lax" | "strict" | "none" = true,
+) {
+  const cookiesList = await cookies();
+
+  return cookiesList.set({
+    name: "sessions",
+    value: JSON.stringify(sessions),
+    httpOnly: true,
+    path: "/",
+    sameSite: process.env.NODE_ENV === "production" ? sameSite : "lax",
+    secure: process.env.NODE_ENV === "production",
+  });
+}
+
+export async function setLanguageCookie(language: string) {
+  const cookiesList = await cookies();
+
+  await cookiesList.set({
+    name: LANGUAGE_COOKIE_NAME,
+    value: language,
+    httpOnly: true,
+    path: "/",
+  });
+}
+
+export async function addSessionToCookie<T>({
+  session,
+  cleanup,
+  sameSite,
+}: {
+  session: SessionCookie<T>;
+  cleanup?: boolean;
+  sameSite?: boolean | "lax" | "strict" | "none" | undefined;
+}): Promise<any> {
+  const cookiesList = await cookies();
+  const stringifiedCookie = cookiesList.get("sessions");
+
+  let currentSessions: SessionCookie<T>[] = stringifiedCookie?.value
+    ? JSON.parse(stringifiedCookie?.value)
+    : [];
+
+  const index = currentSessions.findIndex(
+    (s) => s.loginName === session.loginName,
+  );
+
+  if (index > -1) {
+    currentSessions[index] = session;
+  } else {
+    const temp = [...currentSessions, session];
+
+    if (JSON.stringify(temp).length >= MAX_COOKIE_SIZE) {
+      console.log("WARNING COOKIE OVERFLOW");
+      // TODO: improve cookie handling
+      // this replaces the first session (oldest) with the new one
+      currentSessions = [session].concat(currentSessions.slice(1));
+    } else {
+      currentSessions = [session].concat(currentSessions);
+    }
+  }
+
+  if (cleanup) {
+    const now = new Date();
+    const filteredSessions = currentSessions.filter((session) =>
+      session.expirationTs
+        ? timestampDate(timestampFromMs(Number(session.expirationTs))) > now
+        : true,
+    );
+    return setSessionHttpOnlyCookie(filteredSessions, sameSite);
+  } else {
+    return setSessionHttpOnlyCookie(currentSessions, sameSite);
+  }
+}
+
+export async function updateSessionCookie<T>({
+  id,
+  session,
+  cleanup,
+  sameSite,
+}: {
+  id: string;
+  session: SessionCookie<T>;
+  cleanup?: boolean;
+  sameSite?: boolean | "lax" | "strict" | "none" | undefined;
+}): Promise<any> {
+  const cookiesList = await cookies();
+  const stringifiedCookie = cookiesList.get("sessions");
+
+  const sessions: SessionCookie<T>[] = stringifiedCookie?.value
+    ? JSON.parse(stringifiedCookie?.value)
+    : [session];
+
+  const foundIndex = sessions.findIndex((session) => session.id === id);
+
+  if (foundIndex > -1) {
+    sessions[foundIndex] = session;
+    if (cleanup) {
+      const now = new Date();
+      const filteredSessions = sessions.filter((session) =>
+        session.expirationTs
+          ? timestampDate(timestampFromMs(Number(session.expirationTs))) > now
+          : true,
+      );
+      return setSessionHttpOnlyCookie(filteredSessions, sameSite);
+    } else {
+      return setSessionHttpOnlyCookie(sessions, sameSite);
+    }
+  } else {
+    throw "updateSessionCookie<T>: session id now found";
+  }
+}
+
+export async function removeSessionFromCookie<T>({
+  session,
+  cleanup,
+  sameSite,
+}: {
+  session: SessionCookie<T>;
+  cleanup?: boolean;
+  sameSite?: boolean | "lax" | "strict" | "none" | undefined;
+}) {
+  const cookiesList = await cookies();
+  const stringifiedCookie = cookiesList.get("sessions");
+
+  const sessions: SessionCookie<T>[] = stringifiedCookie?.value
+    ? JSON.parse(stringifiedCookie?.value)
+    : [session];
+
+  const reducedSessions = sessions.filter((s) => s.id !== session.id);
+  if (cleanup) {
+    const now = new Date();
+    const filteredSessions = reducedSessions.filter((session) =>
+      session.expirationTs
+        ? timestampDate(timestampFromMs(Number(session.expirationTs))) > now
+        : true,
+    );
+    return setSessionHttpOnlyCookie(filteredSessions, sameSite);
+  } else {
+    return setSessionHttpOnlyCookie(reducedSessions, sameSite);
+  }
+}
+
+export async function getMostRecentSessionCookie<T>(): Promise<Cookie> {
+  const cookiesList = await cookies();
+  const stringifiedCookie = cookiesList.get("sessions");
+
+  if (stringifiedCookie?.value) {
+    const sessions: SessionCookie<T>[] = JSON.parse(stringifiedCookie?.value);
+
+    const latest = sessions.reduce((prev, current) => {
+      return prev.changeTs > current.changeTs ? prev : current;
+    });
+
+    return latest;
+  } else {
+    return Promise.reject("no session cookie found");
+  }
+}
+
+export async function getSessionCookieById<T>({
+  sessionId,
+  organization,
+}: {
+  sessionId: string;
+  organization?: string;
+}): Promise<SessionCookie<T>> {
+  const cookiesList = await cookies();
+  const stringifiedCookie = cookiesList.get("sessions");
+
+  if (stringifiedCookie?.value) {
+    const sessions: SessionCookie<T>[] = JSON.parse(stringifiedCookie?.value);
+
+    const found = sessions.find((s) =>
+      organization
+        ? s.organization === organization && s.id === sessionId
+        : s.id === sessionId,
+    );
+    if (found) {
+      return found;
+    } else {
+      return Promise.reject();
+    }
+  } else {
+    return Promise.reject();
+  }
+}
+
+export async function getSessionCookieByLoginName<T>({
+  loginName,
+  organization,
+}: {
+  loginName?: string;
+  organization?: string;
+}): Promise<SessionCookie<T>> {
+  const cookiesList = await cookies();
+  const stringifiedCookie = cookiesList.get("sessions");
+
+  if (stringifiedCookie?.value) {
+    const sessions: SessionCookie<T>[] = JSON.parse(stringifiedCookie?.value);
+    const found = sessions.find((s) =>
+      organization
+        ? s.organization === organization && s.loginName === loginName
+        : s.loginName === loginName,
+    );
+    if (found) {
+      return found;
+    } else {
+      return Promise.reject("no cookie found with loginName: " + loginName);
+    }
+  } else {
+    return Promise.reject("no session cookie found");
+  }
+}
+
+/**
+ *
+ * @param cleanup when true, removes all expired sessions, default true
+ * @returns Session Cookies
+ */
+export async function getAllSessionCookieIds<T>(
+  cleanup: boolean = false,
+): Promise<any> {
+  const cookiesList = await cookies();
+  const stringifiedCookie = cookiesList.get("sessions");
+
+  if (stringifiedCookie?.value) {
+    const sessions: SessionCookie<T>[] = JSON.parse(stringifiedCookie?.value);
+
+    if (cleanup) {
+      const now = new Date();
+      return sessions
+        .filter((session) =>
+          session.expirationTs
+            ? timestampDate(timestampFromMs(Number(session.expirationTs))) > now
+            : true,
+        )
+        .map((session) => session.id);
+    } else {
+      return sessions.map((session) => session.id);
+    }
+  } else {
+    return [];
+  }
+}
+
+/**
+ *
+ * @param cleanup when true, removes all expired sessions, default true
+ * @returns Session Cookies
+ */
+export async function getAllSessions<T>(
+  cleanup: boolean = false,
+): Promise<SessionCookie<T>[]> {
+  const cookiesList = await cookies();
+  const stringifiedCookie = cookiesList.get("sessions");
+
+  if (stringifiedCookie?.value) {
+    const sessions: SessionCookie<T>[] = JSON.parse(stringifiedCookie?.value);
+
+    if (cleanup) {
+      const now = new Date();
+      return sessions.filter((session) =>
+        session.expirationTs
+          ? timestampDate(timestampFromMs(Number(session.expirationTs))) > now
+          : true,
+      );
+    } else {
+      return sessions;
+    }
+  } else {
+    return [];
+  }
+}
+
+/**
+ * Returns most recent session filtered by optinal loginName
+ * @param loginName optional loginName to filter cookies, if non provided, returns most recent session
+ * @param organization optional organization to filter cookies
+ * @returns most recent session
+ */
+export async function getMostRecentCookieWithLoginname<T>({
+  loginName,
+  organization,
+}: {
+  loginName?: string;
+  organization?: string;
+}): Promise<any> {
+  const cookiesList = await cookies();
+  const stringifiedCookie = cookiesList.get("sessions");
+
+  if (stringifiedCookie?.value) {
+    const sessions: SessionCookie<T>[] = JSON.parse(stringifiedCookie?.value);
+    let filtered = sessions.filter((cookie) => {
+      return !!loginName ? cookie.loginName === loginName : true;
+    });
+
+    if (organization) {
+      filtered = filtered.filter((cookie) => {
+        return cookie.organization === organization;
+      });
+    }
+
+    const latest =
+      filtered && filtered.length
+        ? filtered.reduce((prev, current) => {
+            return prev.changeTs > current.changeTs ? prev : current;
+          })
+        : undefined;
+
+    if (latest) {
+      return latest;
+    } else {
+      return Promise.reject("Could not get the context or retrieve a session");
+    }
+  } else {
+    return Promise.reject("Could not read session cookie");
+  }
+}
diff --git a/login/apps/login/src/lib/demos.ts b/login/apps/login/src/lib/demos.ts
new file mode 100644
index 0000000000..38912e50e5
--- /dev/null
+++ b/login/apps/login/src/lib/demos.ts
@@ -0,0 +1,38 @@
+export type Item = {
+  name: string;
+  slug: string;
+  description?: string;
+};
+
+export const demos: { name: string; items: Item[] }[] = [
+  {
+    name: "Login",
+    items: [
+      {
+        name: "Loginname",
+        slug: "loginname",
+        description: "Start the loginflow with loginname",
+      },
+      {
+        name: "Accounts",
+        slug: "accounts",
+        description: "List active and inactive sessions",
+      },
+    ],
+  },
+  {
+    name: "Register",
+    items: [
+      {
+        name: "Register",
+        slug: "register",
+        description: "Add a user with password or passkey",
+      },
+      {
+        name: "IDP Register",
+        slug: "idp",
+        description: "Add a user from an external identity provider",
+      },
+    ],
+  },
+];
diff --git a/login/apps/login/src/lib/fingerprint.ts b/login/apps/login/src/lib/fingerprint.ts
new file mode 100644
index 0000000000..55b59dadc8
--- /dev/null
+++ b/login/apps/login/src/lib/fingerprint.ts
@@ -0,0 +1,66 @@
+import { create } from "@zitadel/client";
+import {
+  UserAgent,
+  UserAgentSchema,
+} from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { cookies, headers } from "next/headers";
+import { userAgent } from "next/server";
+import { v4 as uuidv4 } from "uuid";
+
+export async function getFingerprintId() {
+  return uuidv4();
+}
+
+export async function setFingerprintIdCookie(fingerprintId: string) {
+  const cookiesList = await cookies();
+
+  return cookiesList.set({
+    name: "fingerprintId",
+    value: fingerprintId,
+    httpOnly: true,
+    path: "/",
+    maxAge: 31536000, // 1 year
+  });
+}
+
+export async function getFingerprintIdCookie() {
+  const cookiesList = await cookies();
+  return cookiesList.get("fingerprintId");
+}
+
+export async function getOrSetFingerprintId(): Promise<string> {
+  const cookie = await getFingerprintIdCookie();
+  if (cookie) {
+    return cookie.value;
+  }
+
+  const fingerprintId = await getFingerprintId();
+  await setFingerprintIdCookie(fingerprintId);
+  return fingerprintId;
+}
+
+export async function getUserAgent(): Promise<UserAgent> {
+  const _headers = await headers();
+
+  const fingerprintId = await getOrSetFingerprintId();
+
+  const { device, engine, os, browser } = userAgent({ headers: _headers });
+
+  const userAgentHeader = _headers.get("user-agent");
+
+  const userAgentHeaderValues = userAgentHeader?.split(",");
+
+  const deviceDescription = `${device?.type ? `${device.type},` : ""} ${device?.vendor ? `${device.vendor},` : ""} ${device.model ? `${device.model},` : ""} `;
+  const osDescription = `${os?.name ? `${os.name},` : ""} ${os?.version ? `${os.version},` : ""} `;
+  const engineDescription = `${engine?.name ? `${engine.name},` : ""} ${engine?.version ? `${engine.version},` : ""} `;
+  const browserDescription = `${browser?.name ? `${browser.name},` : ""} ${browser.version ? `${browser.version},` : ""} `;
+
+  const userAgentData: UserAgent = create(UserAgentSchema, {
+    ip: _headers.get("x-forwarded-for") ?? _headers.get("remoteAddress") ?? "",
+    header: { "user-agent": { values: userAgentHeaderValues } },
+    description: `${browserDescription}, ${deviceDescription}, ${engineDescription}, ${osDescription}`,
+    fingerprintId: fingerprintId,
+  });
+
+  return userAgentData;
+}
diff --git a/login/apps/login/src/lib/hooks.ts b/login/apps/login/src/lib/hooks.ts
new file mode 100644
index 0000000000..2d43fe5adc
--- /dev/null
+++ b/login/apps/login/src/lib/hooks.ts
@@ -0,0 +1,14 @@
+import { useEffect, useState } from "react";
+
+// Custom hook to read auth record and user profile doc
+export function useUserData() {
+  const [clientData, setClientData] = useState(null);
+
+  useEffect(() => {
+    let unsubscribe;
+
+    return unsubscribe;
+  }, [clientData]);
+
+  return { clientData };
+}
diff --git a/login/apps/login/src/lib/i18n.ts b/login/apps/login/src/lib/i18n.ts
new file mode 100644
index 0000000000..5a101dcc8f
--- /dev/null
+++ b/login/apps/login/src/lib/i18n.ts
@@ -0,0 +1,38 @@
+export interface Lang {
+  name: string;
+  code: string;
+}
+
+export const LANGS: Lang[] = [
+  {
+    name: "English",
+    code: "en",
+  },
+  {
+    name: "Deutsch",
+    code: "de",
+  },
+  {
+    name: "Italiano",
+    code: "it",
+  },
+  {
+    name: "Español",
+    code: "es",
+  },
+  {
+    name: "Polski",
+    code: "pl",
+  },
+  {
+    name: "简体中文",
+    code: "zh",
+  },
+  {
+    name: "Русский",
+    code: "ru",
+  },
+];
+
+export const LANGUAGE_COOKIE_NAME = "NEXT_LOCALE";
+export const LANGUAGE_HEADER_NAME = "accept-language";
diff --git a/login/apps/login/src/lib/idp.ts b/login/apps/login/src/lib/idp.ts
new file mode 100644
index 0000000000..d355f9ab56
--- /dev/null
+++ b/login/apps/login/src/lib/idp.ts
@@ -0,0 +1,77 @@
+import { IDPType } from "@zitadel/proto/zitadel/idp/v2/idp_pb";
+import { IdentityProviderType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+
+// This maps the IdentityProviderType to a slug which is used in the /success and /failure routes
+export function idpTypeToSlug(idpType: IdentityProviderType) {
+  switch (idpType) {
+    case IdentityProviderType.GITHUB:
+      return "github";
+    case IdentityProviderType.GITHUB_ES:
+      return "github_es";
+    case IdentityProviderType.GITLAB:
+      return "gitlab";
+    case IdentityProviderType.GITLAB_SELF_HOSTED:
+      return "gitlab_es";
+    case IdentityProviderType.APPLE:
+      return "apple";
+    case IdentityProviderType.GOOGLE:
+      return "google";
+    case IdentityProviderType.AZURE_AD:
+      return "azure";
+    case IdentityProviderType.SAML:
+      return "saml";
+    case IdentityProviderType.OAUTH:
+      return "oauth";
+    case IdentityProviderType.OIDC:
+      return "oidc";
+    case IdentityProviderType.LDAP:
+      return "ldap";
+    case IdentityProviderType.JWT:
+      return "jwt";
+    default:
+      throw new Error("Unknown identity provider type");
+  }
+}
+
+// TODO: this is ugly but needed atm as the getIDPByID returns a IDPType and not a IdentityProviderType
+export function idpTypeToIdentityProviderType(
+  idpType: IDPType,
+): IdentityProviderType {
+  switch (idpType) {
+    case IDPType.IDP_TYPE_GITHUB:
+      return IdentityProviderType.GITHUB;
+
+    case IDPType.IDP_TYPE_GITHUB_ES:
+      return IdentityProviderType.GITHUB_ES;
+
+    case IDPType.IDP_TYPE_GITLAB:
+      return IdentityProviderType.GITLAB;
+
+    case IDPType.IDP_TYPE_GITLAB_SELF_HOSTED:
+      return IdentityProviderType.GITLAB_SELF_HOSTED;
+
+    case IDPType.IDP_TYPE_APPLE:
+      return IdentityProviderType.APPLE;
+
+    case IDPType.IDP_TYPE_GOOGLE:
+      return IdentityProviderType.GOOGLE;
+
+    case IDPType.IDP_TYPE_AZURE_AD:
+      return IdentityProviderType.AZURE_AD;
+
+    case IDPType.IDP_TYPE_SAML:
+      return IdentityProviderType.SAML;
+
+    case IDPType.IDP_TYPE_OAUTH:
+      return IdentityProviderType.OAUTH;
+
+    case IDPType.IDP_TYPE_OIDC:
+      return IdentityProviderType.OIDC;
+
+    case IDPType.IDP_TYPE_JWT:
+      return IdentityProviderType.JWT;
+
+    default:
+      throw new Error("Unknown identity provider type");
+  }
+}
diff --git a/login/apps/login/src/lib/oidc.ts b/login/apps/login/src/lib/oidc.ts
new file mode 100644
index 0000000000..b692300dea
--- /dev/null
+++ b/login/apps/login/src/lib/oidc.ts
@@ -0,0 +1,132 @@
+import { Cookie } from "@/lib/cookies";
+import { sendLoginname, SendLoginnameCommand } from "@/lib/server/loginname";
+import { createCallback, getLoginSettings } from "@/lib/zitadel";
+import { create } from "@zitadel/client";
+import {
+  CreateCallbackRequestSchema,
+  SessionSchema,
+} from "@zitadel/proto/zitadel/oidc/v2/oidc_service_pb";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { NextRequest, NextResponse } from "next/server";
+import { constructUrl } from "./service-url";
+import { isSessionValid } from "./session";
+
+type LoginWithOIDCAndSession = {
+  serviceUrl: string;
+  authRequest: string;
+  sessionId: string;
+  sessions: Session[];
+  sessionCookies: Cookie[];
+  request: NextRequest;
+};
+export async function loginWithOIDCAndSession({
+  serviceUrl,
+  authRequest,
+  sessionId,
+  sessions,
+  sessionCookies,
+  request,
+}: LoginWithOIDCAndSession) {
+  console.log(
+    `Login with session: ${sessionId} and authRequest: ${authRequest}`,
+  );
+
+  const selectedSession = sessions.find((s) => s.id === sessionId);
+
+  if (selectedSession && selectedSession.id) {
+    console.log(`Found session ${selectedSession.id}`);
+
+    const isValid = await isSessionValid({
+      serviceUrl,
+      session: selectedSession,
+    });
+
+    console.log("Session is valid:", isValid);
+
+    if (!isValid && selectedSession.factors?.user) {
+      // if the session is not valid anymore, we need to redirect the user to re-authenticate /
+      // TODO: handle IDP intent direcly if available
+      const command: SendLoginnameCommand = {
+        loginName: selectedSession.factors.user?.loginName,
+        organization: selectedSession.factors?.user?.organizationId,
+        requestId: `oidc_${authRequest}`,
+      };
+
+      const res = await sendLoginname(command);
+
+      if (res && "redirect" in res && res?.redirect) {
+        const absoluteUrl = constructUrl(request, res.redirect);
+        return NextResponse.redirect(absoluteUrl.toString());
+      }
+    }
+
+    const cookie = sessionCookies.find(
+      (cookie) => cookie.id === selectedSession?.id,
+    );
+
+    if (cookie && cookie.id && cookie.token) {
+      const session = {
+        sessionId: cookie?.id,
+        sessionToken: cookie?.token,
+      };
+
+      // works not with _rsc request
+      try {
+        const { callbackUrl } = await createCallback({
+          serviceUrl,
+          req: create(CreateCallbackRequestSchema, {
+            authRequestId: authRequest,
+            callbackKind: {
+              case: "session",
+              value: create(SessionSchema, session),
+            },
+          }),
+        });
+        if (callbackUrl) {
+          return NextResponse.redirect(callbackUrl);
+        } else {
+          return NextResponse.json(
+            { error: "An error occurred!" },
+            { status: 500 },
+          );
+        }
+      } catch (error: unknown) {
+        // handle already handled gracefully as these could come up if old emails with requestId are used (reset password, register emails etc.)
+        console.error(error);
+        if (
+          error &&
+          typeof error === "object" &&
+          "code" in error &&
+          error?.code === 9
+        ) {
+          const loginSettings = await getLoginSettings({
+            serviceUrl,
+            organization: selectedSession.factors?.user?.organizationId,
+          });
+
+          if (loginSettings?.defaultRedirectUri) {
+            return NextResponse.redirect(loginSettings.defaultRedirectUri);
+          }
+
+          const signedinUrl = constructUrl(request, "/signedin");
+
+          if (selectedSession.factors?.user?.loginName) {
+            signedinUrl.searchParams.set(
+              "loginName",
+              selectedSession.factors?.user?.loginName,
+            );
+          }
+          if (selectedSession.factors?.user?.organizationId) {
+            signedinUrl.searchParams.set(
+              "organization",
+              selectedSession.factors?.user?.organizationId,
+            );
+          }
+          return NextResponse.redirect(signedinUrl);
+        } else {
+          return NextResponse.json({ error }, { status: 500 });
+        }
+      }
+    }
+  }
+}
diff --git a/login/apps/login/src/lib/saml.ts b/login/apps/login/src/lib/saml.ts
new file mode 100644
index 0000000000..e85084f022
--- /dev/null
+++ b/login/apps/login/src/lib/saml.ts
@@ -0,0 +1,130 @@
+import { Cookie } from "@/lib/cookies";
+import { sendLoginname, SendLoginnameCommand } from "@/lib/server/loginname";
+import { createResponse, getLoginSettings } from "@/lib/zitadel";
+import { create } from "@zitadel/client";
+import { CreateResponseRequestSchema } from "@zitadel/proto/zitadel/saml/v2/saml_service_pb";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { NextRequest, NextResponse } from "next/server";
+import { constructUrl } from "./service-url";
+import { isSessionValid } from "./session";
+
+type LoginWithSAMLAndSession = {
+  serviceUrl: string;
+  samlRequest: string;
+  sessionId: string;
+  sessions: Session[];
+  sessionCookies: Cookie[];
+  request: NextRequest;
+};
+
+export async function loginWithSAMLAndSession({
+  serviceUrl,
+  samlRequest,
+  sessionId,
+  sessions,
+  sessionCookies,
+  request,
+}: LoginWithSAMLAndSession) {
+  console.log(
+    `Login with session: ${sessionId} and samlRequest: ${samlRequest}`,
+  );
+
+  const selectedSession = sessions.find((s) => s.id === sessionId);
+
+  if (selectedSession && selectedSession.id) {
+    console.log(`Found session ${selectedSession.id}`);
+
+    const isValid = await isSessionValid({
+      serviceUrl,
+      session: selectedSession,
+    });
+
+    console.log("Session is valid:", isValid);
+
+    if (!isValid && selectedSession.factors?.user) {
+      // if the session is not valid anymore, we need to redirect the user to re-authenticate /
+      // TODO: handle IDP intent direcly if available
+      const command: SendLoginnameCommand = {
+        loginName: selectedSession.factors.user?.loginName,
+        organization: selectedSession.factors?.user?.organizationId,
+        requestId: `saml_${samlRequest}`,
+      };
+
+      const res = await sendLoginname(command);
+
+      if (res && "redirect" in res && res?.redirect) {
+        const absoluteUrl = constructUrl(request, res.redirect);
+        return NextResponse.redirect(absoluteUrl.toString());
+      }
+    }
+
+    const cookie = sessionCookies.find(
+      (cookie) => cookie.id === selectedSession?.id,
+    );
+
+    if (cookie && cookie.id && cookie.token) {
+      const session = {
+        sessionId: cookie?.id,
+        sessionToken: cookie?.token,
+      };
+
+      // works not with _rsc request
+      try {
+        const { url } = await createResponse({
+          serviceUrl,
+          req: create(CreateResponseRequestSchema, {
+            samlRequestId: samlRequest,
+            responseKind: {
+              case: "session",
+              value: session,
+            },
+          }),
+        });
+        if (url) {
+          return NextResponse.redirect(url);
+        } else {
+          return NextResponse.json(
+            { error: "An error occurred!" },
+            { status: 500 },
+          );
+        }
+      } catch (error: unknown) {
+        // handle already handled gracefully as these could come up if old emails with requestId are used (reset password, register emails etc.)
+        console.error(error);
+        if (
+          error &&
+          typeof error === "object" &&
+          "code" in error &&
+          error?.code === 9
+        ) {
+          const loginSettings = await getLoginSettings({
+            serviceUrl,
+            organization: selectedSession.factors?.user?.organizationId,
+          });
+
+          if (loginSettings?.defaultRedirectUri) {
+            return NextResponse.redirect(loginSettings.defaultRedirectUri);
+          }
+
+          const signedinUrl = constructUrl(request, "/signedin");
+
+          if (selectedSession.factors?.user?.loginName) {
+            signedinUrl.searchParams.set(
+              "loginName",
+              selectedSession.factors?.user?.loginName,
+            );
+          }
+          if (selectedSession.factors?.user?.organizationId) {
+            signedinUrl.searchParams.set(
+              "organization",
+              selectedSession.factors?.user?.organizationId,
+            );
+          }
+          return NextResponse.redirect(signedinUrl);
+        } else {
+          return NextResponse.json({ error }, { status: 500 });
+        }
+      }
+    }
+  }
+}
diff --git a/login/apps/login/src/lib/self.ts b/login/apps/login/src/lib/self.ts
new file mode 100644
index 0000000000..df8508c29e
--- /dev/null
+++ b/login/apps/login/src/lib/self.ts
@@ -0,0 +1,60 @@
+"use server";
+
+import { createUserServiceClient } from "@zitadel/client/v2";
+import { headers } from "next/headers";
+import { getSessionCookieById } from "./cookies";
+import { getServiceUrlFromHeaders } from "./service-url";
+import { createServerTransport, getSession } from "./zitadel";
+
+const myUserService = async (serviceUrl: string, sessionToken: string) => {
+  const transportPromise = await createServerTransport(
+    sessionToken,
+    serviceUrl,
+  );
+  return createUserServiceClient(transportPromise);
+};
+
+export async function setMyPassword({
+  sessionId,
+  password,
+}: {
+  sessionId: string;
+  password: string;
+}) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const sessionCookie = await getSessionCookieById({ sessionId });
+
+  const { session } = await getSession({
+    serviceUrl,
+    sessionId: sessionCookie.id,
+    sessionToken: sessionCookie.token,
+  });
+
+  if (!session) {
+    return { error: "Could not load session" };
+  }
+
+  const service = await myUserService(serviceUrl, `${sessionCookie.token}`);
+
+  if (!session?.factors?.user?.id) {
+    return { error: "No user id found in session" };
+  }
+
+  return service
+    .setPassword(
+      {
+        userId: session.factors.user.id,
+        newPassword: { password, changeRequired: false },
+      },
+      {},
+    )
+    .catch((error) => {
+      console.log(error);
+      if (error.code === 7) {
+        return { error: "Session is not valid." };
+      }
+      throw error;
+    });
+}
diff --git a/login/apps/login/src/lib/server/cookie.ts b/login/apps/login/src/lib/server/cookie.ts
new file mode 100644
index 0000000000..841fc06b3a
--- /dev/null
+++ b/login/apps/login/src/lib/server/cookie.ts
@@ -0,0 +1,278 @@
+"use server";
+
+import { addSessionToCookie, updateSessionCookie } from "@/lib/cookies";
+import {
+  createSessionForUserIdAndIdpIntent,
+  createSessionFromChecks,
+  getSecuritySettings,
+  getSession,
+  setSession,
+} from "@/lib/zitadel";
+import { ConnectError, Duration, timestampMs } from "@zitadel/client";
+import {
+  CredentialsCheckError,
+  CredentialsCheckErrorSchema,
+  ErrorDetail,
+} from "@zitadel/proto/zitadel/message_pb";
+import {
+  Challenges,
+  RequestChallenges,
+} from "@zitadel/proto/zitadel/session/v2/challenge_pb";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { headers } from "next/headers";
+import { getServiceUrlFromHeaders } from "../service-url";
+
+type CustomCookieData = {
+  id: string;
+  token: string;
+  loginName: string;
+  organization?: string;
+  creationTs: string;
+  expirationTs: string;
+  changeTs: string;
+  requestId?: string; // if its linked to an OIDC flow
+};
+
+const passwordAttemptsHandler = (error: ConnectError) => {
+  const details = error.findDetails(CredentialsCheckErrorSchema);
+
+  if (details[0] && "failedAttempts" in details[0]) {
+    const failedAttempts = details[0].failedAttempts;
+    throw {
+      error: `Failed to authenticate: You had ${failedAttempts} password attempts.`,
+      failedAttempts: failedAttempts,
+    };
+  }
+  throw error;
+};
+
+export async function createSessionAndUpdateCookie(command: {
+  checks: Checks;
+  requestId: string | undefined;
+  lifetime?: Duration;
+}): Promise<Session> {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const createdSession = await createSessionFromChecks({
+    serviceUrl,
+    checks: command.checks,
+    lifetime: command.lifetime,
+  });
+
+  if (createdSession) {
+    return getSession({
+      serviceUrl,
+      sessionId: createdSession.sessionId,
+      sessionToken: createdSession.sessionToken,
+    }).then(async (response) => {
+      if (response?.session && response.session?.factors?.user?.loginName) {
+        const sessionCookie: CustomCookieData = {
+          id: createdSession.sessionId,
+          token: createdSession.sessionToken,
+          creationTs: response.session.creationDate
+            ? `${timestampMs(response.session.creationDate)}`
+            : "",
+          expirationTs: response.session.expirationDate
+            ? `${timestampMs(response.session.expirationDate)}`
+            : "",
+          changeTs: response.session.changeDate
+            ? `${timestampMs(response.session.changeDate)}`
+            : "",
+          loginName: response.session.factors.user.loginName ?? "",
+        };
+
+        if (command.requestId) {
+          sessionCookie.requestId = command.requestId;
+        }
+
+        if (response.session.factors.user.organizationId) {
+          sessionCookie.organization =
+            response.session.factors.user.organizationId;
+        }
+
+        const securitySettings = await getSecuritySettings({ serviceUrl });
+        const sameSite = securitySettings?.embeddedIframe?.enabled
+          ? "none"
+          : true;
+
+        await addSessionToCookie({ session: sessionCookie, sameSite });
+
+        return response.session as Session;
+      } else {
+        throw "could not get session or session does not have loginName";
+      }
+    });
+  } else {
+    throw "Could not create session";
+  }
+}
+
+export async function createSessionForIdpAndUpdateCookie({
+  userId,
+  idpIntent,
+  requestId,
+  lifetime,
+}: {
+  userId: string;
+  idpIntent: {
+    idpIntentId?: string | undefined;
+    idpIntentToken?: string | undefined;
+  };
+  requestId: string | undefined;
+  lifetime?: Duration;
+}): Promise<Session> {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const createdSession = await createSessionForUserIdAndIdpIntent({
+    serviceUrl,
+    userId,
+    idpIntent,
+    lifetime,
+  }).catch((error: ErrorDetail | CredentialsCheckError) => {
+    console.error("Could not set session", error);
+    if ("failedAttempts" in error && error.failedAttempts) {
+      throw {
+        error: `Failed to authenticate: You had ${error.failedAttempts} password attempts.`,
+        failedAttempts: error.failedAttempts,
+      };
+    }
+    throw error;
+  });
+
+  if (!createdSession) {
+    throw "Could not create session";
+  }
+
+  const { session } = await getSession({
+    serviceUrl,
+    sessionId: createdSession.sessionId,
+    sessionToken: createdSession.sessionToken,
+  });
+
+  if (!session || !session.factors?.user?.loginName) {
+    throw "Could not retrieve session";
+  }
+
+  const sessionCookie: CustomCookieData = {
+    id: createdSession.sessionId,
+    token: createdSession.sessionToken,
+    creationTs: session.creationDate
+      ? `${timestampMs(session.creationDate)}`
+      : "",
+    expirationTs: session.expirationDate
+      ? `${timestampMs(session.expirationDate)}`
+      : "",
+    changeTs: session.changeDate ? `${timestampMs(session.changeDate)}` : "",
+    loginName: session.factors.user.loginName ?? "",
+    organization: session.factors.user.organizationId ?? "",
+  };
+
+  if (requestId) {
+    sessionCookie.requestId = requestId;
+  }
+
+  if (session.factors.user.organizationId) {
+    sessionCookie.organization = session.factors.user.organizationId;
+  }
+
+  const securitySettings = await getSecuritySettings({ serviceUrl });
+  const sameSite = securitySettings?.embeddedIframe?.enabled ? "none" : true;
+
+  return addSessionToCookie({ session: sessionCookie, sameSite }).then(() => {
+    return session as Session;
+  });
+}
+
+export type SessionWithChallenges = Session & {
+  challenges: Challenges | undefined;
+};
+
+export async function setSessionAndUpdateCookie(
+  recentCookie: CustomCookieData,
+  checks?: Checks,
+  challenges?: RequestChallenges,
+  requestId?: string,
+  lifetime?: Duration,
+) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  return setSession({
+    serviceUrl,
+    sessionId: recentCookie.id,
+    sessionToken: recentCookie.token,
+    challenges,
+    checks,
+    lifetime,
+  })
+    .then((updatedSession) => {
+      if (updatedSession) {
+        const sessionCookie: CustomCookieData = {
+          id: recentCookie.id,
+          token: updatedSession.sessionToken,
+          creationTs: recentCookie.creationTs,
+          expirationTs: recentCookie.expirationTs,
+          // just overwrite the changeDate with the new one
+          changeTs: updatedSession.details?.changeDate
+            ? `${timestampMs(updatedSession.details.changeDate)}`
+            : "",
+          loginName: recentCookie.loginName,
+          organization: recentCookie.organization,
+        };
+
+        if (requestId) {
+          sessionCookie.requestId = requestId;
+        }
+
+        return getSession({
+          serviceUrl,
+          sessionId: sessionCookie.id,
+          sessionToken: sessionCookie.token,
+        }).then(async (response) => {
+          if (
+            !response?.session ||
+            !response.session.factors?.user?.loginName
+          ) {
+            throw "could not get session or session does not have loginName";
+          }
+
+          const { session } = response;
+          const newCookie: CustomCookieData = {
+            id: sessionCookie.id,
+            token: updatedSession.sessionToken,
+            creationTs: sessionCookie.creationTs,
+            expirationTs: sessionCookie.expirationTs,
+            // just overwrite the changeDate with the new one
+            changeTs: updatedSession.details?.changeDate
+              ? `${timestampMs(updatedSession.details.changeDate)}`
+              : "",
+            loginName: session.factors?.user?.loginName ?? "",
+            organization: session.factors?.user?.organizationId ?? "",
+          };
+
+          if (sessionCookie.requestId) {
+            newCookie.requestId = sessionCookie.requestId;
+          }
+
+          const securitySettings = await getSecuritySettings({ serviceUrl });
+          const sameSite = securitySettings?.embeddedIframe?.enabled
+            ? "none"
+            : true;
+
+          return updateSessionCookie({
+            id: sessionCookie.id,
+            session: newCookie,
+            sameSite,
+          }).then(() => {
+            return { challenges: updatedSession.challenges, ...session };
+          });
+        });
+      } else {
+        throw "Session not be set";
+      }
+    })
+    .catch(passwordAttemptsHandler);
+}
diff --git a/login/apps/login/src/lib/server/device.ts b/login/apps/login/src/lib/server/device.ts
new file mode 100644
index 0000000000..5e36facfc8
--- /dev/null
+++ b/login/apps/login/src/lib/server/device.ts
@@ -0,0 +1,20 @@
+"use server";
+
+import { authorizeOrDenyDeviceAuthorization } from "@/lib/zitadel";
+import { headers } from "next/headers";
+import { getServiceUrlFromHeaders } from "../service-url";
+
+export async function completeDeviceAuthorization(
+  deviceAuthorizationId: string,
+  session?: { sessionId: string; sessionToken: string },
+) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  // without the session, device auth request is denied
+  return authorizeOrDenyDeviceAuthorization({
+    serviceUrl,
+    deviceAuthorizationId,
+    session,
+  });
+}
diff --git a/login/apps/login/src/lib/server/idp.ts b/login/apps/login/src/lib/server/idp.ts
new file mode 100644
index 0000000000..87f88a7c32
--- /dev/null
+++ b/login/apps/login/src/lib/server/idp.ts
@@ -0,0 +1,241 @@
+"use server";
+
+import {
+  getLoginSettings,
+  getUserByID,
+  startIdentityProviderFlow,
+  startLDAPIdentityProviderFlow,
+} from "@/lib/zitadel";
+import { headers } from "next/headers";
+import { redirect } from "next/navigation";
+import { getNextUrl } from "../client";
+import { getServiceUrlFromHeaders } from "../service-url";
+import { checkEmailVerification } from "../verify-helper";
+import { createSessionForIdpAndUpdateCookie } from "./cookie";
+
+export type RedirectToIdpState = { error?: string | null } | undefined;
+
+export async function redirectToIdp(
+  prevState: RedirectToIdpState,
+  formData: FormData,
+): Promise<RedirectToIdpState> {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+  if (!host) {
+    return { error: "Could not get host" };
+  }
+
+  const params = new URLSearchParams();
+
+  const linkOnly = formData.get("linkOnly") === "true";
+  const requestId = formData.get("requestId") as string;
+  const organization = formData.get("organization") as string;
+  const idpId = formData.get("id") as string;
+  const provider = formData.get("provider") as string;
+
+  if (linkOnly) params.set("link", "true");
+  if (requestId) params.set("requestId", requestId);
+  if (organization) params.set("organization", organization);
+
+  // redirect to LDAP page where username and password is requested
+  if (provider === "ldap") {
+    params.set("idpId", idpId);
+    redirect(`/idp/ldap?` + params.toString());
+  }
+
+  const response = await startIDPFlow({
+    serviceUrl,
+    host,
+    idpId,
+    successUrl: `/idp/${provider}/success?` + params.toString(),
+    failureUrl: `/idp/${provider}/failure?` + params.toString(),
+  });
+
+  if (!response) {
+    return { error: "Could not start IDP flow" };
+  }
+
+  if (response && "redirect" in response && response?.redirect) {
+    redirect(response.redirect);
+  }
+
+  return { error: "Unexpected response from IDP flow" };
+}
+
+export type StartIDPFlowCommand = {
+  serviceUrl: string;
+  host: string;
+  idpId: string;
+  successUrl: string;
+  failureUrl: string;
+};
+
+async function startIDPFlow(command: StartIDPFlowCommand) {
+  const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
+  const url = await startIdentityProviderFlow({
+    serviceUrl: command.serviceUrl,
+    idpId: command.idpId,
+    urls: {
+      successUrl: `${command.host.includes("localhost") ? "http://" : "https://"}${command.host}${basePath}${command.successUrl}`,
+      failureUrl: `${command.host.includes("localhost") ? "http://" : "https://"}${command.host}${basePath}${command.failureUrl}`,
+    },
+  });
+
+  if (!url) {
+    return { error: "Could not start IDP flow" };
+  }
+
+  return { redirect: url };
+}
+
+type CreateNewSessionCommand = {
+  userId: string;
+  idpIntent: {
+    idpIntentId: string;
+    idpIntentToken: string;
+  };
+  loginName?: string;
+  password?: string;
+  organization?: string;
+  requestId?: string;
+};
+
+export async function createNewSessionFromIdpIntent(
+  command: CreateNewSessionCommand,
+) {
+  const _headers = await headers();
+
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host) {
+    return { error: "Could not get domain" };
+  }
+
+  if (!command.userId || !command.idpIntent) {
+    throw new Error("No userId or loginName provided");
+  }
+
+  const userResponse = await getUserByID({
+    serviceUrl,
+    userId: command.userId,
+  });
+
+  if (!userResponse || !userResponse.user) {
+    return { error: "User not found in the system" };
+  }
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: userResponse.user.details?.resourceOwner,
+  });
+
+  const session = await createSessionForIdpAndUpdateCookie({
+    userId: command.userId,
+    idpIntent: command.idpIntent,
+    requestId: command.requestId,
+    lifetime: loginSettings?.externalLoginCheckLifetime,
+  });
+
+  if (!session || !session.factors?.user) {
+    return { error: "Could not create session" };
+  }
+
+  const humanUser =
+    userResponse.user.type.case === "human"
+      ? userResponse.user.type.value
+      : undefined;
+
+  // check to see if user was verified
+  const emailVerificationCheck = checkEmailVerification(
+    session,
+    humanUser,
+    command.organization,
+    command.requestId,
+  );
+
+  if (emailVerificationCheck?.redirect) {
+    return emailVerificationCheck;
+  }
+
+  // TODO: check if user has MFA methods
+  // const mfaFactorCheck = checkMFAFactors(session, loginSettings, authMethods, organization, requestId);
+  // if (mfaFactorCheck?.redirect) {
+  //   return mfaFactorCheck;
+  // }
+
+  const url = await getNextUrl(
+    command.requestId && session.id
+      ? {
+          sessionId: session.id,
+          requestId: command.requestId,
+          organization: session.factors.user.organizationId,
+        }
+      : {
+          loginName: session.factors.user.loginName,
+          organization: session.factors.user.organizationId,
+        },
+    loginSettings?.defaultRedirectUri,
+  );
+
+  if (url) {
+    return { redirect: url };
+  }
+}
+
+type createNewSessionForLDAPCommand = {
+  username: string;
+  password: string;
+  idpId: string;
+  link: boolean;
+};
+
+export async function createNewSessionForLDAP(
+  command: createNewSessionForLDAPCommand,
+) {
+  const _headers = await headers();
+
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host) {
+    return { error: "Could not get domain" };
+  }
+
+  if (!command.username || !command.password) {
+    return { error: "No username or password provided" };
+  }
+
+  const response = await startLDAPIdentityProviderFlow({
+    serviceUrl,
+    idpId: command.idpId,
+    username: command.username,
+    password: command.password,
+  });
+
+  if (
+    !response ||
+    response.nextStep.case !== "idpIntent" ||
+    !response.nextStep.value
+  ) {
+    return { error: "Could not start LDAP identity provider flow" };
+  }
+
+  const { userId, idpIntentId, idpIntentToken } = response.nextStep.value;
+
+  const params = new URLSearchParams({
+    userId,
+    id: idpIntentId,
+    token: idpIntentToken,
+  });
+
+  if (command.link) {
+    params.set("link", "true");
+  }
+
+  return {
+    redirect: `/idp/ldap/success?` + params.toString(),
+  };
+}
diff --git a/login/apps/login/src/lib/server/loginname.ts b/login/apps/login/src/lib/server/loginname.ts
new file mode 100644
index 0000000000..68cb345c06
--- /dev/null
+++ b/login/apps/login/src/lib/server/loginname.ts
@@ -0,0 +1,454 @@
+"use server";
+
+import { create } from "@zitadel/client";
+import { ChecksSchema } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { headers } from "next/headers";
+import { idpTypeToIdentityProviderType, idpTypeToSlug } from "../idp";
+
+import { PasskeysType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { UserState } from "@zitadel/proto/zitadel/user/v2/user_pb";
+import { getServiceUrlFromHeaders } from "../service-url";
+import {
+  getActiveIdentityProviders,
+  getIDPByID,
+  getLoginSettings,
+  getOrgsByDomain,
+  listAuthenticationMethodTypes,
+  listIDPLinks,
+  searchUsers,
+  SearchUsersCommand,
+  startIdentityProviderFlow,
+} from "../zitadel";
+import { createSessionAndUpdateCookie } from "./cookie";
+
+export type SendLoginnameCommand = {
+  loginName: string;
+  requestId?: string;
+  organization?: string;
+  suffix?: string;
+};
+
+const ORG_SUFFIX_REGEX = /(?<=@)(.+)/;
+
+export async function sendLoginname(command: SendLoginnameCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host) {
+    throw new Error("Could not get domain");
+  }
+
+  const loginSettingsByContext = await getLoginSettings({
+    serviceUrl,
+    organization: command.organization,
+  });
+
+  if (!loginSettingsByContext) {
+    return { error: "Could not get login settings" };
+  }
+
+  let searchUsersRequest: SearchUsersCommand = {
+    serviceUrl,
+    searchValue: command.loginName,
+    organizationId: command.organization,
+    loginSettings: loginSettingsByContext,
+    suffix: command.suffix,
+  };
+
+  const searchResult = await searchUsers(searchUsersRequest);
+
+  if ("error" in searchResult && searchResult.error) {
+    return searchResult;
+  }
+
+  if (!("result" in searchResult)) {
+    return { error: "Could not search users" };
+  }
+
+  const { result: potentialUsers } = searchResult;
+
+  const redirectUserToSingleIDPIfAvailable = async () => {
+    const identityProviders = await getActiveIdentityProviders({
+      serviceUrl,
+      orgId: command.organization,
+    }).then((resp) => {
+      return resp.identityProviders;
+    });
+
+    if (identityProviders.length === 1) {
+      const _headers = await headers();
+      const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+      const host = _headers.get("host");
+
+      if (!host) {
+        return { error: "Could not get host" };
+      }
+
+      const identityProviderType = identityProviders[0].type;
+
+      const provider = idpTypeToSlug(identityProviderType);
+
+      const params = new URLSearchParams();
+
+      if (command.requestId) {
+        params.set("requestId", command.requestId);
+      }
+
+      if (command.organization) {
+        params.set("organization", command.organization);
+      }
+
+      const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
+      const url = await startIdentityProviderFlow({
+        serviceUrl,
+        idpId: identityProviders[0].id,
+        urls: {
+          successUrl:
+            `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/idp/${provider}/success?` +
+            new URLSearchParams(params),
+          failureUrl:
+            `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/idp/${provider}/failure?` +
+            new URLSearchParams(params),
+        },
+      });
+
+      if (!url) {
+        return { error: "Could not start IDP flow" };
+      }
+
+      return { redirect: url };
+    }
+  };
+
+  const redirectUserToIDP = async (userId: string) => {
+    const identityProviders = await listIDPLinks({
+      serviceUrl,
+      userId,
+    }).then((resp) => {
+      return resp.result;
+    });
+
+    if (identityProviders.length === 1) {
+      const _headers = await headers();
+      const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+      const host = _headers.get("host");
+
+      if (!host) {
+        return { error: "Could not get host" };
+      }
+
+      const identityProviderId = identityProviders[0].idpId;
+
+      const idp = await getIDPByID({
+        serviceUrl,
+        id: identityProviderId,
+      });
+
+      const idpType = idp?.type;
+
+      if (!idp || !idpType) {
+        throw new Error("Could not find identity provider");
+      }
+
+      const identityProviderType = idpTypeToIdentityProviderType(idpType);
+      const provider = idpTypeToSlug(identityProviderType);
+
+      const params = new URLSearchParams({ userId });
+
+      if (command.requestId) {
+        params.set("requestId", command.requestId);
+      }
+
+      if (command.organization) {
+        params.set("organization", command.organization);
+      }
+
+      const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
+      const url = await startIdentityProviderFlow({
+        serviceUrl,
+        idpId: idp.id,
+        urls: {
+          successUrl:
+            `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/idp/${provider}/success?` +
+            new URLSearchParams(params),
+          failureUrl:
+            `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/idp/${provider}/failure?` +
+            new URLSearchParams(params),
+        },
+      });
+
+      if (!url) {
+        return { error: "Could not start IDP flow" };
+      }
+
+      return { redirect: url };
+    }
+  };
+
+  if (potentialUsers.length > 1) {
+    return { error: "More than one user found. Provide a unique identifier." };
+  } else if (potentialUsers.length == 1 && potentialUsers[0].userId) {
+    const user = potentialUsers[0];
+    const userId = potentialUsers[0].userId;
+
+    const userLoginSettings = await getLoginSettings({
+      serviceUrl,
+      organization: user.details?.resourceOwner,
+    });
+
+    // compare with the concatenated suffix when set
+    const concatLoginname = command.suffix
+      ? `${command.loginName}@${command.suffix}`
+      : command.loginName;
+
+    const humanUser =
+      potentialUsers[0].type.case === "human"
+        ? potentialUsers[0].type.value
+        : undefined;
+
+    // recheck login settings after user discovery, as the search might have been done without org scope
+    if (
+      userLoginSettings?.disableLoginWithEmail &&
+      userLoginSettings?.disableLoginWithPhone
+    ) {
+      if (user.preferredLoginName !== concatLoginname) {
+        return { error: "User not found in the system!" };
+      }
+    } else if (userLoginSettings?.disableLoginWithEmail) {
+      if (
+        user.preferredLoginName !== concatLoginname ||
+        humanUser?.phone?.phone !== command.loginName
+      ) {
+        return { error: "User not found in the system!" };
+      }
+    } else if (userLoginSettings?.disableLoginWithPhone) {
+      if (
+        user.preferredLoginName !== concatLoginname ||
+        humanUser?.email?.email !== command.loginName
+      ) {
+        return { error: "User not found in the system!" };
+      }
+    }
+
+    const checks = create(ChecksSchema, {
+      user: { search: { case: "userId", value: userId } },
+    });
+
+    const session = await createSessionAndUpdateCookie({
+      checks,
+      requestId: command.requestId,
+    });
+
+    if (!session.factors?.user?.id) {
+      return { error: "Could not create session for user" };
+    }
+
+    // TODO: check if handling of userstate INITIAL is needed
+    if (user.state === UserState.INITIAL) {
+      return { error: "Initial User not supported" };
+    }
+
+    const methods = await listAuthenticationMethodTypes({
+      serviceUrl,
+      userId: session.factors?.user?.id,
+    });
+
+    // always resend invite if user has no auth method set
+    if (!methods.authMethodTypes || !methods.authMethodTypes.length) {
+      const params = new URLSearchParams({
+        loginName: session.factors?.user?.loginName as string,
+        send: "true", // set this to true to request a new code immediately
+        invite: "true",
+      });
+
+      if (command.requestId) {
+        params.append("requestId", command.requestId);
+      }
+
+      if (command.organization || session.factors?.user?.organizationId) {
+        params.append(
+          "organization",
+          command.organization ??
+            (session.factors?.user?.organizationId as string),
+        );
+      }
+
+      return { redirect: `/verify?` + params };
+    }
+
+    if (methods.authMethodTypes.length == 1) {
+      const method = methods.authMethodTypes[0];
+      switch (method) {
+        case AuthenticationMethodType.PASSWORD: // user has only password as auth method
+          if (!userLoginSettings?.allowUsernamePassword) {
+            return {
+              error:
+                "Username Password not allowed! Contact your administrator for more information.",
+            };
+          }
+
+          const paramsPassword: any = {
+            loginName: session.factors?.user?.loginName,
+          };
+
+          // TODO: does this have to be checked in loginSettings.allowDomainDiscovery
+
+          if (command.organization || session.factors?.user?.organizationId) {
+            paramsPassword.organization =
+              command.organization ?? session.factors?.user?.organizationId;
+          }
+
+          if (command.requestId) {
+            paramsPassword.requestId = command.requestId;
+          }
+
+          return {
+            redirect: "/password?" + new URLSearchParams(paramsPassword),
+          };
+
+        case AuthenticationMethodType.PASSKEY: // AuthenticationMethodType.AUTHENTICATION_METHOD_TYPE_PASSKEY
+          if (userLoginSettings?.passkeysType === PasskeysType.NOT_ALLOWED) {
+            return {
+              error:
+                "Passkeys not allowed! Contact your administrator for more information.",
+            };
+          }
+
+          const paramsPasskey: any = { loginName: command.loginName };
+          if (command.requestId) {
+            paramsPasskey.requestId = command.requestId;
+          }
+
+          if (command.organization || session.factors?.user?.organizationId) {
+            paramsPasskey.organization =
+              command.organization ?? session.factors?.user?.organizationId;
+          }
+
+          return { redirect: "/passkey?" + new URLSearchParams(paramsPasskey) };
+      }
+    } else {
+      // prefer passkey in favor of other methods
+      if (methods.authMethodTypes.includes(AuthenticationMethodType.PASSKEY)) {
+        const passkeyParams: any = {
+          loginName: command.loginName,
+          altPassword: `${methods.authMethodTypes.includes(1)}`, // show alternative password option
+        };
+
+        if (command.requestId) {
+          passkeyParams.requestId = command.requestId;
+        }
+
+        if (command.organization || session.factors?.user?.organizationId) {
+          passkeyParams.organization =
+            command.organization ?? session.factors?.user?.organizationId;
+        }
+
+        return { redirect: "/passkey?" + new URLSearchParams(passkeyParams) };
+      } else if (
+        methods.authMethodTypes.includes(AuthenticationMethodType.IDP)
+      ) {
+        return redirectUserToIDP(userId);
+      } else if (
+        methods.authMethodTypes.includes(AuthenticationMethodType.PASSWORD)
+      ) {
+        // user has no passkey setup and login settings allow passkeys
+        const paramsPasswordDefault: any = { loginName: command.loginName };
+
+        if (command.requestId) {
+          paramsPasswordDefault.requestId = command.requestId;
+        }
+
+        if (command.organization || session.factors?.user?.organizationId) {
+          paramsPasswordDefault.organization =
+            command.organization ?? session.factors?.user?.organizationId;
+        }
+
+        return {
+          redirect: "/password?" + new URLSearchParams(paramsPasswordDefault),
+        };
+      }
+    }
+  }
+
+  // user not found, check if register is enabled on instance / organization context
+  if (
+    loginSettingsByContext?.allowRegister &&
+    !loginSettingsByContext?.allowUsernamePassword
+  ) {
+    const resp = await redirectUserToSingleIDPIfAvailable();
+    if (resp) {
+      return resp;
+    }
+    return { error: "User not found in the system" };
+  } else if (
+    loginSettingsByContext?.allowRegister &&
+    loginSettingsByContext?.allowUsernamePassword
+  ) {
+    let orgToRegisterOn: string | undefined = command.organization;
+
+    if (
+      !loginSettingsByContext?.ignoreUnknownUsernames &&
+      !orgToRegisterOn &&
+      command.loginName &&
+      ORG_SUFFIX_REGEX.test(command.loginName)
+    ) {
+      const matched = ORG_SUFFIX_REGEX.exec(command.loginName);
+      const suffix = matched?.[1] ?? "";
+
+      // this just returns orgs where the suffix is set as primary domain
+      const orgs = await getOrgsByDomain({
+        serviceUrl,
+        domain: suffix,
+      });
+      const orgToCheckForDiscovery =
+        orgs.result && orgs.result.length === 1 ? orgs.result[0].id : undefined;
+
+      const orgLoginSettings = await getLoginSettings({
+        serviceUrl,
+        organization: orgToCheckForDiscovery,
+      });
+      if (orgLoginSettings?.allowDomainDiscovery) {
+        orgToRegisterOn = orgToCheckForDiscovery;
+      }
+    }
+
+    // do not register user if ignoreUnknownUsernames is set
+    if (orgToRegisterOn && !loginSettingsByContext?.ignoreUnknownUsernames) {
+      const params = new URLSearchParams({ organization: orgToRegisterOn });
+
+      if (command.requestId) {
+        params.set("requestId", command.requestId);
+      }
+
+      if (command.loginName) {
+        params.set("email", command.loginName);
+      }
+
+      return { redirect: "/register?" + params };
+    }
+  }
+
+  if (loginSettingsByContext?.ignoreUnknownUsernames) {
+    const paramsPasswordDefault = new URLSearchParams({
+      loginName: command.loginName,
+    });
+
+    if (command.requestId) {
+      paramsPasswordDefault.append("requestId", command.requestId);
+    }
+
+    if (command.organization) {
+      paramsPasswordDefault.append("organization", command.organization);
+    }
+
+    return { redirect: "/password?" + paramsPasswordDefault };
+  }
+
+  // fallbackToPassword
+
+  return { error: "User not found in the system" };
+}
diff --git a/login/apps/login/src/lib/server/oidc.ts b/login/apps/login/src/lib/server/oidc.ts
new file mode 100644
index 0000000000..36a31fe419
--- /dev/null
+++ b/login/apps/login/src/lib/server/oidc.ts
@@ -0,0 +1,15 @@
+"use server";
+
+import { getDeviceAuthorizationRequest as zitadelGetDeviceAuthorizationRequest } from "@/lib/zitadel";
+import { headers } from "next/headers";
+import { getServiceUrlFromHeaders } from "../service-url";
+
+export async function getDeviceAuthorizationRequest(userCode: string) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  return zitadelGetDeviceAuthorizationRequest({
+    serviceUrl,
+    userCode,
+  });
+}
diff --git a/login/apps/login/src/lib/server/otp.ts b/login/apps/login/src/lib/server/otp.ts
new file mode 100644
index 0000000000..f3d4a1536a
--- /dev/null
+++ b/login/apps/login/src/lib/server/otp.ts
@@ -0,0 +1,83 @@
+"use server";
+
+import { setSessionAndUpdateCookie } from "@/lib/server/cookie";
+import { create } from "@zitadel/client";
+import {
+  CheckOTPSchema,
+  ChecksSchema,
+  CheckTOTPSchema,
+} from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { headers } from "next/headers";
+import {
+  getMostRecentSessionCookie,
+  getSessionCookieById,
+  getSessionCookieByLoginName,
+} from "../cookies";
+import { getServiceUrlFromHeaders } from "../service-url";
+import { getLoginSettings } from "../zitadel";
+
+export type SetOTPCommand = {
+  loginName?: string;
+  sessionId?: string;
+  organization?: string;
+  requestId?: string;
+  code: string;
+  method: string;
+};
+
+export async function setOTP(command: SetOTPCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const recentSession = command.sessionId
+    ? await getSessionCookieById({ sessionId: command.sessionId }).catch(
+        (error) => {
+          return Promise.reject(error);
+        },
+      )
+    : command.loginName
+      ? await getSessionCookieByLoginName({
+          loginName: command.loginName,
+          organization: command.organization,
+        }).catch((error) => {
+          return Promise.reject(error);
+        })
+      : await getMostRecentSessionCookie().catch((error) => {
+          return Promise.reject(error);
+        });
+
+  const checks = create(ChecksSchema, {});
+
+  if (command.method === "time-based") {
+    checks.totp = create(CheckTOTPSchema, {
+      code: command.code,
+    });
+  } else if (command.method === "sms") {
+    checks.otpSms = create(CheckOTPSchema, {
+      code: command.code,
+    });
+  } else if (command.method === "email") {
+    checks.otpEmail = create(CheckOTPSchema, {
+      code: command.code,
+    });
+  }
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: command.organization,
+  });
+
+  return setSessionAndUpdateCookie(
+    recentSession,
+    checks,
+    undefined,
+    command.requestId,
+    loginSettings?.secondFactorCheckLifetime,
+  ).then((session) => {
+    return {
+      sessionId: session.id,
+      factors: session.factors,
+      challenges: session.challenges,
+    };
+  });
+}
diff --git a/login/apps/login/src/lib/server/passkeys.ts b/login/apps/login/src/lib/server/passkeys.ts
new file mode 100644
index 0000000000..3470629f24
--- /dev/null
+++ b/login/apps/login/src/lib/server/passkeys.ts
@@ -0,0 +1,278 @@
+"use server";
+
+import {
+  createPasskeyRegistrationLink,
+  getLoginSettings,
+  getSession,
+  getUserByID,
+  listAuthenticationMethodTypes,
+  registerPasskey,
+  verifyPasskeyRegistration as zitadelVerifyPasskeyRegistration,
+} from "@/lib/zitadel";
+import { create, Duration, Timestamp, timestampDate } from "@zitadel/client";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import {
+  RegisterPasskeyResponse,
+  VerifyPasskeyRegistrationRequestSchema,
+} from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { headers } from "next/headers";
+import { userAgent } from "next/server";
+import { getNextUrl } from "../client";
+import {
+  getMostRecentSessionCookie,
+  getSessionCookieById,
+  getSessionCookieByLoginName,
+} from "../cookies";
+import { getServiceUrlFromHeaders } from "../service-url";
+import {
+  checkEmailVerification,
+  checkUserVerification,
+} from "../verify-helper";
+import { setSessionAndUpdateCookie } from "./cookie";
+
+type VerifyPasskeyCommand = {
+  passkeyId: string;
+  passkeyName?: string;
+  publicKeyCredential: any;
+  sessionId: string;
+};
+
+type RegisterPasskeyCommand = {
+  sessionId: string;
+};
+
+function isSessionValid(session: Partial<Session>): {
+  valid: boolean;
+  verifiedAt?: Timestamp;
+} {
+  const validPassword = session?.factors?.password?.verifiedAt;
+  const validPasskey = session?.factors?.webAuthN?.verifiedAt;
+  const stillValid = session.expirationDate
+    ? timestampDate(session.expirationDate) > new Date()
+    : true;
+
+  const verifiedAt = validPassword || validPasskey;
+  const valid = !!((validPassword || validPasskey) && stillValid);
+
+  return { valid, verifiedAt };
+}
+
+export async function registerPasskeyLink(
+  command: RegisterPasskeyCommand,
+): Promise<RegisterPasskeyResponse | { error: string }> {
+  const { sessionId } = command;
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host) {
+    throw new Error("Could not get domain");
+  }
+
+  const sessionCookie = await getSessionCookieById({ sessionId });
+  const session = await getSession({
+    serviceUrl,
+    sessionId: sessionCookie.id,
+    sessionToken: sessionCookie.token,
+  });
+
+  if (!session?.session?.factors?.user?.id) {
+    return { error: "Could not determine user from session" };
+  }
+
+  const sessionValid = isSessionValid(session.session);
+
+  if (!sessionValid) {
+    const authmethods = await listAuthenticationMethodTypes({
+      serviceUrl,
+      userId: session.session.factors.user.id,
+    });
+
+    // if the user has no authmethods set, we need to check if the user was verified
+    if (authmethods.authMethodTypes.length !== 0) {
+      return {
+        error:
+          "You have to authenticate or have a valid User Verification Check",
+      };
+    }
+
+    // check if a verification was done earlier
+    const hasValidUserVerificationCheck = await checkUserVerification(
+      session.session.factors.user.id,
+    );
+
+    if (!hasValidUserVerificationCheck) {
+      return { error: "User Verification Check has to be done" };
+    }
+  }
+
+  const [hostname, port] = host.split(":");
+
+  if (!hostname) {
+    throw new Error("Could not get hostname");
+  }
+
+  const userId = session?.session?.factors?.user?.id;
+
+  if (!userId) {
+    throw new Error("Could not get session");
+  }
+  // TODO: add org context
+
+  // use session token to add the passkey
+  const registerLink = await createPasskeyRegistrationLink({
+    serviceUrl,
+    userId,
+  });
+
+  if (!registerLink.code) {
+    throw new Error("Missing code in response");
+  }
+
+  return registerPasskey({
+    serviceUrl,
+    userId,
+    code: registerLink.code,
+    domain: hostname,
+  });
+}
+
+export async function verifyPasskeyRegistration(command: VerifyPasskeyCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  // if no name is provided, try to generate one from the user agent
+  let passkeyName = command.passkeyName;
+  if (!!!passkeyName) {
+    const headersList = await headers();
+    const userAgentStructure = { headers: headersList };
+    const { browser, device, os } = userAgent(userAgentStructure);
+
+    passkeyName = `${device.vendor ?? ""} ${device.model ?? ""}${
+      device.vendor || device.model ? ", " : ""
+    }${os.name}${os.name ? ", " : ""}${browser.name}`;
+  }
+
+  const sessionCookie = await getSessionCookieById({
+    sessionId: command.sessionId,
+  });
+  const session = await getSession({
+    serviceUrl,
+    sessionId: sessionCookie.id,
+    sessionToken: sessionCookie.token,
+  });
+  const userId = session?.session?.factors?.user?.id;
+
+  if (!userId) {
+    throw new Error("Could not get session");
+  }
+
+  return zitadelVerifyPasskeyRegistration({
+    serviceUrl,
+    request: create(VerifyPasskeyRegistrationRequestSchema, {
+      passkeyId: command.passkeyId,
+      publicKeyCredential: command.publicKeyCredential,
+      passkeyName,
+      userId,
+    }),
+  });
+}
+
+type SendPasskeyCommand = {
+  loginName?: string;
+  sessionId?: string;
+  organization?: string;
+  checks?: Checks;
+  requestId?: string;
+  lifetime?: Duration;
+};
+
+export async function sendPasskey(command: SendPasskeyCommand) {
+  let { loginName, sessionId, organization, checks, requestId } = command;
+  const recentSession = sessionId
+    ? await getSessionCookieById({ sessionId })
+    : loginName
+      ? await getSessionCookieByLoginName({ loginName, organization })
+      : await getMostRecentSessionCookie();
+
+  if (!recentSession) {
+    return {
+      error: "Could not find session",
+    };
+  }
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization,
+  });
+
+  const lifetime = checks?.webAuthN
+    ? loginSettings?.multiFactorCheckLifetime // TODO different lifetime for webauthn u2f/passkey
+    : checks?.otpEmail || checks?.otpSms
+      ? loginSettings?.secondFactorCheckLifetime
+      : undefined;
+
+  const session = await setSessionAndUpdateCookie(
+    recentSession,
+    checks,
+    undefined,
+    requestId,
+    lifetime,
+  );
+
+  if (!session || !session?.factors?.user?.id) {
+    return { error: "Could not update session" };
+  }
+
+  const userResponse = await getUserByID({
+    serviceUrl,
+    userId: session?.factors?.user?.id,
+  });
+
+  if (!userResponse.user) {
+    return { error: "User not found in the system" };
+  }
+
+  const humanUser =
+    userResponse.user.type.case === "human"
+      ? userResponse.user.type.value
+      : undefined;
+
+  const emailVerificationCheck = checkEmailVerification(
+    session,
+    humanUser,
+    organization,
+    requestId,
+  );
+
+  if (emailVerificationCheck?.redirect) {
+    return emailVerificationCheck;
+  }
+
+  const url =
+    requestId && session.id
+      ? await getNextUrl(
+          {
+            sessionId: session.id,
+            requestId: requestId,
+            organization: organization,
+          },
+          loginSettings?.defaultRedirectUri,
+        )
+      : session?.factors?.user?.loginName
+        ? await getNextUrl(
+            {
+              loginName: session.factors.user.loginName,
+              organization: organization,
+            },
+            loginSettings?.defaultRedirectUri,
+          )
+        : null;
+
+  return { redirect: url };
+}
diff --git a/login/apps/login/src/lib/server/password.ts b/login/apps/login/src/lib/server/password.ts
new file mode 100644
index 0000000000..5c6fb03aa5
--- /dev/null
+++ b/login/apps/login/src/lib/server/password.ts
@@ -0,0 +1,460 @@
+"use server";
+
+import {
+  createSessionAndUpdateCookie,
+  setSessionAndUpdateCookie,
+} from "@/lib/server/cookie";
+import {
+  getLockoutSettings,
+  getLoginSettings,
+  getPasswordExpirySettings,
+  getSession,
+  getUserByID,
+  listAuthenticationMethodTypes,
+  listUsers,
+  passwordReset,
+  setPassword,
+  setUserPassword,
+} from "@/lib/zitadel";
+import { ConnectError, create } from "@zitadel/client";
+import { createUserServiceClient } from "@zitadel/client/v2";
+import {
+  Checks,
+  ChecksSchema,
+} from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { User, UserState } from "@zitadel/proto/zitadel/user/v2/user_pb";
+import {
+  AuthenticationMethodType,
+  SetPasswordRequestSchema,
+} from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { headers } from "next/headers";
+import { getNextUrl } from "../client";
+import { getSessionCookieById, getSessionCookieByLoginName } from "../cookies";
+import { getServiceUrlFromHeaders } from "../service-url";
+import {
+  checkEmailVerification,
+  checkMFAFactors,
+  checkPasswordChangeRequired,
+  checkUserVerification,
+} from "../verify-helper";
+import { createServerTransport } from "../zitadel";
+
+type ResetPasswordCommand = {
+  loginName: string;
+  organization?: string;
+  requestId?: string;
+};
+
+export async function resetPassword(command: ResetPasswordCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host || typeof host !== "string") {
+    throw new Error("No host found");
+  }
+
+  const users = await listUsers({
+    serviceUrl,
+    loginName: command.loginName,
+    organizationId: command.organization,
+  });
+
+  if (
+    !users.details ||
+    users.details.totalResult !== BigInt(1) ||
+    !users.result[0].userId
+  ) {
+    return { error: "Could not send Password Reset Link" };
+  }
+  const userId = users.result[0].userId;
+
+  const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
+  return passwordReset({
+    serviceUrl,
+    userId,
+    urlTemplate:
+      `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/password/set?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` +
+      (command.requestId ? `&requestId=${command.requestId}` : ""),
+  });
+}
+
+export type UpdateSessionCommand = {
+  loginName: string;
+  organization?: string;
+  checks: Checks;
+  requestId?: string;
+};
+
+export async function sendPassword(command: UpdateSessionCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  let sessionCookie = await getSessionCookieByLoginName({
+    loginName: command.loginName,
+    organization: command.organization,
+  }).catch((error) => {
+    console.warn("Ignored error:", error);
+  });
+
+  let session;
+  let user: User;
+  let loginSettings: LoginSettings | undefined;
+
+  if (!sessionCookie) {
+    const users = await listUsers({
+      serviceUrl,
+      loginName: command.loginName,
+      organizationId: command.organization,
+    });
+
+    if (users.details?.totalResult == BigInt(1) && users.result[0].userId) {
+      user = users.result[0];
+
+      const checks = create(ChecksSchema, {
+        user: { search: { case: "userId", value: users.result[0].userId } },
+        password: { password: command.checks.password?.password },
+      });
+
+      loginSettings = await getLoginSettings({
+        serviceUrl,
+        organization: command.organization,
+      });
+
+      try {
+        session = await createSessionAndUpdateCookie({
+          checks,
+          requestId: command.requestId,
+          lifetime: loginSettings?.passwordCheckLifetime,
+        });
+      } catch (error: any) {
+        if ("failedAttempts" in error && error.failedAttempts) {
+          const lockoutSettings = await getLockoutSettings({
+            serviceUrl,
+            orgId: command.organization,
+          });
+
+          return {
+            error:
+              `Failed to authenticate. You had ${error.failedAttempts} of ${lockoutSettings?.maxPasswordAttempts} password attempts.` +
+              (lockoutSettings?.maxPasswordAttempts &&
+              error.failedAttempts >= lockoutSettings?.maxPasswordAttempts
+                ? "Contact your administrator to unlock your account"
+                : ""),
+          };
+        }
+        return { error: "Could not create session for user" };
+      }
+    }
+
+    // this is a fake error message to hide that the user does not even exist
+    return { error: "Could not verify password" };
+  } else {
+    try {
+      session = await setSessionAndUpdateCookie(
+        sessionCookie,
+        command.checks,
+        undefined,
+        command.requestId,
+        loginSettings?.passwordCheckLifetime,
+      );
+    } catch (error: any) {
+      if ("failedAttempts" in error && error.failedAttempts) {
+        const lockoutSettings = await getLockoutSettings({
+          serviceUrl,
+          orgId: command.organization,
+        });
+
+        return {
+          error:
+            `Failed to authenticate. You had ${error.failedAttempts} of ${lockoutSettings?.maxPasswordAttempts} password attempts.` +
+            (lockoutSettings?.maxPasswordAttempts &&
+            error.failedAttempts >= lockoutSettings?.maxPasswordAttempts
+              ? " Contact your administrator to unlock your account"
+              : ""),
+        };
+      }
+      throw error;
+    }
+
+    if (!session?.factors?.user?.id) {
+      return { error: "Could not create session for user" };
+    }
+
+    const userResponse = await getUserByID({
+      serviceUrl,
+      userId: session?.factors?.user?.id,
+    });
+
+    if (!userResponse.user) {
+      return { error: "User not found in the system" };
+    }
+
+    user = userResponse.user;
+  }
+
+  if (!loginSettings) {
+    loginSettings = await getLoginSettings({
+      serviceUrl,
+      organization:
+        command.organization ?? session.factors?.user?.organizationId,
+    });
+  }
+
+  if (!session?.factors?.user?.id || !sessionCookie) {
+    return { error: "Could not create session for user" };
+  }
+
+  const humanUser = user.type.case === "human" ? user.type.value : undefined;
+
+  const expirySettings = await getPasswordExpirySettings({
+    serviceUrl,
+    orgId: command.organization ?? session.factors?.user?.organizationId,
+  });
+
+  // check if the user has to change password first
+  const passwordChangedCheck = checkPasswordChangeRequired(
+    expirySettings,
+    session,
+    humanUser,
+    command.organization,
+    command.requestId,
+  );
+
+  if (passwordChangedCheck?.redirect) {
+    return passwordChangedCheck;
+  }
+
+  // throw error if user is in initial state here and do not continue
+  if (user.state === UserState.INITIAL) {
+    return { error: "Initial User not supported" };
+  }
+
+  // check to see if user was verified
+  const emailVerificationCheck = checkEmailVerification(
+    session,
+    humanUser,
+    command.organization,
+    command.requestId,
+  );
+
+  if (emailVerificationCheck?.redirect) {
+    return emailVerificationCheck;
+  }
+
+  // if password, check if user has MFA methods
+  let authMethods;
+  if (command.checks && command.checks.password && session.factors?.user?.id) {
+    const response = await listAuthenticationMethodTypes({
+      serviceUrl,
+      userId: session.factors.user.id,
+    });
+    if (response.authMethodTypes && response.authMethodTypes.length) {
+      authMethods = response.authMethodTypes;
+    }
+  }
+
+  if (!authMethods) {
+    return { error: "Could not verify password!" };
+  }
+
+  const mfaFactorCheck = await checkMFAFactors(
+    serviceUrl,
+    session,
+    loginSettings,
+    authMethods,
+    command.organization,
+    command.requestId,
+  );
+
+  if (mfaFactorCheck?.redirect) {
+    return mfaFactorCheck;
+  }
+
+  if (command.requestId && session.id) {
+    const nextUrl = await getNextUrl(
+      {
+        sessionId: session.id,
+        requestId: command.requestId,
+        organization:
+          command.organization ?? session.factors?.user?.organizationId,
+      },
+      loginSettings?.defaultRedirectUri,
+    );
+
+    return { redirect: nextUrl };
+  }
+
+  const url = await getNextUrl(
+    {
+      loginName: session.factors.user.loginName,
+      organization: session.factors?.user?.organizationId,
+    },
+    loginSettings?.defaultRedirectUri,
+  );
+
+  return { redirect: url };
+}
+
+// this function lets users with code set a password or users with valid User Verification Check
+export async function changePassword(command: {
+  code?: string;
+  userId: string;
+  password: string;
+}) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  // check for init state
+  const { user } = await getUserByID({
+    serviceUrl,
+    userId: command.userId,
+  });
+
+  if (!user || user.userId !== command.userId) {
+    return { error: "Could not send Password Reset Link" };
+  }
+  const userId = user.userId;
+
+  if (user.state === UserState.INITIAL) {
+    return { error: "User Initial State is not supported" };
+  }
+
+  // check if the user has no password set in order to set a password
+  if (!command.code) {
+    const authmethods = await listAuthenticationMethodTypes({
+      serviceUrl,
+      userId,
+    });
+
+    // if the user has no authmethods set, we need to check if the user was verified
+    if (authmethods.authMethodTypes.length !== 0) {
+      return {
+        error:
+          "You have to provide a code or have a valid User Verification Check",
+      };
+    }
+
+    // check if a verification was done earlier
+    const hasValidUserVerificationCheck = await checkUserVerification(
+      user.userId,
+    );
+
+    if (!hasValidUserVerificationCheck) {
+      return { error: "User Verification Check has to be done" };
+    }
+  }
+
+  return setUserPassword({
+    serviceUrl,
+    userId,
+    password: command.password,
+    code: command.code,
+  });
+}
+
+type CheckSessionAndSetPasswordCommand = {
+  sessionId: string;
+  password: string;
+};
+
+export async function checkSessionAndSetPassword({
+  sessionId,
+  password,
+}: CheckSessionAndSetPasswordCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const sessionCookie = await getSessionCookieById({ sessionId });
+
+  const { session } = await getSession({
+    serviceUrl,
+    sessionId: sessionCookie.id,
+    sessionToken: sessionCookie.token,
+  });
+
+  if (!session || !session.factors?.user?.id) {
+    return { error: "Could not load session" };
+  }
+
+  const payload = create(SetPasswordRequestSchema, {
+    userId: session.factors.user.id,
+    newPassword: {
+      password,
+    },
+  });
+
+  // check if the user has no password set in order to set a password
+  const authmethods = await listAuthenticationMethodTypes({
+    serviceUrl,
+    userId: session.factors.user.id,
+  });
+
+  if (!authmethods) {
+    return { error: "Could not load auth methods" };
+  }
+
+  const requiredAuthMethodsForForceMFA = [
+    AuthenticationMethodType.OTP_EMAIL,
+    AuthenticationMethodType.OTP_SMS,
+    AuthenticationMethodType.TOTP,
+    AuthenticationMethodType.U2F,
+  ];
+
+  const hasNoMFAMethods = requiredAuthMethodsForForceMFA.every(
+    (method) => !authmethods.authMethodTypes.includes(method),
+  );
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: session.factors.user.organizationId,
+  });
+
+  const forceMfa = !!(
+    loginSettings?.forceMfa || loginSettings?.forceMfaLocalOnly
+  );
+
+  // if the user has no MFA but MFA is enforced, we can set a password otherwise we use the token of the user
+  if (forceMfa && hasNoMFAMethods) {
+    return setPassword({ serviceUrl, payload }).catch((error) => {
+      // throw error if failed precondition (ex. User is not yet initialized)
+      if (error.code === 9 && error.message) {
+        return { error: "Failed precondition" };
+      } else {
+        throw error;
+      }
+    });
+  } else {
+    const transport = async (serviceUrl: string, token: string) => {
+      return createServerTransport(token, serviceUrl);
+    };
+
+    const myUserService = async (serviceUrl: string, sessionToken: string) => {
+      const transportPromise = await transport(serviceUrl, sessionToken);
+      return createUserServiceClient(transportPromise);
+    };
+
+    const selfService = await myUserService(
+      serviceUrl,
+      `${sessionCookie.token}`,
+    );
+
+    return selfService
+      .setPassword(
+        {
+          userId: session.factors.user.id,
+          newPassword: { password, changeRequired: false },
+        },
+        {},
+      )
+      .catch((error: ConnectError) => {
+        console.log(error);
+        if (error.code === 7) {
+          return { error: "Session is not valid." };
+        }
+        throw error;
+      });
+  }
+}
diff --git a/login/apps/login/src/lib/server/register.ts b/login/apps/login/src/lib/server/register.ts
new file mode 100644
index 0000000000..f84b4c8d51
--- /dev/null
+++ b/login/apps/login/src/lib/server/register.ts
@@ -0,0 +1,233 @@
+"use server";
+
+import {
+  createSessionAndUpdateCookie,
+  createSessionForIdpAndUpdateCookie,
+} from "@/lib/server/cookie";
+import {
+  addHumanUser,
+  addIDPLink,
+  getLoginSettings,
+  getUserByID,
+} from "@/lib/zitadel";
+import { create } from "@zitadel/client";
+import { Factors } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import {
+  ChecksJson,
+  ChecksSchema,
+} from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { headers } from "next/headers";
+import { getNextUrl } from "../client";
+import { getServiceUrlFromHeaders } from "../service-url";
+import { checkEmailVerification } from "../verify-helper";
+
+type RegisterUserCommand = {
+  email: string;
+  firstName: string;
+  lastName: string;
+  password?: string;
+  organization: string;
+  requestId?: string;
+};
+
+export type RegisterUserResponse = {
+  userId: string;
+  sessionId: string;
+  factors: Factors | undefined;
+};
+export async function registerUser(command: RegisterUserCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host || typeof host !== "string") {
+    throw new Error("No host found");
+  }
+
+  const addResponse = await addHumanUser({
+    serviceUrl,
+    email: command.email,
+    firstName: command.firstName,
+    lastName: command.lastName,
+    password: command.password ? command.password : undefined,
+    organization: command.organization,
+  });
+
+  if (!addResponse) {
+    return { error: "Could not create user" };
+  }
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: command.organization,
+  });
+
+  let checkPayload: any = {
+    user: { search: { case: "userId", value: addResponse.userId } },
+  };
+
+  if (command.password) {
+    checkPayload = {
+      ...checkPayload,
+      password: { password: command.password },
+    } as ChecksJson;
+  }
+
+  const checks = create(ChecksSchema, checkPayload);
+
+  const session = await createSessionAndUpdateCookie({
+    checks,
+    requestId: command.requestId,
+    lifetime: command.password
+      ? loginSettings?.passwordCheckLifetime
+      : undefined,
+  });
+
+  if (!session || !session.factors?.user) {
+    return { error: "Could not create session" };
+  }
+
+  if (!command.password) {
+    const params = new URLSearchParams({
+      loginName: session.factors.user.loginName,
+      organization: session.factors.user.organizationId,
+    });
+
+    if (command.requestId) {
+      params.append("requestId", command.requestId);
+    }
+
+    return { redirect: "/passkey/set?" + params };
+  } else {
+    const userResponse = await getUserByID({
+      serviceUrl,
+      userId: session?.factors?.user?.id,
+    });
+
+    if (!userResponse.user) {
+      return { error: "User not found in the system" };
+    }
+
+    const humanUser =
+      userResponse.user.type.case === "human"
+        ? userResponse.user.type.value
+        : undefined;
+
+    const emailVerificationCheck = checkEmailVerification(
+      session,
+      humanUser,
+      session.factors.user.organizationId,
+      command.requestId,
+    );
+
+    if (emailVerificationCheck?.redirect) {
+      return emailVerificationCheck;
+    }
+
+    const url = await getNextUrl(
+      command.requestId && session.id
+        ? {
+            sessionId: session.id,
+            requestId: command.requestId,
+            organization: session.factors.user.organizationId,
+          }
+        : {
+            loginName: session.factors.user.loginName,
+            organization: session.factors.user.organizationId,
+          },
+      loginSettings?.defaultRedirectUri,
+    );
+
+    return { redirect: url };
+  }
+}
+
+type RegisterUserAndLinkToIDPommand = {
+  email: string;
+  firstName: string;
+  lastName: string;
+  organization: string;
+  requestId?: string;
+  idpIntent: {
+    idpIntentId: string;
+    idpIntentToken: string;
+  };
+  idpUserId: string;
+  idpId: string;
+  idpUserName: string;
+};
+
+export type registerUserAndLinkToIDPResponse = {
+  userId: string;
+  sessionId: string;
+  factors: Factors | undefined;
+};
+export async function registerUserAndLinkToIDP(
+  command: RegisterUserAndLinkToIDPommand,
+) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host || typeof host !== "string") {
+    throw new Error("No host found");
+  }
+
+  const addResponse = await addHumanUser({
+    serviceUrl,
+    email: command.email,
+    firstName: command.firstName,
+    lastName: command.lastName,
+    organization: command.organization,
+  });
+
+  if (!addResponse) {
+    return { error: "Could not create user" };
+  }
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: command.organization,
+  });
+
+  const idpLink = await addIDPLink({
+    serviceUrl,
+    idp: {
+      id: command.idpId,
+      userId: command.idpUserId,
+      userName: command.idpUserName,
+    },
+    userId: addResponse.userId,
+  });
+
+  if (!idpLink) {
+    return { error: "Could not link IDP to user" };
+  }
+
+  const session = await createSessionForIdpAndUpdateCookie({
+    requestId: command.requestId,
+    userId: addResponse.userId, // the user we just created
+    idpIntent: command.idpIntent,
+    lifetime: loginSettings?.externalLoginCheckLifetime,
+  });
+
+  if (!session || !session.factors?.user) {
+    return { error: "Could not create session" };
+  }
+
+  const url = await getNextUrl(
+    command.requestId && session.id
+      ? {
+          sessionId: session.id,
+          requestId: command.requestId,
+          organization: session.factors.user.organizationId,
+        }
+      : {
+          loginName: session.factors.user.loginName,
+          organization: session.factors.user.organizationId,
+        },
+    loginSettings?.defaultRedirectUri,
+  );
+
+  return { redirect: url };
+}
diff --git a/login/apps/login/src/lib/server/session.ts b/login/apps/login/src/lib/server/session.ts
new file mode 100644
index 0000000000..2aceb3a1d0
--- /dev/null
+++ b/login/apps/login/src/lib/server/session.ts
@@ -0,0 +1,221 @@
+"use server";
+
+import { setSessionAndUpdateCookie } from "@/lib/server/cookie";
+import {
+  deleteSession,
+  getLoginSettings,
+  getSecuritySettings,
+  humanMFAInitSkipped,
+  listAuthenticationMethodTypes,
+} from "@/lib/zitadel";
+import { Duration } from "@zitadel/client";
+import { RequestChallenges } from "@zitadel/proto/zitadel/session/v2/challenge_pb";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { headers } from "next/headers";
+import { getNextUrl } from "../client";
+import {
+  getMostRecentSessionCookie,
+  getSessionCookieById,
+  getSessionCookieByLoginName,
+  removeSessionFromCookie,
+} from "../cookies";
+import { getServiceUrlFromHeaders } from "../service-url";
+
+export async function skipMFAAndContinueWithNextUrl({
+  userId,
+  requestId,
+  loginName,
+  sessionId,
+  organization,
+}: {
+  userId: string;
+  loginName?: string;
+  sessionId?: string;
+  requestId?: string;
+  organization?: string;
+}) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: organization,
+  });
+
+  await humanMFAInitSkipped({ serviceUrl, userId });
+
+  const url =
+    requestId && sessionId
+      ? await getNextUrl(
+          {
+            sessionId: sessionId,
+            requestId: requestId,
+            organization: organization,
+          },
+          loginSettings?.defaultRedirectUri,
+        )
+      : loginName
+        ? await getNextUrl(
+            {
+              loginName: loginName,
+              organization: organization,
+            },
+            loginSettings?.defaultRedirectUri,
+          )
+        : null;
+  if (url) {
+    return { redirect: url };
+  }
+}
+
+export async function continueWithSession({
+  requestId,
+  ...session
+}: Session & { requestId?: string }) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: session.factors?.user?.organizationId,
+  });
+
+  const url =
+    requestId && session.id && session.factors?.user
+      ? await getNextUrl(
+          {
+            sessionId: session.id,
+            requestId: requestId,
+            organization: session.factors.user.organizationId,
+          },
+          loginSettings?.defaultRedirectUri,
+        )
+      : session.factors?.user
+        ? await getNextUrl(
+            {
+              loginName: session.factors.user.loginName,
+              organization: session.factors.user.organizationId,
+            },
+            loginSettings?.defaultRedirectUri,
+          )
+        : null;
+  if (url) {
+    return { redirect: url };
+  }
+}
+
+export type UpdateSessionCommand = {
+  loginName?: string;
+  sessionId?: string;
+  organization?: string;
+  checks?: Checks;
+  requestId?: string;
+  challenges?: RequestChallenges;
+  lifetime?: Duration;
+};
+
+export async function updateSession(options: UpdateSessionCommand) {
+  let { loginName, sessionId, organization, checks, requestId, challenges } =
+    options;
+  const recentSession = sessionId
+    ? await getSessionCookieById({ sessionId })
+    : loginName
+      ? await getSessionCookieByLoginName({ loginName, organization })
+      : await getMostRecentSessionCookie();
+
+  if (!recentSession) {
+    return {
+      error: "Could not find session",
+    };
+  }
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host) {
+    return { error: "Could not get host" };
+  }
+
+  if (
+    host &&
+    challenges &&
+    challenges.webAuthN &&
+    !challenges.webAuthN.domain
+  ) {
+    const [hostname, port] = host.split(":");
+
+    challenges.webAuthN.domain = hostname;
+  }
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization,
+  });
+
+  const lifetime = checks?.webAuthN
+    ? loginSettings?.multiFactorCheckLifetime // TODO different lifetime for webauthn u2f/passkey
+    : checks?.otpEmail || checks?.otpSms
+      ? loginSettings?.secondFactorCheckLifetime
+      : undefined;
+
+  const session = await setSessionAndUpdateCookie(
+    recentSession,
+    checks,
+    challenges,
+    requestId,
+    lifetime,
+  );
+
+  if (!session) {
+    return { error: "Could not update session" };
+  }
+
+  // if password, check if user has MFA methods
+  let authMethods;
+  if (checks && checks.password && session.factors?.user?.id) {
+    const response = await listAuthenticationMethodTypes({
+      serviceUrl,
+      userId: session.factors.user.id,
+    });
+    if (response.authMethodTypes && response.authMethodTypes.length) {
+      authMethods = response.authMethodTypes;
+    }
+  }
+
+  return {
+    sessionId: session.id,
+    factors: session.factors,
+    challenges: session.challenges,
+    authMethods,
+  };
+}
+
+type ClearSessionOptions = {
+  sessionId: string;
+};
+
+export async function clearSession(options: ClearSessionOptions) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const { sessionId } = options;
+
+  const sessionCookie = await getSessionCookieById({ sessionId });
+
+  const deleteResponse = await deleteSession({
+    serviceUrl,
+    sessionId: sessionCookie.id,
+    sessionToken: sessionCookie.token,
+  });
+
+  const securitySettings = await getSecuritySettings({ serviceUrl });
+  const sameSite = securitySettings?.embeddedIframe?.enabled ? "none" : true;
+
+  if (!deleteResponse) {
+    throw new Error("Could not delete session");
+  }
+
+  return removeSessionFromCookie({ session: sessionCookie, sameSite });
+}
diff --git a/login/apps/login/src/lib/server/u2f.ts b/login/apps/login/src/lib/server/u2f.ts
new file mode 100644
index 0000000000..3fe5194336
--- /dev/null
+++ b/login/apps/login/src/lib/server/u2f.ts
@@ -0,0 +1,103 @@
+"use server";
+
+import { getSession, registerU2F, verifyU2FRegistration } from "@/lib/zitadel";
+import { create } from "@zitadel/client";
+import { VerifyU2FRegistrationRequestSchema } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { headers } from "next/headers";
+import { userAgent } from "next/server";
+import { getSessionCookieById } from "../cookies";
+import { getServiceUrlFromHeaders } from "../service-url";
+
+type RegisterU2FCommand = {
+  sessionId: string;
+};
+
+type VerifyU2FCommand = {
+  u2fId: string;
+  passkeyName?: string;
+  publicKeyCredential: any;
+  sessionId: string;
+};
+
+export async function addU2F(command: RegisterU2FCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host || typeof host !== "string") {
+    throw new Error("No host found");
+  }
+
+  const sessionCookie = await getSessionCookieById({
+    sessionId: command.sessionId,
+  });
+
+  if (!sessionCookie) {
+    return { error: "Could not get session" };
+  }
+
+  const session = await getSession({
+    serviceUrl,
+    sessionId: sessionCookie.id,
+    sessionToken: sessionCookie.token,
+  });
+
+  const [hostname, port] = host.split(":");
+
+  if (!hostname) {
+    throw new Error("Could not get hostname");
+  }
+
+  const userId = session?.session?.factors?.user?.id;
+
+  if (!session || !userId) {
+    return { error: "Could not get session" };
+  }
+
+  return registerU2F({ serviceUrl, userId, domain: hostname });
+}
+
+export async function verifyU2F(command: VerifyU2FCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host || typeof host !== "string") {
+    throw new Error("No host found");
+  }
+
+  let passkeyName = command.passkeyName;
+  if (!!!passkeyName) {
+    const headersList = await headers();
+    const userAgentStructure = { headers: headersList };
+    const { browser, device, os } = userAgent(userAgentStructure);
+
+    passkeyName = `${device.vendor ?? ""} ${device.model ?? ""}${
+      device.vendor || device.model ? ", " : ""
+    }${os.name}${os.name ? ", " : ""}${browser.name}`;
+  }
+  const sessionCookie = await getSessionCookieById({
+    sessionId: command.sessionId,
+  });
+
+  const session = await getSession({
+    serviceUrl,
+    sessionId: sessionCookie.id,
+    sessionToken: sessionCookie.token,
+  });
+
+  const userId = session?.session?.factors?.user?.id;
+
+  if (!userId) {
+    return { error: "Could not get session" };
+  }
+
+  const request = create(VerifyU2FRegistrationRequestSchema, {
+    u2fId: command.u2fId,
+    publicKeyCredential: command.publicKeyCredential,
+    tokenName: passkeyName,
+    userId,
+  });
+
+  return verifyU2FRegistration({ serviceUrl, request });
+}
diff --git a/login/apps/login/src/lib/server/verify.ts b/login/apps/login/src/lib/server/verify.ts
new file mode 100644
index 0000000000..cf60f739b3
--- /dev/null
+++ b/login/apps/login/src/lib/server/verify.ts
@@ -0,0 +1,329 @@
+"use server";
+
+import {
+  createInviteCode,
+  getLoginSettings,
+  getSession,
+  getUserByID,
+  listAuthenticationMethodTypes,
+  verifyEmail,
+  verifyInviteCode,
+  verifyTOTPRegistration,
+  sendEmailCode as zitadelSendEmailCode,
+} from "@/lib/zitadel";
+import crypto from "crypto";
+
+import { create } from "@zitadel/client";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { ChecksSchema } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { cookies, headers } from "next/headers";
+import { getNextUrl } from "../client";
+import { getSessionCookieByLoginName } from "../cookies";
+import { getOrSetFingerprintId } from "../fingerprint";
+import { getServiceUrlFromHeaders } from "../service-url";
+import { loadMostRecentSession } from "../session";
+import { checkMFAFactors } from "../verify-helper";
+import { createSessionAndUpdateCookie } from "./cookie";
+
+export async function verifyTOTP(
+  code: string,
+  loginName?: string,
+  organization?: string,
+) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  return loadMostRecentSession({
+    serviceUrl,
+    sessionParams: {
+      loginName,
+      organization,
+    },
+  }).then((session) => {
+    if (session?.factors?.user?.id) {
+      return verifyTOTPRegistration({
+        serviceUrl,
+        code,
+        userId: session.factors.user.id,
+      });
+    } else {
+      throw Error("No user id found in session.");
+    }
+  });
+}
+
+type VerifyUserByEmailCommand = {
+  userId: string;
+  loginName?: string; // to determine already existing session
+  organization?: string;
+  code: string;
+  isInvite: boolean;
+  requestId?: string;
+};
+
+export async function sendVerification(command: VerifyUserByEmailCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const verifyResponse = command.isInvite
+    ? await verifyInviteCode({
+        serviceUrl,
+        userId: command.userId,
+        verificationCode: command.code,
+      }).catch((error) => {
+        console.warn(error);
+        return { error: "Could not verify invite" };
+      })
+    : await verifyEmail({
+        serviceUrl,
+        userId: command.userId,
+        verificationCode: command.code,
+      }).catch((error) => {
+        console.warn(error);
+        return { error: "Could not verify email" };
+      });
+
+  if ("error" in verifyResponse) {
+    return verifyResponse;
+  }
+
+  if (!verifyResponse) {
+    return { error: "Could not verify" };
+  }
+
+  let session: Session | undefined;
+  const userResponse = await getUserByID({
+    serviceUrl,
+    userId: command.userId,
+  });
+
+  if (!userResponse || !userResponse.user) {
+    return { error: "Could not load user" };
+  }
+
+  const user = userResponse.user;
+
+  const sessionCookie = await getSessionCookieByLoginName({
+    loginName:
+      "loginName" in command ? command.loginName : user.preferredLoginName,
+    organization: command.organization,
+  }).catch((error) => {
+    console.warn("Ignored error:", error); // checked later
+  });
+
+  if (sessionCookie) {
+    session = await getSession({
+      serviceUrl,
+      sessionId: sessionCookie.id,
+      sessionToken: sessionCookie.token,
+    }).then((response) => {
+      if (response?.session) {
+        return response.session;
+      }
+    });
+  }
+
+  // load auth methods for user
+  const authMethodResponse = await listAuthenticationMethodTypes({
+    serviceUrl,
+    userId: user.userId,
+  });
+
+  if (!authMethodResponse || !authMethodResponse.authMethodTypes) {
+    return { error: "Could not load possible authenticators" };
+  }
+
+  // if no authmethods are found on the user, redirect to set one up
+  if (
+    authMethodResponse &&
+    authMethodResponse.authMethodTypes &&
+    authMethodResponse.authMethodTypes.length == 0
+  ) {
+    if (!sessionCookie) {
+      const checks = create(ChecksSchema, {
+        user: {
+          search: {
+            case: "loginName",
+            value: userResponse.user.preferredLoginName,
+          },
+        },
+      });
+
+      session = await createSessionAndUpdateCookie({
+        checks,
+        requestId: command.requestId,
+      });
+    }
+
+    if (!session) {
+      return { error: "Could not create session" };
+    }
+
+    const params = new URLSearchParams({
+      sessionId: session.id,
+    });
+
+    if (session.factors?.user?.loginName) {
+      params.set("loginName", session.factors?.user?.loginName);
+    }
+
+    // set hash of userId and userAgentId to prevent attacks, checks are done for users with invalid sessions and invalid userAgentId
+    const cookiesList = await cookies();
+    const userAgentId = await getOrSetFingerprintId();
+
+    const verificationCheck = crypto
+      .createHash("sha256")
+      .update(`${user.userId}:${userAgentId}`)
+      .digest("hex");
+
+    await cookiesList.set({
+      name: "verificationCheck",
+      value: verificationCheck,
+      httpOnly: true,
+      path: "/",
+      maxAge: 300, // 5 minutes
+    });
+
+    return { redirect: `/authenticator/set?${params}` };
+  }
+
+  // if no session found only show success page,
+  // if user is invited, recreate invite flow to not depend on session
+  if (!session?.factors?.user?.id) {
+    const verifySuccessParams = new URLSearchParams({});
+
+    if (command.userId) {
+      verifySuccessParams.set("userId", command.userId);
+    }
+
+    if (
+      ("loginName" in command && command.loginName) ||
+      user.preferredLoginName
+    ) {
+      verifySuccessParams.set(
+        "loginName",
+        "loginName" in command && command.loginName
+          ? command.loginName
+          : user.preferredLoginName,
+      );
+    }
+    if (command.requestId) {
+      verifySuccessParams.set("requestId", command.requestId);
+    }
+    if (command.organization) {
+      verifySuccessParams.set("organization", command.organization);
+    }
+
+    return { redirect: `/verify/success?${verifySuccessParams}` };
+  }
+
+  const loginSettings = await getLoginSettings({
+    serviceUrl,
+    organization: user.details?.resourceOwner,
+  });
+
+  // redirect to mfa factor if user has one, or redirect to set one up
+  const mfaFactorCheck = await checkMFAFactors(
+    serviceUrl,
+    session,
+    loginSettings,
+    authMethodResponse.authMethodTypes,
+    command.organization,
+    command.requestId,
+  );
+
+  if (mfaFactorCheck?.redirect) {
+    return mfaFactorCheck;
+  }
+
+  // login user if no additional steps are required
+  if (command.requestId && session.id) {
+    const nextUrl = await getNextUrl(
+      {
+        sessionId: session.id,
+        requestId: command.requestId,
+        organization:
+          command.organization ?? session.factors?.user?.organizationId,
+      },
+      loginSettings?.defaultRedirectUri,
+    );
+
+    return { redirect: nextUrl };
+  }
+
+  const url = await getNextUrl(
+    {
+      loginName: session.factors.user.loginName,
+      organization: session.factors?.user?.organizationId,
+    },
+    loginSettings?.defaultRedirectUri,
+  );
+
+  return { redirect: url };
+}
+
+type resendVerifyEmailCommand = {
+  userId: string;
+  isInvite: boolean;
+  requestId?: string;
+};
+
+export async function resendVerification(command: resendVerifyEmailCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+  const host = _headers.get("host");
+
+  if (!host) {
+    return { error: "No host found" };
+  }
+
+  const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
+  return command.isInvite
+    ? createInviteCode({
+        serviceUrl,
+        userId: command.userId,
+        urlTemplate:
+          `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true` +
+          (command.requestId ? `&requestId=${command.requestId}` : ""),
+      }).catch((error) => {
+        if (error.code === 9) {
+          return { error: "User is already verified!" };
+        }
+        return { error: "Could not resend invite" };
+      })
+    : zitadelSendEmailCode({
+        userId: command.userId,
+        serviceUrl,
+        urlTemplate:
+          `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` +
+          (command.requestId ? `&requestId=${command.requestId}` : ""),
+      });
+}
+
+type SendEmailCommand = {
+  userId: string;
+  urlTemplate: string;
+};
+
+export async function sendEmailCode(command: SendEmailCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  return zitadelSendEmailCode({
+    serviceUrl,
+    userId: command.userId,
+    urlTemplate: command.urlTemplate,
+  });
+}
+
+export async function sendInviteEmailCode(command: SendEmailCommand) {
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  return createInviteCode({
+    serviceUrl,
+    userId: command.userId,
+    urlTemplate: command.urlTemplate,
+  });
+}
diff --git a/login/apps/login/src/lib/service-url.ts b/login/apps/login/src/lib/service-url.ts
new file mode 100644
index 0000000000..e74ee1f333
--- /dev/null
+++ b/login/apps/login/src/lib/service-url.ts
@@ -0,0 +1,58 @@
+import { ReadonlyHeaders } from "next/dist/server/web/spec-extension/adapters/headers";
+import { NextRequest } from "next/server";
+
+/**
+ * Extracts the service url and region from the headers if used in a multitenant context (host, x-zitadel-forward-host header)
+ * or falls back to the ZITADEL_API_URL for a self hosting deployment
+ * or falls back to the host header for a self hosting deployment using custom domains
+ * @param headers
+ * @returns the service url and region from the headers
+ * @throws if the service url could not be determined
+ *
+ */
+export function getServiceUrlFromHeaders(headers: ReadonlyHeaders): {
+  serviceUrl: string;
+} {
+  let instanceUrl;
+
+  const forwardedHost = headers.get("x-zitadel-forward-host");
+  // use the forwarded host if available (multitenant), otherwise fall back to the host of the deployment itself
+  if (forwardedHost) {
+    instanceUrl = forwardedHost;
+    instanceUrl = instanceUrl.startsWith("http://")
+      ? instanceUrl
+      : `https://${instanceUrl}`;
+  } else if (process.env.ZITADEL_API_URL) {
+    instanceUrl = process.env.ZITADEL_API_URL;
+  } else {
+    const host = headers.get("host");
+
+    if (host) {
+      const [hostname, port] = host.split(":");
+      if (hostname !== "localhost") {
+        instanceUrl = host.startsWith("http") ? host : `https://${host}`;
+      }
+    }
+  }
+
+  if (!instanceUrl) {
+    throw new Error("Service URL could not be determined");
+  }
+
+  return {
+    serviceUrl: instanceUrl,
+  };
+}
+
+export function constructUrl(request: NextRequest, path: string) {
+  const forwardedProto = request.headers.get("x-forwarded-proto")
+    ? `${request.headers.get("x-forwarded-proto")}:`
+    : request.nextUrl.protocol;
+
+  const forwardedHost =
+    request.headers.get("x-zitadel-forward-host") ??
+    request.headers.get("x-forwarded-host") ??
+    request.headers.get("host");
+  const basePath = process.env.NEXT_PUBLIC_BASE_PATH || "";
+  return new URL(`${basePath}${path}`, `${forwardedProto}//${forwardedHost}`);
+}
diff --git a/login/apps/login/src/lib/service.ts b/login/apps/login/src/lib/service.ts
new file mode 100644
index 0000000000..f7e81cc9d6
--- /dev/null
+++ b/login/apps/login/src/lib/service.ts
@@ -0,0 +1,49 @@
+import { createClientFor } from "@zitadel/client";
+import { IdentityProviderService } from "@zitadel/proto/zitadel/idp/v2/idp_service_pb";
+import { OIDCService } from "@zitadel/proto/zitadel/oidc/v2/oidc_service_pb";
+import { OrganizationService } from "@zitadel/proto/zitadel/org/v2/org_service_pb";
+import { SAMLService } from "@zitadel/proto/zitadel/saml/v2/saml_service_pb";
+import { SessionService } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { SettingsService } from "@zitadel/proto/zitadel/settings/v2/settings_service_pb";
+import { UserService } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { systemAPIToken } from "./api";
+import { createServerTransport } from "./zitadel";
+
+type ServiceClass =
+  | typeof IdentityProviderService
+  | typeof UserService
+  | typeof OrganizationService
+  | typeof SessionService
+  | typeof OIDCService
+  | typeof SettingsService
+  | typeof SAMLService;
+
+export async function createServiceForHost<T extends ServiceClass>(
+  service: T,
+  serviceUrl: string,
+) {
+  let token;
+
+  // if we are running in a multitenancy context, use the system user token
+  if (
+    process.env.AUDIENCE &&
+    process.env.SYSTEM_USER_ID &&
+    process.env.SYSTEM_USER_PRIVATE_KEY
+  ) {
+    token = await systemAPIToken();
+  } else if (process.env.ZITADEL_SERVICE_USER_TOKEN) {
+    token = process.env.ZITADEL_SERVICE_USER_TOKEN;
+  }
+
+  if (!serviceUrl) {
+    throw new Error("No instance url found");
+  }
+
+  if (!token) {
+    throw new Error("No token found");
+  }
+
+  const transport = createServerTransport(token, serviceUrl);
+
+  return createClientFor<T>(service)(transport);
+}
diff --git a/login/apps/login/src/lib/session.ts b/login/apps/login/src/lib/session.ts
new file mode 100644
index 0000000000..9698c4c4ba
--- /dev/null
+++ b/login/apps/login/src/lib/session.ts
@@ -0,0 +1,194 @@
+import { timestampDate } from "@zitadel/client";
+import { AuthRequest } from "@zitadel/proto/zitadel/oidc/v2/authorization_pb";
+import { SAMLRequest } from "@zitadel/proto/zitadel/saml/v2/authorization_pb";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { GetSessionResponse } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { getMostRecentCookieWithLoginname } from "./cookies";
+import {
+  getLoginSettings,
+  getSession,
+  listAuthenticationMethodTypes,
+} from "./zitadel";
+
+type LoadMostRecentSessionParams = {
+  serviceUrl: string;
+
+  sessionParams: {
+    loginName?: string;
+    organization?: string;
+  };
+};
+
+export async function loadMostRecentSession({
+  serviceUrl,
+  sessionParams,
+}: LoadMostRecentSessionParams): Promise<Session | undefined> {
+  const recent = await getMostRecentCookieWithLoginname({
+    loginName: sessionParams.loginName,
+    organization: sessionParams.organization,
+  });
+
+  return getSession({
+    serviceUrl,
+    sessionId: recent.id,
+    sessionToken: recent.token,
+  }).then((resp: GetSessionResponse) => resp.session);
+}
+
+/**
+ * mfa is required, session is not valid anymore (e.g. session expired, user logged out, etc.)
+ * to check for mfa for automatically selected session -> const response = await listAuthenticationMethodTypes(userId);
+ **/
+export async function isSessionValid({
+  serviceUrl,
+  session,
+}: {
+  serviceUrl: string;
+  session: Session;
+}): Promise<boolean> {
+  // session can't be checked without user
+  if (!session.factors?.user) {
+    console.warn("Session has no user");
+    return false;
+  }
+
+  let mfaValid = true;
+
+  const authMethodTypes = await listAuthenticationMethodTypes({
+    serviceUrl,
+    userId: session.factors.user.id,
+  });
+
+  const authMethods = authMethodTypes.authMethodTypes;
+  if (authMethods && authMethods.includes(AuthenticationMethodType.TOTP)) {
+    mfaValid = !!session.factors.totp?.verifiedAt;
+    if (!mfaValid) {
+      console.warn(
+        "Session has no valid totpEmail factor",
+        session.factors.totp?.verifiedAt,
+      );
+    }
+  } else if (
+    authMethods &&
+    authMethods.includes(AuthenticationMethodType.OTP_EMAIL)
+  ) {
+    mfaValid = !!session.factors.otpEmail?.verifiedAt;
+    if (!mfaValid) {
+      console.warn(
+        "Session has no valid otpEmail factor",
+        session.factors.otpEmail?.verifiedAt,
+      );
+    }
+  } else if (
+    authMethods &&
+    authMethods.includes(AuthenticationMethodType.OTP_SMS)
+  ) {
+    mfaValid = !!session.factors.otpSms?.verifiedAt;
+    if (!mfaValid) {
+      console.warn(
+        "Session has no valid otpSms factor",
+        session.factors.otpSms?.verifiedAt,
+      );
+    }
+  } else if (
+    authMethods &&
+    authMethods.includes(AuthenticationMethodType.U2F)
+  ) {
+    mfaValid = !!session.factors.webAuthN?.verifiedAt;
+    if (!mfaValid) {
+      console.warn(
+        "Session has no valid u2f factor",
+        session.factors.webAuthN?.verifiedAt,
+      );
+    }
+  } else {
+    // only check settings if no auth methods are available, as this would require a setup
+    const loginSettings = await getLoginSettings({
+      serviceUrl,
+      organization: session.factors?.user?.organizationId,
+    });
+    if (loginSettings?.forceMfa || loginSettings?.forceMfaLocalOnly) {
+      const otpEmail = session.factors.otpEmail?.verifiedAt;
+      const otpSms = session.factors.otpSms?.verifiedAt;
+      const totp = session.factors.totp?.verifiedAt;
+      const webAuthN = session.factors.webAuthN?.verifiedAt;
+      const idp = session.factors.intent?.verifiedAt; // TODO: forceMFA should not consider this as valid factor
+
+      // must have one single check
+      mfaValid = !!(otpEmail || otpSms || totp || webAuthN || idp);
+      if (!mfaValid) {
+        console.warn("Session has no valid multifactor", session.factors);
+      }
+    } else {
+      mfaValid = true;
+    }
+  }
+
+  const validPassword = session?.factors?.password?.verifiedAt;
+  const validPasskey = session?.factors?.webAuthN?.verifiedAt;
+  const validIDP = session?.factors?.intent?.verifiedAt;
+
+  const stillValid = session.expirationDate
+    ? timestampDate(session.expirationDate).getTime() > new Date().getTime()
+    : true;
+
+  if (!stillValid) {
+    console.warn(
+      "Session is expired",
+      session.expirationDate
+        ? timestampDate(session.expirationDate).toDateString()
+        : "no expiration date",
+    );
+  }
+
+  const validChecks = !!(validPassword || validPasskey || validIDP);
+
+  return stillValid && validChecks && mfaValid;
+}
+
+export async function findValidSession({
+  serviceUrl,
+  sessions,
+  authRequest,
+  samlRequest,
+}: {
+  serviceUrl: string;
+  sessions: Session[];
+  authRequest?: AuthRequest;
+  samlRequest?: SAMLRequest;
+}): Promise<Session | undefined> {
+  const sessionsWithHint = sessions.filter((s) => {
+    if (authRequest && authRequest.hintUserId) {
+      return s.factors?.user?.id === authRequest.hintUserId;
+    }
+    if (authRequest && authRequest.loginHint) {
+      return s.factors?.user?.loginName === authRequest.loginHint;
+    }
+    if (samlRequest) {
+      // TODO: do whatever
+      return true;
+    }
+    return true;
+  });
+
+  if (sessionsWithHint.length === 0) {
+    return undefined;
+  }
+
+  // sort by change date descending
+  sessionsWithHint.sort((a, b) => {
+    const dateA = a.changeDate ? timestampDate(a.changeDate).getTime() : 0;
+    const dateB = b.changeDate ? timestampDate(b.changeDate).getTime() : 0;
+    return dateB - dateA;
+  });
+
+  // return the first valid session according to settings
+  for (const session of sessionsWithHint) {
+    if (await isSessionValid({ serviceUrl, session })) {
+      return session;
+    }
+  }
+
+  return undefined;
+}
diff --git a/login/apps/login/src/lib/verify-helper.ts b/login/apps/login/src/lib/verify-helper.ts
new file mode 100644
index 0000000000..dbd9b2796b
--- /dev/null
+++ b/login/apps/login/src/lib/verify-helper.ts
@@ -0,0 +1,289 @@
+import { timestampDate } from "@zitadel/client";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { PasswordExpirySettings } from "@zitadel/proto/zitadel/settings/v2/password_settings_pb";
+import { HumanUser } from "@zitadel/proto/zitadel/user/v2/user_pb";
+import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import crypto from "crypto";
+import moment from "moment";
+import { cookies } from "next/headers";
+import { getFingerprintIdCookie } from "./fingerprint";
+import { getUserByID } from "./zitadel";
+
+export function checkPasswordChangeRequired(
+  expirySettings: PasswordExpirySettings | undefined,
+  session: Session,
+  humanUser: HumanUser | undefined,
+  organization?: string,
+  requestId?: string,
+) {
+  let isOutdated = false;
+  if (expirySettings?.maxAgeDays && humanUser?.passwordChanged) {
+    const maxAgeDays = Number(expirySettings.maxAgeDays); // Convert bigint to number
+    const passwordChangedDate = moment(
+      timestampDate(humanUser.passwordChanged),
+    );
+    const outdatedPassword = passwordChangedDate.add(maxAgeDays, "days");
+    isOutdated = moment().isAfter(outdatedPassword);
+  }
+
+  if (humanUser?.passwordChangeRequired || isOutdated) {
+    const params = new URLSearchParams({
+      loginName: session.factors?.user?.loginName as string,
+    });
+
+    if (organization || session.factors?.user?.organizationId) {
+      params.append(
+        "organization",
+        session.factors?.user?.organizationId as string,
+      );
+    }
+
+    if (requestId) {
+      params.append("requestId", requestId);
+    }
+
+    return { redirect: "/password/change?" + params };
+  }
+}
+
+export function checkEmailVerified(
+  session: Session,
+  humanUser?: HumanUser,
+  organization?: string,
+  requestId?: string,
+) {
+  if (!humanUser?.email?.isVerified) {
+    const paramsVerify = new URLSearchParams({
+      loginName: session.factors?.user?.loginName as string,
+      userId: session.factors?.user?.id as string, // verify needs user id
+      send: "true", // we request a new email code once the page is loaded
+    });
+
+    if (organization || session.factors?.user?.organizationId) {
+      paramsVerify.append(
+        "organization",
+        organization ?? (session.factors?.user?.organizationId as string),
+      );
+    }
+
+    if (requestId) {
+      paramsVerify.append("requestId", requestId);
+    }
+
+    return { redirect: "/verify?" + paramsVerify };
+  }
+}
+
+export function checkEmailVerification(
+  session: Session,
+  humanUser?: HumanUser,
+  organization?: string,
+  requestId?: string,
+) {
+  if (
+    !humanUser?.email?.isVerified &&
+    process.env.EMAIL_VERIFICATION === "true"
+  ) {
+    const params = new URLSearchParams({
+      loginName: session.factors?.user?.loginName as string,
+      send: "true", // set this to true as we dont expect old email codes to be valid anymore
+    });
+
+    if (requestId) {
+      params.append("requestId", requestId);
+    }
+
+    if (organization || session.factors?.user?.organizationId) {
+      params.append(
+        "organization",
+        organization ?? (session.factors?.user?.organizationId as string),
+      );
+    }
+
+    return { redirect: `/verify?` + params };
+  }
+}
+
+export async function checkMFAFactors(
+  serviceUrl: string,
+  session: Session,
+  loginSettings: LoginSettings | undefined,
+  authMethods: AuthenticationMethodType[],
+  organization?: string,
+  requestId?: string,
+) {
+  const availableMultiFactors = authMethods?.filter(
+    (m: AuthenticationMethodType) =>
+      m !== AuthenticationMethodType.PASSWORD &&
+      m !== AuthenticationMethodType.PASSKEY,
+  );
+
+  const hasAuthenticatedWithPasskey =
+    session.factors?.webAuthN?.verifiedAt &&
+    session.factors?.webAuthN?.userVerified;
+
+  // escape further checks if user has authenticated with passkey
+  if (hasAuthenticatedWithPasskey) {
+    return;
+  }
+
+  // if user has not authenticated with passkey and has only one additional mfa factor, redirect to that
+  if (availableMultiFactors?.length == 1) {
+    const params = new URLSearchParams({
+      loginName: session.factors?.user?.loginName as string,
+    });
+
+    if (requestId) {
+      params.append("requestId", requestId);
+    }
+
+    if (organization || session.factors?.user?.organizationId) {
+      params.append(
+        "organization",
+        organization ?? (session.factors?.user?.organizationId as string),
+      );
+    }
+
+    const factor = availableMultiFactors[0];
+    // if passwordless is other method, but user selected password as alternative, perform a login
+    if (factor === AuthenticationMethodType.TOTP) {
+      return { redirect: `/otp/time-based?` + params };
+    } else if (factor === AuthenticationMethodType.OTP_SMS) {
+      return { redirect: `/otp/sms?` + params };
+    } else if (factor === AuthenticationMethodType.OTP_EMAIL) {
+      return { redirect: `/otp/email?` + params };
+    } else if (factor === AuthenticationMethodType.U2F) {
+      return { redirect: `/u2f?` + params };
+    }
+  } else if (availableMultiFactors?.length > 1) {
+    const params = new URLSearchParams({
+      loginName: session.factors?.user?.loginName as string,
+    });
+
+    if (requestId) {
+      params.append("requestId", requestId);
+    }
+
+    if (organization || session.factors?.user?.organizationId) {
+      params.append(
+        "organization",
+        organization ?? (session.factors?.user?.organizationId as string),
+      );
+    }
+
+    return { redirect: `/mfa?` + params };
+  } else if (
+    (loginSettings?.forceMfa || loginSettings?.forceMfaLocalOnly) &&
+    !availableMultiFactors.length
+  ) {
+    const params = new URLSearchParams({
+      loginName: session.factors?.user?.loginName as string,
+      force: "true", // this defines if the mfa is forced in the settings
+      checkAfter: "true", // this defines if the check is directly made after the setup
+    });
+
+    if (requestId) {
+      params.append("requestId", requestId);
+    }
+
+    if (organization || session.factors?.user?.organizationId) {
+      params.append(
+        "organization",
+        organization ?? (session.factors?.user?.organizationId as string),
+      );
+    }
+
+    // TODO: provide a way to setup passkeys on mfa page?
+    return { redirect: `/mfa/set?` + params };
+  } else if (
+    loginSettings?.mfaInitSkipLifetime &&
+    (loginSettings.mfaInitSkipLifetime.nanos > 0 ||
+      loginSettings.mfaInitSkipLifetime.seconds > 0) &&
+    !availableMultiFactors.length &&
+    session?.factors?.user?.id
+  ) {
+    const userResponse = await getUserByID({
+      serviceUrl,
+      userId: session.factors?.user?.id,
+    });
+
+    const humanUser =
+      userResponse?.user?.type.case === "human"
+        ? userResponse?.user.type.value
+        : undefined;
+
+    if (humanUser?.mfaInitSkipped) {
+      const mfaInitSkippedTimestamp = timestampDate(humanUser.mfaInitSkipped);
+
+      const mfaInitSkipLifetimeMillis =
+        Number(loginSettings.mfaInitSkipLifetime.seconds) * 1000 +
+        loginSettings.mfaInitSkipLifetime.nanos / 1000000;
+      const currentTime = Date.now();
+      const mfaInitSkippedTime = mfaInitSkippedTimestamp.getTime();
+      const timeDifference = currentTime - mfaInitSkippedTime;
+
+      if (!(timeDifference > mfaInitSkipLifetimeMillis)) {
+        // if the time difference is smaller than the lifetime, skip the mfa setup
+        return;
+      }
+    }
+
+    // the user has never skipped the mfa init but we have a setting so we redirect
+
+    const params = new URLSearchParams({
+      loginName: session.factors?.user?.loginName as string,
+      force: "false", // this defines if the mfa is not forced in the settings and can be skipped
+      checkAfter: "true", // this defines if the check is directly made after the setup
+    });
+
+    if (requestId) {
+      params.append("requestId", requestId);
+    }
+
+    if (organization || session.factors?.user?.organizationId) {
+      params.append(
+        "organization",
+        organization ?? (session.factors?.user?.organizationId as string),
+      );
+    }
+
+    // TODO: provide a way to setup passkeys on mfa page?
+    return { redirect: `/mfa/set?` + params };
+  }
+}
+
+export async function checkUserVerification(userId: string): Promise<boolean> {
+  // check if a verification was done earlier
+  const cookiesList = await cookies();
+
+  // only read cookie to prevent issues on page.tsx
+  const fingerPrintCookie = await getFingerprintIdCookie();
+
+  if (!fingerPrintCookie || !fingerPrintCookie.value) {
+    return false;
+  }
+
+  const verificationCheck = crypto
+    .createHash("sha256")
+    .update(`${userId}:${fingerPrintCookie.value}`)
+    .digest("hex");
+
+  const cookieValue = await cookiesList.get("verificationCheck")?.value;
+
+  if (!cookieValue) {
+    console.warn(
+      "User verification check cookie not found. User verification check failed.",
+    );
+    return false;
+  }
+
+  if (cookieValue !== verificationCheck) {
+    console.warn(
+      `User verification check failed. Expected ${verificationCheck} but got ${cookieValue}`,
+    );
+    return false;
+  }
+
+  return true;
+}
diff --git a/login/apps/login/src/lib/zitadel.ts b/login/apps/login/src/lib/zitadel.ts
new file mode 100644
index 0000000000..483d4e4ac9
--- /dev/null
+++ b/login/apps/login/src/lib/zitadel.ts
@@ -0,0 +1,1525 @@
+import { Client, create, Duration } from "@zitadel/client";
+import { createServerTransport as libCreateServerTransport } from "@zitadel/client/node";
+import { makeReqCtx } from "@zitadel/client/v2";
+import { IdentityProviderService } from "@zitadel/proto/zitadel/idp/v2/idp_service_pb";
+import {
+  OrganizationSchema,
+  TextQueryMethod,
+} from "@zitadel/proto/zitadel/object/v2/object_pb";
+import {
+  CreateCallbackRequest,
+  OIDCService,
+} from "@zitadel/proto/zitadel/oidc/v2/oidc_service_pb";
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+import { OrganizationService } from "@zitadel/proto/zitadel/org/v2/org_service_pb";
+import {
+  CreateResponseRequest,
+  SAMLService,
+} from "@zitadel/proto/zitadel/saml/v2/saml_service_pb";
+import { RequestChallenges } from "@zitadel/proto/zitadel/session/v2/challenge_pb";
+import {
+  Checks,
+  SessionService,
+} from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { SettingsService } from "@zitadel/proto/zitadel/settings/v2/settings_service_pb";
+import { SendEmailVerificationCodeSchema } from "@zitadel/proto/zitadel/user/v2/email_pb";
+import type {
+  FormData,
+  RedirectURLsJson,
+} from "@zitadel/proto/zitadel/user/v2/idp_pb";
+import {
+  NotificationType,
+  SendPasswordResetLinkSchema,
+} from "@zitadel/proto/zitadel/user/v2/password_pb";
+import {
+  SearchQuery,
+  SearchQuerySchema,
+} from "@zitadel/proto/zitadel/user/v2/query_pb";
+import { SendInviteCodeSchema } from "@zitadel/proto/zitadel/user/v2/user_pb";
+import {
+  AddHumanUserRequest,
+  AddHumanUserRequestSchema,
+  ResendEmailCodeRequest,
+  ResendEmailCodeRequestSchema,
+  SendEmailCodeRequestSchema,
+  SetPasswordRequest,
+  SetPasswordRequestSchema,
+  UpdateHumanUserRequest,
+  UserService,
+  VerifyPasskeyRegistrationRequest,
+  VerifyU2FRegistrationRequest,
+} from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { unstable_cacheLife as cacheLife } from "next/cache";
+import { getUserAgent } from "./fingerprint";
+import { createServiceForHost } from "./service";
+
+const useCache = process.env.DEBUG !== "true";
+
+async function cacheWrapper<T>(callback: Promise<T>) {
+  "use cache";
+  cacheLife("hours");
+
+  return callback;
+}
+
+export async function getHostedLoginTranslation({
+  serviceUrl,
+  organization,
+  locale,
+}: {
+  serviceUrl: string;
+  organization?: string;
+  locale?: string;
+}) {
+  const settingsService: Client<typeof SettingsService> =
+    await createServiceForHost(SettingsService, serviceUrl);
+
+  const callback = settingsService
+    .getHostedLoginTranslation(
+      {
+        level: organization
+          ? {
+              case: "organizationId",
+              value: organization,
+            }
+          : {
+              case: "instance",
+              value: true,
+            },
+        locale: locale,
+      },
+      {},
+    )
+    .then((resp) => {
+      return resp.translations ? resp.translations : undefined;
+    });
+
+  return useCache ? cacheWrapper(callback) : callback;
+}
+
+export async function getBrandingSettings({
+  serviceUrl,
+  organization,
+}: {
+  serviceUrl: string;
+  organization?: string;
+}) {
+  const settingsService: Client<typeof SettingsService> =
+    await createServiceForHost(SettingsService, serviceUrl);
+
+  const callback = settingsService
+    .getBrandingSettings({ ctx: makeReqCtx(organization) }, {})
+    .then((resp) => (resp.settings ? resp.settings : undefined));
+
+  return useCache ? cacheWrapper(callback) : callback;
+}
+
+export async function getLoginSettings({
+  serviceUrl,
+  organization,
+}: {
+  serviceUrl: string;
+  organization?: string;
+}) {
+  const settingsService: Client<typeof SettingsService> =
+    await createServiceForHost(SettingsService, serviceUrl);
+
+  const callback = settingsService
+    .getLoginSettings({ ctx: makeReqCtx(organization) }, {})
+    .then((resp) => (resp.settings ? resp.settings : undefined));
+
+  return useCache ? cacheWrapper(callback) : callback;
+}
+
+export async function getSecuritySettings({
+  serviceUrl,
+}: {
+  serviceUrl: string;
+}) {
+  const settingsService: Client<typeof SettingsService> =
+    await createServiceForHost(SettingsService, serviceUrl);
+
+  const callback = settingsService
+    .getSecuritySettings({})
+    .then((resp) => (resp.settings ? resp.settings : undefined));
+
+  return useCache ? cacheWrapper(callback) : callback;
+}
+
+export async function getLockoutSettings({
+  serviceUrl,
+  orgId,
+}: {
+  serviceUrl: string;
+  orgId?: string;
+}) {
+  const settingsService: Client<typeof SettingsService> =
+    await createServiceForHost(SettingsService, serviceUrl);
+
+  const callback = settingsService
+    .getLockoutSettings({ ctx: makeReqCtx(orgId) }, {})
+    .then((resp) => (resp.settings ? resp.settings : undefined));
+
+  return useCache ? cacheWrapper(callback) : callback;
+}
+
+export async function getPasswordExpirySettings({
+  serviceUrl,
+  orgId,
+}: {
+  serviceUrl: string;
+  orgId?: string;
+}) {
+  const settingsService: Client<typeof SettingsService> =
+    await createServiceForHost(SettingsService, serviceUrl);
+
+  const callback = settingsService
+    .getPasswordExpirySettings({ ctx: makeReqCtx(orgId) }, {})
+    .then((resp) => (resp.settings ? resp.settings : undefined));
+
+  return useCache ? cacheWrapper(callback) : callback;
+}
+
+export async function listIDPLinks({
+  serviceUrl,
+  userId,
+}: {
+  serviceUrl: string;
+  userId: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.listIDPLinks({ userId }, {});
+}
+
+export async function addOTPEmail({
+  serviceUrl,
+  userId,
+}: {
+  serviceUrl: string;
+  userId: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.addOTPEmail({ userId }, {});
+}
+
+export async function addOTPSMS({
+  serviceUrl,
+  userId,
+}: {
+  serviceUrl: string;
+  userId: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.addOTPSMS({ userId }, {});
+}
+
+export async function registerTOTP({
+  serviceUrl,
+  userId,
+}: {
+  serviceUrl: string;
+  userId: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.registerTOTP({ userId }, {});
+}
+
+export async function getGeneralSettings({
+  serviceUrl,
+}: {
+  serviceUrl: string;
+}) {
+  const settingsService: Client<typeof SettingsService> =
+    await createServiceForHost(SettingsService, serviceUrl);
+
+  const callback = settingsService
+    .getGeneralSettings({}, {})
+    .then((resp) => resp.supportedLanguages);
+
+  return useCache ? cacheWrapper(callback) : callback;
+}
+
+export async function getLegalAndSupportSettings({
+  serviceUrl,
+  organization,
+}: {
+  serviceUrl: string;
+  organization?: string;
+}) {
+  const settingsService: Client<typeof SettingsService> =
+    await createServiceForHost(SettingsService, serviceUrl);
+
+  const callback = settingsService
+    .getLegalAndSupportSettings({ ctx: makeReqCtx(organization) }, {})
+    .then((resp) => (resp.settings ? resp.settings : undefined));
+
+  return useCache ? cacheWrapper(callback) : callback;
+}
+
+export async function getPasswordComplexitySettings({
+  serviceUrl,
+  organization,
+}: {
+  serviceUrl: string;
+  organization?: string;
+}) {
+  const settingsService: Client<typeof SettingsService> =
+    await createServiceForHost(SettingsService, serviceUrl);
+
+  const callback = settingsService
+    .getPasswordComplexitySettings({ ctx: makeReqCtx(organization) })
+    .then((resp) => (resp.settings ? resp.settings : undefined));
+
+  return useCache ? cacheWrapper(callback) : callback;
+}
+
+export async function createSessionFromChecks({
+  serviceUrl,
+  checks,
+  lifetime,
+}: {
+  serviceUrl: string;
+  checks: Checks;
+  lifetime?: Duration;
+}) {
+  const sessionService: Client<typeof SessionService> =
+    await createServiceForHost(SessionService, serviceUrl);
+
+  const userAgent = await getUserAgent();
+
+  return sessionService.createSession({ checks, lifetime, userAgent }, {});
+}
+
+export async function createSessionForUserIdAndIdpIntent({
+  serviceUrl,
+  userId,
+  idpIntent,
+  lifetime,
+}: {
+  serviceUrl: string;
+  userId: string;
+  idpIntent: {
+    idpIntentId?: string | undefined;
+    idpIntentToken?: string | undefined;
+  };
+  lifetime?: Duration;
+}) {
+  const sessionService: Client<typeof SessionService> =
+    await createServiceForHost(SessionService, serviceUrl);
+
+  const userAgent = await getUserAgent();
+
+  return sessionService.createSession({
+    checks: {
+      user: {
+        search: {
+          case: "userId",
+          value: userId,
+        },
+      },
+      idpIntent,
+    },
+    lifetime,
+    userAgent,
+  });
+}
+
+export async function setSession({
+  serviceUrl,
+  sessionId,
+  sessionToken,
+  challenges,
+  checks,
+  lifetime,
+}: {
+  serviceUrl: string;
+  sessionId: string;
+  sessionToken: string;
+  challenges: RequestChallenges | undefined;
+  checks?: Checks;
+  lifetime?: Duration;
+}) {
+  const sessionService: Client<typeof SessionService> =
+    await createServiceForHost(SessionService, serviceUrl);
+
+  return sessionService.setSession(
+    {
+      sessionId,
+      sessionToken,
+      challenges,
+      checks: checks ? checks : {},
+      metadata: {},
+      lifetime,
+    },
+    {},
+  );
+}
+
+export async function getSession({
+  serviceUrl,
+  sessionId,
+  sessionToken,
+}: {
+  serviceUrl: string;
+  sessionId: string;
+  sessionToken: string;
+}) {
+  const sessionService: Client<typeof SessionService> =
+    await createServiceForHost(SessionService, serviceUrl);
+
+  return sessionService.getSession({ sessionId, sessionToken }, {});
+}
+
+export async function deleteSession({
+  serviceUrl,
+  sessionId,
+  sessionToken,
+}: {
+  serviceUrl: string;
+  sessionId: string;
+  sessionToken: string;
+}) {
+  const sessionService: Client<typeof SessionService> =
+    await createServiceForHost(SessionService, serviceUrl);
+
+  return sessionService.deleteSession({ sessionId, sessionToken }, {});
+}
+
+type ListSessionsCommand = {
+  serviceUrl: string;
+  ids: string[];
+};
+
+export async function listSessions({ serviceUrl, ids }: ListSessionsCommand) {
+  const sessionService: Client<typeof SessionService> =
+    await createServiceForHost(SessionService, serviceUrl);
+
+  return sessionService.listSessions(
+    {
+      queries: [
+        {
+          query: {
+            case: "idsQuery",
+            value: { ids },
+          },
+        },
+      ],
+    },
+    {},
+  );
+}
+
+export type AddHumanUserData = {
+  serviceUrl: string;
+  firstName: string;
+  lastName: string;
+  email: string;
+  password?: string;
+  organization: string;
+};
+
+export async function addHumanUser({
+  serviceUrl,
+  email,
+  firstName,
+  lastName,
+  password,
+  organization,
+}: AddHumanUserData) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  let addHumanUserRequest: AddHumanUserRequest = create(
+    AddHumanUserRequestSchema,
+    {
+      email: {
+        email,
+        verification: {
+          case: "isVerified",
+          value: false,
+        },
+      },
+      username: email,
+      profile: { givenName: firstName, familyName: lastName },
+      passwordType: password
+        ? { case: "password", value: { password } }
+        : undefined,
+    },
+  );
+
+  if (organization) {
+    const organizationSchema = create(OrganizationSchema, {
+      org: { case: "orgId", value: organization },
+    });
+
+    addHumanUserRequest = {
+      ...addHumanUserRequest,
+      organization: organizationSchema,
+    };
+  }
+
+  return userService.addHumanUser(addHumanUserRequest);
+}
+
+export async function addHuman({
+  serviceUrl,
+  request,
+}: {
+  serviceUrl: string;
+  request: AddHumanUserRequest;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.addHumanUser(request);
+}
+
+export async function updateHuman({
+  serviceUrl,
+  request,
+}: {
+  serviceUrl: string;
+  request: UpdateHumanUserRequest;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.updateHumanUser(request);
+}
+
+export async function verifyTOTPRegistration({
+  serviceUrl,
+  code,
+  userId,
+}: {
+  serviceUrl: string;
+  code: string;
+  userId: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.verifyTOTPRegistration({ code, userId }, {});
+}
+
+export async function getUserByID({
+  serviceUrl,
+  userId,
+}: {
+  serviceUrl: string;
+  userId: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.getUserByID({ userId }, {});
+}
+
+export async function humanMFAInitSkipped({
+  serviceUrl,
+  userId,
+}: {
+  serviceUrl: string;
+  userId: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.humanMFAInitSkipped({ userId }, {});
+}
+
+export async function verifyInviteCode({
+  serviceUrl,
+  userId,
+  verificationCode,
+}: {
+  serviceUrl: string;
+  userId: string;
+  verificationCode: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.verifyInviteCode({ userId, verificationCode }, {});
+}
+
+export async function sendEmailCode({
+  serviceUrl,
+  userId,
+  urlTemplate,
+}: {
+  serviceUrl: string;
+  userId: string;
+  urlTemplate: string;
+}) {
+  let medium = create(SendEmailCodeRequestSchema, { userId });
+
+  medium = create(SendEmailCodeRequestSchema, {
+    ...medium,
+    verification: {
+      case: "sendCode",
+      value: create(SendEmailVerificationCodeSchema, {
+        urlTemplate,
+      }),
+    },
+  });
+
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.sendEmailCode(medium, {});
+}
+
+export async function createInviteCode({
+  serviceUrl,
+  urlTemplate,
+  userId,
+}: {
+  serviceUrl: string;
+  urlTemplate: string;
+  userId: string;
+}) {
+  let medium = create(SendInviteCodeSchema, {
+    applicationName: "Typescript Login",
+  });
+
+  medium = {
+    ...medium,
+    urlTemplate,
+  };
+
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.createInviteCode(
+    {
+      userId,
+      verification: {
+        case: "sendCode",
+        value: medium,
+      },
+    },
+    {},
+  );
+}
+
+export type ListUsersCommand = {
+  serviceUrl: string;
+  loginName?: string;
+  userName?: string;
+  email?: string;
+  phone?: string;
+  organizationId?: string;
+};
+
+export async function listUsers({
+  serviceUrl,
+  loginName,
+  userName,
+  phone,
+  email,
+  organizationId,
+}: ListUsersCommand) {
+  const queries: SearchQuery[] = [];
+
+  // either use loginName or userName, email, phone
+  if (loginName) {
+    queries.push(
+      create(SearchQuerySchema, {
+        query: {
+          case: "loginNameQuery",
+          value: {
+            loginName,
+            method: TextQueryMethod.EQUALS,
+          },
+        },
+      }),
+    );
+  } else if (userName || email || phone) {
+    const orQueries: SearchQuery[] = [];
+
+    if (userName) {
+      const userNameQuery = create(SearchQuerySchema, {
+        query: {
+          case: "userNameQuery",
+          value: {
+            userName,
+            method: TextQueryMethod.EQUALS,
+          },
+        },
+      });
+      orQueries.push(userNameQuery);
+    }
+
+    if (email) {
+      const emailQuery = create(SearchQuerySchema, {
+        query: {
+          case: "emailQuery",
+          value: {
+            emailAddress: email,
+            method: TextQueryMethod.EQUALS,
+          },
+        },
+      });
+      orQueries.push(emailQuery);
+    }
+
+    if (phone) {
+      const phoneQuery = create(SearchQuerySchema, {
+        query: {
+          case: "phoneQuery",
+          value: {
+            number: phone,
+            method: TextQueryMethod.EQUALS,
+          },
+        },
+      });
+      orQueries.push(phoneQuery);
+    }
+
+    queries.push(
+      create(SearchQuerySchema, {
+        query: {
+          case: "orQuery",
+          value: {
+            queries: orQueries,
+          },
+        },
+      }),
+    );
+  }
+
+  if (organizationId) {
+    queries.push(
+      create(SearchQuerySchema, {
+        query: {
+          case: "organizationIdQuery",
+          value: {
+            organizationId,
+          },
+        },
+      }),
+    );
+  }
+
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.listUsers({ queries });
+}
+
+export type SearchUsersCommand = {
+  serviceUrl: string;
+  searchValue: string;
+  loginSettings: LoginSettings;
+  organizationId?: string;
+  suffix?: string;
+};
+
+const PhoneQuery = (searchValue: string) =>
+  create(SearchQuerySchema, {
+    query: {
+      case: "phoneQuery",
+      value: {
+        number: searchValue,
+        method: TextQueryMethod.EQUALS,
+      },
+    },
+  });
+
+const LoginNameQuery = (searchValue: string) =>
+  create(SearchQuerySchema, {
+    query: {
+      case: "loginNameQuery",
+      value: {
+        loginName: searchValue,
+        method: TextQueryMethod.EQUALS,
+      },
+    },
+  });
+
+const EmailQuery = (searchValue: string) =>
+  create(SearchQuerySchema, {
+    query: {
+      case: "emailQuery",
+      value: {
+        emailAddress: searchValue,
+        method: TextQueryMethod.EQUALS,
+      },
+    },
+  });
+
+/**
+ * this is a dedicated search function to search for users from the loginname page
+ * it searches users based on the loginName or userName and org suffix combination, and falls back to email and phone if no users are found
+ *  */
+export async function searchUsers({
+  serviceUrl,
+  searchValue,
+  loginSettings,
+  organizationId,
+  suffix,
+}: SearchUsersCommand) {
+  const queries: SearchQuery[] = [];
+
+  // if a suffix is provided, we search for the userName concatenated with the suffix
+  if (suffix) {
+    const searchValueWithSuffix = `${searchValue}@${suffix}`;
+    const loginNameQuery = LoginNameQuery(searchValueWithSuffix);
+    queries.push(loginNameQuery);
+  } else {
+    const loginNameQuery = LoginNameQuery(searchValue);
+    queries.push(loginNameQuery);
+  }
+
+  if (organizationId) {
+    queries.push(
+      create(SearchQuerySchema, {
+        query: {
+          case: "organizationIdQuery",
+          value: {
+            organizationId,
+          },
+        },
+      }),
+    );
+  }
+
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  const loginNameResult = await userService.listUsers({ queries });
+
+  if (!loginNameResult || !loginNameResult.details) {
+    return { error: "An error occurred." };
+  }
+
+  if (loginNameResult.result.length > 1) {
+    return { error: "Multiple users found" };
+  }
+
+  if (loginNameResult.result.length == 1) {
+    return loginNameResult;
+  }
+
+  const emailAndPhoneQueries: SearchQuery[] = [];
+  if (
+    loginSettings.disableLoginWithEmail &&
+    loginSettings.disableLoginWithPhone
+  ) {
+    return { error: "User not found in the system" };
+  } else if (loginSettings.disableLoginWithEmail && searchValue.length <= 20) {
+    const phoneQuery = PhoneQuery(searchValue);
+    emailAndPhoneQueries.push(phoneQuery);
+  } else if (loginSettings.disableLoginWithPhone) {
+    const emailQuery = EmailQuery(searchValue);
+    emailAndPhoneQueries.push(emailQuery);
+  } else {
+    const emailAndPhoneOrQueries: SearchQuery[] = [];
+
+    const emailQuery = EmailQuery(searchValue);
+    emailAndPhoneOrQueries.push(emailQuery);
+
+    let phoneQuery;
+    if (searchValue.length <= 20) {
+      phoneQuery = PhoneQuery(searchValue);
+      emailAndPhoneOrQueries.push(phoneQuery);
+    }
+
+    emailAndPhoneQueries.push(
+      create(SearchQuerySchema, {
+        query: {
+          case: "orQuery",
+          value: {
+            queries: emailAndPhoneOrQueries,
+          },
+        },
+      }),
+    );
+  }
+
+  if (organizationId) {
+    queries.push(
+      create(SearchQuerySchema, {
+        query: {
+          case: "organizationIdQuery",
+          value: {
+            organizationId,
+          },
+        },
+      }),
+    );
+  }
+
+  const emailOrPhoneResult = await userService.listUsers({
+    queries: emailAndPhoneQueries,
+  });
+
+  if (!emailOrPhoneResult || !emailOrPhoneResult.details) {
+    return { error: "An error occurred." };
+  }
+
+  if (emailOrPhoneResult.result.length > 1) {
+    return { error: "Multiple users found." };
+  }
+
+  if (emailOrPhoneResult.result.length == 1) {
+    return loginNameResult;
+  }
+
+  return { error: "User not found in the system" };
+}
+
+export async function getDefaultOrg({
+  serviceUrl,
+}: {
+  serviceUrl: string;
+}): Promise<Organization | null> {
+  const orgService: Client<typeof OrganizationService> =
+    await createServiceForHost(OrganizationService, serviceUrl);
+
+  return orgService
+    .listOrganizations(
+      {
+        queries: [
+          {
+            query: {
+              case: "defaultQuery",
+              value: {},
+            },
+          },
+        ],
+      },
+      {},
+    )
+    .then((resp) => (resp?.result && resp.result[0] ? resp.result[0] : null));
+}
+
+export async function getOrgsByDomain({
+  serviceUrl,
+  domain,
+}: {
+  serviceUrl: string;
+  domain: string;
+}) {
+  const orgService: Client<typeof OrganizationService> =
+    await createServiceForHost(OrganizationService, serviceUrl);
+
+  return orgService.listOrganizations(
+    {
+      queries: [
+        {
+          query: {
+            case: "domainQuery",
+            value: { domain, method: TextQueryMethod.EQUALS },
+          },
+        },
+      ],
+    },
+    {},
+  );
+}
+
+export async function startIdentityProviderFlow({
+  serviceUrl,
+  idpId,
+  urls,
+}: {
+  serviceUrl: string;
+  idpId: string;
+  urls: RedirectURLsJson;
+}): Promise<string | null> {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService
+    .startIdentityProviderIntent({
+      idpId,
+      content: {
+        case: "urls",
+        value: urls,
+      },
+    })
+    .then((resp) => {
+      if (resp.nextStep.case === "authUrl" && resp.nextStep.value) {
+        return resp.nextStep.value;
+      } else if (resp.nextStep.case === "formData" && resp.nextStep.value) {
+        const formData: FormData = resp.nextStep.value;
+        const redirectUrl = "/saml-post";
+
+        const params = new URLSearchParams({ url: formData.url });
+
+        Object.entries(formData.fields).forEach(([k, v]) => {
+          params.append(k, v);
+        });
+
+        return `${redirectUrl}?${params.toString()}`;
+      } else {
+        return null;
+      }
+    });
+}
+
+export async function startLDAPIdentityProviderFlow({
+  serviceUrl,
+  idpId,
+  username,
+  password,
+}: {
+  serviceUrl: string;
+  idpId: string;
+  username: string;
+  password: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.startIdentityProviderIntent({
+    idpId,
+    content: {
+      case: "ldap",
+      value: {
+        username,
+        password,
+      },
+    },
+  });
+}
+
+export async function getAuthRequest({
+  serviceUrl,
+  authRequestId,
+}: {
+  serviceUrl: string;
+  authRequestId: string;
+}) {
+  const oidcService = await createServiceForHost(OIDCService, serviceUrl);
+
+  return oidcService.getAuthRequest({
+    authRequestId,
+  });
+}
+
+export async function getDeviceAuthorizationRequest({
+  serviceUrl,
+  userCode,
+}: {
+  serviceUrl: string;
+  userCode: string;
+}) {
+  const oidcService = await createServiceForHost(OIDCService, serviceUrl);
+
+  return oidcService.getDeviceAuthorizationRequest({
+    userCode,
+  });
+}
+
+export async function authorizeOrDenyDeviceAuthorization({
+  serviceUrl,
+  deviceAuthorizationId,
+  session,
+}: {
+  serviceUrl: string;
+  deviceAuthorizationId: string;
+  session?: { sessionId: string; sessionToken: string };
+}) {
+  const oidcService = await createServiceForHost(OIDCService, serviceUrl);
+
+  return oidcService.authorizeOrDenyDeviceAuthorization({
+    deviceAuthorizationId,
+    decision: session
+      ? {
+          case: "session",
+          value: session,
+        }
+      : {
+          case: "deny",
+          value: {},
+        },
+  });
+}
+
+export async function createCallback({
+  serviceUrl,
+  req,
+}: {
+  serviceUrl: string;
+  req: CreateCallbackRequest;
+}) {
+  const oidcService = await createServiceForHost(OIDCService, serviceUrl);
+
+  return oidcService.createCallback(req);
+}
+
+export async function getSAMLRequest({
+  serviceUrl,
+  samlRequestId,
+}: {
+  serviceUrl: string;
+  samlRequestId: string;
+}) {
+  const samlService = await createServiceForHost(SAMLService, serviceUrl);
+
+  return samlService.getSAMLRequest({
+    samlRequestId,
+  });
+}
+
+export async function createResponse({
+  serviceUrl,
+  req,
+}: {
+  serviceUrl: string;
+  req: CreateResponseRequest;
+}) {
+  const samlService = await createServiceForHost(SAMLService, serviceUrl);
+
+  return samlService.createResponse(req);
+}
+
+export async function verifyEmail({
+  serviceUrl,
+  userId,
+  verificationCode,
+}: {
+  serviceUrl: string;
+  userId: string;
+  verificationCode: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.verifyEmail(
+    {
+      userId,
+      verificationCode,
+    },
+    {},
+  );
+}
+
+export async function resendEmailCode({
+  serviceUrl,
+  userId,
+  urlTemplate,
+}: {
+  serviceUrl: string;
+  userId: string;
+  urlTemplate: string;
+}) {
+  let request: ResendEmailCodeRequest = create(ResendEmailCodeRequestSchema, {
+    userId,
+  });
+
+  const medium = create(SendEmailVerificationCodeSchema, {
+    urlTemplate,
+  });
+
+  request = { ...request, verification: { case: "sendCode", value: medium } };
+
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.resendEmailCode(request, {});
+}
+
+export async function retrieveIDPIntent({
+  serviceUrl,
+  id,
+  token,
+}: {
+  serviceUrl: string;
+  id: string;
+  token: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.retrieveIdentityProviderIntent(
+    { idpIntentId: id, idpIntentToken: token },
+    {},
+  );
+}
+
+export async function getIDPByID({
+  serviceUrl,
+  id,
+}: {
+  serviceUrl: string;
+  id: string;
+}) {
+  const idpService: Client<typeof IdentityProviderService> =
+    await createServiceForHost(IdentityProviderService, serviceUrl);
+
+  return idpService.getIDPByID({ id }, {}).then((resp) => resp.idp);
+}
+
+export async function addIDPLink({
+  serviceUrl,
+  idp,
+  userId,
+}: {
+  serviceUrl: string;
+  idp: { id: string; userId: string; userName: string };
+  userId: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.addIDPLink(
+    {
+      idpLink: {
+        userId: idp.userId,
+        idpId: idp.id,
+        userName: idp.userName,
+      },
+      userId,
+    },
+    {},
+  );
+}
+
+export async function passwordReset({
+  serviceUrl,
+  userId,
+  urlTemplate,
+}: {
+  serviceUrl: string;
+  userId: string;
+  urlTemplate?: string;
+}) {
+  let medium = create(SendPasswordResetLinkSchema, {
+    notificationType: NotificationType.Email,
+  });
+
+  medium = {
+    ...medium,
+    urlTemplate,
+  };
+
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.passwordReset(
+    {
+      userId,
+      medium: {
+        case: "sendLink",
+        value: medium,
+      },
+    },
+    {},
+  );
+}
+
+export async function setUserPassword({
+  serviceUrl,
+  userId,
+  password,
+  code,
+}: {
+  serviceUrl: string;
+  userId: string;
+  password: string;
+  code?: string;
+}) {
+  let payload = create(SetPasswordRequestSchema, {
+    userId,
+    newPassword: {
+      password,
+    },
+  });
+
+  if (code) {
+    payload = {
+      ...payload,
+      verification: {
+        case: "verificationCode",
+        value: code,
+      },
+    };
+  }
+
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.setPassword(payload, {}).catch((error) => {
+    // throw error if failed precondition (ex. User is not yet initialized)
+    if (error.code === 9 && error.message) {
+      return { error: error.message };
+    } else {
+      throw error;
+    }
+  });
+}
+
+export async function setPassword({
+  serviceUrl,
+  payload,
+}: {
+  serviceUrl: string;
+  payload: SetPasswordRequest;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.setPassword(payload, {});
+}
+
+/**
+ *
+ * @param host
+ * @param userId the id of the user where the email should be set
+ * @returns the newly set email
+ */
+export async function createPasskeyRegistrationLink({
+  serviceUrl,
+  userId,
+}: {
+  serviceUrl: string;
+  userId: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.createPasskeyRegistrationLink({
+    userId,
+    medium: {
+      case: "returnCode",
+      value: {},
+    },
+  });
+}
+
+/**
+ *
+ * @param host
+ * @param userId the id of the user where the email should be set
+ * @param domain the domain on which the factor is registered
+ * @returns the newly set email
+ */
+export async function registerU2F({
+  serviceUrl,
+  userId,
+  domain,
+}: {
+  serviceUrl: string;
+  userId: string;
+  domain: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.registerU2F({
+    userId,
+    domain,
+  });
+}
+
+/**
+ *
+ * @param host
+ * @param request the request object for verifying U2F registration
+ * @returns the result of the verification
+ */
+export async function verifyU2FRegistration({
+  serviceUrl,
+  request,
+}: {
+  serviceUrl: string;
+  request: VerifyU2FRegistrationRequest;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.verifyU2FRegistration(request, {});
+}
+
+/**
+ *
+ * @param host
+ * @param orgId the organization ID
+ * @param linking_allowed whether linking is allowed
+ * @returns the active identity providers
+ */
+export async function getActiveIdentityProviders({
+  serviceUrl,
+  orgId,
+  linking_allowed,
+}: {
+  serviceUrl: string;
+  orgId?: string;
+  linking_allowed?: boolean;
+}) {
+  const props: any = { ctx: makeReqCtx(orgId) };
+  if (linking_allowed) {
+    props.linkingAllowed = linking_allowed;
+  }
+  const settingsService: Client<typeof SettingsService> =
+    await createServiceForHost(SettingsService, serviceUrl);
+
+  return settingsService.getActiveIdentityProviders(props, {});
+}
+
+/**
+ *
+ * @param host
+ * @param request the request object for verifying passkey registration
+ * @returns the result of the verification
+ */
+export async function verifyPasskeyRegistration({
+  serviceUrl,
+  request,
+}: {
+  serviceUrl: string;
+  request: VerifyPasskeyRegistrationRequest;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.verifyPasskeyRegistration(request, {});
+}
+
+/**
+ *
+ * @param host
+ * @param userId the id of the user where the email should be set
+ * @param code the code for registering the passkey
+ * @param domain the domain on which the factor is registered
+ * @returns the newly set email
+ */
+export async function registerPasskey({
+  serviceUrl,
+  userId,
+  code,
+  domain,
+}: {
+  serviceUrl: string;
+  userId: string;
+  code: { id: string; code: string };
+  domain: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.registerPasskey({
+    userId,
+    code,
+    domain,
+  });
+}
+
+/**
+ *
+ * @param host
+ * @param userId the id of the user where the email should be set
+ * @returns the list of authentication method types
+ */
+export async function listAuthenticationMethodTypes({
+  serviceUrl,
+  userId,
+}: {
+  serviceUrl: string;
+  userId: string;
+}) {
+  const userService: Client<typeof UserService> = await createServiceForHost(
+    UserService,
+    serviceUrl,
+  );
+
+  return userService.listAuthenticationMethodTypes({
+    userId,
+  });
+}
+
+export function createServerTransport(token: string, baseUrl: string) {
+  return libCreateServerTransport(token, {
+    baseUrl,
+    interceptors: !process.env.CUSTOM_REQUEST_HEADERS
+      ? undefined
+      : [
+          (next) => {
+            return (req) => {
+              process.env
+                .CUSTOM_REQUEST_HEADERS!.split(",")
+                .forEach((header) => {
+                  const kv = header.split(":");
+                  if (kv.length === 2) {
+                    req.header.set(kv[0].trim(), kv[1].trim());
+                  } else {
+                    console.warn(`Skipping malformed header: ${header}`);
+                  }
+                });
+              return next(req);
+            };
+          },
+        ],
+  });
+}
diff --git a/login/apps/login/src/middleware.ts b/login/apps/login/src/middleware.ts
new file mode 100644
index 0000000000..8eca00510e
--- /dev/null
+++ b/login/apps/login/src/middleware.ts
@@ -0,0 +1,109 @@
+import { SecuritySettings } from "@zitadel/proto/zitadel/settings/v2/security_settings_pb";
+
+import { headers } from "next/headers";
+import { NextRequest, NextResponse } from "next/server";
+import { DEFAULT_CSP } from "../constants/csp";
+import { getServiceUrlFromHeaders } from "./lib/service-url";
+export const config = {
+  matcher: [
+    "/.well-known/:path*",
+    "/oauth/:path*",
+    "/oidc/:path*",
+    "/idps/callback/:path*",
+    "/saml/:path*",
+    "/:path*",
+  ],
+};
+
+async function loadSecuritySettings(
+  request: NextRequest,
+): Promise<SecuritySettings | null> {
+  const securityResponse = await fetch(`${request.nextUrl.origin}/security`);
+
+  if (!securityResponse.ok) {
+    console.error(
+      "Failed to fetch security settings:",
+      securityResponse.statusText,
+    );
+    return null;
+  }
+
+  const response = await securityResponse.json();
+
+  if (!response || !response.settings) {
+    console.error("No security settings found in the response.");
+    return null;
+  }
+
+  return response.settings;
+}
+
+export async function middleware(request: NextRequest) {
+  // Add the original URL as a header to all requests
+  const requestHeaders = new Headers(request.headers);
+
+  // Extract "organization" search param from the URL and set it as a header if available
+  const organization = request.nextUrl.searchParams.get("organization");
+  if (organization) {
+    requestHeaders.set("x-zitadel-i18n-organization", organization);
+  }
+
+  // Only run the rest of the logic for the original matcher paths
+  const proxyPaths = [
+    "/.well-known/",
+    "/oauth/",
+    "/oidc/",
+    "/idps/callback/",
+    "/saml/",
+  ];
+
+  const isMatched = proxyPaths.some((prefix) =>
+    request.nextUrl.pathname.startsWith(prefix),
+  );
+
+  // escape proxy if the environment is setup for multitenancy
+  if (
+    !isMatched ||
+    !process.env.ZITADEL_API_URL ||
+    !process.env.ZITADEL_SERVICE_USER_TOKEN
+  ) {
+    // For all other routes, just add the header and continue
+    return NextResponse.next({
+      request: { headers: requestHeaders },
+    });
+  }
+
+  const _headers = await headers();
+  const { serviceUrl } = getServiceUrlFromHeaders(_headers);
+
+  const instanceHost = `${serviceUrl}`
+    .replace("https://", "")
+    .replace("http://", "");
+
+  // Add additional headers as before
+  requestHeaders.set("x-zitadel-public-host", `${request.nextUrl.host}`);
+  requestHeaders.set("x-zitadel-instance-host", instanceHost);
+
+  const responseHeaders = new Headers();
+  responseHeaders.set("Access-Control-Allow-Origin", "*");
+  responseHeaders.set("Access-Control-Allow-Headers", "*");
+
+  const securitySettings = await loadSecuritySettings(request);
+
+  if (securitySettings?.embeddedIframe?.enabled) {
+    responseHeaders.set(
+      "Content-Security-Policy",
+      `${DEFAULT_CSP} frame-ancestors ${securitySettings.embeddedIframe.allowedOrigins.join(" ")};`,
+    );
+    responseHeaders.delete("X-Frame-Options");
+  }
+
+  request.nextUrl.href = `${serviceUrl}${request.nextUrl.pathname}${request.nextUrl.search}`;
+
+  return NextResponse.rewrite(request.nextUrl, {
+    request: {
+      headers: requestHeaders,
+    },
+    headers: responseHeaders,
+  });
+}
diff --git a/login/apps/login/src/styles/globals.scss b/login/apps/login/src/styles/globals.scss
new file mode 100755
index 0000000000..cfce853bc7
--- /dev/null
+++ b/login/apps/login/src/styles/globals.scss
@@ -0,0 +1,65 @@
+// include styles from the ui package
+@use "./vars.scss";
+
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+@layer base {
+  h1,
+  .ztdl-h1 {
+    @apply text-2xl text-center;
+  }
+
+  .ztdl-p {
+    @apply text-sm text-center text-text-light-secondary-500 dark:text-text-dark-secondary-500 text-center;
+  }
+}
+
+html {
+  --background-color: #ffffff;
+  --dark-background-color: #000000;
+}
+
+.form-checkbox:checked {
+  background-image: url("/checkbox.svg");
+}
+
+.skeleton {
+  --accents-2: var(--theme-light-background-400);
+  --accents-1: var(--theme-light-background-500);
+
+  background-image: linear-gradient(
+    270deg,
+    var(--accents-1),
+    var(--accents-2),
+    var(--accents-2),
+    var(--accents-1)
+  );
+  background-size: 400% 100%;
+  animation: skeleton_loading 8s ease-in-out infinite;
+}
+
+.dark .skeleton {
+  --accents-2: var(--theme-dark-background-400);
+  --accents-1: var(--theme-dark-background-500);
+
+  background-image: linear-gradient(
+    270deg,
+    var(--accents-1),
+    var(--accents-2),
+    var(--accents-2),
+    var(--accents-1)
+  );
+  background-size: 400% 100%;
+  animation: skeleton_loading 8s ease-in-out infinite;
+}
+
+@keyframes skeleton_loading {
+  0% {
+    background-position: 200% 0;
+  }
+  100% {
+    background-position: -200% 0;
+  }
+}
diff --git a/login/apps/login/src/styles/vars.scss b/login/apps/login/src/styles/vars.scss
new file mode 100644
index 0000000000..71c6a28782
--- /dev/null
+++ b/login/apps/login/src/styles/vars.scss
@@ -0,0 +1,174 @@
+:root {
+  --theme-dark-primary-50: #f1f7fd;
+  --theme-dark-primary-contrast-50: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-primary-100: #afd1f2;
+  --theme-dark-primary-contrast-100: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-primary-200: #7fb5ea;
+  --theme-dark-primary-contrast-200: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-primary-300: #4192e0;
+  --theme-dark-primary-contrast-300: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-primary-400: #2782dc;
+  --theme-dark-primary-contrast-400: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-primary-500: #2073c4;
+  --theme-dark-primary-contrast-500: #ffffff;
+  --theme-dark-primary-600: #1c64aa;
+  --theme-dark-primary-contrast-600: #ffffff;
+  --theme-dark-primary-700: #17548f;
+  --theme-dark-primary-contrast-700: #ffffff;
+  --theme-dark-primary-800: #134575;
+  --theme-dark-primary-contrast-800: #ffffff;
+  --theme-dark-primary-900: #0f355b;
+  --theme-dark-primary-contrast-900: #ffffff;
+  --theme-dark-primary-A100: #e4f2ff;
+  --theme-dark-primary-contrast-A100: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-primary-A200: #7ebfff;
+  --theme-dark-primary-contrast-A200: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-primary-A400: #278df0;
+  --theme-dark-primary-contrast-A400: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-primary-A700: #1d80e0;
+  --theme-dark-primary-contrast-A700: hsla(0, 0%, 0%, 0.87);
+  --theme-light-primary-50: #ffffff;
+  --theme-light-primary-contrast-50: hsla(0, 0%, 0%, 0.87);
+  --theme-light-primary-100: #ebedfa;
+  --theme-light-primary-contrast-100: hsla(0, 0%, 0%, 0.87);
+  --theme-light-primary-200: #bec6ef;
+  --theme-light-primary-contrast-200: hsla(0, 0%, 0%, 0.87);
+  --theme-light-primary-300: #8594e0;
+  --theme-light-primary-contrast-300: hsla(0, 0%, 0%, 0.87);
+  --theme-light-primary-400: #6c7eda;
+  --theme-light-primary-contrast-400: hsla(0, 0%, 0%, 0.87);
+  --theme-light-primary-500: #5469d4;
+  --theme-light-primary-contrast-500: #ffffff;
+  --theme-light-primary-600: #3c54ce;
+  --theme-light-primary-contrast-600: #ffffff;
+  --theme-light-primary-700: #2f46bc;
+  --theme-light-primary-contrast-700: #ffffff;
+  --theme-light-primary-800: #293da3;
+  --theme-light-primary-contrast-800: #ffffff;
+  --theme-light-primary-900: #23348b;
+  --theme-light-primary-contrast-900: #ffffff;
+  --theme-light-primary-A100: #ffffff;
+  --theme-light-primary-contrast-A100: hsla(0, 0%, 0%, 0.87);
+  --theme-light-primary-A200: #c5cefc;
+  --theme-light-primary-contrast-A200: hsla(0, 0%, 0%, 0.87);
+  --theme-light-primary-A400: #7085ea;
+  --theme-light-primary-contrast-A400: hsla(0, 0%, 0%, 0.87);
+  --theme-light-primary-A700: #6478de;
+  --theme-light-primary-contrast-A700: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-warn-50: #ffffff;
+  --theme-dark-warn-contrast-50: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-warn-100: #fff8f9;
+  --theme-dark-warn-contrast-100: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-warn-200: #ffc0ca;
+  --theme-dark-warn-contrast-200: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-warn-300: #ff788e;
+  --theme-dark-warn-contrast-300: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-warn-400: #ff5a75;
+  --theme-dark-warn-contrast-400: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-warn-500: #ff3b5b;
+  --theme-dark-warn-contrast-500: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-warn-600: #ff1c41;
+  --theme-dark-warn-contrast-600: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-warn-700: #fd0029;
+  --theme-dark-warn-contrast-700: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-warn-800: #de0024;
+  --theme-dark-warn-contrast-800: #ffffff;
+  --theme-dark-warn-900: #c0001f;
+  --theme-dark-warn-contrast-900: #ffffff;
+  --theme-dark-warn-A100: #ffffff;
+  --theme-dark-warn-contrast-A100: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-warn-A200: #ffd4db;
+  --theme-dark-warn-contrast-A200: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-warn-A400: #ff6e86;
+  --theme-dark-warn-contrast-A400: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-warn-A700: #ff5470;
+  --theme-dark-warn-contrast-A700: hsla(0, 0%, 0%, 0.87);
+  --theme-light-warn-50: #ffffff;
+  --theme-light-warn-contrast-50: hsla(0, 0%, 0%, 0.87);
+  --theme-light-warn-100: #f4d3d9;
+  --theme-light-warn-contrast-100: hsla(0, 0%, 0%, 0.87);
+  --theme-light-warn-200: #e8a6b2;
+  --theme-light-warn-contrast-200: hsla(0, 0%, 0%, 0.87);
+  --theme-light-warn-300: #da6e80;
+  --theme-light-warn-contrast-300: hsla(0, 0%, 0%, 0.87);
+  --theme-light-warn-400: #d3556b;
+  --theme-light-warn-contrast-400: hsla(0, 0%, 0%, 0.87);
+  --theme-light-warn-500: #cd3d56;
+  --theme-light-warn-contrast-500: #ffffff;
+  --theme-light-warn-600: #bb3048;
+  --theme-light-warn-contrast-600: #ffffff;
+  --theme-light-warn-700: #a32a3f;
+  --theme-light-warn-contrast-700: #ffffff;
+  --theme-light-warn-800: #8a2436;
+  --theme-light-warn-contrast-800: #ffffff;
+  --theme-light-warn-900: #721d2c;
+  --theme-light-warn-contrast-900: #ffffff;
+  --theme-light-warn-A100: #ffffff;
+  --theme-light-warn-contrast-A100: hsla(0, 0%, 0%, 0.87);
+  --theme-light-warn-A200: #faa9b7;
+  --theme-light-warn-contrast-A200: hsla(0, 0%, 0%, 0.87);
+  --theme-light-warn-A400: #e65770;
+  --theme-light-warn-contrast-A400: hsla(0, 0%, 0%, 0.87);
+  --theme-light-warn-A700: #d84c64;
+  --theme-light-warn-contrast-A700: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-background-50: #7c93c6;
+  --theme-dark-background-contrast-50: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-background-100: #4a69aa;
+  --theme-dark-background-contrast-100: #ffffff;
+  --theme-dark-background-200: #395183;
+  --theme-dark-background-contrast-200: #ffffff;
+  --theme-dark-background-300: #243252;
+  --theme-dark-background-contrast-300: #ffffff;
+  --theme-dark-background-400: #1a253c;
+  --theme-dark-background-contrast-400: #ffffff;
+  --theme-dark-background-500: #111827;
+  --theme-dark-background-contrast-500: #ffffff;
+  --theme-dark-background-600: #080b12;
+  --theme-dark-background-contrast-600: #ffffff;
+  --theme-dark-background-700: #000000;
+  --theme-dark-background-contrast-700: #ffffff;
+  --theme-dark-background-800: #000000;
+  --theme-dark-background-contrast-800: #ffffff;
+  --theme-dark-background-900: #000000;
+  --theme-dark-background-contrast-900: #ffffff;
+  --theme-dark-background-A100: #5782e0;
+  --theme-dark-background-contrast-A100: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-background-A200: #204eb1;
+  --theme-dark-background-contrast-A200: #ffffff;
+  --theme-dark-background-A400: #182b53;
+  --theme-dark-background-contrast-A400: #ffffff;
+  --theme-dark-background-A700: #17223b;
+  --theme-dark-background-contrast-A700: #ffffff;
+  --theme-light-background-50: #ffffff;
+  --theme-light-background-contrast-50: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-100: #ffffff;
+  --theme-light-background-contrast-100: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-200: #ffffff;
+  --theme-light-background-contrast-200: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-300: #ffffff;
+  --theme-light-background-contrast-300: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-400: #ffffff;
+  --theme-light-background-contrast-400: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-500: #fafafa;
+  --theme-light-background-contrast-500: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-600: #ebebeb;
+  --theme-light-background-contrast-600: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-700: #dbdbdb;
+  --theme-light-background-contrast-700: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-800: #cccccc;
+  --theme-light-background-contrast-800: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-900: #bdbdbd;
+  --theme-light-background-contrast-900: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-A100: #ffffff;
+  --theme-light-background-contrast-A100: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-A200: #ffffff;
+  --theme-light-background-contrast-A200: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-A400: #ffffff;
+  --theme-light-background-contrast-A400: hsla(0, 0%, 0%, 0.87);
+  --theme-light-background-A700: #ffffff;
+  --theme-light-background-contrast-A700: hsla(0, 0%, 0%, 0.87);
+  --theme-dark-text: #ffffff;
+  --theme-dark-secondary-text: #ffffffc7;
+  --theme-light-text: #000000;
+  --theme-light-secondary-text: #000000c7;
+}
diff --git a/login/apps/login/tailwind.config.mjs b/login/apps/login/tailwind.config.mjs
new file mode 100644
index 0000000000..908068e5dd
--- /dev/null
+++ b/login/apps/login/tailwind.config.mjs
@@ -0,0 +1,117 @@
+import sharedConfig from "@zitadel/tailwind-config/tailwind.config.mjs";
+
+let colors = {
+  background: { light: { contrast: {} }, dark: { contrast: {} } },
+  primary: { light: { contrast: {} }, dark: { contrast: {} } },
+  warn: { light: { contrast: {} }, dark: { contrast: {} } },
+  text: { light: { contrast: {} }, dark: { contrast: {} } },
+  link: { light: { contrast: {} }, dark: { contrast: {} } },
+};
+
+const shades = [
+  "50",
+  "100",
+  "200",
+  "300",
+  "400",
+  "500",
+  "600",
+  "700",
+  "800",
+  "900",
+];
+const themes = ["light", "dark"];
+const types = ["background", "primary", "warn", "text", "link"];
+types.forEach((type) => {
+  themes.forEach((theme) => {
+    shades.forEach((shade) => {
+      colors[type][theme][shade] = `var(--theme-${theme}-${type}-${shade})`;
+      colors[type][theme][`contrast-${shade}`] =
+        `var(--theme-${theme}-${type}-contrast-${shade})`;
+      colors[type][theme][`secondary-${shade}`] =
+        `var(--theme-${theme}-${type}-secondary-${shade})`;
+    });
+  });
+});
+
+/** @type {import('tailwindcss').Config} */
+export default {
+  presets: [sharedConfig],
+  darkMode: "class",
+  content: ["./src/**/*.{js,ts,jsx,tsx}"],
+  future: {
+    hoverOnlyWhenSupported: true,
+  },
+  theme: {
+    extend: {
+      colors: {
+        ...colors,
+        state: {
+          success: {
+            light: {
+              background: "#cbf4c9",
+              color: "#0e6245",
+            },
+            dark: {
+              background: "#68cf8340",
+              color: "#cbf4c9",
+            },
+          },
+          error: {
+            light: {
+              background: "#ffc1c1",
+              color: "#620e0e",
+            },
+            dark: {
+              background: "#af455359",
+              color: "#ffc1c1",
+            },
+          },
+          neutral: {
+            light: {
+              background: "#e4e7e4",
+              color: "#000000",
+            },
+            dark: {
+              background: "#1a253c",
+              color: "#ffffff",
+            },
+          },
+          alert: {
+            light: {
+              background: "#fbbf24",
+              color: "#92400e",
+            },
+            dark: {
+              background: "#92400e50",
+              color: "#fbbf24",
+            },
+          },
+        },
+      },
+      animation: {
+        shake: "shake .8s cubic-bezier(.36,.07,.19,.97) both;",
+      },
+      keyframes: {
+        shake: {
+          "10%, 90%": {
+            transform: "translate3d(-1px, 0, 0)",
+          },
+
+          "20%, 80%": {
+            transform: "translate3d(2px, 0, 0)",
+          },
+
+          "30%, 50%, 70%": {
+            transform: "translate3d(-4px, 0, 0)",
+          },
+
+          "40%, 60%": {
+            transform: "translate3d(4px, 0, 0)",
+          },
+        },
+      },
+    },
+  },
+  plugins: [require("@tailwindcss/forms")],
+};
diff --git a/login/apps/login/tsconfig.json b/login/apps/login/tsconfig.json
new file mode 100755
index 0000000000..c855c43225
--- /dev/null
+++ b/login/apps/login/tsconfig.json
@@ -0,0 +1,24 @@
+{
+  "extends": "@zitadel/tsconfig/nextjs.json",
+  "compilerOptions": {
+    "jsx": "preserve",
+    "target": "es2022",
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["./src/*"]
+    },
+    "plugins": [
+      {
+        "name": "next"
+      }
+    ]
+  },
+  "include": [
+    "next-env.d.ts",
+    "**/*.ts",
+    "**/*.tsx",
+    ".next/types/**/*.ts",
+    "custom-config.js"
+  ],
+  "exclude": ["node_modules"]
+}
diff --git a/login/apps/login/turbo.json b/login/apps/login/turbo.json
new file mode 100644
index 0000000000..bc63a2dbc4
--- /dev/null
+++ b/login/apps/login/turbo.json
@@ -0,0 +1,22 @@
+{
+  "extends": ["//"],
+  "tasks": {
+    "build": {
+      "outputs": ["dist/**", ".next/**", "!.next/cache/**"],
+      "dependsOn": ["^build"]
+    },
+    "build:login:standalone": {
+      "outputs": ["dist/**", ".next/**", "!.next/cache/**"]
+    },
+    "test": {
+      "dependsOn": ["@zitadel/client#build"]
+    },
+    "test:unit": {
+      "dependsOn": ["@zitadel/client#build"]
+    },
+    "test:unit:standalone": {},
+    "test:watch": {
+      "dependsOn": ["@zitadel/client#build"]
+    }
+  }
+}
diff --git a/login/apps/login/vitest.config.mts b/login/apps/login/vitest.config.mts
new file mode 100644
index 0000000000..238c5b8b93
--- /dev/null
+++ b/login/apps/login/vitest.config.mts
@@ -0,0 +1,12 @@
+import react from "@vitejs/plugin-react";
+import tsconfigPaths from "vite-tsconfig-paths";
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  plugins: [tsconfigPaths(), react()],
+  test: {
+    include: ["src/**/*.test.ts", "src/**/*.test.tsx"],
+    environment: "jsdom",
+    setupFiles: ["@testing-library/jest-dom/vitest"],
+  },
+});
diff --git a/login/docker-bake.hcl b/login/docker-bake.hcl
new file mode 100644
index 0000000000..9520b752fa
--- /dev/null
+++ b/login/docker-bake.hcl
@@ -0,0 +1,145 @@
+variable "LOGIN_DIR" {
+  default = "./"
+}
+
+variable "DOCKERFILES_DIR" {
+  default = "dockerfiles/"
+}
+
+# typescript-proto-client is used to generate the client code for the login service.
+# It is not login-prefixed, so it is easily extendable.
+# To extend this bake-file.hcl, set the context of all login-prefixed targets to a different directory.
+# For example docker bake --file login/docker-bake.hcl --file docker-bake.hcl --set login-*.context=./login/
+# The zitadel repository uses this to generate the client and the mock server from local proto files.
+target "typescript-proto-client" {
+  dockerfile = "${DOCKERFILES_DIR}typescript-proto-client.Dockerfile"
+  contexts = {
+    # We directly generate and download the client server-side with buf, so we don't need the proto files
+    login-pnpm = "target:login-pnpm"
+  }
+}
+
+# We prefix the target with login- so we can reuse the writing of protos if we overwrite the typescript-proto-client target.
+target "login-typescript-proto-client-out" {
+  dockerfile = "${DOCKERFILES_DIR}login-typescript-proto-client-out.Dockerfile"
+  contexts = {
+    typescript-proto-client = "target:typescript-proto-client"
+  }
+  output = [
+    "type=local,dest=${LOGIN_DIR}packages/zitadel-proto"
+  ]
+}
+
+# proto-files is only used to build core-mock against which the integration tests run.
+# To build the proto-client, we use buf to generate and download the client code directly.
+# It is not login-prefixed, so it is easily extendable.
+# To extend this bake-file.hcl, set the context of all login-prefixed targets to a different directory.
+# For example docker bake --file login/docker-bake.hcl --file docker-bake.hcl --set login-*.context=./login/
+# The zitadel repository uses this to generate the client and the mock server from local proto files.
+target "proto-files" {
+  dockerfile = "${DOCKERFILES_DIR}proto-files.Dockerfile"
+  contexts = {
+    login-pnpm = "target:login-pnpm"
+  }
+}
+
+variable "NODE_VERSION" {
+  default = "20"
+}
+
+target "login-pnpm" {
+  dockerfile = "${DOCKERFILES_DIR}login-pnpm.Dockerfile"
+  args = {
+    NODE_VERSION = "${NODE_VERSION}"
+  }
+}
+
+target "login-dev-base" {
+  dockerfile = "${DOCKERFILES_DIR}login-dev-base.Dockerfile"
+  contexts = {
+    login-pnpm = "target:login-pnpm"
+  }
+}
+
+target "login-lint" {
+  dockerfile = "${DOCKERFILES_DIR}login-lint.Dockerfile"
+  contexts = {
+    login-dev-base = "target:login-dev-base"
+  }
+}
+
+target "login-test-unit" {
+  dockerfile = "${DOCKERFILES_DIR}login-test-unit.Dockerfile"
+  contexts = {
+    login-client = "target:login-client"
+  }
+}
+
+target "login-client" {
+  dockerfile = "${DOCKERFILES_DIR}login-client.Dockerfile"
+  contexts = {
+    login-pnpm              = "target:login-pnpm"
+    typescript-proto-client = "target:typescript-proto-client"
+  }
+}
+
+variable "LOGIN_CORE_MOCK_TAG" {
+  default = "login-core-mock:local"
+}
+
+# the core-mock context must not be overwritten, so we don't prefix it with login-.
+target "core-mock" {
+  context = "${LOGIN_DIR}apps/login-test-integration/core-mock"
+  contexts = {
+    protos = "target:proto-files"
+  }
+  tags   = ["${LOGIN_CORE_MOCK_TAG}"]
+}
+
+variable "LOGIN_TEST_INTEGRATION_TAG" {
+  default = "login-test-integration:local"
+}
+
+target "login-test-integration" {
+  dockerfile = "${DOCKERFILES_DIR}login-test-integration.Dockerfile"
+  contexts = {
+    login-pnpm = "target:login-pnpm"
+  }
+  tags   = ["${LOGIN_TEST_INTEGRATION_TAG}"]
+}
+
+variable "LOGIN_TEST_ACCEPTANCE_TAG" {
+  default = "login-test-acceptance:local"
+}
+
+target "login-test-acceptance" {
+  dockerfile = "${DOCKERFILES_DIR}login-test-acceptance.Dockerfile"
+  contexts = {
+    login-pnpm = "target:login-pnpm"
+  }
+  tags   = ["${LOGIN_TEST_ACCEPTANCE_TAG}"]
+}
+
+variable "LOGIN_TAG" {
+  default = "zitadel-login:local"
+}
+
+target "docker-metadata-action" {}
+
+# We run integration and acceptance tests against the next standalone server for docker.
+target "login-standalone" {
+  inherits   = ["docker-metadata-action"]
+  dockerfile = "${DOCKERFILES_DIR}login-standalone.Dockerfile"
+  contexts = {
+    login-client = "target:login-client"
+  }
+  tags   = ["${LOGIN_TAG}"]
+}
+
+target "login-standalone-out" {
+  inherits   = ["login-standalone"]
+  target = "login-standalone-out"
+  output = [
+    "type=local,dest=${LOGIN_DIR}apps/login/standalone"
+  ]
+}
diff --git a/login/dockerfiles/login-client.Dockerfile b/login/dockerfiles/login-client.Dockerfile
new file mode 100644
index 0000000000..4eb01615b4
--- /dev/null
+++ b/login/dockerfiles/login-client.Dockerfile
@@ -0,0 +1,7 @@
+FROM typescript-proto-client AS login-client
+COPY packages/zitadel-tsconfig packages/zitadel-tsconfig
+COPY packages/zitadel-client/package.json ./packages/zitadel-client/
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install --frozen-lockfile --workspace-root --filter ./packages/zitadel-client
+COPY packages/zitadel-client ./packages/zitadel-client
+RUN pnpm build:client:standalone
diff --git a/login/dockerfiles/login-client.Dockerfile.dockerignore b/login/dockerfiles/login-client.Dockerfile.dockerignore
new file mode 100644
index 0000000000..c2302359f5
--- /dev/null
+++ b/login/dockerfiles/login-client.Dockerfile.dockerignore
@@ -0,0 +1,11 @@
+*
+
+!packages/zitadel-client
+packages/zitadel-client/dist
+
+!packages/zitadel-tsconfig
+
+**/*.md
+**/*.png
+**/node_modules
+**/.turbo
diff --git a/login/dockerfiles/login-dev-base.Dockerfile b/login/dockerfiles/login-dev-base.Dockerfile
new file mode 100644
index 0000000000..e102d16746
--- /dev/null
+++ b/login/dockerfiles/login-dev-base.Dockerfile
@@ -0,0 +1,3 @@
+FROM login-pnpm AS login-dev-base
+RUN pnpm install --frozen-lockfile --prefer-offline --workspace-root --filter .
+
diff --git a/login/dockerfiles/login-dev-base.Dockerfile.dockerignore b/login/dockerfiles/login-dev-base.Dockerfile.dockerignore
new file mode 100644
index 0000000000..72e8ffc0db
--- /dev/null
+++ b/login/dockerfiles/login-dev-base.Dockerfile.dockerignore
@@ -0,0 +1 @@
+*
diff --git a/login/dockerfiles/login-lint.Dockerfile b/login/dockerfiles/login-lint.Dockerfile
new file mode 100644
index 0000000000..0c466b4cfa
--- /dev/null
+++ b/login/dockerfiles/login-lint.Dockerfile
@@ -0,0 +1,7 @@
+FROM login-dev-base AS login-lint
+COPY .prettierrc .prettierignore ./
+COPY apps/login/package.json apps/login/
+RUN  --mount=type=cache,id=pnpm,target=/pnpm/store \
+     pnpm install --frozen-lockfile --workspace-root --filter apps/login
+COPY . .
+RUN pnpm lint && pnpm format
diff --git a/login/dockerfiles/login-lint.Dockerfile.dockerignore b/login/dockerfiles/login-lint.Dockerfile.dockerignore
new file mode 100644
index 0000000000..1029f73c02
--- /dev/null
+++ b/login/dockerfiles/login-lint.Dockerfile.dockerignore
@@ -0,0 +1,25 @@
+*
+
+!apps/login
+apps/login/.next
+apps/login/dist
+apps/login/screenshots
+apps/login/standalone
+apps/login/.env*.local
+
+!apps/login-test-integration
+
+!apps/login-test-acceptance
+apps/login-test-acceptance/test-results
+
+!/packages/zitadel-tsconfig/*
+!/packages/zitadel-prettier-config
+!/packages/zitadel-eslint-config
+
+!/.prettierrc
+!/.prettierignore
+
+**/*.md
+**/*.png
+**/node_modules
+**/.turbo
diff --git a/login/dockerfiles/login-pnpm.Dockerfile b/login/dockerfiles/login-pnpm.Dockerfile
new file mode 100644
index 0000000000..bcef6d126c
--- /dev/null
+++ b/login/dockerfiles/login-pnpm.Dockerfile
@@ -0,0 +1,10 @@
+ARG NODE_VERSION=20
+FROM node:${NODE_VERSION}-bookworm AS login-pnpm
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+RUN corepack enable && COREPACK_ENABLE_DOWNLOAD_PROMPT=0 corepack prepare pnpm@9.1.2 --activate && \
+    apt-get update && apt-get install -y --no-install-recommends && \
+    rm -rf /var/lib/apt/lists/*
+WORKDIR /build
+COPY turbo.json .npmrc package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+ENTRYPOINT ["pnpm"]
diff --git a/login/dockerfiles/login-pnpm.Dockerfile.dockerignore b/login/dockerfiles/login-pnpm.Dockerfile.dockerignore
new file mode 100644
index 0000000000..067514fdd3
--- /dev/null
+++ b/login/dockerfiles/login-pnpm.Dockerfile.dockerignore
@@ -0,0 +1,6 @@
+*
+!/turbo.json
+!/.npmrc
+!/package.json
+!/pnpm-lock.yaml
+!/pnpm-workspace.yaml
diff --git a/login/dockerfiles/login-standalone.Dockerfile b/login/dockerfiles/login-standalone.Dockerfile
new file mode 100644
index 0000000000..7e97d344db
--- /dev/null
+++ b/login/dockerfiles/login-standalone.Dockerfile
@@ -0,0 +1,34 @@
+FROM login-client AS login-standalone-builder
+COPY apps/login ./apps/login
+COPY packages/zitadel-tailwind-config packages/zitadel-tailwind-config
+RUN pnpm exec turbo prune @zitadel/login --docker
+WORKDIR /build/docker
+RUN cp -r ../out/json/* .
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install --frozen-lockfile
+RUN cp -r ../out/full/* .
+RUN pnpm exec turbo run build:login:standalone
+
+FROM scratch AS login-standalone-out
+COPY --from=login-standalone-builder /build/docker/apps/login/.next/standalone /
+COPY --from=login-standalone-builder /build/docker/apps/login/.next/static /apps/login/.next/static
+COPY --from=login-standalone-builder /build/docker/apps/login/public /apps/login/public
+
+FROM node:20-alpine AS login-standalone
+WORKDIR /runtime
+RUN addgroup --system --gid 1001 nodejs && \
+    adduser --system --uid 1001 nextjs
+# If /.env-file/.env is mounted into the container, its variables are made available to the server before it starts up.
+RUN mkdir -p /.env-file && touch /.env-file/.env && chown -R nextjs:nodejs /.env-file
+COPY ./scripts/entrypoint.sh ./
+COPY ./scripts/healthcheck.js ./
+COPY --chown=nextjs:nodejs --from=login-standalone-builder /build/docker/apps/login/.next/standalone ./
+COPY --chown=nextjs:nodejs --from=login-standalone-builder /build/docker/apps/login/.next/static ./apps/login/.next/static
+COPY --chown=nextjs:nodejs --from=login-standalone-builder /build/docker/apps/login/public ./apps/login/public
+USER nextjs
+ENV HOSTNAME="0.0.0.0"
+ENV PORT=3000
+# TODO: Check healthy, not ready
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+CMD ["/bin/sh", "-c", "node ./healthcheck.js http://localhost:${PORT}/ui/v2/login/healthy"]
+ENTRYPOINT ["./entrypoint.sh"]
diff --git a/login/dockerfiles/login-standalone.Dockerfile.dockerignore b/login/dockerfiles/login-standalone.Dockerfile.dockerignore
new file mode 100644
index 0000000000..f876e1e9f1
--- /dev/null
+++ b/login/dockerfiles/login-standalone.Dockerfile.dockerignore
@@ -0,0 +1,17 @@
+*
+
+!apps/login
+apps/login/.next
+apps/login/dist
+apps/login/screenshots
+apps/login/standalone
+apps/login/.env*.local
+
+!scripts/entrypoint.sh
+!scripts/healthcheck.js
+!packages/zitadel-tailwind-config
+
+**/*.md
+**/*.png
+**/node_modules
+**/.turbo
diff --git a/login/dockerfiles/login-test-acceptance.Dockerfile b/login/dockerfiles/login-test-acceptance.Dockerfile
new file mode 100644
index 0000000000..7052484779
--- /dev/null
+++ b/login/dockerfiles/login-test-acceptance.Dockerfile
@@ -0,0 +1,8 @@
+FROM login-pnpm AS login-test-acceptance-dependencies
+COPY ./apps/login-test-acceptance/package.json ./apps/login-test-acceptance/package.json
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install --frozen-lockfile --filter=login-test-acceptance && \
+    cd apps/login-test-acceptance && \
+    pnpm exec playwright install --with-deps chromium
+COPY ./apps/login-test-acceptance ./apps/login-test-acceptance
+CMD ["bash", "-c", "cd apps/login-test-acceptance && pnpm test:acceptance test"]
diff --git a/login/dockerfiles/login-test-acceptance.Dockerfile.dockerignore b/login/dockerfiles/login-test-acceptance.Dockerfile.dockerignore
new file mode 100644
index 0000000000..cba55ae91e
--- /dev/null
+++ b/login/dockerfiles/login-test-acceptance.Dockerfile.dockerignore
@@ -0,0 +1,5 @@
+*
+!/apps/login-test-acceptance/*.json
+!/apps/login-test-acceptance/*.ts
+!/apps/login-test-acceptance/zitadel.yaml
+!/apps/login-test-acceptance/tests
diff --git a/login/dockerfiles/login-test-integration.Dockerfile b/login/dockerfiles/login-test-integration.Dockerfile
new file mode 100644
index 0000000000..0b55dc2b1a
--- /dev/null
+++ b/login/dockerfiles/login-test-integration.Dockerfile
@@ -0,0 +1,11 @@
+FROM login-pnpm AS login-test-integration-dependencies
+COPY ./apps/login-test-integration/package.json ./apps/login-test-integration/package.json
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install --frozen-lockfile --filter=login-test-integration
+FROM cypress/factory:5.10.0 AS login-test-integration
+WORKDIR /opt/app
+COPY --from=login-test-integration-dependencies /build/apps/login-test-integration .
+RUN npm install cypress
+RUN npx cypress install
+COPY ./apps/login-test-integration .
+CMD ["npx", "cypress", "run"]
diff --git a/login/dockerfiles/login-test-integration.Dockerfile.dockerignore b/login/dockerfiles/login-test-integration.Dockerfile.dockerignore
new file mode 100644
index 0000000000..947a4fdb57
--- /dev/null
+++ b/login/dockerfiles/login-test-integration.Dockerfile.dockerignore
@@ -0,0 +1,9 @@
+*
+
+!/apps/login-test-integration
+/apps/login-test-integration/core-mock
+
+**/*.md
+**/*.png
+**/node_modules
+**/.turbo
diff --git a/login/dockerfiles/login-test-unit.Dockerfile b/login/dockerfiles/login-test-unit.Dockerfile
new file mode 100644
index 0000000000..d456a4fac4
--- /dev/null
+++ b/login/dockerfiles/login-test-unit.Dockerfile
@@ -0,0 +1,6 @@
+FROM login-client AS login-test-unit
+COPY apps/login/package.json ./apps/login/
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install --frozen-lockfile --workspace-root --filter ./apps/login
+COPY apps/login ./apps/login
+RUN pnpm test:unit:standalone
diff --git a/login/dockerfiles/login-test-unit.Dockerfile.dockerignore b/login/dockerfiles/login-test-unit.Dockerfile.dockerignore
new file mode 100644
index 0000000000..2263653c69
--- /dev/null
+++ b/login/dockerfiles/login-test-unit.Dockerfile.dockerignore
@@ -0,0 +1,13 @@
+*
+
+!apps/login
+apps/login/.next
+apps/login/dist
+apps/login/screenshots
+apps/login/standalone
+apps/login/.env*.local
+
+**/*.md
+**/*.png
+**/node_modules
+**/.turbo
diff --git a/login/dockerfiles/login-typescript-proto-client-out.Dockerfile b/login/dockerfiles/login-typescript-proto-client-out.Dockerfile
new file mode 100644
index 0000000000..3aa3c9d7d6
--- /dev/null
+++ b/login/dockerfiles/login-typescript-proto-client-out.Dockerfile
@@ -0,0 +1,5 @@
+FROM scratch AS typescript-proto-client-out
+COPY --from=typescript-proto-client /build/packages/zitadel-proto/zitadel /zitadel
+COPY --from=typescript-proto-client /build/packages/zitadel-proto/google /google
+COPY --from=typescript-proto-client /build/packages/zitadel-proto/protoc-gen-openapiv2 /protoc-gen-openapiv2
+COPY --from=typescript-proto-client /build/packages/zitadel-proto/validate /validate
diff --git a/login/dockerfiles/login-typescript-proto-client-out.Dockerfile.dockerignore b/login/dockerfiles/login-typescript-proto-client-out.Dockerfile.dockerignore
new file mode 100644
index 0000000000..72e8ffc0db
--- /dev/null
+++ b/login/dockerfiles/login-typescript-proto-client-out.Dockerfile.dockerignore
@@ -0,0 +1 @@
+*
diff --git a/login/dockerfiles/proto-files.Dockerfile b/login/dockerfiles/proto-files.Dockerfile
new file mode 100644
index 0000000000..f97f63a718
--- /dev/null
+++ b/login/dockerfiles/proto-files.Dockerfile
@@ -0,0 +1,8 @@
+FROM bufbuild/buf:1.54.0 AS proto-files
+RUN buf export https://github.com/envoyproxy/protoc-gen-validate.git --path validate --output /proto-files && \
+    buf export https://github.com/grpc-ecosystem/grpc-gateway.git --path protoc-gen-openapiv2 --output /proto-files && \
+    buf export https://github.com/googleapis/googleapis.git --path google/api/annotations.proto --path google/api/http.proto --path google/api/field_behavior.proto --output /proto-files && \
+    buf export https://github.com/zitadel/zitadel.git --path ./proto/zitadel --output /proto-files
+
+FROM scratch
+COPY --from=proto-files /proto-files /
diff --git a/login/dockerfiles/proto-files.Dockerfile.dockerignore b/login/dockerfiles/proto-files.Dockerfile.dockerignore
new file mode 100644
index 0000000000..72e8ffc0db
--- /dev/null
+++ b/login/dockerfiles/proto-files.Dockerfile.dockerignore
@@ -0,0 +1 @@
+*
diff --git a/login/dockerfiles/typescript-proto-client.Dockerfile b/login/dockerfiles/typescript-proto-client.Dockerfile
new file mode 100644
index 0000000000..ee0848f52d
--- /dev/null
+++ b/login/dockerfiles/typescript-proto-client.Dockerfile
@@ -0,0 +1,6 @@
+FROM login-pnpm AS typescript-proto-client
+COPY packages/zitadel-proto/package.json ./packages/zitadel-proto/
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install --frozen-lockfile --workspace-root --filter zitadel-proto
+COPY packages/zitadel-proto ./packages/zitadel-proto
+RUN pnpm generate
diff --git a/login/dockerfiles/typescript-proto-client.Dockerfile.dockerignore b/login/dockerfiles/typescript-proto-client.Dockerfile.dockerignore
new file mode 100644
index 0000000000..e67848e8c3
--- /dev/null
+++ b/login/dockerfiles/typescript-proto-client.Dockerfile.dockerignore
@@ -0,0 +1,11 @@
+*
+!/packages/zitadel-proto/
+packages/zitadel-proto/google
+packages/zitadel-proto/zitadel
+packages/zitadel-proto/protoc-gen-openapiv2
+packages/zitadel-proto/validate
+
+**/*.md
+**/*.png
+**/node_modules
+**/.turbo
\ No newline at end of file
diff --git a/login/meta.json b/login/meta.json
new file mode 100644
index 0000000000..2c443f76cf
--- /dev/null
+++ b/login/meta.json
@@ -0,0 +1,4 @@
+{
+  "name": "ZITADEL typescript Monorepo with Changesets",
+  "description": "ZITADEL typescript monorepo preconfigured to publish packages via Changesets"
+}
diff --git a/login/package.json b/login/package.json
new file mode 100644
index 0000000000..ce844c4b2c
--- /dev/null
+++ b/login/package.json
@@ -0,0 +1,55 @@
+{
+  "packageManager": "pnpm@9.1.2+sha256.19c17528f9ca20bd442e4ca42f00f1b9808a9cb419383cd04ba32ef19322aba7",
+  "private": true,
+  "name": "typescript-monorepo",
+  "scripts": {
+    "generate": "pnpm exec turbo run generate",
+    "build": "pnpm exec turbo run build",
+    "build:client:standalone": "pnpm exec turbo run build:client:standalone",
+    "build:login:standalone": "pnpm exec turbo run build:login:standalone",
+    "build:packages": "pnpm exec turbo run build --filter=./packages/*",
+    "build:apps": "pnpm exec turbo run build --filter=./apps/*",
+    "test": "pnpm exec turbo run test",
+    "start": "pnpm exec turbo run start",
+    "start:built": "pnpm exec turbo run start:built",
+    "test:unit": "pnpm exec turbo run test:unit -- --passWithNoTests",
+    "test:unit:standalone": "pnpm exec turbo run test:unit:standalone -- --passWithNoTests",
+    "test:integration": "cd apps/login-test-integration && pnpm test:integration",
+    "test:integration:setup": "NODE_ENV=test pnpm exec turbo run test:integration:setup",
+    "test:acceptance": "cd apps/login-test-acceptance && pnpm test:acceptance",
+    "test:acceptance:setup": "cd apps/login-test-acceptance && pnpm test:acceptance:setup",
+    "test:watch": "pnpm exec turbo run test:watch",
+    "dev": "pnpm exec turbo run dev --no-cache --continue",
+    "dev:local": "pnpm test:acceptance:setup",
+    "lint": "pnpm exec turbo run lint",
+    "lint:fix": "pnpm exec turbo run lint:fix",
+    "clean": "pnpm exec turbo run clean && rm -rf node_modules",
+    "format:fix": "pnpm exec prettier --write \"**/*.{ts,tsx,md}\"",
+    "format": "pnpm exec prettier --check \"**/*.{ts,tsx,md}\"",
+    "changeset": "pnpm exec changeset",
+    "version-packages": "pnpm exec changeset version",
+    "release": "pnpm exec turbo run build --filter=login^... && pnpm exec changeset publish"
+  },
+  "pnpm": {
+    "overrides": {
+      "@typescript-eslint/parser": "^7.9.0"
+    }
+  },
+  "devDependencies": {
+    "@changesets/cli": "^2.29.2",
+    "@vitejs/plugin-react": "^4.4.1",
+    "@zitadel/eslint-config": "workspace:*",
+    "@zitadel/prettier-config": "workspace:*",
+    "axios": "^1.8.4",
+    "dotenv": "^16.5.0",
+    "dotenv-cli": "^8.0.0",
+    "eslint": "8.57.1",
+    "prettier": "^3.5.3",
+    "prettier-plugin-organize-imports": "^4.1.0",
+    "tsup": "^8.4.0",
+    "turbo": "2.5.0",
+    "typescript": "^5.8.3",
+    "vite-tsconfig-paths": "^5.1.4",
+    "vitest": "^3.1.2"
+  }
+}
diff --git a/login/packages/zitadel-client/.eslintrc.cjs b/login/packages/zitadel-client/.eslintrc.cjs
new file mode 100644
index 0000000000..0eb32ca20d
--- /dev/null
+++ b/login/packages/zitadel-client/.eslintrc.cjs
@@ -0,0 +1,4 @@
+module.exports = {
+  root: true,
+  extends: ["@zitadel/eslint-config"],
+};
diff --git a/login/packages/zitadel-client/.gitignore b/login/packages/zitadel-client/.gitignore
new file mode 100644
index 0000000000..8ff894e88c
--- /dev/null
+++ b/login/packages/zitadel-client/.gitignore
@@ -0,0 +1,4 @@
+src/proto
+node_modules
+dist
+.turbo
diff --git a/login/packages/zitadel-client/CHANGELOG.md b/login/packages/zitadel-client/CHANGELOG.md
new file mode 100644
index 0000000000..f1107bcc5a
--- /dev/null
+++ b/login/packages/zitadel-client/CHANGELOG.md
@@ -0,0 +1,77 @@
+# @zitadel/client
+
+## 1.2.0
+
+### Minor Changes
+
+- 62ad388: revert CJS support
+
+## 1.1.0
+
+### Minor Changes
+
+- 9692297: add CJS and ESM support
+
+## 1.0.7
+
+### Patch Changes
+
+- Updated dependencies [97b0332]
+  - @zitadel/proto@1.0.4
+
+## 1.0.6
+
+### Patch Changes
+
+- 90fbdd1: use node16/nodenext module resolution
+- Updated dependencies [90fbdd1]
+  - @zitadel/proto@1.0.3
+
+## 1.0.5
+
+### Patch Changes
+
+- 4fa22c0: fix export for grpcweb transport
+
+## 1.0.4
+
+### Patch Changes
+
+- 28dc956: dynamic properties for system token utility
+
+## 1.0.3
+
+### Patch Changes
+
+- ef1c801: add missing client transport utility
+
+## 1.0.2
+
+### Patch Changes
+
+- Updated dependencies
+  - @zitadel/proto@1.0.2
+
+## 1.0.1
+
+### Patch Changes
+
+- README updates
+- Updated dependencies
+  - @zitadel/proto@1.0.1
+
+## 1.0.0
+
+### Major Changes
+
+- 32e1199: Initial Release
+
+### Minor Changes
+
+- f32ab7f: Initial release
+
+### Patch Changes
+
+- Updated dependencies [f32ab7f]
+- Updated dependencies [32e1199]
+  - @zitadel/proto@1.0.0
diff --git a/login/packages/zitadel-client/README.md b/login/packages/zitadel-client/README.md
new file mode 100644
index 0000000000..0a14fe32f5
--- /dev/null
+++ b/login/packages/zitadel-client/README.md
@@ -0,0 +1,53 @@
+# ZITADEL Client
+
+This package exports services and utilities to interact with ZITADEL
+
+## Installation
+
+To install the package, use npm or yarn:
+
+```sh
+npm install @zitadel/client
+```
+
+or
+
+```sh
+yarn add @zitadel/client
+```
+
+## Usage
+
+### Importing Services
+
+You can import and use the services provided by this package to interact with ZITADEL.
+
+```ts
+import { createSettingsServiceClient, makeReqCtx } from "@zitadel/client/v2";
+
+// Example usage
+const transport = createServerTransport(process.env.ZITADEL_SERVICE_USER_TOKEN!, { baseUrl: process.env.ZITADEL_API_URL! });
+
+const settingsService = createSettingsServiceClient(transport);
+
+settingsService.getBrandingSettings({ ctx: makeReqCtx("orgId") }, {});
+```
+
+### Utilities
+
+This package also provides various utilities to work with ZITADEL
+
+```ts
+import { timestampMs } from "@zitadel/client";
+
+// Example usage
+console.log(`${timestampMs(session.creationDate)}`);
+```
+
+## Documentation
+
+For detailed documentation and API references, please visit the [ZITADEL documentation](https://zitadel.com/docs).
+
+## Contributing
+
+Contributions are welcome! Please read the contributing guidelines before getting started.
diff --git a/login/packages/zitadel-client/package.json b/login/packages/zitadel-client/package.json
new file mode 100644
index 0000000000..298f54f088
--- /dev/null
+++ b/login/packages/zitadel-client/package.json
@@ -0,0 +1,71 @@
+{
+  "name": "@zitadel/client",
+  "version": "1.2.0",
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    },
+    "./v1": {
+      "types": "./dist/v1.d.ts",
+      "import": "./dist/v1.js",
+      "require": "./dist/v1.cjs"
+    },
+    "./v2": {
+      "types": "./dist/v2.d.ts",
+      "import": "./dist/v2.js",
+      "require": "./dist/v2.cjs"
+    },
+    "./v3alpha": {
+      "types": "./dist/v3alpha.d.ts",
+      "import": "./dist/v3alpha.js",
+      "require": "./dist/v3alpha.cjs"
+    },
+    "./node": {
+      "types": "./dist/node.d.ts",
+      "import": "./dist/node.js",
+      "require": "./dist/node.cjs"
+    },
+    "./web": {
+      "types": "./dist/web.d.ts",
+      "import": "./dist/web.js",
+      "require": "./dist/web.cjs"
+    }
+  },
+  "files": [
+    "dist/**"
+  ],
+  "sideEffects": false,
+  "scripts": {
+    "build": "pnpm exec tsup",
+    "build:client:standalone": "pnpm build",
+    "test": "pnpm test:unit",
+    "test:watch": "pnpm test:unit:watch",
+    "test:unit": "pnpm exec vitest",
+    "test:unit:standalone": "pnpm test:unit",
+    "test:unit:watch": "pnpm exec vitest --watch",
+    "dev": "pnpm exec tsup --watch --dts",
+    "lint": "eslint \"src/**/*.ts*\"",
+    "clean": "rm -rf .turbo && rm -rf node_modules && rm -rf dist"
+  },
+  "dependencies": {
+    "@bufbuild/protobuf": "^2.2.2",
+    "@connectrpc/connect": "^2.0.0",
+    "@connectrpc/connect-node": "^2.0.0",
+    "@connectrpc/connect-web": "^2.0.0",
+    "jose": "^5.3.0",
+    "@zitadel/proto": "workspace:*"
+  },
+  "devDependencies": {
+    "@bufbuild/protocompile": "^0.0.1",
+    "@bufbuild/buf": "^1.53.0",
+    "@zitadel/tsconfig": "workspace:*",
+    "@zitadel/eslint-config": "workspace:*"
+  }
+}
diff --git a/login/packages/zitadel-client/src/helpers.ts b/login/packages/zitadel-client/src/helpers.ts
new file mode 100644
index 0000000000..637cadf538
--- /dev/null
+++ b/login/packages/zitadel-client/src/helpers.ts
@@ -0,0 +1,11 @@
+import type { DescService } from "@bufbuild/protobuf";
+import { Timestamp, timestampDate } from "@bufbuild/protobuf/wkt";
+import { createClient, Transport } from "@connectrpc/connect";
+
+export function createClientFor<TService extends DescService>(service: TService) {
+  return (transport: Transport) => createClient(service, transport);
+}
+
+export function toDate(timestamp: Timestamp | undefined): Date | undefined {
+  return timestamp ? timestampDate(timestamp) : undefined;
+}
diff --git a/login/packages/zitadel-client/src/index.ts b/login/packages/zitadel-client/src/index.ts
new file mode 100644
index 0000000000..f3f93e593f
--- /dev/null
+++ b/login/packages/zitadel-client/src/index.ts
@@ -0,0 +1,10 @@
+export { createClientFor, toDate } from "./helpers.js";
+export { NewAuthorizationBearerInterceptor } from "./interceptors.js";
+
+// TODO: Move this to `./protobuf.ts` and export it from there
+export { create, fromJson, toJson } from "@bufbuild/protobuf";
+export type { JsonObject } from "@bufbuild/protobuf";
+export type { GenService } from "@bufbuild/protobuf/codegenv1";
+export { TimestampSchema, timestampDate, timestampFromDate, timestampFromMs, timestampMs } from "@bufbuild/protobuf/wkt";
+export type { Duration, Timestamp } from "@bufbuild/protobuf/wkt";
+export type { Client, Code, ConnectError } from "@connectrpc/connect";
diff --git a/login/packages/zitadel-client/src/interceptors.test.ts b/login/packages/zitadel-client/src/interceptors.test.ts
new file mode 100644
index 0000000000..a5100f866a
--- /dev/null
+++ b/login/packages/zitadel-client/src/interceptors.test.ts
@@ -0,0 +1,67 @@
+import { Int32Value } from "@bufbuild/protobuf/wkt";
+import { compileService } from "@bufbuild/protocompile";
+import { createRouterTransport, HandlerContext } from "@connectrpc/connect";
+import { describe, expect, test, vitest } from "vitest";
+import { NewAuthorizationBearerInterceptor } from "./interceptors.js";
+
+const TestService = compileService(`
+  syntax = "proto3";
+  package handwritten;
+  service TestService {
+    rpc Unary(Int32Value) returns (StringValue);
+  }
+  message Int32Value {
+    int32 value = 1;
+  }
+  message StringValue {
+    string value = 1;
+  }
+`);
+
+describe("NewAuthorizationBearerInterceptor", () => {
+  const transport = {
+    interceptors: [NewAuthorizationBearerInterceptor("mytoken")],
+  };
+
+  test("injects the authorization token", async () => {
+    const handler = vitest.fn((request: Int32Value, context: HandlerContext) => {
+      return { value: request.value.toString() };
+    });
+
+    const service = createRouterTransport(
+      ({ rpc }) => {
+        rpc(TestService.method.unary, handler);
+      },
+      { transport },
+    );
+
+    await service.unary(TestService.method.unary, undefined, undefined, {}, { value: 9001 });
+
+    expect(handler).toBeCalled();
+    expect(handler.mock.calls[0][1].requestHeader.get("Authorization")).toBe("Bearer mytoken");
+  });
+
+  test("do not overwrite the previous authorization token", async () => {
+    const handler = vitest.fn((request: Int32Value, context: HandlerContext) => {
+      return { value: request.value.toString() };
+    });
+
+    const service = createRouterTransport(
+      ({ rpc }) => {
+        rpc(TestService.method.unary, handler);
+      },
+      { transport },
+    );
+
+    await service.unary(
+      TestService.method.unary,
+      undefined,
+      undefined,
+      { Authorization: "Bearer somethingelse" },
+      { value: 9001 },
+    );
+
+    expect(handler).toBeCalled();
+    expect(handler.mock.calls[0][1].requestHeader.get("Authorization")).toBe("Bearer somethingelse");
+  });
+});
diff --git a/login/packages/zitadel-client/src/interceptors.ts b/login/packages/zitadel-client/src/interceptors.ts
new file mode 100644
index 0000000000..9d719c7d70
--- /dev/null
+++ b/login/packages/zitadel-client/src/interceptors.ts
@@ -0,0 +1,16 @@
+import type { Interceptor } from "@connectrpc/connect";
+
+/**
+ * Creates an interceptor that adds an Authorization header with a Bearer token.
+ * @param token
+ */
+export function NewAuthorizationBearerInterceptor(token: string): Interceptor {
+  return (next) => (req) => {
+    // TODO: I am not what is the intent of checking for the Authorization header
+    //  and setting it if it is not present.
+    if (!req.header.get("Authorization")) {
+      req.header.set("Authorization", `Bearer ${token}`);
+    }
+    return next(req);
+  };
+}
diff --git a/login/packages/zitadel-client/src/node.ts b/login/packages/zitadel-client/src/node.ts
new file mode 100644
index 0000000000..0b15310d2c
--- /dev/null
+++ b/login/packages/zitadel-client/src/node.ts
@@ -0,0 +1,36 @@
+import { createGrpcTransport, GrpcTransportOptions } from "@connectrpc/connect-node";
+import { importPKCS8, SignJWT } from "jose";
+import { NewAuthorizationBearerInterceptor } from "./interceptors.js";
+
+/**
+ * Create a server transport using grpc with the given token and configuration options.
+ * @param token
+ * @param opts
+ */
+export function createServerTransport(token: string, opts: GrpcTransportOptions) {
+  return createGrpcTransport({
+    ...opts,
+    interceptors: [...(opts.interceptors || []), NewAuthorizationBearerInterceptor(token)],
+  });
+}
+
+export async function newSystemToken({
+  audience,
+  subject,
+  key,
+  expirationTime,
+}: {
+  audience: string;
+  subject: string;
+  key: string;
+  expirationTime?: number | string | Date;
+}) {
+  return await new SignJWT({})
+    .setProtectedHeader({ alg: "RS256" })
+    .setIssuedAt()
+    .setExpirationTime(expirationTime ?? "1h")
+    .setIssuer(subject)
+    .setSubject(subject)
+    .setAudience(audience)
+    .sign(await importPKCS8(key, "RS256"));
+}
diff --git a/login/packages/zitadel-client/src/v1.ts b/login/packages/zitadel-client/src/v1.ts
new file mode 100644
index 0000000000..d04180cf88
--- /dev/null
+++ b/login/packages/zitadel-client/src/v1.ts
@@ -0,0 +1,11 @@
+import { createClientFor } from "./helpers.js";
+
+import { AdminService } from "@zitadel/proto/zitadel/admin_pb.js";
+import { AuthService } from "@zitadel/proto/zitadel/auth_pb.js";
+import { ManagementService } from "@zitadel/proto/zitadel/management_pb.js";
+import { SystemService } from "@zitadel/proto/zitadel/system_pb.js";
+
+export const createAdminServiceClient = createClientFor(AdminService);
+export const createAuthServiceClient = createClientFor(AuthService);
+export const createManagementServiceClient = createClientFor(ManagementService);
+export const createSystemServiceClient = createClientFor(SystemService);
diff --git a/login/packages/zitadel-client/src/v2.ts b/login/packages/zitadel-client/src/v2.ts
new file mode 100644
index 0000000000..49cf901734
--- /dev/null
+++ b/login/packages/zitadel-client/src/v2.ts
@@ -0,0 +1,27 @@
+import { create } from "@bufbuild/protobuf";
+import { FeatureService } from "@zitadel/proto/zitadel/feature/v2/feature_service_pb.js";
+import { IdentityProviderService } from "@zitadel/proto/zitadel/idp/v2/idp_service_pb.js";
+import { RequestContextSchema } from "@zitadel/proto/zitadel/object/v2/object_pb.js";
+import { OIDCService } from "@zitadel/proto/zitadel/oidc/v2/oidc_service_pb.js";
+import { OrganizationService } from "@zitadel/proto/zitadel/org/v2/org_service_pb.js";
+import { SAMLService } from "@zitadel/proto/zitadel/saml/v2/saml_service_pb.js";
+import { SessionService } from "@zitadel/proto/zitadel/session/v2/session_service_pb.js";
+import { SettingsService } from "@zitadel/proto/zitadel/settings/v2/settings_service_pb.js";
+import { UserService } from "@zitadel/proto/zitadel/user/v2/user_service_pb.js";
+
+import { createClientFor } from "./helpers.js";
+
+export const createUserServiceClient = createClientFor(UserService);
+export const createSettingsServiceClient = createClientFor(SettingsService);
+export const createSessionServiceClient = createClientFor(SessionService);
+export const createOIDCServiceClient = createClientFor(OIDCService);
+export const createSAMLServiceClient = createClientFor(SAMLService);
+export const createOrganizationServiceClient = createClientFor(OrganizationService);
+export const createFeatureServiceClient = createClientFor(FeatureService);
+export const createIdpServiceClient = createClientFor(IdentityProviderService);
+
+export function makeReqCtx(orgId: string | undefined) {
+  return create(RequestContextSchema, {
+    resourceOwner: orgId ? { case: "orgId", value: orgId } : { case: "instance", value: true },
+  });
+}
diff --git a/login/packages/zitadel-client/src/v3alpha.ts b/login/packages/zitadel-client/src/v3alpha.ts
new file mode 100644
index 0000000000..a5cc533ade
--- /dev/null
+++ b/login/packages/zitadel-client/src/v3alpha.ts
@@ -0,0 +1,6 @@
+import { ZITADELUsers } from "@zitadel/proto/zitadel/resources/user/v3alpha/user_service_pb.js";
+import { ZITADELUserSchemas } from "@zitadel/proto/zitadel/resources/userschema/v3alpha/user_schema_service_pb.js";
+import { createClientFor } from "./helpers.js";
+
+export const createUserSchemaServiceClient = createClientFor(ZITADELUserSchemas);
+export const createUserServiceClient = createClientFor(ZITADELUsers);
diff --git a/login/packages/zitadel-client/src/web.ts b/login/packages/zitadel-client/src/web.ts
new file mode 100644
index 0000000000..26c40da0fe
--- /dev/null
+++ b/login/packages/zitadel-client/src/web.ts
@@ -0,0 +1,15 @@
+import { GrpcTransportOptions } from "@connectrpc/connect-node";
+import { createGrpcWebTransport } from "@connectrpc/connect-web";
+import { NewAuthorizationBearerInterceptor } from "./interceptors.js";
+
+/**
+ * Create a client transport using grpc web with the given token and configuration options.
+ * @param token
+ * @param opts
+ */
+export function createClientTransport(token: string, opts: GrpcTransportOptions) {
+  return createGrpcWebTransport({
+    ...opts,
+    interceptors: [...(opts.interceptors || []), NewAuthorizationBearerInterceptor(token)],
+  });
+}
diff --git a/login/packages/zitadel-client/tsconfig.json b/login/packages/zitadel-client/tsconfig.json
new file mode 100644
index 0000000000..5f0ea69110
--- /dev/null
+++ b/login/packages/zitadel-client/tsconfig.json
@@ -0,0 +1,5 @@
+{
+  "extends": "@zitadel/tsconfig/tsup.json",
+  "include": ["./src/**/*"],
+  "exclude": ["dist", "build", "node_modules"]
+}
diff --git a/login/packages/zitadel-client/tsup.config.ts b/login/packages/zitadel-client/tsup.config.ts
new file mode 100644
index 0000000000..3c9eeb8b83
--- /dev/null
+++ b/login/packages/zitadel-client/tsup.config.ts
@@ -0,0 +1,13 @@
+import { defineConfig, Options } from "tsup";
+
+export default defineConfig((options: Options) => ({
+  entry: ["src/index.ts", "src/v1.ts", "src/v2.ts", "src/v3alpha.ts", "src/node.ts", "src/web.ts"],
+  format: ["esm", "cjs"],
+  treeshake: false,
+  splitting: true,
+  dts: true,
+  minify: false,
+  clean: true,
+  sourcemap: true,
+  ...options,
+}));
diff --git a/login/packages/zitadel-client/turbo.json b/login/packages/zitadel-client/turbo.json
new file mode 100644
index 0000000000..b54d25e2ba
--- /dev/null
+++ b/login/packages/zitadel-client/turbo.json
@@ -0,0 +1,12 @@
+{
+  "extends": ["//"],
+  "tasks": {
+    "build": {
+      "outputs": ["dist/**"],
+      "dependsOn": ["@zitadel/proto#generate"]
+    },
+    "build:client:standalone": {
+      "outputs": ["dist/**"]
+    }
+  }
+}
diff --git a/login/packages/zitadel-eslint-config/CHANGELOG.md b/login/packages/zitadel-eslint-config/CHANGELOG.md
new file mode 100644
index 0000000000..6759f857ff
--- /dev/null
+++ b/login/packages/zitadel-eslint-config/CHANGELOG.md
@@ -0,0 +1,13 @@
+# @zitadel/eslint-config
+
+## 0.1.1
+
+### Patch Changes
+
+- README updates
+
+## 0.1.0
+
+### Minor Changes
+
+- f32ab7f: Initial release
diff --git a/login/packages/zitadel-eslint-config/README.md b/login/packages/zitadel-eslint-config/README.md
new file mode 100644
index 0000000000..d8d6851f91
--- /dev/null
+++ b/login/packages/zitadel-eslint-config/README.md
@@ -0,0 +1,35 @@
+# ZITADEL ESLint Config
+
+This package provides the ESLint configuration used by ZITADEL projects. It includes a set of rules and plugins to ensure consistent code quality and style across all ZITADEL codebases.
+
+## Installation
+
+To install the package, use npm or yarn:
+
+```sh
+npm install @zitadel/eslint-config
+```
+
+or
+
+```sh
+yarn add @zitadel/eslint-config
+```
+
+## Usage
+
+To use the ESLint configuration in your project, extend it in your `.eslintrc` file:
+
+```js
+{
+  "extends": "@zitadel/eslint-config"
+}
+```
+
+## Documentation
+
+For detailed documentation and configuration options, please refer to the [ESLint documentation](https://eslint.org/docs/user-guide/configuring).
+
+## Contributing
+
+Contributions are welcome! Please read the contributing guidelines before getting started.
diff --git a/login/packages/zitadel-eslint-config/index.js b/login/packages/zitadel-eslint-config/index.js
new file mode 100644
index 0000000000..6a53b2a5e6
--- /dev/null
+++ b/login/packages/zitadel-eslint-config/index.js
@@ -0,0 +1,13 @@
+module.exports = {
+  parser: "@babel/eslint-parser",
+  extends: ["next", "turbo", "prettier"],
+  rules: {
+    "@next/next/no-html-link-for-pages": "off",
+  },
+  parserOptions: {
+    requireConfigFile: false,
+    babelOptions: {
+      presets: ["next/babel"],
+    },
+  },
+};
diff --git a/login/packages/zitadel-eslint-config/package.json b/login/packages/zitadel-eslint-config/package.json
new file mode 100644
index 0000000000..84c9c76dab
--- /dev/null
+++ b/login/packages/zitadel-eslint-config/package.json
@@ -0,0 +1,17 @@
+{
+  "name": "@zitadel/eslint-config",
+  "version": "0.1.1",
+  "main": "index.js",
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@typescript-eslint/parser": "^7.9.0",
+    "eslint-config-next": "^14.2.18",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-config-turbo": "^2.0.9",
+    "eslint-plugin-react": "^7.34.1",
+    "@babel/eslint-parser": "^7.25.9"
+  }
+}
diff --git a/login/packages/zitadel-prettier-config/CHANGELOG.md b/login/packages/zitadel-prettier-config/CHANGELOG.md
new file mode 100644
index 0000000000..83045c3320
--- /dev/null
+++ b/login/packages/zitadel-prettier-config/CHANGELOG.md
@@ -0,0 +1,13 @@
+# @zitadel/prettier-config
+
+## 0.1.1
+
+### Patch Changes
+
+- README updates
+
+## 0.1.0
+
+### Minor Changes
+
+- f32ab7f: Initial release
diff --git a/login/packages/zitadel-prettier-config/README.md b/login/packages/zitadel-prettier-config/README.md
new file mode 100644
index 0000000000..f33913273b
--- /dev/null
+++ b/login/packages/zitadel-prettier-config/README.md
@@ -0,0 +1,36 @@
+# ZITADEL Prettier Config
+
+This package provides the Prettier configuration used by ZITADEL projects. It includes a set of formatting rules to ensure consistent code style across all ZITADEL codebases.
+
+## Installation
+
+To install the package, use npm or yarn:
+
+```sh
+npm install @zitadel/prettier-config
+```
+
+or
+
+```sh
+yarn add @zitadel/prettier-config
+```
+
+## Usage
+
+To use the Prettier configuration in your project, extend it in your `prettier.config.js` file:
+
+```js
+module.exports = {
+  ...require("@zitadel/prettier-config"),
+  // Add your custom configurations here
+};
+```
+
+## Documentation
+
+For detailed documentation and configuration options, please refer to the [Prettier documentation](https://prettier.io/docs/en/configuration.html).
+
+## Contributing
+
+Contributions are welcome! Please read the contributing guidelines before getting started.
diff --git a/login/packages/zitadel-prettier-config/index.js b/login/packages/zitadel-prettier-config/index.js
new file mode 100644
index 0000000000..31d8c455e8
--- /dev/null
+++ b/login/packages/zitadel-prettier-config/index.js
@@ -0,0 +1,11 @@
+export default {
+  printWidth: 80,
+  tabWidth: 2,
+  useTabs: false,
+  semi: true,
+  singleQuote: false,
+  trailingComma: 'all',
+  bracketSpacing: true,
+  arrowParens: 'always',
+  plugins: ["prettier-plugin-organize-imports"]
+};
diff --git a/login/packages/zitadel-prettier-config/package.json b/login/packages/zitadel-prettier-config/package.json
new file mode 100644
index 0000000000..7b7cbf253e
--- /dev/null
+++ b/login/packages/zitadel-prettier-config/package.json
@@ -0,0 +1,12 @@
+{
+  "name": "@zitadel/prettier-config",
+  "version": "0.1.1",
+  "description": "Prettier configuration",
+  "type": "module",
+  "publishConfig": {
+    "access": "public"
+  },
+  "exports": {
+    ".": "./index.js"
+  }
+}
diff --git a/login/packages/zitadel-proto/.gitignore b/login/packages/zitadel-proto/.gitignore
new file mode 100644
index 0000000000..20bdea6767
--- /dev/null
+++ b/login/packages/zitadel-proto/.gitignore
@@ -0,0 +1,5 @@
+zitadel
+google
+protoc-gen-openapiv2
+validate
+node_modules
diff --git a/login/packages/zitadel-proto/CHANGELOG.md b/login/packages/zitadel-proto/CHANGELOG.md
new file mode 100644
index 0000000000..c3964e2b29
--- /dev/null
+++ b/login/packages/zitadel-proto/CHANGELOG.md
@@ -0,0 +1,47 @@
+# @zitadel/proto
+
+## 1.2.0
+
+### Minor Changes
+
+- 62ad388: revert CJS support
+
+## 1.1.0
+
+### Minor Changes
+
+- 9692297: add CJS and ESM support
+
+## 1.0.4
+
+### Patch Changes
+
+- 97b0332: bind @zitadel/proto version to zitadel tag
+
+## 1.0.3
+
+### Patch Changes
+
+- 90fbdd1: use node16/nodenext module resolution
+
+## 1.0.2
+
+### Patch Changes
+
+- include validate, google and protoc-gen-openapiv2
+
+## 1.0.1
+
+### Patch Changes
+
+- README updates
+
+## 1.0.0
+
+### Major Changes
+
+- 32e1199: Initial Release
+
+### Minor Changes
+
+- f32ab7f: Initial release
diff --git a/login/packages/zitadel-proto/README.md b/login/packages/zitadel-proto/README.md
new file mode 100644
index 0000000000..bf8a064c12
--- /dev/null
+++ b/login/packages/zitadel-proto/README.md
@@ -0,0 +1,35 @@
+# ZITADEL Proto
+
+This package provides the Protocol Buffers (proto) definitions used by ZITADEL projects. It includes the proto files and generated code for interacting with ZITADEL's gRPC APIs.
+
+## Installation
+
+To install the package, use npm or yarn:
+
+```sh
+npm install @zitadel/proto
+```
+
+or
+
+```sh
+yarn add @zitadel/proto
+```
+
+## Usage
+
+To use the proto definitions in your project, import the generated code:
+
+```ts
+import { Organization } from "@zitadel/proto/zitadel/org/v2/org_pb";
+
+const org: Organization | null = await getDefaultOrg();
+```
+
+## Documentation
+
+For detailed documentation and API references, please visit the [ZITADEL documentation](https://zitadel.com/docs).
+
+## Contributing
+
+Contributions are welcome! Please read the contributing guidelines before getting started.
diff --git a/login/packages/zitadel-proto/buf.gen.yaml b/login/packages/zitadel-proto/buf.gen.yaml
new file mode 100644
index 0000000000..84ecfaea9d
--- /dev/null
+++ b/login/packages/zitadel-proto/buf.gen.yaml
@@ -0,0 +1,10 @@
+version: v2
+managed:
+  enabled: true
+plugins:
+  - remote: buf.build/bufbuild/es:v2.2.0
+    out: .
+    include_imports: true
+    opt:
+      - json_types=true
+      - import_extension=js
diff --git a/login/packages/zitadel-proto/package.json b/login/packages/zitadel-proto/package.json
new file mode 100644
index 0000000000..2c60bced4b
--- /dev/null
+++ b/login/packages/zitadel-proto/package.json
@@ -0,0 +1,26 @@
+{
+  "name": "@zitadel/proto",
+  "version": "1.2.0",
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "type": "module",
+  "files": [
+    "zitadel/**",
+    "validate/**",
+    "google/**",
+    "protoc-gen-openapiv2/**"
+  ],
+  "sideEffects": false,
+  "scripts": {
+    "generate": "pnpm exec buf generate https://github.com/zitadel/zitadel.git --path ./proto/zitadel",
+    "clean": "rm -rf zitadel .turbo node_modules google protoc-gen-openapiv2 validate"
+  },
+  "dependencies": {
+    "@bufbuild/protobuf": "^2.2.2"
+  },
+  "devDependencies": {
+    "@bufbuild/buf": "^1.53.0"
+  }
+}
diff --git a/login/packages/zitadel-proto/turbo.json b/login/packages/zitadel-proto/turbo.json
new file mode 100644
index 0000000000..2d24f0349b
--- /dev/null
+++ b/login/packages/zitadel-proto/turbo.json
@@ -0,0 +1,9 @@
+{
+  "extends": ["//"],
+  "tasks": {
+    "generate": {
+      "outputs": ["zitadel/**"],
+      "cache": false
+    }
+  }
+}
diff --git a/login/packages/zitadel-tailwind-config/CHANGELOG.md b/login/packages/zitadel-tailwind-config/CHANGELOG.md
new file mode 100644
index 0000000000..e3c4d7207e
--- /dev/null
+++ b/login/packages/zitadel-tailwind-config/CHANGELOG.md
@@ -0,0 +1,13 @@
+# @zitadel/tailwind-config
+
+## 0.1.1
+
+### Patch Changes
+
+- README updates
+
+## 0.1.0
+
+### Minor Changes
+
+- f32ab7f: Initial release
diff --git a/login/packages/zitadel-tailwind-config/README.md b/login/packages/zitadel-tailwind-config/README.md
new file mode 100644
index 0000000000..f52b6c263b
--- /dev/null
+++ b/login/packages/zitadel-tailwind-config/README.md
@@ -0,0 +1,36 @@
+# ZITADEL Tailwind Config
+
+This package provides the Tailwind CSS configuration used by ZITADEL projects. It includes a set of default styles, themes, and utility classes to ensure consistent design and styling across all ZITADEL codebases.
+
+## Installation
+
+To install the package, use npm or yarn:
+
+```sh
+npm install @zitadel/tailwind-config
+```
+
+or
+
+```sh
+yarn add @zitadel/tailwind-config
+```
+
+## Usage
+
+To use the Tailwind CSS configuration in your project, extend it in your `tailwind.config.js` file:
+
+```js
+module.exports = {
+  presets: [require("@zitadel/tailwind-config")],
+  // Add your custom configurations here
+};
+```
+
+## Documentation
+
+For detailed documentation and configuration options, please refer to the [Tailwind CSS documentation](https://tailwindcss.com/docs)
+
+## Contributing
+
+Contributions are welcome! Please read the contributing guidelines before getting started.
diff --git a/login/packages/zitadel-tailwind-config/package.json b/login/packages/zitadel-tailwind-config/package.json
new file mode 100644
index 0000000000..8fba4bac95
--- /dev/null
+++ b/login/packages/zitadel-tailwind-config/package.json
@@ -0,0 +1,12 @@
+{
+  "name": "@zitadel/tailwind-config",
+  "version": "0.1.1",
+  "publishConfig": {
+    "access": "public"
+  },
+  "main": "index.js",
+  "devDependencies": {
+    "tailwindcss": "^4.1.4",
+    "@tailwindcss/forms": "0.5.3"
+  }
+}
diff --git a/login/packages/zitadel-tailwind-config/tailwind.config.mjs b/login/packages/zitadel-tailwind-config/tailwind.config.mjs
new file mode 100644
index 0000000000..4a9a437cb7
--- /dev/null
+++ b/login/packages/zitadel-tailwind-config/tailwind.config.mjs
@@ -0,0 +1,97 @@
+import colors from "tailwindcss/colors";
+
+/** @type {import('tailwindcss').Config} */
+export default {
+  content: ["./app/**/*.{js,ts,jsx,tsx}", "./page/**/*.{js,ts,jsx,tsx}", "./ui/**/*.{js,ts,jsx,tsx}"],
+  future: {
+    hoverOnlyWhenSupported: true,
+  },
+  theme: {
+    extend: {
+      // https://vercel.com/design/color
+      fontSize: {
+        "12px": "12px",
+        "14px": "14px",
+      },
+      colors: {
+        gray: colors.zinc,
+        divider: {
+          dark: "rgba(135,149,161,.2)",
+          light: "rgba(135,149,161,.2)",
+        },
+        input: {
+          light: {
+            label: "#000000c7",
+            background: "#00000004",
+            border: "#1a191954",
+            hoverborder: "1a1b1b",
+          },
+          dark: {
+            label: "#ffffffc7",
+            background: "#00000020",
+            border: "#f9f7f775",
+            hoverborder: "#e0e0e0",
+          },
+        },
+        button: {
+          light: {
+            border: "#0000001f",
+          },
+          dark: {
+            border: "#ffffff1f",
+          },
+        },
+      },
+      backgroundImage: ({ theme }) => ({
+        "dark-vc-border-gradient": `radial-gradient(at left top, ${theme(
+          "colors.gray.800",
+        )}, 50px, ${theme("colors.gray.800")} 50%)`,
+        "vc-border-gradient": `radial-gradient(at left top, ${theme(
+          "colors.gray.200",
+        )}, 50px, ${theme("colors.gray.300")} 50%)`,
+      }),
+      keyframes: ({ theme }) => ({
+        rerender: {
+          "0%": {
+            ["border-color"]: theme("colors.pink.500"),
+          },
+          "40%": {
+            ["border-color"]: theme("colors.pink.500"),
+          },
+        },
+        highlight: {
+          "0%": {
+            background: theme("colors.pink.500"),
+            color: theme("colors.white"),
+          },
+          "40%": {
+            background: theme("colors.pink.500"),
+            color: theme("colors.white"),
+          },
+        },
+        shimmer: {
+          "100%": {
+            transform: "translateX(100%)",
+          },
+        },
+        translateXReset: {
+          "100%": {
+            transform: "translateX(0)",
+          },
+        },
+        fadeToTransparent: {
+          "0%": {
+            opacity: 1,
+          },
+          "40%": {
+            opacity: 1,
+          },
+          "100%": {
+            opacity: 0,
+          },
+        },
+      }),
+    },
+  },
+  plugins: [require("@tailwindcss/forms")],
+};
diff --git a/login/packages/zitadel-tsconfig/CHANGELOG.md b/login/packages/zitadel-tsconfig/CHANGELOG.md
new file mode 100644
index 0000000000..c2d2e7e31c
--- /dev/null
+++ b/login/packages/zitadel-tsconfig/CHANGELOG.md
@@ -0,0 +1,13 @@
+# @zitadel/tsconfig
+
+## 0.1.1
+
+### Patch Changes
+
+- README updates
+
+## 0.1.0
+
+### Minor Changes
+
+- f32ab7f: Initial release
diff --git a/login/packages/zitadel-tsconfig/README.md b/login/packages/zitadel-tsconfig/README.md
new file mode 100644
index 0000000000..b93674b2b1
--- /dev/null
+++ b/login/packages/zitadel-tsconfig/README.md
@@ -0,0 +1,35 @@
+# ZITADEL TypeScript Config
+
+This package provides the TypeScript configuration used by ZITADEL projects. It includes a set of rules and settings to ensure consistent TypeScript configuration across all ZITADEL codebases.
+
+## Installation
+
+To install the package, use npm or yarn:
+
+```sh
+npm install @zitadel/tsconfig
+```
+
+or
+
+```sh
+yarn add @zitadel/tsconfig
+```
+
+## Usage
+
+To use the TypeScript configuration in your project, extend it in your `tsconfig.json` file:
+
+```json
+{
+  "extends": "@zitadel/tsconfig/tsup.json"
+}
+```
+
+## Documentation
+
+For detailed documentation and configuration options, please refer to the [TypeScript documentation](https://www.typescriptlang.org/docs/).
+
+## Contributing
+
+Contributions are welcome! Please read the contributing guidelines before getting started.
diff --git a/login/packages/zitadel-tsconfig/base.json b/login/packages/zitadel-tsconfig/base.json
new file mode 100644
index 0000000000..6d65860cce
--- /dev/null
+++ b/login/packages/zitadel-tsconfig/base.json
@@ -0,0 +1,20 @@
+{
+  "$schema": "https://json.schemastore.org/tsconfig",
+  "display": "Default",
+  "compilerOptions": {
+    "composite": false,
+    "declaration": true,
+    "declarationMap": true,
+    "esModuleInterop": true,
+    "forceConsistentCasingInFileNames": true,
+    "inlineSources": false,
+    "isolatedModules": true,
+    "moduleResolution": "node16",
+    "noUnusedLocals": false,
+    "noUnusedParameters": false,
+    "preserveWatchOutput": true,
+    "skipLibCheck": true,
+    "strict": true
+  },
+  "exclude": ["node_modules"]
+}
diff --git a/login/packages/zitadel-tsconfig/nextjs.json b/login/packages/zitadel-tsconfig/nextjs.json
new file mode 100644
index 0000000000..eaa9942e1e
--- /dev/null
+++ b/login/packages/zitadel-tsconfig/nextjs.json
@@ -0,0 +1,32 @@
+{
+  "$schema": "https://json.schemastore.org/tsconfig",
+  "display": "Next.js",
+  "extends": "./base.json",
+  "compilerOptions": {
+    "target": "es5",
+    "lib": ["dom", "dom.iterable", "esnext"],
+    "allowJs": true,
+    "skipLibCheck": true,
+    "strict": true,
+    "forceConsistentCasingInFileNames": true,
+    "noEmit": true,
+    "esModuleInterop": true,
+    "module": "esnext",
+    "moduleResolution": "bundler",
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "jsx": "preserve",
+    "incremental": true,
+    "preserveSymlinks": true,
+    "declaration": false,
+    "declarationMap": false,
+    "baseUrl": ".",
+    "plugins": [
+      {
+        "name": "next"
+      }
+    ]
+  },
+  "include": ["src", "next-env.d.ts"],
+  "exclude": ["node_modules"]
+}
diff --git a/login/packages/zitadel-tsconfig/node20.json b/login/packages/zitadel-tsconfig/node20.json
new file mode 100644
index 0000000000..bc88cfbee4
--- /dev/null
+++ b/login/packages/zitadel-tsconfig/node20.json
@@ -0,0 +1,10 @@
+{
+  "$schema": "https://json.schemastore.org/tsconfig",
+  "display": "Node 20",
+  "extends": "./base.json",
+  "compilerOptions": {
+    "lib": ["es2023"],
+    "module": "node16",
+    "target": "es2022"
+  }
+}
diff --git a/login/packages/zitadel-tsconfig/package.json b/login/packages/zitadel-tsconfig/package.json
new file mode 100644
index 0000000000..a4d713db85
--- /dev/null
+++ b/login/packages/zitadel-tsconfig/package.json
@@ -0,0 +1,9 @@
+{
+  "name": "@zitadel/tsconfig",
+  "version": "0.1.1",
+  "publishConfig": {
+    "access": "public"
+  },
+  "type": "module",
+  "license": "MIT"
+}
diff --git a/login/packages/zitadel-tsconfig/react-library.json b/login/packages/zitadel-tsconfig/react-library.json
new file mode 100644
index 0000000000..3f6e3580f4
--- /dev/null
+++ b/login/packages/zitadel-tsconfig/react-library.json
@@ -0,0 +1,11 @@
+{
+  "$schema": "https://json.schemastore.org/tsconfig",
+  "display": "React Library",
+  "extends": "./base.json",
+  "compilerOptions": {
+    "jsx": "react-jsx",
+    "lib": ["dom", "ES2015"],
+    "module": "preserve",
+    "moduleResolution": "Bundler"
+  }
+}
diff --git a/login/packages/zitadel-tsconfig/tsup.json b/login/packages/zitadel-tsconfig/tsup.json
new file mode 100644
index 0000000000..1e5cbe42be
--- /dev/null
+++ b/login/packages/zitadel-tsconfig/tsup.json
@@ -0,0 +1,5 @@
+{
+  "$schema": "https://json.schemastore.org/tsconfig",
+  "display": "tsup",
+  "extends": "./node20.json"
+}
diff --git a/login/pnpm-lock.yaml b/login/pnpm-lock.yaml
new file mode 100644
index 0000000000..8c6424ccf6
--- /dev/null
+++ b/login/pnpm-lock.yaml
@@ -0,0 +1,9519 @@
+lockfileVersion: '9.0'
+
+settings:
+  autoInstallPeers: true
+  excludeLinksFromLockfile: false
+
+overrides:
+  '@typescript-eslint/parser': ^7.9.0
+
+importers:
+
+  .:
+    devDependencies:
+      '@changesets/cli':
+        specifier: ^2.29.2
+        version: 2.29.2
+      '@vitejs/plugin-react':
+        specifier: ^4.4.1
+        version: 4.4.1(vite@6.3.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1))
+      '@zitadel/eslint-config':
+        specifier: workspace:*
+        version: link:packages/zitadel-eslint-config
+      '@zitadel/prettier-config':
+        specifier: workspace:*
+        version: link:packages/zitadel-prettier-config
+      axios:
+        specifier: ^1.8.4
+        version: 1.8.4(debug@4.4.0)
+      dotenv:
+        specifier: ^16.5.0
+        version: 16.5.0
+      dotenv-cli:
+        specifier: ^8.0.0
+        version: 8.0.0
+      eslint:
+        specifier: 8.57.1
+        version: 8.57.1
+      prettier:
+        specifier: ^3.5.3
+        version: 3.5.3
+      prettier-plugin-organize-imports:
+        specifier: ^4.1.0
+        version: 4.1.0(prettier@3.5.3)(typescript@5.8.3)
+      tsup:
+        specifier: ^8.4.0
+        version: 8.4.0(jiti@1.21.6)(postcss@8.5.3)(typescript@5.8.3)(yaml@2.7.1)
+      turbo:
+        specifier: 2.5.0
+        version: 2.5.0
+      typescript:
+        specifier: ^5.8.3
+        version: 5.8.3
+      vite-tsconfig-paths:
+        specifier: ^5.1.4
+        version: 5.1.4(typescript@5.8.3)(vite@6.3.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1))
+      vitest:
+        specifier: ^3.1.2
+        version: 3.1.2(@types/node@22.14.1)(jiti@1.21.6)(jsdom@26.1.0)(sass@1.87.0)(yaml@2.7.1)
+
+  apps/login:
+    dependencies:
+      '@headlessui/react':
+        specifier: ^2.1.9
+        version: 2.1.9(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@heroicons/react':
+        specifier: 2.1.3
+        version: 2.1.3(react@19.1.0)
+      '@tailwindcss/forms':
+        specifier: 0.5.7
+        version: 0.5.7(tailwindcss@3.4.14)
+      '@vercel/analytics':
+        specifier: ^1.2.2
+        version: 1.3.1(next@15.4.0-canary.86(@playwright/test@1.52.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(sass@1.87.0))(react@19.1.0)
+      '@zitadel/client':
+        specifier: workspace:*
+        version: link:../../packages/zitadel-client
+      '@zitadel/proto':
+        specifier: workspace:*
+        version: link:../../packages/zitadel-proto
+      clsx:
+        specifier: 1.2.1
+        version: 1.2.1
+      copy-to-clipboard:
+        specifier: ^3.3.3
+        version: 3.3.3
+      deepmerge:
+        specifier: ^4.3.1
+        version: 4.3.1
+      lucide-react:
+        specifier: 0.469.0
+        version: 0.469.0(react@19.1.0)
+      moment:
+        specifier: ^2.29.4
+        version: 2.30.1
+      next:
+        specifier: 15.4.0-canary.86
+        version: 15.4.0-canary.86(@playwright/test@1.52.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(sass@1.87.0)
+      next-intl:
+        specifier: ^3.25.1
+        version: 3.26.5(next@15.4.0-canary.86(@playwright/test@1.52.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(sass@1.87.0))(react@19.1.0)
+      next-themes:
+        specifier: ^0.2.1
+        version: 0.2.1(next@15.4.0-canary.86(@playwright/test@1.52.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(sass@1.87.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      nice-grpc:
+        specifier: 2.0.1
+        version: 2.0.1
+      qrcode.react:
+        specifier: ^3.1.0
+        version: 3.1.0(react@19.1.0)
+      react:
+        specifier: 19.1.0
+        version: 19.1.0
+      react-dom:
+        specifier: 19.1.0
+        version: 19.1.0(react@19.1.0)
+      react-hook-form:
+        specifier: 7.39.5
+        version: 7.39.5(react@19.1.0)
+      tinycolor2:
+        specifier: 1.4.2
+        version: 1.4.2
+      uuid:
+        specifier: ^11.1.0
+        version: 11.1.0
+    devDependencies:
+      '@bufbuild/buf':
+        specifier: ^1.53.0
+        version: 1.53.0
+      '@testing-library/jest-dom':
+        specifier: ^6.6.3
+        version: 6.6.3
+      '@testing-library/react':
+        specifier: ^16.3.0
+        version: 16.3.0(@testing-library/dom@10.4.0)(@types/react-dom@19.1.2(@types/react@19.1.2))(@types/react@19.1.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@types/ms':
+        specifier: 2.1.0
+        version: 2.1.0
+      '@types/node':
+        specifier: ^22.14.1
+        version: 22.14.1
+      '@types/react':
+        specifier: 19.1.2
+        version: 19.1.2
+      '@types/react-dom':
+        specifier: 19.1.2
+        version: 19.1.2(@types/react@19.1.2)
+      '@types/tinycolor2':
+        specifier: 1.4.3
+        version: 1.4.3
+      '@types/uuid':
+        specifier: ^10.0.0
+        version: 10.0.0
+      '@vercel/git-hooks':
+        specifier: 1.0.0
+        version: 1.0.0
+      '@zitadel/eslint-config':
+        specifier: workspace:*
+        version: link:../../packages/zitadel-eslint-config
+      '@zitadel/prettier-config':
+        specifier: workspace:*
+        version: link:../../packages/zitadel-prettier-config
+      '@zitadel/tailwind-config':
+        specifier: workspace:*
+        version: link:../../packages/zitadel-tailwind-config
+      '@zitadel/tsconfig':
+        specifier: workspace:*
+        version: link:../../packages/zitadel-tsconfig
+      autoprefixer:
+        specifier: 10.4.21
+        version: 10.4.21(postcss@8.5.3)
+      grpc-tools:
+        specifier: 1.13.0
+        version: 1.13.0
+      jsdom:
+        specifier: ^26.1.0
+        version: 26.1.0
+      lint-staged:
+        specifier: 15.5.1
+        version: 15.5.1
+      make-dir-cli:
+        specifier: 4.0.0
+        version: 4.0.0
+      postcss:
+        specifier: 8.5.3
+        version: 8.5.3
+      prettier-plugin-tailwindcss:
+        specifier: 0.6.11
+        version: 0.6.11(prettier-plugin-organize-imports@4.1.0(prettier@3.5.3)(typescript@5.8.3))(prettier@3.5.3)
+      sass:
+        specifier: ^1.87.0
+        version: 1.87.0
+      tailwindcss:
+        specifier: 3.4.14
+        version: 3.4.14
+      ts-proto:
+        specifier: ^2.7.0
+        version: 2.7.0
+      typescript:
+        specifier: ^5.8.3
+        version: 5.8.3
+
+  apps/login-test-acceptance:
+    devDependencies:
+      '@faker-js/faker':
+        specifier: ^9.7.0
+        version: 9.7.0
+      '@otplib/core':
+        specifier: ^12.0.0
+        version: 12.0.1
+      '@otplib/plugin-crypto':
+        specifier: ^12.0.0
+        version: 12.0.1
+      '@otplib/plugin-thirty-two':
+        specifier: ^12.0.0
+        version: 12.0.1
+      '@playwright/test':
+        specifier: ^1.52.0
+        version: 1.52.0
+      gaxios:
+        specifier: ^7.1.0
+        version: 7.1.0
+      typescript:
+        specifier: ^5.8.3
+        version: 5.8.3
+
+  apps/login-test-integration:
+    devDependencies:
+      '@types/node':
+        specifier: ^22.14.1
+        version: 22.14.1
+      concurrently:
+        specifier: ^9.1.2
+        version: 9.1.2
+      cypress:
+        specifier: ^14.3.2
+        version: 14.3.2
+      env-cmd:
+        specifier: ^10.0.0
+        version: 10.1.0
+      nodemon:
+        specifier: ^3.1.9
+        version: 3.1.9
+      start-server-and-test:
+        specifier: ^2.0.11
+        version: 2.0.11
+      typescript:
+        specifier: ^5.8.3
+        version: 5.8.3
+
+  packages/zitadel-client:
+    dependencies:
+      '@bufbuild/protobuf':
+        specifier: ^2.2.2
+        version: 2.2.2
+      '@connectrpc/connect':
+        specifier: ^2.0.0
+        version: 2.0.0(@bufbuild/protobuf@2.2.2)
+      '@connectrpc/connect-node':
+        specifier: ^2.0.0
+        version: 2.0.0(@bufbuild/protobuf@2.2.2)(@connectrpc/connect@2.0.0(@bufbuild/protobuf@2.2.2))
+      '@connectrpc/connect-web':
+        specifier: ^2.0.0
+        version: 2.0.0(@bufbuild/protobuf@2.2.2)(@connectrpc/connect@2.0.0(@bufbuild/protobuf@2.2.2))
+      '@zitadel/proto':
+        specifier: workspace:*
+        version: link:../zitadel-proto
+      jose:
+        specifier: ^5.3.0
+        version: 5.8.0
+    devDependencies:
+      '@bufbuild/buf':
+        specifier: ^1.53.0
+        version: 1.53.0
+      '@bufbuild/protocompile':
+        specifier: ^0.0.1
+        version: 0.0.1(@bufbuild/buf@1.53.0)
+      '@zitadel/eslint-config':
+        specifier: workspace:*
+        version: link:../zitadel-eslint-config
+      '@zitadel/tsconfig':
+        specifier: workspace:*
+        version: link:../zitadel-tsconfig
+
+  packages/zitadel-eslint-config:
+    dependencies:
+      '@babel/eslint-parser':
+        specifier: ^7.25.9
+        version: 7.25.9(@babel/core@7.26.10)(eslint@8.57.1)
+      '@typescript-eslint/parser':
+        specifier: ^7.9.0
+        version: 7.18.0(eslint@8.57.1)(typescript@5.8.3)
+      eslint-config-next:
+        specifier: ^14.2.18
+        version: 14.2.18(eslint@8.57.1)(typescript@5.8.3)
+      eslint-config-prettier:
+        specifier: ^9.1.0
+        version: 9.1.0(eslint@8.57.1)
+      eslint-config-turbo:
+        specifier: ^2.0.9
+        version: 2.1.0(eslint@8.57.1)
+      eslint-plugin-react:
+        specifier: ^7.34.1
+        version: 7.35.0(eslint@8.57.1)
+
+  packages/zitadel-prettier-config: {}
+
+  packages/zitadel-proto:
+    dependencies:
+      '@bufbuild/protobuf':
+        specifier: ^2.2.2
+        version: 2.2.2
+    devDependencies:
+      '@bufbuild/buf':
+        specifier: ^1.53.0
+        version: 1.53.0
+
+  packages/zitadel-tailwind-config:
+    devDependencies:
+      '@tailwindcss/forms':
+        specifier: 0.5.3
+        version: 0.5.3(tailwindcss@4.1.4)
+      tailwindcss:
+        specifier: ^4.1.4
+        version: 4.1.4
+
+  packages/zitadel-tsconfig: {}
+
+packages:
+
+  '@adobe/css-tools@4.4.0':
+    resolution: {integrity: sha512-Ff9+ksdQQB3rMncgqDK78uLznstjyfIf2Arnh22pW8kBpLs6rpKDwgnZT46hin5Hl1WzazzK64DOrhSwYpS7bQ==}
+
+  '@alloc/quick-lru@5.2.0':
+    resolution: {integrity: sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==}
+    engines: {node: '>=10'}
+
+  '@ampproject/remapping@2.3.0':
+    resolution: {integrity: sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==}
+    engines: {node: '>=6.0.0'}
+
+  '@asamuzakjp/css-color@3.1.4':
+    resolution: {integrity: sha512-SeuBV4rnjpFNjI8HSgKUwteuFdkHwkboq31HWzznuqgySQir+jSTczoWVVL4jvOjKjuH80fMDG0Fvg1Sb+OJsA==}
+
+  '@babel/code-frame@7.26.2':
+    resolution: {integrity: sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/compat-data@7.26.8':
+    resolution: {integrity: sha512-oH5UPLMWR3L2wEFLnFJ1TZXqHufiTKAiLfqw5zkhS4dKXLJ10yVztfil/twG8EDTA4F/tvVNw9nOl4ZMslB8rQ==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/core@7.26.10':
+    resolution: {integrity: sha512-vMqyb7XCDMPvJFFOaT9kxtiRh42GwlZEg1/uIgtZshS5a/8OaduUfCi7kynKgc3Tw/6Uo2D+db9qBttghhmxwQ==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/eslint-parser@7.25.9':
+    resolution: {integrity: sha512-5UXfgpK0j0Xr/xIdgdLEhOFxaDZ0bRPWJJchRpqOSur/3rZoPbqqki5mm0p4NE2cs28krBEiSM2MB7//afRSQQ==}
+    engines: {node: ^10.13.0 || ^12.13.0 || >=14.0.0}
+    peerDependencies:
+      '@babel/core': ^7.11.0
+      eslint: ^7.5.0 || ^8.0.0 || ^9.0.0
+
+  '@babel/generator@7.27.0':
+    resolution: {integrity: sha512-VybsKvpiN1gU1sdMZIp7FcqphVVKEwcuj02x73uvcHE0PTihx1nlBcowYWhDwjpoAXRv43+gDzyggGnn1XZhVw==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-compilation-targets@7.27.0':
+    resolution: {integrity: sha512-LVk7fbXml0H2xH34dFzKQ7TDZ2G4/rVTOrq9V+icbbadjbVxxeFeDsNHv2SrZeWoA+6ZiTyWYWtScEIW07EAcA==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-module-imports@7.25.9':
+    resolution: {integrity: sha512-tnUA4RsrmflIM6W6RFTLFSXITtl0wKjgpnLgXyowocVPrbYrLUXSBXDgTs8BlbmIzIdlBySRQjINYs2BAkiLtw==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-module-transforms@7.26.0':
+    resolution: {integrity: sha512-xO+xu6B5K2czEnQye6BHA7DolFFmS3LB7stHZFaOLb1pAwO1HWLS8fXA+eh0A2yIvltPVmx3eNNDBJA2SLHXFw==}
+    engines: {node: '>=6.9.0'}
+    peerDependencies:
+      '@babel/core': ^7.0.0
+
+  '@babel/helper-plugin-utils@7.26.5':
+    resolution: {integrity: sha512-RS+jZcRdZdRFzMyr+wcsaqOmld1/EqTghfaBGQQd/WnRdzdlvSZ//kF7U8VQTxf1ynZ4cjUcYgjVGx13ewNPMg==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-string-parser@7.25.9':
+    resolution: {integrity: sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-validator-identifier@7.25.9':
+    resolution: {integrity: sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helper-validator-option@7.25.9':
+    resolution: {integrity: sha512-e/zv1co8pp55dNdEcCynfj9X7nyUKUXoUEwfXqaZt0omVOmDe9oOTdKStH4GmAw6zxMFs50ZayuMfHDKlO7Tfw==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/helpers@7.27.0':
+    resolution: {integrity: sha512-U5eyP/CTFPuNE3qk+WZMxFkp/4zUzdceQlfzf7DdGdhp+Fezd7HD+i8Y24ZuTMKX3wQBld449jijbGq6OdGNQg==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/parser@7.27.0':
+    resolution: {integrity: sha512-iaepho73/2Pz7w2eMS0Q5f83+0RKI7i4xmiYeBmDzfRVbQtTOG7Ts0S4HzJVsTMGI9keU8rNfuZr8DKfSt7Yyg==}
+    engines: {node: '>=6.0.0'}
+    hasBin: true
+
+  '@babel/plugin-transform-react-jsx-self@7.25.9':
+    resolution: {integrity: sha512-y8quW6p0WHkEhmErnfe58r7x0A70uKphQm8Sp8cV7tjNQwK56sNVK0M73LK3WuYmsuyrftut4xAkjjgU0twaMg==}
+    engines: {node: '>=6.9.0'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
+  '@babel/plugin-transform-react-jsx-source@7.25.9':
+    resolution: {integrity: sha512-+iqjT8xmXhhYv4/uiYd8FNQsraMFZIfxVSqxxVSZP0WbbSAWvBXAul0m/zu+7Vv4O/3WtApy9pmaTMiumEZgfg==}
+    engines: {node: '>=6.9.0'}
+    peerDependencies:
+      '@babel/core': ^7.0.0-0
+
+  '@babel/runtime@7.27.0':
+    resolution: {integrity: sha512-VtPOkrdPHZsKc/clNqyi9WUA8TINkZ4cGk63UUE3u4pmB2k+ZMQRDuIOagv8UVd6j7k0T3+RRIb7beKTebNbcw==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/template@7.27.0':
+    resolution: {integrity: sha512-2ncevenBqXI6qRMukPlXwHKHchC7RyMuu4xv5JBXRfOGVcTy1mXCD12qrp7Jsoxll1EV3+9sE4GugBVRjT2jFA==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/traverse@7.27.0':
+    resolution: {integrity: sha512-19lYZFzYVQkkHkl4Cy4WrAVcqBkgvV2YM2TU3xG6DIwO7O3ecbDPfW3yM3bjAGcqcQHi+CCtjMR3dIEHxsd6bA==}
+    engines: {node: '>=6.9.0'}
+
+  '@babel/types@7.27.0':
+    resolution: {integrity: sha512-H45s8fVLYjbhFH62dIJ3WtmJ6RSPt/3DRO0ZcT2SUiYiQyz3BLVb9ADEnLl91m74aQPS3AzzeajZHYOalWe3bg==}
+    engines: {node: '>=6.9.0'}
+
+  '@bufbuild/buf-darwin-arm64@1.53.0':
+    resolution: {integrity: sha512-UVhqDYu54ciiCMeG6RODlrX5XRvLN6PfsVDqMQG0JwmMKtUi326CbUqsqO7xsQbcEUso3FTBaURir4RixoM88w==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@bufbuild/buf-darwin-x64@1.53.0':
+    resolution: {integrity: sha512-03lKaenjf08HF6DlARPU2lEL2dRxNsU6rb9GbUu+YeLayWy7SUlfeDB8drAZ/GpfSc7SL8TKF7jqRkqxT4wFGA==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [darwin]
+
+  '@bufbuild/buf-linux-aarch64@1.53.0':
+    resolution: {integrity: sha512-FlxrB+rZJG5u7v2JovzXvSR/OdXjVXYHTTLnk6vN/73KPbpGPzZrW7mKxlYyn/Uar5tKDAYvmijjuItXZ6i31g==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [linux]
+
+  '@bufbuild/buf-linux-armv7@1.53.0':
+    resolution: {integrity: sha512-e9ER+5Os1DPLhr2X1BRPrQpDZWpv5Mkk2PLnmmzh5RL4kOueJKQZj/m1qQr7SQkiPPhS0yMw7EEghsr521FFzQ==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [linux]
+
+  '@bufbuild/buf-linux-x64@1.53.0':
+    resolution: {integrity: sha512-LehyZPbkRgCvIM56uUnCAUD1QSno2wkBZ5HOvjrjOd0GEjfKgw/fsEu13fJR13bGBNOeOUHbHrd59iUSyY6rGA==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [linux]
+
+  '@bufbuild/buf-win32-arm64@1.53.0':
+    resolution: {integrity: sha512-QRNMHYW6v4keoelIwMNZGQw2R67fsS8lEDnYxrFmiRADwZ/ri/XKJjvQfpoE2Bq0xREB0zZ++RX+1DZOkTA/Iw==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [win32]
+
+  '@bufbuild/buf-win32-x64@1.53.0':
+    resolution: {integrity: sha512-relZlT9gYrZGcEH4dcJhEWrjaHV9drG1PcgW6krqw1AzpQOPxR/loXJ7DycoCAnUhQ9TdsdTfUlVHqiJt98piQ==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [win32]
+
+  '@bufbuild/buf@1.53.0':
+    resolution: {integrity: sha512-GGAztQbbKSv+HaihdDIUpejUcxIx2Fse9SqHfMisJbL/hZ7aOH7BFeSH0q8/g2kSAsLABlenVKeEWKX1uZU3LQ==}
+    engines: {node: '>=12'}
+    hasBin: true
+
+  '@bufbuild/protobuf@2.2.2':
+    resolution: {integrity: sha512-UNtPCbrwrenpmrXuRwn9jYpPoweNXj8X5sMvYgsqYyaH8jQ6LfUJSk3dJLnBK+6sfYPrF4iAIo5sd5HQ+tg75A==}
+
+  '@bufbuild/protobuf@2.2.5':
+    resolution: {integrity: sha512-/g5EzJifw5GF8aren8wZ/G5oMuPoGeS6MQD3ca8ddcvdXR5UELUfdTZITCGNhNXynY/AYl3Z4plmxdj/tRl/hQ==}
+
+  '@bufbuild/protocompile@0.0.1':
+    resolution: {integrity: sha512-cOTMtjcWLcbjF17dPYgeMtVC5jZyS0bSjz3jy8kDPjOgjgSYMD2u2It7w8aCc2z23hTPIKl/2SNdMnz0Jzu3Xg==}
+    peerDependencies:
+      '@bufbuild/buf': ^1.22.0
+
+  '@changesets/apply-release-plan@7.0.12':
+    resolution: {integrity: sha512-EaET7As5CeuhTzvXTQCRZeBUcisoYPDDcXvgTE/2jmmypKp0RC7LxKj/yzqeh/1qFTZI7oDGFcL1PHRuQuketQ==}
+
+  '@changesets/assemble-release-plan@6.0.6':
+    resolution: {integrity: sha512-Frkj8hWJ1FRZiY3kzVCKzS0N5mMwWKwmv9vpam7vt8rZjLL1JMthdh6pSDVSPumHPshTTkKZ0VtNbE0cJHZZUg==}
+
+  '@changesets/changelog-git@0.2.1':
+    resolution: {integrity: sha512-x/xEleCFLH28c3bQeQIyeZf8lFXyDFVn1SgcBiR2Tw/r4IAWlk1fzxCEZ6NxQAjF2Nwtczoen3OA2qR+UawQ8Q==}
+
+  '@changesets/cli@2.29.2':
+    resolution: {integrity: sha512-vwDemKjGYMOc0l6WUUTGqyAWH3AmueeyoJa1KmFRtCYiCoY5K3B68ErYpDB6H48T4lLI4czum4IEjh6ildxUeg==}
+    hasBin: true
+
+  '@changesets/config@3.1.1':
+    resolution: {integrity: sha512-bd+3Ap2TKXxljCggI0mKPfzCQKeV/TU4yO2h2C6vAihIo8tzseAn2e7klSuiyYYXvgu53zMN1OeYMIQkaQoWnA==}
+
+  '@changesets/errors@0.2.0':
+    resolution: {integrity: sha512-6BLOQUscTpZeGljvyQXlWOItQyU71kCdGz7Pi8H8zdw6BI0g3m43iL4xKUVPWtG+qrrL9DTjpdn8eYuCQSRpow==}
+
+  '@changesets/get-dependents-graph@2.1.3':
+    resolution: {integrity: sha512-gphr+v0mv2I3Oxt19VdWRRUxq3sseyUpX9DaHpTUmLj92Y10AGy+XOtV+kbM6L/fDcpx7/ISDFK6T8A/P3lOdQ==}
+
+  '@changesets/get-release-plan@4.0.10':
+    resolution: {integrity: sha512-CCJ/f3edYaA3MqoEnWvGGuZm0uMEMzNJ97z9hdUR34AOvajSwySwsIzC/bBu3+kuGDsB+cny4FljG8UBWAa7jg==}
+
+  '@changesets/get-version-range-type@0.4.0':
+    resolution: {integrity: sha512-hwawtob9DryoGTpixy1D3ZXbGgJu1Rhr+ySH2PvTLHvkZuQ7sRT4oQwMh0hbqZH1weAooedEjRsbrWcGLCeyVQ==}
+
+  '@changesets/git@3.0.4':
+    resolution: {integrity: sha512-BXANzRFkX+XcC1q/d27NKvlJ1yf7PSAgi8JG6dt8EfbHFHi4neau7mufcSca5zRhwOL8j9s6EqsxmT+s+/E6Sw==}
+
+  '@changesets/logger@0.1.1':
+    resolution: {integrity: sha512-OQtR36ZlnuTxKqoW4Sv6x5YIhOmClRd5pWsjZsddYxpWs517R0HkyiefQPIytCVh4ZcC5x9XaG8KTdd5iRQUfg==}
+
+  '@changesets/parse@0.4.1':
+    resolution: {integrity: sha512-iwksMs5Bf/wUItfcg+OXrEpravm5rEd9Bf4oyIPL4kVTmJQ7PNDSd6MDYkpSJR1pn7tz/k8Zf2DhTCqX08Ou+Q==}
+
+  '@changesets/pre@2.0.2':
+    resolution: {integrity: sha512-HaL/gEyFVvkf9KFg6484wR9s0qjAXlZ8qWPDkTyKF6+zqjBe/I2mygg3MbpZ++hdi0ToqNUF8cjj7fBy0dg8Ug==}
+
+  '@changesets/read@0.6.5':
+    resolution: {integrity: sha512-UPzNGhsSjHD3Veb0xO/MwvasGe8eMyNrR/sT9gR8Q3DhOQZirgKhhXv/8hVsI0QpPjR004Z9iFxoJU6in3uGMg==}
+
+  '@changesets/should-skip-package@0.1.2':
+    resolution: {integrity: sha512-qAK/WrqWLNCP22UDdBTMPH5f41elVDlsNyat180A33dWxuUDyNpg6fPi/FyTZwRriVjg0L8gnjJn2F9XAoF0qw==}
+
+  '@changesets/types@4.1.0':
+    resolution: {integrity: sha512-LDQvVDv5Kb50ny2s25Fhm3d9QSZimsoUGBsUioj6MC3qbMUCuC8GPIvk/M6IvXx3lYhAs0lwWUQLb+VIEUCECw==}
+
+  '@changesets/types@6.1.0':
+    resolution: {integrity: sha512-rKQcJ+o1nKNgeoYRHKOS07tAMNd3YSN0uHaJOZYjBAgxfV7TUE7JE+z4BzZdQwb5hKaYbayKN5KrYV7ODb2rAA==}
+
+  '@changesets/write@0.4.0':
+    resolution: {integrity: sha512-CdTLvIOPiCNuH71pyDu3rA+Q0n65cmAbXnwWH84rKGiFumFzkmHNT8KHTMEchcxN+Kl8I54xGUhJ7l3E7X396Q==}
+
+  '@colors/colors@1.5.0':
+    resolution: {integrity: sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==}
+    engines: {node: '>=0.1.90'}
+
+  '@connectrpc/connect-node@2.0.0':
+    resolution: {integrity: sha512-DoI5T+SUvlS/8QBsxt2iDoUg15dSxqhckegrgZpWOtADtmGohBIVbx1UjtWmjLBrP4RdD0FeBw+XyRUSbpKnJQ==}
+    engines: {node: '>=18.14.1'}
+    peerDependencies:
+      '@bufbuild/protobuf': ^2.2.0
+      '@connectrpc/connect': 2.0.0
+
+  '@connectrpc/connect-web@2.0.0':
+    resolution: {integrity: sha512-oeCxqHXLXlWJdmcvp9L3scgAuK+FjNSn+twyhUxc8yvDbTumnt5Io+LnBzSYxAdUdYqTw5yHfTSCJ4hj0QID0g==}
+    peerDependencies:
+      '@bufbuild/protobuf': ^2.2.0
+      '@connectrpc/connect': 2.0.0
+
+  '@connectrpc/connect@2.0.0':
+    resolution: {integrity: sha512-Usm8jgaaULANJU8vVnhWssSA6nrZ4DJEAbkNtXSoZay2YD5fDyMukCxu8NEhCvFzfHvrhxhcjttvgpyhOM7xAQ==}
+    peerDependencies:
+      '@bufbuild/protobuf': ^2.2.0
+
+  '@csstools/color-helpers@5.0.2':
+    resolution: {integrity: sha512-JqWH1vsgdGcw2RR6VliXXdA0/59LttzlU8UlRT/iUUsEeWfYq8I+K0yhihEUTTHLRm1EXvpsCx3083EU15ecsA==}
+    engines: {node: '>=18'}
+
+  '@csstools/css-calc@2.1.3':
+    resolution: {integrity: sha512-XBG3talrhid44BY1x3MHzUx/aTG8+x/Zi57M4aTKK9RFB4aLlF3TTSzfzn8nWVHWL3FgAXAxmupmDd6VWww+pw==}
+    engines: {node: '>=18'}
+    peerDependencies:
+      '@csstools/css-parser-algorithms': ^3.0.4
+      '@csstools/css-tokenizer': ^3.0.3
+
+  '@csstools/css-color-parser@3.0.9':
+    resolution: {integrity: sha512-wILs5Zk7BU86UArYBJTPy/FMPPKVKHMj1ycCEyf3VUptol0JNRLFU/BZsJ4aiIHJEbSLiizzRrw8Pc1uAEDrXw==}
+    engines: {node: '>=18'}
+    peerDependencies:
+      '@csstools/css-parser-algorithms': ^3.0.4
+      '@csstools/css-tokenizer': ^3.0.3
+
+  '@csstools/css-parser-algorithms@3.0.4':
+    resolution: {integrity: sha512-Up7rBoV77rv29d3uKHUIVubz1BTcgyUK72IvCQAbfbMv584xHcGKCKbWh7i8hPrRJ7qU4Y8IO3IY9m+iTB7P3A==}
+    engines: {node: '>=18'}
+    peerDependencies:
+      '@csstools/css-tokenizer': ^3.0.3
+
+  '@csstools/css-tokenizer@3.0.3':
+    resolution: {integrity: sha512-UJnjoFsmxfKUdNYdWgOB0mWUypuLvAfQPH1+pyvRJs6euowbFkFC6P13w1l8mJyi3vxYMxc9kld5jZEGRQs6bw==}
+    engines: {node: '>=18'}
+
+  '@cypress/request@3.0.8':
+    resolution: {integrity: sha512-h0NFgh1mJmm1nr4jCwkGHwKneVYKghUyWe6TMNrk0B9zsjAJxpg8C4/+BAcmLgCPa1vj1V8rNUaILl+zYRUWBQ==}
+    engines: {node: '>= 6'}
+
+  '@cypress/xvfb@1.2.4':
+    resolution: {integrity: sha512-skbBzPggOVYCbnGgV+0dmBdW/s77ZkAOXIC1knS8NagwDjBrNC1LuXtQJeiN6l+m7lzmHtaoUw/ctJKdqkG57Q==}
+
+  '@emnapi/runtime@1.4.3':
+    resolution: {integrity: sha512-pBPWdu6MLKROBX05wSNKcNb++m5Er+KQ9QkB+WVM+pW2Kx9hoSrVTnu3BdkI5eBLZoKu/J6mW/B6i6bJB2ytXQ==}
+
+  '@esbuild/aix-ppc64@0.25.2':
+    resolution: {integrity: sha512-wCIboOL2yXZym2cgm6mlA742s9QeJ8DjGVaL39dLN4rRwrOgOyYSnOaFPhKZGLb2ngj4EyfAFjsNJwPXZvseag==}
+    engines: {node: '>=18'}
+    cpu: [ppc64]
+    os: [aix]
+
+  '@esbuild/android-arm64@0.25.2':
+    resolution: {integrity: sha512-5ZAX5xOmTligeBaeNEPnPaeEuah53Id2tX4c2CVP3JaROTH+j4fnfHCkr1PjXMd78hMst+TlkfKcW/DlTq0i4w==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [android]
+
+  '@esbuild/android-arm@0.25.2':
+    resolution: {integrity: sha512-NQhH7jFstVY5x8CKbcfa166GoV0EFkaPkCKBQkdPJFvo5u+nGXLEH/ooniLb3QI8Fk58YAx7nsPLozUWfCBOJA==}
+    engines: {node: '>=18'}
+    cpu: [arm]
+    os: [android]
+
+  '@esbuild/android-x64@0.25.2':
+    resolution: {integrity: sha512-Ffcx+nnma8Sge4jzddPHCZVRvIfQ0kMsUsCMcJRHkGJ1cDmhe4SsrYIjLUKn1xpHZybmOqCWwB0zQvsjdEHtkg==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [android]
+
+  '@esbuild/darwin-arm64@0.25.2':
+    resolution: {integrity: sha512-MpM6LUVTXAzOvN4KbjzU/q5smzryuoNjlriAIx+06RpecwCkL9JpenNzpKd2YMzLJFOdPqBpuub6eVRP5IgiSA==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@esbuild/darwin-x64@0.25.2':
+    resolution: {integrity: sha512-5eRPrTX7wFyuWe8FqEFPG2cU0+butQQVNcT4sVipqjLYQjjh8a8+vUTfgBKM88ObB85ahsnTwF7PSIt6PG+QkA==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [darwin]
+
+  '@esbuild/freebsd-arm64@0.25.2':
+    resolution: {integrity: sha512-mLwm4vXKiQ2UTSX4+ImyiPdiHjiZhIaE9QvC7sw0tZ6HoNMjYAqQpGyui5VRIi5sGd+uWq940gdCbY3VLvsO1w==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [freebsd]
+
+  '@esbuild/freebsd-x64@0.25.2':
+    resolution: {integrity: sha512-6qyyn6TjayJSwGpm8J9QYYGQcRgc90nmfdUb0O7pp1s4lTY+9D0H9O02v5JqGApUyiHOtkz6+1hZNvNtEhbwRQ==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [freebsd]
+
+  '@esbuild/linux-arm64@0.25.2':
+    resolution: {integrity: sha512-gq/sjLsOyMT19I8obBISvhoYiZIAaGF8JpeXu1u8yPv8BE5HlWYobmlsfijFIZ9hIVGYkbdFhEqC0NvM4kNO0g==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [linux]
+
+  '@esbuild/linux-arm@0.25.2':
+    resolution: {integrity: sha512-UHBRgJcmjJv5oeQF8EpTRZs/1knq6loLxTsjc3nxO9eXAPDLcWW55flrMVc97qFPbmZP31ta1AZVUKQzKTzb0g==}
+    engines: {node: '>=18'}
+    cpu: [arm]
+    os: [linux]
+
+  '@esbuild/linux-ia32@0.25.2':
+    resolution: {integrity: sha512-bBYCv9obgW2cBP+2ZWfjYTU+f5cxRoGGQ5SeDbYdFCAZpYWrfjjfYwvUpP8MlKbP0nwZ5gyOU/0aUzZ5HWPuvQ==}
+    engines: {node: '>=18'}
+    cpu: [ia32]
+    os: [linux]
+
+  '@esbuild/linux-loong64@0.25.2':
+    resolution: {integrity: sha512-SHNGiKtvnU2dBlM5D8CXRFdd+6etgZ9dXfaPCeJtz+37PIUlixvlIhI23L5khKXs3DIzAn9V8v+qb1TRKrgT5w==}
+    engines: {node: '>=18'}
+    cpu: [loong64]
+    os: [linux]
+
+  '@esbuild/linux-mips64el@0.25.2':
+    resolution: {integrity: sha512-hDDRlzE6rPeoj+5fsADqdUZl1OzqDYow4TB4Y/3PlKBD0ph1e6uPHzIQcv2Z65u2K0kpeByIyAjCmjn1hJgG0Q==}
+    engines: {node: '>=18'}
+    cpu: [mips64el]
+    os: [linux]
+
+  '@esbuild/linux-ppc64@0.25.2':
+    resolution: {integrity: sha512-tsHu2RRSWzipmUi9UBDEzc0nLc4HtpZEI5Ba+Omms5456x5WaNuiG3u7xh5AO6sipnJ9r4cRWQB2tUjPyIkc6g==}
+    engines: {node: '>=18'}
+    cpu: [ppc64]
+    os: [linux]
+
+  '@esbuild/linux-riscv64@0.25.2':
+    resolution: {integrity: sha512-k4LtpgV7NJQOml/10uPU0s4SAXGnowi5qBSjaLWMojNCUICNu7TshqHLAEbkBdAszL5TabfvQ48kK84hyFzjnw==}
+    engines: {node: '>=18'}
+    cpu: [riscv64]
+    os: [linux]
+
+  '@esbuild/linux-s390x@0.25.2':
+    resolution: {integrity: sha512-GRa4IshOdvKY7M/rDpRR3gkiTNp34M0eLTaC1a08gNrh4u488aPhuZOCpkF6+2wl3zAN7L7XIpOFBhnaE3/Q8Q==}
+    engines: {node: '>=18'}
+    cpu: [s390x]
+    os: [linux]
+
+  '@esbuild/linux-x64@0.25.2':
+    resolution: {integrity: sha512-QInHERlqpTTZ4FRB0fROQWXcYRD64lAoiegezDunLpalZMjcUcld3YzZmVJ2H/Cp0wJRZ8Xtjtj0cEHhYc/uUg==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [linux]
+
+  '@esbuild/netbsd-arm64@0.25.2':
+    resolution: {integrity: sha512-talAIBoY5M8vHc6EeI2WW9d/CkiO9MQJ0IOWX8hrLhxGbro/vBXJvaQXefW2cP0z0nQVTdQ/eNyGFV1GSKrxfw==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [netbsd]
+
+  '@esbuild/netbsd-x64@0.25.2':
+    resolution: {integrity: sha512-voZT9Z+tpOxrvfKFyfDYPc4DO4rk06qamv1a/fkuzHpiVBMOhpjK+vBmWM8J1eiB3OLSMFYNaOaBNLXGChf5tg==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [netbsd]
+
+  '@esbuild/openbsd-arm64@0.25.2':
+    resolution: {integrity: sha512-dcXYOC6NXOqcykeDlwId9kB6OkPUxOEqU+rkrYVqJbK2hagWOMrsTGsMr8+rW02M+d5Op5NNlgMmjzecaRf7Tg==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [openbsd]
+
+  '@esbuild/openbsd-x64@0.25.2':
+    resolution: {integrity: sha512-t/TkWwahkH0Tsgoq1Ju7QfgGhArkGLkF1uYz8nQS/PPFlXbP5YgRpqQR3ARRiC2iXoLTWFxc6DJMSK10dVXluw==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [openbsd]
+
+  '@esbuild/sunos-x64@0.25.2':
+    resolution: {integrity: sha512-cfZH1co2+imVdWCjd+D1gf9NjkchVhhdpgb1q5y6Hcv9TP6Zi9ZG/beI3ig8TvwT9lH9dlxLq5MQBBgwuj4xvA==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [sunos]
+
+  '@esbuild/win32-arm64@0.25.2':
+    resolution: {integrity: sha512-7Loyjh+D/Nx/sOTzV8vfbB3GJuHdOQyrOryFdZvPHLf42Tk9ivBU5Aedi7iyX+x6rbn2Mh68T4qq1SDqJBQO5Q==}
+    engines: {node: '>=18'}
+    cpu: [arm64]
+    os: [win32]
+
+  '@esbuild/win32-ia32@0.25.2':
+    resolution: {integrity: sha512-WRJgsz9un0nqZJ4MfhabxaD9Ft8KioqU3JMinOTvobbX6MOSUigSBlogP8QB3uxpJDsFS6yN+3FDBdqE5lg9kg==}
+    engines: {node: '>=18'}
+    cpu: [ia32]
+    os: [win32]
+
+  '@esbuild/win32-x64@0.25.2':
+    resolution: {integrity: sha512-kM3HKb16VIXZyIeVrM1ygYmZBKybX8N4p754bw390wGO3Tf2j4L2/WYL+4suWujpgf6GBYs3jv7TyUivdd05JA==}
+    engines: {node: '>=18'}
+    cpu: [x64]
+    os: [win32]
+
+  '@eslint-community/eslint-utils@4.4.0':
+    resolution: {integrity: sha512-1/sA4dwrzBAyeUoQ6oxahHKmrZvsnLCg4RfxW3ZFGGmQkSNQPFNLV9CUEFQP1x9EYXHTo5p6xdhZM1Ne9p/AfA==}
+    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+    peerDependencies:
+      eslint: ^6.0.0 || ^7.0.0 || >=8.0.0
+
+  '@eslint-community/eslint-utils@4.4.1':
+    resolution: {integrity: sha512-s3O3waFUrMV8P/XaF/+ZTp1X9XBZW1a4B97ZnjQF2KYWaFD2A8KyFBsrsfSjEmjn3RGWAIuvlneuZm3CUK3jbA==}
+    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+    peerDependencies:
+      eslint: ^6.0.0 || ^7.0.0 || >=8.0.0
+
+  '@eslint-community/regexpp@4.11.1':
+    resolution: {integrity: sha512-m4DVN9ZqskZoLU5GlWZadwDnYo3vAEydiUayB9widCl9ffWx2IvPnp6n3on5rJmziJSw9Bv+Z3ChDVdMwXCY8Q==}
+    engines: {node: ^12.0.0 || ^14.0.0 || >=16.0.0}
+
+  '@eslint-community/regexpp@4.12.1':
+    resolution: {integrity: sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ==}
+    engines: {node: ^12.0.0 || ^14.0.0 || >=16.0.0}
+
+  '@eslint/eslintrc@2.1.4':
+    resolution: {integrity: sha512-269Z39MS6wVJtsoUl10L60WdkhJVdPG24Q4eZTH3nnF6lpvSShEK3wQjDX9JRWAUPvPh7COouPpU9IrqaZFvtQ==}
+    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+
+  '@eslint/js@8.57.1':
+    resolution: {integrity: sha512-d9zaMRSTIKDLhctzH12MtXvJKSSUhaHcjV+2Z+GK+EEY7XKpP5yR4x+N3TAcHTcu963nIr+TMcCb4DBCYX1z6Q==}
+    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+
+  '@faker-js/faker@9.7.0':
+    resolution: {integrity: sha512-aozo5vqjCmDoXLNUJarFZx2IN/GgGaogY4TMJ6so/WLZOWpSV7fvj2dmrV6sEAnUm1O7aCrhTibjpzeDFgNqbg==}
+    engines: {node: '>=18.0.0', npm: '>=9.0.0'}
+
+  '@floating-ui/core@1.6.8':
+    resolution: {integrity: sha512-7XJ9cPU+yI2QeLS+FCSlqNFZJq8arvswefkZrYI1yQBbftw6FyrZOxYSh+9S7z7TpeWlRt9zJ5IhM1WIL334jA==}
+
+  '@floating-ui/dom@1.6.11':
+    resolution: {integrity: sha512-qkMCxSR24v2vGkhYDo/UzxfJN3D4syqSjyuTFz6C7XcpU1pASPRieNI0Kj5VP3/503mOfYiGY891ugBX1GlABQ==}
+
+  '@floating-ui/react-dom@2.1.2':
+    resolution: {integrity: sha512-06okr5cgPzMNBy+Ycse2A6udMi4bqwW/zgBF/rwjcNqWkyr82Mcg8b0vjX8OJpZFy/FKjJmw6wV7t44kK6kW7A==}
+    peerDependencies:
+      react: '>=16.8.0'
+      react-dom: '>=16.8.0'
+
+  '@floating-ui/react@0.26.24':
+    resolution: {integrity: sha512-2ly0pCkZIGEQUq5H8bBK0XJmc1xIK/RM3tvVzY3GBER7IOD1UgmC2Y2tjj4AuS+TC+vTE1KJv2053290jua0Sw==}
+    peerDependencies:
+      react: '>=16.8.0'
+      react-dom: '>=16.8.0'
+
+  '@floating-ui/utils@0.2.8':
+    resolution: {integrity: sha512-kym7SodPp8/wloecOpcmSnWJsK7M0E5Wg8UcFA+uO4B9s5d0ywXOEro/8HM9x0rW+TljRzul/14UYz3TleT3ig==}
+
+  '@formatjs/ecma402-abstract@2.2.4':
+    resolution: {integrity: sha512-lFyiQDVvSbQOpU+WFd//ILolGj4UgA/qXrKeZxdV14uKiAUiPAtX6XAn7WBCRi7Mx6I7EybM9E5yYn4BIpZWYg==}
+
+  '@formatjs/fast-memoize@2.2.3':
+    resolution: {integrity: sha512-3jeJ+HyOfu8osl3GNSL4vVHUuWFXR03Iz9jjgI7RwjG6ysu/Ymdr0JRCPHfF5yGbTE6JCrd63EpvX1/WybYRbA==}
+
+  '@formatjs/icu-messageformat-parser@2.9.4':
+    resolution: {integrity: sha512-Tbvp5a9IWuxUcpWNIW6GlMQYEc4rwNHR259uUFoKWNN1jM9obf9Ul0e+7r7MvFOBNcN+13K7NuKCKqQiAn1QEg==}
+
+  '@formatjs/icu-skeleton-parser@1.8.8':
+    resolution: {integrity: sha512-vHwK3piXwamFcx5YQdCdJxUQ1WdTl6ANclt5xba5zLGDv5Bsur7qz8AD7BevaKxITwpgDeU0u8My3AIibW9ywA==}
+
+  '@formatjs/intl-localematcher@0.5.8':
+    resolution: {integrity: sha512-I+WDNWWJFZie+jkfkiK5Mp4hEDyRSEvmyfYadflOno/mmKJKcB17fEpEH0oJu/OWhhCJ8kJBDz2YMd/6cDl7Mg==}
+
+  '@grpc/grpc-js@1.11.1':
+    resolution: {integrity: sha512-gyt/WayZrVPH2w/UTLansS7F9Nwld472JxxaETamrM8HNlsa+jSLNyKAZmhxI2Me4c3mQHFiS1wWHDY1g1Kthw==}
+    engines: {node: '>=12.10.0'}
+
+  '@grpc/proto-loader@0.7.13':
+    resolution: {integrity: sha512-AiXO/bfe9bmxBjxxtYxFAXGZvMaN5s8kO+jBHAJCON8rJoB5YS/D6X7ZNc6XQkuHNmyl4CYaMI1fJ/Gn27RGGw==}
+    engines: {node: '>=6'}
+    hasBin: true
+
+  '@hapi/hoek@9.3.0':
+    resolution: {integrity: sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==}
+
+  '@hapi/topo@5.1.0':
+    resolution: {integrity: sha512-foQZKJig7Ob0BMAYBfcJk8d77QtOe7Wo4ox7ff1lQYoNNAb6jwcY1ncdoy2e9wQZzvNy7ODZCYJkK8kzmcAnAg==}
+
+  '@headlessui/react@2.1.9':
+    resolution: {integrity: sha512-ckWw7vlKtnoa1fL2X0fx1a3t/Li9MIKDVXn3SgG65YlxvDAsNrY39PPCxVM7sQRA7go2fJsuHSSauKFNaJHH7A==}
+    engines: {node: '>=10'}
+    peerDependencies:
+      react: ^18
+      react-dom: ^18
+
+  '@heroicons/react@2.1.3':
+    resolution: {integrity: sha512-fEcPfo4oN345SoqdlCDdSa4ivjaKbk0jTd+oubcgNxnNgAfzysfwWfQUr+51wigiWHQQRiZNd1Ao0M5Y3M2EGg==}
+    peerDependencies:
+      react: '>= 16'
+
+  '@humanwhocodes/config-array@0.13.0':
+    resolution: {integrity: sha512-DZLEEqFWQFiyK6h5YIeynKx7JlvCYWL0cImfSRXZ9l4Sg2efkFGTuFf6vzXjK1cq6IYkU+Eg/JizXw+TD2vRNw==}
+    engines: {node: '>=10.10.0'}
+    deprecated: Use @eslint/config-array instead
+
+  '@humanwhocodes/module-importer@1.0.1':
+    resolution: {integrity: sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==}
+    engines: {node: '>=12.22'}
+
+  '@humanwhocodes/object-schema@2.0.3':
+    resolution: {integrity: sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA==}
+    deprecated: Use @eslint/object-schema instead
+
+  '@img/sharp-darwin-arm64@0.34.1':
+    resolution: {integrity: sha512-pn44xgBtgpEbZsu+lWf2KNb6OAf70X68k+yk69Ic2Xz11zHR/w24/U49XT7AeRwJ0Px+mhALhU5LPci1Aymk7A==}
+    engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@img/sharp-darwin-x64@0.34.1':
+    resolution: {integrity: sha512-VfuYgG2r8BpYiOUN+BfYeFo69nP/MIwAtSJ7/Zpxc5QF3KS22z8Pvg3FkrSFJBPNQ7mmcUcYQFBmEQp7eu1F8Q==}
+    engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
+    cpu: [x64]
+    os: [darwin]
+
+  '@img/sharp-libvips-darwin-arm64@1.1.0':
+    resolution: {integrity: sha512-HZ/JUmPwrJSoM4DIQPv/BfNh9yrOA8tlBbqbLz4JZ5uew2+o22Ik+tHQJcih7QJuSa0zo5coHTfD5J8inqj9DA==}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@img/sharp-libvips-darwin-x64@1.1.0':
+    resolution: {integrity: sha512-Xzc2ToEmHN+hfvsl9wja0RlnXEgpKNmftriQp6XzY/RaSfwD9th+MSh0WQKzUreLKKINb3afirxW7A0fz2YWuQ==}
+    cpu: [x64]
+    os: [darwin]
+
+  '@img/sharp-libvips-linux-arm64@1.1.0':
+    resolution: {integrity: sha512-IVfGJa7gjChDET1dK9SekxFFdflarnUB8PwW8aGwEoF3oAsSDuNUTYS+SKDOyOJxQyDC1aPFMuRYLoDInyV9Ew==}
+    cpu: [arm64]
+    os: [linux]
+
+  '@img/sharp-libvips-linux-arm@1.1.0':
+    resolution: {integrity: sha512-s8BAd0lwUIvYCJyRdFqvsj+BJIpDBSxs6ivrOPm/R7piTs5UIwY5OjXrP2bqXC9/moGsyRa37eYWYCOGVXxVrA==}
+    cpu: [arm]
+    os: [linux]
+
+  '@img/sharp-libvips-linux-ppc64@1.1.0':
+    resolution: {integrity: sha512-tiXxFZFbhnkWE2LA8oQj7KYR+bWBkiV2nilRldT7bqoEZ4HiDOcePr9wVDAZPi/Id5fT1oY9iGnDq20cwUz8lQ==}
+    cpu: [ppc64]
+    os: [linux]
+
+  '@img/sharp-libvips-linux-s390x@1.1.0':
+    resolution: {integrity: sha512-xukSwvhguw7COyzvmjydRb3x/09+21HykyapcZchiCUkTThEQEOMtBj9UhkaBRLuBrgLFzQ2wbxdeCCJW/jgJA==}
+    cpu: [s390x]
+    os: [linux]
+
+  '@img/sharp-libvips-linux-x64@1.1.0':
+    resolution: {integrity: sha512-yRj2+reB8iMg9W5sULM3S74jVS7zqSzHG3Ol/twnAAkAhnGQnpjj6e4ayUz7V+FpKypwgs82xbRdYtchTTUB+Q==}
+    cpu: [x64]
+    os: [linux]
+
+  '@img/sharp-libvips-linuxmusl-arm64@1.1.0':
+    resolution: {integrity: sha512-jYZdG+whg0MDK+q2COKbYidaqW/WTz0cc1E+tMAusiDygrM4ypmSCjOJPmFTvHHJ8j/6cAGyeDWZOsK06tP33w==}
+    cpu: [arm64]
+    os: [linux]
+
+  '@img/sharp-libvips-linuxmusl-x64@1.1.0':
+    resolution: {integrity: sha512-wK7SBdwrAiycjXdkPnGCPLjYb9lD4l6Ze2gSdAGVZrEL05AOUJESWU2lhlC+Ffn5/G+VKuSm6zzbQSzFX/P65A==}
+    cpu: [x64]
+    os: [linux]
+
+  '@img/sharp-linux-arm64@0.34.1':
+    resolution: {integrity: sha512-kX2c+vbvaXC6vly1RDf/IWNXxrlxLNpBVWkdpRq5Ka7OOKj6nr66etKy2IENf6FtOgklkg9ZdGpEu9kwdlcwOQ==}
+    engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
+    cpu: [arm64]
+    os: [linux]
+
+  '@img/sharp-linux-arm@0.34.1':
+    resolution: {integrity: sha512-anKiszvACti2sGy9CirTlNyk7BjjZPiML1jt2ZkTdcvpLU1YH6CXwRAZCA2UmRXnhiIftXQ7+Oh62Ji25W72jA==}
+    engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
+    cpu: [arm]
+    os: [linux]
+
+  '@img/sharp-linux-s390x@0.34.1':
+    resolution: {integrity: sha512-7s0KX2tI9mZI2buRipKIw2X1ufdTeaRgwmRabt5bi9chYfhur+/C1OXg3TKg/eag1W+6CCWLVmSauV1owmRPxA==}
+    engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
+    cpu: [s390x]
+    os: [linux]
+
+  '@img/sharp-linux-x64@0.34.1':
+    resolution: {integrity: sha512-wExv7SH9nmoBW3Wr2gvQopX1k8q2g5V5Iag8Zk6AVENsjwd+3adjwxtp3Dcu2QhOXr8W9NusBU6XcQUohBZ5MA==}
+    engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
+    cpu: [x64]
+    os: [linux]
+
+  '@img/sharp-linuxmusl-arm64@0.34.1':
+    resolution: {integrity: sha512-DfvyxzHxw4WGdPiTF0SOHnm11Xv4aQexvqhRDAoD00MzHekAj9a/jADXeXYCDFH/DzYruwHbXU7uz+H+nWmSOQ==}
+    engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
+    cpu: [arm64]
+    os: [linux]
+
+  '@img/sharp-linuxmusl-x64@0.34.1':
+    resolution: {integrity: sha512-pax/kTR407vNb9qaSIiWVnQplPcGU8LRIJpDT5o8PdAx5aAA7AS3X9PS8Isw1/WfqgQorPotjrZL3Pqh6C5EBg==}
+    engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
+    cpu: [x64]
+    os: [linux]
+
+  '@img/sharp-wasm32@0.34.1':
+    resolution: {integrity: sha512-YDybQnYrLQfEpzGOQe7OKcyLUCML4YOXl428gOOzBgN6Gw0rv8dpsJ7PqTHxBnXnwXr8S1mYFSLSa727tpz0xg==}
+    engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
+    cpu: [wasm32]
+
+  '@img/sharp-win32-ia32@0.34.1':
+    resolution: {integrity: sha512-WKf/NAZITnonBf3U1LfdjoMgNO5JYRSlhovhRhMxXVdvWYveM4kM3L8m35onYIdh75cOMCo1BexgVQcCDzyoWw==}
+    engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
+    cpu: [ia32]
+    os: [win32]
+
+  '@img/sharp-win32-x64@0.34.1':
+    resolution: {integrity: sha512-hw1iIAHpNE8q3uMIRCgGOeDoz9KtFNarFLQclLxr/LK1VBkj8nby18RjFvr6aP7USRYAjTZW6yisnBWMX571Tw==}
+    engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
+    cpu: [x64]
+    os: [win32]
+
+  '@isaacs/cliui@8.0.2':
+    resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==}
+    engines: {node: '>=12'}
+
+  '@jridgewell/gen-mapping@0.3.8':
+    resolution: {integrity: sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA==}
+    engines: {node: '>=6.0.0'}
+
+  '@jridgewell/resolve-uri@3.1.2':
+    resolution: {integrity: sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==}
+    engines: {node: '>=6.0.0'}
+
+  '@jridgewell/set-array@1.2.1':
+    resolution: {integrity: sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==}
+    engines: {node: '>=6.0.0'}
+
+  '@jridgewell/sourcemap-codec@1.5.0':
+    resolution: {integrity: sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ==}
+
+  '@jridgewell/trace-mapping@0.3.25':
+    resolution: {integrity: sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==}
+
+  '@js-sdsl/ordered-map@4.4.2':
+    resolution: {integrity: sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw==}
+
+  '@manypkg/find-root@1.1.0':
+    resolution: {integrity: sha512-mki5uBvhHzO8kYYix/WRy2WX8S3B5wdVSc9D6KcU5lQNglP2yt58/VfLuAK49glRXChosY8ap2oJ1qgma3GUVA==}
+
+  '@manypkg/get-packages@1.1.3':
+    resolution: {integrity: sha512-fo+QhuU3qE/2TQMQmbVMqaQ6EWbMhi4ABWP+O4AM1NqPBuy0OrApV5LO6BrrgnhtAHS2NH6RrVk9OL181tTi8A==}
+
+  '@mapbox/node-pre-gyp@1.0.11':
+    resolution: {integrity: sha512-Yhlar6v9WQgUp/He7BdgzOz8lqMQ8sU+jkCq7Wx8Myc5YFJLbEe7lgui/V7G1qB1DJykHSGwreceSaD60Y0PUQ==}
+    hasBin: true
+
+  '@next/env@15.4.0-canary.86':
+    resolution: {integrity: sha512-WPrEvwqHnjeLx05ncJvqizbBJJFlQGRbxzOnL/pZWKzo19auM9x5Se87P27+E/D/d6jJS801l+thF85lfobAZQ==}
+
+  '@next/eslint-plugin-next@14.2.18':
+    resolution: {integrity: sha512-KyYTbZ3GQwWOjX3Vi1YcQbekyGP0gdammb7pbmmi25HBUCINzDReyrzCMOJIeZisK1Q3U6DT5Rlc4nm2/pQeXA==}
+
+  '@next/swc-darwin-arm64@15.4.0-canary.86':
+    resolution: {integrity: sha512-1ofBmzjPkmoMdM+dXvybZ/Roq8HRo0sFzcwXk7/FJNOufuwyK+QKdSpLE7pHlPR7ZREqfEMj61ONO+gAK+zOJw==}
+    engines: {node: '>= 10'}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@next/swc-darwin-x64@15.4.0-canary.86':
+    resolution: {integrity: sha512-WCKSrllvwzYi4TgrSdgxKSOF2nhieeaWWOeGucn0OXy50uOAamr0HwP5OaIBCx3oRar4w66gvs4IrdTdMedeJA==}
+    engines: {node: '>= 10'}
+    cpu: [x64]
+    os: [darwin]
+
+  '@next/swc-linux-arm64-gnu@15.4.0-canary.86':
+    resolution: {integrity: sha512-8qn7DJVNFjhEIDo2ts0YCsO7g+vJjPWh8Ur8lBK3XspeX0BPsF4s+YmgidrpzRXeIfoo2uYLkkXcy/57CVDblw==}
+    engines: {node: '>= 10'}
+    cpu: [arm64]
+    os: [linux]
+
+  '@next/swc-linux-arm64-musl@15.4.0-canary.86':
+    resolution: {integrity: sha512-8MTn6N4Ja25neMLu2Bra1lqW9AWPqsYg0BVs5M/cxL0QkcN3mak/8LLX1vbzz7GigMGSA+NLwg+ol8lglfgIGA==}
+    engines: {node: '>= 10'}
+    cpu: [arm64]
+    os: [linux]
+
+  '@next/swc-linux-x64-gnu@15.4.0-canary.86':
+    resolution: {integrity: sha512-hIhzDwWDQHnH0M0Pzaqs1c5fa4+LHiLLEBuPJQvhBxQfH+Eh86DWiWHDCaoNiURvdRPg6uCuF2MjwptrMplEkg==}
+    engines: {node: '>= 10'}
+    cpu: [x64]
+    os: [linux]
+
+  '@next/swc-linux-x64-musl@15.4.0-canary.86':
+    resolution: {integrity: sha512-FG6SBuSeRWYMNu6tsfaZ4iDzv3BLxlpRncO2xvKKQPeUdDSQ0cehuHYnx8fRte8IOAJ3rlbRd6NXvrDarqu92Q==}
+    engines: {node: '>= 10'}
+    cpu: [x64]
+    os: [linux]
+
+  '@next/swc-win32-arm64-msvc@15.4.0-canary.86':
+    resolution: {integrity: sha512-3HvZo4VuyINrNYplRhvC8ILdKwi/vFDHOcTN/I4ru039TFpu2eO6VtXsLBdOdJjGslSSSBYkX+6yRrghihAZDA==}
+    engines: {node: '>= 10'}
+    cpu: [arm64]
+    os: [win32]
+
+  '@next/swc-win32-x64-msvc@15.4.0-canary.86':
+    resolution: {integrity: sha512-UO9JzGGj7GhtSJFdI0Bl0dkIIBfgbhXLsgNVmq9Z/CsUsQB6J9RS/BMhsxfVwhO+RETk13nFpNutMAhAwcuD8w==}
+    engines: {node: '>= 10'}
+    cpu: [x64]
+    os: [win32]
+
+  '@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1':
+    resolution: {integrity: sha512-54/JRvkLIzzDWshCWfuhadfrfZVPiElY8Fcgmg1HroEly/EDSszzhBAsarCux+D/kOslTRquNzuyGSmUSTTHGg==}
+
+  '@nodelib/fs.scandir@2.1.5':
+    resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==}
+    engines: {node: '>= 8'}
+
+  '@nodelib/fs.stat@2.0.5':
+    resolution: {integrity: sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==}
+    engines: {node: '>= 8'}
+
+  '@nodelib/fs.walk@1.2.8':
+    resolution: {integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==}
+    engines: {node: '>= 8'}
+
+  '@nolyfill/is-core-module@1.0.39':
+    resolution: {integrity: sha512-nn5ozdjYQpUCZlWGuxcJY/KpxkWQs4DcbMCmKojjyrYDEAGy4Ce19NN4v5MduafTwJlbKc99UA8YhSVqq9yPZA==}
+    engines: {node: '>=12.4.0'}
+
+  '@otplib/core@12.0.1':
+    resolution: {integrity: sha512-4sGntwbA/AC+SbPhbsziRiD+jNDdIzsZ3JUyfZwjtKyc/wufl1pnSIaG4Uqx8ymPagujub0o92kgBnB89cuAMA==}
+
+  '@otplib/plugin-crypto@12.0.1':
+    resolution: {integrity: sha512-qPuhN3QrT7ZZLcLCyKOSNhuijUi9G5guMRVrxq63r9YNOxxQjPm59gVxLM+7xGnHnM6cimY57tuKsjK7y9LM1g==}
+
+  '@otplib/plugin-thirty-two@12.0.1':
+    resolution: {integrity: sha512-MtT+uqRso909UkbrrYpJ6XFjj9D+x2Py7KjTO9JDPhL0bJUYVu5kFP4TFZW4NFAywrAtFRxOVY261u0qwb93gA==}
+
+  '@parcel/watcher-android-arm64@2.5.1':
+    resolution: {integrity: sha512-KF8+j9nNbUN8vzOFDpRMsaKBHZ/mcjEjMToVMJOhTozkDonQFFrRcfdLWn6yWKCmJKmdVxSgHiYvTCef4/qcBA==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm64]
+    os: [android]
+
+  '@parcel/watcher-darwin-arm64@2.5.1':
+    resolution: {integrity: sha512-eAzPv5osDmZyBhou8PoF4i6RQXAfeKL9tjb3QzYuccXFMQU0ruIc/POh30ePnaOyD1UXdlKguHBmsTs53tVoPw==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@parcel/watcher-darwin-x64@2.5.1':
+    resolution: {integrity: sha512-1ZXDthrnNmwv10A0/3AJNZ9JGlzrF82i3gNQcWOzd7nJ8aj+ILyW1MTxVk35Db0u91oD5Nlk9MBiujMlwmeXZg==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [x64]
+    os: [darwin]
+
+  '@parcel/watcher-freebsd-x64@2.5.1':
+    resolution: {integrity: sha512-SI4eljM7Flp9yPuKi8W0ird8TI/JK6CSxju3NojVI6BjHsTyK7zxA9urjVjEKJ5MBYC+bLmMcbAWlZ+rFkLpJQ==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [x64]
+    os: [freebsd]
+
+  '@parcel/watcher-linux-arm-glibc@2.5.1':
+    resolution: {integrity: sha512-RCdZlEyTs8geyBkkcnPWvtXLY44BCeZKmGYRtSgtwwnHR4dxfHRG3gR99XdMEdQ7KeiDdasJwwvNSF5jKtDwdA==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm]
+    os: [linux]
+
+  '@parcel/watcher-linux-arm-musl@2.5.1':
+    resolution: {integrity: sha512-6E+m/Mm1t1yhB8X412stiKFG3XykmgdIOqhjWj+VL8oHkKABfu/gjFj8DvLrYVHSBNC+/u5PeNrujiSQ1zwd1Q==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm]
+    os: [linux]
+
+  '@parcel/watcher-linux-arm64-glibc@2.5.1':
+    resolution: {integrity: sha512-LrGp+f02yU3BN9A+DGuY3v3bmnFUggAITBGriZHUREfNEzZh/GO06FF5u2kx8x+GBEUYfyTGamol4j3m9ANe8w==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm64]
+    os: [linux]
+
+  '@parcel/watcher-linux-arm64-musl@2.5.1':
+    resolution: {integrity: sha512-cFOjABi92pMYRXS7AcQv9/M1YuKRw8SZniCDw0ssQb/noPkRzA+HBDkwmyOJYp5wXcsTrhxO0zq1U11cK9jsFg==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm64]
+    os: [linux]
+
+  '@parcel/watcher-linux-x64-glibc@2.5.1':
+    resolution: {integrity: sha512-GcESn8NZySmfwlTsIur+49yDqSny2IhPeZfXunQi48DMugKeZ7uy1FX83pO0X22sHntJ4Ub+9k34XQCX+oHt2A==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [x64]
+    os: [linux]
+
+  '@parcel/watcher-linux-x64-musl@2.5.1':
+    resolution: {integrity: sha512-n0E2EQbatQ3bXhcH2D1XIAANAcTZkQICBPVaxMeaCVBtOpBZpWJuf7LwyWPSBDITb7In8mqQgJ7gH8CILCURXg==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [x64]
+    os: [linux]
+
+  '@parcel/watcher-win32-arm64@2.5.1':
+    resolution: {integrity: sha512-RFzklRvmc3PkjKjry3hLF9wD7ppR4AKcWNzH7kXR7GUe0Igb3Nz8fyPwtZCSquGrhU5HhUNDr/mKBqj7tqA2Vw==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm64]
+    os: [win32]
+
+  '@parcel/watcher-win32-ia32@2.5.1':
+    resolution: {integrity: sha512-c2KkcVN+NJmuA7CGlaGD1qJh1cLfDnQsHjE89E60vUEMlqduHGCdCLJCID5geFVM0dOtA3ZiIO8BoEQmzQVfpQ==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [ia32]
+    os: [win32]
+
+  '@parcel/watcher-win32-x64@2.5.1':
+    resolution: {integrity: sha512-9lHBdJITeNR++EvSQVUcaZoWupyHfXe1jZvGZ06O/5MflPcuPLtEphScIBL+AiCWBO46tDSHzWyD0uDmmZqsgA==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [x64]
+    os: [win32]
+
+  '@parcel/watcher@2.5.1':
+    resolution: {integrity: sha512-dfUnCxiN9H4ap84DvD2ubjw+3vUNpstxa0TneY/Paat8a3R4uQZDLSvWjmznAY/DoahqTHl9V46HF/Zs3F29pg==}
+    engines: {node: '>= 10.0.0'}
+
+  '@pkgjs/parseargs@0.11.0':
+    resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==}
+    engines: {node: '>=14'}
+
+  '@playwright/test@1.52.0':
+    resolution: {integrity: sha512-uh6W7sb55hl7D6vsAeA+V2p5JnlAqzhqFyF0VcJkKZXkgnFcVG9PziERRHQfPLfNGx1C292a4JqbWzhR8L4R1g==}
+    engines: {node: '>=18'}
+    hasBin: true
+
+  '@protobufjs/aspromise@1.1.2':
+    resolution: {integrity: sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ==}
+
+  '@protobufjs/base64@1.1.2':
+    resolution: {integrity: sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg==}
+
+  '@protobufjs/codegen@2.0.4':
+    resolution: {integrity: sha512-YyFaikqM5sH0ziFZCN3xDC7zeGaB/d0IUb9CATugHWbd1FRFwWwt4ld4OYMPWu5a3Xe01mGAULCdqhMlPl29Jg==}
+
+  '@protobufjs/eventemitter@1.1.0':
+    resolution: {integrity: sha512-j9ednRT81vYJ9OfVuXG6ERSTdEL1xVsNgqpkxMsbIabzSo3goCjDIveeGv5d03om39ML71RdmrGNjG5SReBP/Q==}
+
+  '@protobufjs/fetch@1.1.0':
+    resolution: {integrity: sha512-lljVXpqXebpsijW71PZaCYeIcE5on1w5DlQy5WH6GLbFryLUrBD4932W/E2BSpfRJWseIL4v/KPgBFxDOIdKpQ==}
+
+  '@protobufjs/float@1.0.2':
+    resolution: {integrity: sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ==}
+
+  '@protobufjs/inquire@1.1.0':
+    resolution: {integrity: sha512-kdSefcPdruJiFMVSbn801t4vFK7KB/5gd2fYvrxhuJYg8ILrmn9SKSX2tZdV6V+ksulWqS7aXjBcRXl3wHoD9Q==}
+
+  '@protobufjs/path@1.1.2':
+    resolution: {integrity: sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA==}
+
+  '@protobufjs/pool@1.1.0':
+    resolution: {integrity: sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw==}
+
+  '@protobufjs/utf8@1.1.0':
+    resolution: {integrity: sha512-Vvn3zZrhQZkkBE8LSuW3em98c0FwgO4nxzv6OdSxPKJIEKY2bGbHn+mhGIPerzI4twdxaP8/0+06HBpwf345Lw==}
+
+  '@react-aria/focus@3.18.3':
+    resolution: {integrity: sha512-WKUElg+5zS0D3xlVn8MntNnkzJql2J6MuzAMP8Sv5WTgFDse/XGR842dsxPTIyKKdrWVCRegCuwa4m3n/GzgJw==}
+    peerDependencies:
+      react: ^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0
+
+  '@react-aria/interactions@3.22.3':
+    resolution: {integrity: sha512-RRUb/aG+P0IKTIWikY/SylB6bIbLZeztnZY2vbe7RAG5MgVaCgn5HQ45SI15GlTmhsFG8CnF6slJsUFJiNHpbQ==}
+    peerDependencies:
+      react: ^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0
+
+  '@react-aria/ssr@3.9.6':
+    resolution: {integrity: sha512-iLo82l82ilMiVGy342SELjshuWottlb5+VefO3jOQqQRNYnJBFpUSadswDPbRimSgJUZuFwIEYs6AabkP038fA==}
+    engines: {node: '>= 12'}
+    peerDependencies:
+      react: ^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0
+
+  '@react-aria/utils@3.25.3':
+    resolution: {integrity: sha512-PR5H/2vaD8fSq0H/UB9inNbc8KDcVmW6fYAfSWkkn+OAdhTTMVKqXXrZuZBWyFfSD5Ze7VN6acr4hrOQm2bmrA==}
+    peerDependencies:
+      react: ^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0
+
+  '@react-stately/utils@3.10.4':
+    resolution: {integrity: sha512-gBEQEIMRh5f60KCm7QKQ2WfvhB2gLUr9b72sqUdIZ2EG+xuPgaIlCBeSicvjmjBvYZwOjoOEnmIkcx2GHp/HWw==}
+    peerDependencies:
+      react: ^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0
+
+  '@react-types/shared@3.25.0':
+    resolution: {integrity: sha512-OZSyhzU6vTdW3eV/mz5i6hQwQUhkRs7xwY2d1aqPvTdMe0+2cY7Fwp45PAiwYLEj73i9ro2FxF9qC4DvHGSCgQ==}
+    peerDependencies:
+      react: ^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0
+
+  '@rollup/rollup-android-arm-eabi@4.40.0':
+    resolution: {integrity: sha512-+Fbls/diZ0RDerhE8kyC6hjADCXA1K4yVNlH0EYfd2XjyH0UGgzaQ8MlT0pCXAThfxv3QUAczHaL+qSv1E4/Cg==}
+    cpu: [arm]
+    os: [android]
+
+  '@rollup/rollup-android-arm64@4.40.0':
+    resolution: {integrity: sha512-PPA6aEEsTPRz+/4xxAmaoWDqh67N7wFbgFUJGMnanCFs0TV99M0M8QhhaSCks+n6EbQoFvLQgYOGXxlMGQe/6w==}
+    cpu: [arm64]
+    os: [android]
+
+  '@rollup/rollup-darwin-arm64@4.40.0':
+    resolution: {integrity: sha512-GwYOcOakYHdfnjjKwqpTGgn5a6cUX7+Ra2HeNj/GdXvO2VJOOXCiYYlRFU4CubFM67EhbmzLOmACKEfvp3J1kQ==}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@rollup/rollup-darwin-x64@4.40.0':
+    resolution: {integrity: sha512-CoLEGJ+2eheqD9KBSxmma6ld01czS52Iw0e2qMZNpPDlf7Z9mj8xmMemxEucinev4LgHalDPczMyxzbq+Q+EtA==}
+    cpu: [x64]
+    os: [darwin]
+
+  '@rollup/rollup-freebsd-arm64@4.40.0':
+    resolution: {integrity: sha512-r7yGiS4HN/kibvESzmrOB/PxKMhPTlz+FcGvoUIKYoTyGd5toHp48g1uZy1o1xQvybwwpqpe010JrcGG2s5nkg==}
+    cpu: [arm64]
+    os: [freebsd]
+
+  '@rollup/rollup-freebsd-x64@4.40.0':
+    resolution: {integrity: sha512-mVDxzlf0oLzV3oZOr0SMJ0lSDd3xC4CmnWJ8Val8isp9jRGl5Dq//LLDSPFrasS7pSm6m5xAcKaw3sHXhBjoRw==}
+    cpu: [x64]
+    os: [freebsd]
+
+  '@rollup/rollup-linux-arm-gnueabihf@4.40.0':
+    resolution: {integrity: sha512-y/qUMOpJxBMy8xCXD++jeu8t7kzjlOCkoxxajL58G62PJGBZVl/Gwpm7JK9+YvlB701rcQTzjUZ1JgUoPTnoQA==}
+    cpu: [arm]
+    os: [linux]
+
+  '@rollup/rollup-linux-arm-musleabihf@4.40.0':
+    resolution: {integrity: sha512-GoCsPibtVdJFPv/BOIvBKO/XmwZLwaNWdyD8TKlXuqp0veo2sHE+A/vpMQ5iSArRUz/uaoj4h5S6Pn0+PdhRjg==}
+    cpu: [arm]
+    os: [linux]
+
+  '@rollup/rollup-linux-arm64-gnu@4.40.0':
+    resolution: {integrity: sha512-L5ZLphTjjAD9leJzSLI7rr8fNqJMlGDKlazW2tX4IUF9P7R5TMQPElpH82Q7eNIDQnQlAyiNVfRPfP2vM5Avvg==}
+    cpu: [arm64]
+    os: [linux]
+
+  '@rollup/rollup-linux-arm64-musl@4.40.0':
+    resolution: {integrity: sha512-ATZvCRGCDtv1Y4gpDIXsS+wfFeFuLwVxyUBSLawjgXK2tRE6fnsQEkE4csQQYWlBlsFztRzCnBvWVfcae/1qxQ==}
+    cpu: [arm64]
+    os: [linux]
+
+  '@rollup/rollup-linux-loongarch64-gnu@4.40.0':
+    resolution: {integrity: sha512-wG9e2XtIhd++QugU5MD9i7OnpaVb08ji3P1y/hNbxrQ3sYEelKJOq1UJ5dXczeo6Hj2rfDEL5GdtkMSVLa/AOg==}
+    cpu: [loong64]
+    os: [linux]
+
+  '@rollup/rollup-linux-powerpc64le-gnu@4.40.0':
+    resolution: {integrity: sha512-vgXfWmj0f3jAUvC7TZSU/m/cOE558ILWDzS7jBhiCAFpY2WEBn5jqgbqvmzlMjtp8KlLcBlXVD2mkTSEQE6Ixw==}
+    cpu: [ppc64]
+    os: [linux]
+
+  '@rollup/rollup-linux-riscv64-gnu@4.40.0':
+    resolution: {integrity: sha512-uJkYTugqtPZBS3Z136arevt/FsKTF/J9dEMTX/cwR7lsAW4bShzI2R0pJVw+hcBTWF4dxVckYh72Hk3/hWNKvA==}
+    cpu: [riscv64]
+    os: [linux]
+
+  '@rollup/rollup-linux-riscv64-musl@4.40.0':
+    resolution: {integrity: sha512-rKmSj6EXQRnhSkE22+WvrqOqRtk733x3p5sWpZilhmjnkHkpeCgWsFFo0dGnUGeA+OZjRl3+VYq+HyCOEuwcxQ==}
+    cpu: [riscv64]
+    os: [linux]
+
+  '@rollup/rollup-linux-s390x-gnu@4.40.0':
+    resolution: {integrity: sha512-SpnYlAfKPOoVsQqmTFJ0usx0z84bzGOS9anAC0AZ3rdSo3snecihbhFTlJZ8XMwzqAcodjFU4+/SM311dqE5Sw==}
+    cpu: [s390x]
+    os: [linux]
+
+  '@rollup/rollup-linux-x64-gnu@4.40.0':
+    resolution: {integrity: sha512-RcDGMtqF9EFN8i2RYN2W+64CdHruJ5rPqrlYw+cgM3uOVPSsnAQps7cpjXe9be/yDp8UC7VLoCoKC8J3Kn2FkQ==}
+    cpu: [x64]
+    os: [linux]
+
+  '@rollup/rollup-linux-x64-musl@4.40.0':
+    resolution: {integrity: sha512-HZvjpiUmSNx5zFgwtQAV1GaGazT2RWvqeDi0hV+AtC8unqqDSsaFjPxfsO6qPtKRRg25SisACWnJ37Yio8ttaw==}
+    cpu: [x64]
+    os: [linux]
+
+  '@rollup/rollup-win32-arm64-msvc@4.40.0':
+    resolution: {integrity: sha512-UtZQQI5k/b8d7d3i9AZmA/t+Q4tk3hOC0tMOMSq2GlMYOfxbesxG4mJSeDp0EHs30N9bsfwUvs3zF4v/RzOeTQ==}
+    cpu: [arm64]
+    os: [win32]
+
+  '@rollup/rollup-win32-ia32-msvc@4.40.0':
+    resolution: {integrity: sha512-+m03kvI2f5syIqHXCZLPVYplP8pQch9JHyXKZ3AGMKlg8dCyr2PKHjwRLiW53LTrN/Nc3EqHOKxUxzoSPdKddA==}
+    cpu: [ia32]
+    os: [win32]
+
+  '@rollup/rollup-win32-x64-msvc@4.40.0':
+    resolution: {integrity: sha512-lpPE1cLfP5oPzVjKMx10pgBmKELQnFJXHgvtHCtuJWOv8MxqdEIMNtgHgBFf7Ea2/7EuVwa9fodWUfXAlXZLZQ==}
+    cpu: [x64]
+    os: [win32]
+
+  '@rushstack/eslint-patch@1.10.4':
+    resolution: {integrity: sha512-WJgX9nzTqknM393q1QJDJmoW28kUfEnybeTfVNcNAPnIx210RXm2DiXiHzfNPJNIUUb1tJnz/l4QGtJ30PgWmA==}
+
+  '@sideway/address@4.1.5':
+    resolution: {integrity: sha512-IqO/DUQHUkPeixNQ8n0JA6102hT9CmaljNTPmQ1u8MEhBo/R4Q8eKLN/vGZxuebwOroDB4cbpjheD4+/sKFK4Q==}
+
+  '@sideway/formula@3.0.1':
+    resolution: {integrity: sha512-/poHZJJVjx3L+zVD6g9KgHfYnb443oi7wLu/XKojDviHy6HOEOA6z1Trk5aR1dGcmPenJEgb2sK2I80LeS3MIg==}
+
+  '@sideway/pinpoint@2.0.0':
+    resolution: {integrity: sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ==}
+
+  '@swc/counter@0.1.3':
+    resolution: {integrity: sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==}
+
+  '@swc/helpers@0.5.15':
+    resolution: {integrity: sha512-JQ5TuMi45Owi4/BIMAJBoSQoOJu12oOk/gADqlcUL9JEdHB8vyjUSsxqeNXnmXHjYKMi2WcYtezGEEhqUI/E2g==}
+
+  '@swc/helpers@0.5.5':
+    resolution: {integrity: sha512-KGYxvIOXcceOAbEk4bi/dVLEK9z8sZ0uBB3Il5b1rhfClSpcX0yfRO0KmTkqR2cnQDymwLB+25ZyMzICg/cm/A==}
+
+  '@tailwindcss/forms@0.5.3':
+    resolution: {integrity: sha512-y5mb86JUoiUgBjY/o6FJSFZSEttfb3Q5gllE4xoKjAAD+vBrnIhE4dViwUuow3va8mpH4s9jyUbUbrRGoRdc2Q==}
+    peerDependencies:
+      tailwindcss: '>=3.0.0 || >= 3.0.0-alpha.1'
+
+  '@tailwindcss/forms@0.5.7':
+    resolution: {integrity: sha512-QE7X69iQI+ZXwldE+rzasvbJiyV/ju1FGHH0Qn2W3FKbuYtqp8LKcy6iSw79fVUT5/Vvf+0XgLCeYVG+UV6hOw==}
+    peerDependencies:
+      tailwindcss: '>=3.0.0 || >= 3.0.0-alpha.1'
+
+  '@tanstack/react-virtual@3.10.6':
+    resolution: {integrity: sha512-xaSy6uUxB92O8mngHZ6CvbhGuqxQ5lIZWCBy+FjhrbHmOwc6BnOnKkYm2FsB1/BpKw/+FVctlMbEtI+F6I1aJg==}
+    peerDependencies:
+      react: ^16.8.0 || ^17.0.0 || ^18.0.0
+      react-dom: ^16.8.0 || ^17.0.0 || ^18.0.0
+
+  '@tanstack/virtual-core@3.10.6':
+    resolution: {integrity: sha512-1giLc4dzgEKLMx5pgKjL6HlG5fjZMgCjzlKAlpr7yoUtetVPELgER1NtephAI910nMwfPTHNyWKSFmJdHkz2Cw==}
+
+  '@testing-library/dom@10.4.0':
+    resolution: {integrity: sha512-pemlzrSESWbdAloYml3bAJMEfNh1Z7EduzqPKprCH5S341frlpYnUEW0H72dLxa6IsYr+mPno20GiSm+h9dEdQ==}
+    engines: {node: '>=18'}
+
+  '@testing-library/jest-dom@6.6.3':
+    resolution: {integrity: sha512-IteBhl4XqYNkM54f4ejhLRJiZNqcSCoXUOG2CPK7qbD322KjQozM4kHQOfkG2oln9b9HTYqs+Sae8vBATubxxA==}
+    engines: {node: '>=14', npm: '>=6', yarn: '>=1'}
+
+  '@testing-library/react@16.3.0':
+    resolution: {integrity: sha512-kFSyxiEDwv1WLl2fgsq6pPBbw5aWKrsY2/noi1Id0TK0UParSF62oFQFGHXIyaG4pp2tEub/Zlel+fjjZILDsw==}
+    engines: {node: '>=18'}
+    peerDependencies:
+      '@testing-library/dom': ^10.0.0
+      '@types/react': ^18.0.0 || ^19.0.0
+      '@types/react-dom': ^18.0.0 || ^19.0.0
+      react: ^18.0.0 || ^19.0.0
+      react-dom: ^18.0.0 || ^19.0.0
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@types/aria-query@5.0.4':
+    resolution: {integrity: sha512-rfT93uj5s0PRL7EzccGMs3brplhcrghnDoV26NqKhCAS1hVo+WdNsPvE/yb6ilfr5hi2MEk6d5EWJTKdxg8jVw==}
+
+  '@types/babel__core@7.20.5':
+    resolution: {integrity: sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==}
+
+  '@types/babel__generator@7.27.0':
+    resolution: {integrity: sha512-ufFd2Xi92OAVPYsy+P4n7/U7e68fex0+Ee8gSG9KX7eo084CWiQ4sdxktvdl0bOPupXtVJPY19zk6EwWqUQ8lg==}
+
+  '@types/babel__template@7.4.4':
+    resolution: {integrity: sha512-h/NUaSyG5EyxBIp8YRxo4RMe2/qQgvyowRwVMzhYhBCONbW8PUsg4lkFMrhgZhUe5z3L3MiLDuvyJ/CaPa2A8A==}
+
+  '@types/babel__traverse@7.20.7':
+    resolution: {integrity: sha512-dkO5fhS7+/oos4ciWxyEyjWe48zmG6wbCheo/G2ZnHx4fs3EU6YC6UM8rk56gAjNJ9P3MTH2jo5jb92/K6wbng==}
+
+  '@types/estree@1.0.7':
+    resolution: {integrity: sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ==}
+
+  '@types/json5@0.0.29':
+    resolution: {integrity: sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ==}
+
+  '@types/ms@2.1.0':
+    resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==}
+
+  '@types/node@12.20.55':
+    resolution: {integrity: sha512-J8xLz7q2OFulZ2cyGTLE1TbbZcjpno7FaN6zdJNrgAdrJ+DZzh/uFR6YrTb4C+nXakvud8Q4+rbhoIWlYQbUFQ==}
+
+  '@types/node@22.14.1':
+    resolution: {integrity: sha512-u0HuPQwe/dHrItgHHpmw3N2fYCR6x4ivMNbPHRkBVP4CvN+kiRrKHWk3i8tXiO/joPwXLMYvF9TTF0eqgHIuOw==}
+
+  '@types/react-dom@19.1.2':
+    resolution: {integrity: sha512-XGJkWF41Qq305SKWEILa1O8vzhb3aOo3ogBlSmiqNko/WmRb6QIaweuZCXjKygVDXpzXb5wyxKTSOsmkuqj+Qw==}
+    peerDependencies:
+      '@types/react': ^19.0.0
+
+  '@types/react@19.1.2':
+    resolution: {integrity: sha512-oxLPMytKchWGbnQM9O7D67uPa9paTNxO7jVoNMXgkkErULBPhPARCfkKL9ytcIJJRGjbsVwW4ugJzyFFvm/Tiw==}
+
+  '@types/sinonjs__fake-timers@8.1.1':
+    resolution: {integrity: sha512-0kSuKjAS0TrGLJ0M/+8MaFkGsQhZpB6pxOmvS3K8FYI72K//YmdfoW9X2qPsAKh1mkwxGD5zib9s1FIFed6E8g==}
+
+  '@types/sizzle@2.3.9':
+    resolution: {integrity: sha512-xzLEyKB50yqCUPUJkIsrVvoWNfFUbIZI+RspLWt8u+tIW/BetMBZtgV2LY/2o+tYH8dRvQ+eoPf3NdhQCcLE2w==}
+
+  '@types/tinycolor2@1.4.3':
+    resolution: {integrity: sha512-Kf1w9NE5HEgGxCRyIcRXR/ZYtDv0V8FVPtYHwLxl0O+maGX0erE77pQlD0gpP+/KByMZ87mOA79SjifhSB3PjQ==}
+
+  '@types/uuid@10.0.0':
+    resolution: {integrity: sha512-7gqG38EyHgyP1S+7+xomFtL+ZNHcKv6DwNaCZmJmo1vgMugyF3TCnXVg4t1uk89mLNwnLtnY3TpOpCOyp1/xHQ==}
+
+  '@types/yauzl@2.10.3':
+    resolution: {integrity: sha512-oJoftv0LSuaDZE3Le4DbKX+KS9G36NzOeSap90UIK0yMA/NhKJhqlSGtNDORNRaIbQfzjXDrQa0ytJ6mNRGz/Q==}
+
+  '@typescript-eslint/eslint-plugin@8.15.0':
+    resolution: {integrity: sha512-+zkm9AR1Ds9uLWN3fkoeXgFppaQ+uEVtfOV62dDmsy9QCNqlRHWNEck4yarvRNrvRcHQLGfqBNui3cimoz8XAg==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+    peerDependencies:
+      '@typescript-eslint/parser': ^7.9.0
+      eslint: ^8.57.0 || ^9.0.0
+      typescript: '*'
+    peerDependenciesMeta:
+      typescript:
+        optional: true
+
+  '@typescript-eslint/parser@7.18.0':
+    resolution: {integrity: sha512-4Z+L8I2OqhZV8qA132M4wNL30ypZGYOQVBfMgxDH/K5UX0PNqTu1c6za9ST5r9+tavvHiTWmBnKzpCJ/GlVFtg==}
+    engines: {node: ^18.18.0 || >=20.0.0}
+    peerDependencies:
+      eslint: ^8.56.0
+      typescript: '*'
+    peerDependenciesMeta:
+      typescript:
+        optional: true
+
+  '@typescript-eslint/scope-manager@7.18.0':
+    resolution: {integrity: sha512-jjhdIE/FPF2B7Z1uzc6i3oWKbGcHb87Qw7AWj6jmEqNOfDFbJWtjt/XfwCpvNkpGWlcJaog5vTR+VV8+w9JflA==}
+    engines: {node: ^18.18.0 || >=20.0.0}
+
+  '@typescript-eslint/scope-manager@8.15.0':
+    resolution: {integrity: sha512-QRGy8ADi4J7ii95xz4UoiymmmMd/zuy9azCaamnZ3FM8T5fZcex8UfJcjkiEZjJSztKfEBe3dZ5T/5RHAmw2mA==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  '@typescript-eslint/type-utils@8.15.0':
+    resolution: {integrity: sha512-UU6uwXDoI3JGSXmcdnP5d8Fffa2KayOhUUqr/AiBnG1Gl7+7ut/oyagVeSkh7bxQ0zSXV9ptRh/4N15nkCqnpw==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+    peerDependencies:
+      eslint: ^8.57.0 || ^9.0.0
+      typescript: '*'
+    peerDependenciesMeta:
+      typescript:
+        optional: true
+
+  '@typescript-eslint/types@7.18.0':
+    resolution: {integrity: sha512-iZqi+Ds1y4EDYUtlOOC+aUmxnE9xS/yCigkjA7XpTKV6nCBd3Hp/PRGGmdwnfkV2ThMyYldP1wRpm/id99spTQ==}
+    engines: {node: ^18.18.0 || >=20.0.0}
+
+  '@typescript-eslint/types@8.15.0':
+    resolution: {integrity: sha512-n3Gt8Y/KyJNe0S3yDCD2RVKrHBC4gTUcLTebVBXacPy091E6tNspFLKRXlk3hwT4G55nfr1n2AdFqi/XMxzmPQ==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  '@typescript-eslint/typescript-estree@7.18.0':
+    resolution: {integrity: sha512-aP1v/BSPnnyhMHts8cf1qQ6Q1IFwwRvAQGRvBFkWlo3/lH29OXA3Pts+c10nxRxIBrDnoMqzhgdwVe5f2D6OzA==}
+    engines: {node: ^18.18.0 || >=20.0.0}
+    peerDependencies:
+      typescript: '*'
+    peerDependenciesMeta:
+      typescript:
+        optional: true
+
+  '@typescript-eslint/typescript-estree@8.15.0':
+    resolution: {integrity: sha512-1eMp2JgNec/niZsR7ioFBlsh/Fk0oJbhaqO0jRyQBMgkz7RrFfkqF9lYYmBoGBaSiLnu8TAPQTwoTUiSTUW9dg==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+    peerDependencies:
+      typescript: '*'
+    peerDependenciesMeta:
+      typescript:
+        optional: true
+
+  '@typescript-eslint/utils@8.15.0':
+    resolution: {integrity: sha512-k82RI9yGhr0QM3Dnq+egEpz9qB6Un+WLYhmoNcvl8ltMEededhh7otBVVIDDsEEttauwdY/hQoSsOv13lxrFzQ==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+    peerDependencies:
+      eslint: ^8.57.0 || ^9.0.0
+      typescript: '*'
+    peerDependenciesMeta:
+      typescript:
+        optional: true
+
+  '@typescript-eslint/visitor-keys@7.18.0':
+    resolution: {integrity: sha512-cDF0/Gf81QpY3xYyJKDV14Zwdmid5+uuENhjH2EqFaF0ni+yAyq/LzMaIJdhNJXZI7uLzwIlA+V7oWoyn6Curg==}
+    engines: {node: ^18.18.0 || >=20.0.0}
+
+  '@typescript-eslint/visitor-keys@8.15.0':
+    resolution: {integrity: sha512-h8vYOulWec9LhpwfAdZf2bjr8xIp0KNKnpgqSz0qqYYKAW/QZKw3ktRndbiAtUz4acH4QLQavwZBYCc0wulA/Q==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  '@ungap/structured-clone@1.2.0':
+    resolution: {integrity: sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==}
+
+  '@vercel/analytics@1.3.1':
+    resolution: {integrity: sha512-xhSlYgAuJ6Q4WQGkzYTLmXwhYl39sWjoMA3nHxfkvG+WdBT25c563a7QhwwKivEOZtPJXifYHR1m2ihoisbWyA==}
+    peerDependencies:
+      next: '>= 13'
+      react: ^18 || ^19
+    peerDependenciesMeta:
+      next:
+        optional: true
+      react:
+        optional: true
+
+  '@vercel/git-hooks@1.0.0':
+    resolution: {integrity: sha512-OxDFAAdyiJ/H0b8zR9rFCu3BIb78LekBXOphOYG3snV4ULhKFX387pBPpqZ9HLiRTejBWBxYEahkw79tuIgdAA==}
+
+  '@vitejs/plugin-react@4.4.1':
+    resolution: {integrity: sha512-IpEm5ZmeXAP/osiBXVVP5KjFMzbWOonMs0NaQQl+xYnUAcq4oHUBsF2+p4MgKWG4YMmFYJU8A6sxRPuowllm6w==}
+    engines: {node: ^14.18.0 || >=16.0.0}
+    peerDependencies:
+      vite: ^4.2.0 || ^5.0.0 || ^6.0.0
+
+  '@vitest/expect@3.1.2':
+    resolution: {integrity: sha512-O8hJgr+zREopCAqWl3uCVaOdqJwZ9qaDwUP7vy3Xigad0phZe9APxKhPcDNqYYi0rX5oMvwJMSCAXY2afqeTSA==}
+
+  '@vitest/mocker@3.1.2':
+    resolution: {integrity: sha512-kOtd6K2lc7SQ0mBqYv/wdGedlqPdM/B38paPY+OwJ1XiNi44w3Fpog82UfOibmHaV9Wod18A09I9SCKLyDMqgw==}
+    peerDependencies:
+      msw: ^2.4.9
+      vite: ^5.0.0 || ^6.0.0
+    peerDependenciesMeta:
+      msw:
+        optional: true
+      vite:
+        optional: true
+
+  '@vitest/pretty-format@3.1.2':
+    resolution: {integrity: sha512-R0xAiHuWeDjTSB3kQ3OQpT8Rx3yhdOAIm/JM4axXxnG7Q/fS8XUwggv/A4xzbQA+drYRjzkMnpYnOGAc4oeq8w==}
+
+  '@vitest/runner@3.1.2':
+    resolution: {integrity: sha512-bhLib9l4xb4sUMPXnThbnhX2Yi8OutBMA8Yahxa7yavQsFDtwY/jrUZwpKp2XH9DhRFJIeytlyGpXCqZ65nR+g==}
+
+  '@vitest/snapshot@3.1.2':
+    resolution: {integrity: sha512-Q1qkpazSF/p4ApZg1vfZSQ5Yw6OCQxVMVrLjslbLFA1hMDrT2uxtqMaw8Tc/jy5DLka1sNs1Y7rBcftMiaSH/Q==}
+
+  '@vitest/spy@3.1.2':
+    resolution: {integrity: sha512-OEc5fSXMws6sHVe4kOFyDSj/+4MSwst0ib4un0DlcYgQvRuYQ0+M2HyqGaauUMnjq87tmUaMNDxKQx7wNfVqPA==}
+
+  '@vitest/utils@3.1.2':
+    resolution: {integrity: sha512-5GGd0ytZ7BH3H6JTj9Kw7Prn1Nbg0wZVrIvou+UWxm54d+WoXXgAgjFJ8wn3LdagWLFSEfpPeyYrByZaGEZHLg==}
+
+  abbrev@1.1.1:
+    resolution: {integrity: sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==}
+
+  abort-controller-x@0.4.3:
+    resolution: {integrity: sha512-VtUwTNU8fpMwvWGn4xE93ywbogTYsuT+AUxAXOeelbXuQVIwNmC5YLeho9sH4vZ4ITW8414TTAOG1nW6uIVHCA==}
+
+  acorn-jsx@5.3.2:
+    resolution: {integrity: sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==}
+    peerDependencies:
+      acorn: ^6.0.0 || ^7.0.0 || ^8.0.0
+
+  acorn@8.12.1:
+    resolution: {integrity: sha512-tcpGyI9zbizT9JbV6oYE477V6mTlXvvi0T0G3SNIYE2apm/G5huBa1+K89VGeovbg+jycCrfhl3ADxErOuO6Jg==}
+    engines: {node: '>=0.4.0'}
+    hasBin: true
+
+  agent-base@6.0.2:
+    resolution: {integrity: sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==}
+    engines: {node: '>= 6.0.0'}
+
+  agent-base@7.1.3:
+    resolution: {integrity: sha512-jRR5wdylq8CkOe6hei19GGZnxM6rBGwFl3Bg0YItGDimvjGtAvdZk4Pu6Cl4u4Igsws4a1fd1Vq3ezrhn4KmFw==}
+    engines: {node: '>= 14'}
+
+  aggregate-error@3.1.0:
+    resolution: {integrity: sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==}
+    engines: {node: '>=8'}
+
+  ajv@6.12.6:
+    resolution: {integrity: sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==}
+
+  ansi-colors@4.1.3:
+    resolution: {integrity: sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==}
+    engines: {node: '>=6'}
+
+  ansi-escapes@4.3.2:
+    resolution: {integrity: sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==}
+    engines: {node: '>=8'}
+
+  ansi-escapes@7.0.0:
+    resolution: {integrity: sha512-GdYO7a61mR0fOlAsvC9/rIHf7L96sBc6dEWzeOu+KAea5bZyQRPIpojrVoI4AXGJS/ycu/fBTdLrUkA4ODrvjw==}
+    engines: {node: '>=18'}
+
+  ansi-regex@5.0.1:
+    resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==}
+    engines: {node: '>=8'}
+
+  ansi-regex@6.1.0:
+    resolution: {integrity: sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==}
+    engines: {node: '>=12'}
+
+  ansi-styles@4.3.0:
+    resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==}
+    engines: {node: '>=8'}
+
+  ansi-styles@5.2.0:
+    resolution: {integrity: sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==}
+    engines: {node: '>=10'}
+
+  ansi-styles@6.2.1:
+    resolution: {integrity: sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==}
+    engines: {node: '>=12'}
+
+  any-promise@1.3.0:
+    resolution: {integrity: sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==}
+
+  anymatch@3.1.3:
+    resolution: {integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==}
+    engines: {node: '>= 8'}
+
+  aproba@2.0.0:
+    resolution: {integrity: sha512-lYe4Gx7QT+MKGbDsA+Z+he/Wtef0BiwDOlK/XkBrdfsh9J/jPPXbX0tE9x9cl27Tmu5gg3QUbUrQYa/y+KOHPQ==}
+
+  arch@2.2.0:
+    resolution: {integrity: sha512-Of/R0wqp83cgHozfIYLbBMnej79U/SVGOOyuB3VVFv1NRM/PSFMK12x9KVtiYzJqmnU5WR2qp0Z5rHb7sWGnFQ==}
+
+  are-we-there-yet@2.0.0:
+    resolution: {integrity: sha512-Ci/qENmwHnsYo9xKIcUJN5LeDKdJ6R1Z1j9V/J5wyq8nh/mYPEpIKJbBZXtZjG04HiK7zV/p6Vs9952MrMeUIw==}
+    engines: {node: '>=10'}
+    deprecated: This package is no longer supported.
+
+  arg@5.0.2:
+    resolution: {integrity: sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==}
+
+  argparse@1.0.10:
+    resolution: {integrity: sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==}
+
+  argparse@2.0.1:
+    resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==}
+
+  aria-query@5.1.3:
+    resolution: {integrity: sha512-R5iJ5lkuHybztUfuOAznmboyjWq8O6sqNqtK7CLOqdydi54VNbORp49mb14KbWgG1QD3JFO9hJdZ+y4KutfdOQ==}
+
+  aria-query@5.3.0:
+    resolution: {integrity: sha512-b0P0sZPKtyu8HkeRAfCq0IfURZK+SuwMjY1UXGBU27wpAiTwQAIlq56IbIO+ytk/JjS1fMR14ee5WBBfKi5J6A==}
+
+  array-buffer-byte-length@1.0.1:
+    resolution: {integrity: sha512-ahC5W1xgou+KTXix4sAO8Ki12Q+jf4i0+tmk3sC+zgcynshkHxzpXdImBehiUYKKKDwvfFiJl1tZt6ewscS1Mg==}
+    engines: {node: '>= 0.4'}
+
+  array-includes@3.1.8:
+    resolution: {integrity: sha512-itaWrbYbqpGXkGhZPGUulwnhVf5Hpy1xiCFsGqyIGglbBxmG5vSjxQen3/WGOjPpNEv1RtBLKxbmVXm8HpJStQ==}
+    engines: {node: '>= 0.4'}
+
+  array-union@2.1.0:
+    resolution: {integrity: sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==}
+    engines: {node: '>=8'}
+
+  array.prototype.findlast@1.2.5:
+    resolution: {integrity: sha512-CVvd6FHg1Z3POpBLxO6E6zr+rSKEQ9L6rZHAaY7lLfhKsWYUBBOuMs0e9o24oopj6H+geRCX0YJ+TJLBK2eHyQ==}
+    engines: {node: '>= 0.4'}
+
+  array.prototype.findlastindex@1.2.5:
+    resolution: {integrity: sha512-zfETvRFA8o7EiNn++N5f/kaCw221hrpGsDmcpndVupkPzEc1Wuf3VgC0qby1BbHs7f5DVYjgtEU2LLh5bqeGfQ==}
+    engines: {node: '>= 0.4'}
+
+  array.prototype.flat@1.3.2:
+    resolution: {integrity: sha512-djYB+Zx2vLewY8RWlNCUdHjDXs2XOgm602S9E7P/UpHgfeHL00cRiIF+IN/G/aUJ7kGPb6yO/ErDI5V2s8iycA==}
+    engines: {node: '>= 0.4'}
+
+  array.prototype.flatmap@1.3.2:
+    resolution: {integrity: sha512-Ewyx0c9PmpcsByhSW4r+9zDU7sGjFc86qf/kKtuSCRdhfbk0SNLLkaT5qvcHnRGgc5NP/ly/y+qkXkqONX54CQ==}
+    engines: {node: '>= 0.4'}
+
+  array.prototype.tosorted@1.1.4:
+    resolution: {integrity: sha512-p6Fx8B7b7ZhL/gmUsAy0D15WhvDccw3mnGNbZpi3pmeJdxtWsj2jEaI4Y6oo3XiHfzuSgPwKc04MYt6KgvC/wA==}
+    engines: {node: '>= 0.4'}
+
+  arraybuffer.prototype.slice@1.0.3:
+    resolution: {integrity: sha512-bMxMKAjg13EBSVscxTaYA4mRc5t1UAXa2kXiGTNfZ079HIWXEkKmkgFrh/nJqamaLSrXO5H4WFFkPEaLJWbs3A==}
+    engines: {node: '>= 0.4'}
+
+  asn1@0.2.6:
+    resolution: {integrity: sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==}
+
+  assert-plus@1.0.0:
+    resolution: {integrity: sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==}
+    engines: {node: '>=0.8'}
+
+  assertion-error@2.0.1:
+    resolution: {integrity: sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==}
+    engines: {node: '>=12'}
+
+  ast-types-flow@0.0.8:
+    resolution: {integrity: sha512-OH/2E5Fg20h2aPrbe+QL8JZQFko0YZaF+j4mnQ7BGhfavO7OpSLa8a0y9sBwomHdSbkhTS8TQNayBfnW5DwbvQ==}
+
+  astral-regex@2.0.0:
+    resolution: {integrity: sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==}
+    engines: {node: '>=8'}
+
+  async@3.2.6:
+    resolution: {integrity: sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==}
+
+  asynckit@0.4.0:
+    resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==}
+
+  at-least-node@1.0.0:
+    resolution: {integrity: sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==}
+    engines: {node: '>= 4.0.0'}
+
+  autoprefixer@10.4.21:
+    resolution: {integrity: sha512-O+A6LWV5LDHSJD3LjHYoNi4VLsj/Whi7k6zG12xTYaU4cQ8oxQGckXNX8cRHK5yOZ/ppVHe0ZBXGzSV9jXdVbQ==}
+    engines: {node: ^10 || ^12 || >=14}
+    hasBin: true
+    peerDependencies:
+      postcss: ^8.1.0
+
+  available-typed-arrays@1.0.7:
+    resolution: {integrity: sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==}
+    engines: {node: '>= 0.4'}
+
+  aws-sign2@0.7.0:
+    resolution: {integrity: sha512-08kcGqnYf/YmjoRhfxyu+CLxBjUtHLXLXX/vUfx9l2LYzG3c1m61nrpyFUZI6zeS+Li/wWMMidD9KgrqtGq3mA==}
+
+  aws4@1.13.2:
+    resolution: {integrity: sha512-lHe62zvbTB5eEABUVi/AwVh0ZKY9rMMDhmm+eeyuuUQbQ3+J+fONVQOZyj+DdrvD4BY33uYniyRJ4UJIaSKAfw==}
+
+  axe-core@4.10.0:
+    resolution: {integrity: sha512-Mr2ZakwQ7XUAjp7pAwQWRhhK8mQQ6JAaNWSjmjxil0R8BPioMtQsTLOolGYkji1rcL++3dCqZA3zWqpT+9Ew6g==}
+    engines: {node: '>=4'}
+
+  axios@1.8.4:
+    resolution: {integrity: sha512-eBSYY4Y68NNlHbHBMdeDmKNtDgXWhQsJcGqzO3iLUM0GraQFSS9cVgPX5I9b3lbdFKyYoAEGAZF1DwhTaljNAw==}
+
+  axobject-query@3.1.1:
+    resolution: {integrity: sha512-goKlv8DZrK9hUh975fnHzhNIO4jUnFCfv/dszV5VwUGDFjI6vQ2VwoyjYjYNEbBE8AH87TduWP5uyDR1D+Iteg==}
+
+  balanced-match@1.0.2:
+    resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
+
+  base64-js@1.5.1:
+    resolution: {integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==}
+
+  bcrypt-pbkdf@1.0.2:
+    resolution: {integrity: sha512-qeFIXtP4MSoi6NLqO12WfqARWWuCKi2Rn/9hJLEmtB5yTNr9DqFWkJRCf2qShWzPeAMRnOgCrq0sg/KLv5ES9w==}
+
+  better-path-resolve@1.0.0:
+    resolution: {integrity: sha512-pbnl5XzGBdrFU/wT4jqmJVPn2B6UHPBOhzMQkY/SPUPB6QtUXtmBHBIwCbXJol93mOpGMnQyP/+BB19q04xj7g==}
+    engines: {node: '>=4'}
+
+  binary-extensions@2.3.0:
+    resolution: {integrity: sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==}
+    engines: {node: '>=8'}
+
+  blob-util@2.0.2:
+    resolution: {integrity: sha512-T7JQa+zsXXEa6/8ZhHcQEW1UFfVM49Ts65uBkFL6fz2QmrElqmbajIDJvuA0tEhRe5eIjpV9ZF+0RfZR9voJFQ==}
+
+  bluebird@3.7.2:
+    resolution: {integrity: sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==}
+
+  brace-expansion@1.1.11:
+    resolution: {integrity: sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==}
+
+  brace-expansion@2.0.1:
+    resolution: {integrity: sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==}
+
+  braces@3.0.3:
+    resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==}
+    engines: {node: '>=8'}
+
+  browserslist@4.24.4:
+    resolution: {integrity: sha512-KDi1Ny1gSePi1vm0q4oxSF8b4DR44GF4BbmS2YdhPLOEqd8pDviZOGH/GsmRwoWJ2+5Lr085X7naowMwKHDG1A==}
+    engines: {node: ^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7}
+    hasBin: true
+
+  buffer-crc32@0.2.13:
+    resolution: {integrity: sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==}
+
+  buffer@5.7.1:
+    resolution: {integrity: sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==}
+
+  bundle-require@5.1.0:
+    resolution: {integrity: sha512-3WrrOuZiyaaZPWiEt4G3+IffISVC9HYlWueJEBWED4ZH4aIAC2PnkdnuRrR94M+w6yGWn4AglWtJtBI8YqvgoA==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+    peerDependencies:
+      esbuild: '>=0.18'
+
+  cac@6.7.14:
+    resolution: {integrity: sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==}
+    engines: {node: '>=8'}
+
+  cachedir@2.4.0:
+    resolution: {integrity: sha512-9EtFOZR8g22CL7BWjJ9BUx1+A/djkofnyW3aOXZORNW2kxoUpx2h+uN2cOqwPmFhnpVmxg+KW2OjOSgChTEvsQ==}
+    engines: {node: '>=6'}
+
+  call-bind-apply-helpers@1.0.2:
+    resolution: {integrity: sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==}
+    engines: {node: '>= 0.4'}
+
+  call-bind@1.0.7:
+    resolution: {integrity: sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==}
+    engines: {node: '>= 0.4'}
+
+  call-bound@1.0.4:
+    resolution: {integrity: sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==}
+    engines: {node: '>= 0.4'}
+
+  callsites@3.1.0:
+    resolution: {integrity: sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==}
+    engines: {node: '>=6'}
+
+  camelcase-css@2.0.1:
+    resolution: {integrity: sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==}
+    engines: {node: '>= 6'}
+
+  caniuse-lite@1.0.30001715:
+    resolution: {integrity: sha512-7ptkFGMm2OAOgvZpwgA4yjQ5SQbrNVGdRjzH0pBdy1Fasvcr+KAeECmbCAECzTuDuoX0FCY8KzUxjf9+9kfZEw==}
+
+  case-anything@2.1.13:
+    resolution: {integrity: sha512-zlOQ80VrQ2Ue+ymH5OuM/DlDq64mEm+B9UTdHULv5osUMD6HalNTblf2b1u/m6QecjsnOkBpqVZ+XPwIVsy7Ng==}
+    engines: {node: '>=12.13'}
+
+  caseless@0.12.0:
+    resolution: {integrity: sha512-4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw==}
+
+  chai@5.2.0:
+    resolution: {integrity: sha512-mCuXncKXk5iCLhfhwTc0izo0gtEmpz5CtG2y8GiOINBlMVS6v8TMRc5TaLWKS6692m9+dVVfzgeVxR5UxWHTYw==}
+    engines: {node: '>=12'}
+
+  chalk@3.0.0:
+    resolution: {integrity: sha512-4D3B6Wf41KOYRFdszmDqMCGq5VV/uMAB273JILmO+3jAlh8X4qDtdtgCR3fxtbLEMzSx22QdhnDcJvu2u1fVwg==}
+    engines: {node: '>=8'}
+
+  chalk@4.1.2:
+    resolution: {integrity: sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==}
+    engines: {node: '>=10'}
+
+  chalk@5.4.1:
+    resolution: {integrity: sha512-zgVZuo2WcZgfUEmsn6eO3kINexW8RAE4maiQ8QNs8CtpPCSyMiYsULR3HQYkm3w8FIA3SberyMJMSldGsW+U3w==}
+    engines: {node: ^12.17.0 || ^14.13 || >=16.0.0}
+
+  chardet@0.7.0:
+    resolution: {integrity: sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==}
+
+  check-error@2.1.1:
+    resolution: {integrity: sha512-OAlb+T7V4Op9OwdkjmguYRqncdlx5JiofwOAUkmTF+jNdHwzTaTs4sRAGpzLF3oOz5xAyDGrPgeIDFQmDOTiJw==}
+    engines: {node: '>= 16'}
+
+  check-more-types@2.24.0:
+    resolution: {integrity: sha512-Pj779qHxV2tuapviy1bSZNEL1maXr13bPYpsvSDB68HlYcYuhlDrmGd63i0JHMCLKzc7rUSNIrpdJlhVlNwrxA==}
+    engines: {node: '>= 0.8.0'}
+
+  chokidar@3.6.0:
+    resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==}
+    engines: {node: '>= 8.10.0'}
+
+  chokidar@4.0.3:
+    resolution: {integrity: sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==}
+    engines: {node: '>= 14.16.0'}
+
+  chownr@2.0.0:
+    resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==}
+    engines: {node: '>=10'}
+
+  ci-info@3.9.0:
+    resolution: {integrity: sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==}
+    engines: {node: '>=8'}
+
+  ci-info@4.2.0:
+    resolution: {integrity: sha512-cYY9mypksY8NRqgDB1XD1RiJL338v/551niynFTGkZOO2LHuB2OmOYxDIe/ttN9AHwrqdum1360G3ald0W9kCg==}
+    engines: {node: '>=8'}
+
+  clean-stack@2.2.0:
+    resolution: {integrity: sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==}
+    engines: {node: '>=6'}
+
+  cli-cursor@3.1.0:
+    resolution: {integrity: sha512-I/zHAwsKf9FqGoXM4WWRACob9+SNukZTd94DWF57E4toouRulbCxcUh6RKUEOQlYTHJnzkPMySvPNaaSLNfLZw==}
+    engines: {node: '>=8'}
+
+  cli-cursor@5.0.0:
+    resolution: {integrity: sha512-aCj4O5wKyszjMmDT4tZj93kxyydN/K5zPWSCe6/0AV/AA1pqe5ZBIw0a2ZfPQV7lL5/yb5HsUreJ6UFAF1tEQw==}
+    engines: {node: '>=18'}
+
+  cli-table3@0.6.5:
+    resolution: {integrity: sha512-+W/5efTR7y5HRD7gACw9yQjqMVvEMLBHmboM/kPWam+H+Hmyrgjh6YncVKK122YZkXrLudzTuAukUw9FnMf7IQ==}
+    engines: {node: 10.* || >= 12.*}
+
+  cli-truncate@2.1.0:
+    resolution: {integrity: sha512-n8fOixwDD6b/ObinzTrp1ZKFzbgvKZvuz/TvejnLn1aQfC6r52XEx85FmuC+3HI+JM7coBRXUvNqEU2PHVrHpg==}
+    engines: {node: '>=8'}
+
+  cli-truncate@4.0.0:
+    resolution: {integrity: sha512-nPdaFdQ0h/GEigbPClz11D0v/ZJEwxmeVZGeMo3Z5StPtUTkA9o1lD6QwoirYiSDzbcwn2XcjwmCp68W1IS4TA==}
+    engines: {node: '>=18'}
+
+  client-only@0.0.1:
+    resolution: {integrity: sha512-IV3Ou0jSMzZrd3pZ48nLkT9DA7Ag1pnPzaiQhpW7c3RbcqqzvzzVu+L8gfqMp/8IM2MQtSiqaCxrrcfu8I8rMA==}
+
+  cliui@8.0.1:
+    resolution: {integrity: sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==}
+    engines: {node: '>=12'}
+
+  clsx@1.2.1:
+    resolution: {integrity: sha512-EcR6r5a8bj6pu3ycsa/E/cKVGuTgZJZdsyUYHOksG/UHIiKfjxzRxYJpyVBwYaQeOvghal9fcc4PidlgzugAQg==}
+    engines: {node: '>=6'}
+
+  clsx@2.1.1:
+    resolution: {integrity: sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==}
+    engines: {node: '>=6'}
+
+  color-convert@2.0.1:
+    resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==}
+    engines: {node: '>=7.0.0'}
+
+  color-name@1.1.4:
+    resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==}
+
+  color-string@1.9.1:
+    resolution: {integrity: sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg==}
+
+  color-support@1.1.3:
+    resolution: {integrity: sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg==}
+    hasBin: true
+
+  color@4.2.3:
+    resolution: {integrity: sha512-1rXeuUUiGGrykh+CeBdu5Ie7OJwinCgQY0bc7GCRxy5xVHy+moaqkpL/jqQq0MtQOeYcrqEz4abc5f0KtU7W4A==}
+    engines: {node: '>=12.5.0'}
+
+  colorette@2.0.20:
+    resolution: {integrity: sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==}
+
+  combined-stream@1.0.8:
+    resolution: {integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==}
+    engines: {node: '>= 0.8'}
+
+  commander@13.1.0:
+    resolution: {integrity: sha512-/rFeCpNJQbhSZjGVwO9RFV3xPqbnERS8MmIQzCtD/zl6gpJuV/bMLuN92oG3F7d8oDEHHRrujSXNUr8fpjntKw==}
+    engines: {node: '>=18'}
+
+  commander@4.1.1:
+    resolution: {integrity: sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==}
+    engines: {node: '>= 6'}
+
+  commander@6.2.1:
+    resolution: {integrity: sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==}
+    engines: {node: '>= 6'}
+
+  common-tags@1.8.2:
+    resolution: {integrity: sha512-gk/Z852D2Wtb//0I+kRFNKKE9dIIVirjoqPoA1wJU+XePVXZfGeBpk45+A1rKO4Q43prqWBNY/MiIeRLbPWUaA==}
+    engines: {node: '>=4.0.0'}
+
+  concat-map@0.0.1:
+    resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
+
+  concurrently@9.1.2:
+    resolution: {integrity: sha512-H9MWcoPsYddwbOGM6difjVwVZHl63nwMEwDJG/L7VGtuaJhb12h2caPG2tVPWs7emuYix252iGfqOyrz1GczTQ==}
+    engines: {node: '>=18'}
+    hasBin: true
+
+  consola@3.4.2:
+    resolution: {integrity: sha512-5IKcdX0nnYavi6G7TtOhwkYzyjfJlatbjMjuLSfE2kYT5pMDOilZ4OvMhi637CcDICTmz3wARPoyhqyX1Y+XvA==}
+    engines: {node: ^14.18.0 || >=16.10.0}
+
+  console-control-strings@1.1.0:
+    resolution: {integrity: sha512-ty/fTekppD2fIwRvnZAVdeOiGd1c7YXEixbgJTNzqcxJWKQnjJ/V1bNEEE6hygpM3WjwHFUVK6HTjWSzV4a8sQ==}
+
+  convert-source-map@2.0.0:
+    resolution: {integrity: sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==}
+
+  copy-to-clipboard@3.3.3:
+    resolution: {integrity: sha512-2KV8NhB5JqC3ky0r9PMCAZKbUHSwtEo4CwCs0KXgruG43gX5PMqDEBbVU4OUzw2MuAWUfsuFmWvEKG5QRfSnJA==}
+
+  core-util-is@1.0.2:
+    resolution: {integrity: sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==}
+
+  cross-spawn@7.0.3:
+    resolution: {integrity: sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==}
+    engines: {node: '>= 8'}
+
+  cross-spawn@7.0.6:
+    resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
+    engines: {node: '>= 8'}
+
+  css.escape@1.5.1:
+    resolution: {integrity: sha512-YUifsXXuknHlUsmlgyY0PKzgPOr7/FjCePfHNt0jxm83wHZi44VDMQ7/fGNkjY3/jV1MC+1CmZbaHzugyeRtpg==}
+
+  cssesc@3.0.0:
+    resolution: {integrity: sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==}
+    engines: {node: '>=4'}
+    hasBin: true
+
+  cssstyle@4.3.1:
+    resolution: {integrity: sha512-ZgW+Jgdd7i52AaLYCriF8Mxqft0gD/R9i9wi6RWBhs1pqdPEzPjym7rvRKi397WmQFf3SlyUsszhw+VVCbx79Q==}
+    engines: {node: '>=18'}
+
+  csstype@3.1.3:
+    resolution: {integrity: sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==}
+
+  cypress@14.3.2:
+    resolution: {integrity: sha512-n+yGD2ZFFKgy7I3YtVpZ7BcFYrrDMcKj713eOZdtxPttpBjCyw/R8dLlFSsJPouneGN7A/HOSRyPJ5+3/gKDoA==}
+    engines: {node: ^18.0.0 || ^20.0.0 || >=22.0.0}
+    hasBin: true
+
+  damerau-levenshtein@1.0.8:
+    resolution: {integrity: sha512-sdQSFB7+llfUcQHUQO3+B8ERRj0Oa4w9POWMI/puGtuf7gFywGmkaLCElnudfTiKZV+NvHqL0ifzdrI8Ro7ESA==}
+
+  dashdash@1.14.1:
+    resolution: {integrity: sha512-jRFi8UDGo6j+odZiEpjazZaWqEal3w/basFjQHQEwVtZJGDpxbH1MeYluwCS8Xq5wmLJooDlMgvVarmWfGM44g==}
+    engines: {node: '>=0.10'}
+
+  data-uri-to-buffer@4.0.1:
+    resolution: {integrity: sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A==}
+    engines: {node: '>= 12'}
+
+  data-urls@5.0.0:
+    resolution: {integrity: sha512-ZYP5VBHshaDAiVZxjbRVcFJpc+4xGgT0bK3vzy1HLN8jTO975HEbuYzZJcHoQEY5K1a0z8YayJkyVETa08eNTg==}
+    engines: {node: '>=18'}
+
+  data-view-buffer@1.0.1:
+    resolution: {integrity: sha512-0lht7OugA5x3iJLOWFhWK/5ehONdprk0ISXqVFn/NFrDu+cuc8iADFrGQz5BnRK7LLU3JmkbXSxaqX+/mXYtUA==}
+    engines: {node: '>= 0.4'}
+
+  data-view-byte-length@1.0.1:
+    resolution: {integrity: sha512-4J7wRJD3ABAzr8wP+OcIcqq2dlUKp4DVflx++hs5h5ZKydWMI6/D/fAot+yh6g2tHh8fLFTvNOaVN357NvSrOQ==}
+    engines: {node: '>= 0.4'}
+
+  data-view-byte-offset@1.0.0:
+    resolution: {integrity: sha512-t/Ygsytq+R995EJ5PZlD4Cu56sWa8InXySaViRzw9apusqsOO2bQP+SbYzAhR0pFKoB+43lYy8rWban9JSuXnA==}
+    engines: {node: '>= 0.4'}
+
+  dayjs@1.11.13:
+    resolution: {integrity: sha512-oaMBel6gjolK862uaPQOVTA7q3TZhuSvuMQAAglQDOWYO9A91IrAOUJEyKVlqJlHE0vq5p5UXxzdPfMH/x6xNg==}
+
+  debug@3.2.7:
+    resolution: {integrity: sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==}
+    peerDependencies:
+      supports-color: '*'
+    peerDependenciesMeta:
+      supports-color:
+        optional: true
+
+  debug@4.3.7:
+    resolution: {integrity: sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==}
+    engines: {node: '>=6.0'}
+    peerDependencies:
+      supports-color: '*'
+    peerDependenciesMeta:
+      supports-color:
+        optional: true
+
+  debug@4.4.0:
+    resolution: {integrity: sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==}
+    engines: {node: '>=6.0'}
+    peerDependencies:
+      supports-color: '*'
+    peerDependenciesMeta:
+      supports-color:
+        optional: true
+
+  decimal.js@10.5.0:
+    resolution: {integrity: sha512-8vDa8Qxvr/+d94hSh5P3IJwI5t8/c0KsMp+g8bNw9cY2icONa5aPfvKeieW1WlG0WQYwwhJ7mjui2xtiePQSXw==}
+
+  deep-eql@5.0.2:
+    resolution: {integrity: sha512-h5k/5U50IJJFpzfL6nO9jaaumfjO/f2NjK/oYB2Djzm4p9L+3T9qWpZqZ2hAbLPuuYq9wrU08WQyBTL5GbPk5Q==}
+    engines: {node: '>=6'}
+
+  deep-equal@2.2.3:
+    resolution: {integrity: sha512-ZIwpnevOurS8bpT4192sqAowWM76JDKSHYzMLty3BZGSswgq6pBaH3DhCSW5xVAZICZyKdOBPjwww5wfgT/6PA==}
+    engines: {node: '>= 0.4'}
+
+  deep-is@0.1.4:
+    resolution: {integrity: sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==}
+
+  deepmerge@4.3.1:
+    resolution: {integrity: sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==}
+    engines: {node: '>=0.10.0'}
+
+  define-data-property@1.1.4:
+    resolution: {integrity: sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==}
+    engines: {node: '>= 0.4'}
+
+  define-properties@1.2.1:
+    resolution: {integrity: sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==}
+    engines: {node: '>= 0.4'}
+
+  delayed-stream@1.0.0:
+    resolution: {integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==}
+    engines: {node: '>=0.4.0'}
+
+  delegates@1.0.0:
+    resolution: {integrity: sha512-bd2L678uiWATM6m5Z1VzNCErI3jiGzt6HGY8OVICs40JQq/HALfbyNJmp0UDakEY4pMMaN0Ly5om/B1VI/+xfQ==}
+
+  dequal@2.0.3:
+    resolution: {integrity: sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==}
+    engines: {node: '>=6'}
+
+  detect-indent@6.1.0:
+    resolution: {integrity: sha512-reYkTUJAZb9gUuZ2RvVCNhVHdg62RHnJ7WJl8ftMi4diZ6NWlciOzQN88pUhSELEwflJht4oQDv0F0BMlwaYtA==}
+    engines: {node: '>=8'}
+
+  detect-libc@1.0.3:
+    resolution: {integrity: sha512-pGjwhsmsp4kL2RTz08wcOlGN83otlqHeD/Z5T8GXZB+/YcpQ/dgo+lbU8ZsGxV0HIvqqxo9l7mqYwyYMD9bKDg==}
+    engines: {node: '>=0.10'}
+    hasBin: true
+
+  detect-libc@2.0.4:
+    resolution: {integrity: sha512-3UDv+G9CsCKO1WKMGw9fwq/SWJYbI0c5Y7LU1AXYoDdbhE2AHQ6N6Nb34sG8Fj7T5APy8qXDCKuuIHd1BR0tVA==}
+    engines: {node: '>=8'}
+
+  didyoumean@1.2.2:
+    resolution: {integrity: sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==}
+
+  dir-glob@3.0.1:
+    resolution: {integrity: sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==}
+    engines: {node: '>=8'}
+
+  dlv@1.1.3:
+    resolution: {integrity: sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==}
+
+  doctrine@2.1.0:
+    resolution: {integrity: sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==}
+    engines: {node: '>=0.10.0'}
+
+  doctrine@3.0.0:
+    resolution: {integrity: sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==}
+    engines: {node: '>=6.0.0'}
+
+  dom-accessibility-api@0.5.16:
+    resolution: {integrity: sha512-X7BJ2yElsnOJ30pZF4uIIDfBEVgF4XEBxL9Bxhy6dnrm5hkzqmsWHGTiHqRiITNhMyFLyAiWndIJP7Z1NTteDg==}
+
+  dom-accessibility-api@0.6.3:
+    resolution: {integrity: sha512-7ZgogeTnjuHbo+ct10G9Ffp0mif17idi0IyWNVA/wcwcm7NPOD/WEHVP3n7n3MhXqxoIYm8d6MuZohYWIZ4T3w==}
+
+  dotenv-cli@8.0.0:
+    resolution: {integrity: sha512-aLqYbK7xKOiTMIRf1lDPbI+Y+Ip/wo5k3eyp6ePysVaSqbyxjyK3dK35BTxG+rmd7djf5q2UPs4noPNH+cj0Qw==}
+    hasBin: true
+
+  dotenv-expand@10.0.0:
+    resolution: {integrity: sha512-GopVGCpVS1UKH75VKHGuQFqS1Gusej0z4FyQkPdwjil2gNIv+LNsqBlboOzpJFZKVT95GkCyWJbBSdFEFUWI2A==}
+    engines: {node: '>=12'}
+
+  dotenv@16.0.3:
+    resolution: {integrity: sha512-7GO6HghkA5fYG9TYnNxi14/7K9f5occMlp3zXAuSxn7CKCxt9xbNWG7yF8hTCSUchlfWSe3uLmlPfigevRItzQ==}
+    engines: {node: '>=12'}
+
+  dotenv@16.5.0:
+    resolution: {integrity: sha512-m/C+AwOAr9/W1UOIZUo232ejMNnJAJtYQjUbHoNTBNTJSvqzzDh7vnrei3o3r3m9blf6ZoDkvcw0VmozNRFJxg==}
+    engines: {node: '>=12'}
+
+  dprint-node@1.0.8:
+    resolution: {integrity: sha512-iVKnUtYfGrYcW1ZAlfR/F59cUVL8QIhWoBJoSjkkdua/dkWIgjZfiLMeTjiB06X0ZLkQ0M2C1VbUj/CxkIf1zg==}
+
+  dunder-proto@1.0.1:
+    resolution: {integrity: sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==}
+    engines: {node: '>= 0.4'}
+
+  duplexer@0.1.2:
+    resolution: {integrity: sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==}
+
+  eastasianwidth@0.2.0:
+    resolution: {integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==}
+
+  ecc-jsbn@0.1.2:
+    resolution: {integrity: sha512-eh9O+hwRHNbG4BLTjEl3nw044CkGm5X6LoaCf7LPp7UU8Qrt47JYNi6nPX8xjW97TKGKm1ouctg0QSpZe9qrnw==}
+
+  electron-to-chromium@1.5.140:
+    resolution: {integrity: sha512-o82Rj+ONp4Ip7Cl1r7lrqx/pXhbp/lh9DpKcMNscFJdh8ebyRofnc7Sh01B4jx403RI0oqTBvlZ7OBIZLMr2+Q==}
+
+  emoji-regex@10.4.0:
+    resolution: {integrity: sha512-EC+0oUMY1Rqm4O6LLrgjtYDvcVYTy7chDnM4Q7030tP4Kwj3u/pR6gP9ygnp2CJMK5Gq+9Q2oqmrFJAz01DXjw==}
+
+  emoji-regex@8.0.0:
+    resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==}
+
+  emoji-regex@9.2.2:
+    resolution: {integrity: sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==}
+
+  end-of-stream@1.4.4:
+    resolution: {integrity: sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==}
+
+  enhanced-resolve@5.17.1:
+    resolution: {integrity: sha512-LMHl3dXhTcfv8gM4kEzIUeTQ+7fpdA0l2tUf34BddXPkz2A5xJ5L/Pchd5BL6rdccM9QGvu0sWZzK1Z1t4wwyg==}
+    engines: {node: '>=10.13.0'}
+
+  enquirer@2.4.1:
+    resolution: {integrity: sha512-rRqJg/6gd538VHvR3PSrdRBb/1Vy2YfzHqzvbhGIQpDRKIa4FgV/54b5Q1xYSxOOwKvjXweS26E0Q+nAMwp2pQ==}
+    engines: {node: '>=8.6'}
+
+  entities@6.0.0:
+    resolution: {integrity: sha512-aKstq2TDOndCn4diEyp9Uq/Flu2i1GlLkc6XIDQSDMuaFE3OPW5OphLCyQ5SpSJZTb4reN+kTcYru5yIfXoRPw==}
+    engines: {node: '>=0.12'}
+
+  env-cmd@10.1.0:
+    resolution: {integrity: sha512-mMdWTT9XKN7yNth/6N6g2GuKuJTsKMDHlQFUDacb/heQRRWOTIZ42t1rMHnQu4jYxU1ajdTeJM+9eEETlqToMA==}
+    engines: {node: '>=8.0.0'}
+    hasBin: true
+
+  environment@1.1.0:
+    resolution: {integrity: sha512-xUtoPkMggbz0MPyPiIWr1Kp4aeWJjDZ6SMvURhimjdZgsRuDplF5/s9hcgGhyXMhs+6vpnuoiZ2kFiu3FMnS8Q==}
+    engines: {node: '>=18'}
+
+  es-abstract@1.23.3:
+    resolution: {integrity: sha512-e+HfNH61Bj1X9/jLc5v1owaLYuHdeHHSQlkhCBiTK8rBvKaULl/beGMxwrMXjpYrv4pz22BlY570vVePA2ho4A==}
+    engines: {node: '>= 0.4'}
+
+  es-define-property@1.0.0:
+    resolution: {integrity: sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==}
+    engines: {node: '>= 0.4'}
+
+  es-define-property@1.0.1:
+    resolution: {integrity: sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==}
+    engines: {node: '>= 0.4'}
+
+  es-errors@1.3.0:
+    resolution: {integrity: sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==}
+    engines: {node: '>= 0.4'}
+
+  es-get-iterator@1.1.3:
+    resolution: {integrity: sha512-sPZmqHBe6JIiTfN5q2pEi//TwxmAFHwj/XEuYjTuse78i8KxaqMTTzxPoFKuzRpDpTJ+0NAbpfenkmH2rePtuw==}
+
+  es-iterator-helpers@1.0.19:
+    resolution: {integrity: sha512-zoMwbCcH5hwUkKJkT8kDIBZSz9I6mVG//+lDCinLCGov4+r7NIy0ld8o03M0cJxl2spVf6ESYVS6/gpIfq1FFw==}
+    engines: {node: '>= 0.4'}
+
+  es-module-lexer@1.7.0:
+    resolution: {integrity: sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==}
+
+  es-object-atoms@1.0.0:
+    resolution: {integrity: sha512-MZ4iQ6JwHOBQjahnjwaC1ZtIBH+2ohjamzAO3oaHcXYup7qxjF2fixyH+Q71voWHeOkI2q/TnJao/KfXYIZWbw==}
+    engines: {node: '>= 0.4'}
+
+  es-object-atoms@1.1.1:
+    resolution: {integrity: sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==}
+    engines: {node: '>= 0.4'}
+
+  es-set-tostringtag@2.0.3:
+    resolution: {integrity: sha512-3T8uNMC3OQTHkFUsFq8r/BwAXLHvU/9O9mE0fBc/MY5iq/8H7ncvO947LmYA6ldWw9Uh8Yhf25zu6n7nML5QWQ==}
+    engines: {node: '>= 0.4'}
+
+  es-set-tostringtag@2.1.0:
+    resolution: {integrity: sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==}
+    engines: {node: '>= 0.4'}
+
+  es-shim-unscopables@1.0.2:
+    resolution: {integrity: sha512-J3yBRXCzDu4ULnQwxyToo/OjdMx6akgVC7K6few0a7F/0wLtmKKN7I73AH5T2836UuXRqN7Qg+IIUw/+YJksRw==}
+
+  es-to-primitive@1.2.1:
+    resolution: {integrity: sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==}
+    engines: {node: '>= 0.4'}
+
+  esbuild@0.25.2:
+    resolution: {integrity: sha512-16854zccKPnC+toMywC+uKNeYSv+/eXkevRAfwRD/G9Cleq66m8XFIrigkbvauLLlCfDL45Q2cWegSg53gGBnQ==}
+    engines: {node: '>=18'}
+    hasBin: true
+
+  escalade@3.2.0:
+    resolution: {integrity: sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==}
+    engines: {node: '>=6'}
+
+  escape-string-regexp@1.0.5:
+    resolution: {integrity: sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==}
+    engines: {node: '>=0.8.0'}
+
+  escape-string-regexp@4.0.0:
+    resolution: {integrity: sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==}
+    engines: {node: '>=10'}
+
+  eslint-config-next@14.2.18:
+    resolution: {integrity: sha512-SuDRcpJY5VHBkhz5DijJ4iA4bVnBA0n48Rb+YSJSCDr+h7kKAcb1mZHusLbW+WA8LDB6edSolomXA55eG3eOVA==}
+    peerDependencies:
+      eslint: ^7.23.0 || ^8.0.0
+      typescript: '>=3.3.1'
+    peerDependenciesMeta:
+      typescript:
+        optional: true
+
+  eslint-config-prettier@9.1.0:
+    resolution: {integrity: sha512-NSWl5BFQWEPi1j4TjVNItzYV7dZXZ+wP6I6ZhrBGpChQhZRUaElihE9uRRkcbRnNb76UMKDF3r+WTmNcGPKsqw==}
+    hasBin: true
+    peerDependencies:
+      eslint: '>=7.0.0'
+
+  eslint-config-turbo@2.1.0:
+    resolution: {integrity: sha512-3SeE2OCWnkA/84adGJXABm++966LNGxRdXtXKBcplJdIe4PmERkov1z6Kzp2PrPKT13wGu/bwoLV5h1rm7v9ug==}
+    peerDependencies:
+      eslint: '>6.6.0'
+
+  eslint-import-resolver-node@0.3.9:
+    resolution: {integrity: sha512-WFj2isz22JahUv+B788TlO3N6zL3nNJGU8CcZbPZvVEkBPaJdCV4vy5wyghty5ROFbCRnm132v8BScu5/1BQ8g==}
+
+  eslint-import-resolver-typescript@3.6.3:
+    resolution: {integrity: sha512-ud9aw4szY9cCT1EWWdGv1L1XR6hh2PaRWif0j2QjQ0pgTY/69iw+W0Z4qZv5wHahOl8isEr+k/JnyAqNQkLkIA==}
+    engines: {node: ^14.18.0 || >=16.0.0}
+    peerDependencies:
+      eslint: '*'
+      eslint-plugin-import: '*'
+      eslint-plugin-import-x: '*'
+    peerDependenciesMeta:
+      eslint-plugin-import:
+        optional: true
+      eslint-plugin-import-x:
+        optional: true
+
+  eslint-module-utils@2.8.2:
+    resolution: {integrity: sha512-3XnC5fDyc8M4J2E8pt8pmSVRX2M+5yWMCfI/kDZwauQeFgzQOuhcRBFKjTeJagqgk4sFKxe1mvNVnaWwImx/Tg==}
+    engines: {node: '>=4'}
+    peerDependencies:
+      '@typescript-eslint/parser': '*'
+      eslint: '*'
+      eslint-import-resolver-node: '*'
+      eslint-import-resolver-typescript: '*'
+      eslint-import-resolver-webpack: '*'
+    peerDependenciesMeta:
+      '@typescript-eslint/parser':
+        optional: true
+      eslint:
+        optional: true
+      eslint-import-resolver-node:
+        optional: true
+      eslint-import-resolver-typescript:
+        optional: true
+      eslint-import-resolver-webpack:
+        optional: true
+
+  eslint-plugin-import@2.29.1:
+    resolution: {integrity: sha512-BbPC0cuExzhiMo4Ff1BTVwHpjjv28C5R+btTOGaCRC7UEz801up0JadwkeSk5Ued6TG34uaczuVuH6qyy5YUxw==}
+    engines: {node: '>=4'}
+    peerDependencies:
+      '@typescript-eslint/parser': '*'
+      eslint: ^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8
+    peerDependenciesMeta:
+      '@typescript-eslint/parser':
+        optional: true
+
+  eslint-plugin-jsx-a11y@6.9.0:
+    resolution: {integrity: sha512-nOFOCaJG2pYqORjK19lqPqxMO/JpvdCZdPtNdxY3kvom3jTvkAbOvQvD8wuD0G8BYR0IGAGYDlzqWJOh/ybn2g==}
+    engines: {node: '>=4.0'}
+    peerDependencies:
+      eslint: ^3 || ^4 || ^5 || ^6 || ^7 || ^8
+
+  eslint-plugin-react-hooks@4.6.2:
+    resolution: {integrity: sha512-QzliNJq4GinDBcD8gPB5v0wh6g8q3SUi6EFF0x8N/BL9PoVs0atuGc47ozMRyOWAKdwaZ5OnbOEa3WR+dSGKuQ==}
+    engines: {node: '>=10'}
+    peerDependencies:
+      eslint: ^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0
+
+  eslint-plugin-react@7.35.0:
+    resolution: {integrity: sha512-v501SSMOWv8gerHkk+IIQBkcGRGrO2nfybfj5pLxuJNFTPxxA3PSryhXTK+9pNbtkggheDdsC0E9Q8CuPk6JKA==}
+    engines: {node: '>=4'}
+    peerDependencies:
+      eslint: ^3 || ^4 || ^5 || ^6 || ^7 || ^8 || ^9.7
+
+  eslint-plugin-turbo@2.1.0:
+    resolution: {integrity: sha512-+CWVY29y7Qa+gvrKSzP+TOYrHAlNLCh/97K5VtDdnpH54h/JFmnd3U0aSG6WANe0HgAK8NHQfeWFDdRzfDqbKA==}
+    peerDependencies:
+      eslint: '>6.6.0'
+
+  eslint-scope@5.1.1:
+    resolution: {integrity: sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==}
+    engines: {node: '>=8.0.0'}
+
+  eslint-scope@7.2.2:
+    resolution: {integrity: sha512-dOt21O7lTMhDM+X9mB4GX+DZrZtCUJPL/wlcTqxyrx5IvO0IYtILdtrQGQp+8n5S0gwSVmOf9NQrjMOgfQZlIg==}
+    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+
+  eslint-visitor-keys@2.1.0:
+    resolution: {integrity: sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==}
+    engines: {node: '>=10'}
+
+  eslint-visitor-keys@3.4.3:
+    resolution: {integrity: sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==}
+    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+
+  eslint-visitor-keys@4.2.0:
+    resolution: {integrity: sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  eslint@8.57.1:
+    resolution: {integrity: sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==}
+    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+    deprecated: This version is no longer supported. Please see https://eslint.org/version-support for other options.
+    hasBin: true
+
+  espree@9.6.1:
+    resolution: {integrity: sha512-oruZaFkjorTpF32kDSI5/75ViwGeZginGGy2NoOSg3Q9bnwlnmDm4HLnkl0RE3n+njDXR037aY1+x58Z/zFdwQ==}
+    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+
+  esprima@4.0.1:
+    resolution: {integrity: sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==}
+    engines: {node: '>=4'}
+    hasBin: true
+
+  esquery@1.6.0:
+    resolution: {integrity: sha512-ca9pw9fomFcKPvFLXhBKUK90ZvGibiGOvRJNbjljY7s7uq/5YO4BOzcYtJqExdx99rF6aAcnRxHmcUHcz6sQsg==}
+    engines: {node: '>=0.10'}
+
+  esrecurse@4.3.0:
+    resolution: {integrity: sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==}
+    engines: {node: '>=4.0'}
+
+  estraverse@4.3.0:
+    resolution: {integrity: sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==}
+    engines: {node: '>=4.0'}
+
+  estraverse@5.3.0:
+    resolution: {integrity: sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==}
+    engines: {node: '>=4.0'}
+
+  estree-walker@3.0.3:
+    resolution: {integrity: sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==}
+
+  esutils@2.0.3:
+    resolution: {integrity: sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==}
+    engines: {node: '>=0.10.0'}
+
+  event-stream@3.3.4:
+    resolution: {integrity: sha512-QHpkERcGsR0T7Qm3HNJSyXKEEj8AHNxkY3PK8TS2KJvQ7NiSHe3DDpwVKKtoYprL/AreyzFBeIkBIWChAqn60g==}
+
+  eventemitter2@6.4.7:
+    resolution: {integrity: sha512-tYUSVOGeQPKt/eC1ABfhHy5Xd96N3oIijJvN3O9+TsC28T5V9yX9oEfEK5faP0EFSNVOG97qtAS68GBrQB2hDg==}
+
+  eventemitter3@5.0.1:
+    resolution: {integrity: sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA==}
+
+  execa@4.1.0:
+    resolution: {integrity: sha512-j5W0//W7f8UxAn8hXVnwG8tLwdiUy4FJLcSupCg6maBYZDpyBvTApK7KyuI4bKj8KOh1r2YH+6ucuYtJv1bTZA==}
+    engines: {node: '>=10'}
+
+  execa@5.1.1:
+    resolution: {integrity: sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==}
+    engines: {node: '>=10'}
+
+  execa@8.0.1:
+    resolution: {integrity: sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==}
+    engines: {node: '>=16.17'}
+
+  executable@4.1.1:
+    resolution: {integrity: sha512-8iA79xD3uAch729dUG8xaaBBFGaEa0wdD2VkYLFHwlqosEj/jT66AzcreRDSgV7ehnNLBW2WR5jIXwGKjVdTLg==}
+    engines: {node: '>=4'}
+
+  expect-type@1.2.1:
+    resolution: {integrity: sha512-/kP8CAwxzLVEeFrMm4kMmy4CCDlpipyA7MYLVrdJIkV0fYF0UaigQHRsxHiuY/GEea+bh4KSv3TIlgr+2UL6bw==}
+    engines: {node: '>=12.0.0'}
+
+  extend@3.0.2:
+    resolution: {integrity: sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==}
+
+  extendable-error@0.1.7:
+    resolution: {integrity: sha512-UOiS2in6/Q0FK0R0q6UY9vYpQ21mr/Qn1KOnte7vsACuNJf514WvCCUHSRCPcgjPT2bAhNIJdlE6bVap1GKmeg==}
+
+  external-editor@3.1.0:
+    resolution: {integrity: sha512-hMQ4CX1p1izmuLYyZqLMO/qGNw10wSv9QDCPfzXfyFrOaCSSoRfqE1Kf1s5an66J5JZC62NewG+mK49jOCtQew==}
+    engines: {node: '>=4'}
+
+  extract-zip@2.0.1:
+    resolution: {integrity: sha512-GDhU9ntwuKyGXdZBUgTIe+vXnWj0fppUEtMDL0+idd5Sta8TGpHssn/eusA9mrPr9qNDym6SxAYZjNvCn/9RBg==}
+    engines: {node: '>= 10.17.0'}
+    hasBin: true
+
+  extsprintf@1.3.0:
+    resolution: {integrity: sha512-11Ndz7Nv+mvAC1j0ktTa7fAb0vLyGGX+rMHNBYQviQDGU0Hw7lhctJANqbPhu9nV9/izT/IntTgZ7Im/9LJs9g==}
+    engines: {'0': node >=0.6.0}
+
+  fast-deep-equal@3.1.3:
+    resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==}
+
+  fast-glob@3.3.2:
+    resolution: {integrity: sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==}
+    engines: {node: '>=8.6.0'}
+
+  fast-glob@3.3.3:
+    resolution: {integrity: sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==}
+    engines: {node: '>=8.6.0'}
+
+  fast-json-stable-stringify@2.1.0:
+    resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==}
+
+  fast-levenshtein@2.0.6:
+    resolution: {integrity: sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==}
+
+  fastq@1.17.1:
+    resolution: {integrity: sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==}
+
+  fd-slicer@1.1.0:
+    resolution: {integrity: sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g==}
+
+  fdir@6.4.4:
+    resolution: {integrity: sha512-1NZP+GK4GfuAv3PqKvxQRDMjdSRZjnkq7KfhlNrCNNlZ0ygQFpebfrnfnq/W7fpUnAv9aGWmY1zKx7FYL3gwhg==}
+    peerDependencies:
+      picomatch: ^3 || ^4
+    peerDependenciesMeta:
+      picomatch:
+        optional: true
+
+  fetch-blob@3.2.0:
+    resolution: {integrity: sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ==}
+    engines: {node: ^12.20 || >= 14.13}
+
+  fflate@0.8.2:
+    resolution: {integrity: sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==}
+
+  figures@3.2.0:
+    resolution: {integrity: sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg==}
+    engines: {node: '>=8'}
+
+  file-entry-cache@6.0.1:
+    resolution: {integrity: sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==}
+    engines: {node: ^10.12.0 || >=12.0.0}
+
+  fill-range@7.1.1:
+    resolution: {integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==}
+    engines: {node: '>=8'}
+
+  find-up@4.1.0:
+    resolution: {integrity: sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==}
+    engines: {node: '>=8'}
+
+  find-up@5.0.0:
+    resolution: {integrity: sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==}
+    engines: {node: '>=10'}
+
+  flat-cache@3.2.0:
+    resolution: {integrity: sha512-CYcENa+FtcUKLmhhqyctpclsq7QF38pKjZHsGNiSQF5r4FtoKDWabFDl3hzaEQMvT1LHEysw5twgLvpYYb4vbw==}
+    engines: {node: ^10.12.0 || >=12.0.0}
+
+  flatted@3.3.1:
+    resolution: {integrity: sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==}
+
+  follow-redirects@1.15.9:
+    resolution: {integrity: sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==}
+    engines: {node: '>=4.0'}
+    peerDependencies:
+      debug: '*'
+    peerDependenciesMeta:
+      debug:
+        optional: true
+
+  for-each@0.3.3:
+    resolution: {integrity: sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==}
+
+  foreground-child@3.3.0:
+    resolution: {integrity: sha512-Ld2g8rrAyMYFXBhEqMz8ZAHBi4J4uS1i/CxGMDnjyFWddMXLVcDp051DZfu+t7+ab7Wv6SMqpWmyFIj5UbfFvg==}
+    engines: {node: '>=14'}
+
+  foreground-child@3.3.1:
+    resolution: {integrity: sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==}
+    engines: {node: '>=14'}
+
+  forever-agent@0.6.1:
+    resolution: {integrity: sha512-j0KLYPhm6zeac4lz3oJ3o65qvgQCcPubiyotZrXqEaG4hNagNYO8qdlUrX5vwqv9ohqeT/Z3j6+yW067yWWdUw==}
+
+  form-data@4.0.2:
+    resolution: {integrity: sha512-hGfm/slu0ZabnNt4oaRZ6uREyfCj6P4fT/n6A1rGV+Z0VdGXjfOhVUpkn6qVQONHGIFwmveGXyDs75+nr6FM8w==}
+    engines: {node: '>= 6'}
+
+  formdata-polyfill@4.0.10:
+    resolution: {integrity: sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g==}
+    engines: {node: '>=12.20.0'}
+
+  fraction.js@4.3.7:
+    resolution: {integrity: sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==}
+
+  from@0.1.7:
+    resolution: {integrity: sha512-twe20eF1OxVxp/ML/kq2p1uc6KvFK/+vs8WjEbeKmV2He22MKm7YF2ANIt+EOqhJ5L3K/SuuPhk0hWQDjOM23g==}
+
+  fs-extra@7.0.1:
+    resolution: {integrity: sha512-YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw==}
+    engines: {node: '>=6 <7 || >=8'}
+
+  fs-extra@8.1.0:
+    resolution: {integrity: sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==}
+    engines: {node: '>=6 <7 || >=8'}
+
+  fs-extra@9.1.0:
+    resolution: {integrity: sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==}
+    engines: {node: '>=10'}
+
+  fs-minipass@2.1.0:
+    resolution: {integrity: sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==}
+    engines: {node: '>= 8'}
+
+  fs.realpath@1.0.0:
+    resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==}
+
+  fsevents@2.3.2:
+    resolution: {integrity: sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==}
+    engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
+    os: [darwin]
+
+  fsevents@2.3.3:
+    resolution: {integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==}
+    engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
+    os: [darwin]
+
+  function-bind@1.1.2:
+    resolution: {integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==}
+
+  function.prototype.name@1.1.6:
+    resolution: {integrity: sha512-Z5kx79swU5P27WEayXM1tBi5Ze/lbIyiNgU3qyXUOf9b2rgXYyF9Dy9Cx+IQv/Lc8WCG6L82zwUPpSS9hGehIg==}
+    engines: {node: '>= 0.4'}
+
+  functions-have-names@1.2.3:
+    resolution: {integrity: sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==}
+
+  gauge@3.0.2:
+    resolution: {integrity: sha512-+5J6MS/5XksCuXq++uFRsnUd7Ovu1XenbeuIuNRJxYWjgQbPuFhT14lAvsWfqfAmnwluf1OwMjz39HjfLPci0Q==}
+    engines: {node: '>=10'}
+    deprecated: This package is no longer supported.
+
+  gaxios@7.1.0:
+    resolution: {integrity: sha512-y1Q0MX1Ba6eg67Zz92kW0MHHhdtWksYckQy1KJsI6P4UlDQ8cvdvpLEPslD/k7vFkdPppMESFGTvk7XpSiKj8g==}
+    engines: {node: '>=18'}
+
+  gensync@1.0.0-beta.2:
+    resolution: {integrity: sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==}
+    engines: {node: '>=6.9.0'}
+
+  get-caller-file@2.0.5:
+    resolution: {integrity: sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==}
+    engines: {node: 6.* || 8.* || >= 10.*}
+
+  get-east-asian-width@1.3.0:
+    resolution: {integrity: sha512-vpeMIQKxczTD/0s2CdEWHcb0eeJe6TFjxb+J5xgX7hScxqrGuyjmv4c1D4A/gelKfyox0gJJwIHF+fLjeaM8kQ==}
+    engines: {node: '>=18'}
+
+  get-intrinsic@1.2.4:
+    resolution: {integrity: sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==}
+    engines: {node: '>= 0.4'}
+
+  get-intrinsic@1.3.0:
+    resolution: {integrity: sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==}
+    engines: {node: '>= 0.4'}
+
+  get-proto@1.0.1:
+    resolution: {integrity: sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==}
+    engines: {node: '>= 0.4'}
+
+  get-stream@5.2.0:
+    resolution: {integrity: sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==}
+    engines: {node: '>=8'}
+
+  get-stream@6.0.1:
+    resolution: {integrity: sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==}
+    engines: {node: '>=10'}
+
+  get-stream@8.0.1:
+    resolution: {integrity: sha512-VaUJspBffn/LMCJVoMvSAdmscJyS1auj5Zulnn5UoYcY531UWmdwhRWkcGKnGU93m5HSXP9LP2usOryrBtQowA==}
+    engines: {node: '>=16'}
+
+  get-symbol-description@1.0.2:
+    resolution: {integrity: sha512-g0QYk1dZBxGwk+Ngc+ltRH2IBp2f7zBkBMBJZCDerh6EhlhSR6+9irMCuT/09zD6qkarHUSn529sK/yL4S27mg==}
+    engines: {node: '>= 0.4'}
+
+  get-tsconfig@4.8.0:
+    resolution: {integrity: sha512-Pgba6TExTZ0FJAn1qkJAjIeKoDJ3CsI2ChuLohJnZl/tTU8MVrq3b+2t5UOPfRa4RMsorClBjJALkJUMjG1PAw==}
+
+  getos@3.2.1:
+    resolution: {integrity: sha512-U56CfOK17OKgTVqozZjUKNdkfEv6jk5WISBJ8SHoagjE6L69zOwl3Z+O8myjY9MEW3i2HPWQBt/LTbCgcC973Q==}
+
+  getpass@0.1.7:
+    resolution: {integrity: sha512-0fzj9JxOLfJ+XGLhR8ze3unN0KZCgZwiSSDz168VERjK8Wl8kVSdcu2kspd4s4wtAa1y/qrVRiAA0WclVsu0ng==}
+
+  glob-parent@5.1.2:
+    resolution: {integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==}
+    engines: {node: '>= 6'}
+
+  glob-parent@6.0.2:
+    resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==}
+    engines: {node: '>=10.13.0'}
+
+  glob@10.3.10:
+    resolution: {integrity: sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g==}
+    engines: {node: '>=16 || 14 >=14.17'}
+    hasBin: true
+
+  glob@10.4.5:
+    resolution: {integrity: sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==}
+    hasBin: true
+
+  glob@7.2.3:
+    resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==}
+    deprecated: Glob versions prior to v9 are no longer supported
+
+  global-dirs@3.0.1:
+    resolution: {integrity: sha512-NBcGGFbBA9s1VzD41QXDG+3++t9Mn5t1FpLdhESY6oKY4gYTFpX4wO3sqGUa0Srjtbfj3szX0RnemmrVRUdULA==}
+    engines: {node: '>=10'}
+
+  globals@11.12.0:
+    resolution: {integrity: sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==}
+    engines: {node: '>=4'}
+
+  globals@13.24.0:
+    resolution: {integrity: sha512-AhO5QUcj8llrbG09iWhPU2B204J1xnPeL8kQmVorSsy+Sjj1sk8gIyh6cUocGmH4L0UuhAJy+hJMRA4mgA4mFQ==}
+    engines: {node: '>=8'}
+
+  globalthis@1.0.4:
+    resolution: {integrity: sha512-DpLKbNU4WylpxJykQujfCcwYWiV/Jhm50Goo0wrVILAv5jOr9d+H+UR3PhSCD2rCCEIg0uc+G+muBTwD54JhDQ==}
+    engines: {node: '>= 0.4'}
+
+  globby@11.1.0:
+    resolution: {integrity: sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==}
+    engines: {node: '>=10'}
+
+  globrex@0.1.2:
+    resolution: {integrity: sha512-uHJgbwAMwNFf5mLst7IWLNg14x1CkeqglJb/K3doi4dw6q2IvAAmM/Y81kevy83wP+Sst+nutFTYOGg3d1lsxg==}
+
+  gopd@1.0.1:
+    resolution: {integrity: sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==}
+
+  gopd@1.2.0:
+    resolution: {integrity: sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==}
+    engines: {node: '>= 0.4'}
+
+  graceful-fs@4.2.11:
+    resolution: {integrity: sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==}
+
+  graphemer@1.4.0:
+    resolution: {integrity: sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==}
+
+  grpc-tools@1.13.0:
+    resolution: {integrity: sha512-7CbkJ1yWPfX0nHjbYG58BQThNhbICXBZynzCUxCb3LzX5X9B3hQbRY2STiRgIEiLILlK9fgl0z0QVGwPCdXf5g==}
+    hasBin: true
+
+  has-bigints@1.0.2:
+    resolution: {integrity: sha512-tSvCKtBr9lkF0Ex0aQiP9N+OpV4zi2r/Nee5VkRDbaqv35RLYMzbwQfFSZZH0kR+Rd6302UJZ2p/bJCEoR3VoQ==}
+
+  has-flag@3.0.0:
+    resolution: {integrity: sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==}
+    engines: {node: '>=4'}
+
+  has-flag@4.0.0:
+    resolution: {integrity: sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==}
+    engines: {node: '>=8'}
+
+  has-property-descriptors@1.0.2:
+    resolution: {integrity: sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==}
+
+  has-proto@1.0.3:
+    resolution: {integrity: sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==}
+    engines: {node: '>= 0.4'}
+
+  has-symbols@1.0.3:
+    resolution: {integrity: sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==}
+    engines: {node: '>= 0.4'}
+
+  has-symbols@1.1.0:
+    resolution: {integrity: sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==}
+    engines: {node: '>= 0.4'}
+
+  has-tostringtag@1.0.2:
+    resolution: {integrity: sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==}
+    engines: {node: '>= 0.4'}
+
+  has-unicode@2.0.1:
+    resolution: {integrity: sha512-8Rf9Y83NBReMnx0gFzA8JImQACstCYWUplepDa9xprwwtmgEZUF0h/i5xSA625zB/I37EtrswSST6OXxwaaIJQ==}
+
+  hasown@2.0.2:
+    resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==}
+    engines: {node: '>= 0.4'}
+
+  html-encoding-sniffer@4.0.0:
+    resolution: {integrity: sha512-Y22oTqIU4uuPgEemfz7NDJz6OeKf12Lsu+QC+s3BVpda64lTiMYCyGwg5ki4vFxkMwQdeZDl2adZoqUgdFuTgQ==}
+    engines: {node: '>=18'}
+
+  http-proxy-agent@7.0.2:
+    resolution: {integrity: sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==}
+    engines: {node: '>= 14'}
+
+  http-signature@1.4.0:
+    resolution: {integrity: sha512-G5akfn7eKbpDN+8nPS/cb57YeA1jLTVxjpCj7tmm3QKPdyDy7T+qSC40e9ptydSWvkwjSXw1VbkpyEm39ukeAg==}
+    engines: {node: '>=0.10'}
+
+  https-proxy-agent@5.0.1:
+    resolution: {integrity: sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==}
+    engines: {node: '>= 6'}
+
+  https-proxy-agent@7.0.6:
+    resolution: {integrity: sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==}
+    engines: {node: '>= 14'}
+
+  human-id@4.1.1:
+    resolution: {integrity: sha512-3gKm/gCSUipeLsRYZbbdA1BD83lBoWUkZ7G9VFrhWPAU76KwYo5KR8V28bpoPm/ygy0x5/GCbpRQdY7VLYCoIg==}
+    hasBin: true
+
+  human-signals@1.1.1:
+    resolution: {integrity: sha512-SEQu7vl8KjNL2eoGBLF3+wAjpsNfA9XMlXAYj/3EdaNfAlxKthD1xjEQfGOUhllCGGJVNY34bRr6lPINhNjyZw==}
+    engines: {node: '>=8.12.0'}
+
+  human-signals@2.1.0:
+    resolution: {integrity: sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==}
+    engines: {node: '>=10.17.0'}
+
+  human-signals@5.0.0:
+    resolution: {integrity: sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ==}
+    engines: {node: '>=16.17.0'}
+
+  iconv-lite@0.4.24:
+    resolution: {integrity: sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==}
+    engines: {node: '>=0.10.0'}
+
+  iconv-lite@0.6.3:
+    resolution: {integrity: sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==}
+    engines: {node: '>=0.10.0'}
+
+  ieee754@1.2.1:
+    resolution: {integrity: sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==}
+
+  ignore-by-default@1.0.1:
+    resolution: {integrity: sha512-Ius2VYcGNk7T90CppJqcIkS5ooHUZyIQK+ClZfMfMNFEF9VSE73Fq+906u/CWu92x4gzZMWOwfFYckPObzdEbA==}
+
+  ignore@5.3.2:
+    resolution: {integrity: sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==}
+    engines: {node: '>= 4'}
+
+  immutable@5.1.1:
+    resolution: {integrity: sha512-3jatXi9ObIsPGr3N5hGw/vWWcTkq6hUYhpQz4k0wLC+owqWi/LiugIw9x0EdNZ2yGedKN/HzePiBvaJRXa0Ujg==}
+
+  import-fresh@3.3.0:
+    resolution: {integrity: sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==}
+    engines: {node: '>=6'}
+
+  imurmurhash@0.1.4:
+    resolution: {integrity: sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==}
+    engines: {node: '>=0.8.19'}
+
+  indent-string@4.0.0:
+    resolution: {integrity: sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==}
+    engines: {node: '>=8'}
+
+  inflight@1.0.6:
+    resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==}
+    deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
+
+  inherits@2.0.4:
+    resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==}
+
+  ini@2.0.0:
+    resolution: {integrity: sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==}
+    engines: {node: '>=10'}
+
+  internal-slot@1.0.7:
+    resolution: {integrity: sha512-NGnrKwXzSms2qUUih/ILZ5JBqNTSa1+ZmP6flaIp6KmSElgE9qdndzS3cqjrDovwFdmwsGsLdeFgB6suw+1e9g==}
+    engines: {node: '>= 0.4'}
+
+  intl-messageformat@10.7.7:
+    resolution: {integrity: sha512-F134jIoeYMro/3I0h08D0Yt4N9o9pjddU/4IIxMMURqbAtI2wu70X8hvG1V48W49zXHXv3RKSF/po+0fDfsGjA==}
+
+  is-arguments@1.1.1:
+    resolution: {integrity: sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA==}
+    engines: {node: '>= 0.4'}
+
+  is-array-buffer@3.0.4:
+    resolution: {integrity: sha512-wcjaerHw0ydZwfhiKbXJWLDY8A7yV7KhjQOpb83hGgGfId/aQa4TOvwyzn2PuswW2gPCYEL/nEAiSVpdOj1lXw==}
+    engines: {node: '>= 0.4'}
+
+  is-arrayish@0.3.2:
+    resolution: {integrity: sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ==}
+
+  is-async-function@2.0.0:
+    resolution: {integrity: sha512-Y1JXKrfykRJGdlDwdKlLpLyMIiWqWvuSd17TvZk68PLAOGOoF4Xyav1z0Xhoi+gCYjZVeC5SI+hYFOfvXmGRCA==}
+    engines: {node: '>= 0.4'}
+
+  is-bigint@1.0.4:
+    resolution: {integrity: sha512-zB9CruMamjym81i2JZ3UMn54PKGsQzsJeo6xvN3HJJ4CAsQNB6iRutp2To77OfCNuoxspsIhzaPoO1zyCEhFOg==}
+
+  is-binary-path@2.1.0:
+    resolution: {integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==}
+    engines: {node: '>=8'}
+
+  is-boolean-object@1.1.2:
+    resolution: {integrity: sha512-gDYaKHJmnj4aWxyj6YHyXVpdQawtVLHU5cb+eztPGczf6cjuTdwve5ZIEfgXqH4e57An1D1AKf8CZ3kYrQRqYA==}
+    engines: {node: '>= 0.4'}
+
+  is-bun-module@1.1.0:
+    resolution: {integrity: sha512-4mTAVPlrXpaN3jtF0lsnPCMGnq4+qZjVIKq0HCpfcqf8OC1SM5oATCIAPM5V5FN05qp2NNnFndphmdZS9CV3hA==}
+
+  is-callable@1.2.7:
+    resolution: {integrity: sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==}
+    engines: {node: '>= 0.4'}
+
+  is-core-module@2.15.1:
+    resolution: {integrity: sha512-z0vtXSwucUJtANQWldhbtbt7BnL0vxiFjIdDLAatwhDYty2bad6s+rijD6Ri4YuYJubLzIJLUidCh09e1djEVQ==}
+    engines: {node: '>= 0.4'}
+
+  is-data-view@1.0.1:
+    resolution: {integrity: sha512-AHkaJrsUVW6wq6JS8y3JnM/GJF/9cf+k20+iDzlSaJrinEo5+7vRiteOSwBhHRiAyQATN1AmY4hwzxJKPmYf+w==}
+    engines: {node: '>= 0.4'}
+
+  is-date-object@1.0.5:
+    resolution: {integrity: sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ==}
+    engines: {node: '>= 0.4'}
+
+  is-extglob@2.1.1:
+    resolution: {integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==}
+    engines: {node: '>=0.10.0'}
+
+  is-finalizationregistry@1.0.2:
+    resolution: {integrity: sha512-0by5vtUJs8iFQb5TYUHHPudOR+qXYIMKtiUzvLIZITZUjknFmziyBJuLhVRc+Ds0dREFlskDNJKYIdIzu/9pfw==}
+
+  is-fullwidth-code-point@3.0.0:
+    resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==}
+    engines: {node: '>=8'}
+
+  is-fullwidth-code-point@4.0.0:
+    resolution: {integrity: sha512-O4L094N2/dZ7xqVdrXhh9r1KODPJpFms8B5sGdJLPy664AgvXsreZUyCQQNItZRDlYug4xStLjNp/sz3HvBowQ==}
+    engines: {node: '>=12'}
+
+  is-fullwidth-code-point@5.0.0:
+    resolution: {integrity: sha512-OVa3u9kkBbw7b8Xw5F9P+D/T9X+Z4+JruYVNapTjPYZYUznQ5YfWeFkOj606XYYW8yugTfC8Pj0hYqvi4ryAhA==}
+    engines: {node: '>=18'}
+
+  is-generator-function@1.0.10:
+    resolution: {integrity: sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A==}
+    engines: {node: '>= 0.4'}
+
+  is-glob@4.0.3:
+    resolution: {integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==}
+    engines: {node: '>=0.10.0'}
+
+  is-installed-globally@0.4.0:
+    resolution: {integrity: sha512-iwGqO3J21aaSkC7jWnHP/difazwS7SFeIqxv6wEtLU8Y5KlzFTjyqcSIT0d8s4+dDhKytsk9PJZ2BkS5eZwQRQ==}
+    engines: {node: '>=10'}
+
+  is-map@2.0.3:
+    resolution: {integrity: sha512-1Qed0/Hr2m+YqxnM09CjA2d/i6YZNfF6R2oRAOj36eUdS6qIV/huPJNSEpKbupewFs+ZsJlxsjjPbc0/afW6Lw==}
+    engines: {node: '>= 0.4'}
+
+  is-negative-zero@2.0.3:
+    resolution: {integrity: sha512-5KoIu2Ngpyek75jXodFvnafB6DJgr3u8uuK0LEZJjrU19DrMD3EVERaR8sjz8CCGgpZvxPl9SuE1GMVPFHx1mw==}
+    engines: {node: '>= 0.4'}
+
+  is-number-object@1.0.7:
+    resolution: {integrity: sha512-k1U0IRzLMo7ZlYIfzRu23Oh6MiIFasgpb9X76eqfFZAqwH44UI4KTBvBYIZ1dSL9ZzChTB9ShHfLkR4pdW5krQ==}
+    engines: {node: '>= 0.4'}
+
+  is-number@7.0.0:
+    resolution: {integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==}
+    engines: {node: '>=0.12.0'}
+
+  is-path-inside@3.0.3:
+    resolution: {integrity: sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==}
+    engines: {node: '>=8'}
+
+  is-potential-custom-element-name@1.0.1:
+    resolution: {integrity: sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==}
+
+  is-regex@1.1.4:
+    resolution: {integrity: sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg==}
+    engines: {node: '>= 0.4'}
+
+  is-set@2.0.3:
+    resolution: {integrity: sha512-iPAjerrse27/ygGLxw+EBR9agv9Y6uLeYVJMu+QNCoouJ1/1ri0mGrcWpfCqFZuzzx3WjtwxG098X+n4OuRkPg==}
+    engines: {node: '>= 0.4'}
+
+  is-shared-array-buffer@1.0.3:
+    resolution: {integrity: sha512-nA2hv5XIhLR3uVzDDfCIknerhx8XUKnstuOERPNNIinXG7v9u+ohXF67vxm4TPTEPU6lm61ZkwP3c9PCB97rhg==}
+    engines: {node: '>= 0.4'}
+
+  is-stream@2.0.1:
+    resolution: {integrity: sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==}
+    engines: {node: '>=8'}
+
+  is-stream@3.0.0:
+    resolution: {integrity: sha512-LnQR4bZ9IADDRSkvpqMGvt/tEJWclzklNgSw48V5EAaAeDd6qGvN8ei6k5p0tvxSR171VmGyHuTiAOfxAbr8kA==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+
+  is-string@1.0.7:
+    resolution: {integrity: sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==}
+    engines: {node: '>= 0.4'}
+
+  is-subdir@1.2.0:
+    resolution: {integrity: sha512-2AT6j+gXe/1ueqbW6fLZJiIw3F8iXGJtt0yDrZaBhAZEG1raiTxKWU+IPqMCzQAXOUCKdA4UDMgacKH25XG2Cw==}
+    engines: {node: '>=4'}
+
+  is-symbol@1.0.4:
+    resolution: {integrity: sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==}
+    engines: {node: '>= 0.4'}
+
+  is-typed-array@1.1.13:
+    resolution: {integrity: sha512-uZ25/bUAlUY5fR4OKT4rZQEBrzQWYV9ZJYGGsUmEJ6thodVJ1HX64ePQ6Z0qPWP+m+Uq6e9UugrE38jeYsDSMw==}
+    engines: {node: '>= 0.4'}
+
+  is-typedarray@1.0.0:
+    resolution: {integrity: sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA==}
+
+  is-unicode-supported@0.1.0:
+    resolution: {integrity: sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==}
+    engines: {node: '>=10'}
+
+  is-weakmap@2.0.2:
+    resolution: {integrity: sha512-K5pXYOm9wqY1RgjpL3YTkF39tni1XajUIkawTLUo9EZEVUFga5gSQJF8nNS7ZwJQ02y+1YCNYcMh+HIf1ZqE+w==}
+    engines: {node: '>= 0.4'}
+
+  is-weakref@1.0.2:
+    resolution: {integrity: sha512-qctsuLZmIQ0+vSSMfoVvyFe2+GSEvnmZ2ezTup1SBse9+twCCeial6EEi3Nc2KFcf6+qz2FBPnjXsk8xhKSaPQ==}
+
+  is-weakset@2.0.3:
+    resolution: {integrity: sha512-LvIm3/KWzS9oRFHugab7d+M/GcBXuXX5xZkzPmN+NxihdQlZUQ4dWuSV1xR/sq6upL1TJEDrfBgRepHFdBtSNQ==}
+    engines: {node: '>= 0.4'}
+
+  is-windows@1.0.2:
+    resolution: {integrity: sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==}
+    engines: {node: '>=0.10.0'}
+
+  isarray@2.0.5:
+    resolution: {integrity: sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==}
+
+  isexe@2.0.0:
+    resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==}
+
+  isstream@0.1.2:
+    resolution: {integrity: sha512-Yljz7ffyPbrLpLngrMtZ7NduUgVvi6wG9RJ9IUcyCd59YQ911PBJphODUcbOVbqYfxe1wuYf/LJ8PauMRwsM/g==}
+
+  iterator.prototype@1.1.2:
+    resolution: {integrity: sha512-DR33HMMr8EzwuRL8Y9D3u2BMj8+RqSE850jfGu59kS7tbmPLzGkZmVSfyCFSDxuZiEY6Rzt3T2NA/qU+NwVj1w==}
+
+  jackspeak@2.3.6:
+    resolution: {integrity: sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ==}
+    engines: {node: '>=14'}
+
+  jackspeak@3.4.3:
+    resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==}
+
+  jiti@1.21.6:
+    resolution: {integrity: sha512-2yTgeWTWzMWkHu6Jp9NKgePDaYHbntiwvYuuJLbbN9vl7DC9DvXKOB2BC3ZZ92D3cvV/aflH0osDfwpHepQ53w==}
+    hasBin: true
+
+  joi@17.13.3:
+    resolution: {integrity: sha512-otDA4ldcIx+ZXsKHWmp0YizCweVRZG96J10b0FevjfuncLO1oX59THoAmHkNubYJ+9gWsYsp5k8v4ib6oDv1fA==}
+
+  jose@5.8.0:
+    resolution: {integrity: sha512-E7CqYpL/t7MMnfGnK/eg416OsFCVUrU/Y3Vwe7QjKhu/BkS1Ms455+2xsqZQVN57/U2MHMBvEb5SrmAZWAIntA==}
+
+  joycon@3.1.1:
+    resolution: {integrity: sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==}
+    engines: {node: '>=10'}
+
+  js-tokens@4.0.0:
+    resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==}
+
+  js-yaml@3.14.1:
+    resolution: {integrity: sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==}
+    hasBin: true
+
+  js-yaml@4.1.0:
+    resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==}
+    hasBin: true
+
+  jsbn@0.1.1:
+    resolution: {integrity: sha512-UVU9dibq2JcFWxQPA6KCqj5O42VOmAY3zQUfEKxU0KpTGXwNoCjkX1e13eHNvw/xPynt6pU0rZ1htjWTNTSXsg==}
+
+  jsdom@26.1.0:
+    resolution: {integrity: sha512-Cvc9WUhxSMEo4McES3P7oK3QaXldCfNWp7pl2NNeiIFlCoLr3kfq9kb1fxftiwk1FLV7CvpvDfonxtzUDeSOPg==}
+    engines: {node: '>=18'}
+    peerDependencies:
+      canvas: ^3.0.0
+    peerDependenciesMeta:
+      canvas:
+        optional: true
+
+  jsesc@3.1.0:
+    resolution: {integrity: sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==}
+    engines: {node: '>=6'}
+    hasBin: true
+
+  json-buffer@3.0.1:
+    resolution: {integrity: sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==}
+
+  json-schema-traverse@0.4.1:
+    resolution: {integrity: sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==}
+
+  json-schema@0.4.0:
+    resolution: {integrity: sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==}
+
+  json-stable-stringify-without-jsonify@1.0.1:
+    resolution: {integrity: sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==}
+
+  json-stringify-safe@5.0.1:
+    resolution: {integrity: sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==}
+
+  json5@1.0.2:
+    resolution: {integrity: sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==}
+    hasBin: true
+
+  json5@2.2.3:
+    resolution: {integrity: sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==}
+    engines: {node: '>=6'}
+    hasBin: true
+
+  jsonfile@4.0.0:
+    resolution: {integrity: sha512-m6F1R3z8jjlf2imQHS2Qez5sjKWQzbuuhuJ/FKYFRZvPE3PuHcSMVZzfsLhGVOkfd20obL5SWEBew5ShlquNxg==}
+
+  jsonfile@6.1.0:
+    resolution: {integrity: sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==}
+
+  jsprim@2.0.2:
+    resolution: {integrity: sha512-gqXddjPqQ6G40VdnI6T6yObEC+pDNvyP95wdQhkWkg7crHH3km5qP1FsOXEkzEQwnz6gz5qGTn1c2Y52wP3OyQ==}
+    engines: {'0': node >=0.6.0}
+
+  jsx-ast-utils@3.3.5:
+    resolution: {integrity: sha512-ZZow9HBI5O6EPgSJLUb8n2NKgmVWTwCvHGwFuJlMjvLFqlGG6pjirPhtdsseaLZjSibD8eegzmYpUZwoIlj2cQ==}
+    engines: {node: '>=4.0'}
+
+  keyv@4.5.4:
+    resolution: {integrity: sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==}
+
+  language-subtag-registry@0.3.23:
+    resolution: {integrity: sha512-0K65Lea881pHotoGEa5gDlMxt3pctLi2RplBb7Ezh4rRdLEOtgi7n4EwK9lamnUCkKBqaeKRVebTq6BAxSkpXQ==}
+
+  language-tags@1.0.9:
+    resolution: {integrity: sha512-MbjN408fEndfiQXbFQ1vnd+1NoLDsnQW41410oQBXiyXDMYH5z505juWa4KUE1LqxRC7DgOgZDbKLxHIwm27hA==}
+    engines: {node: '>=0.10'}
+
+  lazy-ass@1.6.0:
+    resolution: {integrity: sha512-cc8oEVoctTvsFZ/Oje/kGnHbpWHYBe8IAJe4C0QNc3t8uM/0Y8+erSz/7Y1ALuXTEZTMvxXwO6YbX1ey3ujiZw==}
+    engines: {node: '> 0.8'}
+
+  levn@0.4.1:
+    resolution: {integrity: sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==}
+    engines: {node: '>= 0.8.0'}
+
+  lilconfig@2.1.0:
+    resolution: {integrity: sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==}
+    engines: {node: '>=10'}
+
+  lilconfig@3.1.3:
+    resolution: {integrity: sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw==}
+    engines: {node: '>=14'}
+
+  lines-and-columns@1.2.4:
+    resolution: {integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==}
+
+  lint-staged@15.5.1:
+    resolution: {integrity: sha512-6m7u8mue4Xn6wK6gZvSCQwBvMBR36xfY24nF5bMTf2MHDYG6S3yhJuOgdYVw99hsjyDt2d4z168b3naI8+NWtQ==}
+    engines: {node: '>=18.12.0'}
+    hasBin: true
+
+  listr2@3.14.0:
+    resolution: {integrity: sha512-TyWI8G99GX9GjE54cJ+RrNMcIFBfwMPxc3XTFiAYGN4s10hWROGtOg7+O6u6LE3mNkyld7RSLE6nrKBvTfcs3g==}
+    engines: {node: '>=10.0.0'}
+    peerDependencies:
+      enquirer: '>= 2.3.0 < 3'
+    peerDependenciesMeta:
+      enquirer:
+        optional: true
+
+  listr2@8.3.2:
+    resolution: {integrity: sha512-vsBzcU4oE+v0lj4FhVLzr9dBTv4/fHIa57l+GCwovP8MoFNZJTOhGU8PXd4v2VJCbECAaijBiHntiekFMLvo0g==}
+    engines: {node: '>=18.0.0'}
+
+  load-tsconfig@0.2.5:
+    resolution: {integrity: sha512-IXO6OCs9yg8tMKzfPZ1YmheJbZCiEsnBdcB03l0OcfK9prKnJb96siuHCr5Fl37/yo9DnKU+TLpxzTUspw9shg==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+
+  locate-path@5.0.0:
+    resolution: {integrity: sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==}
+    engines: {node: '>=8'}
+
+  locate-path@6.0.0:
+    resolution: {integrity: sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==}
+    engines: {node: '>=10'}
+
+  lodash.camelcase@4.3.0:
+    resolution: {integrity: sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA==}
+
+  lodash.merge@4.6.2:
+    resolution: {integrity: sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==}
+
+  lodash.once@4.1.1:
+    resolution: {integrity: sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==}
+
+  lodash.sortby@4.7.0:
+    resolution: {integrity: sha512-HDWXG8isMntAyRF5vZ7xKuEvOhT4AhlRt/3czTSjvGUxjYCBVRQY48ViDHyfYz9VIoBkW4TMGQNapx+l3RUwdA==}
+
+  lodash.startcase@4.4.0:
+    resolution: {integrity: sha512-+WKqsK294HMSc2jEbNgpHpd0JfIBhp7rEV4aqXWqFr6AlXov+SlcgB1Fv01y2kGe3Gc8nMW7VA0SrGuSkRfIEg==}
+
+  lodash@4.17.21:
+    resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==}
+
+  log-symbols@4.1.0:
+    resolution: {integrity: sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==}
+    engines: {node: '>=10'}
+
+  log-update@4.0.0:
+    resolution: {integrity: sha512-9fkkDevMefjg0mmzWFBW8YkFP91OrizzkW3diF7CpG+S2EYdy4+TVfGwz1zeF8x7hCx1ovSPTOE9Ngib74qqUg==}
+    engines: {node: '>=10'}
+
+  log-update@6.1.0:
+    resolution: {integrity: sha512-9ie8ItPR6tjY5uYJh8K/Zrv/RMZ5VOlOWvtZdEHYSTFKZfIBPQa9tOAEeAWhd+AnIneLJ22w5fjOYtoutpWq5w==}
+    engines: {node: '>=18'}
+
+  long@5.2.3:
+    resolution: {integrity: sha512-lcHwpNoggQTObv5apGNCTdJrO69eHOZMi4BNC+rTLER8iHAqGrUVeLh/irVIM7zTw2bOXA8T6uNPeujwOLg/2Q==}
+
+  loose-envify@1.4.0:
+    resolution: {integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==}
+    hasBin: true
+
+  loupe@3.1.3:
+    resolution: {integrity: sha512-kkIp7XSkP78ZxJEsSxW3712C6teJVoeHHwgo9zJ380de7IYyJ2ISlxojcH2pC5OFLewESmnRi/+XCDIEEVyoug==}
+
+  lru-cache@10.4.3:
+    resolution: {integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==}
+
+  lru-cache@5.1.1:
+    resolution: {integrity: sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==}
+
+  lucide-react@0.469.0:
+    resolution: {integrity: sha512-28vvUnnKQ/dBwiCQtwJw7QauYnE7yd2Cyp4tTTJpvglX4EMpbflcdBgrgToX2j71B3YvugK/NH3BGUk+E/p/Fw==}
+    peerDependencies:
+      react: ^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0
+
+  lz-string@1.5.0:
+    resolution: {integrity: sha512-h5bgJWpxJNswbU7qCrV0tIKQCaS3blPDrqKWx+QxzuzL1zGUzij9XCWLrSLsJPu5t+eWA/ycetzYAO5IOMcWAQ==}
+    hasBin: true
+
+  magic-string@0.30.17:
+    resolution: {integrity: sha512-sNPKHvyjVf7gyjwS4xGTaW/mCnF8wnjtifKBEhxfZ7E/S8tQ0rssrwGNn6q8JH/ohItJfSQp9mBtQYuTlH5QnA==}
+
+  make-dir-cli@4.0.0:
+    resolution: {integrity: sha512-9BBC2CaGH0hUAx+tQthgxqYypwkTs+7oXmPdiWyDpHGo4mGB3kdudUKQGivK59C1aJroo4QLlXF7Chu/kdhYiw==}
+    engines: {node: '>=18'}
+    hasBin: true
+
+  make-dir@3.1.0:
+    resolution: {integrity: sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==}
+    engines: {node: '>=8'}
+
+  make-dir@5.0.0:
+    resolution: {integrity: sha512-G0yBotnlWVonPClw+tq+xi4K7DZC9n96HjGTBDdHkstAVsDkfZhi1sTvZypXLpyQTbISBkDtK0E5XlUqDsShQg==}
+    engines: {node: '>=18'}
+
+  map-stream@0.1.0:
+    resolution: {integrity: sha512-CkYQrPYZfWnu/DAmVCpTSX/xHpKZ80eKh2lAkyA6AJTef6bW+6JpbQZN5rofum7da+SyN1bi5ctTm+lTfcCW3g==}
+
+  math-intrinsics@1.1.0:
+    resolution: {integrity: sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==}
+    engines: {node: '>= 0.4'}
+
+  meow@13.2.0:
+    resolution: {integrity: sha512-pxQJQzB6djGPXh08dacEloMFopsOqGVRKFPYvPOt9XDZ1HasbgDZA74CJGreSU4G3Ak7EFJGoiH2auq+yXISgA==}
+    engines: {node: '>=18'}
+
+  merge-stream@2.0.0:
+    resolution: {integrity: sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==}
+
+  merge2@1.4.1:
+    resolution: {integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==}
+    engines: {node: '>= 8'}
+
+  micromatch@4.0.8:
+    resolution: {integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==}
+    engines: {node: '>=8.6'}
+
+  mime-db@1.52.0:
+    resolution: {integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==}
+    engines: {node: '>= 0.6'}
+
+  mime-types@2.1.35:
+    resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==}
+    engines: {node: '>= 0.6'}
+
+  mimic-fn@2.1.0:
+    resolution: {integrity: sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==}
+    engines: {node: '>=6'}
+
+  mimic-fn@4.0.0:
+    resolution: {integrity: sha512-vqiC06CuhBTUdZH+RYl8sFrL096vA45Ok5ISO6sE/Mr1jRbGH4Csnhi8f3wKVl7x8mO4Au7Ir9D3Oyv1VYMFJw==}
+    engines: {node: '>=12'}
+
+  mimic-function@5.0.1:
+    resolution: {integrity: sha512-VP79XUPxV2CigYP3jWwAUFSku2aKqBH7uTAapFWCBqutsbmDo96KY5o8uh6U+/YSIn5OxJnXp73beVkpqMIGhA==}
+    engines: {node: '>=18'}
+
+  min-indent@1.0.1:
+    resolution: {integrity: sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==}
+    engines: {node: '>=4'}
+
+  mini-svg-data-uri@1.4.4:
+    resolution: {integrity: sha512-r9deDe9p5FJUPZAk3A59wGH7Ii9YrjjWw0jmw/liSbHl2CHiyXj6FcDXDu2K3TjVAXqiJdaw3xxwlZZr9E6nHg==}
+    hasBin: true
+
+  minimatch@3.1.2:
+    resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
+
+  minimatch@9.0.5:
+    resolution: {integrity: sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==}
+    engines: {node: '>=16 || 14 >=14.17'}
+
+  minimist@1.2.8:
+    resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==}
+
+  minipass@3.3.6:
+    resolution: {integrity: sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==}
+    engines: {node: '>=8'}
+
+  minipass@5.0.0:
+    resolution: {integrity: sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==}
+    engines: {node: '>=8'}
+
+  minipass@7.1.2:
+    resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==}
+    engines: {node: '>=16 || 14 >=14.17'}
+
+  minizlib@2.1.2:
+    resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==}
+    engines: {node: '>= 8'}
+
+  mkdirp@1.0.4:
+    resolution: {integrity: sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==}
+    engines: {node: '>=10'}
+    hasBin: true
+
+  moment@2.30.1:
+    resolution: {integrity: sha512-uEmtNhbDOrWPFS+hdjFCBfy9f2YoyzRpwcl+DqpC6taX21FzsTLQVbMV/W7PzNSX6x/bhC1zA3c2UQ5NzH6how==}
+
+  mri@1.2.0:
+    resolution: {integrity: sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA==}
+    engines: {node: '>=4'}
+
+  ms@2.1.3:
+    resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
+
+  mz@2.7.0:
+    resolution: {integrity: sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==}
+
+  nanoid@3.3.11:
+    resolution: {integrity: sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==}
+    engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
+    hasBin: true
+
+  natural-compare@1.4.0:
+    resolution: {integrity: sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==}
+
+  negotiator@1.0.0:
+    resolution: {integrity: sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==}
+    engines: {node: '>= 0.6'}
+
+  next-intl@3.26.5:
+    resolution: {integrity: sha512-EQlCIfY0jOhRldiFxwSXG+ImwkQtDEfQeSOEQp6ieAGSLWGlgjdb/Ck/O7wMfC430ZHGeUKVKax8KGusTPKCgg==}
+    peerDependencies:
+      next: ^10.0.0 || ^11.0.0 || ^12.0.0 || ^13.0.0 || ^14.0.0 || ^15.0.0
+      react: ^16.8.0 || ^17.0.0 || ^18.0.0 || >=19.0.0-rc <19.0.0 || ^19.0.0
+
+  next-themes@0.2.1:
+    resolution: {integrity: sha512-B+AKNfYNIzh0vqQQKqQItTS8evEouKD7H5Hj3kmuPERwddR2TxvDSFZuTj6T7Jfn1oyeUyJMydPl1Bkxkh0W7A==}
+    peerDependencies:
+      next: '*'
+      react: '*'
+      react-dom: '*'
+
+  next@15.4.0-canary.86:
+    resolution: {integrity: sha512-lGeO0sOvPZ7oFIklqRA863YzRL1bW+kT/OqU3N6RBquHldiucZwnZKQceZdn6WcHEFmWIHzZV+SMG1JEK7hZLg==}
+    engines: {node: ^18.18.0 || ^19.8.0 || >= 20.0.0}
+    hasBin: true
+    peerDependencies:
+      '@opentelemetry/api': ^1.1.0
+      '@playwright/test': ^1.51.1
+      babel-plugin-react-compiler: '*'
+      react: ^18.2.0 || 19.0.0-rc-de68d2f4-20241204 || ^19.0.0
+      react-dom: ^18.2.0 || 19.0.0-rc-de68d2f4-20241204 || ^19.0.0
+      sass: ^1.3.0
+    peerDependenciesMeta:
+      '@opentelemetry/api':
+        optional: true
+      '@playwright/test':
+        optional: true
+      babel-plugin-react-compiler:
+        optional: true
+      sass:
+        optional: true
+
+  nice-grpc-common@2.0.2:
+    resolution: {integrity: sha512-7RNWbls5kAL1QVUOXvBsv1uO0wPQK3lHv+cY1gwkTzirnG1Nop4cBJZubpgziNbaVc/bl9QJcyvsf/NQxa3rjQ==}
+
+  nice-grpc@2.0.1:
+    resolution: {integrity: sha512-Q5CGXO08STsv+HAkXeFgRayANT62X1LnIDhNXdCf+LP0XaP7EiHM0Cr3QefnoFjDZAx/Kxq+qiQfY66BrtKcNQ==}
+
+  node-addon-api@7.1.1:
+    resolution: {integrity: sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==}
+
+  node-domexception@1.0.0:
+    resolution: {integrity: sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==}
+    engines: {node: '>=10.5.0'}
+    deprecated: Use your platform's native DOMException instead
+
+  node-fetch@2.7.0:
+    resolution: {integrity: sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==}
+    engines: {node: 4.x || >=6.0.0}
+    peerDependencies:
+      encoding: ^0.1.0
+    peerDependenciesMeta:
+      encoding:
+        optional: true
+
+  node-fetch@3.3.2:
+    resolution: {integrity: sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+
+  node-releases@2.0.19:
+    resolution: {integrity: sha512-xxOWJsBKtzAq7DY0J+DTzuz58K8e7sJbdgwkbMWQe8UYB6ekmsQ45q0M/tJDsGaZmbC+l7n57UV8Hl5tHxO9uw==}
+
+  nodemon@3.1.9:
+    resolution: {integrity: sha512-hdr1oIb2p6ZSxu3PB2JWWYS7ZQ0qvaZsc3hK8DR8f02kRzc8rjYmxAIvdz+aYC+8F2IjNaB7HMcSDg8nQpJxyg==}
+    engines: {node: '>=10'}
+    hasBin: true
+
+  nopt@5.0.0:
+    resolution: {integrity: sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==}
+    engines: {node: '>=6'}
+    hasBin: true
+
+  normalize-path@3.0.0:
+    resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==}
+    engines: {node: '>=0.10.0'}
+
+  normalize-range@0.1.2:
+    resolution: {integrity: sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA==}
+    engines: {node: '>=0.10.0'}
+
+  npm-run-path@4.0.1:
+    resolution: {integrity: sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==}
+    engines: {node: '>=8'}
+
+  npm-run-path@5.3.0:
+    resolution: {integrity: sha512-ppwTtiJZq0O/ai0z7yfudtBpWIoxM8yE6nHi1X47eFR2EWORqfbu6CnPlNsjeN683eT0qG6H/Pyf9fCcvjnnnQ==}
+    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
+
+  npmlog@5.0.1:
+    resolution: {integrity: sha512-AqZtDUWOMKs1G/8lwylVjrdYgqA4d9nu8hc+0gzRxlDb1I10+FHBGMXs6aiQHFdCUUlqH99MUMuLfzWDNDtfxw==}
+    deprecated: This package is no longer supported.
+
+  nwsapi@2.2.20:
+    resolution: {integrity: sha512-/ieB+mDe4MrrKMT8z+mQL8klXydZWGR5Dowt4RAGKbJ3kIGEx3X4ljUo+6V73IXtUPWgfOlU5B9MlGxFO5T+cA==}
+
+  object-assign@4.1.1:
+    resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==}
+    engines: {node: '>=0.10.0'}
+
+  object-hash@3.0.0:
+    resolution: {integrity: sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==}
+    engines: {node: '>= 6'}
+
+  object-inspect@1.13.2:
+    resolution: {integrity: sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g==}
+    engines: {node: '>= 0.4'}
+
+  object-inspect@1.13.4:
+    resolution: {integrity: sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==}
+    engines: {node: '>= 0.4'}
+
+  object-is@1.1.6:
+    resolution: {integrity: sha512-F8cZ+KfGlSGi09lJT7/Nd6KJZ9ygtvYC0/UYYLI9nmQKLMnydpB9yvbv9K1uSkEu7FU9vYPmVwLg328tX+ot3Q==}
+    engines: {node: '>= 0.4'}
+
+  object-keys@1.1.1:
+    resolution: {integrity: sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==}
+    engines: {node: '>= 0.4'}
+
+  object.assign@4.1.5:
+    resolution: {integrity: sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ==}
+    engines: {node: '>= 0.4'}
+
+  object.entries@1.1.8:
+    resolution: {integrity: sha512-cmopxi8VwRIAw/fkijJohSfpef5PdN0pMQJN6VC/ZKvn0LIknWD8KtgY6KlQdEc4tIjcQ3HxSMmnvtzIscdaYQ==}
+    engines: {node: '>= 0.4'}
+
+  object.fromentries@2.0.8:
+    resolution: {integrity: sha512-k6E21FzySsSK5a21KRADBd/NGneRegFO5pLHfdQLpRDETUNJueLXs3WCzyQ3tFRDYgbq3KHGXfTbi2bs8WQ6rQ==}
+    engines: {node: '>= 0.4'}
+
+  object.groupby@1.0.3:
+    resolution: {integrity: sha512-+Lhy3TQTuzXI5hevh8sBGqbmurHbbIjAi0Z4S63nthVLmLxfbj4T54a4CfZrXIrt9iP4mVAPYMo/v99taj3wjQ==}
+    engines: {node: '>= 0.4'}
+
+  object.values@1.2.0:
+    resolution: {integrity: sha512-yBYjY9QX2hnRmZHAjG/f13MzmBzxzYgQhFrke06TTyKY5zSTEqkOeukBzIdVA3j3ulu8Qa3MbVFShV7T2RmGtQ==}
+    engines: {node: '>= 0.4'}
+
+  once@1.4.0:
+    resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==}
+
+  onetime@5.1.2:
+    resolution: {integrity: sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==}
+    engines: {node: '>=6'}
+
+  onetime@6.0.0:
+    resolution: {integrity: sha512-1FlR+gjXK7X+AsAHso35MnyN5KqGwJRi/31ft6x0M194ht7S+rWAvd7PHss9xSKMzE0asv1pyIHaJYq+BbacAQ==}
+    engines: {node: '>=12'}
+
+  onetime@7.0.0:
+    resolution: {integrity: sha512-VXJjc87FScF88uafS3JllDgvAm+c/Slfz06lorj2uAY34rlUu0Nt+v8wreiImcrgAjjIHp1rXpTDlLOGw29WwQ==}
+    engines: {node: '>=18'}
+
+  optionator@0.9.4:
+    resolution: {integrity: sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==}
+    engines: {node: '>= 0.8.0'}
+
+  os-tmpdir@1.0.2:
+    resolution: {integrity: sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g==}
+    engines: {node: '>=0.10.0'}
+
+  ospath@1.2.2:
+    resolution: {integrity: sha512-o6E5qJV5zkAbIDNhGSIlyOhScKXgQrSRMilfph0clDfM0nEnBOlKlH4sWDmG95BW/CvwNz0vmm7dJVtU2KlMiA==}
+
+  outdent@0.5.0:
+    resolution: {integrity: sha512-/jHxFIzoMXdqPzTaCpFzAAWhpkSjZPF4Vsn6jAfNpmbH/ymsmd7Qc6VE9BGn0L6YMj6uwpQLxCECpus4ukKS9Q==}
+
+  p-filter@2.1.0:
+    resolution: {integrity: sha512-ZBxxZ5sL2HghephhpGAQdoskxplTwr7ICaehZwLIlfL6acuVgZPm8yBNuRAFBGEqtD/hmUeq9eqLg2ys9Xr/yw==}
+    engines: {node: '>=8'}
+
+  p-limit@2.3.0:
+    resolution: {integrity: sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==}
+    engines: {node: '>=6'}
+
+  p-limit@3.1.0:
+    resolution: {integrity: sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==}
+    engines: {node: '>=10'}
+
+  p-locate@4.1.0:
+    resolution: {integrity: sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==}
+    engines: {node: '>=8'}
+
+  p-locate@5.0.0:
+    resolution: {integrity: sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==}
+    engines: {node: '>=10'}
+
+  p-map@2.1.0:
+    resolution: {integrity: sha512-y3b8Kpd8OAN444hxfBbFfj1FY/RjtTd8tzYwhUqNYXx0fXx2iX4maP4Qr6qhIKbQXI02wTLAda4fYUbDagTUFw==}
+    engines: {node: '>=6'}
+
+  p-map@4.0.0:
+    resolution: {integrity: sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ==}
+    engines: {node: '>=10'}
+
+  p-try@2.2.0:
+    resolution: {integrity: sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==}
+    engines: {node: '>=6'}
+
+  package-json-from-dist@1.0.1:
+    resolution: {integrity: sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==}
+
+  package-manager-detector@0.2.11:
+    resolution: {integrity: sha512-BEnLolu+yuz22S56CU1SUKq3XC3PkwD5wv4ikR4MfGvnRVcmzXR9DwSlW2fEamyTPyXHomBJRzgapeuBvRNzJQ==}
+
+  parent-module@1.0.1:
+    resolution: {integrity: sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==}
+    engines: {node: '>=6'}
+
+  parse5@7.3.0:
+    resolution: {integrity: sha512-IInvU7fabl34qmi9gY8XOVxhYyMyuH2xUNpb2q8/Y+7552KlejkRvqvD19nMoUW/uQGGbqNpA6Tufu5FL5BZgw==}
+
+  path-exists@4.0.0:
+    resolution: {integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==}
+    engines: {node: '>=8'}
+
+  path-is-absolute@1.0.1:
+    resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==}
+    engines: {node: '>=0.10.0'}
+
+  path-key@3.1.1:
+    resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==}
+    engines: {node: '>=8'}
+
+  path-key@4.0.0:
+    resolution: {integrity: sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ==}
+    engines: {node: '>=12'}
+
+  path-parse@1.0.7:
+    resolution: {integrity: sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==}
+
+  path-scurry@1.11.1:
+    resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==}
+    engines: {node: '>=16 || 14 >=14.18'}
+
+  path-type@4.0.0:
+    resolution: {integrity: sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==}
+    engines: {node: '>=8'}
+
+  pathe@2.0.3:
+    resolution: {integrity: sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==}
+
+  pathval@2.0.0:
+    resolution: {integrity: sha512-vE7JKRyES09KiunauX7nd2Q9/L7lhok4smP9RZTDeD4MVs72Dp2qNFVz39Nz5a0FVEW0BJR6C0DYrq6unoziZA==}
+    engines: {node: '>= 14.16'}
+
+  pause-stream@0.0.11:
+    resolution: {integrity: sha512-e3FBlXLmN/D1S+zHzanP4E/4Z60oFAa3O051qt1pxa7DEJWKAyil6upYVXCWadEnuoqa4Pkc9oUx9zsxYeRv8A==}
+
+  pend@1.2.0:
+    resolution: {integrity: sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==}
+
+  performance-now@2.1.0:
+    resolution: {integrity: sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow==}
+
+  picocolors@1.1.1:
+    resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==}
+
+  picomatch@2.3.1:
+    resolution: {integrity: sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==}
+    engines: {node: '>=8.6'}
+
+  picomatch@4.0.2:
+    resolution: {integrity: sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==}
+    engines: {node: '>=12'}
+
+  pidtree@0.6.0:
+    resolution: {integrity: sha512-eG2dWTVw5bzqGRztnHExczNxt5VGsE6OwTeCG3fdUf9KBsZzO3R5OIIIzWR+iZA0NtZ+RDVdaoE2dK1cn6jH4g==}
+    engines: {node: '>=0.10'}
+    hasBin: true
+
+  pify@2.3.0:
+    resolution: {integrity: sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==}
+    engines: {node: '>=0.10.0'}
+
+  pify@4.0.1:
+    resolution: {integrity: sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==}
+    engines: {node: '>=6'}
+
+  pirates@4.0.7:
+    resolution: {integrity: sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA==}
+    engines: {node: '>= 6'}
+
+  playwright-core@1.52.0:
+    resolution: {integrity: sha512-l2osTgLXSMeuLZOML9qYODUQoPPnUsKsb5/P6LJ2e6uPKXUdPK5WYhN4z03G+YNbWmGDY4YENauNu4ZKczreHg==}
+    engines: {node: '>=18'}
+    hasBin: true
+
+  playwright@1.52.0:
+    resolution: {integrity: sha512-JAwMNMBlxJ2oD1kce4KPtMkDeKGHQstdpFPcPH3maElAXon/QZeTvtsfXmTMRyO9TslfoYOXkSsvao2nE1ilTw==}
+    engines: {node: '>=18'}
+    hasBin: true
+
+  possible-typed-array-names@1.0.0:
+    resolution: {integrity: sha512-d7Uw+eZoloe0EHDIYoe+bQ5WXnGMOpmiZFTuMWCwpjzzkL2nTjcKiAk4hh8TjnGye2TwWOk3UXucZ+3rbmBa8Q==}
+    engines: {node: '>= 0.4'}
+
+  postcss-import@15.1.0:
+    resolution: {integrity: sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==}
+    engines: {node: '>=14.0.0'}
+    peerDependencies:
+      postcss: ^8.0.0
+
+  postcss-js@4.0.1:
+    resolution: {integrity: sha512-dDLF8pEO191hJMtlHFPRa8xsizHaM82MLfNkUHdUtVEV3tgTp5oj+8qbEqYM57SLfc74KSbw//4SeJma2LRVIw==}
+    engines: {node: ^12 || ^14 || >= 16}
+    peerDependencies:
+      postcss: ^8.4.21
+
+  postcss-load-config@4.0.2:
+    resolution: {integrity: sha512-bSVhyJGL00wMVoPUzAVAnbEoWyqRxkjv64tUl427SKnPrENtq6hJwUojroMz2VB+Q1edmi4IfrAPpami5VVgMQ==}
+    engines: {node: '>= 14'}
+    peerDependencies:
+      postcss: '>=8.0.9'
+      ts-node: '>=9.0.0'
+    peerDependenciesMeta:
+      postcss:
+        optional: true
+      ts-node:
+        optional: true
+
+  postcss-load-config@6.0.1:
+    resolution: {integrity: sha512-oPtTM4oerL+UXmx+93ytZVN82RrlY/wPUV8IeDxFrzIjXOLF1pN+EmKPLbubvKHT2HC20xXsCAH2Z+CKV6Oz/g==}
+    engines: {node: '>= 18'}
+    peerDependencies:
+      jiti: '>=1.21.0'
+      postcss: '>=8.0.9'
+      tsx: ^4.8.1
+      yaml: ^2.4.2
+    peerDependenciesMeta:
+      jiti:
+        optional: true
+      postcss:
+        optional: true
+      tsx:
+        optional: true
+      yaml:
+        optional: true
+
+  postcss-nested@6.2.0:
+    resolution: {integrity: sha512-HQbt28KulC5AJzG+cZtj9kvKB93CFCdLvog1WFLf1D+xmMvPGlBstkpTEZfK5+AN9hfJocyBFCNiqyS48bpgzQ==}
+    engines: {node: '>=12.0'}
+    peerDependencies:
+      postcss: ^8.2.14
+
+  postcss-selector-parser@6.1.2:
+    resolution: {integrity: sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==}
+    engines: {node: '>=4'}
+
+  postcss-value-parser@4.2.0:
+    resolution: {integrity: sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==}
+
+  postcss@8.4.31:
+    resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==}
+    engines: {node: ^10 || ^12 || >=14}
+
+  postcss@8.5.3:
+    resolution: {integrity: sha512-dle9A3yYxlBSrt8Fu+IpjGT8SY8hN0mlaA6GY8t0P5PjIOZemULz/E2Bnm/2dcUOena75OTNkHI76uZBNUUq3A==}
+    engines: {node: ^10 || ^12 || >=14}
+
+  prelude-ls@1.2.1:
+    resolution: {integrity: sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==}
+    engines: {node: '>= 0.8.0'}
+
+  prettier-plugin-organize-imports@4.1.0:
+    resolution: {integrity: sha512-5aWRdCgv645xaa58X8lOxzZoiHAldAPChljr/MT0crXVOWTZ+Svl4hIWlz+niYSlO6ikE5UXkN1JrRvIP2ut0A==}
+    peerDependencies:
+      prettier: '>=2.0'
+      typescript: '>=2.9'
+      vue-tsc: ^2.1.0
+    peerDependenciesMeta:
+      vue-tsc:
+        optional: true
+
+  prettier-plugin-tailwindcss@0.6.11:
+    resolution: {integrity: sha512-YxaYSIvZPAqhrrEpRtonnrXdghZg1irNg4qrjboCXrpybLWVs55cW2N3juhspVJiO0JBvYJT8SYsJpc8OQSnsA==}
+    engines: {node: '>=14.21.3'}
+    peerDependencies:
+      '@ianvs/prettier-plugin-sort-imports': '*'
+      '@prettier/plugin-pug': '*'
+      '@shopify/prettier-plugin-liquid': '*'
+      '@trivago/prettier-plugin-sort-imports': '*'
+      '@zackad/prettier-plugin-twig': '*'
+      prettier: ^3.0
+      prettier-plugin-astro: '*'
+      prettier-plugin-css-order: '*'
+      prettier-plugin-import-sort: '*'
+      prettier-plugin-jsdoc: '*'
+      prettier-plugin-marko: '*'
+      prettier-plugin-multiline-arrays: '*'
+      prettier-plugin-organize-attributes: '*'
+      prettier-plugin-organize-imports: '*'
+      prettier-plugin-sort-imports: '*'
+      prettier-plugin-style-order: '*'
+      prettier-plugin-svelte: '*'
+    peerDependenciesMeta:
+      '@ianvs/prettier-plugin-sort-imports':
+        optional: true
+      '@prettier/plugin-pug':
+        optional: true
+      '@shopify/prettier-plugin-liquid':
+        optional: true
+      '@trivago/prettier-plugin-sort-imports':
+        optional: true
+      '@zackad/prettier-plugin-twig':
+        optional: true
+      prettier-plugin-astro:
+        optional: true
+      prettier-plugin-css-order:
+        optional: true
+      prettier-plugin-import-sort:
+        optional: true
+      prettier-plugin-jsdoc:
+        optional: true
+      prettier-plugin-marko:
+        optional: true
+      prettier-plugin-multiline-arrays:
+        optional: true
+      prettier-plugin-organize-attributes:
+        optional: true
+      prettier-plugin-organize-imports:
+        optional: true
+      prettier-plugin-sort-imports:
+        optional: true
+      prettier-plugin-style-order:
+        optional: true
+      prettier-plugin-svelte:
+        optional: true
+
+  prettier@2.8.8:
+    resolution: {integrity: sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q==}
+    engines: {node: '>=10.13.0'}
+    hasBin: true
+
+  prettier@3.5.3:
+    resolution: {integrity: sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==}
+    engines: {node: '>=14'}
+    hasBin: true
+
+  pretty-bytes@5.6.0:
+    resolution: {integrity: sha512-FFw039TmrBqFK8ma/7OL3sDz/VytdtJr044/QUJtH0wK9lb9jLq9tJyIxUwtQJHwar2BqtiA4iCWSwo9JLkzFg==}
+    engines: {node: '>=6'}
+
+  pretty-format@27.5.1:
+    resolution: {integrity: sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==}
+    engines: {node: ^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0}
+
+  process@0.11.10:
+    resolution: {integrity: sha512-cdGef/drWFoydD1JsMzuFf8100nZl+GT+yacc2bEced5f9Rjk4z+WtFUTBu9PhOi9j/jfmBPu0mMEY4wIdAF8A==}
+    engines: {node: '>= 0.6.0'}
+
+  prop-types@15.8.1:
+    resolution: {integrity: sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==}
+
+  protobufjs@7.4.0:
+    resolution: {integrity: sha512-mRUWCc3KUU4w1jU8sGxICXH/gNS94DvI1gxqDvBzhj1JpcsimQkYiOJfwsPUykUI5ZaspFbSgmBLER8IrQ3tqw==}
+    engines: {node: '>=12.0.0'}
+
+  proxy-from-env@1.0.0:
+    resolution: {integrity: sha512-F2JHgJQ1iqwnHDcQjVBsq3n/uoaFL+iPW/eAeL7kVxy/2RrWaN4WroKjjvbsoRtv0ftelNyC01bjRhn/bhcf4A==}
+
+  proxy-from-env@1.1.0:
+    resolution: {integrity: sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==}
+
+  ps-tree@1.2.0:
+    resolution: {integrity: sha512-0VnamPPYHl4uaU/nSFeZZpR21QAWRz+sRv4iW9+v/GS/J5U5iZB5BNN6J0RMoOvdx2gWM2+ZFMIm58q24e4UYA==}
+    engines: {node: '>= 0.10'}
+    hasBin: true
+
+  pstree.remy@1.1.8:
+    resolution: {integrity: sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==}
+
+  pump@3.0.2:
+    resolution: {integrity: sha512-tUPXtzlGM8FE3P0ZL6DVs/3P58k9nk8/jZeQCurTJylQA8qFYzHFfhBJkuqyE0FifOsQ0uKWekiZ5g8wtr28cw==}
+
+  punycode@2.3.1:
+    resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
+    engines: {node: '>=6'}
+
+  qrcode.react@3.1.0:
+    resolution: {integrity: sha512-oyF+Urr3oAMUG/OiOuONL3HXM+53wvuH3mtIWQrYmsXoAq0DkvZp2RYUWFSMFtbdOpuS++9v+WAkzNVkMlNW6Q==}
+    peerDependencies:
+      react: ^16.8.0 || ^17.0.0 || ^18.0.0
+
+  qs@6.14.0:
+    resolution: {integrity: sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==}
+    engines: {node: '>=0.6'}
+
+  quansync@0.2.10:
+    resolution: {integrity: sha512-t41VRkMYbkHyCYmOvx/6URnN80H7k4X0lLdBMGsz+maAwrJQYB1djpV6vHrQIBE0WBSGqhtEHrK9U3DWWH8v7A==}
+
+  queue-microtask@1.2.3:
+    resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==}
+
+  react-dom@19.1.0:
+    resolution: {integrity: sha512-Xs1hdnE+DyKgeHJeJznQmYMIBG3TKIHJJT95Q58nHLSrElKlGQqDTR2HQ9fx5CN/Gk6Vh/kupBTDLU11/nDk/g==}
+    peerDependencies:
+      react: ^19.1.0
+
+  react-hook-form@7.39.5:
+    resolution: {integrity: sha512-OE0HKyz5IPc6svN2wd+e+evidZrw4O4WZWAWYzQVZuHi+hYnHFSLnxOq0ddjbdmaLIsLHut/ab7j72y2QT3+KA==}
+    engines: {node: '>=12.22.0'}
+    peerDependencies:
+      react: ^16.8.0 || ^17 || ^18
+
+  react-is@16.13.1:
+    resolution: {integrity: sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==}
+
+  react-is@17.0.2:
+    resolution: {integrity: sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==}
+
+  react-refresh@0.17.0:
+    resolution: {integrity: sha512-z6F7K9bV85EfseRCp2bzrpyQ0Gkw1uLoCel9XBVWPg/TjRj94SkJzUTGfOa4bs7iJvBWtQG0Wq7wnI0syw3EBQ==}
+    engines: {node: '>=0.10.0'}
+
+  react@19.1.0:
+    resolution: {integrity: sha512-FS+XFBNvn3GTAWq26joslQgWNoFu08F4kl0J4CgdNKADkdSGXQyTCnKteIAJy96Br6YbpEU1LSzV5dYtjMkMDg==}
+    engines: {node: '>=0.10.0'}
+
+  read-cache@1.0.0:
+    resolution: {integrity: sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==}
+
+  read-yaml-file@1.1.0:
+    resolution: {integrity: sha512-VIMnQi/Z4HT2Fxuwg5KrY174U1VdUIASQVWXXyqtNRtxSr9IYkn1rsI6Tb6HsrHCmB7gVpNwX6JxPTHcH6IoTA==}
+    engines: {node: '>=6'}
+
+  readable-stream@3.6.2:
+    resolution: {integrity: sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==}
+    engines: {node: '>= 6'}
+
+  readdirp@3.6.0:
+    resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==}
+    engines: {node: '>=8.10.0'}
+
+  readdirp@4.1.2:
+    resolution: {integrity: sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==}
+    engines: {node: '>= 14.18.0'}
+
+  redent@3.0.0:
+    resolution: {integrity: sha512-6tDA8g98We0zd0GvVeMT9arEOnTw9qM03L9cJXaCjrip1OO764RDBLBfrB4cwzNGDj5OA5ioymC9GkizgWJDUg==}
+    engines: {node: '>=8'}
+
+  reflect.getprototypeof@1.0.6:
+    resolution: {integrity: sha512-fmfw4XgoDke3kdI6h4xcUz1dG8uaiv5q9gcEwLS4Pnth2kxT+GZ7YehS1JTMGBQmtV7Y4GFGbs2re2NqhdozUg==}
+    engines: {node: '>= 0.4'}
+
+  regenerator-runtime@0.14.1:
+    resolution: {integrity: sha512-dYnhHh0nJoMfnkZs6GmmhFknAGRrLznOu5nc9ML+EJxGvrx6H7teuevqVqCuPcPK//3eDrrjQhehXVx9cnkGdw==}
+
+  regexp.prototype.flags@1.5.2:
+    resolution: {integrity: sha512-NcDiDkTLuPR+++OCKB0nWafEmhg/Da8aUPLPMQbK+bxKKCm1/S5he+AqYa4PlMCVBalb4/yxIRub6qkEx5yJbw==}
+    engines: {node: '>= 0.4'}
+
+  request-progress@3.0.0:
+    resolution: {integrity: sha512-MnWzEHHaxHO2iWiQuHrUPBi/1WeBf5PkxQqNyNvLl9VAYSdXkP8tQ3pBSeCPD+yw0v0Aq1zosWLz0BdeXpWwZg==}
+
+  require-directory@2.1.1:
+    resolution: {integrity: sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==}
+    engines: {node: '>=0.10.0'}
+
+  resolve-from@4.0.0:
+    resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==}
+    engines: {node: '>=4'}
+
+  resolve-from@5.0.0:
+    resolution: {integrity: sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==}
+    engines: {node: '>=8'}
+
+  resolve-pkg-maps@1.0.0:
+    resolution: {integrity: sha512-seS2Tj26TBVOC2NIc2rOe2y2ZO7efxITtLZcGSOnHHNOQ7CkiUBfw0Iw2ck6xkIhPwLhKNLS8BO+hEpngQlqzw==}
+
+  resolve@1.22.8:
+    resolution: {integrity: sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==}
+    hasBin: true
+
+  resolve@2.0.0-next.5:
+    resolution: {integrity: sha512-U7WjGVG9sH8tvjW5SmGbQuui75FiyjAX72HX15DwBBwF9dNiQZRQAg9nnPhYy+TUnE0+VcrttuvNI8oSxZcocA==}
+    hasBin: true
+
+  restore-cursor@3.1.0:
+    resolution: {integrity: sha512-l+sSefzHpj5qimhFSE5a8nufZYAM3sBSVMAPtYkmC+4EH2anSGaEMXSD0izRQbu9nfyQ9y5JrVmp7E8oZrUjvA==}
+    engines: {node: '>=8'}
+
+  restore-cursor@5.1.0:
+    resolution: {integrity: sha512-oMA2dcrw6u0YfxJQXm342bFKX/E4sG9rbTzO9ptUcR/e8A33cHuvStiYOwH7fszkZlZ1z/ta9AAoPk2F4qIOHA==}
+    engines: {node: '>=18'}
+
+  reusify@1.0.4:
+    resolution: {integrity: sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==}
+    engines: {iojs: '>=1.0.0', node: '>=0.10.0'}
+
+  rfdc@1.4.1:
+    resolution: {integrity: sha512-q1b3N5QkRUWUl7iyylaaj3kOpIT0N2i9MqIEQXP73GVsN9cw3fdx8X63cEmWhJGi2PPCF23Ijp7ktmd39rawIA==}
+
+  rimraf@3.0.2:
+    resolution: {integrity: sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==}
+    deprecated: Rimraf versions prior to v4 are no longer supported
+    hasBin: true
+
+  rollup@4.40.0:
+    resolution: {integrity: sha512-Noe455xmA96nnqH5piFtLobsGbCij7Tu+tb3c1vYjNbTkfzGqXqQXG3wJaYXkRZuQ0vEYN4bhwg7QnIrqB5B+w==}
+    engines: {node: '>=18.0.0', npm: '>=8.0.0'}
+    hasBin: true
+
+  rrweb-cssom@0.8.0:
+    resolution: {integrity: sha512-guoltQEx+9aMf2gDZ0s62EcV8lsXR+0w8915TC3ITdn2YueuNjdAYh/levpU9nFaoChh9RUS5ZdQMrKfVEN9tw==}
+
+  run-parallel@1.2.0:
+    resolution: {integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==}
+
+  rxjs@7.8.2:
+    resolution: {integrity: sha512-dhKf903U/PQZY6boNNtAGdWbG85WAbjT/1xYoZIC7FAY0yWapOBQVsVrDl58W86//e1VpMNBtRV4MaXfdMySFA==}
+
+  safe-array-concat@1.1.2:
+    resolution: {integrity: sha512-vj6RsCsWBCf19jIeHEfkRMw8DPiBb+DMXklQ/1SGDHOMlHdPUkZXFQ2YdplS23zESTijAcurb1aSgJA3AgMu1Q==}
+    engines: {node: '>=0.4'}
+
+  safe-buffer@5.2.1:
+    resolution: {integrity: sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==}
+
+  safe-regex-test@1.0.3:
+    resolution: {integrity: sha512-CdASjNJPvRa7roO6Ra/gLYBTzYzzPyyBXxIMdGW3USQLyjWEls2RgW5UBTXaQVp+OrpeCK3bLem8smtmheoRuw==}
+    engines: {node: '>= 0.4'}
+
+  safer-buffer@2.1.2:
+    resolution: {integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==}
+
+  sass@1.87.0:
+    resolution: {integrity: sha512-d0NoFH4v6SjEK7BoX810Jsrhj7IQSYHAHLi/iSpgqKc7LaIDshFRlSg5LOymf9FqQhxEHs2W5ZQXlvy0KD45Uw==}
+    engines: {node: '>=14.0.0'}
+    hasBin: true
+
+  saxes@6.0.0:
+    resolution: {integrity: sha512-xAg7SOnEhrm5zI3puOOKyy1OMcMlIJZYNJY7xLBwSze0UjhPLnWfj2GF2EpT0jmzaJKIWKHLsaSSajf35bcYnA==}
+    engines: {node: '>=v12.22.7'}
+
+  scheduler@0.26.0:
+    resolution: {integrity: sha512-NlHwttCI/l5gCPR3D1nNXtWABUmBwvZpEQiD4IXSbIDq8BzLIK/7Ir5gTFSGZDUu37K5cMNp0hFtzO38sC7gWA==}
+
+  semver@6.3.1:
+    resolution: {integrity: sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==}
+    hasBin: true
+
+  semver@7.7.1:
+    resolution: {integrity: sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==}
+    engines: {node: '>=10'}
+    hasBin: true
+
+  server-only@0.0.1:
+    resolution: {integrity: sha512-qepMx2JxAa5jjfzxG79yPPq+8BuFToHd1hm7kI+Z4zAq1ftQiP7HcxMhDDItrbtwVeLg/cY2JnKnrcFkmiswNA==}
+
+  set-blocking@2.0.0:
+    resolution: {integrity: sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==}
+
+  set-function-length@1.2.2:
+    resolution: {integrity: sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==}
+    engines: {node: '>= 0.4'}
+
+  set-function-name@2.0.2:
+    resolution: {integrity: sha512-7PGFlmtwsEADb0WYyvCMa1t+yke6daIG4Wirafur5kcf+MhUnPms1UeR0CKQdTZD81yESwMHbtn+TR+dMviakQ==}
+    engines: {node: '>= 0.4'}
+
+  sharp@0.34.1:
+    resolution: {integrity: sha512-1j0w61+eVxu7DawFJtnfYcvSv6qPFvfTaqzTQ2BLknVhHTwGS8sc63ZBF4rzkWMBVKybo4S5OBtDdZahh2A1xg==}
+    engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
+
+  shebang-command@2.0.0:
+    resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==}
+    engines: {node: '>=8'}
+
+  shebang-regex@3.0.0:
+    resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==}
+    engines: {node: '>=8'}
+
+  shell-quote@1.8.2:
+    resolution: {integrity: sha512-AzqKpGKjrj7EM6rKVQEPpB288oCfnrEIuyoT9cyF4nmGa7V8Zk6f7RRqYisX8X9m+Q7bd632aZW4ky7EhbQztA==}
+    engines: {node: '>= 0.4'}
+
+  side-channel-list@1.0.0:
+    resolution: {integrity: sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==}
+    engines: {node: '>= 0.4'}
+
+  side-channel-map@1.0.1:
+    resolution: {integrity: sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==}
+    engines: {node: '>= 0.4'}
+
+  side-channel-weakmap@1.0.2:
+    resolution: {integrity: sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==}
+    engines: {node: '>= 0.4'}
+
+  side-channel@1.0.6:
+    resolution: {integrity: sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==}
+    engines: {node: '>= 0.4'}
+
+  side-channel@1.1.0:
+    resolution: {integrity: sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==}
+    engines: {node: '>= 0.4'}
+
+  siginfo@2.0.0:
+    resolution: {integrity: sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==}
+
+  signal-exit@3.0.7:
+    resolution: {integrity: sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==}
+
+  signal-exit@4.1.0:
+    resolution: {integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==}
+    engines: {node: '>=14'}
+
+  simple-swizzle@0.2.2:
+    resolution: {integrity: sha512-JA//kQgZtbuY83m+xT+tXJkmJncGMTFT+C+g2h2R9uxkYIrE2yy9sgmcLhCnw57/WSD+Eh3J97FPEDFnbXnDUg==}
+
+  simple-update-notifier@2.0.0:
+    resolution: {integrity: sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==}
+    engines: {node: '>=10'}
+
+  slash@3.0.0:
+    resolution: {integrity: sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==}
+    engines: {node: '>=8'}
+
+  slice-ansi@3.0.0:
+    resolution: {integrity: sha512-pSyv7bSTC7ig9Dcgbw9AuRNUb5k5V6oDudjZoMBSr13qpLBG7tB+zgCkARjq7xIUgdz5P1Qe8u+rSGdouOOIyQ==}
+    engines: {node: '>=8'}
+
+  slice-ansi@4.0.0:
+    resolution: {integrity: sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==}
+    engines: {node: '>=10'}
+
+  slice-ansi@5.0.0:
+    resolution: {integrity: sha512-FC+lgizVPfie0kkhqUScwRu1O/lF6NOgJmlCgK+/LYxDCTk8sGelYaHDhFcDN+Sn3Cv+3VSa4Byeo+IMCzpMgQ==}
+    engines: {node: '>=12'}
+
+  slice-ansi@7.1.0:
+    resolution: {integrity: sha512-bSiSngZ/jWeX93BqeIAbImyTbEihizcwNjFoRUIY/T1wWQsfsm2Vw1agPKylXvQTU7iASGdHhyqRlqQzfz+Htg==}
+    engines: {node: '>=18'}
+
+  source-map-js@1.2.1:
+    resolution: {integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==}
+    engines: {node: '>=0.10.0'}
+
+  source-map@0.8.0-beta.0:
+    resolution: {integrity: sha512-2ymg6oRBpebeZi9UUNsgQ89bhx01TcTkmNTGnNO88imTmbSgy4nfujrgVEFKWpMTEGA11EDkTt7mqObTPdigIA==}
+    engines: {node: '>= 8'}
+
+  spawndamnit@3.0.1:
+    resolution: {integrity: sha512-MmnduQUuHCoFckZoWnXsTg7JaiLBJrKFj9UI2MbRPGaJeVpsLcVBu6P/IGZovziM/YBsellCmsprgNA+w0CzVg==}
+
+  split@0.3.3:
+    resolution: {integrity: sha512-wD2AeVmxXRBoX44wAycgjVpMhvbwdI2aZjCkvfNcH1YqHQvJVa1duWc73OyVGJUc05fhFaTZeQ/PYsrmyH0JVA==}
+
+  sprintf-js@1.0.3:
+    resolution: {integrity: sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==}
+
+  sshpk@1.18.0:
+    resolution: {integrity: sha512-2p2KJZTSqQ/I3+HX42EpYOa2l3f8Erv8MWKsy2I9uf4wA7yFIkXRffYdsx86y6z4vHtV8u7g+pPlr8/4ouAxsQ==}
+    engines: {node: '>=0.10.0'}
+    hasBin: true
+
+  stackback@0.0.2:
+    resolution: {integrity: sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==}
+
+  start-server-and-test@2.0.11:
+    resolution: {integrity: sha512-TN39gLzPhHAflxyOkE/oMfQGj+pj3JgF6qVicFH/JrXt7xXktidKXwqfRga+ve7lVA8+RgPZVc25VrEPRScaDw==}
+    engines: {node: '>=16'}
+    hasBin: true
+
+  std-env@3.9.0:
+    resolution: {integrity: sha512-UGvjygr6F6tpH7o2qyqR6QYpwraIjKSdtzyBdyytFOHmPZY917kwdwLG0RbOjWOnKmnm3PeHjaoLLMie7kPLQw==}
+
+  stop-iteration-iterator@1.0.0:
+    resolution: {integrity: sha512-iCGQj+0l0HOdZ2AEeBADlsRC+vsnDsZsbdSiH1yNSjcfKM7fdpCMfqAL/dwF5BLiw/XhRft/Wax6zQbhq2BcjQ==}
+    engines: {node: '>= 0.4'}
+
+  stream-combiner@0.0.4:
+    resolution: {integrity: sha512-rT00SPnTVyRsaSz5zgSPma/aHSOic5U1prhYdRy5HS2kTZviFpmDgzilbtsJsxiroqACmayynDN/9VzIbX5DOw==}
+
+  string-argv@0.3.2:
+    resolution: {integrity: sha512-aqD2Q0144Z+/RqG52NeHEkZauTAUWJO8c6yTftGJKO3Tja5tUgIfmIl6kExvhtxSDP7fXB6DvzkfMpCd/F3G+Q==}
+    engines: {node: '>=0.6.19'}
+
+  string-width@4.2.3:
+    resolution: {integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==}
+    engines: {node: '>=8'}
+
+  string-width@5.1.2:
+    resolution: {integrity: sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==}
+    engines: {node: '>=12'}
+
+  string-width@7.2.0:
+    resolution: {integrity: sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==}
+    engines: {node: '>=18'}
+
+  string.prototype.includes@2.0.0:
+    resolution: {integrity: sha512-E34CkBgyeqNDcrbU76cDjL5JLcVrtSdYq0MEh/B10r17pRP4ciHLwTgnuLV8Ay6cgEMLkcBkFCKyFZ43YldYzg==}
+
+  string.prototype.matchall@4.0.11:
+    resolution: {integrity: sha512-NUdh0aDavY2og7IbBPenWqR9exH+E26Sv8e0/eTe1tltDGZL+GtBkDAnnyBtmekfK6/Dq3MkcGtzXFEd1LQrtg==}
+    engines: {node: '>= 0.4'}
+
+  string.prototype.repeat@1.0.0:
+    resolution: {integrity: sha512-0u/TldDbKD8bFCQ/4f5+mNRrXwZ8hg2w7ZR8wa16e8z9XpePWl3eGEcUD0OXpEH/VJH/2G3gjUtR3ZOiBe2S/w==}
+
+  string.prototype.trim@1.2.9:
+    resolution: {integrity: sha512-klHuCNxiMZ8MlsOihJhJEBJAiMVqU3Z2nEXWfWnIqjN0gEFS9J9+IxKozWWtQGcgoa1WUZzLjKPTr4ZHNFTFxw==}
+    engines: {node: '>= 0.4'}
+
+  string.prototype.trimend@1.0.8:
+    resolution: {integrity: sha512-p73uL5VCHCO2BZZ6krwwQE3kCzM7NKmis8S//xEC6fQonchbum4eP6kR4DLEjQFO3Wnj3Fuo8NM0kOSjVdHjZQ==}
+
+  string.prototype.trimstart@1.0.8:
+    resolution: {integrity: sha512-UXSH262CSZY1tfu3G3Secr6uGLCFVPMhIqHjlgCUtCCcgihYc/xKs9djMTMUOb2j1mVSeU8EU6NWc/iQKU6Gfg==}
+    engines: {node: '>= 0.4'}
+
+  string_decoder@1.3.0:
+    resolution: {integrity: sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==}
+
+  strip-ansi@6.0.1:
+    resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==}
+    engines: {node: '>=8'}
+
+  strip-ansi@7.1.0:
+    resolution: {integrity: sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==}
+    engines: {node: '>=12'}
+
+  strip-bom@3.0.0:
+    resolution: {integrity: sha512-vavAMRXOgBVNF6nyEEmL3DBK19iRpDcoIwW+swQ+CbGiu7lju6t+JklA1MHweoWtadgt4ISVUsXLyDq34ddcwA==}
+    engines: {node: '>=4'}
+
+  strip-final-newline@2.0.0:
+    resolution: {integrity: sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==}
+    engines: {node: '>=6'}
+
+  strip-final-newline@3.0.0:
+    resolution: {integrity: sha512-dOESqjYr96iWYylGObzd39EuNTa5VJxyvVAEm5Jnh7KGo75V43Hk1odPQkNDyXNmUR6k+gEiDVXnjB8HJ3crXw==}
+    engines: {node: '>=12'}
+
+  strip-indent@3.0.0:
+    resolution: {integrity: sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ==}
+    engines: {node: '>=8'}
+
+  strip-json-comments@3.1.1:
+    resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
+    engines: {node: '>=8'}
+
+  styled-jsx@5.1.6:
+    resolution: {integrity: sha512-qSVyDTeMotdvQYoHWLNGwRFJHC+i+ZvdBRYosOFgC+Wg1vx4frN2/RG/NA7SYqqvKNLf39P2LSRA2pu6n0XYZA==}
+    engines: {node: '>= 12.0.0'}
+    peerDependencies:
+      '@babel/core': '*'
+      babel-plugin-macros: '*'
+      react: '>= 16.8.0 || 17.x.x || ^18.0.0-0 || ^19.0.0-0'
+    peerDependenciesMeta:
+      '@babel/core':
+        optional: true
+      babel-plugin-macros:
+        optional: true
+
+  sucrase@3.35.0:
+    resolution: {integrity: sha512-8EbVDiu9iN/nESwxeSxDKe0dunta1GOlHufmSSXxMD2z2/tMZpDMpvXQGsc+ajGo8y2uYUmixaSRUc/QPoQ0GA==}
+    engines: {node: '>=16 || 14 >=14.17'}
+    hasBin: true
+
+  supports-color@5.5.0:
+    resolution: {integrity: sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==}
+    engines: {node: '>=4'}
+
+  supports-color@7.2.0:
+    resolution: {integrity: sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==}
+    engines: {node: '>=8'}
+
+  supports-color@8.1.1:
+    resolution: {integrity: sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==}
+    engines: {node: '>=10'}
+
+  supports-preserve-symlinks-flag@1.0.0:
+    resolution: {integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==}
+    engines: {node: '>= 0.4'}
+
+  symbol-tree@3.2.4:
+    resolution: {integrity: sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==}
+
+  tabbable@6.2.0:
+    resolution: {integrity: sha512-Cat63mxsVJlzYvN51JmVXIgNoUokrIaT2zLclCXjRd8boZ0004U4KCs/sToJ75C6sdlByWxpYnb5Boif1VSFew==}
+
+  tailwindcss@3.4.14:
+    resolution: {integrity: sha512-IcSvOcTRcUtQQ7ILQL5quRDg7Xs93PdJEk1ZLbhhvJc7uj/OAhYOnruEiwnGgBvUtaUAJ8/mhSw1o8L2jCiENA==}
+    engines: {node: '>=14.0.0'}
+    hasBin: true
+
+  tailwindcss@4.1.4:
+    resolution: {integrity: sha512-1ZIUqtPITFbv/DxRmDr5/agPqJwF69d24m9qmM1939TJehgY539CtzeZRjbLt5G6fSy/7YqqYsfvoTEw9xUI2A==}
+
+  tapable@2.2.1:
+    resolution: {integrity: sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==}
+    engines: {node: '>=6'}
+
+  tar@6.2.1:
+    resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==}
+    engines: {node: '>=10'}
+
+  term-size@2.2.1:
+    resolution: {integrity: sha512-wK0Ri4fOGjv/XPy8SBHZChl8CM7uMc5VML7SqiQ0zG7+J5Vr+RMQDoHa2CNT6KHUnTGIXH34UDMkPzAUyapBZg==}
+    engines: {node: '>=8'}
+
+  text-table@0.2.0:
+    resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
+
+  thenify-all@1.6.0:
+    resolution: {integrity: sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==}
+    engines: {node: '>=0.8'}
+
+  thenify@3.3.1:
+    resolution: {integrity: sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==}
+
+  thirty-two@1.0.2:
+    resolution: {integrity: sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA==}
+    engines: {node: '>=0.2.6'}
+
+  throttleit@1.0.1:
+    resolution: {integrity: sha512-vDZpf9Chs9mAdfY046mcPt8fg5QSZr37hEH4TXYBnDF+izxgrbRGUAAaBvIk/fJm9aOFCGFd1EsNg5AZCbnQCQ==}
+
+  through@2.3.8:
+    resolution: {integrity: sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg==}
+
+  tinybench@2.9.0:
+    resolution: {integrity: sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==}
+
+  tinycolor2@1.4.2:
+    resolution: {integrity: sha512-vJhccZPs965sV/L2sU4oRQVAos0pQXwsvTLkWYdqJ+a8Q5kPFzJTuOFwy7UniPli44NKQGAglksjvOcpo95aZA==}
+
+  tinyexec@0.3.2:
+    resolution: {integrity: sha512-KQQR9yN7R5+OSwaK0XQoj22pwHoTlgYqmUscPYoknOoWCWfj/5/ABTMRi69FrKU5ffPVh5QcFikpWJI/P1ocHA==}
+
+  tinyglobby@0.2.13:
+    resolution: {integrity: sha512-mEwzpUgrLySlveBwEVDMKk5B57bhLPYovRfPAXD5gA/98Opn0rCDj3GtLwFvCvH5RK9uPCExUROW5NjDwvqkxw==}
+    engines: {node: '>=12.0.0'}
+
+  tinypool@1.0.2:
+    resolution: {integrity: sha512-al6n+QEANGFOMf/dmUMsuS5/r9B06uwlyNjZZql/zv8J7ybHCgoihBNORZCY2mzUuAnomQa2JdhyHKzZxPCrFA==}
+    engines: {node: ^18.0.0 || >=20.0.0}
+
+  tinyrainbow@2.0.0:
+    resolution: {integrity: sha512-op4nsTR47R6p0vMUUoYl/a+ljLFVtlfaXkLQmqfLR1qHma1h/ysYk4hEXZ880bf2CYgTskvTa/e196Vd5dDQXw==}
+    engines: {node: '>=14.0.0'}
+
+  tinyspy@3.0.2:
+    resolution: {integrity: sha512-n1cw8k1k0x4pgA2+9XrOkFydTerNcJ1zWCO5Nn9scWHTD+5tp8dghT2x1uduQePZTZgd3Tupf+x9BxJjeJi77Q==}
+    engines: {node: '>=14.0.0'}
+
+  tldts-core@6.1.86:
+    resolution: {integrity: sha512-Je6p7pkk+KMzMv2XXKmAE3McmolOQFdxkKw0R8EYNr7sELW46JqnNeTX8ybPiQgvg1ymCoF8LXs5fzFaZvJPTA==}
+
+  tldts@6.1.86:
+    resolution: {integrity: sha512-WMi/OQ2axVTf/ykqCQgXiIct+mSQDFdH2fkwhPwgEwvJ1kSzZRiinb0zF2Xb8u4+OqPChmyI6MEu4EezNJz+FQ==}
+    hasBin: true
+
+  tmp@0.0.33:
+    resolution: {integrity: sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==}
+    engines: {node: '>=0.6.0'}
+
+  tmp@0.2.3:
+    resolution: {integrity: sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==}
+    engines: {node: '>=14.14'}
+
+  to-regex-range@5.0.1:
+    resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==}
+    engines: {node: '>=8.0'}
+
+  toggle-selection@1.0.6:
+    resolution: {integrity: sha512-BiZS+C1OS8g/q2RRbJmy59xpyghNBqrr6k5L/uKBGRsTfxmu3ffiRnd8mlGPUVayg8pvfi5urfnu8TU7DVOkLQ==}
+
+  touch@3.1.1:
+    resolution: {integrity: sha512-r0eojU4bI8MnHr8c5bNo7lJDdI2qXlWWJk6a9EAFG7vbhTjElYhBVS3/miuE0uOuoLdb8Mc/rVfsmm6eo5o9GA==}
+    hasBin: true
+
+  tough-cookie@5.1.2:
+    resolution: {integrity: sha512-FVDYdxtnj0G6Qm/DhNPSb8Ju59ULcup3tuJxkFb5K8Bv2pUXILbf0xZWU8PX8Ov19OXljbUyveOFwRMwkXzO+A==}
+    engines: {node: '>=16'}
+
+  tr46@0.0.3:
+    resolution: {integrity: sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==}
+
+  tr46@1.0.1:
+    resolution: {integrity: sha512-dTpowEjclQ7Kgx5SdBkqRzVhERQXov8/l9Ft9dVM9fmg0W0KQSVaXX9T4i6twCPNtYiZM53lpSSUAwJbFPOHxA==}
+
+  tr46@5.1.1:
+    resolution: {integrity: sha512-hdF5ZgjTqgAntKkklYw0R03MG2x/bSzTtkxmIRw/sTNV8YXsCJ1tfLAX23lhxhHJlEf3CRCOCGGWw3vI3GaSPw==}
+    engines: {node: '>=18'}
+
+  tree-kill@1.2.2:
+    resolution: {integrity: sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A==}
+    hasBin: true
+
+  ts-api-utils@1.4.1:
+    resolution: {integrity: sha512-5RU2/lxTA3YUZxju61HO2U6EoZLvBLtmV2mbTvqyu4a/7s7RmJPT+1YekhMVsQhznRWk/czIwDUg+V8Q9ZuG4w==}
+    engines: {node: '>=16'}
+    peerDependencies:
+      typescript: '>=4.2.0'
+
+  ts-error@1.0.6:
+    resolution: {integrity: sha512-tLJxacIQUM82IR7JO1UUkKlYuUTmoY9HBJAmNWFzheSlDS5SPMcNIepejHJa4BpPQLAcbRhRf3GDJzyj6rbKvA==}
+
+  ts-interface-checker@0.1.13:
+    resolution: {integrity: sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==}
+
+  ts-poet@6.11.0:
+    resolution: {integrity: sha512-r5AGF8vvb+GjBsnqiTqbLhN1/U2FJt6BI+k0dfCrkKzWvUhNlwMmq9nDHuucHs45LomgHjZPvYj96dD3JawjJA==}
+
+  ts-proto-descriptors@2.0.0:
+    resolution: {integrity: sha512-wHcTH3xIv11jxgkX5OyCSFfw27agpInAd6yh89hKG6zqIXnjW9SYqSER2CVQxdPj4czeOhGagNvZBEbJPy7qkw==}
+
+  ts-proto@2.7.0:
+    resolution: {integrity: sha512-BGHjse2wTOeswOqnnPKinpxmbaRd882so/e1En6ww59YMG7AO9Kg4vPpJcbVfrpBixPRDqHafXD/RDyd2T99GA==}
+    hasBin: true
+
+  tsconfck@3.1.5:
+    resolution: {integrity: sha512-CLDfGgUp7XPswWnezWwsCRxNmgQjhYq3VXHM0/XIRxhVrKw0M1if9agzryh1QS3nxjCROvV+xWxoJO1YctzzWg==}
+    engines: {node: ^18 || >=20}
+    hasBin: true
+    peerDependencies:
+      typescript: ^5.0.0
+    peerDependenciesMeta:
+      typescript:
+        optional: true
+
+  tsconfig-paths@3.15.0:
+    resolution: {integrity: sha512-2Ac2RgzDe/cn48GvOe3M+o82pEFewD3UPbyoUHHdKasHwJKjds4fLXWf/Ux5kATBKN20oaFGu+jbElp1pos0mg==}
+
+  tslib@2.8.1:
+    resolution: {integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==}
+
+  tsup@8.4.0:
+    resolution: {integrity: sha512-b+eZbPCjz10fRryaAA7C8xlIHnf8VnsaRqydheLIqwG/Mcpfk8Z5zp3HayX7GaTygkigHl5cBUs+IhcySiIexQ==}
+    engines: {node: '>=18'}
+    hasBin: true
+    peerDependencies:
+      '@microsoft/api-extractor': ^7.36.0
+      '@swc/core': ^1
+      postcss: ^8.4.12
+      typescript: '>=4.5.0'
+    peerDependenciesMeta:
+      '@microsoft/api-extractor':
+        optional: true
+      '@swc/core':
+        optional: true
+      postcss:
+        optional: true
+      typescript:
+        optional: true
+
+  tunnel-agent@0.6.0:
+    resolution: {integrity: sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==}
+
+  turbo-darwin-64@2.5.0:
+    resolution: {integrity: sha512-fP1hhI9zY8hv0idym3hAaXdPi80TLovmGmgZFocVAykFtOxF+GlfIgM/l4iLAV9ObIO4SUXPVWHeBZQQ+Hpjag==}
+    cpu: [x64]
+    os: [darwin]
+
+  turbo-darwin-arm64@2.5.0:
+    resolution: {integrity: sha512-p9sYq7kXH7qeJwIQE86cOWv/xNqvow846l6c/qWc26Ib1ci5W7V0sI5thsrP3eH+VA0d+SHalTKg5SQXgNQBWA==}
+    cpu: [arm64]
+    os: [darwin]
+
+  turbo-linux-64@2.5.0:
+    resolution: {integrity: sha512-1iEln2GWiF3iPPPS1HQJT6ZCFXynJPd89gs9SkggH2EJsj3eRUSVMmMC8y6d7bBbhBFsiGGazwFIYrI12zs6uQ==}
+    cpu: [x64]
+    os: [linux]
+
+  turbo-linux-arm64@2.5.0:
+    resolution: {integrity: sha512-bKBcbvuQHmsX116KcxHJuAcppiiBOfivOObh2O5aXNER6mce7YDDQJy00xQQNp1DhEfcSV2uOsvb3O3nN2cbcA==}
+    cpu: [arm64]
+    os: [linux]
+
+  turbo-windows-64@2.5.0:
+    resolution: {integrity: sha512-9BCo8oQ7BO7J0K913Czbc3tw8QwLqn2nTe4E47k6aVYkM12ASTScweXPTuaPFP5iYXAT6z5Dsniw704Ixa5eGg==}
+    cpu: [x64]
+    os: [win32]
+
+  turbo-windows-arm64@2.5.0:
+    resolution: {integrity: sha512-OUHCV+ueXa3UzfZ4co/ueIHgeq9B2K48pZwIxKSm5VaLVuv8M13MhM7unukW09g++dpdrrE1w4IOVgxKZ0/exg==}
+    cpu: [arm64]
+    os: [win32]
+
+  turbo@2.5.0:
+    resolution: {integrity: sha512-PvSRruOsitjy6qdqwIIyolv99+fEn57gP6gn4zhsHTEcCYgXPhv6BAxzAjleS8XKpo+Y582vTTA9nuqYDmbRuA==}
+    hasBin: true
+
+  tweetnacl@0.14.5:
+    resolution: {integrity: sha512-KXXFFdAbFXY4geFIwoyNK+f5Z1b7swfXABfL7HXCmoIWMKU3dmS26672A4EeQtDzLKy7SXmfBu51JolvEKwtGA==}
+
+  type-check@0.4.0:
+    resolution: {integrity: sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==}
+    engines: {node: '>= 0.8.0'}
+
+  type-fest@0.20.2:
+    resolution: {integrity: sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==}
+    engines: {node: '>=10'}
+
+  type-fest@0.21.3:
+    resolution: {integrity: sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==}
+    engines: {node: '>=10'}
+
+  typed-array-buffer@1.0.2:
+    resolution: {integrity: sha512-gEymJYKZtKXzzBzM4jqa9w6Q1Jjm7x2d+sh19AdsD4wqnMPDYyvwpsIc2Q/835kHuo3BEQ7CjelGhfTsoBb2MQ==}
+    engines: {node: '>= 0.4'}
+
+  typed-array-byte-length@1.0.1:
+    resolution: {integrity: sha512-3iMJ9q0ao7WE9tWcaYKIptkNBuOIcZCCT0d4MRvuuH88fEoEH62IuQe0OtraD3ebQEoTRk8XCBoknUNc1Y67pw==}
+    engines: {node: '>= 0.4'}
+
+  typed-array-byte-offset@1.0.2:
+    resolution: {integrity: sha512-Ous0vodHa56FviZucS2E63zkgtgrACj7omjwd/8lTEMEPFFyjfixMZ1ZXenpgCFBBt4EC1J2XsyVS2gkG0eTFA==}
+    engines: {node: '>= 0.4'}
+
+  typed-array-length@1.0.6:
+    resolution: {integrity: sha512-/OxDN6OtAk5KBpGb28T+HZc2M+ADtvRxXrKKbUwtsLgdoxgX13hyy7ek6bFRl5+aBs2yZzB0c4CnQfAtVypW/g==}
+    engines: {node: '>= 0.4'}
+
+  typescript@5.8.3:
+    resolution: {integrity: sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ==}
+    engines: {node: '>=14.17'}
+    hasBin: true
+
+  unbox-primitive@1.0.2:
+    resolution: {integrity: sha512-61pPlCD9h51VoreyJ0BReideM3MDKMKnh6+V9L08331ipq6Q8OFXZYiqP6n/tbHx4s5I9uRhcye6BrbkizkBDw==}
+
+  undefsafe@2.0.5:
+    resolution: {integrity: sha512-WxONCrssBM8TSPRqN5EmsjVrsv4A8X12J4ArBiiayv3DyyG3ZlIg6yysuuSYdZsVz3TKcTg2fd//Ujd4CHV1iA==}
+
+  undici-types@6.21.0:
+    resolution: {integrity: sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==}
+
+  universalify@0.1.2:
+    resolution: {integrity: sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==}
+    engines: {node: '>= 4.0.0'}
+
+  universalify@2.0.1:
+    resolution: {integrity: sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==}
+    engines: {node: '>= 10.0.0'}
+
+  untildify@4.0.0:
+    resolution: {integrity: sha512-KK8xQ1mkzZeg9inewmFVDNkg3l5LUhoq9kN6iWYB/CC9YMG8HA+c1Q8HwDe6dEX7kErrEVNVBO3fWsVq5iDgtw==}
+    engines: {node: '>=8'}
+
+  update-browserslist-db@1.1.3:
+    resolution: {integrity: sha512-UxhIZQ+QInVdunkDAaiazvvT/+fXL5Osr0JZlJulepYu6Jd7qJtDZjlur0emRlT71EN3ScPoE7gvsuIKKNavKw==}
+    hasBin: true
+    peerDependencies:
+      browserslist: '>= 4.21.0'
+
+  uri-js@4.4.1:
+    resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==}
+
+  use-intl@3.26.5:
+    resolution: {integrity: sha512-OdsJnC/znPvHCHLQH/duvQNXnP1w0hPfS+tkSi3mAbfjYBGh4JnyfdwkQBfIVf7t8gs9eSX/CntxUMvtKdG2MQ==}
+    peerDependencies:
+      react: ^16.8.0 || ^17.0.0 || ^18.0.0 || >=19.0.0-rc <19.0.0 || ^19.0.0
+
+  util-deprecate@1.0.2:
+    resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==}
+
+  uuid@11.1.0:
+    resolution: {integrity: sha512-0/A9rDy9P7cJ+8w1c9WD9V//9Wj15Ce2MPz8Ri6032usz+NfePxx5AcN3bN+r6ZL6jEo066/yNYB3tn4pQEx+A==}
+    hasBin: true
+
+  uuid@8.3.2:
+    resolution: {integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==}
+    hasBin: true
+
+  verror@1.10.0:
+    resolution: {integrity: sha512-ZZKSmDAEFOijERBLkmYfJ+vmk3w+7hOLYDNkRCuRuMJGEmqYNCNLyBBFwWKVMhfwaEF3WOd0Zlw86U/WC/+nYw==}
+    engines: {'0': node >=0.6.0}
+
+  vite-node@3.1.2:
+    resolution: {integrity: sha512-/8iMryv46J3aK13iUXsei5G/A3CUlW4665THCPS+K8xAaqrVWiGB4RfXMQXCLjpK9P2eK//BczrVkn5JLAk6DA==}
+    engines: {node: ^18.0.0 || ^20.0.0 || >=22.0.0}
+    hasBin: true
+
+  vite-tsconfig-paths@5.1.4:
+    resolution: {integrity: sha512-cYj0LRuLV2c2sMqhqhGpaO3LretdtMn/BVX4cPLanIZuwwrkVl+lK84E/miEXkCHWXuq65rhNN4rXsBcOB3S4w==}
+    peerDependencies:
+      vite: '*'
+    peerDependenciesMeta:
+      vite:
+        optional: true
+
+  vite@6.3.2:
+    resolution: {integrity: sha512-ZSvGOXKGceizRQIZSz7TGJ0pS3QLlVY/9hwxVh17W3re67je1RKYzFHivZ/t0tubU78Vkyb9WnHPENSBCzbckg==}
+    engines: {node: ^18.0.0 || ^20.0.0 || >=22.0.0}
+    hasBin: true
+    peerDependencies:
+      '@types/node': ^18.0.0 || ^20.0.0 || >=22.0.0
+      jiti: '>=1.21.0'
+      less: '*'
+      lightningcss: ^1.21.0
+      sass: '*'
+      sass-embedded: '*'
+      stylus: '*'
+      sugarss: '*'
+      terser: ^5.16.0
+      tsx: ^4.8.1
+      yaml: ^2.4.2
+    peerDependenciesMeta:
+      '@types/node':
+        optional: true
+      jiti:
+        optional: true
+      less:
+        optional: true
+      lightningcss:
+        optional: true
+      sass:
+        optional: true
+      sass-embedded:
+        optional: true
+      stylus:
+        optional: true
+      sugarss:
+        optional: true
+      terser:
+        optional: true
+      tsx:
+        optional: true
+      yaml:
+        optional: true
+
+  vitest@3.1.2:
+    resolution: {integrity: sha512-WaxpJe092ID1C0mr+LH9MmNrhfzi8I65EX/NRU/Ld016KqQNRgxSOlGNP1hHN+a/F8L15Mh8klwaF77zR3GeDQ==}
+    engines: {node: ^18.0.0 || ^20.0.0 || >=22.0.0}
+    hasBin: true
+    peerDependencies:
+      '@edge-runtime/vm': '*'
+      '@types/debug': ^4.1.12
+      '@types/node': ^18.0.0 || ^20.0.0 || >=22.0.0
+      '@vitest/browser': 3.1.2
+      '@vitest/ui': 3.1.2
+      happy-dom: '*'
+      jsdom: '*'
+    peerDependenciesMeta:
+      '@edge-runtime/vm':
+        optional: true
+      '@types/debug':
+        optional: true
+      '@types/node':
+        optional: true
+      '@vitest/browser':
+        optional: true
+      '@vitest/ui':
+        optional: true
+      happy-dom:
+        optional: true
+      jsdom:
+        optional: true
+
+  w3c-xmlserializer@5.0.0:
+    resolution: {integrity: sha512-o8qghlI8NZHU1lLPrpi2+Uq7abh4GGPpYANlalzWxyWteJOCsr/P+oPBA49TOLu5FTZO4d3F9MnWJfiMo4BkmA==}
+    engines: {node: '>=18'}
+
+  wait-on@8.0.3:
+    resolution: {integrity: sha512-nQFqAFzZDeRxsu7S3C7LbuxslHhk+gnJZHyethuGKAn2IVleIbTB9I3vJSQiSR+DifUqmdzfPMoMPJfLqMF2vw==}
+    engines: {node: '>=12.0.0'}
+    hasBin: true
+
+  web-streams-polyfill@3.3.3:
+    resolution: {integrity: sha512-d2JWLCivmZYTSIoge9MsgFCZrt571BikcWGYkjC1khllbTeDlGqZ2D8vD8E/lJa8WGWbb7Plm8/XJYV7IJHZZw==}
+    engines: {node: '>= 8'}
+
+  webidl-conversions@3.0.1:
+    resolution: {integrity: sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==}
+
+  webidl-conversions@4.0.2:
+    resolution: {integrity: sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==}
+
+  webidl-conversions@7.0.0:
+    resolution: {integrity: sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==}
+    engines: {node: '>=12'}
+
+  whatwg-encoding@3.1.1:
+    resolution: {integrity: sha512-6qN4hJdMwfYBtE3YBTTHhoeuUrDBPZmbQaxWAqSALV/MeEnR5z1xd8UKud2RAkFoPkmB+hli1TZSnyi84xz1vQ==}
+    engines: {node: '>=18'}
+
+  whatwg-mimetype@4.0.0:
+    resolution: {integrity: sha512-QaKxh0eNIi2mE9p2vEdzfagOKHCcj1pJ56EEHGQOVxp8r9/iszLUUV7v89x9O1p/T+NlTM5W7jW6+cz4Fq1YVg==}
+    engines: {node: '>=18'}
+
+  whatwg-url@14.2.0:
+    resolution: {integrity: sha512-De72GdQZzNTUBBChsXueQUnPKDkg/5A5zp7pFDuQAj5UFoENpiACU0wlCvzpAGnTkj++ihpKwKyYewn/XNUbKw==}
+    engines: {node: '>=18'}
+
+  whatwg-url@5.0.0:
+    resolution: {integrity: sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==}
+
+  whatwg-url@7.1.0:
+    resolution: {integrity: sha512-WUu7Rg1DroM7oQvGWfOiAK21n74Gg+T4elXEQYkOhtyLeWiJFoOGLXPKI/9gzIie9CtwVLm8wtw6YJdKyxSjeg==}
+
+  which-boxed-primitive@1.0.2:
+    resolution: {integrity: sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==}
+
+  which-builtin-type@1.1.4:
+    resolution: {integrity: sha512-bppkmBSsHFmIMSl8BO9TbsyzsvGjVoppt8xUiGzwiu/bhDCGxnpOKCxgqj6GuyHE0mINMDecBFPlOm2hzY084w==}
+    engines: {node: '>= 0.4'}
+
+  which-collection@1.0.2:
+    resolution: {integrity: sha512-K4jVyjnBdgvc86Y6BkaLZEN933SwYOuBFkdmBu9ZfkcAbdVbpITnDmjvZ/aQjRXQrv5EPkTnD1s39GiiqbngCw==}
+    engines: {node: '>= 0.4'}
+
+  which-typed-array@1.1.15:
+    resolution: {integrity: sha512-oV0jmFtUky6CXfkqehVvBP/LSWJ2sy4vWMioiENyJLePrBO/yKyV9OyJySfAKosh+RYkIl5zJCNZ8/4JncrpdA==}
+    engines: {node: '>= 0.4'}
+
+  which@2.0.2:
+    resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==}
+    engines: {node: '>= 8'}
+    hasBin: true
+
+  why-is-node-running@2.3.0:
+    resolution: {integrity: sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==}
+    engines: {node: '>=8'}
+    hasBin: true
+
+  wide-align@1.1.5:
+    resolution: {integrity: sha512-eDMORYaPNZ4sQIuuYPDHdQvf4gyCF9rEEV/yPxGfwPkRodwEgiMUUXTx/dex+Me0wxx53S+NgUHaP7y3MGlDmg==}
+
+  word-wrap@1.2.5:
+    resolution: {integrity: sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==}
+    engines: {node: '>=0.10.0'}
+
+  wrap-ansi@6.2.0:
+    resolution: {integrity: sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==}
+    engines: {node: '>=8'}
+
+  wrap-ansi@7.0.0:
+    resolution: {integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==}
+    engines: {node: '>=10'}
+
+  wrap-ansi@8.1.0:
+    resolution: {integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==}
+    engines: {node: '>=12'}
+
+  wrap-ansi@9.0.0:
+    resolution: {integrity: sha512-G8ura3S+3Z2G+mkgNRq8dqaFZAuxfsxpBB8OCTGRTCtp+l/v9nbFNmCUP1BZMts3G1142MsZfn6eeUKrr4PD1Q==}
+    engines: {node: '>=18'}
+
+  wrappy@1.0.2:
+    resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
+
+  ws@8.18.1:
+    resolution: {integrity: sha512-RKW2aJZMXeMxVpnZ6bck+RswznaxmzdULiBr6KY7XkTnW8uvt0iT9H5DkHUChXrc+uurzwa0rVI16n/Xzjdz1w==}
+    engines: {node: '>=10.0.0'}
+    peerDependencies:
+      bufferutil: ^4.0.1
+      utf-8-validate: '>=5.0.2'
+    peerDependenciesMeta:
+      bufferutil:
+        optional: true
+      utf-8-validate:
+        optional: true
+
+  xml-name-validator@5.0.0:
+    resolution: {integrity: sha512-EvGK8EJ3DhaHfbRlETOWAS5pO9MZITeauHKJyb8wyajUfQUenkIg2MvLDTZ4T/TgIcm3HU0TFBgWWboAZ30UHg==}
+    engines: {node: '>=18'}
+
+  xmlchars@2.2.0:
+    resolution: {integrity: sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==}
+
+  y18n@5.0.8:
+    resolution: {integrity: sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==}
+    engines: {node: '>=10'}
+
+  yallist@3.1.1:
+    resolution: {integrity: sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==}
+
+  yallist@4.0.0:
+    resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==}
+
+  yaml@2.7.1:
+    resolution: {integrity: sha512-10ULxpnOCQXxJvBgxsn9ptjq6uviG/htZKk9veJGhlqn3w/DxQ631zFF+nlQXLwmImeS5amR2dl2U8sg6U9jsQ==}
+    engines: {node: '>= 14'}
+    hasBin: true
+
+  yargs-parser@21.1.1:
+    resolution: {integrity: sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==}
+    engines: {node: '>=12'}
+
+  yargs@17.7.2:
+    resolution: {integrity: sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==}
+    engines: {node: '>=12'}
+
+  yauzl@2.10.0:
+    resolution: {integrity: sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g==}
+
+  yocto-queue@0.1.0:
+    resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
+    engines: {node: '>=10'}
+
+snapshots:
+
+  '@adobe/css-tools@4.4.0': {}
+
+  '@alloc/quick-lru@5.2.0': {}
+
+  '@ampproject/remapping@2.3.0':
+    dependencies:
+      '@jridgewell/gen-mapping': 0.3.8
+      '@jridgewell/trace-mapping': 0.3.25
+
+  '@asamuzakjp/css-color@3.1.4':
+    dependencies:
+      '@csstools/css-calc': 2.1.3(@csstools/css-parser-algorithms@3.0.4(@csstools/css-tokenizer@3.0.3))(@csstools/css-tokenizer@3.0.3)
+      '@csstools/css-color-parser': 3.0.9(@csstools/css-parser-algorithms@3.0.4(@csstools/css-tokenizer@3.0.3))(@csstools/css-tokenizer@3.0.3)
+      '@csstools/css-parser-algorithms': 3.0.4(@csstools/css-tokenizer@3.0.3)
+      '@csstools/css-tokenizer': 3.0.3
+      lru-cache: 10.4.3
+
+  '@babel/code-frame@7.26.2':
+    dependencies:
+      '@babel/helper-validator-identifier': 7.25.9
+      js-tokens: 4.0.0
+      picocolors: 1.1.1
+
+  '@babel/compat-data@7.26.8': {}
+
+  '@babel/core@7.26.10':
+    dependencies:
+      '@ampproject/remapping': 2.3.0
+      '@babel/code-frame': 7.26.2
+      '@babel/generator': 7.27.0
+      '@babel/helper-compilation-targets': 7.27.0
+      '@babel/helper-module-transforms': 7.26.0(@babel/core@7.26.10)
+      '@babel/helpers': 7.27.0
+      '@babel/parser': 7.27.0
+      '@babel/template': 7.27.0
+      '@babel/traverse': 7.27.0
+      '@babel/types': 7.27.0
+      convert-source-map: 2.0.0
+      debug: 4.4.0(supports-color@5.5.0)
+      gensync: 1.0.0-beta.2
+      json5: 2.2.3
+      semver: 6.3.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@babel/eslint-parser@7.25.9(@babel/core@7.26.10)(eslint@8.57.1)':
+    dependencies:
+      '@babel/core': 7.26.10
+      '@nicolo-ribaudo/eslint-scope-5-internals': 5.1.1-v1
+      eslint: 8.57.1
+      eslint-visitor-keys: 2.1.0
+      semver: 6.3.1
+
+  '@babel/generator@7.27.0':
+    dependencies:
+      '@babel/parser': 7.27.0
+      '@babel/types': 7.27.0
+      '@jridgewell/gen-mapping': 0.3.8
+      '@jridgewell/trace-mapping': 0.3.25
+      jsesc: 3.1.0
+
+  '@babel/helper-compilation-targets@7.27.0':
+    dependencies:
+      '@babel/compat-data': 7.26.8
+      '@babel/helper-validator-option': 7.25.9
+      browserslist: 4.24.4
+      lru-cache: 5.1.1
+      semver: 6.3.1
+
+  '@babel/helper-module-imports@7.25.9':
+    dependencies:
+      '@babel/traverse': 7.27.0
+      '@babel/types': 7.27.0
+    transitivePeerDependencies:
+      - supports-color
+
+  '@babel/helper-module-transforms@7.26.0(@babel/core@7.26.10)':
+    dependencies:
+      '@babel/core': 7.26.10
+      '@babel/helper-module-imports': 7.25.9
+      '@babel/helper-validator-identifier': 7.25.9
+      '@babel/traverse': 7.27.0
+    transitivePeerDependencies:
+      - supports-color
+
+  '@babel/helper-plugin-utils@7.26.5': {}
+
+  '@babel/helper-string-parser@7.25.9': {}
+
+  '@babel/helper-validator-identifier@7.25.9': {}
+
+  '@babel/helper-validator-option@7.25.9': {}
+
+  '@babel/helpers@7.27.0':
+    dependencies:
+      '@babel/template': 7.27.0
+      '@babel/types': 7.27.0
+
+  '@babel/parser@7.27.0':
+    dependencies:
+      '@babel/types': 7.27.0
+
+  '@babel/plugin-transform-react-jsx-self@7.25.9(@babel/core@7.26.10)':
+    dependencies:
+      '@babel/core': 7.26.10
+      '@babel/helper-plugin-utils': 7.26.5
+
+  '@babel/plugin-transform-react-jsx-source@7.25.9(@babel/core@7.26.10)':
+    dependencies:
+      '@babel/core': 7.26.10
+      '@babel/helper-plugin-utils': 7.26.5
+
+  '@babel/runtime@7.27.0':
+    dependencies:
+      regenerator-runtime: 0.14.1
+
+  '@babel/template@7.27.0':
+    dependencies:
+      '@babel/code-frame': 7.26.2
+      '@babel/parser': 7.27.0
+      '@babel/types': 7.27.0
+
+  '@babel/traverse@7.27.0':
+    dependencies:
+      '@babel/code-frame': 7.26.2
+      '@babel/generator': 7.27.0
+      '@babel/parser': 7.27.0
+      '@babel/template': 7.27.0
+      '@babel/types': 7.27.0
+      debug: 4.4.0(supports-color@5.5.0)
+      globals: 11.12.0
+    transitivePeerDependencies:
+      - supports-color
+
+  '@babel/types@7.27.0':
+    dependencies:
+      '@babel/helper-string-parser': 7.25.9
+      '@babel/helper-validator-identifier': 7.25.9
+
+  '@bufbuild/buf-darwin-arm64@1.53.0':
+    optional: true
+
+  '@bufbuild/buf-darwin-x64@1.53.0':
+    optional: true
+
+  '@bufbuild/buf-linux-aarch64@1.53.0':
+    optional: true
+
+  '@bufbuild/buf-linux-armv7@1.53.0':
+    optional: true
+
+  '@bufbuild/buf-linux-x64@1.53.0':
+    optional: true
+
+  '@bufbuild/buf-win32-arm64@1.53.0':
+    optional: true
+
+  '@bufbuild/buf-win32-x64@1.53.0':
+    optional: true
+
+  '@bufbuild/buf@1.53.0':
+    optionalDependencies:
+      '@bufbuild/buf-darwin-arm64': 1.53.0
+      '@bufbuild/buf-darwin-x64': 1.53.0
+      '@bufbuild/buf-linux-aarch64': 1.53.0
+      '@bufbuild/buf-linux-armv7': 1.53.0
+      '@bufbuild/buf-linux-x64': 1.53.0
+      '@bufbuild/buf-win32-arm64': 1.53.0
+      '@bufbuild/buf-win32-x64': 1.53.0
+
+  '@bufbuild/protobuf@2.2.2': {}
+
+  '@bufbuild/protobuf@2.2.5': {}
+
+  '@bufbuild/protocompile@0.0.1(@bufbuild/buf@1.53.0)':
+    dependencies:
+      '@bufbuild/buf': 1.53.0
+      '@bufbuild/protobuf': 2.2.2
+      fflate: 0.8.2
+
+  '@changesets/apply-release-plan@7.0.12':
+    dependencies:
+      '@changesets/config': 3.1.1
+      '@changesets/get-version-range-type': 0.4.0
+      '@changesets/git': 3.0.4
+      '@changesets/should-skip-package': 0.1.2
+      '@changesets/types': 6.1.0
+      '@manypkg/get-packages': 1.1.3
+      detect-indent: 6.1.0
+      fs-extra: 7.0.1
+      lodash.startcase: 4.4.0
+      outdent: 0.5.0
+      prettier: 2.8.8
+      resolve-from: 5.0.0
+      semver: 7.7.1
+
+  '@changesets/assemble-release-plan@6.0.6':
+    dependencies:
+      '@changesets/errors': 0.2.0
+      '@changesets/get-dependents-graph': 2.1.3
+      '@changesets/should-skip-package': 0.1.2
+      '@changesets/types': 6.1.0
+      '@manypkg/get-packages': 1.1.3
+      semver: 7.7.1
+
+  '@changesets/changelog-git@0.2.1':
+    dependencies:
+      '@changesets/types': 6.1.0
+
+  '@changesets/cli@2.29.2':
+    dependencies:
+      '@changesets/apply-release-plan': 7.0.12
+      '@changesets/assemble-release-plan': 6.0.6
+      '@changesets/changelog-git': 0.2.1
+      '@changesets/config': 3.1.1
+      '@changesets/errors': 0.2.0
+      '@changesets/get-dependents-graph': 2.1.3
+      '@changesets/get-release-plan': 4.0.10
+      '@changesets/git': 3.0.4
+      '@changesets/logger': 0.1.1
+      '@changesets/pre': 2.0.2
+      '@changesets/read': 0.6.5
+      '@changesets/should-skip-package': 0.1.2
+      '@changesets/types': 6.1.0
+      '@changesets/write': 0.4.0
+      '@manypkg/get-packages': 1.1.3
+      ansi-colors: 4.1.3
+      ci-info: 3.9.0
+      enquirer: 2.4.1
+      external-editor: 3.1.0
+      fs-extra: 7.0.1
+      mri: 1.2.0
+      p-limit: 2.3.0
+      package-manager-detector: 0.2.11
+      picocolors: 1.1.1
+      resolve-from: 5.0.0
+      semver: 7.7.1
+      spawndamnit: 3.0.1
+      term-size: 2.2.1
+
+  '@changesets/config@3.1.1':
+    dependencies:
+      '@changesets/errors': 0.2.0
+      '@changesets/get-dependents-graph': 2.1.3
+      '@changesets/logger': 0.1.1
+      '@changesets/types': 6.1.0
+      '@manypkg/get-packages': 1.1.3
+      fs-extra: 7.0.1
+      micromatch: 4.0.8
+
+  '@changesets/errors@0.2.0':
+    dependencies:
+      extendable-error: 0.1.7
+
+  '@changesets/get-dependents-graph@2.1.3':
+    dependencies:
+      '@changesets/types': 6.1.0
+      '@manypkg/get-packages': 1.1.3
+      picocolors: 1.1.1
+      semver: 7.7.1
+
+  '@changesets/get-release-plan@4.0.10':
+    dependencies:
+      '@changesets/assemble-release-plan': 6.0.6
+      '@changesets/config': 3.1.1
+      '@changesets/pre': 2.0.2
+      '@changesets/read': 0.6.5
+      '@changesets/types': 6.1.0
+      '@manypkg/get-packages': 1.1.3
+
+  '@changesets/get-version-range-type@0.4.0': {}
+
+  '@changesets/git@3.0.4':
+    dependencies:
+      '@changesets/errors': 0.2.0
+      '@manypkg/get-packages': 1.1.3
+      is-subdir: 1.2.0
+      micromatch: 4.0.8
+      spawndamnit: 3.0.1
+
+  '@changesets/logger@0.1.1':
+    dependencies:
+      picocolors: 1.1.1
+
+  '@changesets/parse@0.4.1':
+    dependencies:
+      '@changesets/types': 6.1.0
+      js-yaml: 3.14.1
+
+  '@changesets/pre@2.0.2':
+    dependencies:
+      '@changesets/errors': 0.2.0
+      '@changesets/types': 6.1.0
+      '@manypkg/get-packages': 1.1.3
+      fs-extra: 7.0.1
+
+  '@changesets/read@0.6.5':
+    dependencies:
+      '@changesets/git': 3.0.4
+      '@changesets/logger': 0.1.1
+      '@changesets/parse': 0.4.1
+      '@changesets/types': 6.1.0
+      fs-extra: 7.0.1
+      p-filter: 2.1.0
+      picocolors: 1.1.1
+
+  '@changesets/should-skip-package@0.1.2':
+    dependencies:
+      '@changesets/types': 6.1.0
+      '@manypkg/get-packages': 1.1.3
+
+  '@changesets/types@4.1.0': {}
+
+  '@changesets/types@6.1.0': {}
+
+  '@changesets/write@0.4.0':
+    dependencies:
+      '@changesets/types': 6.1.0
+      fs-extra: 7.0.1
+      human-id: 4.1.1
+      prettier: 2.8.8
+
+  '@colors/colors@1.5.0':
+    optional: true
+
+  '@connectrpc/connect-node@2.0.0(@bufbuild/protobuf@2.2.2)(@connectrpc/connect@2.0.0(@bufbuild/protobuf@2.2.2))':
+    dependencies:
+      '@bufbuild/protobuf': 2.2.2
+      '@connectrpc/connect': 2.0.0(@bufbuild/protobuf@2.2.2)
+
+  '@connectrpc/connect-web@2.0.0(@bufbuild/protobuf@2.2.2)(@connectrpc/connect@2.0.0(@bufbuild/protobuf@2.2.2))':
+    dependencies:
+      '@bufbuild/protobuf': 2.2.2
+      '@connectrpc/connect': 2.0.0(@bufbuild/protobuf@2.2.2)
+
+  '@connectrpc/connect@2.0.0(@bufbuild/protobuf@2.2.2)':
+    dependencies:
+      '@bufbuild/protobuf': 2.2.2
+
+  '@csstools/color-helpers@5.0.2': {}
+
+  '@csstools/css-calc@2.1.3(@csstools/css-parser-algorithms@3.0.4(@csstools/css-tokenizer@3.0.3))(@csstools/css-tokenizer@3.0.3)':
+    dependencies:
+      '@csstools/css-parser-algorithms': 3.0.4(@csstools/css-tokenizer@3.0.3)
+      '@csstools/css-tokenizer': 3.0.3
+
+  '@csstools/css-color-parser@3.0.9(@csstools/css-parser-algorithms@3.0.4(@csstools/css-tokenizer@3.0.3))(@csstools/css-tokenizer@3.0.3)':
+    dependencies:
+      '@csstools/color-helpers': 5.0.2
+      '@csstools/css-calc': 2.1.3(@csstools/css-parser-algorithms@3.0.4(@csstools/css-tokenizer@3.0.3))(@csstools/css-tokenizer@3.0.3)
+      '@csstools/css-parser-algorithms': 3.0.4(@csstools/css-tokenizer@3.0.3)
+      '@csstools/css-tokenizer': 3.0.3
+
+  '@csstools/css-parser-algorithms@3.0.4(@csstools/css-tokenizer@3.0.3)':
+    dependencies:
+      '@csstools/css-tokenizer': 3.0.3
+
+  '@csstools/css-tokenizer@3.0.3': {}
+
+  '@cypress/request@3.0.8':
+    dependencies:
+      aws-sign2: 0.7.0
+      aws4: 1.13.2
+      caseless: 0.12.0
+      combined-stream: 1.0.8
+      extend: 3.0.2
+      forever-agent: 0.6.1
+      form-data: 4.0.2
+      http-signature: 1.4.0
+      is-typedarray: 1.0.0
+      isstream: 0.1.2
+      json-stringify-safe: 5.0.1
+      mime-types: 2.1.35
+      performance-now: 2.1.0
+      qs: 6.14.0
+      safe-buffer: 5.2.1
+      tough-cookie: 5.1.2
+      tunnel-agent: 0.6.0
+      uuid: 8.3.2
+
+  '@cypress/xvfb@1.2.4(supports-color@8.1.1)':
+    dependencies:
+      debug: 3.2.7(supports-color@8.1.1)
+      lodash.once: 4.1.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@emnapi/runtime@1.4.3':
+    dependencies:
+      tslib: 2.8.1
+    optional: true
+
+  '@esbuild/aix-ppc64@0.25.2':
+    optional: true
+
+  '@esbuild/android-arm64@0.25.2':
+    optional: true
+
+  '@esbuild/android-arm@0.25.2':
+    optional: true
+
+  '@esbuild/android-x64@0.25.2':
+    optional: true
+
+  '@esbuild/darwin-arm64@0.25.2':
+    optional: true
+
+  '@esbuild/darwin-x64@0.25.2':
+    optional: true
+
+  '@esbuild/freebsd-arm64@0.25.2':
+    optional: true
+
+  '@esbuild/freebsd-x64@0.25.2':
+    optional: true
+
+  '@esbuild/linux-arm64@0.25.2':
+    optional: true
+
+  '@esbuild/linux-arm@0.25.2':
+    optional: true
+
+  '@esbuild/linux-ia32@0.25.2':
+    optional: true
+
+  '@esbuild/linux-loong64@0.25.2':
+    optional: true
+
+  '@esbuild/linux-mips64el@0.25.2':
+    optional: true
+
+  '@esbuild/linux-ppc64@0.25.2':
+    optional: true
+
+  '@esbuild/linux-riscv64@0.25.2':
+    optional: true
+
+  '@esbuild/linux-s390x@0.25.2':
+    optional: true
+
+  '@esbuild/linux-x64@0.25.2':
+    optional: true
+
+  '@esbuild/netbsd-arm64@0.25.2':
+    optional: true
+
+  '@esbuild/netbsd-x64@0.25.2':
+    optional: true
+
+  '@esbuild/openbsd-arm64@0.25.2':
+    optional: true
+
+  '@esbuild/openbsd-x64@0.25.2':
+    optional: true
+
+  '@esbuild/sunos-x64@0.25.2':
+    optional: true
+
+  '@esbuild/win32-arm64@0.25.2':
+    optional: true
+
+  '@esbuild/win32-ia32@0.25.2':
+    optional: true
+
+  '@esbuild/win32-x64@0.25.2':
+    optional: true
+
+  '@eslint-community/eslint-utils@4.4.0(eslint@8.57.1)':
+    dependencies:
+      eslint: 8.57.1
+      eslint-visitor-keys: 3.4.3
+
+  '@eslint-community/eslint-utils@4.4.1(eslint@8.57.1)':
+    dependencies:
+      eslint: 8.57.1
+      eslint-visitor-keys: 3.4.3
+
+  '@eslint-community/regexpp@4.11.1': {}
+
+  '@eslint-community/regexpp@4.12.1': {}
+
+  '@eslint/eslintrc@2.1.4':
+    dependencies:
+      ajv: 6.12.6
+      debug: 4.4.0(supports-color@5.5.0)
+      espree: 9.6.1
+      globals: 13.24.0
+      ignore: 5.3.2
+      import-fresh: 3.3.0
+      js-yaml: 4.1.0
+      minimatch: 3.1.2
+      strip-json-comments: 3.1.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@eslint/js@8.57.1': {}
+
+  '@faker-js/faker@9.7.0': {}
+
+  '@floating-ui/core@1.6.8':
+    dependencies:
+      '@floating-ui/utils': 0.2.8
+
+  '@floating-ui/dom@1.6.11':
+    dependencies:
+      '@floating-ui/core': 1.6.8
+      '@floating-ui/utils': 0.2.8
+
+  '@floating-ui/react-dom@2.1.2(react-dom@19.1.0(react@19.1.0))(react@19.1.0)':
+    dependencies:
+      '@floating-ui/dom': 1.6.11
+      react: 19.1.0
+      react-dom: 19.1.0(react@19.1.0)
+
+  '@floating-ui/react@0.26.24(react-dom@19.1.0(react@19.1.0))(react@19.1.0)':
+    dependencies:
+      '@floating-ui/react-dom': 2.1.2(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@floating-ui/utils': 0.2.8
+      react: 19.1.0
+      react-dom: 19.1.0(react@19.1.0)
+      tabbable: 6.2.0
+
+  '@floating-ui/utils@0.2.8': {}
+
+  '@formatjs/ecma402-abstract@2.2.4':
+    dependencies:
+      '@formatjs/fast-memoize': 2.2.3
+      '@formatjs/intl-localematcher': 0.5.8
+      tslib: 2.8.1
+
+  '@formatjs/fast-memoize@2.2.3':
+    dependencies:
+      tslib: 2.8.1
+
+  '@formatjs/icu-messageformat-parser@2.9.4':
+    dependencies:
+      '@formatjs/ecma402-abstract': 2.2.4
+      '@formatjs/icu-skeleton-parser': 1.8.8
+      tslib: 2.8.1
+
+  '@formatjs/icu-skeleton-parser@1.8.8':
+    dependencies:
+      '@formatjs/ecma402-abstract': 2.2.4
+      tslib: 2.8.1
+
+  '@formatjs/intl-localematcher@0.5.8':
+    dependencies:
+      tslib: 2.8.1
+
+  '@grpc/grpc-js@1.11.1':
+    dependencies:
+      '@grpc/proto-loader': 0.7.13
+      '@js-sdsl/ordered-map': 4.4.2
+
+  '@grpc/proto-loader@0.7.13':
+    dependencies:
+      lodash.camelcase: 4.3.0
+      long: 5.2.3
+      protobufjs: 7.4.0
+      yargs: 17.7.2
+
+  '@hapi/hoek@9.3.0': {}
+
+  '@hapi/topo@5.1.0':
+    dependencies:
+      '@hapi/hoek': 9.3.0
+
+  '@headlessui/react@2.1.9(react-dom@19.1.0(react@19.1.0))(react@19.1.0)':
+    dependencies:
+      '@floating-ui/react': 0.26.24(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@react-aria/focus': 3.18.3(react@19.1.0)
+      '@react-aria/interactions': 3.22.3(react@19.1.0)
+      '@tanstack/react-virtual': 3.10.6(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      react: 19.1.0
+      react-dom: 19.1.0(react@19.1.0)
+
+  '@heroicons/react@2.1.3(react@19.1.0)':
+    dependencies:
+      react: 19.1.0
+
+  '@humanwhocodes/config-array@0.13.0':
+    dependencies:
+      '@humanwhocodes/object-schema': 2.0.3
+      debug: 4.4.0(supports-color@5.5.0)
+      minimatch: 3.1.2
+    transitivePeerDependencies:
+      - supports-color
+
+  '@humanwhocodes/module-importer@1.0.1': {}
+
+  '@humanwhocodes/object-schema@2.0.3': {}
+
+  '@img/sharp-darwin-arm64@0.34.1':
+    optionalDependencies:
+      '@img/sharp-libvips-darwin-arm64': 1.1.0
+    optional: true
+
+  '@img/sharp-darwin-x64@0.34.1':
+    optionalDependencies:
+      '@img/sharp-libvips-darwin-x64': 1.1.0
+    optional: true
+
+  '@img/sharp-libvips-darwin-arm64@1.1.0':
+    optional: true
+
+  '@img/sharp-libvips-darwin-x64@1.1.0':
+    optional: true
+
+  '@img/sharp-libvips-linux-arm64@1.1.0':
+    optional: true
+
+  '@img/sharp-libvips-linux-arm@1.1.0':
+    optional: true
+
+  '@img/sharp-libvips-linux-ppc64@1.1.0':
+    optional: true
+
+  '@img/sharp-libvips-linux-s390x@1.1.0':
+    optional: true
+
+  '@img/sharp-libvips-linux-x64@1.1.0':
+    optional: true
+
+  '@img/sharp-libvips-linuxmusl-arm64@1.1.0':
+    optional: true
+
+  '@img/sharp-libvips-linuxmusl-x64@1.1.0':
+    optional: true
+
+  '@img/sharp-linux-arm64@0.34.1':
+    optionalDependencies:
+      '@img/sharp-libvips-linux-arm64': 1.1.0
+    optional: true
+
+  '@img/sharp-linux-arm@0.34.1':
+    optionalDependencies:
+      '@img/sharp-libvips-linux-arm': 1.1.0
+    optional: true
+
+  '@img/sharp-linux-s390x@0.34.1':
+    optionalDependencies:
+      '@img/sharp-libvips-linux-s390x': 1.1.0
+    optional: true
+
+  '@img/sharp-linux-x64@0.34.1':
+    optionalDependencies:
+      '@img/sharp-libvips-linux-x64': 1.1.0
+    optional: true
+
+  '@img/sharp-linuxmusl-arm64@0.34.1':
+    optionalDependencies:
+      '@img/sharp-libvips-linuxmusl-arm64': 1.1.0
+    optional: true
+
+  '@img/sharp-linuxmusl-x64@0.34.1':
+    optionalDependencies:
+      '@img/sharp-libvips-linuxmusl-x64': 1.1.0
+    optional: true
+
+  '@img/sharp-wasm32@0.34.1':
+    dependencies:
+      '@emnapi/runtime': 1.4.3
+    optional: true
+
+  '@img/sharp-win32-ia32@0.34.1':
+    optional: true
+
+  '@img/sharp-win32-x64@0.34.1':
+    optional: true
+
+  '@isaacs/cliui@8.0.2':
+    dependencies:
+      string-width: 5.1.2
+      string-width-cjs: string-width@4.2.3
+      strip-ansi: 7.1.0
+      strip-ansi-cjs: strip-ansi@6.0.1
+      wrap-ansi: 8.1.0
+      wrap-ansi-cjs: wrap-ansi@7.0.0
+
+  '@jridgewell/gen-mapping@0.3.8':
+    dependencies:
+      '@jridgewell/set-array': 1.2.1
+      '@jridgewell/sourcemap-codec': 1.5.0
+      '@jridgewell/trace-mapping': 0.3.25
+
+  '@jridgewell/resolve-uri@3.1.2': {}
+
+  '@jridgewell/set-array@1.2.1': {}
+
+  '@jridgewell/sourcemap-codec@1.5.0': {}
+
+  '@jridgewell/trace-mapping@0.3.25':
+    dependencies:
+      '@jridgewell/resolve-uri': 3.1.2
+      '@jridgewell/sourcemap-codec': 1.5.0
+
+  '@js-sdsl/ordered-map@4.4.2': {}
+
+  '@manypkg/find-root@1.1.0':
+    dependencies:
+      '@babel/runtime': 7.27.0
+      '@types/node': 12.20.55
+      find-up: 4.1.0
+      fs-extra: 8.1.0
+
+  '@manypkg/get-packages@1.1.3':
+    dependencies:
+      '@babel/runtime': 7.27.0
+      '@changesets/types': 4.1.0
+      '@manypkg/find-root': 1.1.0
+      fs-extra: 8.1.0
+      globby: 11.1.0
+      read-yaml-file: 1.1.0
+
+  '@mapbox/node-pre-gyp@1.0.11':
+    dependencies:
+      detect-libc: 2.0.4
+      https-proxy-agent: 5.0.1
+      make-dir: 3.1.0
+      node-fetch: 2.7.0
+      nopt: 5.0.0
+      npmlog: 5.0.1
+      rimraf: 3.0.2
+      semver: 7.7.1
+      tar: 6.2.1
+    transitivePeerDependencies:
+      - encoding
+      - supports-color
+
+  '@next/env@15.4.0-canary.86': {}
+
+  '@next/eslint-plugin-next@14.2.18':
+    dependencies:
+      glob: 10.3.10
+
+  '@next/swc-darwin-arm64@15.4.0-canary.86':
+    optional: true
+
+  '@next/swc-darwin-x64@15.4.0-canary.86':
+    optional: true
+
+  '@next/swc-linux-arm64-gnu@15.4.0-canary.86':
+    optional: true
+
+  '@next/swc-linux-arm64-musl@15.4.0-canary.86':
+    optional: true
+
+  '@next/swc-linux-x64-gnu@15.4.0-canary.86':
+    optional: true
+
+  '@next/swc-linux-x64-musl@15.4.0-canary.86':
+    optional: true
+
+  '@next/swc-win32-arm64-msvc@15.4.0-canary.86':
+    optional: true
+
+  '@next/swc-win32-x64-msvc@15.4.0-canary.86':
+    optional: true
+
+  '@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1':
+    dependencies:
+      eslint-scope: 5.1.1
+
+  '@nodelib/fs.scandir@2.1.5':
+    dependencies:
+      '@nodelib/fs.stat': 2.0.5
+      run-parallel: 1.2.0
+
+  '@nodelib/fs.stat@2.0.5': {}
+
+  '@nodelib/fs.walk@1.2.8':
+    dependencies:
+      '@nodelib/fs.scandir': 2.1.5
+      fastq: 1.17.1
+
+  '@nolyfill/is-core-module@1.0.39': {}
+
+  '@otplib/core@12.0.1': {}
+
+  '@otplib/plugin-crypto@12.0.1':
+    dependencies:
+      '@otplib/core': 12.0.1
+
+  '@otplib/plugin-thirty-two@12.0.1':
+    dependencies:
+      '@otplib/core': 12.0.1
+      thirty-two: 1.0.2
+
+  '@parcel/watcher-android-arm64@2.5.1':
+    optional: true
+
+  '@parcel/watcher-darwin-arm64@2.5.1':
+    optional: true
+
+  '@parcel/watcher-darwin-x64@2.5.1':
+    optional: true
+
+  '@parcel/watcher-freebsd-x64@2.5.1':
+    optional: true
+
+  '@parcel/watcher-linux-arm-glibc@2.5.1':
+    optional: true
+
+  '@parcel/watcher-linux-arm-musl@2.5.1':
+    optional: true
+
+  '@parcel/watcher-linux-arm64-glibc@2.5.1':
+    optional: true
+
+  '@parcel/watcher-linux-arm64-musl@2.5.1':
+    optional: true
+
+  '@parcel/watcher-linux-x64-glibc@2.5.1':
+    optional: true
+
+  '@parcel/watcher-linux-x64-musl@2.5.1':
+    optional: true
+
+  '@parcel/watcher-win32-arm64@2.5.1':
+    optional: true
+
+  '@parcel/watcher-win32-ia32@2.5.1':
+    optional: true
+
+  '@parcel/watcher-win32-x64@2.5.1':
+    optional: true
+
+  '@parcel/watcher@2.5.1':
+    dependencies:
+      detect-libc: 1.0.3
+      is-glob: 4.0.3
+      micromatch: 4.0.8
+      node-addon-api: 7.1.1
+    optionalDependencies:
+      '@parcel/watcher-android-arm64': 2.5.1
+      '@parcel/watcher-darwin-arm64': 2.5.1
+      '@parcel/watcher-darwin-x64': 2.5.1
+      '@parcel/watcher-freebsd-x64': 2.5.1
+      '@parcel/watcher-linux-arm-glibc': 2.5.1
+      '@parcel/watcher-linux-arm-musl': 2.5.1
+      '@parcel/watcher-linux-arm64-glibc': 2.5.1
+      '@parcel/watcher-linux-arm64-musl': 2.5.1
+      '@parcel/watcher-linux-x64-glibc': 2.5.1
+      '@parcel/watcher-linux-x64-musl': 2.5.1
+      '@parcel/watcher-win32-arm64': 2.5.1
+      '@parcel/watcher-win32-ia32': 2.5.1
+      '@parcel/watcher-win32-x64': 2.5.1
+    optional: true
+
+  '@pkgjs/parseargs@0.11.0':
+    optional: true
+
+  '@playwright/test@1.52.0':
+    dependencies:
+      playwright: 1.52.0
+
+  '@protobufjs/aspromise@1.1.2': {}
+
+  '@protobufjs/base64@1.1.2': {}
+
+  '@protobufjs/codegen@2.0.4': {}
+
+  '@protobufjs/eventemitter@1.1.0': {}
+
+  '@protobufjs/fetch@1.1.0':
+    dependencies:
+      '@protobufjs/aspromise': 1.1.2
+      '@protobufjs/inquire': 1.1.0
+
+  '@protobufjs/float@1.0.2': {}
+
+  '@protobufjs/inquire@1.1.0': {}
+
+  '@protobufjs/path@1.1.2': {}
+
+  '@protobufjs/pool@1.1.0': {}
+
+  '@protobufjs/utf8@1.1.0': {}
+
+  '@react-aria/focus@3.18.3(react@19.1.0)':
+    dependencies:
+      '@react-aria/interactions': 3.22.3(react@19.1.0)
+      '@react-aria/utils': 3.25.3(react@19.1.0)
+      '@react-types/shared': 3.25.0(react@19.1.0)
+      '@swc/helpers': 0.5.5
+      clsx: 2.1.1
+      react: 19.1.0
+
+  '@react-aria/interactions@3.22.3(react@19.1.0)':
+    dependencies:
+      '@react-aria/ssr': 3.9.6(react@19.1.0)
+      '@react-aria/utils': 3.25.3(react@19.1.0)
+      '@react-types/shared': 3.25.0(react@19.1.0)
+      '@swc/helpers': 0.5.5
+      react: 19.1.0
+
+  '@react-aria/ssr@3.9.6(react@19.1.0)':
+    dependencies:
+      '@swc/helpers': 0.5.15
+      react: 19.1.0
+
+  '@react-aria/utils@3.25.3(react@19.1.0)':
+    dependencies:
+      '@react-aria/ssr': 3.9.6(react@19.1.0)
+      '@react-stately/utils': 3.10.4(react@19.1.0)
+      '@react-types/shared': 3.25.0(react@19.1.0)
+      '@swc/helpers': 0.5.15
+      clsx: 2.1.1
+      react: 19.1.0
+
+  '@react-stately/utils@3.10.4(react@19.1.0)':
+    dependencies:
+      '@swc/helpers': 0.5.15
+      react: 19.1.0
+
+  '@react-types/shared@3.25.0(react@19.1.0)':
+    dependencies:
+      react: 19.1.0
+
+  '@rollup/rollup-android-arm-eabi@4.40.0':
+    optional: true
+
+  '@rollup/rollup-android-arm64@4.40.0':
+    optional: true
+
+  '@rollup/rollup-darwin-arm64@4.40.0':
+    optional: true
+
+  '@rollup/rollup-darwin-x64@4.40.0':
+    optional: true
+
+  '@rollup/rollup-freebsd-arm64@4.40.0':
+    optional: true
+
+  '@rollup/rollup-freebsd-x64@4.40.0':
+    optional: true
+
+  '@rollup/rollup-linux-arm-gnueabihf@4.40.0':
+    optional: true
+
+  '@rollup/rollup-linux-arm-musleabihf@4.40.0':
+    optional: true
+
+  '@rollup/rollup-linux-arm64-gnu@4.40.0':
+    optional: true
+
+  '@rollup/rollup-linux-arm64-musl@4.40.0':
+    optional: true
+
+  '@rollup/rollup-linux-loongarch64-gnu@4.40.0':
+    optional: true
+
+  '@rollup/rollup-linux-powerpc64le-gnu@4.40.0':
+    optional: true
+
+  '@rollup/rollup-linux-riscv64-gnu@4.40.0':
+    optional: true
+
+  '@rollup/rollup-linux-riscv64-musl@4.40.0':
+    optional: true
+
+  '@rollup/rollup-linux-s390x-gnu@4.40.0':
+    optional: true
+
+  '@rollup/rollup-linux-x64-gnu@4.40.0':
+    optional: true
+
+  '@rollup/rollup-linux-x64-musl@4.40.0':
+    optional: true
+
+  '@rollup/rollup-win32-arm64-msvc@4.40.0':
+    optional: true
+
+  '@rollup/rollup-win32-ia32-msvc@4.40.0':
+    optional: true
+
+  '@rollup/rollup-win32-x64-msvc@4.40.0':
+    optional: true
+
+  '@rushstack/eslint-patch@1.10.4': {}
+
+  '@sideway/address@4.1.5':
+    dependencies:
+      '@hapi/hoek': 9.3.0
+
+  '@sideway/formula@3.0.1': {}
+
+  '@sideway/pinpoint@2.0.0': {}
+
+  '@swc/counter@0.1.3': {}
+
+  '@swc/helpers@0.5.15':
+    dependencies:
+      tslib: 2.8.1
+
+  '@swc/helpers@0.5.5':
+    dependencies:
+      '@swc/counter': 0.1.3
+      tslib: 2.8.1
+
+  '@tailwindcss/forms@0.5.3(tailwindcss@4.1.4)':
+    dependencies:
+      mini-svg-data-uri: 1.4.4
+      tailwindcss: 4.1.4
+
+  '@tailwindcss/forms@0.5.7(tailwindcss@3.4.14)':
+    dependencies:
+      mini-svg-data-uri: 1.4.4
+      tailwindcss: 3.4.14
+
+  '@tanstack/react-virtual@3.10.6(react-dom@19.1.0(react@19.1.0))(react@19.1.0)':
+    dependencies:
+      '@tanstack/virtual-core': 3.10.6
+      react: 19.1.0
+      react-dom: 19.1.0(react@19.1.0)
+
+  '@tanstack/virtual-core@3.10.6': {}
+
+  '@testing-library/dom@10.4.0':
+    dependencies:
+      '@babel/code-frame': 7.26.2
+      '@babel/runtime': 7.27.0
+      '@types/aria-query': 5.0.4
+      aria-query: 5.3.0
+      chalk: 4.1.2
+      dom-accessibility-api: 0.5.16
+      lz-string: 1.5.0
+      pretty-format: 27.5.1
+
+  '@testing-library/jest-dom@6.6.3':
+    dependencies:
+      '@adobe/css-tools': 4.4.0
+      aria-query: 5.3.0
+      chalk: 3.0.0
+      css.escape: 1.5.1
+      dom-accessibility-api: 0.6.3
+      lodash: 4.17.21
+      redent: 3.0.0
+
+  '@testing-library/react@16.3.0(@testing-library/dom@10.4.0)(@types/react-dom@19.1.2(@types/react@19.1.2))(@types/react@19.1.2)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)':
+    dependencies:
+      '@babel/runtime': 7.27.0
+      '@testing-library/dom': 10.4.0
+      react: 19.1.0
+      react-dom: 19.1.0(react@19.1.0)
+    optionalDependencies:
+      '@types/react': 19.1.2
+      '@types/react-dom': 19.1.2(@types/react@19.1.2)
+
+  '@types/aria-query@5.0.4': {}
+
+  '@types/babel__core@7.20.5':
+    dependencies:
+      '@babel/parser': 7.27.0
+      '@babel/types': 7.27.0
+      '@types/babel__generator': 7.27.0
+      '@types/babel__template': 7.4.4
+      '@types/babel__traverse': 7.20.7
+
+  '@types/babel__generator@7.27.0':
+    dependencies:
+      '@babel/types': 7.27.0
+
+  '@types/babel__template@7.4.4':
+    dependencies:
+      '@babel/parser': 7.27.0
+      '@babel/types': 7.27.0
+
+  '@types/babel__traverse@7.20.7':
+    dependencies:
+      '@babel/types': 7.27.0
+
+  '@types/estree@1.0.7': {}
+
+  '@types/json5@0.0.29': {}
+
+  '@types/ms@2.1.0': {}
+
+  '@types/node@12.20.55': {}
+
+  '@types/node@22.14.1':
+    dependencies:
+      undici-types: 6.21.0
+
+  '@types/react-dom@19.1.2(@types/react@19.1.2)':
+    dependencies:
+      '@types/react': 19.1.2
+
+  '@types/react@19.1.2':
+    dependencies:
+      csstype: 3.1.3
+
+  '@types/sinonjs__fake-timers@8.1.1': {}
+
+  '@types/sizzle@2.3.9': {}
+
+  '@types/tinycolor2@1.4.3': {}
+
+  '@types/uuid@10.0.0': {}
+
+  '@types/yauzl@2.10.3':
+    dependencies:
+      '@types/node': 22.14.1
+    optional: true
+
+  '@typescript-eslint/eslint-plugin@8.15.0(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint@8.57.1)(typescript@5.8.3)':
+    dependencies:
+      '@eslint-community/regexpp': 4.12.1
+      '@typescript-eslint/parser': 7.18.0(eslint@8.57.1)(typescript@5.8.3)
+      '@typescript-eslint/scope-manager': 8.15.0
+      '@typescript-eslint/type-utils': 8.15.0(eslint@8.57.1)(typescript@5.8.3)
+      '@typescript-eslint/utils': 8.15.0(eslint@8.57.1)(typescript@5.8.3)
+      '@typescript-eslint/visitor-keys': 8.15.0
+      eslint: 8.57.1
+      graphemer: 1.4.0
+      ignore: 5.3.2
+      natural-compare: 1.4.0
+      ts-api-utils: 1.4.1(typescript@5.8.3)
+    optionalDependencies:
+      typescript: 5.8.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3)':
+    dependencies:
+      '@typescript-eslint/scope-manager': 7.18.0
+      '@typescript-eslint/types': 7.18.0
+      '@typescript-eslint/typescript-estree': 7.18.0(typescript@5.8.3)
+      '@typescript-eslint/visitor-keys': 7.18.0
+      debug: 4.3.7
+      eslint: 8.57.1
+    optionalDependencies:
+      typescript: 5.8.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@typescript-eslint/scope-manager@7.18.0':
+    dependencies:
+      '@typescript-eslint/types': 7.18.0
+      '@typescript-eslint/visitor-keys': 7.18.0
+
+  '@typescript-eslint/scope-manager@8.15.0':
+    dependencies:
+      '@typescript-eslint/types': 8.15.0
+      '@typescript-eslint/visitor-keys': 8.15.0
+
+  '@typescript-eslint/type-utils@8.15.0(eslint@8.57.1)(typescript@5.8.3)':
+    dependencies:
+      '@typescript-eslint/typescript-estree': 8.15.0(typescript@5.8.3)
+      '@typescript-eslint/utils': 8.15.0(eslint@8.57.1)(typescript@5.8.3)
+      debug: 4.4.0(supports-color@5.5.0)
+      eslint: 8.57.1
+      ts-api-utils: 1.4.1(typescript@5.8.3)
+    optionalDependencies:
+      typescript: 5.8.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@typescript-eslint/types@7.18.0': {}
+
+  '@typescript-eslint/types@8.15.0': {}
+
+  '@typescript-eslint/typescript-estree@7.18.0(typescript@5.8.3)':
+    dependencies:
+      '@typescript-eslint/types': 7.18.0
+      '@typescript-eslint/visitor-keys': 7.18.0
+      debug: 4.4.0(supports-color@5.5.0)
+      globby: 11.1.0
+      is-glob: 4.0.3
+      minimatch: 9.0.5
+      semver: 7.7.1
+      ts-api-utils: 1.4.1(typescript@5.8.3)
+    optionalDependencies:
+      typescript: 5.8.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@typescript-eslint/typescript-estree@8.15.0(typescript@5.8.3)':
+    dependencies:
+      '@typescript-eslint/types': 8.15.0
+      '@typescript-eslint/visitor-keys': 8.15.0
+      debug: 4.4.0(supports-color@5.5.0)
+      fast-glob: 3.3.3
+      is-glob: 4.0.3
+      minimatch: 9.0.5
+      semver: 7.7.1
+      ts-api-utils: 1.4.1(typescript@5.8.3)
+    optionalDependencies:
+      typescript: 5.8.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@typescript-eslint/utils@8.15.0(eslint@8.57.1)(typescript@5.8.3)':
+    dependencies:
+      '@eslint-community/eslint-utils': 4.4.1(eslint@8.57.1)
+      '@typescript-eslint/scope-manager': 8.15.0
+      '@typescript-eslint/types': 8.15.0
+      '@typescript-eslint/typescript-estree': 8.15.0(typescript@5.8.3)
+      eslint: 8.57.1
+    optionalDependencies:
+      typescript: 5.8.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@typescript-eslint/visitor-keys@7.18.0':
+    dependencies:
+      '@typescript-eslint/types': 7.18.0
+      eslint-visitor-keys: 3.4.3
+
+  '@typescript-eslint/visitor-keys@8.15.0':
+    dependencies:
+      '@typescript-eslint/types': 8.15.0
+      eslint-visitor-keys: 4.2.0
+
+  '@ungap/structured-clone@1.2.0': {}
+
+  '@vercel/analytics@1.3.1(next@15.4.0-canary.86(@playwright/test@1.52.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(sass@1.87.0))(react@19.1.0)':
+    dependencies:
+      server-only: 0.0.1
+    optionalDependencies:
+      next: 15.4.0-canary.86(@playwright/test@1.52.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(sass@1.87.0)
+      react: 19.1.0
+
+  '@vercel/git-hooks@1.0.0': {}
+
+  '@vitejs/plugin-react@4.4.1(vite@6.3.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1))':
+    dependencies:
+      '@babel/core': 7.26.10
+      '@babel/plugin-transform-react-jsx-self': 7.25.9(@babel/core@7.26.10)
+      '@babel/plugin-transform-react-jsx-source': 7.25.9(@babel/core@7.26.10)
+      '@types/babel__core': 7.20.5
+      react-refresh: 0.17.0
+      vite: 6.3.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1)
+    transitivePeerDependencies:
+      - supports-color
+
+  '@vitest/expect@3.1.2':
+    dependencies:
+      '@vitest/spy': 3.1.2
+      '@vitest/utils': 3.1.2
+      chai: 5.2.0
+      tinyrainbow: 2.0.0
+
+  '@vitest/mocker@3.1.2(vite@6.3.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1))':
+    dependencies:
+      '@vitest/spy': 3.1.2
+      estree-walker: 3.0.3
+      magic-string: 0.30.17
+    optionalDependencies:
+      vite: 6.3.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1)
+
+  '@vitest/pretty-format@3.1.2':
+    dependencies:
+      tinyrainbow: 2.0.0
+
+  '@vitest/runner@3.1.2':
+    dependencies:
+      '@vitest/utils': 3.1.2
+      pathe: 2.0.3
+
+  '@vitest/snapshot@3.1.2':
+    dependencies:
+      '@vitest/pretty-format': 3.1.2
+      magic-string: 0.30.17
+      pathe: 2.0.3
+
+  '@vitest/spy@3.1.2':
+    dependencies:
+      tinyspy: 3.0.2
+
+  '@vitest/utils@3.1.2':
+    dependencies:
+      '@vitest/pretty-format': 3.1.2
+      loupe: 3.1.3
+      tinyrainbow: 2.0.0
+
+  abbrev@1.1.1: {}
+
+  abort-controller-x@0.4.3: {}
+
+  acorn-jsx@5.3.2(acorn@8.12.1):
+    dependencies:
+      acorn: 8.12.1
+
+  acorn@8.12.1: {}
+
+  agent-base@6.0.2:
+    dependencies:
+      debug: 4.4.0
+    transitivePeerDependencies:
+      - supports-color
+
+  agent-base@7.1.3: {}
+
+  aggregate-error@3.1.0:
+    dependencies:
+      clean-stack: 2.2.0
+      indent-string: 4.0.0
+
+  ajv@6.12.6:
+    dependencies:
+      fast-deep-equal: 3.1.3
+      fast-json-stable-stringify: 2.1.0
+      json-schema-traverse: 0.4.1
+      uri-js: 4.4.1
+
+  ansi-colors@4.1.3: {}
+
+  ansi-escapes@4.3.2:
+    dependencies:
+      type-fest: 0.21.3
+
+  ansi-escapes@7.0.0:
+    dependencies:
+      environment: 1.1.0
+
+  ansi-regex@5.0.1: {}
+
+  ansi-regex@6.1.0: {}
+
+  ansi-styles@4.3.0:
+    dependencies:
+      color-convert: 2.0.1
+
+  ansi-styles@5.2.0: {}
+
+  ansi-styles@6.2.1: {}
+
+  any-promise@1.3.0: {}
+
+  anymatch@3.1.3:
+    dependencies:
+      normalize-path: 3.0.0
+      picomatch: 2.3.1
+
+  aproba@2.0.0: {}
+
+  arch@2.2.0: {}
+
+  are-we-there-yet@2.0.0:
+    dependencies:
+      delegates: 1.0.0
+      readable-stream: 3.6.2
+
+  arg@5.0.2: {}
+
+  argparse@1.0.10:
+    dependencies:
+      sprintf-js: 1.0.3
+
+  argparse@2.0.1: {}
+
+  aria-query@5.1.3:
+    dependencies:
+      deep-equal: 2.2.3
+
+  aria-query@5.3.0:
+    dependencies:
+      dequal: 2.0.3
+
+  array-buffer-byte-length@1.0.1:
+    dependencies:
+      call-bind: 1.0.7
+      is-array-buffer: 3.0.4
+
+  array-includes@3.1.8:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      es-object-atoms: 1.0.0
+      get-intrinsic: 1.2.4
+      is-string: 1.0.7
+
+  array-union@2.1.0: {}
+
+  array.prototype.findlast@1.2.5:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      es-errors: 1.3.0
+      es-object-atoms: 1.0.0
+      es-shim-unscopables: 1.0.2
+
+  array.prototype.findlastindex@1.2.5:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      es-errors: 1.3.0
+      es-object-atoms: 1.0.0
+      es-shim-unscopables: 1.0.2
+
+  array.prototype.flat@1.3.2:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      es-shim-unscopables: 1.0.2
+
+  array.prototype.flatmap@1.3.2:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      es-shim-unscopables: 1.0.2
+
+  array.prototype.tosorted@1.1.4:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      es-errors: 1.3.0
+      es-shim-unscopables: 1.0.2
+
+  arraybuffer.prototype.slice@1.0.3:
+    dependencies:
+      array-buffer-byte-length: 1.0.1
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      es-errors: 1.3.0
+      get-intrinsic: 1.2.4
+      is-array-buffer: 3.0.4
+      is-shared-array-buffer: 1.0.3
+
+  asn1@0.2.6:
+    dependencies:
+      safer-buffer: 2.1.2
+
+  assert-plus@1.0.0: {}
+
+  assertion-error@2.0.1: {}
+
+  ast-types-flow@0.0.8: {}
+
+  astral-regex@2.0.0: {}
+
+  async@3.2.6: {}
+
+  asynckit@0.4.0: {}
+
+  at-least-node@1.0.0: {}
+
+  autoprefixer@10.4.21(postcss@8.5.3):
+    dependencies:
+      browserslist: 4.24.4
+      caniuse-lite: 1.0.30001715
+      fraction.js: 4.3.7
+      normalize-range: 0.1.2
+      picocolors: 1.1.1
+      postcss: 8.5.3
+      postcss-value-parser: 4.2.0
+
+  available-typed-arrays@1.0.7:
+    dependencies:
+      possible-typed-array-names: 1.0.0
+
+  aws-sign2@0.7.0: {}
+
+  aws4@1.13.2: {}
+
+  axe-core@4.10.0: {}
+
+  axios@1.8.4(debug@4.4.0):
+    dependencies:
+      follow-redirects: 1.15.9(debug@4.4.0)
+      form-data: 4.0.2
+      proxy-from-env: 1.1.0
+    transitivePeerDependencies:
+      - debug
+
+  axobject-query@3.1.1:
+    dependencies:
+      deep-equal: 2.2.3
+
+  balanced-match@1.0.2: {}
+
+  base64-js@1.5.1: {}
+
+  bcrypt-pbkdf@1.0.2:
+    dependencies:
+      tweetnacl: 0.14.5
+
+  better-path-resolve@1.0.0:
+    dependencies:
+      is-windows: 1.0.2
+
+  binary-extensions@2.3.0: {}
+
+  blob-util@2.0.2: {}
+
+  bluebird@3.7.2: {}
+
+  brace-expansion@1.1.11:
+    dependencies:
+      balanced-match: 1.0.2
+      concat-map: 0.0.1
+
+  brace-expansion@2.0.1:
+    dependencies:
+      balanced-match: 1.0.2
+
+  braces@3.0.3:
+    dependencies:
+      fill-range: 7.1.1
+
+  browserslist@4.24.4:
+    dependencies:
+      caniuse-lite: 1.0.30001715
+      electron-to-chromium: 1.5.140
+      node-releases: 2.0.19
+      update-browserslist-db: 1.1.3(browserslist@4.24.4)
+
+  buffer-crc32@0.2.13: {}
+
+  buffer@5.7.1:
+    dependencies:
+      base64-js: 1.5.1
+      ieee754: 1.2.1
+
+  bundle-require@5.1.0(esbuild@0.25.2):
+    dependencies:
+      esbuild: 0.25.2
+      load-tsconfig: 0.2.5
+
+  cac@6.7.14: {}
+
+  cachedir@2.4.0: {}
+
+  call-bind-apply-helpers@1.0.2:
+    dependencies:
+      es-errors: 1.3.0
+      function-bind: 1.1.2
+
+  call-bind@1.0.7:
+    dependencies:
+      es-define-property: 1.0.1
+      es-errors: 1.3.0
+      function-bind: 1.1.2
+      get-intrinsic: 1.3.0
+      set-function-length: 1.2.2
+
+  call-bound@1.0.4:
+    dependencies:
+      call-bind-apply-helpers: 1.0.2
+      get-intrinsic: 1.3.0
+
+  callsites@3.1.0: {}
+
+  camelcase-css@2.0.1: {}
+
+  caniuse-lite@1.0.30001715: {}
+
+  case-anything@2.1.13: {}
+
+  caseless@0.12.0: {}
+
+  chai@5.2.0:
+    dependencies:
+      assertion-error: 2.0.1
+      check-error: 2.1.1
+      deep-eql: 5.0.2
+      loupe: 3.1.3
+      pathval: 2.0.0
+
+  chalk@3.0.0:
+    dependencies:
+      ansi-styles: 4.3.0
+      supports-color: 7.2.0
+
+  chalk@4.1.2:
+    dependencies:
+      ansi-styles: 4.3.0
+      supports-color: 7.2.0
+
+  chalk@5.4.1: {}
+
+  chardet@0.7.0: {}
+
+  check-error@2.1.1: {}
+
+  check-more-types@2.24.0: {}
+
+  chokidar@3.6.0:
+    dependencies:
+      anymatch: 3.1.3
+      braces: 3.0.3
+      glob-parent: 5.1.2
+      is-binary-path: 2.1.0
+      is-glob: 4.0.3
+      normalize-path: 3.0.0
+      readdirp: 3.6.0
+    optionalDependencies:
+      fsevents: 2.3.3
+
+  chokidar@4.0.3:
+    dependencies:
+      readdirp: 4.1.2
+
+  chownr@2.0.0: {}
+
+  ci-info@3.9.0: {}
+
+  ci-info@4.2.0: {}
+
+  clean-stack@2.2.0: {}
+
+  cli-cursor@3.1.0:
+    dependencies:
+      restore-cursor: 3.1.0
+
+  cli-cursor@5.0.0:
+    dependencies:
+      restore-cursor: 5.1.0
+
+  cli-table3@0.6.5:
+    dependencies:
+      string-width: 4.2.3
+    optionalDependencies:
+      '@colors/colors': 1.5.0
+
+  cli-truncate@2.1.0:
+    dependencies:
+      slice-ansi: 3.0.0
+      string-width: 4.2.3
+
+  cli-truncate@4.0.0:
+    dependencies:
+      slice-ansi: 5.0.0
+      string-width: 7.2.0
+
+  client-only@0.0.1: {}
+
+  cliui@8.0.1:
+    dependencies:
+      string-width: 4.2.3
+      strip-ansi: 6.0.1
+      wrap-ansi: 7.0.0
+
+  clsx@1.2.1: {}
+
+  clsx@2.1.1: {}
+
+  color-convert@2.0.1:
+    dependencies:
+      color-name: 1.1.4
+
+  color-name@1.1.4: {}
+
+  color-string@1.9.1:
+    dependencies:
+      color-name: 1.1.4
+      simple-swizzle: 0.2.2
+    optional: true
+
+  color-support@1.1.3: {}
+
+  color@4.2.3:
+    dependencies:
+      color-convert: 2.0.1
+      color-string: 1.9.1
+    optional: true
+
+  colorette@2.0.20: {}
+
+  combined-stream@1.0.8:
+    dependencies:
+      delayed-stream: 1.0.0
+
+  commander@13.1.0: {}
+
+  commander@4.1.1: {}
+
+  commander@6.2.1: {}
+
+  common-tags@1.8.2: {}
+
+  concat-map@0.0.1: {}
+
+  concurrently@9.1.2:
+    dependencies:
+      chalk: 4.1.2
+      lodash: 4.17.21
+      rxjs: 7.8.2
+      shell-quote: 1.8.2
+      supports-color: 8.1.1
+      tree-kill: 1.2.2
+      yargs: 17.7.2
+
+  consola@3.4.2: {}
+
+  console-control-strings@1.1.0: {}
+
+  convert-source-map@2.0.0: {}
+
+  copy-to-clipboard@3.3.3:
+    dependencies:
+      toggle-selection: 1.0.6
+
+  core-util-is@1.0.2: {}
+
+  cross-spawn@7.0.3:
+    dependencies:
+      path-key: 3.1.1
+      shebang-command: 2.0.0
+      which: 2.0.2
+
+  cross-spawn@7.0.6:
+    dependencies:
+      path-key: 3.1.1
+      shebang-command: 2.0.0
+      which: 2.0.2
+
+  css.escape@1.5.1: {}
+
+  cssesc@3.0.0: {}
+
+  cssstyle@4.3.1:
+    dependencies:
+      '@asamuzakjp/css-color': 3.1.4
+      rrweb-cssom: 0.8.0
+
+  csstype@3.1.3: {}
+
+  cypress@14.3.2:
+    dependencies:
+      '@cypress/request': 3.0.8
+      '@cypress/xvfb': 1.2.4(supports-color@8.1.1)
+      '@types/sinonjs__fake-timers': 8.1.1
+      '@types/sizzle': 2.3.9
+      arch: 2.2.0
+      blob-util: 2.0.2
+      bluebird: 3.7.2
+      buffer: 5.7.1
+      cachedir: 2.4.0
+      chalk: 4.1.2
+      check-more-types: 2.24.0
+      ci-info: 4.2.0
+      cli-cursor: 3.1.0
+      cli-table3: 0.6.5
+      commander: 6.2.1
+      common-tags: 1.8.2
+      dayjs: 1.11.13
+      debug: 4.4.0(supports-color@8.1.1)
+      enquirer: 2.4.1
+      eventemitter2: 6.4.7
+      execa: 4.1.0
+      executable: 4.1.1
+      extract-zip: 2.0.1(supports-color@8.1.1)
+      figures: 3.2.0
+      fs-extra: 9.1.0
+      getos: 3.2.1
+      is-installed-globally: 0.4.0
+      lazy-ass: 1.6.0
+      listr2: 3.14.0(enquirer@2.4.1)
+      lodash: 4.17.21
+      log-symbols: 4.1.0
+      minimist: 1.2.8
+      ospath: 1.2.2
+      pretty-bytes: 5.6.0
+      process: 0.11.10
+      proxy-from-env: 1.0.0
+      request-progress: 3.0.0
+      semver: 7.7.1
+      supports-color: 8.1.1
+      tmp: 0.2.3
+      tree-kill: 1.2.2
+      untildify: 4.0.0
+      yauzl: 2.10.0
+
+  damerau-levenshtein@1.0.8: {}
+
+  dashdash@1.14.1:
+    dependencies:
+      assert-plus: 1.0.0
+
+  data-uri-to-buffer@4.0.1: {}
+
+  data-urls@5.0.0:
+    dependencies:
+      whatwg-mimetype: 4.0.0
+      whatwg-url: 14.2.0
+
+  data-view-buffer@1.0.1:
+    dependencies:
+      call-bind: 1.0.7
+      es-errors: 1.3.0
+      is-data-view: 1.0.1
+
+  data-view-byte-length@1.0.1:
+    dependencies:
+      call-bind: 1.0.7
+      es-errors: 1.3.0
+      is-data-view: 1.0.1
+
+  data-view-byte-offset@1.0.0:
+    dependencies:
+      call-bind: 1.0.7
+      es-errors: 1.3.0
+      is-data-view: 1.0.1
+
+  dayjs@1.11.13: {}
+
+  debug@3.2.7(supports-color@8.1.1):
+    dependencies:
+      ms: 2.1.3
+    optionalDependencies:
+      supports-color: 8.1.1
+
+  debug@4.3.7:
+    dependencies:
+      ms: 2.1.3
+
+  debug@4.4.0:
+    dependencies:
+      ms: 2.1.3
+
+  debug@4.4.0(supports-color@5.5.0):
+    dependencies:
+      ms: 2.1.3
+    optionalDependencies:
+      supports-color: 5.5.0
+
+  debug@4.4.0(supports-color@8.1.1):
+    dependencies:
+      ms: 2.1.3
+    optionalDependencies:
+      supports-color: 8.1.1
+
+  decimal.js@10.5.0: {}
+
+  deep-eql@5.0.2: {}
+
+  deep-equal@2.2.3:
+    dependencies:
+      array-buffer-byte-length: 1.0.1
+      call-bind: 1.0.7
+      es-get-iterator: 1.1.3
+      get-intrinsic: 1.3.0
+      is-arguments: 1.1.1
+      is-array-buffer: 3.0.4
+      is-date-object: 1.0.5
+      is-regex: 1.1.4
+      is-shared-array-buffer: 1.0.3
+      isarray: 2.0.5
+      object-is: 1.1.6
+      object-keys: 1.1.1
+      object.assign: 4.1.5
+      regexp.prototype.flags: 1.5.2
+      side-channel: 1.1.0
+      which-boxed-primitive: 1.0.2
+      which-collection: 1.0.2
+      which-typed-array: 1.1.15
+
+  deep-is@0.1.4: {}
+
+  deepmerge@4.3.1: {}
+
+  define-data-property@1.1.4:
+    dependencies:
+      es-define-property: 1.0.0
+      es-errors: 1.3.0
+      gopd: 1.0.1
+
+  define-properties@1.2.1:
+    dependencies:
+      define-data-property: 1.1.4
+      has-property-descriptors: 1.0.2
+      object-keys: 1.1.1
+
+  delayed-stream@1.0.0: {}
+
+  delegates@1.0.0: {}
+
+  dequal@2.0.3: {}
+
+  detect-indent@6.1.0: {}
+
+  detect-libc@1.0.3: {}
+
+  detect-libc@2.0.4: {}
+
+  didyoumean@1.2.2: {}
+
+  dir-glob@3.0.1:
+    dependencies:
+      path-type: 4.0.0
+
+  dlv@1.1.3: {}
+
+  doctrine@2.1.0:
+    dependencies:
+      esutils: 2.0.3
+
+  doctrine@3.0.0:
+    dependencies:
+      esutils: 2.0.3
+
+  dom-accessibility-api@0.5.16: {}
+
+  dom-accessibility-api@0.6.3: {}
+
+  dotenv-cli@8.0.0:
+    dependencies:
+      cross-spawn: 7.0.6
+      dotenv: 16.5.0
+      dotenv-expand: 10.0.0
+      minimist: 1.2.8
+
+  dotenv-expand@10.0.0: {}
+
+  dotenv@16.0.3: {}
+
+  dotenv@16.5.0: {}
+
+  dprint-node@1.0.8:
+    dependencies:
+      detect-libc: 1.0.3
+
+  dunder-proto@1.0.1:
+    dependencies:
+      call-bind-apply-helpers: 1.0.2
+      es-errors: 1.3.0
+      gopd: 1.2.0
+
+  duplexer@0.1.2: {}
+
+  eastasianwidth@0.2.0: {}
+
+  ecc-jsbn@0.1.2:
+    dependencies:
+      jsbn: 0.1.1
+      safer-buffer: 2.1.2
+
+  electron-to-chromium@1.5.140: {}
+
+  emoji-regex@10.4.0: {}
+
+  emoji-regex@8.0.0: {}
+
+  emoji-regex@9.2.2: {}
+
+  end-of-stream@1.4.4:
+    dependencies:
+      once: 1.4.0
+
+  enhanced-resolve@5.17.1:
+    dependencies:
+      graceful-fs: 4.2.11
+      tapable: 2.2.1
+
+  enquirer@2.4.1:
+    dependencies:
+      ansi-colors: 4.1.3
+      strip-ansi: 6.0.1
+
+  entities@6.0.0: {}
+
+  env-cmd@10.1.0:
+    dependencies:
+      commander: 4.1.1
+      cross-spawn: 7.0.6
+
+  environment@1.1.0: {}
+
+  es-abstract@1.23.3:
+    dependencies:
+      array-buffer-byte-length: 1.0.1
+      arraybuffer.prototype.slice: 1.0.3
+      available-typed-arrays: 1.0.7
+      call-bind: 1.0.7
+      data-view-buffer: 1.0.1
+      data-view-byte-length: 1.0.1
+      data-view-byte-offset: 1.0.0
+      es-define-property: 1.0.0
+      es-errors: 1.3.0
+      es-object-atoms: 1.0.0
+      es-set-tostringtag: 2.1.0
+      es-to-primitive: 1.2.1
+      function.prototype.name: 1.1.6
+      get-intrinsic: 1.2.4
+      get-symbol-description: 1.0.2
+      globalthis: 1.0.4
+      gopd: 1.0.1
+      has-property-descriptors: 1.0.2
+      has-proto: 1.0.3
+      has-symbols: 1.0.3
+      hasown: 2.0.2
+      internal-slot: 1.0.7
+      is-array-buffer: 3.0.4
+      is-callable: 1.2.7
+      is-data-view: 1.0.1
+      is-negative-zero: 2.0.3
+      is-regex: 1.1.4
+      is-shared-array-buffer: 1.0.3
+      is-string: 1.0.7
+      is-typed-array: 1.1.13
+      is-weakref: 1.0.2
+      object-inspect: 1.13.2
+      object-keys: 1.1.1
+      object.assign: 4.1.5
+      regexp.prototype.flags: 1.5.2
+      safe-array-concat: 1.1.2
+      safe-regex-test: 1.0.3
+      string.prototype.trim: 1.2.9
+      string.prototype.trimend: 1.0.8
+      string.prototype.trimstart: 1.0.8
+      typed-array-buffer: 1.0.2
+      typed-array-byte-length: 1.0.1
+      typed-array-byte-offset: 1.0.2
+      typed-array-length: 1.0.6
+      unbox-primitive: 1.0.2
+      which-typed-array: 1.1.15
+
+  es-define-property@1.0.0:
+    dependencies:
+      get-intrinsic: 1.3.0
+
+  es-define-property@1.0.1: {}
+
+  es-errors@1.3.0: {}
+
+  es-get-iterator@1.1.3:
+    dependencies:
+      call-bind: 1.0.7
+      get-intrinsic: 1.3.0
+      has-symbols: 1.1.0
+      is-arguments: 1.1.1
+      is-map: 2.0.3
+      is-set: 2.0.3
+      is-string: 1.0.7
+      isarray: 2.0.5
+      stop-iteration-iterator: 1.0.0
+
+  es-iterator-helpers@1.0.19:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      es-errors: 1.3.0
+      es-set-tostringtag: 2.0.3
+      function-bind: 1.1.2
+      get-intrinsic: 1.2.4
+      globalthis: 1.0.4
+      has-property-descriptors: 1.0.2
+      has-proto: 1.0.3
+      has-symbols: 1.0.3
+      internal-slot: 1.0.7
+      iterator.prototype: 1.1.2
+      safe-array-concat: 1.1.2
+
+  es-module-lexer@1.7.0: {}
+
+  es-object-atoms@1.0.0:
+    dependencies:
+      es-errors: 1.3.0
+
+  es-object-atoms@1.1.1:
+    dependencies:
+      es-errors: 1.3.0
+
+  es-set-tostringtag@2.0.3:
+    dependencies:
+      get-intrinsic: 1.2.4
+      has-tostringtag: 1.0.2
+      hasown: 2.0.2
+
+  es-set-tostringtag@2.1.0:
+    dependencies:
+      es-errors: 1.3.0
+      get-intrinsic: 1.3.0
+      has-tostringtag: 1.0.2
+      hasown: 2.0.2
+
+  es-shim-unscopables@1.0.2:
+    dependencies:
+      hasown: 2.0.2
+
+  es-to-primitive@1.2.1:
+    dependencies:
+      is-callable: 1.2.7
+      is-date-object: 1.0.5
+      is-symbol: 1.0.4
+
+  esbuild@0.25.2:
+    optionalDependencies:
+      '@esbuild/aix-ppc64': 0.25.2
+      '@esbuild/android-arm': 0.25.2
+      '@esbuild/android-arm64': 0.25.2
+      '@esbuild/android-x64': 0.25.2
+      '@esbuild/darwin-arm64': 0.25.2
+      '@esbuild/darwin-x64': 0.25.2
+      '@esbuild/freebsd-arm64': 0.25.2
+      '@esbuild/freebsd-x64': 0.25.2
+      '@esbuild/linux-arm': 0.25.2
+      '@esbuild/linux-arm64': 0.25.2
+      '@esbuild/linux-ia32': 0.25.2
+      '@esbuild/linux-loong64': 0.25.2
+      '@esbuild/linux-mips64el': 0.25.2
+      '@esbuild/linux-ppc64': 0.25.2
+      '@esbuild/linux-riscv64': 0.25.2
+      '@esbuild/linux-s390x': 0.25.2
+      '@esbuild/linux-x64': 0.25.2
+      '@esbuild/netbsd-arm64': 0.25.2
+      '@esbuild/netbsd-x64': 0.25.2
+      '@esbuild/openbsd-arm64': 0.25.2
+      '@esbuild/openbsd-x64': 0.25.2
+      '@esbuild/sunos-x64': 0.25.2
+      '@esbuild/win32-arm64': 0.25.2
+      '@esbuild/win32-ia32': 0.25.2
+      '@esbuild/win32-x64': 0.25.2
+
+  escalade@3.2.0: {}
+
+  escape-string-regexp@1.0.5: {}
+
+  escape-string-regexp@4.0.0: {}
+
+  eslint-config-next@14.2.18(eslint@8.57.1)(typescript@5.8.3):
+    dependencies:
+      '@next/eslint-plugin-next': 14.2.18
+      '@rushstack/eslint-patch': 1.10.4
+      '@typescript-eslint/eslint-plugin': 8.15.0(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint@8.57.1)(typescript@5.8.3)
+      '@typescript-eslint/parser': 7.18.0(eslint@8.57.1)(typescript@5.8.3)
+      eslint: 8.57.1
+      eslint-import-resolver-node: 0.3.9
+      eslint-import-resolver-typescript: 3.6.3(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1)(eslint@8.57.1)
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint-import-resolver-typescript@3.6.3)(eslint@8.57.1)
+      eslint-plugin-jsx-a11y: 6.9.0(eslint@8.57.1)
+      eslint-plugin-react: 7.35.0(eslint@8.57.1)
+      eslint-plugin-react-hooks: 4.6.2(eslint@8.57.1)
+    optionalDependencies:
+      typescript: 5.8.3
+    transitivePeerDependencies:
+      - eslint-import-resolver-webpack
+      - eslint-plugin-import-x
+      - supports-color
+
+  eslint-config-prettier@9.1.0(eslint@8.57.1):
+    dependencies:
+      eslint: 8.57.1
+
+  eslint-config-turbo@2.1.0(eslint@8.57.1):
+    dependencies:
+      eslint: 8.57.1
+      eslint-plugin-turbo: 2.1.0(eslint@8.57.1)
+
+  eslint-import-resolver-node@0.3.9:
+    dependencies:
+      debug: 3.2.7(supports-color@8.1.1)
+      is-core-module: 2.15.1
+      resolve: 1.22.8
+    transitivePeerDependencies:
+      - supports-color
+
+  eslint-import-resolver-typescript@3.6.3(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1)(eslint@8.57.1):
+    dependencies:
+      '@nolyfill/is-core-module': 1.0.39
+      debug: 4.4.0(supports-color@5.5.0)
+      enhanced-resolve: 5.17.1
+      eslint: 8.57.1
+      eslint-module-utils: 2.8.2(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.3(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1)(eslint@8.57.1))(eslint@8.57.1)
+      fast-glob: 3.3.2
+      get-tsconfig: 4.8.0
+      is-bun-module: 1.1.0
+      is-glob: 4.0.3
+    optionalDependencies:
+      eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint-import-resolver-typescript@3.6.3)(eslint@8.57.1)
+    transitivePeerDependencies:
+      - '@typescript-eslint/parser'
+      - eslint-import-resolver-node
+      - eslint-import-resolver-webpack
+      - supports-color
+
+  eslint-module-utils@2.8.2(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.3(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1)(eslint@8.57.1))(eslint@8.57.1):
+    dependencies:
+      debug: 3.2.7(supports-color@8.1.1)
+    optionalDependencies:
+      '@typescript-eslint/parser': 7.18.0(eslint@8.57.1)(typescript@5.8.3)
+      eslint: 8.57.1
+      eslint-import-resolver-node: 0.3.9
+      eslint-import-resolver-typescript: 3.6.3(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1)(eslint@8.57.1)
+    transitivePeerDependencies:
+      - supports-color
+
+  eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint-import-resolver-typescript@3.6.3)(eslint@8.57.1):
+    dependencies:
+      array-includes: 3.1.8
+      array.prototype.findlastindex: 1.2.5
+      array.prototype.flat: 1.3.2
+      array.prototype.flatmap: 1.3.2
+      debug: 3.2.7(supports-color@8.1.1)
+      doctrine: 2.1.0
+      eslint: 8.57.1
+      eslint-import-resolver-node: 0.3.9
+      eslint-module-utils: 2.8.2(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.3(@typescript-eslint/parser@7.18.0(eslint@8.57.1)(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1)(eslint@8.57.1))(eslint@8.57.1)
+      hasown: 2.0.2
+      is-core-module: 2.15.1
+      is-glob: 4.0.3
+      minimatch: 3.1.2
+      object.fromentries: 2.0.8
+      object.groupby: 1.0.3
+      object.values: 1.2.0
+      semver: 6.3.1
+      tsconfig-paths: 3.15.0
+    optionalDependencies:
+      '@typescript-eslint/parser': 7.18.0(eslint@8.57.1)(typescript@5.8.3)
+    transitivePeerDependencies:
+      - eslint-import-resolver-typescript
+      - eslint-import-resolver-webpack
+      - supports-color
+
+  eslint-plugin-jsx-a11y@6.9.0(eslint@8.57.1):
+    dependencies:
+      aria-query: 5.1.3
+      array-includes: 3.1.8
+      array.prototype.flatmap: 1.3.2
+      ast-types-flow: 0.0.8
+      axe-core: 4.10.0
+      axobject-query: 3.1.1
+      damerau-levenshtein: 1.0.8
+      emoji-regex: 9.2.2
+      es-iterator-helpers: 1.0.19
+      eslint: 8.57.1
+      hasown: 2.0.2
+      jsx-ast-utils: 3.3.5
+      language-tags: 1.0.9
+      minimatch: 3.1.2
+      object.fromentries: 2.0.8
+      safe-regex-test: 1.0.3
+      string.prototype.includes: 2.0.0
+
+  eslint-plugin-react-hooks@4.6.2(eslint@8.57.1):
+    dependencies:
+      eslint: 8.57.1
+
+  eslint-plugin-react@7.35.0(eslint@8.57.1):
+    dependencies:
+      array-includes: 3.1.8
+      array.prototype.findlast: 1.2.5
+      array.prototype.flatmap: 1.3.2
+      array.prototype.tosorted: 1.1.4
+      doctrine: 2.1.0
+      es-iterator-helpers: 1.0.19
+      eslint: 8.57.1
+      estraverse: 5.3.0
+      hasown: 2.0.2
+      jsx-ast-utils: 3.3.5
+      minimatch: 3.1.2
+      object.entries: 1.1.8
+      object.fromentries: 2.0.8
+      object.values: 1.2.0
+      prop-types: 15.8.1
+      resolve: 2.0.0-next.5
+      semver: 6.3.1
+      string.prototype.matchall: 4.0.11
+      string.prototype.repeat: 1.0.0
+
+  eslint-plugin-turbo@2.1.0(eslint@8.57.1):
+    dependencies:
+      dotenv: 16.0.3
+      eslint: 8.57.1
+
+  eslint-scope@5.1.1:
+    dependencies:
+      esrecurse: 4.3.0
+      estraverse: 4.3.0
+
+  eslint-scope@7.2.2:
+    dependencies:
+      esrecurse: 4.3.0
+      estraverse: 5.3.0
+
+  eslint-visitor-keys@2.1.0: {}
+
+  eslint-visitor-keys@3.4.3: {}
+
+  eslint-visitor-keys@4.2.0: {}
+
+  eslint@8.57.1:
+    dependencies:
+      '@eslint-community/eslint-utils': 4.4.0(eslint@8.57.1)
+      '@eslint-community/regexpp': 4.11.1
+      '@eslint/eslintrc': 2.1.4
+      '@eslint/js': 8.57.1
+      '@humanwhocodes/config-array': 0.13.0
+      '@humanwhocodes/module-importer': 1.0.1
+      '@nodelib/fs.walk': 1.2.8
+      '@ungap/structured-clone': 1.2.0
+      ajv: 6.12.6
+      chalk: 4.1.2
+      cross-spawn: 7.0.3
+      debug: 4.3.7
+      doctrine: 3.0.0
+      escape-string-regexp: 4.0.0
+      eslint-scope: 7.2.2
+      eslint-visitor-keys: 3.4.3
+      espree: 9.6.1
+      esquery: 1.6.0
+      esutils: 2.0.3
+      fast-deep-equal: 3.1.3
+      file-entry-cache: 6.0.1
+      find-up: 5.0.0
+      glob-parent: 6.0.2
+      globals: 13.24.0
+      graphemer: 1.4.0
+      ignore: 5.3.2
+      imurmurhash: 0.1.4
+      is-glob: 4.0.3
+      is-path-inside: 3.0.3
+      js-yaml: 4.1.0
+      json-stable-stringify-without-jsonify: 1.0.1
+      levn: 0.4.1
+      lodash.merge: 4.6.2
+      minimatch: 3.1.2
+      natural-compare: 1.4.0
+      optionator: 0.9.4
+      strip-ansi: 6.0.1
+      text-table: 0.2.0
+    transitivePeerDependencies:
+      - supports-color
+
+  espree@9.6.1:
+    dependencies:
+      acorn: 8.12.1
+      acorn-jsx: 5.3.2(acorn@8.12.1)
+      eslint-visitor-keys: 3.4.3
+
+  esprima@4.0.1: {}
+
+  esquery@1.6.0:
+    dependencies:
+      estraverse: 5.3.0
+
+  esrecurse@4.3.0:
+    dependencies:
+      estraverse: 5.3.0
+
+  estraverse@4.3.0: {}
+
+  estraverse@5.3.0: {}
+
+  estree-walker@3.0.3:
+    dependencies:
+      '@types/estree': 1.0.7
+
+  esutils@2.0.3: {}
+
+  event-stream@3.3.4:
+    dependencies:
+      duplexer: 0.1.2
+      from: 0.1.7
+      map-stream: 0.1.0
+      pause-stream: 0.0.11
+      split: 0.3.3
+      stream-combiner: 0.0.4
+      through: 2.3.8
+
+  eventemitter2@6.4.7: {}
+
+  eventemitter3@5.0.1: {}
+
+  execa@4.1.0:
+    dependencies:
+      cross-spawn: 7.0.6
+      get-stream: 5.2.0
+      human-signals: 1.1.1
+      is-stream: 2.0.1
+      merge-stream: 2.0.0
+      npm-run-path: 4.0.1
+      onetime: 5.1.2
+      signal-exit: 3.0.7
+      strip-final-newline: 2.0.0
+
+  execa@5.1.1:
+    dependencies:
+      cross-spawn: 7.0.6
+      get-stream: 6.0.1
+      human-signals: 2.1.0
+      is-stream: 2.0.1
+      merge-stream: 2.0.0
+      npm-run-path: 4.0.1
+      onetime: 5.1.2
+      signal-exit: 3.0.7
+      strip-final-newline: 2.0.0
+
+  execa@8.0.1:
+    dependencies:
+      cross-spawn: 7.0.6
+      get-stream: 8.0.1
+      human-signals: 5.0.0
+      is-stream: 3.0.0
+      merge-stream: 2.0.0
+      npm-run-path: 5.3.0
+      onetime: 6.0.0
+      signal-exit: 4.1.0
+      strip-final-newline: 3.0.0
+
+  executable@4.1.1:
+    dependencies:
+      pify: 2.3.0
+
+  expect-type@1.2.1: {}
+
+  extend@3.0.2: {}
+
+  extendable-error@0.1.7: {}
+
+  external-editor@3.1.0:
+    dependencies:
+      chardet: 0.7.0
+      iconv-lite: 0.4.24
+      tmp: 0.0.33
+
+  extract-zip@2.0.1(supports-color@8.1.1):
+    dependencies:
+      debug: 4.4.0(supports-color@8.1.1)
+      get-stream: 5.2.0
+      yauzl: 2.10.0
+    optionalDependencies:
+      '@types/yauzl': 2.10.3
+    transitivePeerDependencies:
+      - supports-color
+
+  extsprintf@1.3.0: {}
+
+  fast-deep-equal@3.1.3: {}
+
+  fast-glob@3.3.2:
+    dependencies:
+      '@nodelib/fs.stat': 2.0.5
+      '@nodelib/fs.walk': 1.2.8
+      glob-parent: 5.1.2
+      merge2: 1.4.1
+      micromatch: 4.0.8
+
+  fast-glob@3.3.3:
+    dependencies:
+      '@nodelib/fs.stat': 2.0.5
+      '@nodelib/fs.walk': 1.2.8
+      glob-parent: 5.1.2
+      merge2: 1.4.1
+      micromatch: 4.0.8
+
+  fast-json-stable-stringify@2.1.0: {}
+
+  fast-levenshtein@2.0.6: {}
+
+  fastq@1.17.1:
+    dependencies:
+      reusify: 1.0.4
+
+  fd-slicer@1.1.0:
+    dependencies:
+      pend: 1.2.0
+
+  fdir@6.4.4(picomatch@4.0.2):
+    optionalDependencies:
+      picomatch: 4.0.2
+
+  fetch-blob@3.2.0:
+    dependencies:
+      node-domexception: 1.0.0
+      web-streams-polyfill: 3.3.3
+
+  fflate@0.8.2: {}
+
+  figures@3.2.0:
+    dependencies:
+      escape-string-regexp: 1.0.5
+
+  file-entry-cache@6.0.1:
+    dependencies:
+      flat-cache: 3.2.0
+
+  fill-range@7.1.1:
+    dependencies:
+      to-regex-range: 5.0.1
+
+  find-up@4.1.0:
+    dependencies:
+      locate-path: 5.0.0
+      path-exists: 4.0.0
+
+  find-up@5.0.0:
+    dependencies:
+      locate-path: 6.0.0
+      path-exists: 4.0.0
+
+  flat-cache@3.2.0:
+    dependencies:
+      flatted: 3.3.1
+      keyv: 4.5.4
+      rimraf: 3.0.2
+
+  flatted@3.3.1: {}
+
+  follow-redirects@1.15.9(debug@4.4.0):
+    optionalDependencies:
+      debug: 4.4.0
+
+  for-each@0.3.3:
+    dependencies:
+      is-callable: 1.2.7
+
+  foreground-child@3.3.0:
+    dependencies:
+      cross-spawn: 7.0.6
+      signal-exit: 4.1.0
+
+  foreground-child@3.3.1:
+    dependencies:
+      cross-spawn: 7.0.6
+      signal-exit: 4.1.0
+
+  forever-agent@0.6.1: {}
+
+  form-data@4.0.2:
+    dependencies:
+      asynckit: 0.4.0
+      combined-stream: 1.0.8
+      es-set-tostringtag: 2.1.0
+      mime-types: 2.1.35
+
+  formdata-polyfill@4.0.10:
+    dependencies:
+      fetch-blob: 3.2.0
+
+  fraction.js@4.3.7: {}
+
+  from@0.1.7: {}
+
+  fs-extra@7.0.1:
+    dependencies:
+      graceful-fs: 4.2.11
+      jsonfile: 4.0.0
+      universalify: 0.1.2
+
+  fs-extra@8.1.0:
+    dependencies:
+      graceful-fs: 4.2.11
+      jsonfile: 4.0.0
+      universalify: 0.1.2
+
+  fs-extra@9.1.0:
+    dependencies:
+      at-least-node: 1.0.0
+      graceful-fs: 4.2.11
+      jsonfile: 6.1.0
+      universalify: 2.0.1
+
+  fs-minipass@2.1.0:
+    dependencies:
+      minipass: 3.3.6
+
+  fs.realpath@1.0.0: {}
+
+  fsevents@2.3.2:
+    optional: true
+
+  fsevents@2.3.3:
+    optional: true
+
+  function-bind@1.1.2: {}
+
+  function.prototype.name@1.1.6:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      functions-have-names: 1.2.3
+
+  functions-have-names@1.2.3: {}
+
+  gauge@3.0.2:
+    dependencies:
+      aproba: 2.0.0
+      color-support: 1.1.3
+      console-control-strings: 1.1.0
+      has-unicode: 2.0.1
+      object-assign: 4.1.1
+      signal-exit: 3.0.7
+      string-width: 4.2.3
+      strip-ansi: 6.0.1
+      wide-align: 1.1.5
+
+  gaxios@7.1.0:
+    dependencies:
+      extend: 3.0.2
+      https-proxy-agent: 7.0.6
+      node-fetch: 3.3.2
+    transitivePeerDependencies:
+      - supports-color
+
+  gensync@1.0.0-beta.2: {}
+
+  get-caller-file@2.0.5: {}
+
+  get-east-asian-width@1.3.0: {}
+
+  get-intrinsic@1.2.4:
+    dependencies:
+      es-errors: 1.3.0
+      function-bind: 1.1.2
+      has-proto: 1.0.3
+      has-symbols: 1.0.3
+      hasown: 2.0.2
+
+  get-intrinsic@1.3.0:
+    dependencies:
+      call-bind-apply-helpers: 1.0.2
+      es-define-property: 1.0.1
+      es-errors: 1.3.0
+      es-object-atoms: 1.1.1
+      function-bind: 1.1.2
+      get-proto: 1.0.1
+      gopd: 1.2.0
+      has-symbols: 1.1.0
+      hasown: 2.0.2
+      math-intrinsics: 1.1.0
+
+  get-proto@1.0.1:
+    dependencies:
+      dunder-proto: 1.0.1
+      es-object-atoms: 1.1.1
+
+  get-stream@5.2.0:
+    dependencies:
+      pump: 3.0.2
+
+  get-stream@6.0.1: {}
+
+  get-stream@8.0.1: {}
+
+  get-symbol-description@1.0.2:
+    dependencies:
+      call-bind: 1.0.7
+      es-errors: 1.3.0
+      get-intrinsic: 1.2.4
+
+  get-tsconfig@4.8.0:
+    dependencies:
+      resolve-pkg-maps: 1.0.0
+
+  getos@3.2.1:
+    dependencies:
+      async: 3.2.6
+
+  getpass@0.1.7:
+    dependencies:
+      assert-plus: 1.0.0
+
+  glob-parent@5.1.2:
+    dependencies:
+      is-glob: 4.0.3
+
+  glob-parent@6.0.2:
+    dependencies:
+      is-glob: 4.0.3
+
+  glob@10.3.10:
+    dependencies:
+      foreground-child: 3.3.0
+      jackspeak: 2.3.6
+      minimatch: 9.0.5
+      minipass: 7.1.2
+      path-scurry: 1.11.1
+
+  glob@10.4.5:
+    dependencies:
+      foreground-child: 3.3.1
+      jackspeak: 3.4.3
+      minimatch: 9.0.5
+      minipass: 7.1.2
+      package-json-from-dist: 1.0.1
+      path-scurry: 1.11.1
+
+  glob@7.2.3:
+    dependencies:
+      fs.realpath: 1.0.0
+      inflight: 1.0.6
+      inherits: 2.0.4
+      minimatch: 3.1.2
+      once: 1.4.0
+      path-is-absolute: 1.0.1
+
+  global-dirs@3.0.1:
+    dependencies:
+      ini: 2.0.0
+
+  globals@11.12.0: {}
+
+  globals@13.24.0:
+    dependencies:
+      type-fest: 0.20.2
+
+  globalthis@1.0.4:
+    dependencies:
+      define-properties: 1.2.1
+      gopd: 1.0.1
+
+  globby@11.1.0:
+    dependencies:
+      array-union: 2.1.0
+      dir-glob: 3.0.1
+      fast-glob: 3.3.3
+      ignore: 5.3.2
+      merge2: 1.4.1
+      slash: 3.0.0
+
+  globrex@0.1.2: {}
+
+  gopd@1.0.1:
+    dependencies:
+      get-intrinsic: 1.2.4
+
+  gopd@1.2.0: {}
+
+  graceful-fs@4.2.11: {}
+
+  graphemer@1.4.0: {}
+
+  grpc-tools@1.13.0:
+    dependencies:
+      '@mapbox/node-pre-gyp': 1.0.11
+    transitivePeerDependencies:
+      - encoding
+      - supports-color
+
+  has-bigints@1.0.2: {}
+
+  has-flag@3.0.0: {}
+
+  has-flag@4.0.0: {}
+
+  has-property-descriptors@1.0.2:
+    dependencies:
+      es-define-property: 1.0.0
+
+  has-proto@1.0.3: {}
+
+  has-symbols@1.0.3: {}
+
+  has-symbols@1.1.0: {}
+
+  has-tostringtag@1.0.2:
+    dependencies:
+      has-symbols: 1.1.0
+
+  has-unicode@2.0.1: {}
+
+  hasown@2.0.2:
+    dependencies:
+      function-bind: 1.1.2
+
+  html-encoding-sniffer@4.0.0:
+    dependencies:
+      whatwg-encoding: 3.1.1
+
+  http-proxy-agent@7.0.2:
+    dependencies:
+      agent-base: 7.1.3
+      debug: 4.4.0
+    transitivePeerDependencies:
+      - supports-color
+
+  http-signature@1.4.0:
+    dependencies:
+      assert-plus: 1.0.0
+      jsprim: 2.0.2
+      sshpk: 1.18.0
+
+  https-proxy-agent@5.0.1:
+    dependencies:
+      agent-base: 6.0.2
+      debug: 4.4.0
+    transitivePeerDependencies:
+      - supports-color
+
+  https-proxy-agent@7.0.6:
+    dependencies:
+      agent-base: 7.1.3
+      debug: 4.4.0
+    transitivePeerDependencies:
+      - supports-color
+
+  human-id@4.1.1: {}
+
+  human-signals@1.1.1: {}
+
+  human-signals@2.1.0: {}
+
+  human-signals@5.0.0: {}
+
+  iconv-lite@0.4.24:
+    dependencies:
+      safer-buffer: 2.1.2
+
+  iconv-lite@0.6.3:
+    dependencies:
+      safer-buffer: 2.1.2
+
+  ieee754@1.2.1: {}
+
+  ignore-by-default@1.0.1: {}
+
+  ignore@5.3.2: {}
+
+  immutable@5.1.1: {}
+
+  import-fresh@3.3.0:
+    dependencies:
+      parent-module: 1.0.1
+      resolve-from: 4.0.0
+
+  imurmurhash@0.1.4: {}
+
+  indent-string@4.0.0: {}
+
+  inflight@1.0.6:
+    dependencies:
+      once: 1.4.0
+      wrappy: 1.0.2
+
+  inherits@2.0.4: {}
+
+  ini@2.0.0: {}
+
+  internal-slot@1.0.7:
+    dependencies:
+      es-errors: 1.3.0
+      hasown: 2.0.2
+      side-channel: 1.0.6
+
+  intl-messageformat@10.7.7:
+    dependencies:
+      '@formatjs/ecma402-abstract': 2.2.4
+      '@formatjs/fast-memoize': 2.2.3
+      '@formatjs/icu-messageformat-parser': 2.9.4
+      tslib: 2.8.1
+
+  is-arguments@1.1.1:
+    dependencies:
+      call-bind: 1.0.7
+      has-tostringtag: 1.0.2
+
+  is-array-buffer@3.0.4:
+    dependencies:
+      call-bind: 1.0.7
+      get-intrinsic: 1.2.4
+
+  is-arrayish@0.3.2:
+    optional: true
+
+  is-async-function@2.0.0:
+    dependencies:
+      has-tostringtag: 1.0.2
+
+  is-bigint@1.0.4:
+    dependencies:
+      has-bigints: 1.0.2
+
+  is-binary-path@2.1.0:
+    dependencies:
+      binary-extensions: 2.3.0
+
+  is-boolean-object@1.1.2:
+    dependencies:
+      call-bind: 1.0.7
+      has-tostringtag: 1.0.2
+
+  is-bun-module@1.1.0:
+    dependencies:
+      semver: 7.7.1
+
+  is-callable@1.2.7: {}
+
+  is-core-module@2.15.1:
+    dependencies:
+      hasown: 2.0.2
+
+  is-data-view@1.0.1:
+    dependencies:
+      is-typed-array: 1.1.13
+
+  is-date-object@1.0.5:
+    dependencies:
+      has-tostringtag: 1.0.2
+
+  is-extglob@2.1.1: {}
+
+  is-finalizationregistry@1.0.2:
+    dependencies:
+      call-bind: 1.0.7
+
+  is-fullwidth-code-point@3.0.0: {}
+
+  is-fullwidth-code-point@4.0.0: {}
+
+  is-fullwidth-code-point@5.0.0:
+    dependencies:
+      get-east-asian-width: 1.3.0
+
+  is-generator-function@1.0.10:
+    dependencies:
+      has-tostringtag: 1.0.2
+
+  is-glob@4.0.3:
+    dependencies:
+      is-extglob: 2.1.1
+
+  is-installed-globally@0.4.0:
+    dependencies:
+      global-dirs: 3.0.1
+      is-path-inside: 3.0.3
+
+  is-map@2.0.3: {}
+
+  is-negative-zero@2.0.3: {}
+
+  is-number-object@1.0.7:
+    dependencies:
+      has-tostringtag: 1.0.2
+
+  is-number@7.0.0: {}
+
+  is-path-inside@3.0.3: {}
+
+  is-potential-custom-element-name@1.0.1: {}
+
+  is-regex@1.1.4:
+    dependencies:
+      call-bind: 1.0.7
+      has-tostringtag: 1.0.2
+
+  is-set@2.0.3: {}
+
+  is-shared-array-buffer@1.0.3:
+    dependencies:
+      call-bind: 1.0.7
+
+  is-stream@2.0.1: {}
+
+  is-stream@3.0.0: {}
+
+  is-string@1.0.7:
+    dependencies:
+      has-tostringtag: 1.0.2
+
+  is-subdir@1.2.0:
+    dependencies:
+      better-path-resolve: 1.0.0
+
+  is-symbol@1.0.4:
+    dependencies:
+      has-symbols: 1.0.3
+
+  is-typed-array@1.1.13:
+    dependencies:
+      which-typed-array: 1.1.15
+
+  is-typedarray@1.0.0: {}
+
+  is-unicode-supported@0.1.0: {}
+
+  is-weakmap@2.0.2: {}
+
+  is-weakref@1.0.2:
+    dependencies:
+      call-bind: 1.0.7
+
+  is-weakset@2.0.3:
+    dependencies:
+      call-bind: 1.0.7
+      get-intrinsic: 1.3.0
+
+  is-windows@1.0.2: {}
+
+  isarray@2.0.5: {}
+
+  isexe@2.0.0: {}
+
+  isstream@0.1.2: {}
+
+  iterator.prototype@1.1.2:
+    dependencies:
+      define-properties: 1.2.1
+      get-intrinsic: 1.2.4
+      has-symbols: 1.0.3
+      reflect.getprototypeof: 1.0.6
+      set-function-name: 2.0.2
+
+  jackspeak@2.3.6:
+    dependencies:
+      '@isaacs/cliui': 8.0.2
+    optionalDependencies:
+      '@pkgjs/parseargs': 0.11.0
+
+  jackspeak@3.4.3:
+    dependencies:
+      '@isaacs/cliui': 8.0.2
+    optionalDependencies:
+      '@pkgjs/parseargs': 0.11.0
+
+  jiti@1.21.6: {}
+
+  joi@17.13.3:
+    dependencies:
+      '@hapi/hoek': 9.3.0
+      '@hapi/topo': 5.1.0
+      '@sideway/address': 4.1.5
+      '@sideway/formula': 3.0.1
+      '@sideway/pinpoint': 2.0.0
+
+  jose@5.8.0: {}
+
+  joycon@3.1.1: {}
+
+  js-tokens@4.0.0: {}
+
+  js-yaml@3.14.1:
+    dependencies:
+      argparse: 1.0.10
+      esprima: 4.0.1
+
+  js-yaml@4.1.0:
+    dependencies:
+      argparse: 2.0.1
+
+  jsbn@0.1.1: {}
+
+  jsdom@26.1.0:
+    dependencies:
+      cssstyle: 4.3.1
+      data-urls: 5.0.0
+      decimal.js: 10.5.0
+      html-encoding-sniffer: 4.0.0
+      http-proxy-agent: 7.0.2
+      https-proxy-agent: 7.0.6
+      is-potential-custom-element-name: 1.0.1
+      nwsapi: 2.2.20
+      parse5: 7.3.0
+      rrweb-cssom: 0.8.0
+      saxes: 6.0.0
+      symbol-tree: 3.2.4
+      tough-cookie: 5.1.2
+      w3c-xmlserializer: 5.0.0
+      webidl-conversions: 7.0.0
+      whatwg-encoding: 3.1.1
+      whatwg-mimetype: 4.0.0
+      whatwg-url: 14.2.0
+      ws: 8.18.1
+      xml-name-validator: 5.0.0
+    transitivePeerDependencies:
+      - bufferutil
+      - supports-color
+      - utf-8-validate
+
+  jsesc@3.1.0: {}
+
+  json-buffer@3.0.1: {}
+
+  json-schema-traverse@0.4.1: {}
+
+  json-schema@0.4.0: {}
+
+  json-stable-stringify-without-jsonify@1.0.1: {}
+
+  json-stringify-safe@5.0.1: {}
+
+  json5@1.0.2:
+    dependencies:
+      minimist: 1.2.8
+
+  json5@2.2.3: {}
+
+  jsonfile@4.0.0:
+    optionalDependencies:
+      graceful-fs: 4.2.11
+
+  jsonfile@6.1.0:
+    dependencies:
+      universalify: 2.0.1
+    optionalDependencies:
+      graceful-fs: 4.2.11
+
+  jsprim@2.0.2:
+    dependencies:
+      assert-plus: 1.0.0
+      extsprintf: 1.3.0
+      json-schema: 0.4.0
+      verror: 1.10.0
+
+  jsx-ast-utils@3.3.5:
+    dependencies:
+      array-includes: 3.1.8
+      array.prototype.flat: 1.3.2
+      object.assign: 4.1.5
+      object.values: 1.2.0
+
+  keyv@4.5.4:
+    dependencies:
+      json-buffer: 3.0.1
+
+  language-subtag-registry@0.3.23: {}
+
+  language-tags@1.0.9:
+    dependencies:
+      language-subtag-registry: 0.3.23
+
+  lazy-ass@1.6.0: {}
+
+  levn@0.4.1:
+    dependencies:
+      prelude-ls: 1.2.1
+      type-check: 0.4.0
+
+  lilconfig@2.1.0: {}
+
+  lilconfig@3.1.3: {}
+
+  lines-and-columns@1.2.4: {}
+
+  lint-staged@15.5.1:
+    dependencies:
+      chalk: 5.4.1
+      commander: 13.1.0
+      debug: 4.4.0
+      execa: 8.0.1
+      lilconfig: 3.1.3
+      listr2: 8.3.2
+      micromatch: 4.0.8
+      pidtree: 0.6.0
+      string-argv: 0.3.2
+      yaml: 2.7.1
+    transitivePeerDependencies:
+      - supports-color
+
+  listr2@3.14.0(enquirer@2.4.1):
+    dependencies:
+      cli-truncate: 2.1.0
+      colorette: 2.0.20
+      log-update: 4.0.0
+      p-map: 4.0.0
+      rfdc: 1.4.1
+      rxjs: 7.8.2
+      through: 2.3.8
+      wrap-ansi: 7.0.0
+    optionalDependencies:
+      enquirer: 2.4.1
+
+  listr2@8.3.2:
+    dependencies:
+      cli-truncate: 4.0.0
+      colorette: 2.0.20
+      eventemitter3: 5.0.1
+      log-update: 6.1.0
+      rfdc: 1.4.1
+      wrap-ansi: 9.0.0
+
+  load-tsconfig@0.2.5: {}
+
+  locate-path@5.0.0:
+    dependencies:
+      p-locate: 4.1.0
+
+  locate-path@6.0.0:
+    dependencies:
+      p-locate: 5.0.0
+
+  lodash.camelcase@4.3.0: {}
+
+  lodash.merge@4.6.2: {}
+
+  lodash.once@4.1.1: {}
+
+  lodash.sortby@4.7.0: {}
+
+  lodash.startcase@4.4.0: {}
+
+  lodash@4.17.21: {}
+
+  log-symbols@4.1.0:
+    dependencies:
+      chalk: 4.1.2
+      is-unicode-supported: 0.1.0
+
+  log-update@4.0.0:
+    dependencies:
+      ansi-escapes: 4.3.2
+      cli-cursor: 3.1.0
+      slice-ansi: 4.0.0
+      wrap-ansi: 6.2.0
+
+  log-update@6.1.0:
+    dependencies:
+      ansi-escapes: 7.0.0
+      cli-cursor: 5.0.0
+      slice-ansi: 7.1.0
+      strip-ansi: 7.1.0
+      wrap-ansi: 9.0.0
+
+  long@5.2.3: {}
+
+  loose-envify@1.4.0:
+    dependencies:
+      js-tokens: 4.0.0
+
+  loupe@3.1.3: {}
+
+  lru-cache@10.4.3: {}
+
+  lru-cache@5.1.1:
+    dependencies:
+      yallist: 3.1.1
+
+  lucide-react@0.469.0(react@19.1.0):
+    dependencies:
+      react: 19.1.0
+
+  lz-string@1.5.0: {}
+
+  magic-string@0.30.17:
+    dependencies:
+      '@jridgewell/sourcemap-codec': 1.5.0
+
+  make-dir-cli@4.0.0:
+    dependencies:
+      make-dir: 5.0.0
+      meow: 13.2.0
+
+  make-dir@3.1.0:
+    dependencies:
+      semver: 6.3.1
+
+  make-dir@5.0.0: {}
+
+  map-stream@0.1.0: {}
+
+  math-intrinsics@1.1.0: {}
+
+  meow@13.2.0: {}
+
+  merge-stream@2.0.0: {}
+
+  merge2@1.4.1: {}
+
+  micromatch@4.0.8:
+    dependencies:
+      braces: 3.0.3
+      picomatch: 2.3.1
+
+  mime-db@1.52.0: {}
+
+  mime-types@2.1.35:
+    dependencies:
+      mime-db: 1.52.0
+
+  mimic-fn@2.1.0: {}
+
+  mimic-fn@4.0.0: {}
+
+  mimic-function@5.0.1: {}
+
+  min-indent@1.0.1: {}
+
+  mini-svg-data-uri@1.4.4: {}
+
+  minimatch@3.1.2:
+    dependencies:
+      brace-expansion: 1.1.11
+
+  minimatch@9.0.5:
+    dependencies:
+      brace-expansion: 2.0.1
+
+  minimist@1.2.8: {}
+
+  minipass@3.3.6:
+    dependencies:
+      yallist: 4.0.0
+
+  minipass@5.0.0: {}
+
+  minipass@7.1.2: {}
+
+  minizlib@2.1.2:
+    dependencies:
+      minipass: 3.3.6
+      yallist: 4.0.0
+
+  mkdirp@1.0.4: {}
+
+  moment@2.30.1: {}
+
+  mri@1.2.0: {}
+
+  ms@2.1.3: {}
+
+  mz@2.7.0:
+    dependencies:
+      any-promise: 1.3.0
+      object-assign: 4.1.1
+      thenify-all: 1.6.0
+
+  nanoid@3.3.11: {}
+
+  natural-compare@1.4.0: {}
+
+  negotiator@1.0.0: {}
+
+  next-intl@3.26.5(next@15.4.0-canary.86(@playwright/test@1.52.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(sass@1.87.0))(react@19.1.0):
+    dependencies:
+      '@formatjs/intl-localematcher': 0.5.8
+      negotiator: 1.0.0
+      next: 15.4.0-canary.86(@playwright/test@1.52.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(sass@1.87.0)
+      react: 19.1.0
+      use-intl: 3.26.5(react@19.1.0)
+
+  next-themes@0.2.1(next@15.4.0-canary.86(@playwright/test@1.52.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(sass@1.87.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0):
+    dependencies:
+      next: 15.4.0-canary.86(@playwright/test@1.52.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(sass@1.87.0)
+      react: 19.1.0
+      react-dom: 19.1.0(react@19.1.0)
+
+  next@15.4.0-canary.86(@playwright/test@1.52.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)(sass@1.87.0):
+    dependencies:
+      '@next/env': 15.4.0-canary.86
+      '@swc/helpers': 0.5.15
+      caniuse-lite: 1.0.30001715
+      postcss: 8.4.31
+      react: 19.1.0
+      react-dom: 19.1.0(react@19.1.0)
+      styled-jsx: 5.1.6(react@19.1.0)
+    optionalDependencies:
+      '@next/swc-darwin-arm64': 15.4.0-canary.86
+      '@next/swc-darwin-x64': 15.4.0-canary.86
+      '@next/swc-linux-arm64-gnu': 15.4.0-canary.86
+      '@next/swc-linux-arm64-musl': 15.4.0-canary.86
+      '@next/swc-linux-x64-gnu': 15.4.0-canary.86
+      '@next/swc-linux-x64-musl': 15.4.0-canary.86
+      '@next/swc-win32-arm64-msvc': 15.4.0-canary.86
+      '@next/swc-win32-x64-msvc': 15.4.0-canary.86
+      '@playwright/test': 1.52.0
+      sass: 1.87.0
+      sharp: 0.34.1
+    transitivePeerDependencies:
+      - '@babel/core'
+      - babel-plugin-macros
+
+  nice-grpc-common@2.0.2:
+    dependencies:
+      ts-error: 1.0.6
+
+  nice-grpc@2.0.1:
+    dependencies:
+      '@grpc/grpc-js': 1.11.1
+      abort-controller-x: 0.4.3
+      nice-grpc-common: 2.0.2
+
+  node-addon-api@7.1.1:
+    optional: true
+
+  node-domexception@1.0.0: {}
+
+  node-fetch@2.7.0:
+    dependencies:
+      whatwg-url: 5.0.0
+
+  node-fetch@3.3.2:
+    dependencies:
+      data-uri-to-buffer: 4.0.1
+      fetch-blob: 3.2.0
+      formdata-polyfill: 4.0.10
+
+  node-releases@2.0.19: {}
+
+  nodemon@3.1.9:
+    dependencies:
+      chokidar: 3.6.0
+      debug: 4.4.0(supports-color@5.5.0)
+      ignore-by-default: 1.0.1
+      minimatch: 3.1.2
+      pstree.remy: 1.1.8
+      semver: 7.7.1
+      simple-update-notifier: 2.0.0
+      supports-color: 5.5.0
+      touch: 3.1.1
+      undefsafe: 2.0.5
+
+  nopt@5.0.0:
+    dependencies:
+      abbrev: 1.1.1
+
+  normalize-path@3.0.0: {}
+
+  normalize-range@0.1.2: {}
+
+  npm-run-path@4.0.1:
+    dependencies:
+      path-key: 3.1.1
+
+  npm-run-path@5.3.0:
+    dependencies:
+      path-key: 4.0.0
+
+  npmlog@5.0.1:
+    dependencies:
+      are-we-there-yet: 2.0.0
+      console-control-strings: 1.1.0
+      gauge: 3.0.2
+      set-blocking: 2.0.0
+
+  nwsapi@2.2.20: {}
+
+  object-assign@4.1.1: {}
+
+  object-hash@3.0.0: {}
+
+  object-inspect@1.13.2: {}
+
+  object-inspect@1.13.4: {}
+
+  object-is@1.1.6:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+
+  object-keys@1.1.1: {}
+
+  object.assign@4.1.5:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      has-symbols: 1.0.3
+      object-keys: 1.1.1
+
+  object.entries@1.1.8:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-object-atoms: 1.0.0
+
+  object.fromentries@2.0.8:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      es-object-atoms: 1.0.0
+
+  object.groupby@1.0.3:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+
+  object.values@1.2.0:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-object-atoms: 1.0.0
+
+  once@1.4.0:
+    dependencies:
+      wrappy: 1.0.2
+
+  onetime@5.1.2:
+    dependencies:
+      mimic-fn: 2.1.0
+
+  onetime@6.0.0:
+    dependencies:
+      mimic-fn: 4.0.0
+
+  onetime@7.0.0:
+    dependencies:
+      mimic-function: 5.0.1
+
+  optionator@0.9.4:
+    dependencies:
+      deep-is: 0.1.4
+      fast-levenshtein: 2.0.6
+      levn: 0.4.1
+      prelude-ls: 1.2.1
+      type-check: 0.4.0
+      word-wrap: 1.2.5
+
+  os-tmpdir@1.0.2: {}
+
+  ospath@1.2.2: {}
+
+  outdent@0.5.0: {}
+
+  p-filter@2.1.0:
+    dependencies:
+      p-map: 2.1.0
+
+  p-limit@2.3.0:
+    dependencies:
+      p-try: 2.2.0
+
+  p-limit@3.1.0:
+    dependencies:
+      yocto-queue: 0.1.0
+
+  p-locate@4.1.0:
+    dependencies:
+      p-limit: 2.3.0
+
+  p-locate@5.0.0:
+    dependencies:
+      p-limit: 3.1.0
+
+  p-map@2.1.0: {}
+
+  p-map@4.0.0:
+    dependencies:
+      aggregate-error: 3.1.0
+
+  p-try@2.2.0: {}
+
+  package-json-from-dist@1.0.1: {}
+
+  package-manager-detector@0.2.11:
+    dependencies:
+      quansync: 0.2.10
+
+  parent-module@1.0.1:
+    dependencies:
+      callsites: 3.1.0
+
+  parse5@7.3.0:
+    dependencies:
+      entities: 6.0.0
+
+  path-exists@4.0.0: {}
+
+  path-is-absolute@1.0.1: {}
+
+  path-key@3.1.1: {}
+
+  path-key@4.0.0: {}
+
+  path-parse@1.0.7: {}
+
+  path-scurry@1.11.1:
+    dependencies:
+      lru-cache: 10.4.3
+      minipass: 7.1.2
+
+  path-type@4.0.0: {}
+
+  pathe@2.0.3: {}
+
+  pathval@2.0.0: {}
+
+  pause-stream@0.0.11:
+    dependencies:
+      through: 2.3.8
+
+  pend@1.2.0: {}
+
+  performance-now@2.1.0: {}
+
+  picocolors@1.1.1: {}
+
+  picomatch@2.3.1: {}
+
+  picomatch@4.0.2: {}
+
+  pidtree@0.6.0: {}
+
+  pify@2.3.0: {}
+
+  pify@4.0.1: {}
+
+  pirates@4.0.7: {}
+
+  playwright-core@1.52.0: {}
+
+  playwright@1.52.0:
+    dependencies:
+      playwright-core: 1.52.0
+    optionalDependencies:
+      fsevents: 2.3.2
+
+  possible-typed-array-names@1.0.0: {}
+
+  postcss-import@15.1.0(postcss@8.5.3):
+    dependencies:
+      postcss: 8.5.3
+      postcss-value-parser: 4.2.0
+      read-cache: 1.0.0
+      resolve: 1.22.8
+
+  postcss-js@4.0.1(postcss@8.5.3):
+    dependencies:
+      camelcase-css: 2.0.1
+      postcss: 8.5.3
+
+  postcss-load-config@4.0.2(postcss@8.5.3):
+    dependencies:
+      lilconfig: 3.1.3
+      yaml: 2.7.1
+    optionalDependencies:
+      postcss: 8.5.3
+
+  postcss-load-config@6.0.1(jiti@1.21.6)(postcss@8.5.3)(yaml@2.7.1):
+    dependencies:
+      lilconfig: 3.1.3
+    optionalDependencies:
+      jiti: 1.21.6
+      postcss: 8.5.3
+      yaml: 2.7.1
+
+  postcss-nested@6.2.0(postcss@8.5.3):
+    dependencies:
+      postcss: 8.5.3
+      postcss-selector-parser: 6.1.2
+
+  postcss-selector-parser@6.1.2:
+    dependencies:
+      cssesc: 3.0.0
+      util-deprecate: 1.0.2
+
+  postcss-value-parser@4.2.0: {}
+
+  postcss@8.4.31:
+    dependencies:
+      nanoid: 3.3.11
+      picocolors: 1.1.1
+      source-map-js: 1.2.1
+
+  postcss@8.5.3:
+    dependencies:
+      nanoid: 3.3.11
+      picocolors: 1.1.1
+      source-map-js: 1.2.1
+
+  prelude-ls@1.2.1: {}
+
+  prettier-plugin-organize-imports@4.1.0(prettier@3.5.3)(typescript@5.8.3):
+    dependencies:
+      prettier: 3.5.3
+      typescript: 5.8.3
+
+  prettier-plugin-tailwindcss@0.6.11(prettier-plugin-organize-imports@4.1.0(prettier@3.5.3)(typescript@5.8.3))(prettier@3.5.3):
+    dependencies:
+      prettier: 3.5.3
+    optionalDependencies:
+      prettier-plugin-organize-imports: 4.1.0(prettier@3.5.3)(typescript@5.8.3)
+
+  prettier@2.8.8: {}
+
+  prettier@3.5.3: {}
+
+  pretty-bytes@5.6.0: {}
+
+  pretty-format@27.5.1:
+    dependencies:
+      ansi-regex: 5.0.1
+      ansi-styles: 5.2.0
+      react-is: 17.0.2
+
+  process@0.11.10: {}
+
+  prop-types@15.8.1:
+    dependencies:
+      loose-envify: 1.4.0
+      object-assign: 4.1.1
+      react-is: 16.13.1
+
+  protobufjs@7.4.0:
+    dependencies:
+      '@protobufjs/aspromise': 1.1.2
+      '@protobufjs/base64': 1.1.2
+      '@protobufjs/codegen': 2.0.4
+      '@protobufjs/eventemitter': 1.1.0
+      '@protobufjs/fetch': 1.1.0
+      '@protobufjs/float': 1.0.2
+      '@protobufjs/inquire': 1.1.0
+      '@protobufjs/path': 1.1.2
+      '@protobufjs/pool': 1.1.0
+      '@protobufjs/utf8': 1.1.0
+      '@types/node': 22.14.1
+      long: 5.2.3
+
+  proxy-from-env@1.0.0: {}
+
+  proxy-from-env@1.1.0: {}
+
+  ps-tree@1.2.0:
+    dependencies:
+      event-stream: 3.3.4
+
+  pstree.remy@1.1.8: {}
+
+  pump@3.0.2:
+    dependencies:
+      end-of-stream: 1.4.4
+      once: 1.4.0
+
+  punycode@2.3.1: {}
+
+  qrcode.react@3.1.0(react@19.1.0):
+    dependencies:
+      react: 19.1.0
+
+  qs@6.14.0:
+    dependencies:
+      side-channel: 1.1.0
+
+  quansync@0.2.10: {}
+
+  queue-microtask@1.2.3: {}
+
+  react-dom@19.1.0(react@19.1.0):
+    dependencies:
+      react: 19.1.0
+      scheduler: 0.26.0
+
+  react-hook-form@7.39.5(react@19.1.0):
+    dependencies:
+      react: 19.1.0
+
+  react-is@16.13.1: {}
+
+  react-is@17.0.2: {}
+
+  react-refresh@0.17.0: {}
+
+  react@19.1.0: {}
+
+  read-cache@1.0.0:
+    dependencies:
+      pify: 2.3.0
+
+  read-yaml-file@1.1.0:
+    dependencies:
+      graceful-fs: 4.2.11
+      js-yaml: 3.14.1
+      pify: 4.0.1
+      strip-bom: 3.0.0
+
+  readable-stream@3.6.2:
+    dependencies:
+      inherits: 2.0.4
+      string_decoder: 1.3.0
+      util-deprecate: 1.0.2
+
+  readdirp@3.6.0:
+    dependencies:
+      picomatch: 2.3.1
+
+  readdirp@4.1.2: {}
+
+  redent@3.0.0:
+    dependencies:
+      indent-string: 4.0.0
+      strip-indent: 3.0.0
+
+  reflect.getprototypeof@1.0.6:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      es-errors: 1.3.0
+      get-intrinsic: 1.2.4
+      globalthis: 1.0.4
+      which-builtin-type: 1.1.4
+
+  regenerator-runtime@0.14.1: {}
+
+  regexp.prototype.flags@1.5.2:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-errors: 1.3.0
+      set-function-name: 2.0.2
+
+  request-progress@3.0.0:
+    dependencies:
+      throttleit: 1.0.1
+
+  require-directory@2.1.1: {}
+
+  resolve-from@4.0.0: {}
+
+  resolve-from@5.0.0: {}
+
+  resolve-pkg-maps@1.0.0: {}
+
+  resolve@1.22.8:
+    dependencies:
+      is-core-module: 2.15.1
+      path-parse: 1.0.7
+      supports-preserve-symlinks-flag: 1.0.0
+
+  resolve@2.0.0-next.5:
+    dependencies:
+      is-core-module: 2.15.1
+      path-parse: 1.0.7
+      supports-preserve-symlinks-flag: 1.0.0
+
+  restore-cursor@3.1.0:
+    dependencies:
+      onetime: 5.1.2
+      signal-exit: 3.0.7
+
+  restore-cursor@5.1.0:
+    dependencies:
+      onetime: 7.0.0
+      signal-exit: 4.1.0
+
+  reusify@1.0.4: {}
+
+  rfdc@1.4.1: {}
+
+  rimraf@3.0.2:
+    dependencies:
+      glob: 7.2.3
+
+  rollup@4.40.0:
+    dependencies:
+      '@types/estree': 1.0.7
+    optionalDependencies:
+      '@rollup/rollup-android-arm-eabi': 4.40.0
+      '@rollup/rollup-android-arm64': 4.40.0
+      '@rollup/rollup-darwin-arm64': 4.40.0
+      '@rollup/rollup-darwin-x64': 4.40.0
+      '@rollup/rollup-freebsd-arm64': 4.40.0
+      '@rollup/rollup-freebsd-x64': 4.40.0
+      '@rollup/rollup-linux-arm-gnueabihf': 4.40.0
+      '@rollup/rollup-linux-arm-musleabihf': 4.40.0
+      '@rollup/rollup-linux-arm64-gnu': 4.40.0
+      '@rollup/rollup-linux-arm64-musl': 4.40.0
+      '@rollup/rollup-linux-loongarch64-gnu': 4.40.0
+      '@rollup/rollup-linux-powerpc64le-gnu': 4.40.0
+      '@rollup/rollup-linux-riscv64-gnu': 4.40.0
+      '@rollup/rollup-linux-riscv64-musl': 4.40.0
+      '@rollup/rollup-linux-s390x-gnu': 4.40.0
+      '@rollup/rollup-linux-x64-gnu': 4.40.0
+      '@rollup/rollup-linux-x64-musl': 4.40.0
+      '@rollup/rollup-win32-arm64-msvc': 4.40.0
+      '@rollup/rollup-win32-ia32-msvc': 4.40.0
+      '@rollup/rollup-win32-x64-msvc': 4.40.0
+      fsevents: 2.3.3
+
+  rrweb-cssom@0.8.0: {}
+
+  run-parallel@1.2.0:
+    dependencies:
+      queue-microtask: 1.2.3
+
+  rxjs@7.8.2:
+    dependencies:
+      tslib: 2.8.1
+
+  safe-array-concat@1.1.2:
+    dependencies:
+      call-bind: 1.0.7
+      get-intrinsic: 1.2.4
+      has-symbols: 1.0.3
+      isarray: 2.0.5
+
+  safe-buffer@5.2.1: {}
+
+  safe-regex-test@1.0.3:
+    dependencies:
+      call-bind: 1.0.7
+      es-errors: 1.3.0
+      is-regex: 1.1.4
+
+  safer-buffer@2.1.2: {}
+
+  sass@1.87.0:
+    dependencies:
+      chokidar: 4.0.3
+      immutable: 5.1.1
+      source-map-js: 1.2.1
+    optionalDependencies:
+      '@parcel/watcher': 2.5.1
+
+  saxes@6.0.0:
+    dependencies:
+      xmlchars: 2.2.0
+
+  scheduler@0.26.0: {}
+
+  semver@6.3.1: {}
+
+  semver@7.7.1: {}
+
+  server-only@0.0.1: {}
+
+  set-blocking@2.0.0: {}
+
+  set-function-length@1.2.2:
+    dependencies:
+      define-data-property: 1.1.4
+      es-errors: 1.3.0
+      function-bind: 1.1.2
+      get-intrinsic: 1.3.0
+      gopd: 1.2.0
+      has-property-descriptors: 1.0.2
+
+  set-function-name@2.0.2:
+    dependencies:
+      define-data-property: 1.1.4
+      es-errors: 1.3.0
+      functions-have-names: 1.2.3
+      has-property-descriptors: 1.0.2
+
+  sharp@0.34.1:
+    dependencies:
+      color: 4.2.3
+      detect-libc: 2.0.4
+      semver: 7.7.1
+    optionalDependencies:
+      '@img/sharp-darwin-arm64': 0.34.1
+      '@img/sharp-darwin-x64': 0.34.1
+      '@img/sharp-libvips-darwin-arm64': 1.1.0
+      '@img/sharp-libvips-darwin-x64': 1.1.0
+      '@img/sharp-libvips-linux-arm': 1.1.0
+      '@img/sharp-libvips-linux-arm64': 1.1.0
+      '@img/sharp-libvips-linux-ppc64': 1.1.0
+      '@img/sharp-libvips-linux-s390x': 1.1.0
+      '@img/sharp-libvips-linux-x64': 1.1.0
+      '@img/sharp-libvips-linuxmusl-arm64': 1.1.0
+      '@img/sharp-libvips-linuxmusl-x64': 1.1.0
+      '@img/sharp-linux-arm': 0.34.1
+      '@img/sharp-linux-arm64': 0.34.1
+      '@img/sharp-linux-s390x': 0.34.1
+      '@img/sharp-linux-x64': 0.34.1
+      '@img/sharp-linuxmusl-arm64': 0.34.1
+      '@img/sharp-linuxmusl-x64': 0.34.1
+      '@img/sharp-wasm32': 0.34.1
+      '@img/sharp-win32-ia32': 0.34.1
+      '@img/sharp-win32-x64': 0.34.1
+    optional: true
+
+  shebang-command@2.0.0:
+    dependencies:
+      shebang-regex: 3.0.0
+
+  shebang-regex@3.0.0: {}
+
+  shell-quote@1.8.2: {}
+
+  side-channel-list@1.0.0:
+    dependencies:
+      es-errors: 1.3.0
+      object-inspect: 1.13.4
+
+  side-channel-map@1.0.1:
+    dependencies:
+      call-bound: 1.0.4
+      es-errors: 1.3.0
+      get-intrinsic: 1.3.0
+      object-inspect: 1.13.4
+
+  side-channel-weakmap@1.0.2:
+    dependencies:
+      call-bound: 1.0.4
+      es-errors: 1.3.0
+      get-intrinsic: 1.3.0
+      object-inspect: 1.13.4
+      side-channel-map: 1.0.1
+
+  side-channel@1.0.6:
+    dependencies:
+      call-bind: 1.0.7
+      es-errors: 1.3.0
+      get-intrinsic: 1.3.0
+      object-inspect: 1.13.2
+
+  side-channel@1.1.0:
+    dependencies:
+      es-errors: 1.3.0
+      object-inspect: 1.13.4
+      side-channel-list: 1.0.0
+      side-channel-map: 1.0.1
+      side-channel-weakmap: 1.0.2
+
+  siginfo@2.0.0: {}
+
+  signal-exit@3.0.7: {}
+
+  signal-exit@4.1.0: {}
+
+  simple-swizzle@0.2.2:
+    dependencies:
+      is-arrayish: 0.3.2
+    optional: true
+
+  simple-update-notifier@2.0.0:
+    dependencies:
+      semver: 7.7.1
+
+  slash@3.0.0: {}
+
+  slice-ansi@3.0.0:
+    dependencies:
+      ansi-styles: 4.3.0
+      astral-regex: 2.0.0
+      is-fullwidth-code-point: 3.0.0
+
+  slice-ansi@4.0.0:
+    dependencies:
+      ansi-styles: 4.3.0
+      astral-regex: 2.0.0
+      is-fullwidth-code-point: 3.0.0
+
+  slice-ansi@5.0.0:
+    dependencies:
+      ansi-styles: 6.2.1
+      is-fullwidth-code-point: 4.0.0
+
+  slice-ansi@7.1.0:
+    dependencies:
+      ansi-styles: 6.2.1
+      is-fullwidth-code-point: 5.0.0
+
+  source-map-js@1.2.1: {}
+
+  source-map@0.8.0-beta.0:
+    dependencies:
+      whatwg-url: 7.1.0
+
+  spawndamnit@3.0.1:
+    dependencies:
+      cross-spawn: 7.0.6
+      signal-exit: 4.1.0
+
+  split@0.3.3:
+    dependencies:
+      through: 2.3.8
+
+  sprintf-js@1.0.3: {}
+
+  sshpk@1.18.0:
+    dependencies:
+      asn1: 0.2.6
+      assert-plus: 1.0.0
+      bcrypt-pbkdf: 1.0.2
+      dashdash: 1.14.1
+      ecc-jsbn: 0.1.2
+      getpass: 0.1.7
+      jsbn: 0.1.1
+      safer-buffer: 2.1.2
+      tweetnacl: 0.14.5
+
+  stackback@0.0.2: {}
+
+  start-server-and-test@2.0.11:
+    dependencies:
+      arg: 5.0.2
+      bluebird: 3.7.2
+      check-more-types: 2.24.0
+      debug: 4.4.0
+      execa: 5.1.1
+      lazy-ass: 1.6.0
+      ps-tree: 1.2.0
+      wait-on: 8.0.3(debug@4.4.0)
+    transitivePeerDependencies:
+      - supports-color
+
+  std-env@3.9.0: {}
+
+  stop-iteration-iterator@1.0.0:
+    dependencies:
+      internal-slot: 1.0.7
+
+  stream-combiner@0.0.4:
+    dependencies:
+      duplexer: 0.1.2
+
+  string-argv@0.3.2: {}
+
+  string-width@4.2.3:
+    dependencies:
+      emoji-regex: 8.0.0
+      is-fullwidth-code-point: 3.0.0
+      strip-ansi: 6.0.1
+
+  string-width@5.1.2:
+    dependencies:
+      eastasianwidth: 0.2.0
+      emoji-regex: 9.2.2
+      strip-ansi: 7.1.0
+
+  string-width@7.2.0:
+    dependencies:
+      emoji-regex: 10.4.0
+      get-east-asian-width: 1.3.0
+      strip-ansi: 7.1.0
+
+  string.prototype.includes@2.0.0:
+    dependencies:
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+
+  string.prototype.matchall@4.0.11:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      es-errors: 1.3.0
+      es-object-atoms: 1.0.0
+      get-intrinsic: 1.2.4
+      gopd: 1.0.1
+      has-symbols: 1.0.3
+      internal-slot: 1.0.7
+      regexp.prototype.flags: 1.5.2
+      set-function-name: 2.0.2
+      side-channel: 1.0.6
+
+  string.prototype.repeat@1.0.0:
+    dependencies:
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+
+  string.prototype.trim@1.2.9:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-abstract: 1.23.3
+      es-object-atoms: 1.0.0
+
+  string.prototype.trimend@1.0.8:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-object-atoms: 1.0.0
+
+  string.prototype.trimstart@1.0.8:
+    dependencies:
+      call-bind: 1.0.7
+      define-properties: 1.2.1
+      es-object-atoms: 1.0.0
+
+  string_decoder@1.3.0:
+    dependencies:
+      safe-buffer: 5.2.1
+
+  strip-ansi@6.0.1:
+    dependencies:
+      ansi-regex: 5.0.1
+
+  strip-ansi@7.1.0:
+    dependencies:
+      ansi-regex: 6.1.0
+
+  strip-bom@3.0.0: {}
+
+  strip-final-newline@2.0.0: {}
+
+  strip-final-newline@3.0.0: {}
+
+  strip-indent@3.0.0:
+    dependencies:
+      min-indent: 1.0.1
+
+  strip-json-comments@3.1.1: {}
+
+  styled-jsx@5.1.6(react@19.1.0):
+    dependencies:
+      client-only: 0.0.1
+      react: 19.1.0
+
+  sucrase@3.35.0:
+    dependencies:
+      '@jridgewell/gen-mapping': 0.3.8
+      commander: 4.1.1
+      glob: 10.4.5
+      lines-and-columns: 1.2.4
+      mz: 2.7.0
+      pirates: 4.0.7
+      ts-interface-checker: 0.1.13
+
+  supports-color@5.5.0:
+    dependencies:
+      has-flag: 3.0.0
+
+  supports-color@7.2.0:
+    dependencies:
+      has-flag: 4.0.0
+
+  supports-color@8.1.1:
+    dependencies:
+      has-flag: 4.0.0
+
+  supports-preserve-symlinks-flag@1.0.0: {}
+
+  symbol-tree@3.2.4: {}
+
+  tabbable@6.2.0: {}
+
+  tailwindcss@3.4.14:
+    dependencies:
+      '@alloc/quick-lru': 5.2.0
+      arg: 5.0.2
+      chokidar: 3.6.0
+      didyoumean: 1.2.2
+      dlv: 1.1.3
+      fast-glob: 3.3.3
+      glob-parent: 6.0.2
+      is-glob: 4.0.3
+      jiti: 1.21.6
+      lilconfig: 2.1.0
+      micromatch: 4.0.8
+      normalize-path: 3.0.0
+      object-hash: 3.0.0
+      picocolors: 1.1.1
+      postcss: 8.5.3
+      postcss-import: 15.1.0(postcss@8.5.3)
+      postcss-js: 4.0.1(postcss@8.5.3)
+      postcss-load-config: 4.0.2(postcss@8.5.3)
+      postcss-nested: 6.2.0(postcss@8.5.3)
+      postcss-selector-parser: 6.1.2
+      resolve: 1.22.8
+      sucrase: 3.35.0
+    transitivePeerDependencies:
+      - ts-node
+
+  tailwindcss@4.1.4: {}
+
+  tapable@2.2.1: {}
+
+  tar@6.2.1:
+    dependencies:
+      chownr: 2.0.0
+      fs-minipass: 2.1.0
+      minipass: 5.0.0
+      minizlib: 2.1.2
+      mkdirp: 1.0.4
+      yallist: 4.0.0
+
+  term-size@2.2.1: {}
+
+  text-table@0.2.0: {}
+
+  thenify-all@1.6.0:
+    dependencies:
+      thenify: 3.3.1
+
+  thenify@3.3.1:
+    dependencies:
+      any-promise: 1.3.0
+
+  thirty-two@1.0.2: {}
+
+  throttleit@1.0.1: {}
+
+  through@2.3.8: {}
+
+  tinybench@2.9.0: {}
+
+  tinycolor2@1.4.2: {}
+
+  tinyexec@0.3.2: {}
+
+  tinyglobby@0.2.13:
+    dependencies:
+      fdir: 6.4.4(picomatch@4.0.2)
+      picomatch: 4.0.2
+
+  tinypool@1.0.2: {}
+
+  tinyrainbow@2.0.0: {}
+
+  tinyspy@3.0.2: {}
+
+  tldts-core@6.1.86: {}
+
+  tldts@6.1.86:
+    dependencies:
+      tldts-core: 6.1.86
+
+  tmp@0.0.33:
+    dependencies:
+      os-tmpdir: 1.0.2
+
+  tmp@0.2.3: {}
+
+  to-regex-range@5.0.1:
+    dependencies:
+      is-number: 7.0.0
+
+  toggle-selection@1.0.6: {}
+
+  touch@3.1.1: {}
+
+  tough-cookie@5.1.2:
+    dependencies:
+      tldts: 6.1.86
+
+  tr46@0.0.3: {}
+
+  tr46@1.0.1:
+    dependencies:
+      punycode: 2.3.1
+
+  tr46@5.1.1:
+    dependencies:
+      punycode: 2.3.1
+
+  tree-kill@1.2.2: {}
+
+  ts-api-utils@1.4.1(typescript@5.8.3):
+    dependencies:
+      typescript: 5.8.3
+
+  ts-error@1.0.6: {}
+
+  ts-interface-checker@0.1.13: {}
+
+  ts-poet@6.11.0:
+    dependencies:
+      dprint-node: 1.0.8
+
+  ts-proto-descriptors@2.0.0:
+    dependencies:
+      '@bufbuild/protobuf': 2.2.5
+
+  ts-proto@2.7.0:
+    dependencies:
+      '@bufbuild/protobuf': 2.2.5
+      case-anything: 2.1.13
+      ts-poet: 6.11.0
+      ts-proto-descriptors: 2.0.0
+
+  tsconfck@3.1.5(typescript@5.8.3):
+    optionalDependencies:
+      typescript: 5.8.3
+
+  tsconfig-paths@3.15.0:
+    dependencies:
+      '@types/json5': 0.0.29
+      json5: 1.0.2
+      minimist: 1.2.8
+      strip-bom: 3.0.0
+
+  tslib@2.8.1: {}
+
+  tsup@8.4.0(jiti@1.21.6)(postcss@8.5.3)(typescript@5.8.3)(yaml@2.7.1):
+    dependencies:
+      bundle-require: 5.1.0(esbuild@0.25.2)
+      cac: 6.7.14
+      chokidar: 4.0.3
+      consola: 3.4.2
+      debug: 4.4.0(supports-color@5.5.0)
+      esbuild: 0.25.2
+      joycon: 3.1.1
+      picocolors: 1.1.1
+      postcss-load-config: 6.0.1(jiti@1.21.6)(postcss@8.5.3)(yaml@2.7.1)
+      resolve-from: 5.0.0
+      rollup: 4.40.0
+      source-map: 0.8.0-beta.0
+      sucrase: 3.35.0
+      tinyexec: 0.3.2
+      tinyglobby: 0.2.13
+      tree-kill: 1.2.2
+    optionalDependencies:
+      postcss: 8.5.3
+      typescript: 5.8.3
+    transitivePeerDependencies:
+      - jiti
+      - supports-color
+      - tsx
+      - yaml
+
+  tunnel-agent@0.6.0:
+    dependencies:
+      safe-buffer: 5.2.1
+
+  turbo-darwin-64@2.5.0:
+    optional: true
+
+  turbo-darwin-arm64@2.5.0:
+    optional: true
+
+  turbo-linux-64@2.5.0:
+    optional: true
+
+  turbo-linux-arm64@2.5.0:
+    optional: true
+
+  turbo-windows-64@2.5.0:
+    optional: true
+
+  turbo-windows-arm64@2.5.0:
+    optional: true
+
+  turbo@2.5.0:
+    optionalDependencies:
+      turbo-darwin-64: 2.5.0
+      turbo-darwin-arm64: 2.5.0
+      turbo-linux-64: 2.5.0
+      turbo-linux-arm64: 2.5.0
+      turbo-windows-64: 2.5.0
+      turbo-windows-arm64: 2.5.0
+
+  tweetnacl@0.14.5: {}
+
+  type-check@0.4.0:
+    dependencies:
+      prelude-ls: 1.2.1
+
+  type-fest@0.20.2: {}
+
+  type-fest@0.21.3: {}
+
+  typed-array-buffer@1.0.2:
+    dependencies:
+      call-bind: 1.0.7
+      es-errors: 1.3.0
+      is-typed-array: 1.1.13
+
+  typed-array-byte-length@1.0.1:
+    dependencies:
+      call-bind: 1.0.7
+      for-each: 0.3.3
+      gopd: 1.0.1
+      has-proto: 1.0.3
+      is-typed-array: 1.1.13
+
+  typed-array-byte-offset@1.0.2:
+    dependencies:
+      available-typed-arrays: 1.0.7
+      call-bind: 1.0.7
+      for-each: 0.3.3
+      gopd: 1.0.1
+      has-proto: 1.0.3
+      is-typed-array: 1.1.13
+
+  typed-array-length@1.0.6:
+    dependencies:
+      call-bind: 1.0.7
+      for-each: 0.3.3
+      gopd: 1.0.1
+      has-proto: 1.0.3
+      is-typed-array: 1.1.13
+      possible-typed-array-names: 1.0.0
+
+  typescript@5.8.3: {}
+
+  unbox-primitive@1.0.2:
+    dependencies:
+      call-bind: 1.0.7
+      has-bigints: 1.0.2
+      has-symbols: 1.0.3
+      which-boxed-primitive: 1.0.2
+
+  undefsafe@2.0.5: {}
+
+  undici-types@6.21.0: {}
+
+  universalify@0.1.2: {}
+
+  universalify@2.0.1: {}
+
+  untildify@4.0.0: {}
+
+  update-browserslist-db@1.1.3(browserslist@4.24.4):
+    dependencies:
+      browserslist: 4.24.4
+      escalade: 3.2.0
+      picocolors: 1.1.1
+
+  uri-js@4.4.1:
+    dependencies:
+      punycode: 2.3.1
+
+  use-intl@3.26.5(react@19.1.0):
+    dependencies:
+      '@formatjs/fast-memoize': 2.2.3
+      intl-messageformat: 10.7.7
+      react: 19.1.0
+
+  util-deprecate@1.0.2: {}
+
+  uuid@11.1.0: {}
+
+  uuid@8.3.2: {}
+
+  verror@1.10.0:
+    dependencies:
+      assert-plus: 1.0.0
+      core-util-is: 1.0.2
+      extsprintf: 1.3.0
+
+  vite-node@3.1.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1):
+    dependencies:
+      cac: 6.7.14
+      debug: 4.4.0(supports-color@5.5.0)
+      es-module-lexer: 1.7.0
+      pathe: 2.0.3
+      vite: 6.3.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1)
+    transitivePeerDependencies:
+      - '@types/node'
+      - jiti
+      - less
+      - lightningcss
+      - sass
+      - sass-embedded
+      - stylus
+      - sugarss
+      - supports-color
+      - terser
+      - tsx
+      - yaml
+
+  vite-tsconfig-paths@5.1.4(typescript@5.8.3)(vite@6.3.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1)):
+    dependencies:
+      debug: 4.4.0(supports-color@5.5.0)
+      globrex: 0.1.2
+      tsconfck: 3.1.5(typescript@5.8.3)
+    optionalDependencies:
+      vite: 6.3.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1)
+    transitivePeerDependencies:
+      - supports-color
+      - typescript
+
+  vite@6.3.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1):
+    dependencies:
+      esbuild: 0.25.2
+      fdir: 6.4.4(picomatch@4.0.2)
+      picomatch: 4.0.2
+      postcss: 8.5.3
+      rollup: 4.40.0
+      tinyglobby: 0.2.13
+    optionalDependencies:
+      '@types/node': 22.14.1
+      fsevents: 2.3.3
+      jiti: 1.21.6
+      sass: 1.87.0
+      yaml: 2.7.1
+
+  vitest@3.1.2(@types/node@22.14.1)(jiti@1.21.6)(jsdom@26.1.0)(sass@1.87.0)(yaml@2.7.1):
+    dependencies:
+      '@vitest/expect': 3.1.2
+      '@vitest/mocker': 3.1.2(vite@6.3.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1))
+      '@vitest/pretty-format': 3.1.2
+      '@vitest/runner': 3.1.2
+      '@vitest/snapshot': 3.1.2
+      '@vitest/spy': 3.1.2
+      '@vitest/utils': 3.1.2
+      chai: 5.2.0
+      debug: 4.4.0(supports-color@5.5.0)
+      expect-type: 1.2.1
+      magic-string: 0.30.17
+      pathe: 2.0.3
+      std-env: 3.9.0
+      tinybench: 2.9.0
+      tinyexec: 0.3.2
+      tinyglobby: 0.2.13
+      tinypool: 1.0.2
+      tinyrainbow: 2.0.0
+      vite: 6.3.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1)
+      vite-node: 3.1.2(@types/node@22.14.1)(jiti@1.21.6)(sass@1.87.0)(yaml@2.7.1)
+      why-is-node-running: 2.3.0
+    optionalDependencies:
+      '@types/node': 22.14.1
+      jsdom: 26.1.0
+    transitivePeerDependencies:
+      - jiti
+      - less
+      - lightningcss
+      - msw
+      - sass
+      - sass-embedded
+      - stylus
+      - sugarss
+      - supports-color
+      - terser
+      - tsx
+      - yaml
+
+  w3c-xmlserializer@5.0.0:
+    dependencies:
+      xml-name-validator: 5.0.0
+
+  wait-on@8.0.3(debug@4.4.0):
+    dependencies:
+      axios: 1.8.4(debug@4.4.0)
+      joi: 17.13.3
+      lodash: 4.17.21
+      minimist: 1.2.8
+      rxjs: 7.8.2
+    transitivePeerDependencies:
+      - debug
+
+  web-streams-polyfill@3.3.3: {}
+
+  webidl-conversions@3.0.1: {}
+
+  webidl-conversions@4.0.2: {}
+
+  webidl-conversions@7.0.0: {}
+
+  whatwg-encoding@3.1.1:
+    dependencies:
+      iconv-lite: 0.6.3
+
+  whatwg-mimetype@4.0.0: {}
+
+  whatwg-url@14.2.0:
+    dependencies:
+      tr46: 5.1.1
+      webidl-conversions: 7.0.0
+
+  whatwg-url@5.0.0:
+    dependencies:
+      tr46: 0.0.3
+      webidl-conversions: 3.0.1
+
+  whatwg-url@7.1.0:
+    dependencies:
+      lodash.sortby: 4.7.0
+      tr46: 1.0.1
+      webidl-conversions: 4.0.2
+
+  which-boxed-primitive@1.0.2:
+    dependencies:
+      is-bigint: 1.0.4
+      is-boolean-object: 1.1.2
+      is-number-object: 1.0.7
+      is-string: 1.0.7
+      is-symbol: 1.0.4
+
+  which-builtin-type@1.1.4:
+    dependencies:
+      function.prototype.name: 1.1.6
+      has-tostringtag: 1.0.2
+      is-async-function: 2.0.0
+      is-date-object: 1.0.5
+      is-finalizationregistry: 1.0.2
+      is-generator-function: 1.0.10
+      is-regex: 1.1.4
+      is-weakref: 1.0.2
+      isarray: 2.0.5
+      which-boxed-primitive: 1.0.2
+      which-collection: 1.0.2
+      which-typed-array: 1.1.15
+
+  which-collection@1.0.2:
+    dependencies:
+      is-map: 2.0.3
+      is-set: 2.0.3
+      is-weakmap: 2.0.2
+      is-weakset: 2.0.3
+
+  which-typed-array@1.1.15:
+    dependencies:
+      available-typed-arrays: 1.0.7
+      call-bind: 1.0.7
+      for-each: 0.3.3
+      gopd: 1.0.1
+      has-tostringtag: 1.0.2
+
+  which@2.0.2:
+    dependencies:
+      isexe: 2.0.0
+
+  why-is-node-running@2.3.0:
+    dependencies:
+      siginfo: 2.0.0
+      stackback: 0.0.2
+
+  wide-align@1.1.5:
+    dependencies:
+      string-width: 4.2.3
+
+  word-wrap@1.2.5: {}
+
+  wrap-ansi@6.2.0:
+    dependencies:
+      ansi-styles: 4.3.0
+      string-width: 4.2.3
+      strip-ansi: 6.0.1
+
+  wrap-ansi@7.0.0:
+    dependencies:
+      ansi-styles: 4.3.0
+      string-width: 4.2.3
+      strip-ansi: 6.0.1
+
+  wrap-ansi@8.1.0:
+    dependencies:
+      ansi-styles: 6.2.1
+      string-width: 5.1.2
+      strip-ansi: 7.1.0
+
+  wrap-ansi@9.0.0:
+    dependencies:
+      ansi-styles: 6.2.1
+      string-width: 7.2.0
+      strip-ansi: 7.1.0
+
+  wrappy@1.0.2: {}
+
+  ws@8.18.1: {}
+
+  xml-name-validator@5.0.0: {}
+
+  xmlchars@2.2.0: {}
+
+  y18n@5.0.8: {}
+
+  yallist@3.1.1: {}
+
+  yallist@4.0.0: {}
+
+  yaml@2.7.1: {}
+
+  yargs-parser@21.1.1: {}
+
+  yargs@17.7.2:
+    dependencies:
+      cliui: 8.0.1
+      escalade: 3.2.0
+      get-caller-file: 2.0.5
+      require-directory: 2.1.1
+      string-width: 4.2.3
+      y18n: 5.0.8
+      yargs-parser: 21.1.1
+
+  yauzl@2.10.0:
+    dependencies:
+      buffer-crc32: 0.2.13
+      fd-slicer: 1.1.0
+
+  yocto-queue@0.1.0: {}
diff --git a/login/pnpm-workspace.yaml b/login/pnpm-workspace.yaml
new file mode 100644
index 0000000000..3ff5faaaf5
--- /dev/null
+++ b/login/pnpm-workspace.yaml
@@ -0,0 +1,3 @@
+packages:
+  - "apps/*"
+  - "packages/*"
diff --git a/login/scripts/entrypoint.sh b/login/scripts/entrypoint.sh
new file mode 100755
index 0000000000..c537e8b8fb
--- /dev/null
+++ b/login/scripts/entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -o allexport
+. /.env-file/.env
+set +o allexport
+
+if [ -n "${ZITADEL_SERVICE_USER_TOKEN_FILE}" ] && [ -f "${ZITADEL_SERVICE_USER_TOKEN_FILE}" ]; then
+  echo "ZITADEL_SERVICE_USER_TOKEN_FILE=${ZITADEL_SERVICE_USER_TOKEN_FILE} is set and file exists, setting ZITADEL_SERVICE_USER_TOKEN to the files content"
+  export ZITADEL_SERVICE_USER_TOKEN=$(cat "${ZITADEL_SERVICE_USER_TOKEN_FILE}")
+fi
+
+exec node apps/login/server.js
diff --git a/login/scripts/healthcheck.js b/login/scripts/healthcheck.js
new file mode 100644
index 0000000000..c1a64c6e75
--- /dev/null
+++ b/login/scripts/healthcheck.js
@@ -0,0 +1,14 @@
+const url = process.argv[2];
+
+if (!url) {
+    console.error("❌ No URL provided as command line argument.");
+    process.exit(1);
+}
+
+try {
+    const res = await fetch(url);
+    if (!res.ok) process.exit(1);
+    process.exit(0);
+} catch (e) {
+    process.exit(1);
+}
diff --git a/login/scripts/run_or_skip.sh b/login/scripts/run_or_skip.sh
new file mode 100755
index 0000000000..4516eb01b1
--- /dev/null
+++ b/login/scripts/run_or_skip.sh
@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+
+# Usage: ./run_or_skip.sh <Make target> <images>
+# Example: ./run_or_skip.sh lint-force "img1;img2"
+
+set -euo pipefail
+
+if [ -z "$CACHE_DIR" ]; then
+    echo "CACHE_DIR is not set. Please set it to a valid directory."
+    exit 1
+fi
+
+MAKE_TARGET=$1
+IMAGES=$2
+IGNORE_RUN_CACHE=${IGNORE_RUN_CACHE:-false}
+
+CACHE_FILE="$CACHE_DIR/$MAKE_TARGET.digests"
+mkdir -p "$CACHE_DIR"
+
+get_image_creation_dates() {
+  local values=""
+	for img in $(echo "$IMAGES"); do
+		local value=$(docker image inspect "$img" --format='{{.Created}}' 2>/dev/null || true)
+		if [[ -z $value ]]; then
+		  docker pull "$img" >/dev/null 2>&1 || true
+		  value=$(docker image inspect "$img" --format='{{.Created}}' 2>/dev/null || true)
+    fi
+    if [[ -z $value ]]; then
+		  value=$(docker image inspect "$img" --format='{{.Created}}' 2>/dev/null || true)
+    fi
+		value=${value:-new-and-not-pullable-or-failed-to-build}
+		value="${img}@${value}"
+		values="${values}${value};"
+	done
+	values=${values%;}  # Remove trailing semicolon
+	echo "$values"
+}
+
+CACHE_FILE_CONTENT=$(cat "$CACHE_FILE" 2>/dev/null || echo "")
+CACHED_STATUS=$(echo "$CACHE_FILE_CONTENT" | cut -d ';' -f1)
+CACHED_IMAGE_CREATED_VALUES=$(echo "$CACHE_FILE_CONTENT" | cut -d ';' -f2-99)
+CURRENT_IMAGE_CREATED_VALUES="$(get_image_creation_dates)"
+  if [[ "$CACHED_IMAGE_CREATED_VALUES" == "$CURRENT_IMAGE_CREATED_VALUES" ]]; then
+    if [[ "$IGNORE_RUN_CACHE" == "true" ]]; then
+        echo "\$IGNORE_RUN_CACHE=$IGNORE_RUN_CACHE - Running $MAKE_TARGET despite unchanged images."
+    else
+        echo "Skipping $MAKE_TARGET – all images unchanged, returning cached status $CACHED_STATUS"
+        exit $CACHED_STATUS
+    fi
+fi
+echo "Images have changed"
+echo
+echo "CACHED_IMAGE_CREATED_VALUES does not match CURRENT_IMAGE_CREATED_VALUES"
+echo
+echo "$CACHED_IMAGE_CREATED_VALUES"
+echo
+echo "$CURRENT_IMAGE_CREATED_VALUES"
+echo
+docker images
+echo
+echo "Running $MAKE_TARGET..."
+set +e
+make -j $MAKE_TARGET
+STATUS=$?
+set -e
+echo "${STATUS};$(get_image_creation_dates)" > $CACHE_FILE
+exit $STATUS
diff --git a/login/turbo.json b/login/turbo.json
new file mode 100644
index 0000000000..dabae8fa97
--- /dev/null
+++ b/login/turbo.json
@@ -0,0 +1,51 @@
+{
+  "$schema": "https://turbo.build/schema.json",
+  "ui": "tui",
+  "globalDependencies": ["**/.env.*local"],
+  "globalEnv": [
+    "DEBUG",
+    "VERCEL_URL",
+    "EMAIL_VERIFICATION",
+    "AUDIENCE",
+    "SYSTEM_USER_ID",
+    "SYSTEM_USER_PRIVATE_KEY",
+    "ZITADEL_API_URL",
+    "ZITADEL_SERVICE_USER_TOKEN",
+    "NEXT_PUBLIC_BASE_PATH",
+    "CUSTOM_REQUEST_HEADERS",
+    "NODE_ENV"
+  ],
+  "tasks": {
+    "generate": {
+      "cache": true
+    },
+    "build": {},
+    "build:login:standalone": {},
+    "build:client:standalone": {},
+    "test": {},
+    "start": {},
+    "start:built": {},
+    "test:unit": {},
+    "test:unit:standalone": {},
+    "test:integration": {},
+    "test:integration:setup": {
+      "with": ["dev"]
+    },
+    "test:acceptance:setup": {},
+    "test:acceptance:setup:dev": {
+      "with": ["dev"]
+    },
+    "test:watch": {
+      "persistent": true
+    },
+    "lint": {},
+    "lint:fix": {},
+    "dev": {
+      "cache": false,
+      "persistent": true
+    },
+    "clean": {
+      "cache": false
+    }
+  }
+}

From a02a534cd227aa4668ff5fdd1cdc352456d2df74 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Wed, 2 Jul 2025 11:14:36 +0200
Subject: [PATCH 114/123] feat: initial admin PAT has IAM_LOGIN_CLIENT (#10143)

# Which Problems Are Solved

We provide a seamless way to initialize Zitadel and the login together.

# How the Problems Are Solved

Additionally to the `IAM_OWNER` role, a set up admin user also gets the
`IAM_LOGIN_CLIENT` role if it is a machine user with a PAT.

# Additional Changes

- Simplifies the load balancing example, as the intermediate
configuration step is not needed anymore.

# Additional Context

- Depends on #10116
- Contributes to https://github.com/zitadel/zitadel-charts/issues/332
- Contributes to https://github.com/zitadel/zitadel/issues/10016

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
---
 cmd/defaults.yaml                             |   7 +
 cmd/setup/03.go                               |  30 +-
 cmd/setup/steps.yaml                          |   8 +
 .../deploy/loadbalancing-example/.gitignore   |   2 +-
 .../loadbalancing-example/docker-compose.yaml |  24 +-
 .../example-zitadel-config.yaml               |   2 +-
 .../example-zitadel-init-steps.yaml           |   2 +-
 .../loadbalancing-example.mdx                 |   2 +-
 docs/docs/self-hosting/deploy/macos.mdx       |   2 +-
 internal/api/grpc/system/instance.go          |   4 +-
 internal/command/instance.go                  |  83 ++++--
 internal/command/instance_test.go             | 268 ++++++++++++++----
 internal/command/org.go                       |   6 +
 internal/domain/roles.go                      |   1 +
 14 files changed, 337 insertions(+), 104 deletions(-)

diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index 9697e354c5..f1fc6a2414 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -839,6 +839,13 @@ DefaultInstance:
       Pat:
         # date format: 2023-01-01T00:00:00Z
         ExpirationDate: # ZITADEL_DEFAULTINSTANCE_ORG_MACHINE_PAT_EXPIRATIONDATE
+    LoginClient:
+      Machine:
+        Username: # ZITADEL_DEFAULTINSTANCE_ORG_LOGINCLIENT_MACHINE_USERNAME
+        Name: # ZITADEL_DEFAULTINSTANCE_ORG_LOGINCLIENT_MACHINE_NAME
+      Pat:
+        # date format: 2023-01-01T00:00:00Z
+        ExpirationDate: # ZITADEL_DEFAULTINSTANCE_ORG_LOGINCLIENT_PAT_EXPIRATIONDATE
   SecretGenerators:
     ClientSecret:
       Length: 64 # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_CLIENTSECRET_LENGTH
diff --git a/cmd/setup/03.go b/cmd/setup/03.go
index 588ac71610..e8c51c79c6 100644
--- a/cmd/setup/03.go
+++ b/cmd/setup/03.go
@@ -20,12 +20,13 @@ import (
 )
 
 type FirstInstance struct {
-	InstanceName    string
-	DefaultLanguage language.Tag
-	Org             command.InstanceOrgSetup
-	MachineKeyPath  string
-	PatPath         string
-	Features        *command.InstanceFeatures
+	InstanceName       string
+	DefaultLanguage    language.Tag
+	Org                command.InstanceOrgSetup
+	MachineKeyPath     string
+	PatPath            string
+	LoginClientPatPath string
+	Features           *command.InstanceFeatures
 
 	Skip bool
 
@@ -121,16 +122,18 @@ func (mig *FirstInstance) Execute(ctx context.Context, _ eventstore.Event) error
 		}
 	}
 
-	_, token, key, _, err := cmd.SetUpInstance(ctx, &mig.instanceSetup)
+	_, token, key, loginClientToken, _, err := cmd.SetUpInstance(ctx, &mig.instanceSetup)
 	if err != nil {
 		return err
 	}
-	if mig.instanceSetup.Org.Machine != nil &&
+	if (mig.instanceSetup.Org.Machine != nil &&
 		((mig.instanceSetup.Org.Machine.Pat != nil && token == "") ||
-			(mig.instanceSetup.Org.Machine.MachineKey != nil && key == nil)) {
+			(mig.instanceSetup.Org.Machine.MachineKey != nil && key == nil))) ||
+		(mig.instanceSetup.Org.LoginClient != nil &&
+			(mig.instanceSetup.Org.LoginClient.Pat != nil && loginClientToken == "")) {
 		return err
 	}
-	return mig.outputMachineAuthentication(key, token)
+	return mig.outputMachineAuthentication(key, token, loginClientToken)
 }
 
 func (mig *FirstInstance) verifyEncryptionKeys(ctx context.Context) (*crypto_db.Database, error) {
@@ -150,7 +153,7 @@ func (mig *FirstInstance) verifyEncryptionKeys(ctx context.Context) (*crypto_db.
 	return keyStorage, nil
 }
 
-func (mig *FirstInstance) outputMachineAuthentication(key *command.MachineKey, token string) error {
+func (mig *FirstInstance) outputMachineAuthentication(key *command.MachineKey, token, loginClientToken string) error {
 	if key != nil {
 		keyDetails, err := key.Detail()
 		if err != nil {
@@ -165,6 +168,11 @@ func (mig *FirstInstance) outputMachineAuthentication(key *command.MachineKey, t
 			return err
 		}
 	}
+	if loginClientToken != "" {
+		if err := outputStdoutOrPath(mig.LoginClientPatPath, loginClientToken); err != nil {
+			return err
+		}
+	}
 	return nil
 }
 
diff --git a/cmd/setup/steps.yaml b/cmd/setup/steps.yaml
index d2a7cc68dd..709becf2c3 100644
--- a/cmd/setup/steps.yaml
+++ b/cmd/setup/steps.yaml
@@ -6,6 +6,7 @@ FirstInstance:
   MachineKeyPath: # ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH
   # The personal access token from the section FirstInstance.Org.Machine.Pat is written to the PatPath.
   PatPath: # ZITADEL_FIRSTINSTANCE_PATPATH
+  LoginClientPatPath: # ZITADEL_FIRSTINSTANCE_LOGINCLIENTPATPATH
   InstanceName: ZITADEL # ZITADEL_FIRSTINSTANCE_INSTANCENAME
   DefaultLanguage: en # ZITADEL_FIRSTINSTANCE_DEFAULTLANGUAGE
   Org:
@@ -46,6 +47,13 @@ FirstInstance:
       Pat:
         # date format: 2023-01-01T00:00:00Z
         ExpirationDate: # ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_EXPIRATIONDATE
+    LoginClient:
+      Machine:
+        Username: # ZITADEL_FIRSTINSTANCE_ORG_LOGINCLIENT_MACHINE_USERNAME
+        Name: # ZITADEL_FIRSTINSTANCE_ORG_LOGINCLIENT_MACHINE_NAME
+      Pat:
+        # date format: 2023-01-01T00:00:00Z
+        ExpirationDate: # ZITADEL_FIRSTINSTANCE_ORG_LOGINCLIENT_PAT_EXPIRATIONDATE
 
 CorrectCreationDate:
   FailAfter: 5m # ZITADEL_CORRECTCREATIONDATE_FAILAFTER
diff --git a/docs/docs/self-hosting/deploy/loadbalancing-example/.gitignore b/docs/docs/self-hosting/deploy/loadbalancing-example/.gitignore
index bd98bacd66..8a28618b17 100644
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/.gitignore
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/.gitignore
@@ -1 +1 @@
-.env-file
+.env-file
\ No newline at end of file
diff --git a/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml b/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml
index 013fc2aa22..96a87fa8d7 100644
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml
@@ -41,17 +41,17 @@ services:
     user: root
     entrypoint: '/bin/sh'
     command:
-    - -c
-    - >
-      /app/zitadel setup
-      --config /example-zitadel-config.yaml
-      --config /example-zitadel-secrets.yaml
-      --steps /example-zitadel-init-steps.yaml
-      --masterkey ${ZITADEL_MASTERKEY} &&
-      mv /pat /.env-file/pat || exit 0 &&
-      echo ZITADEL_SERVICE_USER_TOKEN=$(cat /.env-file/pat) > /.env-file/.env &&
-      chown -R 1001:${GID} /.env-file &&
-      chmod -R 770 /.env-file
+      - -c
+      - >
+        /app/zitadel setup
+        --config /example-zitadel-config.yaml
+        --config /example-zitadel-secrets.yaml
+        --steps /example-zitadel-init-steps.yaml
+        --masterkey ${ZITADEL_MASTERKEY} &&
+        mv /pat /.env-file/pat || exit 0 &&
+        echo ZITADEL_SERVICE_USER_TOKEN=$(cat /.env-file/pat) > /.env-file/.env &&
+        chown -R 1001:${GID} /.env-file &&
+        chmod -R 770 /.env-file
     environment:
       - GID
     depends_on:
@@ -154,4 +154,4 @@ networks:
   backend:
 
 volumes:
-  data:
+  data:
\ No newline at end of file
diff --git a/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-config.yaml b/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-config.yaml
index fadd39373d..af5bb5145c 100644
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-config.yaml
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-config.yaml
@@ -26,4 +26,4 @@ SAML.DefaultLoginURLV2: "/ui/v2/login/login?authRequest=" # ZITADEL_SAML_DEFAULT
 LogStore.Access.Stdout.Enabled: true
 
 # Skipping the MFA init step allows us to immediately authenticate at the console
-DefaultInstance.LoginPolicy.MfaInitSkipLifetime: "0s"
+DefaultInstance.LoginPolicy.MfaInitSkipLifetime: "0s"
\ No newline at end of file
diff --git a/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-init-steps.yaml b/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-init-steps.yaml
index be63164ced..9bdf41269d 100644
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-init-steps.yaml
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-init-steps.yaml
@@ -9,4 +9,4 @@ FirstInstance:
       Machine:
         Username: 'login-container'
         Name: 'Login Container'
-      Pat.ExpirationDate: '2029-01-01T00:00:00Z'
+      Pat.ExpirationDate: '2029-01-01T00:00:00Z'
\ No newline at end of file
diff --git a/docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx b/docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx
index d4c27ccd95..3fb4784ea0 100644
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx
@@ -71,4 +71,4 @@ Open your favorite internet browser at https://127.0.0.1.sslip.io/ui/console?log
 Your browser warns you about the insecure self-signed TLS certificate. As 127.0.0.1.sslip.io resolves to your localhost, you can safely proceed.
 Use the password *Password1!* to log in.
 
-Read more about [the login process](/guides/integrate/login/oidc/login-users).
+Read more about [the login process](/guides/integrate/login/oidc/login-users).
\ No newline at end of file
diff --git a/docs/docs/self-hosting/deploy/macos.mdx b/docs/docs/self-hosting/deploy/macos.mdx
index beb3182208..aea5fb07e9 100644
--- a/docs/docs/self-hosting/deploy/macos.mdx
+++ b/docs/docs/self-hosting/deploy/macos.mdx
@@ -64,4 +64,4 @@ mv /tmp/zitadel-admin-sa.json $HOME/zitadel-admin-sa.json
 This key can be used to provision resources with for example [Terraform](/docs/guides/manage/terraform-provider).
 
 <Next components={props.components} />
-<Disclaimer components={props.components} />
+<Disclaimer components={props.components} />
\ No newline at end of file
diff --git a/internal/api/grpc/system/instance.go b/internal/api/grpc/system/instance.go
index a5dd7b81bc..ccfcfecbf3 100644
--- a/internal/api/grpc/system/instance.go
+++ b/internal/api/grpc/system/instance.go
@@ -40,7 +40,7 @@ func (s *Server) GetInstance(ctx context.Context, req *system_pb.GetInstanceRequ
 }
 
 func (s *Server) AddInstance(ctx context.Context, req *system_pb.AddInstanceRequest) (*system_pb.AddInstanceResponse, error) {
-	id, _, _, details, err := s.command.SetUpInstance(ctx, AddInstancePbToSetupInstance(req, s.defaultInstance, s.externalDomain))
+	id, _, _, _, details, err := s.command.SetUpInstance(ctx, AddInstancePbToSetupInstance(req, s.defaultInstance, s.externalDomain))
 	if err != nil {
 		return nil, err
 	}
@@ -61,7 +61,7 @@ func (s *Server) UpdateInstance(ctx context.Context, req *system_pb.UpdateInstan
 }
 
 func (s *Server) CreateInstance(ctx context.Context, req *system_pb.CreateInstanceRequest) (*system_pb.CreateInstanceResponse, error) {
-	id, pat, key, details, err := s.command.SetUpInstance(ctx, CreateInstancePbToSetupInstance(req, s.defaultInstance, s.externalDomain))
+	id, pat, key, _, details, err := s.command.SetUpInstance(ctx, CreateInstancePbToSetupInstance(req, s.defaultInstance, s.externalDomain))
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/command/instance.go b/internal/command/instance.go
index cfafb1d298..9e8f3d47c7 100644
--- a/internal/command/instance.go
+++ b/internal/command/instance.go
@@ -217,33 +217,33 @@ func (s *InstanceSetup) generateIDs(idGenerator id.Generator) (err error) {
 	return err
 }
 
-func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup) (string, string, *MachineKey, *domain.ObjectDetails, error) {
+func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup) (string, string, *MachineKey, string, *domain.ObjectDetails, error) {
 	if err := setup.generateIDs(c.idGenerator); err != nil {
-		return "", "", nil, nil, err
+		return "", "", nil, "", nil, err
 	}
 	ctx = contextWithInstanceSetupInfo(ctx, setup.zitadel.instanceID, setup.zitadel.projectID, setup.zitadel.consoleAppID, c.externalDomain, setup.DefaultLanguage)
 
-	validations, pat, machineKey, err := setUpInstance(ctx, c, setup)
+	validations, pat, machineKey, loginClientPat, err := setUpInstance(ctx, c, setup)
 	if err != nil {
-		return "", "", nil, nil, err
+		return "", "", nil, "", nil, err
 	}
 
 	//nolint:staticcheck
 	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validations...)
 	if err != nil {
-		return "", "", nil, nil, err
+		return "", "", nil, "", nil, err
 	}
 
 	_, err = c.eventstore.Push(ctx, cmds...)
 	if err != nil {
-		return "", "", nil, nil, err
+		return "", "", nil, "", nil, err
 	}
 
 	// RolePermissions need to be pushed in separate transaction.
 	// https://github.com/zitadel/zitadel/issues/9293
 	details, err := c.SynchronizeRolePermission(ctx, setup.zitadel.instanceID, setup.RolePermissionMappings)
 	if err != nil {
-		return "", "", nil, nil, err
+		return "", "", nil, "", nil, err
 	}
 	details.ResourceOwner = setup.zitadel.orgID
 
@@ -251,8 +251,12 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup) (str
 	if pat != nil {
 		token = pat.Token
 	}
+	var loginClientToken string
+	if loginClientPat != nil {
+		loginClientToken = loginClientPat.Token
+	}
 
-	return setup.zitadel.instanceID, token, machineKey, details, nil
+	return setup.zitadel.instanceID, token, machineKey, loginClientToken, details, nil
 }
 
 func contextWithInstanceSetupInfo(ctx context.Context, instanceID, projectID, consoleAppID, externalDomain string, defaultLanguage language.Tag) context.Context {
@@ -274,38 +278,38 @@ func contextWithInstanceSetupInfo(ctx context.Context, instanceID, projectID, co
 	)
 }
 
-func setUpInstance(ctx context.Context, c *Commands, setup *InstanceSetup) (validations []preparation.Validation, pat *PersonalAccessToken, machineKey *MachineKey, err error) {
+func setUpInstance(ctx context.Context, c *Commands, setup *InstanceSetup) (validations []preparation.Validation, pat *PersonalAccessToken, machineKey *MachineKey, loginClientPat *PersonalAccessToken, err error) {
 	instanceAgg := instance.NewAggregate(setup.zitadel.instanceID)
 
 	validations = setupInstanceElements(instanceAgg, setup)
 
 	// default organization on setup'd instance
-	pat, machineKey, err = setupDefaultOrg(ctx, c, &validations, instanceAgg, setup.Org.Name, setup.Org.Machine, setup.Org.Human, setup.zitadel)
+	pat, machineKey, loginClientPat, err = setupDefaultOrg(ctx, c, &validations, instanceAgg, setup.Org.Name, setup.Org.Machine, setup.Org.Human, setup.Org.LoginClient, setup.zitadel)
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, nil, nil, err
 	}
 
 	// domains
 	if err := setupGeneratedDomain(ctx, c, &validations, instanceAgg, setup.InstanceName); err != nil {
-		return nil, nil, nil, err
+		return nil, nil, nil, nil, err
 	}
 	setupCustomDomain(c, &validations, instanceAgg, setup.CustomDomain)
 
 	// optional setting if set
 	setupMessageTexts(&validations, setup.MessageTexts, instanceAgg)
 	if err := setupQuotas(c, &validations, setup.Quotas, setup.zitadel.instanceID); err != nil {
-		return nil, nil, nil, err
+		return nil, nil, nil, nil, err
 	}
 	setupSMTPSettings(c, &validations, setup.SMTPConfiguration, instanceAgg)
 	if err := setupWebKeys(c, &validations, setup.zitadel.instanceID, setup); err != nil {
-		return nil, nil, nil, err
+		return nil, nil, nil, nil, err
 	}
 	setupOIDCSettings(c, &validations, setup.OIDCSettings, instanceAgg)
 	setupFeatures(&validations, setup.Features, setup.zitadel.instanceID)
 	setupLimits(c, &validations, limits.NewAggregate(setup.zitadel.limitsID, setup.zitadel.instanceID), setup.Limits)
 	setupRestrictions(c, &validations, restrictions.NewAggregate(setup.zitadel.restrictionsID, setup.zitadel.instanceID, setup.zitadel.instanceID), setup.Restrictions)
 	setupInstanceCreatedMilestone(&validations, setup.zitadel.instanceID)
-	return validations, pat, machineKey, nil
+	return validations, pat, machineKey, loginClientPat, nil
 }
 
 func setupInstanceElements(instanceAgg *instance.Aggregate, setup *InstanceSetup) []preparation.Validation {
@@ -572,8 +576,9 @@ func setupDefaultOrg(ctx context.Context,
 	name string,
 	machine *AddMachine,
 	human *AddHuman,
+	loginClient *AddLoginClient,
 	ids ZitadelConfig,
-) (pat *PersonalAccessToken, machineKey *MachineKey, err error) {
+) (pat *PersonalAccessToken, machineKey *MachineKey, loginClientPat *PersonalAccessToken, err error) {
 	orgAgg := org.NewAggregate(ids.orgID)
 
 	*validations = append(
@@ -582,12 +587,12 @@ func setupDefaultOrg(ctx context.Context,
 		commands.prepareSetDefaultOrg(instanceAgg, ids.orgID),
 	)
 
-	projectOwner, pat, machineKey, err := setupAdmins(commands, validations, instanceAgg, orgAgg, machine, human)
+	projectOwner, pat, machineKey, loginClientPat, err := setupAdmins(commands, validations, instanceAgg, orgAgg, machine, human, loginClient)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 	setupMinimalInterfaces(commands, validations, instanceAgg, orgAgg, projectOwner, ids)
-	return pat, machineKey, nil
+	return pat, machineKey, loginClientPat, nil
 }
 
 func setupAdmins(commands *Commands,
@@ -596,21 +601,22 @@ func setupAdmins(commands *Commands,
 	orgAgg *org.Aggregate,
 	machine *AddMachine,
 	human *AddHuman,
-) (owner string, pat *PersonalAccessToken, machineKey *MachineKey, err error) {
+	loginClient *AddLoginClient,
+) (owner string, pat *PersonalAccessToken, machineKey *MachineKey, loginClientPat *PersonalAccessToken, err error) {
 	if human == nil && machine == nil {
-		return "", nil, nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-z1yi2q2ot7", "Error.Instance.NoAdmin")
+		return "", nil, nil, nil, zerrors.ThrowInvalidArgument(nil, "INSTANCE-z1yi2q2ot7", "Error.Instance.NoAdmin")
 	}
 
 	if machine != nil && machine.Machine != nil && !machine.Machine.IsZero() {
 		machineUserID, err := commands.idGenerator.Next()
 		if err != nil {
-			return "", nil, nil, err
+			return "", nil, nil, nil, err
 		}
 		owner = machineUserID
 
 		pat, machineKey, err = setupMachineAdmin(commands, validations, machine, orgAgg.ID, machineUserID)
 		if err != nil {
-			return "", nil, nil, err
+			return "", nil, nil, nil, err
 		}
 
 		setupAdminMembers(commands, validations, instanceAgg, orgAgg, machineUserID)
@@ -618,7 +624,7 @@ func setupAdmins(commands *Commands,
 	if human != nil {
 		humanUserID, err := commands.idGenerator.Next()
 		if err != nil {
-			return "", nil, nil, err
+			return "", nil, nil, nil, err
 		}
 		owner = humanUserID
 		human.ID = humanUserID
@@ -629,7 +635,18 @@ func setupAdmins(commands *Commands,
 
 		setupAdminMembers(commands, validations, instanceAgg, orgAgg, humanUserID)
 	}
-	return owner, pat, machineKey, nil
+	if loginClient != nil {
+		loginClientUserID, err := commands.idGenerator.Next()
+		if err != nil {
+			return "", nil, nil, nil, err
+		}
+
+		loginClientPat, err = setupLoginClient(commands, validations, instanceAgg, loginClient, orgAgg.ID, loginClientUserID)
+		if err != nil {
+			return "", nil, nil, nil, err
+		}
+	}
+	return owner, pat, machineKey, loginClientPat, nil
 }
 
 func setupMachineAdmin(commands *Commands, validations *[]preparation.Validation, machine *AddMachine, orgID, userID string) (pat *PersonalAccessToken, machineKey *MachineKey, err error) {
@@ -655,6 +672,22 @@ func setupMachineAdmin(commands *Commands, validations *[]preparation.Validation
 	return pat, machineKey, nil
 }
 
+func setupLoginClient(commands *Commands, validations *[]preparation.Validation, instanceAgg *instance.Aggregate, loginClient *AddLoginClient, orgID, userID string) (pat *PersonalAccessToken, err error) {
+	*validations = append(*validations,
+		AddMachineCommand(user.NewAggregate(userID, orgID), loginClient.Machine),
+		commands.AddInstanceMemberCommand(instanceAgg, userID, domain.RoleIAMLoginClient),
+	)
+	if loginClient.Pat != nil {
+		pat = NewPersonalAccessToken(orgID, userID, loginClient.Pat.ExpirationDate, loginClient.Pat.Scopes, domain.UserTypeMachine)
+		pat.TokenID, err = commands.idGenerator.Next()
+		if err != nil {
+			return nil, err
+		}
+		*validations = append(*validations, prepareAddPersonalAccessToken(pat, commands.keyAlgorithm))
+	}
+	return pat, nil
+}
+
 func setupAdminMembers(commands *Commands, validations *[]preparation.Validation, instanceAgg *instance.Aggregate, orgAgg *org.Aggregate, userID string) {
 	*validations = append(*validations,
 		commands.AddOrgMemberCommand(orgAgg, userID, domain.RoleOrgOwner),
diff --git a/internal/command/instance_test.go b/internal/command/instance_test.go
index 2b82818a7e..b40bba19af 100644
--- a/internal/command/instance_test.go
+++ b/internal/command/instance_test.go
@@ -129,7 +129,7 @@ func oidcAppEvents(ctx context.Context, orgID, projectID, id, name, clientID str
 	}
 }
 
-func orgFilters(orgID string, machine, human bool) []expect {
+func orgFilters(orgID string, machine, human, loginClient bool) []expect {
 	filters := []expect{
 		expectFilter(),
 		expectFilter(
@@ -144,13 +144,17 @@ func orgFilters(orgID string, machine, human bool) []expect {
 		filters = append(filters, humanFilters(orgID)...)
 		filters = append(filters, adminMemberFilters(orgID, "USER")...)
 	}
+	if loginClient {
+		filters = append(filters, loginClientFilters(orgID, true)...)
+		filters = append(filters, instanceMemberFilters(orgID, "USER-LOGIN-CLIENT")...)
+	}
 
 	return append(filters,
 		projectFilters()...,
 	)
 }
 
-func orgEvents(ctx context.Context, instanceID, orgID, name, projectID, defaultDomain string, externalSecure bool, machine, human bool) []eventstore.Command {
+func orgEvents(ctx context.Context, instanceID, orgID, name, projectID, defaultDomain string, externalSecure bool, machine, human, loginClient bool) []eventstore.Command {
 	instanceAgg := instance.NewAggregate(instanceID)
 	orgAgg := org.NewAggregate(orgID)
 	domain := strings.ToLower(name + "." + defaultDomain)
@@ -173,13 +177,17 @@ func orgEvents(ctx context.Context, instanceID, orgID, name, projectID, defaultD
 		events = append(events, humanEvents(ctx, instanceID, orgID, userID)...)
 		owner = userID
 	}
+	if loginClient {
+		userID := "USER-LOGIN-CLIENT"
+		events = append(events, loginClientEvents(ctx, instanceID, orgID, userID, "LOGIN-CLIENT-PAT")...)
+	}
 
 	events = append(events, projectAddedEvents(ctx, instanceID, orgID, projectID, owner, externalSecure)...)
 	return events
 }
 
 func orgIDs() []string {
-	return slices.Concat([]string{"USER-MACHINE", "PAT", "USER"}, projectClientIDs())
+	return slices.Concat([]string{"USER-MACHINE", "PAT", "USER", "USER-LOGIN-CLIENT", "LOGIN-CLIENT-PAT"}, projectClientIDs())
 }
 
 func instancePoliciesFilters(instanceID string) []expect {
@@ -363,7 +371,7 @@ func instanceElementsConfig() *SecretGenerators {
 func setupInstanceFilters(instanceID, orgID, projectID, appID, domain string) []expect {
 	return slices.Concat(
 		setupInstanceElementsFilters(instanceID),
-		orgFilters(orgID, true, true),
+		orgFilters(orgID, true, true, true),
 		generatedDomainFilters(instanceID, orgID, projectID, appID, domain),
 	)
 }
@@ -371,7 +379,7 @@ func setupInstanceFilters(instanceID, orgID, projectID, appID, domain string) []
 func setupInstanceEvents(ctx context.Context, instanceID, orgID, projectID, appID, instanceName, orgName string, defaultLanguage language.Tag, domain string, externalSecure bool) []eventstore.Command {
 	return slices.Concat(
 		setupInstanceElementsEvents(ctx, instanceID, instanceName, defaultLanguage),
-		orgEvents(ctx, instanceID, orgID, orgName, projectID, domain, externalSecure, true, true),
+		orgEvents(ctx, instanceID, orgID, orgName, projectID, domain, externalSecure, true, true, true),
 		generatedDomainEvents(ctx, instanceID, orgID, projectID, appID, domain),
 		instanceCreatedMilestoneEvent(ctx, instanceID),
 	)
@@ -380,9 +388,10 @@ func setupInstanceEvents(ctx context.Context, instanceID, orgID, projectID, appI
 func setupInstanceConfig() *InstanceSetup {
 	conf := setupInstanceElementsConfig()
 	conf.Org = InstanceOrgSetup{
-		Name:    "ZITADEL",
-		Machine: instanceSetupMachineConfig(),
-		Human:   instanceSetupHumanConfig(),
+		Name:        "ZITADEL",
+		Machine:     instanceSetupMachineConfig(),
+		Human:       instanceSetupHumanConfig(),
+		LoginClient: instanceSetupLoginClientConfig(),
 	}
 	conf.CustomDomain = ""
 	return conf
@@ -541,6 +550,43 @@ func instanceSetupMachineConfig() *AddMachine {
 	}
 }
 
+func loginClientFilters(orgID string, pat bool) []expect {
+	filters := []expect{
+		expectFilter(),
+		expectFilter(
+			org.NewDomainPolicyAddedEvent(
+				context.Background(),
+				&org.NewAggregate(orgID).Aggregate,
+				true,
+				true,
+				true,
+			),
+		),
+	}
+	if pat {
+		filters = append(filters,
+			expectFilter(),
+			expectFilter(),
+		)
+	}
+	return filters
+}
+
+func instanceSetupLoginClientConfig() *AddLoginClient {
+	return &AddLoginClient{
+		Machine: &Machine{
+			Username:        "zitadel-login-client",
+			Name:            "ZITADEL-login-client",
+			Description:     "Login Client",
+			AccessTokenType: domain.OIDCTokenTypeBearer,
+		},
+		Pat: &AddPat{
+			ExpirationDate: time.Time{},
+			Scopes:         nil,
+		},
+	}
+}
+
 func projectFilters() []expect {
 	return []expect{
 		expectFilter(),
@@ -551,11 +597,23 @@ func projectFilters() []expect {
 }
 
 func adminMemberFilters(orgID, userID string) []expect {
+	filters := append(
+		orgMemberFilters(orgID, userID),
+		instanceMemberFilters(orgID, userID)...,
+	)
+	return filters
+}
+func orgMemberFilters(orgID, userID string) []expect {
 	return []expect{
 		expectFilter(
 			addHumanEvent(context.Background(), orgID, userID),
 		),
 		expectFilter(),
+	}
+}
+
+func instanceMemberFilters(orgID, userID string) []expect {
+	return []expect{
 		expectFilter(
 			addHumanEvent(context.Background(), orgID, userID),
 		),
@@ -631,6 +689,40 @@ func addMachineEvent(ctx context.Context, orgID, userID string) *user.MachineAdd
 	)
 }
 
+// loginClientEvents all events from setup to create the login client user
+func loginClientEvents(ctx context.Context, instanceID, orgID, userID, patID string) []eventstore.Command {
+	agg := user.NewAggregate(userID, orgID)
+	instanceAgg := instance.NewAggregate(instanceID)
+	events := []eventstore.Command{
+		addLoginClientEvent(ctx, orgID, userID),
+		instance.NewMemberAddedEvent(ctx, &instanceAgg.Aggregate, userID, domain.RoleIAMLoginClient),
+	}
+	if patID != "" {
+		events = append(events,
+			user.NewPersonalAccessTokenAddedEvent(
+				ctx,
+				&agg.Aggregate,
+				patID,
+				time.Date(9999, time.December, 31, 23, 59, 59, 0, time.UTC),
+				nil,
+			),
+		)
+	}
+	return events
+}
+
+func addLoginClientEvent(ctx context.Context, orgID, userID string) *user.MachineAddedEvent {
+	agg := user.NewAggregate(userID, orgID)
+	return user.NewMachineAddedEvent(ctx,
+		&agg.Aggregate,
+		"zitadel-login-client",
+		"ZITADEL-login-client",
+		"Login Client",
+		false,
+		domain.OIDCTokenTypeBearer,
+	)
+}
+
 func testSetup(ctx context.Context, c *Commands, validations []preparation.Validation) error {
 	//nolint:staticcheck
 	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validations...)
@@ -715,6 +807,13 @@ func TestCommandSide_setupMinimalInterfaces(t *testing.T) {
 		})
 	}
 }
+func validZitadelRoles() []authz.RoleMapping {
+	return []authz.RoleMapping{
+		{Role: domain.RoleOrgOwner, Permissions: []string{""}},
+		{Role: domain.RoleIAMOwner, Permissions: []string{""}},
+		{Role: domain.RoleIAMLoginClient, Permissions: []string{""}},
+	}
+}
 
 func TestCommandSide_setupAdmins(t *testing.T) {
 	type fields struct {
@@ -730,12 +829,14 @@ func TestCommandSide_setupAdmins(t *testing.T) {
 		orgAgg      *org.Aggregate
 		machine     *AddMachine
 		human       *AddHuman
+		loginClient *AddLoginClient
 	}
 	type res struct {
-		owner      string
-		pat        bool
-		machineKey bool
-		err        func(error) bool
+		owner          string
+		pat            bool
+		machineKey     bool
+		loginClientPat bool
+		err            func(error) bool
 	}
 	tests := []struct {
 		name   string
@@ -763,10 +864,7 @@ func TestCommandSide_setupAdmins(t *testing.T) {
 				),
 				idGenerator:        id_mock.NewIDGeneratorExpectIDs(t, "USER"),
 				userPasswordHasher: mockPasswordHasher("x"),
-				roles: []authz.RoleMapping{
-					{Role: domain.RoleOrgOwner, Permissions: []string{""}},
-					{Role: domain.RoleIAMOwner, Permissions: []string{""}},
-				},
+				roles:              validZitadelRoles(),
 			},
 			args: args{
 				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN", language.Dutch),
@@ -800,11 +898,8 @@ func TestCommandSide_setupAdmins(t *testing.T) {
 						},
 					)...,
 				),
-				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "USER-MACHINE", "PAT"),
-				roles: []authz.RoleMapping{
-					{Role: domain.RoleOrgOwner, Permissions: []string{""}},
-					{Role: domain.RoleIAMOwner, Permissions: []string{""}},
-				},
+				idGenerator:  id_mock.NewIDGeneratorExpectIDs(t, "USER-MACHINE", "PAT"),
+				roles:        validZitadelRoles(),
 				keyAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
@@ -850,11 +945,8 @@ func TestCommandSide_setupAdmins(t *testing.T) {
 				),
 				userPasswordHasher: mockPasswordHasher("x"),
 				idGenerator:        id_mock.NewIDGeneratorExpectIDs(t, "USER-MACHINE", "PAT", "USER"),
-				roles: []authz.RoleMapping{
-					{Role: domain.RoleOrgOwner, Permissions: []string{""}},
-					{Role: domain.RoleIAMOwner, Permissions: []string{""}},
-				},
-				keyAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
+				roles:              validZitadelRoles(),
+				keyAlgorithm:       crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
 				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN", language.Dutch),
@@ -870,6 +962,63 @@ func TestCommandSide_setupAdmins(t *testing.T) {
 				err:        nil,
 			},
 		},
+		{
+			name: "human, machine and login client, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					slices.Concat(
+						machineFilters("ORG", true),
+						adminMemberFilters("ORG", "USER-MACHINE"),
+						humanFilters("ORG"),
+						adminMemberFilters("ORG", "USER"),
+						loginClientFilters("ORG", true),
+						instanceMemberFilters("ORG", "USER-LOGIN-CLIENT"),
+						[]expect{
+							expectPush(
+								slices.Concat(
+									machineEvents(context.Background(),
+										"INSTANCE",
+										"ORG",
+										"USER-MACHINE",
+										"PAT",
+									),
+									humanEvents(context.Background(),
+										"INSTANCE",
+										"ORG",
+										"USER",
+									),
+									loginClientEvents(context.Background(),
+										"INSTANCE",
+										"ORG",
+										"USER-LOGIN-CLIENT",
+										"LOGIN-CLIENT-PAT",
+									),
+								)...,
+							),
+						},
+					)...,
+				),
+				userPasswordHasher: mockPasswordHasher("x"),
+				idGenerator:        id_mock.NewIDGeneratorExpectIDs(t, "USER-MACHINE", "PAT", "USER", "USER-LOGIN-CLIENT", "LOGIN-CLIENT-PAT"),
+				roles:              validZitadelRoles(),
+				keyAlgorithm:       crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
+			},
+			args: args{
+				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN", language.Dutch),
+				instanceAgg: instance.NewAggregate("INSTANCE"),
+				orgAgg:      org.NewAggregate("ORG"),
+				machine:     instanceSetupMachineConfig(),
+				human:       instanceSetupHumanConfig(),
+				loginClient: instanceSetupLoginClientConfig(),
+			},
+			res: res{
+				owner:          "USER",
+				pat:            true,
+				machineKey:     false,
+				loginClientPat: true,
+				err:            nil,
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -881,7 +1030,7 @@ func TestCommandSide_setupAdmins(t *testing.T) {
 				keyAlgorithm:       tt.fields.keyAlgorithm,
 			}
 			validations := make([]preparation.Validation, 0)
-			owner, pat, mk, err := setupAdmins(r, &validations, tt.args.instanceAgg, tt.args.orgAgg, tt.args.machine, tt.args.human)
+			owner, pat, mk, loginClientPat, err := setupAdmins(r, &validations, tt.args.instanceAgg, tt.args.orgAgg, tt.args.machine, tt.args.human, tt.args.loginClient)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -905,6 +1054,9 @@ func TestCommandSide_setupAdmins(t *testing.T) {
 				if tt.res.machineKey {
 					assert.NotNil(t, mk)
 				}
+				if tt.res.loginClientPat {
+					assert.NotNil(t, loginClientPat)
+				}
 			}
 		})
 	}
@@ -924,12 +1076,14 @@ func TestCommandSide_setupDefaultOrg(t *testing.T) {
 		orgName     string
 		machine     *AddMachine
 		human       *AddHuman
+		loginClient *AddLoginClient
 		ids         ZitadelConfig
 	}
 	type res struct {
-		pat        bool
-		machineKey bool
-		err        func(error) bool
+		pat            bool
+		machineKey     bool
+		loginClientPat bool
+		err            func(error) bool
 	}
 	tests := []struct {
 		name   string
@@ -938,7 +1092,7 @@ func TestCommandSide_setupDefaultOrg(t *testing.T) {
 		res    res
 	}{
 		{
-			name: "human and machine, ok",
+			name: "human, machine and login client, ok",
 			fields: fields{
 				eventstore: expectEventstore(
 					slices.Concat(
@@ -946,6 +1100,7 @@ func TestCommandSide_setupDefaultOrg(t *testing.T) {
 							"ORG",
 							true,
 							true,
+							true,
 						),
 						[]expect{
 							expectPush(
@@ -959,6 +1114,7 @@ func TestCommandSide_setupDefaultOrg(t *testing.T) {
 										false,
 										true,
 										true,
+										true,
 									),
 								)...,
 							),
@@ -967,11 +1123,8 @@ func TestCommandSide_setupDefaultOrg(t *testing.T) {
 				),
 				userPasswordHasher: mockPasswordHasher("x"),
 				idGenerator:        id_mock.NewIDGeneratorExpectIDs(t, orgIDs()...),
-				roles: []authz.RoleMapping{
-					{Role: domain.RoleOrgOwner, Permissions: []string{""}},
-					{Role: domain.RoleIAMOwner, Permissions: []string{""}},
-				},
-				keyAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
+				roles:              validZitadelRoles(),
+				keyAlgorithm:       crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
 				ctx:         contextWithInstanceSetupInfo(context.Background(), "INSTANCE", "PROJECT", "console-id", "DOMAIN", language.Dutch),
@@ -1007,6 +1160,18 @@ func TestCommandSide_setupDefaultOrg(t *testing.T) {
 					Password:               "password",
 					PasswordChangeRequired: false,
 				},
+				loginClient: &AddLoginClient{
+					Machine: &Machine{
+						Username:        "zitadel-login-client",
+						Name:            "ZITADEL-login-client",
+						Description:     "Login Client",
+						AccessTokenType: domain.OIDCTokenTypeBearer,
+					},
+					Pat: &AddPat{
+						ExpirationDate: time.Time{},
+						Scopes:         nil,
+					},
+				},
 				ids: ZitadelConfig{
 					instanceID:   "INSTANCE",
 					orgID:        "ORG",
@@ -1018,9 +1183,10 @@ func TestCommandSide_setupDefaultOrg(t *testing.T) {
 				},
 			},
 			res: res{
-				pat:        true,
-				machineKey: false,
-				err:        nil,
+				pat:            true,
+				machineKey:     false,
+				loginClientPat: true,
+				err:            nil,
 			},
 		},
 	}
@@ -1034,7 +1200,7 @@ func TestCommandSide_setupDefaultOrg(t *testing.T) {
 				keyAlgorithm:       tt.fields.keyAlgorithm,
 			}
 			validations := make([]preparation.Validation, 0)
-			pat, mk, err := setupDefaultOrg(tt.args.ctx, r, &validations, tt.args.instanceAgg, tt.args.orgName, tt.args.machine, tt.args.human, tt.args.ids)
+			pat, mk, loginClientPat, err := setupDefaultOrg(tt.args.ctx, r, &validations, tt.args.instanceAgg, tt.args.orgName, tt.args.machine, tt.args.human, tt.args.loginClient, tt.args.ids)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -1057,6 +1223,9 @@ func TestCommandSide_setupDefaultOrg(t *testing.T) {
 				if tt.res.machineKey {
 					assert.NotNil(t, mk)
 				}
+				if tt.res.loginClientPat {
+					assert.NotNil(t, loginClientPat)
+				}
 			}
 		})
 	}
@@ -1140,9 +1309,10 @@ func TestCommandSide_setUpInstance(t *testing.T) {
 		setup *InstanceSetup
 	}
 	type res struct {
-		pat        bool
-		machineKey bool
-		err        func(error) bool
+		pat            bool
+		machineKey     bool
+		loginClientPat bool
+		err            func(error) bool
 	}
 	tests := []struct {
 		name   string
@@ -1175,11 +1345,8 @@ func TestCommandSide_setUpInstance(t *testing.T) {
 				),
 				userPasswordHasher: mockPasswordHasher("x"),
 				idGenerator:        id_mock.NewIDGeneratorExpectIDs(t, orgIDs()...),
-				roles: []authz.RoleMapping{
-					{Role: domain.RoleOrgOwner, Permissions: []string{""}},
-					{Role: domain.RoleIAMOwner, Permissions: []string{""}},
-				},
-				keyAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
+				roles:              validZitadelRoles(),
+				keyAlgorithm:       crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 				generateDomain: func(string, string) (string, error) {
 					return "DOMAIN", nil
 				},
@@ -1204,7 +1371,7 @@ func TestCommandSide_setUpInstance(t *testing.T) {
 				GenerateDomain:     tt.fields.generateDomain,
 			}
 
-			validations, pat, mk, err := setUpInstance(tt.args.ctx, r, tt.args.setup)
+			validations, pat, mk, loginClientPat, err := setUpInstance(tt.args.ctx, r, tt.args.setup)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -1227,6 +1394,9 @@ func TestCommandSide_setUpInstance(t *testing.T) {
 				if tt.res.machineKey {
 					assert.NotNil(t, mk)
 				}
+				if tt.res.loginClientPat {
+					assert.NotNil(t, loginClientPat)
+				}
 			}
 		})
 	}
diff --git a/internal/command/org.go b/internal/command/org.go
index faab882d68..876c256a0a 100644
--- a/internal/command/org.go
+++ b/internal/command/org.go
@@ -24,9 +24,15 @@ type InstanceOrgSetup struct {
 	CustomDomain string
 	Human        *AddHuman
 	Machine      *AddMachine
+	LoginClient  *AddLoginClient
 	Roles        []string
 }
 
+type AddLoginClient struct {
+	Machine *Machine
+	Pat     *AddPat
+}
+
 type OrgSetup struct {
 	Name         string
 	CustomDomain string
diff --git a/internal/domain/roles.go b/internal/domain/roles.go
index c40eef6120..2cebd26d30 100644
--- a/internal/domain/roles.go
+++ b/internal/domain/roles.go
@@ -14,6 +14,7 @@ const (
 	RoleOrgOwner             = "ORG_OWNER"
 	RoleOrgProjectCreator    = "ORG_PROJECT_CREATOR"
 	RoleIAMOwner             = "IAM_OWNER"
+	RoleIAMLoginClient       = "IAM_LOGIN_CLIENT"
 	RoleProjectOwner         = "PROJECT_OWNER"
 	RoleProjectOwnerGlobal   = "PROJECT_OWNER_GLOBAL"
 	RoleProjectGrantOwner    = "PROJECT_GRANT_OWNER"

From 325aa1f184c6eaa7ad631e10d4acd2bfbf22fbbf Mon Sep 17 00:00:00 2001
From: Max Peintner <max@caos.ch>
Date: Wed, 2 Jul 2025 11:43:19 +0200
Subject: [PATCH 115/123] fix(login): ensure correct i18n locale context
 (#10156)

This PR ensures that the correct locale context is set for the new login
---
 login/apps/login/src/i18n/request.ts | 30 ++++++++++++++--------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/login/apps/login/src/i18n/request.ts b/login/apps/login/src/i18n/request.ts
index 9e5e37e231..15cfe01548 100644
--- a/login/apps/login/src/i18n/request.ts
+++ b/login/apps/login/src/i18n/request.ts
@@ -15,6 +15,21 @@ export default getRequestConfig(async () => {
   const _headers = await headers();
   const { serviceUrl } = getServiceUrlFromHeaders(_headers);
 
+  const languageHeader = await (await headers()).get(LANGUAGE_HEADER_NAME);
+  if (languageHeader) {
+    const headerLocale = languageHeader.split(",")[0].split("-")[0]; // Extract the language code
+    if (LANGS.map((l) => l.code).includes(headerLocale)) {
+      locale = headerLocale;
+    }
+  }
+
+  const languageCookie = cookiesList?.get(LANGUAGE_COOKIE_NAME);
+  if (languageCookie && languageCookie.value) {
+    if (LANGS.map((l) => l.code).includes(languageCookie.value)) {
+      locale = languageCookie.value;
+    }
+  }
+
   const i18nOrganization = _headers.get("x-zitadel-i18n-organization") || ""; // You may need to set this header in middleware
 
   let translations: JsonObject | {} = {};
@@ -32,21 +47,6 @@ export default getRequestConfig(async () => {
     console.warn("Error fetching custom translations:", error);
   }
 
-  const languageHeader = await (await headers()).get(LANGUAGE_HEADER_NAME);
-  if (languageHeader) {
-    const headerLocale = languageHeader.split(",")[0].split("-")[0]; // Extract the language code
-    if (LANGS.map((l) => l.code).includes(headerLocale)) {
-      locale = headerLocale;
-    }
-  }
-
-  const languageCookie = cookiesList?.get(LANGUAGE_COOKIE_NAME);
-  if (languageCookie && languageCookie.value) {
-    if (LANGS.map((l) => l.code).includes(languageCookie.value)) {
-      locale = languageCookie.value;
-    }
-  }
-
   const customMessages = translations;
   const localeMessages = (await import(`../../locales/${locale}.json`)).default;
   const fallbackMessages = (await import(`../../locales/${fallback}.json`))

From 71575e8d67e75495a990073ccff1d0e89e239181 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Wed, 2 Jul 2025 07:04:59 -0400
Subject: [PATCH 116/123] fix(webauthn): allow to use "old" passkeys/u2f
 credentials on session API (#10150)

# Which Problems Are Solved

To prevent presenting unusable WebAuthN credentials to the user /
browser, we filtered out all credentials, which do not match the
requested RP ID. Since credentials set up through Login V1 and Console
do not have an RP ID stored, they never matched. This was previously
intended, since the Login V2 could be served on a separate domain.
The problem is, that if it is hosted on the same domain, the credentials
would also be filtered out and user would not be able to login.

# How the Problems Are Solved

Change the filtering to return credentials, if no RP ID is stored and
the requested RP ID matches the instance domain.

# Additional Changes

None

# Additional Context

Noted internally when testing the login v2
---
 internal/webauthn/converter.go      |  14 ++-
 internal/webauthn/converter_test.go | 153 ++++++++++++++++++++++++++++
 internal/webauthn/webauthn.go       |   6 +-
 3 files changed, 168 insertions(+), 5 deletions(-)
 create mode 100644 internal/webauthn/converter_test.go

diff --git a/internal/webauthn/converter.go b/internal/webauthn/converter.go
index 36799ee3dc..c914bb8bf9 100644
--- a/internal/webauthn/converter.go
+++ b/internal/webauthn/converter.go
@@ -1,16 +1,26 @@
 package webauthn
 
 import (
+	"context"
+	"strings"
+
 	"github.com/go-webauthn/webauthn/protocol"
 	"github.com/go-webauthn/webauthn/webauthn"
 
+	"github.com/zitadel/zitadel/internal/api/http"
 	"github.com/zitadel/zitadel/internal/domain"
 )
 
-func WebAuthNsToCredentials(webAuthNs []*domain.WebAuthNToken, rpID string) []webauthn.Credential {
+func WebAuthNsToCredentials(ctx context.Context, webAuthNs []*domain.WebAuthNToken, rpID string) []webauthn.Credential {
 	creds := make([]webauthn.Credential, 0)
 	for _, webAuthN := range webAuthNs {
-		if webAuthN.State == domain.MFAStateReady && webAuthN.RPID == rpID {
+		// only add credentials that are ready and
+		// either match the rpID or
+		// if they were added through Console / old login UI, there is no stored rpID set;
+		// then we check if the requested rpID matches the instance domain
+		if webAuthN.State == domain.MFAStateReady &&
+			(webAuthN.RPID == rpID ||
+				(webAuthN.RPID == "" && rpID == strings.Split(http.DomainContext(ctx).InstanceHost, ":")[0])) {
 			creds = append(creds, webauthn.Credential{
 				ID:              webAuthN.KeyID,
 				PublicKey:       webAuthN.PublicKey,
diff --git a/internal/webauthn/converter_test.go b/internal/webauthn/converter_test.go
new file mode 100644
index 0000000000..a8f2a3608b
--- /dev/null
+++ b/internal/webauthn/converter_test.go
@@ -0,0 +1,153 @@
+package webauthn
+
+import (
+	"context"
+	"testing"
+
+	"github.com/go-webauthn/webauthn/webauthn"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/domain"
+)
+
+func TestWebAuthNsToCredentials(t *testing.T) {
+	type args struct {
+		ctx       context.Context
+		webAuthNs []*domain.WebAuthNToken
+		rpID      string
+	}
+	tests := []struct {
+		name string
+		args args
+		want []webauthn.Credential
+	}{
+		{
+			name: "unready credential",
+			args: args{
+				ctx: context.Background(),
+				webAuthNs: []*domain.WebAuthNToken{
+					{
+						KeyID:           []byte("key1"),
+						PublicKey:       []byte("publicKey1"),
+						AttestationType: "attestation1",
+						AAGUID:          []byte("aaguid1"),
+						SignCount:       1,
+						State:           domain.MFAStateNotReady,
+					},
+				},
+				rpID: "example.com",
+			},
+			want: []webauthn.Credential{},
+		},
+		{
+			name: "not matching rpID",
+			args: args{
+				ctx: context.Background(),
+				webAuthNs: []*domain.WebAuthNToken{
+					{
+						KeyID:           []byte("key1"),
+						PublicKey:       []byte("publicKey1"),
+						AttestationType: "attestation1",
+						AAGUID:          []byte("aaguid1"),
+						SignCount:       1,
+						State:           domain.MFAStateReady,
+						RPID:            "other.com",
+					},
+				},
+				rpID: "example.com",
+			},
+			want: []webauthn.Credential{},
+		},
+		{
+			name: "matching rpID",
+			args: args{
+				ctx: context.Background(),
+				webAuthNs: []*domain.WebAuthNToken{
+					{
+						KeyID:           []byte("key1"),
+						PublicKey:       []byte("publicKey1"),
+						AttestationType: "attestation1",
+						AAGUID:          []byte("aaguid1"),
+						SignCount:       1,
+						State:           domain.MFAStateReady,
+						RPID:            "example.com",
+					},
+				},
+				rpID: "example.com",
+			},
+			want: []webauthn.Credential{
+				{
+					ID:              []byte("key1"),
+					PublicKey:       []byte("publicKey1"),
+					AttestationType: "attestation1",
+					Authenticator: webauthn.Authenticator{
+						AAGUID:    []byte("aaguid1"),
+						SignCount: 1,
+					},
+				},
+			},
+		},
+		{
+			name: "no rpID, different host",
+			args: args{
+				ctx: http.WithDomainContext(context.Background(), &http.DomainCtx{
+					InstanceHost: "other.com:443",
+					PublicHost:   "other.com:443",
+					Protocol:     "https",
+				}),
+				webAuthNs: []*domain.WebAuthNToken{
+					{
+						KeyID:           []byte("key1"),
+						PublicKey:       []byte("publicKey1"),
+						AttestationType: "attestation1",
+						AAGUID:          []byte("aaguid1"),
+						SignCount:       1,
+						State:           domain.MFAStateReady,
+						RPID:            "",
+					},
+				},
+				rpID: "example.com",
+			},
+			want: []webauthn.Credential{},
+		},
+		{
+			name: "no rpID, same host",
+			args: args{
+				ctx: http.WithDomainContext(context.Background(), &http.DomainCtx{
+					InstanceHost: "example.com:443",
+					PublicHost:   "example.com:443",
+					Protocol:     "https",
+				}),
+				webAuthNs: []*domain.WebAuthNToken{
+					{
+						KeyID:           []byte("key1"),
+						PublicKey:       []byte("publicKey1"),
+						AttestationType: "attestation1",
+						AAGUID:          []byte("aaguid1"),
+						SignCount:       1,
+						State:           domain.MFAStateReady,
+						RPID:            "",
+					},
+				},
+				rpID: "example.com",
+			},
+			want: []webauthn.Credential{
+				{
+					ID:              []byte("key1"),
+					PublicKey:       []byte("publicKey1"),
+					AttestationType: "attestation1",
+					Authenticator: webauthn.Authenticator{
+						AAGUID:    []byte("aaguid1"),
+						SignCount: 1,
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equalf(t, tt.want, WebAuthNsToCredentials(tt.args.ctx, tt.args.webAuthNs, tt.args.rpID), "WebAuthNsToCredentials(%v, %v, %v)", tt.args.ctx, tt.args.webAuthNs, tt.args.rpID)
+		})
+	}
+}
diff --git a/internal/webauthn/webauthn.go b/internal/webauthn/webauthn.go
index 998c013a3c..10d6fc52bf 100644
--- a/internal/webauthn/webauthn.go
+++ b/internal/webauthn/webauthn.go
@@ -57,7 +57,7 @@ func (w *Config) BeginRegistration(ctx context.Context, user *domain.Human, acco
 	if err != nil {
 		return nil, err
 	}
-	creds := WebAuthNsToCredentials(webAuthNs, rpID)
+	creds := WebAuthNsToCredentials(ctx, webAuthNs, rpID)
 	existing := make([]protocol.CredentialDescriptor, len(creds))
 	for i, cred := range creds {
 		existing[i] = protocol.CredentialDescriptor{
@@ -136,7 +136,7 @@ func (w *Config) BeginLogin(ctx context.Context, user *domain.Human, userVerific
 	}
 	assertion, sessionData, err := webAuthNServer.BeginLogin(&webUser{
 		Human:       user,
-		credentials: WebAuthNsToCredentials(webAuthNs, rpID),
+		credentials: WebAuthNsToCredentials(ctx, webAuthNs, rpID),
 	}, webauthn.WithUserVerification(UserVerificationFromDomain(userVerification)))
 	if err != nil {
 		logging.WithFields("error", tryExtractProtocolErrMsg(err)).Debug("webauthn login could not be started")
@@ -163,7 +163,7 @@ func (w *Config) FinishLogin(ctx context.Context, user *domain.Human, webAuthN *
 	}
 	webUser := &webUser{
 		Human:       user,
-		credentials: WebAuthNsToCredentials(webAuthNs, webAuthN.RPID),
+		credentials: WebAuthNsToCredentials(ctx, webAuthNs, webAuthN.RPID),
 	}
 	webAuthNServer, err := w.serverFromContext(ctx, webAuthN.RPID, assertionData.Response.CollectedClientData.Origin)
 	if err != nil {

From f93a35c7a8817e227009f26722d3221361295c08 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Wed, 2 Jul 2025 07:57:41 -0400
Subject: [PATCH 117/123] feat: implement service ping (#10080)

This PR is still WIP and needs changes to at least the tests.

# Which Problems Are Solved

To be able to report analytical / telemetry data from deployed Zitadel
systems back to a central endpoint, we designed a "service ping"
functionality. See also https://github.com/zitadel/zitadel/issues/9706.
This PR adds the first implementation to allow collection base data as
well as report amount of resources such as organizations, users per
organization and more.

# How the Problems Are Solved

- Added a worker to handle the different `ReportType` variations.
- Schedule a periodic job to start a `ServicePingReport`
- Configuration added to allow customization of what data will be
reported
- Setup step to generate and store a `systemID`

# Additional Changes

None

# Additional Context

relates to #9869
---
 cmd/defaults.yaml                           |   31 +
 cmd/setup/60.go                             |   27 +
 cmd/setup/config.go                         |    1 +
 cmd/setup/setup.go                          |    2 +
 cmd/start/config.go                         |    2 +
 cmd/start/start.go                          |   11 +
 go.mod                                      |    1 +
 internal/queue/queue.go                     |   21 +
 internal/serviceping/client.go              |  153 +++
 internal/serviceping/config.go              |   18 +
 internal/serviceping/mock/mock_gen.go       |    5 +
 internal/serviceping/mock/queries.mock.go   |   72 ++
 internal/serviceping/mock/queue.mock.go     |   62 ++
 internal/serviceping/mock/telemetry.mock.go |   83 ++
 internal/serviceping/report.go              |   17 +
 internal/serviceping/worker.go              |  252 +++++
 internal/serviceping/worker_test.go         | 1052 +++++++++++++++++++
 internal/v2/system/event.go                 |   44 +
 18 files changed, 1854 insertions(+)
 create mode 100644 cmd/setup/60.go
 create mode 100644 internal/serviceping/client.go
 create mode 100644 internal/serviceping/config.go
 create mode 100644 internal/serviceping/mock/mock_gen.go
 create mode 100644 internal/serviceping/mock/queries.mock.go
 create mode 100644 internal/serviceping/mock/queue.mock.go
 create mode 100644 internal/serviceping/mock/telemetry.mock.go
 create mode 100644 internal/serviceping/report.go
 create mode 100644 internal/serviceping/worker.go
 create mode 100644 internal/serviceping/worker_test.go
 create mode 100644 internal/v2/system/event.go

diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index f1fc6a2414..f88616b821 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -1203,6 +1203,37 @@ DefaultInstance:
 # If an audit log retention is set using an instance limit, it will overwrite the system default.
 AuditLogRetention: 0s # ZITADEL_AUDITLOGRETENTION
 
+# The ServicePing are periodic reports of analytics data and the usage of ZITADEL.
+# It is sent to a central endpoint to help us improve ZITADEL.
+# It's enabled by default, but you can opt out either completely or by disabling specific telemetry data.
+ServicePing:
+  # By setting Enabled to false, the service ping is disabled completely.
+  Enabled: true # ZITADEL_SERVICEPING_ENABLED
+  # The endpoint to which the reports are sent. The endpoint is used as a base path. Individual reports are sent to the endpoint with a specific path.
+  Endpoint: "https://zitadel.cloud/api/ping" # ZITADEL_SERVICEPING_ENDPOINT
+  # Interval at which the service ping is sent to the endpoint.
+  # The interval is in the format of a cron expression.
+  # By default, it is set to every day at midnight:
+  Interval: "0 0 * * *" # ZITADEL_SERVICEPING_INTERVAL
+  # Maximum number of attempts for each individual report to be sent.
+  # If one report fails, it will be retried up to this number of times.
+  # Other reports will still be handled in parallel and have their own retry count.
+  # This means if the base information only succeeded after 3 attempts,
+  # the resource count still has 5 attempts to be sent.
+  MaxAttempts: 5 # ZITADEL_SERVICEPING_MAXATTEMPTS
+  # The following features can be enabled or disabled individually.
+  # By default, all features are enabled.
+  # Note that if the service ping is enabled, base information about the system is always sent.
+  # This includes the version and the id, creation date and domains of all instances.
+  # If you disable a feature, it will not be sent in the service ping.
+  # Some features provide additional configuration options, if enabled.
+  Telemetry:
+    # ResourceCount is a periodic report of the number of resources in ZITADEL.
+    # This includes the number of users, organizations, projects, and other resources.
+    ResourceCount:
+        Enabled: true # ZITADEL_SERVICEPING_TELEMETRY_RESOURCECOUNT_ENABLED
+        BulkSize: 10000 # ZITADEL_SERVICEPING_TELEMETRY_RESOURCECOUNT_BULKSIZE
+
 InternalAuthZ:
   # Configure the RolePermissionMappings by environment variable using JSON notation:
   # ZITADEL_INTERNALAUTHZ_ROLEPERMISSIONMAPPINGS='[{"role": "IAM_OWNER", "permissions": ["iam.write"]}, {"role": "ORG_OWNER", "permissions": ["org.write"]}]'
diff --git a/cmd/setup/60.go b/cmd/setup/60.go
new file mode 100644
index 0000000000..3f606c2212
--- /dev/null
+++ b/cmd/setup/60.go
@@ -0,0 +1,27 @@
+package setup
+
+import (
+	"context"
+	_ "embed"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/serviceping"
+	"github.com/zitadel/zitadel/internal/v2/system"
+)
+
+type GenerateSystemID struct {
+	eventstore *eventstore.Eventstore
+}
+
+func (mig *GenerateSystemID) Execute(ctx context.Context, _ eventstore.Event) error {
+	id, err := serviceping.GenerateSystemID()
+	if err != nil {
+		return err
+	}
+	_, err = mig.eventstore.Push(ctx, system.NewIDGeneratedEvent(ctx, id))
+	return err
+}
+
+func (mig *GenerateSystemID) String() string {
+	return "60_generate_system_id"
+}
diff --git a/cmd/setup/config.go b/cmd/setup/config.go
index 7385cc7652..bac73b0ae5 100644
--- a/cmd/setup/config.go
+++ b/cmd/setup/config.go
@@ -156,6 +156,7 @@ type Steps struct {
 	s57CreateResourceCounts                 *CreateResourceCounts
 	s58ReplaceLoginNames3View               *ReplaceLoginNames3View
 	s59SetupWebkeys                         *SetupWebkeys
+	s60GenerateSystemID                     *GenerateSystemID
 }
 
 func MustNewSteps(v *viper.Viper) *Steps {
diff --git a/cmd/setup/setup.go b/cmd/setup/setup.go
index dd23c320c7..15236a73e9 100644
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -217,6 +217,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 	steps.s56IDPTemplate6SAMLFederatedLogout = &IDPTemplate6SAMLFederatedLogout{dbClient: dbClient}
 	steps.s57CreateResourceCounts = &CreateResourceCounts{dbClient: dbClient}
 	steps.s58ReplaceLoginNames3View = &ReplaceLoginNames3View{dbClient: dbClient}
+	steps.s60GenerateSystemID = &GenerateSystemID{eventstore: eventstoreClient}
 
 	err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil, nil)
 	logging.OnError(err).Fatal("unable to start projections")
@@ -264,6 +265,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 		steps.s56IDPTemplate6SAMLFederatedLogout,
 		steps.s57CreateResourceCounts,
 		steps.s58ReplaceLoginNames3View,
+		steps.s60GenerateSystemID,
 	} {
 		setupErr = executeMigration(ctx, eventstoreClient, step, "migration failed")
 		if setupErr != nil {
diff --git a/cmd/start/config.go b/cmd/start/config.go
index 78b6f0afe0..c680bf7c05 100644
--- a/cmd/start/config.go
+++ b/cmd/start/config.go
@@ -32,6 +32,7 @@ import (
 	"github.com/zitadel/zitadel/internal/logstore"
 	"github.com/zitadel/zitadel/internal/notification/handlers"
 	"github.com/zitadel/zitadel/internal/query/projection"
+	"github.com/zitadel/zitadel/internal/serviceping"
 	static_config "github.com/zitadel/zitadel/internal/static/config"
 	metrics "github.com/zitadel/zitadel/internal/telemetry/metrics/config"
 	profiler "github.com/zitadel/zitadel/internal/telemetry/profiler/config"
@@ -81,6 +82,7 @@ type Config struct {
 	LogStore            *logstore.Configs
 	Quotas              *QuotasConfig
 	Telemetry           *handlers.TelemetryPusherConfig
+	ServicePing         *serviceping.Config
 }
 
 type QuotasConfig struct {
diff --git a/cmd/start/start.go b/cmd/start/start.go
index dbd6289041..06f3554a58 100644
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -99,6 +99,7 @@ import (
 	"github.com/zitadel/zitadel/internal/notification"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/queue"
+	"github.com/zitadel/zitadel/internal/serviceping"
 	"github.com/zitadel/zitadel/internal/static"
 	es_v4 "github.com/zitadel/zitadel/internal/v2/eventstore"
 	es_v4_pg "github.com/zitadel/zitadel/internal/v2/eventstore/postgres"
@@ -317,10 +318,20 @@ func startZitadel(ctx context.Context, config *Config, masterKey string, server
 	)
 	execution.Start(ctx)
 
+	// the service ping and it's workers need to be registered before starting the queue
+	if err := serviceping.Register(ctx, q, queries, eventstoreClient, config.ServicePing); err != nil {
+		return err
+	}
+
 	if err = q.Start(ctx); err != nil {
 		return err
 	}
 
+	// the scheduler / periodic jobs need to be started after the queue already runs
+	if err = serviceping.Start(config.ServicePing, q); err != nil {
+		return err
+	}
+
 	router := mux.NewRouter()
 	tlsConfig, err := config.TLS.Config()
 	if err != nil {
diff --git a/go.mod b/go.mod
index 9d02050b48..f0ab6246d6 100644
--- a/go.mod
+++ b/go.mod
@@ -67,6 +67,7 @@ require (
 	github.com/riverqueue/river/riverdriver v0.22.0
 	github.com/riverqueue/river/rivertype v0.22.0
 	github.com/riverqueue/rivercontrib/otelriver v0.5.0
+	github.com/robfig/cron/v3 v3.0.1
 	github.com/rs/cors v1.11.1
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
 	github.com/shopspring/decimal v1.3.1
diff --git a/internal/queue/queue.go b/internal/queue/queue.go
index 22df8c2b5c..44e291bf4d 100644
--- a/internal/queue/queue.go
+++ b/internal/queue/queue.go
@@ -9,6 +9,7 @@ import (
 	"github.com/riverqueue/river/riverdriver/riverpgxv5"
 	"github.com/riverqueue/river/rivertype"
 	"github.com/riverqueue/rivercontrib/otelriver"
+	"github.com/robfig/cron/v3"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/database"
@@ -75,6 +76,26 @@ func (q *Queue) AddWorkers(w ...Worker) {
 	}
 }
 
+func (q *Queue) AddPeriodicJob(schedule cron.Schedule, jobArgs river.JobArgs, opts ...InsertOpt) (handle rivertype.PeriodicJobHandle) {
+	if q == nil {
+		logging.Info("skip adding periodic job because queue is not set")
+		return
+	}
+	options := new(river.InsertOpts)
+	for _, opt := range opts {
+		opt(options)
+	}
+	return q.client.PeriodicJobs().Add(
+		river.NewPeriodicJob(
+			schedule,
+			func() (river.JobArgs, *river.InsertOpts) {
+				return jobArgs, options
+			},
+			nil,
+		),
+	)
+}
+
 type InsertOpt func(*river.InsertOpts)
 
 func WithMaxAttempts(maxAttempts uint8) InsertOpt {
diff --git a/internal/serviceping/client.go b/internal/serviceping/client.go
new file mode 100644
index 0000000000..87711aada6
--- /dev/null
+++ b/internal/serviceping/client.go
@@ -0,0 +1,153 @@
+package serviceping
+
+import (
+	"bytes"
+	"context"
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"net/http"
+
+	"google.golang.org/grpc"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+	analytics "github.com/zitadel/zitadel/pkg/grpc/analytics/v2beta"
+)
+
+const (
+	pathBaseInformation = "/instances"
+	pathResourceCounts  = "/resource_counts"
+)
+
+type Client struct {
+	httpClient *http.Client
+	endpoint   string
+}
+
+func (c Client) ReportBaseInformation(ctx context.Context, in *analytics.ReportBaseInformationRequest, opts ...grpc.CallOption) (*analytics.ReportBaseInformationResponse, error) {
+	reportResponse := new(analytics.ReportBaseInformationResponse)
+	err := c.callTelemetryService(ctx, pathBaseInformation, in, reportResponse)
+	if err != nil {
+		return nil, err
+	}
+	return reportResponse, nil
+}
+
+func (c Client) ReportResourceCounts(ctx context.Context, in *analytics.ReportResourceCountsRequest, opts ...grpc.CallOption) (*analytics.ReportResourceCountsResponse, error) {
+	reportResponse := new(analytics.ReportResourceCountsResponse)
+	err := c.callTelemetryService(ctx, pathResourceCounts, in, reportResponse)
+	if err != nil {
+		return nil, err
+	}
+	return reportResponse, nil
+}
+
+func (c Client) callTelemetryService(ctx context.Context, path string, in proto.Message, out proto.Message) error {
+	requestBody, err := protojson.Marshal(in)
+	if err != nil {
+		return err
+	}
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.endpoint+path, bytes.NewReader(requestBody))
+	if err != nil {
+		return err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return &TelemetryError{
+			StatusCode: resp.StatusCode,
+			Body:       body,
+		}
+	}
+
+	return protojson.UnmarshalOptions{
+		AllowPartial:   true,
+		DiscardUnknown: true,
+	}.Unmarshal(body, out)
+}
+
+func NewClient(config *Config) Client {
+	return Client{
+		httpClient: http.DefaultClient,
+		endpoint:   config.Endpoint,
+	}
+}
+
+func GenerateSystemID() (string, error) {
+	randBytes := make([]byte, 64)
+	if _, err := rand.Read(randBytes); err != nil {
+		return "", err
+	}
+	return base64.RawURLEncoding.EncodeToString(randBytes), nil
+}
+
+func instanceInformationToPb(instances *query.Instances) []*analytics.InstanceInformation {
+	instanceInformation := make([]*analytics.InstanceInformation, len(instances.Instances))
+	for i, instance := range instances.Instances {
+		domains := instanceDomainToPb(instance)
+		instanceInformation[i] = &analytics.InstanceInformation{
+			Id:        instance.ID,
+			Domains:   domains,
+			CreatedAt: timestamppb.New(instance.CreationDate),
+		}
+	}
+	return instanceInformation
+}
+
+func instanceDomainToPb(instance *query.Instance) []string {
+	domains := make([]string, len(instance.Domains))
+	for i, domain := range instance.Domains {
+		domains[i] = domain.Domain
+	}
+	return domains
+}
+
+func resourceCountsToPb(counts []query.ResourceCount) []*analytics.ResourceCount {
+	resourceCounts := make([]*analytics.ResourceCount, len(counts))
+	for i, count := range counts {
+		resourceCounts[i] = &analytics.ResourceCount{
+			InstanceId:   count.InstanceID,
+			ParentType:   countParentTypeToPb(count.ParentType),
+			ParentId:     count.ParentID,
+			ResourceName: count.Resource,
+			TableName:    count.TableName,
+			UpdatedAt:    timestamppb.New(count.UpdatedAt),
+			Amount:       uint32(count.Amount),
+		}
+	}
+	return resourceCounts
+}
+
+func countParentTypeToPb(parentType domain.CountParentType) analytics.CountParentType {
+	switch parentType {
+	case domain.CountParentTypeInstance:
+		return analytics.CountParentType_COUNT_PARENT_TYPE_INSTANCE
+	case domain.CountParentTypeOrganization:
+		return analytics.CountParentType_COUNT_PARENT_TYPE_ORGANIZATION
+	default:
+		return analytics.CountParentType_COUNT_PARENT_TYPE_UNSPECIFIED
+	}
+}
+
+type TelemetryError struct {
+	StatusCode int
+	Body       []byte
+}
+
+func (e *TelemetryError) Error() string {
+	return fmt.Sprintf("telemetry error %d: %s", e.StatusCode, e.Body)
+}
diff --git a/internal/serviceping/config.go b/internal/serviceping/config.go
new file mode 100644
index 0000000000..13f2311324
--- /dev/null
+++ b/internal/serviceping/config.go
@@ -0,0 +1,18 @@
+package serviceping
+
+type Config struct {
+	Enabled     bool
+	Endpoint    string
+	Interval    string
+	MaxAttempts uint8
+	Telemetry   TelemetryConfig
+}
+
+type TelemetryConfig struct {
+	ResourceCount ResourceCount
+}
+
+type ResourceCount struct {
+	Enabled  bool
+	BulkSize int
+}
diff --git a/internal/serviceping/mock/mock_gen.go b/internal/serviceping/mock/mock_gen.go
new file mode 100644
index 0000000000..6b4d2defbe
--- /dev/null
+++ b/internal/serviceping/mock/mock_gen.go
@@ -0,0 +1,5 @@
+package mock
+
+//go:generate mockgen -package mock -destination queue.mock.go github.com/zitadel/zitadel/internal/serviceping Queue
+//go:generate mockgen -package mock -destination queries.mock.go github.com/zitadel/zitadel/internal/serviceping Queries
+//go:generate mockgen -package mock -destination telemetry.mock.go github.com/zitadel/zitadel/pkg/grpc/analytics/v2beta TelemetryServiceClient
diff --git a/internal/serviceping/mock/queries.mock.go b/internal/serviceping/mock/queries.mock.go
new file mode 100644
index 0000000000..593c4d5ff7
--- /dev/null
+++ b/internal/serviceping/mock/queries.mock.go
@@ -0,0 +1,72 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/zitadel/zitadel/internal/serviceping (interfaces: Queries)
+//
+// Generated by this command:
+//
+//	mockgen -package mock -destination queries.mock.go github.com/zitadel/zitadel/internal/serviceping Queries
+//
+
+// Package mock is a generated GoMock package.
+package mock
+
+import (
+	context "context"
+	reflect "reflect"
+
+	query "github.com/zitadel/zitadel/internal/query"
+	gomock "go.uber.org/mock/gomock"
+)
+
+// MockQueries is a mock of Queries interface.
+type MockQueries struct {
+	ctrl     *gomock.Controller
+	recorder *MockQueriesMockRecorder
+	isgomock struct{}
+}
+
+// MockQueriesMockRecorder is the mock recorder for MockQueries.
+type MockQueriesMockRecorder struct {
+	mock *MockQueries
+}
+
+// NewMockQueries creates a new mock instance.
+func NewMockQueries(ctrl *gomock.Controller) *MockQueries {
+	mock := &MockQueries{ctrl: ctrl}
+	mock.recorder = &MockQueriesMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockQueries) EXPECT() *MockQueriesMockRecorder {
+	return m.recorder
+}
+
+// ListResourceCounts mocks base method.
+func (m *MockQueries) ListResourceCounts(ctx context.Context, lastID, size int) ([]query.ResourceCount, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "ListResourceCounts", ctx, lastID, size)
+	ret0, _ := ret[0].([]query.ResourceCount)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ListResourceCounts indicates an expected call of ListResourceCounts.
+func (mr *MockQueriesMockRecorder) ListResourceCounts(ctx, lastID, size any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListResourceCounts", reflect.TypeOf((*MockQueries)(nil).ListResourceCounts), ctx, lastID, size)
+}
+
+// SearchInstances mocks base method.
+func (m *MockQueries) SearchInstances(ctx context.Context, queries *query.InstanceSearchQueries) (*query.Instances, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "SearchInstances", ctx, queries)
+	ret0, _ := ret[0].(*query.Instances)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// SearchInstances indicates an expected call of SearchInstances.
+func (mr *MockQueriesMockRecorder) SearchInstances(ctx, queries any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchInstances", reflect.TypeOf((*MockQueries)(nil).SearchInstances), ctx, queries)
+}
diff --git a/internal/serviceping/mock/queue.mock.go b/internal/serviceping/mock/queue.mock.go
new file mode 100644
index 0000000000..e984352a8c
--- /dev/null
+++ b/internal/serviceping/mock/queue.mock.go
@@ -0,0 +1,62 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/zitadel/zitadel/internal/serviceping (interfaces: Queue)
+//
+// Generated by this command:
+//
+//	mockgen -package mock -destination queue.mock.go github.com/zitadel/zitadel/internal/serviceping Queue
+//
+
+// Package mock is a generated GoMock package.
+package mock
+
+import (
+	context "context"
+	reflect "reflect"
+
+	river "github.com/riverqueue/river"
+	queue "github.com/zitadel/zitadel/internal/queue"
+	gomock "go.uber.org/mock/gomock"
+)
+
+// MockQueue is a mock of Queue interface.
+type MockQueue struct {
+	ctrl     *gomock.Controller
+	recorder *MockQueueMockRecorder
+	isgomock struct{}
+}
+
+// MockQueueMockRecorder is the mock recorder for MockQueue.
+type MockQueueMockRecorder struct {
+	mock *MockQueue
+}
+
+// NewMockQueue creates a new mock instance.
+func NewMockQueue(ctrl *gomock.Controller) *MockQueue {
+	mock := &MockQueue{ctrl: ctrl}
+	mock.recorder = &MockQueueMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockQueue) EXPECT() *MockQueueMockRecorder {
+	return m.recorder
+}
+
+// Insert mocks base method.
+func (m *MockQueue) Insert(ctx context.Context, args river.JobArgs, opts ...queue.InsertOpt) error {
+	m.ctrl.T.Helper()
+	varargs := []any{ctx, args}
+	for _, a := range opts {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "Insert", varargs...)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// Insert indicates an expected call of Insert.
+func (mr *MockQueueMockRecorder) Insert(ctx, args any, opts ...any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]any{ctx, args}, opts...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Insert", reflect.TypeOf((*MockQueue)(nil).Insert), varargs...)
+}
diff --git a/internal/serviceping/mock/telemetry.mock.go b/internal/serviceping/mock/telemetry.mock.go
new file mode 100644
index 0000000000..536bf34671
--- /dev/null
+++ b/internal/serviceping/mock/telemetry.mock.go
@@ -0,0 +1,83 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/zitadel/zitadel/pkg/grpc/analytics/v2beta (interfaces: TelemetryServiceClient)
+//
+// Generated by this command:
+//
+//	mockgen -package mock -destination telemetry.mock.go github.com/zitadel/zitadel/pkg/grpc/analytics/v2beta TelemetryServiceClient
+//
+
+// Package mock is a generated GoMock package.
+package mock
+
+import (
+	context "context"
+	reflect "reflect"
+
+	analytics "github.com/zitadel/zitadel/pkg/grpc/analytics/v2beta"
+	gomock "go.uber.org/mock/gomock"
+	grpc "google.golang.org/grpc"
+)
+
+// MockTelemetryServiceClient is a mock of TelemetryServiceClient interface.
+type MockTelemetryServiceClient struct {
+	ctrl     *gomock.Controller
+	recorder *MockTelemetryServiceClientMockRecorder
+	isgomock struct{}
+}
+
+// MockTelemetryServiceClientMockRecorder is the mock recorder for MockTelemetryServiceClient.
+type MockTelemetryServiceClientMockRecorder struct {
+	mock *MockTelemetryServiceClient
+}
+
+// NewMockTelemetryServiceClient creates a new mock instance.
+func NewMockTelemetryServiceClient(ctrl *gomock.Controller) *MockTelemetryServiceClient {
+	mock := &MockTelemetryServiceClient{ctrl: ctrl}
+	mock.recorder = &MockTelemetryServiceClientMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockTelemetryServiceClient) EXPECT() *MockTelemetryServiceClientMockRecorder {
+	return m.recorder
+}
+
+// ReportBaseInformation mocks base method.
+func (m *MockTelemetryServiceClient) ReportBaseInformation(ctx context.Context, in *analytics.ReportBaseInformationRequest, opts ...grpc.CallOption) (*analytics.ReportBaseInformationResponse, error) {
+	m.ctrl.T.Helper()
+	varargs := []any{ctx, in}
+	for _, a := range opts {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "ReportBaseInformation", varargs...)
+	ret0, _ := ret[0].(*analytics.ReportBaseInformationResponse)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ReportBaseInformation indicates an expected call of ReportBaseInformation.
+func (mr *MockTelemetryServiceClientMockRecorder) ReportBaseInformation(ctx, in any, opts ...any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]any{ctx, in}, opts...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReportBaseInformation", reflect.TypeOf((*MockTelemetryServiceClient)(nil).ReportBaseInformation), varargs...)
+}
+
+// ReportResourceCounts mocks base method.
+func (m *MockTelemetryServiceClient) ReportResourceCounts(ctx context.Context, in *analytics.ReportResourceCountsRequest, opts ...grpc.CallOption) (*analytics.ReportResourceCountsResponse, error) {
+	m.ctrl.T.Helper()
+	varargs := []any{ctx, in}
+	for _, a := range opts {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "ReportResourceCounts", varargs...)
+	ret0, _ := ret[0].(*analytics.ReportResourceCountsResponse)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ReportResourceCounts indicates an expected call of ReportResourceCounts.
+func (mr *MockTelemetryServiceClientMockRecorder) ReportResourceCounts(ctx, in any, opts ...any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]any{ctx, in}, opts...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReportResourceCounts", reflect.TypeOf((*MockTelemetryServiceClient)(nil).ReportResourceCounts), varargs...)
+}
diff --git a/internal/serviceping/report.go b/internal/serviceping/report.go
new file mode 100644
index 0000000000..d31f6a8f74
--- /dev/null
+++ b/internal/serviceping/report.go
@@ -0,0 +1,17 @@
+package serviceping
+
+type ReportType uint
+
+const (
+	ReportTypeBaseInformation ReportType = iota
+	ReportTypeResourceCounts
+)
+
+type ServicePingReport struct {
+	ReportID   string
+	ReportType ReportType
+}
+
+func (r *ServicePingReport) Kind() string {
+	return "service_ping_report"
+}
diff --git a/internal/serviceping/worker.go b/internal/serviceping/worker.go
new file mode 100644
index 0000000000..0156373170
--- /dev/null
+++ b/internal/serviceping/worker.go
@@ -0,0 +1,252 @@
+package serviceping
+
+import (
+	"context"
+	"errors"
+	"net/http"
+
+	"github.com/muhlemmer/gu"
+	"github.com/riverqueue/river"
+	"github.com/robfig/cron/v3"
+	"github.com/zitadel/logging"
+
+	"github.com/zitadel/zitadel/cmd/build"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/queue"
+	"github.com/zitadel/zitadel/internal/v2/system"
+	analytics "github.com/zitadel/zitadel/pkg/grpc/analytics/v2beta"
+)
+
+const (
+	QueueName = "service_ping_report"
+)
+
+var (
+	ErrInvalidReportType = errors.New("invalid report type")
+
+	_ river.Worker[*ServicePingReport] = (*Worker)(nil)
+)
+
+type Worker struct {
+	river.WorkerDefaults[*ServicePingReport]
+
+	reportClient analytics.TelemetryServiceClient
+	db           Queries
+	queue        Queue
+
+	config   *Config
+	systemID string
+	version  string
+}
+
+type Queries interface {
+	SearchInstances(ctx context.Context, queries *query.InstanceSearchQueries) (*query.Instances, error)
+	ListResourceCounts(ctx context.Context, lastID int, size int) ([]query.ResourceCount, error)
+}
+
+type Queue interface {
+	Insert(ctx context.Context, args river.JobArgs, opts ...queue.InsertOpt) error
+}
+
+// Register implements the [queue.Worker] interface.
+func (w *Worker) Register(workers *river.Workers, queues map[string]river.QueueConfig) {
+	river.AddWorker[*ServicePingReport](workers, w)
+	queues[QueueName] = river.QueueConfig{
+		MaxWorkers: 1, // for now, we only use a single worker to prevent too much side effects on other queues
+	}
+}
+
+// Work implements the [river.Worker] interface.
+func (w *Worker) Work(ctx context.Context, job *river.Job[*ServicePingReport]) (err error) {
+	defer func() {
+		err = w.handleClientError(err)
+	}()
+	switch job.Args.ReportType {
+	case ReportTypeBaseInformation:
+		reportID, err := w.reportBaseInformation(ctx)
+		if err != nil {
+			return err
+		}
+		return w.createReportJobs(ctx, reportID)
+	case ReportTypeResourceCounts:
+		return w.reportResourceCounts(ctx, job.Args.ReportID)
+	default:
+		logging.WithFields("reportType", job.Args.ReportType, "reportID", job.Args.ReportID).
+			Error("unknown job type")
+		return river.JobCancel(ErrInvalidReportType)
+	}
+}
+
+func (w *Worker) reportBaseInformation(ctx context.Context) (string, error) {
+	instances, err := w.db.SearchInstances(ctx, &query.InstanceSearchQueries{})
+	if err != nil {
+		return "", err
+	}
+	instanceInformation := instanceInformationToPb(instances)
+	resp, err := w.reportClient.ReportBaseInformation(ctx, &analytics.ReportBaseInformationRequest{
+		SystemId:  w.systemID,
+		Version:   w.version,
+		Instances: instanceInformation,
+	})
+	if err != nil {
+		return "", err
+	}
+	return resp.GetReportId(), nil
+}
+
+func (w *Worker) reportResourceCounts(ctx context.Context, reportID string) error {
+	lastID := 0
+	// iterate over the resource counts until there are no more counts to report
+	// or the context gets cancelled
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		default:
+			counts, err := w.db.ListResourceCounts(ctx, lastID, w.config.Telemetry.ResourceCount.BulkSize)
+			if err != nil {
+				return err
+			}
+			// if there are no counts, we can stop the loop
+			if len(counts) == 0 {
+				return nil
+			}
+			request := &analytics.ReportResourceCountsRequest{
+				SystemId:       w.systemID,
+				ResourceCounts: resourceCountsToPb(counts),
+			}
+			if reportID != "" {
+				request.ReportId = gu.Ptr(reportID)
+			}
+			resp, err := w.reportClient.ReportResourceCounts(ctx, request)
+			if err != nil {
+				return err
+			}
+			// in case the resource counts returned by the database are less than the bulk size,
+			// we can assume that we have reached the end of the resource counts and can stop the loop
+			if len(counts) < w.config.Telemetry.ResourceCount.BulkSize {
+				return nil
+			}
+			// update the lastID for the next iteration
+			lastID = counts[len(counts)-1].ID
+			// In case we get a report ID back from the server (it could be the first call of the report),
+			// we update it to use it for the next batch.
+			if resp.GetReportId() != "" && resp.GetReportId() != reportID {
+				reportID = resp.GetReportId()
+			}
+		}
+	}
+}
+
+func (w *Worker) handleClientError(err error) error {
+	telemetryError := new(TelemetryError)
+	if !errors.As(err, &telemetryError) {
+		// If the error is not a TelemetryError, we can assume that it is a transient error
+		// and can be retried by the queue.
+		return err
+	}
+	switch telemetryError.StatusCode {
+	case http.StatusBadRequest,
+		http.StatusNotFound,
+		http.StatusNotImplemented,
+		http.StatusConflict,
+		http.StatusPreconditionFailed:
+		// In case of these errors, we can assume that a retry does not make sense,
+		// so we can cancel the job.
+		return river.JobCancel(err)
+	default:
+		// As of now we assume that all other errors are transient and can be retried.
+		// So we just return the error, which will be handled by the queue as a failed attempt.
+		return err
+	}
+}
+
+func (w *Worker) createReportJobs(ctx context.Context, reportID string) error {
+	errs := make([]error, 0)
+	if w.config.Telemetry.ResourceCount.Enabled {
+		err := w.addReportJob(ctx, reportID, ReportTypeResourceCounts)
+		if err != nil {
+			errs = append(errs, err)
+		}
+	}
+	return errors.Join(errs...)
+}
+
+func (w *Worker) addReportJob(ctx context.Context, reportID string, reportType ReportType) error {
+	job := &ServicePingReport{
+		ReportID:   reportID,
+		ReportType: reportType,
+	}
+	return w.queue.Insert(ctx, job,
+		queue.WithQueueName(QueueName),
+		queue.WithMaxAttempts(w.config.MaxAttempts),
+	)
+}
+
+type systemIDReducer struct {
+	id string
+}
+
+func (s *systemIDReducer) Reduce() error {
+	return nil
+}
+
+func (s *systemIDReducer) AppendEvents(events ...eventstore.Event) {
+	for _, event := range events {
+		if idEvent, ok := event.(*system.IDGeneratedEvent); ok {
+			s.id = idEvent.ID
+		}
+	}
+}
+
+func (s *systemIDReducer) Query() *eventstore.SearchQueryBuilder {
+	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
+		AddQuery().
+		AggregateTypes(system.AggregateType).
+		EventTypes(system.IDGeneratedType).
+		Builder()
+}
+
+func Register(
+	ctx context.Context,
+	q *queue.Queue,
+	queries *query.Queries,
+	eventstoreClient *eventstore.Eventstore,
+	config *Config,
+) error {
+	if !config.Enabled {
+		return nil
+	}
+	systemID := new(systemIDReducer)
+	err := eventstoreClient.FilterToQueryReducer(ctx, systemID)
+	if err != nil {
+		return err
+	}
+	q.AddWorkers(&Worker{
+		reportClient: NewClient(config),
+		db:           queries,
+		queue:        q,
+		config:       config,
+		systemID:     systemID.id,
+		version:      build.Version(),
+	})
+	return nil
+}
+
+func Start(config *Config, q *queue.Queue) error {
+	if !config.Enabled {
+		return nil
+	}
+	schedule, err := cron.ParseStandard(config.Interval)
+	if err != nil {
+		return err
+	}
+	q.AddPeriodicJob(
+		schedule,
+		&ServicePingReport{},
+		queue.WithQueueName(QueueName),
+		queue.WithMaxAttempts(config.MaxAttempts),
+	)
+	return nil
+}
diff --git a/internal/serviceping/worker_test.go b/internal/serviceping/worker_test.go
new file mode 100644
index 0000000000..373eee9b6e
--- /dev/null
+++ b/internal/serviceping/worker_test.go
@@ -0,0 +1,1052 @@
+package serviceping
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/muhlemmer/gu"
+	"github.com/riverqueue/river"
+	"github.com/stretchr/testify/assert"
+	"go.uber.org/mock/gomock"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/queue"
+	"github.com/zitadel/zitadel/internal/serviceping/mock"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	analytics "github.com/zitadel/zitadel/pkg/grpc/analytics/v2beta"
+)
+
+var (
+	testNow   = time.Now()
+	errInsert = fmt.Errorf("insert error")
+)
+
+func TestWorker_reportBaseInformation(t *testing.T) {
+	type fields struct {
+		reportClient func(*testing.T) analytics.TelemetryServiceClient
+		db           func(*testing.T) Queries
+		systemID     string
+		version      string
+	}
+	type args struct {
+		ctx context.Context
+	}
+	type want struct {
+		reportID string
+		err      error
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   want
+	}{
+		{
+			name: "database error, error",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					ctrl := gomock.NewController(t)
+					queries := mock.NewMockQueries(ctrl)
+					queries.EXPECT().SearchInstances(gomock.Any(), &query.InstanceSearchQueries{}).Return(
+						nil, zerrors.ThrowInternal(nil, "id", "db error"),
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					return mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+				},
+			},
+			want: want{
+				reportID: "",
+				err:      zerrors.ThrowInternal(nil, "id", "db error"),
+			},
+		},
+		{
+			name: "telemetry client error, error",
+			fields: fields{
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					client := mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+					client.EXPECT().ReportBaseInformation(gomock.Any(), &analytics.ReportBaseInformationRequest{
+						SystemId: "system-id",
+						Version:  "version",
+						Instances: []*analytics.InstanceInformation{
+							{
+								Id:        "id",
+								Domains:   []string{"domain", "domain2"},
+								CreatedAt: timestamppb.New(testNow),
+							},
+						},
+					}).Return(
+						nil, status.Error(codes.Internal, "error"),
+					)
+					return client
+				},
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().SearchInstances(gomock.Any(), &query.InstanceSearchQueries{}).Return(
+						&query.Instances{
+							Instances: []*query.Instance{
+								{
+									ID:           "id",
+									CreationDate: testNow,
+									Domains: []*query.InstanceDomain{
+										{
+											Domain: "domain",
+										},
+										{
+											Domain: "domain2",
+										},
+									},
+								},
+							},
+						},
+						nil,
+					)
+					return queries
+				},
+				systemID: "system-id",
+				version:  "version",
+			},
+			want: want{
+				reportID: "",
+				err:      status.Error(codes.Internal, "error"),
+			},
+		},
+		{
+			name: "report ok, reportID returned",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().SearchInstances(gomock.Any(), &query.InstanceSearchQueries{}).Return(
+						&query.Instances{
+							Instances: []*query.Instance{
+								{
+									ID:           "id",
+									CreationDate: testNow,
+									Domains: []*query.InstanceDomain{
+										{
+											Domain: "domain",
+										},
+										{
+											Domain: "domain2",
+										},
+									},
+								},
+							},
+						},
+						nil,
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					client := mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+					client.EXPECT().ReportBaseInformation(gomock.Any(), &analytics.ReportBaseInformationRequest{
+						SystemId: "system-id",
+						Version:  "version",
+						Instances: []*analytics.InstanceInformation{
+							{
+								Id:        "id",
+								Domains:   []string{"domain", "domain2"},
+								CreatedAt: timestamppb.New(testNow),
+							},
+						},
+					}).Return(
+						&analytics.ReportBaseInformationResponse{ReportId: "report-id"}, nil,
+					)
+					return client
+				},
+				systemID: "system-id",
+				version:  "version",
+			},
+			want: want{
+				reportID: "report-id",
+				err:      nil,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			w := &Worker{
+				reportClient: tt.fields.reportClient(t),
+				db:           tt.fields.db(t),
+				systemID:     tt.fields.systemID,
+				version:      tt.fields.version,
+			}
+			got, err := w.reportBaseInformation(tt.args.ctx)
+			assert.Equal(t, tt.want.reportID, got)
+			assert.ErrorIs(t, err, tt.want.err)
+		})
+	}
+}
+
+func TestWorker_reportResourceCounts(t *testing.T) {
+	type fields struct {
+		reportClient func(*testing.T) analytics.TelemetryServiceClient
+		db           func(*testing.T) Queries
+		config       *Config
+		systemID     string
+	}
+	type args struct {
+		ctx      context.Context
+		reportID string
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		args    args
+		wantErr error
+	}{
+		{
+			name: "database error, error",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().ListResourceCounts(gomock.Any(), 0, 1).Return(
+						nil, zerrors.ThrowInternal(nil, "id", "db error"),
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					return mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+				},
+				config: &Config{
+					Telemetry: TelemetryConfig{
+						ResourceCount: ResourceCount{
+							BulkSize: 1,
+						},
+					},
+				},
+				systemID: "system-id",
+			},
+			args: args{
+				ctx:      context.Background(),
+				reportID: "",
+			},
+			wantErr: zerrors.ThrowInternal(nil, "id", "db error"),
+		},
+		{
+			name: "no resource counts, no error",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().ListResourceCounts(gomock.Any(), 0, 1).Return(
+						[]query.ResourceCount{}, nil,
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					return mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+				},
+				config: &Config{
+					Telemetry: TelemetryConfig{
+						ResourceCount: ResourceCount{
+							BulkSize: 1,
+						},
+					},
+				},
+				systemID: "system-id",
+			},
+			args: args{
+				ctx:      context.Background(),
+				reportID: "",
+			},
+			wantErr: nil,
+		},
+		{
+			name: "telemetry client error, error",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().ListResourceCounts(gomock.Any(), 0, 2).Return(
+						[]query.ResourceCount{
+							{
+								ID:         1,
+								InstanceID: "instance-id",
+								TableName:  "table_name",
+								ParentType: domain.CountParentTypeInstance,
+								ParentID:   "instance-id",
+								Resource:   "resource",
+								UpdatedAt:  testNow,
+								Amount:     10,
+							},
+						}, nil,
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					client := mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+					client.EXPECT().ReportResourceCounts(gomock.Any(), &analytics.ReportResourceCountsRequest{
+						SystemId: "system-id",
+						ReportId: nil,
+						ResourceCounts: []*analytics.ResourceCount{
+							{
+								InstanceId:   "instance-id",
+								TableName:    "table_name",
+								ParentType:   analytics.CountParentType_COUNT_PARENT_TYPE_INSTANCE,
+								ParentId:     "instance-id",
+								ResourceName: "resource",
+								UpdatedAt:    timestamppb.New(testNow),
+								Amount:       10,
+							},
+						},
+					}).Return(
+						nil, status.Error(codes.Internal, "error"),
+					)
+					return client
+				},
+				config: &Config{
+					Telemetry: TelemetryConfig{
+						ResourceCount: ResourceCount{
+							BulkSize: 2,
+						},
+					},
+				},
+				systemID: "system-id",
+			},
+			args: args{
+				ctx:      context.Background(),
+				reportID: "",
+			},
+			wantErr: status.Error(codes.Internal, "error"),
+		},
+		{
+			name: "report ok, no additional counts, no error",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().ListResourceCounts(gomock.Any(), 0, 2).Return(
+						[]query.ResourceCount{
+							{
+								ID:         1,
+								InstanceID: "instance-id",
+								TableName:  "table_name",
+								ParentType: domain.CountParentTypeInstance,
+								ParentID:   "instance-id",
+								Resource:   "resource",
+								UpdatedAt:  testNow,
+								Amount:     10,
+							},
+						}, nil,
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					client := mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+					client.EXPECT().ReportResourceCounts(gomock.Any(), &analytics.ReportResourceCountsRequest{
+						SystemId: "system-id",
+						ReportId: nil,
+						ResourceCounts: []*analytics.ResourceCount{
+							{
+								InstanceId:   "instance-id",
+								TableName:    "table_name",
+								ParentType:   analytics.CountParentType_COUNT_PARENT_TYPE_INSTANCE,
+								ParentId:     "instance-id",
+								ResourceName: "resource",
+								UpdatedAt:    timestamppb.New(testNow),
+								Amount:       10,
+							},
+						},
+					}).Return(
+						&analytics.ReportResourceCountsResponse{
+							ReportId: "report-id",
+						}, nil,
+					)
+					return client
+				},
+				config: &Config{
+					Telemetry: TelemetryConfig{
+						ResourceCount: ResourceCount{
+							BulkSize: 2,
+						},
+					},
+				},
+				systemID: "system-id",
+			},
+			args: args{
+				ctx:      context.Background(),
+				reportID: "",
+			},
+			wantErr: nil,
+		},
+		{
+			name: "report ok, additional counts, no error",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().ListResourceCounts(gomock.Any(), 0, 2).Return(
+						[]query.ResourceCount{
+							{
+								ID:         1,
+								InstanceID: "instance-id",
+								TableName:  "table_name",
+								ParentType: domain.CountParentTypeInstance,
+								ParentID:   "instance-id",
+								Resource:   "resource",
+								UpdatedAt:  testNow,
+								Amount:     10,
+							},
+							{
+								ID:         2,
+								InstanceID: "instance-id2",
+								TableName:  "table_name",
+								ParentType: domain.CountParentTypeInstance,
+								ParentID:   "instance-id2",
+								Resource:   "resource",
+								UpdatedAt:  testNow,
+								Amount:     5,
+							},
+						}, nil,
+					)
+					queries.EXPECT().ListResourceCounts(gomock.Any(), 2, 2).Return(
+						[]query.ResourceCount{
+							{
+								ID:         3,
+								InstanceID: "instance-id3",
+								TableName:  "table_name",
+								ParentType: domain.CountParentTypeInstance,
+								ParentID:   "instance-id3",
+								Resource:   "resource",
+								UpdatedAt:  testNow,
+								Amount:     20,
+							},
+						}, nil,
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					client := mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+					client.EXPECT().ReportResourceCounts(gomock.Any(), &analytics.ReportResourceCountsRequest{
+						SystemId: "system-id",
+						ReportId: nil,
+						ResourceCounts: []*analytics.ResourceCount{
+							{
+								InstanceId:   "instance-id",
+								TableName:    "table_name",
+								ParentType:   analytics.CountParentType_COUNT_PARENT_TYPE_INSTANCE,
+								ParentId:     "instance-id",
+								ResourceName: "resource",
+								UpdatedAt:    timestamppb.New(testNow),
+								Amount:       10,
+							},
+							{
+								InstanceId:   "instance-id2",
+								TableName:    "table_name",
+								ParentType:   analytics.CountParentType_COUNT_PARENT_TYPE_INSTANCE,
+								ParentId:     "instance-id2",
+								ResourceName: "resource",
+								UpdatedAt:    timestamppb.New(testNow),
+								Amount:       5,
+							},
+						},
+					}).Return(
+						&analytics.ReportResourceCountsResponse{
+							ReportId: "report-id",
+						}, nil,
+					)
+					client.EXPECT().ReportResourceCounts(gomock.Any(), &analytics.ReportResourceCountsRequest{
+						SystemId: "system-id",
+						ReportId: gu.Ptr("report-id"),
+						ResourceCounts: []*analytics.ResourceCount{
+							{
+								InstanceId:   "instance-id3",
+								TableName:    "table_name",
+								ParentType:   analytics.CountParentType_COUNT_PARENT_TYPE_INSTANCE,
+								ParentId:     "instance-id3",
+								ResourceName: "resource",
+								UpdatedAt:    timestamppb.New(testNow),
+								Amount:       20,
+							},
+						},
+					}).Return(
+						&analytics.ReportResourceCountsResponse{
+							ReportId: "report-id",
+						}, nil,
+					)
+					return client
+				},
+				config: &Config{
+					Telemetry: TelemetryConfig{
+						ResourceCount: ResourceCount{
+							BulkSize: 2,
+						},
+					},
+				},
+				systemID: "system-id",
+			},
+			args: args{
+				ctx:      context.Background(),
+				reportID: "",
+			},
+			wantErr: nil,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			w := &Worker{
+				reportClient: tt.fields.reportClient(t),
+				db:           tt.fields.db(t),
+				config:       tt.fields.config,
+				systemID:     tt.fields.systemID,
+			}
+			err := w.reportResourceCounts(tt.args.ctx, tt.args.reportID)
+			assert.ErrorIs(t, err, tt.wantErr)
+		})
+	}
+}
+
+func TestWorker_Work(t *testing.T) {
+	type fields struct {
+		WorkerDefaults river.WorkerDefaults[*ServicePingReport]
+		reportClient   func(*testing.T) analytics.TelemetryServiceClient
+		db             func(*testing.T) Queries
+		queue          func(*testing.T) Queue
+		config         *Config
+		systemID       string
+		version        string
+	}
+	type args struct {
+		ctx context.Context
+		job *river.Job[*ServicePingReport]
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		args    args
+		wantErr error
+	}{
+		{
+			name: "unknown report type, cancel job",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					return mock.NewMockQueries(gomock.NewController(t))
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					return mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+				},
+				queue: func(t *testing.T) Queue {
+					return mock.NewMockQueue(gomock.NewController(t))
+				},
+			},
+			args: args{
+				ctx: context.Background(),
+				job: &river.Job[*ServicePingReport]{
+					Args: &ServicePingReport{
+						ReportType: 100000,
+					},
+				},
+			},
+			wantErr: river.JobCancel(ErrInvalidReportType),
+		},
+		{
+			name: "report base information, database error, retry job",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().SearchInstances(gomock.Any(), &query.InstanceSearchQueries{}).Return(
+						nil, zerrors.ThrowInternal(nil, "id", "db error"),
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					return mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+				},
+				queue: func(t *testing.T) Queue {
+					return mock.NewMockQueue(gomock.NewController(t))
+				},
+			},
+			args: args{
+				ctx: context.Background(),
+				job: &river.Job[*ServicePingReport]{
+					Args: &ServicePingReport{
+						ReportType: ReportTypeBaseInformation,
+					},
+				},
+			},
+			wantErr: zerrors.ThrowInternal(nil, "id", "db error"),
+		},
+		{
+			name: "report base information, config error, cancel job",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().SearchInstances(gomock.Any(), &query.InstanceSearchQueries{}).Return(
+						&query.Instances{
+							Instances: []*query.Instance{
+								{
+									ID:           "id",
+									CreationDate: testNow,
+									Domains: []*query.InstanceDomain{
+										{
+											Domain: "domain",
+										},
+									},
+								},
+							},
+						}, nil,
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					client := mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+					client.EXPECT().ReportBaseInformation(gomock.Any(), &analytics.ReportBaseInformationRequest{
+						SystemId: "system-id",
+						Version:  "version",
+						Instances: []*analytics.InstanceInformation{
+							{
+								Id:        "id",
+								Domains:   []string{"domain"},
+								CreatedAt: timestamppb.New(testNow),
+							},
+						},
+					}).Return(
+						nil, &TelemetryError{StatusCode: http.StatusNotFound, Body: []byte("endpoint not found")},
+					)
+					return client
+				},
+				queue: func(t *testing.T) Queue {
+					return mock.NewMockQueue(gomock.NewController(t))
+				},
+				systemID: "system-id",
+				version:  "version",
+			},
+			args: args{
+				ctx: context.Background(),
+				job: &river.Job[*ServicePingReport]{
+					Args: &ServicePingReport{
+						ReportType: ReportTypeBaseInformation,
+					},
+				},
+			},
+			wantErr: river.JobCancel(&TelemetryError{StatusCode: http.StatusNotFound, Body: []byte("endpoint not found")}),
+		},
+		{
+			name: "report base information, no reports enabled, no error",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().SearchInstances(gomock.Any(), &query.InstanceSearchQueries{}).Return(
+						&query.Instances{
+							Instances: []*query.Instance{
+								{
+									ID:           "id",
+									CreationDate: testNow,
+									Domains: []*query.InstanceDomain{
+										{
+											Domain: "domain",
+										},
+									},
+								},
+							},
+						}, nil,
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					client := mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+					client.EXPECT().ReportBaseInformation(gomock.Any(), &analytics.ReportBaseInformationRequest{
+						SystemId: "system-id",
+						Version:  "version",
+						Instances: []*analytics.InstanceInformation{
+							{
+								Id:        "id",
+								Domains:   []string{"domain"},
+								CreatedAt: timestamppb.New(testNow),
+							},
+						},
+					}).Return(
+						&analytics.ReportBaseInformationResponse{
+							ReportId: "report-id",
+						}, nil,
+					)
+					return client
+				},
+				queue: func(t *testing.T) Queue {
+					return mock.NewMockQueue(gomock.NewController(t))
+				},
+				config: &Config{
+					Telemetry: TelemetryConfig{
+						ResourceCount: ResourceCount{
+							Enabled: false,
+						},
+					},
+				},
+				systemID: "system-id",
+				version:  "version",
+			},
+			args: args{
+				ctx: context.Background(),
+				job: &river.Job[*ServicePingReport]{
+					Args: &ServicePingReport{
+						ReportType: ReportTypeBaseInformation,
+					},
+				},
+			},
+		},
+		{
+			name: "report base information, job creation error, cancel job",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().SearchInstances(gomock.Any(), &query.InstanceSearchQueries{}).Return(
+						&query.Instances{
+							Instances: []*query.Instance{
+								{
+									ID:           "id",
+									CreationDate: testNow,
+									Domains: []*query.InstanceDomain{
+										{
+											Domain: "domain",
+										},
+									},
+								},
+							},
+						}, nil,
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					client := mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+					client.EXPECT().ReportBaseInformation(gomock.Any(), &analytics.ReportBaseInformationRequest{
+						SystemId: "system-id",
+						Version:  "version",
+						Instances: []*analytics.InstanceInformation{
+							{
+								Id:        "id",
+								Domains:   []string{"domain"},
+								CreatedAt: timestamppb.New(testNow),
+							},
+						},
+					}).Return(
+						&analytics.ReportBaseInformationResponse{
+							ReportId: "report-id",
+						}, nil,
+					)
+					return client
+				},
+				queue: func(t *testing.T) Queue {
+					q := mock.NewMockQueue(gomock.NewController(t))
+					q.EXPECT().Insert(gomock.Any(),
+						&ServicePingReport{
+							ReportID:   "report-id",
+							ReportType: ReportTypeResourceCounts,
+						},
+						gomock.AssignableToTypeOf(reflect.TypeOf(queue.WithQueueName(QueueName))),
+						gomock.AssignableToTypeOf(reflect.TypeOf(queue.WithMaxAttempts(5)))). // TODO: better solution
+						Return(errInsert)
+					return q
+				},
+				config: &Config{
+					MaxAttempts: 5,
+					Telemetry: TelemetryConfig{
+						ResourceCount: ResourceCount{
+							Enabled: true,
+						},
+					},
+				},
+				systemID: "system-id",
+				version:  "version",
+			},
+			args: args{
+				ctx: context.Background(),
+				job: &river.Job[*ServicePingReport]{
+					Args: &ServicePingReport{
+						ReportType: ReportTypeBaseInformation,
+					},
+				},
+			},
+			wantErr: errInsert,
+		},
+		{
+			name: "report base information, success, no error",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().SearchInstances(gomock.Any(), &query.InstanceSearchQueries{}).Return(
+						&query.Instances{
+							Instances: []*query.Instance{
+								{
+									ID:           "id",
+									CreationDate: testNow,
+									Domains: []*query.InstanceDomain{
+										{
+											Domain: "domain",
+										},
+									},
+								},
+							},
+						}, nil,
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					client := mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+					client.EXPECT().ReportBaseInformation(gomock.Any(), &analytics.ReportBaseInformationRequest{
+						SystemId: "system-id",
+						Version:  "version",
+						Instances: []*analytics.InstanceInformation{
+							{
+								Id:        "id",
+								Domains:   []string{"domain"},
+								CreatedAt: timestamppb.New(testNow),
+							},
+						},
+					}).Return(
+						&analytics.ReportBaseInformationResponse{
+							ReportId: "report-id",
+						}, nil,
+					)
+					return client
+				},
+				queue: func(t *testing.T) Queue {
+					q := mock.NewMockQueue(gomock.NewController(t))
+					q.EXPECT().Insert(gomock.Any(),
+						&ServicePingReport{
+							ReportID:   "report-id",
+							ReportType: ReportTypeResourceCounts,
+						},
+						gomock.AssignableToTypeOf(reflect.TypeOf(queue.WithQueueName(QueueName))),
+						gomock.AssignableToTypeOf(reflect.TypeOf(queue.WithMaxAttempts(5)))).
+						Return(nil)
+					return q
+				},
+				config: &Config{
+					MaxAttempts: 5,
+					Telemetry: TelemetryConfig{
+						ResourceCount: ResourceCount{
+							Enabled: true,
+						},
+					},
+				},
+				systemID: "system-id",
+				version:  "version",
+			},
+			args: args{
+				ctx: context.Background(),
+				job: &river.Job[*ServicePingReport]{
+					Args: &ServicePingReport{
+						ReportType: ReportTypeBaseInformation,
+					},
+				},
+			},
+		},
+		{
+			name: "report resource counts, service unavailable, retry job",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().ListResourceCounts(gomock.Any(), 0, 2).Return(
+						[]query.ResourceCount{
+							{
+								ID:         1,
+								InstanceID: "instance-id",
+								TableName:  "table_name",
+								ParentType: domain.CountParentTypeInstance,
+								ParentID:   "instance-id",
+								Resource:   "resource",
+								UpdatedAt:  testNow,
+								Amount:     10,
+							},
+						}, nil,
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					client := mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+					client.EXPECT().ReportResourceCounts(gomock.Any(), &analytics.ReportResourceCountsRequest{
+						SystemId: "system-id",
+						ReportId: gu.Ptr("report-id"),
+						ResourceCounts: []*analytics.ResourceCount{
+							{
+								InstanceId:   "instance-id",
+								TableName:    "table_name",
+								ParentType:   analytics.CountParentType_COUNT_PARENT_TYPE_INSTANCE,
+								ParentId:     "instance-id",
+								ResourceName: "resource",
+								UpdatedAt:    timestamppb.New(testNow),
+								Amount:       10,
+							},
+						},
+					}).Return(
+						nil, status.Error(codes.Unavailable, "service unavailable"),
+					)
+					return client
+				},
+				queue: func(t *testing.T) Queue {
+					return mock.NewMockQueue(gomock.NewController(t))
+				},
+				config: &Config{
+					Telemetry: TelemetryConfig{
+						ResourceCount: ResourceCount{
+							BulkSize: 2,
+						},
+					},
+				},
+				systemID: "system-id",
+			},
+			args: args{
+				ctx: context.Background(),
+				job: &river.Job[*ServicePingReport]{
+					Args: &ServicePingReport{
+						ReportType: ReportTypeResourceCounts,
+						ReportID:   "report-id",
+					},
+				},
+			},
+			wantErr: status.Error(codes.Unavailable, "service unavailable"),
+		},
+		{
+			name: "report resource counts, precondition error, cancel job",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().ListResourceCounts(gomock.Any(), 0, 2).Return(
+						[]query.ResourceCount{
+							{
+								ID:         1,
+								InstanceID: "instance-id",
+								TableName:  "table_name",
+								ParentType: domain.CountParentTypeInstance,
+								ParentID:   "instance-id",
+								Resource:   "resource",
+								UpdatedAt:  testNow,
+								Amount:     10,
+							},
+						}, nil,
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					client := mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+					client.EXPECT().ReportResourceCounts(gomock.Any(), &analytics.ReportResourceCountsRequest{
+						SystemId: "system-id",
+						ReportId: gu.Ptr("report-id"),
+						ResourceCounts: []*analytics.ResourceCount{
+							{
+								InstanceId:   "instance-id",
+								TableName:    "table_name",
+								ParentType:   analytics.CountParentType_COUNT_PARENT_TYPE_INSTANCE,
+								ParentId:     "instance-id",
+								ResourceName: "resource",
+								UpdatedAt:    timestamppb.New(testNow),
+								Amount:       10,
+							},
+						},
+					}).Return(
+						nil, &TelemetryError{StatusCode: http.StatusPreconditionFailed, Body: []byte("report too old")},
+					)
+					return client
+				},
+				queue: func(t *testing.T) Queue {
+					return mock.NewMockQueue(gomock.NewController(t))
+				},
+				config: &Config{
+					Telemetry: TelemetryConfig{
+						ResourceCount: ResourceCount{
+							BulkSize: 2,
+						},
+					},
+				},
+				systemID: "system-id",
+			},
+			args: args{
+				ctx: context.Background(),
+				job: &river.Job[*ServicePingReport]{
+					Args: &ServicePingReport{
+						ReportID:   "report-id",
+						ReportType: ReportTypeResourceCounts,
+					},
+				},
+			},
+			wantErr: river.JobCancel(&TelemetryError{StatusCode: http.StatusPreconditionFailed, Body: []byte("report too old")}),
+		},
+		{
+			name: "report resource counts, success, no error",
+			fields: fields{
+				db: func(t *testing.T) Queries {
+					queries := mock.NewMockQueries(gomock.NewController(t))
+					queries.EXPECT().ListResourceCounts(gomock.Any(), 0, 2).Return(
+						[]query.ResourceCount{
+							{
+								ID:         1,
+								InstanceID: "instance-id",
+								TableName:  "table_name",
+								ParentType: domain.CountParentTypeInstance,
+								ParentID:   "instance-id",
+								Resource:   "resource",
+								UpdatedAt:  testNow,
+								Amount:     10,
+							},
+						}, nil,
+					)
+					return queries
+				},
+				reportClient: func(t *testing.T) analytics.TelemetryServiceClient {
+					client := mock.NewMockTelemetryServiceClient(gomock.NewController(t))
+					client.EXPECT().ReportResourceCounts(gomock.Any(), &analytics.ReportResourceCountsRequest{
+						SystemId: "system-id",
+						ReportId: gu.Ptr("report-id"),
+						ResourceCounts: []*analytics.ResourceCount{
+							{
+								InstanceId:   "instance-id",
+								TableName:    "table_name",
+								ParentType:   analytics.CountParentType_COUNT_PARENT_TYPE_INSTANCE,
+								ParentId:     "instance-id",
+								ResourceName: "resource",
+								UpdatedAt:    timestamppb.New(testNow),
+								Amount:       10,
+							},
+						},
+					}).Return(
+						&analytics.ReportResourceCountsResponse{
+							ReportId: "report-id",
+						}, nil,
+					)
+					return client
+				},
+				queue: func(t *testing.T) Queue {
+					return mock.NewMockQueue(gomock.NewController(t))
+				},
+				config: &Config{
+					Telemetry: TelemetryConfig{
+						ResourceCount: ResourceCount{
+							BulkSize: 2,
+						},
+					},
+				},
+				systemID: "system-id",
+			},
+			args: args{
+				ctx: context.Background(),
+				job: &river.Job[*ServicePingReport]{
+					Args: &ServicePingReport{
+						ReportID:   "report-id",
+						ReportType: ReportTypeResourceCounts,
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			w := &Worker{
+				WorkerDefaults: river.WorkerDefaults[*ServicePingReport]{},
+				reportClient:   tt.fields.reportClient(t),
+				db:             tt.fields.db(t),
+				queue:          tt.fields.queue(t),
+				config:         tt.fields.config,
+				systemID:       tt.fields.systemID,
+				version:        tt.fields.version,
+			}
+			err := w.Work(tt.args.ctx, tt.args.job)
+			assert.ErrorIs(t, err, tt.wantErr)
+		})
+	}
+}
diff --git a/internal/v2/system/event.go b/internal/v2/system/event.go
new file mode 100644
index 0000000000..313c0fb293
--- /dev/null
+++ b/internal/v2/system/event.go
@@ -0,0 +1,44 @@
+package system
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+)
+
+func init() {
+	eventstore.RegisterFilterEventMapper(AggregateType, IDGeneratedType, eventstore.GenericEventMapper[IDGeneratedEvent])
+}
+
+const IDGeneratedType = AggregateType + ".id.generated"
+
+type IDGeneratedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ID string `json:"id"`
+}
+
+func (e *IDGeneratedEvent) SetBaseEvent(b *eventstore.BaseEvent) {
+	e.BaseEvent = *b
+}
+
+func (e *IDGeneratedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *IDGeneratedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewIDGeneratedEvent(
+	ctx context.Context,
+	id string,
+) *IDGeneratedEvent {
+	return &IDGeneratedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			eventstore.NewAggregate(ctx, AggregateOwner, AggregateType, "v1"),
+			IDGeneratedType),
+		ID: id,
+	}
+}

From 8c39779533d5c8ee6d6a34d6d70686ac7853d8ca Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Jul 2025 12:32:16 +0000
Subject: [PATCH 118/123] chore(deps): bump github.com/go-chi/chi/v5 from 5.2.1
 to 5.2.2 in /login/apps/login-test-acceptance/idp/oidc in the go_modules
 group across 1 directory (#10152)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps the go_modules group with 1 update in the
/login/apps/login-test-acceptance/idp/oidc directory:
[github.com/go-chi/chi/v5](https://github.com/go-chi/chi).

Updates `github.com/go-chi/chi/v5` from 5.2.1 to 5.2.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-chi/chi/releases">github.com/go-chi/chi/v5's
releases</a>.</em></p>
<blockquote>
<h2>v5.2.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Use strings.Cut in a few places by <a
href="https://github.com/JRaspass"><code>@​JRaspass</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/971">go-chi/chi#971</a></li>
<li>Fix non-constant format strings in t.Fatalf by <a
href="https://github.com/JRaspass"><code>@​JRaspass</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/972">go-chi/chi#972</a></li>
<li>Apply fieldalignment fixes to optimize struct memory layout by <a
href="https://github.com/pixel365"><code>@​pixel365</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/974">go-chi/chi#974</a></li>
<li>go 1.24 by <a
href="https://github.com/pkieltyka"><code>@​pkieltyka</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/977">go-chi/chi#977</a></li>
<li>chore: delint ioutil usage by <a
href="https://github.com/costela"><code>@​costela</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/962">go-chi/chi#962</a></li>
<li>Fixed typo in Router interface definition by <a
href="https://github.com/mithileshgupta12"><code>@​mithileshgupta12</code></a>
in <a
href="https://redirect.github.com/go-chi/chi/pull/958">go-chi/chi#958</a></li>
<li>Add support for TinyGo by <a
href="https://github.com/efraimbart"><code>@​efraimbart</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/978">go-chi/chi#978</a></li>
<li>Exclude middleware/profiler.go in TinyGo, as there's no
net/http/pprof pkg by <a
href="https://github.com/cxjava"><code>@​cxjava</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/982">go-chi/chi#982</a></li>
<li>Make use of strings.Cut by <a
href="https://github.com/scop"><code>@​scop</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/1005">go-chi/chi#1005</a></li>
<li>Change install command format to code block by <a
href="https://github.com/sglkc"><code>@​sglkc</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/1001">go-chi/chi#1001</a></li>
<li>Correct documentation by <a
href="https://github.com/mrdomino"><code>@​mrdomino</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/992">go-chi/chi#992</a></li>
</ul>
<h2>Security fix</h2>
<ul>
<li>Fixes <a
href="https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93">GHSA-vrw8-fxc6-2r93</a>
- &quot;Host Header Injection Leads to Open Redirect in
RedirectSlashes&quot; <a
href="https://github.com/go-chi/chi/commit/1be7ad938cc9c5b39a9dea01a5c518848928ab65">commit</a>
<ul>
<li>a lower-severity Open Redirect that can't be exploited in browser or
email client, as it requires manipulation of a Host header</li>
<li>reported by Anuraag Baishya, <a
href="https://github.com/anuraagbaishya"><code>@​anuraagbaishya</code></a>.
Thank you!</li>
</ul>
</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/pixel365"><code>@​pixel365</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/974">go-chi/chi#974</a></li>
<li><a
href="https://github.com/mithileshgupta12"><code>@​mithileshgupta12</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/958">go-chi/chi#958</a></li>
<li><a
href="https://github.com/efraimbart"><code>@​efraimbart</code></a> made
their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/978">go-chi/chi#978</a></li>
<li><a href="https://github.com/cxjava"><code>@​cxjava</code></a> made
their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/982">go-chi/chi#982</a></li>
<li><a href="https://github.com/sglkc"><code>@​sglkc</code></a> made
their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/1001">go-chi/chi#1001</a></li>
<li><a href="https://github.com/mrdomino"><code>@​mrdomino</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/992">go-chi/chi#992</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2">https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-chi/chi/commit/23c395f8524a30334126ca16fb4d37b88745b9b9"><code>23c395f</code></a>
Correct documentation (<a
href="https://redirect.github.com/go-chi/chi/issues/992">#992</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/5516d147c14a2b03824be7076fc6200bed906901"><code>5516d14</code></a>
docs: change install code to code block (<a
href="https://redirect.github.com/go-chi/chi/issues/1001">#1001</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/e235052c10146fb724439442fc9d9a23e19fe931"><code>e235052</code></a>
Make use of strings.Cut (<a
href="https://redirect.github.com/go-chi/chi/issues/1005">#1005</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/1be7ad938cc9c5b39a9dea01a5c518848928ab65"><code>1be7ad9</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/go-chi/chi/commit/d7034fdfdaefd10f1bc1a7b813bc979f2eda3a36"><code>d7034fd</code></a>
Exclude profiler when use tinygo (<a
href="https://redirect.github.com/go-chi/chi/issues/982">#982</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/d04703412f631922c8dd1527c6500627174828c1"><code>d047034</code></a>
support tinygo (<a
href="https://redirect.github.com/go-chi/chi/issues/978">#978</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/fe2c065bc046056aecfa141022509a1e25bdd04b"><code>fe2c065</code></a>
Fixed the typo (<a
href="https://redirect.github.com/go-chi/chi/issues/958">#958</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/1aae5b2d2dc8f9e8ea1f68a7462693aaaa5f368c"><code>1aae5b2</code></a>
chore: delint ioutil usage (<a
href="https://redirect.github.com/go-chi/chi/issues/962">#962</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/c6225e35a4880a9a884c135b5f847a74e1e3a01e"><code>c6225e3</code></a>
go 1.24 (<a
href="https://redirect.github.com/go-chi/chi/issues/977">#977</a>)</li>
<li><a
href="https://github.com/go-chi/chi/commit/e846b8304c769c4f1a51c9de06bebfaa4576bd88"><code>e846b83</code></a>
Apply fieldalignment fixes to optimize struct memory layout (<a
href="https://redirect.github.com/go-chi/chi/issues/974">#974</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5&package-manager=go_modules&previous-version=5.2.1&new-version=5.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/zitadel/zitadel/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 login/apps/login-test-acceptance/idp/oidc/go.mod | 2 +-
 login/apps/login-test-acceptance/idp/oidc/go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/login/apps/login-test-acceptance/idp/oidc/go.mod b/login/apps/login-test-acceptance/idp/oidc/go.mod
index 84dae766c8..bc43390218 100644
--- a/login/apps/login-test-acceptance/idp/oidc/go.mod
+++ b/login/apps/login-test-acceptance/idp/oidc/go.mod
@@ -6,7 +6,7 @@ require github.com/zitadel/oidc/v3 v3.37.0
 
 require (
 	github.com/bmatcuk/doublestar/v4 v4.8.1 // indirect
-	github.com/go-chi/chi/v5 v5.2.1 // indirect
+	github.com/go-chi/chi/v5 v5.2.2 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
diff --git a/login/apps/login-test-acceptance/idp/oidc/go.sum b/login/apps/login-test-acceptance/idp/oidc/go.sum
index 42d80d8683..23fd2b3384 100644
--- a/login/apps/login-test-acceptance/idp/oidc/go.sum
+++ b/login/apps/login-test-acceptance/idp/oidc/go.sum
@@ -3,8 +3,8 @@ github.com/bmatcuk/doublestar/v4 v4.8.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTS
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
-github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-chi/chi/v5 v5.2.2 h1:CMwsvRVTbXVytCk1Wd72Zy1LAsAh9GxMmSNWLHCG618=
+github.com/go-chi/chi/v5 v5.2.2/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
 github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
 github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=

From 47f0486ee8ec868b742a3ba05721413d95bae21c Mon Sep 17 00:00:00 2001
From: Max Peintner <max@caos.ch>
Date: Thu, 3 Jul 2025 10:07:34 +0200
Subject: [PATCH 119/123] fix(login): email or phone query, session context
 from loginname (#10158)

This PR fixes an issue where the orQuery for phone and email was not
correctly set.
---
 .../login/src/app/(login)/loginname/page.tsx  |  2 +-
 login/apps/login/src/lib/server/loginname.ts  | 58 +++++++++++--------
 login/apps/login/src/lib/session.ts           |  1 -
 login/apps/login/src/lib/zitadel.ts           | 10 ++--
 4 files changed, 41 insertions(+), 30 deletions(-)

diff --git a/login/apps/login/src/app/(login)/loginname/page.tsx b/login/apps/login/src/app/(login)/loginname/page.tsx
index 6d8f209572..f15f440930 100644
--- a/login/apps/login/src/app/(login)/loginname/page.tsx
+++ b/login/apps/login/src/app/(login)/loginname/page.tsx
@@ -61,7 +61,7 @@ export default async function Page(props: {
   return (
     <DynamicTheme branding={branding}>
       <div className="flex flex-col items-center space-y-4">
-        <h1 data-i18n-key="error.tryagain">
+        <h1>
           <Translated i18nKey="title" namespace="loginname" />
         </h1>
         <p className="ztdl-p">
diff --git a/login/apps/login/src/lib/server/loginname.ts b/login/apps/login/src/lib/server/loginname.ts
index 68cb345c06..dee740bf4f 100644
--- a/login/apps/login/src/lib/server/loginname.ts
+++ b/login/apps/login/src/lib/server/loginname.ts
@@ -291,23 +291,25 @@ export async function sendLoginname(command: SendLoginnameCommand) {
             };
           }
 
-          const paramsPassword: any = {
+          const paramsPassword = new URLSearchParams({
             loginName: session.factors?.user?.loginName,
-          };
+          });
 
           // TODO: does this have to be checked in loginSettings.allowDomainDiscovery
 
           if (command.organization || session.factors?.user?.organizationId) {
-            paramsPassword.organization =
-              command.organization ?? session.factors?.user?.organizationId;
+            paramsPassword.append(
+              "organization",
+              command.organization ?? session.factors?.user?.organizationId,
+            );
           }
 
           if (command.requestId) {
-            paramsPassword.requestId = command.requestId;
+            paramsPassword.append("requestId", command.requestId);
           }
 
           return {
-            redirect: "/password?" + new URLSearchParams(paramsPassword),
+            redirect: "/password?" + paramsPassword,
           };
 
         case AuthenticationMethodType.PASSKEY: // AuthenticationMethodType.AUTHENTICATION_METHOD_TYPE_PASSKEY
@@ -318,36 +320,42 @@ export async function sendLoginname(command: SendLoginnameCommand) {
             };
           }
 
-          const paramsPasskey: any = { loginName: command.loginName };
+          const paramsPasskey = new URLSearchParams({
+            loginName: session.factors?.user?.loginName,
+          });
           if (command.requestId) {
-            paramsPasskey.requestId = command.requestId;
+            paramsPasskey.append("requestId", command.requestId);
           }
 
           if (command.organization || session.factors?.user?.organizationId) {
-            paramsPasskey.organization =
-              command.organization ?? session.factors?.user?.organizationId;
+            paramsPasskey.append(
+              "organization",
+              command.organization ?? session.factors?.user?.organizationId,
+            );
           }
 
-          return { redirect: "/passkey?" + new URLSearchParams(paramsPasskey) };
+          return { redirect: "/passkey?" + paramsPasskey };
       }
     } else {
       // prefer passkey in favor of other methods
       if (methods.authMethodTypes.includes(AuthenticationMethodType.PASSKEY)) {
-        const passkeyParams: any = {
-          loginName: command.loginName,
+        const passkeyParams = new URLSearchParams({
+          loginName: session.factors?.user?.loginName,
           altPassword: `${methods.authMethodTypes.includes(1)}`, // show alternative password option
-        };
+        });
 
         if (command.requestId) {
-          passkeyParams.requestId = command.requestId;
+          passkeyParams.append("requestId", command.requestId);
         }
 
         if (command.organization || session.factors?.user?.organizationId) {
-          passkeyParams.organization =
-            command.organization ?? session.factors?.user?.organizationId;
+          passkeyParams.append(
+            "organization",
+            command.organization ?? session.factors?.user?.organizationId,
+          );
         }
 
-        return { redirect: "/passkey?" + new URLSearchParams(passkeyParams) };
+        return { redirect: "/passkey?" + passkeyParams };
       } else if (
         methods.authMethodTypes.includes(AuthenticationMethodType.IDP)
       ) {
@@ -356,19 +364,23 @@ export async function sendLoginname(command: SendLoginnameCommand) {
         methods.authMethodTypes.includes(AuthenticationMethodType.PASSWORD)
       ) {
         // user has no passkey setup and login settings allow passkeys
-        const paramsPasswordDefault: any = { loginName: command.loginName };
+        const paramsPasswordDefault = new URLSearchParams({
+          loginName: session.factors?.user?.loginName,
+        });
 
         if (command.requestId) {
-          paramsPasswordDefault.requestId = command.requestId;
+          paramsPasswordDefault.append("requestId", command.requestId);
         }
 
         if (command.organization || session.factors?.user?.organizationId) {
-          paramsPasswordDefault.organization =
-            command.organization ?? session.factors?.user?.organizationId;
+          paramsPasswordDefault.append(
+            "organization",
+            command.organization ?? session.factors?.user?.organizationId,
+          );
         }
 
         return {
-          redirect: "/password?" + new URLSearchParams(paramsPasswordDefault),
+          redirect: "/password?" + paramsPasswordDefault,
         };
       }
     }
diff --git a/login/apps/login/src/lib/session.ts b/login/apps/login/src/lib/session.ts
index 9698c4c4ba..8c2548b8fb 100644
--- a/login/apps/login/src/lib/session.ts
+++ b/login/apps/login/src/lib/session.ts
@@ -13,7 +13,6 @@ import {
 
 type LoadMostRecentSessionParams = {
   serviceUrl: string;
-
   sessionParams: {
     loginName?: string;
     organization?: string;
diff --git a/login/apps/login/src/lib/zitadel.ts b/login/apps/login/src/lib/zitadel.ts
index 483d4e4ac9..442c2be85c 100644
--- a/login/apps/login/src/lib/zitadel.ts
+++ b/login/apps/login/src/lib/zitadel.ts
@@ -854,15 +854,15 @@ export async function searchUsers({
     const emailQuery = EmailQuery(searchValue);
     emailAndPhoneQueries.push(emailQuery);
   } else {
-    const emailAndPhoneOrQueries: SearchQuery[] = [];
+    const orQuery: SearchQuery[] = [];
 
     const emailQuery = EmailQuery(searchValue);
-    emailAndPhoneOrQueries.push(emailQuery);
+    orQuery.push(emailQuery);
 
     let phoneQuery;
     if (searchValue.length <= 20) {
       phoneQuery = PhoneQuery(searchValue);
-      emailAndPhoneOrQueries.push(phoneQuery);
+      orQuery.push(phoneQuery);
     }
 
     emailAndPhoneQueries.push(
@@ -870,7 +870,7 @@ export async function searchUsers({
         query: {
           case: "orQuery",
           value: {
-            queries: emailAndPhoneOrQueries,
+            queries: orQuery,
           },
         },
       }),
@@ -903,7 +903,7 @@ export async function searchUsers({
   }
 
   if (emailOrPhoneResult.result.length == 1) {
-    return loginNameResult;
+    return emailOrPhoneResult;
   }
 
   return { error: "User not found in the system" };

From 12656235e2ecfd44669abf7b64808f24c14f9b3e Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Thu, 3 Jul 2025 13:10:10 +0200
Subject: [PATCH 120/123] chore: fix login image with sha release (#10157)

# Which Problems Are Solved

Fixes the releasing of multi-architecture login images.

# How the Problems Are Solved

- The login-container workflow extends the bake definition with a file
docker-bake-release.hcl wich adds the platforms linux/arm and linux/amd
to all relevant build targets. The used technique is similar to how the
docker metadata action allows to extend the bake definitions.
- The local login tag is moved to the metadata bake target, which is
always inherited and overwritten in the pipeline
- Packages write permission is added

# Additional Changes

- The MIT license is noted in container labels and annotations
- The Image is built from root so that the local proto files are used

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/build.yml                   |  8 ++---
 .github/workflows/login-container.yml         | 11 +++++--
 login/Makefile                                |  2 +-
 .../docker-compose-ci.yaml                    |  2 +-
 login/docker-bake-release.hcl                 |  3 ++
 login/docker-bake.hcl                         | 30 ++++++++++++++-----
 6 files changed, 40 insertions(+), 16 deletions(-)
 create mode 100644 login/docker-bake-release.hcl

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 47aa4adef0..81f3104065 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -86,7 +86,7 @@ jobs:
       actions: write
       id-token: write
     with:
-      ignore-run-cache:  ${{ github.event_name == 'workflow_dispatch' }}
+      ignore-run-cache:  ${{ github.event_name == 'workflow_dispatch' || fromJSON(github.run_attempt) > 1 }}
       node_version: "20"
 
   container:
@@ -106,7 +106,7 @@ jobs:
       packages: write
       id-token: write
     with:
-      login_build_image_name: "ghcr.io/zitadel/login-build"
+      login_build_image_name: "ghcr.io/zitadel/zitadel-login-build"
       node_version: "20"
 
   e2e:
@@ -133,5 +133,5 @@ jobs:
       image_name: "ghcr.io/zitadel/zitadel"
       google_image_name: "europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel"
       build_image_name_login: ${{ needs.login-container.outputs.login_build_image }}
-      image_name_login: "ghcr.io/zitadel/login"
-      google_image_name_login: europe-docker.pkg.dev/zitadel-common/zitadel-repo/login
+      image_name_login: "ghcr.io/zitadel/zitadel-login"
+      google_image_name_login: "europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel-login"
diff --git a/.github/workflows/login-container.yml b/.github/workflows/login-container.yml
index bce15512af..5cc841bff4 100644
--- a/.github/workflows/login-container.yml
+++ b/.github/workflows/login-container.yml
@@ -22,6 +22,7 @@ env:
   default_labels: |
     org.opencontainers.image.documentation=https://zitadel.com/docs
     org.opencontainers.image.vendor=CAOS AG
+    org.opencontainers.image.licenses=MIT
 
 jobs:
   login-container:
@@ -29,6 +30,7 @@ jobs:
     runs-on: depot-ubuntu-22.04-8
     permissions:
       id-token: write
+      packages: write
     steps:
       - uses: actions/checkout@v4
       - uses: depot/setup-action@v1
@@ -40,6 +42,8 @@ jobs:
         with:
           images: ${{ inputs.login_build_image_name }}
           labels: ${{ env.default_labels}}
+          annotations: |
+            manifest:org.opencontainers.image.licenses=MIT
           tags: |
             type=sha,prefix=,suffix=,format=long
       - name: Login to Docker registry
@@ -53,11 +57,14 @@ jobs:
         env:
           NODE_VERSION: ${{ inputs.node_version }}
         with:
-          workdir: login
           push: true
+          provenance: true
+          sbom: true
           targets: login-standalone
-          set: login-standalone.platforms=[linux/amd64,linux/arm64]
+          set: login-*.context=./login/
           project: w47wkxzdtw
           files: |
+            ./login/docker-bake.hcl
+            ./login/docker-bake-release.hcl
             ./docker-bake.hcl
             cwd://${{ steps.login-meta.outputs.bake-file }}
diff --git a/login/Makefile b/login/Makefile
index a6e781374b..05cf704c3f 100644
--- a/login/Makefile
+++ b/login/Makefile
@@ -14,7 +14,7 @@ export GID := $(id -g)
 export LOGIN_TEST_ACCEPTANCE_BUILD_CONTEXT := $(LOGIN_DIR)apps/login-test-acceptance
 
 export DOCKER_METADATA_OUTPUT_VERSION ?= local
-export LOGIN_TAG ?= login:${DOCKER_METADATA_OUTPUT_VERSION}
+export LOGIN_TAG ?= zitadel-login:${DOCKER_METADATA_OUTPUT_VERSION}
 export LOGIN_TEST_UNIT_TAG := login-test-unit:${DOCKER_METADATA_OUTPUT_VERSION}
 export LOGIN_TEST_INTEGRATION_TAG := login-test-integration:${DOCKER_METADATA_OUTPUT_VERSION}
 export LOGIN_TEST_ACCEPTANCE_TAG := login-test-acceptance:${DOCKER_METADATA_OUTPUT_VERSION}
diff --git a/login/apps/login-test-acceptance/docker-compose-ci.yaml b/login/apps/login-test-acceptance/docker-compose-ci.yaml
index 7a531fcf42..6f5963df43 100644
--- a/login/apps/login-test-acceptance/docker-compose-ci.yaml
+++ b/login/apps/login-test-acceptance/docker-compose-ci.yaml
@@ -16,7 +16,7 @@ services:
       ZITADEL_ADMIN_USER: zitadel-admin@zitadel.traefik
 
   login:
-    image: "${LOGIN_TAG:-login:local}"
+    image: "${LOGIN_TAG:-zitadel-login:local}"
     container_name: acceptance-login
     labels:
       - "traefik.enable=true"
diff --git a/login/docker-bake-release.hcl b/login/docker-bake-release.hcl
new file mode 100644
index 0000000000..51e1c194f6
--- /dev/null
+++ b/login/docker-bake-release.hcl
@@ -0,0 +1,3 @@
+target "release" {
+  platforms = ["linux/amd64", "linux/arm64"]
+}
diff --git a/login/docker-bake.hcl b/login/docker-bake.hcl
index 9520b752fa..b60fd7270a 100644
--- a/login/docker-bake.hcl
+++ b/login/docker-bake.hcl
@@ -6,12 +6,18 @@ variable "DOCKERFILES_DIR" {
   default = "dockerfiles/"
 }
 
+# The release target is overwritten in docker-bake-release.hcl
+# It makes sure the image is built for multiple platforms.
+# By default the platforms property is empty, so images are only built for the current bake runtime platform.
+target "release" {}
+
 # typescript-proto-client is used to generate the client code for the login service.
 # It is not login-prefixed, so it is easily extendable.
 # To extend this bake-file.hcl, set the context of all login-prefixed targets to a different directory.
 # For example docker bake --file login/docker-bake.hcl --file docker-bake.hcl --set login-*.context=./login/
 # The zitadel repository uses this to generate the client and the mock server from local proto files.
 target "typescript-proto-client" {
+  inherits   = ["release"]
   dockerfile = "${DOCKERFILES_DIR}typescript-proto-client.Dockerfile"
   contexts = {
     # We directly generate and download the client server-side with buf, so we don't need the proto files
@@ -37,6 +43,7 @@ target "login-typescript-proto-client-out" {
 # For example docker bake --file login/docker-bake.hcl --file docker-bake.hcl --set login-*.context=./login/
 # The zitadel repository uses this to generate the client and the mock server from local proto files.
 target "proto-files" {
+  inherits   = ["release"]
   dockerfile = "${DOCKERFILES_DIR}proto-files.Dockerfile"
   contexts = {
     login-pnpm = "target:login-pnpm"
@@ -48,6 +55,7 @@ variable "NODE_VERSION" {
 }
 
 target "login-pnpm" {
+  inherits   = ["release"]
   dockerfile = "${DOCKERFILES_DIR}login-pnpm.Dockerfile"
   args = {
     NODE_VERSION = "${NODE_VERSION}"
@@ -76,6 +84,7 @@ target "login-test-unit" {
 }
 
 target "login-client" {
+  inherits   = ["release"]
   dockerfile = "${DOCKERFILES_DIR}login-client.Dockerfile"
   contexts = {
     login-pnpm              = "target:login-pnpm"
@@ -93,7 +102,7 @@ target "core-mock" {
   contexts = {
     protos = "target:proto-files"
   }
-  tags   = ["${LOGIN_CORE_MOCK_TAG}"]
+  tags = ["${LOGIN_CORE_MOCK_TAG}"]
 }
 
 variable "LOGIN_TEST_INTEGRATION_TAG" {
@@ -105,7 +114,7 @@ target "login-test-integration" {
   contexts = {
     login-pnpm = "target:login-pnpm"
   }
-  tags   = ["${LOGIN_TEST_INTEGRATION_TAG}"]
+  tags = ["${LOGIN_TEST_INTEGRATION_TAG}"]
 }
 
 variable "LOGIN_TEST_ACCEPTANCE_TAG" {
@@ -117,28 +126,33 @@ target "login-test-acceptance" {
   contexts = {
     login-pnpm = "target:login-pnpm"
   }
-  tags   = ["${LOGIN_TEST_ACCEPTANCE_TAG}"]
+  tags = ["${LOGIN_TEST_ACCEPTANCE_TAG}"]
 }
 
 variable "LOGIN_TAG" {
   default = "zitadel-login:local"
 }
 
-target "docker-metadata-action" {}
+target "docker-metadata-action" {
+  # In the pipeline, this target is overwritten by the docker metadata action.
+  tags = ["${LOGIN_TAG}"]
+}
 
 # We run integration and acceptance tests against the next standalone server for docker.
 target "login-standalone" {
-  inherits   = ["docker-metadata-action"]
+  inherits = [
+    "docker-metadata-action",
+    "release",
+  ]
   dockerfile = "${DOCKERFILES_DIR}login-standalone.Dockerfile"
   contexts = {
     login-client = "target:login-client"
   }
-  tags   = ["${LOGIN_TAG}"]
 }
 
 target "login-standalone-out" {
-  inherits   = ["login-standalone"]
-  target = "login-standalone-out"
+  inherits = ["login-standalone"]
+  target   = "login-standalone-out"
   output = [
     "type=local,dest=${LOGIN_DIR}apps/login/standalone"
   ]

From 26ec29a513a10e77c4ffda9d59e8212f08c69947 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Fri, 4 Jul 2025 14:14:37 +0300
Subject: [PATCH 121/123] chore(deps): upgrade oidc and chi for dependabot
 alert (#10160)

# Which Problems Are Solved

Solve dependabot alerts for Go packages.

# How the Problems Are Solved

- Upgrade to latest github.com/zitadel/oidc, which already pulls the
fixed version of chi.
- Upgrade mapstructure

# Additional Changes

- none

# Additional Context

- https://github.com/zitadel/zitadel/security/dependabot/323
- https://github.com/zitadel/zitadel/security/dependabot/324
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index f0ab6246d6..ee7fb0a33a 100644
--- a/go.mod
+++ b/go.mod
@@ -29,7 +29,7 @@ require (
 	github.com/fatih/color v1.18.0
 	github.com/fergusstrange/embedded-postgres v1.30.0
 	github.com/gabriel-vasile/mimetype v1.4.9
-	github.com/go-chi/chi/v5 v5.2.1
+	github.com/go-chi/chi/v5 v5.2.2
 	github.com/go-jose/go-jose/v4 v4.1.0
 	github.com/go-ldap/ldap/v3 v3.4.11
 	github.com/go-webauthn/webauthn v0.10.2
@@ -80,7 +80,7 @@ require (
 	github.com/twilio/twilio-go v1.26.1
 	github.com/zitadel/exifremove v0.1.0
 	github.com/zitadel/logging v0.6.2
-	github.com/zitadel/oidc/v3 v3.37.0
+	github.com/zitadel/oidc/v3 v3.39.1
 	github.com/zitadel/passwap v0.9.0
 	github.com/zitadel/saml v0.3.5
 	github.com/zitadel/schema v1.3.1
@@ -99,8 +99,8 @@ require (
 	golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6
 	golang.org/x/net v0.40.0
 	golang.org/x/oauth2 v0.30.0
-	golang.org/x/sync v0.14.0
-	golang.org/x/text v0.25.0
+	golang.org/x/sync v0.15.0
+	golang.org/x/text v0.26.0
 	google.golang.org/api v0.233.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250512202823-5a2f75b736a9
 	google.golang.org/grpc v1.72.1
@@ -127,7 +127,7 @@ require (
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-redsync/redsync/v4 v4.13.0 // indirect
 	github.com/go-sql-driver/mysql v1.7.1 // indirect
-	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
+	github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
 	github.com/go-webauthn/x v0.1.9 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
diff --git a/go.sum b/go.sum
index e2ab9768a6..01acf27c5d 100644
--- a/go.sum
+++ b/go.sum
@@ -234,8 +234,8 @@ github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm
 github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
-github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-chi/chi/v5 v5.2.2 h1:CMwsvRVTbXVytCk1Wd72Zy1LAsAh9GxMmSNWLHCG618=
+github.com/go-chi/chi/v5 v5.2.2/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-errors/errors v1.0.2/go.mod h1:psDX2osz5VnTOnFWbDeWwS7yejl+uV3FEWEp4lssFEs=
 github.com/go-errors/errors v1.1.1/go.mod h1:psDX2osz5VnTOnFWbDeWwS7yejl+uV3FEWEp4lssFEs=
@@ -279,8 +279,8 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
 github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss=
-github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.3.0 h1:27XbWsHIqhbdR5TIC911OfYvgSaW93HM+dX7970Q7jk=
+github.com/go-viper/mapstructure/v2 v2.3.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/go-webauthn/webauthn v0.10.2 h1:OG7B+DyuTytrEPFmTX503K77fqs3HDK/0Iv+z8UYbq4=
 github.com/go-webauthn/webauthn v0.10.2/go.mod h1:Gd1IDsGAybuvK1NkwUTLbGmeksxuRJjVN2PE/xsPxHs=
 github.com/go-webauthn/x v0.1.9 h1:v1oeLmoaa+gPOaZqUdDentu6Rl7HkSSsmOT6gxEQHhE=
@@ -806,8 +806,8 @@ github.com/zitadel/exifremove v0.1.0 h1:qD50ezWsfeeqfcvs79QyyjVfK+snN12v0U0deaU8
 github.com/zitadel/exifremove v0.1.0/go.mod h1:rzKJ3woL/Rz2KthVBiSBKIBptNTvgmk9PLaeUKTm+ek=
 github.com/zitadel/logging v0.6.2 h1:MW2kDDR0ieQynPZ0KIZPrh9ote2WkxfBif5QoARDQcU=
 github.com/zitadel/logging v0.6.2/go.mod h1:z6VWLWUkJpnNVDSLzrPSQSQyttysKZ6bCRongw0ROK4=
-github.com/zitadel/oidc/v3 v3.37.0 h1:nYATWlnP7f18XiAbw6upUruBaqfB1kUrXrSTf1EYGO8=
-github.com/zitadel/oidc/v3 v3.37.0/go.mod h1:/xDan4OUQhguJ4Ur73OOJrtugvR164OMnidXP9xfVNw=
+github.com/zitadel/oidc/v3 v3.39.1 h1:6QwGwI3yxh4somT7fwRCeT1KOn/HOGv0PA0dFciwJjE=
+github.com/zitadel/oidc/v3 v3.39.1/go.mod h1:aH8brOrzoliAybVdfq2xIdGvbtl0j/VsKRNa7WE72gI=
 github.com/zitadel/passwap v0.9.0 h1:QvDK8OHKdb73C0m+mwXvu87UJSBqix3oFwTVENHdv80=
 github.com/zitadel/passwap v0.9.0/go.mod h1:6QzwFjDkIr3FfudzSogTOx5Ydhq4046dRJtDM/kX+G8=
 github.com/zitadel/saml v0.3.5 h1:L1RKWS5y66cGepVxUGjx/WSBOtrtSpRA/J3nn5BJLOY=
@@ -944,8 +944,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -988,8 +988,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
-golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=

From 82cd1cee084685ddb272be1f2a97d4fc872bb851 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Fri, 4 Jul 2025 09:45:15 -0400
Subject: [PATCH 122/123] fix(service ping): correct endpoint, validate and
 randomize default interval (#10166)

# Which Problems Are Solved

The production endpoint of the service ping was wrong.
Additionally we discussed in the sprint review, that we could randomize
the default interval to prevent all systems to report data at the very
same time and also require a minimal interval.

# How the Problems Are Solved

- fixed the endpoint
- If the interval is set to @daily (default), we generate a random time
(minute, hour) as a cron format.
- Check if the interval is more than 30min and return an error if not.
- Fixed yaml indent on `ResourceCount`

# Additional Changes

None

# Additional Context

as discussed internally
---
 cmd/defaults.yaml                   | 13 +++--
 internal/serviceping/worker.go      | 45 +++++++++++++++++-
 internal/serviceping/worker_test.go | 74 +++++++++++++++++++++++++++++
 3 files changed, 125 insertions(+), 7 deletions(-)

diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
index f88616b821..2faf42770b 100644
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -1210,11 +1210,13 @@ ServicePing:
   # By setting Enabled to false, the service ping is disabled completely.
   Enabled: true # ZITADEL_SERVICEPING_ENABLED
   # The endpoint to which the reports are sent. The endpoint is used as a base path. Individual reports are sent to the endpoint with a specific path.
-  Endpoint: "https://zitadel.cloud/api/ping" # ZITADEL_SERVICEPING_ENDPOINT
+  Endpoint: "https://zitadel.com/api/ping" # ZITADEL_SERVICEPING_ENDPOINT
   # Interval at which the service ping is sent to the endpoint.
   # The interval is in the format of a cron expression.
-  # By default, it is set to every day at midnight:
-  Interval: "0 0 * * *" # ZITADEL_SERVICEPING_INTERVAL
+  # By default, it is set to every daily.
+  # Note that if the interval is set to `@daily`, we randomize the time to prevent all systems from sending their reports at the same time.
+  # If you want to send the service ping at a specific time, you can set the interval to a cron expression like "@midnight" or "15 4 * * *".
+  Interval: "@daily" # ZITADEL_SERVICEPING_INTERVAL
   # Maximum number of attempts for each individual report to be sent.
   # If one report fails, it will be retried up to this number of times.
   # Other reports will still be handled in parallel and have their own retry count.
@@ -1231,8 +1233,9 @@ ServicePing:
     # ResourceCount is a periodic report of the number of resources in ZITADEL.
     # This includes the number of users, organizations, projects, and other resources.
     ResourceCount:
-        Enabled: true # ZITADEL_SERVICEPING_TELEMETRY_RESOURCECOUNT_ENABLED
-        BulkSize: 10000 # ZITADEL_SERVICEPING_TELEMETRY_RESOURCECOUNT_BULKSIZE
+      Enabled: true # ZITADEL_SERVICEPING_TELEMETRY_RESOURCECOUNT_ENABLED
+      # The number of counts that are sent in one batch.
+      BulkSize: 10000 # ZITADEL_SERVICEPING_TELEMETRY_RESOURCECOUNT_BULKSIZE
 
 InternalAuthZ:
   # Configure the RolePermissionMappings by environment variable using JSON notation:
diff --git a/internal/serviceping/worker.go b/internal/serviceping/worker.go
index 0156373170..b95dd77fa1 100644
--- a/internal/serviceping/worker.go
+++ b/internal/serviceping/worker.go
@@ -3,7 +3,10 @@ package serviceping
 import (
 	"context"
 	"errors"
+	"fmt"
+	"math/rand"
 	"net/http"
+	"time"
 
 	"github.com/muhlemmer/gu"
 	"github.com/riverqueue/river"
@@ -15,11 +18,13 @@ import (
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/queue"
 	"github.com/zitadel/zitadel/internal/v2/system"
+	"github.com/zitadel/zitadel/internal/zerrors"
 	analytics "github.com/zitadel/zitadel/pkg/grpc/analytics/v2beta"
 )
 
 const (
-	QueueName = "service_ping_report"
+	QueueName   = "service_ping_report"
+	minInterval = 30 * time.Minute
 )
 
 var (
@@ -238,7 +243,7 @@ func Start(config *Config, q *queue.Queue) error {
 	if !config.Enabled {
 		return nil
 	}
-	schedule, err := cron.ParseStandard(config.Interval)
+	schedule, err := parseAndValidateSchedule(config.Interval)
 	if err != nil {
 		return err
 	}
@@ -250,3 +255,39 @@ func Start(config *Config, q *queue.Queue) error {
 	)
 	return nil
 }
+
+func parseAndValidateSchedule(interval string) (cron.Schedule, error) {
+	if interval == "@daily" {
+		interval = randomizeDaily()
+	}
+	schedule, err := cron.ParseStandard(interval)
+	if err != nil {
+		return nil, zerrors.ThrowInvalidArgument(err, "SERV-NJqiof", "invalid interval")
+	}
+	var intervalDuration time.Duration
+	switch s := schedule.(type) {
+	case *cron.SpecSchedule:
+		// For cron.SpecSchedule, we need to calculate the interval duration
+		// by getting the next time and subtracting it from the time after that.
+		// This is because the schedule could be a specific time, that is less than 30 minutes away,
+		// but still run only once a day and therefore is valid.
+		next := s.Next(time.Now())
+		nextAfter := s.Next(next)
+		intervalDuration = nextAfter.Sub(next)
+	case cron.ConstantDelaySchedule:
+		intervalDuration = s.Delay
+	}
+	if intervalDuration < minInterval {
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "SERV-FJ12", "interval must be at least %s", minInterval)
+	}
+	logging.WithFields("interval", interval).Info("scheduling service ping")
+	return schedule, nil
+}
+
+// randomizeDaily generates a random time for the daily cron job
+// to prevent all systems from sending the report at the same time.
+func randomizeDaily() string {
+	minute := rand.Intn(60)
+	hour := rand.Intn(24)
+	return fmt.Sprintf("%d %d * * *", minute, hour)
+}
diff --git a/internal/serviceping/worker_test.go b/internal/serviceping/worker_test.go
index 373eee9b6e..f5bd38d3eb 100644
--- a/internal/serviceping/worker_test.go
+++ b/internal/serviceping/worker_test.go
@@ -1050,3 +1050,77 @@ func TestWorker_Work(t *testing.T) {
 		})
 	}
 }
+
+func Test_parseAndValidateSchedule(t *testing.T) {
+	type args struct {
+		interval string
+	}
+	tests := []struct {
+		name          string
+		args          args
+		wantNextStart time.Time
+		wantNextEnd   time.Time
+		wantErr       error
+	}{
+		{
+			name: "@daily, returns randomized daily schedule",
+			args: args{
+				interval: "@daily",
+			},
+			wantNextStart: time.Now(),
+			wantNextEnd:   time.Now().Add(24 * time.Hour),
+		},
+		{
+			name: "invalid cron expression, returns error",
+			args: args{
+				interval: "invalid cron",
+			},
+			wantErr: zerrors.ThrowInvalidArgument(nil, "SERV-NJqiof", "invalid interval"),
+		},
+		{
+			name: "valid cron expression, returns schedule",
+			args: args{
+				interval: "0 0 * * *",
+			},
+			wantNextStart: nextMidnight(),
+			wantNextEnd:   nextMidnight(),
+		},
+		{
+			name: "valid cron expression (extended syntax), returns schedule",
+			args: args{
+				interval: "@midnight",
+			},
+			wantNextStart: nextMidnight(),
+			wantNextEnd:   nextMidnight(),
+		},
+		{
+			name: "less than minInterval, returns error",
+			args: args{
+				interval: "0/15 * * * *",
+			},
+			wantErr: zerrors.ThrowInvalidArgumentf(nil, "SERV-FJ12", "interval must be at least %s", minInterval),
+		},
+		{
+			name: "less than minInterval (extended syntax), returns error",
+			args: args{
+				interval: "@every 15m",
+			},
+			wantErr: zerrors.ThrowInvalidArgumentf(nil, "SERV-FJ12", "interval must be at least %s", minInterval),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := parseAndValidateSchedule(tt.args.interval)
+			assert.ErrorIs(t, err, tt.wantErr)
+			if tt.wantErr == nil {
+				now := time.Now()
+				assert.WithinRange(t, got.Next(now), tt.wantNextStart, tt.wantNextEnd)
+			}
+		})
+	}
+}
+
+func nextMidnight() time.Time {
+	year, month, day := time.Now().Date()
+	return time.Date(year, month, day+1, 0, 0, 0, 0, time.Local)
+}

From 9ebf2316c671b21feef39d8c039440041969b916 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Fri, 4 Jul 2025 10:06:20 -0400
Subject: [PATCH 123/123] feat: exchange gRPC server implementation to
 connectRPC (#10145)

# Which Problems Are Solved

The current maintained gRPC server in combination with a REST (grpc)
gateway is getting harder and harder to maintain. Additionally, there
have been and still are issues with supporting / displaying `oneOf`s
correctly.
We therefore decided to exchange the server implementation to
connectRPC, which apart from supporting connect as protocol, also also
"standard" gRCP clients as well as HTTP/1.1 / rest like clients, e.g.
curl directly call the server without any additional gateway.

# How the Problems Are Solved

- All v2 services are moved to connectRPC implementation. (v1 services
are still served as pure grpc servers)
- All gRPC server interceptors were migrated / copied to a corresponding
connectRPC interceptor.
- API.ListGrpcServices and API. ListGrpcMethods were changed to include
the connect services and endpoints.
- gRPC server reflection was changed to a `StaticReflector` using the
`ListGrpcServices` list.
- The `grpc.Server` interfaces was split into different combinations to
be able to handle the different cases (grpc server and prefixed gateway,
connect server with grpc gateway, connect server only, ...)
- Docs of services serving connectRPC only with no additional gateway
(instance, webkey, project, app, org v2 beta) are changed to expose that
- since the plugin is not yet available on buf, we download it using
`postinstall` hook of the docs

# Additional Changes

- WebKey service is added as v2 service (in addition to the current
v2beta)

# Additional Context

closes #9483

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
---
 .github/workflows/core.yml                    |   1 +
 .gitignore                                    |   3 +-
 Makefile                                      |   3 +-
 buf.gen.yaml                                  |   2 +
 cmd/start/start.go                            |   8 +-
 docs/.gitignore                               |   1 +
 docs/base.yaml                                |   3 +
 docs/buf.gen.yaml                             |  11 +-
 docs/docusaurus.config.js                     |  16 +-
 docs/package.json                             |   3 +-
 docs/plugin-download.sh                       |  21 +
 docs/sidebars.js                              |  71 +-
 docs/yarn.lock                                |  10 +
 go.mod                                        |   2 +
 go.sum                                        |   4 +
 internal/api/api.go                           |  85 +-
 internal/api/grpc/action/v2beta/execution.go  |  29 +-
 internal/api/grpc/action/v2beta/query.go      |  25 +-
 internal/api/grpc/action/v2beta/server.go     |  17 +-
 internal/api/grpc/action/v2beta/target.go     |  25 +-
 internal/api/grpc/app/v2beta/app.go           |  79 +-
 internal/api/grpc/app/v2beta/app_key.go       |  23 +-
 internal/api/grpc/app/v2beta/query.go         |  35 +-
 internal/api/grpc/app/v2beta/server.go        |  22 +-
 internal/api/grpc/feature/v2/feature.go       |  51 +-
 internal/api/grpc/feature/v2/server.go        |  17 +-
 internal/api/grpc/feature/v2beta/feature.go   |  51 +-
 internal/api/grpc/feature/v2beta/server.go    |  17 +-
 internal/api/grpc/gerrors/zitadel_errors.go   |  26 +
 internal/api/grpc/idp/v2/query.go             |   7 +-
 internal/api/grpc/idp/v2/server.go            |  17 +-
 internal/api/grpc/instance/v2beta/domain.go   |  33 +-
 internal/api/grpc/instance/v2beta/instance.go |  17 +-
 internal/api/grpc/instance/v2beta/query.go    |  32 +-
 internal/api/grpc/instance/v2beta/server.go   |  17 +-
 internal/api/grpc/oidc/v2/oidc.go             |  47 +-
 internal/api/grpc/oidc/v2/server.go           |  17 +-
 internal/api/grpc/oidc/v2beta/oidc.go         |  29 +-
 internal/api/grpc/oidc/v2beta/server.go       |  17 +-
 internal/api/grpc/org/v2/org.go               |  12 +-
 internal/api/grpc/org/v2/org_test.go          |   7 +-
 internal/api/grpc/org/v2/query.go             |  22 +-
 internal/api/grpc/org/v2/server.go            |  17 +-
 internal/api/grpc/org/v2beta/helper.go        |   7 +-
 internal/api/grpc/org/v2beta/org.go           | 125 +--
 internal/api/grpc/org/v2beta/org_test.go      |   7 +-
 internal/api/grpc/org/v2beta/server.go        |  17 +-
 internal/api/grpc/project/v2beta/project.go   |  43 +-
 .../api/grpc/project/v2beta/project_grant.go  |  43 +-
 .../api/grpc/project/v2beta/project_role.go   |  29 +-
 internal/api/grpc/project/v2beta/query.go     |  35 +-
 internal/api/grpc/project/v2beta/server.go    |  22 +-
 internal/api/grpc/saml/v2/saml.go             |  25 +-
 internal/api/grpc/saml/v2/server.go           |  16 +-
 .../connect_middleware/access_interceptor.go  |  57 ++
 .../activity_interceptor.go                   |  52 ++
 .../connect_middleware/auth_interceptor.go    |  65 ++
 .../auth_interceptor_test.go                  | 318 +++++++
 .../connect_middleware/cache_interceptor.go   |  31 +
 .../connect_middleware/call_interceptor.go    |  18 +
 .../connect_middleware/error_interceptor.go   |  23 +
 .../error_interceptor_test.go                 |  65 ++
 .../execution_interceptor.go                  | 160 ++++
 .../execution_interceptor_test.go             | 815 ++++++++++++++++++
 .../instance_interceptor.go                   | 107 +++
 .../connect_middleware/limits_interceptor.go  |  34 +
 .../connect_middleware/metrics_interceptor.go |  96 +++
 .../server/connect_middleware/mock_test.go    |  50 ++
 .../connect_middleware/quota_interceptor.go   |  53 ++
 .../connect_middleware/service_interceptor.go |  45 +
 .../translation_interceptor.go                |  48 ++
 .../server/connect_middleware/translator.go   |  37 +
 .../validation_interceptor.go                 |  36 +
 internal/api/grpc/server/gateway.go           |   2 +-
 internal/api/grpc/server/server.go            |  24 +-
 internal/api/grpc/session/v2/query.go         |  17 +-
 internal/api/grpc/session/v2/server.go        |  17 +-
 internal/api/grpc/session/v2/session.go       |  31 +-
 internal/api/grpc/session/v2beta/server.go    |  17 +-
 internal/api/grpc/session/v2beta/session.go   |  47 +-
 internal/api/grpc/settings/v2/query.go        |  85 +-
 internal/api/grpc/settings/v2/server.go       |  16 +-
 internal/api/grpc/settings/v2/settings.go     |  16 +-
 internal/api/grpc/settings/v2beta/server.go   |  16 +-
 internal/api/grpc/settings/v2beta/settings.go |  85 +-
 internal/api/grpc/user/v2/email.go            |  55 +-
 internal/api/grpc/user/v2/human.go            |  13 +-
 internal/api/grpc/user/v2/idp_link.go         |  32 +-
 internal/api/grpc/user/v2/intent.go           |  33 +-
 internal/api/grpc/user/v2/key.go              |  23 +-
 internal/api/grpc/user/v2/key_query.go        |  11 +-
 internal/api/grpc/user/v2/machine.go          |  13 +-
 internal/api/grpc/user/v2/otp.go              |  26 +-
 internal/api/grpc/user/v2/passkey.go          |  65 +-
 internal/api/grpc/user/v2/passkey_test.go     |  12 +-
 internal/api/grpc/user/v2/password.go         |  30 +-
 internal/api/grpc/user/v2/pat.go              |  21 +-
 internal/api/grpc/user/v2/pat_query.go        |  11 +-
 internal/api/grpc/user/v2/phone.go            |  49 +-
 internal/api/grpc/user/v2/secret.go           |  17 +-
 internal/api/grpc/user/v2/server.go           |  16 +-
 internal/api/grpc/user/v2/totp.go             |  26 +-
 internal/api/grpc/user/v2/totp_test.go        |   2 +-
 internal/api/grpc/user/v2/u2f.go              |  30 +-
 internal/api/grpc/user/v2/u2f_test.go         |   4 +-
 internal/api/grpc/user/v2/user.go             | 131 +--
 internal/api/grpc/user/v2/user_query.go       |  17 +-
 internal/api/grpc/user/v2beta/email.go        |  41 +-
 internal/api/grpc/user/v2beta/otp.go          |  26 +-
 internal/api/grpc/user/v2beta/passkey.go      |  49 +-
 internal/api/grpc/user/v2beta/passkey_test.go |  12 +-
 internal/api/grpc/user/v2beta/password.go     |  30 +-
 internal/api/grpc/user/v2beta/phone.go        |  49 +-
 internal/api/grpc/user/v2beta/query.go        |  17 +-
 internal/api/grpc/user/v2beta/server.go       |  16 +-
 internal/api/grpc/user/v2beta/totp.go         |  26 +-
 internal/api/grpc/user/v2beta/totp_test.go    |   2 +-
 internal/api/grpc/user/v2beta/u2f.go          |  22 +-
 internal/api/grpc/user/v2beta/u2f_test.go     |   4 +-
 internal/api/grpc/user/v2beta/user.go         | 115 +--
 internal/api/grpc/user/v2beta/user_test.go    |   4 +-
 .../webkey_integration_test.go                | 216 +++++
 internal/api/grpc/webkey/v2/server.go         |  51 ++
 internal/api/grpc/webkey/v2/webkey.go         |  72 ++
 .../api/grpc/webkey/v2/webkey_converter.go    | 170 ++++
 .../grpc/webkey/v2/webkey_converter_test.go   | 494 +++++++++++
 internal/api/grpc/webkey/v2beta/server.go     |  21 +-
 internal/api/grpc/webkey/v2beta/webkey.go     |  31 +-
 internal/integration/client.go                |   3 +
 .../protoc-gen-zitadel/zitadel.pb.go.tmpl     |   8 +
 proto/zitadel/system.proto                    |  14 +-
 proto/zitadel/webkey/v2/key.proto             | 109 +++
 proto/zitadel/webkey/v2/webkey_service.proto  | 335 +++++++
 133 files changed, 5191 insertions(+), 1187 deletions(-)
 create mode 100644 docs/base.yaml
 create mode 100644 docs/plugin-download.sh
 create mode 100644 internal/api/grpc/server/connect_middleware/access_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/activity_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/auth_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/auth_interceptor_test.go
 create mode 100644 internal/api/grpc/server/connect_middleware/cache_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/call_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/error_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/error_interceptor_test.go
 create mode 100644 internal/api/grpc/server/connect_middleware/execution_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/execution_interceptor_test.go
 create mode 100644 internal/api/grpc/server/connect_middleware/instance_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/limits_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/metrics_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/mock_test.go
 create mode 100644 internal/api/grpc/server/connect_middleware/quota_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/service_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/translation_interceptor.go
 create mode 100644 internal/api/grpc/server/connect_middleware/translator.go
 create mode 100644 internal/api/grpc/server/connect_middleware/validation_interceptor.go
 create mode 100644 internal/api/grpc/webkey/v2/integration_test/webkey_integration_test.go
 create mode 100644 internal/api/grpc/webkey/v2/server.go
 create mode 100644 internal/api/grpc/webkey/v2/webkey.go
 create mode 100644 internal/api/grpc/webkey/v2/webkey_converter.go
 create mode 100644 internal/api/grpc/webkey/v2/webkey_converter_test.go
 create mode 100644 proto/zitadel/webkey/v2/key.proto
 create mode 100644 proto/zitadel/webkey/v2/webkey_service.proto

diff --git a/.github/workflows/core.yml b/.github/workflows/core.yml
index 13e7c0dee7..c864c650a7 100644
--- a/.github/workflows/core.yml
+++ b/.github/workflows/core.yml
@@ -25,6 +25,7 @@ env:
     internal/api/assets/router.go
     openapi/v2
     pkg/grpc/**/*.pb.*
+    pkg/grpc/**/*.connect.go
 
 jobs:
   build:
diff --git a/.gitignore b/.gitignore
index 23469d4209..0aa6cc1976 100644
--- a/.gitignore
+++ b/.gitignore
@@ -52,7 +52,8 @@ console/src/app/proto/generated/
 !pkg/grpc/protoc/v2/options.pb.go
 **.proto.mock.go
 **.pb.*.go
-**.gen.go 
+pkg/**/**.connect.go
+**.gen.go
 openapi/**/*.json
 /internal/api/assets/authz.go
 /internal/api/assets/router.go
diff --git a/Makefile b/Makefile
index 10f52b7c4c..3bad5aa1c6 100644
--- a/Makefile
+++ b/Makefile
@@ -78,12 +78,13 @@ core_grpc_dependencies:
 	go install github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2@v2.22.0 		# https://pkg.go.dev/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2?tab=versions
 	go install github.com/envoyproxy/protoc-gen-validate@v1.1.0								# https://pkg.go.dev/github.com/envoyproxy/protoc-gen-validate?tab=versions
 	go install github.com/bufbuild/buf/cmd/buf@v1.45.0										# https://pkg.go.dev/github.com/bufbuild/buf/cmd/buf?tab=versions
+	go install connectrpc.com/connect/cmd/protoc-gen-connect-go@v1.18.1						# https://pkg.go.dev/connectrpc.com/connect/cmd/protoc-gen-connect-go?tab=versions
 
 .PHONY: core_api
 core_api: core_api_generator core_grpc_dependencies
 	buf generate
 	mkdir -p pkg/grpc
-	cp -r .artifacts/grpc/github.com/zitadel/zitadel/pkg/grpc/* pkg/grpc/
+	cp -r .artifacts/grpc/github.com/zitadel/zitadel/pkg/grpc/** pkg/grpc/
 	mkdir -p openapi/v2/zitadel
 	cp -r .artifacts/grpc/zitadel/ openapi/v2/zitadel
 
diff --git a/buf.gen.yaml b/buf.gen.yaml
index 858a1e6404..5a29ba9cd3 100644
--- a/buf.gen.yaml
+++ b/buf.gen.yaml
@@ -19,3 +19,5 @@ plugins:
     out: .artifacts/grpc
   - plugin: zitadel
     out: .artifacts/grpc
+  - plugin: connect-go
+    out: .artifacts/grpc
diff --git a/cmd/start/start.go b/cmd/start/start.go
index 06f3554a58..50bb9fbdb3 100644
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@@ -59,7 +59,8 @@ import (
 	"github.com/zitadel/zitadel/internal/api/grpc/system"
 	user_v2 "github.com/zitadel/zitadel/internal/api/grpc/user/v2"
 	user_v2beta "github.com/zitadel/zitadel/internal/api/grpc/user/v2beta"
-	webkey "github.com/zitadel/zitadel/internal/api/grpc/webkey/v2beta"
+	webkey_v2 "github.com/zitadel/zitadel/internal/api/grpc/webkey/v2"
+	webkey_v2beta "github.com/zitadel/zitadel/internal/api/grpc/webkey/v2beta"
 	http_util "github.com/zitadel/zitadel/internal/api/http"
 	"github.com/zitadel/zitadel/internal/api/http/middleware"
 	"github.com/zitadel/zitadel/internal/api/idp"
@@ -515,7 +516,10 @@ func startAPIs(
 	if err := apis.RegisterService(ctx, user_v3_alpha.CreateServer(commands)); err != nil {
 		return nil, err
 	}
-	if err := apis.RegisterService(ctx, webkey.CreateServer(commands, queries)); err != nil {
+	if err := apis.RegisterService(ctx, webkey_v2beta.CreateServer(commands, queries)); err != nil {
+		return nil, err
+	}
+	if err := apis.RegisterService(ctx, webkey_v2.CreateServer(commands, queries)); err != nil {
 		return nil, err
 	}
 	if err := apis.RegisterService(ctx, debug_events.CreateServer(commands, queries)); err != nil {
diff --git a/docs/.gitignore b/docs/.gitignore
index bd99d98c6f..e894d20ec6 100644
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -27,3 +27,4 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 .vercel
+/protoc-gen-connect-openapi*
diff --git a/docs/base.yaml b/docs/base.yaml
new file mode 100644
index 0000000000..dc5b9aa0f9
--- /dev/null
+++ b/docs/base.yaml
@@ -0,0 +1,3 @@
+openapi: 3.1.0
+info:
+  version: v2
\ No newline at end of file
diff --git a/docs/buf.gen.yaml b/docs/buf.gen.yaml
index a628f6e748..b507a2fb9c 100644
--- a/docs/buf.gen.yaml
+++ b/docs/buf.gen.yaml
@@ -1,11 +1,18 @@
 # buf.gen.yaml
-version: v1
+version: v2
 managed:
   enabled: true
 plugins:
-  - plugin: buf.build/grpc-ecosystem/openapiv2
+  - remote: buf.build/grpc-ecosystem/openapiv2
     out: .artifacts/openapi
     opt:
       - allow_delete_body
       - remove_internal_comments=true
       - preserve_rpc_order=true
+  - local: ./protoc-gen-connect-openapi
+    out: .artifacts/openapi3
+    strategy: all
+    opt:
+      - short-service-tags
+      - ignore-googleapi-http
+      - base=base.yaml
diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
index abf5c742a5..ffca8b21de 100644
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -337,7 +337,7 @@ module.exports = {
           },
           webkey_v2: {
             specPath:
-              ".artifacts/openapi/zitadel/webkey/v2beta/webkey_service.swagger.json",
+              ".artifacts/openapi3/zitadel/webkey/v2/webkey_service.openapi.yaml",
             outputDir: "docs/apis/resources/webkey_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -373,7 +373,7 @@ module.exports = {
           },
           org_v2beta: {
             specPath:
-              ".artifacts/openapi/zitadel/org/v2beta/org_service.swagger.json",
+              ".artifacts/openapi3/zitadel/org/v2beta/org_service.openapi.yaml",
             outputDir: "docs/apis/resources/org_service_v2beta",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -382,16 +382,24 @@ module.exports = {
           },
           project_v2beta: {
             specPath:
-              ".artifacts/openapi/zitadel/project/v2beta/project_service.swagger.json",
+              ".artifacts/openapi3/zitadel/project/v2beta/project_service.openapi.yaml",
             outputDir: "docs/apis/resources/project_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
               categoryLinkSource: "auto",
             },
           },
+          application_v2: {
+            specPath: ".artifacts/openapi3/zitadel/app/v2beta/app_service.openapi.yaml",
+            outputDir: "docs/apis/resources/application_service_v2",
+            sidebarOptions: {
+              groupPathsBy: "tag",
+              categoryLinkSource: "auto",
+            },
+          },
           instance_v2: {
             specPath:
-              ".artifacts/openapi/zitadel/instance/v2beta/instance_service.swagger.json",
+              ".artifacts/openapi3/zitadel/instance/v2beta/instance_service.openapi.yaml",
             outputDir: "docs/apis/resources/instance_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
diff --git a/docs/package.json b/docs/package.json
index 2e1214f378..f799a5e76f 100644
--- a/docs/package.json
+++ b/docs/package.json
@@ -18,7 +18,8 @@
     "generate:apidocs": "docusaurus gen-api-docs all",
     "generate:configdocs": "cp -r ../cmd/defaults.yaml ./docs/self-hosting/manage/configure/ && cp -r ../cmd/setup/steps.yaml ./docs/self-hosting/manage/configure/",
     "generate:re-gen": "yarn generate:clean-all && yarn generate",
-    "generate:clean-all": "docusaurus clean-api-docs all"
+    "generate:clean-all": "docusaurus clean-api-docs all",
+    "postinstall": "sh ./plugin-download.sh"
   },
   "dependencies": {
     "@bufbuild/buf": "^1.14.0",
diff --git a/docs/plugin-download.sh b/docs/plugin-download.sh
new file mode 100644
index 0000000000..c6de8d702f
--- /dev/null
+++ b/docs/plugin-download.sh
@@ -0,0 +1,21 @@
+echo $(uname -m)
+
+if [ "$(uname)" = "Darwin" ]; then
+  curl -L -o protoc-gen-connect-openapi.tar.gz https://github.com/sudorandom/protoc-gen-connect-openapi/releases/download/v0.18.0/protoc-gen-connect-openapi_0.18.0_darwin_all.tar.gz
+else
+  ARCH=$(uname -m)
+  case $ARCH in
+    x86_64)
+      ARCH="amd64"
+      ;;
+    aarch64|arm64)
+      ARCH="arm64"
+      ;;
+    *)
+      echo "Unsupported architecture: $ARCH"
+      exit 1
+      ;;
+  esac
+  curl -L -o protoc-gen-connect-openapi.tar.gz https://github.com/sudorandom/protoc-gen-connect-openapi/releases/download/v0.18.0/protoc-gen-connect-openapi_0.18.0_linux_${ARCH}.tar.gz
+fi
+tar -xvf protoc-gen-connect-openapi.tar.gz
\ No newline at end of file
diff --git a/docs/sidebars.js b/docs/sidebars.js
index fe77ea0af2..a0de30271d 100644
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -16,6 +16,7 @@ const sidebar_api_actions_v2 = require("./docs/apis/resources/action_service_v2/
 const sidebar_api_project_service_v2 = require("./docs/apis/resources/project_service_v2/sidebar.ts").default
 const sidebar_api_webkey_service_v2 = require("./docs/apis/resources/webkey_service_v2/sidebar.ts").default
 const sidebar_api_instance_service_v2 = require("./docs/apis/resources/instance_service_v2/sidebar.ts").default
+const sidebar_api_app_v2 = require("./docs/apis/resources/application_service_v2/sidebar.ts").default
 
 module.exports = {
   guides: [
@@ -806,6 +807,18 @@ module.exports = {
               },
               items: sidebar_api_org_service_v2,
             },
+            {
+              type: "category",
+              label: "Organization (Beta)",
+              link: {
+                type: "generated-index",
+                title: "Organization Service beta API",
+                slug: "/apis/resources/org_service/v2beta",
+                description:
+                    "This API is intended to manage organizations for ZITADEL. \n",
+              },
+              items: sidebar_api_org_service_v2beta,
+            },
             {
               type: "category",
               label: "Identity Provider",
@@ -820,19 +833,15 @@ module.exports = {
             },
             {
               type: "category",
-              label: "Web key (Beta)",
+              label: "Web Key",
               link: {
                 type: "generated-index",
-                title: "Web Key Service API (Beta)",
+                title: "Web Key Service API",
                 slug: "/apis/resources/webkey_service_v2",
                 description:
                     "This API is intended to manage web keys for a ZITADEL instance, used to sign and validate OIDC tokens.\n" +
-                    "\n" +
-                    "This service is in beta state. It can AND will continue breaking until a stable version is released.\n"+
                     "\n"+
-                    "The public key endpoint (outside of this service) is used to retrieve the public keys of the active and inactive keys.\n"+
-                    "\n"+
-                    "Please make sure to enable the `web_key` feature flag on your instance to use this service and that you're running ZITADEL V3.",
+                    "The public key endpoint (outside of this service) is used to retrieve the public keys of the active and inactive keys.\n",
               },
               items: sidebar_api_webkey_service_v2
             },
@@ -857,6 +866,54 @@ module.exports = {
               },
               items: sidebar_api_actions_v2,
             },
+            {
+              type: "category",
+              label: "Project (Beta)",
+              link: {
+                type: "generated-index",
+                title: "Project Service API (Beta)",
+                slug: "/apis/resources/project_service_v2",
+                description:
+                    "This API is intended to manage projects and subresources for ZITADEL. \n" +
+                    "\n" +
+                    "This service is in beta state. It can AND will continue breaking until a stable version is released.",
+              },
+              items: sidebar_api_project_service_v2,
+            },
+            {
+              type: "category",
+              label: "Instance (Beta)",
+              link: {
+                type: "generated-index",
+                title: "Instance Service API (Beta)",
+                slug: "/apis/resources/instance_service_v2",
+                description:
+                    "This API is intended to manage instances, custom domains and trusted domains in ZITADEL.\n" +
+                    "\n" +
+                    "This service is in beta state. It can AND will continue breaking until a stable version is released.\n"+
+                    "\n" +
+                    "This v2 of the API provides the same functionalities as the v1, but organised on a per resource basis.\n" +
+                    "The whole functionality related to domains (custom and trusted) has been moved under this instance API."
+                ,
+              },
+              items: sidebar_api_instance_service_v2,
+            },
+            {
+              type: "category",
+              label: "App (Beta)",
+              link: {
+                type: "generated-index",
+                title: "Application Service API (Beta)",
+                slug: "/apis/resources/application_service_v2",
+                description:
+                    "This API lets you manage Zitadel applications (API, SAML, OIDC).\n"+
+                    "\n"+
+                    "The API offers generic endpoints that work for all app types (API, SAML, OIDC), "+
+                    "\n"+
+                    "This API is in beta state. It can AND will continue breaking until a stable version is released.\n"
+              },
+              items: sidebar_api_app_v2,
+            },
           ],
         },
         {
diff --git a/docs/yarn.lock b/docs/yarn.lock
index c48c5b8bd6..307577b44e 100644
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@@ -6121,6 +6121,11 @@ caniuse-lite@^1.0.30001702, caniuse-lite@^1.0.30001718:
   resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001724.tgz#312e163553dd70d2c0fb603d74810c85d8ed94a0"
   integrity sha512-WqJo7p0TbHDOythNTqYujmaJTvtYRZrjpP8TCvH6Vb9CYJerJNKamKzIWOM4BkQatWj9H2lYulpdAQNBe7QhNA==
 
+caniuse-lite@^1.0.30001716:
+  version "1.0.30001726"
+  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001726.tgz#a15bd87d5a4bf01f6b6f70ae7c97fdfd28b5ae47"
+  integrity sha512-VQAUIUzBiZ/UnlM28fSp2CRF3ivUn1BWEvxMcVTNwpw91Py1pGbPIyIKtd+tzct9C3ouceCVdGAXxZOpZAsgdw==
+
 ccount@^2.0.0:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/ccount/-/ccount-2.0.1.tgz#17a3bf82302e0870d6da43a01311a8bc02a3ecf5"
@@ -7503,6 +7508,11 @@ electron-to-chromium@^1.4.796:
   resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.803.tgz#cf55808a5ee12e2a2778bbe8cdc941ef87c2093b"
   integrity sha512-61H9mLzGOCLLVsnLiRzCbc63uldP0AniRYPV3hbGVtONA1pI7qSGILdbofR7A8TMbOypDocEAjH/e+9k1QIe3g==
 
+electron-to-chromium@^1.5.149:
+  version "1.5.178"
+  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.178.tgz#6fc4d69eb5275bb13068931448fd822458901fbb"
+  integrity sha512-wObbz/ar3Bc6e4X5vf0iO8xTN8YAjN/tgiAOJLr7yjYFtP9wAjq8Mb5h0yn6kResir+VYx2DXBj9NNobs0ETSA==
+
 electron-to-chromium@^1.5.160:
   version "1.5.172"
   resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.172.tgz#fe1d99028d8d6321668d0f1fed61d99ac896259c"
diff --git a/go.mod b/go.mod
index ee7fb0a33a..22980acfaf 100644
--- a/go.mod
+++ b/go.mod
@@ -7,6 +7,8 @@ toolchain go1.24.1
 require (
 	cloud.google.com/go/profiler v0.4.2
 	cloud.google.com/go/storage v1.54.0
+	connectrpc.com/connect v1.18.1
+	connectrpc.com/grpcreflect v1.3.0
 	dario.cat/mergo v1.0.2
 	github.com/BurntSushi/toml v1.5.0
 	github.com/DATA-DOG/go-sqlmock v1.5.2
diff --git a/go.sum b/go.sum
index 01acf27c5d..7221111a2b 100644
--- a/go.sum
+++ b/go.sum
@@ -24,6 +24,10 @@ cloud.google.com/go/storage v1.54.0 h1:Du3XEyliAiftfyW0bwfdppm2MMLdpVAfiIg4T2nAI
 cloud.google.com/go/storage v1.54.0/go.mod h1:hIi9Boe8cHxTyaeqh7KMMwKg088VblFK46C2x/BWaZE=
 cloud.google.com/go/trace v1.11.3 h1:c+I4YFjxRQjvAhRmSsmjpASUKq88chOX854ied0K/pE=
 cloud.google.com/go/trace v1.11.3/go.mod h1:pt7zCYiDSQjC9Y2oqCsh9jF4GStB/hmjrYLsxRR27q8=
+connectrpc.com/connect v1.18.1 h1:PAg7CjSAGvscaf6YZKUefjoih5Z/qYkyaTrBW8xvYPw=
+connectrpc.com/connect v1.18.1/go.mod h1:0292hj1rnx8oFrStN7cB4jjVBeqs+Yx5yDIC2prWDO8=
+connectrpc.com/grpcreflect v1.3.0 h1:Y4V+ACf8/vOb1XOc251Qun7jMB75gCUNw6llvB9csXc=
+connectrpc.com/grpcreflect v1.3.0/go.mod h1:nfloOtCS8VUQOQ1+GTdFzVg2CJo4ZGaat8JIovCtDYs=
 dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
 dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
diff --git a/internal/api/api.go b/internal/api/api.go
index 62d3e14b35..349e9186bc 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -7,16 +7,18 @@ import (
 	"sort"
 	"strings"
 
+	"connectrpc.com/grpcreflect"
 	"github.com/gorilla/mux"
 	"github.com/improbable-eng/grpc-web/go/grpcweb"
 	"github.com/zitadel/logging"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/health"
 	healthpb "google.golang.org/grpc/health/grpc_health_v1"
-	"google.golang.org/grpc/reflection"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
+	grpc_api "github.com/zitadel/zitadel/internal/api/grpc"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
+	"github.com/zitadel/zitadel/internal/api/grpc/server/connect_middleware"
 	http_util "github.com/zitadel/zitadel/internal/api/http"
 	http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
 	"github.com/zitadel/zitadel/internal/api/ui/login"
@@ -24,10 +26,16 @@ import (
 	"github.com/zitadel/zitadel/internal/telemetry/metrics"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 	"github.com/zitadel/zitadel/internal/zerrors"
+	system_pb "github.com/zitadel/zitadel/pkg/grpc/system"
+)
+
+var (
+	metricTypes = []metrics.MetricType{metrics.MetricTypeTotalCount, metrics.MetricTypeRequestCount, metrics.MetricTypeStatusCode}
 )
 
 type API struct {
 	port              uint16
+	externalDomain    string
 	grpcServer        *grpc.Server
 	verifier          authz.APITokenVerifier
 	health            healthCheck
@@ -37,16 +45,23 @@ type API struct {
 	healthServer      *health.Server
 	accessInterceptor *http_mw.AccessInterceptor
 	queries           *query.Queries
+	authConfig        authz.Config
+	systemAuthZ       authz.Config
+	connectServices   map[string][]string
 }
 
 func (a *API) ListGrpcServices() []string {
 	serviceInfo := a.grpcServer.GetServiceInfo()
-	services := make([]string, len(serviceInfo))
+	services := make([]string, len(serviceInfo)+len(a.connectServices))
 	i := 0
 	for servicename := range serviceInfo {
 		services[i] = servicename
 		i++
 	}
+	for prefix := range a.connectServices {
+		services[i] = strings.Trim(prefix, "/")
+		i++
+	}
 	sort.Strings(services)
 	return services
 }
@@ -59,6 +74,11 @@ func (a *API) ListGrpcMethods() []string {
 			methods = append(methods, "/"+servicename+"/"+method.Name)
 		}
 	}
+	for service, methodList := range a.connectServices {
+		for _, method := range methodList {
+			methods = append(methods, service+method)
+		}
+	}
 	sort.Strings(methods)
 	return methods
 }
@@ -82,12 +102,16 @@ func New(
 ) (_ *API, err error) {
 	api := &API{
 		port:              port,
+		externalDomain:    externalDomain,
 		verifier:          verifier,
 		health:            queries,
 		router:            router,
 		queries:           queries,
 		accessInterceptor: accessInterceptor,
 		hostHeaders:       hostHeaders,
+		authConfig:        authZ,
+		systemAuthZ:       systemAuthz,
+		connectServices:   make(map[string][]string),
 	}
 
 	api.grpcServer = server.CreateServer(api.verifier, systemAuthz, authZ, queries, externalDomain, tlsConfig, accessInterceptor.AccessService())
@@ -100,10 +124,15 @@ func New(
 	api.RegisterHandlerOnPrefix("/debug", api.healthHandler())
 	api.router.Handle("/", http.RedirectHandler(login.HandlerPrefix, http.StatusFound))
 
-	reflection.Register(api.grpcServer)
 	return api, nil
 }
 
+func (a *API) serverReflection() {
+	reflector := grpcreflect.NewStaticReflector(a.ListGrpcServices()...)
+	a.RegisterHandlerOnPrefix(grpcreflect.NewHandlerV1(reflector))
+	a.RegisterHandlerOnPrefix(grpcreflect.NewHandlerV1Alpha(reflector))
+}
+
 // RegisterServer registers a grpc service on the grpc server,
 // creates a new grpc gateway and registers it as a separate http handler
 //
@@ -131,17 +160,50 @@ func (a *API) RegisterServer(ctx context.Context, grpcServer server.WithGatewayP
 // and its gateway on the gateway handler
 //
 // used for >= v2 api (e.g. user, session, ...)
-func (a *API) RegisterService(ctx context.Context, grpcServer server.Server) error {
-	grpcServer.RegisterServer(a.grpcServer)
-	err := server.RegisterGateway(ctx, a.grpcGateway, grpcServer)
-	if err != nil {
-		return err
+func (a *API) RegisterService(ctx context.Context, srv server.Server) error {
+	switch service := srv.(type) {
+	case server.GrpcServer:
+		service.RegisterServer(a.grpcServer)
+	case server.ConnectServer:
+		a.registerConnectServer(service)
 	}
-	a.verifier.RegisterServer(grpcServer.AppName(), grpcServer.MethodPrefix(), grpcServer.AuthMethods())
-	a.healthServer.SetServingStatus(grpcServer.MethodPrefix(), healthpb.HealthCheckResponse_SERVING)
+	if withGateway, ok := srv.(server.WithGateway); ok {
+		err := server.RegisterGateway(ctx, a.grpcGateway, withGateway)
+		if err != nil {
+			return err
+		}
+	}
+	a.verifier.RegisterServer(srv.AppName(), srv.MethodPrefix(), srv.AuthMethods())
+	a.healthServer.SetServingStatus(srv.MethodPrefix(), healthpb.HealthCheckResponse_SERVING)
 	return nil
 }
 
+func (a *API) registerConnectServer(service server.ConnectServer) {
+	prefix, handler := service.RegisterConnectServer(
+		connect_middleware.CallDurationHandler(),
+		connect_middleware.MetricsHandler(metricTypes, grpc_api.Probes...),
+		connect_middleware.NoCacheInterceptor(),
+		connect_middleware.InstanceInterceptor(a.queries, a.externalDomain, system_pb.SystemService_ServiceDesc.ServiceName, healthpb.Health_ServiceDesc.ServiceName),
+		connect_middleware.AccessStorageInterceptor(a.accessInterceptor.AccessService()),
+		connect_middleware.ErrorHandler(),
+		connect_middleware.LimitsInterceptor(system_pb.SystemService_ServiceDesc.ServiceName),
+		connect_middleware.AuthorizationInterceptor(a.verifier, a.systemAuthZ, a.authConfig),
+		connect_middleware.TranslationHandler(),
+		connect_middleware.QuotaExhaustedInterceptor(a.accessInterceptor.AccessService(), system_pb.SystemService_ServiceDesc.ServiceName),
+		connect_middleware.ExecutionHandler(a.queries),
+		connect_middleware.ValidationHandler(),
+		connect_middleware.ServiceHandler(),
+		connect_middleware.ActivityInterceptor(),
+	)
+	methods := service.FileDescriptor().Services().Get(0).Methods()
+	methodNames := make([]string, methods.Len())
+	for i := 0; i < methods.Len(); i++ {
+		methodNames[i] = string(methods.Get(i).Name())
+	}
+	a.connectServices[prefix] = methodNames
+	a.RegisterHandlerPrefixes(handler, prefix)
+}
+
 // HandleFunc allows registering a [http.HandlerFunc] on an exact
 // path, instead of prefix like RegisterHandlerOnPrefix.
 func (a *API) HandleFunc(path string, f http.HandlerFunc) {
@@ -173,6 +235,9 @@ func (a *API) registerHealthServer() {
 }
 
 func (a *API) RouteGRPC() {
+	// since all services are now registered, we can build the grpc server reflection and register the handler
+	a.serverReflection()
+
 	http2Route := a.router.
 		MatcherFunc(func(r *http.Request, _ *mux.RouteMatch) bool {
 			return r.ProtoMajor == 2
diff --git a/internal/api/grpc/action/v2beta/execution.go b/internal/api/grpc/action/v2beta/execution.go
index 5477a8128e..3b49ebb364 100644
--- a/internal/api/grpc/action/v2beta/execution.go
+++ b/internal/api/grpc/action/v2beta/execution.go
@@ -3,6 +3,7 @@ package action
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -13,8 +14,8 @@ import (
 	action "github.com/zitadel/zitadel/pkg/grpc/action/v2beta"
 )
 
-func (s *Server) SetExecution(ctx context.Context, req *action.SetExecutionRequest) (*action.SetExecutionResponse, error) {
-	reqTargets := req.GetTargets()
+func (s *Server) SetExecution(ctx context.Context, req *connect.Request[action.SetExecutionRequest]) (*connect.Response[action.SetExecutionResponse], error) {
+	reqTargets := req.Msg.GetTargets()
 	targets := make([]*execution.Target, len(reqTargets))
 	for i, target := range reqTargets {
 		targets[i] = &execution.Target{Type: domain.ExecutionTargetTypeTarget, Target: target}
@@ -25,7 +26,7 @@ func (s *Server) SetExecution(ctx context.Context, req *action.SetExecutionReque
 	var err error
 	var details *domain.ObjectDetails
 	instanceID := authz.GetInstance(ctx).InstanceID()
-	switch t := req.GetCondition().GetConditionType().(type) {
+	switch t := req.Msg.GetCondition().GetConditionType().(type) {
 	case *action.Condition_Request:
 		cond := executionConditionFromRequest(t.Request)
 		details, err = s.command.SetExecutionRequest(ctx, cond, set, instanceID)
@@ -43,27 +44,27 @@ func (s *Server) SetExecution(ctx context.Context, req *action.SetExecutionReque
 	if err != nil {
 		return nil, err
 	}
-	return &action.SetExecutionResponse{
+	return connect.NewResponse(&action.SetExecutionResponse{
 		SetDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListExecutionFunctions(ctx context.Context, _ *action.ListExecutionFunctionsRequest) (*action.ListExecutionFunctionsResponse, error) {
-	return &action.ListExecutionFunctionsResponse{
+func (s *Server) ListExecutionFunctions(ctx context.Context, _ *connect.Request[action.ListExecutionFunctionsRequest]) (*connect.Response[action.ListExecutionFunctionsResponse], error) {
+	return connect.NewResponse(&action.ListExecutionFunctionsResponse{
 		Functions: s.ListActionFunctions(),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListExecutionMethods(ctx context.Context, _ *action.ListExecutionMethodsRequest) (*action.ListExecutionMethodsResponse, error) {
-	return &action.ListExecutionMethodsResponse{
+func (s *Server) ListExecutionMethods(ctx context.Context, _ *connect.Request[action.ListExecutionMethodsRequest]) (*connect.Response[action.ListExecutionMethodsResponse], error) {
+	return connect.NewResponse(&action.ListExecutionMethodsResponse{
 		Methods: s.ListGRPCMethods(),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListExecutionServices(ctx context.Context, _ *action.ListExecutionServicesRequest) (*action.ListExecutionServicesResponse, error) {
-	return &action.ListExecutionServicesResponse{
+func (s *Server) ListExecutionServices(ctx context.Context, _ *connect.Request[action.ListExecutionServicesRequest]) (*connect.Response[action.ListExecutionServicesResponse], error) {
+	return connect.NewResponse(&action.ListExecutionServicesResponse{
 		Services: s.ListGRPCServices(),
-	}, nil
+	}), nil
 }
 
 func executionConditionFromRequest(request *action.RequestExecution) *command.ExecutionAPICondition {
diff --git a/internal/api/grpc/action/v2beta/query.go b/internal/api/grpc/action/v2beta/query.go
index 1dbe80a8f7..9428b6ab7b 100644
--- a/internal/api/grpc/action/v2beta/query.go
+++ b/internal/api/grpc/action/v2beta/query.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"strings"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
@@ -22,14 +23,14 @@ const (
 	conditionIDEventGroupSegmentCount             = 1
 )
 
-func (s *Server) GetTarget(ctx context.Context, req *action.GetTargetRequest) (*action.GetTargetResponse, error) {
-	resp, err := s.query.GetTargetByID(ctx, req.GetId())
+func (s *Server) GetTarget(ctx context.Context, req *connect.Request[action.GetTargetRequest]) (*connect.Response[action.GetTargetResponse], error) {
+	resp, err := s.query.GetTargetByID(ctx, req.Msg.GetId())
 	if err != nil {
 		return nil, err
 	}
-	return &action.GetTargetResponse{
+	return connect.NewResponse(&action.GetTargetResponse{
 		Target: targetToPb(resp),
-	}, nil
+	}), nil
 }
 
 type InstanceContext interface {
@@ -41,8 +42,8 @@ type Context interface {
 	GetOwner() InstanceContext
 }
 
-func (s *Server) ListTargets(ctx context.Context, req *action.ListTargetsRequest) (*action.ListTargetsResponse, error) {
-	queries, err := s.ListTargetsRequestToModel(req)
+func (s *Server) ListTargets(ctx context.Context, req *connect.Request[action.ListTargetsRequest]) (*connect.Response[action.ListTargetsResponse], error) {
+	queries, err := s.ListTargetsRequestToModel(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -50,14 +51,14 @@ func (s *Server) ListTargets(ctx context.Context, req *action.ListTargetsRequest
 	if err != nil {
 		return nil, err
 	}
-	return &action.ListTargetsResponse{
+	return connect.NewResponse(&action.ListTargetsResponse{
 		Result:     targetsToPb(resp.Targets),
 		Pagination: filter.QueryToPaginationPb(queries.SearchRequest, resp.SearchResponse),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListExecutions(ctx context.Context, req *action.ListExecutionsRequest) (*action.ListExecutionsResponse, error) {
-	queries, err := s.ListExecutionsRequestToModel(req)
+func (s *Server) ListExecutions(ctx context.Context, req *connect.Request[action.ListExecutionsRequest]) (*connect.Response[action.ListExecutionsResponse], error) {
+	queries, err := s.ListExecutionsRequestToModel(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -65,10 +66,10 @@ func (s *Server) ListExecutions(ctx context.Context, req *action.ListExecutionsR
 	if err != nil {
 		return nil, err
 	}
-	return &action.ListExecutionsResponse{
+	return connect.NewResponse(&action.ListExecutionsResponse{
 		Result:     executionsToPb(resp.Executions),
 		Pagination: filter.QueryToPaginationPb(queries.SearchRequest, resp.SearchResponse),
-	}, nil
+	}), nil
 }
 
 func targetsToPb(targets []*query.Target) []*action.Target {
diff --git a/internal/api/grpc/action/v2beta/server.go b/internal/api/grpc/action/v2beta/server.go
index ef0d8eb2ba..440bf842ca 100644
--- a/internal/api/grpc/action/v2beta/server.go
+++ b/internal/api/grpc/action/v2beta/server.go
@@ -1,7 +1,10 @@
 package action
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
@@ -9,12 +12,12 @@ import (
 	"github.com/zitadel/zitadel/internal/config/systemdefaults"
 	"github.com/zitadel/zitadel/internal/query"
 	action "github.com/zitadel/zitadel/pkg/grpc/action/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/action/v2beta/actionconnect"
 )
 
-var _ action.ActionServiceServer = (*Server)(nil)
+var _ actionconnect.ActionServiceHandler = (*Server)(nil)
 
 type Server struct {
-	action.UnimplementedActionServiceServer
 	systemDefaults      systemdefaults.SystemDefaults
 	command             *command.Commands
 	query               *query.Queries
@@ -43,8 +46,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	action.RegisterActionServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return actionconnect.NewActionServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return action.File_zitadel_action_v2beta_action_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/action/v2beta/target.go b/internal/api/grpc/action/v2beta/target.go
index 26c88b9683..b13f3461f0 100644
--- a/internal/api/grpc/action/v2beta/target.go
+++ b/internal/api/grpc/action/v2beta/target.go
@@ -3,6 +3,7 @@ package action
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"github.com/muhlemmer/gu"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
@@ -13,8 +14,8 @@ import (
 	action "github.com/zitadel/zitadel/pkg/grpc/action/v2beta"
 )
 
-func (s *Server) CreateTarget(ctx context.Context, req *action.CreateTargetRequest) (*action.CreateTargetResponse, error) {
-	add := createTargetToCommand(req)
+func (s *Server) CreateTarget(ctx context.Context, req *connect.Request[action.CreateTargetRequest]) (*connect.Response[action.CreateTargetResponse], error) {
+	add := createTargetToCommand(req.Msg)
 	instanceID := authz.GetInstance(ctx).InstanceID()
 	createdAt, err := s.command.AddTarget(ctx, add, instanceID)
 	if err != nil {
@@ -24,16 +25,16 @@ func (s *Server) CreateTarget(ctx context.Context, req *action.CreateTargetReque
 	if !createdAt.IsZero() {
 		creationDate = timestamppb.New(createdAt)
 	}
-	return &action.CreateTargetResponse{
+	return connect.NewResponse(&action.CreateTargetResponse{
 		Id:           add.AggregateID,
 		CreationDate: creationDate,
 		SigningKey:   add.SigningKey,
-	}, nil
+	}), nil
 }
 
-func (s *Server) UpdateTarget(ctx context.Context, req *action.UpdateTargetRequest) (*action.UpdateTargetResponse, error) {
+func (s *Server) UpdateTarget(ctx context.Context, req *connect.Request[action.UpdateTargetRequest]) (*connect.Response[action.UpdateTargetResponse], error) {
 	instanceID := authz.GetInstance(ctx).InstanceID()
-	update := updateTargetToCommand(req)
+	update := updateTargetToCommand(req.Msg)
 	changedAt, err := s.command.ChangeTarget(ctx, update, instanceID)
 	if err != nil {
 		return nil, err
@@ -42,15 +43,15 @@ func (s *Server) UpdateTarget(ctx context.Context, req *action.UpdateTargetReque
 	if !changedAt.IsZero() {
 		changeDate = timestamppb.New(changedAt)
 	}
-	return &action.UpdateTargetResponse{
+	return connect.NewResponse(&action.UpdateTargetResponse{
 		ChangeDate: changeDate,
 		SigningKey: update.SigningKey,
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeleteTarget(ctx context.Context, req *action.DeleteTargetRequest) (*action.DeleteTargetResponse, error) {
+func (s *Server) DeleteTarget(ctx context.Context, req *connect.Request[action.DeleteTargetRequest]) (*connect.Response[action.DeleteTargetResponse], error) {
 	instanceID := authz.GetInstance(ctx).InstanceID()
-	deletedAt, err := s.command.DeleteTarget(ctx, req.GetId(), instanceID)
+	deletedAt, err := s.command.DeleteTarget(ctx, req.Msg.GetId(), instanceID)
 	if err != nil {
 		return nil, err
 	}
@@ -58,9 +59,9 @@ func (s *Server) DeleteTarget(ctx context.Context, req *action.DeleteTargetReque
 	if !deletedAt.IsZero() {
 		deletionDate = timestamppb.New(deletedAt)
 	}
-	return &action.DeleteTargetResponse{
+	return connect.NewResponse(&action.DeleteTargetResponse{
 		DeletionDate: deletionDate,
-	}, nil
+	}), nil
 }
 
 func createTargetToCommand(req *action.CreateTargetRequest) *command.AddTarget {
diff --git a/internal/api/grpc/app/v2beta/app.go b/internal/api/grpc/app/v2beta/app.go
index 48c602f454..e751bf503f 100644
--- a/internal/api/grpc/app/v2beta/app.go
+++ b/internal/api/grpc/app/v2beta/app.go
@@ -5,6 +5,7 @@ import (
 	"strings"
 	"time"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/api/grpc/app/v2beta/convert"
@@ -13,15 +14,15 @@ import (
 	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
 )
 
-func (s *Server) CreateApplication(ctx context.Context, req *app.CreateApplicationRequest) (*app.CreateApplicationResponse, error) {
-	switch t := req.GetCreationRequestType().(type) {
+func (s *Server) CreateApplication(ctx context.Context, req *connect.Request[app.CreateApplicationRequest]) (*connect.Response[app.CreateApplicationResponse], error) {
+	switch t := req.Msg.GetCreationRequestType().(type) {
 	case *app.CreateApplicationRequest_ApiRequest:
-		apiApp, err := s.command.AddAPIApplication(ctx, convert.CreateAPIApplicationRequestToDomain(req.GetName(), req.GetProjectId(), req.GetId(), t.ApiRequest), "")
+		apiApp, err := s.command.AddAPIApplication(ctx, convert.CreateAPIApplicationRequestToDomain(req.Msg.GetName(), req.Msg.GetProjectId(), req.Msg.GetId(), t.ApiRequest), "")
 		if err != nil {
 			return nil, err
 		}
 
-		return &app.CreateApplicationResponse{
+		return connect.NewResponse(&app.CreateApplicationResponse{
 			AppId:        apiApp.AppID,
 			CreationDate: timestamppb.New(apiApp.ChangeDate),
 			CreationResponseType: &app.CreateApplicationResponse_ApiResponse{
@@ -30,10 +31,10 @@ func (s *Server) CreateApplication(ctx context.Context, req *app.CreateApplicati
 					ClientSecret: apiApp.ClientSecretString,
 				},
 			},
-		}, nil
+		}), nil
 
 	case *app.CreateApplicationRequest_OidcRequest:
-		oidcAppRequest, err := convert.CreateOIDCAppRequestToDomain(req.GetName(), req.GetProjectId(), req.GetOidcRequest())
+		oidcAppRequest, err := convert.CreateOIDCAppRequestToDomain(req.Msg.GetName(), req.Msg.GetProjectId(), req.Msg.GetOidcRequest())
 		if err != nil {
 			return nil, err
 		}
@@ -43,7 +44,7 @@ func (s *Server) CreateApplication(ctx context.Context, req *app.CreateApplicati
 			return nil, err
 		}
 
-		return &app.CreateApplicationResponse{
+		return connect.NewResponse(&app.CreateApplicationResponse{
 			AppId:        oidcApp.AppID,
 			CreationDate: timestamppb.New(oidcApp.ChangeDate),
 			CreationResponseType: &app.CreateApplicationResponse_OidcResponse{
@@ -54,10 +55,10 @@ func (s *Server) CreateApplication(ctx context.Context, req *app.CreateApplicati
 					ComplianceProblems: convert.ComplianceProblemsToLocalizedMessages(oidcApp.Compliance.Problems),
 				},
 			},
-		}, nil
+		}), nil
 
 	case *app.CreateApplicationRequest_SamlRequest:
-		samlAppRequest, err := convert.CreateSAMLAppRequestToDomain(req.GetName(), req.GetProjectId(), req.GetSamlRequest())
+		samlAppRequest, err := convert.CreateSAMLAppRequestToDomain(req.Msg.GetName(), req.Msg.GetProjectId(), req.Msg.GetSamlRequest())
 		if err != nil {
 			return nil, err
 		}
@@ -67,27 +68,27 @@ func (s *Server) CreateApplication(ctx context.Context, req *app.CreateApplicati
 			return nil, err
 		}
 
-		return &app.CreateApplicationResponse{
+		return connect.NewResponse(&app.CreateApplicationResponse{
 			AppId:        samlApp.AppID,
 			CreationDate: timestamppb.New(samlApp.ChangeDate),
 			CreationResponseType: &app.CreateApplicationResponse_SamlResponse{
 				SamlResponse: &app.CreateSAMLApplicationResponse{},
 			},
-		}, nil
+		}), nil
 	default:
 		return nil, zerrors.ThrowInvalidArgument(nil, "APP-0iiN46", "unknown app type")
 	}
 }
 
-func (s *Server) UpdateApplication(ctx context.Context, req *app.UpdateApplicationRequest) (*app.UpdateApplicationResponse, error) {
+func (s *Server) UpdateApplication(ctx context.Context, req *connect.Request[app.UpdateApplicationRequest]) (*connect.Response[app.UpdateApplicationResponse], error) {
 	var changedTime time.Time
 
-	if name := strings.TrimSpace(req.GetName()); name != "" {
+	if name := strings.TrimSpace(req.Msg.GetName()); name != "" {
 		updatedDetails, err := s.command.UpdateApplicationName(
 			ctx,
-			req.GetProjectId(),
+			req.Msg.GetProjectId(),
 			&domain.ChangeApp{
-				AppID:   req.GetId(),
+				AppID:   req.Msg.GetId(),
 				AppName: name,
 			},
 			"",
@@ -99,9 +100,9 @@ func (s *Server) UpdateApplication(ctx context.Context, req *app.UpdateApplicati
 		changedTime = updatedDetails.EventDate
 	}
 
-	switch t := req.GetUpdateRequestType().(type) {
+	switch t := req.Msg.GetUpdateRequestType().(type) {
 	case *app.UpdateApplicationRequest_ApiConfigurationRequest:
-		updatedAPIApp, err := s.command.UpdateAPIApplication(ctx, convert.UpdateAPIApplicationConfigurationRequestToDomain(req.GetId(), req.GetProjectId(), t.ApiConfigurationRequest), "")
+		updatedAPIApp, err := s.command.UpdateAPIApplication(ctx, convert.UpdateAPIApplicationConfigurationRequestToDomain(req.Msg.GetId(), req.Msg.GetProjectId(), t.ApiConfigurationRequest), "")
 		if err != nil {
 			return nil, err
 		}
@@ -109,7 +110,7 @@ func (s *Server) UpdateApplication(ctx context.Context, req *app.UpdateApplicati
 		changedTime = updatedAPIApp.ChangeDate
 
 	case *app.UpdateApplicationRequest_OidcConfigurationRequest:
-		oidcApp, err := convert.UpdateOIDCAppConfigRequestToDomain(req.GetId(), req.GetProjectId(), t.OidcConfigurationRequest)
+		oidcApp, err := convert.UpdateOIDCAppConfigRequestToDomain(req.Msg.GetId(), req.Msg.GetProjectId(), t.OidcConfigurationRequest)
 		if err != nil {
 			return nil, err
 		}
@@ -122,7 +123,7 @@ func (s *Server) UpdateApplication(ctx context.Context, req *app.UpdateApplicati
 		changedTime = updatedOIDCApp.ChangeDate
 
 	case *app.UpdateApplicationRequest_SamlConfigurationRequest:
-		samlApp, err := convert.UpdateSAMLAppConfigRequestToDomain(req.GetId(), req.GetProjectId(), t.SamlConfigurationRequest)
+		samlApp, err := convert.UpdateSAMLAppConfigRequestToDomain(req.Msg.GetId(), req.Msg.GetProjectId(), t.SamlConfigurationRequest)
 		if err != nil {
 			return nil, err
 		}
@@ -135,53 +136,53 @@ func (s *Server) UpdateApplication(ctx context.Context, req *app.UpdateApplicati
 		changedTime = updatedSAMLApp.ChangeDate
 	}
 
-	return &app.UpdateApplicationResponse{
+	return connect.NewResponse(&app.UpdateApplicationResponse{
 		ChangeDate: timestamppb.New(changedTime),
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeleteApplication(ctx context.Context, req *app.DeleteApplicationRequest) (*app.DeleteApplicationResponse, error) {
-	details, err := s.command.RemoveApplication(ctx, req.GetProjectId(), req.GetId(), "")
+func (s *Server) DeleteApplication(ctx context.Context, req *connect.Request[app.DeleteApplicationRequest]) (*connect.Response[app.DeleteApplicationResponse], error) {
+	details, err := s.command.RemoveApplication(ctx, req.Msg.GetProjectId(), req.Msg.GetId(), "")
 	if err != nil {
 		return nil, err
 	}
 
-	return &app.DeleteApplicationResponse{
+	return connect.NewResponse(&app.DeleteApplicationResponse{
 		DeletionDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeactivateApplication(ctx context.Context, req *app.DeactivateApplicationRequest) (*app.DeactivateApplicationResponse, error) {
-	details, err := s.command.DeactivateApplication(ctx, req.GetProjectId(), req.GetId(), "")
+func (s *Server) DeactivateApplication(ctx context.Context, req *connect.Request[app.DeactivateApplicationRequest]) (*connect.Response[app.DeactivateApplicationResponse], error) {
+	details, err := s.command.DeactivateApplication(ctx, req.Msg.GetProjectId(), req.Msg.GetId(), "")
 	if err != nil {
 		return nil, err
 	}
 
-	return &app.DeactivateApplicationResponse{
+	return connect.NewResponse(&app.DeactivateApplicationResponse{
 		DeactivationDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 
 }
 
-func (s *Server) ReactivateApplication(ctx context.Context, req *app.ReactivateApplicationRequest) (*app.ReactivateApplicationResponse, error) {
-	details, err := s.command.ReactivateApplication(ctx, req.GetProjectId(), req.GetId(), "")
+func (s *Server) ReactivateApplication(ctx context.Context, req *connect.Request[app.ReactivateApplicationRequest]) (*connect.Response[app.ReactivateApplicationResponse], error) {
+	details, err := s.command.ReactivateApplication(ctx, req.Msg.GetProjectId(), req.Msg.GetId(), "")
 	if err != nil {
 		return nil, err
 	}
 
-	return &app.ReactivateApplicationResponse{
+	return connect.NewResponse(&app.ReactivateApplicationResponse{
 		ReactivationDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 
 }
 
-func (s *Server) RegenerateClientSecret(ctx context.Context, req *app.RegenerateClientSecretRequest) (*app.RegenerateClientSecretResponse, error) {
+func (s *Server) RegenerateClientSecret(ctx context.Context, req *connect.Request[app.RegenerateClientSecretRequest]) (*connect.Response[app.RegenerateClientSecretResponse], error) {
 	var secret string
 	var changeDate time.Time
 
-	switch req.GetAppType().(type) {
+	switch req.Msg.GetAppType().(type) {
 	case *app.RegenerateClientSecretRequest_IsApi:
-		config, err := s.command.ChangeAPIApplicationSecret(ctx, req.GetProjectId(), req.GetApplicationId(), "")
+		config, err := s.command.ChangeAPIApplicationSecret(ctx, req.Msg.GetProjectId(), req.Msg.GetApplicationId(), "")
 		if err != nil {
 			return nil, err
 		}
@@ -189,7 +190,7 @@ func (s *Server) RegenerateClientSecret(ctx context.Context, req *app.Regenerate
 		changeDate = config.ChangeDate
 
 	case *app.RegenerateClientSecretRequest_IsOidc:
-		config, err := s.command.ChangeOIDCApplicationSecret(ctx, req.GetProjectId(), req.GetApplicationId(), "")
+		config, err := s.command.ChangeOIDCApplicationSecret(ctx, req.Msg.GetProjectId(), req.Msg.GetApplicationId(), "")
 		if err != nil {
 			return nil, err
 		}
@@ -201,8 +202,8 @@ func (s *Server) RegenerateClientSecret(ctx context.Context, req *app.Regenerate
 		return nil, zerrors.ThrowInvalidArgument(nil, "APP-aLWIzw", "unknown app type")
 	}
 
-	return &app.RegenerateClientSecretResponse{
+	return connect.NewResponse(&app.RegenerateClientSecretResponse{
 		ClientSecret: secret,
 		CreationDate: timestamppb.New(changeDate),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/app/v2beta/app_key.go b/internal/api/grpc/app/v2beta/app_key.go
index 8c0c1989b2..087ff90916 100644
--- a/internal/api/grpc/app/v2beta/app_key.go
+++ b/internal/api/grpc/app/v2beta/app_key.go
@@ -4,14 +4,15 @@ import (
 	"context"
 	"strings"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/api/grpc/app/v2beta/convert"
 	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
 )
 
-func (s *Server) CreateApplicationKey(ctx context.Context, req *app.CreateApplicationKeyRequest) (*app.CreateApplicationKeyResponse, error) {
-	domainReq := convert.CreateAPIClientKeyRequestToDomain(req)
+func (s *Server) CreateApplicationKey(ctx context.Context, req *connect.Request[app.CreateApplicationKeyRequest]) (*connect.Response[app.CreateApplicationKeyResponse], error) {
+	domainReq := convert.CreateAPIClientKeyRequestToDomain(req.Msg)
 
 	appKey, err := s.command.AddApplicationKey(ctx, domainReq, "")
 	if err != nil {
@@ -23,25 +24,25 @@ func (s *Server) CreateApplicationKey(ctx context.Context, req *app.CreateApplic
 		return nil, err
 	}
 
-	return &app.CreateApplicationKeyResponse{
+	return connect.NewResponse(&app.CreateApplicationKeyResponse{
 		Id:           appKey.KeyID,
 		CreationDate: timestamppb.New(appKey.ChangeDate),
 		KeyDetails:   keyDetails,
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeleteApplicationKey(ctx context.Context, req *app.DeleteApplicationKeyRequest) (*app.DeleteApplicationKeyResponse, error) {
+func (s *Server) DeleteApplicationKey(ctx context.Context, req *connect.Request[app.DeleteApplicationKeyRequest]) (*connect.Response[app.DeleteApplicationKeyResponse], error) {
 	deletionDetails, err := s.command.RemoveApplicationKey(ctx,
-		strings.TrimSpace(req.GetProjectId()),
-		strings.TrimSpace(req.GetApplicationId()),
-		strings.TrimSpace(req.GetId()),
-		strings.TrimSpace(req.GetOrganizationId()),
+		strings.TrimSpace(req.Msg.GetProjectId()),
+		strings.TrimSpace(req.Msg.GetApplicationId()),
+		strings.TrimSpace(req.Msg.GetId()),
+		strings.TrimSpace(req.Msg.GetOrganizationId()),
 	)
 	if err != nil {
 		return nil, err
 	}
 
-	return &app.DeleteApplicationKeyResponse{
+	return connect.NewResponse(&app.DeleteApplicationKeyResponse{
 		DeletionDate: timestamppb.New(deletionDetails.EventDate),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/app/v2beta/query.go b/internal/api/grpc/app/v2beta/query.go
index 2926884520..ab2a98d14a 100644
--- a/internal/api/grpc/app/v2beta/query.go
+++ b/internal/api/grpc/app/v2beta/query.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"strings"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/api/grpc/app/v2beta/convert"
@@ -12,19 +13,19 @@ import (
 	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
 )
 
-func (s *Server) GetApplication(ctx context.Context, req *app.GetApplicationRequest) (*app.GetApplicationResponse, error) {
-	res, err := s.query.AppByIDWithPermission(ctx, req.GetId(), false, s.checkPermission)
+func (s *Server) GetApplication(ctx context.Context, req *connect.Request[app.GetApplicationRequest]) (*connect.Response[app.GetApplicationResponse], error) {
+	res, err := s.query.AppByIDWithPermission(ctx, req.Msg.GetId(), false, s.checkPermission)
 	if err != nil {
 		return nil, err
 	}
 
-	return &app.GetApplicationResponse{
+	return connect.NewResponse(&app.GetApplicationResponse{
 		App: convert.AppToPb(res),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListApplications(ctx context.Context, req *app.ListApplicationsRequest) (*app.ListApplicationsResponse, error) {
-	queries, err := convert.ListApplicationsRequestToModel(s.systemDefaults, req)
+func (s *Server) ListApplications(ctx context.Context, req *connect.Request[app.ListApplicationsRequest]) (*connect.Response[app.ListApplicationsResponse], error) {
+	queries, err := convert.ListApplicationsRequestToModel(s.systemDefaults, req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -34,32 +35,32 @@ func (s *Server) ListApplications(ctx context.Context, req *app.ListApplications
 		return nil, err
 	}
 
-	return &app.ListApplicationsResponse{
+	return connect.NewResponse(&app.ListApplicationsResponse{
 		Applications: convert.AppsToPb(res.Apps),
 		Pagination:   filter.QueryToPaginationPb(queries.SearchRequest, res.SearchResponse),
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetApplicationKey(ctx context.Context, req *app.GetApplicationKeyRequest) (*app.GetApplicationKeyResponse, error) {
-	queries, err := convert.GetApplicationKeyQueriesRequestToDomain(req.GetOrganizationId(), req.GetProjectId(), req.GetApplicationId())
+func (s *Server) GetApplicationKey(ctx context.Context, req *connect.Request[app.GetApplicationKeyRequest]) (*connect.Response[app.GetApplicationKeyResponse], error) {
+	queries, err := convert.GetApplicationKeyQueriesRequestToDomain(req.Msg.GetOrganizationId(), req.Msg.GetProjectId(), req.Msg.GetApplicationId())
 	if err != nil {
 		return nil, err
 	}
 
-	key, err := s.query.GetAuthNKeyByIDWithPermission(ctx, true, strings.TrimSpace(req.GetId()), s.checkPermission, queries...)
+	key, err := s.query.GetAuthNKeyByIDWithPermission(ctx, true, strings.TrimSpace(req.Msg.GetId()), s.checkPermission, queries...)
 	if err != nil {
 		return nil, err
 	}
 
-	return &app.GetApplicationKeyResponse{
+	return connect.NewResponse(&app.GetApplicationKeyResponse{
 		Id:             key.ID,
 		CreationDate:   timestamppb.New(key.CreationDate),
 		ExpirationDate: timestamppb.New(key.Expiration),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListApplicationKeys(ctx context.Context, req *app.ListApplicationKeysRequest) (*app.ListApplicationKeysResponse, error) {
-	queries, err := convert.ListApplicationKeysRequestToDomain(s.systemDefaults, req)
+func (s *Server) ListApplicationKeys(ctx context.Context, req *connect.Request[app.ListApplicationKeysRequest]) (*connect.Response[app.ListApplicationKeysResponse], error) {
+	queries, err := convert.ListApplicationKeysRequestToDomain(s.systemDefaults, req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -69,8 +70,8 @@ func (s *Server) ListApplicationKeys(ctx context.Context, req *app.ListApplicati
 		return nil, err
 	}
 
-	return &app.ListApplicationKeysResponse{
+	return connect.NewResponse(&app.ListApplicationKeysResponse{
 		Keys:       convert.ApplicationKeysToPb(res.AuthNKeys),
 		Pagination: filter.QueryToPaginationPb(queries.SearchRequest, res.SearchResponse),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/app/v2beta/server.go b/internal/api/grpc/app/v2beta/server.go
index 8343cbe404..54842070cb 100644
--- a/internal/api/grpc/app/v2beta/server.go
+++ b/internal/api/grpc/app/v2beta/server.go
@@ -1,21 +1,23 @@
 package app
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
-	"github.com/zitadel/zitadel/internal/api/grpc/server"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/config/systemdefaults"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/app/v2beta/appconnect"
 )
 
-var _ app.AppServiceServer = (*Server)(nil)
+var _ appconnect.AppServiceHandler = (*Server)(nil)
 
 type Server struct {
-	app.UnimplementedAppServiceServer
 	command         *command.Commands
 	query           *query.Queries
 	systemDefaults  systemdefaults.SystemDefaults
@@ -36,8 +38,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	app.RegisterAppServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return appconnect.NewAppServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return app.File_zitadel_app_v2beta_app_service_proto
 }
 
 func (s *Server) AppName() string {
@@ -51,7 +57,3 @@ func (s *Server) MethodPrefix() string {
 func (s *Server) AuthMethods() authz.MethodMapping {
 	return app.AppService_AuthMethods
 }
-
-func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
-	return app.RegisterAppServiceHandler
-}
diff --git a/internal/api/grpc/feature/v2/feature.go b/internal/api/grpc/feature/v2/feature.go
index f4527689fc..f450f734e4 100644
--- a/internal/api/grpc/feature/v2/feature.go
+++ b/internal/api/grpc/feature/v2/feature.go
@@ -3,6 +3,7 @@ package feature
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 
@@ -10,8 +11,8 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
 )
 
-func (s *Server) SetSystemFeatures(ctx context.Context, req *feature.SetSystemFeaturesRequest) (_ *feature.SetSystemFeaturesResponse, err error) {
-	features, err := systemFeaturesToCommand(req)
+func (s *Server) SetSystemFeatures(ctx context.Context, req *connect.Request[feature.SetSystemFeaturesRequest]) (_ *connect.Response[feature.SetSystemFeaturesResponse], err error) {
+	features, err := systemFeaturesToCommand(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -19,31 +20,31 @@ func (s *Server) SetSystemFeatures(ctx context.Context, req *feature.SetSystemFe
 	if err != nil {
 		return nil, err
 	}
-	return &feature.SetSystemFeaturesResponse{
+	return connect.NewResponse(&feature.SetSystemFeaturesResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ResetSystemFeatures(ctx context.Context, req *feature.ResetSystemFeaturesRequest) (_ *feature.ResetSystemFeaturesResponse, err error) {
+func (s *Server) ResetSystemFeatures(ctx context.Context, req *connect.Request[feature.ResetSystemFeaturesRequest]) (_ *connect.Response[feature.ResetSystemFeaturesResponse], err error) {
 	details, err := s.command.ResetSystemFeatures(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return &feature.ResetSystemFeaturesResponse{
+	return connect.NewResponse(&feature.ResetSystemFeaturesResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetSystemFeatures(ctx context.Context, req *feature.GetSystemFeaturesRequest) (_ *feature.GetSystemFeaturesResponse, err error) {
+func (s *Server) GetSystemFeatures(ctx context.Context, req *connect.Request[feature.GetSystemFeaturesRequest]) (_ *connect.Response[feature.GetSystemFeaturesResponse], err error) {
 	f, err := s.query.GetSystemFeatures(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return systemFeaturesToPb(f), nil
+	return connect.NewResponse(systemFeaturesToPb(f)), nil
 }
 
-func (s *Server) SetInstanceFeatures(ctx context.Context, req *feature.SetInstanceFeaturesRequest) (_ *feature.SetInstanceFeaturesResponse, err error) {
-	features, err := instanceFeaturesToCommand(req)
+func (s *Server) SetInstanceFeatures(ctx context.Context, req *connect.Request[feature.SetInstanceFeaturesRequest]) (_ *connect.Response[feature.SetInstanceFeaturesResponse], err error) {
+	features, err := instanceFeaturesToCommand(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -51,44 +52,44 @@ func (s *Server) SetInstanceFeatures(ctx context.Context, req *feature.SetInstan
 	if err != nil {
 		return nil, err
 	}
-	return &feature.SetInstanceFeaturesResponse{
+	return connect.NewResponse(&feature.SetInstanceFeaturesResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ResetInstanceFeatures(ctx context.Context, req *feature.ResetInstanceFeaturesRequest) (_ *feature.ResetInstanceFeaturesResponse, err error) {
+func (s *Server) ResetInstanceFeatures(ctx context.Context, req *connect.Request[feature.ResetInstanceFeaturesRequest]) (_ *connect.Response[feature.ResetInstanceFeaturesResponse], err error) {
 	details, err := s.command.ResetInstanceFeatures(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return &feature.ResetInstanceFeaturesResponse{
+	return connect.NewResponse(&feature.ResetInstanceFeaturesResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetInstanceFeatures(ctx context.Context, req *feature.GetInstanceFeaturesRequest) (_ *feature.GetInstanceFeaturesResponse, err error) {
-	f, err := s.query.GetInstanceFeatures(ctx, req.GetInheritance())
+func (s *Server) GetInstanceFeatures(ctx context.Context, req *connect.Request[feature.GetInstanceFeaturesRequest]) (_ *connect.Response[feature.GetInstanceFeaturesResponse], err error) {
+	f, err := s.query.GetInstanceFeatures(ctx, req.Msg.GetInheritance())
 	if err != nil {
 		return nil, err
 	}
-	return instanceFeaturesToPb(f), nil
+	return connect.NewResponse(instanceFeaturesToPb(f)), nil
 }
 
-func (s *Server) SetOrganizationFeatures(ctx context.Context, req *feature.SetOrganizationFeaturesRequest) (_ *feature.SetOrganizationFeaturesResponse, err error) {
+func (s *Server) SetOrganizationFeatures(ctx context.Context, req *connect.Request[feature.SetOrganizationFeaturesRequest]) (_ *connect.Response[feature.SetOrganizationFeaturesResponse], err error) {
 	return nil, status.Errorf(codes.Unimplemented, "method SetOrganizationFeatures not implemented")
 }
-func (s *Server) ResetOrganizationFeatures(ctx context.Context, req *feature.ResetOrganizationFeaturesRequest) (_ *feature.ResetOrganizationFeaturesResponse, err error) {
+func (s *Server) ResetOrganizationFeatures(ctx context.Context, req *connect.Request[feature.ResetOrganizationFeaturesRequest]) (_ *connect.Response[feature.ResetOrganizationFeaturesResponse], err error) {
 	return nil, status.Errorf(codes.Unimplemented, "method ResetOrganizationFeatures not implemented")
 }
-func (s *Server) GetOrganizationFeatures(ctx context.Context, req *feature.GetOrganizationFeaturesRequest) (_ *feature.GetOrganizationFeaturesResponse, err error) {
+func (s *Server) GetOrganizationFeatures(ctx context.Context, req *connect.Request[feature.GetOrganizationFeaturesRequest]) (_ *connect.Response[feature.GetOrganizationFeaturesResponse], err error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetOrganizationFeatures not implemented")
 }
-func (s *Server) SetUserFeatures(ctx context.Context, req *feature.SetUserFeatureRequest) (_ *feature.SetUserFeaturesResponse, err error) {
+func (s *Server) SetUserFeatures(ctx context.Context, req *connect.Request[feature.SetUserFeatureRequest]) (_ *connect.Response[feature.SetUserFeaturesResponse], err error) {
 	return nil, status.Errorf(codes.Unimplemented, "method SetUserFeatures not implemented")
 }
-func (s *Server) ResetUserFeatures(ctx context.Context, req *feature.ResetUserFeaturesRequest) (_ *feature.ResetUserFeaturesResponse, err error) {
+func (s *Server) ResetUserFeatures(ctx context.Context, req *connect.Request[feature.ResetUserFeaturesRequest]) (_ *connect.Response[feature.ResetUserFeaturesResponse], err error) {
 	return nil, status.Errorf(codes.Unimplemented, "method ResetUserFeatures not implemented")
 }
-func (s *Server) GetUserFeatures(ctx context.Context, req *feature.GetUserFeaturesRequest) (_ *feature.GetUserFeaturesResponse, err error) {
+func (s *Server) GetUserFeatures(ctx context.Context, req *connect.Request[feature.GetUserFeaturesRequest]) (_ *connect.Response[feature.GetUserFeaturesResponse], err error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetUserFeatures not implemented")
 }
diff --git a/internal/api/grpc/feature/v2/server.go b/internal/api/grpc/feature/v2/server.go
index ab92df5822..3eb4cc6813 100644
--- a/internal/api/grpc/feature/v2/server.go
+++ b/internal/api/grpc/feature/v2/server.go
@@ -1,17 +1,22 @@
 package feature
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/feature/v2/featureconnect"
 )
 
+var _ featureconnect.FeatureServiceHandler = (*Server)(nil)
+
 type Server struct {
-	feature.UnimplementedFeatureServiceServer
 	command *command.Commands
 	query   *query.Queries
 }
@@ -26,8 +31,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	feature.RegisterFeatureServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return featureconnect.NewFeatureServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return feature.File_zitadel_feature_v2_feature_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/feature/v2beta/feature.go b/internal/api/grpc/feature/v2beta/feature.go
index b94f8e7de2..4ff51af883 100644
--- a/internal/api/grpc/feature/v2beta/feature.go
+++ b/internal/api/grpc/feature/v2beta/feature.go
@@ -3,6 +3,7 @@ package feature
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 
@@ -10,77 +11,77 @@ import (
 	feature "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta"
 )
 
-func (s *Server) SetSystemFeatures(ctx context.Context, req *feature.SetSystemFeaturesRequest) (_ *feature.SetSystemFeaturesResponse, err error) {
-	details, err := s.command.SetSystemFeatures(ctx, systemFeaturesToCommand(req))
+func (s *Server) SetSystemFeatures(ctx context.Context, req *connect.Request[feature.SetSystemFeaturesRequest]) (_ *connect.Response[feature.SetSystemFeaturesResponse], err error) {
+	details, err := s.command.SetSystemFeatures(ctx, systemFeaturesToCommand(req.Msg))
 	if err != nil {
 		return nil, err
 	}
-	return &feature.SetSystemFeaturesResponse{
+	return connect.NewResponse(&feature.SetSystemFeaturesResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ResetSystemFeatures(ctx context.Context, req *feature.ResetSystemFeaturesRequest) (_ *feature.ResetSystemFeaturesResponse, err error) {
+func (s *Server) ResetSystemFeatures(ctx context.Context, req *connect.Request[feature.ResetSystemFeaturesRequest]) (_ *connect.Response[feature.ResetSystemFeaturesResponse], err error) {
 	details, err := s.command.ResetSystemFeatures(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return &feature.ResetSystemFeaturesResponse{
+	return connect.NewResponse(&feature.ResetSystemFeaturesResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetSystemFeatures(ctx context.Context, req *feature.GetSystemFeaturesRequest) (_ *feature.GetSystemFeaturesResponse, err error) {
+func (s *Server) GetSystemFeatures(ctx context.Context, req *connect.Request[feature.GetSystemFeaturesRequest]) (_ *connect.Response[feature.GetSystemFeaturesResponse], err error) {
 	f, err := s.query.GetSystemFeatures(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return systemFeaturesToPb(f), nil
+	return connect.NewResponse(systemFeaturesToPb(f)), nil
 }
 
-func (s *Server) SetInstanceFeatures(ctx context.Context, req *feature.SetInstanceFeaturesRequest) (_ *feature.SetInstanceFeaturesResponse, err error) {
-	details, err := s.command.SetInstanceFeatures(ctx, instanceFeaturesToCommand(req))
+func (s *Server) SetInstanceFeatures(ctx context.Context, req *connect.Request[feature.SetInstanceFeaturesRequest]) (_ *connect.Response[feature.SetInstanceFeaturesResponse], err error) {
+	details, err := s.command.SetInstanceFeatures(ctx, instanceFeaturesToCommand(req.Msg))
 	if err != nil {
 		return nil, err
 	}
-	return &feature.SetInstanceFeaturesResponse{
+	return connect.NewResponse(&feature.SetInstanceFeaturesResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ResetInstanceFeatures(ctx context.Context, req *feature.ResetInstanceFeaturesRequest) (_ *feature.ResetInstanceFeaturesResponse, err error) {
+func (s *Server) ResetInstanceFeatures(ctx context.Context, req *connect.Request[feature.ResetInstanceFeaturesRequest]) (_ *connect.Response[feature.ResetInstanceFeaturesResponse], err error) {
 	details, err := s.command.ResetInstanceFeatures(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return &feature.ResetInstanceFeaturesResponse{
+	return connect.NewResponse(&feature.ResetInstanceFeaturesResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetInstanceFeatures(ctx context.Context, req *feature.GetInstanceFeaturesRequest) (_ *feature.GetInstanceFeaturesResponse, err error) {
-	f, err := s.query.GetInstanceFeatures(ctx, req.GetInheritance())
+func (s *Server) GetInstanceFeatures(ctx context.Context, req *connect.Request[feature.GetInstanceFeaturesRequest]) (_ *connect.Response[feature.GetInstanceFeaturesResponse], err error) {
+	f, err := s.query.GetInstanceFeatures(ctx, req.Msg.GetInheritance())
 	if err != nil {
 		return nil, err
 	}
-	return instanceFeaturesToPb(f), nil
+	return connect.NewResponse(instanceFeaturesToPb(f)), nil
 }
 
-func (s *Server) SetOrganizationFeatures(ctx context.Context, req *feature.SetOrganizationFeaturesRequest) (_ *feature.SetOrganizationFeaturesResponse, err error) {
+func (s *Server) SetOrganizationFeatures(ctx context.Context, req *connect.Request[feature.SetOrganizationFeaturesRequest]) (_ *connect.Response[feature.SetOrganizationFeaturesResponse], err error) {
 	return nil, status.Errorf(codes.Unimplemented, "method SetOrganizationFeatures not implemented")
 }
-func (s *Server) ResetOrganizationFeatures(ctx context.Context, req *feature.ResetOrganizationFeaturesRequest) (_ *feature.ResetOrganizationFeaturesResponse, err error) {
+func (s *Server) ResetOrganizationFeatures(ctx context.Context, req *connect.Request[feature.ResetOrganizationFeaturesRequest]) (_ *connect.Response[feature.ResetOrganizationFeaturesResponse], err error) {
 	return nil, status.Errorf(codes.Unimplemented, "method ResetOrganizationFeatures not implemented")
 }
-func (s *Server) GetOrganizationFeatures(ctx context.Context, req *feature.GetOrganizationFeaturesRequest) (_ *feature.GetOrganizationFeaturesResponse, err error) {
+func (s *Server) GetOrganizationFeatures(ctx context.Context, req *connect.Request[feature.GetOrganizationFeaturesRequest]) (_ *connect.Response[feature.GetOrganizationFeaturesResponse], err error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetOrganizationFeatures not implemented")
 }
-func (s *Server) SetUserFeatures(ctx context.Context, req *feature.SetUserFeatureRequest) (_ *feature.SetUserFeaturesResponse, err error) {
+func (s *Server) SetUserFeatures(ctx context.Context, req *connect.Request[feature.SetUserFeatureRequest]) (_ *connect.Response[feature.SetUserFeaturesResponse], err error) {
 	return nil, status.Errorf(codes.Unimplemented, "method SetUserFeatures not implemented")
 }
-func (s *Server) ResetUserFeatures(ctx context.Context, req *feature.ResetUserFeaturesRequest) (_ *feature.ResetUserFeaturesResponse, err error) {
+func (s *Server) ResetUserFeatures(ctx context.Context, req *connect.Request[feature.ResetUserFeaturesRequest]) (_ *connect.Response[feature.ResetUserFeaturesResponse], err error) {
 	return nil, status.Errorf(codes.Unimplemented, "method ResetUserFeatures not implemented")
 }
-func (s *Server) GetUserFeatures(ctx context.Context, req *feature.GetUserFeaturesRequest) (_ *feature.GetUserFeaturesResponse, err error) {
+func (s *Server) GetUserFeatures(ctx context.Context, req *connect.Request[feature.GetUserFeaturesRequest]) (_ *connect.Response[feature.GetUserFeaturesResponse], err error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetUserFeatures not implemented")
 }
diff --git a/internal/api/grpc/feature/v2beta/server.go b/internal/api/grpc/feature/v2beta/server.go
index 4208c4acfc..29877f77f9 100644
--- a/internal/api/grpc/feature/v2beta/server.go
+++ b/internal/api/grpc/feature/v2beta/server.go
@@ -1,17 +1,22 @@
 package feature
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/query"
 	feature "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/feature/v2beta/featureconnect"
 )
 
+var _ featureconnect.FeatureServiceHandler = (*Server)(nil)
+
 type Server struct {
-	feature.UnimplementedFeatureServiceServer
 	command *command.Commands
 	query   *query.Queries
 }
@@ -26,8 +31,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	feature.RegisterFeatureServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return featureconnect.NewFeatureServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return feature.File_zitadel_feature_v2beta_feature_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/gerrors/zitadel_errors.go b/internal/api/grpc/gerrors/zitadel_errors.go
index d679054da6..b5d2893062 100644
--- a/internal/api/grpc/gerrors/zitadel_errors.go
+++ b/internal/api/grpc/gerrors/zitadel_errors.go
@@ -3,10 +3,12 @@ package gerrors
 import (
 	"errors"
 
+	"connectrpc.com/connect"
 	"github.com/jackc/pgx/v5/pgconn"
 	"github.com/zitadel/logging"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/protoadapt"
 
 	commandErrors "github.com/zitadel/zitadel/internal/command/errors"
@@ -36,6 +38,30 @@ func ZITADELToGRPCError(err error) error {
 	return s.Err()
 }
 
+func ZITADELToConnectError(err error) error {
+	if err == nil {
+		return nil
+	}
+	connectError := new(connect.Error)
+	if errors.As(err, &connectError) {
+		return err
+	}
+	code, key, id, ok := ExtractZITADELError(err)
+	if !ok {
+		return status.Convert(err).Err()
+	}
+	msg := key
+	msg += " (" + id + ")"
+
+	errorInfo := getErrorInfo(id, key, err)
+
+	cErr := connect.NewError(connect.Code(code), errors.New(msg))
+	if detail, detailErr := connect.NewErrorDetail(errorInfo.(proto.Message)); detailErr == nil {
+		cErr.AddDetail(detail)
+	}
+	return cErr
+}
+
 func ExtractZITADELError(err error) (c codes.Code, msg, id string, ok bool) {
 	if err == nil {
 		return codes.OK, "", "", false
diff --git a/internal/api/grpc/idp/v2/query.go b/internal/api/grpc/idp/v2/query.go
index 082a94d18f..587b1687b9 100644
--- a/internal/api/grpc/idp/v2/query.go
+++ b/internal/api/grpc/idp/v2/query.go
@@ -3,6 +3,7 @@ package idp
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"github.com/crewjam/saml"
 	"github.com/muhlemmer/gu"
 	"google.golang.org/protobuf/types/known/durationpb"
@@ -15,12 +16,12 @@ import (
 	idp_pb "github.com/zitadel/zitadel/pkg/grpc/idp/v2"
 )
 
-func (s *Server) GetIDPByID(ctx context.Context, req *idp_pb.GetIDPByIDRequest) (*idp_pb.GetIDPByIDResponse, error) {
-	idp, err := s.query.IDPTemplateByID(ctx, true, req.Id, false, s.checkPermission)
+func (s *Server) GetIDPByID(ctx context.Context, req *connect.Request[idp_pb.GetIDPByIDRequest]) (*connect.Response[idp_pb.GetIDPByIDResponse], error) {
+	idp, err := s.query.IDPTemplateByID(ctx, true, req.Msg.GetId(), false, s.checkPermission)
 	if err != nil {
 		return nil, err
 	}
-	return &idp_pb.GetIDPByIDResponse{Idp: idpToPb(idp)}, nil
+	return connect.NewResponse(&idp_pb.GetIDPByIDResponse{Idp: idpToPb(idp)}), nil
 }
 
 func idpToPb(idp *query.IDPTemplate) *idp_pb.IDP {
diff --git a/internal/api/grpc/idp/v2/server.go b/internal/api/grpc/idp/v2/server.go
index 246e980434..666c39294d 100644
--- a/internal/api/grpc/idp/v2/server.go
+++ b/internal/api/grpc/idp/v2/server.go
@@ -1,7 +1,10 @@
 package idp
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
@@ -9,12 +12,12 @@ import (
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/pkg/grpc/idp/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/idp/v2/idpconnect"
 )
 
-var _ idp.IdentityProviderServiceServer = (*Server)(nil)
+var _ idpconnect.IdentityProviderServiceHandler = (*Server)(nil)
 
 type Server struct {
-	idp.UnimplementedIdentityProviderServiceServer
 	command *command.Commands
 	query   *query.Queries
 
@@ -35,8 +38,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	idp.RegisterIdentityProviderServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return idpconnect.NewIdentityProviderServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return idp.File_zitadel_idp_v2_idp_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/instance/v2beta/domain.go b/internal/api/grpc/instance/v2beta/domain.go
index 439c6e5d8d..380ebff5a7 100644
--- a/internal/api/grpc/instance/v2beta/domain.go
+++ b/internal/api/grpc/instance/v2beta/domain.go
@@ -3,48 +3,49 @@ package instance
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
 )
 
-func (s *Server) AddCustomDomain(ctx context.Context, req *instance.AddCustomDomainRequest) (*instance.AddCustomDomainResponse, error) {
-	details, err := s.command.AddInstanceDomain(ctx, req.GetDomain())
+func (s *Server) AddCustomDomain(ctx context.Context, req *connect.Request[instance.AddCustomDomainRequest]) (*connect.Response[instance.AddCustomDomainResponse], error) {
+	details, err := s.command.AddInstanceDomain(ctx, req.Msg.GetDomain())
 	if err != nil {
 		return nil, err
 	}
-	return &instance.AddCustomDomainResponse{
+	return connect.NewResponse(&instance.AddCustomDomainResponse{
 		CreationDate: timestamppb.New(details.CreationDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) RemoveCustomDomain(ctx context.Context, req *instance.RemoveCustomDomainRequest) (*instance.RemoveCustomDomainResponse, error) {
-	details, err := s.command.RemoveInstanceDomain(ctx, req.GetDomain())
+func (s *Server) RemoveCustomDomain(ctx context.Context, req *connect.Request[instance.RemoveCustomDomainRequest]) (*connect.Response[instance.RemoveCustomDomainResponse], error) {
+	details, err := s.command.RemoveInstanceDomain(ctx, req.Msg.GetDomain())
 	if err != nil {
 		return nil, err
 	}
-	return &instance.RemoveCustomDomainResponse{
+	return connect.NewResponse(&instance.RemoveCustomDomainResponse{
 		DeletionDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) AddTrustedDomain(ctx context.Context, req *instance.AddTrustedDomainRequest) (*instance.AddTrustedDomainResponse, error) {
-	details, err := s.command.AddTrustedDomain(ctx, req.GetDomain())
+func (s *Server) AddTrustedDomain(ctx context.Context, req *connect.Request[instance.AddTrustedDomainRequest]) (*connect.Response[instance.AddTrustedDomainResponse], error) {
+	details, err := s.command.AddTrustedDomain(ctx, req.Msg.GetDomain())
 	if err != nil {
 		return nil, err
 	}
-	return &instance.AddTrustedDomainResponse{
+	return connect.NewResponse(&instance.AddTrustedDomainResponse{
 		CreationDate: timestamppb.New(details.CreationDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) RemoveTrustedDomain(ctx context.Context, req *instance.RemoveTrustedDomainRequest) (*instance.RemoveTrustedDomainResponse, error) {
-	details, err := s.command.RemoveTrustedDomain(ctx, req.GetDomain())
+func (s *Server) RemoveTrustedDomain(ctx context.Context, req *connect.Request[instance.RemoveTrustedDomainRequest]) (*connect.Response[instance.RemoveTrustedDomainResponse], error) {
+	details, err := s.command.RemoveTrustedDomain(ctx, req.Msg.GetDomain())
 	if err != nil {
 		return nil, err
 	}
 
-	return &instance.RemoveTrustedDomainResponse{
+	return connect.NewResponse(&instance.RemoveTrustedDomainResponse{
 		DeletionDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/instance/v2beta/instance.go b/internal/api/grpc/instance/v2beta/instance.go
index b1c36e74bb..b3f2d6e478 100644
--- a/internal/api/grpc/instance/v2beta/instance.go
+++ b/internal/api/grpc/instance/v2beta/instance.go
@@ -3,30 +3,31 @@ package instance
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
 )
 
-func (s *Server) DeleteInstance(ctx context.Context, request *instance.DeleteInstanceRequest) (*instance.DeleteInstanceResponse, error) {
-	obj, err := s.command.RemoveInstance(ctx, request.GetInstanceId())
+func (s *Server) DeleteInstance(ctx context.Context, request *connect.Request[instance.DeleteInstanceRequest]) (*connect.Response[instance.DeleteInstanceResponse], error) {
+	obj, err := s.command.RemoveInstance(ctx, request.Msg.GetInstanceId())
 	if err != nil {
 		return nil, err
 	}
 
-	return &instance.DeleteInstanceResponse{
+	return connect.NewResponse(&instance.DeleteInstanceResponse{
 		DeletionDate: timestamppb.New(obj.EventDate),
-	}, nil
+	}), nil
 
 }
 
-func (s *Server) UpdateInstance(ctx context.Context, request *instance.UpdateInstanceRequest) (*instance.UpdateInstanceResponse, error) {
-	obj, err := s.command.UpdateInstance(ctx, request.GetInstanceName())
+func (s *Server) UpdateInstance(ctx context.Context, request *connect.Request[instance.UpdateInstanceRequest]) (*connect.Response[instance.UpdateInstanceResponse], error) {
+	obj, err := s.command.UpdateInstance(ctx, request.Msg.GetInstanceName())
 	if err != nil {
 		return nil, err
 	}
 
-	return &instance.UpdateInstanceResponse{
+	return connect.NewResponse(&instance.UpdateInstanceResponse{
 		ChangeDate: timestamppb.New(obj.EventDate),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/instance/v2beta/query.go b/internal/api/grpc/instance/v2beta/query.go
index 74f79313ea..10716ffda0 100644
--- a/internal/api/grpc/instance/v2beta/query.go
+++ b/internal/api/grpc/instance/v2beta/query.go
@@ -3,23 +3,25 @@ package instance
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	filter "github.com/zitadel/zitadel/internal/api/grpc/filter/v2beta"
 	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
 )
 
-func (s *Server) GetInstance(ctx context.Context, _ *instance.GetInstanceRequest) (*instance.GetInstanceResponse, error) {
+func (s *Server) GetInstance(ctx context.Context, _ *connect.Request[instance.GetInstanceRequest]) (*connect.Response[instance.GetInstanceResponse], error) {
 	inst, err := s.query.Instance(ctx, true)
 	if err != nil {
 		return nil, err
 	}
 
-	return &instance.GetInstanceResponse{
+	return connect.NewResponse(&instance.GetInstanceResponse{
 		Instance: ToProtoObject(inst),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListInstances(ctx context.Context, req *instance.ListInstancesRequest) (*instance.ListInstancesResponse, error) {
-	queries, err := ListInstancesRequestToModel(req, s.systemDefaults)
+func (s *Server) ListInstances(ctx context.Context, req *connect.Request[instance.ListInstancesRequest]) (*connect.Response[instance.ListInstancesResponse], error) {
+	queries, err := ListInstancesRequestToModel(req.Msg, s.systemDefaults)
 	if err != nil {
 		return nil, err
 	}
@@ -29,14 +31,14 @@ func (s *Server) ListInstances(ctx context.Context, req *instance.ListInstancesR
 		return nil, err
 	}
 
-	return &instance.ListInstancesResponse{
+	return connect.NewResponse(&instance.ListInstancesResponse{
 		Instances:  InstancesToPb(instances.Instances),
 		Pagination: filter.QueryToPaginationPb(queries.SearchRequest, instances.SearchResponse),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListCustomDomains(ctx context.Context, req *instance.ListCustomDomainsRequest) (*instance.ListCustomDomainsResponse, error) {
-	queries, err := ListCustomDomainsRequestToModel(req, s.systemDefaults)
+func (s *Server) ListCustomDomains(ctx context.Context, req *connect.Request[instance.ListCustomDomainsRequest]) (*connect.Response[instance.ListCustomDomainsResponse], error) {
+	queries, err := ListCustomDomainsRequestToModel(req.Msg, s.systemDefaults)
 	if err != nil {
 		return nil, err
 	}
@@ -46,14 +48,14 @@ func (s *Server) ListCustomDomains(ctx context.Context, req *instance.ListCustom
 		return nil, err
 	}
 
-	return &instance.ListCustomDomainsResponse{
+	return connect.NewResponse(&instance.ListCustomDomainsResponse{
 		Domains:    DomainsToPb(domains.Domains),
 		Pagination: filter.QueryToPaginationPb(queries.SearchRequest, domains.SearchResponse),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListTrustedDomains(ctx context.Context, req *instance.ListTrustedDomainsRequest) (*instance.ListTrustedDomainsResponse, error) {
-	queries, err := ListTrustedDomainsRequestToModel(req, s.systemDefaults)
+func (s *Server) ListTrustedDomains(ctx context.Context, req *connect.Request[instance.ListTrustedDomainsRequest]) (*connect.Response[instance.ListTrustedDomainsResponse], error) {
+	queries, err := ListTrustedDomainsRequestToModel(req.Msg, s.systemDefaults)
 	if err != nil {
 		return nil, err
 	}
@@ -63,8 +65,8 @@ func (s *Server) ListTrustedDomains(ctx context.Context, req *instance.ListTrust
 		return nil, err
 	}
 
-	return &instance.ListTrustedDomainsResponse{
+	return connect.NewResponse(&instance.ListTrustedDomainsResponse{
 		TrustedDomain: trustedDomainsToPb(domains.Domains),
 		Pagination:    filter.QueryToPaginationPb(queries.SearchRequest, domains.SearchResponse),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/instance/v2beta/server.go b/internal/api/grpc/instance/v2beta/server.go
index aaeaa4cc8f..1fb3513dd6 100644
--- a/internal/api/grpc/instance/v2beta/server.go
+++ b/internal/api/grpc/instance/v2beta/server.go
@@ -1,7 +1,10 @@
 package instance
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
@@ -9,12 +12,12 @@ import (
 	"github.com/zitadel/zitadel/internal/config/systemdefaults"
 	"github.com/zitadel/zitadel/internal/query"
 	instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/instance/v2beta/instanceconnect"
 )
 
-var _ instance.InstanceServiceServer = (*Server)(nil)
+var _ instanceconnect.InstanceServiceHandler = (*Server)(nil)
 
 type Server struct {
-	instance.UnimplementedInstanceServiceServer
 	command         *command.Commands
 	query           *query.Queries
 	systemDefaults  systemdefaults.SystemDefaults
@@ -39,8 +42,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	instance.RegisterInstanceServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return instanceconnect.NewInstanceServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return instance.File_zitadel_instance_v2beta_instance_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/oidc/v2/oidc.go b/internal/api/grpc/oidc/v2/oidc.go
index 8612d11558..d56d6da056 100644
--- a/internal/api/grpc/oidc/v2/oidc.go
+++ b/internal/api/grpc/oidc/v2/oidc.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/base64"
 
+	"connectrpc.com/connect"
 	"github.com/zitadel/logging"
 	"github.com/zitadel/oidc/v3/pkg/op"
 	"google.golang.org/protobuf/types/known/durationpb"
@@ -18,30 +19,30 @@ import (
 	oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2"
 )
 
-func (s *Server) GetAuthRequest(ctx context.Context, req *oidc_pb.GetAuthRequestRequest) (*oidc_pb.GetAuthRequestResponse, error) {
-	authRequest, err := s.query.AuthRequestByID(ctx, true, req.GetAuthRequestId(), true)
+func (s *Server) GetAuthRequest(ctx context.Context, req *connect.Request[oidc_pb.GetAuthRequestRequest]) (*connect.Response[oidc_pb.GetAuthRequestResponse], error) {
+	authRequest, err := s.query.AuthRequestByID(ctx, true, req.Msg.GetAuthRequestId(), true)
 	if err != nil {
 		logging.WithError(err).Error("query authRequest by ID")
 		return nil, err
 	}
-	return &oidc_pb.GetAuthRequestResponse{
+	return connect.NewResponse(&oidc_pb.GetAuthRequestResponse{
 		AuthRequest: authRequestToPb(authRequest),
-	}, nil
+	}), nil
 }
 
-func (s *Server) CreateCallback(ctx context.Context, req *oidc_pb.CreateCallbackRequest) (*oidc_pb.CreateCallbackResponse, error) {
-	switch v := req.GetCallbackKind().(type) {
+func (s *Server) CreateCallback(ctx context.Context, req *connect.Request[oidc_pb.CreateCallbackRequest]) (*connect.Response[oidc_pb.CreateCallbackResponse], error) {
+	switch v := req.Msg.GetCallbackKind().(type) {
 	case *oidc_pb.CreateCallbackRequest_Error:
-		return s.failAuthRequest(ctx, req.GetAuthRequestId(), v.Error)
+		return s.failAuthRequest(ctx, req.Msg.GetAuthRequestId(), v.Error)
 	case *oidc_pb.CreateCallbackRequest_Session:
-		return s.linkSessionToAuthRequest(ctx, req.GetAuthRequestId(), v.Session)
+		return s.linkSessionToAuthRequest(ctx, req.Msg.GetAuthRequestId(), v.Session)
 	default:
 		return nil, zerrors.ThrowUnimplementedf(nil, "OIDCv2-zee7A", "verification oneOf %T in method CreateCallback not implemented", v)
 	}
 }
 
-func (s *Server) GetDeviceAuthorizationRequest(ctx context.Context, req *oidc_pb.GetDeviceAuthorizationRequestRequest) (*oidc_pb.GetDeviceAuthorizationRequestResponse, error) {
-	deviceRequest, err := s.query.DeviceAuthRequestByUserCode(ctx, req.GetUserCode())
+func (s *Server) GetDeviceAuthorizationRequest(ctx context.Context, req *connect.Request[oidc_pb.GetDeviceAuthorizationRequestRequest]) (*connect.Response[oidc_pb.GetDeviceAuthorizationRequestResponse], error) {
+	deviceRequest, err := s.query.DeviceAuthRequestByUserCode(ctx, req.Msg.GetUserCode())
 	if err != nil {
 		return nil, err
 	}
@@ -49,7 +50,7 @@ func (s *Server) GetDeviceAuthorizationRequest(ctx context.Context, req *oidc_pb
 	if err != nil {
 		return nil, err
 	}
-	return &oidc_pb.GetDeviceAuthorizationRequestResponse{
+	return connect.NewResponse(&oidc_pb.GetDeviceAuthorizationRequestResponse{
 		DeviceAuthorizationRequest: &oidc_pb.DeviceAuthorizationRequest{
 			Id:          base64.RawURLEncoding.EncodeToString(encrypted),
 			ClientId:    deviceRequest.ClientID,
@@ -57,24 +58,24 @@ func (s *Server) GetDeviceAuthorizationRequest(ctx context.Context, req *oidc_pb
 			AppName:     deviceRequest.AppName,
 			ProjectName: deviceRequest.ProjectName,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) AuthorizeOrDenyDeviceAuthorization(ctx context.Context, req *oidc_pb.AuthorizeOrDenyDeviceAuthorizationRequest) (*oidc_pb.AuthorizeOrDenyDeviceAuthorizationResponse, error) {
-	deviceCode, err := s.deviceCodeFromID(req.GetDeviceAuthorizationId())
+func (s *Server) AuthorizeOrDenyDeviceAuthorization(ctx context.Context, req *connect.Request[oidc_pb.AuthorizeOrDenyDeviceAuthorizationRequest]) (*connect.Response[oidc_pb.AuthorizeOrDenyDeviceAuthorizationResponse], error) {
+	deviceCode, err := s.deviceCodeFromID(req.Msg.GetDeviceAuthorizationId())
 	if err != nil {
 		return nil, err
 	}
-	switch req.GetDecision().(type) {
+	switch req.Msg.GetDecision().(type) {
 	case *oidc_pb.AuthorizeOrDenyDeviceAuthorizationRequest_Session:
-		_, err = s.command.ApproveDeviceAuthWithSession(ctx, deviceCode, req.GetSession().GetSessionId(), req.GetSession().GetSessionToken())
+		_, err = s.command.ApproveDeviceAuthWithSession(ctx, deviceCode, req.Msg.GetSession().GetSessionId(), req.Msg.GetSession().GetSessionToken())
 	case *oidc_pb.AuthorizeOrDenyDeviceAuthorizationRequest_Deny:
 		_, err = s.command.CancelDeviceAuth(ctx, deviceCode, domain.DeviceAuthCanceledDenied)
 	}
 	if err != nil {
 		return nil, err
 	}
-	return &oidc_pb.AuthorizeOrDenyDeviceAuthorizationResponse{}, nil
+	return connect.NewResponse(&oidc_pb.AuthorizeOrDenyDeviceAuthorizationResponse{}), nil
 }
 
 func authRequestToPb(a *query.AuthRequest) *oidc_pb.AuthRequest {
@@ -136,7 +137,7 @@ func (s *Server) checkPermission(ctx context.Context, clientID string, userID st
 	return nil
 }
 
-func (s *Server) failAuthRequest(ctx context.Context, authRequestID string, ae *oidc_pb.AuthorizationError) (*oidc_pb.CreateCallbackResponse, error) {
+func (s *Server) failAuthRequest(ctx context.Context, authRequestID string, ae *oidc_pb.AuthorizationError) (*connect.Response[oidc_pb.CreateCallbackResponse], error) {
 	details, aar, err := s.command.FailAuthRequest(ctx, authRequestID, errorReasonToDomain(ae.GetError()))
 	if err != nil {
 		return nil, err
@@ -146,13 +147,13 @@ func (s *Server) failAuthRequest(ctx context.Context, authRequestID string, ae *
 	if err != nil {
 		return nil, err
 	}
-	return &oidc_pb.CreateCallbackResponse{
+	return connect.NewResponse(&oidc_pb.CreateCallbackResponse{
 		Details:     object.DomainToDetailsPb(details),
 		CallbackUrl: callback,
-	}, nil
+	}), nil
 }
 
-func (s *Server) linkSessionToAuthRequest(ctx context.Context, authRequestID string, session *oidc_pb.Session) (*oidc_pb.CreateCallbackResponse, error) {
+func (s *Server) linkSessionToAuthRequest(ctx context.Context, authRequestID string, session *oidc_pb.Session) (*connect.Response[oidc_pb.CreateCallbackResponse], error) {
 	details, aar, err := s.command.LinkSessionToAuthRequest(ctx, authRequestID, session.GetSessionId(), session.GetSessionToken(), true, s.checkPermission)
 	if err != nil {
 		return nil, err
@@ -172,10 +173,10 @@ func (s *Server) linkSessionToAuthRequest(ctx context.Context, authRequestID str
 	if err != nil {
 		return nil, err
 	}
-	return &oidc_pb.CreateCallbackResponse{
+	return connect.NewResponse(&oidc_pb.CreateCallbackResponse{
 		Details:     object.DomainToDetailsPb(details),
 		CallbackUrl: callback,
-	}, nil
+	}), nil
 }
 
 func errorReasonToDomain(errorReason oidc_pb.ErrorReason) domain.OIDCErrorReason {
diff --git a/internal/api/grpc/oidc/v2/server.go b/internal/api/grpc/oidc/v2/server.go
index 99234ee3d7..3d8f78a8ad 100644
--- a/internal/api/grpc/oidc/v2/server.go
+++ b/internal/api/grpc/oidc/v2/server.go
@@ -1,7 +1,10 @@
 package oidc
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
@@ -10,12 +13,12 @@ import (
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/query"
 	oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/oidc/v2/oidcconnect"
 )
 
-var _ oidc_pb.OIDCServiceServer = (*Server)(nil)
+var _ oidcconnect.OIDCServiceHandler = (*Server)(nil)
 
 type Server struct {
-	oidc_pb.UnimplementedOIDCServiceServer
 	command *command.Commands
 	query   *query.Queries
 
@@ -42,8 +45,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	oidc_pb.RegisterOIDCServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return oidcconnect.NewOIDCServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return oidc_pb.File_zitadel_oidc_v2_oidc_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/oidc/v2beta/oidc.go b/internal/api/grpc/oidc/v2beta/oidc.go
index 66c4bee828..432e6f833f 100644
--- a/internal/api/grpc/oidc/v2beta/oidc.go
+++ b/internal/api/grpc/oidc/v2beta/oidc.go
@@ -3,6 +3,7 @@ package oidc
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"github.com/zitadel/logging"
 	"github.com/zitadel/oidc/v3/pkg/op"
 	"google.golang.org/protobuf/types/known/durationpb"
@@ -17,15 +18,15 @@ import (
 	oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2beta"
 )
 
-func (s *Server) GetAuthRequest(ctx context.Context, req *oidc_pb.GetAuthRequestRequest) (*oidc_pb.GetAuthRequestResponse, error) {
-	authRequest, err := s.query.AuthRequestByID(ctx, true, req.GetAuthRequestId(), true)
+func (s *Server) GetAuthRequest(ctx context.Context, req *connect.Request[oidc_pb.GetAuthRequestRequest]) (*connect.Response[oidc_pb.GetAuthRequestResponse], error) {
+	authRequest, err := s.query.AuthRequestByID(ctx, true, req.Msg.GetAuthRequestId(), true)
 	if err != nil {
 		logging.WithError(err).Error("query authRequest by ID")
 		return nil, err
 	}
-	return &oidc_pb.GetAuthRequestResponse{
+	return connect.NewResponse(&oidc_pb.GetAuthRequestResponse{
 		AuthRequest: authRequestToPb(authRequest),
-	}, nil
+	}), nil
 }
 
 func authRequestToPb(a *query.AuthRequest) *oidc_pb.AuthRequest {
@@ -73,18 +74,18 @@ func promptToPb(p domain.Prompt) oidc_pb.Prompt {
 	}
 }
 
-func (s *Server) CreateCallback(ctx context.Context, req *oidc_pb.CreateCallbackRequest) (*oidc_pb.CreateCallbackResponse, error) {
-	switch v := req.GetCallbackKind().(type) {
+func (s *Server) CreateCallback(ctx context.Context, req *connect.Request[oidc_pb.CreateCallbackRequest]) (*connect.Response[oidc_pb.CreateCallbackResponse], error) {
+	switch v := req.Msg.GetCallbackKind().(type) {
 	case *oidc_pb.CreateCallbackRequest_Error:
-		return s.failAuthRequest(ctx, req.GetAuthRequestId(), v.Error)
+		return s.failAuthRequest(ctx, req.Msg.GetAuthRequestId(), v.Error)
 	case *oidc_pb.CreateCallbackRequest_Session:
-		return s.linkSessionToAuthRequest(ctx, req.GetAuthRequestId(), v.Session)
+		return s.linkSessionToAuthRequest(ctx, req.Msg.GetAuthRequestId(), v.Session)
 	default:
 		return nil, zerrors.ThrowUnimplementedf(nil, "OIDCv2-zee7A", "verification oneOf %T in method CreateCallback not implemented", v)
 	}
 }
 
-func (s *Server) failAuthRequest(ctx context.Context, authRequestID string, ae *oidc_pb.AuthorizationError) (*oidc_pb.CreateCallbackResponse, error) {
+func (s *Server) failAuthRequest(ctx context.Context, authRequestID string, ae *oidc_pb.AuthorizationError) (*connect.Response[oidc_pb.CreateCallbackResponse], error) {
 	details, aar, err := s.command.FailAuthRequest(ctx, authRequestID, errorReasonToDomain(ae.GetError()))
 	if err != nil {
 		return nil, err
@@ -94,10 +95,10 @@ func (s *Server) failAuthRequest(ctx context.Context, authRequestID string, ae *
 	if err != nil {
 		return nil, err
 	}
-	return &oidc_pb.CreateCallbackResponse{
+	return connect.NewResponse(&oidc_pb.CreateCallbackResponse{
 		Details:     object.DomainToDetailsPb(details),
 		CallbackUrl: callback,
-	}, nil
+	}), nil
 }
 
 func (s *Server) checkPermission(ctx context.Context, clientID string, userID string) error {
@@ -114,7 +115,7 @@ func (s *Server) checkPermission(ctx context.Context, clientID string, userID st
 	return nil
 }
 
-func (s *Server) linkSessionToAuthRequest(ctx context.Context, authRequestID string, session *oidc_pb.Session) (*oidc_pb.CreateCallbackResponse, error) {
+func (s *Server) linkSessionToAuthRequest(ctx context.Context, authRequestID string, session *oidc_pb.Session) (*connect.Response[oidc_pb.CreateCallbackResponse], error) {
 	details, aar, err := s.command.LinkSessionToAuthRequest(ctx, authRequestID, session.GetSessionId(), session.GetSessionToken(), true, s.checkPermission)
 	if err != nil {
 		return nil, err
@@ -130,10 +131,10 @@ func (s *Server) linkSessionToAuthRequest(ctx context.Context, authRequestID str
 	if err != nil {
 		return nil, err
 	}
-	return &oidc_pb.CreateCallbackResponse{
+	return connect.NewResponse(&oidc_pb.CreateCallbackResponse{
 		Details:     object.DomainToDetailsPb(details),
 		CallbackUrl: callback,
-	}, nil
+	}), nil
 }
 
 func errorReasonToDomain(errorReason oidc_pb.ErrorReason) domain.OIDCErrorReason {
diff --git a/internal/api/grpc/oidc/v2beta/server.go b/internal/api/grpc/oidc/v2beta/server.go
index 7595ae927e..5309a5093e 100644
--- a/internal/api/grpc/oidc/v2beta/server.go
+++ b/internal/api/grpc/oidc/v2beta/server.go
@@ -1,7 +1,10 @@
 package oidc
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
@@ -9,12 +12,12 @@ import (
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/query"
 	oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/oidc/v2beta/oidcconnect"
 )
 
-var _ oidc_pb.OIDCServiceServer = (*Server)(nil)
+var _ oidcconnect.OIDCServiceHandler = (*Server)(nil)
 
 type Server struct {
-	oidc_pb.UnimplementedOIDCServiceServer
 	command *command.Commands
 	query   *query.Queries
 
@@ -38,8 +41,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	oidc_pb.RegisterOIDCServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return oidcconnect.NewOIDCServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return oidc_pb.File_zitadel_oidc_v2beta_oidc_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/org/v2/org.go b/internal/api/grpc/org/v2/org.go
index b876826365..42832d147f 100644
--- a/internal/api/grpc/org/v2/org.go
+++ b/internal/api/grpc/org/v2/org.go
@@ -3,6 +3,8 @@ package org
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/api/grpc/user/v2"
 	"github.com/zitadel/zitadel/internal/command"
@@ -10,8 +12,8 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/org/v2"
 )
 
-func (s *Server) AddOrganization(ctx context.Context, request *org.AddOrganizationRequest) (*org.AddOrganizationResponse, error) {
-	orgSetup, err := addOrganizationRequestToCommand(request)
+func (s *Server) AddOrganization(ctx context.Context, request *connect.Request[org.AddOrganizationRequest]) (*connect.Response[org.AddOrganizationResponse], error) {
+	orgSetup, err := addOrganizationRequestToCommand(request.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -68,7 +70,7 @@ func addOrganizationRequestAdminToCommand(admin *org.AddOrganizationRequest_Admi
 	}
 }
 
-func createdOrganizationToPb(createdOrg *command.CreatedOrg) (_ *org.AddOrganizationResponse, err error) {
+func createdOrganizationToPb(createdOrg *command.CreatedOrg) (_ *connect.Response[org.AddOrganizationResponse], err error) {
 	admins := make([]*org.AddOrganizationResponse_CreatedAdmin, 0, len(createdOrg.OrgAdmins))
 	for _, admin := range createdOrg.OrgAdmins {
 		admin, ok := admin.(*command.CreatedOrgAdmin)
@@ -80,9 +82,9 @@ func createdOrganizationToPb(createdOrg *command.CreatedOrg) (_ *org.AddOrganiza
 			})
 		}
 	}
-	return &org.AddOrganizationResponse{
+	return connect.NewResponse(&org.AddOrganizationResponse{
 		Details:        object.DomainToDetailsPb(createdOrg.ObjectDetails),
 		OrganizationId: createdOrg.ObjectDetails.ResourceOwner,
 		CreatedAdmins:  admins,
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/org/v2/org_test.go b/internal/api/grpc/org/v2/org_test.go
index 37a3dca41a..564c5597ee 100644
--- a/internal/api/grpc/org/v2/org_test.go
+++ b/internal/api/grpc/org/v2/org_test.go
@@ -4,6 +4,7 @@ import (
 	"testing"
 	"time"
 
+	"connectrpc.com/connect"
 	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"google.golang.org/protobuf/types/known/timestamppb"
@@ -138,7 +139,7 @@ func Test_createdOrganizationToPb(t *testing.T) {
 	tests := []struct {
 		name    string
 		args    args
-		want    *org.AddOrganizationResponse
+		want    *connect.Response[org.AddOrganizationResponse]
 		wantErr error
 	}{
 		{
@@ -159,7 +160,7 @@ func Test_createdOrganizationToPb(t *testing.T) {
 					},
 				},
 			},
-			want: &org.AddOrganizationResponse{
+			want: connect.NewResponse(&org.AddOrganizationResponse{
 				Details: &object.Details{
 					Sequence:      1,
 					ChangeDate:    timestamppb.New(now),
@@ -173,7 +174,7 @@ func Test_createdOrganizationToPb(t *testing.T) {
 						PhoneCode: gu.Ptr("phoneCode"),
 					},
 				},
-			},
+			}),
 		},
 	}
 	for _, tt := range tests {
diff --git a/internal/api/grpc/org/v2/query.go b/internal/api/grpc/org/v2/query.go
index 27f279d40e..09e2534e8d 100644
--- a/internal/api/grpc/org/v2/query.go
+++ b/internal/api/grpc/org/v2/query.go
@@ -3,6 +3,8 @@ package org
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/domain"
@@ -11,36 +13,36 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/org/v2"
 )
 
-func (s *Server) ListOrganizations(ctx context.Context, req *org.ListOrganizationsRequest) (*org.ListOrganizationsResponse, error) {
+func (s *Server) ListOrganizations(ctx context.Context, req *connect.Request[org.ListOrganizationsRequest]) (*connect.Response[org.ListOrganizationsResponse], error) {
 	queries, err := listOrgRequestToModel(ctx, req)
 	if err != nil {
 		return nil, err
 	}
-	orgs, err := s.query.SearchOrgs(ctx, queries, s.checkPermission)
+	orgs, err := s.query.SearchOrgs(ctx, queries.Msg, s.checkPermission)
 	if err != nil {
 		return nil, err
 	}
-	return &org.ListOrganizationsResponse{
+	return connect.NewResponse(&org.ListOrganizationsResponse{
 		Result:  organizationsToPb(orgs.Orgs),
 		Details: object.ToListDetails(orgs.SearchResponse),
-	}, nil
+	}), nil
 }
 
-func listOrgRequestToModel(ctx context.Context, req *org.ListOrganizationsRequest) (*query.OrgSearchQueries, error) {
-	offset, limit, asc := object.ListQueryToQuery(req.Query)
-	queries, err := orgQueriesToQuery(ctx, req.Queries)
+func listOrgRequestToModel(ctx context.Context, req *connect.Request[org.ListOrganizationsRequest]) (*connect.Response[query.OrgSearchQueries], error) {
+	offset, limit, asc := object.ListQueryToQuery(req.Msg.Query)
+	queries, err := orgQueriesToQuery(ctx, req.Msg.Queries)
 	if err != nil {
 		return nil, err
 	}
-	return &query.OrgSearchQueries{
+	return connect.NewResponse(&query.OrgSearchQueries{
 		SearchRequest: query.SearchRequest{
 			Offset:        offset,
 			Limit:         limit,
-			SortingColumn: fieldNameToOrganizationColumn(req.SortingColumn),
+			SortingColumn: fieldNameToOrganizationColumn(req.Msg.SortingColumn),
 			Asc:           asc,
 		},
 		Queries: queries,
-	}, nil
+	}), nil
 }
 
 func orgQueriesToQuery(ctx context.Context, queries []*org.SearchQuery) (_ []query.SearchQuery, err error) {
diff --git a/internal/api/grpc/org/v2/server.go b/internal/api/grpc/org/v2/server.go
index 36588f3eb7..6fd318d114 100644
--- a/internal/api/grpc/org/v2/server.go
+++ b/internal/api/grpc/org/v2/server.go
@@ -1,7 +1,10 @@
 package org
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
@@ -9,12 +12,12 @@ import (
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/pkg/grpc/org/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/org/v2/orgconnect"
 )
 
-var _ org.OrganizationServiceServer = (*Server)(nil)
+var _ orgconnect.OrganizationServiceHandler = (*Server)(nil)
 
 type Server struct {
-	org.UnimplementedOrganizationServiceServer
 	command         *command.Commands
 	query           *query.Queries
 	checkPermission domain.PermissionCheck
@@ -34,8 +37,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	org.RegisterOrganizationServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return orgconnect.NewOrganizationServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return org.File_zitadel_org_v2_org_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/org/v2beta/helper.go b/internal/api/grpc/org/v2beta/helper.go
index 6f47819bb4..77c3130488 100644
--- a/internal/api/grpc/org/v2beta/helper.go
+++ b/internal/api/grpc/org/v2beta/helper.go
@@ -3,6 +3,7 @@ package org
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	// TODO fix below
@@ -71,7 +72,7 @@ func OrgStateToPb(state domain.OrgState) v2beta_org.OrgState {
 	}
 }
 
-func createdOrganizationToPb(createdOrg *command.CreatedOrg) (_ *org.CreateOrganizationResponse, err error) {
+func createdOrganizationToPb(createdOrg *command.CreatedOrg) (_ *connect.Response[org.CreateOrganizationResponse], err error) {
 	admins := make([]*org.OrganizationAdmin, len(createdOrg.OrgAdmins))
 	for i, admin := range createdOrg.OrgAdmins {
 		switch admin := admin.(type) {
@@ -95,11 +96,11 @@ func createdOrganizationToPb(createdOrg *command.CreatedOrg) (_ *org.CreateOrgan
 			}
 		}
 	}
-	return &org.CreateOrganizationResponse{
+	return connect.NewResponse(&org.CreateOrganizationResponse{
 		CreationDate:       timestamppb.New(createdOrg.ObjectDetails.EventDate),
 		Id:                 createdOrg.ObjectDetails.ResourceOwner,
 		OrganizationAdmins: admins,
-	}, nil
+	}), nil
 }
 
 func OrgViewsToPb(orgs []*query.Org) []*v2beta_org.Organization {
diff --git a/internal/api/grpc/org/v2beta/org.go b/internal/api/grpc/org/v2beta/org.go
index 66198757cb..35e1d72d3c 100644
--- a/internal/api/grpc/org/v2beta/org.go
+++ b/internal/api/grpc/org/v2beta/org.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	metadata "github.com/zitadel/zitadel/internal/api/grpc/metadata/v2beta"
@@ -17,8 +18,8 @@ import (
 	v2beta_org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
 )
 
-func (s *Server) CreateOrganization(ctx context.Context, request *v2beta_org.CreateOrganizationRequest) (*v2beta_org.CreateOrganizationResponse, error) {
-	orgSetup, err := createOrganizationRequestToCommand(request)
+func (s *Server) CreateOrganization(ctx context.Context, request *connect.Request[v2beta_org.CreateOrganizationRequest]) (*connect.Response[v2beta_org.CreateOrganizationResponse], error) {
+	orgSetup, err := createOrganizationRequestToCommand(request.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -29,19 +30,19 @@ func (s *Server) CreateOrganization(ctx context.Context, request *v2beta_org.Cre
 	return createdOrganizationToPb(createdOrg)
 }
 
-func (s *Server) UpdateOrganization(ctx context.Context, request *v2beta_org.UpdateOrganizationRequest) (*v2beta_org.UpdateOrganizationResponse, error) {
-	org, err := s.command.ChangeOrg(ctx, request.Id, request.Name)
+func (s *Server) UpdateOrganization(ctx context.Context, request *connect.Request[v2beta_org.UpdateOrganizationRequest]) (*connect.Response[v2beta_org.UpdateOrganizationResponse], error) {
+	org, err := s.command.ChangeOrg(ctx, request.Msg.GetId(), request.Msg.GetName())
 	if err != nil {
 		return nil, err
 	}
 
-	return &v2beta_org.UpdateOrganizationResponse{
+	return connect.NewResponse(&v2beta_org.UpdateOrganizationResponse{
 		ChangeDate: timestamppb.New(org.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListOrganizations(ctx context.Context, request *v2beta_org.ListOrganizationsRequest) (*v2beta_org.ListOrganizationsResponse, error) {
-	queries, err := listOrgRequestToModel(s.systemDefaults, request)
+func (s *Server) ListOrganizations(ctx context.Context, request *connect.Request[v2beta_org.ListOrganizationsRequest]) (*connect.Response[v2beta_org.ListOrganizationsResponse], error) {
+	queries, err := listOrgRequestToModel(s.systemDefaults, request.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -49,107 +50,107 @@ func (s *Server) ListOrganizations(ctx context.Context, request *v2beta_org.List
 	if err != nil {
 		return nil, err
 	}
-	return &v2beta_org.ListOrganizationsResponse{
+	return connect.NewResponse(&v2beta_org.ListOrganizationsResponse{
 		Organizations: OrgViewsToPb(orgs.Orgs),
 		Pagination: &filter.PaginationResponse{
 			TotalResult:  orgs.Count,
-			AppliedLimit: uint64(request.GetPagination().GetLimit()),
+			AppliedLimit: uint64(request.Msg.GetPagination().GetLimit()),
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeleteOrganization(ctx context.Context, request *v2beta_org.DeleteOrganizationRequest) (*v2beta_org.DeleteOrganizationResponse, error) {
-	details, err := s.command.RemoveOrg(ctx, request.Id)
+func (s *Server) DeleteOrganization(ctx context.Context, request *connect.Request[v2beta_org.DeleteOrganizationRequest]) (*connect.Response[v2beta_org.DeleteOrganizationResponse], error) {
+	details, err := s.command.RemoveOrg(ctx, request.Msg.GetId())
 	if err != nil {
 		var notFoundError *zerrors.NotFoundError
 		if errors.As(err, &notFoundError) {
-			return &v2beta_org.DeleteOrganizationResponse{}, nil
+			return connect.NewResponse(&v2beta_org.DeleteOrganizationResponse{}), nil
 		}
 		return nil, err
 	}
-	return &v2beta_org.DeleteOrganizationResponse{
+	return connect.NewResponse(&v2beta_org.DeleteOrganizationResponse{
 		DeletionDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) SetOrganizationMetadata(ctx context.Context, request *v2beta_org.SetOrganizationMetadataRequest) (*v2beta_org.SetOrganizationMetadataResponse, error) {
-	result, err := s.command.BulkSetOrgMetadata(ctx, request.OrganizationId, BulkSetOrgMetadataToDomain(request)...)
+func (s *Server) SetOrganizationMetadata(ctx context.Context, request *connect.Request[v2beta_org.SetOrganizationMetadataRequest]) (*connect.Response[v2beta_org.SetOrganizationMetadataResponse], error) {
+	result, err := s.command.BulkSetOrgMetadata(ctx, request.Msg.GetOrganizationId(), BulkSetOrgMetadataToDomain(request.Msg)...)
 	if err != nil {
 		return nil, err
 	}
-	return &org.SetOrganizationMetadataResponse{
+	return connect.NewResponse(&org.SetOrganizationMetadataResponse{
 		SetDate: timestamppb.New(result.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListOrganizationMetadata(ctx context.Context, request *v2beta_org.ListOrganizationMetadataRequest) (*v2beta_org.ListOrganizationMetadataResponse, error) {
-	metadataQueries, err := ListOrgMetadataToDomain(s.systemDefaults, request)
+func (s *Server) ListOrganizationMetadata(ctx context.Context, request *connect.Request[v2beta_org.ListOrganizationMetadataRequest]) (*connect.Response[v2beta_org.ListOrganizationMetadataResponse], error) {
+	metadataQueries, err := ListOrgMetadataToDomain(s.systemDefaults, request.Msg)
 	if err != nil {
 		return nil, err
 	}
-	res, err := s.query.SearchOrgMetadata(ctx, true, request.OrganizationId, metadataQueries, false)
+	res, err := s.query.SearchOrgMetadata(ctx, true, request.Msg.GetOrganizationId(), metadataQueries, false)
 	if err != nil {
 		return nil, err
 	}
-	return &v2beta_org.ListOrganizationMetadataResponse{
+	return connect.NewResponse(&v2beta_org.ListOrganizationMetadataResponse{
 		Metadata: metadata.OrgMetadataListToPb(res.Metadata),
 		Pagination: &filter.PaginationResponse{
 			TotalResult:  res.Count,
-			AppliedLimit: uint64(request.GetPagination().GetLimit()),
+			AppliedLimit: uint64(request.Msg.GetPagination().GetLimit()),
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeleteOrganizationMetadata(ctx context.Context, request *v2beta_org.DeleteOrganizationMetadataRequest) (*v2beta_org.DeleteOrganizationMetadataResponse, error) {
-	result, err := s.command.BulkRemoveOrgMetadata(ctx, request.OrganizationId, request.Keys...)
+func (s *Server) DeleteOrganizationMetadata(ctx context.Context, request *connect.Request[v2beta_org.DeleteOrganizationMetadataRequest]) (*connect.Response[v2beta_org.DeleteOrganizationMetadataResponse], error) {
+	result, err := s.command.BulkRemoveOrgMetadata(ctx, request.Msg.GetOrganizationId(), request.Msg.Keys...)
 	if err != nil {
 		return nil, err
 	}
-	return &v2beta_org.DeleteOrganizationMetadataResponse{
+	return connect.NewResponse(&v2beta_org.DeleteOrganizationMetadataResponse{
 		DeletionDate: timestamppb.New(result.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeactivateOrganization(ctx context.Context, request *org.DeactivateOrganizationRequest) (*org.DeactivateOrganizationResponse, error) {
-	objectDetails, err := s.command.DeactivateOrg(ctx, request.Id)
+func (s *Server) DeactivateOrganization(ctx context.Context, request *connect.Request[org.DeactivateOrganizationRequest]) (*connect.Response[org.DeactivateOrganizationResponse], error) {
+	objectDetails, err := s.command.DeactivateOrg(ctx, request.Msg.GetId())
 	if err != nil {
 		return nil, err
 	}
-	return &org.DeactivateOrganizationResponse{
+	return connect.NewResponse(&org.DeactivateOrganizationResponse{
 		ChangeDate: timestamppb.New(objectDetails.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ActivateOrganization(ctx context.Context, request *org.ActivateOrganizationRequest) (*org.ActivateOrganizationResponse, error) {
-	objectDetails, err := s.command.ReactivateOrg(ctx, request.Id)
+func (s *Server) ActivateOrganization(ctx context.Context, request *connect.Request[org.ActivateOrganizationRequest]) (*connect.Response[org.ActivateOrganizationResponse], error) {
+	objectDetails, err := s.command.ReactivateOrg(ctx, request.Msg.GetId())
 	if err != nil {
 		return nil, err
 	}
-	return &org.ActivateOrganizationResponse{
+	return connect.NewResponse(&org.ActivateOrganizationResponse{
 		ChangeDate: timestamppb.New(objectDetails.EventDate),
-	}, err
+	}), err
 }
 
-func (s *Server) AddOrganizationDomain(ctx context.Context, request *org.AddOrganizationDomainRequest) (*org.AddOrganizationDomainResponse, error) {
-	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, request.Domain, request.OrganizationId)
+func (s *Server) AddOrganizationDomain(ctx context.Context, request *connect.Request[org.AddOrganizationDomainRequest]) (*connect.Response[org.AddOrganizationDomainResponse], error) {
+	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, request.Msg.GetDomain(), request.Msg.GetOrganizationId())
 	if err != nil {
 		return nil, err
 	}
-	details, err := s.command.AddOrgDomain(ctx, request.OrganizationId, request.Domain, userIDs)
+	details, err := s.command.AddOrgDomain(ctx, request.Msg.GetOrganizationId(), request.Msg.GetDomain(), userIDs)
 	if err != nil {
 		return nil, err
 	}
-	return &org.AddOrganizationDomainResponse{
+	return connect.NewResponse(&org.AddOrganizationDomainResponse{
 		CreationDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListOrganizationDomains(ctx context.Context, req *org.ListOrganizationDomainsRequest) (*org.ListOrganizationDomainsResponse, error) {
-	queries, err := ListOrgDomainsRequestToModel(s.systemDefaults, req)
+func (s *Server) ListOrganizationDomains(ctx context.Context, req *connect.Request[org.ListOrganizationDomainsRequest]) (*connect.Response[org.ListOrganizationDomainsResponse], error) {
+	queries, err := ListOrgDomainsRequestToModel(s.systemDefaults, req.Msg)
 	if err != nil {
 		return nil, err
 	}
-	orgIDQuery, err := query.NewOrgDomainOrgIDSearchQuery(req.OrganizationId)
+	orgIDQuery, err := query.NewOrgDomainOrgIDSearchQuery(req.Msg.GetOrganizationId())
 	if err != nil {
 		return nil, err
 	}
@@ -159,48 +160,48 @@ func (s *Server) ListOrganizationDomains(ctx context.Context, req *org.ListOrgan
 	if err != nil {
 		return nil, err
 	}
-	return &org.ListOrganizationDomainsResponse{
+	return connect.NewResponse(&org.ListOrganizationDomainsResponse{
 		Domains: object.DomainsToPb(domains.Domains),
 		Pagination: &filter.PaginationResponse{
 			TotalResult:  domains.Count,
-			AppliedLimit: uint64(req.GetPagination().GetLimit()),
+			AppliedLimit: uint64(req.Msg.GetPagination().GetLimit()),
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeleteOrganizationDomain(ctx context.Context, req *org.DeleteOrganizationDomainRequest) (*org.DeleteOrganizationDomainResponse, error) {
-	details, err := s.command.RemoveOrgDomain(ctx, RemoveOrgDomainRequestToDomain(ctx, req))
+func (s *Server) DeleteOrganizationDomain(ctx context.Context, req *connect.Request[org.DeleteOrganizationDomainRequest]) (*connect.Response[org.DeleteOrganizationDomainResponse], error) {
+	details, err := s.command.RemoveOrgDomain(ctx, RemoveOrgDomainRequestToDomain(ctx, req.Msg))
 	if err != nil {
 		return nil, err
 	}
-	return &org.DeleteOrganizationDomainResponse{
+	return connect.NewResponse(&org.DeleteOrganizationDomainResponse{
 		DeletionDate: timestamppb.New(details.EventDate),
-	}, err
+	}), err
 }
 
-func (s *Server) GenerateOrganizationDomainValidation(ctx context.Context, req *org.GenerateOrganizationDomainValidationRequest) (*org.GenerateOrganizationDomainValidationResponse, error) {
-	token, url, err := s.command.GenerateOrgDomainValidation(ctx, GenerateOrgDomainValidationRequestToDomain(ctx, req))
+func (s *Server) GenerateOrganizationDomainValidation(ctx context.Context, req *connect.Request[org.GenerateOrganizationDomainValidationRequest]) (*connect.Response[org.GenerateOrganizationDomainValidationResponse], error) {
+	token, url, err := s.command.GenerateOrgDomainValidation(ctx, GenerateOrgDomainValidationRequestToDomain(ctx, req.Msg))
 	if err != nil {
 		return nil, err
 	}
-	return &org.GenerateOrganizationDomainValidationResponse{
+	return connect.NewResponse(&org.GenerateOrganizationDomainValidationResponse{
 		Token: token,
 		Url:   url,
-	}, nil
+	}), nil
 }
 
-func (s *Server) VerifyOrganizationDomain(ctx context.Context, request *org.VerifyOrganizationDomainRequest) (*org.VerifyOrganizationDomainResponse, error) {
-	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, request.Domain, request.OrganizationId)
+func (s *Server) VerifyOrganizationDomain(ctx context.Context, request *connect.Request[org.VerifyOrganizationDomainRequest]) (*connect.Response[org.VerifyOrganizationDomainResponse], error) {
+	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, request.Msg.GetDomain(), request.Msg.GetOrganizationId())
 	if err != nil {
 		return nil, err
 	}
-	details, err := s.command.ValidateOrgDomain(ctx, ValidateOrgDomainRequestToDomain(ctx, request), userIDs)
+	details, err := s.command.ValidateOrgDomain(ctx, ValidateOrgDomainRequestToDomain(ctx, request.Msg), userIDs)
 	if err != nil {
 		return nil, err
 	}
-	return &org.VerifyOrganizationDomainResponse{
+	return connect.NewResponse(&org.VerifyOrganizationDomainResponse{
 		ChangeDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 }
 
 func createOrganizationRequestToCommand(request *v2beta_org.CreateOrganizationRequest) (*command.OrgSetup, error) {
diff --git a/internal/api/grpc/org/v2beta/org_test.go b/internal/api/grpc/org/v2beta/org_test.go
index 346d6b88c1..85dec79be4 100644
--- a/internal/api/grpc/org/v2beta/org_test.go
+++ b/internal/api/grpc/org/v2beta/org_test.go
@@ -4,6 +4,7 @@ import (
 	"testing"
 	"time"
 
+	"connectrpc.com/connect"
 	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -138,7 +139,7 @@ func Test_createdOrganizationToPb(t *testing.T) {
 	tests := []struct {
 		name    string
 		args    args
-		want    *org.CreateOrganizationResponse
+		want    *connect.Response[org.CreateOrganizationResponse]
 		wantErr error
 	}{
 		{
@@ -159,7 +160,7 @@ func Test_createdOrganizationToPb(t *testing.T) {
 					},
 				},
 			},
-			want: &org.CreateOrganizationResponse{
+			want: connect.NewResponse(&org.CreateOrganizationResponse{
 				CreationDate: timestamppb.New(now),
 				Id:           "orgID",
 				OrganizationAdmins: []*org.OrganizationAdmin{
@@ -173,7 +174,7 @@ func Test_createdOrganizationToPb(t *testing.T) {
 						},
 					},
 				},
-			},
+			}),
 		},
 	}
 	for _, tt := range tests {
diff --git a/internal/api/grpc/org/v2beta/server.go b/internal/api/grpc/org/v2beta/server.go
index b7e8d4994f..8f9091c7c3 100644
--- a/internal/api/grpc/org/v2beta/server.go
+++ b/internal/api/grpc/org/v2beta/server.go
@@ -1,7 +1,10 @@
 package org
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
@@ -10,12 +13,12 @@ import (
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/org/v2beta/orgconnect"
 )
 
-var _ org.OrganizationServiceServer = (*Server)(nil)
+var _ orgconnect.OrganizationServiceHandler = (*Server)(nil)
 
 type Server struct {
-	org.UnimplementedOrganizationServiceServer
 	systemDefaults  systemdefaults.SystemDefaults
 	command         *command.Commands
 	query           *query.Queries
@@ -38,8 +41,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	org.RegisterOrganizationServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return orgconnect.NewOrganizationServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return org.File_zitadel_org_v2beta_org_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/project/v2beta/project.go b/internal/api/grpc/project/v2beta/project.go
index 01b478f5be..b3294f1ea6 100644
--- a/internal/api/grpc/project/v2beta/project.go
+++ b/internal/api/grpc/project/v2beta/project.go
@@ -3,6 +3,7 @@ package project
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"github.com/muhlemmer/gu"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
@@ -13,8 +14,8 @@ import (
 	project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
 )
 
-func (s *Server) CreateProject(ctx context.Context, req *project_pb.CreateProjectRequest) (*project_pb.CreateProjectResponse, error) {
-	add := projectCreateToCommand(req)
+func (s *Server) CreateProject(ctx context.Context, req *connect.Request[project_pb.CreateProjectRequest]) (*connect.Response[project_pb.CreateProjectResponse], error) {
+	add := projectCreateToCommand(req.Msg)
 	project, err := s.command.AddProject(ctx, add)
 	if err != nil {
 		return nil, err
@@ -23,10 +24,10 @@ func (s *Server) CreateProject(ctx context.Context, req *project_pb.CreateProjec
 	if !project.EventDate.IsZero() {
 		creationDate = timestamppb.New(project.EventDate)
 	}
-	return &project_pb.CreateProjectResponse{
+	return connect.NewResponse(&project_pb.CreateProjectResponse{
 		Id:           add.AggregateID,
 		CreationDate: creationDate,
-	}, nil
+	}), nil
 }
 
 func projectCreateToCommand(req *project_pb.CreateProjectRequest) *command.AddProject {
@@ -60,8 +61,8 @@ func privateLabelingSettingToDomain(setting project_pb.PrivateLabelingSetting) d
 	}
 }
 
-func (s *Server) UpdateProject(ctx context.Context, req *project_pb.UpdateProjectRequest) (*project_pb.UpdateProjectResponse, error) {
-	project, err := s.command.ChangeProject(ctx, projectUpdateToCommand(req))
+func (s *Server) UpdateProject(ctx context.Context, req *connect.Request[project_pb.UpdateProjectRequest]) (*connect.Response[project_pb.UpdateProjectResponse], error) {
+	project, err := s.command.ChangeProject(ctx, projectUpdateToCommand(req.Msg))
 	if err != nil {
 		return nil, err
 	}
@@ -69,9 +70,9 @@ func (s *Server) UpdateProject(ctx context.Context, req *project_pb.UpdateProjec
 	if !project.EventDate.IsZero() {
 		changeDate = timestamppb.New(project.EventDate)
 	}
-	return &project_pb.UpdateProjectResponse{
+	return connect.NewResponse(&project_pb.UpdateProjectResponse{
 		ChangeDate: changeDate,
-	}, nil
+	}), nil
 }
 
 func projectUpdateToCommand(req *project_pb.UpdateProjectRequest) *command.ChangeProject {
@@ -91,13 +92,13 @@ func projectUpdateToCommand(req *project_pb.UpdateProjectRequest) *command.Chang
 	}
 }
 
-func (s *Server) DeleteProject(ctx context.Context, req *project_pb.DeleteProjectRequest) (*project_pb.DeleteProjectResponse, error) {
-	userGrantIDs, err := s.userGrantsFromProject(ctx, req.Id)
+func (s *Server) DeleteProject(ctx context.Context, req *connect.Request[project_pb.DeleteProjectRequest]) (*connect.Response[project_pb.DeleteProjectResponse], error) {
+	userGrantIDs, err := s.userGrantsFromProject(ctx, req.Msg.GetId())
 	if err != nil {
 		return nil, err
 	}
 
-	deletedAt, err := s.command.DeleteProject(ctx, req.Id, "", userGrantIDs...)
+	deletedAt, err := s.command.DeleteProject(ctx, req.Msg.GetId(), "", userGrantIDs...)
 	if err != nil {
 		return nil, err
 	}
@@ -105,9 +106,9 @@ func (s *Server) DeleteProject(ctx context.Context, req *project_pb.DeleteProjec
 	if !deletedAt.IsZero() {
 		deletionDate = timestamppb.New(deletedAt)
 	}
-	return &project_pb.DeleteProjectResponse{
+	return connect.NewResponse(&project_pb.DeleteProjectResponse{
 		DeletionDate: deletionDate,
-	}, nil
+	}), nil
 }
 
 func (s *Server) userGrantsFromProject(ctx context.Context, projectID string) ([]string, error) {
@@ -124,8 +125,8 @@ func (s *Server) userGrantsFromProject(ctx context.Context, projectID string) ([
 	return userGrantsToIDs(userGrants.UserGrants), nil
 }
 
-func (s *Server) DeactivateProject(ctx context.Context, req *project_pb.DeactivateProjectRequest) (*project_pb.DeactivateProjectResponse, error) {
-	details, err := s.command.DeactivateProject(ctx, req.Id, "")
+func (s *Server) DeactivateProject(ctx context.Context, req *connect.Request[project_pb.DeactivateProjectRequest]) (*connect.Response[project_pb.DeactivateProjectResponse], error) {
+	details, err := s.command.DeactivateProject(ctx, req.Msg.GetId(), "")
 	if err != nil {
 		return nil, err
 	}
@@ -133,13 +134,13 @@ func (s *Server) DeactivateProject(ctx context.Context, req *project_pb.Deactiva
 	if !details.EventDate.IsZero() {
 		changeDate = timestamppb.New(details.EventDate)
 	}
-	return &project_pb.DeactivateProjectResponse{
+	return connect.NewResponse(&project_pb.DeactivateProjectResponse{
 		ChangeDate: changeDate,
-	}, nil
+	}), nil
 }
 
-func (s *Server) ActivateProject(ctx context.Context, req *project_pb.ActivateProjectRequest) (*project_pb.ActivateProjectResponse, error) {
-	details, err := s.command.ReactivateProject(ctx, req.Id, "")
+func (s *Server) ActivateProject(ctx context.Context, req *connect.Request[project_pb.ActivateProjectRequest]) (*connect.Response[project_pb.ActivateProjectResponse], error) {
+	details, err := s.command.ReactivateProject(ctx, req.Msg.GetId(), "")
 	if err != nil {
 		return nil, err
 	}
@@ -147,9 +148,9 @@ func (s *Server) ActivateProject(ctx context.Context, req *project_pb.ActivatePr
 	if !details.EventDate.IsZero() {
 		changeDate = timestamppb.New(details.EventDate)
 	}
-	return &project_pb.ActivateProjectResponse{
+	return connect.NewResponse(&project_pb.ActivateProjectResponse{
 		ChangeDate: changeDate,
-	}, nil
+	}), nil
 }
 
 func userGrantsToIDs(userGrants []*query.UserGrant) []string {
diff --git a/internal/api/grpc/project/v2beta/project_grant.go b/internal/api/grpc/project/v2beta/project_grant.go
index 6c3b195c66..555d4bfd27 100644
--- a/internal/api/grpc/project/v2beta/project_grant.go
+++ b/internal/api/grpc/project/v2beta/project_grant.go
@@ -3,6 +3,7 @@ package project
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/command"
@@ -11,8 +12,8 @@ import (
 	project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
 )
 
-func (s *Server) CreateProjectGrant(ctx context.Context, req *project_pb.CreateProjectGrantRequest) (*project_pb.CreateProjectGrantResponse, error) {
-	add := projectGrantCreateToCommand(req)
+func (s *Server) CreateProjectGrant(ctx context.Context, req *connect.Request[project_pb.CreateProjectGrantRequest]) (*connect.Response[project_pb.CreateProjectGrantResponse], error) {
+	add := projectGrantCreateToCommand(req.Msg)
 	project, err := s.command.AddProjectGrant(ctx, add)
 	if err != nil {
 		return nil, err
@@ -21,9 +22,9 @@ func (s *Server) CreateProjectGrant(ctx context.Context, req *project_pb.CreateP
 	if !project.EventDate.IsZero() {
 		creationDate = timestamppb.New(project.EventDate)
 	}
-	return &project_pb.CreateProjectGrantResponse{
+	return connect.NewResponse(&project_pb.CreateProjectGrantResponse{
 		CreationDate: creationDate,
-	}, nil
+	}), nil
 }
 
 func projectGrantCreateToCommand(req *project_pb.CreateProjectGrantRequest) *command.AddProjectGrant {
@@ -37,8 +38,8 @@ func projectGrantCreateToCommand(req *project_pb.CreateProjectGrantRequest) *com
 	}
 }
 
-func (s *Server) UpdateProjectGrant(ctx context.Context, req *project_pb.UpdateProjectGrantRequest) (*project_pb.UpdateProjectGrantResponse, error) {
-	project, err := s.command.ChangeProjectGrant(ctx, projectGrantUpdateToCommand(req))
+func (s *Server) UpdateProjectGrant(ctx context.Context, req *connect.Request[project_pb.UpdateProjectGrantRequest]) (*connect.Response[project_pb.UpdateProjectGrantResponse], error) {
+	project, err := s.command.ChangeProjectGrant(ctx, projectGrantUpdateToCommand(req.Msg))
 	if err != nil {
 		return nil, err
 	}
@@ -46,9 +47,9 @@ func (s *Server) UpdateProjectGrant(ctx context.Context, req *project_pb.UpdateP
 	if !project.EventDate.IsZero() {
 		changeDate = timestamppb.New(project.EventDate)
 	}
-	return &project_pb.UpdateProjectGrantResponse{
+	return connect.NewResponse(&project_pb.UpdateProjectGrantResponse{
 		ChangeDate: changeDate,
-	}, nil
+	}), nil
 }
 
 func projectGrantUpdateToCommand(req *project_pb.UpdateProjectGrantRequest) *command.ChangeProjectGrant {
@@ -61,8 +62,8 @@ func projectGrantUpdateToCommand(req *project_pb.UpdateProjectGrantRequest) *com
 	}
 }
 
-func (s *Server) DeactivateProjectGrant(ctx context.Context, req *project_pb.DeactivateProjectGrantRequest) (*project_pb.DeactivateProjectGrantResponse, error) {
-	details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, "", req.GrantedOrganizationId, "")
+func (s *Server) DeactivateProjectGrant(ctx context.Context, req *connect.Request[project_pb.DeactivateProjectGrantRequest]) (*connect.Response[project_pb.DeactivateProjectGrantResponse], error) {
+	details, err := s.command.DeactivateProjectGrant(ctx, req.Msg.GetProjectId(), "", req.Msg.GetGrantedOrganizationId(), "")
 	if err != nil {
 		return nil, err
 	}
@@ -70,13 +71,13 @@ func (s *Server) DeactivateProjectGrant(ctx context.Context, req *project_pb.Dea
 	if !details.EventDate.IsZero() {
 		changeDate = timestamppb.New(details.EventDate)
 	}
-	return &project_pb.DeactivateProjectGrantResponse{
+	return connect.NewResponse(&project_pb.DeactivateProjectGrantResponse{
 		ChangeDate: changeDate,
-	}, nil
+	}), nil
 }
 
-func (s *Server) ActivateProjectGrant(ctx context.Context, req *project_pb.ActivateProjectGrantRequest) (*project_pb.ActivateProjectGrantResponse, error) {
-	details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, "", req.GrantedOrganizationId, "")
+func (s *Server) ActivateProjectGrant(ctx context.Context, req *connect.Request[project_pb.ActivateProjectGrantRequest]) (*connect.Response[project_pb.ActivateProjectGrantResponse], error) {
+	details, err := s.command.ReactivateProjectGrant(ctx, req.Msg.GetProjectId(), "", req.Msg.GetGrantedOrganizationId(), "")
 	if err != nil {
 		return nil, err
 	}
@@ -84,17 +85,17 @@ func (s *Server) ActivateProjectGrant(ctx context.Context, req *project_pb.Activ
 	if !details.EventDate.IsZero() {
 		changeDate = timestamppb.New(details.EventDate)
 	}
-	return &project_pb.ActivateProjectGrantResponse{
+	return connect.NewResponse(&project_pb.ActivateProjectGrantResponse{
 		ChangeDate: changeDate,
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeleteProjectGrant(ctx context.Context, req *project_pb.DeleteProjectGrantRequest) (*project_pb.DeleteProjectGrantResponse, error) {
-	userGrantIDs, err := s.userGrantsFromProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId)
+func (s *Server) DeleteProjectGrant(ctx context.Context, req *connect.Request[project_pb.DeleteProjectGrantRequest]) (*connect.Response[project_pb.DeleteProjectGrantResponse], error) {
+	userGrantIDs, err := s.userGrantsFromProjectGrant(ctx, req.Msg.GetProjectId(), req.Msg.GetGrantedOrganizationId())
 	if err != nil {
 		return nil, err
 	}
-	details, err := s.command.DeleteProjectGrant(ctx, req.ProjectId, "", req.GrantedOrganizationId, "", userGrantIDs...)
+	details, err := s.command.DeleteProjectGrant(ctx, req.Msg.GetProjectId(), "", req.Msg.GetGrantedOrganizationId(), "", userGrantIDs...)
 	if err != nil {
 		return nil, err
 	}
@@ -102,9 +103,9 @@ func (s *Server) DeleteProjectGrant(ctx context.Context, req *project_pb.DeleteP
 	if !details.EventDate.IsZero() {
 		deletionDate = timestamppb.New(details.EventDate)
 	}
-	return &project_pb.DeleteProjectGrantResponse{
+	return connect.NewResponse(&project_pb.DeleteProjectGrantResponse{
 		DeletionDate: deletionDate,
-	}, nil
+	}), nil
 }
 
 func (s *Server) userGrantsFromProjectGrant(ctx context.Context, projectID, grantedOrganizationID string) ([]string, error) {
diff --git a/internal/api/grpc/project/v2beta/project_role.go b/internal/api/grpc/project/v2beta/project_role.go
index 07fc4e9eac..2316ef4028 100644
--- a/internal/api/grpc/project/v2beta/project_role.go
+++ b/internal/api/grpc/project/v2beta/project_role.go
@@ -3,6 +3,7 @@ package project
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/command"
@@ -11,8 +12,8 @@ import (
 	project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
 )
 
-func (s *Server) AddProjectRole(ctx context.Context, req *project_pb.AddProjectRoleRequest) (*project_pb.AddProjectRoleResponse, error) {
-	role, err := s.command.AddProjectRole(ctx, addProjectRoleRequestToCommand(req))
+func (s *Server) AddProjectRole(ctx context.Context, req *connect.Request[project_pb.AddProjectRoleRequest]) (*connect.Response[project_pb.AddProjectRoleResponse], error) {
+	role, err := s.command.AddProjectRole(ctx, addProjectRoleRequestToCommand(req.Msg))
 	if err != nil {
 		return nil, err
 	}
@@ -20,9 +21,9 @@ func (s *Server) AddProjectRole(ctx context.Context, req *project_pb.AddProjectR
 	if !role.EventDate.IsZero() {
 		creationDate = timestamppb.New(role.EventDate)
 	}
-	return &project_pb.AddProjectRoleResponse{
+	return connect.NewResponse(&project_pb.AddProjectRoleResponse{
 		CreationDate: creationDate,
-	}, nil
+	}), nil
 }
 
 func addProjectRoleRequestToCommand(req *project_pb.AddProjectRoleRequest) *command.AddProjectRole {
@@ -41,8 +42,8 @@ func addProjectRoleRequestToCommand(req *project_pb.AddProjectRoleRequest) *comm
 	}
 }
 
-func (s *Server) UpdateProjectRole(ctx context.Context, req *project_pb.UpdateProjectRoleRequest) (*project_pb.UpdateProjectRoleResponse, error) {
-	role, err := s.command.ChangeProjectRole(ctx, updateProjectRoleRequestToCommand(req))
+func (s *Server) UpdateProjectRole(ctx context.Context, req *connect.Request[project_pb.UpdateProjectRoleRequest]) (*connect.Response[project_pb.UpdateProjectRoleResponse], error) {
+	role, err := s.command.ChangeProjectRole(ctx, updateProjectRoleRequestToCommand(req.Msg))
 	if err != nil {
 		return nil, err
 	}
@@ -50,9 +51,9 @@ func (s *Server) UpdateProjectRole(ctx context.Context, req *project_pb.UpdatePr
 	if !role.EventDate.IsZero() {
 		changeDate = timestamppb.New(role.EventDate)
 	}
-	return &project_pb.UpdateProjectRoleResponse{
+	return connect.NewResponse(&project_pb.UpdateProjectRoleResponse{
 		ChangeDate: changeDate,
-	}, nil
+	}), nil
 }
 
 func updateProjectRoleRequestToCommand(req *project_pb.UpdateProjectRoleRequest) *command.ChangeProjectRole {
@@ -75,16 +76,16 @@ func updateProjectRoleRequestToCommand(req *project_pb.UpdateProjectRoleRequest)
 	}
 }
 
-func (s *Server) RemoveProjectRole(ctx context.Context, req *project_pb.RemoveProjectRoleRequest) (*project_pb.RemoveProjectRoleResponse, error) {
-	userGrantIDs, err := s.userGrantsFromProjectAndRole(ctx, req.ProjectId, req.RoleKey)
+func (s *Server) RemoveProjectRole(ctx context.Context, req *connect.Request[project_pb.RemoveProjectRoleRequest]) (*connect.Response[project_pb.RemoveProjectRoleResponse], error) {
+	userGrantIDs, err := s.userGrantsFromProjectAndRole(ctx, req.Msg.GetProjectId(), req.Msg.GetRoleKey())
 	if err != nil {
 		return nil, err
 	}
-	projectGrantIDs, err := s.projectGrantsFromProjectAndRole(ctx, req.ProjectId, req.RoleKey)
+	projectGrantIDs, err := s.projectGrantsFromProjectAndRole(ctx, req.Msg.GetProjectId(), req.Msg.GetRoleKey())
 	if err != nil {
 		return nil, err
 	}
-	details, err := s.command.RemoveProjectRole(ctx, req.ProjectId, req.RoleKey, "", projectGrantIDs, userGrantIDs...)
+	details, err := s.command.RemoveProjectRole(ctx, req.Msg.GetProjectId(), req.Msg.GetRoleKey(), "", projectGrantIDs, userGrantIDs...)
 	if err != nil {
 		return nil, err
 	}
@@ -92,9 +93,9 @@ func (s *Server) RemoveProjectRole(ctx context.Context, req *project_pb.RemovePr
 	if !details.EventDate.IsZero() {
 		deletionDate = timestamppb.New(details.EventDate)
 	}
-	return &project_pb.RemoveProjectRoleResponse{
+	return connect.NewResponse(&project_pb.RemoveProjectRoleResponse{
 		RemovalDate: deletionDate,
-	}, nil
+	}), nil
 }
 
 func (s *Server) userGrantsFromProjectAndRole(ctx context.Context, projectID, roleKey string) ([]string, error) {
diff --git a/internal/api/grpc/project/v2beta/query.go b/internal/api/grpc/project/v2beta/query.go
index 42b69a480e..c736c5a086 100644
--- a/internal/api/grpc/project/v2beta/query.go
+++ b/internal/api/grpc/project/v2beta/query.go
@@ -3,6 +3,7 @@ package project
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	filter "github.com/zitadel/zitadel/internal/api/grpc/filter/v2beta"
@@ -13,18 +14,18 @@ import (
 	project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
 )
 
-func (s *Server) GetProject(ctx context.Context, req *project_pb.GetProjectRequest) (*project_pb.GetProjectResponse, error) {
-	project, err := s.query.GetProjectByIDWithPermission(ctx, true, req.Id, s.checkPermission)
+func (s *Server) GetProject(ctx context.Context, req *connect.Request[project_pb.GetProjectRequest]) (*connect.Response[project_pb.GetProjectResponse], error) {
+	project, err := s.query.GetProjectByIDWithPermission(ctx, true, req.Msg.GetId(), s.checkPermission)
 	if err != nil {
 		return nil, err
 	}
-	return &project_pb.GetProjectResponse{
+	return connect.NewResponse(&project_pb.GetProjectResponse{
 		Project: projectToPb(project),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListProjects(ctx context.Context, req *project_pb.ListProjectsRequest) (*project_pb.ListProjectsResponse, error) {
-	queries, err := s.listProjectRequestToModel(req)
+func (s *Server) ListProjects(ctx context.Context, req *connect.Request[project_pb.ListProjectsRequest]) (*connect.Response[project_pb.ListProjectsResponse], error) {
+	queries, err := s.listProjectRequestToModel(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -32,10 +33,10 @@ func (s *Server) ListProjects(ctx context.Context, req *project_pb.ListProjectsR
 	if err != nil {
 		return nil, err
 	}
-	return &project_pb.ListProjectsResponse{
+	return connect.NewResponse(&project_pb.ListProjectsResponse{
 		Projects:   grantedProjectsToPb(resp.GrantedProjects),
 		Pagination: filter.QueryToPaginationPb(queries.SearchRequest, resp.SearchResponse),
-	}, nil
+	}), nil
 }
 
 func (s *Server) listProjectRequestToModel(req *project_pb.ListProjectsRequest) (*query.ProjectAndGrantedProjectSearchQueries, error) {
@@ -213,8 +214,8 @@ func privateLabelingSettingToPb(setting domain.PrivateLabelingSetting) project_p
 	}
 }
 
-func (s *Server) ListProjectGrants(ctx context.Context, req *project_pb.ListProjectGrantsRequest) (*project_pb.ListProjectGrantsResponse, error) {
-	queries, err := s.listProjectGrantsRequestToModel(req)
+func (s *Server) ListProjectGrants(ctx context.Context, req *connect.Request[project_pb.ListProjectGrantsRequest]) (*connect.Response[project_pb.ListProjectGrantsResponse], error) {
+	queries, err := s.listProjectGrantsRequestToModel(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -222,10 +223,10 @@ func (s *Server) ListProjectGrants(ctx context.Context, req *project_pb.ListProj
 	if err != nil {
 		return nil, err
 	}
-	return &project_pb.ListProjectGrantsResponse{
+	return connect.NewResponse(&project_pb.ListProjectGrantsResponse{
 		ProjectGrants: projectGrantsToPb(resp.ProjectGrants),
 		Pagination:    filter.QueryToPaginationPb(queries.SearchRequest, resp.SearchResponse),
-	}, nil
+	}), nil
 }
 
 func (s *Server) listProjectGrantsRequestToModel(req *project_pb.ListProjectGrantsRequest) (*query.ProjectGrantSearchQueries, error) {
@@ -329,12 +330,12 @@ func projectGrantStateToPb(state domain.ProjectGrantState) project_pb.ProjectGra
 	}
 }
 
-func (s *Server) ListProjectRoles(ctx context.Context, req *project_pb.ListProjectRolesRequest) (*project_pb.ListProjectRolesResponse, error) {
-	queries, err := s.listProjectRolesRequestToModel(req)
+func (s *Server) ListProjectRoles(ctx context.Context, req *connect.Request[project_pb.ListProjectRolesRequest]) (*connect.Response[project_pb.ListProjectRolesResponse], error) {
+	queries, err := s.listProjectRolesRequestToModel(req.Msg)
 	if err != nil {
 		return nil, err
 	}
-	err = queries.AppendProjectIDQuery(req.ProjectId)
+	err = queries.AppendProjectIDQuery(req.Msg.GetProjectId())
 	if err != nil {
 		return nil, err
 	}
@@ -342,10 +343,10 @@ func (s *Server) ListProjectRoles(ctx context.Context, req *project_pb.ListProje
 	if err != nil {
 		return nil, err
 	}
-	return &project_pb.ListProjectRolesResponse{
+	return connect.NewResponse(&project_pb.ListProjectRolesResponse{
 		ProjectRoles: roleViewsToPb(roles.ProjectRoles),
 		Pagination:   filter.QueryToPaginationPb(queries.SearchRequest, roles.SearchResponse),
-	}, nil
+	}), nil
 }
 
 func (s *Server) listProjectRolesRequestToModel(req *project_pb.ListProjectRolesRequest) (*query.ProjectRoleSearchQueries, error) {
diff --git a/internal/api/grpc/project/v2beta/server.go b/internal/api/grpc/project/v2beta/server.go
index fe197f9688..12c18ae4c6 100644
--- a/internal/api/grpc/project/v2beta/server.go
+++ b/internal/api/grpc/project/v2beta/server.go
@@ -1,21 +1,23 @@
 package project
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
-	"github.com/zitadel/zitadel/internal/api/grpc/server"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/config/systemdefaults"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	project "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/project/v2beta/projectconnect"
 )
 
-var _ project.ProjectServiceServer = (*Server)(nil)
+var _ projectconnect.ProjectServiceHandler = (*Server)(nil)
 
 type Server struct {
-	project.UnimplementedProjectServiceServer
 	systemDefaults systemdefaults.SystemDefaults
 	command        *command.Commands
 	query          *query.Queries
@@ -39,8 +41,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	project.RegisterProjectServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return projectconnect.NewProjectServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return project.File_zitadel_project_v2beta_project_service_proto
 }
 
 func (s *Server) AppName() string {
@@ -54,7 +60,3 @@ func (s *Server) MethodPrefix() string {
 func (s *Server) AuthMethods() authz.MethodMapping {
 	return project.ProjectService_AuthMethods
 }
-
-func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
-	return project.RegisterProjectServiceHandler
-}
diff --git a/internal/api/grpc/saml/v2/saml.go b/internal/api/grpc/saml/v2/saml.go
index 43eae5feb1..5491a5e04b 100644
--- a/internal/api/grpc/saml/v2/saml.go
+++ b/internal/api/grpc/saml/v2/saml.go
@@ -3,6 +3,7 @@ package saml
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"github.com/zitadel/logging"
 	"github.com/zitadel/saml/pkg/provider"
 	"google.golang.org/protobuf/types/known/timestamppb"
@@ -16,15 +17,15 @@ import (
 	saml_pb "github.com/zitadel/zitadel/pkg/grpc/saml/v2"
 )
 
-func (s *Server) GetSAMLRequest(ctx context.Context, req *saml_pb.GetSAMLRequestRequest) (*saml_pb.GetSAMLRequestResponse, error) {
-	authRequest, err := s.query.SamlRequestByID(ctx, true, req.GetSamlRequestId(), true)
+func (s *Server) GetSAMLRequest(ctx context.Context, req *connect.Request[saml_pb.GetSAMLRequestRequest]) (*connect.Response[saml_pb.GetSAMLRequestResponse], error) {
+	authRequest, err := s.query.SamlRequestByID(ctx, true, req.Msg.GetSamlRequestId(), true)
 	if err != nil {
 		logging.WithError(err).Error("query samlRequest by ID")
 		return nil, err
 	}
-	return &saml_pb.GetSAMLRequestResponse{
+	return connect.NewResponse(&saml_pb.GetSAMLRequestResponse{
 		SamlRequest: samlRequestToPb(authRequest),
-	}, nil
+	}), nil
 }
 
 func samlRequestToPb(a *query.SamlRequest) *saml_pb.SAMLRequest {
@@ -34,18 +35,18 @@ func samlRequestToPb(a *query.SamlRequest) *saml_pb.SAMLRequest {
 	}
 }
 
-func (s *Server) CreateResponse(ctx context.Context, req *saml_pb.CreateResponseRequest) (*saml_pb.CreateResponseResponse, error) {
-	switch v := req.GetResponseKind().(type) {
+func (s *Server) CreateResponse(ctx context.Context, req *connect.Request[saml_pb.CreateResponseRequest]) (*connect.Response[saml_pb.CreateResponseResponse], error) {
+	switch v := req.Msg.GetResponseKind().(type) {
 	case *saml_pb.CreateResponseRequest_Error:
-		return s.failSAMLRequest(ctx, req.GetSamlRequestId(), v.Error)
+		return s.failSAMLRequest(ctx, req.Msg.GetSamlRequestId(), v.Error)
 	case *saml_pb.CreateResponseRequest_Session:
-		return s.linkSessionToSAMLRequest(ctx, req.GetSamlRequestId(), v.Session)
+		return s.linkSessionToSAMLRequest(ctx, req.Msg.GetSamlRequestId(), v.Session)
 	default:
 		return nil, zerrors.ThrowUnimplementedf(nil, "SAMLv2-0Tfak3fBS0", "verification oneOf %T in method CreateResponse not implemented", v)
 	}
 }
 
-func (s *Server) failSAMLRequest(ctx context.Context, samlRequestID string, ae *saml_pb.AuthorizationError) (*saml_pb.CreateResponseResponse, error) {
+func (s *Server) failSAMLRequest(ctx context.Context, samlRequestID string, ae *saml_pb.AuthorizationError) (*connect.Response[saml_pb.CreateResponseResponse], error) {
 	details, aar, err := s.command.FailSAMLRequest(ctx, samlRequestID, errorReasonToDomain(ae.GetError()))
 	if err != nil {
 		return nil, err
@@ -55,7 +56,7 @@ func (s *Server) failSAMLRequest(ctx context.Context, samlRequestID string, ae *
 	if err != nil {
 		return nil, err
 	}
-	return createCallbackResponseFromBinding(details, url, body, authReq.RelayState), nil
+	return connect.NewResponse(createCallbackResponseFromBinding(details, url, body, authReq.RelayState)), nil
 }
 
 func (s *Server) checkPermission(ctx context.Context, issuer string, userID string) error {
@@ -72,7 +73,7 @@ func (s *Server) checkPermission(ctx context.Context, issuer string, userID stri
 	return nil
 }
 
-func (s *Server) linkSessionToSAMLRequest(ctx context.Context, samlRequestID string, session *saml_pb.Session) (*saml_pb.CreateResponseResponse, error) {
+func (s *Server) linkSessionToSAMLRequest(ctx context.Context, samlRequestID string, session *saml_pb.Session) (*connect.Response[saml_pb.CreateResponseResponse], error) {
 	details, aar, err := s.command.LinkSessionToSAMLRequest(ctx, samlRequestID, session.GetSessionId(), session.GetSessionToken(), true, s.checkPermission)
 	if err != nil {
 		return nil, err
@@ -87,7 +88,7 @@ func (s *Server) linkSessionToSAMLRequest(ctx context.Context, samlRequestID str
 	if err != nil {
 		return nil, err
 	}
-	return createCallbackResponseFromBinding(details, url, body, authReq.RelayState), nil
+	return connect.NewResponse(createCallbackResponseFromBinding(details, url, body, authReq.RelayState)), nil
 }
 
 func createCallbackResponseFromBinding(details *domain.ObjectDetails, url string, body string, relayState string) *saml_pb.CreateResponseResponse {
diff --git a/internal/api/grpc/saml/v2/server.go b/internal/api/grpc/saml/v2/server.go
index 62299d88c5..312a7c356a 100644
--- a/internal/api/grpc/saml/v2/server.go
+++ b/internal/api/grpc/saml/v2/server.go
@@ -1,7 +1,10 @@
 package saml
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
@@ -9,9 +12,10 @@ import (
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/query"
 	saml_pb "github.com/zitadel/zitadel/pkg/grpc/saml/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/saml/v2/samlconnect"
 )
 
-var _ saml_pb.SAMLServiceServer = (*Server)(nil)
+var _ samlconnect.SAMLServiceHandler = (*Server)(nil)
 
 type Server struct {
 	saml_pb.UnimplementedSAMLServiceServer
@@ -38,8 +42,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	saml_pb.RegisterSAMLServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return samlconnect.NewSAMLServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return saml_pb.File_zitadel_saml_v2_saml_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/server/connect_middleware/access_interceptor.go b/internal/api/grpc/server/connect_middleware/access_interceptor.go
new file mode 100644
index 0000000000..a08df59860
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/access_interceptor.go
@@ -0,0 +1,57 @@
+package connect_middleware
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"connectrpc.com/connect"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	http_util "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/logstore"
+	"github.com/zitadel/zitadel/internal/logstore/record"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+)
+
+func AccessStorageInterceptor(svc *logstore.Service[*record.AccessLog]) connect.UnaryInterceptorFunc {
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (_ connect.AnyResponse, err error) {
+			if !svc.Enabled() {
+				return handler(ctx, req)
+			}
+			resp, handlerErr := handler(ctx, req)
+
+			interceptorCtx, span := tracing.NewServerInterceptorSpan(ctx)
+			defer func() { span.EndWithError(err) }()
+
+			var respStatus uint32
+			if code := connect.CodeOf(handlerErr); code != connect.CodeUnknown {
+				respStatus = uint32(code)
+			}
+
+			respHeader := http.Header{}
+			if resp != nil {
+				respHeader = resp.Header()
+			}
+			instance := authz.GetInstance(ctx)
+			domainCtx := http_util.DomainContext(ctx)
+
+			r := &record.AccessLog{
+				LogDate:         time.Now(),
+				Protocol:        record.GRPC,
+				RequestURL:      req.Spec().Procedure,
+				ResponseStatus:  respStatus,
+				RequestHeaders:  req.Header(),
+				ResponseHeaders: respHeader,
+				InstanceID:      instance.InstanceID(),
+				ProjectID:       instance.ProjectID(),
+				RequestedDomain: domainCtx.RequestedDomain(),
+				RequestedHost:   domainCtx.RequestedHost(),
+			}
+
+			svc.Handle(interceptorCtx, r)
+			return resp, handlerErr
+		}
+	}
+}
diff --git a/internal/api/grpc/server/connect_middleware/activity_interceptor.go b/internal/api/grpc/server/connect_middleware/activity_interceptor.go
new file mode 100644
index 0000000000..4ba6044645
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/activity_interceptor.go
@@ -0,0 +1,52 @@
+package connect_middleware
+
+import (
+	"context"
+	"net/http"
+	"slices"
+	"strings"
+
+	"connectrpc.com/connect"
+
+	"github.com/zitadel/zitadel/internal/activity"
+	"github.com/zitadel/zitadel/internal/api/grpc/gerrors"
+	ainfo "github.com/zitadel/zitadel/internal/api/info"
+)
+
+func ActivityInterceptor() connect.UnaryInterceptorFunc {
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			ctx = activityInfoFromGateway(ctx, req.Header()).SetMethod(req.Spec().Procedure).IntoContext(ctx)
+			resp, err := handler(ctx, req)
+			if isResourceAPI(req.Spec().Procedure) {
+				code, _, _, _ := gerrors.ExtractZITADELError(err)
+				ctx = ainfo.ActivityInfoFromContext(ctx).SetGRPCStatus(code).IntoContext(ctx)
+				activity.TriggerGRPCWithContext(ctx, activity.ResourceAPI)
+			}
+			return resp, err
+		}
+	}
+}
+
+var resourcePrefixes = []string{
+	"/zitadel.management.v1.ManagementService/",
+	"/zitadel.admin.v1.AdminService/",
+	"/zitadel.user.v2.UserService/",
+	"/zitadel.settings.v2.SettingsService/",
+	"/zitadel.user.v2beta.UserService/",
+	"/zitadel.settings.v2beta.SettingsService/",
+	"/zitadel.auth.v1.AuthService/",
+}
+
+func isResourceAPI(method string) bool {
+	return slices.ContainsFunc(resourcePrefixes, func(prefix string) bool {
+		return strings.HasPrefix(method, prefix)
+	})
+}
+
+func activityInfoFromGateway(ctx context.Context, headers http.Header) *ainfo.ActivityInfo {
+	info := ainfo.ActivityInfoFromContext(ctx)
+	path := headers.Get(activity.PathKey)
+	requestMethod := headers.Get(activity.RequestMethodKey)
+	return info.SetPath(path).SetRequestMethod(requestMethod)
+}
diff --git a/internal/api/grpc/server/connect_middleware/auth_interceptor.go b/internal/api/grpc/server/connect_middleware/auth_interceptor.go
new file mode 100644
index 0000000000..9e500601d0
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/auth_interceptor.go
@@ -0,0 +1,65 @@
+package connect_middleware
+
+import (
+	"context"
+	"errors"
+
+	"connectrpc.com/connect"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+)
+
+func AuthorizationInterceptor(verifier authz.APITokenVerifier, systemUserPermissions authz.Config, authConfig authz.Config) connect.UnaryInterceptorFunc {
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			return authorize(ctx, req, handler, verifier, systemUserPermissions, authConfig)
+		}
+	}
+}
+
+func authorize(ctx context.Context, req connect.AnyRequest, handler connect.UnaryFunc, verifier authz.APITokenVerifier, systemUserPermissions authz.Config, authConfig authz.Config) (_ connect.AnyResponse, err error) {
+	authOpt, needsToken := verifier.CheckAuthMethod(req.Spec().Procedure)
+	if !needsToken {
+		return handler(ctx, req)
+	}
+
+	authCtx, span := tracing.NewServerInterceptorSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	authToken := req.Header().Get(http.Authorization)
+	if authToken == "" {
+		return nil, connect.NewError(connect.CodeUnauthenticated, errors.New("auth header missing"))
+	}
+
+	orgID, orgDomain := orgIDAndDomainFromRequest(req)
+	ctxSetter, err := authz.CheckUserAuthorization(authCtx, req, authToken, orgID, orgDomain, verifier, systemUserPermissions.RolePermissionMappings, authConfig.RolePermissionMappings, authOpt, req.Spec().Procedure)
+	if err != nil {
+		return nil, err
+	}
+	span.End()
+	return handler(ctxSetter(ctx), req)
+}
+
+func orgIDAndDomainFromRequest(req connect.AnyRequest) (id, domain string) {
+	orgID := req.Header().Get(http.ZitadelOrgID)
+	oz, ok := req.Any().(OrganizationFromRequest)
+	if ok {
+		id = oz.OrganizationFromRequestConnect().ID
+		domain = oz.OrganizationFromRequestConnect().Domain
+		if id != "" || domain != "" {
+			return id, domain
+		}
+	}
+	return orgID, domain
+}
+
+type Organization struct {
+	ID     string
+	Domain string
+}
+
+type OrganizationFromRequest interface {
+	OrganizationFromRequestConnect() *Organization
+}
diff --git a/internal/api/grpc/server/connect_middleware/auth_interceptor_test.go b/internal/api/grpc/server/connect_middleware/auth_interceptor_test.go
new file mode 100644
index 0000000000..06e716c140
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/auth_interceptor_test.go
@@ -0,0 +1,318 @@
+package connect_middleware
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"reflect"
+	"testing"
+
+	"connectrpc.com/connect"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const anAPIRole = "AN_API_ROLE"
+
+type authzRepoMock struct{}
+
+func (v *authzRepoMock) VerifyAccessToken(ctx context.Context, token, clientID, projectID string) (string, string, string, string, string, error) {
+	return "", "", "", "", "", nil
+}
+
+func (v *authzRepoMock) SearchMyMemberships(ctx context.Context, orgID string, _ bool) ([]*authz.Membership, error) {
+	return authz.Memberships{{
+		MemberType:  authz.MemberTypeOrganization,
+		AggregateID: orgID,
+		Roles:       []string{anAPIRole},
+	}}, nil
+}
+
+func (v *authzRepoMock) ProjectIDAndOriginsByClientID(ctx context.Context, clientID string) (string, []string, error) {
+	return "", nil, nil
+}
+
+func (v *authzRepoMock) ExistsOrg(ctx context.Context, orgID, domain string) (string, error) {
+	return orgID, nil
+}
+
+func (v *authzRepoMock) VerifierClientID(ctx context.Context, appName string) (string, string, error) {
+	return "", "", nil
+}
+
+var (
+	accessTokenOK = authz.AccessTokenVerifierFunc(func(ctx context.Context, token string) (userID string, clientID string, agentID string, prefLan string, resourceOwner string, err error) {
+		return "user1", "", "", "", "org1", nil
+	})
+	accessTokenNOK = authz.AccessTokenVerifierFunc(func(ctx context.Context, token string) (userID string, clientID string, agentID string, prefLan string, resourceOwner string, err error) {
+		return "", "", "", "", "", zerrors.ThrowUnauthenticated(nil, "TEST-fQHDI", "unauthenticaded")
+	})
+	systemTokenNOK = authz.SystemTokenVerifierFunc(func(ctx context.Context, token string, orgID string) (memberships authz.Memberships, userID string, err error) {
+		return nil, "", errors.New("system token error")
+	})
+)
+
+type mockOrgFromRequest struct {
+	id string
+}
+
+func (m *mockOrgFromRequest) OrganizationFromRequestConnect() *Organization {
+	return &Organization{
+		ID:     m.id,
+		Domain: "",
+	}
+}
+
+func Test_authorize(t *testing.T) {
+	type args struct {
+		ctx        context.Context
+		req        connect.AnyRequest
+		handler    func(t *testing.T) connect.UnaryFunc
+		verifier   func() authz.APITokenVerifier
+		authConfig authz.Config
+	}
+	type res struct {
+		want    interface{}
+		wantErr bool
+	}
+	tests := []struct {
+		name string
+		args args
+		res  res
+	}{
+		{
+			"no token needed ok",
+			args{
+				ctx:     context.Background(),
+				req:     &mockReq[struct{}]{procedure: "/no/token/needed"},
+				handler: emptyMockHandler(&connect.Response[struct{}]{}, authz.CtxData{}),
+				verifier: func() authz.APITokenVerifier {
+					verifier := authz.StartAPITokenVerifier(&authzRepoMock{}, accessTokenOK, systemTokenNOK)
+					verifier.RegisterServer("need", "need", authz.MethodMapping{})
+					return verifier
+				},
+			},
+			res{
+				&connect.Response[struct{}]{},
+				false,
+			},
+		},
+		{
+			"auth header missing error",
+			args{
+				ctx:     context.Background(),
+				req:     &mockReq[struct{}]{procedure: "/need/authentication"},
+				handler: emptyMockHandler(&connect.Response[struct{}]{}, authz.CtxData{}),
+				verifier: func() authz.APITokenVerifier {
+					verifier := authz.StartAPITokenVerifier(&authzRepoMock{}, accessTokenOK, systemTokenNOK)
+					verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "authenticated"}})
+					return verifier
+				},
+				authConfig: authz.Config{},
+			},
+			res{
+				nil,
+				true,
+			},
+		},
+		{
+			"unauthorized error",
+			args{
+				ctx:     context.Background(),
+				req:     &mockReq[struct{}]{procedure: "/need/authentication", header: http.Header{"Authorization": []string{"wrong"}}},
+				handler: emptyMockHandler(&connect.Response[struct{}]{}, authz.CtxData{}),
+				verifier: func() authz.APITokenVerifier {
+					verifier := authz.StartAPITokenVerifier(&authzRepoMock{}, accessTokenOK, systemTokenNOK)
+					verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "authenticated"}})
+					return verifier
+				},
+				authConfig: authz.Config{},
+			},
+			res{
+				nil,
+				true,
+			},
+		},
+		{
+			"authorized ok",
+			args{
+				ctx: context.Background(),
+				req: &mockReq[struct{}]{procedure: "/need/authentication", header: http.Header{"Authorization": []string{"Bearer token"}}},
+				handler: emptyMockHandler(&connect.Response[struct{}]{}, authz.CtxData{
+					UserID:        "user1",
+					OrgID:         "org1",
+					ResourceOwner: "org1",
+				}),
+				verifier: func() authz.APITokenVerifier {
+					verifier := authz.StartAPITokenVerifier(&authzRepoMock{}, accessTokenOK, systemTokenNOK)
+					verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "authenticated"}})
+					return verifier
+				},
+				authConfig: authz.Config{},
+			},
+			res{
+				&connect.Response[struct{}]{},
+				false,
+			},
+		},
+		{
+			"authorized ok, org by request",
+			args{
+				ctx: context.Background(),
+				req: &mockReq[mockOrgFromRequest]{
+					Request:   connect.Request[mockOrgFromRequest]{Msg: &mockOrgFromRequest{"id"}},
+					procedure: "/need/authentication",
+					header:    http.Header{"Authorization": []string{"Bearer token"}},
+				},
+				handler: emptyMockHandler(&connect.Response[mockOrgFromRequest]{Msg: &mockOrgFromRequest{"id"}}, authz.CtxData{
+					UserID:        "user1",
+					OrgID:         "id",
+					ResourceOwner: "org1",
+				}),
+				verifier: func() authz.APITokenVerifier {
+					verifier := authz.StartAPITokenVerifier(&authzRepoMock{}, accessTokenOK, systemTokenNOK)
+					verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "authenticated"}})
+					return verifier
+				},
+				authConfig: authz.Config{},
+			},
+			res{
+				&connect.Response[mockOrgFromRequest]{Msg: &mockOrgFromRequest{"id"}},
+				false,
+			},
+		},
+		{
+			"permission denied error",
+			args{
+				ctx: context.Background(),
+				req: &mockReq[struct{}]{procedure: "/need/authentication", header: http.Header{"Authorization": []string{"Bearer token"}}},
+				handler: emptyMockHandler(&connect.Response[struct{}]{}, authz.CtxData{
+					UserID:        "user1",
+					OrgID:         "org1",
+					ResourceOwner: "org1",
+				}),
+				verifier: func() authz.APITokenVerifier {
+					verifier := authz.StartAPITokenVerifier(&authzRepoMock{}, accessTokenOK, systemTokenNOK)
+					verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "to.do.something"}})
+					return verifier
+				},
+				authConfig: authz.Config{
+					RolePermissionMappings: []authz.RoleMapping{{
+						Role:        anAPIRole,
+						Permissions: []string{"to.do.something.else"},
+					}},
+				},
+			},
+			res{
+				nil,
+				true,
+			},
+		},
+		{
+			"permission ok",
+			args{
+				ctx: context.Background(),
+				req: &mockReq[struct{}]{procedure: "/need/authentication", header: http.Header{"Authorization": []string{"Bearer token"}}},
+				handler: emptyMockHandler(&connect.Response[struct{}]{}, authz.CtxData{
+					UserID:        "user1",
+					OrgID:         "org1",
+					ResourceOwner: "org1",
+				}),
+				verifier: func() authz.APITokenVerifier {
+					verifier := authz.StartAPITokenVerifier(&authzRepoMock{}, accessTokenOK, systemTokenNOK)
+					verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "to.do.something"}})
+					return verifier
+				},
+				authConfig: authz.Config{
+					RolePermissionMappings: []authz.RoleMapping{{
+						Role:        anAPIRole,
+						Permissions: []string{"to.do.something"},
+					}},
+				},
+			},
+			res{
+				&connect.Response[struct{}]{},
+				false,
+			},
+		},
+		{
+			"system token permission denied error",
+			args{
+				ctx:     context.Background(),
+				req:     &mockReq[struct{}]{procedure: "/need/authentication", header: http.Header{"Authorization": []string{"Bearer token"}}},
+				handler: emptyMockHandler(&connect.Response[struct{}]{}, authz.CtxData{}),
+				verifier: func() authz.APITokenVerifier {
+					verifier := authz.StartAPITokenVerifier(&authzRepoMock{}, accessTokenNOK, authz.SystemTokenVerifierFunc(func(ctx context.Context, token string, orgID string) (memberships authz.Memberships, userID string, err error) {
+						return authz.Memberships{{
+							MemberType: authz.MemberTypeSystem,
+							Roles:      []string{"A_SYSTEM_ROLE"},
+						}}, "systemuser", nil
+					}))
+					verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "to.do.something"}})
+					return verifier
+				},
+				authConfig: authz.Config{
+					RolePermissionMappings: []authz.RoleMapping{{
+						Role:        "A_SYSTEM_ROLE",
+						Permissions: []string{"to.do.something.else"},
+					}},
+				},
+			},
+			res{
+				nil,
+				true,
+			},
+		},
+		{
+			"system token permission denied error",
+			args{
+				ctx: context.Background(),
+				req: &mockReq[struct{}]{procedure: "/need/authentication", header: http.Header{"Authorization": []string{"Bearer token"}}},
+				handler: emptyMockHandler(&connect.Response[struct{}]{}, authz.CtxData{
+					UserID: "systemuser",
+					SystemMemberships: authz.Memberships{{
+						MemberType: authz.MemberTypeSystem,
+						Roles:      []string{"A_SYSTEM_ROLE"},
+					}},
+					SystemUserPermissions: []authz.SystemUserPermissions{{
+						MemberType:  authz.MemberTypeSystem,
+						Permissions: []string{"to.do.something"},
+					}},
+				}),
+				verifier: func() authz.APITokenVerifier {
+					verifier := authz.StartAPITokenVerifier(&authzRepoMock{}, accessTokenNOK, authz.SystemTokenVerifierFunc(func(ctx context.Context, token string, orgID string) (memberships authz.Memberships, userID string, err error) {
+						return authz.Memberships{{
+							MemberType: authz.MemberTypeSystem,
+							Roles:      []string{"A_SYSTEM_ROLE"},
+						}}, "systemuser", nil
+					}))
+					verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "to.do.something"}})
+					return verifier
+				},
+				authConfig: authz.Config{
+					RolePermissionMappings: []authz.RoleMapping{{
+						Role:        "A_SYSTEM_ROLE",
+						Permissions: []string{"to.do.something"},
+					}},
+				},
+			},
+			res{
+				&connect.Response[struct{}]{},
+				false,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := authorize(tt.args.ctx, tt.args.req, tt.args.handler(t), tt.args.verifier(), tt.args.authConfig, tt.args.authConfig)
+			if (err != nil) != tt.res.wantErr {
+				t.Errorf("authorize() error = %v, wantErr %v", err, tt.res.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.res.want) {
+				t.Errorf("authorize() got = %v, want %v", got, tt.res.want)
+			}
+		})
+	}
+}
diff --git a/internal/api/grpc/server/connect_middleware/cache_interceptor.go b/internal/api/grpc/server/connect_middleware/cache_interceptor.go
new file mode 100644
index 0000000000..60ba0032f1
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/cache_interceptor.go
@@ -0,0 +1,31 @@
+package connect_middleware
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"connectrpc.com/connect"
+
+	_ "github.com/zitadel/zitadel/internal/statik"
+)
+
+func NoCacheInterceptor() connect.UnaryInterceptorFunc {
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			headers := map[string]string{
+				"cache-control": "no-store",
+				"expires":       time.Now().UTC().Format(http.TimeFormat),
+				"pragma":        "no-cache",
+			}
+			resp, err := handler(ctx, req)
+			if err != nil {
+				return nil, err
+			}
+			for key, value := range headers {
+				resp.Header().Set(key, value)
+			}
+			return resp, err
+		}
+	}
+}
diff --git a/internal/api/grpc/server/connect_middleware/call_interceptor.go b/internal/api/grpc/server/connect_middleware/call_interceptor.go
new file mode 100644
index 0000000000..cc74e10f85
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/call_interceptor.go
@@ -0,0 +1,18 @@
+package connect_middleware
+
+import (
+	"context"
+
+	"connectrpc.com/connect"
+
+	"github.com/zitadel/zitadel/internal/api/call"
+)
+
+func CallDurationHandler() connect.UnaryInterceptorFunc {
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			ctx = call.WithTimestamp(ctx)
+			return handler(ctx, req)
+		}
+	}
+}
diff --git a/internal/api/grpc/server/connect_middleware/error_interceptor.go b/internal/api/grpc/server/connect_middleware/error_interceptor.go
new file mode 100644
index 0000000000..9aef95bc6d
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/error_interceptor.go
@@ -0,0 +1,23 @@
+package connect_middleware
+
+import (
+	"context"
+
+	"connectrpc.com/connect"
+
+	"github.com/zitadel/zitadel/internal/api/grpc/gerrors"
+	_ "github.com/zitadel/zitadel/internal/statik"
+)
+
+func ErrorHandler() connect.UnaryInterceptorFunc {
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			return toConnectError(ctx, req, handler)
+		}
+	}
+}
+
+func toConnectError(ctx context.Context, req connect.AnyRequest, handler connect.UnaryFunc) (connect.AnyResponse, error) {
+	resp, err := handler(ctx, req)
+	return resp, gerrors.ZITADELToConnectError(err) // TODO !
+}
diff --git a/internal/api/grpc/server/connect_middleware/error_interceptor_test.go b/internal/api/grpc/server/connect_middleware/error_interceptor_test.go
new file mode 100644
index 0000000000..954f2fd58f
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/error_interceptor_test.go
@@ -0,0 +1,65 @@
+package connect_middleware
+
+import (
+	"context"
+	"reflect"
+	"testing"
+
+	"connectrpc.com/connect"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+)
+
+func Test_toGRPCError(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		req     connect.AnyRequest
+		handler func(t *testing.T) connect.UnaryFunc
+	}
+	type res struct {
+		want    interface{}
+		wantErr bool
+	}
+	tests := []struct {
+		name string
+		args args
+		res  res
+	}{
+		{
+			"no error",
+			args{
+				ctx:     context.Background(),
+				req:     &mockReq[struct{}]{},
+				handler: emptyMockHandler(&connect.Response[struct{}]{}, authz.CtxData{}),
+			},
+			res{
+				&connect.Response[struct{}]{},
+				false,
+			},
+		},
+		{
+			"error",
+			args{
+				ctx:     context.Background(),
+				req:     &mockReq[struct{}]{},
+				handler: errorMockHandler(),
+			},
+			res{
+				nil,
+				true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := toConnectError(tt.args.ctx, tt.args.req, tt.args.handler(t))
+			if (err != nil) != tt.res.wantErr {
+				t.Errorf("toGRPCError() error = %v, wantErr %v", err, tt.res.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.res.want) {
+				t.Errorf("toGRPCError() got = %v, want %v", got, tt.res.want)
+			}
+		})
+	}
+}
diff --git a/internal/api/grpc/server/connect_middleware/execution_interceptor.go b/internal/api/grpc/server/connect_middleware/execution_interceptor.go
new file mode 100644
index 0000000000..879496a33f
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/execution_interceptor.go
@@ -0,0 +1,160 @@
+package connect_middleware
+
+import (
+	"context"
+	"encoding/json"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/execution"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+)
+
+func ExecutionHandler(queries *query.Queries) connect.UnaryInterceptorFunc {
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (_ connect.AnyResponse, err error) {
+			requestTargets, responseTargets := execution.QueryExecutionTargetsForRequestAndResponse(ctx, queries, req.Spec().Procedure)
+
+			// call targets otherwise return req
+			handledReq, err := executeTargetsForRequest(ctx, requestTargets, req.Spec().Procedure, req)
+			if err != nil {
+				return nil, err
+			}
+
+			response, err := handler(ctx, handledReq)
+			if err != nil {
+				return nil, err
+			}
+
+			return executeTargetsForResponse(ctx, responseTargets, req.Spec().Procedure, handledReq, response)
+		}
+	}
+}
+
+func executeTargetsForRequest(ctx context.Context, targets []execution.Target, fullMethod string, req connect.AnyRequest) (_ connect.AnyRequest, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	// if no targets are found, return without any calls
+	if len(targets) == 0 {
+		return req, nil
+	}
+
+	ctxData := authz.GetCtxData(ctx)
+	info := &ContextInfoRequest{
+		FullMethod: fullMethod,
+		InstanceID: authz.GetInstance(ctx).InstanceID(),
+		ProjectID:  ctxData.ProjectID,
+		OrgID:      ctxData.OrgID,
+		UserID:     ctxData.UserID,
+		Request:    Message{req.Any().(proto.Message)},
+	}
+
+	_, err = execution.CallTargets(ctx, targets, info)
+	if err != nil {
+		return nil, err
+	}
+	return req, nil
+}
+
+func executeTargetsForResponse(ctx context.Context, targets []execution.Target, fullMethod string, req connect.AnyRequest, resp connect.AnyResponse) (_ connect.AnyResponse, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	// if no targets are found, return without any calls
+	if len(targets) == 0 {
+		return resp, nil
+	}
+
+	ctxData := authz.GetCtxData(ctx)
+	info := &ContextInfoResponse{
+		FullMethod: fullMethod,
+		InstanceID: authz.GetInstance(ctx).InstanceID(),
+		ProjectID:  ctxData.ProjectID,
+		OrgID:      ctxData.OrgID,
+		UserID:     ctxData.UserID,
+		Request:    Message{req.Any().(proto.Message)},
+		Response:   Message{resp.Any().(proto.Message)},
+	}
+
+	_, err = execution.CallTargets(ctx, targets, info)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+var _ execution.ContextInfo = &ContextInfoRequest{}
+
+type ContextInfoRequest struct {
+	FullMethod string  `json:"fullMethod,omitempty"`
+	InstanceID string  `json:"instanceID,omitempty"`
+	OrgID      string  `json:"orgID,omitempty"`
+	ProjectID  string  `json:"projectID,omitempty"`
+	UserID     string  `json:"userID,omitempty"`
+	Request    Message `json:"request,omitempty"`
+}
+
+type Message struct {
+	proto.Message
+}
+
+func (r *Message) MarshalJSON() ([]byte, error) {
+	data, err := protojson.Marshal(r.Message)
+	if err != nil {
+		return nil, err
+	}
+	return data, nil
+}
+
+func (r *Message) UnmarshalJSON(data []byte) error {
+	return protojson.Unmarshal(data, r.Message)
+}
+
+func (c *ContextInfoRequest) GetHTTPRequestBody() []byte {
+	data, err := json.Marshal(c)
+	if err != nil {
+		return nil
+	}
+	return data
+}
+
+func (c *ContextInfoRequest) SetHTTPResponseBody(resp []byte) error {
+	return json.Unmarshal(resp, &c.Request)
+}
+
+func (c *ContextInfoRequest) GetContent() interface{} {
+	return c.Request.Message
+}
+
+var _ execution.ContextInfo = &ContextInfoResponse{}
+
+type ContextInfoResponse struct {
+	FullMethod string  `json:"fullMethod,omitempty"`
+	InstanceID string  `json:"instanceID,omitempty"`
+	OrgID      string  `json:"orgID,omitempty"`
+	ProjectID  string  `json:"projectID,omitempty"`
+	UserID     string  `json:"userID,omitempty"`
+	Request    Message `json:"request,omitempty"`
+	Response   Message `json:"response,omitempty"`
+}
+
+func (c *ContextInfoResponse) GetHTTPRequestBody() []byte {
+	data, err := json.Marshal(c)
+	if err != nil {
+		return nil
+	}
+	return data
+}
+
+func (c *ContextInfoResponse) SetHTTPResponseBody(resp []byte) error {
+	return json.Unmarshal(resp, &c.Response)
+}
+
+func (c *ContextInfoResponse) GetContent() interface{} {
+	return c.Response.Message
+}
diff --git a/internal/api/grpc/server/connect_middleware/execution_interceptor_test.go b/internal/api/grpc/server/connect_middleware/execution_interceptor_test.go
new file mode 100644
index 0000000000..d910824f21
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/execution_interceptor_test.go
@@ -0,0 +1,815 @@
+package connect_middleware
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"reflect"
+	"testing"
+	"time"
+
+	"connectrpc.com/connect"
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/structpb"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/execution"
+)
+
+var _ execution.Target = &mockExecutionTarget{}
+
+type mockExecutionTarget struct {
+	InstanceID       string
+	ExecutionID      string
+	TargetID         string
+	TargetType       domain.TargetType
+	Endpoint         string
+	Timeout          time.Duration
+	InterruptOnError bool
+	SigningKey       string
+}
+
+func (e *mockExecutionTarget) SetEndpoint(endpoint string) {
+	e.Endpoint = endpoint
+}
+func (e *mockExecutionTarget) IsInterruptOnError() bool {
+	return e.InterruptOnError
+}
+func (e *mockExecutionTarget) GetEndpoint() string {
+	return e.Endpoint
+}
+func (e *mockExecutionTarget) GetTargetType() domain.TargetType {
+	return e.TargetType
+}
+func (e *mockExecutionTarget) GetTimeout() time.Duration {
+	return e.Timeout
+}
+func (e *mockExecutionTarget) GetTargetID() string {
+	return e.TargetID
+}
+func (e *mockExecutionTarget) GetExecutionID() string {
+	return e.ExecutionID
+}
+func (e *mockExecutionTarget) GetSigningKey() string {
+	return e.SigningKey
+}
+
+func newMockContentRequest(content string) *connect.Request[structpb.Struct] {
+	return connect.NewRequest(&structpb.Struct{
+		Fields: map[string]*structpb.Value{
+			"content": {
+				Kind: &structpb.Value_StringValue{StringValue: content},
+			},
+		},
+	})
+}
+
+func newMockContentResponse(content string) *connect.Response[structpb.Struct] {
+	return connect.NewResponse(&structpb.Struct{
+		Fields: map[string]*structpb.Value{
+			"content": {
+				Kind: &structpb.Value_StringValue{StringValue: content},
+			},
+		},
+	})
+}
+
+func newMockContextInfoRequest(fullMethod, request string) *ContextInfoRequest {
+	return &ContextInfoRequest{
+		FullMethod: fullMethod,
+		Request:    Message{Message: newMockContentRequest(request).Msg},
+	}
+}
+
+func newMockContextInfoResponse(fullMethod, request, response string) *ContextInfoResponse {
+	return &ContextInfoResponse{
+		FullMethod: fullMethod,
+		Request:    Message{Message: newMockContentRequest(request).Msg},
+		Response:   Message{Message: newMockContentResponse(response).Msg},
+	}
+}
+
+func Test_executeTargetsForGRPCFullMethod_request(t *testing.T) {
+	type target struct {
+		reqBody    execution.ContextInfo
+		sleep      time.Duration
+		statusCode int
+		respBody   connect.AnyResponse
+	}
+	type args struct {
+		ctx context.Context
+
+		executionTargets []execution.Target
+		targets          []target
+		fullMethod       string
+		req              connect.AnyRequest
+	}
+	type res struct {
+		want    interface{}
+		wantErr bool
+	}
+	tests := []struct {
+		name string
+		args args
+		res  res
+	}{
+		{
+			"target, executionTargets nil",
+			args{
+				ctx:              context.Background(),
+				fullMethod:       "/service/method",
+				executionTargets: nil,
+				req:              newMockContentRequest("request"),
+			},
+			res{
+				want: newMockContentRequest("request"),
+			},
+		},
+		{
+			"target, executionTargets empty",
+			args{
+				ctx:              context.Background(),
+				fullMethod:       "/service/method",
+				executionTargets: []execution.Target{},
+				req:              newMockContentRequest("request"),
+			},
+			res{
+				want: newMockContentRequest("request"),
+			},
+		},
+		{
+			"target, not reachable",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Minute,
+						InterruptOnError: true,
+					},
+				},
+				targets: []target{},
+				req:     newMockContentRequest("content"),
+			},
+			res{
+				wantErr: true,
+			},
+		},
+		{
+			"target, error without interrupt",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:  "instance",
+						ExecutionID: "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:    "target",
+						TargetType:  domain.TargetTypeCall,
+						Timeout:     time.Minute,
+						SigningKey:  "signingkey",
+					},
+				},
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content"),
+						respBody:   newMockContentResponse("content1"),
+						sleep:      0,
+						statusCode: http.StatusBadRequest,
+					},
+				},
+				req: newMockContentRequest("content"),
+			},
+			res{
+				want: newMockContentRequest("content"),
+			},
+		},
+		{
+			"target, interruptOnError",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Minute,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+				},
+
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content"),
+						respBody:   newMockContentResponse("content1"),
+						sleep:      0,
+						statusCode: http.StatusBadRequest,
+					},
+				},
+				req: newMockContentRequest("content"),
+			},
+			res{
+				wantErr: true,
+			},
+		},
+		{
+			"target, timeout",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Second,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+				},
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content"),
+						respBody:   newMockContentResponse("content1"),
+						sleep:      5 * time.Second,
+						statusCode: http.StatusOK,
+					},
+				},
+				req: newMockContentRequest("content"),
+			},
+			res{
+				wantErr: true,
+			},
+		},
+		{
+			"target, wrong request",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Second,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+				},
+				targets: []target{
+					{reqBody: newMockContextInfoRequest("/service/method", "wrong")},
+				},
+				req: newMockContentRequest("content"),
+			},
+			res{
+				wantErr: true,
+			},
+		},
+		{
+			"target, ok",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Minute,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+				},
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content"),
+						respBody:   newMockContentResponse("content1"),
+						sleep:      0,
+						statusCode: http.StatusOK,
+					},
+				},
+				req: newMockContentRequest("content"),
+			},
+			res{
+				want: newMockContentRequest("content1"),
+			},
+		},
+		{
+			"target async, timeout",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:  "instance",
+						ExecutionID: "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:    "target",
+						TargetType:  domain.TargetTypeAsync,
+						Timeout:     time.Second,
+						SigningKey:  "signingkey",
+					},
+				},
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content"),
+						respBody:   newMockContentResponse("content1"),
+						sleep:      5 * time.Second,
+						statusCode: http.StatusOK,
+					},
+				},
+				req: newMockContentRequest("content"),
+			},
+			res{
+				want: newMockContentRequest("content"),
+			},
+		},
+		{
+			"target async, ok",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:  "instance",
+						ExecutionID: "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:    "target",
+						TargetType:  domain.TargetTypeAsync,
+						Timeout:     time.Minute,
+						SigningKey:  "signingkey",
+					},
+				},
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content"),
+						respBody:   newMockContentResponse("content1"),
+						sleep:      0,
+						statusCode: http.StatusOK,
+					},
+				},
+				req: newMockContentRequest("content"),
+			},
+			res{
+				want: newMockContentRequest("content"),
+			},
+		},
+		{
+			"webhook, error",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target",
+						TargetType:       domain.TargetTypeWebhook,
+						Timeout:          time.Minute,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+				},
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content"),
+						sleep:      0,
+						statusCode: http.StatusInternalServerError,
+					},
+				},
+				req: newMockContentRequest("content"),
+			},
+			res{
+				wantErr: true,
+			},
+		},
+		{
+			"webhook, timeout",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target",
+						TargetType:       domain.TargetTypeWebhook,
+						Timeout:          time.Second,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+				},
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content"),
+						respBody:   newMockContentResponse("content1"),
+						sleep:      5 * time.Second,
+						statusCode: http.StatusOK,
+					},
+				},
+				req: newMockContentRequest("content"),
+			},
+			res{
+				wantErr: true,
+			},
+		},
+		{
+			"webhook, ok",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target",
+						TargetType:       domain.TargetTypeWebhook,
+						Timeout:          time.Minute,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+				},
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content"),
+						respBody:   newMockContentResponse("content1"),
+						sleep:      0,
+						statusCode: http.StatusOK,
+					},
+				},
+				req: newMockContentRequest("content"),
+			},
+			res{
+				want: newMockContentRequest("content"),
+			},
+		},
+		{
+			"with includes, interruptOnError",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target1",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Minute,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target2",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Minute,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target3",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Minute,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+				},
+
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content"),
+						respBody:   newMockContentResponse("content1"),
+						sleep:      0,
+						statusCode: http.StatusOK,
+					},
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content1"),
+						respBody:   newMockContentResponse("content2"),
+						sleep:      0,
+						statusCode: http.StatusBadRequest,
+					},
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content2"),
+						respBody:   newMockContentResponse("content3"),
+						sleep:      0,
+						statusCode: http.StatusOK,
+					},
+				},
+				req: newMockContentRequest("content"),
+			},
+			res{
+				wantErr: true,
+			},
+		},
+		{
+			"with includes, timeout",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target1",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Minute,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target2",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Second,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target3",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Second,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+				},
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content"),
+						respBody:   newMockContentResponse("content1"),
+						sleep:      0,
+						statusCode: http.StatusOK,
+					},
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content1"),
+						respBody:   newMockContentResponse("content2"),
+						sleep:      5 * time.Second,
+						statusCode: http.StatusBadRequest,
+					},
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content2"),
+						respBody:   newMockContentResponse("content3"),
+						sleep:      5 * time.Second,
+						statusCode: http.StatusOK,
+					},
+				},
+				req: newMockContentRequest("content"),
+			},
+			res{
+				wantErr: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			closeFuncs := make([]func(), len(tt.args.targets))
+			for i, target := range tt.args.targets {
+				url, closeF := testServerCall(
+					target.reqBody,
+					target.sleep,
+					target.statusCode,
+					target.respBody,
+				)
+
+				et := tt.args.executionTargets[i].(*mockExecutionTarget)
+				et.SetEndpoint(url)
+				closeFuncs[i] = closeF
+			}
+
+			resp, err := executeTargetsForRequest(
+				tt.args.ctx,
+				tt.args.executionTargets,
+				tt.args.fullMethod,
+				tt.args.req,
+			)
+
+			if tt.res.wantErr {
+				assert.Error(t, err)
+			} else {
+				assert.NoError(t, err)
+			}
+			assert.EqualExportedValues(t, tt.res.want, resp)
+
+			for _, closeF := range closeFuncs {
+				closeF()
+			}
+		})
+	}
+}
+
+func testServerCall(
+	reqBody interface{},
+	sleep time.Duration,
+	statusCode int,
+	respBody connect.AnyResponse,
+) (string, func()) {
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		data, err := json.Marshal(reqBody)
+		if err != nil {
+			http.Error(w, "error", http.StatusInternalServerError)
+			return
+		}
+
+		sentBody, err := io.ReadAll(r.Body)
+		if err != nil {
+			http.Error(w, "error", http.StatusInternalServerError)
+			return
+		}
+
+		if !reflect.DeepEqual(data, sentBody) {
+			http.Error(w, "error", http.StatusInternalServerError)
+			return
+		}
+
+		if statusCode != http.StatusOK {
+			http.Error(w, "error", statusCode)
+			return
+		}
+
+		time.Sleep(sleep)
+
+		w.Header().Set("Content-Type", "application/json")
+		resp, err := protojson.Marshal(respBody.Any().(proto.Message))
+		if err != nil {
+			http.Error(w, "error", http.StatusInternalServerError)
+			return
+		}
+		if _, err := w.Write(resp); err != nil {
+			http.Error(w, "error", http.StatusInternalServerError)
+			return
+		}
+	}
+
+	server := httptest.NewServer(http.HandlerFunc(handler))
+
+	return server.URL, server.Close
+}
+
+func Test_executeTargetsForGRPCFullMethod_response(t *testing.T) {
+	type target struct {
+		reqBody    execution.ContextInfo
+		sleep      time.Duration
+		statusCode int
+		respBody   connect.AnyResponse
+	}
+	type args struct {
+		ctx context.Context
+
+		executionTargets []execution.Target
+		targets          []target
+		fullMethod       string
+		req              connect.AnyRequest
+		resp             connect.AnyResponse
+	}
+	type res struct {
+		want    interface{}
+		wantErr bool
+	}
+	tests := []struct {
+		name string
+		args args
+		res  res
+	}{
+		{
+			"target, executionTargets nil",
+			args{
+				ctx:              context.Background(),
+				fullMethod:       "/service/method",
+				executionTargets: nil,
+				req:              newMockContentRequest("request"),
+				resp:             newMockContentResponse("response"),
+			},
+			res{
+				want: newMockContentResponse("response"),
+			},
+		},
+		{
+			"target, executionTargets empty",
+			args{
+				ctx:              context.Background(),
+				fullMethod:       "/service/method",
+				executionTargets: []execution.Target{},
+				req:              newMockContentRequest("request"),
+				resp:             newMockContentResponse("response"),
+			},
+			res{
+				want: newMockContentResponse("response"),
+			},
+		},
+		{
+			"target, empty response",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "request./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Minute,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+				},
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoRequest("/service/method", "content"),
+						respBody:   newMockContentResponse(""),
+						sleep:      0,
+						statusCode: http.StatusOK,
+					},
+				},
+				req:  newMockContentRequest(""),
+				resp: newMockContentResponse(""),
+			},
+			res{
+				wantErr: true,
+			},
+		},
+		{
+			"target, ok",
+			args{
+				ctx:        context.Background(),
+				fullMethod: "/service/method",
+				executionTargets: []execution.Target{
+					&mockExecutionTarget{
+						InstanceID:       "instance",
+						ExecutionID:      "response./zitadel.session.v2.SessionService/SetSession",
+						TargetID:         "target",
+						TargetType:       domain.TargetTypeCall,
+						Timeout:          time.Minute,
+						InterruptOnError: true,
+						SigningKey:       "signingkey",
+					},
+				},
+				targets: []target{
+					{
+						reqBody:    newMockContextInfoResponse("/service/method", "request", "response"),
+						respBody:   newMockContentResponse("response1"),
+						sleep:      0,
+						statusCode: http.StatusOK,
+					},
+				},
+				req:  newMockContentRequest("request"),
+				resp: newMockContentResponse("response"),
+			},
+			res{
+				want: newMockContentResponse("response1"),
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			closeFuncs := make([]func(), len(tt.args.targets))
+			for i, target := range tt.args.targets {
+				url, closeF := testServerCall(
+					target.reqBody,
+					target.sleep,
+					target.statusCode,
+					target.respBody,
+				)
+
+				et := tt.args.executionTargets[i].(*mockExecutionTarget)
+				et.SetEndpoint(url)
+				closeFuncs[i] = closeF
+			}
+
+			resp, err := executeTargetsForResponse(
+				tt.args.ctx,
+				tt.args.executionTargets,
+				tt.args.fullMethod,
+				tt.args.req,
+				tt.args.resp,
+			)
+
+			if tt.res.wantErr {
+				assert.Error(t, err)
+			} else {
+				assert.NoError(t, err)
+			}
+			assert.EqualExportedValues(t, tt.res.want, resp)
+
+			for _, closeF := range closeFuncs {
+				closeF()
+			}
+		})
+	}
+}
diff --git a/internal/api/grpc/server/connect_middleware/instance_interceptor.go b/internal/api/grpc/server/connect_middleware/instance_interceptor.go
new file mode 100644
index 0000000000..27f59313f8
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/instance_interceptor.go
@@ -0,0 +1,107 @@
+package connect_middleware
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+
+	"connectrpc.com/connect"
+	"github.com/zitadel/logging"
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	zitadel_http "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/i18n"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	object_v3 "github.com/zitadel/zitadel/pkg/grpc/object/v3alpha"
+)
+
+func InstanceInterceptor(verifier authz.InstanceVerifier, externalDomain string, explicitInstanceIdServices ...string) connect.UnaryInterceptorFunc {
+	translator, err := i18n.NewZitadelTranslator(language.English)
+	logging.OnError(err).Panic("unable to get translator")
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			return setInstance(ctx, req, handler, verifier, externalDomain, translator, explicitInstanceIdServices...)
+		}
+	}
+}
+
+func setInstance(ctx context.Context, req connect.AnyRequest, handler connect.UnaryFunc, verifier authz.InstanceVerifier, externalDomain string, translator *i18n.Translator, idFromRequestsServices ...string) (_ connect.AnyResponse, err error) {
+	interceptorCtx, span := tracing.NewServerInterceptorSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	for _, service := range idFromRequestsServices {
+		if !strings.HasPrefix(service, "/") {
+			service = "/" + service
+		}
+		if strings.HasPrefix(req.Spec().Procedure, service) {
+			withInstanceIDProperty, ok := req.Any().(interface {
+				GetInstanceId() string
+			})
+			if !ok {
+				return handler(ctx, req)
+			}
+			return addInstanceByID(interceptorCtx, req, handler, verifier, translator, withInstanceIDProperty.GetInstanceId())
+		}
+	}
+	explicitInstanceRequest, ok := req.Any().(interface {
+		GetInstance() *object_v3.Instance
+	})
+	if ok {
+		instance := explicitInstanceRequest.GetInstance()
+		if id := instance.GetId(); id != "" {
+			return addInstanceByID(interceptorCtx, req, handler, verifier, translator, id)
+		}
+		if domain := instance.GetDomain(); domain != "" {
+			return addInstanceByDomain(interceptorCtx, req, handler, verifier, translator, domain)
+		}
+	}
+	return addInstanceByRequestedHost(interceptorCtx, req, handler, verifier, translator, externalDomain)
+}
+
+func addInstanceByID(ctx context.Context, req connect.AnyRequest, handler connect.UnaryFunc, verifier authz.InstanceVerifier, translator *i18n.Translator, id string) (connect.AnyResponse, error) {
+	instance, err := verifier.InstanceByID(ctx, id)
+	if err != nil {
+		notFoundErr := new(zerrors.ZitadelError)
+		if errors.As(err, &notFoundErr) {
+			notFoundErr.Message = translator.LocalizeFromCtx(ctx, notFoundErr.GetMessage(), nil)
+		}
+		return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("unable to set instance using id %s: %w", id, notFoundErr))
+	}
+	return handler(authz.WithInstance(ctx, instance), req)
+}
+
+func addInstanceByDomain(ctx context.Context, req connect.AnyRequest, handler connect.UnaryFunc, verifier authz.InstanceVerifier, translator *i18n.Translator, domain string) (connect.AnyResponse, error) {
+	instance, err := verifier.InstanceByHost(ctx, domain, "")
+	if err != nil {
+		notFoundErr := new(zerrors.NotFoundError)
+		if errors.As(err, &notFoundErr) {
+			notFoundErr.Message = translator.LocalizeFromCtx(ctx, notFoundErr.GetMessage(), nil)
+		}
+		return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("unable to set instance using domain %s: %w", domain, notFoundErr))
+	}
+	return handler(authz.WithInstance(ctx, instance), req)
+}
+
+func addInstanceByRequestedHost(ctx context.Context, req connect.AnyRequest, handler connect.UnaryFunc, verifier authz.InstanceVerifier, translator *i18n.Translator, externalDomain string) (connect.AnyResponse, error) {
+	requestContext := zitadel_http.DomainContext(ctx)
+	if requestContext.InstanceHost == "" {
+		logging.WithFields("origin", requestContext.Origin(), "externalDomain", externalDomain).Error("unable to set instance")
+		return nil, connect.NewError(connect.CodeNotFound, errors.New("no instanceHost specified"))
+	}
+	instance, err := verifier.InstanceByHost(ctx, requestContext.InstanceHost, requestContext.PublicHost)
+	if err != nil {
+		origin := zitadel_http.DomainContext(ctx)
+		logging.WithFields("origin", requestContext.Origin(), "externalDomain", externalDomain).WithError(err).Error("unable to set instance")
+		zErr := new(zerrors.ZitadelError)
+		if errors.As(err, &zErr) {
+			zErr.SetMessage(translator.LocalizeFromCtx(ctx, zErr.GetMessage(), nil))
+			zErr.Parent = err
+			return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("unable to set instance using origin %s (ExternalDomain is %s): %s", origin, externalDomain, zErr.Error()))
+		}
+		return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("unable to set instance using origin %s (ExternalDomain is %s)", origin, externalDomain))
+	}
+	return handler(authz.WithInstance(ctx, instance), req)
+}
diff --git a/internal/api/grpc/server/connect_middleware/limits_interceptor.go b/internal/api/grpc/server/connect_middleware/limits_interceptor.go
new file mode 100644
index 0000000000..abf7e5f0aa
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/limits_interceptor.go
@@ -0,0 +1,34 @@
+package connect_middleware
+
+import (
+	"context"
+	"strings"
+
+	"connectrpc.com/connect"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+func LimitsInterceptor(ignoreService ...string) connect.UnaryInterceptorFunc {
+	for idx, service := range ignoreService {
+		if !strings.HasPrefix(service, "/") {
+			ignoreService[idx] = "/" + service
+		}
+	}
+
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (_ connect.AnyResponse, err error) {
+			for _, service := range ignoreService {
+				if strings.HasPrefix(req.Spec().Procedure, service) {
+					return handler(ctx, req)
+				}
+			}
+			instance := authz.GetInstance(ctx)
+			if block := instance.Block(); block != nil && *block {
+				return nil, zerrors.ThrowResourceExhausted(nil, "LIMITS-molsj", "Errors.Limits.Instance.Blocked")
+			}
+			return handler(ctx, req)
+		}
+	}
+}
diff --git a/internal/api/grpc/server/connect_middleware/metrics_interceptor.go b/internal/api/grpc/server/connect_middleware/metrics_interceptor.go
new file mode 100644
index 0000000000..552fa5658d
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/metrics_interceptor.go
@@ -0,0 +1,96 @@
+package connect_middleware
+
+import (
+	"context"
+	"strings"
+
+	"connectrpc.com/connect"
+	"github.com/grpc-ecosystem/grpc-gateway/runtime"
+	"github.com/zitadel/logging"
+	"go.opentelemetry.io/otel/attribute"
+	"google.golang.org/grpc/codes"
+
+	_ "github.com/zitadel/zitadel/internal/statik"
+	"github.com/zitadel/zitadel/internal/telemetry/metrics"
+)
+
+const (
+	GrpcMethod                         = "grpc_method"
+	ReturnCode                         = "return_code"
+	GrpcRequestCounter                 = "grpc.server.request_counter"
+	GrpcRequestCounterDescription      = "Grpc request counter"
+	TotalGrpcRequestCounter            = "grpc.server.total_request_counter"
+	TotalGrpcRequestCounterDescription = "Total grpc request counter"
+	GrpcStatusCodeCounter              = "grpc.server.grpc_status_code"
+	GrpcStatusCodeCounterDescription   = "Grpc status code counter"
+)
+
+func MetricsHandler(metricTypes []metrics.MetricType, ignoredMethodSuffixes ...string) connect.UnaryInterceptorFunc {
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			return RegisterMetrics(ctx, req, handler, metricTypes, ignoredMethodSuffixes...)
+		}
+	}
+}
+
+func RegisterMetrics(ctx context.Context, req connect.AnyRequest, handler connect.UnaryFunc, metricTypes []metrics.MetricType, ignoredMethodSuffixes ...string) (_ connect.AnyResponse, err error) {
+	if len(metricTypes) == 0 {
+		return handler(ctx, req)
+	}
+
+	for _, ignore := range ignoredMethodSuffixes {
+		if strings.HasSuffix(req.Spec().Procedure, ignore) {
+			return handler(ctx, req)
+		}
+	}
+
+	resp, err := handler(ctx, req)
+	if containsMetricsMethod(metrics.MetricTypeRequestCount, metricTypes) {
+		RegisterGrpcRequestCounter(ctx, req.Spec().Procedure)
+	}
+	if containsMetricsMethod(metrics.MetricTypeTotalCount, metricTypes) {
+		RegisterGrpcTotalRequestCounter(ctx)
+	}
+	if containsMetricsMethod(metrics.MetricTypeStatusCode, metricTypes) {
+		RegisterGrpcRequestCodeCounter(ctx, req.Spec().Procedure, err)
+	}
+	return resp, err
+}
+
+func RegisterGrpcRequestCounter(ctx context.Context, path string) {
+	var labels = map[string]attribute.Value{
+		GrpcMethod: attribute.StringValue(path),
+	}
+	err := metrics.RegisterCounter(GrpcRequestCounter, GrpcRequestCounterDescription)
+	logging.OnError(err).Warn("failed to register grpc request counter")
+	err = metrics.AddCount(ctx, GrpcRequestCounter, 1, labels)
+	logging.OnError(err).Warn("failed to add grpc request count")
+}
+
+func RegisterGrpcTotalRequestCounter(ctx context.Context) {
+	err := metrics.RegisterCounter(TotalGrpcRequestCounter, TotalGrpcRequestCounterDescription)
+	logging.OnError(err).Warn("failed to register total grpc request counter")
+	err = metrics.AddCount(ctx, TotalGrpcRequestCounter, 1, nil)
+	logging.OnError(err).Warn("failed to add total grpc request count")
+}
+
+func RegisterGrpcRequestCodeCounter(ctx context.Context, path string, err error) {
+	statusCode := connect.CodeOf(err)
+	var labels = map[string]attribute.Value{
+		GrpcMethod: attribute.StringValue(path),
+		ReturnCode: attribute.IntValue(runtime.HTTPStatusFromCode(codes.Code(statusCode))),
+	}
+	err = metrics.RegisterCounter(GrpcStatusCodeCounter, GrpcStatusCodeCounterDescription)
+	logging.OnError(err).Warn("failed to register grpc status code counter")
+	err = metrics.AddCount(ctx, GrpcStatusCodeCounter, 1, labels)
+	logging.OnError(err).Warn("failed to add grpc status code count")
+}
+
+func containsMetricsMethod(metricType metrics.MetricType, metricTypes []metrics.MetricType) bool {
+	for _, m := range metricTypes {
+		if m == metricType {
+			return true
+		}
+	}
+	return false
+}
diff --git a/internal/api/grpc/server/connect_middleware/mock_test.go b/internal/api/grpc/server/connect_middleware/mock_test.go
new file mode 100644
index 0000000000..abd996b01f
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/mock_test.go
@@ -0,0 +1,50 @@
+package connect_middleware
+
+import (
+	"context"
+	"net/http"
+	"testing"
+
+	"connectrpc.com/connect"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+func emptyMockHandler(resp connect.AnyResponse, expectedCtxData authz.CtxData) func(*testing.T) connect.UnaryFunc {
+	return func(t *testing.T) connect.UnaryFunc {
+		return func(ctx context.Context, _ connect.AnyRequest) (connect.AnyResponse, error) {
+			assert.Equal(t, expectedCtxData, authz.GetCtxData(ctx))
+			return resp, nil
+		}
+	}
+}
+
+func errorMockHandler() func(*testing.T) connect.UnaryFunc {
+	return func(t *testing.T) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			return nil, zerrors.ThrowInternal(nil, "test", "error")
+		}
+	}
+}
+
+type mockReq[t any] struct {
+	connect.Request[t]
+
+	procedure string
+	header    http.Header
+}
+
+func (m *mockReq[T]) Spec() connect.Spec {
+	return connect.Spec{
+		Procedure: m.procedure,
+	}
+}
+
+func (m *mockReq[T]) Header() http.Header {
+	if m.header == nil {
+		m.header = make(http.Header)
+	}
+	return m.header
+}
diff --git a/internal/api/grpc/server/connect_middleware/quota_interceptor.go b/internal/api/grpc/server/connect_middleware/quota_interceptor.go
new file mode 100644
index 0000000000..caa32511e4
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/quota_interceptor.go
@@ -0,0 +1,53 @@
+package connect_middleware
+
+import (
+	"context"
+	"strings"
+
+	"connectrpc.com/connect"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/logstore"
+	"github.com/zitadel/zitadel/internal/logstore/record"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+func QuotaExhaustedInterceptor(svc *logstore.Service[*record.AccessLog], ignoreService ...string) connect.UnaryInterceptorFunc {
+	for idx, service := range ignoreService {
+		if !strings.HasPrefix(service, "/") {
+			ignoreService[idx] = "/" + service
+		}
+	}
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (_ connect.AnyResponse, err error) {
+			if !svc.Enabled() {
+				return handler(ctx, req)
+			}
+			interceptorCtx, span := tracing.NewServerInterceptorSpan(ctx)
+			defer func() { span.EndWithError(err) }()
+
+			// The auth interceptor will ensure that only authorized or public requests are allowed.
+			// So if there's no authorization context, we don't need to check for limitation
+			// Also, we don't limit calls with system user tokens
+			ctxData := authz.GetCtxData(ctx)
+			if ctxData.IsZero() || ctxData.SystemMemberships != nil {
+				return handler(ctx, req)
+			}
+
+			for _, service := range ignoreService {
+				if strings.HasPrefix(req.Spec().Procedure, service) {
+					return handler(ctx, req)
+				}
+			}
+
+			instance := authz.GetInstance(ctx)
+			remaining := svc.Limit(interceptorCtx, instance.InstanceID())
+			if remaining != nil && *remaining == 0 {
+				return nil, zerrors.ThrowResourceExhausted(nil, "QUOTA-vjAy8", "Quota.Access.Exhausted")
+			}
+			span.End()
+			return handler(ctx, req)
+		}
+	}
+}
diff --git a/internal/api/grpc/server/connect_middleware/service_interceptor.go b/internal/api/grpc/server/connect_middleware/service_interceptor.go
new file mode 100644
index 0000000000..c5cf798ce5
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/service_interceptor.go
@@ -0,0 +1,45 @@
+package connect_middleware
+
+import (
+	"context"
+	"strings"
+
+	"connectrpc.com/connect"
+
+	"github.com/zitadel/zitadel/internal/api/service"
+	_ "github.com/zitadel/zitadel/internal/statik"
+)
+
+const (
+	unknown = "UNKNOWN"
+)
+
+func ServiceHandler() connect.UnaryInterceptorFunc {
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			serviceName, _ := serviceAndMethod(req.Spec().Procedure)
+			if serviceName != unknown {
+				return handler(ctx, req)
+			}
+			ctx = service.WithService(ctx, serviceName)
+			return handler(ctx, req)
+		}
+	}
+}
+
+// serviceAndMethod returns the service and method from a procedure.
+func serviceAndMethod(procedure string) (string, string) {
+	procedure = strings.TrimPrefix(procedure, "/")
+	serviceName, method := unknown, unknown
+	if strings.Contains(procedure, "/") {
+		long := strings.Split(procedure, "/")[0]
+		if strings.Contains(long, ".") {
+			split := strings.Split(long, ".")
+			serviceName = split[len(split)-1]
+		}
+	}
+	if strings.Contains(procedure, "/") {
+		method = strings.Split(procedure, "/")[1]
+	}
+	return serviceName, method
+}
diff --git a/internal/api/grpc/server/connect_middleware/translation_interceptor.go b/internal/api/grpc/server/connect_middleware/translation_interceptor.go
new file mode 100644
index 0000000000..f01b1c85ab
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/translation_interceptor.go
@@ -0,0 +1,48 @@
+package connect_middleware
+
+import (
+	"context"
+
+	"connectrpc.com/connect"
+	"github.com/zitadel/logging"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/i18n"
+	_ "github.com/zitadel/zitadel/internal/statik"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+)
+
+func TranslationHandler() connect.UnaryInterceptorFunc {
+
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			resp, err := handler(ctx, req)
+			ctx, span := tracing.NewSpan(ctx)
+			defer func() { span.EndWithError(err) }()
+
+			if err != nil {
+				translator, translatorError := getTranslator(ctx)
+				if translatorError != nil {
+					return resp, err
+				}
+				return resp, translateError(ctx, err, translator)
+			}
+			if loc, ok := resp.Any().(localizers); ok {
+				translator, translatorError := getTranslator(ctx)
+				if translatorError != nil {
+					return resp, err
+				}
+				translateFields(ctx, loc, translator)
+			}
+			return resp, nil
+		}
+	}
+}
+
+func getTranslator(ctx context.Context) (*i18n.Translator, error) {
+	translator, err := i18n.NewZitadelTranslator(authz.GetInstance(ctx).DefaultLanguage())
+	if err != nil {
+		logging.New().WithError(err).Error("could not load translator")
+	}
+	return translator, err
+}
diff --git a/internal/api/grpc/server/connect_middleware/translator.go b/internal/api/grpc/server/connect_middleware/translator.go
new file mode 100644
index 0000000000..6d61b1d772
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/translator.go
@@ -0,0 +1,37 @@
+package connect_middleware
+
+import (
+	"context"
+	"errors"
+
+	"github.com/zitadel/zitadel/internal/i18n"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type localizers interface {
+	Localizers() []Localizer
+}
+type Localizer interface {
+	LocalizationKey() string
+	SetLocalizedMessage(string)
+}
+
+func translateFields(ctx context.Context, object localizers, translator *i18n.Translator) {
+	if translator == nil || object == nil {
+		return
+	}
+	for _, field := range object.Localizers() {
+		field.SetLocalizedMessage(translator.LocalizeFromCtx(ctx, field.LocalizationKey(), nil))
+	}
+}
+
+func translateError(ctx context.Context, err error, translator *i18n.Translator) error {
+	if translator == nil || err == nil {
+		return err
+	}
+	caosErr := new(zerrors.ZitadelError)
+	if errors.As(err, &caosErr) {
+		caosErr.SetMessage(translator.LocalizeFromCtx(ctx, caosErr.GetMessage(), nil))
+	}
+	return err
+}
diff --git a/internal/api/grpc/server/connect_middleware/validation_interceptor.go b/internal/api/grpc/server/connect_middleware/validation_interceptor.go
new file mode 100644
index 0000000000..8441886114
--- /dev/null
+++ b/internal/api/grpc/server/connect_middleware/validation_interceptor.go
@@ -0,0 +1,36 @@
+package connect_middleware
+
+import (
+	"context"
+
+	"connectrpc.com/connect"
+	// import to make sure go.mod does not lose it
+	// because dependency is only needed for generated code
+	_ "github.com/envoyproxy/protoc-gen-validate/validate"
+)
+
+func ValidationHandler() connect.UnaryInterceptorFunc {
+	return func(handler connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			return validate(ctx, req, handler)
+		}
+	}
+}
+
+// validator interface needed for github.com/envoyproxy/protoc-gen-validate
+// (it does not expose an interface itself)
+type validator interface {
+	Validate() error
+}
+
+func validate(ctx context.Context, req connect.AnyRequest, handler connect.UnaryFunc) (connect.AnyResponse, error) {
+	validate, ok := req.Any().(validator)
+	if !ok {
+		return handler(ctx, req)
+	}
+	err := validate.Validate()
+	if err != nil {
+		return nil, connect.NewError(connect.CodeInvalidArgument, err)
+	}
+	return handler(ctx, req)
+}
diff --git a/internal/api/grpc/server/gateway.go b/internal/api/grpc/server/gateway.go
index ca7579ee89..b20819b850 100644
--- a/internal/api/grpc/server/gateway.go
+++ b/internal/api/grpc/server/gateway.go
@@ -171,7 +171,7 @@ func CreateGateway(
 	}, nil
 }
 
-func RegisterGateway(ctx context.Context, gateway *Gateway, server Server) error {
+func RegisterGateway(ctx context.Context, gateway *Gateway, server WithGateway) error {
 	err := server.RegisterGateway()(ctx, gateway.mux, gateway.connection)
 	if err != nil {
 		return fmt.Errorf("failed to register grpc gateway: %w", err)
diff --git a/internal/api/grpc/server/server.go b/internal/api/grpc/server/server.go
index b686d3add9..0c02087c89 100644
--- a/internal/api/grpc/server/server.go
+++ b/internal/api/grpc/server/server.go
@@ -2,11 +2,14 @@ package server
 
 import (
 	"crypto/tls"
+	"net/http"
 
+	"connectrpc.com/connect"
 	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 	healthpb "google.golang.org/grpc/health/grpc_health_v1"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	grpc_api "github.com/zitadel/zitadel/internal/api/grpc"
@@ -19,21 +22,36 @@ import (
 )
 
 type Server interface {
-	RegisterServer(*grpc.Server)
-	RegisterGateway() RegisterGatewayFunc
 	AppName() string
 	MethodPrefix() string
 	AuthMethods() authz.MethodMapping
 }
 
+type GrpcServer interface {
+	Server
+	RegisterServer(*grpc.Server)
+}
+
+type WithGateway interface {
+	Server
+	RegisterGateway() RegisterGatewayFunc
+}
+
 // WithGatewayPrefix extends the server interface with a prefix for the grpc gateway
 //
 // it's used for the System, Admin, Mgmt and Auth API
 type WithGatewayPrefix interface {
-	Server
+	GrpcServer
+	WithGateway
 	GatewayPathPrefix() string
 }
 
+type ConnectServer interface {
+	Server
+	RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler)
+	FileDescriptor() protoreflect.FileDescriptor
+}
+
 func CreateServer(
 	verifier authz.APITokenVerifier,
 	systemAuthz authz.Config,
diff --git a/internal/api/grpc/session/v2/query.go b/internal/api/grpc/session/v2/query.go
index 73303dd9e8..78d8623ee7 100644
--- a/internal/api/grpc/session/v2/query.go
+++ b/internal/api/grpc/session/v2/query.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"time"
 
+	"connectrpc.com/connect"
 	"github.com/muhlemmer/gu"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
@@ -26,18 +27,18 @@ var (
 	}
 )
 
-func (s *Server) GetSession(ctx context.Context, req *session.GetSessionRequest) (*session.GetSessionResponse, error) {
-	res, err := s.query.SessionByID(ctx, true, req.GetSessionId(), req.GetSessionToken(), s.checkPermission)
+func (s *Server) GetSession(ctx context.Context, req *connect.Request[session.GetSessionRequest]) (*connect.Response[session.GetSessionResponse], error) {
+	res, err := s.query.SessionByID(ctx, true, req.Msg.GetSessionId(), req.Msg.GetSessionToken(), s.checkPermission)
 	if err != nil {
 		return nil, err
 	}
-	return &session.GetSessionResponse{
+	return connect.NewResponse(&session.GetSessionResponse{
 		Session: sessionToPb(res),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListSessions(ctx context.Context, req *session.ListSessionsRequest) (*session.ListSessionsResponse, error) {
-	queries, err := listSessionsRequestToQuery(ctx, req)
+func (s *Server) ListSessions(ctx context.Context, req *connect.Request[session.ListSessionsRequest]) (*connect.Response[session.ListSessionsResponse], error) {
+	queries, err := listSessionsRequestToQuery(ctx, req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -45,10 +46,10 @@ func (s *Server) ListSessions(ctx context.Context, req *session.ListSessionsRequ
 	if err != nil {
 		return nil, err
 	}
-	return &session.ListSessionsResponse{
+	return connect.NewResponse(&session.ListSessionsResponse{
 		Details:  object.ToListDetails(sessions.SearchResponse),
 		Sessions: sessionsToPb(sessions.Sessions),
-	}, nil
+	}), nil
 }
 
 func listSessionsRequestToQuery(ctx context.Context, req *session.ListSessionsRequest) (*query.SessionsSearchQueries, error) {
diff --git a/internal/api/grpc/session/v2/server.go b/internal/api/grpc/session/v2/server.go
index ee534cb26c..8f06cb3fb0 100644
--- a/internal/api/grpc/session/v2/server.go
+++ b/internal/api/grpc/session/v2/server.go
@@ -1,7 +1,10 @@
 package session
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
@@ -9,12 +12,12 @@ import (
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/pkg/grpc/session/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/session/v2/sessionconnect"
 )
 
-var _ session.SessionServiceServer = (*Server)(nil)
+var _ sessionconnect.SessionServiceHandler = (*Server)(nil)
 
 type Server struct {
-	session.UnimplementedSessionServiceServer
 	command *command.Commands
 	query   *query.Queries
 
@@ -35,8 +38,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	session.RegisterSessionServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return sessionconnect.NewSessionServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return session.File_zitadel_session_v2_session_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/session/v2/session.go b/internal/api/grpc/session/v2/session.go
index 08f19368ef..94f686a72c 100644
--- a/internal/api/grpc/session/v2/session.go
+++ b/internal/api/grpc/session/v2/session.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"time"
 
+	"connectrpc.com/connect"
 	"golang.org/x/text/language"
 	"google.golang.org/protobuf/types/known/structpb"
 
@@ -17,12 +18,12 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/session/v2"
 )
 
-func (s *Server) CreateSession(ctx context.Context, req *session.CreateSessionRequest) (*session.CreateSessionResponse, error) {
-	checks, metadata, userAgent, lifetime, err := s.createSessionRequestToCommand(ctx, req)
+func (s *Server) CreateSession(ctx context.Context, req *connect.Request[session.CreateSessionRequest]) (*connect.Response[session.CreateSessionResponse], error) {
+	checks, metadata, userAgent, lifetime, err := s.createSessionRequestToCommand(ctx, req.Msg)
 	if err != nil {
 		return nil, err
 	}
-	challengeResponse, cmds, err := s.challengesToCommand(req.GetChallenges(), checks)
+	challengeResponse, cmds, err := s.challengesToCommand(req.Msg.GetChallenges(), checks)
 	if err != nil {
 		return nil, err
 	}
@@ -32,43 +33,43 @@ func (s *Server) CreateSession(ctx context.Context, req *session.CreateSessionRe
 		return nil, err
 	}
 
-	return &session.CreateSessionResponse{
+	return connect.NewResponse(&session.CreateSessionResponse{
 		Details:      object.DomainToDetailsPb(set.ObjectDetails),
 		SessionId:    set.ID,
 		SessionToken: set.NewToken,
 		Challenges:   challengeResponse,
-	}, nil
+	}), nil
 }
 
-func (s *Server) SetSession(ctx context.Context, req *session.SetSessionRequest) (*session.SetSessionResponse, error) {
-	checks, err := s.setSessionRequestToCommand(ctx, req)
+func (s *Server) SetSession(ctx context.Context, req *connect.Request[session.SetSessionRequest]) (*connect.Response[session.SetSessionResponse], error) {
+	checks, err := s.setSessionRequestToCommand(ctx, req.Msg)
 	if err != nil {
 		return nil, err
 	}
-	challengeResponse, cmds, err := s.challengesToCommand(req.GetChallenges(), checks)
+	challengeResponse, cmds, err := s.challengesToCommand(req.Msg.GetChallenges(), checks)
 	if err != nil {
 		return nil, err
 	}
 
-	set, err := s.command.UpdateSession(ctx, req.GetSessionId(), cmds, req.GetMetadata(), req.GetLifetime().AsDuration())
+	set, err := s.command.UpdateSession(ctx, req.Msg.GetSessionId(), cmds, req.Msg.GetMetadata(), req.Msg.GetLifetime().AsDuration())
 	if err != nil {
 		return nil, err
 	}
-	return &session.SetSessionResponse{
+	return connect.NewResponse(&session.SetSessionResponse{
 		Details:      object.DomainToDetailsPb(set.ObjectDetails),
 		SessionToken: set.NewToken,
 		Challenges:   challengeResponse,
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeleteSession(ctx context.Context, req *session.DeleteSessionRequest) (*session.DeleteSessionResponse, error) {
-	details, err := s.command.TerminateSession(ctx, req.GetSessionId(), req.GetSessionToken())
+func (s *Server) DeleteSession(ctx context.Context, req *connect.Request[session.DeleteSessionRequest]) (*connect.Response[session.DeleteSessionResponse], error) {
+	details, err := s.command.TerminateSession(ctx, req.Msg.GetSessionId(), req.Msg.GetSessionToken())
 	if err != nil {
 		return nil, err
 	}
-	return &session.DeleteSessionResponse{
+	return connect.NewResponse(&session.DeleteSessionResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
 func (s *Server) createSessionRequestToCommand(ctx context.Context, req *session.CreateSessionRequest) ([]command.SessionCommand, map[string][]byte, *domain.UserAgent, time.Duration, error) {
diff --git a/internal/api/grpc/session/v2beta/server.go b/internal/api/grpc/session/v2beta/server.go
index cf0d0c27f0..e659b406eb 100644
--- a/internal/api/grpc/session/v2beta/server.go
+++ b/internal/api/grpc/session/v2beta/server.go
@@ -1,7 +1,10 @@
 package session
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
@@ -9,12 +12,12 @@ import (
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	session "github.com/zitadel/zitadel/pkg/grpc/session/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/session/v2beta/sessionconnect"
 )
 
-var _ session.SessionServiceServer = (*Server)(nil)
+var _ sessionconnect.SessionServiceHandler = (*Server)(nil)
 
 type Server struct {
-	session.UnimplementedSessionServiceServer
 	command *command.Commands
 	query   *query.Queries
 
@@ -35,8 +38,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	session.RegisterSessionServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return sessionconnect.NewSessionServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return session.File_zitadel_session_v2beta_session_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/session/v2beta/session.go b/internal/api/grpc/session/v2beta/session.go
index 3b36b8ba83..459cf77f05 100644
--- a/internal/api/grpc/session/v2beta/session.go
+++ b/internal/api/grpc/session/v2beta/session.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"time"
 
+	"connectrpc.com/connect"
 	"github.com/muhlemmer/gu"
 	"golang.org/x/text/language"
 	"google.golang.org/protobuf/types/known/structpb"
@@ -31,18 +32,18 @@ var (
 	}
 )
 
-func (s *Server) GetSession(ctx context.Context, req *session.GetSessionRequest) (*session.GetSessionResponse, error) {
-	res, err := s.query.SessionByID(ctx, true, req.GetSessionId(), req.GetSessionToken(), s.checkPermission)
+func (s *Server) GetSession(ctx context.Context, req *connect.Request[session.GetSessionRequest]) (*connect.Response[session.GetSessionResponse], error) {
+	res, err := s.query.SessionByID(ctx, true, req.Msg.GetSessionId(), req.Msg.GetSessionToken(), s.checkPermission)
 	if err != nil {
 		return nil, err
 	}
-	return &session.GetSessionResponse{
+	return connect.NewResponse(&session.GetSessionResponse{
 		Session: sessionToPb(res),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListSessions(ctx context.Context, req *session.ListSessionsRequest) (*session.ListSessionsResponse, error) {
-	queries, err := listSessionsRequestToQuery(ctx, req)
+func (s *Server) ListSessions(ctx context.Context, req *connect.Request[session.ListSessionsRequest]) (*connect.Response[session.ListSessionsResponse], error) {
+	queries, err := listSessionsRequestToQuery(ctx, req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -50,18 +51,18 @@ func (s *Server) ListSessions(ctx context.Context, req *session.ListSessionsRequ
 	if err != nil {
 		return nil, err
 	}
-	return &session.ListSessionsResponse{
+	return connect.NewResponse(&session.ListSessionsResponse{
 		Details:  object.ToListDetails(sessions.SearchResponse),
 		Sessions: sessionsToPb(sessions.Sessions),
-	}, nil
+	}), nil
 }
 
-func (s *Server) CreateSession(ctx context.Context, req *session.CreateSessionRequest) (*session.CreateSessionResponse, error) {
-	checks, metadata, userAgent, lifetime, err := s.createSessionRequestToCommand(ctx, req)
+func (s *Server) CreateSession(ctx context.Context, req *connect.Request[session.CreateSessionRequest]) (*connect.Response[session.CreateSessionResponse], error) {
+	checks, metadata, userAgent, lifetime, err := s.createSessionRequestToCommand(ctx, req.Msg)
 	if err != nil {
 		return nil, err
 	}
-	challengeResponse, cmds, err := s.challengesToCommand(req.GetChallenges(), checks)
+	challengeResponse, cmds, err := s.challengesToCommand(req.Msg.GetChallenges(), checks)
 	if err != nil {
 		return nil, err
 	}
@@ -71,43 +72,43 @@ func (s *Server) CreateSession(ctx context.Context, req *session.CreateSessionRe
 		return nil, err
 	}
 
-	return &session.CreateSessionResponse{
+	return connect.NewResponse(&session.CreateSessionResponse{
 		Details:      object.DomainToDetailsPb(set.ObjectDetails),
 		SessionId:    set.ID,
 		SessionToken: set.NewToken,
 		Challenges:   challengeResponse,
-	}, nil
+	}), nil
 }
 
-func (s *Server) SetSession(ctx context.Context, req *session.SetSessionRequest) (*session.SetSessionResponse, error) {
-	checks, err := s.setSessionRequestToCommand(ctx, req)
+func (s *Server) SetSession(ctx context.Context, req *connect.Request[session.SetSessionRequest]) (*connect.Response[session.SetSessionResponse], error) {
+	checks, err := s.setSessionRequestToCommand(ctx, req.Msg)
 	if err != nil {
 		return nil, err
 	}
-	challengeResponse, cmds, err := s.challengesToCommand(req.GetChallenges(), checks)
+	challengeResponse, cmds, err := s.challengesToCommand(req.Msg.GetChallenges(), checks)
 	if err != nil {
 		return nil, err
 	}
 
-	set, err := s.command.UpdateSession(ctx, req.GetSessionId(), cmds, req.GetMetadata(), req.GetLifetime().AsDuration())
+	set, err := s.command.UpdateSession(ctx, req.Msg.GetSessionId(), cmds, req.Msg.GetMetadata(), req.Msg.GetLifetime().AsDuration())
 	if err != nil {
 		return nil, err
 	}
-	return &session.SetSessionResponse{
+	return connect.NewResponse(&session.SetSessionResponse{
 		Details:      object.DomainToDetailsPb(set.ObjectDetails),
 		SessionToken: set.NewToken,
 		Challenges:   challengeResponse,
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeleteSession(ctx context.Context, req *session.DeleteSessionRequest) (*session.DeleteSessionResponse, error) {
-	details, err := s.command.TerminateSession(ctx, req.GetSessionId(), req.GetSessionToken())
+func (s *Server) DeleteSession(ctx context.Context, req *connect.Request[session.DeleteSessionRequest]) (*connect.Response[session.DeleteSessionResponse], error) {
+	details, err := s.command.TerminateSession(ctx, req.Msg.GetSessionId(), req.Msg.GetSessionToken())
 	if err != nil {
 		return nil, err
 	}
-	return &session.DeleteSessionResponse{
+	return connect.NewResponse(&session.DeleteSessionResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
 func sessionsToPb(sessions []*query.Session) []*session.Session {
diff --git a/internal/api/grpc/settings/v2/query.go b/internal/api/grpc/settings/v2/query.go
index b8994ccb87..d522424040 100644
--- a/internal/api/grpc/settings/v2/query.go
+++ b/internal/api/grpc/settings/v2/query.go
@@ -3,6 +3,7 @@ package settings
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -14,12 +15,12 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
 )
 
-func (s *Server) GetLoginSettings(ctx context.Context, req *settings.GetLoginSettingsRequest) (*settings.GetLoginSettingsResponse, error) {
-	current, err := s.query.LoginPolicyByID(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+func (s *Server) GetLoginSettings(ctx context.Context, req *connect.Request[settings.GetLoginSettingsRequest]) (*connect.Response[settings.GetLoginSettingsResponse], error) {
+	current, err := s.query.LoginPolicyByID(ctx, true, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), false)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetLoginSettingsResponse{
+	return connect.NewResponse(&settings.GetLoginSettingsResponse{
 		Settings: loginSettingsToPb(current),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -27,15 +28,15 @@ func (s *Server) GetLoginSettings(ctx context.Context, req *settings.GetLoginSet
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.OrgID,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *settings.GetPasswordComplexitySettingsRequest) (*settings.GetPasswordComplexitySettingsResponse, error) {
-	current, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *connect.Request[settings.GetPasswordComplexitySettingsRequest]) (*connect.Response[settings.GetPasswordComplexitySettingsResponse], error) {
+	current, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), false)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetPasswordComplexitySettingsResponse{
+	return connect.NewResponse(&settings.GetPasswordComplexitySettingsResponse{
 		Settings: passwordComplexitySettingsToPb(current),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -43,15 +44,15 @@ func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *setting
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetPasswordExpirySettings(ctx context.Context, req *settings.GetPasswordExpirySettingsRequest) (*settings.GetPasswordExpirySettingsResponse, error) {
-	current, err := s.query.PasswordAgePolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+func (s *Server) GetPasswordExpirySettings(ctx context.Context, req *connect.Request[settings.GetPasswordExpirySettingsRequest]) (*connect.Response[settings.GetPasswordExpirySettingsResponse], error) {
+	current, err := s.query.PasswordAgePolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), false)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetPasswordExpirySettingsResponse{
+	return connect.NewResponse(&settings.GetPasswordExpirySettingsResponse{
 		Settings: passwordExpirySettingsToPb(current),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -59,15 +60,15 @@ func (s *Server) GetPasswordExpirySettings(ctx context.Context, req *settings.Ge
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetBrandingSettings(ctx context.Context, req *settings.GetBrandingSettingsRequest) (*settings.GetBrandingSettingsResponse, error) {
-	current, err := s.query.ActiveLabelPolicyByOrg(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+func (s *Server) GetBrandingSettings(ctx context.Context, req *connect.Request[settings.GetBrandingSettingsRequest]) (*connect.Response[settings.GetBrandingSettingsResponse], error) {
+	current, err := s.query.ActiveLabelPolicyByOrg(ctx, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), false)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetBrandingSettingsResponse{
+	return connect.NewResponse(&settings.GetBrandingSettingsResponse{
 		Settings: brandingSettingsToPb(current, s.assetsAPIDomain(ctx)),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -75,15 +76,15 @@ func (s *Server) GetBrandingSettings(ctx context.Context, req *settings.GetBrand
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetDomainSettings(ctx context.Context, req *settings.GetDomainSettingsRequest) (*settings.GetDomainSettingsResponse, error) {
-	current, err := s.query.DomainPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+func (s *Server) GetDomainSettings(ctx context.Context, req *connect.Request[settings.GetDomainSettingsRequest]) (*connect.Response[settings.GetDomainSettingsResponse], error) {
+	current, err := s.query.DomainPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), false)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetDomainSettingsResponse{
+	return connect.NewResponse(&settings.GetDomainSettingsResponse{
 		Settings: domainSettingsToPb(current),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -91,15 +92,15 @@ func (s *Server) GetDomainSettings(ctx context.Context, req *settings.GetDomainS
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *settings.GetLegalAndSupportSettingsRequest) (*settings.GetLegalAndSupportSettingsResponse, error) {
-	current, err := s.query.PrivacyPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *connect.Request[settings.GetLegalAndSupportSettingsRequest]) (*connect.Response[settings.GetLegalAndSupportSettingsResponse], error) {
+	current, err := s.query.PrivacyPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), false)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetLegalAndSupportSettingsResponse{
+	return connect.NewResponse(&settings.GetLegalAndSupportSettingsResponse{
 		Settings: legalAndSupportSettingsToPb(current),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -107,15 +108,15 @@ func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *settings.G
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetLockoutSettings(ctx context.Context, req *settings.GetLockoutSettingsRequest) (*settings.GetLockoutSettingsResponse, error) {
-	current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()))
+func (s *Server) GetLockoutSettings(ctx context.Context, req *connect.Request[settings.GetLockoutSettingsRequest]) (*connect.Response[settings.GetLockoutSettingsResponse], error) {
+	current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()))
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetLockoutSettingsResponse{
+	return connect.NewResponse(&settings.GetLockoutSettingsResponse{
 		Settings: lockoutSettingsToPb(current),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -123,24 +124,24 @@ func (s *Server) GetLockoutSettings(ctx context.Context, req *settings.GetLockou
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetActiveIdentityProviders(ctx context.Context, req *settings.GetActiveIdentityProvidersRequest) (*settings.GetActiveIdentityProvidersResponse, error) {
-	queries, err := activeIdentityProvidersToQuery(req)
+func (s *Server) GetActiveIdentityProviders(ctx context.Context, req *connect.Request[settings.GetActiveIdentityProvidersRequest]) (*connect.Response[settings.GetActiveIdentityProvidersResponse], error) {
+	queries, err := activeIdentityProvidersToQuery(req.Msg)
 	if err != nil {
 		return nil, err
 	}
 
-	links, err := s.query.IDPLoginPolicyLinks(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), &query.IDPLoginPolicyLinksSearchQuery{Queries: queries}, false)
+	links, err := s.query.IDPLoginPolicyLinks(ctx, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), &query.IDPLoginPolicyLinksSearchQuery{Queries: queries}, false)
 	if err != nil {
 		return nil, err
 	}
 
-	return &settings.GetActiveIdentityProvidersResponse{
+	return connect.NewResponse(&settings.GetActiveIdentityProvidersResponse{
 		Details:           object.ToListDetails(links.SearchResponse),
 		IdentityProviders: identityProvidersToPb(links.Links),
-	}, nil
+	}), nil
 }
 
 func activeIdentityProvidersToQuery(req *settings.GetActiveIdentityProvidersRequest) (_ []query.SearchQuery, err error) {
@@ -180,30 +181,30 @@ func activeIdentityProvidersToQuery(req *settings.GetActiveIdentityProvidersRequ
 	return q, nil
 }
 
-func (s *Server) GetGeneralSettings(ctx context.Context, _ *settings.GetGeneralSettingsRequest) (*settings.GetGeneralSettingsResponse, error) {
+func (s *Server) GetGeneralSettings(ctx context.Context, _ *connect.Request[settings.GetGeneralSettingsRequest]) (*connect.Response[settings.GetGeneralSettingsResponse], error) {
 	instance := authz.GetInstance(ctx)
-	return &settings.GetGeneralSettingsResponse{
+	return connect.NewResponse(&settings.GetGeneralSettingsResponse{
 		SupportedLanguages: domain.LanguagesToStrings(i18n.SupportedLanguages()),
 		DefaultOrgId:       instance.DefaultOrganisationID(),
 		DefaultLanguage:    instance.DefaultLanguage().String(),
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetSecuritySettings(ctx context.Context, req *settings.GetSecuritySettingsRequest) (*settings.GetSecuritySettingsResponse, error) {
+func (s *Server) GetSecuritySettings(ctx context.Context, req *connect.Request[settings.GetSecuritySettingsRequest]) (*connect.Response[settings.GetSecuritySettingsResponse], error) {
 	policy, err := s.query.SecurityPolicy(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetSecuritySettingsResponse{
+	return connect.NewResponse(&settings.GetSecuritySettingsResponse{
 		Settings: securityPolicyToSettingsPb(policy),
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetHostedLoginTranslation(ctx context.Context, req *settings.GetHostedLoginTranslationRequest) (*settings.GetHostedLoginTranslationResponse, error) {
-	translation, err := s.query.GetHostedLoginTranslation(ctx, req)
+func (s *Server) GetHostedLoginTranslation(ctx context.Context, req *connect.Request[settings.GetHostedLoginTranslationRequest]) (*connect.Response[settings.GetHostedLoginTranslationResponse], error) {
+	translation, err := s.query.GetHostedLoginTranslation(ctx, req.Msg)
 	if err != nil {
 		return nil, err
 	}
 
-	return translation, nil
+	return connect.NewResponse(translation), nil
 }
diff --git a/internal/api/grpc/settings/v2/server.go b/internal/api/grpc/settings/v2/server.go
index 9cae50824f..bfaec17fc2 100644
--- a/internal/api/grpc/settings/v2/server.go
+++ b/internal/api/grpc/settings/v2/server.go
@@ -2,8 +2,10 @@ package settings
 
 import (
 	"context"
+	"net/http"
 
-	"google.golang.org/grpc"
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/assets"
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -11,12 +13,12 @@ import (
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/settings/v2/settingsconnect"
 )
 
-var _ settings.SettingsServiceServer = (*Server)(nil)
+var _ settingsconnect.SettingsServiceHandler = (*Server)(nil)
 
 type Server struct {
-	settings.UnimplementedSettingsServiceServer
 	command         *command.Commands
 	query           *query.Queries
 	assetsAPIDomain func(context.Context) string
@@ -35,8 +37,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	settings.RegisterSettingsServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return settingsconnect.NewSettingsServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return settings.File_zitadel_settings_v2_settings_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/settings/v2/settings.go b/internal/api/grpc/settings/v2/settings.go
index 09ee6b27c8..c7db200211 100644
--- a/internal/api/grpc/settings/v2/settings.go
+++ b/internal/api/grpc/settings/v2/settings.go
@@ -3,25 +3,27 @@ package settings
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
 )
 
-func (s *Server) SetSecuritySettings(ctx context.Context, req *settings.SetSecuritySettingsRequest) (*settings.SetSecuritySettingsResponse, error) {
-	details, err := s.command.SetSecurityPolicy(ctx, securitySettingsToCommand(req))
+func (s *Server) SetSecuritySettings(ctx context.Context, req *connect.Request[settings.SetSecuritySettingsRequest]) (*connect.Response[settings.SetSecuritySettingsResponse], error) {
+	details, err := s.command.SetSecurityPolicy(ctx, securitySettingsToCommand(req.Msg))
 	if err != nil {
 		return nil, err
 	}
-	return &settings.SetSecuritySettingsResponse{
+	return connect.NewResponse(&settings.SetSecuritySettingsResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) SetHostedLoginTranslation(ctx context.Context, req *settings.SetHostedLoginTranslationRequest) (*settings.SetHostedLoginTranslationResponse, error) {
-	res, err := s.command.SetHostedLoginTranslation(ctx, req)
+func (s *Server) SetHostedLoginTranslation(ctx context.Context, req *connect.Request[settings.SetHostedLoginTranslationRequest]) (*connect.Response[settings.SetHostedLoginTranslationResponse], error) {
+	res, err := s.command.SetHostedLoginTranslation(ctx, req.Msg)
 	if err != nil {
 		return nil, err
 	}
 
-	return res, nil
+	return connect.NewResponse(res), nil
 }
diff --git a/internal/api/grpc/settings/v2beta/server.go b/internal/api/grpc/settings/v2beta/server.go
index 24c8f7774a..a8200a7216 100644
--- a/internal/api/grpc/settings/v2beta/server.go
+++ b/internal/api/grpc/settings/v2beta/server.go
@@ -2,8 +2,10 @@ package settings
 
 import (
 	"context"
+	"net/http"
 
-	"google.golang.org/grpc"
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/assets"
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -11,12 +13,12 @@ import (
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/query"
 	settings "github.com/zitadel/zitadel/pkg/grpc/settings/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/settings/v2beta/settingsconnect"
 )
 
-var _ settings.SettingsServiceServer = (*Server)(nil)
+var _ settingsconnect.SettingsServiceHandler = (*Server)(nil)
 
 type Server struct {
-	settings.UnimplementedSettingsServiceServer
 	command         *command.Commands
 	query           *query.Queries
 	assetsAPIDomain func(context.Context) string
@@ -35,8 +37,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	settings.RegisterSettingsServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return settingsconnect.NewSettingsServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return settings.File_zitadel_settings_v2beta_settings_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/settings/v2beta/settings.go b/internal/api/grpc/settings/v2beta/settings.go
index 6193f129ba..53d2c37c32 100644
--- a/internal/api/grpc/settings/v2beta/settings.go
+++ b/internal/api/grpc/settings/v2beta/settings.go
@@ -3,6 +3,7 @@ package settings
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -14,12 +15,12 @@ import (
 	settings "github.com/zitadel/zitadel/pkg/grpc/settings/v2beta"
 )
 
-func (s *Server) GetLoginSettings(ctx context.Context, req *settings.GetLoginSettingsRequest) (*settings.GetLoginSettingsResponse, error) {
-	current, err := s.query.LoginPolicyByID(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+func (s *Server) GetLoginSettings(ctx context.Context, req *connect.Request[settings.GetLoginSettingsRequest]) (*connect.Response[settings.GetLoginSettingsResponse], error) {
+	current, err := s.query.LoginPolicyByID(ctx, true, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), false)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetLoginSettingsResponse{
+	return connect.NewResponse(&settings.GetLoginSettingsResponse{
 		Settings: loginSettingsToPb(current),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -27,15 +28,15 @@ func (s *Server) GetLoginSettings(ctx context.Context, req *settings.GetLoginSet
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.OrgID,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *settings.GetPasswordComplexitySettingsRequest) (*settings.GetPasswordComplexitySettingsResponse, error) {
-	current, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *connect.Request[settings.GetPasswordComplexitySettingsRequest]) (*connect.Response[settings.GetPasswordComplexitySettingsResponse], error) {
+	current, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), false)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetPasswordComplexitySettingsResponse{
+	return connect.NewResponse(&settings.GetPasswordComplexitySettingsResponse{
 		Settings: passwordComplexitySettingsToPb(current),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -43,15 +44,15 @@ func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *setting
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetPasswordExpirySettings(ctx context.Context, req *settings.GetPasswordExpirySettingsRequest) (*settings.GetPasswordExpirySettingsResponse, error) {
-	current, err := s.query.PasswordAgePolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+func (s *Server) GetPasswordExpirySettings(ctx context.Context, req *connect.Request[settings.GetPasswordExpirySettingsRequest]) (*connect.Response[settings.GetPasswordExpirySettingsResponse], error) {
+	current, err := s.query.PasswordAgePolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), false)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetPasswordExpirySettingsResponse{
+	return connect.NewResponse(&settings.GetPasswordExpirySettingsResponse{
 		Settings: passwordExpirySettingsToPb(current),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -59,15 +60,15 @@ func (s *Server) GetPasswordExpirySettings(ctx context.Context, req *settings.Ge
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetBrandingSettings(ctx context.Context, req *settings.GetBrandingSettingsRequest) (*settings.GetBrandingSettingsResponse, error) {
-	current, err := s.query.ActiveLabelPolicyByOrg(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+func (s *Server) GetBrandingSettings(ctx context.Context, req *connect.Request[settings.GetBrandingSettingsRequest]) (*connect.Response[settings.GetBrandingSettingsResponse], error) {
+	current, err := s.query.ActiveLabelPolicyByOrg(ctx, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), false)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetBrandingSettingsResponse{
+	return connect.NewResponse(&settings.GetBrandingSettingsResponse{
 		Settings: brandingSettingsToPb(current, s.assetsAPIDomain(ctx)),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -75,15 +76,15 @@ func (s *Server) GetBrandingSettings(ctx context.Context, req *settings.GetBrand
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetDomainSettings(ctx context.Context, req *settings.GetDomainSettingsRequest) (*settings.GetDomainSettingsResponse, error) {
-	current, err := s.query.DomainPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+func (s *Server) GetDomainSettings(ctx context.Context, req *connect.Request[settings.GetDomainSettingsRequest]) (*connect.Response[settings.GetDomainSettingsResponse], error) {
+	current, err := s.query.DomainPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), false)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetDomainSettingsResponse{
+	return connect.NewResponse(&settings.GetDomainSettingsResponse{
 		Settings: domainSettingsToPb(current),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -91,15 +92,15 @@ func (s *Server) GetDomainSettings(ctx context.Context, req *settings.GetDomainS
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *settings.GetLegalAndSupportSettingsRequest) (*settings.GetLegalAndSupportSettingsResponse, error) {
-	current, err := s.query.PrivacyPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *connect.Request[settings.GetLegalAndSupportSettingsRequest]) (*connect.Response[settings.GetLegalAndSupportSettingsResponse], error) {
+	current, err := s.query.PrivacyPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), false)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetLegalAndSupportSettingsResponse{
+	return connect.NewResponse(&settings.GetLegalAndSupportSettingsResponse{
 		Settings: legalAndSupportSettingsToPb(current),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -107,15 +108,15 @@ func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *settings.G
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetLockoutSettings(ctx context.Context, req *settings.GetLockoutSettingsRequest) (*settings.GetLockoutSettingsResponse, error) {
-	current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()))
+func (s *Server) GetLockoutSettings(ctx context.Context, req *connect.Request[settings.GetLockoutSettingsRequest]) (*connect.Response[settings.GetLockoutSettingsResponse], error) {
+	current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()))
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetLockoutSettingsResponse{
+	return connect.NewResponse(&settings.GetLockoutSettingsResponse{
 		Settings: lockoutSettingsToPb(current),
 		Details: &object_pb.Details{
 			Sequence:      current.Sequence,
@@ -123,46 +124,46 @@ func (s *Server) GetLockoutSettings(ctx context.Context, req *settings.GetLockou
 			ChangeDate:    timestamppb.New(current.ChangeDate),
 			ResourceOwner: current.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetActiveIdentityProviders(ctx context.Context, req *settings.GetActiveIdentityProvidersRequest) (*settings.GetActiveIdentityProvidersResponse, error) {
-	links, err := s.query.IDPLoginPolicyLinks(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), &query.IDPLoginPolicyLinksSearchQuery{}, false)
+func (s *Server) GetActiveIdentityProviders(ctx context.Context, req *connect.Request[settings.GetActiveIdentityProvidersRequest]) (*connect.Response[settings.GetActiveIdentityProvidersResponse], error) {
+	links, err := s.query.IDPLoginPolicyLinks(ctx, object.ResourceOwnerFromReq(ctx, req.Msg.GetCtx()), &query.IDPLoginPolicyLinksSearchQuery{}, false)
 	if err != nil {
 		return nil, err
 	}
 
-	return &settings.GetActiveIdentityProvidersResponse{
+	return connect.NewResponse(&settings.GetActiveIdentityProvidersResponse{
 		Details:           object.ToListDetails(links.SearchResponse),
 		IdentityProviders: identityProvidersToPb(links.Links),
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetGeneralSettings(ctx context.Context, _ *settings.GetGeneralSettingsRequest) (*settings.GetGeneralSettingsResponse, error) {
+func (s *Server) GetGeneralSettings(ctx context.Context, _ *connect.Request[settings.GetGeneralSettingsRequest]) (*connect.Response[settings.GetGeneralSettingsResponse], error) {
 	instance := authz.GetInstance(ctx)
-	return &settings.GetGeneralSettingsResponse{
+	return connect.NewResponse(&settings.GetGeneralSettingsResponse{
 		SupportedLanguages: domain.LanguagesToStrings(i18n.SupportedLanguages()),
 		DefaultOrgId:       instance.DefaultOrganisationID(),
 		DefaultLanguage:    instance.DefaultLanguage().String(),
-	}, nil
+	}), nil
 }
 
-func (s *Server) GetSecuritySettings(ctx context.Context, req *settings.GetSecuritySettingsRequest) (*settings.GetSecuritySettingsResponse, error) {
+func (s *Server) GetSecuritySettings(ctx context.Context, req *connect.Request[settings.GetSecuritySettingsRequest]) (*connect.Response[settings.GetSecuritySettingsResponse], error) {
 	policy, err := s.query.SecurityPolicy(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return &settings.GetSecuritySettingsResponse{
+	return connect.NewResponse(&settings.GetSecuritySettingsResponse{
 		Settings: securityPolicyToSettingsPb(policy),
-	}, nil
+	}), nil
 }
 
-func (s *Server) SetSecuritySettings(ctx context.Context, req *settings.SetSecuritySettingsRequest) (*settings.SetSecuritySettingsResponse, error) {
-	details, err := s.command.SetSecurityPolicy(ctx, securitySettingsToCommand(req))
+func (s *Server) SetSecuritySettings(ctx context.Context, req *connect.Request[settings.SetSecuritySettingsRequest]) (*connect.Response[settings.SetSecuritySettingsResponse], error) {
+	details, err := s.command.SetSecurityPolicy(ctx, securitySettingsToCommand(req.Msg))
 	if err != nil {
 		return nil, err
 	}
-	return &settings.SetSecuritySettingsResponse{
+	return connect.NewResponse(&settings.SetSecuritySettingsResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2/email.go b/internal/api/grpc/user/v2/email.go
index 4b247ef10f..df68e58c7d 100644
--- a/internal/api/grpc/user/v2/email.go
+++ b/internal/api/grpc/user/v2/email.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/domain"
@@ -11,18 +12,18 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) SetEmail(ctx context.Context, req *user.SetEmailRequest) (resp *user.SetEmailResponse, err error) {
+func (s *Server) SetEmail(ctx context.Context, req *connect.Request[user.SetEmailRequest]) (resp *connect.Response[user.SetEmailResponse], err error) {
 	var email *domain.Email
 
-	switch v := req.GetVerification().(type) {
+	switch v := req.Msg.GetVerification().(type) {
 	case *user.SetEmailRequest_SendCode:
-		email, err = s.command.ChangeUserEmailURLTemplate(ctx, req.GetUserId(), req.GetEmail(), s.userCodeAlg, v.SendCode.GetUrlTemplate())
+		email, err = s.command.ChangeUserEmailURLTemplate(ctx, req.Msg.GetUserId(), req.Msg.GetEmail(), s.userCodeAlg, v.SendCode.GetUrlTemplate())
 	case *user.SetEmailRequest_ReturnCode:
-		email, err = s.command.ChangeUserEmailReturnCode(ctx, req.GetUserId(), req.GetEmail(), s.userCodeAlg)
+		email, err = s.command.ChangeUserEmailReturnCode(ctx, req.Msg.GetUserId(), req.Msg.GetEmail(), s.userCodeAlg)
 	case *user.SetEmailRequest_IsVerified:
-		email, err = s.command.ChangeUserEmailVerified(ctx, req.GetUserId(), req.GetEmail())
+		email, err = s.command.ChangeUserEmailVerified(ctx, req.Msg.GetUserId(), req.Msg.GetEmail())
 	case nil:
-		email, err = s.command.ChangeUserEmail(ctx, req.GetUserId(), req.GetEmail(), s.userCodeAlg)
+		email, err = s.command.ChangeUserEmail(ctx, req.Msg.GetUserId(), req.Msg.GetEmail(), s.userCodeAlg)
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-Ahng0", "verification oneOf %T in method SetEmail not implemented", v)
 	}
@@ -30,26 +31,26 @@ func (s *Server) SetEmail(ctx context.Context, req *user.SetEmailRequest) (resp
 		return nil, err
 	}
 
-	return &user.SetEmailResponse{
+	return connect.NewResponse(&user.SetEmailResponse{
 		Details: &object.Details{
 			Sequence:      email.Sequence,
 			ChangeDate:    timestamppb.New(email.ChangeDate),
 			ResourceOwner: email.ResourceOwner,
 		},
 		VerificationCode: email.PlainCode,
-	}, nil
+	}), nil
 }
 
-func (s *Server) ResendEmailCode(ctx context.Context, req *user.ResendEmailCodeRequest) (resp *user.ResendEmailCodeResponse, err error) {
+func (s *Server) ResendEmailCode(ctx context.Context, req *connect.Request[user.ResendEmailCodeRequest]) (resp *connect.Response[user.ResendEmailCodeResponse], err error) {
 	var email *domain.Email
 
-	switch v := req.GetVerification().(type) {
+	switch v := req.Msg.GetVerification().(type) {
 	case *user.ResendEmailCodeRequest_SendCode:
-		email, err = s.command.ResendUserEmailCodeURLTemplate(ctx, req.GetUserId(), s.userCodeAlg, v.SendCode.GetUrlTemplate())
+		email, err = s.command.ResendUserEmailCodeURLTemplate(ctx, req.Msg.GetUserId(), s.userCodeAlg, v.SendCode.GetUrlTemplate())
 	case *user.ResendEmailCodeRequest_ReturnCode:
-		email, err = s.command.ResendUserEmailReturnCode(ctx, req.GetUserId(), s.userCodeAlg)
+		email, err = s.command.ResendUserEmailReturnCode(ctx, req.Msg.GetUserId(), s.userCodeAlg)
 	case nil:
-		email, err = s.command.ResendUserEmailCode(ctx, req.GetUserId(), s.userCodeAlg)
+		email, err = s.command.ResendUserEmailCode(ctx, req.Msg.GetUserId(), s.userCodeAlg)
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-faj0l0nj5x", "verification oneOf %T in method ResendEmailCode not implemented", v)
 	}
@@ -57,26 +58,26 @@ func (s *Server) ResendEmailCode(ctx context.Context, req *user.ResendEmailCodeR
 		return nil, err
 	}
 
-	return &user.ResendEmailCodeResponse{
+	return connect.NewResponse(&user.ResendEmailCodeResponse{
 		Details: &object.Details{
 			Sequence:      email.Sequence,
 			ChangeDate:    timestamppb.New(email.ChangeDate),
 			ResourceOwner: email.ResourceOwner,
 		},
 		VerificationCode: email.PlainCode,
-	}, nil
+	}), nil
 }
 
-func (s *Server) SendEmailCode(ctx context.Context, req *user.SendEmailCodeRequest) (resp *user.SendEmailCodeResponse, err error) {
+func (s *Server) SendEmailCode(ctx context.Context, req *connect.Request[user.SendEmailCodeRequest]) (resp *connect.Response[user.SendEmailCodeResponse], err error) {
 	var email *domain.Email
 
-	switch v := req.GetVerification().(type) {
+	switch v := req.Msg.GetVerification().(type) {
 	case *user.SendEmailCodeRequest_SendCode:
-		email, err = s.command.SendUserEmailCodeURLTemplate(ctx, req.GetUserId(), s.userCodeAlg, v.SendCode.GetUrlTemplate())
+		email, err = s.command.SendUserEmailCodeURLTemplate(ctx, req.Msg.GetUserId(), s.userCodeAlg, v.SendCode.GetUrlTemplate())
 	case *user.SendEmailCodeRequest_ReturnCode:
-		email, err = s.command.SendUserEmailReturnCode(ctx, req.GetUserId(), s.userCodeAlg)
+		email, err = s.command.SendUserEmailReturnCode(ctx, req.Msg.GetUserId(), s.userCodeAlg)
 	case nil:
-		email, err = s.command.SendUserEmailCode(ctx, req.GetUserId(), s.userCodeAlg)
+		email, err = s.command.SendUserEmailCode(ctx, req.Msg.GetUserId(), s.userCodeAlg)
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-faj0l0nj5x", "verification oneOf %T in method SendEmailCode not implemented", v)
 	}
@@ -84,30 +85,30 @@ func (s *Server) SendEmailCode(ctx context.Context, req *user.SendEmailCodeReque
 		return nil, err
 	}
 
-	return &user.SendEmailCodeResponse{
+	return connect.NewResponse(&user.SendEmailCodeResponse{
 		Details: &object.Details{
 			Sequence:      email.Sequence,
 			ChangeDate:    timestamppb.New(email.ChangeDate),
 			ResourceOwner: email.ResourceOwner,
 		},
 		VerificationCode: email.PlainCode,
-	}, nil
+	}), nil
 }
 
-func (s *Server) VerifyEmail(ctx context.Context, req *user.VerifyEmailRequest) (*user.VerifyEmailResponse, error) {
+func (s *Server) VerifyEmail(ctx context.Context, req *connect.Request[user.VerifyEmailRequest]) (*connect.Response[user.VerifyEmailResponse], error) {
 	details, err := s.command.VerifyUserEmail(ctx,
-		req.GetUserId(),
-		req.GetVerificationCode(),
+		req.Msg.GetUserId(),
+		req.Msg.GetVerificationCode(),
 		s.userCodeAlg,
 	)
 	if err != nil {
 		return nil, err
 	}
-	return &user.VerifyEmailResponse{
+	return connect.NewResponse(&user.VerifyEmailResponse{
 		Details: &object.Details{
 			Sequence:      details.Sequence,
 			ChangeDate:    timestamppb.New(details.EventDate),
 			ResourceOwner: details.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2/human.go b/internal/api/grpc/user/v2/human.go
index d8a0891396..06414d12cb 100644
--- a/internal/api/grpc/user/v2/human.go
+++ b/internal/api/grpc/user/v2/human.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"io"
 
+	"connectrpc.com/connect"
 	"golang.org/x/text/language"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
@@ -14,7 +15,7 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) createUserTypeHuman(ctx context.Context, humanPb *user.CreateUserRequest_Human, orgId string, userName, userId *string) (*user.CreateUserResponse, error) {
+func (s *Server) createUserTypeHuman(ctx context.Context, humanPb *user.CreateUserRequest_Human, orgId string, userName, userId *string) (*connect.Response[user.CreateUserResponse], error) {
 	addHumanPb := &user.AddHumanUserRequest{
 		Username: userName,
 		UserId:   userId,
@@ -52,15 +53,15 @@ func (s *Server) createUserTypeHuman(ctx context.Context, humanPb *user.CreateUs
 	); err != nil {
 		return nil, err
 	}
-	return &user.CreateUserResponse{
+	return connect.NewResponse(&user.CreateUserResponse{
 		Id:           newHuman.ID,
 		CreationDate: timestamppb.New(newHuman.Details.EventDate),
 		EmailCode:    newHuman.EmailCode,
 		PhoneCode:    newHuman.PhoneCode,
-	}, nil
+	}), nil
 }
 
-func (s *Server) updateUserTypeHuman(ctx context.Context, humanPb *user.UpdateUserRequest_Human, userId string, userName *string) (*user.UpdateUserResponse, error) {
+func (s *Server) updateUserTypeHuman(ctx context.Context, humanPb *user.UpdateUserRequest_Human, userId string, userName *string) (*connect.Response[user.UpdateUserResponse], error) {
 	cmd, err := updateHumanUserToCommand(userId, userName, humanPb)
 	if err != nil {
 		return nil, err
@@ -68,11 +69,11 @@ func (s *Server) updateUserTypeHuman(ctx context.Context, humanPb *user.UpdateUs
 	if err = s.command.ChangeUserHuman(ctx, cmd, s.userCodeAlg); err != nil {
 		return nil, err
 	}
-	return &user.UpdateUserResponse{
+	return connect.NewResponse(&user.UpdateUserResponse{
 		ChangeDate: timestamppb.New(cmd.Details.EventDate),
 		EmailCode:  cmd.EmailCode,
 		PhoneCode:  cmd.PhoneCode,
-	}, nil
+	}), nil
 }
 
 func updateHumanUserToCommand(userId string, userName *string, human *user.UpdateUserRequest_Human) (*command.ChangeHuman, error) {
diff --git a/internal/api/grpc/user/v2/idp_link.go b/internal/api/grpc/user/v2/idp_link.go
index bef40617cf..0b1e7ab998 100644
--- a/internal/api/grpc/user/v2/idp_link.go
+++ b/internal/api/grpc/user/v2/idp_link.go
@@ -3,6 +3,8 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/domain"
@@ -11,22 +13,22 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) AddIDPLink(ctx context.Context, req *user.AddIDPLinkRequest) (_ *user.AddIDPLinkResponse, err error) {
-	details, err := s.command.AddUserIDPLink(ctx, req.UserId, "", &command.AddLink{
-		IDPID:         req.GetIdpLink().GetIdpId(),
-		DisplayName:   req.GetIdpLink().GetUserName(),
-		IDPExternalID: req.GetIdpLink().GetUserId(),
+func (s *Server) AddIDPLink(ctx context.Context, req *connect.Request[user.AddIDPLinkRequest]) (_ *connect.Response[user.AddIDPLinkResponse], err error) {
+	details, err := s.command.AddUserIDPLink(ctx, req.Msg.GetUserId(), "", &command.AddLink{
+		IDPID:         req.Msg.GetIdpLink().GetIdpId(),
+		DisplayName:   req.Msg.GetIdpLink().GetUserName(),
+		IDPExternalID: req.Msg.GetIdpLink().GetUserId(),
 	})
 	if err != nil {
 		return nil, err
 	}
-	return &user.AddIDPLinkResponse{
+	return connect.NewResponse(&user.AddIDPLinkResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListIDPLinks(ctx context.Context, req *user.ListIDPLinksRequest) (_ *user.ListIDPLinksResponse, err error) {
-	queries, err := ListLinkedIDPsRequestToQuery(req)
+func (s *Server) ListIDPLinks(ctx context.Context, req *connect.Request[user.ListIDPLinksRequest]) (_ *connect.Response[user.ListIDPLinksResponse], err error) {
+	queries, err := ListLinkedIDPsRequestToQuery(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -34,10 +36,10 @@ func (s *Server) ListIDPLinks(ctx context.Context, req *user.ListIDPLinksRequest
 	if err != nil {
 		return nil, err
 	}
-	return &user.ListIDPLinksResponse{
+	return connect.NewResponse(&user.ListIDPLinksResponse{
 		Result:  IDPLinksToPb(res.Links),
 		Details: object.ToListDetails(res.SearchResponse),
-	}, nil
+	}), nil
 }
 
 func ListLinkedIDPsRequestToQuery(req *user.ListIDPLinksRequest) (*query.IDPUserLinksSearchQuery, error) {
@@ -72,14 +74,14 @@ func IDPLinkToPb(link *query.IDPUserLink) *user.IDPLink {
 	}
 }
 
-func (s *Server) RemoveIDPLink(ctx context.Context, req *user.RemoveIDPLinkRequest) (*user.RemoveIDPLinkResponse, error) {
-	objectDetails, err := s.command.RemoveUserIDPLink(ctx, RemoveIDPLinkRequestToDomain(ctx, req))
+func (s *Server) RemoveIDPLink(ctx context.Context, req *connect.Request[user.RemoveIDPLinkRequest]) (*connect.Response[user.RemoveIDPLinkResponse], error) {
+	objectDetails, err := s.command.RemoveUserIDPLink(ctx, RemoveIDPLinkRequestToDomain(ctx, req.Msg))
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemoveIDPLinkResponse{
+	return connect.NewResponse(&user.RemoveIDPLinkResponse{
 		Details: object.DomainToDetailsPb(objectDetails),
-	}, nil
+	}), nil
 }
 
 func RemoveIDPLinkRequestToDomain(ctx context.Context, req *user.RemoveIDPLinkRequest) *domain.UserIDPLink {
diff --git a/internal/api/grpc/user/v2/intent.go b/internal/api/grpc/user/v2/intent.go
index fd65d61dfb..c26adba24d 100644
--- a/internal/api/grpc/user/v2/intent.go
+++ b/internal/api/grpc/user/v2/intent.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"time"
 
+	"connectrpc.com/connect"
 	oidc_pkg "github.com/zitadel/oidc/v3/pkg/oidc"
 	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
@@ -32,18 +33,18 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) StartIdentityProviderIntent(ctx context.Context, req *user.StartIdentityProviderIntentRequest) (_ *user.StartIdentityProviderIntentResponse, err error) {
-	switch t := req.GetContent().(type) {
+func (s *Server) StartIdentityProviderIntent(ctx context.Context, req *connect.Request[user.StartIdentityProviderIntentRequest]) (_ *connect.Response[user.StartIdentityProviderIntentResponse], err error) {
+	switch t := req.Msg.GetContent().(type) {
 	case *user.StartIdentityProviderIntentRequest_Urls:
-		return s.startIDPIntent(ctx, req.GetIdpId(), t.Urls)
+		return s.startIDPIntent(ctx, req.Msg.GetIdpId(), t.Urls)
 	case *user.StartIdentityProviderIntentRequest_Ldap:
-		return s.startLDAPIntent(ctx, req.GetIdpId(), t.Ldap)
+		return s.startLDAPIntent(ctx, req.Msg.GetIdpId(), t.Ldap)
 	default:
 		return nil, zerrors.ThrowUnimplementedf(nil, "USERv2-S2g21", "type oneOf %T in method StartIdentityProviderIntent not implemented", t)
 	}
 }
 
-func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.RedirectURLs) (*user.StartIdentityProviderIntentResponse, error) {
+func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.RedirectURLs) (*connect.Response[user.StartIdentityProviderIntentResponse], error) {
 	state, session, err := s.command.AuthFromProvider(ctx, idpID, s.idpCallback(ctx), s.samlRootURL(ctx, idpID))
 	if err != nil {
 		return nil, err
@@ -58,12 +59,12 @@ func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.Re
 	}
 	switch a := auth.(type) {
 	case *idp.RedirectAuth:
-		return &user.StartIdentityProviderIntentResponse{
+		return connect.NewResponse(&user.StartIdentityProviderIntentResponse{
 			Details:  object.DomainToDetailsPb(details),
 			NextStep: &user.StartIdentityProviderIntentResponse_AuthUrl{AuthUrl: a.RedirectURL},
-		}, nil
+		}), nil
 	case *idp.FormAuth:
-		return &user.StartIdentityProviderIntentResponse{
+		return connect.NewResponse(&user.StartIdentityProviderIntentResponse{
 			Details: object.DomainToDetailsPb(details),
 			NextStep: &user.StartIdentityProviderIntentResponse_FormData{
 				FormData: &user.FormData{
@@ -71,12 +72,12 @@ func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.Re
 					Fields: a.Fields,
 				},
 			},
-		}, nil
+		}), nil
 	}
 	return nil, zerrors.ThrowInvalidArgumentf(nil, "USERv2-3g2j3", "type oneOf %T in method StartIdentityProviderIntent not implemented", auth)
 }
 
-func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredentials *user.LDAPCredentials) (*user.StartIdentityProviderIntentResponse, error) {
+func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredentials *user.LDAPCredentials) (*connect.Response[user.StartIdentityProviderIntentResponse], error) {
 	intentWriteModel, details, err := s.command.CreateIntent(ctx, "", idpID, "", "", authz.GetInstance(ctx).InstanceID(), nil)
 	if err != nil {
 		return nil, err
@@ -92,7 +93,7 @@ func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredenti
 	if err != nil {
 		return nil, err
 	}
-	return &user.StartIdentityProviderIntentResponse{
+	return connect.NewResponse(&user.StartIdentityProviderIntentResponse{
 		Details: object.DomainToDetailsPb(details),
 		NextStep: &user.StartIdentityProviderIntentResponse_IdpIntent{
 			IdpIntent: &user.IDPIntent{
@@ -101,7 +102,7 @@ func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredenti
 				UserId:         userID,
 			},
 		},
-	}, nil
+	}), nil
 }
 
 func (s *Server) checkLinkedExternalUser(ctx context.Context, idpID, externalUserID string) (string, error) {
@@ -150,12 +151,12 @@ func (s *Server) ldapLogin(ctx context.Context, idpID, username, password string
 	return externalUser, userID, session, nil
 }
 
-func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.RetrieveIdentityProviderIntentRequest) (_ *user.RetrieveIdentityProviderIntentResponse, err error) {
-	intent, err := s.command.GetIntentWriteModel(ctx, req.GetIdpIntentId(), "")
+func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *connect.Request[user.RetrieveIdentityProviderIntentRequest]) (_ *connect.Response[user.RetrieveIdentityProviderIntentResponse], err error) {
+	intent, err := s.command.GetIntentWriteModel(ctx, req.Msg.GetIdpIntentId(), "")
 	if err != nil {
 		return nil, err
 	}
-	if err := s.checkIntentToken(req.GetIdpIntentToken(), intent.AggregateID); err != nil {
+	if err := s.checkIntentToken(req.Msg.GetIdpIntentToken(), intent.AggregateID); err != nil {
 		return nil, err
 	}
 	if intent.State != domain.IDPIntentStateSucceeded {
@@ -203,7 +204,7 @@ func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.R
 		}
 		idpIntent.AddHumanUser = idpUserToAddHumanUser(idpUser, idpIntent.IdpInformation.IdpId)
 	}
-	return idpIntent, nil
+	return connect.NewResponse(idpIntent), nil
 }
 
 type rawUserMapper struct {
diff --git a/internal/api/grpc/user/v2/key.go b/internal/api/grpc/user/v2/key.go
index 59dab44248..021f4be388 100644
--- a/internal/api/grpc/user/v2/key.go
+++ b/internal/api/grpc/user/v2/key.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/command"
@@ -11,16 +12,16 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) AddKey(ctx context.Context, req *user.AddKeyRequest) (*user.AddKeyResponse, error) {
+func (s *Server) AddKey(ctx context.Context, req *connect.Request[user.AddKeyRequest]) (*connect.Response[user.AddKeyResponse], error) {
 	newMachineKey := &command.MachineKey{
 		ObjectRoot: models.ObjectRoot{
-			AggregateID: req.UserId,
+			AggregateID: req.Msg.GetUserId(),
 		},
-		ExpirationDate:  req.GetExpirationDate().AsTime(),
+		ExpirationDate:  req.Msg.GetExpirationDate().AsTime(),
 		Type:            domain.AuthNKeyTypeJSON,
 		PermissionCheck: s.command.NewPermissionCheckUserWrite(ctx),
 	}
-	newMachineKey.PublicKey = req.PublicKey
+	newMachineKey.PublicKey = req.Msg.GetPublicKey()
 
 	pubkeySupplied := len(newMachineKey.PublicKey) > 0
 	details, err := s.command.AddUserMachineKey(ctx, newMachineKey)
@@ -37,26 +38,26 @@ func (s *Server) AddKey(ctx context.Context, req *user.AddKeyRequest) (*user.Add
 			return nil, err
 		}
 	}
-	return &user.AddKeyResponse{
+	return connect.NewResponse(&user.AddKeyResponse{
 		KeyId:        newMachineKey.KeyID,
 		KeyContent:   keyDetails,
 		CreationDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) RemoveKey(ctx context.Context, req *user.RemoveKeyRequest) (*user.RemoveKeyResponse, error) {
+func (s *Server) RemoveKey(ctx context.Context, req *connect.Request[user.RemoveKeyRequest]) (*connect.Response[user.RemoveKeyResponse], error) {
 	machineKey := &command.MachineKey{
 		ObjectRoot: models.ObjectRoot{
-			AggregateID: req.UserId,
+			AggregateID: req.Msg.GetUserId(),
 		},
 		PermissionCheck: s.command.NewPermissionCheckUserWrite(ctx),
-		KeyID:           req.KeyId,
+		KeyID:           req.Msg.GetKeyId(),
 	}
 	objectDetails, err := s.command.RemoveUserMachineKey(ctx, machineKey)
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemoveKeyResponse{
+	return connect.NewResponse(&user.RemoveKeyResponse{
 		DeletionDate: timestamppb.New(objectDetails.EventDate),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2/key_query.go b/internal/api/grpc/user/v2/key_query.go
index da4f47decf..e9466a791b 100644
--- a/internal/api/grpc/user/v2/key_query.go
+++ b/internal/api/grpc/user/v2/key_query.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/api/grpc/filter/v2"
@@ -12,13 +13,13 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) ListKeys(ctx context.Context, req *user.ListKeysRequest) (*user.ListKeysResponse, error) {
-	offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
+func (s *Server) ListKeys(ctx context.Context, req *connect.Request[user.ListKeysRequest]) (*connect.Response[user.ListKeysResponse], error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Msg.GetPagination())
 	if err != nil {
 		return nil, err
 	}
 
-	filters, err := keyFiltersToQueries(req.Filters)
+	filters, err := keyFiltersToQueries(req.Msg.GetFilters())
 	if err != nil {
 		return nil, err
 	}
@@ -27,7 +28,7 @@ func (s *Server) ListKeys(ctx context.Context, req *user.ListKeysRequest) (*user
 			Offset:        offset,
 			Limit:         limit,
 			Asc:           asc,
-			SortingColumn: authnKeyFieldNameToSortingColumn(req.SortingColumn),
+			SortingColumn: authnKeyFieldNameToSortingColumn(req.Msg.SortingColumn),
 		},
 		Queries: filters,
 	}
@@ -49,7 +50,7 @@ func (s *Server) ListKeys(ctx context.Context, req *user.ListKeysRequest) (*user
 			ExpirationDate: timestamppb.New(key.Expiration),
 		}
 	}
-	return resp, nil
+	return connect.NewResponse(resp), nil
 }
 
 func keyFiltersToQueries(filters []*user.KeysSearchFilter) (_ []query.SearchQuery, err error) {
diff --git a/internal/api/grpc/user/v2/machine.go b/internal/api/grpc/user/v2/machine.go
index ad02b2289e..e5126b9019 100644
--- a/internal/api/grpc/user/v2/machine.go
+++ b/internal/api/grpc/user/v2/machine.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/command"
@@ -11,7 +12,7 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) createUserTypeMachine(ctx context.Context, machinePb *user.CreateUserRequest_Machine, orgId, userName, userId string) (*user.CreateUserResponse, error) {
+func (s *Server) createUserTypeMachine(ctx context.Context, machinePb *user.CreateUserRequest_Machine, orgId, userName, userId string) (*connect.Response[user.CreateUserResponse], error) {
 	cmd := &command.Machine{
 		Username:        userName,
 		Name:            machinePb.Name,
@@ -32,21 +33,21 @@ func (s *Server) createUserTypeMachine(ctx context.Context, machinePb *user.Crea
 	if err != nil {
 		return nil, err
 	}
-	return &user.CreateUserResponse{
+	return connect.NewResponse(&user.CreateUserResponse{
 		Id:           cmd.AggregateID,
 		CreationDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) updateUserTypeMachine(ctx context.Context, machinePb *user.UpdateUserRequest_Machine, userId string, userName *string) (*user.UpdateUserResponse, error) {
+func (s *Server) updateUserTypeMachine(ctx context.Context, machinePb *user.UpdateUserRequest_Machine, userId string, userName *string) (*connect.Response[user.UpdateUserResponse], error) {
 	cmd := updateMachineUserToCommand(userId, userName, machinePb)
 	err := s.command.ChangeUserMachine(ctx, cmd)
 	if err != nil {
 		return nil, err
 	}
-	return &user.UpdateUserResponse{
+	return connect.NewResponse(&user.UpdateUserResponse{
 		ChangeDate: timestamppb.New(cmd.Details.EventDate),
-	}, nil
+	}), nil
 }
 
 func updateMachineUserToCommand(userId string, userName *string, machine *user.UpdateUserRequest_Machine) *command.ChangeMachine {
diff --git a/internal/api/grpc/user/v2/otp.go b/internal/api/grpc/user/v2/otp.go
index fd76cf2b93..2f04f438dd 100644
--- a/internal/api/grpc/user/v2/otp.go
+++ b/internal/api/grpc/user/v2/otp.go
@@ -3,39 +3,41 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) AddOTPSMS(ctx context.Context, req *user.AddOTPSMSRequest) (*user.AddOTPSMSResponse, error) {
-	details, err := s.command.AddHumanOTPSMS(ctx, req.GetUserId(), "")
+func (s *Server) AddOTPSMS(ctx context.Context, req *connect.Request[user.AddOTPSMSRequest]) (*connect.Response[user.AddOTPSMSResponse], error) {
+	details, err := s.command.AddHumanOTPSMS(ctx, req.Msg.GetUserId(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.AddOTPSMSResponse{Details: object.DomainToDetailsPb(details)}, nil
+	return connect.NewResponse(&user.AddOTPSMSResponse{Details: object.DomainToDetailsPb(details)}), nil
 }
 
-func (s *Server) RemoveOTPSMS(ctx context.Context, req *user.RemoveOTPSMSRequest) (*user.RemoveOTPSMSResponse, error) {
-	objectDetails, err := s.command.RemoveHumanOTPSMS(ctx, req.GetUserId(), "")
+func (s *Server) RemoveOTPSMS(ctx context.Context, req *connect.Request[user.RemoveOTPSMSRequest]) (*connect.Response[user.RemoveOTPSMSResponse], error) {
+	objectDetails, err := s.command.RemoveHumanOTPSMS(ctx, req.Msg.GetUserId(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemoveOTPSMSResponse{Details: object.DomainToDetailsPb(objectDetails)}, nil
+	return connect.NewResponse(&user.RemoveOTPSMSResponse{Details: object.DomainToDetailsPb(objectDetails)}), nil
 }
 
-func (s *Server) AddOTPEmail(ctx context.Context, req *user.AddOTPEmailRequest) (*user.AddOTPEmailResponse, error) {
-	details, err := s.command.AddHumanOTPEmail(ctx, req.GetUserId(), "")
+func (s *Server) AddOTPEmail(ctx context.Context, req *connect.Request[user.AddOTPEmailRequest]) (*connect.Response[user.AddOTPEmailResponse], error) {
+	details, err := s.command.AddHumanOTPEmail(ctx, req.Msg.GetUserId(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.AddOTPEmailResponse{Details: object.DomainToDetailsPb(details)}, nil
+	return connect.NewResponse(&user.AddOTPEmailResponse{Details: object.DomainToDetailsPb(details)}), nil
 
 }
 
-func (s *Server) RemoveOTPEmail(ctx context.Context, req *user.RemoveOTPEmailRequest) (*user.RemoveOTPEmailResponse, error) {
-	objectDetails, err := s.command.RemoveHumanOTPEmail(ctx, req.GetUserId(), "")
+func (s *Server) RemoveOTPEmail(ctx context.Context, req *connect.Request[user.RemoveOTPEmailRequest]) (*connect.Response[user.RemoveOTPEmailResponse], error) {
+	objectDetails, err := s.command.RemoveHumanOTPEmail(ctx, req.Msg.GetUserId(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemoveOTPEmailResponse{Details: object.DomainToDetailsPb(objectDetails)}, nil
+	return connect.NewResponse(&user.RemoveOTPEmailResponse{Details: object.DomainToDetailsPb(objectDetails)}), nil
 }
diff --git a/internal/api/grpc/user/v2/passkey.go b/internal/api/grpc/user/v2/passkey.go
index 145c1e5716..90c6d72d13 100644
--- a/internal/api/grpc/user/v2/passkey.go
+++ b/internal/api/grpc/user/v2/passkey.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/structpb"
 
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
@@ -13,17 +14,17 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) RegisterPasskey(ctx context.Context, req *user.RegisterPasskeyRequest) (resp *user.RegisterPasskeyResponse, err error) {
+func (s *Server) RegisterPasskey(ctx context.Context, req *connect.Request[user.RegisterPasskeyRequest]) (resp *connect.Response[user.RegisterPasskeyResponse], err error) {
 	var (
-		authenticator = passkeyAuthenticatorToDomain(req.GetAuthenticator())
+		authenticator = passkeyAuthenticatorToDomain(req.Msg.GetAuthenticator())
 	)
-	if code := req.GetCode(); code != nil {
+	if code := req.Msg.GetCode(); code != nil {
 		return passkeyRegistrationDetailsToPb(
-			s.command.RegisterUserPasskeyWithCode(ctx, req.GetUserId(), "", authenticator, code.Id, code.Code, req.GetDomain(), s.userCodeAlg),
+			s.command.RegisterUserPasskeyWithCode(ctx, req.Msg.GetUserId(), "", authenticator, code.Id, code.Code, req.Msg.GetDomain(), s.userCodeAlg),
 		)
 	}
 	return passkeyRegistrationDetailsToPb(
-		s.command.RegisterUserPasskey(ctx, req.GetUserId(), "", req.GetDomain(), authenticator),
+		s.command.RegisterUserPasskey(ctx, req.Msg.GetUserId(), "", req.Msg.GetDomain(), authenticator),
 	)
 }
 
@@ -51,86 +52,86 @@ func webAuthNRegistrationDetailsToPb(details *domain.WebAuthNRegistrationDetails
 	return object.DomainToDetailsPb(details.ObjectDetails), options, nil
 }
 
-func passkeyRegistrationDetailsToPb(details *domain.WebAuthNRegistrationDetails, err error) (*user.RegisterPasskeyResponse, error) {
+func passkeyRegistrationDetailsToPb(details *domain.WebAuthNRegistrationDetails, err error) (*connect.Response[user.RegisterPasskeyResponse], error) {
 	objectDetails, options, err := webAuthNRegistrationDetailsToPb(details, err)
 	if err != nil {
 		return nil, err
 	}
-	return &user.RegisterPasskeyResponse{
+	return connect.NewResponse(&user.RegisterPasskeyResponse{
 		Details:                            objectDetails,
 		PasskeyId:                          details.ID,
 		PublicKeyCredentialCreationOptions: options,
-	}, nil
+	}), nil
 }
 
-func (s *Server) VerifyPasskeyRegistration(ctx context.Context, req *user.VerifyPasskeyRegistrationRequest) (*user.VerifyPasskeyRegistrationResponse, error) {
-	pkc, err := req.GetPublicKeyCredential().MarshalJSON()
+func (s *Server) VerifyPasskeyRegistration(ctx context.Context, req *connect.Request[user.VerifyPasskeyRegistrationRequest]) (*connect.Response[user.VerifyPasskeyRegistrationResponse], error) {
+	pkc, err := req.Msg.GetPublicKeyCredential().MarshalJSON()
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "USERv2-Pha2o", "Errors.Internal")
 	}
-	objectDetails, err := s.command.HumanHumanPasswordlessSetup(ctx, req.GetUserId(), "", req.GetPasskeyName(), "", pkc)
+	objectDetails, err := s.command.HumanHumanPasswordlessSetup(ctx, req.Msg.GetUserId(), "", req.Msg.GetPasskeyName(), "", pkc)
 	if err != nil {
 		return nil, err
 	}
-	return &user.VerifyPasskeyRegistrationResponse{
+	return connect.NewResponse(&user.VerifyPasskeyRegistrationResponse{
 		Details: object.DomainToDetailsPb(objectDetails),
-	}, nil
+	}), nil
 }
 
-func (s *Server) CreatePasskeyRegistrationLink(ctx context.Context, req *user.CreatePasskeyRegistrationLinkRequest) (resp *user.CreatePasskeyRegistrationLinkResponse, err error) {
-	switch medium := req.Medium.(type) {
+func (s *Server) CreatePasskeyRegistrationLink(ctx context.Context, req *connect.Request[user.CreatePasskeyRegistrationLinkRequest]) (resp *connect.Response[user.CreatePasskeyRegistrationLinkResponse], err error) {
+	switch medium := req.Msg.Medium.(type) {
 	case nil:
 		return passkeyDetailsToPb(
-			s.command.AddUserPasskeyCode(ctx, req.GetUserId(), "", s.userCodeAlg),
+			s.command.AddUserPasskeyCode(ctx, req.Msg.GetUserId(), "", s.userCodeAlg),
 		)
 	case *user.CreatePasskeyRegistrationLinkRequest_SendLink:
 		return passkeyDetailsToPb(
-			s.command.AddUserPasskeyCodeURLTemplate(ctx, req.GetUserId(), "", s.userCodeAlg, medium.SendLink.GetUrlTemplate()),
+			s.command.AddUserPasskeyCodeURLTemplate(ctx, req.Msg.GetUserId(), "", s.userCodeAlg, medium.SendLink.GetUrlTemplate()),
 		)
 	case *user.CreatePasskeyRegistrationLinkRequest_ReturnCode:
 		return passkeyCodeDetailsToPb(
-			s.command.AddUserPasskeyCodeReturn(ctx, req.GetUserId(), "", s.userCodeAlg),
+			s.command.AddUserPasskeyCodeReturn(ctx, req.Msg.GetUserId(), "", s.userCodeAlg),
 		)
 	default:
 		return nil, zerrors.ThrowUnimplementedf(nil, "USERv2-gaD8y", "verification oneOf %T in method CreatePasskeyRegistrationLink not implemented", medium)
 	}
 }
 
-func passkeyDetailsToPb(details *domain.ObjectDetails, err error) (*user.CreatePasskeyRegistrationLinkResponse, error) {
+func passkeyDetailsToPb(details *domain.ObjectDetails, err error) (*connect.Response[user.CreatePasskeyRegistrationLinkResponse], error) {
 	if err != nil {
 		return nil, err
 	}
-	return &user.CreatePasskeyRegistrationLinkResponse{
+	return connect.NewResponse(&user.CreatePasskeyRegistrationLinkResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func passkeyCodeDetailsToPb(details *domain.PasskeyCodeDetails, err error) (*user.CreatePasskeyRegistrationLinkResponse, error) {
+func passkeyCodeDetailsToPb(details *domain.PasskeyCodeDetails, err error) (*connect.Response[user.CreatePasskeyRegistrationLinkResponse], error) {
 	if err != nil {
 		return nil, err
 	}
-	return &user.CreatePasskeyRegistrationLinkResponse{
+	return connect.NewResponse(&user.CreatePasskeyRegistrationLinkResponse{
 		Details: object.DomainToDetailsPb(details.ObjectDetails),
 		Code: &user.PasskeyRegistrationCode{
 			Id:   details.CodeID,
 			Code: details.Code,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) RemovePasskey(ctx context.Context, req *user.RemovePasskeyRequest) (*user.RemovePasskeyResponse, error) {
-	objectDetails, err := s.command.HumanRemovePasswordless(ctx, req.GetUserId(), req.GetPasskeyId(), "")
+func (s *Server) RemovePasskey(ctx context.Context, req *connect.Request[user.RemovePasskeyRequest]) (*connect.Response[user.RemovePasskeyResponse], error) {
+	objectDetails, err := s.command.HumanRemovePasswordless(ctx, req.Msg.GetUserId(), req.Msg.GetPasskeyId(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemovePasskeyResponse{
+	return connect.NewResponse(&user.RemovePasskeyResponse{
 		Details: object.DomainToDetailsPb(objectDetails),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListPasskeys(ctx context.Context, req *user.ListPasskeysRequest) (*user.ListPasskeysResponse, error) {
+func (s *Server) ListPasskeys(ctx context.Context, req *connect.Request[user.ListPasskeysRequest]) (*connect.Response[user.ListPasskeysResponse], error) {
 	query := new(query.UserAuthMethodSearchQueries)
-	err := query.AppendUserIDQuery(req.UserId)
+	err := query.AppendUserIDQuery(req.Msg.UserId)
 	if err != nil {
 		return nil, err
 	}
@@ -146,10 +147,10 @@ func (s *Server) ListPasskeys(ctx context.Context, req *user.ListPasskeysRequest
 	if err != nil {
 		return nil, err
 	}
-	return &user.ListPasskeysResponse{
+	return connect.NewResponse(&user.ListPasskeysResponse{
 		Details: object.ToListDetails(authMethods.SearchResponse),
 		Result:  authMethodsToPasskeyPb(authMethods),
-	}, nil
+	}), nil
 }
 
 func authMethodsToPasskeyPb(methods *query.AuthMethods) []*user.Passkey {
diff --git a/internal/api/grpc/user/v2/passkey_test.go b/internal/api/grpc/user/v2/passkey_test.go
index 9263012b98..6429dd7ce6 100644
--- a/internal/api/grpc/user/v2/passkey_test.go
+++ b/internal/api/grpc/user/v2/passkey_test.go
@@ -123,11 +123,11 @@ func Test_passkeyRegistrationDetailsToPb(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := passkeyRegistrationDetailsToPb(tt.args.details, tt.args.err)
 			require.ErrorIs(t, err, tt.wantErr)
-			if !proto.Equal(tt.want, got) {
+			if tt.want != nil && !proto.Equal(tt.want, got.Msg) {
 				t.Errorf("Not equal:\nExpected\n%s\nActual:%s", tt.want, got)
 			}
 			if tt.want != nil {
-				grpc.AllFieldsSet(t, got.ProtoReflect())
+				grpc.AllFieldsSet(t, got.Msg.ProtoReflect())
 			}
 		})
 	}
@@ -181,7 +181,9 @@ func Test_passkeyDetailsToPb(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := passkeyDetailsToPb(tt.args.details, tt.args.err)
 			require.ErrorIs(t, err, tt.args.err)
-			assert.Equal(t, tt.want, got)
+			if tt.want != nil {
+				assert.Equal(t, tt.want, got.Msg)
+			}
 		})
 	}
 }
@@ -242,9 +244,9 @@ func Test_passkeyCodeDetailsToPb(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := passkeyCodeDetailsToPb(tt.args.details, tt.args.err)
 			require.ErrorIs(t, err, tt.args.err)
-			assert.Equal(t, tt.want, got)
 			if tt.want != nil {
-				grpc.AllFieldsSet(t, got.ProtoReflect())
+				assert.Equal(t, tt.want, got.Msg)
+				grpc.AllFieldsSet(t, got.Msg.ProtoReflect())
 			}
 		})
 	}
diff --git a/internal/api/grpc/user/v2/password.go b/internal/api/grpc/user/v2/password.go
index 55cf225c4b..a256a00355 100644
--- a/internal/api/grpc/user/v2/password.go
+++ b/internal/api/grpc/user/v2/password.go
@@ -3,23 +3,25 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) PasswordReset(ctx context.Context, req *user.PasswordResetRequest) (_ *user.PasswordResetResponse, err error) {
+func (s *Server) PasswordReset(ctx context.Context, req *connect.Request[user.PasswordResetRequest]) (_ *connect.Response[user.PasswordResetResponse], err error) {
 	var details *domain.ObjectDetails
 	var code *string
 
-	switch m := req.GetMedium().(type) {
+	switch m := req.Msg.GetMedium().(type) {
 	case *user.PasswordResetRequest_SendLink:
-		details, code, err = s.command.RequestPasswordResetURLTemplate(ctx, req.GetUserId(), m.SendLink.GetUrlTemplate(), notificationTypeToDomain(m.SendLink.GetNotificationType()))
+		details, code, err = s.command.RequestPasswordResetURLTemplate(ctx, req.Msg.GetUserId(), m.SendLink.GetUrlTemplate(), notificationTypeToDomain(m.SendLink.GetNotificationType()))
 	case *user.PasswordResetRequest_ReturnCode:
-		details, code, err = s.command.RequestPasswordResetReturnCode(ctx, req.GetUserId())
+		details, code, err = s.command.RequestPasswordResetReturnCode(ctx, req.Msg.GetUserId())
 	case nil:
-		details, code, err = s.command.RequestPasswordReset(ctx, req.GetUserId())
+		details, code, err = s.command.RequestPasswordReset(ctx, req.Msg.GetUserId())
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-SDeeg", "verification oneOf %T in method RequestPasswordReset not implemented", m)
 	}
@@ -27,10 +29,10 @@ func (s *Server) PasswordReset(ctx context.Context, req *user.PasswordResetReque
 		return nil, err
 	}
 
-	return &user.PasswordResetResponse{
+	return connect.NewResponse(&user.PasswordResetResponse{
 		Details:          object.DomainToDetailsPb(details),
 		VerificationCode: code,
-	}, nil
+	}), nil
 }
 
 func notificationTypeToDomain(notificationType user.NotificationType) domain.NotificationType {
@@ -46,16 +48,16 @@ func notificationTypeToDomain(notificationType user.NotificationType) domain.Not
 	}
 }
 
-func (s *Server) SetPassword(ctx context.Context, req *user.SetPasswordRequest) (_ *user.SetPasswordResponse, err error) {
+func (s *Server) SetPassword(ctx context.Context, req *connect.Request[user.SetPasswordRequest]) (_ *connect.Response[user.SetPasswordResponse], err error) {
 	var details *domain.ObjectDetails
 
-	switch v := req.GetVerification().(type) {
+	switch v := req.Msg.GetVerification().(type) {
 	case *user.SetPasswordRequest_CurrentPassword:
-		details, err = s.command.ChangePassword(ctx, "", req.GetUserId(), v.CurrentPassword, req.GetNewPassword().GetPassword(), "", req.GetNewPassword().GetChangeRequired())
+		details, err = s.command.ChangePassword(ctx, "", req.Msg.GetUserId(), v.CurrentPassword, req.Msg.GetNewPassword().GetPassword(), "", req.Msg.GetNewPassword().GetChangeRequired())
 	case *user.SetPasswordRequest_VerificationCode:
-		details, err = s.command.SetPasswordWithVerifyCode(ctx, "", req.GetUserId(), v.VerificationCode, req.GetNewPassword().GetPassword(), "", req.GetNewPassword().GetChangeRequired())
+		details, err = s.command.SetPasswordWithVerifyCode(ctx, "", req.Msg.GetUserId(), v.VerificationCode, req.Msg.GetNewPassword().GetPassword(), "", req.Msg.GetNewPassword().GetChangeRequired())
 	case nil:
-		details, err = s.command.SetPassword(ctx, "", req.GetUserId(), req.GetNewPassword().GetPassword(), req.GetNewPassword().GetChangeRequired())
+		details, err = s.command.SetPassword(ctx, "", req.Msg.GetUserId(), req.Msg.GetNewPassword().GetPassword(), req.Msg.GetNewPassword().GetChangeRequired())
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-SFdf2", "verification oneOf %T in method SetPasswordRequest not implemented", v)
 	}
@@ -63,7 +65,7 @@ func (s *Server) SetPassword(ctx context.Context, req *user.SetPasswordRequest)
 		return nil, err
 	}
 
-	return &user.SetPasswordResponse{
+	return connect.NewResponse(&user.SetPasswordResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2/pat.go b/internal/api/grpc/user/v2/pat.go
index 54f6e99367..0c90eeaebd 100644
--- a/internal/api/grpc/user/v2/pat.go
+++ b/internal/api/grpc/user/v2/pat.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"github.com/zitadel/oidc/v3/pkg/oidc"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
@@ -13,13 +14,13 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) AddPersonalAccessToken(ctx context.Context, req *user.AddPersonalAccessTokenRequest) (*user.AddPersonalAccessTokenResponse, error) {
+func (s *Server) AddPersonalAccessToken(ctx context.Context, req *connect.Request[user.AddPersonalAccessTokenRequest]) (*connect.Response[user.AddPersonalAccessTokenResponse], error) {
 	newPat := &command.PersonalAccessToken{
 		ObjectRoot: models.ObjectRoot{
-			AggregateID: req.UserId,
+			AggregateID: req.Msg.GetUserId(),
 		},
 		PermissionCheck: s.command.NewPermissionCheckUserWrite(ctx),
-		ExpirationDate:  req.ExpirationDate.AsTime(),
+		ExpirationDate:  req.Msg.GetExpirationDate().AsTime(),
 		Scopes: []string{
 			oidc.ScopeOpenID,
 			oidc.ScopeProfile,
@@ -32,25 +33,25 @@ func (s *Server) AddPersonalAccessToken(ctx context.Context, req *user.AddPerson
 	if err != nil {
 		return nil, err
 	}
-	return &user.AddPersonalAccessTokenResponse{
+	return connect.NewResponse(&user.AddPersonalAccessTokenResponse{
 		CreationDate: timestamppb.New(details.EventDate),
 		TokenId:      newPat.TokenID,
 		Token:        newPat.Token,
-	}, nil
+	}), nil
 }
 
-func (s *Server) RemovePersonalAccessToken(ctx context.Context, req *user.RemovePersonalAccessTokenRequest) (*user.RemovePersonalAccessTokenResponse, error) {
+func (s *Server) RemovePersonalAccessToken(ctx context.Context, req *connect.Request[user.RemovePersonalAccessTokenRequest]) (*connect.Response[user.RemovePersonalAccessTokenResponse], error) {
 	objectDetails, err := s.command.RemovePersonalAccessToken(ctx, &command.PersonalAccessToken{
-		TokenID: req.TokenId,
+		TokenID: req.Msg.GetTokenId(),
 		ObjectRoot: models.ObjectRoot{
-			AggregateID: req.UserId,
+			AggregateID: req.Msg.GetUserId(),
 		},
 		PermissionCheck: s.command.NewPermissionCheckUserWrite(ctx),
 	})
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemovePersonalAccessTokenResponse{
+	return connect.NewResponse(&user.RemovePersonalAccessTokenResponse{
 		DeletionDate: timestamppb.New(objectDetails.EventDate),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2/pat_query.go b/internal/api/grpc/user/v2/pat_query.go
index 6bbd44d511..64231c1d93 100644
--- a/internal/api/grpc/user/v2/pat_query.go
+++ b/internal/api/grpc/user/v2/pat_query.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/api/grpc/filter/v2"
@@ -12,12 +13,12 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) ListPersonalAccessTokens(ctx context.Context, req *user.ListPersonalAccessTokensRequest) (*user.ListPersonalAccessTokensResponse, error) {
-	offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
+func (s *Server) ListPersonalAccessTokens(ctx context.Context, req *connect.Request[user.ListPersonalAccessTokensRequest]) (*connect.Response[user.ListPersonalAccessTokensResponse], error) {
+	offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Msg.GetPagination())
 	if err != nil {
 		return nil, err
 	}
-	filters, err := patFiltersToQueries(req.Filters)
+	filters, err := patFiltersToQueries(req.Msg.GetFilters())
 	if err != nil {
 		return nil, err
 	}
@@ -26,7 +27,7 @@ func (s *Server) ListPersonalAccessTokens(ctx context.Context, req *user.ListPer
 			Offset:        offset,
 			Limit:         limit,
 			Asc:           asc,
-			SortingColumn: authnPersonalAccessTokenFieldNameToSortingColumn(req.SortingColumn),
+			SortingColumn: authnPersonalAccessTokenFieldNameToSortingColumn(req.Msg.SortingColumn),
 		},
 		Queries: filters,
 	}
@@ -48,7 +49,7 @@ func (s *Server) ListPersonalAccessTokens(ctx context.Context, req *user.ListPer
 			ExpirationDate: timestamppb.New(pat.Expiration),
 		}
 	}
-	return resp, nil
+	return connect.NewResponse(resp), nil
 }
 
 func patFiltersToQueries(filters []*user.PersonalAccessTokensSearchFilter) (_ []query.SearchQuery, err error) {
diff --git a/internal/api/grpc/user/v2/phone.go b/internal/api/grpc/user/v2/phone.go
index fdd5a140c1..4be616f7ea 100644
--- a/internal/api/grpc/user/v2/phone.go
+++ b/internal/api/grpc/user/v2/phone.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/domain"
@@ -11,18 +12,18 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) SetPhone(ctx context.Context, req *user.SetPhoneRequest) (resp *user.SetPhoneResponse, err error) {
+func (s *Server) SetPhone(ctx context.Context, req *connect.Request[user.SetPhoneRequest]) (resp *connect.Response[user.SetPhoneResponse], err error) {
 	var phone *domain.Phone
 
-	switch v := req.GetVerification().(type) {
+	switch v := req.Msg.GetVerification().(type) {
 	case *user.SetPhoneRequest_SendCode:
-		phone, err = s.command.ChangeUserPhone(ctx, req.GetUserId(), req.GetPhone(), s.userCodeAlg)
+		phone, err = s.command.ChangeUserPhone(ctx, req.Msg.GetUserId(), req.Msg.GetPhone(), s.userCodeAlg)
 	case *user.SetPhoneRequest_ReturnCode:
-		phone, err = s.command.ChangeUserPhoneReturnCode(ctx, req.GetUserId(), req.GetPhone(), s.userCodeAlg)
+		phone, err = s.command.ChangeUserPhoneReturnCode(ctx, req.Msg.GetUserId(), req.Msg.GetPhone(), s.userCodeAlg)
 	case *user.SetPhoneRequest_IsVerified:
-		phone, err = s.command.ChangeUserPhoneVerified(ctx, req.GetUserId(), req.GetPhone())
+		phone, err = s.command.ChangeUserPhoneVerified(ctx, req.Msg.GetUserId(), req.Msg.GetPhone())
 	case nil:
-		phone, err = s.command.ChangeUserPhone(ctx, req.GetUserId(), req.GetPhone(), s.userCodeAlg)
+		phone, err = s.command.ChangeUserPhone(ctx, req.Msg.GetUserId(), req.Msg.GetPhone(), s.userCodeAlg)
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-Ahng0", "verification oneOf %T in method SetPhone not implemented", v)
 	}
@@ -30,42 +31,42 @@ func (s *Server) SetPhone(ctx context.Context, req *user.SetPhoneRequest) (resp
 		return nil, err
 	}
 
-	return &user.SetPhoneResponse{
+	return connect.NewResponse(&user.SetPhoneResponse{
 		Details: &object.Details{
 			Sequence:      phone.Sequence,
 			ChangeDate:    timestamppb.New(phone.ChangeDate),
 			ResourceOwner: phone.ResourceOwner,
 		},
 		VerificationCode: phone.PlainCode,
-	}, nil
+	}), nil
 }
 
-func (s *Server) RemovePhone(ctx context.Context, req *user.RemovePhoneRequest) (resp *user.RemovePhoneResponse, err error) {
+func (s *Server) RemovePhone(ctx context.Context, req *connect.Request[user.RemovePhoneRequest]) (resp *connect.Response[user.RemovePhoneResponse], err error) {
 	details, err := s.command.RemoveUserPhone(ctx,
-		req.GetUserId(),
+		req.Msg.GetUserId(),
 	)
 	if err != nil {
 		return nil, err
 	}
 
-	return &user.RemovePhoneResponse{
+	return connect.NewResponse(&user.RemovePhoneResponse{
 		Details: &object.Details{
 			Sequence:      details.Sequence,
 			ChangeDate:    timestamppb.New(details.EventDate),
 			ResourceOwner: details.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) ResendPhoneCode(ctx context.Context, req *user.ResendPhoneCodeRequest) (resp *user.ResendPhoneCodeResponse, err error) {
+func (s *Server) ResendPhoneCode(ctx context.Context, req *connect.Request[user.ResendPhoneCodeRequest]) (resp *connect.Response[user.ResendPhoneCodeResponse], err error) {
 	var phone *domain.Phone
-	switch v := req.GetVerification().(type) {
+	switch v := req.Msg.GetVerification().(type) {
 	case *user.ResendPhoneCodeRequest_SendCode:
-		phone, err = s.command.ResendUserPhoneCode(ctx, req.GetUserId(), s.userCodeAlg)
+		phone, err = s.command.ResendUserPhoneCode(ctx, req.Msg.GetUserId(), s.userCodeAlg)
 	case *user.ResendPhoneCodeRequest_ReturnCode:
-		phone, err = s.command.ResendUserPhoneCodeReturnCode(ctx, req.GetUserId(), s.userCodeAlg)
+		phone, err = s.command.ResendUserPhoneCodeReturnCode(ctx, req.Msg.GetUserId(), s.userCodeAlg)
 	case nil:
-		phone, err = s.command.ResendUserPhoneCode(ctx, req.GetUserId(), s.userCodeAlg)
+		phone, err = s.command.ResendUserPhoneCode(ctx, req.Msg.GetUserId(), s.userCodeAlg)
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-ResendUserPhoneCode", "verification oneOf %T in method SetPhone not implemented", v)
 	}
@@ -73,30 +74,30 @@ func (s *Server) ResendPhoneCode(ctx context.Context, req *user.ResendPhoneCodeR
 		return nil, err
 	}
 
-	return &user.ResendPhoneCodeResponse{
+	return connect.NewResponse(&user.ResendPhoneCodeResponse{
 		Details: &object.Details{
 			Sequence:      phone.Sequence,
 			ChangeDate:    timestamppb.New(phone.ChangeDate),
 			ResourceOwner: phone.ResourceOwner,
 		},
 		VerificationCode: phone.PlainCode,
-	}, nil
+	}), nil
 }
 
-func (s *Server) VerifyPhone(ctx context.Context, req *user.VerifyPhoneRequest) (*user.VerifyPhoneResponse, error) {
+func (s *Server) VerifyPhone(ctx context.Context, req *connect.Request[user.VerifyPhoneRequest]) (*connect.Response[user.VerifyPhoneResponse], error) {
 	details, err := s.command.VerifyUserPhone(ctx,
-		req.GetUserId(),
-		req.GetVerificationCode(),
+		req.Msg.GetUserId(),
+		req.Msg.GetVerificationCode(),
 		s.userCodeAlg,
 	)
 	if err != nil {
 		return nil, err
 	}
-	return &user.VerifyPhoneResponse{
+	return connect.NewResponse(&user.VerifyPhoneResponse{
 		Details: &object.Details{
 			Sequence:      details.Sequence,
 			ChangeDate:    timestamppb.New(details.EventDate),
 			ResourceOwner: details.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2/secret.go b/internal/api/grpc/user/v2/secret.go
index 1d54e1dde8..acc7aef8cb 100644
--- a/internal/api/grpc/user/v2/secret.go
+++ b/internal/api/grpc/user/v2/secret.go
@@ -3,37 +3,38 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) AddSecret(ctx context.Context, req *user.AddSecretRequest) (*user.AddSecretResponse, error) {
+func (s *Server) AddSecret(ctx context.Context, req *connect.Request[user.AddSecretRequest]) (*connect.Response[user.AddSecretResponse], error) {
 	newSecret := &command.GenerateMachineSecret{
 		PermissionCheck: s.command.NewPermissionCheckUserWrite(ctx),
 	}
-	details, err := s.command.GenerateMachineSecret(ctx, req.UserId, "", newSecret)
+	details, err := s.command.GenerateMachineSecret(ctx, req.Msg.GetUserId(), "", newSecret)
 	if err != nil {
 		return nil, err
 	}
-	return &user.AddSecretResponse{
+	return connect.NewResponse(&user.AddSecretResponse{
 		CreationDate: timestamppb.New(details.EventDate),
 		ClientSecret: newSecret.ClientSecret,
-	}, nil
+	}), nil
 }
 
-func (s *Server) RemoveSecret(ctx context.Context, req *user.RemoveSecretRequest) (*user.RemoveSecretResponse, error) {
+func (s *Server) RemoveSecret(ctx context.Context, req *connect.Request[user.RemoveSecretRequest]) (*connect.Response[user.RemoveSecretResponse], error) {
 	details, err := s.command.RemoveMachineSecret(
 		ctx,
-		req.UserId,
+		req.Msg.GetUserId(),
 		"",
 		s.command.NewPermissionCheckUserWrite(ctx),
 	)
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemoveSecretResponse{
+	return connect.NewResponse(&user.RemoveSecretResponse{
 		DeletionDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2/server.go b/internal/api/grpc/user/v2/server.go
index e3c7e8011e..1f94906853 100644
--- a/internal/api/grpc/user/v2/server.go
+++ b/internal/api/grpc/user/v2/server.go
@@ -2,8 +2,10 @@ package user
 
 import (
 	"context"
+	"net/http"
 
-	"google.golang.org/grpc"
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
@@ -13,12 +15,12 @@ import (
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2/userconnect"
 )
 
-var _ user.UserServiceServer = (*Server)(nil)
+var _ userconnect.UserServiceHandler = (*Server)(nil)
 
 type Server struct {
-	user.UnimplementedUserServiceServer
 	systemDefaults systemdefaults.SystemDefaults
 	command        *command.Commands
 	query          *query.Queries
@@ -58,8 +60,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	user.RegisterUserServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return userconnect.NewUserServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return user.File_zitadel_user_v2_user_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/user/v2/totp.go b/internal/api/grpc/user/v2/totp.go
index 9e2d028d72..51b615dac5 100644
--- a/internal/api/grpc/user/v2/totp.go
+++ b/internal/api/grpc/user/v2/totp.go
@@ -3,42 +3,44 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) RegisterTOTP(ctx context.Context, req *user.RegisterTOTPRequest) (*user.RegisterTOTPResponse, error) {
+func (s *Server) RegisterTOTP(ctx context.Context, req *connect.Request[user.RegisterTOTPRequest]) (*connect.Response[user.RegisterTOTPResponse], error) {
 	return totpDetailsToPb(
-		s.command.AddUserTOTP(ctx, req.GetUserId(), ""),
+		s.command.AddUserTOTP(ctx, req.Msg.GetUserId(), ""),
 	)
 }
 
-func totpDetailsToPb(totp *domain.TOTP, err error) (*user.RegisterTOTPResponse, error) {
+func totpDetailsToPb(totp *domain.TOTP, err error) (*connect.Response[user.RegisterTOTPResponse], error) {
 	if err != nil {
 		return nil, err
 	}
-	return &user.RegisterTOTPResponse{
+	return connect.NewResponse(&user.RegisterTOTPResponse{
 		Details: object.DomainToDetailsPb(totp.ObjectDetails),
 		Uri:     totp.URI,
 		Secret:  totp.Secret,
-	}, nil
+	}), nil
 }
 
-func (s *Server) VerifyTOTPRegistration(ctx context.Context, req *user.VerifyTOTPRegistrationRequest) (*user.VerifyTOTPRegistrationResponse, error) {
-	objectDetails, err := s.command.CheckUserTOTP(ctx, req.GetUserId(), req.GetCode(), "")
+func (s *Server) VerifyTOTPRegistration(ctx context.Context, req *connect.Request[user.VerifyTOTPRegistrationRequest]) (*connect.Response[user.VerifyTOTPRegistrationResponse], error) {
+	objectDetails, err := s.command.CheckUserTOTP(ctx, req.Msg.GetUserId(), req.Msg.GetCode(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.VerifyTOTPRegistrationResponse{
+	return connect.NewResponse(&user.VerifyTOTPRegistrationResponse{
 		Details: object.DomainToDetailsPb(objectDetails),
-	}, nil
+	}), nil
 }
 
-func (s *Server) RemoveTOTP(ctx context.Context, req *user.RemoveTOTPRequest) (*user.RemoveTOTPResponse, error) {
-	objectDetails, err := s.command.HumanRemoveTOTP(ctx, req.GetUserId(), "")
+func (s *Server) RemoveTOTP(ctx context.Context, req *connect.Request[user.RemoveTOTPRequest]) (*connect.Response[user.RemoveTOTPResponse], error) {
+	objectDetails, err := s.command.HumanRemoveTOTP(ctx, req.Msg.GetUserId(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemoveTOTPResponse{Details: object.DomainToDetailsPb(objectDetails)}, nil
+	return connect.NewResponse(&user.RemoveTOTPResponse{Details: object.DomainToDetailsPb(objectDetails)}), nil
 }
diff --git a/internal/api/grpc/user/v2/totp_test.go b/internal/api/grpc/user/v2/totp_test.go
index 27ce6fb469..259f5ab5c6 100644
--- a/internal/api/grpc/user/v2/totp_test.go
+++ b/internal/api/grpc/user/v2/totp_test.go
@@ -63,7 +63,7 @@ func Test_totpDetailsToPb(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := totpDetailsToPb(tt.args.otp, tt.args.err)
 			require.ErrorIs(t, err, tt.wantErr)
-			if !proto.Equal(tt.want, got) {
+			if tt.want != nil && !proto.Equal(tt.want, got.Msg) {
 				t.Errorf("RegisterTOTPResponse =\n%v\nwant\n%v", got, tt.want)
 			}
 		})
diff --git a/internal/api/grpc/user/v2/u2f.go b/internal/api/grpc/user/v2/u2f.go
index 60c0f5ab07..bd12ea0dac 100644
--- a/internal/api/grpc/user/v2/u2f.go
+++ b/internal/api/grpc/user/v2/u2f.go
@@ -3,50 +3,52 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) RegisterU2F(ctx context.Context, req *user.RegisterU2FRequest) (*user.RegisterU2FResponse, error) {
+func (s *Server) RegisterU2F(ctx context.Context, req *connect.Request[user.RegisterU2FRequest]) (*connect.Response[user.RegisterU2FResponse], error) {
 	return u2fRegistrationDetailsToPb(
-		s.command.RegisterUserU2F(ctx, req.GetUserId(), "", req.GetDomain()),
+		s.command.RegisterUserU2F(ctx, req.Msg.GetUserId(), "", req.Msg.GetDomain()),
 	)
 }
 
-func u2fRegistrationDetailsToPb(details *domain.WebAuthNRegistrationDetails, err error) (*user.RegisterU2FResponse, error) {
+func u2fRegistrationDetailsToPb(details *domain.WebAuthNRegistrationDetails, err error) (*connect.Response[user.RegisterU2FResponse], error) {
 	objectDetails, options, err := webAuthNRegistrationDetailsToPb(details, err)
 	if err != nil {
 		return nil, err
 	}
-	return &user.RegisterU2FResponse{
+	return connect.NewResponse(&user.RegisterU2FResponse{
 		Details:                            objectDetails,
 		U2FId:                              details.ID,
 		PublicKeyCredentialCreationOptions: options,
-	}, nil
+	}), nil
 }
 
-func (s *Server) VerifyU2FRegistration(ctx context.Context, req *user.VerifyU2FRegistrationRequest) (*user.VerifyU2FRegistrationResponse, error) {
-	pkc, err := req.GetPublicKeyCredential().MarshalJSON()
+func (s *Server) VerifyU2FRegistration(ctx context.Context, req *connect.Request[user.VerifyU2FRegistrationRequest]) (*connect.Response[user.VerifyU2FRegistrationResponse], error) {
+	pkc, err := req.Msg.GetPublicKeyCredential().MarshalJSON()
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "USERv2-IeTh4", "Errors.Internal")
 	}
-	objectDetails, err := s.command.HumanVerifyU2FSetup(ctx, req.GetUserId(), "", req.GetTokenName(), "", pkc)
+	objectDetails, err := s.command.HumanVerifyU2FSetup(ctx, req.Msg.GetUserId(), "", req.Msg.GetTokenName(), "", pkc)
 	if err != nil {
 		return nil, err
 	}
-	return &user.VerifyU2FRegistrationResponse{
+	return connect.NewResponse(&user.VerifyU2FRegistrationResponse{
 		Details: object.DomainToDetailsPb(objectDetails),
-	}, nil
+	}), nil
 }
 
-func (s *Server) RemoveU2F(ctx context.Context, req *user.RemoveU2FRequest) (*user.RemoveU2FResponse, error) {
-	objectDetails, err := s.command.HumanRemoveU2F(ctx, req.GetUserId(), req.GetU2FId(), "")
+func (s *Server) RemoveU2F(ctx context.Context, req *connect.Request[user.RemoveU2FRequest]) (*connect.Response[user.RemoveU2FResponse], error) {
+	objectDetails, err := s.command.HumanRemoveU2F(ctx, req.Msg.GetUserId(), req.Msg.GetU2FId(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemoveU2FResponse{
+	return connect.NewResponse(&user.RemoveU2FResponse{
 		Details: object.DomainToDetailsPb(objectDetails),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2/u2f_test.go b/internal/api/grpc/user/v2/u2f_test.go
index fae3ba1cdb..f6798a6f89 100644
--- a/internal/api/grpc/user/v2/u2f_test.go
+++ b/internal/api/grpc/user/v2/u2f_test.go
@@ -92,11 +92,11 @@ func Test_u2fRegistrationDetailsToPb(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := u2fRegistrationDetailsToPb(tt.args.details, tt.args.err)
 			require.ErrorIs(t, err, tt.wantErr)
-			if !proto.Equal(tt.want, got) {
+			if tt.want != nil && !proto.Equal(tt.want, got.Msg) {
 				t.Errorf("Not equal:\nExpected\n%s\nActual:%s", tt.want, got)
 			}
 			if tt.want != nil {
-				grpc.AllFieldsSet(t, got.ProtoReflect())
+				grpc.AllFieldsSet(t, got.Msg.ProtoReflect())
 			}
 		})
 	}
diff --git a/internal/api/grpc/user/v2/user.go b/internal/api/grpc/user/v2/user.go
index 6b4b2da75b..95c2883195 100644
--- a/internal/api/grpc/user/v2/user.go
+++ b/internal/api/grpc/user/v2/user.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"io"
 
+	"connectrpc.com/connect"
 	"golang.org/x/text/language"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -15,8 +16,8 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) AddHumanUser(ctx context.Context, req *user.AddHumanUserRequest) (_ *user.AddHumanUserResponse, err error) {
-	human, err := AddUserRequestToAddHuman(req)
+func (s *Server) AddHumanUser(ctx context.Context, req *connect.Request[user.AddHumanUserRequest]) (_ *connect.Response[user.AddHumanUserResponse], err error) {
+	human, err := AddUserRequestToAddHuman(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -24,12 +25,12 @@ func (s *Server) AddHumanUser(ctx context.Context, req *user.AddHumanUserRequest
 	if err = s.command.AddUserHuman(ctx, orgID, human, false, s.userCodeAlg); err != nil {
 		return nil, err
 	}
-	return &user.AddHumanUserResponse{
+	return connect.NewResponse(&user.AddHumanUserResponse{
 		UserId:    human.ID,
 		Details:   object.DomainToDetailsPb(human.Details),
 		EmailCode: human.EmailCode,
 		PhoneCode: human.PhoneCode,
-	}, nil
+	}), nil
 }
 
 func AddUserRequestToAddHuman(req *user.AddHumanUserRequest) (*command.AddHuman, error) {
@@ -117,8 +118,8 @@ func genderToDomain(gender user.Gender) domain.Gender {
 	}
 }
 
-func (s *Server) UpdateHumanUser(ctx context.Context, req *user.UpdateHumanUserRequest) (_ *user.UpdateHumanUserResponse, err error) {
-	human, err := updateHumanUserRequestToChangeHuman(req)
+func (s *Server) UpdateHumanUser(ctx context.Context, req *connect.Request[user.UpdateHumanUserRequest]) (_ *connect.Response[user.UpdateHumanUserResponse], err error) {
+	human, err := updateHumanUserRequestToChangeHuman(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -126,51 +127,51 @@ func (s *Server) UpdateHumanUser(ctx context.Context, req *user.UpdateHumanUserR
 	if err != nil {
 		return nil, err
 	}
-	return &user.UpdateHumanUserResponse{
+	return connect.NewResponse(&user.UpdateHumanUserResponse{
 		Details:   object.DomainToDetailsPb(human.Details),
 		EmailCode: human.EmailCode,
 		PhoneCode: human.PhoneCode,
-	}, nil
+	}), nil
 }
 
-func (s *Server) LockUser(ctx context.Context, req *user.LockUserRequest) (_ *user.LockUserResponse, err error) {
-	details, err := s.command.LockUserV2(ctx, req.UserId)
+func (s *Server) LockUser(ctx context.Context, req *connect.Request[user.LockUserRequest]) (_ *connect.Response[user.LockUserResponse], err error) {
+	details, err := s.command.LockUserV2(ctx, req.Msg.GetUserId())
 	if err != nil {
 		return nil, err
 	}
-	return &user.LockUserResponse{
+	return connect.NewResponse(&user.LockUserResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) UnlockUser(ctx context.Context, req *user.UnlockUserRequest) (_ *user.UnlockUserResponse, err error) {
-	details, err := s.command.UnlockUserV2(ctx, req.UserId)
+func (s *Server) UnlockUser(ctx context.Context, req *connect.Request[user.UnlockUserRequest]) (_ *connect.Response[user.UnlockUserResponse], err error) {
+	details, err := s.command.UnlockUserV2(ctx, req.Msg.GetUserId())
 	if err != nil {
 		return nil, err
 	}
-	return &user.UnlockUserResponse{
+	return connect.NewResponse(&user.UnlockUserResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeactivateUser(ctx context.Context, req *user.DeactivateUserRequest) (_ *user.DeactivateUserResponse, err error) {
-	details, err := s.command.DeactivateUserV2(ctx, req.UserId)
+func (s *Server) DeactivateUser(ctx context.Context, req *connect.Request[user.DeactivateUserRequest]) (_ *connect.Response[user.DeactivateUserResponse], err error) {
+	details, err := s.command.DeactivateUserV2(ctx, req.Msg.GetUserId())
 	if err != nil {
 		return nil, err
 	}
-	return &user.DeactivateUserResponse{
+	return connect.NewResponse(&user.DeactivateUserResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ReactivateUser(ctx context.Context, req *user.ReactivateUserRequest) (_ *user.ReactivateUserResponse, err error) {
-	details, err := s.command.ReactivateUserV2(ctx, req.UserId)
+func (s *Server) ReactivateUser(ctx context.Context, req *connect.Request[user.ReactivateUserRequest]) (_ *connect.Response[user.ReactivateUserResponse], err error) {
+	details, err := s.command.ReactivateUserV2(ctx, req.Msg.GetUserId())
 	if err != nil {
 		return nil, err
 	}
-	return &user.ReactivateUserResponse{
+	return connect.NewResponse(&user.ReactivateUserResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
 func ifNotNilPtr[v, p any](value *v, conv func(v) p) *p {
@@ -182,18 +183,18 @@ func ifNotNilPtr[v, p any](value *v, conv func(v) p) *p {
 	return &pVal
 }
 
-func (s *Server) DeleteUser(ctx context.Context, req *user.DeleteUserRequest) (_ *user.DeleteUserResponse, err error) {
-	memberships, grants, err := s.removeUserDependencies(ctx, req.GetUserId())
+func (s *Server) DeleteUser(ctx context.Context, req *connect.Request[user.DeleteUserRequest]) (_ *connect.Response[user.DeleteUserResponse], err error) {
+	memberships, grants, err := s.removeUserDependencies(ctx, req.Msg.GetUserId())
 	if err != nil {
 		return nil, err
 	}
-	details, err := s.command.RemoveUserV2(ctx, req.UserId, "", memberships, grants...)
+	details, err := s.command.RemoveUserV2(ctx, req.Msg.GetUserId(), "", memberships, grants...)
 	if err != nil {
 		return nil, err
 	}
-	return &user.DeleteUserResponse{
+	return connect.NewResponse(&user.DeleteUserResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
 func (s *Server) removeUserDependencies(ctx context.Context, userID string) ([]*command.CascadingMembership, []string, error) {
@@ -268,35 +269,35 @@ func userGrantsToIDs(userGrants []*query.UserGrant) []string {
 	return converted
 }
 
-func (s *Server) ListAuthenticationMethodTypes(ctx context.Context, req *user.ListAuthenticationMethodTypesRequest) (*user.ListAuthenticationMethodTypesResponse, error) {
-	authMethods, err := s.query.ListUserAuthMethodTypes(ctx, req.GetUserId(), true, req.GetDomainQuery().GetIncludeWithoutDomain(), req.GetDomainQuery().GetDomain())
+func (s *Server) ListAuthenticationMethodTypes(ctx context.Context, req *connect.Request[user.ListAuthenticationMethodTypesRequest]) (*connect.Response[user.ListAuthenticationMethodTypesResponse], error) {
+	authMethods, err := s.query.ListUserAuthMethodTypes(ctx, req.Msg.GetUserId(), true, req.Msg.GetDomainQuery().GetIncludeWithoutDomain(), req.Msg.GetDomainQuery().GetDomain())
 	if err != nil {
 		return nil, err
 	}
-	return &user.ListAuthenticationMethodTypesResponse{
+	return connect.NewResponse(&user.ListAuthenticationMethodTypesResponse{
 		Details:         object.ToListDetails(authMethods.SearchResponse),
 		AuthMethodTypes: authMethodTypesToPb(authMethods.AuthMethodTypes),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListAuthenticationFactors(ctx context.Context, req *user.ListAuthenticationFactorsRequest) (*user.ListAuthenticationFactorsResponse, error) {
+func (s *Server) ListAuthenticationFactors(ctx context.Context, req *connect.Request[user.ListAuthenticationFactorsRequest]) (*connect.Response[user.ListAuthenticationFactorsResponse], error) {
 	query := new(query.UserAuthMethodSearchQueries)
 
-	if err := query.AppendUserIDQuery(req.UserId); err != nil {
+	if err := query.AppendUserIDQuery(req.Msg.GetUserId()); err != nil {
 		return nil, err
 	}
 
 	authMethodsType := []domain.UserAuthMethodType{domain.UserAuthMethodTypeU2F, domain.UserAuthMethodTypeTOTP, domain.UserAuthMethodTypeOTPSMS, domain.UserAuthMethodTypeOTPEmail}
-	if len(req.GetAuthFactors()) > 0 {
-		authMethodsType = object.AuthFactorsToPb(req.GetAuthFactors())
+	if len(req.Msg.GetAuthFactors()) > 0 {
+		authMethodsType = object.AuthFactorsToPb(req.Msg.GetAuthFactors())
 	}
 	if err := query.AppendAuthMethodsQuery(authMethodsType...); err != nil {
 		return nil, err
 	}
 
 	states := []domain.MFAState{domain.MFAStateReady}
-	if len(req.GetStates()) > 0 {
-		states = object.AuthFactorStatesToPb(req.GetStates())
+	if len(req.Msg.GetStates()) > 0 {
+		states = object.AuthFactorStatesToPb(req.Msg.GetStates())
 	}
 	if err := query.AppendStatesQuery(states...); err != nil {
 		return nil, err
@@ -307,9 +308,9 @@ func (s *Server) ListAuthenticationFactors(ctx context.Context, req *user.ListAu
 		return nil, err
 	}
 
-	return &user.ListAuthenticationFactorsResponse{
+	return connect.NewResponse(&user.ListAuthenticationFactorsResponse{
 		Result: object.AuthMethodsToPb(authMethods),
-	}, nil
+	}), nil
 }
 
 func authMethodTypesToPb(methodTypes []domain.UserAuthMethodType) []user.AuthenticationMethodType {
@@ -343,8 +344,8 @@ func authMethodTypeToPb(methodType domain.UserAuthMethodType) user.Authenticatio
 	}
 }
 
-func (s *Server) CreateInviteCode(ctx context.Context, req *user.CreateInviteCodeRequest) (*user.CreateInviteCodeResponse, error) {
-	invite, err := createInviteCodeRequestToCommand(req)
+func (s *Server) CreateInviteCode(ctx context.Context, req *connect.Request[user.CreateInviteCodeRequest]) (*connect.Response[user.CreateInviteCodeResponse], error) {
+	invite, err := createInviteCodeRequestToCommand(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -352,30 +353,30 @@ func (s *Server) CreateInviteCode(ctx context.Context, req *user.CreateInviteCod
 	if err != nil {
 		return nil, err
 	}
-	return &user.CreateInviteCodeResponse{
+	return connect.NewResponse(&user.CreateInviteCodeResponse{
 		Details:    object.DomainToDetailsPb(details),
 		InviteCode: code,
-	}, nil
+	}), nil
 }
 
-func (s *Server) ResendInviteCode(ctx context.Context, req *user.ResendInviteCodeRequest) (*user.ResendInviteCodeResponse, error) {
-	details, err := s.command.ResendInviteCode(ctx, req.GetUserId(), "", "")
+func (s *Server) ResendInviteCode(ctx context.Context, req *connect.Request[user.ResendInviteCodeRequest]) (*connect.Response[user.ResendInviteCodeResponse], error) {
+	details, err := s.command.ResendInviteCode(ctx, req.Msg.GetUserId(), "", "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.ResendInviteCodeResponse{
+	return connect.NewResponse(&user.ResendInviteCodeResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) VerifyInviteCode(ctx context.Context, req *user.VerifyInviteCodeRequest) (*user.VerifyInviteCodeResponse, error) {
-	details, err := s.command.VerifyInviteCode(ctx, req.GetUserId(), req.GetVerificationCode())
+func (s *Server) VerifyInviteCode(ctx context.Context, req *connect.Request[user.VerifyInviteCodeRequest]) (*connect.Response[user.VerifyInviteCodeResponse], error) {
+	details, err := s.command.VerifyInviteCode(ctx, req.Msg.GetUserId(), req.Msg.GetVerificationCode())
 	if err != nil {
 		return nil, err
 	}
-	return &user.VerifyInviteCodeResponse{
+	return connect.NewResponse(&user.VerifyInviteCodeResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
 func createInviteCodeRequestToCommand(req *user.CreateInviteCodeRequest) (*command.CreateUserInvite, error) {
@@ -394,33 +395,33 @@ func createInviteCodeRequestToCommand(req *user.CreateInviteCodeRequest) (*comma
 	}
 }
 
-func (s *Server) HumanMFAInitSkipped(ctx context.Context, req *user.HumanMFAInitSkippedRequest) (_ *user.HumanMFAInitSkippedResponse, err error) {
-	details, err := s.command.HumanMFAInitSkippedV2(ctx, req.UserId)
+func (s *Server) HumanMFAInitSkipped(ctx context.Context, req *connect.Request[user.HumanMFAInitSkippedRequest]) (_ *connect.Response[user.HumanMFAInitSkippedResponse], err error) {
+	details, err := s.command.HumanMFAInitSkippedV2(ctx, req.Msg.GetUserId())
 	if err != nil {
 		return nil, err
 	}
-	return &user.HumanMFAInitSkippedResponse{
+	return connect.NewResponse(&user.HumanMFAInitSkippedResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) CreateUser(ctx context.Context, req *user.CreateUserRequest) (*user.CreateUserResponse, error) {
-	switch userType := req.GetUserType().(type) {
+func (s *Server) CreateUser(ctx context.Context, req *connect.Request[user.CreateUserRequest]) (*connect.Response[user.CreateUserResponse], error) {
+	switch userType := req.Msg.GetUserType().(type) {
 	case *user.CreateUserRequest_Human_:
-		return s.createUserTypeHuman(ctx, userType.Human, req.OrganizationId, req.Username, req.UserId)
+		return s.createUserTypeHuman(ctx, userType.Human, req.Msg.GetOrganizationId(), req.Msg.Username, req.Msg.UserId)
 	case *user.CreateUserRequest_Machine_:
-		return s.createUserTypeMachine(ctx, userType.Machine, req.OrganizationId, req.GetUsername(), req.GetUserId())
+		return s.createUserTypeMachine(ctx, userType.Machine, req.Msg.GetOrganizationId(), req.Msg.GetUsername(), req.Msg.GetUserId())
 	default:
 		return nil, zerrors.ThrowInternal(nil, "", "user type is not implemented")
 	}
 }
 
-func (s *Server) UpdateUser(ctx context.Context, req *user.UpdateUserRequest) (*user.UpdateUserResponse, error) {
-	switch userType := req.GetUserType().(type) {
+func (s *Server) UpdateUser(ctx context.Context, req *connect.Request[user.UpdateUserRequest]) (*connect.Response[user.UpdateUserResponse], error) {
+	switch userType := req.Msg.GetUserType().(type) {
 	case *user.UpdateUserRequest_Human_:
-		return s.updateUserTypeHuman(ctx, userType.Human, req.UserId, req.Username)
+		return s.updateUserTypeHuman(ctx, userType.Human, req.Msg.GetUserId(), req.Msg.Username)
 	case *user.UpdateUserRequest_Machine_:
-		return s.updateUserTypeMachine(ctx, userType.Machine, req.UserId, req.Username)
+		return s.updateUserTypeMachine(ctx, userType.Machine, req.Msg.GetUserId(), req.Msg.Username)
 	default:
 		return nil, zerrors.ThrowUnimplemented(nil, "", "user type is not implemented")
 	}
diff --git a/internal/api/grpc/user/v2/user_query.go b/internal/api/grpc/user/v2/user_query.go
index dc886462be..5f5603af31 100644
--- a/internal/api/grpc/user/v2/user_query.go
+++ b/internal/api/grpc/user/v2/user_query.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"github.com/muhlemmer/gu"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
@@ -13,12 +14,12 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
-func (s *Server) GetUserByID(ctx context.Context, req *user.GetUserByIDRequest) (_ *user.GetUserByIDResponse, err error) {
-	resp, err := s.query.GetUserByIDWithPermission(ctx, true, req.GetUserId(), s.checkPermission)
+func (s *Server) GetUserByID(ctx context.Context, req *connect.Request[user.GetUserByIDRequest]) (_ *connect.Response[user.GetUserByIDResponse], err error) {
+	resp, err := s.query.GetUserByIDWithPermission(ctx, true, req.Msg.GetUserId(), s.checkPermission)
 	if err != nil {
 		return nil, err
 	}
-	return &user.GetUserByIDResponse{
+	return connect.NewResponse(&user.GetUserByIDResponse{
 		Details: object.DomainToDetailsPb(&domain.ObjectDetails{
 			Sequence:      resp.Sequence,
 			CreationDate:  resp.CreationDate,
@@ -26,11 +27,11 @@ func (s *Server) GetUserByID(ctx context.Context, req *user.GetUserByIDRequest)
 			ResourceOwner: resp.ResourceOwner,
 		}),
 		User: userToPb(resp, s.assetAPIPrefix(ctx)),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListUsers(ctx context.Context, req *user.ListUsersRequest) (*user.ListUsersResponse, error) {
-	queries, err := listUsersRequestToModel(req)
+func (s *Server) ListUsers(ctx context.Context, req *connect.Request[user.ListUsersRequest]) (*connect.Response[user.ListUsersResponse], error) {
+	queries, err := listUsersRequestToModel(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -38,10 +39,10 @@ func (s *Server) ListUsers(ctx context.Context, req *user.ListUsersRequest) (*us
 	if err != nil {
 		return nil, err
 	}
-	return &user.ListUsersResponse{
+	return connect.NewResponse(&user.ListUsersResponse{
 		Result:  UsersToPb(res.Users, s.assetAPIPrefix(ctx)),
 		Details: object.ToListDetails(res.SearchResponse),
-	}, nil
+	}), nil
 }
 
 func UsersToPb(users []*query.User, assetPrefix string) []*user.User {
diff --git a/internal/api/grpc/user/v2beta/email.go b/internal/api/grpc/user/v2beta/email.go
index 38cc73c75c..474111f767 100644
--- a/internal/api/grpc/user/v2beta/email.go
+++ b/internal/api/grpc/user/v2beta/email.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/domain"
@@ -11,18 +12,18 @@ import (
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
-func (s *Server) SetEmail(ctx context.Context, req *user.SetEmailRequest) (resp *user.SetEmailResponse, err error) {
+func (s *Server) SetEmail(ctx context.Context, req *connect.Request[user.SetEmailRequest]) (resp *connect.Response[user.SetEmailResponse], err error) {
 	var email *domain.Email
 
-	switch v := req.GetVerification().(type) {
+	switch v := req.Msg.GetVerification().(type) {
 	case *user.SetEmailRequest_SendCode:
-		email, err = s.command.ChangeUserEmailURLTemplate(ctx, req.GetUserId(), req.GetEmail(), s.userCodeAlg, v.SendCode.GetUrlTemplate())
+		email, err = s.command.ChangeUserEmailURLTemplate(ctx, req.Msg.GetUserId(), req.Msg.GetEmail(), s.userCodeAlg, v.SendCode.GetUrlTemplate())
 	case *user.SetEmailRequest_ReturnCode:
-		email, err = s.command.ChangeUserEmailReturnCode(ctx, req.GetUserId(), req.GetEmail(), s.userCodeAlg)
+		email, err = s.command.ChangeUserEmailReturnCode(ctx, req.Msg.GetUserId(), req.Msg.GetEmail(), s.userCodeAlg)
 	case *user.SetEmailRequest_IsVerified:
-		email, err = s.command.ChangeUserEmailVerified(ctx, req.GetUserId(), req.GetEmail())
+		email, err = s.command.ChangeUserEmailVerified(ctx, req.Msg.GetUserId(), req.Msg.GetEmail())
 	case nil:
-		email, err = s.command.ChangeUserEmail(ctx, req.GetUserId(), req.GetEmail(), s.userCodeAlg)
+		email, err = s.command.ChangeUserEmail(ctx, req.Msg.GetUserId(), req.Msg.GetEmail(), s.userCodeAlg)
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-Ahng0", "verification oneOf %T in method SetEmail not implemented", v)
 	}
@@ -30,26 +31,26 @@ func (s *Server) SetEmail(ctx context.Context, req *user.SetEmailRequest) (resp
 		return nil, err
 	}
 
-	return &user.SetEmailResponse{
+	return connect.NewResponse(&user.SetEmailResponse{
 		Details: &object.Details{
 			Sequence:      email.Sequence,
 			ChangeDate:    timestamppb.New(email.ChangeDate),
 			ResourceOwner: email.ResourceOwner,
 		},
 		VerificationCode: email.PlainCode,
-	}, nil
+	}), nil
 }
 
-func (s *Server) ResendEmailCode(ctx context.Context, req *user.ResendEmailCodeRequest) (resp *user.ResendEmailCodeResponse, err error) {
+func (s *Server) ResendEmailCode(ctx context.Context, req *connect.Request[user.ResendEmailCodeRequest]) (resp *connect.Response[user.ResendEmailCodeResponse], err error) {
 	var email *domain.Email
 
-	switch v := req.GetVerification().(type) {
+	switch v := req.Msg.GetVerification().(type) {
 	case *user.ResendEmailCodeRequest_SendCode:
-		email, err = s.command.ResendUserEmailCodeURLTemplate(ctx, req.GetUserId(), s.userCodeAlg, v.SendCode.GetUrlTemplate())
+		email, err = s.command.ResendUserEmailCodeURLTemplate(ctx, req.Msg.GetUserId(), s.userCodeAlg, v.SendCode.GetUrlTemplate())
 	case *user.ResendEmailCodeRequest_ReturnCode:
-		email, err = s.command.ResendUserEmailReturnCode(ctx, req.GetUserId(), s.userCodeAlg)
+		email, err = s.command.ResendUserEmailReturnCode(ctx, req.Msg.GetUserId(), s.userCodeAlg)
 	case nil:
-		email, err = s.command.ResendUserEmailCode(ctx, req.GetUserId(), s.userCodeAlg)
+		email, err = s.command.ResendUserEmailCode(ctx, req.Msg.GetUserId(), s.userCodeAlg)
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-faj0l0nj5x", "verification oneOf %T in method ResendEmailCode not implemented", v)
 	}
@@ -57,30 +58,30 @@ func (s *Server) ResendEmailCode(ctx context.Context, req *user.ResendEmailCodeR
 		return nil, err
 	}
 
-	return &user.ResendEmailCodeResponse{
+	return connect.NewResponse(&user.ResendEmailCodeResponse{
 		Details: &object.Details{
 			Sequence:      email.Sequence,
 			ChangeDate:    timestamppb.New(email.ChangeDate),
 			ResourceOwner: email.ResourceOwner,
 		},
 		VerificationCode: email.PlainCode,
-	}, nil
+	}), nil
 }
 
-func (s *Server) VerifyEmail(ctx context.Context, req *user.VerifyEmailRequest) (*user.VerifyEmailResponse, error) {
+func (s *Server) VerifyEmail(ctx context.Context, req *connect.Request[user.VerifyEmailRequest]) (*connect.Response[user.VerifyEmailResponse], error) {
 	details, err := s.command.VerifyUserEmail(ctx,
-		req.GetUserId(),
-		req.GetVerificationCode(),
+		req.Msg.GetUserId(),
+		req.Msg.GetVerificationCode(),
 		s.userCodeAlg,
 	)
 	if err != nil {
 		return nil, err
 	}
-	return &user.VerifyEmailResponse{
+	return connect.NewResponse(&user.VerifyEmailResponse{
 		Details: &object.Details{
 			Sequence:      details.Sequence,
 			ChangeDate:    timestamppb.New(details.EventDate),
 			ResourceOwner: details.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2beta/otp.go b/internal/api/grpc/user/v2beta/otp.go
index c11aa4c1a4..99919ce047 100644
--- a/internal/api/grpc/user/v2beta/otp.go
+++ b/internal/api/grpc/user/v2beta/otp.go
@@ -3,40 +3,42 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	object "github.com/zitadel/zitadel/internal/api/grpc/object/v2beta"
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
-func (s *Server) AddOTPSMS(ctx context.Context, req *user.AddOTPSMSRequest) (*user.AddOTPSMSResponse, error) {
-	details, err := s.command.AddHumanOTPSMS(ctx, req.GetUserId(), "")
+func (s *Server) AddOTPSMS(ctx context.Context, req *connect.Request[user.AddOTPSMSRequest]) (*connect.Response[user.AddOTPSMSResponse], error) {
+	details, err := s.command.AddHumanOTPSMS(ctx, req.Msg.GetUserId(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.AddOTPSMSResponse{Details: object.DomainToDetailsPb(details)}, nil
+	return connect.NewResponse(&user.AddOTPSMSResponse{Details: object.DomainToDetailsPb(details)}), nil
 
 }
 
-func (s *Server) RemoveOTPSMS(ctx context.Context, req *user.RemoveOTPSMSRequest) (*user.RemoveOTPSMSResponse, error) {
-	objectDetails, err := s.command.RemoveHumanOTPSMS(ctx, req.GetUserId(), "")
+func (s *Server) RemoveOTPSMS(ctx context.Context, req *connect.Request[user.RemoveOTPSMSRequest]) (*connect.Response[user.RemoveOTPSMSResponse], error) {
+	objectDetails, err := s.command.RemoveHumanOTPSMS(ctx, req.Msg.GetUserId(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemoveOTPSMSResponse{Details: object.DomainToDetailsPb(objectDetails)}, nil
+	return connect.NewResponse(&user.RemoveOTPSMSResponse{Details: object.DomainToDetailsPb(objectDetails)}), nil
 }
 
-func (s *Server) AddOTPEmail(ctx context.Context, req *user.AddOTPEmailRequest) (*user.AddOTPEmailResponse, error) {
-	details, err := s.command.AddHumanOTPEmail(ctx, req.GetUserId(), "")
+func (s *Server) AddOTPEmail(ctx context.Context, req *connect.Request[user.AddOTPEmailRequest]) (*connect.Response[user.AddOTPEmailResponse], error) {
+	details, err := s.command.AddHumanOTPEmail(ctx, req.Msg.GetUserId(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.AddOTPEmailResponse{Details: object.DomainToDetailsPb(details)}, nil
+	return connect.NewResponse(&user.AddOTPEmailResponse{Details: object.DomainToDetailsPb(details)}), nil
 
 }
 
-func (s *Server) RemoveOTPEmail(ctx context.Context, req *user.RemoveOTPEmailRequest) (*user.RemoveOTPEmailResponse, error) {
-	objectDetails, err := s.command.RemoveHumanOTPEmail(ctx, req.GetUserId(), "")
+func (s *Server) RemoveOTPEmail(ctx context.Context, req *connect.Request[user.RemoveOTPEmailRequest]) (*connect.Response[user.RemoveOTPEmailResponse], error) {
+	objectDetails, err := s.command.RemoveHumanOTPEmail(ctx, req.Msg.GetUserId(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemoveOTPEmailResponse{Details: object.DomainToDetailsPb(objectDetails)}, nil
+	return connect.NewResponse(&user.RemoveOTPEmailResponse{Details: object.DomainToDetailsPb(objectDetails)}), nil
 }
diff --git a/internal/api/grpc/user/v2beta/passkey.go b/internal/api/grpc/user/v2beta/passkey.go
index 2df267f3fd..a63ac708b4 100644
--- a/internal/api/grpc/user/v2beta/passkey.go
+++ b/internal/api/grpc/user/v2beta/passkey.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/structpb"
 
 	object "github.com/zitadel/zitadel/internal/api/grpc/object/v2beta"
@@ -12,17 +13,17 @@ import (
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
-func (s *Server) RegisterPasskey(ctx context.Context, req *user.RegisterPasskeyRequest) (resp *user.RegisterPasskeyResponse, err error) {
+func (s *Server) RegisterPasskey(ctx context.Context, req *connect.Request[user.RegisterPasskeyRequest]) (resp *connect.Response[user.RegisterPasskeyResponse], err error) {
 	var (
-		authenticator = passkeyAuthenticatorToDomain(req.GetAuthenticator())
+		authenticator = passkeyAuthenticatorToDomain(req.Msg.GetAuthenticator())
 	)
-	if code := req.GetCode(); code != nil {
+	if code := req.Msg.GetCode(); code != nil {
 		return passkeyRegistrationDetailsToPb(
-			s.command.RegisterUserPasskeyWithCode(ctx, req.GetUserId(), "", authenticator, code.Id, code.Code, req.GetDomain(), s.userCodeAlg),
+			s.command.RegisterUserPasskeyWithCode(ctx, req.Msg.GetUserId(), "", authenticator, code.Id, code.Code, req.Msg.GetDomain(), s.userCodeAlg),
 		)
 	}
 	return passkeyRegistrationDetailsToPb(
-		s.command.RegisterUserPasskey(ctx, req.GetUserId(), "", req.GetDomain(), authenticator),
+		s.command.RegisterUserPasskey(ctx, req.Msg.GetUserId(), "", req.Msg.GetDomain(), authenticator),
 	)
 }
 
@@ -50,69 +51,69 @@ func webAuthNRegistrationDetailsToPb(details *domain.WebAuthNRegistrationDetails
 	return object.DomainToDetailsPb(details.ObjectDetails), options, nil
 }
 
-func passkeyRegistrationDetailsToPb(details *domain.WebAuthNRegistrationDetails, err error) (*user.RegisterPasskeyResponse, error) {
+func passkeyRegistrationDetailsToPb(details *domain.WebAuthNRegistrationDetails, err error) (*connect.Response[user.RegisterPasskeyResponse], error) {
 	objectDetails, options, err := webAuthNRegistrationDetailsToPb(details, err)
 	if err != nil {
 		return nil, err
 	}
-	return &user.RegisterPasskeyResponse{
+	return connect.NewResponse(&user.RegisterPasskeyResponse{
 		Details:                            objectDetails,
 		PasskeyId:                          details.ID,
 		PublicKeyCredentialCreationOptions: options,
-	}, nil
+	}), nil
 }
 
-func (s *Server) VerifyPasskeyRegistration(ctx context.Context, req *user.VerifyPasskeyRegistrationRequest) (*user.VerifyPasskeyRegistrationResponse, error) {
-	pkc, err := req.GetPublicKeyCredential().MarshalJSON()
+func (s *Server) VerifyPasskeyRegistration(ctx context.Context, req *connect.Request[user.VerifyPasskeyRegistrationRequest]) (*connect.Response[user.VerifyPasskeyRegistrationResponse], error) {
+	pkc, err := req.Msg.GetPublicKeyCredential().MarshalJSON()
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "USERv2-Pha2o", "Errors.Internal")
 	}
-	objectDetails, err := s.command.HumanHumanPasswordlessSetup(ctx, req.GetUserId(), "", req.GetPasskeyName(), "", pkc)
+	objectDetails, err := s.command.HumanHumanPasswordlessSetup(ctx, req.Msg.GetUserId(), "", req.Msg.GetPasskeyName(), "", pkc)
 	if err != nil {
 		return nil, err
 	}
-	return &user.VerifyPasskeyRegistrationResponse{
+	return connect.NewResponse(&user.VerifyPasskeyRegistrationResponse{
 		Details: object.DomainToDetailsPb(objectDetails),
-	}, nil
+	}), nil
 }
 
-func (s *Server) CreatePasskeyRegistrationLink(ctx context.Context, req *user.CreatePasskeyRegistrationLinkRequest) (resp *user.CreatePasskeyRegistrationLinkResponse, err error) {
-	switch medium := req.Medium.(type) {
+func (s *Server) CreatePasskeyRegistrationLink(ctx context.Context, req *connect.Request[user.CreatePasskeyRegistrationLinkRequest]) (resp *connect.Response[user.CreatePasskeyRegistrationLinkResponse], err error) {
+	switch medium := req.Msg.Medium.(type) {
 	case nil:
 		return passkeyDetailsToPb(
-			s.command.AddUserPasskeyCode(ctx, req.GetUserId(), "", s.userCodeAlg),
+			s.command.AddUserPasskeyCode(ctx, req.Msg.GetUserId(), "", s.userCodeAlg),
 		)
 	case *user.CreatePasskeyRegistrationLinkRequest_SendLink:
 		return passkeyDetailsToPb(
-			s.command.AddUserPasskeyCodeURLTemplate(ctx, req.GetUserId(), "", s.userCodeAlg, medium.SendLink.GetUrlTemplate()),
+			s.command.AddUserPasskeyCodeURLTemplate(ctx, req.Msg.GetUserId(), "", s.userCodeAlg, medium.SendLink.GetUrlTemplate()),
 		)
 	case *user.CreatePasskeyRegistrationLinkRequest_ReturnCode:
 		return passkeyCodeDetailsToPb(
-			s.command.AddUserPasskeyCodeReturn(ctx, req.GetUserId(), "", s.userCodeAlg),
+			s.command.AddUserPasskeyCodeReturn(ctx, req.Msg.GetUserId(), "", s.userCodeAlg),
 		)
 	default:
 		return nil, zerrors.ThrowUnimplementedf(nil, "USERv2-gaD8y", "verification oneOf %T in method CreatePasskeyRegistrationLink not implemented", medium)
 	}
 }
 
-func passkeyDetailsToPb(details *domain.ObjectDetails, err error) (*user.CreatePasskeyRegistrationLinkResponse, error) {
+func passkeyDetailsToPb(details *domain.ObjectDetails, err error) (*connect.Response[user.CreatePasskeyRegistrationLinkResponse], error) {
 	if err != nil {
 		return nil, err
 	}
-	return &user.CreatePasskeyRegistrationLinkResponse{
+	return connect.NewResponse(&user.CreatePasskeyRegistrationLinkResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func passkeyCodeDetailsToPb(details *domain.PasskeyCodeDetails, err error) (*user.CreatePasskeyRegistrationLinkResponse, error) {
+func passkeyCodeDetailsToPb(details *domain.PasskeyCodeDetails, err error) (*connect.Response[user.CreatePasskeyRegistrationLinkResponse], error) {
 	if err != nil {
 		return nil, err
 	}
-	return &user.CreatePasskeyRegistrationLinkResponse{
+	return connect.NewResponse(&user.CreatePasskeyRegistrationLinkResponse{
 		Details: object.DomainToDetailsPb(details.ObjectDetails),
 		Code: &user.PasskeyRegistrationCode{
 			Id:   details.CodeID,
 			Code: details.Code,
 		},
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2beta/passkey_test.go b/internal/api/grpc/user/v2beta/passkey_test.go
index f4a48ed941..12ef8ed02f 100644
--- a/internal/api/grpc/user/v2beta/passkey_test.go
+++ b/internal/api/grpc/user/v2beta/passkey_test.go
@@ -123,11 +123,11 @@ func Test_passkeyRegistrationDetailsToPb(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := passkeyRegistrationDetailsToPb(tt.args.details, tt.args.err)
 			require.ErrorIs(t, err, tt.wantErr)
-			if !proto.Equal(tt.want, got) {
+			if tt.want != nil && !proto.Equal(tt.want, got.Msg) {
 				t.Errorf("Not equal:\nExpected\n%s\nActual:%s", tt.want, got)
 			}
 			if tt.want != nil {
-				grpc.AllFieldsSet(t, got.ProtoReflect())
+				grpc.AllFieldsSet(t, got.Msg.ProtoReflect())
 			}
 		})
 	}
@@ -181,7 +181,9 @@ func Test_passkeyDetailsToPb(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := passkeyDetailsToPb(tt.args.details, tt.args.err)
 			require.ErrorIs(t, err, tt.args.err)
-			assert.Equal(t, tt.want, got)
+			if tt.want != nil {
+				assert.Equal(t, tt.want, got.Msg)
+			}
 		})
 	}
 }
@@ -242,9 +244,9 @@ func Test_passkeyCodeDetailsToPb(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := passkeyCodeDetailsToPb(tt.args.details, tt.args.err)
 			require.ErrorIs(t, err, tt.args.err)
-			assert.Equal(t, tt.want, got)
 			if tt.want != nil {
-				grpc.AllFieldsSet(t, got.ProtoReflect())
+				assert.Equal(t, tt.want, got.Msg)
+				grpc.AllFieldsSet(t, got.Msg.ProtoReflect())
 			}
 		})
 	}
diff --git a/internal/api/grpc/user/v2beta/password.go b/internal/api/grpc/user/v2beta/password.go
index 0de1262215..ae9a549db0 100644
--- a/internal/api/grpc/user/v2beta/password.go
+++ b/internal/api/grpc/user/v2beta/password.go
@@ -3,23 +3,25 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	object "github.com/zitadel/zitadel/internal/api/grpc/object/v2beta"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
-func (s *Server) PasswordReset(ctx context.Context, req *user.PasswordResetRequest) (_ *user.PasswordResetResponse, err error) {
+func (s *Server) PasswordReset(ctx context.Context, req *connect.Request[user.PasswordResetRequest]) (_ *connect.Response[user.PasswordResetResponse], err error) {
 	var details *domain.ObjectDetails
 	var code *string
 
-	switch m := req.GetMedium().(type) {
+	switch m := req.Msg.GetMedium().(type) {
 	case *user.PasswordResetRequest_SendLink:
-		details, code, err = s.command.RequestPasswordResetURLTemplate(ctx, req.GetUserId(), m.SendLink.GetUrlTemplate(), notificationTypeToDomain(m.SendLink.GetNotificationType()))
+		details, code, err = s.command.RequestPasswordResetURLTemplate(ctx, req.Msg.GetUserId(), m.SendLink.GetUrlTemplate(), notificationTypeToDomain(m.SendLink.GetNotificationType()))
 	case *user.PasswordResetRequest_ReturnCode:
-		details, code, err = s.command.RequestPasswordResetReturnCode(ctx, req.GetUserId())
+		details, code, err = s.command.RequestPasswordResetReturnCode(ctx, req.Msg.GetUserId())
 	case nil:
-		details, code, err = s.command.RequestPasswordReset(ctx, req.GetUserId())
+		details, code, err = s.command.RequestPasswordReset(ctx, req.Msg.GetUserId())
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-SDeeg", "verification oneOf %T in method RequestPasswordReset not implemented", m)
 	}
@@ -27,10 +29,10 @@ func (s *Server) PasswordReset(ctx context.Context, req *user.PasswordResetReque
 		return nil, err
 	}
 
-	return &user.PasswordResetResponse{
+	return connect.NewResponse(&user.PasswordResetResponse{
 		Details:          object.DomainToDetailsPb(details),
 		VerificationCode: code,
-	}, nil
+	}), nil
 }
 
 func notificationTypeToDomain(notificationType user.NotificationType) domain.NotificationType {
@@ -46,16 +48,16 @@ func notificationTypeToDomain(notificationType user.NotificationType) domain.Not
 	}
 }
 
-func (s *Server) SetPassword(ctx context.Context, req *user.SetPasswordRequest) (_ *user.SetPasswordResponse, err error) {
+func (s *Server) SetPassword(ctx context.Context, req *connect.Request[user.SetPasswordRequest]) (_ *connect.Response[user.SetPasswordResponse], err error) {
 	var details *domain.ObjectDetails
 
-	switch v := req.GetVerification().(type) {
+	switch v := req.Msg.GetVerification().(type) {
 	case *user.SetPasswordRequest_CurrentPassword:
-		details, err = s.command.ChangePassword(ctx, "", req.GetUserId(), v.CurrentPassword, req.GetNewPassword().GetPassword(), "", req.GetNewPassword().GetChangeRequired())
+		details, err = s.command.ChangePassword(ctx, "", req.Msg.GetUserId(), v.CurrentPassword, req.Msg.GetNewPassword().GetPassword(), "", req.Msg.GetNewPassword().GetChangeRequired())
 	case *user.SetPasswordRequest_VerificationCode:
-		details, err = s.command.SetPasswordWithVerifyCode(ctx, "", req.GetUserId(), v.VerificationCode, req.GetNewPassword().GetPassword(), "", req.GetNewPassword().GetChangeRequired())
+		details, err = s.command.SetPasswordWithVerifyCode(ctx, "", req.Msg.GetUserId(), v.VerificationCode, req.Msg.GetNewPassword().GetPassword(), "", req.Msg.GetNewPassword().GetChangeRequired())
 	case nil:
-		details, err = s.command.SetPassword(ctx, "", req.GetUserId(), req.GetNewPassword().GetPassword(), req.GetNewPassword().GetChangeRequired())
+		details, err = s.command.SetPassword(ctx, "", req.Msg.GetUserId(), req.Msg.GetNewPassword().GetPassword(), req.Msg.GetNewPassword().GetChangeRequired())
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-SFdf2", "verification oneOf %T in method SetPasswordRequest not implemented", v)
 	}
@@ -63,7 +65,7 @@ func (s *Server) SetPassword(ctx context.Context, req *user.SetPasswordRequest)
 		return nil, err
 	}
 
-	return &user.SetPasswordResponse{
+	return connect.NewResponse(&user.SetPasswordResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2beta/phone.go b/internal/api/grpc/user/v2beta/phone.go
index eac7eb4e31..20ef2075ab 100644
--- a/internal/api/grpc/user/v2beta/phone.go
+++ b/internal/api/grpc/user/v2beta/phone.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/domain"
@@ -11,18 +12,18 @@ import (
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
-func (s *Server) SetPhone(ctx context.Context, req *user.SetPhoneRequest) (resp *user.SetPhoneResponse, err error) {
+func (s *Server) SetPhone(ctx context.Context, req *connect.Request[user.SetPhoneRequest]) (resp *connect.Response[user.SetPhoneResponse], err error) {
 	var phone *domain.Phone
 
-	switch v := req.GetVerification().(type) {
+	switch v := req.Msg.GetVerification().(type) {
 	case *user.SetPhoneRequest_SendCode:
-		phone, err = s.command.ChangeUserPhone(ctx, req.GetUserId(), req.GetPhone(), s.userCodeAlg)
+		phone, err = s.command.ChangeUserPhone(ctx, req.Msg.GetUserId(), req.Msg.GetPhone(), s.userCodeAlg)
 	case *user.SetPhoneRequest_ReturnCode:
-		phone, err = s.command.ChangeUserPhoneReturnCode(ctx, req.GetUserId(), req.GetPhone(), s.userCodeAlg)
+		phone, err = s.command.ChangeUserPhoneReturnCode(ctx, req.Msg.GetUserId(), req.Msg.GetPhone(), s.userCodeAlg)
 	case *user.SetPhoneRequest_IsVerified:
-		phone, err = s.command.ChangeUserPhoneVerified(ctx, req.GetUserId(), req.GetPhone())
+		phone, err = s.command.ChangeUserPhoneVerified(ctx, req.Msg.GetUserId(), req.Msg.GetPhone())
 	case nil:
-		phone, err = s.command.ChangeUserPhone(ctx, req.GetUserId(), req.GetPhone(), s.userCodeAlg)
+		phone, err = s.command.ChangeUserPhone(ctx, req.Msg.GetUserId(), req.Msg.GetPhone(), s.userCodeAlg)
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-Ahng0", "verification oneOf %T in method SetPhone not implemented", v)
 	}
@@ -30,42 +31,42 @@ func (s *Server) SetPhone(ctx context.Context, req *user.SetPhoneRequest) (resp
 		return nil, err
 	}
 
-	return &user.SetPhoneResponse{
+	return connect.NewResponse(&user.SetPhoneResponse{
 		Details: &object.Details{
 			Sequence:      phone.Sequence,
 			ChangeDate:    timestamppb.New(phone.ChangeDate),
 			ResourceOwner: phone.ResourceOwner,
 		},
 		VerificationCode: phone.PlainCode,
-	}, nil
+	}), nil
 }
 
-func (s *Server) RemovePhone(ctx context.Context, req *user.RemovePhoneRequest) (resp *user.RemovePhoneResponse, err error) {
+func (s *Server) RemovePhone(ctx context.Context, req *connect.Request[user.RemovePhoneRequest]) (resp *connect.Response[user.RemovePhoneResponse], err error) {
 	details, err := s.command.RemoveUserPhone(ctx,
-		req.GetUserId(),
+		req.Msg.GetUserId(),
 	)
 	if err != nil {
 		return nil, err
 	}
 
-	return &user.RemovePhoneResponse{
+	return connect.NewResponse(&user.RemovePhoneResponse{
 		Details: &object.Details{
 			Sequence:      details.Sequence,
 			ChangeDate:    timestamppb.New(details.EventDate),
 			ResourceOwner: details.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
 
-func (s *Server) ResendPhoneCode(ctx context.Context, req *user.ResendPhoneCodeRequest) (resp *user.ResendPhoneCodeResponse, err error) {
+func (s *Server) ResendPhoneCode(ctx context.Context, req *connect.Request[user.ResendPhoneCodeRequest]) (resp *connect.Response[user.ResendPhoneCodeResponse], err error) {
 	var phone *domain.Phone
-	switch v := req.GetVerification().(type) {
+	switch v := req.Msg.GetVerification().(type) {
 	case *user.ResendPhoneCodeRequest_SendCode:
-		phone, err = s.command.ResendUserPhoneCode(ctx, req.GetUserId(), s.userCodeAlg)
+		phone, err = s.command.ResendUserPhoneCode(ctx, req.Msg.GetUserId(), s.userCodeAlg)
 	case *user.ResendPhoneCodeRequest_ReturnCode:
-		phone, err = s.command.ResendUserPhoneCodeReturnCode(ctx, req.GetUserId(), s.userCodeAlg)
+		phone, err = s.command.ResendUserPhoneCodeReturnCode(ctx, req.Msg.GetUserId(), s.userCodeAlg)
 	case nil:
-		phone, err = s.command.ResendUserPhoneCode(ctx, req.GetUserId(), s.userCodeAlg)
+		phone, err = s.command.ResendUserPhoneCode(ctx, req.Msg.GetUserId(), s.userCodeAlg)
 	default:
 		err = zerrors.ThrowUnimplementedf(nil, "USERv2-ResendUserPhoneCode", "verification oneOf %T in method SetPhone not implemented", v)
 	}
@@ -73,30 +74,30 @@ func (s *Server) ResendPhoneCode(ctx context.Context, req *user.ResendPhoneCodeR
 		return nil, err
 	}
 
-	return &user.ResendPhoneCodeResponse{
+	return connect.NewResponse(&user.ResendPhoneCodeResponse{
 		Details: &object.Details{
 			Sequence:      phone.Sequence,
 			ChangeDate:    timestamppb.New(phone.ChangeDate),
 			ResourceOwner: phone.ResourceOwner,
 		},
 		VerificationCode: phone.PlainCode,
-	}, nil
+	}), nil
 }
 
-func (s *Server) VerifyPhone(ctx context.Context, req *user.VerifyPhoneRequest) (*user.VerifyPhoneResponse, error) {
+func (s *Server) VerifyPhone(ctx context.Context, req *connect.Request[user.VerifyPhoneRequest]) (*connect.Response[user.VerifyPhoneResponse], error) {
 	details, err := s.command.VerifyUserPhone(ctx,
-		req.GetUserId(),
-		req.GetVerificationCode(),
+		req.Msg.GetUserId(),
+		req.Msg.GetVerificationCode(),
 		s.userCodeAlg,
 	)
 	if err != nil {
 		return nil, err
 	}
-	return &user.VerifyPhoneResponse{
+	return connect.NewResponse(&user.VerifyPhoneResponse{
 		Details: &object.Details{
 			Sequence:      details.Sequence,
 			ChangeDate:    timestamppb.New(details.EventDate),
 			ResourceOwner: details.ResourceOwner,
 		},
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2beta/query.go b/internal/api/grpc/user/v2beta/query.go
index 46b009a72e..b9654ea97c 100644
--- a/internal/api/grpc/user/v2beta/query.go
+++ b/internal/api/grpc/user/v2beta/query.go
@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"github.com/muhlemmer/gu"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
@@ -13,23 +14,23 @@ import (
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
-func (s *Server) GetUserByID(ctx context.Context, req *user.GetUserByIDRequest) (_ *user.GetUserByIDResponse, err error) {
-	resp, err := s.query.GetUserByIDWithPermission(ctx, true, req.GetUserId(), s.checkPermission)
+func (s *Server) GetUserByID(ctx context.Context, req *connect.Request[user.GetUserByIDRequest]) (_ *connect.Response[user.GetUserByIDResponse], err error) {
+	resp, err := s.query.GetUserByIDWithPermission(ctx, true, req.Msg.GetUserId(), s.checkPermission)
 	if err != nil {
 		return nil, err
 	}
-	return &user.GetUserByIDResponse{
+	return connect.NewResponse(&user.GetUserByIDResponse{
 		Details: object.DomainToDetailsPb(&domain.ObjectDetails{
 			Sequence:      resp.Sequence,
 			EventDate:     resp.ChangeDate,
 			ResourceOwner: resp.ResourceOwner,
 		}),
 		User: userToPb(resp, s.assetAPIPrefix(ctx)),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListUsers(ctx context.Context, req *user.ListUsersRequest) (*user.ListUsersResponse, error) {
-	queries, err := listUsersRequestToModel(req)
+func (s *Server) ListUsers(ctx context.Context, req *connect.Request[user.ListUsersRequest]) (*connect.Response[user.ListUsersResponse], error) {
+	queries, err := listUsersRequestToModel(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -37,10 +38,10 @@ func (s *Server) ListUsers(ctx context.Context, req *user.ListUsersRequest) (*us
 	if err != nil {
 		return nil, err
 	}
-	return &user.ListUsersResponse{
+	return connect.NewResponse(&user.ListUsersResponse{
 		Result:  UsersToPb(res.Users, s.assetAPIPrefix(ctx)),
 		Details: object.ToListDetails(res.SearchResponse),
-	}, nil
+	}), nil
 }
 
 func UsersToPb(users []*query.User, assetPrefix string) []*user.User {
diff --git a/internal/api/grpc/user/v2beta/server.go b/internal/api/grpc/user/v2beta/server.go
index 93af47f58b..7e3934a2c1 100644
--- a/internal/api/grpc/user/v2beta/server.go
+++ b/internal/api/grpc/user/v2beta/server.go
@@ -2,8 +2,10 @@ package user
 
 import (
 	"context"
+	"net/http"
 
-	"google.golang.org/grpc"
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
@@ -12,12 +14,12 @@ import (
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2beta/userconnect"
 )
 
-var _ user.UserServiceServer = (*Server)(nil)
+var _ userconnect.UserServiceHandler = (*Server)(nil)
 
 type Server struct {
-	user.UnimplementedUserServiceServer
 	command     *command.Commands
 	query       *query.Queries
 	userCodeAlg crypto.EncryptionAlgorithm
@@ -54,8 +56,12 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	user.RegisterUserServiceServer(grpcServer, s)
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return userconnect.NewUserServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return user.File_zitadel_user_v2beta_user_service_proto
 }
 
 func (s *Server) AppName() string {
diff --git a/internal/api/grpc/user/v2beta/totp.go b/internal/api/grpc/user/v2beta/totp.go
index 2ef47a9817..e7bd01b2b6 100644
--- a/internal/api/grpc/user/v2beta/totp.go
+++ b/internal/api/grpc/user/v2beta/totp.go
@@ -3,42 +3,44 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	object "github.com/zitadel/zitadel/internal/api/grpc/object/v2beta"
 	"github.com/zitadel/zitadel/internal/domain"
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
-func (s *Server) RegisterTOTP(ctx context.Context, req *user.RegisterTOTPRequest) (*user.RegisterTOTPResponse, error) {
+func (s *Server) RegisterTOTP(ctx context.Context, req *connect.Request[user.RegisterTOTPRequest]) (*connect.Response[user.RegisterTOTPResponse], error) {
 	return totpDetailsToPb(
-		s.command.AddUserTOTP(ctx, req.GetUserId(), ""),
+		s.command.AddUserTOTP(ctx, req.Msg.GetUserId(), ""),
 	)
 }
 
-func totpDetailsToPb(totp *domain.TOTP, err error) (*user.RegisterTOTPResponse, error) {
+func totpDetailsToPb(totp *domain.TOTP, err error) (*connect.Response[user.RegisterTOTPResponse], error) {
 	if err != nil {
 		return nil, err
 	}
-	return &user.RegisterTOTPResponse{
+	return connect.NewResponse(&user.RegisterTOTPResponse{
 		Details: object.DomainToDetailsPb(totp.ObjectDetails),
 		Uri:     totp.URI,
 		Secret:  totp.Secret,
-	}, nil
+	}), nil
 }
 
-func (s *Server) VerifyTOTPRegistration(ctx context.Context, req *user.VerifyTOTPRegistrationRequest) (*user.VerifyTOTPRegistrationResponse, error) {
-	objectDetails, err := s.command.CheckUserTOTP(ctx, req.GetUserId(), req.GetCode(), "")
+func (s *Server) VerifyTOTPRegistration(ctx context.Context, req *connect.Request[user.VerifyTOTPRegistrationRequest]) (*connect.Response[user.VerifyTOTPRegistrationResponse], error) {
+	objectDetails, err := s.command.CheckUserTOTP(ctx, req.Msg.GetUserId(), req.Msg.GetCode(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.VerifyTOTPRegistrationResponse{
+	return connect.NewResponse(&user.VerifyTOTPRegistrationResponse{
 		Details: object.DomainToDetailsPb(objectDetails),
-	}, nil
+	}), nil
 }
 
-func (s *Server) RemoveTOTP(ctx context.Context, req *user.RemoveTOTPRequest) (*user.RemoveTOTPResponse, error) {
-	objectDetails, err := s.command.HumanRemoveTOTP(ctx, req.GetUserId(), "")
+func (s *Server) RemoveTOTP(ctx context.Context, req *connect.Request[user.RemoveTOTPRequest]) (*connect.Response[user.RemoveTOTPResponse], error) {
+	objectDetails, err := s.command.HumanRemoveTOTP(ctx, req.Msg.GetUserId(), "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.RemoveTOTPResponse{Details: object.DomainToDetailsPb(objectDetails)}, nil
+	return connect.NewResponse(&user.RemoveTOTPResponse{Details: object.DomainToDetailsPb(objectDetails)}), nil
 }
diff --git a/internal/api/grpc/user/v2beta/totp_test.go b/internal/api/grpc/user/v2beta/totp_test.go
index 81a54675f2..77c6e5c343 100644
--- a/internal/api/grpc/user/v2beta/totp_test.go
+++ b/internal/api/grpc/user/v2beta/totp_test.go
@@ -63,7 +63,7 @@ func Test_totpDetailsToPb(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := totpDetailsToPb(tt.args.otp, tt.args.err)
 			require.ErrorIs(t, err, tt.wantErr)
-			if !proto.Equal(tt.want, got) {
+			if tt.want != nil && !proto.Equal(tt.want, got.Msg) {
 				t.Errorf("RegisterTOTPResponse =\n%v\nwant\n%v", got, tt.want)
 			}
 		})
diff --git a/internal/api/grpc/user/v2beta/u2f.go b/internal/api/grpc/user/v2beta/u2f.go
index e23a22b8b5..a6823a4bc0 100644
--- a/internal/api/grpc/user/v2beta/u2f.go
+++ b/internal/api/grpc/user/v2beta/u2f.go
@@ -3,40 +3,42 @@ package user
 import (
 	"context"
 
+	"connectrpc.com/connect"
+
 	object "github.com/zitadel/zitadel/internal/api/grpc/object/v2beta"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
-func (s *Server) RegisterU2F(ctx context.Context, req *user.RegisterU2FRequest) (*user.RegisterU2FResponse, error) {
+func (s *Server) RegisterU2F(ctx context.Context, req *connect.Request[user.RegisterU2FRequest]) (*connect.Response[user.RegisterU2FResponse], error) {
 	return u2fRegistrationDetailsToPb(
-		s.command.RegisterUserU2F(ctx, req.GetUserId(), "", req.GetDomain()),
+		s.command.RegisterUserU2F(ctx, req.Msg.GetUserId(), "", req.Msg.GetDomain()),
 	)
 }
 
-func u2fRegistrationDetailsToPb(details *domain.WebAuthNRegistrationDetails, err error) (*user.RegisterU2FResponse, error) {
+func u2fRegistrationDetailsToPb(details *domain.WebAuthNRegistrationDetails, err error) (*connect.Response[user.RegisterU2FResponse], error) {
 	objectDetails, options, err := webAuthNRegistrationDetailsToPb(details, err)
 	if err != nil {
 		return nil, err
 	}
-	return &user.RegisterU2FResponse{
+	return connect.NewResponse(&user.RegisterU2FResponse{
 		Details:                            objectDetails,
 		U2FId:                              details.ID,
 		PublicKeyCredentialCreationOptions: options,
-	}, nil
+	}), nil
 }
 
-func (s *Server) VerifyU2FRegistration(ctx context.Context, req *user.VerifyU2FRegistrationRequest) (*user.VerifyU2FRegistrationResponse, error) {
-	pkc, err := req.GetPublicKeyCredential().MarshalJSON()
+func (s *Server) VerifyU2FRegistration(ctx context.Context, req *connect.Request[user.VerifyU2FRegistrationRequest]) (*connect.Response[user.VerifyU2FRegistrationResponse], error) {
+	pkc, err := req.Msg.GetPublicKeyCredential().MarshalJSON()
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "USERv2-IeTh4", "Errors.Internal")
 	}
-	objectDetails, err := s.command.HumanVerifyU2FSetup(ctx, req.GetUserId(), "", req.GetTokenName(), "", pkc)
+	objectDetails, err := s.command.HumanVerifyU2FSetup(ctx, req.Msg.GetUserId(), "", req.Msg.GetTokenName(), "", pkc)
 	if err != nil {
 		return nil, err
 	}
-	return &user.VerifyU2FRegistrationResponse{
+	return connect.NewResponse(&user.VerifyU2FRegistrationResponse{
 		Details: object.DomainToDetailsPb(objectDetails),
-	}, nil
+	}), nil
 }
diff --git a/internal/api/grpc/user/v2beta/u2f_test.go b/internal/api/grpc/user/v2beta/u2f_test.go
index 53f2a0bb8c..ac99c0d1eb 100644
--- a/internal/api/grpc/user/v2beta/u2f_test.go
+++ b/internal/api/grpc/user/v2beta/u2f_test.go
@@ -92,11 +92,11 @@ func Test_u2fRegistrationDetailsToPb(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := u2fRegistrationDetailsToPb(tt.args.details, tt.args.err)
 			require.ErrorIs(t, err, tt.wantErr)
-			if !proto.Equal(tt.want, got) {
+			if tt.want != nil && !proto.Equal(tt.want, got.Msg) {
 				t.Errorf("Not equal:\nExpected\n%s\nActual:%s", tt.want, got)
 			}
 			if tt.want != nil {
-				grpc.AllFieldsSet(t, got.ProtoReflect())
+				grpc.AllFieldsSet(t, got.Msg.ProtoReflect())
 			}
 		})
 	}
diff --git a/internal/api/grpc/user/v2beta/user.go b/internal/api/grpc/user/v2beta/user.go
index 49f0c7d9c7..e5b2094d2c 100644
--- a/internal/api/grpc/user/v2beta/user.go
+++ b/internal/api/grpc/user/v2beta/user.go
@@ -6,6 +6,7 @@ import (
 	"io"
 	"time"
 
+	"connectrpc.com/connect"
 	"golang.org/x/text/language"
 	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
@@ -23,8 +24,8 @@ import (
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
-func (s *Server) AddHumanUser(ctx context.Context, req *user.AddHumanUserRequest) (_ *user.AddHumanUserResponse, err error) {
-	human, err := AddUserRequestToAddHuman(req)
+func (s *Server) AddHumanUser(ctx context.Context, req *connect.Request[user.AddHumanUserRequest]) (_ *connect.Response[user.AddHumanUserResponse], err error) {
+	human, err := AddUserRequestToAddHuman(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -32,12 +33,12 @@ func (s *Server) AddHumanUser(ctx context.Context, req *user.AddHumanUserRequest
 	if err = s.command.AddUserHuman(ctx, orgID, human, false, s.userCodeAlg); err != nil {
 		return nil, err
 	}
-	return &user.AddHumanUserResponse{
+	return connect.NewResponse(&user.AddHumanUserResponse{
 		UserId:    human.ID,
 		Details:   object.DomainToDetailsPb(human.Details),
 		EmailCode: human.EmailCode,
 		PhoneCode: human.PhoneCode,
-	}, nil
+	}), nil
 }
 
 func AddUserRequestToAddHuman(req *user.AddHumanUserRequest) (*command.AddHuman, error) {
@@ -115,8 +116,8 @@ func genderToDomain(gender user.Gender) domain.Gender {
 	}
 }
 
-func (s *Server) UpdateHumanUser(ctx context.Context, req *user.UpdateHumanUserRequest) (_ *user.UpdateHumanUserResponse, err error) {
-	human, err := UpdateUserRequestToChangeHuman(req)
+func (s *Server) UpdateHumanUser(ctx context.Context, req *connect.Request[user.UpdateHumanUserRequest]) (_ *connect.Response[user.UpdateHumanUserResponse], err error) {
+	human, err := UpdateUserRequestToChangeHuman(req.Msg)
 	if err != nil {
 		return nil, err
 	}
@@ -124,51 +125,51 @@ func (s *Server) UpdateHumanUser(ctx context.Context, req *user.UpdateHumanUserR
 	if err != nil {
 		return nil, err
 	}
-	return &user.UpdateHumanUserResponse{
+	return connect.NewResponse(&user.UpdateHumanUserResponse{
 		Details:   object.DomainToDetailsPb(human.Details),
 		EmailCode: human.EmailCode,
 		PhoneCode: human.PhoneCode,
-	}, nil
+	}), nil
 }
 
-func (s *Server) LockUser(ctx context.Context, req *user.LockUserRequest) (_ *user.LockUserResponse, err error) {
-	details, err := s.command.LockUserV2(ctx, req.UserId)
+func (s *Server) LockUser(ctx context.Context, req *connect.Request[user.LockUserRequest]) (_ *connect.Response[user.LockUserResponse], err error) {
+	details, err := s.command.LockUserV2(ctx, req.Msg.GetUserId())
 	if err != nil {
 		return nil, err
 	}
-	return &user.LockUserResponse{
+	return connect.NewResponse(&user.LockUserResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) UnlockUser(ctx context.Context, req *user.UnlockUserRequest) (_ *user.UnlockUserResponse, err error) {
-	details, err := s.command.UnlockUserV2(ctx, req.UserId)
+func (s *Server) UnlockUser(ctx context.Context, req *connect.Request[user.UnlockUserRequest]) (_ *connect.Response[user.UnlockUserResponse], err error) {
+	details, err := s.command.UnlockUserV2(ctx, req.Msg.GetUserId())
 	if err != nil {
 		return nil, err
 	}
-	return &user.UnlockUserResponse{
+	return connect.NewResponse(&user.UnlockUserResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeactivateUser(ctx context.Context, req *user.DeactivateUserRequest) (_ *user.DeactivateUserResponse, err error) {
-	details, err := s.command.DeactivateUserV2(ctx, req.UserId)
+func (s *Server) DeactivateUser(ctx context.Context, req *connect.Request[user.DeactivateUserRequest]) (_ *connect.Response[user.DeactivateUserResponse], err error) {
+	details, err := s.command.DeactivateUserV2(ctx, req.Msg.GetUserId())
 	if err != nil {
 		return nil, err
 	}
-	return &user.DeactivateUserResponse{
+	return connect.NewResponse(&user.DeactivateUserResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ReactivateUser(ctx context.Context, req *user.ReactivateUserRequest) (_ *user.ReactivateUserResponse, err error) {
-	details, err := s.command.ReactivateUserV2(ctx, req.UserId)
+func (s *Server) ReactivateUser(ctx context.Context, req *connect.Request[user.ReactivateUserRequest]) (_ *connect.Response[user.ReactivateUserResponse], err error) {
+	details, err := s.command.ReactivateUserV2(ctx, req.Msg.GetUserId())
 	if err != nil {
 		return nil, err
 	}
-	return &user.ReactivateUserResponse{
+	return connect.NewResponse(&user.ReactivateUserResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
 func ifNotNilPtr[v, p any](value *v, conv func(v) p) *p {
@@ -260,32 +261,32 @@ func SetHumanPasswordToPassword(password *user.SetPassword) *command.Password {
 	}
 }
 
-func (s *Server) AddIDPLink(ctx context.Context, req *user.AddIDPLinkRequest) (_ *user.AddIDPLinkResponse, err error) {
-	details, err := s.command.AddUserIDPLink(ctx, req.UserId, "", &command.AddLink{
-		IDPID:         req.GetIdpLink().GetIdpId(),
-		DisplayName:   req.GetIdpLink().GetUserName(),
-		IDPExternalID: req.GetIdpLink().GetUserId(),
+func (s *Server) AddIDPLink(ctx context.Context, req *connect.Request[user.AddIDPLinkRequest]) (_ *connect.Response[user.AddIDPLinkResponse], err error) {
+	details, err := s.command.AddUserIDPLink(ctx, req.Msg.GetUserId(), "", &command.AddLink{
+		IDPID:         req.Msg.GetIdpLink().GetIdpId(),
+		DisplayName:   req.Msg.GetIdpLink().GetUserName(),
+		IDPExternalID: req.Msg.GetIdpLink().GetUserId(),
 	})
 	if err != nil {
 		return nil, err
 	}
-	return &user.AddIDPLinkResponse{
+	return connect.NewResponse(&user.AddIDPLinkResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeleteUser(ctx context.Context, req *user.DeleteUserRequest) (_ *user.DeleteUserResponse, err error) {
-	memberships, grants, err := s.removeUserDependencies(ctx, req.GetUserId())
+func (s *Server) DeleteUser(ctx context.Context, req *connect.Request[user.DeleteUserRequest]) (_ *connect.Response[user.DeleteUserResponse], err error) {
+	memberships, grants, err := s.removeUserDependencies(ctx, req.Msg.GetUserId())
 	if err != nil {
 		return nil, err
 	}
-	details, err := s.command.RemoveUserV2(ctx, req.UserId, "", memberships, grants...)
+	details, err := s.command.RemoveUserV2(ctx, req.Msg.GetUserId(), "", memberships, grants...)
 	if err != nil {
 		return nil, err
 	}
-	return &user.DeleteUserResponse{
+	return connect.NewResponse(&user.DeleteUserResponse{
 		Details: object.DomainToDetailsPb(details),
-	}, nil
+	}), nil
 }
 
 func (s *Server) removeUserDependencies(ctx context.Context, userID string) ([]*command.CascadingMembership, []string, error) {
@@ -360,18 +361,18 @@ func userGrantsToIDs(userGrants []*query.UserGrant) []string {
 	return converted
 }
 
-func (s *Server) StartIdentityProviderIntent(ctx context.Context, req *user.StartIdentityProviderIntentRequest) (_ *user.StartIdentityProviderIntentResponse, err error) {
-	switch t := req.GetContent().(type) {
+func (s *Server) StartIdentityProviderIntent(ctx context.Context, req *connect.Request[user.StartIdentityProviderIntentRequest]) (_ *connect.Response[user.StartIdentityProviderIntentResponse], err error) {
+	switch t := req.Msg.GetContent().(type) {
 	case *user.StartIdentityProviderIntentRequest_Urls:
-		return s.startIDPIntent(ctx, req.GetIdpId(), t.Urls)
+		return s.startIDPIntent(ctx, req.Msg.GetIdpId(), t.Urls)
 	case *user.StartIdentityProviderIntentRequest_Ldap:
-		return s.startLDAPIntent(ctx, req.GetIdpId(), t.Ldap)
+		return s.startLDAPIntent(ctx, req.Msg.GetIdpId(), t.Ldap)
 	default:
 		return nil, zerrors.ThrowUnimplementedf(nil, "USERv2-S2g21", "type oneOf %T in method StartIdentityProviderIntent not implemented", t)
 	}
 }
 
-func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.RedirectURLs) (*user.StartIdentityProviderIntentResponse, error) {
+func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.RedirectURLs) (*connect.Response[user.StartIdentityProviderIntentResponse], error) {
 	state, session, err := s.command.AuthFromProvider(ctx, idpID, s.idpCallback(ctx), s.samlRootURL(ctx, idpID))
 	if err != nil {
 		return nil, err
@@ -386,12 +387,12 @@ func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.Re
 	}
 	switch a := auth.(type) {
 	case *idp.RedirectAuth:
-		return &user.StartIdentityProviderIntentResponse{
+		return connect.NewResponse(&user.StartIdentityProviderIntentResponse{
 			Details:  object.DomainToDetailsPb(details),
 			NextStep: &user.StartIdentityProviderIntentResponse_AuthUrl{AuthUrl: a.RedirectURL},
-		}, nil
+		}), nil
 	case *idp.FormAuth:
-		return &user.StartIdentityProviderIntentResponse{
+		return connect.NewResponse(&user.StartIdentityProviderIntentResponse{
 			Details: object.DomainToDetailsPb(details),
 			NextStep: &user.StartIdentityProviderIntentResponse_FormData{
 				FormData: &user.FormData{
@@ -399,12 +400,12 @@ func (s *Server) startIDPIntent(ctx context.Context, idpID string, urls *user.Re
 					Fields: a.Fields,
 				},
 			},
-		}, nil
+		}), nil
 	}
 	return nil, zerrors.ThrowInvalidArgumentf(nil, "USERv2-3g2j3", "type oneOf %T in method StartIdentityProviderIntent not implemented", auth)
 }
 
-func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredentials *user.LDAPCredentials) (*user.StartIdentityProviderIntentResponse, error) {
+func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredentials *user.LDAPCredentials) (*connect.Response[user.StartIdentityProviderIntentResponse], error) {
 	intentWriteModel, details, err := s.command.CreateIntent(ctx, "", idpID, "", "", authz.GetInstance(ctx).InstanceID(), nil)
 	if err != nil {
 		return nil, err
@@ -420,7 +421,7 @@ func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredenti
 	if err != nil {
 		return nil, err
 	}
-	return &user.StartIdentityProviderIntentResponse{
+	return connect.NewResponse(&user.StartIdentityProviderIntentResponse{
 		Details: object.DomainToDetailsPb(details),
 		NextStep: &user.StartIdentityProviderIntentResponse_IdpIntent{
 			IdpIntent: &user.IDPIntent{
@@ -429,7 +430,7 @@ func (s *Server) startLDAPIntent(ctx context.Context, idpID string, ldapCredenti
 				UserId:         userID,
 			},
 		},
-	}, nil
+	}), nil
 }
 
 func (s *Server) checkLinkedExternalUser(ctx context.Context, idpID, externalUserID string) (string, error) {
@@ -483,12 +484,12 @@ func (s *Server) ldapLogin(ctx context.Context, idpID, username, password string
 	return externalUser, userID, session, nil
 }
 
-func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.RetrieveIdentityProviderIntentRequest) (_ *user.RetrieveIdentityProviderIntentResponse, err error) {
-	intent, err := s.command.GetIntentWriteModel(ctx, req.GetIdpIntentId(), "")
+func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *connect.Request[user.RetrieveIdentityProviderIntentRequest]) (_ *connect.Response[user.RetrieveIdentityProviderIntentResponse], err error) {
+	intent, err := s.command.GetIntentWriteModel(ctx, req.Msg.GetIdpIntentId(), "")
 	if err != nil {
 		return nil, err
 	}
-	if err := s.checkIntentToken(req.GetIdpIntentToken(), intent.AggregateID); err != nil {
+	if err := s.checkIntentToken(req.Msg.GetIdpIntentToken(), intent.AggregateID); err != nil {
 		return nil, err
 	}
 	if intent.State != domain.IDPIntentStateSucceeded {
@@ -500,7 +501,7 @@ func (s *Server) RetrieveIdentityProviderIntent(ctx context.Context, req *user.R
 	return idpIntentToIDPIntentPb(intent, s.idpAlg)
 }
 
-func idpIntentToIDPIntentPb(intent *command.IDPIntentWriteModel, alg crypto.EncryptionAlgorithm) (_ *user.RetrieveIdentityProviderIntentResponse, err error) {
+func idpIntentToIDPIntentPb(intent *command.IDPIntentWriteModel, alg crypto.EncryptionAlgorithm) (_ *connect.Response[user.RetrieveIdentityProviderIntentResponse], err error) {
 	rawInformation := new(structpb.Struct)
 	err = rawInformation.UnmarshalJSON(intent.IDPUser)
 	if err != nil {
@@ -539,7 +540,7 @@ func idpIntentToIDPIntentPb(intent *command.IDPIntentWriteModel, alg crypto.Encr
 		information.IdpInformation.Access = IDPSAMLResponseToPb(assertion)
 	}
 
-	return information, nil
+	return connect.NewResponse(information), nil
 }
 
 func idpOAuthTokensToPb(idpIDToken string, idpAccessToken *crypto.CryptoValue, alg crypto.EncryptionAlgorithm) (_ *user.IDPInformation_Oauth, err error) {
@@ -602,15 +603,15 @@ func (s *Server) checkIntentToken(token string, intentID string) error {
 	return crypto.CheckToken(s.idpAlg, token, intentID)
 }
 
-func (s *Server) ListAuthenticationMethodTypes(ctx context.Context, req *user.ListAuthenticationMethodTypesRequest) (*user.ListAuthenticationMethodTypesResponse, error) {
-	authMethods, err := s.query.ListUserAuthMethodTypes(ctx, req.GetUserId(), true, false, "")
+func (s *Server) ListAuthenticationMethodTypes(ctx context.Context, req *connect.Request[user.ListAuthenticationMethodTypesRequest]) (*connect.Response[user.ListAuthenticationMethodTypesResponse], error) {
+	authMethods, err := s.query.ListUserAuthMethodTypes(ctx, req.Msg.GetUserId(), true, false, "")
 	if err != nil {
 		return nil, err
 	}
-	return &user.ListAuthenticationMethodTypesResponse{
+	return connect.NewResponse(&user.ListAuthenticationMethodTypesResponse{
 		Details:         object.ToListDetails(authMethods.SearchResponse),
 		AuthMethodTypes: authMethodTypesToPb(authMethods.AuthMethodTypes),
-	}, nil
+	}), nil
 }
 
 func authMethodTypesToPb(methodTypes []domain.UserAuthMethodType) []user.AuthenticationMethodType {
diff --git a/internal/api/grpc/user/v2beta/user_test.go b/internal/api/grpc/user/v2beta/user_test.go
index 9e398e83ff..8973d61fcc 100644
--- a/internal/api/grpc/user/v2beta/user_test.go
+++ b/internal/api/grpc/user/v2beta/user_test.go
@@ -322,7 +322,9 @@ func Test_idpIntentToIDPIntentPb(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := idpIntentToIDPIntentPb(tt.args.intent, tt.args.alg)
 			require.ErrorIs(t, err, tt.res.err)
-			grpc.AllFieldsEqual(t, tt.res.resp.ProtoReflect(), got.ProtoReflect(), grpc.CustomMappers)
+			if tt.res.resp != nil {
+				grpc.AllFieldsEqual(t, tt.res.resp.ProtoReflect(), got.Msg.ProtoReflect(), grpc.CustomMappers)
+			}
 		})
 	}
 }
diff --git a/internal/api/grpc/webkey/v2/integration_test/webkey_integration_test.go b/internal/api/grpc/webkey/v2/integration_test/webkey_integration_test.go
new file mode 100644
index 0000000000..48777927cf
--- /dev/null
+++ b/internal/api/grpc/webkey/v2/integration_test/webkey_integration_test.go
@@ -0,0 +1,216 @@
+//go:build integration
+
+package webkey_test
+
+import (
+	"context"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	"github.com/zitadel/zitadel/pkg/grpc/webkey/v2"
+)
+
+var (
+	CTX context.Context
+)
+
+func TestMain(m *testing.M) {
+	os.Exit(func() int {
+		ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+		defer cancel()
+		CTX = ctx
+		return m.Run()
+	}())
+}
+
+func TestServer_ListWebKeys(t *testing.T) {
+	instance, iamCtx, creationDate := createInstance(t)
+	// After the feature is first enabled, we can expect 2 generated keys with the default config.
+	checkWebKeyListState(iamCtx, t, instance, 2, "", &webkey.WebKey_Rsa{
+		Rsa: &webkey.RSA{
+			Bits:   webkey.RSABits_RSA_BITS_2048,
+			Hasher: webkey.RSAHasher_RSA_HASHER_SHA256,
+		},
+	}, creationDate)
+}
+
+func TestServer_CreateWebKey(t *testing.T) {
+	instance, iamCtx, creationDate := createInstance(t)
+	client := instance.Client.WebKeyV2
+
+	_, err := client.CreateWebKey(iamCtx, &webkey.CreateWebKeyRequest{
+		Key: &webkey.CreateWebKeyRequest_Rsa{
+			Rsa: &webkey.RSA{
+				Bits:   webkey.RSABits_RSA_BITS_2048,
+				Hasher: webkey.RSAHasher_RSA_HASHER_SHA256,
+			},
+		},
+	})
+	require.NoError(t, err)
+
+	checkWebKeyListState(iamCtx, t, instance, 3, "", &webkey.WebKey_Rsa{
+		Rsa: &webkey.RSA{
+			Bits:   webkey.RSABits_RSA_BITS_2048,
+			Hasher: webkey.RSAHasher_RSA_HASHER_SHA256,
+		},
+	}, creationDate)
+}
+
+func TestServer_ActivateWebKey(t *testing.T) {
+	instance, iamCtx, creationDate := createInstance(t)
+	client := instance.Client.WebKeyV2
+
+	resp, err := client.CreateWebKey(iamCtx, &webkey.CreateWebKeyRequest{
+		Key: &webkey.CreateWebKeyRequest_Rsa{
+			Rsa: &webkey.RSA{
+				Bits:   webkey.RSABits_RSA_BITS_2048,
+				Hasher: webkey.RSAHasher_RSA_HASHER_SHA256,
+			},
+		},
+	})
+	require.NoError(t, err)
+
+	_, err = client.ActivateWebKey(iamCtx, &webkey.ActivateWebKeyRequest{
+		Id: resp.GetId(),
+	})
+	require.NoError(t, err)
+
+	checkWebKeyListState(iamCtx, t, instance, 3, resp.GetId(), &webkey.WebKey_Rsa{
+		Rsa: &webkey.RSA{
+			Bits:   webkey.RSABits_RSA_BITS_2048,
+			Hasher: webkey.RSAHasher_RSA_HASHER_SHA256,
+		},
+	}, creationDate)
+}
+
+func TestServer_DeleteWebKey(t *testing.T) {
+	instance, iamCtx, creationDate := createInstance(t)
+	client := instance.Client.WebKeyV2
+
+	keyIDs := make([]string, 2)
+	for i := 0; i < 2; i++ {
+		resp, err := client.CreateWebKey(iamCtx, &webkey.CreateWebKeyRequest{
+			Key: &webkey.CreateWebKeyRequest_Rsa{
+				Rsa: &webkey.RSA{
+					Bits:   webkey.RSABits_RSA_BITS_2048,
+					Hasher: webkey.RSAHasher_RSA_HASHER_SHA256,
+				},
+			},
+		})
+		require.NoError(t, err)
+		keyIDs[i] = resp.GetId()
+	}
+	_, err := client.ActivateWebKey(iamCtx, &webkey.ActivateWebKeyRequest{
+		Id: keyIDs[0],
+	})
+	require.NoError(t, err)
+
+	ok := t.Run("cannot delete active key", func(t *testing.T) {
+		_, err := client.DeleteWebKey(iamCtx, &webkey.DeleteWebKeyRequest{
+			Id: keyIDs[0],
+		})
+		require.Error(t, err)
+		s := status.Convert(err)
+		assert.Equal(t, codes.FailedPrecondition, s.Code())
+		assert.Contains(t, s.Message(), "COMMAND-Chai1")
+	})
+	if !ok {
+		return
+	}
+
+	start := time.Now()
+	ok = t.Run("delete inactive key", func(t *testing.T) {
+		resp, err := client.DeleteWebKey(iamCtx, &webkey.DeleteWebKeyRequest{
+			Id: keyIDs[1],
+		})
+		require.NoError(t, err)
+		require.WithinRange(t, resp.GetDeletionDate().AsTime(), start, time.Now())
+	})
+	if !ok {
+		return
+	}
+
+	ok = t.Run("delete inactive key again", func(t *testing.T) {
+		resp, err := client.DeleteWebKey(iamCtx, &webkey.DeleteWebKeyRequest{
+			Id: keyIDs[1],
+		})
+		require.NoError(t, err)
+		require.WithinRange(t, resp.GetDeletionDate().AsTime(), start, time.Now())
+	})
+	if !ok {
+		return
+	}
+
+	ok = t.Run("delete not existing key", func(t *testing.T) {
+		resp, err := client.DeleteWebKey(iamCtx, &webkey.DeleteWebKeyRequest{
+			Id: "not-existing",
+		})
+		require.NoError(t, err)
+		require.Nil(t, resp.DeletionDate)
+	})
+	if !ok {
+		return
+	}
+
+	// There are 2 keys from feature setup, +2 created, -1 deleted = 3
+	checkWebKeyListState(iamCtx, t, instance, 3, keyIDs[0], &webkey.WebKey_Rsa{
+		Rsa: &webkey.RSA{
+			Bits:   webkey.RSABits_RSA_BITS_2048,
+			Hasher: webkey.RSAHasher_RSA_HASHER_SHA256,
+		},
+	}, creationDate)
+}
+
+func createInstance(t *testing.T) (*integration.Instance, context.Context, *timestamppb.Timestamp) {
+	instance := integration.NewInstance(CTX)
+	creationDate := timestamppb.Now()
+	iamCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+
+	retryDuration, tick := integration.WaitForAndTickWithMaxDuration(iamCTX, time.Minute)
+	assert.EventuallyWithT(t, func(collect *assert.CollectT) {
+		resp, err := instance.Client.WebKeyV2.ListWebKeys(iamCTX, &webkey.ListWebKeysRequest{})
+		assert.NoError(collect, err)
+		assert.Len(collect, resp.GetWebKeys(), 2)
+
+	}, retryDuration, tick)
+
+	return instance, iamCTX, creationDate
+}
+
+func checkWebKeyListState(ctx context.Context, t *testing.T, instance *integration.Instance, nKeys int, expectActiveKeyID string, config any, creationDate *timestamppb.Timestamp) {
+	t.Helper()
+
+	retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
+	assert.EventuallyWithT(t, func(collect *assert.CollectT) {
+		resp, err := instance.Client.WebKeyV2.ListWebKeys(ctx, &webkey.ListWebKeysRequest{})
+		require.NoError(collect, err)
+		list := resp.GetWebKeys()
+		assert.Len(collect, list, nKeys)
+
+		now := time.Now()
+		var gotActiveKeyID string
+		for _, key := range list {
+			assert.WithinRange(collect, key.GetCreationDate().AsTime(), now.Add(-time.Minute), now.Add(time.Minute))
+			assert.WithinRange(collect, key.GetChangeDate().AsTime(), now.Add(-time.Minute), now.Add(time.Minute))
+			assert.NotEqual(collect, webkey.State_STATE_UNSPECIFIED, key.GetState())
+			assert.NotEqual(collect, webkey.State_STATE_REMOVED, key.GetState())
+			assert.Equal(collect, config, key.GetKey())
+
+			if key.GetState() == webkey.State_STATE_ACTIVE {
+				gotActiveKeyID = key.GetId()
+			}
+		}
+		assert.NotEmpty(collect, gotActiveKeyID)
+		if expectActiveKeyID != "" {
+			assert.Equal(collect, expectActiveKeyID, gotActiveKeyID)
+		}
+	}, retryDuration, tick)
+}
diff --git a/internal/api/grpc/webkey/v2/server.go b/internal/api/grpc/webkey/v2/server.go
new file mode 100644
index 0000000000..a62c29e2b9
--- /dev/null
+++ b/internal/api/grpc/webkey/v2/server.go
@@ -0,0 +1,51 @@
+package webkey
+
+import (
+	"net/http"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/reflect/protoreflect"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/pkg/grpc/webkey/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/webkey/v2/webkeyconnect"
+)
+
+var _ webkeyconnect.WebKeyServiceHandler = (*Server)(nil)
+
+type Server struct {
+	command *command.Commands
+	query   *query.Queries
+}
+
+func CreateServer(
+	command *command.Commands,
+	query *query.Queries,
+) *Server {
+	return &Server{
+		command: command,
+		query:   query,
+	}
+}
+
+func (s *Server) AppName() string {
+	return webkey.WebKeyService_ServiceDesc.ServiceName
+}
+
+func (s *Server) MethodPrefix() string {
+	return webkey.WebKeyService_ServiceDesc.ServiceName
+}
+
+func (s *Server) AuthMethods() authz.MethodMapping {
+	return webkey.WebKeyService_AuthMethods
+}
+
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return webkeyconnect.NewWebKeyServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return webkey.File_zitadel_webkey_v2_webkey_service_proto
+}
diff --git a/internal/api/grpc/webkey/v2/webkey.go b/internal/api/grpc/webkey/v2/webkey.go
new file mode 100644
index 0000000000..d1a10a31d0
--- /dev/null
+++ b/internal/api/grpc/webkey/v2/webkey.go
@@ -0,0 +1,72 @@
+package webkey
+
+import (
+	"context"
+
+	"connectrpc.com/connect"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+	"github.com/zitadel/zitadel/pkg/grpc/webkey/v2"
+)
+
+func (s *Server) CreateWebKey(ctx context.Context, req *connect.Request[webkey.CreateWebKeyRequest]) (_ *connect.Response[webkey.CreateWebKeyResponse], err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	webKey, err := s.command.CreateWebKey(ctx, createWebKeyRequestToConfig(req.Msg))
+	if err != nil {
+		return nil, err
+	}
+
+	return connect.NewResponse(&webkey.CreateWebKeyResponse{
+		Id:           webKey.KeyID,
+		CreationDate: timestamppb.New(webKey.ObjectDetails.EventDate),
+	}), nil
+}
+
+func (s *Server) ActivateWebKey(ctx context.Context, req *connect.Request[webkey.ActivateWebKeyRequest]) (_ *connect.Response[webkey.ActivateWebKeyResponse], err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	details, err := s.command.ActivateWebKey(ctx, req.Msg.GetId())
+	if err != nil {
+		return nil, err
+	}
+
+	return connect.NewResponse(&webkey.ActivateWebKeyResponse{
+		ChangeDate: timestamppb.New(details.EventDate),
+	}), nil
+}
+
+func (s *Server) DeleteWebKey(ctx context.Context, req *connect.Request[webkey.DeleteWebKeyRequest]) (_ *connect.Response[webkey.DeleteWebKeyResponse], err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	deletedAt, err := s.command.DeleteWebKey(ctx, req.Msg.GetId())
+	if err != nil {
+		return nil, err
+	}
+
+	var deletionDate *timestamppb.Timestamp
+	if !deletedAt.IsZero() {
+		deletionDate = timestamppb.New(deletedAt)
+	}
+	return connect.NewResponse(&webkey.DeleteWebKeyResponse{
+		DeletionDate: deletionDate,
+	}), nil
+}
+
+func (s *Server) ListWebKeys(ctx context.Context, _ *connect.Request[webkey.ListWebKeysRequest]) (_ *connect.Response[webkey.ListWebKeysResponse], err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	list, err := s.query.ListWebKeys(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return connect.NewResponse(&webkey.ListWebKeysResponse{
+		WebKeys: webKeyDetailsListToPb(list),
+	}), nil
+}
diff --git a/internal/api/grpc/webkey/v2/webkey_converter.go b/internal/api/grpc/webkey/v2/webkey_converter.go
new file mode 100644
index 0000000000..7ee7fbce05
--- /dev/null
+++ b/internal/api/grpc/webkey/v2/webkey_converter.go
@@ -0,0 +1,170 @@
+package webkey
+
+import (
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/pkg/grpc/webkey/v2"
+)
+
+func createWebKeyRequestToConfig(req *webkey.CreateWebKeyRequest) crypto.WebKeyConfig {
+	switch config := req.GetKey().(type) {
+	case *webkey.CreateWebKeyRequest_Rsa:
+		return rsaToCrypto(config.Rsa)
+	case *webkey.CreateWebKeyRequest_Ecdsa:
+		return ecdsaToCrypto(config.Ecdsa)
+	case *webkey.CreateWebKeyRequest_Ed25519:
+		return new(crypto.WebKeyED25519Config)
+	default:
+		return rsaToCrypto(nil)
+	}
+}
+
+func rsaToCrypto(config *webkey.RSA) *crypto.WebKeyRSAConfig {
+	out := new(crypto.WebKeyRSAConfig)
+
+	switch config.GetBits() {
+	case webkey.RSABits_RSA_BITS_UNSPECIFIED:
+		out.Bits = crypto.RSABits2048
+	case webkey.RSABits_RSA_BITS_2048:
+		out.Bits = crypto.RSABits2048
+	case webkey.RSABits_RSA_BITS_3072:
+		out.Bits = crypto.RSABits3072
+	case webkey.RSABits_RSA_BITS_4096:
+		out.Bits = crypto.RSABits4096
+	default:
+		out.Bits = crypto.RSABits2048
+	}
+
+	switch config.GetHasher() {
+	case webkey.RSAHasher_RSA_HASHER_UNSPECIFIED:
+		out.Hasher = crypto.RSAHasherSHA256
+	case webkey.RSAHasher_RSA_HASHER_SHA256:
+		out.Hasher = crypto.RSAHasherSHA256
+	case webkey.RSAHasher_RSA_HASHER_SHA384:
+		out.Hasher = crypto.RSAHasherSHA384
+	case webkey.RSAHasher_RSA_HASHER_SHA512:
+		out.Hasher = crypto.RSAHasherSHA512
+	default:
+		out.Hasher = crypto.RSAHasherSHA256
+	}
+
+	return out
+}
+
+func ecdsaToCrypto(config *webkey.ECDSA) *crypto.WebKeyECDSAConfig {
+	out := new(crypto.WebKeyECDSAConfig)
+
+	switch config.GetCurve() {
+	case webkey.ECDSACurve_ECDSA_CURVE_UNSPECIFIED:
+		out.Curve = crypto.EllipticCurveP256
+	case webkey.ECDSACurve_ECDSA_CURVE_P256:
+		out.Curve = crypto.EllipticCurveP256
+	case webkey.ECDSACurve_ECDSA_CURVE_P384:
+		out.Curve = crypto.EllipticCurveP384
+	case webkey.ECDSACurve_ECDSA_CURVE_P512:
+		out.Curve = crypto.EllipticCurveP512
+	default:
+		out.Curve = crypto.EllipticCurveP256
+	}
+
+	return out
+}
+
+func webKeyDetailsListToPb(list []query.WebKeyDetails) []*webkey.WebKey {
+	out := make([]*webkey.WebKey, len(list))
+	for i := range list {
+		out[i] = webKeyDetailsToPb(&list[i])
+	}
+	return out
+}
+
+func webKeyDetailsToPb(details *query.WebKeyDetails) *webkey.WebKey {
+	out := &webkey.WebKey{
+		Id:           details.KeyID,
+		CreationDate: timestamppb.New(details.CreationDate),
+		ChangeDate:   timestamppb.New(details.ChangeDate),
+		State:        webKeyStateToPb(details.State),
+	}
+
+	switch config := details.Config.(type) {
+	case *crypto.WebKeyRSAConfig:
+		out.Key = &webkey.WebKey_Rsa{
+			Rsa: webKeyRSAConfigToPb(config),
+		}
+	case *crypto.WebKeyECDSAConfig:
+		out.Key = &webkey.WebKey_Ecdsa{
+			Ecdsa: webKeyECDSAConfigToPb(config),
+		}
+	case *crypto.WebKeyED25519Config:
+		out.Key = &webkey.WebKey_Ed25519{
+			Ed25519: new(webkey.ED25519),
+		}
+	}
+
+	return out
+}
+
+func webKeyStateToPb(state domain.WebKeyState) webkey.State {
+	switch state {
+	case domain.WebKeyStateUnspecified:
+		return webkey.State_STATE_UNSPECIFIED
+	case domain.WebKeyStateInitial:
+		return webkey.State_STATE_INITIAL
+	case domain.WebKeyStateActive:
+		return webkey.State_STATE_ACTIVE
+	case domain.WebKeyStateInactive:
+		return webkey.State_STATE_INACTIVE
+	case domain.WebKeyStateRemoved:
+		return webkey.State_STATE_REMOVED
+	default:
+		return webkey.State_STATE_UNSPECIFIED
+	}
+}
+
+func webKeyRSAConfigToPb(config *crypto.WebKeyRSAConfig) *webkey.RSA {
+	out := new(webkey.RSA)
+
+	switch config.Bits {
+	case crypto.RSABitsUnspecified:
+		out.Bits = webkey.RSABits_RSA_BITS_UNSPECIFIED
+	case crypto.RSABits2048:
+		out.Bits = webkey.RSABits_RSA_BITS_2048
+	case crypto.RSABits3072:
+		out.Bits = webkey.RSABits_RSA_BITS_3072
+	case crypto.RSABits4096:
+		out.Bits = webkey.RSABits_RSA_BITS_4096
+	}
+
+	switch config.Hasher {
+	case crypto.RSAHasherUnspecified:
+		out.Hasher = webkey.RSAHasher_RSA_HASHER_UNSPECIFIED
+	case crypto.RSAHasherSHA256:
+		out.Hasher = webkey.RSAHasher_RSA_HASHER_SHA256
+	case crypto.RSAHasherSHA384:
+		out.Hasher = webkey.RSAHasher_RSA_HASHER_SHA384
+	case crypto.RSAHasherSHA512:
+		out.Hasher = webkey.RSAHasher_RSA_HASHER_SHA512
+	}
+
+	return out
+}
+
+func webKeyECDSAConfigToPb(config *crypto.WebKeyECDSAConfig) *webkey.ECDSA {
+	out := new(webkey.ECDSA)
+
+	switch config.Curve {
+	case crypto.EllipticCurveUnspecified:
+		out.Curve = webkey.ECDSACurve_ECDSA_CURVE_UNSPECIFIED
+	case crypto.EllipticCurveP256:
+		out.Curve = webkey.ECDSACurve_ECDSA_CURVE_P256
+	case crypto.EllipticCurveP384:
+		out.Curve = webkey.ECDSACurve_ECDSA_CURVE_P384
+	case crypto.EllipticCurveP512:
+		out.Curve = webkey.ECDSACurve_ECDSA_CURVE_P512
+	}
+
+	return out
+}
diff --git a/internal/api/grpc/webkey/v2/webkey_converter_test.go b/internal/api/grpc/webkey/v2/webkey_converter_test.go
new file mode 100644
index 0000000000..e7387d96ad
--- /dev/null
+++ b/internal/api/grpc/webkey/v2/webkey_converter_test.go
@@ -0,0 +1,494 @@
+package webkey
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/pkg/grpc/webkey/v2"
+)
+
+func Test_createWebKeyRequestToConfig(t *testing.T) {
+	type args struct {
+		req *webkey.CreateWebKeyRequest
+	}
+	tests := []struct {
+		name string
+		args args
+		want crypto.WebKeyConfig
+	}{
+		{
+			name: "RSA",
+			args: args{&webkey.CreateWebKeyRequest{
+				Key: &webkey.CreateWebKeyRequest_Rsa{
+					Rsa: &webkey.RSA{
+						Bits:   webkey.RSABits_RSA_BITS_3072,
+						Hasher: webkey.RSAHasher_RSA_HASHER_SHA384,
+					},
+				},
+			}},
+			want: &crypto.WebKeyRSAConfig{
+				Bits:   crypto.RSABits3072,
+				Hasher: crypto.RSAHasherSHA384,
+			},
+		},
+		{
+			name: "ECDSA",
+			args: args{&webkey.CreateWebKeyRequest{
+				Key: &webkey.CreateWebKeyRequest_Ecdsa{
+					Ecdsa: &webkey.ECDSA{
+						Curve: webkey.ECDSACurve_ECDSA_CURVE_P384,
+					},
+				},
+			}},
+			want: &crypto.WebKeyECDSAConfig{
+				Curve: crypto.EllipticCurveP384,
+			},
+		},
+		{
+			name: "ED25519",
+			args: args{&webkey.CreateWebKeyRequest{
+				Key: &webkey.CreateWebKeyRequest_Ed25519{
+					Ed25519: &webkey.ED25519{},
+				},
+			}},
+			want: &crypto.WebKeyED25519Config{},
+		},
+		{
+			name: "default",
+			args: args{&webkey.CreateWebKeyRequest{}},
+			want: &crypto.WebKeyRSAConfig{
+				Bits:   crypto.RSABits2048,
+				Hasher: crypto.RSAHasherSHA256,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := createWebKeyRequestToConfig(tt.args.req)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_webKeyRSAConfigToCrypto(t *testing.T) {
+	type args struct {
+		config *webkey.RSA
+	}
+	tests := []struct {
+		name string
+		args args
+		want *crypto.WebKeyRSAConfig
+	}{
+		{
+			name: "unspecified",
+			args: args{&webkey.RSA{
+				Bits:   webkey.RSABits_RSA_BITS_UNSPECIFIED,
+				Hasher: webkey.RSAHasher_RSA_HASHER_UNSPECIFIED,
+			}},
+			want: &crypto.WebKeyRSAConfig{
+				Bits:   crypto.RSABits2048,
+				Hasher: crypto.RSAHasherSHA256,
+			},
+		},
+		{
+			name: "2048, RSA256",
+			args: args{&webkey.RSA{
+				Bits:   webkey.RSABits_RSA_BITS_2048,
+				Hasher: webkey.RSAHasher_RSA_HASHER_SHA256,
+			}},
+			want: &crypto.WebKeyRSAConfig{
+				Bits:   crypto.RSABits2048,
+				Hasher: crypto.RSAHasherSHA256,
+			},
+		},
+		{
+			name: "3072, RSA384",
+			args: args{&webkey.RSA{
+				Bits:   webkey.RSABits_RSA_BITS_3072,
+				Hasher: webkey.RSAHasher_RSA_HASHER_SHA384,
+			}},
+			want: &crypto.WebKeyRSAConfig{
+				Bits:   crypto.RSABits3072,
+				Hasher: crypto.RSAHasherSHA384,
+			},
+		},
+		{
+			name: "4096, RSA512",
+			args: args{&webkey.RSA{
+				Bits:   webkey.RSABits_RSA_BITS_4096,
+				Hasher: webkey.RSAHasher_RSA_HASHER_SHA512,
+			}},
+			want: &crypto.WebKeyRSAConfig{
+				Bits:   crypto.RSABits4096,
+				Hasher: crypto.RSAHasherSHA512,
+			},
+		},
+		{
+			name: "invalid",
+			args: args{&webkey.RSA{
+				Bits:   99,
+				Hasher: 99,
+			}},
+			want: &crypto.WebKeyRSAConfig{
+				Bits:   crypto.RSABits2048,
+				Hasher: crypto.RSAHasherSHA256,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := rsaToCrypto(tt.args.config)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_webKeyECDSAConfigToCrypto(t *testing.T) {
+	type args struct {
+		config *webkey.ECDSA
+	}
+	tests := []struct {
+		name string
+		args args
+		want *crypto.WebKeyECDSAConfig
+	}{
+		{
+			name: "unspecified",
+			args: args{&webkey.ECDSA{
+				Curve: webkey.ECDSACurve_ECDSA_CURVE_UNSPECIFIED,
+			}},
+			want: &crypto.WebKeyECDSAConfig{
+				Curve: crypto.EllipticCurveP256,
+			},
+		},
+		{
+			name: "P256",
+			args: args{&webkey.ECDSA{
+				Curve: webkey.ECDSACurve_ECDSA_CURVE_P256,
+			}},
+			want: &crypto.WebKeyECDSAConfig{
+				Curve: crypto.EllipticCurveP256,
+			},
+		},
+		{
+			name: "P384",
+			args: args{&webkey.ECDSA{
+				Curve: webkey.ECDSACurve_ECDSA_CURVE_P384,
+			}},
+			want: &crypto.WebKeyECDSAConfig{
+				Curve: crypto.EllipticCurveP384,
+			},
+		},
+		{
+			name: "P512",
+			args: args{&webkey.ECDSA{
+				Curve: webkey.ECDSACurve_ECDSA_CURVE_P512,
+			}},
+			want: &crypto.WebKeyECDSAConfig{
+				Curve: crypto.EllipticCurveP512,
+			},
+		},
+		{
+			name: "invalid",
+			args: args{&webkey.ECDSA{
+				Curve: 99,
+			}},
+			want: &crypto.WebKeyECDSAConfig{
+				Curve: crypto.EllipticCurveP256,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := ecdsaToCrypto(tt.args.config)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_webKeyDetailsListToPb(t *testing.T) {
+	list := []query.WebKeyDetails{
+		{
+			KeyID:        "key1",
+			CreationDate: time.Unix(123, 456),
+			ChangeDate:   time.Unix(789, 0),
+			Sequence:     123,
+			State:        domain.WebKeyStateActive,
+			Config: &crypto.WebKeyRSAConfig{
+				Bits:   crypto.RSABits3072,
+				Hasher: crypto.RSAHasherSHA384,
+			},
+		},
+		{
+			KeyID:        "key2",
+			CreationDate: time.Unix(123, 456),
+			ChangeDate:   time.Unix(789, 0),
+			Sequence:     123,
+			State:        domain.WebKeyStateActive,
+			Config:       &crypto.WebKeyED25519Config{},
+		},
+	}
+	want := []*webkey.WebKey{
+		{
+			Id:           "key1",
+			CreationDate: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},
+			ChangeDate:   &timestamppb.Timestamp{Seconds: 789, Nanos: 0},
+			State:        webkey.State_STATE_ACTIVE,
+			Key: &webkey.WebKey_Rsa{
+				Rsa: &webkey.RSA{
+					Bits:   webkey.RSABits_RSA_BITS_3072,
+					Hasher: webkey.RSAHasher_RSA_HASHER_SHA384,
+				},
+			},
+		},
+		{
+			Id:           "key2",
+			CreationDate: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},
+			ChangeDate:   &timestamppb.Timestamp{Seconds: 789, Nanos: 0},
+			State:        webkey.State_STATE_ACTIVE,
+			Key: &webkey.WebKey_Ed25519{
+				Ed25519: &webkey.ED25519{},
+			},
+		},
+	}
+	got := webKeyDetailsListToPb(list)
+	assert.Equal(t, want, got)
+}
+
+func Test_webKeyDetailsToPb(t *testing.T) {
+	type args struct {
+		details *query.WebKeyDetails
+	}
+	tests := []struct {
+		name string
+		args args
+		want *webkey.WebKey
+	}{
+		{
+			name: "RSA",
+			args: args{&query.WebKeyDetails{
+				KeyID:        "keyID",
+				CreationDate: time.Unix(123, 456),
+				ChangeDate:   time.Unix(789, 0),
+				Sequence:     123,
+				State:        domain.WebKeyStateActive,
+				Config: &crypto.WebKeyRSAConfig{
+					Bits:   crypto.RSABits3072,
+					Hasher: crypto.RSAHasherSHA384,
+				},
+			}},
+			want: &webkey.WebKey{
+				Id:           "keyID",
+				CreationDate: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},
+				ChangeDate:   &timestamppb.Timestamp{Seconds: 789, Nanos: 0},
+				State:        webkey.State_STATE_ACTIVE,
+				Key: &webkey.WebKey_Rsa{
+					Rsa: &webkey.RSA{
+						Bits:   webkey.RSABits_RSA_BITS_3072,
+						Hasher: webkey.RSAHasher_RSA_HASHER_SHA384,
+					},
+				},
+			},
+		},
+		{
+			name: "ECDSA",
+			args: args{&query.WebKeyDetails{
+				KeyID:        "keyID",
+				CreationDate: time.Unix(123, 456),
+				ChangeDate:   time.Unix(789, 0),
+				Sequence:     123,
+				State:        domain.WebKeyStateActive,
+				Config: &crypto.WebKeyECDSAConfig{
+					Curve: crypto.EllipticCurveP384,
+				},
+			}},
+			want: &webkey.WebKey{
+				Id:           "keyID",
+				CreationDate: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},
+				ChangeDate:   &timestamppb.Timestamp{Seconds: 789, Nanos: 0},
+				State:        webkey.State_STATE_ACTIVE,
+				Key: &webkey.WebKey_Ecdsa{
+					Ecdsa: &webkey.ECDSA{
+						Curve: webkey.ECDSACurve_ECDSA_CURVE_P384,
+					},
+				},
+			},
+		},
+		{
+			name: "ED25519",
+			args: args{&query.WebKeyDetails{
+				KeyID:        "keyID",
+				CreationDate: time.Unix(123, 456),
+				ChangeDate:   time.Unix(789, 0),
+				Sequence:     123,
+				State:        domain.WebKeyStateActive,
+				Config:       &crypto.WebKeyED25519Config{},
+			}},
+			want: &webkey.WebKey{
+				Id:           "keyID",
+				CreationDate: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},
+				ChangeDate:   &timestamppb.Timestamp{Seconds: 789, Nanos: 0},
+				State:        webkey.State_STATE_ACTIVE,
+				Key: &webkey.WebKey_Ed25519{
+					Ed25519: &webkey.ED25519{},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := webKeyDetailsToPb(tt.args.details)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_webKeyStateToPb(t *testing.T) {
+	type args struct {
+		state domain.WebKeyState
+	}
+	tests := []struct {
+		name string
+		args args
+		want webkey.State
+	}{
+		{
+			name: "unspecified",
+			args: args{domain.WebKeyStateUnspecified},
+			want: webkey.State_STATE_UNSPECIFIED,
+		},
+		{
+			name: "initial",
+			args: args{domain.WebKeyStateInitial},
+			want: webkey.State_STATE_INITIAL,
+		},
+		{
+			name: "active",
+			args: args{domain.WebKeyStateActive},
+			want: webkey.State_STATE_ACTIVE,
+		},
+		{
+			name: "inactive",
+			args: args{domain.WebKeyStateInactive},
+			want: webkey.State_STATE_INACTIVE,
+		},
+		{
+			name: "removed",
+			args: args{domain.WebKeyStateRemoved},
+			want: webkey.State_STATE_REMOVED,
+		},
+		{
+			name: "invalid",
+			args: args{99},
+			want: webkey.State_STATE_UNSPECIFIED,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := webKeyStateToPb(tt.args.state)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_webKeyRSAConfigToPb(t *testing.T) {
+	type args struct {
+		config *crypto.WebKeyRSAConfig
+	}
+	tests := []struct {
+		name string
+		args args
+		want *webkey.RSA
+	}{
+		{
+			name: "2048, RSA256",
+			args: args{&crypto.WebKeyRSAConfig{
+				Bits:   crypto.RSABits2048,
+				Hasher: crypto.RSAHasherSHA256,
+			}},
+			want: &webkey.RSA{
+				Bits:   webkey.RSABits_RSA_BITS_2048,
+				Hasher: webkey.RSAHasher_RSA_HASHER_SHA256,
+			},
+		},
+		{
+			name: "3072, RSA384",
+			args: args{&crypto.WebKeyRSAConfig{
+				Bits:   crypto.RSABits3072,
+				Hasher: crypto.RSAHasherSHA384,
+			}},
+			want: &webkey.RSA{
+				Bits:   webkey.RSABits_RSA_BITS_3072,
+				Hasher: webkey.RSAHasher_RSA_HASHER_SHA384,
+			},
+		},
+		{
+			name: "4096, RSA512",
+			args: args{&crypto.WebKeyRSAConfig{
+				Bits:   crypto.RSABits4096,
+				Hasher: crypto.RSAHasherSHA512,
+			}},
+			want: &webkey.RSA{
+				Bits:   webkey.RSABits_RSA_BITS_4096,
+				Hasher: webkey.RSAHasher_RSA_HASHER_SHA512,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := webKeyRSAConfigToPb(tt.args.config)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_webKeyECDSAConfigToPb(t *testing.T) {
+	type args struct {
+		config *crypto.WebKeyECDSAConfig
+	}
+	tests := []struct {
+		name string
+		args args
+		want *webkey.ECDSA
+	}{
+		{
+			name: "P256",
+			args: args{&crypto.WebKeyECDSAConfig{
+				Curve: crypto.EllipticCurveP256,
+			}},
+			want: &webkey.ECDSA{
+				Curve: webkey.ECDSACurve_ECDSA_CURVE_P256,
+			},
+		},
+		{
+			name: "P384",
+			args: args{&crypto.WebKeyECDSAConfig{
+				Curve: crypto.EllipticCurveP384,
+			}},
+			want: &webkey.ECDSA{
+				Curve: webkey.ECDSACurve_ECDSA_CURVE_P384,
+			},
+		},
+		{
+			name: "P512",
+			args: args{&crypto.WebKeyECDSAConfig{
+				Curve: crypto.EllipticCurveP512,
+			}},
+			want: &webkey.ECDSA{
+				Curve: webkey.ECDSACurve_ECDSA_CURVE_P512,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := webKeyECDSAConfigToPb(tt.args.config)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/internal/api/grpc/webkey/v2beta/server.go b/internal/api/grpc/webkey/v2beta/server.go
index 0d4ddb19c8..b000e98104 100644
--- a/internal/api/grpc/webkey/v2beta/server.go
+++ b/internal/api/grpc/webkey/v2beta/server.go
@@ -1,17 +1,22 @@
 package webkey
 
 import (
-	"google.golang.org/grpc"
+	"net/http"
+
+	"connectrpc.com/connect"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/server"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/query"
 	webkey "github.com/zitadel/zitadel/pkg/grpc/webkey/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/webkey/v2beta/webkeyconnect"
 )
 
+var _ webkeyconnect.WebKeyServiceHandler = (*Server)(nil)
+
 type Server struct {
-	webkey.UnimplementedWebKeyServiceServer
 	command *command.Commands
 	query   *query.Queries
 }
@@ -26,10 +31,6 @@ func CreateServer(
 	}
 }
 
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	webkey.RegisterWebKeyServiceServer(grpcServer, s)
-}
-
 func (s *Server) AppName() string {
 	return webkey.WebKeyService_ServiceDesc.ServiceName
 }
@@ -45,3 +46,11 @@ func (s *Server) AuthMethods() authz.MethodMapping {
 func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
 	return webkey.RegisterWebKeyServiceHandler
 }
+
+func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
+	return webkeyconnect.NewWebKeyServiceHandler(s, connect.WithInterceptors(interceptors...))
+}
+
+func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
+	return webkey.File_zitadel_webkey_v2beta_webkey_service_proto
+}
diff --git a/internal/api/grpc/webkey/v2beta/webkey.go b/internal/api/grpc/webkey/v2beta/webkey.go
index 469d6fc9a6..fa37cc32e3 100644
--- a/internal/api/grpc/webkey/v2beta/webkey.go
+++ b/internal/api/grpc/webkey/v2beta/webkey.go
@@ -3,46 +3,47 @@ package webkey
 import (
 	"context"
 
+	"connectrpc.com/connect"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 	webkey "github.com/zitadel/zitadel/pkg/grpc/webkey/v2beta"
 )
 
-func (s *Server) CreateWebKey(ctx context.Context, req *webkey.CreateWebKeyRequest) (_ *webkey.CreateWebKeyResponse, err error) {
+func (s *Server) CreateWebKey(ctx context.Context, req *connect.Request[webkey.CreateWebKeyRequest]) (_ *connect.Response[webkey.CreateWebKeyResponse], err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	webKey, err := s.command.CreateWebKey(ctx, createWebKeyRequestToConfig(req))
+	webKey, err := s.command.CreateWebKey(ctx, createWebKeyRequestToConfig(req.Msg))
 	if err != nil {
 		return nil, err
 	}
 
-	return &webkey.CreateWebKeyResponse{
+	return connect.NewResponse(&webkey.CreateWebKeyResponse{
 		Id:           webKey.KeyID,
 		CreationDate: timestamppb.New(webKey.ObjectDetails.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) ActivateWebKey(ctx context.Context, req *webkey.ActivateWebKeyRequest) (_ *webkey.ActivateWebKeyResponse, err error) {
+func (s *Server) ActivateWebKey(ctx context.Context, req *connect.Request[webkey.ActivateWebKeyRequest]) (_ *connect.Response[webkey.ActivateWebKeyResponse], err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	details, err := s.command.ActivateWebKey(ctx, req.GetId())
+	details, err := s.command.ActivateWebKey(ctx, req.Msg.GetId())
 	if err != nil {
 		return nil, err
 	}
 
-	return &webkey.ActivateWebKeyResponse{
+	return connect.NewResponse(&webkey.ActivateWebKeyResponse{
 		ChangeDate: timestamppb.New(details.EventDate),
-	}, nil
+	}), nil
 }
 
-func (s *Server) DeleteWebKey(ctx context.Context, req *webkey.DeleteWebKeyRequest) (_ *webkey.DeleteWebKeyResponse, err error) {
+func (s *Server) DeleteWebKey(ctx context.Context, req *connect.Request[webkey.DeleteWebKeyRequest]) (_ *connect.Response[webkey.DeleteWebKeyResponse], err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
-	deletedAt, err := s.command.DeleteWebKey(ctx, req.GetId())
+	deletedAt, err := s.command.DeleteWebKey(ctx, req.Msg.GetId())
 	if err != nil {
 		return nil, err
 	}
@@ -51,12 +52,12 @@ func (s *Server) DeleteWebKey(ctx context.Context, req *webkey.DeleteWebKeyReque
 	if !deletedAt.IsZero() {
 		deletionDate = timestamppb.New(deletedAt)
 	}
-	return &webkey.DeleteWebKeyResponse{
+	return connect.NewResponse(&webkey.DeleteWebKeyResponse{
 		DeletionDate: deletionDate,
-	}, nil
+	}), nil
 }
 
-func (s *Server) ListWebKeys(ctx context.Context, _ *webkey.ListWebKeysRequest) (_ *webkey.ListWebKeysResponse, err error) {
+func (s *Server) ListWebKeys(ctx context.Context, _ *connect.Request[webkey.ListWebKeysRequest]) (_ *connect.Response[webkey.ListWebKeysResponse], err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
 
@@ -65,7 +66,7 @@ func (s *Server) ListWebKeys(ctx context.Context, _ *webkey.ListWebKeysRequest)
 		return nil, err
 	}
 
-	return &webkey.ListWebKeysResponse{
+	return connect.NewResponse(&webkey.ListWebKeysResponse{
 		WebKeys: webKeyDetailsListToPb(list),
-	}, nil
+	}), nil
 }
diff --git a/internal/integration/client.go b/internal/integration/client.go
index 326d6fa8b4..c4f639b4b8 100644
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -47,6 +47,7 @@ import (
 	user_pb "github.com/zitadel/zitadel/pkg/grpc/user"
 	user_v2 "github.com/zitadel/zitadel/pkg/grpc/user/v2"
 	user_v2beta "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	webkey_v2 "github.com/zitadel/zitadel/pkg/grpc/webkey/v2"
 	webkey_v2beta "github.com/zitadel/zitadel/pkg/grpc/webkey/v2beta"
 )
 
@@ -70,6 +71,7 @@ type Client struct {
 	FeatureV2      feature.FeatureServiceClient
 	UserSchemaV3   userschema_v3alpha.ZITADELUserSchemasClient
 	WebKeyV2Beta   webkey_v2beta.WebKeyServiceClient
+	WebKeyV2       webkey_v2.WebKeyServiceClient
 	IDPv2          idp_pb.IdentityProviderServiceClient
 	UserV3Alpha    user_v3alpha.ZITADELUsersClient
 	SAMLv2         saml_pb.SAMLServiceClient
@@ -110,6 +112,7 @@ func newClient(ctx context.Context, target string) (*Client, error) {
 		FeatureV2:      feature.NewFeatureServiceClient(cc),
 		UserSchemaV3:   userschema_v3alpha.NewZITADELUserSchemasClient(cc),
 		WebKeyV2Beta:   webkey_v2beta.NewWebKeyServiceClient(cc),
+		WebKeyV2:       webkey_v2.NewWebKeyServiceClient(cc),
 		IDPv2:          idp_pb.NewIdentityProviderServiceClient(cc),
 		UserV3Alpha:    user_v3alpha.NewZITADELUsersClient(cc),
 		SAMLv2:         saml_pb.NewSAMLServiceClient(cc),
diff --git a/internal/protoc/protoc-gen-zitadel/zitadel.pb.go.tmpl b/internal/protoc/protoc-gen-zitadel/zitadel.pb.go.tmpl
index adb71c42ff..0fb1c3e102 100644
--- a/internal/protoc/protoc-gen-zitadel/zitadel.pb.go.tmpl
+++ b/internal/protoc/protoc-gen-zitadel/zitadel.pb.go.tmpl
@@ -5,6 +5,7 @@ package {{.GoPackageName}}
 import (
 	"github.com/zitadel/zitadel/internal/api/authz"
 	{{if .AuthContext}}"github.com/zitadel/zitadel/internal/api/grpc/server/middleware"{{end}}
+	{{if .AuthContext}}"github.com/zitadel/zitadel/internal/api/grpc/server/connect_middleware"{{end}}
 )
 
 var {{.ServiceName}}_AuthMethods = authz.MethodMapping {
@@ -23,6 +24,13 @@ func (r *{{ $m.Name }}) OrganizationFromRequest() *middleware.Organization {
 		Domain: r{{$m.OrgMethod}}.GetOrgDomain(),
 	}
 }
+
+func (r *{{ $m.Name }}) OrganizationFromRequestConnect() *connect_middleware.Organization {
+	return &connect_middleware.Organization{
+		ID: r{{$m.OrgMethod}}.GetOrgId(),
+		Domain: r{{$m.OrgMethod}}.GetOrgDomain(),
+	}
+}
 {{ end }}
 
 {{ range $resp := .CustomHTTPResponses}}
diff --git a/proto/zitadel/system.proto b/proto/zitadel/system.proto
index 09b5559fb9..9b65fec600 100644
--- a/proto/zitadel/system.proto
+++ b/proto/zitadel/system.proto
@@ -118,7 +118,7 @@ service SystemService {
 
   // Returns a list of ZITADEL instances
   //
-  // Deprecated: Use [ListInstances](apis/resources/instance_service_v2/instance-service-list-instances.api.mdx) instead to list instances
+  // Deprecated: Use [ListInstances](apis/resources/instance_service_v2/zitadel-instance-v-2-beta-instance-service-list-instances.api.mdx) instead to list instances
   rpc ListInstances(ListInstancesRequest) returns (ListInstancesResponse) {
     option (google.api.http) = {
       post: "/instances/_search"
@@ -136,7 +136,7 @@ service SystemService {
 
   // Returns the detail of an instance
   //
-  // Deprecated: Use [GetInstance](apis/resources/instance_service_v2/instance-service-get-instance.api.mdx) instead to get the details of the instance in context
+  // Deprecated: Use [GetInstance](apis/resources/instance_service_v2/zitadel-instance-v-2-beta-instance-service-get-instance.api.mdx) instead to get the details of the instance in context
   rpc GetInstance(GetInstanceRequest) returns (GetInstanceResponse) {
     option (google.api.http) = {
       get: "/instances/{instance_id}";
@@ -171,7 +171,7 @@ service SystemService {
 
   // Updates name of an existing instance
   //
-  // Deprecated: Use [UpdateInstance](apis/resources/instance_service_v2/instance-service-update-instance.api.mdx) instead to update the name of the instance in context
+  // Deprecated: Use [UpdateInstance](apis/resources/instance_service_v2/zitadel-instance-v-2-beta-instance-service-update-instance.api.mdx) instead to update the name of the instance in context
   rpc UpdateInstance(UpdateInstanceRequest) returns (UpdateInstanceResponse) {
     option (google.api.http) = {
       put: "/instances/{instance_id}"
@@ -203,7 +203,7 @@ service SystemService {
   // Removes an instance
   // This might take some time
   //
-  // Deprecated: Use [DeleteInstance](apis/resources/instance_service_v2/instance-service-delete-instance.api.mdx) instead to delete an instance
+  // Deprecated: Use [DeleteInstance](apis/resources/instance_service_v2/zitadel-instance-v-2-beta-instance-service-delete-instance.api.mdx) instead to delete an instance
   rpc RemoveInstance(RemoveInstanceRequest) returns (RemoveInstanceResponse) {
     option (google.api.http) = {
       delete: "/instances/{instance_id}"
@@ -234,7 +234,7 @@ service SystemService {
 
   // Checks if a domain exists
   //
-  // Deprecated: Use [ListCustomDomains](apis/resources/instance_service_v2/instance-service-list-custom-domains.api.mdx) instead to check existence of an instance
+  // Deprecated: Use [ListCustomDomains](apis/resources/instance_service_v2/zitadel-instance-v-2-beta-instance-service-list-custom-domains.api.mdx) instead to check existence of an instance
   rpc ExistsDomain(ExistsDomainRequest) returns (ExistsDomainResponse) {
     option (google.api.http) = {
       post: "/domains/{domain}/_exists";
@@ -270,7 +270,7 @@ service SystemService {
 
   // Adds a domain to an instance
   //
-  // Deprecated: Use [AddCustomDomain](apis/resources/instance_service_v2/instance-service-add-custom-domain.api.mdx) instead to add a custom domain to the instance in context
+  // Deprecated: Use [AddCustomDomain](apis/resources/instance_service_v2/zitadel-instance-v-2-beta-instance-service-add-custom-domain.api.mdx) instead to add a custom domain to the instance in context
   rpc AddDomain(AddDomainRequest) returns (AddDomainResponse) {
     option (google.api.http) = {
       post: "/instances/{instance_id}/domains";
@@ -288,7 +288,7 @@ service SystemService {
 
   // Removes the domain of an instance
   //
-  // Deprecated: Use [RemoveDomain](apis/resources/instance_service_v2/instance-service-remove-custom-domain.api.mdx) instead to remove a custom domain from the instance in context
+  // Deprecated: Use [RemoveDomain](apis/resources/instance_service_v2/zitadel-instance-v-2-beta-instance-service-remove-custom-domain.api.mdx) instead to remove a custom domain from the instance in context
   rpc RemoveDomain(RemoveDomainRequest) returns (RemoveDomainResponse) {
     option (google.api.http) = {
       delete: "/instances/{instance_id}/domains/{domain}";
diff --git a/proto/zitadel/webkey/v2/key.proto b/proto/zitadel/webkey/v2/key.proto
new file mode 100644
index 0000000000..4ec85fa168
--- /dev/null
+++ b/proto/zitadel/webkey/v2/key.proto
@@ -0,0 +1,109 @@
+syntax = "proto3";
+
+package zitadel.webkey.v2;
+
+import "google/protobuf/timestamp.proto";
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "validate/validate.proto";
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/webkey/v2;webkey";
+
+enum State {
+  STATE_UNSPECIFIED = 0;
+  // A newly created key is in the initial state and published to the public key endpoint.
+  STATE_INITIAL = 1;
+  // The active key is used to sign tokens. Only one key can be active at a time.
+  STATE_ACTIVE = 2;
+  // The inactive key is not used to sign tokens anymore, but still published to the public key endpoint.
+  STATE_INACTIVE = 3;
+  // The removed key is not used to sign tokens anymore and not published to the public key endpoint.
+  STATE_REMOVED = 4;
+}
+
+message WebKey {
+  // The unique identifier of the key.
+  string id = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The timestamp of the key creation.
+  google.protobuf.Timestamp creation_date = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+  // The timestamp of the last change to the key (e.g. creation, activation, deactivation).
+  google.protobuf.Timestamp change_date = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+  // State of the key
+  State state = 4;
+  // Configured type of the key (either RSA, ECDSA or ED25519)
+  oneof key {
+    RSA rsa = 5;
+    ECDSA ecdsa = 6;
+    ED25519 ed25519 = 7;
+  }
+}
+
+message RSA {
+  // Bit size of the RSA key. Default is 2048 bits.
+  RSABits bits = 1 [
+    (validate.rules).enum = {defined_only: true, not_in: [0]},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      default: "RSA_BITS_2048";
+    }
+  ];
+  // Signing algrithm used. Default is SHA256.
+  RSAHasher hasher = 2 [
+    (validate.rules).enum = {defined_only: true, not_in: [0]},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      default: "RSA_HASHER_SHA256";
+    }
+  ];
+}
+
+enum RSABits {
+  RSA_BITS_UNSPECIFIED = 0;
+  // 2048 bit RSA key
+  RSA_BITS_2048 = 1;
+  // 3072 bit RSA key
+  RSA_BITS_3072 = 2;
+  // 4096 bit RSA key
+  RSA_BITS_4096 = 3;
+}
+
+enum RSAHasher {
+  RSA_HASHER_UNSPECIFIED = 0;
+  // SHA256 hashing algorithm resulting in the RS256 algorithm header
+  RSA_HASHER_SHA256 = 1;
+  // SHA384 hashing algorithm resulting in the RS384 algorithm header
+  RSA_HASHER_SHA384 = 2;
+  // SHA512 hashing algorithm resulting in the RS512 algorithm header
+  RSA_HASHER_SHA512 = 3;
+}
+
+message ECDSA {
+  // Curve of the ECDSA key. Default is P-256.
+  ECDSACurve curve = 1 [
+    (validate.rules).enum = {defined_only: true, not_in: [0]},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      default: "ECDSA_CURVE_P256";
+    }
+  ];
+}
+
+enum ECDSACurve {
+  ECDSA_CURVE_UNSPECIFIED = 0;
+  // NIST P-256 curve resulting in the ES256 algorithm header
+  ECDSA_CURVE_P256 = 1;
+  // NIST P-384 curve resulting in the ES384 algorithm header
+  ECDSA_CURVE_P384 = 2;
+  // NIST P-512 curve resulting in the ES512 algorithm header
+  ECDSA_CURVE_P512 = 3;
+}
+
+message ED25519 {}
diff --git a/proto/zitadel/webkey/v2/webkey_service.proto b/proto/zitadel/webkey/v2/webkey_service.proto
new file mode 100644
index 0000000000..f29f291c38
--- /dev/null
+++ b/proto/zitadel/webkey/v2/webkey_service.proto
@@ -0,0 +1,335 @@
+syntax = "proto3";
+
+package zitadel.webkey.v2;
+
+import "google/api/annotations.proto";
+import "google/api/field_behavior.proto";
+import "google/protobuf/timestamp.proto";
+import "protoc-gen-openapiv2/options/annotations.proto";
+import "validate/validate.proto";
+import "zitadel/protoc_gen_zitadel/v2/options.proto";
+import "zitadel/webkey/v2/key.proto";
+
+option go_package = "github.com/zitadel/zitadel/pkg/grpc/webkey/v2;webkey";
+
+option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
+  info: {
+    title: "Web Key Service";
+    version: "2.0";
+    description: "This API is intended to manage web keys for a ZITADEL instance, used to sign and validate OIDC tokens.\n\nThe public key endpoint (outside of this service) is used to retrieve the public keys of the active and inactive keys.\n\nPlease make sure to enable the `web_key` feature flag on your instance to use this service.";
+    contact:{
+      name: "ZITADEL"
+      url: "https://zitadel.com"
+      email: "hi@zitadel.com"
+    }
+    license: {
+      name: "Apache 2.0",
+      url: "https://github.com/zitadel/zitadel/blob/main/LICENSING.md";
+    };
+  };
+  schemes: HTTPS;
+  schemes: HTTP;
+
+  consumes: "application/json";
+  produces: "application/json";
+
+  consumes: "application/grpc";
+  produces: "application/grpc";
+
+  consumes: "application/grpc-web+proto";
+  produces: "application/grpc-web+proto";
+
+  host: "$CUSTOM-DOMAIN";
+  base_path: "/";
+
+  external_docs: {
+    description: "Detailed information about ZITADEL",
+    url: "https://zitadel.com/docs"
+  }
+  security_definitions: {
+    security: {
+      key: "OAuth2";
+      value: {
+        type: TYPE_OAUTH2;
+        flow: FLOW_ACCESS_CODE;
+        authorization_url: "$CUSTOM-DOMAIN/oauth/v2/authorize";
+        token_url: "$CUSTOM-DOMAIN/oauth/v2/token";
+        scopes: {
+          scope: {
+            key: "openid";
+            value: "openid";
+          }
+          scope: {
+            key: "urn:zitadel:iam:org:project:id:zitadel:aud";
+            value: "urn:zitadel:iam:org:project:id:zitadel:aud";
+          }
+        }
+      }
+    }
+  }
+  security: {
+    security_requirement: {
+      key: "OAuth2";
+      value: {
+        scope: "openid";
+        scope: "urn:zitadel:iam:org:project:id:zitadel:aud";
+      }
+    }
+  }
+  responses: {
+    key: "403";
+    value: {
+      description: "Returned when the user does not have permission to access the resource.";
+      schema: {
+        json_schema: {
+          ref: "#/definitions/rpcStatus";
+        }
+      }
+    }
+  }
+  responses: {
+    key: "404";
+    value: {
+      description: "Returned when the resource does not exist.";
+      schema: {
+        json_schema: {
+          ref: "#/definitions/rpcStatus";
+        }
+      }
+    }
+  }
+};
+
+// Service to manage web keys for OIDC token signing and validation.
+// The service provides methods to create, activate, delete and list web keys.
+// The public key endpoint (outside of this service) is used to retrieve the public keys of the active and inactive keys.
+//
+// Please make sure to enable the `web_key` feature flag on your instance to use this service.
+service WebKeyService {
+  // Create Web Key
+  //
+  // Generate a private and public key pair. The private key can be used to sign OIDC tokens after activation.
+  // The public key can be used to validate OIDC tokens.
+  // The newly created key will have the state `STATE_INITIAL` and is published to the public key endpoint.
+  // Note that the JWKs OIDC endpoint returns a cacheable response.
+  //
+  // If no key type is provided, a RSA key pair with 2048 bits and SHA256 hashing will be created.
+  //
+  // Required permission:
+  //   - `iam.web_key.write`
+  //
+  // Required feature flag:
+  //   - `web_key`
+  rpc CreateWebKey(CreateWebKeyRequest) returns (CreateWebKeyResponse) {
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.web_key.write"
+      }
+    };
+  }
+
+  // Activate Web Key
+  //
+  // Switch the active signing web key. The previously active key will be deactivated.
+  // Note that the JWKs OIDC endpoint returns a cacheable response.
+  // Therefore it is not advised to activate a key that has been created within the cache duration (default is 5min),
+  // as the public key may not have been propagated to caches and clients yet.
+  //
+  // Required permission:
+  //   - `iam.web_key.write`
+  //
+  // Required feature flag:
+  //   - `web_key`
+  rpc ActivateWebKey(ActivateWebKeyRequest) returns (ActivateWebKeyResponse) {
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.web_key.write"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "Web key activated successfully.";
+        }
+      };
+      responses: {
+        key: "400"
+        value: {
+          description: "The feature flag `web_key` is not enabled.";
+        }
+      };
+      responses: {
+        key: "404"
+        value: {
+          description: "The web key to active does not exist.";
+        }
+      };
+    };
+  }
+
+  // Delete Web Key
+  //
+  // Delete a web key pair. Only inactive keys can be deleted. Once a key is deleted,
+  // any tokens signed by this key will be invalid.
+  // Note that the JWKs OIDC endpoint returns a cacheable response.
+  // In case the web key is not found, the request will return a successful response as
+  // the desired state is already achieved.
+  // You can check the change date in the response to verify if the web key was deleted during the request.
+  //
+  // Required permission:
+  //   - `iam.web_key.delete`
+  //
+  // Required feature flag:
+  //   - `web_key`
+  rpc DeleteWebKey(DeleteWebKeyRequest) returns (DeleteWebKeyResponse) {
+    option (google.api.http) = {
+      delete: "/v2/web_keys/{id}"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.web_key.delete"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "Web key deleted successfully.";
+        }
+      };
+      responses: {
+        key: "400"
+        value: {
+          description: "The feature flag `web_key` is not enabled or the web key is currently active.";
+        }
+      };
+    };
+  }
+
+  // List Web Keys
+  //
+  // List all web keys and their states.
+  //
+  // Required permission:
+  //   - `iam.web_key.read`
+  //
+  // Required feature flag:
+  //   - `web_key`
+  rpc ListWebKeys(ListWebKeysRequest) returns (ListWebKeysResponse) {
+    option (google.api.http) = {
+      get: "/v2/web_keys"
+    };
+
+    option (zitadel.protoc_gen_zitadel.v2.options) = {
+      auth_option: {
+        permission: "iam.web_key.read"
+      }
+    };
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      responses: {
+        key: "200"
+        value: {
+          description: "List of all web keys.";
+        }
+      };
+      responses: {
+        key: "400"
+        value: {
+          description: "The feature flag `web_key` is not enabled.";
+        }
+      };
+    };
+  }
+}
+
+message CreateWebKeyRequest {
+  // The key type to create (RSA, ECDSA, ED25519).
+  // If no key type is provided, a RSA key pair with 2048 bits and SHA256 hashing will be created.
+  oneof key {
+    // Create a RSA key pair and specify the bit size and hashing algorithm.
+    // If no bits and hasher are provided, a RSA key pair with 2048 bits and SHA256 hashing will be created.
+    RSA rsa = 1;
+    // Create a ECDSA key pair and specify the curve.
+    // If no curve is provided, a ECDSA key pair with P-256 curve will be created.
+    ECDSA ecdsa = 2;
+    // Create a ED25519 key pair.
+    ED25519 ed25519 = 3;
+  }
+  option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
+    example: "{\"rsa\":{\"bits\":\"RSA_BITS_2048\",\"hasher\":\"RSA_HASHER_SHA256\"}}";
+  };
+}
+
+message CreateWebKeyResponse {
+  // The unique identifier of the newly created key.
+  string id = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"69629012906488334\"";
+    }
+  ];
+  // The timestamp of the key creation.
+  google.protobuf.Timestamp creation_date = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2024-12-18T07:50:47.492Z\"";
+    }
+  ];
+}
+
+message ActivateWebKeyRequest {
+  string id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"69629026806489455\"";
+    }
+  ];
+}
+
+message ActivateWebKeyResponse {
+  // The timestamp of the activation of the key.
+  google.protobuf.Timestamp change_date = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message DeleteWebKeyRequest {
+  string id = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200},
+    (google.api.field_behavior) = REQUIRED,
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      min_length: 1,
+      max_length: 200,
+      example: "\"69629026806489455\"";
+    }
+  ];
+}
+
+message DeleteWebKeyResponse {
+  // The timestamp of the deletion of the key.
+  // Note that the deletion date is only guaranteed to be set if the deletion was successful during the request.
+  // In case the deletion occurred in a previous request, the deletion date might be empty.
+  google.protobuf.Timestamp deletion_date = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "\"2025-01-23T10:34:18.051Z\"";
+    }
+  ];
+}
+
+message ListWebKeysRequest {}
+
+message ListWebKeysResponse {
+  repeated WebKey web_keys = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      example: "[{\"id\":\"69629012906488334\",\"creationDate\":\"2024-12-18T07:50:47.492Z\",\"changeDate\":\"2024-12-18T08:04:47.492Z\",\"state\":\"STATE_ACTIVE\",\"rsa\":{\"bits\":\"RSA_BITS_2048\",\"hasher\":\"RSA_HASHER_SHA256\"}},{\"id\":\"69629012909346200\",\"creationDate\":\"2025-01-18T12:05:47.492Z\",\"state\":\"STATE_INITIAL\",\"ecdsa\":{\"curve\":\"ECDSA_CURVE_P256\"}}]";
+    }
+  ];
+}
\ No newline at end of file